last executing test programs:

5m40.394233669s ago: executing program 2 (id=125):
r0 = syz_open_dev$dri(&(0x7f0000000000), 0x0, 0x0)
r1 = openat$sndseq(0xffffffffffffff9c, &(0x7f0000000000), 0x101041)
r2 = socket$can_raw(0x1d, 0x3, 0x1)
ioctl$ifreq_SIOCGIFINDEX_vcan(r2, 0x8933, &(0x7f0000000000)={'vcan0\x00', <r3=>0x0})
bind$can_raw(r2, &(0x7f0000000080)={0x1d, r3}, 0x10)
setsockopt$CAN_RAW_FILTER(r2, 0x65, 0x1, &(0x7f0000000140)=[{{0x4, 0x0, 0x1}, {0x4, 0x0, 0x0, 0x1}}, {{0x4, 0x0, 0x1}, {0x3, 0x1, 0x0, 0x1}}], 0x10)
unshare(0x12000480)
bind$can_raw(r2, &(0x7f0000000040), 0x10)
openat$sequencer(0xffffffffffffff9c, &(0x7f0000000200), 0x0, 0x0)
write$sndseq(r1, &(0x7f0000000340)=[{0x8, 0x1, 0x81, 0xf8, @tick=0x2, {0xee, 0x5}, {0x38, 0x80}, @time=@tick=0x8}, {0x5, 0x9, 0x5, 0x52, @tick=0x8, {0xb, 0xa1}, {0x2, 0x9}, @ext={0x1d, &(0x7f00000002c0)="72dfae2710c5c8a071e3e104293212fe4ebd45f235eeb20d51fbc91a21"}}], 0x38)
r4 = socket$can_j1939(0x1d, 0x2, 0x7)
bind$can_j1939(r4, &(0x7f0000000100), 0x18)
ioctl$DRM_IOCTL_MODE_CREATE_DUMB(r0, 0xc02064b2, &(0x7f0000000040)={0x7, 0x6576, 0xd, 0x0, <r5=>0x0})
mmap(&(0x7f0000001000/0x4000)=nil, 0x4000, 0x4, 0x11, r0, 0x100000000)
ioctl$DRM_IOCTL_ADD_CTX(r0, 0xc0086420, &(0x7f0000000080)={<r6=>0x0})
ioctl$DRM_IOCTL_DMA(0xffffffffffffffff, 0xc0406429, &(0x7f0000000280)={r6, 0x3, &(0x7f00000000c0)=[0x9, 0x5c72476a, 0x8], &(0x7f0000000180)=[0x800000, 0x6, 0xcacf, 0xb], 0x0, 0x3, 0x6, &(0x7f00000001c0)=[0x5, 0x6, 0x803], &(0x7f0000000240)=[0x9, 0x5, 0x8, 0x1, 0x3]})
r7 = openat$rnullb(0xffffffffffffff9c, &(0x7f0000000140), 0x88980, 0x0)
r8 = syz_open_procfs(0x0, &(0x7f0000001340)='coredump_filter\x00')
write$binfmt_script(r8, 0x0, 0x0)
ioctl$DRM_IOCTL_MODE_DESTROY_DUMB(r0, 0xc00464b4, &(0x7f0000000200)={r5})
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0x300000a, 0x22052, r7, 0x5708e000)

5m40.078313547s ago: executing program 2 (id=126):
r0 = openat$rnullb(0xffffffffffffff9c, &(0x7f0000001140), 0xa00, 0x0)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0x3000004, 0x20011, r0, 0xf648d000)
madvise(&(0x7f00002a7000/0x1000)=nil, 0x1000, 0x2)
r1 = socket$xdp(0x2c, 0x3, 0x0)
setsockopt$XDP_UMEM_COMPLETION_RING(r1, 0x11b, 0x6, &(0x7f00000002c0), 0x4)
mlock(&(0x7f0000000000/0x800000)=nil, 0x800000)

5m39.723730352s ago: executing program 2 (id=131):
ioprio_set$pid(0x1, 0x0, 0x2007)
r0 = openat$audio(0xffffffffffffff9c, &(0x7f0000000180), 0x109842, 0x0)
ioctl$SNDCTL_DSP_SETFMT(r0, 0xc0045005, &(0x7f00000001c0)=0x2000)
r1 = socket$unix(0x1, 0x5, 0x0)
openat$rnullb(0xffffffffffffff9c, &(0x7f0000001140), 0xa00, 0x0)
madvise(&(0x7f0000000000/0x600000)=nil, 0x600003, 0x19)
r2 = userfaultfd(0x80001)
ioctl$UFFDIO_API(r2, 0xc018aa3f, &(0x7f0000000000)={0xaa, 0x72c})
ioctl$UFFDIO_REGISTER(r2, 0xc020aa00, &(0x7f0000000180)={{&(0x7f0000000000/0xc00000)=nil, 0xc00000}, 0x3})
mremap(&(0x7f0000000000/0x9000)=nil, 0x600600, 0x200000, 0x3, &(0x7f0000a00000/0x600000)=nil)
r3 = socket$nl_generic(0x10, 0x3, 0x10)
r4 = syz_genetlink_get_family_id$ethtool(&(0x7f0000000040), 0xffffffffffffffff)
sendmsg$ETHTOOL_MSG_CHANNELS_SET(r3, &(0x7f0000000140)={0x0, 0x0, &(0x7f00000014c0)={&(0x7f0000000500)={0x34, r4, 0x0, 0x800000, 0x25dfdbfd, {}, [@ETHTOOL_A_CHANNELS_RX_COUNT={0x8, 0x6, 0x78}, @ETHTOOL_A_CHANNELS_HEADER={0x18, 0x1, 0x0, 0x1, [@ETHTOOL_A_HEADER_DEV_NAME={0x14, 0x2, 'bond_slave_1\x00'}]}]}, 0x34}, 0x1, 0x0, 0x0, 0x20008040}, 0x48810)
r5 = socket$can_bcm(0x1d, 0x2, 0x2)
ioctl$ifreq_SIOCGIFINDEX_vcan(r5, 0x8933, &(0x7f0000000100)={'vcan0\x00', <r6=>0x0})
connect$can_bcm(r5, &(0x7f00000000c0)={0x1d, r6}, 0x10)
sendmsg$can_bcm(r5, &(0x7f0000000200)={0x0, 0x0, &(0x7f0000000040)={&(0x7f0000000580)=ANY=[@ANYBLOB="0100000003ece1e40ad8871461ab0800", @ANYRES64=r1, @ANYRES64=0x0, @ANYRES64=0x0, @ANYRES64=r1, @ANYBLOB="3bf81bb9f9"], 0x20000600}, 0x1, 0x0, 0x0, 0x4000}, 0x0)
r7 = openat$rnullb(0xffffffffffffff9c, &(0x7f0000001140), 0x145342, 0x0)
sendfile(r7, r7, 0x0, 0x7ffff000)

5m37.192240662s ago: executing program 2 (id=137):
r0 = syz_open_dev$sndctrl(&(0x7f0000000080), 0x0, 0x0)
ioctl$SNDRV_CTL_IOCTL_HWDEP_INFO(r0, 0xc0045520, &(0x7f0000001680)=""/20)
mkdir(&(0x7f0000000440)='./file1\x00', 0x0)
mount(0x0, &(0x7f0000000240)='./file1\x00', &(0x7f0000000000)='tmpfs\x00', 0x0, &(0x7f0000000300)='usrquota')
chdir(&(0x7f0000000140)='./file1\x00')
r1 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000040)='net_prio.prioidx\x00', 0x275a, 0x0)
quotactl_fd$Q_SETQUOTA(r1, 0xffffffff80000800, 0x0, &(0x7f0000000280)={0xf7ffffffffffff81, 0x5b7d, 0xffffffff, 0xa27, 0x2, 0x140000000000000, 0x80000000004, 0x0, 0x3fe})
mkdir(&(0x7f0000000080)='./file1\x00', 0x58)
creat(&(0x7f0000000080)='./file0\x00', 0xac)
r2 = socket$nl_generic(0x10, 0x3, 0x10)
r3 = syz_genetlink_get_family_id$devlink(&(0x7f0000000040), 0xffffffffffffffff)
sendmsg$DEVLINK_CMD_PORT_GET(r2, &(0x7f0000000480)={0x0, 0x0, &(0x7f0000000440)={&(0x7f0000000240)=ANY=[@ANYBLOB='<\x00\x00\x00', @ANYRES16=r3, @ANYBLOB="010027bd700000000000490000000e0001026e65746465767373696d3000000800030002000000"], 0x3c}}, 0x24004000)
r4 = socket$inet6(0x2d, 0x3, 0x401)
r5 = socket$l2tp(0x2, 0x2, 0x73)
getsockname$inet(r5, 0x0, &(0x7f0000000080))
syz_clone(0x600, 0x0, 0x33, 0x0, 0x0, 0x0)
r6 = memfd_create(&(0x7f0000000280)='\x00\x00\x00\x00\x00\x00z\x9b\xb6\xe8t;\xfc\x02\x00\x00\x009\xa0\x8b\x14d\xa2\xa1\xa8!\xe8\xd1\xa0\x8a\xce0\x1c\xb7\xf1\xccm\xce\xd4\xdb\x89\xe5\x8f\xe2\xb6\xd6\x9cF\xbd\xff\x14\x05\x00\x00\x00\x00\x00\x00\x00\xf3\xdc\x91\'\x06\\8\r\xfc\xeeG\xbe\x90C\x1c)5\x98\xa3\xfa\a\xf9\x98\xbb}\xeb\x86P=\xe51\x9d,\xb7\xe6_M\xbe\x19\xea#\xff[\xd1\xc3\x9a\xa3\x1b\xf9\xe9\x1d \xce1\xc9\x9f\xb0\x14\xc2\xeb\xf9\xceE\xad\xa4\x92\f\xef\x87g\xb6\xabW\xac\rP\xf42\xb7\xc8\xaajn\xd7\n\r\x802\xd7\x1b$\x95tO*\xf4\xae\xb8\xb8m\xbf\r\xd5\xbf*\xfd\xc7\x85\x1b\x8b\xe5\x97j`c\xe0\x88?\xda\x8a#t>r\xae\xe8\xc9)', 0x0)
execveat(r6, &(0x7f0000000000)='\x00', 0x0, 0x0, 0x1000)
r7 = syz_open_dev$video(&(0x7f0000001180), 0xd, 0x800)
ioctl$VIDIOC_S_FMT(r7, 0xc0d05605, &(0x7f0000000240)={0xa, @sliced={0x2, [0xff96, 0x401, 0x8, 0x3, 0x7, 0x6, 0x1000, 0xc3c, 0x0, 0x5, 0x3, 0x9, 0xfff8, 0x9, 0x8ca7, 0x8, 0x0, 0x100, 0x1, 0x9, 0x6, 0xfff, 0x101, 0x2, 0xff53, 0x80, 0x9, 0xffff, 0x9, 0x100, 0x101, 0x1, 0x9, 0x8dcf, 0x10, 0x34, 0x401, 0xda6b, 0x9, 0x7f, 0x4, 0x1, 0x6, 0x93, 0x0, 0x0, 0x34, 0x2], 0x9}})
ioctl$sock_inet_SIOCGIFDSTADDR(r4, 0x8917, 0x0)
r8 = openat$rnullb(0xffffffffffffff9c, &(0x7f0000000140), 0x90d80, 0x0)
r9 = socket$xdp(0x2c, 0x3, 0x0)
getsockopt$XDP_STATISTICS(r9, 0x11b, 0x7, &(0x7f0000000440), &(0x7f0000000480)=0x30)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0x300000a, 0x22052, r8, 0x5708e000)
r10 = socket$can_j1939(0x1d, 0x2, 0x7)
setsockopt(r10, 0x6b, 0x7f, 0x0, 0x0)
prctl$PR_SET_MM_EXE_FILE(0x23, 0xd, r8)
syz_open_dev$sndctrl(&(0x7f0000000100), 0x5, 0x0)

5m36.693500648s ago: executing program 2 (id=140):
r0 = openat$rnullb(0xffffffffffffff9c, &(0x7f0000000080), 0x0, 0x0)
syz_usb_connect$uac1(0x2, 0xb2, &(0x7f0000000740)=ANY=[@ANYBLOB="12010003000000106b1d01014000010203010902a000030156c0020904000000010100000a24010101bb02010211240601040507000a00080003000200050524050e0f0f2406020504020002000a000900040a240402010600a7ce790924060502010610000924030303030505f5"], &(0x7f0000000480)={0x0, 0x0, 0x0, 0x0})
r1 = syz_open_dev$vim2m(&(0x7f00000002c0), 0x2000000f5, 0x2)
process_mrelease(0xffffffffffffffff, 0x0)
ioctl$vim2m_VIDIOC_S_CTRL(r1, 0xc008561c, &(0x7f0000000400)={0xa00965, 0x2})
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={<r2=>0xffffffffffffffff})
fstat(r2, &(0x7f00000000c0)={0x0, 0x0, 0x0, 0x0, <r3=>0x0})
setreuid(0x0, r3)
r4 = socket(0x26, 0x5, 0x7)
ioctl$sock_SIOCETHTOOL(r4, 0x89fe, &(0x7f0000000340)={'bridge0\x00', &(0x7f0000000000)=@ethtool_coalesce={0xf, 0x0, 0x200, 0x2, 0x7, 0x9, 0x0, 0x5, 0x9, 0x2, 0xca1, 0x8, 0x1, 0x6, 0xff, 0x9, 0x3, 0x7, 0x7, 0xb, 0x64, 0x1000, 0xc}})
mmap$IORING_OFF_SQ_RING(&(0x7f0000400000/0xc00000)=nil, 0xc00000, 0xb, 0x59032, 0xffffffffffffffff, 0x0)
mmap$xdp(&(0x7f0000800000/0x800000)=nil, 0x800000, 0x0, 0xa031, 0xffffffffffffffff, 0x0)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0x3000001, 0x22052, r0, 0x2000)

5m36.259141887s ago: executing program 2 (id=146):
unlinkat$binderfs_device(0xffffffffffffff9c, &(0x7f0000000000)='./binderfs2/custom1\x00')
syz_emit_vhci(&(0x7f0000000040)=ANY=[@ANYBLOB="043e1a22"], 0x1d)
fadvise64(0xffffffffffffffff, 0x92, 0x5, 0x2)
mmap(&(0x7f0000696000/0x3000)=nil, 0x3000, 0x0, 0x30, 0xffffffffffffffff, 0x93772000)

5m36.138352589s ago: executing program 32 (id=146):
unlinkat$binderfs_device(0xffffffffffffff9c, &(0x7f0000000000)='./binderfs2/custom1\x00')
syz_emit_vhci(&(0x7f0000000040)=ANY=[@ANYBLOB="043e1a22"], 0x1d)
fadvise64(0xffffffffffffffff, 0x92, 0x5, 0x2)
mmap(&(0x7f0000696000/0x3000)=nil, 0x3000, 0x0, 0x30, 0xffffffffffffffff, 0x93772000)

3m53.875584376s ago: executing program 4 (id=855):
r0 = socket$inet6_sctp(0xa, 0x1, 0x84)
setsockopt$inet_sctp6_SCTP_NODELAY(r0, 0x84, 0x3, &(0x7f0000000000)=0x6, 0x4)
r1 = socket$nl_generic(0x10, 0x3, 0x10)
r2 = syz_genetlink_get_family_id$tipc(&(0x7f0000000080), 0xffffffffffffffff)
sendmsg$TIPC_CMD_GET_MAX_PORTS(r1, &(0x7f0000000140)={&(0x7f0000000040)={0x10, 0x0, 0x0, 0x4000}, 0xc, &(0x7f0000000100)={&(0x7f00000000c0)={0x1c, r2, 0x2, 0x70bd25, 0x25dfdbfb, {}, ["", ""]}, 0x1c}, 0x1, 0x0, 0x0, 0x4000010}, 0x400c4)
r3 = socket$nl_generic(0x10, 0x3, 0x10)
r4 = syz_genetlink_get_family_id$tipc(&(0x7f00000001c0), r1)
sendmsg$TIPC_CMD_SHOW_STATS(r3, &(0x7f0000000280)={&(0x7f0000000180)={0x10, 0x0, 0x0, 0x80000000}, 0xc, &(0x7f0000000240)={&(0x7f0000000200)={0x1c, r4, 0x400, 0x70bd28, 0x25dfdbfd}, 0x1c}, 0x1, 0x0, 0x0, 0x800}, 0x4)
r5 = openat$null(0xffffffffffffff9c, &(0x7f00000002c0), 0x200000, 0x0)
pread64(r3, &(0x7f0000000300)=""/4096, 0x1000, 0x4)
r6 = socket$nl_generic(0x10, 0x3, 0x10)
sendmsg$L2TP_CMD_TUNNEL_GET(r6, &(0x7f00000013c0)={&(0x7f0000001300)={0x10, 0x0, 0x0, 0x200000}, 0xc, &(0x7f0000001380)={&(0x7f0000001340)={0x24, 0x0, 0x4, 0x70bd2b, 0x25dfdbfb, {}, [@L2TP_ATTR_DEBUG={0x8, 0x11, 0x1}, @L2TP_ATTR_CONN_ID={0x8, 0x9, 0x1}]}, 0x24}, 0x1, 0x0, 0x0, 0x24048000}, 0x40)
r7 = socket(0x8, 0x0, 0x7)
sendmsg$TIPC_CMD_SHOW_LINK_STATS(r1, &(0x7f00000014c0)={&(0x7f0000001400)={0x10, 0x0, 0x0, 0x2000}, 0xc, &(0x7f0000001480)={&(0x7f0000001440)={0x28, r4, 0x400, 0x70bd25, 0x25dfdbfe, {{}, {}, {0xc, 0x14, 'syz1\x00'}}, ["", "", ""]}, 0x28}, 0x1, 0x0, 0x0, 0x20000800}, 0x4000000)
sendmsg$NFNL_MSG_CTHELPER_NEW(r5, &(0x7f0000001640)={&(0x7f0000001500)={0x10, 0x0, 0x0, 0x1}, 0xc, &(0x7f0000001600)={&(0x7f0000001540)={0x90, 0x0, 0x9, 0x201, 0x0, 0x0, {0x1, 0x0, 0x3}, [@NFCTH_TUPLE={0x44, 0x2, [@CTA_TUPLE_ZONE={0x6, 0x3, 0x1, 0x0, 0x1}, @CTA_TUPLE_PROTO={0xc, 0x2, 0x0, 0x1, {0x5, 0x1, 0x6}}, @CTA_TUPLE_IP={0x2c, 0x1, 0x0, 0x1, @ipv6={{0x14, 0x3, @private0}, {0x14, 0x4, @local}}}]}, @NFCTH_STATUS={0x8}, @NFCTH_QUEUE_NUM={0x8, 0x3, 0x1, 0x0, 0x3}, @NFCTH_POLICY={0xc, 0x4, 0x0, 0x1, {0x8, 0x1, 0x1, 0x0, 0x9}}, @NFCTH_PRIV_DATA_LEN={0x8, 0x5, 0x1, 0x0, 0xd}, @NFCTH_PRIV_DATA_LEN={0x8, 0x5, 0x1, 0x0, 0x13}, @NFCTH_POLICY={0xc, 0x4, 0x0, 0x1, {0x8, 0x1, 0x1, 0x0, 0xa3}}]}, 0x90}, 0x1, 0x0, 0x0, 0x20000040}, 0x0)
setsockopt$inet6_IPV6_HOPOPTS(0xffffffffffffffff, 0x29, 0x36, &(0x7f0000001680)={0x2c, 0x36, '\x00', [@pad1, @generic={0xca, 0xe3, "affa2cc1a67bcb888f3c49732a3d00cc8e7f310d03fc760c06719fbe8769af3c4c3c830d9825841919e0f2c8b6d11bba8ce1a9041d606c9e84ea9fe819f96806a24691eef08f212327426484d40316c33f97c2759f238d822b31caeae2ef4e8b7903e0ab585eb16331fe4032fe56f40971d823c25dc3930f85a2bf7ac388f0895843db0c6442c85e2f453276e139a72c205fa5f537def7b066d0b568885b53da004bcb1df29ec3eb8b494fcab3590e2aabd91777af46b430614e81d76f5620b77446a5618b64d9e3384ee0db730c23186330fdd4c10f2fe7725140ee8456929141bb96"}, @calipso={0x7, 0x20, {0x3, 0x6, 0x1, 0x3ff, [0x798, 0x778, 0xfffffffffffffffe]}}, @generic={0x9b, 0x8f, "3b0251724a47264c591ab192db5905a20dc46f1186530845fa114e07c0c8e37f0878961918611dca1c70151f1c06c888aefc44ff81e1d82588941b4a74e3c7e12e5bc6786358b175cdd2509c6aafb8d89ecf42817774aef0fb76e7f9db3be742b9e2c0daad9df0a21c5be93c7760b8f37480f4051f6369f7473a0c413df5a214075261e362ee8688605c85cef0b8c6"}, @hao={0xc9, 0x10, @mcast1}, @enc_lim={0x4, 0x1, 0xfd}]}, 0x1b8)
r8 = socket$nl_generic(0x10, 0x3, 0x10)
r9 = syz_genetlink_get_family_id$ethtool(&(0x7f0000001880), r5)
ioctl$ifreq_SIOCGIFINDEX_vcan(r7, 0x8933, &(0x7f00000018c0)={'vxcan0\x00', <r10=>0x0})
sendmsg$ETHTOOL_MSG_COALESCE_SET(r8, &(0x7f00000019c0)={&(0x7f0000001840)={0x10, 0x0, 0x0, 0x40000000}, 0xc, &(0x7f0000001980)={&(0x7f0000001900)={0x7c, r9, 0x4, 0x70bd29, 0x25dfdbfc, {}, [@ETHTOOL_A_COALESCE_RX_MAX_FRAMES_LOW={0x8, 0xf, 0x1}, @ETHTOOL_A_COALESCE_RATE_SAMPLE_INTERVAL={0x8, 0x17, 0x8}, @ETHTOOL_A_COALESCE_RX_USECS_HIGH={0x8, 0x13, 0x5}, @ETHTOOL_A_COALESCE_USE_ADAPTIVE_TX={0x5, 0xc, 0x1}, @ETHTOOL_A_COALESCE_TX_USECS_IRQ={0x8, 0x8, 0xefd}, @ETHTOOL_A_COALESCE_TX_MAX_FRAMES_HIGH={0x8, 0x16, 0x8}, @ETHTOOL_A_COALESCE_HEADER={0x28, 0x1, 0x0, 0x1, [@ETHTOOL_A_HEADER_DEV_NAME={0x14, 0x2, 'veth1_to_batadv\x00'}, @ETHTOOL_A_HEADER_FLAGS={0x8, 0x3, 0x3}, @ETHTOOL_A_HEADER_DEV_INDEX={0x8, 0x1, r10}]}, @ETHTOOL_A_COALESCE_STATS_BLOCK_USECS={0x8, 0xa, 0x8}, @ETHTOOL_A_COALESCE_USE_CQE_MODE_RX={0x5, 0x19, 0x1}]}, 0x7c}, 0x1, 0x0, 0x0, 0x4004001}, 0x2000)
r11 = syz_genetlink_get_family_id$nl80211(&(0x7f0000001a40), r7)
sendmsg$NL80211_CMD_JOIN_MESH(r5, &(0x7f0000001c80)={&(0x7f0000001a00)={0x10, 0x0, 0x0, 0x40}, 0xc, &(0x7f0000001c40)={&(0x7f0000001a80)={0x184, r11, 0x800, 0x70bd29, 0x25dfdbfb, {{}, {@val={0x8}, @val={0xc, 0x99, {0x5, 0x1a}}}}, [@NL80211_ATTR_TX_RATES={0x148, 0x5a, 0x0, 0x1, [@NL80211_BAND_5GHZ={0xc, 0x1, 0x0, 0x1, [@NL80211_TXRATE_GI={0x5}]}, @NL80211_BAND_5GHZ={0x90, 0x1, 0x0, 0x1, [@NL80211_TXRATE_HE_LTF={0x5, 0x7, 0x1}, @NL80211_TXRATE_HT={0x4a, 0x2, [{0x3, 0x2}, {0x0, 0xa}, {0x0, 0x2}, {0x5, 0x1}, {0x5, 0x7}, {0x0, 0x8}, {0x2, 0x9}, {0x4, 0x6}, {0x2, 0x2}, {0x5, 0x6}, {0x1, 0x6}, {0x6, 0x3}, {0x7}, {0x1, 0x15}, {0x6, 0xa}, {0x1, 0x2}, {0x1, 0x7}, {0x7, 0x3}, {0x0, 0x3}, {0x0, 0x4}, {0x4, 0x9}, {0x3, 0x2}, {0x5, 0x2}, {0x6, 0x1}, {0x4, 0x4}, {0x2, 0x4}, {0x5, 0x7}, {0x1, 0x4}, {0x2, 0x9}, {0x0, 0x6}, {0x5, 0x6}, {0x2, 0x8}, {0x5, 0x2}, {0x0, 0x6}, {0x7, 0x8}, {0x6, 0x3}, {0x6, 0x6}, {0x6, 0x7}, {0x4, 0x8}, {0x0, 0x8}, {0x2, 0x8}, {0x3}, {0x7, 0x4}, {0x3, 0x6}, {0x0, 0x8}, {}, {0x4, 0x3}, {0x6, 0x4}, {0x0, 0x7}, {0x3, 0x1}, {0x5, 0x5}, {0x1, 0x8}, {0x1, 0x6}, {0x7, 0x3}, {0x3, 0xa}, {0x7, 0x1}, {0x4, 0x7}, {0x2, 0xa}, {0x2, 0x8}, {0x1, 0x3}, {0x1, 0x3}, {0x3}, {0x1, 0x4}, {0x0, 0x7}, {0x6, 0x8}, {0x5, 0x7}, {0x2, 0x4}, {0x3, 0x4}, {0x6, 0x8}, {0x7, 0x6}]}, @NL80211_TXRATE_HE_GI={0x5, 0x6, 0x1}, @NL80211_TXRATE_HE={0x14, 0x5, {[0x84cd, 0xae1, 0x6, 0x1, 0xa700, 0x1, 0x1000, 0x9]}}, @NL80211_TXRATE_HE_GI={0x5}, @NL80211_TXRATE_VHT={0x14, 0x3, {[0x9, 0x0, 0x9, 0x81, 0x8, 0x10, 0xfff8, 0x9]}}]}, @NL80211_BAND_2GHZ={0x18, 0x0, 0x0, 0x1, [@NL80211_TXRATE_LEGACY={0x7, 0x1, [0x6c, 0x30, 0x5]}, @NL80211_TXRATE_LEGACY={0xc, 0x1, [0x1, 0x18, 0x9, 0x4, 0xb, 0x1, 0x24, 0x15]}]}, @NL80211_BAND_2GHZ={0x28, 0x0, 0x0, 0x1, [@NL80211_TXRATE_LEGACY={0xf, 0x1, [0x3, 0x1, 0x0, 0x1, 0x24, 0x2, 0x8, 0x36, 0x2, 0x7, 0x48]}, @NL80211_TXRATE_VHT={0x14, 0x3, {[0x7, 0x7fff, 0x2, 0xd, 0x1, 0xd836, 0x2, 0x4]}}]}, @NL80211_BAND_2GHZ={0x68, 0x0, 0x0, 0x1, [@NL80211_TXRATE_HT={0x51, 0x2, [{0x3, 0x7}, {0x1, 0xa}, {0x5, 0x8}, {0x6, 0x2}, {0x1, 0x4}, {0x1}, {0x1, 0x5}, {0x1, 0x1}, {0x7, 0x6}, {0x3, 0x9}, {0x7, 0x5}, {0x5, 0x1}, {0x0, 0x4}, {0x7, 0x4}, {0x7, 0x2}, {0x1, 0x5}, {0x6, 0x6}, {0x5}, {0x6, 0x1}, {0x0, 0x4}, {0x5}, {0x1, 0xa}, {0x6, 0x4}, {0x0, 0x3}, {0x4, 0x3}, {0x7, 0x5}, {0x0, 0x6}, {0x7, 0x3}, {0x0, 0x7}, {0x2, 0x8}, {0x6, 0x8}, {0x0, 0x4}, {0x1, 0x9}, {0x0, 0x5}, {0x4, 0x3}, {0x2, 0x1}, {0x2, 0x5}, {0x3, 0x7}, {0x3, 0x9}, {0x7, 0x4}, {0x7, 0x6}, {0x3, 0x8}, {0x3, 0x6}, {0x1, 0x3}, {0x4, 0x3}, {0x7, 0x9}, {0x7, 0x3}, {0x2, 0x7}, {0x2, 0x8}, {0x1, 0x1}, {0x1, 0xa}, {0x2, 0x1}, {0x3, 0x7}, {0x6, 0x7}, {0x7, 0x8}, {0x3, 0x2}, {0x4, 0x3}, {0x3, 0x5}, {0x1, 0x3}, {0x0, 0x5}, {0x4, 0x6}, {0x7, 0x8}, {0x2, 0x3}, {0x3, 0x2}, {0x1, 0x9}, {0x0, 0x6}, {0x5, 0x1}, {0x0, 0x4}, {0x7, 0xa}, {0x1, 0x6}, {0x4, 0x2}, {0x1, 0x6}, {0x4, 0x6}, {0x2, 0x6}, {0x3}, {0x7, 0x8}, {0x1, 0x2}]}, @NL80211_TXRATE_HE_GI={0x5, 0x6, 0x2}, @NL80211_TXRATE_GI={0x5}]}]}, @NL80211_ATTR_BSS_BASIC_RATES={0x10, 0x24, [{0x3}, {0x5, 0x1}, {0x5e, 0x1}, {0x2}, {0xb}, {0x4}, {0x30, 0x1}, {0xc}, {0x48}, {0x6, 0x1}, {0x5, 0x1}, {0x4, 0x1}]}, @NL80211_ATTR_SOCKET_OWNER={0x4}]}, 0x184}, 0x1, 0x0, 0x0, 0x4000000}, 0x44894)
syz_genetlink_get_family_id$SEG6(&(0x7f0000001cc0), r1)
openat$sw_sync(0xffffffffffffff9c, 0xfffffffffffffffe, 0x200000, 0x0)
ioctl$UFFDIO_API(r5, 0xc018aa3f, &(0x7f0000001d00)={0xaa, 0x2})
r12 = fcntl$dupfd(r7, 0x0, r0)
write$cgroup_subtree(r12, &(0x7f0000001d40)={[{0x2b, 'net'}, {0x2d, 'devices'}, {0x2d, 'net_cls'}]}, 0x17)
r13 = socket$inet6_udp(0xa, 0x2, 0x0)
setsockopt$inet6_IPV6_RTHDR(r13, 0x29, 0x39, &(0x7f0000001d80)={0x2b, 0xe, 0x1, 0x5, 0x0, [@mcast1, @rand_addr=' \x01\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x02', @rand_addr=' \x01\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x01', @local, @empty, @initdev={0xfe, 0x88, '\x00', 0x0, 0x0}, @mcast2]}, 0x78)
sendmsg$NL80211_CMD_UPDATE_OWE_INFO(r5, &(0x7f0000001f00)={&(0x7f0000001e00)={0x10, 0x0, 0x0, 0x8000000}, 0xc, &(0x7f0000001ec0)={&(0x7f0000001e40)={0x54, r11, 0x200, 0x70bd28, 0x25dfdbfb, {{}, {@void, @val={0xc, 0x99, {0x0, 0x52}}}}, [@NL80211_ATTR_MAC={0xa}, @NL80211_ATTR_IE={0x26, 0x2a, [@sec_chan_ofs={0x3e, 0x1, 0x1}, @challenge={0x10, 0x1, 0x67}, @link_id={0x65, 0x12, {@initial, @device_a, @broadcast}}, @mesh_chsw={0x76, 0x6, {0xb, 0x0, 0x24, 0x9}}]}]}, 0x54}, 0x1, 0x0, 0x0, 0x4000040}, 0x20000000)

3m53.852444603s ago: executing program 4 (id=857):
r0 = openat$comedi(0xffffffffffffff9c, 0x0, 0x400, 0x0)
r1 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000140), 0x181040, 0x0)
r2 = ioctl$KVM_CREATE_VM(r1, 0xae01, 0x0)
r3 = ioctl$KVM_CREATE_VCPU(r2, 0xae41, 0x0)
ioctl$KVM_SET_MSRS(r3, 0x4008ae89, &(0x7f0000000280)=ANY=[@ANYBLOB="010000000000000000000000000038c5384490afe8c52dc7ef9de17eb08145e53eef592f782cbc3d0e511c07a852cefc5c94d5669c735470efc43c62e19dec286a40d20a86a5105bebd981f86f0bea890ca01c3ac11939bb5dffa83c4a80f31a5f8e99ef657b514a3691b1"])
sendmsg$NFULNL_MSG_CONFIG(0xffffffffffffffff, &(0x7f00000005c0)={0x0, 0x0, &(0x7f00000001c0)={&(0x7f00000000c0)=ANY=[], 0x4c}, 0x1, 0x0, 0x0, 0x2400c050}, 0x20004004)
sendmsg$kcm(0xffffffffffffffff, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000080)=[{&(0x7f0000000040)="c01803001d000b20d25a80648c2594f90124fc60100c030002180000053582c1", 0x20}], 0x1, 0x0, 0x0, 0x4000}, 0x3500000000000000)
r4 = socket$nl_generic(0x10, 0x3, 0x10)
sendmsg$nl_generic(r4, &(0x7f0000000100)={0x0, 0x0, &(0x7f0000000180)={&(0x7f0000000300)=ANY=[@ANYRESDEC=r0, @ANYRES16, @ANYRESOCT=r3, @ANYRESOCT=r0, @ANYRESHEX=0x0], 0x34}, 0x1, 0x0, 0x0, 0x8800}, 0x40000084)
close_range(0xffffffffffffffff, 0xffffffffffffffff, 0x0)
r5 = openat$rnullb(0xffffffffffffff9c, &(0x7f0000001140), 0x60a00, 0x0)
r6 = socket(0xa, 0x3, 0x3a)
setsockopt$MRT6_FLUSH(r6, 0x29, 0xd4, &(0x7f0000000140)=0xc, 0x4)
socket(0x2c, 0x3, 0x4)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xf411119ed8bebbb9, 0x20011, r5, 0x52fbe000)
syz_genetlink_get_family_id$nl802154(&(0x7f0000007e00), 0xffffffffffffffff)
ioctl$KVM_CAP_DIRTY_LOG_RING_ACQ_REL(0xffffffffffffffff, 0x4068aea3, 0x0)
r7 = openat$kvm(0xffffffffffffff9c, 0x0, 0x2a0082, 0x0)
ioctl$KVM_CREATE_VM(r7, 0xae01, 0xfffffffffffffffe)
madvise(&(0x7f0000000000/0xc00000)=nil, 0xc00000, 0x1)
r8 = socket$inet6_sctp(0xa, 0x1, 0x84)
sendto$inet6(r8, &(0x7f0000847fff)='X', 0x1, 0x2004050, &(0x7f000005ffe4)={0xa, 0x4e23, 0x628, @loopback, 0xffffffdf}, 0x1c)
ioctl$int_out(r8, 0x2, &(0x7f0000000000))
madvise(&(0x7f0000000000/0x800000)=nil, 0x800000, 0xe)
sigaltstack(0x0, 0x0)
r9 = socket$nl_generic(0x10, 0x3, 0x10)
r10 = syz_genetlink_get_family_id$tipc2(&(0x7f0000000080), 0xffffffffffffffff)
sendmsg$TIPC_NL_PEER_REMOVE(r9, &(0x7f0000000980)={0x0, 0x0, &(0x7f0000000940)={&(0x7f0000000240)=ANY=[@ANYBLOB="06000000", @ANYRES16=r10, @ANYBLOB="39020000000000000000140000000c0007800800020006000000"], 0x20}}, 0x0)
mmap(&(0x7f0000000000/0xc00000)=nil, 0xc00000, 0x2000002, 0x42073, 0xffffffffffffffff, 0xaba00000)
mremap(&(0x7f0000ceb000/0x2000)=nil, 0x2000, 0x800000, 0x3, &(0x7f0000130000/0x800000)=nil)

