last executing test programs:

13m32.491327571s ago: executing program 2 (id=1044):
r0 = syz_open_dev$evdev(&(0x7f0000000040), 0x0, 0x0)
syz_usb_disconnect(r0)
syz_usb_connect$cdc_ncm(0x5, 0x6e, &(0x7f0000000080)={{0x12, 0x1, 0x250, 0x2, 0x0, 0x0, 0x40, 0x525, 0xa4a1, 0x40, 0x1, 0x2, 0x3, 0x1, [{{0x9, 0x2, 0x5c, 0x2, 0x1, 0x11, 0xf0, 0x5, {{0x9, 0x4, 0x0, 0x0, 0x1, 0x2, 0xd, 0x0, 0x0, {{0x5}, {0x5, 0x24, 0x0, 0xdf}, {0xd, 0x24, 0xf, 0x1, 0x1, 0x0, 0x3, 0x3}, {0x6, 0x24, 0x1a, 0x401, 0x29}}, {{0x9, 0x5, 0x81, 0x3, 0x3ff, 0x6, 0x8, 0x5}}}, {}, {0x9, 0x4, 0x1, 0x1, 0x2, 0x2, 0xd, 0x0, 0x0, "", {{{0x9, 0x5, 0x82, 0x2, 0x200, 0x1d, 0x2, 0x2}}, {{0x9, 0x5, 0x3, 0x2, 0x8, 0x26, 0x0, 0x7}}}}}}}]}}, 0x0)
ioctl$EVIOCRMFF(r0, 0x41015500, 0x0)

13m30.975724071s ago: executing program 2 (id=1051):
ioctl$vim2m_VIDIOC_ENUM_FRAMESIZES(0xffffffffffffffff, 0xc02c564a, &(0x7f0000000080)={0x2, 0x32314742, 0x2, @discrete={0x7, 0xbe78}})
pipe2(0x0, 0x0)
r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000840), 0x0, 0x0)
r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0)
r2 = add_key(&(0x7f0000000000)='keyring\x00', 0x0, 0x0, 0x0, 0xfffffffffffffffd)
r3 = bpf$MAP_CREATE(0x0, &(0x7f0000000100)=@base={0x1, 0x100004, 0xffff, 0xb, 0x1, 0x1}, 0x50)
bpf$MAP_UPDATE_BATCH(0x1a, &(0x7f00000009c0)={0x0, 0x0, &(0x7f0000000300), &(0x7f0000000200), 0x2, r3}, 0x38)
bpf$BPF_MAP_LOOKUP_AND_DELETE_BATCH(0x19, &(0x7f0000000080)={0x0, &(0x7f00000001c0)=""/40, &(0x7f00000001c0), &(0x7f0000000200), 0x1, r3}, 0x38)
io_uring_register$IORING_REGISTER_CLOCK(0xffffffffffffffff, 0x1d, &(0x7f0000000000)={0x1}, 0x0)
openat$binderfs(0xffffffffffffff9c, &(0x7f0000000380)='./binderfs/binder0\x00', 0x0, 0x0)
syz_init_net_socket$bt_l2cap(0x1f, 0x2, 0x0)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x1, 0x0)
prlimit64(0x0, 0xe, &(0x7f0000000380)={0x8, 0x100008b}, 0x0)
sched_setscheduler(0x0, 0x1, &(0x7f0000000200)=0x5)
openat$sequencer(0xffffffffffffff9c, &(0x7f0000000300), 0x80200, 0x0)
r4 = syz_open_dev$sndmidi(&(0x7f00000004c0), 0x2, 0x141102)
writev(r4, &(0x7f0000000840)=[{&(0x7f00000002c0)="94", 0xf000}, {0x0}], 0x2)
bpf$BPF_PROG_TEST_RUN(0xa, &(0x7f00000003c0)={0xffffffffffffffff, 0x0, 0x0, 0x0, &(0x7f0000000340), 0x0, 0x6, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x4c)
recvmmsg(0xffffffffffffffff, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
openat$6lowpan_control(0xffffffffffffff9c, 0x0, 0x2, 0x0)
openat$cuse(0xffffff9c, 0x0, 0x2, 0x0)
syz_80211_join_ibss(&(0x7f0000000140)='wlan1\x00', &(0x7f0000000180)=@default_ibss_ssid, 0x6, 0x0)
sendmsg$nl_route_sched(0xffffffffffffffff, &(0x7f0000000000)={0x0, 0x0, &(0x7f00000002c0)={&(0x7f00000017c0)=@newtaction={0x14, 0x30, 0x25}, 0x14}}, 0x0)
r5 = openat$nullb(0xffffffffffffff9c, &(0x7f0000000100), 0x1c3902, 0x0)
sendfile(r5, r5, 0x0, 0x200900)
keyctl$KEYCTL_WATCH_KEY(0x20, r2, 0xffffffffffffffff, 0x0)
ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0)

13m26.831157683s ago: executing program 2 (id=1059):
r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000180), 0x0, 0x0)
r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0)
ioctl$KVM_CREATE_IRQCHIP(r1, 0xae60)
prlimit64(0x0, 0xe, &(0x7f00000007c0)={0x8, 0x88}, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000080)=0x8)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
openat$sequencer(0xffffffffffffff9c, &(0x7f0000000300), 0x0, 0x0)
ioctl$SNDCTL_SEQ_TESTMIDI(0xffffffffffffffff, 0x40045108, &(0x7f0000000180)=0x9)
r2 = syz_open_dev$sndmidi(&(0x7f00000004c0), 0x2, 0x141102)
writev(r2, &(0x7f0000000840)=[{&(0x7f00000002c0)="94", 0xf000}, {0x0}], 0x2)
r3 = syz_open_dev$dri(&(0x7f0000000000), 0x0, 0x0)
r4 = syz_open_dev$dri(&(0x7f00000008c0), 0xd21, 0x0)
ioctl$DRM_IOCTL_MODE_GETRESOURCES(r4, 0xc04064a0, &(0x7f00000001c0)={0x0, &(0x7f00000000c0)=[<r5=>0x0], 0x0, 0x0, 0x0, 0x1})
ioctl$DRM_IOCTL_MODE_GETCRTC(r4, 0xc06864a1, &(0x7f0000000d40)={0x0, 0x0, r5, <r6=>0x0})
ioctl$DRM_IOCTL_MODE_GETFB2(r4, 0xc06864ce, &(0x7f0000000340)={r6, 0x0, 0x0, 0x0, 0x1, [], [0x0, 0x7], [0x0, 0x80000002, 0x2], [0x0, 0x0, 0x1, 0x1]})
bind$inet6(0xffffffffffffffff, 0x0, 0x0)
ioctl$DRM_IOCTL_MODE_CREATE_DUMB(r3, 0xc02064b2, &(0x7f0000000140)={0x3ff, 0x2, 0x806})
ioctl$DRM_IOCTL_PRIME_HANDLE_TO_FD(r3, 0xc00c642d, 0x0)
close_range(r2, 0xffffffffffffffff, 0x0)
setsockopt$inet_tcp_TCP_CONGESTION(0xffffffffffffffff, 0x6, 0xd, &(0x7f0000000040)='htcp', 0x4)
write$P9_RSTATu(0xffffffffffffffff, 0x0, 0x92)
sendto$inet(0xffffffffffffffff, 0x0, 0x0, 0x200007fd, &(0x7f0000e68000)={0x2, 0x4e23, @local}, 0x10)
unlink(0x0)
r7 = socket$nl_route(0x10, 0x3, 0x0)
sendmsg$nl_route(r7, &(0x7f00000001c0)={0x0, 0x0, 0x0}, 0x0)
ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0)

13m24.325776158s ago: executing program 2 (id=1061):
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0)
sendmmsg$unix(0xffffffffffffffff, 0x0, 0x0, 0x0)
sched_setaffinity(0x0, 0x8, &(0x7f0000000240)=0x2)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
r0 = syz_open_dev$MSR(&(0x7f0000000100), 0x0, 0x0)
read$msr(r0, &(0x7f0000032680)=""/102400, 0x19000)
r1 = openat$ptmx(0xffffffffffffff9c, &(0x7f0000000080), 0x60081, 0x0)
ioctl$TIOCSETD(r1, 0x5423, &(0x7f0000000000)=0x15)
ioctl$TIOCSETD(r1, 0x5423, 0x0)

13m22.751880791s ago: executing program 2 (id=1066):
r0 = seccomp$SECCOMP_SET_MODE_FILTER_LISTENER(0x1, 0x0, &(0x7f0000000040)={0x1, &(0x7f0000000000)=[{0x6, 0x0, 0x0, 0x7fff7ffc}]})
openat$kvm(0xffffffffffffff9c, 0x0, 0x0, 0x0)
sendmsg$nl_route_sched(0xffffffffffffffff, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000000040)={&(0x7f00000000c0)=@newtaction={0xa4, 0x30, 0x1, 0x70bd2b, 0x0, {}, [{0x90, 0x1, [@m_ct={0x44, 0x2, 0x0, 0x0, {{0x7}, {0x1c, 0x2, 0x0, 0x1, [@TCA_CT_PARMS={0x18, 0x1, {0x9d, 0x11e41e7b, 0x20000000, 0x0, 0xf}}]}, {0x4}, {0xc, 0x7, {0x0, 0x1}}, {0xc, 0x8, {0x0, 0x1}}}}, @m_ife={0x48, 0x1, 0x0, 0x0, {{0x8}, {0x20, 0x2, 0x0, 0x1, [@TCA_IFE_PARMS={0x1c}]}, {0x4}, {0xc}, {0xc}}}]}]}, 0xa4}, 0x1, 0x0, 0x0, 0x804}, 0x0)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0)
sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x7)
r1 = getpid()
write$cgroup_int(0xffffffffffffffff, &(0x7f0000000180)=0x3, 0x12)
sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2)
sched_setscheduler(r1, 0x2, &(0x7f0000000200)=0x6)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeef, 0x8031, 0xffffffffffffffff, 0x0)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000380)={<r2=>0xffffffffffffffff, <r3=>0xffffffffffffffff})
setsockopt$inet_int(0xffffffffffffffff, 0x0, 0x32, 0x0, 0x0)
connect$unix(r2, &(0x7f000057eff8)=@file={0x0, './file0\x00'}, 0x6e)
sendmmsg$unix(r3, &(0x7f0000000000), 0x400000000000041, 0x0)
sched_setaffinity(r1, 0x8, &(0x7f0000000240)=0x2)
recvmmsg(r2, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
r4 = syz_open_dev$dri(&(0x7f0000000140), 0x1, 0x0)
r5 = syz_open_dev$dri(&(0x7f0000000040), 0x20000000, 0x40800)
ioctl$DRM_IOCTL_MODE_GETRESOURCES(r5, 0xc04064a0, &(0x7f0000000000)={0x0, &(0x7f00000001c0)=[<r6=>0x0], 0x0, 0x0, 0x0, 0x1})
ioctl$DRM_IOCTL_MODE_GETCRTC(r5, 0xc06864a1, &(0x7f0000000240)={0x0, 0x0, r6, <r7=>0x0})
ioctl$DRM_IOCTL_MODE_GETFB2(r5, 0xc06864ce, &(0x7f0000000380)={r7, 0x0, 0x1ff, 0x4, 0x0, [<r8=>0x0], [0x9, 0x0, 0x0, 0x8], [0x3, 0x20000000, 0x100, 0xd], [0x1000010000000, 0x0, 0x7fffffffffffffff, 0xfffffffffffffffe]})
ioctl$DRM_IOCTL_PRIME_HANDLE_TO_FD(r5, 0xc00c642d, &(0x7f0000000080)={r8})
ioctl$DRM_IOCTL_PRIME_FD_TO_HANDLE(r4, 0xc00c642e, 0x0)
close_range(r0, 0xffffffffffffffff, 0x0)
r9 = socket$inet6(0xa, 0x80001, 0x0)
add_key$user(&(0x7f00000003c0), 0x0, &(0x7f00000000c0), 0x0, 0xfffffffffffffffd)
setsockopt$inet6_group_source_req(r9, 0x29, 0x2f, &(0x7f0000000240)={0x0, {{0xa, 0x0, 0x0, @mcast1, 0xfffffffe}}, {{0xa, 0x4e21, 0x0, @ipv4={'\x00', '\xff\xff', @multicast1}, 0x100b}}}, 0x108)

13m21.624694055s ago: executing program 2 (id=1067):
r0 = openat$tun(0xffffffffffffff9c, &(0x7f0000000080), 0x0, 0x0)
r1 = openat$tun(0xffffffffffffff9c, &(0x7f0000000240), 0x0, 0x0)
ioctl$TUNSETIFF(r1, 0x400454ca, &(0x7f0000000040)={'syzkaller0\x00', 0x7101})
close(r0)
socketpair$unix(0x1, 0x5, 0x0, &(0x7f0000000500))
ioctl$SIOCSIFHWADDR(r0, 0x8914, &(0x7f0000002280)={'syzkaller0\x00', @multicast})
r2 = openat$tun(0xffffffffffffff9c, &(0x7f0000000240), 0x1c1842, 0x0)
r3 = socket$alg(0x26, 0x5, 0x0)
bind$alg(r3, &(0x7f0000000000)={0x26, 'aead\x00', 0x0, 0x0, 'aegis128-generic\x00'}, 0x58)
setsockopt$ALG_SET_KEY(r3, 0x117, 0x1, &(0x7f0000000140)="2c385aa3d49100dc6626c892b6bc436a", 0x10)
r4 = accept4(r3, 0x0, 0x0, 0x0)
sendmsg$nl_route_sched_retired(r4, &(0x7f00000002c0)={0x0, 0x0, &(0x7f0000000280)={&(0x7f0000012100), 0xe078}}, 0x0)
recvmmsg(r4, &(0x7f0000000180)=[{{0x0, 0x0, 0x0}}, {{0x0, 0x0, &(0x7f0000000200)=[{&(0x7f0000000500)=""/229, 0xd058}], 0x1}}], 0x2, 0x60, 0x0)
bind$alg(r4, &(0x7f0000000100)={0x26, 'hash\x00', 0x0, 0x0, 'sha256-avx2\x00'}, 0x58)
ioctl$TUNSETDEBUG(r1, 0x400454c9, &(0x7f0000000180)=0x1)
ioctl$TUNSETIFF(r2, 0x400454ca, &(0x7f0000000040)={'syzkaller0\x00', 0x7101})
write$cgroup_devices(r2, &(0x7f00000000c0)=ANY=[@ANYBLOB="1e0306003c5c9801288463"], 0xffdd)

13m5.916844967s ago: executing program 32 (id=1067):
r0 = openat$tun(0xffffffffffffff9c, &(0x7f0000000080), 0x0, 0x0)
r1 = openat$tun(0xffffffffffffff9c, &(0x7f0000000240), 0x0, 0x0)
ioctl$TUNSETIFF(r1, 0x400454ca, &(0x7f0000000040)={'syzkaller0\x00', 0x7101})
close(r0)
socketpair$unix(0x1, 0x5, 0x0, &(0x7f0000000500))
ioctl$SIOCSIFHWADDR(r0, 0x8914, &(0x7f0000002280)={'syzkaller0\x00', @multicast})
r2 = openat$tun(0xffffffffffffff9c, &(0x7f0000000240), 0x1c1842, 0x0)
r3 = socket$alg(0x26, 0x5, 0x0)
bind$alg(r3, &(0x7f0000000000)={0x26, 'aead\x00', 0x0, 0x0, 'aegis128-generic\x00'}, 0x58)
setsockopt$ALG_SET_KEY(r3, 0x117, 0x1, &(0x7f0000000140)="2c385aa3d49100dc6626c892b6bc436a", 0x10)
r4 = accept4(r3, 0x0, 0x0, 0x0)
sendmsg$nl_route_sched_retired(r4, &(0x7f00000002c0)={0x0, 0x0, &(0x7f0000000280)={&(0x7f0000012100), 0xe078}}, 0x0)
recvmmsg(r4, &(0x7f0000000180)=[{{0x0, 0x0, 0x0}}, {{0x0, 0x0, &(0x7f0000000200)=[{&(0x7f0000000500)=""/229, 0xd058}], 0x1}}], 0x2, 0x60, 0x0)
bind$alg(r4, &(0x7f0000000100)={0x26, 'hash\x00', 0x0, 0x0, 'sha256-avx2\x00'}, 0x58)
ioctl$TUNSETDEBUG(r1, 0x400454c9, &(0x7f0000000180)=0x1)
ioctl$TUNSETIFF(r2, 0x400454ca, &(0x7f0000000040)={'syzkaller0\x00', 0x7101})
write$cgroup_devices(r2, &(0x7f00000000c0)=ANY=[@ANYBLOB="1e0306003c5c9801288463"], 0xffdd)

16.26518383s ago: executing program 0 (id=3153):
openat$tun(0xffffffffffffff9c, &(0x7f0000000200), 0x0, 0x0)
r0 = openat$tun(0xffffffffffffff9c, &(0x7f0000000240), 0x0, 0x0)
ioctl$TUNSETIFF(r0, 0x400454ca, &(0x7f0000000040)={'syzkaller0\x00', 0x7101})
socket(0x400000000010, 0x3, 0x0)
r1 = socket$unix(0x1, 0x2, 0x0)
r2 = syz_init_net_socket$bt_hci(0x1f, 0x3, 0x1)
ioctl(r2, 0x400448cc, &(0x7f0000000040))
ioctl$sock_SIOCGIFINDEX(r1, 0x8933, &(0x7f0000000100)={'syzkaller0\x00'})
mount(0x0, 0x0, &(0x7f0000000300)='configfs\x00', 0x0, 0x0)
r3 = syz_init_net_socket$bt_l2cap(0x1f, 0x3, 0x3)
ioctl$FS_IOC_GETFSLABEL(r3, 0x400452c8, &(0x7f0000000300))
socketpair$unix(0x1, 0x1, 0x0, &(0x7f00000000c0)={<r4=>0xffffffffffffffff})
r5 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000040), 0x0, 0x0)
r6 = ioctl$KVM_CREATE_VM(r5, 0xae01, 0x0)
r7 = ioctl$KVM_CREATE_VCPU(r6, 0xae41, 0x0)
syz_kvm_setup_cpu$x86(0xffffffffffffffff, r7, &(0x7f0000000000/0x18000)=nil, &(0x7f0000000140)=[@text64={0x40, 0x0}], 0x1, 0x44, 0x0, 0x0)
r8 = openat$sequencer(0xffffffffffffff9c, &(0x7f0000000300), 0x14bc00, 0x0)
ioctl$SNDCTL_SEQ_GETINCOUNT(r8, 0x80045105, &(0x7f0000000080))
ioctl$KVM_RUN(r7, 0xae80, 0x0)
r9 = syz_open_dev$usbfs(&(0x7f0000000000), 0x1ff, 0x402)
r10 = socket(0x10, 0x3, 0x9)
sendmsg$BATADV_CMD_GET_ORIGINATORS(r10, &(0x7f0000000600)={&(0x7f0000000280)={0x10, 0x0, 0x0, 0x800}, 0xc, &(0x7f0000000400)={&(0x7f0000000580)={0x14, 0x0, 0x100, 0x70bd28, 0x25dfdbfb}, 0x14}, 0x1, 0x0, 0x0, 0x4000}, 0x24008010)
ioctl$USBDEVFS_CONTROL(r9, 0xc0185500, &(0x7f0000000180)={0x23, 0x1, 0x13, 0x1, 0x0, 0x2, 0x0})
close_range(r4, 0xffffffffffffffff, 0x0)
r11 = socket$inet6_mptcp(0xa, 0x1, 0x106)
ioctl$sock_inet6_tcp_SIOCINQ(r11, 0x541b, &(0x7f0000000000))
r12 = openat$rdma_cm(0xffffffffffffff9c, &(0x7f0000000440), 0x2, 0x0)
write$RDMA_USER_CM_CMD_CREATE_ID(r12, &(0x7f0000000b40)={0x0, 0x18, 0xfa00, {0x0, &(0x7f0000000b00), 0x2, 0x8}}, 0x20)
socketpair$nbd(0x1, 0x1, 0x0, &(0x7f0000000040)={<r13=>0xffffffffffffffff})
ioctl$SIOCSIFHWADDR(r13, 0x8b26, &(0x7f0000000280)={'wlan1\x00', @random="6a50bae0b3e5"})

15.088348756s ago: executing program 0 (id=3161):
timer_create(0x0, 0x0, &(0x7f0000000300)=<r0=>0x0)
fcntl$lock(0xffffffffffffffff, 0x24, &(0x7f0000000040)={0x0, 0x0, 0x10001, 0x5})
mprotect(&(0x7f0000000000/0xf000)=nil, 0xf000, 0x1)
timer_settime(r0, 0x1, &(0x7f0000000040)={{}, {0x0, 0x989680}}, 0x0)
mmap(&(0x7f0000000000/0x200000)=nil, 0x200000, 0x300000b, 0x204031, 0xffffffffffffffff, 0xec776000)
r1 = syz_open_dev$tty20(0xc, 0x4, 0x1)
ioctl$TIOCSTI(r1, 0x5412, &(0x7f0000000100)=0x13)
ioctl$TIOCSTI(r1, 0x5412, &(0x7f0000000000)=0xd)
writev(r1, &(0x7f00000000c0)=[{&(0x7f0000000080)="bd", 0x1}], 0x1)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x3000)

13.376136788s ago: executing program 0 (id=3165):
r0 = syz_open_procfs(0x0, &(0x7f0000000000)='net/ip_mr_cache\x00')
r1 = syz_clone(0x0, 0x0, 0x0, 0x0, 0x0, 0x0)
ptrace(0x10, r1)
ptrace(0x10, r1)
ptrace$peeksig(0x4209, r1, &(0x7f0000000080), 0x0)
openat$binderfs(0xffffffffffffff9c, &(0x7f0000000380)='./binderfs/binder0\x00', 0x0, 0x0)
openat$ptmx(0xffffffffffffff9c, 0x0, 0x0, 0x0)
ptrace$getsig(0x4202, r1, 0xa, &(0x7f0000000140))
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
prlimit64(0x0, 0xe, &(0x7f0000000380)={0x8, 0x100008b}, 0x0)
sched_setscheduler(0x0, 0x1, &(0x7f0000000200)=0x5)
openat$sequencer(0xffffffffffffff9c, &(0x7f0000000280), 0x80a02, 0x0)
r2 = syz_open_dev$sndmidi(&(0x7f00000004c0), 0x2, 0x141102)
r3 = syz_open_dev$sndctrl(&(0x7f0000000100), 0x0, 0x0)
ioctl$BTRFS_IOC_ADD_DEV(0xffffffffffffffff, 0x5000940a, &(0x7f0000000880)={{r3}, "d6b7be4f87f431dc321fb8d7a742192d1584ae495d8bf63ec5be72556ed3033605e8b7c191ffddee63cf58dee4a0fa8bee3f76e6b5f876b3c2a939ab8d77469d611ff5ef4270aca203072645b2138d76a9cd41939f625fde1338b36b13d98181b85e632144b448503298efe29d3928f4df02025587fa2cb9bd2955f506660cd2f66e5139b7cb2f7deacd7f62e0f9c2d0490ccff4d4f775e0702397370be279cc86d82b2ea70abfe5093e72c0d867655746a0ee1b8aa2d009a363690f2087b237cf3ef059df05f03234024fbbdec4975d2a5b1bab6278be3714b571f25fbf4d34ce74cf921266d88b406523cd9ea70504947d6979f15c2217a386ef7392548bb97473864e646ad395339541663d46b74d3d55d0d762fa1723baa5699b0b0e4ef33436c128efb329542042f050d3bffa796ab26a057d2bf01f367aa61808f5bdcc5d12c9afb1e81814b5ba063ecfb345821bc3ffc1e0e3c9876621bea6c6c8386068e4b80e44cd2c5aac6314b173be37f49737abc24255ffb8f59664c8cf64c62ba7c324d1c5e04ef0234cbb1a529c4d3a21b1a181b1ae94f314f7d652b996c355d5c4cec9622a335b20c723132762e351d97310f90c1a4828d729dcaf2622aef0dedc2fb9a917a564d8411fba4a844589918e4ddbc9cb1ae569b1c9814994dbcc5531f622878d13714f348815148d4a36494280c810e8c15f1286797099bd884dd5b562c0ec9f8d4d2c4da903b219c3b35adc6361ec76075ed2647ebc03a9d3610b6fef4b2c440048519c0e9ad7599b8bdb29593e603fb7ae5829bde1b3dcf17c8465cd41086e0045642584131f17795ef2f3181f23efd6a22015927be772ef1c3ada1286b511c0fca71ff965e9e0f54ee4172e15993a0cf2181eb9828476f43ddc4ef83dc11f4362884d754969c9efb46a1daadac93b9410995cf848929939ae5917a0e3f25d5198fa3b3c8865470c6c2317576d2bc1084694d33237eda8e49cb03c9455ae546b7bc0c60c79e84e178ef3e132b6b3d5d1638d2d36262057573cf8e3c804a6f94904b3e914a97a0c6525d82425cb1afc6e8494e66b93f88e5ad10e757128d3cfcdcb9d844652d7fe14cfedc3d0ed63bda830b0955dc98a645093f14b354266dca83b6021205c809a06fdbc261a52c3eb7b14fec28f6e5a258d6affaabc6ba538cbf7147cf75c89b9e185faeedfbe9e2b86a4cb54991667abd0eed178417d8af6840937617cd0c19ebf2d710ab27580cc357ba110bb047437d32984a53f1dc9c38f2c34096f8d417fef5eef46537668b23f7add2f667d3e26954dc634cd5bc3e25049cba09bc7fbd71b557158d880c6bce4b7bab9e203509da77551db259b3a581cb4aaa885a5f5249c7bd45cffd6aaae0d6012258fdbddae7abe5218b2f89702c6f4b0484889c26e9179ed996579b33bec5efc8a3bce3f3d623aeaa7ed88f54d578e4bb8fa92f5dbe033451f6e7d421bf8a5f47a336d7486eff3ac1c7d790508218071d04fa84ed0eee2223e26ff0e81c212ec2aa269f05c675c2fb348a1dfd75cca4887d8a4fba55bd6ac8073cc536798dd7d8eed90191206b63a5daecb5d2c78b2f275574b302a5e2aca35d92df39155576eb51e7f7995ffcb9c6156dfb980158617afab935d10c3ae53dee49f5c8071e755f2ea226a33fb74c4bc885ce568f7a3a061428694b8848840df54f04b9984705f5e1b823aebf3553084de8e9287b88bd7b31fcbe346ec8c8c7ff0bfd6464b35d3642b091ce96279cacd99c1f6ee1096ae876ff8a5cd62e5dcfcf27c342b136051a891da22fb1dea918e7c57d604d4e7993912a0154caa85524114194afd94ec627defe83ada77906fd9741dd2ae97b96c01f31cbc8c15e3d4ded3314fd66caeaea8f770ffa60ce6c5ea43cdf8588675fb01d31d7555823f81547e639d4e5bf1b1b31ad03255776a4b1ea8469b21323662c3e1c58f2ee1f47a0b4a1189065c29474f3fe2b080be4f750077400a9cccb6798e129e1a8092bcf1b6b319cb35951449a61e05b8ea7ac3590f498ad8287786644c4e73db4cb9f662a37b27876b0dc3f73978aa3164a65600825cdee7cfa3bbd2db2edd20fa186560e2f95f5bc702599c92b79303b7707032cb9cba8265737f3e42f16d880c4851c01e4301733569eec51505ad1f3b1b2919a958b55e8474df00ec708db23e518e43690e4313bbbc8ea17c3c633ebdc2fb6078dc4f7266b23e94e823e50dd7554cec6faf1fcbdf0fa9defbddd1ca364a67fb86d76a3415cb1cf7f631b9de911ffa7f2a64f609e5b682ff37cf135ad7906ce76fdc74b1f5dda6aaab4610ac1388bc89ba9beb6293c627b09530564c7e218d11f7854f1aaa86cefa97f78db29e62e08e9cff86c1ccafb9e01cf702fb81ddc1703a5893f02700dd9b214b19aa13c02743ccdc9df17005f41552dd6786e203f353116fd853001eff384e85a8d58f8f708cdaaf50703c261171f05aa87220c5b5c7b6c2b3e0714d1a09472515a4c766c34f176bf93bf44dc87228655ca084810c0d497a296a6bd9094f089b9965a4c35c086e99a34fe3f4d43e1c6eaa78a593811321f8a0cbcc479341c04820aa2a494e7a5137b395bd9c85a2c0f140ce6f5120198530a60ddb76bd304df4829e2d1b2764ee030b9547751cc589d054b5fb7cb088fc823bfaddcc50bb12d7e460045ce3aefb89277145e140249a9380ea24a3f895fed76e99f94c3228a4b1ece26162f56ce428d42687593477f107f733bf8427cbd169f7de4741abbbb3396d587ec15e16ef9df6e24c19b191b6f17d6f217d0c45eb1377bf24a767b8f6176c9667d77dff9e23f8deb029664f7731362893df0470041bbaed3cf29fa0838f742905ddb66c7ad08de8758597c1274cdeff1f8abfd399a14321b27bb215c09c41a9597be3b088700295772ed043c8b2ccfe0cfac4de654d8172f29ec6af6dfa8fa4900bf3640d815368cd25e426f9544cd71a9b7c1a170cba18093ddac8942d7a4c17c0113e5c87a4db77ca3bd235fb13beba5635d0bca361900a27760935168292068abf1a973f96f7b66b6eccf87515a22200bd5b8a4afc8e24847628477fa05740709067451ea24da8a22b2e05757c232dc95d7c434e5deaf2a3502aa9aae68953ba04522fc772dc95ca41e28ac79344e9eaa8cdf3634febbff2c45cd7c69d90f7dd07c6e1d7750b864b57fde94c63ebb7f4e87584ee3ea2657f23fd4605e3d48b746da0708add879cf6d2bb97868af506c74df0c40dc1b5e85321b80c41f7f1c047cd8caf3793b327a79004f2282223ac4dcef51f61c402b377671fc971875c8d7c869f8eb5bdbd990310b70a156db06a45d2aa26c062c4b6e82f2b4c0ef9133eddea93851147ae66d2af032df1cdfecd24ce5bb985f110b48119436ecf60b781165fa46a5ff24484de669378df8e2826889ee113380a623e4aad2e14182040ec717b0e923ee0b92aa926361a874e0fa960891698eb2c7ec366d379228813a93f542d4b7f4fe4a4600f69d9fbfd60e105044200d46bc24fa9e58553ba6f2798a1cd98a3571ad594cd00165ef058b1c234ef73069d4f716e58b974fbafd52ec54dad61cd9e5814c5fb99f614053e39a359b33f3f0a676924c948b186f505df08b764dd3c8ebaef0dcf99e5d7aa89b0186fcc8cb99f27f6b75a8f60861b5ebe8afa2a4c6d181740752c1ac6df50ff9a1b3c92ed8aba48a2fab039a394467e3e728d21b14c7ab4a9d74a4da956782a0d189dfdb18334c933f92918e7709f6e9a2779b1d457ccbb1b693f85c4e2f63ace6db246f4c4f1ecd2e5e34b8dd38d08841f3419ecab6366a0d8882271a68361f03adb688c931b4d57e9f70472bb6394d466d0ba9ee59d3cc7a348ff3909743646ce007425eaefe1dfeeccd7189eef7e90666cc51eda3f6a6279bb17b27ec9d0114a995e2823ee53a8f91843285ede90b0f132c557b8243f9d1a1183e87a702bf95c8faa29a41cfb4306694cc49fbfebc78d5d5d056f067d44feef0a2b3b4d8949c9f35f32d0a0dda6afff93f6bd9e481aa7f676936e9015337d03b28c49d27f49757ee39fd05b57baa5f44f170de534d3258faa335d1597d03ff083f53b1ad0744539db11765a3b69922b6b06b5976f1cce5f6b8a60bbc87c5ba1b91cda98c292467448a6f4b890becee1a6a48d537e975cea39e58379afa96ce8f40397e8fab8ee6506c3126cc52b57c1b74ebdb47d742e18c5fb12a462fbbdbba7079fac3192a28a9e16586b8f4d7c246243a7d8d5edc8e45f18904ae22664cc326a917d7ea7b6ee0aa632124acda1c36846c697e910fdbc146dbb62ce0dd2a33f7a42e62ca05952bbdbefa450bd6180e4fc0b0384d538b0bdf6a9f400a0a415d225c09d1fcdcc91a05edadac9cceee3755de5ab7521ea968c038aeb757273af16f1e7154f0a4f97697d30be02848b3777ae3c1f01449622e0b13e296f1db63fea641d4b1ed72dd8cee93ec57fbc9988a109ea40fad92ba91717a0304a48382c1042b03f48888b9bec242a88b27fd7ea01403839564c8d71c0b5bf0cf905eae9a786f58ded99d3efd8c49fcc1ca95aa58c884916276d460f17533ec6169d75a46a0ec7e8c295112cc94930dbd85c25d5a317a60e46580c535ff5e21387f98c01e9443ae2a642a00ed9240a7c1dc70ab05906f899029ddbd0dab60a98b22356c3350eca288723eb6649a78808b9b804d615fbded7ba927014f1a1792c6bf30661b9ed71414952d5acd6a7e68bd4ee6d7b2e71153e2d863a92b07a9e453d42880695f327b6bdc0ba49beb0f1dd936e8bb6d874d078c5413c14ef22a1705b1c950f1ff21f67185dd3414c85cd3a6c768602048a240812ac348bdd3ef0bb0a7daba3b3dd57738ac3cd8bdce8b87ed6fa48cb22cde1f85aef7e022e5bb53fbb2f828a774a12b782cbcb7110911016c79ffa3a00b46b296113287d2235da379c5c99dd9bc8a31a8b6ca721218dae7930a8c8e1aa1fa6360491f57cb72a04f85833fddff27daf69a08dcd54fa53ad73d255da33a67798b879032cd9f45c9db92689b0feb3f1eef352f102e294ed23cfc40ae40d12f2c3479cb63bb1625b4bea047673acdeb4a80f695c1d0e2a490d0979e81868a461c6462f123735c566f1c8b138baa0e6bfef94e6e3754439e28ce812de06f04c5c8a10c6bb7ccfb67912c0ea6611cb301b5bfc181f94f8f0dfc6f12ebd9c7a0c2af5a33d500d9038f679cdda118c5928c42744d6df3dd4e9b819b988f96120019889cc957559598e66d32df049a95ebd0ae33002a987e7805e19b7c34666fa38b36913fc19eeab224fba80347ddee49f1e008a008eebf76761fb59f435e43be686099df4b716bf39c2bef9c268d4d9245a5eeebf902ce1a1e1b2b678301dfe1f2ab606b52efe8e0aba60a778bc3e82b99b0485514df2049e9428ba62802f3d86fd07166098011a35d2b4396c3aaf4e1cd9da85ddaee204fb92372347294c16c385c2ef6876b07c040c5d940205e901acde436d88cf211059d0e30e90bbe914a6de59f131c1b350fb437b3f0c68a23bfe17841134b221c6763f82cb78ef3c26c60ef2158f893385996a0b32e5341e56687d6b3ff612fde4381e814dbc478cbaca3e0354ca1071ee4e87fd56fc10fff714284e468d50be180a8044679c7c0082d38d82a8723fbe760a21cf74d3595686ed571b8270d05b3b30ef8927f7ba80e36fc32712363519c935581c06d6a0d897193ef99361c142f3a7f14095f30a34f7a70553b8de3d935a3c57216de6fbba944931"})
writev(r2, &(0x7f0000000840)=[{&(0x7f00000002c0)="94", 0xf000}, {0x0}], 0x2)
setsockopt$packet_int(0xffffffffffffffff, 0x107, 0xa, 0x0, 0x0)
write(0xffffffffffffffff, &(0x7f0000005c00)="2700000014000707030e0000120f0a0011000100f5fe", 0x16)
read$char_usb(r0, &(0x7f00000003c0)=""/241, 0xf1)
r4 = syz_open_dev$dri(&(0x7f0000000000), 0x1, 0x80000)
ioctl$DRM_IOCTL_MODE_PAGE_FLIP(r4, 0xc01864b0, &(0x7f0000000040)={0x0, 0x0, 0xb, 0x32, 0x9})
syz_usbip_server_init(0x3)
pselect6(0x40, &(0x7f00000001c0)={0x0, 0x0, 0x20000000000, 0xfffffffffffffffd, 0x0, 0x0, 0x1000001000, 0x49}, 0x0, &(0x7f00000002c0)={0x3ff, 0x7, 0xffffffffffffffff, 0x9, 0x0, 0xf, 0x80000006}, 0x0, 0x0)
r5 = socket(0x2b, 0x1, 0x1)
setsockopt$inet6_tcp_TCP_REPAIR(r5, 0x6, 0x13, &(0x7f0000000000)=0x1, 0x4)
connect$inet6(r5, &(0x7f0000000080)={0xa, 0x4e1f, 0x2, @local, 0x1}, 0x1c)

