last executing test programs:

13.401764521s ago: executing program 3 (id=1573):
r0 = socket$nl_xfrm(0x10, 0x3, 0x6)
sendmsg$nl_xfrm(r0, &(0x7f00000035c0)={0x0, 0x0, &(0x7f0000000540)={&(0x7f00000006c0)=ANY=[@ANYBLOB="00010000100001002cbd7000fbdbdf25fc0200000000000000000000000000010a010102000000000000000000000000000008000000000000000080ff000000", @ANYRES32=0x0, @ANYRES32=0x0, @ANYBLOB="00000000000000000000000000000000000000143c000000ff01000000000000000000000000000103000000000000000000000000000000000000000000000004000000000000000000100000000000000020040000000000000000000000100000000000000010fbffffffffffffff0900000000000000fdffffffffffffff05f0ffffffffffff000000000000000000000000feffffff000000000200"], 0x100}, 0x1, 0x0, 0x0, 0x400d0}, 0x0)

13.287543933s ago: executing program 1 (id=1574):
r0 = socket$nl_route(0x10, 0x3, 0x0)
ioctl$F2FS_IOC_DECOMPRESS_FILE(r0, 0xf517, 0x0)
ioctl$ifreq_SIOCGIFINDEX_vcan(r0, 0x8933, &(0x7f0000000080)={'vxcan0\x00', <r1=>0x0})
sendmsg$nl_route(r0, &(0x7f0000000040)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000100)=@bridge_newvlan={0x8, 0x70, 0x10d, 0x70bd25, 0x25dfdbfc, {0x7, 0x0, 0x0, r1}, [@BRIDGE_VLANDB_ENTRY={0xc, 0x1, 0x0, 0x1, @BRIDGE_VLANDB_ENTRY_RANGE={0x6, 0x2, 0xe}}, @BRIDGE_VLANDB_ENTRY={0xc, 0x1, 0x0, 0x1, @BRIDGE_VLANDB_ENTRY_STATE={0x5, 0x3, 0x6}}]}, 0x30}, 0x1, 0x0, 0x0, 0x20004002}, 0x8000)
r2 = openat(0xffffffffffffff9c, &(0x7f0000000500)='.\x00', 0x0, 0x0)
r3 = landlock_create_ruleset(&(0x7f0000000140)={0x2000}, 0x10, 0x0)
landlock_add_rule$LANDLOCK_RULE_PATH_BENEATH(r3, 0x1, &(0x7f0000000340)={0x2000, r2}, 0x0)
sendmsg$TIPC_NL_MON_GET(0xffffffffffffffff, &(0x7f0000000240)={&(0x7f0000000040), 0xc, 0x0}, 0x0)
r4 = socket$inet_mptcp(0x2, 0x1, 0x106)
bind$inet(r4, &(0x7f0000000380)={0x2, 0x5e21, @local}, 0x10)
getsockopt$inet_mptcp_buf(r4, 0x11c, 0x3, &(0x7f0000000040)=""/185, &(0x7f0000000140)=0xb9)
write$FUSE_NOTIFY_INVAL_ENTRY(r2, &(0x7f0000000180)={0x28, 0x3, 0x0, {0x4, 0x7, 0x0, 'vxcan0\x00'}}, 0x28)
getsockopt$inet_sctp_SCTP_AUTO_ASCONF(r2, 0x84, 0x1e, &(0x7f00000000c0), &(0x7f0000000140)=0x4)

13.006465646s ago: executing program 3 (id=1576):
r0 = socket(0x400000000010, 0x3, 0x0)
r1 = socket$unix(0x1, 0x1, 0x0)
ioctl$sock_SIOCGIFINDEX(r1, 0x8933, &(0x7f0000000200)={'syzkaller0\x00', <r2=>0x0})
sendmsg$nl_route_sched(r0, &(0x7f00000012c0)={0x0, 0x0, &(0x7f0000000080)={&(0x7f00000005c0)=@newqdisc={0x38, 0x24, 0x4ee4e6a52ff56541, 0x70bd2d, 0xffffffff, {0x0, 0x0, 0x0, r2, {0x0, 0xfff1}, {0xffff, 0xffff}, {0x1, 0xf}}, [@qdisc_kind_options=@q_multiq={{0xb}, {0x8, 0x2, {0x28}}}]}, 0x38}}, 0x0)
sendmsg$nl_route_sched(r0, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000440)={&(0x7f00000021c0)=@newtfilter={0xe84, 0x2c, 0xd27, 0x70bd25, 0x8000, {0x0, 0x0, 0x0, r2, {0x0, 0x7}, {}, {0x7, 0x2}}, [@filter_kind_options=@f_fw={{0x7}, {0xe58, 0x2, [@TCA_FW_ACT={0xe54, 0x4, [@m_pedit={0xe50, 0x1, 0x0, 0x0, {{0xa}, {0xe24, 0x2, 0x0, 0x1, [@TCA_PEDIT_PARMS_EX={0xe20, 0x4, {{{0x4, 0x1ff, 0x20000000, 0xc, 0x6}, 0x7f, 0x5}, [{0x2a9, 0x6, 0x810, 0x4, 0x5}, {0x4a7, 0x1ff, 0x4, 0x1, 0x7, 0xdd}, {0x9, 0x7, 0x3ff, 0x7, 0xfffffffd, 0x4}, {0x8, 0x0, 0x6, 0x2, 0x7fff, 0x3}, {0x4f9a, 0x5, 0x1, 0x1, 0x2, 0x8}, {0x0, 0x5, 0x1437, 0xffffffff, 0xee57, 0x9}, {0x77d, 0x8, 0x9, 0x6, 0x8, 0x1}, {0x5, 0x6, 0x0, 0x2, 0x1, 0x7fff}, {0x0, 0x5, 0x4235da1, 0x9, 0x7ec9, 0x8}, {0x10000, 0x2, 0x0, 0x1, 0x3, 0x9}, {0xd, 0xffff0001, 0x0, 0x6, 0x81, 0x4}, {0xfffffffc, 0x4, 0xffff, 0x8, 0xffffffff, 0xfffffffa}, {0x5, 0xd29, 0x101, 0x3, 0x7, 0xc}, {0x0, 0x6, 0x1, 0x72b2, 0xc874, 0x3}, {0x3, 0xf, 0x5, 0x1, 0x1ff, 0x6}, {0x9b9b, 0xffff, 0x6, 0xb, 0xb3d, 0x812}, {0x5, 0x7, 0x2, 0x5, 0x5, 0x4}, {0x6, 0x0, 0x9, 0x2, 0x82, 0x2}, {0xfffffff7, 0x6, 0x2, 0x9, 0xff}, {0x4, 0x1, 0x371, 0x8, 0x0, 0xeac}, {0x9, 0x2, 0xd77, 0x8, 0x113, 0x8d3f}, {0x7, 0xffffffff, 0x4, 0x92a4, 0x9, 0x10}, {0x1a4a13f0, 0x9, 0xe, 0x3, 0xad47, 0xf83b}, {0x1ff, 0x5, 0x7, 0xfff, 0x9}, {0x100, 0x4, 0x200, 0x9, 0x1, 0x9df}, {0x9, 0x1, 0x65, 0x9, 0x7}, {0x401, 0x10001, 0x9, 0x200, 0x9, 0x1}, {0x6, 0x10, 0xf, 0x2, 0x6, 0x3}, {0xf23, 0x3ff, 0x0, 0x9, 0xffffffff}, {0x80000000, 0x6, 0x0, 0x6, 0x6, 0xd}, {0x0, 0x81, 0xd, 0x8000, 0x3, 0x2}, {0x800, 0x9, 0x6, 0x3, 0x7, 0x8}, {0x7, 0x8, 0x7358, 0x7, 0x8, 0xffffffff}, {0x4d9, 0x45db8bad, 0xb3dd, 0x1, 0xbc, 0x7ff}, {0x7, 0x1, 0x3, 0x3, 0x3, 0x7a}, {0x5a1b, 0x1, 0x1, 0x7ff, 0x3, 0x4}, {0x3, 0x7, 0x4, 0x4, 0x1c716ddc, 0x8}, {0xffffffa5, 0x7, 0x0, 0x10, 0x3, 0x5}, {0x8219, 0x0, 0x2, 0x6, 0x3, 0x2}, {0x62, 0xf4, 0x5, 0x4, 0x4, 0x67}, {0x5, 0x4, 0x53, 0x8, 0xc0000000, 0x7}, {0x2, 0x5, 0x2, 0xffff, 0x2, 0x2}, {0x80000001, 0x94c, 0x6, 0xfffffe00, 0x5, 0x7b27}, {0x2, 0x6, 0x1000, 0x9, 0x9}, {0xa, 0x0, 0x9, 0x4, 0xe, 0x9}, {0xdf, 0x7fff, 0x8000, 0x81, 0xff, 0xfffffff8}, {0x2, 0x10000, 0x9, 0x2, 0x2}, {0x2, 0x6, 0x9, 0x1, 0x2, 0x40}, {0xfffffe00, 0x3, 0x74d2, 0x3, 0x80000001, 0x6}, {0xe3f6, 0x8, 0xfffffff7, 0x1, 0x6, 0xc}, {0x8, 0x9, 0x8e, 0x33, 0x10001, 0x22cb}, {0x2, 0x31f5, 0x7, 0x5, 0x7fffffff, 0x1}, {0x9, 0x10001, 0x4, 0x8, 0x7, 0x9}, {0xb, 0x1ff, 0xb, 0x3, 0x5, 0x80000001}, {0x7, 0x7, 0x69b, 0x3, 0x8, 0x339}, {0xee, 0x80000000, 0xfba6, 0x101, 0x5, 0xb}, {0x3, 0x458, 0x6, 0xf, 0x7, 0x8000}, {0x9, 0xfffffffa, 0x1000, 0x8, 0xb, 0xce5a}, {0x400, 0xffff, 0x3, 0xbcbb, 0x7, 0xb}, {0x0, 0xe000, 0xb, 0x8, 0x2, 0x1}, {0x1, 0x0, 0x2, 0x9, 0x0, 0x401}, {0xd, 0x1, 0x2, 0xf, 0x81, 0x5}, {0x6, 0xfff, 0x3, 0x5, 0x4, 0x3649}, {0x7, 0x2, 0x80000000, 0x9, 0x1630, 0x9e73}, {0xb, 0x1b6, 0xc4, 0x3, 0x4, 0xca}, {0x4, 0x5, 0x401, 0x4, 0xfffffff8, 0x40}, {0x8, 0x4594, 0x8, 0x4, 0x0, 0xffff}, {0x100, 0xfffffffb, 0x6, 0x0, 0x9, 0x6}, {0x3, 0xf7b, 0x3, 0x8, 0x6, 0x3}, {0x1, 0x5, 0x3, 0xab9, 0x7, 0x9}, {0xffffffff, 0x0, 0xfc, 0x7, 0x6, 0x10}, {0xf, 0x1, 0xa000000, 0x1, 0x101, 0x1f3}, {0x7ff, 0x9, 0xfffff001, 0x8001, 0x2, 0x2}, {0x4, 0xf, 0x6, 0x1, 0x9, 0xfffffff8}, {0x3, 0x3, 0x7, 0x9, 0x10, 0x1}, {0x5, 0x100, 0xffffffff, 0x963, 0x2, 0xc}, {0x6, 0x50, 0x6, 0xa, 0x0, 0x3}, {0x649, 0x2, 0x80000001, 0x8, 0x0, 0x1}, {0x8, 0xfff, 0x6, 0x80000001, 0x7fffffff, 0x3}, {0xa3, 0x81, 0x9fcb, 0x1, 0x8, 0x7fff}, {0x0, 0x2, 0x750c, 0x0, 0x1, 0xfffffffc}, {0x7ff, 0x7, 0x10000, 0x9, 0x4, 0x88}, {0x5, 0x10001, 0x7fff, 0x81, 0xfffffff4, 0x7}, {0x5, 0x7, 0x5, 0x4, 0x1ff}, {0x3, 0x0, 0x3ff, 0x7fffffff, 0x9, 0x7}, {0xdac, 0x1, 0x4, 0x80000001, 0x3, 0x8}, {0x7, 0xffffffff, 0x6, 0x8, 0x80000001, 0xa}, {0x2, 0x4, 0x4, 0x401, 0xe32}, {0x5, 0x7, 0x6, 0x8, 0x2, 0x2}, {0x10001, 0x5, 0x3, 0x4, 0x9, 0xfffffffa}, {0x2, 0x0, 0x3, 0x6, 0x800, 0x7}, {0x0, 0x0, 0x3, 0x8, 0x1, 0x3}, {0x3, 0x3, 0xffffffff, 0x3, 0x800, 0xde}, {0x5, 0x66, 0x41d0, 0x8001, 0x1, 0x3}, {0x6, 0x7, 0xfffffffc, 0x4, 0x3, 0x92c}, {0x4, 0xffff, 0x0, 0x101, 0x4, 0x1}, {0x9, 0xf667, 0x5, 0x3, 0x9, 0x4}, {0x1731, 0xa, 0x9960, 0x9, 0x1, 0x7}, {0xd, 0xfffffffa, 0x1, 0x3, 0x40, 0x2}, {0x1, 0x4, 0x80000000, 0x80000001, 0x2, 0x6}, {0x7, 0x2, 0xffffff3a, 0x4cf, 0x800, 0x6}, {0x8000, 0x6, 0x1, 0x0, 0x100, 0x80000000}, {0x3b, 0x5562334a, 0x2, 0x2, 0x6, 0x81}, {0x4, 0x96, 0x81, 0x0, 0x101, 0x7}, {0x4, 0xff, 0x9, 0x0, 0x81, 0x29}, {0xa, 0x5, 0x0, 0x9, 0xffffffff, 0xfb4}, {0x80000000, 0x2, 0xffff, 0x39b4, 0x1, 0x800}, {0x61, 0x2d, 0x6, 0x1fe4c5d2, 0x1, 0x3}, {0x1, 0xe2, 0x7ff, 0x7ff, 0x7f, 0x29d0}, {0x0, 0x4, 0xc, 0xd594, 0x9, 0x7}, {0x6, 0x0, 0x7, 0x9, 0x7, 0x9}, {0x80e9, 0x7, 0x9, 0x1, 0x1, 0x18000}, {0x400, 0x9, 0x0, 0x6f}, {0x2, 0x1, 0x6, 0x3, 0xfffff71b, 0xce}, {0x1, 0xff, 0xb, 0x4, 0x800, 0x1}, {0x6, 0x2, 0x8, 0xfff, 0x4, 0x7fff}, {0x0, 0x0, 0x7f, 0x401, 0x7, 0x7fff}, {0x7, 0xb, 0x10000, 0x1, 0x8000, 0xfffff830}, {0x3, 0x4, 0x2, 0x1, 0x6, 0x2b4}, {0x3cd2dbce, 0x929a, 0x9dc, 0x0, 0x8, 0xfffffffc}, {0x6, 0x0, 0xe61, 0xc5c3, 0x3, 0x1}, {0x7, 0x2, 0x197a, 0x7, 0x1, 0x8}, {0xff, 0x2c, 0xfffffc01, 0x1, 0x3, 0x100}, {0x0, 0x6, 0x10001, 0x40ce7, 0xec, 0x1000}, {0xffffffff, 0x6, 0xffffffff, 0x9, 0x2, 0x6}, {0xfa, 0x9, 0xbf1d, 0x9, 0x80, 0x5}, {0x1c91, 0x5f27, 0x1, 0x0, 0x6, 0xcf}, {0x37, 0x622, 0x2, 0x1, 0x7, 0x2}], [{0x5}, {0xccffbfc290ab3baa}, {}, {0x2}, {0x2}, {0x0, 0x1}, {0x3}, {0x4, 0x1}, {}, {0x1, 0x1}, {0x1}, {0x2}, {0x3}, {0x0, 0x1}, {0x5, 0x1}, {0x2}, {0x3, 0x1}, {0x1}, {0x1}, {0x1, 0x1}, {0x0, 0x1}, {0x1, 0x1}, {}, {0x2, 0x1}, {0x4}, {0x2}, {0x2, 0x1}, {0x2, 0x1}, {0x2, 0x1}, {}, {0x3}, {0x3, 0x1}, {0x5, 0x1}, {0x3, 0x1}, {0x1, 0x1}, {}, {0x5, 0x1}, {0x3}, {0x2}, {0x4}, {0x5}, {0x5, 0x1}, {0x2}, {0x1, 0x1}, {0x4}, {0x4, 0x1}, {0x4, 0x1}, {0x2}, {0x4, 0x1}, {0x2}, {0x1, 0x1}, {0x3, 0x1}, {0x0, 0x1}, {0x4, 0x1}, {0x4, 0x1}, {}, {0x2}, {0x4, 0x1}, {0x4, 0x1}, {0xed3229170eca159}, {0x2, 0x1}, {0x1}, {0x3}, {0x3, 0x1}, {}, {0x2, 0x1}, {0x1, 0x1}, {0x0, 0x1}, {0x1, 0x1}, {0x3, 0x1}, {0x3}, {0x4}, {0x3, 0x1}, {0x1}, {0x3}, {0x1, 0x1}, {0x2}, {0x5, 0x1}, {0x4}, {0x5, 0x1}, {0x2, 0x1}, {0x0, 0x1}, {0x3, 0x1}, {0x4}, {0x0, 0x1}, {0x5, 0x1}, {0x5, 0x1}, {0x5, 0x1}, {0x5}, {0x5}, {0x4, 0x1}, {0x4, 0x1}, {0x4}, {0x5}, {0x54e1b160e6ec45e8, 0x1}, {0x1}, {0x2}, {0x3, 0x1}, {0x3, 0x1}, {0x0, 0x1}, {}, {0x4, 0x1}, {0x4, 0x1}, {0x5}, {0x0, 0x1}, {0x3}, {0x0, 0x1}, {0x5}, {}, {0x2}, {0x5, 0x1}, {0x4}, {0x2}, {0x9baeccaf277094c4, 0x1}, {}, {0x2, 0x1}, {}, {}, {0x8f9fc2e2ef57f2f0}, {0x3, 0x1}, {0x2, 0x1}, {0x2}, {0x3}, {0x3}, {0x2, 0x1}, {0x2, 0x1}, {0x1}, {0x1}], 0x1}}]}, {0x4}, {0xc}, {0xc, 0x8, {0x2, 0x2}}}}]}]}}]}, 0xe84}, 0x1, 0x0, 0x0, 0x81}, 0x800)

13.006032756s ago: executing program 1 (id=1577):
r0 = syz_open_dev$vim2m(0x0, 0x0, 0x2)
ioctl$vim2m_VIDIOC_EXPBUF(r0, 0xc0405610, &(0x7f0000000100)={0x2, 0x6, 0x1, 0x880})
r1 = openat$uinput(0xffffffffffffff9c, &(0x7f0000000040), 0x802, 0x0)
write$uinput_user_dev(r1, &(0x7f0000000840)={'syz1\x00', {0x3bb, 0x10, 0x5, 0x5}, 0xe, [0xf, 0x0, 0x6, 0x0, 0x4, 0x7, 0x3, 0x10001, 0x7, 0xcf, 0x14, 0x8d, 0x2, 0x9, 0xff, 0x7f, 0x7, 0x0, 0x9, 0x2, 0x4, 0x7, 0xfffffffe, 0x3, 0x497d, 0x3, 0xe5be, 0xd, 0x200, 0xffffffff, 0x1, 0xab, 0xe9, 0x7ff, 0x0, 0x21f3, 0xfffffffd, 0xf688, 0x8, 0x1, 0xff, 0x8, 0x430, 0x7, 0x5ced2a4a, 0x4, 0x3, 0x9, 0x101, 0x1, 0x2, 0x5, 0xcfc7, 0x6, 0x6, 0x80000000, 0x4, 0x401, 0x2, 0x9, 0x4, 0x800, 0x6, 0x8], [0x3, 0x2, 0xffffffff, 0x3f7a, 0x0, 0x1, 0x2, 0x5738, 0xb, 0xffd, 0xc, 0x3, 0x26, 0x9, 0xe, 0x8, 0x6, 0x2, 0x6, 0x818, 0x3, 0x4, 0x7fffffff, 0x2, 0xffffff00, 0x0, 0x7, 0x1, 0x7, 0x0, 0x10, 0x6, 0x5, 0x4, 0x40000004, 0xfffffff1, 0x6, 0x1000, 0x80000001, 0x2, 0x16, 0x1220, 0x1, 0x8, 0x5, 0x759b, 0x80, 0x7, 0x7, 0x5, 0xfff, 0xa1de, 0x7, 0x0, 0x7, 0x1, 0x4, 0xff, 0x6, 0x3, 0xe74, 0x5, 0x7579, 0x2], [0x2, 0x2, 0x8, 0x8, 0x1, 0x1, 0x7f, 0x0, 0x5, 0x4, 0x5, 0x5, 0x6, 0x0, 0xff, 0x5, 0x2, 0x8000, 0x1, 0x6, 0x4, 0x6, 0x4, 0x8, 0x1000, 0x100, 0x8001, 0x8, 0xfffff646, 0xd5c3, 0x9, 0x9, 0x80000000, 0x9, 0xd, 0xffffff96, 0xa1, 0x7, 0x7, 0xa, 0x9, 0x3, 0xfffffffa, 0x6, 0xf3, 0xff, 0x6, 0x16d, 0x3, 0x7, 0xa0aa, 0xffff71a5, 0x9, 0x5207, 0x7ff, 0xffff, 0xf9e, 0xb, 0x4, 0x1, 0x20007, 0x4, 0x80000001, 0x4], [0x9, 0x10001, 0x5, 0x0, 0x6, 0x8, 0xf, 0x1000, 0x8, 0x5d0, 0x3, 0x6, 0x1, 0xa89, 0x4, 0x0, 0x9, 0xdce, 0x7ffffffe, 0x9, 0x8, 0x1, 0x536, 0x9, 0x0, 0x9, 0xfffffffb, 0x9, 0xea59, 0x101, 0x100005, 0x7, 0x0, 0x4, 0xa, 0xfa7, 0xd6, 0x2, 0x7, 0xffff, 0x8, 0x8000, 0xffff, 0x0, 0x2080, 0xffdff330, 0x8, 0x8, 0x754d, 0x4, 0x3, 0x2, 0x400, 0x3, 0x3, 0x3ff, 0xff, 0xfffffff9, 0x0, 0x0, 0x5, 0xfffffff8, 0x6, 0x80000]}, 0x45c)
socket$nl_netfilter(0x10, 0x3, 0xc)
ioctl$vim2m_VIDIOC_S_FMT(r0, 0xc0d05605, &(0x7f0000000140)={0x3, @vbi={0x3, 0x2, 0xc76, 0x49433553, [0x3, 0x400], [0xfffffffe, 0x2], 0x13a}})
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x2, 0x8b}, 0x0)
sched_setscheduler(0x0, 0x1, &(0x7f0000000180)=0x4)
sched_setaffinity(0x0, 0x8, &(0x7f0000000100)=0x40000002)
r2 = syz_open_dev$MSR(&(0x7f00000001c0), 0x0, 0x0)
sendmsg$IPSET_CMD_DESTROY(0xffffffffffffffff, &(0x7f0000000500)={0x0, 0x0, &(0x7f0000000040)={&(0x7f00000000c0)=ANY=[@ANYRES64], 0x28}, 0x1, 0x0, 0x0, 0x1}, 0x0)
read$msr(r2, &(0x7f0000019540)=""/102392, 0x18ff8)
bpf$BPF_PROG_TEST_RUN(0xa, &(0x7f00000002c0)={0xffffffffffffffff, 0x0, 0x97, 0x0, &(0x7f0000000340)="cbb4415213c9173f632e12c7b56bd7ece4e9f881ec131ea3e49b06c4352eb1ae0443d4a124b9af53135c751fa7ebc63dd6e5df2c31945a29f7631028039de7d23b87971c38d9b21911d10fe99426aef5f930d4ef5a751677dc04559f21d9f1b1dd77342b9eedc764c8a4e444e76c6f0ca009d97e53f8ebd38c0d2e5f94d266ecfa93d52f4481ac8ed270d66ed4c48f97cb1f7862f2e9ac", 0x0, 0xe160, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2}, 0x4c)
writev(0xffffffffffffffff, 0x0, 0x0)
socket$nl_route(0x10, 0x3, 0x0)
socket$inet_udplite(0x2, 0x2, 0x88)
prctl$PR_SET_SECUREBITS(0x1c, 0x1d)
syz_open_dev$usbfs(&(0x7f0000000480), 0xd, 0x141341)
r3 = epoll_create1(0x0)
r4 = epoll_create1(0x0)
epoll_ctl$EPOLL_CTL_ADD(r3, 0x1, r4, &(0x7f0000000100)={0xa000000d})
epoll_ctl$EPOLL_CTL_ADD(r3, 0x1, 0xffffffffffffffff, &(0x7f0000000400)={0x10})
bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, 0x0, 0x0)
r5 = socket(0x1a, 0x6, 0x4)
syz_80211_inject_frame(&(0x7f0000000300)=@device_b, 0x0, 0x5a)
r6 = socket$kcm(0x10, 0x2, 0x0)
sendmsg$kcm(r6, &(0x7f0000000600)={0x0, 0xc, &(0x7f0000000000)=[{&(0x7f0000000080)="2e00000010008188e6b62aa73772cc9f1ba1f848480000005e140602000000000e000a000f000000028000001294", 0x2e}], 0x1}, 0x0)
connect$inet6(r5, 0x0, 0x0)
sendmsg$nl_route(r5, 0x0, 0x0)

12.684780969s ago: executing program 3 (id=1579):
sendto$inet(0xffffffffffffffff, &(0x7f000001b000)="2689968d54db21a45f27e53c0887edd6113939dc5a2fb40c521cff", 0x1b, 0x4000000, 0x0, 0x0)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x1, 0x0)
r0 = syz_open_dev$dmmidi(&(0x7f00000001c0), 0x8, 0x0)
ioctl$BTRFS_IOC_SET_FEATURES(r0, 0x40309439, &(0x7f0000000600)={0x2, 0x1, 0x3})
sendmsg$nl_route_sched(0xffffffffffffffff, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000000040)={&(0x7f00000000c0)=@newtaction={0xa4, 0x30, 0x1, 0x0, 0x0, {}, [{0x90, 0x1, [@m_ct={0x44, 0x22, 0x0, 0x0, {{0x7}, {0x1c, 0x2, 0x0, 0x1, [@TCA_CT_PARMS={0x18, 0x1, {0xe4b, 0x11e41e7a, 0x20000000, 0x3, 0xf}}]}, {0x4}, {0xc, 0x7, {0x0, 0x1}}, {0xfffffffffffffea1, 0x8, {0x0, 0x1}}}}, @m_ife={0x48, 0x1, 0x0, 0x0, {{0x8}, {0x20, 0x2, 0x0, 0x1, [@TCA_IFE_PARMS={0x1c, 0x1, {{0x0, 0x9}, 0x80}}]}, {0x4}, {0xc}, {0xc, 0x8, {0x2, 0x2}}}}]}]}, 0xa4}, 0x1, 0x0, 0x0, 0x804}, 0x0)
bpf$BPF_BTF_LOAD(0x12, &(0x7f0000000300)={&(0x7f0000000440)={{0xeb9f, 0x1, 0x0, 0x18, 0x0, 0x7c, 0x7c, 0x2, [@var, @func_proto={0x0, 0x6, 0x0, 0xd, 0x0, [{}, {}, {}, {}, {}, {}]}, @func, @volatile, @volatile, @volatile={0x0, 0x0, 0x0, 0x9, 0x2}]}}, 0x0, 0x96}, 0x20)
r1 = bpf$BPF_BTF_LOAD(0x12, 0x0, 0x0)
bpf$PROG_LOAD_XDP(0x5, &(0x7f0000000500)={0x6, 0x3, &(0x7f0000000200)=@framed, &(0x7f0000000280)='GPL\x00', 0x5, 0xe2, &(0x7f00000002c0)=""/226, 0x0, 0x0, '\x00', 0x0, 0x25, r1, 0x8, 0x0, 0x0, 0x10, &(0x7f00000004c0), 0x2, 0x0, 0x0, 0x2, 0x0, 0x0, 0x11}, 0x8f)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000380)=0x34)
r2 = getpid()
sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x10000000000002)
arch_prctl$ARCH_SET_CPUID(0x1012, 0x0)
arch_prctl$ARCH_SET_CPUID(0x1012, 0x1)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeef, 0x8031, 0xffffffffffffffff, 0x0)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={<r3=>0xffffffffffffffff, <r4=>0xffffffffffffffff})
connect$unix(r3, &(0x7f000057eff8)=@file={0x0, './file0\x00'}, 0x6e)
r5 = socket$inet_sctp(0x2, 0x1, 0x84)
getsockopt$inet_sctp_SCTP_STREAM_SCHEDULER(0xffffffffffffffff, 0x84, 0x7b, &(0x7f0000000280)={<r6=>0x0, 0x2}, &(0x7f0000000300)=0x8)
sendmsg$inet_sctp(r5, &(0x7f0000000580)={&(0x7f0000000180)=@in6={0xa, 0x4e22, 0x7, @loopback, 0x11001}, 0x1c, &(0x7f00000005c0)=[{&(0x7f00000003c0)="84705c259da858d740c2c0501edf2b7b0ec67fa6aba8213c7e102e82a06b05025144f87bce4f6bffe92f3c6159edfcee017fccd80a05a8282498b2e1f216fc52d64c321560098a868b569e5f9a7d531803f0d8e3987a6f962882dc85bc380f6cffbd1263dd281d1ff3277ad962459cb2f5c37d6b3ed60bdb1caff5c339fab95e518a645df28775c95780b3c707ce25ad82b1dafa65b4ac16b55924f16006e877a7c64a3d345e555d89f88649c09ad8eab919353632bdfca45f1bc413c952f1b3239ca00164ffc9f9c3efe7c029f1ede35c5d7be0806927b65e89970f11bc7ae2e30d0a48bb933115189d4615ab27eff142414df609d38c22", 0xf8}, {&(0x7f00000004c0)="2cc2f7ceb906f80c2ab80aa2a3d6edce9e64d6c9c124890a9de424105613dd20df12e0e45c1a2a84ca7f43e724f996835e0fb940800235492b9ed19974da917a4a21a0d88f9cd4cbf7ff027684343acf62f5743c80318fdc223b0270449e85d79090ec1507233b11b07c36a2129b98476a323abf639ea78717ce7d3d2dfa12b1fc002c000589fda9af072351a29a2e1243f747085882fe67adaa3f9f59bd87e0ca464096f538055c2db3006d45165bd805178728bf", 0xb5}], 0x2, &(0x7f0000000340)=[@sndrcv={0x2c, 0x84, 0x1, {0x0, 0xe06, 0x8008, 0x401, 0x1, 0x3, 0x2, 0x800, r6}}], 0x2c, 0x40}, 0x4044814)
sendmmsg$unix(r4, &(0x7f0000000000), 0x400000000000041, 0x0)
sched_setaffinity(r2, 0x8, &(0x7f0000000240)=0x2)
socket$inet6_tcp(0xa, 0x1, 0x0)
openat$vicodec1(0xffffffffffffff9c, 0x0, 0x2, 0x0)
mkdirat(0xffffffffffffff9c, &(0x7f0000002000)='./file0\x00', 0x0)
mount$binder(0x0, &(0x7f0000000040)='./file0\x00', &(0x7f0000000080), 0x1000810, &(0x7f0000000000)={[{@stats}]})
chroot(0x0)
umount2(&(0x7f0000000000)='./file0\x00', 0x0)
syz_open_procfs$namespace(0xffffffffffffffff, &(0x7f0000000100)='ns/net\x00')

11.654993222s ago: executing program 3 (id=1583):
bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000300)={0x18, 0x3, 0x0, &(0x7f0000000000)='GPL\x00', 0x4, 0xba, &(0x7f0000000140)=""/186, 0x41000, 0x2b, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x37}, 0x94)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0)
sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x7)
r0 = getpid()
sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2)
sched_setscheduler(r0, 0x2, &(0x7f0000000200)=0x6)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeef, 0x8031, 0xffffffffffffffff, 0x0)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={<r1=>0xffffffffffffffff, <r2=>0xffffffffffffffff})
connect$unix(r1, &(0x7f000057eff8)=@file={0x0, './file0\x00'}, 0x6e)
sendmmsg$unix(r2, &(0x7f0000000000), 0x400000000000041, 0x0)
sched_setaffinity(r0, 0x8, &(0x7f0000000240)=0x2)
recvmmsg(r1, &(0x7f0000000040), 0x80002c1, 0x2, 0x0)
socket(0x40000000015, 0x5, 0x0)
syz_io_uring_setup(0x88f, 0x0, &(0x7f0000000000), &(0x7f0000000280))
syz_genetlink_get_family_id$nl80211(&(0x7f0000000340), 0xffffffffffffffff)
sendmsg$NFT_BATCH(0xffffffffffffffff, &(0x7f00000000c0)={0x0, 0x0, 0x0}, 0x20050840)
r3 = socket$nl_generic(0x10, 0x3, 0x10)
sendmsg$nl_generic(r3, &(0x7f00000000c0)={0x0, 0x0, 0x0}, 0xc000)
r4 = socket$nl_netfilter(0x10, 0x3, 0xc)
sendmsg$IPSET_CMD_CREATE(r4, &(0x7f0000000040)={0x0, 0x0, &(0x7f0000000080)={&(0x7f0000000600)=ANY=[@ANYBLOB="5c0000000206050800000000000000000000000005000400000000000900020073797a30000000001400078008001340000000000800064000000000050005000000000005000100060000000d000300686173683a6d6163"], 0x5c}}, 0x0)
r5 = socket$nl_netfilter(0x10, 0x3, 0xc)
sendmsg$IPSET_CMD_ADD(r5, &(0x7f0000000240)={0x0, 0x0, &(0x7f0000000280)={&(0x7f0000000440)=ANY=[@ANYBLOB="440000000a0605000000000000000000010000050900020073797a30000000000500010007000000080009400000000114000880100007800a001100aa"], 0x44}, 0x1, 0x0, 0x0, 0x8040}, 0x44000)

11.284509421s ago: executing program 1 (id=1586):
r0 = socket$caif_stream(0x25, 0x1, 0x5)
r1 = bpf$MAP_CREATE_TAIL_CALL(0x0, &(0x7f0000002100)={0x3, 0x4, 0x4, 0xa, 0x0, 0xffffffffffffffff, 0x0, '\x00', 0x0, 0xffffffffffffffff, 0x2}, 0x50)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x1, 0x0)
sendmsg$nl_route_sched(0xffffffffffffffff, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000000040)={&(0x7f00000000c0)=@newtaction={0xa4, 0x30, 0x1, 0x0, 0x0, {}, [{0x90, 0x1, [@m_ct={0x44, 0x2, 0x0, 0x0, {{0x7}, {0x1c, 0x2, 0x0, 0x1, [@TCA_CT_PARMS={0x18, 0x1, {0xe4b, 0x11e41e7a, 0x20000000, 0x3, 0xf}}]}, {0x4}, {0xc, 0x7, {0x0, 0x1}}, {0xc, 0x8, {0x0, 0x1}}}}, @m_ife={0x48, 0x2, 0x0, 0x0, {{0x8}, {0x20, 0x2, 0x0, 0x1, [@TCA_IFE_PARMS={0x1c}]}, {0x4}, {0xc}, {0xc, 0x8, {0x0, 0x2}}}}]}]}, 0xa4}, 0x1, 0x0, 0x0, 0x804}, 0x0)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000380)=0x34)
r2 = getpid()
sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x10000000000002)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeef, 0x8031, 0xffffffffffffffff, 0x0)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={<r3=>0xffffffffffffffff, <r4=>0xffffffffffffffff})
connect$unix(r3, &(0x7f000057eff8)=@file={0x0, './file0\x00'}, 0x6e)
sendmmsg$unix(r4, &(0x7f0000000000), 0x400000000000041, 0x0)
sched_setaffinity(r2, 0x8, &(0x7f0000000240)=0x2)
recvmmsg(r3, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
r5 = socket$pptp(0x18, 0x1, 0x2)
connect$pptp(r5, &(0x7f00000001c0)={0x18, 0x2, {0x3, @remote}}, 0x1e)
syz_usbip_server_init(0x6)
bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xb, &(0x7f0000000840)=ANY=[@ANYBLOB="18000000000000000000000000000000180100002020702500000000002020207b1af8ff00000000bfa100000000000007010000f8ffffffb702000008000000b703000000000000850000007100000095"], &(0x7f0000000200)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback=0x1f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7}, 0x94)
bpf$PROG_LOAD_XDP(0x5, &(0x7f0000000680)={0x6, 0x8, &(0x7f0000000000)=@framed={{0x18, 0x0, 0x0, 0x0, 0x400000}, [@tail_call={{0x18, 0x2, 0x1, 0x0, r1}}]}, 0x0, 0x7, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x25, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x1}, 0x94)
prctl$PR_SET_SYSCALL_USER_DISPATCH_ON(0x3b, 0x1, 0x0, 0x9, &(0x7f0000006680))
statfs(&(0x7f0000000040)='./cgroup.net/cgroup.procs\x00', &(0x7f00000002c0)=""/166)
mount(&(0x7f0000000180)=@loop={'/dev/loop', 0x0}, &(0x7f0000000280)='./file0\x00', &(0x7f00000003c0)='jffs2\x00', 0xc9812, &(0x7f0000000400)='/+^($}@\x00')
recvmmsg(r0, &(0x7f0000001c00), 0x0, 0x40, 0x0)
r6 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000002c80)={0x3, 0x5, &(0x7f0000000040)=ANY=[], 0x0, 0x0, 0x0, 0x0, 0x0, 0xb}, 0x94)
bpf$BPF_PROG_TEST_RUN(0xa, &(0x7f00000002c0)={r6, 0x0, 0xe, 0x0, &(0x7f0000000380)="e0b9547ed387dbe9abc89b6f5bec", 0x0, 0xc, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x50)
bpf$PROG_LOAD(0x5, &(0x7f0000000080)={0x11, 0x8, &(0x7f0000000a80)=ANY=[@ANYBLOB], 0x0}, 0x94)
bpf$MAP_CREATE(0x600000000000000, &(0x7f0000000580)=@base={0xf, 0x4, 0x4, 0x20002, 0x0, 0x1, 0xfffffffd, '\x00', 0x0, 0xffffffffffffffff, 0x0, 0x4}, 0x48)
r7 = syz_open_dev$radio(&(0x7f0000000040), 0x2, 0x2)
ioctl$VIDIOC_S_HW_FREQ_SEEK(r7, 0x40305652, &(0x7f0000000000)={0x0, 0x1, 0xe98})
ioctl$FS_IOC_ENABLE_VERITY(r0, 0x40806685, &(0x7f0000000100)={0x1, 0x2, 0x1000, 0x5f, &(0x7f0000000000)="c9720794b643fa8d60f840cb8cbcb9c64ee6b722b4fa802127d837e98759d76e7fa22055f4f79ba60e6e31dbae081915227eee5047e28fa59356d2328807ee2b067252dbcceebe9feef2c8fb7dfa6c9cdb5835c6d669520f11a80e83bb5850", 0x42, 0x0, &(0x7f0000000080)="00ea71676dfa1182e1979fd8abe82afc8ed11f19c7b3ecf77c46711d0181b5d91c71a7af19357bbe56e77e1d63f3b2cb0b1811a4c2174a8062174cc64bc4dce2d715"})