3m53.64489035s ago: executing program 4 (id=861):
mount(&(0x7f0000000080)=@rnullb, &(0x7f0000000040)='./cgroup\x00', &(0x7f0000000100)='erofs\x00', 0x200004, 0x0)
r0 = syz_open_dev$tty1(0xc, 0x4, 0x3)
r1 = dup(r0)
write$UHID_INPUT(r1, &(0x7f0000001040)={0xe, {"a2e3ad21ed0d52f90b9b500987f70e06d038e7ff7fc6e5539b324b298b089b0708346d090890e0878f0e1ac6e7049b334a959bfc9a240d2567f3988f7ef319520100ffe8d1780700523c921b1b9b31070d075d0936cd3b78130daa61f94b61404d64aec1b77f07227227b7ba67e0e78657a6f5c2a874e62a9ccdc0d31a0c9f318c0da1993bd160e233df4a62179c6f30e065cd5b91cd0ae193973735b36d5b1b63dd1c00305d3f46635eb056d5b1dda98e2d749be7bd1df1fb3b231fdcdb5075a9aaa1b469c3090000000000000075271b286329d169934288fd789aa37d6e98b224fd44b65b31334ffc55cc82cd3ac32ecdb08ced6f9081b4dd0d8b38f3cd4498be0800000000000000f6b76383709d8f5c55432a909fda039aec54a1236e80f6a8abadea7662496bddbb42be6bfb2f17959d1f416e56c71b1931870262f5e801119242ca026bfc821e7e7daf2451138e645bb80c617669314e2fbe70de98ec76a9e40dad47f36fd9f7d0d42a4b5f1185ccdcf16ff46295d8a0fa17713c5802630933a9a34af674f3f39fe23491237c088215ec110911e893d0a8c4f677747abc360934b82910ff85bfd995083bba2987a67399eac427d145d546a40b9f6f44ae15a7e454dea05918b41243513f000000000000000a3621c56cea8d208001349b41db6efcffac64f17679141d54b34bbc9963ac4f4bb3309603f1d4ab966203861b5b15a841f2b575a8bd0d78248ebe4d9a80002695104f674c2431dca141fae269cab70e9a66f3c3a9a63e9639e1f59c0ec126c6b5d74b078a5e15c31634e5ae098ce9ee70771aaa18119a867e1088334975e9f73483b6a62fa678ca14ffd9f9db2a7869d85864056526f889af43a6056080572286522449df466c632b3570243f989cce3803f465e41e610c20d80421d653a5520000008213b704c7fb082ff27590678ef9f190bae97909507041d860420c5664b27921b14dc1db8892fd32d0ad7bc946813591ad8deff4b05f60cea0da7710ac0000000000008000bea37ce0d0d4aa202f928f28381aab144a5d429a04a6a2b8247068ae949ed06e288e810bac9c76600025e19c907f8ea2e2010000008271a1f5f8528f227e79c1389dbdfffe492f21579d2a15b8c70cdb1c332d86d87341432750861ec2bc3451edca194b221cfec4603d276bbaa1dfa6d4fb8a48a76eafc9a9a0270e4c10d64cd5a62427264f2377fe763c43470833ac96c45f357cbbaba8f1b1fdcc7cbb61a7cdb9744ed7f9129aede2be21ccfdc4e9134f8684b3a4f354da9a795e96334e207dff70f1988037b2ed3aaf575c0b88d8f146684078416d59fdee53259289d12dad99dac44c3f0008047096a44002bebc2420aed92fa9b6578b4779415d97b9a6d6d5495c1980778efa5ea567b7b7430acc4c24eeb8bc4e9ac2aed9e53803ed0ca4ae3a0700d214060005ea6f1783e287b3bee96e3a726eafe2fdfaa78d1f48c13b64df07847754b8440daaa69bf5c8f4350aeae9ca1207e76061b28f27da19acc7e658828163e2d25c4aa348561f927e88f63aa70e73a5e69b3df3495903f06572e1e007fa55a2999f596d067312f5779e8dbfdcf3427138f3d444d2639a10477f9bec4b0bbb6e3c04be68981f392203dd0ee3ef478e16dacfc5e3e03cf7ab8e3902f1b0ff034ef655b253ca509383815b1b6fc6522d4e4fdc11a48cf42d48604675fde2b94cf00500a2690891abf8ab9c015073014d9e08d4338b8780bdecd436cf0541359bafffa45237f104b96210403b2de9efed496f42355bc7872c827467cfa5c4e72730d56bd068ed211c7847535edecb7b373f78b095b68441a34cb51682a8ae4d24ad0465f3927f889b813076038e79a7962fb385a882e8020f06c4c2ba1dd5cac7c18876da865d258734dd73583df292892448039ef799cf0630becdcce04579b5561dc825ab829827945e020c1f67ee615feb6243378e0610060f02cca4e91b2f001edb3d78fb4b55668dda93aec92a5de203717aa49c2d284acfabe262fccfcbb2b75a2183c46eb65ca8104e1b4da7fbb77ab2fc043aead87c32ab875ee7c2e7b7019c982cd3b43eaeb1a5fb135c0c7dcee8fe6516a328032f88c042891824659e9e94265c803b35ee5f83a2b210520106b8a358b50ab7a1fa89af9c251fe5294b3d1802d5676d95f160ec97b1ad94872cb2044642c37b4a6cc6c04effc1672db7e4b68d787d9a7a508ae54b3cd7369dde50e8c77d95a3d361c040babb171607caac2a3559ad4f75465f49c0d0ae3716db6e00cb11db4a5fade2a57c10238e204a67737c3b42aae501b20f7694a00f16e2d0174035a2c22656dc29880acebdbe8ddbd75c2f998d8ac2dfad2ba3a504767b6b45a45957f24d758ed024b3849c11d412a2a03b4047497022d9c30e23ef4df5c89644f48bb536f7945b59d7beddff754413d135273ea8e75f22f216c6b9990ae71806f2c00b4025c48b75c0f73cdb9a7b8fa367b50028067e7f16f4dd569d462f4f19eacdb3ed70eeebb4483f8fd777d443e8b40426db6fe29068c0ca3d2414442e8f3a154704b0e51bc664a137b26be719f4f7c9a5678a674dfc95df80b9ce375dd649c8c704e509bd88c8e63d8c7dd67071115c8982ba46af4d6adcc9f68a75b9397b035153faf46366e7205dd8d6f37525c1a0e94610dd94323f6c15d085197149bfd6655548cfd9c5409711937f79abb1a124f1210465483cd3b2d78378cfb85ed82e7da0f6eb6d279f2ae455925d0f6f1ba571eba281f2a654fb39ddff3b484439ff158e7c5419e037f3e3ad038f2211f1033195563c7f93cd54b9094f226e781171e1e5a2a2c10712eab625d64931cd4ffe6738d97b9b5ef828ee9fb059fc01af0e79c1e14b1d25988c69a399567c1d93768f7971d31488b8658a20878b7c1dd7ba02fc42939dde3d4a3339a65d507dc59c51097b40517705da56e9ebf0afa53282bf86dbb58c548069ff6eb95aade7cc66d7bbef724779ca1f731b3346ff177050373d79ff7b3e7f9bc0c1b4b266a8878b90baaa039d3e3b63979ac3df6e6f4859afd50238c7547a39b60810938044ae185d2ba3e00a4e73676864ae090d81eaee5ee6cf1d0ab378dd4dd891e937c2ea5410e0513005000000000000003911fab964c271550027697b52160687461602f88df165d884b36ec2b6c25a2f33c715687e9d4afb96d6861aca47da73d6f3144345f48843dd014e5c5ad8fe995754bd9cf32fce1e24919c4b2082fb0a30b9deae84bed4b28045634073c9c58c89d9e99c81769177c6d594f88a4facfd4c735a20307c737afae5136651b1b906ce2d60399473296b831dbd933d93994ba3064279b10ea0c5833f41f157ea2302993dbe433b1aa3a3766d5439020484f4113c4c859465c3b415c3432f81db8719539d5bf3f2aaaea1cc43a6c5cbe59758bfee2916580dac4b008e595f437491d87abed02cefcd9db53d94d02dae17b118e5d6787463183b4b87c1050000002f7809959bc048850613d17ca51055f2f416a44fe180d2d50c312cca7cb14a2bdc331f57a9817139a206fc76957227ffff2de20a4b8e3737fbb42913777c06376f799eba367e21f94ca598705f5dcb767d6f0900d6b0f6095e53c4c4234d0c1fbe434f6ab8f43c0013ee93b83946ee7759e89d7bdd1a32d7b311711b757fe43c06d21a35810d8fe98b27faea8aa12bc8716eefc5c97c45ac33eeec964c5214bc3a9359bdea1cccab94f15e36319cb34ebcacedb82c2ed3de5a8a8f0011e8f74e82d7f96093530e76692839d7961939adfdeeeaff19d11efcafb6d546fef271e89d6cc2389e81ff58cefcce3fbf4625a7e7de40e42e07b34449e15e065cc7348663a52190202c7ae288a4510de03dab19d26285eda89156d50dd385a60333ba5bbf5d77cd7007ad1519ad5470de3dd6d6080cafccf8a97406bb6b68a1f0c4549820a73c880f475f00000000000000000000b7807fb33b72685ec37a2d3f766413a60459516246e5a1d998a2017aef0948a68cf255315ab80dd349e891aef595dc4d470e8ac32a308e15fc37d06aeac289d8523f483e1ff7408c6087f1ab652f2ef91d4f2b01987b0f46da034e5c3f745a7ee8101a3934c54e24b48ec0275e2d0687dc746b0827cbf652f406c6b95f2722e58c05f752ce2126596e1cd7655b904801784c78e2724f43f1fe687c7e8a60c28b82b6528341b648cdd56fed7cdcbb1575912d5ecd36dea3bca0b7427d53588a0f9455e8f8d2ab2242729251ae033a9e02210e62df0546a74b333a1c48f95fd54acb5741259e8c5488efeee327415cc19451432c6f14c27693102a3cd84857cd6586fc5ca9a93eb0145fac0662ff86107f998a8ef7df8aa14046c55b03d3d47f88a8d60f7774a2ee08758897fb411a94b3c2fc5d5f0db42c0456ec015f08e5247d33ae2d35603ff8454c16f8342856935125102bb784ed7148b6ce431b63ee356b0c785f2f47b90e29389f22fc5b59a70efaea2bd40195af4486220d664130bfc43c10ec23ea6283994a7dde4dcb61fea6b651fb1d62458d0741a12830052fcc460db043afe525629b40d7cee458e4cb5e930ed624806c43a006e39336d07c2b8081c128ad2706f48261f7899484c297a1a6613bc18f5a38d442768af38041efe03d152ef95ff569e7c7b2391f4509d7f339d92fdb4a89364949da398000000000000000d80a4fe654578376e599aff3565b1d531f30912b9945030b81ea9935fd46edb44a78f615255490a4b621501f2a9e4d24624c4dac9274118c67584f5d374755534d7f68f679c4ff516a9c861a0e7e65868fcb2bf1cb9aea4e05df72279fdb0d2b9e935c5af3cf474bed79dfc248c1f5aea4b8b32c5d295e57079d0fe662a46b7f71cd47744db86c50b704c971d90295c7b2c7439a2d78ccfa79b5fc2bff6bbf840262bf89394b3e0691953264d2700c838fa2c7b3425260f59554e502dcea39cb313b0000000000004ca7c12f45858d6284ca6270d6b2f0e58fded8a7b4a302a97bc641df06720ba2b26bbfcc807c8aabb1b44322269c21c5ec68cb068ea88067d905ea917bb03eefdaebdeabf2d0dce80997c915c8949de992587c2cb5fe36d7d3e5db38b094b8b77940b5f07722e47a08d367e5f84c96ec664b72934b99b3109af65d77e86abd6859cddf4bbae1f0930462df15fddbc48562ea3511a8065ef028cf12f14dcf6ea4cd8d884836174faf1aa609e5f1ee1162dfa13bdc1fa7cfaadba85c72e9758f031755d0be53f8d2a1dfb1c68cc164b0a0780d971a96ea2c4d4ca0398c2235980a9307b3d5bd3b01faffd0a5dbed2881a9700af561ac8c7e36bb2fc4c40e9cf96f06817fb903729a7db6ff957697c9ede7885d94ffb0969be0daf60af93109eb24ee72e4363f51af62af6fb2a6df3bec89822a7a0b678058fa3fef86faec216eb6992162f8dcbf719c148cd2f9c55f4901203a9a8a2c3e90f3943dbc10360a1a49700d1dfbf66d69f6fbaf506c8bcce8bb0d872a02238926407a4eddd5d0fc5a752f9000", 0x1040}}, 0x1006)
r2 = socket$nl_generic(0x10, 0x3, 0x10)
r3 = syz_genetlink_get_family_id$ethtool(&(0x7f0000000080), r2)
r4 = socket$inet_udp(0x2, 0x2, 0x0)
ioctl$sock_SIOCGIFINDEX(r4, 0x8933, &(0x7f00000004c0)={'syz_tun\x00', <r5=>0x0})
sendmsg$ETHTOOL_MSG_LINKMODES_SET(r2, &(0x7f0000000200)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000300)={0x34, r3, 0x1, 0x70bd26, 0x25dfdbff, {}, [@ETHTOOL_A_LINKMODES_HEADER={0xc, 0x1, 0x0, 0x1, [@ETHTOOL_A_HEADER_DEV_INDEX={0x8, 0x1, r5}]}, @ETHTOOL_A_LINKMODES_OURS={0x14, 0x3, 0x0, 0x1, [@ETHTOOL_A_BITSET_BITS={0x10, 0x3, 0x0, 0x1, [{0xc, 0x1, 0x0, 0x1, [@ETHTOOL_A_BITSET_BIT_INDEX={0x8, 0x1, 0x1}]}]}]}]}, 0x34}, 0x1, 0x0, 0x0, 0x2400c054}, 0x4044014)
r6 = open_tree(0xffffffffffffffff, &(0x7f0000000000)='./cgroup\x00', 0x0)
ioctl$AUTOFS_DEV_IOCTL_OPENMOUNT(r1, 0xc0189374, &(0x7f00000000c0)={{0x1, 0x1, 0x18, r6, {0x50000000}}, './cgroup\x00'})

3m53.543891565s ago: executing program 4 (id=862):
mkdirat(0xffffffffffffff9c, &(0x7f0000002040)='./file0\x00', 0x0)
mount$bind(&(0x7f00000002c0)='.\x00', &(0x7f0000000200)='./file0/../file0\x00', 0x0, 0x101091, 0x0)
mount$bind(0x0, &(0x7f00000005c0)='./file0\x00', 0x0, 0x100000, 0x0)
mount$bind(&(0x7f0000000000)='.\x00', &(0x7f0000000200)='./file0/../file0\x00', 0x0, 0x101097, 0x0)
r0 = open_tree(0xffffffffffffff9c, &(0x7f0000000640)='\x00', 0x89901)
move_mount(r0, &(0x7f0000000140)='.\x00', 0xffffffffffffff9c, &(0x7f0000000340)='./file0\x00', 0x260)
arch_prctl$ARCH_GET_XCOMP_PERM(0x1022, &(0x7f0000000080))
r1 = openat$rnullb(0xffffffffffffff9c, &(0x7f0000000040), 0x0, 0x0)
r2 = socket$netlink(0x10, 0x3, 0x0)
sendmsg$nl_generic(r2, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000440)=ANY=[@ANYBLOB="200000004a000100000000000000000000000000040001800000000000000000"], 0x20}}, 0x0)
madvise(&(0x7f0000ffc000/0x1000)=nil, 0x1000, 0x15)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0x3000003, 0x22052, r1, 0xa4717000)

3m53.382437098s ago: executing program 4 (id=863):
mount(&(0x7f0000000000)=@rnullb, &(0x7f00000000c0)='./cgroup\x00', &(0x7f0000000040)='gfs2\x00', 0x208002, 0x0)
mount$overlay(0x0, &(0x7f0000000580)='.\x00', &(0x7f00000005c0), 0x0, &(0x7f0000000000)={[{@upperdir, 0x5c}]}) (async)
mount$overlay(0x0, &(0x7f0000000580)='.\x00', &(0x7f00000005c0), 0x0, &(0x7f0000000000)={[{@upperdir, 0x5c}]})
chmod(&(0x7f0000000180)='./cgroup/../file0\x00', 0x24)
socket$nl_generic(0x10, 0x3, 0x10) (async)
r0 = socket$nl_generic(0x10, 0x3, 0x10)
io_setup(0x2, &(0x7f0000000200)=<r1=>0x0)
r2 = openat$ipvs(0xffffffffffffff9c, &(0x7f0000000080)='/proc/sys/net/ipv4/vs/nat_icmp_send\x00', 0x2, 0x0)
mount$tmpfs(0x0, &(0x7f00000001c0)='./cgroup/../file0\x00', &(0x7f0000000600), 0x40, &(0x7f0000000640)={[{@huge_never}, {@huge_advise}, {@quota}, {@grpquota_inode_hardlimit={'grpquota_inode_hardlimit', 0x3d, [0x36]}}, {@grpquota_inode_hardlimit={'grpquota_inode_hardlimit', 0x3d, [0x6d]}}, {@mpol={'mpol', 0x3d, {'default', '=relative', @val={0x3a, [0x38]}}}}, {@size={'size', 0x3d, [0x25, 0x74, 0x46, 0x6c, 0x38, 0x65]}}], [{@rootcontext={'rootcontext', 0x3d, 'staff_u'}}, {@dont_appraise}]}) (async)
mount$tmpfs(0x0, &(0x7f00000001c0)='./cgroup/../file0\x00', &(0x7f0000000600), 0x40, &(0x7f0000000640)={[{@huge_never}, {@huge_advise}, {@quota}, {@grpquota_inode_hardlimit={'grpquota_inode_hardlimit', 0x3d, [0x36]}}, {@grpquota_inode_hardlimit={'grpquota_inode_hardlimit', 0x3d, [0x6d]}}, {@mpol={'mpol', 0x3d, {'default', '=relative', @val={0x3a, [0x38]}}}}, {@size={'size', 0x3d, [0x25, 0x74, 0x46, 0x6c, 0x38, 0x65]}}], [{@rootcontext={'rootcontext', 0x3d, 'staff_u'}}, {@dont_appraise}]})
pwritev2(r2, &(0x7f0000000040)=[{&(0x7f00000000c0)='T', 0x1}], 0x1, 0x0, 0x0, 0x36)
ioctl$sock_SIOCETHTOOL(r0, 0x8946, &(0x7f0000000140)={'veth1_to_team\x00', &(0x7f00000002c0)=@ethtool_rxnfc={0x30, 0x12, 0xfffffffffffffffd, {0xc, @tcp_ip4_spec={@dev={0xac, 0x14, 0x14, 0x12}, @rand_addr=0x64010102, 0x4e22, 0x4e23}, {0x0, @random="8898dc48d21f", 0x203, 0x1, [0x12000]}, @tcp_ip6_spec={@initdev={0xfe, 0x88, '\x00', 0x0, 0x0}, @private1, 0x4e22, 0x4e21, 0x4}, {0x0, @link_local={0x1, 0x80, 0xc2, 0x0, 0x0, 0x2}, 0x8, 0xf, [0x0, 0x1000]}, 0xda, 0xb24}, 0x7, [0xfffffffc, 0xa9, 0xb, 0x7, 0xe0df, 0x29, 0x80000001]}})
io_submit(r1, 0x3, &(0x7f0000000500)=[&(0x7f0000000280)={0x0, 0x0, 0x0, 0x0, 0x6, r0, 0x0, 0x0, 0x8a, 0x0, 0x3}, &(0x7f0000000540)={0x0, 0x0, 0x0, 0x1, 0xb, r0, &(0x7f00000003c0)="adc018bdc606163105f460e12d292a0190cbba79ee0d96226ac95b92686c916e911eb5466f05bed0fe0928e7d27d7fc7a94c6c0f5fcf67bb938c28083cd92f8d77ee561055022f9449b452126074eb885222bcea44730b7de9db0b02150bddd277716491b9e571dd475c86a962f9f4", 0x6f, 0x6, 0x0, 0x2}, &(0x7f0000000240)={0x0, 0x0, 0x0, 0x6, 0x3, r2, &(0x7f0000000440)="4aacc1f55b8c3a5a469857ade564a023c59b3c16a39d71dbeb05faea612f724fd4b6d4bc050a55e8b576d33efc8f46ae2305924633ba76b2f573a59e39eea56b12e499966a88b5f9b3c36b0d12ce547a217f4af88d5c87f5db52b56946898b58ac016396e3936dc17070c70559f00fca003eff23331f5d246efbe8c6c235e5b0a58c74962bdda7", 0x87, 0x2000000000000dd, 0x0, 0x2}])
chroot(&(0x7f0000000100)='./cgroup\x00')

3m53.176709599s ago: executing program 4 (id=864):
r0 = openat$tcp_mem(0xffffffffffffff9c, &(0x7f0000000080)='/proc/sys/net/ipv4/tcp_wmem\x00', 0x1, 0x0)
syz_open_dev$media(&(0x7f0000000980), 0x3, 0x0)
r1 = socket$inet6(0xa, 0x3, 0x3c)
r2 = socket$nl_netfilter(0x10, 0x3, 0xc)
writev(0xffffffffffffffff, &(0x7f0000000400)=[{&(0x7f00000000c0)="5fa1cc6475604fc77e0ce3f7125b35d9060da80bbb8d5985dfa34fdba59faf7671723318fffc7bb6e42dcac65ab15bdd30a6c8461cc5dc69178e1697e18cd2c6a0bb", 0x42}], 0x1)
sendmsg$NFT_BATCH(r2, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000080)={&(0x7f0000000240)=ANY=[@ANYBLOB="140000001000010000000000000000000500000a28000000000a030000000000000000000a00000708000240000000020900010073797a31000000002c000000030a010100000000000000000a0000070900010073797a31000000000900030073797a320000000014000000110001"], 0x7c}, 0x1, 0x0, 0x0, 0x4000}, 0x0)
sendmsg$NFT_BATCH(r2, &(0x7f0000009b40)={0x0, 0x0, &(0x7f0000009b00)={&(0x7f0000002100)=ANY=[@ANYBLOB="140000001000010000000000000000000500000a5c000000090a010400000000000000000a0000040900010073797a310000000008000540000000040900020073797a310000000008000a40fffffffc200011800e000100636f6e6e6c696d69740000000c00028008000140fffff27414000000110001"], 0x84}, 0x1, 0x0, 0x0, 0x4000850}, 0x40)
connect$inet6(r1, &(0x7f0000000000)={0xa, 0x4000, 0x0, @remote, 0x5}, 0x1c)
writev(r1, &(0x7f00000000c0)=[{&(0x7f0000000100)=',', 0xffdf}], 0x1)
madvise(&(0x7f0000000000/0x600000)=nil, 0x600000, 0x8)
madvise(&(0x7f0000000000/0x600000)=nil, 0x600000, 0x8)
write$tcp_mem(r0, &(0x7f0000000100)={0x4c, 0x20, 0x78, 0x20, 0xa03}, 0x48)
mount(&(0x7f0000000000)=@loop={'/dev/loop', 0x0}, &(0x7f00000000c0)='./cgroup\x00', &(0x7f0000000040)='squashfs\x00', 0xa82002, 0x0)

3m53.084770165s ago: executing program 33 (id=864):
r0 = openat$tcp_mem(0xffffffffffffff9c, &(0x7f0000000080)='/proc/sys/net/ipv4/tcp_wmem\x00', 0x1, 0x0)
syz_open_dev$media(&(0x7f0000000980), 0x3, 0x0)
r1 = socket$inet6(0xa, 0x3, 0x3c)
r2 = socket$nl_netfilter(0x10, 0x3, 0xc)
writev(0xffffffffffffffff, &(0x7f0000000400)=[{&(0x7f00000000c0)="5fa1cc6475604fc77e0ce3f7125b35d9060da80bbb8d5985dfa34fdba59faf7671723318fffc7bb6e42dcac65ab15bdd30a6c8461cc5dc69178e1697e18cd2c6a0bb", 0x42}], 0x1)
sendmsg$NFT_BATCH(r2, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000080)={&(0x7f0000000240)=ANY=[@ANYBLOB="140000001000010000000000000000000500000a28000000000a030000000000000000000a00000708000240000000020900010073797a31000000002c000000030a010100000000000000000a0000070900010073797a31000000000900030073797a320000000014000000110001"], 0x7c}, 0x1, 0x0, 0x0, 0x4000}, 0x0)
sendmsg$NFT_BATCH(r2, &(0x7f0000009b40)={0x0, 0x0, &(0x7f0000009b00)={&(0x7f0000002100)=ANY=[@ANYBLOB="140000001000010000000000000000000500000a5c000000090a010400000000000000000a0000040900010073797a310000000008000540000000040900020073797a310000000008000a40fffffffc200011800e000100636f6e6e6c696d69740000000c00028008000140fffff27414000000110001"], 0x84}, 0x1, 0x0, 0x0, 0x4000850}, 0x40)
connect$inet6(r1, &(0x7f0000000000)={0xa, 0x4000, 0x0, @remote, 0x5}, 0x1c)
writev(r1, &(0x7f00000000c0)=[{&(0x7f0000000100)=',', 0xffdf}], 0x1)
madvise(&(0x7f0000000000/0x600000)=nil, 0x600000, 0x8)
madvise(&(0x7f0000000000/0x600000)=nil, 0x600000, 0x8)
write$tcp_mem(r0, &(0x7f0000000100)={0x4c, 0x20, 0x78, 0x20, 0xa03}, 0x48)
mount(&(0x7f0000000000)=@loop={'/dev/loop', 0x0}, &(0x7f00000000c0)='./cgroup\x00', &(0x7f0000000040)='squashfs\x00', 0xa82002, 0x0)

2m30.65995754s ago: executing program 0 (id=1561):
mount(&(0x7f0000000000)=@rnullb, &(0x7f0000000040)='./cgroup\x00', &(0x7f0000000080)='msdos\x00', 0x200000, 0x0)
r0 = ioctl$KVM_CREATE_VM(0xffffffffffffffff, 0xae01, 0x0)
creat(&(0x7f0000001380)='./file0\x00', 0x12c)
prctl$PR_SET_SECUREBITS(0x1c, 0x2c)
setuid(0xee00)
r1 = syz_open_dev$usbfs(&(0x7f0000000040), 0x12, 0x80801)
ioctl$USBDEVFS_ALLOW_SUSPEND(r1, 0x5522)
ioctl$USBDEVFS_IOCTL(r1, 0xc0105512, &(0x7f0000000000)=@usbdevfs_connect={0x7fffffff})
fchmodat(0xffffffffffffff9c, &(0x7f0000000000)='.\x00', 0xfffffe11)
rmdir(&(0x7f00000000c0)='./file0\x00')
syz_kvm_setup_cpu$x86(r0, 0xffffffffffffffff, &(0x7f0000fe8000/0x18000)=nil, &(0x7f0000000040)=[@textreal={0x8, 0x0}], 0x1, 0x0, 0x0, 0x0)
ioctl$KVM_SET_USER_MEMORY_REGION(r0, 0x4020ae46, &(0x7f0000000180)={0x10201, 0x6, 0x8080000, 0x1000, &(0x7f0000fff000/0x1000)=nil})
removexattr(&(0x7f00000000c0)='./cgroup\x00', &(0x7f0000000100)=@random={'osx.', '-&^^\x00'})

2m30.659354901s ago: executing program 0 (id=1562):
prctl$PR_SET_MM_MAP(0x23, 0xe, &(0x7f0000000100)={&(0x7f0000077000/0x1000)=nil, &(0x7f00007af000/0x2000)=nil, &(0x7f00003f1000/0x1000)=nil, &(0x7f000075b000/0x3000)=nil, &(0x7f00003a7000/0x1000)=nil, &(0x7f0000ffc000/0x1000)=nil, &(0x7f0000072000/0x4000)=nil, &(0x7f0000901000/0x3000)=nil, &(0x7f0000301000/0x1000)=nil, &(0x7f0000ada000/0x2000)=nil, &(0x7f0000992000/0x3000)=nil, &(0x7f0000000280)="ff67d0f1255cf9a4582b3e88cbe5741adf47b11b4e7993ad79542e4cce6af91ee2ad4dc4ef5e1a442140f5670945a16b0bd01a6b747b3d279704c0a0b12d54acdee64e6208f0034ebd20924b058e9954884ec96355d065bd1340d0c799d32fc5063ee7f06f0bda59061079628d5304204bd9df93664fdcdf03cdb45473f72689500fbd6ed9a5a85ac864e345992a0c3947e788d4f85388e2415910afd44b992d51cbf759c384cd049934e9fb705e547267bac7b5677cd916223a9d187d7e818680b50721788104c08473d672b7fe2d795bf5995a2bdf563e63190626fc243de40d5a3e0159f32ea3686a93b80ff33aea1767edd41c50a45add9e44956d6582609d126e3b9df5f285001a6670bd84f5a5022dc8915388ef53827129a552f8fea9fd8dac13250274b32f7af7f412633dd5ff91abda4f8cced6e5a9dc824d4017eeae463792e2f1f3b0bde3c210f1d80c28bf86cb5eb44419a434aaf37e171f265f5a3b73265ecaf55aaa6056a9d5c6a3b930fbd239ad9b7f93be37785d680d8ac99c183ebd060ed6ecb59bf49eae34ac9eb19b176a30c19f94a6880160e6939b52142ce00392065e0840b7322005a58067c95166cc49da1cdd6a9ee03fb543ddcad9c445095a6bddcdaa970c1a86d900128e050dfc89d03964381412309a8b6fb6dcdf9808e14fa2b74d8d6b081b784fbedd4ed7c6fb3d75e00cf53fba2747d852eb8b94368ae35d130d26fdfcf9652b9262772c47c261a273f4d07f498fc3f337829b161b8fb0f06676df45d88227c44735eefe1b958111e177f32e9fee7abfa1cd8af854ef1424b229ac883e6e8244c44d11543ed8cb6c90eef9f87d2dafbe0c8f8f78f1baade871d07333be648b3a05a70c57c2a0f1776faed9ad2514cfe486677ec0c197c8e0a1d3b49e81a30a78969ab683b23943366ef0763ba5cc03e08a8400fe1f5b33105db438d306ef7fe823a0dd8f35d4f8c47249107ecbf3356a86a6b042d6d8233422ede4006d92ba6328a3b858ab59374be19b5eec8012ac6351214c74e7a1322b02c91c5aab5ba6c4b69d65b3905c6a31e4105d3d4054b4a6a089d4a89b4bc9420e15f5f1b0187bba3f0db241fbb263f97f4eab3f7a7a7aebac486999a4c8c62126e7cb433748bc3d4f2d1cf541fae6ee53807d0641fdbf0cd2a173ef580fc3247a4b0bac3e922864d608bb5e15a5936e01506e41f5a4f1e3e2d6bb4cf233cb516cab546ab5022254c0395821cc79a9016ae2f91986b762353792531f7cc415a4a7e9a6cdc08851a5e4171359104d669fc54aaf36ecc2baf827ddd14866a42cf4f352b3862c7dd92ba011505eb36374d84508a7b6eb2615df435f1404ee00ca526ed3a0b9549197ef9a8278e9f07258b7f2596542697a1d84ff41e1765eb92f24017c90fd9ab4be4a14ec38b7a4a941c6d18bca7c403ff6f8d8e37d694697ba73719b427d42e6d41b6ff2f0a1f17667a6acadf535a7f4f545930452bc9c679031a4175bc5c5547b8c7ab155662275022b5a3bf9fbddc2b7721a2ec525d7909d9d3be1eb8622b94c7ee920783aeb9684a331708bc6d3856a7a50629df1e9f802a77c284e6b3a5acf84455902020e53d63e453c2a9efa79f65ad75c4f73b07c6a10774a28d29bad7ca96a25916fb4fdd6f61c9b1845bc3b47f3726e0f6748247219c972d2eea56f077e4538320f213210bde2ed4b31b3db3ce5bb308a4118604ce5a8", 0x4c8}, 0x68)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0)
mbind(&(0x7f0000000000/0x600000)=nil, 0x600000, 0x1, 0x0, 0x0, 0x3)
r0 = syz_open_procfs(0x0, &(0x7f0000000000)='numa_maps\x00')
setsockopt$MRT6_ASSERT(r0, 0x29, 0xcf, &(0x7f0000000080)=0x1, 0x4)
preadv(r0, &(0x7f0000000040)=[{&(0x7f0000000180)=""/4096, 0x1000}], 0x1, 0x0, 0x0)
socket$inet(0x2, 0x3, 0xe2f)
mkdirat(0xffffffffffffff9c, &(0x7f00000000c0)='./bus\x00', 0xbd)
mkdirat(0xffffffffffffff9c, &(0x7f0000000400)='./file1\x00', 0x0)
mkdirat(0xffffffffffffff9c, &(0x7f0000000240)='./file1/file0\x00', 0x0)
mount$bind(&(0x7f0000000100)='.\x00', &(0x7f0000000280)='./file1/file0\x00', 0x0, 0x1085408, 0x0)
mount$overlay(0x0, &(0x7f00000000c0)='./bus\x00', &(0x7f00000003c0), 0x0, &(0x7f00000004c0)={[{@workdir={'workdir', 0x3d, './bus'}}, {@lowerdir={'lowerdir', 0x3d, './file1/file0'}}, {@upperdir={'upperdir', 0x3d, './file1'}}]})
chdir(&(0x7f00000001c0)='./bus\x00')
r1 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000580)='blkio.bfq.sectors_recursive\x00', 0x275a, 0x0)
ioctl$FS_IOC_RESVSP(r1, 0xc0189436, &(0x7f0000000740)={0x0, 0x4, 0x7fffffffffffffff, 0x3, 0x3})
openat$dir(0xffffffffffffff9c, &(0x7f0000001180)='./bus\x00', 0x40, 0xc)

2m30.486021569s ago: executing program 0 (id=1563):
r0 = socket$nl_rdma(0x10, 0x3, 0x14)
sendmsg$RDMA_NLDEV_CMD_STAT_SET(r0, &(0x7f0000000040)={0x0, 0x0, &(0x7f00000001c0)={&(0x7f0000000000)={0x18, 0x1410, 0x1, 0x70bd2c, 0x25dfdbfe, "", [@RDMA_NLDEV_ATTR_DEV_INDEX={0x8}]}, 0x18}, 0x1, 0x0, 0x0, 0x24044836}, 0xc094)

2m30.446715739s ago: executing program 0 (id=1564):
mkdir(0x0, 0xe)
mount$fuse(0x0, 0x0, 0x0, 0x0, &(0x7f0000000400)=ANY=[@ANYBLOB='fd=', @ANYRESHEX=0x0])
mount(0x0, &(0x7f0000000240)='./file1\x00', &(0x7f0000000040)='autofs\x00', 0x0, &(0x7f0000000400))
chdir(&(0x7f0000000080)='./file1\x00')
r0 = openat$autofs(0xffffffffffffff9c, &(0x7f00000002c0), 0x100, 0x0)
r1 = open(&(0x7f0000000000)='.\x00', 0x0, 0x244)
ioctl$AUTOFS_DEV_IOCTL_CATATONIC(r0, 0xc0189379, &(0x7f0000000200)={{0x1, 0x1, 0x18, r1}, './file0\x00'})
mkdir(&(0x7f0000000400)='./file0\x00', 0x0)

2m30.422837753s ago: executing program 0 (id=1565):
r0 = socket$inet6_tcp(0xa, 0x1, 0x0)
r1 = openat$iommufd(0xffffffffffffff9c, &(0x7f0000000040), 0x80200, 0x0)
ioctl$IOMMU_IOAS_ALLOC(r1, 0x3b81, &(0x7f0000000080)={0xc, 0x0, <r2=>0x0})
ioctl$IOMMU_VFIO_IOAS$SET(r1, 0x3b88, &(0x7f0000000200)={0xc, r2})
ioctl$IOMMU_VFIO_IOMMU_GET_INFO(r1, 0x3b70, &(0x7f0000000000)={0x18})
ioctl$ifreq_SIOCGIFINDEX_vcan(0xffffffffffffffff, 0x8933, &(0x7f00000000c0)={'vcan0\x00'})
setsockopt$inet6_tcp_int(r0, 0x6, 0x2000000000000020, &(0x7f0000000040)=0xa, 0x1959cc36)
r3 = openat$rnullb(0xffffffffffffff9c, &(0x7f0000001140), 0x60a00, 0x0)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0x4, 0x20011, r3, 0xd6baf000)
madvise(&(0x7f0000000000/0xc00000)=nil, 0xc00000, 0x3)
openat$sw_sync_info(0xffffffffffffff9c, &(0x7f0000000000), 0x200, 0x0)

2m30.35517597s ago: executing program 0 (id=1566):
r0 = openat$rnullb(0xffffffffffffff9c, &(0x7f0000001140), 0x66002, 0x0) (async)
seccomp$SECCOMP_SET_MODE_FILTER_LISTENER(0x1, 0x0, &(0x7f0000000640)={0x2, &(0x7f0000000300)=[{0x14, 0xfe, 0x0, 0x4}, {0x6, 0x10, 0x0, 0xfff}]}) (async)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x1}, 0x0) (async)
sched_setscheduler(0x0, 0x2, &(0x7f0000000280)=0x8)
r1 = openat$rnullb(0xffffffffffffff9c, &(0x7f0000001140), 0x64342, 0x0)
r2 = openat$procfs(0xffffffffffffff9c, &(0x7f0000000200)='/proc/bus/input/devices\x00', 0x0, 0x0)
r3 = syz_open_procfs(0x0, &(0x7f0000000000)='fd/3\x00')
mount$9p_fd(0x0, &(0x7f0000000100)='.\x00', &(0x7f0000000040), 0x0, &(0x7f0000000540)={'trans=fd,', {'rfdno', 0x3d, r2}, 0x2c, {'wfdno', 0x3d, r3}}) (async)
r4 = syz_genetlink_get_family_id$nl80211(&(0x7f0000000180), 0xffffffffffffffff)
sendmsg$NL80211_CMD_GET_MESH_CONFIG(r3, &(0x7f00000002c0)={&(0x7f0000000100)={0x10, 0x0, 0x0, 0x4000000}, 0xc, &(0x7f0000000240)={&(0x7f00000001c0)={0x20, r4, 0x100, 0x70bd25, 0x25dfdbfe, {{}, {@void, @val={0xc, 0x99, {0x7, 0x77}}}}, ["", "", "", "", ""]}, 0x20}, 0x1, 0x0, 0x0, 0x3400c004}, 0x40004)
rt_sigprocmask(0x0, &(0x7f000078b000)={[0xfffffffffffffffd]}, 0x0, 0x8) (async)
r5 = getpid() (async, rerun: 64)
r6 = gettid() (rerun: 64)
rt_tgsigqueueinfo(r5, r6, 0xb, &(0x7f0000000080)={0x0, 0x10, 0x2}) (async)
r7 = signalfd(0xffffffffffffffff, &(0x7f00007aeff8)={[0xfffffffffffffff9]}, 0x8)
read(r7, &(0x7f0000000740)=""/377, 0x179)
sendfile(r1, r1, 0x0, 0x7ffff000) (async, rerun: 64)
r8 = openat$dir(0xffffffffffffff9c, &(0x7f0000000040)='./file0\x00', 0x140, 0x82) (async, rerun: 64)
r9 = fanotify_init(0x4, 0x101801)
fanotify_mark(r9, 0x105, 0x40001032, r8, 0x0)
openat(0xffffffffffffff9c, &(0x7f00000000c0)='./file1\x00', 0x281c2, 0x0) (async)
futex(0x0, 0x5, 0x0, 0x0, 0x0, 0x0) (async)
link(&(0x7f0000000200)='./file1\x00', &(0x7f0000000300)='./bus\x00') (async)
r10 = openat$loop_ctrl(0xffffffffffffff9c, &(0x7f0000000000), 0x2, 0x0)
ioctl$LOOP_CTL_REMOVE(r10, 0x4c81, 0x2) (async)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0x3000001, 0x22052, r0, 0x2000)

2m15.299728813s ago: executing program 34 (id=1566):
r0 = openat$rnullb(0xffffffffffffff9c, &(0x7f0000001140), 0x66002, 0x0) (async)
seccomp$SECCOMP_SET_MODE_FILTER_LISTENER(0x1, 0x0, &(0x7f0000000640)={0x2, &(0x7f0000000300)=[{0x14, 0xfe, 0x0, 0x4}, {0x6, 0x10, 0x0, 0xfff}]}) (async)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x1}, 0x0) (async)
sched_setscheduler(0x0, 0x2, &(0x7f0000000280)=0x8)
r1 = openat$rnullb(0xffffffffffffff9c, &(0x7f0000001140), 0x64342, 0x0)
r2 = openat$procfs(0xffffffffffffff9c, &(0x7f0000000200)='/proc/bus/input/devices\x00', 0x0, 0x0)
r3 = syz_open_procfs(0x0, &(0x7f0000000000)='fd/3\x00')
mount$9p_fd(0x0, &(0x7f0000000100)='.\x00', &(0x7f0000000040), 0x0, &(0x7f0000000540)={'trans=fd,', {'rfdno', 0x3d, r2}, 0x2c, {'wfdno', 0x3d, r3}}) (async)
r4 = syz_genetlink_get_family_id$nl80211(&(0x7f0000000180), 0xffffffffffffffff)
sendmsg$NL80211_CMD_GET_MESH_CONFIG(r3, &(0x7f00000002c0)={&(0x7f0000000100)={0x10, 0x0, 0x0, 0x4000000}, 0xc, &(0x7f0000000240)={&(0x7f00000001c0)={0x20, r4, 0x100, 0x70bd25, 0x25dfdbfe, {{}, {@void, @val={0xc, 0x99, {0x7, 0x77}}}}, ["", "", "", "", ""]}, 0x20}, 0x1, 0x0, 0x0, 0x3400c004}, 0x40004)
rt_sigprocmask(0x0, &(0x7f000078b000)={[0xfffffffffffffffd]}, 0x0, 0x8) (async)
r5 = getpid() (async, rerun: 64)
r6 = gettid() (rerun: 64)
rt_tgsigqueueinfo(r5, r6, 0xb, &(0x7f0000000080)={0x0, 0x10, 0x2}) (async)
r7 = signalfd(0xffffffffffffffff, &(0x7f00007aeff8)={[0xfffffffffffffff9]}, 0x8)
read(r7, &(0x7f0000000740)=""/377, 0x179)
sendfile(r1, r1, 0x0, 0x7ffff000) (async, rerun: 64)
r8 = openat$dir(0xffffffffffffff9c, &(0x7f0000000040)='./file0\x00', 0x140, 0x82) (async, rerun: 64)
r9 = fanotify_init(0x4, 0x101801)
fanotify_mark(r9, 0x105, 0x40001032, r8, 0x0)
openat(0xffffffffffffff9c, &(0x7f00000000c0)='./file1\x00', 0x281c2, 0x0) (async)
futex(0x0, 0x5, 0x0, 0x0, 0x0, 0x0) (async)
link(&(0x7f0000000200)='./file1\x00', &(0x7f0000000300)='./bus\x00') (async)
r10 = openat$loop_ctrl(0xffffffffffffff9c, &(0x7f0000000000), 0x2, 0x0)
ioctl$LOOP_CTL_REMOVE(r10, 0x4c81, 0x2) (async)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0x3000001, 0x22052, r0, 0x2000)

1m50.935743573s ago: executing program 1 (id=1917):
r0 = openat$iommufd(0xffffffffffffff9c, &(0x7f00000000c0), 0xe80, 0x0)
ioctl$FS_IOC_MEASURE_VERITY(r0, 0xc0046686, &(0x7f0000000000)={0x1})
r1 = socket$nl_netfilter(0x10, 0x3, 0xc)
sendmsg$NFT_BATCH(r1, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000200)={{0x14}, [@NFT_MSG_NEWTABLE={0x20, 0x0, 0xa, 0x5, 0x0, 0x0, {0x7, 0x0, 0x4}, [@NFTA_TABLE_NAME={0x9, 0x1, 'syz0\x00'}]}, @NFT_MSG_NEWSET={0x4c, 0x9, 0xa, 0x401, 0x0, 0x0, {0x7}, [@NFTA_SET_ID={0x8}, @NFTA_SET_NAME={0x9, 0x2, 'syz1\x00'}, @NFTA_SET_TABLE={0x9, 0x1, 'syz0\x00'}, @NFTA_SET_KEY_LEN={0x8, 0x5, 0x1, 0x0, 0xd}, @NFTA_SET_DATA_TYPE={0x8, 0x6, 0x1, 0x0, 0xffffff00}, @NFTA_SET_FLAGS={0x8, 0x3, 0x1, 0x0, 0x18}]}, @NFT_MSG_NEWSETELEM={0x50, 0xc, 0xa, 0x101, 0x0, 0x0, {0x7}, [@NFTA_SET_ELEM_LIST_SET={0x9, 0x2, 'syz1\x00'}, @NFTA_SET_ELEM_LIST_TABLE={0x9, 0x1, 'syz0\x00'}, @NFTA_SET_ELEM_LIST_ELEMENTS={0x24, 0x3, 0x0, 0x1, [{0x1c, 0x0, 0x0, 0x1, [@NFTA_SET_ELEM_FLAGS={0x8, 0x3, 0x1, 0x0, 0x2}, @NFTA_SET_ELEM_DATA={0x10, 0x2, 0x0, 0x1, [@NFTA_DATA_VERDICT={0xc, 0x2, 0x0, 0x1, [@NFTA_VERDICT_CODE={0x8, 0x1, 0x0, 0x1, 0xfffffffffffffffb}]}]}]}, {0x4}]}]}], {0x14, 0x10, 0x1, 0x0, 0x0, {0x0, 0x84}}}, 0xe4}}, 0x0)
capget(&(0x7f0000000500)={0x20071026, 0xffffffffffffffff}, &(0x7f0000000180)={0x1e, 0x2, 0x7, 0x6, 0xcdfa, 0x80000001})
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0)
r2 = openat$rnullb(0xffffffffffffff9c, &(0x7f0000001140), 0x141342, 0x0)
mkdir(&(0x7f0000000540)='./file0\x00', 0x108)
mount(&(0x7f0000001400)=@rnullb, &(0x7f0000001440)='./file0\x00', &(0x7f0000000000)='romfs\x00', 0x0, 0x0)
mount(&(0x7f0000000000)=@nbd={'/dev/nbd', 0x0}, &(0x7f0000000080)='./cgroup\x00', &(0x7f0000000240)='vfat\x00', 0x200000, 0x0)
r3 = openat2$dir(0xffffffffffffff9c, &(0x7f0000000080)='./file0\x00', &(0x7f00000000c0)={0x440, 0xd, 0x8}, 0x18)
symlinkat(&(0x7f0000000040)='./file0\x00', r3, &(0x7f0000000100)='./file0\x00')
sendfile(r2, r2, 0x0, 0x7ffff000)

1m50.11774363s ago: executing program 1 (id=1923):
creat(&(0x7f0000000000)='./file0\x00', 0x1ea)
mount(&(0x7f0000001400)=@md0, &(0x7f0000001440)='./file0\x00', &(0x7f0000001480)='qnx4\x00', 0x2001084, 0x0)

