last executing test programs:

11.726652485s ago: executing program 0 (id=419):
r0 = socket$igmp6(0xa, 0x3, 0x2)
setsockopt$IP6T_SO_SET_REPLACE(r0, 0x29, 0x40, &(0x7f0000000180)=@raw={'raw\x00', 0x8, 0x3, 0x4a8, 0x0, 0xffffffff, 0xffffffff, 0x150, 0xffffffff, 0x3d8, 0xffffffff, 0xffffffff, 0x3d8, 0xffffffff, 0x3, 0x0, {[{{@ipv6={@private0, @mcast2, [], [], 'veth0_macvtap\x00', 'dvmrp1\x00'}, 0x0, 0x128, 0x150, 0x0, {}, [@inet=@rpfilter={{0x28}}, @common=@inet=@hashlimit1={{0x58}, {'bond_slave_1\x00', {0x41, 0x1ff, 0x6, 0xb0e2, 0x10001, 0x84e, 0xfffffffb, 0x18, 0x8}, {0x1}}}]}, @common=@unspec=@NFQUEUE0={0x28}}, {{@ipv6={@remote, @ipv4={'\x00', '\xff\xff', @dev}, [], [], 'wg1\x00', 'gre0\x00'}, 0x0, 0x258, 0x288, 0x0, {}, [@common=@inet=@hashlimit1={{0x58}, {'pim6reg\x00', {0x0, 0x0, 0x5, 0x0, 0x0, 0x7, 0x3ff}}}, @common=@inet=@hashlimit3={{0x158}, {'wg1\x00', {0x3, 0x0, 0x41, 0x0, 0x0, 0x1000, 0x6, 0x3}}}]}, @common=@unspec=@CONNMARK={0x30}}], {{'\x00', 0x0, 0xa8, 0xd0}, {0x28, '\x00', 0x7}}}}, 0x508)
r1 = socket(0x2, 0x80805, 0x0)
r2 = socket$inet6_sctp(0xa, 0x5, 0x84)
shutdown(r2, 0x0)
close(r1)
getsockopt$inet_sctp6_SCTP_SOCKOPT_CONNECTX3(r2, 0x84, 0x6f, &(0x7f0000000200)={<r3=>0x0, 0x10, &(0x7f00000001c0)=[@in={0x2, 0x4e23, @rand_addr=0x64010100}]}, &(0x7f0000000140)=0x10)
getsockopt$inet_sctp6_SCTP_PRIMARY_ADDR(r2, 0x84, 0x7a, &(0x7f0000000340)={r3, @in={{0x2, 0x4e21, @remote}}}, &(0x7f0000000040)=0x84)
sendmmsg$inet_sctp(r1, &(0x7f00000032c0)=[{0x0, 0x0, 0x0, 0x0, &(0x7f0000000700)=ANY=[@ANYBLOB="30000000000000008400000001000000000000017c"], 0x30}], 0x1, 0x0)
getsockopt$inet_sctp6_SCTP_STREAM_SCHEDULER_VALUE(r1, 0x84, 0x7c, &(0x7f0000000000)={0x0, 0x5, 0x2800}, &(0x7f0000000080)=0x8)
syz_emit_ethernet(0xfea1, &(0x7f0000000740)={@random="9fbeb3fea816", @broadcast, @val={@void, {0x8100, 0x5, 0x1, 0x2}}, {@ipv6={0x86dd, @icmpv6={0xe, 0x6, "6551fc", 0x0, 0x3a, 0x1, @private0={0xfc, 0x0, '\x00', 0x1}, @rand_addr=' \x01\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x01', {[@hopopts={0x3b, 0x0, '\x00', [@padn={0x1, 0x0, [0x0, 0x0, 0x0]}, @enc_lim={0x4, 0x1, 0x40}, @calipso={0x7, 0x0, {0x2, 0x0, 0xf4, 0xff81, [0x7, 0x7ff, 0x6354bcd5, 0x3ff, 0x7, 0xfffffffffffffff9, 0x4]}}]}, @srh={0x62, 0x0, 0x4, 0x0, 0x3, 0x28, 0x2, [@empty, @private1, @initdev={0xfe, 0x88, '\x00', 0x1, 0x0}, @local, @empty, @private0={0xfc, 0x0, '\x00', 0x1}, @private0, @initdev={0xfe, 0x88, '\x00', 0x1, 0x0}, @private1={0xfc, 0x1, '\x00', 0x1}, @remote]}, @routing={0x0, 0x0, 0x0, 0x9, 0x0, [@local, @local, @initdev={0xfe, 0x88, '\x00', 0x1, 0x0}, @private1]}, @fragment={0x1d, 0x0, 0x3, 0x0, 0x0, 0x3, 0x65}], @time_exceed={0x3, 0x0, 0x0, 0x10, '\x00', {0x2, 0x6, '2sX', 0xd, 0x2b, 0x1, @private2, @mcast2, [@fragment={0x8, 0x0, 0x5, 0x0, 0x0, 0xd, 0x68}, @fragment={0x88, 0x0, 0x3, 0x1, 0x0, 0x15, 0x65}, @routing={0x0, 0x0, 0x1, 0x4, 0x0, [@local, @rand_addr=' \x01\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x01', @loopback, @loopback, @local]}, @hopopts={0x32, 0x0, '\x00', [@ra={0x5, 0x2, 0xa}, @enc_lim={0x4, 0x1, 0xde}, @padn={0x1, 0x0, [0x0, 0x0, 0x0, 0x0]}]}], "b0dc80209b1da04d6cf40bfb55d87f16e9e9fd234c63ba2cc7670365e95c540060937ae578a7a0e9e9bd703fd41b09a11e054f85e34e6805a750b368dc67f77b8f5e5038497449eb8a69dad83867e943bbc15a954afcec8d3f8b1e71d8264c01025509fd10b1c5d8a838f153122b55f5f403b6b506935ab65e2382"}}}}}}}, 0x0)
syz_emit_ethernet(0x4a, &(0x7f00000006c0)={@local, @link_local={0x1, 0x80, 0xc2, 0x0, 0x0, 0x2}, @void, {@ipv6={0x86dd, @tcp={0x0, 0x6, "0a8435", 0x14, 0x6, 0x1, @remote, @local, {[], {{0x0, 0x4e22, 0x41424344, 0x41424344, 0x0, 0x0, 0x5, 0x2}}}}}}}, 0x0)

11.020588629s ago: executing program 1 (id=423):
r0 = openat$tun(0xffffffffffffff9c, &(0x7f0000000000), 0x2080, 0x0)
ioctl$TUNSETIFF(r0, 0x400454ca, &(0x7f00000000c0)={'syzkaller1\x00', 0x6bf1c2d5adba8c32})
ioctl$int_in(0xffffffffffffffff, 0x40000000af01, 0x0)
ioctl$VHOST_SET_MEM_TABLE(0xffffffffffffffff, 0x4008af03, &(0x7f0000000d80))
r1 = socket$packet(0x11, 0x2, 0x300)
r2 = dup(r0)
r3 = fcntl$dupfd(0xffffffffffffffff, 0x406, r1)
ioctl$VHOST_SET_VRING_ADDR(r3, 0x4028af11, &(0x7f0000000100)={0x0, 0x0, 0x0, &(0x7f0000000180)=""/251, 0x0, 0x4000})
ioctl$VHOST_NET_SET_BACKEND(r3, 0x4008af30, &(0x7f0000000080)={0x0, r2})

10.685963418s ago: executing program 0 (id=425):
r0 = openat$dsp(0xffffffffffffff9c, &(0x7f0000000000), 0x42, 0x0) (async)
r1 = syz_open_dev$usbmon(&(0x7f00000005c0), 0x0, 0x0)
mmap(&(0x7f0000000000/0xc00000)=nil, 0xc00000, 0x1000001, 0x12, r1, 0xc3d33000) (async)
mremap(&(0x7f0000a01000/0x4000)=nil, 0x4000, 0x800000, 0x3, &(0x7f0000130000/0x800000)=nil) (async)
r2 = seccomp$SECCOMP_SET_MODE_FILTER_LISTENER(0x1, 0x6, &(0x7f0000000400)={0x1, &(0x7f0000000200)=[{0x6, 0x0, 0x0, 0x7fffffff}]}) (async)
r3 = openat$dma_heap(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0) (async)
r4 = bpf$MAP_CREATE(0x0, &(0x7f0000000c80)=@base={0x9, 0x17, 0x5, 0x40, 0x40ac3, 0x1, 0x5}, 0x50)
bpf$MAP_UPDATE_BATCH(0x1a, &(0x7f0000000200)={0x0, 0x0, &(0x7f0000000100), &(0x7f0000000580), 0x1000, r4}, 0x38) (async)
bpf$MAP_GET_NEXT_KEY(0x4, &(0x7f0000001600)={r4, &(0x7f00000017c0), &(0x7f0000001480)=""/93}, 0x20) (async)
r5 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f00000013c0)={0x11, 0x10, &(0x7f0000000240)=@framed={{}, [@snprintf={{}, {}, {0x7, 0x0, 0xb, 0x8, 0x0, 0x0, 0xfffffff1}, {}, {}, {}, {}, {}, {}, {0x18, 0x3, 0x2, 0x0, r4}}]}, &(0x7f0000000180)='syzkaller\x00', 0x0, 0xfffffffffffffe5a, 0x0, 0x41000, 0x22, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x8}, 0x94)
r6 = bpf$MAP_CREATE(0x0, &(0x7f00000001c0)=ANY=[@ANYBLOB="120000000c000000080001000200000000000000", @ANYRES32, @ANYBLOB='\x00'/20, @ANYRES32=0x0, @ANYRES32, @ANYBLOB='\x00'/28], 0x48)
bpf$MAP_LOOKUP_ELEM(0x1, &(0x7f0000000080)={r6, &(0x7f0000000300), 0x0}, 0x20) (async)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000140)={&(0x7f0000000040)='contention_end\x00', r5}, 0x18) (async)
ioctl$DMA_HEAP_IOCTL_ALLOC(r3, 0xc0184800, &(0x7f0000000100)={0x4, <r7=>r2}) (async)
r8 = syz_open_dev$dri(&(0x7f0000000040), 0x1ff, 0x80000)
ioctl$DRM_IOCTL_PRIME_FD_TO_HANDLE(r8, 0xc00c642e, &(0x7f00000000c0)={0x0, 0x0, r7}) (async)
close_range(r0, 0xffffffffffffffff, 0x0)

10.549799399s ago: executing program 0 (id=426):
socket$nl_generic(0x10, 0x3, 0x10)
r0 = socket$inet6_tcp(0xa, 0x1, 0x0)
close(r0)
r1 = socket$inet6_mptcp(0xa, 0x1, 0x106)
bind$inet6(r0, &(0x7f0000000080)={0xa, 0x4e22, 0x0, @empty}, 0x1c)
getsockopt$inet6_mptcp_buf(r1, 0x11c, 0x3, &(0x7f00000000c0)=""/160, &(0x7f0000000180)=0xa0)
listen(r1, 0x0)
r2 = socket$inet_mptcp(0x2, 0x1, 0x106)
connect$inet(r2, &(0x7f0000000000)={0x2, 0x4e22, @local}, 0x10)
openat$ocfs2_control(0xffffffffffffff9c, &(0x7f0000000000), 0x21182, 0x0)
openat$rdma_cm(0xffffffffffffff9c, &(0x7f00000000c0), 0x2, 0x0)
socket$inet6_tcp(0xa, 0x1, 0x0)
r3 = gettid()
r4 = openat$rfkill(0xffffffffffffff9c, &(0x7f0000000180), 0x40e02, 0x0)
write$rfkill(r4, &(0x7f0000000300)={0x0, 0x2, 0x3, 0x1, 0x1}, 0x8)
shmget$private(0x0, 0x2000, 0x800, &(0x7f0000ffd000/0x2000)=nil)
write$rfkill(r4, &(0x7f0000000080)={0x53, 0x8, 0x0, 0x1, 0xcc}, 0x8)
timer_create(0x0, &(0x7f0000000040)={0x0, 0x21, 0x800000000004, @tid=r3}, &(0x7f0000bbdffc))
timer_settime(0x0, 0x1, &(0x7f0000000280)={{0x0, 0x989680}, {0x0, 0x989680}}, 0x0)
ioctl$PPPIOCSPASS(0xffffffffffffffff, 0x40107447, &(0x7f00000001c0)={0x1, &(0x7f0000000100)=[{0x6, 0x4, 0xe, 0x7}]})
socket$igmp6(0xa, 0x3, 0x2)
ioctl$EXT4_IOC_MIGRATE(0xffffffffffffffff, 0xff09)
r5 = syz_open_procfs(r3, 0x0)
r6 = socket$key(0xf, 0x3, 0x2)
recvmmsg(r6, &(0x7f0000000440), 0x6f5, 0x2, &(0x7f0000000480)={0x77359400})
sendmsg$key(r6, 0x0, 0x40)
r7 = socket$nl_generic(0x10, 0x3, 0x10)
r8 = syz_genetlink_get_family_id$mptcp(&(0x7f0000000000), 0xffffffffffffffff)
sendmsg$MPTCP_PM_CMD_ADD_ADDR(r7, &(0x7f0000000400)={0x0, 0x0, &(0x7f0000000040)={&(0x7f0000000200)=ANY=[@ANYRESOCT=r5, @ANYRES16=r8, @ANYBLOB='<\x00\x00\x00', @ANYRES16=r0], 0x3c}, 0x1, 0x0, 0x0, 0x4000000}, 0x4004004)

10.103598497s ago: executing program 1 (id=427):
socketpair$unix(0x1, 0x1, 0x0, 0x0)
r0 = openat$nullb(0xffffffffffffff9c, &(0x7f0000000040), 0x6c240, 0x0)
r1 = syz_open_dev$loop(&(0x7f0000000080), 0x47ffffa, 0x122c42)
ioctl$LOOP_CONFIGURE(r1, 0x4c0a, &(0x7f0000000440)={r0, 0x2000, {0x0, 0x0, 0x0, 0x0, 0x0, 0x13, 0x0, 0x0, 0x1c, "339f020bbe78b398430e050000007800000003741250ceaac50104000041dd17c18e8438ef2a565ef1e833236500", "6c1ca43f8539f3d3a89637f0374c72a964a0193b3e8772c9b700000000005a9cd83fdfb006ac000000000000000000000000ffa100", "24431a1e77a68e174f000000003e0000000020000000000000000f0000f8ff00", [0x1f00000000000000]}})
ioctl$LOOP_SET_STATUS64(r1, 0x4c04, &(0x7f00000005c0)={0x0, 0x0, 0x0, 0x40008, 0x2, 0x0, 0x0, 0x10, 0x4, "995e4c8b0ba6f8ed413b1ee5f3a7c862bbf64092868fd6943a428277be3c0fd8c867f86e662e0c2dd39186b32ee0690c16eb180e81ed3e5e2ebe64446497c2fc", "a6fafe5554ac900cc641df63c82e3d2347ef4230f37485c698954b3d8be9b663e59116e54ef137506743aa54d43eeef70999ee41524cf2aef5653e90d68d5ac5", "0286bcec3e402f381e7bfd123ec7d0d13d4c50ed000000000500", [0x0, 0x9]})

9.667361743s ago: executing program 2 (id=428):
r0 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000200)={0x18, 0x4, &(0x7f00000002c0)=ANY=[@ANYBLOB="18010000000000000000000000000000850000006d00000095"], &(0x7f0000000100)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x2, '\x00', 0x0, 0x2}, 0x94)
socket$packet(0x11, 0x3, 0x300)
syz_emit_ethernet(0x32, &(0x7f0000000580)={@local, @empty, @val={@val={0x88a8, 0x2, 0x1, 0x2}, {0x8100, 0x3, 0x0, 0x1}}, {@ipv4={0x800, @igmp={{0x5, 0x4, 0x3, 0x7, 0x1c, 0x68, 0x0, 0x0, 0x2, 0x0, @private=0xa010100, @loopback}, {0x12, 0x0, 0x0, @private=0xa010102}}}}}, 0x0)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000080)={&(0x7f0000000000)='sched_switch\x00', r0}, 0x10)
sched_setscheduler(0x0, 0x0, 0x0)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000080)=0x8)
r1 = getpid()
sched_setscheduler(r1, 0x2, 0x0)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x5c0c000)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={<r2=>0xffffffffffffffff, <r3=>0xffffffffffffffff})
connect$unix(r2, &(0x7f000057eff8)=@abs, 0x6e)
sendmmsg$unix(r3, &(0x7f0000000000), 0x651, 0x0)
recvmmsg(r2, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
openat$snapshot(0xffffffffffffff9c, &(0x7f0000000000), 0x2501, 0x0)
r4 = socket$nl_netfilter(0x10, 0x3, 0xc)
sendmsg$IPCTNL_MSG_EXP_DELETE(r4, &(0x7f0000000fc0)={0x0, 0x0, &(0x7f0000000f80)={0x0}, 0x1, 0x0, 0x0, 0x4000}, 0x4040)
openat$pfkey(0xffffffffffffff9c, &(0x7f00000000c0), 0x8000, 0x0)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0x1, 0x2010, 0xffffffffffffffff, 0x0)
r5 = socket$inet_mptcp(0x2, 0x1, 0x106)
setsockopt$inet_tcp_TCP_REPAIR_WINDOW(r5, 0x6, 0x1d, &(0x7f0000000040)={0xffffffff, 0x100, 0x9, 0x8, 0x7}, 0x14)

9.551766012s ago: executing program 1 (id=429):
r0 = syz_usb_connect(0x0, 0x36, &(0x7f0000000280)={{0x12, 0x1, 0x141, 0xf2, 0xc5, 0x96, 0x20, 0x16d0, 0x10b8, 0xde8e, 0x1, 0x2, 0x3, 0x1, [{{0x9, 0x2, 0x24, 0x1, 0x0, 0x0, 0x10, 0x0, [{{0x9, 0x4, 0x0, 0x2, 0x2, 0x0, 0x83, 0xec, 0x0, [], [{{0x9, 0x5, 0x6, 0x2, 0x200, 0x2, 0x0, 0xa}}, {{0x9, 0x5, 0x82, 0x2, 0x200, 0x0, 0x1, 0x10}}]}}]}}]}}, 0x0)
r1 = syz_usb_connect$cdc_ncm(0x3, 0x9d, &(0x7f0000000040)={{0x12, 0x1, 0x250, 0x2, 0x0, 0x0, 0x40, 0x525, 0xa4a1, 0x40, 0x1, 0x2, 0x3, 0x1, [{{0x9, 0x2, 0x8b, 0x2, 0x1, 0x3, 0x80, 0x80, {{0x9, 0x4, 0x0, 0x0, 0x1, 0x2, 0xd, 0x0, 0x0, {{0x9, 0x24, 0x6, 0x0, 0x1, "a8ddf419"}, {0x5, 0x24, 0x0, 0x2}, {0xd, 0x24, 0xf, 0x1, 0x2, 0x0, 0x0, 0x1}, {0x6, 0x24, 0x1a, 0x7, 0x11}, [@mbim_extended={0x8, 0x24, 0x1c, 0x3, 0x7, 0x6}, @dmm={0x7, 0x24, 0x14, 0xc1a6, 0xfffc}, @mbim={0xc, 0x24, 0x1b, 0xf, 0xfffc, 0x40, 0xd, 0x8, 0x3}, @mbim_extended={0x8, 0x24, 0x1c, 0xfff, 0x0, 0xe84}, @mbim_extended={0x8, 0x24, 0x1c, 0xfffc, 0x80, 0x6}]}, {{0x9, 0x5, 0x81, 0x3, 0x400, 0x5, 0x3, 0x9}}}, {}, {0x9, 0x4, 0x1, 0x1, 0x2, 0x2, 0xd, 0x0, 0x0, "", {{{0x9, 0x5, 0x82, 0x2, 0x8, 0xff, 0x4, 0x81}}, {{0x9, 0x5, 0x3, 0x2, 0x40, 0x83, 0x2, 0x1}}}}}}}]}}, &(0x7f0000000380)={0x0, 0x0, 0x5, &(0x7f0000000200)={0x5, 0xf, 0x5}, 0x3, [{0x4, &(0x7f0000000240)=@lang_id={0x4, 0x3, 0x401}}, {0x3e, &(0x7f0000000300)=@string={0x3e, 0x3, "4fd54a982e18c1cb9a61a7f01f33656ab79ea0760247c6ea3322ab3d2192bfae63bc2bd43240c4784e4919df6ff1d07ce938be1b915c960dc66ff916"}}, {0x34, &(0x7f0000000340)=@string={0x34, 0x3, "5661eecc05fedb4670bda34803f2f91bfe7a45677c9dfff83d49bbec1b7477c9d829c299909d3532e3ef8cd60f938c9e0704"}}]})
syz_usb_control_io$cdc_ncm(r1, &(0x7f0000000500)={0x14, &(0x7f0000000400)={0x0, 0x7, 0x7b, {0x7b, 0xb, "1ceb300c95c170d050e0b611928b1d32a38c4e5fbf9d3d4b6ad2f0c6d655d39fd8e85b68c418a4087cf6ee4b0dc74556840cc209b719d056e387bfb69463b84fe14f1bf2ed1123e2a0468ef669784c0730b8cbb02abd5ac86508402698afdffa7a7e2a437d4446cef4742b5c7936d153efe1392560ffdf32e7"}}, &(0x7f00000004c0)={0x0, 0x3, 0x1a, {0x1a}}}, &(0x7f0000000740)={0x44, &(0x7f0000000540)={0x20, 0x31, 0x30, "a12f01cc507146ceb7b1ac4b33d1fdaf12388ccdeb177ff484f235f7c5fc2e6361419404c67b985835d2a2f2f66993cf"}, &(0x7f0000000580)={0x0, 0xa, 0x1, 0xb}, &(0x7f00000005c0)={0x0, 0x8, 0x1, 0x2}, &(0x7f0000000600)={0x20, 0x80, 0x1c, {0xc000, 0x9, 0x1d, 0x1, 0xc7, 0xa9c5, 0x20a9, 0x97, 0x1, 0x9, 0xff79}}, &(0x7f0000000640)={0x20, 0x85, 0x4, 0x1}, &(0x7f0000000680)={0x20, 0x83, 0x2, 0x1}, &(0x7f00000006c0)={0x20, 0x87, 0x2, 0x1}, &(0x7f0000000700)={0x20, 0x89, 0x2}})
syz_usb_control_io$uac1(r0, 0x0, 0x0)
r2 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000200)={0x11, 0x5, &(0x7f00000001c0)=ANY=[@ANYBLOB="18000000008000000000000001000000940000000fad413e850000000f00000095"], &(0x7f0000000440)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x2}, 0x80)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000080)={&(0x7f0000000040)='sched_switch\x00', r2}, 0x10)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x100000000008b}, 0x0)
sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x7)
getpid()
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={<r3=>0xffffffffffffffff, <r4=>0xffffffffffffffff})
connect$unix(r3, &(0x7f000057eff8)=@abs, 0x6e)
sendmmsg$unix(r4, &(0x7f0000000000), 0x651, 0x0)
recvmmsg(r3, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
r5 = socket$inet_udp(0x2, 0x2, 0x0)
setsockopt$SO_TIMESTAMPING(r5, 0x1, 0x41, &(0x7f0000001200)=0x6d7c, 0x4)
getdents64(0xffffffffffffffff, 0x0, 0x0)
bind$inet(r5, &(0x7f00000001c0)={0x2, 0x0, @local}, 0x10)
connect$inet(r5, &(0x7f0000000480)={0x2, 0x4e21, @multicast2}, 0x10)
sendmmsg(r5, &(0x7f0000007fc0), 0x800001d, 0x0)
recvmmsg(r5, &(0x7f0000000040), 0x291962b, 0x45833af92e4b39ff, 0x0)

9.410829038s ago: executing program 0 (id=430):
r0 = syz_usb_connect(0x0, 0x36, &(0x7f0000000280)={{0x12, 0x1, 0x141, 0xf2, 0xc5, 0x96, 0x20, 0x16d0, 0x10b8, 0xde8e, 0x1, 0x2, 0x3, 0x1, [{{0x9, 0x2, 0x24, 0x1, 0x0, 0x0, 0x10, 0x0, [{{0x9, 0x4, 0x0, 0x2, 0x2, 0x0, 0x83, 0xec, 0x0, [], [{{0x9, 0x5, 0x6, 0x2, 0x200, 0x2, 0x0, 0xa}}, {{0x9, 0x5, 0x82, 0x2, 0x200, 0x0, 0x1, 0x10}}]}}]}}]}}, 0x0)
r1 = syz_usb_connect$cdc_ncm(0x3, 0x9d, &(0x7f0000000040)={{0x12, 0x1, 0x250, 0x2, 0x0, 0x0, 0x40, 0x525, 0xa4a1, 0x40, 0x1, 0x2, 0x3, 0x1, [{{0x9, 0x2, 0x8b, 0x2, 0x1, 0x3, 0x80, 0x80, {{0x9, 0x4, 0x0, 0x0, 0x1, 0x2, 0xd, 0x0, 0x0, {{0x9, 0x24, 0x6, 0x0, 0x1, "a8ddf419"}, {0x5, 0x24, 0x0, 0x2}, {0xd, 0x24, 0xf, 0x1, 0x2, 0x0, 0x0, 0x1}, {0x6, 0x24, 0x1a, 0x7, 0x11}, [@mbim_extended={0x8, 0x24, 0x1c, 0x3, 0x7, 0x6}, @dmm={0x7, 0x24, 0x14, 0xc1a6, 0xfffc}, @mbim={0xc, 0x24, 0x1b, 0xf, 0xfffc, 0x40, 0xd, 0x8, 0x3}, @mbim_extended={0x8, 0x24, 0x1c, 0xfff, 0x0, 0xe84}, @mbim_extended={0x8, 0x24, 0x1c, 0xfffc, 0x80, 0x6}]}, {{0x9, 0x5, 0x81, 0x3, 0x400, 0x5, 0x3, 0x9}}}, {}, {0x9, 0x4, 0x1, 0x1, 0x2, 0x2, 0xd, 0x0, 0x0, "", {{{0x9, 0x5, 0x82, 0x2, 0x8, 0xff, 0x4, 0x81}}, {{0x9, 0x5, 0x3, 0x2, 0x40, 0x83, 0x2, 0x1}}}}}}}]}}, &(0x7f0000000380)={0x0, 0x0, 0x5, &(0x7f0000000200)={0x5, 0xf, 0x5}, 0x3, [{0x4, &(0x7f0000000240)=@lang_id={0x4, 0x3, 0x401}}, {0x3e, &(0x7f0000000300)=@string={0x3e, 0x3, "4fd54a982e18c1cb9a61a7f01f33656ab79ea0760247c6ea3322ab3d2192bfae63bc2bd43240c4784e4919df6ff1d07ce938be1b915c960dc66ff916"}}, {0x34, &(0x7f0000000340)=@string={0x34, 0x3, "5661eecc05fedb4670bda34803f2f91bfe7a45677c9dfff83d49bbec1b7477c9d829c299909d3532e3ef8cd60f938c9e0704"}}]})
syz_usb_control_io$cdc_ncm(r1, &(0x7f0000000500)={0x14, &(0x7f0000000400)={0x0, 0x7, 0x7b, {0x7b, 0xb, "1ceb300c95c170d050e0b611928b1d32a38c4e5fbf9d3d4b6ad2f0c6d655d39fd8e85b68c418a4087cf6ee4b0dc74556840cc209b719d056e387bfb69463b84fe14f1bf2ed1123e2a0468ef669784c0730b8cbb02abd5ac86508402698afdffa7a7e2a437d4446cef4742b5c7936d153efe1392560ffdf32e7"}}, &(0x7f00000004c0)={0x0, 0x3, 0x1a, {0x1a}}}, &(0x7f0000000740)={0x44, &(0x7f0000000540)={0x20, 0x31, 0x30, "a12f01cc507146ceb7b1ac4b33d1fdaf12388ccdeb177ff484f235f7c5fc2e6361419404c67b985835d2a2f2f66993cf"}, &(0x7f0000000580)={0x0, 0xa, 0x1, 0xb}, &(0x7f00000005c0)={0x0, 0x8, 0x1, 0x2}, &(0x7f0000000600)={0x20, 0x80, 0x1c, {0xc000, 0x9, 0x1d, 0x1, 0xc7, 0xa9c5, 0x20a9, 0x97, 0x1, 0x9, 0xff79}}, &(0x7f0000000640)={0x20, 0x85, 0x4, 0x1}, &(0x7f0000000680)={0x20, 0x83, 0x2, 0x1}, &(0x7f00000006c0)={0x20, 0x87, 0x2, 0x1}, &(0x7f0000000700)={0x20, 0x89, 0x2}})
syz_usb_control_io$uac1(r0, 0x0, 0x0)
r2 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000200)={0x11, 0x5, &(0x7f00000001c0)=ANY=[@ANYBLOB="18000000008000000000000001000000940000000fad413e850000000f00000095"], &(0x7f0000000440)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x2}, 0x80)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000080)={&(0x7f0000000040)='sched_switch\x00', r2}, 0x10)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x100000000008b}, 0x0)
sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x7)
getpid()
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={<r3=>0xffffffffffffffff, <r4=>0xffffffffffffffff})
connect$unix(r3, &(0x7f000057eff8)=@abs, 0x6e)
sendmmsg$unix(r4, &(0x7f0000000000), 0x651, 0x0)
recvmmsg(r3, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
r5 = socket$inet_udp(0x2, 0x2, 0x0)
setsockopt$SO_TIMESTAMPING(r5, 0x1, 0x41, &(0x7f0000001200)=0x6d7c, 0x4)
getdents64(0xffffffffffffffff, 0x0, 0x0)
bind$inet(r5, &(0x7f00000001c0)={0x2, 0x0, @local}, 0x10)
connect$inet(r5, &(0x7f0000000480)={0x2, 0x4e21, @multicast2}, 0x10)
sendmmsg(r5, &(0x7f0000007fc0), 0x800001d, 0x0)
recvmmsg(r5, &(0x7f0000000040), 0x291962b, 0x45833af92e4b39ff, 0x0)

8.48863791s ago: executing program 3 (id=433):
write$uinput_user_dev(0xffffffffffffffff, &(0x7f0000000100)={'syz0\x00', {0x0, 0x2}, 0x2b, [0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0xffffffff, 0x0, 0x0, 0x6, 0x0, 0x0, 0x800, 0x0, 0x10000000, 0x0, 0x0, 0x0, 0x0, 0xfffffffc, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x4000000, 0xfffffffd, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2, 0x0, 0x0, 0xffffe, 0x0, 0x0, 0x0, 0x3, 0x0, 0x401, 0x0, 0x0, 0x4, 0x0, 0x8000, 0x0, 0x0, 0x0, 0x0, 0x2, 0xfffffffd, 0x0, 0x0, 0xffffffff], [0x2, 0x2, 0x0, 0x0, 0x10000000, 0x800000, 0x0, 0x44a, 0x0, 0x0, 0x0, 0x0, 0xfffffffe, 0x2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4, 0x0, 0x0, 0x0, 0x4, 0x0, 0x1409, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x9, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x180d, 0x0, 0x1, 0x0, 0x0, 0xf, 0x0, 0x0, 0x58000000, 0x0, 0x0, 0x0, 0x0, 0x0, 0x6], [0x0, 0x0, 0x6, 0x0, 0x0, 0x0, 0x2, 0x0, 0x9, 0x0, 0x0, 0x0, 0x80, 0x0, 0x0, 0x3, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10000000, 0x0, 0x4, 0x0, 0x3, 0x0, 0x3, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2000000, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4, 0x4, 0x0, 0x0, 0x0, 0x9], [0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xfffffffd, 0x0, 0xfffffff6, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3, 0x0, 0x1, 0x0, 0x0, 0x0, 0x2, 0x0, 0x4, 0x0, 0x0, 0x0, 0xfffffe04, 0x0, 0xb0d, 0x0, 0x0, 0xfffffffb, 0x0, 0x0, 0x0, 0x0, 0x0, 0x80001, 0x0, 0x3, 0x7f, 0x5, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4, 0x0, 0x0, 0x3, 0xef86]}, 0x45c)
ioctl$UI_SET_PROPBIT(0xffffffffffffffff, 0x4004556e, 0x8)
mknodat(0xffffffffffffff9c, &(0x7f0000000040)='./file0\x00', 0x0, 0x0)
pipe2$9p(&(0x7f00000001c0)={<r0=>0xffffffffffffffff, <r1=>0xffffffffffffffff}, 0x0)
write$P9_RVERSION(r1, &(0x7f0000000300)=ANY=[@ANYBLOB="1500000065ffff017f000e0800395032303030"], 0x15)
r2 = dup(r1)
write$FUSE_BMAP(r2, &(0x7f0000000100)={0x18, 0x0, 0x0, {0x1}}, 0x18)
write$FUSE_DIRENTPLUS(r2, &(0x7f00000003c0)=ANY=[@ANYBLOB="b0"], 0xb0)
write$FUSE_GETXATTR(r2, &(0x7f00000000c0)={0x18}, 0x18)
r3 = openat$fuse(0xffffffffffffff9c, &(0x7f0000002080), 0x42, 0x0)
mount$fuse(0x0, &(0x7f00000020c0)='./file0\x00', &(0x7f0000002100), 0x0, &(0x7f0000002140)=ANY=[@ANYBLOB='fd=', @ANYRESHEX=r3, @ANYBLOB=',rootmode=00000000000000000100000,user_id=', @ANYRESDEC=0x0, @ANYBLOB=',group_id=', @ANYRESDEC=0x0])
read$FUSE(r3, &(0x7f0000006380)={0x2020, 0x0, <r4=>0x0}, 0x2020)
write$FUSE_INIT(r2, &(0x7f0000000580)={0x50, 0x0, r4, {0x7, 0x29, 0x1, 0x1180, 0x7ff, 0xfbc2, 0x2, 0x0, 0x0, 0x0, 0x100, 0x3}}, 0x50)
mount$9p_fd(0x0, &(0x7f00000002c0)='./file0\x00', &(0x7f0000000080), 0x0, &(0x7f0000000400)={'trans=fd,', {'rfdno', 0x3d, r0}, 0x2c, {'wfdno', 0x3d, r2}, 0x2c, {[{@cache_fscache}]}})
openat(0xffffffffffffff9c, &(0x7f000000c380)='./file0\x00', 0x20842, 0x0)

