last executing test programs:

16.779125219s ago: executing program 1 (id=358):
r0 = seccomp$SECCOMP_SET_MODE_FILTER_LISTENER(0x1, 0xa, &(0x7f0000000040)={0x1, &(0x7f0000000000)=[{0x6, 0x0, 0x0, 0x7fc00100}]})
r1 = openat$rtc(0xffffff9c, &(0x7f0000000040), 0x0, 0x0)
ioctl$BTRFS_IOC_TREE_SEARCH(r1, 0x7005, 0x0)
openat$dir(0xffffffffffffff9c, 0x0, 0x0, 0x0)
ioctl$SECCOMP_IOCTL_NOTIF_RECV(r0, 0xc0502100, &(0x7f0000000a40)={<r2=>0x0})
ioctl$SECCOMP_IOCTL_NOTIF_SEND(r0, 0xc0182101, &(0x7f0000000200)={r2})
prlimit64(0x0, 0x7, &(0x7f0000000000), 0x0)
r3 = syz_open_dev$loop(&(0x7f0000000200), 0x7fffffffffffffff, 0x44000)
ioctl$LOOP_SET_STATUS64(r3, 0x4c04, 0x0)
ioctl$SECCOMP_IOCTL_NOTIF_RECV(r0, 0xc0502100, &(0x7f00000003c0)={<r4=>0x0})
ioctl$SECCOMP_IOCTL_NOTIF_ADDFD(r0, 0x40182103, &(0x7f0000000240)={r4, 0x0, r0})
ioctl$SECCOMP_IOCTL_NOTIF_SEND(r0, 0xc0182101, &(0x7f0000000280)={r4})

16.592943124s ago: executing program 1 (id=359):
r0 = open(&(0x7f00000004c0)='./bus\x00', 0x143042, 0x20c)
fsconfig$FSCONFIG_SET_STRING(r0, 0x1, &(0x7f0000000000)='#\\\x00', &(0x7f0000000040)='#:\x00', 0x0)
ftruncate(r0, 0x103f)
mmap(&(0x7f0000000000/0x600000)=nil, 0x600000, 0x7ffffe, 0x12, r0, 0x0)
r1 = socket$inet_udp(0x2, 0x2, 0x0)
r2 = syz_open_dev$usbmon(&(0x7f00000005c0), 0x0, 0x0)
r3 = syz_open_dev$usbfs(&(0x7f0000000340), 0x20000007d, 0x0)
r4 = openat$cgroup_ro(r0, &(0x7f0000000200)='pids.current\x00', 0x275a, 0x0)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0x2, 0x28011, r4, 0x0)
ftruncate(r4, 0xc17a)
r5 = dup3(r2, r3, 0x0)
read$FUSE(r5, &(0x7f0000002640)={0x2020}, 0x2020)
getsockopt$inet_udp_int(r1, 0x11, 0xa, 0x0, &(0x7f0000000180))
r6 = socket$nl_route(0x10, 0x3, 0x0)
sendmsg$nl_route(r6, &(0x7f00000005c0)={0x0, 0x0, &(0x7f0000000580)={&(0x7f00000013c0)=ANY=[@ANYBLOB="1c0000008100010700000000000000ff070000000000000004000b00be7ba1016c61740420da61b58a5fa68bb8ff4bd141000000005270d798e65931806f977565cdeabff86956dac782"], 0x1c}}, 0x0)
r7 = socket$inet(0x2, 0x4000000000000001, 0x0)
r8 = socket$nl_route(0x10, 0x3, 0x0)
socketpair$unix(0x1, 0x5, 0x0, &(0x7f0000000480)={0xffffffffffffffff, <r9=>0xffffffffffffffff})
ioctl$sock_SIOCGIFINDEX(r9, 0x8933, &(0x7f0000000080)={'bridge_slave_1\x00', <r10=>0x0})
sendmsg$nl_route(r8, &(0x7f0000000140)={0x0, 0x0, &(0x7f00000000c0)={&(0x7f00000003c0)=ANY=[@ANYBLOB="54099f0010000100000000001100000000000000", @ANYRES32=r10, @ANYBLOB="000000000000000034001280110001006272696467655f736c617665000000001c00058005001c000000000005001b000000000005001e0000000000"], 0x54}}, 0x0)
r11 = openat(0xffffffffffffff9c, &(0x7f0000002100)='./file0\x00', 0x0, 0x0)
getdents64(r11, &(0x7f0000000380)=""/4109, 0x18)
setsockopt$inet_tcp_int(r7, 0x6, 0x80000000000002, &(0x7f00000000c0)=0x70, 0x4)
socket$nl_generic(0x10, 0x3, 0x10)
r12 = openat$ptmx(0xffffffffffffff9c, &(0x7f0000000040), 0x0, 0x0)
ioctl$TCSETS(r12, 0x40045431, &(0x7f0000000100)={0xffffffff, 0x0, 0x0, 0xfffffffe, 0x0, "2af01c3d0040fbffffffffffffff00"})
r13 = syz_open_pts(r12, 0x0)
ioctl$TIOCSTI(0xffffffffffffffff, 0x5412, &(0x7f0000000240)=0x13)
ioctl$TCSETS(r13, 0x5402, &(0x7f00000002c0)={0xffff, 0x0, 0x0, 0x0, 0x0, "db2d416fbecfb84b5452b768e08ee2df361089"})
ioctl$TIOCSTI(r13, 0x5412, &(0x7f0000000140)=0xa)

16.276118276s ago: executing program 1 (id=360):
r0 = socket$igmp(0x2, 0x3, 0x2)
setsockopt$MRT_FLUSH(r0, 0x0, 0xd1, 0x0, 0x0)
syz_open_dev$sndctrl(&(0x7f0000001440), 0x0, 0x0)
socket$nl_generic(0x10, 0x3, 0x10)
r1 = socket$inet6(0xa, 0x4, 0x9)
r2 = socket$nl_xfrm(0x10, 0x3, 0x6)
sendmsg$nl_xfrm(r2, &(0x7f0000000180)={0x0, 0x0, &(0x7f00000001c0)={&(0x7f00000004c0)=ANY=[@ANYBLOB="3c010000190001000000000000000000e000000100000000000000000000000000000000000000000000ffff640101000000b153000000000a00000000000000", @ANYRES32=0x0, @ANYRES32=0x0, @ANYBLOB="000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000008400050000000000000000000000000000000000000000002b00000000000000000000000000000000000000000000000000000000000000000000000000000000000000e000000200000000000000000000000000000000330000000000000000000000000000000000000000000000000000000000ef00"/244], 0x13c}}, 0x0)
syz_emit_ethernet(0x4a, &(0x7f00000001c0)={@local, @multicast, @void, {@ipv6={0x86dd, @tcp={0x0, 0x6, '\x00', 0x14, 0x6, 0x0, @local, @local, {[], {{0x0, 0x0, 0x41424344, 0x41424344, 0x0, 0x0, 0x5}}}}}}}, 0x0)
socket$alg(0x26, 0x5, 0x0)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
sched_setaffinity(0x0, 0x8, &(0x7f0000000040)=0x10001)
r3 = openat$hwrng(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0)
preadv(r3, 0x0, 0x0, 0x0, 0x0)
bind$can_j1939(0xffffffffffffffff, &(0x7f0000000080), 0x18)
r4 = socket$alg(0x26, 0x5, 0x0)
r5 = socket$inet_tcp(0x2, 0x1, 0x0)
socket(0x0, 0x803, 0x0)
r6 = io_uring_setup(0x410f, &(0x7f0000000200)={0x0, 0x0, 0x0, 0x0, 0x255})
r7 = eventfd2(0x0, 0x0)
io_uring_register$IORING_REGISTER_EVENTFD(r6, 0x4, &(0x7f0000000000)=r7, 0x1)
io_uring_register$IORING_REGISTER_BUFFERS2(r6, 0xf, &(0x7f0000001580)={0x3, 0x0, 0x0, &(0x7f00000014c0)=[{0x0}, {0x0}, {&(0x7f0000000280)=""/4096, 0x1000}], &(0x7f0000001540)=[0x0, 0x0, 0x4]}, 0x20)
io_uring_register$IORING_REGISTER_BUFFERS_UPDATE(r6, 0x10, 0x0, 0x0)
r8 = accept4(0xffffffffffffffff, 0x0, 0x0, 0x0)
r9 = bpf$PROG_LOAD(0x5, &(0x7f00002a0fb8)={0x3, 0x4, &(0x7f00000008c0)=ANY=[@ANYBLOB], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @sched_cls, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x90)
sendmsg$nl_route(0xffffffffffffffff, &(0x7f0000000280)={0x0, 0x0, 0x0}, 0x0)
r10 = openat$uhid(0xffffffffffffff9c, &(0x7f0000000000), 0x2, 0x0)
io_setup(0x2, &(0x7f00000004c0))
openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000000)='cpuacct.usage_percpu_sys\x00', 0x275a, 0x0)
syz_usb_connect(0x0, 0x2d, &(0x7f0000000000)=ANY=[@ANYBLOB="120100001e61e410b1134200557b0102030109021b0001000000000904000001cf28fc000905822fe9"], 0x0)
sendmmsg$unix(r3, &(0x7f00000053c0)=[{{0x0, 0x0, 0x0, 0x0, &(0x7f0000002f40)=ANY=[@ANYBLOB="1c000000000000", @ANYRES32=0x0, @ANYRES32=0x0, @ANYBLOB, @ANYRES32, @ANYRES32, @ANYRES32=r1, @ANYRES32=r0, @ANYRES32], 0x70, 0x8005}}, {{&(0x7f0000002fc0)=@file={0x0, './file0\x00'}, 0x6e, &(0x7f00000032c0), 0x0, &(0x7f0000003440)=[@cred={{0x1c}}], 0x20, 0x44000}}, {{0x0, 0x0, &(0x7f0000003540)=[{&(0x7f0000003480)="8cd7f4c21dbe980b1dd0481d285ebd3e24461ce7d48febf7a501c8d48aa3de2e573a1286a606030512a0cdfb42e4db234430278d2c833937c1a79ae3cea090e4858924e9cc47521590ea2bd007d2ed75fe22bae03a8441fd2398e8f4f8a08050491f73441e0e0399618c422d6d29136b0a26e707306140f72235d5644f157785750e1d2e816a80bf66893251fad0a85fd010cd6314dc63b681d13dc45da9dfdafd60fdee8654bccb34f0e5dbb1e7e22140f1e2d5ddaf6e40fc30003e32b255", 0xbf}], 0x1, 0x0, 0x0, 0x48}}, {{&(0x7f0000003580)=@file={0x1, './file0\x00'}, 0x6e, &(0x7f0000004b00)=[{0x0}, {&(0x7f00000036c0)="4898055557a8e48f56e89e2a8d2b7f7410aa1ef8379bbd7d67581ef60babb140ffca0a5816ec775759134c00df475ee099ad8ce489153107b9d4b89d47a5094ab47149608f17d984bcb20c467b89d1309b9a604f2a20a619d5", 0x59}, {&(0x7f0000003740)="7ce9a544c88f9179ad1d5529d9ce2d0ce5c77a49fd", 0x15}, {&(0x7f0000003780)="baa5e2254a6428693c395f6e55729a3cb97a51106e2c0742323d2e5adc66ac703244ee840ce7902b36f9583d44780a6c9ee106e019609f556df577ac1dbe5c066b1fdf689ede02decef7d3e1522a6eedcadeb77278efd88c3ea26593a8ac66a2a2eb96dc6b6ab8360d08e626", 0x6c}, {&(0x7f0000003800)="17064631f490a0d642904c62b371fee452d29aaab44f186e1072e438eac470f0addfb3aa4df99b2c73299988cf72bbda22d6eb35c56343b03a037dc1c0a64aaeab3387f5d78148d2b77f5638a65791dd55", 0x51}, {&(0x7f0000001780)="3053d8392edc2ea9897525c7d852ffd4e836b8dd85b56bb6fee0b51df20369b05e3590b011e5c4393ed59a4071cd7c051cf63f9837f14abeebb83eb631e48eb7053fa7a6b1db701ba2d0ac9e21f39e2c3e6c8d8fbba05a9e166b45064e35b7db7ffc730e1c6f98980bdab4a4c479e5bafb8da28e9bd89c77e52a59d19771ffe13d52489db1a62a314a547a0a", 0x8c}, {&(0x7f0000003900)="d5d9d722ca8fa934b87a4ea730d95b6e2fe6f6bdfa5e5d051c518d", 0x1b}, {0x0}, {&(0x7f0000004a00)="efe1f4595da70a588c0d60f5c4c5610c8ef3ca98bb549c155fb1254c856699362fceb227a5d84698b10c6216a1eaf6302cd44b64800b6e5363e9ba85bab87c820ba23b3bae176f5b6c72b55f8db15b7400dac809eec963cca5d0cae08a710e3a49f309e7f117c7496cfc99c846bce5ee7c81022312aab46230b04dd41528711b3ce6a74f30e88cea27dd707c9b00d192e442274453b35c697b68b2ab4c8abe8eaf83d62c314acf8f73d30dcd1e171614", 0xb0}], 0x9, &(0x7f00000000c0)=[@rights={{0x24, 0x1, 0x1, [0xffffffffffffffff, r4, r2, r9, r10]}}, @cred={{0x1c}}, @rights={{0x24, 0x1, 0x1, [r8, r3, r5, r5, r2]}}, @rights={{0x10}}, @cred={{0x1c}}], 0xa0, 0x28000801}}], 0x4, 0x40004)

14.265459924s ago: executing program 1 (id=365):
openat(0xffffffffffffff9c, &(0x7f000000c380)='./file0\x00', 0x40, 0x0)
r0 = openat$fuse(0xffffffffffffff9c, &(0x7f00000000c0), 0x42, 0x0)
mount$fuse(0x0, &(0x7f00000020c0)='./file0\x00', &(0x7f0000000100), 0x0, &(0x7f0000002140)=ANY=[@ANYBLOB='fd=', @ANYRESHEX=r0, @ANYBLOB=',rootmode=00000000000000000100000,user_id=', @ANYRESDEC=0x0, @ANYBLOB=',group_id=', @ANYRESDEC=0x0])
write$FUSE_INIT(r0, &(0x7f0000000040)={0x50, 0x0, 0x0, {0x7, 0x1f}}, 0x50)
syz_fuse_handle_req(r0, &(0x7f0000008380)="000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000002000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000080000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000dc4e00000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000400000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000ba045abcd5dfc67d000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000230000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000050000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000a000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000008000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000209bfd66eea210560000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000020000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000040000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000001354c4b600", 0x2000, &(0x7f00000062c0)={0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, &(0x7f0000006340)={0x20}, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0})
syz_fuse_handle_req(r0, &(0x7f0000004200)="2e749e8cc85e6b0ee5df5723d688df544b556c55827971aac8755cf20fb368f051592f0f11cded477b6e2cccf88f63b6b9a785545c9ad2e3f802634ea9be5a9422a3e3a4fb5a31f9f1370b9b2ed84de8ed3434130a8e4a2a43da16c9ccb794ef54d69b6bbbc22f760968086c5015f2ea4a3c2b3ffb6c6f496728caf07383f8c92c266b5fd8737820d4109bb0d222215bba6ff978da9da26b0e58e3ebc39d3e4240585581b5ef46c07d31f59fddc66bcac21c633bf2d4a2035b29a8a7b5e88007827579c3abb9db30a25cd264de86a793d03c9e3fdfd8f30342d07764a52991a8280925eee8c387df8b3e0bb1d19110937271822237540ac0a56c940e966a21059bed07f4f72e2d39a9d660ec5825a14da750cbeee159dbef9449abdcc021df8e64785e78b41eb0ab9d7498cb2d5fa800d9fc0f44a6fe0be3a024d48cda95fddbcee3e5f6289cc2b184cf80b714a13922545dd9c14fc771f6ce08557b9ca99a4de6193155cda1164752707b78fa0e241dcdc7a70debb7ef136279e5e5aff42ed8eac8c46ac4471a056508b6bbe70d05530c906206780901bf45aa23d128956397d35329370cd248693285f86ffa28495721c1bfc49916c6e8daf36c18307f1997e7061e9763b79115f433bab381a84bf99031dca8d3f6354cbb6ef7de9609f36a41eff8894ce84a4baa53a1a75727005e1004f21cf6fce6f36821a10dc53fafb17a8be2d7f856b3bf746c8f3d0807c3f526f533fc5ccb7632f77e5652153477c120b2b93fef9b387a6bcd13f8805ffdb4112820a864188dfcbe67028caf8d267dae2c479ffd0415ce9756d268902c8f41c23734cdce58fbabcbefd7673f678c6796f2eaa21fbad557d5262b2b037cfde6a3536eb3cf3f4bdebcae638a2c63fe7677fcd7b8dbd9fe6b828f46dd7513abe880701c2005972b1208c8575f7a42a227f7ef355e61aa03f2f6514552aa767e50cb086633c556fd8c43494fc5278e179d2ebc2d7a86c88dd051e360bc2e226a64d412451904d301f93ebf232e367972781ffc91b51b4b160a5c571fca00b764add93a67d227ef5359a38d3e6444956940b66586a80b3dbd63255dc07ed3300a71cedec6d5ab9a5a0fe81c134426890f456a9fb9deb638fc188ec9e235d8bdc848febff19817e29f7a4be331b822110725bd3617096becf7193bc918d31dc02198ef314e7ff408c5bb3a2c6469d2b2312b2eca2b2bfbfc92a5822bdb308de0b533b762e1ccfcfbaa69a08102eb4de20b625f01cb22d27febe953547990ead464d87286407db7e7bc9e8f561c217273ee7acc656645bdc749afe289806c01b365f685d1b18425d3a0d1fa4ccce2fb44c46469fd5d34d4db9d4ffdbfc249d34cabe564d5ca193276dcf04a36c90fb15dfa552c987c0a611ed96602f47a0b3c3bcd7e0981020abf1c0b5cb48029485f644f3801037173a46f5886de9cfd388c8dec8a02762a1fbfd22698579176f1feecc8f177ed762a8d3daf4f43a3cf94ec7282a07747478cd5eb84b88786a8793fcc270937f6483e80612d4acdec8a88df226f172aaf530d0552df5f3adcd6dd13cc719c24d20847d6a7c73927c9696c7095a7582062c688f7712e8924d97df16405a2d5e571a1d06734761537b479824b4b961c8a7fa92f3a5f7ca95155e1291e10521204ba253e82ccb553f562bead4d02b5b1b10132349eb973149eb9f0bfd48d1bfce86f73d13ffa2b76f72677cf5ef92b67b8d8b02d7320ba5afe6049eeacd2c223e13c8ea5f231e25e8090143e235c457bc549b981a18c30e12f5954f54ede63c56e3edf63b4c20f01aefad3d3bfddb41b40673636caa2fc9ccf2e6124c7a32a1b472ff1b0e74da2777bb84ea51468519d03bd077afd8e36ed0e67d1060e5feba19c09fc63d8ecf5e10fa650a931a47a00439fc96f2ed4bad1d70c50cf1d4963267db0585e4ac3b605bdfa5aa90e1d3e407beba7b4e131b6af563b0e90f57fdb11f7da417cc0f38abd53060f56ae2d4da094d709b9b207aec1f9686c9c9352705453a189151c3278b7736929ffe93fa94143533919464888f08059cb915f7f2ee37bdc2c2d30305ef6407aea7d9f89c0d35ec93c6fcce964cbf7f912c5b2695b8a6983fa83ac5e0a0eaf78f134c211aa34a922b9458cafd072b49cb187b211d612e02b8f7749eb3b136bafc655a8b3d4e9961fc3043754930a4e7bdcce1883421e189e9c0b1268f1f95b9177347073898ff011482427c43decad44c8ff020fbe7d3680c76898d7f538e189720d42dbdef4229e13bb7fe448aa6238eeaf0d81dc7b03b5136edf865a996ed545dc5c0ad4659da7d01731705b0d9733ec5996d70eb62ef11534f19080f95226d0fa02771f53583f67166845ab1143fc804e23d6368597dd168a1ae0517cad84f04bbf036a9a04a7af8f67fb91b2934a473ccc5bdcce134c9a10c10d81afbaeac63c2706d74e464164249f5fba82d0be6b4e82415ea644009aa4a443fe9b80717b5d104986e60a13b335e228085b6390a110451523aeefcf603b124202c5d47349ff8a67c3871312602e30bd00dacd5b6e9ae2c4afbd590af002ff62cb8a30c64a3bc843ebfaf6c9cb102ccdc2f05aa57f240632966bcc7fb73b550922bd7dc183eb5b488a83c7ef0269f4c9b92592357ec0eca5a14c330202c87d8fe6f7a4350bad8dc29d1de33aecdd10dc2329c7cff90c8087251b948f58b864d4e7d6c5e5d800c2e7741273356b13c3277e8f60242cde5aee19bc5c55a240025e26bbb893a5b2f39dd77a24604d445ed5b22988fe530e952229e84b5c05f9521e014eadeef4565a0a9c57b9bb007b4177bdd8ebc87abcbc0317cf2988be2518291c0d89e0141a7cd0e2f37e4db94cab5204f804ec0d0fb0819dda879328cf675be07cc58d8f8b50ee56670229e8a7839a33831ea005a87eb84b3e644040915e8eb44055b7d90e23a3970e87957abceb632ec284438bfda423cd547ef14d786f36db71684cda4235b067408d85c544ea257bd75a2e4935fd325a6aaf57664c5430dd24d4588b2774c08f376bf606391d1199347281042431d0e1b6bb7f46fe4502d67ebb3f0469800a17162dddb37f7ca2c1951b8de5da108065aa933a9e04eab95f6018d3326fba38e33b5a701022244b0888f4a643b333cf18db2f37cf2dcbb86f20fecddbaf186987c7901b74376aad2b99829a478a2d68c0ca48cfeff10cc27110febbc37d33db56700f909e266ac33b60090a2f38f0b3557ad094d7d42dfdcfb27cf538cc121b1ca181362290cbf90e73c60cca5ce62cbd6ab49c39aab5054aee6de4dc2caf56079180c964dff0191185fec1065c508249db0e21391e00eaffae3300a19c462b09d76831262fa177923f02095c1f57595f560feec1d786edea504ba32dd39dc0b96d7d0f859709540baa8043f26deb237ee8425bf8069be89bcafabdbccc671ccad77f878f73cc08f230243a640a9c1675e395e41908899e5f3e579f7940239a042d9a95a392cea4def19696941e155b84163e5d398eb10a43adbd0054d175d0ecfc151c15df09eee236f0f8da5c373e851c56e8d3d80b5284f17f5a9b0a72a27a3400b4e2b3188a51d2352b991d6b4d97b3c6b2d0a184907ff3f4afbc22d5c72d79db1dd936a9df2757b1cf03cdef3c0367fe873074aecd48bc62ba63246682837625b4187b2273de35b6e7a0982fc62630193eee7c090d279b6513db822c3375c829c86ee57104e2049a410f521de405916b90018e8b81f457cd9294ac0eaec1627ff8954572ba7009f0504cac8be8fe1eaebda0e426be956061595216108332067ebc18e46ac9aa200d85ba60f0357148c9cdfffea9a7795a7dfe7d99bb045602685a28032e0475b96da0d576737e05b38401e1f8c3abc8b34a21bd08dfa492ef0d4496569f4a3eb52fc12486a15786a87b5c1b5ae2df6d9d75f4615a664e54b2fa0968507acde7a07f6435ab8bd84d0e6e9eb8cd6c78ea69a6679a53564f88f224d7d4f4ec8d19739a3863f0f1eea35db1aa4ba4ef180025258c7f1c377603948372be9a22da66ca56a945908c274dcc4515a6253d9383dcf17a65d474863735c1b8655840446d31a5954bcc3581ad465d019c9ce240b75ff9d20e226d398687c78d21cc8899f5ba6397ee7bd8cb1875feb9a24b4abca8ddeecc7dfb03927a7fe7129d91fd3743932167b5a2995a5e4128b7db18cf6978de20af22018cfa0dd97af0fca0763be77b64d91dd5f31b5a65f12a32aef11954c05d9a7372362cec82c30a98eb4dce5548f73d8fa92c5e8dd44b054b323e3b153872eb8e8ba36c2f062f0bcfe762d41091d8dafffe71db31e9961312f1eeda0c3f3ff8a558468f05e8a3123086714b6980003a85afaeda65c6505d6586fe2f3ad773ef09d8c0deeab879c6895492d14ff01dffe8b65abc935a7c574acaeda6cbe624f1b4b733075b4d8028c9bfaf8f66b8078b98d1210c3afee89159e9e9c03861e062b7219462fb88643637467c0998682ffca0fd5f71a1840ef802d09ad0555774c7bb54fe5c413e2a1734c4be29f25fc58f65adc22ac294bed58fa69e24d3a9a6fce9e2d60f238809979d4c1db26d121f2f013fe5918b786a7b7f88226b92b40df9852b83b47dda5e876fa46961224511a947ff5b354a9a4064eebea9e22eb7a24953a02c5f640b9163eab5fce85b23be2d4c7ec014b5f8d32e0a798fdc2f8e905673bb02c7dd9a44be1741f6649379df146f18d64b428ae9840bf3323afeb3a2be43645341ca720be7b305d13de56a999875ab304786661594216c34ff6fc5e47f5a4e05ae6f8d64e5a7c598d4464b4a5a9d3f908015caeb39f635379af90c20a2dfee20aaff5ed5bc8646770333d29a4352a90f37c0ad33afda265f7c2fbdf4ae19d774620525f6cd9324aa009aac01ba58487c4b298753d03c72584205e3d92b64d933fa5f844d242ed0eb0b55793ef2c91e6483558089a533808dd41167e52e526f786b1953068c4807211725f64bfc745ef79c2a7c9400d2ba61113f10118fa54a91d6b531adddf5ecf6ec764f1e58ecedfa8ba08dc36c7cb91f74c77bd2e02ed878cdee30e8d0cf81b476589367ae2b67d65d2dcec5776d095a4b25f1145387a545c2ce0694827058c18783f6f0316770c2e01615785719f140e6765855272318175f4eb572e47c83404591489fe37ecb29379805a176d7969fa4148644f0b3e3ce9669b9dd1cc06881a11bf947a5518dc985714fbb3b428576b2daa7c1a31c1388faf03a73bd046df8ae6c4dbddd65739407bd827c419880cb76e7bf9db5718b50d899a9b01c8fec01befb0d6e72fc86e56df84716a70e1790246d36dbf6135d815f0cbab6c1ecaf89253d4063852cb1e11aef274b085ce2d7776e9abe075072bb39da5494c8c490e3547005a0763c6774546a73073d849310ca961c4c083ac2fc1e13a92460b8996b8d87e6abd420146a044658ac6859f2ec472b668dedd9af1b54388b55341bd66b7c90379a5b52e2db905d0e6a8341193af03f254044d194cf27eca879630c16da9c093586a1a6e42dcd5722e47c5e0c6070d3229e139e809307d2ddc4b9b7cdfb331df49ab3098a2e1121523ee810f2a28055beb88b0aa5cf93f87d366f4013c35c1c743f374e4c5b0e6005cf9429386d687450cd172b6a22049521682407315511c1311a3af4020c66a385e3a652c787fbcb1baf4e611d31e4cccd049cee851ac4f6077a2e9f2395420c3f6991e84b2cb9e331ef7d5da014e73fe6f5de2d07e372236f541650cdbee4c02d25d03b1cd3e9384a3004507061d4d8b897350d709f6643d40f16279e46529e9d4f58e0466e7df46c15fd43997f83574ce4f46f7a09123e7762014bd14b45d1cc8b28ef7de8aa8da2c63fa6e4b990c10aec5f6f3806b03f5e7d2c32cc206fb4af14f61c2b8ba117db15b57a1fb21bfd40f3b4fe1383b8043bd0ca7a75ddc0d6975432c211192024314722584e4dfd17b5d5ae40d27a257646ef20fbcd86e6a970d4506181f939b4719c634f66aba9c4d3ea4b18697dffb113344be354a1ba0a37973fbba6d569980522cd1dc398751f80a1a30ed368a2f513c101dc2aa3a233880847226437f56bb8ab9642281d867c80fc6dffe1f99807a00e55f0f2a8d16abb288e5ff87dca32c024c6a1a0a5588e704ab4bc3ddbcef6a7bc2d8a35de5a1cee5fa64d9e940d9c1fca2273a9fe520c555e3b076a6bacbe58f241ae24b36faba35541d747f277acfc7fb374070a259a659550b9d2d158b02d1902a71b382304c94771f380029ccd8c66b8ef2eea3319d810cd9088b81288c2af36c9e423f974a9a84ca6ea5aae1e9128aa7996ca154c2bcb70082d8eaa57bf8d9a0534deaa0b823916c87bc2b94bb68bc1b4cbf4728e23d4e1663c1d036e3a1342477d3303cba94f495778da51214f26d3cb765c7398cef04f0db6daf25d33b92b574cd4b9c85d69b296b153be60ad9ecba6abbd9b206af7495be5c1536aabeffae39d377e8b4c1425a66c496de9d4b83abf12f63ef2d2e02fbfb40a3ffc4cfb19c8ae0649dd71179c7c4338a6eaa6f51d4abb1aaa27218b4d2b68638b15174e6a4509eb0b9275e7468633244fddaed550e1c20cf256a0828348bbb915e70113cf8033ebca53bf35d06c8cbb09a3e1326a7209f011dc9cff55e192e64670dca28e57358089d06830f113fe06ac7f9dc0f3cf49687b45599d18c6affd99268192747bc4dc9be2d854baedf0d81b4d1eff347fbec4a0b4f8e2a94ece2c0217c9e3bd8dd43ba922a219f00cf2de35de84ef8e62fa983044bf5d4e5cdb31de8cf11aa148a936320bec00b26127d7ff24a555117aa449ec6f9d0ba98410d7ca0450cd99992d92670cf5ba59cb551f76c5060e3f618f46fb5176982d8f246cfa811d209b8f61cd00758a129bd6941da2451f1a19dd612425c97f152570e4e62db9aba7d148ed5e4e333068aeb2625ecf43c0ad9092638f688b8ee3e62780cc2befec03c5428a9376ae7e2ee17bc585ecd60cc8b46f268b793b9d74f20d475ab1b05f0ebda051630d003b424cf376a083663bff163756888dde2fa3385c7faac40472de6e1882b9131f9b9a755fb827a996a534077b85ea760077280d8dbf4988496720a64fb8e2c96afb69d529516bfa8f7e81d2eb780854823370a979c50566f88ebab97385f30ddaed0b0438b689506fb49c943713bf835ed75d09dfefd12ebeb2405a46594f556fa8b3d32547c922808f1182658ea0208ae0d62095e9588db1d94956bc959212a5a1bff0a669758d4aa8f1eb11ebd566cf65d92051b1877bd6fe4b7266b21bec833331abd7c4a347da57774e7c05897fb82b7ac39473b6c87a33bb912dc9e11bb5a0b4895371eeb500a827c3d839c885488faeee9586058238d2259163756f69eb533af03646ee4558a67d5978bafb8b2e8c896db55601b59ab4a5451f23611a02c6752a6c80ce8872dac2c03024750fb4a11ee23018ce0faba974b43a67503d353647959948c9ec697cd193b040c9be6569514b681097dcd6310dd9086c01d9bcb22483a880728504b8818902db0139667805d1b43550afd10229175813aea15bb2924afab70b1e4dbde6bf180bf9034e515102a25149e1eb634c9e56a037c2c3a3d1e213731e3611a167ab5155c6d7d103ef1ccbd748017f65493a95481de052d0183a4728b0ac202b10c517b09e8a8a8fdcb6bbae8fa797a8f1107b0f6d957472844518b3ea7cce89731c2074c533924dce44adbf6b6fd32044b624a63a3e0f5b2a8482b3294aa153eb03f2879b39e80078abd51d73a7f0ff77c546d7092ebb973a3bd013254576484538a8af8ceda9e6ac9daa38acbd7576a0054bc49a248ee2839aa8b604a41b735ee3dbc6e08cdaa92955dcf4fa7a4c783971e4134dcaf9a8b644c20894fd17d648452f90f9e00860eb8102534477f7e3279a0cbcee20d500ed648adcdfe6540509a49d438aaf1884bf1f0a434055866e643577fad463ffb8267b530d4bd8606d3638165ff4b9f6334c4ba818da17c5cc5ada304462a0c4dc0728d25428b7b61bf9804d54cc7bb7b0daf82a19576e5e6085561e66050e333e6302fd85d00f36a82a569e1b2ff7764a931a2e70409b5517df2fb1b3876ad4523d74ae224db617c40c55a2fa0c0aa3e97b7c350a2eff49ecc551b50d741f6c1aac4f6f78644eff674df4cbcf56c259355bceaf87dca07931d973018aca418e5e6f000e98eead669c39783e144ae3b43cd01920ad383d774105c1594a2fccdf159a5f9bcb395220cad1b22ce09e7c5683166b9bc4bd2fb2bd1b676890abfca67d8a5702d0dcb751b9a457be82cba2c2f3e31e7d59eb8b8fc8ba440bed80bfe560195968d430a9d15701147541b83acd50038f8beae9220a6e473ea41838b16c1bb6f5cb1a9dded046565db6327ec818c9aebc5e2304f9bae0325294fbf6282e49fad4af3538a52c44209e611869535f854005534767bc73834780f6d6ddf29b472da78d4ca7523cbcc33085778a596dc46e084cf624cc1b61fea19ebfdb5fdabc24c3a5e6b64f2a59b1dc015398feae49d167fdfe1ffcf6f078c8033965ca34de7a74819903aa29ec4efae8c7bd5d8e5da21cc07a08c1cdaa535e1f79525a3fdfc153cc4af8d9906244f749f58418cd58c06f7d0f722a52978f1889350f5a1390bee67ec1093377f7f5c417f47e54e2531a3590ae8e512df1beef1c58a75985468e8cd481fe07ffeeac960bec795a690eb6f64d634e7c220ac8e628c30bb2e28395c69720e801f952b376cf9ef84011589cb9480f9194c2f7e06319a45253c9052e39983e0a59ffc484d0951eaa0eaced690518f08abe1390799799367c690c860193139f20c82aaabb5ee0eb8fd426e792d5bf68646c1e9697f375e7184f3675ec415d74aedbe814e24bf66a3b930fb4b44edcfd5414afb0b0d0420762cc3c124bceedce0e56a5204717e33230db15c8f8a9e5c23458c2091bffad6f3292afccd1513f0d302086da00f5582c83f643ba5bf75dfb4941c656b4f905be14f13379a830e7e15e71919f8b5be8e0f769906e5f6e6e5a618365516af74ee2360db3525329cd7e5cf4ee666afd04663c5b96565fae390cbf754804af05e03bb9596f036e52c187b66e46f3bcf4c7c73f6135f8ee308a544f9abe14ba1b077a9b9ebe9cb09e8924c7e24e664f9fe5e5471546ad23ab9384c99921ba0990bd15de906fc647d1d9489a5c1515a5efd8517049b910158c7efdc22a3671e86076189cfcefdddd5def5c4634b374f34d25f3b03018e5324b64626e69bb1b667647ec926add0a89648414a28058d04f12e9ac5bc2527d189f16558a82daeca13eedc125cb23436f86f68c147015853aa07738c99f571dd51e4864da4c81857c9fb5338c5eb2677d01dd134a749b7832b64d9ebcc33a04e1a62f07de55620a688e944daa2c480be3e00871058a6fb34b52bf0c3fc46a556f13a3d6402a9f42c48a7756c07b3a58aa2cf932e650d88dfcf9fa655386b13073eb6134b10806d60b4529d72153f2f4df6df19488c792b4d8d11086cf7ef2d9d1404d1876f4d30d566bf88d3fcd5bd439f82d918bc988cd50147d3770489e25bd953428c5bc66ddfbcdb2e40452cd4fd6adac67febb7de9e8b8ff6f59ad548b96256d80f1092c94d70df278477a36461fca896ebb6d2d40ebfb95f2fb3f584610a1540fd2b511d267e8486615674853112b3f371db52d954b81297d954bb3b5182fee5af93307ad79af888f87ff15445e3292f640c26063d17209f1c79c1267b55afe3228fa254c4875beaf6bf9d586d3ce743d5e8376aa214bc1c529c0f440b4c8a33dcac8938bb2f8c2f19fee903ba7af21d3f6c7049f371db6fa4d0436964f07274274ada68c8601b70f56860059605bcdc0a643a79132f3252141b2c151634dc85217ed18fdac27b3479382d045029fbfa90d655b3e0b5ad134e8d524ba837304ec07d3cd37d3314f3690e04c0c777f1cea960baf23d2c394f245394bbb7f6101fc02bdcf3705ef329a0e1749042a204a3463406f7b34bdf23a8d8e2759f1b24f5308dc2736d1a81173826b059f18eae9ee6be8cab6c24039b8afcf775ee08f290161532715f6c19ac57985299013088c358fada7fbfb9fa339bf9fe5478fc394005ffcddc7da185f9c5ba4a79bcb3a6fa1b280ca745e32211971bd76ed26e923ffc0387017e80e0de6904c0364c7aa54b7aee04ece2c2a318b91f60c6559ef13fb1f774c803fed514358ff6bb4972d1b71b71025d943d4a074d2918be1008f63ab15094d1020c641d04d89bda5326bbfcedd86a064506b33f20bfdd83f59a57500d4aca720c882b192b0232ecee67da5eb3cdf61c931ce96a3bd4210bff8d9b3cef39de2bb68fc9bb645382e2a2971f58ac39471a8091676011900f01a457838c129374dc6e72c4a3107e96361511e44da1c90aa784b4ee081bc2090c3344d12aeabd1c6c68475243e0b7c1e4e0b8df728bcdf3d0fcef630f372ce11bfb680897d3ebb427f08ee18ebb3f5e604121831506e8d3cc9c3700a5bdcb3ebb73d1f494257c353325ca7983781ba108819652041b5edcebb99118ba33244011c93b5044eeab58ec77eb4b9b88ba63a6b98ece554be80db1df349de18df6b66210e965f436cdc5c6e4e01840b6da8175eb074cdc22f8bb36f5ce18c6a9142ca726dd5a889967112535d125cd2e19c397fee7a786cc7d84cdf3d7e7cfe96e6b97ed50ec01a98e36ce7cbe8dded29bd9b701bc59a5a119b2f14af8e1ddc6907899178f1c40d78db921ed0bc5d0984e945f2ba0422452685755820b86133072ba4e6d4560b4baee9c87ea99a857061082d08425038a8ba5bf4988a19676a7757389eaf0d89f9e58c1642ff00913f0abcd23cdf01b5ecbdae37763dfb28a679db4fd8b7616b3a2d96c30e71d4e48dc6e25203a1260eb42a217a157296604806f919f11842668294dc03c57c33d605285bd5142420eb94fc92b1896722ee795871eec92e2dec45509c47b63653e539bc8607325b7d3712c43651bba0701bf6c8e4963d48d4748dfa9fa39c7d69c81cb794a7911cc18d576ae43f3e7d8e9eedc9ed02936e027698e413598bcc8ec1d5fd029b51abf080772abebdafbc6b5db07fb49e9bff7e71af635fab4fdbf15f6a6526acbcfc37bfa294183fe28903af69075c299f972f05f6f2cea53ddad14b115635fa8a637a42482b0fb3fa4c403d43b272c726e1f51f2b469c165d9525d0ada2a582610fa4974c8e57351f587502aa3ffad717b418c2de230b741ea3872d308fdc3ca1f7fb3c87cbd70e0e5d5255a0ae56a58650b3d5b986f0e8fe8b97d46bc52447247e0f6a2361d1ebd1bbad2649d33a1b8c95ad9d294f3e12ba777f0da16f3e7501e2607d5ad28d650b2641aec2eca83e4452a4bf8ed51768ad6238a79cb0d96dafa36915297bc95a3cad090dfb61b8b13b462110780df8acbdf337462a9403599b7f54563418bf314dd4aaa7a1406423a9e70b34ec54872c0cb14077cb5996134f10cd40a13b17cf0731675cf0ad2f981992a5c15613a66c9cf5e6d6910540dc17", 0x2000, &(0x7f0000001100)={0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, &(0x7f0000000440)={0x78}, 0x0, 0x0, 0x0, 0x0, 0x0})
r1 = openat(0xffffffffffffff9c, &(0x7f0000000180)='./file0\x00', 0x101001, 0x0)
lseek(r1, 0x0, 0x2)
ioctl$PTP_EXTTS_REQUEST2(r1, 0x40103d0b, 0x0)
socketpair$nbd(0x1, 0x1, 0x0, &(0x7f0000000180)={0xffffffffffffffff, <r2=>0xffffffffffffffff})
ioctl$SIOCSIFHWADDR(r2, 0x8931, &(0x7f0000000000)={'veth0_to_team\x00', @link_local})
r3 = socket$inet_smc(0x2b, 0x1, 0x0)
ioctl$sock_SIOCETHTOOL(r3, 0x8946, &(0x7f0000000040)={'netdevsim0\x00', &(0x7f0000000000)=@ethtool_ringparam={0x3d, 0x0, 0x0, 0x0, 0x0, 0x4000000, 0xfd4}})
syz_usb_connect$cdc_ecm(0x0, 0x4d, &(0x7f0000000040)=ANY=[@ANYBLOB="12010000020000082505a3a440000102030109023b00010100000009040000030206"], 0x0)

