last executing test programs:

16.45827964s ago: executing program 0 (id=8962):
openat$rfkill(0xffffffffffffff9c, &(0x7f0000000040), 0x801, 0x0)
socketpair$unix(0x1, 0x3, 0x0, &(0x7f0000000080)={<r0=>0xffffffffffffffff, <r1=>0xffffffffffffffff})
connect$unix(r0, &(0x7f000057eff8)=@abs, 0x6e)
sendmmsg$unix(r1, &(0x7f00000bd000), 0x318, 0x0)
recvmmsg(r0, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
sched_setattr(0x0, &(0x7f0000000280)={0x38, 0x5, 0x8, 0x8001, 0x0, 0x9, 0x0, 0xfffffe0000000001, 0xfa11, 0xffffffff}, 0x0)
ioctl$IOMMU_TEST_OP_MOCK_DOMAIN_FLAGS(0xffffffffffffffff, 0x3ba0, &(0x7f0000000200)={0x48})
setsockopt$SO_ATTACH_FILTER(0xffffffffffffffff, 0x1, 0x1a, &(0x7f0000000100)={0x1, &(0x7f00000003c0)=[{0x30, 0x5, 0x53, 0xfffff030}]}, 0x10)
write$uinput_user_dev(0xffffffffffffffff, &(0x7f0000000cc0)={'syz1\x00', {0xfff9, 0x2, 0x240, 0x9b99}, 0x9, [0x7, 0x8, 0x5, 0x9, 0x8, 0x155f, 0x6, 0x5, 0x25cd, 0x1, 0xa4, 0x6, 0xa2b9, 0x6, 0x7, 0xe4, 0x9, 0xfc000000, 0x3, 0xbbf, 0x4a732f64, 0x8, 0x9, 0xd, 0x2, 0x12a3, 0x6, 0x1, 0x2, 0x4, 0x7, 0x81, 0x8a, 0x79, 0x558e0d31, 0x4, 0x0, 0x91, 0x4, 0x5, 0x7, 0x2, 0x5, 0x400, 0x64ed194d, 0x5, 0xa7, 0x81, 0x9, 0xf9a2, 0x80000001, 0xff, 0x0, 0x2, 0x2, 0x3, 0x7, 0x1, 0x7ff, 0x4, 0x4007f, 0xffffffff, 0x6, 0x6], [0x9, 0x3, 0x6, 0x5f, 0x4, 0xc66, 0xa8a9, 0x73, 0x8e, 0x10001, 0x0, 0x5, 0x2, 0x9, 0x4, 0x5, 0x1000, 0x0, 0x200b398, 0x400000, 0x0, 0x2, 0x1c, 0x7, 0x1, 0x2, 0x54f5bad8, 0x8, 0xfffffffd, 0x400, 0xffff58b9, 0x4c2336d3, 0x4, 0x0, 0xfffffff8, 0x401, 0x46, 0xf1, 0x4, 0xab00000, 0x5, 0x6, 0x2, 0x5, 0x3ff, 0x1ff, 0x1, 0x3, 0x762, 0x1cb, 0x1, 0x4, 0x6, 0x438, 0x2, 0x9, 0x95, 0x8000, 0x6, 0xfffffff9, 0x200004, 0x1000, 0xfffff801, 0x5], [0x2, 0x1, 0xffff, 0x3, 0x2, 0x2e6bf783, 0x80000001, 0xb, 0x5, 0x491, 0x8d3, 0x6, 0x8, 0x3ff, 0x2, 0x400, 0x40, 0x6, 0x7, 0x7, 0x5, 0x0, 0x5, 0x9, 0x0, 0x3, 0x9, 0x3, 0xc7, 0x1002, 0x200, 0x8000, 0x9, 0x3e55, 0xff, 0xd3, 0x7, 0x3435, 0x3, 0x9, 0xfd, 0x401, 0x101, 0xdd80, 0x60a2, 0x17fc, 0x9d26, 0x5, 0x8, 0x2, 0x2, 0x6, 0x8000, 0xf45, 0x3, 0xd500, 0x8, 0x76, 0x9, 0xfffffffc, 0x10000, 0x1, 0x8, 0x1], [0xa772, 0x1, 0x5, 0x1afa, 0xbfc, 0x8, 0x7c81, 0x7f, 0xfffffff8, 0x40, 0xff, 0x5, 0x7fffffff, 0x7, 0x4, 0x9, 0x81, 0x3, 0x9d86, 0x9, 0xfffffff7, 0x8, 0x40f1, 0x2, 0x3, 0x101, 0x80000001, 0x7777, 0xfff, 0x2, 0x100, 0xd8ce, 0x7fffffff, 0x624dfaee, 0xc, 0x7f, 0x1000, 0x1ff, 0x2000005, 0xffffffff, 0x10000, 0x0, 0x8001, 0x7fff, 0x1000, 0x6, 0xf, 0xe, 0x5337, 0x26d, 0x4, 0xfffffff9, 0x4, 0xfffffff9, 0x9, 0x4, 0x463f, 0x4, 0xdab, 0x1, 0x8, 0x13ffd, 0x1, 0x1b18]}, 0x45c)
r2 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0)
r3 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000240), 0x0, 0x0)
r4 = ioctl$KVM_CREATE_VM(r3, 0xae01, 0x0)
sendmsg$TIPC_NL_NET_SET(0xffffffffffffffff, &(0x7f0000000280)={0x0, 0x0, &(0x7f0000000440)={0x0}, 0x1, 0x0, 0x0, 0x2805}, 0x0)
sendmsg$nl_xfrm(0xffffffffffffffff, &(0x7f0000000300)={0x0, 0x0, &(0x7f00000002c0)={&(0x7f0000000480)=ANY=[], 0x214}, 0x1, 0x0, 0x0, 0x20004001}, 0x0)
ioctl$KVM_CREATE_IRQCHIP(r4, 0xae60)
r5 = ioctl$KVM_CREATE_VCPU(r4, 0xae41, 0x0)
ioctl$KVM_SET_USER_MEMORY_REGION(r4, 0x4020ae46, &(0x7f0000000180)={0x0, 0x0, 0x0, 0x2000, &(0x7f0000000000/0x2000)=nil})
ioctl$KVM_SET_IRQCHIP(r4, 0x8208ae63, &(0x7f0000000880)={0x0, 0x0, @pic={0x2a, 0xc0, 0x7, 0x6, 0xfb, 0x2, 0xf, 0x4, 0x3, 0x0, 0x3, 0x58, 0x9e, 0x6, 0x6, 0x7f}})
ioctl$KVM_CAP_MEMORY_FAULT_INFO(r4, 0x4068aea3, &(0x7f0000000280))
ioctl$KVM_SET_REGS(r5, 0x4090ae82, &(0x7f0000000480)={[0x35, 0xfff, 0x4000, 0x180, 0x4, 0x14, 0xf1, 0x89, 0x7fffffffffffe, 0x5, 0x5, 0x6, 0x0, 0x45, 0x4, 0xbdb], 0x1, 0x1f0213})
ioctl$KVM_RUN(r5, 0xae80, 0x0)
r6 = ioctl$KVM_CREATE_VM(r2, 0xae01, 0x0)
r7 = dup(r6)
ioctl$KVM_SET_USER_MEMORY_REGION(r6, 0x4020ae46, &(0x7f0000000840)={0x1fe, 0x2, 0x3000, 0x2000, &(0x7f0000003000/0x2000)=nil})
r8 = ioctl$KVM_CREATE_VCPU(r7, 0xae41, 0x0)
syz_kvm_setup_cpu$x86(r7, r8, &(0x7f0000001000/0x18000)=nil, &(0x7f0000000040)=[@text32={0x20, &(0x7f0000000140)="c20000361e0f01c3660fd2eff30f10f1b961020000b80e000000ba000000000f30b98d0200000f320b99f3530000660f6af7c4e2f91d20", 0x37}], 0x1, 0x11, 0x0, 0x0)
syz_kvm_setup_cpu$x86(r6, 0xffffffffffffffff, &(0x7f0000000000/0x18000)=nil, &(0x7f0000000200)=[@text16={0x10, 0x0}], 0x1, 0x0, 0x0, 0x0)
ioctl$KVM_RUN(r8, 0xae80, 0x0)
openat$fb0(0xffffffffffffff9c, &(0x7f0000000040), 0x22902, 0x0)

14.319644677s ago: executing program 0 (id=8972):
unshare(0x6a040000) (async, rerun: 64)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0x3, 0x8031, 0xffffffffffffffff, 0x0) (async, rerun: 64)
inotify_init() (async)
mq_open(&(0x7f00000000c0)='batadv_slave_1\x00\x85\x1c\x12\x05\xdb\xadf\xce\xc7;8]\x1fE\xaf\x94RS\x14\x1dUd\x8e', 0x8c2, 0x30, 0x0) (async, rerun: 64)
ioctl$F2FS_IOC_RESERVE_COMPRESS_BLOCKS(0xffffffffffffffff, 0x8008f513, &(0x7f0000000080)) (async, rerun: 64)
r0 = seccomp$SECCOMP_SET_MODE_FILTER_LISTENER(0x1, 0x0, &(0x7f0000000040)={0x1, &(0x7f0000000000)=[{0x6, 0x0, 0x0, 0x4}]})
sendmsg$nl_generic(0xffffffffffffffff, 0x0, 0x20000000) (async)
close_range(r0, 0xffffffffffffffff, 0x0)

11.892823194s ago: executing program 0 (id=8985):
socketpair$unix(0x1, 0x3, 0x0, &(0x7f0000000080)={<r0=>0xffffffffffffffff, <r1=>0xffffffffffffffff})
connect$unix(r0, &(0x7f0000000300)=@abs={0x0, 0x0, 0x4e20}, 0x6e)
sendmmsg$unix(r1, &(0x7f00000bd000), 0x318, 0x0)
recvmmsg(r0, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
sched_setattr(0x0, &(0x7f0000000100)={0x38, 0x5, 0x0, 0x0, 0x0, 0xb49, 0x9, 0x8, 0x0, 0x3}, 0x0)
setsockopt$netlink_NETLINK_TX_RING(0xffffffffffffffff, 0x10e, 0xc, 0x0, 0x0)
r2 = syz_open_dev$sg(&(0x7f0000000000), 0x0, 0x0)
ioctl$SG_IO(r2, 0x2285, &(0x7f0000000040)={0x53, 0x0, 0x6, 0x0, @scatter={0x0, 0x0, 0x0}, &(0x7f00000003c0)="080000000344", 0xfffffffffffffffd, 0x0, 0x10010, 0x2, 0x0})
sendmsg$nl_route(0xffffffffffffffff, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000180)={&(0x7f0000000140)=ANY=[@ANYBLOB], 0x28}, 0x1, 0x0, 0x0, 0x40010}, 0x0)
openat$sequencer2(0xffffffffffffff9c, &(0x7f0000000140), 0x18557f, 0x0)
socket$inet(0x2, 0x2, 0x0)
seccomp$SECCOMP_SET_MODE_FILTER_LISTENER(0x1, 0x0, 0x0)
r3 = syz_open_dev$usbfs(0x0, 0x75, 0x0)
ioctl$USBDEVFS_CLAIM_PORT(r3, 0x80045518, &(0x7f0000000000)=0x1)
mkdirat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000000)='./cgroup.net/syz0\x00', 0x1ff)
openat$cgroup_subtree(0xffffffffffffffff, &(0x7f0000000500), 0x2, 0x0)
r4 = openat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000000), 0x200002, 0x0)
mkdirat$cgroup(r4, &(0x7f0000000100)='syz0\x00', 0x1ff)
seccomp$SECCOMP_SET_MODE_FILTER_LISTENER(0x1, 0xc, &(0x7f0000000380)={0x3, &(0x7f00000002c0)=[{0x8, 0x4, 0x22, 0x3}, {0x9, 0x3, 0xf, 0xc}, {0x400, 0x5, 0x3, 0x10}]})
sendfile(0xffffffffffffffff, 0xffffffffffffffff, 0x0, 0x9)
r5 = socket$nl_route(0x10, 0x3, 0x0)
sendmsg$nl_route(r5, &(0x7f0000000280)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000200)=ANY=[@ANYBLOB="30000000100001000000ce6bb9092919507f3400", @ANYRES32=0x0, @ANYBLOB='\x00\x00\x00\x00\x00\x00\x00\x00\b\x00\n\x00', @ANYRES32=0x0, @ANYBLOB="08001b"], 0x30}}, 0x0)
setsockopt$packet_int(0xffffffffffffffff, 0x107, 0x8, &(0x7f0000000100)=0x40049, 0x4)
syz_emit_ethernet(0x4a, 0x0, 0x0)
ioctl$TIOCSWINSZ(0xffffffffffffffff, 0x5414, &(0x7f0000000000)={0x1, 0x3, 0x80, 0xf})
bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000440)={0x8, 0xf, &(0x7f0000000200)=ANY=[@ANYBLOB="1800008080b63428e900"/20, @ANYRES32, @ANYBLOB="0000000000000000b702000014000000b7020000000000008500000051000000bf0900000000000055"], 0x0, 0x7, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x6}, 0x94)
bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000004580)={0x1, 0x5, &(0x7f00000000c0)=ANY=[@ANYBLOB="180000060000000000000000009500"/35], &(0x7f0000000040)='syzkaller\x00', 0x6, 0x29, &(0x7f0000000200)=""/41, 0x40f00, 0x2a, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x3}, 0x94)
syz_open_dev$loop(&(0x7f0000000100), 0x2, 0x0)

10.331449963s ago: executing program 0 (id=8990):
socketpair$unix(0x1, 0x3, 0x0, &(0x7f0000000080)={<r0=>0xffffffffffffffff, <r1=>0xffffffffffffffff})
connect$unix(r0, &(0x7f000057eff8)=@abs, 0x6e)
sendmmsg$unix(r1, &(0x7f00000bd000), 0x318, 0x0)
recvmmsg(r0, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
r2 = bpf$MAP_CREATE(0x0, 0x0, 0x48)
bpf$MAP_UPDATE_ELEM(0x2, &(0x7f0000000140)={r2, 0x0, &(0x7f00000000c0)=@tcp6}, 0x20)
bind$unix(0xffffffffffffffff, 0x0, 0x0)
r3 = syz_create_resource$binfmt(&(0x7f0000000040)='./file1\x00')
r4 = openat$binfmt(0xffffffffffffff9c, r3, 0x42, 0x1ff)
close(r4)
execveat$binfmt(0xffffffffffffff9c, r3, 0x0, 0x0, 0x0)
execveat$binfmt(0xffffffffffffff9c, r3, &(0x7f00000004c0)={[0x0, &(0x7f00000003c0)=')!}\x00']}, 0x0, 0x0)
sched_setattr(0x0, &(0x7f0000000280)={0x38, 0x5, 0x8, 0x8001, 0x0, 0x9, 0x0, 0xfffffe0000000001, 0xfa11, 0xffffffff}, 0x0)
madvise(&(0x7f0000a93000/0x4000)=nil, 0x4000, 0xc)
r5 = syz_open_procfs$namespace(0xffffffffffffffff, &(0x7f0000000440)='ns/ipc\x00')
ioctl$NS_GET_USERNS(r5, 0xb701, 0x0)
mlock(&(0x7f0000000000/0x800000)=nil, 0x800000)
r6 = socket$inet_udplite(0x2, 0x2, 0x88)
r7 = socket$rxrpc(0x21, 0x2, 0xa)
setsockopt$RXRPC_SECURITY_KEYRING(r7, 0x110, 0x2, &(0x7f0000000100)='#[\'[#@}@-\x00', 0xa)
ioctl$sock_SIOCGIFINDEX(r6, 0x8933, &(0x7f00000002c0)={'bridge_slave_0\x00', <r8=>0x0})
r9 = socket(0x10, 0x80002, 0x0)
sendmsg$nl_route(r9, &(0x7f0000000040)={0x0, 0xffa1, &(0x7f0000000380)={&(0x7f0000000140)=ANY=[@ANYBLOB="440000001300a7cc4a372eaf541d002007000000", @ANYRES32=r8, @ANYBLOB="00000000100000001c001a80080002802d00ff0008000200", @ANYBLOB="35874207"], 0x44}, 0x1, 0x0, 0x0, 0x50}, 0x0)
sendmsg$nl_route_sched(0xffffffffffffffff, &(0x7f00000002c0)={0x0, 0x0, &(0x7f0000000280)={&(0x7f0000000500)=@deltfilter={0x530, 0x2d, 0x800, 0x70bd28, 0x25dfdbff, {0x0, 0x0, 0x0, r8, {0xfff2, 0x5}, {0xfffd, 0x3}, {0xe, 0xb}}, [@TCA_CHAIN={0x8, 0xb, 0xfffffff7}, @TCA_RATE={0x6, 0x5, {0x71, 0x7f}}, @TCA_RATE={0x6, 0x5, {0x80, 0x7}}, @TCA_RATE={0x6, 0x5, {0x9, 0x7}}, @TCA_CHAIN={0x8, 0xb, 0x1}, @TCA_RATE={0x6, 0x5, {0xe, 0x4}}, @filter_kind_options=@f_fw={{0x7}, {0x4d4, 0x2, [@TCA_FW_MASK={0x8, 0x5, 0xc}, @TCA_FW_CLASSID={0x8, 0x1, {0x0, 0x6}}, @TCA_FW_POLICE={0x4b8, 0x2, [@TCA_POLICE_RESULT={0x8, 0x5, 0x7fff}, @TCA_POLICE_PEAKRATE={0x404, 0x3, [0x8, 0x4, 0x57, 0x80000000, 0x0, 0xd, 0x9, 0xf, 0x7, 0xc, 0x3, 0x0, 0x8, 0xd4c, 0x8, 0x7c0, 0x9c60, 0x3, 0x9, 0x5, 0x10, 0x4, 0xffffffff, 0x6, 0x2, 0x5, 0xb9, 0x4, 0x31, 0xfffffffe, 0xe0000000, 0x3ff, 0x0, 0x6, 0x80, 0x4, 0x2, 0x9, 0x4, 0xd, 0x7f, 0xffffffff, 0x7, 0x3, 0x711d, 0x6, 0x0, 0x6, 0x8, 0x8, 0x2, 0x8001, 0x7f, 0x6, 0x2, 0x9, 0xf6, 0xff, 0x9, 0x4, 0x8, 0xf, 0x6, 0x3, 0xa7a, 0x7, 0x0, 0x4, 0x9, 0x80, 0x0, 0x10000, 0x5, 0xa55, 0x4, 0x400, 0xfffffffc, 0x1, 0x0, 0x2, 0x5, 0xe24a, 0x3, 0x5, 0x2, 0x3, 0x6e, 0x3, 0x81, 0x6, 0x0, 0x200, 0x1, 0x401, 0x5, 0x69a, 0x401, 0x8, 0x4, 0x7ff, 0x1, 0x6, 0x6, 0x4, 0x4, 0x6, 0x10000, 0x1ff, 0x6, 0x8, 0x6, 0x0, 0x7, 0x1ff, 0x5, 0x9, 0x3, 0x2, 0x6, 0xff, 0x8000, 0x2, 0x5, 0x8, 0x9, 0x4, 0x9, 0x9, 0x4, 0xff, 0x5, 0x800, 0x6, 0x0, 0x8, 0x80, 0x7, 0x9, 0xe, 0x1, 0x3, 0x1e01, 0x7, 0x5, 0x10, 0x9, 0x3, 0x100, 0x2, 0x9, 0x10001, 0x4, 0x1, 0x6, 0x4, 0x33f577ff, 0x0, 0x80, 0x7, 0x3, 0xfffffff9, 0x6, 0x9, 0x9, 0x9, 0x6, 0x7cbe, 0xd626, 0x3ff, 0x0, 0x3, 0x0, 0x7, 0x0, 0x8bef, 0xffffffff, 0x4, 0x9, 0x9, 0x2, 0x5f6a7bd5, 0x8, 0x4, 0xffffffff, 0x3, 0x6, 0x167, 0x80000000, 0x2, 0xf, 0x7, 0x6a09, 0x0, 0x8, 0x8, 0xcf66, 0x10000, 0x41c, 0x3, 0x6, 0x4, 0x7, 0x0, 0xc, 0x4, 0x2, 0x7c7f, 0x779f622f, 0x48000, 0x7, 0x5, 0x8, 0x2, 0x9, 0x3, 0x17fa, 0x5, 0x9, 0x0, 0x200, 0x40, 0x8, 0x1, 0x9, 0x2, 0xffff7fff, 0x5, 0xb60, 0x2, 0x40, 0x5, 0x7, 0x1, 0x3, 0xa, 0x1, 0x1000, 0x5, 0x1, 0x3, 0xfffffffd, 0x11, 0x3, 0x9, 0x4, 0x2, 0x80000, 0x0, 0x101, 0x5, 0x7, 0xd, 0x9, 0x1000, 0x4, 0x4]}, @TCA_POLICE_RESULT={0x8, 0x5, 0x38c}, @TCA_POLICE_TBF={0x3c, 0x1, {0x280000, 0x20000000, 0x9, 0x4, 0x17b, {0x9, 0x1, 0x3, 0x9, 0x400, 0xd}, {0x7f, 0x1, 0x25, 0x5, 0x5, 0xff}, 0x9, 0xb, 0x6}}, @TCA_POLICE_TBF={0x3c, 0x1, {0x6, 0x3, 0x40, 0x4, 0xfffffd04, {0x0, 0x2, 0x8, 0x4, 0xfff, 0x1}, {0x9, 0x3, 0x4, 0x9, 0x81, 0x8}, 0x1d, 0x9, 0x8}}, @TCA_POLICE_PEAKRATE64={0xc, 0x9, 0x3}, @TCA_POLICE_RATE64={0xc, 0x8, 0x5}, @TCA_POLICE_RESULT={0x8, 0x5, 0x200}, @TCA_POLICE_AVRATE={0x8}]}, @TCA_FW_MASK={0x8, 0x5, 0x7}]}}]}, 0x530}}, 0x8004)
socket$netlink(0x10, 0x3, 0x0)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000180)={0xffffffffffffffff, <r10=>0xffffffffffffffff})
ioctl$sock_SIOCGIFINDEX(r10, 0x8933, &(0x7f00000003c0)={'dummy0\x00'})
ioctl$sock_SIOCGIFINDEX(r10, 0x8933, &(0x7f0000000000)={'veth0_virt_wifi\x00'})

8.526201287s ago: executing program 0 (id=8998):
socketpair$unix(0x1, 0x3, 0x0, &(0x7f0000000080)={<r0=>0xffffffffffffffff, <r1=>0xffffffffffffffff})
connect$unix(r0, &(0x7f0000000300)=@abs, 0x6e) (async)
sendmmsg$unix(r1, &(0x7f00000bd000), 0x318, 0x0)
recvmmsg(r0, &(0x7f00000000c0), 0x10106, 0x2, 0x0) (async, rerun: 32)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0) (rerun: 32)
sendmsg(r1, &(0x7f0000000180)={0x0, 0x0, 0x0}, 0x0) (async)
socket$nl_generic(0x10, 0x3, 0x10) (async)
r2 = syz_open_dev$dri(&(0x7f0000000080), 0x1, 0x0)
ioctl$DRM_IOCTL_MODE_GETPLANERESOURCES(r2, 0xc01064b5, &(0x7f0000000140)={&(0x7f0000000100)})
socket$inet_mptcp(0x2, 0x1, 0x106) (async)
r3 = openat$audio(0xffffffffffffff9c, &(0x7f0000000040), 0x0, 0x0)
ioctl$SNDCTL_DSP_SETFRAGMENT(r3, 0xc004500a, &(0x7f0000000240)=0x3)
r4 = seccomp$SECCOMP_SET_MODE_FILTER_LISTENER(0x1, 0x0, &(0x7f0000000000)={0x1, &(0x7f0000000100)=[{0x6, 0x0, 0x0, 0x7fff0000}]}) (async)
unshare(0x22060400)
open_by_handle_at(r4, &(0x7f0000000180)=@FILEID_NILFS_WITH_PARENT={0x20, 0x62, {0x67976e73, 0x9, 0x6, 0x4, 0x4}}, 0x440000) (async)
ioctl$SNDCTL_DSP_CHANNELS(r3, 0xc0045006, &(0x7f0000000080)=0x7f)
ioctl$SNDCTL_DSP_SPEED(r3, 0xc0045002, &(0x7f0000000000)) (async)
read$dsp(r3, &(0x7f0000000300)=""/79, 0x4f) (async, rerun: 64)
r5 = socket$inet6_sctp(0xa, 0x1, 0x84) (rerun: 64)
setsockopt$inet_sctp6_SCTP_I_WANT_MAPPED_V4_ADDR(r5, 0x84, 0xc, 0x0, 0x0) (async)
socket$vsock_stream(0x28, 0x1, 0x0) (async)
pselect6(0x40, &(0x7f00000000c0)={0x6, 0xfffffffffffffffd, 0x9, 0x40, 0x2, 0xd}, 0x0, &(0x7f0000000680)={0x7ff, 0x7, 0x5, 0x7, 0xffffffffffffff22, 0x2, 0x5, 0x8}, 0x0, 0x0)

7.643952652s ago: executing program 0 (id=9003):
socketpair$unix(0x1, 0x3, 0x0, &(0x7f00000001c0)={<r0=>0xffffffffffffffff, <r1=>0xffffffffffffffff})
connect$unix(r0, &(0x7f0000000380)=@abs, 0x6e)
sendmmsg$unix(r1, &(0x7f00000bd000), 0x318, 0x0)
recvmmsg(r0, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
r2 = socket$nl_route(0x10, 0x3, 0x0)
sendmsg$nl_route(r2, &(0x7f0000000040)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000280)=@newlink={0x40, 0x10, 0x44b, 0x0, 0x0, {0x7a, 0x0, 0x0, 0x0, 0x0, 0x100}, [@IFLA_LINKINFO={0x14, 0x12, 0x0, 0x1, @bond={{0x9}, {0x4}}}, @IFLA_ADDRESS={0xa, 0x1, @multicast}]}, 0x40}}, 0x0)
r3 = socket$inet_udp(0x2, 0x2, 0x0)
bind$inet(r3, &(0x7f00000001c0)={0x2, 0x0, @local}, 0x16)
connect$inet(r3, &(0x7f0000000000)={0x2, 0x0, @multicast2}, 0x10)
setsockopt$inet_IP_XFRM_POLICY(r3, 0x0, 0x11, &(0x7f00000002c0)={{{@in=@private=0xa010100, @in=@multicast1, 0x0, 0x0, 0x0, 0x0, 0x2}, {0x10000, 0x3, 0x1, 0xfffffffffffffffe, 0xfffffffffffffffc, 0x0, 0x0, 0xfffffffffffffff7}, {0x0, 0x8, 0xfffffffffffffffc, 0x8}, 0x0, 0x0, 0x1, 0x0, 0x1}, {{@in6=@empty, 0x2, 0x6c}, 0x0, @in=@empty, 0x0, 0x5, 0x0, 0xb7}}, 0xe8)
sendmmsg(r3, &(0x7f0000007fc0), 0x800001d, 0x0)
r4 = socket$kcm(0x2, 0x200000000000001, 0x106)
sendmsg$inet(r4, &(0x7f0000000080)={&(0x7f0000000140)={0x2, 0x4001, @local}, 0x10, 0x0}, 0x30000091)
setsockopt$sock_attach_bpf(r4, 0x1, 0x24, &(0x7f0000000000), 0x4)
ioctl$ifreq_SIOCGIFINDEX_batadv_hard(r4, 0x8933, &(0x7f00000000c0)={'batadv_slave_1\x00'})
r5 = socket$nl_route(0x10, 0x3, 0x0)
r6 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000080), 0x0, 0x0)
r7 = ioctl$KVM_CREATE_VM(r6, 0xae01, 0x0)
ioctl$KVM_SET_USER_MEMORY_REGION(r7, 0x4020ae46, &(0x7f0000000400)={0x0, 0x0, 0x0, 0x20002000, &(0x7f0000000000/0x2000)=nil})
r8 = ioctl$KVM_CREATE_VCPU(r7, 0xae41, 0x0)
syz_kvm_setup_cpu$x86(0xffffffffffffffff, r8, &(0x7f0000000000/0x18000)=nil, &(0x7f0000000140)=[@text32={0x20, &(0x7f0000000180)="660f388173ab0fc76fb4360fc9bb25cc00007666ba6b41b000f303c70fae6e2fc0c00f0f2367260f01ca660f38817700c4c2459d78ad", 0x36}], 0xa, 0x2f7c343a1feef19c, 0x0, 0x0)
ioctl$KVM_SET_NESTED_STATE(r8, 0x4080aebf, &(0x7f0000005700)={{0x0, 0x0, 0x80, {0x100000, 0x2}}, "cb31455c9e9d288a70a2a6bb8068fd95dd041cf5b177a3bffe992dfbbdf959487337b92336ce1de32e7695c411c0bf9f852d2d71192f33001fd51f5b396a55cb98699a09d21648c4cb30d9d7e3e397c7a3c041c76c72385a46c48c5302848c3696facce956952c2a85822ddf20434ccee5806294ed563ff3a972cddf6ef16ddace933d8a5adea40cd3ad40c9873c29368838e815ff59723519154856b2d5cd9cd79a97af85a08dada1175817886e5f9e7aa3dca783a44c667a4806826570ec6acb57d65efc313a384e11fb633dee17ee600145f2cb3103384606140021be766fcb7fa029f0513bbb466177ca1068192550bbf4e6f5694aec747a16e27688a988fa595bca1761b8e88a7dbcaeaf97a8b7b53058b1faf880dd6f1b6eb4c7beb0582b4007f1a67db1352407adbe1456bf762c94fd825b9419d74f63cdeb6c6976de1890d773f0c8088d2bd48a838cf5b87f5ddf926352960fb978874b0f175acfa55ddfe84de3fc9f75b58bf7a35f33d3c43ed5e3224e92751fa1b43f94f64b681163ef1360a3f3bb7403afc67a188b2104b45c5814aaa9e218552498bf85f4b221d9acc32a331f5f8c109cc9f335ff4e418ab30b54b99d5376cd928c431fc8211fcbaf64716afdc4b6d0417e04d5723e4675d282b36bef3a3a19e855029ec7c33830a6df19332b63e9d8a0f22d96ac230c67657a4e7f7afab91dc0ce751b68980e5a4f6d9d6d9b98802ba9d8576640eea61b8c308a1745df61560e56108bececa3016d93246fdc8b768634e8319b1ffde103c07378f8f4927baba05e992a4b5af0958a7e495e7ce53f7917451d15a963ca14f5cdc4563775688b6533a4b97e0f84b0a33c30077b20805c1f42cc7815efada97ad59ac486bc9e0ee386b49cb97b47fbf8f919f06c75a49636795054b5ebee3e91602c90d7f4db49220affe56d56b96e4f662b2bf36dae482ffc7ba21cbc55e21b73309d6b7aa5509defcb77c236e43b579c61eae5c8d8f8fa71ad876b96069f2e4352c8aaf16e299d21edf5434c0cd9b25cdc9210fb0de759b1dd3fc7fe4c7118bbde72a5617dff21f7a5036448fba7fe41aaee0c289cd076d757e47b0713b236f6f141ba0112c9312b3ec853aabafdf1eb2cbb517d2d7352725f557214d27d9a340af0128fc960a4ea64c933b0d8dd226b6e024471aaac8a7074b2a8695ab990fabba5bf315d246fbfe4260f1fffe54814e33b6235c5b4095437298858909bcbd40a8a286d1bedb06b7b1775bce0a5bca19b0a5c2fa8dbf87b55ae0a43c5086422e5bacb94047e150451f5996420b0d4a697f59decb49900b2b9c13aade536933e14d672c21a35cb68572c3de02f3147414eff4b8674b91f7aebf35f056a8d388f67f8ef7cfaf6b28fe745831ef41def1839791647016932c70685752851327f1837d2f1e9d8f93443eefed2317119c8152ca451a5d3aeb253fb484283f52e5db9f61f059ad3c217a860ee0571d254483501b00699208c7fa5571cf58b9715c954115bc2db0af28361938bb95ced7370c8cbb6141ef62fdbf369dfc4eccd98ab9886d79a52cbf91a27dd0f4b29940492e860fb94654dea54fad6290570760e3b59a0cf28053732472dc313b5fedfc583fc702a880971dc61286370aaf167810455cce7654dc4325a41d9d1944abcdc4d81378f1e96a8f94cd95b886a01f086e379601504219d57d531ba34e1ba0905785fb629c61f6b940a652cdee9dbef12b7fcde087b92816db3386a5769049ba00788e31de4ddbb8b56de1fbe3a5e671728effda7cfd0b650cf5df2faf22470812efbbb548e47cbf36c64e05a7877820f08948ceedb35e12a4a143ee0101a7bf0a00a4062b50c39020669700adf739a6f75352a45fd1373d3e85c3867170373f0c7a794d8590f4c22ae62d438ec365b0f6a15cb2ffe0fc6f57185e1760761bd4370027c01dfad0502f00b6898115df3c530d0b0b4a64e623fd580b528a733e4c881cf5843a975a97f92a7833527887c79fa8eec82b9526a15c6c5f2972083ce8aec735810580ffa4ea2cef4823aee044dd70927f7c07bba18b930006aa86ae7399ac6b4c24bc9d6a6ab0c5b428d7255d4d983eadf97e10c1b00867da29ac981acb453073a37236e7ae808e7759b2e0cffc3ec43afb1e95cd090a7d4b9225a0e3cbebfe49b93846ab603891e2da7d85a04bf42d12d16a97c965bc4911d3ba7a9ca505794d8744fef00a436089de67aa8b480070230dfb002eb91edaff428d4908a87afae418dff7ca59aefe1ad8f6935f309fe7985c2310881659c60a66a5e50242497ba1cd5d2bd79496ccd23f9fd901afc6622829cb3701caa50f96e09e3b23bfa3181b74ec7dae2e42c9caab43e49ae1d922a1a1eb3682de026323d9215fcec42c54401a1af81450830a4b784ed1c7922734bf3632409147680dd3fabcef296353705bb5c0e650e12905a05db1e7923923a96ddc783fc1ed46e2010416c37d9d149ad73e808bd6e4464f62893024a8501803b6c88fc55c8bbc1da7cbf580b5a81fb7c61455ae3a8aaec303fba12e0f2b51ed5e8bd31db40e8bdbd00e7b1ddd364766c974d813d86fc88a27bf82bba60c62e5f0f6af6bda3390f8e72a2811baf3d6325e70d9a3b59cab1abe95290ecb87985567e1243504c038de9d4d100ea64eec45208cd8d2474e646f7d81eed6d59b8b0859552b6fc088d874cde3e75ee30243dc9d88ed5b577851a5bd9e2a453287025777fcac19ac33e1c94b4ad272f1055b16b842a6bd6168fb45f1f74ed2467020df5431068a5f2cbeaa6ac1841308c7c9f752aa06927f91fdf18ef9d9e942367e5ecac0abf4d3b8fc7b80238c0e7faf2ea7d3f5271028fc558a44799bde63168becc67c5531e843336fb16ab618d37f95a91937b824bf896b044146bc3a5e264a8f23ddd00729cd9aa56d9a9a24b7ab96ae021b193d8874d03ff4b723d86b7564e550378599c3e0c7a2b3d447ad76eb4cd699733d970a5ab218429a1af81df9c8013d6d16a6bcb019f6ace4461cdaa785d20ea027cfa53d521bb91ad2c04aaa6c0f268b14924803977633280c7b7beb14c88fae542b7a13e96253259e7296e37276da88891c14664340e84ae732edbd71e67047e476735b220ca231de31a380ece372db632ec3cb3ef5ac97ec41148febd2acb15cde1ee5e990ea0aaa95c2df39e2111dd1185d14a194e22d34fda8f54e99d3a73e5a231682c726d40816e048c1d059bf3bb9ee2b5f895365d95aa28f6adbf6e16469926b4d8ee7f04c7dbafaa444df5b88596c17874f0efe35e5ada1a69634f4b430f852d33b032f823c5deb54f47a7a4adb1adf56d5440b7a917580004c13e0b36c8e0a203a2be3f8fffd9efef3af19389a12c67859d4381ac0a02da18e25931b41216b731de25e1245482c84d45de1cddbce2109322a3428bff692012573fe9efd02109dbf35c5d3a287dec105cf3f1a2e50100cc08c7b4759766d25d0f7b42c3ea8bf8101e61159a2ba7602e9c7947cf936ac39bf59b24084709fd61d704bbdba7d282aac778b7ec1dcaf984527c8112d56e75ab774d1598d9816abc77b0e693880beca5f330c626774ab5cb6967fb0ea8e14efce120947092c3b6f8a22f07cad22e971418092481fcad36ecf0cfd6bc3864115b8507c13554584f1f6fee5ee07eb6a091638d8e7781c1c006166e0f987f9f4de535e9f3df1db8c9328e9a19a73c76059ab4edfe9eda7f16cc6b869229bafb179d194e20ccc6f9338183b673de8138ddab9a0907278f6eaacc55bf59a450ebc10e0b88c82d9f0deca86ff771f46509250fde94e0c94256b77616d099862ddc9b341838d634a9dc4b55a88fcc6248901135f6aa76365433e7e534e0e5ae8eec2a63df62c3e244a40481189ff54122698c7e2da2c829b2eec9efc9894ee05be04ae6dd48406eaace17827e38bf38b414059aded0343e0711a8d864ff41a8d9ed40fb2aa1a3f4014f691cd0e8af62445a021820ff03afa8a192ee255862f306851df1de96ce36cafb6a60b7069db7aa96fd1ffb2fb01e6247f770304dffe4b1c8d0eeb336dd6806d6ab5d418953b1cae7cbbf53766b61e4aad5cfce8255b78af26f9bd11283a9c7d12cd63b82cd2b506fd4061d1e16fc7c713d80763c3b0aa0faadcd9b7d676101aad80e1ca00369297e1f714003ab8d0b545c335014a522a25a767950963ef821425b79b521076166d0df3ef358c7d60d99cc85463c186e8faf16af79785680382e4cc93f6594f8c4461e0988c08717640df24a5f357db22432fcae21702dc792d201212fb3791e0164bb3d433a8268ec96df73766fdba42965e00e619246cba5d96eb853a7c22c34d2fe5e5d3f3ccf9c627d069517b743cd07f6f7b444074bb9a50269f2e03309c58930e56a9583eb00c37fbcdd391972261f41756c10c8899fcd036e2017e088ef9e6ec31f795d55b3bba214c53c98fc9318e4ade0e7e6fd259aa277fed54c27e5210787a5f6937f56fdbe1da5113f059061ca590ddf536a55cb91ac6ed41cb9c0418b115b29f5e823c1b0ee7c2b3982087763545b34e2c945d587ebce69bbe299a7f52b674f351977370fc700474bc15d7e6ef98c14258ecf401a4f3bba1a9aa76c5ab0b8819fe6efe3fba1899909e5e48554299150ee272451b56142d12ae2bb4942db430239701d494917f2c939a6fb9d98d4751a6f2c4537ec870342d223343a9bd7b8d8c99aff8cbfa298395551185f35dec120228073a1e496a58b59d9ac5986249a7c6db9398395cbf341c08ee910700e2daa042dba1846fef59c72ce872bba2046a14fcf9a47a5686d62bfba76309a9865c26e5fa41dd872fc749fdc57953105ace4978f9eb788c8d061c853ad0313e51e732c5d7bc05e752443c8e99b8e81c688befdb5b14c3cc2f96eb8ce8290303e483992fcbece1ff278d0dc036ad437b6cbc695c7741ba4556e242146d40843c73deaf8fceba40e4a4acd739b3031848b17a210a1ff0dc1908b77c4bb94543af52e1fe2a090c8f217428d02336303f7952c3ddefa7c81850676e7f4cc3d32c3937281fa5ab279c3fe39f92ba077dadb8c2c3df17cc511bd33c41cb161d24aea154f0f5902c94b56fe072d321a983668bd9f4838878e66ec44cb233d7d0ca908a794c844ff8b3ba4c57f6c5fc2f3a54db448b013f0c4998bbc6ed0409b3368391cb28c6df4a909fff90f308ff38c758ff7d8a2920bc221236d89b3b76de44e8ce649b32f5135a0217ba9036a8edddee97d7ba15f2c21fb7d3cae3eb6ef09dd03eed650489c83b5ba5dd9daf7a86cf0544fb8a58e46b860e3e42e10cd6f1c4f81179eb2c3ba611793a32abb4c0768db90e8bdd1694efaa9c2b45c89d203fdfb8b926b6a0d666d91b93065a83184fc2065961f2308056241b66f427c0f0aabc75852c90f0624cf036d537032ca8d73325d2ae2a79a7292c240c34584bb881fe5d468a051cbc0bde061f9eddfb758cd2dfba296eef549e5c4ede097111216a0ec60f90e8d6f5dd843c82e15f505f8c74e854ba9cd386249d552978eb8135a5f8c79c3ceb8dd5828b0218ffe40f375d6cf3ff2f47c276c8169ab98336582a852c1535018fb2306aca6b8c9f9e38d64c66a722762b76c69d4ca6c14bd6992549e4eec17287fce194467f972d9200c3d1ac4fd4a8f2620e2e4281d28c099946ed90789ba122705326390d3e058ceed24044e542efb36416272eadf6304f30efa0b7bc1ae5be92fe50e591ee6f725726e917ec113506920beb2aa53b39f1d76b31500", "cfb220c7d481332f3f1f8079dfe27e23185fd67a407358db7892789f96b7fa9b14daa48617a10d8a91b820ecbaa470ec0bb1f3cbce7f70ec70b19a4cad082229c2788f8611d7dc306d9a45761a97828c36ed87ebde5d4a3e1609c1422a8ae2f7cca428ebdb0dd38b90b9598a353b18a600bf35a369e6e3e5abb0a1c5c0c0e48e014e7ef1b7d768b3c5657f1adfbb7ff2985082b16c99eb83ec3660990dcf1106efa6b7f8a4798fec811c2c85faec0235c83b7093b3d02367421abc40a554e0b0d7fc1bcaece4222c594f8d20e368fe625ca433c75486fe5c94103cd17291349ee12b877602936688666f82ecd8f4f83d50bb1650e08b96cd25ad147c4c956c98649806a3736d072c8d97c6e3a46a7c18535df8d828b86662400d8e9cc861fa1dd5dc193892d3168396c499e07b279fb76c7e289f2fd955691363bc1de74536dc571817615c88b0d594a136966c129e424ccb7ef1c7c7461eac7ca5f03d72ea4c9c3d1156ee4cb1bb70e097357588b5c49f6716bbae1bd118104b42786f09a3b9f7cb80f383cadfd0c462096ff2bb637b7cf79764b6a4b7ffc5d87c1f063fb48e7f08ad5af534c70079f12f28e8921abbd4280801cdf6101ea494768b1274afd0eea5939843d56022a83590920fe446d52dfe699c33977d5592dbf7e0e236b8175d7faae06e0c50f7402174023ce4b996564e945c416fa823f2f9c3213ac50b20bd1fd55bb8d9fe70ee31ea2f404ae0fcbf857bebcc9196c8c622059fea2e248e4058905b69fb98be312d3193ea1d8ff653173e8c4ad8c81d77a5bea45b3cd6fba19b6336f94ec04c8f86d24e9ca959874577d7ca0baf3c4ff30b554bc3ccc06df46d925373fbf7863e2cf684d3bc9603ab72b851ca4728294de87f2dec6f23ca9e43ed2e5cbba662d13137fc1ce0f6ae6aeb974f72f4b750825fafb67715e425f40c7da83b92d4249a0a4e96b789cceb7b07f38cb83f72dd093a345ab3cb8ae760fc14e40ea182a0d7fe1facc62a1ab0902349fd7e27bb0cd349fb5053f4734823abf020739b4b43bb11f5d69b61295068df31177959903c2ea1bb82d24eeaa93d0d4738d5d15b2a401e7ebe0d3cfbd45b2db2882cdb41408aaa710c3e20fbb7f9da4f68d0eebeef175442e807e9908132731fe5e268582dcf6dffa4251ebb7121db8e412089fa9d8af9919799547a26b6b8eb44c28f1ce5f9a3021fe30841be204c1b4b3813dccae6baeef9b53fe413cbec46bb0cd95d3793cdc9bfe6cdd96ce0c4aa4a25e1cbbeeee6c9fa558b279048c7e31d07b125bac68d4e1f4253bd4dc7824cf3d722c94cf2b8f61bc8155731f072fd447082b181a13ffb8c08a1d568298c5de2d969fae2bea070a9e2688f294e76b8c200dfb993ec19778eb56ae3127c1116ccc85ef8806fdcb9ee0cb66ff03fbb0fa6c52b9b101b3830fc1650efa859163a264b4059092e5dc9a415ec09bfd1460f142fe5ef00beb6aa9032bd0de97aefc6f65e8cfeea761b3d8174caf528b6627682ff4d4450cb0f34251fc000ed01dd538ef13260984f44703b89dfb511bfb538d0b1c8aded964e1bcc5ca57437468b14a31ec0000a17e4d24369c40500449c37e7dccedba3eceb59d827dace246b5c48afb6a5988e64c560b3dc76c32d831f51cdbc5cfc4364ac8b25372b87c92bacfedc6bc8feb44098dbebc89cda03c59e4c58a31372bd574704b9e788834b9f83c6703f6709efad97c4ce499ea580dae1de282a019247cb3dce5c1906322e6d3ca5157ea6428bc42416936fac194efe136089c07faf7adf1e923003f1dc63fcbc634b389a4f351a6acee785e23c6bb04ca2f265be1e634362eb5bf86fce896dbc2a1db6b286c7ffde6370bb4d6e9e0cc3ec451e1a99d134726c9075e71319d3a683e91e4b900061c0e6d086481069cd32f4cde7816f8e3a0ac6428a7488f31f06ee0da10df3ed0c150d29085879d064f914407f60018bb588735663647bfeda930407d69abef3f72fd461c2b85b00988b412a180fd267fc646a86d297e7e40912607157b6fa873df6442579b1523d8117f0c06c87adf75843b8bff30a5bfb4fe1e9846b7fdd58774641baf9cc9c4e38e53ed24a9d9e9dbc7657aa9b220a8545852b0409f5c0812e953823e841967bf55059acc7a4600818134359e72cfae0d04a0738ac8acca433d6395a455b22cdd6f901d4cdea1cf17415f7d7895a4b65f80d2f7c5c60a0dc04b40c9ae5ffc922e074a82afd704673e1766d19db9f60eab0238fb4a3169a08aded607847e5d752d4e24c4914b95bac3892bcfc2076f16a7f07583f0d418b9dec03afdb2e93335a392e1b1ef2910eb2a4b6a63fe61641f3c02bef73cd7e4a77a6f30ae821598c3160511603541bea89022b54f321c2a55cdeeb19335d78a821ab6ca0f36588a9a79a41e2123905a491d658c2a1caeee998c995bb0f816c92c5dc2b862183f80b9f9786c9c5524723c944d11f6894c7f008ab8194f577e22c03631d2a33205f508ea49653e7600639242dbaba704f700ac227f32dc575c559a0a1f4fe0cf6c22fbf7e1ca2ab4b1e4724e8379021e3c9a7c1509c6a413bd7d9c98938e440762eda2546d636597defa86c1ad31126a1182d365f858927d140fb0a97f80adcc5f4ed5efe11ac503453917a263f1d64692348d30f382e85e464ef7616067a42df5de1a1b622fabefe2ca4ceffa4801f7a02fdef40644cd1d079590d900727628d54b44db7ac700d8d664f7eeae43a354fe51b4c49e8fcda3c322b738ed2b800b5cc06e22c72af2a67ee7bc8ae894e841f2cf2b0a7e381caf944bf4e91ded63b6f82f7474e4f81e986fff7e5339b8e9f60103a1af81833e120f0c88893ecabac044a4a2867cda4fdcb084459a00507aa9e5a8e761a72df3322a1ae8cd918b4994c23bdb1e459b4f21651bd7fa067a00e2a2877bf6b29f289ed8018e0a78f6fb4ded9749640e0e37f6381b320ab72da404f3d70d60152f6fa6738932387b83250cb3148141edb52f109bfd4bda8054959db01f4c550609a63c08cf01ecd110cfc6f0055638c0dde039d2ac2daafe59e561f9f08a8830c3f661e4325de63e98f4a4216ec3b83fd200201ed3f647147611424286ffc6c4a8aca64a6874743242d4feeaa9153de06e51c512d9cab7ae712c6424069f3e5db4ddebe9b48b5f6caa741162edf97674d2368e03a387f798151a4b9b9fa9e3a5838a343133158364a9fe3bb4b9a3c464c0c54a4c64ca774ad200925ac6bf59508c10a8574afde9b821741af43ec64cedc13aa220b39772195283506dfe899dd6a7b37eb21f154056a2df3564ef2bb918a928651de88c3613b84e7960bddd7b46b1304deb30f57b6fe5a3b4788629e91bcc245e748b3387f52da4bb094782326dcfde0827e2d674e41bb375247d349cade9c704e5431785009b0e53f1b45c70b237c9432e07e4c7a8464ed11608a3d2184338dd9e6f6ef4b3d751e979667b6a3953c89aff4eead7a978071a912b3de21a85a5849c57933cf53cd74a610f3e60f699766fbc7e0bb8a891a429c77bb6f3b6f9f8eb0b1bd9588ef2ce98fdf0a0838e4b0bed807d8b673093c717feec8d697e32542274887d039db7a2daed5d52c8e9767443229f8003c5d67e907376ea2f393484fa70deee159cb56f8d097b8fe2736e95f540137e20725f0940a8d049068ead4c46bb3771a671bb00de88931e03445a55868de0c220db05cbda9f996d5fe7c1070efe5e718fed4d4cb4ecacad3d6b643bc0ffe9a71b720ba7b5adbbdefe29106ef6a6ffe4547f5d02bec312147df0abe80efb2d5e598fc7c8b268e58b59e0d75728e9a18126f013c963ddc92d251405f857fe3a5cbacf443be7772975b7bf4f6d7ed6f80dfcc47a88c6d19120942adb5385be6ef3c0d7e396bcac5affc8f9276d6cd1a0b069aed72a98cde8ea7aabe6cc091b19efcfaf9368dfeb3087a05a42e3b893dae5ffeb72e6ac06e995a2a75ea0b5f7876247bb4c38cf3f0153f1f7473b522f1c440b632270e2b1d654d3a5ae16cb788482760d34ca79c8951b29c628e21029715683a3e6f8f77c5d89ecdae37e0190f79c4c1dbc9d0160e359cd6c94d6662ed53bb01a83374ff593c823acc59241b11f020902069fc0054a9b26cb320bef4fb1f8cc5bd8ae76eb029afab731b9876bc4e8708a8315512823cff1f9375d284ce66e53d4efad6c76d17bb532fc938b8f80c13ce86b5ba3e540164bc5a5d47cd321c241d8740f453ef95bd3878d578561ad6ce20877ffbd44062dce8df1d048d8d5e4045be647886108cbb1f0b26a8b74b66858afedb830a161bb02bde4c46a688a0ea3a7018ce24666aab0f422ede2f78ea29f77e28d87c744cba0285ce33d0d9ac45774829699de6d725a9b6db6e7d03ad4ec9d075c386e68ca0bcd9e9911d741ed0168cbddb87a7918a964d206629da4e887277b0ef7d3f9c7082f3f15f29a0dfb39f3b0877a5ec3ac4343e0d808f5aee8f1869923aab6dfc1016821c013109f34aece6183994b853d0e9561375c02cdd26b1b5511ade44637044c4ebddb190f173969a0ca4cf5d42153763a0b91da0110ae7a25204850927d81b00176d4568a3d444d8029bd010df784e3f673fe855601ec4f1b26b2df58841e6a65f0db66373f63cc14a8b07dfc52ac9957eb542d05ed687c79519609de96df18b63cb294b534ddf7d2e8f41bcc1e5a006191c4db057b6709f0a96f18e7e8f67b8be2a19c015b9c4b0b3f42e4de366b71f8da8888809473c3c7a02a1158e375f29997a43bc7118ca4d1abb8f8f21972fc589aaa3d73a4d40a1e1705e169ac6e56cff50d89fc45b6863c8fc67bb2b5939a7f33072539ba4c24077be5711ba368bf7efd4897931531d388eb5c2e56bef337777150dd59518652145c9594e110e41d2615196c6b197916c88cc2814e13a3a922b4ecb044bf31cc90e0bfe0ce07de29188bbcb0ec1a12b509f52582fbb948c3cbe0c6964f46991cec0704bfac08aec6ad8ddfc36dc68c7f547c5ee6af4a8d55c79e3dc1c49b045379811f81e9a185a92cd37ae4ee32c5d3c82d36d6202a6c84fd231fe467071d42072827fd77afa5d757e6f37247f783ef09bdfd7536b666e84bc4bb878005b7829293a04ba090272dec844f4ef0e934617c08518bdc6b915ac6f3f03e4a6ab88e21c3f21f93b31d95ea3b9228e0031cb69795de5abd19c4cb4a0cf2984e53ca391cc66e33ee0d510151670331fa264753704fea5e4b1760f74890c49a74a47e0da13155c5470013d53dea0f05b5e088f1511c209f5be940232318af2757951d399e32eb862d915784713baa8ba93645caf04ba78fa3cf600ff92b9c5be58ad87438a340bac00a5ea9fb17e39478ba61fe36335e48d8c5a0b25f024cbd2ec7f217d0f260951da396dc13a2a74cd90df4b52db686e3b34d27cfa4cebd7bf59cbcfaf4007dc943a1da6e0bd1799a21ab449d7bb42935e50c839c5b567c59742436af15bc8d46095520dcd9273ae2b6f3c1cc2b4311ac9e5d297f0940b1552c5955adb302022022bb7457978998b56328629b7725dfbe3dedb37f37af0697a4471d1d6ff6bec633a38540adeba903f3eaaec5785fbb3c6a598f49dbd9ff93c67dea1ef39a614331b119fa8efccc8bac01595fb95a2a57eec9fc6c6fe82782aa89ea971866fd9a3bca4010182092ab6d1e2b49b964be9e3bb13bd6b77850e435f55a5d46e5bcb3330c7edefd31c33f61275e51600"})
ioctl$KVM_RUN(r8, 0xae80, 0x0)
ioctl$sock_SIOCGIFINDEX(r5, 0x8933, &(0x7f0000000c80)={'ip6gre0\x00', <r9=>0x0})
sendmsg$nl_route_sched(r5, &(0x7f0000001200)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000440)=@newqdisc={0x64, 0x24, 0x4ee4e6a52ff56541, 0x0, 0x0, {0x0, 0x0, 0x0, r9, {}, {0xffff, 0xffff}, {0x0, 0xfff1}}, [@qdisc_kind_options=@q_netem={{0xa}, {0x34, 0x2, {{0x4e18, 0x8000, 0x8, 0x4, 0xe, 0xff}, [@TCA_NETEM_CORRUPT={0xc, 0x4, {0x3, 0x1000}}, @TCA_NETEM_REORDER={0xc, 0x3, {0x2, 0x2}}]}}}]}, 0x64}, 0x1, 0x0, 0x0, 0x4040011}, 0x20000800)