1m50.05666436s ago: executing program 1 (id=1924):
openat2$dir(0xffffffffffffff9c, &(0x7f0000000000)='./file0\x00', &(0x7f0000000040)={0x2adc0, 0x1c1}, 0x18)
r0 = openat$rnullb(0xffffffffffffff9c, &(0x7f0000000040), 0x0, 0x0)
ioctl$F2FS_IOC_START_VOLATILE_WRITE(r0, 0xf503, 0x0)
r1 = socket$nl_route(0x10, 0x3, 0x0)
sendmsg$netlink(r1, &(0x7f0000000040)={0x0, 0x0, &(0x7f00000001c0)=[{&(0x7f00000002c0)=ANY=[@ANYBLOB="c80000001a0008002abd7000fddbdf250a00fc003a2a5e247b0000009c5aa88d0bb152e57f18751fbce852b1f3876c18bb860edd8e2a32ea61e9e9dd351999e83f06bac1047c3ebcda2c5c2ea603bd8a69d9819361da8866b2269a598f47049437a3b303b13b70c9d2a43870010a9a9d821174e9cc067701ca35e694ff85271db940efb9d7c4ab2ae6befa4523ec6bcdaf1322989e85b9963381fa1b8db5f334befb2f27c15a217c80c5ac2777bc7068825b19787580d084a185e9b0d419663b50604be346645fe2"], 0xc8}], 0x1, 0x0, 0x0, 0x800}, 0x0)
socket$inet6_sctp(0xa, 0x1, 0x84)
openat$drirender128(0xffffffffffffff9c, &(0x7f0000000240), 0x101000, 0x0)
r2 = socket(0x10, 0x3, 0x0)
setsockopt$netlink_NETLINK_TX_RING(r2, 0x10e, 0xc, &(0x7f0000000040)={0x802, 0x0, 0x0, 0x7}, 0x10)
sendmsg$nl_generic(r2, &(0x7f0000000000)={0x0, 0x0, &(0x7f00000000c0)={&(0x7f00000005c0)=ANY=[@ANYBLOB="200000005200010003000000000000000a0000000c00", @ANYRES32=r2, @ANYRESOCT, @ANYRES64], 0x20}}, 0x0)

1m50.037793164s ago: executing program 1 (id=1925):
mkdirat(0xffffffffffffff9c, &(0x7f0000000040)='./file0\x00', 0x0)
mount$bind(&(0x7f0000000380)='./file0\x00', &(0x7f0000000300)='./file0\x00', 0x0, 0x2125099, 0x0)
r0 = open_tree(0xffffffffffffff9c, &(0x7f0000000640)='\x00', 0x89901)
move_mount(r0, &(0x7f0000000140)='.\x00', 0xffffffffffffff9c, &(0x7f0000000180)='./file0\x00', 0x0)
write$vhost_msg_v2(r0, &(0x7f0000000080)={0x2, 0x0, {&(0x7f00000003c0)=""/235, 0xeb, &(0x7f00000004c0)=""/233, 0x1, 0x2}}, 0x48)
umount2(&(0x7f0000000000)='./file0/../file0\x00', 0x1)
mount(&(0x7f0000000000)=@rnullb, &(0x7f0000000040)='./cgroup\x00', &(0x7f0000000240)='vxfs\x00', 0x20080c4, 0x0)

1m49.96771573s ago: executing program 1 (id=1926):
r0 = memfd_create(&(0x7f0000000480)='\xff\x00l\x1e\xa0</\x00\x8eO4._\x14zC\x8a\xe8\xe0u\xe0\xff\xf1\xb2\xfd\xf6nz\x05-]\xc2Vk\xaeky\xd3\x83\xe2\xc7\xd3\xe6M^\x98ox\x14\t\xe9Q1\x1dK\x9a\x045\xd37\xb22\xfdD(\xd2\xdd\xa0\xff\x0f\x00\x00\x00\x00\x00\x00v\n\xd8?]k\x14N\x18\xf4\xc2j\xed6g\xfd\xd2\xd4\xe3\x1f\xa6 \xa0\x8d\xb5\x9aE<2`]<\x8cR\xd69\x0fO\xbf\xc3\xbd\xb0\x96\x90\x91k\x86\x1a\x10\xd2\xf5\x8b\xfc\xf4\xd0[\x12\xf5+\x1aS\x02/Yx\xf2jJb\x97\x9c/\x1f5i\xc6\x861\x9a\xff\xc3\xe7\xbfU\xd5\xac\xccB=\x8f\xfd\x84\xeepQ\x93nn\x0f\xc6\xa9?\xad\x8b~\x96@i=G\x9ft\x1d\xcc\xc6Ys7\x7f\x8ehv\xd3$\x13s\xa0\xbfi\xfaFS\xa9=Xe\xf8tI\x15\x882\x8b\x8e-X\xb8\xf2\x9du\x15S^\xec\xce\xfaf$S\x9f\xe7Ed\n\x84\\ u\xd2\x16\xc1\xa5\xa0\xaa\xe8.i\xc8\x0e\vt\xe2\xf1lA\x93\xdd\xce\x8f$\x06v\xbe\xe7\x95nN\xc5\xaa\x1ev\xc6P\x9c\\G&y\x8bYA\xc3}\xd9\x86[\xb2\xf3\x0f\x90%\xcb\x81\xe8\xea\xbcs\x95\xe9\x8eXH\x19m\xdfOY\xf1E9-\xc8\xe7\x13^+(\x034\x82\xafiOO\x14\x8f^\x8c', 0x7)
fcntl$addseals(r0, 0x409, 0x9)
socket$netlink(0x10, 0x3, 0x0) (async)
r1 = socket$netlink(0x10, 0x3, 0x0)
sendmsg$netlink(r1, &(0x7f0000001280)={0x0, 0x0, &(0x7f0000000000)=[{&(0x7f0000000680)=ANY=[@ANYBLOB="180000002c000100490000000000000008000000db943e969a51ac73e106202d92a0d04998fab6f7d7c71588f42bdd1012fe6610ecac7e03c2a405f230f3d1158bc0ff8b47692ba69d7b834398c8f45e630c159e9de947f30dd5400f1898083b8693bbdb470896bfe68eb2cbc8abc4", @ANYRES32=0x0, @ANYBLOB], 0x18}], 0x1}, 0x0)
openat$udambuf(0xffffff9c, &(0x7f0000000000), 0x2) (async)
r2 = openat$udambuf(0xffffff9c, &(0x7f0000000000), 0x2)
openat$binder_debug(0xffffffffffffff9c, &(0x7f00000002c0)='/sys/kernel/debug/binder/stats\x00', 0x0, 0x0) (async)
r3 = openat$binder_debug(0xffffffffffffff9c, &(0x7f00000002c0)='/sys/kernel/debug/binder/stats\x00', 0x0, 0x0)
r4 = socket$netlink(0x10, 0x3, 0x10)
syz_genetlink_get_family_id$SEG6(&(0x7f0000000300), r4) (async)
r5 = syz_genetlink_get_family_id$SEG6(&(0x7f0000000300), r4)
sendmsg$SEG6_CMD_GET_TUNSRC(r4, &(0x7f0000000140)={0x0, 0x0, &(0x7f0000000100)={&(0x7f00000000c0)={0x14, r5, 0x223, 0x0, 0x0, {0x3}}, 0x14}}, 0x0)
sendmsg$SEG6_CMD_SET_TUNSRC(r3, &(0x7f0000000440)={&(0x7f0000000340)={0x10, 0x0, 0x0, 0x800}, 0xc, &(0x7f0000000400)={&(0x7f0000000700)=ANY=[@ANYBLOB='D\x00\x00\x00', @ANYRES16=r5, @ANYBLOB="000128bd7000fddbdf2503000000080024000000000800030004000000080003000000000008000200860000000800030003000000f13537eadf50b5215cae9b16ac6cc28ff3997614093b75a389088fc5b3eb78623bf43cbd0d98d6483c699c23630fcd0675dbd5ba117716e82415f87a8dd33c616aac3b5290f9193c8dc796b5e1ba28023f3d5f646a1f21b0a56fee8109a0fa3c7e82fdf5387092f1251f"], 0x44}, 0x1, 0x0, 0x0, 0x40000}, 0x20008080)
openat$comedi(0xffffffffffffff9c, &(0x7f0000000080)='/dev/comedi4\x00', 0x2440, 0x0) (async)
r6 = openat$comedi(0xffffffffffffff9c, &(0x7f0000000080)='/dev/comedi4\x00', 0x2440, 0x0)
ioctl$COMEDI_DEVCONFIG(r6, 0x40946400, &(0x7f00000000c0)={'pcmmio\x00', [0x4f27, 0x0, 0xfffc, 0x4, 0x5, 0x5, 0x4, 0x7, 0x54c6cff3, 0xfd, 0x2, 0x1, 0x1, 0x1, 0x6, 0x101, 0x0, 0x7f, 0x3, 0x3fffffff, 0x89, 0xcaa3, 0xffffffff, 0x20001e58, 0x3, 0xe66, 0x3, 0x8, 0x4082, 0x0, 0xfffffff8]}) (async)
ioctl$COMEDI_DEVCONFIG(r6, 0x40946400, &(0x7f00000000c0)={'pcmmio\x00', [0x4f27, 0x0, 0xfffc, 0x4, 0x5, 0x5, 0x4, 0x7, 0x54c6cff3, 0xfd, 0x2, 0x1, 0x1, 0x1, 0x6, 0x101, 0x0, 0x7f, 0x3, 0x3fffffff, 0x89, 0xcaa3, 0xffffffff, 0x20001e58, 0x3, 0xe66, 0x3, 0x8, 0x4082, 0x0, 0xfffffff8]})
pwrite64(r0, &(0x7f00000013c0)="4ecefa5215c146b6a8fe10ca0696fbc075dbf68605a8c3edb272780f2a1f31ad211db521001ba54eedf64fc220a6f3a5f98cb9a5fedb2634860ec01eadb14d746e97332ba7d938ebfcde97637a3b65adfec9dc9c47804018fb7144fd3b4f51da8362b6904c98a9c9f8ec51c7f9e2ebc325c86007964806ee7c4ee1a70a5106643a04cb0d69f7c37220e3d50c88e27f0cdef3e364f76403d7a06bdfb3e898a9f839597eefaaa86ffb4697d8f21fe855a7f75739637182be6ebbd7a9ea3af0574b3269065aecdb1cb783d4e8f81a1fc5db749c43f56082fd04190d59ebcac6a3c6cd675058d97007e2f9cb9096b1322ce8f91d8f8b3947db947ebc6bed76258a0cc5b6859193b000a849dbff41b22fd446025d7781d9a3e06a961f2e9bca1023fc002d9a4cf4b4b4473f7f856612341559a7460bfe039975eab2a8231a5334df31603a5b7eb1c0db5ec0d87a8317e080d77e52568ebc38890e67c6ff56ed2409b2812ad9cbe384b5e4f74f9c33ecab744bcb700318945d1aae62e296901724002c96dc88d96dcee63b4e12fa131c7841bbcd1475449f796e10e9a6feff09b9abc5c4d2715398476cf8fdb517f432d454e340912d3999737b75e997e5cbc2c28ee6be2f9e64856bac392cf91ca6cc798facfd32b4c95964d36173bd15d399cab0b4d1f5ac8a20b49e9d60e2dbee84c63487133bf702dd3c8d94a45a644c734b74c159487fb98694d13c2f85774e5f11d71b1eacb85043d1507f0b1327f491e91e40520b17a5393803013d963d251650fa227b3d319d9c6a971b8e558de858b9745c4a3eab3515892dcec3b556a9b7b363d7f2075dfa0570a1071f2cdfdc31567ccea678a46b5003ef310c789005ece8e57f8e77b0df74a67168566f5fc7521e5895698092033339ab07a4b1a4b6360bc9fab84f8287b494026c4a0e31a7c569edb05300401d1dd8646aee8009793a6f66aa8fa16eb9d3d960676a41b3524384afd746f72179d2433d73623b5fdeadae85b3af1e3634ad8c5a28870da026f8d2dec9b0c9401ec11cd6f34449c99db619d78ea7b559a3ef238c3f093f96c3872dbf6de1912aa1aa4d38d42c7d4d8335c9f36b1893abf13b45038d14d970b13eb65c0a852506a42c5f89d353f30c421357c493dc96007727373d1c0f968107ecba16c889cc950b0ea44c90e71fec3e1a84a16d79d9c9e47cf01eab8a2ea2cdce41c0298e7899f0aa0519eae31f6d910b069c7f2c1df97e0f316e85513b135b160fe5e6ac29c4a49329edb1e7dcd671fc677700db757f959da9235db0c8cbf8eb153c2a3414ce334890f2c345c591488846416b02a98ffc56a6e6cc30edd6f79d4321e8d4696c513d89bd57b707749ffdb7cf7b48490fb5d6ecf19f56f8cb7603aeda1c9038f8a40393c7a93b8221bc9f398eabde250ddf972f2dbf9a4348d35762df9b601908f2ea5b1c89f52033c898db11ffff0ecbc41525c3226c11480f45c3b0b19ab6f7315de77f2f8631803c2bcd625a3c39ef6009ffc1fd9168c6a50dc30b96888821212bc6d59dffea8506ce2041290381ce73489b38f1eb4b6b60898e45fbb6f99250794e2d4e31027c02dea65dded546c9dcc2fa8424fe0a13ff7b2a46ef8a43c233b61332ab1c8e6129ab11326023dec6600f2a457c0774c42e2a70c3c13e87aa941eca77e613077182ac4eed2f32920ed3a4e99712ef24a1c39f0514e8e4a715e00045d8f344c1f3c3df83c3b0608448e1f8aff114c716cec7bd564d39fcda4d43ef81f49550fbaf0282cda8936c12c0ad38050012b76c29e7268deae2ac1e432bb8fc991b40a3bc8242be0c6e3dcfd2dccb4bc286cba873764d47b357f621879d085399255dcbf0f6becb765fcfd0eba4bdb710073c2758780f0a9712237d58b07de0f305465b067dbfe452b34be22c1045b706dedc95ad0c348d8e22bb2e2279c08070646f38cea0297df95e8e62eacd967cdc4227a1b4bbb83ab0e204dcebf53c4bced8180a4d27563fbd22868bbbea6af42f41419d964ee3c1d9bb2cb9e9d4055cbb2c9bf3b3deb3ccde3d9b086b27853c760215b6d440c46c787ba7cb82b9d8bdd47a315db6adca3c844105de2524116ecb292f581c0ad2c4696fd92429dc0ae661d8f09d87cb2e355629ae7b6feaed13dfa45d1cf39a17bff7dda83a45083d2ac945d749b5b22d68f9ed8b3c1b99d29fc9ca09179a59c664a6e0d8a9210f6589a27a8d3f48702e1cc2fba106d65e8af9f2ef1e2942f3a499e70798c875ee3885604c895ee4f7b29eb57538315df0e0aaa08e488f2e5edf9e80b3cc53d4176b6141fbff0f5e46e8458c8e3187f3389f84a3dc76b7481464da2e9415859347b515ab6273a8dedf881b95ed1cf33df5f4fd496041dfb05aeb62d646aba7ace7b03f912f2cc7a4646f25ebdd3cfb2c32703e4da67707543d6df8c794362d58e576b28aa70591b8b2e6224b4ec271a845b45de2d385455c31d7102b0f85c811dc38441ae7b89182c81b05258c4da08539075063684db5ccb23cf2f795b059108eb464f9f2accf9f9fe905ee296fb70de9f1d43db969790d54b74250dd94a11c1cdeaa920d8bfdda7add89140765218b1abf569d69905c0706c77b56bfd6ee4ac6df7e8e43eace2bc4c04d2c53195875adf4389818b8b3450a859c8062947b5c15ec79c6e0320411711ceb0dbd839e30a0622ee80ca47286ab8e9b9d83afb825fb8b39aa00a866ae06e0db3afe65002a51fec51ce88acb20eee91f2eb86a74a4bad5e8028fbb475c703f3d152128d7b7f29fb71e6ec5dad3d8f2fe48a60b5f75edb3e1a3bddf46a87dba675755f621fbee6152f4b248b94c71ed96044f2bae66e4918335faddd26cb3719433b19a40b37cd167865b854edf6689f4c0524637758a95c37cff5c0093807e1a2f929d1c8195cb2a670fa8810f630c628096f5f270e6a7c54e6f161f26d7903b8356bcbac62e8aaad3c266a807ad3f46f9ed2b8ffd9600202f8e071728353c1ea4043a46d837d9bf23ec5fde684383b72ad58e5f60b2d8be7d70616d6573727e890c9eb0142eb4b544cff8cd5ed8d5c3cce667a4ae952904a8764cede2b4c850973e8a8616aff57d29c82aeb59529fc8e2d2c6daef63d75f11a5476ec3d38c9f9566eac764846576764b1ee9a63b0ebff1e175fdef2353e0b31d7d2320bc1d7f8c792eff98157256be1975275b0c57e9fb6cdb8a68b1040db5675a2698d58c8283214368a35be2dae376d98e2c581547dbde59472864bc6297b22329b34e8b75d1fd4e7369e5c8e369f406b03e017845af66c0f601f74856d26ca16133f58657b043079d3824438998d3b47351fde7bc4a081fce97fe72a4928b53e87022b365d2478db0c805e664887c43d4ca642733b3545e4bd58c9cd3b1cfbcff7e524872e19a8c9c4851871577e7e96ec21cb5c35b1eaebbccf3d847c3cfcdd3473b62eaca3207f2be6decc66e39d253f4aa2f1e106e2cd44cf62d84c1149655b0199fcc1cfb2a3b87e49b6f77ca598d7948700d022ae246dd51fd2c56a950305bc3271c7c7480a59d51523ced588f03cfae57ba023b3253fa234e1c57677f232e3ce891e7606d06dc677620f63f337b1582f5ba3bee95e7237943e56a9ebe35fe6b952b6804b61039c81bdad15c8cf601a54cd41cdd5dc3611cc76ba0493baf2ef968cf9aa687bce563493d091a25eed2218b8ba6dbf16d82c9a7788376a62127c2921b6ee549d24a6966f90017da324efa1774b8197e023b5dc86363e57dd754487f57c65170e0e1a0b703e25a50cb628ab4c809d68dfd82ef17d5858d0610465358381918d974ea579eac092a78d48187815bd8f6c10589bf8d1b557551fb8831c8d3234ab4040b25b5517020f2ff9834d1caa2aa5b8bee60a219e0d838be00ebc6f91aa0daf775910741fc4f76ae093086f402e4182e3ac656fbb2394572b897ffeff98dc14802f0a177e48152d875ce04ca64ad3a5c69b4c688c63daef64ea1228a2126b5fa6b89efba30898864710d2b870cde01a6348ca9cef74e80adb21f25d94d4adcf5d9d3738585157097bc86e2633c7631ef6de970ffa56441bec35ea40facea4494c864a38bef5d05d2793c096efac72c713606ccfdab23418e81da6fe972068ce8e8034032576a95bbd8cd8d2ebd874871d729f7896f83bb84c0e9e1640b1173c522c579b0a93901580e2d0fa34039e671735dfc30385c12e9f634ec54a266a6890a6f23169898491b60b0657c2882968a91a7f967202c1f7151e0a7b2642f46a3dd75761a00c947fbdab5af2218c85ca7eb4ed8ca11c922bdea6b1b512609d7d79c278dc434858c3a1ce7b60f5e25610e3f3074628c7bd603f2159b20c68ee8c24105233e531fcb273ebeaf24b4036c924b69b5466380b9e3279929a7fb8c839ff786c9962687524f5b0ada27147f9dd71927efcaed04389fd3a418c9c3a97c0d57e40a673ed8df5741b818e0fd41d1670d0c490d29ad93043e0f677272b1d7653a52e19d5a381a4233ceaf8bc6cfcaed05b06fe17b9319c4b4409c28d544432dd5216700a495718da64c748840fc7ef68eca3efd274f5a281aa1497d888a0b30dad956fc47128f61e30da8a46d2168e1e7d2d386fc15709d63df072bcd9962772a49abdbc271f882fb06a9b089f22cc893f44bfba707d98d4e33eec93af23d46fe89fbe2f48a9da4456cc7f347e70e60972a42e33a8580156be5bbd95a122a6d34f581e4837e7b6f37c3df3dca2119d623e41e03178bdecb1304b8cac58ffbe22452abb195d92fc314ae8d2b8c14bbbe654e817bcf6cfa0be75bfad3b5d6c8a0c7ba9fd44b40ddae6dd76e7c76fe05e6c21e6cd1a4ecce2ef863423906b33b3cf0fcc77a97b21204116996745073570cf2e320d9ecdae5cd6259a8fcd6a3c5a3c07836f4f6ec2ad54a96a3d99f0634b11746200c64e65435ec4a5b20728491475a32552e5a2c22d464240f4344b4fb4237a7d7022089a0113c53f61aabf90951e528052bf192d1486af10ec4b3150b39a122d31b5f7ef6b86bdd6bb5c1fdb74f8e0da5f435a85fe7bb5dd62f022164b0a3fab9333f077394d832c06a59ee7118d0ba41da7c83a0e0c5d061e45bf09dbc142d5ca211a3efcc4fdf76446c11c5f64c99fe1fcd5e86b981c227d1922136e630fc1dbc7ab897192f2f00b33563ec57e5f312b5005ca716f29e6a58f917e507d03c1c2b4f2143cfc308f8350b5fc047ebe65cc0f06f140deda888f73d734687a5a6422bfb50953a9e3b119101d4124e92bb7a47603f2a41d83c80bc7c737bdecaaf4223f92f8cfd79626067821b148b9521ad5fe4443d95ed042a596244ec9f54a4407edced3161e3cc9681f41c1a36941944313a3bccd4e0ebdfbdea75e70e02550980be0a568689071ae308f643e05b082277b0d10b9c05e066abb240f34619cd0acc448fd17a8805db5eb90e513f8af9f70145ce6957a281d72e8bc2d059eba3413df0ec2104bfcdfc2e7dbe68c705c0091f140926ebd3f98fff3699da59eb9795a627a7ecd4ec708b61c4d068346f2bdf1247185cdd86f622489b43c3838128d64d3b817112fbae78c46b248419fd5220a0aaca917b93a346c3562536e42c09ea734ccf3b2712a6724d8638556ad95057d8052a14aae82c679da6bc93789d14364ab45a4a129cd2103693441443996a838d63d6ddf9d5e8dfd6658801d6aa02f3514cb37236f9303e310d9e80dd9b1c1ed731eef242cb7941e7f54b280c19b5f2300c20092e2d88e8b561b018a786384a006de9e0a11d2de0b9e93d", 0x1000, 0x4)
ioctl$UDMABUF_CREATE(r2, 0x40187542, &(0x7f0000000040)={r0, 0x0, 0x0, 0x2000}) (async)
ioctl$UDMABUF_CREATE(r2, 0x40187542, &(0x7f0000000040)={r0, 0x0, 0x0, 0x2000})
lseek(r0, 0x1, 0x2)
r7 = socket$netlink(0x10, 0x3, 0xc)
socket$inet_sctp(0x2, 0x1, 0x84) (async)
socket$inet_sctp(0x2, 0x1, 0x84)
sendmsg$RDMA_NLDEV_CMD_NEWLINK(r7, &(0x7f0000000300)={0x0, 0x0, &(0x7f0000001200)={&(0x7f00000004c0)={0x38, 0x1403, 0x1, 0x70bd2d, 0x0, "", [{{0x9, 0x2, 'syz0\x00'}, {0x8, 0x41, 'rxe\x00'}, {0x14, 0x33, 'wlan1\x00'}}]}, 0x38}, 0x1, 0x0, 0x0, 0x854}, 0x0)
creat(&(0x7f0000001380)='./file0\x00', 0x29) (async)
r8 = creat(&(0x7f0000001380)='./file0\x00', 0x29)
r9 = syz_open_dev$video(&(0x7f0000000200), 0x0, 0x2000)
ioctl$VIDIOC_G_FMT(r9, 0xc0d05604, &(0x7f0000000500)={0xa, @pix={0x0, 0x0, 0xf8606d00}})
r10 = syz_init_net_socket$ax25(0x3, 0x2, 0xce)
ioctl$SIOCAX25CTLCON(r10, 0x89e8, &(0x7f0000000240)={@null, @null, @null, 0xc, 0x8, 0x0, [@netrom={0xbb, 0xbb, 0xbb, 0xbb, 0xbb, 0x0, 0x0}, @remote={0xcc, 0xcc, 0xcc, 0xcc, 0xcc, 0xcc, 0x2}, @remote={0xcc, 0xcc, 0xcc, 0xcc, 0xcc, 0xcc, 0x0}, @null, @netrom={0xbb, 0xbb, 0xbb, 0xbb, 0xbb, 0x0, 0x0}, @bcast, @remote={0xcc, 0xcc, 0xcc, 0xcc, 0xcc, 0xcc, 0x0}, @rose={0xbb, 0xbb, 0xbb, 0x1, 0x0}]})
socket(0x2000000000000021, 0x2, 0x10000000000002) (async)
r11 = socket(0x2000000000000021, 0x2, 0x10000000000002)
connect$rxrpc(r11, &(0x7f0000000140)=@in4={0x21, 0x0, 0x2, 0x10, {0x2, 0x400, @remote}}, 0x24)
sendmmsg(r11, &(0x7f0000000180)=[{{0x0, 0x0, 0x0, 0x0, &(0x7f00000002c0)=ANY=[@ANYBLOB="18000000000000001001000001"], 0x18, 0xe000}, 0x5}], 0x1, 0x0)
recvmsg$can_raw(r11, &(0x7f0000000640)={0x0, 0x0, 0x0}, 0x12042)
close(0x3)
ioctl$KVM_GET_NR_MMU_PAGES(r8, 0xae45, 0x5)
mount(&(0x7f0000000000)=@rnullb, &(0x7f0000000080)='./file0\x00', &(0x7f00000000c0)='ntfs3\x00', 0x8000, 0x0)

1m49.651861598s ago: executing program 1 (id=1932):
r0 = creat(&(0x7f0000001380)='./file0\x00', 0x4)
ioctl$UFFDIO_COPY(r0, 0xc028aa03, &(0x7f0000000080)={&(0x7f0000ffb000/0x4000)=nil, &(0x7f0000ffc000/0x4000)=nil, 0x4000}) (async)
mount(&(0x7f0000000000)=@rnullb, &(0x7f0000001440)='./file0\x00', &(0x7f0000000040)='ext4\x00', 0x8000, 0x0)

1m49.513350371s ago: executing program 35 (id=1932):
r0 = creat(&(0x7f0000001380)='./file0\x00', 0x4)
ioctl$UFFDIO_COPY(r0, 0xc028aa03, &(0x7f0000000080)={&(0x7f0000ffb000/0x4000)=nil, &(0x7f0000ffc000/0x4000)=nil, 0x4000}) (async)
mount(&(0x7f0000000000)=@rnullb, &(0x7f0000001440)='./file0\x00', &(0x7f0000000040)='ext4\x00', 0x8000, 0x0)

5.590129775s ago: executing program 6 (id=2829):
r0 = openat$uinput(0xffffffffffffff9c, &(0x7f0000000000), 0x2, 0x0)
write$uinput_user_dev(r0, &(0x7f0000000080)={'syz0\x00', {0x0, 0x4, 0x0, 0x3ff}, 0x0, [0x80000000, 0x3, 0x3ff, 0x8, 0xfffffffd, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x9, 0x0, 0x0, 0x0, 0x0, 0x0, 0x9, 0x0, 0x0, 0x2, 0x2, 0x0, 0x0, 0x0, 0x0, 0x4, 0x0, 0x2, 0xfffffffd, 0x0, 0xf5b1, 0xffffffff, 0x10000000, 0x95, 0x20000000, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4, 0xfffffffe, 0x0, 0x8, 0x0, 0x0, 0x0, 0x4, 0x0, 0x4, 0x0, 0x0, 0x0, 0x2, 0x0, 0xfffffffe, 0x0, 0x0, 0x1], [0x3, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xedc0, 0x0, 0x5ee, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xa0000000, 0x0, 0x0, 0x0, 0x4, 0x0, 0x0, 0x0, 0x0, 0x0, 0x9, 0x0, 0x0, 0xfffffffc, 0x2, 0x0, 0x2000079, 0x400, 0x0, 0x0, 0x10000, 0x40000, 0x0, 0xc0800000, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x81, 0xffffffff, 0x0, 0x0, 0xfffffffc, 0x0, 0x0, 0x8], [0x0, 0x7f, 0x0, 0x0, 0x3, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2, 0x0, 0x8000, 0x0, 0x0, 0x2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4000, 0x6, 0x0, 0x0, 0x0, 0x0, 0x200000, 0x80000000, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4, 0xf, 0x0, 0x0, 0x0, 0xfffffffd, 0x0, 0x0, 0xfffffffc, 0x4, 0x0, 0x3], [0x2, 0x0, 0x800, 0x0, 0x0, 0x0, 0xfffffffe, 0x4, 0x0, 0x0, 0x0, 0x3, 0xfffffffc, 0x2, 0x800, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x5, 0xfffffffd, 0x0, 0x0, 0x0, 0x8001, 0x80, 0xffffff01, 0x0, 0x0, 0x0, 0x6, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x8000000, 0x4, 0x0, 0x0, 0x0, 0xffffe]}, 0x45c)
ioctl$UI_SET_EVBIT(r0, 0x40045564, 0x5)
ioctl$UI_SET_SWBIT(r0, 0x4004556d, 0x3)
ioctl$UI_DEV_CREATE(r0, 0x5501)
mount(&(0x7f0000000000)=@rnullb, &(0x7f00000000c0)='./cgroup\x00', &(0x7f0000000040)='squashfs\x00', 0x208002, 0x0)

5.383653051s ago: executing program 6 (id=2831):
r0 = openat$sndseq(0xffffffffffffff9c, &(0x7f0000000240), 0x40)
ioctl$SNDRV_SEQ_IOCTL_QUERY_SUBS(r0, 0xc058534f, &(0x7f00000004c0)={{0x4}, 0x1, 0x0, 0x2, {0x8, 0x80}, 0x3, 0x11c})
openat$rnullb(0xffffffffffffff9c, &(0x7f0000001140), 0x141342, 0x0) (async)
r1 = openat$rnullb(0xffffffffffffff9c, &(0x7f0000001140), 0x141342, 0x0)
socket$can_j1939(0x1d, 0x2, 0x7) (async)
r2 = socket$can_j1939(0x1d, 0x2, 0x7)
fcntl$dupfd(r2, 0x406, r2)
r3 = gettid()
tkill(r3, 0x11)
sched_setscheduler(r3, 0x6, &(0x7f0000000000)) (async)
sched_setscheduler(r3, 0x6, &(0x7f0000000000))
sendfile(r2, r1, 0x0, 0x7ffff000)

5.362019852s ago: executing program 6 (id=2832):
r0 = openat$rnullb(0xffffffffffffff9c, &(0x7f0000000040), 0x60a00, 0x0)
r1 = socket$inet6_tcp(0xa, 0x1, 0x0)
setsockopt$inet6_tcp_int(r1, 0x6, 0x13, &(0x7f0000000000)=0x100000001, 0x4)
connect$inet6(r1, &(0x7f0000000200)={0xa, 0x0, 0x2, @loopback}, 0x1c)
setsockopt$inet6_tcp_TCP_ULP(r1, 0x6, 0x1f, &(0x7f00000000c0), 0x4)
setsockopt$sock_int(r1, 0x1, 0xa, &(0x7f0000000040)=0x1, 0x4)
setsockopt$inet6_tcp_TLS_TX(r1, 0x11a, 0x2, &(0x7f0000000680)=@gcm_128={{0x303}, "000037d7009400", "c0b6c5b29ca2b838d41ac2fc7ddf972d", "e9be1eae", "bb10000000000001"}, 0x28)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0x3000001, 0x12, r0, 0x57789000)
ioctl$BLKRASET(r0, 0x1262, &(0x7f0000000000)=0x1)
seccomp$SECCOMP_SET_MODE_FILTER_LISTENER(0x14, 0x0, 0x0)
r2 = syz_open_dev$sg(&(0x7f0000000080), 0x9, 0x40)
ioctl$SCSI_IOCTL_DOORUNLOCK(r2, 0x5381)
r3 = syz_usb_connect$hid(0x0, 0x36, &(0x7f00000000c0)=ANY=[@ANYBLOB="12010000000000401e04012800000000000109022400010000000009040100010300000009210000000122070009058103"], 0x0)
syz_usb_control_io$hid(r3, 0x0, 0x0)
syz_usb_control_io$cdc_ecm(r3, &(0x7f0000000000)={0x14, &(0x7f0000000500)={0x0, 0x23, 0xc, {0xc, 0xc, "47a468c1fb56fd4a2625"}}, 0x0}, 0x0)
r4 = syz_open_procfs(0x0, &(0x7f00000002c0)='net/psched\x00')
madvise(&(0x7f0000000000/0xc00000)=nil, 0xc00000, 0x1)
r5 = socket$inet6(0xa, 0x1, 0x0)
ioctl$sock_SIOCETHTOOL(r5, 0x89f0, &(0x7f0000001440)={'gre0\x00', &(0x7f0000000100)=@ethtool_ringparam={0x7, 0x0, 0x20000000, 0x0, 0x9, 0x900}})
madvise(&(0x7f0000000000/0x800000)=nil, 0x800000, 0xe)
r6 = socket$nl_generic(0x10, 0x3, 0x10)
r7 = syz_genetlink_get_family_id$smc(&(0x7f0000000100), r4)
sendmsg$SMC_PNETID_DEL(r6, &(0x7f00000001c0)={&(0x7f00000000c0)={0x10, 0x0, 0x0, 0x4000}, 0xc, &(0x7f0000000180)={&(0x7f0000000300)=ANY=[@ANYBLOB='8\x00\x00\x00', @ANYRES16=r7, @ANYBLOB="00022abd700014dcdf250300000005000400010000000000000000002f42520e36f84b3282ed4667d9eeffc3554ad7359da5b2c49a927ced31d3bd42c7dd1fd68c7086a3b3dbe6255d9126785eb8e93bb228dd350bc92f4f8502de3a0b7e03bb20731882f8b88359a0aecb26ad60d3378a727bda6952ebe770ea0203021457e8460000000000000000000000e209a1b5303d7dfe0766a4542dc751ee5b276141aa164127ef9d03302e64440dea67b351910e8a8fcd597bfc3422a29ec7dd9940521334cd287af99c1467da674126f83a4c30b996b7c2b217"], 0x38}, 0x1, 0x0, 0x0, 0x800}, 0x20000001)
mlock(&(0x7f0000000000/0x800000)=nil, 0x800000)

5.178133475s ago: executing program 3 (id=2834):
r0 = syz_open_dev$usbfs(&(0x7f0000000100), 0x76, 0x101301)
r1 = syz_open_dev$loop(&(0x7f0000000140), 0x75f, 0x2a382)
ioctl$LOOP_GET_STATUS(r1, 0x4c03, &(0x7f0000000280))
r2 = openat$rnullb(0xffffffffffffff9c, &(0x7f0000001140), 0xa00, 0x0)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0x2000005, 0x20011, r2, 0x1a1c1000)
mount$tmpfs(0x0, &(0x7f0000000000)='./cgroup\x00', &(0x7f0000000040), 0x1000040, &(0x7f0000000100)={[{@mpol={'mpol', 0x3d, {'prefer', '=static', @val={0x3a, [0x31]}}}}]})
ioctl$USBDEVFS_RELEASE_PORT(r0, 0x80045519, &(0x7f0000000080)=0x2)
r3 = dup(r2)
ioctl$AUTOFS_DEV_IOCTL_ASKUMOUNT(r3, 0xc018937d, &(0x7f0000000000)={{0x1, 0x1, 0x18, r0, {0x1b}}, './file0\x00'})

5.087804562s ago: executing program 3 (id=2835):
syz_usb_control_io$cdc_ncm(0xffffffffffffffff, 0x0, &(0x7f0000000440)={0x44, 0x0, 0x0, 0x0, 0x0, &(0x7f0000000340)={0x20, 0x85, 0x4, 0x2}, 0x0, 0x0, &(0x7f0000000400)={0x20, 0x89, 0x2, 0x1}})
r0 = openat$tun(0xffffffffffffff9c, &(0x7f0000000140), 0x40241, 0x0)
ioctl$TUNSETIFF(r0, 0x400454ca, &(0x7f0000000000)={'syzkaller1\x00', 0xc201})
r1 = socket$kcm(0x2, 0xa, 0x2)
ioctl$SIOCSIFHWADDR(r1, 0x8914, &(0x7f0000000240)={'syzkaller1\x00', @broadcast})
write$tun(r0, &(0x7f0000000240)=ANY=[@ANYBLOB="000086dd0500561308005400000060ec970001983a00fc000018c6ba35000000000000000700ff02000091ffffff000000000000000100000000000000cc00000000000000000000000000000000860090780000000000000000000000000000ee3f000000002b036f8c006e64021d683910c3090b3188a7c747eb2278a273c1b80029442911892704"], 0xfdef)

3.276785491s ago: executing program 3 (id=2836):
r0 = openat$sysfs(0xffffffffffffff9c, &(0x7f0000001080)='/sys/power/sync_on_suspend', 0x2, 0x0)
ppoll(&(0x7f0000000000)=[{r0, 0x50}, {r0, 0x80}], 0x2, 0x0, 0x0, 0x0)
madvise(&(0x7f0000000000/0x800000)=nil, 0x800000, 0xe)
mlock(&(0x7f0000000000/0x800000)=nil, 0x800000)
mmap$binder(&(0x7f000042b000/0x3000)=nil, 0x3000, 0x1, 0x11, r0, 0x9)
r1 = syz_open_dev$tty1(0xc, 0x4, 0x1)
syz_usb_connect$hid(0x5, 0x36, &(0x7f0000000040)={{0x12, 0x1, 0x201, 0x0, 0x0, 0x0, 0xff, 0x46d, 0xc298, 0x40, 0x1, 0x2, 0x3, 0x1, [{{0x9, 0x2, 0x24, 0x1, 0x1, 0x3, 0x0, 0x8, [{{0x9, 0x4, 0x0, 0xb, 0x1, 0x3, 0x1, 0x2, 0xda, {0x9, 0x21, 0x8, 0x38, 0x1, {0x22, 0xa}}, {{{0x9, 0x5, 0x81, 0x3, 0x400, 0x10, 0x4}}}}}]}}]}}, &(0x7f00000002c0)={0xa, &(0x7f0000000080)={0xa, 0x6, 0x110, 0x0, 0x75, 0x7, 0x40, 0x6}, 0x4a, &(0x7f0000000140)={0x5, 0xf, 0x4a, 0x4, [@generic={0x13, 0x10, 0x2, "58fe32069ed9ed8ce3bdcc7a4da87462"}, @ssp_cap={0x24, 0x10, 0xa, 0xd, 0x6, 0x9, 0x0, 0x35, [0xff3f00, 0x30, 0x3f0f, 0xc0, 0x3fc0, 0xff3f00]}, @wireless={0xb, 0x10, 0x1, 0x2, 0x12, 0x2, 0x4, 0x8, 0x1}, @ptm_cap={0x3}]}, 0x3, [{0x4, &(0x7f00000000c0)=@lang_id={0x4, 0x3, 0x80c}}, {0x8a, &(0x7f00000001c0)=@string={0x8a, 0x3, "95f22944c8f27b10695fe264fd882411437a3a26daf3c149c6ffc392de38e28eed574c5b9154e8763271860f7227bea3cea969fefbb8afc30925fdc4b0f7cd9c25ed12d9357a27dc200ccdd822a7a5765ec70acc069f0489b44a8ccfda3d437131ab73eba6f4ba1600ef11828ba3921461b64875680310c73f36aadc25da20e24b75d889ebf82fe3"}}, {0x4, &(0x7f0000000280)=@lang_id={0x4, 0x3, 0x444}}]})
write$sndseq(0xffffffffffffffff, &(0x7f00000006c0)=[{0x2e, 0x7e, 0xc, 0xfd, @time={0x40000008, 0x8}, {}, {0xe0, 0xfd}, @connect={{0x81, 0x2}, {0xd, 0x10}}}], 0x1c)
r2 = fanotify_init(0x8, 0x80000)
write$binfmt_elf64(r2, &(0x7f00000006c0)=ANY=[@ANYBLOB="7f454c4622"], 0x18)
ioctl$TIOCL_SCROLLCONSOLE(r1, 0x541c, &(0x7f0000000100)={0xd, 0x4})
mremap(&(0x7f00005ab000/0x1000)=nil, 0x1000, 0x1000, 0x7, &(0x7f0000ffe000/0x1000)=nil)
r3 = openat$rnullb(0xffffffffffffff9c, &(0x7f0000001140), 0x66002, 0x0)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0x1000005, 0x22052, r3, 0x2000)

