last executing test programs:

4m56.201349926s ago: executing program 0 (id=2343):
socketpair$unix(0x1, 0x3, 0x0, &(0x7f0000000040)={<r0=>0xffffffffffffffff, <r1=>0xffffffffffffffff})
connect$unix(r0, &(0x7f0000000300)=@file={0x0, './file0\x00'}, 0x6e)
sendmmsg$unix(r1, &(0x7f00000bd000), 0x318, 0x0)
recvmmsg(r0, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
io_setup(0x7fff, 0x0)
sendmmsg$unix(0xffffffffffffffff, 0x0, 0x0, 0x0)
recvmmsg(0xffffffffffffffff, 0x0, 0x0, 0x2, 0x0)
munmap(&(0x7f0000001000/0x4000)=nil, 0x4000)
r2 = syz_open_dev$dri(&(0x7f0000000080), 0x1, 0x0)
r3 = dup2(r2, r2)
ioctl$DRM_IOCTL_WAIT_VBLANK(r3, 0xc018643a, &(0x7f00000001c0)={0x14000000})
r4 = socket$inet(0x2, 0x1, 0x0)
setsockopt$inet_tcp_int(r4, 0x6, 0x10000000013, &(0x7f0000d06000)=0x1, 0x4)
setsockopt$inet_opts(r4, 0x0, 0x4, 0x0, 0x0)
bind$inet(r4, &(0x7f0000000000)={0x2, 0x4e22, @remote}, 0x10)
connect$inet(r4, &(0x7f0000000080)={0x2, 0xc0, @remote}, 0x10)
mmap(&(0x7f0000000000/0xfbe000)=nil, 0xfbe000, 0xb, 0x31, 0xffffffffffffffff, 0x0)
pread64(r3, &(0x7f000004b1c0)=""/102350, 0x18fce, 0x9)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
openat$nullb(0xffffffffffffff9c, &(0x7f0000000080), 0x4000000004002, 0x0)
r5 = getpid()
syz_pidfd_open(r5, 0x0)
r6 = openat$iommufd(0xffffffffffffff9c, &(0x7f0000000240), 0x0, 0x0)
madvise(&(0x7f0000b5d000/0x2000)=nil, 0x2000, 0x0)
r7 = syz_open_procfs(0x0, &(0x7f0000000440)='net/tcp\x00')
pread64(r7, &(0x7f0000000000)=""/65, 0x41, 0x96)
ioctl$IOMMU_IOAS_ALLOC(r6, 0x3b81, &(0x7f0000000040)={0xc, 0x0, <r8=>0x0})
ioctl$IOMMU_TEST_OP_MOCK_DOMAIN(r6, 0x3ba0, &(0x7f00000007c0)={0x48, 0x2, r8})
ioctl$IOMMU_IOAS_MAP$PAGES(r6, 0x3b85, &(0x7f0000000100)={0x28, 0x4, r8, 0x0, &(0x7f0000c00000/0x400000)=nil, 0x400000, 0x51e})

4m54.868633644s ago: executing program 0 (id=2348):
r0 = socket$nl_route(0x10, 0x3, 0x0)
sendmsg$nl_route_sched(r0, &(0x7f0000000080)={0x0, 0x0, 0x0}, 0x0)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000080)=0x8)
r1 = getpid()
sched_setscheduler(r1, 0x2, &(0x7f0000000200)=0x7)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={<r2=>0xffffffffffffffff, <r3=>0xffffffffffffffff})
connect$unix(r2, &(0x7f000057eff8)=@abs, 0x6e)
sendmmsg$unix(r3, &(0x7f0000000000), 0x651, 0x0)
recvmmsg(r2, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
mkdirat(0xffffffffffffff9c, 0x0, 0x0)
mkdirat(0xffffffffffffff9c, &(0x7f0000002040)='./file0\x00', 0x64)
mkdir(&(0x7f00000000c0)='./bus\x00', 0x0)
lsetxattr$security_evm(&(0x7f0000000040)='./file0\x00', &(0x7f00000003c0), &(0x7f0000000100)=ANY=[@ANYBLOB="05"], 0x9, 0x1)
mount$bind(&(0x7f00000002c0)='.\x00', &(0x7f0000000200)='./file0/../file0\x00', 0x0, 0x101091, 0x0)