10.085277273s ago: executing program 0 (id=3169):
ioctl$KDFONTOP_SET(0xffffffffffffffff, 0x4b72, &(0x7f0000000080)={0x0, 0x0, 0x8, 0x1b, 0x100, &(0x7f00000000c0)="387ed7626d850509a2d6c1aa38f15cd00f85c263cb226db671261fff7ce9c555f189afae3530db6dd493f28fd988721b9ae21b3e3b4523ae2594f47d8f62b480c4160b1f90ac9c41fae6ab12ac4c113fef588684ef495689092883b902a41cd75387ef6f7bc7d460d5e665f398ff95596dc94ec97003a3db08e500c2fb07e11aa4031a61c51caf7a65a2b613bda33f3eaeae635d7cd81761e74c38a7695800a15516eb337056e02335f9a7d10aa2eaf7beb7e1f7a1e850ecb3421143c5c4ded0f083a0c524dcf320827266819b6a952db5bc96141b26c54db857edbcbbc81c7af7aadf50bc549974b6401a19cdb130282b955592efa94242065a4c8d695a2cdd9ada350defd58c775b92d348305774d3a256c7520b285d8da0dbf5e20d604413ed2ddf9bcbf881caf811852806175d63892a15234fbcd7a88a2a0aea45d19148f0e7dada7d6d0d77881387fdeaa02863be90b88dfff412bff40c31c6415c54ae3335e54a49d315851feffe30d999c36def4df7df747695ef060000001bbe1b649f42f310859122c0d2c1e558dc6586958a28374f386ecf369274e43003a09b5159ea515eb44521901ef0d00baa91c10a8e44a76aac3468a15bd3d45ad389977467f306f9bcde071b30769795eed2f1580414d168f557cd90040c4bd2a3d6bc509254a12cece59181fcb5bad8c24bd9f8f78d17ab01831325501e80d899e9252f99d3a2666343392fda115048e4f4dd9f45657f8224fc78eb1168fe0527fac33466aadf48f16994d29a47778566e0f3945b2bf36b6eecc7fa18914beb66ac9e519bd3330000000000000009a3237aebbe3bed781e39d5a0fb0cdc60e196f2261305feb596b5b66ab89d2d6333f699b16db68986ab3eee7b199fefb5f79ffb2d1050e46982af1c14a88dd9b647ba812f56a8404755c73e74bb90e64bab9647c70ed5afca1c3d87907d14df8aa9df6f40a80ace2bb8a2aad3b0c66915927db4173181943d88c0c76d5969e2043db5bd77fd60ba0f012139929ccfec965c1f769785a4d23332d71f0875e3146afef5b20cc306d3ecee65944fe9829e0ad0c3f6bb2fdc1bc31152538db50f47dc38ba908a0d808687e478a609fe0daa0000000000000000e7f2e98597e27f3e1dba9c3c16e9fab3bda6ed33cb1c75513e2264b69d4794ded98eff9aa53d22eb77c9d93169c04ab2490bf28106f770e07eb7a9e8fd4e71929f918b98c4cbfcb11a90139264a9ee807c973167f493760278df0cc34be9e8f86f948d9a62e63ad6ca9d174d2465380b1a00ddc42915e4f3a5db640600000095a3d63904c9ecd1c313c08e29b814bd8fed1ab6d2846c73345962895d289ac77152cac2e04c93a5470774975b42091f218dd1e68a15f8226577bf9481ae0555db64a717eb23a811356d00000000ddffffff00"})
r0 = openat$vhost_vsock(0xffffffffffffff9c, &(0x7f00000015c0), 0x2, 0x0)
ioctl$VHOST_SET_VRING_BASE(r0, 0xaf01, 0x0)
r1 = eventfd(0xfffffff9)
ioctl$VHOST_SET_LOG_FD(r0, 0x4004af07, &(0x7f0000000240)=r1)
ioctl$VHOST_SET_VRING_KICK(r0, 0x4008af20, &(0x7f0000000040)={0x1, r1})
ioctl$VHOST_SET_VRING_ADDR(r0, 0x4028af11, &(0x7f0000000140)={0x0, 0x0, 0x0, &(0x7f0000000500)=""/56, 0x0})
ioctl$VHOST_SET_VRING_ADDR(r0, 0x4028af11, &(0x7f0000000280)={0x1, 0x1, 0x0, &(0x7f00000000c0)=""/87, &(0x7f0000000480)=""/70, 0x100000})
ioctl$VHOST_SET_MEM_TABLE(r0, 0x4008af03, &(0x7f0000000680)={0x1, 0x0, [{0x0, 0x73, &(0x7f00000001c0)=""/115}]})
ioctl$VHOST_SET_VRING_ERR(r0, 0x4008af22, &(0x7f00000002c0)={0x1, r1})
ioctl$VHOST_VSOCK_SET_RUNNING(r0, 0x4004af61, &(0x7f0000000000)=0x1)

10.020996326s ago: executing program 0 (id=3172):
sendmmsg$unix(0xffffffffffffffff, 0x0, 0x0, 0x0)
r0 = socket$inet6_sctp(0xa, 0x1, 0x84)
r1 = socket$nl_xfrm(0x10, 0x3, 0x6)
sendmsg$nl_xfrm(r1, &(0x7f0000000000)={0x0, 0x0, &(0x7f00000001c0)={&(0x7f0000000280)=ANY=[@ANYBLOB="fc00000019000100000000000000000000000000000000000000000000000000fc01000000000000000000000000000000000000000000000a00000000000000", @ANYRES32=0x0, @ANYRES32=0x0, @ANYBLOB="0000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000010000000000000000000000000000000b9376000000000000000000000000000000000000000000020000000000000001"], 0xfc}, 0x1, 0x0, 0x0, 0x24008040}, 0x20040000)
sendmsg$nl_xfrm(r1, &(0x7f0000000180)={0x0, 0x0, &(0x7f00000001c0)={&(0x7f0000000300)=@updpolicy={0xb4, 0x19, 0x1, 0xfffffffc, 0x0, {{@in=@dev={0xac, 0x14, 0x14, 0x2c}, @in6=@local, 0x4e22, 0x0, 0x4e24, 0x0, 0xa, 0x0, 0x60}, {0x0, 0x1000000000000401, 0xfffffffffffffffe, 0x40000000, 0x0, 0x1a, 0x1, 0xfffffffffffffffe}, {0x7a, 0x5, 0x0, 0x7fff}, 0x8, 0x0, 0x1, 0x0, 0x3}}, 0xb4}}, 0x8044)
sendto$inet6(r0, &(0x7f0000000240)="8a", 0x1, 0x51, &(0x7f0000000080)={0xa, 0x3, 0x1, @dev={0xfe, 0x80, '\x00', 0x36}, 0x9}, 0x1c)

9.848041488s ago: executing program 0 (id=3175):
timer_create(0x0, 0x0, &(0x7f0000000300)=<r0=>0x0)
fcntl$lock(0xffffffffffffffff, 0x24, &(0x7f0000000040)={0x0, 0x0, 0x10001, 0x5})
mprotect(&(0x7f0000000000/0xf000)=nil, 0xf000, 0x1)
timer_settime(r0, 0x1, &(0x7f0000000040)={{}, {0x0, 0x989680}}, 0x0)
mmap(&(0x7f0000000000/0x200000)=nil, 0x200000, 0x300000b, 0x204031, 0xffffffffffffffff, 0xec776000)
r1 = syz_open_dev$tty20(0xc, 0x4, 0x1)
ioctl$TIOCSTI(r1, 0x5412, &(0x7f0000000100)=0x13)
ioctl$TIOCSTI(r1, 0x5412, &(0x7f0000000000)=0xd)
writev(r1, &(0x7f00000000c0)=[{&(0x7f0000000080)="bd", 0x1}], 0x1)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x3000)

9.82279829s ago: executing program 3 (id=3177):
r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000440), 0x0, 0x0)
r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0)
r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x2)
mmap(&(0x7f0000000000/0x3000)=nil, 0x3000, 0x1000003, 0x13, r2, 0x0)
ioperm(0x2, 0x7, 0x100e)
ioperm(0x7fffffff, 0x1, 0x8)
socket$netlink(0x10, 0x3, 0x0)
gettid()
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
sendmmsg$inet6(0xffffffffffffffff, &(0x7f0000003340)=[{{0x0, 0x0, 0x0, 0x0, &(0x7f0000000000)=ANY=[@ANYBLOB="280000000600000029000000b9"], 0x28}}], 0x1, 0x44010)
r3 = io_uring_setup(0x2c48, &(0x7f0000000280)={0x0, 0xdfc8, 0x80, 0x2, 0x1af})
io_uring_register$IORING_REGISTER_EVENTFD_ASYNC(r3, 0x18, &(0x7f0000000000), 0x1)
r4 = syz_open_dev$sndmidi(&(0x7f0000000040), 0x2, 0x141101)
r5 = dup(r4)
write$6lowpan_enable(r5, &(0x7f0000000000)='0', 0xfffffd2c)
r6 = syz_io_uring_setup(0x7aad, &(0x7f0000000740)={0x0, 0x1c2a, 0x10100, 0x0, 0x0, 0x0, r5}, &(0x7f0000000180)=<r7=>0x0, &(0x7f00000001c0)=<r8=>0x0)
r9 = add_key$keyring(&(0x7f0000000180), &(0x7f00000001c0)={'syz', 0x2}, 0x0, 0x0, 0xffffffffffffffff)
keyctl$KEYCTL_RESTRICT_KEYRING(0x1d, r9, &(0x7f00000028c0)='asymmetric\x00', &(0x7f0000002980)=@keyring)
keyctl$get_persistent(0x16, 0x0, r9)
syz_io_uring_submit(r7, r8, &(0x7f0000000040)=@IORING_OP_POLL_ADD={0x6, 0x2, 0x0, @fd=r4, 0x0, 0x0, 0x0, {}, 0x1})
io_uring_enter(r6, 0x2ded, 0xef92, 0x0, 0x0, 0x0)
r10 = syz_init_net_socket$llc(0x1a, 0x1, 0x0)
connect$llc(r10, &(0x7f0000000180)={0x1a, 0x0, 0xf9, 0x8, 0x0, 0x0, @dev={'\xaa\xaa\xaa\xaa\xaa', 0x3e}}, 0x10)
readv(r10, &(0x7f0000000100)=[{&(0x7f0000001180)=""/4085, 0xff5}], 0x1)
r11 = socket(0x10, 0x3, 0x0)
socketpair$unix(0x1, 0x1, 0x0, &(0x7f00000005c0))
sendmmsg(r11, &(0x7f0000000000), 0x400000000000235, 0x0)

7.286294905s ago: executing program 3 (id=3183):
r0 = openat$procfs(0xffffffffffffff9c, &(0x7f00000001c0)='/proc/key-users\x00', 0x0, 0x0)
r1 = memfd_create(&(0x7f00000005c0)='\x00\xc76\xbe\x91\x8d\x182)!\x9a%\xa2\xd28\xd6\x06\a\x0e\xfc\xfe\x12\x8f&\x13\xae%@T\xa3\xb0>\\\xec\xa9\xf9Q@6A\x10\x8cn|\x00\x00\x00\x00\x00\x00\x00\x00\xeb0\xdd\xe8\x87\x05=\xfb\x8b$\xdcQ\xee\xc5\x1f\x8bQ\xf7fo\"i\xa1hk\x1d\xf5z\xc1\x7f\xa4\\]\xc4\xbe3\xf9\xa8\t?:\xd8\xda\x84\xeepI[\x1c\x00\x00\x00\x00\xf9v\x00\x00\x00\x00\x00T\xb6\xbe\x0f~\xc0\x92\xe9O{\xa8\x81(\x01\x14\xfc\x83\xf9\xfb\x05\x94Tr@Lq]\xf9\x15zj\x87\xc4\x8e\xe8/\xb9-&R\x8e\xb2\xb3bBx\x1e1\x18\x8f\x19\xf7]#\xed,\xc7\x11\tp\xf4\xa3\xee\xcb\xaf\xb3\xe3\'}\x18\xe8O\xa8#K\xb6\xe4U\x92\xd2\x99\xb8<X\xfa\xdd\x8a6\xa1\x82\xf7r\xd8z\x85\x8do\xa5\xed\xd4\xbc8\xfb\x16\x8e\x8b-W\xd4\xc9\xbc\x94CR[Du8U^\xf2tl8\xfe\xd0\x94\xfe\xf5\x1c+\x00U\te\xfa6\xca\xb9\xb4Q\xd9\xee\r6\x861h{\xc7z\'F\xc7\x91\x06x\xe1`\xf1:\xbd+\xd5\f\xb2\xce\xa4\x06\x90\x90\x9b\x1d\xcaa\xf7\x8f\x9e\x80\x93\xafT\xdfl\xec\xc6\x8e\x96\r[n\xc6\x99\x1fr<\x06\xb3\xbcT\x00\xda6\x18/\x18', 0x0)
ioctl$FS_IOC_RESVSP(r1, 0x402c5828, &(0x7f0000000000)={0x0, 0x0, 0x0, 0x100})
lseek(r1, 0x0, 0x3)
r2 = openat$ipvs(0xffffffffffffff9c, &(0x7f00000004c0)='/proc/sys/net/ipv4/vs/sync_qlen_max\x00', 0x2, 0x0)
syz_io_uring_setup(0x19ff, 0x0, &(0x7f0000000240), 0x0)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000740)={&(0x7f00000006c0)='sched_switch\x00'}, 0x10)
sendmsg$nl_route_sched(0xffffffffffffffff, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000000040)={&(0x7f00000000c0)=@newtaction={0xa4, 0x30, 0x1, 0x0, 0x0, {}, [{0x90, 0x1, [@m_ct={0x44, 0x2, 0x0, 0x0, {{0x7}, {0x1c, 0x2, 0x0, 0x1, [@TCA_CT_PARMS={0x18, 0x1, {0x9d, 0x11e41e7a, 0x20000000, 0x0, 0xf}}]}, {0x4}, {0xc, 0x7, {0x0, 0x1}}, {0xc, 0x8, {0x0, 0x1}}}}, @m_ife={0x48, 0x1, 0x0, 0x0, {{0x8}, {0x20, 0x2, 0x0, 0x1, [@TCA_IFE_PARMS={0x1c}]}, {0x4}, {0xc}, {0xc}}}]}]}, 0xa4}, 0x1, 0x0, 0x0, 0x804}, 0x0)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0)
sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x7)
r3 = getpid()
sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeef, 0x8031, 0xffffffffffffffff, 0x0)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000a00)={<r4=>0xffffffffffffffff, <r5=>0xffffffffffffffff})
connect$unix(r4, &(0x7f000057eff8)=@file={0x0, './file0\x00'}, 0x6e)
sendmmsg$unix(r5, &(0x7f0000000000), 0x400000000000041, 0x0)
sched_setaffinity(r3, 0x8, &(0x7f0000000240)=0x2)
recvmmsg(r4, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
bpf$MAP_CREATE(0x0, &(0x7f0000000300)=ANY=[@ANYBLOB="0a000000010000003f000000400000", @ANYRES32, @ANYBLOB='\x00'/20, @ANYRES32=0x0], 0x50)
r6 = bpf$BPF_BTF_LOAD(0x12, &(0x7f0000000380)={&(0x7f0000000080)=ANY=[@ANYBLOB="9feb010018000000000000001c0000001c00000003000000010000000000000e0200000000000000000000000000000504000000002e"], 0x0, 0x37}, 0x20)
bpf$MAP_CREATE(0x0, &(0x7f00000004c0)=@base={0x9, 0x4, 0x4, 0x7, 0x0, 0xffffffffffffffff, 0x0, '\x00', 0x0, r6, 0x10000002, 0x1001}, 0x50)
bpf$BPF_GET_PROG_INFO(0xf, &(0x7f0000000700)={0xffffffffffffffff, 0xe0, &(0x7f0000000780)={0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x5, &(0x7f00000001c0)=[0x0, 0x0, 0x0, 0x0, 0x0], ""/16, 0x0, 0x0, 0x0, 0x0, 0x6, 0x1, &(0x7f0000000280)=[0x0, 0x0, 0x0, 0x0, 0x0, 0x0], &(0x7f00000003c0)=[0x0], 0x0, 0xa7, &(0x7f0000000400)=[{}, {}], 0x10, 0x10, &(0x7f0000000600), &(0x7f0000000640), 0x8, 0x9, 0x8, 0x8, &(0x7f0000000680)}}, 0x10)
r7 = openat$ipvs(0xffffffffffffff9c, &(0x7f0000000000)='/proc/sys/net/ipv4/vs/secure_tcp\x00', 0x2, 0x0)
write$cgroup_int(r7, &(0x7f0000000040)=0x3, 0x12)
sendfile(r2, r0, &(0x7f0000000000)=0x9, 0x3fffff)

7.195434831s ago: executing program 5 (id=3185):
openat$kvm(0xffffffffffffff9c, &(0x7f0000000080), 0x0, 0x0)
r0 = syz_usb_connect$hid(0x0, 0x36, &(0x7f0000000040)=ANY=[@ANYBLOB="12010000000018105e04da0700000000000109022400010000000009040000090300000009210000000122220009058103"], 0x0)
syz_usb_control_io$hid(r0, 0x0, 0x0)
r1 = syz_open_dev$tty1(0xc, 0x4, 0x1)
ioctl$VT_OPENQRY(r1, 0x4b4c, &(0x7f0000000080))

6.74594666s ago: executing program 1 (id=3187):
r0 = syz_open_dev$usbfs(&(0x7f0000000240), 0xb, 0x101301)
r1 = socket$nl_netfilter(0x10, 0x3, 0xc)
sendmsg$NFT_BATCH(r1, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000200)={&(0x7f00000008c0)=ANY=[], 0x7c}, 0x1, 0x0, 0x0, 0x8040}, 0x0)
sendmsg$NFT_BATCH(r1, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000080)={&(0x7f0000000680)=ANY=[@ANYBLOB="14000000100001000000000000b890c1a000000a80000000160a01030000000000000000020000000900020073797a30000000000900010073797a30000000005400038008000240000000000800014000000000400003801400010076657468315f746f5f6272696467650014000100776732000000000000000000000000001400010076657468305f746f5f7465616d00000014000000110001"], 0xa8}}, 0x0)
sendmsg$NFT_BATCH(r1, &(0x7f0000000500)={0x0, 0x0, &(0x7f00000004c0)={&(0x7f00000002c0)={{0x14, 0x10, 0x1, 0x0, 0x0, {0x5}}, [@NFT_MSG_DELFLOWTABLE={0x48, 0x18, 0xa, 0x3, 0x0, 0x0, {0x2}, [@NFTA_FLOWTABLE_HOOK={0x1c, 0x3, 0x0, 0x1, [@NFTA_FLOWTABLE_HOOK_DEVS={0x18, 0x3, 0x0, 0x1, [{0x14, 0x1, 'wg2\x00'}]}]}, @NFTA_FLOWTABLE_NAME={0x9, 0x2, 'syz0\x00'}, @NFTA_FLOWTABLE_TABLE={0x9, 0x1, 'syz0\x00'}]}], {0x14, 0x11, 0x1, 0x0, 0x0, {0x3}}}, 0x70}, 0x1, 0x0, 0x0, 0x40000}, 0x20008000)
ioctl$USBDEVFS_IOCTL(r0, 0xc0105512, &(0x7f0000000200))
ioctl$USBDEVFS_IOCTL(r0, 0x80045505, &(0x7f0000000040)=@usbdevfs_connect)

6.295148699s ago: executing program 1 (id=3190):
r0 = socket$alg(0x26, 0x5, 0x0)
bind$alg(r0, &(0x7f00000004c0)={0x26, 'aead\x00', 0x0, 0x0, 'rfc4106(gcm(aes))\x00'}, 0x58)
socket$inet(0x2, 0x2, 0x1)
bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f00000003c0)={0x11, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x41000, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x26, 0x0, 0x0, 0x10, 0xfffffff6}, 0x94)
openat$binderfs(0xffffffffffffff9c, &(0x7f0000000380)='./binderfs/binder0\x00', 0x802, 0x0)
prlimit64(0x0, 0xe, &(0x7f0000000380)={0x8, 0x100008b}, 0x0)
sched_setscheduler(0x0, 0x1, &(0x7f0000000200)=0x6)
openat$sequencer(0xffffffffffffff9c, &(0x7f0000000300), 0x80200, 0x0)
r1 = syz_open_dev$sndmidi(&(0x7f00000004c0), 0x2, 0x141102)
writev(r1, &(0x7f0000000840)=[{&(0x7f00000002c0)="94", 0xf000}, {0x0}], 0x2)
socket$kcm(0x10, 0x2, 0x4)
r2 = add_key(&(0x7f0000000000)='big_key\x00', &(0x7f0000000280)={'syz', 0x1}, &(0x7f00000002c0)="1d", 0xfe3a, 0xfffffffffffffffe)
keyctl$read(0xb, r2, &(0x7f0000001300)=""/4096, 0xffffffffffffffd2)
r3 = syz_init_net_socket$bt_sco(0x1f, 0x5, 0x2)
bind$bt_sco(r3, 0x0, 0x0)
r4 = accept4(r3, 0x0, 0x0, 0x80800)
madvise(&(0x7f0000ffc000/0x2000)=nil, 0x2000, 0x0)
socket$nl_generic(0x10, 0x3, 0x10)
r5 = dup(0xffffffffffffffff)
ioctl$F2FS_IOC_GARBAGE_COLLECT(r4, 0x4004f506, &(0x7f0000000100))
ioctl$SNDRV_CTL_IOCTL_RAWMIDI_PREFER_SUBDEVICE(r5, 0x40045542, &(0x7f0000000140)=0x293c)

4.340798867s ago: executing program 1 (id=3192):
bpf$PROG_LOAD(0x5, 0x0, 0x0)
r0 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xb, &(0x7f0000000180)=ANY=[], &(0x7f0000000040)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000180)={&(0x7f0000000280)='virtio_transport_alloc_pkt\x00', r0}, 0x10)
r1 = socket$vsock_stream(0x28, 0x1, 0x0)
bind$vsock_stream(r1, &(0x7f0000000440), 0x10)
listen(r1, 0x0)
r2 = socket$vsock_stream(0x28, 0x1, 0x0)
connect$vsock_stream(r2, &(0x7f0000000000)={0x28, 0x0, 0x0, @local}, 0x10)
r3 = seccomp$SECCOMP_SET_MODE_FILTER_LISTENER(0x1, 0x0, &(0x7f0000000040)={0x1, &(0x7f0000000480)=[{0x6, 0x0, 0x0, 0x4}]})
syz_open_dev$sndctrl(0x0, 0x0, 0x0)
close_range(r3, 0xffffffffffffffff, 0x0)

4.234569264s ago: executing program 5 (id=3193):
socket$nl_generic(0x10, 0x3, 0x10)
ioctl$KDFONTOP_SET(0xffffffffffffffff, 0x4b72, &(0x7f0000000080)={0x0, 0x0, 0x8, 0x1b, 0x100, &(0x7f00000000c0)="387ed7626d850509a2d6c1aa38f15cd00f85c263cb226db671261fff7ce9c555f189afae3530db6dd493f28fd988721b9ae21b3e3b4523ae2594f47d8f62b480c4160b1f90ac9c41fae6ab12ac4c113fef588684ef495689092883b902a41cd75387ef6f7bc7d460d5e665f398ff95596dc94ec97003a3db08e500c2fb07e11aa4031a61c51caf7a65a2b613bda33f3eaeae635d7cd81761e74c38a7695800a15516eb337056e02335f9a7d10aa2eaf7beb7e1f7a1e850ecb3421143c5c4ded0f083a0c524dcf320827266819b6a952db5bc96141b26c54db857edbcbbc81c7af7aadf50bc549974b6401a19cdb130282b955592efa94242065a4c8d695a2cdd9ada350defd58c775b92d348305774d3a256c7520b285d8da0dbf5e20d604413ed2ddf9bcbf881caf811852806175d63892a15234fbcd7a88a2a0aea45d19148f0e7dada7d6d0d77881387fdeaa02863be90b88dfff412bff40c31c6415c54ae3335e54a49d315851feffe30d999c36def4df7df747695ef060000001bbe1b649f42f310859122c0d2c1e558dc6586958a28374f386ecf369274e43003a09b5159ea515eb44521901ef0d00baa91c10a8e44a76aac3468a15bd3d45ad389977467f306f9bcde071b30769795eed2f1580414d168f557cd90040c4bd2a3d6bc509254a12cece59181fcb5bad8c24bd9f8f78d17ab01831325501e80d899e9252f99d3a2666343392fda115048e4f4dd9f45657f8224fc78eb1168fe0527fac33466aadf48f16994d29a47778566e0f3945b2bf36b6eecc7fa18914beb66ac9e519bd3330000000000000009a3237aebbe3bed781e39d5a0fb0cdc60e196f2261305feb596b5b66ab89d2d6333f699b16db68986ab3eee7b199fefb5f79ffb2d1050e46982af1c14a88dd9b647ba812f56a8404755c73e74bb90e64bab9647c70ed5afca1c3d87907d14df8aa9df6f40a80ace2bb8a2aad3b0c66915927db4173181943d88c0c76d5969e2043db5bd77fd60ba0f012139929ccfec965c1f769785a4d23332d71f0875e3146afef5b20cc306d3ecee65944fe9829e0ad0c3f6bb2fdc1bc31152538db50f47dc38ba908a0d808687e478a609fe0daa0000000000000000e7f2e98597e27f3e1dba9c3c16e9fab3bda6ed33cb1c75513e2264b69d4794ded98eff9aa53d22eb77c9d93169c04ab2490bf28106f770e07eb7a9e8fd4e71929f918b98c4cbfcb11a90139264a9ee807c973167f493760278df0cc34be9e8f86f948d9a62e63ad6ca9d174d2465380b1a00ddc42915e4f3a5db640600000095a3d63904c9ecd1c313c08e29b814bd8fed1ab6d2846c73345962895d289ac77152cac2e04c93a5470774975b42091f218dd1e68a15f8226577bf9481ae0555db64a717eb23a811356d00000000ddffffff00"})
bpf$BPF_LINK_CREATE_XDP(0x1c, &(0x7f0000000480)={0xffffffffffffffff, 0x0, 0x25, 0x2, @val=@uprobe_multi={0x0, 0x0, 0x0, 0x7fff, 0x0, 0x1}}, 0x40)
r0 = openat$vhost_vsock(0xffffffffffffff9c, &(0x7f00000015c0), 0x2, 0x0)
ioctl$VHOST_SET_VRING_BASE(r0, 0xaf01, 0x0)
r1 = eventfd(0xfffffff9)
ioctl$VHOST_SET_LOG_FD(r0, 0x4004af07, &(0x7f0000000240)=r1)
ioctl$VHOST_SET_VRING_KICK(r0, 0x4008af20, &(0x7f0000000040)={0x1, r1})
ioctl$VHOST_SET_VRING_ADDR(r0, 0x4028af11, &(0x7f0000000140)={0x0, 0x0, 0x0, &(0x7f0000000500)=""/56, 0x0})
ioctl$VHOST_SET_VRING_ADDR(r0, 0x4028af11, &(0x7f0000000280)={0x1, 0x1, &(0x7f0000000380)=""/231, &(0x7f00000000c0)=""/87, &(0x7f0000000480)=""/70, 0x100000})
ioctl$VHOST_SET_MEM_TABLE(r0, 0x4008af03, &(0x7f0000000680)={0x1, 0x0, [{0x0, 0x73, &(0x7f00000001c0)=""/115}]})
ioctl$VHOST_VSOCK_SET_RUNNING(r0, 0x4004af61, &(0x7f0000000000)=0x1)

