last executing test programs:

17m21.168164311s ago: executing program 32 (id=513):
socket$inet_mptcp(0x2, 0x1, 0x106)
close_range(0xffffffffffffffff, 0xffffffffffffffff, 0x6)
r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000080), 0x101302, 0x0)
r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0)
openat$vcsu(0xffffffffffffff9c, &(0x7f0000000000), 0x200200, 0x0)
ioctl$KVM_CREATE_DEVICE(r1, 0xc00caee0, &(0x7f0000000100)={0x4, <r2=>0xffffffffffffffff})
ioctl$KVM_SET_DEVICE_ATTR(r2, 0x4018aee1, &(0x7f00000001c0)=@attr_other={0x0, 0x1, 0x2, &(0x7f0000000180)=0x6})

17m19.107352227s ago: executing program 33 (id=524):
setsockopt$IP_VS_SO_SET_ADD(0xffffffffffffffff, 0x0, 0x482, &(0x7f0000000080)={0x84, @private=0xa010100, 0x15, 0x3, 'sh\x00', 0x28, 0x0, 0x78}, 0x2c)
r0 = socket$l2tp(0x2, 0x2, 0x73)
bind$inet(r0, &(0x7f0000000080)={0x2, 0x4e20, @multicast2}, 0x10)
r1 = socket$kcm(0x2, 0x2, 0x73)
bind$inet(r1, &(0x7f00000000c0)={0x2, 0x0, @broadcast}, 0x10)
r2 = socket$kcm(0x2, 0x2, 0x73)
bind$inet(r2, &(0x7f0000000040)={0x2, 0x4e22, @multicast2}, 0x10)

16m10.54067164s ago: executing program 34 (id=1011):
r0 = openat$tun(0xffffffffffffff9c, &(0x7f0000000200), 0x0, 0x0)
ioctl$TUNSETIFF(r0, 0x400454ca, &(0x7f0000000040)={'syzkaller0\x00', 0x7101})
r1 = openat$vnet(0xffffffffffffff9c, &(0x7f0000000180), 0x2, 0x0)
ioctl$int_in(r1, 0x40000000af01, 0x0)
ioctl$VHOST_SET_VRING_ADDR(r1, 0x4028af11, &(0x7f0000000200)={0x1, 0x1, 0x0, &(0x7f0000000740)=""/51, 0x0, 0xeeee0000})
ioctl$VHOST_SET_MEM_TABLE(r1, 0x4008af03, &(0x7f0000000100))
r2 = dup(r0)
ioctl$VHOST_NET_SET_BACKEND(r1, 0x4008af30, &(0x7f0000000000)={0x1, r2})

16m8.283796707s ago: executing program 35 (id=1022):
r0 = openat$fuse(0xffffffffffffff9c, &(0x7f0000000040), 0x2, 0x0)
r1 = syz_mount_image$fuse(&(0x7f0000000080), &(0x7f00000000c0)='./file0\x00', 0x0, &(0x7f0000002280)=ANY=[@ANYBLOB='fd=', @ANYRESHEX=r0, @ANYBLOB=',rootmode=00000000000000000040000,user_id=', @ANYRESDEC=0x0, @ANYBLOB=',group_id=', @ANYRESDEC=0x0], 0x0, 0x0, 0x0)
read$FUSE(r0, &(0x7f0000000100)={0x2020, 0x0, <r2=>0x0}, 0x206f)
write$FUSE_INIT(r0, &(0x7f0000002140)={0x50, 0x0, r2, {0x7, 0x27, 0x0, 0x14a4014, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xfffffffe}}, 0x50)
read$FUSE(r0, &(0x7f000000b040)={0x2020, 0x0, <r3=>0x0}, 0x2020)
write$FUSE_INTERRUPT(r0, &(0x7f0000002240)={0x10, 0xffffffffffffffda, r3}, 0x10)
r4 = socket(0x10, 0x803, 0x0)
open_by_handle_at(r1, &(0x7f0000004d80)=ANY=[@ANYRES64=r4], 0xfeefeefe)

14m15.12028954s ago: executing program 36 (id=1715):
r0 = socket$inet_udp(0x2, 0x2, 0x0)
recvmmsg(r0, &(0x7f0000000080)=[{{0x0, 0x0, 0x0}}], 0x40000000000012d, 0x2, 0x0)
setsockopt$inet_int(r0, 0x0, 0x17, &(0x7f0000000180)=0x6, 0x4)
setsockopt$inet_int(r0, 0x0, 0x14, &(0x7f0000000140)=0x400030, 0x4)
bind$inet(r0, &(0x7f0000000040)={0x2, 0x4e20, @empty}, 0x10)
syz_emit_ethernet(0x2e, &(0x7f0000000500)={@broadcast, @broadcast, @void, {@ipv4={0x800, @udp={{0x5, 0x4, 0x0, 0x0, 0x20, 0x0, 0x0, 0x0, 0x11, 0x0, @empty, @empty}, {0x0, 0x4e20, 0xc, 0x0, @gue={{0x1, 0x0, 0x0, 0x0, 0x0, @void}}}}}}}, 0x0)
sendmsg$nl_route(0xffffffffffffffff, 0x0, 0x0)
socket$inet_tcp(0x2, 0x1, 0x0)

11m39.789206397s ago: executing program 9 (id=2734):
r0 = openat$binderfs(0xffffffffffffff9c, &(0x7f00000000c0)='./binderfs/binder0\x00', 0x0, 0x0)
ioctl$BINDER_SET_CONTEXT_MGR_EXT(r0, 0x4018620d, &(0x7f0000000480)={0x73622a85, 0x0, 0x2})
r1 = openat$binderfs(0xffffffffffffff9c, &(0x7f0000000200)='./binderfs/binder0\x00', 0x0, 0x0)
ioctl$BINDER_WRITE_READ(r1, 0xc0306201, &(0x7f0000000080)={0x8, 0x0, &(0x7f0000000400)=[@increfs], 0x0, 0x0, 0x0})
r2 = dup3(r1, r0, 0x80000)
ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000040)={0x10, 0x0, &(0x7f0000000440)=[@request_death={0x400c6313}], 0xffffffffffffff9a, 0x1000000, 0x0})
ioctl$EVIOCREVOKE(r2, 0x40044591, 0x0)
ioctl$BINDER_WRITE_READ(r1, 0xc0306201, &(0x7f0000000240)={0x0, 0x0, 0x0, 0x4, 0x0, &(0x7f0000000280)="021b9100"})
ioctl$BINDER_WRITE_READ(r2, 0xc0306201, &(0x7f0000000640)={0x8, 0x0, &(0x7f0000000000)=[@decrefs={0x400c6314}], 0x0, 0x0, 0x0})

11m39.490495172s ago: executing program 9 (id=2738):
r0 = socket$nl_xfrm(0x10, 0x3, 0x6)
openat$vimc1(0xffffffffffffff9c, 0x0, 0x2, 0x0)
sendmsg$nl_xfrm(r0, &(0x7f0000000840)={0x0, 0x0, &(0x7f00000001c0)={&(0x7f0000000240)=ANY=[@ANYBLOB="c40000001900674c2cbd70000000000000000000000000000000000000000000ac1eff0100000000000000000000000000000000000000000a00000000000000", @ANYRES32=0x0, @ANYRES32=0x0, @ANYBLOB="0100000000000000000000000000000000000020000000000000000000000000000000000000000000008000000000000000000000000000fcffffffffffffff0000000000000000b0ac00000000000000000000000000000000000000000000000400000000000000000002000000000a00100001"], 0xc4}}, 0x4c050)
r1 = openat$tun(0xffffffffffffff9c, &(0x7f0000000000), 0x40241, 0x0)
ioctl$TUNSETIFF(r1, 0x400454ca, &(0x7f0000000200)={'syzkaller1\x00', 0xc201})
socket$nl_xfrm(0x10, 0x3, 0x6)
r2 = socket$kcm(0x2, 0xa, 0x2)
ioctl$SIOCSIFHWADDR(r2, 0x8914, &(0x7f0000000180)={'syzkaller1\x00', @link_local})
write$tun(r1, &(0x7f0000000040)=ANY=[@ANYBLOB="034886dd010000000000140000006000000003082f00fe88a43de1a400000000000000007d01ff020000000000000000000000000001"], 0xfdef)

11m38.913251853s ago: executing program 9 (id=2742):
r0 = socket$inet_sctp(0x2, 0x1, 0x84)
setsockopt$inet_sctp_SCTP_SOCKOPT_BINDX_ADD(r0, 0x84, 0x64, &(0x7f0000000280)=[@in={0x2, 0x4e21, @loopback}], 0x10)
sendmsg$inet_sctp(r0, &(0x7f0000000700)={&(0x7f0000000380)=@in={0x2, 0x4e21, @loopback}, 0x10, &(0x7f0000000080)=[{&(0x7f0000000000)="fd", 0x1}], 0x1, 0x0, 0x0, 0x804c044}, 0x881)
r1 = dup(r0)
setsockopt$inet_sctp_SCTP_DEFAULT_PRINFO(r1, 0x84, 0x72, &(0x7f0000000100)={0x0, 0x0, 0x20}, 0xc)
write$RDMA_USER_CM_CMD_RESOLVE_ROUTE(r1, &(0x7f0000000180)={0x4, 0xffffff95, 0xfa00, {0xffffffffffffffff, 0x4}}, 0x29fdf)
write$RDMA_USER_CM_CMD_CREATE_ID(r1, &(0x7f0000000140)={0x0, 0x18, 0xfa00, {0x4, 0x0, 0x2}}, 0x20)
write$RDMA_USER_CM_CMD_DISCONNECT(r1, &(0x7f0000000240)={0xa, 0x4}, 0xc)
write$RDMA_USER_CM_CMD_RESOLVE_ROUTE(r1, &(0x7f00000000c0)={0x4, 0x8, 0xfa00, {0xffffffffffffffff, 0x5}}, 0xfffd)

11m37.907900031s ago: executing program 9 (id=2749):
mkdir(&(0x7f00000002c0)='./file0\x00', 0x0)
r0 = openat$fuse(0xffffffffffffff9c, &(0x7f0000002080), 0x2, 0x0)
mount$fuse(0x0, &(0x7f00000020c0)='./file0\x00', &(0x7f0000002100), 0x0, &(0x7f0000000700)={{'fd', 0x3d, r0}, 0x2c, {'rootmode', 0x3d, 0x4000}})
r1 = open_tree(0xffffffffffffff9c, &(0x7f0000000640)='\x00', 0x89901)
move_mount(r1, &(0x7f0000000140)='.\x00', 0xffffffffffffff9c, &(0x7f0000000180)='./file0\x00', 0x0)
r2 = open_tree(0xffffffffffffff9c, &(0x7f0000000640)='\x00', 0x9801)
move_mount(r2, &(0x7f0000000140)='.\x00', 0xffffffffffffff9c, &(0x7f0000000180)='./file0\x00', 0x0)
mount$fuseblk(0x0, &(0x7f0000000000)='./file0\x00', 0x0, 0x24000, 0x0)
open_tree(0xffffffffffffff9c, &(0x7f0000000640)='\x00', 0x89901)

11m37.659182805s ago: executing program 9 (id=2753):
mmap(&(0x7f0000000000/0xfbe000)=nil, 0xfbe000, 0x2, 0x31, 0xffffffffffffffff, 0x0)
socket$inet6_sctp(0xa, 0x5, 0x84)
sendmsg$nl_route(0xffffffffffffffff, &(0x7f0000000440)={0x0, 0x0, &(0x7f0000000580)={&(0x7f0000000040)=ANY=[@ANYBLOB="400000001000030400000000fedbdf2500000400", @ANYRES32=0x0, @ANYBLOB="00030000000000002000128008000100677470001400028005000600010000000800040000000000fd1364541dc185dd531c0df72d9fc5f1644633da441f49b78308c3b32bc086b23e955006d1002c5e1c8875bee30e788ef2edd6848af5689c10a090b4fdca2004c4af0b82858dfff4e729c4"], 0x40}, 0x1, 0x0, 0x0, 0x40084}, 0x0)
seccomp$SECCOMP_SET_MODE_FILTER_LISTENER(0x1, 0x0, &(0x7f0000000040)={0x1, &(0x7f0000000000)=[{0x6, 0x0, 0x0, 0x7fff7ffc}]})
modify_ldt$write(0x1, &(0x7f0000000040)={0x401, 0x1000, 0x4000, 0x1, 0x0, 0x1, 0x1, 0x1, 0x1, 0x1}, 0x10)
r0 = syz_clone(0x11, 0x0, 0x0, 0x0, 0x0, 0x0)
ptrace(0x10, r0)
ptrace$setregs(0xd, r0, 0x20000000002, &(0x7f0000000040))
ptrace$cont(0x21, r0, 0x80000001, 0x4)

11m37.496640453s ago: executing program 9 (id=2757):
r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0)
r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0)
r2 = dup(r1)
syz_kvm_setup_cpu$x86(0xffffffffffffffff, 0xffffffffffffffff, &(0x7f0000000000/0x18000)=nil, &(0x7f0000000100)=[@text32={0x20, &(0x7f00000000c0)="650f340f3566b842000f00d8b805000000b9a00000000f01c13e0f070fde460b0f0130670f01c2f2360f217a0f07", 0x2e}], 0x1, 0x11, 0x0, 0x0)
ioctl$KVM_SET_USER_MEMORY_REGION(r1, 0x4020ae46, &(0x7f0000000840)={0x1fe, 0x2, 0x2000, 0x1000, &(0x7f0000003000/0x1000)=nil})
r3 = ioctl$KVM_CREATE_VCPU(r2, 0xae41, 0x0)
syz_kvm_setup_cpu$x86(r2, r0, &(0x7f0000000000/0x18000)=nil, &(0x7f0000000100)=[@textreal={0x8, 0x0}], 0x1, 0x42, 0x0, 0x0)
syz_kvm_setup_cpu$x86(0xffffffffffffffff, r3, &(0x7f0000000000/0x18000)=nil, &(0x7f0000000040)=[@text64={0x40, 0x0}], 0x1, 0x11, 0x0, 0x0)
ioctl$KVM_RUN(r3, 0xae80, 0x0)

11m37.074318354s ago: executing program 37 (id=2757):
r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0)
r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0)
r2 = dup(r1)
syz_kvm_setup_cpu$x86(0xffffffffffffffff, 0xffffffffffffffff, &(0x7f0000000000/0x18000)=nil, &(0x7f0000000100)=[@text32={0x20, &(0x7f00000000c0)="650f340f3566b842000f00d8b805000000b9a00000000f01c13e0f070fde460b0f0130670f01c2f2360f217a0f07", 0x2e}], 0x1, 0x11, 0x0, 0x0)
ioctl$KVM_SET_USER_MEMORY_REGION(r1, 0x4020ae46, &(0x7f0000000840)={0x1fe, 0x2, 0x2000, 0x1000, &(0x7f0000003000/0x1000)=nil})
r3 = ioctl$KVM_CREATE_VCPU(r2, 0xae41, 0x0)
syz_kvm_setup_cpu$x86(r2, r0, &(0x7f0000000000/0x18000)=nil, &(0x7f0000000100)=[@textreal={0x8, 0x0}], 0x1, 0x42, 0x0, 0x0)
syz_kvm_setup_cpu$x86(0xffffffffffffffff, r3, &(0x7f0000000000/0x18000)=nil, &(0x7f0000000040)=[@text64={0x40, 0x0}], 0x1, 0x11, 0x0, 0x0)
ioctl$KVM_RUN(r3, 0xae80, 0x0)

8m15.04288473s ago: executing program 2 (id=3929):
r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000240), 0x0, 0x0)
r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0)
ioctl$KVM_CREATE_IRQCHIP(r1, 0xae60)
ioctl$KVM_GET_IRQCHIP(r1, 0xc208ae62, &(0x7f00000003c0)={0x2, 0x0, @pic={0x0, 0x7e, 0x7, 0x0, 0xd, 0x9, 0x9, 0x1, 0xb, 0xf8, 0x2, 0x6, 0x2, 0x6, 0x4, 0xf}})
r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0)
ioctl$KVM_SET_USER_MEMORY_REGION(r1, 0x4020ae46, &(0x7f0000000180)={0x0, 0x0, 0x0, 0x2000, &(0x7f0000000000/0x2000)=nil})
seccomp$SECCOMP_SET_MODE_FILTER_LISTENER(0x1, 0xc, &(0x7f0000000380)={0x1, &(0x7f0000000340)=[{0xff7f, 0x4, 0x83, 0x8}]})
ioctl$KVM_SET_IRQCHIP(r1, 0x8208ae63, &(0x7f0000000880)={0x0, 0x0, @pic={0x2a, 0xc0, 0x7, 0x6, 0xfb, 0x0, 0xf, 0x4, 0x3, 0x0, 0x3, 0x58, 0x9e, 0x6, 0x6, 0x7f}})
ioctl$KVM_SET_REGS(r2, 0x4090ae82, &(0x7f0000000000)={[0x8000000000000035, 0xfff, 0x10000000215b9037, 0x40180, 0x1, 0x11, 0x8000000000f2, 0x0, 0x3, 0x5, 0x5, 0xc6bd, 0x566, 0x45, 0x5, 0x7], 0x6006, 0x1c0293})
ioctl$KVM_RUN(r2, 0xae80, 0x0)

8m14.853142066s ago: executing program 2 (id=3931):
socket$inet6_udp(0xa, 0x2, 0x0)
r0 = socket$nl_route(0x10, 0x3, 0x0)
sendmsg$nl_route(r0, &(0x7f0000000040)={0x0, 0x0, &(0x7f0000000080)={&(0x7f00000000c0)=ANY=[@ANYBLOB="240000006800010009000000000000000a00000000000000080001000200000004000b"], 0x24}}, 0x0)
r1 = socket$nl_route(0x10, 0x3, 0x0)
sendmsg$nl_route(r1, &(0x7f0000000480)={0x0, 0x0, &(0x7f0000000440)={&(0x7f0000000400)=@ipv6_newnexthop={0x1c, 0x68, 0x5fb9a818fb7378e9, 0x0, 0x0, {}, [@NHA_FDB={0x4}]}, 0x1c}}, 0x4000040)
sendmsg$nl_route_sched(0xffffffffffffffff, 0x0, 0x2000400c)
socket$nl_generic(0x10, 0x3, 0x10)
sendmsg$NL80211_CMD_CANCEL_REMAIN_ON_CHANNEL(0xffffffffffffffff, &(0x7f00000003c0)={&(0x7f00000002c0)={0x10, 0x0, 0x0, 0x4}, 0xc, &(0x7f0000000380)={&(0x7f0000000340)={0x40, 0x0, 0x4, 0x70bd2d, 0x25dfdbfb, {{}, {@val={0x8}, @val={0xc, 0x99, {0x1, 0x71}}}}, [@NL80211_ATTR_COOKIE={0xc, 0x58, 0x37}, @NL80211_ATTR_COOKIE={0xc, 0x58, 0x12}]}, 0x40}, 0x1, 0x0, 0x0, 0x40001}, 0x808)
capset(0x0, 0x0)
socket$inet_udp(0x2, 0x2, 0x0)

8m14.833856196s ago: executing program 2 (id=3933):
name_to_handle_at(0xffffffffffffff9c, &(0x7f0000000080)='.\x00', &(0x7f00000000c0)=@FILEID_UDF_WITH_PARENT={0x14, 0x52, {{0x3, 0x6, 0x7, 0xa}, 0x10001, 0xc}}, 0x0, 0x0)
sendmmsg$inet(0xffffffffffffffff, &(0x7f0000000cc0)=[{{0x0, 0x0, &(0x7f0000000200)=[{&(0x7f00000011c0)}], 0x1}}], 0x1, 0xc0)
r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000000), 0x800, 0x0)
openat$iommufd(0xffffffffffffff9c, &(0x7f00000000c0), 0x200800, 0x0)
r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0)
ioctl$KVM_SET_USER_MEMORY_REGION(r1, 0x4020ae46, &(0x7f0000000400)={0x0, 0x0, 0x0, 0x20002000, &(0x7f0000000000/0x2000)=nil})
r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0)
syz_kvm_setup_cpu$x86(0xffffffffffffffff, r2, &(0x7f0000000000/0x18000)=nil, &(0x7f0000000140)=[@text64={0x40, &(0x7f0000000180)="420fc7bc4898580000640f01c50f01c566baf80cb864c95782ef66bafc0cec67670f1b0166b8fb008ec046d9c3c442b90a2c81c442812852fcc744240012000000c74424020b000000ff1c24", 0x4c}], 0x1, 0x0, 0x0, 0x0)
ioctl$KVM_SET_REGS(r2, 0x4090ae82, &(0x7f0000000240)={[0x5830, 0x4, 0x7, 0x4000000000000e51, 0xfffffffffffffffe, 0x800000005479, 0x1034, 0x200000000006, 0xfffffffffffffffc, 0x3, 0xffffffdffffffffb, 0xfffdffff, 0xbf4, 0xfff, 0x8000000000005, 0x800000068], 0x8237000, 0x80cd4})
ioctl$KVM_RUN(r2, 0xae80, 0x0)

8m14.601761624s ago: executing program 2 (id=3935):
r0 = openat$fuse(0xffffffffffffff9c, &(0x7f00000000c0), 0x2, 0x0)
syz_mount_image$fuse(&(0x7f0000000040), &(0x7f0000000000)='./file0\x00', 0x0, &(0x7f00000002c0)=ANY=[@ANYBLOB='fd=', @ANYRESHEX=r0, @ANYBLOB=',rootmode=00000000000000000040000,user_id=', @ANYRESDEC=0x0, @ANYBLOB=',group_id=', @ANYRESDEC=0x0], 0x0, 0x0, 0x0)
mount$fuse(0x0, &(0x7f0000000280)='./file0\x00', 0x0, 0x100000, 0x0)
r1 = open_tree(0xffffffffffffff9c, &(0x7f0000000080)='./file0\x00', 0x89901)
r2 = open_tree(0xffffffffffffff9c, &(0x7f0000000640)='\x00', 0x89901)
move_mount(r2, &(0x7f0000000140)='.\x00', 0xffffffffffffff9c, &(0x7f0000000180)='./file0\x00', 0x0)
r3 = open_tree(r2, &(0x7f0000000040)='./file0\x00', 0x81001)
move_mount(r3, &(0x7f0000000140)='.\x00', 0xffffffffffffff9c, &(0x7f0000000180)='./file0\x00', 0x0)
move_mount(r1, &(0x7f0000000140)='.\x00', 0xffffffffffffff9c, &(0x7f0000000180)='./file0\x00', 0x0)
umount2(&(0x7f0000002240)='./file0\x00', 0x2)

8m13.554612084s ago: executing program 2 (id=3939):
r0 = openat$binderfs(0xffffffffffffff9c, &(0x7f0000000380)='./binderfs/binder0\x00', 0x0, 0x0)
ioctl$BINDER_SET_CONTEXT_MGR_EXT(r0, 0x4018620d, &(0x7f00000000c0)={0x73622a85, 0x110b, 0x8000000000002})
r1 = openat$binderfs(0xffffffffffffff9c, &(0x7f0000000200)='./binderfs/binder0\x00', 0x0, 0x0)
ioctl$BINDER_WRITE_READ(r1, 0xc0306201, &(0x7f0000000080)={0x8, 0x0, &(0x7f0000000180)=[@increfs], 0x0, 0x0, 0x0})
r2 = dup3(r1, r0, 0x0)
r3 = openat$binderfs(0xffffffffffffff9c, &(0x7f0000000000)='./binderfs/binder0\x00', 0x802, 0x0)
mmap$binder(&(0x7f0000ffd000/0x3000)=nil, 0x3000, 0x1, 0x11, r3, 0x10000000000)
ioctl$BINDER_SET_CONTEXT_MGR_EXT(r3, 0x4018620d, &(0x7f0000000040)={0x73622a85, 0x10a})
ioctl$BINDER_WRITE_READ(r2, 0xc0306201, &(0x7f00000003c0)={0x8, 0x0, &(0x7f0000000340)=[@acquire], 0x0, 0x0, 0x0})
ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f00000001c0)={0x4c, 0x0, &(0x7f0000000100)=[@transaction_sg={0x40486311, {0x1, 0x0, 0x0, 0x0, 0x20, 0x0, 0x0, 0x68, 0x18, &(0x7f0000000800)={@ptr={0x70742a85, 0x0, 0x0, 0x0, 0x2, 0x2c}, @ptr={0x70742a85, 0x0, &(0x7f0000000400)=""/216, 0xd8, 0x1, 0xffffffffffffffff}, @fd={0x66642a85, 0x0, r3}}, &(0x7f0000000240)={0x0, 0x28, 0x50}}, 0x1000}], 0x0, 0x0, 0x0})

8m12.265680446s ago: executing program 2 (id=3948):
r0 = openat$tun(0xffffffffffffff9c, &(0x7f0000000100), 0x0, 0x0)
ioctl$TUNSETIFF(r0, 0x400454ca, &(0x7f0000000040)={'syzkaller0\x00', 0x2})
r1 = socket(0x400000000010, 0x3, 0x0)
r2 = socket$unix(0x1, 0x1, 0x0)
ioctl$sock_SIOCGIFINDEX(r2, 0x8933, &(0x7f0000000100)={'syzkaller0\x00', <r3=>0x0})
sendmsg$nl_route_sched(r1, &(0x7f00000012c0)={0x0, 0x0, &(0x7f0000000080)={&(0x7f0000000280)=@newqdisc={0x44, 0x24, 0x4ee4e6a52ff56541, 0x70bd2a, 0x25dfdbfd, {0x0, 0x0, 0x0, r3, {0x0, 0xfff1}, {0xffff, 0xffff}}, [@qdisc_kind_options=@q_hfsc={{0x9}, {0x14, 0x2, @TCA_HFSC_RSC={0x10, 0x1, {0x6, 0x5, 0xba34}}}}]}, 0x44}}, 0x0)
r4 = socket$netlink(0x10, 0x3, 0x0)
r5 = socket$unix(0x1, 0x1, 0x0)
ioctl$sock_SIOCGIFINDEX(r5, 0x8933, &(0x7f0000000100)={'syzkaller0\x00', <r6=>0x0})
sendmsg$nl_route_sched(r4, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000200)={&(0x7f0000000140)=@newqdisc={0x80, 0x28, 0x4ee4e6a52ff56541, 0x4001, 0xfffffdfc, {0x0, 0x0, 0x0, r6, {}, {0xffff, 0xffff}, {0x2, 0x1}}, [@qdisc_kind_options=@q_sfq={{0x8}, {0x4c, 0x2, {{0x8001, 0x3151, 0x401, 0x6, 0xaa3c}, 0x3, 0x1, 0x6, 0x3, 0x7, 0x13, 0x11, 0xc, 0x6, 0x7f, {0x6, 0x407c, 0x1, 0x4, 0x2b72, 0x2}}}}, @TCA_RATE={0x6, 0x5, {0x0, 0x5}}]}, 0x80}, 0x1, 0x0, 0x0, 0x400dc}, 0x20000000)

8m11.304388696s ago: executing program 38 (id=3948):
r0 = openat$tun(0xffffffffffffff9c, &(0x7f0000000100), 0x0, 0x0)
ioctl$TUNSETIFF(r0, 0x400454ca, &(0x7f0000000040)={'syzkaller0\x00', 0x2})
r1 = socket(0x400000000010, 0x3, 0x0)
r2 = socket$unix(0x1, 0x1, 0x0)
ioctl$sock_SIOCGIFINDEX(r2, 0x8933, &(0x7f0000000100)={'syzkaller0\x00', <r3=>0x0})
sendmsg$nl_route_sched(r1, &(0x7f00000012c0)={0x0, 0x0, &(0x7f0000000080)={&(0x7f0000000280)=@newqdisc={0x44, 0x24, 0x4ee4e6a52ff56541, 0x70bd2a, 0x25dfdbfd, {0x0, 0x0, 0x0, r3, {0x0, 0xfff1}, {0xffff, 0xffff}}, [@qdisc_kind_options=@q_hfsc={{0x9}, {0x14, 0x2, @TCA_HFSC_RSC={0x10, 0x1, {0x6, 0x5, 0xba34}}}}]}, 0x44}}, 0x0)
r4 = socket$netlink(0x10, 0x3, 0x0)
r5 = socket$unix(0x1, 0x1, 0x0)
ioctl$sock_SIOCGIFINDEX(r5, 0x8933, &(0x7f0000000100)={'syzkaller0\x00', <r6=>0x0})
sendmsg$nl_route_sched(r4, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000200)={&(0x7f0000000140)=@newqdisc={0x80, 0x28, 0x4ee4e6a52ff56541, 0x4001, 0xfffffdfc, {0x0, 0x0, 0x0, r6, {}, {0xffff, 0xffff}, {0x2, 0x1}}, [@qdisc_kind_options=@q_sfq={{0x8}, {0x4c, 0x2, {{0x8001, 0x3151, 0x401, 0x6, 0xaa3c}, 0x3, 0x1, 0x6, 0x3, 0x7, 0x13, 0x11, 0xc, 0x6, 0x7f, {0x6, 0x407c, 0x1, 0x4, 0x2b72, 0x2}}}}, @TCA_RATE={0x6, 0x5, {0x0, 0x5}}]}, 0x80}, 0x1, 0x0, 0x0, 0x400dc}, 0x20000000)

6m20.838178347s ago: executing program 8 (id=4441):
r0 = socket$packet(0x11, 0x2, 0x300)
setsockopt$packet_int(r0, 0x107, 0xa, &(0x7f0000000080)=0x2, 0x4)
setsockopt$packet_rx_ring(r0, 0x107, 0x5, &(0x7f0000000140)=@req3={0x1000, 0x3a, 0x1000, 0x3a, 0x3ff, 0x2, 0x5}, 0x1c)
sendmsg$TIPC_CMD_ENABLE_BEARER(0xffffffffffffffff, 0x0, 0x0)
ioctl$SIOCSIFHWADDR(0xffffffffffffffff, 0x8914, 0x0)
openat$proc_mixer(0xffffffffffffff9c, 0x0, 0x0, 0x0)
r1 = openat$tun(0xffffffffffffff9c, &(0x7f0000000000), 0x42901, 0x0)
ioctl$TUNSETIFF(r1, 0x400454ca, &(0x7f0000000200)={'syzkaller1\x00', 0xc201})
r2 = socket$kcm(0x2, 0xa, 0x2)
ioctl$SIOCSIFHWADDR(r2, 0x8914, &(0x7f0000000180)={'syzkaller1\x00', @broadcast})
write$tun(r1, &(0x7f0000000240)=ANY=[@ANYBLOB="034886dd0900300003003000000060ce902d9f0c2f0081e949b93897bc3b0000000000007d01ff02000000000000000000000000000112006558"], 0xfdef)

6m20.471315694s ago: executing program 8 (id=4444):
r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000180), 0x2, 0x0)
r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0)
ioctl$KVM_CREATE_IRQCHIP(r1, 0xae60)
r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x2)
r3 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0)
bpf$PROG_LOAD(0x5, &(0x7f0000000080)={0x6, 0x5, &(0x7f0000000000)=ANY=[@ANYBLOB="18"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x20, '\x00', 0x0, @xdp, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x2}, 0x94)
syz_kvm_setup_cpu$x86(0xffffffffffffffff, r3, &(0x7f0000fe8000/0x18000)=nil, &(0x7f0000000380)=[@text64={0x40, 0x0}], 0x1, 0x0, 0x0, 0x0)
ioctl$KVM_SET_SREGS(r3, 0x4138ae84, &(0x7f00000003c0)={{0xeeee8000, 0x4, 0xe, 0xf1, 0x5, 0xfd, 0xd4, 0xa, 0x0, 0xd7, 0x7, 0x4f}, {0x5000, 0x2, 0xd, 0x9, 0x8, 0x3, 0x6, 0xb, 0x5, 0xf, 0x3, 0xc0}, {0x8080000, 0xdddd1000, 0xb, 0x0, 0x2, 0x0, 0x6, 0x1, 0xe, 0x0, 0xc4, 0x5}, {0x8000000, 0x2000, 0xb, 0xf8, 0x3, 0x46, 0x2, 0xd, 0x6, 0x3, 0xa, 0x1}, {0x1000, 0x4000, 0x9, 0x1, 0x3, 0x9, 0xd, 0x6, 0x5, 0x4, 0x2e, 0x4b}, {0x100000, 0x8000000, 0xb, 0x0, 0x3, 0x1, 0x3, 0xff, 0x4, 0x90, 0x2, 0xfc}, {0x2, 0x4000, 0xf, 0xff, 0x3, 0x5, 0x0, 0xb, 0x5, 0x7, 0x9, 0xf8}, {0x4, 0x8000000, 0xf, 0x5, 0x18, 0x3, 0xa, 0x9, 0x54, 0x1, 0xff, 0x7}, {0xb000, 0x9}, {0x1000, 0x8}, 0x40010000, 0x0, 0x100000, 0x0, 0x5, 0x2000, 0xe6e70c00, [0x3, 0x401, 0x5, 0xc5]})
ioctl$KVM_SET_VCPU_EVENTS(r2, 0x4400ae8f, &(0x7f0000000140)=@arm64={0xd8, 0xc0, 0x7, '\x00', 0x433})
mprotect(&(0x7f0000000000/0x800000)=nil, 0x800000, 0x1)
ioctl$KVM_SIGNAL_MSI(r1, 0x4020aea5, &(0x7f0000000000)={0x8000000, 0xffff1000, 0x1, 0x1, 0x999})

6m19.603911617s ago: executing program 8 (id=4449):
r0 = syz_io_uring_setup(0x237, &(0x7f0000000480)={0x0, 0x8901, 0x400, 0x1, 0x22f}, &(0x7f0000000040)=<r1=>0x0, &(0x7f0000000600)=<r2=>0x0)
syz_memcpy_off$IO_URING_METADATA_GENERIC(r1, 0x4, &(0x7f0000000180)=0xfffffffc, 0x0, 0x4)
sendmsg$rds(0xffffffffffffffff, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000440), 0x0, 0x0, 0x0, 0x20000800}, 0x4000008)
setsockopt$inet_sctp6_SCTP_PEER_ADDR_PARAMS(0xffffffffffffffff, 0x84, 0x9, &(0x7f00000001c0)={0x0, @in={{0x2, 0x0, @empty}}, 0x5, 0x12, 0x0, 0x3}, 0x9c)
r3 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000380)='cpuacct.usage_percpu\x00', 0x275a, 0x0)
write$UHID_CREATE2(r3, &(0x7f00000001c0)=ANY=[@ANYBLOB='3'], 0x118)
mmap(&(0x7f0000000000/0x3000)=nil, 0x3000, 0x5, 0x12, r3, 0x0)
syz_io_uring_submit(r1, r2, &(0x7f0000000000)=@IORING_OP_READV=@use_registered_buffer={0x1, 0x24, 0x2007, @fd, 0x800, 0x0, 0x0, 0x18, 0x0, {0x2}})
io_uring_enter(r0, 0x47ba, 0x0, 0x0, 0x0, 0x0)
io_uring_register$IORING_REGISTER_SYNC_CANCEL(r0, 0x18, &(0x7f0000000280)={0x0, 0xffffffffffffffff, 0x1, {0x7, 0xa44}, 0x80}, 0x1)
io_uring_enter(r0, 0x6c28, 0xaa86, 0x4, 0x0, 0x0)

6m19.290600834s ago: executing program 8 (id=4451):
mknod$loop(&(0x7f0000000140)='./file0\x00', 0xfff, 0x1)
r0 = openat$fuse(0xffffffffffffff9c, &(0x7f00000001c0), 0x42, 0x0)
mount$fuse(0x0, &(0x7f00000020c0)='./file0\x00', &(0x7f0000002100), 0x0, &(0x7f0000002140)=ANY=[@ANYBLOB='fd=', @ANYRESHEX=r0, @ANYBLOB=',rootmode=000000000100000,user_id=', @ANYRESDEC=0x0, @ANYBLOB=',group_id=', @ANYRESDEC=0x0])
read$FUSE(r0, &(0x7f0000006300)={0x2020, 0x0, <r1=>0x0}, 0x2020)
write$FUSE_INIT(r0, &(0x7f0000000040)={0x50, 0x0, r1, {0x7, 0x1f, 0x20000000, 0x4041}}, 0x50)
syz_fuse_handle_req(r0, &(0x7f00000021c0)="0000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000300000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000e00000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000800000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000dc4e00000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000400000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000ba045abcd5dfc67d00000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000081000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000230000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000050000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000a0000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000090000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000dc000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000008000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000209bfd66eea210560000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000020000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000003dc150f4000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000400000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000030000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000f50000000000000000000000000000000000000000000000000000000000000000000000000000000000c6d90000000000001354c4b6000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000f8000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000001a00", 0x2000, &(0x7f00000000c0)={0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, &(0x7f0000000300)={0x20}, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0})
r2 = openat(0xffffffffffffff9c, &(0x7f000000c380)='./file0\x00', 0x80101, 0x0)
r3 = syz_open_dev$loop(&(0x7f0000000000), 0x4, 0x2080)
ioctl$LOOP_SET_FD(r3, 0x4c00, r2)
ioctl$LOOP_SET_FD(r3, 0x4c05, r3)
dup2(r2, r0)

6m18.566081604s ago: executing program 8 (id=4453):
r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000040), 0x20040, 0x0)
r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0)
ioctl$KVM_SET_USER_MEMORY_REGION(r1, 0x4020ae46, &(0x7f0000000400)={0x0, 0x0, 0x0, 0x20002000, &(0x7f0000000000/0x2000)=nil})
r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0)
syz_kvm_setup_cpu$x86(0xffffffffffffffff, r2, &(0x7f0000000000/0x18000)=nil, &(0x7f0000000140)=[@text64={0x40, &(0x7f0000000640)="430fc73f0f2390b9800000c00f3235010000000f300f20d835080000000f22d8c4e18173f53866baf80cb83879e487ef66bafc0cec66b88e008ec02d1aa80000460f1c460041ae", 0x47}], 0x1, 0x74, 0x0, 0x0)
getsockopt$sock_buf(0xffffffffffffffff, 0x1, 0x0, 0x0, &(0x7f0000000240))
bpf$BPF_BTF_LOAD(0x12, &(0x7f00000005c0)={0x0, 0x0, 0x0, 0x0, 0x1, 0x2}, 0x28)
ioctl$KVM_RUN(r2, 0xae80, 0x0)
io_uring_enter(0xffffffffffffffff, 0x4177, 0xcea1, 0x21, &(0x7f00000000c0)={[0x101]}, 0x8)
syz_kvm_add_vcpu$x86(0x0, &(0x7f0000000080)={0x0, 0x0})
setrlimit(0xf, &(0x7f0000000000)={0x1, 0x5})