mount$overlay(0x0, &(0x7f0000000240)='./bus\x00', &(0x7f0000000080), 0x0, &(0x7f0000000a00)={[{@workdir={'workdir', 0x3d, './bus'}}, {@lowerdir={'lowerdir', 0x3d, './file0'}}, {@upperdir={'upperdir', 0x3d, './file1'}}]})
chdir(&(0x7f00000001c0)='./bus\x00')
utime(&(0x7f0000000000)='./file0\x00', 0x0)

4m53.757721358s ago: executing program 0 (id=2350):
r0 = socket$nl_netfilter(0x10, 0x3, 0xc)
sendmsg$NFT_BATCH(r0, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000080)={&(0x7f0000000240)=ANY=[@ANYBLOB="140000001000010000000000000000000500000a28000000000a030000000000000000000a00000708000240000000020900010073797a31000000002c000000030a010100000000000000000a0000070900010073797a31000000000900030073797a320000000014000000110001"], 0x7c}, 0x1, 0x0, 0x0, 0x4000}, 0x0)
sendmsg$NFT_BATCH(r0, &(0x7f0000000040)={0x0, 0x0, &(0x7f0000009b00)={&(0x7f0000000140)=ANY=[@ANYBLOB="140000001000010000000000ff0000000500000a54000000060a010400000000000000000a00fffd0900010073797a31000000000900020073797a320000000028000480240001800b000100736f636b65740000140002800800014000000000080002"], 0x7c}, 0x1, 0x0, 0x0, 0x4000850}, 0x24000000)

4m53.071042419s ago: executing program 0 (id=2353):
mkdirat(0xffffffffffffff9c, &(0x7f0000000040)='./file0\x00', 0x0)
mount$bind(0x0, &(0x7f00000005c0)='./file0\x00', 0x0, 0x100000, 0x0)
mmap(&(0x7f0000000000/0xfbe000)=nil, 0xfbe000, 0xb, 0x31, 0xffffffffffffffff, 0x0) (async)
r0 = syz_open_dev$dri(&(0x7f00000000c0), 0x1ff, 0x80800)
ioctl$DRM_IOCTL_MODE_GETRESOURCES(r0, 0xc04064a0, &(0x7f00000003c0)={0x0, 0x0, &(0x7f0000003240)=[0x0], 0x0, 0x0, 0x0, 0x1}) (async)
mount$bind(&(0x7f0000000000)='.\x00', &(0x7f0000000200)='./file0/../file0\x00', 0x0, 0x101097, 0x0)
mount$bind(&(0x7f0000000100)='./file0/file0\x00', &(0x7f0000000080)='./file0/file0\x00', 0x0, 0x28a100a, 0x0) (async)
mount$bind(0x0, &(0x7f0000000240)='./file0\x00', 0x0, 0x28808a0, 0x0) (async)
mount$bind(&(0x7f0000000380)='./file0\x00', &(0x7f0000000300)='./file0\x00', 0x0, 0x2125099, 0x0)

4m52.756702181s ago: executing program 0 (id=2356):
r0 = seccomp$SECCOMP_SET_MODE_FILTER_LISTENER(0x1, 0x0, &(0x7f0000000040)={0x0, 0x0})
r1 = syz_open_dev$vbi(&(0x7f00000001c0), 0x1, 0x2)
r2 = fcntl$dupfd(r1, 0x0, r1)
write$binfmt_script(r2, &(0x7f0000000100), 0xfffffd9d)
r3 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000540)={0x18, 0xb, &(0x7f00000002c0)=ANY=[@ANYBLOB="18000000000080000000000000000000180100002520702500000000690000007b1af8ff00000000bfa100000000000007010000f8ffffffb702000008000000b703000000000000850000000600000095"], &(0x7f00000003c0)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x3, '\x00', 0x0, 0x2, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x1}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f00000000c0)={&(0x7f0000000340)='contention_begin\x00', r3, 0x0, 0x800000000}, 0x18)