2.38725807s ago: executing program 5 (id=2841):
r0 = openat$qat_adf_ctl(0xffffffffffffff9c, &(0x7f0000000000), 0x201, 0x0)
ioctl$IOCTL_START_ACCEL_DEV(r0, 0x40096102, &(0x7f0000000240)={{&(0x7f00000001c0)={'Accelerator0\x00', {&(0x7f0000000100)=@adf_str={@normal='NumberDcInstances\x00', {"03d97616560de3ef72eb272fc1e0f2c99ab692e7465aba9e5c874ac90b394d6d54dd59c43b7a3d746f08d5aa36aa235e500f2ee0472fbb91ce00ee6780b76761"}, {&(0x7f0000000040)=@adf_str={@bank={'Bank', '2', 'CoreAffinity\x00'}, {"5944a8984c520beaff4a43b969681519ef5489d23e783e8835ecdc46bcee98373c6c12de3fd8c63343b2195c24c30e2609a4888d562f0158007300c2ccfad70a"}}}}}}}, 0x5})
r1 = accept4$unix(0xffffffffffffffff, 0x0, &(0x7f0000000280), 0x800)
recvfrom$unix(r1, &(0x7f00000002c0)=""/210, 0xd2, 0x40010120, &(0x7f00000003c0)=@file={0x0, './file0\x00'}, 0x6e)
r2 = socket$nl_sock_diag(0x10, 0x3, 0x4)
bind(r2, &(0x7f0000000440)=@pppol2tp={0x18, 0x1, {0x0, r1, {0x2, 0x4e24, @dev={0xac, 0x14, 0x14, 0x2b}}, 0x1, 0x4, 0x4, 0x2}}, 0x80)
lsetxattr(&(0x7f00000004c0)='./file0\x00', &(0x7f0000000500)=@random={'trusted.', 'Accelerator0\x00'}, &(0x7f0000000540)='@\xf2]!%]\x00', 0x7, 0x0)
r3 = openat$nci(0xffffffffffffff9c, &(0x7f0000000580), 0x2, 0x0)
symlink(&(0x7f00000005c0)='./file0\x00', &(0x7f0000000600)='./file0\x00')
r4 = openat$dlm_monitor(0xffffffffffffff9c, &(0x7f0000000640), 0x1, 0x0)
ioctl$AUTOFS_DEV_IOCTL_ASKUMOUNT(r4, 0xc018937d, &(0x7f0000000680)={{0x1, 0x1, 0x18, <r5=>r3, {0x1}}, './file0\x00'})
newfstatat(0xffffffffffffff9c, &(0x7f00000006c0)='./file0\x00', &(0x7f0000000700)={0x0, 0x0, 0x0, 0x0, <r6=>0x0}, 0x100)
quotactl_fd$Q_GETFMT(r1, 0xffffffff80000400, r6, &(0x7f0000000780))
openat$binderfs(0xffffffffffffff9c, &(0x7f00000007c0)='./binderfs/binder0\x00', 0x800, 0x0)
unlink(&(0x7f0000000800)='./file0\x00')
ioctl$KVM_GET_VCPU_MMAP_SIZE(r5, 0xae04)
ioctl$IOCTL_STOP_ACCEL_DEV(r5, 0x40096101, &(0x7f0000000ac0)={{&(0x7f0000000a40)={'Accelerator0\x00', {}, {&(0x7f00000009c0)={'Accelerator\x00', {&(0x7f0000000900)=@adf_dec={@bank={'Bank', '0', 'InterruptCoalescingTimerNs\x00'}, {}, {&(0x7f0000000840)=@adf_dec={@normal='NumberCyInstances\x00', {0xe}}}}}}}}}, 0x4})
pread64(r1, &(0x7f0000000b00)=""/146, 0x92, 0x4)
r7 = syz_open_dev$audion(&(0x7f0000000bc0), 0x80000001, 0x208201)
ioctl$BTRFS_IOC_SNAP_DESTROY(r0, 0x5000940f, &(0x7f0000000c00)={{r5}, "4703bc49e5f0bbc1e60d61cdf1a97fa9860e22207a90d3704ec2c2e29f83b2120e954effa1777e00022de3ca9b49d43f250bbe0de2963d0c31c8f89854e20f7d253be90505aaf1303d0ee3d1d8109d4fa16c88cff06ab60d26ba9daaf9d1a05864913de957fe3bc408115498e98a8dc6c01f4b3e1856a286cbe6bff95a86bd1f750e0114310190036045e30148e9707fdf80bc34033657ce0ac15e2836fe99c9437bff7c9c59772029d77e3ea4bb587e6daf7169475ef0776cc544b0544c964e0fefa0d049ceb00fd2d2f1f25bdc4a33ecc9cb3429ecc7b0d8bb7addd112035cba2a089cad315828d7dc6f9bebb656470e3d7373567a7c5fe53d64e8175bd8437613c3d018f7c6b97d5090e27f3db6c91e06f80511e9e27e111e710f5e343013ec885f93d705a10f518efd181b518f60684e9d42d34ebcf052e1eee8924f4ed711bf5ee45690eeaae5b98b34a7e8ffe645ed3022f81e0bbbe982040b1da692cbfdc45b7bc51591dbd09fab6c65c331d894903e4c44ae4853d5b46f09ed20c0567fd2d245ed39bae27b8ac48ab1cbc8089590ec7c44814dd44b7c8b0c583cd03dac27275ddfd70fa417d7616a8d1425b69724fc5381b63e2b24b29128843bc0e6fbabda5f8b16c275f9993790ab91f74fa9b7c85eb7b4e3a3e6e91b901e225262da07dead0224b90fcf78bc8c9a54988fc2ff8af601ee1c56e0e33d77da0d0042aa517b2ddb419012a23d913d7fa39ecd0c3b5c30da8f3b104758155cf157cd03bb410f8b1cff8589567de82592c1fefb1deb92ff34bd418b557aa63455b06fe172634dbd5e2e05ccc220fcfd0ecc952162e18e46551ce405ebdbe9bc05e13547e902371512b3dff2c94a50f5b59c4f18d920e4d60c9886df9d93824aef18d6406ee390dfc3c3af4a80b87e0a53c160e6613ee0b4dc2a45ebaa7323196dc148ee437f95f22736b18be22e4d641df68b72a935f717c796e4365fb5825a3c2e6d8948d50e5351bd7b463c784b7bb21101810547e9f2b62d9d8e5cb992911769b06d5eabcbfa6047b744e8caeb63798ea232e3973ce1e35af3c3d02da1f38b341ddc0ac17b2750790f462e5f21e133328c6ef21bbbc38bccb8fcd8e7eee68a16f1adbdac0ca5ff8a9f0ee2394a71383b8ab9cd86753877e3b05e45d15aba38951db925258740318ce61968c41691eaabf87d1fe5d6a337db8eea0a27081359e60f0c3426b2a63e1bd562567cbe69fabcab544ee20749fff532f0103a59ae2ae6b03ca039b3bcdbada7d86d9bab9d9c7e783f8f0c25642d7fb3012c6fa1115aa29972a5bf223744cbd52ba436a8ca026ca78ddc74a28d1032f19b0ee73a6a0bafc1893605b0bc2d5971b5d60a21e71e6e07021986215202991150fbab81399b73678154d78cd72c700f18192044445cdf7146fd4a27107bad1c02c074d6449f4acc4f590af51bb9f3ff0a9b32982e07b0eab5000715fdde8ea433f8bf88a61cf4198819cd7b47d94e42b2960f77997781659b65850ac359e32d86f8fdc969938b9e65c1ab33785d30f280d6025ef50fd125e0b8b01c892f4de3c7fca63cf09feaeea2cf9a12b2e4c7ee31279c6487b6f8b41b4890578c36792b1dbb6bd8afc0c8c066965d6d2349857e886ef960eb7028e1cd283339e7791d39fc5314cf004e0b60eaa2dcc98492324c7622286dafdef0c3fc533406775329d1c0078ef3aeac38b4918f1489b441ef24bbe55edcf0075ac89ba91bdbbd54b4390f4958541100f5af75e5a966e516b1e4920979b6d5fafc59c9bf358b6901725bba8c3c3ab105a5ceb5c5923d4e462d38ff310ed9f33a2bbc76845022bdb19d295ec01d8cd55d7539338b0f5b67ba59d5e1ab443a3bb71e751fcf03bf317477dd9e6b28a08f0227eec34731806a0b10271650e36042f736bd82fcfd8d17d350f4c3ae77f5e9292dad30a233d86c023e9311261e876f232c58e1bd8b5d9e7e9dc4c6191582ee9ea8a671c854365716d6880d5605dc11eb4b828dec0c96e407f9e3c35ac9b498808de207f3af736a745f36a2c069a6b9ac468980d07980015f211d569d2b3bc695edfcf82205da4492298c273cc5f7ee6a578d0273975d88aa73e035f53e0c06d6b79769d55cd7b76afc8ca7aaf4f5f09078353e810a0d9365cab31101aa8b1077946eff89e16cd035d69d00f135073c1ead33ab2968204d8138c846e76c79e4a3fcb4f37b350d50162253ff69e105ab43657753baad625d00cbaad08d2d7dd6ae1f9fcaf65cdaeba18390f6bfb06dfd6f746deb0e6e41fb182813e88b2627ff8cc385178df218460bd25b90f547a6fd9914e2ae37b730b7faa7718cd0afc4a4633cb471ae39d237ecc1505ad591aff97003430bf7d318903a445c800a1f6e709c89b143392085f315f97abac6b9bec369a66d9bb80f38a2b857273348fc5945a49ae8591ae22c64c94d5344f202b2f2bf49094489799110bebd4647921574b8b62abe2360e0bba60e28fc4e2e552a7c2fb884bf9c0e4451d4a4f9e0bb7af543fcf163d71b4b8fa0c6b140d5396e5969003b90c1338f59c0fa0697a48fe4e3b375d23ec3bfb31c623ca5f3aea4c35d803f6b985d0e57f262044f329c57bdf305a1f3da5cfd2092780fe55db34a440378d208e95eff82c6db5dfd3e1d32f96172a23d2a337e4bbd8729512845f6651a622b493a0967afafcae434301bae821c0473d3476ebd931eeb11d0891cd10bea7cc3d85b83756e6a46afc95fbb837620b2215fc78a3c773d24a0625bad646a6266a7590cad40c638584409bd2831bba2e8f017d610ce917b3be04c684d51d06c7c71fc7ca6e47880aa028d146c5a75f1519a65bbd199bfd1a8e646cb9c4d6f26600338b7ab30f7c4c2a0f1ec5618e2eeab0a12bf786f1079b8b10b46ba496234a28a867133519b4ceec2e308de007535ef57fd33b3c70ed4ebe9862dd46986d24d0b02d5b15a1d3cc6d51cdae9edb1ca3438d7d46dbae60f5d5e91f7dd914dae837ed6315c670bb3f742c2f65f5dd5557a0c400872406c53fbb2fbfd2f523a36801fd5e9539c9e993fc0f1970fb26f4abd5fdf3db53f75ffc5ed383499fdb32e6069ea26021b1ff11fb6bba0174a4ee2999c62a352e04f5a0bca3fc01e6bf0738f278f4bd6f97d73564cb44ae6d48c6aef2a2c70999f590d432aa09ab36fd8b93cfcd3c50ec7ff4876e352d939fc1674cfb9266e2adfb6b06d6c52e8e9fd0a6e6254de71b3a4b24f0bec43c6d6bbbce0c3e9b47bf0cbb5eadabc1aabb20fd7a6585178ad7787a8b23210d83f8eb7a3a7d83d73df8c167d00153c1628fbe1b367f4396042bd2d581f92a92fcebfe9de3e8878ca26369115c44aefd26b093f172efaecbc97717cfe38e4015871b3578791ab74e2ad4ca8f6ac7aa9839830cdb73f56b69d023c02992c4d01499f8c1336edab525d98a907b801d6e4b39f3cd30ff08a28f73d4c0d31d704151fd48b57f0b9cf5344472422ad970004146fea5b4dc6b4a285c1a2d5a62bb809085cf318cd6316cd51c3c921b7059ca775fa414ceeee95386436d8484f24f2775abb48368cdd2c0f444182a1e6eb5a466d6faa45e79337a815aae3994afd6037cb0e6c601ebd90c11b69ae2ae2d6f06d47f02a401e23871cf562bcb7040d2fe47943dd6eb2bf966f28887c0803e4937f7826905e232019d5b919c305972802a351828270d204025af432dc7cfe0005d875cb1c2f103e42c12f75562d56d8653bdc2984ec2dc2390dab340681f6b7e9ef4712bb158c291b31e516ffe8f4e56e5db16298a602a69653ea50c94ad78516d32e1e0913e684f9ad280ff3c6437fd7f3bf9c8cee9e442862fd65f7321c8e36950cfc66d9067438a585a1ae2fd6a5dac3fb73ccc0b0c8d3f5aaf8020f28a1deb30638af2d4e4d82ecb6a55f68bbf6c58e3f84acb096ab4e75761a754d4814112aabf4b9fb64ec461636475ca29305a216e784b9f827802f9a4b688a33f356c89ff7ea7a5dd3ade41f0cf2632b9e3823a5b82ec4b6ab0d4db48d8f0216c44737cf7e2db2b627efbc693436507b5179c7e558b223a7d3f2da4043e4f97ab50494558c3a808ddf3459e0cba8d78ecc09ed499f4b87d80fd328f73c20410b1830947fe68e395c928514b2ba23bcaf3328c7c22fd5c95fbd65668f10722c7ce80a228485ac434c0df7dff695a77e2269692f45a2ee07e8526ffcc3d35ea0098b8d6fa95ec9dba41d9830e5f96ee1f66b018f8e06bf54ed6bb2e91a53d249a5db504e5d5b2b4183ff067e71f8e7fb9b3c75a22852934be51bf9a0e0845fac186991db792d7b57bca021d445b2c227a7254c2a31ff374caab533408b5e5a69093a930ab685d1df07bfdc22b55cee3d305eab5fd1fbeb0247c0ea7a36e2d6141a313ae0989ff97ab3a54146b1eb66d7513ab6bf928bc6633e9353fe01aab7d83667acc0345402f70a3a0b9bf0ea277d4478153c6063f89b9e4a6ff6744979d2b964bc77353aca8ca6fb97f01e5af9d7451847140ec2c4fdeb1b29f53c3a362cbf93c7a740e8c034ec80d63a20a9d477c3a5ebad7307081c16501052d42971237c236f42a411be1d182694302c39298bf7e1f0c84bd2e3b5096756a5dc1900efd7ad54f1d7a0c2d4e01687e3cf3052ba3e8b4aadffbff4d2442a965a68c2c131d2215249d0465ca7326915a7c9ef7826ef9840849b15ba6af500c983d1abaaf544355be1372e6511531fedd9c52c0d8a3fae1457062a529290cf93d2cdad5efe66d13c5e6609aa18509543d631db423ecf11f7c81f1d4ba9115ef3b6bccb60b420664ce16b8745c2c72bda6a354807596b3c09c2a7b80efb1f8b69a5e658745a709a40b5344add566f4b2e8f0267aca571f288622f64ff8037b3494b7ead5c0f9c8c4f17933b757a24dad89229738bb27d395aacfff20b6707df5a177e04a24f2dc839403aae8795fc4aa9f01e7c0000f08610b9e1ef99972dec4f8c6d4c7a34a3277570afda0c3f488f7b0860ffd6af2300751720ad692191457d16f4415ccfa248adcf33ab0340e03b098df01040e49b3c5098ecbe4d44f9a165d87a279081b27c07eae364f15f888e31ae7c3f8ca06045c5e9e8f783527c0508072c9776b26590fd72b3326bd692964d04cab5a9fa3adc7364b1f95590334a35245b91885aa860ec70f69b74084a323339697ff308d96c917ee0a3d4ef77fb6b65c890b21194ff47bf48799815bbfbae1f02d596a5b91cf912b11f4d251659c66571d97bc7d7abd3200128dfb22679f9fa36e485ae4a534ce2a2599eb40d78d9da3de14cc21929fa8f0102ea16a1127a4a01a581e6c7430499a4324926df6b411e3a974fba65adfd46f3ab7b3f92c4dc6ee66624bf4deb3c833373d7f85b7184b843972b9542eaa8b5ffe0e156a168809dbfc8b820748df621d73bc81991f08ddeb66233bd070a7ef5a9aadc666b8ed29212a4b38763a24553bcc61afac6de340dc87c2f644eb5369c8aabcc636903e9d7377e51b43eb03dfc32a704af0028f1b6c78ce67b1c8c2644aa0ea087f948f1ff14d3b778f2e8e48886b1056a0813b605e41374383e344ec8ac45b4270e64d43192d51af2c0a9574dea9a0c28e44ecd7bcd61d3fd76f57a5f1b5c379dba5a30f740b3174ad8ce74f23d4dd2f0111a30b6c69799a6149634b769e81b66dfe7e30f23443bb8fe22eca2480ffd09a10bb861a37600f18108f838e48188b8720efa4485e73dc0aded0f2daaf22cb3f3db0f5b1c4375c14c9d02d0bfa8eefcd23404ad2ccf49a9cf9d97a8a80b47e9"})
getsockopt$bt_BT_FLUSHABLE(r7, 0x112, 0x8, &(0x7f0000001c00)=0x5, &(0x7f0000001c40)=0x4)
sendmsg$SOCK_DIAG_BY_FAMILY(r5, &(0x7f0000001e80)={&(0x7f0000001c80)={0x10, 0x0, 0x0, 0x80000}, 0xc, &(0x7f0000001e40)={&(0x7f0000001cc0)={0x144, 0x14, 0x30, 0x70bd2d, 0x25dfdbfd, {0xa, 0x6}, [@INET_DIAG_REQ_BYTECODE={0xac, 0x1, "35e8e4eb0ab5e1c6077082b76c241203f8529a295f216c26a45569f5fad2c8ed77108df839c2324471b4d47d031e37bf2f98312d176c00c808888082bd1b0a7f55709ebf32539730765b0ed9ea5a2c5970ec6be8f07e8b88c90ec0aac53f6a8db2551d2344549935ba9f7213a614145a3dd793614a4daca0d555cfb845e2341ce024b9044f2bbb36391cb90e7a1aa95731a79f1238736c1d00ae156c800e105589a4532cedd64540"}, @INET_DIAG_REQ_BYTECODE={0x83, 0x1, "a5295d5cfb75ac0e418e789163d3c92c98aa9221e9fbb04782a42348df29ec4872631985b030a5591b43aa71c7d1415eb70c6082d4ce2f2901a5034b2642ec5c456805c161d40efa2b2b38346e3c0d79cc362b4a6ec72a85d8a6d2b5c282f40d56ac714e79d479e96b43fac4778c3662cebddf5fbd28fbf13310da2cb80c3a"}]}, 0x144}, 0x1, 0x0, 0x0, 0x40002010}, 0x14040)
ioctl$VFAT_IOCTL_READDIR_BOTH(r1, 0x82307201, &(0x7f0000001ec0)=[{0x0, 0x0, 0x100}, {0x0, 0x0, 0x100}])
ioctl$FS_IOC_GETFSLABEL(r2, 0x81009431, &(0x7f0000002100))
lsetxattr(&(0x7f0000002200)='./file0\x00', &(0x7f0000002240)=@random={'os2.', '\x00'}, &(0x7f0000002280)='9!//\x00', 0x5, 0x1)
ioctl$KDGKBLED(r4, 0x4b64, &(0x7f00000022c0))
setxattr(&(0x7f0000002300)='./file0\x00', &(0x7f0000002340)=@known='user.syz\x00', &(0x7f0000002380)='/dev/dlm-monitor\x00', 0x11, 0x6)
ioctl$KVM_GET_PIT(0xffffffffffffffff, 0xc048ae65, &(0x7f00000023c0))
openat$pfkey(0xffffffffffffff9c, &(0x7f0000002440), 0x4, 0x0)
ioctl$SCSI_IOCTL_START_UNIT(r7, 0x5)

2.297162103s ago: executing program 6 (id=2843):
r0 = openat$rnullb(0xffffffffffffff9c, &(0x7f0000000100), 0x581a00, 0x0)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0x4, 0x20011, r0, 0xd6bb3000)
r1 = openat$iommufd(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0)
ioctl$IOMMU_IOAS_ALLOC(r1, 0x3b81, &(0x7f00000003c0)={0xc, 0x0, <r2=>0x0})
ioctl$IOMMU_IOAS_MAP$PAGES(r1, 0x3b85, &(0x7f0000000040)={0x28, 0x7, r2, 0x0, &(0x7f0000800000/0x800000)=nil, 0x800000})
r3 = openat$dsp(0xffffffffffffff9c, &(0x7f00000001c0), 0x0, 0x0)
ioctl$SNDCTL_DSP_GETOPTR(r3, 0x800c5012, 0x0)
ioctl$IOMMU_TEST_OP_CREATE_ACCESS(r1, 0x3ba0, &(0x7f0000000340)={0x48, 0x5, r2, 0x0, 0xffffffffffffffff, 0x1})
ioctl$IOMMU_TEST_OP_CREATE_ACCESS(r1, 0x3ba0, &(0x7f0000000200)={0x48, 0x5, r2})
r4 = openat$sequencer(0xffffffffffffff9c, &(0x7f0000000040), 0x8002, 0x0)
ioctl$SNDCTL_SEQ_OUTOFBAND(r4, 0x40085112, &(0x7f0000000080)=@s={0x5, @generic=0xff})
r5 = seccomp$SECCOMP_SET_MODE_FILTER_LISTENER(0x1, 0x0, &(0x7f0000000040)={0x1, &(0x7f0000000000)=[{0x6, 0x0, 0x0, 0x7fff7ffc}]})
r6 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000280), 0x0, 0x0)
r7 = ioctl$KVM_CREATE_VM(r6, 0xae01, 0x0)
ioctl$KVM_SET_USER_MEMORY_REGION(r7, 0x4020ae46, &(0x7f0000000400)={0x0, 0x0, 0x0, 0x20002000, &(0x7f0000000000/0x2000)=nil})
r8 = ioctl$KVM_CREATE_VCPU(r7, 0xae41, 0x0)
syz_kvm_setup_cpu$x86(0xffffffffffffffff, r8, &(0x7f0000000000/0x18000)=nil, &(0x7f0000000600)=[@text64={0x40, 0x0}], 0x1, 0x74, 0x0, 0x0)
syz_genetlink_get_family_id$mptcp(&(0x7f00000001c0), 0xffffffffffffffff)
ioctl$KVM_RUN(r8, 0xae80, 0x0)
close_range(r5, 0xffffffffffffffff, 0x0)
ioctl$IOMMU_IOAS_UNMAP(0xffffffffffffffff, 0x3b86, &(0x7f0000000400)={0x18, 0x0, 0xffffffffffffffff, 0x7ee7})
madvise(&(0x7f0000000000/0xc00000)=nil, 0xc00000, 0x16)

1.177295634s ago: executing program 6 (id=2845):
mount(&(0x7f00000000c0)=@rnullb, &(0x7f0000000040)='./cgroup\x00', &(0x7f0000000000)='reiserfs\x00', 0x0, 0x0)

1.177116427s ago: executing program 5 (id=2846):
mount(&(0x7f0000000080)=@rnullb, &(0x7f0000000000)='./cgroup\x00', &(0x7f0000000100)='erofs\x00', 0x200004, 0x0)

1.095850603s ago: executing program 5 (id=2847):
r0 = openat$rnullb(0xffffffffffffff9c, &(0x7f0000001140), 0x60a00, 0x0)
r1 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000180), 0x2, 0x0)
madvise(&(0x7f0000a93000/0x4000)=nil, 0x4000, 0x80000000e)
mremap(&(0x7f0000a96000/0x1000)=nil, 0x1000, 0x400000, 0x3, &(0x7f0000000000/0x400000)=nil)
r2 = socket$xdp(0x2c, 0x3, 0x0)
setsockopt$XDP_UMEM_REG(r2, 0x11b, 0x4, &(0x7f00000000c0)={&(0x7f0000000000)=""/65, 0x328000, 0x800}, 0x20)
madvise(&(0x7f0000000000/0x600000)=nil, 0x600000, 0x8)
madvise(&(0x7f0000000000/0x600000)=nil, 0x600000, 0x15)
userfaultfd(0x1)
r3 = ioctl$KVM_CREATE_VM(r1, 0xae01, 0x0)
r4 = ioctl$KVM_CREATE_VCPU(r3, 0xae41, 0x0)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xf411119edabebbb1, 0x20011, r0, 0xd56d9000)
ioctl$KVM_SET_DEBUGREGS(r4, 0x4080aea2, &(0x7f0000000000)={[0xe6f48000, 0x4000, 0xeeee0000, 0x4000], 0x7, 0x0, 0x6})

1.093472186s ago: executing program 6 (id=2848):
r0 = openat$sndseq(0xffffffffffffff9c, &(0x7f0000000040), 0x42002)
syz_usb_connect(0x2, 0x24, &(0x7f0000000040)=ANY=[@ANYBLOB="1201000059770c40c009030243d30000000109021200010000000009"], 0x0)
ioctl$SNDRV_SEQ_IOCTL_CREATE_QUEUE(r0, 0xc08c5332, &(0x7f00000001c0)={0x0, 0x0, 0x0, 'queue1\x00'})
write$sndseq(r0, &(0x7f0000000000)=[{0x86, 0x77, 0x0, 0x0, @tick, {}, {0x0, 0x4}, @raw32={[0x2, 0x0, 0x4]}}], 0x1c)
r1 = socket$kcm(0x1e, 0x4, 0x0)
sendmsg$kcm(r1, &(0x7f0000000100)={&(0x7f0000001540)=@tipc=@nameseq={0x1e, 0x1, 0x0, {0x1}}, 0x80, 0x0}, 0x0)
ioctl$SNDRV_SEQ_IOCTL_REMOVE_EVENTS(r0, 0x4040534e, &(0x7f0000000140)={0x16f, @tick=0x8000006})
r2 = openat$rnullb(0xffffffffffffff9c, &(0x7f0000001140), 0x66002, 0x0)
r3 = openat$tun(0xffffffffffffff9c, &(0x7f0000000140), 0x0, 0x0)
ioctl$TUNSETIFF(r3, 0x400454ca, &(0x7f0000000080)={'pimreg0\x00', 0x7c2})
r4 = socket$inet6(0xa, 0x2, 0x0)
setsockopt$inet6_int(r4, 0x29, 0xb, 0x0, 0x0)
ioctl$TUNATTACHFILTER(r3, 0x401054d5, &(0x7f00000000c0)={0x2, &(0x7f0000000000)=[{0x44, 0x0, 0x0, 0x800}, {0x6}]})
r5 = socket$alg(0x26, 0x5, 0x0)
bind$alg(r5, &(0x7f0000000000)={0x26, 'skcipher\x00', 0x0, 0x0, 'ecb(des3_ede)\x00'}, 0x58)
setsockopt$ALG_SET_KEY(r5, 0x117, 0x1, &(0x7f0000c18000)="ad56b6c5820fae9d6dcd3292ea54c7beef915d564c90c200", 0x18)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0x3000001, 0x22052, r2, 0x2000)

1.04712489s ago: executing program 5 (id=2849):
r0 = syz_open_dev$usbfs(&(0x7f0000000100), 0x76, 0x101301)
r1 = openat$rnullb(0xffffffffffffff9c, &(0x7f0000001140), 0xa00, 0x0)
r2 = socket$alg(0x26, 0x5, 0x0)
bind$alg(r2, &(0x7f0000000000)={0x26, 'skcipher\x00', 0x0, 0x0, 'ecb-camellia-asm\x00'}, 0x58)
setsockopt$ALG_SET_KEY(r2, 0x117, 0x1, &(0x7f0000c18000)="ad56b6c5820fae9d6dcd3292ea54c7beef915d564c90c200", 0x18)
brk(0x20ffc004)
getpid()
r3 = socket$nl_xfrm(0x10, 0x3, 0x6)
setsockopt$netlink_NETLINK_ADD_MEMBERSHIP(r3, 0x10e, 0x1, &(0x7f0000000400)=0x1, 0x4)
r4 = socket$inet6(0xa, 0x80002, 0x0)
connect$inet6(r4, &(0x7f0000000000)={0xa, 0x4e27, 0xffffffff, @mcast2, 0x7}, 0x1c)
r5 = socket$nl_xfrm(0x10, 0x3, 0x6)
sendmsg$nl_xfrm(r5, &(0x7f0000000480)={0x0, 0x0, &(0x7f0000001f40)={&(0x7f00000004c0)=@updpolicy={0xfc, 0x19, 0x1, 0x70bd2d, 0x0, {{@in6=@loopback, @in6=@remote, 0x0, 0x0, 0x0, 0x0, 0xa, 0x0, 0x0, 0x0, 0x0, 0xffffffffffffffff}, {0x0, 0xc, 0x0, 0x0, 0x0, 0xffffffffffffffff}, {0x0, 0xa00, 0x407ffffffffffe, 0x800000000000002}, 0x0, 0x0, 0x1}, [@tmpl={0x44, 0x5, [{{@in=@local, 0x0, 0x3c}, 0x2, @in=@broadcast, 0x6, 0x4, 0x3}]}]}, 0xfc}}, 0x0)
sendmmsg$inet6(r4, &(0x7f0000003cc0)=[{{0x0, 0x0, 0x0}}], 0x20, 0x4001c00)
r6 = accept4(r2, 0x0, 0x0, 0x800)
r7 = openat$comedi(0xffffff9c, 0x0, 0x2000, 0x0)
ioctl$COMEDI_INSN(r7, 0x8028640c, &(0x7f0000000000)={0x4000000, 0x0, 0x0, 0x0, 0x80000000})
sendmsg$NL80211_CMD_SET_TX_BITRATE_MASK(r6, &(0x7f00000003c0)={0x0, 0x0, &(0x7f0000000380)={&(0x7f0000000080)=ANY=[], 0x9c}, 0x1, 0x0, 0x0, 0x4004001}, 0x20004000)
recvmsg(r6, &(0x7f00000002c0)={0x0, 0x0, &(0x7f0000000f40)=[{&(0x7f00000005c0)=""/15, 0xf}, {&(0x7f0000000ac0)=""/138, 0x8a}], 0x2}, 0x0)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0x2000005, 0x20011, r1, 0x1a1c1000)
ioctl$USBDEVFS_RELEASE_PORT(r0, 0x80045519, &(0x7f0000000080)=0x2)

1.01340789s ago: executing program 5 (id=2850):
r0 = openat$vimc1(0xffffffffffffff9c, &(0x7f0000000180), 0x2, 0x0)
ppoll(&(0x7f0000000200)=[{0xffffffffffffffff, 0x1200}, {r0, 0x80}, {r0, 0x5100}], 0x3, &(0x7f0000000240), 0x0, 0x0)
ioctl$VIDIOC_SUBSCRIBE_EVENT(r0, 0x4020565a, 0x0) (async)
ioprio_set$pid(0x1, 0x0, 0x2007) (async)
readv(0xffffffffffffffff, &(0x7f00000001c0)=[{&(0x7f0000000000)=""/225, 0xe1}, {&(0x7f0000000100)=""/81, 0x51}], 0x2) (async)
r1 = openat$rnullb(0xffffffffffffff9c, &(0x7f0000001140), 0x141342, 0x0)
sendfile(r1, r1, 0x0, 0x7ffff000)

481.70861ms ago: executing program 7 (id=2852):
r0 = openat$rnullb(0xffffffffffffff9c, &(0x7f0000001140), 0x141342, 0x0)
socket$pppl2tp(0x18, 0x1, 0x1)
r1 = syz_open_dev$swradio(&(0x7f0000000040), 0x1, 0x2)
ioctl$VIDIOC_TRY_FMT(r1, 0xc0d05640, &(0x7f00000000c0)={0xb, @pix_mp})
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0x200000f, 0x28011, r0, 0xef25b000)
r2 = syz_open_dev$tty20(0xc, 0x4, 0x0)
fsetxattr$security_evm(0xffffffffffffffff, 0x0, &(0x7f00000002c0)=ANY=[@ANYBLOB="000101fffffff90035306d380b9e8f6c33e518ece81a26998fa7f35023259b7e7555fc"], 0x3e, 0x0)
r3 = socket(0x11, 0x3, 0x0)
r4 = socket$nl_generic(0x10, 0x3, 0x10)
ioctl$sock_SIOCGIFINDEX(r4, 0x8933, &(0x7f00000005c0)={'gre0\x00', <r5=>0x0})
bind$packet(r3, &(0x7f0000000180)={0x11, 0x0, r5, 0x1, 0x0, 0x6, @dev}, 0x14)
setsockopt$packet_int(r3, 0x107, 0xf, &(0x7f0000000240)=0x4e6f, 0x4)
sendmsg$netlink(r3, &(0x7f0000002ac0)={0x0, 0x0, &(0x7f0000000540)=[{&(0x7f0000000280)=ANY=[@ANYBLOB="02011412012918000e3580009f000114000000040600ac141430e0000001808a8972bd0b72e4108296a3d206"], 0xdd12}], 0x1, 0x0, 0x0, 0x4000}, 0x1)
ioctl$TIOCGRS485(r2, 0x542e, &(0x7f0000000000))
openat$rnullb(0xffffffffffffff9c, &(0x7f0000001140), 0x141342, 0x0) (async)
socket$pppl2tp(0x18, 0x1, 0x1) (async)
syz_open_dev$swradio(&(0x7f0000000040), 0x1, 0x2) (async)
ioctl$VIDIOC_TRY_FMT(r1, 0xc0d05640, &(0x7f00000000c0)={0xb, @pix_mp}) (async)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0x200000f, 0x28011, r0, 0xef25b000) (async)
syz_open_dev$tty20(0xc, 0x4, 0x0) (async)
fsetxattr$security_evm(0xffffffffffffffff, 0x0, &(0x7f00000002c0)=ANY=[@ANYBLOB="000101fffffff90035306d380b9e8f6c33e518ece81a26998fa7f35023259b7e7555fc"], 0x3e, 0x0) (async)
socket(0x11, 0x3, 0x0) (async)
socket$nl_generic(0x10, 0x3, 0x10) (async)
ioctl$sock_SIOCGIFINDEX(r4, 0x8933, &(0x7f00000005c0)={'gre0\x00'}) (async)
bind$packet(r3, &(0x7f0000000180)={0x11, 0x0, r5, 0x1, 0x0, 0x6, @dev}, 0x14) (async)
setsockopt$packet_int(r3, 0x107, 0xf, &(0x7f0000000240)=0x4e6f, 0x4) (async)
sendmsg$netlink(r3, &(0x7f0000002ac0)={0x0, 0x0, &(0x7f0000000540)=[{&(0x7f0000000280)=ANY=[@ANYBLOB="02011412012918000e3580009f000114000000040600ac141430e0000001808a8972bd0b72e4108296a3d206"], 0xdd12}], 0x1, 0x0, 0x0, 0x4000}, 0x1) (async)
ioctl$TIOCGRS485(r2, 0x542e, &(0x7f0000000000)) (async)

358.757205ms ago: executing program 7 (id=2853):
openat2$dir(0xffffffffffffff9c, &(0x7f0000000000)='./file0\x00', &(0x7f0000000040)={0x2adc0, 0x1c1}, 0x18)
openat$rnullb(0xffffffffffffff9c, &(0x7f0000000040), 0x0, 0x0)
socket$nl_route(0x10, 0x3, 0x0)
socket$inet6_sctp(0xa, 0x1, 0x84)
openat$drirender128(0xffffffffffffff9c, &(0x7f0000000240), 0x101000, 0x0)
syz_open_dev$dri(&(0x7f0000000240), 0xd21, 0x141002)
r0 = socket(0x10, 0x3, 0x0)
setsockopt$netlink_NETLINK_TX_RING(r0, 0x10e, 0xc, &(0x7f0000000040)={0x802, 0x0, 0x0, 0x7}, 0x10)
sendmsg$nl_generic(r0, &(0x7f0000000000)={0x0, 0x0, &(0x7f00000000c0)={&(0x7f00000005c0)=ANY=[@ANYBLOB="200000005200010003000000000000000a", @ANYRES32=r0], 0x20}}, 0x0)

291.723849ms ago: executing program 7 (id=2854):
r0 = openat$rnullb(0xffffffffffffff9c, &(0x7f0000000100), 0x581a00, 0x0)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0x4, 0x20011, r0, 0xd6bb3000)
r1 = openat$iommufd(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0)
ioctl$IOMMU_IOAS_ALLOC(r1, 0x3b81, &(0x7f00000003c0)={0xc, 0x0, <r2=>0x0})
ioctl$IOMMU_IOAS_MAP$PAGES(r1, 0x3b85, &(0x7f0000000040)={0x28, 0x7, r2, 0x0, &(0x7f0000800000/0x800000)=nil, 0x800000})
r3 = openat$dsp(0xffffffffffffff9c, &(0x7f00000001c0), 0x0, 0x0)
ioctl$SNDCTL_DSP_GETOPTR(r3, 0x800c5012, 0x0)
ioctl$IOMMU_TEST_OP_CREATE_ACCESS(r1, 0x3ba0, &(0x7f0000000340)={0x48, 0x5, r2, 0x0, 0xffffffffffffffff, 0x1})
ioctl$IOMMU_TEST_OP_CREATE_ACCESS(r1, 0x3ba0, &(0x7f0000000200)={0x48, 0x5, r2})
r4 = openat$sequencer(0xffffffffffffff9c, &(0x7f0000000040), 0x8002, 0x0)
ioctl$SNDCTL_SEQ_OUTOFBAND(r4, 0x40085112, &(0x7f0000000080)=@s={0x5, @generic=0xff})
r5 = seccomp$SECCOMP_SET_MODE_FILTER_LISTENER(0x1, 0x0, &(0x7f0000000040)={0x1, &(0x7f0000000000)=[{0x6, 0x0, 0x0, 0x7fff7ffc}]})
r6 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000280), 0x0, 0x0)
r7 = ioctl$KVM_CREATE_VM(r6, 0xae01, 0x0)
ioctl$KVM_SET_USER_MEMORY_REGION(r7, 0x4020ae46, &(0x7f0000000400)={0x0, 0x0, 0x0, 0x20002000, &(0x7f0000000000/0x2000)=nil})
r8 = ioctl$KVM_CREATE_VCPU(r7, 0xae41, 0x0)
syz_kvm_setup_cpu$x86(0xffffffffffffffff, r8, &(0x7f0000000000/0x18000)=nil, &(0x7f0000000600)=[@text64={0x40, 0x0}], 0x1, 0x74, 0x0, 0x0)
syz_genetlink_get_family_id$mptcp(&(0x7f00000001c0), 0xffffffffffffffff)
ioctl$KVM_RUN(r8, 0xae80, 0x0)
close_range(r5, 0xffffffffffffffff, 0x0)
ioctl$IOMMU_IOAS_UNMAP(0xffffffffffffffff, 0x3b86, &(0x7f0000000400)={0x18, 0x0, 0xffffffffffffffff, 0x7ee7})
madvise(&(0x7f0000000000/0xc00000)=nil, 0xc00000, 0x16)

179.782745ms ago: executing program 3 (id=2855):
madvise(&(0x7f0000000000/0x800000)=nil, 0x800000, 0xe)
mkdir(&(0x7f0000000280)='./file0\x00', 0x324)
mount(0x0, &(0x7f00000001c0)='./file0\x00', &(0x7f0000000140)='devtmpfs\x00', 0x0, 0x0)
r0 = open$dir(&(0x7f0000000000)='.\x00', 0x0, 0x0)
mkdirat(r0, &(0x7f00000001c0)='./file1\x00', 0x60)
mkdir(&(0x7f0000000300)='./bus\x00', 0x0)
chdir(&(0x7f0000000140)='./bus\x00')
getdents(0xffffffffffffffff, &(0x7f00000008c0)=""/31, 0x1f)
mlock(&(0x7f0000000000/0x800000)=nil, 0x800000)
r1 = openat$vcsa(0xffffffffffffff9c, &(0x7f0000000280), 0x42000, 0x0)
read$FUSE(r1, &(0x7f0000002380)={0x2020, 0x0, 0x0, <r2=>0x0}, 0x205d)
setreuid(r2, 0x0)
r3 = geteuid()
getsockopt$inet_IP_XFRM_POLICY(0xffffffffffffffff, 0x0, 0x11, &(0x7f0000000380)={{{@in6=@mcast2, @in=@empty, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, <r4=>0x0}}, {{@in6=@remote}, 0x0, @in6=@loopback}}, &(0x7f0000000100)=0xe8)
mount$cgroup(0x0, &(0x7f0000000040)='./bus\x00', &(0x7f0000000080), 0x2081000, &(0x7f0000000480)={[{@favordynmods}, {@noprefix}, {@release_agent={'release_agent', 0x3d, './file0'}}, {@name}], [{@appraise}, {@uid_eq={'uid', 0x3d, r2}}, {@fowner_lt={'fowner<', r3}}, {@fowner_lt={'fowner<', 0xee01}}, {@euid_lt={'euid<', r4}}]})
mremap(&(0x7f00005ab000/0x1000)=nil, 0x1000, 0x1000, 0x7, &(0x7f0000ffe000/0x1000)=nil)
r5 = openat$rnullb(0xffffffffffffff9c, &(0x7f0000001140), 0x66002, 0x0)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0x1000005, 0x22052, r5, 0x2000)

156.757969ms ago: executing program 5 (id=2856):
r0 = openat$comedi(0xffffffffffffff9c, &(0x7f0000000040)='/dev/comedi4\x00', 0x181001, 0x0)
ioctl$COMEDI_INSN(r0, 0x8028640c, &(0x7f0000000080)={0xc000003, 0xf, &(0x7f0000000580)=[0x14, 0x8004, 0x1, 0xffff, 0x9, 0x1ed, 0x2, 0x3, 0xbb, 0x7, 0x2070, 0xfec, 0xfffffff7, 0x1ac, 0xfffffff8], 0x0, 0x4})
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0)
madvise(&(0x7f0000bdd000/0x4000)=nil, 0x4000, 0xd)
r1 = openat$ppp(0xffffffffffffff9c, &(0x7f0000001740), 0x101042, 0x0)
ioctl$PPPIOCNEWUNIT(r1, 0xc004743e, &(0x7f0000000040))
ioctl$PPPIOCGDEBUG(r1, 0x80047441, &(0x7f0000000000))
r2 = openat$rnullb(0xffffffffffffff9c, &(0x7f0000001140), 0x141342, 0x0)
mkdir(&(0x7f0000000540)='./file0\x00', 0x108)
mount(&(0x7f0000001400)=@rnullb, &(0x7f0000001440)='./file0\x00', &(0x7f0000000000)='romfs\x00', 0x0, 0x0)
sendfile(r2, r2, 0x0, 0x7ffff000)