4.074712315s ago: executing program 4 (id=3194):
pipe(&(0x7f0000000140)={<r0=>0xffffffffffffffff, <r1=>0xffffffffffffffff})
write(r1, &(0x7f0000000340), 0x11000)
io_setup(0x3fc, &(0x7f0000000500))
sendmsg$IPCTNL_MSG_CT_GET_STATS_CPU(r1, &(0x7f00000001c0)={&(0x7f0000000080)={0x10, 0x0, 0x0, 0x100000}, 0xc, &(0x7f0000000180)={&(0x7f00000000c0)={0x14, 0x4, 0x1, 0x401, 0x0, 0x0, {0x5, 0x0, 0x3}, ["", ""]}, 0x14}, 0x1, 0x0, 0x0, 0x20000814}, 0x48880)
vmsplice(r0, &(0x7f0000000000)=[{&(0x7f0000000500), 0x3528a9c0}], 0x1, 0x0)
r2 = openat$procfs(0xffffffffffffff9c, &(0x7f0000000000)='/proc/partitions\x00', 0x0, 0x0)
r3 = openat$sysctl(0xffffffffffffff9c, &(0x7f0000000100)='/proc/sys/vm/drop_caches\x00', 0x1, 0x0)
r4 = openat$binderfs(0xffffffffffffff9c, &(0x7f0000000380)='./binderfs/binder0\x00', 0x802, 0x0)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
prlimit64(0x0, 0xe, &(0x7f0000000380)={0x8, 0x100008b}, 0x0)
sched_setscheduler(0x0, 0x1, &(0x7f0000000200)=0x5)
r5 = openat$sequencer(0xffffffffffffff9c, &(0x7f0000000300), 0x80200, 0x0)
r6 = syz_open_dev$sndmidi(&(0x7f00000004c0), 0x2, 0x141102)
fcntl$addseals(r4, 0x409, 0x9)
writev(r6, &(0x7f0000000840)=[{&(0x7f00000002c0)="94", 0xf000}, {0x0}], 0x2)
bpf$MAP_CREATE(0x0, &(0x7f0000000700)=ANY=[], 0x50)
bpf$MAP_CREATE_CONST_STR(0x0, &(0x7f0000004140)=ANY=[], 0x50)
bpf$BPF_BTF_LOAD(0x12, &(0x7f0000000280)={&(0x7f0000000000)={{0xeb9f, 0x1, 0x0, 0x18, 0x0, 0x24, 0x24, 0x2, [@struct={0x0, 0x1, 0x0, 0x4, 0x0, 0x8, [{0x0, 0x2, 0x3}]}, @ptr]}}, 0x0, 0x3e}, 0x28)
openat$qrtrtun(0xffffffffffffff9c, &(0x7f0000000080), 0x2)
getsockopt$IP_VS_SO_GET_TIMEOUT(0xffffffffffffffff, 0x0, 0x486, 0x0, &(0x7f0000000540))
bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000140)={0xd, 0x4, &(0x7f00000003c0)=ANY=[@ANYRES16=r5], &(0x7f00000000c0)='syzkaller\x00', 0x800, 0x0, 0x0, 0x0, 0x8, '\x00', 0x0, 0x24, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x8}, 0x94)
write$UHID_INPUT(0xffffffffffffffff, &(0x7f0000002080)={0xfc, {"a2336848149e516d4b5e071887f70e09d038e7ff7fc6e5539b0d500a8b089b3f383563030890e0879b0a71c6e70a9b334a959b669a242f0a0af3988f7ef319520100ffe8d178708c523c921b1b3e31070d0773090acd3b78130daa61d8e8040000005802b77f07227227b7ba67e0e78657a6f5c2a874e62a9ccdc0d31a0c9f318c0da1993bd160e233df4a62179c6f30e065cd5b91cd0ae193973735b36d5b1b63dd1c00305d3f46635eb016d5b1dda98e2d749be7bd1df1fb3b231fdcdb5075a9aaa1b469c3090000000000000075271b286329d169934288fd789aa37d6e98b224fd44b65b31334ffc55cc82cd3ac32ecdb08ced6f9081b4dd0d8b38f3cd4498bee800490841bdb114f6b76383709d8f5c55432a909fda039aec54a1236e80f6a8abadea7662496bddbb42be6bfb2f17959d1f416e56c71b1931870262f5e801119242ca026bfc821e7e7daf2451138e645bb80c617669314e2fbe70de98ec76a9e40dad47f36fd9f7d0d42a4b5f1185ccdcf16ff46295d8a0fa17713c5802630933a9a34af674f3f39fe23491237c08822dec110911e893d0a8c4f677747abc360934b82910ff85bfd995083bba2987a67399eac427d145d546a40b9f6ff14ac488ec130fb3850a27af9544ae15a7e454dea05918b41243513f000000000000000a3621c56cea8d20fa911a0c41db6ebe8cac64f17679141d54b34bbc9903f1d4ab966203861b5b15a841f2b575a8bd0d78248ebe4d9a80002695104f674c2431dca141fae269cab70e9a66f3c3a9a63e9639e1f59c0ede26c6b5d74b078a5e15c31634e5ae098ce9ee70771aaa18119a867e1088334975e9f73483b6a62fa678ca14ffd9f9db2a7869d85864056526f889af43a6056080572286522449df466c632b3570243f989cce7cd9f465e41e610c20d80421d653a5520000008213b704c7fb082ff27590678ef9f190bae97909507041d860420c5664b27921b14dc1db8892fd32d0ad7bc946813591ad8deff4b05f60cea0da7710ac0000000000008000bea37ce0d0d4aa202f928d28381aab144a5d429a04a6a2b83c7068ae949ed06e288e810bac9c76600025e19c907f8ea2e2010000008271a1f5f8528f227e79c1389dbdfffe492f21579d2c15b8c70cdb1c332d86d87341432750861ec2bc3451edca194b221cfec4603d276bbaa1dfa6d4fb8a48a76eafc9a9a0270e4c10d64cd5a62427264f2377fe763c43470833ac96c45f357cbbaba8f1b1fdcc7cbb61a7cdb9744ed7f9129aede2be21ccfdc4e9134f8684b3a4f354da9a795e96334e207dff70f1988037b2ed3aaf575c0b88d8f146684078416d59fdee5325928974d12dad99dac44c3f0008047096a44002bebc2420aed92fa9b6578b4779415d4ac01b75d5495c118045651cf41c2fc48b778efa5ea5677747430af4162b987b80c3e001cd34e5c92f76cc4c24eeb8bc4e9ac2aed9e53803ed0ca4ae3a9737d214060005ea6f1783e287b3bee96e3a726eafe2fdfaa78d1f48c13b64df07847754b8400daaa69bf5c8f4350aeae9ca1207e78283cd0b20ceb360c7e658828163e2d25c4aa348561f927e88f63aa70e73a5e69b3df3495903f06572e1e007fa55a2999f596d067312f5779e8dbfdcf3427138f3d444d2639a10477f9bec4b0bbb6e3c04be68981f392203dd0ee3ef478e16dacfc5e3e03cf7ab8e3902f1b0ff034ef655b253ca509383815b1b6fc6522d4e4fdc11a48cf42d48604675fde2b94cf00500a2690891abf8ab9c015073014d9e08d4338b8780bdecd436cf0541359bafffa45237f104b96210403b2de9efed496f2730d56bd068ed211cf847535edecb7b373f78b095b68441a34cb51682a8ae4d24ad0465f3927f889b81305c038e79a7962fb385a882e8020f06c4c2ba1dd5cac7c18876da865d258734dd73583df292892448039ef799cf0630becdcce04579b5561dc825ab829827945e020c1f67ee615feb6243378e0610060f02cca4e91b2f001edb3d78fb4b55668dda93aec92a5de203717aa49c2d284acfabe262fccfcbb2b75a2183c46eb65ca8104e1b4da7fbb77ab2fc043aead87c32ab875ee7c2e7b7019c982cd3b43eaeb1a5fb135c0c7dcee8fe6516a328032f88c042891824659e9e94265c803b35ee5f83a2b210520106b8a358b50ab7a1fa89af9c251fe5294b3d1802d5676d95f160ec97b1ad94872cb2044642c37b4a6cc6c04effc1672db7e4b68d787d9a7a508ae54b3cd7369dde50e8c77d95a3d361c040babb171607caac2a3559ad4f75465f49c0d0ae3716db6e00cb11db4a5fade2a57c10238e204a67737c3b42aae501b20f7694a00f16e2d0174035a2c22656dc29880acebdbe8ddbd75c2f998d8ac2dfad2ba3a504767b6b45a45957f24d758ed024b3849cd9c30e23ef4df5c89644f48bb536f7945b59d7bcddff754413d135273ea8e75f22f216c6b9990ae71806f2c00b4025c48b75c0f73cdb9a7b8fa367b50028067e7f16f4dd569d462f4f19eacdb3ed70eeebb4483f8fd777d443e8b40427db6fe29068c0ca3d2414442e8f3a154704b0e51bc664a137b26be719f4f7c9a5678a674dfc95df80b9ce375dd649c8c704e509bd88c8e63d8c7dd67071115c8982ba46af4d6adcc9f68a75b9397b035153faf46366e7205dd8d6f37525c1a0e94610dd94323f6c15d085197149bfd6655548cfd9c52c9711937f79abb1a124f1210465483cd3b2d78378cfb85ed82e7da0f6eb6d279f2ae455925d0f6f1ba571eba281f2a654fb39ddff3b484539ff158e7c5419e037f3e3ad038f2211f1033195563c7f93cd54b9094f226e783271e1e5a2a2c10712eab625d64931cd4ffe6738d97b9b5ef828ee9fb059fc01af0e79c1e14b1d25988c69a399567c1f93768f7971d31488b8658a20878b7c1dd7ba02fc42939dde3d4a3339a65d507dc59c51097b40517705da56e9ebf0afa53282bf86dbb58c548069ff6eb95aade7cc66d7bbef724779ca1f731b3346ff177050373d79ff7b3e7f9bc0c1b4b266a8878b90baaa039d3e3b63979ac3df6e6f4859afd50238c7547a39b60810938044ae185d2ba3e00a4e73676864ae090d81eaee5ee6cf1d0ab378dd4dd891e937c2ea5410e0513005000000000000003911fab964c271550027697b52160687461602f88df165d884b36ec2b6c25a2f33c715687e9d4afb8843dd014e5c5ad8fe995754bd9cf32fce1e31919c4b2082fb0a30b9deae84bed4b2804563407308c58c89d9e99c81769177e6d594f88a4facfd4c735a20307c737afa2d60399473296b831dbd933d93994ba3064279b10ea0c5833f41f157ea2302993dbe433b1aa3a3766d5439020484f4113c4c859465c3b415c3432f81db8719539d5bf372aaaea1cc43a6c5cbe59758bfee2916580dac4b008e595f437491d87abed02cefcd9db53d94d02daee67918e5d6787463373b4b87c9050000002f7809959bc048850613d17ca51055f2f416a44fe180d2d50c312cca7cb14a2bdc331f57a9817139a206fc76957227ffff2de20a4b8e3737fbb42913777c06376f799eba367e21f94ca598705f5dcb767d6f0900d6b0f6095e53c4c4234d0c1fbe434f6ab8f43c0013ee93b83946ee7759e89d7bdd1a32d7b311711b757fe43c06d21a35810d8fe98b27faea8aa12bc8716eefc5c97c45ac33eeec964c5214bc3a9359bdea1cccab94f15e36319cb34ebcacedb82c2ed3de5a8a8f0011e8f74e82d7f96093530e76692839d7961939adfdeeeaff19d11efcafb6d546fef271e89d6cc2389e81ff58cefcce3fbf4625a7e7de40e42e07b34449e15e065cc7340002000000000000f288a4510de03dab19d26285eda89156d50dd385a60333ba5bbf5d77cd7007ad1519ad5470de3dd6d6080cafccf8a97406bb6b68a1f0c4549820a73c880f475f732ae00398e8bd1f4108b7807fb33b72685ec37a2d3f766413a60459516246e5a1d998a2017aef0948a68cf255315ab80dd349e891aef595dc4d470e8ac32a308e15fc37d06aeac289c0523f483e1ff7408c6087f1ab652f2ef91d4f2b01987b0f46da034e080000007ee8101a3934c54e24b48ec0275e2d0687dc746b0827cbf652f406c6b95f2722e58c05f752ce2126596e1cd7655b904801784c416b22f73d324678e2724f43f1fe687c7e8a60c28b82b6528341b648cdd56fed7cdcbb1575912d5ecd36dea3bca0b7427d8392c6289455e8f8d2ab2242729251ae033a9e02210e62df0546a74b333a1c48f95fd54acb5741259e8c5488efeee327415cc19451432c6f14c27693102a3cd84857cd6586fc5ca9a93eb0145fac0662ff86107f998a8ef7df8aa14046c55b03d3d47f88a8d60f7774a2ee08758897fb411a94b3c2fc5d5f0db42c0456ec015f08e5247d33ae2d35603ff8454c16f8342856935125102bb784ed7148b6ce431b63ee356b0c785f2f47b90e29389f22fc5b59a70efaea2bd40195af4486220d702e30bfc43c10ec23ea6283994a7dde4dcb61fea6b651fb1d62458d0741a12830052fcc460db043afe525629b40d7cee458e4cb5e930ed624806c43a006e3933ed07c2b8081c128ad2706f48261ff07000000000000613bc18f5a38d442768af38041efe03d152ef95ff569e76db2391f4509d7f339d92fdb4a89364949da398000000000000000d80a4fe654578376e599aff3565b1d531f30912b9945030b81ea9935fd46edb44a78f615255490a4b621501f2a9e4d24624c4dac9274118c67584f5d374755534d7f68f679c4ff516a9c861a0e7e65868fcb2bf1cb9aea4e05df72279fdb0d2b9e935c5af3cf474bed79dfc248c1f5aea4b8b32c5d295e57079d0fe662a46b7f71cd47744db86c50b704c971d90295c7b2c7439a2d78ccfa79b5fc2bff6bbf840262bf89394b3e0691953264d2700c838fa2c7b3425260f59500000000004ca7c12f45858d6284ca6270d6b2f0e58fded8a7b4a302a97bc641df07720ba2b26bbfcc807ca0abb1b44322269c21c5ec68cb068ea88067d905ea917bb03eefdaebdeabf2d0dce80997c915c8949de992587c2cb5fe36d7d3e5db21b094b8b77940b5f07722e47a08d367e5f84c96ec664b72934b99b3109af65d77e86abd6859cddf4bbae1f0930462df15fddbc48562ea3511a8065ef028cf12f14dcf6ebecd8d884836174faf1aa609e5f1ee1162dfa13bdc1fa7cfaadba85c72e9758f03a755d0be53f8d2a1dfb1c68cc164b0a0780d971a96ea2c4d4ca0398c2235980a9307b3d5bd3b01faffd0a5dbed2881a9700af561ac8c6b00000000000000f96f06817fb903729a7db6ff957697c9ede7885d94ffb0969be0daf60af93109eb1dee72e4363f51af62af6fb2a6df3bec89822a7a0b678058fa3fef86faec216eb6992162f8dcbf719c148cd2f9c55f4901203a9a8a2c3e90f3943dbc10360a1a49700d1dfbf66d69f6fbaf506c8bcce8bb0d872a02238926407a4eddd5d0fc5a752f9000", 0x1000}}, 0x1006)
r7 = socket$inet_sctp(0x2, 0x5, 0x84)
r8 = fsopen(&(0x7f00000001c0)='ceph\x00', 0x0)
fsconfig$FSCONFIG_SET_STRING(r8, 0x1, &(0x7f00000000c0)='test_dummy_encryption', &(0x7f0000000180)='v1to_da_alloc', 0x0)
ioctl$sock_SIOCGIFINDEX(r7, 0x8933, &(0x7f0000000000)={'lo\x00', <r9=>0x0})
ioctl$BINDER_WRITE_READ(r4, 0xc0306201, &(0x7f0000000940)={0x14, 0x0, &(0x7f0000000400)=[@acquire_done={0x40106309, 0x3}], 0x31, 0x0, &(0x7f0000000440)="de8ee5ee379a99f63e6e8d7e8b36b8c06aae62ccf2ca6606dbc4956eddfacbbbbe8772a76655dd2ac5fbef870080a71635"})
sendmsg$nl_route(r1, &(0x7f0000000240)={0x0, 0x0, &(0x7f0000000340)={&(0x7f0000000280)=ANY=[@ANYRES8, @ANYRES32=r9, @ANYBLOB], 0x20}, 0x1, 0x0, 0x0, 0x40}, 0x2000c090)
sendfile(r3, r2, &(0x7f0000002080)=0x3a, 0x23b)

3.995015729s ago: executing program 3 (id=3195):
r0 = socket$inet(0x2, 0x1, 0x0)
getsockopt$EBT_SO_GET_ENTRIES(r0, 0x0, 0x81, &(0x7f00000001c0)={'nat\x00', 0x0, 0x0, 0x0, [0x4, 0x80, 0xffffffffffffffc0, 0xfff, 0xfffffffffffffff7, 0xd], 0x0, 0x0, 0x0}, &(0x7f0000000240)=0x108)

3.928741144s ago: executing program 3 (id=3196):
r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000100), 0x0, 0x0)
r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0)
ioctl$KVM_SET_USER_MEMORY_REGION(r1, 0x4020ae46, &(0x7f0000000400)={0x1fd, 0x1, 0x0, 0x2000, &(0x7f0000b07000/0x2000)=nil})
r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x1)
syz_clone(0x0, 0x0, 0x0, 0x0, 0x0, 0x0)
ioctl$KVM_RUN(r2, 0xae80, 0x0)

3.82703723s ago: executing program 5 (id=3197):
r0 = socket$alg(0x26, 0x5, 0x0)
bind$alg(r0, &(0x7f00000004c0)={0x26, 'skcipher\x00', 0x0, 0x0, 'ecb(camellia)\x00'}, 0x58)
setsockopt$ALG_SET_KEY(r0, 0x117, 0x1, &(0x7f0000000280)="ad56b6c5820fae9d6dcd3292ea54c7beef915d564c90c2", 0x17)
r1 = accept4(r0, 0x0, 0x0, 0x800)
sendmmsg$alg(r1, &(0x7f0000000800)=[{0x0, 0x0, &(0x7f0000001e80)=[{&(0x7f0000000340)="7d7a68e25d38566c61856d6817441a9caa9b23557af3d00f974cd91d1b33a9d6e17fd477051346d814913f8a3ef2e1a781a2bbfc8d55dca693d39139f04047784190d93b5301b4abe27c9242396d40a5c2b7789629214281c8e09a6c1f1e0db5d1e74e1f27a89b2c25c2316fcddc9ff2a71eceb3094ba465389e", 0x7a}, {&(0x7f0000000700)="ce2ede98d4bde4b9a7931c4e260090a647151bacb721146be7ff4494578b050dc8c56c1571aa57d0f79d3ce5cc42977a719f4a8c88be", 0x36}, {&(0x7f0000000600)="5fec9dec1e9d48e2b3a02e29dcaadb6d242c08b8b6e2a34dd08e48e3d32aa2bf0bd42348d6bf39fd7dac80fedaaab8ff4258ecbc4e025305fab94303f773d083bb47da24c3341e27416f38e3251fe082c8f8602308cd2f7dc846c93e62a8d53d22fcabce47b5531463290c970dccfaa7da3e4ee56136f44b991100e3db7c750c3ccb3e01d6598d53d05ca7503d7430f3ff2b79ab629faa1dfb2d0899dd807d28174305bd600e50112aa4d0ec230a89b3078bb60a198e5a7169d91005cda3fc9870956d72773bd7", 0xc7}, {&(0x7f0000002dc0)="c615271a9dc3c1d27eee864db95e0b71f8e4965515323d75357cb0914b03d9b18c63ca3692399e0aa8be01a5b9883f1e4830cd8b777bb75c27cba21f087b8a8a92bb4353b5e825f3837bfcce5681589bd0ce90380fed43b1ebc4d4c4e3efe4c1a60e3d56753ebac731ddf0a80a42e71cd2fa58a5779bd29d2b7e651566", 0x7d}, {&(0x7f0000000cc0)="bd6da0bd46a67e8c2a3d543a4fa450b226da5f9481ab800025ea23e9d7a56f521541e97d4f1d383676059f660d7f6a42753aeb13a396059e44891d630189c8bd6ea5c7afd6f58cb9f90be3d0c355d7002cad13dab28d84a19127cfea54a0ee6ff2f7de284e54b464e1799f9b67176e5e7af67eab6bade0c22808aa7121e3c7bec7415fb675ea9ea6c1d05f37802408f0690cd93fabe33479183113ffe63babd039dc34c0a0a87ecde8a2d020056439bebcc8c647c9073620a6216f840424a6e68337655b339fc5afe5e29da95e661fa97070a24a5e19aa9de6493308aadceb947f05c3fddc809fb53e69a5c65c2354dc3bbe4c0a0a94ff78f9cf35fbbf19da62ee4f15e836a3483174a40e02", 0x10c}], 0x5, 0x0, 0x0, 0x4001}], 0x1, 0x48800)
recvmsg(r1, &(0x7f00000005c0)={0x0, 0x0, &(0x7f00000001c0)=[{&(0x7f00000000c0)=""/81, 0x7ffff000}, {&(0x7f0000000200)=""/83, 0x20000253}], 0x2}, 0x0)

3.044773901s ago: executing program 1 (id=3198):
socketpair$unix(0x1, 0x2, 0x0, 0x0)
r0 = openat$nullb(0xffffffffffffff9c, &(0x7f0000000040), 0xa4242, 0x0)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0x7, 0x38011, r0, 0x0)
sendmmsg$unix(0xffffffffffffffff, &(0x7f0000000000), 0x400000000000041, 0x0)

2.867989073s ago: executing program 5 (id=3199):
r0 = openat$procfs(0xffffffffffffff9c, &(0x7f0000000000)='/proc/partitions\x00', 0x0, 0x0)
r1 = openat$sysctl(0xffffffffffffff9c, &(0x7f0000000100)='/proc/sys/vm/drop_caches\x00', 0x1, 0x0)
sendfile(r1, r0, &(0x7f0000002080)=0x3a, 0x23b)
write$uinput_user_dev(0xffffffffffffffff, &(0x7f0000000400)={'syz0\x00', {0x3, 0x2, 0x6, 0xfffa}, 0x3a, [0x8000, 0xc95a, 0xf, 0x8, 0x7fffffff, 0x2, 0x7, 0x7f, 0x20000006, 0x4d, 0x6, 0x5f, 0x9, 0x5, 0xffff2d37, 0xffffff01, 0x7, 0x3, 0x0, 0x5, 0x24, 0x1, 0x7, 0x3c5a, 0x1, 0x24, 0x6, 0x1, 0x5, 0xffffffff, 0xe661, 0x4, 0x7, 0x89d2, 0x8, 0x4c74, 0x80000000, 0x40000, 0x3, 0xe, 0x0, 0x80008071, 0x7, 0x17, 0xd, 0x407, 0x5, 0x3e, 0x8f, 0x4006, 0x6, 0x80000000, 0x0, 0x4, 0x8, 0x400, 0x80, 0x0, 0x4, 0x7, 0x8, 0x4, 0xfffffffe, 0x40], [0x10000007, 0xf0000000, 0x8000012f, 0x8004, 0x5, 0x6, 0x129432e6, 0xc8, 0xf9, 0xe, 0x2bf, 0x6c7, 0x9, 0xfffffffc, 0x3, 0x0, 0x0, 0x5, 0x2f, 0x10, 0x312, 0xd, 0xea4, 0xffffffff, 0x4, 0x7, 0x7fff, 0x5a7c, 0x420, 0x401, 0x6, 0x0, 0xff, 0x1, 0x1000005, 0x5f31, 0xd, 0x4e0, 0x2, 0x4, 0xb, 0x4, 0x20009, 0x8, 0x9, 0x9, 0x4a, 0x8000, 0x1, 0xfe000000, 0xffff, 0xfffffffe, 0x7, 0x9, 0x5, 0x3, 0x8, 0x1, 0x3, 0x6c0, 0xbc45, 0x48c93690, 0x42, 0x3], [0x7, 0x408, 0x8004, 0x5, 0xfffffffe, 0x100, 0x8d2, 0x9, 0x5, 0x7fff, 0x0, 0x5, 0xb, 0x4, 0x9, 0x5, 0x0, 0x1ef, 0x5, 0x8, 0x10000, 0x3, 0x5, 0x3e7, 0xb, 0x5, 0x2, 0x2, 0x3, 0x20000008, 0x4, 0x6d01, 0x6, 0x1, 0x800003, 0x200, 0x7e, 0x7, 0x4, 0x2950bfaf, 0xffe, 0xa2, 0x7, 0xa9, 0x5, 0x9, 0xac8, 0x2000bf, 0x2, 0x3, 0x7ff, 0x12b, 0x4, 0x1, 0x0, 0x0, 0x5, 0x1c, 0x120000, 0xffffff49, 0x2004, 0x80a2ed, 0x4, 0x25], [0x9, 0xbb33, 0x7, 0xb, 0x4, 0x938, 0x6, 0x6, 0x0, 0xb9, 0xce7, 0x9, 0x2, 0x57, 0x5, 0x3, 0x101, 0x10000, 0x4, 0x7fff, 0xffff, 0x2000a620, 0x2, 0x5, 0x1, 0x2, 0x5, 0xe7, 0x6, 0x16, 0xfffffffe, 0x80000003, 0x6, 0x1, 0xc8, 0x9, 0xfffff000, 0x10000, 0x3, 0x7e, 0xfd, 0x9602, 0x7, 0xaf, 0x8, 0x6, 0xffffffff, 0x5, 0x5, 0x8, 0x30b1d693, 0x5, 0xf40, 0x7, 0x1, 0x6c1b, 0x0, 0x4, 0x5, 0xb1e, 0xd7, 0x200, 0xffff3441, 0xfff]}, 0x45c)
ppoll(&(0x7f00000000c0)=[{}, {}], 0x20000000000000dc, 0x0, 0x0, 0x0)

2.864085543s ago: executing program 4 (id=3200):
r0 = syz_open_dev$usbfs(&(0x7f0000000240), 0xb, 0x101301)
ioctl$USBDEVFS_IOCTL(r0, 0xc0105512, &(0x7f0000000200))
ioctl$USBDEVFS_IOCTL(r0, 0x80045505, &(0x7f0000000040)=@usbdevfs_connect)
ioctl$USBDEVFS_SETCONFIGURATION(r0, 0x80045505, &(0x7f0000000000)=0x1)

2.785911148s ago: executing program 1 (id=3201):
r0 = socket$netlink(0x10, 0x3, 0x0)
ioctl$sock_SIOCGIFINDEX(r0, 0x8933, &(0x7f0000000080)={'bridge0\x00', <r1=>0x0})
sendmsg$nl_route(r0, &(0x7f0000000280)={0x0, 0x0, &(0x7f0000000100)={&(0x7f0000000000)=@bridge_delneigh={0x1c, 0x1d, 0xf07, 0x70bd28, 0x0, {0x7, 0x0, 0x0, r1, 0x1c, 0x10, 0xb}}, 0x1c}}, 0x0)

2.691987525s ago: executing program 3 (id=3202):
r0 = socket$alg(0x26, 0x5, 0x0)
bind$alg(r0, &(0x7f00000004c0)={0x26, 'aead\x00', 0x0, 0x0, 'rfc4106(gcm(aes))\x00'}, 0x58)
socket$inet(0x2, 0x2, 0x1)
bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f00000003c0)={0x11, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x41000, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x26, 0x0, 0x0, 0x10, 0xfffffff6}, 0x94)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
prlimit64(0x0, 0xe, &(0x7f0000000380)={0x8, 0x100008b}, 0x0)
sched_setscheduler(0x0, 0x1, &(0x7f0000000200)=0x6)
openat$sequencer(0xffffffffffffff9c, &(0x7f0000000300), 0x80200, 0x0)
r1 = syz_open_dev$sndmidi(&(0x7f00000004c0), 0x2, 0x141102)
writev(r1, &(0x7f0000000840)=[{&(0x7f00000002c0)="94", 0xf000}, {0x0}], 0x2)
socket$kcm(0x10, 0x2, 0x4)
r2 = add_key(&(0x7f0000000000)='big_key\x00', &(0x7f0000000280)={'syz', 0x1}, &(0x7f00000002c0)="1d", 0xfe3a, 0xfffffffffffffffe)
keyctl$read(0xb, r2, &(0x7f0000001300)=""/4096, 0xffffffffffffffd2)
r3 = syz_init_net_socket$bt_sco(0x1f, 0x5, 0x2)
bind$bt_sco(r3, 0x0, 0x0)
r4 = accept4(r3, 0x0, 0x0, 0x80800)
madvise(&(0x7f0000ffc000/0x2000)=nil, 0x2000, 0x0)
socket$nl_generic(0x10, 0x3, 0x10)
r5 = dup(0xffffffffffffffff)
ioctl$F2FS_IOC_GARBAGE_COLLECT(r4, 0x4004f506, &(0x7f0000000100))
ioctl$SNDRV_CTL_IOCTL_RAWMIDI_PREFER_SUBDEVICE(r5, 0x40045542, &(0x7f0000000140)=0x293c)

2.60127733s ago: executing program 4 (id=3203):
openat$rdma_cm(0xffffffffffffff9c, &(0x7f0000000000), 0x2, 0x0)
bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f00000003c0)={0x18, 0x10, &(0x7f00000000c0)=ANY=[], 0x0, 0x8, 0xba, &(0x7f0000000140)=""/186, 0x41000, 0x3, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x37}, 0x94)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000640)=0x6)
r0 = getpid()
sched_setscheduler(r0, 0x2, &(0x7f0000000200)=0x4)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0)
sched_setaffinity(0x0, 0x8, &(0x7f0000000280)=0x2)
connect$unix(0xffffffffffffffff, &(0x7f000057eff8)=@abs, 0x6e)
sendmmsg$unix(0xffffffffffffffff, &(0x7f00000bd000), 0xffffffffffffff2b, 0x0)
openat$rtc(0xffffffffffffff9c, &(0x7f00000000c0), 0x400, 0x0)
recvmmsg(0xffffffffffffffff, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
sched_setaffinity(0x0, 0x8, &(0x7f0000000280)=0x2)
mkdir(&(0x7f0000003a00)='./file0\x00', 0x0)
r1 = socket$inet6(0xa, 0x3, 0xa)
r2 = socket$xdp(0x2c, 0x3, 0x0)
mmap$xdp(&(0x7f0000002000/0x2000)=nil, 0x2000, 0x0, 0x11, r2, 0x0)
r3 = bpf$PROG_LOAD(0x5, &(0x7f0000000040)={0x6, 0x4, &(0x7f0000000000)=@framed={{0x18, 0x2, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x1}, [@call={0x85, 0x0, 0x0, 0x41}]}, &(0x7f00000001c0)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @xdp=0x25, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
bpf$BPF_PROG_TEST_RUN(0xa, &(0x7f0000000600)={r3, 0x0, 0x3100, 0x0, &(0x7f0000000140), 0x0, 0x1008, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x9}, 0x50)
setsockopt$inet6_int(r1, 0x29, 0x1000000000021, &(0x7f00000005c0)=0x7fff, 0x4)
socket(0x40000000002, 0x3, 0x6)
mount(0x0, &(0x7f0000000040)='./file0\x00', &(0x7f0000000180)='rpc_pipefs\x00', 0x0, 0x0)
r4 = socket$kcm(0x10, 0x2, 0x0)
sendmsg$inet(r4, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000000000)=[{&(0x7f00000001c0)="5c00000026006bab9a3fe3d86e17aa31106b876c1d0000007ea60864160af36504001a0038001d004231a0e69ee517d34460bc06000000a705251e6182949a3651f60a84c9f4d4938037e70e4509c5bb5b64f69853362ac3407173ec", 0x5c}], 0x1, 0x0, 0x0, 0x1f00c00e}, 0x4080)
recvmsg$kcm(r4, &(0x7f0000000940)={0x0, 0x0, 0x0}, 0x40000100)
umount2(&(0x7f0000000000)='./file0\x00', 0x0)
r5 = openat$ppp(0xffffffffffffff9c, &(0x7f0000000200), 0xc0200, 0x0)
ioctl$PPPIOCNEWUNIT(r5, 0xc004743e, &(0x7f0000000100)=0x2)

1.694398979s ago: executing program 1 (id=3204):
r0 = openat$procfs(0xffffffffffffff9c, &(0x7f00000001c0)='/proc/key-users\x00', 0x0, 0x0)
r1 = memfd_create(&(0x7f00000005c0)='\x00\xc76\xbe\x91\x8d\x182)!\x9a%\xa2\xd28\xd6\x06\a\x0e\xfc\xfe\x12\x8f&\x13\xae%@T\xa3\xb0>\\\xec\xa9\xf9Q@6A\x10\x8cn|\x00\x00\x00\x00\x00\x00\x00\x00\xeb0\xdd\xe8\x87\x05=\xfb\x8b$\xdcQ\xee\xc5\x1f\x8bQ\xf7fo\"i\xa1hk\x1d\xf5z\xc1\x7f\xa4\\]\xc4\xbe3\xf9\xa8\t?:\xd8\xda\x84\xeepI[\x1c\x00\x00\x00\x00\xf9v\x00\x00\x00\x00\x00T\xb6\xbe\x0f~\xc0\x92\xe9O{\xa8\x81(\x01\x14\xfc\x83\xf9\xfb\x05\x94Tr@Lq]\xf9\x15zj\x87\xc4\x8e\xe8/\xb9-&R\x8e\xb2\xb3bBx\x1e1\x18\x8f\x19\xf7]#\xed,\xc7\x11\tp\xf4\xa3\xee\xcb\xaf\xb3\xe3\'}\x18\xe8O\xa8#K\xb6\xe4U\x92\xd2\x99\xb8<X\xfa\xdd\x8a6\xa1\x82\xf7r\xd8z\x85\x8do\xa5\xed\xd4\xbc8\xfb\x16\x8e\x8b-W\xd4\xc9\xbc\x94CR[Du8U^\xf2tl8\xfe\xd0\x94\xfe\xf5\x1c+\x00U\te\xfa6\xca\xb9\xb4Q\xd9\xee\r6\x861h{\xc7z\'F\xc7\x91\x06x\xe1`\xf1:\xbd+\xd5\f\xb2\xce\xa4\x06\x90\x90\x9b\x1d\xcaa\xf7\x8f\x9e\x80\x93\xafT\xdfl\xec\xc6\x8e\x96\r[n\xc6\x99\x1fr<\x06\xb3\xbcT\x00\xda6\x18/\x18', 0x0)
ioctl$FS_IOC_RESVSP(r1, 0x402c5828, &(0x7f0000000000)={0x0, 0x0, 0x0, 0x100})
lseek(r1, 0x0, 0x3)
r2 = openat$ipvs(0xffffffffffffff9c, &(0x7f00000004c0)='/proc/sys/net/ipv4/vs/sync_qlen_max\x00', 0x2, 0x0)
syz_io_uring_setup(0x19ff, 0x0, &(0x7f0000000240), 0x0)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000740)={&(0x7f00000006c0)='sched_switch\x00'}, 0x10)
sendmsg$nl_route_sched(0xffffffffffffffff, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000000040)={&(0x7f00000000c0)=@newtaction={0xa4, 0x30, 0x1, 0x0, 0x0, {}, [{0x90, 0x1, [@m_ct={0x44, 0x2, 0x0, 0x0, {{0x7}, {0x1c, 0x2, 0x0, 0x1, [@TCA_CT_PARMS={0x18, 0x1, {0x9d, 0x11e41e7a, 0x20000000, 0x0, 0xf}}]}, {0x4}, {0xc, 0x7, {0x0, 0x1}}, {0xc, 0x8, {0x0, 0x1}}}}, @m_ife={0x48, 0x1, 0x0, 0x0, {{0x8}, {0x20, 0x2, 0x0, 0x1, [@TCA_IFE_PARMS={0x1c}]}, {0x4}, {0xc}, {0xc}}}]}]}, 0xa4}, 0x1, 0x0, 0x0, 0x804}, 0x0)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0)
sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x7)
r3 = getpid()
sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeef, 0x8031, 0xffffffffffffffff, 0x0)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000a00)={<r4=>0xffffffffffffffff, <r5=>0xffffffffffffffff})
connect$unix(r4, &(0x7f000057eff8)=@file={0x0, './file0\x00'}, 0x6e)
sendmmsg$unix(r5, &(0x7f0000000000), 0x400000000000041, 0x0)
sched_setaffinity(r3, 0x8, &(0x7f0000000240)=0x2)
recvmmsg(r4, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
bpf$MAP_CREATE(0x0, &(0x7f0000000300)=ANY=[@ANYBLOB="0a000000010000003f000000400000", @ANYRES32, @ANYBLOB='\x00'/20, @ANYRES32=0x0], 0x50)
r6 = bpf$BPF_BTF_LOAD(0x12, &(0x7f0000000380)={&(0x7f0000000080)=ANY=[@ANYBLOB="9feb010018000000000000001c0000001c00000003000000010000000000000e0200000000000000000000000000000504000000002e"], 0x0, 0x37}, 0x20)
bpf$MAP_CREATE(0x0, &(0x7f00000004c0)=@base={0x9, 0x4, 0x4, 0x7, 0x0, 0xffffffffffffffff, 0x0, '\x00', 0x0, r6, 0x10000002, 0x1001}, 0x50)
bpf$BPF_GET_PROG_INFO(0xf, &(0x7f0000000700)={0xffffffffffffffff, 0xe0, &(0x7f0000000780)={0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x5, &(0x7f00000001c0)=[0x0, 0x0, 0x0, 0x0, 0x0], ""/16, 0x0, 0x0, 0x0, 0x0, 0x6, 0x1, &(0x7f0000000280)=[0x0, 0x0, 0x0, 0x0, 0x0, 0x0], &(0x7f00000003c0)=[0x0], 0x0, 0xa7, &(0x7f0000000400)=[{}, {}], 0x10, 0x10, &(0x7f0000000600), &(0x7f0000000640), 0x8, 0x9, 0x8, 0x8, &(0x7f0000000680)}}, 0x10)
r7 = openat$ipvs(0xffffffffffffff9c, &(0x7f0000000000)='/proc/sys/net/ipv4/vs/secure_tcp\x00', 0x2, 0x0)
write$cgroup_int(r7, &(0x7f0000000040)=0x3, 0x12)
sendfile(r2, r0, &(0x7f0000000000)=0x9, 0x3fffff)

1.581485357s ago: executing program 5 (id=3205):
timer_create(0x0, &(0x7f00000000c0)={0x0, 0x21, 0x2, @thr={0x0, 0x0}}, 0x0)
fcntl$lock(0xffffffffffffffff, 0x24, &(0x7f0000000040)={0x0, 0x0, 0x10001, 0x5})
mprotect(&(0x7f0000000000/0xf000)=nil, 0xf000, 0x1)
timer_settime(0x0, 0x1, &(0x7f0000000040)={{}, {0x0, 0x989680}}, 0x0)
mmap(&(0x7f0000000000/0x200000)=nil, 0x200000, 0x300000b, 0x204031, 0xffffffffffffffff, 0xec776000)
r0 = syz_open_dev$tty20(0xc, 0x4, 0x1)
ioctl$TIOCSTI(r0, 0x5412, &(0x7f0000000100)=0x13)
ioctl$TIOCSTI(r0, 0x5412, &(0x7f0000000000)=0xd)
writev(r0, &(0x7f00000000c0)=[{&(0x7f0000000080)="bd", 0x1}], 0x1)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x3000)

1.580798457s ago: executing program 3 (id=3206):
openat$kvm(0xffffffffffffff9c, &(0x7f0000000080), 0x0, 0x0)
r0 = syz_usb_connect$hid(0x0, 0x36, &(0x7f0000000040)=ANY=[@ANYBLOB="12010000000018105e04da0700000000000109022400010000000009040000090300000009210000000122220009058103"], 0x0)
syz_usb_control_io$hid(r0, 0x0, 0x0)
r1 = syz_open_dev$tty1(0xc, 0x4, 0x1)
ioctl$VT_OPENQRY(r1, 0x4b4c, &(0x7f0000000080))

1.285092576s ago: executing program 4 (id=3207):
bpf$PROG_LOAD(0x5, 0x0, 0x0)
r0 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xb, &(0x7f0000000180)=ANY=[], &(0x7f0000000040)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000180)={&(0x7f0000000280)='virtio_transport_alloc_pkt\x00', r0}, 0x10)
r1 = socket$vsock_stream(0x28, 0x1, 0x0)
bind$vsock_stream(r1, &(0x7f0000000440), 0x10)
listen(r1, 0x0)
r2 = socket$vsock_stream(0x28, 0x1, 0x0)
connect$vsock_stream(r2, &(0x7f0000000000)={0x28, 0x0, 0x0, @local}, 0x10)
r3 = seccomp$SECCOMP_SET_MODE_FILTER_LISTENER(0x1, 0x0, &(0x7f0000000040)={0x1, &(0x7f0000000480)=[{0x6, 0x0, 0x0, 0x4}]})
syz_open_dev$sndctrl(0x0, 0x0, 0x0)
close_range(r3, 0xffffffffffffffff, 0x0)