8.207455502s ago: executing program 3 (id=434):
mkdirat(0xffffffffffffff9c, &(0x7f0000002040)='./file0\x00', 0x0)
newfstatat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', &(0x7f0000000280)={0x0, 0x0, 0x0, 0x0, <r0=>0x0}, 0x800)
chown(&(0x7f0000000000)='./bus\x00', r0, 0x0)
r1 = openat$fuse(0xffffffffffffff9c, &(0x7f0000000180), 0x42, 0x0)
mount$fuse(0x0, &(0x7f00000020c0)='./file0\x00', &(0x7f0000002100), 0x0, &(0x7f0000000200)=ANY=[@ANYBLOB='fd=', @ANYRESHEX=r1, @ANYBLOB=',rootmode=00000000000000000040000,user_id=', @ANYRESDEC=0x0, @ANYRES8=r1, @ANYRESDEC=0x0])
setresgid(0xee00, 0x0, 0x0)
mkdir(&(0x7f0000000040)='./file1\x00', 0x0)
mkdir(&(0x7f0000000300)='./bus\x00', 0x0)
mount$overlay(0x0, &(0x7f00000000c0)='./bus\x00', &(0x7f0000000080), 0x0, &(0x7f0000000140)={[{@workdir={'workdir', 0x3d, './bus'}}, {@lowerdir={'lowerdir', 0x3d, './file0'}}, {@upperdir={'upperdir', 0x3d, './file1'}}]})

8.203022935s ago: executing program 4 (id=435):
socketpair$unix(0x1, 0x1, 0x0, &(0x7f0000000080))
syz_init_net_socket$ax25(0x3, 0x3, 0x0)
r0 = syz_init_net_socket$802154_dgram(0x24, 0x2, 0x0)
ioctl$FS_IOC_SETFLAGS(r0, 0x40086602, &(0x7f0000000080)=0x10000)
r1 = openat(0xffffffffffffff9c, 0x0, 0x5a042, 0x0)
bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000200)={0x18, 0x4, 0x0, &(0x7f0000000100)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x2}, 0x94)
prlimit64(0x0, 0xe, &(0x7f0000000180)={0x8, 0x88}, 0x0)
sched_setscheduler(0x0, 0x3, &(0x7f0000000140)=0x7)
r2 = getpid()
sched_setscheduler(r2, 0x2, &(0x7f0000000200)=0x7)
r3 = socket$netlink(0x10, 0x3, 0x0)
r4 = socket$inet6_tcp(0xa, 0x1, 0x0)
close(r4)
r5 = socket$inet6_mptcp(0xa, 0x1, 0x106)
bind$inet6(r4, &(0x7f0000000000)={0xa, 0x4e22, 0x0, @mcast1, 0xb}, 0x1c)
listen(r5, 0x0)
syz_emit_ethernet(0x4a, &(0x7f00000000c0)=ANY=[@ANYBLOB="aaaaaaaaaaaa618e38850ee186dd60000000001406fffe8000000000000000000000000000bbfe8000000000000000000000000000aa4e234e22", @ANYRES32=0x41424344, @ANYRES32=0x41424344, @ANYBLOB="5402000090780002"], 0x0)
syz_emit_ethernet(0x56, &(0x7f00000000c0)={@local, @multicast, @void, {@ipv6={0x86dd, @tcp={0x0, 0x6, "09c4ff", 0x20, 0x6, 0x0, @dev={0xfe, 0x80, '\x00', 0xd}, @local, {[], {{0x0, 0x4e22, 0x41424344, 0x41424344, 0x0, 0x2, 0x8, 0xc2, 0x0, 0x0, 0x87, {[@mptcp=@syn={0x1e, 0xc, 0x2, 0x1, 0x1, 0x8001, 0x4}]}}}}}}}}, 0x0)
sendmsg$nl_route(r3, &(0x7f0000000040)={0x0, 0x0, &(0x7f0000000400)={&(0x7f0000000180)=@bridge_delneigh={0x1b, 0x1c, 0x1, 0x70bd28, 0x0, {0x7, 0x0, 0x0, 0x0, 0x1, 0x64, 0x6}, [@NDA_LLADDR={0xa, 0x2, @dev={'\xaa\xaa\xaa\xaa\xaa', 0xc}}]}, 0x28}, 0x1, 0x0, 0x0, 0x20040051}, 0x4048080)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={<r6=>0xffffffffffffffff, <r7=>0xffffffffffffffff})
connect$unix(r6, &(0x7f000057eff8)=@abs, 0x6e)
sendmmsg$unix(r7, &(0x7f0000000000), 0x651, 0x0)
recvmmsg(r6, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000000)=0x6)
add_key$user(0x0, &(0x7f00000023c0)={'syz', 0x0}, 0x0, 0x0, 0xfffffffffffffffe)
r8 = openat$binfmt_register(0xffffff9c, &(0x7f00000001c0), 0x1, 0x0)
write$binfmt_register(r8, &(0x7f0000000740)={0x3a, 'syz0', 0x3a, 'M', 0x3a, 0x7, 0x3a, '#%\\h*@#Lw\x9e5\x9f6k\x886\xafm\xa0\b\x81\xdc\xd1\x8f\x93r2\x0eeu}\xf7\"\xbd&-~\xeahJ\xee\'X\x9a\xd4\xfeI6\xd9\x1b\xc8\x14.\xfa\xb8\x03\x16\x96\x11\xa8\x90{\xc5\xe2\xf1u\xd1\xca\x8a>\xc3\x84\xd3\xcf\xa7\x1f\xc1\xb5\x12\xd0\x1e\x98\xce+\x12\xaex{\x91\xc7bw\xcaC\xe1/\x19\xfei\xf0\xa2\x9c3\xee/\xcf\xdew \x1c\xc7=\xfb\xb8\x88\x132\xf9\xbf7K\x8d\x16\xa6\xbf4\v\xces\xa4\x13\xb1\x14\x89\xa0\x14P\x97\x81%)\xa1\x0e)2a2\xa2\xef\f\xef\x8a\x95\xdd\xac\xab\xff#T}`\x88r\xb3\xd8\x19\x06\xde\xb7\xf0GR.?i|\xafhs\x1d\xdc\x12\x85!\xaaqg\x10\xec\x1b\xcb\xfc6\xba\xde\x13\xdf\xc6Z+\r\xb4\x9a\xe8V1\x82\xce\xdd\xddx\xe7H\xa3N\x92\xdb\xaa\xdbe\xc1\x05P\b<\x1e\xd6\x92\x89\xaa\xbe\xda\\|\xcf\xaf$.\x10\x8d\x9aie\xd3W\x1e\xd2L\xfa\xcc\xfb\xc2\x90\x99\xa9\x9f\xcd\xfasX\x9d\xbb\x8f\x1a\xdd\x05\xdc\xb8\xc7\xb4v\x1f\xe3\xb6)\x1dM\x1e\xf9\x97\xffLW\x82\t\xf7\xb4\xe2fP\b\n\xdd\x03\x9d&\xd2\xce<f\xfb\xed\xdaP\xf0e\xb6\f\x9a\xa7\xe7c\xf3C\x9br\xf0L\xe5\xb3\xfbD\x1b\x88\xb7\b\x1b\xba}\xc9\va_\x9dYC\xffQ\x84 %(;\xac\x95\x90_\xe9\"\"\xf3\xe3#N\x0f\xdf\x7f\x90\x0f\x90S\x8cF\xff\xdb\x80\x9d\xf8A\xa9\x8f7F\x03\xc3T\xd8\xa4\xb9@\xa8\xa7\x94\xd0\x89)C\xfb\x1eV9\xceE', 0x3a, '', 0x3a, './file0'}, 0x1b0)
r9 = openat(0xffffffffffffff9c, &(0x7f0000000040)='.\x00', 0x88580, 0x1a7)
syz_kvm_setup_cpu$x86(r1, r9, &(0x7f0000728000/0x18000)=nil, &(0x7f00000002c0)=[@text16={0x10, &(0x7f0000000340)="0f004783f29c66b9800000c00f326635002000000f30c4c2d5dc0bbaf80c66b8ac0d558466efbafc0c66b80600000066efb8f8008ed00f01eef3ab0fde6309b87c008ed0", 0x44}], 0x1, 0x1, &(0x7f0000000300)=[@dstype3={0x7, 0x3}], 0x1)

7.418048151s ago: executing program 3 (id=436):
r0 = syz_open_dev$vim2m(&(0x7f0000000080), 0xe2, 0x2)
ioctl$vim2m_VIDIOC_S_FMT(r0, 0xc0d05605, &(0x7f00000001c0)={0x1, @pix_mp={0x0, 0x0, 0x30314142, 0x0, 0x0, [{}, {0x0, 0x1}, {0x0, 0x3}, {0x0, 0x2}]}}) (async)
ioctl$vim2m_VIDIOC_S_FMT(r0, 0xc0d05605, &(0x7f00000001c0)={0x1, @pix_mp={0x0, 0x0, 0x30314142, 0x0, 0x0, [{}, {0x0, 0x1}, {0x0, 0x3}, {0x0, 0x2}]}})

6.861068122s ago: executing program 2 (id=437):
ioctl$SNDRV_CTL_IOCTL_ELEM_ADD(0xffffffffffffffff, 0xc1105517, 0x0)
r0 = getpid()
r1 = socket$inet6_sctp(0xa, 0x1, 0x84)
setsockopt$inet_sctp6_SCTP_AUTH_CHUNK(r1, 0x84, 0x15, 0x0, 0x0)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000200)=0x4)
sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
r2 = syz_open_dev$MSR(&(0x7f00000001c0), 0x0, 0x0)
read$msr(r2, &(0x7f0000019680)=""/102392, 0x18ff8)
setsockopt$netlink_NETLINK_TX_RING(0xffffffffffffffff, 0x10e, 0xc, &(0x7f0000000180)={0xffffff}, 0x10)
close(0xffffffffffffffff)
socketpair$unix(0x1, 0x1, 0x0, &(0x7f00000010c0)={0xffffffffffffffff, <r3=>0xffffffffffffffff})
r4 = bpf$PROG_LOAD(0x5, &(0x7f000000e000)={0xe, 0x4, &(0x7f0000000540)=ANY=[@ANYBLOB="b4050000fdff7f006110580000000000c60000000000000095000000000000009f33ef60916e6e713f1eeb0b725ad99b817fd98cd824498949714ffaac8a6f770600dcca55f21f3ca9e822d182054d54d53cd2b6db714e4beb5447000001000000008f2b9000f22425e4097ed62cbc891061017cfa6fa26fa7088c60897d4a6148a1c1e43f00001bde60beac671e8e8fdecb03588aa623fa71f31bf0f871ab5c2ff88afc60027f4e5b5271ed58e835cf0d0000000098b51fe6b1b8d9dbe87dcff414ed000000000000000000000000000000000000000000000000000000b347abe6352a080f8140e5fd10747b6ecdb3540546bf636e3d6e700e5b0500000000000000eb9e1403e6c8f7a187eaf60f3a17f0f046a307a403c19d9829c90bd2114252581567acae715cbe1b57d5cda432c5b910400623d24195405f2e76ccb7b37b41215c184e731fb1"], &(0x7f0000003ff6)='GPL\x00', 0x4, 0xfd90, &(0x7f000000cf3d)=""/195, 0x0, 0x0, '\x00', 0x0, @sk_skb, 0xffffffffffffffff, 0x8, &(0x7f0000000000), 0x366, 0x10, &(0x7f0000000000), 0x1dd, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value=0x20000000}, 0x48)
r5 = bpf$MAP_CREATE(0x0, 0x0, 0x48)
bpf$BPF_PROG_DETACH(0x8, &(0x7f0000000100)=ANY=[@ANYRES32=r5, @ANYRES32=r4, @ANYBLOB='&'], 0x10)
bpf$MAP_UPDATE_ELEM_TAIL_CALL(0x2, &(0x7f00000000c0)={{r5}, &(0x7f0000000000), &(0x7f0000000080)}, 0x20)
sendmsg$inet(r3, &(0x7f0000000500)={0x0, 0x0, &(0x7f0000001740)=[{&(0x7f0000000280)='>', 0x22fe0}], 0x1}, 0x0)
r6 = syz_init_net_socket$bt_hci(0x1f, 0x3, 0x1)
ioctl$HCIINQUIRY(r6, 0x400448ca, 0x0)
openat$sndtimer(0xffffffffffffff9c, 0x0, 0x101040)
dup3(0xffffffffffffffff, 0xffffffffffffffff, 0x0)
sched_setscheduler(r0, 0x1, 0x0)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)

6.811254787s ago: executing program 3 (id=438):
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
prlimit64(0x0, 0xe, &(0x7f00000003c0)={0x4, 0x80100008b}, 0x0)
sched_setaffinity(0x0, 0x11, &(0x7f0000000180)=0x1400200bce)
sched_setscheduler(0x0, 0x1, &(0x7f0000002200)=0x1)
syz_usb_connect(0x2, 0x24, &(0x7f0000000100)=ANY=[@ANYBLOB="1201000011620140480b05101e8c00000001090212000100000000090401"], 0x0)
r0 = syz_open_dev$I2C(&(0x7f0000000000), 0x1, 0x402)
ioctl$I2C_RDWR(r0, 0x707, &(0x7f0000000a40)={&(0x7f0000000140)=[{0x18, 0x4000, 0x2, &(0x7f00000001c0)='\x00\x00'}, {0x2, 0x201, 0x0, 0x0}], 0x2})
r1 = socket$inet6_udplite(0xa, 0x2, 0x88)
setsockopt$IP6T_SO_SET_REPLACE(r1, 0x29, 0x40, &(0x7f0000000580)=@filter={'filter\x00', 0x2, 0x4, 0x3a0, 0xffffffff, 0xd0, 0x0, 0xd0, 0xfeffffff, 0xffffffff, 0x2d0, 0x2d0, 0x2d0, 0xffffffff, 0x4, 0x0, {[{{@ipv6={@dev, @mcast1, [], [], 'macsec0\x00', 'bond_slave_0\x00', {}, {}, 0x6, 0x0, 0x7, 0x45}, 0x2f2, 0xa8, 0xd0}, @REJECT={0x28, 'REJECT\x00', 0x0, {0x6}}}, {{@ipv6={@initdev={0xfe, 0x88, '\x00', 0x0, 0x0}, @empty, [], [], 'sit0\x00', 'dvmrp0\x00'}, 0x0, 0xa8, 0xd0}, @REJECT={0x28}}, {{@uncond, 0x0, 0x108, 0x130, 0x0, {}, [@common=@srh={{0x30}}, @common=@unspec=@mark={{0x30}}]}, @common=@unspec=@STANDARD={0x28, '\x00', 0x0, 0xfffffffffffffffb}}], {{'\x00', 0x0, 0xa8, 0xd0}, {0x28}}}}, 0x400)
r2 = syz_open_dev$MSR(&(0x7f00000001c0), 0x0, 0x0)
read$msr(r2, &(0x7f0000002700)=""/102392, 0x18ff8)
sendmsg$BATADV_CMD_GET_TRANSTABLE_LOCAL(0xffffffffffffffff, &(0x7f00000004c0)={0x0, 0x0, &(0x7f0000000440)={0x0}, 0x1, 0x0, 0x0, 0x11}, 0x40)
socket$nl_generic(0x10, 0x3, 0x10)
syz_genetlink_get_family_id$batadv(&(0x7f0000000080), 0xffffffffffffffff)
r3 = socket$inet6_mptcp(0xa, 0x1, 0x106)
ioctl$sock_SIOCGIFINDEX(r3, 0x8933, &(0x7f0000000cc0)={'batadv_slave_1\x00'})
setsockopt$IP6T_SO_SET_REPLACE(0xffffffffffffffff, 0x29, 0x40, &(0x7f0000000440)=@raw={'raw\x00', 0x8, 0x3, 0x4c8, 0x170, 0xffffffff, 0xffffffff, 0x170, 0xffffffff, 0x3f8, 0xffffffff, 0xffffffff, 0x3f8, 0xffffffff, 0x3, 0x0, {[{{@ipv6={@private0, @mcast2, [], [], 'veth0_macvtap\x00', 'dvmrp1\x00'}, 0x0, 0x148, 0x170, 0x0, {}, [@common=@unspec=@helper={{0x48}}, @common=@inet=@hashlimit1={{0x58}, {'bond_slave_1\x00', {0x41, 0x1ff, 0x6, 0xb0e2, 0x10001, 0x84e, 0xfffffffb, 0x18, 0x8}, {0x1}}}]}, @common=@unspec=@NFQUEUE0={0x28}}, {{@ipv6={@remote, @ipv4={'\x00', '\xff\xff', @dev}, [], [], 'erspan0\x00', 'gre0\x00'}, 0x0, 0x258, 0x288, 0x0, {}, [@common=@inet=@hashlimit1={{0x58}, {'pim6reg\x00', {0x0, 0x0, 0x5, 0x0, 0x0, 0x7, 0x3ff}}}, @common=@inet=@hashlimit3={{0x158}, {'vcan0\x00', {0x3, 0x0, 0x41, 0x0, 0x2, 0x1000, 0x6, 0x3}}}]}, @common=@unspec=@CONNMARK={0x30}}], {{'\x00', 0x0, 0xa8, 0xd0}, {0x28, '\x00', 0x7}}}}, 0x528)
syz_emit_ethernet(0x55, &(0x7f0000000000)={@broadcast, @empty, @void, {@ipv6={0x86dd, @icmpv6={0x7, 0x6, "000001", 0x1f, 0x3a, 0x1, @empty, @mcast2, {[], @echo_reply={0x81, 0x0, 0x0, 0x3, 0x200, "916e00358ef4f639e1e5990af432d203cf97babc6c3ce0"}}}}}}, 0x0)

5.178208494s ago: executing program 2 (id=439):
r0 = socket$nl_route(0x10, 0x3, 0x0)
ioctl$sock_SIOCGIFINDEX(r0, 0x8933, &(0x7f0000000080)={'netdevsim0\x00', <r1=>0x0})
sendmsg$nl_route_sched(r0, &(0x7f0000001200)={0x0, 0x0, &(0x7f00000000c0)={&(0x7f00000005c0)=@newqdisc={0x44, 0x24, 0x4ee4e6a52ff56541, 0x0, 0x25dfdbfd, {0x0, 0x0, 0x0, r1, {}, {0xffff, 0xffff}}, [@qdisc_kind_options=@q_rr={{0x7}, {0x18, 0x2, {0x7, "bf32568d2fd41b329a5f8a92fc91d2ff"}}}]}, 0x44}, 0x1, 0x0, 0x0, 0x44000800}, 0x4000010)
r2 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f00000006c0)={0x18, 0xb, &(0x7f0000000640)=ANY=[@ANYBLOB="18000000000000000000000000000000180100002020000000000000000000007b1af8ff00000000bfa100000000000007010000f8ffffffb702000008000000b703000000000000850000000600000095"], &(0x7f00000004c0)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x2}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000080)={&(0x7f0000000300)='rxrpc_call\x00', r2}, 0x18) (async)
r3 = socket$inet_udp(0x2, 0x2, 0x0)
setsockopt$sock_int(r3, 0x1, 0x2a, &(0x7f0000000000)=0xb6, 0x4)
bind$inet(r3, &(0x7f0000000040)={0x2, 0x4e20, @empty}, 0x10) (async, rerun: 64)
setsockopt$inet_int(r3, 0x0, 0x17, &(0x7f0000000480)=0x1, 0x4) (async, rerun: 64)
recvfrom(r3, 0x0, 0x0, 0x32, 0x0, 0x0) (async, rerun: 64)
syz_emit_ethernet(0xbe, &(0x7f0000000240)={@local, @multicast, @void, {@ipv4={0x800, @udp={{0x5, 0x4, 0x0, 0x0, 0xb0, 0x0, 0x0, 0x0, 0x11, 0x0, @empty, @empty}, {0x4e22, 0x4e20, 0x9c, 0x0, @wg=@initiation={0x1, 0x1, "a324647ae3941d1747380b57bb23a78bd1175c15533631d10cd068c525e1cdf1", "6868aaf371b13a6a21324c50a094ab38785b31fe60b985a578ad106fd0eafef54485b61e1df4a065c451bf0f24279510", "7d8608ddf3268d2045b27ebf8ee672bc4421549386a5a5903b20b9f4", {"96775e3b6484c1851f6984768a7bb2fb", "412a7c8e5fffae9a88c46a3056c4319a"}}}}}}}, 0x0) (rerun: 64)
syz_emit_ethernet(0x4d, &(0x7f00000003c0)={@multicast, @empty, @void, {@ipv4={0x800, @udp={{0x5, 0x4, 0x0, 0x0, 0x3f, 0x0, 0x0, 0x0, 0x11, 0x0, @empty, @empty}, {0x0, 0x4e20, 0x2b, 0x0, @gue={{0x1, 0x0, 0x0, 0x40, 0x100, @void}, "2df7990e4ba2b0afb2fe9d5f1108bfb74e6b922142f2e46741066aa292c9ed"}}}}}}, 0x0) (async)
unshare(0x6a040000)
r4 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000080)='cpu.stat\x00', 0x275a, 0x0)
write$UHID_CREATE2(r4, &(0x7f0000000180)=ANY=[], 0x118) (async, rerun: 64)
mmap(&(0x7f0000000000/0x3000)=nil, 0x3000, 0x5, 0x12, r4, 0x0) (async, rerun: 64)
ioctl$RTC_WKALM_RD(r4, 0x80287010, &(0x7f0000000000))

4.790565712s ago: executing program 4 (id=440):
socket$nl_generic(0x10, 0x3, 0x10)
r0 = socket$inet6_tcp(0xa, 0x1, 0x0)
close(r0)
r1 = socket$inet6_mptcp(0xa, 0x1, 0x106)
bind$inet6(r0, &(0x7f0000000080)={0xa, 0x4e22, 0x0, @empty}, 0x1c)
getsockopt$inet6_mptcp_buf(r1, 0x11c, 0x3, &(0x7f00000000c0)=""/160, &(0x7f0000000180)=0xa0)
listen(r1, 0x0)
r2 = socket$inet_mptcp(0x2, 0x1, 0x106)
connect$inet(r2, &(0x7f0000000000)={0x2, 0x4e22, @local}, 0x10)
openat$ocfs2_control(0xffffffffffffff9c, &(0x7f0000000000), 0x21182, 0x0)
openat$rdma_cm(0xffffffffffffff9c, &(0x7f00000000c0), 0x2, 0x0)
socket$inet6_tcp(0xa, 0x1, 0x0)
r3 = gettid()
r4 = openat$rfkill(0xffffffffffffff9c, &(0x7f0000000180), 0x40e02, 0x0)
write$rfkill(r4, &(0x7f0000000300)={0x0, 0x2, 0x3, 0x1, 0x1}, 0x8)
shmget$private(0x0, 0x2000, 0x800, &(0x7f0000ffd000/0x2000)=nil)
write$rfkill(r4, &(0x7f0000000080)={0x53, 0x8, 0x0, 0x1, 0xcc}, 0x8)
timer_create(0x0, &(0x7f0000000040)={0x0, 0x21, 0x800000000004, @tid=r3}, &(0x7f0000bbdffc))
timer_settime(0x0, 0x1, &(0x7f0000000280)={{0x0, 0x989680}, {0x0, 0x989680}}, 0x0)
ioctl$PPPIOCSPASS(0xffffffffffffffff, 0x40107447, &(0x7f00000001c0)={0x1, &(0x7f0000000100)=[{0x6, 0x4, 0xe, 0x7}]})
socket$igmp6(0xa, 0x3, 0x2)
ioctl$EXT4_IOC_MIGRATE(0xffffffffffffffff, 0xff09)
r5 = syz_open_procfs(r3, 0x0)
r6 = socket$key(0xf, 0x3, 0x2)
recvmmsg(r6, &(0x7f0000000440), 0x6f5, 0x2, &(0x7f0000000480)={0x77359400})
sendmsg$key(r6, 0x0, 0x40)
r7 = socket$nl_generic(0x10, 0x3, 0x10)
r8 = syz_genetlink_get_family_id$mptcp(&(0x7f0000000000), 0xffffffffffffffff)
sendmsg$MPTCP_PM_CMD_ADD_ADDR(r7, &(0x7f0000000400)={0x0, 0x0, &(0x7f0000000040)={&(0x7f0000000200)=ANY=[@ANYRESOCT=r5, @ANYRES16=r8, @ANYBLOB='<\x00\x00\x00', @ANYRES16=r0], 0x3c}, 0x1, 0x0, 0x0, 0x4000000}, 0x4004004)

4.255650015s ago: executing program 2 (id=441):
r0 = socket(0x1e, 0x2, 0xfffffff6)
r1 = socket$inet(0x2, 0x80001, 0x84)
mmap(&(0x7f0000ffe000/0x1000)=nil, 0x1000, 0x3, 0x50, r0, 0x257fc000)
r2 = socket$inet(0x2, 0x80001, 0x84)
bind$inet(r2, &(0x7f0000000180)={0x2, 0xce20, @remote}, 0x10)
listen(r2, 0x3)
bind$inet(r1, &(0x7f0000000180)={0x2, 0xce20, @local}, 0x10)
listen(r1, 0x3)
close_range(r1, r1, 0x0)
r3 = socket(0x10, 0x8000000803, 0x0)
r4 = socket$inet(0xa, 0x801, 0x84)
connect$inet(r4, &(0x7f0000000000)={0x2, 0x0, @remote={0xac, 0x14, 0xffffffffffffffff}}, 0x10)
setsockopt(r4, 0x84, 0x81, &(0x7f00000002c0)="1a00000002000000", 0x8)
listen(r4, 0x8)
accept4$inet(r4, 0x0, 0x0, 0x0)
sendmsg$nl_route(r3, &(0x7f0000000300)={0x0, 0x0, &(0x7f0000000000)={&(0x7f00000000c0)=ANY=[@ANYBLOB="48000000000000000000000000000a4fe22ea05b0003c3e85f607431a523c620f24b7cff1f324a9dc9955fe54aaa4e041692e52c86658aa337bfe190f9fc5ed246774c707252820d313e28037c41aa818225c41bd60210ea7e5672567b", @ANYRES32=0x0, @ANYBLOB="0000000004080000280012800b00010065727370616e0000180002800600180001000000040012000500080005000000"], 0x48}, 0x1, 0x0, 0x0, 0x10044}, 0x0)

3.854818533s ago: executing program 3 (id=442):
mmap(&(0x7f0000000000/0xfbe000)=nil, 0xfbe000, 0x2, 0x31, 0xffffffffffffffff, 0x0)
syz_open_dev$tty1(0xc, 0x4, 0x1)
socketpair$unix(0x1, 0x3, 0x0, &(0x7f0000000080)={<r0=>0xffffffffffffffff, <r1=>0xffffffffffffffff})
connect$unix(r0, &(0x7f000057eff8)=@abs, 0x6e)
sendmmsg$unix(r1, &(0x7f00000bd000), 0x318, 0x0)
recvmmsg(r0, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
setxattr$smack_xattr_label(&(0x7f0000000140)='./file0\x00', 0x0, 0x0, 0x0, 0x2)
syz_memcpy_off$IO_URING_METADATA_GENERIC(0x0, 0x4, 0x0, 0x0, 0x4)
ioctl$DRM_IOCTL_MODE_SETPROPERTY(0xffffffffffffffff, 0xc01064ab, 0x0)
r2 = bpf$MAP_CREATE_CONST_STR(0x0, &(0x7f0000000240)={0x2, 0x4, 0x8, 0x1, 0x80, 0x0, 0x0, '\x00', 0x0, 0x0}, 0x48)
r3 = bpf$MAP_CREATE_RINGBUF(0x0, &(0x7f00000007c0)={0x1b, 0x0, 0x0, 0x40000, 0x0, 0x0}, 0x48)
bpf$PROG_LOAD(0x5, &(0x7f0000000040)={0x15, 0x1c, &(0x7f0000000100)=ANY=[@ANYBLOB="1808000000000000000000000000000018110000", @ANYRES32=r3, @ANYBLOB="0000000000000000b702000014000000b7060020000000008500000005000000bf0900000000000035090100000000009500000000000000b7020000000000007b9af8ff00000000b5090000000000007baaf0ff00000000ae8900000000000007080000f8ffffffbf8400000000000007040000f0ffffffc70200000800000018260000", @ANYRES32=r2, @ANYBLOB="0000000000000000b7050000080000004608f0ff76000000bf980000000000005608f8ffffff00008500000007000000b70000000000000095"], &(0x7f0000000980)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0xd, '\x00', 0x0, @sk_reuseport=0x27, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)

3.539094779s ago: executing program 2 (id=443):
openat$dsp(0xffffffffffffff9c, &(0x7f0000000000), 0x42, 0x0)
r0 = socket$inet_icmp_raw(0x2, 0x3, 0x1)
setsockopt$IPT_SO_SET_REPLACE(r0, 0x0, 0x40, &(0x7f0000000180)=@filter={'filter\x00', 0x42, 0x4, 0x348, 0xffffffff, 0x218, 0x0, 0x98, 0xffffffff, 0xffffffff, 0x2b0, 0x2b0, 0x2b0, 0xffffffff, 0x5, 0x0, {[{{@uncond, 0x74000002, 0x70, 0x98, 0x1ba, {0x46010000, 0x2c000000000000}}, @common=@unspec=@NFQUEUE0={0x28, 'NFQUEUE\x00', 0x0, {0x1}}}, {{@uncond, 0x287, 0x158, 0x180, 0x0, {}, [@common=@socket0={{0x20}}, @common=@unspec=@conntrack3={{0xc8}, {{@ipv6=@remote, [0xff000000, 0xffff00, 0xffffffff], @ipv6=@empty, [0xffffff00, 0xff, 0xffffffff, 0xffffffff], @ipv6=@private2, [0xff000000, 0xffffff00, 0xffffffff, 0xff000000], @ipv6=@initdev={0xfe, 0x88, '\x00', 0x0, 0x0}, [0xff, 0xffffffff, 0xff000000, 0xff000000], 0x7, 0x1, 0x2c, 0x5e23, 0x4e23, 0x4e20, 0x4e24, 0x20, 0x1048}, 0x80, 0x800, 0x4e20, 0x4e23, 0x4e24, 0x4e23}}]}, @REJECT={0x28, 'REJECT\x00', 0x0, {0x5}}}, {{@ip={@private=0xa010100, @remote, 0x0, 0x0, 'dummy0\x00', 'veth1_to_batadv\x00', {}, {}, 0x0, 0x2}, 0x0, 0x70, 0x98}, @common=@unspec=@NFQUEUE2={0x28, 'NFQUEUE\x00', 0x2, {0x1ff, 0x2}}}], {{'\x00', 0x0, 0x70, 0x98}, {0x28}}}}, 0x3a8)
close_range(0xffffffffffffffff, 0xffffffffffffffff, 0x2)
r1 = syz_open_dev$sndctrl(&(0x7f0000001440), 0x0, 0x801)
ioctl$SNDRV_CTL_IOCTL_PCM_PREFER_SUBDEVICE(r1, 0x40045532, &(0x7f0000000100))
r2 = syz_open_dev$sndpcmp(&(0x7f0000001200), 0x0, 0xa2c65)
ioctl$SNDRV_PCM_IOCTL_REWIND(r2, 0x40084146, &(0x7f0000000140)=0xfff)