12.511895431s ago: executing program 4 (id=371):
r0 = socket$inet6(0xa, 0x3, 0x8)
r1 = openat$vicodec0(0xffffffffffffff9c, &(0x7f00000002c0), 0x2, 0x0)
close_range(0xffffffffffffffff, 0xffffffffffffffff, 0x2)
r2 = openat$procfs(0xffffffffffffff9c, &(0x7f00000013c0)='/proc/zoneinfo\x00', 0x0, 0x0)
read$FUSE(r2, &(0x7f0000001640)={0x2020}, 0x2020)
r3 = socket$nl_generic(0x10, 0x3, 0x10)
r4 = syz_genetlink_get_family_id$ethtool(&(0x7f0000000180), 0xffffffffffffffff)
sendmsg$ETHTOOL_MSG_RINGS_SET(r3, &(0x7f0000000680)={0x0, 0x0, &(0x7f0000000380)={&(0x7f00000001c0)={0x2c, r4, 0x1, 0x0, 0x0, {0xf}, [@ETHTOOL_A_RINGS_HEADER={0x18, 0x1, 0x0, 0x1, [@ETHTOOL_A_HEADER_DEV_NAME={0x14, 0x2, 'netdevsim0\x00'}]}]}, 0x2c}}, 0x0)
quotactl_fd$Q_GETFMT(r1, 0xffffffff80000401, 0x0, 0x0)
setsockopt$inet6_int(r0, 0x29, 0x4b, &(0x7f0000000100)=0x4, 0x4)
bind$inet6(r0, &(0x7f0000f5dfe4)={0xa, 0x4e21, 0x0, @private2, 0x1}, 0x1c)
pwritev(r0, &(0x7f00000000c0)=[{&(0x7f0000000240)="8eae83f82e82be4cf37fe0f3883d90e68ec51414a6e5c977de1213ffb7455e4ce4378c5699d166c130e36b63e7150107fe89bcb51027441b60e2aa56ec3dcd8d73939dc64af0036b92992f60041019035225cbe4d855d402960644df9dd6536978d2709812e6a155af7246489213b6523ffacf7053ded10832e8a1db2f3f2eef1c10c3d6a5d2c0562b2772a37fa6355ae2a91cb2285d877afae4326012f720e1", 0xa0}, {&(0x7f0000000140)="924a0649a8b4a00f98dd6be3f07ca9292606879679d2d5accc0557f16147d742b5478b936a148dac10dcd1ca7440fb9c3bb1f4bb1d5d168a421e57cdf1c1d4a28f7aa37b65a25b1037f3c679b14c7862bbf26f7bebf0089e5a39f12f7d8848d6ac2bdc8948e83a7416fc11377f99898e5882472ad723f1bc7c7b7c9356656bf47fd88805f92f572078c2fc9b9a9069bb9cc670c4203bc6d5ec0715c56cd39676aa340d5ab8e9bb794b634cc849bfeb9d4da824303e3dae05e14dbb78d2bc8440616b2fb88fb486ed0fc961ceab821cda74ef49311994cb24c2e0df4a0f8eb2d8b5ecf69e0e64c47fa1351e0b9bac5063034ce42a78", 0xf5}], 0x2, 0x64, 0x205)

12.340373801s ago: executing program 4 (id=373):
r0 = socket$nl_route(0x10, 0x3, 0x0)
r1 = socket$nl_route(0x10, 0x3, 0x0)
ioctl$sock_SIOCGIFINDEX(r1, 0x8933, &(0x7f0000000040)={'hsr0\x00', <r2=>0x0})
r3 = socket$nl_generic(0x10, 0x3, 0x10)
ioctl$ifreq_SIOCGIFINDEX_wireguard(r3, 0x8933, &(0x7f0000000240)={'wg2\x00', <r4=>0x0})
sendmsg$nl_route(r0, &(0x7f0000000280)={0x0, 0x0, &(0x7f0000001140)={&(0x7f0000000080)=@newlink={0x40, 0x10, 0x503, 0x0, 0x0, {}, [@IFLA_LINKINFO={0x20, 0x12, 0x0, 0x1, @hsr={{0x8}, {0x14, 0x2, 0x0, 0x1, [@IFLA_HSR_SLAVE1={0x8, 0x1, r2}, @IFLA_HSR_SLAVE2={0x8, 0x2, r4}]}}}]}, 0x40}}, 0x0) (fail_nth: 13)

11.752651313s ago: executing program 4 (id=374):
socket$kcm(0xa, 0x922000000003, 0x11)
r0 = syz_open_procfs(0x0, &(0x7f0000000300)='stat\x00')
lseek(r0, 0xc1e, 0x0)
bpf$PROG_LOAD(0x5, &(0x7f0000000880)={0x0, 0x13, &(0x7f0000000140)=@ringbuf={{}, {}, {}, [@jmp, @kfunc, @map_idx_val], {{}, {}, {0x85, 0x0, 0x0, 0x1}}}, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x90)
r1 = bpf$MAP_CREATE(0x0, &(0x7f00000004c0)=@base={0x8, 0x4, 0x4, 0x9, 0x0, 0xffffffffffffffff, 0x0, '\x00', 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, @void, @value, @void, @value}, 0x48)
bpf$BPF_MAP_LOOKUP_AND_DELETE_ELEM(0x15, &(0x7f0000000240)={r1, &(0x7f0000000100), 0x0}, 0x20)
socket$nl_route(0x10, 0x3, 0x0)
setsockopt$inet_sctp_SCTP_DISABLE_FRAGMENTS(0xffffffffffffffff, 0x84, 0x8, &(0x7f00000001c0)=0x8, 0x4)
sendmsg$nl_route(0xffffffffffffffff, 0x0, 0x0)
r2 = openat$sndseq(0xffffffffffffff9c, &(0x7f0000000040), 0x0)
ioctl$SNDRV_SEQ_IOCTL_CREATE_QUEUE(r2, 0xc08c5332, &(0x7f00000001c0)={0x0, 0x0, 0x0, 'queue0\x00'})
r3 = gettid()
r4 = openat$sndseq(0xffffffffffffff9c, &(0x7f0000000000), 0x0)
read(r4, &(0x7f0000000400)=""/218, 0xda)
ioctl$SNDRV_SEQ_IOCTL_REMOVE_EVENTS(r4, 0x4040534e, &(0x7f0000000080)={0x335})
ioctl$SNDRV_SEQ_IOCTL_SET_QUEUE_CLIENT(r4, 0x404c534a, &(0x7f0000000980))
ioctl$SNDRV_SEQ_IOCTL_SET_QUEUE_TIMER(r4, 0xc08c5334, 0x0)
tkill(r3, 0x7)
socket$nl_generic(0x10, 0x3, 0x10)
syz_genetlink_get_family_id$nl80211(&(0x7f0000000000), 0xffffffffffffffff)
mount_setattr(0xffffffffffffffff, &(0x7f0000001d80)='.\x00', 0x0, &(0x7f0000001dc0)={0xb}, 0x20)

11.001266365s ago: executing program 4 (id=378):
syz_genetlink_get_family_id$nl80211(&(0x7f0000000040), 0xffffffffffffffff)
socket$nl_generic(0x10, 0x3, 0x10)
r0 = socket$packet(0x11, 0x3, 0x300)
setsockopt$packet_rx_ring(r0, 0x107, 0x5, &(0x7f00000000c0)=@req={0x8000, 0xb4f, 0x300, 0x1daf6}, 0x10)
setsockopt$sock_int(r0, 0x1, 0x31, &(0x7f0000fee000), 0x4)
r1 = syz_genetlink_get_family_id$nl80211(&(0x7f00000013c0), 0xffffffffffffffff)
r2 = socket$nl_generic(0x10, 0x3, 0x10)
r3 = socket$nl_audit(0x10, 0x3, 0x9)
ioctl$sock_SIOCGIFINDEX_80211(r3, 0x8933, &(0x7f0000002200)={'wlan0\x00', <r4=>0x0})
sendmsg$NL80211_CMD_SET_NOACK_MAP(r2, &(0x7f00000008c0)={0x0, 0x0, &(0x7f0000002280)={&(0x7f0000000500)=ANY=[@ANYBLOB='$\x00\x00\x00', @ANYRES16=r1, @ANYBLOB="01000000000000dfa6b6f0000010570000004c31f1f8ffed0cf00da325a113cc2b81cb067133c1e9145d46ea932ece3b62494e600a8e63c4f42ba63087eef32146eda04f1cb1789d1302ab2a8ad5610cee92111352442aacfff4f7918729377e07047dd7cc60c75c657230a04d4d8504050f6d02d1c770c2f3f06be7224b465bdb318666f4", @ANYRES32=r4, @ANYBLOB="06009500ff7f0000"], 0x24}, 0x1, 0x0, 0x0, 0x40408c0}, 0x8080)
r5 = openat(0xffffffffffffff9c, &(0x7f000000c380)='./file0\x00', 0x40, 0x0)
r6 = openat$fuse(0xffffffffffffff9c, &(0x7f0000002080), 0x42, 0x0)
sendmsg$NL80211_CMD_START_AP(r5, &(0x7f0000000440)={&(0x7f0000000200)={0x10, 0x0, 0x0, 0x40000000}, 0xc, &(0x7f00000005c0)={&(0x7f0000000880)=ANY=[@ANYBLOB="301cf453fc3d0543451334d7971277b4000000", @ANYRES16=r1, @ANYBLOB="01002abd7000fddbdf250f0000000c009900000000007d00000008000d000b0f000008000c0064000000"], 0x30}, 0x1, 0x0, 0x0, 0x20040000}, 0x24004011)
write$sndseq(r5, &(0x7f0000000280)=[{0x0, 0x0, 0xd2, 0x8, @time={0x4, 0x7b937080}, {0x1, 0x9e}, {0x7f, 0x1}, @ext={0xcf, &(0x7f00000000c0)="9d65264300a25d8e96a6e0bc28a481495f7ffc1d9480d63913499ec2a87dba410fd22910b4f2b12c8f6e089d1ae2bea40cbc00f3ba3f767d4f48ab5d26ff75fbc7d1437bf39a7fc68018b6fe1396dcc20429edd1100222686f71a002cd1ed7b22bca685d68343b6a19c495a902a4fc87e22507cb56cc24f04f51f13ae9fd3b371717329868e172d21d7c1c0d10a9d553ac17e7d60668252fc5ec20bdaf8ddf8642f2509abf27c0163434e2eb67d954066cdc8df72d046a55d1e49c2764bda7cb05dbd70dd90914f249d838552739b8"}}, {0x8, 0x1, 0xff, 0x3, @tick=0x5354, {0x0, 0x3}, {0x6, 0x8}, @result={0xfffffffe, 0x8ccd}}, {0x1, 0x1, 0x4, 0x9e, @tick=0x4, {0x11, 0x4}, {0x0, 0x8}, @control={0x0, 0x7ff, 0x9}}, {0x22, 0x4, 0x2, 0xcf, @tick=0x7, {0x9, 0x3}, {0x6, 0x36}, @note={0x1, 0xe, 0xb, 0x2, 0x7}}, {0x8, 0x0, 0x4, 0xb, @time={0xb3, 0xade9}, {0x7, 0x9}, {0x3, 0x5}, @time=@time={0x2171, 0x800}}, {0x1, 0x3, 0x4d, 0x6, @tick=0x100, {0x7, 0xa}, {0xa, 0x2}, @raw8={"57dbc8df8facba81f3f9b8f3"}}, {0x5, 0x9, 0x6, 0x7, @tick=0xcb6f, {0x0, 0x9}, {0x4, 0x8}, @queue={0x9, {0x0, 0x1b0}}}, {0xf6, 0x6, 0x8, 0x1, @time={0x7, 0x2}, {0x3, 0x7}, {0x5, 0xe0}, @raw8={"e965ec448f0fbebd7d00"}}, {0x4d, 0x88, 0x2, 0x7f, @tick=0xafc, {0x1, 0x6}, {0x83, 0x4}, @result={0xffff, 0x8a}}, {0x7f, 0x5, 0x40, 0xff, @time={0x19d2, 0x114802c}, {0x3, 0x2}, {0x4, 0x5}, @time=@time={0x8, 0x9}}], 0x118)
mount$fuse(0x0, &(0x7f00000020c0)='./file0\x00', &(0x7f0000002100), 0x0, &(0x7f0000002140)=ANY=[@ANYBLOB='fd=', @ANYRESHEX=r6, @ANYBLOB=',rootmode=00000000000000000100000,user_id=', @ANYRESDEC=0x0, @ANYBLOB=',group_id=', @ANYRESDEC=0x0])
r7 = syz_open_procfs(0x0, &(0x7f0000000000)='net/packet\x00')
read(r7, &(0x7f0000001180)=""/4096, 0x1000)
pread64(r7, &(0x7f0000000080)=""/220, 0xdc, 0x4009)
r8 = openat$dir(0xffffffffffffff9c, &(0x7f0000000040)='./file0\x00', 0x101141, 0x0)
pwritev(r8, &(0x7f00000000c0)=[{&(0x7f00000001c0)="a4", 0x1}], 0x1, 0x8800000, 0x0)
read$FUSE(r6, &(0x7f00000021c0)={0x2020, 0x0, <r9=>0x0}, 0x2020)
sendmsg$rds(r5, &(0x7f0000000e80)={&(0x7f0000000900)={0x2, 0x4e21, @local}, 0x10, &(0x7f0000000680), 0x0, &(0x7f0000000e00)=[@rdma_args={0x48, 0x114, 0x1, {{0x1, 0xf93}, {&(0x7f0000000ec0)=""/218, 0xda}, &(0x7f0000000d80)=[{&(0x7f0000000700)=""/111, 0x6f}, {&(0x7f0000000780)=""/167, 0xa7}, {&(0x7f0000000940)=""/201, 0xc9}, {&(0x7f0000000a40)=""/115, 0x73}, {&(0x7f0000000ac0)=""/167, 0xa7}, {&(0x7f0000000b80)=""/74, 0x4a}, {&(0x7f0000000c00)=""/255, 0xff}, {&(0x7f0000000d00)=""/89, 0x59}], 0x8, 0xc, 0xdfeb}}], 0x48, 0x48080}, 0x40)
write$FUSE_INIT(r6, &(0x7f0000000040)={0x50, 0x0, r9, {0x7, 0x1f}}, 0x50)
syz_fuse_handle_req(r6, &(0x7f000000e3c0)="000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000002000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000080000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000dc4e00000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000400000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000ba045abcd5dfc67d000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000230000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000050000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000a0000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000d838aae8c05dd22d0000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000008000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000209bfd66eea210560000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000020000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000040000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000001354c4b600", 0x2000, &(0x7f00000062c0)={0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, &(0x7f00000001c0)={0x20}, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0})
r10 = openat(0xffffffffffffff9c, &(0x7f0000000000)='./file0\x00', 0x20c01, 0x0)
poll(&(0x7f0000000240)=[{r10}], 0x1, 0x0)
r11 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000080)='memory.events\x00', 0x275a, 0x0)
write$binfmt_script(r11, &(0x7f0000000100), 0xfecc)
mmap(&(0x7f0000000000/0x4000)=nil, 0x4000, 0x1, 0x12, r11, 0x0)
syz_genetlink_get_family_id$tipc2(&(0x7f00000004c0), r10)

10.918574417s ago: executing program 1 (id=379):
r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0)
r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0)
r2 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000300)='blkio.bfq.io_merged_recursive\x00', 0x275a, 0x0)
syz_emit_ethernet(0x36, &(0x7f0000000100)=ANY=[@ANYBLOB="000002f0d31209000000bc2e79e995"], 0x0)
write$binfmt_script(r2, &(0x7f0000000100), 0x208e24b)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0x2, 0x28011, r2, 0x0)
preadv(r2, &(0x7f00000015c0)=[{&(0x7f0000000080)=""/124, 0xffffff23}], 0x3e, 0x0, 0x0)
syz_emit_ethernet(0x4a, 0x0, 0x0)
ioctl$KVM_SET_USER_MEMORY_REGION(r1, 0x4020ae46, &(0x7f0000000400)={0x0, 0x0, 0x0, 0x20002000, &(0x7f0000000000/0x2000)=nil})
bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000180)={0x0, 0x5, 0x0, &(0x7f0000000080)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x2, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x90)
setsockopt$MRT6_FLUSH(0xffffffffffffffff, 0x29, 0xd4, &(0x7f0000000140)=0x5, 0x4)
syz_kvm_setup_cpu$x86(0xffffffffffffffff, 0xffffffffffffffff, &(0x7f0000327000/0x18000)=nil, &(0x7f0000000040)=[@text16={0x10, &(0x7f0000000180)="66b9800000c00f326635000800000f300f0f1c9a65660ff3b20618baa000ec672e660f38803d004000000f285473f61366b9800000c00f326635004000000f300f20e06635800000000f22e0f30fa6c8", 0x50}], 0x1, 0x0, 0x0, 0x0)
r3 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0)
syz_kvm_setup_cpu$x86(0xffffffffffffffff, r3, &(0x7f0000000000/0x18000)=nil, &(0x7f00000004c0)=[@text32={0x20, 0x0}], 0x1, 0x0, 0x0, 0x0)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000000)={0x0}, 0x10)
ioctl$KVM_RUN(r3, 0xae80, 0x0)

10.654850415s ago: executing program 1 (id=381):
mkdirat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000000)='./cgroup.cpu/syz0\x00', 0x1ff)
r0 = openat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000080)='./cgroup.cpu/syz0\x00', 0x200002, 0x0)
r1 = openat$cgroup_int(r0, &(0x7f0000000040)='hugetlb.1GB.rsvd.limit_in_bytes\x00', 0x2, 0x0)
sendfile(r1, 0xffffffffffffffff, 0x0, 0x9)
r2 = syz_usb_connect(0x0, 0x2d, &(0x7f00000000c0)=ANY=[@ANYBLOB="12010000459bb2405804035000000000000109021b000111000000090400000195699b000905", @ANYRES32], 0x0)
prctl$PR_SET_SECCOMP(0x16, 0x2, &(0x7f0000000000)={0x1, &(0x7f00000000c0)=[{0x200000000006, 0x0, 0x0, 0x7ffc1ffb}]})
uname(&(0x7f0000000240)=""/190)
syz_usb_control_io(r2, 0x0, 0x0)
syz_usb_control_io$uac1(r2, 0x0, &(0x7f0000000440)={0x44, &(0x7f0000000d00)={0x0, 0x0, 0x3, "e648d1"}, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0})

9.242055397s ago: executing program 2 (id=386):
socket$nl_route(0x10, 0x3, 0x0)
socket$nl_route(0x10, 0x3, 0x0)
r0 = socket$inet6_tcp(0xa, 0x1, 0x0)
connect$inet6(r0, &(0x7f0000000240)={0xa, 0x0, 0x0, @ipv4={'\x00', '\xff\xff', @dev={0xac, 0x14, 0x14, 0xff}}}, 0x1c)
syz_io_uring_setup(0x5804, &(0x7f0000000380)={0x0, 0x1, 0x10100, 0x200}, &(0x7f0000000100), &(0x7f00000000c0))
openat$ubi_ctrl(0xffffffffffffff9c, &(0x7f0000000340), 0x1, 0x0)
socket$nl_xfrm(0x10, 0x3, 0x6)
openat$kvm(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0)
socket$nl_netfilter(0x10, 0x3, 0xc)
r1 = socket$netlink(0x10, 0x3, 0x0)
sendmsg$nl_generic(r1, &(0x7f00000000c0)={0x0, 0x0, 0x0}, 0x0)
openat$cgroup_ro(0xffffffffffffff9c, &(0x7f00000002c0)='blkio.bfq.avg_queue_size\x00', 0x275a, 0x0)
openat$cgroup_ro(0xffffffffffffff9c, &(0x7f00000001c0)='cgroup.controllers\x00', 0x275a, 0x0)
openat$cgroup_ro(0xffffffffffffff9c, &(0x7f00000001c0)='cgroup.controllers\x00', 0x275a, 0x0)
socket$nl_netfilter(0x10, 0x3, 0xc)
openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000000)='pids.current\x00', 0x275a, 0x0)
bpf$PROG_LOAD(0x5, 0x0, 0x0)
socket$nl_netfilter(0x10, 0x3, 0xc)
socket$nl_generic(0x10, 0x3, 0x10)
syz_genetlink_get_family_id$ethtool(0x0, 0xffffffffffffffff)
socket$nl_generic(0x10, 0x3, 0x10)
socket(0x10, 0x3, 0x0)
r2 = socket$nl_generic(0x10, 0x3, 0x10)
r3 = syz_genetlink_get_family_id$nl80211(&(0x7f00000000c0), 0xffffffffffffffff)
ioctl$sock_SIOCGIFINDEX_80211(r2, 0x8933, &(0x7f0000000080)={'wlan0\x00', <r4=>0x0})
sendmsg$NL80211_CMD_FRAME(r2, &(0x7f0000000240)={0x0, 0x0, &(0x7f0000000200)={&(0x7f0000000180)=ANY=[@ANYBLOB='<\x00\x00\x00', @ANYRES16=r3, @ANYBLOB="010000000000000000003b00000008000300", @ANYRES32=r4, @ANYBLOB="1f003300d000000008021100000108021100000050505050505000001502", @ANYRES8=r2], 0x3c}}, 0x0)

7.876055756s ago: executing program 2 (id=392):
mkdirat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000000)='./cgroup.cpu/syz0\x00', 0x1ff)
r0 = openat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000080)='./cgroup.cpu/syz0\x00', 0x200002, 0x0)
r1 = openat$cgroup_int(r0, &(0x7f0000000040)='hugetlb.1GB.rsvd.limit_in_bytes\x00', 0x2, 0x0)
sendfile(r1, 0xffffffffffffffff, 0x0, 0x9)
r2 = syz_usb_connect(0x0, 0x2d, &(0x7f00000000c0)=ANY=[@ANYBLOB="12010000459bb2405804035000000000000109021b000111000000090400000195699b000905", @ANYRES32], 0x0)
prctl$PR_SET_SECCOMP(0x16, 0x2, &(0x7f0000000000)={0x1, &(0x7f00000000c0)=[{0x200000000006, 0x0, 0x0, 0x7ffc1ffb}]})
uname(&(0x7f0000000240)=""/190)
syz_usb_control_io$hid(r2, 0x0, 0x0)
syz_usb_control_io$uac1(r2, 0x0, &(0x7f0000000440)={0x44, &(0x7f0000000d00)={0x0, 0x0, 0x3, "e648d1"}, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0})

7.258954803s ago: executing program 4 (id=394):
r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0)
syz_usb_connect(0x0, 0x24, &(0x7f0000000040)={{0x12, 0x1, 0x0, 0x57, 0xac, 0x19, 0x20, 0x2639, 0x2, 0x5bc2, 0x1, 0x2, 0x3, 0x1, [{{0x9, 0x2, 0x12, 0x1, 0x0, 0x0, 0x0, 0x0, [{{0x9, 0x4, 0x0, 0x0, 0x0, 0x56, 0xdf, 0x8e}}]}}]}}, 0x0)
r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0)
r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0)
r3 = dup(r2)
ioctl$KVM_SET_MSRS(r3, 0x4008ae89, &(0x7f0000000040)=ANY=[@ANYBLOB="010000000008000080000040"])

5.692692264s ago: executing program 2 (id=396):
sendmsg$NFT_BATCH(0xffffffffffffffff, 0x0, 0x0)
syz_emit_ethernet(0x38, &(0x7f0000000200)=ANY=[@ANYBLOB="0180c20000000180c200000008004900002a004000000000907800000000ffffffff0000000001"], 0x0)
r0 = syz_open_dev$loop(&(0x7f0000000100), 0x2, 0x0)
r1 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000140)='cgroup.stat\x00', 0x275a, 0x0)
write$binfmt_misc(r1, &(0x7f0000000040)=ANY=[], 0xe09)
ioctl$LOOP_CONFIGURE(r0, 0x4c0a, &(0x7f00000002c0)={r1, 0x0, {0x2a00, 0x80010000, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1c, "fee8a2ab78fc979fd1e00d96072000001ea89de2b7fb0000e60080b8785d96000100", "2809e8dbe108598948224ad54afac11d875397bdb22d0000b420a1a93c5240f45f819e01177d3d458dd4992861ac00", "90be8b1c551265406c7f306003d8a0f4bd00"}})

5.382637735s ago: executing program 2 (id=397):
r0 = socket$nl_generic(0x10, 0x3, 0x10)
r1 = socket$nl_route(0x10, 0x3, 0x0)
r2 = socket$nl_generic(0x10, 0x3, 0x10)
r3 = syz_genetlink_get_family_id$nl80211(&(0x7f0000000080), 0xffffffffffffffff)
ioctl$sock_SIOCGIFINDEX_80211(r2, 0x8933, &(0x7f00000000c0)={'wlan1\x00', <r4=>0x0})
sendmsg$NL80211_CMD_CONNECT(r2, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000200)={&(0x7f0000000480)={0x30, r3, 0x5, 0x0, 0x0, {{}, {@val={0x8, 0x3, r4}, @void}}, [@NL80211_ATTR_SSID={0xa, 0x34, @default_ap_ssid}, @crypto_settings=[@NL80211_ATTR_CIPHER_SUITES_PAIRWISE={0x8, 0x49, [0xfac05]}]]}, 0x30}}, 0x0)
ioctl$sock_SIOCGIFINDEX_80211(r1, 0x8933, &(0x7f0000000080)={'wlan0\x00', <r5=>0x0})
sendmsg$NL80211_CMD_TDLS_CANCEL_CHANNEL_SWITCH(r0, &(0x7f0000000280)={&(0x7f0000000000)={0x10, 0x0, 0x0, 0x40000000}, 0xc, &(0x7f0000000240)={&(0x7f0000000100)={0x64, r3, 0x200, 0x70bd2d, 0x25dfdbfc, {{}, {@val={0x8, 0x3, r5}, @val={0xc, 0x99, {0x5, 0x24}}}}, [@NL80211_ATTR_MAC={0xa}, @NL80211_ATTR_MAC={0xa}, @NL80211_ATTR_MAC={0xa, 0x6, @device_b}, @NL80211_ATTR_MAC={0xa, 0x6, @broadcast}, @NL80211_ATTR_MAC={0xa, 0x6, @device_b}]}, 0x64}, 0x1, 0x0, 0x0, 0x4000000}, 0x4000010)
sendmsg$nl_route(r1, &(0x7f0000000200)={0x0, 0x0, &(0x7f00000001c0)={&(0x7f00000000c0)=@bridge_dellink={0x20, 0x13, 0x1}, 0x20}}, 0x0)
syz_genetlink_get_family_id$nl80211(&(0x7f0000000040), 0xffffffffffffffff)
bind$netlink(r0, &(0x7f0000000180)={0x10, 0x0, 0x25dfdbfe, 0x40000000}, 0xc)