7.270600444s ago: executing program 4 (id=9004):
r0 = add_key$fscrypt_v1(&(0x7f0000000040), 0x0, 0x0, 0x0, 0x0)
r1 = syz_open_dev$loop(&(0x7f0000000480), 0xd76, 0x181400)
r2 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000140)='cgroup.stat\x00', 0x275a, 0x0)
write$UHID_CREATE2(r2, &(0x7f00000004c0)=ANY=[@ANYRES16=r1, @ANYRES8=r0, @ANYRESDEC=r2, @ANYRESOCT=r2, @ANYBLOB="761304d6ae8d3d1d231b915f43cd66566f826c59cbb4185132628db6aca424496a4bfed23403c13cd6fec66baedc54f4319547a76a2fea6bbb840dbb0c0c06df715f35256f800c637ab1fd5cfd9eb53d3194c45db86189fcb2cc94d57b551af94728d15a9273b92dbfdb925deb00ed97c2016a302b0bdb1cde8ad19d7f5c5441ab61af7f611f5ed97b3e143208d3ca2b04d36a2fff025f2ec74d7b283b6658d658d229be8cad791ce98813b8d9ac73f3ed9a3b338d48ba4756ae1d8645a00e4040a6cec859590d9f99aa7562410177d91f249d99034737e3", @ANYBLOB="0bc7ef849ea570e45f27cb673f91f3b981d8c25596bffb802cd30f33c760bed229a1514e1ecc2faec88c053380126f92b931b4c759fdb98668101d9d4e43bb62dce791a368288e3c2a116cdc5b48989a988699dc93664415211b91f5ae677f5600b1010c9fb5740e50ddd1df186fd33bf177b9a89b6c3716ee52c72de49e4af218f6bfcf33ccb81501e7518f790143fad4e288add844b0ec89bc09fca8e3110ff5ec17889cc55651f82d0081474a9ecbc56785d391b61756860d3cc6dab276c13f2b31649bd3fb6090520fd01f602b"], 0x1df)
write$binfmt_misc(r2, &(0x7f0000000040), 0xe09)
ioctl$LOOP_CONFIGURE(r1, 0x4c0a, &(0x7f00000002c0)={r2, 0x0, {0x2a00, 0x80010000, 0x0, 0x2, 0x0, 0x0, 0x0, 0x2, 0x1c, "fee8a2ab78fc979fd1e00d96072000001ea89de2b7fb0000e60080b8785d96000100000000000000000000000000fe0100", "2809e8dbe108598948224ad54afac11d875397bdb22d0000b420a1a93c5240f45f819e01177d3d458dd4992861ac00", "90be8b1c551265406c7f306003d8a0f4bd00"}})

6.901052426s ago: executing program 4 (id=9005):
r0 = getpgid(0xffffffffffffffff)
ptrace(0x4208, r0) (async)
ptrace(0x8, r0) (async)
r1 = syz_clone(0x40800080, &(0x7f0000000000)="ce7d66133fa50d6f75b21a24323783d9110ff1ac9da997e0268098aa63027f8f68dea50ba124a94485296fc0ba7ec762bbdf63b851d3cfc762fb20a9c055c2c48b0e99046884a888edf5ba9da01f29111ea666e4dcc600d468afad0d59c1eb37c45c2d37427e908c280fd002841175221992fada8b8f944eaacf9cb4249f49617676271bbf36470ab39bb11792c1f9cd79118f8d9dc048079cd6ddbf2e4374f4a46773ab18f81040227fd666fc24d10c83ded7dc7b10132d4949a5bdb9b24e4502562399e4e5d718f67c2d66a0fdabb7210f8c5afbf996533f90d9f7f0d2bb9042b11f69b571051205496ee2e4500c41299f06f0bb3fcda828a65ce01436c063ba1e50edb00754f991d3e964fbdf4d7217e806975771f5d6df4ba94b0d4d7912ef871e1a0c6a26b415d63cd1779c9d07ae731b09257d823f886b81731d9c4f073f1b720a766b9034f9cf0e418d67ff28812e147589835c823f708f493ae721006969c7abc991c9e32ca7284d1f15cd52c4b8509cde03f84cd34feee2d1f7d6593127c34ceb1acfd0a714ee0d399487ffc9d358b7a9f116752a11edf0e7591818319b5a3ab5d3833b1d6f1fdd338f84b42a0a9231a9e3c176282cfbe0716d3874119d2c50d6c964c2539f96795d62682c186b3b30ea7c8e31c47205a879d6b1c3a57464d821551d1275b72c9d51e5a90cc2487f33406f7401c9d7db20250ccb27095988bf9daaa94c9f535dadcea52edf01d42017b2988a228fcd62a42f95353b05920dc89d894f1023ba087cd23c4e1d9fe3f297083715d30cd32b8d2108d684a953d959d82b9afec796b970601db786f8ce5740bbaf6cd3dff14b03240bd2cea5e841541b97f3d1355a95c280bec0320f5b1564556171f063c4528b4f9ea435306ac4f2c188477d76430fa8609859913994e0151fbae132cbc8beae63fc58130e63d8c13c517a036be5af8d10116b36be98803700b6a7eceacb7c789e1fc749105741d4b03970ea86f82e7ff1e69052070b78b8df6b170e91ef54bb19a6c4dea33f86fb67328641cd7689986a72a32ad435020298695db9e953765ae0c6da4d7435f4972c51b09780a03dd744f6184f05e03504d0b1d8f3964411165f1cea3136256d04fd89b0819fbc3402a1da4c564a92ed09c133dc8fa1fcb2f94e8dcc91cebf4da7090d4a1b1c7bb50fde2d49ff23b0439599a5d4c2a52477cea6218172a448bc084810a9fea7c85647e3727eeab7ac7f99c5106ed21ddea5a30ff9d0afba2e7522cf7b1586c7a095ca27eda653a94c73ea6f44c8d0e9f7b62d44afa099acab9e5680b0eedb02d90a4b166324da4123d8624498d3b974fb2eea753111d49f864349c8ca99d39312199c8e6c728b0261f420d8a886433974db0076c840c17aca5863d2af3bbf237ffd8e50a1a68db2fbf72fec7ea7b152ba6771f1828bd5c62f6fb8d51ca47b280831aaea657b045806679e7bedc7d8c37c81ae457c6b2aec32300ccd35732b932dbe6e79c849029c715657818bbb75f3a565add9539df2caaf6a0e5fdf465146cd9904dff89a8eda4df28d177d0f14f2f89bda1baa545259ac70e13f43f2731503d14573d5018246c4606ea1d33338cb096c85dc18ad837cc4741c221521918c265a78df5e167093acc67d5ae54e225af22eb6d3fd7250a682a54c1609438f67a368174afc36996704ec5a06ec84cecd4ddd2e57e931cac28377f4f9376a081409bdafa83664212fb5eb98aa3abbfd97e69e693b33a1a2f6c753b6a82026fc86491c3c99d05979565ae0781eb4e10688e12e618aa9b5b4f08abc338066821397024877825db9496e4666706e7c088f47a581d0c9b1ae8b5c9ada17d8ebd74dd0f2fb7295d5ce723565ea0f77e543051ae7e8d8143da6ec42236cbe8907cc88ec7d3dcf207c7d7227cdb10278bd982fa5bc287acab9460ec4cee51fdec81590b430d0e0d133f959338fb04093183688b8261a31625d0637a8b4c95df85154d2f4ff0c0e60296ff8156acd364ffea5c28e3f20a906abefe52fe054d08ba5016b9d10010de31cfd9600ea173ef2eacce8b3de710f38cb6edae2230d346aafea2b962394c1a1d5d3e876421c3d04670a87e7baaccca979e61e50a5d8bb13bfc1829e2cb0c557e1874aee6ab1c2fb70f110f33d7761ec3a690625f4b060280d90e3e0922d45c4af83f6d8c9ec01cc5420f60ec6ecbea8943158d0b1902f3b08509ca261420f3c3b3db1ed51bab3c05e2f11c2acf3723bd597483d8ec8bdbeb2a4678518763879bbcb59e83953593c31b91f4353ef2f52ab5243a29785861f1d38c137d66712df45be9e142b6c600ca6a0d90c35de155c3c5de68b639b7e750644cab6769593f9ab60a3a8fe0c4ae9b3c7487859ade561fd1b39a780782d15954feb902843ffa2a03aca33226e6c4e9ab9f46339eb1cb7376f574370cc5781e45ee2eb8524e4e43a4eb59f4292ae089de8b63503a971d94e5950adea5f3e5326f997ae41328c2ac0e979cb172232a062e21b74cce384c3c9312dcd94b6c8cc3e0058b35c54c15d22d3d10a124fb74dacdb5e30bdc1842ef679467a4fbde639365c3400cb7695f40db6610ebb4a3a69f706e88240ca7d43ddde3378400763d3e75ab65bdee88c42944feda31d06e772a0b82d48b47901e12e6fbce3a56dd3bfbe4450218cca728d0bf5c08a0808f40327ac8067b8a630c48ed11b39ef43454ce4f471cb08a874ea2baf934b76731263b90c5fb19e4fa9d19f98a2c615bc9652b53cb3c6b629cd62df7043075983f1eaaec4f5a8b9a30eb9e8aefe9918414d34632a6d243319bc50b190a3e6f3b15f70b86d160805b68741eb71f66969a08b005d70ddb64211099a49476fba7b21ae3cf9e988d6ceeb38371aa5195a1fe7add7a2cd7f2b76d9c6a0c1603218e5d2a8b39926b337246b8d8dcbfcb5f51847b96738d87182c57e625901def089978dc24e43be44eead981f0eda2c0706e6765efa2a79a4143306215eca27cc9d2a0302d4c5f74ef4d23fd4c6ac9b74e2537e2ff4038398c075f93db065254785d0a63928dfb553160e4a7307bf64c6721a3843fc54c34fe1a9c8e26c013fbe6cf4a203a37cf6b61dbf7ae34a8274ed22143332c40720927728d7c9649cf980db1a6ef9c70bd57f06b6e67b79b52212db8ce0a20e2370fccb0fcb82547787c32a06784ef3d53c37a3024876f9ae971c0681712765b482238d9d99af32a28f1af575b4893fc7a5e93663277307b683eeef33a836448ce479b11ace8ed872e4d83bc88c3548919630b9169391fd1018a3a2e43d548d117b12385c084fc7dc809cf788c64f574fee0e742b3658b1b3518cdbe8d5e1e847da6d862039c2e0f854f71e291917c0dc45ee71f7b7caeb90f8f56153f2d041d41daaaa48949cf6997da687310bcbdccf61b45681f927332aaca09743b6e0708514b51e8ca43e80bd207281bd55a13a033c4690ab260bbf4a34b7ff745776eafe335194054bbc78996f170a28fba6d27d356946f029b9f7d459dc2648ee2db80c5cf60cd12873866f76ac1be380e4c9bba3d7b5714090102692c0b26d4bc533e847083f4b7733a2a842e3927994d5e0721334c2dc476a4fcb44562fb20b063f7b7b6c9f60318a5378fa8a48722492e509818d335428877687717df17c15c09973feba63d3d3e3428eb3ff975443ad0cfa278318eee34a3b38d3ea059813c6acc82ca5508635d0a1f8220b07fc9712dad1d0b13b715971dc8511ae1706d7f1b98d5c71654bbe588c4bc210da33fca569678855cf15d52168f34f73beceeb7204b540e37ad4e45329121a3537250504232ec90263b7acb219adc52759f81c4fcbb4a8517a96cd85d5e717d1e103772c3be24d2723d4d91269130e516b8958f0a95615f5de3f2dda1f1d1cdeaccd82160d6d5f730556442f32ea35e9c753277d388d0b84817d53ad914fe5ffb55571ee41299e64c7b92fc1b5169664f8c5ac58dd01048a5c9aa5ac07484c20709dabd31214fb822286dbaa3f758ad516281433b556054d9dfed67dfffe4a9b8369cb0996d5aaa1bdac4acc92daaaba81097ba9618e1eb421b19e15ecca52c95fb921528e52b1630878fa3c8724e7113eb033db9fbf4b81cb0aff32e3c15e4c76a33c20824fbe1688f8dcbc69a5ef65f5188789b6e47ac1b1d8659cfee98f46fb841d42c2f3c3b50fb02d95067b9ef61d0d07ee4cfe9b4f239c798caa6da4e3517310dc2c11a319493261b916cedd7825d3d4b801598df86fb771d0ace6b99583765534bf0a0b6b76d8676104cbbdb42163adf29b21237e00a995c5ed535db6a61cf5628074d49b30a88813f8c607e5730ccb5ced747a336a1376a75b252ea18df46c7ed6126b4b7a86549d81602472685ecb64df6e0b07534af96219b522a6b9970cdeef592dbbbede8ee7a392bffc09ce2ffef1dddeeaed34e0ec75d4bd3d3416de5c1c75c3e191691cede13120827b6bc061ce09be51c339024db481af2f84634219e5214d7ed5f49276ba553e50c98b64d593810922e95bdc1f4a1da486b939c59484dd6892b09423a1d5d1d395df0e4bc90aee98143c4481ce8e2886a6f2b41fe1c01cafd7c07d0e5612bc1bbcea2864c96a89830865078bed05d8deb7ac22793d2089ae5c0e45d9d9c3fb5978636ee959e900ee85405a2c90731f00f4d92767d02064248635ac5cae73b27ab7afc26bc11629c54e32fe2e5efb0f98e9e8ea39073e3a9b9d084425dfbb6977992ae5e415d4eb07498ba86073bb9d3fd13feb74d9d13fe2105e987a2b4d4f9ee9f9e014446cfaddaf38128b2037889174527bbd70279042a5a31cf595030c38b603e06fbb5e21ff1f7c371624362d519120273ed375ca8be0d79fe442c33f57c5589996f86feb6eea7dac71917404f1c2b99494faab3e23c7ce33286ef9f5d7268f35e32723a3928a444eaa106c289b334f0161d91bbc52a08d368108f3753ac5562690bfa10b9d7ae1c0aff217710991602748e719299f0b0141c3f492f43dd4cf34ab2f229a4a5f3574e2d7c3534255fc81b1ab4cadb6fd356df0330b12151e01e015b3cebcb34823af39071b1896cb2bbf9f98d2ba420e8093b7442cd888bdbdbda23a60cb320b557914d1c675fffa107f19a320e0577e22f20a653f78526134ecdd0ffbf5bee2baf35e687fab054506ef4295b940960e57c12683e63e6e04811dd7aae5a1c4acb81ac450bb31adc5aa6f5f45cec96c7aa6d0d497855a9fb9efec8b1e4180d1df2bd001fef7e6e5105c657886519da62cc80c9315233401fa90e99386d7892810fbae209e42b7320c3c6e92ff9ce68524f4603c8b418caa169e10622fe2da0d15da9084368aa2a5bf29993f75e0ee8a736e7337694756c1d21dc4fcdc68234b8967dd610e12377bf70e95c9300d8b2dfbf35815b7a996e92163474abc9ae4c1f241b73c7e5c92b808d221c2d5cf7d9474c532054bc337d481f48f890a2156c3a7150c81bc1c0b9035e036fbc2c30e2840502f53d8cc20ed6369fad903a30e6597d94f837e853f6d2c889cbdfe741f7cf48f16a1d11af962b50871b059be7e8ec80c862021937e2757efba2416e4803fccf1defa7fba32cbd7aa8e843430d513f72307448f35c52cdea563c55d5d24903077a6fc4f4d96d0dff071a9e4802f4cde3f532dca9eb5a853764e59ba161a2ecc2df14423aa7b6d35ecab29f0209c06015b0a8572b8921dcb3edce3d7fa6ebae5b5bfd24775e168fd58bf91ae604ed9081fe005ac6e38187b67b2bfa71a8bea1abd904b5b04e95e0a", 0x1000, &(0x7f0000001000), &(0x7f0000001040), &(0x7f0000001080)="a01571499d6881e045c93822c4216678ec854e28c2c030f496580f2e62e064e16df8763575241dbcccc834a83c77a333c161c4e9d90014b15ae060698b661d5d0e6e5db53206172b0f75eae41aa526b0590c9b05ca828f909a5e6f0d9e4f8cbb2768a0a3c81dbde9b1c58e74a70a8313018d0f5cc4ca4dfa1b3ce41491f485e2178c954605afc1f5b92ddc57c431a514885436ea2d6c8308872661cb8273c0521c064a23d60e7bfa53dbd6cf32066324163da4a066d713090cb929714df83e5cdac6e7e7f142ff55584117a54bf0f7ba8d16acd2")
r2 = socket$nl_audit(0x10, 0x3, 0x9) (async)
r3 = getpgrp(r1)
sendmsg$AUDIT_SET(r2, &(0x7f0000001240)={&(0x7f0000001180)={0x10, 0x0, 0x0, 0x2000}, 0xc, &(0x7f0000001200)={&(0x7f00000011c0)={0x3c, 0x3e9, 0x8, 0x70bd26, 0x25dfdbff, {0x41, 0x1, 0x1, r3, 0xf3ba3916, 0xe, 0x3, 0x7, 0x0, 0x8, 0x7}, ["", "", ""]}, 0x3c}, 0x1, 0x0, 0x0, 0x4000005}, 0x8804)
r4 = syz_open_procfs(r0, &(0x7f0000001280)='net/sockstat\x00')
ioctl$SNDRV_TIMER_IOCTL_INFO(r4, 0x80e85411, &(0x7f00000012c0)) (async)
r5 = seccomp$SECCOMP_SET_MODE_FILTER_LISTENER(0x1, 0xc, &(0x7f0000001400)={0x1, &(0x7f00000013c0)=[{0x4, 0x7f, 0x7, 0x3}]})
sendmsg$AUDIT_ADD_RULE(r4, &(0x7f0000001900)={&(0x7f0000001440)={0x10, 0x0, 0x0, 0x4000000}, 0xc, &(0x7f00000018c0)={&(0x7f0000001480)={0x428, 0x3f3, 0x10, 0x70bd27, 0x25dfdbff, {0x5, 0x1, 0x1, [0x8, 0x0, 0x5, 0x74f, 0x3ff, 0x2, 0x5f, 0xd, 0x1, 0x7ff, 0x7f, 0x1, 0x4, 0x6, 0x8, 0x7, 0x5, 0x0, 0x181f075e, 0x0, 0x0, 0xffff, 0x1, 0x80000001, 0x80, 0x1, 0xd, 0x4, 0xdde, 0x2, 0x8, 0x7ff, 0x0, 0x9, 0x4, 0x24920000, 0x9, 0x9bf, 0x400, 0xf658, 0x7, 0x1ff, 0x3, 0x8, 0xfffffb5c, 0x4, 0x2, 0x5, 0x81, 0x4, 0x7, 0x3fd, 0x9, 0x8, 0x0, 0x8d10, 0x8, 0x4, 0x10000, 0x4, 0x9, 0xfffffffd, 0x425e2631, 0x3498], [0x44, 0x30000000, 0x5, 0x201ec000, 0x685, 0xba73, 0x0, 0xfffffff1, 0x98, 0x8f7e, 0x3, 0x21, 0x858, 0x2, 0x80000000, 0x3fb, 0xfffff801, 0x1, 0x9, 0xfffffff8, 0x800, 0xfff, 0x81, 0xe7, 0x8000, 0x2, 0xc, 0xfffffffe, 0x3, 0x7, 0x99c9, 0xb, 0x80000000, 0x200, 0x3, 0x4, 0x0, 0x7, 0xacb4, 0x9, 0xfffffff8, 0x4, 0x99fa, 0xb, 0x8, 0x3, 0x1, 0x3, 0x39, 0xfffffffa, 0x0, 0x7, 0x10000, 0x0, 0x2, 0x1, 0x4, 0x1, 0x50, 0x0, 0x7ff, 0x6, 0xedc, 0x5], [0xfdf8, 0x0, 0x101, 0x5, 0x40, 0x8001, 0x3, 0x200, 0x0, 0x6, 0x9, 0x8, 0x9, 0x8, 0x7, 0x358e, 0x2, 0x2, 0x10, 0x6cbc202d, 0x1ff, 0x6, 0x6, 0xc8, 0xfc6, 0x3, 0x100, 0x1, 0x8, 0x2, 0xffff, 0x2, 0x7ff, 0x576, 0x4, 0x2, 0x8, 0x2, 0x3, 0xfffffffc, 0x4, 0xb, 0x3, 0x9, 0x5, 0x0, 0x3, 0x9, 0x2, 0x7, 0x3, 0x9, 0x8, 0x0, 0x5, 0x0, 0x1, 0x3, 0x7fffffff, 0x3, 0xa95e, 0xc5, 0x1, 0x1], [0x1, 0x7, 0x1ff, 0x9c65, 0x7, 0x2, 0x3, 0x800, 0x0, 0x45, 0x4, 0x1, 0x80, 0x1, 0x964, 0xff, 0x2, 0x7f, 0xa, 0x5, 0x2, 0x0, 0x10, 0x1, 0x7, 0x3, 0x694, 0x4, 0x5, 0x7fff, 0xcd6, 0x7fff, 0x6, 0x401, 0x2, 0xe, 0xff, 0x8, 0x4, 0x2, 0xfffff801, 0x3, 0x7f, 0x5, 0x72fa, 0x8b6, 0x3, 0x1, 0x71, 0xffffff2e, 0x5, 0x0, 0x4, 0x2, 0xfff, 0x5474deb0, 0x7, 0x1, 0xc0, 0xe76, 0x3, 0x1, 0x1, 0x3], 0x6, ['}\\\xd7\x00', '\'\x00']}, ["", "", ""]}, 0x428}, 0x1, 0x0, 0x0, 0xc0}, 0x4080)
r6 = socket$inet6_udplite(0xa, 0x2, 0x88)
ioctl$AUTOFS_DEV_IOCTL_READY(r4, 0xc0189376, &(0x7f0000001940)={{0x1, 0x1, 0x18, <r7=>r6, {0x7}}, './file0\x00'})
ioctl$sock_SIOCGPGRP(r7, 0x8904, &(0x7f0000001980))
pread64(r4, &(0x7f00000019c0), 0x0, 0x7) (async)
setsockopt$inet_opts(r4, 0x0, 0x4, &(0x7f0000001a00), 0x0) (async)
ioctl$KVM_GET_CPUID2(r7, 0xc008ae91, &(0x7f0000001a40)={0x5, 0x0, [{}, {}, {}, {}, {}]}) (async)
r8 = syz_genetlink_get_family_id$ethtool(&(0x7f0000001b80), r4) (async)
getpeername$packet(r7, &(0x7f0000001bc0)={0x11, 0x0, <r9=>0x0, 0x1, 0x0, 0x6, @random}, &(0x7f0000001c00)=0x14)
sendmsg$ETHTOOL_MSG_EEE_GET(r4, &(0x7f0000001d00)={&(0x7f0000001b40)={0x10, 0x0, 0x0, 0x80000000}, 0xc, &(0x7f0000001cc0)={&(0x7f0000001c40)={0x4c, r8, 0x10, 0x70bd27, 0x25dfdbfc, {}, [@HEADER={0x38, 0x1, 0x0, 0x1, [@ETHTOOL_A_HEADER_FLAGS={0x8, 0x3, 0x2}, @ETHTOOL_A_HEADER_FLAGS={0x8, 0x3, 0x3}, @ETHTOOL_A_HEADER_FLAGS={0x8, 0x3, 0x3}, @ETHTOOL_A_HEADER_DEV_INDEX={0x8, 0x1, r9}, @ETHTOOL_A_HEADER_DEV_NAME={0x14, 0x2, 'team0\x00'}]}]}, 0x4c}, 0x1, 0x0, 0x0, 0x4000084}, 0x48010)
write$USERIO_CMD_SET_PORT_TYPE(r7, &(0x7f0000001d40)={0x1, 0xf5}, 0x2) (async)
syz_open_dev$dri(&(0x7f0000001d80), 0x0, 0x40)
pread64(r5, &(0x7f0000001dc0)=""/66, 0x42, 0x0)
r10 = syz_genetlink_get_family_id$nl80211(&(0x7f0000001e80), r4)
sendmsg$NL80211_CMD_JOIN_MESH(r7, &(0x7f0000001f40)={&(0x7f0000001e40)={0x10, 0x0, 0x0, 0x40}, 0xc, &(0x7f0000001f00)={&(0x7f0000001ec0)={0x28, r10, 0x4, 0x70bd2c, 0x25dfdbfb, {{}, {@void, @void}}, [@NL80211_ATTR_MCAST_RATE={0x8, 0x6b, 0x4}, @NL80211_ATTR_MESH_ID={0xa}]}, 0x28}, 0x1, 0x0, 0x0, 0x8000}, 0x40004)
getsockopt$EBT_SO_GET_ENTRIES(r4, 0x0, 0x81, &(0x7f00000020c0)={'nat\x00', 0x0, 0x4, 0xb1, [0x7, 0x9, 0x2, 0x8, 0x4, 0x2], 0x5, &(0x7f0000001f80)=[{}, {}, {}, {}, {}], &(0x7f0000002000)=""/177}, &(0x7f0000002140)=0x78) (async)
bpf$BPF_LINK_CREATE_XDP(0x1c, &(0x7f0000002180)={r4, r9, 0x25, 0x4, @void}, 0x10) (async)
r11 = ioctl$KVM_GET_STATS_FD_vm(r7, 0xaece) (async)
newfstatat(0xffffffffffffff9c, &(0x7f0000002240)='./file0/file0\x00', &(0x7f0000002280)={0x0, 0x0, 0x0, 0x0, <r12=>0x0}, 0x2000)
mount$fuse(0x0, &(0x7f00000021c0)='./file0\x00', &(0x7f0000002200), 0x100000, &(0x7f0000002500)={{'fd', 0x3d, r11}, 0x2c, {'rootmode', 0x3d, 0x6000}, 0x2c, {'user_id', 0x3d, r12}, 0x2c, {}, 0x2c, {[{@blksize={'blksize', 0x3d, 0x200}}], [{@uid_eq}, {@smackfsdef={'smackfsdef', 0x3d, ']-'}}, {@dont_appraise}]}})