3.344624971s ago: executing program 4 (id=444):
r0 = socket$nl_generic(0x10, 0x3, 0x10)
r1 = syz_genetlink_get_family_id$ethtool(&(0x7f0000000140), 0xffffffffffffffff) (async)
ioctl$sock_ipv6_tunnel_SIOCGET6RD(0xffffffffffffffff, 0x89f8, &(0x7f00000001c0)={'erspan0\x00', &(0x7f0000000240)={'gretap0\x00', <r2=>0x0, 0x40, 0x0, 0x1450a231, 0x2, {{0xb, 0x4, 0x2, 0x3, 0x2c, 0x66, 0x0, 0xc8, 0x29, 0x0, @dev={0xac, 0x14, 0x14, 0x2a}, @local, {[@cipso={0x86, 0x17, 0x2, [{0x7, 0x11, "5fd448fbc9b74244757917847c1f07"}]}]}}}}})
ioctl$ifreq_SIOCGIFINDEX_batadv_hard(0xffffffffffffffff, 0x8933, &(0x7f00000002c0)={'batadv_slave_1\x00', <r3=>0x0}) (async)
ioctl$ifreq_SIOCGIFINDEX_vcan(0xffffffffffffffff, 0x8933, &(0x7f0000000300)={'vcan0\x00', <r4=>0x0}) (async)
ioctl$sock_ipv6_tunnel_SIOCCHGTUNNEL(0xffffffffffffffff, 0x89f3, &(0x7f00000003c0)={'ip6gre0\x00', &(0x7f0000000340)={'ip6tnl0\x00', <r5=>0x0, 0x29, 0x0, 0x2, 0x6, 0xb, @rand_addr=' \x01\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x02', @remote, 0x80, 0x40, 0x4, 0x4}}) (async)
ioctl$sock_SIOCGIFINDEX(0xffffffffffffffff, 0x8933, &(0x7f0000000400)={'dvmrp1\x00', <r6=>0x0}) (async)
ioctl$sock_SIOCGIFINDEX(0xffffffffffffffff, 0x8933, &(0x7f0000000440)={'pim6reg0\x00', <r7=>0x0})
r8 = socket$can_j1939(0x1d, 0x2, 0x7)
ioctl$ifreq_SIOCGIFINDEX_vcan(r8, 0x8933, &(0x7f00000000c0)={'vxcan0\x00', <r9=>0x0}) (async)
ioctl$ifreq_SIOCGIFINDEX_vcan(r8, 0x8933, &(0x7f0000000140)={'vcan0\x00', <r10=>0x0})
bind$can_j1939(r8, &(0x7f0000000040)={0x1d, r10, 0x1}, 0x18) (async)
connect$can_j1939(r8, &(0x7f0000000080)={0x1d, r9, 0x0, {0x0, 0x1, 0x4}, 0xfd}, 0x18) (async)
sendmsg$ETHTOOL_MSG_FEATURES_GET(r0, &(0x7f0000000640)={&(0x7f0000000040)={0x10, 0x0, 0x0, 0x2000}, 0xc, &(0x7f0000000600)={&(0x7f0000000480)={0x158, r1, 0x400, 0x70bd2d, 0x25dfdbfd, {}, [@HEADER={0x60, 0x1, 0x0, 0x1, [@ETHTOOL_A_HEADER_DEV_INDEX={0x8, 0x1, r2}, @ETHTOOL_A_HEADER_FLAGS={0x8, 0x3, 0x2}, @ETHTOOL_A_HEADER_FLAGS={0x8, 0x3, 0x3}, @ETHTOOL_A_HEADER_DEV_NAME={0x14, 0x2, 'pimreg0\x00'}, @ETHTOOL_A_HEADER_FLAGS={0x8, 0x3, 0x1}, @ETHTOOL_A_HEADER_FLAGS={0x8, 0x3, 0x3}, @ETHTOOL_A_HEADER_FLAGS={0x8, 0x3, 0x1}, @ETHTOOL_A_HEADER_FLAGS={0x8, 0x3, 0x3}, @ETHTOOL_A_HEADER_DEV_INDEX={0x8, 0x1, r3}, @ETHTOOL_A_HEADER_FLAGS={0x8, 0x3, 0x2}]}, @HEADER={0x48, 0x1, 0x0, 0x1, [@ETHTOOL_A_HEADER_DEV_NAME={0x14, 0x2, 'sit0\x00'}, @ETHTOOL_A_HEADER_DEV_NAME={0x14, 0x2, 'bond_slave_0\x00'}, @ETHTOOL_A_HEADER_DEV_NAME={0x14, 0x2, 'bond_slave_0\x00'}, @ETHTOOL_A_HEADER_FLAGS={0x8, 0x3, 0x5}]}, @HEADER={0x40, 0x1, 0x0, 0x1, [@ETHTOOL_A_HEADER_FLAGS={0x8, 0x3, 0x1}, @ETHTOOL_A_HEADER_DEV_INDEX={0x8, 0x1, r4}, @ETHTOOL_A_HEADER_DEV_NAME={0x14, 0x2, 'vcan0\x00'}, @ETHTOOL_A_HEADER_DEV_INDEX={0x8, 0x1, r5}, @ETHTOOL_A_HEADER_DEV_INDEX={0x8, 0x1, r6}, @ETHTOOL_A_HEADER_DEV_INDEX={0x8, 0x1, r7}]}, @HEADER={0x34, 0x1, 0x0, 0x1, [@ETHTOOL_A_HEADER_DEV_NAME={0x14, 0x2, 'syzkaller1\x00'}, @ETHTOOL_A_HEADER_FLAGS={0x8, 0x3, 0x1}, @ETHTOOL_A_HEADER_DEV_NAME={0x14, 0x2, 'pimreg0\x00'}]}, @HEADER={0xc, 0x1, 0x0, 0x1, [@ETHTOOL_A_HEADER_DEV_INDEX={0x8}]}, @HEADER={0x1c, 0x1, 0x0, 0x1, [@ETHTOOL_A_HEADER_FLAGS={0x8, 0x3, 0x2}, @ETHTOOL_A_HEADER_FLAGS={0x8, 0x3, 0x1}, @ETHTOOL_A_HEADER_DEV_INDEX={0x8, 0x1, r9}]}]}, 0x158}, 0x1, 0x0, 0x0, 0x10}, 0x4084) (async)
syz_emit_ethernet(0x5e, &(0x7f0000000680)=ANY=[@ANYBLOB="aaaaaaaaaaaaaaaaaaaaaa0086dd600a96460028060000000000000000000000000000000000fe8000000000000000000000000000aa00014e22", @ANYRES32=0x41424344, @ANYRES32=0x41424344, @ANYBLOB="a08d440300000000000000004d6196c436589c9b69ddf9e84b6fa535f6d77b5129e7af35ee05a7222a0b364df24b0fb50783fbc283efbc16b34640631f2939323301f4f14f33fc4e497419013aaad75691265dbbdba6bb7aa484d049fd9fdcd1dec2a9d6090a7d3d5c33dfdf0f3bac982be6529b"], 0x0) (async)
r11 = socket(0x10, 0x803, 0x0)
getsockname$packet(r11, &(0x7f0000000100)={0x11, 0x0, <r12=>0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000200)=0x9)
r13 = socket$nl_route(0x10, 0x3, 0x0)
sendmsg$nl_route(r13, &(0x7f0000000100)={0x0, 0x0, &(0x7f0000000380)={&(0x7f00000000c0)=@ipv6_deladdrlabel={0x38, 0x48, 0x1, 0x70bd29, 0x25dfdbfd, {0xa, 0x0, 0x80, 0x0, 0x0, 0xfffffff9}, [@IFAL_LABEL={0x8, 0x2, 0xffffffff}, @IFAL_ADDRESS={0x14, 0x1, @loopback}]}, 0x38}, 0x1, 0x0, 0x0, 0x4008840}, 0x0) (async)
sendmsg$nl_route(r11, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000180)={&(0x7f0000000200)=ANY=[@ANYBLOB="a000000010003b0e2a1a86eb2636037f00000000", @ANYRES32=r12, @ANYBLOB="020000000000800080001200080001007674693674000200"], 0xa0}}, 0x0) (async)
close_range(r11, 0xffffffffffffffff, 0x0)

3.319787094s ago: executing program 0 (id=445):
r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000040), 0x0, 0x0)
r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) (async)
mmap(&(0x7f0000000000/0xfbe000)=nil, 0xfbe000, 0x3000003, 0x4031, 0xffffffffffffffff, 0x4000) (async)
r2 = bpf$MAP_CREATE(0x0, &(0x7f00000009c0)=ANY=[@ANYBLOB="0500000004000000ff0f000007"], 0x48)
bpf$PROG_LOAD(0x5, &(0x7f0000000700)={0x0, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32=r2, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000000000000b70400000000000085000000c300000095"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback=0x26, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
r3 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x18, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback=0x19, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000200)={&(0x7f0000000100)='mm_lru_insertion\x00', r3}, 0x10)
mlock(&(0x7f0000626000/0x5000)=nil, 0x5000) (async)
ioctl$KVM_SET_USER_MEMORY_REGION(r1, 0x4020ae46, &(0x7f0000000400)={0x0, 0x0, 0x0, 0x20002000, &(0x7f0000000000/0x2000)=nil}) (async)
r4 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0) (async)
r5 = syz_kvm_add_vcpu$x86(0x0, &(0x7f0000000000)={0x0, &(0x7f0000000a00)=ANY=[@ANYBLOB="1e0000000000000020000000000000002f0a00000000000000000000000000000a000000000000004c000000000000000f01cf66baf80cb84851968def66bafc0cec0f09c4227af5e7c422c93b0c36b90a0800000f32b8010000000f01d9420f01cff3f265460f320f01f8c31e000000000000002000000000000000800b00000000000000020000000000000a000000000000008000000000000000b9a2090000b8067e0000ba000000000f3048b800500000000000000f23d00f21f835200000060f23f8400f08c4a2fd2a7600410f42464cc401c175e766baf80cb8c4854e8cef66bafc0c66b8000066ef400fc7588c646764450f2282c7442400a3000000c744240205600000ff2c24c30a000000000000004200000000000000b9070200000f3226430f221a0f01c266b811010f00d80f011bc44209ba87000800000f30c4e27d314d66430f01f8410f09c314f4a8000000000018000000000000006001000003000000140000000000000018000000000000000000000005000000460000000000000020000000000000000000000000000000010000800000000032000000000000001800000000000000da1701c0000000001e0000000000000020000000000000002d0200000000000004000000000000000000000000000000180000000000000004000000000000001400000000000000180000000000000000000000ff7f0000000000000000000018000000000000321b1f48161900088000000000000046000000000000002000000000000000040000000000000008000000000000000000000000000000180000000000000003000000000000000a000000000000006300000000000000c401a572f4000f3066ba420066ed400f236748b807000000000000000f23d80f21f835000000800f23f80f20c035000000200f22c0c462cdaaf0b9160b0000b81d000000ba000000000f30f30f06420f00dfc30a0000000000000070000000000000003ecf960000295000436cc4a145e25ba8660fc77600460f23c3b9800000c00f3235000400000f30c744240022000000c74424027cbc3616ff2c2464430f32c7442400ec000000c744240248377235ff1c24b9800000c00f3235008000000f30c31e000000000000002000000000000000190b0000000000000900000000000000bacb5c9eec97537875aeedc867dc301b623118261fe8d58c82397637f54ce0f3377057e245da716b68d83bafbd5f397f04af8d4ec5d6b8279ac8c971479f041ded9d088265ef"], 0x349})
syz_kvm_setup_cpu$x86(0xffffffffffffffff, r5, &(0x7f0000000000/0x18000)=nil, &(0x7f0000000140)=[@text32={0x20, &(0x7f0000000280)="f20f01d926660f3a173c670067c079f2d40f01c466b835010f00d0660f38804600c4e3f9159900780000fc8fc978c1c60f01dff3360f09", 0x37}], 0x1, 0x8, 0x0, 0x0) (async)
r6 = socket$nl_route(0x10, 0x3, 0x0)
ioctl$sock_SIOCGIFINDEX(r6, 0x8933, &(0x7f00000008c0)={'bridge_slave_1\x00', <r7=>0x0})
sendmsg$nl_route(r6, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000180)={&(0x7f0000000080)=@bridge_newneigh={0x1c, 0x1c, 0x1, 0x70bd29, 0x25dfdbfe, {0x7, 0x0, 0x0, r7, 0x80, 0x7e, 0xa}}, 0x1c}, 0x1, 0x0, 0x0, 0x1}, 0x4040000)
ioctl$KVM_RUN(r4, 0xae80, 0x0)

3.189232638s ago: executing program 1 (id=446):
openat$ppp(0xffffffffffffff9c, 0x0, 0x161142, 0x0)
r0 = socket(0x10, 0x3, 0x0)
sendmsg$kcm(r0, &(0x7f0000000040)={0x0, 0x0, &(0x7f0000000080)=[{&(0x7f0000000000)="2e00000010008188040f80ec59acbc0413a1f8480d0000005e140602000000000e000a000f00000002800000121f", 0x2e}], 0x1}, 0x404c080)
r1 = openat$urandom(0xffffffffffffff9c, &(0x7f0000000040), 0x5752c1, 0x0)
syz_open_dev$loop(0x0, 0x9, 0x20a5c3)
prlimit64(0x0, 0xe, &(0x7f00000007c0)={0x8, 0x87}, 0x0)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000480)={0x15, 0x4, &(0x7f0000000300)=ANY=[@ANYBLOB="180000001e00000000000000000000007a025000f0ffffff95"], &(0x7f0000000080)='GPL\x00', 0x4, 0x98, &(0x7f00000001c0)=""/152, 0x40f00}, 0x94)
r2 = signalfd4(0xffffffffffffffff, 0x0, 0x0, 0x0)
bpf$PROG_LOAD(0x5, &(0x7f0000000540)={0x4, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x40f00, 0x66, '\x00', 0x0, @fallback=0xb, 0xffffffffffffffff, 0x8, &(0x7f0000000000), 0x8}, 0x94)
syz_emit_vhci(0x0, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000180)=0x4)
sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2)
r3 = syz_open_dev$MSR(&(0x7f00000000c0), 0x0, 0x0)
read$msr(r3, &(0x7f0000019680)=""/102392, 0x18ff8)
bpf$MAP_CREATE(0x0, &(0x7f0000000340)=ANY=[@ANYRESHEX=r1, @ANYRES32, @ANYBLOB='\x00'/20, @ANYRESOCT=r3, @ANYRES32, @ANYBLOB='\x00'/28], 0x50)
r4 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000600)={0x3, 0x1ffffffffffffe7c, &(0x7f0000000140)=ANY=[@ANYBLOB="0100080000000000", @ANYRES32=r2, @ANYBLOB="0000000000000000180100002020782500000000002020207b1af8ff00000000bfa100000000000007010000f8ffffffb702000008000000b70300000300000085000000700000009500000000000000"], &(0x7f00000000c0)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0xffffffff}, 0x94)
bpf$BPF_PROG_TEST_RUN(0xa, &(0x7f00000002c0)={r4, 0x0, 0xe, 0x0, &(0x7f0000000100)="e09f547ed3f02dc1fd3d6487775b", 0x0, 0x9004, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x50)
openat$kvm(0xffffffffffffff9c, &(0x7f00000003c0), 0x0, 0x0)
r5 = ioctl$KVM_CREATE_VM(r2, 0xae01, 0x11)
r6 = openat(0xffffffffffffff9c, &(0x7f0000000080)='./file1\x00', 0x2040, 0x0)
fcntl$setlease(r6, 0x400, 0x0)
r7 = syz_open_dev$mouse(&(0x7f0000000400), 0x1, 0x408000)
ioctl$KVM_CREATE_VM(r7, 0xae01, 0x1d)
ioctl$KVM_CREATE_IRQCHIP(r5, 0xae60)
r8 = ioctl$KVM_CREATE_VCPU(r5, 0xae41, 0x0)
ioctl$KVM_SET_MSRS(r8, 0xc008ae88, &(0x7f0000000040)=ANY=[@ANYBLOB="0100000000000000e006"])
ioctl$VIDIOC_SUBSCRIBE_EVENT(0xffffffffffffffff, 0x4020565a, &(0x7f0000000100)={0x4, 0x20002, 0x1})
mount(&(0x7f0000000140)=@nullb, &(0x7f0000000040)='./cgroup\x00', &(0x7f0000000080)='qnx6\x00', 0x200000, 0x0)

2.971438946s ago: executing program 2 (id=447):
r0 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000200)={0x18, 0x4, &(0x7f00000002c0)=ANY=[@ANYBLOB="18010000000000000000000000000000850000006d00000095"], &(0x7f0000000100)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x2, '\x00', 0x0, 0x2}, 0x94)
socket$packet(0x11, 0x3, 0x300)
syz_emit_ethernet(0x32, &(0x7f0000000580)={@local, @empty, @val={@val={0x88a8, 0x2, 0x1, 0x2}, {0x8100, 0x3, 0x0, 0x1}}, {@ipv4={0x800, @igmp={{0x5, 0x4, 0x3, 0x7, 0x1c, 0x68, 0x0, 0x0, 0x2, 0x0, @private=0xa010100, @loopback}, {0x12, 0x0, 0x0, @private=0xa010102}}}}}, 0x0)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000080)={&(0x7f0000000000)='sched_switch\x00', r0}, 0x10)
sched_setscheduler(0x0, 0x0, 0x0)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000080)=0x8)
r1 = getpid()
sched_setscheduler(r1, 0x2, 0x0)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x5c0c000)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={<r2=>0xffffffffffffffff, <r3=>0xffffffffffffffff})
connect$unix(r2, &(0x7f000057eff8)=@abs, 0x6e)
sendmmsg$unix(r3, &(0x7f0000000000), 0x651, 0x0)
recvmmsg(r2, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
openat$snapshot(0xffffffffffffff9c, &(0x7f0000000000), 0x2501, 0x0)
r4 = socket$nl_netfilter(0x10, 0x3, 0xc)
sendmsg$IPCTNL_MSG_EXP_DELETE(r4, &(0x7f0000000fc0)={0x0, 0x0, &(0x7f0000000f80)={0x0}, 0x1, 0x0, 0x0, 0x4000}, 0x4040)
openat$pfkey(0xffffffffffffff9c, &(0x7f00000000c0), 0x8000, 0x0)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0x1, 0x2010, 0xffffffffffffffff, 0x0)
r5 = socket$inet_mptcp(0x2, 0x1, 0x106)
setsockopt$inet_tcp_TCP_REPAIR_WINDOW(r5, 0x6, 0x1d, &(0x7f0000000040)={0xffffffff, 0x100, 0x9, 0x8, 0x7}, 0x14)

2.899611393s ago: executing program 4 (id=448):
sendmsg$nl_route(0xffffffffffffffff, 0x0, 0x4000)
syz_open_procfs(0x0, 0x0)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000180)=0x3)
sched_setaffinity(0x0, 0x8, &(0x7f00000000c0)=0xa)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
r0 = syz_open_dev$MSR(&(0x7f00000001c0), 0x0, 0x0)
read$msr(r0, &(0x7f0000019680)=""/102392, 0x18ff8)
ioctl$USBDEVFS_SUBMITURB(0xffffffffffffffff, 0x8038550a, &(0x7f0000000040)=@urb_type_interrupt={0x1, {0x5, 0x1}, 0x7, 0xa2, 0x0, 0x0, 0x7ff, 0x0, 0x0, 0x3, 0x2, 0x0})
r1 = add_key(0x0, 0x0, 0x0, 0x0, 0xfffffffffffffffe)
add_key$fscrypt_provisioning(0x0, 0x0, 0x0, 0x0, r1)
mkdirat(0xffffffffffffff9c, 0x0, 0x4)
mount(0x0, 0x0, 0x0, 0x0, 0x0)
r2 = bpf$MAP_CREATE(0x0, &(0x7f0000000400)=@base={0xe, 0x4, 0x4, 0x3}, 0x50)
r3 = bpf$MAP_CREATE_CONST_STR(0x0, &(0x7f0000000240)={0x2, 0x4, 0x8, 0x1, 0x80, 0x0, 0x0, '\x00', 0x0, 0x0}, 0x48)
bpf$PROG_LOAD(0x5, &(0x7f0000000840)={0xb, 0x1c, &(0x7f0000000d80)=ANY=[@ANYBLOB="18080000281c0040000000000020000018110000", @ANYRES32=r2, @ANYBLOB="0000000000000000b702000014000000b7030000000000008500000005000000bf0900000000000035090100000000009500000000070000b7020000000000007b9a00fe00000000b6090000002000a80700000050000058bf8600000000000007080000f8ffffffbfa400000000000007040000f0ffffff550000000800000018220000", @ANYRES32=r3, @ANYBLOB="0000000000000000b7050000080000004608f0ff760000005d9800000000000056000000a80000008500000007000000b70000000000000095"], &(0x7f0000000980)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x9, '\x00', 0x0, @fallback=0x11, 0x0, 0xf00, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)

2.006001637s ago: executing program 0 (id=449):
r0 = syz_usb_connect(0x2, 0x24, &(0x7f0000000700)={{0x12, 0x1, 0x0, 0x69, 0xf7, 0x4a, 0x20, 0x10b8, 0x1bb4, 0x3465, 0x1, 0x2, 0x3, 0x1, [{{0x9, 0x2, 0x12, 0x1, 0x0, 0x0, 0x10, 0x0, [{{0x9, 0x4, 0x5d, 0x0, 0x0, 0x1c, 0x53, 0xc2}}]}}]}}, 0x0)
syz_usb_control_io$cdc_ecm(r0, 0x0, &(0x7f0000000200)={0x1c, &(0x7f0000000080)=ANY=[@ANYBLOB="2017cc"], 0x0, 0x0})
r1 = syz_open_dev$sndctrl(&(0x7f0000000000), 0x1, 0x80400)
ioctl$SNDRV_CTL_IOCTL_ELEM_UNLOCK(r1, 0x40405515, &(0x7f00000000c0)={0x6, 0x6, 0x4, 0xffffffff, 'syz1\x00', 0x4})
syz_usb_control_io$uac1(r0, 0x0, &(0x7f0000000740)={0x44, &(0x7f0000000400)={0x20, 0x0, 0xe, "a2b504c3b7dac579500000adb37a"}, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0})
syz_usb_connect$printer(0x2, 0x36, &(0x7f0000000040)={{0x12, 0x1, 0x310, 0x0, 0x0, 0x0, 0x20, 0x525, 0xa4a8, 0x40, 0x1, 0x2, 0x3, 0x1, [{{0x9, 0x2, 0x24, 0x1, 0x1, 0x0, 0x60, 0x3, [{{0x9, 0x4, 0x0, 0x7, 0x2, 0x7, 0x1, 0x2, 0x8, "", {{{0x9, 0x5, 0x1, 0x2, 0x3ff, 0x5, 0xd}}, [{{0x9, 0x5, 0x82, 0x2, 0x40, 0xc1, 0xac, 0x38}}]}}}]}}]}}, &(0x7f0000000280)={0xa, &(0x7f0000000100)={0xa, 0x6, 0x300, 0xf, 0x95, 0x1, 0x40, 0x6}, 0x20, &(0x7f0000000140)={0x5, 0xf, 0x20, 0x2, [@ext_cap={0x7, 0x10, 0x2, 0x8, 0x3, 0x9, 0x7}, @ss_container_id={0x14, 0x10, 0x4, 0x7, "4386ca7dbaa2489196b8da27292fa489"}]}, 0x2, [{0x42, &(0x7f0000000180)=@string={0x42, 0x3, "c4c6ca885b93186643fcdc82e1e26a3e9147a146f5e0b62203fa1f6b04f1b2520685033000253e29ec36b3deb83b52288eada09dd6afc201008325d0f6ee94af"}}, {0x4, &(0x7f0000000240)=@lang_id={0x4, 0x3, 0x1404}}]})

1.254177261s ago: executing program 1 (id=450):
socketpair(0x11, 0x0, 0xfffffffc, &(0x7f0000000140)={<r0=>0xffffffffffffffff, <r1=>0xffffffffffffffff})
ioctl$ifreq_SIOCGIFINDEX_vcan(r1, 0x8933, &(0x7f00000001c0)={'vcan0\x00', <r2=>0x0})
r3 = socket(0x28, 0x5, 0x0) (async)
r4 = socket(0x10, 0x3, 0x0)
getsockopt$sock_cred(r4, 0x1, 0x11, &(0x7f0000caaffb)={0x0, <r5=>0x0}, &(0x7f0000cab000)=0xc)
setresuid(r5, r5, 0x0) (async)
ioctl$ifreq_SIOCGIFINDEX_batadv_mesh(r0, 0x8933, &(0x7f0000000200)={'batadv0\x00', <r6=>0x0})
sendmsg$nl_xfrm(r3, &(0x7f0000000280)={&(0x7f0000000100)={0x10, 0x0, 0x0, 0x40000}, 0xc, &(0x7f0000000240)={&(0x7f0000000480)=@polexpire={0xec, 0x1b, 0x400, 0x70bd2a, 0x25dfdbfe, {{{@in=@local, @in=@dev={0xac, 0x14, 0x14, 0x1e}, 0x4e22, 0x0, 0x4e23, 0xff6, 0xa, 0x0, 0x20, 0x42, r2, r5}, {0x6, 0x800, 0x1, 0xd, 0xe21, 0x8006, 0x9, 0x7ff}, {0x2517, 0x5, 0x7fff, 0x40}, 0xb40, 0x6e6bb7, 0x0, 0x0, 0x2, 0x2}, 0x2}, [@lastused={0xc, 0xf, 0x1}, @lastused={0xc, 0xf, 0x1000}, @offload={0xc, 0x1c, {r6, 0x2}}, @extra_flags={0x8, 0x18, 0x6a26}]}, 0xec}, 0x1, 0x0, 0x0, 0x42000}, 0x4000000) (async)
r7 = openat$ubi_ctrl(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0)
ioctl$FS_IOC_SETFLAGS(r7, 0x40186f40, &(0x7f0000000440)=0x8) (async)
r8 = socket$nl_netfilter(0x10, 0x3, 0xc)
sendmsg$IPSET_CMD_CREATE(r8, &(0x7f0000000040)={0x0, 0x0, &(0x7f00000044c0)={&(0x7f0000000080)={0x60, 0x2, 0x6, 0x201, 0x0, 0x0, {0x0, 0x0, 0x20}, [@IPSET_ATTR_DATA={0x14, 0x7, 0x0, 0x1, [@IPSET_ATTR_TIMEOUT={0x8, 0x6, 0x1, 0x0, 0x3}, @IPSET_ATTR_CADT_FLAGS={0x8, 0x8, 0x1, 0x0, 0x30}]}, @IPSET_ATTR_PROTOCOL={0x5, 0x1, 0x6}, @IPSET_ATTR_FAMILY={0x5, 0x5, 0xa}, @IPSET_ATTR_TYPENAME={0x11, 0x3, 'hash:ip,port\x00'}, @IPSET_ATTR_SETNAME={0x9, 0x2, 'syz1\x00'}, @IPSET_ATTR_REVISION={0x5, 0x4, 0x3}]}, 0x60}, 0x1, 0x0, 0x0, 0x24000000}, 0x40000)
r9 = bpf$PROG_LOAD(0x5, &(0x7f00000002c0)={0x6, 0x5, &(0x7f0000000180)=ANY=[], &(0x7f0000000180)='syzkaller\x00', 0x0, 0x0, 0x0, 0x41100, 0x0, '\x00', r2, @fallback=0x32, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
bpf$BPF_PROG_TEST_RUN(0xa, &(0x7f0000000600)={r9, 0x0, 0x2100, 0x0, &(0x7f0000000100), 0x0, 0x500, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x9}, 0x50) (async)
connect$vsock_stream(r3, &(0x7f0000000080), 0x10) (async)
syz_clone(0x40800000, &(0x7f0000000380)='ii', 0x2, &(0x7f00000003c0), &(0x7f0000000400), &(0x7f0000000680)="1320ca68b83c71744e584a0f2d40ad8cb68c2b079bdb2734ed27b91f863ca33fbe7995e1bc23fdfe0f28322298d11aa2825fe6485d494914852d7faa6e1f217e4d28b8df4b88184ef1194d6da249494ef018ab5650ffbdc821166e0792e1ac9ef5ec60f4024e3cfb0c38a5f258471ab9d156b1d752465f1ca4dd0b0ed4c3a6d301fe508edefe25b9847b9607e97f679d4ef7ee718573efb2987e68f1f3d0b5911369748b926d18daf7c2c3b9ef67d11363cd3fbadcdeea5d023f975580c836bc922d070b9df67404190e7d382a9564eca139c4878877a376f558cffe59") (async)
close(r3)

1.146338026s ago: executing program 4 (id=451):
r0 = syz_io_uring_setup(0x49a, &(0x7f0000000400)={0x0, 0x79af, 0x3180, 0x2, 0x40024e}, &(0x7f0000000340)=<r1=>0x0, &(0x7f0000000040))
r2 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000280), 0xca000, 0x0)
r3 = ioctl$KVM_CREATE_VM(r2, 0xae01, 0x0)
ioctl$KVM_CREATE_IRQCHIP(r3, 0xae60)
r4 = ioctl$KVM_CREATE_VCPU(r3, 0xae41, 0x0)
ioctl$KVM_SET_MP_STATE(r4, 0x4004ae99, &(0x7f00000001c0)=0x3)
ioctl$KVM_CAP_HALT_POLL(r3, 0x4068aea3, &(0x7f0000000480)={0xb6, 0x0, 0x200000})
ioctl$KVM_SET_LAPIC(r4, 0x4400ae8f, &(0x7f0000000880)={"6cdd4237dd245c8404721efdc9c8dc1964125fa96fa42b761c6ec25b2bec0ba4c81036c93a40c8a4d4412a763b00040000000000003c5ca206c047ecee377abaece4b88378e38e06c5fc191f361d264ffa8b46485f02baee1ab6b8154252066178868d1ef4b53605f70000000000007c21a984c2b9ca4bbb7a87165c0c1dbc75d7ea4df1001000000000694525952f44500a1f0db509c32cc7ace842c28f37f06e4ea9f1e5f0c6c379f9cc7f00000000000000814618e976832d4e48cc41bb5a6baa41d614f6c8941bee805954a62d196a4e8d4bf6b21224b57f530d0000c1b1f2ffffa1f5c5dc34cf2645cbc11c4562d22db88d0edc5daee171cc04d96d9ec2db07478f347edbd6424923ad4a5672b1b285c7988c4ec0922c655ff600000000c00dc290d936d93236051fadfb4b95d02c0bda7ce39dabb7cd103fe4d0c9c963cd717a77f8df8d46099b1f580968af6afbbc19db161c6df3e7c9c71bc08a282fc2c142856b5e4caff4c0a4f7d5959120dcd2c569319d6e9bb2058d023f669a64fc7d9684b45b00000000364673dcfa9435ea5a2ff23c4bb5c5acb290e8976dcac779ff0000f5620000003d4e185afe28a774b99d3890bd37428617de4c0300000019ce31054182fd098af7b7f1b1152c691611f897558d4b755cb783978d9859b0537b05b623dcb5c4ca9317471a40fa4998cca80e961efffb4e1aa25d8a17deef0c8694c4395fc99be3c3fe7aeb8af4929ce7d346ca70c340d494b92d19cc930bb8a5f8b4da8f4603ac0c3b698384e17a570dc8524823f215af4ecfabb4b2541d3c114b7bba1c21a845c9cf0d1cc24aba47e30f558b2246ad95ccf7d2f80cc0ab26f08336ea1a33b79cf35b89a537016eb211a1734c7af076e15453e3351917988f66df7df4557c91024a8dc130a28ef5f63ad07b39c8d23b85cf434e065e8a29a80047fe17dee6f63435fa70f85398350f78b1ca9d74ea6a9ae12ab367c0de2659cc38d2f33ddd86e0597d33361eada133b5132145fa4525c488c7fffd6ceda6e9a02ebd97ced6b0161f2cc84615ceb8b18883299c636e9e46724a9a0600a8bb02f3e489631def9f126c25ba4f37caf9dd8768ddbc02a484c345c3eff254297b1dbb04989c3f9f3c7b3c985c39b1d3c23e80613e28387e955722905f624b8ee0c379632ff47c5b6f280472935af74e97a5a8110a4d74496fce8ec82ddb010100000000000001a047526865c888c9ff36056cc4ad258021e1581d43badaaec6cc5a2ef989de9801fe6c9c46bffbe9dd03970800000000000000d372bdd60200c1ecf63c230406114d0fba2bd1c69ec1381b1cec6ddaa76e186719d81916430000000200000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000100"})
ioctl$KVM_RUN(r4, 0xae80, 0x0)
r5 = openat$procfs(0xffffffffffffff9c, &(0x7f0000000080)='/proc/mdstat\x00', 0x0, 0x0)
write$smackfs_netlabel(r5, &(0x7f00000000c0)=ANY=[@ANYBLOB='00000000000000000008.000000000000000327?9.00000000000000000001.09223;72036854775809./00000000000000000005 \x00\x00'], 0x6c)
syz_memcpy_off$IO_URING_METADATA_GENERIC(r1, 0x4, &(0x7f0000000000)=0xffb, 0x0, 0x4)
io_uring_enter(r0, 0x624, 0x7a94, 0x49, 0x0, 0x0)
ioctl$VHOST_VDPA_SET_STATUS(r5, 0x4001af72, &(0x7f0000000140)=0x5)
ioctl$BTRFS_IOC_GET_SUPPORTED_FEATURES(r0, 0x80489439, &(0x7f0000000180))