4.341954659s ago: executing program 3 (id=399):
socket$kcm(0xa, 0x922000000003, 0x11)
r0 = syz_open_procfs(0x0, &(0x7f0000000300)='stat\x00')
lseek(r0, 0xc1e, 0x0)
bpf$PROG_LOAD(0x5, &(0x7f0000000880)={0x0, 0x13, &(0x7f0000000140)=@ringbuf={{}, {}, {}, [@jmp, @kfunc, @map_idx_val], {{}, {}, {0x85, 0x0, 0x0, 0x1}}}, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x90)
r1 = bpf$MAP_CREATE(0x0, &(0x7f00000004c0)=@base={0x8, 0x4, 0x4, 0x9, 0x0, 0xffffffffffffffff, 0x0, '\x00', 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, @void, @value, @void, @value}, 0x48)
bpf$BPF_MAP_LOOKUP_AND_DELETE_ELEM(0x15, &(0x7f0000000240)={r1, &(0x7f0000000100), 0x0}, 0x20)
socket$nl_route(0x10, 0x3, 0x0)
setsockopt$inet_sctp_SCTP_DISABLE_FRAGMENTS(0xffffffffffffffff, 0x84, 0x8, &(0x7f00000001c0)=0x8, 0x4)
sendmsg$nl_route(0xffffffffffffffff, 0x0, 0x0)
r2 = openat$sndseq(0xffffffffffffff9c, &(0x7f0000000040), 0x0)
ioctl$SNDRV_SEQ_IOCTL_CREATE_QUEUE(r2, 0xc08c5332, &(0x7f00000001c0)={0x0, 0x0, 0x0, 'queue0\x00'})
r3 = gettid()
r4 = openat$sndseq(0xffffffffffffff9c, &(0x7f0000000000), 0x0)
read(r4, &(0x7f0000000400)=""/218, 0xda)
ioctl$SNDRV_SEQ_IOCTL_REMOVE_EVENTS(r4, 0x4040534e, &(0x7f0000000080)={0x335})
ioctl$SNDRV_SEQ_IOCTL_SET_QUEUE_CLIENT(r4, 0x404c534a, &(0x7f0000000980))
ioctl$SNDRV_SEQ_IOCTL_SET_QUEUE_TIMER(r4, 0xc08c5334, &(0x7f00000000c0)={0x0, 0x0, {0x0, 0x0, 0x0, 0x0, 0xfffffffe}, 0x80000001})
tkill(r3, 0x7)
socket$nl_generic(0x10, 0x3, 0x10)
syz_genetlink_get_family_id$nl80211(0x0, 0xffffffffffffffff)
mount_setattr(0xffffffffffffffff, &(0x7f0000001d80)='.\x00', 0x0, &(0x7f0000001dc0)={0xb}, 0x20)

3.871179129s ago: executing program 3 (id=400):
r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0)
r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0)
r2 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000300)='blkio.bfq.io_merged_recursive\x00', 0x275a, 0x0)
write$binfmt_script(r2, &(0x7f0000000100), 0x208e24b)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0x2, 0x28011, r2, 0x0)
preadv(r2, &(0x7f00000015c0)=[{&(0x7f0000000080)=""/124, 0xffffff23}], 0x3e, 0x0, 0x0)
syz_emit_ethernet(0x4a, &(0x7f0000000000)=ANY=[@ANYBLOB="aaaaaaaaaaaaffffffffffff86dd600a847500140600fe8000000000000000000000000000bb", @ANYRES32=0x41424344], 0x0)
ioctl$KVM_SET_USER_MEMORY_REGION(r1, 0x4020ae46, &(0x7f0000000400)={0x0, 0x0, 0x0, 0x20002000, &(0x7f0000000000/0x2000)=nil})
syz_kvm_setup_cpu$x86(0xffffffffffffffff, 0xffffffffffffffff, &(0x7f0000327000/0x18000)=nil, &(0x7f0000000040)=[@text16={0x10, &(0x7f0000000180)="66b9800000c00f326635000800000f300f0f1c9a65660ff3b20618baa000ec672e660f38803d004000000f285473f61366b9800000c00f326635004000000f300f20e06635800000000f22e0f30fa6c8", 0x50}], 0x1, 0x0, 0x0, 0x0)
r3 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0)
syz_kvm_setup_cpu$x86(0xffffffffffffffff, r3, &(0x7f0000000000/0x18000)=nil, &(0x7f00000004c0)=[@text32={0x20, 0x0}], 0x1, 0x0, 0x0, 0x0)
recvmmsg(0xffffffffffffffff, &(0x7f0000000180)=[{{0x0, 0x0, 0x0}}], 0x1, 0x0, 0x0)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000000)={0x0}, 0x10)
ioctl$KVM_RUN(r3, 0xae80, 0x0)

3.869326965s ago: executing program 2 (id=401):
mkdirat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000000)='./cgroup.cpu/syz0\x00', 0x1ff)
r0 = openat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000080)='./cgroup.cpu/syz0\x00', 0x200002, 0x0)
r1 = openat$cgroup_int(r0, &(0x7f0000000040)='hugetlb.1GB.rsvd.limit_in_bytes\x00', 0x2, 0x0)
sendfile(r1, 0xffffffffffffffff, 0x0, 0x9)
r2 = syz_usb_connect(0x0, 0x2d, &(0x7f00000000c0)=ANY=[@ANYBLOB="12010000459bb2405804035000000000000109021b000111000000090400000195699b000905", @ANYRES32], 0x0)
prctl$PR_SET_SECCOMP(0x16, 0x2, &(0x7f0000000000)={0x1, &(0x7f00000000c0)=[{0x200000000006, 0x0, 0x0, 0x7ffc1ffb}]})
uname(&(0x7f0000000240)=""/190)
syz_usb_control_io(r2, 0x0, 0x0)
syz_usb_control_io$uac1(r2, 0x0, &(0x7f0000000440)={0x44, &(0x7f0000000d00)={0x0, 0x0, 0x3, "e648d1"}, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0})
syz_usb_control_io(r2, 0x0, 0x0)
syz_usb_control_io$cdc_ecm(r2, &(0x7f0000000200)={0x14, &(0x7f0000000100)={0x20, 0x1d, 0xad, {0xad, 0xc, "ff9109b59f64088b2da85af1f1d4a49dc0a6d91ac64d712a29427974b4e33a059d686b88f7a7a4ad306e4f5745f4a57b23c4fbea8dbd93801985c1e8a9a8ba24352bc60204379fa1dff974cbe06f88845e6afcd8066df7a13157cad6d16b3d44299410604d20934ad2501085867a70bd992fd03fac2135a2a3e7cf81af4ac81eebb27367ab296683964546b8c5c23dd468a72c6caf595adbd7738751b175e856e2424b3da357c39e0ff08e"}}, &(0x7f00000001c0)={0x0, 0x3, 0x1a, {0x1a}}}, &(0x7f0000000300)={0x1c, &(0x7f0000000240)={0x0, 0xd, 0x2e, "332eec293cf9fe89c6c9830bfb326d60a56f8ce866495a8a55bd0ae6dc699155ab7b3e9477ea3ec5552a1a0ec553"}, &(0x7f0000000280)={0x0, 0xa, 0x1, 0x6}, 0x0})
socket$xdp(0x2c, 0x3, 0x0)
syz_usb_control_io$hid(r2, 0x0, &(0x7f0000001e40)={0x2c, 0x0, 0x0, 0x0, &(0x7f0000001dc0)={0x20, 0x1, 0x2, 'q+'}, 0x0})

3.832200612s ago: executing program 0 (id=402):
r0 = add_key$keyring(&(0x7f0000000240), &(0x7f0000000280)={'syz', 0x3}, 0x0, 0x0, 0xfffffffffffffffd)
r1 = openat$hwrng(0xffffffffffffff9c, &(0x7f00000002c0), 0x0, 0x0)
preadv(r1, &(0x7f00000000c0)=[{&(0x7f0000001f00)=""/102386, 0x18ff2}], 0x1, 0x0, 0x0)
r2 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000280)={0x0, 0x5, &(0x7f0000000040)=ANY=[], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x90)
bpf$PROG_LOAD(0x5, &(0x7f00000007c0)={0x14, 0xb, &(0x7f0000000440)=ANY=[@ANYBLOB], &(0x7f00000004c0)='syzkaller\x00', 0x0, 0x1000, &(0x7f000001af00)=""/4096, 0x40f00, 0x0, '\x00', 0x0, @lirc_mode2, 0xffffffffffffffff, 0x8, &(0x7f0000000500)={0xa, 0x1}, 0x8, 0x10, 0x0, 0x0, 0xffffffffffffffff, r2, 0x0, &(0x7f0000000680)=[r1, r1, 0xffffffffffffffff, 0xffffffffffffffff], 0x0, 0x10, 0x1000, @void, @value}, 0x94)
ioctl$IOMMU_VFIO_IOAS$GET(0xffffffffffffffff, 0x3b88, &(0x7f0000000080)={0xc, <r3=>0x0})
r4 = openat$binderfs(0xffffffffffffff9c, &(0x7f00000000c0)='./binderfs/binder0\x00', 0x0, 0x0)
ioctl$BINDER_SET_CONTEXT_MGR_EXT(r4, 0x4018620d, &(0x7f0000000300))
r5 = openat$binderfs(0xffffffffffffff9c, &(0x7f0000000180)='./binderfs/binder0\x00', 0x0, 0x0)
ioctl$BINDER_WRITE_READ(r5, 0xc0306201, &(0x7f0000000080)={0x8, 0x0, &(0x7f0000000400)=[@increfs], 0x0, 0x0, 0x0})
r6 = dup3(r5, r4, 0x0)
r7 = openat$binderfs(0xffffffffffffff9c, &(0x7f0000000040)='./binderfs/binder0\x00', 0x0, 0x0)
mmap$binder(&(0x7f0000ffc000/0x2000)=nil, 0x2000, 0x1, 0x11, r7, 0x0)
ioctl$BINDER_SET_CONTEXT_MGR_EXT(r7, 0x4018620d, &(0x7f0000000040))
ioctl$BINDER_WRITE_READ(r6, 0xc0306201, &(0x7f00000003c0)={0x8, 0x0, &(0x7f0000000000)=[@acquire], 0x0, 0x0, 0x0})
ioctl$BINDER_WRITE_READ(r5, 0xc0306201, &(0x7f0000000500)={0x4c, 0x0, &(0x7f0000000580)=[@transaction_sg={0x40486311, {0x1, 0x0, 0x0, 0x0, 0x21, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}}], 0x0, 0x0, 0x0})
ioctl$BINDER_WRITE_READ(r6, 0xc0306201, &(0x7f0000000280)={0x4c, 0x0, &(0x7f0000000680)=[@transaction_sg={0x40486311, {0x1, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}}], 0x0, 0x0, 0x0})
r8 = openat$binder_debug(0xffffffffffffff9c, &(0x7f00000001c0)='/sys/kernel/debug/binder/transactions\x00', 0x0, 0x0)
preadv(r8, &(0x7f0000000180)=[{&(0x7f0000000240)=""/52, 0x34}], 0x1, 0x0, 0x0)
r9 = openat$iommufd(0xffffffffffffff9c, &(0x7f0000000040), 0x0, 0x0)
r10 = openat$iommufd(0xffffffffffffff9c, &(0x7f0000000100), 0x0, 0x0)
ioctl$IOMMU_IOAS_ALLOC(r10, 0x3b81, &(0x7f0000000140)={0xc, 0x0, <r11=>0x0})
syz_emit_vhci(&(0x7f0000000200)=@HCI_VENDOR_PKT, 0x2)
ioctl$IOMMU_IOAS_ALLOC(r9, 0x3b81, &(0x7f0000000240)={0xc, 0x0, <r12=>0x0})
ioctl$IOMMU_IOAS_MAP$PAGES(r9, 0x3b85, &(0x7f0000000280)={0x28, 0x7, r12, 0x0, &(0x7f0000ffb000/0x3000)=nil, 0x3000})
ioctl$IOMMU_TEST_OP_CREATE_ACCESS(r9, 0x3ba0, &(0x7f0000000080)={0x48, 0x5, r11})
ioctl$IOMMU_IOAS_COPY(r1, 0x3b83, &(0x7f0000000140)={0x28, 0x1, r3, r11, 0x3, 0x3, 0x2})
keyctl$KEYCTL_RESTRICT_KEYRING(0x1d, r0, &(0x7f0000000100)='asymmetric\x00', &(0x7f0000000040)=@keyring={'key_or_keyring:', 0x0, 0xa})

3.60708805s ago: executing program 4 (id=403):
r0 = syz_open_dev$sg(&(0x7f0000000000), 0x0, 0x0)
ioctl$AUTOFS_DEV_IOCTL_PROTOSUBVER(0xffffffffffffffff, 0xc0189373, &(0x7f0000000080)={{0x1, 0x1, 0x18, <r1=>r0, {0x27fe}}, './file0\x00'})
ioctl$DRM_IOCTL_MODE_GETCONNECTOR(0xffffffffffffffff, 0xc05064a7, &(0x7f0000000480)={&(0x7f0000000440)=[0x0, 0x0, 0x0, 0x0, 0x0, 0x0], &(0x7f0000000280)=[{}, {}], &(0x7f0000000400)=[0x0, 0x0], &(0x7f0000000200)=[0x0, 0x0, 0x0, 0x0, 0x0, 0x0], 0x2, 0x2, 0x5})
ioctl$DRM_IOCTL_MODE_GETPROPERTY(r1, 0xc04064aa, &(0x7f0000000340)={&(0x7f00000000c0)=[0x0, 0x0], &(0x7f0000000100)=[{}, {}], 0x0, 0x0, '\x00', 0x2, 0x2})
sched_setaffinity(0x0, 0x8, &(0x7f0000000180)=0xffff)
r2 = openat$hwrng(0xffffffffffffff9c, &(0x7f00000002c0), 0x0, 0x0)
preadv(r2, &(0x7f0000000240), 0x10000287, 0x0, 0x1)
setsockopt$inet_tcp_int(0xffffffffffffffff, 0x6, 0x22, 0x0, 0x0)
mmap(&(0x7f0000000000/0xfbe000)=nil, 0xfbe000, 0x2, 0x31, 0xffffffffffffffff, 0x0)
io_submit(0x0, 0x11, 0x0)
madvise(&(0x7f0000000000/0x600000)=nil, 0x600003, 0x19)
mlock2(&(0x7f0000006000/0x3000)=nil, 0x3000, 0x0)
r3 = openat$ptmx(0xffffffffffffff9c, &(0x7f0000000100), 0x40b80, 0x0)
ioctl$TIOCSETD(0xffffffffffffffff, 0x5423, &(0x7f0000000040))
r4 = socket$nl_netfilter(0x10, 0x3, 0xc)
sendmsg$IPCTNL_MSG_CT_GET_STATS_CPU(r4, &(0x7f0000000100)={0x0, 0x0, &(0x7f00000000c0)={0x0}}, 0x0)
recvmmsg(r4, &(0x7f0000000c80)=[{{0x0, 0x0, 0x0}}], 0x1, 0x0, 0x0)
ioctl$TIOCSTI(r3, 0x5423, &(0x7f0000000080)=0x7)
socket$nl_netfilter(0x10, 0x3, 0xc)
r5 = socket$nl_xfrm(0x10, 0x3, 0x6)
r6 = syz_open_dev$evdev(&(0x7f0000000280), 0x2, 0x0)
ioctl$EVIOCSREP(r6, 0x40084503, 0x0)
syz_emit_ethernet(0x5e, &(0x7f0000000380)=ANY=[@ANYBLOB="aaaaaaaaaaaa00000000000086dd6069a25000282100fc020000000000000000000000000000fe8000000000000000000000000000aa0002000000000000fc01000000000000000000000000000000000000040190780500d55d00eb358b"], 0x0)
sendmsg$nl_xfrm(r5, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000080)={&(0x7f0000000500)=ANY=[@ANYBLOB="640100001a0001000000000000000000fc00"/64, @ANYRES32=0x0, @ANYRES32=0x0, @ANYBLOB="ac1414aa000000000000000000000000000000006c000000fc0100000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000020000000000000000000000480003006465666c6174650000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000024000900000000000000000000000000000000000000000000000000000000000000000008000c00000000000c6badf959ce3ca39f"], 0x164}}, 0x0)

3.023873853s ago: executing program 0 (id=405):
set_mempolicy(0x2, &(0x7f0000000040)=0x471, 0x6)
getpid()
prctl$PR_SCHED_CORE(0x3e, 0x0, 0x0, 0x2, 0x0)
sched_setaffinity(0x0, 0x8, &(0x7f0000000040)=0x10001)
r0 = openat$hwrng(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0)
preadv(r0, &(0x7f0000000240)=[{&(0x7f0000033a80)=""/102386, 0xfffffd6e}], 0x1, 0x0, 0x0)
r1 = openat$uinput(0xffffffffffffff9c, &(0x7f0000000540), 0x802, 0x0)
ioctl$UI_ABS_SETUP(r1, 0x401c5504, &(0x7f0000000340)={0x400000100002f})
seccomp$SECCOMP_SET_MODE_FILTER_LISTENER(0x1, 0x0, 0x0)
ioctl$UI_SET_EVBIT(r1, 0x40045564, 0x3)
ioctl$UI_DEV_CREATE(r1, 0x5501)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
r2 = socket$inet(0xa, 0x801, 0x84)
connect$inet(r2, &(0x7f0000004cc0)={0x2, 0x0, @remote={0xac, 0x14, 0xffffffffffffffff}}, 0x10)
listen(r2, 0x100000001)
r3 = accept4(r2, 0x0, 0x0, 0x0)
setsockopt$inet_sctp6_SCTP_EVENTS(r3, 0x84, 0xb, &(0x7f0000000040)={0x8, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x9}, 0xe)
recvmmsg(r3, &(0x7f0000004300), 0x3a4, 0x4000, 0x0)
mkdirat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000000)='./cgroup.cpu/syz0\x00', 0x1ff)

3.02149537s ago: executing program 3 (id=406):
r0 = add_key$keyring(&(0x7f0000000240), &(0x7f0000000280)={'syz', 0x3}, 0x0, 0x0, 0xfffffffffffffffd)
r1 = openat$hwrng(0xffffffffffffff9c, &(0x7f00000002c0), 0x0, 0x0)
preadv(r1, &(0x7f00000000c0)=[{&(0x7f0000001f00)=""/102386, 0x18ff2}], 0x1, 0x0, 0x0)
r2 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000280)={0x0, 0x5, &(0x7f0000000040)=ANY=[], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x90)
bpf$PROG_LOAD(0x5, &(0x7f00000007c0)={0x14, 0xb, &(0x7f0000000440)=ANY=[@ANYBLOB], &(0x7f00000004c0)='syzkaller\x00', 0x0, 0x1000, &(0x7f000001af00)=""/4096, 0x40f00, 0x0, '\x00', 0x0, @lirc_mode2, 0xffffffffffffffff, 0x8, &(0x7f0000000500)={0xa, 0x1}, 0x8, 0x10, 0x0, 0x0, 0xffffffffffffffff, r2, 0x0, &(0x7f0000000680)=[r1, r1, 0xffffffffffffffff, 0xffffffffffffffff], 0x0, 0x10, 0x1000, @void, @value}, 0x94)
ioctl$IOMMU_VFIO_IOAS$GET(0xffffffffffffffff, 0x3b88, &(0x7f0000000080)={0xc, <r3=>0x0})
r4 = openat$binderfs(0xffffffffffffff9c, &(0x7f00000000c0)='./binderfs/binder0\x00', 0x0, 0x0)
ioctl$BINDER_SET_CONTEXT_MGR_EXT(r4, 0x4018620d, &(0x7f0000000300))
r5 = openat$binderfs(0xffffffffffffff9c, &(0x7f0000000180)='./binderfs/binder0\x00', 0x0, 0x0)
ioctl$BINDER_WRITE_READ(r5, 0xc0306201, &(0x7f0000000080)={0x8, 0x0, &(0x7f0000000400)=[@increfs], 0x0, 0x0, 0x0})
r6 = dup3(r5, r4, 0x0)
r7 = openat$binderfs(0xffffffffffffff9c, &(0x7f0000000040)='./binderfs/binder0\x00', 0x0, 0x0)
mmap$binder(&(0x7f0000ffc000/0x2000)=nil, 0x2000, 0x1, 0x11, r7, 0x0)
ioctl$BINDER_SET_CONTEXT_MGR_EXT(r7, 0x4018620d, &(0x7f0000000040))
ioctl$BINDER_WRITE_READ(r6, 0xc0306201, &(0x7f00000003c0)={0x8, 0x0, &(0x7f0000000000)=[@acquire], 0x0, 0x0, 0x0})
ioctl$BINDER_WRITE_READ(r5, 0xc0306201, &(0x7f0000000500)={0x4c, 0x0, &(0x7f0000000580)=[@transaction_sg={0x40486311, {0x1, 0x0, 0x0, 0x0, 0x21, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}}], 0x0, 0x0, 0x0})
ioctl$BINDER_WRITE_READ(r6, 0xc0306201, &(0x7f0000000280)={0x4c, 0x0, &(0x7f0000000680)=[@transaction_sg={0x40486311, {0x1, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}}], 0x0, 0x0, 0x0})
r8 = openat$binder_debug(0xffffffffffffff9c, &(0x7f00000001c0)='/sys/kernel/debug/binder/transactions\x00', 0x0, 0x0)
preadv(r8, &(0x7f0000000180)=[{&(0x7f0000000240)=""/52, 0x34}], 0x1, 0x0, 0x0)
r9 = openat$iommufd(0xffffffffffffff9c, &(0x7f0000000040), 0x0, 0x0)
r10 = openat$iommufd(0xffffffffffffff9c, &(0x7f0000000100), 0x0, 0x0)
ioctl$IOMMU_IOAS_ALLOC(r10, 0x3b81, &(0x7f0000000140)={0xc, 0x0, <r11=>0x0})
syz_emit_vhci(&(0x7f0000000200)=@HCI_VENDOR_PKT, 0x2)
ioctl$IOMMU_IOAS_ALLOC(r9, 0x3b81, &(0x7f0000000240)={0xc, 0x0, <r12=>0x0})
ioctl$IOMMU_IOAS_MAP$PAGES(r9, 0x3b85, &(0x7f0000000280)={0x28, 0x7, r12, 0x0, &(0x7f0000ffb000/0x3000)=nil, 0x3000})
ioctl$IOMMU_TEST_OP_CREATE_ACCESS(r9, 0x3ba0, &(0x7f0000000080)={0x48, 0x5, r11})
ioctl$IOMMU_IOAS_COPY(r1, 0x3b83, &(0x7f0000000140)={0x28, 0x1, r3, r11, 0x3, 0x3, 0x2})
keyctl$KEYCTL_RESTRICT_KEYRING(0x1d, r0, &(0x7f0000000100)='asymmetric\x00', &(0x7f0000000040)=@keyring={'key_or_keyring:', 0x0, 0xa})
add_key(&(0x7f0000000000)='ceph\x00', &(0x7f0000000040)={'syz', 0x0}, &(0x7f00000000c0)="ae", 0x1, r0)

2.336894765s ago: executing program 3 (id=407):
r0 = socket$can_bcm(0x1d, 0x2, 0x2)
ioctl$ifreq_SIOCGIFINDEX_vcan(r0, 0x8933, &(0x7f0000000100)={'vcan0\x00', <r1=>0x0})
connect$can_bcm(r0, &(0x7f00000000c0), 0x10)
sendmsg$can_bcm(r0, &(0x7f00000002c0)={&(0x7f00000001c0)={0x1d, r1}, 0x10, &(0x7f0000000280)={&(0x7f0000000200)={0xffffff1f, 0x844, 0x0, {}, {0x77359400}, {}, 0x1, @canfd={{}, 0x0, 0x0, 0x0, 0x0, "d015d48f126de17910da6b6d6db83da5f30b7ba8d8d599b92370931f6720dcbfc3acf07fff2873e9c557e080d3ee193bfbb811a7b47acb7d51c00d6f9a9fa54e"}}, 0x38}}, 0x0)

2.070921699s ago: executing program 3 (id=408):
syz_open_dev$sndctrl(&(0x7f0000000640), 0x0, 0x0)
r0 = openat$dsp(0xffffffffffffff9c, &(0x7f0000000000), 0x42, 0x0)
write$dsp(r0, &(0x7f00000001c0)="5cba91a4", 0xffffffd9)
socketpair$unix(0x1, 0x5, 0x0, &(0x7f0000000040)={<r1=>0xffffffffffffffff, <r2=>0xffffffffffffffff})
sendmsg$inet(r2, &(0x7f0000001b00)={0x0, 0x0, 0x0, 0x0, &(0x7f0000001d80)=ANY=[@ANYBLOB="28010000000000000100000001"], 0x128}, 0x0)
recvmsg$unix(r1, &(0x7f0000000000)={0x0, 0x0, 0x0, 0x0, &(0x7f0000000140), 0x100}, 0x0)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000100)={<r3=>0xffffffffffffffff, <r4=>0xffffffffffffffff})
sendmsg$inet(r4, &(0x7f0000001b00)={0x0, 0x0, 0x0, 0x0, &(0x7f0000001d80)=ANY=[], 0x128}, 0x0)
recvmsg$unix(r3, &(0x7f0000000000)={0x0, 0x0, 0x0, 0x0, &(0x7f0000000140), 0x100}, 0x0)
socketpair$unix(0x1, 0x5, 0x0, &(0x7f0000000040)={<r5=>0xffffffffffffffff, <r6=>0xffffffffffffffff})
sendmsg$inet(r6, &(0x7f0000001b00)={0x0, 0x0, 0x0, 0x0, &(0x7f0000001d80)=ANY=[], 0x128}, 0x0)
recvmsg$unix(r5, &(0x7f0000000000)={0x0, 0x0, 0x0, 0x0, &(0x7f0000000280), 0x100}, 0x0)
socketpair$unix(0x1, 0x5, 0x0, &(0x7f0000000040)={<r7=>0xffffffffffffffff, <r8=>0xffffffffffffffff})
sendmsg$inet(r8, &(0x7f0000001b00)={0x0, 0x0, 0x0, 0x0, &(0x7f0000001d80)=ANY=[], 0x128}, 0x0)
recvmsg(r7, &(0x7f00000005c0)={0x0, 0x0, 0x0, 0x0, &(0x7f0000001dc0)=""/4096, 0x1000}, 0x0)
ioctl$SNDCTL_DSP_SYNC(r0, 0x5001, 0x0)
io_uring_setup(0x5237, &(0x7f00000002c0))
ioctl$SNDCTL_DSP_CHANNELS(r0, 0xc0045006, &(0x7f0000000040))

1.965919992s ago: executing program 0 (id=409):
r0 = socket(0x2a, 0x2, 0x0)
sendmsg$nl_route_sched(0xffffffffffffffff, &(0x7f0000000300)={0x0, 0x0, &(0x7f0000000400)={&(0x7f00000005c0)=@newqdisc={0x24}, 0x24}}, 0x0)
getsockname$packet(r0, &(0x7f0000000200)={0x11, 0x0, <r1=>0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000001480)=0x14)
sendmsg$nl_route_sched(0xffffffffffffffff, &(0x7f00000002c0)={0x0, 0x0, &(0x7f0000000280)={&(0x7f0000000380)=@newqdisc={0x24, 0x24, 0xf0b, 0x0, 0x0, {0x0, 0x0, 0x0, r1, {}, {0xffff, 0xffff}}}, 0x24}}, 0x0)
sendmsg$nl_route_sched(0xffffffffffffffff, &(0x7f0000000340)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000440)=@newtfilter={0x44, 0x2c, 0xd27, 0x0, 0x0, {0x0, 0x0, 0x0, r1, {0x0, 0xffe0}, {}, {0x1c}}, [@filter_kind_options=@f_flower={{0x6}, {0x14, 0x2, [@TCA_FLOWER_KEY_ENC_OPTS={0x10, 0x54, 0x0, 0x1, [@TCA_FLOWER_KEY_ENC_OPTS_ERSPAN={0xc, 0x3, 0x0, 0x1, [@TCA_FLOWER_KEY_ENC_OPT_ERSPAN_VER={0x5}]}]}]}}]}, 0x44}}, 0x0)
r2 = socket$netlink(0x10, 0x3, 0x0)
sendmmsg(r2, &(0x7f00000002c0), 0x40000000000009f, 0x20)

1.257724677s ago: executing program 0 (id=410):
r0 = socket$alg(0x26, 0x5, 0x0)
bind$alg(r0, &(0x7f0000000240)={0x26, 'skcipher\x00', 0x0, 0x0, 'ecb-cipher_null\x00'}, 0x58)
r1 = socket(0xa, 0x1, 0x0)
setsockopt$IP_VS_SO_SET_ADD(r1, 0x0, 0x482, &(0x7f0000000040)={0x100000011, @multicast2, 0x0, 0x2, 'lc\x00'}, 0x2c)
setsockopt$IP_VS_SO_SET_ADD(r1, 0x0, 0x482, &(0x7f0000000000)={0x11, @multicast1, 0x0, 0x1000002, 'lblcr\x00', 0x0, 0x0, 0x28}, 0x2c)
syz_io_uring_setup(0x23b, &(0x7f0000000080)={0x0, 0x0, 0x10100}, &(0x7f0000000000)=<r2=>0x0, &(0x7f0000000100)=<r3=>0x0)
r4 = socket$nl_route(0x10, 0x3, 0x0)
syz_io_uring_submit(r2, r3, &(0x7f00000001c0)=@IORING_OP_SEND={0x1a, 0x20, 0x0, r4, 0x0, 0xfffffffffffffffc})
ioctl$SW_SYNC_IOC_CREATE_FENCE(0xffffffffffffffff, 0xc0285700, &(0x7f0000000140)={0x0, "540bf55c4d009205d565c6e2199f73fd5043434326868d0dda212e0980e37df6"})
getuid()
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
sched_setaffinity(0x0, 0x8, &(0x7f0000000040)=0x10001)
ioctl$vim2m_VIDIOC_ENUM_FMT(0xffffffffffffffff, 0xc0405602, &(0x7f0000000040)={0xa, 0x1, 0x0, "093d4a3b5b7bc69a21cfb7f5eaac460300000000000000a667693addcb249341"})
r5 = openat$hwrng(0xffffffffffffff9c, &(0x7f00000002c0), 0x0, 0x0)
preadv(r5, &(0x7f00000003c0)=[{&(0x7f0000000800)=""/102400, 0x19000}], 0x1000000000000109, 0xfffffffe, 0x0)
socketpair$unix(0x1, 0x1, 0x0, &(0x7f0000000080))
sendmsg$kcm(0xffffffffffffffff, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000080)=[{&(0x7f00000007c0)="1400000035000b63525a80643d66b7d809f2e2ff", 0x14}], 0x1}, 0x0)
r6 = socket$nl_generic(0x10, 0x3, 0x10)
ioctl$sock_SIOCGIFINDEX_80211(r6, 0x8933, &(0x7f00000002c0)={'wlan0\x00', <r7=>0x0})
sendmsg$NL80211_CMD_FRAME(r6, &(0x7f0000000200)={0x0, 0x0, &(0x7f0000000640)={&(0x7f0000000300)=ANY=[@ANYBLOB="8c000000", @ANYRES16, @ANYBLOB="010000000000000000003b00000008000300", @ANYRES32=r7, @ANYBLOB="6d00330080000000ffffffffffff08021100000050505050505000000000000010000000000020840100050c426df820897d7e36e4cd79461e72d725030000002a01002d1a00081502000000000000000004720603030303030371070001fe3fe03e9cf8ff00021600000000"], 0x8c}}, 0x0)

868.171691ms ago: executing program 3 (id=411):
r0 = syz_usb_connect$hid(0x0, 0x36, &(0x7f0000000080)=ANY=[@ANYBLOB="12010000090024206d041cc340000000000109022400010000a00009040000010301010009210008000122010009058103"], 0x0)
syz_usb_control_io$hid(r0, &(0x7f0000000240)={0x24, &(0x7f00000002c0)=ANY=[@ANYBLOB="00000c000000070001"], 0x0, 0x0, 0x0}, 0x0)
syz_usb_control_io(r0, 0x0, &(0x7f0000000180)={0x84, 0x0, 0x0, 0x0, 0x0, &(0x7f0000000280)=ANY=[@ANYBLOB=' '], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0})
syz_usb_control_io(r0, 0x0, 0x0)
syz_usb_control_io(r0, 0x0, &(0x7f0000001200)={0x84, 0x0, 0x0, 0x0, &(0x7f0000000040)={0x20, 0x0, 0x4, {0x1}}, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0})
syz_usb_control_io$hid(r0, 0x0, 0x0)
syz_usb_control_io(r0, 0x0, &(0x7f0000000b00)={0x84, 0x0, 0x0, 0x0, 0x0, &(0x7f0000000740)={0x20, 0x0, 0x4, {0x800, 0x2}}, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0})
syz_usb_control_io(r0, 0x0, 0x0)
r1 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000100), 0x0, 0x0)
r2 = ioctl$KVM_CREATE_VM(r1, 0xae01, 0x0)
ioctl$KVM_CREATE_IRQCHIP(r2, 0xae60)
r3 = ioctl$KVM_CREATE_VCPU(r2, 0xae41, 0x200)
ioctl$KVM_RUN(r3, 0xae80, 0x0)
ioctl$KVM_GET_REG_LIST(r3, 0x4004ae8b, 0x0)
ioctl$KVM_CREATE_VCPU(r2, 0xae41, 0x0)
ioctl$KVM_SET_IRQCHIP(r2, 0x8208ae63, &(0x7f0000000140)={0x2, 0x0, @ioapic={0x0, 0x0, 0x0, 0xeffffdff, 0x0, [{}, {0x0, 0x5}, {0x0, 0x6}, {}, {}, {}, {0x0, 0x0, 0x0, '\x00', 0x1}, {}, {}, {}, {0x40}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {0x0, 0x0, 0x10}]}})
syz_usb_control_io(r0, 0x0, &(0x7f0000000840)={0x84, 0x0, 0x0, 0x0, 0x0, &(0x7f0000000000)={0x20, 0x0, 0x8, {0x0, 0x0, [0xffff]}}, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0})
socketpair$unix(0x1, 0x1, 0x0, &(0x7f00000000c0))