6.138207749s ago: executing program 4 (id=9007):
ioctl$sock_ipv6_tunnel_SIOCCHGTUNNEL(0xffffffffffffffff, 0x89f3, &(0x7f0000000180)={'ip6gre0\x00', 0x0})
syz_emit_ethernet(0x52, &(0x7f0000000100)=ANY=[@ANYRES32=0x41424344], 0x0)
r0 = add_key$user(&(0x7f00000002c0), &(0x7f0000000300)={'syz', 0x0}, &(0x7f0000000280)="d25a9850a9d77f10", 0x8, 0xfffffffffffffffe)
sendmsg$nl_route(0xffffffffffffffff, &(0x7f0000000080)={0x0, 0x0, &(0x7f00000018c0)={&(0x7f00000000c0)=ANY=[@ANYBLOB="480000001000050400", @ANYBLOB="ebffffffffffffff"], 0x48}, 0x1, 0x0, 0x0, 0x4000011}, 0x0)
add_key$user(&(0x7f00000003c0), &(0x7f0000000440), &(0x7f00000000c0), 0xc9, 0xfffffffffffffffd)
keyctl$dh_compute(0x17, &(0x7f0000000140)={r0, r0, r0}, &(0x7f0000000600)=""/99, 0x63, 0x0)
openat$kvm(0xffffffffffffff9c, &(0x7f0000000000), 0x20042, 0x0)
add_key$user(&(0x7f0000000080), 0x0, 0x0, 0x0, 0x0)
r1 = gettid()
timer_create(0x0, &(0x7f0000000040)={0x0, 0x21, 0x800000000004, @tid=r1}, &(0x7f0000000080))
timer_settime(0x0, 0x0, &(0x7f0000000340)={{0x0, 0x989680}, {0x0, 0x989680}}, 0x0)
r2 = userfaultfd(0x80001)
unshare(0x22020600)
ioctl$UFFDIO_API(r2, 0xc018aa3f, &(0x7f00000000c0))
ioctl$UFFDIO_REGISTER(r2, 0xc020aa00, &(0x7f0000000140)={{&(0x7f00000e2000/0xc00000)=nil, 0xc00000}, 0x1})
ioctl$UFFDIO_REGISTER(r2, 0xc020aa04, &(0x7f0000000000)={{&(0x7f00000e2000/0xc00000)=nil, 0xc00000}, 0x0, 0x2})
r3 = syz_genetlink_get_family_id$nl80211(&(0x7f0000000040), 0xffffffffffffffff)
r4 = socket$nl_generic(0x10, 0x3, 0x10)
sendmsg$NL80211_CMD_VENDOR(r4, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000000000)={&(0x7f00000022c0)=ANY=[@ANYBLOB='$\x00\x00\x00', @ANYRES16=r3, @ANYBLOB="010700000000fedbdf256700000008000381", @ANYRES32=0x0, @ANYBLOB="0800c300b00a0000"], 0x24}, 0x1, 0x0, 0x0, 0x4040000}, 0x40)
r5 = dup(0xffffffffffffffff)
ioctl$KVM_SET_USER_MEMORY_REGION(0xffffffffffffffff, 0x4020ae46, &(0x7f0000000840)={0x1fe, 0x2, 0x2000, 0x1000, &(0x7f0000003000/0x1000)=nil})
r6 = ioctl$KVM_CREATE_VCPU(r5, 0xae41, 0x2)
syz_kvm_setup_cpu$x86(0xffffffffffffffff, r6, &(0x7f0000000000/0x18000)=nil, &(0x7f0000000040)=[@text64={0x40, 0x0}], 0x1, 0x11, 0x0, 0x0)
syz_kvm_setup_cpu$x86(0xffffffffffffffff, r6, &(0x7f0000000000/0x18000)=nil, &(0x7f0000000200)=[@text64={0x40, 0x0}], 0x1, 0x0, 0x0, 0x0)
ioctl$KVM_RUN(r6, 0xae80, 0x0)
r7 = bpf$MAP_CREATE_CONST_STR(0x0, &(0x7f0000000340)={0x2, 0x4, 0x8, 0x1, 0x80, 0xffffffffffffffff, 0x1, '\x00', 0x0, 0x0, 0x0, 0x5}, 0x10)
bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000400)={0x1, 0x10, &(0x7f0000000000)=ANY=[@ANYBLOB="180000000000000000000000010000007b080000000000007b8af8ff00000000b508000000000000638af0ff00000000bfa100000000000007010000f8ffffffbfa400000000000007040000f0ffffffb70200000800000018240000", @ANYRES32=r7, @ANYBLOB="0000000002000000b703000008000000850000006a00000095"], &(0x7f0000000080)='GPL\x00', 0x5, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x2}, 0x94)
r8 = socket$nl_route(0x10, 0x3, 0x0)
getpeername$unix(r5, &(0x7f0000000580)=@abs, &(0x7f0000000240)=0x6e)
sendmsg$nl_route(r8, &(0x7f0000000480)={0x0, 0x0, &(0x7f00000001c0)={&(0x7f0000000500)=@newlink={0x44, 0x10, 0x200, 0x0, 0x0, {0x0, 0x0, 0x0, 0x0, 0x4048b}, [@IFLA_MAP={0x24, 0xe, {0x4000000e5, 0x6, 0x0, 0xa54f, 0x7f, 0x81}}]}, 0x44}}, 0x20048004)

5.954338948s ago: executing program 4 (id=9008):
socket$nl_route(0x10, 0x3, 0x0)
socket$kcm(0x10, 0x2, 0x0)
socketpair$unix(0x1, 0x3, 0x0, &(0x7f0000000080))
syz_usb_connect(0x4, 0x24b, &(0x7f00000028c0)=ANY=[], 0x0)
socket$inet6(0xa, 0x80002, 0x0)
socket$nl_xfrm(0x10, 0x3, 0x6)
syz_open_dev$tty1(0xc, 0x4, 0x4)
openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000080)='memory.swap.events\x00', 0x26e1, 0x0)
socket$inet_sctp(0x2, 0x1, 0x84)
openat$fuse(0xffffffffffffff9c, &(0x7f0000000000), 0x42, 0x0)
socket$nl_netfilter(0x10, 0x3, 0xc)
socket$inet_sctp(0x2, 0x5, 0x84)
socket$inet6_sctp(0xa, 0x5, 0x84)
socket$inet6_sctp(0xa, 0x5, 0x84)
socket$can_j1939(0x1d, 0x2, 0x7)
r0 = socket$nl_route(0x10, 0x3, 0x0)
sendmsg$nl_route(r0, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000200)={&(0x7f00000001c0)=ANY=[@ANYBLOB="3c00000010001ffe00989837a182138b00268f1c", @ANYRES32=0x0, @ANYBLOB="ff7f000080000000140012800a00010076786c616e0000000400028008000a00", @ANYRES64=r0], 0x3c}, 0x1, 0x8000a0ffffffff}, 0x0)

4.964450359s ago: executing program 4 (id=9012):
socketpair$unix(0x1, 0x3, 0x0, &(0x7f0000000080)={<r0=>0xffffffffffffffff, <r1=>0xffffffffffffffff})
connect$unix(r0, &(0x7f000057eff8)=@abs, 0x6e)
sendmmsg$unix(r1, &(0x7f00000bd000), 0x318, 0x0)
recvmmsg(r0, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
sched_setattr(0x0, &(0x7f0000000280)={0x38, 0x5, 0x8, 0x8001, 0x0, 0x9, 0x0, 0xfffffe0000000001, 0xfa11, 0xffffffff}, 0x0)
r2 = bpf$MAP_CREATE_CONST_STR(0x0, &(0x7f0000000340)=ANY=[@ANYBLOB="0200000004000000080000000100000080"], 0x48)
bpf$PROG_LOAD(0x5, &(0x7f0000000380)={0x1, 0x10, &(0x7f0000000440)=ANY=[@ANYBLOB="18000000000100000000000000010000b7080000000000007b8af8ff00000000b7080000001000007b8af0ff00000000bfa100000000000007010000f8ffffffbfa400000000000007040000f0ffffffb70200000800000018230000", @ANYRES32=r2, @ANYBLOB="0000000000000000b70500000800000085000000b60000009500000000e90000"], &(0x7f0000000100)='GPL\x00', 0x0, 0x0, 0x0, 0x41100, 0x0, '\x00', 0x0, @fallback=0x20, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
sendmsg$nl_route(0xffffffffffffffff, 0x0, 0x20041804)
sendto$inet(0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0)
sendto$inet6(0xffffffffffffffff, &(0x7f0000000200), 0x0, 0x4000050, 0x0, 0x0)
setsockopt$inet_sctp6_SCTP_STREAM_SCHEDULER(0xffffffffffffffff, 0x84, 0x7b, 0x0, 0x0)
r3 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000000)='hugetlb.1GB.usage_in_bytes\x00', 0x275a, 0x0)
write$binfmt_script(r3, &(0x7f00000004c0), 0x208e24b)
ioctl$AUTOFS_DEV_IOCTL_ASKUMOUNT(r3, 0xc018937d, &(0x7f0000000140)={{0x1, 0x1, 0x18, <r4=>r1, {0x2}}, './file0\x00'})
ioctl$FS_IOC_FSGETXATTR(r4, 0x801c581f, &(0x7f0000000240)={0x3, 0x97d9, 0x3, 0x2, 0x2})
r5 = openat$kvm(0xffffff9c, &(0x7f00000000c0), 0x800, 0x0)
r6 = ioctl$KVM_CREATE_VM(r5, 0xae01, 0x0)
sendmsg$DEVLINK_CMD_TRAP_GET(0xffffffffffffffff, &(0x7f0000000200)={&(0x7f0000000180)={0x10, 0x0, 0x0, 0x40000000}, 0xc, &(0x7f00000001c0)={&(0x7f0000000500)=ANY=[@ANYBLOB="fc0300", @ANYRES16=0x0], 0xfc}, 0x1, 0x0, 0x0, 0x8000}, 0x4008800)
r7 = ioctl$KVM_CREATE_VCPU(r6, 0xae41, 0x0)
ioctl$KVM_SET_USER_MEMORY_REGION(r6, 0x4020ae46, &(0x7f0000000080)={0x0, 0x2, 0x0, 0x2000, &(0x7f0000000000/0x2000)=nil})
ioctl$KVM_SET_PIT(r6, 0x8048ae66, &(0x7f0000000000)={[{0x4, 0x200, 0x8, 0x4f, 0x82, 0x7, 0xc0, 0x1, 0xff, 0x6, 0xc, 0x4, 0x9}, {0x37f, 0xaef3, 0x0, 0x8, 0x4, 0x1, 0x8, 0x3, 0x8, 0x13, 0x1, 0x6, 0x10005}, {0x0, 0x7, 0x10, 0x10, 0x25, 0x2, 0x0, 0xfb, 0x4, 0x15, 0x3, 0x3, 0x40000000000002}], 0x9})
connect$vsock_stream(0xffffffffffffffff, &(0x7f0000000000)={0x28, 0x0, 0x0, @local}, 0x10)
ioctl$KVM_SET_REGS(r7, 0x4090ae82, 0x0)
ioctl$KVM_RUN(r7, 0xae80, 0x0)
ioctl$KVM_RUN(r7, 0xae80, 0x0)
ioctl$KVM_RUN(r7, 0xae80, 0x0)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0x200000a, 0x28011, r3, 0x0)
madvise(&(0x7f0000000000/0x600000)=nil, 0x600003, 0x15)
cachestat(r3, &(0x7f0000000040), &(0x7f000009de80), 0x0)

4.716264152s ago: executing program 1 (id=9013):
unshare(0x6a040000)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0x3, 0x8031, 0xffffffffffffffff, 0x0)
r0 = fsopen(&(0x7f00000003c0)='cgroup2\x00', 0x0)
fsconfig$FSCONFIG_CMD_CREATE(r0, 0x6, 0x0, 0x0, 0x0)
r1 = fsmount(r0, 0x0, 0x0)
r2 = io_uring_setup(0xdac, &(0x7f0000000180))
close_range(r2, 0xffffffffffffffff, 0x0)
r3 = openat$audio(0xffffffffffffff9c, &(0x7f0000000040), 0x0, 0x0)
readv(r3, &(0x7f00000002c0)=[{&(0x7f0000000780)=""/4096, 0x1000}], 0x20)
openat$cgroup_pressure(r1, &(0x7f0000000080)='cpu.pressure\x00', 0x2, 0x0)
sendmsg$nl_generic(0xffffffffffffffff, 0x0, 0x20000000)
close_range(0xffffffffffffffff, 0xffffffffffffffff, 0x0)

4.687917946s ago: executing program 3 (id=9014):
prctl$PR_SET_SYSCALL_USER_DISPATCH_ON(0x3b, 0x1, 0x0, 0x1, &(0x7f0000006680))
syz_genetlink_get_family_id$tipc(&(0x7f0000000040), 0xffffffffffffffff)
r0 = getpid()
ioprio_get$pid(0x2, r0)

4.427966468s ago: executing program 3 (id=9015):
r0 = syz_usb_connect(0x0, 0x3f, 0x0, 0x0)
syz_usb_control_io$uac1(r0, 0x0, &(0x7f00000009c0)={0x44, &(0x7f0000000700)={0x40, 0x0, 0xf, "012720dcfe14c639a500ba17162716"}, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0})
syz_usb_control_io$uac1(r0, 0x0, &(0x7f0000000380)={0x44, &(0x7f0000000180)={0x0, 0x15, 0x2, "c4a0"}, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0})
r1 = syz_open_dev$char_usb(0xc, 0xb4, 0x0)
ioctl$EVIOCGMASK(r1, 0x5b14, 0x0)

3.611877871s ago: executing program 3 (id=9016):
prctl$PR_SET_SECCOMP(0x16, 0x2, &(0x7f0000000080)={0x1, &(0x7f0000000040)=[{0x200000000006, 0x0, 0x0, 0x7ffc0002}]})
syz_open_dev$vbi(0x0, 0x3, 0x2)
socketpair$unix(0x1, 0x3, 0x0, &(0x7f0000000080)={<r0=>0xffffffffffffffff, <r1=>0xffffffffffffffff})
connect$unix(r0, &(0x7f000057eff8)=@abs, 0x6e)
sendmmsg$unix(r1, &(0x7f00000bd000), 0x318, 0x0)
recvmmsg(r0, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
sched_setattr(0x0, &(0x7f0000000280)={0x38, 0x5, 0x8, 0x8001, 0x0, 0x9, 0x0, 0xfffffe0000000001, 0xfa11, 0xffffffff}, 0x0)
openat$vimc2(0xffffffffffffff9c, 0x0, 0x2, 0x0)
r2 = socket(0x2c, 0x80805, 0xffffffff)
sendmsg$ETHTOOL_MSG_DEBUG_SET(0xffffffffffffffff, 0x0, 0x0)
socket$inet_udp(0x2, 0x2, 0x0)
ioctl$KVM_CREATE_VM(0xffffffffffffffff, 0xae01, 0x16)
mmap(&(0x7f0000000000/0xff5000)=nil, 0xff5000, 0x2, 0x4c831, 0xffffffffffffffff, 0x1000000)
r3 = openat$nullb(0xffffffffffffff9c, &(0x7f0000000080), 0x4000000004002, 0x0)
r4 = syz_io_uring_setup(0x9c1, &(0x7f00000002c0)={0x0, 0x200002f, 0x1, 0x1000, 0x100020c}, &(0x7f0000000040)=<r5=>0x0, &(0x7f00000000c0)=<r6=>0x0)
syz_memcpy_off$IO_URING_METADATA_GENERIC(r5, 0x4, &(0x7f0000000180)=0xfffffffc, 0x0, 0x4)
syz_io_uring_submit(r5, r6, &(0x7f0000000200)=@IORING_OP_READV=@pass_iovec={0x1, 0x0, 0x0, @fd=r3, 0xc000000, &(0x7f0000000000)=[{0x0}], 0x1, 0x1a})
syz_genetlink_get_family_id$fou(&(0x7f0000000140), r2)
write$UHID_CREATE2(0xffffffffffffffff, &(0x7f0000000180)=ANY=[], 0x118)
mmap(&(0x7f0000000000/0x3000)=nil, 0x3000, 0x5, 0x12, 0xffffffffffffffff, 0x0)
ioctl$UFFDIO_REGISTER(0xffffffffffffffff, 0xc020aa00, &(0x7f0000000000)={{&(0x7f0000ffd000/0x1000)=nil, 0x1000}, 0x1})
ioctl$UFFDIO_API(0xffffffffffffffff, 0xc018aa3f, &(0x7f0000000100)={0xaa, 0x341})
io_uring_enter(r4, 0x847ba, 0x0, 0xe, 0x0, 0xfffffffffffffe76)

3.154776856s ago: executing program 1 (id=9018):
r0 = openat$tun(0xffffffffffffff9c, &(0x7f0000000000), 0x40241, 0x0)
r1 = socket$packet(0x11, 0x3, 0x300)
bind$packet(r1, &(0x7f00000002c0)={0x11, 0xf5, 0x0, 0x1, 0x1, 0x6, @multicast}, 0x14)
ioctl$TUNSETIFF(r0, 0x400454ca, &(0x7f0000000200)={'syzkaller1\x00', 0xc201})
r2 = socket$kcm(0x2, 0xa, 0x2)
ioctl$SIOCSIFHWADDR(r2, 0x8914, &(0x7f0000000180)={'syzkaller1\x00', @link_local})
sendmsg$NFT_BATCH(0xffffffffffffffff, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000580)=ANY=[@ANYBLOB="140000001000010000000000000000000100000a20000000000a01040000000000000000010080030900010073797a30000000002c000000030a01010000000000000000010000000900010073797a30000000000900030073797a310000000070000000060a010400000000000000000100000008000b400000000048000480440001800b0001006578746864720000340002"], 0x248}}, 0x0)
r3 = fsopen(&(0x7f0000000000)='udf\x00', 0x1)
fsconfig$FSCONFIG_SET_STRING(r3, 0x1, &(0x7f0000000240)='uid', &(0x7f00000008c0)='-\x00#\x00\xd0\x00 \x00\x00qS\x00\x00\x00\x00\x00\x00\x00\x00$\xf6_\xbdI\x1c\xf2\xa9]\xcc\xe0*\xef\x01\x8d\x15\xd2h\x93\xc9\xb57\xc3\xea\\Eb\xf8\xe6,\xdf\xd4\xfae\x84\xcc\xd5\"d\xf0D-\x98\x9f\x81{\xfc$\xc4\xbcF\xf8\xc8\x8d\xcb\xb8\xf2\x1e\xe4\'U\xb3\xb8\xd3\xe6\xd7\x80=\x8a\xeb\n\xb8_\xe8\x96YY\xe3\xc7\xe6\xf28\x19\xa6\xa7\xfa\xdb\x1ce\xc1\x03\x86J\xb2fh\x19\xee#\xcc\x0f\xed\xfea\xdc\x88\xcb%bW\xd35\xda=\xac\x1d\xae\x93\xfd\'T6\x94\n\xa4\x9cU\xc4\fA~[\xbf\x8b\x90\xfe\x04\xe7U\xf3h\x81\x14l7u\x95\x96t\\\x0f\xef;\x03\xa4C\xbc(Vc!a\xc1\xe39\xc6b\x905\x1f\x03\x00\x00\x00\x00\x00\x00\xdf9\xaf5\xc8a:z\xe4\xcbag&67\x814\xf6}\xe10v6l\xd6,\x1e\xa0\xcc\xbf\xfdkm\b?\x839\x85N\x1c\xc1\xcb\xfc\x85\xd2\n\x02\"\xf2\x81g\x90\x01n%\x7f_\xe1.f>>\xa5\xfb\"\xab\xdb\x06\x12e\x14\x11~\x9a\bR-\x85\xc3\xa9\xe6\xf6R\x11\"\xc3\xc9\xfc\x14s X\xec\xdd\xc2qB\x85\xf0\xd7\x04\xdd<\x9ak\x00\x00\x00\x00\x00\x00\x00\n\xa72\xa3\xef^\xe7\x8f', 0x0)
write$tun(r0, &(0x7f0000000600)=ANY=[@ANYBLOB="1c0000f5"], 0xfdef)
r4 = socket$nl_route(0x10, 0x3, 0x0)
sendmsg$nl_route(r4, &(0x7f0000000200)={0x0, 0x0, &(0x7f0000000180)={&(0x7f0000000040)=ANY=[@ANYBLOB="700000001000ffff25bd7000fddbdf2500000000", @ANYRES32=0x0, @ANYBLOB="920a050000000000480012800e0001006970366772657461700000003400028014000700ff02000000000000000000000000000114000600fe80000000000000000000000000003508000100", @ANYRES32, @ANYBLOB="08000400b66601"], 0x70}, 0x1, 0x0, 0x0, 0x4000080}, 0x20048004)

3.081755104s ago: executing program 4 (id=9019):
r0 = openat$tun(0xffffffffffffff9c, &(0x7f0000000240), 0x0, 0x0)
ioctl$TUNSETIFF(r0, 0x400454ca, &(0x7f0000000040)={'syzkaller0\x00', 0x7101})
r1 = socket(0x400000000010, 0x3, 0x0)
r2 = socket$unix(0x1, 0x1, 0x0)
ioctl$sock_SIOCGIFINDEX(r2, 0x8933, &(0x7f0000000100)={'syzkaller0\x00', <r3=>0x0})
sendmsg$nl_route_sched(r1, &(0x7f0000000bc0)={0x0, 0x0, &(0x7f0000000080)={&(0x7f00000005c0)=@newqdisc={0x38, 0x24, 0x4ee4e6a52ff56541, 0x70bd2a, 0xffffffff, {0x0, 0x0, 0x0, r3, {0x0, 0xfff1}, {0xffff, 0xffff}, {0x0, 0x2}}, [@qdisc_kind_options=@q_multiq={{0xb}, {0x8, 0x2, {0x0, 0x3}}}]}, 0x38}}, 0x0)
sendmsg$nl_route_sched(r1, &(0x7f0000000580)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000001800)=@newtfilter={0x8bc, 0x2c, 0xd27, 0x30bd29, 0x25dfdc00, {0x0, 0x0, 0x0, r3, {0x0, 0x4}, {}, {0x8}}, [@filter_kind_options=@f_matchall={{0xd}, {0x888, 0x2, [@TCA_MATCHALL_ACT={0x884, 0x2, [@m_police={0x880, 0x1, 0x0, 0x0, {{0xb}, {0x854, 0x2, 0x0, 0x1, [[@TCA_POLICE_PEAKRATE={0x404, 0x3, [0x1080, 0x4, 0xec2, 0x6, 0x8, 0x400, 0x5, 0x1, 0x7, 0x470, 0x487, 0x100, 0xa99, 0xffffff01, 0x5, 0x37f, 0x8, 0x6, 0x3, 0x3, 0x800, 0xd2f5, 0x40, 0x7, 0x4, 0x5, 0x7, 0x12, 0x2, 0x8, 0x101, 0xffffffff, 0x2, 0x10000, 0xa6, 0x3, 0x10000, 0x5, 0x4, 0x0, 0x3, 0x0, 0xd, 0x6, 0x98, 0x8, 0x6, 0x9, 0x1000, 0xb3000, 0xf, 0x3, 0x9, 0xb4, 0x94d, 0x9, 0x8, 0x6, 0x100, 0xec0, 0xffff, 0x4, 0x2, 0x3ff, 0x3e, 0xb828, 0x0, 0x0, 0x365, 0x8, 0x8, 0xf, 0x1, 0xfffffffe, 0xfffffff6, 0x93, 0x7ff, 0x92, 0xfffffff9, 0x7, 0xfffffffc, 0x7ff, 0x9, 0x2, 0x0, 0x2, 0x8, 0x4, 0x3, 0x9, 0xc, 0x0, 0x3, 0x3, 0x400, 0x100000, 0x7f, 0x2, 0x8, 0x4, 0x7, 0x4, 0x7, 0xfffffffa, 0x101, 0xadd9, 0x1, 0x0, 0x7, 0x7fffffff, 0x2, 0x4, 0x0, 0x5, 0x4, 0x3, 0x8, 0x9, 0x6, 0x6, 0x2, 0xb, 0x3, 0x7f, 0xffff, 0x401, 0x1685, 0xa252, 0x2, 0x200, 0x3, 0x1, 0x400, 0xfffffffc, 0xfffffffc, 0x1000, 0x7ff, 0x1, 0x1f6, 0x751, 0x7, 0x40000000, 0x4, 0xffffdbb7, 0x50, 0xf, 0xf, 0xe, 0x3, 0x0, 0x81, 0xfff80000, 0x7a7, 0x1, 0x6, 0x3, 0x8, 0x7, 0x5, 0x2, 0x0, 0x4e8, 0x80, 0x3, 0x8, 0x5, 0x0, 0x5, 0x7fff, 0x7, 0x8, 0x6a4941c5, 0x2ea567b4, 0x8, 0x80000000, 0x6, 0x40, 0x2, 0xfff, 0x8, 0x3, 0x1, 0x1, 0x0, 0x0, 0xd3bed341, 0x691f, 0x0, 0x2, 0x9, 0x6, 0x0, 0x1ff, 0x3, 0x3, 0x6, 0x5fc8462f, 0x0, 0x7, 0xffff, 0xfffffffc, 0x5, 0x0, 0xb9a6, 0x522, 0x2, 0x2, 0x900, 0x8, 0xbb99, 0xb8000000, 0x8, 0xffffff01, 0xc0a1, 0x8, 0x8, 0x7, 0x59, 0x9, 0x2, 0x101, 0x5f502dc7, 0x7, 0x0, 0x4, 0x6, 0x80000001, 0x3, 0xffffff97, 0x2, 0xfff, 0x1, 0x40, 0x8, 0x3, 0x710, 0x8, 0x1, 0xfffff339, 0x3, 0x8001, 0x1, 0x8001, 0x9, 0x8, 0xfffffffa, 0x8, 0x9, 0x3, 0xe, 0x10000, 0x9, 0x9, 0x7, 0xfffffff8]}, @TCA_POLICE_TBF={0x3c, 0x1, {0xfffffe00, 0x20000000, 0x5, 0x1, 0xdbec, {0x8, 0x0, 0xb55, 0x5, 0x7, 0x5}, {0x6, 0x0, 0xd, 0x5, 0x1, 0x5d17}, 0x2, 0x0, 0x6}}], [@TCA_POLICE_PEAKRATE64={0xc, 0x9, 0x8}, @TCA_POLICE_RATE={0x404, 0x2, [0x8, 0x2, 0x8, 0x6a5, 0x5, 0x0, 0x8000, 0xffff, 0x1ff, 0x4, 0x5, 0x4000, 0x854, 0x3, 0x0, 0xc, 0x4, 0xe67, 0x4, 0x1, 0x6, 0x5a5d, 0x1ff, 0x3, 0xf2, 0x400, 0x5, 0x7, 0x27e023bb, 0x1, 0x3, 0x8, 0x0, 0x4, 0x6, 0x2, 0x8, 0x94f, 0x7, 0xffffffff, 0x9, 0x401, 0x9, 0x80000000, 0x4, 0x1, 0x80000000, 0x1, 0x3, 0x148, 0x217d, 0x3, 0x8000000, 0x7, 0x7, 0x6, 0xb, 0x9, 0x1, 0xa, 0x3, 0x7fffffff, 0x5, 0x8, 0x7, 0x9, 0xffffffff, 0x2, 0x4, 0xb3f5, 0x161, 0x0, 0x5, 0x1, 0x6, 0xfffffffd, 0x87fa, 0x3b, 0x4, 0xd7b, 0x9, 0x4, 0x800, 0x7fff, 0x3, 0x1, 0x6, 0x0, 0xe018, 0x3, 0xffff, 0x8, 0x9, 0x0, 0x4, 0x9, 0x1, 0x1ff, 0xf60, 0x0, 0x3, 0x8, 0x5, 0x3, 0x1, 0xfffffff9, 0x2, 0x15, 0x6856a768, 0x6, 0x5da0649a, 0x0, 0xd8, 0x1000, 0x103, 0x8001, 0x3, 0x9, 0x1e1b, 0xd, 0x9, 0x8b74, 0x7, 0x8, 0x6, 0x1, 0x1, 0x401, 0x40, 0x8, 0x7, 0x2, 0xffff, 0x4, 0xffff05f3, 0x0, 0x7, 0xd, 0xfffff76b, 0xffffffff, 0x6, 0xb, 0x4, 0x5, 0x1, 0xa, 0x5, 0x20e, 0xd17, 0x11d, 0x5, 0x6, 0x9, 0x8, 0xe, 0x6, 0x6, 0x2, 0x4, 0x3, 0x6, 0x2, 0x6a, 0x7fff, 0x1c0000, 0x2, 0x2, 0x5, 0x7b, 0x8, 0x8, 0x1db, 0x8, 0xc, 0x7, 0x7, 0x0, 0x8, 0x1, 0x5, 0x6, 0x1ff, 0xb, 0x3, 0x80, 0x200, 0x1800000, 0x0, 0xb14, 0x5, 0x26, 0x8, 0x9, 0x6, 0x5, 0x7, 0x1, 0x92, 0x3, 0x6, 0x1, 0x7, 0x9, 0x7fff, 0x14, 0xfffffffd, 0x7f, 0x7, 0x1, 0x7ff, 0x0, 0x8, 0x7, 0xff, 0x4, 0x3ff, 0x7, 0xfffffffa, 0xae, 0x4, 0x40, 0xfffffffc, 0xfffff0c7, 0x80000000, 0x8, 0x9, 0x2, 0xfffffff5, 0x1, 0x6b, 0x0, 0xfffffff9, 0x5, 0xfffff000, 0x0, 0x3231248a, 0x7f, 0x318, 0x3aef, 0x5, 0x2, 0x8, 0xfff, 0x1, 0x2f, 0x7fffffff, 0x0, 0x7, 0x1, 0x8e7, 0x7, 0x91, 0x6f2, 0x822, 0x5, 0x7f]}]]}, {0x4}, {0xc}, {0xc, 0x8, {0x0, 0x3}}}}]}]}}]}, 0x8bc}, 0x1, 0x0, 0x0, 0x10}, 0x0)
read$FUSE(0xffffffffffffffff, &(0x7f0000006380)={0x2020}, 0x2020)
r4 = socket$netlink(0x10, 0x3, 0x0)
r5 = openat$tun(0xffffffffffffff9c, &(0x7f0000000100), 0x0, 0x0)
syz_usb_connect(0x0, 0x2d, &(0x7f0000000000)={{0x12, 0x1, 0x0, 0x0, 0x3d, 0x79, 0x40, 0x1ac7, 0x1, 0xcc19, 0x1, 0x2, 0x3, 0x1, [{{0x9, 0x2, 0x1b, 0x1, 0x0, 0x0, 0x0, 0x0, [{{0x9, 0x4, 0x0, 0x0, 0x1, 0x93, 0x2c, 0xf4, 0x0, [], [{{0x9, 0x5, 0x88}}]}}]}}]}}, 0x0)
ioctl$TUNSETIFF(r5, 0x400454ca, &(0x7f0000000040)={'syzkaller0\x00', 0x2})
r6 = socket$nl_route(0x10, 0x3, 0x0)
socket$inet_sctp(0x2, 0x1, 0x84)
sendmsg$nl_route_sched(r6, &(0x7f0000000000)={0x0, 0x0, &(0x7f00000001c0)={&(0x7f0000000440)=@newqdisc={0x4c, 0x24, 0x4ee4e6a52ff56541, 0x0, 0x8000000, {0x0, 0x0, 0x0, 0x0, {0x0, 0xb}, {0xffff, 0xffff}, {0xfff2}}, [@qdisc_kind_options=@q_netem={{0xa}, {0x1c, 0x2, {{0x10100, 0x7, 0x6361, 0x5, 0xfffffffd, 0x6}}}}]}, 0x4c}, 0x1, 0x0, 0x0, 0x20000001}, 0x0)
sendmsg$nl_route(r4, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000540)={&(0x7f0000008c80)=ANY=[@ANYBLOB="2c00000026000506"], 0x2c}}, 0x800)
recvmmsg(r4, &(0x7f0000007700), 0x318, 0xfc0, 0x0)

2.692361554s ago: executing program 2 (id=9020):
r0 = socket$nl_route(0x10, 0x3, 0x0)
ioctl$sock_SIOCGIFINDEX(r0, 0x8933, &(0x7f0000000240)={'veth1_to_bridge\x00', <r1=>0x0})
sendmsg$nl_route_sched(r0, 0x0, 0x0)
sendmsg$nl_route_sched(r0, &(0x7f0000000200)={0x0, 0x0, &(0x7f00000002c0)={&(0x7f0000000040)=@newqdisc={0x24, 0x24, 0x4ee4e6a52ff56541, 0x70b926, 0x80000, {0x0, 0x0, 0x0, r1, {0x0, 0xffed}, {0xf, 0xb}, {0xd, 0xb}}}, 0x24}, 0x1, 0x0, 0x0, 0x8021}, 0x24008084) (fail_nth: 3)

2.619551932s ago: executing program 2 (id=9021):
syz_emit_ethernet(0x2a, &(0x7f0000000300)=ANY=[@ANYBLOB="e90c630faca2aaaaaaaaaabb08004500001c0000e024001190780002000000faffffff00000000089078"], 0x0)
syz_open_dev$tty1(0xc, 0x4, 0x3)

2.516761s ago: executing program 2 (id=9022):
r0 = openat$sysctl(0xffffffffffffff9c, &(0x7f0000000040)='/proc/sys/vm/drop_caches\x00', 0x1, 0x0)
r1 = openat$binderfs(0xffffffffffffff9c, &(0x7f00000000c0)='./binderfs/binder0\x00', 0x0, 0x0)
ioctl$BINDER_SET_CONTEXT_MGR_EXT(r1, 0x4018620d, &(0x7f0000000100))
r2 = openat$binderfs(0xffffffffffffff9c, &(0x7f0000000180)='./binderfs/binder0\x00', 0x0, 0x0)
ioctl$BINDER_WRITE_READ(r2, 0xc0306201, &(0x7f0000000080)={0x8, 0x0, &(0x7f0000000400)=[@increfs], 0x0, 0x0, 0x0})
r3 = dup3(r2, r1, 0x0)
r4 = openat$binderfs(0xffffffffffffff9c, &(0x7f0000000040)='./binderfs/binder0\x00', 0x0, 0x0)
mmap$binder(&(0x7f0000ffd000/0x3000)=nil, 0x3000, 0x1, 0x11, r4, 0x0)
ioctl$BINDER_SET_CONTEXT_MGR_EXT(r4, 0x4018620d, &(0x7f0000000040))
ioctl$BINDER_WRITE_READ(r3, 0xc0306201, &(0x7f00000003c0)={0x8, 0x0, &(0x7f0000000000)=[@acquire], 0x0, 0x0, 0x0})
ioctl$BINDER_WRITE_READ(r2, 0xc0306201, &(0x7f00000001c0)={0x4c, 0x0, &(0x7f0000000740)=[@transaction_sg={0x40486311, {0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3000, 0x0, 0x0, 0x0}}], 0x0, 0x0, 0x0})
mmap(&(0x7f0000000000/0xff5000)=nil, 0xff5000, 0x2, 0x4c831, 0xffffffffffffffff, 0x0)
writev(r0, &(0x7f00000000c0)=[{&(0x7f0000000140)='2', 0x3f}], 0x1)

2.440015794s ago: executing program 3 (id=9023):
openat$rfkill(0xffffffffffffff9c, 0x0, 0x801, 0x0) (async)
socket(0xa, 0x3, 0x3a) (async, rerun: 32)
socketpair$unix(0x1, 0x3, 0x0, &(0x7f0000000080)={<r0=>0xffffffffffffffff, <r1=>0xffffffffffffffff}) (rerun: 32)
connect$unix(r0, &(0x7f000057eff8)=@abs, 0x6e)
sendmmsg$unix(r1, &(0x7f00000bd000), 0x318, 0x0) (async)
recvmmsg(r0, &(0x7f00000000c0), 0x10106, 0x2, 0x0) (async, rerun: 32)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0) (async, rerun: 32)
sched_setattr(0x0, &(0x7f0000000280)={0x38, 0x5, 0x8, 0x8001, 0x0, 0x9, 0x0, 0xfffffe0000000001, 0xfa11, 0xffffffff}, 0x0) (async)
ioctl$VIDIOC_S_FMT(0xffffffffffffffff, 0xc0d05605, 0x0) (async)
r2 = openat$vimc2(0xffffffffffffff9c, &(0x7f0000000180), 0x2, 0x0)
r3 = openat$iommufd(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0)
ioctl$IOMMU_TEST_OP_MOCK_DOMAIN_FLAGS(r3, 0x3ba0, &(0x7f0000000200)={0x48, 0x2, 0x0, 0x0, 0x0, <r4=>0x0})
r5 = openat$fb0(0xffffffffffffff9c, &(0x7f0000000040), 0x22902, 0x0)
ioctl$FBIOBLANK(r5, 0x4611, 0x3) (async)
r6 = socket(0x10, 0x3, 0x0)
setsockopt$netlink_NETLINK_TX_RING(r6, 0x10e, 0xc, &(0x7f0000000040)={0x8604}, 0x10) (async)
sendmsg$nl_route(r6, &(0x7f0000000140)={0x0, 0x0, &(0x7f0000000100)={&(0x7f00000005c0)=ANY=[@ANYBLOB="240000001a006949fc420300000000001c000000ff0000040000000008000410", @ANYRES32=0x0, @ANYBLOB], 0x24}, 0x1, 0x0, 0x0, 0x4040}, 0x0) (async, rerun: 64)
ioctl$FBIO_WAITFORVSYNC(r5, 0x40044620, 0x0) (async, rerun: 64)
ioctl$IOMMU_IOAS_ALLOC(r3, 0x3b81, &(0x7f00000002c0)={0xfffffffffffffdf2})
ioctl$IOMMU_HWPT_SET_DIRTY_TRACKING(r3, 0x3b8b, &(0x7f0000000040)={0x10, 0x1}) (async)
sendmsg$kcm(0xffffffffffffffff, &(0x7f0000000000)={0x0, 0x0, 0x0, 0x0, 0x0, 0x10b8}, 0xff00)
r7 = socket$netlink(0x10, 0x3, 0x0)
sendmsg$nl_route(r7, &(0x7f0000000100)={0x0, 0x0, &(0x7f0000000180)={&(0x7f00000001c0)=@newlink={0x38, 0x10, 0x503, 0x70bd29, 0xfffffffc, {0x0, 0x0, 0x0, 0x0, 0x68315}, [@IFLA_LINKINFO={0x18, 0x12, 0x0, 0x1, @vti={{0x8}, {0xc, 0x2, 0x0, 0x1, [@IFLA_VTI_LOCAL={0x8, 0x4, @broadcast}]}}}]}, 0x38}}, 0x0) (async, rerun: 64)
socket$kcm(0xa, 0x5, 0x0) (async, rerun: 64)
socket$kcm(0xa, 0x2, 0x0)
ioctl$IOMMU_DESTROY$hwpt(0xffffffffffffffff, 0x3b80, &(0x7f00000001c0)={0x8, r4}) (async)
ioctl$VIDIOC_CREATE_BUFS(r2, 0xc100565c, 0x0)
mmap(&(0x7f0000000000/0xfbe000)=nil, 0xfbe000, 0xb, 0x31, 0xffffffffffffffff, 0x0) (async)
r8 = io_uring_setup(0x549c, &(0x7f00000004c0)={0x0, 0xdd98, 0x2, 0xfffffffe, 0xf0})
io_uring_register$IORING_REGISTER_IOWQ_MAX_WORKERS(r8, 0x13, &(0x7f00000003c0)=[0x6000, 0x8], 0x2)