ioctl$SNDRV_CTL_IOCTL_RAWMIDI_INFO(0xffffffffffffffff, 0xc10c5541, &(0x7f0000000280)={0x2, 0x100004, 0x20})
syz_open_procfs(0x0, &(0x7f00000000c0)='fd/3\x00')
dup(0xffffffffffffffff)
close_range(r0, 0xffffffffffffffff, 0x200000000000000)

4m51.663255101s ago: executing program 0 (id=2358):
fstatfs(0xffffffffffffffff, &(0x7f0000000140)=""/159)
socket$nl_route(0x10, 0x3, 0x0)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000080)=0x8)
r0 = getpid()
sched_setscheduler(r0, 0x2, &(0x7f0000000200)=0x7)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={<r1=>0xffffffffffffffff, <r2=>0xffffffffffffffff})
connect$unix(r1, &(0x7f000057eff8)=@abs, 0x6e)
sendmmsg$unix(r2, &(0x7f0000000000), 0x651, 0x0)
recvmmsg(r1, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
r3 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000300)={0x11, 0x5, &(0x7f00000002c0)=ANY=[@ANYBLOB="18050000000000fe000000004b64ffec850000007d000000040000000700000095"], &(0x7f0000000080)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x2}, 0x80)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000540)={0x0, r3}, 0x18)
mkdirat(0xffffffffffffff9c, &(0x7f0000000340)='./file1\x00', 0x0)
mkdirat(0xffffffffffffff9c, &(0x7f0000002040)='./file0\x00', 0x64)
mkdir(&(0x7f00000000c0)='./bus\x00', 0x0)
lsetxattr$security_evm(&(0x7f0000000040)='./file0\x00', &(0x7f00000003c0), &(0x7f0000000100)=ANY=[@ANYBLOB="05"], 0x9, 0x1)
mount$bind(&(0x7f00000002c0)='.\x00', &(0x7f0000000200)='./file0/../file0\x00', 0x0, 0x101091, 0x0)
mount$overlay(0x0, &(0x7f0000000240)='./bus\x00', &(0x7f0000000080), 0x0, &(0x7f0000000a00)={[{@workdir={'workdir', 0x3d, './bus'}}, {@lowerdir={'lowerdir', 0x3d, './file0'}}, {@upperdir={'upperdir', 0x3d, './file1'}}]})
chdir(&(0x7f00000001c0)='./bus\x00')
utime(&(0x7f0000000000)='./file0\x00', 0x0)

4m50.816884017s ago: executing program 32 (id=2358):
fstatfs(0xffffffffffffffff, &(0x7f0000000140)=""/159)
socket$nl_route(0x10, 0x3, 0x0)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000080)=0x8)
r0 = getpid()
sched_setscheduler(r0, 0x2, &(0x7f0000000200)=0x7)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={<r1=>0xffffffffffffffff, <r2=>0xffffffffffffffff})
connect$unix(r1, &(0x7f000057eff8)=@abs, 0x6e)
sendmmsg$unix(r2, &(0x7f0000000000), 0x651, 0x0)
recvmmsg(r1, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
r3 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000300)={0x11, 0x5, &(0x7f00000002c0)=ANY=[@ANYBLOB="18050000000000fe000000004b64ffec850000007d000000040000000700000095"], &(0x7f0000000080)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x2}, 0x80)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000540)={0x0, r3}, 0x18)