547.573331ms ago: executing program 1 (id=452):
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
prlimit64(0x0, 0xe, &(0x7f00000003c0)={0x4, 0x80100008b}, 0x0)
sched_setaffinity(0x0, 0x11, &(0x7f0000000180)=0x1400200bce)
sched_setscheduler(0x0, 0x1, &(0x7f0000002200)=0x1)
syz_usb_connect(0x2, 0x24, &(0x7f0000000100)=ANY=[@ANYBLOB="1201000011620140480b05101e8c00000001090212000100000000090401"], 0x0)
r0 = syz_open_dev$I2C(&(0x7f0000000000), 0x1, 0x402)
ioctl$I2C_RDWR(r0, 0x707, &(0x7f0000000a40)={&(0x7f0000000140)=[{0x18, 0x4000, 0x2, &(0x7f00000001c0)='\x00\x00'}, {0x2, 0x201, 0x0, 0x0}], 0x2})
r1 = socket$inet6_udplite(0xa, 0x2, 0x88)
setsockopt$IP6T_SO_SET_REPLACE(r1, 0x29, 0x40, &(0x7f0000000580)=@filter={'filter\x00', 0x2, 0x4, 0x3a0, 0xffffffff, 0xd0, 0x0, 0xd0, 0xfeffffff, 0xffffffff, 0x2d0, 0x2d0, 0x2d0, 0xffffffff, 0x4, 0x0, {[{{@ipv6={@dev, @mcast1, [], [], 'macsec0\x00', 'bond_slave_0\x00', {}, {}, 0x6, 0x0, 0x7, 0x45}, 0x2f2, 0xa8, 0xd0}, @REJECT={0x28, 'REJECT\x00', 0x0, {0x6}}}, {{@ipv6={@initdev={0xfe, 0x88, '\x00', 0x0, 0x0}, @empty, [], [], 'sit0\x00', 'dvmrp0\x00'}, 0x0, 0xa8, 0xd0}, @REJECT={0x28}}, {{@uncond, 0x0, 0x108, 0x130, 0x0, {}, [@common=@srh={{0x30}}, @common=@unspec=@mark={{0x30}}]}, @common=@unspec=@STANDARD={0x28, '\x00', 0x0, 0xfffffffffffffffb}}], {{'\x00', 0x0, 0xa8, 0xd0}, {0x28}}}}, 0x400)
r2 = syz_open_dev$MSR(&(0x7f00000001c0), 0x0, 0x0)
read$msr(r2, &(0x7f0000002700)=""/102392, 0x18ff8)
sendmsg$BATADV_CMD_GET_TRANSTABLE_LOCAL(0xffffffffffffffff, &(0x7f00000004c0)={0x0, 0x0, &(0x7f0000000440)={0x0}, 0x1, 0x0, 0x0, 0x11}, 0x40)
socket$nl_generic(0x10, 0x3, 0x10)
syz_genetlink_get_family_id$batadv(&(0x7f0000000080), 0xffffffffffffffff)
r3 = socket$inet6_mptcp(0xa, 0x1, 0x106)
ioctl$sock_SIOCGIFINDEX(r3, 0x8933, &(0x7f0000000cc0)={'batadv_slave_1\x00'})
setsockopt$IP6T_SO_SET_REPLACE(0xffffffffffffffff, 0x29, 0x40, &(0x7f0000000440)=@raw={'raw\x00', 0x8, 0x3, 0x4c8, 0x170, 0xffffffff, 0xffffffff, 0x170, 0xffffffff, 0x3f8, 0xffffffff, 0xffffffff, 0x3f8, 0xffffffff, 0x3, 0x0, {[{{@ipv6={@private0, @mcast2, [], [], 'veth0_macvtap\x00', 'dvmrp1\x00'}, 0x0, 0x148, 0x170, 0x0, {}, [@common=@unspec=@helper={{0x48}}, @common=@inet=@hashlimit1={{0x58}, {'bond_slave_1\x00', {0x41, 0x1ff, 0x6, 0xb0e2, 0x10001, 0x84e, 0xfffffffb, 0x18, 0x8}, {0x1}}}]}, @common=@unspec=@NFQUEUE0={0x28}}, {{@ipv6={@remote, @ipv4={'\x00', '\xff\xff', @dev}, [], [], 'erspan0\x00', 'gre0\x00'}, 0x0, 0x258, 0x288, 0x0, {}, [@common=@inet=@hashlimit1={{0x58}, {'pim6reg\x00', {0x0, 0x0, 0x5, 0x0, 0x0, 0x7, 0x3ff}}}, @common=@inet=@hashlimit3={{0x158}, {'vcan0\x00', {0x3, 0x0, 0x41, 0x0, 0x2, 0x1000, 0x6, 0x3}}}]}, @common=@unspec=@CONNMARK={0x30}}], {{'\x00', 0x0, 0xa8, 0xd0}, {0x28, '\x00', 0x7}}}}, 0x528)
syz_emit_ethernet(0x55, &(0x7f0000000000)={@broadcast, @empty, @void, {@ipv6={0x86dd, @icmpv6={0x7, 0x6, "000001", 0x1f, 0x3a, 0x1, @empty, @mcast2, {[], @echo_reply={0x81, 0x0, 0x0, 0x3, 0x200, "916e00358ef4f639e1e5990af432d203cf97babc6c3ce0"}}}}}}, 0x0)

529.177059ms ago: executing program 3 (id=453):
r0 = socket$inet6_tcp(0xa, 0x1, 0x0)
ioctl$ifreq_SIOCGIFINDEX_batadv_hard(r0, 0x8933, &(0x7f0000000080)={'batadv_slave_1\x00', <r1=>0x0})
ioctl$sock_inet6_SIOCADDRT(r0, 0x890b, &(0x7f00000002c0)={@private1, @rand_addr=' \x01\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x01', @dev={0xfe, 0x80, '\x00', 0x37}, 0x0, 0xb, 0x0, 0x100, 0x4, 0xa0280, r1})
r2 = syz_usb_connect(0x0, 0x24, &(0x7f0000000000)=ANY=[@ANYBLOB="12010000a3b370086d04ae085811f1010301090212000d000000000904"], 0x0)
syz_usb_control_io$uac1(r2, 0x0, 0x0)
syz_usb_disconnect(r2)

0s ago: executing program 4 (id=454):
socket$nl_generic(0x10, 0x3, 0x10)
r0 = socket$inet6_tcp(0xa, 0x1, 0x0)
close(r0)
r1 = socket$inet6_mptcp(0xa, 0x1, 0x106)
bind$inet6(r0, &(0x7f0000000080)={0xa, 0x4e22, 0x0, @empty}, 0x1c)
getsockopt$inet6_mptcp_buf(r1, 0x11c, 0x3, &(0x7f00000000c0)=""/160, &(0x7f0000000180)=0xa0)
listen(r1, 0x0)
r2 = socket$inet_mptcp(0x2, 0x1, 0x106)
connect$inet(r2, &(0x7f0000000000)={0x2, 0x4e22, @local}, 0x10)
openat$ocfs2_control(0xffffffffffffff9c, &(0x7f0000000000), 0x21182, 0x0)
openat$rdma_cm(0xffffffffffffff9c, &(0x7f00000000c0), 0x2, 0x0)
socket$inet6_tcp(0xa, 0x1, 0x0)
r3 = gettid()
r4 = openat$rfkill(0xffffffffffffff9c, &(0x7f0000000180), 0x40e02, 0x0)
write$rfkill(r4, &(0x7f0000000300)={0x0, 0x2, 0x3, 0x1, 0x1}, 0x8)
shmget$private(0x0, 0x2000, 0x800, &(0x7f0000ffd000/0x2000)=nil)
write$rfkill(r4, &(0x7f0000000080)={0x53, 0x8, 0x0, 0x1, 0xcc}, 0x8)
timer_create(0x0, &(0x7f0000000040)={0x0, 0x21, 0x800000000004, @tid=r3}, &(0x7f0000bbdffc))
timer_settime(0x0, 0x1, &(0x7f0000000280)={{0x0, 0x989680}, {0x0, 0x989680}}, 0x0)
ioctl$PPPIOCSPASS(0xffffffffffffffff, 0x40107447, &(0x7f00000001c0)={0x1, &(0x7f0000000100)=[{0x6, 0x4, 0xe, 0x7}]})
socket$igmp6(0xa, 0x3, 0x2)
ioctl$EXT4_IOC_MIGRATE(0xffffffffffffffff, 0xff09)
r5 = syz_open_procfs(r3, 0x0)
r6 = socket$key(0xf, 0x3, 0x2)
recvmmsg(r6, &(0x7f0000000440), 0x6f5, 0x2, &(0x7f0000000480)={0x77359400})
sendmsg$key(r6, 0x0, 0x40)
r7 = socket$nl_generic(0x10, 0x3, 0x10)
r8 = syz_genetlink_get_family_id$mptcp(&(0x7f0000000000), 0xffffffffffffffff)
sendmsg$MPTCP_PM_CMD_ADD_ADDR(r7, &(0x7f0000000400)={0x0, 0x0, &(0x7f0000000040)={&(0x7f0000000200)=ANY=[@ANYRESOCT=r5, @ANYRES16=r8, @ANYBLOB='<\x00\x00\x00', @ANYRES16=r0], 0x3c}, 0x1, 0x0, 0x0, 0x4000000}, 0x4004004)

kernel console output (not intermixed with test programs):