10.95657504s ago: executing program 0 (id=1587):
syz_usb_connect$uac1(0x0, 0x0, 0x0, 0x0)
socket$netlink(0x10, 0x3, 0x0)
socket(0x10, 0x803, 0x0)
bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000840)={0x18, 0x3, &(0x7f0000000040)=ANY=[@ANYRES32], &(0x7f0000000300)='GPL\x00', 0x2, 0xb3, &(0x7f0000000140)=""/179, 0x41100, 0x7b, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x38}, 0x94)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0)
sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x7)
r0 = getpid()
sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2)
sched_setscheduler(r0, 0x2, &(0x7f0000000200)=0x6)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeef, 0x8031, 0xffffffffffffffff, 0x0)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={<r1=>0xffffffffffffffff, <r2=>0xffffffffffffffff})
connect$unix(r1, &(0x7f000057eff8)=@file={0x0, './file0\x00'}, 0x6e)
sendmmsg$unix(r2, &(0x7f0000000000), 0x400000000000041, 0x0)
sched_setaffinity(r0, 0x8, &(0x7f0000000240)=0x2)
recvmmsg(r1, &(0x7f0000000040), 0x80002c1, 0x2, 0x0)
prctl$PR_SET_VMA(0x53564d41, 0x0, &(0x7f0000ffa000/0x2000)=nil, 0x2000, 0x0)
mount$9p_virtio(0x0, 0x0, &(0x7f00000004c0), 0x8c, 0x0)
r3 = openat$tun(0xffffffffffffff9c, &(0x7f0000000240), 0x0, 0x0)
ioctl$TUNSETIFF(r3, 0x400454ca, &(0x7f0000000040)={'syzkaller0\x00', 0x7101})
r4 = socket(0x400000000010, 0x3, 0x0)
r5 = socket$unix(0x1, 0x1, 0x0)
ioctl$sock_SIOCGIFINDEX(r5, 0x8933, &(0x7f0000000200)={'syzkaller0\x00', <r6=>0x0})
sendmsg$nl_route_sched(r4, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000440)={&(0x7f00000021c0)=@newtfilter={0xe84, 0x2c, 0xd27, 0x70bd25, 0x8000, {0x0, 0x0, 0x0, r6, {0x0, 0x7}, {}, {0x7, 0x2}}, [@filter_kind_options=@f_fw={{0x7}, {0xe58, 0x2, [@TCA_FW_ACT={0xe54, 0x4, [@m_pedit={0xe50, 0x1, 0x0, 0x0, {{0xa}, {0xe24, 0x2, 0x0, 0x1, [@TCA_PEDIT_PARMS_EX={0xe20, 0x4, {{{0x4, 0x1ff, 0x20000000, 0xc, 0x6}, 0x7f, 0x5}, [{0x2a9, 0x6, 0x810, 0x4, 0x5}, {0x4a7, 0x1ff, 0x4, 0x1, 0x7, 0xdd}, {0x9, 0x7, 0x3ff, 0x7, 0xfffffffd, 0x4}, {0x8, 0x0, 0x6, 0x2, 0x7fff, 0x3}, {0x4f9a, 0x5, 0x1, 0x1, 0x2, 0x8}, {0x0, 0x5, 0x1437, 0xffffffff, 0xee57, 0x9}, {0x77d, 0x8, 0x9, 0x6, 0x8, 0x1}, {0x5, 0x6, 0x0, 0x2, 0x1, 0x7fff}, {0x0, 0x5, 0x4235da1, 0x9, 0x7ec9, 0x8}, {0x10000, 0x2, 0x0, 0x1, 0x3, 0x9}, {0xd, 0xffff0001, 0x0, 0x6, 0x81, 0x4}, {0xfffffffc, 0x4, 0xffff, 0x8, 0xffffffff, 0xfffffffa}, {0x5, 0xd29, 0x101, 0x3, 0x7, 0xc}, {0x0, 0x6, 0x1, 0x72b2, 0xc874, 0x3}, {0x3, 0xf, 0x5, 0x1, 0x1ff, 0x6}, {0x9b9b, 0xffff, 0x6, 0xb, 0xb3d, 0x812}, {0x5, 0x7, 0x2, 0x5, 0x5, 0x4}, {0x6, 0x0, 0x9, 0x2, 0x82, 0x2}, {0xfffffff7, 0x6, 0x2, 0x9, 0xff}, {0x4, 0x1, 0x371, 0x8, 0x0, 0xeac}, {0x9, 0x2, 0xd77, 0x8, 0x113, 0x8d3f}, {0x7, 0xffffffff, 0x4, 0x92a4, 0x9, 0x10}, {0x1a4a13f0, 0x9, 0xe, 0x3, 0xad47, 0xf83b}, {0x1ff, 0x5, 0x7, 0xfff, 0x9}, {0x100, 0x4, 0x200, 0x9, 0x1, 0x9df}, {0x9, 0x1, 0x65, 0x9, 0x7}, {0x401, 0x10001, 0x9, 0x200, 0x9, 0x1}, {0x6, 0x10, 0xf, 0x2, 0x6, 0x3}, {0xf23, 0x3ff, 0x0, 0x9, 0xffffffff}, {0x80000000, 0x6, 0x0, 0x6, 0x6, 0xd}, {0x0, 0x81, 0xd, 0x8000, 0x3, 0x2}, {0x800, 0x9, 0x6, 0x3, 0x7, 0x8}, {0x7, 0x8, 0x7358, 0x7, 0x8, 0xffffffff}, {0x4d9, 0x45db8bad, 0xb3dd, 0x1, 0xbc, 0x7ff}, {0x7, 0x1, 0x3, 0x3, 0x3, 0x7a}, {0x5a1b, 0x1, 0x1, 0x7ff, 0x3, 0x4}, {0x3, 0x7, 0x4, 0x4, 0x1c716ddc, 0x8}, {0xffffffa5, 0x7, 0x0, 0x10, 0x3, 0x5}, {0x8219, 0x0, 0x2, 0x6, 0x3, 0x2}, {0x62, 0xf4, 0x5, 0x4, 0x4, 0x67}, {0x5, 0x4, 0x53, 0x8, 0xc0000000, 0x7}, {0x2, 0x5, 0x2, 0xffff, 0x2, 0x2}, {0x80000001, 0x94c, 0x6, 0xfffffe00, 0x5, 0x7b27}, {0x2, 0x6, 0x1000, 0x9, 0x9}, {0xa, 0x0, 0x9, 0x4, 0xe, 0x9}, {0xdf, 0x7fff, 0x8000, 0x81, 0xff, 0xfffffff8}, {0x2, 0x10000, 0x9, 0x2, 0x2}, {0x2, 0x6, 0x9, 0x1, 0x2, 0x40}, {0xfffffe00, 0x3, 0x74d2, 0x3, 0x80000001, 0x6}, {0xe3f6, 0x8, 0xfffffff7, 0x1, 0x6, 0xc}, {0x8, 0x9, 0x8e, 0x33, 0x10001, 0x22cb}, {0x2, 0x31f5, 0x7, 0x5, 0x7fffffff, 0x1}, {0x9, 0x10001, 0x4, 0x8, 0x7, 0x9}, {0xb, 0x1ff, 0xb, 0x3, 0x5, 0x80000001}, {0x7, 0x7, 0x69b, 0x3, 0x8, 0x339}, {0xee, 0x80000000, 0xfba6, 0x101, 0x5, 0xb}, {0x3, 0x458, 0x6, 0xf, 0x7, 0x8000}, {0x9, 0xfffffffa, 0x1000, 0x8, 0xb, 0xce5a}, {0x400, 0xffff, 0x3, 0xbcbb, 0x7, 0xb}, {0x0, 0xe000, 0xb, 0x8, 0x2, 0x1}, {0x1, 0x0, 0x2, 0x9, 0x0, 0x401}, {0xd, 0x1, 0x2, 0xf, 0x81, 0x5}, {0x6, 0xfff, 0x3, 0x5, 0x4, 0x3649}, {0x7, 0x2, 0x80000000, 0x9, 0x1630, 0x9e73}, {0xb, 0x1b6, 0xc4, 0x3, 0x4, 0xca}, {0x4, 0x5, 0x401, 0x4, 0xfffffff8, 0x40}, {0x8, 0x4594, 0x8, 0x4, 0x0, 0xffff}, {0x100, 0xfffffffb, 0x6, 0x0, 0x9, 0x6}, {0x3, 0xf7b, 0x3, 0x8, 0x6, 0x3}, {0x1, 0x5, 0x3, 0xab9, 0x7, 0x9}, {0xffffffff, 0x0, 0xfc, 0x7, 0x6, 0x10}, {0xf, 0x1, 0xa000000, 0x1, 0x101, 0x1f3}, {0x7ff, 0x9, 0xfffff001, 0x8001, 0x2, 0x2}, {0x4, 0xf, 0x6, 0x1, 0x9, 0xfffffff8}, {0x3, 0x3, 0x7, 0x9, 0x10, 0x1}, {0x5, 0x100, 0xffffffff, 0x963, 0x2, 0xc}, {0x6, 0x50, 0x6, 0xa, 0x0, 0x3}, {0x649, 0x2, 0x80000001, 0x8, 0x0, 0x1}, {0x8, 0xfff, 0x6, 0x80000001, 0x7fffffff, 0x3}, {0xa3, 0x81, 0x9fcb, 0x1, 0x8, 0x7fff}, {0x0, 0x2, 0x750c, 0x0, 0x1, 0xfffffffc}, {0x7ff, 0x7, 0x10000, 0x9, 0x4, 0x88}, {0x5, 0x10001, 0x7fff, 0x81, 0xfffffff4, 0x7}, {0x5, 0x7, 0x5, 0x4, 0x1ff}, {0x3, 0x0, 0x3ff, 0x7fffffff, 0x9, 0x7}, {0xdac, 0x1, 0x4, 0x80000001, 0x3, 0x8}, {0x7, 0xffffffff, 0x6, 0x8, 0x80000001, 0xa}, {0x2, 0x4, 0x4, 0x401, 0xe32}, {0x5, 0x7, 0x6, 0x8, 0x2, 0x2}, {0x10001, 0x5, 0x3, 0x4, 0x9, 0xfffffffa}, {0x2, 0x0, 0x3, 0x6, 0x800, 0x7}, {0x0, 0x0, 0x3, 0x8, 0x1, 0x3}, {0x3, 0x3, 0xffffffff, 0x3, 0x800, 0xde}, {0x5, 0x66, 0x41d0, 0x8001, 0x1, 0x3}, {0x6, 0x7, 0xfffffffc, 0x4, 0x3, 0x92c}, {0x4, 0xffff, 0x0, 0x101, 0x4, 0x1}, {0x9, 0xf667, 0x5, 0x3, 0x9, 0x4}, {0x1731, 0xa, 0x9960, 0x9, 0x1, 0x7}, {0xd, 0xfffffffa, 0x1, 0x3, 0x40, 0x2}, {0x1, 0x4, 0x80000000, 0x80000001, 0x2, 0x6}, {0x7, 0x2, 0xffffff3a, 0x4cf, 0x800, 0x6}, {0x8000, 0x6, 0x1, 0x0, 0x100, 0x80000000}, {0x3b, 0x5562334a, 0x2, 0x2, 0x6, 0x81}, {0x4, 0x96, 0x81, 0x0, 0x101, 0x7}, {0x4, 0xff, 0x9, 0x0, 0x81, 0x29}, {0xa, 0x5, 0x0, 0x9, 0xffffffff, 0xfb4}, {0x80000000, 0x2, 0xffff, 0x39b4, 0x1, 0x800}, {0x61, 0x2d, 0x6, 0x1fe4c5d2, 0x1, 0x3}, {0x1, 0xe2, 0x7ff, 0x7ff, 0x7f, 0x29d0}, {0x0, 0x4, 0xc, 0xd594, 0x9, 0x7}, {0x6, 0x0, 0x7, 0x9, 0x7, 0x9}, {0x80e9, 0x7, 0x9, 0x1, 0x1, 0x18000}, {0x400, 0x9, 0x0, 0x6f}, {0x2, 0x1, 0x6, 0x3, 0xfffff71b, 0xce}, {0x1, 0xff, 0xb, 0x4, 0x800, 0x1}, {0x6, 0x2, 0x8, 0xfff, 0x4, 0x7fff}, {0x0, 0x0, 0x7f, 0x401, 0x7, 0x7fff}, {0x7, 0xb, 0x10000, 0x1, 0x8000, 0xfffff830}, {0x3, 0x4, 0x2, 0x1, 0x6, 0x2b4}, {0x3cd2dbce, 0x929a, 0x9dc, 0x0, 0x8, 0xfffffffc}, {0x6, 0x0, 0xe61, 0xc5c3, 0x3, 0x1}, {0x7, 0x2, 0x197a, 0x7, 0x1, 0x8}, {0xff, 0x2c, 0xfffffc01, 0x1, 0x3, 0x100}, {0x0, 0x6, 0x10001, 0x40ce7, 0xec, 0x1000}, {0xffffffff, 0x6, 0xffffffff, 0x9, 0x2, 0x6}, {0xfa, 0x9, 0xbf1d, 0x9, 0x80, 0x5}, {0x1c91, 0x5f27, 0x1, 0x0, 0x6, 0xcf}, {0x37, 0x622, 0x2, 0x1, 0x7, 0x2}], [{0x5}, {0xccffbfc290ab3baa}, {}, {0x2}, {0x2}, {0x0, 0x1}, {0x3}, {0x4, 0x1}, {}, {0x1, 0x1}, {0x1}, {0x2}, {0x3}, {0x0, 0x1}, {0x5, 0x1}, {0x2}, {0x3, 0x1}, {0x1}, {0x1}, {0x1, 0x1}, {0x0, 0x1}, {0x1, 0x1}, {}, {0x2, 0x1}, {0x4}, {0x2}, {0x2, 0x1}, {0x2, 0x1}, {0x2, 0x1}, {}, {0x3}, {0x3, 0x1}, {0x5, 0x1}, {0x3, 0x1}, {0x1, 0x1}, {}, {0x5, 0x1}, {0x3}, {0x2}, {0x4}, {0x5}, {0x5, 0x1}, {0x2}, {0x1, 0x1}, {0x4}, {0x4, 0x1}, {0x4, 0x1}, {0x2}, {0x4, 0x1}, {0x2}, {0x1, 0x1}, {0x3, 0x1}, {0x0, 0x1}, {0x4, 0x1}, {0x4, 0x1}, {}, {0x2}, {0x4, 0x1}, {0x4, 0x1}, {0xed3229170eca159}, {0x2, 0x1}, {0x1}, {0x3}, {0x3, 0x1}, {}, {0x2, 0x1}, {0x1, 0x1}, {0x0, 0x1}, {0x1, 0x1}, {0x3, 0x1}, {0x3}, {0x4}, {0x3, 0x1}, {0x1}, {0x3}, {0x1, 0x1}, {0x2}, {0x5, 0x1}, {0x4}, {0x5, 0x1}, {0x2, 0x1}, {0x0, 0x1}, {0x3, 0x1}, {0x4}, {0x0, 0x1}, {0x5, 0x1}, {0x5, 0x1}, {0x5, 0x1}, {0x5}, {0x5}, {0x4, 0x1}, {0x4, 0x1}, {0x4}, {0x5}, {0x54e1b160e6ec45e8, 0x1}, {0x1}, {0x2}, {0x3, 0x1}, {0x3, 0x1}, {0x0, 0x1}, {}, {0x4, 0x1}, {0x4, 0x1}, {0x5}, {0x0, 0x1}, {0x3}, {0x0, 0x1}, {0x5}, {}, {0x2}, {0x5, 0x1}, {0x4}, {0x2}, {0x9baeccaf277094c4, 0x1}, {}, {0x2, 0x1}, {}, {}, {0x8f9fc2e2ef57f2f0}, {0x3, 0x1}, {0x2, 0x1}, {0x2}, {0x3}, {0x3}, {0x2, 0x1}, {0x2, 0x1}, {0x1}, {0x1}], 0x1}}]}, {0x4}, {0xc}, {0xc, 0x8, {0x2, 0x2}}}}]}]}}]}, 0xe84}, 0x1, 0x0, 0x0, 0x81}, 0x800)

8.815876815s ago: executing program 2 (id=1590):
r0 = socket$nl_route(0x10, 0x3, 0x0)
sendmsg$nl_route_sched(r0, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000000040)={&(0x7f00000000c0)=@newtaction={0x60, 0x30, 0x1, 0x0, 0x0, {}, [{0x4c, 0x1, [@m_ife={0x48, 0x1, 0x0, 0x0, {{0x8}, {0x20, 0x2, 0x0, 0x1, [@TCA_IFE_PARMS={0x1c, 0x1, {{}, 0xffff}}]}, {0x4}, {0xc}, {0xc}}}]}]}, 0x60}, 0x1, 0x0, 0x0, 0x24008800}, 0x0)
socketpair$unix(0x1, 0x1, 0x0, 0x0)
r1 = memfd_create(&(0x7f0000000300)='+\x8b\x8a\x16\x11O\xdd\xdfk(F\x99\xdf\x92\xd5>oJ\x02u\x9b\xafa\xac\x06\x9c&\xf5\xe3j\xfa\tcqM\xb8R\x86\xd9\xd2.\x9f\x12\xed\x10\f\xbd\x1a|\x8a\xbb\xda\xcfY\x98gU@\xf2M\xc0\xb5\xdf\x9a\x8d\xdb,n\xae\x0eT\x80\x8c\xfd\xd7\xb0\x94\x82t\x96\rKx\xc5\x9b\x8c\x87\x96\x8bc\xbc\xee\xcc\x9f\xe3F\x99V4\x8e;M\xa9\x823\xe3\xb3mG\x8f\xdb\xed\x1b\x05\xec\xfc\xd1\xb5\xfd\xec@\xdeU\xdd\xa4\xc1\xe4L)\x8e\xe5\x91\x8e\xd4\x89\xef\x95T\x05G\xac\xb8\xc1: )mh\xc7\xf1?\xbb\x13;\xad\x95\xd70\xb6\x0e\x7f\x84r\x0e\xbf\xc5\xf6\xd4\xdd\t\x14\x18\xf7\xefi\x93\x03\xd2\xf2\bK\"\xd2\xb5\xaa\xb8\xc8\xe0\xac\x99\xe8su\xcd\xc3E\x12\xd7\xdd\x96!\x16Tu\xe3\xf0\x84#R\xd9\xe3~Wj\xb0r\x87\'\xea\a\xcfOeK\x9daW\xf4\x87@\x9c\xf3\xf1K\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x91\xe6\xdb\xc2\xa5h\'\xdfIn\x97\x0263~\xeb\xbe(i\n\xc2k4\x7f\x12\xa9e`SOs\x8c\xb4\xe7FeQ\xc6$\x92j_U\xfa\b\xea\xb0bYkW\xc0\x05\aC{\xcc\x03T\x17\xa5Sk\x87P\xc2\x97D\xb2\xfa\x1b\x9fe\xf4\x10\x1a\xad\x92\xce\x88\x1b\xbc\xe14\x19\xaa\xd3\r\xf4\xa2\xc3\x9e=\xa0 \xe6j\xe5\x85\xf8\x97\x03\x15\xaa\x920\xdcrI\xd8\b\xfb\xc7\xe7xX\x00>d\xbb\xa71\xad\x9a\xfb\xe6\x13\x87\x93\\\xe5W-\xfc\xfd\xb8O\xb9j\xb8\xf2\x9dx\xb2\x86\xad\x92', 0x3)
write$binfmt_elf64(r1, &(0x7f0000000180)=ANY=[], 0x78)
sendfile(0xffffffffffffffff, r1, &(0x7f00000001c0), 0x8)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
prlimit64(0x0, 0xe, &(0x7f0000000380)={0x8, 0x100008b}, 0x0)
sched_setscheduler(0x0, 0x1, &(0x7f0000000240)=0x7)
openat$sequencer(0xffffffffffffff9c, &(0x7f0000000300), 0x0, 0x0)
syz_open_dev$radio(0x0, 0x3, 0x2)
socket$kcm(0x29, 0x2, 0x0)
sendmsg$nl_route(0xffffffffffffffff, 0x0, 0x0)
r2 = syz_open_dev$sndmidi(&(0x7f00000004c0), 0x2, 0x141102)
writev(r2, &(0x7f0000000840)=[{&(0x7f00000002c0)="94", 0xf000}, {0x0}], 0x2)
ioctl$IOMMU_IOAS_ALLOC(0xffffffffffffffff, 0x3b81, 0x0)
r3 = socket$nl_netfilter(0x10, 0x3, 0xc)
sendmsg$IPSET_CMD_CREATE(r3, &(0x7f0000000680)={0x0, 0x0, &(0x7f0000000600)={0x0, 0x70}, 0x1, 0x0, 0x0, 0x64041091}, 0x0)
fcntl$addseals(r1, 0x409, 0x8)
ioctl$UFFDIO_WRITEPROTECT(0xffffffffffffffff, 0xc018aa06, 0x0)
sendmsg$nl_route(0xffffffffffffffff, &(0x7f0000000580)={0x0, 0x0, &(0x7f0000000540)={&(0x7f0000000280)=ANY=[@ANYBLOB="20000000100010002d0100000000000100000000", @ANYRES32=0x0, @ANYBLOB="fff0000008030000"], 0x20}, 0x1, 0x0, 0x0, 0x20081}, 0x0)
ioctl$KVM_CAP_HALT_POLL(0xffffffffffffffff, 0x4068aea3, &(0x7f0000000740)={0xb6, 0x0, 0x401})
r4 = socket$nl_route(0x10, 0x3, 0x0)
ioctl$ifreq_SIOCGIFINDEX_batadv_mesh(r4, 0x8933, &(0x7f0000000000))
ioctl$KVM_SET_SREGS(0xffffffffffffffff, 0x4138ae84, &(0x7f00000001c0)={{0xeeee8000, 0x2000, 0x3, 0x4, 0x5, 0xba, 0xd4, 0xd4, 0x0, 0x4, 0x7, 0x4f}, {0xdddd1000, 0x2, 0xd, 0x9, 0x8, 0x3, 0x6, 0xb, 0x5, 0xf, 0x23, 0xc0}, {0xffff1000, 0xdddd1000, 0xb, 0x4f, 0x2, 0x7, 0x19, 0x1, 0x81, 0x0, 0x3f, 0x5}, {0x8000000, 0x2000, 0x8, 0x5, 0x3, 0x46, 0x2, 0xc, 0x6, 0x6, 0x8, 0x5}, {0x100000, 0x4000, 0x9, 0x9, 0x3, 0x9, 0xd, 0x6, 0x0, 0xb, 0xc, 0x4b}, {0xeeef0000, 0x0, 0x4, 0x6, 0x3, 0x7d, 0x1, 0xff, 0x4, 0x90, 0x9, 0xfc}, {0x60000, 0x4000, 0x0, 0x8, 0x3, 0x0, 0x0, 0xb, 0x5, 0x7, 0x9, 0xf8}, {0xf7f63004, 0x8000000, 0xf, 0x5, 0x28, 0x3, 0xa, 0x9, 0x54, 0x1, 0x4, 0x7}, {0xdddd1000, 0x5}, {0xdddd0000, 0x9}, 0x40010000, 0x0, 0x80a0000, 0x300, 0x1, 0x2000, 0xffffffff, [0x3, 0x401, 0x7, 0xc5]})
r5 = socket$netlink(0x10, 0x3, 0x0)
sendmsg$nl_route(0xffffffffffffffff, &(0x7f00000002c0)={0x0, 0x0, &(0x7f0000000280)={&(0x7f0000000240)=ANY=[@ANYBLOB="200000006a0083"], 0x20}}, 0x0)
sendmmsg(r5, &(0x7f00000002c0), 0x40000000000009f, 0x0)
sendmsg$nl_route(r4, 0x0, 0x80)
socket$netlink(0x10, 0x3, 0x1)

7.897187393s ago: executing program 2 (id=1591):
sendto$inet(0xffffffffffffffff, &(0x7f000001b000)="2689968d54db21a45f27e53c0887edd6113939dc5a2fb40c521cff", 0x1b, 0x4000000, 0x0, 0x0)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x1, 0x0)
r0 = syz_open_dev$dmmidi(&(0x7f00000001c0), 0x8, 0x0)
ioctl$BTRFS_IOC_SET_FEATURES(r0, 0x40309439, &(0x7f0000000600)={0x2, 0x1, 0x3})
sendmsg$nl_route_sched(0xffffffffffffffff, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000000040)={&(0x7f00000000c0)=@newtaction={0xa4, 0x30, 0x1, 0x0, 0x0, {}, [{0x90, 0x1, [@m_ct={0x44, 0x22, 0x0, 0x0, {{0x7}, {0x1c, 0x2, 0x0, 0x1, [@TCA_CT_PARMS={0x18, 0x1, {0xe4b, 0x11e41e7a, 0x20000000, 0x3, 0xf}}]}, {0x4}, {0xc, 0x7, {0x0, 0x1}}, {0xfffffffffffffea1, 0x8, {0x0, 0x1}}}}, @m_ife={0x48, 0x1, 0x0, 0x0, {{0x8}, {0x20, 0x2, 0x0, 0x1, [@TCA_IFE_PARMS={0x1c, 0x1, {{0x0, 0x9}, 0x80}}]}, {0x4}, {0xc}, {0xc, 0x8, {0x2, 0x2}}}}]}]}, 0xa4}, 0x1, 0x0, 0x0, 0x804}, 0x0)
bpf$BPF_BTF_LOAD(0x12, &(0x7f0000000300)={&(0x7f0000000440)={{0xeb9f, 0x1, 0x0, 0x18, 0x0, 0x7c, 0x7c, 0x2, [@var, @func_proto={0x0, 0x6, 0x0, 0xd, 0x0, [{}, {}, {}, {}, {}, {}]}, @func, @volatile, @volatile, @volatile={0x0, 0x0, 0x0, 0x9, 0x2}]}}, 0x0, 0x96}, 0x20)
r1 = bpf$BPF_BTF_LOAD(0x12, 0x0, 0x0)
bpf$PROG_LOAD_XDP(0x5, &(0x7f0000000500)={0x6, 0x3, &(0x7f0000000200)=@framed, &(0x7f0000000280)='GPL\x00', 0x5, 0xe2, &(0x7f00000002c0)=""/226, 0x0, 0x0, '\x00', 0x0, 0x25, r1, 0x8, 0x0, 0x0, 0x10, &(0x7f00000004c0), 0x2, 0x0, 0x0, 0x2, 0x0, 0x0, 0x11}, 0x8f)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000380)=0x34)
r2 = getpid()
sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x10000000000002)
arch_prctl$ARCH_SET_CPUID(0x1012, 0x0)
arch_prctl$ARCH_SET_CPUID(0x1012, 0x1)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeef, 0x8031, 0xffffffffffffffff, 0x0)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={<r3=>0xffffffffffffffff, <r4=>0xffffffffffffffff})
connect$unix(r3, &(0x7f000057eff8)=@file={0x0, './file0\x00'}, 0x6e)
r5 = socket$inet_sctp(0x2, 0x1, 0x84)
getsockopt$inet_sctp_SCTP_STREAM_SCHEDULER(0xffffffffffffffff, 0x84, 0x7b, &(0x7f0000000280)={<r6=>0x0, 0x2}, &(0x7f0000000300)=0x8)
sendmsg$inet_sctp(r5, &(0x7f0000000580)={&(0x7f0000000180)=@in6={0xa, 0x4e22, 0x7, @loopback, 0x11001}, 0x1c, &(0x7f00000005c0)=[{&(0x7f00000003c0)="84705c259da858d740c2c0501edf2b7b0ec67fa6aba8213c7e102e82a06b05025144f87bce4f6bffe92f3c6159edfcee017fccd80a05a8282498b2e1f216fc52d64c321560098a868b569e5f9a7d531803f0d8e3987a6f962882dc85bc380f6cffbd1263dd281d1ff3277ad962459cb2f5c37d6b3ed60bdb1caff5c339fab95e518a645df28775c95780b3c707ce25ad82b1dafa65b4ac16b55924f16006e877a7c64a3d345e555d89f88649c09ad8eab919353632bdfca45f1bc413c952f1b3239ca00164ffc9f9c3efe7c029f1ede35c5d7be0806927b65e89970f11bc7ae2e30d0a48bb933115189d4615ab27eff142414df609d38c22", 0xf8}, {&(0x7f00000004c0)="2cc2f7ceb906f80c2ab80aa2a3d6edce9e64d6c9c124890a9de424105613dd20df12e0e45c1a2a84ca7f43e724f996835e0fb940800235492b9ed19974da917a4a21a0d88f9cd4cbf7ff027684343acf62f5743c80318fdc223b0270449e85d79090ec1507233b11b07c36a2129b98476a323abf639ea78717ce7d3d2dfa12b1fc002c000589fda9af072351a29a2e1243f747085882fe67adaa3f9f59bd87e0ca464096f538055c2db3006d45165bd805178728bf", 0xb5}], 0x2, &(0x7f0000000340)=[@sndrcv={0x2c, 0x84, 0x1, {0x0, 0xe06, 0x8008, 0x401, 0x1, 0x3, 0x2, 0x800, r6}}], 0x2c, 0x40}, 0x4044814)
sendmmsg$unix(r4, &(0x7f0000000000), 0x400000000000041, 0x0)
sched_setaffinity(r2, 0x8, &(0x7f0000000240)=0x2)
socket$inet6_tcp(0xa, 0x1, 0x0)
openat$vicodec1(0xffffffffffffff9c, 0x0, 0x2, 0x0)
mkdirat(0xffffffffffffff9c, &(0x7f0000002000)='./file0\x00', 0x0)
mount$binder(0x0, &(0x7f0000000040)='./file0\x00', &(0x7f0000000080), 0x1000810, &(0x7f0000000000)={[{@stats}]})
chroot(0x0)
umount2(&(0x7f0000000000)='./file0\x00', 0x0)
syz_open_procfs$namespace(0xffffffffffffffff, &(0x7f0000000100)='ns/net\x00')

7.507295185s ago: executing program 0 (id=1592):
openat$binderfs(0xffffffffffffff9c, &(0x7f0000000380)='./binderfs/binder0\x00', 0x801, 0x0)
openat$ptmx(0xffffffffffffff9c, &(0x7f00000000c0), 0x0, 0x0)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
prlimit64(0x0, 0xe, &(0x7f0000000380)={0x8, 0x100008b}, 0x0)
sched_setscheduler(0x0, 0x1, &(0x7f0000000200)=0x5)
openat$sequencer(0xffffffffffffff9c, &(0x7f0000000480), 0x129540, 0x0)
r0 = syz_open_dev$sndmidi(&(0x7f00000004c0), 0x2, 0x141102)
writev(r0, &(0x7f0000000840)=[{&(0x7f00000002c0)="94", 0xf000}, {0x0}], 0x2)
syz_open_dev$dri(&(0x7f00000000c0), 0x1ff, 0x0)
syz_init_net_socket$nfc_llcp(0x27, 0x3, 0x1)
r1 = creat(&(0x7f00000002c0)='./file0\x00', 0x0)
r2 = open$dir(&(0x7f0000000080)='./file1\x00', 0x0, 0x0)
mmap$xdp(&(0x7f0000ffc000/0x4000)=nil, 0x4000, 0x0, 0x12, r2, 0x0)
r3 = socket$nl_generic(0x10, 0x3, 0x10)
r4 = syz_genetlink_get_family_id$nl80211(&(0x7f0000000040), 0xffffffffffffffff)
ioctl$sock_SIOCGIFINDEX_80211(0xffffffffffffffff, 0x8933, &(0x7f0000000080)={'wlan0\x00', <r5=>0x0})
sendmsg$NL80211_CMD_SET_TX_BITRATE_MASK(r3, &(0x7f0000000100)={0x0, 0x0, &(0x7f00000000c0)={&(0x7f0000000640)={0x40, r4, 0x1, 0xffffffff, 0x0, {{}, {@val={0x8, 0x3, r5}, @void}}, [@NL80211_ATTR_TX_RATES={0x24, 0x5a, 0x0, 0x1, [@NL80211_BAND_5GHZ={0x20, 0x1, 0x0, 0x1, [@NL80211_TXRATE_VHT={0x14, 0x3, {[0x0, 0x0, 0x0, 0x8, 0x1]}}, @NL80211_TXRATE_HT={0x4}, @NL80211_TXRATE_LEGACY={0x4}]}]}]}, 0x40}}, 0x0)
write$qrtrtun(r1, &(0x7f0000000400)="0b8ca3756ea769f253", 0x9)
r6 = bpf$PROG_LOAD(0x5, &(0x7f0000000040)={0x2, 0x4, &(0x7f0000000200)=ANY=[@ANYBLOB="180000000300000000000000fe020010850000000700000095"], &(0x7f0000000000)='GPL\x00', 0x0, 0x0, 0x0, 0x100, 0x70, '\x00', 0x0, @fallback=0x30, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
bpf$BPF_LINK_CREATE_XDP(0x1c, &(0x7f00000003c0)={r6, 0x0, 0x30, 0x0, @val=@uprobe_multi={&(0x7f0000000280)='./file0\x00', &(0x7f0000000300)=[0x7], 0x0, 0x0, 0x1}}, 0x40)
r7 = openat$dma_heap(0xffffffffffffff9c, &(0x7f0000003400), 0x42300, 0x0)
ioctl$VHOST_SET_FEATURES(r7, 0x4008af00, &(0x7f0000003b40)=0x4000000)
close(0x4)
r8 = socket$nl_generic(0x10, 0x3, 0x10)
sendmsg$nl_generic(r8, &(0x7f0000000100)={0x0, 0x0, &(0x7f0000000040)={&(0x7f0000000140)={0x14, 0x2e, 0x9, 0x70bd27, 0x0, {0x4}}, 0x14}, 0x1, 0x0, 0x0, 0x42804}, 0x0)
r9 = syz_init_net_socket$nl_generic(0x10, 0x3, 0x10)
sendmsg$NL802154_CMD_DEL_SEC_DEVKEY(r9, &(0x7f00000002c0)={0x0, 0x0, &(0x7f0000000380)={&(0x7f0000000100)=ANY=[], 0x54}, 0x1, 0x0, 0x0, 0x40c4}, 0x20040840)
ioctl$IOCTL_GET_NCIDEV_IDX(0xffffffffffffffff, 0x0, &(0x7f0000000140))

7.067571225s ago: executing program 1 (id=1593):
syz_genetlink_get_family_id$netlbl_unlabel(&(0x7f0000000040), 0xffffffffffffffff)
sendmsg$nl_route_sched(0xffffffffffffffff, &(0x7f0000000180)={0x0, 0x0, &(0x7f0000000040)={&(0x7f00000000c0)=@newtaction={0xa4, 0x30, 0x1, 0x0, 0x0, {}, [{0x90, 0x1, [@m_ct={0x44, 0x1a, 0x0, 0x0, {{0x7}, {0x1c, 0x2, 0x0, 0x1, [@TCA_CT_PARMS={0x18, 0x1, {0x9d, 0x11e41e76, 0x20000000, 0x0, 0xf}}]}, {0x4}, {0xc, 0x7, {0x0, 0x1}}, {0xc, 0x8, {0x0, 0x1}}}}, @m_ife={0x48, 0x1, 0x0, 0x0, {{0x8}, {0x20, 0x2, 0x0, 0x1, [@TCA_IFE_PARMS={0x1c, 0x1, {{0x0, 0x0, 0x0, 0xc}}}]}, {0x4}, {0xc}, {0xc}}}]}]}, 0xa4}, 0x1, 0x0, 0x0, 0x880}, 0x0)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0)
sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x7)
r0 = getpid()
sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2)
sched_setscheduler(r0, 0x2, &(0x7f0000000200)=0x6)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeef, 0x8031, 0xffffffffffffffff, 0x0)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={<r1=>0xffffffffffffffff, <r2=>0xffffffffffffffff})
connect$unix(r1, &(0x7f000057eff8)=@file={0x0, './file0\x00'}, 0x6e)
sendmmsg$unix(r2, &(0x7f0000000000), 0x400000000000041, 0x0)
sched_setaffinity(r0, 0x8, &(0x7f0000000240)=0x2)
recvmmsg(r1, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
r3 = openat$sndseq(0xffffffffffffff9c, &(0x7f00000000c0), 0xe2981)
mknodat$null(0xffffffffffffff9c, 0x0, 0x0, 0x103)
inotify_init1(0xc00)
bpf$BPF_MAP_CONST_STR_FREEZE(0x16, &(0x7f00000004c0)={0x1}, 0x4)
r4 = socket$inet_icmp(0x2, 0x2, 0x1)
setsockopt$inet_icmp_ICMP_FILTER(r4, 0x1, 0x1, &(0x7f0000001bc0), 0x4)
bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000340)={0x11, 0x2a, 0x0, 0x0, 0x0, 0x0, 0x0, 0x41100, 0x2}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, 0x0, 0x0)
r5 = socket$nl_netfilter(0x10, 0x3, 0xc)
sendmsg$NFT_BATCH(r5, 0x0, 0x0)
ioctl$SNDRV_SEQ_IOCTL_CREATE_QUEUE(r3, 0xc08c5332, &(0x7f00000001c0)={0x6, 0x17, 0x0, 'queue0\x00', 0x80000})
socket$nl_netfilter(0x10, 0x3, 0xc)
write$sndseq(r3, &(0x7f0000000000)=[{0x84, 0x77, 0x0, 0x0, @tick=0x1f, {}, {}, @raw32={[0x2600, 0x0, 0x2000]}}], 0xffc8)

6.21719967s ago: executing program 3 (id=1594):
r0 = syz_open_dev$vim2m(0x0, 0x0, 0x2)
ioctl$vim2m_VIDIOC_EXPBUF(r0, 0xc0405610, &(0x7f0000000100)={0x2, 0x6, 0x1, 0x880})
r1 = openat$uinput(0xffffffffffffff9c, &(0x7f0000000040), 0x802, 0x0)
write$uinput_user_dev(r1, &(0x7f0000000840)={'syz1\x00', {0x3bb, 0x10, 0x5, 0x5}, 0xe, [0xf, 0x0, 0x6, 0x0, 0x4, 0x7, 0x3, 0x10001, 0x7, 0xcf, 0x14, 0x8d, 0x2, 0x9, 0xff, 0x7f, 0x7, 0x0, 0x9, 0x2, 0x4, 0x7, 0xfffffffe, 0x3, 0x497d, 0x3, 0xe5be, 0xd, 0x200, 0xffffffff, 0x1, 0xab, 0xe9, 0x7ff, 0x0, 0x21f3, 0xfffffffd, 0xf688, 0x8, 0x1, 0xff, 0x8, 0x430, 0x7, 0x5ced2a4a, 0x4, 0x3, 0x9, 0x101, 0x1, 0x2, 0x5, 0xcfc7, 0x6, 0x6, 0x80000000, 0x4, 0x401, 0x2, 0x9, 0x4, 0x800, 0x6, 0x8], [0x3, 0x2, 0xffffffff, 0x3f7a, 0x0, 0x1, 0x2, 0x5738, 0xb, 0xffd, 0xc, 0x3, 0x26, 0x9, 0xe, 0x8, 0x6, 0x2, 0x6, 0x818, 0x3, 0x4, 0x7fffffff, 0x2, 0xffffff00, 0x0, 0x7, 0x1, 0x7, 0x0, 0x10, 0x6, 0x5, 0x4, 0x40000004, 0xfffffff1, 0x6, 0x1000, 0x80000001, 0x2, 0x16, 0x1220, 0x1, 0x8, 0x5, 0x759b, 0x80, 0x7, 0x7, 0x5, 0xfff, 0xa1de, 0x7, 0x0, 0x7, 0x1, 0x4, 0xff, 0x6, 0x3, 0xe74, 0x5, 0x7579, 0x2], [0x2, 0x2, 0x8, 0x8, 0x1, 0x1, 0x7f, 0x0, 0x5, 0x4, 0x5, 0x5, 0x6, 0x0, 0xff, 0x5, 0x2, 0x8000, 0x1, 0x6, 0x4, 0x6, 0x4, 0x8, 0x1000, 0x100, 0x8001, 0x8, 0xfffff646, 0xd5c3, 0x9, 0x9, 0x80000000, 0x9, 0xd, 0xffffff96, 0xa1, 0x7, 0x7, 0xa, 0x9, 0x3, 0xfffffffa, 0x6, 0xf3, 0xff, 0x6, 0x16d, 0x3, 0x7, 0xa0aa, 0xffff71a5, 0x9, 0x5207, 0x7ff, 0xffff, 0xf9e, 0xb, 0x4, 0x1, 0x20007, 0x4, 0x80000001, 0x4], [0x9, 0x10001, 0x5, 0x0, 0x6, 0x8, 0xf, 0x1000, 0x8, 0x5d0, 0x3, 0x6, 0x1, 0xa89, 0x4, 0x0, 0x9, 0xdce, 0x7ffffffe, 0x9, 0x8, 0x1, 0x536, 0x9, 0x0, 0x9, 0xfffffffb, 0x9, 0xea59, 0x101, 0x100005, 0x7, 0x0, 0x4, 0xa, 0xfa7, 0xd6, 0x2, 0x7, 0xffff, 0x8, 0x8000, 0xffff, 0x0, 0x2080, 0xffdff330, 0x8, 0x8, 0x754d, 0x4, 0x3, 0x2, 0x400, 0x3, 0x3, 0x3ff, 0xff, 0xfffffff9, 0x0, 0x0, 0x5, 0xfffffff8, 0x6, 0x80000]}, 0x45c)
socket$nl_netfilter(0x10, 0x3, 0xc)
ioctl$vim2m_VIDIOC_S_FMT(r0, 0xc0d05605, &(0x7f0000000140)={0x3, @vbi={0x3, 0x2, 0xc76, 0x49433553, [0x3, 0x400], [0xfffffffe, 0x2], 0x13a}})
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x2, 0x8b}, 0x0)
sched_setscheduler(0x0, 0x1, &(0x7f0000000180)=0x4)
sched_setaffinity(0x0, 0x8, &(0x7f0000000100)=0x40000002)
r2 = syz_open_dev$MSR(&(0x7f00000001c0), 0x0, 0x0)
sendmsg$IPSET_CMD_DESTROY(0xffffffffffffffff, &(0x7f0000000500)={0x0, 0x0, &(0x7f0000000040)={&(0x7f00000000c0)=ANY=[@ANYRES64], 0x28}, 0x1, 0x0, 0x0, 0x1}, 0x0)
read$msr(r2, &(0x7f0000019540)=""/102392, 0x18ff8)
bpf$BPF_PROG_TEST_RUN(0xa, &(0x7f00000002c0)={0xffffffffffffffff, 0x0, 0x97, 0x0, &(0x7f0000000340)="cbb4415213c9173f632e12c7b56bd7ece4e9f881ec131ea3e49b06c4352eb1ae0443d4a124b9af53135c751fa7ebc63dd6e5df2c31945a29f7631028039de7d23b87971c38d9b21911d10fe99426aef5f930d4ef5a751677dc04559f21d9f1b1dd77342b9eedc764c8a4e444e76c6f0ca009d97e53f8ebd38c0d2e5f94d266ecfa93d52f4481ac8ed270d66ed4c48f97cb1f7862f2e9ac", 0x0, 0xe160, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2}, 0x4c)
writev(0xffffffffffffffff, 0x0, 0x0)
socket$nl_route(0x10, 0x3, 0x0)
socket$inet_udplite(0x2, 0x2, 0x88)
prctl$PR_SET_SECUREBITS(0x1c, 0x1d)
syz_open_dev$usbfs(&(0x7f0000000480), 0xd, 0x141341)
r3 = epoll_create1(0x0)
r4 = epoll_create1(0x0)
epoll_ctl$EPOLL_CTL_ADD(r3, 0x1, r4, &(0x7f0000000100)={0xa000000d})
epoll_ctl$EPOLL_CTL_ADD(r3, 0x1, 0xffffffffffffffff, &(0x7f0000000400)={0x10})
bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, 0x0, 0x0)
r5 = socket(0x1a, 0x6, 0x4)
syz_80211_inject_frame(&(0x7f0000000300)=@device_b, 0x0, 0x5a)
r6 = socket$kcm(0x10, 0x2, 0x0)
sendmsg$kcm(r6, &(0x7f0000000600)={0x0, 0xc, &(0x7f0000000000)=[{&(0x7f0000000080)="2e00000010008188e6b62aa73772cc9f1ba1f848480000005e140602000000000e000a000f000000028000001294", 0x2e}], 0x1}, 0x0)
connect$inet6(r5, 0x0, 0x0)
sendmsg$nl_route(r5, 0x0, 0x0)