6m18.419393048s ago: executing program 8 (id=4454):
r0 = socket$netlink(0x10, 0x3, 0x10)
bind$netlink(r0, &(0x7f0000514ff4)={0x10, 0x0, 0x0, 0x2ffffffff}, 0xc)
unshare(0x66000080)
r1 = socket$netlink(0x10, 0x3, 0x0)
syz_usb_connect(0x0, 0x24, &(0x7f00000000c0)=ANY=[@ANYBLOB="120100009dea7840b418fbff7bdc010203010902"], 0x0)
ioctl$sock_SIOCGIFINDEX(r1, 0x8933, &(0x7f00000001c0)={'netdevsim0\x00', <r2=>0x0})
r3 = gettid()
quotactl$Q_GETFMT(0xffffffff80000400, 0x0, 0x0, 0x0)
setsockopt$netlink_NETLINK_LISTEN_ALL_NSID(r0, 0x10e, 0x8, &(0x7f0000000280)=0x8, 0x4)
sendmsg$nl_route(r1, &(0x7f0000000340)={0x0, 0x0, &(0x7f0000000080)={&(0x7f0000000440)=ANY=[@ANYBLOB="2800000010000100"/20, @ANYRES32=r2, @ANYBLOB="6d3082610000000008001300", @ANYRES32=r3], 0x28}}, 0x0)
recvmmsg(r0, &(0x7f0000000500)=[{{0x0, 0x0, 0x0}, 0x2}, {{0x0, 0x0, 0x0}, 0x1}, {{0x0, 0x0, 0x0}, 0x38}], 0x3, 0x40000120, 0x0)

6m18.134327047s ago: executing program 39 (id=4454):
r0 = socket$netlink(0x10, 0x3, 0x10)
bind$netlink(r0, &(0x7f0000514ff4)={0x10, 0x0, 0x0, 0x2ffffffff}, 0xc)
unshare(0x66000080)
r1 = socket$netlink(0x10, 0x3, 0x0)
syz_usb_connect(0x0, 0x24, &(0x7f00000000c0)=ANY=[@ANYBLOB="120100009dea7840b418fbff7bdc010203010902"], 0x0)
ioctl$sock_SIOCGIFINDEX(r1, 0x8933, &(0x7f00000001c0)={'netdevsim0\x00', <r2=>0x0})
r3 = gettid()
quotactl$Q_GETFMT(0xffffffff80000400, 0x0, 0x0, 0x0)
setsockopt$netlink_NETLINK_LISTEN_ALL_NSID(r0, 0x10e, 0x8, &(0x7f0000000280)=0x8, 0x4)
sendmsg$nl_route(r1, &(0x7f0000000340)={0x0, 0x0, &(0x7f0000000080)={&(0x7f0000000440)=ANY=[@ANYBLOB="2800000010000100"/20, @ANYRES32=r2, @ANYBLOB="6d3082610000000008001300", @ANYRES32=r3], 0x28}}, 0x0)
recvmmsg(r0, &(0x7f0000000500)=[{{0x0, 0x0, 0x0}, 0x2}, {{0x0, 0x0, 0x0}, 0x1}, {{0x0, 0x0, 0x0}, 0x38}], 0x3, 0x40000120, 0x0)

3m30.362826926s ago: executing program 7 (id=5036):
iopl(0x3)
landlock_create_ruleset(&(0x7f00000001c0)={0x0, 0xd}, 0x18, 0x4)
sched_setscheduler(0x0, 0x1, 0x0)
r0 = getpid()
sched_setscheduler(r0, 0x2, &(0x7f0000000200)=0x7)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbee2, 0x8031, 0xffffffffffffffff, 0x3000)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={<r1=>0xffffffffffffffff, <r2=>0xffffffffffffffff})
connect$unix(r1, 0x0, 0x0)
sendmmsg$unix(r2, &(0x7f0000000000), 0x651, 0x0)
sched_setscheduler(0x0, 0x1, &(0x7f0000000000)=0x6)
r3 = syz_open_dev$usbfs(&(0x7f0000000100), 0x77, 0x101301)
ioctl$USBDEVFS_CONTROL(r3, 0xc0105500, &(0x7f0000000200)={0x2, 0x3, 0x0, 0x1000, 0x0, 0xfffffffe, 0x0})

3m27.594310436s ago: executing program 7 (id=5042):
r0 = openat$binderfs(0xffffffffffffff9c, &(0x7f00000000c0)='./binderfs/binder0\x00', 0x0, 0x0)
ioctl$BINDER_SET_CONTEXT_MGR_EXT(r0, 0x4018620d, &(0x7f0000000100))
r1 = openat$binderfs(0xffffffffffffff9c, &(0x7f0000000180)='./binderfs/binder0\x00', 0x0, 0x0)
ioctl$BINDER_WRITE_READ(r1, 0xc0306201, &(0x7f0000000080)={0x8, 0x0, &(0x7f0000000280)=[@increfs], 0x0, 0x0, 0x0})
r2 = dup3(r1, r0, 0x0)
r3 = openat$binderfs(0xffffffffffffff9c, &(0x7f0000000040)='./binderfs/binder0\x00', 0x0, 0x0)
mmap$binder(&(0x7f0000ffd000/0x3000)=nil, 0x3000, 0x1, 0x11, r3, 0x0)
ioctl$BINDER_SET_CONTEXT_MGR_EXT(r3, 0x4018620d, &(0x7f00000002c0)={0x73622a85, 0x10a})
ioctl$BINDER_WRITE_READ(r2, 0xc0306201, &(0x7f00000003c0)={0x8, 0x0, &(0x7f0000000e00)=[@acquire], 0x0, 0x0, 0x0})
ioctl$BINDER_WRITE_READ(r1, 0xc0306201, &(0x7f0000000300)={0x4c, 0x0, &(0x7f0000000540)=[@transaction_sg={0x40486311, {0x1, 0x0, 0x0, 0x0, 0x11, 0x0, 0x0, 0x48, 0x18, &(0x7f00000004c0)={@fd={0x66642a85, 0x0, r0}, @fd={0x66642a85, 0x0, r3}, @flat=@weak_handle={0x77682a85, 0x1001}}, &(0x7f0000000200)={0x0, 0x18, 0x30}}}], 0x0, 0x0, 0x0})
prlimit64(0x0, 0x7, &(0x7f0000000ec0), 0x0)
ioctl$BINDER_WRITE_READ(r3, 0xc0306201, &(0x7f0000000680)={0x8, 0x0, &(0x7f00000001c0)=[@decrefs={0x40046307, 0x1}], 0x1, 0x1000000000000, &(0x7f0000000340)="cb"})

3m27.233248151s ago: executing program 7 (id=5043):
socket$inet6_sctp(0xa, 0x5, 0x84)
openat$vnet(0xffffffffffffff9c, &(0x7f0000000180), 0x2, 0x0)
socketpair$unix(0x1, 0x3, 0x0, &(0x7f0000000080)={<r0=>0xffffffffffffffff, <r1=>0xffffffffffffffff})
connect$unix(r0, &(0x7f0000000140)=@file={0x0, './file0\x00'}, 0x6e)
sendmmsg$unix(r1, &(0x7f00000bd000), 0x318, 0x0)
recvmmsg(r0, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
r2 = syz_io_uring_setup(0xb5c, &(0x7f0000000640)={0x0, 0x498, 0x10, 0x1, 0x165}, &(0x7f0000000dc0)=<r3=>0x0, &(0x7f00000001c0)=<r4=>0x0)
syz_memcpy_off$IO_URING_METADATA_GENERIC(r3, 0x4, &(0x7f0000000180)=0xfffffffc, 0x0, 0x4)
syz_io_uring_submit(r3, r4, &(0x7f0000000200)=@IORING_OP_READV=@pass_iovec={0x1, 0x0, 0x0, @fd_index=0x4, 0x0, 0x0})
openat$sndseq(0xffffffffffffff9c, 0x0, 0x402000)
io_uring_enter(r2, 0x847ba, 0x0, 0xe, 0x0, 0x0)

3m24.71385372s ago: executing program 7 (id=5050):
sendmsg$NFT_BATCH(0xffffffffffffffff, 0x0, 0x40)
sendmsg$NFT_BATCH(0xffffffffffffffff, 0x0, 0x40)
r0 = ioctl$KVM_CREATE_VM(0xffffffffffffffff, 0xae01, 0x0)
r1 = openat$fuse(0xffffffffffffff9c, &(0x7f00000000c0), 0x2, 0x0)
syz_mount_image$fuse(&(0x7f0000000040), &(0x7f0000000000)='./file0\x00', 0x0, &(0x7f00000002c0)=ANY=[@ANYBLOB='fd=', @ANYRESHEX=r1, @ANYBLOB=',rootmode=00000000000000000040000,user_id=', @ANYRESDEC=0x0, @ANYBLOB=',group_id=', @ANYRESDEC=0x0], 0x0, 0x0, 0x0)
mount$fuse(0x0, &(0x7f0000000280)='./file0\x00', 0x0, 0x100000, 0x0)
r2 = open_tree(0xffffffffffffff9c, &(0x7f0000000080)='./file0\x00', 0x89901)
move_mount(r2, &(0x7f0000000140)='.\x00', 0xffffffffffffff9c, &(0x7f0000000180)='./file0\x00', 0x0)
r3 = open_tree(0xffffffffffffff9c, &(0x7f0000000640)='\x00', 0x89901)
move_mount(r3, &(0x7f0000000140)='.\x00', 0xffffffffffffff9c, &(0x7f0000000180)='./file0\x00', 0x0)
umount2(&(0x7f00000003c0)='./file0/file0\x00', 0x8)
dup(r0)

3m23.66332294s ago: executing program 7 (id=5053):
socket$inet6_tcp(0xa, 0x1, 0x0)
socketpair$unix(0x1, 0x3, 0x0, &(0x7f0000000080)={<r0=>0xffffffffffffffff, <r1=>0xffffffffffffffff})
connect$unix(r0, &(0x7f000057eff8)=@abs, 0x6e)
sendmmsg$unix(r1, &(0x7f00000bd000), 0x318, 0x0)
write$FUSE_NOTIFY_DELETE(0xffffffffffffffff, 0x0, 0x29)
recvmmsg(r0, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
r2 = openat$procfs(0xffffffffffffff9c, &(0x7f0000000000)='/proc/tty/drivers\x00', 0x0, 0x0)
r3 = syz_io_uring_setup(0x49a, &(0x7f0000000380)={0x0, 0x79ad, 0x80, 0x3, 0x26c, 0x0, r2}, &(0x7f0000000340)=<r4=>0x0, &(0x7f0000000040)=<r5=>0x0)
syz_memcpy_off$IO_URING_METADATA_GENERIC(r4, 0x4, &(0x7f0000000100)=0xfff, 0x0, 0x4)
syz_io_uring_submit(r4, r5, &(0x7f00000001c0)=@IORING_OP_READ=@pass_buffer={0x16, 0x40, 0x4007, @fd=r2, 0xffffffffffffffff, &(0x7f0000000400)=""/210, 0xd2, 0x10, 0x1})
io_uring_enter(r3, 0x627, 0x4c1, 0x43, 0x0, 0x30)

3m21.473549769s ago: executing program 7 (id=5064):
bpf$PROG_LOAD(0x5, 0x0, 0x0)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x40000000000088}, 0x0)
r0 = socket$packet(0x11, 0x3, 0x300)
r1 = socket$packet(0x11, 0x2, 0x300)
syz_open_dev$usbmon(0x0, 0x0, 0x0)
r2 = socket$packet(0x11, 0x2, 0x300)
setsockopt$packet_int(r2, 0x107, 0xa, &(0x7f0000000080)=0x2, 0x4)
setsockopt$packet_rx_ring(r2, 0x107, 0x5, &(0x7f0000000140)=@req3={0x1000, 0x3a, 0x1000, 0x3a, 0x7ff, 0xf83, 0x3}, 0x1c)
pselect6(0x0, 0x0, 0x0, 0x0, 0x0, 0x0)
setsockopt$packet_int(r1, 0x107, 0xa, 0x0, 0x0)
ioctl$sock_SIOCGIFINDEX(r0, 0x8933, &(0x7f0000000240)={'veth1_to_hsr\x00', <r3=>0x0})
sendto$packet(r0, &(0x7f0000000980)="e7030500d3fc07000000478880050917", 0x10, 0x2404c810, &(0x7f0000000280)={0x11, 0x88a8, r3, 0x1, 0x4, 0x6, @multicast}, 0x14)
syz_usb_connect$hid(0x0, 0x36, 0x0, 0x0)

3m21.103744287s ago: executing program 40 (id=5064):
bpf$PROG_LOAD(0x5, 0x0, 0x0)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x40000000000088}, 0x0)
r0 = socket$packet(0x11, 0x3, 0x300)
r1 = socket$packet(0x11, 0x2, 0x300)
syz_open_dev$usbmon(0x0, 0x0, 0x0)
r2 = socket$packet(0x11, 0x2, 0x300)
setsockopt$packet_int(r2, 0x107, 0xa, &(0x7f0000000080)=0x2, 0x4)
setsockopt$packet_rx_ring(r2, 0x107, 0x5, &(0x7f0000000140)=@req3={0x1000, 0x3a, 0x1000, 0x3a, 0x7ff, 0xf83, 0x3}, 0x1c)
pselect6(0x0, 0x0, 0x0, 0x0, 0x0, 0x0)
setsockopt$packet_int(r1, 0x107, 0xa, 0x0, 0x0)
ioctl$sock_SIOCGIFINDEX(r0, 0x8933, &(0x7f0000000240)={'veth1_to_hsr\x00', <r3=>0x0})
sendto$packet(r0, &(0x7f0000000980)="e7030500d3fc07000000478880050917", 0x10, 0x2404c810, &(0x7f0000000280)={0x11, 0x88a8, r3, 0x1, 0x4, 0x6, @multicast}, 0x14)
syz_usb_connect$hid(0x0, 0x36, 0x0, 0x0)

1m29.646522857s ago: executing program 0 (id=5358):
r0 = openat$tun(0xffffffffffffff9c, &(0x7f0000000240), 0x2802, 0x0)
ioctl$TUNSETIFF(r0, 0x400454ca, &(0x7f0000000040)={'syzkaller0\x00', 0x7101})
r1 = socket(0x400000000010, 0x3, 0x0)
ioctl$sock_SIOCGIFINDEX(r1, 0x8933, &(0x7f0000000100)={'syzkaller0\x00', <r2=>0x0})
sendmsg$nl_route_sched(r1, &(0x7f00000012c0)={0x0, 0x0, &(0x7f0000000000)={&(0x7f00000000c0)=@newqdisc={0x38, 0x24, 0x4ee4e6a52ff56541, 0x70bd2a, 0xfffffffd, {0x0, 0x0, 0x0, r2, {0x0, 0x1}, {0xffff, 0xffff}, {0xffe0, 0x9}}, [@qdisc_kind_options=@q_multiq={{0xb}, {0x8}}]}, 0x38}}, 0x0)
sendmsg$nl_route_sched(r1, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000300)={&(0x7f00000004c0)=@newtfilter={0x5c, 0x2c, 0xf3f, 0x30bd29, 0x25dfdbfd, {0x0, 0x0, 0x0, r2, {0xb, 0x4}, {}, {0x7, 0x300}}, [@filter_kind_options=@f_basic={{0xa}, {0x2c, 0x2, [@TCA_BASIC_EMATCHES={0x28, 0x2, 0x0, 0x1, [@TCA_EMATCH_TREE_HDR={0x8, 0x1, {0x1}}, @TCA_EMATCH_TREE_LIST={0x1c, 0x2, 0x0, 0x1, [@TCF_EM_CMP={0x18, 0x1, 0x0, 0x0, {{0x6, 0x1, 0xff82}, {0x0, 0x3, 0x78, 0x4, 0x6, 0x0, 0x1}}}]}]}]}}]}, 0x5c}, 0x1, 0x0, 0x0, 0x20041090}, 0x0)
r3 = socket$unix(0x1, 0x1, 0x0)
r4 = socket$kcm(0x11, 0x3, 0x0)
r5 = openat$tun(0xffffffffffffff9c, &(0x7f0000000400), 0x0, 0x0)
close(r5)
socket$nl_generic(0x10, 0x3, 0x10)
ioctl$SIOCSIFHWADDR(r5, 0x8914, &(0x7f0000002280)={'syzkaller0\x00', @multicast})
ioctl$sock_SIOCGIFINDEX(r3, 0x8933, &(0x7f0000000100)={'syzkaller0\x00', <r6=>0x0})
sendmsg$kcm(r4, &(0x7f00000000c0)={&(0x7f0000000440)=@xdp={0x2c, 0x7, r6, 0x4003e}, 0x80, &(0x7f0000000380)=[{&(0x7f00000002c0)="a2", 0x5dc}], 0x1}, 0x4)

1m24.11768759s ago: executing program 0 (id=5365):
r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000340), 0x0, 0x0)
r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0)
ioctl$KVM_SET_USER_MEMORY_REGION(r1, 0x4020ae46, &(0x7f0000000400)={0x0, 0x0, 0x0, 0x20002000, &(0x7f0000000000/0x2000)=nil})
r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x2)
ioctl$KVM_RUN(r2, 0xae80, 0x0)
ioctl$KVM_REGISTER_COALESCED_MMIO(r1, 0x4010ae67, &(0x7f0000000040)={0x0, 0x0, 0x1})
ioctl$KVM_REGISTER_COALESCED_MMIO(r1, 0x4010ae67, &(0x7f0000000000)={0xdddd0000, 0x2000, 0x1})
ioctl$KVM_SET_REGS(0xffffffffffffffff, 0x4090ae82, &(0x7f00000000c0)={[0x1, 0x0, 0x7, 0x0, 0xffffffffffffffff, 0x400000, 0xd, 0x0, 0x2, 0xfffffffffffffffe, 0x1fffffffe000, 0x40, 0x6, 0x7, 0x1], 0xe000, 0x8340})
sendmsg$nl_generic(0xffffffffffffffff, &(0x7f0000000040)={0x0, 0x0, &(0x7f0000000100)={0x0, 0x14}}, 0x0)
ioctl$KVM_SET_VCPU_EVENTS(0xffffffffffffffff, 0x4040aea0, &(0x7f0000000080)=@x86={0x80, 0x4, 0x5, 0x0, 0x9, 0x5, 0x40, 0x7, 0x6, 0x4, 0xf9, 0x8, 0x0, 0x0, 0x6, 0x2, 0x84, 0x3, 0x4, '\x00', 0x4, 0x9})
ioctl$KVM_RUN(r2, 0xae80, 0x0)

1m23.77345584s ago: executing program 0 (id=5368):
openat$uinput(0xffffff9c, 0x0, 0x2, 0x0)
socketpair$unix(0x1, 0x3, 0x0, &(0x7f0000000200)={<r0=>0xffffffffffffffff, <r1=>0xffffffffffffffff})
connect$unix(r0, &(0x7f000057eff8)=@file={0x0, './file0\x00'}, 0x6e)
sendmmsg$unix(r1, &(0x7f00000bd000), 0x318, 0x0)
recvmmsg(r0, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
r2 = socket$qrtr(0x2a, 0x2, 0x0)
connect$qrtr(r2, &(0x7f0000000200)={0x2a, 0xffffffffffffffff, 0xfffffffe}, 0xc)
io_setup(0x6, 0x0)
r3 = syz_io_uring_setup(0x498, &(0x7f0000000540)={0x0, 0x465e, 0x400, 0x3, 0x285}, &(0x7f00000004c0)=<r4=>0x0, &(0x7f0000000480)=<r5=>0x0)
syz_memcpy_off$IO_URING_METADATA_GENERIC(r4, 0x4, &(0x7f0000000080)=0xfffffffc, 0x0, 0x4)
syz_io_uring_submit(r4, r5, &(0x7f00000002c0)=@IORING_OP_WRITEV={0x2, 0x0, 0x0, @fd=r2, 0x0, 0x0})
io_uring_enter(r3, 0x3498, 0x969, 0x0, 0x0, 0x0)

1m21.701568447s ago: executing program 0 (id=5370):
mkdir(&(0x7f0000000400)='./file0\x00', 0x0)
r0 = openat$fuse(0xffffffffffffff9c, &(0x7f00000000c0), 0x42, 0x0)
mount$fuse(0x0, &(0x7f0000000000)='./file0\x00', &(0x7f0000002100), 0x0, &(0x7f0000002140)=ANY=[@ANYBLOB='fd=', @ANYRESHEX=r0, @ANYBLOB=',rootmode=0000000000000000040000,user_id=', @ANYRESDEC=0x0, @ANYBLOB=',group_id=', @ANYRESDEC=0x0])
r1 = openat$fuse(0xffffffffffffff9c, &(0x7f00000000c0), 0x2, 0x0)
syz_mount_image$fuse(&(0x7f0000000040), &(0x7f0000000000)='./file0\x00', 0x0, &(0x7f00000002c0)=ANY=[@ANYBLOB='fd=', @ANYRESHEX=r1, @ANYBLOB=',rootmode=00000000000000000040000,user_id=', @ANYRESDEC=0x0, @ANYBLOB=',group_id=', @ANYRESDEC=0x0], 0x0, 0x0, 0x0)
mount$fuse(0x0, &(0x7f0000000280)='./file0\x00', 0x0, 0x100000, 0x0)
openat$fuse(0xffffffffffffff9c, &(0x7f0000000040), 0x42, 0x0)
mount$fuse(0x0, &(0x7f0000000000)='./file0\x00', &(0x7f0000002100), 0x0, &(0x7f0000002140)=ANY=[])
r2 = open_tree(0xffffffffffffff9c, &(0x7f0000000640)='\x00', 0x89901)
move_mount(r2, &(0x7f0000000140)='.\x00', 0xffffffffffffff9c, &(0x7f0000000300)='./file0\x00', 0x0)
mount$fuse(0x0, &(0x7f0000000000)='./file0\x00', 0x0, 0x84000, 0x0)
r3 = syz_open_procfs(0x0, &(0x7f00000000c0)='mountinfo\x00')
sendfile(r3, r3, &(0x7f0000000000)=0x2eb4, 0x2000007ff)

1m20.669562712s ago: executing program 0 (id=5374):
r0 = socket$nl_generic(0x10, 0x3, 0x10)
bind$netlink(r0, &(0x7f0000514ff4)={0x10, 0x0, 0x0, 0x2ffffffff}, 0xc)
r1 = openat$binderfs(0xffffffffffffff9c, &(0x7f00000000c0)='./binderfs/binder0\x00', 0x0, 0x0)
ioctl$BINDER_SET_CONTEXT_MGR_EXT(r1, 0x4018620d, &(0x7f0000000100))
r2 = openat$binderfs(0xffffffffffffff9c, &(0x7f0000000140)='./binderfs/binder0\x00', 0x0, 0x0)
ioctl$BINDER_WRITE_READ(r2, 0xc0306201, &(0x7f0000000080)={0x8, 0x0, &(0x7f0000000400)=[@increfs], 0x0, 0x0, 0x0})
r3 = dup3(r2, r1, 0x0)
r4 = openat$binderfs(0xffffffffffffff9c, &(0x7f0000000040)='./binderfs/binder0\x00', 0x0, 0x0)
mmap$binder(&(0x7f0000ffd000/0x3000)=nil, 0x3000, 0x1, 0x11, r4, 0x0)
ioctl$BINDER_SET_CONTEXT_MGR_EXT(r4, 0x4018620d, &(0x7f0000004a80)={0x73622a85, 0x100, 0x1})
ioctl$BINDER_WRITE_READ(r3, 0xc0306201, &(0x7f00000004c0)={0x8, 0x0, &(0x7f0000000000)=[@acquire], 0x0, 0x0, 0x0})
ioctl$BINDER_WRITE_READ(r3, 0xc0306201, &(0x7f00000001c0)={0x4c, 0x0, &(0x7f0000000fc0)=[@transaction_sg={0x40486311, {0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x48, 0x18, &(0x7f0000000300)={@flat=@weak_binder={0x77622a85, 0x100a, 0x8000000000}, @flat=@weak_binder={0x77622a85, 0x1100, 0x3}}, &(0x7f0000000200)={0x0, 0x18, 0x30}}}], 0x0, 0x0, 0x0})
ioctl$BINDER_WRITE_READ(r4, 0xc0306201, &(0x7f0000000180)={0x0, 0x0, 0x0, 0x51, 0x0, &(0x7f0000000740)="b3185d7bb56f70f003360ea8bf515a301ceb68a04086aedebf6fff904f92849a7a07395ee7f0e4cb1d78001c08a0ab73ffcf5ad07693727980eea946e6cba1723e81bfa5c3688803c8a124dcb27df7938e"})
ioctl$BINDER_WRITE_READ(r4, 0xc0306201, &(0x7f0000004a40)={0x44, 0x0, &(0x7f00000049c0)=[@transaction={0x40406300, {0x3, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}}], 0x0, 0x0, 0x0})

1m13.40559902s ago: executing program 0 (id=5387):
r0 = socket$netlink(0x10, 0x3, 0x0)
bind$netlink(r0, &(0x7f0000514ff4)={0x10, 0x0, 0x0, 0x2ffffffff}, 0xc)
r1 = openat$tun(0xffffffffffffff9c, &(0x7f0000000240), 0x0, 0x0)
ioctl$TUNSETIFF(r1, 0x400454ca, &(0x7f0000000040)={'syzkaller0\x00', 0x7101})
r2 = socket(0x400000000010, 0x3, 0x0)
sendmsg$nl_generic(0xffffffffffffffff, 0x0, 0x0)
r3 = socket(0x400000000010, 0x3, 0x0)
r4 = socket$unix(0x1, 0x1, 0x0)
ioctl$sock_SIOCGIFINDEX(r4, 0x8933, &(0x7f0000000100)={'syzkaller0\x00', <r5=>0x0})
sendmsg$nl_route_sched(r3, &(0x7f00000012c0)={0x0, 0x0, &(0x7f0000000080)={&(0x7f00000001c0)=@newqdisc={0x2c, 0x24, 0x4ee4e6a52ff56541, 0x70bd2a, 0xffffffff, {0x0, 0x0, 0x0, r5, {0x0, 0xfff1}, {0xffff, 0xffff}, {0xc, 0xf}}, [@qdisc_kind_options=@q_drr={0x8}]}, 0x2c}, 0x1, 0x0, 0x0, 0x8001}, 0x20008850)
sendmsg$nl_route_sched(r3, &(0x7f0000000900)={0x0, 0x0, &(0x7f0000000140)={&(0x7f0000000940)=@newtfilter={0x34, 0x2c, 0xd27, 0x70bd28, 0xfffff000, {0x0, 0x0, 0x0, r5, {0xf000, 0xffff}, {}, {0x7, 0xa}}, [@filter_kind_options=@f_route={{0xa}, {0x4}}]}, 0x34}, 0x1, 0x0, 0x0, 0x80}, 0x20000800)
r6 = socket$unix(0x1, 0x1, 0x0)
ioctl$sock_SIOCGIFINDEX(r6, 0x8933, &(0x7f0000000100)={'syzkaller0\x00', <r7=>0x0})
sendmsg$nl_route_sched(r2, &(0x7f0000000900)={0x0, 0x0, &(0x7f00000002c0)={&(0x7f0000000340)=@newtfilter={0x3c, 0x2c, 0xd27, 0x70bd2b, 0x25dfdbfb, {0x0, 0x0, 0x0, r7, {0xf000, 0xffff}, {}, {0x7, 0xa}}, [@filter_kind_options=@f_route={{0xa}, {0xc, 0x2, [@TCA_ROUTE4_FROM={0x8, 0x3, 0x43}]}}]}, 0x3c}, 0x1, 0x0, 0x0, 0x80}, 0x20000800)

1m12.3180359s ago: executing program 41 (id=5387):
r0 = socket$netlink(0x10, 0x3, 0x0)
bind$netlink(r0, &(0x7f0000514ff4)={0x10, 0x0, 0x0, 0x2ffffffff}, 0xc)
r1 = openat$tun(0xffffffffffffff9c, &(0x7f0000000240), 0x0, 0x0)
ioctl$TUNSETIFF(r1, 0x400454ca, &(0x7f0000000040)={'syzkaller0\x00', 0x7101})
r2 = socket(0x400000000010, 0x3, 0x0)
sendmsg$nl_generic(0xffffffffffffffff, 0x0, 0x0)
r3 = socket(0x400000000010, 0x3, 0x0)
r4 = socket$unix(0x1, 0x1, 0x0)
ioctl$sock_SIOCGIFINDEX(r4, 0x8933, &(0x7f0000000100)={'syzkaller0\x00', <r5=>0x0})
sendmsg$nl_route_sched(r3, &(0x7f00000012c0)={0x0, 0x0, &(0x7f0000000080)={&(0x7f00000001c0)=@newqdisc={0x2c, 0x24, 0x4ee4e6a52ff56541, 0x70bd2a, 0xffffffff, {0x0, 0x0, 0x0, r5, {0x0, 0xfff1}, {0xffff, 0xffff}, {0xc, 0xf}}, [@qdisc_kind_options=@q_drr={0x8}]}, 0x2c}, 0x1, 0x0, 0x0, 0x8001}, 0x20008850)
sendmsg$nl_route_sched(r3, &(0x7f0000000900)={0x0, 0x0, &(0x7f0000000140)={&(0x7f0000000940)=@newtfilter={0x34, 0x2c, 0xd27, 0x70bd28, 0xfffff000, {0x0, 0x0, 0x0, r5, {0xf000, 0xffff}, {}, {0x7, 0xa}}, [@filter_kind_options=@f_route={{0xa}, {0x4}}]}, 0x34}, 0x1, 0x0, 0x0, 0x80}, 0x20000800)
r6 = socket$unix(0x1, 0x1, 0x0)
ioctl$sock_SIOCGIFINDEX(r6, 0x8933, &(0x7f0000000100)={'syzkaller0\x00', <r7=>0x0})
sendmsg$nl_route_sched(r2, &(0x7f0000000900)={0x0, 0x0, &(0x7f00000002c0)={&(0x7f0000000340)=@newtfilter={0x3c, 0x2c, 0xd27, 0x70bd2b, 0x25dfdbfb, {0x0, 0x0, 0x0, r7, {0xf000, 0xffff}, {}, {0x7, 0xa}}, [@filter_kind_options=@f_route={{0xa}, {0xc, 0x2, [@TCA_ROUTE4_FROM={0x8, 0x3, 0x43}]}}]}, 0x3c}, 0x1, 0x0, 0x0, 0x80}, 0x20000800)

12.102719983s ago: executing program 3 (id=5536):
socketpair$unix(0x1, 0x3, 0x0, &(0x7f0000000080)={<r0=>0xffffffffffffffff, <r1=>0xffffffffffffffff})
connect$unix(r0, &(0x7f000057eff8)=@abs, 0x6e)
sendmmsg$unix(r1, &(0x7f00000bd000), 0x318, 0x0)
recvmmsg(r0, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
openat$procfs(0xffffffffffffff9c, 0x0, 0x0, 0x0)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
socketpair$unix(0x1, 0x3, 0x0, 0x0)
sendmmsg$unix(0xffffffffffffffff, 0x0, 0x0, 0x0)
r2 = socket$alg(0x26, 0x5, 0x0)
bind$alg(r2, &(0x7f00000007c0)={0x26, 'skcipher\x00', 0x0, 0x0, 'cbc(sm4)\x00'}, 0x58)
setsockopt$ALG_SET_KEY(r2, 0x117, 0x1, &(0x7f0000001280)="b7f2288a911993f08d3aaea2bc0000de", 0x10)
r3 = accept4(r2, 0x0, 0x0, 0x800)
sendmmsg$alg(r3, &(0x7f0000000040)=[{0x0, 0x0, &(0x7f0000000000)=[{&(0x7f0000000080)="f78d9ca38fff48f3be52163448412ba8", 0xfffffe3f}, {&(0x7f0000000140)="ebe3a0e9796cfd1647e299f4e376fdba128280b372219d205e81f4a7f71c1926aae1efd7e0054a863f3d5cfe6cb55b5bb9fa6935849e6098ed884e7cb51726b360fbb37b4fe035bbb095873048", 0xff31}, {&(0x7f00000003c0)="e8700e444d50a969ff67347cff6127e6ef12ee3819271482a4975a52c1ab9b8b4db3945d1032005eabe97b4dc33a47d3a158da988456d30026b433186f53cdcdb93a4722bf306a10470d50f5cb1ece9ead3459bab1cf1538cd0b157653c5e892962c80f158c443e9c6ad7d2a8103ef2f4b93766b9a21501f94c1568b13756b66f74f46cf801704d2da8b96c34070b233af0afcc436712e58ed25e721193af05a045ad3fdc928f02f3dbad19d3e66eebda2e63f3f46ef4511cee26d7b48241847bf9e343ef4674c45e2a085060f11"}], 0x1, &(0x7f0000000380)=[@op={0x18, 0x117, 0x3, 0x1}], 0x18}], 0x1, 0x40800)
recvmsg(r3, &(0x7f00000005c0)={0x0, 0x0, &(0x7f00000001c0)=[{&(0x7f00000000c0)=""/81, 0x7ffff000}, {&(0x7f0000000200)=""/83, 0x20000253}], 0x2}, 0x0)

10.194822183s ago: executing program 6 (id=5541):
syz_usb_connect(0x0, 0x0, 0x0, &(0x7f0000000c40)={0x0, 0x0, 0x0, 0x0, 0x1, [{0x4, &(0x7f0000000180)=@lang_id={0x4, 0x3, 0x403}}]})
r0 = socket$inet6_tcp(0xa, 0x1, 0x0)
setsockopt$inet6_tcp_int(r0, 0x6, 0x13, &(0x7f00000012c0)=0x100000001, 0x4)
connect$inet6(r0, &(0x7f0000000080)={0xa, 0x4e24}, 0x1c)
setsockopt$inet6_tcp_TCP_ULP(r0, 0x6, 0x1f, &(0x7f00000002c0), 0x4)
r1 = fcntl$dupfd(r0, 0x0, r0)
setsockopt$inet6_tcp_TCP_REPAIR_QUEUE(r0, 0x6, 0x14, &(0x7f0000000000)=0x1, 0x4)
sendmsg$IPVS_CMD_GET_CONFIG(r1, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000240)={&(0x7f0000000180)=ANY=[], 0x14}}, 0x0)
setsockopt$inet6_tcp_TLS_TX(r0, 0x11a, 0x2, &(0x7f0000000280)=@gcm_128={{0x303}, "ed197fbfb5c342b6", "28852cbbbeba35380ee5190047169f9d", "2eb387e0", "11edf8da8e55bb27"}, 0x28)
write$binfmt_elf64(r1, &(0x7f0000000740)=ANY=[], 0x4a2)
r2 = syz_io_uring_setup(0xb5c, &(0x7f0000000640)={0x0, 0x9916, 0x0, 0x0, 0x164, 0x0, r1}, &(0x7f0000000040)=<r3=>0x0, &(0x7f0000000480)=<r4=>0x0)
syz_memcpy_off$IO_URING_METADATA_GENERIC(r3, 0x4, &(0x7f0000000180)=0xfffffffc, 0x0, 0x4)
syz_io_uring_submit(r3, r4, &(0x7f0000000200)=@IORING_OP_READV=@pass_iovec={0x1, 0x0, 0x0, @fd=r0, 0x0, &(0x7f0000000580)=[{&(0x7f0000001800)=""/216, 0xd8}, {&(0x7f00000006c0)=""/180, 0xb4}, {&(0x7f0000000780)=""/241, 0xf1}, {&(0x7f0000000880)=""/254, 0xfe}, {&(0x7f0000000980)=""/155, 0x9b}], 0x5})
io_uring_enter(r2, 0xf23, 0x0, 0xc, 0x0, 0x0)

10.095643276s ago: executing program 1 (id=5542):
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x1, 0x0)
sendmsg$nl_route_sched(0xffffffffffffffff, 0x0, 0x0)
r0 = getpid()
sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x10000000000002)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeef, 0x8031, 0xffffffffffffffff, 0x0)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={<r1=>0xffffffffffffffff, <r2=>0xffffffffffffffff})
connect$unix(r1, &(0x7f000057eff8)=@file={0x0, './file0\x00'}, 0x6e)
sendmmsg$unix(r2, &(0x7f0000000000), 0x400000000000041, 0x0)
sched_setaffinity(r0, 0x0, 0x0)
recvmmsg(r1, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
r3 = socket$inet6(0xa, 0x3, 0x6)
setsockopt$inet6_buf(r3, 0x29, 0x39, &(0x7f0000000040)="ff02040000b5ffffffffffffffff2e2be82db1af00000000", 0x18)
connect$inet6(r3, &(0x7f0000000080)={0xa, 0x4e20, 0x1000040, @private1={0xfc, 0x1, '\x00', 0xa}, 0xae3c}, 0x1c)
sendmmsg$inet6(r3, &(0x7f0000002940)=[{{0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x8000000}}], 0x62, 0x0)

9.272459672s ago: executing program 3 (id=5544):
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0x3, 0x8031, 0xffffffffffffffff, 0xc3490000)
socket$nl_xfrm(0x10, 0x3, 0x6)
ptrace(0x10, 0x0)
ptrace$ARCH_SHSTK_LOCK(0x1e, 0x0, 0x1, 0x5003)
socket$inet_smc(0x2b, 0x1, 0x0)
socketpair$unix(0x1, 0x3, 0x0, &(0x7f0000000080)={<r0=>0xffffffffffffffff, <r1=>0xffffffffffffffff})
connect$unix(r0, &(0x7f000057eff8)=@abs, 0x6e)
sendmmsg$unix(r1, &(0x7f00000bd000), 0x318, 0x0)
recvmmsg(r0, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
r2 = syz_io_uring_setup(0xbd9, &(0x7f0000000640)={0x0, 0xe826, 0x800, 0x1, 0x3c3}, &(0x7f0000000dc0)=<r3=>0x0, &(0x7f0000000000)=<r4=>0x0)
syz_memcpy_off$IO_URING_METADATA_GENERIC(r3, 0x4, &(0x7f0000000180)=0xfffffffc, 0x0, 0x4)
syz_io_uring_submit(r3, r4, &(0x7f0000000200)=@IORING_OP_READV=@pass_iovec={0x1, 0x0, 0x0, @fd_index=0x4, 0x0, &(0x7f0000000600)=[{&(0x7f0000001800)=""/216, 0xd8}], 0x1})
io_uring_enter(r2, 0x847ba, 0x0, 0xe, 0x0, 0x0)