122.37391ms ago: executing program 7 (id=2857):
r0 = openat$rnullb(0xffffffffffffff9c, &(0x7f0000000040), 0x0, 0x0)
r1 = openat$nullb(0xffffffffffffff9c, &(0x7f0000000280), 0x804a00, 0x0)
ioctl$BLKDISCARDZEROES(r1, 0x127c, &(0x7f00000002c0)) (async)
ioctl$BLKDISCARDZEROES(r1, 0x127c, &(0x7f00000002c0))
mremap(&(0x7f0000a96000/0x1000)=nil, 0x1000, 0x400000, 0x3, &(0x7f0000000000/0x400000)=nil) (async)
mremap(&(0x7f0000a96000/0x1000)=nil, 0x1000, 0x400000, 0x3, &(0x7f0000000000/0x400000)=nil)
preadv(r0, &(0x7f0000000440), 0x0, 0x4, 0x80000000)
r2 = syz_clone(0x0, 0x0, 0x0, 0x0, 0x0, 0x0)
ptrace(0x10, r2)
r3 = syz_open_procfs(0x0, &(0x7f0000000300)='task\x00')
lseek(r3, 0x5, 0x0) (async)
lseek(r3, 0x5, 0x0)
mlock(&(0x7f0000462000/0x1000)=nil, 0x1000)
openat$proc_mixer(0xffffffffffffff9c, &(0x7f00000028c0)='/proc/asound/card2/oss_mixer\x00', 0x20002, 0x0) (async)
r4 = openat$proc_mixer(0xffffffffffffff9c, &(0x7f00000028c0)='/proc/asound/card2/oss_mixer\x00', 0x20002, 0x0)
write$proc_mixer(r4, 0x0, 0x0)
close(0x3)
timerfd_settime(0xffffffffffffffff, 0x0, &(0x7f0000000040)={{0x77359400}, {0x0, 0x989680}}, 0x0) (async)
timerfd_settime(0xffffffffffffffff, 0x0, &(0x7f0000000040)={{0x77359400}, {0x0, 0x989680}}, 0x0)
r5 = syz_init_net_socket$nfc_llcp(0x27, 0x2, 0x1)
bind$bt_hci(r5, &(0x7f0000000000)={0x27}, 0x74) (async)
bind$bt_hci(r5, &(0x7f0000000000)={0x27}, 0x74)
sendmmsg$unix(r5, &(0x7f0000000b00)=[{{&(0x7f00000000c0)=@file={0x0, './file0\x00'}, 0x6e, 0x0}}, {{0x0, 0x0, 0x0}}], 0x2, 0x0)
ptrace$poke(0x5, r2, &(0x7f0000000080), 0x0)
r6 = syz_clone3(&(0x7f0000000200)={0x2000000, &(0x7f0000000000), &(0x7f00000000c0), &(0x7f0000000100), {0xd}, &(0x7f0000000140)=""/48, 0x30, &(0x7f0000000180)=""/60, &(0x7f00000001c0)=[r2], 0x1}, 0x58)
ptrace$ARCH_MAP_VDSO_32(0x1e, r6, 0x6, 0x2002)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0x3000003, 0x22052, r0, 0xa471a000) (async)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0x3000003, 0x22052, r0, 0xa471a000)

74.770769ms ago: executing program 3 (id=2858):
r0 = syz_open_dev$usbfs(&(0x7f0000000100), 0x76, 0x101301)
r1 = openat$rnullb(0xffffffffffffff9c, &(0x7f0000001140), 0xa00, 0x0)
r2 = socket$alg(0x26, 0x5, 0x0)
bind$alg(r2, &(0x7f0000000000)={0x26, 'skcipher\x00', 0x0, 0x0, 'ecb-camellia-asm\x00'}, 0x58)
setsockopt$ALG_SET_KEY(r2, 0x117, 0x1, &(0x7f0000c18000)="ad56b6c5820fae9d6dcd3292ea54c7beef915d564c90c200", 0x18)
brk(0x20ffc004)
getpid()
r3 = socket$nl_xfrm(0x10, 0x3, 0x6)
setsockopt$netlink_NETLINK_ADD_MEMBERSHIP(r3, 0x10e, 0x1, &(0x7f0000000400)=0x1, 0x4)
r4 = socket$inet6(0xa, 0x80002, 0x0)
connect$inet6(r4, &(0x7f0000000000)={0xa, 0x4e27, 0xffffffff, @mcast2, 0x7}, 0x1c)
r5 = socket$nl_xfrm(0x10, 0x3, 0x6)
sendmsg$nl_xfrm(r5, &(0x7f0000000480)={0x0, 0x0, &(0x7f0000001f40)={&(0x7f00000004c0)=@updpolicy={0xfc, 0x19, 0x1, 0x70bd2d, 0x0, {{@in6=@loopback, @in6=@remote, 0x0, 0x0, 0x0, 0x0, 0xa, 0x0, 0x0, 0x0, 0x0, 0xffffffffffffffff}, {0x0, 0xc, 0x0, 0x0, 0x0, 0xffffffffffffffff}, {0x0, 0xa00, 0x407ffffffffffe, 0x800000000000002}, 0x0, 0x0, 0x1}, [@tmpl={0x44, 0x5, [{{@in=@local, 0x0, 0x3c}, 0x2, @in=@broadcast, 0x6, 0x4, 0x3}]}]}, 0xfc}}, 0x0)
sendmmsg$inet6(r4, &(0x7f0000003cc0)=[{{0x0, 0x0, 0x0}}], 0x20, 0x4001c00)
r6 = accept4(r2, 0x0, 0x0, 0x800)
r7 = openat$comedi(0xffffff9c, 0x0, 0x2000, 0x0)
ioctl$COMEDI_INSN(r7, 0x8028640c, &(0x7f0000000000)={0x4000000, 0x0, 0x0, 0x0, 0x80000000})
sendmsg$NL80211_CMD_SET_TX_BITRATE_MASK(r6, &(0x7f00000003c0)={0x0, 0x0, &(0x7f0000000380)={&(0x7f0000000080)=ANY=[], 0x9c}, 0x1, 0x0, 0x0, 0x4004001}, 0x20004000)
recvmsg(r6, &(0x7f00000002c0)={0x0, 0x0, &(0x7f0000000f40)=[{&(0x7f00000005c0)=""/15, 0xf}, {&(0x7f0000000ac0)=""/138, 0x8a}], 0x2}, 0x0)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0x2000005, 0x20011, r1, 0x1a1c1000)
ioctl$USBDEVFS_RELEASE_PORT(r0, 0x80045519, &(0x7f0000000080)=0x2)

41.013362ms ago: executing program 7 (id=2859):
openat$cgroup_ro(0xffffffffffffffff, &(0x7f0000000000)='cpuacct.usage_percpu\x00', 0x0, 0x0)
r0 = syz_open_dev$usbfs(&(0x7f0000000100), 0x76, 0x101301) (async)
r1 = openat$rnullb(0xffffffffffffff9c, &(0x7f0000001140), 0xa00, 0x0)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0x2000005, 0x20011, r1, 0x1a1c1000) (async)
ioctl$USBDEVFS_RELEASE_PORT(r0, 0x80045519, &(0x7f0000000080)=0x2)

38.465263ms ago: executing program 3 (id=2860):
syz_usb_control_io$cdc_ncm(0xffffffffffffffff, 0x0, &(0x7f0000000440)={0x44, 0x0, 0x0, 0x0, 0x0, &(0x7f0000000340)={0x20, 0x85, 0x4, 0x2}, 0x0, 0x0, &(0x7f0000000400)={0x20, 0x89, 0x2, 0x1}})
r0 = openat$tun(0xffffffffffffff9c, &(0x7f0000000140), 0x40241, 0x0)
ioctl$TUNSETIFF(r0, 0x400454ca, &(0x7f0000000000)={'syzkaller1\x00', 0xc201})
r1 = socket$kcm(0x2, 0xa, 0x2)
ioctl$SIOCSIFHWADDR(r1, 0x8914, &(0x7f0000000240)={'syzkaller1\x00', @broadcast})
write$tun(r0, &(0x7f0000000240)=ANY=[@ANYBLOB="000086dd0500561308005400000060ec970001983a00fc000018c6ba35000000000000000700ff02000000000000000000010000000100000000000000cc00000000000000000000000000000000860090780000000000000000000000000000ee3f000000002b036f8c006e64021d683910c3090b3188a7c747eb2278a273c1b80029442911892704"], 0xfdef)

0s ago: executing program 7 (id=2861):
r0 = syz_open_procfs(0x0, &(0x7f0000000100)='attr/current\x00')
preadv(r0, &(0x7f0000000080)=[{&(0x7f0000000240)=""/4080, 0xff0}], 0x1, 0x15f, 0x0) (async)
fsconfig$FSCONFIG_SET_PATH(r0, 0x3, &(0x7f0000000040)='z\x00', &(0x7f00000000c0)='./file0\x00', 0xffffffffffffffff) (async)
r1 = openat$ptp0(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0)
ioctl$PTP_EXTTS_REQUEST2(r1, 0x80503d0a, &(0x7f0000000080))
mmap(&(0x7f0000000000/0xa000)=nil, 0xa000, 0xd3283d0368e269b3, 0x8031, 0xffffffffffffffff, 0x0) (async)
mknodat(0xffffffffffffff9c, 0x0, 0x81c0, 0x0) (async)
r2 = openat$rnullb(0xffffffffffffff9c, &(0x7f0000001140), 0x66002, 0x0) (async)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeeb, 0x8031, 0xffffffffffffffff, 0x0)
madvise(&(0x7f0000000000/0x600000)=nil, 0x600722, 0x19) (async)
mremap(&(0x7f0000064000/0x3000)=nil, 0x3000, 0x600000, 0x3, &(0x7f0000a00000/0x600000)=nil) (async)
openat$ipvs(0xffffffffffffff9c, &(0x7f000000ac40)='/proc/sys/net/ipv4/vs/sync_qlen_max\x00', 0x2, 0x0)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0x3000001, 0x22052, r2, 0x2000)

kernel console output (not intermixed with test programs):