6.216269766s ago: executing program 0 (id=1595):
r0 = openat$binderfs(0xffffffffffffff9c, &(0x7f00000000c0)='./binderfs/binder0\x00', 0x0, 0x0)
ioctl$BINDER_SET_CONTEXT_MGR_EXT(r0, 0x4018620d, &(0x7f0000000100)) (async)
r1 = openat$binderfs(0xffffffffffffff9c, &(0x7f0000000140)='./binderfs/binder0\x00', 0x802, 0x0)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000380))
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0) (async)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0) (async)
sched_setscheduler(0x0, 0x2, &(0x7f0000000100)=0x5) (async)
ioctl$FBIOBLANK(0xffffffffffffffff, 0x4611, 0x1) (async)
sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2)
r2 = openat$binderfs(0xffffffffffffff9c, 0x0, 0x2, 0x0) (async)
r3 = syz_open_dev$MSR(&(0x7f00000007c0), 0x0, 0x0)
read$msr(r3, &(0x7f0000019680)=""/102392, 0x18ff8) (async)
mount(&(0x7f0000000040)=@nullb, &(0x7f0000000080)='.\x00', &(0x7f0000000000)='ntfs3\x00', 0x1000080, 0x0) (async)
socketpair$unix(0x1, 0x4, 0x0, &(0x7f0000000180)={<r4=>0xffffffffffffffff})
prctl$PR_MCE_KILL(0x4e, 0x1, 0x4000)
prctl$PR_MCE_KILL(0x4e, 0x1, 0x4000) (async)
r5 = socket$nl_generic(0x10, 0x3, 0x10)
syz_genetlink_get_family_id$nl80211(&(0x7f0000000200), r5)
sendmsg$NL80211_CMD_STOP_P2P_DEVICE(r5, &(0x7f0000000280)={0x0, 0x0, &(0x7f0000000240)={&(0x7f00000006c0)=ANY=[@ANYRES64, @ANYRES16=r4, @ANYBLOB="010026bd7000ffdbdf255a00000008000300", @ANYRESHEX=r2], 0x1c}, 0x1, 0x0, 0x0, 0x4000}, 0x8000) (async)
setrlimit(0xe, &(0x7f00000001c0)={0x8, 0x2}) (async)
dup3(r1, r0, 0x0) (async)
r6 = openat$binderfs(0xffffffffffffff9c, &(0x7f0000000040)='./binderfs/binder1\x00', 0x0, 0x0)
mmap$binder(&(0x7f0000ffd000/0x3000)=nil, 0x3000, 0x1, 0x11, r6, 0x9)
ioperm(0x0, 0x83, 0x1f) (async)
gettid() (async)
r7 = add_key$fscrypt_v1(&(0x7f0000000040), &(0x7f00000000c0)={'fscrypt:', @desc4}, &(0x7f0000000100)={0x0, "ae8726ab5188a0f5067e3bd54759496126c86baf237e45829712ce015304b94835019543b83b67ddd04d71425cd7e91c2002d71e8c58555fea7b2b3e9571a19f", 0x23}, 0x48, 0xfffffffffffffffd)
keyctl$clear(0x7, r7)
timer_settime(0x0, 0x1, &(0x7f0000000340)={{0x0, 0x989680}, {0x0, 0x989680}}, 0x0)
r8 = openat$rtc(0xffffffffffffff9c, &(0x7f0000000100), 0x40200, 0x0)
preadv2(r8, &(0x7f0000000180), 0x0, 0x0, 0x805, 0x1)

6.126834802s ago: executing program 1 (id=1596):
openat$rfkill(0xffffffffffffff9c, &(0x7f0000000400), 0x101800, 0x0)
open$dir(&(0x7f0000000000)='./file0\x00', 0x842c2, 0x121)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x1, 0x0)
r0 = openat$uinput(0xffffffffffffff9c, &(0x7f0000000000), 0x2, 0x0)
ioctl$UI_ABS_SETUP(r0, 0x401c5504, &(0x7f0000000040)={0xd53e, {0x1, 0x4, 0x1, 0x8004, 0x407, 0x52}})
sendmsg$nl_route_sched(0xffffffffffffffff, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000000040)={&(0x7f00000000c0)=@newtaction={0x8c, 0x30, 0x1, 0x0, 0x0, {}, [{0x78, 0x1, [@m_ct={0x2c, 0x2, 0x0, 0x0, {{0x7}, {0x4}, {0x4}, {0xc, 0x7, {0x0, 0x1}}, {0xc, 0x8, {0x0, 0x1}}}}, @m_ife={0x48, 0x1, 0x0, 0x0, {{0x8}, {0x20, 0x2, 0x0, 0x1, [@TCA_IFE_PARMS={0x1c, 0x1, {{0x0, 0x0, 0x0, 0x7fffffff}}}]}, {0x4}, {0xc}, {0xc, 0x8, {0x0, 0x2}}}}]}]}, 0x8c}, 0x1, 0x0, 0x0, 0x804}, 0x40000)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000380)=0x34)
r1 = getpid()
sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x10000000000002)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeef, 0x8031, 0xffffffffffffffff, 0x0)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={<r2=>0xffffffffffffffff, <r3=>0xffffffffffffffff})
connect$unix(r2, &(0x7f000057eff8)=@file={0x0, './file0\x00'}, 0x6e)
sendmmsg$unix(r3, &(0x7f0000000000), 0x400000000000041, 0x0)
sched_setaffinity(r1, 0x8, &(0x7f0000000240)=0x2)
recvmmsg(r2, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
syz_usbip_server_init(0x6)
r4 = syz_open_procfs(0xffffffffffffffff, &(0x7f0000000000)='mountinfo\x00')
r5 = openat$dir(0xffffffffffffff9c, &(0x7f00000000c0)='./cgroup\x00', 0x40, 0x0)
close(0x3)
open_by_handle_at(r5, &(0x7f0000000000)=ANY=[@ANYBLOB="1000000002000062320000000000000009ffff0000000000"], 0x0)
read$FUSE(r4, &(0x7f0000006500)={0x2020}, 0x2020)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000180)={&(0x7f00000001c0)='sched_switch\x00', 0xffffffffffffffff, 0x0, 0x1}, 0x18)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000100)={&(0x7f00000000c0)='rpc_buf_alloc\x00', 0xffffffffffffffff, 0x0, 0x1}, 0x18)
rseq(0x0, 0x0, 0x0, 0x0)
mq_getsetattr(0xffffffffffffffff, &(0x7f0000000040)={0x0, 0x40, 0x4, 0xffff}, 0x0)
shmat(0x0, &(0x7f0000000000/0x4000)=nil, 0xffffffffffffdfff)
r6 = openat$ptmx(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0)
ioctl$TIOCSETD(r6, 0x5423, &(0x7f0000000080)=0xf)
ioctl$TCFLSH(r6, 0x400455c8, 0x4)

5.807370501s ago: executing program 2 (id=1597):
openat$binderfs(0xffffffffffffff9c, &(0x7f0000000380)='./binderfs/binder0\x00', 0x801, 0x0)
openat$ptmx(0xffffffffffffff9c, &(0x7f00000000c0), 0x0, 0x0)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
prlimit64(0x0, 0xe, &(0x7f0000000380)={0x8, 0x100008b}, 0x0)
sched_setscheduler(0x0, 0x1, &(0x7f0000000200)=0x5)
openat$sequencer(0xffffffffffffff9c, &(0x7f0000000480), 0x129540, 0x0)
r0 = syz_open_dev$sndmidi(&(0x7f00000004c0), 0x2, 0x141102)
writev(r0, &(0x7f0000000840)=[{&(0x7f00000002c0)="94", 0xf000}, {0x0}], 0x2)
syz_open_dev$dri(&(0x7f00000000c0), 0x1ff, 0x0)
syz_init_net_socket$nfc_llcp(0x27, 0x3, 0x1)
r1 = open$dir(&(0x7f0000000080)='./file1\x00', 0x0, 0x0)
mmap$xdp(&(0x7f0000ffc000/0x4000)=nil, 0x4000, 0x0, 0x12, r1, 0x0)
r2 = socket$unix(0x1, 0x5, 0x0)
r3 = socket$nl_generic(0x10, 0x3, 0x10)
r4 = syz_genetlink_get_family_id$nl80211(&(0x7f0000000040), 0xffffffffffffffff)
ioctl$sock_SIOCGIFINDEX_80211(r2, 0x8933, &(0x7f0000000080)={'wlan0\x00', <r5=>0x0})
sendmsg$NL80211_CMD_SET_TX_BITRATE_MASK(r3, &(0x7f0000000100)={0x0, 0x0, &(0x7f00000000c0)={&(0x7f0000000640)={0x40, r4, 0x1, 0xffffffff, 0x0, {{}, {@val={0x8, 0x3, r5}, @void}}, [@NL80211_ATTR_TX_RATES={0x24, 0x5a, 0x0, 0x1, [@NL80211_BAND_5GHZ={0x20, 0x1, 0x0, 0x1, [@NL80211_TXRATE_VHT={0x14, 0x3, {[0x0, 0x0, 0x0, 0x8, 0x1]}}, @NL80211_TXRATE_HT={0x4}, @NL80211_TXRATE_LEGACY={0x4}]}]}]}, 0x40}}, 0x0)
write$qrtrtun(0xffffffffffffffff, &(0x7f0000000400)="0b8ca3756ea769f253", 0x9)
r6 = bpf$PROG_LOAD(0x5, &(0x7f0000000040)={0x2, 0x4, &(0x7f0000000200)=ANY=[@ANYBLOB="180000000300000000000000fe020010850000000700000095"], &(0x7f0000000000)='GPL\x00', 0x0, 0x0, 0x0, 0x100, 0x70, '\x00', 0x0, @fallback=0x30, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
bpf$BPF_LINK_CREATE_XDP(0x1c, &(0x7f00000003c0)={r6, 0x0, 0x30, 0x0, @val=@uprobe_multi={&(0x7f0000000280)='./file0\x00', &(0x7f0000000300)=[0x7], 0x0, 0x0, 0x1}}, 0x40)
r7 = openat$dma_heap(0xffffffffffffff9c, &(0x7f0000003400), 0x42300, 0x0)
ioctl$VHOST_SET_FEATURES(r7, 0x4008af00, &(0x7f0000003b40)=0x4000000)
close(0x4)
r8 = socket$nl_generic(0x10, 0x3, 0x10)
sendmsg$nl_generic(r8, &(0x7f0000000100)={0x0, 0x0, &(0x7f0000000040)={&(0x7f0000000140)={0x14, 0x2e, 0x9, 0x70bd27, 0x0, {0x4}}, 0x14}, 0x1, 0x0, 0x0, 0x42804}, 0x0)
r9 = syz_init_net_socket$nl_generic(0x10, 0x3, 0x10)
sendmsg$NL802154_CMD_DEL_SEC_DEVKEY(r9, &(0x7f00000002c0)={0x0, 0x0, &(0x7f0000000380)={&(0x7f0000000100)=ANY=[], 0x54}, 0x1, 0x0, 0x0, 0x40c4}, 0x20040840)
ioctl$IOCTL_GET_NCIDEV_IDX(0xffffffffffffffff, 0x0, &(0x7f0000000140))
sendmsg$NFC_CMD_LLC_SET_PARAMS(r9, &(0x7f0000000300)={&(0x7f0000000040)={0x10, 0x0, 0x0, 0x4000000}, 0xc, &(0x7f0000000280)={&(0x7f0000000200)=ANY=[], 0x44}, 0x1, 0x0, 0x0, 0x8000}, 0x12)

4.927743629s ago: executing program 0 (id=1598):
r0 = accept4$ax25(0xffffffffffffffff, 0x0, &(0x7f00000001c0), 0x800)
ioctl$DRM_IOCTL_GET_CLIENT(0xffffffffffffffff, 0xc0186405, &(0x7f0000000240)={0x8000, 0x1000, {0xffffffffffffffff}, {<r1=>0xffffffffffffffff}, 0x2, 0x75ea})
ioctl$SIOCAX25ADDUID(r0, 0x89e1, &(0x7f0000000280)={0x3, @null, r1})
r2 = openat$vicodec1(0xffffffffffffff9c, &(0x7f0000000080), 0x2, 0x0)
ioctl$VIDIOC_PREPARE_BUF(r2, 0xc058565d, &(0x7f00000004c0)=@multiplanar_userptr={0x9, 0xb, 0x4, 0x4000, 0x4b8, {0x77359400}, {0x2, 0x0, 0x9, 0x40, 0xe, 0x3, "0174a623"}, 0x7, 0x2, {0x0}, 0x1})
r3 = socket$nl_generic(0x10, 0x3, 0x10)
socket$inet_icmp_raw(0x2, 0x3, 0x1)
r4 = syz_genetlink_get_family_id$nl80211(&(0x7f0000000100), r3)
sendmsg$NL80211_CMD_TRIGGER_SCAN(r3, &(0x7f0000000180)={&(0x7f0000000040)={0x10, 0x0, 0x0, 0x2}, 0xc, &(0x7f0000000140)={&(0x7f0000000540)={0x140, r4, 0x400, 0x70bd2c, 0x25dfdbfd, {{}, {@val={0x8}, @val={0xc, 0x99, {0x7f, 0x7a}}}}, [@NL80211_ATTR_IE={0xf9, 0x2a, [@ibss={0x6, 0x2, 0x10}, @sec_chan_ofs={0x3e, 0x1, 0x2}, @mesh_config={0x71, 0x7, {0xffffffffffffffff, 0x1, 0x1, 0x0, 0x0, 0x3, 0x8}}, @random_vendor={0xdd, 0xe3, "a34feea89242714af59ae3b3b946420b0b83ec0e206260b7de45da03574cfba96a8fff83645b31f90dfd964a1f6b5d57fdff5bc77d71cee9742b1958a4ce61df80e5193eaf573a61e4bac1e1d78b9199c3a91f573a2ed7d9e2977a247a98725902bf5b10fdae86e8714d560e2c5559e71083da166fe330a74fa1fe2db1c0f09b35f5a9186d36c2c8febacf36232e5a478bf366a0b51907d7fd781f4f20241bd85fb34a97656bc488001f95a3530a50f5c03e82330160028d1ea0a6df1e6da4f648b4c87c61539309f21e52cb8900dc1e4126d3863c73ac91ee6d5e24133c3feebb4689"}]}, @NL80211_ATTR_MAC={0xa, 0x6, @device_b}, @NL80211_ATTR_MEASUREMENT_DURATION={0x6, 0xeb, 0x2}, @NL80211_ATTR_SCHED_SCAN_RSSI_ADJUST={0x6, 0xf7, {0x2, 0x4}}]}, 0x140}}, 0x8000)
r5 = syz_io_uring_setup(0x5ce, &(0x7f00000002c0)={0x0, 0x6734, 0x1, 0x40000, 0x34f}, &(0x7f00000000c0), &(0x7f0000000480))
r6 = openat$binder_debug(0xffffffffffffff9c, &(0x7f0000000080)='/sys/kernel/debug/binder/failed_transaction_log\x00', 0x0, 0x0)
poll(&(0x7f0000000180)=[{r6, 0x8000}], 0x1, 0x5)
setsockopt$SO_ATTACH_FILTER(0xffffffffffffffff, 0x1, 0x1a, &(0x7f0000000400)={0x1, &(0x7f0000000200)=[{0x2e, 0x0, 0x0, 0x4}]}, 0x10)
mprotect(&(0x7f0000000000/0x800000)=nil, 0x800000, 0x5)
openat$tun(0xffffff9c, &(0x7f0000000000), 0x0, 0x0)
r7 = syz_open_procfs(0x0, &(0x7f0000000000)='ns\x00')
fchdir(r7)
getsockopt$inet6_tcp_TCP_ZEROCOPY_RECEIVE(r7, 0x6, 0x23, &(0x7f00000006c0)={&(0x7f0000771000/0x2000)=nil, 0x2000, 0x0, 0x0, 0x0, &(0x7f0000000440)=""/36, 0x24, 0x1, &(0x7f0000000680)=""/25, 0x19}, &(0x7f0000000700)=0x40)
r8 = syz_init_net_socket$bt_rfcomm(0x1f, 0x1, 0x3)
getsockopt$bt_rfcomm_RFCOMM_CONNINFO(r8, 0x12, 0x2, 0x0, 0xfffffffffffffffe)
io_uring_enter(r5, 0x57de, 0x0, 0x0, 0x0, 0x0)
socket$inet6_sctp(0xa, 0x1, 0x84)
acct(&(0x7f0000000080)='./cgroup\x00')

4.777531529s ago: executing program 0 (id=1599):
r0 = socket$nl_route(0x10, 0x3, 0x0)
sendmsg$nl_route_sched(r0, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000000040)={&(0x7f00000000c0)=@newtaction={0x60, 0x30, 0x1, 0x0, 0x0, {}, [{0x4c, 0x1, [@m_ife={0x48, 0x1, 0x0, 0x0, {{0x8}, {0x20, 0x2, 0x0, 0x1, [@TCA_IFE_PARMS={0x1c, 0x1, {{}, 0xffff}}]}, {0x4}, {0xc}, {0xc}}}]}]}, 0x60}, 0x1, 0x0, 0x0, 0x24008800}, 0x0)
socketpair$unix(0x1, 0x1, 0x0, 0x0)
r1 = memfd_create(&(0x7f0000000300)='+\x8b\x8a\x16\x11O\xdd\xdfk(F\x99\xdf\x92\xd5>oJ\x02u\x9b\xafa\xac\x06\x9c&\xf5\xe3j\xfa\tcqM\xb8R\x86\xd9\xd2.\x9f\x12\xed\x10\f\xbd\x1a|\x8a\xbb\xda\xcfY\x98gU@\xf2M\xc0\xb5\xdf\x9a\x8d\xdb,n\xae\x0eT\x80\x8c\xfd\xd7\xb0\x94\x82t\x96\rKx\xc5\x9b\x8c\x87\x96\x8bc\xbc\xee\xcc\x9f\xe3F\x99V4\x8e;M\xa9\x823\xe3\xb3mG\x8f\xdb\xed\x1b\x05\xec\xfc\xd1\xb5\xfd\xec@\xdeU\xdd\xa4\xc1\xe4L)\x8e\xe5\x91\x8e\xd4\x89\xef\x95T\x05G\xac\xb8\xc1: )mh\xc7\xf1?\xbb\x13;\xad\x95\xd70\xb6\x0e\x7f\x84r\x0e\xbf\xc5\xf6\xd4\xdd\t\x14\x18\xf7\xefi\x93\x03\xd2\xf2\bK\"\xd2\xb5\xaa\xb8\xc8\xe0\xac\x99\xe8su\xcd\xc3E\x12\xd7\xdd\x96!\x16Tu\xe3\xf0\x84#R\xd9\xe3~Wj\xb0r\x87\'\xea\a\xcfOeK\x9daW\xf4\x87@\x9c\xf3\xf1K\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x91\xe6\xdb\xc2\xa5h\'\xdfIn\x97\x0263~\xeb\xbe(i\n\xc2k4\x7f\x12\xa9e`SOs\x8c\xb4\xe7FeQ\xc6$\x92j_U\xfa\b\xea\xb0bYkW\xc0\x05\aC{\xcc\x03T\x17\xa5Sk\x87P\xc2\x97D\xb2\xfa\x1b\x9fe\xf4\x10\x1a\xad\x92\xce\x88\x1b\xbc\xe14\x19\xaa\xd3\r\xf4\xa2\xc3\x9e=\xa0 \xe6j\xe5\x85\xf8\x97\x03\x15\xaa\x920\xdcrI\xd8\b\xfb\xc7\xe7xX\x00>d\xbb\xa71\xad\x9a\xfb\xe6\x13\x87\x93\\\xe5W-\xfc\xfd\xb8O\xb9j\xb8\xf2\x9dx\xb2\x86\xad\x92', 0x3)
write$binfmt_elf64(r1, &(0x7f0000000180)=ANY=[], 0x78)
sendfile(0xffffffffffffffff, r1, &(0x7f00000001c0), 0x8)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
prlimit64(0x0, 0xe, &(0x7f0000000380)={0x8, 0x100008b}, 0x0)
sched_setscheduler(0x0, 0x1, &(0x7f0000000240)=0x7)
openat$sequencer(0xffffffffffffff9c, &(0x7f0000000300), 0x0, 0x0)
syz_open_dev$radio(0x0, 0x3, 0x2)
socket$kcm(0x29, 0x2, 0x0)
sendmsg$nl_route(0xffffffffffffffff, 0x0, 0x0)
r2 = syz_open_dev$sndmidi(&(0x7f00000004c0), 0x2, 0x141102)
writev(r2, &(0x7f0000000840)=[{&(0x7f00000002c0)="94", 0xf000}, {0x0}], 0x2)
ioctl$IOMMU_IOAS_ALLOC(0xffffffffffffffff, 0x3b81, 0x0)
r3 = socket$nl_netfilter(0x10, 0x3, 0xc)
sendmsg$IPSET_CMD_CREATE(r3, &(0x7f0000000680)={0x0, 0x0, &(0x7f0000000600)={0x0, 0x70}, 0x1, 0x0, 0x0, 0x64041091}, 0x0)
fcntl$addseals(r1, 0x409, 0x8)
ioctl$UFFDIO_WRITEPROTECT(0xffffffffffffffff, 0xc018aa06, 0x0)
sendmsg$nl_route(0xffffffffffffffff, &(0x7f0000000580)={0x0, 0x0, &(0x7f0000000540)={&(0x7f0000000280)=ANY=[@ANYBLOB="20000000100010002d0100000000000100000000", @ANYRES32=0x0, @ANYBLOB="fff0000008030000"], 0x20}, 0x1, 0x0, 0x0, 0x20081}, 0x0)
ioctl$KVM_CAP_HALT_POLL(0xffffffffffffffff, 0x4068aea3, &(0x7f0000000740)={0xb6, 0x0, 0x401})
r4 = socket$nl_route(0x10, 0x3, 0x0)
ioctl$ifreq_SIOCGIFINDEX_batadv_mesh(r4, 0x8933, &(0x7f0000000000))
ioctl$KVM_SET_SREGS(0xffffffffffffffff, 0x4138ae84, &(0x7f00000001c0)={{0xeeee8000, 0x2000, 0x3, 0x4, 0x5, 0xba, 0xd4, 0xd4, 0x0, 0x4, 0x7, 0x4f}, {0xdddd1000, 0x2, 0xd, 0x9, 0x8, 0x3, 0x6, 0xb, 0x5, 0xf, 0x23, 0xc0}, {0xffff1000, 0xdddd1000, 0xb, 0x4f, 0x2, 0x7, 0x19, 0x1, 0x81, 0x0, 0x3f, 0x5}, {0x8000000, 0x2000, 0x8, 0x5, 0x3, 0x46, 0x2, 0xc, 0x6, 0x6, 0x8, 0x5}, {0x100000, 0x4000, 0x9, 0x9, 0x3, 0x9, 0xd, 0x6, 0x0, 0xb, 0xc, 0x4b}, {0xeeef0000, 0x0, 0x4, 0x6, 0x3, 0x7d, 0x1, 0xff, 0x4, 0x90, 0x9, 0xfc}, {0x60000, 0x4000, 0x0, 0x8, 0x3, 0x0, 0x0, 0xb, 0x5, 0x7, 0x9, 0xf8}, {0xf7f63004, 0x8000000, 0xf, 0x5, 0x28, 0x3, 0xa, 0x9, 0x54, 0x1, 0x4, 0x7}, {0xdddd1000, 0x5}, {0xdddd0000, 0x9}, 0x40010000, 0x0, 0x80a0000, 0x300, 0x1, 0x2000, 0xffffffff, [0x3, 0x401, 0x7, 0xc5]})
r5 = socket$netlink(0x10, 0x3, 0x0)
sendmsg$nl_route(0xffffffffffffffff, &(0x7f00000002c0)={0x0, 0x0, &(0x7f0000000280)={&(0x7f0000000240)=ANY=[@ANYBLOB="200000006a0083"], 0x20}}, 0x0)
sendmmsg(r5, &(0x7f00000002c0), 0x40000000000009f, 0x0)
sendmsg$nl_route(r4, 0x0, 0x80)
socket$netlink(0x10, 0x3, 0x1)

4.752594592s ago: executing program 2 (id=1600):
syz_usb_connect$uac1(0x0, 0x0, 0x0, 0x0)
socket$netlink(0x10, 0x3, 0x0)
socket(0x10, 0x803, 0x0)
bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000840)={0x18, 0x3, &(0x7f0000000040)=ANY=[@ANYRES32], &(0x7f0000000300)='GPL\x00', 0x2, 0xb3, &(0x7f0000000140)=""/179, 0x41100, 0x7b, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x38}, 0x94)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0)
sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x7)
r0 = getpid()
sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2)
sched_setscheduler(r0, 0x2, &(0x7f0000000200)=0x6)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeef, 0x8031, 0xffffffffffffffff, 0x0)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={<r1=>0xffffffffffffffff, <r2=>0xffffffffffffffff})
connect$unix(r1, &(0x7f000057eff8)=@file={0x0, './file0\x00'}, 0x6e)
sendmmsg$unix(r2, &(0x7f0000000000), 0x400000000000041, 0x0)
sched_setaffinity(r0, 0x8, &(0x7f0000000240)=0x2)
recvmmsg(r1, &(0x7f0000000040), 0x80002c1, 0x2, 0x0)
prctl$PR_SET_VMA(0x53564d41, 0x0, &(0x7f0000ffa000/0x2000)=nil, 0x2000, 0x0)
mount$9p_virtio(0x0, 0x0, &(0x7f00000004c0), 0x8c, 0x0)
r3 = openat$tun(0xffffffffffffff9c, &(0x7f0000000240), 0x0, 0x0)
ioctl$TUNSETIFF(r3, 0x400454ca, &(0x7f0000000040)={'syzkaller0\x00', 0x7101})
r4 = socket(0x400000000010, 0x3, 0x0)
r5 = socket$unix(0x1, 0x1, 0x0)
ioctl$sock_SIOCGIFINDEX(r5, 0x8933, &(0x7f0000000200)={'syzkaller0\x00', <r6=>0x0})
sendmsg$nl_route_sched(r4, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000440)={&(0x7f00000021c0)=@newtfilter={0xe84, 0x2c, 0xd27, 0x70bd25, 0x8000, {0x0, 0x0, 0x0, r6, {0x0, 0x7}, {}, {0x7, 0x2}}, [@filter_kind_options=@f_fw={{0x7}, {0xe58, 0x2, [@TCA_FW_ACT={0xe54, 0x4, [@m_pedit={0xe50, 0x1, 0x0, 0x0, {{0xa}, {0xe24, 0x2, 0x0, 0x1, [@TCA_PEDIT_PARMS_EX={0xe20, 0x4, {{{0x4, 0x1ff, 0x20000000, 0xc, 0x6}, 0x7f, 0x5}, [{0x2a9, 0x6, 0x810, 0x4, 0x5}, {0x4a7, 0x1ff, 0x4, 0x1, 0x7, 0xdd}, {0x9, 0x7, 0x3ff, 0x7, 0xfffffffd, 0x4}, {0x8, 0x0, 0x6, 0x2, 0x7fff, 0x3}, {0x4f9a, 0x5, 0x1, 0x1, 0x2, 0x8}, {0x0, 0x5, 0x1437, 0xffffffff, 0xee57, 0x9}, {0x77d, 0x8, 0x9, 0x6, 0x8, 0x1}, {0x5, 0x6, 0x0, 0x2, 0x1, 0x7fff}, {0x0, 0x5, 0x4235da1, 0x9, 0x7ec9, 0x8}, {0x10000, 0x2, 0x0, 0x1, 0x3, 0x9}, {0xd, 0xffff0001, 0x0, 0x6, 0x81, 0x4}, {0xfffffffc, 0x4, 0xffff, 0x8, 0xffffffff, 0xfffffffa}, {0x5, 0xd29, 0x101, 0x3, 0x7, 0xc}, {0x0, 0x6, 0x1, 0x72b2, 0xc874, 0x3}, {0x3, 0xf, 0x5, 0x1, 0x1ff, 0x6}, {0x9b9b, 0xffff, 0x6, 0xb, 0xb3d, 0x812}, {0x5, 0x7, 0x2, 0x5, 0x5, 0x4}, {0x6, 0x0, 0x9, 0x2, 0x82, 0x2}, {0xfffffff7, 0x6, 0x2, 0x9, 0xff}, {0x4, 0x1, 0x371, 0x8, 0x0, 0xeac}, {0x9, 0x2, 0xd77, 0x8, 0x113, 0x8d3f}, {0x7, 0xffffffff, 0x4, 0x92a4, 0x9, 0x10}, {0x1a4a13f0, 0x9, 0xe, 0x3, 0xad47, 0xf83b}, {0x1ff, 0x5, 0x7, 0xfff, 0x9}, {0x100, 0x4, 0x200, 0x9, 0x1, 0x9df}, {0x9, 0x1, 0x65, 0x9, 0x7}, {0x401, 0x10001, 0x9, 0x200, 0x9, 0x1}, {0x6, 0x10, 0xf, 0x2, 0x6, 0x3}, {0xf23, 0x3ff, 0x0, 0x9, 0xffffffff}, {0x80000000, 0x6, 0x0, 0x6, 0x6, 0xd}, {0x0, 0x81, 0xd, 0x8000, 0x3, 0x2}, {0x800, 0x9, 0x6, 0x3, 0x7, 0x8}, {0x7, 0x8, 0x7358, 0x7, 0x8, 0xffffffff}, {0x4d9, 0x45db8bad, 0xb3dd, 0x1, 0xbc, 0x7ff}, {0x7, 0x1, 0x3, 0x3, 0x3, 0x7a}, {0x5a1b, 0x1, 0x1, 0x7ff, 0x3, 0x4}, {0x3, 0x7, 0x4, 0x4, 0x1c716ddc, 0x8}, {0xffffffa5, 0x7, 0x0, 0x10, 0x3, 0x5}, {0x8219, 0x0, 0x2, 0x6, 0x3, 0x2}, {0x62, 0xf4, 0x5, 0x4, 0x4, 0x67}, {0x5, 0x4, 0x53, 0x8, 0xc0000000, 0x7}, {0x2, 0x5, 0x2, 0xffff, 0x2, 0x2}, {0x80000001, 0x94c, 0x6, 0xfffffe00, 0x5, 0x7b27}, {0x2, 0x6, 0x1000, 0x9, 0x9}, {0xa, 0x0, 0x9, 0x4, 0xe, 0x9}, {0xdf, 0x7fff, 0x8000, 0x81, 0xff, 0xfffffff8}, {0x2, 0x10000, 0x9, 0x2, 0x2}, {0x2, 0x6, 0x9, 0x1, 0x2, 0x40}, {0xfffffe00, 0x3, 0x74d2, 0x3, 0x80000001, 0x6}, {0xe3f6, 0x8, 0xfffffff7, 0x1, 0x6, 0xc}, {0x8, 0x9, 0x8e, 0x33, 0x10001, 0x22cb}, {0x2, 0x31f5, 0x7, 0x5, 0x7fffffff, 0x1}, {0x9, 0x10001, 0x4, 0x8, 0x7, 0x9}, {0xb, 0x1ff, 0xb, 0x3, 0x5, 0x80000001}, {0x7, 0x7, 0x69b, 0x3, 0x8, 0x339}, {0xee, 0x80000000, 0xfba6, 0x101, 0x5, 0xb}, {0x3, 0x458, 0x6, 0xf, 0x7, 0x8000}, {0x9, 0xfffffffa, 0x1000, 0x8, 0xb, 0xce5a}, {0x400, 0xffff, 0x3, 0xbcbb, 0x7, 0xb}, {0x0, 0xe000, 0xb, 0x8, 0x2, 0x1}, {0x1, 0x0, 0x2, 0x9, 0x0, 0x401}, {0xd, 0x1, 0x2, 0xf, 0x81, 0x5}, {0x6, 0xfff, 0x3, 0x5, 0x4, 0x3649}, {0x7, 0x2, 0x80000000, 0x9, 0x1630, 0x9e73}, {0xb, 0x1b6, 0xc4, 0x3, 0x4, 0xca}, {0x4, 0x5, 0x401, 0x4, 0xfffffff8, 0x40}, {0x8, 0x4594, 0x8, 0x4, 0x0, 0xffff}, {0x100, 0xfffffffb, 0x6, 0x0, 0x9, 0x6}, {0x3, 0xf7b, 0x3, 0x8, 0x6, 0x3}, {0x1, 0x5, 0x3, 0xab9, 0x7, 0x9}, {0xffffffff, 0x0, 0xfc, 0x7, 0x6, 0x10}, {0xf, 0x1, 0xa000000, 0x1, 0x101, 0x1f3}, {0x7ff, 0x9, 0xfffff001, 0x8001, 0x2, 0x2}, {0x4, 0xf, 0x6, 0x1, 0x9, 0xfffffff8}, {0x3, 0x3, 0x7, 0x9, 0x10, 0x1}, {0x5, 0x100, 0xffffffff, 0x963, 0x2, 0xc}, {0x6, 0x50, 0x6, 0xa, 0x0, 0x3}, {0x649, 0x2, 0x80000001, 0x8, 0x0, 0x1}, {0x8, 0xfff, 0x6, 0x80000001, 0x7fffffff, 0x3}, {0xa3, 0x81, 0x9fcb, 0x1, 0x8, 0x7fff}, {0x0, 0x2, 0x750c, 0x0, 0x1, 0xfffffffc}, {0x7ff, 0x7, 0x10000, 0x9, 0x4, 0x88}, {0x5, 0x10001, 0x7fff, 0x81, 0xfffffff4, 0x7}, {0x5, 0x7, 0x5, 0x4, 0x1ff}, {0x3, 0x0, 0x3ff, 0x7fffffff, 0x9, 0x7}, {0xdac, 0x1, 0x4, 0x80000001, 0x3, 0x8}, {0x7, 0xffffffff, 0x6, 0x8, 0x80000001, 0xa}, {0x2, 0x4, 0x4, 0x401, 0xe32}, {0x5, 0x7, 0x6, 0x8, 0x2, 0x2}, {0x10001, 0x5, 0x3, 0x4, 0x9, 0xfffffffa}, {0x2, 0x0, 0x3, 0x6, 0x800, 0x7}, {0x0, 0x0, 0x3, 0x8, 0x1, 0x3}, {0x3, 0x3, 0xffffffff, 0x3, 0x800, 0xde}, {0x5, 0x66, 0x41d0, 0x8001, 0x1, 0x3}, {0x6, 0x7, 0xfffffffc, 0x4, 0x3, 0x92c}, {0x4, 0xffff, 0x0, 0x101, 0x4, 0x1}, {0x9, 0xf667, 0x5, 0x3, 0x9, 0x4}, {0x1731, 0xa, 0x9960, 0x9, 0x1, 0x7}, {0xd, 0xfffffffa, 0x1, 0x3, 0x40, 0x2}, {0x1, 0x4, 0x80000000, 0x80000001, 0x2, 0x6}, {0x7, 0x2, 0xffffff3a, 0x4cf, 0x800, 0x6}, {0x8000, 0x6, 0x1, 0x0, 0x100, 0x80000000}, {0x3b, 0x5562334a, 0x2, 0x2, 0x6, 0x81}, {0x4, 0x96, 0x81, 0x0, 0x101, 0x7}, {0x4, 0xff, 0x9, 0x0, 0x81, 0x29}, {0xa, 0x5, 0x0, 0x9, 0xffffffff, 0xfb4}, {0x80000000, 0x2, 0xffff, 0x39b4, 0x1, 0x800}, {0x61, 0x2d, 0x6, 0x1fe4c5d2, 0x1, 0x3}, {0x1, 0xe2, 0x7ff, 0x7ff, 0x7f, 0x29d0}, {0x0, 0x4, 0xc, 0xd594, 0x9, 0x7}, {0x6, 0x0, 0x7, 0x9, 0x7, 0x9}, {0x80e9, 0x7, 0x9, 0x1, 0x1, 0x18000}, {0x400, 0x9, 0x0, 0x6f}, {0x2, 0x1, 0x6, 0x3, 0xfffff71b, 0xce}, {0x1, 0xff, 0xb, 0x4, 0x800, 0x1}, {0x6, 0x2, 0x8, 0xfff, 0x4, 0x7fff}, {0x0, 0x0, 0x7f, 0x401, 0x7, 0x7fff}, {0x7, 0xb, 0x10000, 0x1, 0x8000, 0xfffff830}, {0x3, 0x4, 0x2, 0x1, 0x6, 0x2b4}, {0x3cd2dbce, 0x929a, 0x9dc, 0x0, 0x8, 0xfffffffc}, {0x6, 0x0, 0xe61, 0xc5c3, 0x3, 0x1}, {0x7, 0x2, 0x197a, 0x7, 0x1, 0x8}, {0xff, 0x2c, 0xfffffc01, 0x1, 0x3, 0x100}, {0x0, 0x6, 0x10001, 0x40ce7, 0xec, 0x1000}, {0xffffffff, 0x6, 0xffffffff, 0x9, 0x2, 0x6}, {0xfa, 0x9, 0xbf1d, 0x9, 0x80, 0x5}, {0x1c91, 0x5f27, 0x1, 0x0, 0x6, 0xcf}, {0x37, 0x622, 0x2, 0x1, 0x7, 0x2}], [{0x5}, {0xccffbfc290ab3baa}, {}, {0x2}, {0x2}, {0x0, 0x1}, {0x3}, {0x4, 0x1}, {}, {0x1, 0x1}, {0x1}, {0x2}, {0x3}, {0x0, 0x1}, {0x5, 0x1}, {0x2}, {0x3, 0x1}, {0x1}, {0x1}, {0x1, 0x1}, {0x0, 0x1}, {0x1, 0x1}, {}, {0x2, 0x1}, {0x4}, {0x2}, {0x2, 0x1}, {0x2, 0x1}, {0x2, 0x1}, {}, {0x3}, {0x3, 0x1}, {0x5, 0x1}, {0x3, 0x1}, {0x1, 0x1}, {}, {0x5, 0x1}, {0x3}, {0x2}, {0x4}, {0x5}, {0x5, 0x1}, {0x2}, {0x1, 0x1}, {0x4}, {0x4, 0x1}, {0x4, 0x1}, {0x2}, {0x4, 0x1}, {0x2}, {0x1, 0x1}, {0x3, 0x1}, {0x0, 0x1}, {0x4, 0x1}, {0x4, 0x1}, {}, {0x2}, {0x4, 0x1}, {0x4, 0x1}, {0xed3229170eca159}, {0x2, 0x1}, {0x1}, {0x3}, {0x3, 0x1}, {}, {0x2, 0x1}, {0x1, 0x1}, {0x0, 0x1}, {0x1, 0x1}, {0x3, 0x1}, {0x3}, {0x4}, {0x3, 0x1}, {0x1}, {0x3}, {0x1, 0x1}, {0x2}, {0x5, 0x1}, {0x4}, {0x5, 0x1}, {0x2, 0x1}, {0x0, 0x1}, {0x3, 0x1}, {0x4}, {0x0, 0x1}, {0x5, 0x1}, {0x5, 0x1}, {0x5, 0x1}, {0x5}, {0x5}, {0x4, 0x1}, {0x4, 0x1}, {0x4}, {0x5}, {0x54e1b160e6ec45e8, 0x1}, {0x1}, {0x2}, {0x3, 0x1}, {0x3, 0x1}, {0x0, 0x1}, {}, {0x4, 0x1}, {0x4, 0x1}, {0x5}, {0x0, 0x1}, {0x3}, {0x0, 0x1}, {0x5}, {}, {0x2}, {0x5, 0x1}, {0x4}, {0x2}, {0x9baeccaf277094c4, 0x1}, {}, {0x2, 0x1}, {}, {}, {0x8f9fc2e2ef57f2f0}, {0x3, 0x1}, {0x2, 0x1}, {0x2}, {0x3}, {0x3}, {0x2, 0x1}, {0x2, 0x1}, {0x1}, {0x1}], 0x1}}]}, {0x4}, {0xc}, {0xc, 0x8, {0x2, 0x2}}}}]}]}}]}, 0xe84}, 0x1, 0x0, 0x0, 0x81}, 0x800)