494.984792ms ago: executing program 2 (id=412):
r0 = socket$nl_netfilter(0x10, 0x3, 0xc)
sendmsg$NFT_BATCH(r0, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000040)={&(0x7f0000000200)=ANY=[@ANYBLOB="140000001000010000000000000000000000000a20000000000a010300000000000000000100fffd0900010073797a300000000040000000030a01020000000000000000010000000900030073797a3200000000140004800800024032658aeb08000140000000010900010073797a300000000044000000060a010400000000000001040100000008000b40000000000900010073797a30000000001c000480180001800d00010073796e70726f7879000000000400028014000000110001"], 0xcc}}, 0x0)
r1 = socket$inet6_mptcp(0xa, 0x1, 0x106)
setsockopt$inet6_tcp_TCP_CONGESTION(r1, 0x6, 0xd, &(0x7f00000000c0)='dctcp\x00', 0x6)
bind$inet6(r1, &(0x7f0000000000)={0xa, 0x3, 0x0, @loopback}, 0x1c)
connect$inet6(r1, &(0x7f0000000040)={0xa, 0x3, 0x0, @loopback}, 0x1c)
socket$nl_route(0x10, 0x3, 0x0)
socket$inet6_udp(0xa, 0x2, 0x0)
socket$nl_generic(0x10, 0x3, 0x10)
socket$packet(0x11, 0x3, 0x300)
socket$nl_generic(0x10, 0x3, 0x10)
fsopen(&(0x7f0000000000)='pipefs\x00', 0x0)
r2 = socket$nl_xfrm(0x10, 0x3, 0x6)
sendmsg$nl_xfrm(r2, &(0x7f0000000180)={0x0, 0x0, &(0x7f0000000040)={&(0x7f00000001c0)=ANY=[@ANYRES32=0x0, @ANYRES32=0x0, @ANYBLOB="7f0000010000000000000000000000000000000033000000fc01000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000200000000000000000000004c0014"], 0x144}}, 0x0)
socket$nl_route(0x10, 0x3, 0x0)
ioctl$sock_ipv6_tunnel_SIOCGET6RD(0xffffffffffffffff, 0x89f8, &(0x7f0000000080)={'ip_vti0\x00', &(0x7f0000000380)={'syztnl1\x00', <r3=>0x0, 0x700, 0x8, 0x8001, 0x2, {{0x2e, 0x4, 0x3, 0x17, 0xb8, 0x68, 0x0, 0x5, 0x4, 0x0, @empty, @loopback, {[@timestamp_prespec={0x44, 0x24, 0xe0, 0x3, 0x7, [{@rand_addr=0x64010100, 0x80000000}, {@loopback, 0x3c6}, {@multicast2, 0x4}, {@rand_addr=0x64010100, 0x72cb00}]}, @rr={0x7, 0x27, 0x78, [@rand_addr=0x64010101, @rand_addr=0x64010102, @remote, @rand_addr=0x64010100, @initdev={0xac, 0x1e, 0x0, 0x0}, @multicast2, @initdev={0xac, 0x1e, 0x1, 0x0}, @initdev={0xac, 0x1e, 0x1, 0x0}, @rand_addr=0x64010100]}, @rr={0x7, 0x13, 0xe6, [@private=0xa010102, @multicast2, @dev={0xac, 0x14, 0x14, 0x19}, @multicast1]}, @ra={0x94, 0x4, 0x1}, @timestamp={0x44, 0xc, 0x76, 0x0, 0x3, [0x80000001, 0x5]}, @lsrr={0x83, 0xb, 0x77, [@empty, @multicast1]}, @generic={0x83, 0x8, "62b5df8ef9ba"}, @timestamp_prespec={0x44, 0xc, 0x7b, 0x3, 0xf, [{@rand_addr=0x64010100}]}, @rr={0x7, 0x17, 0x48, [@dev={0xac, 0x14, 0x14, 0x33}, @multicast2, @loopback, @remote, @broadcast]}]}}}}})
sendmsg$nl_route(0xffffffffffffffff, &(0x7f00000002c0)={0x0, 0x0, &(0x7f0000000780)={&(0x7f0000000500)=@ipv4_newroute={0x2c, 0x18, 0x1, 0x0, 0x0, {0x2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x9}, [@RTA_ENCAP_TYPE={0x6, 0x15, 0x2}, @RTA_OIF={0x8, 0x4, r3}]}, 0x2c}}, 0x40810)
r4 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000340), 0x0, 0x0)
r5 = ioctl$KVM_CREATE_VM(r4, 0xae01, 0x0)
prctl$PR_SET_MM_EXE_FILE(0x23, 0xd, r5)
r6 = openat$rdma_cm(0xffffffffffffff9c, &(0x7f000001f4c0), 0x2, 0x0)
write$RDMA_USER_CM_CMD_CREATE_ID(r6, &(0x7f0000000480)={0x0, 0x18, 0xfa00, {0x0, &(0x7f0000000000)={<r7=>0xffffffffffffffff}, 0x13f}}, 0x20)
write$RDMA_USER_CM_CMD_RESOLVE_IP(r6, &(0x7f0000000100)={0x3, 0x40, 0xfa00, {{0xa, 0x4e21}, {0xa, 0x0, 0x0, @private1}, r7}}, 0x48)
write$RDMA_USER_CM_CMD_CREATE_ID(0xffffffffffffffff, &(0x7f0000000480)={0x0, 0x18, 0xfa00, {0x0, &(0x7f0000000000)={<r8=>0xffffffffffffffff}, 0x13f}}, 0x20)
write$RDMA_USER_CM_CMD_RESOLVE_IP(0xffffffffffffffff, &(0x7f0000000100)={0x3, 0x40, 0xfa00, {{0xa, 0x4e21, 0x0, @empty}, {0xa, 0x0, 0x0, @ipv4={'\x00', '\xff\xff', @multicast2}}, r8}}, 0x48)

399.311284ms ago: executing program 0 (id=413):
prctl$PR_SET_SECCOMP(0x16, 0x2, &(0x7f0000000000)={0x0, &(0x7f00000000c0)})
removexattr(&(0x7f0000000380)='./file0\x00', &(0x7f00000003c0)=@known='security.apparmor\x00')

0s ago: executing program 0 (id=414):
r0 = syz_open_dev$sg(&(0x7f0000000000), 0x0, 0x0)
ioctl$AUTOFS_DEV_IOCTL_PROTOSUBVER(0xffffffffffffffff, 0xc0189373, &(0x7f0000000080)={{0x1, 0x1, 0x18, <r1=>r0, {0x27fe}}, './file0\x00'})
ioctl$DRM_IOCTL_MODE_GETCONNECTOR(0xffffffffffffffff, 0xc05064a7, &(0x7f0000000480)={&(0x7f0000000440)=[0x0, 0x0, 0x0, 0x0, 0x0, 0x0], &(0x7f0000000280)=[{}, {}], &(0x7f0000000400)=[0x0, 0x0], &(0x7f0000000200)=[0x0, 0x0, 0x0, 0x0, 0x0, 0x0], 0x2, 0x2, 0x5})
ioctl$DRM_IOCTL_MODE_GETPROPERTY(r1, 0xc04064aa, &(0x7f0000000340)={&(0x7f00000000c0)=[0x0, 0x0], &(0x7f0000000100)=[{}, {}], 0x0, 0x0, '\x00', 0x2, 0x2})
sched_setaffinity(0x0, 0x8, &(0x7f0000000180)=0xffff)
r2 = openat$hwrng(0xffffffffffffff9c, &(0x7f00000002c0), 0x0, 0x0)
preadv(r2, &(0x7f0000000240), 0x10000287, 0x0, 0x1)
setsockopt$inet_tcp_int(0xffffffffffffffff, 0x6, 0x22, 0x0, 0x0)
mmap(&(0x7f0000000000/0xfbe000)=nil, 0xfbe000, 0x2, 0x31, 0xffffffffffffffff, 0x0)
io_submit(0x0, 0x11, 0x0)
madvise(&(0x7f0000000000/0x600000)=nil, 0x600003, 0x19)
mlock2(&(0x7f0000006000/0x3000)=nil, 0x3000, 0x0)
r3 = openat$ptmx(0xffffffffffffff9c, &(0x7f0000000100), 0x40b80, 0x0)
ioctl$TIOCSETD(0xffffffffffffffff, 0x5423, &(0x7f0000000040))
r4 = socket$nl_netfilter(0x10, 0x3, 0xc)
sendmsg$IPCTNL_MSG_CT_GET_STATS_CPU(r4, &(0x7f0000000100)={0x0, 0x0, &(0x7f00000000c0)={0x0}}, 0x0)
recvmmsg(r4, &(0x7f0000000c80)=[{{0x0, 0x0, 0x0}}], 0x1, 0x0, 0x0)
ioctl$TIOCSTI(r3, 0x5423, &(0x7f0000000080)=0x7)
io_uring_setup(0x6ff7, &(0x7f00000001c0)={0x0, 0x4, 0x400, 0xfffffffc, 0x2ed, 0x0, r2})
r5 = socket$nl_xfrm(0x10, 0x3, 0x6)
r6 = syz_open_dev$evdev(&(0x7f0000000280), 0x2, 0x0)
ioctl$EVIOCSREP(r6, 0x40084503, 0x0)
syz_emit_ethernet(0x5e, &(0x7f0000000380)=ANY=[@ANYBLOB="aaaaaaaaaaaa00000000000086dd6069a25000282100fc020000000000000000000000000000fe8000000000000000000000000000aa0002000000000000fc01000000000000000000000000000000000000040190780500d55d00eb358b"], 0x0)
sendmsg$nl_xfrm(r5, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000080)={&(0x7f0000000500)=ANY=[@ANYBLOB="640100001a0001000000000000000000fc00"/64, @ANYRES32=0x0, @ANYRES32=0x0, @ANYBLOB="ac1414aa000000000000000000000000000000006c000000fc0100000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000020000000000000000000000480003006465666c6174650000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000024000900000000000000000000000000000000000000000000000000000000000000000008000c00000000000c6badf959ce3ca39f"], 0x164}}, 0x0)

kernel console output (not intermixed with test programs):