2.316980623s ago: executing program 1 (id=9024):
open(&(0x7f0000000280)='.\x00', 0x0, 0x0)
r0 = openat$dsp(0xffffffffffffff9c, &(0x7f0000000000), 0x42f82, 0x0)
r1 = syz_io_uring_setup(0xbdc, &(0x7f0000000440)={0x0, 0xec24, 0x80, 0x2, 0x40000233}, &(0x7f00000006c0)=<r2=>0x0, &(0x7f0000000400)=<r3=>0x0)
socket$inet_mptcp(0x2, 0x1, 0x106)
r4 = socket$inet6_sctp(0xa, 0x5, 0x84)
sendmmsg$unix(0xffffffffffffffff, &(0x7f00000bd000), 0x318, 0x0)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
r5 = socket$can_j1939(0x1d, 0x2, 0x7)
getsockopt$inet_sctp6_SCTP_GET_ASSOC_NUMBER(r4, 0x84, 0x1c, &(0x7f0000000040), &(0x7f0000000080)=0x4)
setsockopt$SO_J1939_PROMISC(r5, 0x6b, 0x2, 0x0, 0x0)
syz_io_uring_submit(0x0, 0x0, &(0x7f0000000200)=@IORING_OP_READV=@pass_iovec={0x1, 0x0, 0x0, @fd_index=0x4, 0x0, 0x0})
io_uring_enter(0xffffffffffffffff, 0x847ba, 0x0, 0xe, 0x0, 0x0)
syz_memcpy_off$IO_URING_METADATA_GENERIC(r2, 0x4, &(0x7f0000000180)=0xfffffffc, 0x0, 0x4)
syz_io_uring_submit(r2, r3, &(0x7f0000000200)=@IORING_OP_READV=@pass_iovec={0x1, 0x0, 0x0, @fd_index=0x4, 0x0, &(0x7f0000000600)=[{&(0x7f0000001800)=""/216, 0xd8}], 0x1})
io_uring_enter(r1, 0x847ba, 0x0, 0xe, 0x0, 0x0)
ioctl$SNDCTL_DSP_SPEED(r0, 0xc0045002, &(0x7f0000000240))

2.255668742s ago: executing program 2 (id=9025):
r0 = openat$tun(0xffffffffffffff9c, &(0x7f0000000100), 0x0, 0x0)
r1 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000140), 0xa0000, 0x0)
r2 = ioctl$KVM_CREATE_VM(r1, 0xae01, 0x0)
ioctl$KVM_CREATE_VCPU(r2, 0xae41, 0x0)
ioctl$KVM_CREATE_IRQCHIP(r2, 0xae60)
r3 = socket$key(0xf, 0x3, 0x2)
sendmsg$key(r3, &(0x7f0000000100)={0x3, 0x0, &(0x7f0000000080)={&(0x7f0000000000)=ANY=[@ANYBLOB="0203f3021600000000000000200000000200090008000000e9000000000000000300060000000000020000000000000000000000000000000200010000000000000003fcff000020030005000000000002000000041414aa00000000000000000a00080008"], 0xb0}, 0x1, 0x7}, 0x0)
r4 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000280)='cpuacct.usage_percpu\x00', 0x275a, 0x0)
write$UHID_CREATE2(r4, &(0x7f0000000040)=ANY=[], 0x118)
mmap(&(0x7f0000000000/0x3000)=nil, 0x3000, 0x88fd537e5c114b6e, 0x12, r4, 0x0)
ioctl$KVM_X86_SETUP_MCE(r4, 0x4008ae9c, &(0x7f0000000000)={0x1a, 0x3, 0x3c})
ioctl$UI_BEGIN_FF_UPLOAD(r4, 0xc06855c8, &(0x7f0000000180)={0xe, 0x0, {0x53, 0x5, 0x5b, {0x5, 0x4}, {0x40, 0xf041}, @cond=[{0x6, 0x5, 0xfff4, 0x4, 0xfff9}, {0xab9, 0x7, 0xe2, 0x7, 0x9, 0xa272}]}, {0x57, 0x10, 0x7fff, {0x8, 0x9}, {0x7, 0x2}, @cond=[{0x6, 0x400, 0x3, 0x3, 0x400, 0x2}, {0x1, 0x8000, 0x800, 0xe, 0x7ff, 0x6}]}})
r5 = socket(0x840000000002, 0x3, 0x100)
connect$inet(r5, &(0x7f0000000000)={0x2, 0x0, @dev}, 0x10)
mremap(&(0x7f0000000000/0x9000)=nil, 0x600600, 0x200000, 0x3, &(0x7f0000a00000/0x600000)=nil)
r6 = socket$xdp(0x2c, 0x3, 0x0)
mmap(&(0x7f0000000000/0x3000)=nil, 0x3000, 0x3000006, 0x12, r6, 0x0)
unshare(0x22020400)
r7 = bpf$MAP_CREATE(0x0, &(0x7f0000000100)=ANY=[@ANYBLOB="01000000080000000500000007"], 0x50)
bpf$MAP_GET_NEXT_KEY(0x4, &(0x7f00000001c0)={r7, &(0x7f0000000340), 0x0}, 0x20)
sendmmsg$inet(r5, &(0x7f0000005240), 0x4000095, 0x0)
setsockopt$inet_mreqsrc(r5, 0x0, 0x27, 0x0, 0x0)
ioctl$TUNSETIFF(r0, 0x400454ca, &(0x7f0000000040)={'syzkaller0\x00', 0x2})
r8 = openat$tun(0xffffffffffffff9c, &(0x7f0000000400), 0x0, 0x0)
close(r8)
r9 = socket$nl_generic(0x10, 0x3, 0x10)
r10 = syz_genetlink_get_family_id$tipc(&(0x7f00000000c0), r9)
sendmsg$TIPC_CMD_ENABLE_BEARER(r9, &(0x7f00000002c0)={0x0, 0x0, &(0x7f00000001c0)={&(0x7f0000000680)=ANY=[@ANYBLOB='8\x00\x00\x00', @ANYRES16=r10, @ANYBLOB="010000000d0000000000010000000000000001410000001c001700000000000000006574683a73797a6b616c6c657230"], 0x38}, 0x1, 0x0, 0x0, 0x44081}, 0x0)
ioctl$SIOCSIFHWADDR(r8, 0x8914, &(0x7f0000002280)={'syzkaller0\x00', @multicast})
openat$tun(0xffffffffffffff9c, &(0x7f0000000080), 0x100, 0x0)

1.832414939s ago: executing program 1 (id=9026):
r0 = socket$nl_xfrm(0x10, 0x3, 0x6)
sendmsg$nl_xfrm(r0, &(0x7f0000000580)={0x0, 0x0, &(0x7f0000000180)={&(0x7f0000000000)=ANY=[@ANYBLOB="b80000001300e9990000000000001000e0000001000000000000000000000000e000000100000000000000000003000000000000000000000200001000"], 0xb8}}, 0x0)

1.556063281s ago: executing program 1 (id=9027):
socketpair$unix(0x1, 0x3, 0x0, &(0x7f0000000080)={<r0=>0xffffffffffffffff, <r1=>0xffffffffffffffff})
connect$unix(r0, &(0x7f000057eff8)=@abs, 0x6e)
sendmmsg$unix(r1, &(0x7f00000bd000), 0x318, 0x0)
recvmmsg(r0, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
ioctl$sock_SIOCGIFCONF(r0, 0x8912, &(0x7f00000003c0)=@req={0x28, &(0x7f00000001c0)={'veth1_to_bridge\x00', @ifru_names='team0\x00'}})
recvmsg(0xffffffffffffffff, 0x0, 0x0)
sendmsg$tipc(0xffffffffffffffff, &(0x7f0000000240)={0x0, 0x0, &(0x7f0000000200)=[{&(0x7f0000000140)}], 0x1, 0x0, 0x0, 0x4002}, 0x4000004)
epoll_pwait2(0xffffffffffffffff, &(0x7f0000000440)=[{}, {}, {}], 0x3, &(0x7f0000000480)={0x0, 0x3938700}, &(0x7f00000004c0)={[0x800]}, 0x8)
r2 = syz_open_dev$sg(&(0x7f0000000000), 0x0, 0x400)
ioctl$SG_IO(r2, 0x2285, 0x0)
r3 = socket$netlink(0x10, 0x3, 0x10)
bind$netlink(r3, &(0x7f0000514ff4)={0x10, 0x0, 0x0, 0x2ffffffff}, 0xc)
r4 = socket$kcm(0x10, 0x2, 0x0)
sendmsg$kcm(r4, 0x0, 0x40)
sendmsg$kcm(r4, &(0x7f0000000600)={0x0, 0xa00, &(0x7f0000000080)=[{&(0x7f0000000040)="2e00000010008188040f80ec59acbc0413a1f848110000005e140602000000000e000a000f00000002800000121f", 0x2e}], 0x1}, 0x8000)
sendmsg(0xffffffffffffffff, &(0x7f0000000340)={0x0, 0x0, 0x0, 0x0, 0x0, 0x53}, 0x4255c3da3914ee25)
sched_setattr(0x0, &(0x7f0000000180)={0x38, 0x0, 0x6, 0x1, 0x0, 0xb49, 0x9, 0x8, 0x0, 0x3}, 0x0)
sendmsg$NFULNL_MSG_CONFIG(0xffffffffffffffff, &(0x7f0000000300)={0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x1}, 0x0)
sendmsg$NFULNL_MSG_CONFIG(0xffffffffffffffff, &(0x7f0000000400)={0x0, 0x0, &(0x7f00000000c0)={0x0, 0x1c}}, 0x0)
syz_open_dev$vim2m(0x0, 0x4, 0x2)
r5 = openat$sndtimer(0xffffffffffffff9c, &(0x7f0000000380), 0x101040)
ioctl$SNDRV_TIMER_IOCTL_PARAMS(r5, 0x40505412, &(0x7f00000000c0)={0x4, 0x1d, 0x40, 0x0, 0x12})
syz_open_dev$evdev(&(0x7f00000000c0), 0x40, 0x0)
seccomp$SECCOMP_SET_MODE_FILTER_LISTENER(0x1, 0x0, &(0x7f0000000000)={0x0, 0x0})
r6 = syz_open_dev$dri(&(0x7f0000000000), 0x1ff, 0x0)
ioctl$DRM_IOCTL_MODE_CREATE_DUMB(r6, 0xc02064b2, &(0x7f0000000200)={0x8000, 0x101, 0x4})
r7 = syz_open_dev$dri(0x0, 0x1ff, 0x0)
ioctl$DRM_IOCTL_MODE_GETRESOURCES(r7, 0xc04064a0, &(0x7f0000000040)={0x0, &(0x7f00000002c0)=[<r8=>0x0], 0x0, 0x0, 0xfffffd52, 0x1})
ioctl$DRM_IOCTL_MODE_CURSOR(r6, 0xc01c64a3, &(0x7f0000000280)={0x1, r8, 0x1, 0x1, 0xa, 0x1ff, 0x1})

1.042521009s ago: executing program 3 (id=9028):
r0 = socket$nl_netfilter(0x10, 0x3, 0xc)
sendmsg$IPCTNL_MSG_CT_GET_CTRZERO(r0, &(0x7f0000000440)={0x0, 0x0, &(0x7f0000000040)={&(0x7f0000000080)=ANY=[@ANYBLOB="640000000301010100000000000000000a0000000c001980080002000d08000044000280140001"], 0x64}, 0x1, 0x0, 0x0, 0x4000004}, 0x44080)
r1 = socket$l2tp6(0xa, 0x2, 0x73)
socket$inet_mptcp(0x2, 0x1, 0x106)
openat$kvm(0x0, &(0x7f00000002c0), 0x102, 0x0)
eventfd2(0x8, 0x1)
socket$nl_route(0x10, 0x3, 0x0)
socket(0x10, 0x803, 0x0)
r2 = bpf$MAP_CREATE(0x0, &(0x7f00000000c0)=@base={0x1b, 0x0, 0x0, 0x8000}, 0x50)
bpf$PROG_LOAD(0x5, &(0x7f0000000700)={0x1, 0xf, &(0x7f00000007c0)=@ringbuf={{0x18, 0x0, 0x0, 0x0, 0xc}, {{0x18, 0x1, 0x1, 0x0, r2}}, {}, [], {{}, {0x7, 0x0, 0xb, 0x2, 0x0, 0x0, 0x2}, {0x85, 0x0, 0x0, 0x84}}}, &(0x7f0000000080)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
openat$tun(0xffffffffffffff9c, &(0x7f0000000240), 0x0, 0x0)
r3 = socket$alg(0x26, 0x5, 0x0)
bind$alg(r3, &(0x7f00000004c0)={0x26, 'skcipher\x00', 0x0, 0x0, 'cbc-serpent-sse2\x00'}, 0x58)
accept4(r3, 0x0, 0x0, 0x800)
socket$unix(0x1, 0x2, 0x0)
socket(0x400000000010, 0x3, 0x0)
socket$nl_generic(0x10, 0x3, 0x10)
socket$rds(0x15, 0x5, 0x0)
socket$nl_generic(0x10, 0x3, 0x10)
r4 = socket$nl_generic(0x10, 0x3, 0x10)
r5 = syz_genetlink_get_family_id$ethtool(&(0x7f00000000c0), 0xffffffffffffffff)
sendmsg$ETHTOOL_MSG_COALESCE_SET(r4, &(0x7f0000000540)={0x0, 0x0, &(0x7f0000000500)={&(0x7f0000000180)=ANY=[@ANYBLOB='\\\x00\x00\x00', @ANYRES16=r5, @ANYBLOB="010000000000000000001400000008000a00fc00000018000180140002006e657464657673696d300000000000000800080000fcffff0800090000000000080011000000000008000e00800000000800", @ANYRES64=r4], 0x5c}, 0x1, 0x0, 0x0, 0x800}, 0x0)
pread64(r1, &(0x7f00000000c0)=""/161, 0xa1, 0x120)

120.121907ms ago: executing program 2 (id=9029):
bpf$MAP_UPDATE_BATCH(0x1a, 0x0, 0x0)
ioctl$SIOCSIFHWADDR(0xffffffffffffffff, 0x8b34, &(0x7f0000000000)={'wlan1\x00', @random='\x00\x00\x00\x00\x00 '})
r0 = bpf$PROG_LOAD(0x5, &(0x7f0000000440)={0x11, 0x6, 0x0, &(0x7f0000000080)='GPL\x00', 0x5, 0xc3, &(0x7f000000cf3d)=""/195, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x6}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f00000000c0)={&(0x7f0000000080)='sched_switch\x00', r0}, 0x10)
bpf$PROG_LOAD(0x5, &(0x7f000000e000)={0x1, 0x4, &(0x7f0000000040)=@framed={{0xffffffb4, 0x5, 0x0, 0x0, 0x0, 0x79, 0x10, 0x86}, [@ldst={0x5}]}, &(0x7f0000003ff6)='GPL\x00', 0x5, 0xfd90, &(0x7f000000cf3d)=""/195, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x8, &(0x7f0000000000), 0x22e, 0x29, &(0x7f0000000000), 0x1dd}, 0x48)
r1 = bpf$BPF_BTF_LOAD(0x12, &(0x7f0000000140)={&(0x7f0000000040)={{0xeb9f, 0x1, 0x0, 0x18, 0x0, 0xc, 0xc, 0x2, [@func_proto]}}, 0x0, 0x26}, 0x20)
bpf$MAP_UPDATE_ELEM_TAIL_CALL(0x2, &(0x7f0000002500)={{}, &(0x7f0000000880), &(0x7f00000024c0)=r0}, 0x20)
bpf$PROG_LOAD(0x5, &(0x7f0000000080)={0x9, 0x4, &(0x7f00000008c0)=ANY=[@ANYBLOB="1800000000000000000000000000000061121a0000000000950000000000000051fa7824c74186dc02ec0696c37b64e3b24da3180100000005165c0f63cdc2e82818254950ee03568b8809a1ff4c7c4750eabfafcb9531b31e6a86827d1010c5a909ab98e00e19644a88e95ba26d1c9eecddb2d11c541418ceeb29b9b6829c6e433822bdb3cc85244aab60c1aae1314d7381fcfeb970bea672cf1e926f6a51479343144648a07a975bd89dc398712376610f6254f12495b4658319684387f6f3543205d4bc4ce05b8b961103673dff7f158052e62b20f05fd24108d8363d44fcd0f8f3647899762a17282a1914452d11f557c28f396eebdc858558db0276d14f9035f2b5f703e5be7e4acf8b78c2834ae5805fffee38a9a0033d520bcf6b08ede50899d4b9bdf85c71c5de2503dab358f42a2624c7daa9ed44039aab46419496362e54cfad05a0004ac71a003d7b85d07191bed4e5a890826300214146f7ed569985439baa355c2766dd056f5d79e454f3d873095e7a237bc06d035a8d601f21746d886419f38b34a495040000000071c2f0cce8c93cc17e9afa314fcb2ba15d646c66b0f65021829f87d988b4e2d71753b1549fa734f0b2e56dbd21ed2e09d0cddad721971637f384eed3034597c93e1c52f42cad0ed09c395dc6e9703660fefa1c80f467367c006f25caf0cbcefd13d68839893e39c588eb032905f91cafa4996dbf0c9be9654db05fb918086cc8228d02a3092c0830b8f587a5624515298b2d4eb2bde6f9a2eb83d53f717f13fa7552d92c51dbd32ea50c490ecd085d2811a7555c538cffffff7f00000000dd872244bfa64779e0f43a9c277e2910b7ccdc3d6726d34ad2101033a623ca2a49ad344884289130bc71cee2b7de62bf48129ae1af052a2d46a61625735a9eea7f793946b3229e861d8ea49806b3f7d4295f6b000000000000f337b1ceb2d8a65dcdcd895d7ba37098d2593fdaaef445af5bee02019c00000099b13ecda2a5b37de0519e974cba92ebaf0f701611a9b027ce04340bda4594cc9049c3f101629ab028145e004209ebe71a6fe84af50804000000000000004a27213354964e250a98fe357676f94b6947383e320fbb1118f586d5b9b1b977e1e1a4490ff67703a9b5900f8a6f8a805879dd91ec5ff435b219c53680c0ae04dcc4ef69b98fcb0d6b6a03a8b71a66b4e2876dc4b610444bf10000000000b046b6ae5d68156bcbd6d8793ade9a22ac8fc7857e5bbc14adc4e12b08f350c6789283b9990c72e64372a1f79769a8bdc632fc1a0b3417855d8b7d25ca4d404c23631ad3d2f55dcd385371c86170a4bca58c2b2b4eabc365f45bd10bb45b0c5bc354456a52be18d9b44014d20a3c51c8f013dade83562e73278662829e4f5a9ac00fd91178468c737f0872d97d38d11a176be5a0d7294c51eb161eddcfefa8837c7430721851ec2a107af0df6d43e732bbc01e76c66895eb85d36798d61622773591ee21ad9f6a1b73fa9cf3ffeb8a00b63af800a81d0fb8aa29df8b8ad6fbafefb5802a23cbdeeabceda5bfc5ff2fa5c1d61d04a1324794c6ed000696d9f04010c35474e690545c3d9bd836d4cef2585ba616e01c3d000000000000000000470ebc6f3453ecbf3047e4547d7632d3ad21798e730cb5d1da059b5bdb8107815dff995c0788906790406dfb4f8ee9f24ff94233e2e6e581e6e5de33a5f254c9a8b612547473c3001df3928dac9203b744619082421a8da7c00000000000000000000000000000018a73ef40cca690fb7595c6962984f8276677be6f66cbdbccf1896433808c9c84d74ac4a7c186a04a2250972f7acb156b21f9826b6acb7db32c4e3b3ec8b59fd972975edb1da872d81a35e4fda2f5cbde6b40bea20418c6e9dad30b791eea58f53e80fee4dd7fe08373ea2784fcd3a65261de71eb866458d2c22a"], &(0x7f0000000100)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @cgroup_sock}, 0x70)
bpf$MAP_CREATE(0x0, &(0x7f0000000440)=@base={0x1c, 0x4, 0x2, 0x0, 0x201, 0xffffffffffffffff, 0x0, '\x00', 0x0, r1, 0x1, 0x2}, 0x48)
r2 = socket$inet6_udp(0xa, 0x2, 0x0)
ioctl$sock_inet6_udp_SIOCINQ(r2, 0x541b, &(0x7f0000000180))

119.625097ms ago: executing program 3 (id=9030):
r0 = socket$nl_netfilter(0x10, 0x3, 0xc)
socketpair$unix(0x1, 0x3, 0x0, &(0x7f0000000080)={<r1=>0xffffffffffffffff, <r2=>0xffffffffffffffff})
connect$unix(r1, &(0x7f000057eff8)=@abs, 0x6e)
r3 = socket$kcm(0x10, 0x2, 0x0)
sendmsg$inet(r3, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000100)=[{&(0x7f0000000040)="170000007a006bcd9e3f88dc6e0800000709000018c000", 0x17}], 0x1, 0x0, 0x0, 0x1f00c00e}, 0x0)
sendmmsg$unix(r2, &(0x7f00000bd000), 0x318, 0x0)
recvmmsg(r1, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
sendmsg(r2, &(0x7f0000000180)={0x0, 0x0, 0x0}, 0x0)
sched_setattr(0x0, &(0x7f0000000100)={0x38, 0x5, 0x0, 0x0, 0x0, 0xb49, 0x9, 0x8, 0x0, 0x3}, 0x0)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={<r4=>0xffffffffffffffff})
ioctl$sock_SIOCETHTOOL(r4, 0x8946, &(0x7f0000000100)={'netdevsim0\x00', &(0x7f0000000280)=@ethtool_ringparam={0x10, 0x7f, 0x20000a2e, 0x0, 0xe, 0x3, 0x2000000, 0x0, 0x3000000}})
r5 = openat$nullb(0xffffffffffffff9c, &(0x7f0000000080), 0x4000000004002, 0x0)
r6 = openat$nullb(0xffffffffffffff9c, &(0x7f0000000100), 0x1c3902, 0x0)
r7 = syz_open_dev$video(&(0x7f0000000040), 0xa7, 0x800)
r8 = syz_io_uring_setup(0xeeb, &(0x7f0000000480)={0x0, 0x8002, 0x10100, 0x0, 0x3c8}, &(0x7f00000001c0)=<r9=>0x0, &(0x7f0000000140)=<r10=>0x0)
r11 = syz_open_procfs(0x0, &(0x7f0000000080)='attr\x00')
getdents64(r11, &(0x7f0000000fc0)=""/224, 0xe0)
syz_io_uring_submit(r9, r10, &(0x7f0000000180)=@IORING_OP_READV=@pass_iovec={0x1, 0x40, 0x0, @fd=r7, 0x73b, &(0x7f0000000500)=[{&(0x7f0000000240)=""/157, 0x9d}, {0x0}], 0x2, 0x0, 0x1})
io_uring_enter(r8, 0x567, 0xa9ea, 0x5, 0x0, 0x0)
sendfile(r5, r6, 0x0, 0x201f00)
socket$nl_route(0x10, 0x3, 0x0)
r12 = socket(0x23, 0x6, 0x2007a30)
ioctl$sock_SIOCGIFINDEX(r12, 0x8933, &(0x7f0000000000)={'bridge0\x00'})
socket$nl_generic(0x10, 0x3, 0x10)
r13 = socket$nl_route(0x10, 0x3, 0x0)
sendmsg$nl_route(r13, &(0x7f0000000040)={0x0, 0x0, 0x0}, 0x0)
sendmsg$NFT_BATCH(r0, &(0x7f000000c2c0)={0x0, 0x0, &(0x7f0000000200)={&(0x7f0000000340)=ANY=[@ANYBLOB="140000001000010000000000000000000000000a28000000000a0101000000005e1affd5020000000900010073797a300000000008000240000000032c000000030a01030000e6ff00000000020000000900010073797a300000001f0900030073797a320000000014000000110001"], 0x7c}, 0x1, 0x0, 0x0, 0x1}, 0x0)
sendmsg$NFT_BATCH(r0, &(0x7f0000000180)={0x0, 0x0, &(0x7f0000000040)={0x0}}, 0x0)
sendmsg$IPCTNL_MSG_EXP_GET_STATS_CPU(r11, &(0x7f0000000400)={&(0x7f00000000c0)={0x10, 0x0, 0x0, 0x4000}, 0xc, &(0x7f00000003c0)={&(0x7f0000000300)={0x14, 0x3, 0x2, 0x801, 0x0, 0x0, {0x2, 0x0, 0x5}, ["", ""]}, 0x14}, 0x1, 0x0, 0x0, 0x40000}, 0x4000000)

25.02247ms ago: executing program 1 (id=9031):
socketpair$unix(0x1, 0x3, 0x0, &(0x7f0000000080)={<r0=>0xffffffffffffffff, <r1=>0xffffffffffffffff})
connect$unix(r0, &(0x7f0000000300)=@abs={0x0, 0x0, 0x4e20}, 0x6e)
sendmmsg$unix(r1, &(0x7f00000bd000), 0x318, 0x0)
recvmmsg(r0, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
sched_setattr(0x0, &(0x7f0000000100)={0x38, 0x5, 0x0, 0x0, 0x0, 0xb49, 0x9, 0x8, 0x0, 0x3}, 0x0)
setsockopt$netlink_NETLINK_TX_RING(0xffffffffffffffff, 0x10e, 0xc, 0x0, 0x0)
r2 = syz_open_dev$sg(&(0x7f0000000000), 0x0, 0x0)
ioctl$SG_IO(r2, 0x2285, &(0x7f0000000040)={0x53, 0x0, 0x6, 0x0, @scatter={0x0, 0x0, 0x0}, &(0x7f00000003c0)="080000000344", 0xfffffffffffffffd, 0x0, 0x10010, 0x2, 0x0})
sendmsg$nl_route(0xffffffffffffffff, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000180)={&(0x7f0000000140)=ANY=[@ANYBLOB], 0x28}, 0x1, 0x0, 0x0, 0x40010}, 0x0)
openat$sequencer2(0xffffffffffffff9c, &(0x7f0000000140), 0x18557f, 0x0)
socket$inet(0x2, 0x2, 0x0)
seccomp$SECCOMP_SET_MODE_FILTER_LISTENER(0x1, 0x0, 0x0)
r3 = syz_open_dev$usbfs(0x0, 0x75, 0x0)
ioctl$USBDEVFS_CLAIM_PORT(r3, 0x80045518, &(0x7f0000000000)=0x1)
mkdirat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000000)='./cgroup.net/syz0\x00', 0x1ff)
openat$cgroup_subtree(0xffffffffffffffff, &(0x7f0000000500), 0x2, 0x0)
r4 = openat$cgroup_freezer_state(0xffffffffffffffff, &(0x7f0000000140), 0x2, 0x0)
mkdirat$cgroup(0xffffffffffffffff, &(0x7f0000000100)='syz0\x00', 0x1ff)
seccomp$SECCOMP_SET_MODE_FILTER_LISTENER(0x1, 0xc, &(0x7f0000000380)={0x3, &(0x7f00000002c0)=[{0x8, 0x4, 0x22, 0x3}, {0x9, 0x3, 0xf, 0xc}, {0x400, 0x5, 0x3, 0x10}]})
sendfile(r4, r4, 0x0, 0x9)
r5 = socket$nl_route(0x10, 0x3, 0x0)
sendmsg$nl_route(r5, &(0x7f0000000280)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000200)=ANY=[@ANYBLOB="30000000100001000000ce6bb9092919507f3400", @ANYRES32=0x0, @ANYBLOB='\x00\x00\x00\x00\x00\x00\x00\x00\b\x00\n\x00', @ANYRES32=0x0, @ANYBLOB="08001b"], 0x30}}, 0x0)
setsockopt$packet_int(0xffffffffffffffff, 0x107, 0x8, &(0x7f0000000100)=0x40049, 0x4)
syz_emit_ethernet(0x4a, 0x0, 0x0)
ioctl$TIOCSWINSZ(0xffffffffffffffff, 0x5414, &(0x7f0000000000)={0x1, 0x3, 0x80, 0xf})
bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000440)={0x8, 0xf, &(0x7f0000000200)=ANY=[@ANYBLOB="1800008080b63428e900"/20, @ANYRES32, @ANYBLOB="0000000000000000b702000014000000b7020000000000008500000051000000bf0900000000000055"], 0x0, 0x7, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x6}, 0x94)
bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000004580)={0x1, 0x5, &(0x7f00000000c0)=ANY=[@ANYBLOB="180000060000000000000000009500"/35], &(0x7f0000000040)='syzkaller\x00', 0x6, 0x29, &(0x7f0000000200)=""/41, 0x40f00, 0x2a, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x3}, 0x94)
syz_open_dev$loop(&(0x7f0000000100), 0x2, 0x0)

0s ago: executing program 2 (id=9032):
r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000240), 0x0, 0x0)
r1 = openat$rfkill(0xffffffffffffff9c, &(0x7f0000000040), 0x801, 0x0)
r2 = socket$inet6_mptcp(0xa, 0x1, 0x106)
ioctl$sock_SIOCETHTOOL(r2, 0x8946, &(0x7f0000000040)={'netdevsim0\x00', &(0x7f0000002500)=@ethtool_channels={0x3d, 0x8, 0x2, 0x80, 0x7, 0xf0000000, 0x56f, 0x4, 0x8}})
r3 = syz_open_dev$video(&(0x7f0000000000), 0x101, 0xab02)
ioctl$VIDIOC_S_INPUT(r3, 0xc0045627, 0x0)
ioctl$sock_SIOCGIFCONF(r2, 0x8912, &(0x7f0000000140)=@buf={0x65, &(0x7f00000000c0)="d0e9c60f2c2cb0acb4ee604e8590248803b4c68b6e016b60b1874e580b6f88b74af2975bc16f0d7591168453be7ab0f08c9ae1939bddb31a9c41d296ed2215aa0293792926e648341e711a60bb70f8f0246ec19f7e9e423583b8cbf08d938431028864f582"})
io_uring_register$IORING_REGISTER_PERSONALITY(0xffffffffffffffff, 0x9, 0x0, 0x0)
socket$netlink(0x10, 0x3, 0xd)
ioctl$VIDIOC_S_CROP(r3, 0x4014563c, &(0x7f0000000040)={0x9, {0xf8000000, 0x4, 0x2008, 0xffffbfff}})
r4 = openat$binder_debug(0xffffffffffffff9c, &(0x7f0000000040)='/sys/kernel/debug/binder/transactions\x00', 0x0, 0x0)
r5 = syz_open_procfs(0x0, &(0x7f00000000c0)='net/xfrm_stat\x00')
read$FUSE(r5, &(0x7f0000000100)={0x2020, 0x0, 0x0, 0x0, 0x0, <r6=>0x0}, 0x2020)
pipe(&(0x7f0000019480)={<r7=>0xffffffffffffffff, <r8=>0xffffffffffffffff})
vmsplice(r8, &(0x7f0000000500)=[{&(0x7f0000000280)="dc", 0x1}, {&(0x7f0000000380)='B', 0x1}, {&(0x7f0000000480)="9d", 0x1}], 0x3, 0x3)
close(r8)
r9 = socket$inet_udp(0x2, 0x2, 0x0)
setsockopt$IPT_SO_SET_REPLACE(r9, 0x0, 0x40, &(0x7f0000000540)=@raw={'raw\x00', 0x8, 0x3, 0x2b0, 0x118, 0x11, 0x148, 0x218, 0x0, 0x218, 0x2a8, 0x2a8, 0x218, 0x2a8, 0x3, 0x0, {[{{@uncond, 0x0, 0xd0, 0x118, 0x0, {}, [@common=@addrtype={{0x30}, {0x10, 0xa, 0x3}}, @common=@unspec=@cluster={{0x30}, {0x20, 0xfff, 0x2}}]}, @unspec=@CT0={0x48}}, {{@ip={@multicast2, @empty, 0x0, 0x0, 'vlan0\x00', 'netdevsim0\x00'}, 0x0, 0xd0, 0x100, 0x0, {}, [@inet=@rpfilter={{0x28}}, @common=@unspec=@quota={{0x38}}]}, @common=@unspec=@CONNMARK={0x30, 'CONNMARK\x00', 0x1, {0x0, 0xfffffffc, 0x19ecd463}}}], {{'\x00', 0x0, 0x70, 0x98}, {0x28}}}}, 0x310)
memfd_create(&(0x7f0000000240)='\x9d#\x00\xe6Z\x00\xafq%\xa5\x83\xa6\xb5\x00\x83y\xf3\xb2\xe6b\x00\x00\x00\x00\x00\x00\x00\x01\x00\x00\x00\x00\x00\x00\x17?&^\xe1Ob\xe1Y\xd6\xeb\x91\x83;\xeb\xf1\xd0\xe3\xe5\x19T\xff\x01\x00\x00\xe2\x9f\xd9\xae\xcf>/\x05V%$6\x9fU\x86\xbe\xcbx\x00\x00\x00\x15\x00\x00\x00\xa1\xa2\xe0g\x98\xbf*\xa2c\x12.\xb7\xbe`\'\xcb\xb6\xaf\xdc\xa0D\x93.\xf25\x957\xec\xfb\xe6|\\\xe4h\xfc\x14\x06\xb5\xaa\xe6\x05\xe4\xc3\x90\x91\x98\x15\xec\xdb\xaa\t9\x11\xb4\x84$&0\xdd\x19\x86\x90\xbe\xd7\xdc\n\xcbC\x15\xfcp\x11\xdai\f{a?\xd0\xe1{\x84\xb5\x82q\x19\xacS\x88|\x99\xfd\x9eS\x80\xcb\x14G\xfa\xff\xff\xff\xff\xff\xff\xff\xcd\xf0%\x97!\xba\xe3J\xc2t\x96\xf8\xb1\xd2\x168\xbf`$\xbf\xca\xea\xa3\x83\x8e-k\x12\xdf\xb9q\xb6Pr\xd4\xb5X\\\xdbD\n\x03G\x00\x04\x00\x00\xbc\xac\x18\xba\xce\xb3%QF\x03\b\x9dh\xcb)\xf4f\x12[\xf9\r\t\xef{h\xb0\xc0:\x8f|\x8f\x06\xf8\x83\x87+nM\x11\x1c\xb0*8\v\x1e\xcf\x03\xd3\xe8,?\x87\x84\\/y\xed\x01#?\xab\x1c\x11\x00\xc5\x8d\x82\x9c\xd6B[\xc9\x00\xf5]\x81\xf3\xfd\x06M\xbe\xf9\xba\x9em\xe9\"\x03\x933P\xa3\xcc\x9b\f\xa7\x8f\x91O\xc9\xb9\x10M\x8b\xd0\xc0\xb8L\xbd\x1c4\xb59\x988\tgC\xbc\xe0\xc5\xf4\xe0E%\xd9\xd8w\x00k\x042Y\xdc\xc5\xe59\xa95\xd1m\xd8hCuZYi\x10D\xb9\xe6\xff\x04K%yH\xe5W\xfb\x82\xac\x19,\\D\x91T\xfd\x9c\xb8\x8b\x88\xa5\xcc\x8fI\x00\xf0\xc9%\n\xa7\xd6\x0f:\xb0\xf5?\xc3\x88\x1e\xbb-\xa6\xecA\x92\xaf\xa4Xl\v\xa5\xca\v|\xe2L\xac\x80\xc7\x15\x96fh\x83\x15\xc7\xea\xd5\xe8\x89W\x11\xd7oC\xe4\x06\xa8[O\xe6\x1d=\x87\x93\x0f\x87I\xdf\xb1\xeb\x89\x11.\x01\x00\r`\x1e8\x94\v)\x06B\xf0\xed\x91 )y\xb4\xba\xba\xb7\xbc\xc3\xad\xf1\x92/(A=A\x8b\xa5\xb0\x89\x9e5\x12\xa4\x9a\va\xdf\xf4\xea\xc6\xc7\x10g\x1d\xd5\xb0\xbb\xd2\xfc]fC\x8d\x0f\xa6q\x0f\xef\x90\xfe\x94k\xf1\xb8\xfa\xbbb\xb1\x03\x99\xf7\xfd\'\xae\x906\xe0\xaa\xdbtWWH\xa4L\xb5pe,\xdfN\x0f8\t\xe7X_H\xd4\xe3\xb2,oj\xac\xd7\xbd\xd0\xadW\x1f<\xd0\b\x00\x00\x00\x00/ \xe4]@\xf7mA\xe8\xd1\xf4:\xb3\xeb\x81\xb9\x018\x1c\x95%o\x05x\x1a\x90\xf4\x03\xe7\xe9\xa9', 0x0)
splice(r7, 0x0, r8, 0x0, 0x10500, 0x0)
setpgid(0x0, r6)
read$FUSE(r4, &(0x7f0000000480)={0x2020, 0x0, 0x0, 0x0, 0x0, <r10=>0x0}, 0x2020)
ioctl$TIOCMGET(r2, 0x5415, &(0x7f00000024c0))
fcntl$setown(r4, 0x8, r10)
write$rfkill(r1, &(0x7f0000000080)={0x0, 0x0, 0x3, 0x1}, 0x8)
ioctl$INCFS_IOC_READ_FILE_SIGNATURE(r3, 0x8010671f, &(0x7f0000000200)={&(0x7f0000000240)=""/15, 0x9})
writev(0xffffffffffffffff, &(0x7f0000000340)=[{&(0x7f0000000080)='~', 0x1}], 0x1)
writev(0xffffffffffffffff, &(0x7f0000000540)=[{&(0x7f0000000140)}], 0x1)
ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0)
rt_sigaction(0x4, &(0x7f00000001c0)={&(0x7f0000000140)="44dfa3998999998f083087649e0d0036660f38df2b660fbab97500000000c3c4a37905d708f246ad66450f28e20f9218c401f5e84c5700", 0x50000003, 0x0, {[0x1]}}, 0x0, 0x0, 0x0)

kernel console output (not intermixed with test programs):