3.835401305s ago: executing program 0 (id=1601):
r0 = socket$caif_stream(0x25, 0x1, 0x5)
r1 = bpf$MAP_CREATE_TAIL_CALL(0x0, &(0x7f0000002100)={0x3, 0x4, 0x4, 0xa, 0x0, 0xffffffffffffffff, 0x0, '\x00', 0x0, 0xffffffffffffffff, 0x2}, 0x50)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x1, 0x0)
sendmsg$nl_route_sched(0xffffffffffffffff, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000000040)={&(0x7f00000000c0)=@newtaction={0xa4, 0x30, 0x1, 0x0, 0x0, {}, [{0x90, 0x1, [@m_ct={0x44, 0x2, 0x0, 0x0, {{0x7}, {0x1c, 0x2, 0x0, 0x1, [@TCA_CT_PARMS={0x18, 0x1, {0xe4b, 0x11e41e7a, 0x20000000, 0x3, 0xf}}]}, {0x4}, {0xc, 0x7, {0x0, 0x1}}, {0xc, 0x8, {0x0, 0x1}}}}, @m_ife={0x48, 0x2, 0x0, 0x0, {{0x8}, {0x20, 0x2, 0x0, 0x1, [@TCA_IFE_PARMS={0x1c}]}, {0x4}, {0xc}, {0xc, 0x8, {0x0, 0x2}}}}]}]}, 0xa4}, 0x1, 0x0, 0x0, 0x804}, 0x0)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000380)=0x34)
r2 = getpid()
sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x10000000000002)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeef, 0x8031, 0xffffffffffffffff, 0x0)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={<r3=>0xffffffffffffffff, <r4=>0xffffffffffffffff})
connect$unix(r3, &(0x7f000057eff8)=@file={0x0, './file0\x00'}, 0x6e)
sendmmsg$unix(r4, &(0x7f0000000000), 0x400000000000041, 0x0)
sched_setaffinity(r2, 0x8, &(0x7f0000000240)=0x2)
recvmmsg(r3, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
r5 = socket$pptp(0x18, 0x1, 0x2)
connect$pptp(r5, &(0x7f00000001c0)={0x18, 0x2, {0x3, @remote}}, 0x1e)
syz_usbip_server_init(0x6)
bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xb, &(0x7f0000000840)=ANY=[@ANYBLOB="18000000000000000000000000000000180100002020702500000000002020207b1af8ff00000000bfa100000000000007010000f8ffffffb702000008000000b703000000000000850000007100000095"], &(0x7f0000000200)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback=0x1f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7}, 0x94)
bpf$PROG_LOAD_XDP(0x5, &(0x7f0000000680)={0x6, 0x8, &(0x7f0000000000)=@framed={{0x18, 0x0, 0x0, 0x0, 0x400000}, [@tail_call={{0x18, 0x2, 0x1, 0x0, r1}}]}, 0x0, 0x7, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x25, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x1}, 0x94)
prctl$PR_SET_SYSCALL_USER_DISPATCH_ON(0x3b, 0x1, 0x0, 0x9, &(0x7f0000006680))
statfs(&(0x7f0000000040)='./cgroup.net/cgroup.procs\x00', &(0x7f00000002c0)=""/166)
mount(&(0x7f0000000180)=@loop={'/dev/loop', 0x0}, &(0x7f0000000280)='./file0\x00', &(0x7f00000003c0)='jffs2\x00', 0xc9812, &(0x7f0000000400)='/+^($}@\x00')
recvmmsg(r0, &(0x7f0000001c00), 0x0, 0x40, 0x0)
bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000002c80)={0x3, 0x5, &(0x7f0000000040)=ANY=[], &(0x7f0000000000)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0xb}, 0x94)
bpf$BPF_PROG_TEST_RUN(0xa, 0x0, 0x0)
bpf$PROG_LOAD(0x5, &(0x7f0000000080)={0x11, 0x8, &(0x7f0000000a80)=ANY=[@ANYBLOB], 0x0}, 0x94)
bpf$MAP_CREATE(0x600000000000000, &(0x7f0000000580)=@base={0xf, 0x4, 0x4, 0x20002, 0x0, 0x1, 0xfffffffd, '\x00', 0x0, 0xffffffffffffffff, 0x0, 0x4}, 0x48)
r6 = syz_open_dev$radio(&(0x7f0000000040), 0x2, 0x2)
ioctl$VIDIOC_S_HW_FREQ_SEEK(r6, 0x40305652, &(0x7f0000000000)={0x0, 0x1, 0xe98})
ioctl$FS_IOC_ENABLE_VERITY(r0, 0x40806685, &(0x7f0000000100)={0x1, 0x2, 0x1000, 0x5f, &(0x7f0000000000)="c9720794b643fa8d60f840cb8cbcb9c64ee6b722b4fa802127d837e98759d76e7fa22055f4f79ba60e6e31dbae081915227eee5047e28fa59356d2328807ee2b067252dbcceebe9feef2c8fb7dfa6c9cdb5835c6d669520f11a80e83bb5850", 0x42, 0x0, &(0x7f0000000080)="00ea71676dfa1182e1979fd8abe82afc8ed11f19c7b3ecf77c46711d0181b5d91c71a7af19357bbe56e77e1d63f3b2cb0b1811a4c2174a8062174cc64bc4dce2d715"})

3.834430642s ago: executing program 3 (id=1602):
bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000300)={0x18, 0x3, 0x0, &(0x7f0000000000)='GPL\x00', 0x4, 0xba, &(0x7f0000000140)=""/186, 0x41000, 0x2b, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x37}, 0x94)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0)
sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x7)
r0 = getpid()
sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2)
sched_setscheduler(r0, 0x2, &(0x7f0000000200)=0x6)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeef, 0x8031, 0xffffffffffffffff, 0x0)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={<r1=>0xffffffffffffffff, <r2=>0xffffffffffffffff})
connect$unix(r1, &(0x7f000057eff8)=@file={0x0, './file0\x00'}, 0x6e)
sendmmsg$unix(r2, &(0x7f0000000000), 0x400000000000041, 0x0)
sched_setaffinity(r0, 0x8, &(0x7f0000000240)=0x2)
recvmmsg(r1, &(0x7f0000000040), 0x80002c1, 0x2, 0x0)
socket(0x40000000015, 0x5, 0x0)
syz_io_uring_setup(0x88f, 0x0, &(0x7f0000000000), &(0x7f0000000280))
syz_genetlink_get_family_id$nl80211(&(0x7f0000000340), 0xffffffffffffffff)
sendmsg$NFT_BATCH(0xffffffffffffffff, &(0x7f00000000c0)={0x0, 0x0, 0x0}, 0x20050840)
r3 = socket$nl_generic(0x10, 0x3, 0x10)
sendmsg$nl_generic(r3, &(0x7f00000000c0)={0x0, 0x0, 0x0}, 0xc000)
r4 = socket$nl_netfilter(0x10, 0x3, 0xc)
sendmsg$IPSET_CMD_CREATE(r4, &(0x7f0000000040)={0x0, 0x0, &(0x7f0000000080)={&(0x7f0000000600)=ANY=[@ANYBLOB="5c0000000206050800000000000000000000000005000400000000000900020073797a30000000001400078008001340000000000800064000000000050005000000000005000100060000000d000300686173683a6d6163"], 0x5c}}, 0x0)
r5 = socket$nl_netfilter(0x10, 0x3, 0xc)
sendmsg$IPSET_CMD_ADD(r5, &(0x7f0000000240)={0x0, 0x0, &(0x7f0000000280)={&(0x7f0000000440)=ANY=[@ANYBLOB="440000000a0605000000000000000000010000050900020073797a30000000000500010007000000080009400000000114000880100007800a001100aa"], 0x44}, 0x1, 0x0, 0x0, 0x8040}, 0x44000)

977.099717ms ago: executing program 2 (id=1603):
openat$binderfs(0xffffffffffffff9c, &(0x7f0000000380)='./binderfs/binder0\x00', 0x801, 0x0)
openat$ptmx(0xffffffffffffff9c, &(0x7f00000000c0), 0x0, 0x0)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
prlimit64(0x0, 0xe, &(0x7f0000000380)={0x8, 0x100008b}, 0x0)
sched_setscheduler(0x0, 0x1, &(0x7f0000000200)=0x5)
openat$sequencer(0xffffffffffffff9c, &(0x7f0000000480), 0x129540, 0x0)
r0 = syz_open_dev$sndmidi(&(0x7f00000004c0), 0x2, 0x141102)
writev(r0, &(0x7f0000000840)=[{&(0x7f00000002c0)="94", 0xf000}, {0x0}], 0x2)
syz_open_dev$dri(&(0x7f00000000c0), 0x1ff, 0x0)
syz_init_net_socket$nfc_llcp(0x27, 0x3, 0x1)
r1 = open$dir(&(0x7f0000000080)='./file1\x00', 0x0, 0x0)
mmap$xdp(&(0x7f0000ffc000/0x4000)=nil, 0x4000, 0x0, 0x12, r1, 0x0)
r2 = socket$unix(0x1, 0x5, 0x0)
r3 = socket$nl_generic(0x10, 0x3, 0x10)
r4 = syz_genetlink_get_family_id$nl80211(&(0x7f0000000040), 0xffffffffffffffff)
ioctl$sock_SIOCGIFINDEX_80211(r2, 0x8933, &(0x7f0000000080)={'wlan0\x00', <r5=>0x0})
sendmsg$NL80211_CMD_SET_TX_BITRATE_MASK(r3, &(0x7f0000000100)={0x0, 0x0, &(0x7f00000000c0)={&(0x7f0000000640)={0x40, r4, 0x1, 0xffffffff, 0x0, {{}, {@val={0x8, 0x3, r5}, @void}}, [@NL80211_ATTR_TX_RATES={0x24, 0x5a, 0x0, 0x1, [@NL80211_BAND_5GHZ={0x20, 0x1, 0x0, 0x1, [@NL80211_TXRATE_VHT={0x14, 0x3, {[0x0, 0x0, 0x0, 0x8, 0x1]}}, @NL80211_TXRATE_HT={0x4}, @NL80211_TXRATE_LEGACY={0x4}]}]}]}, 0x40}}, 0x0)
write$qrtrtun(0xffffffffffffffff, &(0x7f0000000400)="0b8ca3756ea769f253", 0x9)
r6 = bpf$PROG_LOAD(0x5, &(0x7f0000000040)={0x2, 0x4, &(0x7f0000000200)=ANY=[@ANYBLOB="180000000300000000000000fe020010850000000700000095"], &(0x7f0000000000)='GPL\x00', 0x0, 0x0, 0x0, 0x100, 0x70, '\x00', 0x0, @fallback=0x30, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
bpf$BPF_LINK_CREATE_XDP(0x1c, &(0x7f00000003c0)={r6, 0x0, 0x30, 0x0, @val=@uprobe_multi={&(0x7f0000000280)='./file0\x00', &(0x7f0000000300)=[0x7], 0x0, 0x0, 0x1}}, 0x40)
r7 = openat$dma_heap(0xffffffffffffff9c, &(0x7f0000003400), 0x42300, 0x0)
ioctl$VHOST_SET_FEATURES(r7, 0x4008af00, &(0x7f0000003b40)=0x4000000)
close(0x4)
r8 = socket$nl_generic(0x10, 0x3, 0x10)
sendmsg$nl_generic(r8, &(0x7f0000000100)={0x0, 0x0, &(0x7f0000000040)={&(0x7f0000000140)={0x14, 0x2e, 0x9, 0x70bd27, 0x0, {0x4}}, 0x14}, 0x1, 0x0, 0x0, 0x42804}, 0x0)
r9 = syz_init_net_socket$nl_generic(0x10, 0x3, 0x10)
sendmsg$NL802154_CMD_DEL_SEC_DEVKEY(r9, &(0x7f00000002c0)={0x0, 0x0, &(0x7f0000000380)={&(0x7f0000000100)=ANY=[], 0x54}, 0x1, 0x0, 0x0, 0x40c4}, 0x20040840)
ioctl$IOCTL_GET_NCIDEV_IDX(0xffffffffffffffff, 0x0, &(0x7f0000000140))
sendmsg$NFC_CMD_LLC_SET_PARAMS(r9, &(0x7f0000000300)={&(0x7f0000000040)={0x10, 0x0, 0x0, 0x4000000}, 0xc, &(0x7f0000000280)={&(0x7f0000000200)=ANY=[], 0x44}, 0x1, 0x0, 0x0, 0x8000}, 0x12)

469.665003ms ago: executing program 1 (id=1604):
openat$binderfs(0xffffffffffffff9c, &(0x7f0000000380)='./binderfs/binder0\x00', 0x801, 0x0)
openat$ptmx(0xffffffffffffff9c, &(0x7f00000000c0), 0x0, 0x0)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
prlimit64(0x0, 0xe, &(0x7f0000000380)={0x8, 0x100008b}, 0x0)
sched_setscheduler(0x0, 0x1, &(0x7f0000000200)=0x5)
openat$sequencer(0xffffffffffffff9c, &(0x7f0000000480), 0x129540, 0x0)
r0 = syz_open_dev$sndmidi(&(0x7f00000004c0), 0x2, 0x141102)
writev(r0, &(0x7f0000000840)=[{&(0x7f00000002c0)="94", 0xf000}, {0x0}], 0x2)
syz_open_dev$dri(&(0x7f00000000c0), 0x1ff, 0x0)
syz_init_net_socket$nfc_llcp(0x27, 0x3, 0x1)
r1 = creat(&(0x7f00000002c0)='./file0\x00', 0x0)
r2 = open$dir(&(0x7f0000000080)='./file1\x00', 0x0, 0x0)
mmap$xdp(&(0x7f0000ffc000/0x4000)=nil, 0x4000, 0x0, 0x12, r2, 0x0)
r3 = socket$nl_generic(0x10, 0x3, 0x10)
r4 = syz_genetlink_get_family_id$nl80211(&(0x7f0000000040), 0xffffffffffffffff)
ioctl$sock_SIOCGIFINDEX_80211(0xffffffffffffffff, 0x8933, &(0x7f0000000080)={'wlan0\x00', <r5=>0x0})
sendmsg$NL80211_CMD_SET_TX_BITRATE_MASK(r3, &(0x7f0000000100)={0x0, 0x0, &(0x7f00000000c0)={&(0x7f0000000640)={0x40, r4, 0x1, 0xffffffff, 0x0, {{}, {@val={0x8, 0x3, r5}, @void}}, [@NL80211_ATTR_TX_RATES={0x24, 0x5a, 0x0, 0x1, [@NL80211_BAND_5GHZ={0x20, 0x1, 0x0, 0x1, [@NL80211_TXRATE_VHT={0x14, 0x3, {[0x0, 0x0, 0x0, 0x8, 0x1]}}, @NL80211_TXRATE_HT={0x4}, @NL80211_TXRATE_LEGACY={0x4}]}]}]}, 0x40}}, 0x0)
write$qrtrtun(r1, &(0x7f0000000400)="0b8ca3756ea769f253", 0x9)
r6 = bpf$PROG_LOAD(0x5, &(0x7f0000000040)={0x2, 0x4, &(0x7f0000000200)=ANY=[@ANYBLOB="180000000300000000000000fe020010850000000700000095"], &(0x7f0000000000)='GPL\x00', 0x0, 0x0, 0x0, 0x100, 0x70, '\x00', 0x0, @fallback=0x30, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
bpf$BPF_LINK_CREATE_XDP(0x1c, &(0x7f00000003c0)={r6, 0x0, 0x30, 0x0, @val=@uprobe_multi={&(0x7f0000000280)='./file0\x00', &(0x7f0000000300)=[0x7], 0x0, 0x0, 0x1}}, 0x40)
r7 = openat$dma_heap(0xffffffffffffff9c, &(0x7f0000003400), 0x42300, 0x0)
ioctl$VHOST_SET_FEATURES(r7, 0x4008af00, &(0x7f0000003b40)=0x4000000)
close(0x4)
r8 = socket$nl_generic(0x10, 0x3, 0x10)
sendmsg$nl_generic(r8, &(0x7f0000000100)={0x0, 0x0, &(0x7f0000000040)={&(0x7f0000000140)={0x14, 0x2e, 0x9, 0x70bd27, 0x0, {0x4}}, 0x14}, 0x1, 0x0, 0x0, 0x42804}, 0x0)
r9 = syz_init_net_socket$nl_generic(0x10, 0x3, 0x10)
sendmsg$NL802154_CMD_DEL_SEC_DEVKEY(r9, &(0x7f00000002c0)={0x0, 0x0, &(0x7f0000000380)={&(0x7f0000000100)=ANY=[], 0x54}, 0x1, 0x0, 0x0, 0x40c4}, 0x20040840)
ioctl$IOCTL_GET_NCIDEV_IDX(0xffffffffffffffff, 0x0, &(0x7f0000000140))

0s ago: executing program 2 (id=1605):
bind$inet6(0xffffffffffffffff, &(0x7f0000d84000)={0xa, 0x2, 0x0, @loopback}, 0x1c)
openat$binderfs(0xffffffffffffff9c, &(0x7f0000000380)='./binderfs/binder1\x00', 0x800, 0x0)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
prlimit64(0x0, 0xe, &(0x7f0000000380)={0x8, 0x100008b}, 0x0)
sched_setscheduler(0x0, 0x1, &(0x7f0000000200)=0x5)
openat$sequencer(0xffffffffffffff9c, &(0x7f0000000300), 0x20240, 0x0)
r0 = syz_open_dev$sndmidi(&(0x7f00000004c0), 0x2, 0x141102)
writev(r0, &(0x7f0000000840)=[{&(0x7f00000002c0)="94", 0xf000}, {0x0}], 0x2)
ioctl$PPPIOCNEWUNIT(0xffffffffffffffff, 0xc004743e, &(0x7f0000000100)=0x2)
ioctl$sock_inet6_udp_SIOCINQ(0xffffffffffffffff, 0x541b, 0x0)
socket$nl_route(0x10, 0x3, 0x0)
bpf$PROG_LOAD(0x5, &(0x7f000000e000)={0xf, 0x0, 0x0, 0x0, 0x5, 0x0, 0x0, 0x41100}, 0x94)
r1 = syz_init_net_socket$bt_hci(0x1f, 0x3, 0x1)
bind$bt_hci(r1, &(0x7f0000000080)={0x1f, 0xffff, 0x3}, 0x6)
write(r1, &(0x7f0000000340)="0a000300010000", 0x7)
recvmmsg(r1, &(0x7f0000000a40)=[{{0x0, 0x0, 0x0}, 0x5}], 0x40001af, 0x12122, 0x0)
r2 = socket$nl_netfilter(0x10, 0x3, 0xc)
r3 = socket$netlink(0x10, 0x3, 0x0)
r4 = socket$packet(0x11, 0x3, 0x300)
ioctl$sock_SIOCGIFINDEX(r4, 0x8933, &(0x7f00000002c0)={'veth1_to_batadv\x00', <r5=>0x0})
sendmsg$nl_route(r3, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000001140)={&(0x7f0000004b40)=@newlink={0x54, 0x10, 0x503, 0x0, 0xffffffff, {0x0, 0x0, 0x0, 0x0, 0x440, 0x80}, [@IFLA_LINKINFO={0x2c, 0x12, 0x0, 0x1, @vlan={{0x9}, {0x1c, 0x2, 0x0, 0x1, [@IFLA_VLAN_EGRESS_QOS={0x10, 0x3, 0x0, 0x1, [@IFLA_VLAN_QOS_MAPPING={0xc, 0x1, {0x3, 0x4}}]}, @IFLA_VLAN_ID={0x6, 0x1, 0x4}]}}}, @IFLA_LINK={0x8, 0x5, r5}]}, 0x54}, 0x1, 0x400000000000000}, 0x0)
r6 = openat$uinput(0xffffffffffffff9c, &(0x7f0000000040), 0x802, 0x0)
ioctl$UI_SET_ABSBIT(r6, 0x40045567, 0x0)
ioctl$UI_SET_EVBIT(0xffffffffffffffff, 0x40045564, 0x12)
write$uinput_user_dev(r6, &(0x7f0000001740)={'syz1\x00', {0x0, 0x0, 0x0, 0xd}, 0x0, [0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x80000001, 0x4, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2c, 0x0, 0x0, 0x2, 0x0, 0x0, 0x0, 0x7, 0x0, 0x0, 0x0, 0x0, 0x4, 0x0, 0x2, 0x2, 0x2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x9], [0x100000, 0x8, 0x0, 0x0, 0x4, 0x0, 0x1, 0x0, 0x0, 0x0, 0x3, 0x0, 0x0, 0x0, 0x0, 0x2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xdbf0, 0xfffffffd, 0x0, 0x0, 0x0, 0x0, 0x6, 0x0, 0x4, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4, 0x0, 0x800, 0x4, 0x0, 0x10000, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x80, 0x0, 0x0, 0x0, 0x8, 0x7fffffff, 0x0, 0x0, 0x800000], [0x0, 0x0, 0x0, 0x0, 0x0, 0x81, 0x8, 0x0, 0x0, 0x0, 0x1ff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3, 0x7, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xe8c, 0x0, 0xde11, 0x0, 0x28, 0x0, 0x0, 0x0, 0x0, 0x3, 0xffffffff, 0x0, 0x0, 0xffffffff, 0x0, 0x8, 0x6, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xfffffffd, 0x0, 0x0, 0x8, 0x0, 0x3], [0x0, 0x0, 0x0, 0x0, 0x1, 0x0, 0x3, 0x0, 0x0, 0x0, 0xfffffffd, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x6, 0x0, 0x0, 0xfffffffe, 0x5, 0x0, 0x2, 0x0, 0x10, 0x0, 0x6, 0x0, 0x0, 0x9, 0xfffffffe, 0x0, 0x0, 0x0, 0x6, 0x0, 0xfffffffe, 0x0, 0x2, 0x8ce, 0x7, 0x0, 0x0, 0x0, 0x9]}, 0x45c)
sendmsg$NFT_BATCH(r2, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000740)=ANY=[@ANYBLOB="140000001000010000000000000100000000000a20000000000a01010000000000000000010000000900010073797a300000000068000000090a010400000000000000000100000008000a4000000000200011800e000100636f6e6e6c696d69740000000c00028008000140000000000900010073797a30000000000900020073797a3200000000080005400000001f0c000980080001400037"], 0xb0}}, 0x0)
socket$nl_netfilter(0x10, 0x3, 0xc)
r7 = fsopen(&(0x7f0000000000)='devtmpfs\x00', 0x1)
fsconfig$FSCONFIG_CMD_CREATE(r7, 0x6, 0x0, 0x0, 0x0)

kernel console output (not intermixed with test programs):