397.927314ms ago: executing program 5 (id=3208):
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x1, 0x0)
sendmsg$nl_route_sched(0xffffffffffffffff, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000000040)={&(0x7f00000000c0)=@newtaction={0xa4, 0x30, 0x1, 0x0, 0x0, {}, [{0x90, 0x1, [@m_ct={0x44, 0x2, 0x0, 0x0, {{0x7}, {0x1c, 0x2, 0x0, 0x1, [@TCA_CT_PARMS={0x18, 0x1, {0xe4b, 0x11e41e7a, 0x20000000, 0x3, 0xf}}]}, {0x4}, {0xc, 0x7, {0x1, 0x1}}, {0xc, 0x8, {0x0, 0x1}}}}, @m_ife={0x48, 0x1, 0x0, 0x0, {{0x8}, {0x20, 0x2, 0x0, 0x1, [@TCA_IFE_PARMS={0x1c}]}, {0x4}, {0xc}, {0xc, 0x8, {0x0, 0x2}}}}]}]}, 0xa4}, 0x1, 0x0, 0x0, 0x804}, 0x0)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000380)=0x34)
r0 = getpid()
sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeef, 0x8031, 0xffffffffffffffff, 0x0)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={<r1=>0xffffffffffffffff, <r2=>0xffffffffffffffff})
connect$unix(r1, &(0x7f000057eff8)=@file={0x0, './file0\x00'}, 0x6e)
sendmmsg$unix(r2, &(0x7f0000000000), 0x400000000000041, 0x0)
sched_setaffinity(r0, 0x8, &(0x7f0000000240)=0x2)
recvmmsg(r1, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
r3 = socket$rxrpc(0x21, 0x2, 0xa)
ioctl$sock_SIOCGIFINDEX(r3, 0x8933, 0x0)
r4 = bpf$PROG_LOAD(0x5, &(0x7f00000003c0)={0x11, 0xb, &(0x7f0000000280)=ANY=[], &(0x7f0000000300)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x4, '\x00', 0x0, @fallback=0xb, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000180)={&(0x7f0000000080)='sched_switch\x00', r4}, 0x10)
r5 = syz_init_net_socket$bt_l2cap(0x1f, 0x2, 0x0)
connect$bt_l2cap(r5, &(0x7f0000000080)={0x1f, 0x0, @fixed={'\xaa\xaa\xaa\xaa\xaa', 0x10}, 0x7ff}, 0xe)
r6 = syz_init_net_socket$bt_hidp(0x1f, 0x3, 0x6)
ioctl$sock_bt_hidp_HIDPCONNADD(r6, 0x400448c8, &(0x7f0000000340)={r5, r5, 0x8, 0x0, 0x0, 0x9, 0x1, 0xc45, 0x1012, 0xc7, 0x2, 0x7, 'syz0\x00'})
setsockopt$inet6_IPV6_FLOWLABEL_MGR(0xffffffffffffffff, 0x29, 0x20, &(0x7f0000000180)={@private2, 0x800, 0x0, 0x2, 0x1}, 0x20)
r7 = socket$nl_route(0x10, 0x3, 0x0)
get_mempolicy(0x0, 0x0, 0x73e, &(0x7f0000419000/0x8000)=nil, 0x3)
r8 = socket$inet6_sctp(0xa, 0x1, 0x84)
ioctl$sock_SIOCGIFINDEX(r8, 0x8933, &(0x7f0000000000)={'veth1_vlan\x00', <r9=>0x0})
r10 = socket$nl_netfilter(0x10, 0x3, 0xc)
sendmsg$NFT_BATCH(r10, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000000140)={&(0x7f0000000340)=ANY=[@ANYBLOB="140000001000010000000000000000000000000a28000000000a0101000000005e1affd5020000000900010073797a300000000008000240000000032c000000030a01030000e6ff00000000020000000900010073797a30000000000900030073797a320000000014000000110001"], 0x7c}}, 0x10)
sendmsg$NFT_BATCH(r10, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000040)={0x0}}, 0x0)
sendmsg$nl_route_sched(r7, &(0x7f00000003c0)={0x0, 0x0, &(0x7f00000001c0)={&(0x7f0000000140)=@getchain={0x24, 0x11, 0x839, 0x70bd28, 0x0, {0x0, 0x0, 0x0, r9, {0x1, 0x6}, {0xd}, {0x11, 0xfff1}}}, 0x24}, 0x1, 0x0, 0x0, 0x84}, 0x0)

271.019482ms ago: executing program 4 (id=3209):
r0 = socket$alg(0x26, 0x5, 0x0)
bind$alg(r0, &(0x7f00000004c0)={0x26, 'skcipher\x00', 0x0, 0x0, 'ecb(camellia)\x00'}, 0x58)
setsockopt$ALG_SET_KEY(r0, 0x117, 0x1, &(0x7f0000000280)="ad56b6c5820fae9d6dcd3292ea54c7beef915d564c90c2", 0x17)
r1 = accept4(r0, 0x0, 0x0, 0x800)
sendmmsg$alg(r1, &(0x7f0000000800)=[{0x0, 0x0, &(0x7f0000001e80)=[{&(0x7f0000000340)="7d7a68e25d38566c61856d6817441a9caa9b23557af3d00f974cd91d1b33a9d6e17fd477051346d814913f8a3ef2e1a781a2bbfc8d55dca693d39139f04047784190d93b5301b4abe27c9242396d40a5c2b7789629214281c8e09a6c1f1e0db5d1e74e1f27a89b2c25c2316fcddc9ff2a71eceb3094ba465389e", 0x7a}, {&(0x7f0000000700)="ce2ede98d4bde4b9a7931c4e260090a647151bacb721146be7ff4494578b050dc8c56c1571aa57d0f79d3ce5cc42977a719f4a8c88be", 0x36}, {&(0x7f0000000600)="5fec9dec1e9d48e2b3a02e29dcaadb6d242c08b8b6e2a34dd08e48e3d32aa2bf0bd42348d6bf39fd7dac80fedaaab8ff4258ecbc4e025305fab94303f773d083bb47da24c3341e27416f38e3251fe082c8f8602308cd2f7dc846c93e62a8d53d22fcabce47b5531463290c970dccfaa7da3e4ee56136f44b991100e3db7c750c3ccb3e01d6598d53d05ca7503d7430f3ff2b79ab629faa1dfb2d0899dd807d28174305bd600e50112aa4d0ec230a89b3078bb60a198e5a7169d91005cda3fc9870956d72773bd7", 0xc7}, {&(0x7f0000002dc0)="c615271a9dc3c1d27eee864db95e0b71f8e4965515323d75357cb0914b03d9b18c63ca3692399e0aa8be01a5b9883f1e4830cd8b777bb75c27cba21f087b8a8a92bb4353b5e825f3837bfcce5681589bd0ce90380fed43b1ebc4d4c4e3efe4c1a60e3d56753ebac731ddf0a80a42e71cd2fa58a5779bd29d2b7e651566", 0x7d}, {&(0x7f0000000cc0)="bd6da0bd46a67e8c2a3d543a4fa450b226da5f9481ab800025ea23e9d7a56f521541e97d4f1d383676059f660d7f6a42753aeb13a396059e44891d630189c8bd6ea5c7afd6f58cb9f90be3d0c355d7002cad13dab28d84a19127cfea54a0ee6ff2f7de284e54b464e1799f9b67176e5e7af67eab6bade0c22808aa7121e3c7bec7415fb675ea9ea6c1d05f37802408f0690cd93fabe33479183113ffe63babd039dc34c0a0a87ecde8a2d020056439bebcc8c647c9073620a6216f840424a6e68337655b339fc5afe5e29da95e661fa97070a24a5e19aa9de6493308aadceb947f05c3fddc809fb53e69a5c65c2354dc3bbe4c0a0a94ff78f9cf35fbbf19da62ee4f15e836a3483174a40e02", 0x10c}], 0x5, 0x0, 0x0, 0x4001}], 0x1, 0x48800)
recvmsg(r1, &(0x7f00000005c0)={0x0, 0x0, &(0x7f00000001c0)=[{&(0x7f00000000c0)=""/81, 0x7ffff000}, {&(0x7f0000000200)=""/83, 0x20000253}], 0x2}, 0x0)

0s ago: executing program 4 (id=3210):
pipe(&(0x7f0000000140)={<r0=>0xffffffffffffffff, <r1=>0xffffffffffffffff})
write(r1, &(0x7f0000000340), 0x11000)
io_submit(0x0, 0x1, &(0x7f0000000040)=[&(0x7f0000000100)={0x0, 0x0, 0x0, 0x5, 0x0, r1, 0x0}])
sendmsg$IPCTNL_MSG_CT_GET_STATS_CPU(r1, &(0x7f00000001c0)={&(0x7f0000000080)={0x10, 0x0, 0x0, 0x100000}, 0xc, &(0x7f0000000180)={&(0x7f00000000c0)={0x14, 0x4, 0x1, 0x401, 0x0, 0x0, {0x5, 0x0, 0x3}, ["", ""]}, 0x14}, 0x1, 0x0, 0x0, 0x20000814}, 0x48880)
vmsplice(r0, &(0x7f0000000000)=[{&(0x7f0000000500), 0x3528a9c0}], 0x1, 0x0)
r2 = openat$procfs(0xffffffffffffff9c, &(0x7f0000000000)='/proc/partitions\x00', 0x0, 0x0)
r3 = openat$sysctl(0xffffffffffffff9c, &(0x7f0000000100)='/proc/sys/vm/drop_caches\x00', 0x1, 0x0)
r4 = openat$binderfs(0xffffffffffffff9c, &(0x7f0000000380)='./binderfs/binder0\x00', 0x802, 0x0)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
prlimit64(0x0, 0xe, &(0x7f0000000380)={0x8, 0x100008b}, 0x0)
sched_setscheduler(0x0, 0x1, &(0x7f0000000200)=0x5)
r5 = openat$sequencer(0xffffffffffffff9c, &(0x7f0000000300), 0x80200, 0x0)
r6 = syz_open_dev$sndmidi(&(0x7f00000004c0), 0x2, 0x141102)
fcntl$addseals(r4, 0x409, 0x9)
writev(r6, &(0x7f0000000840)=[{&(0x7f00000002c0)="94", 0xf000}, {0x0}], 0x2)
bpf$MAP_CREATE(0x0, &(0x7f0000000700)=ANY=[], 0x50)
bpf$MAP_CREATE_CONST_STR(0x0, &(0x7f0000004140)=ANY=[], 0x50)
bpf$BPF_BTF_LOAD(0x12, &(0x7f0000000280)={&(0x7f0000000000)={{0xeb9f, 0x1, 0x0, 0x18, 0x0, 0x24, 0x24, 0x2, [@struct={0x0, 0x1, 0x0, 0x4, 0x0, 0x8, [{0x0, 0x2, 0x3}]}, @ptr]}}, 0x0, 0x3e}, 0x28)
openat$qrtrtun(0xffffffffffffff9c, &(0x7f0000000080), 0x2)
getsockopt$IP_VS_SO_GET_TIMEOUT(0xffffffffffffffff, 0x0, 0x486, 0x0, &(0x7f0000000540))
bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000140)={0xd, 0x4, &(0x7f00000003c0)=ANY=[@ANYRES16=r5], &(0x7f00000000c0)='syzkaller\x00', 0x800, 0x0, 0x0, 0x0, 0x8, '\x00', 0x0, 0x24, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x8}, 0x94)
write$UHID_INPUT(0xffffffffffffffff, &(0x7f0000002080)={0xfc, {"a2336848149e516d4b5e071887f70e09d038e7ff7fc6e5539b0d500a8b089b3f383563030890e0879b0a71c6e70a9b334a959b669a242f0a0af3988f7ef319520100ffe8d178708c523c921b1b3e31070d0773090acd3b78130daa61d8e8040000005802b77f07227227b7ba67e0e78657a6f5c2a874e62a9ccdc0d31a0c9f318c0da1993bd160e233df4a62179c6f30e065cd5b91cd0ae193973735b36d5b1b63dd1c00305d3f46635eb016d5b1dda98e2d749be7bd1df1fb3b231fdcdb5075a9aaa1b469c3090000000000000075271b286329d169934288fd789aa37d6e98b224fd44b65b31334ffc55cc82cd3ac32ecdb08ced6f9081b4dd0d8b38f3cd4498bee800490841bdb114f6b76383709d8f5c55432a909fda039aec54a1236e80f6a8abadea7662496bddbb42be6bfb2f17959d1f416e56c71b1931870262f5e801119242ca026bfc821e7e7daf2451138e645bb80c617669314e2fbe70de98ec76a9e40dad47f36fd9f7d0d42a4b5f1185ccdcf16ff46295d8a0fa17713c5802630933a9a34af674f3f39fe23491237c08822dec110911e893d0a8c4f677747abc360934b82910ff85bfd995083bba2987a67399eac427d145d546a40b9f6ff14ac488ec130fb3850a27af9544ae15a7e454dea05918b41243513f000000000000000a3621c56cea8d20fa911a0c41db6ebe8cac64f17679141d54b34bbc9903f1d4ab966203861b5b15a841f2b575a8bd0d78248ebe4d9a80002695104f674c2431dca141fae269cab70e9a66f3c3a9a63e9639e1f59c0ede26c6b5d74b078a5e15c31634e5ae098ce9ee70771aaa18119a867e1088334975e9f73483b6a62fa678ca14ffd9f9db2a7869d85864056526f889af43a6056080572286522449df466c632b3570243f989cce7cd9f465e41e610c20d80421d653a5520000008213b704c7fb082ff27590678ef9f190bae97909507041d860420c5664b27921b14dc1db8892fd32d0ad7bc946813591ad8deff4b05f60cea0da7710ac0000000000008000bea37ce0d0d4aa202f928d28381aab144a5d429a04a6a2b83c7068ae949ed06e288e810bac9c76600025e19c907f8ea2e2010000008271a1f5f8528f227e79c1389dbdfffe492f21579d2c15b8c70cdb1c332d86d87341432750861ec2bc3451edca194b221cfec4603d276bbaa1dfa6d4fb8a48a76eafc9a9a0270e4c10d64cd5a62427264f2377fe763c43470833ac96c45f357cbbaba8f1b1fdcc7cbb61a7cdb9744ed7f9129aede2be21ccfdc4e9134f8684b3a4f354da9a795e96334e207dff70f1988037b2ed3aaf575c0b88d8f146684078416d59fdee5325928974d12dad99dac44c3f0008047096a44002bebc2420aed92fa9b6578b4779415d4ac01b75d5495c118045651cf41c2fc48b778efa5ea5677747430af4162b987b80c3e001cd34e5c92f76cc4c24eeb8bc4e9ac2aed9e53803ed0ca4ae3a9737d214060005ea6f1783e287b3bee96e3a726eafe2fdfaa78d1f48c13b64df07847754b8400daaa69bf5c8f4350aeae9ca1207e78283cd0b20ceb360c7e658828163e2d25c4aa348561f927e88f63aa70e73a5e69b3df3495903f06572e1e007fa55a2999f596d067312f5779e8dbfdcf3427138f3d444d2639a10477f9bec4b0bbb6e3c04be68981f392203dd0ee3ef478e16dacfc5e3e03cf7ab8e3902f1b0ff034ef655b253ca509383815b1b6fc6522d4e4fdc11a48cf42d48604675fde2b94cf00500a2690891abf8ab9c015073014d9e08d4338b8780bdecd436cf0541359bafffa45237f104b96210403b2de9efed496f2730d56bd068ed211cf847535edecb7b373f78b095b68441a34cb51682a8ae4d24ad0465f3927f889b81305c038e79a7962fb385a882e8020f06c4c2ba1dd5cac7c18876da865d258734dd73583df292892448039ef799cf0630becdcce04579b5561dc825ab829827945e020c1f67ee615feb6243378e0610060f02cca4e91b2f001edb3d78fb4b55668dda93aec92a5de203717aa49c2d284acfabe262fccfcbb2b75a2183c46eb65ca8104e1b4da7fbb77ab2fc043aead87c32ab875ee7c2e7b7019c982cd3b43eaeb1a5fb135c0c7dcee8fe6516a328032f88c042891824659e9e94265c803b35ee5f83a2b210520106b8a358b50ab7a1fa89af9c251fe5294b3d1802d5676d95f160ec97b1ad94872cb2044642c37b4a6cc6c04effc1672db7e4b68d787d9a7a508ae54b3cd7369dde50e8c77d95a3d361c040babb171607caac2a3559ad4f75465f49c0d0ae3716db6e00cb11db4a5fade2a57c10238e204a67737c3b42aae501b20f7694a00f16e2d0174035a2c22656dc29880acebdbe8ddbd75c2f998d8ac2dfad2ba3a504767b6b45a45957f24d758ed024b3849cd9c30e23ef4df5c89644f48bb536f7945b59d7bcddff754413d135273ea8e75f22f216c6b9990ae71806f2c00b4025c48b75c0f73cdb9a7b8fa367b50028067e7f16f4dd569d462f4f19eacdb3ed70eeebb4483f8fd777d443e8b40427db6fe29068c0ca3d2414442e8f3a154704b0e51bc664a137b26be719f4f7c9a5678a674dfc95df80b9ce375dd649c8c704e509bd88c8e63d8c7dd67071115c8982ba46af4d6adcc9f68a75b9397b035153faf46366e7205dd8d6f37525c1a0e94610dd94323f6c15d085197149bfd6655548cfd9c52c9711937f79abb1a124f1210465483cd3b2d78378cfb85ed82e7da0f6eb6d279f2ae455925d0f6f1ba571eba281f2a654fb39ddff3b484539ff158e7c5419e037f3e3ad038f2211f1033195563c7f93cd54b9094f226e783271e1e5a2a2c10712eab625d64931cd4ffe6738d97b9b5ef828ee9fb059fc01af0e79c1e14b1d25988c69a399567c1f93768f7971d31488b8658a20878b7c1dd7ba02fc42939dde3d4a3339a65d507dc59c51097b40517705da56e9ebf0afa53282bf86dbb58c548069ff6eb95aade7cc66d7bbef724779ca1f731b3346ff177050373d79ff7b3e7f9bc0c1b4b266a8878b90baaa039d3e3b63979ac3df6e6f4859afd50238c7547a39b60810938044ae185d2ba3e00a4e73676864ae090d81eaee5ee6cf1d0ab378dd4dd891e937c2ea5410e0513005000000000000003911fab964c271550027697b52160687461602f88df165d884b36ec2b6c25a2f33c715687e9d4afb8843dd014e5c5ad8fe995754bd9cf32fce1e31919c4b2082fb0a30b9deae84bed4b2804563407308c58c89d9e99c81769177e6d594f88a4facfd4c735a20307c737afa2d60399473296b831dbd933d93994ba3064279b10ea0c5833f41f157ea2302993dbe433b1aa3a3766d5439020484f4113c4c859465c3b415c3432f81db8719539d5bf372aaaea1cc43a6c5cbe59758bfee2916580dac4b008e595f437491d87abed02cefcd9db53d94d02daee67918e5d6787463373b4b87c9050000002f7809959bc048850613d17ca51055f2f416a44fe180d2d50c312cca7cb14a2bdc331f57a9817139a206fc76957227ffff2de20a4b8e3737fbb42913777c06376f799eba367e21f94ca598705f5dcb767d6f0900d6b0f6095e53c4c4234d0c1fbe434f6ab8f43c0013ee93b83946ee7759e89d7bdd1a32d7b311711b757fe43c06d21a35810d8fe98b27faea8aa12bc8716eefc5c97c45ac33eeec964c5214bc3a9359bdea1cccab94f15e36319cb34ebcacedb82c2ed3de5a8a8f0011e8f74e82d7f96093530e76692839d7961939adfdeeeaff19d11efcafb6d546fef271e89d6cc2389e81ff58cefcce3fbf4625a7e7de40e42e07b34449e15e065cc7340002000000000000f288a4510de03dab19d26285eda89156d50dd385a60333ba5bbf5d77cd7007ad1519ad5470de3dd6d6080cafccf8a97406bb6b68a1f0c4549820a73c880f475f732ae00398e8bd1f4108b7807fb33b72685ec37a2d3f766413a60459516246e5a1d998a2017aef0948a68cf255315ab80dd349e891aef595dc4d470e8ac32a308e15fc37d06aeac289c0523f483e1ff7408c6087f1ab652f2ef91d4f2b01987b0f46da034e080000007ee8101a3934c54e24b48ec0275e2d0687dc746b0827cbf652f406c6b95f2722e58c05f752ce2126596e1cd7655b904801784c416b22f73d324678e2724f43f1fe687c7e8a60c28b82b6528341b648cdd56fed7cdcbb1575912d5ecd36dea3bca0b7427d8392c6289455e8f8d2ab2242729251ae033a9e02210e62df0546a74b333a1c48f95fd54acb5741259e8c5488efeee327415cc19451432c6f14c27693102a3cd84857cd6586fc5ca9a93eb0145fac0662ff86107f998a8ef7df8aa14046c55b03d3d47f88a8d60f7774a2ee08758897fb411a94b3c2fc5d5f0db42c0456ec015f08e5247d33ae2d35603ff8454c16f8342856935125102bb784ed7148b6ce431b63ee356b0c785f2f47b90e29389f22fc5b59a70efaea2bd40195af4486220d702e30bfc43c10ec23ea6283994a7dde4dcb61fea6b651fb1d62458d0741a12830052fcc460db043afe525629b40d7cee458e4cb5e930ed624806c43a006e3933ed07c2b8081c128ad2706f48261ff07000000000000613bc18f5a38d442768af38041efe03d152ef95ff569e76db2391f4509d7f339d92fdb4a89364949da398000000000000000d80a4fe654578376e599aff3565b1d531f30912b9945030b81ea9935fd46edb44a78f615255490a4b621501f2a9e4d24624c4dac9274118c67584f5d374755534d7f68f679c4ff516a9c861a0e7e65868fcb2bf1cb9aea4e05df72279fdb0d2b9e935c5af3cf474bed79dfc248c1f5aea4b8b32c5d295e57079d0fe662a46b7f71cd47744db86c50b704c971d90295c7b2c7439a2d78ccfa79b5fc2bff6bbf840262bf89394b3e0691953264d2700c838fa2c7b3425260f59500000000004ca7c12f45858d6284ca6270d6b2f0e58fded8a7b4a302a97bc641df07720ba2b26bbfcc807ca0abb1b44322269c21c5ec68cb068ea88067d905ea917bb03eefdaebdeabf2d0dce80997c915c8949de992587c2cb5fe36d7d3e5db21b094b8b77940b5f07722e47a08d367e5f84c96ec664b72934b99b3109af65d77e86abd6859cddf4bbae1f0930462df15fddbc48562ea3511a8065ef028cf12f14dcf6ebecd8d884836174faf1aa609e5f1ee1162dfa13bdc1fa7cfaadba85c72e9758f03a755d0be53f8d2a1dfb1c68cc164b0a0780d971a96ea2c4d4ca0398c2235980a9307b3d5bd3b01faffd0a5dbed2881a9700af561ac8c6b00000000000000f96f06817fb903729a7db6ff957697c9ede7885d94ffb0969be0daf60af93109eb1dee72e4363f51af62af6fb2a6df3bec89822a7a0b678058fa3fef86faec216eb6992162f8dcbf719c148cd2f9c55f4901203a9a8a2c3e90f3943dbc10360a1a49700d1dfbf66d69f6fbaf506c8bcce8bb0d872a02238926407a4eddd5d0fc5a752f9000", 0x1000}}, 0x1006)
r7 = socket$inet_sctp(0x2, 0x5, 0x84)
r8 = fsopen(&(0x7f00000001c0)='ceph\x00', 0x0)
fsconfig$FSCONFIG_SET_STRING(r8, 0x1, &(0x7f00000000c0)='test_dummy_encryption', &(0x7f0000000180)='v1to_da_alloc', 0x0)
ioctl$sock_SIOCGIFINDEX(r7, 0x8933, &(0x7f0000000000)={'lo\x00', <r9=>0x0})
ioctl$BINDER_WRITE_READ(r4, 0xc0306201, &(0x7f0000000940)={0x14, 0x0, &(0x7f0000000400)=[@acquire_done={0x40106309, 0x3}], 0x31, 0x0, &(0x7f0000000440)="de8ee5ee379a99f63e6e8d7e8b36b8c06aae62ccf2ca6606dbc4956eddfacbbbbe8772a76655dd2ac5fbef870080a71635"})
sendmsg$nl_route(r1, &(0x7f0000000240)={0x0, 0x0, &(0x7f0000000340)={&(0x7f0000000280)=ANY=[@ANYRES8, @ANYRES32=r9, @ANYBLOB], 0x20}, 0x1, 0x0, 0x0, 0x40}, 0x2000c090)
sendfile(r3, r2, &(0x7f0000002080)=0x3a, 0x23b)

kernel console output (not intermixed with test programs):