8.581078686s ago: executing program 4 (id=5546):
openat$vicodec0(0xffffffffffffff9c, &(0x7f00000001c0), 0x2, 0x0)
r0 = openat$vhost_vsock(0xffffffffffffff9c, &(0x7f0000000400), 0x2, 0x0)
socket$netlink(0x10, 0x3, 0x14)
r1 = openat(0xffffffffffffff9c, 0x0, 0x2, 0x0)
openat$vga_arbiter(0xffffffffffffff9c, 0x0, 0x800, 0x0)
r2 = syz_io_uring_setup(0xbdc, &(0x7f0000000640)={0x0, 0xe826, 0x800, 0x2, 0x16, 0x0, r1}, &(0x7f0000000dc0)=<r3=>0x0, &(0x7f0000000000)=<r4=>0x0)
syz_memcpy_off$IO_URING_METADATA_GENERIC(r3, 0x4, &(0x7f0000000180)=0xfffffffc, 0x0, 0x4)
syz_io_uring_submit(r3, r4, &(0x7f0000000200)=@IORING_OP_READV=@pass_iovec={0x1, 0x0, 0x0, @fd_index=0x4, 0x0, &(0x7f0000000600)=[{&(0x7f0000001800)=""/216, 0xd8}], 0x1})
io_uring_enter(r2, 0x7545, 0x20, 0x0, 0x0, 0x0)
ioctl$VHOST_SET_VRING_BASE(r0, 0xaf01, 0x0)
ppoll(&(0x7f0000000240)=[{r0, 0x241c}], 0x1, 0x0, 0x0, 0x0)
ioctl$VHOST_SET_FEATURES(r0, 0x4008af00, &(0x7f0000000140)=0x200000000)
ioctl$VHOST_SET_MEM_TABLE(r0, 0x4008af03, &(0x7f0000000280))
ioctl$VHOST_VSOCK_SET_RUNNING(r0, 0x4004af61, &(0x7f00000000c0)=0x1)

7.403906309s ago: executing program 4 (id=5548):
r0 = openat$tun(0xffffffffffffff9c, &(0x7f0000000240), 0x0, 0x0)
ioctl$TUNSETIFF(r0, 0x400454ca, &(0x7f0000000040)={'syzkaller0\x00', 0x7101})
r1 = socket(0x400000000010, 0x3, 0x0)
r2 = socket$nl_route(0x10, 0x3, 0x0)
r3 = socket$unix(0x1, 0x1, 0x0)
ioctl$sock_SIOCGIFINDEX(r3, 0x8933, &(0x7f0000000100)={'syzkaller0\x00', <r4=>0x0})
sendmsg$nl_route_sched(r2, &(0x7f0000000740)={0x0, 0x0, &(0x7f0000000080)={&(0x7f00000006c0)=@newqdisc={0x48, 0x24, 0x4ee4e6a52ff56541, 0x70bd2a, 0xffffffff, {0x0, 0x0, 0x0, r4, {0x0, 0xfff1}, {0xffff, 0xffff}, {0x0, 0x10}}, [@qdisc_kind_options=@q_prio={{0x9}, {0x18, 0x2, {0x8}}}]}, 0x48}, 0x1, 0x0, 0x0, 0x4000000}, 0x20040084)
r5 = socket$unix(0x1, 0x5, 0x0)
ioctl$sock_SIOCGIFINDEX(r5, 0x8933, &(0x7f0000000800)={'syzkaller0\x00', <r6=>0x0})
sendmsg$nl_route_sched(r1, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000140)={&(0x7f0000000440)=@newtfilter={0x4c, 0x2c, 0xd27, 0x70bd24, 0x24dfdbff, {0x0, 0x0, 0x0, r6, {0x4, 0xa}, {}, {0xfff2, 0x2}}, [@filter_kind_options=@f_bpf={{0x8}, {0x20, 0x2, [@TCA_BPF_OPS={{0x6, 0x4, 0x1}, {0xc, 0x5, [{0x6, 0xd, 0x5, 0x8}]}}, @TCA_BPF_CLASSID={0x8, 0x3, {0x8, 0xb}}]}}]}, 0x4c}, 0x1, 0x0, 0x0, 0x8848}, 0x20004804)
r7 = socket$unix(0x1, 0x1, 0x0)
ioctl$sock_SIOCGIFINDEX(r7, 0x8933, &(0x7f0000000100)={'syzkaller0\x00', <r8=>0x0})
r9 = socket(0x10, 0x3, 0x0)
sendmsg$nl_route_sched(r9, &(0x7f0000000200)={0x0, 0x0, &(0x7f00000003c0)={&(0x7f0000000300)=@newqdisc={0x88, 0x24, 0xf0b, 0x70bd26, 0x0, {0x0, 0x0, 0x0, r8, {0x0, 0xffff}, {0xffff, 0xffff}}, [@qdisc_kind_options=@q_mqprio={{0xb}, {0x58, 0x2, {{0x1, [], 0x0, [0x1, 0x2, 0xfffe, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x5c4, 0x8000, 0x0, 0x0, 0x3dc, 0x2], [0x0, 0x4, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1000]}}}}]}, 0x88}}, 0x20000000)

7.245425481s ago: executing program 6 (id=5549):
bpf$BPF_LINK_CREATE_XDP(0x1c, &(0x7f0000000480)={0xffffffffffffffff, 0x0, 0x25, 0x2, @void}, 0x10)
r0 = openat$vhost_vsock(0xffffffffffffff9c, &(0x7f0000000300), 0x2, 0x0)
ioctl$VHOST_SET_VRING_BASE(r0, 0xaf01, 0x0)
r1 = eventfd(0xffffffff)
ioctl$VHOST_SET_LOG_FD(r0, 0x4004af07, &(0x7f0000000240)=r1)
ioctl$VHOST_SET_VRING_KICK(r0, 0x4008af20, &(0x7f0000000040)={0x1, r1})
ioctl$VHOST_SET_VRING_ADDR(r0, 0x4028af11, &(0x7f0000000140)={0x0, 0x0, 0x0, &(0x7f0000000500)=""/67, 0x0})
ioctl$VHOST_SET_VRING_ADDR(r0, 0x4028af11, &(0x7f0000000280)={0x1, 0x1, &(0x7f0000000380)=""/247, &(0x7f00000000c0)=""/87, &(0x7f0000000480)=""/74})
ioctl$VHOST_SET_MEM_TABLE(r0, 0x4008af03, &(0x7f0000000680)={0x1, 0x0, [{0x0, 0xfffffeac, &(0x7f00000001c0)=""/115}]})
ioctl$VHOST_VSOCK_SET_RUNNING(r0, 0x4004af61, &(0x7f0000000000)=0x1)
bpf$MAP_CREATE(0x0, &(0x7f0000000380)=ANY=[@ANYBLOB="0000000000000000010001"], 0x50)
ioctl$KVM_SET_SREGS(0xffffffffffffffff, 0x4138ae84, &(0x7f0000000100)={{0xffff0000, 0x0, 0x9, 0x0, 0x7f, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1}, {0x0, 0xddccb000, 0xa, 0x0, 0x0, 0x7, 0x0, 0x0, 0x0, 0x1}, {0x0, 0x0, 0x0, 0x8, 0x9, 0x0, 0x81, 0x0, 0x44, 0xe, 0x0, 0x3}, {0x10b002, 0x2000, 0xc, 0xfd, 0x80, 0x0, 0x3}, {0x1000, 0x0, 0x0, 0x7f, 0xff, 0x80, 0x0, 0x0, 0x0, 0xfc, 0x1a, 0xa8}, {0x10000, 0xd000, 0x0, 0x2, 0x0, 0x8f, 0x0, 0x0, 0x0, 0x0, 0x86, 0xfe}, {0xeeee8000, 0x80a0000, 0xe, 0x0, 0x0, 0x0, 0xff, 0x80, 0x0, 0xe}, {0x4, 0x80a0000, 0x0, 0x82, 0x0, 0x10, 0x4, 0x6, 0x8}, {0x1000, 0x8000}, {0x1, 0xfffd}, 0xe0010035, 0x0, 0x50000, 0x10, 0x1, 0xf403, 0x900, [0x0, 0x9, 0x10000, 0xd9c]})
bpf$PROG_LOAD(0x5, &(0x7f0000000a80)={0x11, 0xc, &(0x7f0000000180)=ANY=[@ANYBLOB="1800000000000100000000000000fe0018110000", @ANYRES32, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b704000000000000850000000100000095"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
munmap(&(0x7f0000002000/0x4000)=nil, 0x4000)

6.777333229s ago: executing program 3 (id=5550):
syz_usb_control_io$uac1(0xffffffffffffffff, 0x0, 0x0)
r0 = socket$inet6(0xa, 0x2, 0x0)
setsockopt$inet6_IPV6_HOPOPTS(r0, 0x29, 0x36, 0x0, 0x8)
sendto$inet6(r0, 0x0, 0x0, 0x0, &(0x7f0000000300)={0xa, 0x4e20, 0x0, @ipv4={'\x00', '\xff\xff', @loopback}}, 0x1c)
socketpair$unix(0x1, 0x3, 0x0, &(0x7f0000000080)={<r1=>0xffffffffffffffff, <r2=>0xffffffffffffffff})
connect$unix(r1, &(0x7f000057eff8)=@abs, 0x6e)
sendmmsg$unix(r2, &(0x7f00000bd000), 0x318, 0x0)
recvmmsg(r1, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
r3 = openat$procfs(0xffffffffffffff9c, &(0x7f0000000180)='/proc/partitions\x00', 0x0, 0x0)
r4 = syz_io_uring_setup(0x49c, &(0x7f00000000c0)={0x0, 0x79ae, 0x3100, 0x8000, 0x3, 0x0, r3}, &(0x7f0000000340)=<r5=>0x0, &(0x7f0000000040)=<r6=>0x0)
syz_memcpy_off$IO_URING_METADATA_GENERIC(r5, 0x4, &(0x7f0000000000)=0xffb, 0x0, 0x4)
syz_io_uring_submit(r5, r6, &(0x7f00000001c0)=@IORING_OP_READ=@pass_buffer={0x16, 0x40, 0x4007, @fd=r3, 0xffffffffffffffff, &(0x7f0000000580)=""/207, 0xcf, 0x2, 0x1})
io_uring_enter(r4, 0x627, 0x4c1, 0x43, 0x0, 0x30)

6.044106679s ago: executing program 1 (id=5551):
timer_create(0x3, &(0x7f0000533fa0)={0x0, 0x21, 0x0, @thr={0x0, 0x0}}, &(0x7f00000001c0))
timer_settime(0x0, 0x1, &(0x7f0000000340)={{0x0, 0x989680}, {0x0, 0x9}}, 0x0)
seccomp$SECCOMP_SET_MODE_FILTER_LISTENER(0x1, 0x0, &(0x7f0000000040)={0x1, &(0x7f00000000c0)=[{0x6, 0x0, 0x0, 0x7fff7ffc}]})
r0 = mq_open(&(0x7f00005a1ffb)='eth0\x00', 0x42, 0x0, 0x0)
mq_notify(r0, 0x0)
setrlimit(0xf, &(0x7f00000000c0)={0x0, 0x3})
mlock(&(0x7f0000bff000/0x400000)=nil, 0x400000)
r1 = fsopen(&(0x7f0000000040)='afs\x00', 0x0)
syz_usb_connect(0x3, 0x36, &(0x7f0000000040)={{0x12, 0x1, 0x0, 0xab, 0xe9, 0x27, 0x10, 0x13b1, 0x42, 0x76fe, 0x1, 0x2, 0x3, 0x1, [{{0x9, 0x2, 0x24, 0x1, 0x4, 0x0, 0x0, 0x0, [{{0x9, 0x4, 0x9, 0x2, 0x2, 0xc9, 0x18, 0x2, 0x0, [], [{{0x9, 0x5, 0x4, 0x2, 0x10, 0x0, 0xfa}}, {{0x9, 0x5, 0x82, 0x2, 0x40, 0x0, 0x0, 0x1}}]}}]}}]}}, 0x0)
syz_usb_connect$printer(0x1, 0x2d, &(0x7f0000000000)={{0x12, 0x1, 0x310, 0x7, 0x1, 0x2, 0x10, 0x525, 0xa4a8, 0x40, 0x1, 0x2, 0x3, 0x1, [{{0x9, 0x2, 0x1b, 0x1, 0x1, 0x9, 0x80, 0x66, [{{0x9, 0x4, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x6, "", {{{0x9, 0x5, 0x1, 0x2, 0x40, 0x8, 0x0, 0x2}}}}}]}}]}}, &(0x7f0000000380)={0x0, 0x0, 0x8, &(0x7f00000000c0)={0x5, 0xf, 0x8, 0x1, [@ptm_cap={0x3}]}, 0x5, [{0x94, &(0x7f0000000480)=ANY=[]}, {0x4, &(0x7f00000001c0)=@lang_id={0x4, 0x3, 0x446}}, {0xe2, &(0x7f0000000200)=@string={0xe2, 0x3, "e0e88cbeee99ed224f7f4c0c56721b1131a51f8e9c6ed79e6b87042365278f59af67dea5e37598e8bb097842183b18f7c79840993941627645afccd5bb498b33eaa4ce91cfe8f9a845bed2b3c52bad5f44f390c17233b3663b6d53491605814efc5dd4158ce4b8e47620d8e5f6d15f7bfa816993f464f1dae04419075420a1d8b296bdb41fb6bde588efd744e250d1e9d166da4dc94a25fd0e3cddd9061cde951b189b5bba6a4a275ec86337ab2fea413204fe02806ac1ada500e1dc77992a1217f5323360bf12e19620bf3d11d886364cafd72022f1c03c35860cf9bea10749"}}, {0x5, &(0x7f0000000300)=@string={0x5, 0x3, "c106bf"}}, {0x4, &(0x7f0000000340)=@lang_id={0x4, 0x3, 0x425}}]})
open$dir(&(0x7f0000000400)='./file0\x00', 0x40, 0x117)
setresuid(0x0, 0x0, 0xffffffffffffffff)
socket$nl_netfilter(0x10, 0x3, 0xc)
fsconfig$FSCONFIG_SET_STRING(r1, 0x1, &(0x7f0000000000)='source', &(0x7f0000000080)='#(:.', 0x0)

5.756929271s ago: executing program 6 (id=5552):
r0 = openat$kvm(0x0, &(0x7f0000000040), 0x0, 0x0)
openat$kvm(0xffffffffffffff9c, &(0x7f0000000140), 0x0, 0x0)
ioctl$KVM_SET_USER_MEMORY_REGION(0xffffffffffffffff, 0x4020ae46, &(0x7f0000000180)={0x0, 0x0, 0x54000, 0x2000, &(0x7f0000000000/0x2000)=nil})
openat$kvm(0xffffffffffffff9c, &(0x7f0000000100), 0x102080, 0x0)
ioctl$KVM_SET_MSRS(0xffffffffffffffff, 0xc008ae88, &(0x7f0000000000)={0x1, 0x0, [{0xf88e470f, 0xed}]})
r1 = openat$kvm(0xffffff9c, &(0x7f00000000c0), 0x800, 0x0)
r2 = ioctl$KVM_CREATE_VM(r1, 0xae01, 0x0)
ioctl$KVM_GET_MSR_INDEX_LIST(r0, 0xc004ae02, &(0x7f00000001c0))
r3 = ioctl$KVM_CREATE_VCPU(r2, 0xae41, 0x0)
ioctl$KVM_SET_USER_MEMORY_REGION(r2, 0x4020ae46, &(0x7f0000000080)={0x0, 0x0, 0x0, 0x2000, &(0x7f0000000000/0x2000)=nil})
ioctl$KVM_SET_REGS(r3, 0x4090ae82, &(0x7f0000000200)={[0x2, 0x9, 0xfffffffffffffffd, 0x0, 0x2, 0x0, 0x4002004c4, 0x1004, 0xffffffffffffffff, 0x100000001, 0x0, 0x1, 0xffffffffffffffff, 0x2000000000000000, 0x80000003fffffc, 0x8d], 0xeeee8000, 0x2010d1})
ioctl$KVM_RUN(r3, 0xae80, 0x0)
ioctl$KVM_RUN(r3, 0xae80, 0x0)
ioctl$KVM_RUN(r3, 0xae80, 0x0)

5.490162133s ago: executing program 4 (id=5553):
openat$ttyS3(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0)
openat$ttyS3(0xffffffffffffff9c, &(0x7f0000000340), 0xa00, 0x0)
ioctl$VIDIOC_ENUM_FREQ_BANDS(0xffffffffffffffff, 0xc0405665, &(0x7f0000000280)={0x7, 0x2, 0x0, 0x40, 0x0, 0x7})
socketpair$unix(0x1, 0x3, 0x0, &(0x7f0000000080)={<r0=>0xffffffffffffffff, <r1=>0xffffffffffffffff})
connect$unix(r0, &(0x7f000057eff8)=@abs, 0x6e)
sendmmsg$unix(r1, &(0x7f00000bd000), 0x318, 0x0)
recvmmsg(r0, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
r2 = syz_io_uring_setup(0xbdc, &(0x7f0000000640)={0x0, 0xec25, 0x400, 0x1, 0x40000333}, &(0x7f00000006c0)=<r3=>0x0, &(0x7f00000001c0)=<r4=>0x0)
dup(0xffffffffffffffff)
syz_memcpy_off$IO_URING_METADATA_GENERIC(r3, 0x4, &(0x7f0000000180)=0xfffffffc, 0x0, 0x4)
syz_io_uring_submit(r3, r4, &(0x7f0000000200)=@IORING_OP_READV=@pass_iovec={0x1, 0x0, 0x0, @fd_index=0x4, 0x0, &(0x7f0000000600)=[{&(0x7f0000001800)=""/216, 0xd8}], 0x1})
munlockall()
io_uring_enter(r2, 0x847ba, 0x0, 0xe, 0x0, 0x0)

5.156554795s ago: executing program 6 (id=5554):
r0 = fsopen(&(0x7f00000001c0)='ramfs\x00', 0x0)
fsconfig$FSCONFIG_CMD_CREATE(r0, 0x6, 0x0, 0x0, 0x0)
r1 = fsmount(r0, 0x0, 0x0)
fchdir(r1)
mkdirat(0xffffffffffffff9c, &(0x7f0000000080)='./file1\x00', 0x1c0)
mkdirat(0xffffffffffffff9c, &(0x7f0000000140)='./file1/file4\x00', 0x1c0)
r2 = openat(0xffffffffffffff9c, &(0x7f0000000040)='.\x00', 0x0, 0x0)
mknod$loop(&(0x7f00000000c0)='./file1/file4/file6\x00', 0x8, 0x0)
renameat2(r2, &(0x7f0000000580)='./file1/file4/file6\x00', 0xffffffffffffff9c, &(0x7f00000005c0)='./file2\x00', 0x1)
r3 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000080)='blkio.bfq.group_wait_time\x00', 0x275a, 0x0)
write$UHID_CREATE2(r3, &(0x7f0000000340)=ANY=[], 0x118)
mmap(&(0x7f0000000000/0x3000)=nil, 0x3000, 0x88fd537e5c114b6e, 0x11, r3, 0x0)
r4 = openat$dir(0xffffffffffffff9c, &(0x7f0000000080)='.\x00', 0x101000, 0x108)
getdents64(r4, &(0x7f0000000f80)=""/4096, 0x1000)

5.153780197s ago: executing program 5 (id=5555):
io_uring_setup(0x2c4d, &(0x7f0000000200))
socket$netlink(0x10, 0x3, 0x0)
getrandom(&(0x7f0000000180)=""/263, 0x107, 0x0)
getsockopt$inet_sctp6_SCTP_SOCKOPT_CONNECTX3(0xffffffffffffffff, 0x84, 0x6f, &(0x7f0000000180)={0x0, 0x0, 0x0}, &(0x7f0000000240)=0x10)
prctl$PR_SET_MM_MAP(0x23, 0xe, &(0x7f0000000080)={&(0x7f0000ff7000/0x1000)=nil, &(0x7f0000ff1000/0xf000)=nil, &(0x7f0000ffe000/0x2000)=nil, &(0x7f0000ffc000/0x3000)=nil, &(0x7f0000ffc000/0x3000)=nil, &(0x7f0000ff8000/0x3000)=nil, &(0x7f0000ff1000/0x3000)=nil, &(0x7f0000ffb000/0x3000)=nil, &(0x7f0000ff5000/0x1000)=nil, &(0x7f0000ffa000/0x1000)=nil, &(0x7f0000ffa000/0x2000)=nil, 0x0}, 0x68)
sendmsg$NFT_BATCH(0xffffffffffffffff, &(0x7f0000000080)={0x0, 0x0, 0x0}, 0x24004045)
r0 = io_uring_setup(0x1bc2, &(0x7f0000000040)={0x0, 0xc89f, 0xc000, 0x7, 0x20002f9})
bpf$BPF_PROG_TEST_RUN(0xa, &(0x7f0000000000)={0xffffffffffffffff, 0x18000000000002a0, 0x0, 0x0, &(0x7f0000000240), 0x0, 0x501, 0x60000000, 0x0, 0x0, 0x0, 0x0, 0x2, 0x0, 0x4}, 0x50)
r1 = socket$inet(0x2, 0x80001, 0x84)
sendmsg$netlink(0xffffffffffffffff, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000000)=[{0x0, 0x10}], 0x1}, 0x0)
capset(&(0x7f0000000040)={0x20080522}, &(0x7f0000000280)={0x0, 0x0, 0x0, 0x81, 0xffffffff, 0x10000})
getsockopt$inet_sctp_SCTP_MAX_BURST(r1, 0x84, 0x14, &(0x7f0000000000)=@assoc_value, &(0x7f0000000300)=0x8)
sendmsg(0xffffffffffffffff, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000200)=[{&(0x7f0000000000)='8', 0x1}], 0x1, 0x0, 0x0, 0x2c}, 0x4000845)
io_uring_enter(r0, 0x2219, 0x7721, 0x16, 0x0, 0x0)

4.935989884s ago: executing program 5 (id=5556):
r0 = semget$private(0x0, 0x4, 0x29b)
semop(r0, 0x0, 0x0)
r1 = socket$nl_generic(0x10, 0x3, 0x10)
ioctl$sock_SIOCGIFINDEX_80211(r1, 0x8933, &(0x7f0000000040)={'wlan0\x00', <r2=>0x0})
r3 = socket$nl_generic(0x10, 0x3, 0x10)
ioctl$sock_SIOCGIFINDEX_80211(r3, 0x8933, &(0x7f0000000480)={'wlan0\x00', <r4=>0x0})
r5 = syz_genetlink_get_family_id$nl80211(&(0x7f0000000200), 0xffffffffffffffff)
sendmsg$NL80211_CMD_REMAIN_ON_CHANNEL(r3, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000000100)={&(0x7f0000000300)=ANY=[@ANYBLOB=',\x00\x00\x00', @ANYRES16=r5, @ANYBLOB="010000000000000000003700000008000300", @ANYRES32=r4, @ANYBLOB="08002600901500000800570080"], 0x2c}}, 0x808)
syz_genetlink_get_family_id$nl80211(&(0x7f0000000040), 0xffffffffffffffff)
ioctl$sock_SIOCGIFINDEX_80211(0xffffffffffffffff, 0x8933, &(0x7f0000000080)={'wlan0\x00'})
sendmsg$NL80211_CMD_FRAME(0xffffffffffffffff, &(0x7f00000004c0)={0x0, 0x0, &(0x7f00000001c0)={&(0x7f0000000380)=ANY=[], 0x68}}, 0x0)
r6 = syz_genetlink_get_family_id$nl80211(&(0x7f0000000000), 0xffffffffffffffff)
sendmsg$NL80211_CMD_TRIGGER_SCAN(r1, &(0x7f0000000200)={0x0, 0x0, &(0x7f00000000c0)={&(0x7f0000001440)={0x1c, r6, 0x1, 0x0, 0x0, {{0x8}, {@val={0x8, 0x3, r2}, @void}}}, 0x1c}, 0x1, 0x0, 0x0, 0x4000}, 0x0)
semctl$IPC_SET(r0, 0x0, 0x1, &(0x7f0000000240)={{0x0, 0xee00, 0x0, 0x0, 0x0, 0x40, 0xd47}, 0xfffffffffffffffc, 0x8000, 0x0, 0x0, 0x0, 0x0, 0x2})

4.856935522s ago: executing program 6 (id=5557):
socket$netlink(0x10, 0x3, 0x0)
syz_open_dev$tty1(0xc, 0x4, 0x1)
socketpair$unix(0x1, 0x3, 0x0, &(0x7f0000000080)={<r0=>0xffffffffffffffff, <r1=>0xffffffffffffffff})
connect$unix(r0, &(0x7f000057eff8)=@abs, 0x6e)
sendmmsg$unix(r1, &(0x7f00000bd000), 0x318, 0x0)
recvmmsg(r0, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
semget$private(0x0, 0x4000, 0x0)
setsockopt$inet6_MCAST_LEAVE_GROUP(0xffffffffffffffff, 0x29, 0x2d, 0x0, 0x0)
socket$netlink(0x10, 0x3, 0x15)
r2 = socket$inet_tcp(0x2, 0x1, 0x0)
setsockopt$inet_tcp_int(r2, 0x6, 0x210000000013, &(0x7f00000000c0)=0x100000001, 0x4)
connect$inet(r2, &(0x7f0000000140)={0x2, 0x0, @dev={0xac, 0x14, 0x14, 0xe}}, 0x10)
setsockopt$inet_tcp_TCP_REPAIR_OPTIONS(r2, 0x6, 0x16, &(0x7f0000000000), 0x20000328)

3.822655757s ago: executing program 3 (id=5558):
r0 = openat$tun(0xffffffffffffff9c, &(0x7f0000000240), 0x0, 0x0)
ioctl$TUNSETIFF(r0, 0x400454ca, &(0x7f0000000040)={'syzkaller0\x00', 0x7101})
r1 = socket$nl_route(0x10, 0x3, 0x0)
ioctl$sock_SIOCGIFINDEX(r1, 0x8933, &(0x7f0000000100)={'syzkaller0\x00', <r2=>0x0})
sendmsg$nl_route_sched(r1, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000580)={&(0x7f0000000600)=@newqdisc={0x4c, 0x24, 0x4ee4e6a52ff56541, 0x1, 0x25dfdbfd, {0x0, 0x0, 0x0, r2, {0x0, 0xb}, {0xffff, 0xffff}, {0xfff2}}, [@qdisc_kind_options=@q_netem={{0xa}, {0x1c, 0x2, {{0x3, 0x3, 0x6361, 0x5, 0xffffffff, 0x3}}}}]}, 0x4c}, 0x1, 0x0, 0x0, 0x40088c1}, 0x0)
sendmsg$nl_route_sched(r1, &(0x7f00000003c0)={0x0, 0x0, &(0x7f0000000300)={&(0x7f00000006c0)=@newqdisc={0x48, 0x24, 0x4ee4e6a52ff56541, 0x70b926, 0x25dfdc01, {0x0, 0x0, 0x0, r2, {0x0, 0xd}, {0xffff, 0xb}, {0xffff, 0xffe0}}, [@qdisc_kind_options=@q_fq_codel={{0xd}, {0x14, 0x2, [@TCA_FQ_CODEL_CE_THRESHOLD={0x8, 0x7, 0xfffffff9}, @TCA_FQ_CODEL_CE_THRESHOLD_MASK={0x5, 0xb, 0x11}]}}]}, 0x48}, 0x1, 0x0, 0x0, 0x240040e0}, 0x4890)
r3 = openat$tun(0xffffffffffffff9c, &(0x7f0000000400), 0x0, 0x0)
close(r3)
socket$nl_generic(0x10, 0x3, 0x10)
ioctl$SIOCSIFHWADDR(r3, 0x8914, &(0x7f0000002280)={'syzkaller0\x00', @multicast})
r4 = socket$nl_route(0x10, 0x3, 0x0)
ioctl$sock_SIOCGIFINDEX(r4, 0x8933, &(0x7f0000000100)={'syzkaller0\x00', <r5=>0x0})
r6 = socket$packet(0x11, 0x3, 0x300)
sendto$packet(r6, &(0x7f0000000240)="800000800000210ee7decd7a000000008100", 0x12, 0x40, &(0x7f00000001c0)={0x11, 0x8100, r5, 0x1, 0x9c, 0x6, @broadcast}, 0x14)

3.293965572s ago: executing program 5 (id=5559):
bpf$PROG_LOAD(0x5, &(0x7f00000017c0)={0x2, 0xe, &(0x7f0000000200)=ANY=[@ANYBLOB="b70000001c000000bca30000000000002403000020feffff620af3fef8ffffff71a400fe000000001f03000000000000e5000600000000002604fdffff02000015010000033800001d13fcff000000007a0af0ff0000001f"], 0x0, 0x2}, 0x94)
sendmsg$NFT_BATCH(0xffffffffffffffff, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000040)={&(0x7f00000001c0)=ANY=[@ANYBLOB="140000001000010000000000000000000000000a20000000000a05000000000000000000050000000900010073797a30000000002c000000030a01010000000000000000050000000900010073797a30000000000900030069087a300000000060000000060a010400000000000000000500400008000b400000000038000480340001800b00010074756e6e656c00002400028008"], 0xd4}}, 0x0)
r0 = openat$tun(0xffffffffffffff9c, &(0x7f0000000100), 0x0, 0x0)
ioctl$TUNSETIFF(r0, 0x400454ca, &(0x7f0000000040)={'syzkaller0\x00', 0x2})
r1 = openat$tun(0xffffffffffffff9c, &(0x7f0000000400), 0x0, 0x0)
close(r1)
socket$nl_generic(0x10, 0x3, 0x10)
ioctl$SIOCSIFHWADDR(r1, 0x8914, &(0x7f0000002280)={'syzkaller0\x00', @multicast})
r2 = socket$nl_route(0x10, 0x3, 0x0)
ioctl$sock_SIOCGIFINDEX(r2, 0x8933, &(0x7f0000000100)={'syzkaller0\x00', <r3=>0x0})
sendmsg$nl_route_sched(r2, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000580)={&(0x7f0000000340)=@newqdisc={0x4c, 0x24, 0x4ee4e6a52ff56541, 0x70bd25, 0x25dfdbfd, {0x0, 0x0, 0x0, r3, {0x0, 0xb}, {0xffff, 0xffff}, {0xfff2}}, [@qdisc_kind_options=@q_netem={{0xa}, {0x1c, 0x2, {{0x3, 0x3, 0x6361, 0x7, 0xffffffff, 0x3}}}}]}, 0x4c}}, 0x0)
sendmsg$nl_route_sched(r2, &(0x7f00000003c0)={0x0, 0x0, &(0x7f0000000300)={&(0x7f00000005c0)=@newqdisc={0x3c, 0x24, 0x4ee4e6a52ff56541, 0x70b926, 0x25dfdbfc, {0x0, 0x0, 0x0, r3, {0x0, 0xd}, {0x6, 0xb}, {0xffff, 0xffe0}}, [@qdisc_kind_options=@q_cake={{0x9}, {0xc, 0x2, [@TCA_CAKE_TARGET={0x8}]}}]}, 0x3c}, 0x1, 0x0, 0x0, 0x240040e0}, 0x4890)
r4 = socket$packet(0x11, 0x3, 0x300)
sendto$packet(r4, &(0x7f0000000240)="800000800000210ee7decd7a000000008100", 0x36, 0x40, &(0x7f00000001c0)={0x11, 0x8100, r3, 0x1, 0xd8, 0x6, @broadcast}, 0x14)

3.28891887s ago: executing program 3 (id=5560):
openat$tun(0xffffffffffffff9c, &(0x7f0000000240), 0x0, 0x0)
sendmsg$nl_route(0xffffffffffffffff, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000040)={&(0x7f00000000c0)=@newlink={0x28, 0x10, 0x49920d862a92153b, 0x3, 0x0, {0x0, 0x0, 0x0, 0x0, 0x2084}, [@IFLA_EXT_MASK={0x8, 0x1d, 0x5}]}, 0x28}}, 0x0)
bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000140)={0x1e, 0x4, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x24}, 0x94)
r0 = syz_open_dev$tty20(0xc, 0x4, 0x1)
r1 = socket$alg(0x26, 0x5, 0x0)
sendmsg$nl_route(0xffffffffffffffff, &(0x7f0000000040)={0x0, 0x0, &(0x7f0000000100)={&(0x7f0000000140)=ANY=[], 0x40c}}, 0x0)
bind$alg(r1, &(0x7f00000004c0)={0x26, 'skcipher\x00', 0x0, 0x0, 'cbc-camellia-aesni\x00'}, 0x58)
r2 = openat$tun(0xffffffffffffff9c, &(0x7f00000002c0), 0x800, 0x0)
write$tun(r2, &(0x7f0000000600)={@void, @val={0x5, 0x80, 0xc3, 0x0, 0x1875, 0x1}, @ipv6=@icmpv6={0xa, 0x6, "f829a2", 0x54, 0x3a, 0x1, @mcast2, @local, {[@fragment={0x2b, 0x0, 0x80, 0x1, 0x0, 0x6, 0x67}, @fragment={0x89, 0x0, 0x8, 0x1, 0x0, 0x1, 0x67}, @fragment={0x3c, 0x0, 0xb2, 0x1, 0x0, 0x6, 0x64}, @fragment={0x0, 0x0, 0x5, 0x0, 0x0, 0x5, 0x68}], @echo_request={0x80, 0x0, 0x0, 0xfff8, 0x4, "dd55b9973f73d0c03d51e82394999d4c888855e5dfb9df777124afe3856fa53bda35510f5f4f5ff462f56016"}}}}, 0x86)
setsockopt$ALG_SET_KEY(r1, 0x117, 0x1, &(0x7f0000000280)="ad56fa8ef1d91a4574758ecefbe1d7a46df6d558ecf1820f", 0x18)
r3 = accept4(r1, 0x0, 0x0, 0x800)
sendmmsg$alg(r3, &(0x7f0000000040)=[{0x0, 0x0, &(0x7f0000000000)=[{&(0x7f0000000080)="f78d9ca38fff48f3be52163448412ba8", 0xfffffe3f}, {&(0x7f0000000140)="ebe3a0e9796cfd1647e299f4e376fdba128280b372219d205e81f4a7f71c1926aae1efd7e0054a863f3d5cfe6cb55b5bb9fa6935849e6098ed884e7cb51726b360fbb37b4fe035bbb095873048"}, {&(0x7f00000003c0)="e8700e444d50a969ff67347cff6127e6ef12ee3819271482a4975a52c1ab9b8b4db3945d1032005eabe97b4dc33a47d3a158da988456d30026b433186f53cdcdb93a4722bf306a10470d50f5cb1ece9ead3459bab1cf1538cd0b157653c5e892962c80f158c443e9c6ad7d2a8103ef2f4b93766b9a21501f94c1568b13756b66f74f46cf801704d2da8b96c34070b233af0afcc436712e58ed25e721193af05a045ad3fdc928f02f3dbad19d3e66eebda2e63f3f46ef4511cee26d7b48241847bf9e343ef4674c45e2a085060f11"}], 0x1, &(0x7f0000000380)=[@op={0x18, 0x117, 0x3, 0x1}], 0x18}], 0x1, 0x40800)
recvmsg(r3, &(0x7f00000005c0)={0x0, 0x0, &(0x7f00000001c0)=[{&(0x7f00000000c0)=""/81, 0x7ffff000}, {&(0x7f0000000200)=""/83, 0x20000253}], 0x2}, 0x0)
write$binfmt_misc(r0, &(0x7f0000000240), 0xfffffecc)

2.795612418s ago: executing program 5 (id=5561):
r0 = socket$netlink(0x10, 0x3, 0x10)
bind$netlink(r0, &(0x7f0000514ff4)={0x10, 0x0, 0x0, 0x2ffffffff}, 0xc)
setsockopt$sock_int(r0, 0x1, 0x8, &(0x7f0000000000), 0x4)
setsockopt$netlink_NETLINK_BROADCAST_ERROR(r0, 0x10e, 0x4, &(0x7f0000000100)=0x1800, 0x4)
r1 = socket$inet6_mptcp(0xa, 0x1, 0x106)
bind$inet6(r1, &(0x7f0000000040)={0xa, 0x4e22, 0x0, @empty, 0x7}, 0x1c)
listen(r1, 0xfffffffc)
r2 = socket$nl_generic(0x10, 0x3, 0x10)
r3 = syz_genetlink_get_family_id$mptcp(&(0x7f0000000040), 0xffffffffffffffff)
r4 = socket$inet_mptcp(0x2, 0x1, 0x106)
connect$inet(r4, &(0x7f0000000000)={0x2, 0x4e22, @local}, 0x10)
r5 = socket$nl_route(0x10, 0x3, 0x0)
sendmsg$nl_route(r5, &(0x7f0000000040)={0x0, 0x0, &(0x7f0000000080)={&(0x7f00000009c0)=@newlink={0x28, 0x10, 0xc362e63b3f31ba5f, 0x0, 0x0, {0x0, 0x0, 0x0, 0x0, 0x100, 0x80e1}, [@IFLA_GROUP={0x8}]}, 0x28}}, 0x0)
sendmsg$MPTCP_PM_CMD_DEL_ADDR(r2, &(0x7f0000000140)={0x0, 0x0, &(0x7f0000000100)={&(0x7f0000000240)={0x28, r3, 0x7, 0x0, 0x0, {}, [@MPTCP_PM_ATTR_ADDR={0x14, 0x1, 0x0, 0x1, [@MPTCP_PM_ADDR_ATTR_FAMILY={0x6, 0x1, 0x2}, @MPTCP_PM_ADDR_ATTR_ADDR4={0x8, 0x3, @local}]}]}, 0x28}}, 0x0)

2.695210756s ago: executing program 1 (id=5562):
sendmsg$IPCTNL_MSG_EXP_NEW(0xffffffffffffffff, &(0x7f0000000540)={0x0, 0x0, &(0x7f0000000480)={&(0x7f0000000340)=ANY=[@ANYBLOB="8400000000020102fffd0000000000000700000224000a800800014000000000080001400000000008"], 0x84}, 0x1, 0x0, 0x0, 0x40010}, 0x4008000)
r0 = openat$kvm(0xffffffffffffff9c, &(0x7f00000004c0), 0x0, 0x0)
r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0)
sendmsg$nl_route(0xffffffffffffffff, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000000040)={0x0, 0x48}}, 0x4040000)
ioctl$KVM_SET_USER_MEMORY_REGION(r1, 0x4020ae46, &(0x7f0000000400)={0x0, 0x0, 0x0, 0x20002000, &(0x7f0000000000/0x2000)=nil})
r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0)
ioctl$KVM_RUN(r2, 0xae80, 0x0)
syz_open_dev$dvb_frontend(&(0x7f0000000080), 0x0, 0x2)
r3 = openat$iommufd(0xffffffffffffff9c, &(0x7f0000000080), 0x0, 0x0)
ioctl$IOMMU_TEST_OP_MOCK_DOMAIN_FLAGS(r3, 0x3ba0, &(0x7f0000000340)={0x48, 0x2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1})
syz_open_dev$audion(&(0x7f0000000000), 0x3, 0x1)
ioctl$KVM_RUN(r2, 0xae80, 0x0)
r4 = syz_open_dev$sg(&(0x7f00000060c0), 0x0, 0x8002)
ioctl$SCSI_IOCTL_GET_PCI(r4, 0x5393, &(0x7f0000000000))