ainder of the config
[  114.416889][ T1179] usb 1-1: config 1 has 1 interface, different from the descriptor's value: 2
[  114.446547][ T1179] usb 1-1: config 1 has no interface number 0
[  114.462957][ T1179] usb 1-1: config 1 interface 128 altsetting 0 has 0 endpoint descriptors, different from the interface descriptor's value: 1
[  114.486703][ T1179] usb 1-1: New USB device found, idVendor=0525, idProduct=a4a1, bcdDevice= 0.40
[  114.521593][ T5280] usb 2-1: USB disconnect, device number 11
[  114.545883][ T1179] usb 1-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  114.578321][ T1179] usb 1-1: Product: syz
[  114.592414][ T1179] usb 1-1: Manufacturer: syz
[  114.602995][ T1179] usb 1-1: SerialNumber: syz
[  114.646416][ T1179] cdc_wdm 1-1:1.128: skipping garbage
[  114.663735][ T1179] cdc_wdm 1-1:1.128: probe with driver cdc_wdm failed with error -22
[  114.766431][   T61] Ignoring NSS change in VHT Operating Mode Notification from 08:02:11:00:00:00 with invalid nss 2
[  114.958077][ T5791] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy
[  115.015061][ T5791] misc raw-gadget: fail, usb_gadget_register_driver returned -16
[  115.850862][ T5815] fuse: Bad value for 'user_id'
[  115.858334][ T5815] fuse: Bad value for 'user_id'
[  115.936305][ T5282] usb 4-1: USB disconnect, device number 9
[  115.986589][ T1179] IPVS: starting estimator thread 0...
[  116.128759][ T5818] IPVS: using max 16 ests per chain, 38400 per kthread
[  116.693038][   T51] usb 3-1: new high-speed USB device number 18 using dummy_hcd
[  116.862183][   T51] usb 3-1: config 36 has an invalid descriptor of length 0, skipping remainder of the config
[  116.896531][   T51] usb 3-1: config 36 interface 0 altsetting 0 has 0 endpoint descriptors, different from the interface descriptor's value: 1
[  117.011961][   T51] usb 3-1: New USB device found, idVendor=6993, idProduct=b001, bcdDevice=3d.29
[  117.027619][   T51] usb 3-1: New USB device strings: Mfr=244, Product=0, SerialNumber=16
[  117.031458][ T5280] usb 1-1: USB disconnect, device number 11
[  117.054147][   T51] usb 3-1: Manufacturer: syz
[  117.068316][   T51] usb 3-1: SerialNumber: syz
[  117.189004][ T5282] usb 2-1: new high-speed USB device number 12 using dummy_hcd
[  117.351479][ T5282] usb 2-1: config 36 has an invalid descriptor of length 0, skipping remainder of the config
[  117.374176][ T5282] usb 2-1: config 36 interface 0 altsetting 0 has 0 endpoint descriptors, different from the interface descriptor's value: 1
[  117.416987][ T5282] usb 2-1: New USB device found, idVendor=6993, idProduct=b001, bcdDevice=3d.29
[  117.429430][ T5282] usb 2-1: New USB device strings: Mfr=244, Product=0, SerialNumber=16
[  117.441608][ T5282] usb 2-1: Manufacturer: syz
[  117.454425][ T5282] usb 2-1: SerialNumber: syz
[  117.578858][ T1179] usb 1-1: new full-speed USB device number 12 using dummy_hcd
[  117.792247][ T1179] usb 1-1: New USB device found, idVendor=06be, idProduct=a232, bcdDevice=33.f3
[  117.856555][ T1179] usb 1-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  117.876083][ T1179] usb 1-1: Product: syz
[  117.886555][ T1179] usb 1-1: Manufacturer: syz
[  117.896671][ T1179] usb 1-1: SerialNumber: syz
[  117.916801][ T1179] usb 1-1: config 0 descriptor??
[  118.392212][ T5847] fuse: Unknown parameter 'fd0xffffffffffffffff'
[  118.689199][ T1179] dvb_usb_dtv5100 1-1:0.0: probe with driver dvb_usb_dtv5100 failed with error -110
[  119.051997][  T412] netdevsim netdevsim4 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  119.335227][  T412] netdevsim netdevsim4 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  119.416310][   T51] usbhid 3-1:36.0: couldn't find an input interrupt endpoint
[  119.443469][   T51] usb 3-1: USB disconnect, device number 18
[  119.529551][ T5281] usb 4-1: new high-speed USB device number 10 using dummy_hcd
[  119.553666][  T412] netdevsim netdevsim4 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  119.688139][ T5282] usbhid 2-1:36.0: couldn't find an input interrupt endpoint
[  119.718734][ T5281] usb 4-1: Using ep0 maxpacket: 8
[  119.732083][ T5281] usb 4-1: config 1 has an invalid interface number: 128 but max is 1
[  119.750494][  T412] netdevsim netdevsim4 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  119.762468][ T5282] usb 2-1: USB disconnect, device number 12
[  119.769092][ T5281] usb 4-1: config 1 has an invalid descriptor of length 0, skipping remainder of the config
[  119.803044][ T5281] usb 4-1: config 1 has 1 interface, different from the descriptor's value: 2
[  119.819915][ T5280] IPVS: starting estimator thread 0...
[  119.840196][ T5281] usb 4-1: config 1 has no interface number 0
[  119.862242][ T5281] usb 4-1: config 1 interface 128 altsetting 0 has 0 endpoint descriptors, different from the interface descriptor's value: 1
[  119.899269][ T5281] usb 4-1: New USB device found, idVendor=0525, idProduct=a4a1, bcdDevice= 0.40
[  119.918130][ T5281] usb 4-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  119.936884][ T5862] IPVS: using max 25 ests per chain, 60000 per kthread
[  119.958289][ T5281] usb 4-1: Product: syz
[  119.967485][ T5281] usb 4-1: Manufacturer: syz
[  119.983231][ T5281] usb 4-1: SerialNumber: syz
[  120.005426][ T5281] cdc_wdm 4-1:1.128: skipping garbage
[  120.014949][ T5281] cdc_wdm 4-1:1.128: probe with driver cdc_wdm failed with error -22
[  120.015280][ T5231] Bluetooth: hci0: unexpected cc 0x0c03 length: 249 > 1
[  120.091930][ T5231] Bluetooth: hci0: unexpected cc 0x1003 length: 249 > 9
[  120.113968][ T5231] Bluetooth: hci0: unexpected cc 0x1001 length: 249 > 9
[  120.158801][ T5231] Bluetooth: hci0: unexpected cc 0x0c23 length: 249 > 4
[  120.169220][ T5231] Bluetooth: hci0: unexpected cc 0x0c25 length: 249 > 3
[  120.176579][ T5231] Bluetooth: hci0: unexpected cc 0x0c38 length: 249 > 2
[  120.224807][ T5858] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy
[  120.260009][ T5280] usb 1-1: USB disconnect, device number 12
[  120.336920][ T5858] misc raw-gadget: fail, usb_gadget_register_driver returned -16
[  120.433279][  T412] bridge_slave_1: left allmulticast mode
[  120.462009][  T412] bridge_slave_1: left promiscuous mode
[  120.475799][  T412] bridge0: port 2(bridge_slave_1) entered disabled state
[  120.581847][  T412] bridge_slave_0: left allmulticast mode
[  120.587561][  T412] bridge_slave_0: left promiscuous mode
[  120.594440][  T412] bridge0: port 1(bridge_slave_0) entered disabled state
[  120.968819][   T51] usb 1-1: new high-speed USB device number 13 using dummy_hcd
[  121.009191][ T5878] loop2: detected capacity change from 0 to 7
[  121.051964][ T5878] Dev loop2: unable to read RDB block 7
[  121.078040][ T5878]  loop2: unable to read partition table
[  121.125754][ T5878] loop2: partition table beyond EOD, truncated
[  121.148750][   T51] usb 1-1: Using ep0 maxpacket: 32
[  121.154041][ T5878] loop_reread_partitions: partition scan of loop2 (þ被xü—ŸÑà– ) failed (rc=-5)
[  121.179627][   T51] usb 1-1: no configurations
[  121.189719][   T51] usb 1-1: can't read configurations, error -22
[  121.349980][   T51] usb 1-1: new high-speed USB device number 14 using dummy_hcd
[  121.528931][   T51] usb 1-1: Using ep0 maxpacket: 32
[  121.535881][   T51] usb 1-1: no configurations
[  121.556605][   T51] usb 1-1: can't read configurations, error -22
[  121.590344][   T51] usb usb1-port1: attempt power cycle
[  121.772350][  T412] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface
[  121.817538][  T412] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface
[  121.841723][  T412] bond0 (unregistering): Released all slaves
[  121.894136][ T5874] netlink: 8 bytes leftover after parsing attributes in process `syz.2.176'.
[  121.930016][ T5874] netlink: 20 bytes leftover after parsing attributes in process `syz.2.176'.
[  121.962853][   T51] usb 1-1: new high-speed USB device number 15 using dummy_hcd
[  122.015136][   T51] usb 1-1: Using ep0 maxpacket: 32
[  122.031840][ T5882] netlink: 'syz.1.178': attribute type 29 has an invalid length.
[  122.063124][   T51] usb 1-1: no configurations
[  122.067790][   T51] usb 1-1: can't read configurations, error -22
[  122.090247][ T5883] netlink: 'syz.1.178': attribute type 29 has an invalid length.
[  122.114604][ T5884] netlink: 'syz.1.178': attribute type 29 has an invalid length.
[  122.238758][   T51] usb 1-1: new high-speed USB device number 16 using dummy_hcd
[  122.260761][ T5236] Bluetooth: hci0: command tx timeout
[  122.283844][ T3130] usb 4-1: USB disconnect, device number 10
[  122.303566][   T51] usb 1-1: Using ep0 maxpacket: 32
[  122.310555][   T51] usb 1-1: no configurations
[  122.315411][   T51] usb 1-1: can't read configurations, error -22
[  122.323812][   T51] usb usb1-port1: unable to enumerate USB device
[  122.465375][ T5885] netlink: 'syz.1.178': attribute type 29 has an invalid length.
[  122.637468][ T5906] misc userio: The device must be registered before sending interrupts
[  122.984510][  T412] hsr_slave_0: left promiscuous mode
[  123.005226][  T412] hsr_slave_1: left promiscuous mode
[  123.017198][  T412] batman_adv: batadv0: Interface deactivated: batadv_slave_0
[  123.031314][  T412] batman_adv: batadv0: Removing interface: batadv_slave_0
[  123.045631][  T412] batman_adv: batadv0: Interface deactivated: batadv_slave_1
[  123.057194][  T412] batman_adv: batadv0: Removing interface: batadv_slave_1
[  123.157909][  T412] veth1_macvtap: left promiscuous mode
[  123.181677][  T412] veth0_macvtap: left promiscuous mode
[  123.216193][  T412] veth1_vlan: left promiscuous mode
[  123.229154][  T412] veth0_vlan: left promiscuous mode
[  123.541369][   T51] usb 2-1: new high-speed USB device number 13 using dummy_hcd
[  123.701485][   T51] usb 2-1: config 36 has an invalid descriptor of length 0, skipping remainder of the config
[  123.731070][   T51] usb 2-1: config 36 interface 0 altsetting 0 has 0 endpoint descriptors, different from the interface descriptor's value: 1
[  123.763257][   T51] usb 2-1: New USB device found, idVendor=6993, idProduct=b001, bcdDevice=3d.29
[  123.804045][   T51] usb 2-1: New USB device strings: Mfr=244, Product=0, SerialNumber=16
[  123.814815][   T51] usb 2-1: Manufacturer: syz
[  123.821026][   T51] usb 2-1: SerialNumber: syz
[  124.019755][ T5281] usb 3-1: new full-speed USB device number 19 using dummy_hcd
[  124.224426][ T5281] usb 3-1: New USB device found, idVendor=06be, idProduct=a232, bcdDevice=33.f3
[  124.240500][ T5281] usb 3-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  124.256548][ T5281] usb 3-1: Product: syz
[  124.262574][ T5281] usb 3-1: Manufacturer: syz
[  124.267517][ T5281] usb 3-1: SerialNumber: syz
[  124.288092][ T5281] usb 3-1: config 0 descriptor??
[  124.345649][ T5236] Bluetooth: hci0: command tx timeout
[  124.482302][  T412] team0 (unregistering): Port device team_slave_1 removed
[  124.590455][  T412] team0 (unregistering): Port device team_slave_0 removed
[  124.764114][ T5927] fuse: Unknown parameter 'fd0xffffffffffffffff'
[  125.050835][ T5281] dvb_usb_dtv5100 3-1:0.0: probe with driver dvb_usb_dtv5100 failed with error -110
[  125.769965][ T5868] chnl_net:caif_netlink_parms(): no params data found
[  126.152774][ T5868] bridge0: port 1(bridge_slave_0) entered blocking state
[  126.206501][ T5868] bridge0: port 1(bridge_slave_0) entered disabled state
[  126.296789][ T5868] bridge_slave_0: entered allmulticast mode
[  126.368856][ T5868] bridge_slave_0: entered promiscuous mode
[  126.419171][ T5236] Bluetooth: hci0: command tx timeout
[  126.623531][   T51] usbhid 2-1:36.0: couldn't find an input interrupt endpoint
[  126.644465][ T5868] bridge0: port 2(bridge_slave_1) entered blocking state
[  126.680759][ T5868] bridge0: port 2(bridge_slave_1) entered disabled state
[  126.683289][   T51] usb 2-1: USB disconnect, device number 13
[  126.727450][ T5868] bridge_slave_1: entered allmulticast mode
[  126.746411][ T5281] usb 3-1: USB disconnect, device number 19
[  126.777723][ T5868] bridge_slave_1: entered promiscuous mode
[  127.041075][ T5868] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link
[  127.105957][ T5868] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link
[  127.232072][ T5281] usb 2-1: new high-speed USB device number 14 using dummy_hcd
[  127.261753][ T5868] team0: Port device team_slave_0 added
[  127.297996][ T5868] team0: Port device team_slave_1 added
[  127.431387][ T5281] usb 2-1: Using ep0 maxpacket: 8
[  127.462307][ T5281] usb 2-1: config 1 has an invalid interface number: 128 but max is 1
[  127.494696][ T5868] batman_adv: batadv0: Adding interface: batadv_slave_0
[  127.501750][ T5971] FAULT_INJECTION: forcing a failure.
[  127.501750][ T5971] name fail_usercopy, interval 1, probability 0, space 0, times 0
[  127.501791][ T5971] CPU: 1 UID: 0 PID: 5971 Comm: syz.2.193 Not tainted 6.11.0-syzkaller-08833-gde5cb0dcb74c #0
[  127.501818][ T5971] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 08/06/2024
[  127.501843][ T5971] Call Trace:
[  127.501853][ T5971]  <TASK>
[  127.501863][ T5971]  dump_stack_lvl+0x241/0x360
[  127.501903][ T5971]  ? __pfx_dump_stack_lvl+0x10/0x10
[  127.501934][ T5971]  ? __pfx__printk+0x10/0x10
[  127.501969][ T5971]  ? snprintf+0xda/0x120
[  127.559458][ T5868] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[  127.560699][ T5971]  should_fail_ex+0x3b0/0x4e0
[  127.591389][ T5971]  _copy_to_user+0x2f/0xb0
[  127.595967][ T5971]  simple_read_from_buffer+0xca/0x150
[  127.601606][ T5971]  proc_fail_nth_read+0x1e9/0x250
[  127.606721][ T5971]  ? __pfx_proc_fail_nth_read+0x10/0x10
[  127.612333][ T5971]  ? rw_verify_area+0x55e/0x6f0
[  127.617266][ T5971]  ? __pfx_proc_fail_nth_read+0x10/0x10
[  127.620755][ T5868] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active
[  127.622963][ T5971]  vfs_read+0x201/0xbc0
[  127.637802][ T5971]  ? __pfx_lock_release+0x10/0x10
[  127.642930][ T5971]  ? __pfx_tun_chr_write_iter+0x10/0x10
[  127.648556][ T5971]  ? __pfx_vfs_read+0x10/0x10
[  127.650590][ T5868] batman_adv: batadv0: Adding interface: batadv_slave_1
[  127.653268][ T5971]  ? __fget_files+0x3f3/0x470
[  127.653310][ T5971]  ? __fdget_pos+0x24e/0x320
[  127.669586][ T5971]  ksys_read+0x1a0/0x2c0
[  127.670697][ T5868] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[  127.674062][ T5971]  ? __pfx_ksys_read+0x10/0x10
[  127.704868][ T5971]  ? do_syscall_64+0x100/0x230
[  127.709724][ T5971]  ? do_syscall_64+0xb6/0x230
[  127.714517][ T5971]  do_syscall_64+0xf3/0x230
[  127.719096][ T5971]  ? clear_bhb_loop+0x35/0x90
[  127.723859][ T5971]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  127.725441][ T5868] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active
[  127.729797][ T5971] RIP: 0033:0x7fcdd8f7c93c
[  127.729839][ T5971] Code: ec 28 48 89 54 24 18 48 89 74 24 10 89 7c 24 08 e8 69 8e 02 00 48 8b 54 24 18 48 8b 74 24 10 41 89 c0 8b 7c 24 08 31 c0 0f 05 <48> 3d 00 f0 ff ff 77 34 44 89 c7 48 89 44 24 08 e8 bf 8e 02 00 48
[  127.729857][ T5971] RSP: 002b:00007fcdd9d95030 EFLAGS: 00000246 ORIG_RAX: 0000000000000000
[  127.729882][ T5971] RAX: ffffffffffffffda RBX: 00007fcdd9135f80 RCX: 00007fcdd8f7c93c
[  127.729899][ T5971] RDX: 000000000000000f RSI: 00007fcdd9d950a0 RDI: 0000000000000003
[  127.729913][ T5971] RBP: 00007fcdd9d95090 R08: 0000000000000000 R09: 0000000000000000
[  127.729929][ T5971] R10: 0000000000000046 R11: 0000000000000246 R12: 0000000000000001
[  127.729943][ T5971] R13: 0000000000000001 R14: 00007fcdd9135f80 R15: 00007fcdd925fa28
[  127.729971][ T5971]  </TASK>
[  127.742003][ T5281] usb 2-1: config 1 has an invalid descriptor of length 0, skipping remainder of the config
[  127.742034][ T5281] usb 2-1: config 1 has 1 interface, different from the descriptor's value: 2
[  127.742060][ T5281] usb 2-1: config 1 has no interface number 0
[  127.849835][ T5281] usb 2-1: config 1 interface 128 altsetting 0 has 0 endpoint descriptors, different from the interface descriptor's value: 1
[  127.871891][ T5281] usb 2-1: New USB device found, idVendor=0525, idProduct=a4a1, bcdDevice= 0.40
[  127.881497][ T5281] usb 2-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  127.889624][ T5281] usb 2-1: Product: syz
[  127.895854][ T5281] usb 2-1: Manufacturer: syz
[  127.900817][ T5281] usb 2-1: SerialNumber: syz
[  127.922934][ T5281] cdc_wdm 2-1:1.128: skipping garbage
[  127.928842][ T5281] cdc_wdm 2-1:1.128: probe with driver cdc_wdm failed with error -22
[  127.975576][ T5975] FAULT_INJECTION: forcing a failure.
[  127.975576][ T5975] name failslab, interval 1, probability 0, space 0, times 0
[  127.990254][ T5975] CPU: 1 UID: 0 PID: 5975 Comm: syz.2.195 Not tainted 6.11.0-syzkaller-08833-gde5cb0dcb74c #0
[  128.000730][ T5975] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 08/06/2024
[  128.010829][ T5975] Call Trace:
[  128.014149][ T5975]  <TASK>
[  128.017201][ T5975]  dump_stack_lvl+0x241/0x360
[  128.021934][ T5975]  ? __pfx_dump_stack_lvl+0x10/0x10
[  128.027280][ T5975]  ? __pfx__printk+0x10/0x10
[  128.031933][ T5975]  ? fs_reclaim_acquire+0x93/0x140
[  128.037111][ T5975]  ? __pfx___might_resched+0x10/0x10
[  128.042582][ T5975]  should_fail_ex+0x3b0/0x4e0
[  128.047351][ T5975]  ? tomoyo_encode+0x26f/0x540
[  128.052272][ T5975]  should_failslab+0xac/0x100
[  128.057091][ T5975]  ? tomoyo_encode+0x26f/0x540
[  128.061885][ T5975]  __kmalloc_noprof+0xd8/0x400
[  128.066681][ T5975]  tomoyo_encode+0x26f/0x540
[  128.071298][ T5975]  tomoyo_realpath_from_path+0x59e/0x5e0
[  128.076959][ T5975]  tomoyo_path_number_perm+0x23a/0x880
[  128.082443][ T5975]  ? tomoyo_path_number_perm+0x208/0x880
[  128.088091][ T5975]  ? __pfx_tomoyo_path_number_perm+0x10/0x10
[  128.094111][ T5975]  ? __fget_files+0x29/0x470
[  128.098724][ T5975]  ? __fget_files+0x3f3/0x470
[  128.103436][ T5975]  security_file_ioctl+0xc6/0x2a0
[  128.108558][ T5975]  __se_sys_ioctl+0x47/0x170
[  128.113180][ T5975]  do_syscall_64+0xf3/0x230
[  128.117700][ T5975]  ? clear_bhb_loop+0x35/0x90
[  128.122397][ T5975]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  128.128304][ T5975] RIP: 0033:0x7fcdd8f7def9
[  128.132736][ T5975] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[  128.152354][ T5975] RSP: 002b:00007fcdd9d95038 EFLAGS: 00000246 ORIG_RAX: 0000000000000010
[  128.160885][ T5975] RAX: ffffffffffffffda RBX: 00007fcdd9135f80 RCX: 00007fcdd8f7def9
[  128.168869][ T5975] RDX: 00000000200000c0 RSI: 0000000000005405 RDI: 0000000000000003
[  128.176855][ T5975] RBP: 00007fcdd9d95090 R08: 0000000000000000 R09: 0000000000000000
[  128.184871][ T5975] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[  128.192856][ T5975] R13: 0000000000000000 R14: 00007fcdd9135f80 R15: 00007fcdd925fa28
[  128.200855][ T5975]  </TASK>
[  128.219286][ T5975] ERROR: Out of memory at tomoyo_realpath_from_path.
[  128.366921][ T5959] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy
[  128.378955][ T5280] usb 1-1: new full-speed USB device number 17 using dummy_hcd
[  128.430219][ T5959] misc raw-gadget: fail, usb_gadget_register_driver returned -16
[  128.496982][ T5868] hsr_slave_0: entered promiscuous mode
[  128.500096][ T5236] Bluetooth: hci0: command tx timeout
[  128.509935][ T5868] hsr_slave_1: entered promiscuous mode
[  128.516068][ T5868] debugfs: Directory 'hsr0' with parent 'hsr' already present!
[  128.525111][ T5868] Cannot create hsr debugfs directory
[  128.649395][ T5280] usb 1-1: New USB device found, idVendor=06be, idProduct=a232, bcdDevice=33.f3
[  128.659794][ T5280] usb 1-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  128.668444][ T5280] usb 1-1: Product: syz
[  128.672899][ T5280] usb 1-1: Manufacturer: syz
[  128.677634][ T5280] usb 1-1: SerialNumber: syz
[  128.731340][ T5280] usb 1-1: config 0 descriptor??
[  129.185985][ T5973] fuse: Unknown parameter 'fd0xffffffffffffffff'
[  129.288786][ T1179] usb 3-1: new high-speed USB device number 20 using dummy_hcd
[  129.448980][ T1179] usb 3-1: config 36 has an invalid descriptor of length 0, skipping remainder of the config
[  129.463697][ T1179] usb 3-1: config 36 interface 0 altsetting 0 has 0 endpoint descriptors, different from the interface descriptor's value: 1
[  129.483340][ T1179] usb 3-1: New USB device found, idVendor=6993, idProduct=b001, bcdDevice=3d.29
[  129.493223][ T1179] usb 3-1: New USB device strings: Mfr=244, Product=0, SerialNumber=16
[  129.509414][ T5280] dvb_usb_dtv5100 1-1:0.0: probe with driver dvb_usb_dtv5100 failed with error -110
[  129.550795][ T1179] usb 3-1: Manufacturer: syz
[  129.575469][ T1179] usb 3-1: SerialNumber: syz
[  129.671994][ T5868] netdevsim netdevsim4 netdevsim0: renamed from eth0
[  129.740486][ T5868] netdevsim netdevsim4 netdevsim1: renamed from eth1
[  129.772271][ T5868] netdevsim netdevsim4 netdevsim2: renamed from eth2
[  129.798164][ T5868] netdevsim netdevsim4 netdevsim3: renamed from eth3
[  129.952781][ T5283] usb 2-1: USB disconnect, device number 14
[  130.049203][ T5281] usb 4-1: new full-speed USB device number 11 using dummy_hcd
[  130.136565][ T5868] 8021q: adding VLAN 0 to HW filter on device bond0
[  130.226869][ T5868] 8021q: adding VLAN 0 to HW filter on device team0
[  130.244958][ T5281] usb 4-1: New USB device found, idVendor=06be, idProduct=a232, bcdDevice=33.f3
[  130.269239][ T5281] usb 4-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  130.277851][ T5281] usb 4-1: Product: syz
[  130.285840][ T1046] bridge0: port 1(bridge_slave_0) entered blocking state
[  130.293083][ T1046] bridge0: port 1(bridge_slave_0) entered forwarding state
[  130.305177][ T5281] usb 4-1: Manufacturer: syz
[  130.325516][ T5281] usb 4-1: SerialNumber: syz
[  130.334523][ T5281] usb 4-1: config 0 descriptor??
[  130.376043][   T12] bridge0: port 2(bridge_slave_1) entered blocking state
[  130.383594][   T12] bridge0: port 2(bridge_slave_1) entered forwarding state
[  130.439780][ T5283] usb 2-1: new high-speed USB device number 15 using dummy_hcd
[  130.636776][ T5283] usb 2-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7
[  130.675950][ T5868] 8021q: adding VLAN 0 to HW filter on device batadv0
[  130.719887][ T5283] usb 2-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0
[  130.762287][ T5283] usb 2-1: New USB device found, idVendor=054c, idProduct=024b, bcdDevice= 0.00
[  130.781676][ T6005] fuse: Unknown parameter 'fd0xffffffffffffffff'
[  130.801720][ T5283] usb 2-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  130.828482][ T5283] usb 2-1: config 0 descriptor??
[  130.950149][ T5868] veth0_vlan: entered promiscuous mode
[  131.037032][ T5868] veth1_vlan: entered promiscuous mode
[  131.091129][ T5868] veth0_macvtap: entered promiscuous mode
[  131.106830][ T3130] usb 1-1: USB disconnect, device number 17
[  131.111028][ T5868] veth1_macvtap: entered promiscuous mode
[  131.166901][ T5868] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0
[  131.179780][ T5868] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  131.189837][ T5868] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0
[  131.201677][ T5868] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  131.211863][ T5868] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0
[  131.213285][ T6009] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy
[  131.223981][ T5868] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  131.224357][ T5868] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0
[  131.224380][ T5868] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  131.227933][ T5868] batman_adv: batadv0: Interface activated: batadv_slave_0
[  131.350464][ T5868] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1
[  131.361116][ T5868] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  131.371201][ T5868] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1
[  131.381814][ T5868] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  131.391837][ T5868] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1
[  131.402506][ T5868] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  131.412701][ T5868] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1
[  131.423283][ T5868] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  131.434661][ T5868] batman_adv: batadv0: Interface activated: batadv_slave_1
[  131.445061][ T5868] netdevsim netdevsim4 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0
[  131.454629][ T5868] netdevsim netdevsim4 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0
[  131.463468][ T5868] netdevsim netdevsim4 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0
[  131.472895][ T5868] netdevsim netdevsim4 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0
[  131.496813][ T5281] dvb_usb_dtv5100 4-1:0.0: probe with driver dvb_usb_dtv5100 failed with error -110
[  131.682859][ T6009] misc raw-gadget: fail, usb_gadget_register_driver returned -16
[  131.800582][ T6017] netlink: 24 bytes leftover after parsing attributes in process `syz.0.201'.
[  131.927710][   T11] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[  131.960516][   T11] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50
[  132.020957][ T5283] usbhid 2-1:0.0: can't add hid device: -71
[  132.032861][ T1179] usbhid 3-1:36.0: couldn't find an input interrupt endpoint
[  132.072456][ T5283] usbhid 2-1:0.0: probe with driver usbhid failed with error -71
[  132.097086][ T1179] usb 3-1: USB disconnect, device number 20
[  132.125535][ T5283] usb 2-1: USB disconnect, device number 15
[  132.135281][ T1046] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[  132.204858][ T1046] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50
[  132.545215][ T6037] A link change request failed with some changes committed already. Interface bridge_slave_1 may have been left with an inconsistent configuration, please check.
[  132.758780][ T1179] usb 5-1: new high-speed USB device number 12 using dummy_hcd
[  132.811016][   T25] usb 4-1: USB disconnect, device number 11
[  132.820828][ T6042] netlink: 'syz.1.205': attribute type 29 has an invalid length.
[  132.888087][ T6042] netlink: 'syz.1.205': attribute type 29 has an invalid length.
[  132.908287][ T6042] netlink: 'syz.1.205': attribute type 29 has an invalid length.
[  132.917016][ T5280] IPVS: starting estimator thread 0...
[  132.944411][ T1179] usb 5-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7
[  132.976237][ T1179] usb 5-1: config 0 interface 0 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 21
[  133.025505][ T6053] netlink: 112 bytes leftover after parsing attributes in process `syz.3.208'.
[  133.034858][ T1179] usb 5-1: New USB device found, idVendor=047f, idProduct=ffff, bcdDevice= 0.00
[  133.049829][ T6048] IPVS: using max 21 ests per chain, 50400 per kthread
[  133.067430][ T1179] usb 5-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  133.142622][ T1268] ieee802154 phy0 wpan0: encryption failed: -22
[  133.149278][ T1268] ieee802154 phy1 wpan1: encryption failed: -22
[  133.193800][ T1179] usb 5-1: config 0 descriptor??
[  133.287811][ T6065] netlink: 'syz.1.205': attribute type 1 has an invalid length.
[  133.307612][ T6065] netlink: 40 bytes leftover after parsing attributes in process `syz.1.205'.
[  133.319954][ T5283] usb 3-1: new high-speed USB device number 21 using dummy_hcd
[  133.341074][ T6066] netlink: 'syz.1.205': attribute type 29 has an invalid length.
[  133.493634][ T5283] usb 3-1: Using ep0 maxpacket: 32
[  133.514669][ T6070] FAULT_INJECTION: forcing a failure.
[  133.514669][ T6070] name fail_usercopy, interval 1, probability 0, space 0, times 0
[  133.547009][ T6070] CPU: 0 UID: 0 PID: 6070 Comm: syz.3.211 Not tainted 6.11.0-syzkaller-08833-gde5cb0dcb74c #0
[  133.548359][ T5283] usb 3-1: config 0 has an invalid interface number: 202 but max is 0
[  133.557740][ T6070] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 08/06/2024
[  133.557763][ T6070] Call Trace:
[  133.557773][ T6070]  <TASK>
[  133.557783][ T6070]  dump_stack_lvl+0x241/0x360
[  133.557822][ T6070]  ? __pfx_dump_stack_lvl+0x10/0x10
[  133.557852][ T6070]  ? __pfx__printk+0x10/0x10
[  133.557881][ T6070]  ? __pfx_lock_release+0x10/0x10
[  133.557922][ T6070]  should_fail_ex+0x3b0/0x4e0
[  133.557960][ T6070]  _copy_to_iter+0x1ed/0x1d60
[  133.557999][ T6070]  ? __pfx__copy_to_iter+0x10/0x10
[  133.588550][ T5283] usb 3-1: config 0 has no interface number 0
[  133.592449][ T6070]  ? __pfx_aa_file_perm+0x10/0x10
[  133.597110][ T5283] usb 3-1: config 0 interface 202 altsetting 0 endpoint 0x2 has invalid wMaxPacketSize 0
[  133.602118][ T6070]  get_random_bytes_user+0x1e5/0x420
[  133.602165][ T6070]  ? __pfx_get_random_bytes_user+0x10/0x10
[  133.602196][ T6070]  ? end_current_label_crit_section+0x151/0x180
[  133.602239][ T6070]  vfs_read+0x9bb/0xbc0
[  133.602272][ T6070]  ? __pfx_lock_release+0x10/0x10
[  133.602318][ T6070]  ? __pfx_vfs_read+0x10/0x10
[  133.602362][ T6070]  ? __fdget_pos+0x19a/0x320
[  133.602389][ T6070]  ksys_read+0x1a0/0x2c0
[  133.602426][ T6070]  ? __pfx_ksys_read+0x10/0x10
[  133.602459][ T6070]  ? do_syscall_64+0x100/0x230
[  133.602491][ T6070]  ? do_syscall_64+0xb6/0x230
[  133.602524][ T6070]  do_syscall_64+0xf3/0x230
[  133.602554][ T6070]  ? clear_bhb_loop+0x35/0x90
[  133.602586][ T6070]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  133.602614][ T6070] RIP: 0033:0x7fb91e37def9
[  133.602636][ T6070] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[  133.602656][ T6070] RSP: 002b:00007fb91f1ba038 EFLAGS: 00000246 ORIG_RAX: 0000000000000000
[  133.602683][ T6070] RAX: ffffffffffffffda RBX: 00007fb91e535f80 RCX: 00007fb91e37def9
[  133.602701][ T6070] RDX: 0000000000002000 RSI: 0000000020000000 RDI: 0000000000000003
[  133.602716][ T6070] RBP: 00007fb91f1ba090 R08: 0000000000000000 R09: 0000000000000000
[  133.602732][ T6070] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000002
[  133.602745][ T6070] R13: 0000000000000000 R14: 00007fb91e535f80 R15: 00007fb91e65fa28
[  133.602777][ T6070]  </TASK>
[  133.811747][ T1179] plantronics 0003:047F:FFFF.0006: unknown main item tag 0x0
[  133.833944][ T1179] plantronics 0003:047F:FFFF.0006: unknown main item tag 0x0
[  133.848758][ T1179] plantronics 0003:047F:FFFF.0006: unknown main item tag 0x0
[  133.856927][ T1179] plantronics 0003:047F:FFFF.0006: No inputs registered, leaving
[  133.913200][ T3130] usb 2-1: new high-speed USB device number 16 using dummy_hcd
[  133.962027][ T1179] plantronics 0003:047F:FFFF.0006: hiddev0,hidraw0: USB HID v0.40 Device [HID 047f:ffff] on usb-dummy_hcd.4-1/input0
[  133.979138][ T1179] usb 5-1: USB disconnect, device number 12
[  134.029521][ T5283] usb 3-1: New USB device found, idVendor=13b1, idProduct=0042, bcdDevice=58.16
[  134.040842][ T5283] usb 3-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  134.050345][ T5283] usb 3-1: Product: syz
[  134.055019][ T5283] usb 3-1: Manufacturer: syz
[  134.060467][ T5283] usb 3-1: SerialNumber: syz
[  134.069657][ T5280] usb 1-1: new high-speed USB device number 18 using dummy_hcd
[  134.076319][ T5283] usb 3-1: config 0 descriptor??
[  134.100490][ T3130] usb 2-1: too many endpoints for config 0 interface 0 altsetting 0: 33, using maximum allowed: 30
[  134.128881][ T3130] usb 2-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7
[  134.140673][ T3130] usb 2-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0
[  134.150606][ T3130] usb 2-1: config 0 interface 0 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 33
[  134.163971][ T3130] usb 2-1: New USB device found, idVendor=0458, idProduct=5015, bcdDevice= 0.00
[  134.173272][ T3130] usb 2-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  134.205067][ T3130] usb 2-1: config 0 descriptor??
[  134.289593][ T5283] usb 3-1: Warning: ath10k USB support is incomplete, don't expect anything to work!
[  134.309579][ T5280] usb 1-1: config 36 has an invalid descriptor of length 0, skipping remainder of the config
[  134.323099][ T5280] usb 1-1: config 36 interface 0 altsetting 0 has 0 endpoint descriptors, different from the interface descriptor's value: 1
[  134.346944][ T5280] usb 1-1: New USB device found, idVendor=6993, idProduct=b001, bcdDevice=3d.29
[  134.358365][ T5280] usb 1-1: New USB device strings: Mfr=244, Product=0, SerialNumber=16
[  134.367591][ T5280] usb 1-1: Manufacturer: syz
[  134.377295][ T5280] usb 1-1: SerialNumber: syz
[  134.616551][ T3130] kye 0003:0458:5015.0007: tablet report size too small, or kye_tablet_rdesc unexpectedly large
[  134.685782][ T3130] kye 0003:0458:5015.0007: unknown main item tag 0x0
[  134.783373][ T3130] kye 0003:0458:5015.0007: unknown main item tag 0x0
[  134.823281][ T6074] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy
[  134.844362][ T3130] kye 0003:0458:5015.0007: unknown main item tag 0x0
[  134.906844][ T6098] veth1_macvtap: left promiscuous mode
[  134.918238][ T6074] misc raw-gadget: fail, usb_gadget_register_driver returned -16
[  134.929899][ T3130] kye 0003:0458:5015.0007: unknown main item tag 0x0
[  135.017799][ T6099] veth1_macvtap: entered promiscuous mode
[  135.041950][ T3130] kye 0003:0458:5015.0007: unknown main item tag 0x0
[  135.067758][ T6099] macsec0: entered allmulticast mode
[  135.084746][ T3130] kye 0003:0458:5015.0007: unknown main item tag 0x0
[  135.107255][ T3130] kye 0003:0458:5015.0007: item fetching failed at offset 6/7
[  135.126950][ T6099] veth1_macvtap: entered allmulticast mode
[  135.191626][ T3130] kye 0003:0458:5015.0007: parse failed
[  135.237933][ T3130] kye 0003:0458:5015.0007: probe with driver kye failed with error -22
[  135.314887][ T3130] usb 2-1: USB disconnect, device number 16
[  135.389972][ T1046] usb 3-1: Failed to submit usb control message: -110
[  135.457271][ T1046] usb 3-1: unable to send the bmi data to the device: -110
[  135.502918][ T1046] usb 3-1: unable to get target info from device
[  135.560828][ T1046] usb 3-1: could not get target info (-110)
[  135.598103][ T1046] usb 3-1: could not probe fw (-110)
[  136.058784][ T5283] usb 4-1: new full-speed USB device number 12 using dummy_hcd
[  136.225479][ T5283] usb 4-1: New USB device found, idVendor=06be, idProduct=a232, bcdDevice=33.f3
[  136.267479][ T5283] usb 4-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  136.305120][ T5283] usb 4-1: Product: syz
[  136.324347][ T5283] usb 4-1: Manufacturer: syz
[  136.363496][ T5283] usb 4-1: SerialNumber: syz
[  136.425133][ T5283] usb 4-1: config 0 descriptor??
[  136.727074][ T5280] usbhid 1-1:36.0: couldn't find an input interrupt endpoint
[  136.784311][ T5280] usb 1-1: USB disconnect, device number 18
[  136.863138][ T6118] fuse: Unknown parameter 'fd0xffffffffffffffff'
[  137.066349][ T5282] usb 3-1: USB disconnect, device number 21
[  137.175836][ T5283] dvb_usb_dtv5100 4-1:0.0: probe with driver dvb_usb_dtv5100 failed with error -110
[  137.598828][ T5282] usb 3-1: new high-speed USB device number 22 using dummy_hcd
[  137.758849][ T5282] usb 3-1: Using ep0 maxpacket: 32
[  137.781243][ T5282] usb 3-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7
[  137.838970][ T5282] usb 3-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0