 up to one day in the future
[  956.537429][ T4348] rtc_cmos 00:00: Alarms can be up to one day in the future
[  956.561495][ T4348] rtc_cmos 00:00: Alarms can be up to one day in the future
[  956.583963][ T4348] rtc_cmos 00:00: Alarms can be up to one day in the future
[  956.600657][ T4348] rtc rtc0: __rtc_set_alarm: err=-22
[  956.633441][ T4356] tipc: Node number set to 531888018
[  956.642825][T13377] tipc: Resetting bearer <eth:syzkaller0>
[  956.704394][T13373] tipc: Resetting bearer <eth:syzkaller0>
[  956.791788][T13373] tipc: Disabling bearer <eth:syzkaller0>
[  956.833727][   T26] audit: type=1326 audit(1759908697.250:136): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=13385 comm="syz.5.2292" exe="/root/syz-executor" sig=9 arch=c000003e syscall=231 compat=0 ip=0x7f9d25d8eec9 code=0x0
[  956.864610][ T4276] Bluetooth: hci5: command 0x1003 tx timeout
[  956.872661][ T4283] Bluetooth: hci5: Opcode 0x1003 failed: -110
[  957.103259][   T26] audit: type=1326 audit(1759908697.520:137): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=13389 comm="syz.1.2293" exe="/root/syz-executor" sig=31 arch=c000003e syscall=202 compat=0 ip=0x7fba1c58eec9 code=0x0
[  959.589935][ T4283] Bluetooth: hci4: unexpected event for opcode 0x0402
[  959.610997][T13413] syz.4.2298 (13413): drop_caches: 1
[  959.637486][   T26] audit: type=1326 audit(1759908700.050:138): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=13417 comm="syz.3.2301" exe="/root/syz-executor" sig=9 arch=c000003e syscall=231 compat=0 ip=0x7f510b38eec9 code=0x0
[  959.941134][   T26] audit: type=1326 audit(1759908700.360:139): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=13434 comm="syz.4.2306" exe="/root/syz-executor" sig=9 arch=c000003e syscall=231 compat=0 ip=0x7f6a3078eec9 code=0x0
[  962.371045][T13461] loop2: detected capacity change from 0 to 7
[  962.412989][T13461] Dev loop2: unable to read RDB block 7
[  962.426220][T13461]  loop2: AHDI p1 p2 p3
[  962.446794][T13461] loop2: partition table partially beyond EOD, truncated
[  962.479825][T13461] loop2: p1 start 1601398130 is beyond EOD, truncated
[  962.678154][T13461] loop2: p2 start 1702059890 is beyond EOD, truncated
[  963.926256][   T26] audit: type=1326 audit(1759908704.350:140): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=13474 comm="syz.4.2319" exe="/root/syz-executor" sig=9 arch=c000003e syscall=231 compat=0 ip=0x7f6a3078eec9 code=0x0
[  964.906379][ T4283] Bluetooth: hci0: unexpected event for opcode 0x0402
[  964.936858][T13469] syz.5.2316 (13469): drop_caches: 1
[  965.683553][T13506] fuse: Bad value for 'fd'
[  966.262247][T13514] loop2: detected capacity change from 0 to 7
[  966.279982][T13123] Dev loop2: unable to read RDB block 7
[  966.290057][T13123]  loop2: AHDI p1 p2 p3
[  966.322468][T13123] loop2: partition table partially beyond EOD, truncated
[  966.365796][T13123] loop2: p1 start 1601398130 is beyond EOD, truncated
[  966.388580][T13123] loop2: p2 start 1702059890 is beyond EOD, truncated
[  966.408193][T13514] Dev loop2: unable to read RDB block 7
[  966.413839][T13514]  loop2: AHDI p1 p2 p3
[  966.464729][T13514] loop2: partition table partially beyond EOD, truncated
[  966.473996][T13514] loop2: p1 start 1601398130 is beyond EOD, truncated
[  966.501871][T13514] loop2: p2 start 1702059890 is beyond EOD, truncated
[  966.626638][   T26] audit: type=1326 audit(1759908707.050:141): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=13520 comm="syz.1.2334" exe="/root/syz-executor" sig=9 arch=c000003e syscall=231 compat=0 ip=0x7fba1c58eec9 code=0x0
[  967.826354][T13549] netlink: 100 bytes leftover after parsing attributes in process `syz.4.2340'.
[  967.920291][T11291] Bluetooth: hci5: Frame reassembly failed (-84)
[  967.940500][T11291] Bluetooth: hci5: Frame reassembly failed (-84)
[  969.984655][ T4283] Bluetooth: hci5: Opcode 0x1003 failed: -110
[  969.985444][ T4276] Bluetooth: hci5: command 0x1003 tx timeout
[  970.116719][T13571] fuse: Bad value for 'fd'
[  970.822312][   T26] audit: type=1326 audit(1759908711.240:142): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=13577 comm="syz.0.2349" exe="/root/syz-executor" sig=9 arch=c000003e syscall=231 compat=0 ip=0x7ffacb18eec9 code=0x0
[  972.222865][T13597] ubi: mtd0 is already attached to ubi31
[  974.902460][T13615] netlink: 100 bytes leftover after parsing attributes in process `syz.1.2359'.
[  974.989155][ T4978] Bluetooth: hci5: Frame reassembly failed (-84)
[  975.082124][T13617] fuse: Bad value for 'fd'
[  977.025005][ T4283] Bluetooth: hci5: command 0x1003 tx timeout
[  977.025037][ T4276] Bluetooth: hci5: Opcode 0x1003 failed: -110
[  977.389535][   T26] audit: type=1326 audit(1759908717.810:143): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=13631 comm="syz.5.2364" exe="/root/syz-executor" sig=9 arch=c000003e syscall=231 compat=0 ip=0x7f9d25d8eec9 code=0x0
[  979.403024][T13668] fuse: Bad value for 'fd'
[  983.126761][   T26] audit: type=1326 audit(1759908723.550:144): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=13683 comm="syz.1.2379" exe="/root/syz-executor" sig=9 arch=c000003e syscall=231 compat=0 ip=0x7fba1c58eec9 code=0x0
[  983.406970][T13691] netlink: 100 bytes leftover after parsing attributes in process `syz.5.2381'.
[  983.498839][T11292] Bluetooth: hci5: Frame reassembly failed (-84)
[  985.506123][ T4283] Bluetooth: hci5: command 0x1003 tx timeout
[  985.506167][ T4276] Bluetooth: hci5: Opcode 0x1003 failed: -110
[  986.230889][T13721] fuse: Bad value for 'fd'
[  987.880268][T13747] tipc: Enabling of bearer <eth:syzkaller0> rejected, failed to enable media
[  990.463513][T13761] batman_adv: batadv0: Interface deactivated: dummy0
[  990.470486][T13761] batman_adv: batadv0: Removing interface: dummy0
[  992.404262][T13774] netlink: 100 bytes leftover after parsing attributes in process `syz.3.2404'.
[  992.583703][T13780] rtc_cmos 00:00: Alarms can be up to one day in the future
[  992.627266][ T1277] ieee802154 phy0 wpan0: encryption failed: -22
[  992.633622][ T1277] ieee802154 phy1 wpan1: encryption failed: -22
[  993.408181][ T4356] rtc_cmos 00:00: Alarms can be up to one day in the future
[  993.421030][ T4356] rtc_cmos 00:00: Alarms can be up to one day in the future
[  993.455568][ T4356] rtc_cmos 00:00: Alarms can be up to one day in the future
[  993.463682][ T4356] rtc_cmos 00:00: Alarms can be up to one day in the future
[  993.471312][ T4356] rtc rtc0: __rtc_set_alarm: err=-22
[  994.549476][T13795] fuse: Bad value for 'fd'
[  996.629625][T13808] tipc: Enabled bearer <eth:syzkaller0>, priority 0
[  996.639362][T13808] device syzkaller0 entered promiscuous mode
[  996.650064][T13808] tipc: Resetting bearer <eth:syzkaller0>
[  996.662207][T13807] tipc: Resetting bearer <eth:syzkaller0>
[  996.711601][T13807] tipc: Disabling bearer <eth:syzkaller0>
[  997.847982][T13805] Bluetooth: hci1: Opcode 0x0c1a failed: -4
[  997.861908][T13805] Bluetooth: hci0: Opcode 0x0c1a failed: -4
[  997.896702][   T26] audit: type=1326 audit(1759908738.320:145): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=13827 comm="syz.3.2420" exe="/root/syz-executor" sig=9 arch=c000003e syscall=231 compat=0 ip=0x7f510b38eec9 code=0x0
[  997.925072][T13805] Bluetooth: hci2: Opcode 0x0c1a failed: -4
[  997.944980][T13805] Bluetooth: hci3: Opcode 0x0c1a failed: -4
[  997.954170][T13805] Bluetooth: hci4: Opcode 0x0c1a failed: -4
[  998.944410][ T4283] Bluetooth: hci1: command 0x0c1a tx timeout
[  999.904455][ T4283] Bluetooth: hci0: command 0x0c1a tx timeout
[  999.984443][ T4283] Bluetooth: hci4: command 0x0c1a tx timeout
[  999.990478][ T4276] Bluetooth: hci3: command 0x0c1a tx timeout
[  999.994436][ T4273] Bluetooth: hci2: command 0x0c1a tx timeout
[ 1000.129336][T13844] fuse: Bad value for 'fd'
[ 1000.197651][T13846] netlink: 100 bytes leftover after parsing attributes in process `syz.5.2425'.
[ 1000.842698][T13793] Bluetooth: hci0: Opcode 0x0c1a failed: -4
[ 1000.909293][T13858] netlink: 4 bytes leftover after parsing attributes in process `syz.4.2421'.
[ 1002.304456][ T4273] Bluetooth: hci5: command 0x1003 tx timeout
[ 1002.304549][ T4283] Bluetooth: hci5: Opcode 0x1003 failed: -110
[ 1002.864634][ T4283] Bluetooth: hci0: command 0x0c1a tx timeout
[ 1003.544396][T13806] usb 1-1: new high-speed USB device number 21 using dummy_hcd
[ 1003.774448][T13806] usb 1-1: Using ep0 maxpacket: 8
[ 1003.785299][T13806] usb 1-1: config 0 has an invalid interface number: 1 but max is 0
[ 1003.812893][T13806] usb 1-1: config 0 has no interface number 0
[ 1003.836985][T13806] usb 1-1: config 0 interface 1 altsetting 0 endpoint 0x82 has an invalid bInterval 0, changing to 7
[ 1003.879663][T13806] usb 1-1: config 0 interface 1 altsetting 0 endpoint 0x82 has invalid wMaxPacketSize 0
[ 1003.928091][T13806] usb 1-1: New USB device found, idVendor=07c0, idProduct=1512, bcdDevice=30.22
[ 1003.951519][T13806] usb 1-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[ 1003.960091][   T26] audit: type=1326 audit(1759908744.390:146): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=13882 comm="syz.4.2436" exe="/root/syz-executor" sig=9 arch=c000003e syscall=231 compat=0 ip=0x7f6a3078eec9 code=0x0
[ 1004.196159][T13806] usb 1-1: config 0 descriptor??
[ 1004.228540][T13887] vhci_hcd vhci_hcd.0: pdev(4) rhport(0) sockfd(11)
[ 1004.235188][T13887] vhci_hcd vhci_hcd.0: devid(0) speed(3) speed_str(high-speed)
[ 1004.250705][T13887] vhci_hcd vhci_hcd.0: Device attached
[ 1004.346681][T13806] iowarrior 1-1:0.1: IOWarrior product=0x1512, serial= interface=1 now attached to iowarrior0
[ 1004.472115][T13876] iowarrior 1-1:0.1: Error -90 while submitting URB
[ 1004.736413][T13888] vhci_hcd: connection closed
[ 1004.737357][   T11] vhci_hcd: stop threads
[ 1005.272954][   T11] vhci_hcd: release socket
[ 1005.355565][T13806] usb 1-1: USB disconnect, device number 21
[ 1005.381935][   T11] vhci_hcd: disconnect device
[ 1005.558034][T13896] bond0: (slave rose0): Error: Device is in use and cannot be enslaved
[ 1006.068379][T13908] fuse: Bad value for 'fd'
[ 1009.073535][T13936] rtc_cmos 00:00: Alarms can be up to one day in the future
[ 1009.615739][ T4348] rtc_cmos 00:00: Alarms can be up to one day in the future
[ 1009.806395][T13938] batman_adv: batadv0: Interface deactivated: dummy0
[ 1009.813314][T13938] batman_adv: batadv0: Removing interface: dummy0
[ 1010.784403][ T4276] Bluetooth: hci1: command 0x0c1a tx timeout
[ 1011.442593][T13906] Bluetooth: hci1: Opcode 0x0c1a failed: -110
[ 1011.449181][ T4348] rtc_cmos 00:00: Alarms can be up to one day in the future
[ 1011.457088][ T4348] rtc_cmos 00:00: Alarms can be up to one day in the future
[ 1011.470905][ T4348] rtc_cmos 00:00: Alarms can be up to one day in the future
[ 1011.478444][ T4348] rtc rtc0: __rtc_set_alarm: err=-22
[ 1011.502711][T13906] Bluetooth: hci0: Opcode 0x0c1a failed: -4
[ 1011.520805][T13906] Bluetooth: hci2: Opcode 0x0c1a failed: -4
[ 1011.635490][   T26] audit: type=1326 audit(1759908752.050:147): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=13930 comm="syz.3.2448" exe="/root/syz-executor" sig=9 arch=c000003e syscall=231 compat=0 ip=0x7f510b38eec9 code=0x0
[ 1011.692232][T13906] Bluetooth: hci3: Opcode 0x0c1a failed: -4
[ 1011.701259][T13906] Bluetooth: hci4: Opcode 0x0c1a failed: -4
[ 1011.945123][T13951] tipc: Enabled bearer <eth:syzkaller0>, priority 0
[ 1011.970780][T13951] device syzkaller0 entered promiscuous mode
[ 1012.011719][T13951] tipc: Resetting bearer <eth:syzkaller0>
[ 1012.029499][T13950] tipc: Resetting bearer <eth:syzkaller0>
[ 1012.144351][ T5772] usb 6-1: new high-speed USB device number 8 using dummy_hcd
[ 1012.168708][T13950] tipc: Disabling bearer <eth:syzkaller0>
[ 1012.354926][ T5772] usb 6-1: Using ep0 maxpacket: 8
[ 1012.364047][ T5772] usb 6-1: config 0 has an invalid interface number: 1 but max is 0
[ 1012.394558][ T5772] usb 6-1: config 0 has no interface number 0
[ 1012.417474][ T5772] usb 6-1: config 0 interface 1 altsetting 0 endpoint 0x82 has an invalid bInterval 0, changing to 7
[ 1012.461225][ T5772] usb 6-1: config 0 interface 1 altsetting 0 endpoint 0x82 has invalid wMaxPacketSize 0
[ 1012.504189][ T5772] usb 6-1: New USB device found, idVendor=07c0, idProduct=1512, bcdDevice=30.22
[ 1012.531386][   T26] audit: type=1326 audit(1759908752.950:148): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=13953 comm="syz.3.2454" exe="/root/syz-executor" sig=9 arch=c000003e syscall=231 compat=0 ip=0x7f510b38eec9 code=0x0
[ 1012.543962][ T5772] usb 6-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[ 1012.597304][ T5772] usb 6-1: config 0 descriptor??
[ 1012.628537][T11284] batman_adv: batadv_iv_ogm_emit: soft interface switch for queued OGM
[ 1012.656259][ T5772] iowarrior 6-1:0.1: IOWarrior product=0x1512, serial= interface=1 now attached to iowarrior0
[ 1012.828313][T13949] iowarrior 6-1:0.1: Error -90 while submitting URB
[ 1012.853473][ T5772] usb 6-1: USB disconnect, device number 8
[ 1012.999292][T13904] Bluetooth: hci0: Opcode 0x0c1a failed: -4
[ 1013.178887][   T26] audit: type=1326 audit(1759908753.600:149): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=13961 comm="syz.4.2456" exe="/root/syz-executor" sig=31 arch=c000003e syscall=202 compat=0 ip=0x7f6a3078eec9 code=0x0
[ 1013.280117][T13966] fuse: Bad value for 'fd'
[ 1013.504414][ T4276] Bluetooth: hci0: command 0x0c1a tx timeout
[ 1013.584368][ T4276] Bluetooth: hci2: command 0x0c1a tx timeout
[ 1013.744711][ T4276] Bluetooth: hci4: command 0x0c1a tx timeout
[ 1013.744717][ T4283] Bluetooth: hci3: command 0x0c1a tx timeout
[ 1015.584479][ T4273] Bluetooth: hci0: command 0x0c1a tx timeout
[ 1016.855164][   T26] audit: type=1326 audit(1759908757.280:150): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=13990 comm="syz.3.2464" exe="/root/syz-executor" sig=9 arch=c000003e syscall=231 compat=0 ip=0x7f510b38eec9 code=0x0
[ 1017.105968][T14000] tipc: Enabled bearer <eth:syzkaller0>, priority 0
[ 1017.119325][T14000] device syzkaller0 entered promiscuous mode
[ 1017.142708][T14000] tipc: Resetting bearer <eth:syzkaller0>
[ 1017.156184][T13999] tipc: Resetting bearer <eth:syzkaller0>
[ 1017.255532][T13999] tipc: Disabling bearer <eth:syzkaller0>
[ 1018.728755][   T26] audit: type=1326 audit(1759908759.150:151): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=14013 comm="syz.4.2470" exe="/root/syz-executor" sig=9 arch=c000003e syscall=231 compat=0 ip=0x7f6a3078eec9 code=0x0
[ 1019.584385][ T4276] Bluetooth: hci1: command 0x0c1a tx timeout
[ 1019.898710][T14003] Bluetooth: hci1: Opcode 0x0c1a failed: -110
[ 1020.006912][T14003] Bluetooth: hci0: Opcode 0x0c1a failed: -4
[ 1020.061675][T14003] Bluetooth: hci2: Opcode 0x0c1a failed: -4
[ 1020.068684][T14003] Bluetooth: hci3: Opcode 0x0c1a failed: -4
[ 1020.075863][T14003] Bluetooth: hci4: Opcode 0x0c1a failed: -4
[ 1021.910994][   T26] audit: type=1326 audit(1759908762.330:152): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=14037 comm="syz.3.2477" exe="/root/syz-executor" sig=31 arch=c000003e syscall=202 compat=0 ip=0x7f510b38eec9 code=0x0
[ 1021.926296][T14039] fuse: Bad value for 'fd'
[ 1021.932907][    C0] vkms_vblank_simulate: vblank timer overrun
[ 1022.064867][ T4273] Bluetooth: hci2: command 0x0c1a tx timeout
[ 1022.074638][ T4273] Bluetooth: hci0: command 0x0c1a tx timeout
[ 1022.144443][ T4273] Bluetooth: hci4: command 0x0c1a tx timeout
[ 1022.150510][ T4273] Bluetooth: hci3: command 0x0c1a tx timeout
[ 1022.345957][T14041] rtc_cmos 00:00: Alarms can be up to one day in the future
[ 1022.404782][ T4335] rtc_cmos 00:00: Alarms can be up to one day in the future
[ 1022.412394][ T4335] rtc_cmos 00:00: Alarms can be up to one day in the future
[ 1022.452658][ T4335] rtc_cmos 00:00: Alarms can be up to one day in the future
[ 1022.469533][   T26] audit: type=1326 audit(1759908762.890:153): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=14044 comm="syz.4.2479" exe="/root/syz-executor" sig=9 arch=c000003e syscall=231 compat=0 ip=0x7f6a3078eec9 code=0x0
[ 1022.508324][ T4335] rtc_cmos 00:00: Alarms can be up to one day in the future
[ 1022.734591][ T4335] rtc rtc0: __rtc_set_alarm: err=-22
[ 1022.877331][T13996] Bluetooth: hci0: Opcode 0x0c1a failed: -4
[ 1022.901614][T14048] vhci_hcd vhci_hcd.0: pdev(4) rhport(0) sockfd(11)
[ 1022.908237][T14048] vhci_hcd vhci_hcd.0: devid(0) speed(3) speed_str(high-speed)
[ 1022.927081][T14048] vhci_hcd vhci_hcd.0: Device attached
[ 1023.204545][T13806] usb 41-1: new high-speed USB device number 3 using vhci_hcd
[ 1023.272649][T14049] vhci_hcd: connection closed
[ 1023.275802][ T8997] vhci_hcd: stop threads
[ 1023.832866][ T8997] vhci_hcd: release socket
[ 1023.837603][ T8997] vhci_hcd: disconnect device
[ 1024.944992][ T4276] Bluetooth: hci0: command 0x0c1a tx timeout
[ 1025.232095][T14083] overlayfs: failed to resolve './file1': -2
[ 1025.496926][T14085] fuse: Bad value for 'fd'
[ 1026.308844][T14094] syz.5.2492 (14094): drop_caches: 1
[ 1027.165173][   T26] audit: type=1326 audit(1759908767.590:154): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=14092 comm="syz.3.2493" exe="/root/syz-executor" sig=31 arch=c000003e syscall=202 compat=0 ip=0x7f510b38eec9 code=0x0
[ 1027.284774][T14094] syz.5.2492 (14094): drop_caches: 1
[ 1027.439939][   T26] audit: type=1326 audit(1759908767.860:155): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=14102 comm="syz.1.2496" exe="/root/syz-executor" sig=9 arch=c000003e syscall=231 compat=0 ip=0x7fba1c58eec9 code=0x0
[ 1028.944395][T13806] vhci_hcd: vhci_device speed not set
[ 1029.188927][T14111] tipc: Enabling of bearer <eth:syzkaller0> rejected, failed to enable media
[ 1031.010177][T14122] overlayfs: failed to resolve './file1': -2
[ 1031.636005][T14139] fuse: Bad value for 'fd'
[ 1033.136788][T14153] tipc: Enabled bearer <eth:syzkaller0>, priority 0
[ 1033.181485][T14154] rtc_cmos 00:00: Alarms can be up to one day in the future
[ 1033.203709][T14156] tipc: Resetting bearer <eth:syzkaller0>
[ 1033.238077][T14152] tipc: Disabling bearer <eth:syzkaller0>
[ 1033.403510][T13806] rtc_cmos 00:00: Alarms can be up to one day in the future
[ 1033.424725][T13806] rtc_cmos 00:00: Alarms can be up to one day in the future
[ 1033.487964][T13806] rtc_cmos 00:00: Alarms can be up to one day in the future
[ 1033.529427][T13806] rtc_cmos 00:00: Alarms can be up to one day in the future
[ 1033.560214][T13806] rtc rtc0: __rtc_set_alarm: err=-22
[ 1035.065353][T14187] fuse: Bad value for 'fd'
[ 1035.115559][T14189] netlink: 4 bytes leftover after parsing attributes in process `syz.3.2508'.
[ 1040.228632][T14209] rtc_cmos 00:00: Alarms can be up to one day in the future
[ 1040.386377][T11284] Bluetooth: hci5: Frame reassembly failed (-84)
[ 1040.402676][T13806] rtc_cmos 00:00: Alarms can be up to one day in the future
[ 1040.421404][T13806] rtc_cmos 00:00: Alarms can be up to one day in the future
[ 1040.434005][T13806] rtc_cmos 00:00: Alarms can be up to one day in the future
[ 1040.443713][T13806] rtc_cmos 00:00: Alarms can be up to one day in the future
[ 1040.451338][T13806] rtc rtc0: __rtc_set_alarm: err=-22
[ 1042.394406][ T4276] Bluetooth: hci5: Opcode 0x1003 failed: -110
[ 1046.014018][   T26] audit: type=1326 audit(1759908786.430:156): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=14260 comm="syz.4.2540" exe="/root/syz-executor" sig=9 arch=c000003e syscall=231 compat=0 ip=0x7f6a3078eec9 code=0x0
[ 1046.125163][T10111] usb 1-1: new high-speed USB device number 22 using dummy_hcd
[ 1046.164643][T14269] vhci_hcd vhci_hcd.0: pdev(4) rhport(0) sockfd(11)
[ 1046.171286][T14269] vhci_hcd vhci_hcd.0: devid(0) speed(3) speed_str(high-speed)
[ 1046.210413][T14269] vhci_hcd vhci_hcd.0: Device attached
[ 1046.341879][T10111] usb 1-1: too many endpoints for config 0 interface 0 altsetting 0: 253, using maximum allowed: 30
[ 1046.494526][ T6220] usb 41-1: new high-speed USB device number 4 using vhci_hcd
[ 1046.834573][T14270] vhci_hcd: connection closed
[ 1046.838252][ T4611] vhci_hcd: stop threads
[ 1047.356521][ T4611] vhci_hcd: release socket
[ 1047.361069][ T4611] vhci_hcd: disconnect device
[ 1047.414024][T10111] usb 1-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7
[ 1047.484878][T10111] usb 1-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0
[ 1047.523430][T10111] usb 1-1: config 0 interface 0 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 253
[ 1047.566201][T10111] usb 1-1: New USB device found, idVendor=05ac, idProduct=8243, bcdDevice=8b.40
[ 1047.602548][T10111] usb 1-1: New USB device strings: Mfr=11, Product=0, SerialNumber=0
[ 1047.651592][T10111] usb 1-1: Manufacturer: syz
[ 1047.666202][T10111] usb 1-1: config 0 descriptor??
[ 1047.815706][T14290] tipc: Enabled bearer <eth:syzkaller0>, priority 0
[ 1047.836510][T14290] device syzkaller0 entered promiscuous mode
[ 1047.869901][T14289] tipc: Resetting bearer <eth:syzkaller0>
[ 1047.904817][ T4348] usb 6-1: new high-speed USB device number 9 using dummy_hcd
[ 1047.926159][T14289] tipc: Disabling bearer <eth:syzkaller0>
[ 1048.064377][ T4348] usb 6-1: device descriptor read/64, error -71
[ 1048.082842][T10111] appleir 0003:05AC:8243.0003: unknown main item tag 0x0
[ 1048.093586][T10111] appleir 0003:05AC:8243.0003: No inputs registered, leaving
[ 1048.112304][T10111] appleir 0003:05AC:8243.0003: hiddev0,hidraw0: USB HID v0.00 Device [syz] on usb-dummy_hcd.0-1/input0
[ 1048.344421][ T4348] usb 6-1: new high-speed USB device number 10 using dummy_hcd
[ 1048.656375][T14296] syz.4.2550 (14296): drop_caches: 1
[ 1049.020540][T14297] netlink: 4 bytes leftover after parsing attributes in process `syz.3.2543'.
[ 1049.104356][ T4348] usb 6-1: device descriptor read/64, error -71
[ 1049.224554][ T4348] usb usb6-port1: attempt power cycle
[ 1049.239617][T14300] faulting far call emulation tainted memory
[ 1049.261347][T14300] set kvm_intel.dump_invalid_vmcs=1 to dump internal KVM state.
[ 1049.282491][T14296] syz.4.2550 (14296): drop_caches: 1
[ 1049.834353][ T4348] usb 6-1: new high-speed USB device number 11 using dummy_hcd
[ 1050.400344][ T4335] usb 1-1: USB disconnect, device number 22
[ 1050.406992][ T4348] usb 6-1: device descriptor read/8, error -71
[ 1050.582239][   T26] audit: type=1326 audit(1759908791.000:157): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=14314 comm="syz.0.2556" exe="/root/syz-executor" sig=9 arch=c000003e syscall=231 compat=0 ip=0x7ffacb18eec9 code=0x0
[ 1050.684865][ T4348] usb 6-1: new high-speed USB device number 12 using dummy_hcd
[ 1052.047551][ T4348] usb 6-1: device descriptor read/8, error -71
[ 1052.082068][T14322] netdevsim netdevsim1 eth3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[ 1052.165058][ T4348] usb usb6-port1: unable to enumerate USB device
[ 1052.224364][ T6220] vhci_hcd: vhci_device speed not set
[ 1052.308306][T14322] netdevsim netdevsim1 eth2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[ 1052.427236][T14322] netdevsim netdevsim1 eth1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[ 1052.601361][T14322] netdevsim netdevsim1 eth0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[ 1052.790996][T14322] netdevsim netdevsim1 eth0: set [1, 0] type 2 family 0 port 6081 - 0
[ 1052.812268][T14322] netdevsim netdevsim1 eth1: set [1, 0] type 2 family 0 port 6081 - 0
[ 1052.830512][T14322] netdevsim netdevsim1 eth2: set [1, 0] type 2 family 0 port 6081 - 0
[ 1052.925850][T14322] netdevsim netdevsim1 eth3: set [1, 0] type 2 family 0 port 6081 - 0
[ 1054.067282][ T1277] ieee802154 phy0 wpan0: encryption failed: -22
[ 1054.073664][ T1277] ieee802154 phy1 wpan1: encryption failed: -22
[ 1057.667677][   T14] usb 5-1: new high-speed USB device number 31 using dummy_hcd
[ 1057.767933][   T26] audit: type=1326 audit(1759908798.190:158): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=14379 comm="syz.1.2571" exe="/root/syz-executor" sig=9 arch=c000003e syscall=231 compat=0 ip=0x7fba1c58eec9 code=0x0
[ 1057.854437][   T14] usb 5-1: device descriptor read/64, error -71
[ 1057.865115][T14385] vhci_hcd vhci_hcd.0: pdev(1) rhport(0) sockfd(11)
[ 1057.871720][T14385] vhci_hcd vhci_hcd.0: devid(0) speed(3) speed_str(high-speed)
[ 1057.879359][T14385] vhci_hcd vhci_hcd.0: Device attached
[ 1058.124343][   T14] usb 5-1: new high-speed USB device number 32 using dummy_hcd
[ 1058.154469][ T4348] usb 35-1: new high-speed USB device number 2 using vhci_hcd
[ 1058.261038][T14395] netlink: 4 bytes leftover after parsing attributes in process `syz.3.2570'.
[ 1058.294465][   T14] usb 5-1: device descriptor read/64, error -71
[ 1058.424455][   T14] usb usb5-port1: attempt power cycle
[ 1058.522735][T14386] vhci_hcd: connection reset by peer
[ 1058.528560][ T4971] vhci_hcd: stop threads
[ 1058.533936][ T4971] vhci_hcd: release socket
[ 1058.550903][ T4971] vhci_hcd: disconnect device
[ 1058.834412][   T14] usb 5-1: new high-speed USB device number 33 using dummy_hcd
[ 1058.888597][   T14] usb 5-1: device descriptor read/8, error -71
[ 1059.174496][   T14] usb 5-1: new high-speed USB device number 34 using dummy_hcd
[ 1059.224858][   T14] usb 5-1: device descriptor read/8, error -71
[ 1059.231100][   T26] audit: type=1326 audit(1759908799.650:159): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=14404 comm="syz.1.2575" exe="/root/syz-executor" sig=9 arch=c000003e syscall=231 compat=0 ip=0x7fba1c58eec9 code=0x0
[ 1059.374462][   T14] usb usb5-port1: unable to enumerate USB device
[ 1059.434589][T13109] usb 6-1: new full-speed USB device number 13 using dummy_hcd
[ 1059.685624][T13109] usb 6-1: config index 0 descriptor too short (expected 301, got 45)
[ 1059.703252][T13109] usb 6-1: config 16 interface 0 altsetting 0 endpoint 0x5 has invalid wMaxPacketSize 0
[ 1059.747944][T13109] usb 6-1: config 16 interface 0 altsetting 0 has 2 endpoint descriptors, different from the interface descriptor's value: 3
[ 1059.791481][T13109] usb 6-1: New USB device found, idVendor=ee8d, idProduct=db1e, bcdDevice=61.23
[ 1059.944454][T13109] usb 6-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[ 1060.291718][T14401] Scaler: =================  START STATUS  =================
[ 1060.329418][T14401] Scaler: ==================  END STATUS  ==================
[ 1060.362108][T13109] usb 6-1: GET_CAPABILITIES returned 0
[ 1060.369007][T13109] usbtmc 6-1:16.0: can't read capabilities
[ 1060.420350][ T4273] Bluetooth: hci5: unexpected cc 0x0c03 length: 249 > 1
[ 1060.431019][ T4273] Bluetooth: hci5: unexpected cc 0x1003 length: 249 > 9
[ 1060.439143][ T4273] Bluetooth: hci5: unexpected cc 0x1001 length: 249 > 9
[ 1060.451292][ T4273] Bluetooth: hci5: unexpected cc 0x0c23 length: 249 > 4
[ 1060.458916][ T4273] Bluetooth: hci5: unexpected cc 0x0c25 length: 249 > 3
[ 1060.466226][ T4273] Bluetooth: hci5: unexpected cc 0x0c38 length: 249 > 2
[ 1060.551001][T14429] overlayfs: failed to resolve './file0': -2
[ 1060.703026][T14401] usbtmc 6-1:16.0: usb_control_msg returned -71
[ 1060.703304][ T4388] usb 6-1: USB disconnect, device number 13
[ 1061.061056][T11289] netdevsim netdevsim3 eth3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[ 1061.221255][T11289] netdevsim netdevsim3 eth2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[ 1061.293336][T11289] netdevsim netdevsim3 eth1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[ 1061.325328][T14425] chnl_net:caif_netlink_parms(): no params data found
[ 1061.355311][T11289] netdevsim netdevsim3 eth0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[ 1061.633980][T14425] bridge0: port 1(bridge_slave_0) entered blocking state
[ 1061.653677][T14425] bridge0: port 1(bridge_slave_0) entered disabled state
[ 1061.671435][T14425] device bridge_slave_0 entered promiscuous mode
[ 1061.748474][T14425] bridge0: port 2(bridge_slave_1) entered blocking state
[ 1061.762582][T14425] bridge0: port 2(bridge_slave_1) entered disabled state
[ 1061.779860][T14425] device bridge_slave_1 entered promiscuous mode
[ 1061.894998][T11289] tipc: Left network mode
[ 1061.942343][T14425] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link
[ 1062.058336][T14425] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link
[ 1062.269648][T14425] team0: Port device team_slave_0 added
[ 1062.304737][   T26] audit: type=1326 audit(1759908802.730:160): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=14448 comm="syz.0.2586" exe="/root/syz-executor" sig=9 arch=c000003e syscall=231 compat=0 ip=0x7ffacb18eec9 code=0x0
[ 1062.308893][T14425] team0: Port device team_slave_1 added
[ 1062.373816][T14454] vhci_hcd vhci_hcd.0: pdev(0) rhport(0) sockfd(11)
[ 1062.380448][T14454] vhci_hcd vhci_hcd.0: devid(0) speed(3) speed_str(high-speed)
[ 1062.388305][T14454] vhci_hcd vhci_hcd.0: Device attached
[ 1062.512392][T14425] batman_adv: batadv0: Adding interface: batadv_slave_0
[ 1062.531832][T14425] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[ 1062.557802][    C1] vkms_vblank_simulate: vblank timer overrun
[ 1062.564740][ T4276] Bluetooth: hci5: command 0x0409 tx timeout
[ 1062.684634][T13109] usb 33-1: new high-speed USB device number 4 using vhci_hcd
[ 1062.724388][T14425] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active
[ 1062.821647][T14425] batman_adv: batadv0: Adding interface: batadv_slave_1
[ 1062.839929][T14425] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[ 1062.959303][T14425] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active
[ 1062.998860][T14456] vhci_hcd: connection reset by peer
[ 1063.004611][ T4965] vhci_hcd: stop threads
[ 1063.009208][ T4965] vhci_hcd: release socket
[ 1063.042152][ T4965] vhci_hcd: disconnect device
[ 1063.274492][ T4348] vhci_hcd: vhci_device speed not set
[ 1063.544130][   T26] audit: type=1326 audit(1759908803.970:161): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=14472 comm="syz.4.2590" exe="/root/syz-executor" sig=9 arch=c000003e syscall=231 compat=0 ip=0x7f6a3078eec9 code=0x0
[ 1064.624388][ T4273] Bluetooth: hci5: command 0x041b tx timeout
[ 1065.361281][T14425] device hsr_slave_0 entered promiscuous mode
[ 1065.391666][T14425] device hsr_slave_1 entered promiscuous mode
[ 1066.240310][T14425] debugfs: Directory 'hsr0' with parent 'hsr' already present!
[ 1066.323552][T14425] Cannot create hsr debugfs directory
[ 1067.379621][ T4273] Bluetooth: hci5: command 0x040f tx timeout
[ 1067.714380][ T4388] usb 1-1: new high-speed USB device number 23 using dummy_hcd
[ 1067.899676][T13109] vhci_hcd: vhci_device speed not set
[ 1068.024386][ T4388] usb 1-1: Using ep0 maxpacket: 32
[ 1068.699582][ T4388] usb 1-1: config 0 has an invalid interface number: 184 but max is 0
[ 1068.725609][ T4388] usb 1-1: config 0 has no interface number 0
[ 1068.734502][ T4388] usb 1-1: config 0 interface 184 has no altsetting 0
[ 1068.792627][ T4388] usb 1-1: New USB device found, idVendor=0424, idProduct=7500, bcdDevice=69.ee
[ 1069.424745][ T4273] Bluetooth: hci5: command 0x0419 tx timeout
[ 1070.458114][ T4388] usb 1-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[ 1070.504194][ T4388] usb 1-1: Product: syz
[ 1070.520628][ T4388] usb 1-1: Manufacturer: syz
[ 1070.543906][ T4388] usb 1-1: SerialNumber: syz
[ 1070.582831][ T4388] usb 1-1: config 0 descriptor??
[ 1070.613764][ T4388] usb 1-1: can't set config #0, error -71
[ 1070.651098][ T4388] usb 1-1: USB disconnect, device number 23
[ 1070.844391][ T6220] usb 2-1: new high-speed USB device number 35 using dummy_hcd
[ 1070.896218][T11289] device hsr_slave_0 left promiscuous mode
[ 1070.904630][T11289] device hsr_slave_1 left promiscuous mode
[ 1070.924703][T11289] batman_adv: batadv0: Interface deactivated: dummy0
[ 1070.931462][T11289] batman_adv: batadv0: Removing interface: dummy0
[ 1070.964944][T11289] batman_adv: batadv0: Interface deactivated: batadv_slave_0
[ 1070.972377][T11289] batman_adv: batadv0: Removing interface: batadv_slave_0
[ 1071.015042][T11289] batman_adv: batadv0: Interface deactivated: batadv_slave_1
[ 1071.022473][T11289] batman_adv: batadv0: Removing interface: batadv_slave_1
[ 1071.068225][   T26] audit: type=1326 audit(1759908811.490:162): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=14512 comm="syz.4.2600" exe="/root/syz-executor" sig=9 arch=c000003e syscall=231 compat=0 ip=0x7f6a3078eec9 code=0x0
[ 1071.101142][ T6220] usb 2-1: config 0 interface 0 altsetting 0 endpoint 0x9 has invalid wMaxPacketSize 0
[ 1071.132244][ T6220] usb 2-1: New USB device found, idVendor=045e, idProduct=0283, bcdDevice=99.0b
[ 1071.150006][T14516] vhci_hcd vhci_hcd.0: pdev(4) rhport(0) sockfd(11)
[ 1071.156616][T14516] vhci_hcd vhci_hcd.0: devid(0) speed(3) speed_str(high-speed)
[ 1071.164510][T14516] vhci_hcd vhci_hcd.0: Device attached
[ 1071.177955][ T6220] usb 2-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[ 1071.186292][T11289] device veth1_macvtap left promiscuous mode
[ 1071.192337][T11289] device veth0_macvtap left promiscuous mode
[ 1071.198475][ T6220] usb 2-1: Product: syz
[ 1071.202660][ T6220] usb 2-1: Manufacturer: syz
[ 1071.213586][ T6220] usb 2-1: SerialNumber: syz
[ 1071.229584][ T6220] usb 2-1: config 0 descriptor??
[ 1071.494628][ T4388] usb 41-1: new high-speed USB device number 5 using vhci_hcd
[ 1071.717572][T10111] usb 2-1: USB disconnect, device number 35
[ 1071.745144][   T26] audit: type=1326 audit(1759908812.160:163): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=14525 comm="syz.5.2601" exe="/root/syz-executor" sig=9 arch=c000003e syscall=231 compat=0 ip=0x7f9d25d8eec9 code=0x0
[ 1071.844521][T14517] vhci_hcd: connection reset by peer
[ 1071.859343][   T11] vhci_hcd: stop threads