0 PID: 11301 Comm: syz.1.1623 Not tainted syzkaller #0 PREEMPT(full) 
[  273.740353][T11301] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 07/12/2025
[  273.740363][T11301] Call Trace:
[  273.740370][T11301]  <TASK>
[  273.740377][T11301]  dump_stack_lvl+0x189/0x250
[  273.740403][T11301]  ? __pfx____ratelimit+0x10/0x10
[  273.740423][T11301]  ? __pfx_dump_stack_lvl+0x10/0x10
[  273.740444][T11301]  ? __pfx__printk+0x10/0x10
[  273.740464][T11301]  ? __pfx___might_resched+0x10/0x10
[  273.740480][T11301]  ? lock_acquire+0x5f/0x360
[  273.740495][T11301]  should_fail_ex+0x414/0x560
[  273.740516][T11301]  should_failslab+0xa8/0x100
[  273.740531][T11301]  kmem_cache_alloc_node_noprof+0x76/0x390
[  273.740553][T11301]  ? __alloc_skb+0x112/0x2d0
[  273.740574][T11301]  __alloc_skb+0x112/0x2d0
[  273.740593][T11301]  netlink_ack+0x146/0xa50
[  273.740611][T11301]  ? __up_read+0x280/0x680
[  273.740630][T11301]  ? __pfx___up_read+0x10/0x10
[  273.740647][T11301]  ? bpf_lsm_capable+0x9/0x20
[  273.740668][T11301]  ? security_capable+0x7e/0x2e0
[  273.740688][T11301]  rdma_nl_rcv+0x3c8/0x980
[  273.740712][T11301]  ? __pfx_rdma_nl_rcv+0x10/0x10
[  273.740732][T11301]  ? net_generic+0x1e/0x240
[  273.740747][T11301]  ? rcu_is_watching+0x15/0xb0
[  273.740773][T11301]  netlink_unicast+0x82f/0x9e0
[  273.740793][T11301]  ? __pfx_netlink_unicast+0x10/0x10
[  273.740810][T11301]  ? netlink_sendmsg+0x642/0xb30
[  273.740829][T11301]  ? skb_put+0x11b/0x210
[  273.740848][T11301]  netlink_sendmsg+0x805/0xb30
[  273.740870][T11301]  ? __pfx_netlink_sendmsg+0x10/0x10
[  273.740890][T11301]  ? aa_sock_msg_perm+0xf1/0x1d0
[  273.740910][T11301]  ? bpf_lsm_socket_sendmsg+0x9/0x20
[  273.740929][T11301]  ? __pfx_netlink_sendmsg+0x10/0x10
[  273.740948][T11301]  __sock_sendmsg+0x21c/0x270
[  273.740967][T11301]  ____sys_sendmsg+0x505/0x830
[  273.740988][T11301]  ? __pfx_____sys_sendmsg+0x10/0x10
[  273.741012][T11301]  ? import_iovec+0x74/0xa0
[  273.741031][T11301]  ___sys_sendmsg+0x21f/0x2a0
[  273.741053][T11301]  ? __pfx____sys_sendmsg+0x10/0x10
[  273.741088][T11301]  ? __fget_files+0x2a/0x420
[  273.741106][T11301]  ? __fget_files+0x3a0/0x420
[  273.741127][T11301]  __x64_sys_sendmsg+0x19b/0x260
[  273.741149][T11301]  ? __pfx___x64_sys_sendmsg+0x10/0x10
[  273.741173][T11301]  ? __pfx_ksys_write+0x10/0x10
[  273.741190][T11301]  ? rcu_is_watching+0x15/0xb0
[  273.741208][T11301]  do_syscall_64+0xfa/0xfa0
[  273.741227][T11301]  ? entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  273.741244][T11301]  ? clear_bhb_loop+0x60/0xb0
[  273.741262][T11301]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  273.741277][T11301] RIP: 0033:0x7ff98978ebe9
[  273.741292][T11301] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[  273.741307][T11301] RSP: 002b:00007ff9879f6038 EFLAGS: 00000246 ORIG_RAX: 000000000000002e
[  273.741326][T11301] RAX: ffffffffffffffda RBX: 00007ff9899c5fa0 RCX: 00007ff98978ebe9
[  273.741339][T11301] RDX: 000000000000c094 RSI: 0000200000000040 RDI: 0000000000000003
[  273.741350][T11301] RBP: 00007ff9879f6090 R08: 0000000000000000 R09: 0000000000000000
[  273.741361][T11301] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[  273.741369][T11301] R13: 00007ff9899c6038 R14: 00007ff9899c5fa0 R15: 00007ffca42a6918
[  273.741388][T11301]  </TASK>
[  274.127458][ T5925] usb 4-1: new low-speed USB device number 70 using dummy_hcd
[  274.257416][ T5925] usb 4-1: device descriptor read/64, error -71
[  274.498485][ T5925] usb 4-1: new low-speed USB device number 71 using dummy_hcd
[  274.647637][ T5925] usb 4-1: device descriptor read/64, error -71
[  274.758095][ T5925] usb usb4-port1: attempt power cycle
[  275.097372][ T5925] usb 4-1: new low-speed USB device number 72 using dummy_hcd
[  275.137630][ T5925] usb 4-1: device descriptor read/8, error -71
[  275.377439][ T5925] usb 4-1: new low-speed USB device number 73 using dummy_hcd
[  275.411056][T11320] autofs: Bad value for 'fd'
[  275.419260][ T5925] usb 4-1: device descriptor read/8, error -71
[  275.528606][ T5925] usb usb4-port1: unable to enumerate USB device
[  275.533446][T11325] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy
[  275.543618][T11325] misc raw-gadget: fail, usb_gadget_register_driver returned -16
[  277.723175][T11350] autofs: Bad value for 'fd'
[  278.193044][T11360] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy
[  278.201917][T11360] misc raw-gadget: fail, usb_gadget_register_driver returned -16
[  279.347851][T11380] /dev/rnullb0: Can't open blockdev
[  279.381113][T11382] autofs: Unknown parameter '0x0000000000000000'
[  279.899123][T11395] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy
[  279.907860][T11395] misc raw-gadget: fail, usb_gadget_register_driver returned -16
[  279.921019][T11395] /dev/rnullb0: Can't open blockdev
[  280.237397][ T5925] usb 4-1: new high-speed USB device number 74 using dummy_hcd
[  280.387431][ T5925] usb 4-1: Using ep0 maxpacket: 32
[  280.396264][ T5925] usb 4-1: New USB device found, idVendor=084f, idProduct=0001, bcdDevice=e0.b8
[  280.405642][ T5925] usb 4-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  280.413835][ T5925] usb 4-1: Product: syz
[  280.418179][ T5925] usb 4-1: Manufacturer: syz
[  280.422769][ T5925] usb 4-1: SerialNumber: syz
[  280.431465][ T5925] empeg 4-1:1.0: empeg converter detected
[  280.489942][T11404] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy
[  280.499440][T11404] misc raw-gadget: fail, usb_gadget_register_driver returned -16
[  280.506867][T11407] autofs: Unknown parameter '0x0000000000000000'
[  280.509838][T11405] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy
[  280.523225][T11405] misc raw-gadget: fail, usb_gadget_register_driver returned -16
[  280.553741][T11409] syzkaller1: entered promiscuous mode
[  280.559333][T11409] syzkaller1: entered allmulticast mode
[  280.632802][ T5925] empeg 4-1:1.0: probe with driver empeg failed with error -71
[  280.642581][ T5925] usb 4-1: USB disconnect, device number 74
[  281.074401][T11411] smc: net device bond0 applied user defined pnetid SYZ2
[  281.082678][T11411] netlink: 14 bytes leftover after parsing attributes in process `syz.1.1661'.
[  281.095659][T11411] smc: removing net device bond0 with user defined pnetid SYZ2
[  281.105250][T11411] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface
[  281.115421][T11411] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface
[  281.125463][T11411] bond0 (unregistering): Released all slaves
[  281.227538][T11419] block nbd5: Attempted send on invalid socket
[  281.233737][T11419] I/O error, dev nbd5, sector 2 op 0x0:(READ) flags 0x0 phys_seg 1 prio class 2
[  281.244890][T11419] vxfs: unable to read disk superblock at 1
[  281.251302][T11419] block nbd5: Attempted send on invalid socket
[  281.269152][T11419] I/O error, dev nbd5, sector 16 op 0x0:(READ) flags 0x0 phys_seg 1 prio class 2
[  281.293053][T11419] vxfs: unable to read disk superblock at 8
[  281.305792][T11419] vxfs: can't find superblock.
[  281.333512][T11419] fuse: Bad value for 'fd'
[  281.410203][T11427] binder: BINDER_SET_CONTEXT_MGR already set
[  281.416213][T11427] binder: 11426:11427 ioctl 4018620d 2000000000c0 returned -16
[  281.425447][T11427] binder: BINDER_SET_CONTEXT_MGR already set
[  281.432359][T11427] binder: 11426:11427 ioctl 4018620d 2000000002c0 returned -16
[  281.440550][T11427] binder: 11426:11427 ioctl c0306201 200000000280 returned -14
[  281.450261][T11427] binder: BINDER_SET_CONTEXT_MGR already set
[  281.456355][T11427] binder: 11426:11427 ioctl 4018620d 2000000000c0 returned -16
[  281.766822][T11447] /dev/rnullb0: Can't open blockdev
[  281.892415][T11449] netlink: 'syz.5.1672': attribute type 6 has an invalid length.
[  281.935338][T11454] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy
[  281.945681][T11454] misc raw-gadget: fail, usb_gadget_register_driver returned -16
[  282.158958][T11465] fuse: Bad value for 'fd'
[  282.427388][    T9] usb 4-1: new high-speed USB device number 75 using dummy_hcd
[  282.577535][    T9] usb 4-1: Using ep0 maxpacket: 32
[  282.588089][    T9] usb 4-1: config index 0 descriptor too short (expected 35577, got 27)
[  282.598933][    T9] usb 4-1: config 1 has too many interfaces: 92, using maximum allowed: 32
[  282.608277][    T9] usb 4-1: config 1 has 1 interface, different from the descriptor's value: 92
[  282.621222][    T9] usb 4-1: config 1 has no interface number 0
[  282.627802][    T9] usb 4-1: config 1 interface 1 altsetting 0 endpoint 0x82 has an invalid bInterval 0, changing to 7
[  282.640141][    T9] usb 4-1: config 1 interface 1 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 17
[  282.653924][    T9] usb 4-1: New USB device found, idVendor=0e41, idProduct=5051, bcdDevice=d5.e8
[  282.664825][    T9] usb 4-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  282.679228][    T9] snd_usb_pod 4-1:1.1: Line 6 Pocket POD found
[  282.879462][    T9] snd_usb_pod 4-1:1.1: Line 6 Pocket POD now attached
[  283.182000][T11485] tmpfs: Bad value for 'mpol'
[  283.299062][T11467] /dev/rnullb0: Can't open blockdev
[  283.305498][    T9] usb 4-1: USB disconnect, device number 75
[  283.315970][    T9] snd_usb_pod 4-1:1.1: Line 6 Pocket POD now disconnected
[  283.909798][T11506] syzkaller1: entered promiscuous mode
[  283.915414][T11506] syzkaller1: entered allmulticast mode
[  284.158135][T11515] syzkaller1: entered promiscuous mode
[  284.182904][T11515] syzkaller1: entered allmulticast mode
[  284.517821][   T51] Bluetooth: hci4: unexpected cc 0x0c03 length: 249 > 1
[  284.525474][   T51] Bluetooth: hci4: unexpected cc 0x1003 length: 249 > 9
[  284.533826][   T51] Bluetooth: hci4: unexpected cc 0x1001 length: 249 > 9
[  284.542072][   T51] Bluetooth: hci4: unexpected cc 0x0c23 length: 249 > 4
[  284.550311][   T51] Bluetooth: hci4: unexpected cc 0x0c38 length: 249 > 2
[  284.599202][T11532] wlan1 speed is unknown, defaulting to 1000
[  284.608048][T11532] lo speed is unknown, defaulting to 1000
[  284.811758][T11532] chnl_net:caif_netlink_parms(): no params data found
[  284.892897][T11547] 9p: Unknown parameter 'wf�no'
[  284.963400][T11532] bridge0: port 1(bridge_slave_0) entered blocking state
[  284.990602][T11532] bridge0: port 1(bridge_slave_0) entered disabled state
[  284.998109][T11532] bridge_slave_0: entered allmulticast mode
[  285.004999][T11532] bridge_slave_0: entered promiscuous mode
[  285.013999][T11532] bridge0: port 2(bridge_slave_1) entered blocking state
[  285.021193][T11532] bridge0: port 2(bridge_slave_1) entered disabled state
[  285.030306][T11532] bridge_slave_1: entered allmulticast mode
[  285.037873][T11532] bridge_slave_1: entered promiscuous mode
[  285.086462][T11559] autofs: Unknown parameter '0x0000000000000000'
[  285.104855][T11560] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy
[  285.113758][T11560] misc raw-gadget: fail, usb_gadget_register_driver returned -16
[  285.116304][T11532] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link
[  285.137142][T11532] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link
[  285.177389][T11532] team0: Port device team_slave_0 added
[  285.184974][T11532] team0: Port device team_slave_1 added
[  285.223450][T11532] batman_adv: batadv0: Adding interface: batadv_slave_0
[  285.230510][T11532] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[  285.260422][T11532] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active
[  285.274630][T11532] batman_adv: batadv0: Adding interface: batadv_slave_1
[  285.282812][T11532] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[  285.308833][    C0] vkms_vblank_simulate: vblank timer overrun
[  285.314909][T11532] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active
[  285.356507][T11532] hsr_slave_0: entered promiscuous mode
[  285.363865][T11532] hsr_slave_1: entered promiscuous mode
[  285.372468][T11532] debugfs: 'hsr0' already exists in 'hsr'
[  285.379135][T11532] Cannot create hsr debugfs directory
[  285.441916][T11572] syzkaller1: entered promiscuous mode
[  285.447794][T11572] syzkaller1: entered allmulticast mode
[  285.484851][T11532] netdevsim netdevsim6 netdevsim0: renamed from eth0
[  285.494155][T11532] netdevsim netdevsim6 netdevsim1: renamed from eth1
[  285.503514][T11532] netdevsim netdevsim6 netdevsim2: renamed from eth2
[  285.512454][T11532] netdevsim netdevsim6 netdevsim3: renamed from eth3
[  285.556344][T11532] 8021q: adding VLAN 0 to HW filter on device bond0
[  285.573016][T11532] 8021q: adding VLAN 0 to HW filter on device team0
[  285.584478][   T12] bridge0: port 1(bridge_slave_0) entered blocking state
[  285.591608][   T12] bridge0: port 1(bridge_slave_0) entered forwarding state
[  285.604847][   T36] bridge0: port 2(bridge_slave_1) entered blocking state
[  285.611984][   T36] bridge0: port 2(bridge_slave_1) entered forwarding state
[  285.721605][T11532] 8021q: adding VLAN 0 to HW filter on device batadv0
[  285.891128][T11532] veth0_vlan: entered promiscuous mode
[  285.903496][T11532] veth1_vlan: entered promiscuous mode
[  285.923885][T11532] veth0_macvtap: entered promiscuous mode
[  285.933468][T11532] veth1_macvtap: entered promiscuous mode
[  285.947524][T11532] batman_adv: batadv0: Interface activated: batadv_slave_0
[  285.959993][T11532] batman_adv: batadv0: Interface activated: batadv_slave_1
[  285.973618][   T36] netdevsim netdevsim6 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0
[  285.982601][   T36] netdevsim netdevsim6 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0
[  285.991954][   T36] netdevsim netdevsim6 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0
[  286.002581][   T36] netdevsim netdevsim6 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0
[  286.051074][   T36] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[  286.069999][   T36] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50
[  286.094517][ T1111] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[  286.103275][ T1111] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50
[  286.129649][T11597] netlink: 32 bytes leftover after parsing attributes in process `syz.1.1715'.
[  286.139464][T11597] tipc: Invalid UDP bearer configuration
[  286.139505][T11597] tipc: Enabling of bearer <udp:syz0> rejected, failed to enable media
[  286.263349][T11607] autofs: Unknown parameter 'fd0x0000000000000000'
[  286.323517][T11612] /dev/rnullb0: Can't open blockdev
[  286.384719][T11616] /dev/rnullb0: Can't open blockdev
[  286.444997][T11618] syzkaller1: entered promiscuous mode
[  286.452514][T11618] syzkaller1: entered allmulticast mode
[  286.509810][T11620] netlink: 'syz.1.1723': attribute type 4 has an invalid length.
[  286.514282][T11622] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy
[  286.526429][T11622] misc raw-gadget: fail, usb_gadget_register_driver returned -16
[  286.552065][T11625] /dev/rnullb0: Can't open blockdev
[  286.558456][T11626] /dev/rnullb0: Can't open blockdev
[  286.584951][T11628] /dev/rnullb0: Can't open blockdev
[  286.607458][   T51] Bluetooth: hci4: command tx timeout
[  286.725268][T11632] /dev/rnullb0: Can't open blockdev
[  286.733324][T11632] /dev/rnullb0: Can't open blockdev
[  286.777246][T11642] /dev/rnullb0: Can't open blockdev
[  287.237409][ T3094] usb 4-1: new high-speed USB device number 76 using dummy_hcd
[  288.223869][ T3094] usb 4-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7
[  288.257361][ T3094] usb 4-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0
[  288.267247][ T3094] usb 4-1: New USB device found, idVendor=0fc5, idProduct=b080, bcdDevice= 0.00
[  288.276379][ T3094] usb 4-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  288.286223][ T3094] usb 4-1: config 0 descriptor??
[  288.444553][T11701] netlink: 256 bytes leftover after parsing attributes in process `syz.5.1745'.
[  288.565288][T11709] rdma_rxe: rxe_newlink: failed to add wlan1
[  288.575664][T11709] /dev/rnullb0: Can't open blockdev
[  288.610682][T11712] IPVS: length: 78 != 8
[  288.677467][   T51] Bluetooth: hci4: command tx timeout
[  288.711147][ T3094] hid-led 0003:0FC5:B080.000E: probe with driver hid-led failed with error -71
[  288.729737][ T3094] usb 4-1: USB disconnect, device number 76
[  288.794718][T11723] /dev/rnullb0: Can't open blockdev
[  288.796815][T11724] ./cgroup: Can't lookup blockdev
[  288.818485][T11726] ./cgroup: Can't lookup blockdev
[  289.189212][T11747] /dev/rnullb0: Can't open blockdev
[  289.276553][T11750] syzkaller1: entered promiscuous mode
[  289.285644][T11750] syzkaller1: entered allmulticast mode
[  289.811385][T11756] sctp: [Deprecated]: syz.3.1762 (pid 11756) Use of struct sctp_assoc_value in delayed_ack socket option.
[  289.811385][T11756] Use struct sctp_sack_info instead
[  289.855550][T11758] netlink: 8 bytes leftover after parsing attributes in process `syz.1.1763'.
[  289.870080][T11758] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy
[  289.879201][T11758] misc raw-gadget: fail, usb_gadget_register_driver returned -16
[  290.176851][T11776] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy
[  290.187453][T11776] misc raw-gadget: fail, usb_gadget_register_driver returned -16
[  290.197046][T11776] MTD: Attempt to mount non-MTD device "/dev/rnullb0"
[  290.205219][T11776] /dev/rnullb0: Can't open blockdev
[  290.361627][T11785] syzkaller1: entered promiscuous mode
[  290.367193][T11785] syzkaller1: entered allmulticast mode
[  290.425783][T11787] 9p: Could not find request transport: 0xffffffffffffffff
[  290.753511][T11797] kAFS: unparsable volume name
[  290.757716][   T51] Bluetooth: hci4: command tx timeout
[  291.262944][T11828] /dev/rnullb0: Can't open blockdev
[  291.481020][T11836] syzkaller1: entered promiscuous mode
[  291.486534][T11836] syzkaller1: entered allmulticast mode
[  291.555941][T11839] netlink: 16 bytes leftover after parsing attributes in process `syz.3.1790'.
[  291.605894][T11843] wlan1 speed is unknown, defaulting to 1000
[  291.613642][T11848] netlink: 'syz.6.1792': attribute type 27 has an invalid length.
[  291.627576][T11843] lo speed is unknown, defaulting to 1000
[  291.633817][T11848] netlink: 164 bytes leftover after parsing attributes in process `syz.6.1792'.
[  291.681045][T11848] /dev/rnullb0: Can't open blockdev
[  291.884931][T11860] overlayfs: conflicting options: userxattr,metacopy=on
[  292.013163][T11866] /dev/rnullb0: Can't open blockdev
[  292.298639][T11878] /dev/rnullb0: Can't open blockdev
[  292.616055][T11882] O3�c��: renamed from bridge_slave_0 (while UP)
[  292.719683][T11886] /dev/rnullb0: Can't open blockdev
[  292.814612][T11884] netlink: 60 bytes leftover after parsing attributes in process `syz.3.1804'.
[  292.838241][   T51] Bluetooth: hci4: command tx timeout
[  293.119128][T11893] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy
[  293.139463][T11893] misc raw-gadget: fail, usb_gadget_register_driver returned -16
[  293.178130][T11893] netlink: 8 bytes leftover after parsing attributes in process `syz.5.1806'.
[  293.241011][T11901] syzkaller1: entered promiscuous mode
[  293.247408][T11901] syzkaller1: entered allmulticast mode
[  293.319632][T11906] /dev/rnullb0: Can't open blockdev
[  293.327440][ T5942] usb 4-1: new high-speed USB device number 77 using dummy_hcd
[  293.477724][ T5942] usb 4-1: Using ep0 maxpacket: 8
[  293.484106][ T5942] usb 4-1: New USB device found, idVendor=0ccd, idProduct=0039, bcdDevice=90.7b
[  293.493978][ T5942] usb 4-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  293.512072][ T5942] pvrusb2: Hardware description: Terratec Grabster AV400
[  293.524440][ T5942] pvrusb2: **********
[  293.530641][ T5942] pvrusb2: ***WARNING*** Support for this device (Terratec Grabster AV400) is experimental.
[  293.541398][ T5942] pvrusb2: Important functionality might not be entirely working.
[  293.552390][ T5942] pvrusb2: Please consider contacting the driver author to help with further stabilization of the driver.
[  293.563949][ T5942] pvrusb2: **********
[  293.713787][ T2340] pvrusb2: Invalid write control endpoint
[  293.744308][T11909] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy
[  293.757217][T11909] misc raw-gadget: fail, usb_gadget_register_driver returned -16
[  293.766092][ T2340] pvrusb2: Invalid write control endpoint
[  293.773821][ T2340] pvrusb2: ***WARNING*** Detected a wedged cx25840 chip; the device will not work.
[  293.783998][ T2340] pvrusb2: ***WARNING*** Try power cycling the pvrusb2 device.
[  293.795240][ T2340] pvrusb2: ***WARNING*** Disabling further access to the device to prevent other foul-ups.
[  293.806016][ T2340] pvrusb2: Device being rendered inoperable
[  293.822771][ T2340] cx25840 1-0044: Unable to detect h/w, assuming cx23887
[  293.840386][ T2340] cx25840 1-0044: cx23887 A/V decoder found @ 0x88 (pvrusb2_a)
[  293.860050][ T2340] pvrusb2: Attached sub-driver cx25840
[  293.872989][ T2340] pvrusb2: ***WARNING*** pvrusb2 device hardware appears to be jammed and I can't clear it.
[  293.889571][T11911] bond0: (slave rose0): Error: Device is in use and cannot be enslaved
[  293.898116][ T2340] pvrusb2: You might need to power cycle the pvrusb2 device in order to recover.
[  293.918481][ T5925] usb 4-1: USB disconnect, device number 77
[  294.122146][T11917] /dev/rnullb0: Can't open blockdev
[  294.132110][T11918] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy
[  294.143085][T11918] misc raw-gadget: fail, usb_gadget_register_driver returned -16
[  294.168762][T11920] overlayfs: conflicting options: userxattr,metacopy=on
[  294.724359][T11929] syzkaller1: entered promiscuous mode
[  294.735290][T11929] syzkaller1: entered allmulticast mode
[  295.481915][T11934] netlink: 4 bytes leftover after parsing attributes in process `syz.1.1822'.
[  295.732694][T11938] binder: BINDER_SET_CONTEXT_MGR already set
[  295.766631][T11938] binder: 11936:11938 ioctl 4018620d 200000000100 returned -16
[  295.782264][T11937] binder: BINDER_SET_CONTEXT_MGR already set
[  295.793404][T11938] binder: BINDER_SET_CONTEXT_MGR already set
[  295.805620][T11937] binder: 11936:11937 ioctl 4018620d 200000004a80 returned -16
[  295.819581][T11938] binder: 11936:11938 ioctl 4018620d 200000000100 returned -16
[  295.895572][T11945] /dev/rnullb0: Can't open blockdev
[  295.974523][T11950] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy
[  295.985827][T11950] misc raw-gadget: fail, usb_gadget_register_driver returned -16
[  296.005322][T11950] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy
[  296.015624][T11950] misc raw-gadget: fail, usb_gadget_register_driver returned -16
[  296.294917][T11956] /dev/rnullb0: Can't open blockdev
[  296.389673][T11958] syzkaller1: entered promiscuous mode
[  296.395182][T11958] syzkaller1: entered allmulticast mode
[  296.697722][T11962] /dev/rnullb0: Can't open blockdev
[  296.769069][T11967] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy
[  296.792466][T11967] misc raw-gadget: fail, usb_gadget_register_driver returned -16
[  296.847399][T11971] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy
[  296.859459][T11971] misc raw-gadget: fail, usb_gadget_register_driver returned -16
[  296.870529][T11971] /dev/rnullb0: Can't open blockdev
[  296.981800][T11976] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy
[  296.992199][T11977] syz.1.1836: vmalloc error: size 16105472, failed to allocated page array size 31456, mode:0x400dc2(GFP_KERNEL_ACCOUNT|__GFP_HIGHMEM|__GFP_ZERO), nodemask=(null),cpuset=/,mems_allowed=0-1
[  296.993316][T11976] misc raw-gadget: fail, usb_gadget_register_driver returned -16
[  297.024820][T11977] CPU: 0 UID: 0 PID: 11977 Comm: syz.1.1836 Not tainted syzkaller #0 PREEMPT(full) 
[  297.024843][T11977] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 07/12/2025
[  297.024853][T11977] Call Trace:
[  297.024864][T11977]  <TASK>
[  297.024871][T11977]  dump_stack_lvl+0x189/0x250
[  297.024897][T11977]  ? __pfx_dump_stack_lvl+0x10/0x10
[  297.024917][T11977]  ? __pfx__printk+0x10/0x10
[  297.024937][T11977]  ? lock_release+0x4b/0x3e0
[  297.024952][T11977]  ? cpuset_print_current_mems_allowed+0x1f/0x360
[  297.024970][T11977]  ? cpuset_print_current_mems_allowed+0x2ee/0x360
[  297.024988][T11977]  warn_alloc+0x214/0x310
[  297.025003][T11977]  ? __pfx_warn_alloc+0x10/0x10
[  297.025020][T11977]  ? __get_vm_area_node+0x28f/0x300
[  297.025043][T11977]  ? kvm_set_memslot+0x4e2/0x1310
[  297.025072][T11977]  __vmalloc_node_range_noprof+0x67e/0x12f0
[  297.025098][T11977]  ? kvm_set_memslot+0x3e/0x1310
[  297.025118][T11977]  ? __pfx___vmalloc_node_range_noprof+0x10/0x10
[  297.025138][T11977]  ? kvm_set_memslot+0x4e2/0x1310
[  297.025156][T11977]  __vmalloc_noprof+0xb1/0xf0
[  297.025171][T11977]  ? kvm_set_memslot+0x4e2/0x1310
[  297.025191][T11977]  kvm_set_memslot+0x4e2/0x1310
[  297.025212][T11977]  ? kvm_set_memory_region+0x775/0xc00
[  297.025235][T11977]  kvm_set_memory_region+0x9bb/0xc00
[  297.025261][T11977]  kvm_vm_ioctl_set_memory_region+0x6f/0xd0
[  297.025283][T11977]  kvm_vm_ioctl+0x957/0xc60
[  297.025304][T11977]  ? __pfx_kvm_vm_ioctl+0x10/0x10
[  297.025334][T11977]  ? rcu_is_watching+0x15/0xb0
[  297.025352][T11977]  ? lock_release+0x4b/0x3e0
[  297.025366][T11977]  ? tomoyo_path_number_perm+0x47a/0x5a0
[  297.025384][T11977]  ? kfree+0x18e/0x440
[  297.025405][T11977]  ? do_vfs_ioctl+0xbe8/0x1430
[  297.025419][T11977]  ? tomoyo_path_number_perm+0x1bc/0x5a0
[  297.025437][T11977]  ? __pfx_do_vfs_ioctl+0x10/0x10
[  297.025458][T11977]  ? css_rstat_updated+0x23a/0x4f0
[  297.025478][T11977]  ? __pfx_css_rstat_updated+0x10/0x10
[  297.025498][T11977]  ? count_memcg_event_mm+0x21/0x260
[  297.025525][T11977]  ? rcu_is_watching+0x15/0xb0
[  297.025544][T11977]  ? __fget_files+0x3a0/0x420
[  297.025562][T11977]  ? __fget_files+0x2a/0x420
[  297.025580][T11977]  ? bpf_lsm_file_ioctl+0x9/0x20
[  297.025601][T11977]  ? __pfx_kvm_vm_ioctl+0x10/0x10
[  297.025620][T11977]  __se_sys_ioctl+0xf9/0x170
[  297.025643][T11977]  do_syscall_64+0xfa/0xfa0
[  297.025663][T11977]  ? entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  297.025680][T11977]  ? clear_bhb_loop+0x60/0xb0
[  297.025697][T11977]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  297.025712][T11977] RIP: 0033:0x7ff98978ebe9
[  297.025728][T11977] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[  297.025741][T11977] RSP: 002b:00007ff9879d5038 EFLAGS: 00000246 ORIG_RAX: 0000000000000010
[  297.025759][T11977] RAX: ffffffffffffffda RBX: 00007ff9899c6090 RCX: 00007ff98978ebe9
[  297.025772][T11977] RDX: 0000200000000080 RSI: 000000004020ae46 RDI: 0000000000000004
[  297.025783][T11977] RBP: 00007ff989811e19 R08: 0000000000000000 R09: 0000000000000000
[  297.025794][T11977] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000
[  297.025804][T11977] R13: 00007ff9899c6128 R14: 00007ff9899c6090 R15: 00007ffca42a6918
[  297.025824][T11977]  </TASK>
[  297.025843][T11977] Mem-Info:
[  297.350486][T11977] active_anon:18852 inactive_anon:0 isolated_anon:0
[  297.350486][T11977]  active_file:14489 inactive_file:47578 isolated_file:0
[  297.350486][T11977]  unevictable:2620 dirty:44 writeback:25
[  297.350486][T11977]  slab_reclaimable:13498 slab_unreclaimable:99703
[  297.350486][T11977]  mapped:39722 shmem:11339 pagetables:2175
[  297.350486][T11977]  sec_pagetables:0 bounce:0
[  297.350486][T11977]  kernel_misc_reclaimable:0
[  297.350486][T11977]  free:1252109 free_pcp:45215 free_cma:0
[  297.398779][T11977] Node 0 active_anon:76408kB inactive_anon:0kB active_file:57956kB inactive_file:190112kB unevictable:9644kB isolated(anon):0kB isolated(file):0kB mapped:159888kB dirty:176kB writeback:0kB shmem:44820kB shmem_thp:0kB shmem_pmdmapped:0kB anon_thp:6144kB kernel_stack:13232kB pagetables:8556kB sec_pagetables:0kB all_unreclaimable? no Balloon:0kB
[  297.434794][T11977] Node 1 active_anon:0kB inactive_anon:0kB active_file:0kB inactive_file:200kB unevictable:1536kB isolated(anon):0kB isolated(file):0kB mapped:0kB dirty:0kB writeback:0kB shmem:1536kB shmem_thp:0kB shmem_pmdmapped:0kB anon_thp:0kB kernel_stack:48kB pagetables:144kB sec_pagetables:0kB all_unreclaimable? no Balloon:0kB
[  297.469746][T11977] Node 0 DMA free:15324kB boost:0kB min:208kB low:260kB high:312kB reserved_highatomic:0KB free_highatomic:0KB active_anon:0kB inactive_anon:0kB active_file:0kB inactive_file:0kB unevictable:0kB writepending:0kB present:15992kB managed:15360kB mlocked:0kB bounce:0kB free_pcp:32kB local_pcp:32kB free_cma:0kB
[  297.500923][T11977] lowmem_reserve[]: 0 2495 2496 2496 2496
[  297.506711][T11977] Node 0 DMA32 free:1140760kB boost:0kB min:34216kB low:42768kB high:51320kB reserved_highatomic:0KB free_highatomic:0KB active_anon:79964kB inactive_anon:0kB active_file:57956kB inactive_file:189036kB unevictable:9644kB writepending:172kB present:3129332kB managed:2555588kB mlocked:8108kB bounce:0kB free_pcp:115020kB local_pcp:24552kB free_cma:0kB
[  297.617425][T11977] lowmem_reserve[]: 0 0 1 1 1
[  297.622439][T11977] Node 0 Normal free:4kB boost:0kB min:12kB low:12kB high:12kB reserved_highatomic:0KB free_highatomic:0KB active_anon:44kB inactive_anon:0kB active_file:0kB inactive_file:1076kB unevictable:0kB writepending:4kB present:1048580kB managed:1132kB mlocked:0kB bounce:0kB free_pcp:8kB local_pcp:8kB free_cma:0kB
[  297.677351][T11977] lowmem_reserve[]: 0 0 0 0 0
[  297.687320][T11977] Node 1 Normal free:3847364kB boost:0kB min:55668kB low:69584kB high:83500kB reserved_highatomic:0KB free_highatomic:0KB active_anon:0kB inactive_anon:0kB active_file:0kB inactive_file:200kB unevictable:1536kB writepending:0kB present:4194300kB managed:4111100kB mlocked:0kB bounce:0kB free_pcp:65332kB local_pcp:32036kB free_cma:0kB
[  297.793305][T11977] lowmem_reserve[]: 0 0 0 0 0
[  297.821984][T11977] Node 0 DMA: 1*4kB (U) 1*8kB (U) 1*16kB (U) 0*32kB 1*64kB (U) 1*128kB (U) 1*256kB (U) 1*512kB (U) 0*1024kB 1*2048kB (M) 3*4096kB (M) = 15324kB
[  297.870576][T11977] Node 0 DMA32: 794*4kB (UME) 1931*8kB (UME) 2492*16kB (UME) 2160*32kB (UE) 1014*64kB (UME) 502*128kB (UME) 218*256kB (UME) 62*512kB (UME) 59*1024kB (UME) 20*2048kB (UM) 165*4096kB (UM) = 1121536kB
[  297.930040][T11977] Node 0 Normal: 1*4kB (M) 0*8kB 0*16kB 0*32kB 0*64kB 0*128kB 0*256kB 0*512kB 0*1024kB 0*2048kB 0*4096kB = 4kB
[  297.966924][T11977] Node 1 Normal: 64*4kB (UME) 73*8kB (UME) 119*16kB (UME) 116*32kB (UME) 79*64kB (UME) 58*128kB (UM) 25*256kB (UME) 11*512kB (UME) 5*1024kB (UE) 7*2048kB (UME) 927*4096kB (M) = 3847416kB
[  298.043998][T11977] Node 0 hugepages_total=0 hugepages_free=0 hugepages_surp=0 hugepages_size=1048576kB
[  298.071392][T11977] Node 0 hugepages_total=2 hugepages_free=2 hugepages_surp=0 hugepages_size=2048kB
[  298.100678][T11977] Node 1 hugepages_total=0 hugepages_free=0 hugepages_surp=0 hugepages_size=1048576kB
[  298.130671][T11977] Node 1 hugepages_total=2 hugepages_free=2 hugepages_surp=0 hugepages_size=2048kB
[  298.161911][T11977] 79390 total pagecache pages
[  298.166667][T11977] 27 pages in swap cache
[  298.191336][T11977] Free swap  = 122888kB
[  298.206250][T11977] Total swap = 124996kB
[  298.219200][T11977] 2097051 pages RAM
[  298.235505][T11977] 0 pages HighMem/MovableOnly
[  298.249880][T11977] 426256 pages reserved
[  298.263228][T11977] 0 pages cma reserved
[  298.487523][   T24] usb 7-1: new high-speed USB device number 2 using dummy_hcd
[  298.576090][T12002] /dev/rnullb0: Can't open blockdev
[  298.659359][   T24] usb 7-1: Using ep0 maxpacket: 32
[  298.665880][   T24] usb 7-1: config 0 interface 0 altsetting 0 endpoint 0x9 has an invalid bInterval 128, changing to 11
[  298.739613][T12011] syzkaller1: entered promiscuous mode
[  298.745195][T12011] syzkaller1: entered allmulticast mode
[  298.789809][   T24] usb 7-1: config 0 interface 0 altsetting 0 endpoint 0x9 has invalid wMaxPacketSize 0
[  298.801618][   T24] usb 7-1: config 0 interface 0 altsetting 0 has an endpoint descriptor with address 0xB7, changing to 0x87
[  298.813188][   T24] usb 7-1: config 0 interface 0 altsetting 0 endpoint 0x87 has an invalid bInterval 0, changing to 7
[  298.824107][   T24] usb 7-1: config 0 interface 0 altsetting 0 endpoint 0x87 has invalid wMaxPacketSize 0
[  298.840828][   T24] usb 7-1: New USB device found, idVendor=0e6f, idProduct=582c, bcdDevice=31.68
[  298.849991][   T24] usb 7-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  298.858680][   T24] usb 7-1: Product: syz
[  298.862910][   T24] usb 7-1: Manufacturer: syz
[  298.867598][   T24] usb 7-1: SerialNumber: syz
[  298.877981][   T24] usb 7-1: config 0 descriptor??
[  298.890441][   T24] input: Generic X-Box pad as /devices/platform/dummy_hcd.6/usb7/7-1/7-1:0.0/input/input27
[  298.904757][ T5905] kernel read not supported for file /bus/input/devices (pid: 5905 comm: kworker/1:4)
[  299.152015][ T5905] usb 7-1: USB disconnect, device number 2
[  299.283496][   T49] netdevsim netdevsim0 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  299.345238][   T49] netdevsim netdevsim0 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  299.405878][T12020] netlink: 'syz.3.1849': attribute type 16 has an invalid length.
[  299.413982][T12020] netlink: 'syz.3.1849': attribute type 25 has an invalid length.
[  299.418938][ T3094] libceph: connect (1)[c::]:6789 error -101
[  299.422144][T12020] netlink: 64094 bytes leftover after parsing attributes in process `syz.3.1849'.
[  299.431030][ T3094] libceph: mon0 (1)[c::]:6789 connect error
[  299.446270][   T49] netdevsim netdevsim0 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  299.516108][   T49] netdevsim netdevsim0 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  299.654019][   T49] bridge_slave_1: left allmulticast mode
[  299.679062][   T49] bridge_slave_1: left promiscuous mode
[  299.683513][T12041] MTD: Attempt to mount non-MTD device "/dev/loop3"
[  299.687479][   T49] bridge0: port 2(bridge_slave_1) entered disabled state
[  299.699591][    T9] libceph: connect (1)[c::]:6789 error -101
[  299.705642][    T9] libceph: mon0 (1)[c::]:6789 connect error
[  299.713843][   T49] bridge_slave_0: left allmulticast mode
[  299.720656][   T49] bridge_slave_0: left promiscuous mode
[  299.726450][   T49] bridge0: port 1(bridge_slave_0) entered disabled state
[  299.738378][T12043] /dev/rnullb0: Can't open blockdev
[  299.828648][   T49] dvmrp0 (unregistering): left allmulticast mode
[  299.873892][   T49] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface
[  299.887892][   T49] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface
[  299.908761][   T49] bond0 (unregistering): Released all slaves
[  299.980881][   T49] tipc: Left network mode
[  300.227746][ T5942] libceph: connect (1)[c::]:6789 error -101
[  300.235224][ T5942] libceph: mon0 (1)[c::]:6789 connect error
[  300.242892][T12022] ceph: No mds server is up or the cluster is laggy
[  300.287332][   T49] hsr_slave_0: left promiscuous mode
[  300.297558][   T49] hsr_slave_1: left promiscuous mode
[  300.307443][   T49] batman_adv: batadv0: Interface deactivated: batadv_slave_0
[  300.322196][   T49] batman_adv: batadv0: Removing interface: batadv_slave_0
[  300.356198][   T30] audit: type=1326 audit(1756540990.397:48): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=12062 comm="syz.1.1856" exe="/root/syz-executor" sig=31 arch=c000003e syscall=202 compat=0 ip=0x7ff98978ebe9 code=0x0
[  300.396389][   T49] batman_adv: batadv0: Interface deactivated: batadv_slave_1
[  300.414266][T12066] /dev/rnullb0: Can't open blockdev
[  300.418382][   T49] batman_adv: batadv0: Removing interface: batadv_slave_1
[  300.439841][   T49] veth1_macvtap: left promiscuous mode
[  300.451973][   T49] veth0_macvtap: left promiscuous mode
[  300.458855][   T49] veth1_vlan: left promiscuous mode
[  300.464693][   T49] veth0_vlan: left promiscuous mode
[  300.481784][T12069] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy
[  300.493703][T12068] ptrace attach of "./syz-executor exec"[8914] was attempted by ""[12068]
[  300.530899][T12069] misc raw-gadget: fail, usb_gadget_register_driver returned -16
[  300.585772][T12069] /dev/rnullb0: Can't open blockdev
[  300.835292][   T49] team0 (unregistering): Port device team_slave_1 removed
[  300.855286][   T49] team0 (unregistering): Port device team_slave_0 removed
[  300.992864][ T1111] smc: removing ib device syz2
[  301.003133][   T24] lo speed is unknown, defaulting to 1000
[  301.032643][   T24] syz2: Port: 1 Link DOWN
[  301.081927][T12088] /dev/rnullb0: Can't open blockdev
[  301.112769][T12088] /dev/rnullb0: Can't open blockdev
[  301.150694][T12093] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy
[  301.165747][T12093] misc raw-gadget: fail, usb_gadget_register_driver returned -16
[  301.198102][T12093] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy
[  301.226203][T12093] misc raw-gadget: fail, usb_gadget_register_driver returned -16
[  301.259591][T12093] /dev/rnullb0: Can't open blockdev
[  302.063301][   T49] IPVS: stop unused estimator thread 0...
[  302.195280][T12134] /dev/rnullb0: Can't open blockdev
[  302.267755][T12137] netlink: 72 bytes leftover after parsing attributes in process `syz.3.1872'.
[  302.377687][T12140] netlink: 8 bytes leftover after parsing attributes in process `syz.3.1873'.
[  302.643636][T12151] /dev/rnullb0: Can't open blockdev
[  302.850109][ T5942] usb 7-1: new high-speed USB device number 3 using dummy_hcd
[  302.930319][T12165] /dev/rnullb0: Can't open blockdev
[  303.002808][ T5942] usb 7-1: device descriptor read/64, error -71
[  303.073146][T12178] ./cgroup: Can't lookup blockdev
[  303.193349][T12190] /dev/rnullb0: Can't open blockdev
[  303.194126][T12188] syzkaller0: entered promiscuous mode
[  303.206314][T12188] syzkaller0: entered allmulticast mode
[  303.216295][T12188] PF_CAN: dropped non conform CAN FD skbuff: dev type 280, len 65487
[  303.232125][T12188] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy
[  303.245949][T12188] misc raw-gadget: fail, usb_gadget_register_driver returned -16
[  303.267443][ T5942] usb 7-1: new high-speed USB device number 4 using dummy_hcd
[  303.391704][T12197] /dev/rnullb0: Can't open blockdev
[  303.427392][ T5942] usb 7-1: device descriptor read/64, error -71
[  303.537865][ T5942] usb usb7-port1: attempt power cycle
[  303.898292][ T5942] usb 7-1: new high-speed USB device number 5 using dummy_hcd
[  303.927925][ T5942] usb 7-1: device descriptor read/8, error -71
[  304.152853][T12218] /dev/rnullb0: Can't open blockdev
[  304.173254][T12225] /dev/rnullb0: Can't open blockdev
[  304.180637][ T5942] usb 7-1: new high-speed USB device number 6 using dummy_hcd
[  304.192831][T12222] /dev/rnullb0: Can't open blockdev
[  304.209159][ T5942] usb 7-1: device descriptor read/8, error -71
[  304.329292][ T5942] usb usb7-port1: unable to enumerate USB device
[  304.392654][T12235] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy
[  304.404782][T12235] misc raw-gadget: fail, usb_gadget_register_driver returned -16
[  304.577097][T12249] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy
[  304.589492][T12249] misc raw-gadget: fail, usb_gadget_register_driver returned -16
[  304.647516][  T951] usb 7-1: new high-speed USB device number 7 using dummy_hcd
[  304.788978][  T951] usb 7-1: device descriptor read/64, error -71
[  305.047748][  T951] usb 7-1: new high-speed USB device number 8 using dummy_hcd
[  305.199763][  T951] usb 7-1: device descriptor read/64, error -71
[  305.318704][  T951] usb usb7-port1: attempt power cycle
[  305.694999][T12258] /dev/rnullb0: Can't open blockdev
[  306.038399][  T951] usb usb7-port1: Cannot enable. Maybe the USB cable is bad?
[  306.177371][  T951] usb 7-1: new high-speed USB device number 10 using dummy_hcd
[  306.210912][  T951] usb 7-1: config 0 interface 0 altsetting 0 endpoint 0x9 has invalid wMaxPacketSize 0
[  306.230932][  T951] usb 7-1: config 0 interface 0 altsetting 0 endpoint 0xB has invalid wMaxPacketSize 0
[  306.256526][  T951] usb 7-1: New USB device found, idVendor=045e, idProduct=0283, bcdDevice=99.0b
[  306.271558][  T951] usb 7-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  306.291335][  T951] usb 7-1: Product: syz
[  306.301000][  T951] usb 7-1: Manufacturer: syz
[  306.316979][  T951] usb 7-1: SerialNumber: syz
[  306.418346][  T951] usb 7-1: config 0 descriptor??
[  306.433953][  T951] usb 7-1: 0:0 : invalid sync pipe. bmAttributes 00, bLength 9, bSynchAddress 00
[  306.615612][T12270] /dev/rnullb0: Can't open blockdev
[  306.625865][T12270] /dev/rnullb0: Can't open blockdev
[  306.740833][T12275] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy
[  306.768556][T12275] misc raw-gadget: fail, usb_gadget_register_driver returned -16
[  307.789293][T12287] /dev/rnullb0: Can't open blockdev
[  307.941311][  T951] usb 7-1: USB disconnect, device number 10
[  308.135160][ T5979] udevd[5979]: error opening ATTR{/sys/devices/platform/dummy_hcd.6/usb7/7-1/7-1:0.0/sound/card3/controlC3/../uevent} for writing: No such file or directory
[  308.234788][T12294] /dev/rnullb0: Can't open blockdev
[  308.338975][T12303] netlink: 40 bytes leftover after parsing attributes in process `syz.1.1916'.
[  308.353852][T12303] /dev/rnullb0: Can't open blockdev
[  308.399442][T12306] MTD: Attempt to mount non-MTD device "/dev/rnullb0"
[  308.406391][T12306] /dev/rnullb0: Can't open blockdev
[  308.416172][T12306] block nbd1: Attempted send on invalid socket
[  308.422423][T12306] I/O error, dev nbd1, sector 0 op 0x0:(READ) flags 0x0 phys_seg 1 prio class 2
[  308.431665][T12306] FAT-fs (nbd1): unable to read boot sector
[  308.754249][T12316] syzkaller1: entered promiscuous mode
[  308.761656][T12316] syzkaller1: entered allmulticast mode
[  309.329789][T12327] /dev/rnullb0: Can't open blockdev
[  309.471952][ T3094] usb 2-1: USB disconnect, device number 71
[  310.107500][ T5864] Bluetooth: hci0: unexpected cc 0x0c03 length: 249 > 1
[  310.116516][   T49] netdevsim netdevsim1 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  310.128701][ T5864] Bluetooth: hci0: unexpected cc 0x1003 length: 249 > 9
[  310.148259][ T5864] Bluetooth: hci0: unexpected cc 0x1001 length: 249 > 9
[  310.171631][ T5864] Bluetooth: hci0: unexpected cc 0x0c23 length: 249 > 4
[  310.193395][   T49] netdevsim netdevsim1 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  310.204400][ T5864] Bluetooth: hci0: unexpected cc 0x0c38 length: 249 > 2
[  310.265298][   T49] netdevsim netdevsim1 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  310.298770][T12349] wlan1 speed is unknown, defaulting to 1000
[  310.390125][   T49] netdevsim netdevsim1 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  310.412164][T12353] syzkaller1: entered promiscuous mode
[  310.418848][T12353] syzkaller1: entered allmulticast mode
[  310.552469][T12349] chnl_net:caif_netlink_parms(): no params data found
[  310.573336][   T49] bridge_slave_1: left allmulticast mode
[  310.587856][   T49] bridge_slave_1: left promiscuous mode
[  310.598875][   T49] bridge0: port 2(bridge_slave_1) entered disabled state
[  310.616937][   T49] bridge_slave_0: left allmulticast mode
[  310.626541][   T49] bridge_slave_0: left promiscuous mode
[  310.634182][   T49] bridge0: port 1(bridge_slave_0) entered disabled state
[  310.660294][T12362] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy
[  310.671940][T12362] misc raw-gadget: fail, usb_gadget_register_driver returned -16
[  310.862140][T12349] bridge0: port 1(bridge_slave_0) entered blocking state
[  310.870136][T12349] bridge0: port 1(bridge_slave_0) entered disabled state
[  310.877824][T12349] bridge_slave_0: entered allmulticast mode
[  310.884842][T12349] bridge_slave_0: entered promiscuous mode
[  310.894082][   T49] tipc: Left network mode
[  310.899258][T12349] bridge0: port 2(bridge_slave_1) entered blocking state
[  310.906892][T12349] bridge0: port 2(bridge_slave_1) entered disabled state
[  310.915366][T12349] bridge_slave_1: entered allmulticast mode
[  310.926700][T12349] bridge_slave_1: entered promiscuous mode
[  310.963537][T12349] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link
[  310.975072][T12349] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link
[  311.007656][T12349] team0: Port device team_slave_0 added
[  311.015023][T12349] team0: Port device team_slave_1 added
[  311.107342][   T49] hsr_slave_0: left promiscuous mode
[  311.122412][   T49] hsr_slave_1: left promiscuous mode
[  311.123440][T12378] overlayfs: failed to decode file handle (len=6, type=248, flags=0, err=-22)
[  311.131465][   T49] batman_adv: batadv0: Interface deactivated: batadv_slave_0
[  311.144944][   T49] batman_adv: batadv0: Removing interface: batadv_slave_0
[  311.152975][   T49] batman_adv: batadv0: Interface deactivated: batadv_slave_1
[  311.162253][   T49] batman_adv: batadv0: Removing interface: batadv_slave_1
[  311.173081][   T49] veth1_macvtap: left promiscuous mode
[  311.178953][   T49] veth0_macvtap: left promiscuous mode
[  311.184685][   T49] veth1_vlan: left promiscuous mode
[  311.190461][   T49] veth0_vlan: left promiscuous mode
[  311.215015][T12383] /dev/rnullb0: Can't open blockdev
[  311.356325][   T49] team0 (unregistering): Port device team_slave_1 removed
[  311.380435][   T49] team0 (unregistering): Port device team_slave_0 removed
[  311.391288][T12386] /dev/rnullb0: Can't open blockdev
[  311.501238][T12349] batman_adv: batadv0: Adding interface: batadv_slave_0
[  311.513952][T12349] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[  311.542840][T12349] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active
[  311.573881][T12349] batman_adv: batadv0: Adding interface: batadv_slave_1
[  311.590644][T12349] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[  311.632803][T12349] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active
[  311.770428][T12349] hsr_slave_0: entered promiscuous mode
[  311.787563][T12349] hsr_slave_1: entered promiscuous mode