Warning: Permanently added '10.128.1.113' (ED25519) to the list of known hosts.
[   86.424806][ T5822] cgroup: Unknown subsys name 'net'
[   86.563529][ T5822] cgroup: Unknown subsys name 'cpuset'
[   86.573438][ T5822] cgroup: Unknown subsys name 'rlimit'
Setting up swapspace version 1, size = 127995904 bytes
[   88.473375][ T5822] Adding 124996k swap on ./swap-file.  Priority:0 extents:1 across:124996k 
[   91.962104][    T9] cfg80211: failed to load regulatory.db
[   93.562554][ T5838] Bluetooth: hci0: unexpected cc 0x0c03 length: 249 > 1
[   93.576773][ T5848] Bluetooth: hci2: unexpected cc 0x0c03 length: 249 > 1
[   93.585384][ T5850] Bluetooth: hci0: unexpected cc 0x1003 length: 249 > 9
[   93.593819][ T5850] Bluetooth: hci1: unexpected cc 0x0c03 length: 249 > 1
[   93.601785][ T5850] Bluetooth: hci2: unexpected cc 0x1003 length: 249 > 9
[   93.610454][ T5850] Bluetooth: hci4: unexpected cc 0x0c03 length: 249 > 1
[   93.620376][ T5850] Bluetooth: hci1: unexpected cc 0x1003 length: 249 > 9
[   93.628260][ T5850] Bluetooth: hci2: unexpected cc 0x1001 length: 249 > 9
[   93.636335][ T5850] Bluetooth: hci4: unexpected cc 0x1003 length: 249 > 9
[   93.639762][ T5848] Bluetooth: hci3: unexpected cc 0x0c03 length: 249 > 1
[   93.645854][ T5850] Bluetooth: hci1: unexpected cc 0x1001 length: 249 > 9
[   93.658677][ T5850] Bluetooth: hci4: unexpected cc 0x1001 length: 249 > 9
[   93.668580][ T5853] Bluetooth: hci1: unexpected cc 0x0c23 length: 249 > 4
[   93.669572][ T5852] Bluetooth: hci2: unexpected cc 0x0c23 length: 249 > 4
[   93.676129][ T5853] Bluetooth: hci4: unexpected cc 0x0c23 length: 249 > 4
[   93.691424][ T5853] Bluetooth: hci4: unexpected cc 0x0c38 length: 249 > 2
[   93.698721][ T5850] Bluetooth: hci1: unexpected cc 0x0c38 length: 249 > 2
[   93.699650][ T5852] Bluetooth: hci2: unexpected cc 0x0c38 length: 249 > 2
[   93.709288][ T5850] Bluetooth: hci3: unexpected cc 0x1003 length: 249 > 9
[   93.721042][ T5838] Bluetooth: hci3: unexpected cc 0x1001 length: 249 > 9
[   93.732667][ T5852] Bluetooth: hci3: unexpected cc 0x0c23 length: 249 > 4
[   93.744938][ T5851] Bluetooth: hci0: unexpected cc 0x1001 length: 249 > 9
[   93.753720][ T5838] Bluetooth: hci3: unexpected cc 0x0c38 length: 249 > 2
[   93.779395][ T5844] Bluetooth: hci0: unexpected cc 0x0c23 length: 249 > 4
[   93.790520][ T5844] Bluetooth: hci0: unexpected cc 0x0c38 length: 249 > 2
[   94.447711][ T5837] chnl_net:caif_netlink_parms(): no params data found
[   94.662200][ T5835] chnl_net:caif_netlink_parms(): no params data found
[   94.718671][ T5839] chnl_net:caif_netlink_parms(): no params data found
[   94.761769][ T5845] chnl_net:caif_netlink_parms(): no params data found
[   94.888985][ T5840] chnl_net:caif_netlink_parms(): no params data found
[   94.915045][ T5837] bridge0: port 1(bridge_slave_0) entered blocking state
[   94.922969][ T5837] bridge0: port 1(bridge_slave_0) entered disabled state
[   94.931127][ T5837] bridge_slave_0: entered allmulticast mode
[   94.938321][ T5837] bridge_slave_0: entered promiscuous mode
[   94.991677][ T5837] bridge0: port 2(bridge_slave_1) entered blocking state
[   94.998916][ T5837] bridge0: port 2(bridge_slave_1) entered disabled state
[   95.006685][ T5837] bridge_slave_1: entered allmulticast mode
[   95.014271][ T5837] bridge_slave_1: entered promiscuous mode
[   95.042314][ T5835] bridge0: port 1(bridge_slave_0) entered blocking state
[   95.050470][ T5835] bridge0: port 1(bridge_slave_0) entered disabled state
[   95.057657][ T5835] bridge_slave_0: entered allmulticast mode
[   95.065486][ T5835] bridge_slave_0: entered promiscuous mode
[   95.139272][ T5835] bridge0: port 2(bridge_slave_1) entered blocking state
[   95.146566][ T5835] bridge0: port 2(bridge_slave_1) entered disabled state
[   95.154382][ T5835] bridge_slave_1: entered allmulticast mode
[   95.165043][ T5835] bridge_slave_1: entered promiscuous mode
[   95.174993][ T5837] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link
[   95.188561][ T5837] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link
[   95.301617][ T5839] bridge0: port 1(bridge_slave_0) entered blocking state
[   95.308823][ T5839] bridge0: port 1(bridge_slave_0) entered disabled state
[   95.316411][ T5839] bridge_slave_0: entered allmulticast mode
[   95.324169][ T5839] bridge_slave_0: entered promiscuous mode
[   95.336615][ T5835] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link
[   95.350030][ T5835] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link
[   95.372565][ T5845] bridge0: port 1(bridge_slave_0) entered blocking state
[   95.380108][ T5845] bridge0: port 1(bridge_slave_0) entered disabled state
[   95.387271][ T5845] bridge_slave_0: entered allmulticast mode
[   95.395747][ T5845] bridge_slave_0: entered promiscuous mode
[   95.413215][ T5839] bridge0: port 2(bridge_slave_1) entered blocking state
[   95.420678][ T5839] bridge0: port 2(bridge_slave_1) entered disabled state
[   95.427877][ T5839] bridge_slave_1: entered allmulticast mode
[   95.436533][ T5839] bridge_slave_1: entered promiscuous mode
[   95.472950][ T5837] team0: Port device team_slave_0 added
[   95.479148][ T5845] bridge0: port 2(bridge_slave_1) entered blocking state
[   95.486525][ T5845] bridge0: port 2(bridge_slave_1) entered disabled state
[   95.493778][ T5845] bridge_slave_1: entered allmulticast mode
[   95.501686][ T5845] bridge_slave_1: entered promiscuous mode
[   95.551984][ T5837] team0: Port device team_slave_1 added
[   95.562090][ T5835] team0: Port device team_slave_0 added
[   95.597727][ T5839] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link
[   95.611522][ T5839] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link
[   95.623370][ T5835] team0: Port device team_slave_1 added
[   95.656652][ T5840] bridge0: port 1(bridge_slave_0) entered blocking state
[   95.664213][ T5840] bridge0: port 1(bridge_slave_0) entered disabled state
[   95.671877][ T5840] bridge_slave_0: entered allmulticast mode
[   95.679105][ T5840] bridge_slave_0: entered promiscuous mode
[   95.763125][ T5837] batman_adv: batadv0: Adding interface: batadv_slave_0
[   95.770168][ T5837] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[   95.796402][ T5837] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active
[   95.807879][ T5156] Bluetooth: hci4: command tx timeout
[   95.807887][ T5844] Bluetooth: hci1: command tx timeout
[   95.808097][ T5844] Bluetooth: hci2: command tx timeout
[   95.824092][ T5845] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link
[   95.834410][ T5840] bridge0: port 2(bridge_slave_1) entered blocking state
[   95.844187][ T5840] bridge0: port 2(bridge_slave_1) entered disabled state
[   95.851806][ T5840] bridge_slave_1: entered allmulticast mode
[   95.858996][ T5840] bridge_slave_1: entered promiscuous mode
[   95.869365][ T5839] team0: Port device team_slave_0 added
[   95.876456][ T5835] batman_adv: batadv0: Adding interface: batadv_slave_0
[   95.883604][ T5844] Bluetooth: hci0: command tx timeout
[   95.889241][ T5835] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[   95.890145][ T5844] Bluetooth: hci3: command tx timeout
[   95.919634][ T5835] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active
[   95.934679][ T5835] batman_adv: batadv0: Adding interface: batadv_slave_1
[   95.941772][ T5835] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[   95.968431][ T5835] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active
[   95.981121][ T5837] batman_adv: batadv0: Adding interface: batadv_slave_1
[   95.988098][ T5837] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[   96.014540][ T5837] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active
[   96.027669][ T5845] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link
[   96.055576][ T5839] team0: Port device team_slave_1 added
[   96.155512][ T5840] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link
[   96.170377][ T5840] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link
[   96.181484][ T5839] batman_adv: batadv0: Adding interface: batadv_slave_0
[   96.188631][ T5839] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[   96.215021][ T5839] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active
[   96.228226][ T5839] batman_adv: batadv0: Adding interface: batadv_slave_1
[   96.235316][ T5839] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[   96.261987][ T5839] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active
[   96.306697][ T5845] team0: Port device team_slave_0 added
[   96.354437][ T5835] hsr_slave_0: entered promiscuous mode
[   96.361704][ T5835] hsr_slave_1: entered promiscuous mode
[   96.371577][ T5845] team0: Port device team_slave_1 added
[   96.394570][ T5840] team0: Port device team_slave_0 added
[   96.404105][ T5840] team0: Port device team_slave_1 added
[   96.432310][ T5837] hsr_slave_0: entered promiscuous mode
[   96.438911][ T5837] hsr_slave_1: entered promiscuous mode
[   96.446033][ T5837] debugfs: Directory 'hsr0' with parent 'hsr' already present!
[   96.454113][ T5837] Cannot create hsr debugfs directory
[   96.578430][ T5845] batman_adv: batadv0: Adding interface: batadv_slave_0
[   96.585922][ T5845] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[   96.612560][ T5845] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active
[   96.626232][ T5845] batman_adv: batadv0: Adding interface: batadv_slave_1
[   96.634406][ T5845] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[   96.660580][ T5845] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active
[   96.677921][ T5839] hsr_slave_0: entered promiscuous mode
[   96.684608][ T5839] hsr_slave_1: entered promiscuous mode
[   96.691368][ T5839] debugfs: Directory 'hsr0' with parent 'hsr' already present!
[   96.698944][ T5839] Cannot create hsr debugfs directory
[   96.705542][ T5840] batman_adv: batadv0: Adding interface: batadv_slave_0
[   96.712895][ T5840] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[   96.738902][ T5840] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active
[   96.751986][ T5840] batman_adv: batadv0: Adding interface: batadv_slave_1
[   96.758977][ T5840] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[   96.785448][ T5840] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active
[   96.951711][ T5845] hsr_slave_0: entered promiscuous mode
[   96.957978][ T5845] hsr_slave_1: entered promiscuous mode
[   96.964336][ T5845] debugfs: Directory 'hsr0' with parent 'hsr' already present!
[   96.972395][ T5845] Cannot create hsr debugfs directory
[   97.055653][ T5840] hsr_slave_0: entered promiscuous mode
[   97.062220][ T5840] hsr_slave_1: entered promiscuous mode
[   97.068330][ T5840] debugfs: Directory 'hsr0' with parent 'hsr' already present!
[   97.076119][ T5840] Cannot create hsr debugfs directory
[   97.563704][ T5837] netdevsim netdevsim3 netdevsim0: renamed from eth0
[   97.579464][ T5837] netdevsim netdevsim3 netdevsim1: renamed from eth1
[   97.601730][ T5837] netdevsim netdevsim3 netdevsim2: renamed from eth2
[   97.624278][ T5837] netdevsim netdevsim3 netdevsim3: renamed from eth3
[   97.676726][ T5835] netdevsim netdevsim0 netdevsim0: renamed from eth0
[   97.693214][ T5835] netdevsim netdevsim0 netdevsim1: renamed from eth1
[   97.704908][ T5835] netdevsim netdevsim0 netdevsim2: renamed from eth2
[   97.718225][ T5835] netdevsim netdevsim0 netdevsim3: renamed from eth3
[   97.809256][ T5839] netdevsim netdevsim2 netdevsim0: renamed from eth0
[   97.826909][ T5839] netdevsim netdevsim2 netdevsim1: renamed from eth1
[   97.842629][ T5839] netdevsim netdevsim2 netdevsim2: renamed from eth2
[   97.861878][ T5839] netdevsim netdevsim2 netdevsim3: renamed from eth3
[   97.880808][ T5851] Bluetooth: hci1: command tx timeout
[   97.885442][ T5156] Bluetooth: hci2: command tx timeout
[   97.886355][ T5844] Bluetooth: hci4: command tx timeout
[   97.960501][ T5844] Bluetooth: hci3: command tx timeout
[   97.960664][ T5156] Bluetooth: hci0: command tx timeout
[   98.028869][ T5840] netdevsim netdevsim4 netdevsim0: renamed from eth0
[   98.058153][ T5840] netdevsim netdevsim4 netdevsim1: renamed from eth1
[   98.084240][ T5840] netdevsim netdevsim4 netdevsim2: renamed from eth2
[   98.095570][ T5840] netdevsim netdevsim4 netdevsim3: renamed from eth3
[   98.177248][ T5837] 8021q: adding VLAN 0 to HW filter on device bond0
[   98.214987][ T5835] 8021q: adding VLAN 0 to HW filter on device bond0
[   98.265053][ T5835] 8021q: adding VLAN 0 to HW filter on device team0
[   98.278847][ T5845] netdevsim netdevsim1 netdevsim0: renamed from eth0
[   98.295636][ T5845] netdevsim netdevsim1 netdevsim1: renamed from eth1
[   98.325275][ T5837] 8021q: adding VLAN 0 to HW filter on device team0
[   98.333112][ T5845] netdevsim netdevsim1 netdevsim2: renamed from eth2
[   98.345486][ T5845] netdevsim netdevsim1 netdevsim3: renamed from eth3
[   98.382223][   T49] bridge0: port 1(bridge_slave_0) entered blocking state
[   98.389737][   T49] bridge0: port 1(bridge_slave_0) entered forwarding state
[   98.425211][   T49] bridge0: port 1(bridge_slave_0) entered blocking state
[   98.432458][   T49] bridge0: port 1(bridge_slave_0) entered forwarding state
[   98.467646][   T49] bridge0: port 2(bridge_slave_1) entered blocking state
[   98.475107][   T49] bridge0: port 2(bridge_slave_1) entered forwarding state
[   98.513388][   T61] bridge0: port 2(bridge_slave_1) entered blocking state
[   98.520673][   T61] bridge0: port 2(bridge_slave_1) entered forwarding state
[   98.547697][ T5839] 8021q: adding VLAN 0 to HW filter on device bond0
[   98.714572][ T5839] 8021q: adding VLAN 0 to HW filter on device team0
[   98.748622][ T5840] 8021q: adding VLAN 0 to HW filter on device bond0
[   98.808171][   T13] bridge0: port 1(bridge_slave_0) entered blocking state
[   98.815426][   T13] bridge0: port 1(bridge_slave_0) entered forwarding state
[   98.862709][ T5840] 8021q: adding VLAN 0 to HW filter on device team0
[   98.919244][   T13] bridge0: port 2(bridge_slave_1) entered blocking state
[   98.926514][   T13] bridge0: port 2(bridge_slave_1) entered forwarding state
[   98.986543][   T13] bridge0: port 1(bridge_slave_0) entered blocking state
[   98.993969][   T13] bridge0: port 1(bridge_slave_0) entered forwarding state
[   99.021748][   T13] bridge0: port 2(bridge_slave_1) entered blocking state
[   99.028964][   T13] bridge0: port 2(bridge_slave_1) entered forwarding state
[   99.168165][ T5839] hsr0: Slave B (hsr_slave_1) is not up; please bring it up to get a fully working HSR network
[   99.198798][ T5845] 8021q: adding VLAN 0 to HW filter on device bond0
[   99.241119][ T5840] hsr0: Slave B (hsr_slave_1) is not up; please bring it up to get a fully working HSR network
[   99.273298][ T5837] 8021q: adding VLAN 0 to HW filter on device batadv0
[   99.285556][ T5835] 8021q: adding VLAN 0 to HW filter on device batadv0
[   99.328033][ T5845] 8021q: adding VLAN 0 to HW filter on device team0
[   99.412381][   T56] bridge0: port 1(bridge_slave_0) entered blocking state
[   99.420130][   T56] bridge0: port 1(bridge_slave_0) entered forwarding state
[   99.456621][ T1323] bridge0: port 2(bridge_slave_1) entered blocking state
[   99.463895][ T1323] bridge0: port 2(bridge_slave_1) entered forwarding state
[   99.617957][ T5835] veth0_vlan: entered promiscuous mode
[   99.696650][ T5837] veth0_vlan: entered promiscuous mode
[   99.713687][ T5835] veth1_vlan: entered promiscuous mode
[   99.742464][ T5839] 8021q: adding VLAN 0 to HW filter on device batadv0
[   99.760131][ T5837] veth1_vlan: entered promiscuous mode
[   99.825493][ T5840] 8021q: adding VLAN 0 to HW filter on device batadv0
[   99.863134][ T5835] veth0_macvtap: entered promiscuous mode
[   99.913314][ T5835] veth1_macvtap: entered promiscuous mode
[   99.969865][ T5156] Bluetooth: hci4: command tx timeout
[   99.970054][ T5844] Bluetooth: hci1: command tx timeout
[   99.975309][ T5156] Bluetooth: hci2: command tx timeout
[  100.007109][ T5837] veth0_macvtap: entered promiscuous mode
[  100.041097][ T5156] Bluetooth: hci3: command tx timeout
[  100.043745][ T5844] Bluetooth: hci0: command tx timeout
[  100.063088][ T5837] veth1_macvtap: entered promiscuous mode
[  100.071937][ T5839] veth0_vlan: entered promiscuous mode
[  100.087269][ T5835] batman_adv: batadv0: Interface activated: batadv_slave_0
[  100.127771][ T5839] veth1_vlan: entered promiscuous mode
[  100.144946][ T5835] batman_adv: batadv0: Interface activated: batadv_slave_1
[  100.175444][ T5837] batman_adv: batadv0: Interface activated: batadv_slave_0
[  100.217272][ T5835] netdevsim netdevsim0 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0
[  100.229870][ T5835] netdevsim netdevsim0 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0
[  100.238622][ T5835] netdevsim netdevsim0 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0
[  100.248591][ T5835] netdevsim netdevsim0 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0
[  100.271308][ T5837] batman_adv: batadv0: Interface activated: batadv_slave_1
[  100.309213][ T5837] netdevsim netdevsim3 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0
[  100.320438][ T5837] netdevsim netdevsim3 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0
[  100.329192][ T5837] netdevsim netdevsim3 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0
[  100.340302][ T5837] netdevsim netdevsim3 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0
[  100.357242][ T5839] veth0_macvtap: entered promiscuous mode
[  100.430514][ T5839] veth1_macvtap: entered promiscuous mode
[  100.502365][ T5845] 8021q: adding VLAN 0 to HW filter on device batadv0
[  100.584695][ T5839] batman_adv: batadv0: Interface activated: batadv_slave_0
[  100.615123][ T5839] batman_adv: batadv0: Interface activated: batadv_slave_1
[  100.629629][   T13] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[  100.638249][   T13] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50
[  100.669191][ T5839] netdevsim netdevsim2 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0
[  100.679285][ T5839] netdevsim netdevsim2 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0
[  100.689847][ T5839] netdevsim netdevsim2 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0
[  100.698598][ T5839] netdevsim netdevsim2 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0
[  100.832756][   T61] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[  100.846670][   T61] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50
[  100.869011][ T5845] veth0_vlan: entered promiscuous mode
[  100.884380][   T61] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[  100.892827][   T61] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50
[  100.910990][ T5840] veth0_vlan: entered promiscuous mode
[  100.935214][ T5845] veth1_vlan: entered promiscuous mode
[  100.988487][   T61] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[  100.988730][ T5840] veth1_vlan: entered promiscuous mode
[  101.008255][   T61] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50
[  101.073624][   T49] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[  101.080522][ T5835] soft_limit_in_bytes is deprecated and will be removed. Please report your usecase to linux-mm@kvack.org if you depend on this functionality.
[  101.089667][   T49] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50
[  101.192016][   T13] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[  101.220927][   T13] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50
[  101.264865][ T5840] veth0_macvtap: entered promiscuous mode
[  101.291694][ T5845] veth0_macvtap: entered promiscuous mode
[  101.672531][ T5840] veth1_macvtap: entered promiscuous mode
[  101.914852][ T5845] veth1_macvtap: entered promiscuous mode
[  101.931065][ T5957] xt_hashlimit: max too large, truncated to 1048576
[  102.002918][ T5840] batman_adv: batadv0: Interface activated: batadv_slave_0
[  102.036820][ T5845] batman_adv: batadv0: Interface activated: batadv_slave_0
[  102.044546][ T5844] Bluetooth: hci2: command tx timeout
[  102.050189][ T5844] Bluetooth: hci1: command tx timeout
[  102.057966][ T5844] Bluetooth: hci4: command tx timeout
[  102.104909][ T5845] batman_adv: batadv0: Interface activated: batadv_slave_1
[  102.120464][ T5844] Bluetooth: hci3: command tx timeout
[  102.155698][ T5840] batman_adv: batadv0: Interface activated: batadv_slave_1
[  102.165398][ T5845] netdevsim netdevsim1 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0
[  102.175162][ T5845] netdevsim netdevsim1 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0
[  102.184768][ T5845] netdevsim netdevsim1 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0
[  102.193852][ T5845] netdevsim netdevsim1 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0
[  102.254003][  T981] usb 4-1: new high-speed USB device number 2 using dummy_hcd
[  102.260076][ T5840] netdevsim netdevsim4 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0
[  102.272160][ T5840] netdevsim netdevsim4 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0
[  102.274191][ T5962] netlink: 188 bytes leftover after parsing attributes in process `syz.2.3'.
[  102.283438][ T5840] netdevsim netdevsim4 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0
[  102.300625][ T5840] netdevsim netdevsim4 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0
[  102.623489][  T981] usb 4-1: Using ep0 maxpacket: 32
[  102.749971][  T981] usb 4-1: New USB device found, idVendor=0fd9, idProduct=0025, bcdDevice=29.40
[  102.759227][  T981] usb 4-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  102.981486][  T981] usb 4-1: config 0 descriptor??
[  103.020065][    T0] NOHZ tick-stop error: local softirq work is pending, handler #240!!!
[  103.086200][   T61] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[  103.100780][   T61] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50
[  103.168995][   T61] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[  103.186203][   T61] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50
[  103.202853][ T5941] usb 1-1: new high-speed USB device number 2 using dummy_hcd
[  103.221953][  T981] dvb-usb: found a 'Elgato EyeTV Sat' in warm state.
[  103.262468][   T61] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[  103.268064][  T981] dvb-usb: will pass the complete MPEG2 transport stream to the software demuxer.
[  103.277169][ T5971] netlink: 4 bytes leftover after parsing attributes in process `syz.2.8'.
[  103.303689][   T61] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50
[  103.314162][  T981] dvbdev: DVB: registering new adapter (Elgato EyeTV Sat)
[  103.333659][  T981] usb 4-1: media controller created
[  103.369298][ T2958] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[  103.380081][ T5941] usb 1-1: Using ep0 maxpacket: 8
[  103.399375][  T981] dvbdev: dvb_create_media_entity: media entity 'dvb-demux' registered.
[  103.401198][ T2958] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50
[  103.402883][ T5941] usb 1-1: New USB device found, idVendor=047d, idProduct=5003, bcdDevice=2f.8c
[  103.428105][ T5957] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy
[  103.440890][ T5941] usb 1-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  103.442622][ T5957] misc raw-gadget: fail, usb_gadget_register_driver returned -16
[  103.451593][ T5941] usb 1-1: Product: syz
[  103.499402][ T5941] usb 1-1: Manufacturer: syz
[  103.535097][ T5941] usb 1-1: SerialNumber: syz
[  103.556714][ T5941] usb 1-1: config 0 descriptor??
[  103.581898][ T5941] gspca_main: se401-2.14.0 probing 047d:5003
[  103.601981][  T981] az6027: usb out operation failed. (-71)
[  103.631442][  T981] az6027: usb out operation failed. (-71)
[  103.653456][  T981] stb0899_attach: Driver disabled by Kconfig
[  103.677053][  T981] az6027: no front-end attached
[  103.677053][  T981] 
[  103.700447][   T24] usb 3-1: new full-speed USB device number 2 using dummy_hcd
[  103.723958][  T981] az6027: usb out operation failed. (-71)
[  103.751488][  T981] dvb-usb: no frontend was attached by 'Elgato EyeTV Sat'
[  103.751948][ T5974] nvme_fabrics: unknown parameter or missing value '(' in ctrl creation request
[  103.808724][  T981] input: IR-receiver inside an USB DVB receiver as /devices/platform/dummy_hcd.3/usb4/4-1/input/input5
[  103.877383][  T981] dvb-usb: schedule remote query interval to 400 msecs.
[  103.906245][   T24] usb 3-1: config 8 has an invalid interface number: 177 but max is 0
[  103.916972][  T981] dvb-usb: Elgato EyeTV Sat successfully initialized and connected.
[  103.917946][   T24] usb 3-1: config 8 has no interface number 0
[  103.952480][ T5980] Zero length message leads to an empty skb
[  103.980633][   T24] usb 3-1: config 8 interface 177 altsetting 9 endpoint 0x8 has invalid maxpacket 1023, setting to 64
[  103.989193][  T981] usb 4-1: USB disconnect, device number 2
[  104.003058][ T5941] gspca_se401: Frame size: 0x0 1/16th janggu
[  104.030563][   T24] usb 3-1: config 8 interface 177 altsetting 9 endpoint 0x4 has invalid wMaxPacketSize 0
[  104.072888][   T24] usb 3-1: config 8 interface 177 has no altsetting 0
[  104.128038][   T24] usb 3-1: New USB device found, idVendor=04d8, idProduct=fd08, bcdDevice=59.b1
[  104.183494][   T24] usb 3-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  104.237574][ T5941] input: se401 as /devices/platform/dummy_hcd.0/usb1/1-1/input/input6
[  104.250519][ T5971] raw-gadget.3 gadget.2: fail, usb_ep_enable returned -22
[  104.355498][ T5966] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy
[  104.383808][ T5966] misc raw-gadget: fail, usb_gadget_register_driver returned -16
[  104.449999][    T0] NOHZ tick-stop error: local softirq work is pending, handler #200!!!
[  104.484144][  T981] dvb-usb: Elgato EyeTV Sat successfully deinitialized and disconnected.
[  104.493603][ T5970] block nbd2: shutting down sockets
[  104.499997][   T24] usb 3-1: string descriptor 0 read error: -71
[  104.508460][   T24] ir_toy 3-1:8.177: required endpoints not found
[  104.760729][    T0] NOHZ tick-stop error: local softirq work is pending, handler #108!!!
[  104.770434][    T0] NOHZ tick-stop error: local softirq work is pending, handler #08!!!
[  104.839437][   T24] usb 3-1: USB disconnect, device number 2
[  104.880708][ T5924] usb 1-1: USB disconnect, device number 2
[  104.920768][    T0] NOHZ tick-stop error: local softirq work is pending, handler #208!!!
[  105.031009][  T981] usb 4-1: new high-speed USB device number 3 using dummy_hcd
[  105.169806][    T0] NOHZ tick-stop error: local softirq work is pending, handler #100!!!
[  105.220194][  T981] usb 4-1: Using ep0 maxpacket: 16
[  105.228665][  T981] usb 4-1: New USB device found, idVendor=0483, idProduct=1234, bcdDevice=ff.76
[  105.240661][  T981] usb 4-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  105.276485][  T981] usb 4-1: Product: syz
[  105.286600][  T981] usb 4-1: Manufacturer: syz
[  105.293463][  T981] usb 4-1: SerialNumber: syz
[  105.307032][  T981] usb 4-1: config 0 descriptor??
[  105.784884][    T0] NOHZ tick-stop error: local softirq work is pending, handler #40!!!
[  105.800367][    T0] NOHZ tick-stop error: local softirq work is pending, handler #08!!!
[  105.960049][    T0] NOHZ tick-stop error: local softirq work is pending, handler #08!!!
[  105.969052][    T0] NOHZ tick-stop error: local softirq work is pending, handler #08!!!
[  107.149796][  T981] usb 4-1: ignoring: not an USB2CAN converter
[  108.466299][   T10] usb 4-1: USB disconnect, device number 3
[  108.541110][ T6019] kvm_intel: L1TF CPU bug present and SMT on, data leak possible. See CVE-2018-3646 and https://www.kernel.org/doc/html/latest/admin-guide/hw-vuln/l1tf.html for details.
[  108.561493][ T6017] process 'syz.2.15' launched './file2' with NULL argv: empty string added
[  109.339021][   T30] audit: type=1326 audit(1754771194.002:2): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=6027 comm="syz.4.18" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f077a98ebe9 code=0x7ffc0000
[  109.459592][   T30] audit: type=1326 audit(1754771194.002:3): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=6027 comm="syz.4.18" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f077a98ebe9 code=0x7ffc0000
[  109.629638][   T30] audit: type=1326 audit(1754771194.002:4): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=6027 comm="syz.4.18" exe="/root/syz-executor" sig=0 arch=c000003e syscall=321 compat=0 ip=0x7f077a98ebe9 code=0x7ffc0000
[  109.784729][   T30] audit: type=1326 audit(1754771194.002:5): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=6027 comm="syz.4.18" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f077a98ebe9 code=0x7ffc0000
[  109.805880][    C0] vkms_vblank_simulate: vblank timer overrun
[  109.979771][   T30] audit: type=1326 audit(1754771194.002:6): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=6027 comm="syz.4.18" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f077a98ebe9 code=0x7ffc0000
[  110.095855][   T30] audit: type=1326 audit(1754771194.002:7): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=6027 comm="syz.4.18" exe="/root/syz-executor" sig=0 arch=c000003e syscall=257 compat=0 ip=0x7f077a98ebe9 code=0x7ffc0000
[  110.159756][ T6033] netlink: 36 bytes leftover after parsing attributes in process `syz.3.21'.
[  110.230432][ T6033] netlink: 'syz.3.21': attribute type 10 has an invalid length.
[  110.246866][   T30] audit: type=1326 audit(1754771194.002:8): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=6027 comm="syz.4.18" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f077a98ebe9 code=0x7ffc0000
[  110.355968][   T30] audit: type=1326 audit(1754771194.002:9): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=6027 comm="syz.4.18" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f077a98ebe9 code=0x7ffc0000
[  110.436002][ T6041] cgroup: Bad value for 'name'
[  110.448359][   T30] audit: type=1326 audit(1754771194.002:10): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=6027 comm="syz.4.18" exe="/root/syz-executor" sig=0 arch=c000003e syscall=321 compat=0 ip=0x7f077a98ebe9 code=0x7ffc0000
[  110.480667][ T6042] netlink: 'syz.2.23': attribute type 1 has an invalid length.
[  110.555318][ T6036] 9pnet: Could not find request transport: 0xffffffffffffffff
[  110.590949][ T6042] netlink: 244 bytes leftover after parsing attributes in process `syz.2.23'.
[  110.628921][   T30] audit: type=1326 audit(1754771194.002:11): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=6027 comm="syz.4.18" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f077a98ebe9 code=0x7ffc0000
[  111.486521][ T6056] warning: `syz.4.25' uses wireless extensions which will stop working for Wi-Fi 7 hardware; use nl80211
[  112.325733][ T6061] netlink: 24 bytes leftover after parsing attributes in process `syz.4.27'.
[  112.579773][   T10] usb 5-1: new high-speed USB device number 2 using dummy_hcd
[  112.854218][   T10] usb 5-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config
[  112.945463][ T6073] =======================================================
[  112.945463][ T6073] WARNING: The mand mount option has been deprecated and
[  112.945463][ T6073]          and is ignored by this kernel. Remove the mand
[  112.945463][ T6073]          option from the mount to silence this warning.
[  112.945463][ T6073] =======================================================
[  112.998090][ T6073] syz_tun: entered allmulticast mode
[  113.050049][ T6073] dvmrp1: entered allmulticast mode
[  113.164630][ T6073] overlayfs: fs on './file0' does not support file handles, falling back to index=off,nfs_export=off.
[  113.476434][   T10] usb 5-1: config 0 interface 0 altsetting 0 has an endpoint descriptor with address 0xA1, changing to 0x81
[  113.488226][   T10] usb 5-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7
[  113.499996][   T10] usb 5-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0
[  113.531109][ T6070] syz_tun: left allmulticast mode
[  113.539619][   T10] usb 5-1: config 0 interface 0 altsetting 0 endpoint 0xB has invalid wMaxPacketSize 0
[  113.575202][   T10] usb 5-1: config 0 interface 0 altsetting 0 bulk endpoint 0xB has invalid maxpacket 0
[  113.644839][   T10] usb 5-1: New USB device found, idVendor=2294, idProduct=425a, bcdDevice=d1.41
[  113.804971][   T10] usb 5-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  114.188105][   T10] usb 5-1: Product: syz
[  114.199617][   T10] usb 5-1: Manufacturer: syz
[  114.228332][   T10] usb 5-1: SerialNumber: syz
[  114.260960][   T10] usb 5-1: config 0 descriptor??
[  114.536486][   T10] usb 5-1: ucan: probing device on interface #0
[  114.563185][   T10] usb 5-1: ucan: invalid endpoint configuration
[  114.572232][   T10] usb 5-1: ucan: probe failed; try to update the device firmware
[  115.163396][   T10] usb 5-1: USB disconnect, device number 2
[  115.393365][ T6085] Bluetooth: hci1: Opcode 0x0c1a failed: -4
[  115.421409][ T6085] Bluetooth: hci1: Error when powering off device on rfkill (-4)
[  115.434146][ T6085] Bluetooth: hci2: Opcode 0x0c1a failed: -4
[  115.499556][ T6085] Bluetooth: hci2: Error when powering off device on rfkill (-4)
[  115.572147][ T6085] Bluetooth: hci3: Opcode 0x0c1a failed: -4