[ 1071.953755][   T11] vhci_hcd: release socket
[ 1071.986441][   T11] vhci_hcd: disconnect device
[ 1073.596133][T11289] bond1 (unregistering): Released all slaves
[ 1073.964442][T10111] usb 6-1: new high-speed USB device number 14 using dummy_hcd
[ 1075.644531][T10111] usb 6-1: Using ep0 maxpacket: 16
[ 1075.652447][T10111] usb 6-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config
[ 1075.687462][T10111] usb 6-1: config 0 has 0 interfaces, different from the descriptor's value: 1
[ 1075.699510][T10111] usb 6-1: New USB device found, idVendor=04d8, idProduct=00dd, bcdDevice= 0.00
[ 1075.712091][T10111] usb 6-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[ 1075.743725][T10111] usb 6-1: config 0 descriptor??
[ 1076.029743][T11289] team0 (unregistering): Port device team_slave_1 removed
[ 1076.116286][T11289] team0 (unregistering): Port device team_slave_0 removed
[ 1076.183293][ T4348] usb 6-1: USB disconnect, device number 14
[ 1076.217727][T11289] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface
[ 1076.261768][T11289] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface
[ 1076.629747][ T4388] vhci_hcd: vhci_device speed not set
[ 1076.770514][T11289] bond0 (unregistering): Released all slaves
[ 1080.457033][T14578] syz.5.2610 (14578): drop_caches: 1
[ 1080.739585][T14585] rtc_cmos 00:00: Alarms can be up to one day in the future
[ 1080.887122][T14425] netdevsim netdevsim3 netdevsim0: renamed from eth0
[ 1080.947961][T14425] netdevsim netdevsim3 netdevsim1: renamed from eth1
[ 1081.017523][T14425] netdevsim netdevsim3 netdevsim2: renamed from eth2
[ 1081.065698][T14425] netdevsim netdevsim3 netdevsim3: renamed from eth3
[ 1081.133291][   T26] audit: type=1326 audit(1759908821.550:164): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=14592 comm="syz.0.2616" exe="/root/syz-executor" sig=9 arch=c000003e syscall=231 compat=0 ip=0x7ffacb18eec9 code=0x0
[ 1082.370135][ T4348] rtc_cmos 00:00: Alarms can be up to one day in the future
[ 1082.441601][ T4348] rtc_cmos 00:00: Alarms can be up to one day in the future
[ 1082.477782][T14425] 8021q: adding VLAN 0 to HW filter on device bond0
[ 1082.493155][T14425] 8021q: adding VLAN 0 to HW filter on device team0
[ 1082.508705][T11291] IPv6: ADDRCONF(NETDEV_CHANGE): veth1: link becomes ready
[ 1082.550825][T11291] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready
[ 1082.585093][T11291] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bridge: link becomes ready
[ 1082.616380][ T4348] rtc_cmos 00:00: Alarms can be up to one day in the future
[ 1082.657966][ T4348] rtc_cmos 00:00: Alarms can be up to one day in the future
[ 1082.680533][T11291] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready
[ 1082.721020][ T4348] rtc rtc0: __rtc_set_alarm: err=-22
[ 1083.596231][T11291] bridge0: port 1(bridge_slave_0) entered blocking state
[ 1083.604368][T11291] bridge0: port 1(bridge_slave_0) entered forwarding state
[ 1083.715275][T11291] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bridge: link becomes ready
[ 1083.736557][T11291] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready
[ 1083.754865][T11291] bridge0: port 2(bridge_slave_1) entered blocking state
[ 1083.761971][T11291] bridge0: port 2(bridge_slave_1) entered forwarding state
[ 1083.794722][T11291] IPv6: ADDRCONF(NETDEV_CHANGE): bridge0: link becomes ready
[ 1083.820374][T11291] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bond: link becomes ready
[ 1083.854785][ T4969] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bond: link becomes ready
[ 1083.909633][ T4969] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_team: link becomes ready
[ 1083.943051][ T4969] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_0: link becomes ready
[ 1083.962223][ T4969] IPv6: ADDRCONF(NETDEV_CHANGE): team0: link becomes ready
[ 1083.991736][T14425] hsr0: Slave A (hsr_slave_0) is not up; please bring it up to get a fully working HSR network
[ 1084.054479][T14425] hsr0: Slave B (hsr_slave_1) is not up; please bring it up to get a fully working HSR network
[ 1084.911899][T11289] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_team: link becomes ready
[ 1084.930540][T11289] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_1: link becomes ready
[ 1085.160587][T11289] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_hsr: link becomes ready
[ 1085.784552][T11289] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_0: link becomes ready
[ 1085.793207][T11289] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_hsr: link becomes ready
[ 1085.801727][T11289] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_1: link becomes ready
[ 1085.810411][T11289] IPv6: ADDRCONF(NETDEV_CHANGE): hsr0: link becomes ready
[ 1086.169386][T14636] ubi: mtd0 is already attached to ubi31
[ 1086.262319][   T26] audit: type=1326 audit(1759908826.680:165): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=14638 comm="syz.4.2622" exe="/root/syz-executor" sig=9 arch=c000003e syscall=231 compat=0 ip=0x7f6a3078eec9 code=0x0
[ 1086.284081][    C0] vkms_vblank_simulate: vblank timer overrun
[ 1088.926211][T14655] syz.4.2625 (14655): drop_caches: 1
[ 1089.099177][   T26] audit: type=1326 audit(1759908829.520:166): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=14662 comm="syz.1.2626" exe="/root/syz-executor" sig=9 arch=c000003e syscall=231 compat=0 ip=0x7fba1c58eec9 code=0x0
[ 1089.347476][T11294] IPv6: ADDRCONF(NETDEV_CHANGE): vxcan1: link becomes ready
[ 1089.355954][T11294] IPv6: ADDRCONF(NETDEV_CHANGE): vxcan0: link becomes ready
[ 1090.520908][T14425] 8021q: adding VLAN 0 to HW filter on device batadv0
[ 1090.593154][T14655] syz.4.2625 (14655): drop_caches: 1
[ 1090.648929][T11294] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_virt_wifi: link becomes ready
[ 1090.681668][T11294] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_virt_wifi: link becomes ready
[ 1090.711789][T11284] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_vlan: link becomes ready
[ 1090.755327][T11284] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_vlan: link becomes ready
[ 1090.817413][T14425] device veth0_vlan entered promiscuous mode
[ 1090.838892][T11284] IPv6: ADDRCONF(NETDEV_CHANGE): vlan0: link becomes ready
[ 1090.851730][T11284] IPv6: ADDRCONF(NETDEV_CHANGE): vlan1: link becomes ready
[ 1090.915759][T14425] device veth1_vlan entered promiscuous mode
[ 1092.840016][T14425] device veth0_macvtap entered promiscuous mode
[ 1092.914578][T14425] device veth1_macvtap entered promiscuous mode
[ 1092.977402][T14425] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0
[ 1093.012189][T14425] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[ 1093.032814][T14425] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0
[ 1093.053866][T14425] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[ 1093.064455][T14425] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0
[ 1093.091919][T14425] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[ 1093.102453][T14425] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0
[ 1093.113316][T14425] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[ 1093.185471][T14425] batman_adv: batadv0: Interface activated: batadv_slave_0
[ 1093.208577][T11291] IPv6: ADDRCONF(NETDEV_CHANGE): macvlan0: link becomes ready
[ 1093.237508][T11291] IPv6: ADDRCONF(NETDEV_CHANGE): macvlan1: link becomes ready
[ 1093.289798][T11291] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_macvtap: link becomes ready
[ 1093.312607][T11291] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_macvtap: link becomes ready
[ 1093.321401][T11291] IPv6: ADDRCONF(NETDEV_CHANGE): macsec0: link becomes ready
[ 1093.329521][T11291] IPv6: ADDRCONF(NETDEV_CHANGE): batadv_slave_0: link becomes ready
[ 1093.339294][T11291] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_batadv: link becomes ready
[ 1093.352823][T11291] IPv6: ADDRCONF(NETDEV_CHANGE): macvtap0: link becomes ready
[ 1093.368313][T14425] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1
[ 1093.393238][T14425] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[ 1093.404073][T14425] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1
[ 1093.418299][T14425] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[ 1093.435424][T14425] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1
[ 1093.446653][T14425] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[ 1093.457027][T14425] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1
[ 1093.470137][T14425] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[ 1093.493983][T14425] batman_adv: batadv0: Interface activated: batadv_slave_1
[ 1093.507254][T14425] netdevsim netdevsim3 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0
[ 1093.518301][T14425] netdevsim netdevsim3 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0
[ 1093.527829][T14425] netdevsim netdevsim3 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0
[ 1093.536789][T14425] netdevsim netdevsim3 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0
[ 1093.614562][T11284] IPv6: ADDRCONF(NETDEV_CHANGE): batadv_slave_1: link becomes ready
[ 1093.630968][T11284] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_batadv: link becomes ready
[ 1093.659198][T11284] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[ 1093.668241][T11284] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50
[ 1093.680860][T11284] IPv6: ADDRCONF(NETDEV_CHANGE): wlan0: link becomes ready
[ 1093.805289][T11284] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[ 1093.813368][T11284] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50
[ 1093.914246][T11284] IPv6: ADDRCONF(NETDEV_CHANGE): wlan1: link becomes ready
[ 1094.987973][T14719] device syzkaller1 entered promiscuous mode
[ 1095.365045][   T26] audit: type=1326 audit(1759908835.780:167): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=14723 comm="syz.3.2638" exe="/root/syz-executor" sig=9 arch=c000003e syscall=231 compat=0 ip=0x7f9a8058eec9 code=0x0
[ 1095.539310][T14730] vhci_hcd vhci_hcd.0: pdev(3) rhport(0) sockfd(11)
[ 1095.546051][T14730] vhci_hcd vhci_hcd.0: devid(0) speed(3) speed_str(high-speed)
[ 1095.554168][T14730] vhci_hcd vhci_hcd.0: Device attached
[ 1095.874508][ T4348] usb 39-1: new high-speed USB device number 2 using vhci_hcd
[ 1096.183297][T14731] vhci_hcd: connection reset by peer
[ 1096.189327][   T41] vhci_hcd: stop threads
[ 1096.194098][   T41] vhci_hcd: release socket
[ 1096.212095][   T41] vhci_hcd: disconnect device
[ 1097.713033][   T26] audit: type=1326 audit(1759908838.130:168): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=14758 comm="syz.0.2642" exe="/root/syz-executor" sig=9 arch=c000003e syscall=231 compat=0 ip=0x7ffacb18eec9 code=0x0
[ 1097.734811][    C0] vkms_vblank_simulate: vblank timer overrun
[ 1101.024576][ T4348] vhci_hcd: vhci_device speed not set
[ 1101.032686][T14783] netlink: 100 bytes leftover after parsing attributes in process `syz.5.2647'.
[ 1101.849354][T14790] rtc_cmos 00:00: Alarms can be up to one day in the future
[ 1102.134848][T14800] netlink: 24 bytes leftover after parsing attributes in process `syz.3.2652'.
[ 1102.395217][T13806] rtc_cmos 00:00: Alarms can be up to one day in the future
[ 1102.410925][T13806] rtc_cmos 00:00: Alarms can be up to one day in the future
[ 1102.445010][T13806] rtc_cmos 00:00: Alarms can be up to one day in the future
[ 1102.496147][T13806] rtc_cmos 00:00: Alarms can be up to one day in the future
[ 1102.534787][T13806] rtc rtc0: __rtc_set_alarm: err=-22
[ 1105.189929][T14843] netlink: 'syz.0.2660': attribute type 10 has an invalid length.
[ 1105.433714][T14843] bond0: (slave wlan1): Enslaving as an active interface with an up link
[ 1105.615134][T14850] overlayfs: failed to resolve './file1': -2
[ 1105.990454][T14859] rtc_cmos 00:00: Alarms can be up to one day in the future
[ 1106.391250][T14863] bridge0: trying to set multicast query interval below minimum, setting to 100 (1000ms)
[ 1106.401674][ T4348] rtc_cmos 00:00: Alarms can be up to one day in the future
[ 1106.411800][ T4348] rtc_cmos 00:00: Alarms can be up to one day in the future
[ 1106.460340][ T4348] rtc_cmos 00:00: Alarms can be up to one day in the future
[ 1106.550296][ T4348] rtc_cmos 00:00: Alarms can be up to one day in the future
[ 1106.557843][ T4348] rtc rtc0: __rtc_set_alarm: err=-22
[ 1106.839881][T14876] kernel profiling enabled (shift: 6)
[ 1107.026493][T14876] netlink: 4 bytes leftover after parsing attributes in process `syz.3.2669'.
[ 1108.050579][T14897] overlayfs: failed to resolve './file1': -2
[ 1109.787485][   T26] audit: type=1326 audit(1759908850.210:169): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=14917 comm="syz.0.2678" exe="/root/syz-executor" sig=9 arch=c000003e syscall=231 compat=0 ip=0x7ffacb18eec9 code=0x0
[ 1111.750520][T14941] device syzkaller0 entered promiscuous mode
[ 1113.859414][T14948] tipc: Enabled bearer <eth:syzkaller0>, priority 0
[ 1113.897798][T14949] device syzkaller0 entered promiscuous mode
[ 1114.046429][T14949] tipc: Resetting bearer <eth:syzkaller0>
[ 1114.079481][T14947] tipc: Resetting bearer <eth:syzkaller0>
[ 1114.133431][   T26] audit: type=1326 audit(1759908854.550:170): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=14957 comm="syz.4.2692" exe="/root/syz-executor" sig=31 arch=c000003e syscall=202 compat=0 ip=0x7f6a3078eec9 code=0x0
[ 1114.155266][    C1] vkms_vblank_simulate: vblank timer overrun
[ 1114.162568][T14947] tipc: Disabling bearer <eth:syzkaller0>
[ 1114.280739][   T26] audit: type=1326 audit(1759908854.700:171): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=14960 comm="syz.0.2693" exe="/root/syz-executor" sig=9 arch=c000003e syscall=231 compat=0 ip=0x7ffacb18eec9 code=0x0
[ 1114.302758][    C1] vkms_vblank_simulate: vblank timer overrun
[ 1114.428359][T14965] vhci_hcd vhci_hcd.0: pdev(0) rhport(0) sockfd(8)
[ 1114.434913][T14965] vhci_hcd vhci_hcd.0: devid(0) speed(3) speed_str(high-speed)
[ 1114.443039][T14965] vhci_hcd vhci_hcd.0: Device attached
[ 1114.724432][ T4387] usb 33-1: new high-speed USB device number 5 using vhci_hcd
[ 1115.091236][T14966] vhci_hcd: connection closed
[ 1115.092148][T11284] vhci_hcd: stop threads
[ 1115.506477][ T1277] ieee802154 phy0 wpan0: encryption failed: -22
[ 1115.513444][ T1277] ieee802154 phy1 wpan1: encryption failed: -22
[ 1115.595459][T11284] vhci_hcd: release socket
[ 1115.599957][T11284] vhci_hcd: disconnect device
[ 1116.892202][T14992] device bond0 entered promiscuous mode
[ 1116.913421][T14992] device bond_slave_0 entered promiscuous mode
[ 1117.046181][T14992] device bond_slave_1 entered promiscuous mode
[ 1117.094241][T14992] device dummy0 entered promiscuous mode
[ 1117.114778][T14992] device hsr1 entered promiscuous mode
[ 1119.153604][ T4680] IPv6: ADDRCONF(NETDEV_CHANGE): hsr1: link becomes ready
[ 1119.626900][   T26] audit: type=1326 audit(1759908860.050:172): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=15012 comm="syz.0.2706" exe="/root/syz-executor" sig=31 arch=c000003e syscall=202 compat=0 ip=0x7ffacb18eec9 code=0x0
[ 1120.168445][   T26] audit: type=1326 audit(1759908860.590:173): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=15019 comm="syz.1.2708" exe="/root/syz-executor" sig=9 arch=c000003e syscall=231 compat=0 ip=0x7fba1c58eec9 code=0x0
[ 1120.233669][T15023] vhci_hcd vhci_hcd.0: pdev(1) rhport(0) sockfd(8)
[ 1120.240212][T15023] vhci_hcd vhci_hcd.0: devid(0) speed(3) speed_str(high-speed)
[ 1120.247982][T15023] vhci_hcd vhci_hcd.0: Device attached
[ 1120.268540][T15027] hub 1-0:1.0: USB hub found
[ 1120.274190][T15027] hub 1-0:1.0: 1 port detected
[ 1120.394431][ T4387] vhci_hcd: vhci_device speed not set
[ 1120.534449][ T4348] usb 35-1: new high-speed USB device number 3 using vhci_hcd
[ 1121.684932][T15025] vhci_hcd: connection reset by peer
[ 1121.691513][ T4680] vhci_hcd: stop threads
[ 1121.731733][ T4680] vhci_hcd: release socket
[ 1121.759312][ T4680] vhci_hcd: disconnect device
[ 1122.634522][ T4335] usb 1-1: new high-speed USB device number 24 using dummy_hcd
[ 1122.706499][T15067] netlink: 'syz.3.2721': attribute type 1 has an invalid length.
[ 1123.543845][ T4335] usb 1-1: config 0 interface 0 altsetting 0 has an invalid endpoint with address 0xF4, skipping
[ 1123.556365][ T4335] usb 1-1: config 0 interface 0 altsetting 0 has an invalid endpoint with address 0xBA, skipping
[ 1123.864743][ T4335] usb 1-1: New USB device found, idVendor=2294, idProduct=425b, bcdDevice=a2.10
[ 1123.900928][ T4335] usb 1-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[ 1123.911530][ T4335] usb 1-1: Product: syz
[ 1123.917038][ T4335] usb 1-1: Manufacturer: syz
[ 1123.921718][ T4335] usb 1-1: SerialNumber: syz
[ 1123.934676][ T4335] usb 1-1: config 0 descriptor??
[ 1124.106839][T15056] raw-gadget.0 gadget.0: fail, usb_ep_enable returned -22
[ 1124.215310][ T4335] usb 1-1: ucan: probing device on interface #0
[ 1124.221705][ T4335] usb 1-1: ucan: invalid EP count (0)
[ 1124.241193][ T4335] usb 1-1: ucan: probe failed; try to update the device firmware
[ 1124.649587][   T26] audit: type=1326 audit(1759908865.070:174): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=15077 comm="syz.5.2723" exe="/root/syz-executor" sig=31 arch=c000003e syscall=202 compat=0 ip=0x7f9d25d8eec9 code=0x0
[ 1124.671418][    C0] vkms_vblank_simulate: vblank timer overrun
[ 1125.664457][ T4348] vhci_hcd: vhci_device speed not set
[ 1126.804395][T15105] comedi comedi0: Minor 3 could not be opened
[ 1126.864645][ T4276] Bluetooth: hci3: command 0x1003 tx timeout
[ 1126.872748][ T4273] Bluetooth: hci3: Opcode 0x1003 failed: -110
[ 1127.374335][T13627] usb 5-1: new high-speed USB device number 35 using dummy_hcd
[ 1127.563836][T15110] ubi: mtd0 is already attached to ubi31
[ 1127.604345][T13627] usb 5-1: Using ep0 maxpacket: 8
[ 1127.610909][T13627] usb 5-1: config 16 has an invalid descriptor of length 0, skipping remainder of the config
[ 1127.632930][T13627] usb 5-1: config 16 interface 0 altsetting 0 has 0 endpoint descriptors, different from the interface descriptor's value: 3
[ 1127.648675][T13627] usb 5-1: New USB device found, idVendor=ee8d, idProduct=db1a, bcdDevice=61.23
[ 1127.658494][T13627] usb 5-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[ 1127.683859][T13627] usbtmc 5-1:16.0: bulk endpoints not found
[ 1127.720672][T15113] tipc: Enabled bearer <eth:syzkaller0>, priority 0
[ 1127.728205][T15113] device syzkaller0 entered promiscuous mode
[ 1127.752651][T15113] tipc: Resetting bearer <eth:syzkaller0>
[ 1127.762219][T15112] tipc: Resetting bearer <eth:syzkaller0>
[ 1127.799917][T15112] tipc: Disabling bearer <eth:syzkaller0>
[ 1128.875780][ T4348] usb 1-1: USB disconnect, device number 24
[ 1128.921666][ T4378] usb 5-1: USB disconnect, device number 35
[ 1130.322802][   T26] audit: type=1326 audit(1759908870.740:175): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=15127 comm="syz.4.2738" exe="/root/syz-executor" sig=31 arch=c000003e syscall=202 compat=0 ip=0x7f6a3078eec9 code=0x0
[ 1131.764272][T15143] tipc: Started in network mode
[ 1131.769185][T15143] tipc: Node identity 96060f689a3a, cluster identity 4711
[ 1131.778035][T15143] tipc: Enabled bearer <eth:syzkaller0>, priority 0
[ 1131.807548][T15143] tipc: Resetting bearer <eth:syzkaller0>
[ 1131.872365][T15140] tipc: Disabling bearer <eth:syzkaller0>
[ 1134.059945][T15163] rtc_cmos 00:00: Alarms can be up to one day in the future
[ 1134.464664][ T4348] usb 6-1: new high-speed USB device number 15 using dummy_hcd
[ 1136.116202][ T4348] usb 6-1: config 0 interface 0 altsetting 0 has an invalid endpoint with address 0xF4, skipping
[ 1136.333895][ T4348] usb 6-1: config 0 interface 0 altsetting 0 has an invalid endpoint with address 0xBA, skipping
[ 1136.404874][ T7475] rtc_cmos 00:00: Alarms can be up to one day in the future
[ 1136.425330][ T7475] rtc_cmos 00:00: Alarms can be up to one day in the future
[ 1136.508924][ T7475] rtc_cmos 00:00: Alarms can be up to one day in the future
[ 1136.547438][ T7475] rtc_cmos 00:00: Alarms can be up to one day in the future
[ 1136.578530][ T7475] rtc rtc0: __rtc_set_alarm: err=-22
[ 1136.629915][T15187] netlink: 64 bytes leftover after parsing attributes in process `syz.4.2750'.
[ 1137.380834][   T26] audit: type=1326 audit(1759908877.800:176): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=15197 comm="syz.3.2755" exe="/root/syz-executor" sig=31 arch=c000003e syscall=202 compat=0 ip=0x7f9a8058eec9 code=0x0
[ 1138.086484][ T4348] usb 6-1: string descriptor 0 read error: -71
[ 1138.094482][ T4348] usb 6-1: New USB device found, idVendor=2294, idProduct=425b, bcdDevice=a2.10
[ 1138.164628][ T4348] usb 6-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[ 1138.223827][ T4348] usb 6-1: config 0 descriptor??
[ 1138.289853][ T4348] usb 6-1: can't set config #0, error -71
[ 1138.371246][ T4348] usb 6-1: USB disconnect, device number 15
[ 1138.495924][T15213] rtc_cmos 00:00: Alarms can be up to one day in the future
[ 1139.390805][T13109] rtc_cmos 00:00: Alarms can be up to one day in the future
[ 1139.445842][T13109] rtc_cmos 00:00: Alarms can be up to one day in the future
[ 1139.491759][T13109] rtc_cmos 00:00: Alarms can be up to one day in the future
[ 1139.546478][T13109] rtc_cmos 00:00: Alarms can be up to one day in the future
[ 1139.590639][T13109] rtc rtc0: __rtc_set_alarm: err=-22
[ 1139.856923][T15238] rtc_cmos 00:00: Alarms can be up to one day in the future
[ 1140.489679][ T4356] rtc_cmos 00:00: Alarms can be up to one day in the future
[ 1140.526534][ T4356] rtc_cmos 00:00: Alarms can be up to one day in the future
[ 1140.626885][ T4356] rtc_cmos 00:00: Alarms can be up to one day in the future
[ 1140.668649][ T4356] rtc_cmos 00:00: Alarms can be up to one day in the future
[ 1140.677506][ T4356] rtc rtc0: __rtc_set_alarm: err=-22
[ 1142.574335][T13627] usb 1-1: new high-speed USB device number 25 using dummy_hcd
[ 1143.476720][T15268] rtc_cmos 00:00: Alarms can be up to one day in the future
[ 1143.647290][T13627] usb 1-1: config 0 interface 0 altsetting 0 has an invalid endpoint with address 0xF4, skipping
[ 1143.701241][T13627] usb 1-1: config 0 interface 0 altsetting 0 has an invalid endpoint with address 0xBA, skipping
[ 1143.861646][T13627] usb 1-1: New USB device found, idVendor=2294, idProduct=425b, bcdDevice=a2.10
[ 1143.927970][T13627] usb 1-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[ 1143.984767][T13627] usb 1-1: Product: syz
[ 1143.988952][T13627] usb 1-1: Manufacturer: syz
[ 1144.074943][T13627] usb 1-1: SerialNumber: syz
[ 1144.821996][ T4356] rtc_cmos 00:00: Alarms can be up to one day in the future
[ 1144.831961][ T4356] rtc_cmos 00:00: Alarms can be up to one day in the future
[ 1144.840460][ T4356] rtc_cmos 00:00: Alarms can be up to one day in the future
[ 1144.848623][ T4356] rtc_cmos 00:00: Alarms can be up to one day in the future
[ 1144.855997][ T4356] rtc rtc0: __rtc_set_alarm: err=-22
[ 1144.925531][T13627] usb 1-1: config 0 descriptor??
[ 1145.323355][T15283] rtc_cmos 00:00: Alarms can be up to one day in the future
[ 1145.390036][ T4348] rtc_cmos 00:00: Alarms can be up to one day in the future
[ 1146.044682][ T4348] rtc_cmos 00:00: Alarms can be up to one day in the future
[ 1146.052303][ T4348] rtc_cmos 00:00: Alarms can be up to one day in the future
[ 1146.060049][ T4348] rtc_cmos 00:00: Alarms can be up to one day in the future
[ 1146.068088][ T4348] rtc rtc0: __rtc_set_alarm: err=-22
[ 1146.364618][T13627] usb 1-1: can't set config #0, error -71
[ 1146.387446][T13627] usb 1-1: USB disconnect, device number 25
[ 1146.674464][ T4348] usb 5-1: new high-speed USB device number 36 using dummy_hcd
[ 1148.354507][ T4348] usb 5-1: Using ep0 maxpacket: 8
[ 1148.361318][ T4348] usb 5-1: config 0 has an invalid interface number: 1 but max is 0
[ 1148.467054][ T4348] usb 5-1: config 0 has no interface number 0
[ 1148.531997][ T4348] usb 5-1: config 0 interface 1 altsetting 0 has 0 endpoint descriptors, different from the interface descriptor's value: 1
[ 1148.565602][ T4348] usb 5-1: New USB device found, idVendor=07c0, idProduct=1512, bcdDevice=30.22
[ 1148.576118][ T4348] usb 5-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[ 1148.596746][ T4348] usb 5-1: config 0 descriptor??
[ 1148.610417][ T4348] iowarrior 5-1:0.1: no interrupt-in endpoint found
[ 1148.823558][ T4378] usb 5-1: USB disconnect, device number 36
[ 1150.603259][   T26] audit: type=1326 audit(1759908891.020:177): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=15313 comm="syz.5.2788" exe="/root/syz-executor" sig=9 arch=c000003e syscall=231 compat=0 ip=0x7f9d25d8eec9 code=0x0
[ 1150.728924][T15317] vhci_hcd vhci_hcd.0: pdev(5) rhport(0) sockfd(8)
[ 1150.735460][T15317] vhci_hcd vhci_hcd.0: devid(0) speed(3) speed_str(high-speed)
[ 1150.749124][T15317] vhci_hcd vhci_hcd.0: Device attached
[ 1151.014531][ T4348] usb 43-1: new high-speed USB device number 3 using vhci_hcd
[ 1151.453887][T15336] rtc_cmos 00:00: Alarms can be up to one day in the future
[ 1152.389147][T13806] rtc_cmos 00:00: Alarms can be up to one day in the future
[ 1152.401092][T13806] rtc_cmos 00:00: Alarms can be up to one day in the future
[ 1152.437503][T13806] rtc_cmos 00:00: Alarms can be up to one day in the future
[ 1152.684445][ T4387] usb 1-1: new high-speed USB device number 26 using dummy_hcd
[ 1152.907564][T13806] rtc_cmos 00:00: Alarms can be up to one day in the future
[ 1153.000944][T13806] rtc rtc0: __rtc_set_alarm: err=-22
[ 1153.094793][T15319] vhci_hcd: connection reset by peer
[ 1153.100576][ T4969] vhci_hcd: stop threads
[ 1153.105169][ T4969] vhci_hcd: release socket
[ 1153.126125][ T4387] usb 1-1: config 0 interface 0 altsetting 0 has an invalid endpoint with address 0xF4, skipping
[ 1153.145545][ T4969] vhci_hcd: disconnect device
[ 1153.182598][ T4387] usb 1-1: config 0 interface 0 altsetting 0 has an invalid endpoint with address 0xBA, skipping
[ 1155.534744][T15357] netlink: 4 bytes leftover after parsing attributes in process `syz.4.2793'.
[ 1155.774318][T13806] usb 2-1: new high-speed USB device number 36 using dummy_hcd
[ 1155.984579][T13806] usb 2-1: Using ep0 maxpacket: 8
[ 1155.997080][T13806] usb 2-1: config 0 has an invalid interface number: 1 but max is 0
[ 1156.055782][T13806] usb 2-1: config 0 has no interface number 0
[ 1156.074508][T13109] usb 6-1: new full-speed USB device number 16 using dummy_hcd
[ 1156.122775][T13806] usb 2-1: config 0 interface 1 altsetting 0 has 0 endpoint descriptors, different from the interface descriptor's value: 1
[ 1156.154357][ T4348] vhci_hcd: vhci_device speed not set
[ 1156.180100][T13806] usb 2-1: New USB device found, idVendor=07c0, idProduct=1512, bcdDevice=30.22
[ 1156.199342][T13806] usb 2-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[ 1156.241630][T13806] usb 2-1: config 0 descriptor??
[ 1156.289000][T13806] iowarrior 2-1:0.1: no interrupt-in endpoint found
[ 1156.317172][T13109] usb 6-1: config index 0 descriptor too short (expected 301, got 45)
[ 1156.355289][T13109] usb 6-1: config 16 interface 0 altsetting 0 endpoint 0x5 has invalid wMaxPacketSize 0
[ 1156.395044][T13109] usb 6-1: config 16 interface 0 altsetting 0 has 2 endpoint descriptors, different from the interface descriptor's value: 3
[ 1156.458883][T13109] usb 6-1: New USB device found, idVendor=ee8d, idProduct=db1e, bcdDevice=61.23
[ 1156.494968][ T4387] usb 1-1: string descriptor 0 read error: -71
[ 1156.501198][ T4387] usb 1-1: New USB device found, idVendor=2294, idProduct=425b, bcdDevice=a2.10
[ 1156.514158][T13109] usb 6-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[ 1156.571630][T13806] usb 2-1: USB disconnect, device number 36
[ 1156.581184][ T4387] usb 1-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[ 1156.632865][ T4387] usb 1-1: config 0 descriptor??
[ 1156.672244][ T4387] usb 1-1: can't set config #0, error -71
[ 1156.722859][ T4387] usb 1-1: USB disconnect, device number 26
[ 1156.783047][T15360] Scaler: =================  START STATUS  =================
[ 1156.821720][T15360] Scaler: ==================  END STATUS  ==================
[ 1156.881379][T13109] usb 6-1: GET_CAPABILITIES returned 0
[ 1156.887162][T13109] usbtmc 6-1:16.0: can't read capabilities
[ 1157.947672][ T4348] usb 6-1: USB disconnect, device number 16
[ 1157.955397][T15360] usbtmc 6-1:16.0: usb_control_msg returned -71
[ 1160.023909][T15399] tipc: Enabling of bearer <eth:syzkaller0> rejected, failed to enable media
[ 1161.930613][   T26] audit: type=1326 audit(1759908902.350:178): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=15420 comm="syz.0.2812" exe="/root/syz-executor" sig=9 arch=c000003e syscall=231 compat=0 ip=0x7ffacb18eec9 code=0x0
[ 1162.444166][T15422] vhci_hcd vhci_hcd.0: pdev(0) rhport(0) sockfd(9)
[ 1162.450718][T15422] vhci_hcd vhci_hcd.0: devid(0) speed(3) speed_str(high-speed)
[ 1162.464561][ T4276] Bluetooth: hci3: command 0x1003 tx timeout
[ 1162.470774][ T4273] Bluetooth: hci3: Opcode 0x1003 failed: -110
[ 1162.504564][T15422] vhci_hcd vhci_hcd.0: Device attached
[ 1162.672634][T15430] vhci_hcd: connection closed
[ 1162.673315][ T4369] vhci_hcd: stop threads
[ 1162.714315][ T4369] vhci_hcd: release socket
[ 1162.749284][ T4369] vhci_hcd: disconnect device
[ 1162.774658][T13109] usb 33-1: new high-speed USB device number 6 using vhci_hcd
[ 1162.792222][T13109] usb 33-1: enqueue for inactive port 0
[ 1162.896064][T13109] vhci_hcd: vhci_device speed not set
[ 1163.700383][ T4348] usb 1-1: new full-speed USB device number 27 using dummy_hcd
[ 1163.893901][T15454] netlink: 4 bytes leftover after parsing attributes in process `syz.3.2814'.
[ 1164.018773][ T4348] usb 1-1: config index 0 descriptor too short (expected 301, got 45)
[ 1164.049179][ T4348] usb 1-1: config 16 interface 0 altsetting 0 endpoint 0x5 has invalid wMaxPacketSize 0
[ 1164.104289][ T4348] usb 1-1: config 16 interface 0 altsetting 0 has 2 endpoint descriptors, different from the interface descriptor's value: 3
[ 1164.154186][ T4348] usb 1-1: New USB device found, idVendor=ee8d, idProduct=db1e, bcdDevice=61.23
[ 1164.172870][ T4348] usb 1-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[ 1164.687418][T15443] Scaler: =================  START STATUS  =================
[ 1164.727484][T15443] Scaler: ==================  END STATUS  ==================
[ 1164.744811][ T4348] usb 1-1: GET_CAPABILITIES returned 0
[ 1164.750326][ T4348] usbtmc 1-1:16.0: can't read capabilities
[ 1165.066354][T15443] usbtmc 1-1:16.0: usb_control_msg returned -71
[ 1165.074561][ T4335] usb 1-1: USB disconnect, device number 27
[ 1165.244408][T15462] tipc: Enabled bearer <eth:syzkaller0>, priority 0
[ 1165.314692][T15473] tipc: Resetting bearer <eth:syzkaller0>
[ 1165.607021][T15460] tipc: Disabling bearer <eth:syzkaller0>
[ 1167.375989][   T26] audit: type=1326 audit(1759908907.800:179): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=15499 comm="syz.3.2827" exe="/root/syz-executor" sig=9 arch=c000003e syscall=231 compat=0 ip=0x7f9a8058eec9 code=0x0
[ 1167.831204][T15503] vhci_hcd vhci_hcd.0: pdev(3) rhport(0) sockfd(9)
[ 1167.837768][T15503] vhci_hcd vhci_hcd.0: devid(0) speed(3) speed_str(high-speed)
[ 1167.851349][T15503] vhci_hcd vhci_hcd.0: Device attached
[ 1168.114084][T15504] vhci_hcd: connection closed
[ 1168.114609][T11289] vhci_hcd: stop threads
[ 1168.124432][ T4335] usb 39-1: new high-speed USB device number 3 using vhci_hcd
[ 1168.142130][T11289] vhci_hcd: release socket
[ 1168.158531][T11289] vhci_hcd: disconnect device
[ 1168.304510][ T4273] Bluetooth: hci3: Opcode 0x1003 failed: -110
[ 1168.304548][ T4283] Bluetooth: hci3: command 0x1003 tx timeout
[ 1171.199644][T15551] tipc: Enabled bearer <eth:syzkaller0>, priority 0
[ 1171.236358][T15551] device syzkaller0 entered promiscuous mode
[ 1171.268478][   T26] audit: type=1326 audit(1759908911.690:180): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=15552 comm="syz.3.2841" exe="/root/syz-executor" sig=9 arch=c000003e syscall=231 compat=0 ip=0x7f9a8058eec9 code=0x0
[ 1171.323517][T15551] tipc: Resetting bearer <eth:syzkaller0>
[ 1171.475882][T15550] tipc: Resetting bearer <eth:syzkaller0>
[ 1171.699803][T15559] vhci_hcd vhci_hcd.0: pdev(3) rhport(0) sockfd(9)
[ 1171.706420][T15559] vhci_hcd vhci_hcd.0: devid(0) speed(3) speed_str(high-speed)
[ 1171.725026][T15550] tipc: Disabling bearer <eth:syzkaller0>
[ 1171.744513][T15559] vhci_hcd vhci_hcd.0: Device attached
[ 1171.992099][T15560] vhci_hcd: connection reset by peer
[ 1171.999858][ T4965] vhci_hcd: stop threads
[ 1172.007191][ T4965] vhci_hcd: release socket
[ 1172.019641][ T4965] vhci_hcd: disconnect device
[ 1172.654318][T13806] usb 6-1: new full-speed USB device number 17 using dummy_hcd
[ 1172.855816][T13806] usb 6-1: config index 0 descriptor too short (expected 301, got 45)
[ 1172.866992][T13806] usb 6-1: config 16 interface 0 altsetting 0 endpoint 0x5 has invalid wMaxPacketSize 0
[ 1172.884866][T13806] usb 6-1: config 16 interface 0 altsetting 0 has 2 endpoint descriptors, different from the interface descriptor's value: 3
[ 1172.913088][T13806] usb 6-1: New USB device found, idVendor=ee8d, idProduct=db1e, bcdDevice=61.23
[ 1172.923046][T13806] usb 6-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[ 1173.154201][T15571] Scaler: =================  START STATUS  =================
[ 1173.230884][T15571] Scaler: ==================  END STATUS  ==================
[ 1173.244510][   T14] usb 1-1: new high-speed USB device number 28 using dummy_hcd
[ 1173.322466][ T4335] vhci_hcd: vhci_device speed not set