 `syz.1.1122'.
[  350.983282][T10592] netlink: 4 bytes leftover after parsing attributes in process `syz.1.1127'.
[  351.019657][T10591] netlink: 'syz.0.1128': attribute type 10 has an invalid length.
[  351.483727][   T24] usb 7-1: new high-speed USB device number 5 using dummy_hcd
[  351.633652][   T24] usb 7-1: Using ep0 maxpacket: 32
[  351.637352][   T24] usb 7-1: config 0 has an invalid interface number: 1 but max is 0
[  351.640399][   T24] usb 7-1: config 0 has no interface number 0
[  351.645171][   T24] usb 7-1: New USB device found, idVendor=8086, idProduct=9500, bcdDevice=b6.d8
[  351.650204][   T24] usb 7-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  351.653894][   T24] usb 7-1: Product: syz
[  351.655787][   T24] usb 7-1: Manufacturer: syz
[  351.657809][   T24] usb 7-1: SerialNumber: syz
[  351.668256][   T24] usb 7-1: config 0 descriptor??
[  351.673994][   T24] usb 7-1: dvb_usb_v2: found a 'Intel CE9500 reference design' in warm state
[  351.677261][   T24] usb 7-1: selecting invalid altsetting 1
[  351.679679][   T24] usb 7-1: dvb_usb_ce6230: usb_set_interface() failed=-22
[  351.692305][   T24] usb 7-1: dvb_usb_v2: will pass the complete MPEG2 transport stream to the software demuxer
[  351.700033][   T24] dvbdev: DVB: registering new adapter (Intel CE9500 reference design)
[  351.704572][   T24] usb 7-1: media controller created
[  351.713717][   T24] dvbdev: dvb_create_media_entity: media entity 'dvb-demux' registered.
[  351.811418][T10588] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium
[  352.106312][T10595] netlink: 40 bytes leftover after parsing attributes in process `syz.2.1129'.
[  352.131640][T10599] vhci_hcd vhci_hcd.0: pdev(1) rhport(0) sockfd(3)
[  352.134882][T10599] vhci_hcd vhci_hcd.0: devid(0) speed(5) speed_str(super-speed)
[  352.141238][T10599] vhci_hcd vhci_hcd.0: Device attached
[  352.230947][T10603] netlink: 72 bytes leftover after parsing attributes in process `syz.1.1130'.
[  352.256351][T10603] syz.1.1130 (10603): drop_caches: 2
[  352.272063][T10603] syz.1.1130 (10603): drop_caches: 2
[  352.312093][T10600] vhci_hcd: cannot find the pending unlink 4294967287
[  352.320328][T10603] binder: 10598:10603 ioctl 40046629 80000200 returned -22
[  352.425848][ T6629] usb 40-1: SetAddress Request (102) to port 0
[  352.431475][ T6629] usb 40-1: new SuperSpeed USB device number 102 using vhci_hcd
[  352.758988][T10607] vhci_hcd vhci_hcd.0: pdev(0) rhport(0) sockfd(3)
[  352.761906][T10607] vhci_hcd vhci_hcd.0: devid(0) speed(5) speed_str(super-speed)
[  352.766658][T10607] vhci_hcd vhci_hcd.0: Device attached
[  352.845619][   T24] usb 7-1: dvb_usb_ce6230: usb_control_msg() failed=-110
[  352.849498][   T24] zl10353_read_register: readreg error (reg=127, ret==-110)
[  352.878802][T10595] usb 7-1: dvb_usb_ce6230: usb_control_msg() failed=-32
[  353.064280][T10600] vhci_hcd: connection reset by peer
[  353.068285][   T46] vhci_hcd vhci_hcd.1: stop threads
[  353.071009][   T46] vhci_hcd vhci_hcd.1: release socket
[  353.074102][  T141] usb 38-1: SetAddress Request (82) to port 0
[  353.077254][  T141] usb 38-1: new SuperSpeed USB device number 82 using vhci_hcd
[  353.081568][   T46] vhci_hcd vhci_hcd.1: disconnect device
[  353.764564][   T40] audit: type=1326 audit(1766302897.309:9): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=10593 comm="syz.2.1129" exe="/syz-executor" sig=31 arch=40000003 syscall=240 compat=1 ip=0xf7fd2579 code=0x0
[  353.980352][T10610] netlink: 72 bytes leftover after parsing attributes in process `syz.0.1133'.
[  354.047279][   T24] usb 7-1: dvb_usb_ce6230: usb_set_interface() failed=-71
[  354.106827][T10610] syz.0.1133 (10610): drop_caches: 2
[  354.112585][T10610] syz.0.1133 (10610): drop_caches: 2
[  354.207260][T10610] binder: 10606:10610 ioctl 40046629 80000200 returned -22
[  354.212595][T10608] vhci_hcd: cannot find the pending unlink 4294967287
[  354.222292][   T24] usb 7-1: USB disconnect, device number 5
[  354.472284][T10608] vhci_hcd: connection reset by peer
[  354.475055][ T1145] vhci_hcd vhci_hcd.0: stop threads
[  354.477395][ T1145] vhci_hcd vhci_hcd.0: release socket
[  354.479793][ T1145] vhci_hcd vhci_hcd.0: disconnect device
[  354.575086][T10628] vhci_hcd vhci_hcd.0: pdev(1) rhport(0) sockfd(3)
[  354.577763][T10628] vhci_hcd vhci_hcd.0: devid(0) speed(5) speed_str(super-speed)
[  354.581204][T10628] vhci_hcd vhci_hcd.0: Device attached
[  354.592307][T10628] netlink: 6040 bytes leftover after parsing attributes in process `syz.1.1136'.
[  354.662480][T10631] netlink: 72 bytes leftover after parsing attributes in process `syz.1.1136'.
[  354.689521][T10631] syz.1.1136 (10631): drop_caches: 2
[  354.698072][T10631] syz.1.1136 (10631): drop_caches: 2
[  354.714255][T10629] vhci_hcd: cannot find the pending unlink 4294967287
[  354.717709][T10631] binder: 10627:10631 ioctl 40046629 80000200 returned -22
[  355.453710][T10629] vhci_hcd: connection closed
[  355.454120][   T46] vhci_hcd vhci_hcd.1: stop threads
[  355.458497][   T46] vhci_hcd vhci_hcd.1: release socket
[  355.461063][   T46] vhci_hcd vhci_hcd.1: disconnect device
[  355.738503][T10639] vhci_hcd vhci_hcd.0: pdev(0) rhport(0) sockfd(7)
[  355.741306][T10639] vhci_hcd vhci_hcd.0: devid(0) speed(6) speed_str(super-speed-plus)
[  355.754394][T10639] vhci_hcd vhci_hcd.0: Device attached
[  356.296054][T10643] netlink: 20 bytes leftover after parsing attributes in process `syz.1.1140'.
[  356.646153][T10653] vhci_hcd vhci_hcd.0: pdev(1) rhport(0) sockfd(6)
[  356.648320][T10653] vhci_hcd vhci_hcd.0: devid(0) speed(6) speed_str(super-speed-plus)
[  356.651652][T10653] vhci_hcd vhci_hcd.0: Device attached
[  356.754165][T10657] netlink: zone id is out of range
[  356.756261][T10657] netlink: zone id is out of range
[  356.765332][T10657] netlink: zone id is out of range
[  356.774968][T10657] netlink: del zone limit has 8 unknown bytes
[  357.048367][T10640] vhci_hcd: connection closed
[  357.048957][ T6690] vhci_hcd vhci_hcd.0: stop threads
[  357.052543][ T6690] vhci_hcd vhci_hcd.0: release socket
[  357.054539][ T6690] vhci_hcd vhci_hcd.0: disconnect device
[  357.357063][T10654] vhci_hcd: connection closed
[  357.357283][ T6690] vhci_hcd vhci_hcd.1: stop threads
[  357.361096][ T6690] vhci_hcd vhci_hcd.1: release socket
[  357.363391][ T6690] vhci_hcd vhci_hcd.1: disconnect device
[  357.544003][ T6629] usb 40-1: device descriptor read/8, error -110
[  357.771475][T10660] netlink: 'syz.2.1144': attribute type 10 has an invalid length.
[  358.219969][  T141] usb 38-1: device descriptor read/8, error -110
[  358.366156][ T6629] usb usb40-port1: attempt power cycle
[  358.449497][T10658] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium
[  358.756221][  T141] usb usb38-port1: attempt power cycle
[  358.944506][ T6629] usb usb40-port1: unable to enumerate USB device
[  359.169044][T10670] vhci_hcd vhci_hcd.0: pdev(2) rhport(0) sockfd(3)
[  359.172002][T10670] vhci_hcd vhci_hcd.0: devid(0) speed(5) speed_str(super-speed)
[  359.176005][T10670] vhci_hcd vhci_hcd.0: Device attached
[  359.184170][T10670] netlink: 6040 bytes leftover after parsing attributes in process `syz.2.1148'.
[  359.264741][T10673] netlink: 72 bytes leftover after parsing attributes in process `syz.2.1148'.
[  359.283559][T10673] syz.2.1148 (10673): drop_caches: 2
[  359.286792][T10673] syz.2.1148 (10673): drop_caches: 2
[  359.297402][T10671] vhci_hcd: cannot find the pending unlink 4294967287
[  359.300620][T10673] binder: 10669:10673 ioctl 40046629 80000200 returned -22
[  359.376375][  T141] usb usb38-port1: unable to enumerate USB device
[  359.644055][  T141] usb 42-1: SetAddress Request (102) to port 0
[  359.648548][  T141] usb 42-1: new SuperSpeed USB device number 102 using vhci_hcd
[  360.173647][T10671] vhci_hcd: connection reset by peer
[  360.176425][ T6690] vhci_hcd vhci_hcd.2: stop threads
[  360.178710][ T6690] vhci_hcd vhci_hcd.2: release socket
[  360.181201][ T6690] vhci_hcd vhci_hcd.2: disconnect device
[  360.927677][T10692] vhci_hcd vhci_hcd.0: pdev(1) rhport(0) sockfd(6)
[  360.930448][T10692] vhci_hcd vhci_hcd.0: devid(0) speed(6) speed_str(super-speed-plus)
[  360.935565][T10692] vhci_hcd vhci_hcd.0: Device attached
[  360.942195][T10690] fuse: Unknown parameter 'È£tóAGÍšY±„b¥„8Yöˆ69Æ¥”Y\1ü¡Pí¶D“åª(.kåeóDYñ#!pkæ0x0000000000000009'
[  361.213906][ T6023] usb 40-1: SetAddress Request (106) to port 0
[  361.219358][ T6023] usb 40-1: new SuperSpeed USB device number 106 using vhci_hcd
[  361.472917][T10693] vhci_hcd: connection reset by peer
[  361.486108][ T1145] vhci_hcd vhci_hcd.1: stop threads
[  361.488698][ T1145] vhci_hcd vhci_hcd.1: release socket
[  361.491110][ T1145] vhci_hcd vhci_hcd.1: disconnect device
[  363.007953][T10712] netlink: 'syz.3.1159': attribute type 10 has an invalid length.
[  363.203706][T10722] netlink: 'syz.1.1161': attribute type 10 has an invalid length.
[  363.388177][T10713] netlink: 'syz.0.1158': attribute type 10 has an invalid length.
[  363.521746][T10711] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium
[  363.909954][T10724] netlink: zone id is out of range
[  363.912197][T10724] netlink: zone id is out of range
[  363.914654][T10724] netlink: zone id is out of range
[  363.917487][T10724] netlink: del zone limit has 8 unknown bytes
[  364.227493][T10709] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium
[  364.274688][T10719] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium
[  364.461611][T10726] Invalid option length (938168) for dns_resolver key
[  364.485816][T10726] vhci_hcd vhci_hcd.0: pdev(3) rhport(0) sockfd(7)
[  364.488705][T10726] vhci_hcd vhci_hcd.0: devid(0) speed(6) speed_str(super-speed-plus)
[  364.492130][T10726] vhci_hcd vhci_hcd.0: Device attached
[  364.502630][T10728] vhci_hcd: connection closed
[  364.503711][   T46] vhci_hcd vhci_hcd.3: stop threads
[  364.507690][   T46] vhci_hcd vhci_hcd.3: release socket
[  364.509653][   T46] vhci_hcd vhci_hcd.3: disconnect device
[  364.743808][  T141] usb 42-1: device descriptor read/8, error -110
[  365.144552][  T141] usb usb42-port1: attempt power cycle
[  365.774357][  T141] usb usb42-port1: unable to enumerate USB device
[  366.054458][T10750] vhci_hcd vhci_hcd.0: pdev(1) rhport(0) sockfd(6)
[  366.057158][T10750] vhci_hcd vhci_hcd.0: devid(0) speed(6) speed_str(super-speed-plus)
[  366.061913][T10750] vhci_hcd vhci_hcd.0: Device attached
[  366.120222][ T5945] Bluetooth: hci2: unexpected event for opcode 0x9f22
[  366.148894][T10753] lo speed is unknown, defaulting to 1000
[  366.187108][T10754] comedi comedi3: pcl711: I/O port conflict (0x4f23,16)
[  366.465516][T10751] vhci_hcd: connection reset by peer
[  366.475423][   T46] vhci_hcd vhci_hcd.1: stop threads
[  366.477735][   T46] vhci_hcd vhci_hcd.1: release socket
[  366.480165][   T46] vhci_hcd vhci_hcd.1: disconnect device
[  366.480185][ T6023] usb 40-1: device descriptor read/8, error -110
[  366.781520][T10761] vhci_hcd vhci_hcd.0: pdev(3) rhport(0) sockfd(6)
[  366.784750][T10761] vhci_hcd vhci_hcd.0: devid(0) speed(6) speed_str(super-speed-plus)
[  366.789730][T10761] vhci_hcd vhci_hcd.0: Device attached
[  366.923106][ T6023] usb usb40-port1: attempt power cycle
[  367.077341][ T6027] usb 44-1: SetAddress Request (103) to port 0
[  367.080646][ T6027] usb 44-1: new SuperSpeed USB device number 103 using vhci_hcd
[  367.540633][T10762] vhci_hcd: connection reset by peer
[  367.550132][ T1145] vhci_hcd vhci_hcd.3: stop threads
[  367.633948][ T1145] vhci_hcd vhci_hcd.3: release socket
[  367.643744][ T1145] vhci_hcd vhci_hcd.3: disconnect device
[  367.689920][T10770] vhci_hcd vhci_hcd.0: pdev(0) rhport(0) sockfd(8)
[  367.692825][T10770] vhci_hcd vhci_hcd.0: devid(0) speed(6) speed_str(super-speed-plus)
[  367.708508][T10770] vhci_hcd vhci_hcd.0: Device attached
[  367.710284][ T1142] Bluetooth: hci4: Frame reassembly failed (-84)
[  367.714004][ T1142] Bluetooth: hci4: Frame reassembly failed (-84)
[  367.717515][ T1142] Bluetooth: hci4: Frame reassembly failed (-84)
[  367.720094][ T1142] Bluetooth: hci4: Frame reassembly failed (-84)
[  367.917972][ T6023] usb usb40-port1: unable to enumerate USB device
[  368.034176][ T7966] usb 38-1: SetAddress Request (86) to port 0
[  368.036404][ T7966] usb 38-1: new SuperSpeed USB device number 86 using vhci_hcd
[  368.174482][T10771] vhci_hcd: connection reset by peer
[  368.179500][ T1142] vhci_hcd vhci_hcd.0: stop threads
[  368.183657][ T1142] vhci_hcd vhci_hcd.0: release socket
[  368.186141][ T1142] vhci_hcd vhci_hcd.0: disconnect device
[  368.361022][T10779] vhci_hcd vhci_hcd.0: pdev(2) rhport(0) sockfd(8)
[  368.363948][T10779] vhci_hcd vhci_hcd.0: devid(0) speed(6) speed_str(super-speed-plus)
[  368.383676][T10779] vhci_hcd vhci_hcd.0: Device attached
[  368.658504][ T1145] Bluetooth: hci5: Frame reassembly failed (-84)
[  368.688942][   T34] usb 42-1: SetAddress Request (106) to port 0
[  368.706759][   T34] usb 42-1: new SuperSpeed USB device number 106 using vhci_hcd
[  369.314445][T10780] vhci_hcd: connection reset by peer
[  369.317106][ T1142] vhci_hcd vhci_hcd.2: stop threads
[  369.319446][ T1142] vhci_hcd vhci_hcd.2: release socket
[  369.321840][ T1142] vhci_hcd vhci_hcd.2: disconnect device
[  369.638605][T10794] vhci_hcd vhci_hcd.0: pdev(1) rhport(0) sockfd(3)
[  369.641470][T10794] vhci_hcd vhci_hcd.0: devid(0) speed(5) speed_str(super-speed)
[  369.645016][T10794] vhci_hcd vhci_hcd.0: Device attached
[  369.652493][T10794] netlink: 6040 bytes leftover after parsing attributes in process `syz.1.1176'.
[  369.713001][T10798] netlink: 72 bytes leftover after parsing attributes in process `syz.1.1176'.
[  369.742760][T10798] syz.1.1176 (10798): drop_caches: 2
[  369.746002][T10798] syz.1.1176 (10798): drop_caches: 2
[  369.757223][T10795] vhci_hcd: cannot find the pending unlink 4294967287
[  369.760047][T10798] binder: 10793:10798 ioctl 40046629 80000200 returned -22
[  369.783799][ T5938] Bluetooth: hci4: command 0x1003 tx timeout
[  369.786840][ T5945] Bluetooth: hci4: Opcode 0x1003 failed: -110
[  369.934249][   T24] usb 40-1: SetAddress Request (110) to port 0
[  369.938278][   T24] usb 40-1: new SuperSpeed USB device number 110 using vhci_hcd
[  370.186869][T10800] vhci_hcd vhci_hcd.0: pdev(3) rhport(0) sockfd(3)
[  370.189542][T10800] vhci_hcd vhci_hcd.0: devid(0) speed(5) speed_str(super-speed)
[  370.193273][T10800] vhci_hcd vhci_hcd.0: Device attached
[  370.206183][T10800] netlink: 6040 bytes leftover after parsing attributes in process `syz.3.1177'.
[  370.269807][T10803] netlink: 72 bytes leftover after parsing attributes in process `syz.3.1177'.
[  370.292454][T10803] syz.3.1177 (10803): drop_caches: 2
[  370.297360][T10803] syz.3.1177 (10803): drop_caches: 2
[  370.315837][T10801] vhci_hcd: cannot find the pending unlink 4294967287
[  370.316362][T10803] binder: 10799:10803 ioctl 40046629 80000200 returned -22
[  370.481481][T10795] vhci_hcd: connection reset by peer
[  370.485642][ T1142] vhci_hcd vhci_hcd.1: stop threads
[  370.489623][ T1142] vhci_hcd vhci_hcd.1: release socket
[  370.491773][ T1142] vhci_hcd vhci_hcd.1: disconnect device
[  370.663815][ T5297] Bluetooth: hci5: Opcode 0x1003 failed: -110
[  371.263904][T10801] vhci_hcd: connection closed
[  371.271758][   T46] vhci_hcd vhci_hcd.3: stop threads
[  371.283133][   T46] vhci_hcd vhci_hcd.3: release socket
[  371.285537][   T46] vhci_hcd vhci_hcd.3: disconnect device
[  371.470694][T10809] netlink: zone id is out of range
[  371.473415][T10809] netlink: zone id is out of range
[  371.476228][T10809] netlink: zone id is out of range
[  371.479818][T10809] netlink: del zone limit has 8 unknown bytes
[  372.205598][ T6027] usb 44-1: device descriptor read/8, error -110
[  372.584779][ T6027] usb usb44-port1: attempt power cycle
[  372.885420][T10831] vhci_hcd vhci_hcd.0: pdev(0) rhport(0) sockfd(6)
[  372.888322][T10831] vhci_hcd vhci_hcd.0: devid(0) speed(6) speed_str(super-speed-plus)
[  372.912939][T10831] vhci_hcd vhci_hcd.0: Device attached
[  373.776038][ T6027] usb usb44-port1: unable to enumerate USB device
[  373.784486][   T34] usb 42-1: device descriptor read/8, error -110
[  374.224494][   T34] usb usb42-port1: attempt power cycle
[  374.375236][T10832] vhci_hcd: connection reset by peer
[  374.380662][   T12] vhci_hcd vhci_hcd.0: stop threads
[  374.383013][   T12] vhci_hcd vhci_hcd.0: release socket
[  374.394921][   T12] vhci_hcd vhci_hcd.0: disconnect device
[  374.414843][T10842] netlink: 8 bytes leftover after parsing attributes in process `syz.1.1186'.
[  374.795965][T10847] vhci_hcd vhci_hcd.0: pdev(3) rhport(0) sockfd(7)
[  374.798068][T10847] vhci_hcd vhci_hcd.0: devid(0) speed(6) speed_str(super-speed-plus)
[  374.801823][T10847] vhci_hcd vhci_hcd.0: Device attached
[  374.894850][ T7966] usb 38-1: device descriptor read/8, error -110
[  374.994361][   T24] usb 40-1: device descriptor read/8, error -110
[  375.054067][   T34] usb usb42-port1: unable to enumerate USB device
[  375.063753][ T6023] usb 44-1: SetAddress Request (107) to port 0
[  375.067123][ T6023] usb 44-1: new SuperSpeed USB device number 107 using vhci_hcd
[  375.306822][T10857] netlink: 4 bytes leftover after parsing attributes in process `syz.1.1189'.
[  375.404521][   T24] usb usb40-port1: attempt power cycle
[  375.416291][T10848] vhci_hcd: connection reset by peer
[  375.421407][ T1226] vhci_hcd vhci_hcd.3: stop threads
[  375.423804][ T1226] vhci_hcd vhci_hcd.3: release socket
[  375.426209][ T1226] vhci_hcd vhci_hcd.3: disconnect device
[  375.524302][ T7966] usb usb38-port1: attempt power cycle
[  375.748910][T10860] ip6t_REJECT: TCP_RESET illegal for non-tcp
[  375.758711][T10860] x_tables: ip_tables: icmp match: only valid for protocol 1
[  375.984459][   T24] usb usb40-port1: unable to enumerate USB device
[  376.097115][ T7966] usb usb38-port1: unable to enumerate USB device
[  376.296230][T10867] syzkaller0: entered allmulticast mode
[  376.334377][T10869] netlink: 20 bytes leftover after parsing attributes in process `syz.0.1193'.
[  377.343256][T10877] vhci_hcd vhci_hcd.0: pdev(3) rhport(0) sockfd(3)
[  377.346089][T10877] vhci_hcd vhci_hcd.0: devid(0) speed(5) speed_str(super-speed)
[  377.349775][T10877] vhci_hcd vhci_hcd.0: Device attached
[  377.403959][T10877] netlink: 6040 bytes leftover after parsing attributes in process `syz.3.1195'.
[  377.470538][T10883] netlink: 72 bytes leftover after parsing attributes in process `syz.3.1195'.
[  377.530438][T10883] syz.3.1195 (10883): drop_caches: 2
[  377.535103][T10883] syz.3.1195 (10883): drop_caches: 2
[  377.656532][T10883] binder: 10876:10883 ioctl 40046629 80000200 returned -22
[  377.723050][T10878] vhci_hcd: cannot find the pending unlink 4294967287
[  377.824118][T10885] vhci_hcd vhci_hcd.0: pdev(1) rhport(0) sockfd(6)
[  377.826926][T10885] vhci_hcd vhci_hcd.0: devid(0) speed(6) speed_str(super-speed-plus)
[  377.844028][T10885] vhci_hcd vhci_hcd.0: Device attached
[  378.144051][   T53] usb 40-1: SetAddress Request (114) to port 0
[  378.147253][   T53] usb 40-1: new SuperSpeed USB device number 114 using vhci_hcd
[  378.290784][T10878] vhci_hcd: connection closed
[  378.292257][ T1145] vhci_hcd vhci_hcd.3: stop threads
[  378.301130][ T1145] vhci_hcd vhci_hcd.3: release socket
[  378.305660][ T1145] vhci_hcd vhci_hcd.3: disconnect device
[  378.583626][T10886] vhci_hcd: connection reset by peer
[  378.586923][ T1145] vhci_hcd vhci_hcd.1: stop threads
[  378.590410][ T1145] vhci_hcd vhci_hcd.1: release socket
[  378.592920][ T1145] vhci_hcd vhci_hcd.1: disconnect device
[  379.039567][T10894] netlink: 8 bytes leftover after parsing attributes in process `syz.0.1197'.
[  379.204116][T10901] vhci_hcd vhci_hcd.0: pdev(2) rhport(0) sockfd(7)
[  379.207217][T10901] vhci_hcd vhci_hcd.0: devid(0) speed(6) speed_str(super-speed-plus)
[  379.210360][T10901] vhci_hcd vhci_hcd.0: Device attached
[  379.543809][   T24] usb 42-1: SetAddress Request (110) to port 0
[  379.546917][   T24] usb 42-1: new SuperSpeed USB device number 110 using vhci_hcd
[  379.674787][T10902] vhci_hcd: connection reset by peer
[  379.686588][   T83] vhci_hcd vhci_hcd.2: stop threads
[  379.692772][   T83] vhci_hcd vhci_hcd.2: release socket
[  379.710672][   T83] vhci_hcd vhci_hcd.2: disconnect device
[  380.103925][ T6023] usb 44-1: device descriptor read/8, error -110
[  380.385081][T10914] ref_ctr_offset mismatch. inode: 0x68c offset: 0x0 ref_ctr_offset(old): 0x100000000 ref_ctr_offset(new): 0x0
[  380.494306][ T6023] usb usb44-port1: attempt power cycle
[  380.522326][T10917] netlink: zone id is out of range
[  380.524418][T10917] netlink: zone id is out of range
[  380.526488][T10917] netlink: zone id is out of range
[  380.528407][T10917] netlink: del zone limit has 8 unknown bytes
[  380.591506][T10919] vhci_hcd vhci_hcd.0: pdev(1) rhport(0) sockfd(8)
[  380.594264][T10919] vhci_hcd vhci_hcd.0: devid(0) speed(6) speed_str(super-speed-plus)
[  380.598248][T10919] vhci_hcd vhci_hcd.0: Device attached
[  380.628680][ T6096] Bluetooth: hci4: Frame reassembly failed (-84)
[  380.631445][ T1226] Bluetooth: hci4: Frame reassembly failed (-84)
[  380.688805][T10923] vhci_hcd vhci_hcd.0: pdev(2) rhport(0) sockfd(3)
[  380.691464][T10923] vhci_hcd vhci_hcd.0: devid(0) speed(5) speed_str(super-speed)
[  380.695579][T10923] vhci_hcd vhci_hcd.0: Device attached
[  380.719330][T10923] netlink: 6032 bytes leftover after parsing attributes in process `syz.2.1204'.
[  380.772740][T10920] vhci_hcd: connection closed
[  380.799173][T10927] netlink: 72 bytes leftover after parsing attributes in process `syz.2.1204'.
[  380.868830][T10927] syz.2.1204 (10927): drop_caches: 2
[  380.900915][T10927] syz.2.1204 (10927): drop_caches: 2
[  380.977960][T10924] vhci_hcd: cannot find the pending unlink 4294967287
[  380.982696][T10927] binder: 10922:10927 ioctl 40046629 80000200 returned -22
[  380.995420][ T6096] vhci_hcd vhci_hcd.1: stop threads
[  380.998395][ T6096] vhci_hcd vhci_hcd.1: release socket
[  381.000452][ T6096] vhci_hcd vhci_hcd.1: disconnect device
[  381.054596][ T6023] usb usb44-port1: unable to enumerate USB device
[  382.562147][T10924] vhci_hcd: connection closed
[  382.564316][   T12] vhci_hcd vhci_hcd.2: stop threads
[  382.568291][   T12] vhci_hcd vhci_hcd.2: release socket
[  382.574763][   T12] vhci_hcd vhci_hcd.2: disconnect device
[  382.663737][ T5297] Bluetooth: hci4: command 0x1003 tx timeout
[  382.683732][ T5945] Bluetooth: hci4: Opcode 0x1003 failed: -110
[  383.148785][ T1416] ieee802154 phy0 wpan0: encryption failed: -22
[  383.151532][ T1416] ieee802154 phy1 wpan1: encryption failed: -22
[  383.225169][   T53] usb 40-1: device descriptor read/8, error -110
[  383.638561][   T53] usb usb40-port1: attempt power cycle
[  383.815944][T10948] vhci_hcd vhci_hcd.0: pdev(2) rhport(0) sockfd(6)
[  383.819120][T10948] vhci_hcd vhci_hcd.0: devid(0) speed(6) speed_str(super-speed-plus)
[  383.844601][T10948] vhci_hcd vhci_hcd.0: Device attached
[  384.264809][   T53] usb usb40-port1: unable to enumerate USB device
[  384.292961][T10955] vhci_hcd vhci_hcd.0: pdev(1) rhport(0) sockfd(7)
[  384.295805][T10955] vhci_hcd vhci_hcd.0: devid(0) speed(6) speed_str(super-speed-plus)
[  384.299425][T10955] vhci_hcd vhci_hcd.0: Device attached
[  384.408264][T10949] vhci_hcd: connection closed
[  384.408481][ T1145] vhci_hcd vhci_hcd.2: stop threads
[  384.413697][ T1145] vhci_hcd vhci_hcd.2: release socket
[  384.421915][ T1145] vhci_hcd vhci_hcd.2: disconnect device
[  384.548058][T10962] vhci_hcd: connection closed
[  384.548483][   T46] vhci_hcd vhci_hcd.1: stop threads
[  384.550511][   T46] vhci_hcd vhci_hcd.1: release socket
[  384.556000][   T46] vhci_hcd vhci_hcd.1: disconnect device
[  384.584033][   T24] usb 42-1: device descriptor read/8, error -110
[  384.586791][ T6033] usb 40-1: enqueue for inactive port 0
[  384.644372][T10967] vhci_hcd vhci_hcd.0: pdev(0) rhport(0) sockfd(3)
[  384.647719][T10967] vhci_hcd vhci_hcd.0: devid(0) speed(5) speed_str(super-speed)
[  384.650804][T10967] vhci_hcd vhci_hcd.0: Device attached
[  384.665347][T10967] netlink: 6040 bytes leftover after parsing attributes in process `syz.0.1215'.
[  384.771456][T10970] netlink: 72 bytes leftover after parsing attributes in process `syz.0.1215'.
[  384.826120][T10970] syz.0.1215 (10970): drop_caches: 2
[  384.832107][T10970] syz.0.1215 (10970): drop_caches: 2
[  384.893643][T10970] binder: 10966:10970 ioctl 40046629 80000200 returned -22
[  384.906915][T10968] vhci_hcd: cannot find the pending unlink 4294967287
[  384.939070][T10973] netlink: 'syz.3.1217': attribute type 1 has an invalid length.
[  384.942036][T10973] netlink: 224 bytes leftover after parsing attributes in process `syz.3.1217'.
[  384.954393][   T53] usb 38-1: SetAddress Request (90) to port 0
[  384.957085][   T53] usb 38-1: new SuperSpeed USB device number 90 using vhci_hcd
[  385.016222][   T24] usb usb42-port1: attempt power cycle
[  385.444511][ T6033] usb usb40-port1: attempt power cycle
[  385.628650][T10968] vhci_hcd: connection reset by peer
[  385.658340][   T12] vhci_hcd vhci_hcd.0: stop threads
[  385.670011][   T12] vhci_hcd vhci_hcd.0: release socket
[  385.679182][   T12] vhci_hcd vhci_hcd.0: disconnect device
[  386.366843][T10988] overlay: ./bus is not a directory
[  386.395951][   T24] usb usb42-port1: unable to enumerate USB device
[  386.569735][ T6033] usb usb40-port1: unable to enumerate USB device
[  387.293059][T10993] vhci_hcd vhci_hcd.0: pdev(2) rhport(0) sockfd(6)
[  387.295413][T10993] vhci_hcd vhci_hcd.0: devid(0) speed(6) speed_str(super-speed-plus)
[  387.300819][T10993] vhci_hcd vhci_hcd.0: Device attached
[  387.363480][T11005] vhci_hcd vhci_hcd.0: pdev(0) rhport(0) sockfd(8)
[  387.366659][T11005] vhci_hcd vhci_hcd.0: devid(0) speed(6) speed_str(super-speed-plus)
[  387.371297][T11005] vhci_hcd vhci_hcd.0: Device attached
[  387.425729][ T1226] Bluetooth: hci4: Frame reassembly failed (-84)
[  387.432867][T11001] vhci_hcd: connection closed
[  387.433640][ T1226] vhci_hcd vhci_hcd.2: stop threads
[  387.437922][ T1226] vhci_hcd vhci_hcd.2: release socket
[  387.440214][ T1226] vhci_hcd vhci_hcd.2: disconnect device
[  387.528932][T11006] vhci_hcd: connection closed
[  387.533732][ T1145] vhci_hcd vhci_hcd.0: stop threads
[  387.543978][ T1145] vhci_hcd vhci_hcd.0: release socket
[  387.548522][ T1145] vhci_hcd vhci_hcd.0: disconnect device
[  387.732435][T11012] vhci_hcd vhci_hcd.0: pdev(3) rhport(0) sockfd(6)
[  387.735271][T11012] vhci_hcd vhci_hcd.0: devid(0) speed(6) speed_str(super-speed-plus)
[  387.739043][T11012] vhci_hcd vhci_hcd.0: Device attached
[  388.054360][ T7966] usb 44-1: SetAddress Request (111) to port 0
[  388.057774][ T7966] usb 44-1: new SuperSpeed USB device number 111 using vhci_hcd
[  388.289474][T11013] vhci_hcd: connection reset by peer
[  388.292654][ T1226] vhci_hcd vhci_hcd.3: stop threads
[  388.295487][ T1226] vhci_hcd vhci_hcd.3: release socket
[  388.297894][ T1226] vhci_hcd vhci_hcd.3: disconnect device
[  389.095817][T11028] vhci_hcd vhci_hcd.0: pdev(1) rhport(0) sockfd(6)
[  389.098541][T11028] vhci_hcd vhci_hcd.0: devid(0) speed(6) speed_str(super-speed-plus)
[  389.102043][T11028] vhci_hcd vhci_hcd.0: Device attached
[  389.109013][T11028] FAULT_INJECTION: forcing a failure.
[  389.109013][T11028] name failslab, interval 1, probability 0, space 0, times 0
[  389.114316][T11028] CPU: 3 UID: 0 PID: 11028 Comm: syz.1.1228 Not tainted syzkaller #0 PREEMPT(full) 
[  389.114340][T11028] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2~bpo12+1 04/01/2014
[  389.114364][T11028] Call Trace:
[  389.114371][T11028]  <TASK>
[  389.114378][T11028]  dump_stack_lvl+0x16c/0x1f0
[  389.114406][T11028]  should_fail_ex+0x512/0x640
[  389.114423][T11028]  ? kmem_cache_alloc_node_noprof+0x65/0x800
[  389.114445][T11028]  should_failslab+0xc2/0x120
[  389.114467][T11028]  kmem_cache_alloc_node_noprof+0x86/0x800
[  389.114484][T11028]  ? __alloc_skb+0x156/0x410
[  389.114506][T11028]  ? __alloc_skb+0x156/0x410
[  389.114520][T11028]  __alloc_skb+0x156/0x410
[  389.114536][T11028]  ? __alloc_skb+0x35d/0x410
[  389.114550][T11028]  ? __pfx___alloc_skb+0x10/0x10
[  389.114567][T11028]  ? netlink_autobind.isra.0+0x158/0x370
[  389.114594][T11028]  netlink_alloc_large_skb+0x69/0x140
[  389.114618][T11028]  netlink_sendmsg+0x698/0xdd0
[  389.114643][T11028]  ? __pfx_netlink_sendmsg+0x10/0x10
[  389.114667][T11028]  ? aa_sock_msg_perm.constprop.0+0x100/0x1b0
[  389.114696][T11028]  ____sys_sendmsg+0xa5d/0xc30
[  389.114722][T11028]  ? __pfx_____sys_sendmsg+0x10/0x10
[  389.114744][T11028]  ? get_compat_msghdr+0x11a/0x170
[  389.114776][T11028]  ___sys_sendmsg+0x134/0x1d0
[  389.114798][T11028]  ? __pfx____sys_sendmsg+0x10/0x10
[  389.114865][T11028]  ? find_held_lock+0x2b/0x80
[  389.114901][T11028]  __sys_sendmsg+0x16d/0x220
[  389.114927][T11028]  ? __pfx___sys_sendmsg+0x10/0x10
[  389.114962][T11028]  __do_fast_syscall_32+0xe8/0x680
[  389.114990][T11028]  do_fast_syscall_32+0x32/0x80
[  389.115005][T11028]  entry_SYSENTER_compat_after_hwframe+0x84/0x8e
[  389.115024][T11028] RIP: 0023:0xf70ed579
[  389.115038][T11028] Code: b8 01 10 06 03 74 b4 01 10 07 03 74 b0 01 10 08 03 74 d8 01 00 00 00 00 00 00 00 00 00 00 00 00 00 51 52 55 89 e5 0f 34 cd 80 <5d> 5a 59 c3 90 90 90 90 8d b4 26 00 00 00 00 8d b4 26 00 00 00 00
[  389.115052][T11028] RSP: 002b:00000000f549b55c EFLAGS: 00000296 ORIG_RAX: 0000000000000172
[  389.115067][T11028] RAX: ffffffffffffffda RBX: 000000000000000a RCX: 00000000800007c0
[  389.115077][T11028] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000000000000
[  389.115087][T11028] RBP: 0000000000000000 R08: 0000000000000000 R09: 0000000000000000
[  389.115095][T11028] R10: 0000000000000000 R11: 0000000000000293 R12: 0000000000000000
[  389.115104][T11028] R13: 0000000000000000 R14: 0000000000000000 R15: 0000000000000000
[  389.115125][T11028]  </TASK>
[  389.385319][  T141] usb 40-1: SetAddress Request (122) to port 0
[  389.388498][  T141] usb 40-1: new SuperSpeed USB device number 122 using vhci_hcd
[  389.463716][ T5945] Bluetooth: hci4: Opcode 0x1003 failed: -110
[  389.463759][ T5297] Bluetooth: hci4: command 0x1003 tx timeout
[  389.704813][T11041] FAULT_INJECTION: forcing a failure.
[  389.704813][T11041] name fail_usercopy, interval 1, probability 0, space 0, times 0
[  389.709723][T11041] CPU: 3 UID: 0 PID: 11041 Comm: syz.3.1231 Not tainted syzkaller #0 PREEMPT(full) 
[  389.709745][T11041] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2~bpo12+1 04/01/2014
[  389.709755][T11041] Call Trace:
[  389.709761][T11041]  <TASK>
[  389.709768][T11041]  dump_stack_lvl+0x16c/0x1f0
[  389.709794][T11041]  should_fail_ex+0x512/0x640
[  389.709813][T11041]  _copy_from_iter+0x2a4/0x16c0
[  389.709831][T11041]  ? __alloc_skb+0x220/0x410
[  389.709847][T11041]  ? __alloc_skb+0x35d/0x410
[  389.709871][T11041]  ? __pfx__copy_from_iter+0x10/0x10
[  389.709888][T11041]  ? netlink_autobind.isra.0+0x158/0x370
[  389.709939][T11041]  netlink_sendmsg+0x820/0xdd0
[  389.709966][T11041]  ? __pfx_netlink_sendmsg+0x10/0x10
[  389.709990][T11041]  ? aa_sock_msg_perm.constprop.0+0x100/0x1b0
[  389.710020][T11041]  ____sys_sendmsg+0xa5d/0xc30
[  389.710047][T11041]  ? __pfx_____sys_sendmsg+0x10/0x10
[  389.710069][T11041]  ? get_compat_msghdr+0x11a/0x170
[  389.710099][T11041]  ___sys_sendmsg+0x134/0x1d0
[  389.710119][T11041]  ? __pfx____sys_sendmsg+0x10/0x10
[  389.710149][T11041]  ? find_held_lock+0x2b/0x80
[  389.710200][T11041]  __sys_sendmsg+0x16d/0x220
[  389.710222][T11041]  ? __pfx___sys_sendmsg+0x10/0x10
[  389.710250][T11041]  ? do_user_addr_fault+0x843/0x1370
[  389.710274][T11041]  __do_fast_syscall_32+0xe8/0x680
[  389.710301][T11041]  do_fast_syscall_32+0x32/0x80
[  389.710315][T11041]  entry_SYSENTER_compat_after_hwframe+0x84/0x8e
[  389.710333][T11041] RIP: 0023:0xf709d579
[  389.710347][T11041] Code: b8 01 10 06 03 74 b4 01 10 07 03 74 b0 01 10 08 03 74 d8 01 00 00 00 00 00 00 00 00 00 00 00 00 00 51 52 55 89 e5 0f 34 cd 80 <5d> 5a 59 c3 90 90 90 90 8d b4 26 00 00 00 00 8d b4 26 00 00 00 00
[  389.710361][T11041] RSP: 002b:00000000f548d55c EFLAGS: 00000296 ORIG_RAX: 0000000000000172
[  389.710378][T11041] RAX: ffffffffffffffda RBX: 0000000000000003 RCX: 0000000080000240
[  389.710387][T11041] RDX: 0000000000044000 RSI: 0000000000000000 RDI: 0000000000000000
[  389.710396][T11041] RBP: 0000000000000000 R08: 0000000000000000 R09: 0000000000000000
[  389.710405][T11041] R10: 0000000000000000 R11: 0000000000000293 R12: 0000000000000000
[  389.710414][T11041] R13: 0000000000000000 R14: 0000000000000000 R15: 0000000000000000
[  389.710435][T11041]  </TASK>
[  389.826063][T11029] vhci_hcd: connection reset by peer
[  389.855820][ T6690] vhci_hcd vhci_hcd.1: stop threads
[  389.868790][ T6690] vhci_hcd vhci_hcd.1: release socket
[  389.933898][ T6690] vhci_hcd vhci_hcd.1: disconnect device
[  390.026965][   T53] usb 38-1: device descriptor read/8, error -110
[  391.154131][T11055] vhci_hcd vhci_hcd.0: pdev(0) rhport(0) sockfd(5)
[  391.156681][T11055] vhci_hcd vhci_hcd.0: devid(0) speed(1) speed_str(low-speed)
[  391.165162][T11055] vhci_hcd vhci_hcd.0: Device attached
[  391.254794][   T53] usb usb38-port1: attempt power cycle
[  391.663644][ T6023] usb 37-1: new low-speed USB device number 7 using vhci_hcd
[  391.935255][T11057] vhci_hcd: connection reset by peer
[  391.937805][ T1226] vhci_hcd vhci_hcd.0: stop threads
[  391.940142][ T1226] vhci_hcd vhci_hcd.0: release socket
[  391.946410][ T1226] vhci_hcd vhci_hcd.0: disconnect device
[  391.992697][T11065] netlink: 'syz.3.1239': attribute type 1 has an invalid length.
[  392.015921][T11065] 8021q: adding VLAN 0 to HW filter on device bond2
[  392.028375][T11065] netlink: 28 bytes leftover after parsing attributes in process `syz.3.1239'.
[  392.031928][T11065] bond2: entered promiscuous mode
[  392.034127][T11065] bond2: entered allmulticast mode
[  392.048483][T11065] bond2: (slave dummy0): making interface the new active one
[  392.051577][T11065] dummy0: entered promiscuous mode
[  392.054217][T11065] dummy0: entered allmulticast mode
[  392.057744][T11065] bond2: (slave dummy0): Enslaving as an active interface with an up link
[  392.339752][T11081] vhci_hcd vhci_hcd.0: pdev(2) rhport(0) sockfd(7)
[  392.342537][T11081] vhci_hcd vhci_hcd.0: devid(0) speed(6) speed_str(super-speed-plus)
[  392.346392][T11081] vhci_hcd vhci_hcd.0: Device attached
[  392.613718][ T6027] usb 42-1: SetAddress Request (114) to port 0
[  392.615875][ T6027] usb 42-1: new SuperSpeed USB device number 114 using vhci_hcd
[  392.739992][T11086] loop6: detected capacity change from 0 to 2640
[  392.744139][T10997] buffer_io_error: 43 callbacks suppressed
[  392.744152][T10997] Buffer I/O error on dev loop6, logical block 0, async page read