mkdirat(0xffffffffffffff9c, &(0x7f0000000340)='./file1\x00', 0x0)
mkdirat(0xffffffffffffff9c, &(0x7f0000002040)='./file0\x00', 0x64)
mkdir(&(0x7f00000000c0)='./bus\x00', 0x0)
lsetxattr$security_evm(&(0x7f0000000040)='./file0\x00', &(0x7f00000003c0), &(0x7f0000000100)=ANY=[@ANYBLOB="05"], 0x9, 0x1)
mount$bind(&(0x7f00000002c0)='.\x00', &(0x7f0000000200)='./file0/../file0\x00', 0x0, 0x101091, 0x0)
mount$overlay(0x0, &(0x7f0000000240)='./bus\x00', &(0x7f0000000080), 0x0, &(0x7f0000000a00)={[{@workdir={'workdir', 0x3d, './bus'}}, {@lowerdir={'lowerdir', 0x3d, './file0'}}, {@upperdir={'upperdir', 0x3d, './file1'}}]})
chdir(&(0x7f00000001c0)='./bus\x00')
utime(&(0x7f0000000000)='./file0\x00', 0x0)

2m45.508335361s ago: executing program 1 (id=2754):
r0 = socket$nl_sock_diag(0x10, 0x3, 0x4)
r1 = dup3(r0, r0, 0x0)
connect$unix(r1, &(0x7f0000000000)=@abs={0x2, 0x0, 0x4e24}, 0x6e)
link(&(0x7f0000000080)='./file0\x00', &(0x7f00000000c0)='./file0\x00')
read$FUSE(r1, &(0x7f0000000100)={0x2020}, 0x2020)
r2 = socket$nl_generic(0x10, 0x3, 0x10)
r3 = syz_genetlink_get_family_id$mptcp(&(0x7f0000002180), r1)
sendmsg$MPTCP_PM_CMD_GET_LIMITS(r2, &(0x7f0000002240)={&(0x7f0000002140)={0x10, 0x0, 0x0, 0x20000000}, 0xc, &(0x7f0000002200)={&(0x7f00000021c0)={0x38, r3, 0x200, 0x70bd2d, 0x25dfdbff, {}, [@MPTCP_PM_ATTR_ADDR_REMOTE={0x24, 0x6, 0x0, 0x1, [@MPTCP_PM_ADDR_ATTR_FAMILY={0x6, 0x1, 0x2}, @MPTCP_PM_ADDR_ATTR_ADDR4={0x8, 0x3, @multicast2}, @MPTCP_PM_ADDR_ATTR_FLAGS={0x8, 0x6, 0xa}, @MPTCP_PM_ADDR_ATTR_FAMILY={0x6, 0x1, 0xa}]}]}, 0x38}, 0x1, 0x0, 0x0, 0x4004}, 0x48004)
r4 = syz_genetlink_get_family_id$ipvs(&(0x7f00000022c0), r1)
sendmsg$IPVS_CMD_GET_DAEMON(r2, &(0x7f00000023c0)={&(0x7f0000002280)={0x10, 0x0, 0x0, 0x4011a800}, 0xc, &(0x7f0000002380)={&(0x7f0000002300)={0x58, r4, 0x300, 0x70bd28, 0x25dfdbfb, {}, [@IPVS_CMD_ATTR_SERVICE={0x44, 0x1, 0x0, 0x1, [@IPVS_SVC_ATTR_FLAGS={0xc, 0x7, {0x38, 0x12}}, @IPVS_SVC_ATTR_ADDR={0x14, 0x3, @ipv6=@rand_addr=' \x01\x00'}, @IPVS_SVC_ATTR_FWMARK={0x8, 0x5, 0x2}, @IPVS_SVC_ATTR_PORT={0x6, 0x4, 0x4e21}, @IPVS_SVC_ATTR_NETMASK={0x8, 0x9, 0x7b}, @IPVS_SVC_ATTR_FWMARK={0x8, 0x5, 0x1}]}]}, 0x58}, 0x1, 0x0, 0x0, 0x4000}, 0x20000081)
r5 = syz_open_dev$vcsa(&(0x7f0000002400), 0x8, 0x105402)
r6 = syz_open_dev$sndmidi(&(0x7f0000002440), 0x2, 0x10000)
getsockopt$PNPIPE_IFINDEX(r1, 0x113, 0x2, &(0x7f0000002480), &(0x7f00000024c0)=0x4)
ioctl$AUTOFS_DEV_IOCTL_VERSION(r5, 0xc0189371, &(0x7f0000002500)={{0x1, 0x1, 0x18, <r7=>0xffffffffffffffff}, './file0\x00'})