[  137.882909][ T5282] usb 3-1: New USB device found, idVendor=046d, idProduct=c31c, bcdDevice= 0.40
[  137.921735][ T5282] usb 3-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  137.954887][ T5282] usb 3-1: config 0 descriptor??
[  137.996484][ T5282] hub 3-1:0.0: USB hub found
[  138.053097][ T6137] raw_sendmsg: syz.4.223 forgot to set AF_INET. Fix it!
[  138.206177][ T5282] hub 3-1:0.0: 1 port detected
[  138.378995][ T5283] usb 5-1: new high-speed USB device number 13 using dummy_hcd
[  138.408077][ T5282] hub 3-1:0.0: hub_hub_status failed (err = -71)
[  138.420951][ T6171] netlink: 4 bytes leftover after parsing attributes in process `syz.0.229'.
[  138.434922][ T5282] hub 3-1:0.0: config failed, can't get hub status (err -71)
[  138.460369][ T5282] usbhid 3-1:0.0: can't add hid device: -71
[  138.477793][ T5282] usbhid 3-1:0.0: probe with driver usbhid failed with error -71
[  138.546100][ T5282] usb 3-1: USB disconnect, device number 22
[  138.578837][ T5283] usb 5-1: Using ep0 maxpacket: 8
[  138.590737][ T5283] usb 5-1: config 0 interface 0 altsetting 0 has an invalid descriptor for endpoint zero, skipping
[  138.643602][ T5283] usb 5-1: config 0 interface 0 altsetting 0 has an invalid endpoint descriptor of length 6, skipping
[  138.689654][ T5280] usb 4-1: USB disconnect, device number 12
[  138.694902][ T5283] usb 5-1: config 0 interface 0 altsetting 0 has 2 endpoint descriptors, different from the interface descriptor's value: 1
[  138.754080][ T5283] usb 5-1: New USB device found, idVendor=0471, idProduct=0311, bcdDevice=81.d5
[  138.786077][ T5283] usb 5-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  138.815911][ T5283] usb 5-1: Product: syz
[  138.844153][ T5283] usb 5-1: Manufacturer: syz
[  138.859263][ T5283] usb 5-1: SerialNumber: syz
[  138.886185][ T5283] usb 5-1: config 0 descriptor??
[  138.920531][ T5283] pwc: Philips PCVC740K (ToUCam Pro)/PCVC840 (ToUCam II) USB webcam detected.
[  139.239176][ T6189] syz.3.232 uses obsolete (PF_INET,SOCK_PACKET)
[  139.323219][ T5283] pwc: Failed to set LED on/off time (-71)
[  139.353581][ T5283] pwc: send_video_command error -71
[  139.374914][ T5283] pwc: Failed to set video mode VGA@30 fps; return code = -71
[  139.403802][ T5283] Philips webcam 5-1:0.0: probe with driver Philips webcam failed with error -71
[  139.458253][   T52] Ignoring NSS change in VHT Operating Mode Notification from 08:02:11:00:00:00 with invalid nss 2
[  139.465352][ T5283] usb 5-1: USB disconnect, device number 13
[  139.590463][ T6199] netlink: 'syz.3.235': attribute type 1 has an invalid length.
[  139.598177][ T6199] netlink: 168864 bytes leftover after parsing attributes in process `syz.3.235'.
[  139.679083][ T6199] netlink: 1 bytes leftover after parsing attributes in process `syz.3.235'.
[  139.970345][ T5283] usb 2-1: new high-speed USB device number 17 using dummy_hcd
[  140.026665][    T9] usb 3-1: new high-speed USB device number 23 using dummy_hcd
[  140.131006][ T5283] usb 2-1: config 36 has an invalid descriptor of length 0, skipping remainder of the config
[  140.177067][ T5283] usb 2-1: config 36 interface 0 altsetting 0 has 0 endpoint descriptors, different from the interface descriptor's value: 1
[  140.221316][    T9] usb 3-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7
[  140.233125][    T9] usb 3-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0
[  140.244580][    T9] usb 3-1: config 0 interface 0 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 2
[  140.261638][    T9] usb 3-1: New USB device found, idVendor=046d, idProduct=c262, bcdDevice= 0.00
[  140.274459][    T9] usb 3-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  140.314447][ T5283] usb 2-1: New USB device found, idVendor=6993, idProduct=b001, bcdDevice=3d.29
[  140.355403][ T5283] usb 2-1: New USB device strings: Mfr=244, Product=0, SerialNumber=16
[  140.358045][    T9] usb 3-1: config 0 descriptor??
[  140.384531][ T5283] usb 2-1: Manufacturer: syz
[  140.397583][ T5283] usb 2-1: SerialNumber: syz
[  140.763943][ T6221] mmap: syz.4.240 (6221) uses deprecated remap_file_pages() syscall. See Documentation/mm/remap_file_pages.rst.
[  140.937323][ T6206] kvm: kvm [6205]: vcpu0, guest rIP: 0x18e Unhandled WRMSR(0xc2) = 0x580
[  140.961797][ T6206] kvm: kvm [6205]: vcpu0, guest rIP: 0x1be Unhandled WRMSR(0xc2) = 0x4000
[  141.161067][    T9] logitech-hidpp-device 0003:046D:C262.0008: collection stack underflow
[  141.174457][    T9] logitech-hidpp-device 0003:046D:C262.0008: item 0 2 0 12 parsing failed
[  141.201750][    T9] logitech-hidpp-device 0003:046D:C262.0008: hidpp_probe:parse failed
[  141.226761][    T9] logitech-hidpp-device 0003:046D:C262.0008: probe with driver logitech-hidpp-device failed with error -22
[  141.439677][ T1179] usb 1-1: new full-speed USB device number 19 using dummy_hcd
[  141.558768][ T3130] usb 4-1: new full-speed USB device number 13 using dummy_hcd
[  141.633019][ T1179] usb 1-1: New USB device found, idVendor=06be, idProduct=a232, bcdDevice=33.f3
[  141.650517][ T1179] usb 1-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  141.663931][ T1179] usb 1-1: Product: syz
[  141.668487][ T1179] usb 1-1: Manufacturer: syz
[  141.678791][ T1179] usb 1-1: SerialNumber: syz
[  141.706778][ T1179] usb 1-1: config 0 descriptor??
[  141.934109][ T3130] usb 4-1: New USB device found, idVendor=06be, idProduct=a232, bcdDevice=33.f3
[  141.944583][ T3130] usb 4-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  141.953132][ T3130] usb 4-1: Product: syz
[  141.958295][ T3130] usb 4-1: Manufacturer: syz
[  141.963135][ T3130] usb 4-1: SerialNumber: syz
[  141.973163][ T3130] usb 4-1: config 0 descriptor??
[  142.141377][ T6228] fuse: Unknown parameter 'fd0xffffffffffffffff'
[  142.439561][ T1179] dvb_usb_dtv5100 1-1:0.0: probe with driver dvb_usb_dtv5100 failed with error -110
[  142.546059][ T5283] usbhid 2-1:36.0: couldn't find an input interrupt endpoint
[  142.593076][ T5283] usb 2-1: USB disconnect, device number 17
[  142.766033][ T6227] fuse: Unknown parameter 'fd0xffffffffffffffff'
[  142.924216][ T3130] dvb_usb_dtv5100 4-1:0.0: probe with driver dvb_usb_dtv5100 failed with error -110
[  142.938370][ T5283] usb 3-1: USB disconnect, device number 23
[  143.074349][ T6243] syzkaller0: entered promiscuous mode
[  143.080048][ T6243] syzkaller0: entered allmulticast mode
[  143.227729][ T1179] usb 4-1: USB disconnect, device number 13
[  143.548853][ T5283] usb 3-1: new high-speed USB device number 24 using dummy_hcd
[  143.710798][ T5283] usb 3-1: config 1 has too many interfaces: 66, using maximum allowed: 32
[  143.719951][ T5283] usb 3-1: config 1 has an invalid descriptor of length 0, skipping remainder of the config
[  143.741310][ T5283] usb 3-1: config 1 has 1 interface, different from the descriptor's value: 66
[  143.774295][ T5283] usb 3-1: config 1 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7
[  143.824627][ T5283] usb 3-1: New USB device found, idVendor=7d25, idProduct=a415, bcdDevice= 0.40
[  143.849947][ T5283] usb 3-1: New USB device strings: Mfr=1, Product=4, SerialNumber=0
[  143.891281][ T5283] usb 3-1: Product: syz
[  143.904147][ T5283] usb 3-1: Manufacturer: syz
[  143.938247][ T5283] cdc_wdm 3-1:1.0: skipping garbage
[  143.947161][ T5283] cdc_wdm 3-1:1.0: skipping garbage
[  143.971481][ T5283] cdc_wdm 3-1:1.0: cdc-wdm0: USB WDM device
[  143.978416][ T5283] cdc_wdm 3-1:1.0: Unknown control protocol
[  144.244077][    T9] usb 1-1: USB disconnect, device number 19
[  144.272274][    C0] cdc_wdm 3-1:1.0: nonzero urb status received: -71
[  144.279157][    C0] cdc_wdm 3-1:1.0: wdm_int_callback - 0 bytes
[  144.283823][ T5283] usb 3-1: USB disconnect, device number 24
[  144.285256][    C0] cdc_wdm 3-1:1.0: wdm_int_callback - usb_submit_urb failed with result -19
[  145.088727][ T5280] usb 1-1: new high-speed USB device number 20 using dummy_hcd
[  145.266197][ T5280] usb 1-1: config 36 has an invalid descriptor of length 0, skipping remainder of the config
[  145.283641][ T5280] usb 1-1: config 36 interface 0 altsetting 0 has 0 endpoint descriptors, different from the interface descriptor's value: 1
[  145.357089][ T5280] usb 1-1: New USB device found, idVendor=6993, idProduct=b001, bcdDevice=3d.29
[  145.366570][ T5280] usb 1-1: New USB device strings: Mfr=244, Product=0, SerialNumber=16
[  145.393193][ T5280] usb 1-1: Manufacturer: syz
[  145.400343][ T5280] usb 1-1: SerialNumber: syz
[  145.670897][ T5280] usbhid 1-1:36.0: couldn't find an input interrupt endpoint
[  145.697131][ T5280] usb 1-1: USB disconnect, device number 20
[  146.584244][   T29] kauditd_printk_skb: 12 callbacks suppressed
[  146.584263][   T29] audit: type=1326 audit(1727090405.653:488): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=6292 comm="syz.0.262" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f1b0b97def9 code=0x7ffc0000
[  146.615747][   T29] audit: type=1326 audit(1727090405.683:489): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=6292 comm="syz.0.262" exe="/root/syz-executor" sig=0 arch=c000003e syscall=300 compat=0 ip=0x7f1b0b97def9 code=0x7ffc0000
[  146.638148][   T29] audit: type=1326 audit(1727090405.683:490): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=6292 comm="syz.0.262" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f1b0b97def9 code=0x7ffc0000
[  146.661338][   T29] audit: type=1326 audit(1727090405.683:491): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=6292 comm="syz.0.262" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f1b0b97def9 code=0x7ffc0000
[  146.683845][   T29] audit: type=1326 audit(1727090405.683:492): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=6292 comm="syz.0.262" exe="/root/syz-executor" sig=0 arch=c000003e syscall=257 compat=0 ip=0x7f1b0b97c890 code=0x7ffc0000
[  146.706329][   T29] audit: type=1326 audit(1727090405.683:493): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=6292 comm="syz.0.262" exe="/root/syz-executor" sig=0 arch=c000003e syscall=16 compat=0 ip=0x7f1b0b97dafb code=0x7ffc0000
[  146.730843][   T29] audit: type=1326 audit(1727090405.683:494): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=6292 comm="syz.0.262" exe="/root/syz-executor" sig=0 arch=c000003e syscall=16 compat=0 ip=0x7f1b0b97dafb code=0x7ffc0000
[  146.753312][   T29] audit: type=1326 audit(1727090405.713:495): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=6292 comm="syz.0.262" exe="/root/syz-executor" sig=0 arch=c000003e syscall=16 compat=0 ip=0x7f1b0b97dafb code=0x7ffc0000
[  146.775840][   T29] audit: type=1326 audit(1727090405.713:496): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=6292 comm="syz.0.262" exe="/root/syz-executor" sig=0 arch=c000003e syscall=16 compat=0 ip=0x7f1b0b97dafb code=0x7ffc0000
[  146.798538][   T29] audit: type=1326 audit(1727090405.793:497): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=6292 comm="syz.0.262" exe="/root/syz-executor" sig=0 arch=c000003e syscall=16 compat=0 ip=0x7f1b0b97dafb code=0x7ffc0000
[  146.852925][ T5283] usb 1-1: new high-speed USB device number 21 using dummy_hcd
[  147.010906][ T5283] usb 1-1: Using ep0 maxpacket: 8
[  147.027382][ T5283] usb 1-1: config 0 interface 0 altsetting 0 has an invalid descriptor for endpoint zero, skipping
[  147.050683][ T5283] usb 1-1: New USB device found, idVendor=1b80, idProduct=d700, bcdDevice=d0.46
[  147.060181][ T5283] usb 1-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  147.069137][ T5283] usb 1-1: Product: syz
[  147.073352][ T5283] usb 1-1: Manufacturer: syz
[  147.078016][ T5283] usb 1-1: SerialNumber: syz
[  147.095897][ T5283] usb 1-1: config 0 descriptor??
[  147.109819][ T5283] radio-si470x 1-1:0.0: could not find interrupt in endpoint
[  147.130386][ T5283] radio-si470x 1-1:0.0: probe with driver radio-si470x failed with error -5
[  147.140022][ T5283] usbhid 1-1:0.0: couldn't find an input interrupt endpoint
[  147.208413][ T6253] netlink: 4 bytes leftover after parsing attributes in process `syz.3.251'.
[  147.218862][ T6274] netlink: 28 bytes leftover after parsing attributes in process `syz.2.257'.
[  147.232263][ T6284] netlink: 'syz.4.260': attribute type 29 has an invalid length.
[  147.404675][ T5280] usb 1-1: USB disconnect, device number 21
[  147.728734][ T1179] usb 4-1: new high-speed USB device number 14 using dummy_hcd
[  147.748793][ T5283] usb 3-1: new full-speed USB device number 25 using dummy_hcd
[  147.893611][ T1179] usb 4-1: config 1 has too many interfaces: 66, using maximum allowed: 32
[  147.918798][ T1179] usb 4-1: config 1 has an invalid descriptor of length 0, skipping remainder of the config
[  147.933366][ T1179] usb 4-1: config 1 has 1 interface, different from the descriptor's value: 66
[  147.946154][ T1179] usb 4-1: config 1 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7
[  147.958203][ T5283] usb 3-1: New USB device found, idVendor=06be, idProduct=a232, bcdDevice=33.f3
[  147.969276][ T5283] usb 3-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  147.978490][ T5283] usb 3-1: Product: syz
[  147.979634][ T1179] usb 4-1: New USB device found, idVendor=7d25, idProduct=a415, bcdDevice= 0.40
[  147.993924][ T5283] usb 3-1: Manufacturer: syz
[  148.007934][ T5283] usb 3-1: SerialNumber: syz
[  148.016767][ T5283] usb 3-1: config 0 descriptor??
[  148.022154][ T1179] usb 4-1: New USB device strings: Mfr=1, Product=4, SerialNumber=0
[  148.033304][ T1179] usb 4-1: Product: syz
[  148.046385][ T1179] usb 4-1: Manufacturer: syz
[  148.058728][ T5282] usb 5-1: new high-speed USB device number 14 using dummy_hcd
[  148.084524][ T1179] cdc_wdm 4-1:1.0: skipping garbage
[  148.093217][ T1179] cdc_wdm 4-1:1.0: skipping garbage
[  148.102758][ T1179] cdc_wdm 4-1:1.0: cdc-wdm0: USB WDM device
[  148.113963][ T1179] cdc_wdm 4-1:1.0: Unknown control protocol
[  148.249343][ T5282] usb 5-1: New USB device found, idVendor=1d50, idProduct=606f, bcdDevice= 0.00
[  148.259031][ T5282] usb 5-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  148.273417][ T5282] usb 5-1: config 0 descriptor??
[  148.287485][ T6296] tmpfs: Unknown parameter 'f'
[  148.370939][    C0] cdc_wdm 4-1:1.0: nonzero urb status received: -71
[  148.372417][ T1179] usb 4-1: USB disconnect, device number 14
[  148.377765][    C0] cdc_wdm 4-1:1.0: wdm_int_callback - 0 bytes
[  148.377788][    C0] cdc_wdm 4-1:1.0: wdm_int_callback - usb_submit_urb failed with result -19
[  148.504861][ T6305] fuse: Unknown parameter 'fd0xffffffffffffffff'
[  148.690429][ T5282] gs_usb 5-1:0.0: Couldn't get device config: (err=-121)
[  148.739260][ T5282] gs_usb 5-1:0.0: probe with driver gs_usb failed with error -121
[  148.783555][ T5283] dvb_usb_dtv5100 3-1:0.0: probe with driver dvb_usb_dtv5100 failed with error -110
[  148.901612][ T3130] usb 5-1: USB disconnect, device number 14
[  149.038894][ T5283] usb 2-1: new high-speed USB device number 18 using dummy_hcd
[  149.118870][    T9] usb 1-1: new high-speed USB device number 22 using dummy_hcd
[  149.211006][ T5283] usb 2-1: config 17 interface 0 altsetting 0 has an endpoint descriptor with address 0xFF, changing to 0x8F
[  149.224307][ T5283] usb 2-1: config 17 interface 0 altsetting 0 endpoint 0x8F has an invalid bInterval 0, changing to 7
[  149.237137][ T5283] usb 2-1: config 17 interface 0 altsetting 0 endpoint 0x8F has invalid maxpacket 59391, setting to 1024
[  149.251440][ T5283] usb 2-1: New USB device found, idVendor=0458, idProduct=5003, bcdDevice= 0.00
[  149.260965][ T5283] usb 2-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  149.276159][ T6318] raw-gadget.0 gadget.1: fail, usb_ep_enable returned -22
[  149.330221][    T9] usb 1-1: config 36 has an invalid descriptor of length 0, skipping remainder of the config
[  149.348692][    T9] usb 1-1: config 36 interface 0 altsetting 0 has 0 endpoint descriptors, different from the interface descriptor's value: 1
[  149.374349][    T9] usb 1-1: New USB device found, idVendor=6993, idProduct=b001, bcdDevice=3d.29
[  149.394472][    T9] usb 1-1: New USB device strings: Mfr=244, Product=0, SerialNumber=16
[  149.405286][    T9] usb 1-1: Manufacturer: syz
[  149.414751][    T9] usb 1-1: SerialNumber: syz
[  149.498373][  T412] netdevsim netdevsim3 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  149.682727][    T9] usbhid 1-1:36.0: couldn't find an input interrupt endpoint
[  149.733572][  T412] netdevsim netdevsim3 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  149.808915][    T9] usb 1-1: USB disconnect, device number 22
[  149.821172][ T5224] syz-executor (5224) used greatest stack depth: 18192 bytes left
[  149.939183][  T412] netdevsim netdevsim3 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  150.061340][  T412] netdevsim netdevsim3 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  150.295955][ T5231] Bluetooth: hci2: unexpected cc 0x0c03 length: 249 > 1
[  150.313783][ T5231] Bluetooth: hci2: unexpected cc 0x1003 length: 249 > 9
[  150.327041][ T5231] Bluetooth: hci2: unexpected cc 0x1001 length: 249 > 9
[  150.337626][ T5231] Bluetooth: hci2: unexpected cc 0x0c23 length: 249 > 4
[  150.349104][  T412] bridge_slave_1: left allmulticast mode
[  150.358714][ T5231] Bluetooth: hci2: unexpected cc 0x0c25 length: 249 > 3
[  150.368853][ T5231] Bluetooth: hci2: unexpected cc 0x0c38 length: 249 > 2
[  150.390482][  T412] bridge_slave_1: left promiscuous mode
[  150.426780][ T6332] loop0: detected capacity change from 0 to 7
[  150.449930][  T412] bridge0: port 2(bridge_slave_1) entered disabled state
[  150.472868][  T412] bridge_slave_0: left allmulticast mode
[  150.478676][  T412] bridge_slave_0: left promiscuous mode
[  150.486494][  T412] bridge0: port 1(bridge_slave_0) entered disabled state
[  150.505868][ T6332] Dev loop0: unable to read RDB block 7
[  150.513871][ T6332]  loop0: unable to read partition table
[  150.533216][ T6332] loop0: partition table beyond EOD, truncated
[  150.552930][ T6332] loop_reread_partitions: partition scan of loop0 (þ被xüŸÑø éÚ¬§½dƤ´à–ƒÝ¡¯¨�â·û
[  150.552930][ T6332] 
) failed (rc=-5)
[  150.581556][ T5282] usb 3-1: USB disconnect, device number 25
[  150.613340][ T4680] Dev loop0: unable to read RDB block 7
[  150.628450][ T4680]  loop0: unable to read partition table
[  150.646566][ T4680] loop0: partition table beyond EOD, truncated
[  150.653310][ T3130] usb 5-1: new high-speed USB device number 15 using dummy_hcd
[  150.665026][ T5283] aiptek 2-1:17.0: Aiptek using 400 ms programming speed
[  150.677062][ T5283] input: Aiptek as /devices/platform/dummy_hcd.1/usb2/2-1/2-1:17.0/input/input20
[  150.829780][ T3130] usb 5-1: Using ep0 maxpacket: 16
[  150.839284][   T25] usb 1-1: new high-speed USB device number 23 using dummy_hcd
[  150.866991][ T3130] usb 5-1: config 1 has an invalid descriptor of length 0, skipping remainder of the config
[  150.888124][ T5283] usb 2-1: USB disconnect, device number 18
[  150.893802][ T3130] usb 5-1: config 1 has 2 interfaces, different from the descriptor's value: 3
[  150.894244][    C1] aiptek 2-1:17.0: aiptek_irq - usb_submit_urb failed with result -19
[  150.937326][ T3130] usb 5-1: too many endpoints for config 1 interface 1 altsetting 128: 204, using maximum allowed: 30
[  150.977157][ T3130] usb 5-1: config 1 interface 1 altsetting 128 has 0 endpoint descriptors, different from the interface descriptor's value: 204
[  150.991047][ T3130] usb 5-1: config 1 interface 1 has no altsetting 0
[  151.017753][ T3130] usb 5-1: New USB device found, idVendor=1d6b, idProduct=0101, bcdDevice= 0.40
[  151.023677][   T25] usb 1-1: Using ep0 maxpacket: 8
[  151.030787][ T3130] usb 5-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  151.037885][   T25] usb 1-1: New USB device found, idVendor=0ccd, idProduct=00b3, bcdDevice=2d.ea
[  151.047317][ T3130] usb 5-1: Product: syz
[  151.054823][ T3130] usb 5-1: Manufacturer: syz
[  151.074094][   T25] usb 1-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  151.083068][ T3130] usb 5-1: SerialNumber: syz
[  151.084385][   T25] usb 1-1: Product: syz
[  151.109322][   T25] usb 1-1: Manufacturer: syz
[  151.136475][   T25] usb 1-1: SerialNumber: syz
[  151.161171][   T25] usb 1-1: config 0 descriptor??
[  151.321579][ T3130] usb 5-1: 0:2 : does not exist
[  151.364869][ T3130] usb 5-1: USB disconnect, device number 15
[  151.401136][   T25] usb 1-1: dvb_usb_v2: found a 'TerraTec NOXON DAB Stick' in warm state
[  151.448710][    T9] usb 3-1: new high-speed USB device number 26 using dummy_hcd
[  151.482185][ T5233] udevd[5233]: error opening ATTR{/sys/devices/platform/dummy_hcd.4/usb5/5-1/5-1:1.0/sound/card3/controlC3/../uevent} for writing: No such file or directory
[  151.665401][  T412] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface
[  151.681951][    T9] usb 3-1: Using ep0 maxpacket: 8
[  151.692697][    T9] usb 3-1: config 1 has an invalid interface number: 128 but max is 1
[  151.701751][    T9] usb 3-1: config 1 has an invalid descriptor of length 0, skipping remainder of the config
[  151.714558][    T9] usb 3-1: config 1 has 1 interface, different from the descriptor's value: 2
[  151.734927][  T412] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface
[  151.741273][    T9] usb 3-1: config 1 has no interface number 0
[  151.751469][    T9] usb 3-1: config 1 interface 128 altsetting 0 has 0 endpoint descriptors, different from the interface descriptor's value: 1
[  151.771165][    T9] usb 3-1: New USB device found, idVendor=0525, idProduct=a4a1, bcdDevice= 0.40
[  151.784971][    T9] usb 3-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  151.789354][  T412] bond0 (unregistering): Released all slaves
[  151.793956][    T9] usb 3-1: Product: syz
[  151.809562][    T9] usb 3-1: Manufacturer: syz
[  151.816371][    T9] usb 3-1: SerialNumber: syz
[  151.895835][    T9] cdc_wdm 3-1:1.128: skipping garbage
[  151.964442][    T9] cdc_wdm 3-1:1.128: probe with driver cdc_wdm failed with error -22
[  152.141492][ T6344] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy
[  152.154925][ T6344] misc raw-gadget: fail, usb_gadget_register_driver returned -16
[  152.418928][ T5231] Bluetooth: hci2: command tx timeout
[  152.575543][  T412] hsr_slave_0: left promiscuous mode
[  152.595585][  T412] hsr_slave_1: left promiscuous mode
[  152.606910][  T412] batman_adv: batadv0: Interface deactivated: batadv_slave_0
[  152.625576][  T412] batman_adv: batadv0: Removing interface: batadv_slave_0
[  152.754088][  T412] batman_adv: batadv0: Interface deactivated: batadv_slave_1
[  152.771568][  T412] batman_adv: batadv0: Removing interface: batadv_slave_1
[  152.865193][  T412] veth1_macvtap: left promiscuous mode
[  152.871569][  T412] veth0_macvtap: left promiscuous mode
[  152.913866][  T412] veth1_vlan: left promiscuous mode
[  152.920084][  T412] veth0_vlan: left promiscuous mode
[  153.063964][   T25] dvb_usb_rtl28xxu 1-1:0.0: probe with driver dvb_usb_rtl28xxu failed with error -71
[  153.128049][   T25] usb 1-1: USB disconnect, device number 23
[  153.419236][ T1179] usb 5-1: new high-speed USB device number 16 using dummy_hcd
[  153.589849][ T1179] usb 5-1: config 36 has an invalid descriptor of length 0, skipping remainder of the config
[  153.603693][ T1179] usb 5-1: config 36 interface 0 altsetting 0 has 0 endpoint descriptors, different from the interface descriptor's value: 1
[  153.663443][ T1179] usb 5-1: New USB device found, idVendor=6993, idProduct=b001, bcdDevice=3d.29
[  153.726284][ T1179] usb 5-1: New USB device strings: Mfr=244, Product=0, SerialNumber=16
[  153.754450][ T1179] usb 5-1: Manufacturer: syz
[  153.762230][ T1179] usb 5-1: SerialNumber: syz
[  154.038910][ T1179] usbhid 5-1:36.0: couldn't find an input interrupt endpoint
[  154.065261][ T1179] usb 5-1: USB disconnect, device number 16
[  154.078767][ T5283] usb 1-1: new full-speed USB device number 24 using dummy_hcd
[  154.201427][    T9] usb 3-1: USB disconnect, device number 26
[  154.273047][ T5283] usb 1-1: New USB device found, idVendor=06be, idProduct=a232, bcdDevice=33.f3
[  154.303301][ T5283] usb 1-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  154.324051][ T5283] usb 1-1: Product: syz
[  154.346950][ T5283] usb 1-1: Manufacturer: syz
[  154.354610][ T5283] usb 1-1: SerialNumber: syz
[  154.382530][ T5283] usb 1-1: config 0 descriptor??
[  154.499082][ T5231] Bluetooth: hci2: command tx timeout
[  154.529757][  T412] team0 (unregistering): Port device team_slave_1 removed
[  154.640980][  T412] team0 (unregistering): Port device team_slave_0 removed
[  154.840775][ T6381] fuse: Unknown parameter 'fd0xffffffffffffffff'
[  155.139330][ T5283] dvb_usb_dtv5100 1-1:0.0: probe with driver dvb_usb_dtv5100 failed with error -110
[  155.587268][ T6388] iommufd_mock iommufd_mock0: Adding to iommu group 0
[  155.967752][ T6397] netlink: 12 bytes leftover after parsing attributes in process `syz.2.292'.
[  156.078754][ T1179] usb 5-1: new high-speed USB device number 17 using dummy_hcd
[  156.228739][ T1179] usb 5-1: Using ep0 maxpacket: 32
[  156.255151][ T1179] usb 5-1: config 0 has an invalid interface number: 144 but max is 0
[  156.278647][ T1179] usb 5-1: config 0 has no interface number 0
[  156.302121][ T6335] chnl_net:caif_netlink_parms(): no params data found
[  156.355055][ T1179] usb 5-1: New USB device found, idVendor=0923, idProduct=010f, bcdDevice=a0.fe
[  156.364756][ T1179] usb 5-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  156.374108][ T1179] usb 5-1: Product: syz
[  156.379268][ T1179] usb 5-1: Manufacturer: syz
[  156.384631][ T1179] usb 5-1: SerialNumber: syz
[  156.396703][ T1179] usb 5-1: config 0 descriptor??
[  156.414736][ T1179] gspca_main: tv8532-2.14.0 probing 0923:010f
[  156.578764][ T5231] Bluetooth: hci2: command tx timeout
[  156.888388][    T9] usb 1-1: USB disconnect, device number 24
[  157.176318][ T6335] bridge0: port 1(bridge_slave_0) entered blocking state
[  157.183949][ T6335] bridge0: port 1(bridge_slave_0) entered disabled state
[  157.191580][ T6335] bridge_slave_0: entered allmulticast mode
[  157.202528][ T6335] bridge_slave_0: entered promiscuous mode
[  157.212991][ T6335] bridge0: port 2(bridge_slave_1) entered blocking state
[  157.221322][ T6335] bridge0: port 2(bridge_slave_1) entered disabled state
[  157.236031][ T6335] bridge_slave_1: entered allmulticast mode
[  157.245923][ T6335] bridge_slave_1: entered promiscuous mode
[  157.267981][    T9] usb 5-1: USB disconnect, device number 17
[  157.268521][  T412] IPVS: stop unused estimator thread 0...
[  157.441492][ T6335] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link
[  157.501843][ T6335] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link
[  157.518991][ T3130] usb 1-1: new full-speed USB device number 25 using dummy_hcd
[  157.586381][ T6335] team0: Port device team_slave_0 added
[  157.616710][ T6335] team0: Port device team_slave_1 added
[  157.645285][ T6422] kvm: kvm [6418]: vcpu0, guest rIP: 0x1be Unhandled WRMSR(0xc2) = 0xfe00000000
[  157.660462][ T6422] kvm: kvm [6418]: vcpu0, guest rIP: 0x1be Unhandled WRMSR(0xc2) = 0x27e00000080
[  157.691401][ T3130] usb 1-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 10
[  157.699747][ T6335] batman_adv: batadv0: Adding interface: batadv_slave_0
[  157.707591][ T6422] kvm: kvm [6418]: vcpu0, guest rIP: 0x1be Unhandled WRMSR(0x187) = 0x3ef00000000
[  157.727752][ T3130] usb 1-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0
[  157.744685][ T6335] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[  157.756159][ T3130] usb 1-1: New USB device found, idVendor=046d, idProduct=c31c, bcdDevice= 0.40
[  157.801799][ T3130] usb 1-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  157.811413][ T6335] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active
[  157.823250][ T3130] usb 1-1: config 0 descriptor??
[  157.840559][ T3130] hub 1-1:0.0: USB hub found
[  157.884173][ T6335] batman_adv: batadv0: Adding interface: batadv_slave_1
[  157.941200][ T6335] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[  158.026797][ T6335] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active
[  158.389503][ T6335] hsr_slave_0: entered promiscuous mode
[  158.413361][ T6335] hsr_slave_1: entered promiscuous mode
[  158.496386][ T6335] debugfs: Directory 'hsr0' with parent 'hsr' already present!
[  158.508678][ T6335] Cannot create hsr debugfs directory
[  158.668872][ T5231] Bluetooth: hci2: command tx timeout
[  158.989301][ T5280] usb 3-1: new high-speed USB device number 27 using dummy_hcd
[  159.217819][ T5280] usb 3-1: config 36 has an invalid descriptor of length 0, skipping remainder of the config
[  159.259601][ T5280] usb 3-1: config 36 interface 0 altsetting 0 has 0 endpoint descriptors, different from the interface descriptor's value: 1
[  159.336328][ T5280] usb 3-1: New USB device found, idVendor=6993, idProduct=b001, bcdDevice=3d.29
[  159.374528][ T5280] usb 3-1: New USB device strings: Mfr=244, Product=0, SerialNumber=16
[  159.449669][ T5280] usb 3-1: Manufacturer: syz
[  159.500399][ T5280] usb 3-1: SerialNumber: syz
[  159.776889][ T5280] usbhid 3-1:36.0: couldn't find an input interrupt endpoint
[  159.884660][ T5280] usb 3-1: USB disconnect, device number 27
[  160.295009][ T6474] loop2: detected capacity change from 0 to 7
[  160.303478][ T6474] Dev loop2: unable to read RDB block 7
[  160.324913][ T6474]  loop2: unable to read partition table
[  160.372666][ T6474] loop2: partition table beyond EOD, truncated
[  160.423046][ T6474] loop_reread_partitions: partition scan of loop2 (þ被xü—ŸÑà– ) failed (rc=-5)
[  161.013509][ T3130] hub 1-1:0.0: config failed, can't read hub descriptor (err -22)
[  161.034576][ T3130] usbhid 1-1:0.0: can't add hid device: -71
[  161.078107][ T3130] usbhid 1-1:0.0: probe with driver usbhid failed with error -71
[  161.170472][ T3130] usb 1-1: USB disconnect, device number 25
[  161.200742][ T6484] netlink: 8 bytes leftover after parsing attributes in process `syz.1.304'.
[  161.664919][ T6335] netdevsim netdevsim3 netdevsim0: renamed from eth0
[  161.820753][ T6335] netdevsim netdevsim3 netdevsim1: renamed from eth1
[  161.910347][ T6335] netdevsim netdevsim3 netdevsim2: renamed from eth2
[  161.990042][ T6335] netdevsim netdevsim3 netdevsim3: renamed from eth3
[  162.203951][ T6515] loop2: detected capacity change from 0 to 7
[  162.222955][ T6515] Dev loop2: unable to read RDB block 7
[  162.223074][ T6515]  loop2: unable to read partition table
[  162.223333][ T6515] loop2: partition table beyond EOD, truncated
[  162.223358][ T6515] loop_reread_partitions: partition scan of loop2 (þ被xü—ŸÑà– ) failed (rc=-5)
[  162.269565][ T1179] usb 5-1: new high-speed USB device number 18 using dummy_hcd
[  162.424003][ T1179] usb 5-1: config 36 has an invalid descriptor of length 0, skipping remainder of the config
[  162.424079][ T1179] usb 5-1: config 36 interface 0 altsetting 0 has 0 endpoint descriptors, different from the interface descriptor's value: 1
[  162.433382][ T1179] usb 5-1: New USB device found, idVendor=6993, idProduct=b001, bcdDevice=3d.29
[  162.433454][ T1179] usb 5-1: New USB device strings: Mfr=244, Product=0, SerialNumber=16
[  162.433504][ T1179] usb 5-1: Manufacturer: syz
[  162.433524][ T1179] usb 5-1: SerialNumber: syz
[  162.611310][ T6335] 8021q: adding VLAN 0 to HW filter on device bond0
[  162.706560][ T6335] 8021q: adding VLAN 0 to HW filter on device team0
[  162.738139][   T12] bridge0: port 1(bridge_slave_0) entered blocking state
[  162.738268][   T12] bridge0: port 1(bridge_slave_0) entered forwarding state
[  162.741718][   T12] bridge0: port 2(bridge_slave_1) entered blocking state
[  162.741819][   T12] bridge0: port 2(bridge_slave_1) entered forwarding state
[  162.743188][ T1179] usbhid 5-1:36.0: couldn't find an input interrupt endpoint
[  162.790641][ T1179] usb 5-1: USB disconnect, device number 18
[  163.058931][ T6335] 8021q: adding VLAN 0 to HW filter on device batadv0
[  163.266190][ T6335] veth0_vlan: entered promiscuous mode
[  163.375209][ T6335] veth1_vlan: entered promiscuous mode
[  163.570250][ T6335] veth0_macvtap: entered promiscuous mode
[  163.876964][ T6335] veth1_macvtap: entered promiscuous mode
[  164.100378][ T6335] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0
[  164.126192][ T6335] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  164.151423][ T6335] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0
[  164.201144][ T6335] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  164.245211][ T6335] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0
[  164.278021][ T6335] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  164.323069][ T6335] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0
[  164.377581][ T6335] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  164.484008][ T6335] batman_adv: batadv0: Interface activated: batadv_slave_0
[  164.642678][ T6335] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1
[  164.702265][ T6335] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  164.735446][ T6335] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1
[  164.767003][ T6335] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  164.829203][ T6335] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1
[  164.882365][ T6335] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  164.896812][ T6335] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1
[  164.917971][ T6335] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  164.990646][ T6335] batman_adv: batadv0: Interface activated: batadv_slave_1
[  165.119776][ T6335] netdevsim netdevsim3 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0
[  165.171370][ T6335] netdevsim netdevsim3 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0
[  165.201838][ T6335] netdevsim netdevsim3 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0
[  165.249052][ T6335] netdevsim netdevsim3 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0
[  165.530036][ T6545] syz.4.317: vmalloc error: size 536870912, failed to allocated page array size 1048576, mode:0xdc2(GFP_KERNEL|__GFP_HIGHMEM|__GFP_ZERO), nodemask=(null),cpuset=/,mems_allowed=0-1
[  165.549762][ T6545] CPU: 0 UID: 0 PID: 6545 Comm: syz.4.317 Not tainted 6.11.0-syzkaller-08833-gde5cb0dcb74c #0
[  165.560180][ T6545] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 08/06/2024
[  165.570301][ T6545] Call Trace:
[  165.573814][ T6545]  <TASK>
[  165.576886][ T6545]  dump_stack_lvl+0x241/0x360
[  165.581647][ T6545]  ? __pfx_dump_stack_lvl+0x10/0x10
[  165.586919][ T6545]  ? __pfx__printk+0x10/0x10
[  165.591583][ T6545]  ? cpuset_print_current_mems_allowed+0x1f/0x350
[  165.598096][ T6545]  ? cpuset_print_current_mems_allowed+0x31e/0x350
[  165.604778][ T6545]  warn_alloc+0x278/0x410
[  165.609244][ T6545]  ? __pfx_warn_alloc+0x10/0x10
[  165.614151][ T6545]  ? translate_table+0x174/0x2330
[  165.619203][ T6545]  ? __get_vm_area_node+0x23d/0x270
[  165.624451][ T6545]  __vmalloc_node_range_noprof+0x691/0x13f0
[  165.630401][ T6545]  ? __pfx___alloc_pages_noprof+0x10/0x10
[  165.636168][ T6545]  ? __pfx___vmalloc_node_range_noprof+0x10/0x10
[  165.642539][ T6545]  ? rcu_is_watching+0x15/0xb0
[  165.647332][ T6545]  ? trace_kmalloc+0x1f/0xd0