[  392.750157][T10997] Buffer I/O error on dev loop6, logical block 0, async page read
[  392.754853][T10997] Buffer I/O error on dev loop6, logical block 0, async page read
[  392.758401][T10997] Buffer I/O error on dev loop6, logical block 0, async page read
[  392.761744][T10997] Buffer I/O error on dev loop6, logical block 0, async page read
[  392.765691][T10997] Buffer I/O error on dev loop6, logical block 0, async page read
[  392.769075][T10997] Buffer I/O error on dev loop6, logical block 0, async page read
[  392.772453][T10997] Buffer I/O error on dev loop6, logical block 0, async page read
[  392.775897][T10997] ldm_validate_partition_table(): Disk read failed.
[  392.778768][T10997] Buffer I/O error on dev loop6, logical block 0, async page read
[  392.782160][T10997] Buffer I/O error on dev loop6, logical block 0, async page read
[  392.785692][T10997] Dev loop6: unable to read RDB block 0
[  392.788209][T10997]  loop6: unable to read partition table
[  392.798381][T11086] ldm_validate_partition_table(): Disk read failed.
[  392.804308][T11086] Dev loop6: unable to read RDB block 0
[  392.806960][T11086]  loop6: unable to read partition table
[  392.817295][T11086] loop_reread_partitions: partition scan of loop6 (3„¾‚³˜) failed (rc=-5)
[  393.072280][T11082] vhci_hcd: connection reset by peer
[  393.099727][ T6690] vhci_hcd vhci_hcd.2: stop threads
[  393.103171][ T6690] vhci_hcd vhci_hcd.2: release socket
[  393.106129][ T6690] vhci_hcd vhci_hcd.2: disconnect device
[  393.148125][ T7966] usb 44-1: device descriptor read/8, error -110
[  394.423801][  T141] usb 40-1: device descriptor read/8, error -110
[  394.524422][T11104] ip6t_REJECT: TCP_RESET illegal for non-tcp
[  394.531315][T11104] x_tables: ip_tables: icmp match: only valid for protocol 1
[  394.834745][ T7966] usb usb44-port1: attempt power cycle
[  394.834958][  T141] usb usb40-port1: attempt power cycle
[  395.394524][  T141] usb usb40-port1: unable to enumerate USB device
[  395.653808][T11109] netlink: 20 bytes leftover after parsing attributes in process `syz.3.1250'.
[  396.094364][ T7966] usb usb44-port1: unable to enumerate USB device
[  396.891513][ T6023] vhci_hcd vhci_hcd.0: vhci_device speed not set
[  397.214173][T11132] vhci_hcd vhci_hcd.0: pdev(3) rhport(0) sockfd(3)
[  397.216895][T11132] vhci_hcd vhci_hcd.0: devid(0) speed(5) speed_str(super-speed)
[  397.220219][T11132] vhci_hcd vhci_hcd.0: Device attached
[  397.229385][T11132] netlink: 6040 bytes leftover after parsing attributes in process `syz.3.1256'.
[  397.292958][T11137] netlink: 72 bytes leftover after parsing attributes in process `syz.3.1256'.
[  397.315302][T11137] syz.3.1256 (11137): drop_caches: 2
[  397.318330][T11137] syz.3.1256 (11137): drop_caches: 2
[  397.329961][T11134] vhci_hcd: cannot find the pending unlink 4294967287
[  397.333659][T11137] binder: 11131:11137 ioctl 40046629 80000200 returned -22
[  397.594920][ T7966] usb 44-1: SetAddress Request (115) to port 0
[  397.601240][ T7966] usb 44-1: new SuperSpeed USB device number 115 using vhci_hcd
[  397.708620][T11140] vhci_hcd vhci_hcd.0: pdev(1) rhport(0) sockfd(7)
[  397.711448][T11140] vhci_hcd vhci_hcd.0: devid(0) speed(6) speed_str(super-speed-plus)
[  397.713800][ T6027] usb 42-1: device descriptor read/8, error -110
[  397.765834][T11140] vhci_hcd vhci_hcd.0: Device attached
[  398.040764][ T5989] usb 40-1: SetAddress Request (126) to port 0
[  398.046002][ T5989] usb 40-1: new SuperSpeed USB device number 126 using vhci_hcd
[  398.077742][T11134] vhci_hcd: connection reset by peer
[  398.082312][   T83] vhci_hcd vhci_hcd.3: stop threads
[  398.091736][   T83] vhci_hcd vhci_hcd.3: release socket
[  398.102679][   T83] vhci_hcd vhci_hcd.3: disconnect device
[  398.108359][   T53] usb usb38-port1: unable to enumerate USB device
[  398.140811][ T6027] usb usb42-port1: attempt power cycle
[  398.153228][T11141] vhci_hcd: connection reset by peer
[  398.164335][   T83] vhci_hcd vhci_hcd.1: stop threads
[  398.181333][   T83] vhci_hcd vhci_hcd.1: release socket
[  398.199216][   T83] vhci_hcd vhci_hcd.1: disconnect device
[  398.754480][ T6027] usb usb42-port1: unable to enumerate USB device
[  399.641549][T11155] vhci_hcd vhci_hcd.0: pdev(0) rhport(0) sockfd(8)
[  399.644429][T11155] vhci_hcd vhci_hcd.0: devid(0) speed(6) speed_str(super-speed-plus)
[  399.648169][T11155] vhci_hcd vhci_hcd.0: Device attached
[  399.681019][   T12] Bluetooth: hci4: Frame reassembly failed (-84)
[  399.685784][   T12] Bluetooth: hci4: Frame reassembly failed (-84)
[  399.904815][T11156] vhci_hcd: connection closed
[  399.905004][   T12] vhci_hcd vhci_hcd.0: stop threads
[  399.915226][   T12] vhci_hcd vhci_hcd.0: release socket
[  399.919588][   T12] vhci_hcd vhci_hcd.0: disconnect device
[  399.924387][   T24] usb 38-1: SetAddress Request (94) to port 0
[  399.929123][   T24] usb 38-1: new SuperSpeed USB device number 94 using vhci_hcd
[  399.953646][   T24] usb 38-1: enqueue for inactive port 0
[  400.285291][T11163] loop6: detected capacity change from 0 to 2640
[  400.288947][T11163] buffer_io_error: 27 callbacks suppressed
[  400.288960][T11163] Buffer I/O error on dev loop6, logical block 0, async page read
[  400.323685][T11163] Buffer I/O error on dev loop6, logical block 0, async page read
[  400.327359][T11163] Buffer I/O error on dev loop6, logical block 0, async page read
[  400.330956][T11163] Buffer I/O error on dev loop6, logical block 0, async page read
[  400.335784][T11163] Buffer I/O error on dev loop6, logical block 0, async page read
[  400.339522][T11163] Buffer I/O error on dev loop6, logical block 0, async page read
[  400.343748][T11163] Buffer I/O error on dev loop6, logical block 0, async page read
[  400.347313][T11163] Buffer I/O error on dev loop6, logical block 0, async page read
[  400.354420][   T24] usb usb38-port1: attempt power cycle
[  400.357759][T11163] ldm_validate_partition_table(): Disk read failed.
[  400.360782][T11163] Buffer I/O error on dev loop6, logical block 0, async page read
[  400.365059][T11163] Buffer I/O error on dev loop6, logical block 0, async page read
[  400.369105][T11163] Dev loop6: unable to read RDB block 0
[  400.371655][T11163]  loop6: unable to read partition table
[  400.391670][T11169] FAULT_INJECTION: forcing a failure.
[  400.391670][T11169] name failslab, interval 1, probability 0, space 0, times 0
[  400.396475][T11163] loop_reread_partitions: partition scan of loop6 (3„¾‚³˜) failed (rc=-5)
[  400.413874][T11169] CPU: 0 UID: 0 PID: 11169 Comm: syz.2.1266 Not tainted syzkaller #0 PREEMPT(full) 
[  400.413894][T11169] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2~bpo12+1 04/01/2014
[  400.413903][T11169] Call Trace:
[  400.413908][T11169]  <TASK>
[  400.413915][T11169]  dump_stack_lvl+0x16c/0x1f0
[  400.413942][T11169]  should_fail_ex+0x512/0x640
[  400.413960][T11169]  ? kmem_cache_alloc_node_noprof+0x65/0x800
[  400.413982][T11169]  should_failslab+0xc2/0x120
[  400.414004][T11169]  kmem_cache_alloc_node_noprof+0x86/0x800
[  400.414023][T11169]  ? __alloc_skb+0x156/0x410
[  400.414052][T11169]  ? __alloc_skb+0x156/0x410
[  400.414068][T11169]  __alloc_skb+0x156/0x410
[  400.414084][T11169]  ? __alloc_skb+0x35d/0x410
[  400.414100][T11169]  ? __pfx___alloc_skb+0x10/0x10
[  400.414117][T11169]  ? netlink_autobind.isra.0+0x158/0x370
[  400.414144][T11169]  netlink_alloc_large_skb+0x69/0x140
[  400.414165][T11169]  netlink_sendmsg+0x698/0xdd0
[  400.414191][T11169]  ? __pfx_netlink_sendmsg+0x10/0x10
[  400.414214][T11169]  ? aa_sock_msg_perm.constprop.0+0x100/0x1b0
[  400.414244][T11169]  ____sys_sendmsg+0xa5d/0xc30
[  400.414268][T11169]  ? __pfx_____sys_sendmsg+0x10/0x10
[  400.414289][T11169]  ? get_compat_msghdr+0x11a/0x170
[  400.414317][T11169]  ___sys_sendmsg+0x134/0x1d0
[  400.414338][T11169]  ? __pfx____sys_sendmsg+0x10/0x10
[  400.414369][T11169]  ? find_held_lock+0x2b/0x80
[  400.414403][T11169]  __sys_sendmsg+0x16d/0x220
[  400.414421][T11169]  ? __pfx___sys_sendmsg+0x10/0x10
[  400.414454][T11169]  __do_fast_syscall_32+0xe8/0x680
[  400.414481][T11169]  do_fast_syscall_32+0x32/0x80
[  400.414496][T11169]  entry_SYSENTER_compat_after_hwframe+0x84/0x8e
[  400.414516][T11169] RIP: 0023:0xf7fd2579
[  400.414530][T11169] Code: b8 01 10 06 03 74 b4 01 10 07 03 74 b0 01 10 08 03 74 d8 01 00 00 00 00 00 00 00 00 00 00 00 00 00 51 52 55 89 e5 0f 34 cd 80 <5d> 5a 59 c3 90 90 90 90 8d b4 26 00 00 00 00 8d b4 26 00 00 00 00
[  400.414545][T11169] RSP: 002b:00000000f54c655c EFLAGS: 00000296 ORIG_RAX: 0000000000000172
[  400.414561][T11169] RAX: ffffffffffffffda RBX: 0000000000000003 RCX: 00000000800000c0
[  400.414572][T11169] RDX: 0000000000040000 RSI: 0000000000000000 RDI: 0000000000000000
[  400.414581][T11169] RBP: 0000000000000000 R08: 0000000000000000 R09: 0000000000000000
[  400.414590][T11169] R10: 0000000000000000 R11: 0000000000000293 R12: 0000000000000000
[  400.414599][T11169] R13: 0000000000000000 R14: 0000000000000000 R15: 0000000000000000
[  400.414621][T11169]  </TASK>
[  400.766596][T11175] vhci_hcd vhci_hcd.0: pdev(2) rhport(0) sockfd(3)
[  400.768986][T11175] vhci_hcd vhci_hcd.0: devid(0) speed(5) speed_str(super-speed)
[  400.783607][T11175] vhci_hcd vhci_hcd.0: Device attached
[  400.814197][T11175] netlink: 6040 bytes leftover after parsing attributes in process `syz.2.1269'.
[  400.924514][   T24] usb usb38-port1: unable to enumerate USB device
[  400.994421][T11179] netlink: 72 bytes leftover after parsing attributes in process `syz.2.1269'.
[  401.035121][T11179] syz.2.1269 (11179): drop_caches: 2
[  401.040075][T11179] syz.2.1269 (11179): drop_caches: 2
[  401.043724][  T141] usb 42-1: SetAddress Request (118) to port 0
[  401.046625][  T141] usb 42-1: new SuperSpeed USB device number 118 using vhci_hcd
[  401.092302][T11176] vhci_hcd: cannot find the pending unlink 4294967287
[  401.094377][T11179] binder: 11174:11179 ioctl 40046629 80000200 returned -22
[  401.633610][T11176] vhci_hcd: connection reset by peer
[  401.638629][   T83] vhci_hcd vhci_hcd.2: stop threads
[  401.641860][   T83] vhci_hcd vhci_hcd.2: release socket
[  401.644490][   T83] vhci_hcd vhci_hcd.2: disconnect device
[  401.703753][ T5297] Bluetooth: hci4: command 0x1003 tx timeout
[  401.704789][ T5945] Bluetooth: hci4: Opcode 0x1003 failed: -110
[  402.051471][T11183] vhci_hcd vhci_hcd.0: pdev(0) rhport(0) sockfd(3)
[  402.054261][T11183] vhci_hcd vhci_hcd.0: devid(0) speed(5) speed_str(super-speed)
[  402.060109][T11183] vhci_hcd vhci_hcd.0: Device attached
[  402.076713][T11183] netlink: 6032 bytes leftover after parsing attributes in process `syz.0.1271'.
[  402.159991][T11186] netlink: 72 bytes leftover after parsing attributes in process `syz.0.1271'.
[  402.190108][T11188] netlink: 12 bytes leftover after parsing attributes in process `syz.2.1274'.
[  402.333688][ T6027] usb 38-1: SetAddress Request (98) to port 0
[  402.336546][ T6027] usb 38-1: new SuperSpeed USB device number 98 using vhci_hcd
[  402.365223][T11184] vhci_hcd: cannot find the pending unlink 4294967287
[  402.368533][T11195] binder: 11182:11195 ioctl 40046629 80000200 returned -22
[  402.852741][ T7966] usb 44-1: device descriptor read/8, error -110
[  402.857314][T11196] vhci_hcd vhci_hcd.0: pdev(2) rhport(0) sockfd(7)
[  402.860135][T11196] vhci_hcd vhci_hcd.0: devid(0) speed(6) speed_str(super-speed-plus)
[  402.874276][T11196] vhci_hcd vhci_hcd.0: Device attached
[  403.022357][T11200] vhci_hcd: connection closed
[  403.022749][   T83] vhci_hcd vhci_hcd.2: stop threads
[  403.029204][   T83] vhci_hcd vhci_hcd.2: release socket
[  403.039595][   T83] vhci_hcd vhci_hcd.2: disconnect device
[  403.143900][ T5989] usb 40-1: device descriptor read/8, error -110
[  403.195364][   T40] audit: type=1326 audit(1766302946.929:10): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=11202 comm="syz.3.1275" exe="/syz-executor" sig=9 arch=40000003 syscall=252 compat=1 ip=0xf709d579 code=0x0
[  403.240710][T11205] netlink: 'syz.3.1275': attribute type 1 has an invalid length.
[  403.254927][ T7966] usb usb44-port1: attempt power cycle
[  403.276405][T11205] 8021q: adding VLAN 0 to HW filter on device bond3
[  403.293952][T11205] bond3: (slave geneve2): making interface the new active one
[  403.298464][T11205] bond3: (slave geneve2): Enslaving as an active interface with an up link
[  403.307545][T11205] netlink: 8 bytes leftover after parsing attributes in process `syz.3.1275'.
[  403.324284][T11184] vhci_hcd: connection reset by peer
[  403.328856][ T1142] vhci_hcd vhci_hcd.0: stop threads
[  403.330838][ T1142] vhci_hcd vhci_hcd.0: release socket
[  403.337182][ T1142] vhci_hcd vhci_hcd.0: disconnect device
[  403.544496][ T5989] usb usb40-port1: attempt power cycle
[  403.576731][T11204] vhci_hcd vhci_hcd.0: pdev(1) rhport(0) sockfd(7)
[  403.579581][T11204] vhci_hcd vhci_hcd.0: devid(0) speed(6) speed_str(super-speed-plus)
[  403.582981][T11204] vhci_hcd vhci_hcd.0: Device attached
[  403.673667][ T5989] usb 40-1: SetAddress Request (2) to port 0
[  403.676836][ T5989] usb 40-1: new SuperSpeed USB device number 2 using vhci_hcd
[  403.800457][T11207] vhci_hcd: connection reset by peer
[  403.803048][   T83] vhci_hcd vhci_hcd.1: stop threads
[  403.804832][   T83] vhci_hcd vhci_hcd.1: release socket
[  403.804894][   T83] vhci_hcd vhci_hcd.1: disconnect device
[  403.824284][ T7966] usb usb44-port1: unable to enumerate USB device
[  404.714020][T11228] vhci_hcd vhci_hcd.0: pdev(3) rhport(0) sockfd(6)
[  404.717054][T11228] vhci_hcd vhci_hcd.0: devid(0) speed(6) speed_str(super-speed-plus)
[  404.731010][T11228] vhci_hcd vhci_hcd.0: Device attached
[  405.023693][   T24] usb 44-1: SetAddress Request (119) to port 0
[  405.026416][   T24] usb 44-1: new SuperSpeed USB device number 119 using vhci_hcd
[  405.085894][T11234] vhci_hcd vhci_hcd.0: pdev(2) rhport(0) sockfd(3)
[  405.088762][T11234] vhci_hcd vhci_hcd.0: devid(0) speed(5) speed_str(super-speed)
[  405.092321][T11234] vhci_hcd vhci_hcd.0: Device attached
[  405.100604][T11234] netlink: 6040 bytes leftover after parsing attributes in process `syz.2.1282'.
[  405.200519][T11238] netlink: 72 bytes leftover after parsing attributes in process `syz.2.1282'.
[  405.309727][T11229] vhci_hcd: connection reset by peer
[  405.312440][T11240] binder: 11233:11240 ioctl 40046629 80000200 returned -22
[  405.334589][T11238] syz.2.1282 (11238): drop_caches: 2
[  405.356700][   T83] vhci_hcd vhci_hcd.3: stop threads
[  405.359220][   T83] vhci_hcd vhci_hcd.3: release socket
[  405.362168][   T83] vhci_hcd vhci_hcd.3: disconnect device
[  405.381826][T11235] vhci_hcd: cannot find the pending unlink 4294967287
[  405.383047][T11238] syz.2.1282 (11238): drop_caches: 2
[  405.521967][T11243] netlink: 'syz.1.1284': attribute type 10 has an invalid length.
[  406.095320][T11235] vhci_hcd: connection closed
[  406.193694][ T6690] vhci_hcd vhci_hcd.2: stop threads
[  406.203194][ T6690] vhci_hcd vhci_hcd.2: release socket
[  406.264871][  T141] usb 42-1: device descriptor read/8, error -110
[  406.275471][ T6690] vhci_hcd vhci_hcd.2: disconnect device
[  406.383703][T11241] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium
[  406.668198][  T141] usb usb42-port1: attempt power cycle
[  407.044919][T11258] vhci_hcd vhci_hcd.0: pdev(3) rhport(0) sockfd(5)
[  407.047847][T11258] vhci_hcd vhci_hcd.0: devid(0) speed(1) speed_str(low-speed)
[  407.208095][T11258] vhci_hcd vhci_hcd.0: Device attached
[  407.244656][  T141] usb usb42-port1: unable to enumerate USB device
[  407.390938][ T6027] usb 38-1: device descriptor read/8, error -110
[  407.509333][T11261] vhci_hcd vhci_hcd.0: pdev(0) rhport(0) sockfd(7)
[  407.512197][T11261] vhci_hcd vhci_hcd.0: devid(0) speed(6) speed_str(super-speed-plus)
[  407.544849][T11261] vhci_hcd vhci_hcd.0: Device attached
[  407.633706][ T6027] usb 38-1: SetAddress Request (99) to port 0
[  407.636418][ T6027] usb 38-1: new SuperSpeed USB device number 99 using vhci_hcd
[  407.745992][T11259] vhci_hcd: connection closed
[  407.746213][   T83] vhci_hcd vhci_hcd.3: stop threads
[  407.749747][   T83] vhci_hcd vhci_hcd.3: release socket
[  407.752222][   T83] vhci_hcd vhci_hcd.3: disconnect device
[  408.225050][T11267] vhci_hcd: connection reset by peer
[  408.227723][   T83] vhci_hcd vhci_hcd.0: stop threads
[  408.229742][   T83] vhci_hcd vhci_hcd.0: release socket
[  408.251815][   T83] vhci_hcd vhci_hcd.0: disconnect device
[  408.743660][ T5989] usb 40-1: device descriptor read/8, error -110
[  409.075303][T11280] vhci_hcd vhci_hcd.0: pdev(3) rhport(0) sockfd(6)
[  409.078425][T11280] vhci_hcd vhci_hcd.0: devid(0) speed(6) speed_str(super-speed-plus)
[  409.104287][T11280] vhci_hcd vhci_hcd.0: Device attached
[  409.257317][T11289] netlink: 4 bytes leftover after parsing attributes in process `syz.0.1294'.
[  409.261723][ T5989] usb usb40-port1: unable to enumerate USB device
[  409.629717][T11291] netlink: 20 bytes leftover after parsing attributes in process `syz.1.1296'.
[  409.686582][T11281] vhci_hcd: connection closed
[  409.687080][ T1145] vhci_hcd vhci_hcd.3: stop threads
[  409.690332][ T1145] vhci_hcd vhci_hcd.3: release socket
[  409.692248][ T1145] vhci_hcd vhci_hcd.3: disconnect device
[  409.712393][T11293] vhci_hcd vhci_hcd.0: pdev(1) rhport(0) sockfd(3)
[  409.714982][T11293] vhci_hcd vhci_hcd.0: devid(0) speed(5) speed_str(super-speed)
[  409.720115][T11293] vhci_hcd vhci_hcd.0: Device attached
[  409.806037][T11296] netlink: 72 bytes leftover after parsing attributes in process `syz.1.1297'.
[  409.829135][T11296] syz.1.1297 (11296): drop_caches: 2
[  409.938718][T11296] syz.1.1297 (11296): drop_caches: 2
[  410.003715][ T6033] usb 40-1: SetAddress Request (4) to port 0
[  410.006200][ T6033] usb 40-1: new SuperSpeed USB device number 4 using vhci_hcd
[  410.051710][T11294] vhci_hcd: cannot find the pending unlink 4294967287
[  410.067867][T11300] netlink: 24 bytes leftover after parsing attributes in process `syz.0.1298'.
[  410.078222][T11296] binder: 11292:11296 ioctl 40046629 80000200 returned -22
[  410.104040][   T24] usb 44-1: device descriptor read/8, error -110
[  410.186275][T11294] vhci_hcd: connection reset by peer
[  410.190831][ T6690] vhci_hcd vhci_hcd.1: stop threads
[  410.193105][ T6690] vhci_hcd vhci_hcd.1: release socket
[  410.196746][ T6690] vhci_hcd vhci_hcd.1: disconnect device
[  410.328827][ T6002] vhci_hcd vhci_hcd.3: vhci_device speed not set
[  410.468059][T11308] netlink: 'syz.2.1301': attribute type 10 has an invalid length.
[  411.186820][T11306] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium
[  411.361224][   T24] usb usb44-port1: attempt power cycle
[  411.950326][   T24] usb usb44-port1: unable to enumerate USB device
[  412.178492][T11324] netlink: 8 bytes leftover after parsing attributes in process `syz.2.1305'.
[  412.714465][T11328] netlink: 128124 bytes leftover after parsing attributes in process `syz.3.1306'.
[  412.743696][ T6027] usb 38-1: device descriptor read/8, error -110
[  413.052786][ T6027] usb usb38-port1: attempt power cycle
[  413.646369][ T6027] usb usb38-port1: unable to enumerate USB device
[  413.938680][T11346] vhci_hcd vhci_hcd.0: pdev(3) rhport(0) sockfd(3)
[  413.940933][T11346] vhci_hcd vhci_hcd.0: devid(0) speed(5) speed_str(super-speed)
[  413.944779][T11346] vhci_hcd vhci_hcd.0: Device attached
[  414.015081][T11349] netlink: 72 bytes leftover after parsing attributes in process `syz.3.1310'.
[  414.053130][T11349] syz.3.1310 (11349): drop_caches: 2
[  414.064127][T11349] syz.3.1310 (11349): drop_caches: 2
[  414.129295][T11349] binder: 11345:11349 ioctl 40046629 80000200 returned -22
[  414.135352][T11347] vhci_hcd: cannot find the pending unlink 4294967287
[  414.225402][ T6005] usb 44-1: SetAddress Request (123) to port 0
[  414.228259][ T6005] usb 44-1: new SuperSpeed USB device number 123 using vhci_hcd
[  414.789576][T11347] vhci_hcd: connection reset by peer
[  414.793676][   T83] vhci_hcd vhci_hcd.3: stop threads
[  414.796738][   T83] vhci_hcd vhci_hcd.3: release socket
[  414.822686][   T83] vhci_hcd vhci_hcd.3: disconnect device
[  415.137208][ T6033] usb 40-1: device descriptor read/8, error -110
[  415.547747][T11358] netlink: 'syz.1.1313': attribute type 10 has an invalid length.
[  415.585402][ T6033] usb usb40-port1: attempt power cycle
[  415.765092][T11361] vhci_hcd vhci_hcd.0: pdev(3) rhport(0) sockfd(6)
[  415.770300][T11361] vhci_hcd vhci_hcd.0: devid(0) speed(6) speed_str(super-speed-plus)
[  415.789247][T11361] vhci_hcd vhci_hcd.0: Device attached
[  415.955417][T11357] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium
[  416.154440][ T6033] usb usb40-port1: unable to enumerate USB device
[  416.212934][T11362] vhci_hcd: connection closed
[  416.213312][ T6096] vhci_hcd vhci_hcd.3: stop threads
[  416.217762][ T6096] vhci_hcd vhci_hcd.3: release socket
[  416.220795][ T6096] vhci_hcd vhci_hcd.3: disconnect device
[  416.914434][T11371] vhci_hcd vhci_hcd.0: pdev(1) rhport(0) sockfd(8)
[  416.917101][T11371] vhci_hcd vhci_hcd.0: devid(0) speed(6) speed_str(super-speed-plus)
[  416.921507][T11371] vhci_hcd vhci_hcd.0: Device attached
[  417.002637][ T1226] Bluetooth: hci4: Frame reassembly failed (-84)
[  417.005465][ T1226] Bluetooth: hci4: Frame reassembly failed (-84)
[  417.008019][ T1226] Bluetooth: hci4: Frame reassembly failed (-84)
[  417.010557][ T1226] Bluetooth: hci4: Frame reassembly failed (-84)
[  417.019134][ T1226] Bluetooth: hci4: Frame reassembly failed (-84)
[  417.213916][ T6033] usb 40-1: SetAddress Request (8) to port 0
[  417.315665][ T6033] usb 40-1: new SuperSpeed USB device number 8 using vhci_hcd
[  417.392396][T11372] vhci_hcd: connection reset by peer
[  417.412117][   T83] vhci_hcd vhci_hcd.1: stop threads
[  417.414863][   T83] vhci_hcd vhci_hcd.1: release socket
[  417.417357][   T83] vhci_hcd vhci_hcd.1: disconnect device
[  417.805656][T11388] vhci_hcd vhci_hcd.0: pdev(2) rhport(0) sockfd(8)
[  417.808323][T11388] vhci_hcd vhci_hcd.0: devid(0) speed(6) speed_str(super-speed-plus)
[  417.811880][T11388] vhci_hcd vhci_hcd.0: Device attached
[  417.936373][ T6096] Bluetooth: hci5: Frame reassembly failed (-84)
[  417.939084][ T6096] Bluetooth: hci5: Frame reassembly failed (-84)
[  417.941648][ T1145] Bluetooth: hci5: Frame reassembly failed (-84)
[  418.113570][T11389] vhci_hcd: connection closed
[  418.114009][ T6096] vhci_hcd vhci_hcd.2: stop threads
[  418.118092][ T6096] vhci_hcd vhci_hcd.2: release socket
[  418.120428][ T6096] vhci_hcd vhci_hcd.2: disconnect device
[  418.302465][  T141] usb 42-1: enqueue for inactive port 0
[  418.778132][T11393] vhci_hcd vhci_hcd.0: pdev(3) rhport(0) sockfd(6)
[  418.780839][T11393] vhci_hcd vhci_hcd.0: devid(0) speed(6) speed_str(super-speed-plus)
[  418.784325][T11393] vhci_hcd vhci_hcd.0: Device attached
[  418.809798][T11393] kAFS: No cell specified
[  418.904414][  T141] usb usb42-port1: attempt power cycle
[  418.975444][T11399] vhci_hcd: connection closed
[  418.975974][   T83] vhci_hcd vhci_hcd.3: stop threads
[  418.979804][   T83] vhci_hcd vhci_hcd.3: release socket
[  418.985005][   T83] vhci_hcd vhci_hcd.3: disconnect device
[  419.063807][ T5945] Bluetooth: hci4: Opcode 0x1003 failed: -110
[  419.303776][ T6005] usb 44-1: device descriptor read/8, error -110
[  419.484604][  T141] usb usb42-port1: unable to enumerate USB device
[  419.607289][T11402] vhci_hcd vhci_hcd.0: pdev(3) rhport(0) sockfd(3)
[  419.610279][T11402] vhci_hcd vhci_hcd.0: devid(0) speed(5) speed_str(super-speed)
[  419.614860][T11402] vhci_hcd vhci_hcd.0: Device attached
[  419.683075][T11405] netlink: 72 bytes leftover after parsing attributes in process `syz.3.1320'.
[  419.715360][T11405] syz.3.1320 (11405): drop_caches: 2
[  419.736145][T11405] syz.3.1320 (11405): drop_caches: 2
[  419.781582][T11403] vhci_hcd: cannot find the pending unlink 4294967287
[  419.811409][T11405] binder: 11401:11405 ioctl 40046629 80000200 returned -22
[  419.945790][ T5945] Bluetooth: hci5: command 0x1003 tx timeout
[  419.949549][ T5297] Bluetooth: hci5: Opcode 0x1003 failed: -110
[  420.343696][ T6005] usb 44-1: SetAddress Request (124) to port 0
[  420.346694][ T6005] usb 44-1: new SuperSpeed USB device number 124 using vhci_hcd
[  420.370378][T11411] netlink: 'syz.0.1322': attribute type 10 has an invalid length.
[  420.465459][T11403] vhci_hcd: connection closed
[  420.465756][ T1226] vhci_hcd vhci_hcd.3: stop threads
[  420.470450][ T1226] vhci_hcd vhci_hcd.3: release socket
[  420.473342][ T1226] vhci_hcd vhci_hcd.3: disconnect device
[  420.624201][ T6005] usb 44-1: enqueue for inactive port 0
[  420.695212][T11414] vhci_hcd vhci_hcd.0: pdev(1) rhport(0) sockfd(7)
[  420.698098][T11414] vhci_hcd vhci_hcd.0: devid(0) speed(6) speed_str(super-speed-plus)
[  420.761839][ T6005] usb usb44-port1: attempt power cycle
[  420.777445][T11414] vhci_hcd vhci_hcd.0: Device attached
[  421.001821][T11410] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium
[  421.362842][T11415] vhci_hcd: connection closed
[  421.377565][ T1145] vhci_hcd vhci_hcd.1: stop threads
[  421.381475][ T1145] vhci_hcd vhci_hcd.1: release socket
[  421.384289][ T1145] vhci_hcd vhci_hcd.1: disconnect device
[  421.395860][T11425] vhci_hcd vhci_hcd.0: pdev(3) rhport(0) sockfd(6)
[  421.398320][T11425] vhci_hcd vhci_hcd.0: devid(0) speed(6) speed_str(super-speed-plus)
[  421.404713][T11425] vhci_hcd vhci_hcd.0: Device attached
[  421.574112][ T6005] usb 44-1: SetAddress Request (126) to port 0
[  421.577156][ T6005] usb 44-1: new SuperSpeed USB device number 126 using vhci_hcd
[  421.868692][T11426] vhci_hcd: connection reset by peer
[  421.871665][ T1226] vhci_hcd vhci_hcd.3: stop threads
[  421.874348][ T1226] vhci_hcd vhci_hcd.3: release socket
[  421.877107][ T1226] vhci_hcd vhci_hcd.3: disconnect device
[  422.343755][ T6033] usb 40-1: device descriptor read/8, error -110
[  422.745451][ T6033] usb usb40-port1: attempt power cycle
[  423.318296][ T6033] usb usb40-port1: unable to enumerate USB device
[  424.890909][T11457] vhci_hcd vhci_hcd.0: pdev(2) rhport(0) sockfd(8)
[  424.894056][T11457] vhci_hcd vhci_hcd.0: devid(0) speed(6) speed_str(super-speed-plus)
[  424.898091][T11457] vhci_hcd vhci_hcd.0: Device attached
[  424.947389][   T46] Bluetooth: hci4: Frame reassembly failed (-84)
[  424.951628][   T46] Bluetooth: hci4: Frame reassembly failed (-84)
[  424.957053][   T46] Bluetooth: hci4: Frame reassembly failed (-84)
[  425.061072][T11458] vhci_hcd: connection closed
[  425.061697][ T4567] vhci_hcd vhci_hcd.2: stop threads
[  425.066750][ T4567] vhci_hcd vhci_hcd.2: release socket
[  425.068747][ T4567] vhci_hcd vhci_hcd.2: disconnect device
[  425.284239][T11468] netlink: 'syz.1.1334': attribute type 10 has an invalid length.
[  426.033150][T11464] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium
[  426.669079][ T6005] usb 44-1: device descriptor read/8, error -110
[  426.773853][ T6005] usb usb44-port1: unable to enumerate USB device
[  427.123780][ T5297] Bluetooth: hci4: command 0x1003 tx timeout
[  427.124031][ T5945] Bluetooth: hci4: Opcode 0x1003 failed: -110
[  427.289631][T11487] vhci_hcd vhci_hcd.0: pdev(1) rhport(0) sockfd(7)
[  427.292426][T11487] vhci_hcd vhci_hcd.0: devid(0) speed(6) speed_str(super-speed-plus)
[  427.323837][T11487] vhci_hcd vhci_hcd.0: Device attached
[  427.623666][ T7966] usb 40-1: SetAddress Request (12) to port 0
[  427.626114][ T7966] usb 40-1: new SuperSpeed USB device number 12 using vhci_hcd
[  427.883300][T11488] vhci_hcd: connection reset by peer
[  427.926670][   T83] vhci_hcd vhci_hcd.1: stop threads
[  427.928740][   T83] vhci_hcd vhci_hcd.1: release socket
[  427.931021][   T83] vhci_hcd vhci_hcd.1: disconnect device
[  428.379212][T11503] vhci_hcd vhci_hcd.0: pdev(3) rhport(0) sockfd(3)
[  428.382042][T11503] vhci_hcd vhci_hcd.0: devid(0) speed(5) speed_str(super-speed)
[  428.385891][T11503] vhci_hcd vhci_hcd.0: Device attached
[  428.461098][T11506] netlink: 72 bytes leftover after parsing attributes in process `syz.3.1343'.
[  428.525555][T11506] syz.3.1343 (11506): drop_caches: 2
[  428.529564][T11506] syz.3.1343 (11506): drop_caches: 2
[  428.564217][T11506] binder: 11502:11506 ioctl 40046629 80000200 returned -22
[  428.646081][T11504] vhci_hcd: cannot find the pending unlink 4294967287
[  428.744202][ T6005] usb 44-1: SetAddress Request (127) to port 0
[  428.749169][ T6005] usb 44-1: new SuperSpeed USB device number 127 using vhci_hcd
[  429.235554][T11504] vhci_hcd: connection reset by peer
[  429.255292][ T6690] vhci_hcd vhci_hcd.3: stop threads
[  429.257557][ T6690] vhci_hcd vhci_hcd.3: release socket
[  429.261627][ T6690] vhci_hcd vhci_hcd.3: disconnect device
[  431.098362][T11530] vhci_hcd vhci_hcd.0: pdev(3) rhport(0) sockfd(8)
[  431.101162][T11530] vhci_hcd vhci_hcd.0: devid(0) speed(6) speed_str(super-speed-plus)
[  431.113808][T11530] vhci_hcd vhci_hcd.0: Device attached
[  431.260906][T11538] evm: overlay not supported
[  431.439657][T11531] vhci_hcd: connection closed
[  431.440046][   T83] vhci_hcd vhci_hcd.3: stop threads
[  431.444919][   T83] vhci_hcd vhci_hcd.3: release socket
[  431.447403][   T83] vhci_hcd vhci_hcd.3: disconnect device
[  432.234066][T11552] vhci_hcd vhci_hcd.0: pdev(0) rhport(0) sockfd(7)
[  432.236934][T11552] vhci_hcd vhci_hcd.0: devid(0) speed(6) speed_str(super-speed-plus)
[  432.242753][T11552] vhci_hcd vhci_hcd.0: Device attached
[  432.652576][ T1023] usb 38-1: SetAddress Request (102) to port 0
[  432.656081][ T1023] usb 38-1: new SuperSpeed USB device number 102 using vhci_hcd
[  432.673722][ T7966] usb 40-1: device descriptor read/8, error -110
[  433.165717][T11553] vhci_hcd: connection reset by peer
[  433.168171][ T6690] vhci_hcd vhci_hcd.0: stop threads
[  433.170498][ T6690] vhci_hcd vhci_hcd.0: release socket
[  433.172511][ T6690] vhci_hcd vhci_hcd.0: disconnect device
[  433.304414][ T7966] usb usb40-port1: attempt power cycle
[  433.349734][T11568] loop2: detected capacity change from 0 to 7
[  433.354811][    C3] I/O error, dev loop2, sector 0 op 0x0:(READ) flags 0x800000 phys_seg 1 prio class 2
[  433.358422][    C3] buffer_io_error: 11 callbacks suppressed
[  433.358458][    C3] Buffer I/O error on dev loop2, logical block 0, async page read
[  433.368196][    C3] I/O error, dev loop2, sector 0 op 0x0:(READ) flags 0x800000 phys_seg 1 prio class 2
[  433.372197][    C3] Buffer I/O error on dev loop2, logical block 0, async page read
[  433.375938][    C3] I/O error, dev loop2, sector 0 op 0x0:(READ) flags 0x800000 phys_seg 1 prio class 2
[  433.379989][    C3] Buffer I/O error on dev loop2, logical block 0, async page read
[  433.384138][    C3] I/O error, dev loop2, sector 0 op 0x0:(READ) flags 0x800000 phys_seg 1 prio class 2
[  433.388206][    C3] Buffer I/O error on dev loop2, logical block 0, async page read
[  433.391874][    C3] I/O error, dev loop2, sector 0 op 0x0:(READ) flags 0x800000 phys_seg 1 prio class 2
[  433.395999][    C3] Buffer I/O error on dev loop2, logical block 0, async page read
[  433.399678][    C3] I/O error, dev loop2, sector 0 op 0x0:(READ) flags 0x800000 phys_seg 1 prio class 2
[  433.403790][    C3] Buffer I/O error on dev loop2, logical block 0, async page read
[  433.407695][    C2] I/O error, dev loop2, sector 0 op 0x0:(READ) flags 0x800000 phys_seg 1 prio class 2
[  433.411851][    C2] Buffer I/O error on dev loop2, logical block 0, async page read
[  433.416082][T11460] ldm_validate_partition_table(): Disk read failed.
[  433.463924][    C0] I/O error, dev loop2, sector 0 op 0x0:(READ) flags 0x800000 phys_seg 1 prio class 2
[  433.468048][    C0] Buffer I/O error on dev loop2, logical block 0, async page read
[  433.473753][    C1] I/O error, dev loop2, sector 0 op 0x0:(READ) flags 0x800000 phys_seg 1 prio class 2
[  433.477877][    C1] Buffer I/O error on dev loop2, logical block 0, async page read
[  433.494036][    C1] I/O error, dev loop2, sector 0 op 0x0:(READ) flags 0x800000 phys_seg 1 prio class 2
[  433.498095][    C1] Buffer I/O error on dev loop2, logical block 0, async page read
[  433.502187][T11460] Dev loop2: unable to read RDB block 0
[  433.507729][T11460]  loop2: unable to read partition table
[  433.511368][T11460] loop2: partition table beyond EOD, truncated
[  433.546917][T11568] ldm_validate_partition_table(): Disk read failed.
[  433.550340][T11568] Dev loop2: unable to read RDB block 0
[  433.552980][T11568]  loop2: unable to read partition table
[  433.555291][T11568] loop2: partition table beyond EOD, truncated
[  433.557368][T11568] loop_reread_partitions: partition scan of loop2 (úùƒå¡™‰ü�¾CêjÌ–ã¢P=ý?ã}X‹ºÐ	œëÜ%õ«`ÉæÖ€ù…ˆ{í©Ö�˜Èµ4FLQkÝŠ) failed (rc=-5)
[  433.783661][ T6005] usb 44-1: device descriptor read/8, error -110
[  433.927380][ T7966] usb usb40-port1: unable to enumerate USB device
[  434.253804][ T5346] ldm_validate_partition_table(): Disk read failed.
[  434.258651][ T5346] Dev loop2: unable to read RDB block 0
[  434.266612][ T5346]  loop2: unable to read partition table
[  434.272131][ T5346] loop2: partition table beyond EOD, truncated
[  434.566865][ T6005] usb usb44-port1: attempt power cycle
[  434.797725][T11590] ntfs3(nullb0): Primary boot signature is not NTFS.
[  434.803017][T11590] ntfs3(nullb0): try to read out of volume at offset 0x3e7ffffe00
[  435.608292][ T6005] usb usb44-port1: unable to enumerate USB device
[  435.900923][T11599] vhci_hcd vhci_hcd.0: pdev(3) rhport(0) sockfd(3)
[  435.903781][T11599] vhci_hcd vhci_hcd.0: devid(0) speed(5) speed_str(super-speed)
[  435.907343][T11599] vhci_hcd vhci_hcd.0: Device attached
[  435.921673][T11599] netlink: 6068 bytes leftover after parsing attributes in process `syz.3.1365'.
[  435.986369][T11602] netlink: 72 bytes leftover after parsing attributes in process `syz.3.1365'.
[  436.019563][T11602] syz.3.1365 (11602): drop_caches: 2
[  436.023277][T11602] syz.3.1365 (11602): drop_caches: 2
[  436.042191][T11600] vhci_hcd: cannot find the pending unlink 4294967287
[  436.045027][T11602] binder: 11598:11602 ioctl 40046629 80000200 returned -22
[  436.194158][   T24] usb 44-1: SetAddress Request (5) to port 0
[  436.197715][   T24] usb 44-1: new SuperSpeed USB device number 5 using vhci_hcd
[  436.437878][T11605] vhci_hcd vhci_hcd.0: pdev(1) rhport(0) sockfd(8)
[  436.440723][T11605] vhci_hcd vhci_hcd.0: devid(0) speed(6) speed_str(super-speed-plus)
[  436.445958][T11605] vhci_hcd vhci_hcd.0: Device attached
[  436.479188][   T46] Bluetooth: hci4: Frame reassembly failed (-84)
[  436.481711][   T46] Bluetooth: hci4: Frame reassembly failed (-84)
[  436.581359][T11606] vhci_hcd: connection closed
[  436.583928][   T46] vhci_hcd vhci_hcd.1: stop threads
[  436.588344][   T46] vhci_hcd vhci_hcd.1: release socket
[  436.590749][   T46] vhci_hcd vhci_hcd.1: disconnect device