[ 1173.499777][T13806] usb 6-1: GET_CAPABILITIES returned 0
[ 1173.506307][T13806] usbtmc 6-1:16.0: can't read capabilities
[ 1173.564306][   T14] usb 1-1: Using ep0 maxpacket: 8
[ 1173.570941][   T14] usb 1-1: config 16 interface 0 altsetting 0 endpoint 0x5 has invalid wMaxPacketSize 0
[ 1173.669826][   T14] usb 1-1: config 16 interface 0 altsetting 0 bulk endpoint 0x5 has invalid maxpacket 0
[ 1173.722184][   T14] usb 1-1: config 16 interface 0 altsetting 0 bulk endpoint 0x8B has invalid maxpacket 32
[ 1173.748452][   T14] usb 1-1: config 16 interface 0 altsetting 0 has 2 endpoint descriptors, different from the interface descriptor's value: 3
[ 1173.791769][   T14] usb 1-1: New USB device found, idVendor=ee8d, idProduct=db1a, bcdDevice=61.23
[ 1173.814592][   T14] usb 1-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[ 1174.051061][   T14] usb 1-1: GET_CAPABILITIES returned 0
[ 1174.064402][ T4283] Bluetooth: hci3: command 0x1003 tx timeout
[ 1174.064443][ T4273] Bluetooth: hci3: Opcode 0x1003 failed: -110
[ 1174.084485][   T14] usbtmc 1-1:16.0: can't read capabilities
[ 1174.258166][T15597] tmpfs: Unknown parameter 'usrquota'
[ 1176.955972][ T1277] ieee802154 phy0 wpan0: encryption failed: -22
[ 1178.641692][T15643] netlink: 4 bytes leftover after parsing attributes in process `syz.1.2862'.
[ 1178.785968][T15571] usbtmc 6-1:16.0: usb_control_msg returned -110
[ 1178.902998][T14246] usb 1-1: USB disconnect, device number 28
[ 1178.963055][T13806] usb 6-1: USB disconnect, device number 17
[ 1179.389371][T15657] rtc_cmos 00:00: Alarms can be up to one day in the future
[ 1179.767099][T13806] rtc_cmos 00:00: Alarms can be up to one day in the future
[ 1180.094736][T13806] rtc_cmos 00:00: Alarms can be up to one day in the future
[ 1180.102346][T13806] rtc_cmos 00:00: Alarms can be up to one day in the future
[ 1180.110018][T13806] rtc_cmos 00:00: Alarms can be up to one day in the future
[ 1180.117427][T13806] rtc rtc0: __rtc_set_alarm: err=-22
[ 1180.133520][T15655] netlink: 4 bytes leftover after parsing attributes in process `syz.4.2863'.
[ 1181.104696][ T4276] Bluetooth: hci3: command 0x1003 tx timeout
[ 1181.111222][ T4273] Bluetooth: hci3: Opcode 0x1003 failed: -110
[ 1181.909904][T15669] netlink: 4 bytes leftover after parsing attributes in process `syz.5.2867'.
[ 1184.080345][T15707] netlink: 4 bytes leftover after parsing attributes in process `syz.1.2876'.
[ 1186.760731][T15731] netlink: 100 bytes leftover after parsing attributes in process `syz.4.2881'.
[ 1186.800218][ T4477] Bluetooth: hci3: Frame reassembly failed (-84)
[ 1188.280866][T15751] netlink: 4 bytes leftover after parsing attributes in process `syz.5.2882'.
[ 1188.527886][T15755] bond0: (slave rose0): Error: Device is in use and cannot be enslaved
[ 1188.626807][T15759] netlink: 'syz.0.2887': attribute type 10 has an invalid length.
[ 1188.724118][T15759] team0: Device hsr_slave_0 failed to register rx_handler
[ 1188.864398][ T4276] Bluetooth: hci3: command 0x1003 tx timeout
[ 1188.864474][ T4273] Bluetooth: hci3: Opcode 0x1003 failed: -110
[ 1189.964570][ T6220] usb 5-1: new full-speed USB device number 37 using dummy_hcd
[ 1191.726885][ T6220] usb 5-1: config index 0 descriptor too short (expected 301, got 45)
[ 1191.754416][ T6220] usb 5-1: config 16 interface 0 altsetting 0 endpoint 0x5 has invalid wMaxPacketSize 0
[ 1191.784416][ T6220] usb 5-1: config 16 interface 0 altsetting 0 has 2 endpoint descriptors, different from the interface descriptor's value: 3
[ 1191.804105][ T6220] usb 5-1: New USB device found, idVendor=ee8d, idProduct=db1e, bcdDevice=61.23
[ 1191.813388][ T6220] usb 5-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[ 1191.960671][   T26] audit: type=1326 audit(1759908932.380:181): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=15778 comm="syz.5.2893" exe="/root/syz-executor" sig=31 arch=c000003e syscall=202 compat=0 ip=0x7f9d25d8eec9 code=0x0
[ 1192.069442][T15765] Scaler: =================  START STATUS  =================
[ 1192.116605][T15765] Scaler: ==================  END STATUS  ==================
[ 1192.157290][ T6220] usb 5-1: GET_CAPABILITIES returned 0
[ 1192.162836][ T6220] usbtmc 5-1:16.0: can't read capabilities
[ 1192.371856][ T6220] usb 5-1: USB disconnect, device number 37
[ 1192.812658][T15767] syz.0.2889 (15767): drop_caches: 1
[ 1194.125241][T15808] netlink: 100 bytes leftover after parsing attributes in process `syz.0.2900'.
[ 1194.255134][T15812] tipc: Enabled bearer <eth:syzkaller0>, priority 0
[ 1194.273323][T15812] device syzkaller0 entered promiscuous mode
[ 1194.321974][T15811] tipc: Resetting bearer <eth:syzkaller0>
[ 1194.375957][T15811] tipc: Disabling bearer <eth:syzkaller0>
[ 1196.224449][ T4273] Bluetooth: hci3: Opcode 0x1003 failed: -110
[ 1197.528870][T15833] netlink: 4 bytes leftover after parsing attributes in process `syz.4.2902'.
[ 1199.103474][T15864] netlink: 100 bytes leftover after parsing attributes in process `syz.0.2915'.
[ 1201.160662][T15896] rtc_cmos 00:00: Alarms can be up to one day in the future
[ 1201.184410][ T4273] Bluetooth: hci3: Opcode 0x1003 failed: -110
[ 1201.886805][ T4314] rtc_cmos 00:00: Alarms can be up to one day in the future
[ 1201.894466][ T4314] rtc_cmos 00:00: Alarms can be up to one day in the future
[ 1201.902070][ T4314] rtc_cmos 00:00: Alarms can be up to one day in the future
[ 1201.910440][ T4314] rtc_cmos 00:00: Alarms can be up to one day in the future
[ 1201.917814][ T4314] rtc rtc0: __rtc_set_alarm: err=-22
[ 1202.581951][T15907] netlink: 4 bytes leftover after parsing attributes in process `syz.5.2927'.
[ 1203.204334][T15907] device hsr_slave_1 left promiscuous mode
[ 1205.586100][T15930] rtc_cmos 00:00: Alarms can be up to one day in the future
[ 1206.397283][T13109] rtc_cmos 00:00: Alarms can be up to one day in the future
[ 1206.433596][T15939] netlink: 100 bytes leftover after parsing attributes in process `syz.1.2936'.
[ 1206.443088][T13109] rtc_cmos 00:00: Alarms can be up to one day in the future
[ 1206.479309][T13109] rtc_cmos 00:00: Alarms can be up to one day in the future
[ 1206.505544][T13109] rtc_cmos 00:00: Alarms can be up to one day in the future
[ 1206.519389][T13109] rtc rtc0: __rtc_set_alarm: err=-22
[ 1206.815783][T15948] netlink: 'syz.3.2941': attribute type 10 has an invalid length.
[ 1206.883916][T15948] 8021q: adding VLAN 0 to HW filter on device team0
[ 1206.896370][T15948] device team0 entered promiscuous mode
[ 1206.920472][T15948] device team_slave_0 entered promiscuous mode
[ 1206.957455][T15948] device team_slave_1 entered promiscuous mode
[ 1206.969854][T15948] bond0: (slave team0): Enslaving as an active interface with an up link
[ 1208.544327][ T4273] Bluetooth: hci3: Opcode 0x1003 failed: -110
[ 1208.544422][ T4283] Bluetooth: hci3: command 0x1003 tx timeout
[ 1209.615113][T15975] rtc_cmos 00:00: Alarms can be up to one day in the future
[ 1210.382288][T13109] rtc_cmos 00:00: Alarms can be up to one day in the future
[ 1210.420487][T13109] rtc_cmos 00:00: Alarms can be up to one day in the future
[ 1210.463397][T13109] rtc_cmos 00:00: Alarms can be up to one day in the future
[ 1210.561676][T13109] rtc_cmos 00:00: Alarms can be up to one day in the future
[ 1210.615152][T13109] rtc rtc0: __rtc_set_alarm: err=-22
[ 1210.799144][T15981] IPv6: NLM_F_CREATE should be specified when creating new route
[ 1211.099988][T15990] overlayfs: missing 'workdir'
[ 1211.183502][T15993] tipc: Enabling of bearer <eth:syzkaller0> rejected, failed to enable media
[ 1211.320721][T15997] netlink: 100 bytes leftover after parsing attributes in process `syz.1.2957'.
[ 1211.453687][T11283] Bluetooth: hci3: Frame reassembly failed (-84)
[ 1212.120696][T16015] ubi: mtd0 is already attached to ubi31
[ 1212.431866][T16019] rtc_cmos 00:00: Alarms can be up to one day in the future
[ 1213.381763][T13109] rtc_cmos 00:00: Alarms can be up to one day in the future
[ 1213.399815][T13109] rtc_cmos 00:00: Alarms can be up to one day in the future
[ 1213.481865][T13109] rtc_cmos 00:00: Alarms can be up to one day in the future
[ 1213.504414][ T4283] Bluetooth: hci3: command 0x1003 tx timeout
[ 1213.512038][ T4273] Bluetooth: hci3: Opcode 0x1003 failed: -110
[ 1213.663727][T13109] rtc_cmos 00:00: Alarms can be up to one day in the future
[ 1213.714359][T13109] rtc rtc0: __rtc_set_alarm: err=-22
[ 1214.104402][ T4378] usb 6-1: new full-speed USB device number 18 using dummy_hcd
[ 1214.326927][ T4378] usb 6-1: config index 0 descriptor too short (expected 301, got 45)
[ 1214.343979][ T4378] usb 6-1: config 16 interface 0 altsetting 0 endpoint 0x5 has invalid wMaxPacketSize 0
[ 1214.364148][ T4378] usb 6-1: config 16 interface 0 altsetting 0 has 2 endpoint descriptors, different from the interface descriptor's value: 3
[ 1214.454504][ T4378] usb 6-1: New USB device found, idVendor=ee8d, idProduct=db1e, bcdDevice=61.23
[ 1214.512403][ T4378] usb 6-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[ 1214.758992][T16023] Scaler: =================  START STATUS  =================
[ 1214.786519][T16023] Scaler: ==================  END STATUS  ==================
[ 1214.827819][ T4378] usb 6-1: GET_CAPABILITIES returned 0
[ 1214.833401][ T4378] usbtmc 6-1:16.0: can't read capabilities
[ 1215.030180][T13109] usb 6-1: USB disconnect, device number 18
[ 1215.647808][T16054] syz.0.2972 (16054): drop_caches: 1
[ 1216.174330][T16054] syz.0.2972 (16054): drop_caches: 1
[ 1217.165621][T16072] ubi: mtd0 is already attached to ubi31
[ 1217.271658][T16079] netlink: 100 bytes leftover after parsing attributes in process `syz.3.2977'.
[ 1217.343713][   T26] audit: type=1326 audit(1759908957.760:182): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=16076 comm="syz.1.2976" exe="/root/syz-executor" sig=31 arch=c000003e syscall=202 compat=0 ip=0x7fba1c58eec9 code=0x0
[ 1219.344405][ T4273] Bluetooth: hci3: Opcode 0x1003 failed: -110
[ 1219.344436][ T4283] Bluetooth: hci3: command 0x1003 tx timeout
[ 1219.760407][T16104] tipc: Enabling of bearer <eth:syzkaller0> rejected, failed to enable media
[ 1219.804482][T16102] syz.5.2983 (16102): drop_caches: 1
[ 1220.882849][T16127] rtc_cmos 00:00: Alarms can be up to one day in the future
[ 1221.381104][ T4314] rtc_cmos 00:00: Alarms can be up to one day in the future
[ 1221.634612][ T4314] rtc_cmos 00:00: Alarms can be up to one day in the future
[ 1221.659909][ T4314] rtc_cmos 00:00: Alarms can be up to one day in the future
[ 1221.673974][ T4314] rtc_cmos 00:00: Alarms can be up to one day in the future
[ 1221.711598][ T4314] rtc rtc0: __rtc_set_alarm: err=-22
[ 1222.404307][ T4387] usb 4-1: new full-speed USB device number 13 using dummy_hcd
[ 1222.423954][T16138] bridge0: trying to set multicast query interval below minimum, setting to 100 (1000ms)
[ 1222.626105][ T4387] usb 4-1: config index 0 descriptor too short (expected 301, got 45)
[ 1222.664546][ T4387] usb 4-1: config 16 interface 0 altsetting 0 endpoint 0x5 has invalid wMaxPacketSize 0
[ 1222.773148][ T4387] usb 4-1: config 16 interface 0 altsetting 0 has 2 endpoint descriptors, different from the interface descriptor's value: 3
[ 1222.824137][ T4387] usb 4-1: New USB device found, idVendor=ee8d, idProduct=db1e, bcdDevice=61.23
[ 1222.843596][ T4387] usb 4-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[ 1223.065188][T16149] ubi: mtd0 is already attached to ubi31
[ 1223.096122][T16132] Scaler: =================  START STATUS  =================
[ 1223.165708][T16132] Scaler: ==================  END STATUS  ==================
[ 1223.184103][ T4387] usb 4-1: GET_CAPABILITIES returned 0
[ 1223.190597][ T4387] usbtmc 4-1:16.0: can't read capabilities
[ 1223.387493][T13109] usb 4-1: USB disconnect, device number 13
[ 1223.472242][T16159] netlink: 'syz.0.2997': attribute type 10 has an invalid length.
[ 1223.523758][T16159] 8021q: adding VLAN 0 to HW filter on device team0
[ 1223.554149][T16159] bond0: (slave team0): Enslaving as an active interface with an up link
[ 1223.566867][T16161] netlink: 100 bytes leftover after parsing attributes in process `syz.4.2998'.
[ 1223.928435][T16166] tipc: Enabling of bearer <eth:syzkaller0> rejected, failed to enable media
[ 1224.269026][T13627] usb 6-1: new high-speed USB device number 19 using dummy_hcd
[ 1224.494258][T13627] usb 6-1: Using ep0 maxpacket: 16
[ 1224.501128][T13627] usb 6-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7
[ 1224.524255][T13627] usb 6-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0
[ 1224.534011][T13627] usb 6-1: config 0 interface 0 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 9
[ 1224.580887][T13627] usb 6-1: New USB device found, idVendor=045e, idProduct=07da, bcdDevice= 0.00
[ 1224.601200][T13627] usb 6-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[ 1224.624898][T13627] usb 6-1: config 0 descriptor??
[ 1225.040865][T13627] microsoft 0003:045E:07DA.0004: unknown main item tag 0x0
[ 1225.080076][T13627] microsoft 0003:045E:07DA.0004: unknown main item tag 0x0
[ 1225.116373][T13627] microsoft 0003:045E:07DA.0004: unknown main item tag 0x0
[ 1225.186842][T13627] input: HID 045e:07da as /devices/platform/dummy_hcd.5/usb6/6-1/6-1:0.0/0003:045E:07DA.0004/input/input18
[ 1225.336242][T13627] microsoft 0003:045E:07DA.0004: input,hidraw0: USB HID v0.00 Device [HID 045e:07da] on usb-dummy_hcd.5-1/input0
[ 1225.402938][T13627] usb 6-1: USB disconnect, device number 19
[ 1225.664374][ T4273] Bluetooth: hci3: command 0x1003 tx timeout
[ 1225.672459][ T4283] Bluetooth: hci3: Opcode 0x1003 failed: -110
[ 1225.803052][T16198] fido_id[16198]: Failed to open report descriptor at '/sys/devices/platform/dummy_hcd.5/usb6/report_descriptor': No such file or directory
[ 1227.674287][T13109] usb 5-1: new full-speed USB device number 38 using dummy_hcd
[ 1228.355040][T16226] tipc: Enabling of bearer <eth:syzkaller0> rejected, failed to enable media
[ 1228.367258][T13109] usb 5-1: config index 0 descriptor too short (expected 301, got 45)
[ 1228.376240][T13109] usb 5-1: config 16 interface 0 altsetting 0 endpoint 0x5 has invalid wMaxPacketSize 0
[ 1228.396579][T13109] usb 5-1: config 16 interface 0 altsetting 0 has 2 endpoint descriptors, different from the interface descriptor's value: 3
[ 1228.424298][T13109] usb 5-1: New USB device found, idVendor=ee8d, idProduct=db1e, bcdDevice=61.23
[ 1228.448524][T13109] usb 5-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[ 1228.604407][ T4388] usb 1-1: new full-speed USB device number 29 using dummy_hcd
[ 1228.689327][T16210] Scaler: =================  START STATUS  =================
[ 1228.704566][T16210] Scaler: ==================  END STATUS  ==================
[ 1228.713052][T13109] usb 5-1: GET_CAPABILITIES returned 0
[ 1228.720795][T13109] usbtmc 5-1:16.0: can't read capabilities
[ 1228.816006][ T4388] usb 1-1: config index 0 descriptor too short (expected 301, got 45)
[ 1228.846130][ T4388] usb 1-1: config 16 interface 0 altsetting 0 endpoint 0x5 has invalid wMaxPacketSize 0
[ 1228.888990][ T4388] usb 1-1: config 16 interface 0 altsetting 0 has 2 endpoint descriptors, different from the interface descriptor's value: 3
[ 1228.988310][ T4388] usb 1-1: New USB device found, idVendor=ee8d, idProduct=db1e, bcdDevice=61.23
[ 1229.018587][ T4388] usb 1-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[ 1229.050747][ T4378] usb 5-1: USB disconnect, device number 38
[ 1229.259687][T16215] Scaler: =================  START STATUS  =================
[ 1229.333373][ T4388] usb 1-1: GET_CAPABILITIES returned 0
[ 1229.334381][T16215] Scaler: ==================  END STATUS  ==================
[ 1229.338965][ T4388] usbtmc 1-1:16.0: can't read capabilities
[ 1229.536379][T13109] usb 1-1: USB disconnect, device number 29
[ 1230.015503][T16254] netlink: 100 bytes leftover after parsing attributes in process `syz.3.3021'.
[ 1230.164844][T16257] Bluetooth: hci6: unexpected cc 0x0c03 length: 249 > 1
[ 1230.175185][T16257] Bluetooth: hci6: unexpected cc 0x1003 length: 249 > 9
[ 1230.184481][T16257] Bluetooth: hci6: unexpected cc 0x1001 length: 249 > 9
[ 1230.192905][T16257] Bluetooth: hci6: unexpected cc 0x0c23 length: 249 > 4
[ 1230.200584][T16257] Bluetooth: hci6: unexpected cc 0x0c25 length: 249 > 3
[ 1230.208818][T16257] Bluetooth: hci6: unexpected cc 0x0c38 length: 249 > 2
[ 1230.243807][ T4273] Bluetooth: hci6: unexpected cc 0x0c03 length: 249 > 1
[ 1230.254273][ T4273] Bluetooth: hci6: unexpected cc 0x1003 length: 249 > 9
[ 1230.265774][ T4273] Bluetooth: hci6: unexpected cc 0x1001 length: 249 > 9
[ 1230.274903][ T4273] Bluetooth: hci6: unexpected cc 0x0c23 length: 249 > 4
[ 1230.284536][ T4273] Bluetooth: hci6: unexpected cc 0x0c25 length: 249 > 3
[ 1230.291805][ T4273] Bluetooth: hci6: unexpected cc 0x0c38 length: 249 > 2
[ 1230.578751][T13523] bridge0: port 3(syz_tun) entered disabled state
[ 1230.720053][T13523] device syz_tun left promiscuous mode
[ 1230.726919][T13523] bridge0: port 3(syz_tun) entered disabled state
[ 1230.786961][T16261] batman_adv: batadv0: Interface deactivated: dummy0
[ 1230.799280][T16261] batman_adv: batadv0: Removing interface: dummy0
[ 1230.866945][ T4477] netdevsim netdevsim1 eth3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[ 1231.856454][ T4477] netdevsim netdevsim1 eth2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[ 1231.931749][ T4477] netdevsim netdevsim1 eth1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[ 1232.018789][ T4477] netdevsim netdevsim1 eth0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[ 1232.062082][T16255] chnl_net:caif_netlink_parms(): no params data found
[ 1232.144384][ T4283] Bluetooth: hci3: Opcode 0x1003 failed: -110
[ 1232.384432][T16257] Bluetooth: hci6: command 0x0409 tx timeout
[ 1232.730176][ T4477] tipc: Left network mode
[ 1232.735916][T16255] bridge0: port 1(bridge_slave_0) entered blocking state
[ 1232.763324][T16255] bridge0: port 1(bridge_slave_0) entered disabled state
[ 1232.784750][T16255] device bridge_slave_0 entered promiscuous mode
[ 1232.996426][T16255] bridge0: port 2(bridge_slave_1) entered blocking state
[ 1233.010143][T16255] bridge0: port 2(bridge_slave_1) entered disabled state
[ 1233.045820][T16255] device bridge_slave_1 entered promiscuous mode
[ 1233.287998][T16255] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link
[ 1233.313661][T16255] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link
[ 1233.658363][T16255] team0: Port device team_slave_0 added
[ 1233.795893][T16255] team0: Port device team_slave_1 added
[ 1233.993687][T16255] batman_adv: batadv0: Adding interface: batadv_slave_0
[ 1234.042371][T16255] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[ 1234.164332][T13109] usb 4-1: new full-speed USB device number 14 using dummy_hcd
[ 1234.189739][T16255] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active
[ 1234.271037][T16255] batman_adv: batadv0: Adding interface: batadv_slave_1
[ 1234.294274][T16255] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[ 1234.361143][T16255] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active
[ 1234.372272][T13109] usb 4-1: config index 0 descriptor too short (expected 301, got 45)
[ 1234.390731][T13109] usb 4-1: config 16 interface 0 altsetting 0 endpoint 0x5 has invalid wMaxPacketSize 0
[ 1234.420853][T13109] usb 4-1: config 16 interface 0 altsetting 0 has 2 endpoint descriptors, different from the interface descriptor's value: 3
[ 1234.466611][T16257] Bluetooth: hci6: command 0x041b tx timeout
[ 1234.532427][T13109] usb 4-1: New USB device found, idVendor=ee8d, idProduct=db1e, bcdDevice=61.23
[ 1234.541676][T13109] usb 4-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[ 1234.773943][T16255] device hsr_slave_0 entered promiscuous mode
[ 1234.804010][T16255] device hsr_slave_1 entered promiscuous mode
[ 1234.817598][T16310] Scaler: =================  START STATUS  =================
[ 1234.850581][T16310] Scaler: ==================  END STATUS  ==================
[ 1234.878441][T16255] debugfs: Directory 'hsr0' with parent 'hsr' already present!
[ 1234.888348][T13109] usb 4-1: usb_control_msg returned -71
[ 1234.893946][T13109] usbtmc 4-1:16.0: can't read capabilities
[ 1234.900134][T16255] Cannot create hsr debugfs directory
[ 1234.924640][T13109] usb 4-1: USB disconnect, device number 14
[ 1236.223644][ T4477] device hsr_slave_0 left promiscuous mode
[ 1236.248302][ T4477] device hsr_slave_1 left promiscuous mode
[ 1236.280566][ T4477] batman_adv: batadv0: Interface deactivated: batadv_slave_0
[ 1236.288611][ T4477] batman_adv: batadv0: Removing interface: batadv_slave_0
[ 1236.302961][ T4477] batman_adv: batadv0: Interface deactivated: batadv_slave_1
[ 1236.331455][ T4477] batman_adv: batadv0: Removing interface: batadv_slave_1
[ 1236.354269][ T4378] usb 1-1: new full-speed USB device number 30 using dummy_hcd
[ 1236.380993][ T4477] device bridge_slave_1 left promiscuous mode
[ 1236.390812][ T4477] bridge0: port 2(bridge_slave_1) entered disabled state
[ 1236.404363][   T26] audit: type=1326 audit(1759908976.820:183): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=16352 comm="syz.3.3042" exe="/root/syz-executor" sig=9 arch=c000003e syscall=231 compat=0 ip=0x7f9a8058eec9 code=0x0
[ 1236.427947][ T4477] device bridge_slave_0 left promiscuous mode
[ 1236.435731][ T4477] bridge0: port 1(bridge_slave_0) entered disabled state
[ 1236.466317][ T4477] device veth1_macvtap left promiscuous mode
[ 1236.472394][ T4477] device veth0_macvtap left promiscuous mode
[ 1236.544307][ T4283] Bluetooth: hci6: command 0x040f tx timeout
[ 1236.554129][T16358] vhci_hcd vhci_hcd.0: pdev(3) rhport(0) sockfd(9)
[ 1236.560678][T16358] vhci_hcd vhci_hcd.0: devid(0) speed(3) speed_str(high-speed)
[ 1236.666261][T16358] vhci_hcd vhci_hcd.0: Device attached
[ 1236.934596][ T7475] usb 39-1: new high-speed USB device number 4 using vhci_hcd
[ 1236.971716][ T4378] usb 1-1: New USB device found, idVendor=0ccd, idProduct=00b3, bcdDevice=2d.ea
[ 1237.198617][T16359] vhci_hcd: connection reset by peer
[ 1237.204801][   T75] vhci_hcd: stop threads
[ 1237.209267][   T75] vhci_hcd: release socket
[ 1237.220486][   T75] vhci_hcd: disconnect device
[ 1237.559504][ T4477] team0 (unregistering): Port device team_slave_1 removed
[ 1237.670429][ T4477] team0 (unregistering): Port device team_slave_0 removed
[ 1237.757752][ T4378] usb 1-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[ 1237.768654][ T4378] usb 1-1: Product: syz
[ 1237.772862][ T4378] usb 1-1: Manufacturer: syz
[ 1237.778086][ T4378] usb 1-1: SerialNumber: syz
[ 1237.791885][ T4378] usb 1-1: config 0 descriptor??
[ 1237.795985][ T4477] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface
[ 1237.880538][ T4477] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface
[ 1238.009171][ T4378] usb 1-1: dvb_usb_v2: found a 'TerraTec NOXON DAB Stick' in warm state
[ 1238.306005][ T4283] Bluetooth: hci0: command 0x1003 tx timeout
[ 1238.313374][T16257] Bluetooth: hci0: Opcode 0x1003 failed: -110
[ 1238.386997][ T1277] ieee802154 phy0 wpan0: encryption failed: -22
[ 1238.623415][ T4477] bond0 (unregistering): Released all slaves
[ 1238.633041][T16257] Bluetooth: hci6: command 0x0419 tx timeout
[ 1238.641547][T16342] [U] 
[ 1238.644952][T16342] [U] 
[ 1238.647668][T16342] [U] JŠòÛô}÷)&)ÜÃñ²Ç]f$XXê,Ê®Wõ_‚
‹ù`ò“©0’
[ 1238.657923][T16342] [U] ìˆ_¹¤Y°0Øœi’¾±Vbµ2¯M‰~Â"1kçB<VäÑi{±töB,‚¹C
[ 1238.665256][T16342] [U] 
[ 1238.668694][T16342] [U] 
[ 1238.671424][T16342] [U] 
[ 1238.674140][T16342] [U] 
[ 1238.676868][T16342] [U] 
[ 1238.679880][T16342] [U] 
[ 1238.682610][T16342] [U] 
[ 1238.685332][T16342] [U] 
[ 1238.817769][T16341] [U] 
[ 1238.822848][T16346] netlink: 100 bytes leftover after parsing attributes in process `syz.5.3039'.
[ 1238.835376][ T4378] dvb_usb_rtl28xxu: probe of 1-1:0.0 failed with error -71
[ 1238.908025][ T4378] usb 1-1: USB disconnect, device number 30
[ 1240.742182][T16255] netdevsim netdevsim1 netdevsim0: renamed from eth0
[ 1240.790539][T16255] netdevsim netdevsim1 netdevsim1: renamed from eth1
[ 1240.824726][T16255] netdevsim netdevsim1 netdevsim2: renamed from eth2
[ 1240.898543][T16255] netdevsim netdevsim1 netdevsim3: renamed from eth3
[ 1241.288460][T16255] 8021q: adding VLAN 0 to HW filter on device bond0
[ 1241.356499][T11294] IPv6: ADDRCONF(NETDEV_CHANGE): veth1: link becomes ready
[ 1241.378118][T11294] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready
[ 1242.068262][ T7475] vhci_hcd: vhci_device speed not set
[ 1242.229728][T16255] 8021q: adding VLAN 0 to HW filter on device team0
[ 1242.245701][ T4475] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bridge: link becomes ready
[ 1242.302341][ T4475] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready
[ 1242.312520][ T4475] bridge0: port 1(bridge_slave_0) entered blocking state
[ 1242.319707][ T4475] bridge0: port 1(bridge_slave_0) entered forwarding state
[ 1242.337029][ T4475] IPv6: ADDRCONF(NETDEV_CHANGE): bridge0: link becomes ready
[ 1242.344992][T16431] netlink: 4 bytes leftover after parsing attributes in process `syz.0.3053'.
[ 1242.363678][ T4475] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bridge: link becomes ready
[ 1242.378049][ T4475] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready
[ 1242.399359][ T4475] bridge0: port 2(bridge_slave_1) entered blocking state
[ 1242.406518][ T4475] bridge0: port 2(bridge_slave_1) entered forwarding state
[ 1242.434708][ T4475] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bond: link becomes ready
[ 1242.489062][ T4475] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bond: link becomes ready
[ 1242.510320][ T4475] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_team: link becomes ready
[ 1242.538133][ T4475] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_0: link becomes ready
[ 1242.544649][ T4348] usb 6-1: new full-speed USB device number 20 using dummy_hcd
[ 1242.554707][   T26] audit: type=1326 audit(1759908982.980:184): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=16440 comm="syz.4.3055" exe="/root/syz-executor" sig=9 arch=c000003e syscall=231 compat=0 ip=0x7f6a3078eec9 code=0x0
[ 1242.573458][ T4475] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_team: link becomes ready
[ 1242.595634][T16445] tmpfs: Bad value for 'mpol'
[ 1242.601228][ T4475] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_1: link becomes ready
[ 1242.755690][ T4348] usb 6-1: config index 0 descriptor too short (expected 301, got 45)
[ 1242.872808][ T4348] usb 6-1: config 16 interface 0 altsetting 0 endpoint 0x5 has invalid wMaxPacketSize 0
[ 1242.882871][ T4348] usb 6-1: config 16 interface 0 altsetting 0 has 2 endpoint descriptors, different from the interface descriptor's value: 3
[ 1242.896105][ T4348] usb 6-1: New USB device found, idVendor=ee8d, idProduct=db1e, bcdDevice=61.23
[ 1242.905350][ T4348] usb 6-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[ 1242.930267][ T4475] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_hsr: link becomes ready
[ 1244.333929][T16446] vhci_hcd vhci_hcd.0: pdev(4) rhport(0) sockfd(9)
[ 1244.340486][T16446] vhci_hcd vhci_hcd.0: devid(0) speed(3) speed_str(high-speed)
[ 1244.350766][ T4475] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_0: link becomes ready
[ 1244.469943][ T4475] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_hsr: link becomes ready
[ 1244.482937][ T4348] usb 6-1: can't set config #16, error -71
[ 1244.492553][T16446] vhci_hcd vhci_hcd.0: Device attached
[ 1244.506845][ T4348] usb 6-1: USB disconnect, device number 20
[ 1244.517042][ T4475] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_1: link becomes ready
[ 1244.548050][T16255] IPv6: ADDRCONF(NETDEV_CHANGE): hsr0: link becomes ready
[ 1244.567527][ T4475] IPv6: ADDRCONF(NETDEV_CHANGE): team0: link becomes ready
[ 1244.644737][T16448] vhci_hcd: connection closed
[ 1244.645016][ T4969] vhci_hcd: stop threads
[ 1244.661452][ T4969] vhci_hcd: release socket
[ 1244.704872][ T4969] vhci_hcd: disconnect device
[ 1244.764326][T10111] usb 41-1: new high-speed USB device number 6 using vhci_hcd
[ 1244.774816][T16451] hub 1-0:1.0: USB hub found
[ 1244.784384][T16451] hub 1-0:1.0: 1 port detected
[ 1244.789329][T10111] usb 41-1: enqueue for inactive port 0
[ 1244.894391][T10111] vhci_hcd: vhci_device speed not set
[ 1246.135542][ T4779] IPv6: ADDRCONF(NETDEV_CHANGE): vxcan1: link becomes ready
[ 1246.143162][ T4779] IPv6: ADDRCONF(NETDEV_CHANGE): vxcan0: link becomes ready
[ 1246.200441][T16255] 8021q: adding VLAN 0 to HW filter on device batadv0
[ 1246.300442][ T4969] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_virt_wifi: link becomes ready
[ 1246.332042][ T4969] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_virt_wifi: link becomes ready
[ 1246.450947][ T4969] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_vlan: link becomes ready
[ 1246.483264][ T4969] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_vlan: link becomes ready
[ 1246.526581][T16255] device veth0_vlan entered promiscuous mode
[ 1246.535177][ T4969] IPv6: ADDRCONF(NETDEV_CHANGE): vlan0: link becomes ready
[ 1246.573193][ T4969] IPv6: ADDRCONF(NETDEV_CHANGE): vlan1: link becomes ready
[ 1246.588817][T16255] device veth1_vlan entered promiscuous mode
[ 1246.896324][   T75] IPv6: ADDRCONF(NETDEV_CHANGE): macvlan0: link becomes ready
[ 1246.915356][   T75] IPv6: ADDRCONF(NETDEV_CHANGE): macvlan1: link becomes ready
[ 1246.943467][   T75] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_macvtap: link becomes ready
[ 1247.015565][   T75] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_macvtap: link becomes ready
[ 1247.054181][T16255] device veth0_macvtap entered promiscuous mode
[ 1247.092088][T16255] device veth1_macvtap entered promiscuous mode
[ 1247.197515][ T4475] IPv6: ADDRCONF(NETDEV_CHANGE): macvtap0: link becomes ready
[ 1247.221473][ T4475] IPv6: ADDRCONF(NETDEV_CHANGE): macsec0: link becomes ready
[ 1247.253756][T16255] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0
[ 1247.319552][T16255] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[ 1247.411099][T16255] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0
[ 1247.450762][T16255] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[ 1247.575311][T16255] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0
[ 1247.603634][T16255] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[ 1247.618943][T16255] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0
[ 1247.629755][T16255] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[ 1247.642029][T16255] batman_adv: batadv0: Interface activated: batadv_slave_0
[ 1247.653780][T16255] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1
[ 1247.665883][T16255] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[ 1247.679867][T10111] usb 1-1: new full-speed USB device number 31 using dummy_hcd
[ 1247.708157][T16255] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1
[ 1247.733350][T16255] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[ 1247.787625][T16255] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1
[ 1247.801260][T16255] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[ 1247.825952][T16255] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1
[ 1247.849297][T16255] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[ 1247.875618][T10111] usb 1-1: config index 0 descriptor too short (expected 301, got 45)
[ 1247.895209][T10111] usb 1-1: config 16 interface 0 altsetting 0 endpoint 0x5 has invalid wMaxPacketSize 0
[ 1247.917926][T16255] batman_adv: batadv0: Interface activated: batadv_slave_1
[ 1247.943621][T11294] IPv6: ADDRCONF(NETDEV_CHANGE): batadv_slave_0: link becomes ready
[ 1247.962352][T11294] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_batadv: link becomes ready
[ 1247.970560][T10111] usb 1-1: config 16 interface 0 altsetting 0 has 2 endpoint descriptors, different from the interface descriptor's value: 3
[ 1248.028180][T11294] IPv6: ADDRCONF(NETDEV_CHANGE): batadv_slave_1: link becomes ready
[ 1248.055267][T11294] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_batadv: link becomes ready
[ 1248.091309][T10111] usb 1-1: New USB device found, idVendor=ee8d, idProduct=db1e, bcdDevice=61.23
[ 1248.098811][T16255] netdevsim netdevsim1 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0
[ 1248.129788][T16255] netdevsim netdevsim1 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0
[ 1248.168084][T16255] netdevsim netdevsim1 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0
[ 1248.180008][T16255] netdevsim netdevsim1 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0
[ 1248.194246][T10111] usb 1-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[ 1248.349868][T16512] device syzkaller0 entered promiscuous mode
[ 1248.365936][T16512] IPv6: ADDRCONF(NETDEV_CHANGE): syzkaller0: link becomes ready
[ 1248.474069][T16496] Scaler: =================  START STATUS  =================
[ 1248.512339][ T4611] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[ 1248.524398][T16496] Scaler: ==================  END STATUS  ==================
[ 1248.553442][T10111] usb 1-1: usb_control_msg returned -71
[ 1248.559228][T10111] usbtmc 1-1:16.0: can't read capabilities
[ 1248.607499][T10111] usb 1-1: USB disconnect, device number 31
[ 1248.628832][ T4611] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50
[ 1248.638880][ T4477] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[ 1248.660405][ T4477] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50
[ 1248.702088][ T4475] IPv6: ADDRCONF(NETDEV_CHANGE): wlan1: link becomes ready