/virtual/input/input162
[ 2076.306283][T31428] usb 4-1: new full-speed USB device number 10 using dummy_hcd
[ 2076.496664][T31428] usb 4-1: config index 0 descriptor too short (expected 8192, got 27)
[ 2076.504956][T31428] usb 4-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config
[ 2076.515354][T31428] usb 4-1: config 0 has no interfaces?
[ 2076.537590][T31428] usb 4-1: New USB device found, idVendor=0596, idProduct=0001, bcdDevice= 5.f5
[ 2076.556536][T31428] usb 4-1: New USB device strings: Mfr=1, Product=0, SerialNumber=3
[ 2076.564577][T31428] usb 4-1: Manufacturer: syz
[ 2076.569571][T31428] usb 4-1: SerialNumber: syz
[ 2076.596906][T31428] usb 4-1: config 0 descriptor??
[ 2077.136336][ T5827] usb 5-1: new high-speed USB device number 74 using dummy_hcd
[ 2077.195829][ T6071] batman_adv: batadv0: Adding interface: vxlan0
[ 2077.203429][ T6071] batman_adv: batadv0: The MTU of interface vxlan0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1532 would solve the problem.
[ 2077.236262][ T6071] batman_adv: batadv0: Not using interface vxlan0 (retrying later): interface not active
[ 2077.326201][ T5827] usb 5-1: Using ep0 maxpacket: 32
[ 2077.508087][ T5827] usb 5-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7
[ 2077.519798][ T5827] usb 5-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0
[ 2077.529764][ T5827] usb 5-1: New USB device found, idVendor=1e7d, idProduct=2d5a, bcdDevice= 0.00
[ 2077.539040][ T5827] usb 5-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[ 2077.553933][ T5827] usb 5-1: config 0 descriptor??
[ 2077.977451][ T5827] usbhid 5-1:0.0: can't add hid device: -71
[ 2077.985280][ T5827] usbhid 5-1:0.0: probe with driver usbhid failed with error -71
[ 2078.000399][ T5827] usb 5-1: USB disconnect, device number 74
[ 2078.193203][T31428] usb 4-1: USB disconnect, device number 10
[ 2079.616473][T31424] usb 4-1: new high-speed USB device number 11 using dummy_hcd
[ 2079.778392][T31424] usb 4-1: config 1 has an invalid descriptor of length 0, skipping remainder of the config
[ 2079.796285][T31424] usb 4-1: config 1 has 1 interface, different from the descriptor's value: 3
[ 2079.818981][T31424] usb 4-1: New USB device found, idVendor=08b7, idProduct=0000, bcdDevice= 0.00
[ 2079.836230][T31424] usb 4-1: New USB device strings: Mfr=0, Product=0, SerialNumber=3
[ 2079.846449][T31424] usb 4-1: SerialNumber: syz
[ 2079.960590][ T6113] IPVS: ovf: FWM 3 0x00000003 - no destination available
[ 2080.074280][T31424] usb 4-1: 0:2 : does not exist
[ 2080.128568][T31424] usb 4-1: USB disconnect, device number 11
[ 2080.364268][T15334] udevd[15334]: error opening ATTR{/sys/devices/platform/dummy_hcd.3/usb4/4-1/4-1:1.0/sound/card3/controlC3/../uevent} for writing: No such file or directory
[ 2080.552332][ T6122] kvm: pic: non byte write
[ 2081.069963][ T6137] syz_tun: entered promiscuous mode
[ 2081.082257][ T6137] vlan0: entered promiscuous mode
[ 2081.896289][T31428] usb 5-1: new high-speed USB device number 75 using dummy_hcd
[ 2082.068053][T31428] usb 5-1: New USB device found, idVendor=0bed, idProduct=1100, bcdDevice=ec.c3
[ 2082.086176][T31428] usb 5-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[ 2082.105365][T31428] usb 5-1: config 0 descriptor??
[ 2082.124041][T31428] cp210x 5-1:0.0: cp210x converter detected
[ 2082.186197][T31424] usb 4-1: new high-speed USB device number 12 using dummy_hcd
[ 2082.537607][T31428] cp210x 5-1:0.0: failed to get vendor val 0x000e size 3: -32
[ 2082.646189][T31424] usb 4-1: Using ep0 maxpacket: 8
[ 2082.664304][T31424] usb 4-1: config 16 interface 0 altsetting 0 endpoint 0x5 has invalid maxpacket 56832, setting to 1024
[ 2082.687629][T31424] usb 4-1: config 16 interface 0 altsetting 0 bulk endpoint 0x5 has invalid maxpacket 1024
[ 2082.710252][T31424] usb 4-1: config 16 interface 0 altsetting 0 bulk endpoint 0x8B has invalid maxpacket 32
[ 2082.734933][T31424] usb 4-1: config 16 interface 0 altsetting 0 has 2 endpoint descriptors, different from the interface descriptor's value: 3
[ 2082.756492][T31428] cp210x 5-1:0.0: failed to get vendor val 0x370c size 15: -71
[ 2082.758926][T31424] usb 4-1: New USB device found, idVendor=ee8d, idProduct=db1a, bcdDevice=61.23
[ 2082.772665][T31428] cp210x 5-1:0.0: GPIO initialisation failed: -71
[ 2082.800338][T31428] usb 5-1: cp210x converter now attached to ttyUSB0
[ 2082.803926][T31424] usb 4-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[ 2082.843198][T31428] usb 5-1: USB disconnect, device number 75
[ 2082.880831][T31428] cp210x ttyUSB0: cp210x converter now disconnected from ttyUSB0
[ 2083.057431][T31424] usb 4-1: usb_control_msg returned -32
[ 2083.066384][T31424] usbtmc 4-1:16.0: can't read capabilities
[ 2083.153420][T31428] cp210x 5-1:0.0: device disconnected
[ 2083.552275][   T30] audit: type=1326 audit(1761128612.641:6863): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=6200 comm="syz.2.8619" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f92fef8efc9 code=0x7ffc0000
[ 2083.616380][   T30] audit: type=1326 audit(1761128612.641:6864): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=6200 comm="syz.2.8619" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f92fef8efc9 code=0x7ffc0000
[ 2083.748508][   T30] audit: type=1326 audit(1761128612.641:6865): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=6200 comm="syz.2.8619" exe="/root/syz-executor" sig=0 arch=c000003e syscall=41 compat=0 ip=0x7f92fef8efc9 code=0x7ffc0000
[ 2084.011198][   T30] audit: type=1326 audit(1761128612.641:6866): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=6200 comm="syz.2.8619" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f92fef8efc9 code=0x7ffc0000
[ 2084.033912][   T30] audit: type=1326 audit(1761128612.641:6867): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=6200 comm="syz.2.8619" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f92fef8efc9 code=0x7ffc0000
[ 2084.059816][   T30] audit: type=1326 audit(1761128612.641:6868): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=6200 comm="syz.2.8619" exe="/root/syz-executor" sig=0 arch=c000003e syscall=49 compat=0 ip=0x7f92fef8efc9 code=0x7ffc0000
[ 2084.083807][   T30] audit: type=1326 audit(1761128612.641:6869): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=6200 comm="syz.2.8619" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f92fef8efc9 code=0x7ffc0000
[ 2084.177019][   T30] audit: type=1326 audit(1761128612.641:6870): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=6200 comm="syz.2.8619" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f92fef8efc9 code=0x7ffc0000
[ 2084.200623][   T30] audit: type=1326 audit(1761128612.641:6871): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=6200 comm="syz.2.8619" exe="/root/syz-executor" sig=0 arch=c000003e syscall=42 compat=0 ip=0x7f92fef8efc9 code=0x7ffc0000
[ 2084.225717][   T30] audit: type=1326 audit(1761128612.641:6872): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=6200 comm="syz.2.8619" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f92fef8efc9 code=0x7ffc0000
[ 2084.986997][T31428] usb 4-1: USB disconnect, device number 12
[ 2085.845129][T25137] Bluetooth: hci2: ACL packet for unknown connection handle 200
[ 2086.175138][ T6251] netlink: 8 bytes leftover after parsing attributes in process `syz.1.8636'.
[ 2086.709885][T25138] Bluetooth: hci5: unexpected cc 0x0c03 length: 249 > 1
[ 2086.721282][T25138] Bluetooth: hci5: unexpected cc 0x1003 length: 249 > 9
[ 2086.733178][T25138] Bluetooth: hci5: unexpected cc 0x1001 length: 249 > 9
[ 2086.752625][T25138] Bluetooth: hci5: unexpected cc 0x0c23 length: 249 > 4
[ 2086.763625][T25138] Bluetooth: hci5: unexpected cc 0x0c38 length: 249 > 2
[ 2087.398130][ T6271] kvm: apic: phys broadcast and lowest prio
[ 2087.770045][ T6258] chnl_net:caif_netlink_parms(): no params data found
[ 2087.933494][ T6082] bond0: (slave netdevsim0): Releasing backup interface
[ 2088.375151][ T6258] bridge0: port 1(bridge_slave_0) entered blocking state
[ 2088.386542][ T6258] bridge0: port 1(bridge_slave_0) entered disabled state
[ 2088.404061][ T6258] bridge_slave_0: entered allmulticast mode
[ 2088.415834][ T6258] bridge_slave_0: entered promiscuous mode
[ 2088.462080][ T6258] bridge0: port 2(bridge_slave_1) entered blocking state
[ 2088.474743][ T6258] bridge0: port 2(bridge_slave_1) entered disabled state
[ 2088.486927][ T6258] bridge_slave_1: entered allmulticast mode
[ 2088.499612][ T6258] bridge_slave_1: entered promiscuous mode
[ 2088.846220][T25137] Bluetooth: hci5: command tx timeout
[ 2089.912833][ T6082] batman_adv: batadv1: Removing interface: bridge1
[ 2090.837125][   T30] kauditd_printk_skb: 8 callbacks suppressed
[ 2090.837144][   T30] audit: type=1326 audit(1761128619.731:6881): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=6335 comm="syz.2.8656" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f92fef8efc9 code=0x7ffc0000
[ 2090.928180][   T30] audit: type=1326 audit(1761128619.731:6882): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=6335 comm="syz.2.8656" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f92fef8efc9 code=0x7ffc0000
[ 2090.938953][T25137] Bluetooth: hci5: command tx timeout
[ 2091.016701][   T30] audit: type=1326 audit(1761128619.791:6883): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=6335 comm="syz.2.8656" exe="/root/syz-executor" sig=0 arch=c000003e syscall=256 compat=0 ip=0x7f92fef8efc9 code=0x7ffc0000
[ 2091.041802][ T6082] bond0 (unregistering): Released all slaves
[ 2091.051783][   T30] audit: type=1326 audit(1761128620.091:6884): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=6335 comm="syz.2.8656" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f92fef8efc9 code=0x7ffc0000
[ 2091.075681][   T30] audit: type=1326 audit(1761128620.091:6885): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=6335 comm="syz.2.8656" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f92fef8efc9 code=0x7ffc0000
[ 2091.125833][ T6082] bond1 (unregistering): Released all slaves
[ 2091.154479][T25137] Bluetooth: hci3: unexpected cc 0x0c5b length: 5 > 1
[ 2091.162294][T25137] Bluetooth: hci3: unexpected event for opcode 0x0c5b
[ 2091.405531][ T6300] tipc: New replicast peer: fe80:0000:0000:0000:0000:0000:0000:00bb
[ 2091.417064][ T6300] tipc: Enabled bearer <udp:syz0>, priority 10
[ 2091.460863][ T6258] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link
[ 2091.507474][ T6258] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link
[ 2091.569290][ T6359] netlink: 'syz.2.8659': attribute type 16 has an invalid length.
[ 2091.584134][ T6359] netlink: 'syz.2.8659': attribute type 17 has an invalid length.
[ 2091.592484][ T6082] tipc: Left network mode
[ 2091.698065][ T6359] A link change request failed with some changes committed already. Interface caif0 may have been left with an inconsistent configuration, please check.
[ 2091.732959][ T6258] team0: Port device team_slave_0 added
[ 2091.757978][ T6258] team0: Port device team_slave_1 added
[ 2091.768852][ T6361] netlink: 4 bytes leftover after parsing attributes in process `syz.0.8660'.
[ 2091.818271][T31424] ip6_tunnel: ip6gretap0 xmit: Local address not yet configured!
[ 2091.868689][ T6258] batman_adv: batadv0: Adding interface: batadv_slave_0
[ 2091.882115][ T6258] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1532 would solve the problem.
[ 2091.917561][ T6258] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active
[ 2091.947955][T31424] ip6_tunnel: ip6gretap0 xmit: Local address not yet configured!
[ 2092.085545][ T6258] batman_adv: batadv0: Adding interface: batadv_slave_1
[ 2092.114516][ T6258] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1532 would solve the problem.
[ 2092.189227][ T6258] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active
[ 2092.452244][T31424] tipc: Node number set to 1498057285
[ 2092.520375][ T6082] hsr_slave_0: left promiscuous mode
[ 2092.553099][ T6082] hsr_slave_1: left promiscuous mode
[ 2092.767663][ T6082] batadv5 (unregistering): left promiscuous mode
[ 2092.789152][ T6082] team0 (unregistering): Port device batadv5 removed
[ 2092.833295][    C1] sd 0:0:1:0: [sda] tag#1423 FAILED Result: hostbyte=DID_ERROR driverbyte=DRIVER_OK cmd_age=0s
[ 2092.843686][    C1] sd 0:0:1:0: [sda] tag#1423 CDB: Read(6) 08 00 00 00 03 44
[ 2092.958370][ T6082] batadv4 (unregistering): left promiscuous mode
[ 2092.983797][ T6082] team0 (unregistering): Port device batadv4 removed
[ 2092.998676][T25137] Bluetooth: hci5: command tx timeout
[ 2093.102490][ T6082] batadv3 (unregistering): left promiscuous mode
[ 2093.117417][ T6082] team0 (unregistering): Port device batadv3 removed
[ 2093.717229][ T6082] batadv2 (unregistering): left promiscuous mode
[ 2093.736763][ T6082] team0 (unregistering): Port device batadv2 removed
[ 2093.848777][ T6082] batadv1 (unregistering): left promiscuous mode
[ 2093.874820][ T6082] team0 (unregistering): Port device batadv1 removed
[ 2093.986778][ T6384] syz.3.8668: vmalloc error: size 424673280, failed to allocated page array size 829440, mode:0xdc2(GFP_KERNEL|__GFP_HIGHMEM|__GFP_ZERO), nodemask=(null),cpuset=/,mems_allowed=0-1
[ 2094.027599][ T6384] CPU: 0 UID: 0 PID: 6384 Comm: syz.3.8668 Not tainted syzkaller #0 PREEMPT(full) 
[ 2094.027616][ T6384] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/02/2025
[ 2094.027623][ T6384] Call Trace:
[ 2094.027628][ T6384]  <TASK>
[ 2094.027634][ T6384]  dump_stack_lvl+0x189/0x250
[ 2094.027654][ T6384]  ? __pfx_dump_stack_lvl+0x10/0x10
[ 2094.027669][ T6384]  ? __pfx__printk+0x10/0x10
[ 2094.027680][ T6384]  ? cpuset_print_current_mems_allowed+0x1f/0x360
[ 2094.027695][ T6384]  ? cpuset_print_current_mems_allowed+0x1f/0x360
[ 2094.027709][ T6384]  ? cpuset_print_current_mems_allowed+0x2ee/0x360
[ 2094.027725][ T6384]  warn_alloc+0x214/0x310
[ 2094.027744][ T6384]  ? __pfx_warn_alloc+0x10/0x10
[ 2094.027763][ T6384]  ? __get_vm_area_node+0x28f/0x300
[ 2094.027779][ T6384]  ? vb2_vmalloc_alloc+0xef/0x340
[ 2094.027801][ T6384]  __vmalloc_node_range_noprof+0x690/0x12d0
[ 2094.027831][ T6384]  ? __pfx___vmalloc_node_range_noprof+0x10/0x10
[ 2094.027848][ T6384]  ? __kasan_kmalloc+0x93/0xb0
[ 2094.027867][ T6384]  vmalloc_user_noprof+0xad/0xf0
[ 2094.027881][ T6384]  ? vb2_vmalloc_alloc+0xef/0x340
[ 2094.027892][ T6384]  vb2_vmalloc_alloc+0xef/0x340
[ 2094.027903][ T6384]  ? __pfx_vb2_vmalloc_alloc+0x10/0x10
[ 2094.027915][ T6384]  __vb2_queue_alloc+0x9c2/0x15a0
[ 2094.027939][ T6384]  vb2_core_reqbufs+0xc31/0x1420
[ 2094.027954][ T6384]  ? do_syscall_64+0xfa/0xfa0
[ 2094.027978][ T6384]  ? __pfx_vb2_core_reqbufs+0x10/0x10
[ 2094.027999][ T6384]  ? vb2_verify_memory_type+0x1fc/0x570
[ 2094.028016][ T6384]  vb2_ioctl_reqbufs+0x4c0/0x830
[ 2094.028034][ T6384]  __video_do_ioctl+0xa59/0xc10
[ 2094.028051][ T6384]  ? __pfx___video_do_ioctl+0x10/0x10
[ 2094.028069][ T6384]  video_usercopy+0x82d/0x1450
[ 2094.028086][ T6384]  ? __pfx___video_do_ioctl+0x10/0x10
[ 2094.028097][ T6384]  ? __pfx_video_usercopy+0x10/0x10
[ 2094.028117][ T6384]  ? __fget_files+0x3a0/0x420
[ 2094.028130][ T6384]  v4l2_ioctl+0x18d/0x1e0
[ 2094.028141][ T6384]  ? __pfx_v4l2_ioctl+0x10/0x10
[ 2094.028151][ T6384]  __se_sys_ioctl+0xfc/0x170
[ 2094.028166][ T6384]  do_syscall_64+0xfa/0xfa0
[ 2094.028178][ T6384]  ? lockdep_hardirqs_on+0x9c/0x150
[ 2094.028190][ T6384]  ? entry_SYSCALL_64_after_hwframe+0x77/0x7f
[ 2094.028201][ T6384]  ? clear_bhb_loop+0x60/0xb0
[ 2094.028214][ T6384]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[ 2094.028224][ T6384] RIP: 0033:0x7f3ea438efc9
[ 2094.028235][ T6384] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[ 2094.028244][ T6384] RSP: 002b:00007f3ea518c038 EFLAGS: 00000246 ORIG_RAX: 0000000000000010
[ 2094.028256][ T6384] RAX: ffffffffffffffda RBX: 00007f3ea45e5fa0 RCX: 00007f3ea438efc9
[ 2094.028264][ T6384] RDX: 00002000000000c0 RSI: 00000000c0145608 RDI: 0000000000000003
[ 2094.028272][ T6384] RBP: 00007f3ea4411f91 R08: 0000000000000000 R09: 0000000000000000
[ 2094.028278][ T6384] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000
[ 2094.028285][ T6384] R13: 00007f3ea45e6038 R14: 00007f3ea45e5fa0 R15: 00007f3ea470fa28
[ 2094.028302][ T6384]  </TASK>
[ 2094.028307][ T6384] Mem-Info:
[ 2094.376355][ T6384] active_anon:46645 inactive_anon:22 isolated_anon:0
[ 2094.376355][ T6384]  active_file:19626 inactive_file:40771 isolated_file:0
[ 2094.376355][ T6384]  unevictable:768 dirty:117 writeback:0
[ 2094.376355][ T6384]  slab_reclaimable:7212 slab_unreclaimable:104291
[ 2094.376355][ T6384]  mapped:41357 shmem:39986 pagetables:1626
[ 2094.376355][ T6384]  sec_pagetables:0 bounce:0
[ 2094.376355][ T6384]  kernel_misc_reclaimable:0
[ 2094.376355][ T6384]  free:1234938 free_pcp:15285 free_cma:0
[ 2094.476178][ T6384] Node 0 active_anon:187380kB inactive_anon:88kB active_file:78364kB inactive_file:162884kB unevictable:1536kB isolated(anon):0kB isolated(file):0kB mapped:165300kB dirty:464kB writeback:0kB shmem:158408kB shmem_thp:0kB shmem_pmdmapped:0kB anon_thp:0kB kernel_stack:12208kB pagetables:6372kB sec_pagetables:0kB all_unreclaimable? no Balloon:0kB
[ 2094.550662][ T6384] Node 1 active_anon:0kB inactive_anon:0kB active_file:140kB inactive_file:200kB unevictable:1536kB isolated(anon):0kB isolated(file):0kB mapped:128kB dirty:4kB writeback:0kB shmem:1536kB shmem_thp:0kB shmem_pmdmapped:0kB anon_thp:0kB kernel_stack:48kB pagetables:132kB sec_pagetables:0kB all_unreclaimable? no Balloon:0kB
[ 2094.603591][ T6384] Node 0 DMA free:15360kB boost:0kB min:204kB low:252kB high:300kB reserved_highatomic:0KB free_highatomic:0KB active_anon:0kB inactive_anon:0kB active_file:0kB inactive_file:0kB unevictable:0kB writepending:0kB zspages:0kB present:15992kB managed:15360kB mlocked:0kB bounce:0kB free_pcp:0kB local_pcp:0kB free_cma:0kB
[ 2094.664363][ T6384] lowmem_reserve[]: 0 2505 2505 2505 2505
[ 2094.674503][ T6384] Node 0 DMA32 free:1023960kB boost:0kB min:34308kB low:42884kB high:51460kB reserved_highatomic:0KB free_highatomic:0KB active_anon:187780kB inactive_anon:88kB active_file:78364kB inactive_file:162884kB unevictable:1536kB writepending:464kB zspages:6788kB present:3129332kB managed:2565192kB mlocked:0kB bounce:0kB free_pcp:52160kB local_pcp:19052kB free_cma:0kB
[ 2094.721091][ T6384] lowmem_reserve[]: 0 0 0 0 0
[ 2094.734213][ T6384] Node 0 Normal free:0kB boost:0kB min:0kB low:0kB high:0kB reserved_highatomic:0KB free_highatomic:0KB active_anon:0kB inactive_anon:0kB active_file:0kB inactive_file:0kB unevictable:0kB writepending:0kB zspages:0kB present:1048580kB managed:108kB mlocked:0kB bounce:0kB free_pcp:0kB local_pcp:0kB free_cma:0kB
[ 2094.773818][ T6384] lowmem_reserve[]: 0 0 0 0 0
[ 2094.819017][ T6384] Node 1 Normal free:3900432kB boost:0kB min:55592kB low:69488kB high:83384kB reserved_highatomic:0KB free_highatomic:0KB active_anon:0kB inactive_anon:0kB active_file:140kB inactive_file:200kB unevictable:1536kB writepending:4kB zspages:0kB present:4194300kB managed:4111100kB mlocked:0kB bounce:0kB free_pcp:8192kB local_pcp:8192kB free_cma:0kB
[ 2094.869717][ T6384] lowmem_reserve[]: 0 0 0 0 0
[ 2094.874425][ T6384] Node 0 DMA: 0*4kB 0*8kB 0*16kB 0*32kB 0*64kB 0*128kB 0*256kB 0*512kB 1*1024kB (U) 1*2048kB (M) 3*4096kB (M) = 15360kB
[ 2094.889735][ T6384] Node 0 DMA32: 2*4kB (UE) 128*8kB (UE) 1*16kB (M) 132*32kB (UME) 57*64kB (UME) 180*128kB (ME) 169*256kB (UME) 129*512kB (UM) 86*1024kB (UME) 28*2048kB (UME) 180*4096kB (UM) = 1023960kB
[ 2094.939756][ T6384] Node 0 Normal: 0*4kB 0*8kB 0*16kB 0*32kB 0*64kB 0*128kB 0*256kB 0*512kB 0*1024kB 0*2048kB 0*4096kB = 0kB
[ 2094.964271][ T6384] Node 1 Normal: 222*4kB (UE) 49*8kB (UE) 39*16kB (UME) 247*32kB (UME) 101*64kB (UME) 35*128kB (UME) 13*256kB (UME) 9*512kB (UME) 3*1024kB (UM) 5*2048kB (UME) 942*4096kB (UM) = 3900432kB
[ 2094.987969][ T6384] Node 0 hugepages_total=0 hugepages_free=0 hugepages_surp=0 hugepages_size=1048576kB
[ 2095.003212][ T6384] Node 0 hugepages_total=3 hugepages_free=1 hugepages_surp=0 hugepages_size=2048kB
[ 2095.016719][ T6384] Node 1 hugepages_total=0 hugepages_free=0 hugepages_surp=0 hugepages_size=1048576kB
[ 2095.034046][ T6384] Node 1 hugepages_total=1 hugepages_free=1 hugepages_surp=0 hugepages_size=2048kB
[ 2095.043770][ T6384] 97570 total pagecache pages
[ 2095.068487][ T6384] 42 pages in swap cache
[ 2095.072736][ T6384] Free swap  = 59408kB
[ 2095.077152][T25137] Bluetooth: hci5: command tx timeout
[ 2095.084344][ T6384] Total swap = 124996kB
[ 2095.091711][ T6384] 2097051 pages RAM
[ 2095.095526][ T6384] 0 pages HighMem/MovableOnly
[ 2095.122837][ T6384] 424111 pages reserved
[ 2095.138530][ T6384] 0 pages cma reserved
[ 2096.414242][ T6393] A link change request failed with some changes committed already. Interface hsr_slave_0 may have been left with an inconsistent configuration, please check.
[ 2096.443298][T32397] ip6_tunnel: ip6gretap0 xmit: Local address not yet configured!
[ 2096.595469][ T6409] geneve2: entered promiscuous mode
[ 2096.601087][ T6409] geneve2: entered allmulticast mode
[ 2096.804935][ T6258] hsr_slave_0: entered promiscuous mode
[ 2096.820189][ T6258] hsr_slave_1: entered promiscuous mode
[ 2096.830088][ T6422] loop9: detected capacity change from 0 to 7
[ 2096.848414][ T6258] debugfs: 'hsr0' already exists in 'hsr'
[ 2096.850120][T15334] Dev loop9: unable to read RDB block 7
[ 2096.861818][T15334]  loop9: AHDI p3 p4
[ 2096.863741][ T6258] Cannot create hsr debugfs directory
[ 2096.865744][T15334] loop9: partition table partially beyond EOD, truncated
[ 2096.960874][T15334] loop9: p3 size 4227858431 extends beyond EOD, truncated
[ 2097.000562][ T6422] Dev loop9: unable to read RDB block 7
[ 2097.034237][ T6422]  loop9: AHDI p3 p4
[ 2097.039832][ T6422] loop9: partition table partially beyond EOD, truncated
[ 2097.135812][ T6422] loop9: p3 size 4227858431 extends beyond EOD, truncated
[ 2097.274285][T15334] udevd[15334]: inotify_add_watch(7, /dev/loop9p3, 10) failed: No such file or directory
[ 2097.284535][T31424] usb 1-1: new high-speed USB device number 126 using dummy_hcd
[ 2097.435992][T15334] udevd[15334]: inotify_add_watch(7, /dev/loop9p3, 10) failed: No such file or directory
[ 2097.448117][T25138] Bluetooth: hci5: command 0x0405 tx timeout
[ 2097.466185][T31424] usb 1-1: Using ep0 maxpacket: 16
[ 2097.621259][T31424] usb 1-1: config 0 has no interfaces?
[ 2097.656050][T31424] usb 1-1: New USB device found, idVendor=2040, idProduct=b138, bcdDevice= 1.42
[ 2097.678745][T31424] usb 1-1: New USB device strings: Mfr=4, Product=0, SerialNumber=0
[ 2097.700520][T31424] usb 1-1: Manufacturer: syz
[ 2097.714731][  T147] ip6_tunnel: ip6gretap0 xmit: Local address not yet configured!
[ 2097.749615][T31424] usb 1-1: config 0 descriptor??
[ 2097.775957][  T147] ip6_tunnel: ip6gretap0 xmit: Local address not yet configured!
[ 2098.094345][ T6426] A link change request failed with some changes committed already. Interface gretap0 may have been left with an inconsistent configuration, please check.
[ 2098.395116][ T6428] A link change request failed with some changes committed already. Interface caif0 may have been left with an inconsistent configuration, please check.
[ 2098.488664][ T6082] IPVS: stop unused estimator thread 0...
[ 2098.526369][T31424] ip6_tunnel: ip6gretap0 xmit: Local address not yet configured!
[ 2098.842787][ T1303] ieee802154 phy0 wpan0: encryption failed: -22
[ 2098.849159][ T1303] ieee802154 phy1 wpan1: encryption failed: -22
[ 2098.939704][    C1] sd 0:0:1:0: [sda] tag#1431 FAILED Result: hostbyte=DID_ERROR driverbyte=DRIVER_OK cmd_age=0s
[ 2098.950163][    C1] sd 0:0:1:0: [sda] tag#1431 CDB: Read(6) 08 00 00 00 03 44
[ 2098.983313][ T6466] bond0: (slave dummy0): Releasing backup interface
[ 2098.994993][ T6466] A link change request failed with some changes committed already. Interface hsr_slave_0 may have been left with an inconsistent configuration, please check.
[ 2099.024793][T31428] ip6_tunnel: ip6gretap0 xmit: Local address not yet configured!
[ 2099.231139][ T6472] netlink: 4 bytes leftover after parsing attributes in process `syz.3.8683'.
[ 2099.348519][ T6478] usb usb8: usbfs: process 6478 (syz.1.8684) did not claim interface 0 before use
[ 2099.361159][ T6258] netdevsim netdevsim4 netdevsim0: renamed from eth0
[ 2099.368399][ T4317] ip6_tunnel: ip6gretap0 xmit: Local address not yet configured!
[ 2099.389244][ T6478] usb usb8: Requested nonsensical USBDEVFS_URB_ZERO_PACKET.
[ 2099.420267][ T6258] netdevsim netdevsim4 netdevsim1: renamed from eth1
[ 2099.468711][ T6258] netdevsim netdevsim4 netdevsim2: renamed from eth2
[ 2099.523830][ T6258] netdevsim netdevsim4 netdevsim3: renamed from eth3
[ 2099.761931][ T4317] usb 2-1: new high-speed USB device number 47 using dummy_hcd
[ 2099.927058][ T4317] usb 2-1: Using ep0 maxpacket: 8
[ 2099.949997][ T4317] usb 2-1: config 162 has an invalid interface number: 97 but max is 0
[ 2099.958679][ T4317] usb 2-1: config 162 has no interface number 0
[ 2099.998398][ T4317] usb 2-1: config 162 interface 97 has no altsetting 0
[ 2100.013922][ T6258] 8021q: adding VLAN 0 to HW filter on device bond0
[ 2100.039670][T31424] usb 1-1: USB disconnect, device number 126
[ 2100.047544][ T4317] usb 2-1: New USB device found, idVendor=0c2e, idProduct=0700, bcdDevice=e1.3b
[ 2100.066353][ T4317] usb 2-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[ 2100.188593][ T4317] usb 2-1: Product: syz
[ 2100.196328][ T4317] usb 2-1: Manufacturer: syz
[ 2100.221407][ T4317] usb 2-1: SerialNumber: syz
[ 2100.356056][ T6498] FAULT_INJECTION: forcing a failure.
[ 2100.356056][ T6498] name failslab, interval 1, probability 0, space 0, times 0
[ 2100.426090][ T6498] CPU: 1 UID: 0 PID: 6498 Comm: syz.0.8686 Not tainted syzkaller #0 PREEMPT(full) 
[ 2100.426117][ T6498] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/02/2025
[ 2100.426128][ T6498] Call Trace:
[ 2100.426136][ T6498]  <TASK>
[ 2100.426144][ T6498]  dump_stack_lvl+0x189/0x250
[ 2100.426172][ T6498]  ? __pfx____ratelimit+0x10/0x10
[ 2100.426194][ T6498]  ? __pfx_dump_stack_lvl+0x10/0x10
[ 2100.426216][ T6498]  ? __pfx__printk+0x10/0x10
[ 2100.426236][ T6498]  ? __pfx___might_resched+0x10/0x10
[ 2100.426254][ T6498]  ? fs_reclaim_acquire+0x7d/0x100
[ 2100.426283][ T6498]  should_fail_ex+0x414/0x560
[ 2100.426312][ T6498]  should_failslab+0xa8/0x100
[ 2100.426332][ T6498]  kmem_cache_alloc_lru_noprof+0x79/0x6d0
[ 2100.426356][ T6498]  ? __d_alloc+0x36/0x7a0
[ 2100.426381][ T6498]  __d_alloc+0x36/0x7a0
[ 2100.426398][ T6498]  ? security_inode_alloc+0x39/0x330
[ 2100.426419][ T6498]  d_alloc_pseudo+0x21/0xc0
[ 2100.426435][ T6498]  alloc_file_pseudo+0xcc/0x210
[ 2100.426454][ T6498]  ? security_inode_alloc+0x39/0x330
[ 2100.426480][ T6498]  ? __pfx_alloc_file_pseudo+0x10/0x10
[ 2100.426498][ T6498]  ? evm_inode_alloc_security+0x40/0xb0
[ 2100.426517][ T6498]  ? security_inode_alloc+0xd5/0x330
[ 2100.426539][ T6498]  sock_alloc_file+0xb8/0x2e0
[ 2100.426554][ T6498]  do_accept+0x34b/0x680
[ 2100.426571][ T6498]  ? __pfx_do_accept+0x10/0x10
[ 2100.426606][ T6498]  __sys_accept4+0x11c/0x1c0
[ 2100.426634][ T6498]  ? __pfx___sys_accept4+0x10/0x10
[ 2100.426655][ T6498]  ? ksys_write+0x22a/0x250
[ 2100.426677][ T6498]  ? __pfx_ksys_write+0x10/0x10
[ 2100.426692][ T6498]  __x64_sys_accept4+0x9a/0xb0
[ 2100.426707][ T6498]  do_syscall_64+0xfa/0xfa0
[ 2100.426720][ T6498]  ? entry_SYSCALL_64_after_hwframe+0x77/0x7f
[ 2100.426729][ T6498]  ? asm_sysvec_apic_timer_interrupt+0x1a/0x20
[ 2100.426745][ T6498]  ? clear_bhb_loop+0x60/0xb0
[ 2100.426767][ T6498]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[ 2100.426784][ T6498] RIP: 0033:0x7fa450f8efc9
[ 2100.426800][ T6498] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[ 2100.426815][ T6498] RSP: 002b:00007fa451ead038 EFLAGS: 00000246 ORIG_RAX: 0000000000000120
[ 2100.426829][ T6498] RAX: ffffffffffffffda RBX: 00007fa4511e6090 RCX: 00007fa450f8efc9
[ 2100.426837][ T6498] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000000000008
[ 2100.426843][ T6498] RBP: 00007fa451ead090 R08: 0000000000000000 R09: 0000000000000000
[ 2100.426849][ T6498] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[ 2100.426855][ T6498] R13: 00007fa4511e6128 R14: 00007fa4511e6090 R15: 00007fa45130fa28
[ 2100.426871][ T6498]  </TASK>
[ 2100.831362][ T6501] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy
[ 2100.840248][ T6501] misc raw-gadget: fail, usb_gadget_register_driver returned -16
[ 2100.901882][ T6258] 8021q: adding VLAN 0 to HW filter on device team0
[ 2101.064807][ T1149] bridge0: port 1(bridge_slave_0) entered blocking state
[ 2101.071998][ T1149] bridge0: port 1(bridge_slave_0) entered forwarding state
[ 2101.210669][  T147] bridge0: port 2(bridge_slave_1) entered blocking state
[ 2101.217803][  T147] bridge0: port 2(bridge_slave_1) entered forwarding state
[ 2101.405228][ T6258] 8021q: adding VLAN 0 to HW filter on device batadv0
[ 2101.541598][ T6258] veth0_vlan: entered promiscuous mode
[ 2101.575108][ T6258] veth1_vlan: entered promiscuous mode
[ 2101.679738][ T6258] veth0_macvtap: entered promiscuous mode
[ 2101.714940][ T6258] veth1_macvtap: entered promiscuous mode
[ 2101.760741][ T6258] batman_adv: batadv0: Interface activated: batadv_slave_0
[ 2101.791375][ T6258] batman_adv: batadv0: Interface activated: batadv_slave_1
[ 2101.811137][T31424] usb 3-1: new high-speed USB device number 11 using dummy_hcd
[ 2101.848145][  T147] netdevsim netdevsim4 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0
[ 2101.868592][  T147] netdevsim netdevsim4 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0
[ 2101.887799][  T147] netdevsim netdevsim4 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0
[ 2101.930197][  T147] netdevsim netdevsim4 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0
[ 2102.032249][T31424] usb 3-1: Using ep0 maxpacket: 32
[ 2102.060608][T31424] usb 3-1: config 155 has an invalid descriptor of length 0, skipping remainder of the config
[ 2102.071055][  T147] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[ 2102.071072][  T147] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50
[ 2102.097533][T31424] usb 3-1: config 155 interface 0 altsetting 0 has an endpoint descriptor with address 0xE2, changing to 0x82
[ 2102.110401][T31424] usb 3-1: config 155 interface 0 altsetting 0 endpoint 0x82 has an invalid bInterval 0, changing to 7
[ 2102.117615][ T5827] usb 4-1: new high-speed USB device number 13 using dummy_hcd
[ 2102.125776][T31424] usb 3-1: config 155 interface 0 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 11
[ 2102.154130][T31424] usb 3-1: New USB device found, idVendor=15c2, idProduct=ffdc, bcdDevice=bd.30
[ 2102.168999][T31424] usb 3-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[ 2102.177895][T31424] usb 3-1: Product: syz
[ 2102.182071][T31424] usb 3-1: Manufacturer: syz
[ 2102.191704][T31424] usb 3-1: SerialNumber: syz
[ 2102.199174][  T147] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[ 2102.217910][  T147] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50
[ 2102.233181][    C1] imon 3-1:155.0: imon usb_rx_callback_intf0: status(-71)
[ 2102.251261][T31424] input: iMON Panel, Knob and Mouse(15c2:ffdc) as /devices/platform/dummy_hcd.2/usb3/3-1/3-1:155.0/input/input163
[ 2102.276327][    C1] ip6_tunnel: ip6gretap0 xmit: Local address not yet configured!
[ 2102.318794][ T5827] usb 4-1: Using ep0 maxpacket: 8
[ 2102.360134][ T5827] usb 4-1: config 16 interface 0 altsetting 0 endpoint 0x5 has invalid maxpacket 56832, setting to 1024
[ 2102.397005][ T4317] metro_usb 2-1:162.97: Metrologic USB to Serial converter detected
[ 2102.426177][ T5827] usb 4-1: config 16 interface 0 altsetting 0 bulk endpoint 0x5 has invalid maxpacket 1024
[ 2102.446922][ T4317] usb 2-1: Metrologic USB to Serial converter now attached to ttyUSB0
[ 2102.468287][ T5827] usb 4-1: config 16 interface 0 altsetting 0 bulk endpoint 0x8B has invalid maxpacket 32
[ 2102.489067][ T4317] usb 2-1: USB disconnect, device number 47
[ 2102.491768][T31424] imon 3-1:155.0: Unknown 0xffdc device, defaulting to VFD and iMON IR
[ 2102.501856][ T5827] usb 4-1: config 16 interface 0 altsetting 0 has 2 endpoint descriptors, different from the interface descriptor's value: 3
[ 2102.505635][T31424]  (id 0x00)
[ 2102.530812][ T5827] usb 4-1: New USB device found, idVendor=ee8d, idProduct=db1a, bcdDevice=61.23
[ 2102.543582][ T4317] metro-usb ttyUSB0: Metrologic USB to Serial converter now disconnected from ttyUSB0
[ 2102.557421][ T4317] metro_usb 2-1:162.97: device disconnected
[ 2102.574621][ T5827] usb 4-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[ 2102.726797][T31424] rc_core: IR keymap rc-imon-pad not found
[ 2102.734283][T31424] Registered IR keymap rc-empty
[ 2102.887914][ T5827] usb 4-1: GET_CAPABILITIES returned 0
[ 2102.919827][ T4317] usb 2-1: new high-speed USB device number 48 using dummy_hcd
[ 2102.942548][ T5827] usbtmc 4-1:16.0: can't read capabilities
[ 2102.968791][T31424] imon 3-1:155.0: Looks like you're trying to use an IR protocol this device does not support
[ 2103.058631][    C0] usbtmc 4-1:16.0: usbtmc_write_bulk_cb - nonzero write bulk status received: -71
[ 2103.070208][ T6523] usbtmc 4-1:16.0: Unable to send data, error -71
[ 2103.079844][ T5827] usb 4-1: USB disconnect, device number 13
[ 2103.098876][ T4317] usb 2-1: config 0 interface 0 altsetting 0 endpoint 0x88 has invalid wMaxPacketSize 0
[ 2103.117278][ T4317] usb 2-1: New USB device found, idVendor=1ac7, idProduct=0001, bcdDevice=cc.19
[ 2103.127300][ T4317] usb 2-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[ 2103.136616][ T6551] usbtmc: can not find device for minor 0
[ 2103.171930][T31424] imon 3-1:155.0: Unsupported IR protocol specified, overriding to iMON IR protocol
[ 2103.176245][ T4317] usb 2-1: Product: syz
[ 2103.187560][T31424] imon:send_packet: packet tx failed (-71)
[ 2103.236678][T31424] imon 3-1:155.0: remote input dev register failed
[ 2103.252927][T31424] imon 3-1:155.0: imon_init_intf0: rc device setup failed