[  436.756527][T11600] vhci_hcd: connection reset by peer
[  436.770122][   T46] vhci_hcd vhci_hcd.3: stop threads
[  436.772273][   T46] vhci_hcd vhci_hcd.3: release socket
[  436.774810][   T46] vhci_hcd vhci_hcd.3: disconnect device
[  437.193590][T11620] vhci_hcd vhci_hcd.0: pdev(0) rhport(0) sockfd(7)
[  437.195831][T11620] vhci_hcd vhci_hcd.0: devid(0) speed(6) speed_str(super-speed-plus)
[  437.199191][T11620] vhci_hcd vhci_hcd.0: Device attached
[  438.082912][T11634] vhci_hcd vhci_hcd.0: pdev(2) rhport(0) sockfd(6)
[  438.085456][T11634] vhci_hcd vhci_hcd.0: devid(0) speed(6) speed_str(super-speed-plus)
[  438.089986][T11634] vhci_hcd vhci_hcd.0: Device attached
[  438.129072][T11621] vhci_hcd: connection reset by peer
[  438.185064][   T46] vhci_hcd vhci_hcd.0: stop threads
[  438.188266][   T46] vhci_hcd vhci_hcd.0: release socket
[  438.198932][ T1023] usb 38-1: device descriptor read/8, error -110
[  438.208793][   T46] vhci_hcd vhci_hcd.0: disconnect device
[  438.504445][ T5297] Bluetooth: hci4: command 0x1003 tx timeout
[  438.526169][ T5945] Bluetooth: hci4: Opcode 0x1003 failed: -110
[  438.593671][ T6033] usb 42-1: SetAddress Request (126) to port 0
[  438.596163][ T6033] usb 42-1: new SuperSpeed USB device number 126 using vhci_hcd
[  438.650626][ T1023] usb usb38-port1: attempt power cycle
[  438.657570][T11635] vhci_hcd: connection reset by peer
[  438.665738][   T46] vhci_hcd vhci_hcd.2: stop threads
[  438.668079][   T46] vhci_hcd vhci_hcd.2: release socket
[  438.670621][   T46] vhci_hcd vhci_hcd.2: disconnect device
[  439.234523][ T1023] usb usb38-port1: unable to enumerate USB device
[  441.299838][   T24] usb 44-1: device descriptor read/8, error -110
[  442.217022][   T24] usb usb44-port1: attempt power cycle
[  442.683216][T11664] vhci_hcd vhci_hcd.0: pdev(0) rhport(0) sockfd(3)
[  442.685366][T11664] vhci_hcd vhci_hcd.0: devid(0) speed(5) speed_str(super-speed)
[  442.689023][T11664] vhci_hcd vhci_hcd.0: Device attached
[  442.739898][T11664] netlink: 6068 bytes leftover after parsing attributes in process `syz.0.1377'.
[  442.798284][T11668] netlink: 72 bytes leftover after parsing attributes in process `syz.0.1377'.
[  442.811091][T11668] syz.0.1377 (11668): drop_caches: 2
[  442.813928][T11668] syz.0.1377 (11668): drop_caches: 2
[  442.984824][T11665] vhci_hcd: cannot find the pending unlink 4294967287
[  442.992221][   T34] usb 38-1: SetAddress Request (106) to port 0
[  443.001102][   T34] usb 38-1: new SuperSpeed USB device number 106 using vhci_hcd
[  443.035249][T11668] binder: 11663:11668 ioctl 40046629 80000200 returned -22
[  443.499787][T11665] vhci_hcd: connection reset by peer
[  443.506033][ T1142] vhci_hcd vhci_hcd.0: stop threads
[  443.515916][ T1142] vhci_hcd vhci_hcd.0: release socket
[  443.521840][ T1142] vhci_hcd vhci_hcd.0: disconnect device
[  443.563202][T11670] netdevsim netdevsim3 eth3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  443.623791][ T6033] usb 42-1: device descriptor read/8, error -110
[  443.725779][T11670] netdevsim netdevsim3 eth2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  443.751211][   T24] usb usb44-port1: unable to enumerate USB device
[  443.856436][T11670] netdevsim netdevsim3 eth1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  444.014636][ T6033] usb usb42-port1: attempt power cycle
[  444.018959][T11670] netdevsim netdevsim3 eth0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  444.283192][ T6096] netdevsim netdevsim3 eth0: set [1, 0] type 2 family 0 port 6081 - 0
[  444.294750][ T6096] netdevsim netdevsim3 eth1: set [1, 0] type 2 family 0 port 6081 - 0
[  444.306624][ T6096] netdevsim netdevsim3 eth2: set [1, 0] type 2 family 0 port 6081 - 0
[  444.320520][ T6096] netdevsim netdevsim3 eth3: set [1, 0] type 2 family 0 port 6081 - 0
[  444.384682][T11685] vhci_hcd vhci_hcd.0: pdev(0) rhport(0) sockfd(7)
[  444.386910][T11685] vhci_hcd vhci_hcd.0: devid(0) speed(6) speed_str(super-speed-plus)
[  444.390031][T11685] vhci_hcd vhci_hcd.0: Device attached
[  444.597084][ T1416] ieee802154 phy0 wpan0: encryption failed: -22
[  444.599785][ T1416] ieee802154 phy1 wpan1: encryption failed: -22
[  444.619482][ T6033] usb usb42-port1: unable to enumerate USB device
[  444.679783][T11691] vhci_hcd vhci_hcd.0: pdev(1) rhport(0) sockfd(8)
[  444.682431][T11691] vhci_hcd vhci_hcd.0: devid(0) speed(6) speed_str(super-speed-plus)
[  444.692460][T11691] vhci_hcd vhci_hcd.0: Device attached
[  444.787002][   T12] Bluetooth: hci4: Frame reassembly failed (-84)
[  444.789628][   T12] Bluetooth: hci4: Frame reassembly failed (-84)
[  444.792616][   T12] Bluetooth: hci4: Frame reassembly failed (-84)
[  444.794752][   T12] Bluetooth: hci4: Frame reassembly failed (-84)
[  444.796591][   T12] Bluetooth: hci4: Frame reassembly failed (-84)
[  444.963639][ T6349] usb 40-1: SetAddress Request (16) to port 0
[  444.965749][ T6349] usb 40-1: new SuperSpeed USB device number 16 using vhci_hcd
[  445.001438][T11686] vhci_hcd: connection closed
[  445.005591][   T46] vhci_hcd vhci_hcd.0: stop threads
[  445.007677][   T46] vhci_hcd vhci_hcd.0: release socket
[  445.012708][   T46] vhci_hcd vhci_hcd.0: disconnect device
[  445.147112][T11692] vhci_hcd: connection reset by peer
[  445.151647][   T12] vhci_hcd vhci_hcd.1: stop threads
[  445.154189][   T12] vhci_hcd vhci_hcd.1: release socket
[  445.156091][   T12] vhci_hcd vhci_hcd.1: disconnect device
[  446.046559][T11702] netlink: 'syz.2.1384': attribute type 10 has an invalid length.
[  446.563261][T11695] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium
[  446.823617][ T5945] Bluetooth: hci4: Opcode 0x1003 failed: -110
[  446.823954][ T5297] Bluetooth: hci4: command 0x1003 tx timeout
[  447.241876][T11712] vhci_hcd vhci_hcd.0: pdev(2) rhport(0) sockfd(4)
[  447.244589][T11712] vhci_hcd vhci_hcd.0: devid(0) speed(1) speed_str(low-speed)
[  447.250214][T11712] vhci_hcd vhci_hcd.0: Device attached
[  447.252953][T11713] vhci_hcd: connection closed
[  447.253195][   T12] vhci_hcd vhci_hcd.2: stop threads
[  447.257591][   T12] vhci_hcd vhci_hcd.2: release socket
[  447.260568][   T12] vhci_hcd vhci_hcd.2: disconnect device
[  447.813773][T11716] vhci_hcd vhci_hcd.0: pdev(2) rhport(0) sockfd(3)
[  447.816737][T11716] vhci_hcd vhci_hcd.0: devid(0) speed(5) speed_str(super-speed)
[  447.821974][T11716] vhci_hcd vhci_hcd.0: Device attached
[  447.836214][T11716] netlink: 6068 bytes leftover after parsing attributes in process `syz.2.1389'.
[  447.909131][T11719] netlink: 72 bytes leftover after parsing attributes in process `syz.2.1389'.
[  447.928513][T11719] syz.2.1389 (11719): drop_caches: 2
[  447.933043][T11719] syz.2.1389 (11719): drop_caches: 2
[  447.953701][T11717] vhci_hcd: cannot find the pending unlink 4294967287
[  447.957366][T11719] binder: 11715:11719 ioctl 40046629 80000200 returned -22
[  448.104734][   T34] usb 38-1: device descriptor read/8, error -110
[  448.518384][   T34] usb usb38-port1: attempt power cycle
[  448.662278][T11717] vhci_hcd: connection closed
[  448.665613][   T12] vhci_hcd vhci_hcd.2: stop threads
[  448.670033][   T12] vhci_hcd vhci_hcd.2: release socket
[  448.672786][   T12] vhci_hcd vhci_hcd.2: disconnect device
[  448.823602][ T6033] usb 42-1: enqueue for inactive port 0
[  449.097086][   T34] usb usb38-port1: unable to enumerate USB device
[  449.494314][ T6033] usb usb42-port1: attempt power cycle
[  449.583363][T11727] FAULT_INJECTION: forcing a failure.
[  449.583363][T11727] name failslab, interval 1, probability 0, space 0, times 0
[  449.589358][T11727] CPU: 0 UID: 0 PID: 11727 Comm: syz.1.1392 Not tainted syzkaller #0 PREEMPT(full) 
[  449.589383][T11727] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2~bpo12+1 04/01/2014
[  449.589394][T11727] Call Trace:
[  449.589401][T11727]  <TASK>
[  449.589407][T11727]  dump_stack_lvl+0x16c/0x1f0
[  449.589432][T11727]  should_fail_ex+0x512/0x640
[  449.589448][T11727]  ? __kmalloc_noprof+0xca/0x910
[  449.589497][T11727]  should_failslab+0xc2/0x120
[  449.589524][T11727]  __kmalloc_noprof+0xeb/0x910
[  449.589542][T11727]  ? genl_family_rcv_msg_attrs_parse.constprop.0+0xc8/0x290
[  449.589577][T11727]  ? genl_family_rcv_msg_attrs_parse.constprop.0+0xc8/0x290
[  449.589602][T11727]  genl_family_rcv_msg_attrs_parse.constprop.0+0xc8/0x290
[  449.589636][T11727]  genl_family_rcv_msg_doit+0xbf/0x2f0
[  449.589665][T11727]  ? __pfx_genl_family_rcv_msg_doit+0x10/0x10
[  449.589692][T11727]  ? genl_get_cmd+0x194/0x580
[  449.589720][T11727]  ? bpf_lsm_capable+0x9/0x10
[  449.589742][T11727]  ? security_capable+0x7e/0x260
[  449.589770][T11727]  ? ns_capable+0xd7/0x110
[  449.589794][T11727]  genl_rcv_msg+0x55c/0x800
[  449.589814][T11727]  ? __pfx_genl_rcv_msg+0x10/0x10
[  449.589831][T11727]  ? __pfx_wg_set_device_doit+0x10/0x10
[  449.589858][T11727]  ? __lock_acquire+0x436/0x2890
[  449.589880][T11727]  netlink_rcv_skb+0x158/0x420
[  449.589899][T11727]  ? __pfx_genl_rcv_msg+0x10/0x10
[  449.589918][T11727]  ? __pfx_netlink_rcv_skb+0x10/0x10
[  449.589952][T11727]  ? netlink_deliver_tap+0x1ae/0xd30
[  449.589980][T11727]  genl_rcv+0x28/0x40
[  449.590000][T11727]  netlink_unicast+0x5aa/0x870
[  449.590028][T11727]  ? __pfx_netlink_unicast+0x10/0x10
[  449.590063][T11727]  netlink_sendmsg+0x8c8/0xdd0
[  449.590091][T11727]  ? __pfx_netlink_sendmsg+0x10/0x10
[  449.590112][T11727]  ? aa_sock_msg_perm.constprop.0+0x100/0x1b0
[  449.590144][T11727]  ____sys_sendmsg+0xa5d/0xc30
[  449.590174][T11727]  ? __pfx_____sys_sendmsg+0x10/0x10
[  449.590199][T11727]  ? get_compat_msghdr+0x11a/0x170
[  449.590230][T11727]  ___sys_sendmsg+0x134/0x1d0
[  449.590255][T11727]  ? __pfx____sys_sendmsg+0x10/0x10
[  449.590308][T11727]  ? find_held_lock+0x2b/0x80
[  449.590356][T11727]  __sys_sendmsg+0x16d/0x220
[  449.590380][T11727]  ? __pfx___sys_sendmsg+0x10/0x10
[  449.590419][T11727]  __do_fast_syscall_32+0xe8/0x680
[  449.590448][T11727]  do_fast_syscall_32+0x32/0x80
[  449.590463][T11727]  entry_SYSENTER_compat_after_hwframe+0x84/0x8e
[  449.590484][T11727] RIP: 0023:0xf70ed579
[  449.590500][T11727] Code: b8 01 10 06 03 74 b4 01 10 07 03 74 b0 01 10 08 03 74 d8 01 00 00 00 00 00 00 00 00 00 00 00 00 00 51 52 55 89 e5 0f 34 cd 80 <5d> 5a 59 c3 90 90 90 90 8d b4 26 00 00 00 00 8d b4 26 00 00 00 00
[  449.590516][T11727] RSP: 002b:00000000f54dd55c EFLAGS: 00000296 ORIG_RAX: 0000000000000172
[  449.590533][T11727] RAX: ffffffffffffffda RBX: 0000000000000003 RCX: 00000000800000c0
[  449.590545][T11727] RDX: 0000000000040000 RSI: 0000000000000000 RDI: 0000000000000000
[  449.590555][T11727] RBP: 0000000000000000 R08: 0000000000000000 R09: 0000000000000000
[  449.590566][T11727] R10: 0000000000000000 R11: 0000000000000293 R12: 0000000000000000
[  449.590577][T11727] R13: 0000000000000000 R14: 0000000000000000 R15: 0000000000000000
[  449.590601][T11727]  </TASK>
[  450.024032][ T6349] usb 40-1: device descriptor read/8, error -110
[  450.058633][T11736] vhci_hcd vhci_hcd.0: pdev(1) rhport(0) sockfd(7)
[  450.061378][T11736] vhci_hcd vhci_hcd.0: devid(0) speed(6) speed_str(super-speed-plus)
[  450.067160][T11736] vhci_hcd vhci_hcd.0: Device attached
[  450.115316][ T6033] usb usb42-port1: unable to enumerate USB device
[  450.121182][T11739] syzkaller0: entered allmulticast mode
[  450.263839][ T6349] usb 40-1: SetAddress Request (17) to port 0
[  450.266712][ T6349] usb 40-1: new SuperSpeed USB device number 17 using vhci_hcd
[  450.501343][T11747] netlink: 4 bytes leftover after parsing attributes in process `syz.2.1396'.
[  451.198363][T11737] vhci_hcd: connection reset by peer
[  451.235271][   T46] vhci_hcd vhci_hcd.1: stop threads
[  451.237176][   T46] vhci_hcd vhci_hcd.1: release socket
[  451.245659][   T46] vhci_hcd vhci_hcd.1: disconnect device
[  451.320527][T11755] vhci_hcd vhci_hcd.0: pdev(0) rhport(0) sockfd(3)
[  451.323328][T11755] vhci_hcd vhci_hcd.0: devid(0) speed(5) speed_str(super-speed)
[  451.338507][T11755] vhci_hcd vhci_hcd.0: Device attached
[  451.420532][T11760] netlink: 72 bytes leftover after parsing attributes in process `syz.0.1397'.
[  451.463138][T11760] syz.0.1397 (11760): drop_caches: 2
[  451.466402][T11760] syz.0.1397 (11760): drop_caches: 2
[  451.507115][T11756] vhci_hcd: cannot find the pending unlink 4294967287
[  451.510449][T11760] binder: 11751:11760 ioctl 40046629 80000200 returned -22
[  451.614123][ T8045] usb 38-1: SetAddress Request (110) to port 0
[  451.616571][ T8045] usb 38-1: new SuperSpeed USB device number 110 using vhci_hcd
[  451.671810][T11764] vhci_hcd vhci_hcd.0: pdev(3) rhport(0) sockfd(3)
[  451.674751][T11764] vhci_hcd vhci_hcd.0: devid(0) speed(5) speed_str(super-speed)
[  451.677614][T11764] vhci_hcd vhci_hcd.0: Device attached
[  451.686046][T11764] netlink: 6068 bytes leftover after parsing attributes in process `syz.3.1400'.
[  451.796672][T11767] netlink: 72 bytes leftover after parsing attributes in process `syz.3.1400'.
[  451.830061][T11767] syz.3.1400 (11767): drop_caches: 2
[  451.844703][T11767] syz.3.1400 (11767): drop_caches: 2
[  451.869456][T11767] binder: 11763:11767 ioctl 40046629 80000200 returned -22
[  451.890859][T11765] vhci_hcd: cannot find the pending unlink 4294967287
[  451.983969][ T6005] usb 44-1: SetAddress Request (9) to port 0
[  451.990460][ T6005] usb 44-1: new SuperSpeed USB device number 9 using vhci_hcd
[  452.240519][T11756] vhci_hcd: connection reset by peer
[  452.244891][ T1142] vhci_hcd vhci_hcd.0: stop threads
[  452.249065][ T1142] vhci_hcd vhci_hcd.0: release socket
[  452.252466][ T1142] vhci_hcd vhci_hcd.0: disconnect device
[  452.521462][T11765] vhci_hcd: connection reset by peer
[  452.546113][ T4567] vhci_hcd vhci_hcd.3: stop threads
[  452.550992][ T4567] vhci_hcd vhci_hcd.3: release socket
[  452.557873][ T4567] vhci_hcd vhci_hcd.3: disconnect device
[  454.098069][T11787] vhci_hcd vhci_hcd.0: pdev(1) rhport(0) sockfd(8)
[  454.100763][T11787] vhci_hcd vhci_hcd.0: devid(0) speed(6) speed_str(super-speed-plus)
[  454.106040][T11787] vhci_hcd vhci_hcd.0: Device attached
[  454.284456][T11788] vhci_hcd: connection closed
[  454.343070][   T83] vhci_hcd vhci_hcd.1: stop threads
[  454.348553][   T83] vhci_hcd vhci_hcd.1: release socket
[  454.353941][   T83] vhci_hcd vhci_hcd.1: disconnect device
[  455.314896][ T6349] usb 40-1: device descriptor read/8, error -110
[  455.424186][ T6349] usb usb40-port1: attempt power cycle
[  455.934296][T11818] vhci_hcd vhci_hcd.0: pdev(0) rhport(0) sockfd(7)
[  455.937068][T11818] vhci_hcd vhci_hcd.0: devid(0) speed(6) speed_str(super-speed-plus)
[  455.940864][T11818] vhci_hcd vhci_hcd.0: Device attached
[  456.078124][ T6349] usb usb40-port1: unable to enumerate USB device
[  456.088027][T11821] vhci_hcd vhci_hcd.0: pdev(3) rhport(0) sockfd(6)
[  456.090849][T11821] vhci_hcd vhci_hcd.0: devid(0) speed(6) speed_str(super-speed-plus)
[  456.095963][T11821] vhci_hcd vhci_hcd.0: Device attached
[  456.183706][ T5945] Bluetooth: hci4: Opcode 0x1003 failed: -110
[  456.659894][T11819] vhci_hcd: connection closed
[  456.663892][ T1145] vhci_hcd vhci_hcd.0: stop threads
[  456.667847][ T1145] vhci_hcd vhci_hcd.0: release socket
[  456.670031][ T1145] vhci_hcd vhci_hcd.0: disconnect device
[  456.670080][ T8045] usb 38-1: device descriptor read/8, error -110
[  456.727784][T11822] vhci_hcd: connection closed
[  456.728848][ T1145] vhci_hcd vhci_hcd.3: stop threads
[  456.732777][ T1145] vhci_hcd vhci_hcd.3: release socket
[  456.735187][ T1145] vhci_hcd vhci_hcd.3: disconnect device
[  456.819900][T11827] FAULT_INJECTION: forcing a failure.
[  456.819900][T11827] name fail_usercopy, interval 1, probability 0, space 0, times 0
[  456.825066][T11827] CPU: 3 UID: 0 PID: 11827 Comm: syz.1.1412 Not tainted syzkaller #0 PREEMPT(full) 
[  456.825090][T11827] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2~bpo12+1 04/01/2014
[  456.825101][T11827] Call Trace:
[  456.825108][T11827]  <TASK>
[  456.825115][T11827]  dump_stack_lvl+0x16c/0x1f0
[  456.825145][T11827]  should_fail_ex+0x512/0x640
[  456.825168][T11827]  _copy_from_user+0x2e/0xd0
[  456.825189][T11827]  kstrtouint_from_user+0xd6/0x1d0
[  456.825212][T11827]  ? __pfx_kstrtouint_from_user+0x10/0x10
[  456.825233][T11827]  ? __lock_acquire+0x436/0x2890
[  456.825261][T11827]  proc_fail_nth_write+0x83/0x220
[  456.825279][T11827]  ? __pfx_proc_fail_nth_write+0x10/0x10
[  456.825304][T11827]  ? __pfx_proc_fail_nth_write+0x10/0x10
[  456.825319][T11827]  vfs_write+0x2a0/0x11d0
[  456.825344][T11827]  ? __pfx___mutex_lock+0x10/0x10
[  456.825372][T11827]  ? __pfx_vfs_write+0x10/0x10
[  456.825393][T11827]  ? find_held_lock+0x2b/0x80
[  456.825421][T11827]  ? __fget_files+0x20e/0x3c0
[  456.825452][T11827]  ksys_write+0x12a/0x250
[  456.825481][T11827]  ? __pfx_ksys_write+0x10/0x10
[  456.825505][T11827]  ? do_user_addr_fault+0x843/0x1370
[  456.825530][T11827]  __do_fast_syscall_32+0xe8/0x680
[  456.825559][T11827]  do_fast_syscall_32+0x32/0x80
[  456.825575][T11827]  entry_SYSENTER_compat_after_hwframe+0x84/0x8e
[  456.825596][T11827] RIP: 0023:0xf70ed579
[  456.825610][T11827] Code: b8 01 10 06 03 74 b4 01 10 07 03 74 b0 01 10 08 03 74 d8 01 00 00 00 00 00 00 00 00 00 00 00 00 00 51 52 55 89 e5 0f 34 cd 80 <5d> 5a 59 c3 90 90 90 90 8d b4 26 00 00 00 00 8d b4 26 00 00 00 00
[  456.825626][T11827] RSP: 002b:00000000f54dd590 EFLAGS: 00000293 ORIG_RAX: 0000000000000004
[  456.825643][T11827] RAX: ffffffffffffffda RBX: 0000000000000004 RCX: 00000000f54dd620
[  456.825654][T11827] RDX: 0000000000000001 RSI: 00000000f7486ff4 RDI: 0000000000000000
[  456.825665][T11827] RBP: 0000000000000001 R08: 0000000000000000 R09: 0000000000000000
[  456.825675][T11827] R10: 0000000000000000 R11: 0000000000000293 R12: 0000000000000000
[  456.825685][T11827] R13: 0000000000000000 R14: 0000000000000000 R15: 0000000000000000
[  456.825709][T11827]  </TASK>
[  457.073844][ T6005] usb 44-1: device descriptor read/8, error -110
[  457.104216][ T8045] usb usb38-port1: attempt power cycle
[  457.464221][ T6005] usb usb44-port1: attempt power cycle
[  457.706740][ T8045] usb usb38-port1: unable to enumerate USB device
[  458.524069][ T6005] usb usb44-port1: unable to enumerate USB device
[  459.947996][T11857] netlink: zone id is out of range
[  459.950377][T11857] netlink: zone id is out of range
[  459.952584][T11857] netlink: zone id is out of range
[  459.956907][T11857] netlink: del zone limit has 8 unknown bytes
[  460.057550][T11858] vhci_hcd vhci_hcd.0: pdev(2) rhport(0) sockfd(8)
[  460.060360][T11858] vhci_hcd vhci_hcd.0: devid(0) speed(6) speed_str(super-speed-plus)
[  460.064742][T11858] vhci_hcd vhci_hcd.0: Device attached
[  460.097837][ T1145] Bluetooth: hci4: Frame reassembly failed (-84)
[  460.100820][ T1145] Bluetooth: hci4: Frame reassembly failed (-84)
[  460.343722][   T34] usb 42-1: SetAddress Request (8) to port 0
[  460.346456][T11859] vhci_hcd: connection closed
[  460.346851][   T12] vhci_hcd vhci_hcd.2: stop threads
[  460.351354][   T34] usb 42-1: new SuperSpeed USB device number 8 using vhci_hcd
[  460.355094][   T12] vhci_hcd vhci_hcd.2: release socket
[  460.357585][   T12] vhci_hcd vhci_hcd.2: disconnect device
[  460.375279][   T34] usb 42-1: enqueue for inactive port 0
[  460.462731][T11866] vhci_hcd vhci_hcd.0: pdev(1) rhport(0) sockfd(7)
[  460.465370][T11866] vhci_hcd vhci_hcd.0: devid(0) speed(6) speed_str(super-speed-plus)
[  460.468928][T11866] vhci_hcd vhci_hcd.0: Device attached
[  460.733787][ T6033] usb 40-1: SetAddress Request (20) to port 0
[  460.736527][ T6033] usb 40-1: new SuperSpeed USB device number 20 using vhci_hcd
[  460.775119][   T34] usb usb42-port1: attempt power cycle
[  461.131465][T11867] vhci_hcd: connection reset by peer
[  461.134355][ T1142] vhci_hcd vhci_hcd.1: stop threads
[  461.136738][ T1142] vhci_hcd vhci_hcd.1: release socket
[  461.139268][ T1142] vhci_hcd vhci_hcd.1: disconnect device
[  461.334498][   T34] usb usb42-port1: unable to enumerate USB device
[  461.609886][T11873] vhci_hcd vhci_hcd.0: pdev(3) rhport(0) sockfd(6)
[  461.612501][T11873] vhci_hcd vhci_hcd.0: devid(0) speed(6) speed_str(super-speed-plus)
[  461.615773][T11873] vhci_hcd vhci_hcd.0: Device attached
[  461.893779][ T6002] usb 44-1: SetAddress Request (13) to port 0
[  461.896316][ T6002] usb 44-1: new SuperSpeed USB device number 13 using vhci_hcd
[  462.103615][ T5945] Bluetooth: hci4: Opcode 0x1003 failed: -110
[  462.103629][ T5297] Bluetooth: hci4: command 0x1003 tx timeout
[  462.304188][T11874] vhci_hcd: connection reset by peer
[  462.307232][ T1142] vhci_hcd vhci_hcd.3: stop threads
[  462.309642][ T1142] vhci_hcd vhci_hcd.3: release socket
[  462.312193][ T1142] vhci_hcd vhci_hcd.3: disconnect device
[  463.165721][T11883] ip6t_REJECT: TCP_RESET illegal for non-tcp
[  464.543676][T11903] vhci_hcd vhci_hcd.0: pdev(0) rhport(0) sockfd(7)
[  464.546012][T11903] vhci_hcd vhci_hcd.0: devid(0) speed(6) speed_str(super-speed-plus)
[  464.553808][T11903] vhci_hcd vhci_hcd.0: Device attached
[  464.843685][   T34] usb 38-1: SetAddress Request (114) to port 0
[  464.846345][   T34] usb 38-1: new SuperSpeed USB device number 114 using vhci_hcd
[  464.933102][T11911] vhci_hcd vhci_hcd.0: pdev(2) rhport(0) sockfd(6)
[  464.935901][T11911] vhci_hcd vhci_hcd.0: devid(0) speed(6) speed_str(super-speed-plus)
[  464.940714][T11911] vhci_hcd vhci_hcd.0: Device attached
[  465.228168][ T6027] usb 42-1: SetAddress Request (12) to port 0
[  465.233891][ T6027] usb 42-1: new SuperSpeed USB device number 12 using vhci_hcd
[  465.255083][T11904] vhci_hcd: connection reset by peer
[  465.257645][ T1145] vhci_hcd vhci_hcd.0: stop threads
[  465.260192][ T1145] vhci_hcd vhci_hcd.0: release socket
[  465.262553][ T1145] vhci_hcd vhci_hcd.0: disconnect device
[  465.461688][T11912] vhci_hcd: connection reset by peer
[  465.465356][ T4567] vhci_hcd vhci_hcd.2: stop threads
[  465.466103][T11916] vhci_hcd vhci_hcd.0: pdev(3) rhport(0) sockfd(8)
[  465.467619][ T4567] vhci_hcd vhci_hcd.2: release socket
[  465.470224][T11916] vhci_hcd vhci_hcd.0: devid(0) speed(6) speed_str(super-speed-plus)
[  465.472715][ T4567] vhci_hcd vhci_hcd.2: disconnect device
[  465.487297][T11916] vhci_hcd vhci_hcd.0: Device attached
[  465.724581][T11917] vhci_hcd: connection closed
[  465.724869][ T4567] vhci_hcd vhci_hcd.3: stop threads
[  465.728320][ T4567] vhci_hcd vhci_hcd.3: release socket
[  465.730247][ T4567] vhci_hcd vhci_hcd.3: disconnect device
[  465.784265][ T6033] usb 40-1: device descriptor read/8, error -110
[  465.832668][T11922] vhci_hcd vhci_hcd.0: pdev(1) rhport(0) sockfd(6)
[  465.835032][T11922] vhci_hcd vhci_hcd.0: devid(0) speed(6) speed_str(super-speed-plus)
[  465.853222][T11922] vhci_hcd vhci_hcd.0: Device attached
[  466.033738][ T6033] usb 40-1: SetAddress Request (21) to port 0
[  466.036370][ T6033] usb 40-1: new SuperSpeed USB device number 21 using vhci_hcd
[  466.583274][T11923] vhci_hcd: connection reset by peer
[  466.595875][ T1145] vhci_hcd vhci_hcd.1: stop threads
[  466.598961][ T1145] vhci_hcd vhci_hcd.1: release socket
[  466.608176][ T1145] vhci_hcd vhci_hcd.1: disconnect device
[  467.506192][T11945] vhci_hcd vhci_hcd.0: pdev(0) rhport(0) sockfd(7)
[  467.508444][T11945] vhci_hcd vhci_hcd.0: devid(0) speed(6) speed_str(super-speed-plus)
[  467.512029][T11945] vhci_hcd vhci_hcd.0: Device attached
[  467.642007][ T6002] usb 44-1: device descriptor read/8, error -110
[  467.818297][T11951] netlink: 20 bytes leftover after parsing attributes in process `syz.2.1443'.
[  468.202265][T11956] vhci_hcd vhci_hcd.0: pdev(2) rhport(0) sockfd(7)
[  468.204614][T11956] vhci_hcd vhci_hcd.0: devid(0) speed(6) speed_str(super-speed-plus)
[  468.228197][T11956] vhci_hcd vhci_hcd.0: Device attached
[  468.380014][T11964] netlink: zone id is out of range
[  468.382177][T11964] netlink: zone id is out of range
[  468.393850][T11964] netlink: zone id is out of range
[  468.396108][T11964] netlink: del zone limit has 8 unknown bytes
[  468.537213][ T6002] usb usb44-port1: attempt power cycle
[  469.116802][ T6002] usb usb44-port1: unable to enumerate USB device
[  469.162281][T11958] vhci_hcd: connection closed
[  469.162486][T11790] vhci_hcd vhci_hcd.2: stop threads
[  469.166375][T11790] vhci_hcd vhci_hcd.2: release socket
[  469.168401][T11790] vhci_hcd vhci_hcd.2: disconnect device
[  469.615434][T11946] vhci_hcd: connection closed
[  469.615872][   T83] vhci_hcd vhci_hcd.0: stop threads
[  469.619826][   T83] vhci_hcd vhci_hcd.0: release socket
[  469.621578][   T83] vhci_hcd vhci_hcd.0: disconnect device
[  469.943738][   T34] usb 38-1: device descriptor read/8, error -110
[  470.057254][T11971] vhci_hcd vhci_hcd.0: pdev(3) rhport(0) sockfd(8)
[  470.060033][T11971] vhci_hcd vhci_hcd.0: devid(0) speed(6) speed_str(super-speed-plus)
[  470.063636][T11971] vhci_hcd vhci_hcd.0: Device attached
[  470.192038][T11972] vhci_hcd: connection closed
[  470.192389][T11790] vhci_hcd vhci_hcd.3: stop threads
[  470.196547][T11790] vhci_hcd vhci_hcd.3: release socket
[  470.198639][T11790] vhci_hcd vhci_hcd.3: disconnect device
[  470.263759][ T6027] usb 42-1: device descriptor read/8, error -110
[  470.334606][   T34] usb usb38-port1: attempt power cycle
[  470.654439][ T6027] usb usb42-port1: attempt power cycle
[  471.147807][ T6033] usb 40-1: device descriptor read/8, error -110
[  471.310421][ T6033] usb usb40-port1: attempt power cycle
[  471.340108][T11983] FAULT_INJECTION: forcing a failure.
[  471.340108][T11983] name failslab, interval 1, probability 0, space 0, times 0
[  471.349764][T11983] CPU: 1 UID: 0 PID: 11983 Comm: syz.2.1450 Not tainted syzkaller #0 PREEMPT(full) 
[  471.349792][T11983] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2~bpo12+1 04/01/2014
[  471.349803][T11983] Call Trace:
[  471.349811][T11983]  <TASK>
[  471.349819][T11983]  dump_stack_lvl+0x16c/0x1f0
[  471.349851][T11983]  should_fail_ex+0x512/0x640
[  471.349871][T11983]  ? __kmalloc_noprof+0xca/0x910
[  471.349893][T11983]  should_failslab+0xc2/0x120
[  471.349920][T11983]  __kmalloc_noprof+0xeb/0x910
[  471.349939][T11983]  ? genl_family_rcv_msg_attrs_parse.constprop.0+0xc8/0x290
[  471.349975][T11983]  ? genl_family_rcv_msg_attrs_parse.constprop.0+0xc8/0x290
[  471.350003][T11983]  genl_family_rcv_msg_attrs_parse.constprop.0+0xc8/0x290
[  471.350036][T11983]  genl_family_rcv_msg_doit+0xbf/0x2f0
[  471.350066][T11983]  ? __pfx_genl_family_rcv_msg_doit+0x10/0x10
[  471.350114][T11983]  ? genl_get_cmd+0x194/0x580
[  471.350147][T11983]  ? bpf_lsm_capable+0x9/0x10
[  471.350170][T11983]  ? security_capable+0x7e/0x260
[  471.350198][T11983]  ? ns_capable+0xd7/0x110
[  471.350223][T11983]  genl_rcv_msg+0x55c/0x800
[  471.350243][T11983]  ? __pfx_genl_rcv_msg+0x10/0x10
[  471.350261][T11983]  ? __pfx_wg_set_device_doit+0x10/0x10
[  471.350297][T11983]  netlink_rcv_skb+0x158/0x420
[  471.350322][T11983]  ? __pfx_genl_rcv_msg+0x10/0x10
[  471.350360][T11983]  ? __pfx_netlink_rcv_skb+0x10/0x10
[  471.350398][T11983]  ? netlink_deliver_tap+0x1ae/0xd30
[  471.350427][T11983]  genl_rcv+0x28/0x40
[  471.350451][T11983]  netlink_unicast+0x5aa/0x870
[  471.350480][T11983]  ? __pfx_netlink_unicast+0x10/0x10
[  471.350516][T11983]  netlink_sendmsg+0x8c8/0xdd0
[  471.350545][T11983]  ? __pfx_netlink_sendmsg+0x10/0x10
[  471.350574][T11983]  ? aa_sock_msg_perm.constprop.0+0x100/0x1b0
[  471.350602][T11983]  ____sys_sendmsg+0xa5d/0xc30
[  471.350629][T11983]  ? __pfx_____sys_sendmsg+0x10/0x10
[  471.350651][T11983]  ? get_compat_msghdr+0x11a/0x170
[  471.350683][T11983]  ___sys_sendmsg+0x134/0x1d0
[  471.350705][T11983]  ? __pfx____sys_sendmsg+0x10/0x10
[  471.350738][T11983]  ? find_held_lock+0x2b/0x80
[  471.350777][T11983]  __sys_sendmsg+0x16d/0x220
[  471.350799][T11983]  ? __pfx___sys_sendmsg+0x10/0x10
[  471.350830][T11983]  ? do_user_addr_fault+0x843/0x1370
[  471.350855][T11983]  __do_fast_syscall_32+0xe8/0x680
[  471.350882][T11983]  do_fast_syscall_32+0x32/0x80
[  471.350899][T11983]  entry_SYSENTER_compat_after_hwframe+0x84/0x8e
[  471.350919][T11983] RIP: 0023:0xf7fd2579
[  471.350933][T11983] Code: b8 01 10 06 03 74 b4 01 10 07 03 74 b0 01 10 08 03 74 d8 01 00 00 00 00 00 00 00 00 00 00 00 00 00 51 52 55 89 e5 0f 34 cd 80 <5d> 5a 59 c3 90 90 90 90 8d b4 26 00 00 00 00 8d b4 26 00 00 00 00
[  471.350949][T11983] RSP: 002b:00000000f54c655c EFLAGS: 00000296 ORIG_RAX: 0000000000000172
[  471.350966][T11983] RAX: ffffffffffffffda RBX: 0000000000000003 RCX: 00000000800000c0
[  471.350977][T11983] RDX: 0000000000040000 RSI: 0000000000000000 RDI: 0000000000000000
[  471.350987][T11983] RBP: 0000000000000000 R08: 0000000000000000 R09: 0000000000000000
[  471.350997][T11983] R10: 0000000000000000 R11: 0000000000000293 R12: 0000000000000000
[  471.351008][T11983] R13: 0000000000000000 R14: 0000000000000000 R15: 0000000000000000
[  471.351031][T11983]  </TASK>
[  471.491441][   T34] usb usb38-port1: unable to enumerate USB device
[  471.535577][T11985] vhci_hcd vhci_hcd.0: pdev(3) rhport(0) sockfd(6)
[  471.538446][T11985] vhci_hcd vhci_hcd.0: devid(0) speed(6) speed_str(super-speed-plus)
[  471.544282][T11985] vhci_hcd vhci_hcd.0: Device attached
[  471.614788][ T6027] usb usb42-port1: unable to enumerate USB device
[  471.844369][ T6629] usb 44-1: SetAddress Request (17) to port 0
[  471.847505][ T6629] usb 44-1: new SuperSpeed USB device number 17 using vhci_hcd
[  472.075707][T11987] vhci_hcd: connection reset by peer
[  472.080109][   T83] vhci_hcd vhci_hcd.3: stop threads
[  472.083040][   T83] vhci_hcd vhci_hcd.3: release socket
[  472.085883][   T83] vhci_hcd vhci_hcd.3: disconnect device
[  472.382363][ T6033] usb usb40-port1: unable to enumerate USB device
[  472.647550][T11999] netlink: 4 bytes leftover after parsing attributes in process `syz.2.1453'.
[  473.446373][T12007] vhci_hcd vhci_hcd.0: pdev(3) rhport(0) sockfd(7)
[  473.449139][T12007] vhci_hcd vhci_hcd.0: devid(0) speed(6) speed_str(super-speed-plus)
[  473.452983][T12007] vhci_hcd vhci_hcd.0: Device attached
[  473.863172][T12013] FAULT_INJECTION: forcing a failure.
[  473.863172][T12013] name fail_usercopy, interval 1, probability 0, space 0, times 0
[  473.868949][T12013] CPU: 1 UID: 0 PID: 12013 Comm: syz.2.1456 Not tainted syzkaller #0 PREEMPT(full) 
[  473.868989][T12013] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2~bpo12+1 04/01/2014
[  473.869000][T12013] Call Trace:
[  473.869008][T12013]  <TASK>
[  473.869016][T12013]  dump_stack_lvl+0x16c/0x1f0
[  473.869045][T12013]  should_fail_ex+0x512/0x640
[  473.869067][T12013]  _copy_from_user+0x2e/0xd0
[  473.869086][T12013]  snd_seq_write+0x3ed/0x6d0
[  473.869117][T12013]  ? __pfx_snd_seq_write+0x10/0x10
[  473.869151][T12013]  ? bpf_lsm_file_permission+0x9/0x10
[  473.869170][T12013]  ? security_file_permission+0x71/0x210
[  473.869191][T12013]  ? rw_verify_area+0xcf/0x6c0
[  473.869213][T12013]  ? __pfx_snd_seq_write+0x10/0x10
[  473.869236][T12013]  vfs_write+0x2a0/0x11d0
[  473.869263][T12013]  ? __pfx_vfs_write+0x10/0x10
[  473.869284][T12013]  ? find_held_lock+0x2b/0x80
[  473.869307][T12013]  ? __fget_files+0x204/0x3c0
[  473.869333][T12013]  ? __fget_files+0x20e/0x3c0
[  473.869361][T12013]  ksys_write+0x1f8/0x250
[  473.869383][T12013]  ? __pfx_ksys_write+0x10/0x10
[  473.869402][T12013]  ? rcu_is_watching+0x12/0xc0
[  473.869429][T12013]  __do_fast_syscall_32+0xe8/0x680
[  473.869458][T12013]  do_fast_syscall_32+0x32/0x80
[  473.869474][T12013]  entry_SYSENTER_compat_after_hwframe+0x84/0x8e
[  473.869495][T12013] RIP: 0023:0xf7fd2579
[  473.869509][T12013] Code: b8 01 10 06 03 74 b4 01 10 07 03 74 b0 01 10 08 03 74 d8 01 00 00 00 00 00 00 00 00 00 00 00 00 00 51 52 55 89 e5 0f 34 cd 80 <5d> 5a 59 c3 90 90 90 90 8d b4 26 00 00 00 00 8d b4 26 00 00 00 00
[  473.869525][T12013] RSP: 002b:00000000f548455c EFLAGS: 00000296 ORIG_RAX: 0000000000000004
[  473.869542][T12013] RAX: ffffffffffffffda RBX: 0000000000000005 RCX: 0000000080000000
[  473.869554][T12013] RDX: 000000000000ffc8 RSI: 0000000000000000 RDI: 0000000000000000
[  473.869564][T12013] RBP: 0000000000000000 R08: 0000000000000000 R09: 0000000000000000
[  473.869575][T12013] R10: 0000000000000000 R11: 0000000000000293 R12: 0000000000000000
[  473.869585][T12013] R13: 0000000000000000 R14: 0000000000000000 R15: 0000000000000000
[  473.869606][T12013]  </TASK>
[  474.535278][T12008] vhci_hcd: connection closed
[  474.535546][   T46] vhci_hcd vhci_hcd.3: stop threads
[  474.539683][   T46] vhci_hcd vhci_hcd.3: release socket
[  474.542017][   T46] vhci_hcd vhci_hcd.3: disconnect device
[  475.148545][T12021] vhci_hcd vhci_hcd.0: pdev(0) rhport(0) sockfd(8)
[  475.151321][T12021] vhci_hcd vhci_hcd.0: devid(0) speed(6) speed_str(super-speed-plus)
[  475.155139][T12021] vhci_hcd vhci_hcd.0: Device attached
[  475.186794][   T46] Bluetooth: hci4: Frame reassembly failed (-84)
[  475.189096][   T46] Bluetooth: hci4: Frame reassembly failed (-84)
[  475.403622][T12022] vhci_hcd: connection closed
[  475.418662][   T46] vhci_hcd vhci_hcd.0: stop threads
[  475.422759][   T46] vhci_hcd vhci_hcd.0: release socket
[  475.423690][   T34] usb 38-1: SetAddress Request (118) to port 0
[  475.427663][   T46] vhci_hcd vhci_hcd.0: disconnect device
[  475.434508][   T34] usb 38-1: new SuperSpeed USB device number 118 using vhci_hcd
[  475.453652][   T34] usb 38-1: enqueue for inactive port 0
[  475.468636][T12026] binder: 12025:12026 ioctl 8954 80000100 returned -22
[  475.890081][   T34] usb usb38-port1: attempt power cycle
[  476.005751][T12037] netlink: 27 bytes leftover after parsing attributes in process `syz.1.1462'.
[  476.491579][   T34] usb usb38-port1: unable to enumerate USB device
[  476.913918][ T6629] usb 44-1: device descriptor read/8, error -110
[  477.223625][ T5945] Bluetooth: hci4: Opcode 0x1003 failed: -110
[  477.571031][ T6629] usb usb44-port1: attempt power cycle
[  478.107040][T12064] vhci_hcd vhci_hcd.0: pdev(1) rhport(0) sockfd(7)
[  478.109902][T12064] vhci_hcd vhci_hcd.0: devid(0) speed(6) speed_str(super-speed-plus)
[  478.126914][T12064] vhci_hcd vhci_hcd.0: Device attached
[  478.389748][ T6629] usb usb44-port1: unable to enumerate USB device
[  478.523817][ T8045] usb 40-1: SetAddress Request (24) to port 0
[  478.526494][ T8045] usb 40-1: new SuperSpeed USB device number 24 using vhci_hcd
[  478.668846][T12065] vhci_hcd: connection reset by peer
[  478.683938][   T83] vhci_hcd vhci_hcd.1: stop threads
[  478.686255][   T83] vhci_hcd vhci_hcd.1: release socket
[  478.688648][   T83] vhci_hcd vhci_hcd.1: disconnect device
[  481.797828][T12100] vhci_hcd vhci_hcd.0: pdev(1) rhport(0) sockfd(8)
[  481.800862][T12100] vhci_hcd vhci_hcd.0: devid(0) speed(6) speed_str(super-speed-plus)
[  481.813726][T12100] vhci_hcd vhci_hcd.0: Device attached
[  482.015250][   T46] Bluetooth: hci4: Frame reassembly failed (-84)