2.639179737s ago: executing program 4 (id=5563):
r0 = openat$tun(0xffffffffffffff9c, &(0x7f0000000240), 0x2802, 0x0)
ioctl$TUNSETIFF(r0, 0x400454ca, &(0x7f0000000040)={'syzkaller0\x00', 0x7101})
r1 = socket(0x400000000010, 0x3, 0x0)
ioctl$sock_SIOCGIFINDEX(r1, 0x8933, &(0x7f0000000100)={'syzkaller0\x00', <r2=>0x0})
sendmsg$nl_route_sched(r1, &(0x7f00000012c0)={0x0, 0x0, &(0x7f0000000000)={&(0x7f00000000c0)=@newqdisc={0x38, 0x24, 0x4ee4e6a52ff56541, 0x70bd2a, 0xfffffffd, {0x0, 0x0, 0x0, r2, {0x0, 0x1}, {0xffff, 0xffff}, {0xffe0, 0x9}}, [@qdisc_kind_options=@q_multiq={{0xb}, {0x8}}]}, 0x38}}, 0x0)
sendmsg$nl_route_sched(r1, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000300)={&(0x7f00000004c0)=@newtfilter={0x5c, 0x2c, 0xf3f, 0x30bd29, 0x25dfdbfd, {0x0, 0x0, 0x0, r2, {0xb, 0x4}, {}, {0x7, 0x300}}, [@filter_kind_options=@f_basic={{0xa}, {0x2c, 0x2, [@TCA_BASIC_EMATCHES={0x28, 0x2, 0x0, 0x1, [@TCA_EMATCH_TREE_HDR={0x8, 0x1, {0x1}}, @TCA_EMATCH_TREE_LIST={0x1c, 0x2, 0x0, 0x1, [@TCF_EM_CMP={0x18, 0x1, 0x0, 0x0, {{0x6, 0x1, 0xff81}, {0x0, 0x3, 0x78, 0x4, 0x6, 0x0, 0x1}}}]}]}]}}]}, 0x5c}, 0x1, 0x0, 0x0, 0x20041090}, 0x0)
r3 = socket$unix(0x1, 0x1, 0x0)
r4 = socket$kcm(0x11, 0x3, 0x0)
r5 = openat$tun(0xffffffffffffff9c, &(0x7f0000000400), 0x0, 0x0)
close(r5)
socket$nl_generic(0x10, 0x3, 0x10)
ioctl$SIOCSIFHWADDR(r5, 0x8914, &(0x7f0000002280)={'syzkaller0\x00', @multicast})
ioctl$sock_SIOCGIFINDEX(r3, 0x8933, &(0x7f0000000100)={'syzkaller0\x00', <r6=>0x0})
sendmsg$kcm(r4, &(0x7f00000000c0)={&(0x7f0000000440)=@xdp={0x2c, 0x7, r6, 0x4003e}, 0x80, &(0x7f0000000380)=[{&(0x7f00000002c0)="a264c70c398a54beba73370dff7be7db19f65f369fff79da9e212f29b2c4151605000000e547033712a2529ab4ced3", 0x2f}, {&(0x7f0000000880)="eb6780c30372e6f267cd8342ecb8c93dea63810e0fa4479d0482e031f85148f2830d8fed9f3ea71d7b40e36f998167222a71d0617610d2d7d38f8e90d71326220216f8d0692875f3a8756cff85", 0x4d}], 0x2}, 0x4)

1.352783809s ago: executing program 1 (id=5564):
r0 = syz_open_procfs(0x0, 0x0)
writev(r0, &(0x7f00000002c0)=[{&(0x7f0000000280)='2', 0x1}, {0x0}], 0x2)
r1 = socket$nl_generic(0x10, 0x3, 0x10)
bind$netlink(r1, &(0x7f0000514ff4)={0x10, 0x0, 0x0, 0x2ffffffff}, 0xc)
r2 = socket$netlink(0x10, 0x3, 0x10)
bind$netlink(r2, &(0x7f0000514ff4)={0x10, 0x0, 0x0, 0x2ffffffff}, 0xc)
setsockopt$sock_int(r2, 0x1, 0x8, &(0x7f0000000000)=0x80, 0x4)
setsockopt$netlink_NETLINK_BROADCAST_ERROR(r2, 0x10e, 0x4, &(0x7f0000000180)=0x800, 0x4)
r3 = socket$nl_generic(0x10, 0x3, 0x10)
r4 = syz_genetlink_get_family_id$mptcp(&(0x7f0000000000), 0xffffffffffffffff)
sendmsg$MPTCP_PM_CMD_ADD_ADDR(r3, &(0x7f0000000400)={0x0, 0x0, &(0x7f00000003c0)={&(0x7f0000000300)={0x38, r4, 0x1, 0x0, 0x0, {}, [@MPTCP_PM_ATTR_ADDR={0x24, 0x1, 0x0, 0x1, [@MPTCP_PM_ADDR_ATTR_PORT={0x6, 0x5, 0x4e23}, @MPTCP_PM_ADDR_ATTR_FAMILY={0x6, 0x1, 0x2}, @MPTCP_PM_ADDR_ATTR_ADDR4={0x8, 0x3, @multicast1=0xac1414aa}, @MPTCP_PM_ADDR_ATTR_FLAGS={0x8, 0x6, 0x1}]}]}, 0x38}}, 0x0)
sendmsg$DEVLINK_CMD_SB_PORT_POOL_GET(r3, &(0x7f0000000140)={&(0x7f0000000080)={0x10, 0x0, 0x0, 0x8000}, 0xc, &(0x7f0000000100)={&(0x7f00000002c0)={0x14, 0x0, 0xa00, 0x70bd26, 0x25dfdbfe}, 0x14}, 0x1, 0x0, 0x0, 0x40}, 0x20000000)
r5 = socket$nl_generic(0x10, 0x3, 0x10)
ioctl$sock_SIOCETHTOOL(r5, 0x8946, &(0x7f0000000040)={'syz_tun\x00', &(0x7f0000000180)=@ethtool_link_settings={0x4d, 0x600, 0xf, 0x80, 0x0, 0x0, 0xfc, 0x1, 0x80, 0x4, [0x0, 0x0, 0x6, 0x0, 0x0, 0x0, 0x4]}})

1.183395829s ago: executing program 5 (id=5565):
ioctl$EVIOCGMASK(0xffffffffffffffff, 0x80104592, 0x0)
sendmsg$nl_route_sched(0xffffffffffffffff, 0x0, 0x20004804)
sendmmsg(0xffffffffffffffff, &(0x7f0000000000), 0x4000000000001f2, 0x2000000)
r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000040), 0x0, 0x0)
r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0)
r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0)
syz_kvm_setup_cpu$x86(0xffffffffffffffff, r2, &(0x7f0000000000/0x18000)=nil, &(0x7f0000000140)=[@text32={0x20, &(0x7f0000000240)="b9800000c00f3235000100000f300f20c035000000800f22c066ba6100b805000000efc4e1555538c4c1b1d24900660f60c50f2055660fae3a66bad004edc744240000000080c7442402f8ff0000c7442406000000000f011c24", 0x5a}], 0x1, 0x44, 0x0, 0x0)
r3 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000080), 0x0, 0x0)
r4 = ioctl$KVM_CREATE_VM(r3, 0xae01, 0x0)
ioctl$KVM_SET_USER_MEMORY_REGION(r4, 0x4020ae46, &(0x7f0000000400)={0x0, 0x0, 0x0, 0x20002000, &(0x7f0000000000/0x2000)=nil})
r5 = ioctl$KVM_CREATE_VCPU(r4, 0xae41, 0x0)
syz_kvm_setup_cpu$x86(0xffffffffffffffff, r5, &(0x7f0000015000/0x18000)=nil, &(0x7f0000000140)=[@text64={0x40, 0x0}], 0x1, 0xc, 0x0, 0x0)
sendmmsg$alg(0xffffffffffffffff, &(0x7f0000001180)=[{0x0, 0x0, &(0x7f00000005c0)=[{&(0x7f0000001300)="997c0871dd59232bcfdd74d0951203fafc57c569b6a5b15b17b50307db7e617d671c7590ef975de46807c4bc251555781f6d703897b324283f448aa15e4795000bc798511ed1684ba23fd5b8400643d8578566555a99bb699034400cd33c51edc2fe27e594c809759f6b3df10e31865e0091c5aa24aebc9112e8b3172e23b20ca3330d9b6e97ea37ac00b7e6448016cf42a4360a1c111695d33d17af439684ab13446f551969e6145aa804c4c4544235894836ab6b0ab6dfd2b2a06dd452593e027d3d290f2e45668347a6a51dd49d4c3f57d79ed2c991c4ce3a67b583c3849bf6d393170bc4e5ee591e8f216b88823b11cbf8dc588960e12431234de17481b55f17353451b4f2cbbc8f79f87c57b6b53ad8a65798faf6616142af9a24e817976e5cddbf29e93f3f44fb2f2dfd705cadb06833b84774f9c3e7eb93b43e9989725bf8e079ab628159eb645868ba00fe729fc2eaae5a35c254bb48e1e0923026240e576579ddfde40a3f4bc01df46346af0487ae32aff74e68094f9e28d3f64da9d70c7a98975296c868e4f48ae2ff011c7a2524e15a2573805f130712fdc973913611cc3bbdbb03931ec471e9b6b0acc3ae797f7c88d51992e679f6831caaf159029cab4d22cc42f09dcf30717fbab5e5f62f588bfbf78a1b04c80f661e61315feaca9debc78a21f9ab1860345291d6342c6d2ee881ca61d90f28ad4cadaee41da7e508dd5de563f02b1fb5125f998db6862ac923628985a24bfc7db63ba352a0d4362ee9fae972b6aca538dbbac688e7c62e0670145918c3f17bb38af6390cc077315aa475c005158e11665409cdd9c03a1578e0d60d2f03730d9ded68586897efa733c7077e609232301876f2962b227cd4c11c1e8f58fbbf43539c9b56e1aecb7a189eca0cdbb670ce0bc43d286f6d174745124cbb7bd50cf28553d177000de3127742b3c27015c034cc471941a1cb179c6726d5792593c75ed14525089d6ec1d55e1344924ab8fe246b05b5a208f1eac846cffbdf5e55d851e75e9532c7581904cbc623e62e371bbbae53e63530740320d4b9fdde20f536c2c7a3cad63cea799bc3475267debc8214ed71a0efe46e66dd9074e813c536a3cc8c8a64b9d89033c353d852a8f009e9f2a19a8bd9f092f8acd400b28bae40f1145bbc9e3f617ebb5a461135fa4771e2819d1f1378741e8c6f0eb22dd5a22a46b15f48c88b8238d86f4aca94c9d8ec93ec061a451f0da37095feccc2fddfc2d4e1ca3d5f092d997f5a93ea065ece9df6ef70510df7039117ff325f13c3cfc3a103834a5dc79acb66f7c0f074cd146739655b4053d0ea9fcfcec0d17876172c5ea2145e783f66b0237c154424ba8464df887cc6a96cb7a2f670080d0a93fb54089d4c3efc034be0fe6561dd2292a7c739ccdbc95e964e417e3de625ec96668d4a22cdac1d5ac76785cf5c927500713eb9a8ab7d537699eb63f8184b1d6bfac5367997091c9149e70a112ab3412b036206d33d0c441a9fcec08c4f4fd0ddc3f4d1f859c0fcbd38da5d95979c8ad48459585148ad4d75748dece943c7db96d3579a8fcd4acef7961b03944d6b9891c5cd49fbc3bee256410963a192ac531a6b24e810a341bd98c0e2d99e7ef9b634b48b680dbc8504e7f1f4c885caa8441e22c019aa7a668a19b87ac371a4a82019d85dd508588c173787d4e1ded797fea4d18775d753c498bc68d9460396c74fd908495c761907f4a362e384e49934d37cb543a73225171c8a1a831c0f0fd21ae64a6b2313618a676b7062274377ad989e67b4babf20ad415fa43253f58099e85dac27c2176ae6eebe25de04edf6310c9a94399c8aedd186f1e55bc1c20c5dde6724f8eaa17e4dab258334af50e12592a081dcb4ed32d23e0b72b8d28b537236fe14deaf804c3ff52d313bfa324f947aabc9bb1c20f41383895fee29b031952fba53566b87016d3ab365fcf99309367e5dc7699ad6862878bae675cdb77ae455442454178aab2e1bad2bb88eae9e31846475a5a0c3c95bc46566ac4e0e97ffa28b900441b6ca8ddfff3744ead124d17dc2431e0f345121179a705f442ca96c60d79064747bf198e3a65fd86e45d058c52f9bdd2a27b47811223de13d17cf9f93a21aac331783320f1f1b32824f6f2296e9aaeb6fa65dbf510237d65ae834eb7bac06a11915ff747d2bfe740013c7f81000890ac9d776e226546e485b19311aeb90fe73c11850963d3d93dbccc9d017f1d9bc2c9536df7a50f7058199102d04b83a67bba990b791698c4df1f5b9b13f099c8c5f017c2d6999bc94b70b57c5c495ebe98263c89e488a1d75c3e642fc4e01297f89cf03911dfe849b700e23474a6282c0cd3cd7e2ca421789a6011c074ac21838f64c704aa7eb5387884e254a290509becef6e87016d039f3539691d6739675e32b940f019985751b3bd9383cbc6343908c1ad3f3337759a3d301d6d9fd87cbfb797517bdaf30a3883977ed3e868c79ba03ebe7adb95f0217066708bf13beb5633357ad7d0e4cc899dfa326f78f3b6e477ff4c73275f6d9d718b5327f33904c347b796cd99730e604457796db16d21849e681e2de6b868837f22cf44e0596a1d3a5a6e7306d2058c0b0ebdb9ceafd3b45df40f7c147e5c15a2cc510bec6a220ee227ac93df9f00ebea0e77652999cb5c34f766b631b27bf9a99a40188d15e2924860d519924396f793686f3a0dab62522692b4d513d4382b84bc0f049daeae35f75bb6eaa20d6b5cf5c31548f3d48d6f7e87698af3fd51c8f82ba9ebac4d4cec4daefebfcf4a030271c03c726052eeacc4fb3957c3c4ceb7214cfe26ebb192bac2a63a0fc6bee5dce708a7bbb2e41ab1f12032045d85c5b5c16e8161ec3eb021e5bc7b442721ec6ae6515ff07629e4ebaa5e9223b5d0e840c84b0c8f875527f8d57b445e94a0f66391b445e9fe00a20b1a8f66a05bd3d90be738b47eea1456df6740e365aef8ec46a750afb93e1a8b14e06bd2a193f8c3c8a43005afd32d4a827b4869eb613491d97b415fafc3a73a9c20837793dbb24ef82bfb4ae6f629a26c08d26ed4e896f9507f5b2d51b74615d9de69e5ee7d761cd4b4500560a91b47352b7a00bc7a1344803515ceef40114529e0805720013ac24a7c515e29498d9d536f864a30149fc6ad49ad97f624fb0bd5128a28d33861116f30e5fff16282fae749b5244b37bc0e75b8138162dd03edaf8e902456b3e837804cf8d91c57d467aa16c824ec8302ce4e4ab3c333f23cca9d0154338cb13ab121944f7eb729ed882794eb4ebbbc0d229bfe6bced845cb8e20ca72aa87960a3b33a3af11d5b26ab059a26c0b4193660c6ca3660cace7b1a0071e15bbbefbaf2a5cad17dca0f51970be4a6b43b386507261b2e6af7e939a01b281b7cb813acec20354de6942d8c87a7243b7511116ea12935fa5590c5417be30d416f0558d511a78834ea01dbb216350343cdcfcb082f227e36209c4108ccf95393ae6252ad638e75c9621ab49721037418d1436cf0216bc58e3c687c314e9d24ac64c8be29089603789c6250c178d5445f793cb26df58a4c7901ffdacd4e51189fe9a481f6fd78321c7181f018b49d4fb457ac6542f452d535241dcf0e543d621804328e9d4dbc669f49f6f814f29184bf00402c6c43d22f1d0c1ef1a088a4d12de3312707ac453e8ec92ba99e87650c6f48261368be7124c4b5ad4b9cd2cb189e46058c7692bdddb34c7f8db97e395b39969e2d0e81a00be0d0852cada051b0cec8ef9846ea14aaccf6626c3bb92e72dc6165032313253b7aab867438ad38501ba67bce4fff609dc14244310baf72581c78caf5e69a7b1c93307de38363653bc06de70f5744ba657e901ece15b0f3aed93165759bcafa438ac45e552740e30cac910fff90e0a42a793dabcb17580e2b4b99b3512ebe108cb54eb7d7b21e15bce3bd6013143a40cf4cd00b908f40a009b9aab045b63f01ca8f0b6683056b52a5542758c012669b18eb18b8b5a8e38a36c7bc067b8a072157401fac46a8d244ba274d34c63d8236e08e1d2346214efc40247197ade7ef08c676a4f7fce778804e0fb4b46597e1c241b2567b2b921674379aec0e36b95b766819e68ca25a624e4f9f7161b1d8209ae502cc432304301aa065ba83b06b70a9fb67b97bbf251ec5d69d84dbc6a6d64d602d9807ad203d475f10cfbfb12f15ca97fe8b10c04b0c2153b4d76785e78c654d995d3fcf7a8e480bf0fba54d177e60e8cf757a586f31d80f2a92441262bb00482a1ff1ebdccf651f82bea37ea0ba169e800903ed47fa66509b51f28863d5474476b7296aede7215989b288694336b877f0e811135d889333b81bfc5ea944b5cb2ca9bffea409e06a77989348e27e2b2a545395ea044608379a8f7b2f84200a9af3a36f6dbf7d16a3336300a1bcc8ceb0e28ef7f09472679c29c8f38eab60222438f8950fb084c834a6bb1af759e9b6f865cf258980d0798d3ccc7aac8475c115b210dea195ebe70e4fdf9dcef5ab50b8f220bde3aca901478397e18b5cb0ae37c493621a468b2b341ec498448417fa1216dae4a47fec56e5a6165c3643ecf27de47d18c93e85685ae9520576068897451d1e8aed70cc3f17d3df93ec372c292cdf32e2b5119da3b4719095672687f67af4b0942a98142080c5fd8cf27d0157d7e0c43b0f9cb95282c86546d822dff1da75f49aaccd5223e1c671", 0xd09}], 0x1, 0x0, 0x0, 0xc000}], 0x1, 0x44051)
ioctl$KVM_RUN(r5, 0xae80, 0x0)

1.038331596s ago: executing program 4 (id=5566):
r0 = socket$nl_generic(0x10, 0x3, 0x10)
r1 = syz_genetlink_get_family_id$ethtool(&(0x7f0000000040), 0xffffffffffffffff)
socketpair$unix(0x1, 0x3, 0x0, 0x0)
connect$unix(0xffffffffffffffff, &(0x7f000057eff8)=@abs, 0x6e)
sendmmsg$unix(0xffffffffffffffff, &(0x7f00000bd000), 0x318, 0x0)
recvmmsg(0xffffffffffffffff, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x1, 0x0)
sched_setattr(0x0, &(0x7f0000000100)={0x38, 0x5, 0x0, 0x0, 0x0, 0xb45, 0x100000000009, 0xa, 0x0, 0x3}, 0x0)
shmget$private(0x0, 0x13000, 0x1, &(0x7f0000feb000/0x13000)=nil)
rt_tgsigqueueinfo(0x0, 0x0, 0x2b, &(0x7f0000000300)={0x8, 0x9, 0x100})
capget(0x0, 0x0)
socket$nl_route(0x10, 0x3, 0x0)
poll(0x0, 0x0, 0x7)
sendmsg$ETHTOOL_MSG_LINKMODES_GET(r0, &(0x7f0000000100)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000200)={0x14, r1, 0x301, 0x70bd29, 0x25dfdbfc, {0x24}}, 0x14}, 0x1, 0x0, 0x0, 0x4000}, 0x0)

1.037379666s ago: executing program 1 (id=5567):
r0 = openat$tun(0xffffffffffffff9c, &(0x7f0000000240), 0x0, 0x0)
ioctl$TUNSETIFF(r0, 0x400454ca, &(0x7f0000000040)={'syzkaller0\x00', 0x7101})
r1 = socket(0x400000000010, 0x3, 0x0)
r2 = socket$unix(0x1, 0x1, 0x0)
ioctl$sock_SIOCGIFINDEX(r2, 0x8933, &(0x7f0000000100)={'syzkaller0\x00', <r3=>0x0})
sendmsg$nl_route_sched(r1, &(0x7f00000012c0)={0x0, 0x0, &(0x7f0000000080)={&(0x7f0000000180)=@newqdisc={0x44, 0x24, 0x4ee4e6a52ff56541, 0x70bd29, 0xffffffff, {0x0, 0x0, 0x0, r3, {0x0, 0xfff1}, {0xffff, 0xffff}, {0xc, 0xf}}, [@qdisc_kind_options=@q_hfsc={{0x9}, {0x14, 0x2, @TCA_HFSC_RSC={0x10, 0x1, {0x0, 0xb, 0x4}}}}]}, 0x44}, 0x1, 0x0, 0x0, 0x8801}, 0x20008850)
r4 = socket(0x400000000010, 0x3, 0x0)
r5 = socket$unix(0x1, 0x5, 0x0)
ioctl$sock_SIOCGIFINDEX(r5, 0x8933, &(0x7f0000000100)={'syzkaller0\x00', <r6=>0x0})
sendmsg$nl_route_sched(r4, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000140)={&(0x7f0000001300)=@newtfilter={0x44, 0x2c, 0xd27, 0x70bd24, 0x25dfdbfd, {0x0, 0x0, 0x0, r6, {0xfff1, 0xa}, {}, {0x7, 0x2}}, [@filter_kind_options=@f_bpf={{0x8}, {0x18, 0x2, [@TCA_BPF_OPS={{0x6, 0x4, 0x1}, {0xc, 0x5, [{0x6, 0xd, 0x5, 0x4}]}}]}}]}, 0x44}, 0x1, 0x0, 0x0, 0x8848}, 0x20004804)
r7 = socket(0x400000000010, 0x3, 0x0)
r8 = socket$unix(0x1, 0x5, 0x0)
ioctl$sock_SIOCGIFINDEX(r8, 0x8933, &(0x7f0000000100)={'syzkaller0\x00', <r9=>0x0})
sendmsg$nl_route_sched(r7, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000380)={&(0x7f0000000c00)=@newtfilter={0x488, 0x2c, 0xd3f, 0x70bd24, 0x25dfdbfc, {0x0, 0x0, 0x0, r9, {0xfff3, 0xffe0}, {}, {0x7, 0x2}}, [@filter_kind_options=@f_bpf={{0x8}, {0x45c, 0x2, [@TCA_BPF_OPS={{0x6, 0x4, 0x1}, {0xc, 0x5, [{0x6, 0xd, 0x9, 0x4}]}}, @TCA_BPF_POLICE={0x3e2, 0x2, [@TCA_POLICE_RATE={0x404, 0x2, [0x3, 0x8, 0x1, 0x7, 0xd988, 0x3, 0x3, 0xa08b, 0x1, 0x3ff, 0x1005, 0x5, 0x6, 0x4, 0x3, 0x92c, 0x7, 0xffffffb2, 0xeaac, 0x2, 0xe13, 0x4, 0x10000, 0xded, 0x8, 0x10000000, 0x1, 0x10001, 0xc6d, 0x80000001, 0x8, 0x7, 0x7, 0x7, 0x5, 0x7, 0x800, 0x9, 0x100, 0x8, 0x9, 0x8, 0x3, 0x5, 0x6, 0x9, 0x3, 0xd, 0x7, 0x5, 0x13f6, 0x81, 0x53, 0x17, 0x4, 0x1, 0x6, 0x4, 0x8, 0x800, 0x86e1, 0x8, 0xfffffff9, 0x5, 0x1, 0x3, 0x5, 0x5, 0x80000000, 0xf3, 0xd, 0x8, 0xfffffff9, 0x800, 0x2726a3ed, 0x6, 0x4, 0x2, 0x6, 0x8, 0x2, 0x7ff, 0x100, 0x1ff, 0x7, 0x3, 0x4, 0x8, 0x5, 0x8000002, 0x5, 0x0, 0x4, 0x3, 0x16, 0xff, 0x1, 0xc, 0x9, 0xb, 0x5, 0x8000, 0x8, 0x7, 0xa, 0xfa, 0x3, 0x0, 0x10, 0x1ff, 0x3, 0x4, 0x60000000, 0x8, 0x2, 0x4000000d, 0x8000, 0x2, 0x401, 0xa955, 0x5000, 0x1, 0xe6, 0x2, 0x9, 0x6e4, 0x1, 0x5, 0xe, 0xb, 0x6, 0x4, 0x80000001, 0x3, 0x99b, 0x9c4, 0x7f, 0x3, 0x70, 0xff800, 0x1, 0x7, 0x5, 0xff, 0x7, 0x6, 0xfff, 0x800, 0xa3, 0x10000, 0xff, 0x80000000, 0xc, 0x7, 0x8, 0xff, 0x0, 0x0, 0x8, 0x6, 0x5, 0x4, 0x7f, 0x9, 0x1, 0xffff, 0x3, 0x9, 0x9, 0x8, 0x7, 0xfffffc00, 0x0, 0x40, 0x400, 0x64c, 0x8, 0x7, 0x8, 0x6, 0xfffffffe, 0x6, 0x5, 0x7ff, 0xc7, 0x7, 0xf30, 0x800, 0x0, 0xee3, 0x5, 0x4, 0x8, 0x8, 0x1000, 0x8, 0x7, 0xa37f, 0x8, 0x9, 0x3, 0x1, 0xff, 0x5, 0x10000, 0xb, 0xcf9, 0x8, 0xfc, 0x40, 0x3, 0x1731, 0x3b, 0xff, 0x6, 0x6ad880, 0x266d, 0x7, 0xc28, 0x2, 0x400, 0x7d75, 0x52, 0xd5, 0x8, 0x2, 0x4, 0xfffffff8, 0x200, 0x6, 0x6, 0x8, 0xe, 0xb8, 0x7ff, 0xc7, 0x80, 0x40, 0x0, 0x9, 0x3feb, 0x800, 0x100, 0x100, 0xe6, 0xfffffb98, 0xfffffffb, 0x4, 0x20001, 0x3, 0x8, 0x1, 0x15b9, 0x7, 0x100, 0xffffffff]}, @TCA_POLICE_TBF={0x3c, 0x1, {0x5, 0xffffffffffffffff, 0x7a94, 0x7, 0xb, {0x7, 0x0, 0x1, 0x80, 0x6572, 0x6}, {0x2, 0x1, 0x400, 0x8, 0x8}, 0x3, 0x4, 0x7fffffff}}]}]}}]}, 0x488}, 0x1, 0x0, 0x0, 0x8848}, 0x20004804)

946.053456ms ago: executing program 3 (id=5568):
socketpair$unix(0x1, 0x3, 0x0, &(0x7f0000000080)={<r0=>0xffffffffffffffff, <r1=>0xffffffffffffffff})
connect$unix(r0, &(0x7f0000000300)=@abs, 0x6e)
sendmmsg$unix(r1, &(0x7f00000bd000), 0x318, 0x0)
recvmmsg(r0, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
r2 = eventfd(0x0)
r3 = socket$can_bcm(0x1d, 0x2, 0x2)
connect$can_bcm(r3, &(0x7f0000000140), 0x10)
r4 = syz_io_uring_setup(0x835, &(0x7f00000000c0)={0x0, 0x679d, 0x400, 0x2000006, 0x3ce}, &(0x7f0000000040)=<r5=>0x0, &(0x7f0000000140)=<r6=>0x0)
syz_memcpy_off$IO_URING_METADATA_GENERIC(r5, 0x4, &(0x7f0000000080)=0xfffffffc, 0x0, 0x4)
syz_io_uring_submit(r5, r6, &(0x7f00000002c0)=@IORING_OP_SEND={0x1a, 0x0, 0x0, r3, 0x0, &(0x7f0000000240)="144024aeae8b2b5d63f7449a372e1406d4defe495b5744eed6801d1d51e1d3fcdcf25bdf4a5f2ef4b45d6898757795c858f0c3d4b26bd644", 0x38, 0x2400c0c7, 0x1})
io_uring_enter(r4, 0x3516, 0x0, 0x0, 0x0, 0x0)
ioctl$VHOST_SET_LOG_FD(0xffffffffffffffff, 0x4004af07, &(0x7f0000000240)=r2)
syz_usb_connect(0x0, 0x24, &(0x7f00000000c0)=ANY=[@ANYBLOB="120100003f7a7e40720c12009622010203010902120001000000000904", @ANYBLOB='c'], 0x0)

859.719144ms ago: executing program 4 (id=5569):
syz_open_dev$tty1(0xc, 0x4, 0x1)
socket$inet6_tcp(0xa, 0x1, 0x0)
socket$inet6_tcp(0xa, 0x1, 0x0)
socket$nl_route(0x10, 0x3, 0x0)
openat$audio(0xffffff9c, 0x0, 0x0, 0x0)
sendmmsg$unix(0xffffffffffffffff, &(0x7f00000bd000), 0x318, 0x0)
recvmmsg(0xffffffffffffffff, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
openat$6lowpan_enable(0xffffffffffffff9c, &(0x7f0000000040), 0x2, 0x0)
syz_usb_connect(0x1, 0x36, &(0x7f00000000c0)=ANY=[@ANYBLOB="1a0100005c6b4408070a64006e40010203030902240001a82300000904000002ca744d00090503034d00ff99090805", @ANYRES32], &(0x7f00000001c0)={0x0, 0x0, 0x0, 0x0, 0x1, [{0x0, 0x0}]})
r0 = syz_open_dev$char_usb(0xc, 0xb4, 0x0)
read(r0, &(0x7f0000000380)=""/144, 0x90)
r1 = seccomp$SECCOMP_SET_MODE_FILTER_LISTENER(0x1, 0x0, &(0x7f0000000000)={0x1, &(0x7f0000000100)=[{0x6, 0x0, 0x94, 0x7fff0000}]})
close_range(r1, 0xffffffffffffffff, 0x0)

713.499692ms ago: executing program 1 (id=5570):
r0 = socket$inet_udp(0x2, 0x2, 0x0)
setsockopt$SO_TIMESTAMPING(r0, 0x1, 0x25, &(0x7f0000000200)=0x474c, 0x4)
bind$inet(r0, &(0x7f0000000240)={0x2, 0x0, @local}, 0x6f)
connect$inet(r0, &(0x7f0000000480)={0x2, 0x0, @multicast2}, 0x10)
sendmmsg(r0, &(0x7f0000007fc0), 0x800001d, 0x300)
setsockopt$inet_int(r0, 0x0, 0x17, &(0x7f00000001c0)=0x7f, 0x4)
setsockopt$inet_int(r0, 0x0, 0x14, &(0x7f0000000100)=0x3, 0x4)
prctl$PR_SET_MM_MAP(0x23, 0xe, &(0x7f0000000080)={&(0x7f0000ff0000/0x1000)=nil, &(0x7f0000ffd000/0x3000)=nil, &(0x7f0000ffc000/0x4000)=nil, &(0x7f0000ffc000/0x4000)=nil, &(0x7f0000ff8000/0x4000)=nil, &(0x7f0000ffc000/0x4000)=nil, &(0x7f0000ffb000/0x3000)=nil, &(0x7f0000ffb000/0x3000)=nil, &(0x7f0000ffc000/0x3000)=nil, &(0x7f0000ffa000/0x1000)=nil, &(0x7f0000ffa000/0x2000)=nil, 0x0}, 0x68)
sendmsg$NFT_BATCH(0xffffffffffffffff, &(0x7f0000000080)={0x0, 0x0, 0x0}, 0x0)
r1 = io_uring_setup(0x1562, &(0x7f0000000040)={0x0, 0x36d, 0xc000, 0xc, 0xa0002f5})
ioctl$BINDER_WRITE_READ(0xffffffffffffffff, 0xc0306201, &(0x7f0000000180)={0x4c, 0x0, &(0x7f0000000240)=[@transaction_sg={0x40486311, {0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x68, 0x0, &(0x7f0000000540)={@fd, @ptr={0x77622a85, 0x0, 0x0, 0x0, 0x1, 0x29}, @ptr={0x70742a85, 0x5, 0x0, 0x0, 0x1}}, 0x0}, 0x1000}], 0x0, 0x0, 0x0})
bpf$PROG_LOAD(0x5, &(0x7f0000000000)={0x12, 0x3, 0x0, &(0x7f0000000240)='syzkaller\x00', 0x80000000, 0xfffffffffffffda2, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback=0x2e, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
setsockopt$sock_int(0xffffffffffffffff, 0x1, 0x24, &(0x7f0000000000)=0xa, 0x4)
io_uring_enter(r1, 0x2219, 0x7721, 0x16, 0x0, 0x0)

587.702823ms ago: executing program 5 (id=5571):
socketpair$unix(0x1, 0x3, 0x0, &(0x7f0000000080)={<r0=>0xffffffffffffffff, <r1=>0xffffffffffffffff})
connect$unix(r0, &(0x7f000057eff8)=@abs, 0x6e)
sendmmsg$unix(r1, &(0x7f00000bd000), 0x318, 0x0)
recvmmsg(r0, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
sched_setattr(0x0, 0x0, 0x0)
r2 = socket$inet_udp(0x2, 0x2, 0x0)
bind$inet(r2, &(0x7f0000000100)={0x2, 0x0, @dev={0xac, 0x14, 0x14, 0x13}}, 0x10)
setsockopt$sock_int(r2, 0x1, 0x6, &(0x7f0000000000)=0x4, 0x4)
connect$inet(r2, &(0x7f0000000040)={0x2, 0x0, @broadcast}, 0x10)
sendmmsg$inet(r2, &(0x7f0000004d00)=[{{0x0, 0x6000, 0x0, 0x0, 0x0, 0x0, 0x30000}}], 0x400000000000284, 0xf00)
setsockopt$IP_VS_SO_SET_TIMEOUT(r2, 0x0, 0x4, 0x0, 0x0)
syz_usb_connect(0x5, 0xa2, &(0x7f00000000c0)=ANY=[@ANYBLOB="12010000ba71d120410e4d53d65801020301090290"], 0x0)
ioctl$DRM_IOCTL_GET_STATS(0xffffffffffffffff, 0x80f86406, 0x0)