[ 2103.255862][ T4317] usb 2-1: Manufacturer: syz
[ 2103.281949][ T4317] usb 2-1: SerialNumber: syz
[ 2103.314956][ T4317] usb 2-1: config 0 descriptor??
[ 2103.325861][ T4317] usbtouchscreen 2-1:0.0: probe with driver usbtouchscreen failed with error -32
[ 2103.611154][T31424] imon 3-1:155.0: unable to initialize intf0, err 0
[ 2103.621609][ T6536] netlink: 8 bytes leftover after parsing attributes in process `syz.1.8695'.
[ 2103.635088][T31424] imon:imon_probe: failed to initialize context!
[ 2103.641614][ T6536] netlink: 8 bytes leftover after parsing attributes in process `syz.1.8695'.
[ 2103.641911][ T6536] netlink: 8 bytes leftover after parsing attributes in process `syz.1.8695'.
[ 2103.642157][ T6536] netlink: 8 bytes leftover after parsing attributes in process `syz.1.8695'.
[ 2103.694826][ T6536] netlink: 8 bytes leftover after parsing attributes in process `syz.1.8695'.
[ 2103.766154][T31424] imon 3-1:155.0: unable to register, err -19
[ 2103.789198][T31424] usb 3-1: USB disconnect, device number 11
[ 2103.844409][T17346] usb 2-1: USB disconnect, device number 48
[ 2103.871192][ T6561] loop6: detected capacity change from 0 to 7
[ 2103.908535][ T6561] Dev loop6: unable to read RDB block 7
[ 2103.914160][ T6561]  loop6: unable to read partition table
[ 2103.973069][ T6561] loop6: partition table beyond EOD, truncated
[ 2104.012582][ T6561] loop_reread_partitions: partition scan of loop6 (þ被xü—ŸÑà– ) failed (rc=-5)
[ 2104.402367][ T6575] netlink: 12 bytes leftover after parsing attributes in process `syz.2.8700'.
[ 2104.526006][ T6574] netlink: 52 bytes leftover after parsing attributes in process `syz.3.8702'.
[ 2104.652782][ T6575] netlink: 12 bytes leftover after parsing attributes in process `syz.2.8700'.
[ 2104.847357][ T6574] netlink: 4 bytes leftover after parsing attributes in process `syz.3.8702'.
[ 2104.923312][ T6586] binder: 6585:6586 ioctl c0306201 0 returned -14
[ 2105.127655][ T6586] syz.1.8703 (6586): drop_caches: 2
[ 2105.232906][ T6590] sctp: [Deprecated]: syz.1.8704 (pid 6590) Use of int in max_burst socket option.
[ 2105.232906][ T6590] Use struct sctp_assoc_value instead
[ 2105.740110][ T6606] loop6: detected capacity change from 0 to 7
[ 2105.753465][T15334] Dev loop6: unable to read RDB block 7
[ 2105.759255][T15334]  loop6: unable to read partition table
[ 2105.780917][T15334] loop6: partition table beyond EOD, truncated
[ 2105.797695][ T6606] Dev loop6: unable to read RDB block 7
[ 2105.810106][ T6606]  loop6: unable to read partition table
[ 2105.822653][ T6606] loop6: partition table beyond EOD, truncated
[ 2105.842506][ T6606] loop_reread_partitions: partition scan of loop6 (þ被xü—ŸÑà– ) failed (rc=-5)
[ 2106.054638][ T6614] loop6: detected capacity change from 0 to 7
[ 2106.071751][ T6614] Dev loop6: unable to read RDB block 7
[ 2106.084972][ T6614]  loop6: AHDI p1 p2 p3
[ 2106.102942][ T6614] loop6: partition table partially beyond EOD, truncated
[ 2106.118412][ T6614] loop6: p1 start 4217409618 is beyond EOD, truncated
[ 2106.146858][ T6614] loop6: p2 size 108 extends beyond EOD, truncated
[ 2106.176668][ T6618] syz.1.8714 (6618): drop_caches: 2
[ 2106.294279][T15334] udevd[15334]: inotify_add_watch(7, /dev/loop6p2, 10) failed: No such file or directory
[ 2106.379207][ T4830] usb 5-1: new high-speed USB device number 76 using dummy_hcd
[ 2106.546310][ T4830] usb 5-1: device descriptor read/64, error -71
[ 2106.882786][ T4830] usb 5-1: new high-speed USB device number 77 using dummy_hcd
[ 2107.266243][ T4830] usb 5-1: device descriptor read/64, error -71
[ 2107.378035][ T4830] usb usb5-port1: attempt power cycle
[ 2107.603283][ T6652] kvm_intel: set kvm_intel.dump_invalid_vmcs=1 to dump internal KVM state.
[ 2107.626215][T17691] usb 2-1: new high-speed USB device number 49 using dummy_hcd
[ 2107.803200][T17691] usb 2-1: Using ep0 maxpacket: 16
[ 2107.830557][T17691] usb 2-1: config 0 has an invalid interface number: 1 but max is 0
[ 2107.838731][ T4830] usb 5-1: new high-speed USB device number 78 using dummy_hcd
[ 2107.854766][T17691] usb 2-1: config 0 has no interface number 0
[ 2107.866807][ T4830] usb 5-1: device descriptor read/8, error -71
[ 2107.874479][T17691] usb 2-1: New USB device found, idVendor=04fc, idProduct=1528, bcdDevice=6d.5d
[ 2107.884040][T17691] usb 2-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[ 2107.892251][T17691] usb 2-1: Product: syz
[ 2107.897084][T17691] usb 2-1: Manufacturer: syz
[ 2107.901659][T17691] usb 2-1: SerialNumber: syz
[ 2107.932821][T17691] usb 2-1: config 0 descriptor??
[ 2107.948757][T17691] gspca_main: spca1528-2.14.0 probing 04fc:1528
[ 2108.106219][ T4830] usb 5-1: new high-speed USB device number 79 using dummy_hcd
[ 2108.126747][ T4830] usb 5-1: device descriptor read/8, error -71
[ 2108.255663][ T4830] usb usb5-port1: unable to enumerate USB device
[ 2108.586527][ T4317] usb 3-1: new high-speed USB device number 12 using dummy_hcd
[ 2108.866492][T17691] gspca_spca1528: reg_w err -110
[ 2108.886262][T17691] spca1528 2-1:0.1: probe with driver spca1528 failed with error -110
[ 2109.036566][ T4317] usb 3-1: Using ep0 maxpacket: 16
[ 2109.075385][ T4317] usb 3-1: config 0 has no interfaces?
[ 2109.113921][ T4317] usb 3-1: New USB device found, idVendor=2040, idProduct=b138, bcdDevice= 1.42
[ 2109.137191][ T4317] usb 3-1: New USB device strings: Mfr=4, Product=0, SerialNumber=0
[ 2109.152992][ T4317] usb 3-1: Manufacturer: syz
[ 2109.172153][ T4317] usb 3-1: config 0 descriptor??
[ 2109.613222][ T6686] batadv0: entered promiscuous mode
[ 2109.621481][ T6686] vlan2: entered promiscuous mode
[ 2110.136631][ T6693] 8021q: VLANs not supported on caif0
[ 2110.380290][ T4317] usb 2-1: USB disconnect, device number 49
[ 2110.462695][ T5827] delete_channel: no stack
[ 2110.536217][T31428] usb 4-1: new low-speed USB device number 14 using dummy_hcd
[ 2110.686227][T31428] usb 4-1: Invalid ep0 maxpacket: 64
[ 2110.751677][ T6708] netlink: 12 bytes leftover after parsing attributes in process `syz.1.8740'.
[ 2110.847199][T31428] usb 4-1: new low-speed USB device number 15 using dummy_hcd
[ 2111.038116][T31428] usb 4-1: Invalid ep0 maxpacket: 64
[ 2111.071218][T31428] usb usb4-port1: attempt power cycle
[ 2111.131693][ T4830] usb 2-1: new high-speed USB device number 50 using dummy_hcd
[ 2111.162812][ T6715] loop6: detected capacity change from 0 to 7
[ 2111.182554][T15334] Dev loop6: unable to read RDB block 7
[ 2111.198634][T15334]  loop6: unable to read partition table
[ 2111.225074][T15334] loop6: partition table beyond EOD, truncated
[ 2111.266547][ T6715] Dev loop6: unable to read RDB block 7
[ 2111.282516][ T6715]  loop6: unable to read partition table
[ 2111.300751][ T6715] loop6: partition table beyond EOD, truncated
[ 2111.312182][ T4830] usb 2-1: New USB device found, idVendor=0bed, idProduct=1100, bcdDevice=ec.c3
[ 2111.321976][ T6715] loop_reread_partitions: partition scan of loop6 (þ被xü—ŸÑà– ) failed (rc=-5)
[ 2111.336450][ T4830] usb 2-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[ 2111.361750][ T4830] usb 2-1: config 0 descriptor??
[ 2111.381942][ T4830] cp210x 2-1:0.0: cp210x converter detected
[ 2111.446207][T31428] usb 4-1: new low-speed USB device number 16 using dummy_hcd
[ 2111.469360][T31428] usb 4-1: Invalid ep0 maxpacket: 64
[ 2111.596394][T31428] usb 4-1: new low-speed USB device number 17 using dummy_hcd
[ 2111.623467][ T6723] netlink: 'syz.0.8745': attribute type 10 has an invalid length.
[ 2111.635010][T31428] usb 4-1: Invalid ep0 maxpacket: 64
[ 2111.644227][T31428] usb usb4-port1: unable to enumerate USB device
[ 2111.646280][    C1] ip6_tunnel: ip6gretap0 xmit: Local address not yet configured!
[ 2111.788919][ T4830] cp210x 2-1:0.0: failed to get vendor val 0x000e size 3: -32
[ 2111.797144][ T6706] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy
[ 2111.807015][ T6706] misc raw-gadget: fail, usb_gadget_register_driver returned -16
[ 2111.855184][ T4830] usb 2-1: cp210x converter now attached to ttyUSB0
[ 2111.946635][ T4830] usb 3-1: USB disconnect, device number 12
[ 2112.923370][ T6737] vlan0: entered promiscuous mode
[ 2113.096207][ T4830] usb 5-1: new high-speed USB device number 80 using dummy_hcd
[ 2113.257947][ T4830] usb 5-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config
[ 2113.276176][ T4830] usb 5-1: New USB device found, idVendor=0471, idProduct=0304, bcdDevice=e4.df
[ 2113.286173][ T4830] usb 5-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[ 2113.402092][ T6741] veth21: entered promiscuous mode
[ 2113.407712][ T6741] veth21: entered allmulticast mode
[ 2113.452080][ T4830] usb 5-1: config 0 descriptor??
[ 2113.469688][ T4830] pwc: Askey VC010 type 2 USB webcam detected.
[ 2113.508189][ T6747] loop6: detected capacity change from 0 to 7
[ 2113.521095][ T6747] Dev loop6: unable to read RDB block 7
[ 2113.531784][ T6747]  loop6: unable to read partition table
[ 2113.540473][ T6747] loop6: partition table beyond EOD, truncated
[ 2113.555649][ T6747] loop_reread_partitions: partition scan of loop6 (þ被xü—ŸÑà– ) failed (rc=-5)
[ 2113.629195][T17691] usb 2-1: USB disconnect, device number 50
[ 2113.645977][T17691] cp210x ttyUSB0: cp210x converter now disconnected from ttyUSB0
[ 2113.754617][T17691] cp210x 2-1:0.0: device disconnected
[ 2113.866172][ T4830] pwc: recv_control_msg error -32 req 02 val 2b00
[ 2113.874170][ T4830] pwc: recv_control_msg error -32 req 02 val 2700
[ 2113.882056][ T4830] pwc: recv_control_msg error -32 req 02 val 2c00
[ 2113.889169][ T4830] pwc: recv_control_msg error -32 req 04 val 1000
[ 2113.906254][ T4830] pwc: recv_control_msg error -32 req 04 val 1300
[ 2113.923610][ T4830] pwc: recv_control_msg error -32 req 04 val 1400
[ 2113.930932][ T4830] pwc: recv_control_msg error -32 req 02 val 2000
[ 2113.938078][ T4830] pwc: recv_control_msg error -32 req 02 val 2100
[ 2113.945105][ T4830] pwc: recv_control_msg error -32 req 04 val 1500
[ 2113.957175][ T4830] pwc: recv_control_msg error -32 req 02 val 2500
[ 2113.964504][ T4830] pwc: recv_control_msg error -32 req 02 val 2400
[ 2113.966154][ T5827] usb 4-1: new full-speed USB device number 18 using dummy_hcd
[ 2113.979657][ T4830] pwc: recv_control_msg error -32 req 02 val 2600
[ 2113.988024][ T4830] pwc: recv_control_msg error -32 req 02 val 2900
[ 2113.996981][ T4830] pwc: recv_control_msg error -32 req 02 val 2800
[ 2114.010612][ T4830] pwc: recv_control_msg error -32 req 04 val 1100
[ 2114.046682][ T4830] pwc: Registered as video103.
[ 2114.053218][ T4830] input: PWC snapshot button as /devices/platform/dummy_hcd.4/usb5/5-1/input/input166
[ 2114.246972][ T5827] usb 4-1: device descriptor read/64, error -71
[ 2114.258086][ T4830] usb 5-1: USB disconnect, device number 80
[ 2114.637790][ T5827] usb 4-1: new full-speed USB device number 19 using dummy_hcd
[ 2114.824537][ T5827] usb 4-1: device descriptor read/64, error -71
[ 2114.962291][ T6769] sch_tbf: burst 0 is lower than device veth1 mtu (1514) !
[ 2115.024596][ T5827] usb usb4-port1: attempt power cycle
[ 2115.562679][ T5827] usb 4-1: new full-speed USB device number 20 using dummy_hcd
[ 2115.786228][ T5827] usb 4-1: device descriptor read/8, error -71
[ 2116.027764][ T5827] usb 4-1: new full-speed USB device number 21 using dummy_hcd
[ 2116.079659][ T5827] usb 4-1: device descriptor read/8, error -71
[ 2116.220852][ T5827] usb usb4-port1: unable to enumerate USB device
[ 2116.282504][ T6787] loop6: detected capacity change from 0 to 7
[ 2116.289605][ T6787] Dev loop6: unable to read RDB block 7
[ 2116.359929][ T6787]  loop6: AHDI p1 p2 p3
[ 2116.364138][ T6787] loop6: partition table partially beyond EOD, truncated
[ 2116.390138][ T6787] loop6: p1 start 4217409618 is beyond EOD, truncated
[ 2116.398339][ T6787] loop6: p2 size 108 extends beyond EOD, truncated
[ 2116.474595][T15334] udevd[15334]: inotify_add_watch(7, /dev/loop6p2, 10) failed: No such file or directory
[ 2116.548567][ T6792] vlan2: entered promiscuous mode
[ 2116.559658][ T6794] binder: 6793:6794 unknown command 0
[ 2116.565237][ T6794] binder: 6793:6794 ioctl c0306201 200000000100 returned -22
[ 2116.590302][ T6795] binder: 6793:6795 unknown command 1
[ 2116.595808][ T6795] binder: 6793:6795 ioctl c0306201 200000000100 returned -22
[ 2116.666208][ T5827] usb 2-1: new high-speed USB device number 51 using dummy_hcd
[ 2116.818256][ T5827] usb 2-1: Using ep0 maxpacket: 16
[ 2116.829867][ T5827] usb 2-1: config 0 interface 0 has no altsetting 0
[ 2116.839390][ T5827] usb 2-1: New USB device found, idVendor=0dfc, idProduct=0101, bcdDevice= 0.00
[ 2116.874433][ T5827] usb 2-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[ 2116.881573][ T6804] netlink: 176 bytes leftover after parsing attributes in process `syz.2.8771'.
[ 2116.891949][ T6804] ip6gretap0: entered promiscuous mode
[ 2116.898403][ T6804] netlink: 176 bytes leftover after parsing attributes in process `syz.2.8771'.
[ 2116.908623][ T5827] usb 2-1: config 0 descriptor??
[ 2117.116199][T31428] usb 4-1: new low-speed USB device number 22 using dummy_hcd
[ 2117.271529][T31428] usb 4-1: No LPM exit latency info found, disabling LPM.
[ 2117.283525][T31428] usb 4-1: config 1 interface 0 altsetting 241 endpoint 0x81 has invalid maxpacket 512, setting to 8
[ 2117.356420][ T6817] netdevsim netdevsim2: Direct firmware load for .
[ 2117.356420][ T6817]  failed with error -2
[ 2117.367865][ T6817] netdevsim netdevsim2: Falling back to sysfs fallback for: .
[ 2117.367865][ T6817] 
[ 2117.412668][T31428] usb 4-1: config 1 interface 0 altsetting 241 endpoint 0x2 has invalid maxpacket 32, setting to 8
[ 2117.423616][T31428] usb 4-1: config 1 interface 0 altsetting 241 has 2 endpoint descriptors, different from the interface descriptor's value: 9
[ 2117.450122][T31428] usb 4-1: config 1 interface 0 has no altsetting 0
[ 2117.527924][ T5827] hid-generic 0003:0DFC:0101.0077: unknown main item tag 0x0
[ 2117.536539][ T5827] hid-generic 0003:0DFC:0101.0077: unknown main item tag 0x0
[ 2117.551340][ T5827] hid-generic 0003:0DFC:0101.0077: unknown main item tag 0x0
[ 2117.559716][ T5827] hid-generic 0003:0DFC:0101.0077: unknown main item tag 0x0
[ 2117.567220][ T5827] hid-generic 0003:0DFC:0101.0077: unknown main item tag 0x0
[ 2117.603495][ T5827] hid-generic 0003:0DFC:0101.0077: unknown main item tag 0x0
[ 2117.614062][ T5827] hid-generic 0003:0DFC:0101.0077: unknown main item tag 0x0
[ 2117.621628][ T5827] hid-generic 0003:0DFC:0101.0077: unknown main item tag 0x0
[ 2117.631954][ T5827] hid-generic 0003:0DFC:0101.0077: unknown main item tag 0x0
[ 2117.835034][ T5827] hid-generic 0003:0DFC:0101.0077: unknown main item tag 0x0
[ 2117.910927][ T6824] netlink: 20 bytes leftover after parsing attributes in process `syz.0.8777'.
[ 2118.214071][ T5827] hid-generic 0003:0DFC:0101.0077: hidraw0: USB HID v0.00 Device [HID 0dfc:0101] on usb-dummy_hcd.1-1/input0
[ 2118.323030][ T5827] usb 2-1: USB disconnect, device number 51
[ 2118.415368][ T6830] loop9: detected capacity change from 0 to 7
[ 2118.423744][ T6830] Dev loop9: unable to read RDB block 7
[ 2118.433325][ T6830]  loop9: unable to read partition table
[ 2118.451885][ T6827] fido_id[6827]: Failed to open report descriptor at '/sys/devices/platform/dummy_hcd.1/usb2/report_descriptor': No such file or directory
[ 2118.456430][ T6830] loop9: partition table beyond EOD, truncated
[ 2118.605156][ T6830] loop_reread_partitions: partition scan of loop9 (þ被xü—ŸÑà– ) failed (rc=-5)
[ 2118.866194][ T5827] usb 2-1: new high-speed USB device number 52 using dummy_hcd
[ 2119.046553][ T5827] usb 2-1: Using ep0 maxpacket: 8
[ 2119.059992][ T5827] usb 2-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config
[ 2119.077127][ T5827] usb 2-1: New USB device found, idVendor=0421, idProduct=798f, bcdDevice=86.54
[ 2119.086593][ T5827] usb 2-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[ 2119.096521][ T5827] usb 2-1: Product: syz
[ 2119.100826][ T5827] usb 2-1: Manufacturer: syz
[ 2119.121201][ T5827] usb 2-1: SerialNumber: syz
[ 2119.145786][ T5827] usb 2-1: config 0 descriptor??
[ 2119.165339][ T5827] cdc_phonet 2-1:0.0: skipping garbage
[ 2119.171619][ T5827] cdc_phonet 2-1:0.0: probe with driver cdc_phonet failed with error -22
[ 2119.193706][ T6841] fuse: Unknown parameter 'èØ
'
[ 2119.237725][ T6841] fuse: Unknown parameter 'group_i00000000000000000000'
[ 2119.394550][T17691] usb 1-1: new high-speed USB device number 127 using dummy_hcd
[ 2119.647018][T17691] usb 1-1: config 27 interface 0 altsetting 0 endpoint 0x8B has an invalid bInterval 0, changing to 7
[ 2119.676258][T17691] usb 1-1: config 27 interface 0 altsetting 0 bulk endpoint 0xB has invalid maxpacket 47
[ 2119.848369][T31428] usb 4-1: New USB device found, idVendor=044f, idProduct=b323, bcdDevice= 0.40
[ 2119.946611][T17691] usb 1-1: New USB device found, idVendor=0582, idProduct=0014, bcdDevice=bb.9d
[ 2119.950590][T31428] usb 4-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[ 2120.014807][T17691] usb 1-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[ 2120.056244][T31428] usb 4-1: Product: ⩪㡭̙祕犘兦見퀔�陀춲錪ꢴ趘땉殣딭葩푙딱㹳안岸儩�ﵾᖕ沦अ薽�ग़嘫厦躶쯺ؑ㬀᪾宲䜡ꊖ磸벋뤬誟�邸燲ഊ웠膹�ࢡ芆�滒橈ᯬ⪢�⼣橠胅✭ᔽ懲἗᫺펹�꤈氢釀뿶
[ 2120.118179][ T6840] raw-gadget.2 gadget.0: fail, usb_ep_enable returned -22
[ 2120.132092][T17691] usb 1-1: Quirk or no altset; falling back to MIDI 1.0
[ 2120.336625][T31428] usb 4-1: Manufacturer: 쌖凌ࡹ因턃쉙⦸峫�渥毘ﰇ�髟䪩佂囚䌌㮔ꕒ戀ঔ��摨⤤囨вᗱ餧ᒮᖕ狔Ḓ◱俱�₾㯛莪᡺኱ᥡ�ޅ鬣묚ણ�굚⢕Ẉꂾ�⻚륜�㑨�햀﵌��ﶤ铡硠�ᣯට�墼⑉텮䗵쫗����辈ꊨ�ꊠ麠��ᘧ좵佈튾꧷ꀆ턥�䳻娽唤�㯊�⵻쩈Ꚉ撪�㚤뜆ి�ᅳ
[ 2120.411798][ T6840] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy
[ 2120.505076][ T6840] misc raw-gadget: fail, usb_gadget_register_driver returned -16
[ 2120.528293][ T6840] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy
[ 2120.554357][ T6840] misc raw-gadget: fail, usb_gadget_register_driver returned -16
[ 2121.013056][ T6840] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy
[ 2121.048687][ T6840] misc raw-gadget: fail, usb_gadget_register_driver returned -16
[ 2121.237737][T31428] usb 4-1: can't set config #1, error -71
[ 2121.276039][T31428] usb 4-1: USB disconnect, device number 22
[ 2122.051196][ T4830] usb 2-1: USB disconnect, device number 52
[ 2122.106390][T17691] usb 5-1: new high-speed USB device number 81 using dummy_hcd
[ 2122.246995][T17346] IPVS: starting estimator thread 0...
[ 2122.254788][ T6865] IPVS: ovf: UDP 224.0.0.2:0 - no destination available
[ 2122.286789][T17691] usb 5-1: Using ep0 maxpacket: 8
[ 2122.346515][T17691] usb 5-1: config 2 has an invalid interface number: 31 but max is 0
[ 2122.354636][T17691] usb 5-1: config 2 has no interface number 0
[ 2122.376715][ T6867] IPVS: using max 49 ests per chain, 117600 per kthread
[ 2122.602137][T17691] usb 5-1: config 2 interface 31 has no altsetting 0
[ 2122.769055][T17691] usb 5-1: New USB device found, idVendor=1a86, idProduct=e092, bcdDevice=53.3f
[ 2122.861485][T17691] usb 5-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[ 2122.867095][ T6877] netlink: 8 bytes leftover after parsing attributes in process `syz.3.8790'.
[ 2122.883088][ T4830] usb 1-1: USB disconnect, device number 127
[ 2122.915729][T17691] usb 5-1: Product: syz
[ 2122.946285][T17691] usb 5-1: Manufacturer: syz
[ 2123.006315][T17691] usb 5-1: SerialNumber: syz
[ 2123.063938][T17691] ch9200 5-1:2.31: probe with driver ch9200 failed with error -22
[ 2123.331330][ T6886] netlink: 12 bytes leftover after parsing attributes in process `syz.0.8792'.
[ 2123.825626][ T6876] veth0_to_team: left promiscuous mode
[ 2124.331107][ T6899] loop6: detected capacity change from 0 to 7
[ 2124.349466][T15334] Dev loop6: unable to read RDB block 7
[ 2124.355189][T15334]  loop6: unable to read partition table
[ 2124.400105][T15334] loop6: partition table beyond EOD, truncated
[ 2124.414742][ T6899] Dev loop6: unable to read RDB block 7
[ 2124.425038][ T6899]  loop6: unable to read partition table
[ 2124.432440][ T6899] loop6: partition table beyond EOD, truncated
[ 2124.450807][ T6899] loop_reread_partitions: partition scan of loop6 (þ被xü—ŸÑà– ) failed (rc=-5)
[ 2124.684514][ T6905] netlink: 76 bytes leftover after parsing attributes in process `syz.1.8797'.
[ 2124.771402][ T6906] iommufd_mock iommufd_mock0: Adding to iommu group 0
[ 2124.838474][ T6876] veth3: left promiscuous mode
[ 2124.843328][ T6876] veth3: left allmulticast mode
[ 2125.051000][ T6876] gretap1: left allmulticast mode
[ 2125.057613][ T6876] bridge1: left allmulticast mode
[ 2125.063915][ T6876] veth5: left promiscuous mode
[ 2125.069777][ T6876] veth5: left allmulticast mode
[ 2125.079534][ T6876] veth7: left promiscuous mode
[ 2125.086224][ T6876] veth7: left allmulticast mode
[ 2125.103514][ T6876] veth9: left promiscuous mode
[ 2125.109685][ T6876] veth9: left allmulticast mode
[ 2125.144297][ T6876] vlan2: left promiscuous mode
[ 2125.181003][ T6876] bond2: left promiscuous mode
[ 2125.189025][ T6876] bridge2: left promiscuous mode
[ 2125.195528][ T6876] bond2: left allmulticast mode
[ 2125.201181][ T6876] bridge2: left allmulticast mode
[ 2125.234904][ T6876] veth11: left promiscuous mode
[ 2125.240701][ T6876] veth11: left allmulticast mode
[ 2125.281975][ T6876] veth13: left promiscuous mode
[ 2125.290598][ T6876] veth13: left allmulticast mode
[ 2125.296782][ T6876] gretap2: left allmulticast mode
[ 2125.314017][ T6876] ip6erspan0: left promiscuous mode
[ 2125.330502][ T6876] veth15: left promiscuous mode
[ 2125.335624][ T6876] veth15: left allmulticast mode
[ 2125.356017][ T6876] mac80211_hwsim hwsim32 syzkaller0: left promiscuous mode
[ 2125.363500][ T6876] mac80211_hwsim hwsim32 syzkaller0: left allmulticast mode
[ 2125.379602][ T6876] veth17: left promiscuous mode
[ 2125.384485][ T6876] veth17: left allmulticast mode
[ 2125.389939][ T6876] veth19: left promiscuous mode
[ 2125.394806][ T6876] veth19: left allmulticast mode
[ 2125.405059][ T6877] geneve2: entered promiscuous mode
[ 2125.411923][ T6877] geneve2: entered allmulticast mode
[ 2125.419309][ T6886] 8021q: VLANs not supported on caif0
[ 2125.434658][T31428] usb 5-1: USB disconnect, device number 81
[ 2125.470069][ T6910] vlan0: entered promiscuous mode
[ 2125.685186][   T30] audit: type=1326 audit(1761128654.771:6886): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=6911 comm="syz.4.8799" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f1d7cd8efc9 code=0x7ffc0000
[ 2125.867850][   T30] audit: type=1326 audit(1761128654.811:6887): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=6911 comm="syz.4.8799" exe="/root/syz-executor" sig=0 arch=c000003e syscall=314 compat=0 ip=0x7f1d7cd8efc9 code=0x7ffc0000
[ 2125.905137][ T6916] lo: Caught tx_queue_len zero misconfig
[ 2125.911268][ T6916] netem: incorrect ge model size
[ 2125.917839][ T6916] netem: change failed
[ 2125.962348][   T30] audit: type=1326 audit(1761128654.811:6888): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=6911 comm="syz.4.8799" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f1d7cd8efc9 code=0x7ffc0000
[ 2125.985672][   T30] audit: type=1326 audit(1761128654.811:6889): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=6911 comm="syz.4.8799" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f1d7cd8efc9 code=0x7ffc0000
[ 2126.056416][   T30] audit: type=1326 audit(1761128654.811:6890): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=6911 comm="syz.4.8799" exe="/root/syz-executor" sig=0 arch=c000003e syscall=248 compat=0 ip=0x7f1d7cd8efc9 code=0x7ffc0000
[ 2126.079059][   T30] audit: type=1326 audit(1761128654.811:6891): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=6911 comm="syz.4.8799" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f1d7cd8efc9 code=0x7ffc0000
[ 2126.102610][   T30] audit: type=1326 audit(1761128654.811:6892): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=6911 comm="syz.4.8799" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f1d7cd8efc9 code=0x7ffc0000
[ 2126.137618][   T30] audit: type=1326 audit(1761128654.811:6893): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=6911 comm="syz.4.8799" exe="/root/syz-executor" sig=0 arch=c000003e syscall=293 compat=0 ip=0x7f1d7cd8efc9 code=0x7ffc0000
[ 2126.162260][   T30] audit: type=1326 audit(1761128654.811:6894): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=6911 comm="syz.4.8799" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f1d7cd8efc9 code=0x7ffc0000
[ 2126.200766][   T30] audit: type=1326 audit(1761128654.811:6895): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=6911 comm="syz.4.8799" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f1d7cd8efc9 code=0x7ffc0000
[ 2126.332013][ T6929] netlink: 'syz.2.8802': attribute type 10 has an invalid length.
[ 2126.351982][ T6929] bond0: (slave dummy0): Enslaving as an active interface with an up link
[ 2127.418138][ T6941] loop6: detected capacity change from 0 to 7
[ 2127.458900][ T6941] Dev loop6: unable to read RDB block 7
[ 2127.502221][ T6941]  loop6: unable to read partition table
[ 2127.545533][ T6941] loop6: partition table beyond EOD, truncated
[ 2127.556405][ T6941] loop_reread_partitions: partition scan of loop6 (þ被xü—ŸÑà– ) failed (rc=-5)
[ 2128.003231][T17346] usb 5-1: new high-speed USB device number 82 using dummy_hcd
[ 2128.176180][T17691] usb 1-1: new high-speed USB device number 2 using dummy_hcd
[ 2128.199162][T17346] usb 5-1: Using ep0 maxpacket: 8
[ 2128.219884][T17346] usb 5-1: config 0 has an invalid interface number: 176 but max is 2
[ 2128.228175][T17346] usb 5-1: config 0 has an invalid interface number: 49 but max is 2
[ 2128.236322][T17346] usb 5-1: config 0 has no interface number 1
[ 2128.242718][T17346] usb 5-1: config 0 has no interface number 2
[ 2128.272644][T17346] usb 5-1: New USB device found, idVendor=05c6, idProduct=9205, bcdDevice=29.ac
[ 2128.294021][T17346] usb 5-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[ 2128.327568][T17691] usb 1-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config
[ 2128.340269][T17691] usb 1-1: config 0 interface 0 altsetting 12 endpoint 0x6 has invalid wMaxPacketSize 0
[ 2128.364552][T17346] usb 5-1: config 0 descriptor??
[ 2128.404814][T17691] usb 1-1: config 0 interface 0 altsetting 12 bulk endpoint 0x6 has invalid maxpacket 0
[ 2128.438018][T17346] qmi_wwan 5-1:0.0: probe with driver qmi_wwan failed with error -22
[ 2128.461944][T17691] usb 1-1: config 0 interface 0 altsetting 12 has 1 endpoint descriptor, different from the interface descriptor's value: 2
[ 2128.545705][T17691] usb 1-1: config 0 interface 0 has no altsetting 0
[ 2128.561955][T17691] usb 1-1: New USB device found, idVendor=1199, idProduct=b000, bcdDevice=e5.38
[ 2128.571898][T17691] usb 1-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[ 2128.585853][T17691] usb 1-1: Product: syz
[ 2128.595936][T17691] usb 1-1: Manufacturer: syz
[ 2128.614179][T17691] usb 1-1: SerialNumber: syz
[ 2129.167234][T17691] usb 1-1: config 0 descriptor??
[ 2129.467168][T17691] usb 1-1: USB disconnect, device number 2
[ 2129.520432][ T6975] netlink: 'syz.3.8815': attribute type 4 has an invalid length.
[ 2130.516665][T17691] usb 1-1: new high-speed USB device number 3 using dummy_hcd
[ 2130.548329][T31421] usb 4-1: new high-speed USB device number 23 using dummy_hcd
[ 2130.574878][ T1168] netdevsim netdevsim1 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 20001 - 0
[ 2130.666837][T17691] usb 1-1: device descriptor read/64, error -71
[ 2130.721213][T31421] usb 4-1: config 0 has an invalid interface number: 47 but max is 0
[ 2130.739505][T31421] usb 4-1: config 0 has no interface number 0
[ 2130.751906][T31421] usb 4-1: config 0 interface 47 altsetting 252 bulk endpoint 0xD has invalid maxpacket 8
[ 2130.787138][T25137] Bluetooth: hci0: unexpected cc 0x0c03 length: 249 > 1
[ 2130.789756][ T1168] netdevsim netdevsim1 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 20001 - 0
[ 2130.800176][T25137] Bluetooth: hci0: unexpected cc 0x1003 length: 249 > 9
[ 2130.813629][T25137] Bluetooth: hci0: unexpected cc 0x1001 length: 249 > 9
[ 2130.821490][T25137] Bluetooth: hci0: unexpected cc 0x0c23 length: 249 > 4
[ 2130.829126][T25137] Bluetooth: hci0: unexpected cc 0x0c38 length: 249 > 2
[ 2130.836946][    C1] ip6_tunnel: ip6gretap0 xmit: Local address not yet configured!
[ 2130.890031][T31421] usb 4-1: config 0 interface 47 altsetting 252 bulk endpoint 0x1 has invalid maxpacket 8
[ 2130.906209][T17691] usb 1-1: new high-speed USB device number 4 using dummy_hcd
[ 2130.973871][T31421] usb 4-1: config 0 interface 47 altsetting 252 endpoint 0x9 has invalid maxpacket 1024, setting to 64
[ 2131.051656][T31421] usb 4-1: config 0 interface 47 has no altsetting 0
[ 2131.082168][T31421] usb 4-1: New USB device found, idVendor=7d15, idProduct=31b2, bcdDevice=57.4b
[ 2131.103037][T31421] usb 4-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[ 2131.136322][T17691] usb 1-1: device descriptor read/64, error -71
[ 2131.145386][T31421] usb 4-1: config 0 descriptor??
[ 2131.168588][ T6984] raw-gadget.2 gadget.3: fail, usb_ep_enable returned -22
[ 2131.246343][ T6984] raw-gadget.2 gadget.3: fail, usb_ep_enable returned -22
[ 2131.275700][T17691] usb usb1-port1: attempt power cycle
[ 2131.310613][T31421] usb-storage 4-1:0.47: USB Mass Storage device detected
[ 2131.383864][ T1168] netdevsim netdevsim1 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 20001 - 0
[ 2131.463953][T17346] usb 5-1: Could not set interface, error -71
[ 2131.543801][ T6529] usb 4-1: USB disconnect, device number 23
[ 2131.560708][T17346] usb 5-1: USB disconnect, device number 82
[ 2131.578640][ T1168] netdevsim netdevsim1 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 20001 - 0
[ 2131.697281][T17691] usb 1-1: new high-speed USB device number 5 using dummy_hcd
[ 2131.867092][T17691] usb 1-1: device descriptor read/8, error -71
[ 2132.126982][T17691] usb 1-1: new high-speed USB device number 6 using dummy_hcd
[ 2132.167551][T17691] usb 1-1: device descriptor read/8, error -71
[ 2132.236502][T17346] usb 5-1: new high-speed USB device number 83 using dummy_hcd
[ 2132.279390][ T1168] tipc: Resetting bearer <eth:syzkaller0>
[ 2132.298985][T17691] usb usb1-port1: unable to enumerate USB device
[ 2132.416295][ T5912] usb 4-1: new high-speed USB device number 24 using dummy_hcd
[ 2132.423928][T17346] usb 5-1: Using ep0 maxpacket: 8
[ 2132.487374][T17346] usb 5-1: config 0 has an invalid interface number: 55 but max is 0
[ 2132.536397][T17346] usb 5-1: config 0 has no interface number 0
[ 2132.578244][T17346] usb 5-1: config 0 interface 55 altsetting 0 has an invalid descriptor for endpoint zero, skipping
[ 2132.606884][ T5912] usb 4-1: Using ep0 maxpacket: 32
[ 2132.618248][ T5912] usb 4-1: config 0 has an invalid interface number: 225 but max is 0
[ 2132.633418][T17346] usb 5-1: config 0 interface 55 altsetting 0 has an endpoint descriptor with address 0xAB, changing to 0x8B
[ 2132.653373][ T5912] usb 4-1: config 0 has no interface number 0
[ 2132.680929][ T5912] usb 4-1: New USB device found, idVendor=0856, idProduct=ac30, bcdDevice=7e.79
[ 2132.706772][T17346] usb 5-1: config 0 interface 55 altsetting 0 endpoint 0x8B has an invalid bInterval 0, changing to 7
[ 2132.734723][ T5912] usb 4-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[ 2132.782365][T17346] usb 5-1: config 0 interface 55 altsetting 0 has 3 endpoint descriptors, different from the interface descriptor's value: 2
[ 2132.797662][ T5912] usb 4-1: Product: syz
[ 2132.830647][ T5912] usb 4-1: Manufacturer: syz
[ 2132.859151][ T5912] usb 4-1: SerialNumber: syz
[ 2132.871925][T17346] usb 5-1: New USB device found, idVendor=0f11, idProduct=1080, bcdDevice=fc.6a
[ 2132.903708][ T5912] usb 4-1: config 0 descriptor??
[ 2132.916379][T25137] Bluetooth: hci0: command tx timeout
[ 2132.955903][T17346] usb 5-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[ 2133.179916][ T7003] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy
[ 2133.206237][T17346] usb 5-1: config 0 descriptor??
[ 2133.232249][T17346] ldusb 5-1:0.55: LD USB Device #0 now attached to major 180 minor 0
[ 2133.240908][ T7003] misc raw-gadget: fail, usb_gadget_register_driver returned -16
[ 2133.294420][ T5912] mos7840 4-1:0.225: required endpoints missing
[ 2133.509556][ T6529] usb 4-1: USB disconnect, device number 24
[ 2133.531134][ T6888] usb 5-1: USB disconnect, device number 83
[ 2133.595892][ T6888] ldusb 5-1:0.55: LD USB Device #0 now disconnected
[ 2133.811148][ T1168] tipc: Disabling bearer <eth:syzkaller0>
[ 2133.920272][ T7028] loop6: detected capacity change from 0 to 7
[ 2133.930039][ T7028] Dev loop6: unable to read RDB block 7
[ 2133.935668][ T7028]  loop6: unable to read partition table
[ 2133.943993][ T7028] loop6: partition table beyond EOD, truncated
[ 2133.952866][ T7028] loop_reread_partitions: partition scan of loop6 (þ被xü—ŸÑà– ) failed (rc=-5)
[ 2134.151801][ T1168] bond0 (unregistering): (slave wlan1): Releasing backup interface
[ 2134.177152][ T1168] bond0 (unregistering): Released all slaves
[ 2134.193158][ T6988] chnl_net:caif_netlink_parms(): no params data found
[ 2134.744824][ T7045] netlink: 16 bytes leftover after parsing attributes in process `syz.2.8834'.
[ 2134.964908][ T7048] loop6: detected capacity change from 0 to 7
[ 2134.972124][ T7048] Dev loop6: unable to read RDB block 7
[ 2134.978258][ T7048]  loop6: AHDI p1 p2 p3
[ 2134.982634][ T7048] loop6: partition table partially beyond EOD, truncated
[ 2135.000066][ T7048] loop6: p1 start 4217409618 is beyond EOD, truncated
[ 2135.001537][T25137] Bluetooth: hci0: command tx timeout
[ 2135.111994][ T7048] loop6: p2 size 108 extends beyond EOD, truncated
[ 2135.165244][ T1168] tipc: Left network mode
[ 2135.236339][T17346] usb 1-1: new high-speed USB device number 7 using dummy_hcd
[ 2135.308255][T15334] udevd[15334]: inotify_add_watch(7, /dev/loop6p2, 10) failed: No such file or directory
[ 2135.426670][ T7053] x_tables: duplicate underflow at hook 1
[ 2135.439896][T17346] usb 1-1: config 27 interface 0 altsetting 0 endpoint 0x8B has an invalid bInterval 0, changing to 7