[  482.022287][   T12] Bluetooth: hci4: Frame reassembly failed (-84)
[  482.106216][T12101] vhci_hcd: connection closed
[  482.107029][   T12] vhci_hcd vhci_hcd.1: stop threads
[  482.113391][   T12] vhci_hcd vhci_hcd.1: release socket
[  482.118114][   T12] vhci_hcd vhci_hcd.1: disconnect device
[  482.903198][T12120] 9p: Bad value for 'port'
[  483.250359][T12124] vhci_hcd vhci_hcd.0: pdev(0) rhport(0) sockfd(3)
[  483.253273][T12124] vhci_hcd vhci_hcd.0: devid(0) speed(5) speed_str(super-speed)
[  483.256644][T12124] vhci_hcd vhci_hcd.0: Device attached
[  483.277250][T12124] netlink: 6068 bytes leftover after parsing attributes in process `syz.0.1483'.
[  483.350216][T12128] netlink: 72 bytes leftover after parsing attributes in process `syz.0.1483'.
[  483.440044][T12128] syz.0.1483 (12128): drop_caches: 2
[  483.449403][T12128] syz.0.1483 (12128): drop_caches: 2
[  483.598969][T12128] binder: 12123:12128 ioctl 40046629 80000200 returned -22
[  483.624070][T12125] vhci_hcd: cannot find the pending unlink 4294967287
[  483.753730][ T6033] usb 38-1: SetAddress Request (122) to port 0
[  483.756218][ T6033] usb 38-1: new SuperSpeed USB device number 122 using vhci_hcd
[  484.023758][ T5945] Bluetooth: hci4: command 0x1003 tx timeout
[  484.026224][ T5297] Bluetooth: hci4: Opcode 0x1003 failed: -110
[  484.259658][T12125] vhci_hcd: connection reset by peer
[  484.262334][T11790] vhci_hcd vhci_hcd.0: stop threads
[  484.265365][T11790] vhci_hcd vhci_hcd.0: release socket
[  484.267822][T11790] vhci_hcd vhci_hcd.0: disconnect device
[  484.344390][ T8045] usb 40-1: device descriptor read/8, error -110
[  485.055178][ T8045] usb usb40-port1: attempt power cycle
[  485.634851][ T8045] usb usb40-port1: unable to enumerate USB device
[  487.157323][T12145] netlink: zone id is out of range
[  487.159698][T12145] netlink: zone id is out of range
[  487.161912][T12145] netlink: zone id is out of range
[  487.165735][T12145] netlink: del zone limit has 8 unknown bytes
[  487.559743][T12178] vhci_hcd vhci_hcd.0: pdev(3) rhport(0) sockfd(6)
[  487.562983][T12178] vhci_hcd vhci_hcd.0: devid(0) speed(6) speed_str(super-speed-plus)
[  487.571091][T12174] netlink: 32 bytes leftover after parsing attributes in process `syz.0.1490'.
[  487.576374][T12149] cgroup: fork rejected by pids controller in /syz2
[  487.584131][T12178] vhci_hcd vhci_hcd.0: Device attached
[  487.863690][   T34] usb 44-1: SetAddress Request (21) to port 0
[  487.869979][   T34] usb 44-1: new SuperSpeed USB device number 21 using vhci_hcd
[  488.138339][T12179] vhci_hcd: connection reset by peer
[  488.142267][   T83] vhci_hcd vhci_hcd.3: stop threads
[  488.145095][   T83] vhci_hcd vhci_hcd.3: release socket
[  488.147349][   T83] vhci_hcd vhci_hcd.3: disconnect device
[  488.823642][ T6033] usb 38-1: device descriptor read/8, error -110
[  489.214291][ T6033] usb usb38-port1: attempt power cycle
[  489.876726][ T6033] usb usb38-port1: unable to enumerate USB device
[  489.952922][T12807] vhci_hcd vhci_hcd.0: pdev(3) rhport(0) sockfd(8)
[  489.955448][T12807] vhci_hcd vhci_hcd.0: devid(0) speed(6) speed_str(super-speed-plus)
[  489.960856][T12807] vhci_hcd vhci_hcd.0: Device attached
[  490.123119][T12811] netlink: 'syz.2.1494': attribute type 10 has an invalid length.
[  490.250258][T12813] gfs2: gfs2 mount does not exist
[  490.396008][T12809] vhci_hcd: connection closed
[  490.396211][ T4567] vhci_hcd vhci_hcd.3: stop threads
[  490.399543][ T4567] vhci_hcd vhci_hcd.3: release socket
[  490.401711][ T4567] vhci_hcd vhci_hcd.3: disconnect device
[  490.850001][T12806] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium
[  491.212678][T12824] vhci_hcd vhci_hcd.0: pdev(1) rhport(0) sockfd(3)
[  491.215367][T12824] vhci_hcd vhci_hcd.0: devid(0) speed(5) speed_str(super-speed)
[  491.218981][T12824] vhci_hcd vhci_hcd.0: Device attached
[  491.231617][T12824] netlink: 6068 bytes leftover after parsing attributes in process `syz.1.1497'.
[  491.298797][T12827] netlink: 72 bytes leftover after parsing attributes in process `syz.1.1497'.
[  491.336012][T12827] syz.1.1497 (12827): drop_caches: 2
[  491.342133][T12827] syz.1.1497 (12827): drop_caches: 2
[  491.396635][T12827] binder: 12823:12827 ioctl 40046629 80000200 returned -22
[  491.442834][T12825] vhci_hcd: cannot find the pending unlink 4294967287
[  491.515970][ T6033] usb 40-1: SetAddress Request (28) to port 0
[  491.538829][ T6033] usb 40-1: new SuperSpeed USB device number 28 using vhci_hcd
[  491.659058][T12830] netlink: 'syz.2.1499': attribute type 39 has an invalid length.
[  491.901608][T12836] vhci_hcd vhci_hcd.0: pdev(2) rhport(0) sockfd(3)
[  491.904397][T12836] vhci_hcd vhci_hcd.0: devid(0) speed(5) speed_str(super-speed)
[  491.925576][T12836] vhci_hcd vhci_hcd.0: Device attached
[  491.970792][T12836] netlink: 6068 bytes leftover after parsing attributes in process `syz.2.1501'.
[  492.036213][T12844] netlink: 72 bytes leftover after parsing attributes in process `syz.2.1501'.
[  492.080363][T12844] syz.2.1501 (12844): drop_caches: 2
[  492.090353][T12844] syz.2.1501 (12844): drop_caches: 2
[  492.106093][T12844] binder: 12835:12844 ioctl 40046629 80000200 returned -22
[  492.390394][T12839] vhci_hcd: cannot find the pending unlink 4294967287
[  493.450340][T12825] vhci_hcd: connection reset by peer
[  493.633779][   T34] usb 44-1: device descriptor read/8, error -110
[  493.636591][   T46] vhci_hcd vhci_hcd.1: stop threads
[  493.639478][   T46] vhci_hcd vhci_hcd.1: release socket
[  493.642281][   T46] vhci_hcd vhci_hcd.1: disconnect device
[  493.981571][ T6839] usb 42-1: SetAddress Request (16) to port 0
[  493.989197][ T6839] usb 42-1: new SuperSpeed USB device number 16 using vhci_hcd
[  494.030516][T12839] vhci_hcd: connection reset by peer
[  494.033780][ T4567] vhci_hcd vhci_hcd.2: stop threads
[  494.035633][ T4567] vhci_hcd vhci_hcd.2: release socket
[  494.038177][ T4567] vhci_hcd vhci_hcd.2: disconnect device
[  494.376854][   T34] usb usb44-port1: attempt power cycle
[  495.227481][   T34] usb usb44-port1: unable to enumerate USB device
[  495.746278][T12871] netlink: 'syz.0.1509': attribute type 10 has an invalid length.
[  495.967076][T11790] Bluetooth: hci4: Frame reassembly failed (-84)
[  495.970704][T11790] Bluetooth: hci4: Frame reassembly failed (-84)
[  495.973617][ T1142] Bluetooth: hci4: Frame reassembly failed (-84)
[  496.023762][T12872] vhci_hcd vhci_hcd.0: pdev(2) rhport(0) sockfd(8)
[  496.025946][T12872] vhci_hcd vhci_hcd.0: devid(0) speed(6) speed_str(super-speed-plus)
[  496.028666][T12872] vhci_hcd vhci_hcd.0: Device attached
[  496.072954][T12874] vhci_hcd: connection closed
[  496.073371][T11790] vhci_hcd vhci_hcd.2: stop threads
[  496.077860][T11790] vhci_hcd vhci_hcd.2: release socket
[  496.080246][T11790] vhci_hcd vhci_hcd.2: disconnect device
[  496.469163][T12869] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium
[  496.583650][ T6033] usb 40-1: device descriptor read/8, error -110
[  496.974401][ T6033] usb usb40-port1: attempt power cycle
[  497.161579][T12884] syzkaller0: entered allmulticast mode
[  498.023841][ T5297] Bluetooth: hci4: Opcode 0x1003 failed: -110
[  498.244486][ T6033] usb usb40-port1: unable to enumerate USB device
[  498.265257][T12893] vhci_hcd vhci_hcd.0: pdev(3) rhport(0) sockfd(3)
[  498.267984][T12893] vhci_hcd vhci_hcd.0: devid(0) speed(5) speed_str(super-speed)
[  498.272197][T12892] FAULT_INJECTION: forcing a failure.
[  498.272197][T12892] name failslab, interval 1, probability 0, space 0, times 0
[  498.277586][T12892] CPU: 3 UID: 0 PID: 12892 Comm: syz.1.1515 Not tainted syzkaller #0 PREEMPT(full) 
[  498.277609][T12892] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2~bpo12+1 04/01/2014
[  498.277620][T12892] Call Trace:
[  498.277628][T12892]  <TASK>
[  498.277636][T12892]  dump_stack_lvl+0x16c/0x1f0
[  498.277664][T12892]  should_fail_ex+0x512/0x640
[  498.277682][T12892]  ? kmem_cache_alloc_node_noprof+0x65/0x800
[  498.277722][T12892]  should_failslab+0xc2/0x120
[  498.277745][T12892]  kmem_cache_alloc_node_noprof+0x86/0x800
[  498.277764][T12892]  ? __alloc_skb+0x156/0x410
[  498.277787][T12892]  ? __alloc_skb+0x156/0x410
[  498.277803][T12892]  __alloc_skb+0x156/0x410
[  498.277819][T12892]  ? __alloc_skb+0x35d/0x410
[  498.277835][T12892]  ? __pfx___alloc_skb+0x10/0x10
[  498.277890][T12892]  ? genl_rcv_msg+0x4bb/0x800
[  498.277914][T12892]  netlink_ack+0x15d/0xb80
[  498.277944][T12892]  netlink_rcv_skb+0x332/0x420
[  498.277967][T12892]  ? __pfx_genl_rcv_msg+0x10/0x10
[  498.277983][T12892]  ? __pfx_netlink_rcv_skb+0x10/0x10
[  498.278016][T12892]  ? netlink_deliver_tap+0x1ae/0xd30
[  498.278042][T12892]  genl_rcv+0x28/0x40
[  498.278065][T12892]  netlink_unicast+0x5aa/0x870
[  498.278091][T12892]  ? __pfx_netlink_unicast+0x10/0x10
[  498.278124][T12892]  netlink_sendmsg+0x8c8/0xdd0
[  498.278150][T12892]  ? __pfx_netlink_sendmsg+0x10/0x10
[  498.278184][T12892]  ? aa_sock_msg_perm.constprop.0+0x100/0x1b0
[  498.278216][T12892]  ____sys_sendmsg+0xa5d/0xc30
[  498.278243][T12892]  ? __pfx_____sys_sendmsg+0x10/0x10
[  498.278267][T12892]  ? get_compat_msghdr+0x11a/0x170
[  498.278298][T12892]  ___sys_sendmsg+0x134/0x1d0
[  498.278320][T12892]  ? __pfx____sys_sendmsg+0x10/0x10
[  498.278352][T12892]  ? find_held_lock+0x2b/0x80
[  498.278388][T12892]  __sys_sendmsg+0x16d/0x220
[  498.278409][T12892]  ? __pfx___sys_sendmsg+0x10/0x10
[  498.278445][T12892]  __do_fast_syscall_32+0xe8/0x680
[  498.278471][T12892]  do_fast_syscall_32+0x32/0x80
[  498.278485][T12892]  entry_SYSENTER_compat_after_hwframe+0x84/0x8e
[  498.278505][T12892] RIP: 0023:0xf70ed579
[  498.278518][T12892] Code: b8 01 10 06 03 74 b4 01 10 07 03 74 b0 01 10 08 03 74 d8 01 00 00 00 00 00 00 00 00 00 00 00 00 00 51 52 55 89 e5 0f 34 cd 80 <5d> 5a 59 c3 90 90 90 90 8d b4 26 00 00 00 00 8d b4 26 00 00 00 00
[  498.278535][T12892] RSP: 002b:00000000f54dd55c EFLAGS: 00000296 ORIG_RAX: 0000000000000172
[  498.278551][T12892] RAX: ffffffffffffffda RBX: 0000000000000003 RCX: 00000000800000c0
[  498.278561][T12892] RDX: 0000000000040000 RSI: 0000000000000000 RDI: 0000000000000000
[  498.278570][T12892] RBP: 0000000000000000 R08: 0000000000000000 R09: 0000000000000000
[  498.278580][T12892] R10: 0000000000000000 R11: 0000000000000293 R12: 0000000000000000
[  498.278589][T12892] R13: 0000000000000000 R14: 0000000000000000 R15: 0000000000000000
[  498.278611][T12892]  </TASK>
[  498.283859][T12893] vhci_hcd vhci_hcd.0: Device attached
[  498.423411][T12893] netlink: 6068 bytes leftover after parsing attributes in process `syz.3.1514'.
[  498.489099][T12896] netlink: 72 bytes leftover after parsing attributes in process `syz.3.1514'.
[  498.523140][T12896] syz.3.1514 (12896): drop_caches: 2
[  498.527909][T12896] syz.3.1514 (12896): drop_caches: 2
[  498.552690][T12896] binder: 12890:12896 ioctl 40046629 80000200 returned -22
[  498.564406][T12900] netlink: 4 bytes leftover after parsing attributes in process `syz.1.1516'.
[  498.572750][T12894] vhci_hcd: cannot find the pending unlink 4294967287
[  498.653962][ T6033] usb 44-1: SetAddress Request (25) to port 0
[  498.657566][ T6033] usb 44-1: new SuperSpeed USB device number 25 using vhci_hcd
[  498.959915][T12904] netlink: 8 bytes leftover after parsing attributes in process `syz.2.1517'.
[  499.074235][ T6839] usb 42-1: device descriptor read/8, error -110
[  499.095442][T12894] vhci_hcd: connection reset by peer
[  499.099437][   T12] vhci_hcd vhci_hcd.3: stop threads
[  499.102970][   T12] vhci_hcd vhci_hcd.3: release socket
[  499.107899][   T12] vhci_hcd vhci_hcd.3: disconnect device
[  499.469536][ T6839] usb usb42-port1: attempt power cycle
[  501.140705][ T6839] usb usb42-port1: unable to enumerate USB device
[  501.368986][T12922] netlink: 'syz.2.1521': attribute type 10 has an invalid length.
[  501.972685][T12920] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium
[  502.864847][T12932] netlink: 72 bytes leftover after parsing attributes in process `syz.2.1524'.
[  503.459292][T12937] vhci_hcd vhci_hcd.0: pdev(0) rhport(0) sockfd(8)
[  503.462012][T12937] vhci_hcd vhci_hcd.0: devid(0) speed(6) speed_str(super-speed-plus)
[  503.465650][T12937] vhci_hcd vhci_hcd.0: Device attached
[  503.499698][T11790] Bluetooth: hci4: Frame reassembly failed (-84)
[  503.502581][T11790] Bluetooth: hci4: Frame reassembly failed (-84)
[  503.622437][T12941] vhci_hcd vhci_hcd.0: pdev(3) rhport(0) sockfd(3)
[  503.624666][T12941] vhci_hcd vhci_hcd.0: devid(0) speed(5) speed_str(super-speed)
[  503.628606][T12941] vhci_hcd vhci_hcd.0: Device attached
[  503.635407][T12941] netlink: 6068 bytes leftover after parsing attributes in process `syz.3.1526'.
[  503.698227][T12946] netlink: 72 bytes leftover after parsing attributes in process `syz.3.1526'.
[  503.729109][T12946] syz.3.1526 (12946): drop_caches: 2
[  503.733977][T12946] syz.3.1526 (12946): drop_caches: 2
[  503.749048][T12942] vhci_hcd: unlink->seqnum 42
[  503.751232][T12946] binder: 12940:12946 ioctl 40046629 80000200 returned -22
[  503.757060][T12942] vhci_hcd: cannot find the pending unlink 4294967287
[  503.863898][ T6629] usb 38-1: SetAddress Request (126) to port 0
[  503.867126][ T6629] usb 38-1: new SuperSpeed USB device number 126 using vhci_hcd
[  504.076507][T12938] vhci_hcd: connection reset by peer
[  504.079249][   T46] vhci_hcd vhci_hcd.0: stop threads
[  504.087690][   T46] vhci_hcd vhci_hcd.0: release socket
[  504.099268][   T46] vhci_hcd vhci_hcd.0: disconnect device
[  504.475929][T12942] vhci_hcd: connection reset by peer
[  504.478803][   T46] vhci_hcd vhci_hcd.3: stop threads
[  504.481715][   T46] vhci_hcd vhci_hcd.3: release socket
[  504.484287][   T46] vhci_hcd vhci_hcd.3: disconnect device
[  504.484607][ T6033] usb 44-1: device descriptor read/8, error -110
[  504.926020][ T6033] usb usb44-port1: attempt power cycle
[  505.095259][T12957] netlink: 'syz.1.1531': attribute type 33 has an invalid length.
[  505.098365][T12957] netlink: 36 bytes leftover after parsing attributes in process `syz.1.1531'.
[  505.426708][T12969] netlink: 'syz.3.1532': attribute type 10 has an invalid length.
[  505.545300][ T5945] Bluetooth: hci4: Opcode 0x1003 failed: -110
[  506.013720][T12959] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium
[  506.026717][ T1416] ieee802154 phy0 wpan0: encryption failed: -22
[  506.029404][ T1416] ieee802154 phy1 wpan1: encryption failed: -22
[  506.263066][ T6033] usb usb44-port1: unable to enumerate USB device
[  507.436658][T12996] vhci_hcd vhci_hcd.0: pdev(2) rhport(0) sockfd(3)
[  507.439383][T12996] vhci_hcd vhci_hcd.0: devid(0) speed(5) speed_str(super-speed)
[  507.444039][T12996] vhci_hcd vhci_hcd.0: Device attached
[  507.470069][T12996] netlink: 6048 bytes leftover after parsing attributes in process `syz.2.1539'.
[  507.530668][T12999] netlink: 72 bytes leftover after parsing attributes in process `syz.2.1539'.
[  507.551471][T12999] syz.2.1539 (12999): drop_caches: 2
[  507.555508][T12999] syz.2.1539 (12999): drop_caches: 2
[  507.568571][T12999] binder: 12995:12999 ioctl 40046629 80000200 returned -22
[  507.599206][T12997] vhci_hcd: cannot find the pending unlink 4294967287
[  507.743657][   T24] usb 42-1: SetAddress Request (20) to port 0
[  507.746232][   T24] usb 42-1: new SuperSpeed USB device number 20 using vhci_hcd
[  508.339610][T12997] vhci_hcd: connection reset by peer
[  508.342471][T12975] vhci_hcd vhci_hcd.2: stop threads
[  508.345043][T12975] vhci_hcd vhci_hcd.2: release socket
[  508.347278][T12975] vhci_hcd vhci_hcd.2: disconnect device
[  508.859082][T13001] loop6: detected capacity change from 0 to 2640
[  508.883932][T13001] buffer_io_error: 40 callbacks suppressed
[  508.883950][T13001] Buffer I/O error on dev loop6, logical block 0, async page read
[  508.903723][ T6629] usb 38-1: device descriptor read/8, error -110
[  508.911874][T13001] Buffer I/O error on dev loop6, logical block 0, async page read
[  508.915335][T13001] Buffer I/O error on dev loop6, logical block 0, async page read
[  508.918585][T13001] Buffer I/O error on dev loop6, logical block 0, async page read
[  508.921869][T13001] Buffer I/O error on dev loop6, logical block 0, async page read
[  508.951209][T13001] Buffer I/O error on dev loop6, logical block 0, async page read
[  508.966814][T13001] Buffer I/O error on dev loop6, logical block 0, async page read
[  508.970055][T13001] Buffer I/O error on dev loop6, logical block 0, async page read
[  508.973393][T13001] ldm_validate_partition_table(): Disk read failed.
[  508.983821][T13001] Buffer I/O error on dev loop6, logical block 0, async page read
[  508.986893][T13001] Buffer I/O error on dev loop6, logical block 0, async page read
[  509.002457][T13001] Dev loop6: unable to read RDB block 0
[  509.005363][T13001]  loop6: unable to read partition table
[  509.044381][T13001] loop_reread_partitions: partition scan of loop6 (3„¾‚³˜) failed (rc=-5)
[  509.088549][ T5346] ldm_validate_partition_table(): Disk read failed.
[  509.101704][ T5346] Dev loop6: unable to read RDB block 0
[  509.104896][ T5346]  loop6: unable to read partition table
[  509.593880][T13018] netlink: 'syz.1.1545': attribute type 10 has an invalid length.
[  510.271022][T13016] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium
[  510.296561][ T6629] usb usb38-port1: attempt power cycle
[  512.552374][ T6629] usb usb38-port1: unable to enumerate USB device
[  513.478972][   T24] usb 42-1: device descriptor read/8, error -110
[  513.886141][   T24] usb usb42-port1: attempt power cycle
[  514.053288][T13031] vhci_hcd vhci_hcd.0: pdev(3) rhport(0) sockfd(3)
[  514.055996][T13031] vhci_hcd vhci_hcd.0: devid(0) speed(5) speed_str(super-speed)
[  514.060091][T13031] vhci_hcd vhci_hcd.0: Device attached
[  514.147367][T13031] netlink: 6048 bytes leftover after parsing attributes in process `syz.3.1549'.
[  514.241930][T13034] netlink: 72 bytes leftover after parsing attributes in process `syz.3.1549'.
[  514.363770][   T34] usb 44-1: SetAddress Request (29) to port 0
[  514.366338][   T34] usb 44-1: new SuperSpeed USB device number 29 using vhci_hcd
[  514.464597][   T24] usb usb42-port1: unable to enumerate USB device
[  515.214975][T13036] binder: 13030:13036 ioctl 40046629 80000200 returned -22
[  515.215634][T13034] syz.3.1549 (13034): drop_caches: 2
[  515.218192][T13032] vhci_hcd: cannot find the pending unlink 4294967287
[  515.229050][T13034] syz.3.1549 (13034): drop_caches: 2
[  515.377387][T13032] vhci_hcd: connection reset by peer
[  515.380175][T12970] vhci_hcd vhci_hcd.3: stop threads
[  515.382077][T12970] vhci_hcd vhci_hcd.3: release socket
[  515.384323][T12970] vhci_hcd vhci_hcd.3: disconnect device
[  516.701833][T13042] vhci_hcd vhci_hcd.0: pdev(3) rhport(0) sockfd(6)
[  516.711426][T13042] vhci_hcd vhci_hcd.0: devid(0) speed(6) speed_str(super-speed-plus)
[  516.715287][T13042] vhci_hcd vhci_hcd.0: Device attached
[  516.887000][T13055] vhci_hcd vhci_hcd.0: pdev(2) rhport(0) sockfd(5)
[  516.890313][T13055] vhci_hcd vhci_hcd.0: devid(0) speed(6) speed_str(super-speed-plus)
[  516.903852][T13055] vhci_hcd vhci_hcd.0: Device attached
[  517.205150][T13050] vhci_hcd: connection closed
[  517.205182][ T7966] usb 42-1: SetAddress Request (24) to port 0
[  517.205442][T12974] vhci_hcd vhci_hcd.3: stop threads
[  517.211740][T12974] vhci_hcd vhci_hcd.3: release socket
[  517.214391][T12974] vhci_hcd vhci_hcd.3: disconnect device
[  517.304020][ T7966] usb 42-1: new SuperSpeed USB device number 24 using vhci_hcd
[  517.410480][T13056] vhci_hcd: connection closed
[  517.412952][T12974] vhci_hcd vhci_hcd.2: stop threads
[  517.417181][T12974] vhci_hcd vhci_hcd.2: release socket
[  517.435511][T12974] vhci_hcd vhci_hcd.2: disconnect device
[  518.301963][T13064] netlink: 'syz.2.1555': attribute type 10 has an invalid length.
[  518.460624][ T7966] usb 42-1: enqueue for inactive port 0
[  518.965283][ T7966] usb usb42-port1: attempt power cycle
[  519.265857][T13062] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium
[  519.473797][   T34] usb 44-1: device descriptor read/8, error -110
[  519.534582][ T7966] usb usb42-port1: unable to enumerate USB device
[  519.894608][   T34] usb usb44-port1: attempt power cycle
[  520.131564][T13079] vhci_hcd vhci_hcd.0: pdev(2) rhport(0) sockfd(3)
[  520.136246][T13079] vhci_hcd vhci_hcd.0: devid(0) speed(5) speed_str(super-speed)
[  520.148515][T13079] vhci_hcd vhci_hcd.0: Device attached
[  520.164151][T13079] netlink: 6048 bytes leftover after parsing attributes in process `syz.2.1559'.
[  520.223664][T13083] netlink: 72 bytes leftover after parsing attributes in process `syz.2.1559'.
[  520.238724][T13083] syz.2.1559 (13083): drop_caches: 2
[  520.242146][T13083] syz.2.1559 (13083): drop_caches: 2
[  520.272516][T13080] vhci_hcd: cannot find the pending unlink 4294967287
[  520.276508][T13083] binder: 13078:13083 ioctl 40046629 80000200 returned -22
[  520.474585][   T34] usb usb44-port1: unable to enumerate USB device
[  520.970430][T13080] vhci_hcd: connection closed
[  520.970807][ T1226] vhci_hcd vhci_hcd.2: stop threads
[  520.976122][ T1226] vhci_hcd vhci_hcd.2: release socket
[  520.978274][ T1226] vhci_hcd vhci_hcd.2: disconnect device
[  520.983661][ T7966] usb 42-1: enqueue for inactive port 0
[  521.266980][T13088] openvswitch: netlink: Flow actions may not be safe on all matching packets.
[  521.287006][T13088] netlink: 8 bytes leftover after parsing attributes in process `syz.0.1561'.
[  521.303724][ T5945] Bluetooth: hci4: Opcode 0x1003 failed: -110
[  521.304298][ T5297] Bluetooth: hci4: command 0x1003 tx timeout
[  521.694503][ T7966] usb usb42-port1: attempt power cycle
[  522.274679][ T7966] usb usb42-port1: unable to enumerate USB device
[  522.285786][T13105] netlink: 'syz.3.1567': attribute type 10 has an invalid length.
[  522.943939][T13103] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium
[  523.786662][T13113] vhci_hcd vhci_hcd.0: pdev(0) rhport(0) sockfd(3)
[  523.789576][T13113] vhci_hcd vhci_hcd.0: devid(0) speed(5) speed_str(super-speed)
[  523.813862][T13113] vhci_hcd vhci_hcd.0: Device attached
[  523.822303][T13113] netlink: 6048 bytes leftover after parsing attributes in process `syz.0.1570'.
[  523.914246][T13117] netlink: 72 bytes leftover after parsing attributes in process `syz.0.1570'.
[  523.939401][T13117] syz.0.1570 (13117): drop_caches: 2
[  523.943392][T13117] syz.0.1570 (13117): drop_caches: 2
[  523.956924][T13114] vhci_hcd: cannot find the pending unlink 4294967287
[  523.960243][T13117] binder: 13112:13117 ioctl 40046629 80000200 returned -22
[  524.114662][ T7966] usb 38-1: SetAddress Request (4) to port 0
[  524.117387][ T7966] usb 38-1: new SuperSpeed USB device number 4 using vhci_hcd
[  524.663418][T13114] vhci_hcd: connection reset by peer
[  524.670807][T12973] vhci_hcd vhci_hcd.0: stop threads
[  524.694843][T12973] vhci_hcd vhci_hcd.0: release socket
[  524.707832][T12973] vhci_hcd vhci_hcd.0: disconnect device
[  525.032658][T13123] netlink: 20 bytes leftover after parsing attributes in process `syz.3.1573'.
[  525.250073][T13132] netlink: 'syz.1.1577': attribute type 10 has an invalid length.
[  525.990502][T13128] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium
[  528.361678][T13174] netlink: 4 bytes leftover after parsing attributes in process `syz.2.1588'.
[  528.412044][T13166] vhci_hcd vhci_hcd.0: pdev(1) rhport(0) sockfd(7)
[  528.414210][T13166] vhci_hcd vhci_hcd.0: devid(0) speed(6) speed_str(super-speed-plus)
[  528.417066][T13166] vhci_hcd vhci_hcd.0: Device attached
[  528.693728][   T34] usb 40-1: SetAddress Request (32) to port 0
[  528.700147][   T34] usb 40-1: new SuperSpeed USB device number 32 using vhci_hcd
[  529.224137][ T7966] usb 38-1: device descriptor read/8, error -110
[  529.401689][T13188] netlink: 8 bytes leftover after parsing attributes in process `syz.2.1590'.
[  529.645084][ T7966] usb usb38-port1: attempt power cycle
[  530.434290][ T7966] usb usb38-port1: unable to enumerate USB device
[  530.886833][T13169] vhci_hcd: connection reset by peer
[  530.920261][ T6690] vhci_hcd vhci_hcd.1: stop threads
[  530.927735][ T6690] vhci_hcd vhci_hcd.1: release socket
[  530.930254][ T6690] vhci_hcd vhci_hcd.1: disconnect device
[  531.933333][T13207] ntfs3(nullb0): Primary boot signature is not NTFS.
[  531.974451][T13207] ntfs3(nullb0): try to read out of volume at offset 0x3e7ffffe00
[  532.071392][T13212] netlink: 'syz.3.1594': attribute type 10 has an invalid length.
[  533.174164][T13203] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium
[  533.497519][T13227] netlink: 8 bytes leftover after parsing attributes in process `syz.0.1599'.
[  533.783626][   T34] usb 40-1: device descriptor read/8, error -110
[  534.174151][   T34] usb usb40-port1: attempt power cycle
[  534.785551][   T34] usb usb40-port1: unable to enumerate USB device
[  537.104031][T13240] vhci_hcd vhci_hcd.0: pdev(0) rhport(0) sockfd(7)
[  537.106868][T13240] vhci_hcd vhci_hcd.0: devid(0) speed(6) speed_str(super-speed-plus)
[  537.110755][T13240] vhci_hcd vhci_hcd.0: Device attached
[  537.374033][T10211] usb 38-1: SetAddress Request (8) to port 0
[  537.377172][T10211] usb 38-1: new SuperSpeed USB device number 8 using vhci_hcd
[  537.625748][T13241] vhci_hcd: connection reset by peer
[  537.632469][ T1145] vhci_hcd vhci_hcd.0: stop threads
[  537.654193][ T1145] vhci_hcd vhci_hcd.0: release socket
[  537.659319][ T1145] vhci_hcd vhci_hcd.0: disconnect device
[  538.792939][T13237] ------------[ cut here ]------------
[  538.795528][T13237] WARNING: mm/shmem.c:1402 at shmem_evict_inode+0x8eb/0xbe0, CPU#1: syz.0.1601/13237
[  538.799476][T13237] Modules linked in:
[  538.801290][T13237] CPU: 1 UID: 0 PID: 13237 Comm: syz.0.1601 Not tainted syzkaller #0 PREEMPT(full) 
[  538.805338][T13237] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2~bpo12+1 04/01/2014
[  538.809825][T13237] RIP: 0010:shmem_evict_inode+0x8eb/0xbe0
[  538.812222][T13237] Code: fe e8 49 26 bc ff 45 85 ff 75 ac e8 9f 2b bc ff 48 8b 74 24 28 48 8b 7c 24 30 e8 40 7c 93 ff e9 e5 fd ff ff e8 86 2b bc ff 90 <0f> 0b 90 e9 54 f9 ff ff e8 78 2b bc ff 4c 89 e2 48 b8 00 00 00 00
[  538.820295][T13237] RSP: 0018:ffffc90002f5f708 EFLAGS: 00010293
[  538.822884][T13237] RAX: 0000000000000000 RBX: ffff88804c294230 RCX: ffffffff8202268e
[  538.826190][T13237] RDX: ffff888028410000 RSI: ffffffff82022d3a RDI: 0000000000000007
[  538.829507][T13237] RBP: ffffc90002f5f830 R08: 0000000000000007 R09: 0000000000000000
[  538.832831][T13237] R10: 0000000000000008 R11: ffff888028410b30 R12: 0000000000000008
[  538.836272][T13237] R13: 0000000000000000 R14: ffff88804c294260 R15: ffff88804c294120
[  538.839588][T13237] FS:  0000000000000000(0000) GS:ffff8880977fc000(0000) knlGS:0000000000000000
[  538.843301][T13237] CS:  0010 DS: 002b ES: 002b CR0: 0000000080050033
[  538.846191][T13237] CR2: 000000002f724220 CR3: 0000000049f7c000 CR4: 0000000000352ef0
[  538.849538][T13237] Call Trace:
[  538.850983][T13237]  <TASK>
[  538.852260][T13237]  ? inode_wait_for_writeback+0x170/0x390
[  538.854818][T13237]  ? __pfx_shmem_evict_inode+0x10/0x10
[  538.857149][T13237]  ? __pfx_inode_wait_for_writeback+0x10/0x10
[  538.859757][T13237]  ? find_held_lock+0x2b/0x80
[  538.861787][T13237]  ? evict+0x37e/0xad0
[  538.863667][T13237]  ? __pfx_shmem_evict_inode+0x10/0x10
[  538.865991][T13237]  evict+0x3c2/0xad0
[  538.867662][T13237]  ? find_held_lock+0x2b/0x80
[  538.869663][T13237]  ? __pfx_evict+0x10/0x10
[  538.871565][T13237]  ? iput.part.0+0x619/0x1190
[  538.873764][T13237]  iput.part.0+0x621/0x1190
[  538.875597][T13237]  iput+0x35/0x40
[  538.877080][T13237]  dentry_unlink_inode+0x29c/0x480
[  538.879206][T13237]  __dentry_kill+0x1d0/0x600
[  538.881169][T13237]  finish_dput+0x76/0x480
[  538.883062][T13237]  dput.part.0+0x451/0x570
[  538.885163][T13237]  dput+0x1f/0x30
[  538.886746][T13237]  __fput+0x51c/0xb70
[  538.888017][T13237]  ? _raw_spin_unlock_irq+0x23/0x50
[  538.889726][T13237]  task_work_run+0x150/0x240
[  538.891698][T13237]  ? __pfx_task_work_run+0x10/0x10
[  538.893993][T13237]  ? do_raw_spin_unlock+0x172/0x230
[  538.896185][T13237]  do_exit+0x87f/0x2bd0
[  538.897986][T13237]  ? __pfx___might_resched+0x10/0x10
[  538.900003][T13237]  ? __pfx_do_exit+0x10/0x10
[  538.901969][T13237]  ? do_raw_spin_lock+0x12c/0x2b0
[  538.904163][T13237]  ? find_held_lock+0x2b/0x80
[  538.906118][T13237]  do_group_exit+0xd3/0x2a0
[  538.908038][T13237]  get_signal+0x2671/0x26d0
[  538.909976][T13237]  ? __pfx_do_recvmmsg+0x10/0x10
[  538.912090][T13237]  ? __pfx_get_signal+0x10/0x10
[  538.914262][T13237]  arch_do_signal_or_restart+0x8f/0x7a0
[  538.916603][T13237]  ? __pfx_arch_do_signal_or_restart+0x10/0x10
[  538.919230][T13237]  ? __pfx___sys_recvmmsg+0x10/0x10
[  538.921278][T13237]  exit_to_user_mode_loop+0x8c/0x540
[  538.923293][T13237]  __do_fast_syscall_32+0x4a4/0x680
[  538.925375][T13237]  do_fast_syscall_32+0x32/0x80
[  538.927204][T13237]  entry_SYSENTER_compat_after_hwframe+0x84/0x8e
[  538.929538][T13237] RIP: 0023:0xf70ed579
[  538.931059][T13237] Code: Unable to access opcode bytes at 0xf70ed54f.
[  538.933633][T13237] RSP: 002b:00000000f54bc55c EFLAGS: 00000296 ORIG_RAX: 0000000000000151
[  538.937340][T13237] RAX: 0000000000010106 RBX: 0000000000000004 RCX: 00000000800000c0
[  538.940631][T13237] RDX: 0000000000010106 RSI: 0000000000000002 RDI: 0000000000000000
[  538.944049][T13237] RBP: 0000000000000000 R08: 0000000000000000 R09: 0000000000000000
[  538.947353][T13237] R10: 0000000000000000 R11: 0000000000000296 R12: 0000000000000000
[  538.950618][T13237] R13: 0000000000000000 R14: 0000000000000000 R15: 0000000000000000
[  538.954025][T13237]  </TASK>
[  538.955403][T13237] Kernel panic - not syncing: kernel: panic_on_warn set ...
[  538.958460][T13237] CPU: 1 UID: 0 PID: 13237 Comm: syz.0.1601 Not tainted syzkaller #0 PREEMPT(full) 
[  538.962317][T13237] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2~bpo12+1 04/01/2014
[  538.966834][T13237] Call Trace:
[  538.968246][T13237]  <TASK>
[  538.969529][T13237]  dump_stack_lvl+0x3d/0x1f0
[  538.971476][T13237]  vpanic+0x640/0x6f0
[  538.973166][T13237]  ? shmem_evict_inode+0x8eb/0xbe0
[  538.975344][T13237]  panic+0xca/0xd0
[  538.976945][T13237]  ? __pfx_panic+0x10/0x10
[  538.978909][T13237]  ? check_panic_on_warn+0x1f/0xb0
[  538.981064][T13237]  check_panic_on_warn+0xab/0xb0
[  538.983182][T13237]  __warn+0x108/0x3c0
[  538.984872][T13237]  __report_bug+0x2a0/0x520
[  538.986740][T13237]  ? shmem_evict_inode+0x8eb/0xbe0
[  538.988871][T13237]  ? __pfx___report_bug+0x10/0x10
[  538.991006][T13237]  ? find_held_lock+0x2b/0x80
[  538.992996][T13237]  ? timestamp_truncate+0x21e/0x2d0
[  538.995201][T13237]  ? shmem_evict_inode+0x8eb/0xbe0
[  538.997369][T13237]  report_bug+0xb2/0x220
[  538.999056][T13237]  ? shmem_evict_inode+0x8eb/0xbe0
[  539.000962][T13237]  handle_bug+0x127/0x260
[  539.002613][T13237]  exc_invalid_op+0x17/0x50
[  539.004372][T13237]  asm_exc_invalid_op+0x1a/0x20
[  539.006311][T13237] RIP: 0010:shmem_evict_inode+0x8eb/0xbe0
[  539.008444][T13237] Code: fe e8 49 26 bc ff 45 85 ff 75 ac e8 9f 2b bc ff 48 8b 74 24 28 48 8b 7c 24 30 e8 40 7c 93 ff e9 e5 fd ff ff e8 86 2b bc ff 90 <0f> 0b 90 e9 54 f9 ff ff e8 78 2b bc ff 4c 89 e2 48 b8 00 00 00 00
[  539.016457][T13237] RSP: 0018:ffffc90002f5f708 EFLAGS: 00010293
[  539.019038][T13237] RAX: 0000000000000000 RBX: ffff88804c294230 RCX: ffffffff8202268e
[  539.022356][T13237] RDX: ffff888028410000 RSI: ffffffff82022d3a RDI: 0000000000000007
[  539.025685][T13237] RBP: ffffc90002f5f830 R08: 0000000000000007 R09: 0000000000000000
[  539.028996][T13237] R10: 0000000000000008 R11: ffff888028410b30 R12: 0000000000000008
[  539.032233][T13237] R13: 0000000000000000 R14: ffff88804c294260 R15: ffff88804c294120
[  539.035524][T13237]  ? shmem_evict_inode+0x23e/0xbe0
[  539.037631][T13237]  ? shmem_evict_inode+0x8ea/0xbe0
[  539.039787][T13237]  ? shmem_evict_inode+0x8ea/0xbe0
[  539.041948][T13237]  ? inode_wait_for_writeback+0x170/0x390
[  539.044398][T13237]  ? __pfx_shmem_evict_inode+0x10/0x10
[  539.046672][T13237]  ? __pfx_inode_wait_for_writeback+0x10/0x10
[  539.049227][T13237]  ? find_held_lock+0x2b/0x80
[  539.051138][T13237]  ? evict+0x37e/0xad0
[  539.052922][T13237]  ? __pfx_shmem_evict_inode+0x10/0x10
[  539.055231][T13237]  evict+0x3c2/0xad0
[  539.056894][T13237]  ? find_held_lock+0x2b/0x80
[  539.058910][T13237]  ? __pfx_evict+0x10/0x10
[  539.060794][T13237]  ? iput.part.0+0x619/0x1190
[  539.062844][T13237]  iput.part.0+0x621/0x1190
[  539.064787][T13237]  iput+0x35/0x40
[  539.066372][T13237]  dentry_unlink_inode+0x29c/0x480
[  539.068533][T13237]  __dentry_kill+0x1d0/0x600
[  539.070510][T13237]  finish_dput+0x76/0x480
[  539.072535][T13237]  dput.part.0+0x451/0x570
[  539.074550][T13237]  dput+0x1f/0x30
[  539.076115][T13237]  __fput+0x51c/0xb70
[  539.077654][T13237]  ? _raw_spin_unlock_irq+0x23/0x50
[  539.079654][T13237]  task_work_run+0x150/0x240
[  539.081509][T13237]  ? __pfx_task_work_run+0x10/0x10
[  539.083550][T13237]  ? do_raw_spin_unlock+0x172/0x230
[  539.085728][T13237]  do_exit+0x87f/0x2bd0
[  539.087465][T13237]  ? __pfx___might_resched+0x10/0x10
[  539.089656][T13237]  ? __pfx_do_exit+0x10/0x10
[  539.091606][T13237]  ? do_raw_spin_lock+0x12c/0x2b0
[  539.093756][T13237]  ? find_held_lock+0x2b/0x80
[  539.095731][T13237]  do_group_exit+0xd3/0x2a0
[  539.097651][T13237]  get_signal+0x2671/0x26d0
[  539.099565][T13237]  ? __pfx_do_recvmmsg+0x10/0x10
[  539.101686][T13237]  ? __pfx_get_signal+0x10/0x10
[  539.103775][T13237]  arch_do_signal_or_restart+0x8f/0x7a0
[  539.106116][T13237]  ? __pfx_arch_do_signal_or_restart+0x10/0x10
[  539.108661][T13237]  ? __pfx___sys_recvmmsg+0x10/0x10
[  539.110846][T13237]  exit_to_user_mode_loop+0x8c/0x540
[  539.113116][T13237]  __do_fast_syscall_32+0x4a4/0x680
[  539.115303][T13237]  do_fast_syscall_32+0x32/0x80
[  539.117316][T13237]  entry_SYSENTER_compat_after_hwframe+0x84/0x8e
[  539.119966][T13237] RIP: 0023:0xf70ed579
[  539.121687][T13237] Code: Unable to access opcode bytes at 0xf70ed54f.
[  539.124125][T13237] RSP: 002b:00000000f54bc55c EFLAGS: 00000296 ORIG_RAX: 0000000000000151
[  539.127183][T13237] RAX: 0000000000010106 RBX: 0000000000000004 RCX: 00000000800000c0
[  539.130106][T13237] RDX: 0000000000010106 RSI: 0000000000000002 RDI: 0000000000000000
[  539.133255][T13237] RBP: 0000000000000000 R08: 0000000000000000 R09: 0000000000000000
[  539.136532][T13237] R10: 0000000000000000 R11: 0000000000000296 R12: 0000000000000000
[  539.139877][T13237] R13: 0000000000000000 R14: 0000000000000000 R15: 0000000000000000
[  539.143194][T13237]  </TASK>
[  539.145181][T13237] Kernel Offset: disabled
[  539.147032][T13237] Rebooting in 86400 seconds..