[  165.651967][ T6545]  ? __kmalloc_node_noprof+0x247/0x440
[  165.657488][ T6545]  ? __kvmalloc_node_noprof+0x72/0x190
[  165.663020][ T6545]  __kvmalloc_node_noprof+0x142/0x190
[  165.668547][ T6545]  ? translate_table+0x174/0x2330
[  165.673609][ T6545]  translate_table+0x174/0x2330
[  165.678536][ T6545]  ? __pfx_translate_table+0x10/0x10
[  165.683901][ T6545]  ? __might_fault+0xaa/0x120
[  165.688630][ T6545]  ? __pfx_lock_release+0x10/0x10
[  165.693722][ T6545]  ? __might_fault+0xaa/0x120
[  165.698625][ T6545]  ? __might_fault+0xc6/0x120
[  165.703354][ T6545]  ? _copy_from_user+0xa6/0xe0
[  165.708153][ T6545]  ? copy_from_sockptr_offset+0x6b/0xb0
[  165.713749][ T6545]  do_ip6t_set_ctl+0xe4c/0x1270
[  165.718660][ T6545]  ? __pfx___might_resched+0x10/0x10
[  165.724083][ T6545]  ? __pfx_do_ip6t_set_ctl+0x10/0x10
[  165.729496][ T6545]  ? __pfx_lock_release+0x10/0x10
[  165.734586][ T6545]  ? __mutex_unlock_slowpath+0x21d/0x750
[  165.740617][ T6545]  ? __pfx___mutex_unlock_slowpath+0x10/0x10
[  165.746722][ T6545]  ? aa_sk_perm+0x96d/0xab0
[  165.751438][ T6545]  ? __pfx_aa_sk_perm+0x10/0x10
[  165.756335][ T6545]  nf_setsockopt+0x295/0x2c0
[  165.761003][ T6545]  ? __pfx_sock_common_setsockopt+0x10/0x10
[  165.766930][ T6545]  do_sock_setsockopt+0x3af/0x720
[  165.771998][ T6545]  ? __pfx_do_sock_setsockopt+0x10/0x10
[  165.777583][ T6545]  ? __fget_files+0x29/0x470
[  165.782227][ T6545]  ? __fget_files+0x3f3/0x470
[  165.786953][ T6545]  ? __fget_files+0x29/0x470
[  165.791779][ T6545]  __sys_setsockopt+0x1a8/0x250
[  165.796691][ T6545]  __x64_sys_setsockopt+0xb5/0xd0
[  165.801847][ T6545]  do_syscall_64+0xf3/0x230
[  165.806472][ T6545]  ? clear_bhb_loop+0x35/0x90
[  165.811284][ T6545]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  165.817214][ T6545] RIP: 0033:0x7f3d1337def9
[  165.821661][ T6545] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[  165.841308][ T6545] RSP: 002b:00007f3d14111038 EFLAGS: 00000246 ORIG_RAX: 0000000000000036
[  165.849856][ T6545] RAX: ffffffffffffffda RBX: 00007f3d13535f80 RCX: 00007f3d1337def9
[  165.857960][ T6545] RDX: 0000000000000040 RSI: 0000000000000029 RDI: 0000000000000003
[  165.865967][ T6545] RBP: 00007f3d133f0b76 R08: 0000000000000388 R09: 0000000000000000
[  165.873986][ T6545] R10: 0000000020000ac0 R11: 0000000000000246 R12: 0000000000000000
[  165.882098][ T6545] R13: 0000000000000000 R14: 00007f3d13535f80 R15: 00007f3d1365fa28
[  165.890167][ T6545]  </TASK>
[  165.913818][ T6545] Mem-Info:
[  165.917245][ T6545] active_anon:4457 inactive_anon:0 isolated_anon:0
[  165.917245][ T6545]  active_file:1765 inactive_file:38229 isolated_file:0
[  165.917245][ T6545]  unevictable:768 dirty:145 writeback:0
[  165.917245][ T6545]  slab_reclaimable:8768 slab_unreclaimable:92634
[  165.917245][ T6545]  mapped:21887 shmem:1253 pagetables:805
[  165.917245][ T6545]  sec_pagetables:0 bounce:0
[  165.917245][ T6545]  kernel_misc_reclaimable:0
[  165.917245][ T6545]  free:1351347 free_pcp:2202 free_cma:0
[  165.949136][ T5282] usb 1-1: new high-speed USB device number 26 using dummy_hcd
[  165.965254][ T6545] Node 0 active_anon:17828kB inactive_anon:0kB active_file:7004kB inactive_file:152840kB unevictable:1536kB isolated(anon):0kB isolated(file):0kB mapped:87528kB dirty:560kB writeback:0kB shmem:3476kB shmem_thp:0kB shmem_pmdmapped:0kB anon_thp:0kB writeback_tmp:0kB kernel_stack:10120kB pagetables:3220kB sec_pagetables:0kB all_unreclaimable? no
[  166.019570][ T6545] Node 1 active_anon:0kB inactive_anon:0kB active_file:56kB inactive_file:76kB unevictable:1536kB isolated(anon):0kB isolated(file):0kB mapped:20kB dirty:20kB writeback:0kB shmem:1536kB shmem_thp:0kB shmem_pmdmapped:0kB anon_thp:0kB writeback_tmp:0kB kernel_stack:16kB pagetables:0kB sec_pagetables:0kB all_unreclaimable? no
[  166.109861][ T5236] Bluetooth: hci1: unexpected cc 0x0c03 length: 249 > 1
[  166.126240][ T5236] Bluetooth: hci1: unexpected cc 0x1003 length: 249 > 9
[  166.128955][ T6545] Node 0 DMA free:15360kB boost:0kB min:208kB low:260kB high:312kB reserved_highatomic:0KB active_anon:0kB inactive_anon:0kB active_file:0kB inactive_file:0kB unevictable:0kB writepending:0kB present:15992kB managed:15360kB mlocked:0kB bounce:0kB free_pcp:0kB local_pcp:0kB free_cma:0kB
[  166.161198][    C1] vkms_vblank_simulate: vblank timer overrun
[  166.175437][ T5236] Bluetooth: hci1: unexpected cc 0x1001 length: 249 > 9
[  166.196428][ T6545] lowmem_reserve[]: 0 2465 2466 0 0
[  166.202110][ T5236] Bluetooth: hci1: unexpected cc 0x0c23 length: 249 > 4
[  166.209873][ T6545] Node 0 DMA32 free:1464404kB boost:0kB min:34200kB low:42748kB high:51296kB reserved_highatomic:0KB active_anon:17840kB inactive_anon:0kB active_file:7004kB inactive_file:152016kB unevictable:1536kB writepending:612kB present:3129332kB managed:2552492kB mlocked:0kB bounce:0kB free_pcp:1772kB local_pcp:1024kB free_cma:0kB
[  166.243352][ T6545] lowmem_reserve[]: 0 0 0 0 0
[  166.248239][ T5236] Bluetooth: hci1: unexpected cc 0x0c25 length: 249 > 3
[  166.256623][ T5282] usb 1-1: Using ep0 maxpacket: 8
[  166.256687][ T6545] Node 0 Normal free:0kB boost:0kB min:8kB low:8kB high:8kB reserved_highatomic:0KB active_anon:36kB inactive_anon:0kB active_file:0kB inactive_file:824kB unevictable:0kB writepending:0kB present:1048580kB managed:876kB mlocked:0kB bounce:0kB free_pcp:16kB local_pcp:8kB free_cma:0kB
[  166.288992][ T5282] usb 1-1: config index 0 descriptor too short (expected 301, got 45)
[  166.289080][ T5282] usb 1-1: config 16 interface 0 altsetting 0 endpoint 0x5 has invalid wMaxPacketSize 0
[  166.289134][ T5282] usb 1-1: config 16 interface 0 altsetting 0 bulk endpoint 0x5 has invalid maxpacket 0
[  166.289191][ T5282] usb 1-1: config 16 interface 0 altsetting 0 endpoint 0x8B has invalid maxpacket 5664, setting to 1024
[  166.289247][ T5282] usb 1-1: config 16 interface 0 altsetting 0 bulk endpoint 0x8B has invalid maxpacket 1024
[  166.289276][ T5282] usb 1-1: config 16 interface 0 altsetting 0 has 2 endpoint descriptors, different from the interface descriptor's value: 3
[  166.289347][ T5282] usb 1-1: New USB device found, idVendor=ee8d, idProduct=db1e, bcdDevice=61.23
[  166.289401][ T5282] usb 1-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  166.378698][ T5236] Bluetooth: hci1: unexpected cc 0x0c38 length: 249 > 2
[  166.388293][   T11] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[  166.389814][ T6569] loop2: detected capacity change from 0 to 7
[  166.408630][ T6569] Dev loop2: unable to read RDB block 7
[  166.415693][ T6569]  loop2: unable to read partition table
[  166.422232][ T6569] loop2: partition table beyond EOD, truncated
[  166.428770][ T6569] loop_reread_partitions: partition scan of loop2 (þ被xü—ŸÑà– ) failed (rc=-5)
[  166.468760][   T11] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50
[  166.479123][ T6545] lowmem_reserve[]: 0 0 0 0 0
[  166.483954][ T6545] Node 1 Normal free:3925496kB boost:0kB min:55688kB low:69608kB high:83528kB reserved_highatomic:0KB active_anon:0kB inactive_anon:0kB active_file:56kB inactive_file:76kB unevictable:1536kB writepending:20kB present:4194300kB managed:4111164kB mlocked:0kB bounce:0kB free_pcp:6580kB local_pcp:0kB free_cma:0kB
[  166.541858][ T6545] lowmem_reserve[]: 0 0 0 0 0
[  166.547554][ T6545] Node 0 DMA: 0*4kB 0*8kB 0*16kB 0*32kB 0*64kB 0*128kB 0*256kB 0*512kB 1*1024kB (U) 1*2048kB (M) 3*4096kB (M) = 15360kB
[  166.567178][ T6545] Node 0 DMA32: 79*4kB (UME) 105*8kB (UME) 113*16kB (UME) 94*32kB (UME) 48*64kB (UME) 25*128kB (ME) 12*256kB (ME) 8*512kB (ME) 28*1024kB (UME) 15*2048kB (UME) 338*4096kB (UM) = 1463252kB
[  166.586619][    C1] vkms_vblank_simulate: vblank timer overrun
[  166.599299][ T6545] Node 0 Normal: 0*4kB 0*8kB 0*16kB 0*32kB 0*64kB 0*128kB 0*256kB 0*512kB 0*1024kB 0*2048kB 0*4096kB = 0kB
[  166.614471][ T6545] Node 1 Normal: 165*4kB (UME) 51*8kB (UME) 44*16kB (UME) 174*32kB (UME) 80*64kB (UME) 35*128kB (UME) 12*256kB (UME) 8*512kB (UM) 2*1024kB (UE) 4*2048kB (UME) 950*4096kB (M) = 3925548kB
[  166.647853][   T11] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[  166.656494][   T11] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50
[  166.671384][ T6545] Node 0 hugepages_total=0 hugepages_free=0 hugepages_surp=0 hugepages_size=1048576kB
[  166.708886][ T6545] Node 0 hugepages_total=2 hugepages_free=2 hugepages_surp=0 hugepages_size=2048kB
[  166.719505][ T6545] Node 1 hugepages_total=0 hugepages_free=0 hugepages_surp=0 hugepages_size=1048576kB
[  166.783211][ T6577] xt_limit: Overflow, try lower: 0/0
[  166.799450][ T6545] Node 1 hugepages_total=2 hugepages_free=2 hugepages_surp=0 hugepages_size=2048kB
[  166.818286][ T6545] 41248 total pagecache pages
[  166.824122][ T6545] 0 pages in swap cache
[  166.829000][ T6545] Free swap  = 124516kB
[  166.833795][ T6545] Total swap = 124996kB
[  166.839623][ T5282] usb 1-1: usb_control_msg returned -71
[  166.846721][ T5282] usbtmc 1-1:16.0: can't read capabilities
[  166.913856][ T6545] 2097051 pages RAM
[  166.918344][ T6545] 0 pages HighMem/MovableOnly
[  166.939194][ T5282] usb 1-1: USB disconnect, device number 26
[  166.970335][ T6545] 427078 pages reserved
[  166.980650][ T6545] 0 pages cma reserved
[  167.103539][ T6571] chnl_net:caif_netlink_parms(): no params data found
[  167.944839][ T6571] bridge0: port 1(bridge_slave_0) entered blocking state
[  167.984103][ T6571] bridge0: port 1(bridge_slave_0) entered disabled state
[  168.127536][ T6571] bridge_slave_0: entered allmulticast mode
[  168.209079][ T6571] bridge_slave_0: entered promiscuous mode
[  168.280074][ T6571] bridge0: port 2(bridge_slave_1) entered blocking state
[  168.287260][ T6571] bridge0: port 2(bridge_slave_1) entered disabled state
[  168.350661][ T6571] bridge_slave_1: entered allmulticast mode
[  168.369884][    T9] usb 5-1: new high-speed USB device number 19 using dummy_hcd
[  168.419525][ T6571] bridge_slave_1: entered promiscuous mode
[  168.498852][ T5231] Bluetooth: hci1: command tx timeout
[  168.561380][    T9] usb 5-1: config 36 has an invalid descriptor of length 0, skipping remainder of the config
[  168.606225][    T9] usb 5-1: config 36 interface 0 altsetting 0 has 0 endpoint descriptors, different from the interface descriptor's value: 1
[  168.679914][    T9] usb 5-1: New USB device found, idVendor=6993, idProduct=b001, bcdDevice=3d.29
[  168.720787][    T9] usb 5-1: New USB device strings: Mfr=244, Product=0, SerialNumber=16
[  168.795018][    T9] usb 5-1: Manufacturer: syz
[  168.814225][    T9] usb 5-1: SerialNumber: syz
[  168.857418][ T6571] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link
[  168.877738][ T6571] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link
[  169.076715][    T9] usbhid 5-1:36.0: couldn't find an input interrupt endpoint
[  169.090745][ T6571] team0: Port device team_slave_0 added
[  169.145424][ T6571] team0: Port device team_slave_1 added
[  169.176606][    T9] usb 5-1: USB disconnect, device number 19
[  169.455814][ T6571] batman_adv: batadv0: Adding interface: batadv_slave_0
[  169.518805][ T6571] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[  169.520591][ T6626] netlink: 92 bytes leftover after parsing attributes in process `syz.3.329'.
[  169.554157][ T6571] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active
[  169.571976][ T6571] batman_adv: batadv0: Adding interface: batadv_slave_1
[  169.579077][ T6571] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[  169.605977][ T6571] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active
[  169.776302][ T6633] loop2: detected capacity change from 0 to 7
[  169.788052][ T6633] Dev loop2: unable to read RDB block 7
[  169.794570][ T6633]  loop2: unable to read partition table
[  169.802173][ T6633] loop2: partition table beyond EOD, truncated
[  169.825721][ T6633] loop_reread_partitions: partition scan of loop2 (þ被xü—ŸÑà– ) failed (rc=-5)
[  169.844947][ T6571] hsr_slave_0: entered promiscuous mode
[  169.910563][ T6571] hsr_slave_1: entered promiscuous mode
[  169.947004][ T6571] debugfs: Directory 'hsr0' with parent 'hsr' already present!
[  169.988131][ T6571] Cannot create hsr debugfs directory
[  170.308768][ T5283] usb 5-1: new high-speed USB device number 20 using dummy_hcd
[  170.484568][ T5283] usb 5-1: Using ep0 maxpacket: 16
[  170.502846][ T5283] usb 5-1: config 0 interface 0 altsetting 44 has an endpoint descriptor with address 0xFF, changing to 0x8F
[  170.527747][ T5283] usb 5-1: config 0 interface 0 altsetting 44 endpoint 0x8F has an invalid bInterval 255, changing to 11
[  170.550559][ T5283] usb 5-1: config 0 interface 0 altsetting 44 endpoint 0x8F has invalid maxpacket 59391, setting to 1024
[  170.574839][ T6571] netdevsim netdevsim2 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  170.588658][ T5231] Bluetooth: hci1: command tx timeout
[  170.618900][ T5283] usb 5-1: config 0 interface 0 altsetting 44 has 1 endpoint descriptor, different from the interface descriptor's value: 17
[  170.643200][ T5283] usb 5-1: config 0 interface 0 has no altsetting 0
[  170.700408][ T5283] usb 5-1: New USB device found, idVendor=134c, idProduct=0002, bcdDevice=ec.7e
[  170.719698][ T5283] usb 5-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  170.739151][ T5283] usb 5-1: Product: syz
[  170.743884][ T5283] usb 5-1: Manufacturer: syz
[  170.749238][ T5283] usb 5-1: SerialNumber: syz
[  170.767281][ T5283] usb 5-1: config 0 descriptor??
[  170.794012][ T6637] raw-gadget.0 gadget.4: fail, usb_ep_enable returned -22
[  170.809851][ T5283] input: syz syz as /devices/platform/dummy_hcd.4/usb5/5-1/5-1:0.0/input/input21
[  170.858460][ T6571] netdevsim netdevsim2 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  170.978872][ T3130] usb 2-1: new high-speed USB device number 19 using dummy_hcd
[  171.085591][ T6571] netdevsim netdevsim2 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  171.166938][ T6637] netlink: 8 bytes leftover after parsing attributes in process `syz.4.332'.
[  171.187612][ T6637] netlink: 4 bytes leftover after parsing attributes in process `syz.4.332'.
[  171.187766][ T3130] usb 2-1: config 17 interface 0 altsetting 0 has an endpoint descriptor with address 0xFF, changing to 0x8F
[  171.214683][ T6637] batadv1: entered promiscuous mode
[  171.220645][ T3130] usb 2-1: config 17 interface 0 altsetting 0 endpoint 0x8F has an invalid bInterval 0, changing to 7
[  171.267321][ T3130] usb 2-1: config 17 interface 0 altsetting 0 endpoint 0x8F has invalid maxpacket 59391, setting to 1024
[  171.286192][ T3130] usb 2-1: New USB device found, idVendor=0458, idProduct=5003, bcdDevice= 0.00
[  171.303186][ T6571] netdevsim netdevsim2 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  171.317487][ T3130] usb 2-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  171.370122][ T6652] raw-gadget.1 gadget.1: fail, usb_ep_enable returned -22
[  171.570900][ T6571] netdevsim netdevsim2 netdevsim0: renamed from eth0
[  171.593810][ T6571] netdevsim netdevsim2 netdevsim1: renamed from eth1
[  171.611587][   T29] kauditd_printk_skb: 74 callbacks suppressed
[  171.611635][   T29] audit: type=1326 audit(1727090430.683:572): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=6651 comm="syz.1.336" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f1eda57def9 code=0x7ffc0000
[  171.656283][ T6571] netdevsim netdevsim2 netdevsim2: renamed from eth2
[  171.668052][ T6571] netdevsim netdevsim2 netdevsim3: renamed from eth3
[  171.675534][   T29] audit: type=1326 audit(1727090430.713:573): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=6651 comm="syz.1.336" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f1eda57def9 code=0x7ffc0000
[  171.761924][   T29] audit: type=1326 audit(1727090430.713:574): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=6651 comm="syz.1.336" exe="/root/syz-executor" sig=0 arch=c000003e syscall=63 compat=0 ip=0x7f1eda57def9 code=0x7ffc0000
[  171.848174][   T29] audit: type=1326 audit(1727090430.713:575): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=6651 comm="syz.1.336" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f1eda57def9 code=0x7ffc0000
[  171.903436][   T29] audit: type=1326 audit(1727090430.713:576): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=6651 comm="syz.1.336" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f1eda57def9 code=0x7ffc0000
[  171.949453][ T6571] 8021q: adding VLAN 0 to HW filter on device bond0
[  171.963400][   T29] audit: type=1326 audit(1727090430.713:577): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=6651 comm="syz.1.336" exe="/root/syz-executor" sig=0 arch=c000003e syscall=16 compat=0 ip=0x7f1eda57dafb code=0x7ffc0000
[  171.996383][ T6571] 8021q: adding VLAN 0 to HW filter on device team0
[  172.046591][ T1046] bridge0: port 1(bridge_slave_0) entered blocking state
[  172.054014][ T1046] bridge0: port 1(bridge_slave_0) entered forwarding state
[  172.069659][   T29] audit: type=1326 audit(1727090430.713:578): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=6651 comm="syz.1.336" exe="/root/syz-executor" sig=0 arch=c000003e syscall=16 compat=0 ip=0x7f1eda57dafb code=0x7ffc0000
[  172.128362][   T12] bridge0: port 2(bridge_slave_1) entered blocking state
[  172.132373][   T29] audit: type=1326 audit(1727090430.723:579): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=6651 comm="syz.1.336" exe="/root/syz-executor" sig=0 arch=c000003e syscall=230 compat=0 ip=0x7f1eda5affe5 code=0x7ffc0000
[  172.136445][   T12] bridge0: port 2(bridge_slave_1) entered forwarding state
[  172.169373][   T29] audit: type=1326 audit(1727090430.943:580): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=6651 comm="syz.1.336" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f1eda57def9 code=0x7ffc0000
[  172.279894][   T29] audit: type=1326 audit(1727090430.943:581): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=6651 comm="syz.1.336" exe="/root/syz-executor" sig=0 arch=c000003e syscall=16 compat=0 ip=0x7f1eda57dafb code=0x7ffc0000
[  172.280950][ T3130] aiptek 2-1:17.0: Aiptek using 400 ms programming speed
[  172.396168][ T3130] input: Aiptek as /devices/platform/dummy_hcd.1/usb2/2-1/2-1:17.0/input/input22
[  172.430979][ T6571] 8021q: adding VLAN 0 to HW filter on device batadv0
[  172.663539][ T5231] Bluetooth: hci1: command tx timeout
[  172.683602][ T6571] veth0_vlan: entered promiscuous mode
[  172.701878][ T6571] veth1_vlan: entered promiscuous mode
[  172.780466][ T6571] veth0_macvtap: entered promiscuous mode
[  172.796188][ T6571] veth1_macvtap: entered promiscuous mode
[  172.826249][ T6571] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0
[  172.837407][ T6571] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  172.847537][ T6571] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0
[  172.858757][ T6571] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  172.869000][ T6571] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0
[  172.879762][ T6571] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  172.890131][ T6571] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0
[  172.901116][ T6571] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  172.911470][ T6571] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0
[  172.923538][ T6571] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  172.937291][ T6571] batman_adv: batadv0: Interface activated: batadv_slave_0
[  172.979793][ T6571] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1
[  172.990788][ T6571] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  173.001042][ T6571] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1
[  173.011795][ T6571] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  173.021830][ T6571] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1
[  173.033884][ T6571] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  173.045229][ T6571] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1
[  173.055964][ T6571] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  173.066554][ T6571] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1
[  173.077282][ T6571] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  173.090355][ T6571] batman_adv: batadv0: Interface activated: batadv_slave_1
[  173.103291][ T6571] netdevsim netdevsim2 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0
[  173.111300][ T5282] usb 5-1: USB disconnect, device number 20
[  173.112375][ T6571] netdevsim netdevsim2 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0
[  173.129887][ T6571] netdevsim netdevsim2 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0
[  173.138998][ T6571] netdevsim netdevsim2 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0
[  173.250629][ T1179] usb 4-1: new high-speed USB device number 15 using dummy_hcd
[  173.437297][ T6679] netlink: 24 bytes leftover after parsing attributes in process `syz.0.342'.
[  173.486571][ T1179] usb 4-1: config 36 has an invalid descriptor of length 0, skipping remainder of the config
[  173.512854][ T1179] usb 4-1: config 36 interface 0 altsetting 0 has 0 endpoint descriptors, different from the interface descriptor's value: 1
[  173.531324][ T6681] loop2: detected capacity change from 0 to 7
[  173.545095][ T1179] usb 4-1: New USB device found, idVendor=6993, idProduct=b001, bcdDevice=3d.29
[  173.564831][ T6681] Dev loop2: unable to read RDB block 7
[  173.575094][ T1179] usb 4-1: New USB device strings: Mfr=244, Product=0, SerialNumber=16
[  173.594815][ T6681]  loop2: unable to read partition table
[  173.609712][ T1179] usb 4-1: Manufacturer: syz
[  173.615213][ T1179] usb 4-1: SerialNumber: syz
[  173.625656][ T6681] loop2: partition table beyond EOD, truncated
[  173.626147][   T35] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[  173.664642][ T6681] loop_reread_partitions: partition scan of loop2 (þ被xü—ŸÑà– ) failed (rc=-5)
[  173.668283][   T35] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50
[  173.773980][ T3130] usb 2-1: USB disconnect, device number 19
[  173.779961][    C0] aiptek 2-1:17.0: aiptek_irq - usb_submit_urb failed with result -19
[  173.888939][ T1046] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[  173.900074][ T1046] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50
[  173.933636][ T1179] usbhid 4-1:36.0: couldn't find an input interrupt endpoint
[  173.979862][ T1179] usb 4-1: USB disconnect, device number 15
[  174.739325][ T5231] Bluetooth: hci1: command tx timeout
[  175.168745][ T6715] loop2: detected capacity change from 0 to 7
[  175.225702][ T6715] Dev loop2: unable to read RDB block 7
[  175.235946][ T6715]  loop2: AHDI p1 p3
[  175.246307][ T6715] loop2: partition table partially beyond EOD, truncated
[  175.276092][ T6715] loop2: p1 start 2048 is beyond EOD, truncated
[  175.689189][    T9] usb 5-1: new high-speed USB device number 21 using dummy_hcd
[  175.866383][    T9] usb 5-1: config 1 has 0 interfaces, different from the descriptor's value: 1
[  175.896407][    T9] usb 5-1: New USB device found, idVendor=0525, idProduct=a4a1, bcdDevice= 0.40
[  175.922962][    T9] usb 5-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  175.948784][ T5280] usb 3-1: new high-speed USB device number 28 using dummy_hcd
[  175.975315][    T9] usb 5-1: Product: syz
[  176.016836][    T9] usb 5-1: Manufacturer: syz
[  176.082242][    T9] usb 5-1: SerialNumber: syz
[  176.179324][ T5280] usb 3-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7
[  176.216484][ T5280] usb 3-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0
[  176.246254][ T5280] usb 3-1: config 0 interface 0 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 2
[  176.314797][    T9] usb 5-1: USB disconnect, device number 21
[  176.343701][ T5280] usb 3-1: New USB device found, idVendor=5543, idProduct=0003, bcdDevice= 0.00
[  176.462816][ T5280] usb 3-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  176.540894][ T5280] usb 3-1: config 0 descriptor??
[  176.769203][    T9] usb 2-1: new high-speed USB device number 20 using dummy_hcd
[  176.809736][ T6741] netlink: 'syz.0.361': attribute type 21 has an invalid length.
[  176.847469][ T6741] netlink: 128 bytes leftover after parsing attributes in process `syz.0.361'.
[  176.890327][ T6741] netlink: 'syz.0.361': attribute type 5 has an invalid length.
[  176.929791][ T3130] usb 5-1: new high-speed USB device number 22 using dummy_hcd
[  176.948841][    T9] usb 2-1: Using ep0 maxpacket: 16
[  176.968950][    T9] usb 2-1: config 0 interface 0 altsetting 0 endpoint 0x82 has an invalid bInterval 0, changing to 7
[  176.975051][ T6722] fuse: Bad value for 'fd'
[  177.012680][    T9] usb 2-1: New USB device found, idVendor=13b1, idProduct=0042, bcdDevice=7b.55
[  177.024766][ T6741] netlink: 3 bytes leftover after parsing attributes in process `syz.0.361'.
[  177.037881][    T9] usb 2-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  177.052371][ T5280] usbhid 3-1:0.0: can't add hid device: -71
[  177.069703][ T5280] usbhid 3-1:0.0: probe with driver usbhid failed with error -71
[  177.084579][    T9] usb 2-1: Product: syz
[  177.097583][    T9] usb 2-1: Manufacturer: syz
[  177.109216][ T3130] usb 5-1: Using ep0 maxpacket: 8
[  177.116050][ T5280] usb 3-1: USB disconnect, device number 28
[  177.127131][    T9] usb 2-1: SerialNumber: syz
[  177.136924][ T3130] usb 5-1: config index 0 descriptor too short (expected 301, got 45)
[  177.156051][    T9] usb 2-1: config 0 descriptor??
[  177.174100][ T3130] usb 5-1: config 16 interface 0 altsetting 0 endpoint 0x5 has invalid wMaxPacketSize 0
[  177.212075][    T9] usb 2-1: Warning: ath10k USB support is incomplete, don't expect anything to work!
[  177.233117][ T3130] usb 5-1: config 16 interface 0 altsetting 0 bulk endpoint 0x5 has invalid maxpacket 0
[  177.263545][ T3130] usb 5-1: config 16 interface 0 altsetting 0 bulk endpoint 0x8B has invalid maxpacket 1024
[  177.308494][ T3130] usb 5-1: config 16 interface 0 altsetting 0 has 2 endpoint descriptors, different from the interface descriptor's value: 3
[  177.373472][ T3130] usb 5-1: New USB device found, idVendor=ee8d, idProduct=db1e, bcdDevice=61.23
[  177.431752][ T3130] usb 5-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  177.498738][ T5280] usb 2-1: USB disconnect, device number 20
[  177.504810][ T3008] usb 2-1: Failed to submit usb control message: -71
[  177.519837][ T3008] usb 2-1: unable to send the bmi data to the device: -71
[  177.534325][ T3008] usb 2-1: unable to get target info from device
[  177.576222][ T3008] usb 2-1: could not get target info (-71)
[  177.589007][ T3008] usb 2-1: could not probe fw (-71)
[  177.696906][ T3130] usb 5-1: usb_control_msg returned -71
[  177.702938][ T3130] usbtmc 5-1:16.0: can't read capabilities
[  177.727565][ T3130] usb 5-1: USB disconnect, device number 22
[  178.230758][ T3130] usb 3-1: new high-speed USB device number 29 using dummy_hcd
[  178.407120][ T6769] loop2: detected capacity change from 0 to 7
[  178.415693][ T6769] Dev loop2: unable to read RDB block 7
[  178.423339][ T3130] usb 3-1: config 36 has an invalid descriptor of length 0, skipping remainder of the config
[  178.424225][ T6769]  loop2: AHDI p1 p3
[  178.438671][ T3130] usb 3-1: config 36 interface 0 altsetting 0 has 0 endpoint descriptors, different from the interface descriptor's value: 1
[  178.440458][ T3130] usb 3-1: New USB device found, idVendor=6993, idProduct=b001, bcdDevice=3d.29
[  178.475656][ T6769] loop2: partition table partially beyond EOD, truncated
[  178.485384][ T3130] usb 3-1: New USB device strings: Mfr=244, Product=0, SerialNumber=16
[  178.502283][ T3130] usb 3-1: Manufacturer: syz
[  178.502293][ T6769] loop2: p1 start 2048 is beyond EOD, 
[  178.516369][ T3130] usb 3-1: SerialNumber: syz
[  178.520826][ T6769] truncated
[  178.551890][ T5282] usb 2-1: new high-speed USB device number 21 using dummy_hcd
[  178.757828][ T3130] usbhid 3-1:36.0: couldn't find an input interrupt endpoint
[  178.796423][ T5282] usb 2-1: Using ep0 maxpacket: 8
[  178.808161][ T5282] usb 2-1: config 1 has an invalid descriptor of length 0, skipping remainder of the config
[  178.826274][ T5282] usb 2-1: config 1 interface 0 altsetting 0 has 0 endpoint descriptors, different from the interface descriptor's value: 3
[  178.841684][ T3130] usb 3-1: USB disconnect, device number 29
[  178.846721][ T5282] usb 2-1: New USB device found, idVendor=0525, idProduct=a4a3, bcdDevice= 0.40
[  178.907085][ T5282] usb 2-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  178.926899][ T5282] usb 2-1: Product: syz
[  178.938900][ T5282] usb 2-1: Manufacturer: syz
[  178.944111][ T5282] usb 2-1: SerialNumber: syz
[  178.987955][ T5282] usb 2-1: bad CDC descriptors
[  179.000935][ T5282] usbtest 2-1:1.0: couldn't get endpoints, -22
[  179.020556][ T5282] usbtest 2-1:1.0: probe with driver usbtest failed with error -22
[  180.107858][ T6789] FAULT_INJECTION: forcing a failure.
[  180.107858][ T6789] name failslab, interval 1, probability 0, space 0, times 0
[  180.123182][ T6789] CPU: 1 UID: 0 PID: 6789 Comm: syz.4.373 Not tainted 6.11.0-syzkaller-08833-gde5cb0dcb74c #0
[  180.133481][ T6789] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 08/06/2024
[  180.143604][ T6789] Call Trace:
[  180.146923][ T6789]  <TASK>
[  180.150128][ T6789]  dump_stack_lvl+0x241/0x360
[  180.154887][ T6789]  ? __pfx_dump_stack_lvl+0x10/0x10
[  180.160197][ T6789]  ? __pfx__printk+0x10/0x10
[  180.164823][ T6789]  ? __kmalloc_cache_noprof+0x44/0x2c0
[  180.170302][ T6789]  ? __pfx___might_resched+0x10/0x10
[  180.175620][ T6789]  should_fail_ex+0x3b0/0x4e0
[  180.180419][ T6789]  should_failslab+0xac/0x100
[  180.185331][ T6789]  ? hsr_create_self_node+0x5a/0x340
[  180.190759][ T6789]  __kmalloc_cache_noprof+0x6c/0x2c0
[  180.196159][ T6789]  ? __asan_memset+0x23/0x50
[  180.200776][ T6789]  hsr_create_self_node+0x5a/0x340
[  180.205914][ T6789]  hsr_dev_finalize+0x2c4/0x9a0
[  180.210786][ T6789]  hsr_newlink+0x7ee/0x970
[  180.215213][ T6789]  ? alloc_netdev_mqs+0xcda/0x1000
[  180.220342][ T6789]  ? __pfx_hsr_newlink+0x10/0x10
[  180.225292][ T6789]  ? rtnl_create_link+0x91c/0xc20
[  180.230345][ T6789]  ? __pfx_hsr_newlink+0x10/0x10
[  180.235482][ T6789]  rtnl_newlink+0x1591/0x20a0
[  180.240220][ T6789]  ? __pfx_rtnl_newlink+0x10/0x10
[  180.245283][ T6789]  ? __pfx___mutex_trylock_common+0x10/0x10
[  180.251235][ T6789]  ? rcu_is_watching+0x15/0xb0
[  180.256022][ T6789]  ? trace_contention_end+0x3c/0x120
[  180.261330][ T6789]  ? __mutex_lock+0x2ef/0xd70
[  180.266043][ T6789]  ? __pfx_lock_release+0x10/0x10
[  180.271097][ T6789]  ? __pfx_rtnl_newlink+0x10/0x10
[  180.276151][ T6789]  rtnetlink_rcv_msg+0x73f/0xcf0
[  180.281120][ T6789]  ? rtnetlink_rcv_msg+0x1a7/0xcf0
[  180.286392][ T6789]  ? __pfx_rtnetlink_rcv_msg+0x10/0x10
[  180.291922][ T6789]  ? ref_tracker_free+0x643/0x7e0
[  180.297073][ T6789]  netlink_rcv_skb+0x1e3/0x430
[  180.302036][ T6789]  ? __pfx_rtnetlink_rcv_msg+0x10/0x10
[  180.307570][ T6789]  ? __pfx_netlink_rcv_skb+0x10/0x10
[  180.312928][ T6789]  ? netlink_deliver_tap+0x2e/0x1b0
[  180.318162][ T6789]  netlink_unicast+0x7f6/0x990
[  180.323023][ T6789]  ? __pfx_netlink_unicast+0x10/0x10
[  180.328549][ T6789]  ? __virt_addr_valid+0x183/0x530
[  180.333749][ T6789]  ? __check_object_size+0x48e/0x900
[  180.339066][ T6789]  netlink_sendmsg+0x8e4/0xcb0
[  180.344119][ T6789]  ? __pfx_netlink_sendmsg+0x10/0x10
[  180.349450][ T6789]  ? aa_sock_msg_perm+0x91/0x160
[  180.354519][ T6789]  ? __pfx_netlink_sendmsg+0x10/0x10
[  180.359873][ T6789]  __sock_sendmsg+0x221/0x270
[  180.364839][ T6789]  ____sys_sendmsg+0x52a/0x7e0
[  180.369808][ T6789]  ? __pfx_____sys_sendmsg+0x10/0x10
[  180.375146][ T6789]  __sys_sendmsg+0x2aa/0x390
[  180.379771][ T6789]  ? __pfx___sys_sendmsg+0x10/0x10
[  180.385077][ T6789]  ? vfs_write+0x7bf/0xc90
[  180.389580][ T6789]  ? __pfx_lockdep_hardirqs_on_prepare+0x10/0x10
[  180.396032][ T6789]  ? do_syscall_64+0x100/0x230
[  180.400819][ T6789]  ? do_syscall_64+0xb6/0x230
[  180.405516][ T6789]  do_syscall_64+0xf3/0x230
[  180.410062][ T6789]  ? clear_bhb_loop+0x35/0x90
[  180.414752][ T6789]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  180.420671][ T6789] RIP: 0033:0x7f3d1337def9
[  180.425176][ T6789] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[  180.445403][ T6789] RSP: 002b:00007f3d14111038 EFLAGS: 00000246 ORIG_RAX: 000000000000002e
[  180.453840][ T6789] RAX: ffffffffffffffda RBX: 00007f3d13535f80 RCX: 00007f3d1337def9
[  180.461923][ T6789] RDX: 0000000000000000 RSI: 0000000020000280 RDI: 0000000000000003
[  180.469898][ T6789] RBP: 00007f3d14111090 R08: 0000000000000000 R09: 0000000000000000
[  180.477961][ T6789] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000002
[  180.486119][ T6789] R13: 0000000000000000 R14: 00007f3d13535f80 R15: 00007f3d1365fa28
[  180.494199][ T6789]  </TASK>
[  180.818100][ T6795] FAULT_INJECTION: forcing a failure.
[  180.818100][ T6795] name failslab, interval 1, probability 0, space 0, times 0
[  180.844626][ T6795] CPU: 0 UID: 0 PID: 6795 Comm: syz.2.375 Not tainted 6.11.0-syzkaller-08833-gde5cb0dcb74c #0
[  180.855032][ T6795] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 08/06/2024
[  180.865235][ T6795] Call Trace:
[  180.868602][ T6795]  <TASK>
[  180.871689][ T6795]  dump_stack_lvl+0x241/0x360
[  180.876525][ T6795]  ? __pfx_dump_stack_lvl+0x10/0x10
[  180.881857][ T6795]  ? __pfx__printk+0x10/0x10
[  180.886490][ T6795]  ? ref_tracker_alloc+0x332/0x490
[  180.891661][ T6795]  should_fail_ex+0x3b0/0x4e0
[  180.896401][ T6795]  ? skb_clone+0x20c/0x390
[  180.900885][ T6795]  should_failslab+0xac/0x100
[  180.905635][ T6795]  ? skb_clone+0x20c/0x390
[  180.910112][ T6795]  kmem_cache_alloc_noprof+0x6c/0x2a0
[  180.915591][ T6795]  skb_clone+0x20c/0x390
[  180.919897][ T6795]  __netlink_deliver_tap+0x3cc/0x7c0
[  180.925256][ T6795]  ? netlink_deliver_tap+0x2e/0x1b0
[  180.930507][ T6795]  netlink_deliver_tap+0x19d/0x1b0
[  180.935671][ T6795]  netlink_sendskb+0x68/0x140
[  180.940412][ T6795]  netlink_unicast+0x39d/0x990
[  180.945348][ T6795]  ? __asan_memcpy+0x40/0x70
[  180.950101][ T6795]  ? __pfx_netlink_unicast+0x10/0x10
[  180.955526][ T6795]  netlink_rcv_skb+0x262/0x430
[  180.960335][ T6795]  ? __pfx_xfrm_user_rcv_msg+0x10/0x10
[  180.965830][ T6795]  ? __pfx_netlink_rcv_skb+0x10/0x10
[  180.971182][ T6795]  xfrm_netlink_rcv+0x79/0x90
[  180.975894][ T6795]  netlink_unicast+0x7f6/0x990
[  180.980726][ T6795]  ? __pfx_netlink_unicast+0x10/0x10
[  180.986062][ T6795]  ? __virt_addr_valid+0x183/0x530
[  180.991417][ T6795]  ? __check_object_size+0x48e/0x900
[  180.996919][ T6795]  netlink_sendmsg+0x8e4/0xcb0
[  181.001764][ T6795]  ? __pfx_netlink_sendmsg+0x10/0x10
[  181.007426][ T6795]  ? aa_sock_msg_perm+0x91/0x160
[  181.012449][ T6795]  ? __pfx_netlink_sendmsg+0x10/0x10
[  181.017799][ T6795]  __sock_sendmsg+0x221/0x270
[  181.022555][ T6795]  ____sys_sendmsg+0x52a/0x7e0
[  181.027417][ T6795]  ? __pfx_____sys_sendmsg+0x10/0x10
[  181.032840][ T6795]  __sys_sendmsg+0x2aa/0x390
[  181.037558][ T6795]  ? __pfx___sys_sendmsg+0x10/0x10
[  181.042729][ T6795]  ? vfs_write+0x7bf/0xc90