[ 2135.452496][ T7057] iommufd_mock iommufd_mock0: Adding to iommu group 0
[ 2135.466242][T17346] usb 1-1: config 27 interface 0 altsetting 0 bulk endpoint 0xB has invalid maxpacket 47
[ 2135.486177][T17346] usb 1-1: New USB device found, idVendor=0582, idProduct=0014, bcdDevice=bb.9d
[ 2135.505554][T17346] usb 1-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[ 2135.548011][ T7046] raw-gadget.0 gadget.0: fail, usb_ep_enable returned -22
[ 2135.559082][T17346] usb 1-1: Quirk or no altset; falling back to MIDI 1.0
[ 2135.728955][ T6988] bridge0: port 1(bridge_slave_0) entered blocking state
[ 2135.746714][ T6988] bridge0: port 1(bridge_slave_0) entered disabled state
[ 2135.763319][ T7046] fuse: Unknown parameter 'rootmod'
[ 2135.779188][ T6988] bridge_slave_0: entered allmulticast mode
[ 2135.808768][ T7065] loop6: detected capacity change from 0 to 7
[ 2135.811827][ T6988] bridge_slave_0: entered promiscuous mode
[ 2135.815819][ T7065] Dev loop6: unable to read RDB block 7
[ 2135.840213][ T7065]  loop6: unable to read partition table
[ 2135.846054][ T7065] loop6: partition table beyond EOD, truncated
[ 2135.877332][ T7065] loop_reread_partitions: partition scan of loop6 (þ被xü—ŸÑà– ) failed (rc=-5)
[ 2135.899466][ T6988] bridge0: port 2(bridge_slave_1) entered blocking state
[ 2135.928748][ T6988] bridge0: port 2(bridge_slave_1) entered disabled state
[ 2135.941379][ T6988] bridge_slave_1: entered allmulticast mode
[ 2135.972886][ T6988] bridge_slave_1: entered promiscuous mode
[ 2135.990714][T17691] usb 1-1: USB disconnect, device number 7
[ 2136.555212][ T6529] usb 5-1: new high-speed USB device number 84 using dummy_hcd
[ 2136.608310][   T30] kauditd_printk_skb: 45 callbacks suppressed
[ 2136.608327][   T30] audit: type=1326 audit(1761128665.681:6941): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=7073 comm="syz.2.8842" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f92fef8efc9 code=0x7ffc0000
[ 2136.744703][   T30] audit: type=1326 audit(1761128665.681:6942): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=7073 comm="syz.2.8842" exe="/root/syz-executor" sig=0 arch=c000003e syscall=27 compat=0 ip=0x7f92fef8efc9 code=0x7ffc0000
[ 2136.772169][   T30] audit: type=1326 audit(1761128665.681:6943): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=7073 comm="syz.2.8842" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f92fef8efc9 code=0x7ffc0000
[ 2136.799732][ T6529] usb 5-1: Using ep0 maxpacket: 16
[ 2136.823565][   T30] audit: type=1326 audit(1761128665.681:6944): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=7073 comm="syz.2.8842" exe="/root/syz-executor" sig=0 arch=c000003e syscall=427 compat=0 ip=0x7f92fef8efc9 code=0x7ffc0000
[ 2136.851279][ T6529] usb 5-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config
[ 2136.900414][ T6529] usb 5-1: config 0 interface 0 altsetting 0 endpoint 0x82 has an invalid bInterval 0, changing to 7
[ 2136.904984][   T30] audit: type=1326 audit(1761128665.681:6945): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=7073 comm="syz.2.8842" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f92fef8efc9 code=0x7ffc0000
[ 2136.943666][ T7084] netlink: 'syz.2.8843': attribute type 10 has an invalid length.
[ 2136.959751][   T30] audit: type=1326 audit(1761128665.681:6946): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=7073 comm="syz.2.8842" exe="/root/syz-executor" sig=0 arch=c000003e syscall=41 compat=0 ip=0x7f92fef8efc9 code=0x7ffc0000
[ 2136.960563][ T6529] usb 5-1: config 0 interface 0 altsetting 0 endpoint 0x2 has invalid wMaxPacketSize 0
[ 2136.998186][ T7081] netlink: 'syz.2.8843': attribute type 10 has an invalid length.
[ 2137.014624][ T1168] hsr_slave_0: left promiscuous mode
[ 2137.034392][   T30] audit: type=1326 audit(1761128665.681:6947): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=7073 comm="syz.2.8842" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f92fef8efc9 code=0x7ffc0000
[ 2137.068467][ T1168] hsr_slave_1: left promiscuous mode
[ 2137.121548][   T30] audit: type=1326 audit(1761128665.681:6948): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=7073 comm="syz.2.8842" exe="/root/syz-executor" sig=0 arch=c000003e syscall=1 compat=0 ip=0x7f92fef8efc9 code=0x7ffc0000
[ 2137.157015][T25138] Bluetooth: hci0: command tx timeout
[ 2137.167715][ T6529] usb 5-1: config 0 interface 0 altsetting 0 bulk endpoint 0x2 has invalid maxpacket 0
[ 2137.177667][ T6529] usb 5-1: config 0 interface 0 altsetting 0 has 2 endpoint descriptors, different from the interface descriptor's value: 3
[ 2137.191041][   T30] audit: type=1326 audit(1761128665.681:6949): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=7073 comm="syz.2.8842" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f92fef8efc9 code=0x7ffc0000
[ 2137.214468][ T6529] usb 5-1: New USB device found, idVendor=2040, idProduct=b138, bcdDevice= 1.42
[ 2137.224232][ T6529] usb 5-1: New USB device strings: Mfr=4, Product=0, SerialNumber=0
[ 2137.240677][ T6529] usb 5-1: Manufacturer: syz
[ 2137.249109][   T30] audit: type=1326 audit(1761128665.681:6950): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=7073 comm="syz.2.8842" exe="/root/syz-executor" sig=0 arch=c000003e syscall=299 compat=0 ip=0x7f92fef8efc9 code=0x7ffc0000
[ 2137.276993][ T1168] batadv8 (unregistering): left promiscuous mode
[ 2137.286257][ T1168] team0 (unregistering): Port device batadv8 removed
[ 2137.293643][ T6529] usb 5-1: config 0 descriptor??
[ 2137.331738][ T1168] batadv7 (unregistering): left promiscuous mode
[ 2137.342989][ T1168] team0 (unregistering): Port device batadv7 removed
[ 2137.485029][ T1168] batadv6 (unregistering): left promiscuous mode
[ 2137.501331][ T1168] team0 (unregistering): Port device batadv6 removed
[ 2137.530011][ T1168] batadv5 (unregistering): left promiscuous mode
[ 2137.547975][ T1168] team0 (unregistering): Port device batadv5 removed
[ 2137.686351][ T6529] rc_core: IR keymap rc-hauppauge not found
[ 2137.692294][ T6529] Registered IR keymap rc-empty
[ 2137.698044][ T6529] mceusb 5-1:0.0: Error: mce write submit urb error = -90
[ 2137.716919][ T1168] batadv4 (unregistering): left promiscuous mode
[ 2137.721155][ T6529] mceusb 5-1:0.0: Error: mce write submit urb error = -90
[ 2137.732545][ T1168] team0 (unregistering): Port device batadv4 removed
[ 2137.767391][ T1168] batadv3 (unregistering): left promiscuous mode
[ 2137.774711][ T1168] team0 (unregistering): Port device batadv3 removed
[ 2137.778279][ T6529] rc rc0: Conexant Hybrid TV (cx231xx) MCE IR no TX as /devices/platform/dummy_hcd.4/usb5/5-1/5-1:0.0/rc/rc0
[ 2137.801386][ T1168] batadv2 (unregistering): left promiscuous mode
[ 2137.811078][ T1168] team0 (unregistering): Port device batadv2 removed
[ 2137.820205][ T6529] input: Conexant Hybrid TV (cx231xx) MCE IR no TX as /devices/platform/dummy_hcd.4/usb5/5-1/5-1:0.0/rc/rc0/input167
[ 2137.838383][ T1168] batadv1 (unregistering): left promiscuous mode
[ 2137.845516][ T1168] team0 (unregistering): Port device batadv1 removed
[ 2137.845576][ T6529] mceusb 5-1:0.0: Error: mce write submit urb error = -90
[ 2137.877795][ T6529] mceusb 5-1:0.0: Error: mce write submit urb error = -90
[ 2137.900384][ T6529] mceusb 5-1:0.0: Error: mce write submit urb error = -90
[ 2137.929682][ T6529] mceusb 5-1:0.0: Error: mce write submit urb error = -90
[ 2137.958597][ T6529] mceusb 5-1:0.0: Error: mce write submit urb error = -90
[ 2137.977278][ T6529] mceusb 5-1:0.0: Error: mce write submit urb error = -90
[ 2137.996879][ T6529] mceusb 5-1:0.0: Error: mce write submit urb error = -90
[ 2138.018784][ T6529] mceusb 5-1:0.0: Error: mce write submit urb error = -90
[ 2138.046328][ T6529] mceusb 5-1:0.0: Error: mce write submit urb error = -90
[ 2138.073847][ T6529] mceusb 5-1:0.0: Error: mce write submit urb error = -90
[ 2138.101003][ T6529] mceusb 5-1:0.0: Registered 424242424242 with mce emulator interface version 1
[ 2138.110163][ T6529] mceusb 5-1:0.0: 2 tx ports (0x0 cabled) and 2 rx sensors (0x0 active)
[ 2138.579837][T17346] usb 1-1: new high-speed USB device number 8 using dummy_hcd
[ 2138.740615][T17346] usb 1-1: config index 0 descriptor too short (expected 30231, got 18)
[ 2138.749738][T17346] usb 1-1: config 48 has too many interfaces: 176, using maximum allowed: 32
[ 2138.767226][T17346] usb 1-1: config 48 has an invalid descriptor of length 0, skipping remainder of the config
[ 2138.783395][T17346] usb 1-1: config 48 has 0 interfaces, different from the descriptor's value: 176
[ 2138.795002][T17346] usb 1-1: New USB device found, idVendor=18b4, idProduct=fffb, bcdDevice=dc.7b
[ 2138.804151][T17346] usb 1-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[ 2138.812569][T17346] usb 1-1: Product: syz
[ 2138.816919][T17346] usb 1-1: Manufacturer: syz
[ 2138.821519][T17346] usb 1-1: SerialNumber: syz
[ 2138.928030][ T6988] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link
[ 2138.941207][ T6988] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link
[ 2138.974015][ T7084] bond0: (slave dummy0): Releasing backup interface
[ 2138.985600][ T7084] team0: Port device dummy0 added
[ 2139.070945][ T6988] team0: Port device team_slave_0 added
[ 2139.149315][ T6988] team0: Port device team_slave_1 added
[ 2139.236782][T25138] Bluetooth: hci0: command tx timeout
[ 2139.256422][ T5912] usb 5-1: USB disconnect, device number 84
[ 2139.348360][ T6988] batman_adv: batadv0: Adding interface: batadv_slave_0
[ 2139.386202][ T6988] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1532 would solve the problem.
[ 2139.412119][    C0] vkms_vblank_simulate: vblank timer overrun
[ 2139.426503][T17691] usb 4-1: new full-speed USB device number 25 using dummy_hcd
[ 2139.466180][ T6988] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active
[ 2139.531992][ T6988] batman_adv: batadv0: Adding interface: batadv_slave_1
[ 2139.568011][ T6988] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1532 would solve the problem.
[ 2139.588430][T17691] usb 4-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config
[ 2139.593941][    C0] vkms_vblank_simulate: vblank timer overrun
[ 2139.623702][ T6988] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active
[ 2139.670904][T17691] usb 4-1: config 0 interface 0 altsetting 0 has an endpoint descriptor with address 0xBE, changing to 0x8E
[ 2139.700815][T17691] usb 4-1: config 0 interface 0 altsetting 0 endpoint 0x8E has an invalid bInterval 0, changing to 10
[ 2139.710659][ T7122] loop6: detected capacity change from 0 to 7
[ 2139.722734][T17691] usb 4-1: config 0 interface 0 altsetting 0 endpoint 0x8E has invalid wMaxPacketSize 0
[ 2139.736822][T17691] usb 4-1: config 0 interface 0 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 3
[ 2139.759418][ T7122] Dev loop6: unable to read RDB block 7
[ 2139.767118][ T7122]  loop6: unable to read partition table
[ 2139.785619][T17691] usb 4-1: New USB device found, idVendor=10c5, idProduct=819a, bcdDevice=e4.46
[ 2139.794950][T17691] usb 4-1: New USB device strings: Mfr=1, Product=2, SerialNumber=35
[ 2139.802990][ T6988] hsr_slave_0: entered promiscuous mode
[ 2139.803819][T17691] usb 4-1: Product: syz
[ 2139.823462][T17691] usb 4-1: Manufacturer: syz
[ 2139.826564][ T6988] hsr_slave_1: entered promiscuous mode
[ 2139.828257][T17691] usb 4-1: SerialNumber: syz
[ 2139.846943][ T7122] loop6: partition table beyond EOD, truncated
[ 2139.856637][T17691] usb 4-1: config 0 descriptor??
[ 2139.861705][ T7122] loop_reread_partitions: partition scan of loop6 (þ被xü—ŸÑà– ) failed (rc=-5)
[ 2139.943680][T17346] usb 1-1: USB disconnect, device number 8
[ 2140.089147][T17691] radio-si470x 4-1:0.0: DeviceID=0x0000 ChipID=0x0000
[ 2140.095966][T17691] radio-si470x 4-1:0.0: This driver is known to work with firmware version 12, but the device has firmware version 0.
[ 2140.177304][T17691] radio-si470x 4-1:0.0: si470x_get_report: usb_control_msg returned -71
[ 2140.185678][T17691] radio-si470x 4-1:0.0: si470x_get_scratch: si470x_get_report returned -71
[ 2140.236445][T17691] radio-si470x 4-1:0.0: probe with driver radio-si470x failed with error -5
[ 2140.271338][T17691] usb 4-1: USB disconnect, device number 25
[ 2140.443495][ T7149] netlink: 4 bytes leftover after parsing attributes in process `syz.3.8857'.
[ 2140.812456][ T7163] netlink: 16 bytes leftover after parsing attributes in process `syz.4.8863'.
[ 2140.844455][ T7164] loop6: detected capacity change from 0 to 7
[ 2140.856330][ T7164] Dev loop6: unable to read RDB block 7
[ 2140.862400][ T7164]  loop6: unable to read partition table
[ 2140.869781][ T7164] loop6: partition table beyond EOD, truncated
[ 2140.885780][ T7164] loop_reread_partitions: partition scan of loop6 (þ被xü—ŸÑà– ) failed (rc=-5)
[ 2141.193782][ T7178] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy
[ 2141.244953][ T7178] misc raw-gadget: fail, usb_gadget_register_driver returned -16
[ 2141.254551][ T7176] netlink: 148 bytes leftover after parsing attributes in process `syz.4.8866'.
[ 2141.264996][ T6988] netdevsim netdevsim1 netdevsim0: renamed from eth0
[ 2141.277363][ T6988] netdevsim netdevsim1 netdevsim1: renamed from eth1
[ 2141.309272][ T6988] netdevsim netdevsim1 netdevsim2: renamed from eth2
[ 2141.336727][ T6988] netdevsim netdevsim1 netdevsim3: renamed from eth3
[ 2141.426634][ T6529] usb 1-1: new full-speed USB device number 9 using dummy_hcd
[ 2141.506193][ T6888] usb 3-1: new high-speed USB device number 13 using dummy_hcd
[ 2141.532422][ T6988] 8021q: adding VLAN 0 to HW filter on device bond0
[ 2141.563279][ T6988] 8021q: adding VLAN 0 to HW filter on device team0
[ 2141.579483][ T1168] bridge0: port 1(bridge_slave_0) entered blocking state
[ 2141.586664][ T1168] bridge0: port 1(bridge_slave_0) entered forwarding state
[ 2141.597178][ T6529] usb 1-1: config 0 has an invalid interface number: 31 but max is 0
[ 2141.609035][ T6529] usb 1-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config
[ 2141.621362][ T6529] usb 1-1: config 0 has no interface number 0
[ 2141.635706][ T6529] usb 1-1: New USB device found, idVendor=046d, idProduct=08c3, bcdDevice=6b.16
[ 2141.645195][ T6529] usb 1-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[ 2141.661208][ T6066] bridge0: port 2(bridge_slave_1) entered blocking state
[ 2141.668754][ T6066] bridge0: port 2(bridge_slave_1) entered forwarding state
[ 2141.677008][ T6529] usb 1-1: Product: syz
[ 2141.681474][ T6529] usb 1-1: Manufacturer: syz
[ 2141.697150][ T6888] usb 3-1: config index 0 descriptor too short (expected 30231, got 18)
[ 2141.707975][ T6888] usb 3-1: config 48 has too many interfaces: 176, using maximum allowed: 32
[ 2141.719099][ T6529] usb 1-1: SerialNumber: syz
[ 2141.758618][ T6888] usb 3-1: config 48 has an invalid descriptor of length 0, skipping remainder of the config
[ 2141.769584][ T6529] usb 1-1: config 0 descriptor??
[ 2141.794691][ T6888] usb 3-1: config 48 has 0 interfaces, different from the descriptor's value: 176
[ 2141.810218][ T6529] hub 1-1:0.31: bad descriptor, ignoring hub
[ 2141.829501][ T6529] hub 1-1:0.31: probe with driver hub failed with error -5
[ 2141.852817][ T6888] usb 3-1: New USB device found, idVendor=18b4, idProduct=fffb, bcdDevice=dc.7b
[ 2141.869848][ T6888] usb 3-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[ 2141.881194][ T6529] uvcvideo 1-1:0.31: Found UVC 0.04 device syz (046d:08c3)
[ 2141.896945][ T6529] uvcvideo 1-1:0.31: Entity type for entity Output 6 was not initialized!
[ 2141.907450][ T6888] usb 3-1: Product: syz
[ 2141.915833][ T6888] usb 3-1: Manufacturer: syz
[ 2141.925192][ T6529] uvcvideo 1-1:0.31: Failed to create links for entity 6
[ 2141.933866][ T6888] usb 3-1: SerialNumber: syz
[ 2141.960459][    C1] sd 0:0:1:0: [sda] tag#1431 FAILED Result: hostbyte=DID_ERROR driverbyte=DRIVER_OK cmd_age=0s
[ 2141.970863][    C1] sd 0:0:1:0: [sda] tag#1431 CDB: Read(6) 08 00 00 00 03 44
[ 2142.090291][ T6529] uvcvideo 1-1:0.31: Failed to register entities (-22).
[ 2142.095838][ T6988] 8021q: adding VLAN 0 to HW filter on device batadv0
[ 2142.207845][ T6529] usb 1-1: USB disconnect, device number 9
[ 2142.382284][ T6888] usb 3-1: USB disconnect, device number 13
[ 2142.409788][ T6988] veth0_vlan: entered promiscuous mode
[ 2142.448288][ T6988] veth1_vlan: entered promiscuous mode
[ 2142.585601][ T6988] veth0_macvtap: entered promiscuous mode
[ 2142.614291][ T6988] veth1_macvtap: entered promiscuous mode
[ 2142.817173][ T6988] batman_adv: batadv0: Interface activated: batadv_slave_0
[ 2142.852140][ T6988] batman_adv: batadv0: Interface activated: batadv_slave_1
[ 2142.908092][ T1168] netdevsim netdevsim1 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0
[ 2142.929093][ T1168] netdevsim netdevsim1 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0
[ 2142.952888][ T1168] netdevsim netdevsim1 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0
[ 2142.963819][ T1168] netdevsim netdevsim1 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0
[ 2143.409605][ T7234] loop6: detected capacity change from 0 to 7
[ 2143.425531][ T7234] Dev loop6: unable to read RDB block 7
[ 2143.469904][ T7234]  loop6: unable to read partition table
[ 2143.487768][ T7234] loop6: partition table beyond EOD, truncated
[ 2143.495138][ T7234] loop_reread_partitions: partition scan of loop6 (þ被xü—ŸÑà– ) failed (rc=-5)
[ 2143.598042][ T6066] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[ 2143.634200][ T6066] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50
[ 2143.786522][ T7239] netlink: 'syz.3.8876': attribute type 10 has an invalid length.
[ 2144.424385][ T1149] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[ 2144.432831][ T1149] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50
[ 2145.536203][ T6529] usb 5-1: new high-speed USB device number 85 using dummy_hcd
[ 2145.695940][ T6529] usb 5-1: config index 0 descriptor too short (expected 30231, got 18)
[ 2145.709215][ T6529] usb 5-1: config 48 has too many interfaces: 176, using maximum allowed: 32
[ 2145.719362][ T6529] usb 5-1: config 48 has an invalid descriptor of length 0, skipping remainder of the config
[ 2145.729818][ T6529] usb 5-1: config 48 has 0 interfaces, different from the descriptor's value: 176
[ 2145.740962][ T6529] usb 5-1: New USB device found, idVendor=18b4, idProduct=fffb, bcdDevice=dc.7b
[ 2145.823134][ T6529] usb 5-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[ 2145.886701][ T6529] usb 5-1: Product: syz
[ 2145.890907][ T6529] usb 5-1: Manufacturer: syz
[ 2145.895503][ T6529] usb 5-1: SerialNumber: syz
[ 2146.231962][ T7299] netlink: 'syz.0.8886': attribute type 10 has an invalid length.
[ 2146.892770][ T6529] usb 5-1: USB disconnect, device number 85
[ 2147.340354][ T7307] bridge3: entered promiscuous mode
[ 2147.853599][ T7319] loop9: detected capacity change from 0 to 7
[ 2147.919946][T15334] Dev loop9: unable to read RDB block 7
[ 2147.925662][T15334]  loop9: unable to read partition table
[ 2147.954969][T15334] loop9: partition table beyond EOD, truncated
[ 2148.053539][ T7319] Dev loop9: unable to read RDB block 7
[ 2148.108206][ T7319]  loop9: unable to read partition table
[ 2148.152474][ T7319] loop9: partition table beyond EOD, truncated
[ 2148.216214][ T7319] loop_reread_partitions: partition scan of loop9 (þ被xü—ŸÑà– ) failed (rc=-5)
[ 2148.604488][ T7334] netlink: 64 bytes leftover after parsing attributes in process `syz.0.8895'.
[ 2149.630951][ T7351] netlink: 'syz.4.8900': attribute type 10 has an invalid length.
[ 2149.645928][ T7351] bond0: (slave dummy0): Enslaving as an active interface with an up link
[ 2150.635260][ T7368] vivid-000: disconnect
[ 2150.833480][T17346] usb 3-1: new high-speed USB device number 14 using dummy_hcd
[ 2151.316396][T17346] usb 3-1: Using ep0 maxpacket: 32
[ 2151.323348][T17346] usb 3-1: config 8 has an invalid interface descriptor of length 5, skipping
[ 2151.342975][T17346] usb 3-1: config 8 has an invalid descriptor of length 0, skipping remainder of the config
[ 2151.356284][ T6891] usb 4-1: new high-speed USB device number 26 using dummy_hcd
[ 2151.369129][T17346] usb 3-1: config 8 has 0 interfaces, different from the descriptor's value: 1
[ 2151.407677][T17346] usb 3-1: New USB device found, idVendor=0545, idProduct=808b, bcdDevice=69.50
[ 2151.417060][T17346] usb 3-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[ 2151.438645][T17346] usb 3-1: Product: syz
[ 2151.445822][T17346] usb 3-1: Manufacturer: syz
[ 2151.476257][T17346] usb 3-1: SerialNumber: syz
[ 2151.506224][ T6891] usb 4-1: Using ep0 maxpacket: 32
[ 2151.696141][T17346] usb 3-1: USB disconnect, device number 14
[ 2151.752278][ T7373] netlink: 28 bytes leftover after parsing attributes in process `syz.1.8905'.
[ 2151.792166][ T7373] fuse: Unknown parameter 'gsoup_id'
[ 2151.874548][   T30] kauditd_printk_skb: 2 callbacks suppressed
[ 2151.874588][   T30] audit: type=1326 audit(1761128680.961:6953): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=7375 comm="syz.0.8907" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fa450f8efc9 code=0x7ffc0000
[ 2151.933834][   T30] audit: type=1326 audit(1761128680.961:6954): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=7375 comm="syz.0.8907" exe="/root/syz-executor" sig=0 arch=c000003e syscall=13 compat=0 ip=0x7fa450f8efc9 code=0x7ffc0000
[ 2151.956155][    C1] vkms_vblank_simulate: vblank timer overrun
[ 2151.969980][   T30] audit: type=1326 audit(1761128680.961:6955): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=7375 comm="syz.0.8907" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fa450f8efc9 code=0x7ffc0000
[ 2151.992996][   T30] audit: type=1326 audit(1761128680.961:6956): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=7375 comm="syz.0.8907" exe="/root/syz-executor" sig=0 arch=c000003e syscall=7 compat=0 ip=0x7fa450f8efc9 code=0x7ffc0000
[ 2152.016059][   T30] audit: type=1326 audit(1761128680.991:6957): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=7375 comm="syz.0.8907" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fa450f8efc9 code=0x7ffc0000
[ 2152.062032][   T30] audit: type=1326 audit(1761128680.991:6958): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=7375 comm="syz.0.8907" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fa450f8efc9 code=0x7ffc0000
[ 2152.093906][   T30] audit: type=1326 audit(1761128680.991:6959): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=7375 comm="syz.0.8907" exe="/root/syz-executor" sig=0 arch=c000003e syscall=41 compat=0 ip=0x7fa450f8efc9 code=0x7ffc0000
[ 2152.120690][   T30] audit: type=1326 audit(1761128680.991:6960): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=7375 comm="syz.0.8907" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fa450f8efc9 code=0x7ffc0000
[ 2152.163673][   T30] audit: type=1326 audit(1761128681.001:6961): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=7375 comm="syz.0.8907" exe="/root/syz-executor" sig=0 arch=c000003e syscall=257 compat=0 ip=0x7fa450f8efc9 code=0x7ffc0000
[ 2152.190670][   T30] audit: type=1326 audit(1761128681.001:6962): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=7375 comm="syz.0.8907" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fa450f8efc9 code=0x7ffc0000
[ 2152.567592][ T7386] netlink: 28 bytes leftover after parsing attributes in process `syz.2.8909'.
[ 2153.036449][    C1] sd 0:0:1:0: [sda] tag#1456 FAILED Result: hostbyte=DID_ERROR driverbyte=DRIVER_OK cmd_age=0s
[ 2153.046981][    C1] sd 0:0:1:0: [sda] tag#1456 CDB: Read(6) 08 00 00 00 03 44
[ 2153.114480][T17691] ip6_tunnel: ip6gretap0 xmit: Local address not yet configured!
[ 2153.125629][ T7399] team0: Port device dummy0 removed
[ 2153.346335][T17691] ip6_tunnel: ip6gretap0 xmit: Local address not yet configured!
[ 2153.419306][ T7399] A link change request failed with some changes committed already. Interface hsr_slave_0 may have been left with an inconsistent configuration, please check.
[ 2153.605030][ T7363] vivid-000: reconnect
[ 2153.874401][ T6891] usb 4-1: unable to get BOS descriptor or descriptor too short
[ 2153.896674][ T6891] usb 4-1: unable to read config index 0 descriptor/start: -71
[ 2153.914448][ T6891] usb 4-1: can't read configurations, error -71
[ 2153.970120][T17346] usb 1-1: new high-speed USB device number 10 using dummy_hcd
[ 2154.172266][T17346] usb 1-1: Using ep0 maxpacket: 8
[ 2154.179581][T17346] usb 1-1: config index 0 descriptor too short (expected 301, got 45)
[ 2154.216146][T17346] usb 1-1: config 16 interface 0 altsetting 0 endpoint 0x5 has invalid wMaxPacketSize 0
[ 2154.236132][T17346] usb 1-1: config 16 interface 0 altsetting 0 bulk endpoint 0x5 has invalid maxpacket 0
[ 2154.245980][T17346] usb 1-1: config 16 interface 0 altsetting 0 bulk endpoint 0x8B has invalid maxpacket 32
[ 2154.279268][T17346] usb 1-1: config 16 interface 0 altsetting 0 has 2 endpoint descriptors, different from the interface descriptor's value: 3
[ 2154.338089][T17346] usb 1-1: New USB device found, idVendor=ee8d, idProduct=db1e, bcdDevice=61.23
[ 2154.349717][ T7416] loop6: detected capacity change from 0 to 7
[ 2154.380082][ T7416] Dev loop6: unable to read RDB block 7
[ 2154.385674][ T7416]  loop6: AHDI p1 p2 p3
[ 2154.386136][T17346] usb 1-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[ 2154.453903][ T7416] loop6: partition table partially beyond EOD, truncated
[ 2154.500184][ T7416] loop6: p1 start 4217409618 is beyond EOD, truncated
[ 2154.536227][ T7416] loop6: p2 size 108 extends beyond EOD, truncated
[ 2154.634246][T17346] usb 1-1: GET_CAPABILITIES returned c4
[ 2154.667297][T17346] usbtmc 1-1:16.0: can't read capabilities
[ 2154.713804][T15334] udevd[15334]: inotify_add_watch(7, /dev/loop6p2, 10) failed: No such file or directory
[ 2154.903813][ T7428] netlink: 'syz.1.8921': attribute type 10 has an invalid length.
[ 2154.930234][ T7428] bond0: (slave dummy0): Enslaving as an active interface with an up link
[ 2154.959722][T17346] usb 1-1: USB disconnect, device number 10
[ 2155.106237][ T6891] usb 4-1: new high-speed USB device number 28 using dummy_hcd
[ 2155.196396][ T6529] usb 5-1: new full-speed USB device number 86 using dummy_hcd
[ 2155.256155][ T6891] usb 4-1: Using ep0 maxpacket: 8
[ 2155.267176][ T6891] usb 4-1: New USB device found, idVendor=1557, idProduct=7720, bcdDevice=b7.eb
[ 2155.284691][ T6891] usb 4-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[ 2155.299868][ T6891] usb 4-1: config 0 descriptor??
[ 2155.427145][ T6529] usb 5-1: config 0 has no interfaces?
[ 2155.436953][ T6529] usb 5-1: New USB device found, idVendor=12d1, idProduct=42f7, bcdDevice=aa.47
[ 2155.446923][ T6529] usb 5-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[ 2155.472589][ T6529] usb 5-1: config 0 descriptor??
[ 2155.561132][ T6891] asix 4-1:0.0 (unnamed net_device) (uninitialized): invalid hw address, using random
[ 2155.842157][ T7424] netlink: 52 bytes leftover after parsing attributes in process `syz.4.8922'.
[ 2155.858357][ T7445] tipc: Trying to set illegal importance in message
[ 2155.892599][ T7447] loop6: detected capacity change from 0 to 7
[ 2155.900813][ T7447] Dev loop6: unable to read RDB block 7
[ 2155.907056][ T7447]  loop6: AHDI p1 p2 p3
[ 2155.911271][ T7447] loop6: partition table partially beyond EOD, truncated
[ 2155.919054][ T7447] loop6: p1 start 4217409618 is beyond EOD, truncated
[ 2155.925865][ T7447] loop6: p2 size 108 extends beyond EOD, truncated
[ 2155.963774][ T6891] asix 4-1:0.0 (unnamed net_device) (uninitialized): Failed to read reg index 0x0000: -61
[ 2155.977748][ T6891] asix 4-1:0.0: probe with driver asix failed with error -61
[ 2155.979641][T15334] udevd[15334]: inotify_add_watch(7, /dev/loop6p2, 10) failed: No such file or directory
[ 2156.086262][T17346] usb 1-1: new high-speed USB device number 11 using dummy_hcd
[ 2156.258365][T17346] usb 1-1: config 0 interface 0 altsetting 0 endpoint 0x88 has invalid wMaxPacketSize 0
[ 2156.277647][T17346] usb 1-1: New USB device found, idVendor=1ac7, idProduct=0001, bcdDevice=cc.19
[ 2156.290361][T17346] usb 1-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[ 2156.302902][T17346] usb 1-1: Product: syz
[ 2156.309179][T17346] usb 1-1: Manufacturer: syz
[ 2156.315819][T17346] usb 1-1: SerialNumber: syz
[ 2156.323532][T17346] usb 1-1: config 0 descriptor??
[ 2156.336186][T17346] usbtouchscreen 1-1:0.0: probe with driver usbtouchscreen failed with error -32
[ 2156.577675][ T7443] netlink: 8 bytes leftover after parsing attributes in process `syz.0.8929'.
[ 2156.592734][ T7443] netlink: 8 bytes leftover after parsing attributes in process `syz.0.8929'.
[ 2156.603073][ T7443] netlink: 8 bytes leftover after parsing attributes in process `syz.0.8929'.
[ 2156.613891][ T7443] netlink: 8 bytes leftover after parsing attributes in process `syz.0.8929'.
[ 2156.624745][ T7443] netlink: 8 bytes leftover after parsing attributes in process `syz.0.8929'.
[ 2156.645514][T17346] usb 1-1: USB disconnect, device number 11
[ 2157.019537][    C1] sd 0:0:1:0: [sda] tag#1461 FAILED Result: hostbyte=DID_ERROR driverbyte=DRIVER_OK cmd_age=0s
[ 2157.029953][    C1] sd 0:0:1:0: [sda] tag#1461 CDB: Read(6) 08 00 00 00 03 44
[ 2157.101522][ T7465] bond0: (slave dummy0): Releasing backup interface
[ 2157.132236][ T7465] bridge_slave_0: left allmulticast mode
[ 2157.143679][ T7465] bridge_slave_0: left promiscuous mode
[ 2157.149583][ T7465] bridge0: port 1(bridge_slave_0) entered disabled state
[ 2157.196025][ T7465] bridge_slave_1: left allmulticast mode
[ 2157.218136][ T7465] bridge_slave_1: left promiscuous mode
[ 2157.242903][ T7465] bridge0: port 2(bridge_slave_1) entered disabled state
[ 2157.309030][ T7465] bond0: (slave bond_slave_0): Releasing backup interface
[ 2157.334419][ T7465] bond0: (slave bond_slave_1): Releasing backup interface
[ 2157.380997][ T7465] team0: Port device team_slave_0 removed
[ 2157.436945][ T7465] team0: Port device team_slave_1 removed
[ 2157.445915][ T7465] batman_adv: batadv0: Interface deactivated: batadv_slave_0
[ 2157.453898][ T7465] batman_adv: batadv0: Removing interface: batadv_slave_0
[ 2157.472237][ T7465] batman_adv: batadv0: Interface deactivated: batadv_slave_1
[ 2157.553939][ T7465] batman_adv: batadv0: Removing interface: batadv_slave_1
[ 2157.586192][ T6891] usb 3-1: new high-speed USB device number 15 using dummy_hcd
[ 2157.608549][ T7465] A link change request failed with some changes committed already. Interface hsr_slave_0 may have been left with an inconsistent configuration, please check.
[ 2157.638722][ T7474] netlink: 'syz.0.8936': attribute type 10 has an invalid length.
[ 2157.776196][ T6891] usb 3-1: Using ep0 maxpacket: 8
[ 2157.784232][ T6891] usb 3-1: config index 0 descriptor too short (expected 301, got 45)
[ 2157.793097][ T6891] usb 3-1: config 16 interface 0 altsetting 0 endpoint 0x5 has invalid wMaxPacketSize 0
[ 2157.803612][ T6891] usb 3-1: config 16 interface 0 altsetting 0 bulk endpoint 0x5 has invalid maxpacket 0
[ 2157.813946][ T6891] usb 3-1: config 16 interface 0 altsetting 0 bulk endpoint 0x8B has invalid maxpacket 32
[ 2157.824324][ T6891] usb 3-1: config 16 interface 0 altsetting 0 has 2 endpoint descriptors, different from the interface descriptor's value: 3
[ 2157.856176][ T6529] usb 5-1: USB disconnect, device number 86
[ 2157.889201][ T6891] usb 3-1: New USB device found, idVendor=ee8d, idProduct=db1e, bcdDevice=61.23
[ 2157.958486][ T6891] usb 3-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[ 2158.183793][ T6891] usb 3-1: GET_CAPABILITIES returned c4
[ 2158.246384][ T6891] usbtmc 3-1:16.0: can't read capabilities
[ 2158.388287][ T6529] usb 3-1: USB disconnect, device number 15
[ 2158.576239][ T6891] usb 5-1: new high-speed USB device number 87 using dummy_hcd
[ 2158.748244][T17346] usb 4-1: USB disconnect, device number 28
[ 2158.789593][ T6891] usb 5-1: Using ep0 maxpacket: 32
[ 2158.823937][ T6891] usb 5-1: unable to get BOS descriptor or descriptor too short
[ 2158.870623][ T6891] usb 5-1: config 244 has an invalid descriptor of length 0, skipping remainder of the config
[ 2158.923660][ T6891] usb 5-1: New USB device found, idVendor=0867, idProduct=9812, bcdDevice=24.0f
[ 2158.975629][ T6891] usb 5-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[ 2159.045343][ T6891] usb 5-1: Product: syz
[ 2159.055015][ T6891] usb 5-1: Manufacturer: syz
[ 2159.069918][ T6891] usb 5-1: SerialNumber: syz
[ 2159.102045][ T7497] kvm: pic: non byte write
[ 2159.134781][ T7497] kvm: pic: non byte write
[ 2159.153575][ T7497] kvm: pic: non byte write
[ 2159.172052][ T7497] kvm: pic: non byte write
[ 2159.188077][ T7497] kvm: pic: non byte write
[ 2159.200536][ T7497] kvm: pic: non byte write
[ 2159.214865][ T7497] kvm: pic: non byte write
[ 2159.222138][ T7497] kvm: pic: non byte write
[ 2159.262767][ T7497] kvm: pic: non byte write
[ 2159.267373][T17346] usb 4-1: new high-speed USB device number 29 using dummy_hcd
[ 2159.287557][ T7497] kvm: pic: non byte write
[ 2159.293205][ T7497] kvm: pic: single mode not supported
[ 2159.446146][T17346] usb 4-1: Using ep0 maxpacket: 8
[ 2159.507118][T17346] usb 4-1: config index 0 descriptor too short (expected 301, got 45)
[ 2159.515535][T17346] usb 4-1: config 16 interface 0 altsetting 0 endpoint 0x5 has invalid wMaxPacketSize 0
[ 2159.599326][    C1] sd 0:0:1:0: [sda] tag#1443 FAILED Result: hostbyte=DID_ERROR driverbyte=DRIVER_OK cmd_age=0s
[ 2159.609787][    C1] sd 0:0:1:0: [sda] tag#1443 CDB: Read(6) 08 00 00 00 03 44
[ 2159.673848][T17346] usb 4-1: config 16 interface 0 altsetting 0 bulk endpoint 0x5 has invalid maxpacket 0
[ 2159.689606][ T7511] bond0: (slave dummy0): Releasing backup interface
[ 2159.719632][T17346] usb 4-1: config 16 interface 0 altsetting 0 bulk endpoint 0x8B has invalid maxpacket 32
[ 2159.763074][ T7511] bridge_slave_0: left allmulticast mode
[ 2159.768910][T17346] usb 4-1: config 16 interface 0 altsetting 0 has 2 endpoint descriptors, different from the interface descriptor's value: 3
[ 2159.769052][ T7511] bridge_slave_0: left promiscuous mode