0s ago: executing program 6 (id=5572):
socket$nl_generic(0x10, 0x3, 0x10)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
socket$nl_netfilter(0x10, 0x3, 0xc)
openat$sequencer(0xffffffffffffff9c, &(0x7f0000000500), 0x42, 0x0)
socket$nl_netfilter(0x10, 0x3, 0xc)
socket$netlink(0x10, 0x3, 0x0)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={<r0=>0xffffffffffffffff, <r1=>0xffffffffffffffff})
connect$unix(r0, &(0x7f0000000180)=@abs, 0x6e)
sendmmsg$unix(r1, &(0x7f0000000000), 0x651, 0x0)
recvmmsg(r0, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
r2 = syz_io_uring_setup(0x117, &(0x7f0000000400)={0x0, 0x0, 0x10, 0x0, 0x3a2}, &(0x7f00000001c0)=<r3=>0x0, &(0x7f0000000000)=<r4=>0x0)
syz_memcpy_off$IO_URING_METADATA_GENERIC(r3, 0x4, &(0x7f0000000080)=0xfffffc00, 0x0, 0x4)
syz_io_uring_submit(r3, r4, &(0x7f00000000c0)=@IORING_OP_SENDMSG={0x9, 0x40, 0x0, r1, 0x0, &(0x7f0000000280)={0x0, 0x0, 0x0, 0x0, &(0x7f0000000040)=ANY=[@ANYBLOB="1800000000000000010000000100000009"], 0x18}, 0x0, 0x40000, 0x1})
io_uring_enter(r2, 0x47f6, 0x80ffff, 0x0, 0x0, 0x0)

kernel console output (not intermixed with test programs):