[  181.047233][ T6795]  ? __pfx_lockdep_hardirqs_on_prepare+0x10/0x10
[  181.053627][ T6795]  ? do_syscall_64+0x100/0x230
[  181.058470][ T6795]  ? do_syscall_64+0xb6/0x230
[  181.063212][ T6795]  do_syscall_64+0xf3/0x230
[  181.067766][ T6795]  ? clear_bhb_loop+0x35/0x90
[  181.072493][ T6795]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  181.078422][ T6795] RIP: 0033:0x7f745b97def9
[  181.082895][ T6795] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[  181.102612][ T6795] RSP: 002b:00007f745c7fa038 EFLAGS: 00000246 ORIG_RAX: 000000000000002e
[  181.111230][ T6795] RAX: ffffffffffffffda RBX: 00007f745bb35f80 RCX: 00007f745b97def9
[  181.119431][ T6795] RDX: 0000000000000000 RSI: 0000000020000440 RDI: 0000000000000003
[  181.127468][ T6795] RBP: 00007f745c7fa090 R08: 0000000000000000 R09: 0000000000000000
[  181.135494][ T6795] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000002
[  181.143608][ T6795] R13: 0000000000000000 R14: 00007f745bb35f80 R15: 00007f745bc5fa28
[  181.151648][ T6795]  </TASK>
[  181.365211][ T5280] usb 2-1: USB disconnect, device number 21
[  181.744851][ T1046] netdevsim netdevsim1 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  181.859372][ T5280] usb 3-1: new high-speed USB device number 30 using dummy_hcd
[  181.921691][ T1046] netdevsim netdevsim1 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  182.039221][ T5280] usb 3-1: config 36 has an invalid descriptor of length 0, skipping remainder of the config
[  182.053082][ T5280] usb 3-1: config 36 interface 0 altsetting 0 has 0 endpoint descriptors, different from the interface descriptor's value: 1
[  182.078372][ T5280] usb 3-1: New USB device found, idVendor=6993, idProduct=b001, bcdDevice=3d.29
[  182.094721][ T1046] netdevsim netdevsim1 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  182.106976][ T5280] usb 3-1: New USB device strings: Mfr=244, Product=0, SerialNumber=16
[  182.119840][ T5280] usb 3-1: Manufacturer: syz
[  182.124587][ T5280] usb 3-1: SerialNumber: syz
[  182.197478][ T1046] netdevsim netdevsim1 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  182.351491][ T5280] usbhid 3-1:36.0: couldn't find an input interrupt endpoint
[  182.412260][ T5280] usb 3-1: USB disconnect, device number 30
[  182.869829][ T5236] Bluetooth: hci4: unexpected cc 0x0c03 length: 249 > 1
[  182.891653][ T5236] Bluetooth: hci4: unexpected cc 0x1003 length: 249 > 9
[  182.908197][ T5236] Bluetooth: hci4: unexpected cc 0x1001 length: 249 > 9
[  182.919844][ T5236] Bluetooth: hci4: unexpected cc 0x0c23 length: 249 > 4
[  182.939023][ T5236] Bluetooth: hci4: unexpected cc 0x0c25 length: 249 > 3
[  182.947321][ T5236] Bluetooth: hci4: unexpected cc 0x0c38 length: 249 > 2
[  183.871981][ T1046] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface
[  183.940845][ T1046] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface
[  183.969449][ T6851] FAULT_INJECTION: forcing a failure.
[  183.969449][ T6851] name failslab, interval 1, probability 0, space 0, times 0
[  183.992179][ T1046] bond0 (unregistering): Released all slaves
[  184.023852][ T6851] CPU: 0 UID: 0 PID: 6851 Comm: syz.0.389 Not tainted 6.11.0-syzkaller-08833-gde5cb0dcb74c #0
[  184.034258][ T6851] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 08/06/2024
[  184.044342][ T6851] Call Trace:
[  184.047645][ T6851]  <TASK>
[  184.050597][ T6851]  dump_stack_lvl+0x241/0x360
[  184.055359][ T6851]  ? __pfx_dump_stack_lvl+0x10/0x10
[  184.060591][ T6851]  ? __pfx__printk+0x10/0x10
[  184.065291][ T6851]  ? kmem_cache_alloc_noprof+0x44/0x2a0
[  184.070872][ T6851]  ? __pfx___might_resched+0x10/0x10
[  184.076190][ T6851]  should_fail_ex+0x3b0/0x4e0
[  184.080908][ T6851]  ? key_alloc+0x341/0xff0
[  184.085357][ T6851]  should_failslab+0xac/0x100
[  184.090073][ T6851]  ? key_alloc+0x341/0xff0
[  184.094520][ T6851]  kmem_cache_alloc_noprof+0x6c/0x2a0
[  184.099920][ T6851]  ? key_user_lookup+0x1b2/0x450
[  184.104887][ T6851]  key_alloc+0x341/0xff0
[  184.109267][ T6851]  __key_create_or_update+0xa55/0xc70
[  184.114783][ T6851]  ? __pfx___key_create_or_update+0x10/0x10
[  184.120738][ T6851]  key_create_or_update+0x42/0x60
[  184.125795][ T6851]  __se_sys_add_key+0x33f/0x490
[  184.130709][ T6851]  ? __pfx___se_sys_add_key+0x10/0x10
[  184.136115][ T6851]  ? do_syscall_64+0x100/0x230
[  184.140932][ T6851]  ? __x64_sys_add_key+0x20/0xc0
[  184.145905][ T6851]  do_syscall_64+0xf3/0x230
[  184.150436][ T6851]  ? clear_bhb_loop+0x35/0x90
[  184.155175][ T6851]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  184.161116][ T6851] RIP: 0033:0x7f1b0b97def9
[  184.165556][ T6851] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[  184.185192][ T6851] RSP: 002b:00007f1b0c704038 EFLAGS: 00000246 ORIG_RAX: 00000000000000f8
[  184.193735][ T6851] RAX: ffffffffffffffda RBX: 00007f1b0bb35f80 RCX: 00007f1b0b97def9
[  184.201761][ T6851] RDX: 0000000020000080 RSI: 0000000020000040 RDI: 0000000020000000
[  184.209756][ T6851] RBP: 00007f1b0c704090 R08: ffffffffffffffff R09: 0000000000000000
[  184.217746][ T6851] R10: 0000000000000001 R11: 0000000000000246 R12: 0000000000000002
[  184.225734][ T6851] R13: 0000000000000001 R14: 00007f1b0bb35f80 R15: 00007f1b0bc5fa28
[  184.233738][ T6851]  </TASK>
[  184.279182][   T35] Ignoring NSS change in VHT Operating Mode Notification from 08:02:11:00:00:00 with invalid nss 2
[  184.751612][ T6865] kvm: kvm [6857]: vcpu0, guest rIP: 0x18e Unhandled WRMSR(0xc1) = 0x800
[  184.982680][ T5283] usb 3-1: new high-speed USB device number 31 using dummy_hcd
[  185.004370][ T6829] chnl_net:caif_netlink_parms(): no params data found
[  185.048861][ T1179] usb 4-1: new high-speed USB device number 16 using dummy_hcd
[  185.059864][ T5231] Bluetooth: hci4: command tx timeout
[  185.147275][ T1046] hsr_slave_0: left promiscuous mode
[  185.163876][ T5283] usb 3-1: config 17 interface 0 altsetting 0 has an endpoint descriptor with address 0xFF, changing to 0x8F
[  185.179940][ T5283] usb 3-1: config 17 interface 0 altsetting 0 endpoint 0x8F has an invalid bInterval 0, changing to 7
[  185.181381][ T1046] hsr_slave_1: left promiscuous mode
[  185.220174][ T1179] usb 4-1: Using ep0 maxpacket: 8
[  185.226121][ T1046] batman_adv: batadv0: Interface deactivated: batadv_slave_0
[  185.236633][ T1179] usb 4-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7
[  185.244178][ T1046] batman_adv: batadv0: Removing interface: batadv_slave_0
[  185.260290][ T5283] usb 3-1: config 17 interface 0 altsetting 0 endpoint 0x8F has invalid maxpacket 59391, setting to 1024
[  185.278950][ T1179] usb 4-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0
[  185.291622][ T1046] batman_adv: batadv0: Interface deactivated: batadv_slave_1
[  185.299037][ T5283] usb 3-1: New USB device found, idVendor=0458, idProduct=5003, bcdDevice= 0.00
[  185.299099][ T5283] usb 3-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  185.308799][ T1179] usb 4-1: New USB device found, idVendor=17ef, idProduct=60ee, bcdDevice= 0.91
[  185.308861][ T1179] usb 4-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  185.362263][ T1046] batman_adv: batadv0: Removing interface: batadv_slave_1
[  185.364761][ T6861] raw-gadget.0 gadget.2: fail, usb_ep_enable returned -22
[  185.410379][ T1179] usb 4-1: config 0 descriptor??
[  185.449152][ T1046] veth1_macvtap: left promiscuous mode
[  185.465018][ T1046] veth0_macvtap: left promiscuous mode
[  185.473581][ T1046] veth1_vlan: left promiscuous mode
[  185.495570][ T1046] veth0_vlan: left promiscuous mode
[  185.613983][   T29] kauditd_printk_skb: 22 callbacks suppressed
[  185.614004][   T29] audit: type=1326 audit(1727090444.683:604): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=6860 comm="syz.2.392" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f745b97def9 code=0x7ffc0000
[  185.738881][   T29] audit: type=1326 audit(1727090444.683:605): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=6860 comm="syz.2.392" exe="/root/syz-executor" sig=0 arch=c000003e syscall=63 compat=0 ip=0x7f745b97def9 code=0x7ffc0000
[  185.828457][   T29] audit: type=1326 audit(1727090444.683:606): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=6860 comm="syz.2.392" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f745b97def9 code=0x7ffc0000
[  185.874610][ T1179] lenovo 0003:17EF:60EE.0009: unknown main item tag 0x6
[  185.903412][   T29] audit: type=1326 audit(1727090444.683:607): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=6860 comm="syz.2.392" exe="/root/syz-executor" sig=0 arch=c000003e syscall=16 compat=0 ip=0x7f745b97dafb code=0x7ffc0000
[  185.942668][ T1179] lenovo 0003:17EF:60EE.0009: hidraw0: USB HID v0.00 Device [HID 17ef:60ee] on usb-dummy_hcd.3-1/input0
[  185.951043][   T29] audit: type=1326 audit(1727090444.683:608): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=6860 comm="syz.2.392" exe="/root/syz-executor" sig=0 arch=c000003e syscall=16 compat=0 ip=0x7f745b97dafb code=0x7ffc0000
[  186.002289][   T29] audit: type=1326 audit(1727090444.683:609): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=6860 comm="syz.2.392" exe="/root/syz-executor" sig=0 arch=c000003e syscall=230 compat=0 ip=0x7f745b9affe5 code=0x7ffc0000
[  186.045027][   T29] audit: type=1326 audit(1727090444.883:610): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=6860 comm="syz.2.392" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f745b97def9 code=0x7ffc0000
[  186.089468][ T5280] usb 1-1: new high-speed USB device number 27 using dummy_hcd
[  186.139181][   T29] audit: type=1326 audit(1727090444.883:611): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=6860 comm="syz.2.392" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f745b97def9 code=0x7ffc0000
[  186.183153][   T29] audit: type=1326 audit(1727090444.883:612): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=6860 comm="syz.2.392" exe="/root/syz-executor" sig=0 arch=c000003e syscall=16 compat=0 ip=0x7f745b97dafb code=0x7ffc0000
[  186.204580][ T6885] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy
[  186.215930][   T29] audit: type=1326 audit(1727090444.883:613): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=6860 comm="syz.2.392" exe="/root/syz-executor" sig=0 arch=c000003e syscall=16 compat=0 ip=0x7f745b97dafb code=0x7ffc0000
[  186.225481][ T5283] aiptek 3-1:17.0: Aiptek using 400 ms programming speed
[  186.275127][ T5283] input: Aiptek as /devices/platform/dummy_hcd.2/usb3/3-1/3-1:17.0/input/input27
[  186.286350][ T6885] misc raw-gadget: fail, usb_gadget_register_driver returned -16
[  186.291291][ T5280] usb 1-1: config 36 has an invalid descriptor of length 0, skipping remainder of the config
[  186.305724][ T5280] usb 1-1: config 36 interface 0 altsetting 0 has 0 endpoint descriptors, different from the interface descriptor's value: 1
[  186.327273][ T5280] usb 1-1: New USB device found, idVendor=6993, idProduct=b001, bcdDevice=3d.29
[  186.340445][ T5280] usb 1-1: New USB device strings: Mfr=244, Product=0, SerialNumber=16
[  186.350113][ T5280] usb 1-1: Manufacturer: syz
[  186.355269][ T5280] usb 1-1: SerialNumber: syz
[  186.441584][    C1] aiptek 3-1:17.0: aiptek_irq - usb_submit_urb failed with result -19
[  186.451694][ T6885] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy
[  186.487301][ T5283] usb 3-1: USB disconnect, device number 31
[  186.491089][ T6885] misc raw-gadget: fail, usb_gadget_register_driver returned -16
[  186.651599][ T5280] usbhid 1-1:36.0: couldn't find an input interrupt endpoint
[  186.685308][ T5280] usb 1-1: USB disconnect, device number 27
[  186.794998][ T6887] loop2: detected capacity change from 0 to 7
[  186.820064][ T6887] Dev loop2: unable to read RDB block 7
[  186.839679][ T6887]  loop2: unable to read partition table
[  186.845566][ T6887] loop2: partition table beyond EOD, truncated
[  186.877807][ T6887] loop_reread_partitions: partition scan of loop2 (þ被xü—ŸÑà– ) failed (rc=-5)
[  186.982209][ T4680] Dev loop2: unable to read RDB block 7
[  186.996801][ T4680]  loop2: unable to read partition table
[  187.010117][ T4680] loop2: partition table beyond EOD, truncated
[  187.138778][ T5231] Bluetooth: hci4: command tx timeout
[  187.358528][ T1046] team0 (unregistering): Port device team_slave_1 removed
[  187.523496][ T1046] team0 (unregistering): Port device team_slave_0 removed
[  187.987967][ T5280] usb 4-1: USB disconnect, device number 16
[  188.388790][ T6893] netlink: 44 bytes leftover after parsing attributes in process `syz.0.398'.
[  188.739938][ T6911] binder: BINDER_SET_CONTEXT_MGR already set
[  188.766563][ T6911] binder: 6906:6911 ioctl 4018620d 20000040 returned -16
[  188.811108][ T6829] bridge0: port 1(bridge_slave_0) entered blocking state
[  188.826351][ T6829] bridge0: port 1(bridge_slave_0) entered disabled state
[  188.849120][ T6829] bridge_slave_0: entered allmulticast mode
[  188.858353][ T6829] bridge_slave_0: entered promiscuous mode
[  188.869306][ T6829] bridge0: port 2(bridge_slave_1) entered blocking state
[  188.877213][ T6829] bridge0: port 2(bridge_slave_1) entered disabled state
[  188.885476][ T6829] bridge_slave_1: entered allmulticast mode
[  188.894401][ T6829] bridge_slave_1: entered promiscuous mode
[  188.968983][ T5282] usb 3-1: new high-speed USB device number 32 using dummy_hcd
[  189.008899][ T6829] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link
[  189.065238][ T6829] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link
[  189.134376][ T5282] usb 3-1: config 17 interface 0 altsetting 0 has an endpoint descriptor with address 0xFF, changing to 0x8F
[  189.161599][ T5282] usb 3-1: config 17 interface 0 altsetting 0 endpoint 0x8F has an invalid bInterval 0, changing to 7
[  189.231973][ T5282] usb 3-1: config 17 interface 0 altsetting 0 endpoint 0x8F has invalid maxpacket 59391, setting to 1024
[  189.240807][ T5231] Bluetooth: hci4: command tx timeout
[  189.302545][ T6829] team0: Port device team_slave_0 added
[  189.314399][ T5282] usb 3-1: New USB device found, idVendor=0458, idProduct=5003, bcdDevice= 0.00
[  189.384807][ T6829] team0: Port device team_slave_1 added
[  189.418800][ T5282] usb 3-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  189.491126][ T6903] raw-gadget.0 gadget.2: fail, usb_ep_enable returned -22
[  189.539365][ T1046] IPVS: stop unused estimator thread 0...
[  189.593937][ T6829] batman_adv: batadv0: Adding interface: batadv_slave_0
[  189.626101][ T6829] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[  189.837811][ T6829] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active
[  189.918120][ T6829] batman_adv: batadv0: Adding interface: batadv_slave_1
[  189.972534][ T6829] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[  190.130858][ T6829] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active
[  190.350676][ T5282] aiptek 3-1:17.0: Aiptek using 400 ms programming speed
[  190.360627][ T5282] input: Aiptek as /devices/platform/dummy_hcd.2/usb3/3-1/3-1:17.0/input/input28
[  190.384663][ T5240] Bluetooth: hci0: unexpected cc 0x0c03 length: 249 > 1
[  190.396689][ T5240] Bluetooth: hci0: unexpected cc 0x1003 length: 249 > 9
[  190.424727][ T5240] Bluetooth: hci0: unexpected cc 0x1001 length: 249 > 9
[  190.460106][ T5240] Bluetooth: hci0: unexpected cc 0x0c23 length: 249 > 4
[  190.474528][ T5240] Bluetooth: hci0: unexpected cc 0x0c25 length: 249 > 3
[  190.495092][ T5240] Bluetooth: hci0: unexpected cc 0x0c38 length: 249 > 2
[  190.631693][ T6829] hsr_slave_0: entered promiscuous mode
[  190.707055][ T6829] hsr_slave_1: entered promiscuous mode
[  190.735694][ T6829] debugfs: Directory 'hsr0' with parent 'hsr' already present!
[  190.757017][ T6829] Cannot create hsr debugfs directory
[  190.763151][ T6942] netlink: 24 bytes leftover after parsing attributes in process `syz.0.409'.
[  190.844571][ T1046] netdevsim netdevsim4 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  190.982118][ T1046] netdevsim netdevsim4 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  191.170928][ T1046] netdevsim netdevsim4 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  191.299404][ T5236] Bluetooth: hci4: command tx timeout
[  191.453229][ T1046] netdevsim netdevsim4 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  191.542650][ T5236] Bluetooth: hci3: command 0x0406 tx timeout
[  191.797738][ T5283] usb 3-1: USB disconnect, device number 32
[  191.803698][    C1] aiptek 3-1:17.0: aiptek_irq - usb_submit_urb failed with result -19
[  191.898731][ T5280] usb 4-1: new high-speed USB device number 17 using dummy_hcd
[  192.078961][ T5280] usb 4-1: Using ep0 maxpacket: 32
[  192.105967][ T5280] usb 4-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7
[  192.161969][ T5280] usb 4-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0
[  192.247425][ T5280] usb 4-1: New USB device found, idVendor=046d, idProduct=c31c, bcdDevice= 0.40
[  192.300698][ T5280] usb 4-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  192.364602][ T6944] chnl_net:caif_netlink_parms(): no params data found
[  192.430694][ T5280] usb 4-1: config 0 descriptor??
[  192.475435][ T5280] hub 4-1:0.0: USB hub found
[  192.609938][ T5231] Bluetooth: hci0: command tx timeout
[  192.648522][ T5280] hub 4-1:0.0: 1 port detected
[  194.771425][ T1268] ieee802154 phy0 wpan0: encryption failed: -22
[  194.816683][ T1268] ieee802154 phy1 wpan1: encryption failed: -22
[  194.882965][ T5231] Bluetooth: hci0: command tx timeout
[  199.668564][    C0] sched: DL replenish lagged too much
[  203.137639][ T5231] Bluetooth: hci0: command tx timeout
[  206.607778][ T5236] Bluetooth: hci0: command tx timeout
[  207.091558][    T9] hub 4-1:0.0: hub_ext_port_status failed (err = -71)
[  227.340152][    T9] usb 4-1: USB disconnect, device number 17
[  230.040917][ T5280] usb 4-1: Failed to suspend device, error -19
[  311.888522][    C0] rcu: INFO: rcu_preempt detected stalls on CPUs/tasks:
[  311.895566][    C0] rcu: 	Tasks blocked on level-0 rcu_node (CPUs 0-1): P6953/1:b..l
[  311.904018][    C0] rcu: 	(detected by 0, t=10503 jiffies, g=27181, q=665 ncpus=2)
[  311.911878][    C0] task:syz.3.411       state:R  running task     stack:23408 pid:6953  tgid:6953  ppid:6335   flags:0x00004006
[  311.924952][    C0] Call Trace:
[  311.928277][    C0]  <TASK>
[  311.931250][    C0]  __schedule+0x1895/0x4b30
[  311.935828][    C0]  ? validate_chain+0x11e/0x5920
[  311.940827][    C0]  ? __pfx_validate_chain+0x10/0x10
[  311.946130][    C0]  ? __pfx___schedule+0x10/0x10
[  311.951067][    C0]  ? lockdep_hardirqs_on_prepare+0x43d/0x780
[  311.957121][    C0]  ? preempt_schedule+0xe1/0xf0
[  311.962031][    C0]  preempt_schedule_common+0x84/0xd0
[  311.967457][    C0]  preempt_schedule+0xe1/0xf0
[  311.972294][    C0]  ? __pfx_preempt_schedule+0x10/0x10
[  311.977745][    C0]  preempt_schedule_thunk+0x1a/0x30
[  311.983007][    C0]  unwind_next_frame+0x18f8/0x22d0
[  311.988194][    C0]  ? usb_gadget_unregister_driver+0x4e/0x70
[  311.994148][    C0]  ? __pfx_stack_trace_consume_entry+0x10/0x10
[  312.000362][    C0]  arch_stack_walk+0x11c/0x150
[  312.005183][    C0]  ? raw_release+0xf6/0x1e0
[  312.009735][    C0]  stack_trace_save+0x118/0x1d0
[  312.014741][    C0]  ? __pfx_stack_trace_save+0x10/0x10
[  312.020205][    C0]  save_stack+0xfb/0x1f0
[  312.024509][    C0]  ? __pfx_save_stack+0x10/0x10
[  312.029412][    C0]  ? free_unref_page+0xcfb/0xf20
[  312.034429][    C0]  ? __put_partials+0xeb/0x130
[  312.039339][    C0]  ? put_cpu_partial+0x17c/0x250
[  312.044328][    C0]  ? __slab_free+0x2ea/0x3d0
[  312.048979][    C0]  ? qlist_free_all+0x9a/0x140
[  312.053816][    C0]  ? kasan_quarantine_reduce+0x14f/0x170
[  312.059517][    C0]  ? __kasan_slab_alloc+0x23/0x80
[  312.064610][    C0]  ? __kmalloc_noprof+0x1a6/0x400
[  312.069691][    C0]  ? kobject_get_path+0xb8/0x230
[  312.074712][    C0]  ? kobject_uevent_env+0x2a5/0x8e0
[  312.079966][    C0]  ? device_release_driver_internal+0x4a9/0x7c0
[  312.086263][    C0]  ? driver_detach+0x1fb/0x2d0
[  312.091075][    C0]  ? bus_remove_driver+0x1f3/0x320
[  312.096229][    C0]  ? usb_gadget_unregister_driver+0x4e/0x70
[  312.102190][    C0]  ? page_ext_get+0x20/0x2a0
[  312.106834][    C0]  __reset_page_owner+0x76/0x430
[  312.111905][    C0]  ? do_raw_spin_unlock+0x13c/0x8b0
[  312.117350][    C0]  free_unref_page+0xcfb/0xf20
[  312.122176][    C0]  __put_partials+0xeb/0x130
[  312.126830][    C0]  put_cpu_partial+0x17c/0x250
[  312.131632][    C0]  ? put_cpu_partial+0x70/0x250
[  312.136623][    C0]  __slab_free+0x2ea/0x3d0
[  312.141085][    C0]  ? __phys_addr+0xba/0x170
[  312.145645][    C0]  qlist_free_all+0x9a/0x140
[  312.150305][    C0]  kasan_quarantine_reduce+0x14f/0x170
[  312.155828][    C0]  __kasan_slab_alloc+0x23/0x80
[  312.160732][    C0]  ? kobject_get_path+0xb8/0x230
[  312.166074][    C0]  __kmalloc_noprof+0x1a6/0x400
[  312.170984][    C0]  kobject_get_path+0xb8/0x230
[  312.175894][    C0]  kobject_uevent_env+0x2a5/0x8e0
[  312.181069][    C0]  ? __pfx_gadget_unbind_driver+0x10/0x10
[  312.186870][    C0]  device_release_driver_internal+0x4a9/0x7c0
[  312.194579][    C0]  driver_detach+0x1fb/0x2d0
[  312.199230][    C0]  bus_remove_driver+0x1f3/0x320
[  312.204222][    C0]  usb_gadget_unregister_driver+0x4e/0x70
[  312.209995][    C0]  raw_release+0xf6/0x1e0
[  312.214457][    C0]  ? __pfx_raw_release+0x10/0x10
[  312.219441][    C0]  __fput+0x23f/0x880
[  312.223485][    C0]  task_work_run+0x24f/0x310
[  312.228121][    C0]  ? __pfx_task_work_run+0x10/0x10
[  312.233280][    C0]  ? switch_task_namespaces+0xe4/0x110
[  312.238796][    C0]  do_exit+0xa2f/0x28e0
[  312.243004][    C0]  ? __pfx_do_exit+0x10/0x10
[  312.247635][    C0]  ? __pfx_do_raw_spin_lock+0x10/0x10
[  312.253072][    C0]  ? lockdep_hardirqs_on_prepare+0x43d/0x780
[  312.259107][    C0]  ? __pfx_lockdep_hardirqs_on_prepare+0x10/0x10
[  312.265486][    C0]  ? _raw_spin_lock_irq+0xdf/0x120
[  312.270652][    C0]  do_group_exit+0x207/0x2c0
[  312.275294][    C0]  ? _raw_spin_unlock_irq+0x23/0x50
[  312.280538][    C0]  ? lockdep_hardirqs_on+0x99/0x150
[  312.285787][    C0]  get_signal+0x176f/0x1810
[  312.290357][    C0]  ? __pfx_get_signal+0x10/0x10
[  312.295269][    C0]  arch_do_signal_or_restart+0x96/0x860
[  312.300878][    C0]  ? __pfx_handle_mm_fault+0x10/0x10
[  312.306217][    C0]  ? lock_vma_under_rcu+0x602/0x790
[  312.311478][    C0]  ? __pfx_arch_do_signal_or_restart+0x10/0x10
[  312.317704][    C0]  ? irqentry_exit_to_user_mode+0x53/0x280
[  312.323563][    C0]  irqentry_exit_to_user_mode+0x79/0x280
[  312.329339][    C0]  exc_page_fault+0x590/0x8c0
[  312.334073][    C0]  asm_exc_page_fault+0x26/0x30
[  312.338991][    C0] RIP: 0033:0x7f0f7725cb06
[  312.343460][    C0] RSP: 002b:00007f0f7765fa70 EFLAGS: 00010202
[  312.349584][    C0] RAX: 0000001b2f91a000 RBX: 00007f0f78065720 RCX: 0000001b2f919ff8
[  312.357609][    C0] RDX: ffffffff8bbb6edf RSI: 0000000000000008 RDI: 00007f0f78065720
[  312.365636][    C0] RBP: 00000000000000e3 R08: 00007f0f77520000 R09: 00007f0f77522000
[  312.373671][    C0] R10: 000000008bbb6ee3 R11: 00000000000000ff R12: ffffffff8bbb6975
[  312.381862][    C0] R13: 00007f0f77535f40 R14: 0000000000000008 R15: 000000000000013e
[  312.389885][    C0]  ? format_decode+0x455/0x1bb0
[  312.394819][    C0]  ? format_decode+0x9bf/0x1bb0
[  312.399734][    C0]  </TASK>
[  312.402833][    C0] rcu: rcu_preempt kthread starved for 7944 jiffies! g27181 f0x0 RCU_GP_WAIT_FQS(5) ->state=0x0 ->cpu=1
[  312.414071][    C0] rcu: 	Unless rcu_preempt kthread gets sufficient CPU time, OOM is now expected behavior.
[  312.424088][    C0] rcu: RCU grace-period kthread stack dump:
[  312.430106][    C0] task:rcu_preempt     state:R  running task     stack:25744 pid:17    tgid:17    ppid:2      flags:0x00004000
[  312.441958][    C0] Call Trace:
[  312.445362][    C0]  <TASK>
[  312.448330][    C0]  __schedule+0x1895/0x4b30
[  312.452901][    C0]  ? __pfx___schedule+0x10/0x10
[  312.457820][    C0]  ? __pfx_lock_release+0x10/0x10
[  312.462898][    C0]  ? __asan_memset+0x23/0x50
[  312.467542][    C0]  ? __pfx_lockdep_init_map_type+0x10/0x10
[  312.473437][    C0]  ? __pfx_lockdep_hardirqs_on_prepare+0x10/0x10
[  312.479999][    C0]  ? schedule+0x90/0x320
[  312.484287][    C0]  schedule+0x14b/0x320
[  312.488625][    C0]  schedule_timeout+0x1be/0x310
[  312.493563][    C0]  ? __pfx_schedule_timeout+0x10/0x10
[  312.498977][    C0]  ? __pfx_process_timeout+0x10/0x10
[  312.504406][    C0]  ? prepare_to_swait_event+0x330/0x350
[  312.510012][    C0]  rcu_gp_fqs_loop+0x2df/0x1330
[  312.514905][    C0]  ? lockdep_hardirqs_on+0x99/0x150
[  312.520162][    C0]  ? __pfx_rcu_watching_snap_recheck+0x10/0x10
[  312.526359][    C0]  ? __pfx_rcu_gp_fqs_loop+0x10/0x10
[  312.531685][    C0]  ? _raw_spin_unlock_irqrestore+0xdd/0x140
[  312.537631][    C0]  ? finish_swait+0xd4/0x1e0
[  312.542280][    C0]  rcu_gp_kthread+0xa7/0x3b0
[  312.546914][    C0]  ? __pfx_rcu_gp_kthread+0x10/0x10
[  312.552153][    C0]  ? _raw_spin_unlock_irqrestore+0xdd/0x140
[  312.558181][    C0]  ? __kthread_parkme+0x169/0x1d0
[  312.563523][    C0]  ? __pfx_rcu_gp_kthread+0x10/0x10
[  312.568762][    C0]  kthread+0x2f0/0x390
[  312.572885][    C0]  ? __pfx_rcu_gp_kthread+0x10/0x10
[  312.578140][    C0]  ? __pfx_kthread+0x10/0x10
[  312.582772][    C0]  ret_from_fork+0x4b/0x80
[  312.587236][    C0]  ? __pfx_kthread+0x10/0x10
[  312.591864][    C0]  ret_from_fork_asm+0x1a/0x30
[  312.596697][    C0]  </TASK>
[  312.599747][    C0] rcu: Stack dump where RCU GP kthread last ran:
[  312.606204][    C0] Sending NMI from CPU 0 to CPUs 1:
[  312.611468][    C1] NMI backtrace for cpu 1
[  312.611491][    C1] CPU: 1 UID: 0 PID: 5283 Comm: kworker/1:6 Not tainted 6.11.0-syzkaller-08833-gde5cb0dcb74c #0
[  312.611516][    C1] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 08/06/2024
[  312.611535][    C1] Workqueue: events_power_efficient neigh_periodic_work
[  312.611560][    C1] RIP: 0010:__sanitizer_cov_trace_pc+0x0/0x70
[  312.611587][    C1] Code: 89 fb e8 23 00 00 00 48 8b 3d a4 58 9c 0c 48 89 de 5b e9 13 cc 5d 00 0f 1f 00 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 <f3> 0f 1e fa 48 8b 04 24 65 48 8b 0c 25 c0 d7 03 00 65 8b 15 00 1e
[  312.611603][    C1] RSP: 0018:ffffc90000a17888 EFLAGS: 00000002
[  312.611618][    C1] RAX: 0000000000010100 RBX: 0000000000000001 RCX: ffff888032253c00
[  312.611632][    C1] RDX: ffff888032253c00 RSI: 0000000000000001 RDI: 0000000000000000
[  312.611644][    C1] RBP: dffffc0000000000 R08: ffffffff89c7fc6d R09: fffff52000142f00
[  312.611659][    C1] R10: dffffc0000000000 R11: fffff52000142f00 R12: 0000000000000002
[  312.611672][    C1] R13: ffffffff89c7faa0 R14: ffff88807f2bc330 R15: ffff888030842c00
[  312.611686][    C1] FS:  0000000000000000(0000) GS:ffff8880b8700000(0000) knlGS:0000000000000000
[  312.611702][    C1] CS:  0010 DS: 0000 ES: 0000 CR0: 0000000080050033
[  312.611715][    C1] CR2: 000000110c275a05 CR3: 000000000e734000 CR4: 00000000003506f0
[  312.611731][    C1] DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000
[  312.611742][    C1] DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400
[  312.611754][    C1] Call Trace:
[  312.611761][    C1]  <NMI>
[  312.611769][    C1]  ? nmi_cpu_backtrace+0x3c2/0x4d0
[  312.611798][    C1]  ? __pfx_lock_acquire+0x10/0x10
[  312.611826][    C1]  ? __pfx_nmi_cpu_backtrace+0x10/0x10
[  312.611853][    C1]  ? nmi_handle+0x2a/0x5a0
[  312.611878][    C1]  ? nmi_cpu_backtrace_handler+0xc/0x20
[  312.611902][    C1]  ? nmi_handle+0x14f/0x5a0
[  312.611919][    C1]  ? nmi_handle+0x2a/0x5a0
[  312.611937][    C1]  ? __pfx___sanitizer_cov_trace_pc+0x10/0x10
[  312.611959][    C1]  ? default_do_nmi+0x63/0x160
[  312.611977][    C1]  ? exc_nmi+0x123/0x1f0
[  312.611993][    C1]  ? end_repeat_nmi+0xf/0x53
[  312.612017][    C1]  ? __pfx_advance_sched+0x10/0x10
[  312.612044][    C1]  ? advance_sched+0x1cd/0xca0
[  312.612068][    C1]  ? __pfx___sanitizer_cov_trace_pc+0x10/0x10
[  312.612091][    C1]  ? __pfx___sanitizer_cov_trace_pc+0x10/0x10
[  312.612115][    C1]  ? __pfx___sanitizer_cov_trace_pc+0x10/0x10
[  312.612138][    C1]  </NMI>
[  312.612143][    C1]  <IRQ>
[  312.612150][    C1]  advance_sched+0x1da/0xca0
[  312.612175][    C1]  ? _raw_spin_unlock_irqrestore+0xdd/0x140
[  312.612197][    C1]  ? __pfx__raw_spin_unlock_irqrestore+0x10/0x10
[  312.612221][    C1]  ? __pfx_advance_sched+0x10/0x10
[  312.612246][    C1]  __hrtimer_run_queues+0x59b/0xd50
[  312.612264][    C1]  ? ktime_get_update_offsets_now+0x3c/0x250
[  312.612295][    C1]  ? __pfx___hrtimer_run_queues+0x10/0x10
[  312.612318][    C1]  hrtimer_interrupt+0x396/0x990
[  312.612346][    C1]  __sysvec_apic_timer_interrupt+0x110/0x3f0
[  312.612366][    C1]  sysvec_apic_timer_interrupt+0x52/0xc0
[  312.612389][    C1]  asm_sysvec_apic_timer_interrupt+0x1a/0x20
[  312.612419][    C1] RIP: 0010:lock_acquire+0x264/0x550
[  312.612444][    C1] Code: 2b 00 74 08 4c 89 f7 e8 3a 50 8e 00 f6 44 24 61 02 0f 85 85 01 00 00 41 f7 c7 00 02 00 00 74 01 fb 48 c7 44 24 40 0e 36 e0 45 <4b> c7 44 25 00 00 00 00 00 43 c7 44 25 09 00 00 00 00 43 c7 44 25
[  312.612460][    C1] RSP: 0018:ffffc90000a17cc0 EFLAGS: 00000206
[  312.612475][    C1] RAX: 0000000000000001 RBX: 1ffff92000142fa4 RCX: 653003236a4c1a00
[  312.612488][    C1] RDX: dffffc0000000000 RSI: ffffffff8c0adbc0 RDI: ffffffff8c60ddc0
[  312.612502][    C1] RBP: ffffc90000a17e08 R08: ffffffff942597c7 R09: 1ffffffff284b2f8
[  312.612516][    C1] R10: dffffc0000000000 R11: fffffbfff284b2f9 R12: 1ffff92000142fa0
[  312.612530][    C1] R13: dffffc0000000000 R14: ffffc90000a17d20 R15: 0000000000000246
[  312.612555][    C1]  ? __pfx_lock_acquire+0x10/0x10
[  312.612585][    C1]  ? __pfx_ip6t_do_table+0x10/0x10
[  312.612604][    C1]  ? __ip6_local_out+0x4dc/0x800
[  312.612629][    C1]  ? __pfx_lock_release+0x10/0x10
[  312.612657][    C1]  nf_hook+0xbf/0x450
[  312.612678][    C1]  ? nf_hook+0x9e/0x450
[  312.612702][    C1]  ? nf_hook+0x9e/0x450
[  312.612722][    C1]  ? __pfx_nf_hook+0x10/0x10
[  312.612744][    C1]  ? __ip6_local_out+0x4dc/0x800
[  312.612767][    C1]  ? __ip6_local_out+0x7c1/0x800
[  312.612792][    C1]  ? __pfx___ip6_local_out+0x10/0x10
[  312.612818][    C1]  ? __pfx_dst_output+0x10/0x10
[  312.612840][    C1]  ? ip6_route_output_flags+0x30/0x610
[  312.612861][    C1]  ip6_output+0x26f/0x3c0
[  312.612880][    C1]  ? __pfx_ip6_finish_output+0x10/0x10
[  312.612903][    C1]  synproxy_send_tcp_ipv6+0x568/0x7c0
[  312.612927][    C1]  ? __pfx_synproxy_send_tcp_ipv6+0x10/0x10
[  312.612954][    C1]  ? __pfx___alloc_skb+0x10/0x10
[  312.612978][    C1]  ? skb_put+0x114/0x1f0
[  312.613002][    C1]  synproxy_send_client_synack_ipv6+0x7d0/0xc30
[  312.613031][    C1]  ? __pfx_synproxy_send_client_synack_ipv6+0x10/0x10
[  312.613054][    C1]  ? synproxy_pernet+0x45/0x270
[  312.613077][    C1]  nft_synproxy_do_eval+0x739/0xa60
[  312.613101][    C1]  ? __pfx_nft_synproxy_do_eval+0x10/0x10
[  312.613126][    C1]  ? __pfx_validate_chain+0x10/0x10
[  312.613150][    C1]  nft_do_chain+0x4ad/0x1da0
[  312.613175][    C1]  ? nf_nat_inet_fn+0xa30/0xd10
[  312.613201][    C1]  ? __pfx_nft_do_chain+0x10/0x10
[  312.613233][    C1]  ? nf_nat_ipv6_fn+0x2cb/0x3e0
[  312.613261][    C1]  ? __pfx_nf_nat_ipv6_fn+0x10/0x10
[  312.613289][    C1]  nft_do_chain_inet+0x418/0x6b0
[  312.613312][    C1]  ? __pfx_nft_do_chain_inet+0x10/0x10
[  312.613332][    C1]  ? nf_nat_ipv6_local_in+0x1cd/0x620
[  312.613361][    C1]  ? __pfx_nf_nat_ipv6_local_in+0x10/0x10
[  312.613387][    C1]  ? nf_nat_ipv6_fn+0x2cb/0x3e0
[  312.613422][    C1]  ? __pfx_nft_do_chain_inet+0x10/0x10
[  312.613442][    C1]  nf_hook_slow+0xc3/0x220
[  312.613462][    C1]  ? __pfx_ip6_input_finish+0x10/0x10
[  312.613485][    C1]  ? __pfx_ip6_input_finish+0x10/0x10
[  312.613509][    C1]  NF_HOOK+0x29e/0x450
[  312.613533][    C1]  ? NF_HOOK+0x9a/0x450
[  312.613555][    C1]  ? __pfx_NF_HOOK+0x10/0x10
[  312.613579][    C1]  ? __pfx_ip6_input_finish+0x10/0x10
[  312.613604][    C1]  ? ip6_rcv_finish_core+0x1fb/0x410
[  312.613630][    C1]  ? __pfx_ip6_rcv_finish+0x10/0x10
[  312.613653][    C1]  NF_HOOK+0x3a4/0x450
[  312.613675][    C1]  ? skb_orphan+0xae/0xd0
[  312.613700][    C1]  ? NF_HOOK+0x9a/0x450
[  312.613721][    C1]  ? __pfx_NF_HOOK+0x10/0x10
[  312.613745][    C1]  ? __pfx_ip6_rcv_finish+0x10/0x10
[  312.613772][    C1]  ? __pfx_ipv6_rcv+0x10/0x10
[  312.613795][    C1]  __netif_receive_skb+0x1ea/0x650
[  312.613813][    C1]  ? __pfx_lock_acquire+0x10/0x10
[  312.613839][    C1]  ? __pfx___netif_receive_skb+0x10/0x10
[  312.613856][    C1]  ? lockdep_hardirqs_on_prepare+0x43d/0x780
[  312.613882][    C1]  ? __pfx_lock_release+0x10/0x10
[  312.613908][    C1]  ? _raw_spin_lock_irq+0xdf/0x120
[  312.613934][    C1]  process_backlog+0x662/0x15b0
[  312.613955][    C1]  ? process_backlog+0x33b/0x15b0
[  312.613978][    C1]  ? __pfx_process_backlog+0x10/0x10
[  312.613996][    C1]  ? lockdep_hardirqs_on_prepare+0x43d/0x780
[  312.614023][    C1]  ? __pfx_lockdep_hardirqs_on_prepare+0x10/0x10
[  312.614051][    C1]  __napi_poll+0xcb/0x490
[  312.614070][    C1]  net_rx_action+0x89b/0x1240
[  312.614098][    C1]  ? __pfx_net_rx_action+0x10/0x10
[  312.614118][    C1]  ? do_raw_spin_unlock+0x13c/0x8b0
[  312.614148][    C1]  ? __pfx_net_tx_action+0x10/0x10
[  312.614167][    C1]  ? __pfx_lockdep_hardirqs_on_prepare+0x10/0x10
[  312.614198][    C1]  handle_softirqs+0x2c5/0x980
[  312.614224][    C1]  ? do_softirq+0x11b/0x1e0
[  312.614247][    C1]  ? __pfx_handle_softirqs+0x10/0x10
[  312.614275][    C1]  do_softirq+0x11b/0x1e0
[  312.614296][    C1]  </IRQ>
[  312.614302][    C1]  <TASK>
[  312.614308][    C1]  ? __pfx_do_softirq+0x10/0x10
[  312.614331][    C1]  ? __pfx_lockdep_softirqs_on+0x10/0x10
[  312.614359][    C1]  ? rcu_is_watching+0x15/0xb0
[  312.614379][    C1]  __local_bh_enable_ip+0x1bb/0x200
[  312.614408][    C1]  ? neigh_periodic_work+0xb35/0xd50
[  312.614426][    C1]  ? __pfx___local_bh_enable_ip+0x10/0x10
[  312.614449][    C1]  ? neigh_destroy+0x423/0x580
[  312.614479][    C1]  neigh_periodic_work+0xb35/0xd50
[  312.614500][    C1]  ? process_scheduled_works+0x976/0x1850
[  312.614524][    C1]  process_scheduled_works+0xa63/0x1850
[  312.614561][    C1]  ? __pfx_process_scheduled_works+0x10/0x10
[  312.614589][    C1]  ? assign_work+0x364/0x3d0
[  312.614614][    C1]  worker_thread+0x870/0xd30
[  312.614641][    C1]  ? _raw_spin_unlock_irqrestore+0xdd/0x140
[  312.614665][    C1]  ? __kthread_parkme+0x169/0x1d0
[  312.614692][    C1]  ? __pfx_worker_thread+0x10/0x10
[  312.614716][    C1]  kthread+0x2f0/0x390
[  312.614732][    C1]  ? __pfx_worker_thread+0x10/0x10
[  312.614755][    C1]  ? __pfx_kthread+0x10/0x10
[  312.614772][    C1]  ret_from_fork+0x4b/0x80
[  312.614797][    C1]  ? __pfx_kthread+0x10/0x10
[  312.614813][    C1]  ret_from_fork_asm+0x1a/0x30
[  312.614845][    C1]  </TASK>
[  318.297242][   T19] rcu: INFO: rcu_preempt detected expedited stalls on CPUs/tasks: { P6953 } 11123 jiffies s: 9581 root: 0x0/T
[  318.315020][   T19] rcu: blocking rcu_node structures (internal RCU debug):