[  115.621839][ T6085] Bluetooth: hci3: Error when powering off device on rfkill (-4)
[  116.291241][ T6085] Bluetooth: hci4: Opcode 0x0c1a failed: -4
[  116.297566][ T6085] Bluetooth: hci4: Error when powering off device on rfkill (-4)
[  120.462634][ T6116] overlay: Unknown parameter '\eiserfs'
[  123.008242][ T6137] iommufd_mock iommufd_mock0: Adding to iommu group 0
[  123.104802][ T6137] netlink: 20 bytes leftover after parsing attributes in process `syz.2.50'.
[  125.866074][ T6157] syz_tun: entered allmulticast mode
[  125.934576][ T6157] overlayfs: fs on './file0' does not support file handles, falling back to index=off,nfs_export=off.
[  126.040638][ T6153] loop9: detected capacity change from 0 to 7
[  126.042743][ T6153] Buffer I/O error on dev loop9, logical block 0, async page read
[  126.042833][ T6153] Buffer I/O error on dev loop9, logical block 0, async page read
[  126.042899][ T6153] Buffer I/O error on dev loop9, logical block 0, async page read
[  126.042990][ T6153] Buffer I/O error on dev loop9, logical block 0, async page read
[  126.043064][ T6153] Buffer I/O error on dev loop9, logical block 0, async page read
[  126.043492][ T6153] Buffer I/O error on dev loop9, logical block 0, async page read
[  126.043566][ T6153] Buffer I/O error on dev loop9, logical block 0, async page read
[  126.043611][ T6153] ldm_validate_partition_table(): Disk read failed.
[  126.043640][ T6153] Buffer I/O error on dev loop9, logical block 0, async page read
[  126.043702][ T6153] Buffer I/O error on dev loop9, logical block 0, async page read
[  126.043767][ T6153] Buffer I/O error on dev loop9, logical block 0, async page read
[  126.043898][ T6153] Dev loop9: unable to read RDB block 0
[  126.044123][ T6153]  loop9: unable to read partition table
[  126.044257][ T6153] loop9: partition table beyond EOD, truncated
[  126.044270][ T6153] loop_reread_partitions: partition scan of loop9 (�被x������ڬ��dG�����ݡ�����
[  126.044270][ T6153] 
) failed (rc=-5)
[  126.085817][ T6154] syz_tun: left allmulticast mode
[  127.382143][ T6170] tipc: Started in network mode
[  127.382180][ T6170] tipc: Node identity 1e0afc034b5c, cluster identity 4711
[  127.382321][ T6170] tipc: Enabled bearer <eth:syzkaller0>, priority 0
[  127.382882][ T6170] syzkaller0: entered promiscuous mode
[  127.382896][ T6170] syzkaller0: entered allmulticast mode
[  127.427126][ T6170] tipc: Resetting bearer <eth:syzkaller0>
[  127.479320][ T6167] tipc: Resetting bearer <eth:syzkaller0>
[  127.511951][ T6167] tipc: Disabling bearer <eth:syzkaller0>
[  127.676036][ T6162] tty tty25: ldisc open failed (-12), clearing slot 24
[  127.859932][ T5924] usb 2-1: new high-speed USB device number 2 using dummy_hcd
[  128.069985][ T5924] usb 2-1: Using ep0 maxpacket: 8
[  128.250713][ T5924] usb 2-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config
[  128.289013][ T5924] usb 2-1: New USB device found, idVendor=0421, idProduct=798f, bcdDevice=86.54
[  128.329702][ T5924] usb 2-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  128.337760][ T5924] usb 2-1: Product: syz
[  128.392791][ T5924] usb 2-1: Manufacturer: syz
[  128.397542][ T5924] usb 2-1: SerialNumber: syz
[  129.171292][ T5924] usb 2-1: config 0 descriptor??
[  129.192671][ T5924] cdc_phonet 2-1:0.0: skipping garbage
[  129.230231][ T5924] cdc_phonet 2-1:0.0: invalid descriptor buffer length
[  129.255993][ T5924] cdc_phonet 2-1:0.0: probe with driver cdc_phonet failed with error -22
[  129.350099][ T6187] UDPLite6: UDP-Lite is deprecated and scheduled to be removed in 2025, please contact the netdev mailing list
[  129.411452][ T5924] usb 2-1: USB disconnect, device number 2
[  129.570477][   T10] usb 5-1: new high-speed USB device number 3 using dummy_hcd
[  129.658809][ T6193] random: crng reseeded on system resumption
[  129.741216][ T6196] netlink: 4 bytes leftover after parsing attributes in process `syz.1.63'.
[  129.779676][   T10] usb 5-1: Using ep0 maxpacket: 32
[  129.792979][   T10] usb 5-1: config 0 interface 0 has no altsetting 0
[  129.821428][   T10] usb 5-1: New USB device found, idVendor=16d0, idProduct=10b8, bcdDevice=de.8e
[  129.839805][   T10] usb 5-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  129.866520][ T6196] netlink: 4 bytes leftover after parsing attributes in process `syz.1.63'.
[  129.876747][   T10] usb 5-1: Product: syz
[  129.893649][   T10] usb 5-1: Manufacturer: syz
[  129.898385][   T10] usb 5-1: SerialNumber: syz
[  129.930702][   T10] usb 5-1: config 0 descriptor??
[  130.133746][ T6200] netlink: 20 bytes leftover after parsing attributes in process `syz.3.66'.
[  130.246345][ T6189] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy
[  130.309731][ T6204] netlink: 14 bytes leftover after parsing attributes in process `syz.0.67'.
[  130.402492][ T6189] misc raw-gadget: fail, usb_gadget_register_driver returned -16
[  130.640994][ T6200] netlink: 20 bytes leftover after parsing attributes in process `syz.3.66'.
[  130.992528][ T6204] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface
[  131.048974][ T6204] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface
[  131.062104][ T6204] bond0 (unregistering): Released all slaves
[  131.347749][ T6200] syz.3.66 (6200) used greatest stack depth: 19824 bytes left
[  131.371544][ T6207] ipvlan0: entered allmulticast mode
[  131.377997][ T6207] veth0_vlan: entered allmulticast mode
[  131.881518][   T10] gs_usb 5-1:0.0: Couldn't get device config: (err=-110)
[  131.974112][   T10] gs_usb 5-1:0.0: probe with driver gs_usb failed with error -110
[  132.439905][ T6223] syz.3.71 uses obsolete (PF_INET,SOCK_PACKET)
[  132.802917][ T6228] Cannot find del_set index 0 as target
[  132.958588][ T6228] UDPLite: UDP-Lite is deprecated and scheduled to be removed in 2025, please contact the netdev mailing list
[  132.999132][ T1299] ieee802154 phy0 wpan0: encryption failed: -22
[  133.015172][ T1299] ieee802154 phy1 wpan1: encryption failed: -22
[  133.061247][ T6228] x_tables: ip_tables: rpfilter match: used from hooks OUTPUT, but only valid from PREROUTING
[  133.301783][ T6222] ISOFS: Unable to identify CD-ROM format.
[  134.741629][   T24] usb 4-1: new high-speed USB device number 4 using dummy_hcd
[  134.899911][   T24] usb 4-1: device descriptor read/64, error -71
[  135.023137][   T10] usb 5-1: USB disconnect, device number 3
[  135.180169][   T24] usb 4-1: new high-speed USB device number 5 using dummy_hcd
[  135.319836][   T24] usb 4-1: device descriptor read/64, error -71
[  135.400036][ T5896] usb 3-1: new high-speed USB device number 3 using dummy_hcd
[  135.430263][   T24] usb usb4-port1: attempt power cycle
[  135.559818][ T5896] usb 3-1: Using ep0 maxpacket: 32
[  135.576329][ T5896] usb 3-1: config 0 has an invalid interface number: 6 but max is 0
[  135.586644][ T6249] random: crng reseeded on system resumption
[  135.589395][ T5896] usb 3-1: config 0 has no interface number 0
[  135.611676][ T6249] netlink: 4 bytes leftover after parsing attributes in process `syz.4.79'.
[  135.620699][ T5896] usb 3-1: config 0 interface 6 has no altsetting 0
[  135.623185][ T5896] usb 3-1: New USB device found, idVendor=b633, idProduct=571a, bcdDevice=7f.a6
[  135.658930][ T5896] usb 3-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  135.670877][ T5896] usb 3-1: Product: syz
[  135.675095][ T5896] usb 3-1: Manufacturer: syz
[  135.687162][ T5896] usb 3-1: SerialNumber: syz
[  135.700800][ T5896] usb 3-1: config 0 descriptor??
[  135.721619][ T5896] usb-storage 3-1:0.6: USB Mass Storage device detected
[  135.749645][   T10] usb 1-1: new high-speed USB device number 3 using dummy_hcd
[  135.769582][   T24] usb 4-1: new high-speed USB device number 6 using dummy_hcd
[  135.804168][   T24] usb 4-1: device descriptor read/8, error -71
[  135.934098][ T5896] usb 3-1: USB disconnect, device number 3
[  135.939893][   T10] usb 1-1: Using ep0 maxpacket: 32
[  135.954512][   T10] usb 1-1: unable to get BOS descriptor or descriptor too short
[  135.982617][   T10] usb 1-1: config 0 has no interfaces?
[  136.090183][ T6262] netlink: 188 bytes leftover after parsing attributes in process `syz.4.82'.
[  136.661747][   T24] usb 4-1: new high-speed USB device number 7 using dummy_hcd
[  136.680235][   T10] usb 1-1: New USB device found, idVendor=1d6b, idProduct=0101, bcdDevice= 0.40
[  136.739574][   T10] usb 1-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  136.783717][   T10] usb 1-1: Product: syz
[  136.787912][   T10] usb 1-1: Manufacturer: syz
[  136.815730][   T10] usb 1-1: SerialNumber: syz
[  136.850808][   T10] usb 1-1: config 0 descriptor??
[  136.939523][   T24] usb 4-1: device not accepting address 7, error -71
[  136.970011][   T24] usb usb4-port1: unable to enumerate USB device
[  137.013900][ T6272] netlink: 'syz.1.85': attribute type 10 has an invalid length.
[  137.058832][ T6272] bridge0: port 2(bridge_slave_1) entered disabled state
[  137.067904][ T6272] bridge0: port 1(bridge_slave_0) entered disabled state
[  137.070340][ T6247] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy
[  137.084380][ T6272] bridge0: port 2(bridge_slave_1) entered blocking state
[  137.091874][ T6272] bridge0: port 2(bridge_slave_1) entered forwarding state
[  137.100699][ T6272] bridge0: port 1(bridge_slave_0) entered blocking state
[  137.107952][ T6272] bridge0: port 1(bridge_slave_0) entered forwarding state
[  137.162435][ T6247] misc raw-gadget: fail, usb_gadget_register_driver returned -16
[  137.181642][ T6272] bond0: (slave bridge0): Enslaving as an active interface with an up link
[  137.212716][   T10] usb 1-1: USB disconnect, device number 3
[  137.608360][ T5896] usb 3-1: new high-speed USB device number 4 using dummy_hcd
[  137.667516][ T6289] binder: 6288:6289 unknown command 0
[  137.721303][ T6289] binder: 6288:6289 ioctl c0306201 200000000080 returned -22
[  137.752965][ T6289] binder: BINDER_SET_CONTEXT_MGR already set
[  137.779758][ T6289] binder: 6288:6289 ioctl 4018620d 200000000040 returned -16
[  137.808105][ T6289] binder: 6288:6289 ioctl c0306201 2000000003c0 returned -22
[  137.816055][ T5896] usb 3-1: Using ep0 maxpacket: 32
[  137.833001][ T5896] usb 3-1: config 0 interface 0 has no altsetting 0
[  137.864052][ T5896] usb 3-1: New USB device found, idVendor=16d0, idProduct=10b8, bcdDevice=de.8e
[  137.884008][ T5896] usb 3-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  137.908576][ T5896] usb 3-1: Product: syz
[  137.914349][ T5896] usb 3-1: Manufacturer: syz
[  137.919166][ T5896] usb 3-1: SerialNumber: syz
[  137.931303][ T5896] usb 3-1: config 0 descriptor??
[  138.045043][   T10] usb 1-1: new high-speed USB device number 4 using dummy_hcd
[  138.170699][ T6276] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy
[  138.211025][ T6276] misc raw-gadget: fail, usb_gadget_register_driver returned -16
[  138.370604][ T6297] netlink: 72 bytes leftover after parsing attributes in process `syz.3.92'.
[  138.393004][ T6297] syz.3.92: attempt to access beyond end of device
[  138.393004][ T6297] nbd3: rw=0, sector=64, nr_sectors = 8 limit=0
[  138.406159][ T6297] syz.3.92: attempt to access beyond end of device
[  138.406159][ T6297] nbd3: rw=0, sector=120, nr_sectors = 8 limit=0
[  138.439613][   T10] usb 1-1: Using ep0 maxpacket: 16
[  138.502914][ T6301] syz_tun: entered allmulticast mode
[  138.567614][ T6301] dvmrp1: entered allmulticast mode
[  138.706660][ T6301] overlayfs: fs on './file0' does not support file handles, falling back to index=off,nfs_export=off.
[  139.281820][ T6294] syz_tun: left allmulticast mode
[  139.320292][ T5896] gs_usb 3-1:0.0: Couldn't get device config: (err=-110)
[  139.327480][ T5896] gs_usb 3-1:0.0: probe with driver gs_usb failed with error -110
[  139.518099][ T6297] Mount JFS Failure: -5
[  139.542156][   T10] usb 1-1: unable to read config index 0 descriptor/start: -71
[  139.589865][   T10] usb 1-1: can't read configurations, error -71
[  140.008392][ T6310] syz_tun: entered allmulticast mode
[  140.059521][ T6310] dvmrp1: entered allmulticast mode
[  140.166859][ T6310] overlayfs: fs on './file0' does not support file handles, falling back to index=off,nfs_export=off.
[  140.623066][ T6305] syz_tun: left allmulticast mode
[  143.930464][ T5896] usb 3-1: USB disconnect, device number 4
[  144.231371][ T6350] trusted_key: encrypted_key: insufficient parameters specified
[  144.265857][ T6350] overlayfs: missing 'lowerdir'
[  144.316981][ T6354] random: crng reseeded on system resumption
[  144.381280][ T6354] netlink: 4 bytes leftover after parsing attributes in process `syz.0.109'.
[  145.318120][ T6365] netlink: 72 bytes leftover after parsing attributes in process `syz.1.111'.
[  145.357439][ T6365] syz.1.111: attempt to access beyond end of device
[  145.357439][ T6365] nbd1: rw=0, sector=64, nr_sectors = 8 limit=0
[  145.371335][ T6365] syz.1.111: attempt to access beyond end of device
[  145.371335][ T6365] nbd1: rw=0, sector=120, nr_sectors = 8 limit=0
[  145.386294][ T6365] Mount JFS Failure: -5
[  146.016393][ T6375] netlink: 12 bytes leftover after parsing attributes in process `syz.3.115'.
[  146.091875][ T6382] PKCS7: Unknown OID: [4] 0.0
[  146.098421][ T6382] PKCS7: Only support pkcs7_signedData type
[  146.108473][ T6385] netlink: 'syz.1.116': attribute type 10 has an invalid length.
[  146.119907][ T6375] netlink: 31 bytes leftover after parsing attributes in process `syz.3.115'.
[  146.153899][ T6385] bridge0: port 2(bridge_slave_1) entered disabled state
[  146.161461][ T6385] bridge0: port 1(bridge_slave_0) entered disabled state
[  146.176695][ T6375] netlink: 'syz.3.115': attribute type 3 has an invalid length.
[  146.186856][ T6375] netlink: 'syz.3.115': attribute type 2 has an invalid length.
[  146.234304][ T6375] netlink: 31 bytes leftover after parsing attributes in process `syz.3.115'.
[  147.485663][ T6402] netlink: 4 bytes leftover after parsing attributes in process `syz.2.123'.
[  147.562653][ T6407] netlink: 4 bytes leftover after parsing attributes in process `syz.2.123'.
[  147.669726][ T5941] usb 1-1: new full-speed USB device number 6 using dummy_hcd
[  147.913569][ T5941] usb 1-1: New USB device found, idVendor=0bed, idProduct=1100, bcdDevice=ec.c3
[  147.960278][ T5941] usb 1-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  148.071872][ T5941] usb 1-1: config 0 descriptor??
[  148.158342][ T5941] cp210x 1-1:0.0: cp210x converter detected
[  148.476184][ T6416] veth0_macvtap: left promiscuous mode
[  148.577811][ T5941] usb 1-1: cp210x converter now attached to ttyUSB0
[  148.905606][ T6430] netlink: 188 bytes leftover after parsing attributes in process `syz.2.130'.
[  149.884316][   T24] usb 1-1: USB disconnect, device number 6
[  149.928809][   T24] cp210x ttyUSB0: cp210x converter now disconnected from ttyUSB0
[  150.041116][   T24] cp210x 1-1:0.0: device disconnected
[  151.424550][ T6460] tipc: Started in network mode
[  151.443862][ T6460] tipc: Node identity e26068b7261f, cluster identity 4711
[  151.481177][ T6460] tipc: Enabled bearer <eth:syzkaller0>, priority 0
[  151.497622][ T6451] syzkaller0: entered promiscuous mode
[  151.503743][ T6462] netlink: 4 bytes leftover after parsing attributes in process `syz.3.138'.
[  151.512707][ T6451] syzkaller0: entered allmulticast mode
[  151.564423][ T6450] tipc: Resetting bearer <eth:syzkaller0>
[  151.578164][ T6466] netlink: 4 bytes leftover after parsing attributes in process `syz.3.138'.
[  151.621319][ T6467] netlink: 'syz.4.140': attribute type 10 has an invalid length.
[  151.670981][ T6450] tipc: Disabling bearer <eth:syzkaller0>
[  151.907814][ T6467] bridge0: port 2(bridge_slave_1) entered disabled state
[  151.915378][ T6467] bridge0: port 1(bridge_slave_0) entered disabled state
[  151.943491][ T6467] bridge0: port 2(bridge_slave_1) entered blocking state
[  151.951114][ T6467] bridge0: port 2(bridge_slave_1) entered forwarding state
[  151.959348][ T6467] bridge0: port 1(bridge_slave_0) entered blocking state
[  151.967414][ T6467] bridge0: port 1(bridge_slave_0) entered forwarding state
[  152.007479][ T6467] bond0: (slave bridge0): Enslaving as an active interface with an up link
[  153.691640][ T6492] syz.4.146: attempt to access beyond end of device
[  153.691640][ T6492] nbd4: rw=0, sector=64, nr_sectors = 8 limit=0
[  153.693032][ T6492] syz.4.146: attempt to access beyond end of device
[  153.693032][ T6492] nbd4: rw=0, sector=120, nr_sectors = 8 limit=0
[  153.693346][ T6492] Mount JFS Failure: -5
[  153.952432][ T6491] netlink: 72 bytes leftover after parsing attributes in process `syz.4.146'.
[  154.009363][ T6495] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy
[  154.012671][ T6495] misc raw-gadget: fail, usb_gadget_register_driver returned -16
[  154.045196][   T30] kauditd_printk_skb: 26 callbacks suppressed
[  154.045215][   T30] audit: type=1326 audit(1754771238.722:38): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=6490 comm="syz.0.147" exe="/root/syz-executor" sig=9 arch=c000003e syscall=231 compat=0 ip=0x7fca8f78ebe9 code=0x0
[  154.045262][   T30] audit: type=1326 audit(1754771238.722:39): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=6490 comm="syz.0.147" exe="/root/syz-executor" sig=9 arch=c000003e syscall=231 compat=0 ip=0x7fca8f78ebe9 code=0x0
[  154.249591][   T43] usb 1-1: new full-speed USB device number 7 using dummy_hcd
[  154.798929][ T6505] syz.4.150: attempt to access beyond end of device
[  154.798929][ T6505] nbd4: rw=0, sector=64, nr_sectors = 8 limit=0
[  154.938770][ T6501] kvm_intel: set kvm_intel.dump_invalid_vmcs=1 to dump internal KVM state.
[  154.950689][ T6505] syz.4.150: attempt to access beyond end of device
[  154.950689][ T6505] nbd4: rw=0, sector=120, nr_sectors = 8 limit=0
[  155.020890][ T6505] Mount JFS Failure: -5
[  155.025539][ T6503] overlayfs: failed to resolve './file0': -2
[  156.196673][   T43] usb 1-1: new high-speed USB device number 8 using dummy_hcd
[  156.278722][ T6522] netlink: 'syz.4.154': attribute type 10 has an invalid length.
[  156.342891][ T6530] netlink: 'syz.1.157': attribute type 10 has an invalid length.
[  156.372138][   T43] usb 1-1: Using ep0 maxpacket: 16
[  156.384692][   T43] usb 1-1: config 1 has an invalid descriptor of length 0, skipping remainder of the config
[  156.416438][   T43] usb 1-1: New USB device found, idVendor=0525, idProduct=a4a1, bcdDevice= 0.40
[  156.539953][   T43] usb 1-1: New USB device strings: Mfr=0, Product=0, SerialNumber=1
[  156.565697][ T6534] qnx6: wrong signature (magic) at position (0x2000) - will try alternative position (0x0000).
[  156.584844][ T6534] qnx6: wrong signature (magic) in superblock #1.
[  156.591853][ T6534] qnx6: unable to read the first superblock
[  156.660607][   T43] usb 1-1: SerialNumber: syz
[  156.941976][   T43] hub 1-1:1.0: bad descriptor, ignoring hub
[  157.003681][   T43] hub 1-1:1.0: probe with driver hub failed with error -5
[  157.026020][ T6522] bond0: (slave netdevsim0): Enslaving as an active interface with an up link
[  157.400891][ T5969] usb 1-1: reset high-speed USB device number 8 using dummy_hcd
[  157.489659][   T10] usb 4-1: new high-speed USB device number 8 using dummy_hcd
[  157.759903][   T10] usb 4-1: Using ep0 maxpacket: 16
[  157.817747][ T6552] Cannot find del_set index 0 as target
[  157.938012][ T6552] x_tables: ip_tables: rpfilter match: used from hooks OUTPUT, but only valid from PREROUTING
[  158.131968][   T10] usb 4-1: config 0 has an invalid interface number: 126 but max is 0
[  158.134242][   T43] usb 1-1: USB disconnect, device number 8
[  158.154416][   T10] usb 4-1: config 0 has an invalid descriptor of length 108, skipping remainder of the config
[  158.197749][   T10] usb 4-1: config 0 has no interface number 0
[  158.260418][   T10] usb 4-1: config 0 interface 126 altsetting 0 has an endpoint descriptor with address 0xB7, changing to 0x87
[  158.298209][   T10] usb 4-1: config 0 interface 126 altsetting 0 endpoint 0x87 has invalid maxpacket 34328, setting to 1024
[  158.328121][   T10] usb 4-1: config 0 interface 126 altsetting 0 endpoint 0xA has invalid maxpacket 512, setting to 64
[  158.366439][   T10] usb 4-1: config 0 interface 126 altsetting 0 endpoint 0x4 has an invalid bInterval 47, changing to 7
[  158.415713][   T30] audit: type=1804 audit(1754771243.092:40): pid=6557 uid=0 auid=4294967295 ses=4294967295 subj=_ op=invalid_pcr cause=open_writers comm="syz.1.163" name="/newroot/33/file0" dev="tmpfs" ino=211 res=1 errno=0
[  158.439728][   T10] usb 4-1: config 0 interface 126 altsetting 0 endpoint 0x4 has invalid maxpacket 9728, setting to 1024
[  158.526339][   T10] usb 4-1: config 0 interface 126 altsetting 0 has 3 endpoint descriptors, different from the interface descriptor's value: 4
[  158.553828][   T10] usb 4-1: New USB device found, idVendor=0763, idProduct=1015, bcdDevice=56.88
[  158.603788][   T10] usb 4-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  158.668344][   T10] usb 4-1: config 0 descriptor??
[  158.690476][ T6541] raw-gadget.1 gadget.3: fail, usb_ep_enable returned -22
[  158.745833][   T10] usb 4-1: Quirk or no altset; falling back to MIDI 1.0
[  159.079086][ T5991] udevd[5991]: error opening ATTR{/sys/devices/platform/dummy_hcd.3/usb4/4-1/4-1:0.126/sound/card3/controlC3/../uevent} for writing: No such file or directory
[  159.198048][   T10] usb 4-1: USB disconnect, device number 8
[  160.736891][ T6578] mmap: syz.1.168 (6578) uses deprecated remap_file_pages() syscall. See Documentation/mm/remap_file_pages.rst.
[  161.114320][ T6581] netlink: 188 bytes leftover after parsing attributes in process `syz.4.170'.
[  161.320799][ T6584] netlink: 'syz.2.171': attribute type 10 has an invalid length.
[  161.760136][ T6584] bridge0: port 2(bridge_slave_1) entered disabled state
[  161.768048][ T6584] bridge0: port 1(bridge_slave_0) entered disabled state
[  161.793223][ T6585] iommufd_mock iommufd_mock0: Adding to iommu group 0
[  161.814902][ T6584] bridge0: port 2(bridge_slave_1) entered blocking state
[  161.822114][ T6584] bridge0: port 2(bridge_slave_1) entered forwarding state
[  161.829646][ T6584] bridge0: port 1(bridge_slave_0) entered blocking state
[  161.836759][ T6584] bridge0: port 1(bridge_slave_0) entered forwarding state
[  161.952216][ T6588] qnx6: wrong signature (magic) at position (0x2000) - will try alternative position (0x0000).
[  161.953930][ T6588] qnx6: wrong signature (magic) in superblock #1.
[  161.953973][ T6588] qnx6: unable to read the first superblock
[  162.068285][ T6584] bond0: (slave bridge0): Enslaving as an active interface with an up link
[  163.701335][ T6600] atomic_op ffff88802833d198 conn xmit_atomic 0000000000000000
[  164.522871][ T6602] netlink: 12 bytes leftover after parsing attributes in process `syz.1.175'.
[  164.562760][ T6602] IPv6: RTM_NEWROUTE with no NLM_F_CREATE or NLM_F_REPLACE
[  164.570202][ T6602] IPv6: NLM_F_CREATE should be set when creating new route
[  167.945733][ T6646] Cannot find del_set index 0 as target
[  168.084871][ T6646] x_tables: ip_tables: rpfilter match: used from hooks OUTPUT, but only valid from PREROUTING
[  169.409195][ T6656] team_slave_0: entered promiscuous mode
[  169.415301][ T6656] team_slave_1: entered promiscuous mode
[  169.546162][ T6656] vlan2: entered promiscuous mode
[  169.628814][ T6656] team0: entered promiscuous mode
[  170.027747][  T981] usb 1-1: new high-speed USB device number 9 using dummy_hcd
[  170.199565][  T981] usb 1-1: Using ep0 maxpacket: 8
[  170.224152][  T981] usb 1-1: config 0 has an invalid interface number: 58 but max is 0
[  170.249389][  T981] usb 1-1: config 0 has no interface number 0
[  170.275306][  T981] usb 1-1: config 0 interface 58 altsetting 0 endpoint 0x6 has invalid maxpacket 56166, setting to 64
[  170.362772][  T981] usb 1-1: config 0 interface 58 altsetting 0 endpoint 0x1 has invalid wMaxPacketSize 0
[  170.525732][ T6671] netlink: 'syz.2.192': attribute type 10 has an invalid length.
[  170.560320][  T981] usb 1-1: config 0 interface 58 altsetting 0 endpoint 0x8 has invalid wMaxPacketSize 0
[  170.577716][ T6670] netlink: 8 bytes leftover after parsing attributes in process `syz.1.191'.
[  170.724202][  T981] usb 1-1: config 0 interface 58 altsetting 0 endpoint 0x2 has invalid maxpacket 512, setting to 64
[  170.740071][ T6671] bridge0: port 2(bridge_slave_1) entered disabled state
[  170.747394][ T6671] bridge0: port 1(bridge_slave_0) entered disabled state
[  170.896469][  T981] usb 1-1: New USB device found, idVendor=05ac, idProduct=021c, bcdDevice=5c.24
[  170.907089][  T981] usb 1-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  170.967726][  T981] usb 1-1: Product: syz
[  171.172901][ T6672] qnx6: wrong signature (magic) at position (0x2000) - will try alternative position (0x0000).
[  171.192888][ T6672] qnx6: wrong signature (magic) in superblock #1.
[  171.201248][ T6672] qnx6: unable to read the first superblock
[  171.449027][  T981] usb 1-1: Manufacturer: syz
[  171.499583][  T981] usb 1-1: SerialNumber: syz
[  171.620627][ T6679] netlink: 72 bytes leftover after parsing attributes in process `syz.2.195'.
[  171.782055][ T6679] syz.2.195: attempt to access beyond end of device
[  171.782055][ T6679] nbd2: rw=0, sector=64, nr_sectors = 8 limit=0
[  171.796259][ T6679] syz.2.195: attempt to access beyond end of device
[  171.796259][ T6679] nbd2: rw=0, sector=120, nr_sectors = 8 limit=0
[  171.809551][ T6679] Mount JFS Failure: -5
[  171.919647][  T981] usb 1-1: config 0 descriptor??
[  172.490383][ T5896] usb 4-1: new full-speed USB device number 9 using dummy_hcd
[  172.492027][  T981] appletouch 1-1:0.58: Could not find int-in endpoint
[  172.534445][ T6693] netlink: 32 bytes leftover after parsing attributes in process `syz.2.198'.
[  172.715137][  T981] appletouch 1-1:0.58: probe with driver appletouch failed with error -5
[  172.725302][  T981] usbhid 1-1:0.58: couldn't find an input interrupt endpoint
[  172.795732][ T6696] netlink: 72 bytes leftover after parsing attributes in process `syz.1.197'.
[  172.820407][ T5896] usb 4-1: unable to get BOS descriptor or descriptor too short
[  172.830426][  T981] usb 1-1: USB disconnect, device number 9
[  172.893077][ T5896] usb 4-1: not running at top speed; connect to a high speed hub
[  172.994800][ T5896] usb 4-1: config 12 has an invalid interface number: 214 but max is 0
[  173.025530][ T6696] syz.1.197: attempt to access beyond end of device
[  173.025530][ T6696] nbd1: rw=0, sector=64, nr_sectors = 8 limit=0
[  173.040131][ T6696] syz.1.197: attempt to access beyond end of device
[  173.040131][ T6696] nbd1: rw=0, sector=120, nr_sectors = 8 limit=0
[  173.054182][ T6696] Mount JFS Failure: -5
[  173.370910][ T6698] workqueue: Failed to create a rescuer kthread for wq "nfc2_nci_rx_wq": -EINTR
[  173.412172][ T5896] usb 4-1: config 12 has no interface number 0
[  173.509529][ T5896] usb 4-1: config 12 interface 214 has no altsetting 0
[  173.538444][ T5896] usb 4-1: New USB device found, idVendor=0711, idProduct=0179, bcdDevice=a7.6d
[  173.829703][ T5896] usb 4-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  173.837778][ T5896] usb 4-1: Product: syz
[  173.871098][ T5896] usb 4-1: Manufacturer: syz
[  173.905420][ T5896] usb 4-1: SerialNumber: syz
[  173.996186][ T6715] netlink: 20 bytes leftover after parsing attributes in process `syz.1.204'.
[  174.508376][ T6686] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy
[  174.626810][ T6686] misc raw-gadget: fail, usb_gadget_register_driver returned -16
[  176.324437][ T5896] ax88179_178a 4-1:12.214: probe with driver ax88179_178a failed with error -22
[  176.359417][ T5896] usb 4-1: USB disconnect, device number 9
[  176.397607][ T6726] netlink: 56 bytes leftover after parsing attributes in process `syz.0.208'.
[  177.325369][ T6738] netlink: 72 bytes leftover after parsing attributes in process `syz.1.209'.
[  177.402017][ T6738] syz.1.209: attempt to access beyond end of device
[  177.402017][ T6738] nbd1: rw=0, sector=64, nr_sectors = 8 limit=0
[  177.440779][ T6738] syz.1.209: attempt to access beyond end of device
[  177.440779][ T6738] nbd1: rw=0, sector=120, nr_sectors = 8 limit=0
[  177.454418][ T6738] Mount JFS Failure: -5
[  177.758620][ T6739] workqueue: Failed to create a rescuer kthread for wq "nfc2_nci_cmd_wq": -EINTR
[  177.952495][ T6743] syz.4.207: attempt to access beyond end of device
[  177.952495][ T6743] nbd4: rw=0, sector=64, nr_sectors = 8 limit=0
[  177.978020][ T6743] syz.4.207: attempt to access beyond end of device
[  177.978020][ T6743] nbd4: rw=0, sector=120, nr_sectors = 8 limit=0
[  177.992136][ T6743] Mount JFS Failure: -5
[  178.283417][    C1] wlan0: beacon TX faster than countdown (channel/color switch) completion
[  178.419793][ T6743] workqueue: Failed to create a rescuer kthread for wq "nfc2_nci_cmd_wq": -EINTR
[  178.709833][   T43] usb 3-1: new high-speed USB device number 5 using dummy_hcd
[  178.971371][ T6760] random: crng reseeded on system resumption
[  179.119701][  T981] usb 2-1: new high-speed USB device number 3 using dummy_hcd
[  179.310196][  T981] usb 2-1: Using ep0 maxpacket: 16
[  179.750098][   T43] usb 3-1: Using ep0 maxpacket: 32
[  179.825716][   T43] usb 3-1: config 0 interface 0 has no altsetting 0
[  179.904655][   T43] usb 3-1: New USB device found, idVendor=16d0, idProduct=10b8, bcdDevice=de.8e
[  179.958227][   T43] usb 3-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  179.997485][   T43] usb 3-1: Product: syz
[  180.020327][   T43] usb 3-1: Manufacturer: syz
[  180.054209][   T43] usb 3-1: SerialNumber: syz
[  180.188159][   T43] usb 3-1: config 0 descriptor??
[  180.287769][  T981] usb 2-1: config 0 interface 0 altsetting 0 endpoint 0x83 has invalid wMaxPacketSize 0
[  181.561526][  T981] usb 2-1: New USB device found, idVendor=134c, idProduct=0002, bcdDevice=ec.7e
[  181.571305][  T981] usb 2-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  181.580187][  T981] usb 2-1: Product: syz
[  181.585327][  T981] usb 2-1: Manufacturer: syz
[  181.590876][  T981] usb 2-1: SerialNumber: syz
[  181.605651][  T981] usb 2-1: config 0 descriptor??
[  181.622140][  T981] hub 2-1:0.0: bad descriptor, ignoring hub
[  181.628281][  T981] hub 2-1:0.0: probe with driver hub failed with error -5
[  181.651683][  T981] input: syz syz as /devices/platform/dummy_hcd.1/usb2/2-1/2-1:0.0/input/input7
[  181.800050][   T43] gs_usb 3-1:0.0: Couldn't get device config: (err=-110)
[  181.807406][   T43] gs_usb 3-1:0.0: probe with driver gs_usb failed with error -110
[  182.591713][   T10] usb 3-1: USB disconnect, device number 5
[  182.679838][   T43] usb 2-1: USB disconnect, device number 3
[  182.979523][ T6778] netlink: 8 bytes leftover after parsing attributes in process `syz.4.221'.
[  183.488061][ T6780] netlink: 188 bytes leftover after parsing attributes in process `syz.1.222'.
[  186.050821][ T5941] usb 4-1: new high-speed USB device number 10 using dummy_hcd
[  186.479292][ T5941] usb 4-1: New USB device found, idVendor=2c7c, idProduct=030e, bcdDevice=81.28
[  186.525175][ T5941] usb 4-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  186.564383][ T5941] usb 4-1: Product: syz
[  186.617477][ T5941] usb 4-1: Manufacturer: syz
[  186.629800][ T5941] usb 4-1: SerialNumber: syz
[  186.656867][ T5941] usb 4-1: config 0 descriptor??
[  186.689261][ T5941] option 4-1:0.0: GSM modem (1-port) converter detected
[  186.697818][ T6810] netlink: 4 bytes leftover after parsing attributes in process `syz.0.231'.
[  186.786778][ T6810] netlink: 4 bytes leftover after parsing attributes in process `syz.0.231'.
[  186.873188][   T10] usb 4-1: USB disconnect, device number 10
[  186.911580][   T10] option 4-1:0.0: device disconnected
[  187.111296][ T5969] usb 3-1: new high-speed USB device number 6 using dummy_hcd
[  187.497487][ T5969] usb 3-1: unable to read config index 0 descriptor/start: -61
[  187.529656][ T5969] usb 3-1: can't read configurations, error -61
[  187.544734][   T43] usb 2-1: new high-speed USB device number 4 using dummy_hcd
[  187.680697][ T5969] usb 3-1: new high-speed USB device number 7 using dummy_hcd
[  187.731906][   T43] usb 2-1: Using ep0 maxpacket: 32
[  187.738983][   T43] usb 2-1: config 0 interface 0 has no altsetting 0
[  187.753471][   T43] usb 2-1: New USB device found, idVendor=16d0, idProduct=10b8, bcdDevice=de.8e
[  187.794225][   T43] usb 2-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  187.837442][   T43] usb 2-1: Product: syz
[  187.958405][ T5969] usb 3-1: unable to read config index 0 descriptor/start: -61
[  187.958435][ T5969] usb 3-1: can't read configurations, error -61
[  187.958658][ T5969] usb usb3-port1: attempt power cycle
[  188.056015][   T43] usb 2-1: Manufacturer: syz
[  188.056117][   T43] usb 2-1: SerialNumber: syz
[  188.105198][   T43] usb 2-1: config 0 descriptor??
[  188.509577][ T5969] usb 3-1: new high-speed USB device number 8 using dummy_hcd
[  188.567239][ T5969] usb 3-1: unable to read config index 0 descriptor/start: -61
[  188.567285][ T5969] usb 3-1: can't read configurations, error -61
[  188.575459][ T6835] netlink: 'syz.3.239': attribute type 10 has an invalid length.
[  188.575882][ T6835] bridge0: port 2(bridge_slave_1) entered disabled state