ev="fuse" ino=1 res=1 errno=0
[  866.773055][ T8534] usb 2-1: new high-speed USB device number 73 using dummy_hcd
[  866.941392][ T8534] usb 2-1: Using ep0 maxpacket: 32
[  866.949195][ T8534] usb 2-1: config 0 has an invalid interface number: 188 but max is 0
[  866.978633][ T8534] usb 2-1: config 0 has no interface number 0
[  867.091909][ T8534] usb 2-1: config 0 interface 188 altsetting 0 bulk endpoint 0x82 has invalid maxpacket 32
[  867.141916][ T8534] usb 2-1: New USB device found, idVendor=17ef, idProduct=7203, bcdDevice=2e.36
[  867.171329][ T8534] usb 2-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  867.228062][ T8534] usb 2-1: Product: syz
[  867.272254][ T8534] usb 2-1: Manufacturer: syz
[  867.293805][ T8534] usb 2-1: SerialNumber: syz
[  867.313315][ T8534] usb 2-1: config 0 descriptor??
[  867.321880][T20631] raw-gadget.0 gadget.1: fail, usb_ep_enable returned -22
[  867.653742][T20631] raw-gadget.0 gadget.1: fail, usb_ep_enable returned -22
[  868.730265][T20656] kvm_intel: set kvm_intel.dump_invalid_vmcs=1 to dump internal KVM state.
[  869.745877][ T8534] asix 2-1:0.188 (unnamed net_device) (uninitialized): Failed to write reg index 0x0000: -71
[  869.757782][ T8534] asix 2-1:0.188 (unnamed net_device) (uninitialized): Failed to send software reset: ffffffb9
[  869.798046][ T8534] asix 2-1:0.188: probe with driver asix failed with error -71
[  869.815738][ T8534] usb 2-1: USB disconnect, device number 73
[  870.298672][ T1300] ieee802154 phy0 wpan0: encryption failed: -22
[  870.305209][ T1300] ieee802154 phy1 wpan1: encryption failed: -22
[  870.350084][T20682] syzkaller0: entered promiscuous mode
[  870.361295][T20682] syzkaller0: entered allmulticast mode
[  870.585203][T20687] netlink: 8 bytes leftover after parsing attributes in process `syz.3.4669'.
[  870.693486][T13403] usb 2-1: new high-speed USB device number 74 using dummy_hcd
[  871.033708][T13403] usb 2-1: New USB device found, idVendor=0424, idProduct=7850, bcdDevice= 0.00
[  871.055896][T13403] usb 2-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  871.081492][T13403] usb 2-1: Product: syz
[  871.131534][T13403] usb 2-1: Manufacturer: syz
[  871.144235][T13403] usb 2-1: SerialNumber: syz
[  871.635900][T13403] lan78xx 2-1:1.0 (unnamed net_device) (uninitialized): Failed to read register index 0x00000098. ret = -EPIPE
[  871.681934][T13403] lan78xx 2-1:1.0 (unnamed net_device) (uninitialized): Failed to sync IRQ enable register: -EPIPE
[  872.602788][T20721] geneve2: entered promiscuous mode
[  872.623133][ T2977] netdevsim netdevsim4 netdevsim0: set [1, 0] type 2 family 0 port 49751 - 0
[  872.635328][ T2977] netdevsim netdevsim4 netdevsim1: set [1, 0] type 2 family 0 port 49751 - 0
[  872.652570][ T2977] netdevsim netdevsim4 netdevsim2: set [1, 0] type 2 family 0 port 49751 - 0
[  872.671981][T13402] usb 1-1: new high-speed USB device number 18 using dummy_hcd
[  872.682676][   T35] netdevsim netdevsim4 netdevsim3: set [1, 0] type 2 family 0 port 49751 - 0
[  872.720126][T20724] kvm: pic: non byte write
[  872.885165][T13402] usb 1-1: config 0 has an invalid interface number: 79 but max is 0
[  872.906921][T13402] usb 1-1: config 0 has no interface number 0
[  872.937881][T13402] usb 1-1: config 0 interface 79 has no altsetting 0
[  872.954231][T13402] usb 1-1: New USB device found, idVendor=14aa, idProduct=0226, bcdDevice=fc.92
[  872.971347][T13402] usb 1-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  872.979966][T13402] usb 1-1: Product: syz
[  872.985416][T13402] usb 1-1: Manufacturer: syz
[  872.992614][T13402] usb 1-1: SerialNumber: syz
[  873.028239][T13402] usb 1-1: config 0 descriptor??
[  873.048761][T13402] dvb-usb: found a 'WideView WT-220U PenType Receiver (Typhoon/Freecom)' in warm state.
[  873.063660][T13402] dvb-usb: bulk message failed: -22 (2/0)
[  873.071835][T13402] dvb-usb: will use the device's hardware PID filter (table count: 15).
[  873.082745][T13402] dvbdev: DVB: registering new adapter (WideView WT-220U PenType Receiver (Typhoon/Freecom))
[  873.099936][T13402] usb 1-1: media controller created
[  873.109645][T13402] dvbdev: dvb_create_media_entity: media entity 'dvb-demux' registered.
[  873.158326][T13402] usb 1-1: DVB: registering adapter 3 frontend 0 (WideView USB DVB-T)...
[  873.170308][T13402] dvbdev: dvb_create_media_entity: media entity 'WideView USB DVB-T' registered.
[  873.280033][T20734] bridge0: entered promiscuous mode
[  873.290685][T20734] bridge0: left promiscuous mode
[  873.315416][T13402] rc_core: IR keymap rc-dtt200u not found
[  873.322565][T13402] Registered IR keymap rc-empty
[  873.329720][T13402] rc rc0: WideView WT-220U PenType Receiver (Typhoon/Freecom) as /devices/platform/dummy_hcd.0/usb1/1-1/rc/rc0
[  873.351397][T13403] lan78xx 2-1:1.0 (unnamed net_device) (uninitialized): Failed to write register index 0x00000040. ret = -EPROTO
[  873.382612][T13403] lan78xx 2-1:1.0 (unnamed net_device) (uninitialized): Failed to read register index 0x00001000. ret = -EPROTO
[  873.397682][T13402] input: WideView WT-220U PenType Receiver (Typhoon/Freecom) as /devices/platform/dummy_hcd.0/usb1/1-1/rc/rc0/input92
[  873.412675][T13403] lan78xx 2-1:1.0 (unnamed net_device) (uninitialized): Failed to write register index 0x0000011c. ret = -EPROTO
[  873.434193][T13403] lan78xx 2-1:1.0 (unnamed net_device) (uninitialized): Registers INIT FAILED....
[  873.451497][T13402] dvb-usb: schedule remote query interval to 300 msecs.
[  873.458689][T13402] dvb-usb: WideView WT-220U PenType Receiver (Typhoon/Freecom) successfully initialized and connected.
[  873.472386][T13403] lan78xx 2-1:1.0 (unnamed net_device) (uninitialized): Bind routine FAILED
[  873.511676][T13403] lan78xx 2-1:1.0: probe with driver lan78xx failed with error -71
[  873.532029][T13402] usb 1-1: USB disconnect, device number 18
[  873.554049][T13403] usb 2-1: USB disconnect, device number 74
[  873.622959][T13402] dvb-usb: WideView WT-220U PenType Receiver (Typh successfully deinitialized and disconnected.
[  874.081477][T20747] program syz.0.4687 is using a deprecated SCSI ioctl, please convert it to SG_IO
[  874.205001][T20751] program syz.0.4687 is using a deprecated SCSI ioctl, please convert it to SG_IO
[  874.501301][T13402] usb 1-1: new full-speed USB device number 19 using dummy_hcd
[  874.743551][T13402] usb 1-1: unable to get BOS descriptor or descriptor too short
[  874.761342][T13402] usb 1-1: not running at top speed; connect to a high speed hub
[  874.791769][T13402] usb 1-1: config 3 has an invalid interface number: 146 but max is 0
[  874.823689][T13402] usb 1-1: config 3 has no interface number 0
[  874.837472][T13402] usb 1-1: config 3 interface 146 has no altsetting 0
[  874.857294][T13402] usb 1-1: New USB device found, idVendor=04dd, idProduct=9031, bcdDevice=56.ea
[  874.867870][T13402] usb 1-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  874.879773][T13402] usb 1-1: Product: syz
[  874.886384][T13402] usb 1-1: Manufacturer: syz
[  874.900927][T13402] usb 1-1: SerialNumber: syz
[  874.939666][T20768] loop5: detected capacity change from 0 to 8
[  875.129318][T20768] Dev loop5: unable to read RDB block 8
[  875.139321][T13402] cdc_ether 1-1:3.146: More than one union descriptor, skipping ...
[  875.149728][T13402] usb 1-1: bad CDC descriptors
[  875.158776][T13402] usb 1-1: unsupported MDLM descriptors
[  875.227167][T20768]  loop5: unable to read partition table
[  875.252538][T13402] usb 1-1: USB disconnect, device number 19
[  875.275923][T20768] loop5: partition table beyond EOD, truncated
[  875.345290][T20768] loop_reread_partitions: partition scan of loop5 (úùƒå¡™‰ü�¾SêjÌ–ã¢P=ý?ã}X‹ºÐ	œëÜ%õ«`ÉæÖ€ù…ˆŠ5) failed (rc=-5)
[  876.775160][T20794] syzkaller0: entered promiscuous mode
[  876.781973][T20794] syzkaller0: entered allmulticast mode
[  877.243280][T20801] xt_ecn: cannot match TCP bits for non-tcp packets
[  878.707457][T20829] binder_alloc: 20828: pid 20828 spamming oneway? 1 buffers allocated for a total size of 4096
[  878.781507][ T8534] usb 2-1: new high-speed USB device number 75 using dummy_hcd
[  878.789926][   T29] audit: type=1326 audit(1770866995.457:147): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=20830 comm="syz.4.4714" exe="/root/syz-executor" sig=31 arch=c000003e syscall=202 compat=0 ip=0x7f201359bf79 code=0x0
[  878.972741][ T8534] usb 2-1: Using ep0 maxpacket: 16
[  878.988751][ T8534] usb 2-1: config 1 has an invalid descriptor of length 102, skipping remainder of the config
[  879.009401][ T8534] usb 2-1: config 1 has 1 interface, different from the descriptor's value: 3
[  879.064222][ T8534] usb 2-1: New USB device found, idVendor=1d6b, idProduct=0101, bcdDevice= 0.40
[  879.078697][ T8534] usb 2-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  879.176036][ T8534] usb 2-1: Product: syz
[  879.270876][ T8534] usb 2-1: Manufacturer: syz
[  879.291747][ T8534] usb 2-1: SerialNumber: syz
[  879.562964][ T8534] usb 2-1: 0:2 : does not exist
[  879.630304][ T8534] usb 2-1: 5:0: cannot get min/max values for control 4 (id 5)
[  879.646243][ T8534] usb 2-1: 5:0: cannot get min/max values for control 5 (id 5)
[  879.681060][ T8534] usb 2-1: 5:0: cannot get min/max values for control 5 (id 5)
[  879.696708][ T8534] usb 2-1: 5:0: failed to get current value for ch 1 (-22)
[  879.711407][   T24] usb 1-1: new high-speed USB device number 20 using dummy_hcd
[  879.740998][T20848] create_pit_timer: 18 callbacks suppressed
[  879.741020][T20848] kvm: requested 23466 ns i8254 timer period limited to 200000 ns
[  879.757472][T20848] kvm: requested 138285 ns i8254 timer period limited to 200000 ns
[  879.796998][T20848] kvm: requested 117333 ns i8254 timer period limited to 200000 ns
[  879.814466][T20848] kvm: requested 157562 ns i8254 timer period limited to 200000 ns
[  879.836384][T20848] kvm: requested 84647 ns i8254 timer period limited to 200000 ns
[  879.843631][ T8534] usb 2-1: 5:0: cannot get min/max values for control 5 (id 5)
[  879.875563][T20848] kvm: requested 88838 ns i8254 timer period limited to 200000 ns
[  879.908115][T20848] kvm: requested 102247 ns i8254 timer period limited to 200000 ns
[  879.935324][T20848] kvm: requested 173485 ns i8254 timer period limited to 200000 ns
[  879.964184][   T24] usb 1-1: config 27 interface 0 altsetting 0 endpoint 0x8B has an invalid bInterval 0, changing to 7
[  879.994402][T20848] kvm: requested 21790 ns i8254 timer period limited to 200000 ns
[  880.013622][   T24] usb 1-1: config 27 interface 0 altsetting 0 bulk endpoint 0xB has invalid maxpacket 47
[  880.027786][ T8534] usb 2-1: USB disconnect, device number 75
[  880.038014][T20848] kvm: requested 178514 ns i8254 timer period limited to 200000 ns
[  880.054341][   T24] usb 1-1: New USB device found, idVendor=0582, idProduct=0014, bcdDevice=bb.9d
[  880.083258][   T24] usb 1-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  880.122225][T20846] raw-gadget.1 gadget.0: fail, usb_ep_enable returned -22
[  880.167092][ T6036] udevd[6036]: error opening ATTR{/sys/devices/platform/dummy_hcd.1/usb2/2-1/2-1:1.0/sound/card3/controlC3/../uevent} for writing: No such file or directory
[  880.200750][   T24] usb 1-1: Quirk or no altset; falling back to MIDI 1.0
[  880.356531][T20846] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy
[  880.373271][T20846] misc raw-gadget: fail, usb_gadget_register_driver returned -16
[  880.771295][T13402] usb 2-1: new high-speed USB device number 76 using dummy_hcd
[  880.943283][T13402] usb 2-1: config 1 has an invalid descriptor of length 0, skipping remainder of the config
[  880.964519][T13402] usb 2-1: config 1 has 1 interface, different from the descriptor's value: 3
[  881.002212][T13402] usb 2-1: New USB device found, idVendor=08b7, idProduct=0000, bcdDevice= 0.00
[  881.038528][T13402] usb 2-1: New USB device strings: Mfr=0, Product=0, SerialNumber=3
[  881.088160][T13402] usb 2-1: SerialNumber: syz
[  881.914717][T13402] usb 2-1: 0:2 : does not exist
[  882.179920][T13402] usb 2-1: USB disconnect, device number 76
[  882.320240][ T6036] udevd[6036]: error opening ATTR{/sys/devices/platform/dummy_hcd.1/usb2/2-1/2-1:1.0/sound/card4/controlC4/../uevent} for writing: No such file or directory
[  882.797756][T13402] usb 1-1: USB disconnect, device number 20
[  887.984069][T20960] netlink: 'syz.4.4753': attribute type 10 has an invalid length.
[  888.098648][T20960] bond0: (slave bridge0): Enslaving as an active interface with an up link
[  889.014023][   T29] audit: type=1326 audit(1770867005.687:148): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=20968 comm="syz.1.4756" exe="/root/syz-executor" sig=31 arch=c000003e syscall=202 compat=0 ip=0x7f298b59bf79 code=0x0
[  889.519041][T20977] netlink: 'syz.4.4759': attribute type 1 has an invalid length.
[  890.291792][T20989] syzkaller0: entered promiscuous mode
[  890.341543][T20989] syzkaller0: entered allmulticast mode
[  891.314162][T20998] ip6gre3: entered promiscuous mode
[  891.323404][T20998] ip6gre3: entered allmulticast mode
[  891.400066][T20998] netlink: 'syz.1.4766': attribute type 6 has an invalid length.
[  891.409325][T20998] netlink: 'syz.1.4766': attribute type 7 has an invalid length.
[  891.425887][T20998] netlink: 52 bytes leftover after parsing attributes in process `syz.1.4766'.
[  893.621362][ T8534] usb 4-1: new high-speed USB device number 60 using dummy_hcd
[  893.780638][ T8534] usb 4-1: New USB device found, idVendor=0424, idProduct=7850, bcdDevice= 0.00
[  893.790223][ T8534] usb 4-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  893.811386][ T8534] usb 4-1: Product: syz
[  893.820238][ T8534] usb 4-1: Manufacturer: syz
[  893.830293][ T8534] usb 4-1: SerialNumber: syz
[  894.353198][ T8534] lan78xx 4-1:1.0 (unnamed net_device) (uninitialized): Failed to read register index 0x00000098. ret = -EPIPE
[  894.385054][ T8534] lan78xx 4-1:1.0 (unnamed net_device) (uninitialized): Failed to sync IRQ enable register: -EPIPE
[  895.616847][ T8534] lan78xx 4-1:1.0 (unnamed net_device) (uninitialized): Failed to read register index 0x00000010. ret = -EPIPE
[  895.800175][T21049] kvm_intel: set kvm_intel.dump_invalid_vmcs=1 to dump internal KVM state.
[  895.873159][T21024] netlink: 28 bytes leftover after parsing attributes in process `syz.0.4774'.
[  896.029157][T21024] syzkaller1: entered promiscuous mode
[  896.045244][ T8534] lan78xx 4-1:1.0 (unnamed net_device) (uninitialized): Failed to read register index 0x00001000. ret = -EPROTO
[  896.078308][T21024] syzkaller1: entered allmulticast mode
[  896.084163][ T8534] lan78xx 4-1:1.0 (unnamed net_device) (uninitialized): Failed to write register index 0x0000011c. ret = -EPROTO
[  896.121376][ T8534] lan78xx 4-1:1.0 (unnamed net_device) (uninitialized): Registers INIT FAILED....
[  896.155254][ T8534] lan78xx 4-1:1.0 (unnamed net_device) (uninitialized): Bind routine FAILED
[  896.177707][ T8534] lan78xx 4-1:1.0: probe with driver lan78xx failed with error -71
[  896.210603][ T8534] usb 4-1: USB disconnect, device number 60
[  897.715635][ T8534] usb 5-1: new high-speed USB device number 21 using dummy_hcd
[  897.894254][ T8534] usb 5-1: Using ep0 maxpacket: 16
[  897.922601][ T8534] usb 5-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7
[  897.944520][ T8534] usb 5-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0
[  897.973945][ T8534] usb 5-1: config 0 interface 0 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 9
[  897.992041][ T8534] usb 5-1: New USB device found, idVendor=045e, idProduct=07da, bcdDevice= 0.00
[  898.006744][ T8534] usb 5-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  898.019895][T21081] kvm_intel: set kvm_intel.dump_invalid_vmcs=1 to dump internal KVM state.
[  898.044872][ T8534] usb 5-1: config 0 descriptor??
[  898.174264][T21084] kvm: pic: non byte write
[  898.577281][ T8534] input: HID 045e:07da as /devices/platform/dummy_hcd.4/usb5/5-1/5-1:0.0/0003:045E:07DA.002F/input/input93
[  898.615581][ T8534] microsoft 0003:045E:07DA.002F: input,hidraw0: USB HID v0.00 Device [HID 045e:07da] on usb-dummy_hcd.4-1/input0
[  899.099600][ T8534] usb 5-1: USB disconnect, device number 21
[  900.975387][T13402] usb 4-1: new full-speed USB device number 61 using dummy_hcd
[  901.151038][T13402] usb 4-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 10
[  901.190769][T13402] usb 4-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid maxpacket 205, setting to 64
[  901.223756][T13402] usb 4-1: config 0 interface 0 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 21
[  901.261540][T13402] usb 4-1: New USB device found, idVendor=047f, idProduct=ffff, bcdDevice= 0.00
[  901.281588][T13402] usb 4-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  901.313991][T13402] usb 4-1: config 0 descriptor??
[  901.319947][T21108] raw-gadget.0 gadget.3: fail, usb_ep_enable returned -22
[  901.423349][T21112] syzkaller0: entered promiscuous mode
[  901.431854][T21112] syzkaller0: entered allmulticast mode
[  902.339777][T13402] plantronics 0003:047F:FFFF.0030: hiddev0,hidraw0: USB HID v0.40 Device [HID 047f:ffff] on usb-dummy_hcd.3-1/input0
[  902.622763][ T5891] usb 4-1: USB disconnect, device number 61
[  907.331398][T13402] usb 1-1: new high-speed USB device number 21 using dummy_hcd
[  907.596643][T13402] usb 1-1: New USB device found, idVendor=0424, idProduct=7850, bcdDevice= 0.00
[  907.627030][T13402] usb 1-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  907.645204][T13402] usb 1-1: Product: syz
[  907.670080][T13402] usb 1-1: Manufacturer: syz
[  907.678656][T13402] usb 1-1: SerialNumber: syz
[  907.947285][T21168] netlink: 12 bytes leftover after parsing attributes in process `syz.7.4814'.
[  908.171649][T13402] lan78xx 1-1:1.0 (unnamed net_device) (uninitialized): Failed to read register index 0x00000098. ret = -EPIPE
[  908.227626][T13402] lan78xx 1-1:1.0 (unnamed net_device) (uninitialized): Failed to sync IRQ enable register: -EPIPE
[  910.187129][T13402] lan78xx 1-1:1.0 (unnamed net_device) (uninitialized): Failed to write register index 0x00000080. ret = -EPROTO
[  910.201635][T13402] lan78xx 1-1:1.0 (unnamed net_device) (uninitialized): Registers INIT FAILED....
[  910.214365][T13402] lan78xx 1-1:1.0 (unnamed net_device) (uninitialized): Bind routine FAILED
[  910.239379][T13402] lan78xx 1-1:1.0: probe with driver lan78xx failed with error -71
[  910.279688][T13402] usb 1-1: USB disconnect, device number 21
[  911.402666][T21189] netlink: 4 bytes leftover after parsing attributes in process `syz.0.4820'.
[  912.058773][T21189] netlink: 4 bytes leftover after parsing attributes in process `syz.0.4820'.
[  912.073921][T18725] netdevsim netdevsim0 netdevsim0: set [0, 0] type 1 family 0 port 8472 - 0
[  912.097765][T18725] netdevsim netdevsim0 netdevsim1: set [0, 0] type 1 family 0 port 8472 - 0
[  912.107718][T18725] netdevsim netdevsim0 netdevsim2: set [0, 0] type 1 family 0 port 8472 - 0
[  912.117601][T18725] netdevsim netdevsim0 netdevsim3: set [0, 0] type 1 family 0 port 8472 - 0
[  913.066022][T21204] binder: BINDER_SET_CONTEXT_MGR already set
[  913.073129][T21204] binder: 21203:21204 ioctl 4018620d 2000000002c0 returned -16
[  918.795024][T21283] bridge_slave_0: left allmulticast mode
[  918.971073][T21286] netlink: 'syz.4.4846': attribute type 1 has an invalid length.
[  918.981635][T21283] bridge0: port 1(bridge_slave_0) entered disabled state
[  919.298737][T21290] netlink: 28 bytes leftover after parsing attributes in process `syz.4.4846'.
[  919.462022][T21283] A link change request failed with some changes committed already. Interface bridge_slave_0 may have been left with an inconsistent configuration, please check.
[  919.735175][T21288] 8021q: adding VLAN 0 to HW filter on device bond3
[  919.801048][T21288] bond2: (slave bond3): making interface the new active one
[  919.840490][T21288] bond2: (slave bond3): Enslaving as an active interface with an up link
[  919.905968][T21289] bond2: (slave gretap2): Enslaving as a backup interface with an up link
[  919.963613][T21290] 8021q: adding VLAN 0 to HW filter on device bond2
[  920.030868][T21303] netlink: 4 bytes leftover after parsing attributes in process `syz.0.4849'.
[  920.032522][T21301] syzkaller0: entered promiscuous mode
[  920.090752][T21301] syzkaller0: entered allmulticast mode
[  920.111767][T21303] netlink: 4 bytes leftover after parsing attributes in process `syz.0.4849'.
[  920.266204][T21309] netlink: 12 bytes leftover after parsing attributes in process `syz.3.4851'.
[  920.345955][T21309] veth13: entered promiscuous mode
[  920.351639][T21309] veth13: entered allmulticast mode
[  920.357998][T21309] bridge4: port 1(veth13) entered blocking state
[  920.361398][T13403] usb 5-1: new high-speed USB device number 22 using dummy_hcd
[  920.367715][T21309] bridge4: port 1(veth13) entered disabled state
[  920.384520][T21309] bridge4: port 1(veth13) entered blocking state
[  920.391516][T21309] bridge4: port 1(veth13) entered forwarding state
[  920.432255][T21312] veth15: entered promiscuous mode
[  920.460710][T21312] veth15: entered allmulticast mode
[  920.468773][T21312] bridge4: port 2(veth15) entered blocking state
[  920.492324][T21312] bridge4: port 2(veth15) entered disabled state
[  920.508406][T21312] bridge4: port 2(veth15) entered blocking state
[  920.515296][T21312] bridge4: port 2(veth15) entered forwarding state
[  920.577275][T13403] usb 5-1: config 0 interface 0 altsetting 0 has an endpoint descriptor with address 0xFF, changing to 0x8F
[  920.609995][T13403] usb 5-1: config 0 interface 0 altsetting 0 endpoint 0x8F has an invalid bInterval 0, changing to 7
[  920.641378][T13403] usb 5-1: config 0 interface 0 altsetting 0 endpoint 0x8F has invalid wMaxPacketSize 0
[  920.780918][T13403] usb 5-1: config 0 interface 0 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 21
[  920.831463][T13403] usb 5-1: New USB device found, idVendor=047f, idProduct=ffff, bcdDevice= 0.00
[  920.878446][T13403] usb 5-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  920.930448][T21325] netlink: 4 bytes leftover after parsing attributes in process `syz.3.4855'.
[  920.960814][T13403] usb 5-1: config 0 descriptor??
[  921.096650][T21325] netlink: 4 bytes leftover after parsing attributes in process `syz.3.4855'.
[  921.202722][T18725] bridge4: port 1(veth13) entered disabled state
[  921.255414][T18725] bridge4: port 2(veth15) entered disabled state
[  921.270084][T21325] team2 (uninitialized): Failed to send options change via netlink (err -105)
[  921.770590][T13403] plantronics 0003:047F:FFFF.0031: hiddev0,hidraw0: USB HID v0.40 Device [HID 047f:ffff] on usb-dummy_hcd.4-1/input0
[  922.717663][   T24] usb 5-1: USB disconnect, device number 22
[  924.941579][T13403] usb 5-1: new high-speed USB device number 23 using dummy_hcd
[  925.151491][T13403] usb 5-1: Using ep0 maxpacket: 8
[  925.171338][T13403] usb 5-1: config 4 interface 0 has no altsetting 0
[  925.217571][T13403] usb 5-1: New USB device found, idVendor=2c7c, idProduct=0512, bcdDevice= e.66
[  925.699216][T18725] bridge0: port 2(bridge_slave_1) entered disabled state
[  925.719003][T13403] usb 5-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  925.761933][T13403] usb 5-1: Product: syz
[  925.766351][T13403] usb 5-1: Manufacturer: syz
[  925.839148][T13403] usb 5-1: SerialNumber: syz
[  925.849452][T18725] bridge_slave_0: left allmulticast mode
[  925.949465][T18725] bridge_slave_0: left promiscuous mode
[  925.982831][T18725] bridge0: port 1(bridge_slave_0) entered disabled state
[  926.156628][T13403] qmi_wwan 5-1:4.0: probe with driver qmi_wwan failed with error -22
[  926.529687][T13403] usb 5-1: USB disconnect, device number 23
[  928.098423][T21395] netlink: 'syz.3.4873': attribute type 10 has an invalid length.
[  928.446441][T21403] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium
[  928.638443][T18725] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface
[  928.663007][T18725] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface
[  928.675210][T18725] bond0 (unregistering): Released all slaves
[  929.562493][T21427] binder_alloc: 21424: pid 21424 spamming oneway? 1 buffers allocated for a total size of 4096
[  929.600950][T21426] netlink: 'syz.0.4879': attribute type 1 has an invalid length.
[  930.223584][T21430] bond1: (slave gretap1): making interface the new active one
[  930.366632][T21430] bond1: (slave gretap1): Enslaving as an active interface with an up link
[  930.407521][T21432] vlan2: entered allmulticast mode
[  930.432553][T21432] bond1: entered allmulticast mode
[  930.520180][T21432] gretap1: entered allmulticast mode
[  930.654209][T21432] bond1: (slave vlan2): the slave hw address is in use by the bond; couldn't find a slave with a free hw address to give it (this should not have happened)
[  930.821320][T18725] hsr_slave_0: left promiscuous mode
[  931.031339][T18725] hsr_slave_1: left promiscuous mode
[  931.075721][T18725] batman_adv: batadv0: Removing interface: batadv_slave_0
[  931.115211][T18725] batman_adv: batadv0: Removing interface: batadv_slave_1
[  931.753180][ T1300] ieee802154 phy0 wpan0: encryption failed: -22
[  931.759625][ T1300] ieee802154 phy1 wpan1: encryption failed: -22
[  931.778684][T21463] fuse: Bad value for 'fd'
[  932.929756][T21491] iommufd_mock iommufd_mock0: Adding to iommu group 0
[  933.291903][T18725] team0 (unregistering): Port device team_slave_1 removed
[  933.364210][T18725] team0 (unregistering): Port device team_slave_0 removed
[  933.753638][T13403] usb 4-1: new high-speed USB device number 62 using dummy_hcd
[  933.838733][ T5837] Bluetooth: hci1: command 0x0406 tx timeout
[  933.993858][T13403] usb 4-1: Using ep0 maxpacket: 8
[  934.007863][T13403] usb 4-1: config 16 interface 0 altsetting 0 endpoint 0x5 has invalid maxpacket 56832, setting to 1024
[  934.038196][T13403] usb 4-1: config 16 interface 0 altsetting 0 bulk endpoint 0x5 has invalid maxpacket 1024
[  934.119927][T13403] usb 4-1: config 16 interface 0 altsetting 0 bulk endpoint 0x8B has invalid maxpacket 32
[  934.143797][T13403] usb 4-1: config 16 interface 0 altsetting 0 has 2 endpoint descriptors, different from the interface descriptor's value: 3
[  934.171295][T13403] usb 4-1: New USB device found, idVendor=ee8d, idProduct=db1a, bcdDevice=61.23
[  934.198462][T13403] usb 4-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  934.457834][T13403] usb 4-1: usb_control_msg returned -32
[  934.478302][T13403] usbtmc 4-1:16.0: can't read capabilities
[  934.745667][T21480] syzkaller0: entered promiscuous mode
[  934.751403][T21480] syzkaller0: entered allmulticast mode
[  934.888743][    C0] usbtmc 4-1:16.0: usbtmc_write_bulk_cb - nonzero write bulk status received: -71
[  934.898751][    C0] usbtmc 4-1:16.0: usbtmc_write_bulk_cb - nonzero write bulk status received: -71
[  934.908098][    C0] usbtmc 4-1:16.0: usbtmc_write_bulk_cb - nonzero write bulk status received: -71
[  934.934079][T13403] usb 1-1: new high-speed USB device number 22 using dummy_hcd
[  935.101692][T13403] usb 1-1: Using ep0 maxpacket: 16
[  935.132690][T13403] usb 1-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7
[  935.167850][T13403] usb 1-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0
[  935.211332][T13403] usb 1-1: config 0 interface 0 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 9
[  935.238806][T13403] usb 1-1: New USB device found, idVendor=045e, idProduct=07da, bcdDevice= 0.00
[  935.261703][   T24] usb 5-1: new high-speed USB device number 24 using dummy_hcd
[  935.271343][T13403] usb 1-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  935.295544][T13403] usb 1-1: config 0 descriptor??
[  935.421298][   T24] usb 5-1: Using ep0 maxpacket: 16
[  935.429317][   T24] usb 5-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7
[  935.449045][   T24] usb 5-1: New USB device found, idVendor=05ac, idProduct=0324, bcdDevice= 0.00
[  935.479552][   T24] usb 5-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  935.493739][T13391] usb 2-1: new high-speed USB device number 77 using dummy_hcd
[  935.512844][   T24] usb 5-1: config 0 descriptor??
[  935.785190][T13403] microsoft 0003:045E:07DA.0032: unknown main item tag 0x0
[  935.793231][T13403] microsoft 0003:045E:07DA.0032: ignoring exceeding usage max
[  935.818850][T13403] microsoft 0003:045E:07DA.0032: unknown main item tag 0x0
[  935.833316][T13391] usb 2-1: config 0 has an invalid interface number: 79 but max is 0
[  935.844961][T13391] usb 2-1: config 0 has no interface number 0
[  935.853113][T13403] microsoft 0003:045E:07DA.0032: unknown main item tag 0x0
[  935.860802][T13391] usb 2-1: config 0 interface 79 has no altsetting 0
[  935.870922][T13403] microsoft 0003:045E:07DA.0032: unknown main item tag 0x1
[  935.885472][T13391] usb 2-1: New USB device found, idVendor=14aa, idProduct=0226, bcdDevice=fc.92
[  935.897901][T13403] microsoft 0003:045E:07DA.0032: unknown main item tag 0x0
[  935.908220][T13391] usb 2-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  935.930075][T13391] usb 2-1: Product: syz
[  935.941397][T13391] usb 2-1: Manufacturer: syz
[  935.959781][T13403] input: HID 045e:07da as /devices/platform/dummy_hcd.0/usb1/1-1/1-1:0.0/0003:045E:07DA.0032/input/input95
[  935.972567][T13391] usb 2-1: SerialNumber: syz
[  935.988435][T13391] usb 2-1: config 0 descriptor??
[  936.055635][T13391] dvb-usb: found a 'WideView WT-220U PenType Receiver (Typhoon/Freecom)' in warm state.
[  936.102761][T13391] dvb-usb: bulk message failed: -22 (2/0)
[  936.108795][T13403] microsoft 0003:045E:07DA.0032: input,hidraw0: USB HID v0.00 Device [HID 045e:07da] on usb-dummy_hcd.0-1/input0
[  936.127085][T13391] dvb-usb: will use the device's hardware PID filter (table count: 15).
[  936.148493][T13391] dvbdev: DVB: registering new adapter (WideView WT-220U PenType Receiver (Typhoon/Freecom))
[  936.186623][T13391] usb 2-1: media controller created
[  936.200193][T13403] usb 1-1: USB disconnect, device number 22
[  936.257125][T13391] dvbdev: dvb_create_media_entity: media entity 'dvb-demux' registered.
[  936.369697][T13391] usb 2-1: DVB: registering adapter 3 frontend 0 (WideView USB DVB-T)...
[  936.414880][T13391] dvbdev: dvb_create_media_entity: media entity 'WideView USB DVB-T' registered.
[  936.499731][ T8534] usb 4-1: USB disconnect, device number 62
[  936.785272][T21529] fido_id[21529]: Failed to open report descriptor at '/sys/devices/platform/dummy_hcd.0/usb1/report_descriptor': No such file or directory
[  937.032200][T13391] rc_core: IR keymap rc-dtt200u not found
[  937.038075][T13391] Registered IR keymap rc-empty
[  937.074363][   T24] magicmouse 0003:05AC:0324.0033: item fetching failed at offset 3/5
[  937.089925][T13391] rc rc0: WideView WT-220U PenType Receiver (Typhoon/Freecom) as /devices/platform/dummy_hcd.1/usb2/2-1/rc/rc0
[  937.168422][   T24] magicmouse 0003:05AC:0324.0033: magicmouse hid parse failed
[  937.198845][T13391] input: WideView WT-220U PenType Receiver (Typhoon/Freecom) as /devices/platform/dummy_hcd.1/usb2/2-1/rc/rc0/input96
[  937.229991][   T24] magicmouse 0003:05AC:0324.0033: probe with driver magicmouse failed with error -22
[  937.295303][T13391] dvb-usb: schedule remote query interval to 300 msecs.
[  937.399874][T13391] dvb-usb: WideView WT-220U PenType Receiver (Typhoon/Freecom) successfully initialized and connected.
[  937.473505][T13391] usb 2-1: USB disconnect, device number 77
[  937.788001][T13391] dvb-usb: WideView WT-220U PenType Receiver (Typh successfully deinitialized and disconnected.
[  937.911680][ T5891] usb 5-1: USB disconnect, device number 24
[  938.455188][T21563] create_pit_timer: 3 callbacks suppressed
[  938.455203][T21563] kvm: requested 181028 ns i8254 timer period limited to 200000 ns
[  938.540661][T21563] kvm: requested 186895 ns i8254 timer period limited to 200000 ns
[  938.662942][T21563] kvm: requested 180190 ns i8254 timer period limited to 200000 ns
[  938.729741][T21563] kvm: requested 56990 ns i8254 timer period limited to 200000 ns
[  938.824563][T21563] kvm: requested 69561 ns i8254 timer period limited to 200000 ns
[  938.874576][T21563] kvm: requested 172647 ns i8254 timer period limited to 200000 ns
[  938.884731][T21563] kvm: requested 109790 ns i8254 timer period limited to 200000 ns
[  938.900658][T21563] kvm: requested 134095 ns i8254 timer period limited to 200000 ns
[  938.931482][ T5891] usb 2-1: new high-speed USB device number 78 using dummy_hcd
[  939.004149][T21563] kvm: requested 153371 ns i8254 timer period limited to 200000 ns
[  939.101822][ T5891] usb 2-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7
[  939.116461][ T5891] usb 2-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0
[  939.131417][ T5891] usb 2-1: New USB device found, idVendor=27b8, idProduct=01ed, bcdDevice= 0.00
[  939.151020][ T5891] usb 2-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  939.256986][ T5891] usb 2-1: config 0 descriptor??
[  940.434513][ T5891] hid-led 0003:27B8:01ED.0034: probe with driver hid-led failed with error -71
[  940.491059][ T5891] usb 2-1: USB disconnect, device number 78
[  943.031864][   T44] usb 5-1: new high-speed USB device number 25 using dummy_hcd
[  943.040101][   T24] usb 2-1: new high-speed USB device number 79 using dummy_hcd
[  943.201500][   T24] usb 2-1: Using ep0 maxpacket: 32
[  943.208628][   T44] usb 5-1: New USB device found, idVendor=9710, idProduct=7730, bcdDevice=96.33
[  943.218401][   T24] usb 2-1: config 0 interface 0 has no altsetting 0
[  943.225349][   T44] usb 5-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  943.235654][   T24] usb 2-1: New USB device found, idVendor=16d0, idProduct=10b8, bcdDevice=de.8e
[  943.245220][   T24] usb 2-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  943.255501][   T44] usb 5-1: config 0 descriptor??
[  943.269812][   T24] usb 2-1: Product: syz
[  943.274339][   T24] usb 2-1: Manufacturer: syz
[  943.279432][   T24] usb 2-1: SerialNumber: syz
[  943.287188][   T24] usb 2-1: config 0 descriptor??
[  944.105381][   T24] gs_usb 2-1:0.0: Couldn't send data format (err=-71)
[  944.116756][   T24] gs_usb 2-1:0.0: probe with driver gs_usb failed with error -71
[  944.131401][   T24] usb 2-1: USB disconnect, device number 79
[  944.714787][T21651] mac80211_hwsim hwsim22 syzkaller0: entered promiscuous mode
[  944.722869][T21651] mac80211_hwsim hwsim22 syzkaller0: entered allmulticast mode
[  944.764664][T21651] tipc: Started in network mode
[  944.769966][T21651] tipc: Node identity 080211000001, cluster identity 4711
[  944.780818][T21651] tipc: Enabled bearer <eth:syzkaller0>, priority 0
[  946.160012][  T981] tipc: Node number set to 134418688
[  946.170486][   T44] usb 5-1: Cannot set autoneg
[  946.175806][   T44] MOSCHIP usb-ethernet driver 5-1:0.0: probe with driver MOSCHIP usb-ethernet driver failed with error -71
[  946.272011][   T44] usb 5-1: USB disconnect, device number 25
[  947.854660][T13402] IPVS: starting estimator thread 0...
[  947.878918][T21696] netlink: 14 bytes leftover after parsing attributes in process `syz.0.4937'.
[  947.911266][   T44] usb 4-1: new high-speed USB device number 63 using dummy_hcd
[  948.077010][T21698] IPVS: using max 25 ests per chain, 60000 per kthread
[  948.253416][   T44] usb 4-1: config 27 interface 0 altsetting 0 endpoint 0x8B has an invalid bInterval 0, changing to 7
[  948.265253][   T44] usb 4-1: config 27 interface 0 altsetting 0 bulk endpoint 0xB has invalid maxpacket 47
[  948.291594][   T44] usb 4-1: New USB device found, idVendor=0582, idProduct=0014, bcdDevice=bb.9d
[  948.312181][   T44] usb 4-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  948.328090][T21696] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface
[  948.354100][T21689] raw-gadget.0 gadget.3: fail, usb_ep_enable returned -22
[  948.386990][   T44] usb 4-1: Quirk or no altset; falling back to MIDI 1.0
[  948.397220][T21696] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface
[  948.455047][T21696] bond0 (unregistering): Released all slaves
[  948.640350][   T44] usb 4-1: USB disconnect, device number 63
[  949.397156][T21725] fuse: Bad value for 'fd'
[  952.921355][T13391] usb 2-1: new high-speed USB device number 80 using dummy_hcd
[  953.420068][T13391] usb 2-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7
[  953.487964][T13391] usb 2-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0
[  953.545339][T13391] usb 2-1: New USB device found, idVendor=1e7d, idProduct=2cf6, bcdDevice= 0.00
[  953.675239][T13391] usb 2-1: New USB device strings: Mfr=4, Product=0, SerialNumber=0
[  953.704674][T13391] usb 2-1: Manufacturer: syz
[  953.776315][T13391] usb 2-1: config 0 descriptor??
[  954.349569][T13391] pyra 0003:1E7D:2CF6.0035: unknown main item tag 0x0
[  954.380077][T13391] pyra 0003:1E7D:2CF6.0035: unknown main item tag 0x0
[  954.399354][T13391] pyra 0003:1E7D:2CF6.0035: unknown main item tag 0x0
[  954.429816][T13391] pyra 0003:1E7D:2CF6.0035: unknown main item tag 0x0
[  954.439981][T13391] pyra 0003:1E7D:2CF6.0035: unknown main item tag 0x0
[  954.494184][T13391] pyra 0003:1E7D:2CF6.0035: unknown main item tag 0x0
[  954.514459][T13391] pyra 0003:1E7D:2CF6.0035: unknown main item tag 0x0
[  954.553380][T13391] pyra 0003:1E7D:2CF6.0035: hidraw0: USB HID v0.00 Device [syz] on usb-dummy_hcd.1-1/input0
[  956.575100][T13391] pyra 0003:1E7D:2CF6.0035: couldn't init struct pyra_device
[  956.582744][T13391] pyra 0003:1E7D:2CF6.0035: couldn't install mouse
[  956.590841][T13391] pyra 0003:1E7D:2CF6.0035: probe with driver pyra failed with error -71
[  956.604881][T13391] usb 2-1: USB disconnect, device number 80
[  957.210373][T21806] fido_id[21806]: Failed to open report descriptor at '/sys/devices/platform/dummy_hcd.1/usb2/report_descriptor': No such file or directory
[  960.357348][T21723] syz.0.4945 (21723): drop_caches: 1
[  960.580666][T21853] binder: BINDER_SET_CONTEXT_MGR already set
[  960.587063][T21853] binder: 21851:21853 ioctl 4018620d 200000004a80 returned -16
[  960.598071][T21853] binder: 21851:21853 ioctl c018620c 200000000240 returned -1
[  960.771437][ T8534] usb 2-1: new high-speed USB device number 81 using dummy_hcd
[  960.923340][ T8534] usb 2-1: Using ep0 maxpacket: 32
[  960.942960][ T8534] usb 2-1: config 0 has an invalid interface number: 188 but max is 0
[  960.977813][ T8534] usb 2-1: config 0 has no interface number 0
[  960.997079][ T8534] usb 2-1: config 0 interface 188 altsetting 0 bulk endpoint 0x82 has invalid maxpacket 32
[  961.034680][ T8534] usb 2-1: New USB device found, idVendor=17ef, idProduct=7203, bcdDevice=2e.36
[  961.044779][ T8534] usb 2-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  961.061097][ T8534] usb 2-1: Product: syz
[  961.072432][ T8534] usb 2-1: Manufacturer: syz
[  961.077169][ T8534] usb 2-1: SerialNumber: syz
[  961.125511][ T8534] usb 2-1: config 0 descriptor??
[  961.156224][T21847] raw-gadget.0 gadget.1: fail, usb_ep_enable returned -22
[  961.428311][T21847] raw-gadget.0 gadget.1: fail, usb_ep_enable returned -22
[  961.525867][T21875] syzkaller0: entered promiscuous mode
[  961.531806][T21875] syzkaller0: entered allmulticast mode
[  961.541042][T21875] tipc: Started in network mode
[  961.553789][T21875] tipc: Node identity 6a99ea73afb4, cluster identity 4711
[  961.602254][T21875] tipc: Enabled bearer <eth:syzkaller0>, priority 0
[  961.650026][T21872] tipc: Resetting bearer <eth:syzkaller0>
[  961.746553][T21872] tipc: Disabling bearer <eth:syzkaller0>
[  961.974004][T21890] netlink: 9 bytes leftover after parsing attributes in process `syz.3.4978'.
[  961.993872][T21890] ..0·: renamed from hsr0
[  962.020997][T21890] ..0·: Slave A (hsr_slave_0) is not up; please bring it up to get a fully working HSR network
[  962.033395][T21890] ..0·: Slave B (hsr_slave_1) is not up; please bring it up to get a fully working HSR network
[  962.057746][T21890] ..0·: entered allmulticast mode
[  962.096758][T21890] hsr_slave_0: entered allmulticast mode
[  962.118066][T21890] hsr_slave_1: entered allmulticast mode
[  962.138557][T21890] A link change request failed with some changes committed already. Interface ..0· may have been left with an inconsistent configuration, please check.
[  962.741406][T13391] usb 5-1: new high-speed USB device number 26 using dummy_hcd
[  962.911349][T13391] usb 5-1: Using ep0 maxpacket: 8
[  962.923321][T13402] usb 1-1: new high-speed USB device number 23 using dummy_hcd
[  962.946404][T13391] usb 5-1: config 0 has an invalid interface number: 55 but max is 0
[  962.961733][T13391] usb 5-1: config 0 has no interface number 0
[  962.967900][T13391] usb 5-1: config 0 interface 55 altsetting 0 has an invalid descriptor for endpoint zero, skipping
[  962.985507][T13391] usb 5-1: config 0 interface 55 altsetting 0 has an endpoint descriptor with address 0xAB, changing to 0x8B
[  962.998077][T13391] usb 5-1: config 0 interface 55 altsetting 0 endpoint 0x8B has an invalid bInterval 0, changing to 7
[  963.010414][T13391] usb 5-1: config 0 interface 55 altsetting 0 has 3 endpoint descriptors, different from the interface descriptor's value: 2
[  963.040377][T13391] usb 5-1: New USB device found, idVendor=0f11, idProduct=1080, bcdDevice=fc.6a
[  963.057072][T13391] usb 5-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  963.097535][T13391] usb 5-1: config 0 descriptor??
[  963.125117][T13391] ldusb 5-1:0.55: LD USB Device #0 now attached to major 180 minor 0
[  963.138018][T13402] usb 1-1: New USB device found, idVendor=0424, idProduct=7850, bcdDevice= 0.00
[  963.160761][T13402] usb 1-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  963.193233][T13402] usb 1-1: Product: syz
[  963.197456][T13402] usb 1-1: Manufacturer: syz
[  963.213367][T13402] usb 1-1: SerialNumber: syz
[  963.843822][T13402] lan78xx 1-1:1.0 (unnamed net_device) (uninitialized): Failed to read register index 0x00000098. ret = -EPIPE
[  963.877625][ T5891] usb 5-1: USB disconnect, device number 26
[  963.883769][    C1] ldusb 5-1:0.55: usb_submit_urb failed (-19)
[  963.894359][T13402] lan78xx 1-1:1.0 (unnamed net_device) (uninitialized): Failed to sync IRQ enable register: -EPIPE
[  964.034720][ T5891] ldusb 5-1:0.55: LD USB Device #0 now disconnected
[  964.034852][T21897] ldusb: No device or device unplugged -19
[  964.065801][ T8534] asix 2-1:0.188 (unnamed net_device) (uninitialized): Failed to write reg index 0x0000: -71
[  964.077000][ T8534] asix 2-1:0.188 (unnamed net_device) (uninitialized): Failed to write RX_CTL mode to 0x0088: ffffffb9
[  964.175166][ T8534] asix 2-1:0.188: probe with driver asix failed with error -71
[  964.190298][ T8534] usb 2-1: USB disconnect, device number 81
[  966.320390][T13402] lan78xx 1-1:1.0 (unnamed net_device) (uninitialized): Failed to read register index 0x00000040. ret = -EPROTO
[  966.341629][T13402] lan78xx 1-1:1.0 (unnamed net_device) (uninitialized): Failed to read register index 0x00001000. ret = -EPROTO
[  966.464453][T13402] lan78xx 1-1:1.0 (unnamed net_device) (uninitialized): Failed to write register index 0x0000011c. ret = -EPROTO
[  966.611498][T13402] lan78xx 1-1:1.0 (unnamed net_device) (uninitialized): Registers INIT FAILED....
[  966.912971][T13402] lan78xx 1-1:1.0 (unnamed net_device) (uninitialized): Bind routine FAILED
[  967.103801][T13402] lan78xx 1-1:1.0: probe with driver lan78xx failed with error -71
[  967.160423][T13402] usb 1-1: USB disconnect, device number 23
[  967.858405][T21951] kvm_intel: set kvm_intel.dump_invalid_vmcs=1 to dump internal KVM state.
[  968.482902][T21956] syzkaller0: entered promiscuous mode
[  968.488625][T21956] syzkaller0: entered allmulticast mode
[  968.653078][T21958] netlink: 'syz.0.4999': attribute type 1 has an invalid length.
[  968.827407][T21958] 8021q: adding VLAN 0 to HW filter on device bond0
[  968.961646][T21965] erspan0: entered allmulticast mode
[  969.059751][T21965] bond0: (slave erspan0): making interface the new active one
[  969.172852][T21965] bond0: (slave erspan0): Enslaving as an active interface with an up link
[  969.286294][T21960] bond0: (slave ip6gretap1): Enslaving as an active interface with an up link
[  969.498775][T21961] veth3: entered promiscuous mode
[  969.516686][T21961] bond0: (slave veth3): Enslaving as an active interface with a down link
[  970.833276][T21992] netlink: 24 bytes leftover after parsing attributes in process `syz.4.5007'.
[  970.941050][T21992] netlink: 4 bytes leftover after parsing attributes in process `syz.4.5007'.