[  311.793701][T12349] debugfs: 'hsr0' already exists in 'hsr'
[  311.808689][T12349] Cannot create hsr debugfs directory
[  311.977552][ T3094] usb 7-1: new high-speed USB device number 11 using dummy_hcd
[  312.071529][T12403] syzkaller1: entered promiscuous mode
[  312.079874][T12403] syzkaller1: entered allmulticast mode
[  312.106426][T12349] netdevsim netdevsim7 netdevsim0: renamed from eth0
[  312.128737][T12349] netdevsim netdevsim7 netdevsim1: renamed from eth1
[  312.158844][T12349] netdevsim netdevsim7 netdevsim2: renamed from eth2
[  312.167599][ T3094] usb 7-1: Using ep0 maxpacket: 16
[  312.180593][ T3094] usb 7-1: config 0 interface 0 altsetting 0 endpoint 0x84 has invalid wMaxPacketSize 0
[  312.187872][T12349] netdevsim netdevsim7 netdevsim3: renamed from eth3
[  312.209946][ T3094] usb 7-1: New USB device found, idVendor=2040, idProduct=0264, bcdDevice=4e.d1
[  312.222916][ T3094] usb 7-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  312.234085][ T3094] usb 7-1: Product: syz
[  312.239817][ T3094] usb 7-1: Manufacturer: syz
[  312.245676][ T3094] usb 7-1: SerialNumber: syz
[  312.255427][ T3094] usb 7-1: config 0 descriptor??
[  312.264117][ T3094] em28xx 7-1:0.0: New device syz syz @ 480 Mbps (2040:0264, interface 0, class 0)
[  312.276359][ T3094] em28xx 7-1:0.0: DVB interface 0 found: bulk
[  312.282715][ T5864] Bluetooth: hci0: command tx timeout
[  312.373121][T12349] 8021q: adding VLAN 0 to HW filter on device bond0
[  312.402391][T12349] 8021q: adding VLAN 0 to HW filter on device team0
[  312.422365][   T36] bridge0: port 1(bridge_slave_0) entered blocking state
[  312.429560][   T36] bridge0: port 1(bridge_slave_0) entered forwarding state
[  312.449667][   T36] bridge0: port 2(bridge_slave_1) entered blocking state
[  312.456785][   T36] bridge0: port 2(bridge_slave_1) entered forwarding state
[  312.516374][T12435] netlink: 4 bytes leftover after parsing attributes in process `syz.5.1948'.
[  312.523393][T12349] hsr0: Slave A (hsr_slave_0) is not up; please bring it up to get a fully working HSR network
[  312.536794][T12349] hsr0: Slave B (hsr_slave_1) is not up; please bring it up to get a fully working HSR network
[  312.565980][T12435] bond0: (slave bond_slave_0): Releasing backup interface
[  312.668968][T12395] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy
[  312.696164][T12395] misc raw-gadget: fail, usb_gadget_register_driver returned -16
[  312.818178][T12457] /dev/rnullb0: Can't open blockdev
[  312.824617][ T3094] em28xx 7-1:0.0: unknown em28xx chip ID (0)
[  312.827072][T12457] /dev/rnullb0: Can't open blockdev
[  312.913219][T12349] 8021q: adding VLAN 0 to HW filter on device batadv0
[  312.922095][ T3094] em28xx 7-1:0.0: reading from i2c device at 0xa0 failed (error=-5)
[  312.938609][ T3094] em28xx 7-1:0.0: board has no eeprom
[  313.010321][ T3094] em28xx 7-1:0.0: Identified as PCTV tripleStick (292e) (card=94)
[  313.035618][ T3094] em28xx 7-1:0.0: dvb set to bulk mode.
[  313.056248][    T9] em28xx 7-1:0.0: Binding DVB extension
[  313.089020][ T3094] usb 7-1: USB disconnect, device number 11
[  313.095474][ T3094] em28xx 7-1:0.0: Disconnecting em28xx
[  313.155823][    T9] em28xx 7-1:0.0: Registering input extension
[  313.175307][ T3094] em28xx 7-1:0.0: Closing input extension
[  313.209565][ T3094] em28xx 7-1:0.0: Freeing device
[  313.323908][T12349] veth0_vlan: entered promiscuous mode
[  313.349812][T12349] veth1_vlan: entered promiscuous mode
[  313.405210][T12349] veth0_macvtap: entered promiscuous mode
[  313.416005][T12489] syzkaller1: entered promiscuous mode
[  313.423358][T12489] syzkaller1: entered allmulticast mode
[  313.433952][T12349] veth1_macvtap: entered promiscuous mode
[  313.461416][T12349] batman_adv: batadv0: Interface activated: batadv_slave_0
[  313.475977][T12349] batman_adv: batadv0: Interface activated: batadv_slave_1
[  313.493253][ T1111] netdevsim netdevsim7 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0
[  313.507596][ T3094] usb 7-1: new full-speed USB device number 12 using dummy_hcd
[  313.511954][ T1111] netdevsim netdevsim7 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0
[  313.526289][ T1111] netdevsim netdevsim7 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0
[  313.543371][ T1111] netdevsim netdevsim7 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0
[  313.586779][   T49] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[  313.596247][   T49] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50
[  313.626032][   T49] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[  313.634586][   T49] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50
[  313.669841][ T3094] usb 7-1: unable to get BOS descriptor or descriptor too short
[  313.688832][ T3094] usb 7-1: not running at top speed; connect to a high speed hub
[  313.701382][ T3094] usb 7-1: config 1 has an invalid descriptor of length 0, skipping remainder of the config
[  313.712408][ T3094] usb 7-1: config 1 interface 0 altsetting 0 endpoint 0x81 has invalid maxpacket 1024, setting to 64
[  313.729061][ T3094] usb 7-1: too many endpoints for config 1 interface 1 altsetting 23: 170, using maximum allowed: 30
[  313.741882][ T3094] usb 7-1: config 1 interface 1 altsetting 23 has 0 endpoint descriptors, different from the interface descriptor's value: 170
[  313.759035][ T3094] usb 7-1: config 1 interface 1 has no altsetting 0
[  313.788767][ T3094] usb 7-1: New USB device found, idVendor=0525, idProduct=a4a1, bcdDevice= 0.40
[  313.800390][ T3094] usb 7-1: New USB device strings: Mfr=1, Product=2, SerialNumber=11
[  313.812501][ T3094] usb 7-1: Product: syz
[  313.816696][ T3094] usb 7-1: Manufacturer: syz
[  313.828791][ T3094] usb 7-1: SerialNumber: syz
[  313.845665][T12478] raw-gadget.2 gadget.6: fail, usb_ep_enable returned -22
[  313.896843][T12510] /dev/rnullb0: Can't open blockdev
[  314.058240][T12519] bond0: (slave rose0): Error: Device is in use and cannot be enslaved
[  314.070465][T12521] IPVS: sync thread started: state = BACKUP, mcast_ifn = hsr0, syncid = 0, id = 0
[  314.264063][T12530] xt_time: invalid argument - start or stop time greater than 23:59:59
[  314.274727][T12532] /dev/rnullb0: Can't open blockdev
[  314.345336][T12536] binder: 12533:12536 ioctl c018620c 200000000280 returned -1
[  314.357448][ T5864] Bluetooth: hci0: command 0x041b tx timeout
[  314.600760][ T3094] cdc_acm 7-1:1.0: probe with driver cdc_acm failed with error -22
[  314.619861][ T3094] usb 7-1: USB disconnect, device number 12
[  315.439971][   T30] audit: type=1326 audit(1756541005.487:49): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=12597 comm="syz.6.1978" exe="/root/syz-executor" sig=31 arch=c000003e syscall=202 compat=0 ip=0x7f3546d8ebe9 code=0x0
[  316.020264][T12631] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy
[  316.043289][T12631] misc raw-gadget: fail, usb_gadget_register_driver returned -16
[  316.051098][T12632] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy
[  316.063532][T12632] misc raw-gadget: fail, usb_gadget_register_driver returned -16
[  316.420083][T12640] kvm: pic: non byte write
[  316.437466][ T5864] Bluetooth: hci0: command 0x041b tx timeout
[  317.240544][ T1302] ieee802154 phy0 wpan0: encryption failed: -22
[  317.251726][ T1302] ieee802154 phy1 wpan1: encryption failed: -22
[  317.445151][T12652] netlink: 256 bytes leftover after parsing attributes in process `syz.6.1987'.
[  317.460054][T12652] /dev/rnullb0: Can't open blockdev
[  317.541424][T12656] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy
[  317.564123][T12656] misc raw-gadget: fail, usb_gadget_register_driver returned -16
[  317.807561][  T951] usb 7-1: new high-speed USB device number 13 using dummy_hcd
[  317.948695][  T951] usb 7-1: device descriptor read/64, error -71
[  318.207658][  T951] usb 7-1: new high-speed USB device number 14 using dummy_hcd
[  318.347428][  T951] usb 7-1: device descriptor read/64, error -71
[  318.457550][  T951] usb usb7-port1: attempt power cycle
[  318.513103][T12661] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy
[  318.522522][   T51] Bluetooth: hci0: command 0x041b tx timeout
[  318.523714][T12661] misc raw-gadget: fail, usb_gadget_register_driver returned -16
[  318.829276][  T951] usb 7-1: new high-speed USB device number 15 using dummy_hcd
[  318.849803][  T951] usb 7-1: device descriptor read/8, error -71
[  319.036687][T12670] fuse: Unknown parameter 'fk'
[  319.087588][  T951] usb 7-1: new high-speed USB device number 16 using dummy_hcd
[  319.128240][  T951] usb 7-1: device descriptor read/8, error -71
[  319.240341][  T951] usb usb7-port1: unable to enumerate USB device
[  319.260771][T12681] MTD: Attempt to mount non-MTD device "/dev/rnullb0"
[  319.286451][T12681] /dev/rnullb0: Can't open blockdev
[  319.354504][T12685] delete_channel: no stack
[  319.375403][T12685] delete_channel: no stack
[  320.020288][T12699] netlink: 'syz.3.2005': attribute type 21 has an invalid length.
[  320.037378][T12699] netlink: 128 bytes leftover after parsing attributes in process `syz.3.2005'.
[  320.048548][T12701] netlink: 'syz.3.2005': attribute type 21 has an invalid length.
[  320.056392][T12701] netlink: 128 bytes leftover after parsing attributes in process `syz.3.2005'.
[  320.283942][T12708] syzkaller1: entered promiscuous mode
[  320.293464][T12708] syzkaller1: entered allmulticast mode
[  320.304751][T12712] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy
[  320.314056][T12712] misc raw-gadget: fail, usb_gadget_register_driver returned -16
[  320.597363][   T51] Bluetooth: hci0: command 0x041b tx timeout
[  320.929448][T12724] /dev/rnullb0: Can't open blockdev
[  321.154975][T12731] netlink: 76 bytes leftover after parsing attributes in process `syz.5.2016'.
[  321.226263][T12734] bond0: (slave rose0): Error: Device is in use and cannot be enslaved
[  321.331952][  T951] IPVS: starting estimator thread 0...
[  321.360091][T12747] iommufd_mock iommufd_mock0: Adding to iommu group 0
[  321.437391][T12745] IPVS: using max 59 ests per chain, 141600 per kthread
[  321.630610][T12749] vhci_hcd vhci_hcd.0: pdev(5) rhport(0) sockfd(8)
[  321.635070][T12757] syzkaller1: entered promiscuous mode
[  321.637160][T12749] vhci_hcd vhci_hcd.0: devid(0) speed(5) speed_str(super-speed)
[  321.642738][T12757] syzkaller1: entered allmulticast mode
[  321.652035][T12749] vhci_hcd vhci_hcd.0: Device attached
[  321.677014][T12758] vhci_hcd: connection closed
[  321.677126][   T13] vhci_hcd: stop threads
[  321.687024][   T13] vhci_hcd: release socket
[  321.693228][   T13] vhci_hcd: disconnect device
[  322.592919][T12777] MTD: Attempt to mount non-MTD device "/dev/rnullb0"
[  322.602672][T12777] /dev/rnullb0: Can't open blockdev
[  322.679961][   T51] Bluetooth: hci0: command 0x041b tx timeout
[  323.163550][T12779] netlink: 248 bytes leftover after parsing attributes in process `syz.3.2031'.
[  323.513206][T12792] syzkaller1: entered promiscuous mode
[  323.518843][T12792] syzkaller1: entered allmulticast mode
[  323.583775][T12802] netlink: 28 bytes leftover after parsing attributes in process `syz.5.2037'.
[  324.354294][T12826] No control pipe specified
[  324.360347][T12826] netlink: 'syz.7.2039': attribute type 6 has an invalid length.
[  324.405458][T12828] IPVS: length: 159 != 24
[  324.621095][T12846] syzkaller1: entered promiscuous mode
[  324.626724][T12846] syzkaller1: entered allmulticast mode
[  325.004013][T12861] netlink: 200 bytes leftover after parsing attributes in process `syz.6.2049'.
[  326.250408][T12900] x_tables: ip_tables: TCPMSS target: only valid for protocol 6
[  326.341951][T12900] Invalid ELF header magic: != ELF
[  326.874663][T12940] binder: 12939:12940 ioctl c018620c 200000000580 returned -22
[  327.852305][T12976] /dev/rnullb0: Can't open blockdev
[  327.892357][T12980] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy
[  327.901987][T12980] misc raw-gadget: fail, usb_gadget_register_driver returned -16
[  327.912286][   T10] IPVS: starting estimator thread 0...
[  327.915731][T12980] /dev/rnullb0: Can't open blockdev
[  328.008618][T12981] IPVS: using max 46 ests per chain, 110400 per kthread
[  328.136403][T12993] /dev/rnullb0: Can't open blockdev
[  328.249867][T12999] /dev/rnullb0: Can't open blockdev
[  328.523855][   T51] Bluetooth: hci4: Ignoring connect complete event for invalid link type
[  328.823024][T13032] syzkaller1: entered promiscuous mode
[  328.830549][T13032] syzkaller1: entered allmulticast mode
[  328.967394][ T5966] usb 7-1: new high-speed USB device number 17 using dummy_hcd
[  329.097491][ T5966] usb 7-1: device descriptor read/64, error -71
[  329.337438][ T5966] usb 7-1: new high-speed USB device number 18 using dummy_hcd
[  329.449562][T13037] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy
[  329.459660][T13037] misc raw-gadget: fail, usb_gadget_register_driver returned -16
[  329.477593][ T5966] usb 7-1: device descriptor read/64, error -71
[  329.508906][T13042] No control pipe specified
[  329.593253][T13050] /dev/rnullb0: Can't open blockdev
[  329.597745][ T5966] usb usb7-port1: attempt power cycle
[  329.855423][T13064] syzkaller1: entered promiscuous mode
[  329.861129][T13064] syzkaller1: entered allmulticast mode
[  329.947437][ T5966] usb 7-1: new high-speed USB device number 19 using dummy_hcd
[  329.969072][ T5966] usb 7-1: device descriptor read/8, error -71
[  330.207539][ T5966] usb 7-1: new high-speed USB device number 20 using dummy_hcd
[  330.228199][ T5966] usb 7-1: device descriptor read/8, error -71
[  330.282672][T13070] /dev/rnullb0: Can't open blockdev
[  330.288837][T13070] netlink: 'syz.3.2108': attribute type 10 has an invalid length.
[  330.299888][T13071] netlink: 'syz.3.2108': attribute type 10 has an invalid length.
[  330.317031][T13070] team0 (unregistering): Port device C removed
[  330.329640][T13070] team0 (unregistering): Port device team_slave_1 removed
[  330.338710][ T5966] usb usb7-port1: unable to enumerate USB device
[  330.437107][   T30] audit: type=1326 audit(1756541020.477:50): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=13074 comm="syz.3.2109" exe="/root/syz-executor" sig=31 arch=c000003e syscall=202 compat=0 ip=0x7f7dbf18ebe9 code=0x0
[  331.071350][T13085] No control pipe specified
[  331.365140][T13089] QAT: failed to copy from user.
[  331.643054][T13115] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy
[  331.651693][T13115] misc raw-gadget: fail, usb_gadget_register_driver returned -16
[  332.342712][T13133] qnx6: wrong signature (magic) at position (0x2000) - will try alternative position (0x0000).
[  332.353750][T13133] qnx6: wrong signature (magic) in superblock #1.
[  332.363773][T13133] qnx6: unable to read the first superblock
[  332.388948][T13137] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy
[  332.398917][T13137] misc raw-gadget: fail, usb_gadget_register_driver returned -16
[  332.927474][   T10] usb 7-1: new high-speed USB device number 21 using dummy_hcd
[  333.041363][T13149] /dev/rnullb0: Can't open blockdev
[  333.097474][   T10] usb 7-1: Using ep0 maxpacket: 16
[  333.108679][   T10] usb 7-1: config 1 contains an unexpected descriptor of type 0x2, skipping
[  333.128541][   T10] usb 7-1: config 1 has an invalid descriptor of length 0, skipping remainder of the config
[  333.164555][   T10] usb 7-1: config 1 interface 1 altsetting 1 endpoint 0x1 has invalid wMaxPacketSize 0
[  333.208975][   T10] usb 7-1: too many endpoints for config 1 interface 2 altsetting 0: 255, using maximum allowed: 30
[  333.263950][   T10] usb 7-1: config 1 interface 2 altsetting 0 has 0 endpoint descriptors, different from the interface descriptor's value: 255
[  333.350919][   T10] usb 7-1: New USB device found, idVendor=1d6b, idProduct=0101, bcdDevice= 0.40
[  333.390312][   T10] usb 7-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  333.402701][   T10] usb 7-1: Product: syz
[  333.406952][   T10] usb 7-1: Manufacturer: syz
[  333.413085][   T10] usb 7-1: SerialNumber: syz
[  334.350937][T13166] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy
[  334.375171][T13166] misc raw-gadget: fail, usb_gadget_register_driver returned -16
[  338.187426][   T51] Bluetooth: hci4: Unable to find connection for big 0x00
[  338.201296][T13190] netlink: 8 bytes leftover after parsing attributes in process `syz.6.2143'.
[  338.510119][T13198] /dev/rnullb0: Can't open blockdev
[  338.538953][   T10] usb 7-1: USB disconnect, device number 21
[  338.563885][ T7017] udevd[7017]: error opening ATTR{/sys/devices/platform/dummy_hcd.6/usb7/7-1/7-1:1.0/sound/card3/controlC3/../uevent} for writing: No such file or directory
[  338.697485][T13209] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy
[  338.747621][T13209] misc raw-gadget: fail, usb_gadget_register_driver returned -16
[  338.964815][T13217] syzkaller1: entered promiscuous mode
[  338.971508][T13217] syzkaller1: entered allmulticast mode
[  339.512307][T13226] /dev/rnullb0: Can't open blockdev
[  340.717157][T13259] netlink: 'syz.7.2167': attribute type 21 has an invalid length.
[  340.757926][T13260] syzkaller1: entered promiscuous mode
[  340.763536][T13260] syzkaller1: entered allmulticast mode
[  341.521027][T13290] semctl(GETNCNT/GETZCNT) is since 3.16 Single Unix Specification compliant.
[  341.521027][T13290] The task syz.6.2175 (13290) triggered the difference, watch for misbehavior.
[  341.561185][T13290] /dev/rnullb0: Can't open blockdev
[  341.736802][T13292] ptrace attach of "./syz-executor exec"[12349] was attempted by ""[13292]
[  341.758782][T13294] /dev/rnullb0: Can't open blockdev
[  341.781535][T13294] netlink: 'syz.5.2177': attribute type 40 has an invalid length.
[  341.820291][T13294] syzkaller1: entered promiscuous mode
[  341.833387][T13294] syzkaller1: entered allmulticast mode
[  341.966210][T13299] iommufd_mock iommufd_mock0: Adding to iommu group 0
[  342.018199][T13301] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy
[  342.029057][T13301] misc raw-gadget: fail, usb_gadget_register_driver returned -16
[  342.222970][T13323] tmpfs: Bad value for 'mpol'
[  342.376676][T13334] /dev/rnullb0: Can't open blockdev
[  343.229175][T13370] binder: BINDER_SET_CONTEXT_MGR already set
[  343.235358][T13370] binder: 13369:13370 ioctl 4018620d 200000000100 returned -16
[  343.246538][T13370] binder: BINDER_SET_CONTEXT_MGR already set
[  343.255247][T13370] binder: 13369:13370 ioctl 4018620d 200000000100 returned -16
[  343.302893][T13378] /dev/rnullb0: Can't open blockdev
[  343.377081][T13384] Page cache invalidation failure on direct I/O.  Possible data corruption due to collision with buffered I/O!
[  343.391661][T13384] File: /dev/rnullb0 PID: 13384 Comm: syz.3.2205
[  343.426110][T13382] ������: renamed from wg2 (while UP)
[  343.531781][T13392] MTD: Attempt to mount non-MTD device "/dev/rnullb0"
[  343.538896][T13392] /dev/rnullb0: Can't open blockdev
[  344.405085][T13400] pci 0000:00:05.0: vgaarb: VGA decodes changed: olddecodes=io+mem,decodes=io+mem:owns=io+mem
[  344.508705][T13409] /dev/rnullb0: Can't open blockdev
[  344.946502][T13427] MTD: Attempt to mount non-MTD device "/dev/rnullb0"
[  344.959668][T13427] /dev/rnullb0: Can't open blockdev
[  345.167409][   T10] usb 7-1: new high-speed USB device number 22 using dummy_hcd
[  345.331227][   T10] usb 7-1: config 0 interface 0 has no altsetting 0
[  345.348435][   T10] usb 7-1: New USB device found, idVendor=1e7d, idProduct=3264, bcdDevice= 0.00
[  345.392094][   T10] usb 7-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  345.425941][   T10] usb 7-1: config 0 descriptor??
[  345.733510][T13438] /dev/rnullb0: Can't open blockdev
[  345.761681][T13438] /dev/rnullb0: Can't open blockdev
[  345.833342][T13445] netlink: 6 bytes leftover after parsing attributes in process `syz.3.2227'.
[  345.849048][T13445] A link change request failed with some changes committed already. Interface lo may have been left with an inconsistent configuration, please check.
[  345.863366][   T10] isku 0003:1E7D:3264.000F: unexpected long global item
[  345.889750][   T10] isku 0003:1E7D:3264.000F: parse failed
[  345.898816][   T10] isku 0003:1E7D:3264.000F: probe with driver isku failed with error -22
[  346.481016][T13467] /dev/rnullb0: Can't open blockdev
[  346.511263][T13469] netlink: 20 bytes leftover after parsing attributes in process `syz.5.2234'.
[  346.525396][T13469] netlink: 20 bytes leftover after parsing attributes in process `syz.5.2234'.
[  346.807013][T13485] netlink: 12 bytes leftover after parsing attributes in process `syz.7.2239'.
[  347.109076][T13489] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy
[  347.120187][T13489] misc raw-gadget: fail, usb_gadget_register_driver returned -16
[  347.666655][T13492] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy
[  347.679642][T13492] misc raw-gadget: fail, usb_gadget_register_driver returned -16
[  347.862259][ T3094] usb 7-1: USB disconnect, device number 22
[  348.217487][ T3094] usb 7-1: new high-speed USB device number 23 using dummy_hcd
[  348.377512][ T3094] usb 7-1: Using ep0 maxpacket: 8
[  348.384322][ T3094] usb 7-1: config 1 has 1 interface, different from the descriptor's value: 7
[  348.399099][ T3094] usb 7-1: New USB device found, idVendor=082d, idProduct=0100, bcdDevice=70.4b
[  348.408275][ T3094] usb 7-1: New USB device strings: Mfr=44, Product=2, SerialNumber=3
[  348.416459][ T3094] usb 7-1: Product: syz
[  348.421115][ T3094] usb 7-1: Manufacturer: syz
[  348.425848][ T3094] usb 7-1: SerialNumber: syz
[  348.635175][ T3094] usb 7-1: Handspring Visor / Palm OS: No valid connect info available
[  348.644016][ T3094] usb 7-1: Handspring Visor / Palm OS: port 0, is for Generic use
[  348.652129][ T3094] usb 7-1: Handspring Visor / Palm OS: port 0, is for Generic use
[  348.660434][ T3094] usb 7-1: Handspring Visor / Palm OS: Number of ports: 2
[  348.839233][ T3094] visor 7-1:1.0: Handspring Visor / Palm OS converter detected
[  348.849394][ T3094] usb 7-1: Handspring Visor / Palm OS converter now attached to ttyUSB0
[  348.859703][ T3094] usb 7-1: Handspring Visor / Palm OS converter now attached to ttyUSB1
[  349.155314][T13502] fanotify: failed to encode fid (type=0, len=0, err=-2)
[  349.156233][T13503] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy
[  349.178333][T13503] misc raw-gadget: fail, usb_gadget_register_driver returned -16
[  349.674330][T13508] IPVS: set_ctl: invalid protocol: 3090 143.152.230.142:31127
[  350.918002][T13520] syzkaller1: entered promiscuous mode
[  350.931386][   T43] usb 7-1: USB disconnect, device number 23
[  350.950903][   T43] visor ttyUSB0: Handspring Visor / Palm OS converter now disconnected from ttyUSB0
[  350.976910][T13520] syzkaller1: entered allmulticast mode
[  351.001586][   T43] visor ttyUSB1: Handspring Visor / Palm OS converter now disconnected from ttyUSB1
[  351.046797][   T43] visor 7-1:1.0: device disconnected
[  351.397109][T13505] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy
[  351.408925][T13505] misc raw-gadget: fail, usb_gadget_register_driver returned -16
[  351.437588][   T43] usb 7-1: new full-speed USB device number 24 using dummy_hcd
[  351.590045][   T43] usb 7-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 10
[  351.602307][   T43] usb 7-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0
[  351.613584][   T43] usb 7-1: New USB device found, idVendor=146b, idProduct=0902, bcdDevice= 0.00
[  351.624024][   T43] usb 7-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  351.638487][   T43] usb 7-1: config 0 descriptor??
[  351.809135][T13547] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy
[  351.820649][T13547] misc raw-gadget: fail, usb_gadget_register_driver returned -16
[  352.055269][   T43] bigben 0003:146B:0902.0010: unexpected rdesc, please submit for review
[  352.070669][   T43] bigben 0003:146B:0902.0010: unbalanced collection at end of report description
[  352.086160][   T43] bigben 0003:146B:0902.0010: parse failed
[  352.097585][   T43] bigben 0003:146B:0902.0010: probe with driver bigben failed with error -22
[  352.260223][T13525] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy
[  352.269733][T13525] misc raw-gadget: fail, usb_gadget_register_driver returned -16
[  352.555850][T12534] usb 7-1: USB disconnect, device number 24
[  353.645878][T13571] syzkaller1: entered promiscuous mode
[  353.651451][T13571] syzkaller1: entered allmulticast mode
[  354.169678][T13583] netlink: 16 bytes leftover after parsing attributes in process `syz.6.2270'.
[  354.189376][T13583] MTD: Attempt to mount non-MTD device "/dev/rnullb0"
[  354.196452][T13583] /dev/rnullb0: Can't open blockdev
[  354.942521][T13602] /dev/rnullb0: Can't open blockdev
[  355.039513][T13606] syzkaller1: entered promiscuous mode
[  355.060584][T13606] syzkaller1: entered allmulticast mode
[  355.238310][T13620] workqueue: Failed to create a rescuer kthread for wq "nfc3_nci_rx_wq": -EINTR
[  355.343850][T13631] vxcan1: MTU too low for tipc bearer
[  355.361675][T13631] tipc: Enabling of bearer <eth:vxcan1> rejected, failed to enable media
[  355.372414][T13629] bond0: (slave rose0): Error: Device is in use and cannot be enslaved
[  355.383825][T13632] netlink: 88 bytes leftover after parsing attributes in process `syz.7.2283'.
[  355.508038][T13641] /dev/rnullb0: Can't open blockdev
[  355.578560][T13647] /dev/rnullb0: Can't open blockdev
[  355.582246][T13645] /dev/rnullb0: Can't open blockdev
[  355.588314][T13647] cgroup: Unknown subsys name 'fowner'
[  355.654985][T13651] /dev/rnullb0: Can't open blockdev
[  355.885008][T13670] /dev/rnullb0: Can't open blockdev
[  356.025699][T13677] /dev/rnullb0: Can't open blockdev
[  356.244433][T13683] syzkaller1: entered promiscuous mode
[  356.250810][T13683] syzkaller1: entered allmulticast mode
[  356.772384][T13695] /dev/rnullb0: Can't open blockdev
[  358.926405][T13721] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy
[  358.980113][T13721] misc raw-gadget: fail, usb_gadget_register_driver returned -16
[  359.228386][T13728] syzkaller1: entered promiscuous mode
[  359.234207][T13728] syzkaller1: entered allmulticast mode
[  359.540945][T13740] /dev/rnullb0: Can't open blockdev
[  359.594397][T13745] /dev/rnullb0: Can't open blockdev
[  359.666335][T13750] MTD: Attempt to mount non-MTD device "/dev/rnullb0"
[  359.697873][T13750] /dev/rnullb0: Can't open blockdev
[  359.820734][T13751] netlink: 'syz.5.2325': attribute type 21 has an invalid length.
[  359.828717][T13751] netlink: 4 bytes leftover after parsing attributes in process `syz.5.2325'.
[  359.872262][T13755] tmpfs: Bad value for 'mpol'
[  359.901131][T13757] /dev/rnullb0: Can't open blockdev
[  360.541223][T13765] /dev/rnullb0: Can't open blockdev
[  360.806833][T13777] /dev/rnullb0: Can't open blockdev
[  361.019766][T13795] syzkaller1: entered promiscuous mode
[  361.025462][T13795] syzkaller1: entered allmulticast mode
[  361.162297][T13797] netlink: 4 bytes leftover after parsing attributes in process `syz.6.2337'.
[  361.646184][T13812] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy
[  361.670186][T13812] misc raw-gadget: fail, usb_gadget_register_driver returned -16
[  361.692910][   T51] Bluetooth: hci2: ACL packet for unknown connection handle 201
[  361.706580][T13812] netlink: 'syz.5.2341': attribute type 2 has an invalid length.
[  361.729336][T13812] netlink: 244 bytes leftover after parsing attributes in process `syz.5.2341'.
[  362.411459][T13824] loop8: detected capacity change from 0 to 7
[  362.420878][ T7017] Dev loop8: unable to read RDB block 7
[  362.426507][ T7017]  loop8: unable to read partition table
[  362.435286][ T7017] loop8: partition table beyond EOD, truncated
[  362.442696][T13824] Dev loop8: unable to read RDB block 7
[  362.452367][T13824]  loop8: unable to read partition table
[  362.458427][T13824] loop8: partition table beyond EOD, truncated
[  362.466413][T13824] loop_reread_partitions: partition scan of loop8 (�被x�^>��� ) failed (rc=-5)
[  362.635034][T13833] iommufd_mock iommufd_mock0: Adding to iommu group 0
[  362.645292][T13833] /dev/rnullb0: Can't open blockdev
[  362.814568][T13849] netlink: 28 bytes leftover after parsing attributes in process `syz.5.2354'.
[  362.862204][T13852] /dev/rnullb0: Can't open blockdev
[  363.086504][T13871] sctp: [Deprecated]: syz.7.2360 (pid 13871) Use of int in max_burst socket option.
[  363.086504][T13871] Use struct sctp_assoc_value instead
[  363.446495][   T51] Bluetooth: hci0: unexpected event for opcode 0x0c26
[  363.454558][T13876] ./file0: Can't lookup blockdev
[  363.535695][T13886] netlink: 'syz.7.2368': attribute type 4 has an invalid length.
[  363.546562][T13886] netlink: 17 bytes leftover after parsing attributes in process `syz.7.2368'.
[  363.572299][T13886] /dev/rnullb0: Can't open blockdev
[  363.899004][T13898] MTD: Attempt to mount non-MTD device "/dev/rnullb0"
[  363.905958][T13898] /dev/rnullb0: Can't open blockdev
[  364.936077][T13919] /dev/rnullb0: Can't open blockdev
[  365.188681][   T43] usb 7-1: new high-speed USB device number 25 using dummy_hcd
[  365.347470][   T43] usb 7-1: Using ep0 maxpacket: 8
[  365.355558][   T43] usb 7-1: New USB device found, idVendor=0ccd, idProduct=0039, bcdDevice=90.7b
[  365.385041][   T43] usb 7-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  365.416089][   T43] pvrusb2: Hardware description: Terratec Grabster AV400
[  365.430180][   T43] pvrusb2: **********
[  365.444834][   T43] pvrusb2: ***WARNING*** Support for this device (Terratec Grabster AV400) is experimental.
[  365.470665][   T43] pvrusb2: Important functionality might not be entirely working.
[  365.493322][   T43] pvrusb2: Please consider contacting the driver author to help with further stabilization of the driver.
[  365.505327][   T43] pvrusb2: **********
[  365.625489][ T2340] pvrusb2: Invalid write control endpoint
[  365.718543][ T2340] pvrusb2: Invalid write control endpoint
[  365.725276][ T2340] pvrusb2: ***WARNING*** Detected a wedged cx25840 chip; the device will not work.
[  365.745352][ T2340] pvrusb2: ***WARNING*** Try power cycling the pvrusb2 device.
[  365.758317][ T2340] pvrusb2: ***WARNING*** Disabling further access to the device to prevent other foul-ups.
[  365.772797][ T2340] pvrusb2: Device being rendered inoperable
[  365.787374][ T2340] cx25840 2-0044: Unable to detect h/w, assuming cx23887
[  365.794541][ T2340] cx25840 2-0044: cx23887 A/V decoder found @ 0x88 (pvrusb2_b)
[  365.807876][ T2340] pvrusb2: Attached sub-driver cx25840
[  365.813378][ T2340] pvrusb2: ***WARNING*** pvrusb2 device hardware appears to be jammed and I can't clear it.
[  365.840577][T12534] usb 7-1: USB disconnect, device number 25
[  365.857662][ T2340] pvrusb2: You might need to power cycle the pvrusb2 device in order to recover.
[  367.257517][   T30] audit: type=1804 audit(1756541057.287:51): pid=14000 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=invalid_pcr cause=ToMToU comm="syz.5.2405" name="rnullb0" dev="tmpfs" ino=2417 res=1 errno=0
[  367.764576][T14015] /dev/rnullb0: Can't lookup blockdev
[  367.867388][  T951] usb 7-1: new high-speed USB device number 26 using dummy_hcd
[  368.030115][  T951] usb 7-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config
[  368.062162][  T951] usb 7-1: New USB device found, idVendor=0471, idProduct=0304, bcdDevice=e4.df
[  368.081043][  T951] usb 7-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  368.092356][  T951] usb 7-1: config 0 descriptor??
[  368.108886][T14024] netlink: 112 bytes leftover after parsing attributes in process `syz.3.2415'.
[  368.114426][  T951] pwc: Askey VC010 type 2 USB webcam detected.
[  368.140009][   T30] audit: type=1804 audit(1756541058.187:52): pid=14032 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=invalid_pcr cause=ToMToU comm="syz.5.2418" name="rnullb0" dev="tmpfs" ino=2417 res=1 errno=0
[  368.162353][T14031] netlink: 'syz.5.2418': attribute type 15 has an invalid length.
[  368.201468][T14024] syz.3.2415 (14024) used greatest stack depth: 17992 bytes left
[  368.343448][T14039] netlink: 188 bytes leftover after parsing attributes in process `syz.5.2421'.
[  368.352880][   T30] audit: type=1804 audit(1756541058.387:53): pid=14039 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=invalid_pcr cause=ToMToU comm="syz.5.2421" name="rnullb0" dev="tmpfs" ino=2417 res=1 errno=0
[  368.516482][  T951] pwc: recv_control_msg error -32 req 02 val 2b00
[  368.529856][  T951] pwc: recv_control_msg error -32 req 02 val 2700
[  368.924676][  T951] pwc: recv_control_msg error -71 req 04 val 1000
[  368.943660][  T951] pwc: recv_control_msg error -71 req 04 val 1300
[  368.988514][T14050] /dev/rnullb0: Can't lookup blockdev
[  369.025448][  T951] pwc: recv_control_msg error -71 req 04 val 1400
[  369.041159][  T951] pwc: recv_control_msg error -71 req 02 val 2000
[  369.048274][  T951] pwc: recv_control_msg error -71 req 02 val 2100
[  369.058780][  T951] pwc: recv_control_msg error -71 req 04 val 1500
[  369.071637][  T951] pwc: recv_control_msg error -71 req 02 val 2500
[  369.097660][  T951] pwc: recv_control_msg error -71 req 02 val 2400
[  369.104517][  T951] pwc: recv_control_msg error -71 req 02 val 2600
[  369.119740][  T951] pwc: recv_control_msg error -71 req 02 val 2900
[  369.126590][  T951] pwc: recv_control_msg error -71 req 02 val 2800
[  369.139318][  T951] pwc: recv_control_msg error -71 req 04 val 1100
[  369.146113][  T951] pwc: recv_control_msg error -71 req 04 val 1200
[  369.164510][  T951] pwc: Registered as video103.
[  369.184238][  T951] input: PWC snapshot button as /devices/platform/dummy_hcd.6/usb7/7-1/input/input32
[  369.218660][  T951] usb 7-1: USB disconnect, device number 26
[  369.493349][T14071] block nbd6: Attempted send on invalid socket
[  369.502716][T14071] I/O error, dev nbd6, sector 0 op 0x0:(READ) flags 0x0 phys_seg 1 prio class 2
[  369.511921][T14071] hpfs: hpfs_map_sector(): read error
[  369.756426][T14093] netlink: 'syz.5.2441': attribute type 2 has an invalid length.
[  369.765836][T14093] netlink: 16126 bytes leftover after parsing attributes in process `syz.5.2441'.
[  369.887917][T14103] MTD: Attempt to mount non-MTD device "/dev/rnullb0"
[  369.894895][T14103] /dev/rnullb0: Can't open blockdev
[  370.807556][T14125] /dev/rnullb0: Can't open blockdev
[  371.177490][   T43] usb 7-1: new high-speed USB device number 27 using dummy_hcd
[  371.218926][T14142] /dev/rnullb0: Can't lookup blockdev
[  371.327407][   T43] usb 7-1: Using ep0 maxpacket: 16
[  371.334277][   T43] usb 7-1: too many configurations: 97, using maximum allowed: 8
[  371.344190][   T43] usb 7-1: config 6 has an invalid interface number: 43 but max is 0
[  371.353943][   T43] usb 7-1: config 6 has no interface number 0
[  371.361675][   T43] usb 7-1: config 6 has an invalid interface number: 43 but max is 0
[  371.371405][   T43] usb 7-1: config 6 has no interface number 0
[  371.379865][   T43] usb 7-1: config 6 has an invalid interface number: 43 but max is 0
[  371.388472][   T43] usb 7-1: config 6 has no interface number 0
[  371.395495][   T43] usb 7-1: config 6 has an invalid interface number: 43 but max is 0
[  371.404277][   T43] usb 7-1: config 6 has no interface number 0
[  371.412035][   T43] usb 7-1: config 6 has an invalid interface number: 43 but max is 0
[  371.420649][   T43] usb 7-1: config 6 has no interface number 0
[  371.428157][   T43] usb 7-1: config 6 has an invalid interface number: 43 but max is 0
[  371.436504][   T43] usb 7-1: config 6 has no interface number 0
[  371.441765][T14149] /dev/rnullb0: Can't lookup blockdev
[  371.443959][   T43] usb 7-1: config 6 has an invalid interface number: 43 but max is 0
[  371.456622][   T43] usb 7-1: config 6 has no interface number 0
[  371.463919][   T43] usb 7-1: config 6 has an invalid interface number: 43 but max is 0
[  371.472414][   T43] usb 7-1: config 6 has no interface number 0
[  371.527142][T14153] netlink: 20 bytes leftover after parsing attributes in process `syz.5.2465'.
[  371.535048][T14140] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy
[  371.545230][T14140] misc raw-gadget: fail, usb_gadget_register_driver returned -16
[  371.565282][   T43] usb 7-1: string descriptor 0 read error: -71
[  371.586613][   T43] usb 7-1: New USB device found, idVendor=2304, idProduct=023b, bcdDevice=7b.5c
[  371.594479][T14160] /dev/rnullb0: Can't lookup blockdev
[  371.597630][   T43] usb 7-1: New USB device strings: Mfr=249, Product=204, SerialNumber=224
[  371.612182][   T43] usb 7-1: rejected 8 configurations due to insufficient available bus power
[  371.626734][   T43] usb 7-1: no configuration chosen from 8 choices
[  371.637227][   T43] usb 7-1: USB disconnect, device number 27
[  371.677594][   T30] audit: type=1804 audit(1756541061.727:54): pid=14164 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=invalid_pcr cause=ToMToU comm="syz.5.2469" name="rnullb0" dev="tmpfs" ino=2417 res=1 errno=0
[  371.884147][T14173] netlink: 12 bytes leftover after parsing attributes in process `syz.5.2472'.
[  371.927461][   T43] usb 7-1: new high-speed USB device number 28 using dummy_hcd
[  372.001307][   T30] audit: type=1800 audit(1756541062.047:55): pid=14181 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed(directio) comm="syz.5.2474" name="rnullb0" dev="tmpfs" ino=2417 res=0 errno=0
[  372.047992][   T30] audit: type=1800 audit(1756541062.097:56): pid=14181 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed(directio) comm="syz.5.2474" name="rnullb0" dev="tmpfs" ino=2417 res=0 errno=0
[  372.069155][   T30] audit: type=1800 audit(1756541062.097:57): pid=14181 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed(directio) comm="syz.5.2474" name="rnullb0" dev="tmpfs" ino=2417 res=0 errno=0
[  372.090743][   T30] audit: type=1800 audit(1756541062.097:58): pid=14181 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed(directio) comm="syz.5.2474" name="rnullb0" dev="tmpfs" ino=2417 res=0 errno=0
[  372.112754][   T43] usb 7-1: too many configurations: 24, using maximum allowed: 8
[  372.115127][   T30] audit: type=1800 audit(1756541062.097:59): pid=14181 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed(directio) comm="syz.5.2474" name="rnullb0" dev="tmpfs" ino=2417 res=0 errno=0
[  372.121491][   T43] usb 7-1: config 1 has an invalid descriptor of length 245, skipping remainder of the config
[  372.151912][   T30] audit: type=1800 audit(1756541062.097:60): pid=14181 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed(directio) comm="syz.5.2474" name="rnullb0" dev="tmpfs" ino=2417 res=0 errno=0
[  372.160571][   T43] usb 7-1: config 1 has 1 interface, different from the descriptor's value: 2
[  372.185241][   T43] usb 7-1: config 1 interface 0 altsetting 0 has 0 endpoint descriptors, different from the interface descriptor's value: 1
[  372.208574][   T43] usb 7-1: config 1 has an invalid descriptor of length 245, skipping remainder of the config
[  372.219054][   T43] usb 7-1: config 1 has 1 interface, different from the descriptor's value: 2
[  372.228220][   T43] usb 7-1: config 1 interface 0 altsetting 0 has 0 endpoint descriptors, different from the interface descriptor's value: 1
[  372.248857][   T43] usb 7-1: config 1 has an invalid descriptor of length 245, skipping remainder of the config
[  372.259492][   T43] usb 7-1: config 1 has 1 interface, different from the descriptor's value: 2
[  372.269084][   T43] usb 7-1: config 1 interface 0 altsetting 0 has 0 endpoint descriptors, different from the interface descriptor's value: 1
[  372.283455][   T43] usb 7-1: config 1 has an invalid descriptor of length 245, skipping remainder of the config
[  372.295872][   T43] usb 7-1: config 1 has 1 interface, different from the descriptor's value: 2
[  372.306387][   T43] usb 7-1: config 1 interface 0 altsetting 0 has 0 endpoint descriptors, different from the interface descriptor's value: 1
[  372.320309][   T43] usb 7-1: config 1 has an invalid descriptor of length 245, skipping remainder of the config
[  372.330743][   T43] usb 7-1: config 1 has 1 interface, different from the descriptor's value: 2
[  372.339716][   T43] usb 7-1: config 1 interface 0 altsetting 0 has 0 endpoint descriptors, different from the interface descriptor's value: 1
[  372.353854][   T43] usb 7-1: config 1 has an invalid descriptor of length 245, skipping remainder of the config
[  372.364228][   T43] usb 7-1: config 1 has 1 interface, different from the descriptor's value: 2
[  372.374047][   T43] usb 7-1: config 1 interface 0 altsetting 0 has 0 endpoint descriptors, different from the interface descriptor's value: 1
[  372.387789][   T43] usb 7-1: config 1 has an invalid descriptor of length 245, skipping remainder of the config
[  372.398733][   T43] usb 7-1: config 1 has 1 interface, different from the descriptor's value: 2
[  372.407667][   T43] usb 7-1: config 1 interface 0 altsetting 0 has 0 endpoint descriptors, different from the interface descriptor's value: 1
[  372.421428][   T43] usb 7-1: config 1 has an invalid descriptor of length 245, skipping remainder of the config
[  372.431764][   T43] usb 7-1: config 1 has 1 interface, different from the descriptor's value: 2
[  372.440747][   T43] usb 7-1: config 1 interface 0 altsetting 0 has 0 endpoint descriptors, different from the interface descriptor's value: 1
[  372.455437][   T43] usb 7-1: New USB device found, idVendor=0525, idProduct=a4a1, bcdDevice= 0.40
[  372.464511][   T43] usb 7-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  372.472536][   T43] usb 7-1: Product: syz
[  372.476690][   T43] usb 7-1: Manufacturer: syz
[  372.481324][   T43] usb 7-1: SerialNumber: syz
[  372.488755][   T43] cdc_ncm 7-1:1.0: CDC Union missing and no IAD found
[  372.495563][   T43] cdc_ncm 7-1:1.0: bind() failure
[  372.689280][T14158] /dev/rnullb0: Can't open blockdev
[  372.696906][T14158] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy
[  372.708034][T14158] misc raw-gadget: fail, usb_gadget_register_driver returned -16
[  372.730256][   T43] usb 7-1: USB disconnect, device number 28
[  372.909642][   T30] kauditd_printk_skb: 27 callbacks suppressed
[  372.909660][   T30] audit: type=1804 audit(1756541062.947:88): pid=14201 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=invalid_pcr cause=ToMToU comm="syz.5.2482" name="rnullb0" dev="tmpfs" ino=2417 res=1 errno=0
[  373.409970][   T30] audit: type=1804 audit(1756541063.447:89): pid=14228 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=invalid_pcr cause=ToMToU comm="syz.5.2491" name="rnullb0" dev="tmpfs" ino=2417 res=1 errno=0
[  373.552273][T14241] ./file0: Can't lookup blockdev
[  373.676918][T14247] /dev/rnullb0: Can't open blockdev
[  373.804968][T14255] MTD: Attempt to mount non-MTD device "/dev/rnullb0"
[  373.812235][T14255] /dev/rnullb0: Can't open blockdev
[  373.815406][T14257] netlink: 348 bytes leftover after parsing attributes in process `syz.5.2503'.
[  373.856808][T14261] netlink: 24 bytes leftover after parsing attributes in process `syz.6.2504'.
[  373.866941][T14261] /dev/rnullb0: Can't open blockdev
[  373.870776][   T30] audit: type=1326 audit(1756541063.917:90): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=14262 comm="syz.5.2505" exe="/root/syz-executor" sig=9 arch=c000003e syscall=231 compat=0 ip=0x7ff176b8ebe9 code=0x0
[  373.927213][T14266] /dev/rnullb0: Can't lookup blockdev
[  373.978734][T14270] rdma_rxe: rxe_newlink: failed to add wlan1
[  373.989640][T14270] /dev/rnullb0: Can't open blockdev
[  374.257447][   T10] usb 7-1: new high-speed USB device number 29 using dummy_hcd
[  374.407476][   T10] usb 7-1: Using ep0 maxpacket: 32
[  374.414455][   T10] usb 7-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7
[  374.425499][   T10] usb 7-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0
[  374.435309][   T10] usb 7-1: New USB device found, idVendor=27b8, idProduct=01ed, bcdDevice= 0.00
[  374.444789][   T10] usb 7-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  374.454371][   T10] usb 7-1: config 0 descriptor??
[  374.869877][   T10] hid_parser_main: 58 callbacks suppressed
[  374.869898][   T10] hid-led 0003:27B8:01ED.0011: unknown main item tag 0x7
[  374.967965][T14283] netlink: 176 bytes leftover after parsing attributes in process `syz.5.2512'.
[  375.269551][   T10] hid-led 0003:27B8:01ED.0011: hidraw0: USB HID v0.00 Device [HID 27b8:01ed] on usb-dummy_hcd.6-1/input0
[  375.298438][   T10] hid-led 0003:27B8:01ED.0011: ThingM blink(1) initialized
[  375.812097][   T30] audit: type=1326 audit(1756541065.857:91): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=14286 comm="syz.5.2513" exe="/root/syz-executor" sig=9 arch=c000003e syscall=231 compat=0 ip=0x7ff176b8ebe9 code=0x0
[  376.365176][   T30] audit: type=1326 audit(1756541066.407:92): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=14289 comm="syz.3.2514" exe="/root/syz-executor" sig=9 arch=c000003e syscall=231 compat=0 ip=0x7f7dbf18ebe9 code=0x0
[  376.511227][T14294] /dev/rnullb0: Can't open blockdev
[  376.676222][T14299] fuse: Bad value for 'group_id'
[  376.689630][T14299] fuse: Bad value for 'group_id'
[  376.699081][T14301] MTD: Attempt to mount non-MTD device "/dev/rnullb0"
[  376.706230][T14301] /dev/rnullb0: Can't open blockdev
[  376.719685][T14299] 9p: Unknown parameter 'w���o'
[  376.759040][   T51] Bluetooth: hci4: Controller not accepting commands anymore: ncmd = 0
[  376.767443][   T51] Bluetooth: hci4: Injecting HCI hardware error event
[  376.774309][ T5864] Bluetooth: hci4: hardware error 0x00
[  376.939464][T14309] /dev/rnullb0: Can't open blockdev
[  377.050538][   T43] usb 7-1: USB disconnect, device number 29
[  377.146179][T14319] /dev/rnullb0: Can't open blockdev
[  377.157122][T14321] /dev/rnullb0: Can't open blockdev
[  377.301916][T14329] /dev/rnullb0: Can't open blockdev