[  188.577122][ T6835] bridge0: port 1(bridge_slave_0) entered disabled state
[  188.596177][ T6835] bridge0: port 2(bridge_slave_1) entered blocking state
[  188.596263][ T6835] bridge0: port 2(bridge_slave_1) entered forwarding state
[  188.596499][ T6835] bridge0: port 1(bridge_slave_0) entered blocking state
[  188.596579][ T6835] bridge0: port 1(bridge_slave_0) entered forwarding state
[  188.601990][ T6835] bond0: (slave bridge0): Enslaving as an active interface with an up link
[  188.690571][ T5969] usb 3-1: new high-speed USB device number 9 using dummy_hcd
[  188.709578][ T6836] qnx6: wrong signature (magic) at position (0x2000) - will try alternative position (0x0000).
[  188.710223][ T6836] qnx6: wrong signature (magic) in superblock #1.
[  188.710235][ T6836] qnx6: unable to read the first superblock
[  189.113040][ T5969] usb 3-1: unable to read config index 0 descriptor/start: -61
[  189.114626][ T5969] usb 3-1: can't read configurations, error -61
[  189.328684][ T5969] usb usb3-port1: unable to enumerate USB device
[  189.555215][   T43] gs_usb 2-1:0.0: Couldn't get device config: (err=-110)
[  189.555399][   T43] gs_usb 2-1:0.0: probe with driver gs_usb failed with error -110
[  189.966553][ T6839] netlink: 'syz.3.240': attribute type 10 has an invalid length.
[  189.974639][ T6839] bridge0: port 2(bridge_slave_1) entered disabled state
[  189.981838][ T6839] bridge0: port 1(bridge_slave_0) entered disabled state
[  190.135626][ T6841] qnx6: wrong signature (magic) at position (0x2000) - will try alternative position (0x0000).
[  190.153395][ T6841] qnx6: wrong signature (magic) in superblock #1.
[  190.160135][ T6841] qnx6: unable to read the first superblock
[  190.682722][ T5969] usb 2-1: USB disconnect, device number 4
[  190.774884][ T6843] ptrace attach of "./syz-executor exec"[5839] was attempted by ""[6843]
[  191.068078][ T6851] capability: warning: `syz.2.243' uses deprecated v2 capabilities in a way that may be insecure
[  191.128585][ T6851] capability: warning: `syz.2.243' uses 32-bit capabilities (legacy support in use)
[  192.911085][ T6867] tipc: Started in network mode
[  192.951427][ T6867] tipc: Node identity 0ec93de3f8f, cluster identity 4711
[  193.047541][ T6867] tipc: Enabled bearer <eth:syzkaller0>, priority 0
[  193.147622][ T6873] syzkaller0: entered promiscuous mode
[  193.149990][ T6875] netlink: 'syz.2.250': attribute type 10 has an invalid length.
[  193.153416][ T6873] syzkaller0: entered allmulticast mode
[  193.228617][ T6876] tipc: Enabled bearer <eth:vlan0>, priority 10
[  193.325322][ T6867] tipc: Resetting bearer <eth:syzkaller0>
[  193.339692][ T6866] tipc: Resetting bearer <eth:syzkaller0>
[  193.424104][ T6878] qnx6: wrong signature (magic) at position (0x2000) - will try alternative position (0x0000).
[  193.436552][ T6878] qnx6: wrong signature (magic) in superblock #1.
[  193.445196][ T6878] qnx6: unable to read the first superblock
[  193.839004][ T6866] tipc: Disabling bearer <eth:syzkaller0>
[  193.859606][   T24] usb 1-1: new high-speed USB device number 10 using dummy_hcd
[  194.066482][   T24] usb 1-1: config 1 has an invalid descriptor of length 0, skipping remainder of the config
[  194.081819][   T24] usb 1-1: config 1 has 1 interface, different from the descriptor's value: 3
[  194.173299][   T24] usb 1-1: New USB device found, idVendor=08b7, idProduct=0000, bcdDevice= 0.00
[  194.197591][   T24] usb 1-1: New USB device strings: Mfr=0, Product=0, SerialNumber=3
[  194.222955][   T24] usb 1-1: SerialNumber: syz
[  194.223393][ T5969] tipc: Node number set to 3296684215
[  194.229560][   T43] usb 3-1: new high-speed USB device number 10 using dummy_hcd
[  194.370695][ T1299] ieee802154 phy0 wpan0: encryption failed: -22
[  194.382936][ T1299] ieee802154 phy1 wpan1: encryption failed: -22
[  194.499602][   T43] usb 3-1: Using ep0 maxpacket: 32
[  194.552629][   T43] usb 3-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config
[  194.699558][   T43] usb 3-1: New USB device found, idVendor=22b8, idProduct=6027, bcdDevice=c2.80
[  194.766813][   T24] usb 1-1: 0:2 : does not exist
[  194.799600][   T43] usb 3-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  194.811500][   T43] usb 3-1: Product: syz
[  194.816581][   T24] usb 1-1: unit 5: unexpected type 0x03
[  194.825358][   T43] usb 3-1: Manufacturer: syz
[  194.850083][   T43] usb 3-1: SerialNumber: syz
[  194.891687][   T43] usb 3-1: config 0 descriptor??
[  194.916570][   T43] usb 3-1: bad CDC descriptors
[  194.923716][   T24] usb 1-1: USB disconnect, device number 10
[  194.952296][   T43] usb 3-1: unsupported MDLM descriptors
[  194.992465][ T6894] loop6: detected capacity change from 0 to 524288000
[  195.031801][ T5991] udevd[5991]: error opening ATTR{/sys/devices/platform/dummy_hcd.0/usb1/1-1/1-1:1.0/sound/card3/controlC3/../uevent} for writing: No such file or directory
[  195.103636][ T6894] buffer_io_error: 9 callbacks suppressed
[  195.103698][ T6894] Buffer I/O error on dev loop6, logical block 0, async page read
[  195.137825][   T43] usb 3-1: USB disconnect, device number 10
[  195.193395][ T6894] Buffer I/O error on dev loop6, logical block 0, async page read
[  195.193521][ T6894] Buffer I/O error on dev loop6, logical block 0, async page read
[  195.193642][ T6894] Buffer I/O error on dev loop6, logical block 0, async page read
[  195.193755][ T6894] Buffer I/O error on dev loop6, logical block 0, async page read
[  195.193885][ T6894] Buffer I/O error on dev loop6, logical block 0, async page read
[  195.194021][ T6894] Buffer I/O error on dev loop6, logical block 0, async page read
[  195.194135][ T6894] Buffer I/O error on dev loop6, logical block 0, async page read
[  195.194223][ T6894] ldm_validate_partition_table(): Disk read failed.
[  195.194272][ T6894] Buffer I/O error on dev loop6, logical block 0, async page read
[  195.194379][ T6894] Buffer I/O error on dev loop6, logical block 0, async page read
[  195.194643][ T6894] Dev loop6: unable to read RDB block 0
[  195.195208][ T6894]  loop6: unable to read partition table
[  195.195467][ T6894] loop_reread_partitions: partition scan of loop6 (3��x��C) failed (rc=-5)
[  195.270473][ T6894] loop6: detected capacity change from 524288000 to 0
[  198.239379][ T6925] netlink: 'syz.0.264': attribute type 10 has an invalid length.
[  198.310666][ T6925] bridge0: port 2(bridge_slave_1) entered disabled state
[  198.318578][ T6925] bridge0: port 1(bridge_slave_0) entered disabled state
[  198.410192][ T6930] netlink: 188 bytes leftover after parsing attributes in process `syz.2.268'.
[  199.032502][ T6934] qnx6: wrong signature (magic) at position (0x2000) - will try alternative position (0x0000).
[  199.035265][ T6934] qnx6: wrong signature (magic) in superblock #1.
[  199.035303][ T6934] qnx6: unable to read the first superblock
[  199.676318][ T6940] netlink: 12 bytes leftover after parsing attributes in process `syz.3.269'.
[  199.729565][ T6940] netlink: 8 bytes leftover after parsing attributes in process `syz.3.269'.
[  199.857309][ T6943] Cannot find del_set index 0 as target
[  199.921596][ T6943] x_tables: ip_tables: rpfilter match: used from hooks OUTPUT, but only valid from PREROUTING
[  201.167039][ T6952] netlink: 'syz.0.273': attribute type 10 has an invalid length.
[  201.250993][   T10] usb 5-1: new high-speed USB device number 4 using dummy_hcd
[  201.708599][ T6955] qnx6: wrong signature (magic) at position (0x2000) - will try alternative position (0x0000).
[  201.729702][ T6955] qnx6: wrong signature (magic) in superblock #1.
[  201.738322][ T6955] qnx6: unable to read the first superblock
[  201.849314][   T10] usb 5-1: config 27 interface 0 altsetting 0 endpoint 0x8B has an invalid bInterval 0, changing to 7
[  201.874248][   T10] usb 5-1: config 27 interface 0 altsetting 0 bulk endpoint 0xB has invalid maxpacket 47
[  201.885640][   T10] usb 5-1: New USB device found, idVendor=0582, idProduct=0014, bcdDevice=bb.9d
[  201.903705][   T10] usb 5-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  201.939073][ T6950] raw-gadget.0 gadget.4: fail, usb_ep_enable returned -22
[  202.021823][   T10] usb 5-1: Quirk or no altset; falling back to MIDI 1.0
[  202.396401][ T6963] syz.1.276: attempt to access beyond end of device
[  202.396401][ T6963] nbd1: rw=6144, sector=128, nr_sectors = 8 limit=0
[  202.410745][ T6963] gfs2: error -5 reading superblock
[  202.795420][   T10] usb 5-1: USB disconnect, device number 4
[  202.796489][   T30] audit: type=1326 audit(1754771287.472:41): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=6962 comm="syz.0.278" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fca8f78ebe9 code=0x7ffc0000
[  202.900065][ T6969] sctp: [Deprecated]: syz.0.278 (pid 6969) Use of int in maxseg socket option.
[  202.900065][ T6969] Use struct sctp_assoc_value instead
[  203.434894][   T30] audit: type=1326 audit(1754771287.472:42): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=6962 comm="syz.0.278" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fca8f78ebe9 code=0x7ffc0000
[  203.456658][   T30] audit: type=1326 audit(1754771287.512:43): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=6962 comm="syz.0.278" exe="/root/syz-executor" sig=0 arch=c000003e syscall=1 compat=0 ip=0x7fca8f78d69f code=0x7ffc0000
[  203.500763][ T5969] IPVS: starting estimator thread 0...
[  203.527159][   T30] audit: type=1326 audit(1754771287.512:44): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=6962 comm="syz.0.278" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fca8f78ebe9 code=0x7ffc0000
[  203.528091][ T6950] netlink: 24 bytes leftover after parsing attributes in process `syz.4.272'.
[  203.549854][   T30] audit: type=1326 audit(1754771287.512:45): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=6962 comm="syz.0.278" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fca8f78ebe9 code=0x7ffc0000
[  203.584860][   T30] audit: type=1326 audit(1754771287.512:46): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=6962 comm="syz.0.278" exe="/root/syz-executor" sig=0 arch=c000003e syscall=54 compat=0 ip=0x7fca8f78ebe9 code=0x7ffc0000
[  203.616940][ T6972] IPVS: using max 26 ests per chain, 62400 per kthread
[  203.625032][   T30] audit: type=1326 audit(1754771287.512:47): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=6962 comm="syz.0.278" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fca8f78ebe9 code=0x7ffc0000
[  203.788912][   T30] audit: type=1326 audit(1754771287.512:48): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=6962 comm="syz.0.278" exe="/root/syz-executor" sig=0 arch=c000003e syscall=16 compat=0 ip=0x7fca8f78ebe9 code=0x7ffc0000
[  203.889596][   T30] audit: type=1326 audit(1754771287.512:49): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=6962 comm="syz.0.278" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fca8f78ebe9 code=0x7ffc0000
[  203.958919][ T6976] overlayfs: fs on './file0' does not support file handles, falling back to index=off,nfs_export=off.
[  204.650333][ T5941] libceph: connect (1)[c::]:6789 error -101
[  204.731902][ T5941] libceph: mon0 (1)[c::]:6789 connect error
[  204.855474][ T6984] ceph: No mds server is up or the cluster is laggy
[  205.000100][   T30] audit: type=1326 audit(1754771287.512:50): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=6962 comm="syz.0.278" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fca8f78ebe9 code=0x7ffc0000
[  205.258677][  T981] IPVS: Schedule: port zero only supported in persistent services, check your ipvs configuration
[  208.114952][ T7021] Cannot find del_set index 0 as target
[  208.564799][ T7016] syz.4.292: attempt to access beyond end of device
[  208.564799][ T7016] nbd4: rw=0, sector=64, nr_sectors = 8 limit=0
[  208.579520][ T7016] syz.4.292: attempt to access beyond end of device
[  208.579520][ T7016] nbd4: rw=0, sector=120, nr_sectors = 8 limit=0
[  208.592985][ T7016] Mount JFS Failure: -5
[  209.336130][ T7029] netlink: 8 bytes leftover after parsing attributes in process `syz.0.293'.
[  210.470580][ T7043] netlink: 'syz.0.298': attribute type 10 has an invalid length.
[  210.660176][ T7048] /dev/nullb0: Can't open blockdev
[  211.112914][ T7046] x_tables: duplicate underflow at hook 2
[  212.760977][ T7063] netlink: 188 bytes leftover after parsing attributes in process `syz.3.302'.
[  213.787098][ T7072] Cannot find del_set index 0 as target
[  214.261382][ T7067] fanotify: failed to encode fid (type=0, len=0, err=-2)
[  215.107272][  T981] IPVS: Schedule: port zero only supported in persistent services, check your ipvs configuration
[  215.118825][ T5969] IPVS: Schedule: port zero only supported in persistent services, check your ipvs configuration
[  215.276451][ T7083] Cannot find del_set index 0 as target
[  215.334430][ T7083] x_tables: ip_tables: rpfilter match: used from hooks OUTPUT, but only valid from PREROUTING
[  215.846337][ T7089] netlink: 72 bytes leftover after parsing attributes in process `syz.0.310'.
[  215.881127][ T7089] syz.0.310: attempt to access beyond end of device
[  215.881127][ T7089] nbd0: rw=0, sector=64, nr_sectors = 8 limit=0
[  215.895137][ T7089] syz.0.310: attempt to access beyond end of device
[  215.895137][ T7089] nbd0: rw=0, sector=120, nr_sectors = 8 limit=0
[  215.908579][ T7089] Mount JFS Failure: -5
[  216.345669][ T5969] usb 2-1: new high-speed USB device number 5 using dummy_hcd
[  216.492795][ T7095] workqueue: Failed to create a rescuer kthread for wq "nfc2_nci_rx_wq": -EINTR
[  216.609614][ T5969] usb 2-1: Using ep0 maxpacket: 16
[  216.702711][ T5969] usb 2-1: unable to get BOS descriptor or descriptor too short
[  216.720748][ T5969] usb 2-1: config 4 has an invalid interface number: 111 but max is 0
[  216.737151][ T5969] usb 2-1: config 4 has no interface number 0
[  216.745483][ T5969] usb 2-1: config 4 interface 111 altsetting 8 bulk endpoint 0x1 has invalid maxpacket 8
[  216.759359][ T5969] usb 2-1: config 4 interface 111 has no altsetting 0
[  216.823850][ T5969] usb 2-1: New USB device found, idVendor=0ccd, idProduct=0039, bcdDevice=44.99
[  217.135133][ T5969] usb 2-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  217.227420][ T5969] usb 2-1: Product: syz
[  217.254003][ T5969] usb 2-1: Manufacturer: syz
[  218.760958][ T5969] usb 2-1: SerialNumber: syz
[  218.770569][ T7091] raw-gadget.0 gadget.1: fail, usb_ep_enable returned -22
[  219.965927][ T5969] pvrusb2: Hardware description: Terratec Grabster AV400
[  220.019663][ T5969] pvrusb2: **********
[  220.023719][ T5969] pvrusb2: ***WARNING*** Support for this device (Terratec Grabster AV400) is experimental.
[  220.059471][ T5969] pvrusb2: Important functionality might not be entirely working.
[  220.113897][ T5969] pvrusb2: Please consider contacting the driver author to help with further stabilization of the driver.
[  220.605975][ T5969] pvrusb2: **********
[  220.610878][ T5969] usb 2-1: selecting invalid altsetting 0
[  220.632672][ T2343] pvrusb2: control-write URB failure, status=-71
[  220.632944][ T7130] tmpfs: Bad value for 'mpol'
[  220.667658][ T2343] pvrusb2: Device being rendered inoperable
[  220.677797][ T5969] usb 2-1: USB disconnect, device number 5
[  220.705653][ T2343] pvrusb2: ***WARNING*** pvrusb2 device hardware appears to be jammed and I can't clear it.
[  220.780139][ T2343] pvrusb2: You might need to power cycle the pvrusb2 device in order to recover.
[  220.798073][ T7130] netlink: 8 bytes leftover after parsing attributes in process `syz.1.322'.
[  220.921411][ T7130] netdevsim netdevsim1 netdevsim0: entered promiscuous mode
[  220.960840][ T7130] macvtap1: entered allmulticast mode
[  221.449375][ T7130] netdevsim netdevsim1 netdevsim0: entered allmulticast mode
[  221.478985][ T7141] netlink: 'syz.3.325': attribute type 12 has an invalid length.
[  221.489097][ T7145] netlink: 'syz.3.325': attribute type 12 has an invalid length.
[  221.498945][ T7141] netlink: 4 bytes leftover after parsing attributes in process `syz.3.325'.
[  221.519742][ T7145] netlink: 4 bytes leftover after parsing attributes in process `syz.3.325'.
[  221.563530][ T5909] usb 5-1: new high-speed USB device number 5 using dummy_hcd
[  221.584875][ T7141] netdevsim netdevsim3 netdevsim0: set [0, 0] type 1 family 0 port 8472 - 0
[  221.594807][ T7141] netdevsim netdevsim3 netdevsim1: set [0, 0] type 1 family 0 port 8472 - 0
[  221.604899][ T7141] netdevsim netdevsim3 netdevsim2: set [0, 0] type 1 family 0 port 8472 - 0
[  221.614324][ T7141] netdevsim netdevsim3 netdevsim3: set [0, 0] type 1 family 0 port 8472 - 0
[  221.626050][ T7141] netlink: 'syz.3.325': attribute type 12 has an invalid length.
[  221.626961][ T7145] netlink: 'syz.3.325': attribute type 12 has an invalid length.
[  221.634664][ T7141] netlink: 4 bytes leftover after parsing attributes in process `syz.3.325'.
[  221.650034][ T7145] netlink: 4 bytes leftover after parsing attributes in process `syz.3.325'.
[  221.774212][ T5909] usb 5-1: New USB device found, idVendor=0bda, idProduct=8153, bcdDevice=e2.3d
[  221.816996][ T5909] usb 5-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  221.857486][ T5909] usb 5-1: Product: syz
[  221.864584][ T5909] usb 5-1: Manufacturer: syz
[  221.942765][ T5909] usb 5-1: SerialNumber: syz
[  221.970541][ T7158] netlink: 188 bytes leftover after parsing attributes in process `syz.3.329'.
[  222.064861][ T5909] r8152-cfgselector 5-1: Unknown version 0x0000
[  222.091321][ T5909] r8152-cfgselector 5-1: config 0 descriptor??
[  222.890691][ T5941] usb 4-1: new high-speed USB device number 11 using dummy_hcd
[  223.170566][ T5941] usb 4-1: Using ep0 maxpacket: 32
[  223.257699][ T5941] usb 4-1: New USB device found, idVendor=0c72, idProduct=000d, bcdDevice=27.9b
[  223.416541][ T5941] usb 4-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  223.434548][ T5941] usb 4-1: Product: syz
[  223.444062][ T5941] usb 4-1: Manufacturer: syz
[  223.448724][ T5941] usb 4-1: SerialNumber: syz
[  223.460157][ T5941] usb 4-1: config 0 descriptor??
[  224.378271][ T5941] peak_usb 4-1:0.0: PEAK-System PCAN-USB Pro hwrev 0 serial 00000000.00000000 (2 channels)
[  224.395578][ T5941] peak_usb 4-1:0.0 can0: sending command failure: -22
[  226.241086][ T5941] peak_usb 4-1:0.0 can0: sending command failure: -22
[  226.289376][ T5969] IPVS: Schedule: port zero only supported in persistent services, check your ipvs configuration
[  226.344903][ T5941] peak_usb 4-1:0.0: probe with driver peak_usb failed with error -22
[  226.366669][ T5941] usb 4-1: USB disconnect, device number 11
[  226.709811][ T5923] r8152-cfgselector 5-1: USB disconnect, device number 5
[  226.995363][ T7197] netlink: 4 bytes leftover after parsing attributes in process `syz.4.338'.
[  228.079930][ T5923] usb 4-1: new high-speed USB device number 12 using dummy_hcd
[  228.143464][ T7207] netlink: 'syz.1.341': attribute type 10 has an invalid length.
[  228.313025][ T7209] qnx6: wrong signature (magic) at position (0x2000) - will try alternative position (0x0000).
[  228.324792][ T7209] qnx6: wrong signature (magic) in superblock #1.
[  228.331454][ T7209] qnx6: unable to read the first superblock
[  228.366839][ T5923] usb 4-1: Using ep0 maxpacket: 16
[  228.617220][ T5923] usb 4-1: config 1 contains an unexpected descriptor of type 0x1, skipping
[  229.230652][ T5923] usb 4-1: config 1 has an invalid descriptor of length 1, skipping remainder of the config
[  229.395794][ T5923] usb 4-1: config 1 has 1 interface, different from the descriptor's value: 3
[  229.441358][ T5923] usb 4-1: New USB device found, idVendor=1d6b, idProduct=0101, bcdDevice= 0.40
[  229.472946][ T5923] usb 4-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  229.496822][ T5923] usb 4-1: Product: syz
[  229.502589][ T5923] usb 4-1: Manufacturer: syz
[  229.510204][ T5923] usb 4-1: SerialNumber: syz
[  230.770217][ T5969] IPVS: Schedule: port zero only supported in persistent services, check your ipvs configuration
[  230.887707][ T5923] usb 4-1: 0:2 : does not exist
[  230.982712][ T7219] Cannot find del_set index 0 as target
[  231.022442][ T7219] x_tables: ip_tables: rpfilter match: used from hooks OUTPUT, but only valid from PREROUTING
[  231.400739][ T5923] usb 4-1: USB disconnect, device number 12
[  231.485229][ T5991] udevd[5991]: error opening ATTR{/sys/devices/platform/dummy_hcd.3/usb4/4-1/4-1:1.0/sound/card3/controlC3/../uevent} for writing: No such file or directory
[  231.707553][ T7224] netlink: 188 bytes leftover after parsing attributes in process `syz.3.345'.
[  232.205767][ T7230] fuse: Unknown parameter 'grosp_id'
[  232.396057][ T7239] 9pnet: p9_errstr2errno: server reported unknown error �@c�F	S����
[  233.164394][ T7248] netlink: 'syz.1.352': attribute type 10 has an invalid length.
[  233.371293][ T7252] qnx6: wrong signature (magic) at position (0x2000) - will try alternative position (0x0000).
[  233.386931][ T7252] qnx6: wrong signature (magic) in superblock #1.
[  233.393600][ T7252] qnx6: unable to read the first superblock
[  233.799754][   T10] usb 3-1: new high-speed USB device number 11 using dummy_hcd
[  233.962852][ T7258] veth1_to_bond: entered allmulticast mode
[  234.680398][ T5923] IPVS: Schedule: port zero only supported in persistent services, check your ipvs configuration
[  235.060920][ T5941] usb 1-1: new high-speed USB device number 11 using dummy_hcd
[  235.089763][   T36] IPVS: Schedule: port zero only supported in persistent services, check your ipvs configuration
[  235.393540][ T5941] usb 1-1: New USB device found, idVendor=0bda, idProduct=8153, bcdDevice=e2.3d
[  235.441977][ T5941] usb 1-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  235.454604][ T7267] x_tables: ip_tables: rpfilter match: used from hooks OUTPUT, but only valid from PREROUTING
[  235.461951][ T5941] usb 1-1: Product: syz
[  235.470339][ T5941] usb 1-1: Manufacturer: syz
[  235.475103][ T5941] usb 1-1: SerialNumber: syz
[  235.767234][ T5941] r8152-cfgselector 1-1: Unknown version 0x0000
[  235.819782][ T5941] r8152-cfgselector 1-1: config 0 descriptor??
[  235.982705][ T7273] netlink: 8 bytes leftover after parsing attributes in process `syz.4.358'.
[  236.849972][ T3419] usb 4-1: new high-speed USB device number 13 using dummy_hcd
[  239.890799][ T5923] IPVS: Schedule: port zero only supported in persistent services, check your ipvs configuration
[  240.564564][   T13] IPVS: Schedule: port zero only supported in persistent services, check your ipvs configuration
[  241.163392][ T5909] usb 5-1: new high-speed USB device number 6 using dummy_hcd
[  241.289461][ T5923] IPVS: Schedule: port zero only supported in persistent services, check your ipvs configuration
[  241.413763][ T5896] r8152-cfgselector 1-1: USB disconnect, device number 11
[  241.531921][ T7293] Cannot find del_set index 0 as target
[  242.149058][ T7299] dummy0: entered promiscuous mode
[  242.590347][ T7299] dummy0: left promiscuous mode
[  243.419208][ T7316] Cannot find del_set index 0 as target
[  243.466254][ T7316] x_tables: ip_tables: rpfilter match: used from hooks OUTPUT, but only valid from PREROUTING
[  243.846302][ T7318] netlink: 72 bytes leftover after parsing attributes in process `syz.1.370'.
[  243.893603][ T7318] syz.1.370: attempt to access beyond end of device
[  243.893603][ T7318] nbd1: rw=0, sector=64, nr_sectors = 8 limit=0
[  243.907845][ T7318] syz.1.370: attempt to access beyond end of device
[  243.907845][ T7318] nbd1: rw=0, sector=120, nr_sectors = 8 limit=0
[  243.923864][ T7318] Mount JFS Failure: -5
[  244.490952][ T7318] workqueue: Failed to create a rescuer kthread for wq "nfc2_nci_tx_wq": -EINTR
[  244.647247][ T7331] netlink: 8 bytes leftover after parsing attributes in process `syz.3.372'.
[  245.866359][ T7338] netlink: 4 bytes leftover after parsing attributes in process `syz.1.376'.
[  245.883693][ T7338] netlink: 'syz.1.376': attribute type 15 has an invalid length.
[  245.900045][ T7338] netlink: 'syz.1.376': attribute type 18 has an invalid length.
[  245.922604][ T7338] netdevsim netdevsim1 netdevsim0: set [0, 0] type 1 family 0 port 8472 - 0
[  245.931886][ T7338] netdevsim netdevsim1 netdevsim1: set [0, 0] type 1 family 0 port 8472 - 0
[  245.940834][ T7338] netdevsim netdevsim1 netdevsim2: set [0, 0] type 1 family 0 port 8472 - 0
[  245.949817][ T7338] netdevsim netdevsim1 netdevsim3: set [0, 0] type 1 family 0 port 8472 - 0
[  245.962749][ T7338] vxlan0: entered promiscuous mode
[  246.041403][ T7340] loop6: detected capacity change from 0 to 524288000
[  246.089616][ T5909] usb 4-1: new full-speed USB device number 14 using dummy_hcd
[  246.091586][ T7340] buffer_io_error: 6 callbacks suppressed
[  246.091602][ T7340] Buffer I/O error on dev loop6, logical block 0, async page read
[  246.203202][ T6263] IPVS: Schedule: port zero only supported in persistent services, check your ipvs configuration
[  246.350890][ T7344] loop6: detected capacity change from 524288000 to 0
[  246.423964][ T7340] Buffer I/O error on dev loop6, logical block 0, async page read
[  246.598014][ T7340] ldm_validate_partition_table(): Disk read failed.
[  246.675928][ T7340] Dev loop6: unable to read RDB block 0
[  246.738721][ T7340]  loop6: unable to read partition table
[  246.812926][ T7340] loop6: partition table beyond EOD, truncated
[  246.848329][ T6074] IPVS: Schedule: port zero only supported in persistent services, check your ipvs configuration
[  246.890922][ T7340] loop_reread_partitions: partition scan of loop6 (�^L����A;���b��@���֔:B�w�<��g�nf.-ӑ��.�i���>^.�dDd��) failed (rc=-5)
[  247.088356][ T5909] usb 4-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config
[  249.207854][ T5909] usb 4-1: config 0 interface 0 altsetting 0 has an endpoint descriptor with address 0xBE, changing to 0x8E
[  250.178354][ T5909] usb 4-1: config 0 interface 0 altsetting 0 endpoint 0x8E has an invalid bInterval 0, changing to 10
[  250.189748][ T5909] usb 4-1: config 0 interface 0 altsetting 0 endpoint 0x8E has invalid wMaxPacketSize 0
[  250.199801][ T5909] usb 4-1: config 0 interface 0 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 3
[  250.295718][ T5909] usb 4-1: string descriptor 0 read error: -71
[  250.337113][ T5909] usb 4-1: New USB device found, idVendor=10c5, idProduct=819a, bcdDevice=e4.46
[  250.362965][ T5909] usb 4-1: New USB device strings: Mfr=1, Product=2, SerialNumber=35
[  250.415645][ T5909] usb 4-1: config 0 descriptor??
[  250.451162][ T5909] usb 4-1: can't set config #0, error -71
[  250.524238][ T7358] netlink: 72 bytes leftover after parsing attributes in process `syz.2.382'.
[  250.568893][ T7358] syz.2.382: attempt to access beyond end of device
[  250.568893][ T7358] nbd2: rw=0, sector=64, nr_sectors = 8 limit=0
[  250.585645][ T7358] syz.2.382: attempt to access beyond end of device
[  250.585645][ T7358] nbd2: rw=0, sector=120, nr_sectors = 8 limit=0
[  250.599612][ T7358] Mount JFS Failure: -5
[  250.661074][ T5909] usb 4-1: USB disconnect, device number 14
[  250.884167][ T7363] netlink: 188 bytes leftover after parsing attributes in process `syz.4.385'.
[  251.706647][ T7358] workqueue: Failed to create a rescuer kthread for wq "nfc2_nci_rx_wq": -EINTR
[  251.967341][   T13] IPVS: Schedule: port zero only supported in persistent services, check your ipvs configuration
[  254.250375][ T7395] netlink: 188 bytes leftover after parsing attributes in process `syz.2.395'.
[  254.534941][   T12] IPVS: Schedule: port zero only supported in persistent services, check your ipvs configuration
[  254.951489][ T7407] fuse: Bad value for 'fd'
[  254.960601][ T7402] loop6: detected capacity change from 0 to 524288000
[  255.760560][ T7406] loop6: detected capacity change from 524288000 to 0
[  255.792382][ T7402] Buffer I/O error on dev loop6, logical block 0, async page read
[  255.831335][ T1299] ieee802154 phy0 wpan0: encryption failed: -22
[  255.839514][ T1299] ieee802154 phy1 wpan1: encryption failed: -22
[  255.857168][ T7402] ldm_validate_partition_table(): Disk read failed.
[  255.880134][ T7402] Dev loop6: unable to read RDB block 0
[  255.891939][ T7402]  loop6: unable to read partition table
[  255.898360][ T7402] loop6: partition table beyond EOD, truncated
[  255.932283][ T7402] loop_reread_partitions: partition scan of loop6 (�^L����A;���b��@���֔:B�w�<��g�nf.-ӑ��.�i���>^.�dDd��) failed (rc=-5)
[  256.094359][ T7423] netlink: 16402 bytes leftover after parsing attributes in process `syz.2.400'.
[  257.236774][ T7434] netlink: 188 bytes leftover after parsing attributes in process `syz.2.402'.
[  257.722824][ T6263] IPVS: Schedule: port zero only supported in persistent services, check your ipvs configuration
[  258.057085][ T7443] netlink: 'syz.2.405': attribute type 1 has an invalid length.
[  258.113537][ T7446] netlink: 'syz.2.405': attribute type 1 has an invalid length.
[  259.349715][   T30] kauditd_printk_skb: 18 callbacks suppressed
[  259.349737][   T30] audit: type=1326 audit(1754771344.896:69): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=7455 comm="syz.3.408" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f87b378ebe9 code=0x7ffc0000
[  259.380778][   T30] audit: type=1326 audit(1754771344.896:70): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=7455 comm="syz.3.408" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f87b378ebe9 code=0x7ffc0000
[  259.599291][ T7459] netlink: 8 bytes leftover after parsing attributes in process `syz.3.408'.
[  259.609979][ T7459] openvswitch: netlink: Flow actions may not be safe on all matching packets.
[  260.279850][   T30] audit: type=1326 audit(1754771344.896:71): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=7455 comm="syz.3.408" exe="/root/syz-executor" sig=0 arch=c000003e syscall=283 compat=0 ip=0x7f87b378ebe9 code=0x7ffc0000
[  260.304289][ T7317] IPVS: Schedule: port zero only supported in persistent services, check your ipvs configuration
[  260.349041][ T7463] loop6: detected capacity change from 0 to 524288000
[  260.369606][   T30] audit: type=1326 audit(1754771344.896:72): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=7455 comm="syz.3.408" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f87b378ebe9 code=0x7ffc0000
[  260.396921][ T7463] Buffer I/O error on dev loop6, logical block 0, async page read
[  260.408989][ T7463] Buffer I/O error on dev loop6, logical block 0, async page read
[  260.444130][ T7463] Buffer I/O error on dev loop6, logical block 0, async page read
[  260.457576][   T30] audit: type=1326 audit(1754771344.896:73): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=7455 comm="syz.3.408" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f87b378ebe9 code=0x7ffc0000
[  260.550526][ T7463] Buffer I/O error on dev loop6, logical block 0, async page read
[  260.559026][ T7463] Buffer I/O error on dev loop6, logical block 0, async page read
[  260.600200][   T30] audit: type=1326 audit(1754771344.896:74): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=7455 comm="syz.3.408" exe="/root/syz-executor" sig=0 arch=c000003e syscall=286 compat=0 ip=0x7f87b378ebe9 code=0x7ffc0000
[  260.619952][ T7467] netlink: 64 bytes leftover after parsing attributes in process `syz.0.413'.
[  260.627479][   T30] audit: type=1326 audit(1754771344.896:75): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=7455 comm="syz.3.408" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f87b378ebe9 code=0x7ffc0000
[  260.662755][   T30] audit: type=1326 audit(1754771344.896:76): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=7455 comm="syz.3.408" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f87b378ebe9 code=0x7ffc0000
[  261.195931][   T30] audit: type=1326 audit(1754771344.896:77): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=7455 comm="syz.3.408" exe="/root/syz-executor" sig=0 arch=c000003e syscall=39 compat=0 ip=0x7f87b378ebe9 code=0x7ffc0000
[  261.229576][   T30] audit: type=1326 audit(1754771344.896:78): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=7455 comm="syz.3.408" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f87b378ebe9 code=0x7ffc0000
[  261.249904][ T7469] loop6: detected capacity change from 524288000 to 0
[  261.263750][ T7463] Buffer I/O error on dev loop6, logical block 0, async page read
[  261.301631][ T7463] ldm_validate_partition_table(): Disk read failed.
[  261.441951][ T7463] Dev loop6: unable to read RDB block 0
[  261.448440][ T7463]  loop6: unable to read partition table
[  261.459827][ T7463] loop6: partition table beyond EOD, truncated
[  261.466190][ T7463] loop_reread_partitions: partition scan of loop6 (�^L����A;���b��@���֔:B�w�<��g�nf.-ӑ��.�i���>^.�dDd��) failed (rc=-5)
[  263.065143][ T7483] netlink: 28 bytes leftover after parsing attributes in process `syz.3.417'.
[  263.463429][ T7483] netlink: 8 bytes leftover after parsing attributes in process `syz.3.417'.
[  263.499458][   T56] IPVS: Schedule: port zero only supported in persistent services, check your ipvs configuration
[  263.666996][ T7500] FAULT_INJECTION: forcing a failure.
[  263.666996][ T7500] name failslab, interval 1, probability 0, space 0, times 0
[  263.723856][ T7500] CPU: 0 UID: 0 PID: 7500 Comm: syz.4.421 Not tainted 6.16.0-syzkaller #0 PREEMPT(full) 
[  263.723885][ T7500] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 07/12/2025