[  975.052876][T22038] bridge0: entered allmulticast mode
[  975.397156][T22047] netlink: 4 bytes leftover after parsing attributes in process `syz.7.5024'.
[  976.515777][T22064] binder: BINDER_SET_CONTEXT_MGR already set
[  976.525636][T22064] binder: 22063:22064 ioctl 4018620d 200000000100 returned -16
[  976.559015][T22064] binder: BINDER_SET_CONTEXT_MGR already set
[  976.645724][T22064] binder: 22063:22064 ioctl 4018620d 2000000002c0 returned -16
[  977.694568][T22072] binder: BINDER_SET_CONTEXT_MGR already set
[  977.700592][T22072] binder: 22071:22072 ioctl 4018620d 200000000100 returned -16
[  977.774990][T22072] binder: BINDER_SET_CONTEXT_MGR already set
[  977.781101][T22072] binder: 22071:22072 ioctl 4018620d 200000004a80 returned -16
[  978.527572][T22089] tipc: Started in network mode
[  978.592917][T22089] tipc: Node identity 4, cluster identity 4711
[  978.649536][T22089] tipc: Node number set to 4
[  981.649899][T22114] binder: transaction release 340 bad handle 1, ret = -22
[  984.344211][T22143] netlink: 'syz.3.5049': attribute type 11 has an invalid length.
[  985.031338][   T44] usb 4-1: new high-speed USB device number 64 using dummy_hcd
[  985.201276][   T44] usb 4-1: Using ep0 maxpacket: 8
[  985.210400][   T44] usb 4-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config
[  985.224419][   T44] usb 4-1: New USB device found, idVendor=05e1, idProduct=0893, bcdDevice=fd.5b
[  985.237161][   T44] usb 4-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  985.251715][   T44] usb 4-1: Product: syz
[  985.259877][   T44] usb 4-1: Manufacturer: syz
[  985.270073][   T44] usb 4-1: SerialNumber: syz
[  985.295491][   T44] usb 4-1: config 0 descriptor??
[  985.316461][   T44] gspca_main: stk014-2.14.0 probing 05e1:0893
[  985.333718][   T44] usb 4-1: selecting invalid altsetting 1
[  985.725606][T22152] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy
[  985.752276][T22152] misc raw-gadget: fail, usb_gadget_register_driver returned -16
[  985.819409][   T44] usb 4-1: USB disconnect, device number 64
[  986.840295][T22175] syzkaller0: entered promiscuous mode
[  986.857737][T22175] syzkaller0: entered allmulticast mode
[  987.128850][T22180] binder: BINDER_SET_CONTEXT_MGR already set
[  987.183179][T22180] binder: 22179:22180 ioctl 4018620d 200000000100 returned -16
[  987.238596][T22180] binder: BINDER_SET_CONTEXT_MGR already set
[  987.262095][T22180] binder: 22179:22180 ioctl 4018620d 2000000002c0 returned -16
[  989.213027][ T5837] Bluetooth: hci3: unexpected cc 0x0c03 length: 249 > 1
[  989.228695][ T5837] Bluetooth: hci3: unexpected cc 0x1003 length: 249 > 9
[  989.243817][ T5837] Bluetooth: hci3: unexpected cc 0x1001 length: 249 > 9
[  989.263175][ T5837] Bluetooth: hci3: unexpected cc 0x0c23 length: 249 > 4
[  989.272239][ T5837] Bluetooth: hci3: unexpected cc 0x0c38 length: 249 > 2
[  990.261519][T18725] bridge_slave_1: left allmulticast mode
[  990.267493][T18725] bridge_slave_1: left promiscuous mode
[  990.741379][T18725] bridge0: port 2(bridge_slave_1) entered disabled state
[  990.824215][T18725] bridge_slave_0: left allmulticast mode
[  990.829923][T18725] bridge_slave_0: left promiscuous mode
[  990.868441][T18725] bridge0: port 1(bridge_slave_0) entered disabled state
[  991.164053][T22227] binder: BINDER_SET_CONTEXT_MGR already set
[  991.176875][T22227] binder: 22226:22227 ioctl 4018620d 2000000001c0 returned -16
[  991.238168][T22227] binder: 22226:22227 unknown command 0
[  991.269486][T22227] binder: 22226:22227 ioctl c0306201 200000000080 returned -22
[  991.304610][T22227] binder: BINDER_SET_CONTEXT_MGR already set
[  991.339046][ T5835] Bluetooth: hci3: command tx timeout
[  991.339061][T22227] binder: 22226:22227 ioctl 4018620d 200000000040 returned -16
[  991.556529][   T29] audit: type=1326 audit(1770867108.227:149): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=22233 comm="syz.3.5077" exe="/root/syz-executor" sig=31 arch=c000003e syscall=202 compat=0 ip=0x7f0d8e59bf79 code=0x0
[  991.976931][T13402] usb 4-1: new high-speed USB device number 65 using dummy_hcd
[  992.174568][T13402] usb 4-1: Using ep0 maxpacket: 8
[  992.196560][T13402] usb 4-1: config 0 has an invalid interface number: 31 but max is 0
[  992.222671][T13402] usb 4-1: config 0 has no interface number 0
[  992.241102][T13402] usb 4-1: New USB device found, idVendor=046d, idProduct=08c3, bcdDevice=6b.16
[  992.250722][T13402] usb 4-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  992.279583][T13402] usb 4-1: Product: syz
[  992.280252][T18725] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface
[  992.308978][T13402] usb 4-1: Manufacturer: syz
[  992.316492][T18725] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface
[  992.328466][T13402] usb 4-1: SerialNumber: syz
[  992.336002][T18725] bond0 (unregistering): Released all slaves
[  992.372761][T18725] bond1 (unregistering): Released all slaves
[  992.375378][T13402] usb 4-1: config 0 descriptor??
[  992.446149][T18725] bond2 (unregistering): Released all slaves
[  992.519698][T18725] bond3 (unregistering): Released all slaves
[  992.635842][T13402] uvcvideo 4-1:0.31: Found UVC 0.04 device syz (046d:08c3)
[  992.666281][T13402] uvcvideo 4-1:0.31: Failed to initialize entity for entity 32774
[  992.675894][T13402] uvcvideo 4-1:0.31: Failed to register entities (-22).
[  992.965120][T18725] bond4 (unregistering): Released all slaves
[  993.177881][ T1300] ieee802154 phy0 wpan0: encryption failed: -22
[  993.191012][ T1300] ieee802154 phy1 wpan1: encryption failed: -22
[  993.328689][T22263] xt_hashlimit: size too large, truncated to 1048576
[  993.378192][T22213] chnl_net:caif_netlink_parms(): no params data found
[  993.411289][ T5835] Bluetooth: hci3: command tx timeout
[  993.522963][ T5891] usb 5-1: new full-speed USB device number 27 using dummy_hcd
[  993.703082][ T5891] usb 5-1: config 0 has an invalid interface number: 139 but max is 0
[  993.711815][ T5891] usb 5-1: config 0 has no interface number 0
[  993.732503][ T5891] usb 5-1: config 0 interface 139 altsetting 0 has an invalid descriptor for endpoint zero, skipping
[  993.764001][ T5891] usb 5-1: config 0 interface 139 altsetting 0 has an endpoint descriptor with address 0xBD, changing to 0x8D
[  993.808873][ T5891] usb 5-1: config 0 interface 139 altsetting 0 endpoint 0x8D has invalid maxpacket 14158, setting to 64
[  993.823277][ T5891] usb 5-1: config 0 interface 139 altsetting 0 has 3 endpoint descriptors, different from the interface descriptor's value: 2
[  993.841807][ T5891] usb 5-1: New USB device found, idVendor=0711, idProduct=0210, bcdDevice=fd.d6
[  993.861356][ T5891] usb 5-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  993.881264][ T5891] usb 5-1: Product: syz
[  993.886784][ T5891] usb 5-1: Manufacturer: syz
[  993.943447][ T5891] usb 5-1: SerialNumber: syz
[  993.970816][ T5891] usb 5-1: config 0 descriptor??
[  994.009532][T22259] raw-gadget.1 gadget.4: fail, usb_ep_enable returned -22
[  994.017439][T22259] raw-gadget.1 gadget.4: fail, usb_ep_enable returned -22
[  994.029550][T18725] hsr_slave_0: left promiscuous mode
[  994.070611][T18725] hsr_slave_1: left promiscuous mode
[  994.084813][T18725] batman_adv: batadv0: Removing interface: batadv_slave_0
[  994.107698][T18725] batman_adv: batadv0: Removing interface: batadv_slave_1
[  994.262063][ T5891] mct_u232 5-1:0.139: MCT U232 converter detected
[  994.307287][ T5891] usb 5-1: MCT U232 converter now attached to ttyUSB0
[  994.350875][ T5891] usb 5-1: USB disconnect, device number 27
[  994.375655][ T5891] mct_u232 ttyUSB0: MCT U232 converter now disconnected from ttyUSB0
[  994.404593][ T5891] mct_u232 5-1:0.139: device disconnected
[  994.504087][  T794] usb 4-1: USB disconnect, device number 65
[  994.709471][T22284] netlink: 4 bytes leftover after parsing attributes in process `syz.3.5083'.
[  995.661232][ T5835] Bluetooth: hci3: command tx timeout
[  997.790799][ T5835] Bluetooth: hci3: command tx timeout
[  997.932108][T18725] team0 (unregistering): Port device team_slave_1 removed
[  998.265916][T18725] team0 (unregistering): Port device team_slave_0 removed
[  998.616153][    C1] sd 0:0:1:0: [sda] tag#10072 FAILED Result: hostbyte=DID_ERROR driverbyte=DRIVER_OK cmd_age=0s
[  998.626708][    C1] sd 0:0:1:0: [sda] tag#10072 CDB: Read(10) 28 1f 17 00 1b 00 00 00 08 00 00 00
[ 1000.882155][T22213] bridge0: port 1(bridge_slave_0) entered blocking state
[ 1000.889709][T22213] bridge0: port 1(bridge_slave_0) entered disabled state
[ 1000.978698][T22213] bridge_slave_0: entered allmulticast mode
[ 1001.015419][T22213] bridge_slave_0: entered promiscuous mode
[ 1001.076356][T22213] bridge0: port 2(bridge_slave_1) entered blocking state
[ 1001.115018][T22213] bridge0: port 2(bridge_slave_1) entered disabled state
[ 1001.124575][T22213] bridge_slave_1: entered allmulticast mode
[ 1001.136715][T22213] bridge_slave_1: entered promiscuous mode
[ 1001.676092][T22213] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link
[ 1001.705527][T22213] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link
[ 1002.013147][T22213] team0: Port device team_slave_0 added
[ 1002.082111][T22213] team0: Port device team_slave_1 added
[ 1002.259367][T22213] batman_adv: batadv0: Adding interface: batadv_slave_0
[ 1002.285159][T22213] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1532 would solve the problem.
[ 1002.346373][T22358] kernel profiling enabled (shift: 17)
[ 1002.356299][T22213] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active
[ 1002.400601][T22213] batman_adv: batadv0: Adding interface: batadv_slave_1
[ 1002.407899][T22213] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1532 would solve the problem.
[ 1002.442150][T22213] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active
[ 1002.478721][T22354] syzkaller0: entered promiscuous mode
[ 1002.503590][T22354] syzkaller0: entered allmulticast mode
[ 1002.671255][T22354] tipc: Enabled bearer <eth:syzkaller0>, priority 0
[ 1002.762038][T22352] tipc: Resetting bearer <eth:syzkaller0>
[ 1002.847110][T22352] tipc: Disabling bearer <eth:syzkaller0>
[ 1002.883296][T22213] hsr_slave_0: entered promiscuous mode
[ 1002.910720][T22213] hsr_slave_1: entered promiscuous mode
[ 1004.366848][T22388] syzkaller0: entered promiscuous mode
[ 1004.394798][T22388] syzkaller0: entered allmulticast mode
[ 1005.018511][T22213] netdevsim netdevsim5 netdevsim0: renamed from eth0
[ 1005.046374][T22213] netdevsim netdevsim5 netdevsim1: renamed from eth1
[ 1005.066849][T22213] netdevsim netdevsim5 netdevsim2: renamed from eth2
[ 1005.081362][T22213] netdevsim netdevsim5 netdevsim3: renamed from eth3
[ 1005.340467][T22213] 8021q: adding VLAN 0 to HW filter on device bond0
[ 1005.447495][T22213] 8021q: adding VLAN 0 to HW filter on device team0
[ 1005.503161][ T8141] bridge0: port 1(bridge_slave_0) entered blocking state
[ 1005.510452][ T8141] bridge0: port 1(bridge_slave_0) entered forwarding state
[ 1005.589669][ T2977] bridge0: port 2(bridge_slave_1) entered blocking state
[ 1005.597460][ T2977] bridge0: port 2(bridge_slave_1) entered forwarding state
[ 1005.628326][T22415] syzkaller0: entered promiscuous mode
[ 1005.643986][T22415] syzkaller0: entered allmulticast mode
[ 1006.134788][T22213] 8021q: adding VLAN 0 to HW filter on device batadv0
[ 1006.381296][T13391] usb 1-1: new full-speed USB device number 24 using dummy_hcd
[ 1006.386495][T22213] veth0_vlan: entered promiscuous mode
[ 1006.478130][T22213] veth1_vlan: entered promiscuous mode
[ 1006.533867][T13391] usb 1-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid maxpacket 1023, setting to 64
[ 1006.550723][T13391] usb 1-1: New USB device found, idVendor=04f3, idProduct=0755, bcdDevice= 0.00
[ 1006.609106][T13391] usb 1-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[ 1006.648814][T13391] usb 1-1: config 0 descriptor??
[ 1006.655504][T22213] veth0_macvtap: entered promiscuous mode
[ 1006.672482][T22422] raw-gadget.0 gadget.0: fail, usb_ep_enable returned -22
[ 1006.688845][T22213] veth1_macvtap: entered promiscuous mode
[ 1006.759055][T22213] batman_adv: batadv0: Interface activated: batadv_slave_0
[ 1006.807461][T22213] batman_adv: batadv0: Interface activated: batadv_slave_1
[ 1006.860227][   T12] netdevsim netdevsim5 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0
[ 1006.883025][   T12] netdevsim netdevsim5 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0
[ 1006.920913][   T12] netdevsim netdevsim5 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0
[ 1006.947983][   T12] netdevsim netdevsim5 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0
[ 1006.971315][T13402] usb 5-1: new high-speed USB device number 28 using dummy_hcd
[ 1007.115754][T13391] elan 0003:04F3:0755.0036: hidraw0: USB HID v1.01 Device [HID 04f3:0755] on usb-dummy_hcd.0-1/input0
[ 1007.145723][T13402] usb 5-1: config 1 interface 0 altsetting 0 endpoint 0x1 has invalid wMaxPacketSize 0
[ 1007.181115][T13402] usb 5-1: config 1 interface 0 altsetting 0 bulk endpoint 0x1 has invalid maxpacket 0
[ 1007.227011][T18881] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[ 1007.228821][T13402] usb 5-1: config 1 interface 0 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 2
[ 1007.307354][T18881] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50
[ 1007.326025][T13402] usb 5-1: New USB device found, idVendor=0525, idProduct=a4a8, bcdDevice= 0.41
[ 1007.375813][T13402] usb 5-1: New USB device strings: Mfr=1, Product=2, SerialNumber=11
[ 1007.428696][T13402] usb 5-1: Product: syz
[ 1007.439867][T13401] usb 1-1: USB disconnect, device number 24
[ 1007.470440][   T69] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[ 1007.475625][T13402] usb 5-1: Manufacturer: syz
[ 1007.509084][T13402] usb 5-1: SerialNumber: syz
[ 1007.519172][T22436] fido_id[22436]: Failed to open report descriptor at '/sys/devices/platform/dummy_hcd.0/usb1/report_descriptor': No such file or directory
[ 1007.537714][   T69] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50
[ 1007.567075][T22439] syzkaller0: entered promiscuous mode
[ 1007.580416][T22439] syzkaller0: entered allmulticast mode
[ 1007.782129][T13402] usblp 5-1:1.0: usblp0: USB Unidirectional printer dev 28 if 0 alt 0 proto 1 vid 0x0525 pid 0xA4A8
[ 1008.598604][T22460] syzkaller0: entered promiscuous mode
[ 1008.665754][T22460] syzkaller0: entered allmulticast mode
[ 1010.501449][ T8534] usb 4-1: new high-speed USB device number 66 using dummy_hcd
[ 1010.664759][ T8534] usb 4-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config
[ 1010.677627][ T8534] usb 4-1: New USB device found, idVendor=0471, idProduct=0304, bcdDevice=e4.df
[ 1010.694665][ T8534] usb 4-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[ 1010.806853][ T8534] usb 4-1: config 0 descriptor??
[ 1010.835305][ T8534] pwc: Askey VC010 type 2 USB webcam detected.
[ 1011.252757][ T8534] pwc: recv_control_msg error -32 req 02 val 2b00
[ 1011.270460][ T8534] pwc: recv_control_msg error -32 req 02 val 2700
[ 1011.296126][ T8534] pwc: recv_control_msg error -32 req 02 val 2c00
[ 1011.315416][ T8534] pwc: recv_control_msg error -32 req 04 val 1000
[ 1011.362186][ T8534] pwc: recv_control_msg error -32 req 04 val 1300
[ 1011.388649][ T8534] pwc: recv_control_msg error -32 req 04 val 1400
[ 1011.430719][ T8534] pwc: recv_control_msg error -32 req 02 val 2000
[ 1011.455161][ T8534] pwc: recv_control_msg error -32 req 02 val 2100
[ 1011.464268][ T8534] pwc: recv_control_msg error -32 req 04 val 1500
[ 1011.475008][ T8534] pwc: recv_control_msg error -32 req 02 val 2500
[ 1011.512824][T13401] usb 5-1: USB disconnect, device number 28
[ 1011.586301][T13401] usblp0: removed
[ 1011.692780][ T8534] pwc: recv_control_msg error -71 req 02 val 2600
[ 1011.705831][ T8534] pwc: recv_control_msg error -71 req 02 val 2900
[ 1011.727683][ T8534] pwc: recv_control_msg error -71 req 02 val 2800
[ 1011.779930][ T8534] pwc: recv_control_msg error -71 req 04 val 1100
[ 1011.809023][ T8534] pwc: recv_control_msg error -71 req 04 val 1200
[ 1011.849863][ T8534] pwc: Registered as video103.
[ 1011.896087][ T8534] input: PWC snapshot button as /devices/platform/dummy_hcd.3/usb4/4-1/input/input98
[ 1011.975176][ T8534] usb 4-1: USB disconnect, device number 66
[ 1013.014944][T22531] iommufd_mock iommufd_mock0: Adding to iommu group 0
[ 1013.844411][T13401] usb 4-1: new high-speed USB device number 67 using dummy_hcd
[ 1014.099340][T13401] usb 4-1: Using ep0 maxpacket: 16
[ 1014.116089][T13401] usb 4-1: config 0 interface 0 altsetting 0 has an endpoint descriptor with address 0xF3, changing to 0x83
[ 1014.152533][T13401] usb 4-1: config 0 interface 0 altsetting 0 endpoint 0x83 has an invalid bInterval 0, changing to 7
[ 1014.254054][T13401] usb 4-1: New USB device found, idVendor=2040, idProduct=0264, bcdDevice=4e.d1
[ 1014.271352][T13401] usb 4-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[ 1014.294679][T13401] usb 4-1: Product: syz
[ 1014.298971][T13401] usb 4-1: Manufacturer: syz
[ 1014.345775][T13401] usb 4-1: SerialNumber: syz
[ 1014.388452][T13401] usb 4-1: config 0 descriptor??
[ 1014.470793][T13401] em28xx 4-1:0.0: New device syz syz @ 480 Mbps (2040:0264, interface 0, class 0)
[ 1014.521480][T13401] em28xx 4-1:0.0: Audio interface 0 found (Vendor Class)
[ 1015.043382][T13401] em28xx 4-1:0.0: unknown em28xx chip ID (0)
[ 1015.051580][T13401] em28xx 4-1:0.0: Config register raw data: 0xfffffffb
[ 1015.844204][T13401] em28xx 4-1:0.0: Unknown AC97 audio processor detected!
[ 1015.865069][T13401] em28xx 4-1:0.0: couldn't setup AC97 register 2
[ 1015.874244][T13401] em28xx 4-1:0.0: couldn't setup AC97 register 4
[ 1016.084049][T13401] em28xx 4-1:0.0: couldn't setup AC97 register 6
[ 1016.104285][T13401] em28xx 4-1:0.0: couldn't setup AC97 register 54
[ 1016.182683][T13401] em28xx 4-1:0.0: couldn't setup AC97 register 56
[ 1016.217331][T13401] usb 4-1: USB disconnect, device number 67
[ 1017.100882][T22583] tipc: Resetting bearer <eth:syzkaller0>
[ 1017.657275][T22583] mac80211_hwsim hwsim22 syzkaller0: left allmulticast mode
[ 1019.604613][T13402] usb 4-1: new high-speed USB device number 68 using dummy_hcd
[ 1019.799129][T13402] usb 4-1: New USB device found, idVendor=0424, idProduct=7850, bcdDevice= 0.00
[ 1019.828497][T13402] usb 4-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[ 1019.863961][T13402] usb 4-1: Product: syz
[ 1019.902425][T13402] usb 4-1: Manufacturer: syz
[ 1019.907471][T13402] usb 4-1: SerialNumber: syz
[ 1019.930689][T22625] syzkaller0: entered promiscuous mode
[ 1019.961411][T22625] syzkaller0: entered allmulticast mode
[ 1020.397302][T13402] lan78xx 4-1:1.0 (unnamed net_device) (uninitialized): Failed to read register index 0x00000098. ret = -EPIPE
[ 1020.458006][T13402] lan78xx 4-1:1.0 (unnamed net_device) (uninitialized): Failed to sync IRQ enable register: -EPIPE
[ 1020.507814][T22644] netlink: 'syz.4.5154': attribute type 1 has an invalid length.
[ 1020.597879][T22644] netlink: 28 bytes leftover after parsing attributes in process `syz.4.5154'.
[ 1020.698116][T22644] 8021q: adding VLAN 0 to HW filter on device bond4
[ 1020.731587][T21642] usb 2-1: new high-speed USB device number 82 using dummy_hcd
[ 1020.799575][T22644] 8021q: adding VLAN 0 to HW filter on device bond4
[ 1020.834771][T22644] bond4: (slave geneve3): making interface the new active one
[ 1020.858535][T22644] bond4: (slave geneve3): Enslaving as an active interface with an up link
[ 1020.878879][   T12] netdevsim netdevsim4 netdevsim0: set [1, 1] type 2 family 0 port 20004 - 0
[ 1020.893628][T21642] usb 2-1: config 1 has too many interfaces: 66, using maximum allowed: 32
[ 1020.906091][   T12] netdevsim netdevsim4 netdevsim1: set [1, 1] type 2 family 0 port 20004 - 0
[ 1020.912958][T21642] usb 2-1: config 1 has an invalid descriptor of length 55, skipping remainder of the config
[ 1020.941017][   T12] netdevsim netdevsim4 netdevsim2: set [1, 1] type 2 family 0 port 20004 - 0
[ 1020.970733][T21642] usb 2-1: config 1 has 1 interface, different from the descriptor's value: 66
[ 1020.991252][   T12] netdevsim netdevsim4 netdevsim3: set [1, 1] type 2 family 0 port 20004 - 0
[ 1021.025343][T21642] usb 2-1: config 1 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 55, changing to 9
[ 1021.055994][T21642] usb 2-1: config 1 interface 0 altsetting 0 endpoint 0x81 has invalid maxpacket 8496, setting to 1024
[ 1021.072013][T21642] usb 2-1: New USB device found, idVendor=7d25, idProduct=a415, bcdDevice= 0.40
[ 1021.104682][T21642] usb 2-1: New USB device strings: Mfr=1, Product=4, SerialNumber=0
[ 1021.123563][T21642] usb 2-1: Product: syz
[ 1021.127831][T21642] usb 2-1: Manufacturer: syz
[ 1021.159191][T21642] cdc_wdm 2-1:1.0: skipping garbage
[ 1021.192978][T21642] cdc_wdm 2-1:1.0: skipping garbage
[ 1021.216222][T21642] cdc_wdm 2-1:1.0: cdc-wdm0: USB WDM device
[ 1021.228531][T21642] cdc_wdm 2-1:1.0: Unknown control protocol
[ 1021.498633][    C0] cdc_wdm 2-1:1.0: nonzero urb status received: -71
[ 1021.500292][ T8534] usb 2-1: USB disconnect, device number 82
[ 1021.505553][    C0] cdc_wdm 2-1:1.0: wdm_int_callback - 0 bytes
[ 1021.505577][    C0] cdc_wdm 2-1:1.0: wdm_int_callback - usb_submit_urb failed with result -19
[ 1021.528174][T22666] cdc_wdm 2-1:1.0: Tx URB error: -19
[ 1021.870378][T13402] lan78xx 4-1:1.0 (unnamed net_device) (uninitialized): Failed to read register index 0x00000010. ret = -EPIPE
[ 1021.922580][T13402] lan78xx 4-1:1.0 (unnamed net_device) (uninitialized): Failed to read register index 0x00001000. ret = -EPIPE
[ 1022.412111][T13402] lan78xx 4-1:1.0 (unnamed net_device) (uninitialized): Failed to write register index 0x00000404. ret = -EPROTO
[ 1022.470713][T13402] lan78xx 4-1:1.0 (unnamed net_device) (uninitialized): Registers INIT FAILED....
[ 1022.530129][T13402] lan78xx 4-1:1.0 (unnamed net_device) (uninitialized): Bind routine FAILED
[ 1022.585864][T13402] lan78xx 4-1:1.0: probe with driver lan78xx failed with error -71
[ 1022.667316][T13402] usb 4-1: USB disconnect, device number 68
[ 1022.885646][T22682] syzkaller0: entered promiscuous mode
[ 1022.891772][T22682] syzkaller0: entered allmulticast mode
[ 1023.242593][T22676] tipc: Enabled bearer <eth:syzkaller0>, priority 0
[ 1023.317564][T22675] tipc: Resetting bearer <eth:syzkaller0>
[ 1023.438398][T22675] tipc: Disabling bearer <eth:syzkaller0>
[ 1023.916717][   T29] audit: type=1804 audit(1770867140.367:150): pid=22693 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=invalid_pcr cause=ToMToU comm="syz.5.5171" name="bus" dev="ramfs" ino=134318 res=1 errno=0
[ 1024.501311][  T794] usb 5-1: new high-speed USB device number 29 using dummy_hcd
[ 1024.761740][  T794] usb 5-1: Using ep0 maxpacket: 16
[ 1024.817894][  T794] usb 5-1: config 1 has an invalid descriptor of length 0, skipping remainder of the config
[ 1024.846005][  T794] usb 5-1: config 1 has 1 interface, different from the descriptor's value: 3
[ 1025.020572][  T794] usb 5-1: New USB device found, idVendor=1d6b, idProduct=0101, bcdDevice= 0.40
[ 1025.143670][  T794] usb 5-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[ 1025.231616][  T794] usb 5-1: Product: syz
[ 1025.236098][  T794] usb 5-1: Manufacturer: syz
[ 1025.240886][  T794] usb 5-1: SerialNumber: syz
[ 1025.567013][  T794] usb 5-1: 0:2 : does not exist
[ 1025.602581][  T794] usb 5-1: 5:0: failed to get current value for ch 0 (-22)
[ 1025.718883][  T794] usb 5-1: USB disconnect, device number 29
[ 1026.098727][ T6036] udevd[6036]: error opening ATTR{/sys/devices/platform/dummy_hcd.4/usb5/5-1/5-1:1.0/sound/card3/controlC3/../uevent} for writing: No such file or directory
[ 1030.618563][T22792] syzkaller0: entered promiscuous mode
[ 1030.651467][T22792] syzkaller0: entered allmulticast mode
[ 1031.732527][T22813] netlink: 56 bytes leftover after parsing attributes in process `syz.5.5181'.
[ 1031.835505][T22813] netlink: 16 bytes leftover after parsing attributes in process `syz.5.5181'.
[ 1032.921955][T22835] mac80211_hwsim hwsim22 syzkaller0: entered allmulticast mode
[ 1032.930407][T22835] tipc: Resetting bearer <eth:syzkaller0>
[ 1033.162068][T13402] usb 6-1: new full-speed USB device number 6 using dummy_hcd
[ 1033.512319][T22831] netlink: 'syz.5.5185': attribute type 13 has an invalid length.
[ 1033.542977][T22831] netlink: 8 bytes leftover after parsing attributes in process `syz.5.5185'.
[ 1033.554033][T22840] binder: 22839:22840 ioctl c0306201 200000000280 returned -14
[ 1033.611032][T22831] bond0: option fail_over_mac: unable to set because the bond device has slaves
[ 1033.689011][T13402] usb 6-1: unable to get BOS descriptor or descriptor too short
[ 1033.712411][T13402] usb 6-1: unable to read config index 0 descriptor/start: -71
[ 1033.721523][T13402] usb 6-1: can't read configurations, error -71
[ 1035.869794][T21642] usb 5-1: new high-speed USB device number 30 using dummy_hcd
[ 1036.293362][T21642] usb 5-1: Using ep0 maxpacket: 32
[ 1036.307520][T21642] usb 5-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config
[ 1036.366738][T21642] usb 5-1: config 0 has no interfaces?
[ 1036.485103][T21642] usb 5-1: New USB device found, idVendor=06a2, idProduct=0003, bcdDevice=b4.8c
[ 1036.515989][T21642] usb 5-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[ 1036.554257][T21642] usb 5-1: Product: syz
[ 1036.576788][T21642] usb 5-1: Manufacturer: syz
[ 1036.587067][T21642] usb 5-1: SerialNumber: syz
[ 1036.653968][T21642] usb 5-1: config 0 descriptor??
[ 1037.339537][T13402] usb 5-1: USB disconnect, device number 30
[ 1037.741549][ T8534] usb 4-1: new full-speed USB device number 69 using dummy_hcd
[ 1038.262708][ T8534] usb 4-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 10
[ 1038.288779][ T8534] usb 4-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0
[ 1038.440450][ T8534] usb 4-1: New USB device found, idVendor=060b, idProduct=700a, bcdDevice= 0.00
[ 1038.497698][ T8534] usb 4-1: New USB device strings: Mfr=2, Product=0, SerialNumber=0
[ 1038.577459][ T8534] usb 4-1: Manufacturer: syz
[ 1038.670776][ T8534] usb 4-1: config 0 descriptor??
[ 1039.164580][ T8534] cougar 0003:060B:700A.0037: unknown main item tag 0x0
[ 1039.247949][ T8534] cougar 0003:060B:700A.0037: unknown main item tag 0x0
[ 1039.307968][ T8534] cougar 0003:060B:700A.0037: unknown main item tag 0x0
[ 1039.351253][ T8534] cougar 0003:060B:700A.0037: unknown main item tag 0x0
[ 1039.399407][ T8534] cougar 0003:060B:700A.0037: unknown main item tag 0x0
[ 1039.465877][ T8534] cougar 0003:060B:700A.0037: hidraw0: USB HID v0.00 Device [syz] on usb-dummy_hcd.3-1/input0
[ 1039.576175][ T8534] usb 4-1: USB disconnect, device number 69
[ 1039.763719][   T29] audit: type=1800 audit(1770867156.437:151): pid=22901 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed comm="syz.4.5200" name="bus" dev="ramfs" ino=134624 res=0 errno=0
[ 1039.879937][T22920] syzkaller0: entered promiscuous mode
[ 1039.883307][T22919] fido_id[22919]: Failed to open report descriptor at '/sys/devices/platform/dummy_hcd.3/usb4/report_descriptor': No such file or directory
[ 1040.012798][T22920] syzkaller0: entered allmulticast mode
[ 1040.234183][T22924] tipc: Enabled bearer <eth:syzkaller0>, priority 0
[ 1040.414387][T22917] tipc: Resetting bearer <eth:syzkaller0>
[ 1040.569381][T22917] tipc: Disabling bearer <eth:syzkaller0>
[ 1043.128071][T22983] iommufd_mock iommufd_mock0: Adding to iommu group 0
[ 1044.615962][T22996] kvm: requested 4190 ns i8254 timer period limited to 200000 ns
[ 1047.245750][T23037] x_tables: duplicate underflow at hook 1
[ 1047.616303][T23041] syzkaller0: entered promiscuous mode
[ 1047.632402][T23041] syzkaller0: entered allmulticast mode
[ 1048.381791][T23056] netlink: 24 bytes leftover after parsing attributes in process `syz.4.5221'.
[ 1049.045292][T23065] iommufd_mock iommufd_mock0: Adding to iommu group 0
[ 1051.001251][ T5891] usb 4-1: new high-speed USB device number 70 using dummy_hcd
[ 1051.421321][ T5891] usb 4-1: Using ep0 maxpacket: 16
[ 1051.676655][ T5891] usb 4-1: config 0 has an invalid interface number: 248 but max is 0
[ 1053.559909][   T29] audit: type=1800 audit(1770867170.217:152): pid=23095 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed comm="syz.0.5228" name="bus" dev="ramfs" ino=134845 res=0 errno=0
[ 1053.611474][ T5891] usb 4-1: config 0 has no interface number 0
[ 1053.639259][ T5891] usb 4-1: string descriptor 0 read error: -71
[ 1053.704127][ T5891] usb 4-1: New USB device found, idVendor=157e, idProduct=3205, bcdDevice=c9.e2
[ 1053.779421][ T5891] usb 4-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[ 1053.875192][ T5891] usb 4-1: config 0 descriptor??
[ 1053.940612][ T5891] usb 4-1: can't set config #0, error -71
[ 1054.198239][ T5891] usb 4-1: USB disconnect, device number 70
[ 1054.625431][ T1300] ieee802154 phy0 wpan0: encryption failed: -22
[ 1054.634719][ T1300] ieee802154 phy1 wpan1: encryption failed: -22
[ 1055.064548][ T5891] usb 5-1: new high-speed USB device number 31 using dummy_hcd
[ 1055.261927][ T5891] usb 5-1: Using ep0 maxpacket: 16
[ 1055.330229][ T5891] usb 5-1: New USB device found, idVendor=0471, idProduct=0327, bcdDevice=61.a4
[ 1055.478972][ T5891] usb 5-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[ 1055.550147][ T5891] usb 5-1: config 0 descriptor??
[ 1055.613361][ T5891] gspca_main: sonixj-2.14.0 probing 0471:0327
[ 1056.053482][T23130] tipc: Enabling of bearer <eth:syzkaller0> rejected, already enabled
[ 1056.386014][T23137] netlink: 4 bytes leftover after parsing attributes in process `syz.1.5237'.
[ 1056.821522][T13403] usb 4-1: new high-speed USB device number 71 using dummy_hcd
[ 1056.989600][T13403] usb 4-1: New USB device found, idVendor=056a, idProduct=0317, bcdDevice= 0.40
[ 1057.001802][T13403] usb 4-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[ 1057.022141][T13403] usb 4-1: Product: syz
[ 1057.030042][T13403] usb 4-1: SerialNumber: syz
[ 1057.283171][T23141] netlink: 4 bytes leftover after parsing attributes in process `syz.3.5239'.
[ 1057.538412][   T24] usb 6-1: new high-speed USB device number 8 using dummy_hcd
[ 1057.722693][   T24] usb 6-1: Using ep0 maxpacket: 8
[ 1057.752072][   T24] usb 6-1: config 0 has an invalid interface number: 55 but max is 0
[ 1057.767473][   T24] usb 6-1: config 0 has no interface number 0
[ 1057.781433][   T24] usb 6-1: config 0 interface 55 altsetting 0 has an invalid descriptor for endpoint zero, skipping
[ 1057.794541][   T24] usb 6-1: config 0 interface 55 altsetting 0 has an endpoint descriptor with address 0xAB, changing to 0x8B
[ 1057.812436][   T24] usb 6-1: config 0 interface 55 altsetting 0 endpoint 0x8B has an invalid bInterval 0, changing to 7
[ 1057.825884][   T24] usb 6-1: config 0 interface 55 altsetting 0 has 3 endpoint descriptors, different from the interface descriptor's value: 2
[ 1057.850707][   T24] usb 6-1: New USB device found, idVendor=0f11, idProduct=1080, bcdDevice=fc.6a
[ 1057.861538][   T24] usb 6-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[ 1057.901355][ T5891] gspca_sonixj: i2c_w8 err -71
[ 1057.907869][   T24] usb 6-1: config 0 descriptor??
[ 1057.915111][ T5891] sonixj 5-1:0.0: probe with driver sonixj failed with error -71
[ 1057.941104][   T24] ldusb 6-1:0.55: LD USB Device #0 now attached to major 180 minor 0
[ 1057.969314][ T5891] usb 5-1: USB disconnect, device number 31
[ 1057.970129][T23151] syzkaller0: entered promiscuous mode
[ 1057.995605][T23151] syzkaller0: entered allmulticast mode
[ 1058.298766][T13402] usb 6-1: USB disconnect, device number 8
[ 1058.328236][T13402] ldusb 6-1:0.55: LD USB Device #0 now disconnected
[ 1059.621834][T13403] usbhid 4-1:1.0: can't add hid device: -71
[ 1059.646966][T13403] usbhid 4-1:1.0: probe with driver usbhid failed with error -71
[ 1059.758674][T13403] usb 4-1: USB disconnect, device number 71
[ 1061.841927][T13403] usb 2-1: new high-speed USB device number 83 using dummy_hcd
[ 1062.168754][T13403] usb 2-1: Using ep0 maxpacket: 32
[ 1062.179627][T13403] usb 2-1: config 0 has an invalid interface number: 132 but max is 0
[ 1062.216493][T13403] usb 2-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config
[ 1062.634817][T13403] usb 2-1: config 0 has no interface number 0
[ 1062.666238][T13403] usb 2-1: config 0 interface 132 altsetting 0 has 0 endpoint descriptors, different from the interface descriptor's value: 1
[ 1062.724735][T13403] usb 2-1: New USB device found, idVendor=0413, idProduct=6023, bcdDevice=ec.e5
[ 1062.810350][T13403] usb 2-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[ 1062.846831][T13403] usb 2-1: Product: syz
[ 1062.884233][T13403] usb 2-1: Manufacturer: syz
[ 1062.899935][T13403] usb 2-1: SerialNumber: syz
[ 1062.957161][T13403] usb 2-1: config 0 descriptor??
[ 1063.231338][T13403] usb 6-1: new high-speed USB device number 9 using dummy_hcd
[ 1063.405787][   T29] audit: type=1326 audit(1770867180.077:153): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=23182 comm="syz.1.5259" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f298b59bf79 code=0x7ffc0000
[ 1063.619777][   T29] audit: type=1326 audit(1770867180.287:154): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=23182 comm="syz.1.5259" exe="/root/syz-executor" sig=0 arch=c000003e syscall=16 compat=0 ip=0x7f298b59bf79 code=0x7ffc0000
[ 1063.653255][T13403] usb 6-1: Using ep0 maxpacket: 8
[ 1063.773604][T13403] usb 6-1: New USB device found, idVendor=0c45, idProduct=613e, bcdDevice=c4.6d
[ 1063.858024][   T29] audit: type=1326 audit(1770867180.527:155): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=23182 comm="syz.1.5259" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f298b59bf79 code=0x7ffc0000
[ 1063.871242][T13403] usb 6-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[ 1063.991359][   T29] audit: type=1326 audit(1770867180.527:156): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=23182 comm="syz.1.5259" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f298b59bf79 code=0x7ffc0000
[ 1064.015012][T13403] usb 6-1: Product: syz
[ 1064.015039][T13403] usb 6-1: Manufacturer: syz
[ 1064.015058][T13403] usb 6-1: SerialNumber: syz
[ 1064.018180][T13403] usb 6-1: config 0 descriptor??
[ 1064.240244][T13403] gspca_main: sonixj-2.14.0 probing 0c45:613e
[ 1064.573695][T13402] usb 2-1: USB disconnect, device number 83
[ 1066.502123][T13402] usb 6-1: USB disconnect, device number 9
[ 1067.711649][T13402] usb 5-1: new high-speed USB device number 32 using dummy_hcd
[ 1067.913231][T13402] usb 5-1: Using ep0 maxpacket: 32
[ 1067.952116][T13402] usb 5-1: config 0 has an invalid interface number: 188 but max is 0
[ 1067.982553][T13402] usb 5-1: config 0 has no interface number 0
[ 1067.988990][T13402] usb 5-1: config 0 interface 188 altsetting 0 bulk endpoint 0x82 has invalid maxpacket 32
[ 1068.037232][T13402] usb 5-1: New USB device found, idVendor=17ef, idProduct=7203, bcdDevice=2e.36
[ 1068.055155][T13402] usb 5-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[ 1068.118393][T13402] usb 5-1: Product: syz
[ 1068.143879][T13402] usb 5-1: Manufacturer: syz
[ 1068.149069][T13402] usb 5-1: SerialNumber: syz
[ 1068.166411][T13402] usb 5-1: config 0 descriptor??
[ 1068.172989][T23274] raw-gadget.0 gadget.4: fail, usb_ep_enable returned -22
[ 1068.176054][T23286] syzkaller0: entered promiscuous mode
[ 1068.215633][T23286] syzkaller0: entered allmulticast mode
[ 1068.321217][T23286] tipc: Enabled bearer <eth:syzkaller0>, priority 0
[ 1068.333623][T23284] tipc: Resetting bearer <eth:syzkaller0>
[ 1068.391554][T23284] tipc: Disabling bearer <eth:syzkaller0>
[ 1068.420582][T23274] raw-gadget.0 gadget.4: fail, usb_ep_enable returned -22
[ 1070.950058][   T29] audit: type=1800 audit(1770867187.617:157): pid=23313 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed(directio) comm="syz.3.5274" name="bus" dev="tmpfs" ino=4359 res=0 errno=0
[ 1071.255157][T23316] syzkaller0: entered promiscuous mode
[ 1071.264490][T23316] syzkaller0: entered allmulticast mode
[ 1071.329832][T23318] semctl(GETNCNT/GETZCNT) is since 3.16 Single Unix Specification compliant.
[ 1071.329832][T23318] The task syz.3.5274 (23318) triggered the difference, watch for misbehavior.
[ 1071.681779][T13402] asix 5-1:0.188 (unnamed net_device) (uninitialized): Failed to write reg index 0x8001: -71
[ 1071.694352][T13402] asix 5-1:0.188: probe with driver asix failed with error -71
[ 1071.722135][T13402] usb 5-1: USB disconnect, device number 32
[ 1072.041736][T23333] tipc: Enabling of bearer <eth:syzkaller0> rejected, already enabled
[ 1072.133508][T23335] kvm: requested 4190 ns i8254 timer period limited to 200000 ns
[ 1072.182389][T23335] picdev_read: 7 callbacks suppressed
[ 1072.182646][T23335] kvm: pic: non byte read
[ 1072.197923][T23335] kvm: pic: level sensitive irq not supported
[ 1072.198082][T23335] kvm: pic: non byte read
[ 1072.211825][T23335] kvm: pic: level sensitive irq not supported
[ 1072.211910][T23335] kvm: pic: non byte read
[ 1072.255160][T23335] kvm: pic: level sensitive irq not supported
[ 1072.255285][T23335] kvm: pic: non byte read
[ 1072.486252][T23343] 8021q: adding VLAN 0 to HW filter on device bond2
[ 1072.565838][T23347] bond2: (slave ip6gretap1): making interface the new active one
[ 1072.746672][T23347] bond2: (slave ip6gretap1): Enslaving as an active interface with an up link
[ 1073.141308][  T981] usb 2-1: new high-speed USB device number 84 using dummy_hcd
[ 1073.319964][  T981] usb 2-1: Using ep0 maxpacket: 32
[ 1073.355988][  T981] usb 2-1: New USB device found, idVendor=050d, idProduct=0121, bcdDevice= 6.59
[ 1073.408506][  T981] usb 2-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[ 1073.436936][  T981] usb 2-1: Product: syz
[ 1073.444000][  T981] usb 2-1: Manufacturer: syz
[ 1073.450070][  T981] usb 2-1: SerialNumber: syz
[ 1073.496604][  T981] usb 2-1: config 0 descriptor??
[ 1073.721676][  T981] pegasus 2-1:0.0: probe with driver pegasus failed with error -71
[ 1073.778246][  T981] usb 2-1: USB disconnect, device number 84
[ 1075.764246][T23387] binder: BINDER_SET_CONTEXT_MGR already set
[ 1075.771763][T23387] binder: 23385:23387 ioctl 4018620d 200000000040 returned -16
[ 1076.426288][T23392] kvm: requested 186057 ns i8254 timer period limited to 200000 ns
[ 1076.446900][T23392] kvm: requested 103085 ns i8254 timer period limited to 200000 ns
[ 1076.699808][T23392] kvm: requested 157562 ns i8254 timer period limited to 200000 ns
[ 1076.828367][T23392] kvm: requested 91352 ns i8254 timer period limited to 200000 ns
[ 1076.840147][T23392] kvm: requested 117333 ns i8254 timer period limited to 200000 ns
[ 1083.825977][T23447] syzkaller0: entered promiscuous mode
[ 1083.844857][T23447] syzkaller0: entered allmulticast mode
[ 1086.756814][T23458] syzkaller0: entered promiscuous mode
[ 1087.426134][T23468] syzkaller0: entered promiscuous mode
[ 1087.432678][T23468] syzkaller0: entered allmulticast mode
[ 1088.585574][T23398] Set syz1 is full, maxelem 65536 reached
[ 1089.696275][T23494] vlan3: entered promiscuous mode
[ 1089.732173][T23497] ptrace attach of "./syz-executor exec"[22213] was attempted by "./syz-executor exec"[23497]
[ 1089.747120][T23497] random: crng reseeded on system resumption
[ 1092.211729][   T29] audit: type=1326 audit(1770867208.877:158): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=23512 comm="syz.1.5333" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f298b59bf79 code=0x7ffc0000
[ 1092.343988][   T29] audit: type=1326 audit(1770867208.887:159): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=23512 comm="syz.1.5333" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f298b59bf79 code=0x7ffc0000
[ 1092.537874][   T29] audit: type=1326 audit(1770867208.927:160): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=23512 comm="syz.1.5333" exe="/root/syz-executor" sig=0 arch=c000003e syscall=98 compat=0 ip=0x7f298b59bf79 code=0x7ffc0000
[ 1092.670955][   T29] audit: type=1326 audit(1770867208.927:161): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=23512 comm="syz.1.5333" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f298b59bf79 code=0x7ffc0000
[ 1092.937886][   T29] audit: type=1326 audit(1770867208.927:162): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=23512 comm="syz.1.5333" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f298b59bf79 code=0x7ffc0000
[ 1093.054554][   T29] audit: type=1326 audit(1770867208.937:163): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=23512 comm="syz.1.5333" exe="/root/syz-executor" sig=0 arch=c000003e syscall=434 compat=0 ip=0x7f298b59bf79 code=0x7ffc0000
[ 1093.141330][T13402] usb 5-1: new high-speed USB device number 33 using dummy_hcd
[ 1093.341565][T13402] usb 5-1: Using ep0 maxpacket: 8
[ 1093.419405][T13402] usb 5-1: config 0 has no interfaces?
[ 1093.430568][T13402] usb 5-1: New USB device found, idVendor=ee8d, idProduct=db1a, bcdDevice=61.23
[ 1093.477600][   T29] audit: type=1326 audit(1770867208.937:164): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=23512 comm="syz.1.5333" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f298b59bf79 code=0x7ffc0000
[ 1093.561516][T13402] usb 5-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[ 1093.621423][   T29] audit: type=1326 audit(1770867208.937:165): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=23512 comm="syz.1.5333" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f298b59bf79 code=0x7ffc0000
[ 1093.712041][   T29] audit: type=1326 audit(1770867208.937:166): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=23512 comm="syz.1.5333" exe="/root/syz-executor" sig=0 arch=c000003e syscall=41 compat=0 ip=0x7f298b59bf79 code=0x7ffc0000
[ 1093.792633][T13402] usb 5-1: config 0 descriptor??
[ 1093.891547][   T29] audit: type=1326 audit(1770867208.937:167): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=23512 comm="syz.1.5333" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f298b59bf79 code=0x7ffc0000
[ 1094.908183][T21642] usb 5-1: USB disconnect, device number 33
[ 1096.877691][T23563] loop4: detected capacity change from 0 to 524287936
[ 1097.373176][T13402] usb 4-1: new high-speed USB device number 72 using dummy_hcd
[ 1097.381516][T23569] netlink: 12 bytes leftover after parsing attributes in process `syz.4.5350'.
[ 1097.607904][T13402] usb 4-1: Using ep0 maxpacket: 32
[ 1097.659503][T13402] usb 4-1: config 0 has an invalid interface number: 188 but max is 0
[ 1097.701522][T13402] usb 4-1: config 0 has no interface number 0
[ 1097.708758][T13402] usb 4-1: config 0 interface 188 altsetting 0 bulk endpoint 0x82 has invalid maxpacket 32
[ 1097.841852][T13402] usb 4-1: New USB device found, idVendor=17ef, idProduct=7203, bcdDevice=2e.36
[ 1097.920082][T13402] usb 4-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[ 1097.952785][T13402] usb 4-1: Product: syz
[ 1098.074882][T13402] usb 4-1: Manufacturer: syz
[ 1098.088764][T13402] usb 4-1: SerialNumber: syz
[ 1098.111076][T13402] usb 4-1: config 0 descriptor??
[ 1098.182412][T23567] raw-gadget.0 gadget.3: fail, usb_ep_enable returned -22
[ 1098.470643][T23567] raw-gadget.0 gadget.3: fail, usb_ep_enable returned -22
[ 1098.770010][T23581] syzkaller0: entered promiscuous mode
[ 1098.781955][T23581] syzkaller0: entered allmulticast mode
[ 1099.764342][T23597] iommufd_mock iommufd_mock0: Adding to iommu group 0
[ 1101.479558][T13402] asix 4-1:0.188 (unnamed net_device) (uninitialized): Failed to write reg index 0x0000: -71
[ 1101.495476][T13402] asix 4-1:0.188: probe with driver asix failed with error -71
[ 1101.528862][T13402] usb 4-1: USB disconnect, device number 72
[ 1103.613397][T23624] vivid-000: disconnect
[ 1104.307153][T23620] vivid-000: reconnect
[ 1104.739211][T23629] ptrace attach of "./syz-executor exec"[9381] was attempted by "./syz-executor exec"[23629]
[ 1104.759510][T23629] random: crng reseeded on system resumption
[ 1106.081263][T23638] syzkaller0: entered promiscuous mode
[ 1106.103221][T23638] syzkaller0: entered allmulticast mode
[ 1109.413757][T23675] netlink: 'syz.5.5378': attribute type 10 has an invalid length.
[ 1113.511353][ T5835] Bluetooth: hci3: command 0x0406 tx timeout
[ 1114.082890][  T981] usb 2-1: new high-speed USB device number 85 using dummy_hcd
[ 1114.257120][  T981] usb 2-1: Using ep0 maxpacket: 16
[ 1114.287598][  T981] usb 2-1: New USB device found, idVendor=0471, idProduct=0327, bcdDevice=61.a4
[ 1114.314324][  T981] usb 2-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[ 1114.332532][  T981] usb 2-1: config 0 descriptor??