[ 1248.748784][ T4475] IPv6: ADDRCONF(NETDEV_CHANGE): wlan0: link becomes ready
[ 1248.898685][   T26] audit: type=1326 audit(1759908989.320:185): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=16530 comm="syz.4.3069" exe="/root/syz-executor" sig=9 arch=c000003e syscall=231 compat=0 ip=0x7f6a3078eec9 code=0x0
[ 1250.654983][T16535] vhci_hcd vhci_hcd.0: pdev(4) rhport(0) sockfd(9)
[ 1250.661524][T16535] vhci_hcd vhci_hcd.0: devid(0) speed(3) speed_str(high-speed)
[ 1250.770124][T16535] vhci_hcd vhci_hcd.0: Device attached
[ 1250.869601][T16536] vhci_hcd: connection closed
[ 1250.869905][ T4477] vhci_hcd: stop threads
[ 1250.889291][ T4477] vhci_hcd: release socket
[ 1251.704289][ T4477] vhci_hcd: disconnect device
[ 1253.010878][T16576] device syzkaller0 entered promiscuous mode
[ 1253.514306][ T4283] Bluetooth: hci0: unexpected cc 0x0c03 length: 249 > 1
[ 1253.540779][ T4283] Bluetooth: hci0: unexpected cc 0x1003 length: 249 > 9
[ 1253.550277][ T4283] Bluetooth: hci0: unexpected cc 0x1001 length: 249 > 9
[ 1253.559486][ T4283] Bluetooth: hci0: unexpected cc 0x0c23 length: 249 > 4
[ 1253.579717][ T4283] Bluetooth: hci0: unexpected cc 0x0c25 length: 249 > 3
[ 1253.589042][ T4283] Bluetooth: hci0: unexpected cc 0x0c38 length: 249 > 2
[ 1253.629578][ T4477] netdevsim netdevsim4 eth3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[ 1253.868935][ T4477] netdevsim netdevsim4 eth2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[ 1254.043374][ T4477] netdevsim netdevsim4 eth1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[ 1254.074461][T13806] usb 4-1: new full-speed USB device number 15 using dummy_hcd
[ 1254.193707][ T4477] netdevsim netdevsim4 eth0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[ 1254.278663][T13806] usb 4-1: config index 0 descriptor too short (expected 301, got 45)
[ 1254.304526][T13806] usb 4-1: config 16 interface 0 altsetting 0 endpoint 0x5 has invalid wMaxPacketSize 0
[ 1254.361072][T13806] usb 4-1: config 16 interface 0 altsetting 0 has 2 endpoint descriptors, different from the interface descriptor's value: 3
[ 1255.664632][T16257] Bluetooth: hci0: command 0x0409 tx timeout
[ 1255.864657][T13806] usb 4-1: New USB device found, idVendor=ee8d, idProduct=db1e, bcdDevice=61.23
[ 1255.934699][T16606] rtc_cmos 00:00: Alarms can be up to one day in the future
[ 1256.076999][T13806] usb 4-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[ 1256.246482][   T26] audit: type=1326 audit(1759908996.670:186): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=16610 comm="syz.5.3084" exe="/root/syz-executor" sig=9 arch=c000003e syscall=231 compat=0 ip=0x7f9d25d8eec9 code=0x0
[ 1256.323130][T13806] usb 4-1: GET_CAPABILITIES returned 0
[ 1256.331486][T13806] usbtmc 4-1:16.0: can't read capabilities
[ 1256.362527][T16581] chnl_net:caif_netlink_parms(): no params data found
[ 1256.665723][T16614] vhci_hcd vhci_hcd.0: pdev(5) rhport(0) sockfd(9)
[ 1256.672272][T16614] vhci_hcd vhci_hcd.0: devid(0) speed(3) speed_str(high-speed)
[ 1256.680141][T16614] vhci_hcd vhci_hcd.0: Device attached
[ 1256.715034][ T4335] rtc_cmos 00:00: Alarms can be up to one day in the future
[ 1256.767060][ T4335] rtc_cmos 00:00: Alarms can be up to one day in the future
[ 1256.779510][T13806] usb 4-1: USB disconnect, device number 15
[ 1256.887868][ T4335] rtc_cmos 00:00: Alarms can be up to one day in the future
[ 1257.035700][ T4335] rtc_cmos 00:00: Alarms can be up to one day in the future
[ 1257.109827][T16615] vhci_hcd: connection closed
[ 1257.110331][ T4437] vhci_hcd: stop threads
[ 1257.169539][ T4437] vhci_hcd: release socket
[ 1257.183501][ T4335] rtc rtc0: __rtc_set_alarm: err=-22
[ 1257.253482][ T4437] vhci_hcd: disconnect device
[ 1257.757943][T16257] Bluetooth: hci0: command 0x041b tx timeout
[ 1257.950704][ T4477] tipc: Left network mode
[ 1258.362476][T16638] device bond0 entered promiscuous mode
[ 1258.439724][T16638] device bond_slave_0 entered promiscuous mode
[ 1258.494582][T16638] device bond_slave_1 entered promiscuous mode
[ 1258.511308][T16638] device dummy0 entered promiscuous mode
[ 1258.537936][T16638] debugfs: Directory 'hsr1' with parent 'hsr' already present!
[ 1258.583207][T16638] Cannot create hsr debugfs directory
[ 1258.593386][T16638] device hsr1 entered promiscuous mode
[ 1258.660862][ T4982] IPv6: ADDRCONF(NETDEV_CHANGE): hsr1: link becomes ready
[ 1258.680377][T16581] bridge0: port 1(bridge_slave_0) entered blocking state
[ 1258.697762][T16581] bridge0: port 1(bridge_slave_0) entered disabled state
[ 1258.729606][T16581] device bridge_slave_0 entered promiscuous mode
[ 1258.753571][T16647] device syzkaller0 entered promiscuous mode
[ 1258.805056][T16581] bridge0: port 2(bridge_slave_1) entered blocking state
[ 1258.813978][T16581] bridge0: port 2(bridge_slave_1) entered disabled state
[ 1259.824272][ T4283] Bluetooth: hci0: command 0x040f tx timeout
[ 1260.473079][T16581] device bridge_slave_1 entered promiscuous mode
[ 1260.733506][T16581] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link
[ 1260.939630][T16581] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link
[ 1260.991631][T16659] input: Bluetooth HID Boot Protocol Device as /devices/virtual/bluetooth/hci0/hci0:200/input19
[ 1261.150067][T16672] netlink: 64 bytes leftover after parsing attributes in process `syz.5.3094'.
[ 1261.162468][T16581] team0: Port device team_slave_0 added
[ 1261.231856][T16581] team0: Port device team_slave_1 added
[ 1261.282545][   T26] audit: type=1326 audit(1759909001.700:187): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=16668 comm="syz.0.3096" exe="/root/syz-executor" sig=9 arch=c000003e syscall=231 compat=0 ip=0x7ffacb18eec9 code=0x0
[ 1261.304386][    C0] vkms_vblank_simulate: vblank timer overrun
[ 1261.904312][ T4283] Bluetooth: hci0: command 0x0419 tx timeout
[ 1262.595565][T16581] batman_adv: batadv0: Adding interface: batadv_slave_0
[ 1262.602539][T16581] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[ 1262.628407][    C0] vkms_vblank_simulate: vblank timer overrun
[ 1262.788669][T16581] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active
[ 1263.084014][T16581] batman_adv: batadv0: Adding interface: batadv_slave_1
[ 1263.111727][T16581] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[ 1263.137652][    C0] vkms_vblank_simulate: vblank timer overrun
[ 1263.263095][T16581] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active
[ 1263.934276][ T4348] usb 4-1: new full-speed USB device number 16 using dummy_hcd
[ 1264.188080][T16581] device hsr_slave_0 entered promiscuous mode
[ 1264.198224][T16581] device hsr_slave_1 entered promiscuous mode
[ 1264.224786][T16581] debugfs: Directory 'hsr0' with parent 'hsr' already present!
[ 1264.263593][T16581] Cannot create hsr debugfs directory
[ 1264.276387][ T4348] usb 4-1: config index 0 descriptor too short (expected 301, got 45)
[ 1264.294519][ T4348] usb 4-1: config 16 interface 0 altsetting 0 endpoint 0x5 has invalid wMaxPacketSize 0
[ 1264.319337][ T4348] usb 4-1: config 16 interface 0 altsetting 0 has 2 endpoint descriptors, different from the interface descriptor's value: 3
[ 1264.351365][ T4348] usb 4-1: New USB device found, idVendor=ee8d, idProduct=db1e, bcdDevice=61.23
[ 1264.377610][ T4348] usb 4-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[ 1264.493084][ T4477] device hsr_slave_0 left promiscuous mode
[ 1264.531001][ T4477] device hsr_slave_1 left promiscuous mode
[ 1264.548101][ T4477] batman_adv: batadv0: Interface deactivated: batadv_slave_0
[ 1264.570707][ T4477] batman_adv: batadv0: Removing interface: batadv_slave_0
[ 1264.610913][ T4477] batman_adv: batadv0: Interface deactivated: batadv_slave_1
[ 1264.616667][ T4348] usb 4-1: GET_CAPABILITIES returned 0
[ 1264.625574][ T4477] batman_adv: batadv0: Removing interface: batadv_slave_1
[ 1264.635124][ T4348] usbtmc 4-1:16.0: can't read capabilities
[ 1264.705960][ T4477] device veth1_macvtap left promiscuous mode
[ 1264.740766][ T4477] device veth0_macvtap left promiscuous mode
[ 1264.981809][T13627] usb 4-1: USB disconnect, device number 16
[ 1264.989433][T16698] usbtmc 4-1:16.0: usb_control_msg returned -71
[ 1266.776437][   T26] audit: type=1326 audit(1759909007.190:188): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=16739 comm="syz.5.3107" exe="/root/syz-executor" sig=9 arch=c000003e syscall=231 compat=0 ip=0x7f9d25d8eec9 code=0x0
[ 1267.614432][T16749] vhci_hcd vhci_hcd.0: pdev(5) rhport(0) sockfd(9)
[ 1267.620991][T16749] vhci_hcd vhci_hcd.0: devid(0) speed(3) speed_str(high-speed)
[ 1267.629029][T16749] vhci_hcd vhci_hcd.0: Device attached
[ 1267.904591][ T4388] usb 43-1: new high-speed USB device number 4 using vhci_hcd
[ 1267.946799][T16751] vhci_hcd: connection reset by peer
[ 1267.952511][ T4969] vhci_hcd: stop threads
[ 1267.963097][ T4969] vhci_hcd: release socket
[ 1268.034786][ T4969] vhci_hcd: disconnect device
[ 1268.625352][ T4477] bond4 (unregistering): Released all slaves
[ 1268.915955][ T4477] bond3 (unregistering): (slave veth0_to_bond): Releasing active interface
[ 1268.940864][ T4477] bond3 (unregistering): Released all slaves
[ 1269.158092][T16764] input: Bluetooth HID Boot Protocol Device as /devices/virtual/bluetooth/hci0/hci0:200/input20
[ 1269.206041][ T4477] bond2 (unregistering): Released all slaves
[ 1269.390398][ T4477] bond1 (unregistering): Released all slaves
[ 1269.811592][T16768] netlink: 64 bytes leftover after parsing attributes in process `syz.3.3112'.
[ 1269.968019][ T4477] team0 (unregistering): Port device team_slave_1 removed
[ 1270.044857][ T4477] team0 (unregistering): Port device team_slave_0 removed
[ 1270.091708][ T4477] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface
[ 1270.172482][ T4477] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface
[ 1270.699753][ T4477] bond0 (unregistering): Released all slaves
[ 1271.454266][T16764] netlink: 4 bytes leftover after parsing attributes in process `syz.1.3110'.
[ 1272.986321][T16804] syz.5.3122 (16804): drop_caches: 1
[ 1273.024977][ T4388] vhci_hcd: vhci_device speed not set
[ 1273.303147][T16804] syz.5.3122 (16804): drop_caches: 1
[ 1274.955236][T16581] netdevsim netdevsim4 netdevsim0: renamed from eth0
[ 1275.004960][T16822] device syzkaller0 entered promiscuous mode
[ 1275.040284][T16581] netdevsim netdevsim4 netdevsim1: renamed from eth1
[ 1275.104303][T16581] netdevsim netdevsim4 netdevsim2: renamed from eth2
[ 1275.300357][T16581] netdevsim netdevsim4 netdevsim3: renamed from eth3
[ 1275.517854][T16581] 8021q: adding VLAN 0 to HW filter on device bond0
[ 1275.532866][ T4477] IPv6: ADDRCONF(NETDEV_CHANGE): veth1: link becomes ready
[ 1275.595613][ T4477] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready
[ 1275.646480][T16581] 8021q: adding VLAN 0 to HW filter on device team0
[ 1275.671160][T16854] tipc: Enabled bearer <eth:syzkaller0>, priority 0
[ 1275.689786][ T4475] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bridge: link becomes ready
[ 1275.709824][ T4475] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready
[ 1275.720988][ T4475] bridge0: port 1(bridge_slave_0) entered blocking state
[ 1275.728143][ T4475] bridge0: port 1(bridge_slave_0) entered forwarding state
[ 1275.995840][ T4475] IPv6: ADDRCONF(NETDEV_CHANGE): bridge0: link becomes ready
[ 1276.115538][ T4475] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bridge: link becomes ready
[ 1276.257594][ T4475] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready
[ 1276.338808][T16860] syz.0.3134 (16860): drop_caches: 1
[ 1276.416986][ T4475] bridge0: port 2(bridge_slave_1) entered blocking state
[ 1276.424170][ T4475] bridge0: port 2(bridge_slave_1) entered forwarding state
[ 1276.536341][T16862] tipc: Resetting bearer <eth:syzkaller0>
[ 1276.581580][ T4779] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bond: link becomes ready
[ 1276.596780][ T4779] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bond: link becomes ready
[ 1276.676745][T13627] tipc: Node number set to 3069312785
[ 1276.687294][ T4779] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_team: link becomes ready
[ 1276.727751][ T4779] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_0: link becomes ready
[ 1276.758419][T16860] syz.0.3134 (16860): drop_caches: 1
[ 1276.777766][ T4779] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_team: link becomes ready
[ 1276.831216][ T4779] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_1: link becomes ready
[ 1276.850237][ T4779] IPv6: ADDRCONF(NETDEV_CHANGE): team0: link becomes ready
[ 1276.905856][T16851] tipc: Disabling bearer <eth:syzkaller0>
[ 1277.014698][T16581] hsr0: Slave A (hsr_slave_0) is not up; please bring it up to get a fully working HSR network
[ 1277.076936][T16581] hsr0: Slave B (hsr_slave_1) is not up; please bring it up to get a fully working HSR network
[ 1277.091334][ T4779] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_hsr: link becomes ready
[ 1277.120997][ T4779] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_0: link becomes ready
[ 1277.193769][ T4779] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_hsr: link becomes ready
[ 1277.875132][ T4779] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_1: link becomes ready
[ 1277.939647][ T4779] IPv6: ADDRCONF(NETDEV_CHANGE): hsr0: link becomes ready
[ 1278.173548][T16881] netlink: 4 bytes leftover after parsing attributes in process `syz.1.3140'.
[ 1278.633220][ T4475] IPv6: ADDRCONF(NETDEV_CHANGE): vxcan1: link becomes ready
[ 1278.651909][ T4475] IPv6: ADDRCONF(NETDEV_CHANGE): vxcan0: link becomes ready
[ 1278.697056][T16581] 8021q: adding VLAN 0 to HW filter on device batadv0
[ 1279.819940][T16936] syz.3.3148 (16936): drop_caches: 1
[ 1280.488154][T16936] syz.3.3148 (16936): drop_caches: 1
[ 1280.489359][ T4437] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_virt_wifi: link becomes ready
[ 1280.531746][ T4437] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_virt_wifi: link becomes ready
[ 1280.574503][T16581] device veth0_vlan entered promiscuous mode
[ 1280.596751][ T4437] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_vlan: link becomes ready
[ 1280.610304][ T4437] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_vlan: link becomes ready
[ 1280.630187][T16581] device veth1_vlan entered promiscuous mode
[ 1280.655486][ T4437] IPv6: ADDRCONF(NETDEV_CHANGE): vlan0: link becomes ready
[ 1280.664026][ T4437] IPv6: ADDRCONF(NETDEV_CHANGE): vlan1: link becomes ready
[ 1280.678076][ T4437] IPv6: ADDRCONF(NETDEV_CHANGE): macvlan0: link becomes ready
[ 1280.701157][T16946] tipc: Started in network mode
[ 1280.714381][T16946] tipc: Node identity a60169966953, cluster identity 4711
[ 1280.795858][T16946] tipc: Enabled bearer <eth:syzkaller0>, priority 0
[ 1280.909422][ T4437] IPv6: ADDRCONF(NETDEV_CHANGE): macvlan1: link becomes ready
[ 1280.925768][ T4437] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_macvtap: link becomes ready
[ 1281.303200][ T4437] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_macvtap: link becomes ready
[ 1281.596261][T16581] device veth0_macvtap entered promiscuous mode
[ 1281.613155][T16581] device veth1_macvtap entered promiscuous mode
[ 1281.624681][ T4437] IPv6: ADDRCONF(NETDEV_CHANGE): macvtap0: link becomes ready
[ 1281.644525][ T4437] IPv6: ADDRCONF(NETDEV_CHANGE): macsec0: link becomes ready
[ 1281.740571][T16946] tipc: Resetting bearer <eth:syzkaller0>
[ 1281.781533][T16581] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0
[ 1281.814329][T16581] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[ 1281.825149][T16581] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0
[ 1281.836500][T16581] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[ 1281.848377][T16581] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0
[ 1281.861785][T16581] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[ 1281.875468][T16581] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0
[ 1281.887774][T16581] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[ 1281.899576][ T5424] tipc: Node number set to 3478284694
[ 1281.920914][T16581] batman_adv: batadv0: Interface activated: batadv_slave_0
[ 1282.055008][T16945] tipc: Disabling bearer <eth:syzkaller0>
[ 1282.116554][ T4437] IPv6: ADDRCONF(NETDEV_CHANGE): batadv_slave_0: link becomes ready
[ 1282.129135][ T4437] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_batadv: link becomes ready
[ 1282.177144][T16581] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1
[ 1282.214278][T16581] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[ 1282.261008][T16581] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1
[ 1282.304366][T16581] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[ 1282.334553][T16581] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1
[ 1282.346394][T16581] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[ 1282.362319][T16581] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1
[ 1282.372932][T16581] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[ 1282.426942][T16581] batman_adv: batadv0: Interface activated: batadv_slave_1
[ 1282.440416][T16969] device syzkaller0 entered promiscuous mode
[ 1282.453414][ T4363] IPv6: ADDRCONF(NETDEV_CHANGE): batadv_slave_1: link becomes ready
[ 1282.483572][ T4363] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_batadv: link becomes ready
[ 1282.515657][T16581] netdevsim netdevsim4 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0
[ 1282.534827][T16581] netdevsim netdevsim4 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0
[ 1282.543551][T16581] netdevsim netdevsim4 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0
[ 1282.584239][T16581] netdevsim netdevsim4 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0
[ 1282.844086][ T4437] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[ 1282.868281][ T4437] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50
[ 1282.931748][ T4978] IPv6: ADDRCONF(NETDEV_CHANGE): wlan0: link becomes ready
[ 1282.980127][ T4437] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[ 1283.005004][ T4437] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50
[ 1283.043724][ T4978] IPv6: ADDRCONF(NETDEV_CHANGE): wlan1: link becomes ready
[ 1283.051186][ T4314] usb 2-1: new full-speed USB device number 37 using dummy_hcd
[ 1283.318620][ T4314] usb 2-1: config index 0 descriptor too short (expected 301, got 45)
[ 1283.327046][ T4314] usb 2-1: config 16 interface 0 altsetting 0 endpoint 0x5 has invalid wMaxPacketSize 0
[ 1283.336960][ T4314] usb 2-1: config 16 interface 0 altsetting 0 has 2 endpoint descriptors, different from the interface descriptor's value: 3
[ 1283.350038][ T4314] usb 2-1: New USB device found, idVendor=ee8d, idProduct=db1e, bcdDevice=61.23
[ 1283.359163][ T4314] usb 2-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[ 1284.195002][ T4314] usb 2-1: usb_control_msg returned -71
[ 1284.200625][ T4314] usbtmc 2-1:16.0: can't read capabilities
[ 1284.219317][ T4314] usb 2-1: USB disconnect, device number 37
[ 1285.982504][T17038] 9pnet_fd: Insufficient options for proto=fd
[ 1287.857804][T17053] netlink: 68 bytes leftover after parsing attributes in process `syz.0.3172'.
[ 1288.643530][T17075] syz.1.3178 (17075): drop_caches: 1
[ 1289.637804][T17077] vhci_hcd vhci_hcd.0: pdev(4) rhport(0) sockfd(9)
[ 1289.644380][T17077] vhci_hcd vhci_hcd.0: devid(0) speed(3) speed_str(high-speed)
[ 1289.652248][T17077] vhci_hcd vhci_hcd.0: Device attached
[ 1289.664509][T17079] vhci_hcd: connection closed
[ 1289.665308][T11292] vhci_hcd: stop threads
[ 1289.854260][T11292] vhci_hcd: release socket
[ 1289.864803][T11292] vhci_hcd: disconnect device
[ 1289.944398][T10111] usb 41-1: new high-speed USB device number 8 using vhci_hcd
[ 1289.965007][T10111] usb 41-1: enqueue for inactive port 0
[ 1290.017049][T17075] syz.1.3178 (17075): drop_caches: 1
[ 1290.065237][T10111] vhci_hcd: vhci_device speed not set
[ 1290.959373][ T4283] Bluetooth: hci1: unexpected cc 0x0c03 length: 249 > 1
[ 1290.970050][ T4283] Bluetooth: hci1: unexpected cc 0x1003 length: 249 > 9
[ 1290.978152][ T4283] Bluetooth: hci1: unexpected cc 0x1001 length: 249 > 9
[ 1290.986492][ T4283] Bluetooth: hci1: unexpected cc 0x0c23 length: 249 > 4
[ 1290.998348][ T4283] Bluetooth: hci1: unexpected cc 0x0c25 length: 249 > 3
[ 1291.006576][ T4283] Bluetooth: hci1: unexpected cc 0x0c38 length: 249 > 2
[ 1291.033335][T16257] Bluetooth: hci1: unexpected cc 0x0c03 length: 249 > 1
[ 1291.042458][T16257] Bluetooth: hci1: unexpected cc 0x1003 length: 249 > 9
[ 1291.050016][T16257] Bluetooth: hci1: unexpected cc 0x1001 length: 249 > 9
[ 1291.057957][T16257] Bluetooth: hci1: unexpected cc 0x0c23 length: 249 > 4
[ 1291.066619][T16257] Bluetooth: hci1: unexpected cc 0x0c25 length: 249 > 3
[ 1291.073876][T16257] Bluetooth: hci1: unexpected cc 0x0c38 length: 249 > 2
[ 1291.404477][ T5424] usb 6-1: new high-speed USB device number 21 using dummy_hcd
[ 1291.604314][ T5424] usb 6-1: Using ep0 maxpacket: 16
[ 1291.613504][ T5424] usb 6-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7
[ 1291.664580][ T5424] usb 6-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0
[ 1291.683171][ T5424] usb 6-1: config 0 interface 0 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 9
[ 1291.724323][ T5424] usb 6-1: New USB device found, idVendor=045e, idProduct=07da, bcdDevice= 0.00
[ 1291.742665][ T5424] usb 6-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[ 1291.787028][ T5424] usb 6-1: config 0 descriptor??
[ 1292.233171][ T5424] usbhid 6-1:0.0: can't add hid device: -71
[ 1293.104306][ T4283] Bluetooth: hci1: command 0x0409 tx timeout
[ 1293.323322][ T5424] usbhid: probe of 6-1:0.0 failed with error -71
[ 1293.372447][ T5424] usb 6-1: USB disconnect, device number 21
[ 1293.442620][T17095] chnl_net:caif_netlink_parms(): no params data found
[ 1293.598291][T11292] netdevsim netdevsim0 eth3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[ 1293.671538][   T26] audit: type=1326 audit(1759909034.090:189): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=17122 comm="syz.1.3192" exe="/root/syz-executor" sig=31 arch=c000003e syscall=202 compat=0 ip=0x7faa2638eec9 code=0x0
[ 1293.730626][T11292] netdevsim netdevsim0 eth2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[ 1293.878370][T11292] netdevsim netdevsim0 eth1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[ 1293.909469][T17095] bridge0: port 1(bridge_slave_0) entered blocking state
[ 1293.926918][T17095] bridge0: port 1(bridge_slave_0) entered disabled state
[ 1294.045637][T17095] device bridge_slave_0 entered promiscuous mode
[ 1294.187244][T11292] netdevsim netdevsim0 eth0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[ 1294.376826][T17095] bridge0: port 2(bridge_slave_1) entered blocking state
[ 1294.397903][T17095] bridge0: port 2(bridge_slave_1) entered disabled state
[ 1294.554347][T17095] device bridge_slave_1 entered promiscuous mode
[ 1294.563986][T17134] syz.4.3194 (17134): drop_caches: 1
[ 1294.847277][T17134] syz.4.3194 (17134): drop_caches: 1
[ 1294.953681][T17095] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link
[ 1295.052597][T17095] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link
[ 1295.105729][T17147] hub 1-0:1.0: USB hub found
[ 1295.114766][T17147] hub 1-0:1.0: 1 port detected
[ 1295.131433][T17095] team0: Port device team_slave_0 added
[ 1295.160684][T17095] team0: Port device team_slave_1 added
[ 1295.184605][ T4283] Bluetooth: hci1: command 0x041b tx timeout
[ 1295.211685][T11292] tipc: Left network mode
[ 1296.159729][T17145] syz.5.3199 (17145): drop_caches: 1
[ 1296.172544][T17095] batman_adv: batadv0: Adding interface: batadv_slave_0
[ 1296.214224][T17095] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[ 1296.242612][T17095] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active
[ 1296.404293][T17095] batman_adv: batadv0: Adding interface: batadv_slave_1
[ 1296.411332][T17095] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[ 1296.445369][T17095] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active
[ 1296.734383][ T6220] usb 4-1: new high-speed USB device number 17 using dummy_hcd
[ 1296.743587][   T26] audit: type=1326 audit(1759909037.160:190): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=17169 comm="syz.4.3207" exe="/root/syz-executor" sig=31 arch=c000003e syscall=202 compat=0 ip=0x7fd53138eec9 code=0x0
[ 1296.778388][T17095] device hsr_slave_0 entered promiscuous mode
[ 1296.811030][T17095] device hsr_slave_1 entered promiscuous mode
[ 1296.846273][T17095] debugfs: Directory 'hsr0' with parent 'hsr' already present!
[ 1296.878310][T17095] Cannot create hsr debugfs directory
[ 1296.924280][ T6220] usb 4-1: Using ep0 maxpacket: 16
[ 1296.930981][ T6220] usb 4-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7
[ 1296.961420][ T6220] usb 4-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0
[ 1296.989880][ T6220] usb 4-1: config 0 interface 0 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 9
[ 1297.027316][ T6220] usb 4-1: New USB device found, idVendor=045e, idProduct=07da, bcdDevice= 0.00
[ 1297.036846][ T6220] usb 4-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[ 1297.049833][ T6220] usb 4-1: config 0 descriptor??
[ 1297.277848][ T4283] Bluetooth: hci1: command 0x040f tx timeout
[ 1297.474109][ T6220] usbhid 4-1:0.0: can't add hid device: -71
[ 1297.480283][ T6220] usbhid: probe of 4-1:0.0 failed with error -71
[ 1297.517654][ T6220] usb 4-1: USB disconnect, device number 17
[ 1297.779384][T11292] bond0: (slave wlan1): Releasing backup interface
[ 1297.853091][T11292] ------------[ cut here ]------------
[ 1297.859504][T11292] WARNING: CPU: 0 PID: 11292 at net/mac80211/chan.c:2017 ieee80211_link_release_channel+0x150/0x180
[ 1297.870489][T11292] Modules linked in:
[ 1297.874410][T11292] CPU: 0 PID: 11292 Comm: kworker/u4:27 Not tainted syzkaller #0
[ 1297.882139][T11292] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 08/18/2025
[ 1297.892251][T11292] Workqueue: netns cleanup_net
[ 1297.897098][T11292] RIP: 0010:ieee80211_link_release_channel+0x150/0x180
[ 1297.903983][T11292] Code: 7c 2d 00 00 74 08 48 89 df e8 0c 73 2f f8 bf 18 1e 00 00 48 03 3b 5b 41 5c 41 5d 41 5e 41 5f 5d e9 e5 f8 7e 00 e8 d0 45 df f7 <0f> 0b eb c5 48 c7 c1 64 9a 1f 8e 80 e1 07 80 c1 03 38 c1 0f 8c 51
[ 1297.923644][T11292] RSP: 0018:ffffc9000d9a76e8 EFLAGS: 00010293
[ 1297.929769][T11292] RAX: ffffffff89a18920 RBX: ffff8880287055a8 RCX: ffff88802e30bb80
[ 1297.937808][T11292] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000000000000
[ 1297.945831][T11292] RBP: 0000000000000000 R08: dffffc0000000000 R09: fffffbfff1c3ecb6
[ 1297.953801][T11292] R10: fffffbfff1c3ecb6 R11: 1ffffffff1c3ecb5 R12: ffff888028706ae0
[ 1297.961827][T11292] R13: 1ffff110050e0ab5 R14: ffff888028706258 R15: dffffc0000000000
[ 1297.969843][T11292] FS:  0000000000000000(0000) GS:ffff8880b8e00000(0000) knlGS:0000000000000000
[ 1297.978909][T11292] CS:  0010 DS: 0000 ES: 0000 CR0: 0000000080050033
[ 1297.985526][T11292] CR2: 000000110c24ec99 CR3: 000000002925d000 CR4: 00000000003506f0
[ 1297.993491][T11292] DR0: ffffffffffffffff DR1: 00000000000001f8 DR2: 0000000000000083
[ 1298.001509][T11292] DR3: ffffffffefffff15 DR6: 00000000ffff0ff0 DR7: 0000000000000400
[ 1298.009518][T11292] Call Trace:
[ 1298.012790][T11292]  <TASK>
[ 1298.015768][T11292]  ? trace_drv_return_void+0x240/0x240
[ 1298.021267][T11292]  unregister_netdevice_many+0x12ab/0x1840
[ 1298.027164][T11292]  ? __mutex_unlock_slowpath+0x19e/0x6a0
[ 1298.032822][T11292]  ? alloc_netdev_mqs+0xf00/0xf00
[ 1298.037920][T11292]  ? mutex_unlock+0x10/0x10
[ 1298.042440][T11292]  ? unregister_netdevice_queue+0x1aa/0x360
[ 1298.048373][T11292]  ? list_netdevice+0x6c0/0x6c0
[ 1298.053239][T11292]  ? ieee80211_txq_teardown_flows+0x15c/0x220
[ 1298.059362][T11292]  ? cfg80211_shutdown_all_interfaces+0x175/0x1c0
[ 1298.065819][T11292]  ieee80211_remove_interfaces+0x429/0x6d0
[ 1298.071658][T11292]  ? ieee80211_do_stop+0x1d70/0x1d70
[ 1298.077006][T11292]  ? preempt_count_add+0x8d/0x190
[ 1298.082056][T11292]  ? up_write+0x1bb/0x420
[ 1298.086468][T11292]  ? atomic_notifier_chain_unregister+0xf1/0x100
[ 1298.092857][T11292]  ieee80211_unregister_hw+0x59/0x290
[ 1298.098277][T11292]  mac80211_hwsim_del_radio+0x270/0x450
[ 1298.103855][T11292]  ? rhashtable_remove_fast+0xc50/0xc50
[ 1298.109454][T11292]  ? net_generic+0x1e/0x240
[ 1298.113985][T11292]  hwsim_exit_net+0x581/0x640
[ 1298.118701][T11292]  ? hwsim_init_net+0x80/0x80
[ 1298.123396][T11292]  ? __ip_vs_dev_cleanup_batch+0x234/0x250
[ 1298.129246][T11292]  cleanup_net+0x6f0/0xb80
[ 1298.133678][T11292]  ? ops_free_list+0x3b0/0x3b0
[ 1298.138485][T11292]  ? _raw_spin_unlock_irq+0x1f/0x40
[ 1298.143718][T11292]  ? process_one_work+0x7a1/0x1160
[ 1298.148888][T11292]  process_one_work+0x898/0x1160
[ 1298.153848][T11292]  ? worker_detach_from_pool+0x240/0x240
[ 1298.159525][T11292]  ? _raw_spin_lock_irq+0xab/0xe0
[ 1298.164588][T11292]  ? _raw_spin_lock_irqsave+0xf0/0xf0
[ 1298.169963][T11292]  ? kthread_data+0x4b/0xc0
[ 1298.174523][T11292]  worker_thread+0xaa2/0x1250
[ 1298.179230][T11292]  kthread+0x29d/0x330
[ 1298.183297][T11292]  ? worker_clr_flags+0x1a0/0x1a0
[ 1298.188361][T11292]  ? kthread_blkcg+0xd0/0xd0
[ 1298.193083][T11292]  ret_from_fork+0x1f/0x30
[ 1298.197564][T11292]  </TASK>
[ 1298.200590][T11292] Kernel panic - not syncing: kernel: panic_on_warn set ...
[ 1298.207871][T11292] CPU: 0 PID: 11292 Comm: kworker/u4:27 Not tainted syzkaller #0
[ 1298.215596][T11292] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 08/18/2025
[ 1298.225636][T11292] Workqueue: netns cleanup_net
[ 1298.230395][T11292] Call Trace:
[ 1298.233665][T11292]  <TASK>
[ 1298.236586][T11292]  dump_stack_lvl+0x168/0x22e
[ 1298.241256][T11292]  ? memcpy+0x3c/0x60
[ 1298.245244][T11292]  ? show_regs_print_info+0x12/0x12
[ 1298.250437][T11292]  ? load_image+0x3b0/0x3b0
[ 1298.254949][T11292]  panic+0x2c9/0x710
[ 1298.258843][T11292]  ? bpf_jit_dump+0xd0/0xd0
[ 1298.263355][T11292]  ? ret_from_fork+0x1f/0x30
[ 1298.267951][T11292]  __warn+0x2f8/0x4f0
[ 1298.271927][T11292]  ? ieee80211_link_release_channel+0x150/0x180
[ 1298.278161][T11292]  ? ieee80211_link_release_channel+0x150/0x180
[ 1298.284392][T11292]  report_bug+0x2ba/0x4f0
[ 1298.288710][T11292]  ? ieee80211_link_release_channel+0x150/0x180
[ 1298.294946][T11292]  handle_bug+0x3a/0x70
[ 1298.299094][T11292]  exc_invalid_op+0x16/0x40
[ 1298.303585][T11292]  asm_exc_invalid_op+0x16/0x20
[ 1298.308428][T11292] RIP: 0010:ieee80211_link_release_channel+0x150/0x180
[ 1298.315275][T11292] Code: 7c 2d 00 00 74 08 48 89 df e8 0c 73 2f f8 bf 18 1e 00 00 48 03 3b 5b 41 5c 41 5d 41 5e 41 5f 5d e9 e5 f8 7e 00 e8 d0 45 df f7 <0f> 0b eb c5 48 c7 c1 64 9a 1f 8e 80 e1 07 80 c1 03 38 c1 0f 8c 51
[ 1298.334865][T11292] RSP: 0018:ffffc9000d9a76e8 EFLAGS: 00010293
[ 1298.340954][T11292] RAX: ffffffff89a18920 RBX: ffff8880287055a8 RCX: ffff88802e30bb80
[ 1298.348924][T11292] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000000000000
[ 1298.356889][T11292] RBP: 0000000000000000 R08: dffffc0000000000 R09: fffffbfff1c3ecb6
[ 1298.364861][T11292] R10: fffffbfff1c3ecb6 R11: 1ffffffff1c3ecb5 R12: ffff888028706ae0
[ 1298.372825][T11292] R13: 1ffff110050e0ab5 R14: ffff888028706258 R15: dffffc0000000000
[ 1298.380792][T11292]  ? ieee80211_link_release_channel+0x150/0x180
[ 1298.387036][T11292]  ? ieee80211_link_release_channel+0x150/0x180
[ 1298.393274][T11292]  ? trace_drv_return_void+0x240/0x240
[ 1298.398725][T11292]  unregister_netdevice_many+0x12ab/0x1840
[ 1298.404533][T11292]  ? __mutex_unlock_slowpath+0x19e/0x6a0
[ 1298.410161][T11292]  ? alloc_netdev_mqs+0xf00/0xf00
[ 1298.415182][T11292]  ? mutex_unlock+0x10/0x10
[ 1298.419674][T11292]  ? unregister_netdevice_queue+0x1aa/0x360
[ 1298.425558][T11292]  ? list_netdevice+0x6c0/0x6c0
[ 1298.430399][T11292]  ? ieee80211_txq_teardown_flows+0x15c/0x220
[ 1298.436472][T11292]  ? cfg80211_shutdown_all_interfaces+0x175/0x1c0
[ 1298.442891][T11292]  ieee80211_remove_interfaces+0x429/0x6d0
[ 1298.448699][T11292]  ? ieee80211_do_stop+0x1d70/0x1d70
[ 1298.453977][T11292]  ? preempt_count_add+0x8d/0x190
[ 1298.458998][T11292]  ? up_write+0x1bb/0x420
[ 1298.463321][T11292]  ? atomic_notifier_chain_unregister+0xf1/0x100
[ 1298.469644][T11292]  ieee80211_unregister_hw+0x59/0x290
[ 1298.475012][T11292]  mac80211_hwsim_del_radio+0x270/0x450
[ 1298.480559][T11292]  ? rhashtable_remove_fast+0xc50/0xc50
[ 1298.486105][T11292]  ? net_generic+0x1e/0x240
[ 1298.490630][T11292]  hwsim_exit_net+0x581/0x640
[ 1298.495307][T11292]  ? hwsim_init_net+0x80/0x80
[ 1298.499975][T11292]  ? __ip_vs_dev_cleanup_batch+0x234/0x250
[ 1298.505782][T11292]  cleanup_net+0x6f0/0xb80
[ 1298.510190][T11292]  ? ops_free_list+0x3b0/0x3b0
[ 1298.514949][T11292]  ? _raw_spin_unlock_irq+0x1f/0x40
[ 1298.520142][T11292]  ? process_one_work+0x7a1/0x1160
[ 1298.525240][T11292]  process_one_work+0x898/0x1160
[ 1298.530193][T11292]  ? worker_detach_from_pool+0x240/0x240
[ 1298.535815][T11292]  ? _raw_spin_lock_irq+0xab/0xe0
[ 1298.540851][T11292]  ? _raw_spin_lock_irqsave+0xf0/0xf0
[ 1298.546240][T11292]  ? kthread_data+0x4b/0xc0
[ 1298.550747][T11292]  worker_thread+0xaa2/0x1250
[ 1298.555440][T11292]  kthread+0x29d/0x330
[ 1298.559503][T11292]  ? worker_clr_flags+0x1a0/0x1a0
[ 1298.564520][T11292]  ? kthread_blkcg+0xd0/0xd0
[ 1298.569107][T11292]  ret_from_fork+0x1f/0x30
[ 1298.573528][T11292]  </TASK>
[ 1298.576836][T11292] Kernel Offset: disabled
[ 1298.581279][T11292] Rebooting in 86400 seconds..