[ 2159.782042][T17346] usb 4-1: New USB device found, idVendor=ee8d, idProduct=db1e, bcdDevice=61.23
[ 2159.782067][T17346] usb 4-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[ 2159.883250][ T7511] bridge0: port 1(bridge_slave_0) entered disabled state
[ 2159.956372][ T7511] bridge_slave_1: left allmulticast mode
[ 2159.966286][ T7511] bridge_slave_1: left promiscuous mode
[ 2159.976142][ T7511] bridge0: port 2(bridge_slave_1) entered disabled state
[ 2160.022167][ T7511] bond0: (slave bond_slave_0): Releasing backup interface
[ 2160.029799][T17346] usb 4-1: GET_CAPABILITIES returned 0
[ 2160.035358][T17346] usbtmc 4-1:16.0: can't read capabilities
[ 2160.102127][ T7511] bond0: (slave bond_slave_1): Releasing backup interface
[ 2160.118514][ T7511] team_slave_0: left promiscuous mode
[ 2160.129899][ T7511] team0: Port device team_slave_0 removed
[ 2160.144151][ T7511] team_slave_1: left promiscuous mode
[ 2160.161355][ T7511] team0: Port device team_slave_1 removed
[ 2160.170055][ T7511] batman_adv: batadv0: Interface deactivated: batadv_slave_0
[ 2160.177588][ T7511] batman_adv: batadv0: Removing interface: batadv_slave_0
[ 2160.197053][ T7511] batman_adv: batadv0: Interface deactivated: batadv_slave_1
[ 2160.204608][ T7511] batman_adv: batadv0: Removing interface: batadv_slave_1
[ 2160.336557][ T7493] usbtmc 4-1:16.0: usb_control_msg returned -71
[ 2160.356891][ T1303] ieee802154 phy0 wpan0: encryption failed: -22
[ 2160.363640][ T1303] ieee802154 phy1 wpan1: encryption failed: -22
[ 2160.367419][T17346] usb 4-1: USB disconnect, device number 29
[ 2160.557256][ T7493] fuse: Unknown parameter 'Œ'
[ 2160.599813][ T7511] A link change request failed with some changes committed already. Interface hsr_slave_0 may have been left with an inconsistent configuration, please check.
[ 2161.787634][ T6891] comedi comedi5: Wrong number of endpoints
[ 2161.823986][ T6891] dt9812 5-1:244.0: driver 'dt9812' failed to auto-configure device.
[ 2161.894324][ T6891] usb 5-1: USB disconnect, device number 87
[ 2162.004282][ T7531] netlink: 12 bytes leftover after parsing attributes in process `syz.0.8954'.
[ 2162.021537][ T7531] 8021q: VLANs not supported on caif0
[ 2162.256246][T28062] usb 3-1: new high-speed USB device number 16 using dummy_hcd
[ 2162.382179][ T7544] usb usb6: Requested nonsensical USBDEVFS_URB_ZERO_PACKET.
[ 2162.406160][T28062] usb 3-1: Using ep0 maxpacket: 8
[ 2162.413987][T28062] usb 3-1: config index 0 descriptor too short (expected 301, got 45)
[ 2162.423611][T28062] usb 3-1: config 16 interface 0 altsetting 0 endpoint 0x5 has invalid wMaxPacketSize 0
[ 2162.434481][T28062] usb 3-1: config 16 interface 0 altsetting 0 bulk endpoint 0x5 has invalid maxpacket 0
[ 2162.448822][T28062] usb 3-1: config 16 interface 0 altsetting 0 bulk endpoint 0x8B has invalid maxpacket 32
[ 2162.459055][T28062] usb 3-1: config 16 interface 0 altsetting 0 has 2 endpoint descriptors, different from the interface descriptor's value: 3
[ 2162.472217][T28062] usb 3-1: New USB device found, idVendor=ee8d, idProduct=db1e, bcdDevice=61.23
[ 2162.481344][T28062] usb 3-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[ 2162.705529][T28062] usb 3-1: GET_CAPABILITIES returned c4
[ 2162.715690][T28062] usbtmc 3-1:16.0: can't read capabilities
[ 2162.919482][T28062] usb 3-1: USB disconnect, device number 16
[ 2162.967781][ T7554] kvm_intel: set kvm_intel.dump_invalid_vmcs=1 to dump internal KVM state.
[ 2163.204893][ T7558] usb usb8: usbfs: process 7558 (syz.4.8963) did not claim interface 0 before use
[ 2163.690769][    C1] sd 0:0:1:0: [sda] tag#1454 FAILED Result: hostbyte=DID_ERROR driverbyte=DRIVER_OK cmd_age=0s
[ 2163.701220][    C1] sd 0:0:1:0: [sda] tag#1454 CDB: Read(6) 08 00 00 00 03 44
[ 2163.875436][ T7564] A link change request failed with some changes committed already. Interface hsr_slave_0 may have been left with an inconsistent configuration, please check.
[ 2165.392204][ T7592] netlink: 44 bytes leftover after parsing attributes in process `syz.2.8974'.
[ 2165.409570][ T7592] netlink: 16 bytes leftover after parsing attributes in process `syz.2.8974'.
[ 2165.823741][ T7601] netem: incorrect ge model size
[ 2165.838614][ T7601] netem: change failed
[ 2166.537885][ T6891] usb 3-1: new high-speed USB device number 17 using dummy_hcd
[ 2166.607074][ T7611] loop6: detected capacity change from 0 to 7
[ 2166.634521][ T7611] Dev loop6: unable to read RDB block 7
[ 2166.664047][ T7611]  loop6: AHDI p1 p2 p3
[ 2166.682936][ T7611] loop6: partition table partially beyond EOD, truncated
[ 2166.711015][ T7613] netlink: 'syz.3.8980': attribute type 8 has an invalid length.
[ 2166.719321][ T7611] loop6: p1 start 4217409618 is beyond EOD, truncated
[ 2166.726501][ T6891] usb 3-1: Using ep0 maxpacket: 8
[ 2166.726580][ T7611] loop6: p2 size 108 extends beyond EOD, truncated
[ 2166.973847][T15334] udevd[15334]: inotify_add_watch(7, /dev/loop6p2, 10) failed: No such file or directory
[ 2167.376647][ T5912] usb 2-1: new full-speed USB device number 53 using dummy_hcd
[ 2167.508431][ T5912] usb 2-1: device descriptor read/64, error -71
[ 2167.547860][    C1] sd 0:0:1:0: [sda] tag#1459 FAILED Result: hostbyte=DID_ERROR driverbyte=DRIVER_OK cmd_age=0s
[ 2167.558332][    C1] sd 0:0:1:0: [sda] tag#1459 CDB: Read(6) 08 00 00 00 03 44
[ 2167.592704][ T7634] A link change request failed with some changes committed already. Interface hsr_slave_0 may have been left with an inconsistent configuration, please check.
[ 2167.778013][ T5912] usb 2-1: new full-speed USB device number 54 using dummy_hcd
[ 2167.916153][ T5912] usb 2-1: device descriptor read/64, error -71
[ 2168.057404][ T5912] usb usb2-port1: attempt power cycle
[ 2168.496201][ T5912] usb 2-1: new full-speed USB device number 55 using dummy_hcd
[ 2168.518178][ T5912] usb 2-1: device descriptor read/8, error -71
[ 2168.564270][ T7655] netem: incorrect ge model size
[ 2168.578425][ T7655] netem: change failed
[ 2168.596290][    C1] ip6_tunnel: ip6gretap0 xmit: Local address not yet configured!
[ 2168.876284][ T5912] usb 2-1: new full-speed USB device number 56 using dummy_hcd
[ 2168.918372][ T5912] usb 2-1: device descriptor read/8, error -71
[ 2169.128178][ T5912] usb usb2-port1: unable to enumerate USB device
[ 2169.328258][ T6891] usb 3-1: unable to get BOS descriptor or descriptor too short
[ 2169.342178][ T6891] usb 3-1: unable to read config index 0 descriptor/start: -71
[ 2169.384094][ T6891] usb 3-1: can't read configurations, error -71
[ 2169.498556][ T7666] IPVS: length: 218 != 24
[ 2170.746813][ T7680] loop9: detected capacity change from 0 to 7
[ 2170.755324][T15334] Dev loop9: unable to read RDB block 7
[ 2170.761819][T15334]  loop9: unable to read partition table
[ 2170.769703][T15334] loop9: partition table beyond EOD, truncated
[ 2170.779236][ T7680] Dev loop9: unable to read RDB block 7
[ 2170.788428][ T7680]  loop9: unable to read partition table
[ 2170.815787][ T7680] loop9: partition table beyond EOD, truncated
[ 2170.855446][ T7680] loop_reread_partitions: partition scan of loop9 (þ被xü—ŸÑà– ) failed (rc=-5)
[ 2170.986363][ T6891] usb 3-1: new high-speed USB device number 18 using dummy_hcd
[ 2171.206173][ T6891] usb 3-1: device descriptor read/64, error -71
[ 2171.241343][    C1] sd 0:0:1:0: [sda] tag#1417 FAILED Result: hostbyte=DID_ERROR driverbyte=DRIVER_OK cmd_age=0s
[ 2171.251768][    C1] sd 0:0:1:0: [sda] tag#1417 CDB: Read(6) 08 00 00 00 03 44
[ 2171.279872][ T7691] bond0: (slave dummy0): Releasing backup interface
[ 2171.292754][ T7691] bridge_slave_0: left allmulticast mode
[ 2171.298635][ T7691] bridge_slave_0: left promiscuous mode
[ 2171.315173][ T7691] bridge0: port 1(bridge_slave_0) entered disabled state
[ 2171.340821][ T7691] bridge_slave_1: left allmulticast mode
[ 2171.347050][ T7691] bridge_slave_1: left promiscuous mode
[ 2171.372542][ T7691] bridge0: port 2(bridge_slave_1) entered disabled state
[ 2171.389241][ T6891] usb usb3-port1: attempt power cycle
[ 2171.446477][ T6529] usb 2-1: new high-speed USB device number 57 using dummy_hcd
[ 2171.456054][ T7691] bond0: (slave bond_slave_0): Releasing backup interface
[ 2171.469267][ T7691] bond0: (slave bond_slave_1): Releasing backup interface
[ 2171.504729][ T7691] team0: Port device team_slave_0 removed
[ 2171.513880][ T7691] team0: Port device team_slave_1 removed
[ 2171.522336][ T7691] batman_adv: batadv0: Interface deactivated: batadv_slave_0
[ 2171.530446][ T7691] batman_adv: batadv0: Removing interface: batadv_slave_0
[ 2171.545607][ T7691] batman_adv: batadv0: Interface deactivated: batadv_slave_1
[ 2171.570896][ T7691] batman_adv: batadv0: Removing interface: batadv_slave_1
[ 2171.580172][ T7691] A link change request failed with some changes committed already. Interface hsr_slave_0 may have been left with an inconsistent configuration, please check.
[ 2171.627811][ T6529] usb 2-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7
[ 2171.638986][ T6529] usb 2-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0
[ 2171.649294][ T6529] usb 2-1: config 0 interface 0 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 21
[ 2171.662571][ T6529] usb 2-1: New USB device found, idVendor=047f, idProduct=ffff, bcdDevice= 0.00
[ 2171.814557][T17346] usb 4-1: new high-speed USB device number 30 using dummy_hcd
[ 2171.881403][ T6529] usb 2-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[ 2171.913886][ T6529] usb 2-1: config 0 descriptor??
[ 2171.936420][ T6891] usb 3-1: new high-speed USB device number 19 using dummy_hcd
[ 2171.991851][ T6891] usb 3-1: device descriptor read/8, error -71
[ 2172.005604][ T7707] loop6: detected capacity change from 0 to 7
[ 2172.018071][T15334] Dev loop6: unable to read RDB block 7
[ 2172.023667][T15334]  loop6: AHDI p1 p2 p3
[ 2172.028259][T15334] loop6: partition table partially beyond EOD, truncated
[ 2172.039165][T17346] usb 4-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7
[ 2172.050888][T15334] loop6: p1 start 4217409618 is beyond EOD, truncated
[ 2172.057771][T17346] usb 4-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0
[ 2172.071785][T15334] loop6: p2 size 108 extends beyond EOD, truncated
[ 2172.085189][T17346] usb 4-1: New USB device found, idVendor=1e7d, idProduct=2cf6, bcdDevice= 0.00
[ 2172.101504][T17346] usb 4-1: New USB device strings: Mfr=4, Product=0, SerialNumber=0
[ 2172.115454][ T7707] Dev loop6: unable to read RDB block 7
[ 2172.151948][ T7707]  loop6: AHDI p1 p2 p3
[ 2172.156243][ T7707] loop6: partition table partially beyond EOD, truncated
[ 2172.189441][ T7706] ip6gre0: Caught tx_queue_len zero misconfig
[ 2172.195690][T17346] usb 4-1: Manufacturer: syz
[ 2172.215678][T17346] usb 4-1: config 0 descriptor??
[ 2172.222035][ T7707] loop6: p1 start 4217409618 is beyond EOD, truncated
[ 2172.237021][ T7707] loop6: p2 size 108 extends beyond EOD, truncated
[ 2172.245631][ T6891] usb 3-1: new high-speed USB device number 20 using dummy_hcd
[ 2172.287173][ T6891] usb 3-1: device descriptor read/8, error -71
[ 2172.360580][ T6529] plantronics 0003:047F:FFFF.0078: hiddev0,hidraw0: USB HID v0.40 Device [HID 047f:ffff] on usb-dummy_hcd.1-1/input0
[ 2172.364989][T15334] udevd[15334]: inotify_add_watch(7, /dev/loop6p2, 10) failed: No such file or directory
[ 2172.469527][ T6891] usb usb3-port1: unable to enumerate USB device
[ 2172.668145][T17346] hid_parser_main: 1260 callbacks suppressed
[ 2172.668167][T17346] pyra 0003:1E7D:2CF6.0079: unknown main item tag 0x0
[ 2172.721941][T17346] pyra 0003:1E7D:2CF6.0079: unknown main item tag 0x0
[ 2172.732036][T17346] pyra 0003:1E7D:2CF6.0079: unknown main item tag 0x0
[ 2172.750594][T15334] udevd[15334]: inotify_add_watch(7, /dev/loop6p2, 10) failed: No such file or directory
[ 2172.788783][T17346] pyra 0003:1E7D:2CF6.0079: unknown main item tag 0x0
[ 2172.823292][ T7713] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy
[ 2172.835271][T17346] pyra 0003:1E7D:2CF6.0079: unknown main item tag 0x0
[ 2172.853446][ T7713] misc raw-gadget: fail, usb_gadget_register_driver returned -16
[ 2172.862417][T17346] pyra 0003:1E7D:2CF6.0079: unknown main item tag 0x0
[ 2172.880084][T17346] pyra 0003:1E7D:2CF6.0079: unknown main item tag 0x0
[ 2172.908206][T17346] pyra 0003:1E7D:2CF6.0079: hidraw1: USB HID v0.00 Device [syz] on usb-dummy_hcd.3-1/input0
[ 2173.367498][T17346] pyra 0003:1E7D:2CF6.0079: couldn't init struct pyra_device
[ 2173.375072][T17346] pyra 0003:1E7D:2CF6.0079: couldn't install mouse
[ 2173.387879][T17346] pyra 0003:1E7D:2CF6.0079: probe with driver pyra failed with error -5
[ 2173.639621][ T7726] FAULT_INJECTION: forcing a failure.
[ 2173.639621][ T7726] name failslab, interval 1, probability 0, space 0, times 0
[ 2173.655650][ T7726] CPU: 1 UID: 0 PID: 7726 Comm: syz.2.9006 Not tainted syzkaller #0 PREEMPT(full) 
[ 2173.655675][ T7726] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/02/2025
[ 2173.655687][ T7726] Call Trace:
[ 2173.655694][ T7726]  <TASK>
[ 2173.655703][ T7726]  dump_stack_lvl+0x189/0x250
[ 2173.655732][ T7726]  ? __pfx____ratelimit+0x10/0x10
[ 2173.655755][ T7726]  ? __pfx_dump_stack_lvl+0x10/0x10
[ 2173.655778][ T7726]  ? __pfx__printk+0x10/0x10
[ 2173.655803][ T7726]  ? __pfx___might_resched+0x10/0x10
[ 2173.655822][ T7726]  ? fs_reclaim_acquire+0x7d/0x100
[ 2173.655852][ T7726]  should_fail_ex+0x414/0x560
[ 2173.655882][ T7726]  should_failslab+0xa8/0x100
[ 2173.655902][ T7726]  kmem_cache_alloc_node_noprof+0x77/0x710
[ 2173.655927][ T7726]  ? __alloc_skb+0x112/0x2d0
[ 2173.655950][ T7726]  ? netlink_autobind+0xdb/0x300
[ 2173.655972][ T7726]  __alloc_skb+0x112/0x2d0
[ 2173.656001][ T7726]  netlink_sendmsg+0x5c6/0xb30
[ 2173.656034][ T7726]  ? __pfx_netlink_sendmsg+0x10/0x10
[ 2173.656065][ T7726]  ? aa_sock_msg_perm+0xf1/0x1d0
[ 2173.656091][ T7726]  ? bpf_lsm_socket_sendmsg+0x9/0x20
[ 2173.656107][ T7726]  ? __pfx_netlink_sendmsg+0x10/0x10
[ 2173.656131][ T7726]  __sock_sendmsg+0x21c/0x270
[ 2173.656155][ T7726]  ____sys_sendmsg+0x505/0x830
[ 2173.656176][ T7726]  ? __pfx_____sys_sendmsg+0x10/0x10
[ 2173.656202][ T7726]  ? import_iovec+0x74/0xa0
[ 2173.656227][ T7726]  ___sys_sendmsg+0x21f/0x2a0
[ 2173.656246][ T7726]  ? __pfx____sys_sendmsg+0x10/0x10
[ 2173.656300][ T7726]  ? __fget_files+0x2a/0x420
[ 2173.656314][ T7726]  ? __fget_files+0x3a0/0x420
[ 2173.656340][ T7726]  __x64_sys_sendmsg+0x19b/0x260
[ 2173.656360][ T7726]  ? __pfx___x64_sys_sendmsg+0x10/0x10
[ 2173.656385][ T7726]  ? __pfx_ksys_write+0x10/0x10
[ 2173.656410][ T7726]  ? do_syscall_64+0xbe/0xfa0
[ 2173.656434][ T7726]  do_syscall_64+0xfa/0xfa0
[ 2173.656453][ T7726]  ? lockdep_hardirqs_on+0x9c/0x150
[ 2173.656474][ T7726]  ? entry_SYSCALL_64_after_hwframe+0x77/0x7f
[ 2173.656491][ T7726]  ? clear_bhb_loop+0x60/0xb0
[ 2173.656510][ T7726]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[ 2173.656526][ T7726] RIP: 0033:0x7f92fef8efc9
[ 2173.656541][ T7726] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[ 2173.656556][ T7726] RSP: 002b:00007f92ffe60038 EFLAGS: 00000246 ORIG_RAX: 000000000000002e
[ 2173.656574][ T7726] RAX: ffffffffffffffda RBX: 00007f92ff1e5fa0 RCX: 00007f92fef8efc9
[ 2173.656586][ T7726] RDX: 0000000024008084 RSI: 0000200000000200 RDI: 0000000000000003
[ 2173.656599][ T7726] RBP: 00007f92ffe60090 R08: 0000000000000000 R09: 0000000000000000
[ 2173.656610][ T7726] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[ 2173.656620][ T7726] R13: 00007f92ff1e6038 R14: 00007f92ff1e5fa0 R15: 00007f92ff30fa28
[ 2173.656648][ T7726]  </TASK>
[ 2174.072432][T25137] Bluetooth: hci1: unexpected cc 0x0c03 length: 249 > 1
[ 2174.084679][T25137] Bluetooth: hci1: unexpected cc 0x1003 length: 249 > 9
[ 2174.101961][T25137] Bluetooth: hci1: unexpected cc 0x1001 length: 249 > 9
[ 2174.136318][T25137] Bluetooth: hci1: unexpected cc 0x0c23 length: 249 > 4
[ 2174.151518][T25137] Bluetooth: hci1: unexpected cc 0x0c38 length: 249 > 2
[ 2174.372274][ T6529] usb 3-1: new full-speed USB device number 21 using dummy_hcd
[ 2174.504313][ T6888] usb 4-1: USB disconnect, device number 30
[ 2174.547959][ T6529] usb 3-1: unable to get BOS descriptor or descriptor too short
[ 2174.573351][ T6529] usb 3-1: not running at top speed; connect to a high speed hub
[ 2174.583279][ T6529] usb 3-1: config 1 interface 1 altsetting 1 endpoint 0x1 has invalid maxpacket 1056, setting to 1023
[ 2174.589088][T32399] netdevsim netdevsim0 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[ 2174.718123][ T6529] usb 3-1: config 1 interface 2 altsetting 1 endpoint 0x82 has an invalid bInterval 0, changing to 4
[ 2174.736544][T28062] usb 2-1: USB disconnect, device number 57
[ 2174.784643][ T6529] usb 3-1: Dual-Role OTG device on HNP port
[ 2174.793267][ T6529] usb 3-1: New USB device found, idVendor=1d6b, idProduct=0101, bcdDevice= 0.40
[ 2174.826378][ T6529] usb 3-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[ 2174.839798][ T6529] usb 3-1: Product: syz
[ 2174.843973][ T6529] usb 3-1: Manufacturer: syz
[ 2174.850455][ T7732] chnl_net:caif_netlink_parms(): no params data found
[ 2174.872614][ T6529] usb 3-1: SerialNumber: syz
[ 2175.118967][   T30] kauditd_printk_skb: 42 callbacks suppressed
[ 2175.118985][   T30] audit: type=1326 audit(1761128704.211:7005): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=7730 comm="syz.2.9011" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f92fef8efc9 code=0x7ffc0000
[ 2175.144109][ T6529] usb 3-1: 2:1 : no or invalid class specific endpoint descriptor
[ 2175.169288][ T6529] usb 3-1: 2:1 : invalid UAC_FORMAT_TYPE desc
[ 2175.178533][   T30] audit: type=1326 audit(1761128704.211:7006): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=7730 comm="syz.2.9011" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f92fef8efc9 code=0x7ffc0000
[ 2175.201345][   T30] audit: type=1326 audit(1761128704.221:7007): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=7730 comm="syz.2.9011" exe="/root/syz-executor" sig=0 arch=c000003e syscall=193 compat=0 ip=0x7f92fef8efc9 code=0x7ffc0000
[ 2175.226333][   T30] audit: type=1326 audit(1761128704.221:7008): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=7730 comm="syz.2.9011" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f92fef8efc9 code=0x7ffc0000
[ 2175.249208][   T30] audit: type=1326 audit(1761128704.221:7009): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=7730 comm="syz.2.9011" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f92fef8efc9 code=0x7ffc0000
[ 2175.249501][ T6529] usb 3-1: USB disconnect, device number 21
[ 2175.271846][   T30] audit: type=1326 audit(1761128704.221:7010): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=7730 comm="syz.2.9011" exe="/root/syz-executor" sig=0 arch=c000003e syscall=16 compat=0 ip=0x7f92fef8efc9 code=0x7ffc0000
[ 2175.271899][   T30] audit: type=1326 audit(1761128704.221:7011): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=7730 comm="syz.2.9011" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f92fef8efc9 code=0x7ffc0000
[ 2175.271940][   T30] audit: type=1326 audit(1761128704.221:7012): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=7730 comm="syz.2.9011" exe="/root/syz-executor" sig=0 arch=c000003e syscall=16 compat=0 ip=0x7f92fef8efc9 code=0x7ffc0000
[ 2175.271975][   T30] audit: type=1326 audit(1761128704.221:7013): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=7730 comm="syz.2.9011" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f92fef8efc9 code=0x7ffc0000
[ 2175.429202][T32399] netdevsim netdevsim0 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[ 2175.467717][   T30] audit: type=1326 audit(1761128704.221:7014): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=7730 comm="syz.2.9011" exe="/root/syz-executor" sig=0 arch=c000003e syscall=19 compat=0 ip=0x7f92fef8efc9 code=0x7ffc0000
[ 2175.502990][T15334] udevd[15334]: error opening ATTR{/sys/devices/platform/dummy_hcd.2/usb3/3-1/3-1:1.0/sound/card3/controlC3/../uevent} for writing: No such file or directory
[ 2175.633299][T32399] netdevsim netdevsim0 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[ 2176.035130][T32399] netdevsim netdevsim0 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[ 2176.150364][ T7732] bridge0: port 1(bridge_slave_0) entered blocking state
[ 2176.159468][ T7732] bridge0: port 1(bridge_slave_0) entered disabled state
[ 2176.167648][ T7732] bridge_slave_0: entered allmulticast mode
[ 2176.175640][ T7732] bridge_slave_0: entered promiscuous mode
[ 2176.190190][ T7732] bridge0: port 2(bridge_slave_1) entered blocking state
[ 2176.199405][T25137] Bluetooth: hci1: command tx timeout
[ 2176.207302][ T7732] bridge0: port 2(bridge_slave_1) entered disabled state
[ 2176.208481][ T7761] loop9: detected capacity change from 0 to 7
[ 2176.214687][ T7732] bridge_slave_1: entered allmulticast mode
[ 2176.233079][ T7732] bridge_slave_1: entered promiscuous mode
[ 2176.255071][ T7761] Dev loop9: unable to read RDB block 7
[ 2176.288416][ T7761]  loop9: AHDI p3 p4
[ 2176.300677][ T7732] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link
[ 2176.303179][ T7761] loop9: partition table partially beyond EOD, truncated
[ 2176.335308][ T7732] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link
[ 2176.368141][ T7761] loop9: p3 size 4227858431 extends beyond EOD, truncated
[ 2176.483820][ T7763] batman_adv: Cannot find parent device. Skipping batadv-on-batadv check for ip6gretap1
[ 2176.500931][T15334] udevd[15334]: inotify_add_watch(7, /dev/loop9p3, 10) failed: No such file or directory
[ 2176.524865][ T7763] ip6gretap1: entered allmulticast mode
[ 2176.656186][T17691] usb 5-1: new high-speed USB device number 88 using dummy_hcd
[ 2176.756864][ T7732] team0: Port device team_slave_0 added
[ 2176.793321][ T7732] team0: Port device team_slave_1 added
[ 2176.822387][T17691] usb 5-1: config 0 interface 0 altsetting 0 endpoint 0x88 has invalid wMaxPacketSize 0
[ 2176.868819][T17691] usb 5-1: New USB device found, idVendor=1ac7, idProduct=0001, bcdDevice=cc.19
[ 2176.886420][T17691] usb 5-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[ 2176.904691][T17691] usb 5-1: Product: syz
[ 2176.919015][T17691] usb 5-1: Manufacturer: syz
[ 2176.923641][T17691] usb 5-1: SerialNumber: syz
[ 2176.967433][T17691] usb 5-1: config 0 descriptor??
[ 2177.028714][T17691] usbtouchscreen 5-1:0.0: probe with driver usbtouchscreen failed with error -32
[ 2177.967827][ T7803] netlink: 'syz.1.9027': attribute type 10 has an invalid length.
[ 2178.282574][T25137] Bluetooth: hci1: command tx timeout
[ 2178.323000][ T7808] netlink: 44 bytes leftover after parsing attributes in process `syz.3.9028'.
[ 2178.340532][T32399] batman_adv: batadv0: Removing interface: vxlan0
[ 2178.344673][ T7808] netlink: 16 bytes leftover after parsing attributes in process `syz.3.9028'.
[ 2178.812102][T32399] bond0 (unregistering): Released all slaves
[ 2178.902463][T32399] bond1 (unregistering): Released all slaves
[ 2178.915378][ T7732] batman_adv: batadv0: Adding interface: batadv_slave_0
[ 2178.923743][ T7732] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1532 would solve the problem.
[ 2178.949844][ T7732] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active
[ 2178.963232][ T7732] batman_adv: batadv0: Adding interface: batadv_slave_1
[ 2178.970860][ T7732] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1532 would solve the problem.
[ 2179.016238][ T7732] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active
[ 2179.035746][ T7789] netlink: 8 bytes leftover after parsing attributes in process `syz.4.9019'.
[ 2179.055721][ T7803] bond0: (slave dummy0): Enslaving as an active interface with an up link
[ 2179.097059][T32399] tipc: Disabling bearer <udp:syz0>
[ 2179.103707][T32399] tipc: Left network mode
[ 2179.116153][ T6891] usb 5-1: USB disconnect, device number 88
[ 2179.292324][ T7732] hsr_slave_0: entered promiscuous mode
[ 2179.298781][ T7732] hsr_slave_1: entered promiscuous mode
[ 2179.305652][ T7732] debugfs: 'hsr0' already exists in 'hsr'
[ 2179.311431][ T7732] Cannot create hsr debugfs directory
[ 2179.433085][    C1] sd 0:0:1:0: [sda] tag#1433 FAILED Result: hostbyte=DID_ERROR driverbyte=DRIVER_OK cmd_age=0s
[ 2179.443570][    C1] sd 0:0:1:0: [sda] tag#1433 CDB: Read(6) 08 00 00 00 03 44
[ 2179.583820][ T7831] ==================================================================
[ 2179.591911][ T7831] BUG: KASAN: vmalloc-out-of-bounds in tpg_fill_plane_buffer+0x1b9b/0x5ec0
[ 2179.600511][ T7831] Write of size 1280 at addr ffffc90005169b40 by task vivid-000-vid-c/7831
[ 2179.609110][ T7831] 
[ 2179.611435][ T7831] CPU: 0 UID: 0 PID: 7831 Comm: vivid-000-vid-c Not tainted syzkaller #0 PREEMPT(full) 
[ 2179.611458][ T7831] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/02/2025
[ 2179.611470][ T7831] Call Trace:
[ 2179.611477][ T7831]  <TASK>
[ 2179.611485][ T7831]  dump_stack_lvl+0x189/0x250
[ 2179.611511][ T7831]  ? tpg_fill_plane_buffer+0x1b9b/0x5ec0
[ 2179.611544][ T7831]  ? __pfx_dump_stack_lvl+0x10/0x10
[ 2179.611566][ T7831]  ? __pfx__printk+0x10/0x10
[ 2179.611584][ T7831]  ? _raw_spin_lock_irqsave+0xb3/0xf0
[ 2179.611605][ T7831]  ? __virt_addr_valid+0xdc/0x5c0
[ 2179.611627][ T7831]  ? __virt_addr_valid+0xdc/0x5c0
[ 2179.611650][ T7831]  print_report+0xca/0x240
[ 2179.611670][ T7831]  ? tpg_fill_plane_buffer+0x1b9b/0x5ec0
[ 2179.611693][ T7831]  kasan_report+0x118/0x150
[ 2179.611713][ T7831]  ? tpg_fill_plane_buffer+0x1b9b/0x5ec0
[ 2179.611740][ T7831]  kasan_check_range+0x2b0/0x2c0
[ 2179.611757][ T7831]  ? tpg_fill_plane_buffer+0x1b9b/0x5ec0
[ 2179.611781][ T7831]  __asan_memcpy+0x40/0x70
[ 2179.611803][ T7831]  tpg_fill_plane_buffer+0x1b9b/0x5ec0
[ 2179.611859][ T7831]  vivid_thread_vid_cap_tick+0xfff/0x5fd0
[ 2179.611882][ T7831]  ? finish_task_switch+0x18b/0x950
[ 2179.611918][ T7831]  ? __schedule+0x17ae/0x4cc0
[ 2179.611944][ T7831]  ? __lock_acquire+0xab9/0xd20
[ 2179.611963][ T7831]  ? __pfx_vivid_thread_vid_cap_tick+0x10/0x10
[ 2179.611994][ T7831]  ? cgroup_freezing+0x29a/0x350
[ 2179.612021][ T7831]  vivid_thread_vid_cap+0x8da/0x10d0
[ 2179.612054][ T7831]  ? __pfx_vivid_thread_vid_cap+0x10/0x10
[ 2179.612076][ T7831]  ? _raw_spin_unlock_irqrestore+0xad/0x110
[ 2179.612096][ T7831]  ? __pfx__raw_spin_unlock_irqrestore+0x10/0x10
[ 2179.612119][ T7831]  ? __kthread_parkme+0x7b/0x200
[ 2179.612139][ T7831]  ? __kthread_parkme+0x1a1/0x200
[ 2179.612161][ T7831]  kthread+0x711/0x8a0
[ 2179.612183][ T7831]  ? __pfx_vivid_thread_vid_cap+0x10/0x10
[ 2179.612205][ T7831]  ? __pfx_kthread+0x10/0x10
[ 2179.612226][ T7831]  ? _raw_spin_unlock_irq+0x23/0x50
[ 2179.612245][ T7831]  ? lockdep_hardirqs_on+0x9c/0x150
[ 2179.612264][ T7831]  ? __pfx_kthread+0x10/0x10
[ 2179.612286][ T7831]  ret_from_fork+0x4bc/0x870
[ 2179.612305][ T7831]  ? __pfx_ret_from_fork+0x10/0x10
[ 2179.612325][ T7831]  ? __switch_to_asm+0x39/0x70
[ 2179.612340][ T7831]  ? __switch_to_asm+0x33/0x70
[ 2179.612354][ T7831]  ? __pfx_kthread+0x10/0x10
[ 2179.612376][ T7831]  ret_from_fork_asm+0x1a/0x30
[ 2179.612398][ T7831]  </TASK>
[ 2179.612405][ T7831] 
[ 2179.841416][ T7831] The buggy address belongs to a 3-page vmalloc region starting at 0xffffc90005167000 allocated at vb2_vmalloc_alloc+0xef/0x340
[ 2179.854597][ T7831] The buggy address belongs to the physical page:
[ 2179.860991][ T7831] page: refcount:1 mapcount:0 mapping:0000000000000000 index:0xffff88805bbb5000 pfn:0x5bbb5
[ 2179.871029][ T7831] flags: 0xfff00000000000(node=0|zone=1|lastcpupid=0x7ff)
[ 2179.878143][ T7831] raw: 00fff00000000000 0000000000000000 dead000000000122 0000000000000000
[ 2179.886704][ T7831] raw: ffff88805bbb5000 0000000000000000 00000001ffffffff 0000000000000000
[ 2179.895258][ T7831] page dumped because: kasan: bad access detected
[ 2179.901651][ T7831] page_owner tracks the page as allocated
[ 2179.907347][ T7831] page last allocated via order 0, migratetype Unmovable, gfp_mask 0x2dc2(GFP_KERNEL|__GFP_HIGHMEM|__GFP_ZERO|__GFP_NOWARN), pid 7829, tgid 7814 (syz.3.9030), ts 2179552968536, free_ts 2179552804555
[ 2179.926685][ T7831]  post_alloc_hook+0x240/0x2a0
[ 2179.931459][ T7831]  get_page_from_freelist+0x2365/0x2440
[ 2179.937067][ T7831]  __alloc_frozen_pages_noprof+0x181/0x370
[ 2179.942880][ T7831]  alloc_pages_mpol+0x232/0x4a0
[ 2179.947735][ T7831]  alloc_pages_noprof+0xa9/0x190
[ 2179.952676][ T7831]  __vmalloc_node_range_noprof+0x96c/0x12d0
[ 2179.958583][ T7831]  vmalloc_user_noprof+0xad/0xf0
[ 2179.963532][ T7831]  vb2_vmalloc_alloc+0xef/0x340
[ 2179.968389][ T7831]  __vb2_queue_alloc+0x9c2/0x15a0
[ 2179.973411][ T7831]  vb2_core_reqbufs+0xc31/0x1420
[ 2179.978356][ T7831]  __vb2_init_fileio+0x318/0xff0
[ 2179.983293][ T7831]  __vb2_perform_fileio+0x284/0x1600
[ 2179.988576][ T7831]  vb2_fop_read+0x273/0x360
[ 2179.993080][ T7831]  v4l2_read+0x19c/0x2c0
[ 2179.997320][ T7831]  loop_rw_iter+0x425/0x660
[ 2180.001826][ T7831]  __io_read+0x1338/0x1500
[ 2180.006250][ T7831] page last free pid 7829 tgid 7814 stack trace:
[ 2180.012574][ T7831]  __free_frozen_pages+0xbc4/0xd30
[ 2180.017695][ T7831]  kasan_populate_vmalloc+0x1db/0x270
[ 2180.023072][ T7831]  alloc_vmap_area+0xd7a/0x14c0
[ 2180.027927][ T7831]  __get_vm_area_node+0x1f8/0x300
[ 2180.032954][ T7831]  __vmalloc_node_range_noprof+0x30c/0x12d0
[ 2180.038859][ T7831]  vmalloc_user_noprof+0xad/0xf0
[ 2180.043805][ T7831]  vb2_vmalloc_alloc+0xef/0x340
[ 2180.048653][ T7831]  __vb2_queue_alloc+0x9c2/0x15a0
[ 2180.053678][ T7831]  vb2_core_reqbufs+0xc31/0x1420
[ 2180.058626][ T7831]  __vb2_init_fileio+0x318/0xff0
[ 2180.063562][ T7831]  __vb2_perform_fileio+0x284/0x1600
[ 2180.068847][ T7831]  vb2_fop_read+0x273/0x360
[ 2180.073359][ T7831]  v4l2_read+0x19c/0x2c0
[ 2180.077607][ T7831]  loop_rw_iter+0x425/0x660
[ 2180.082120][ T7831]  __io_read+0x1338/0x1500
[ 2180.086543][ T7831]  io_read+0x4a/0x1c0
[ 2180.090532][ T7831] 
[ 2180.092849][ T7831] Memory state around the buggy address:
[ 2180.098477][ T7831]  ffffc90005169f00: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
[ 2180.106540][ T7831]  ffffc90005169f80: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
[ 2180.114604][ T7831] >ffffc9000516a000: f8 f8 f8 f8 f8 f8 f8 f8 f8 f8 f8 f8 f8 f8 f8 f8
[ 2180.122666][ T7831]                    ^
[ 2180.126739][ T7831]  ffffc9000516a080: f8 f8 f8 f8 f8 f8 f8 f8 f8 f8 f8 f8 f8 f8 f8 f8
SYZFAIL: failed to recv rpc
fd=3 want=4 recv=0 n=0 (errno 9: Bad file descriptor)
[ 2180.134800][ T7831]  ffffc9000516a100: f8 f8 f8 f8 f8 f8 f8 f8 f8 f8 f8 f8 f8 f8 f8 f8
[ 2180.142859][ T7831] ==================================================================
[ 2180.150956][    C0] vkms_vblank_simulate: vblank timer overrun
[ 2180.251500][ T7823] bond0: (slave dummy0): Releasing backup interface
[ 2180.356300][T25137] Bluetooth: hci1: command tx timeout
[ 2180.438000][ T7823] A link change request failed with some changes committed already. Interface hsr_slave_0 may have been left with an inconsistent configuration, please check.
[ 2180.510252][ T7825] Bluetooth: hci4: Opcode 0x0c1a failed: -4
[ 2180.544682][ T7825] Bluetooth: hci4: Error when powering off device on rfkill (-4)
[ 2180.575236][ T7831] Kernel panic - not syncing: KASAN: panic_on_warn set ...
[ 2180.582548][ T7831] CPU: 0 UID: 0 PID: 7831 Comm: vivid-000-vid-c Not tainted syzkaller #0 PREEMPT(full) 
[ 2180.592266][ T7831] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/02/2025
[ 2180.602310][ T7831] Call Trace:
[ 2180.605576][ T7831]  <TASK>
[ 2180.608489][ T7831]  dump_stack_lvl+0x99/0x250
[ 2180.613062][ T7831]  ? __asan_memcpy+0x40/0x70
[ 2180.617633][ T7831]  ? __pfx_dump_stack_lvl+0x10/0x10
[ 2180.622829][ T7831]  ? __pfx__printk+0x10/0x10
[ 2180.627411][ T7831]  vpanic+0x237/0x6d0
[ 2180.631405][ T7831]  ? __pfx_vpanic+0x10/0x10
[ 2180.635921][ T7831]  ? preempt_schedule+0xae/0xc0
[ 2180.640774][ T7831]  ? __pfx_preempt_schedule+0x10/0x10
[ 2180.646152][ T7831]  panic+0xb9/0xc0
[ 2180.649883][ T7831]  ? __pfx_panic+0x10/0x10
[ 2180.654304][ T7831]  ? _raw_spin_unlock_irqrestore+0xfd/0x110
[ 2180.660208][ T7831]  ? tpg_fill_plane_buffer+0x1b9b/0x5ec0
[ 2180.665858][ T7831]  check_panic_on_warn+0x89/0xb0
[ 2180.670806][ T7831]  ? tpg_fill_plane_buffer+0x1b9b/0x5ec0
[ 2180.676450][ T7831]  end_report+0x78/0x160
[ 2180.680691][ T7831]  kasan_report+0x129/0x150
[ 2180.685195][ T7831]  ? tpg_fill_plane_buffer+0x1b9b/0x5ec0
[ 2180.690839][ T7831]  kasan_check_range+0x2b0/0x2c0
[ 2180.695778][ T7831]  ? tpg_fill_plane_buffer+0x1b9b/0x5ec0
[ 2180.701416][ T7831]  __asan_memcpy+0x40/0x70
[ 2180.705816][ T7831]  tpg_fill_plane_buffer+0x1b9b/0x5ec0
[ 2180.711274][ T7831]  vivid_thread_vid_cap_tick+0xfff/0x5fd0
[ 2180.716999][ T7831]  ? finish_task_switch+0x18b/0x950
[ 2180.722188][ T7831]  ? __schedule+0x17ae/0x4cc0
[ 2180.726848][ T7831]  ? __lock_acquire+0xab9/0xd20
[ 2180.731678][ T7831]  ? __pfx_vivid_thread_vid_cap_tick+0x10/0x10
[ 2180.737816][ T7831]  ? cgroup_freezing+0x29a/0x350
[ 2180.742740][ T7831]  vivid_thread_vid_cap+0x8da/0x10d0
[ 2180.748011][ T7831]  ? __pfx_vivid_thread_vid_cap+0x10/0x10
[ 2180.753709][ T7831]  ? _raw_spin_unlock_irqrestore+0xad/0x110
[ 2180.759579][ T7831]  ? __pfx__raw_spin_unlock_irqrestore+0x10/0x10
[ 2180.765881][ T7831]  ? __kthread_parkme+0x7b/0x200
[ 2180.770795][ T7831]  ? __kthread_parkme+0x1a1/0x200
[ 2180.775796][ T7831]  kthread+0x711/0x8a0
[ 2180.779844][ T7831]  ? __pfx_vivid_thread_vid_cap+0x10/0x10
[ 2180.785545][ T7831]  ? __pfx_kthread+0x10/0x10
[ 2180.790126][ T7831]  ? _raw_spin_unlock_irq+0x23/0x50
[ 2180.795318][ T7831]  ? lockdep_hardirqs_on+0x9c/0x150
[ 2180.800508][ T7831]  ? __pfx_kthread+0x10/0x10
[ 2180.805089][ T7831]  ret_from_fork+0x4bc/0x870
[ 2180.809659][ T7831]  ? __pfx_ret_from_fork+0x10/0x10
[ 2180.814750][ T7831]  ? __switch_to_asm+0x39/0x70
[ 2180.819491][ T7831]  ? __switch_to_asm+0x33/0x70
[ 2180.824230][ T7831]  ? __pfx_kthread+0x10/0x10
[ 2180.828802][ T7831]  ret_from_fork_asm+0x1a/0x30
[ 2180.833548][ T7831]  </TASK>
[ 2180.836807][ T7831] Kernel Offset: disabled
[ 2180.841115][ T7831] Rebooting in 86400 seconds..