[  377.309302][T14329] /dev/rnullb0: Can't open blockdev
[  377.452925][T14339] /dev/rnullb0: Can't open blockdev
[  377.576210][T14343] /dev/rnullb0: Can't open blockdev
[  377.843329][T14353] kvm: kvm [14352]: vcpu2, guest rIP: 0x9114 Unhandled WRMSR(0xc2) = 0x7
[  377.852216][T14353] kvm: kvm [14352]: vcpu2, guest rIP: 0x9114 Unhandled WRMSR(0xc1) = 0x7
[  378.040004][   T30] audit: type=1804 audit(1756541068.087:93): pid=14365 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=invalid_pcr cause=ToMToU comm="syz.5.2539" name="rnullb0" dev="tmpfs" ino=2417 res=1 errno=0
[  378.680886][ T1302] ieee802154 phy1 wpan1: encryption failed: -22
[  378.837491][ T5864] Bluetooth: hci4: Opcode 0x0c03 failed: -110
[  378.853009][T14367] binder: 14366:14367 ioctl c0306201 0 returned -14
[  378.929604][   T30] audit: type=1326 audit(1756541068.967:94): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=14370 comm="syz.5.2542" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7ff176b8ebe9 code=0x7fc00000
[  378.952548][   T30] audit: type=1326 audit(1756541068.967:95): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=14370 comm="syz.5.2542" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7ff176b8ebe9 code=0x7fc00000
[  378.976030][   T30] audit: type=1326 audit(1756541068.967:96): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=14370 comm="syz.5.2542" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7ff176b8ebe9 code=0x7fc00000
[  379.221696][   T30] audit: type=1804 audit(1756541069.267:97): pid=14394 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=invalid_pcr cause=ToMToU comm="syz.5.2551" name="rnullb0" dev="tmpfs" ino=2417 res=1 errno=0
[  379.491428][T14402] /dev/rnullb0: Can't open blockdev
[  379.534209][T14404] /dev/rnullb0: Can't open blockdev
[  379.565485][T14406] /dev/rnullb0: Can't open blockdev
[  380.303972][T14428] MTD: Couldn't look up '/dev/rnullb0': -15
[  381.565259][T14463] netlink: 12 bytes leftover after parsing attributes in process `syz.5.2577'.
[  383.299997][T14487] netlink: 4 bytes leftover after parsing attributes in process `syz.7.2585'.
[  383.369101][   T24] usb 7-1: new high-speed USB device number 30 using dummy_hcd
[  383.494865][T14496] netlink: 'syz.7.2589': attribute type 15 has an invalid length.
[  383.504271][T14496] MTD: Attempt to mount non-MTD device "/dev/rnullb0"
[  383.511267][T14496] /dev/rnullb0: Can't open blockdev
[  383.547547][   T24] usb 7-1: Using ep0 maxpacket: 16
[  383.555481][   T24] usb 7-1: config index 0 descriptor too short (expected 9, got 0)
[  383.564290][   T24] usb 7-1: can't read configurations, error -22
[  383.717441][   T24] usb 7-1: new high-speed USB device number 31 using dummy_hcd
[  383.877734][   T24] usb 7-1: Using ep0 maxpacket: 16
[  383.888103][   T24] usb 7-1: config index 0 descriptor too short (expected 9, got 0)
[  383.896240][   T24] usb 7-1: can't read configurations, error -22
[  383.911911][   T24] usb usb7-port1: attempt power cycle
[  384.267695][   T24] usb 7-1: new high-speed USB device number 32 using dummy_hcd
[  384.298137][   T24] usb 7-1: Using ep0 maxpacket: 16
[  384.306654][   T24] usb 7-1: config index 0 descriptor too short (expected 9, got 0)
[  384.316171][   T24] usb 7-1: can't read configurations, error -22
[  384.467499][   T24] usb 7-1: new high-speed USB device number 33 using dummy_hcd
[  384.472145][T14500] /dev/rnullb0: Can't open blockdev
[  384.498087][   T24] usb 7-1: Using ep0 maxpacket: 16
[  384.505905][   T24] usb 7-1: config index 0 descriptor too short (expected 9, got 0)
[  384.513961][   T24] usb 7-1: can't read configurations, error -22
[  384.520504][   T24] usb usb7-port1: unable to enumerate USB device
[  384.576384][T14504] overlayfs: option "workdir=./file0" is useless in a non-upper mount, ignore
[  384.585893][T14504] overlayfs: option "volatile" is meaningless in a non-upper mount, ignoring it.
[  384.595301][T14504] overlayfs: at least 2 lowerdir are needed while upperdir nonexistent
[  384.608903][T14504] netlink: 4 bytes leftover after parsing attributes in process `syz.5.2592'.
[  384.619042][   T30] audit: type=1804 audit(1756541074.667:98): pid=14504 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=invalid_pcr cause=ToMToU comm="syz.5.2592" name="rnullb0" dev="tmpfs" ino=2417 res=1 errno=0
[  384.877809][T14506] overlay: Bad value for 'workdir'
[  384.888517][T14506] /dev/rnullb0: Can't open blockdev
[  384.894680][T14506] overlay: Bad value for 'workdir'
[  385.151499][T14516] /dev/rnullb0: Can't open blockdev
[  385.189109][T14520] /dev/rnullb0: Can't open blockdev
[  385.296396][   T30] audit: type=1804 audit(1756541075.337:99): pid=14534 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=invalid_pcr cause=ToMToU comm="syz.5.2602" name="rnullb0" dev="tmpfs" ino=2417 res=1 errno=0
[  385.358718][T14536] netlink: 4 bytes leftover after parsing attributes in process `syz.3.2603'.
[  385.888010][   T51] Bluetooth: hci2: command 0x0406 tx timeout
[  386.278166][   T24] wlan1 speed is unknown, defaulting to 1000
[  386.284215][   T24] syz0: Port: 1 Link DOWN
[  386.536315][T14550] overlayfs: upper fs does not support RENAME_WHITEOUT.
[  386.543704][T14550] overlayfs: failed to set xattr on upper
[  386.552873][T14550] overlayfs: ...falling back to redirect_dir=nofollow.
[  386.561450][T14550] overlayfs: ...falling back to index=off.
[  386.837523][ T3094] usb 7-1: new high-speed USB device number 34 using dummy_hcd
[  386.900625][T14534] kexec: Could not allocate control_code_buffer
[  386.969895][ T3094] usb 7-1: device descriptor read/64, error -71
[  387.237467][ T3094] usb 7-1: new high-speed USB device number 35 using dummy_hcd
[  387.368157][ T3094] usb 7-1: device descriptor read/64, error -71
[  387.478032][ T3094] usb usb7-port1: attempt power cycle
[  387.709254][   T30] audit: type=1804 audit(1756541077.757:100): pid=14575 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=invalid_pcr cause=ToMToU comm="syz.5.2615" name="rnullb0" dev="tmpfs" ino=2417 res=1 errno=0
[  387.817453][ T3094] usb 7-1: new high-speed USB device number 36 using dummy_hcd
[  387.838405][ T3094] usb 7-1: device descriptor read/8, error -71
[  388.077507][ T3094] usb 7-1: new high-speed USB device number 37 using dummy_hcd
[  388.098869][ T3094] usb 7-1: device descriptor read/8, error -71
[  388.207639][ T3094] usb usb7-port1: unable to enumerate USB device
[  388.443579][T14592] syzkaller1: entered promiscuous mode
[  388.450168][T14592] syzkaller1: entered allmulticast mode
[  388.715007][T14599] netlink: 24 bytes leftover after parsing attributes in process `syz.5.2624'.
[  388.725942][   T30] audit: type=1804 audit(1756541078.777:101): pid=14599 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=invalid_pcr cause=ToMToU comm="syz.5.2624" name="rnullb0" dev="tmpfs" ino=2417 res=1 errno=0
[  389.261554][T14617] syzkaller1: entered promiscuous mode
[  389.268316][T14617] syzkaller1: entered allmulticast mode
[  389.516386][T14634] syzkaller1: entered promiscuous mode
[  389.522924][T14634] syzkaller1: entered allmulticast mode
[  389.833756][T14641] /dev/rnullb0: Can't open blockdev
[  390.117952][ T3094] usb 7-1: new high-speed USB device number 38 using dummy_hcd
[  390.145550][T14655] /dev/rnullb0: Can't open blockdev
[  390.156643][T14655] tmpfs: Unknown parameter 'indo64'
[  390.267376][ T3094] usb 7-1: Using ep0 maxpacket: 16
[  390.275201][ T3094] usb 7-1: New USB device found, idVendor=05d1, idProduct=2001, bcdDevice= 2.00
[  390.285821][ T3094] usb 7-1: New USB device strings: Mfr=0, Product=0, SerialNumber=20
[  390.294416][ T3094] usb 7-1: SerialNumber: syz
[  390.308199][ T3094] usb 7-1: config 0 descriptor??
[  390.316629][ T3094] ftdi_sio 7-1:0.0: FTDI USB Serial Device converter detected
[  390.325682][ T3094] usb 7-1: Detected FT232A
[  390.331341][ T3094] usb 7-1: FTDI USB Serial Device converter now attached to ttyUSB0
[  390.522268][T14651] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy
[  390.535973][T14651] misc raw-gadget: fail, usb_gadget_register_driver returned -16
[  390.549004][T14651] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy
[  390.561682][T14651] misc raw-gadget: fail, usb_gadget_register_driver returned -16
[  390.574091][T14651] /dev/rnullb0: Can't open blockdev
[  390.580802][   T43] usb 7-1: USB disconnect, device number 38
[  390.589549][   T43] ftdi_sio ttyUSB0: FTDI USB Serial Device converter now disconnected from ttyUSB0
[  390.610910][   T43] ftdi_sio 7-1:0.0: device disconnected
[  390.654695][T14663] Bluetooth: MGMT ver 1.23
[  391.153253][T14674] syzkaller1: entered promiscuous mode
[  391.158978][T14674] syzkaller1: entered allmulticast mode
[  391.848832][   T30] audit: type=1804 audit(1756541081.897:102): pid=14691 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=invalid_pcr cause=ToMToU comm="syz.5.2657" name="rnullb0" dev="tmpfs" ino=2417 res=1 errno=0
[  391.905000][T14693] MTD: Couldn't look up '/dev/rnullb0': -15
[  392.272259][ T5864] Bluetooth: hci0: Received unexpected HCI Event 0x00
[  393.234237][T14709] syzkaller1: entered promiscuous mode
[  393.242778][T14709] syzkaller1: entered allmulticast mode
[  394.723251][T14741] syzkaller1: entered promiscuous mode
[  394.732112][T14741] syzkaller1: entered allmulticast mode
[  394.749064][T14743] netlink: 60 bytes leftover after parsing attributes in process `syz.7.2677'.
[  394.773739][T14743] netlink: 60 bytes leftover after parsing attributes in process `syz.7.2677'.
[  394.795375][T14743] /dev/rnullb0: Can't open blockdev
[  395.081807][T14753] /dev/rnullb0: Can't open blockdev
[  395.678877][T14772] /dev/rnullb0: Can't open blockdev
[  395.815085][   T30] audit: type=1804 audit(1756541085.857:103): pid=14785 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=invalid_pcr cause=open_writers comm="syz.5.2691" name="rnullb0" dev="tmpfs" ino=2417 res=1 errno=0
[  395.977572][   T24] usb 7-1: new low-speed USB device number 39 using dummy_hcd
[  396.143258][   T24] usb 7-1: unable to get BOS descriptor or descriptor too short
[  396.152810][   T24] usb 7-1: unable to read config index 0 descriptor/start: -71
[  396.167433][   T24] usb 7-1: can't read configurations, error -71
[  396.572308][   T30] audit: type=1804 audit(1756541086.617:104): pid=14794 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=invalid_pcr cause=ToMToU comm="syz.5.2693" name="rnullb0" dev="tmpfs" ino=2417 res=1 errno=0
[  396.592241][    C1] vkms_vblank_simulate: vblank timer overrun
[  398.165838][T14843] /dev/rnullb0: Can't open blockdev
[  398.237388][   T10] usb 7-1: new high-speed USB device number 41 using dummy_hcd
[  398.418365][   T10] usb 7-1: Using ep0 maxpacket: 8
[  398.424702][   T10] usb 7-1: config index 0 descriptor too short (expected 301, got 45)
[  398.433355][   T10] usb 7-1: config 16 interface 0 altsetting 0 endpoint 0x5 has invalid wMaxPacketSize 0
[  398.443523][   T10] usb 7-1: config 16 interface 0 altsetting 0 bulk endpoint 0x5 has invalid maxpacket 0
[  398.460693][   T10] usb 7-1: config 16 interface 0 altsetting 0 bulk endpoint 0x8B has invalid maxpacket 32
[  398.471078][   T10] usb 7-1: config 16 interface 0 altsetting 0 has 2 endpoint descriptors, different from the interface descriptor's value: 3
[  398.485463][   T10] usb 7-1: New USB device found, idVendor=ee8d, idProduct=db1e, bcdDevice=61.23
[  398.494890][   T10] usb 7-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  398.716300][   T10] usb 7-1: usb_control_msg returned -32
[  398.729561][   T10] usbtmc 7-1:16.0: can't read capabilities
[  398.876042][   T30] audit: type=1804 audit(1756541088.917:105): pid=14876 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=invalid_pcr cause=ToMToU comm="syz.5.2714" name="rnullb0" dev="tmpfs" ino=2417 res=1 errno=0
[  399.266089][T14883] syzkaller1: entered promiscuous mode
[  399.275442][T14883] syzkaller1: entered allmulticast mode
[  401.077234][   T30] audit: type=1804 audit(1756541091.117:106): pid=14934 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=invalid_pcr cause=ToMToU comm="syz.5.2733" name="rnullb0" dev="tmpfs" ino=2417 res=1 errno=0
[  402.640501][   T24] usb 6-1: USB disconnect, device number 4
[  402.647421][T14895] usbtmc 6-1:16.0: usb_control_msg returned -71
[  402.705911][   T43] usb 7-1: USB disconnect, device number 41
[  402.741839][   T51] Bluetooth: hci1: unexpected cc 0x0c03 length: 249 > 1
[  402.749316][   T51] Bluetooth: hci1: unexpected cc 0x1003 length: 249 > 9
[  402.759975][   T51] Bluetooth: hci1: unexpected cc 0x1001 length: 249 > 9
[  402.768577][   T51] Bluetooth: hci1: unexpected cc 0x0c23 length: 249 > 4
[  402.776883][   T51] Bluetooth: hci1: unexpected cc 0x0c38 length: 249 > 2
[  402.806299][T14974] wlan1 speed is unknown, defaulting to 1000
[  402.985586][T14974] chnl_net:caif_netlink_parms(): no params data found
[  403.023237][T10187] bond0: (slave syz_tun): Releasing backup interface
[  403.053613][T14974] bridge0: port 1(bridge_slave_0) entered blocking state
[  403.062098][T14974] bridge0: port 1(bridge_slave_0) entered disabled state
[  403.071036][T14974] bridge_slave_0: entered allmulticast mode
[  403.079419][T14974] bridge_slave_0: entered promiscuous mode
[  403.088124][T14974] bridge0: port 2(bridge_slave_1) entered blocking state
[  403.095330][T14974] bridge0: port 2(bridge_slave_1) entered disabled state
[  403.104119][T14974] bridge_slave_1: entered allmulticast mode
[  403.111823][T14974] bridge_slave_1: entered promiscuous mode
[  403.143002][T14974] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link
[  403.154866][T14974] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link
[  403.181370][T14974] team0: Port device team_slave_0 added
[  403.189325][T14974] team0: Port device team_slave_1 added
[  403.195299][T14990] syzkaller1: entered promiscuous mode
[  403.201105][T14990] syzkaller1: entered allmulticast mode
[  403.222138][T14974] batman_adv: batadv0: Adding interface: batadv_slave_0
[  403.230203][T14974] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[  403.257150][T14974] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active
[  403.270674][T14974] batman_adv: batadv0: Adding interface: batadv_slave_1
[  403.278096][T14974] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[  403.304597][T14974] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active
[  403.332827][T14974] hsr_slave_0: entered promiscuous mode
[  403.339186][T14974] hsr_slave_1: entered promiscuous mode
[  403.345128][T14974] debugfs: 'hsr0' already exists in 'hsr'
[  403.350946][T14974] Cannot create hsr debugfs directory
[  403.408892][T14974] netdevsim netdevsim5 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  403.461898][T14974] netdevsim netdevsim5 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  403.512343][T14974] netdevsim netdevsim5 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  403.569271][T14974] netdevsim netdevsim5 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  403.650341][T14974] netdevsim netdevsim5 netdevsim0: renamed from eth0
[  403.661813][T14974] netdevsim netdevsim5 netdevsim1: renamed from eth1
[  403.671646][T14974] netdevsim netdevsim5 netdevsim2: renamed from eth2
[  403.683123][T14974] netdevsim netdevsim5 netdevsim3: renamed from eth3
[  403.714470][T14974] bridge0: port 2(bridge_slave_1) entered blocking state
[  403.721689][T14974] bridge0: port 2(bridge_slave_1) entered forwarding state
[  403.729119][T14974] bridge0: port 1(bridge_slave_0) entered blocking state
[  403.736233][T14974] bridge0: port 1(bridge_slave_0) entered forwarding state
[  403.794523][T14974] 8021q: adding VLAN 0 to HW filter on device bond0
[  403.815153][ T1111] bridge0: port 1(bridge_slave_0) entered disabled state
[  403.836364][ T1111] bridge0: port 2(bridge_slave_1) entered disabled state
[  403.852299][T14974] 8021q: adding VLAN 0 to HW filter on device team0
[  403.864269][   T12] bridge0: port 1(bridge_slave_0) entered blocking state
[  403.871437][   T12] bridge0: port 1(bridge_slave_0) entered forwarding state
[  403.884618][ T1111] bridge0: port 2(bridge_slave_1) entered blocking state
[  403.891809][ T1111] bridge0: port 2(bridge_slave_1) entered forwarding state
[  404.067398][ T3094] usb 7-1: new full-speed USB device number 42 using dummy_hcd
[  404.069470][T14974] 8021q: adding VLAN 0 to HW filter on device batadv0
[  404.228762][ T3094] usb 7-1: not running at top speed; connect to a high speed hub
[  404.240267][ T3094] usb 7-1: config 2 has 0 interfaces, different from the descriptor's value: 1
[  404.255060][ T3094] usb 7-1: New USB device found, idVendor=093a, idProduct=2601, bcdDevice=2c.d4
[  404.268922][ T3094] usb 7-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  404.321823][T14974] veth0_vlan: entered promiscuous mode
[  404.333278][T14974] veth1_vlan: entered promiscuous mode
[  404.366058][T14974] veth0_macvtap: entered promiscuous mode
[  404.376332][T14974] veth1_macvtap: entered promiscuous mode
[  404.400960][T14974] batman_adv: batadv0: Interface activated: batadv_slave_0
[  404.416714][T14974] batman_adv: batadv0: Interface activated: batadv_slave_1
[  404.433279][   T66] netdevsim netdevsim5 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0
[  404.452832][ T3094] usb 7-1: Product: syz
[  404.458549][ T3094] usb 7-1: Manufacturer: syz
[  404.463937][ T3094] usb 7-1: SerialNumber: syz
[  404.471018][   T66] netdevsim netdevsim5 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0
[  404.484543][   T66] netdevsim netdevsim5 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0
[  404.506787][   T66] netdevsim netdevsim5 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0
[  404.557581][T13167] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[  404.573137][T13167] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50
[  404.599198][   T12] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[  404.609559][   T12] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50
[  404.682291][T15007] bond0: (slave rose0): Error: Device is in use and cannot be enslaved
[  404.692882][T15007] raw_sendmsg: syz.6.2753 forgot to set AF_INET. Fix it!
[  404.841219][ T5864] Bluetooth: hci1: command tx timeout
[  405.215976][ T3094] usb 7-1: USB disconnect, device number 42
[  405.619406][T15050] syzkaller1: entered promiscuous mode
[  405.641979][T15050] syzkaller1: entered allmulticast mode
[  405.977393][   T43] usb 7-1: new high-speed USB device number 43 using dummy_hcd
[  406.137416][   T43] usb 7-1: Using ep0 maxpacket: 32
[  406.157114][   T43] usb 7-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7
[  406.177847][   T43] usb 7-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0
[  406.189778][   T43] usb 7-1: New USB device found, idVendor=1e7d, idProduct=2ced, bcdDevice= 0.00
[  406.205052][T15058] Invalid ELF header magic: != ELF
[  406.220655][   T43] usb 7-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  406.239384][   T43] usb 7-1: config 0 descriptor??
[  406.332016][T15066] /dev/rnullb0: Can't open blockdev
[  406.651571][   T43] kone 0003:1E7D:2CED.0012: collection stack underflow
[  406.672602][   T43] kone 0003:1E7D:2CED.0012: item 0 1 0 12 parsing failed
[  406.691180][   T43] kone 0003:1E7D:2CED.0012: parse failed
[  406.696915][   T43] kone 0003:1E7D:2CED.0012: probe with driver kone failed with error -22
[  406.724218][T15080] /dev/rnullb0: Can't open blockdev
[  406.823122][T15089] syzkaller1: entered promiscuous mode
[  406.830794][T15089] syzkaller1: entered allmulticast mode
[  406.853821][ T3094] usb 7-1: USB disconnect, device number 43
[  406.919918][ T5864] Bluetooth: hci1: command tx timeout
[  407.563261][T15095] /dev/rnullb0: Can't open blockdev
[  408.815987][T15133] vhci_hcd vhci_hcd.0: pdev(6) rhport(0) sockfd(3)
[  408.822545][T15133] vhci_hcd vhci_hcd.0: devid(0) speed(4) speed_str(wireless)
[  408.854239][T15133] vhci_hcd vhci_hcd.0: Device attached
[  408.884549][T15133] 9pnet: p9_errstr2errno: server reported unknown error �@c��������
[  408.952226][T15146] syzkaller1: entered promiscuous mode
[  408.952865][T15145] /dev/sg0: Can't lookup blockdev
[  408.967410][T15146] syzkaller1: entered allmulticast mode
[  408.999726][ T5864] Bluetooth: hci1: command tx timeout
[  409.027480][   T10] vhci_hcd: vhci_device speed not set
[  409.061177][T15134] vhci_hcd: connection closed
[  409.061432][T13167] vhci_hcd: stop threads
[  409.073898][T13167] vhci_hcd: release socket
[  409.083085][T13167] vhci_hcd: disconnect device
[  409.087995][   T10] usb 45-1: new full-speed USB device number 2 using vhci_hcd
[  409.103700][   T10] usb 45-1: enqueue for inactive port 0
[  409.164706][   T51] Bluetooth: hci2: unexpected cc 0x0c03 length: 249 > 1
[  409.174569][   T51] Bluetooth: hci2: unexpected cc 0x1003 length: 249 > 9
[  409.182081][   T51] Bluetooth: hci2: unexpected cc 0x1001 length: 249 > 9
[  409.189986][   T51] Bluetooth: hci2: unexpected cc 0x0c23 length: 249 > 4
[  409.199993][   T10] vhci_hcd: vhci_device speed not set
[  409.205467][   T51] Bluetooth: hci2: unexpected cc 0x0c38 length: 249 > 2
[  409.273298][T15151] wlan1 speed is unknown, defaulting to 1000
[  409.356979][T15162] /dev/rnullb0: Can't open blockdev
[  409.398591][T15151] chnl_net:caif_netlink_parms(): no params data found
[  409.458035][T15151] bridge0: port 1(bridge_slave_0) entered blocking state
[  409.465629][T15151] bridge0: port 1(bridge_slave_0) entered disabled state
[  409.473111][T15151] bridge_slave_0: entered allmulticast mode
[  409.480776][T15151] bridge_slave_0: entered promiscuous mode
[  409.489042][T15151] bridge0: port 2(bridge_slave_1) entered blocking state
[  409.496183][T15151] bridge0: port 2(bridge_slave_1) entered disabled state
[  409.503872][T15151] bridge_slave_1: entered allmulticast mode
[  409.510804][T15151] bridge_slave_1: entered promiscuous mode
[  409.542108][   T12] netdevsim netdevsim3 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  409.570127][T15151] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link
[  409.589727][T15151] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link
[  409.631746][T15151] team0: Port device team_slave_0 added
[  409.664262][T15151] team0: Port device team_slave_1 added
[  410.336446][   T12] netdevsim netdevsim3 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  410.391699][T15151] batman_adv: batadv0: Adding interface: batadv_slave_0
[  410.404816][T15151] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[  410.430930][    C1] vkms_vblank_simulate: vblank timer overrun
[  410.467266][T15151] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active
[  410.484595][T15151] batman_adv: batadv0: Adding interface: batadv_slave_1
[  410.495066][T15151] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[  410.523126][T15151] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active
[  410.547959][   T12] netdevsim netdevsim3 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  410.622171][T15151] hsr_slave_0: entered promiscuous mode
[  410.629950][T15198] /dev/rnullb0: Can't open blockdev
[  410.640365][T15151] hsr_slave_1: entered promiscuous mode
[  410.655827][T15151] debugfs: 'hsr0' already exists in 'hsr'
[  410.672475][T15151] Cannot create hsr debugfs directory
[  410.704437][   T12] netdevsim netdevsim3 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  410.731035][T15200] MTD: Attempt to mount non-MTD device "/dev/rnullb0"
[  410.755571][T15200] /dev/rnullb0: Can't open blockdev
[  410.912134][   T12] bridge_slave_1: left allmulticast mode
[  410.919365][   T12] bridge_slave_1: left promiscuous mode
[  410.925287][   T12] bridge0: port 2(bridge_slave_1) entered disabled state
[  410.934887][   T12] bridge_slave_0: left allmulticast mode
[  410.941697][   T12] bridge_slave_0: left promiscuous mode
[  410.947629][   T12] bridge0: port 1(bridge_slave_0) entered disabled state
[  411.077508][ T5864] Bluetooth: hci1: command tx timeout
[  411.103822][   T12] ������ (unregistering): (slave bond_slave_0): Releasing backup interface
[  411.120797][   T12] ������ (unregistering): (slave bond_slave_1): Releasing backup interface
[  411.133106][   T12] ������ (unregistering): Released all slaves
[  411.159038][T15212] syzkaller1: entered promiscuous mode
[  411.165145][T15212] syzkaller1: entered allmulticast mode
[  411.327483][ T5864] Bluetooth: hci2: command tx timeout
[  411.407383][   T10] usb 7-1: new high-speed USB device number 44 using dummy_hcd
[  411.479938][   T12] hsr_slave_0: left promiscuous mode
[  411.485664][   T12] hsr_slave_1: left promiscuous mode
[  411.491469][   T12] batman_adv: batadv0: Interface deactivated: batadv_slave_0
[  411.499021][   T12] batman_adv: batadv0: Removing interface: batadv_slave_0
[  411.506624][   T12] batman_adv: batadv0: Interface deactivated: batadv_slave_1
[  411.516485][   T12] batman_adv: batadv0: Removing interface: batadv_slave_1
[  411.526610][   T12] veth1_macvtap: left promiscuous mode
[  411.532401][   T12] veth0_macvtap: left promiscuous mode
[  411.538150][   T12] veth1_vlan: left promiscuous mode
[  411.543474][   T12] veth0_vlan: left promiscuous mode
[  411.567445][   T10] usb 7-1: Using ep0 maxpacket: 16
[  411.575668][   T10] usb 7-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config
[  411.591945][   T10] usb 7-1: config 0 interface 0 altsetting 0 bulk endpoint 0x82 has invalid maxpacket 16
[  411.604084][   T10] usb 7-1: config 0 interface 0 altsetting 0 endpoint 0x2 has invalid wMaxPacketSize 0
[  411.613855][   T10] usb 7-1: config 0 interface 0 altsetting 0 bulk endpoint 0x2 has invalid maxpacket 0
[  411.623840][   T10] usb 7-1: config 0 interface 0 altsetting 0 has 2 endpoint descriptors, different from the interface descriptor's value: 3
[  411.637863][   T10] usb 7-1: New USB device found, idVendor=2040, idProduct=b138, bcdDevice= 1.42
[  411.646935][   T10] usb 7-1: New USB device strings: Mfr=4, Product=0, SerialNumber=0
[  411.655074][   T10] usb 7-1: Manufacturer: syz
[  411.662567][   T10] usb 7-1: config 0 descriptor??
[  411.668312][T15227] raw-gadget.1 gadget.6: fail, usb_ep_enable returned -22
[  411.937354][   T10] rc_core: IR keymap rc-hauppauge not found
[  411.943327][   T10] Registered IR keymap rc-empty
[  411.965627][   T10] mceusb 7-1:0.0: Error: mce write submit urb error = -90
[  411.997428][   T10] mceusb 7-1:0.0: Error: mce write submit urb error = -90
[  412.458049][   T10] rc rc0: Conexant Hybrid TV (cx231xx) MCE IR no TX as /devices/platform/dummy_hcd.6/usb7/7-1/7-1:0.0/rc/rc0
[  412.474923][   T10] input: Conexant Hybrid TV (cx231xx) MCE IR no TX as /devices/platform/dummy_hcd.6/usb7/7-1/7-1:0.0/rc/rc0/input34
[  412.498896][   T10] mceusb 7-1:0.0: Error: mce write submit urb error = -90
[  412.522394][   T10] mceusb 7-1:0.0: Error: mce write submit urb error = -90
[  412.538188][T15151] netdevsim netdevsim3 netdevsim0: renamed from eth0
[  412.557461][   T10] mceusb 7-1:0.0: Error: mce write submit urb error = -90
[  412.583003][T15151] netdevsim netdevsim3 netdevsim1: renamed from eth1
[  412.594582][T15151] netdevsim netdevsim3 netdevsim2: renamed from eth2
[  412.596708][T15265] /dev/rnullb0: Can't open blockdev
[  412.610217][   T10] mceusb 7-1:0.0: Error: mce write submit urb error = -90
[  412.635277][T15151] netdevsim netdevsim3 netdevsim3: renamed from eth3
[  412.647705][   T10] mceusb 7-1:0.0: Error: mce write submit urb error = -90
[  412.667455][   T10] mceusb 7-1:0.0: Error: mce write submit urb error = -90
[  412.698726][   T10] mceusb 7-1:0.0: Error: mce write submit urb error = -90
[  412.717429][   T10] mceusb 7-1:0.0: Error: mce write submit urb error = -90
[  412.737716][   T10] mceusb 7-1:0.0: Error: mce write submit urb error = -90
[  412.758266][   T10] mceusb 7-1:0.0: Error: mce write submit urb error = -90
[  412.770884][T15151] 8021q: adding VLAN 0 to HW filter on device bond0
[  412.780536][   T10] mceusb 7-1:0.0: Registered  with mce emulator interface version 1
[  412.795050][   T10] mceusb 7-1:0.0: 2 tx ports (0x0 cabled) and 2 rx sensors (0x0 active)
[  412.806837][T15151] 8021q: adding VLAN 0 to HW filter on device team0
[  412.816683][   T10] usb 7-1: USB disconnect, device number 44
[  412.826401][ T1111] bridge0: port 1(bridge_slave_0) entered blocking state
[  412.833551][ T1111] bridge0: port 1(bridge_slave_0) entered forwarding state
[  412.856928][T15276] /dev/rnullb0: Can't open blockdev
[  412.887166][T15278] MTD: Attempt to mount non-MTD device "/dev/rnullb0"
[  412.896871][ T1111] bridge0: port 2(bridge_slave_1) entered blocking state
[  412.904088][ T1111] bridge0: port 2(bridge_slave_1) entered forwarding state
[  412.925019][T15278] /dev/rnullb0: Can't open blockdev
[  412.943533][T15280] syzkaller1: entered promiscuous mode
[  412.950093][T15280] syzkaller1: entered allmulticast mode
[  413.066675][T15289] overlayfs: upper fs does not support RENAME_WHITEOUT.
[  413.081825][T15289] overlayfs: failed to set xattr on upper
[  413.088727][T15289] overlayfs: ...falling back to redirect_dir=nofollow.
[  413.095796][T15289] overlayfs: ...falling back to index=off.
[  413.103861][T15289] overlayfs: ...falling back to uuid=null.
[  413.116210][T15289] overlayfs: overlay with incompat feature 'volatile' cannot be mounted
[  413.251253][T15151] 8021q: adding VLAN 0 to HW filter on device batadv0
[  413.300381][T15151] veth0_vlan: entered promiscuous mode
[  413.313673][T15151] veth1_vlan: entered promiscuous mode
[  413.351386][T15151] veth0_macvtap: entered promiscuous mode
[  413.366873][T15151] veth1_macvtap: entered promiscuous mode
[  413.392524][T15151] batman_adv: batadv0: Interface activated: batadv_slave_0
[  413.407468][ T5864] Bluetooth: hci2: command tx timeout
[  413.413655][T15151] batman_adv: batadv0: Interface activated: batadv_slave_1
[  413.430674][T13167] netdevsim netdevsim3 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0
[  413.452964][T13167] netdevsim netdevsim3 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0
[  413.476165][T13167] netdevsim netdevsim3 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0
[  413.500344][T13167] netdevsim netdevsim3 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0
[  413.526187][T13167] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[  413.554021][T13167] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50
[  413.579726][ T1060] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[  413.592918][ T1060] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50
[  413.626429][T15296] kvm: vcpu 0: requested lapic timer restore with starting count register 0x390=2142054965 (4284109930 ns) > initial count (2850433972 ns). Using initial count to start timer.
[  413.650029][T15296] /dev/rnullb0: Can't open blockdev
[  413.786105][T15303] input: syz0 as /devices/virtual/input/input35
[  413.815066][T15303] /dev/rnullb0: Can't open blockdev
[  414.142449][T15328] netlink: 12 bytes leftover after parsing attributes in process `syz.3.2833'.
[  414.236415][T15335] syzkaller1: entered promiscuous mode
[  414.244609][T15335] syzkaller1: entered allmulticast mode
[  414.258684][   T43] usb 7-1: new high-speed USB device number 45 using dummy_hcd
[  414.397601][   T43] usb 7-1: device descriptor read/64, error -71
[  414.641050][   T43] usb 7-1: new high-speed USB device number 46 using dummy_hcd
[  414.777659][   T43] usb 7-1: device descriptor read/64, error -71
[  414.887504][   T43] usb usb7-port1: attempt power cycle
[  415.227386][   T43] usb 7-1: new high-speed USB device number 47 using dummy_hcd
[  415.247849][   T43] usb 7-1: device descriptor read/8, error -71
[  415.487438][   T43] usb 7-1: new high-speed USB device number 48 using dummy_hcd
[  415.487669][ T5864] Bluetooth: hci2: command tx timeout
[  415.518925][   T43] usb 7-1: device descriptor read/8, error -71
[  415.629364][   T43] usb usb7-port1: unable to enumerate USB device
[  416.037396][  T951] Bluetooth: hci1: Opcode 0x0c1a failed: -110
[  416.037451][ T5864] Bluetooth: hci1: command 0x0c1a tx timeout
[  416.043541][  T951] Bluetooth: hci1: Error when powering off device on rfkill (-110)
[  416.245404][T15445] IPVS: sync thread started: state = BACKUP, mcast_ifn = macvlan1, syncid = 2, id = 0
[  416.311833][T15444] netlink: 32 bytes leftover after parsing attributes in process `syz.7.2837'.
[  416.851060][T15448] /dev/rnullb0: Can't open blockdev
[  416.909383][T15452] openvswitch: netlink: Missing key (keys=40, expected=200000)
[  417.013493][T15459] netlink: 12 bytes leftover after parsing attributes in process `syz.7.2842'.
[  417.078272][T15465] QAT: Invalid ioctl 1342215183
[  417.557506][ T5864] Bluetooth: hci2: command tx timeout
[  418.117682][  T951] Bluetooth: hci2: Opcode 0x0c1a failed: -110
[  418.123803][  T951] Bluetooth: hci2: Error when powering off device on rfkill (-110)
[  418.186075][T15474] /dev/rnullb0: Can't open blockdev
[  418.490245][ T5860] usb 7-1: new full-speed USB device number 49 using dummy_hcd
[  418.507939][T15487] comedi comedi3: 8255: I/O port conflict (0x5,4)
[  418.514402][T15487] comedi comedi3: 8255: I/O port conflict (0x2,4)
[  418.531016][T15487] comedi comedi3: 8255: I/O port conflict (0xdb,4)
[  418.537801][T15487] comedi comedi3: 8255: I/O port conflict (0x5c952399,4)
[  418.544882][T15487] comedi comedi3: 8255: I/O port conflict (0x5,4)
[  418.552627][T15487] comedi comedi3: 8255: I/O port conflict (0xffffffff800003ff,4)
[  418.562785][T15487] comedi comedi3: 8255: I/O port conflict (0x1,4)
[  418.700406][ T5860] usb 7-1: config 0 has 0 interfaces, different from the descriptor's value: 1
[  418.713411][ T5860] usb 7-1: New USB device found, idVendor=09c0, idProduct=0203, bcdDevice=d3.43
[  418.727347][ T5860] usb 7-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  418.737448][ T5860] usb 7-1: config 0 descriptor??
[  419.022145][T15498] netlink: 12 bytes leftover after parsing attributes in process `syz.7.2853'.
[  419.060671][   T10] usb 7-1: USB disconnect, device number 49
[  419.228297][T15506] MTD: Attempt to mount non-MTD device "/dev/rnullb0"
[  419.235277][T15506] /dev/rnullb0: Can't open blockdev
[  419.352260][T15518] syzkaller1: entered promiscuous mode
[  419.358333][T15518] syzkaller1: entered allmulticast mode
[  419.561481][    C1] ------------[ cut here ]------------
[  419.566998][    C1] WARNING: ./include/linux/skbuff.h:1165 at nf_send_unreach6+0x828/0xa20, CPU#1: kworker/1:2/951
[  419.577589][    C1] Modules linked in:
[  419.581507][    C1] CPU: 1 UID: 0 PID: 951 Comm: kworker/1:2 Not tainted syzkaller #0 PREEMPT(full) 
[  419.590853][    C1] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 07/12/2025
[  419.600958][    C1] Workqueue: wg-crypt-wg0 wg_packet_tx_worker
[  419.607085][    C1] RIP: 0010:nf_send_unreach6+0x828/0xa20
[  419.612815][    C1] Code: 85 f6 74 0a e8 39 1b 6f f7 e9 c8 fc ff ff e8 2f 1b 6f f7 4c 8b 7c 24 18 e9 34 fa ff ff e8 20 1b 6f f7 eb 9b e8 19 1b 6f f7 90 <0f> 0b 90 e9 c7 fb ff ff 48 85 db 0f 84 81 00 00 00 4c 8d a4 24 20
[  419.632489][    C1] RSP: 0018:ffffc90000a083c0 EFLAGS: 00010246
[  419.638643][    C1] RAX: ffffffff8a51b3b7 RBX: ffff88805dea4640 RCX: ffff888025d79e00
[  419.646623][    C1] RDX: 0000000000000100 RSI: 0000000000000000 RDI: 0000000000000000
[  419.654710][    C1] RBP: ffffc90000a08568 R08: ffff88802f9a1543 R09: 1ffff11005f342a8
[  419.662743][    C1] R10: dffffc0000000000 R11: ffffed1005f342a9 R12: ffff88802ef1e101
[  419.670768][    C1] R13: dffffc0000000001 R14: 1ffff1100bbd48d3 R15: 0000000000000000
[  419.678782][    C1] FS:  0000000000000000(0000) GS:ffff8881258c4000(0000) knlGS:0000000000000000
[  419.687773][    C1] CS:  0010 DS: 0000 ES: 0000 CR0: 0000000080050033
[  419.694406][    C1] CR2: 0000000000000000 CR3: 000000007f764000 CR4: 00000000003526f0
[  419.702436][    C1] Call Trace:
[  419.705749][    C1]  <IRQ>
[  419.708638][    C1]  ? __pfx_nf_send_unreach6+0x10/0x10
[  419.714040][    C1]  ? psi_group_change+0xab8/0x1050
[  419.719213][    C1]  ? rcu_is_watching+0x15/0xb0
[  419.724019][    C1]  ? lock_release+0x4b/0x3e0
[  419.728896][    C1]  nft_reject_inet_eval+0x441/0x690
[  419.734127][    C1]  nft_do_chain+0x40c/0x1920
[  419.738779][    C1]  ? rcu_is_watching+0x15/0xb0
[  419.743566][    C1]  ? __pfx_nft_do_chain+0x10/0x10
[  419.748640][    C1]  ? ipv6_find_hdr+0xc78/0x1050
[  419.753522][    C1]  ? get_stack_info_noinstr+0x1b/0x130
[  419.759055][    C1]  ? deref_stack_reg+0x19f/0x230
[  419.764115][    C1]  ? unwind_next_frame+0xa5/0x2390
[  419.769292][    C1]  nft_do_chain_inet+0x25d/0x340
[  419.774279][    C1]  ? __pfx_nft_do_chain_inet+0x10/0x10
[  419.779786][    C1]  ? NF_HOOK+0x9a/0x3a0
[  419.783961][    C1]  ? rcu_is_watching+0x15/0xb0
[  419.788798][    C1]  ? lock_acquire+0x5f/0x360
[  419.793407][    C1]  ? ip_sabotage_in+0x57/0x270
[  419.798224][    C1]  ? __pfx_nft_do_chain_inet+0x10/0x10
[  419.803703][    C1]  nf_hook_slow+0xc5/0x220
[  419.808195][    C1]  NF_HOOK+0x206/0x3a0
[  419.812282][    C1]  ? skb_orphan+0xaf/0xd0
[  419.816616][    C1]  ? __pfx_ip6_rcv_finish+0x10/0x10
[  419.821868][    C1]  ? NF_HOOK+0x9a/0x3a0
[  419.826047][    C1]  ? __pfx_NF_HOOK+0x10/0x10
[  419.830701][    C1]  ? __pfx_ip6_rcv_finish+0x10/0x10
[  419.835925][    C1]  __netif_receive_skb+0xd3/0x380
[  419.841013][    C1]  ? process_backlog+0x2d5/0x14f0
[  419.846068][    C1]  process_backlog+0x60e/0x14f0
[  419.850985][    C1]  ? __pfx_process_backlog+0x10/0x10
[  419.856310][    C1]  ? rcu_is_watching+0x15/0xb0
[  419.861128][    C1]  ? rcu_is_watching+0x15/0xb0
[  419.865911][    C1]  __napi_poll+0xc4/0x360
[  419.870287][    C1]  ? rcu_is_watching+0x15/0xb0
[  419.875093][    C1]  net_rx_action+0x707/0xe30
[  419.879745][    C1]  ? __pfx_net_rx_action+0x10/0x10
[  419.884878][    C1]  ? kvm_sched_clock_read+0x11/0x20
[  419.890236][    C1]  ? __pfx_sched_clock_cpu+0x10/0x10
[  419.895557][    C1]  handle_softirqs+0x283/0x870
[  419.900371][    C1]  ? do_softirq+0xec/0x180
[  419.904807][    C1]  ? __pfx_handle_softirqs+0x10/0x10
[  419.910152][    C1]  ? wg_socket_send_skb_to_peer+0x16b/0x1d0
[  419.916066][    C1]  do_softirq+0xec/0x180
[  419.920362][    C1]  </IRQ>
[  419.923322][    C1]  <TASK>
[  419.926258][    C1]  ? __pfx_do_softirq+0x10/0x10
[  419.931164][    C1]  ? rcu_is_watching+0x15/0xb0
[  419.935969][    C1]  __local_bh_enable_ip+0x17d/0x1c0
[  419.941221][    C1]  ? __pfx___local_bh_enable_ip+0x10/0x10
[  419.946964][    C1]  ? do_raw_read_unlock+0x3d/0x80
[  419.952041][    C1]  wg_socket_send_skb_to_peer+0x16b/0x1d0
[  419.957821][    C1]  wg_packet_tx_worker+0x1c8/0x7c0
[  419.962958][    C1]  ? rcu_is_watching+0x15/0xb0
[  419.967775][    C1]  ? process_scheduled_works+0x9ef/0x17b0
[  419.973536][    C1]  process_scheduled_works+0xae1/0x17b0
[  419.979143][    C1]  ? __pfx_process_scheduled_works+0x10/0x10
[  419.985151][    C1]  worker_thread+0x8a0/0xda0
[  419.989817][    C1]  ? __pfx__raw_spin_unlock_irqrestore+0x10/0x10
[  419.997153][    C1]  ? _raw_spin_unlock_irqrestore+0xad/0x110
[  420.003114][    C1]  ? __kthread_parkme+0x7b/0x200
[  420.008124][    C1]  kthread+0x711/0x8a0
[  420.012222][    C1]  ? __pfx_worker_thread+0x10/0x10
[  420.017386][    C1]  ? __pfx_kthread+0x10/0x10
[  420.022107][    C1]  ? rcu_is_watching+0x15/0xb0
[  420.027080][    C1]  ? __pfx_kthread+0x10/0x10
[  420.031781][    C1]  ret_from_fork+0x47c/0x820
[  420.036395][    C1]  ? __pfx_ret_from_fork+0x10/0x10
[  420.041710][    C1]  ? __switch_to_asm+0x39/0x70
[  420.046515][    C1]  ? __switch_to_asm+0x33/0x70
[  420.051338][    C1]  ? __pfx_kthread+0x10/0x10
[  420.055981][    C1]  ret_from_fork_asm+0x1a/0x30
[  420.060805][    C1]  </TASK>
[  420.063860][    C1] Kernel panic - not syncing: kernel: panic_on_warn set ...
[  420.071133][    C1] CPU: 1 UID: 0 PID: 951 Comm: kworker/1:2 Not tainted syzkaller #0 PREEMPT(full) 
[  420.080408][    C1] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 07/12/2025
[  420.090467][    C1] Workqueue: wg-crypt-wg0 wg_packet_tx_worker
[  420.096527][    C1] Call Trace:
[  420.099789][    C1]  <IRQ>
[  420.102621][    C1]  dump_stack_lvl+0x99/0x250
[  420.107203][    C1]  ? __asan_memcpy+0x40/0x70
[  420.111834][    C1]  ? __pfx_dump_stack_lvl+0x10/0x10
[  420.117022][    C1]  ? __pfx__printk+0x10/0x10
[  420.121617][    C1]  vpanic+0x281/0x750
[  420.125587][    C1]  ? __pfx_vpanic+0x10/0x10
[  420.130085][    C1]  ? is_bpf_text_address+0x292/0x2b0
[  420.135355][    C1]  ? is_bpf_text_address+0x26/0x2b0
[  420.140538][    C1]  panic+0xb9/0xc0
[  420.144245][    C1]  ? __pfx_panic+0x10/0x10
[  420.148649][    C1]  ? ret_from_fork_asm+0x1a/0x30
[  420.153685][    C1]  __warn+0x334/0x4c0
[  420.157675][    C1]  ? nf_send_unreach6+0x828/0xa20
[  420.162699][    C1]  ? nf_send_unreach6+0x828/0xa20
[  420.167717][    C1]  report_bug+0x2be/0x4f0
[  420.172037][    C1]  ? nf_send_unreach6+0x828/0xa20
[  420.177082][    C1]  ? nf_send_unreach6+0x828/0xa20
[  420.182114][    C1]  ? nf_send_unreach6+0x82a/0xa20
[  420.187134][    C1]  handle_bug+0x84/0x160
[  420.191381][    C1]  exc_invalid_op+0x1a/0x50
[  420.195870][    C1]  asm_exc_invalid_op+0x1a/0x20
[  420.200706][    C1] RIP: 0010:nf_send_unreach6+0x828/0xa20
[  420.206328][    C1] Code: 85 f6 74 0a e8 39 1b 6f f7 e9 c8 fc ff ff e8 2f 1b 6f f7 4c 8b 7c 24 18 e9 34 fa ff ff e8 20 1b 6f f7 eb 9b e8 19 1b 6f f7 90 <0f> 0b 90 e9 c7 fb ff ff 48 85 db 0f 84 81 00 00 00 4c 8d a4 24 20
[  420.225922][    C1] RSP: 0018:ffffc90000a083c0 EFLAGS: 00010246
[  420.231982][    C1] RAX: ffffffff8a51b3b7 RBX: ffff88805dea4640 RCX: ffff888025d79e00
[  420.239942][    C1] RDX: 0000000000000100 RSI: 0000000000000000 RDI: 0000000000000000
[  420.247903][    C1] RBP: ffffc90000a08568 R08: ffff88802f9a1543 R09: 1ffff11005f342a8
[  420.255866][    C1] R10: dffffc0000000000 R11: ffffed1005f342a9 R12: ffff88802ef1e101
[  420.263823][    C1] R13: dffffc0000000001 R14: 1ffff1100bbd48d3 R15: 0000000000000000
[  420.271782][    C1]  ? nf_send_unreach6+0x827/0xa20
[  420.276807][    C1]  ? __pfx_nf_send_unreach6+0x10/0x10
[  420.282167][    C1]  ? psi_group_change+0xab8/0x1050
[  420.287264][    C1]  ? rcu_is_watching+0x15/0xb0
[  420.292019][    C1]  ? lock_release+0x4b/0x3e0
[  420.296593][    C1]  nft_reject_inet_eval+0x441/0x690
[  420.301785][    C1]  nft_do_chain+0x40c/0x1920
[  420.306359][    C1]  ? rcu_is_watching+0x15/0xb0
[  420.311107][    C1]  ? __pfx_nft_do_chain+0x10/0x10
[  420.316111][    C1]  ? ipv6_find_hdr+0xc78/0x1050
[  420.321045][    C1]  ? get_stack_info_noinstr+0x1b/0x130
[  420.326494][    C1]  ? deref_stack_reg+0x19f/0x230
[  420.331422][    C1]  ? unwind_next_frame+0xa5/0x2390
[  420.336520][    C1]  nft_do_chain_inet+0x25d/0x340
[  420.341442][    C1]  ? __pfx_nft_do_chain_inet+0x10/0x10
[  420.346914][    C1]  ? NF_HOOK+0x9a/0x3a0
[  420.351061][    C1]  ? rcu_is_watching+0x15/0xb0
[  420.355810][    C1]  ? lock_acquire+0x5f/0x360
[  420.360384][    C1]  ? ip_sabotage_in+0x57/0x270
[  420.365138][    C1]  ? __pfx_nft_do_chain_inet+0x10/0x10
[  420.370581][    C1]  nf_hook_slow+0xc5/0x220
[  420.374991][    C1]  NF_HOOK+0x206/0x3a0
[  420.379059][    C1]  ? skb_orphan+0xaf/0xd0
[  420.383469][    C1]  ? __pfx_ip6_rcv_finish+0x10/0x10
[  420.388653][    C1]  ? NF_HOOK+0x9a/0x3a0
[  420.392797][    C1]  ? __pfx_NF_HOOK+0x10/0x10
[  420.397382][    C1]  ? __pfx_ip6_rcv_finish+0x10/0x10
[  420.402569][    C1]  __netif_receive_skb+0xd3/0x380
[  420.407582][    C1]  ? process_backlog+0x2d5/0x14f0
[  420.412598][    C1]  process_backlog+0x60e/0x14f0
[  420.417442][    C1]  ? __pfx_process_backlog+0x10/0x10
[  420.422712][    C1]  ? rcu_is_watching+0x15/0xb0
[  420.427469][    C1]  ? rcu_is_watching+0x15/0xb0
[  420.432234][    C1]  __napi_poll+0xc4/0x360
[  420.436578][    C1]  ? rcu_is_watching+0x15/0xb0
[  420.441432][    C1]  net_rx_action+0x707/0xe30
[  420.446032][    C1]  ? __pfx_net_rx_action+0x10/0x10
[  420.451135][    C1]  ? kvm_sched_clock_read+0x11/0x20
[  420.456349][    C1]  ? __pfx_sched_clock_cpu+0x10/0x10
[  420.461667][    C1]  handle_softirqs+0x283/0x870
[  420.466425][    C1]  ? do_softirq+0xec/0x180
[  420.470829][    C1]  ? __pfx_handle_softirqs+0x10/0x10
[  420.476208][    C1]  ? wg_socket_send_skb_to_peer+0x16b/0x1d0
[  420.482175][    C1]  do_softirq+0xec/0x180
[  420.486413][    C1]  </IRQ>
[  420.489340][    C1]  <TASK>
[  420.492271][    C1]  ? __pfx_do_softirq+0x10/0x10
[  420.497125][    C1]  ? rcu_is_watching+0x15/0xb0
[  420.501892][    C1]  __local_bh_enable_ip+0x17d/0x1c0
[  420.507083][    C1]  ? __pfx___local_bh_enable_ip+0x10/0x10
[  420.512796][    C1]  ? do_raw_read_unlock+0x3d/0x80
[  420.517814][    C1]  wg_socket_send_skb_to_peer+0x16b/0x1d0
[  420.523577][    C1]  wg_packet_tx_worker+0x1c8/0x7c0
[  420.528688][    C1]  ? rcu_is_watching+0x15/0xb0
[  420.533440][    C1]  ? process_scheduled_works+0x9ef/0x17b0
[  420.539145][    C1]  process_scheduled_works+0xae1/0x17b0
[  420.544697][    C1]  ? __pfx_process_scheduled_works+0x10/0x10
[  420.550756][    C1]  worker_thread+0x8a0/0xda0
[  420.555423][    C1]  ? __pfx__raw_spin_unlock_irqrestore+0x10/0x10
[  420.561743][    C1]  ? _raw_spin_unlock_irqrestore+0xad/0x110
[  420.567645][    C1]  ? __kthread_parkme+0x7b/0x200
[  420.572584][    C1]  kthread+0x711/0x8a0
[  420.576733][    C1]  ? __pfx_worker_thread+0x10/0x10
[  420.581829][    C1]  ? __pfx_kthread+0x10/0x10
[  420.586408][    C1]  ? rcu_is_watching+0x15/0xb0
[  420.591158][    C1]  ? __pfx_kthread+0x10/0x10
[  420.595737][    C1]  ret_from_fork+0x47c/0x820
[  420.600317][    C1]  ? __pfx_ret_from_fork+0x10/0x10
[  420.605417][    C1]  ? __switch_to_asm+0x39/0x70
[  420.610427][    C1]  ? __switch_to_asm+0x33/0x70
[  420.615200][    C1]  ? __pfx_kthread+0x10/0x10
[  420.619782][    C1]  ret_from_fork_asm+0x1a/0x30
[  420.624538][    C1]  </TASK>
[  420.627725][    C1] Kernel Offset: disabled
[  420.632032][    C1] Rebooting in 86400 seconds..