[ 1114.362579][  T981] gspca_main: sonixj-2.14.0 probing 0471:0327
[ 1115.743153][T22962] netdevsim netdevsim0 netdevsim3 (unregistering): unset [0, 0] type 1 family 0 port 8472 - 0
[ 1115.763215][T22962] netdevsim netdevsim0 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[ 1116.062096][ T1300] ieee802154 phy0 wpan0: encryption failed: -22
[ 1116.068831][ T1300] ieee802154 phy1 wpan1: encryption failed: -22
[ 1116.395938][T22962] netdevsim netdevsim0 netdevsim2 (unregistering): unset [0, 0] type 1 family 0 port 8472 - 0
[ 1116.421376][T22962] netdevsim netdevsim0 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[ 1116.442154][T13403] usb 5-1: new high-speed USB device number 34 using dummy_hcd
[ 1116.667976][T13403] usb 5-1: Using ep0 maxpacket: 16
[ 1116.687088][T13403] usb 5-1: config 1 has an invalid descriptor of length 0, skipping remainder of the config
[ 1116.713678][T13403] usb 5-1: config 1 has 1 interface, different from the descriptor's value: 3
[ 1116.728952][T13403] usb 5-1: New USB device found, idVendor=1d6b, idProduct=0101, bcdDevice= 0.40
[ 1116.738891][T13403] usb 5-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[ 1116.747776][T13403] usb 5-1: Product: syz
[ 1116.752497][T13403] usb 5-1: Manufacturer: syz
[ 1116.758531][T13403] usb 5-1: SerialNumber: syz
[ 1116.831431][T22962] netdevsim netdevsim0 netdevsim1 (unregistering): unset [0, 0] type 1 family 0 port 8472 - 0
[ 1116.852055][T22962] netdevsim netdevsim0 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[ 1117.072079][  T981] gspca_sonixj: reg_w1 err -71
[ 1117.077355][  T981] sonixj 2-1:0.0: probe with driver sonixj failed with error -71
[ 1117.208065][  T981] usb 2-1: USB disconnect, device number 85
[ 1117.247431][T13403] usb 5-1: 0:2 : does not exist
[ 1117.278073][T13403] usb 5-1: 5:0: failed to get current value for ch 0 (-22)
[ 1117.391517][T22962] netdevsim netdevsim0 netdevsim0 (unregistering): unset [0, 0] type 1 family 0 port 8472 - 0
[ 1117.434186][T22962] netdevsim netdevsim0 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[ 1117.550774][T23690] Bluetooth: hci1: unexpected cc 0x0c03 length: 249 > 1
[ 1117.576988][T23690] Bluetooth: hci1: unexpected cc 0x1003 length: 249 > 9
[ 1117.587632][T13403] usb 5-1: USB disconnect, device number 34
[ 1117.597657][T23690] Bluetooth: hci1: unexpected cc 0x1001 length: 249 > 9
[ 1117.606954][T23690] Bluetooth: hci1: unexpected cc 0x0c23 length: 249 > 4
[ 1117.619645][T23690] Bluetooth: hci1: unexpected cc 0x0c38 length: 249 > 2
[ 1117.708820][ T6036] udevd[6036]: error opening ATTR{/sys/devices/platform/dummy_hcd.4/usb5/5-1/5-1:1.0/sound/card3/controlC3/../uevent} for writing: No such file or directory
[ 1118.566028][T22962] bridge_slave_1: left allmulticast mode
[ 1118.585512][T22962] bridge_slave_1: left promiscuous mode
[ 1118.731880][T22962] bridge0: port 2(bridge_slave_1) entered disabled state
[ 1118.957599][T22962] bridge_slave_0: left allmulticast mode
[ 1118.988261][T22962] bridge_slave_0: left promiscuous mode
[ 1119.014310][T22962] bridge0: port 1(bridge_slave_0) entered disabled state
[ 1119.652869][T22962] bond0 (unregistering): (slave ip6gretap1): Releasing active interface
[ 1119.661307][   T44] usb 6-1: new high-speed USB device number 10 using dummy_hcd
[ 1119.669655][T22962] erspan0 (unregistering): entered promiscuous mode
[ 1119.743100][T23690] Bluetooth: hci1: command tx timeout
[ 1119.821277][   T44] usb 6-1: Using ep0 maxpacket: 8
[ 1119.839276][   T44] usb 6-1: config index 0 descriptor too short (expected 301, got 45)
[ 1119.847967][   T44] usb 6-1: config 16 interface 0 altsetting 0 endpoint 0x5 has invalid wMaxPacketSize 0
[ 1119.861556][   T44] usb 6-1: config 16 interface 0 altsetting 0 bulk endpoint 0x5 has invalid maxpacket 0
[ 1119.911821][   T44] usb 6-1: config 16 interface 0 altsetting 0 bulk endpoint 0x8B has invalid maxpacket 32
[ 1120.065233][   T44] usb 6-1: config 16 interface 0 altsetting 0 has 2 endpoint descriptors, different from the interface descriptor's value: 3
[ 1120.088967][   T44] usb 6-1: New USB device found, idVendor=ee8d, idProduct=db1e, bcdDevice=61.23
[ 1120.103732][   T44] usb 6-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[ 1120.409462][T22962] bond0 (unregistering): (slave erspan0): Releasing active interface
[ 1120.426971][T22962] bond0 (unregistering): (slave erspan0): the permanent HWaddr of slave - aa:aa:aa:aa:aa:16 - is still in use by bond - set the HWaddr of slave to a different address to avoid conflicts
[ 1120.454871][T22962] erspan0 (unregistering): left promiscuous mode
[ 1120.536511][T23742] netlink: 28 bytes leftover after parsing attributes in process `syz.5.5397'.
[ 1120.551265][T23742] netlink: 180 bytes leftover after parsing attributes in process `syz.5.5397'.
[ 1120.566582][   T44] usb 6-1: GET_CAPABILITIES returned 0
[ 1120.572725][   T44] usbtmc 6-1:16.0: can't read capabilities
[ 1120.610387][T22962] bond1 (unregistering): (slave gretap1): Releasing active interface
[ 1120.640813][T22962] gretap1 (unregistering): left allmulticast mode
[ 1121.177913][T22962] bond1 (unregistering): Released all slaves
[ 1121.184423][T23757] usbtmc 6-1:16.0: INITIATE_ABORT_BULK_IN returned 0
[ 1121.234941][T13403] usb 2-1: new high-speed USB device number 86 using dummy_hcd
[ 1121.526910][T13403] usb 2-1: config 27 interface 0 altsetting 0 endpoint 0x8B has an invalid bInterval 0, changing to 7
[ 1121.538916][T13403] usb 2-1: config 27 interface 0 altsetting 0 bulk endpoint 0xB has invalid maxpacket 47
[ 1121.549798][T13403] usb 2-1: New USB device found, idVendor=0582, idProduct=0014, bcdDevice=bb.9d
[ 1121.574524][T13403] usb 2-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[ 1121.614644][T23753] raw-gadget.1 gadget.1: fail, usb_ep_enable returned -22
[ 1121.627307][T13403] usb 2-1: Quirk or no altset; falling back to MIDI 1.0
[ 1121.822014][T23690] Bluetooth: hci1: command tx timeout
[ 1121.905181][T22962] bond0 (unregistering): (slave veth3): Releasing active interface
[ 1121.919363][T22962] bond0 (unregistering): Released all slaves
[ 1122.477952][T21642] usb 6-1: USB disconnect, device number 10
[ 1122.578366][T22962] tipc: Left network mode
[ 1123.293454][T23718] chnl_net:caif_netlink_parms(): no params data found
[ 1123.891510][T23690] Bluetooth: hci1: command tx timeout
[ 1123.931325][  T981] usb 2-1: USB disconnect, device number 86
[ 1124.386439][T22962] hsr_slave_0: left promiscuous mode
[ 1124.398368][T22962] hsr_slave_1: left promiscuous mode
[ 1124.422608][T22962] batman_adv: batadv0: Interface deactivated: batadv_slave_0
[ 1124.430640][T22962] batman_adv: batadv0: Removing interface: batadv_slave_0
[ 1124.465748][T22962] batman_adv: batadv0: Interface deactivated: batadv_slave_1
[ 1124.483582][T22962] batman_adv: batadv0: Removing interface: batadv_slave_1
[ 1124.831885][T22962] veth1_macvtap: left promiscuous mode
[ 1124.840952][T22962] veth0_macvtap: left promiscuous mode
[ 1124.861646][T22962] veth1_vlan: left promiscuous mode
[ 1124.878053][T22962] veth0_vlan: left promiscuous mode
[ 1125.986971][T23690] Bluetooth: hci1: command tx timeout
[ 1130.094285][T23690] Bluetooth: hci2: command 0x0406 tx timeout
[ 1130.593208][T22962] team0 (unregistering): Port device team_slave_1 removed
[ 1130.691054][T22962] team0 (unregistering): Port device team_slave_0 removed
[ 1131.160568][T23853] netlink: 388 bytes leftover after parsing attributes in process `syz.3.5418'.
[ 1132.324613][T23825] syzkaller0: entered promiscuous mode
[ 1132.330545][T23825] syzkaller0: entered allmulticast mode
[ 1132.683208][T23718] bridge0: port 1(bridge_slave_0) entered blocking state
[ 1132.690639][T23718] bridge0: port 1(bridge_slave_0) entered disabled state
[ 1132.751298][T23718] bridge_slave_0: entered allmulticast mode
[ 1132.776134][T23718] bridge_slave_0: entered promiscuous mode
[ 1132.805176][T23718] bridge0: port 2(bridge_slave_1) entered blocking state
[ 1132.847402][T23718] bridge0: port 2(bridge_slave_1) entered disabled state
[ 1132.877476][T23718] bridge_slave_1: entered allmulticast mode
[ 1132.902545][T23718] bridge_slave_1: entered promiscuous mode
[ 1133.028938][T23869] netlink: 'syz.5.5423': attribute type 1 has an invalid length.
[ 1133.178940][T23718] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link
[ 1133.210832][T23718] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link
[ 1133.946587][T23718] team0: Port device team_slave_0 added
[ 1133.964030][T23718] team0: Port device team_slave_1 added
[ 1134.119150][T23718] batman_adv: batadv0: Adding interface: batadv_slave_0
[ 1134.161603][T23718] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1532 would solve the problem.
[ 1134.280041][T23718] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active
[ 1134.403565][T23718] batman_adv: batadv0: Adding interface: batadv_slave_1
[ 1134.433072][T23718] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1532 would solve the problem.
[ 1134.604038][T23718] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active
[ 1135.149061][T23718] hsr_slave_0: entered promiscuous mode
[ 1135.182196][T23718] hsr_slave_1: entered promiscuous mode
[ 1135.218128][T23718] debugfs: 'hsr0' already exists in 'hsr'
[ 1135.254596][T23718] Cannot create hsr debugfs directory
[ 1139.189358][T23718] netdevsim netdevsim6 netdevsim0: renamed from eth0
[ 1139.380130][T23718] netdevsim netdevsim6 netdevsim1: renamed from eth1
[ 1139.602124][T23718] netdevsim netdevsim6 netdevsim2: renamed from eth2
[ 1140.104973][T23718] netdevsim netdevsim6 netdevsim3: renamed from eth3
[ 1141.485412][T23718] 8021q: adding VLAN 0 to HW filter on device bond0
[ 1141.515755][   T44] usb 5-1: new high-speed USB device number 35 using dummy_hcd
[ 1141.596320][T23718] 8021q: adding VLAN 0 to HW filter on device team0
[ 1141.624552][T18885] bridge0: port 1(bridge_slave_0) entered blocking state
[ 1141.631807][T18885] bridge0: port 1(bridge_slave_0) entered forwarding state
[ 1141.700175][T18875] bridge0: port 2(bridge_slave_1) entered blocking state
[ 1141.707913][T18875] bridge0: port 2(bridge_slave_1) entered forwarding state
[ 1141.743708][   T44] usb 5-1: New USB device found, idVendor=0424, idProduct=7850, bcdDevice= 0.00
[ 1141.764725][   T44] usb 5-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[ 1141.813122][   T44] usb 5-1: Product: syz
[ 1141.828264][   T44] usb 5-1: Manufacturer: syz
[ 1141.856087][   T44] usb 5-1: SerialNumber: syz
[ 1141.910316][T23718] hsr0: Slave A (hsr_slave_0) is not up; please bring it up to get a fully working HSR network
[ 1141.955167][T23718] hsr0: Slave B (hsr_slave_1) is not up; please bring it up to get a fully working HSR network
[ 1142.216248][T23718] 8021q: adding VLAN 0 to HW filter on device batadv0
[ 1142.338924][   T44] lan78xx 5-1:1.0 (unnamed net_device) (uninitialized): Failed to read register index 0x00000098. ret = -EPIPE
[ 1142.365614][   T44] lan78xx 5-1:1.0 (unnamed net_device) (uninitialized): Failed to sync IRQ enable register: -EPIPE
[ 1143.124546][T23718] veth0_vlan: entered promiscuous mode
[ 1143.313299][T23718] veth1_vlan: entered promiscuous mode
[ 1143.529634][T23718] veth0_macvtap: entered promiscuous mode
[ 1143.559020][T23718] veth1_macvtap: entered promiscuous mode
[ 1143.672721][T23718] batman_adv: batadv0: Interface activated: batadv_slave_0
[ 1143.710434][T23718] batman_adv: batadv0: Interface activated: batadv_slave_1
[ 1143.777476][   T44] lan78xx 5-1:1.0 (unnamed net_device) (uninitialized): Failed to read register index 0x00000010. ret = -EPIPE
[ 1143.803547][T18883] netdevsim netdevsim6 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0
[ 1143.841372][T18883] netdevsim netdevsim6 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0
[ 1143.873842][T18883] netdevsim netdevsim6 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0
[ 1143.917586][T18883] netdevsim netdevsim6 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0
[ 1144.336695][T22960] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[ 1144.353901][T22960] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50
[ 1144.493511][   T44] lan78xx 5-1:1.0 (unnamed net_device) (uninitialized): Failed to write register index 0x00001020. ret = -EPROTO
[ 1144.541356][   T44] lan78xx 5-1:1.0 (unnamed net_device) (uninitialized): Failed to write register index 0x0000011c. ret = -EPROTO
[ 1144.554554][T22962] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[ 1144.565185][T22962] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50
[ 1144.660281][   T44] lan78xx 5-1:1.0 (unnamed net_device) (uninitialized): Registers INIT FAILED....
[ 1144.742208][   T44] lan78xx 5-1:1.0 (unnamed net_device) (uninitialized): Bind routine FAILED
[ 1144.812279][   T44] lan78xx 5-1:1.0: probe with driver lan78xx failed with error -71
[ 1144.911245][   T44] usb 5-1: USB disconnect, device number 35
[ 1147.033301][T24051] netlink: 24 bytes leftover after parsing attributes in process `syz.3.5452'.
[ 1147.068226][T24051] netlink: 24 bytes leftover after parsing attributes in process `syz.3.5452'.
[ 1147.661931][   T44] usb 4-1: new high-speed USB device number 73 using dummy_hcd
[ 1147.982126][   T44] usb 4-1: Using ep0 maxpacket: 16
[ 1148.071503][   T44] usb 4-1: config 0 interface 0 altsetting 0 endpoint 0x84 has invalid wMaxPacketSize 0
[ 1148.202228][   T44] usb 4-1: New USB device found, idVendor=2040, idProduct=0264, bcdDevice=4e.d1
[ 1148.262137][   T44] usb 4-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[ 1148.438443][   T44] usb 4-1: Product: syz
[ 1148.470189][   T44] usb 4-1: Manufacturer: syz
[ 1148.522959][   T44] usb 4-1: SerialNumber: syz
[ 1148.555659][   T44] usb 4-1: config 0 descriptor??
[ 1148.614286][   T44] em28xx 4-1:0.0: New device syz syz @ 480 Mbps (2040:0264, interface 0, class 0)
[ 1148.661240][   T44] em28xx 4-1:0.0: DVB interface 0 found: bulk
[ 1148.871278][T13402] usb 7-1: new high-speed USB device number 16 using dummy_hcd
[ 1149.045932][T13402] usb 7-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config
[ 1149.061033][T13402] usb 7-1: New USB device found, idVendor=0471, idProduct=0304, bcdDevice=e4.df
[ 1149.124324][T13402] usb 7-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[ 1149.151828][T13402] usb 7-1: config 0 descriptor??
[ 1149.175557][T13402] pwc: Askey VC010 type 2 USB webcam detected.
[ 1149.286463][   T44] em28xx 4-1:0.0: unknown em28xx chip ID (0)
[ 1149.739387][   T44] em28xx 4-1:0.0: reading from i2c device at 0xa0 failed (error=-5)
[ 1149.843939][   T44] em28xx 4-1:0.0: board has no eeprom
[ 1150.295216][   T44] em28xx 4-1:0.0: Identified as PCTV tripleStick (292e) (card=94)
[ 1150.320399][   T44] em28xx 4-1:0.0: dvb set to bulk mode.
[ 1150.364860][T21641] em28xx 4-1:0.0: Binding DVB extension
[ 1150.400160][   T44] usb 4-1: USB disconnect, device number 73
[ 1150.453389][   T44] em28xx 4-1:0.0: Disconnecting em28xx
[ 1150.745721][T21641] em28xx 4-1:0.0: Registering input extension
[ 1150.770038][   T44] em28xx 4-1:0.0: Closing input extension
[ 1150.860054][   T44] em28xx 4-1:0.0: Freeing device
[ 1151.345573][T24118] kvm: kvm [24117]: vcpu128, guest rIP: 0xfff0 Unhandled RDMSR(0x40000076)
[ 1151.871222][   T44] usb 2-1: new high-speed USB device number 87 using dummy_hcd
[ 1152.154121][   T44] usb 2-1: config 1 has an invalid descriptor of length 0, skipping remainder of the config
[ 1152.165092][   T44] usb 2-1: config 1 has 1 interface, different from the descriptor's value: 3
[ 1152.210050][   T44] usb 2-1: New USB device found, idVendor=08b7, idProduct=0000, bcdDevice= 0.00
[ 1152.267788][   T44] usb 2-1: New USB device strings: Mfr=0, Product=0, SerialNumber=3
[ 1152.317392][   T44] usb 2-1: SerialNumber: syz
[ 1152.648936][   T44] usb 2-1: 0:2 : does not exist
[ 1152.666568][   T44] usb 2-1: 0:0: failed to get current value for ch 0 (-22)
[ 1153.174400][   T44] usb 2-1: USB disconnect, device number 87
[ 1153.336471][ T6036] udevd[6036]: error opening ATTR{/sys/devices/platform/dummy_hcd.1/usb2/2-1/2-1:1.0/sound/card3/controlC3/../uevent} for writing: No such file or directory
[ 1153.678040][T13402] pwc: recv_control_msg error -71 req 02 val 2b00
[ 1153.711302][T13402] pwc: recv_control_msg error -71 req 02 val 2700
[ 1153.769932][T13402] pwc: recv_control_msg error -71 req 02 val 2c00
[ 1153.883991][T13402] pwc: recv_control_msg error -71 req 04 val 1000
[ 1153.905762][T13402] pwc: recv_control_msg error -71 req 04 val 1300
[ 1153.952501][T13402] pwc: recv_control_msg error -71 req 04 val 1400
[ 1153.991338][T13402] pwc: recv_control_msg error -71 req 02 val 2000
[ 1154.021667][T13402] pwc: recv_control_msg error -71 req 02 val 2100
[ 1154.047447][T13402] pwc: recv_control_msg error -71 req 04 val 1500
[ 1154.066672][T24149] netlink: 496 bytes leftover after parsing attributes in process `syz.6.5470'.
[ 1154.098665][T13402] pwc: recv_control_msg error -71 req 02 val 2500
[ 1154.126804][T13402] pwc: recv_control_msg error -71 req 02 val 2400
[ 1154.164553][T13402] pwc: recv_control_msg error -71 req 02 val 2600
[ 1154.171386][T21642] usb 2-1: new full-speed USB device number 88 using dummy_hcd
[ 1154.184001][T13402] pwc: recv_control_msg error -71 req 02 val 2900
[ 1154.200277][T13402] pwc: recv_control_msg error -71 req 02 val 2800
[ 1154.208245][T13402] pwc: recv_control_msg error -71 req 04 val 1100
[ 1154.218152][T13402] pwc: recv_control_msg error -71 req 04 val 1200
[ 1154.258807][T13402] pwc: Registered as video103.
[ 1154.348694][T13402] input: PWC snapshot button as /devices/platform/dummy_hcd.6/usb7/7-1/input/input100
[ 1154.361595][T21642] usb 2-1: not running at top speed; connect to a high speed hub
[ 1154.463789][T21642] usb 2-1: config 1 contains an unexpected descriptor of type 0x2, skipping
[ 1154.475890][T13402] usb 7-1: USB disconnect, device number 16
[ 1154.485552][T21642] usb 2-1: config 1 has 2 interfaces, different from the descriptor's value: 3
[ 1154.485580][   T29] kauditd_printk_skb: 17 callbacks suppressed
[ 1154.485599][   T29] audit: type=1326 audit(1770867271.117:185): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=24155 comm="syz.3.5472" exe="/root/syz-executor" sig=9 arch=c000003e syscall=231 compat=0 ip=0x7f0d8e59bf79 code=0x0
[ 1154.496447][T21642] usb 2-1: config 1 has no interface number 1
[ 1154.533521][T21642] usb 2-1: config 1 interface 2 has no altsetting 0
[ 1154.553508][T21642] usb 2-1: New USB device found, idVendor=1d6b, idProduct=0101, bcdDevice= 0.40
[ 1154.604172][T21642] usb 2-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[ 1154.682438][T21642] usb 2-1: Product: syz
[ 1154.686675][T21642] usb 2-1: Manufacturer: syz
[ 1154.706281][T21642] usb 2-1: SerialNumber: syz
[ 1154.989785][T21642] usb 2-1: selecting invalid altsetting 0
[ 1155.002550][T21642] usb 2-1: failed to enable PITCH for EP 0x82
[ 1155.019250][T21642] usb 2-1: selecting invalid altsetting 0
[ 1155.434653][T21642] usb 2-1: USB disconnect, device number 88
[ 1155.667456][ T6051] udevd[6051]: error opening ATTR{/sys/devices/platform/dummy_hcd.1/usb2/2-1/2-1:1.0/sound/card3/controlC3/../uevent} for writing: No such file or directory
[ 1157.156555][T24189] tap0: tun_chr_ioctl cmd 1074025678
[ 1157.177814][T24189] tap0: group set to 0
[ 1159.162890][T24238] mac80211_hwsim hwsim38 syzkaller0: entered promiscuous mode
[ 1159.211377][T24238] mac80211_hwsim hwsim38 syzkaller0: entered allmulticast mode
[ 1166.038571][T24318] syz.1.5497: vmalloc error: size 8589938688, exceeds total pages, mode:0xdc0(GFP_KERNEL|__GFP_ZERO), nodemask=(null),cpuset=/,mems_allowed=0-1
[ 1166.151308][T24318] CPU: 1 UID: 0 PID: 24318 Comm: syz.1.5497 Tainted: G             L      syzkaller #0 PREEMPT(full) 
[ 1166.151347][T24318] Tainted: [L]=SOFTLOCKUP
[ 1166.151356][T24318] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/24/2026
[ 1166.151369][T24318] Call Trace:
[ 1166.151379][T24318]  <TASK>
[ 1166.151388][T24318]  dump_stack_lvl+0xe8/0x150
[ 1166.151425][T24318]  warn_alloc+0x249/0x340
[ 1166.151457][T24318]  ? stack_trace_save+0xa9/0x100
[ 1166.151491][T24318]  ? __pfx_warn_alloc+0x10/0x10
[ 1166.151528][T24318]  ? kasan_save_track+0x4f/0x80
[ 1166.151553][T24318]  ? kasan_save_track+0x3e/0x80
[ 1166.151576][T24318]  ? __kasan_kmalloc+0x93/0xb0
[ 1166.151599][T24318]  ? __kmalloc_cache_noprof+0x31c/0x660
[ 1166.151622][T24318]  ? xskq_create+0x56/0x170
[ 1166.151649][T24318]  ? xsk_setsockopt+0x54c/0x990
[ 1166.151674][T24318]  ? do_sock_setsockopt+0x17c/0x1b0
[ 1166.151697][T24318]  ? __x64_sys_setsockopt+0x13d/0x1b0
[ 1166.151718][T24318]  ? do_syscall_64+0x14d/0xf80
[ 1166.151754][T24318]  __vmalloc_node_range_noprof+0x132/0x1730
[ 1166.151817][T24318]  ? __pfx___vmalloc_node_range_noprof+0x10/0x10
[ 1166.151853][T24318]  ? __kasan_kmalloc+0x93/0xb0
[ 1166.151886][T24318]  vmalloc_user_noprof+0xad/0xe0
[ 1166.151914][T24318]  ? xskq_create+0xbf/0x170
[ 1166.151944][T24318]  xskq_create+0xbf/0x170
[ 1166.151976][T24318]  xsk_init_queue+0xad/0x110
[ 1166.152017][T24318]  xsk_setsockopt+0x54c/0x990
[ 1166.152047][T24318]  ? __pfx_xsk_setsockopt+0x10/0x10
[ 1166.152075][T24318]  ? __pfx_aa_sk_perm+0x10/0x10
[ 1166.152108][T24318]  ? aa_sock_opt_perm+0xff/0x1a0
[ 1166.152142][T24318]  ? bpf_lsm_socket_setsockopt+0x9/0x20
[ 1166.152170][T24318]  ? __pfx_xsk_setsockopt+0x10/0x10
[ 1166.152197][T24318]  do_sock_setsockopt+0x17c/0x1b0
[ 1166.152226][T24318]  __x64_sys_setsockopt+0x13d/0x1b0
[ 1166.152261][T24318]  do_syscall_64+0x14d/0xf80
[ 1166.152292][T24318]  ? entry_SYSCALL_64_after_hwframe+0x77/0x7f
[ 1166.152313][T24318]  ? trace_irq_disable+0x37/0x100
[ 1166.152338][T24318]  ? clear_bhb_loop+0x40/0x90
[ 1166.152365][T24318]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[ 1166.152385][T24318] RIP: 0033:0x7f298b59bf79
[ 1166.152403][T24318] Code: ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 e8 ff ff ff f7 d8 64 89 01 48
[ 1166.152421][T24318] RSP: 002b:00007f298c4ff028 EFLAGS: 00000246 ORIG_RAX: 0000000000000036
[ 1166.152444][T24318] RAX: ffffffffffffffda RBX: 00007f298b816090 RCX: 00007f298b59bf79
[ 1166.152459][T24318] RDX: 0000000000000006 RSI: 000000000000011b RDI: 0000000000000003
[ 1166.152472][T24318] RBP: 00007f298b6327e0 R08: 0000000000000004 R09: 0000000000000000
[ 1166.152483][T24318] R10: 0000200000000000 R11: 0000000000000246 R12: 0000000000000000
[ 1166.152495][T24318] R13: 00007f298b816128 R14: 00007f298b816090 R15: 00007f298b93fa48
[ 1166.152530][T24318]  </TASK>
[ 1166.152564][T24318] Mem-Info:
[ 1166.462170][T24318] active_anon:26925 inactive_anon:0 isolated_anon:0
[ 1166.462170][T24318]  active_file:3263 inactive_file:4223 isolated_file:0
[ 1166.462170][T24318]  unevictable:768 dirty:413 writeback:0
[ 1166.462170][T24318]  slab_reclaimable:7596 slab_unreclaimable:112864
[ 1166.462170][T24318]  mapped:40766 shmem:18924 pagetables:2093
[ 1166.462170][T24318]  sec_pagetables:3 bounce:0
[ 1166.462170][T24318]  kernel_misc_reclaimable:0
[ 1166.462170][T24318]  free:1281044 free_pcp:22924 free_cma:0
[ 1166.513940][T24318] Node 0 active_anon:107600kB inactive_anon:0kB active_file:12968kB inactive_file:16752kB unevictable:1536kB isolated(anon):0kB isolated(file):0kB mapped:162980kB dirty:1652kB writeback:0kB shmem:73860kB shmem_thp:0kB shmem_pmdmapped:0kB anon_thp:0kB kernel_stack:14744kB pagetables:8228kB sec_pagetables:12kB all_unreclaimable? no Balloon:0kB
[ 1166.574361][T24326] netlink: 'syz.3.5499': attribute type 2 has an invalid length.
[ 1166.639565][T24326] tipc: Enabling of bearer <eth:syzkaller0> rejected, already enabled
[ 1166.693344][T24318] Node 1 active_anon:0kB inactive_anon:0kB active_file:84kB inactive_file:140kB unevictable:1536kB isolated(anon):0kB isolated(file):0kB mapped:84kB dirty:0kB writeback:0kB shmem:1536kB shmem_thp:0kB shmem_pmdmapped:0kB anon_thp:0kB kernel_stack:32kB pagetables:144kB sec_pagetables:0kB all_unreclaimable? no Balloon:0kB
[ 1166.733766][T24318] Node 0 DMA free:15360kB boost:0kB min:208kB low:260kB high:312kB reserved_highatomic:0KB free_highatomic:0KB active_anon:0kB inactive_anon:0kB active_file:0kB inactive_file:0kB unevictable:0kB writepending:0kB zspages:0kB present:15992kB managed:15360kB mlocked:0kB bounce:0kB free_pcp:0kB local_pcp:0kB free_cma:0kB
[ 1166.823262][T24318] lowmem_reserve[]: 0 2494 2495 2495 2495
[ 1166.852973][T24318] Node 0 DMA32 free:1215784kB boost:0kB min:34204kB low:42752kB high:51300kB reserved_highatomic:0KB free_highatomic:0KB active_anon:105400kB inactive_anon:0kB active_file:12968kB inactive_file:16752kB unevictable:1536kB writepending:1652kB zspages:0kB present:3129332kB managed:2554152kB mlocked:0kB bounce:0kB free_pcp:48164kB local_pcp:21140kB free_cma:0kB
[ 1166.931316][T24318] lowmem_reserve[]: 0 0 0 0 0
[ 1166.936059][T24318] Node 0 Normal free:0kB boost:0kB min:12kB low:12kB high:12kB reserved_highatomic:0KB free_highatomic:0KB active_anon:0kB inactive_anon:0kB active_file:0kB inactive_file:0kB unevictable:0kB writepending:0kB zspages:0kB present:1048580kB managed:928kB mlocked:0kB bounce:0kB free_pcp:16kB local_pcp:8kB free_cma:0kB
[ 1167.073428][T24318] lowmem_reserve[]: 0 0 0 0 0
[ 1167.111315][T24318] Node 1 Normal free:3896980kB boost:0kB min:55684kB low:69604kB high:83524kB reserved_highatomic:0KB free_highatomic:0KB active_anon:0kB inactive_anon:0kB active_file:84kB inactive_file:140kB unevictable:1536kB writepending:0kB zspages:0kB present:4194300kB managed:4111100kB mlocked:0kB bounce:0kB free_pcp:43156kB local_pcp:10088kB free_cma:0kB
[ 1167.207002][T24318] lowmem_reserve[]: 0 0 0 0 0
[ 1167.351395][T24318] Node 0 DMA: 0*4kB 0*8kB 0*16kB 0*32kB 0*64kB 0*128kB 0*256kB 0*512kB 1*1024kB (U) 1*2048kB (M) 3*4096kB (M) = 15360kB
[ 1167.429205][T24318] Node 0 DMA32: 6128*4kB (UM) 3424*8kB (UME) 2910*16kB (UME) 1236*32kB (UME) 811*64kB (UME) 596*128kB (UME) 424*256kB (UME) 177*512kB (UME) 145*1024kB (UM) 11*2048kB (UME) 136*4096kB (UM) = 1193440kB
[ 1167.516232][T24318] Node 0 Normal: 0*4kB 0*8kB 0*16kB 0*32kB 0*64kB 0*128kB 0*256kB 0*512kB 0*1024kB 0*2048kB 0*4096kB = 0kB
[ 1167.741706][T24318] Node 1 Normal: 7*4kB (UM) 9*8kB (UM) 9*16kB (UME) 7*32kB (UME) 9*64kB (UME) 9*128kB (UME) 12*256kB (UM) 7*512kB (UM) 1*1024kB (E) 2*2048kB (UE) 948*4096kB (UM) = 3896980kB
[ 1167.850126][T24318] Node 0 hugepages_total=0 hugepages_free=0 hugepages_surp=0 hugepages_size=1048576kB
[ 1167.921200][T24318] Node 0 hugepages_total=2 hugepages_free=1 hugepages_surp=0 hugepages_size=2048kB
[ 1167.999398][T24318] Node 1 hugepages_total=0 hugepages_free=0 hugepages_surp=0 hugepages_size=1048576kB
[ 1168.058133][T24318] Node 1 hugepages_total=2 hugepages_free=2 hugepages_surp=0 hugepages_size=2048kB
[ 1168.113916][T24318] 26337 total pagecache pages
[ 1168.163208][T24318] 0 pages in swap cache
[ 1168.167651][T24318] Free swap  = 124996kB
[ 1168.172263][T24318] Total swap = 124996kB
[ 1168.176553][T24318] 2097051 pages RAM
[ 1168.180462][T24318] 0 pages HighMem/MovableOnly
[ 1168.622969][T24318] 426666 pages reserved
[ 1168.641249][T24318] 0 pages cma reserved
[ 1169.783952][T24371] netlink: 76 bytes leftover after parsing attributes in process `syz.4.5508'.
[ 1171.440060][T24409] kvm: pic: level sensitive irq not supported
[ 1171.440156][T24409] kvm: pic: non byte read
[ 1171.495142][T24409] kvm: pic: level sensitive irq not supported
[ 1171.497272][T24409] kvm: pic: non byte read
[ 1172.314745][   T29] audit: type=1804 audit(1770867288.947:186): pid=24426 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=invalid_pcr cause=open_writers comm="syz.6.5518" name="file0" dev="ramfs" ino=147181 res=1 errno=0
[ 1175.491216][T21639] usb 7-1: new high-speed USB device number 17 using dummy_hcd
[ 1175.643361][T21639] usb 7-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7
[ 1175.657335][T21639] usb 7-1: New USB device found, idVendor=0926, idProduct=3333, bcdDevice= 0.40
[ 1175.689895][T21639] usb 7-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[ 1175.728296][T21639] usb 7-1: config 0 descriptor??
[ 1175.965366][T21639] usbhid 7-1:0.0: can't add hid device: -71
[ 1175.986600][T21639] usbhid 7-1:0.0: probe with driver usbhid failed with error -71
[ 1176.063511][T21639] usb 7-1: USB disconnect, device number 17
[ 1176.107574][T24483] sch_fq: defrate 0 ignored.
[ 1176.222688][   T29] audit: type=1326 audit(1770867292.897:187): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=24487 comm="syz.4.5532" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f201359bf79 code=0x7ffc0000
[ 1176.293286][   T29] audit: type=1326 audit(1770867292.917:188): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=24487 comm="syz.4.5532" exe="/root/syz-executor" sig=0 arch=c000003e syscall=257 compat=0 ip=0x7f201359bf79 code=0x7ffc0000
[ 1176.360447][   T29] audit: type=1326 audit(1770867292.917:189): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=24487 comm="syz.4.5532" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f201359bf79 code=0x7ffc0000
[ 1176.407995][   T29] audit: type=1326 audit(1770867292.917:190): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=24487 comm="syz.4.5532" exe="/root/syz-executor" sig=0 arch=c000003e syscall=257 compat=0 ip=0x7f201359bf79 code=0x7ffc0000
[ 1176.464470][T21639] usb 7-1: new high-speed USB device number 18 using dummy_hcd
[ 1176.488919][   T29] audit: type=1326 audit(1770867292.917:191): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=24487 comm="syz.4.5532" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f201359bf79 code=0x7ffc0000
[ 1176.510014][T24494] binder: BINDER_SET_CONTEXT_MGR already set
[ 1176.531307][T24494] binder: 24492:24494 ioctl 4018620d 2000000000c0 returned -16
[ 1176.570118][   T29] audit: type=1326 audit(1770867292.927:192): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=24487 comm="syz.4.5532" exe="/root/syz-executor" sig=0 arch=c000003e syscall=16 compat=0 ip=0x7f201359bf79 code=0x7ffc0000
[ 1176.589569][T24494] binder: BINDER_SET_CONTEXT_MGR already set
[ 1176.622855][T21639] usb 7-1: Using ep0 maxpacket: 32
[ 1176.630158][T24494] binder: 24492:24494 ioctl 4018620d 200000000040 returned -16
[ 1176.633205][T21639] usb 7-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7
[ 1176.665418][   T29] audit: type=1326 audit(1770867292.927:193): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=24487 comm="syz.4.5532" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f201359bf79 code=0x7ffc0000
[ 1176.699482][T21639] usb 7-1: New USB device found, idVendor=0f11, idProduct=1021, bcdDevice= 0.40
[ 1176.720896][T21639] usb 7-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[ 1176.731348][   T29] audit: type=1326 audit(1770867292.927:194): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=24487 comm="syz.4.5532" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f201359bf79 code=0x7ffc0000
[ 1176.776597][T21639] usb 7-1: config 0 descriptor??
[ 1176.797090][T21639] ldusb 7-1:0.0: Interrupt out endpoint not found (using control endpoint instead)
[ 1176.821900][   T29] audit: type=1326 audit(1770867292.927:195): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=24487 comm="syz.4.5532" exe="/root/syz-executor" sig=0 arch=c000003e syscall=56 compat=0 ip=0x7f201359bf79 code=0x7ffc0000
[ 1176.864327][T21639] ldusb 7-1:0.0: LD USB Device #0 now attached to major 180 minor 0
[ 1177.210464][T24467] ldusb 7-1:0.0: Read buffer overflow, 316 bytes dropped
[ 1177.253312][T24467] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy
[ 1177.376952][T24467] misc raw-gadget: fail, usb_gadget_register_driver returned -16
[ 1177.498834][ T1300] ieee802154 phy0 wpan0: encryption failed: -22
[ 1177.506436][ T1300] ieee802154 phy1 wpan1: encryption failed: -22
[ 1177.522280][T21639] usb 7-1: USB disconnect, device number 18
[ 1177.535486][T21639] ldusb 7-1:0.0: LD USB Device #0 now disconnected
[ 1178.290351][T13403] usb 5-1: new high-speed USB device number 36 using dummy_hcd
[ 1178.533525][T13403] usb 5-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config
[ 1178.634881][T13403] usb 5-1: New USB device found, idVendor=0471, idProduct=0304, bcdDevice=e4.df
[ 1178.664224][T13403] usb 5-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[ 1178.684873][T13403] usb 5-1: config 0 descriptor??
[ 1178.816512][T13403] pwc: Askey VC010 type 2 USB webcam detected.
[ 1179.240408][T13403] pwc: recv_control_msg error -32 req 02 val 2b00
[ 1179.252595][T13403] pwc: recv_control_msg error -32 req 02 val 2700
[ 1179.281669][T13403] pwc: recv_control_msg error -32 req 02 val 2c00
[ 1179.304870][T13403] pwc: recv_control_msg error -32 req 04 val 1000
[ 1179.340477][T13403] pwc: recv_control_msg error -32 req 04 val 1300
[ 1179.377963][T13403] pwc: recv_control_msg error -32 req 04 val 1400
[ 1179.418881][T13403] pwc: recv_control_msg error -32 req 02 val 2000
[ 1179.458874][T13403] pwc: recv_control_msg error -32 req 02 val 2100
[ 1179.484353][T13403] pwc: recv_control_msg error -32 req 04 val 1500
[ 1179.507214][T13403] pwc: recv_control_msg error -32 req 02 val 2500
[ 1179.525605][T13403] pwc: recv_control_msg error -32 req 02 val 2400
[ 1179.755203][T13403] pwc: recv_control_msg error -71 req 02 val 2900
[ 1179.775977][T13403] pwc: recv_control_msg error -71 req 02 val 2800
[ 1179.813118][T13403] pwc: recv_control_msg error -71 req 04 val 1100
[ 1179.829003][T13403] pwc: recv_control_msg error -71 req 04 val 1200
[ 1179.847027][T13403] pwc: Registered as video103.
[ 1179.877849][T13403] input: PWC snapshot button as /devices/platform/dummy_hcd.4/usb5/5-1/input/input101
[ 1179.947931][T13403] usb 5-1: USB disconnect, device number 36
[ 1183.272781][   T29] kauditd_printk_skb: 18 callbacks suppressed
[ 1183.272797][   T29] audit: type=1326 audit(1770867299.947:214): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=24564 comm="syz.5.5547" exe="/root/syz-executor" sig=31 arch=c000003e syscall=202 compat=0 ip=0x7f7692b9bf79 code=0x0
[ 1183.711237][T21642] usb 2-1: new high-speed USB device number 89 using dummy_hcd
[ 1183.916867][T21642] usb 2-1: Using ep0 maxpacket: 16
[ 1183.940261][T21642] usb 2-1: config 4 has an invalid interface number: 9 but max is 0
[ 1184.015251][T21642] usb 2-1: config 4 has no interface number 0
[ 1184.046916][T21642] usb 2-1: config 4 interface 9 altsetting 2 bulk endpoint 0x4 has invalid maxpacket 16
[ 1184.103402][T21642] usb 2-1: config 4 interface 9 altsetting 2 bulk endpoint 0x82 has invalid maxpacket 64
[ 1184.173814][T21642] usb 2-1: config 4 interface 9 has no altsetting 0
[ 1184.219883][T21642] usb 2-1: New USB device found, idVendor=13b1, idProduct=0042, bcdDevice=76.fe
[ 1184.243452][T21642] usb 2-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[ 1184.297887][T21642] usb 2-1: Product: syz
[ 1184.304785][T21642] usb 2-1: Manufacturer: syz
[ 1184.314971][T21642] usb 2-1: SerialNumber: syz
[ 1184.345424][T24591] raw-gadget.0 gadget.1: fail, usb_ep_enable returned -22
[ 1184.356105][T24591] raw-gadget.0 gadget.1: fail, usb_ep_enable returned -22
[ 1185.452421][T24591] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy
[ 1185.470142][T21642] usb 2-1: Warning: ath10k USB support is incomplete, don't expect anything to work!
[ 1185.498632][T24591] misc raw-gadget: fail, usb_gadget_register_driver returned -16
[ 1185.624121][T21642] usb 2-1: USB disconnect, device number 89
[ 1185.644039][T22955] usb 2-1: Failed to submit usb control message: -71
[ 1185.691230][T22955] usb 2-1: unable to send the bmi data to the device: -71
[ 1185.698802][T22955] usb 2-1: unable to get target info from device
[ 1185.747980][T22955] usb 2-1: could not get target info (-71)
[ 1185.767978][T22955] usb 2-1: could not probe fw (-71)
[ 1185.945440][T24622] syzkaller0: entered promiscuous mode
[ 1185.945458][T24622] syzkaller0: entered allmulticast mode
[ 1186.716860][T24629] iommufd_mock iommufd_mock0: Adding to iommu group 0
[ 1186.718405][T24625] bridge0: port 2(bridge_slave_1) entered disabled state
[ 1186.731399][T24625] bridge0: port 1(bridge_slave_0) entered disabled state
[ 1187.123585][T24625] team0: Failed to send port change of device team_slave_0 via netlink (err -105)
[ 1187.165284][T24625] team0: Failed to send port change of device team_slave_1 via netlink (err -105)
[ 1187.177559][T24625] batman_adv: batadv0: Interface deactivated: batadv_slave_0
[ 1187.260705][T24625] batman_adv: batadv0: Interface deactivated: batadv_slave_1
[ 1187.799417][T18725] netdevsim netdevsim5 netdevsim0: unset [1, 0] type 2 family 0 port 6081 - 0
[ 1187.799501][T18725] netdevsim netdevsim5 netdevsim1: unset [1, 0] type 2 family 0 port 6081 - 0
[ 1187.799553][T18725] netdevsim netdevsim5 netdevsim2: unset [1, 0] type 2 family 0 port 6081 - 0
[ 1187.799584][T18725] netdevsim netdevsim5 netdevsim3: unset [1, 0] type 2 family 0 port 6081 - 0
[ 1188.122062][T24648] netlink: 92 bytes leftover after parsing attributes in process `syz.1.5567'.
[ 1188.161200][T24648] netlink: 990 bytes leftover after parsing attributes in process `syz.1.5567'.
[ 1188.504336][T13402] usb 5-1: new low-speed USB device number 37 using dummy_hcd
[ 1188.848081][T13402] usb 5-1: config 168 descriptor has 1 excess byte, ignoring
[ 1188.857473][T13402] usb 5-1: config 168 interface 0 altsetting 0 endpoint 0x3 has invalid maxpacket 77, setting to 8
[ 1188.941183][T21641] usb 4-1: new high-speed USB device number 74 using dummy_hcd
[ 1189.025465][T13402] usb 5-1: config 168 interface 0 altsetting 0 has an endpoint descriptor with address 0xFF, changing to 0x8F
[ 1189.075593][T13402] usb 5-1: config 168 interface 0 altsetting 0 endpoint 0x8F has an invalid bInterval 0, changing to 10
[ 1189.104862][T13402] usb 5-1: config 168 interface 0 altsetting 0 endpoint 0x8F has invalid maxpacket 65535, setting to 8
[ 1189.163310][T13402] usb 5-1: config 168 descriptor has 1 excess byte, ignoring
[ 1189.171001][T13402] usb 5-1: config 168 interface 0 altsetting 0 endpoint 0x3 has invalid maxpacket 77, setting to 8
[ 1189.200090][T13402] usb 5-1: config 168 interface 0 altsetting 0 has an endpoint descriptor with address 0xFF, changing to 0x8F
[ 1189.233567][T13402] usb 5-1: config 168 interface 0 altsetting 0 endpoint 0x8F has an invalid bInterval 0, changing to 10
[ 1189.251399][   T24] usb 6-1: new high-speed USB device number 11 using dummy_hcd
[ 1189.486234][T21641] usb 4-1: config 0 has an invalid interface number: 99 but max is 0
[ 1189.517507][T21641] usb 4-1: config 0 has no interface number 0
[ 1189.547785][T21641] usb 4-1: New USB device found, idVendor=0c72, idProduct=0012, bcdDevice=22.96
[ 1189.557373][T21641] usb 4-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[ 1189.911673][   T24] usb 6-1: Using ep0 maxpacket: 32
[ 1189.971950][   T35] ------------[ cut here ]------------
[ 1189.978183][   T35] time_after(jiffies, timeout)
[ 1189.978202][   T35] WARNING: io_uring/io_uring.c:2341 at io_ring_exit_work+0x4a3/0x960, CPU#0: kworker/u8:2/35
[ 1189.982364][T21641] usb 4-1: Product: syz
[ 1189.983082][   T35] Modules linked in:
[ 1190.001996][   T35] CPU: 0 UID: 0 PID: 35 Comm: kworker/u8:2 Tainted: G             L      syzkaller #0 PREEMPT(full) 
[ 1190.013323][   T35] Tainted: [L]=SOFTLOCKUP
[ 1190.017756][   T35] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/24/2026
[ 1190.028290][   T35] Workqueue: iou_exit io_ring_exit_work
[ 1190.034153][   T35] RIP: 0010:io_ring_exit_work+0x4a3/0x960
[ 1190.040158][   T35] Code: c6 05 05 3e cf 0e 01 48 c7 c7 e0 0e 26 8c be 25 00 00 00 48 c7 c2 a0 0a 26 8c e8 08 ca 75 00 e9 88 fe ff ff e8 ce 5f 99 00 90 <0f> 0b 90 b8 70 17 00 00 48 89 44 24 10 eb 9f c7 84 24 b0 00 00 00
[ 1190.060622][   T35] RSP: 0000:ffffc90000ab7960 EFLAGS: 00010293
[ 1190.066747][   T35] RAX: ffffffff812afa62 RBX: 0000000100015ae0 RCX: ffff888020295ac0
[ 1190.074921][   T35] RDX: 0000000000000000 RSI: fffffffffffffff7 RDI: 0000000000000000
[ 1190.083231][   T35] RBP: ffffc90000ab7af0 R08: ffffc90000ab78e7 R09: 1ffff92000156f1c
[ 1190.091371][   T35] R10: dffffc0000000000 R11: fffff52000156f1d R12: dffffc0000000000
[ 1190.099530][   T35] R13: 0000000100015ad7 R14: 0000000000002000 R15: ffff88805d2be000
[ 1190.108131][   T35] FS:  0000000000000000(0000) GS:ffff8881254bc000(0000) knlGS:0000000000000000
[ 1190.117272][   T35] CS:  0010 DS: 0000 ES: 0000 CR0: 0000000080050033
[ 1190.124165][   T35] CR2: 000000110c320401 CR3: 000000005dd78000 CR4: 00000000003526f0
[ 1190.132295][   T35] Call Trace:
[ 1190.135808][   T35]  <TASK>
[ 1190.138833][   T35]  ? __pfx_io_ring_exit_work+0x10/0x10
[ 1190.144725][   T35]  ? process_scheduled_works+0xa0f/0x17a0
[ 1190.150593][   T35]  ? process_scheduled_works+0xa0f/0x17a0
[ 1190.156586][   T35]  process_scheduled_works+0xaec/0x17a0
[ 1190.162387][   T35]  ? __pfx_process_scheduled_works+0x10/0x10
[ 1190.168485][   T35]  ? assign_work+0x3d5/0x5e0
[ 1190.173192][   T35]  worker_thread+0xa50/0xfc0
[ 1190.177954][   T35]  kthread+0x388/0x470
[ 1190.182076][   T35]  ? __pfx_worker_thread+0x10/0x10
[ 1190.187381][   T35]  ? __pfx_kthread+0x10/0x10
[ 1190.192102][   T35]  ret_from_fork+0x51e/0xb90
[ 1190.196708][   T35]  ? __pfx_ret_from_fork+0x10/0x10
[ 1190.201872][   T35]  ? __switch_to+0xc7d/0x1400
[ 1190.206595][   T35]  ? __pfx_kthread+0x10/0x10
[ 1190.211322][   T35]  ret_from_fork_asm+0x1a/0x30
[ 1190.216248][   T35]  </TASK>
[ 1190.219376][   T35] Kernel panic - not syncing: kernel: panic_on_warn set ...
[ 1190.226762][   T35] CPU: 0 UID: 0 PID: 35 Comm: kworker/u8:2 Tainted: G             L      syzkaller #0 PREEMPT(full) 
[ 1190.237731][   T35] Tainted: [L]=SOFTLOCKUP
[ 1190.242087][   T35] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/24/2026
[ 1190.252431][   T35] Workqueue: iou_exit io_ring_exit_work
[ 1190.258022][   T35] Call Trace:
[ 1190.261447][   T35]  <TASK>
[ 1190.264685][   T35]  vpanic+0x1e0/0x670
[ 1190.268704][   T35]  panic+0xc5/0xd0
[ 1190.272461][   T35]  ? __pfx_panic+0x10/0x10
[ 1190.276983][   T35]  ? ret_from_fork_asm+0x1a/0x30
[ 1190.282048][   T35]  __warn+0x315/0x4a0
[ 1190.286066][   T35]  ? io_ring_exit_work+0x4a3/0x960
[ 1190.291228][   T35]  ? io_ring_exit_work+0x4a3/0x960
[ 1190.296475][   T35]  __report_bug+0x29a/0x540
[ 1190.301259][   T35]  ? __pfx___mutex_trylock_common+0x10/0x10
[ 1190.307462][   T35]  ? io_ring_exit_work+0x4a3/0x960
[ 1190.312642][   T35]  ? __pfx___report_bug+0x10/0x10
[ 1190.317856][   T35]  ? trace_contention_end+0x39/0x100
[ 1190.323162][   T35]  ? __mutex_lock+0x319/0x1300
[ 1190.328129][   T35]  ? io_ring_exit_work+0x41b/0x960
[ 1190.333284][   T35]  ? io_ring_exit_work+0x4a3/0x960
[ 1190.338430][   T35]  report_bug+0x16a/0x220
[ 1190.342786][   T35]  ? io_ring_exit_work+0x4a3/0x960
[ 1190.348202][   T35]  ? io_ring_exit_work+0x4a5/0x960
[ 1190.353343][   T35]  handle_bug+0x98/0x200
[ 1190.357781][   T35]  exc_invalid_op+0x1a/0x50
[ 1190.362293][   T35]  asm_exc_invalid_op+0x1a/0x20
[ 1190.367258][   T35] RIP: 0010:io_ring_exit_work+0x4a3/0x960
[ 1190.373026][   T35] Code: c6 05 05 3e cf 0e 01 48 c7 c7 e0 0e 26 8c be 25 00 00 00 48 c7 c2 a0 0a 26 8c e8 08 ca 75 00 e9 88 fe ff ff e8 ce 5f 99 00 90 <0f> 0b 90 b8 70 17 00 00 48 89 44 24 10 eb 9f c7 84 24 b0 00 00 00
[ 1190.393377][   T35] RSP: 0000:ffffc90000ab7960 EFLAGS: 00010293
[ 1190.399593][   T35] RAX: ffffffff812afa62 RBX: 0000000100015ae0 RCX: ffff888020295ac0
[ 1190.407692][   T35] RDX: 0000000000000000 RSI: fffffffffffffff7 RDI: 0000000000000000
[ 1190.415880][   T35] RBP: ffffc90000ab7af0 R08: ffffc90000ab78e7 R09: 1ffff92000156f1c
[ 1190.423875][   T35] R10: dffffc0000000000 R11: fffff52000156f1d R12: dffffc0000000000
[ 1190.431956][   T35] R13: 0000000100015ad7 R14: 0000000000002000 R15: ffff88805d2be000
[ 1190.440052][   T35]  ? io_ring_exit_work+0x4a2/0x960
[ 1190.445221][   T35]  ? __pfx_io_ring_exit_work+0x10/0x10
[ 1190.451077][   T35]  ? process_scheduled_works+0xa0f/0x17a0
[ 1190.457022][   T35]  ? process_scheduled_works+0xa0f/0x17a0
[ 1190.462938][   T35]  process_scheduled_works+0xaec/0x17a0
[ 1190.468516][   T35]  ? __pfx_process_scheduled_works+0x10/0x10
[ 1190.474604][   T35]  ? assign_work+0x3d5/0x5e0
[ 1190.479427][   T35]  worker_thread+0xa50/0xfc0
[ 1190.484247][   T35]  kthread+0x388/0x470
[ 1190.488367][   T35]  ? __pfx_worker_thread+0x10/0x10
[ 1190.493596][   T35]  ? __pfx_kthread+0x10/0x10
[ 1190.498297][   T35]  ret_from_fork+0x51e/0xb90
[ 1190.503102][   T35]  ? __pfx_ret_from_fork+0x10/0x10
[ 1190.508337][   T35]  ? __switch_to+0xc7d/0x1400
[ 1190.513124][   T35]  ? __pfx_kthread+0x10/0x10
[ 1190.517799][   T35]  ret_from_fork_asm+0x1a/0x30
[ 1190.522701][   T35]  </TASK>
[ 1190.526164][   T35] Kernel Offset: disabled
[ 1190.530779][   T35] Rebooting in 86400 seconds..