[  263.723896][ T7500] Call Trace:
[  263.723904][ T7500]  <TASK>
[  263.723913][ T7500]  dump_stack_lvl+0x189/0x250
[  263.723942][ T7500]  ? __pfx____ratelimit+0x10/0x10
[  263.723966][ T7500]  ? __pfx_dump_stack_lvl+0x10/0x10
[  263.723987][ T7500]  ? __pfx__printk+0x10/0x10
[  263.724019][ T7500]  ? __pfx___might_resched+0x10/0x10
[  263.724039][ T7500]  ? fs_reclaim_acquire+0x7d/0x100
[  263.724069][ T7500]  should_fail_ex+0x414/0x560
[  263.724097][ T7500]  should_failslab+0xa8/0x100
[  263.724122][ T7500]  kmem_cache_alloc_node_noprof+0x76/0x3c0
[  263.724143][ T7500]  ? alloc_vmap_area+0x26a/0x1490
[  263.724169][ T7500]  alloc_vmap_area+0x26a/0x1490
[  263.724206][ T7500]  ? __pfx_alloc_vmap_area+0x10/0x10
[  263.724226][ T7500]  ? __kasan_kmalloc+0x93/0xb0
[  263.724247][ T7500]  ? __kmalloc_cache_node_noprof+0x234/0x3d0
[  263.724268][ T7500]  ? __get_vm_area_node+0x13f/0x300
[  263.724287][ T7500]  ? copy_process+0x544/0x3b80
[  263.724311][ T7500]  __get_vm_area_node+0x1f8/0x300
[  263.724338][ T7500]  __vmalloc_node_range_noprof+0x301/0x12f0
[  263.724360][ T7500]  ? copy_process+0x544/0x3b80
[  263.724394][ T7500]  ? percpu_ref_get_many+0x19/0x140
[  263.724428][ T7500]  ? percpu_ref_get_many+0x19/0x140
[  263.724464][ T7500]  ? __pfx___vmalloc_node_range_noprof+0x10/0x10
[  263.724489][ T7500]  ? memcpy_and_pad+0x48/0x80
[  263.724511][ T7500]  __vmalloc_node_noprof+0xc2/0x110
[  263.724531][ T7500]  ? copy_process+0x544/0x3b80
[  263.724550][ T7500]  ? copy_process+0x544/0x3b80
[  263.724574][ T7500]  dup_task_struct+0x3e7/0x860
[  263.724603][ T7500]  copy_process+0x544/0x3b80
[  263.724621][ T7500]  ? stack_depot_save_flags+0x40/0x900
[  263.724643][ T7500]  ? cec_poll+0x1e8/0x290
[  263.724673][ T7500]  ? __kasan_kmalloc+0x93/0xb0
[  263.724688][ T7500]  ? __kmalloc_cache_noprof+0x230/0x3d0
[  263.724703][ T7500]  ? create_io_worker+0xac/0x5d0
[  263.724718][ T7500]  ? tctx_task_work+0x3f/0x90
[  263.724738][ T7500]  ? task_work_run+0x1d1/0x260
[  263.724759][ T7500]  ? get_signal+0x11c5/0x1310
[  263.724774][ T7500]  ? arch_do_signal_or_restart+0x9a/0x750
[  263.724796][ T7500]  ? exit_to_user_mode_loop+0x75/0x110
[  263.724810][ T7500]  ? do_syscall_64+0x2bd/0x3b0
[  263.724834][ T7500]  ? __pfx_copy_process+0x10/0x10
[  263.724861][ T7500]  ? __pfx_io_wq_worker+0x10/0x10
[  263.724894][ T7500]  ? __pfx_io_wq_worker+0x10/0x10
[  263.724921][ T7500]  create_io_thread+0xef/0x150
[  263.724945][ T7500]  ? __pfx_create_io_thread+0x10/0x10
[  263.724979][ T7500]  ? __pfx_io_wq_worker+0x10/0x10
[  263.725014][ T7500]  ? __raw_spin_lock_init+0x45/0x100
[  263.725039][ T7500]  ? __init_swait_queue_head+0xa9/0x150
[  263.725063][ T7500]  ? create_io_worker+0x27/0x5d0
[  263.725080][ T7500]  create_io_worker+0x182/0x5d0
[  263.725104][ T7500]  io_wq_enqueue+0x62c/0x850
[  263.725131][ T7500]  ? __pfx_io_wq_work_match_item+0x10/0x10
[  263.725159][ T7500]  ? __pfx_io_req_task_submit+0x10/0x10
[  263.725184][ T7500]  io_handle_tw_list+0x350/0x4c0
[  263.725219][ T7500]  tctx_task_work_run+0x99/0x370
[  263.725251][ T7500]  tctx_task_work+0x3f/0x90
[  263.725278][ T7500]  task_work_run+0x1d1/0x260
[  263.725308][ T7500]  ? __pfx_task_work_run+0x10/0x10
[  263.725349][ T7500]  get_signal+0x11c5/0x1310
[  263.725371][ T7500]  ? ksys_write+0x1cb/0x250
[  263.725395][ T7500]  ? __pfx___se_sys_io_uring_enter+0x10/0x10
[  263.725423][ T7500]  ? __mutex_unlock_slowpath+0x1cd/0x700
[  263.725446][ T7500]  ? __pfx_vfs_write+0x10/0x10
[  263.725473][ T7500]  arch_do_signal_or_restart+0x9a/0x750
[  263.725502][ T7500]  ? __fget_files+0x3a0/0x420
[  263.725529][ T7500]  ? __pfx_arch_do_signal_or_restart+0x10/0x10
[  263.725578][ T7500]  ? exit_to_user_mode_loop+0x40/0x110
[  263.725602][ T7500]  exit_to_user_mode_loop+0x75/0x110
[  263.725621][ T7500]  do_syscall_64+0x2bd/0x3b0
[  263.725642][ T7500]  ? lockdep_hardirqs_on+0x9c/0x150
[  263.725661][ T7500]  ? entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  263.725681][ T7500]  ? clear_bhb_loop+0x60/0xb0
[  263.725706][ T7500]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  263.725724][ T7500] RIP: 0033:0x7f077a98ebe9
[  263.725743][ T7500] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[  263.725759][ T7500] RSP: 002b:00007f077b750038 EFLAGS: 00000246 ORIG_RAX: 00000000000001aa
[  263.725781][ T7500] RAX: 0000000000000001 RBX: 00007f077abb5fa0 RCX: 00007f077a98ebe9
[  263.725794][ T7500] RDX: 0000000000000000 RSI: 0000000000207a98 RDI: 0000000000000004
[  263.725805][ T7500] RBP: 00007f077b750090 R08: 0000000000000000 R09: 0000000000000000
[  263.725817][ T7500] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[  263.725828][ T7500] R13: 00007f077abb6038 R14: 00007f077abb5fa0 R15: 00007ffd192176a8
[  263.725860][ T7500]  </TASK>
[  263.785991][ T7500] syz.4.421: vmalloc error: size 32768, vm_struct allocation failed, mode:0xdc0(GFP_KERNEL|__GFP_ZERO), nodemask=(null)
[  264.003499][ T5922] usb 3-1: new high-speed USB device number 12 using dummy_hcd
[  264.173694][ T5922] usb 3-1: config 0 has an invalid interface number: 50 but max is 0
[  264.180517][ T7500] ,cpuset=
[  264.183356][ T5922] usb 3-1: config 0 has no interface number 0
[  264.191197][ T7500] /
[  264.206876][  T927] usb 4-1: new high-speed USB device number 15 using dummy_hcd
[  264.251244][ T7500] ,mems_allowed=0-1
[  264.263406][ T5922] usb 3-1: config 0 interface 50 altsetting 0 endpoint 0x82 has an invalid bInterval 0, changing to 7
[  264.281665][ T7500] 
[  264.284194][ T5922] usb 3-1: config 0 interface 50 altsetting 0 endpoint 0x82 has invalid wMaxPacketSize 0
[  264.290977][ T7500] CPU: 1 UID: 0 PID: 7500 Comm: syz.4.421 Not tainted 6.16.0-syzkaller #0 PREEMPT(full) 
[  264.291001][ T7500] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 07/12/2025
[  264.291011][ T7500] Call Trace:
[  264.291019][ T7500]  <TASK>
[  264.291026][ T7500]  dump_stack_lvl+0x189/0x250
[  264.291053][ T7500]  ? __pfx_rcu_read_unlock_special+0x10/0x10
[  264.291080][ T7500]  ? __pfx_dump_stack_lvl+0x10/0x10
[  264.291100][ T7500]  ? __pfx__printk+0x10/0x10
[  264.291123][ T7500]  ? cpuset_print_current_mems_allowed+0x1f/0x360
[  264.291144][ T7500]  ? cpuset_print_current_mems_allowed+0x1f/0x360
[  264.291174][ T7500]  warn_alloc+0x214/0x310
[  264.291194][ T7500]  ? kasan_quarantine_put+0xdd/0x220
[  264.291219][ T7500]  ? lockdep_hardirqs_on+0x9c/0x150
[  264.291241][ T7500]  ? __pfx_warn_alloc+0x10/0x10
[  264.291263][ T7500]  ? kfree+0x18e/0x440
[  264.291286][ T7500]  ? __get_vm_area_node+0x13f/0x300
[  264.291305][ T7500]  ? copy_process+0x544/0x3b80
[  264.291439][ T7500]  ? __get_vm_area_node+0x211/0x300
[  264.291466][ T7500]  __vmalloc_node_range_noprof+0x326/0x12f0
[  264.291497][ T7500]  ? percpu_ref_get_many+0x19/0x140
[  264.291518][ T7500]  ? percpu_ref_get_many+0x19/0x140
[  264.291552][ T7500]  ? __pfx___vmalloc_node_range_noprof+0x10/0x10
[  264.291576][ T7500]  ? memcpy_and_pad+0x48/0x80
[  264.291599][ T7500]  __vmalloc_node_noprof+0xc2/0x110
[  264.291618][ T7500]  ? copy_process+0x544/0x3b80
[  264.291635][ T7500]  ? copy_process+0x544/0x3b80
[  264.291657][ T7500]  dup_task_struct+0x3e7/0x860
[  264.291684][ T7500]  copy_process+0x544/0x3b80
[  264.291702][ T7500]  ? stack_depot_save_flags+0x40/0x900
[  264.291724][ T7500]  ? cec_poll+0x1e8/0x290
[  264.291751][ T7500]  ? __kasan_kmalloc+0x93/0xb0
[  264.291765][ T7500]  ? __kmalloc_cache_noprof+0x230/0x3d0
[  264.291781][ T7500]  ? create_io_worker+0xac/0x5d0
[  264.291798][ T7500]  ? tctx_task_work+0x3f/0x90
[  264.291820][ T7500]  ? task_work_run+0x1d1/0x260
[  264.291842][ T7500]  ? get_signal+0x11c5/0x1310
[  264.291858][ T7500]  ? arch_do_signal_or_restart+0x9a/0x750
[  264.291881][ T7500]  ? exit_to_user_mode_loop+0x75/0x110
[  264.291896][ T7500]  ? do_syscall_64+0x2bd/0x3b0
[  264.291921][ T7500]  ? __pfx_copy_process+0x10/0x10
[  264.291948][ T7500]  ? __pfx_io_wq_worker+0x10/0x10
[  264.291975][ T7500]  ? __pfx_io_wq_worker+0x10/0x10
[  264.292001][ T7500]  create_io_thread+0xef/0x150
[  264.292022][ T7500]  ? __pfx_create_io_thread+0x10/0x10
[  264.292053][ T7500]  ? __pfx_io_wq_worker+0x10/0x10
[  264.292086][ T7500]  ? __raw_spin_lock_init+0x45/0x100
[  264.292111][ T7500]  ? __init_swait_queue_head+0xa9/0x150
[  264.292135][ T7500]  ? create_io_worker+0x27/0x5d0
[  264.292151][ T7500]  create_io_worker+0x182/0x5d0
[  264.292173][ T7500]  io_wq_enqueue+0x62c/0x850
[  264.292198][ T7500]  ? __pfx_io_wq_work_match_item+0x10/0x10
[  264.292226][ T7500]  ? __pfx_io_req_task_submit+0x10/0x10
[  264.292252][ T7500]  io_handle_tw_list+0x350/0x4c0
[  264.292283][ T7500]  tctx_task_work_run+0x99/0x370
[  264.292311][ T7500]  tctx_task_work+0x3f/0x90
[  264.292344][ T7500]  task_work_run+0x1d1/0x260
[  264.292372][ T7500]  ? __pfx_task_work_run+0x10/0x10
[  264.292409][ T7500]  get_signal+0x11c5/0x1310
[  264.292429][ T7500]  ? ksys_write+0x1cb/0x250
[  264.292450][ T7500]  ? __pfx___se_sys_io_uring_enter+0x10/0x10
[  264.292465][ T7500]  ? __mutex_unlock_slowpath+0x1cd/0x700
[  264.292485][ T7500]  ? __pfx_vfs_write+0x10/0x10
[  264.292509][ T7500]  arch_do_signal_or_restart+0x9a/0x750
[  264.292535][ T7500]  ? __fget_files+0x3a0/0x420
[  264.292559][ T7500]  ? __pfx_arch_do_signal_or_restart+0x10/0x10
[  264.292602][ T7500]  ? exit_to_user_mode_loop+0x40/0x110
[  264.292623][ T7500]  exit_to_user_mode_loop+0x75/0x110
[  264.292641][ T7500]  do_syscall_64+0x2bd/0x3b0
[  264.292659][ T7500]  ? lockdep_hardirqs_on+0x9c/0x150
[  264.292677][ T7500]  ? entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  264.292694][ T7500]  ? clear_bhb_loop+0x60/0xb0
[  264.292716][ T7500]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  264.292733][ T7500] RIP: 0033:0x7f077a98ebe9
[  264.292750][ T7500] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[  264.292764][ T7500] RSP: 002b:00007f077b750038 EFLAGS: 00000246 ORIG_RAX: 00000000000001aa
[  264.292784][ T7500] RAX: 0000000000000001 RBX: 00007f077abb5fa0 RCX: 00007f077a98ebe9
[  264.292796][ T7500] RDX: 0000000000000000 RSI: 0000000000207a98 RDI: 0000000000000004
[  264.292807][ T7500] RBP: 00007f077b750090 R08: 0000000000000000 R09: 0000000000000000
[  264.292817][ T7500] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[  264.292828][ T7500] R13: 00007f077abb6038 R14: 00007f077abb5fa0 R15: 00007ffd192176a8
[  264.292858][ T7500]  </TASK>
[  264.292865][ T7500] Mem-Info:
[  264.310054][ T5922] usb 3-1: New USB device found, idVendor=0c45, idProduct=1010, bcdDevice=e6.fc
[  264.321807][ T7500] active_anon:251 inactive_anon:5648 isolated_anon:0
[  264.321807][ T7500]  active_file:5654 inactive_file:35792 isolated_file:0
[  264.321807][ T7500]  unevictable:771 dirty:161 writeback:0
[  264.321807][ T7500]  slab_reclaimable:9957 slab_unreclaimable:97379
[  264.321807][ T7500]  mapped:29712 shmem:1366 pagetables:1235
[  264.321807][ T7500]  sec_pagetables:0 bounce:0
[  264.321807][ T7500]  kernel_misc_reclaimable:0
[  264.321807][ T7500]  free:1326708 free_pcp:16762 free_cma:0
[  264.324297][ T5922] usb 3-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  264.328709][ T7500] Node 0 active_anon:1004kB inactive_anon:22592kB active_file:22420kB inactive_file:143168kB unevictable:1548kB isolated(anon):0kB isolated(file):0kB mapped:118848kB dirty:644kB writeback:0kB shmem:3928kB shmem_thp:0kB shmem_pmdmapped:0kB anon_thp:0kB writeback_tmp:0kB kernel_stack:12172kB pagetables:4836kB sec_pagetables:0kB all_unreclaimable? no Balloon:0kB
[  264.334788][ T5922] usb 3-1: Product: syz
[  264.334808][ T5922] usb 3-1: Manufacturer: syz
[  264.334825][ T5922] usb 3-1: SerialNumber: syz
[  264.365907][ T5922] usb 3-1: config 0 descriptor??
[  264.394852][ T7500] Node 1 active_anon:0kB inactive_anon:0kB active_file:196kB inactive_file:0kB unevictable:1536kB isolated(anon):0kB isolated(file):0kB mapped:0kB dirty:0kB writeback:0kB shmem:1536kB shmem_thp:0kB shmem_pmdmapped:0kB anon_thp:0kB writeback_tmp:0kB kernel_stack:48kB pagetables:104kB sec_pagetables:0kB all_unreclaimable? no Balloon:0kB
[  264.409679][ T5922] yurex 3-1:0.50: Could not submitting URB
[  264.414656][ T7500] Node 0 
[  264.423375][ T5922] yurex 3-1:0.50: probe with driver yurex failed with error -5
[  264.431777][ T7500] DMA free:15360kB boost:0kB min:204kB low:252kB high:300kB reserved_highatomic:0KB free_highatomic:0KB active_anon:0kB inactive_anon:0kB active_file:0kB inactive_file:0kB unevictable:0kB writepending:0kB present:15992kB managed:15360kB mlocked:0kB bounce:0kB free_pcp:0kB local_pcp:0kB free_cma:0kB
[  264.479836][  T927] usb 4-1: Using ep0 maxpacket: 32
[  264.484657][ T7500] lowmem_reserve[]:
[  264.491649][  T927] usb 4-1: New USB device found, idVendor=0fd9, idProduct=0025, bcdDevice=29.40
[  264.493726][ T7500]  0
[  264.499711][  T927] usb 4-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  264.511031][ T7500]  2500
[  264.546108][  T927] usb 4-1: config 0 descriptor??
[  264.546898][ T7500]  2502
[  264.639804][ T7516] loop6: detected capacity change from 0 to 524288000
[  264.657964][ T7500]  2502
[  264.790167][  T927] dvb-usb: found a 'Elgato EyeTV Sat' in warm state.
[  264.847278][ T7500]  2502
[  264.877490][  T927] dvb-usb: will pass the complete MPEG2 transport stream to the software demuxer.
[  264.931708][ T7500] 
[  264.994431][  T927] dvbdev: DVB: registering new adapter (Elgato EyeTV Sat)
[  265.046600][ T5896] usb 3-1: USB disconnect, device number 12
[  265.054174][  T927] usb 4-1: media controller created
[  265.070716][ T7519] loop6: detected capacity change from 524288000 to 0
[  265.239310][ T7500] Node 0 DMA32 free:1394312kB boost:0kB min:34264kB low:42828kB high:51392kB reserved_highatomic:0KB free_highatomic:0KB active_anon:1000kB inactive_anon:24220kB active_file:20792kB inactive_file:142964kB unevictable:1548kB writepending:648kB present:3129332kB managed:2560996kB mlocked:4kB bounce:0kB free_pcp:45284kB local_pcp:18276kB free_cma:0kB
[  265.282371][    C1] vkms_vblank_simulate: vblank timer overrun
[  265.372670][ T7500] lowmem_reserve[]: 0 0 1 1 1
[  265.377495][ T7500] Node 0 Normal free:20kB boost:0kB min:24kB low:28kB high:32kB reserved_highatomic:0KB free_highatomic:0KB active_anon:4kB inactive_anon:40kB active_file:1764kB inactive_file:68kB unevictable:0kB writepending:0kB present:1048580kB managed:1904kB mlocked:0kB bounce:0kB free_pcp:8kB local_pcp:8kB free_cma:0kB
[  265.406510][  T927] dvbdev: dvb_create_media_entity: media entity 'dvb-demux' registered.
[  265.406570][    C1] vkms_vblank_simulate: vblank timer overrun
[  265.447490][  T927] az6027: usb out operation failed. (-71)
[  265.465648][ T7500] lowmem_reserve[]: 0 0 0 0 0
[  265.471422][  T927] az6027: usb out operation failed. (-71)
[  265.477427][  T927] stb0899_attach: Driver disabled by Kconfig
[  265.485779][ T7500] Node 1 Normal free:3896084kB boost:0kB min:55612kB low:69512kB high:83412kB reserved_highatomic:0KB free_highatomic:0KB active_anon:0kB inactive_anon:0kB active_file:196kB inactive_file:0kB unevictable:1536kB writepending:0kB present:4194300kB managed:4111164kB mlocked:0kB bounce:0kB free_pcp:20896kB local_pcp:11680kB free_cma:0kB
[  265.517780][  T927] az6027: no front-end attached
[  265.517780][  T927] 
[  265.527436][ T7500] lowmem_reserve[]: 0 0 0 0 0
[  265.533520][  T927] az6027: usb out operation failed. (-71)
[  265.539349][  T927] dvb-usb: no frontend was attached by 'Elgato EyeTV Sat'
[  265.557242][  T927] input: IR-receiver inside an USB DVB receiver as /devices/platform/dummy_hcd.3/usb4/4-1/input/input8
[  265.578006][ T7529] random: crng reseeded on system resumption
[  265.589624][ T3419] usb 2-1: new high-speed USB device number 6 using dummy_hcd
[  265.591036][  T927] dvb-usb: schedule remote query interval to 400 msecs.
[  265.609488][ T7500] Node 0 DMA: 0*4kB 0*8kB 0*16kB 0*32kB 0*64kB 0*128kB 0*256kB 0*512kB 1*1024kB (U) 1*2048kB (M) 3*4096kB (M) = 15360kB
[  265.638940][  T927] dvb-usb: Elgato EyeTV Sat successfully initialized and connected.
[  265.666007][  T927] usb 4-1: USB disconnect, device number 15
[  265.675655][ T7500] Node 0 DMA32: 3*4kB (E) 35*8kB (UME) 153*16kB (UME) 85*32kB (UME) 35*64kB (UME) 50*128kB (UME) 23*256kB (UM) 12*512kB (UM) 7*1024kB (UM) 4*2048kB (UME) 328*4096kB (UM) = 1384980kB
[  265.709840][ T5909] usb 1-1: new high-speed USB device number 12 using dummy_hcd
[  265.752515][ T3419] usb 2-1: Using ep0 maxpacket: 32
[  265.774000][ T3419] usb 2-1: config 0 interface 0 has no altsetting 0
[  265.779454][ T7500] Node 0 Normal: 1*4kB (M) 0*8kB 1*16kB (M) 0*32kB 0*64kB 0*128kB 0*256kB 0*512kB 0*1024kB 0*2048kB 0*4096kB = 20kB
[  265.796009][ T3419] usb 2-1: New USB device found, idVendor=16d0, idProduct=10b8, bcdDevice=de.8e
[  265.820730][ T3419] usb 2-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  265.838052][ T7500] Node 1 Normal: 211*4kB (UE) 57*8kB (UME) 42*16kB (UME) 69*32kB (UME) 25*64kB (UME) 7*128kB (UME) 3*256kB (UM) 3*512kB (UM) 2*1024kB (UM) 1*2048kB (U) 948*4096kB (ME) = 3896084kB
[  265.857421][ T3419] usb 2-1: Product: syz
[  265.857675][  T927] dvb-usb: Elgato EyeTV Sat successfully deinitialized and disconnected.
[  265.870662][ T5909] usb 1-1: Using ep0 maxpacket: 32
[  265.874549][ T5909] usb 1-1: config 0 interface 0 has no altsetting 0
[  265.886884][ T3419] usb 2-1: Manufacturer: syz
[  265.897969][ T5909] usb 1-1: New USB device found, idVendor=16d0, idProduct=10b8, bcdDevice=de.8e
[  265.903310][ T7500] Node 0 hugepages_total=0 hugepages_free=0 hugepages_surp=0 hugepages_size=1048576kB
[  265.914776][ T3419] usb 2-1: SerialNumber: syz
[  265.926027][ T5909] usb 1-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  265.946050][ T3419] usb 2-1: config 0 descriptor??
[  265.953757][ T5909] usb 1-1: Product: syz
[  265.955737][ T7500] Node 0 hugepages_total=2 hugepages_free=2 hugepages_surp=0 hugepages_size=2048kB
[  265.963215][ T5909] usb 1-1: Manufacturer: syz
[  265.969441][ T7500] Node 1 hugepages_total=0 hugepages_free=0 hugepages_surp=0 hugepages_size=1048576kB
[  265.987117][ T5909] usb 1-1: SerialNumber: syz
[  265.989849][ T7500] Node 1 hugepages_total=2 hugepages_free=2 hugepages_surp=0 hugepages_size=2048kB
[  266.011384][ T5909] usb 1-1: config 0 descriptor??
[  266.013886][ T7500] 45675 total pagecache pages
[  266.022665][ T7500] 0 pages in swap cache
[  266.026887][ T7500] Free swap  = 124996kB
[  266.046011][ T7317] IPVS: Schedule: port zero only supported in persistent services, check your ipvs configuration
[  266.046143][ T7532] netlink: 60 bytes leftover after parsing attributes in process `syz.3.431'.
[  266.077065][ T7500] Total swap = 124996kB
[  266.082186][ T7531] netlink: 60 bytes leftover after parsing attributes in process `syz.3.431'.
[  266.112583][ T7500] 2097051 pages RAM
[  266.116545][ T7500] 0 pages HighMem/MovableOnly
[  266.121615][ T7500] 424695 pages reserved
[  266.125807][ T7500] 0 pages cma reserved
[  266.184734][ T7525] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy
[  266.221146][ T7525] misc raw-gadget: fail, usb_gadget_register_driver returned -16
[  266.291666][ T7528] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy
[  266.302014][ T7528] misc raw-gadget: fail, usb_gadget_register_driver returned -16
[  266.438077][   T30] kauditd_printk_skb: 10 callbacks suppressed
[  266.438099][   T30] audit: type=1800 audit(1754771352.116:89): pid=7535 uid=0 auid=4294967295 ses=4294967295 subj=_ op=collect_data cause=failed comm="syz.3.433" name="/" dev="9p" ino=2 res=0 errno=0
[  266.462615][    C1] vkms_vblank_simulate: vblank timer overrun
[  267.136324][ T7547] fuse: Bad value for 'user_id'
[  267.159243][ T7547] fuse: Bad value for 'user_id'
[  267.329653][ T3419] gs_usb 2-1:0.0: Couldn't get device config: (err=-110)
[  267.336906][ T3419] gs_usb 2-1:0.0: probe with driver gs_usb failed with error -110
[  267.399826][ T5909] gs_usb 1-1:0.0: Couldn't get device config: (err=-110)
[  267.406960][ T5909] gs_usb 1-1:0.0: probe with driver gs_usb failed with error -110
[  268.769834][ T5909] usb 4-1: new full-speed USB device number 16 using dummy_hcd
[  268.987673][ T5909] usb 4-1: config 0 has an invalid interface number: 1 but max is 0
[  269.034394][ T5909] usb 4-1: config 0 has no interface number 0
[  269.082757][ T5909] usb 4-1: New USB device found, idVendor=0b48, idProduct=1005, bcdDevice=8c.1e
[  269.137338][ T5909] usb 4-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  269.258508][   T12] IPVS: Schedule: port zero only supported in persistent services, check your ipvs configuration
[  269.344442][ T5909] usb 4-1: config 0 descriptor??
[  269.387447][ T5909] usb 4-1: selecting invalid altsetting 1
[  269.418435][ T5909] dvb_ttusb_budget: ttusb_init_controller: error
[  269.458024][ T5909] dvbdev: DVB: registering new adapter (Technotrend/Hauppauge Nova-USB)
[  269.592181][ T7553] ip6t_REJECT: TCP_RESET illegal for non-tcp
[  270.270480][ T5909] DVB: Unable to find symbol cx22700_attach()
[  270.475995][ T5909] DVB: Unable to find symbol tda10046_attach()
[  270.500678][ T5909] dvb_ttusb_budget: no frontend driver found for device [0b48:1005]
[  270.539211][ T5909] usb 4-1: USB disconnect, device number 16
[  271.008140][  T927] usb 2-1: USB disconnect, device number 6
[  271.015299][ T5909] usb 1-1: USB disconnect, device number 12
[  271.800130][ T7317] IPVS: Schedule: port zero only supported in persistent services, check your ipvs configuration
[  272.693395][ T7609] netlink: 'syz.1.446': attribute type 10 has an invalid length.
[  273.241004][ T7611] random: crng reseeded on system resumption
[  273.323047][ T7610] qnx6: wrong signature (magic) at position (0x2000) - will try alternative position (0x0000).
[  273.348762][ T7610] qnx6: wrong signature (magic) in superblock #1.
[  273.368129][ T7610] qnx6: unable to read the first superblock
[  273.721319][ T5922] usb 1-1: new full-speed USB device number 13 using dummy_hcd
[  273.902174][ T5922] usb 1-1: config 0 has an invalid interface number: 93 but max is 0
[  273.932140][ T5922] usb 1-1: config 0 has no interface number 0
[  273.962470][ T5922] usb 1-1: New USB device found, idVendor=10b8, idProduct=1bb4, bcdDevice=34.65
[  273.981020][ T5922] usb 1-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  273.999643][ T5922] usb 1-1: Product: syz
[  274.012132][ T5922] usb 1-1: Manufacturer: syz
[  274.030371][ T5922] usb 1-1: SerialNumber: syz
[  274.052929][ T5922] usb 1-1: config 0 descriptor??
[  274.282781][ T5922] dvb-usb: found a 'DiBcom TFE7090PVR reference design' in warm state.
[  274.332595][ T5922] dvb-usb: will use the device's hardware PID filter (table count: 32).
[  274.357688][ T5922] dvbdev: DVB: registering new adapter (DiBcom TFE7090PVR reference design)
[  274.374780][ T5922] usb 1-1: media controller created
[  274.388771][ T5922] dvbdev: dvb_create_media_entity: media entity 'dvb-demux' registered.
[  274.430219][ T5896] usb 2-1: new full-speed USB device number 7 using dummy_hcd
[  274.479613][    T9] usb 4-1: new high-speed USB device number 17 using dummy_hcd
[  274.514650][ T5922] DVB: Unable to find symbol dib7000p_attach()
[  274.524352][ T5922] dvb-usb: no frontend was attached by 'DiBcom TFE7090PVR reference design'
[  274.537702][ T5922] dvb-usb: will use the device's hardware PID filter (table count: 32).
[  274.555139][ T5922] dvbdev: DVB: registering new adapter (DiBcom TFE7090PVR reference design)
[  274.565641][ T5922] usb 1-1: media controller created
[  274.579820][ T5922] dvbdev: dvb_create_media_entity: media entity 'dvb-demux' registered.
[  274.605822][ T5922] dib0700: the master dib7090 has to be initialized first
[  274.613910][ T5922] dvb-usb: no frontend was attached by 'DiBcom TFE7090PVR reference design'
[  274.629906][ T5896] usb 2-1: config 0 has an invalid interface number: 1 but max is 0
[  274.638165][ T5896] usb 2-1: config 0 has no interface number 0
[  274.649912][    T9] usb 4-1: Using ep0 maxpacket: 8
[  274.665626][ T5896] usb 2-1: New USB device found, idVendor=0b48, idProduct=1005, bcdDevice=8c.1e
[  274.679547][    T9] usb 4-1: config 0 has 1 interface, different from the descriptor's value: 13
[  274.679596][ T5896] usb 2-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  274.724676][    T9] usb 4-1: New USB device found, idVendor=046d, idProduct=08ae, bcdDevice=11.58
[  274.752256][    T9] usb 4-1: New USB device strings: Mfr=241, Product=1, SerialNumber=3
[  274.753247][ T5896] usb 2-1: config 0 descriptor??
[  274.789817][    T9] usb 4-1: Product: syz
[  274.799193][    T9] usb 4-1: Manufacturer: syz
[  274.816107][    T9] usb 4-1: SerialNumber: syz
[  274.816465][ T5896] usb 2-1: selecting invalid altsetting 1
[  274.828211][    T9] usb 4-1: config 0 descriptor??
[  274.838485][ T5896] dvb_ttusb_budget: ttusb_init_controller: error
[  274.844929][ T5922] rc_core: IR keymap rc-dib0700-rc5 not found
[  274.844975][ T5922] Registered IR keymap rc-empty
[  274.846167][ T5922] dvb-usb: could not initialize remote control.
[  274.846180][ T5922] dvb-usb: DiBcom TFE7090PVR reference design successfully initialized and connected.
[  274.850150][ T7634] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy
[  274.877306][ T5896] dvbdev: DVB: registering new adapter (Technotrend/Hauppauge Nova-USB)
[  274.940998][ T7634] misc raw-gadget: fail, usb_gadget_register_driver returned -16
[  274.953094][    T9] gspca_main: gspca_zc3xx-2.14.0 probing 046d:08ae
[  275.001252][ T7627] ------------[ cut here ]------------
[  275.007109][ T7627] usb 1-1: BOGUS control dir, pipe 80000d80 doesn't match bRequestType c0
[  275.016695][ T7627] WARNING: CPU: 1 PID: 7627 at drivers/usb/core/urb.c:413 usb_submit_urb+0x115d/0x1890
[  275.026484][ T7627] Modules linked in:
[  275.030645][ T7627] CPU: 1 UID: 0 PID: 7627 Comm: syz.1.452 Not tainted 6.16.0-syzkaller #0 PREEMPT(full) 
[  275.040758][ T7627] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 07/12/2025
[  275.050866][ T7627] RIP: 0010:usb_submit_urb+0x115d/0x1890
[  275.054168][ T7638] ip6t_REJECT: TCP_RESET illegal for non-tcp
[  275.057115][ T7627] Code: 0f b6 44 05 00 84 c0 0f 85 10 06 00 00 45 0f b6 04 24 48 c7 c7 20 5c 33 8c 48 8b 74 24 10 4c 89 fa 44 89 f1 e8 14 47 6b fa 90 <0f> 0b 90 90 49 bd 00 00 00 00 00 fc ff df e9 e0 f3 ff ff 89 e9 80
[  275.082664][ T7627] RSP: 0018:ffffc90003c3f850 EFLAGS: 00010246
[  275.088876][ T7627] RAX: e59ce2b71fec6400 RBX: ffff88802f807500 RCX: 0000000000080000
[  275.097200][ T7627] RDX: ffffc9000bec9000 RSI: 000000000000408a RDI: 000000000000408b
[  275.105322][ T7627] RBP: 1ffff11005b69f14 R08: 0000000000000003 R09: 0000000000000004
[  275.113365][ T7627] R10: dffffc0000000000 R11: fffffbfff1bfaa6c R12: ffff88802db4f8a0
[  275.121424][ T7627] R13: dffffc0000000000 R14: 0000000080000d80 R15: ffff88802db4fca0
[  275.129543][ T7627] FS:  00007fb38a6d86c0(0000) GS:ffff888125d57000(0000) knlGS:0000000000000000
[  275.138502][ T7627] CS:  0010 DS: 0000 ES: 0000 CR0: 0000000080050033
[  275.145143][ T7627] CR2: 00007f03bc868548 CR3: 00000000348ec000 CR4: 00000000003526f0
[  275.153407][ T7627] Call Trace:
[  275.157509][ T7627]  <TASK>
[  275.160549][ T7627]  usb_start_wait_urb+0x114/0x4c0
[  275.165631][ T7627]  ? __pfx_usb_start_wait_urb+0x10/0x10
[  275.171360][ T7627]  usb_control_msg+0x232/0x3e0
[  275.176198][ T7627]  dib0700_i2c_xfer+0xba7/0xf70
[  275.181491][ T7627]  __i2c_transfer+0x874/0x2170
[  275.186320][ T7627]  ? lockdep_hardirqs_on+0x9c/0x150
[  275.191634][ T7627]  ? __pfx___i2c_transfer+0x10/0x10
[  275.196968][ T7627]  ? rt_mutex_lock_nested+0x15e/0x1e0
[  275.202459][ T7627]  ? i2c_transfer+0x11d/0x3a0
[  275.207188][ T7627]  i2c_transfer+0x25b/0x3a0
[  275.212395][ T7627]  ? __pfx_i2c_transfer+0x10/0x10
[  275.217455][ T7627]  ? _copy_from_user+0x94/0xb0
[  275.222296][ T7627]  i2cdev_ioctl_rdwr+0x460/0x740
[  275.227260][ T7627]  i2cdev_ioctl+0x64b/0x7f0
[  275.231829][ T7627]  ? __pfx_i2cdev_ioctl+0x10/0x10
[  275.236883][ T7627]  ? __fget_files+0x3a0/0x420
[  275.241725][ T7627]  ? __fget_files+0x2a/0x420
[  275.246383][ T7627]  ? bpf_lsm_file_ioctl+0x9/0x20
[  275.251498][ T7627]  ? __pfx_i2cdev_ioctl+0x10/0x10
[  275.256912][ T7627]  __se_sys_ioctl+0xfc/0x170
[  275.261658][ T7627]  do_syscall_64+0xfa/0x3b0
[  275.266171][ T7627]  ? lockdep_hardirqs_on+0x9c/0x150
[  275.271509][ T7627]  ? entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  275.277632][ T7627]  ? clear_bhb_loop+0x60/0xb0
[  275.282400][ T7627]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  275.288415][ T7627] RIP: 0033:0x7fb38978ebe9
[  275.293135][ T7627] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[  275.312955][ T7627] RSP: 002b:00007fb38a6d8038 EFLAGS: 00000246 ORIG_RAX: 0000000000000010
[  275.322212][ T7627] RAX: ffffffffffffffda RBX: 00007fb3899b5fa0 RCX: 00007fb38978ebe9
[  275.330342][ T7627] RDX: 0000200000000a40 RSI: 0000000000000707 RDI: 0000000000000004
[  275.338361][ T7627] RBP: 00007fb389811e19 R08: 0000000000000000 R09: 0000000000000000
[  275.346581][ T7627] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000
[  275.354738][ T7627] R13: 00007fb3899b6038 R14: 00007fb3899b5fa0 R15: 00007ffe5d06ce18
[  275.363356][ T7627]  </TASK>
[  275.366403][ T7627] Kernel panic - not syncing: kernel: panic_on_warn set ...
[  275.374088][ T7627] CPU: 1 UID: 0 PID: 7627 Comm: syz.1.452 Not tainted 6.16.0-syzkaller #0 PREEMPT(full) 
[  275.383938][ T7627] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 07/12/2025
[  275.394207][ T7627] Call Trace:
[  275.397528][ T7627]  <TASK>
[  275.400488][ T7627]  dump_stack_lvl+0x99/0x250
[  275.405136][ T7627]  ? __asan_memcpy+0x40/0x70
[  275.409865][ T7627]  ? __pfx_dump_stack_lvl+0x10/0x10
[  275.415110][ T7627]  ? __pfx__printk+0x10/0x10
[  275.419875][ T7627]  panic+0x2db/0x790
[  275.423981][ T7627]  ? __pfx_panic+0x10/0x10
[  275.428446][ T7627]  __warn+0x31b/0x4b0
[  275.432452][ T7627]  ? usb_submit_urb+0x115d/0x1890
[  275.437503][ T7627]  ? usb_submit_urb+0x115d/0x1890
[  275.442922][ T7627]  report_bug+0x2be/0x4f0
[  275.447304][ T7627]  ? usb_submit_urb+0x115d/0x1890
[  275.452583][ T7627]  ? usb_submit_urb+0x115d/0x1890
[  275.457747][ T7627]  ? usb_submit_urb+0x115f/0x1890
[  275.462922][ T7627]  handle_bug+0x84/0x160
[  275.467206][ T7627]  exc_invalid_op+0x1a/0x50
[  275.471920][ T7627]  asm_exc_invalid_op+0x1a/0x20
[  275.476873][ T7627] RIP: 0010:usb_submit_urb+0x115d/0x1890
[  275.482615][ T7627] Code: 0f b6 44 05 00 84 c0 0f 85 10 06 00 00 45 0f b6 04 24 48 c7 c7 20 5c 33 8c 48 8b 74 24 10 4c 89 fa 44 89 f1 e8 14 47 6b fa 90 <0f> 0b 90 90 49 bd 00 00 00 00 00 fc ff df e9 e0 f3 ff ff 89 e9 80
[  275.502424][ T7627] RSP: 0018:ffffc90003c3f850 EFLAGS: 00010246
[  275.508619][ T7627] RAX: e59ce2b71fec6400 RBX: ffff88802f807500 RCX: 0000000000080000
[  275.516618][ T7627] RDX: ffffc9000bec9000 RSI: 000000000000408a RDI: 000000000000408b
[  275.524619][ T7627] RBP: 1ffff11005b69f14 R08: 0000000000000003 R09: 0000000000000004
[  275.532653][ T7627] R10: dffffc0000000000 R11: fffffbfff1bfaa6c R12: ffff88802db4f8a0
[  275.540824][ T7627] R13: dffffc0000000000 R14: 0000000080000d80 R15: ffff88802db4fca0
[  275.548854][ T7627]  usb_start_wait_urb+0x114/0x4c0
[  275.553970][ T7627]  ? __pfx_usb_start_wait_urb+0x10/0x10
[  275.560048][ T7627]  usb_control_msg+0x232/0x3e0
[  275.564964][ T7627]  dib0700_i2c_xfer+0xba7/0xf70
[  275.569984][ T7627]  __i2c_transfer+0x874/0x2170
[  275.574771][ T7627]  ? lockdep_hardirqs_on+0x9c/0x150
[  275.580043][ T7627]  ? __pfx___i2c_transfer+0x10/0x10
[  275.585380][ T7627]  ? rt_mutex_lock_nested+0x15e/0x1e0
[  275.590807][ T7627]  ? i2c_transfer+0x11d/0x3a0
[  275.595634][ T7627]  i2c_transfer+0x25b/0x3a0
[  275.600404][ T7627]  ? __pfx_i2c_transfer+0x10/0x10
[  275.606079][ T7627]  ? _copy_from_user+0x94/0xb0
[  275.611131][ T7627]  i2cdev_ioctl_rdwr+0x460/0x740
[  275.616204][ T7627]  i2cdev_ioctl+0x64b/0x7f0
[  275.620762][ T7627]  ? __pfx_i2cdev_ioctl+0x10/0x10
[  275.625833][ T7627]  ? __fget_files+0x3a0/0x420
[  275.630542][ T7627]  ? __fget_files+0x2a/0x420
[  275.635158][ T7627]  ? bpf_lsm_file_ioctl+0x9/0x20
[  275.640134][ T7627]  ? __pfx_i2cdev_ioctl+0x10/0x10
[  275.645293][ T7627]  __se_sys_ioctl+0xfc/0x170
[  275.649935][ T7627]  do_syscall_64+0xfa/0x3b0
[  275.654499][ T7627]  ? lockdep_hardirqs_on+0x9c/0x150
[  275.659981][ T7627]  ? entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  275.666068][ T7627]  ? clear_bhb_loop+0x60/0xb0
[  275.670789][ T7627]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  275.676778][ T7627] RIP: 0033:0x7fb38978ebe9
[  275.681244][ T7627] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[  275.701045][ T7627] RSP: 002b:00007fb38a6d8038 EFLAGS: 00000246 ORIG_RAX: 0000000000000010
[  275.709698][ T7627] RAX: ffffffffffffffda RBX: 00007fb3899b5fa0 RCX: 00007fb38978ebe9
[  275.717881][ T7627] RDX: 0000200000000a40 RSI: 0000000000000707 RDI: 0000000000000004
[  275.726271][ T7627] RBP: 00007fb389811e19 R08: 0000000000000000 R09: 0000000000000000
[  275.734359][ T7627] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000
[  275.742364][ T7627] R13: 00007fb3899b6038 R14: 00007fb3899b5fa0 R15: 00007ffe5d06ce18
[  275.756225][ T7627]  </TASK>
[  275.759565][ T7627] Kernel Offset: disabled
[  275.763923][ T7627] Rebooting in 86400 seconds..