r8 = socket$can_j1939(0x1d, 0x2, 0x7)
setsockopt$SO_J1939_FILTER(r8, 0x6b, 0x1, &(0x7f0000002540)=[{0x2, 0x1, {0x1, 0x1, 0x4}, {0x1, 0x0, 0x1}}, {0x2, 0x0, {0x0, 0xff, 0x4}, {0x0, 0x0, 0x3}, 0xfd, 0xfd}], 0x40)
ioctl$FS_IOC_ADD_ENCRYPTION_KEY(r7, 0xc0506617, &(0x7f0000002580)={@desc={0x1, 0x0, @desc2}, 0x40, 0x0, '\x00', @a})
bind$unix(r7, &(0x7f0000002640)=@abs={0x1, 0x0, 0x4e21}, 0x6e)
pread64(r6, &(0x7f00000026c0)=""/66, 0x42, 0x10000)
sendmsg$nl_route(r5, &(0x7f0000002800)={&(0x7f0000002740)={0x10, 0x0, 0x0, 0x40}, 0xc, &(0x7f00000027c0)={&(0x7f0000002780)=@getneigh={0x14, 0x1e, 0x200, 0x70bd29, 0x25dfdbfb, {}, ["", "", "", ""]}, 0x14}}, 0x44000)
sendmsg$IPVS_CMD_GET_SERVICE(r5, &(0x7f0000002900)={&(0x7f0000002840)={0x10, 0x0, 0x0, 0x7c87b4d382be258f}, 0xc, &(0x7f00000028c0)={&(0x7f0000002880)={0x38, r4, 0x200, 0x70bd25, 0x25dfdbfd, {}, [@IPVS_CMD_ATTR_DEST={0x14, 0x2, 0x0, 0x1, [@IPVS_DEST_ATTR_INACT_CONNS={0x8, 0x8, 0xb7fd}, @IPVS_DEST_ATTR_ACTIVE_CONNS={0x8, 0x7, 0xfffffffb}]}, @IPVS_CMD_ATTR_TIMEOUT_TCP={0x8, 0x4, 0x9}, @IPVS_CMD_ATTR_TIMEOUT_TCP={0x8, 0x4, 0x1}]}, 0x38}, 0x1, 0x0, 0x0, 0x4000040}, 0x8040)
ioctl$sock_inet_SIOCSIFFLAGS(r8, 0x8914, &(0x7f0000002940)={'\x00', 0x400})
write$RDMA_USER_CM_CMD_GET_EVENT(r1, &(0x7f0000002b00)={0xc, 0x8, 0xfa00, {&(0x7f0000002980)}}, 0x10)
recvmsg$can_j1939(r1, &(0x7f0000002f00)={0x0, 0x0, &(0x7f0000002e80)=[{&(0x7f0000002b40)=""/205, 0xcd}, {&(0x7f0000002c40)=""/163, 0xa3}, {&(0x7f0000002d00)=""/239, 0xef}, {&(0x7f0000002e00)=""/86, 0x56}], 0x4, &(0x7f0000002ec0)=""/18, 0x12}, 0x20)
ioctl$IOMMU_IOAS_ALLOC(r7, 0x3b81, &(0x7f0000002f40)={0xc})
socket$inet6(0xa, 0x1, 0x7)
r9 = syz_usb_connect$uac1(0x0, 0x102, &(0x7f0000002f80)={{0x12, 0x1, 0x310, 0x0, 0x0, 0x0, 0x10, 0x1d6b, 0x101, 0x40, 0x1, 0x2, 0x3, 0x1, [{{0x9, 0x2, 0xf0, 0x3, 0x1, 0x0, 0xe0, 0xa, {{0x9, 0x4, 0x0, 0x0, 0x0, 0x1, 0x1, 0x0, 0x0, {{0xa, 0x24, 0x1, 0x9, 0x81}, [@output_terminal={0x9, 0x24, 0x3, 0x6, 0x306, 0x2, 0x1}, @feature_unit={0xf, 0x24, 0x6, 0x3, 0x6, 0x4, [0x7, 0x7, 0x0, 0x2], 0x3c}, @feature_unit={0x13, 0x24, 0x6, 0x2, 0x5, 0x6, [0x5, 0x6, 0x7, 0x1, 0x2, 0x2], 0xb}, @extension_unit={0x8, 0x24, 0x8, 0x1, 0xff, 0x57, "af"}, @extension_unit={0xc, 0x24, 0x8, 0x3, 0x8, 0x2, "2783739fc8"}]}}, {}, {0x9, 0x4, 0x1, 0x1, 0x1, 0x1, 0x2, 0x0, 0x0, {[@format_type_ii_discrete={0x11, 0x24, 0x2, 0x2, 0x8, 0x6, 0x5, "20adc21d51d22995"}, @format_type_i_continuous={0xa, 0x24, 0x2, 0x1, 0x8, 0x4, 0x8, 0x0, "05c5"}, @format_type_i_continuous={0xb, 0x24, 0x2, 0x1, 0x8, 0x1, 0x0, 0x80, "fe8e14"}, @format_type_i_discrete={0x10, 0x24, 0x2, 0x1, 0x3, 0x3, 0x7, 0x80, "5dcb76172ecf9d0a"}]}, {{0x9, 0x5, 0x1, 0x9, 0x400, 0xa, 0x2, 0x6, {0x7, 0x25, 0x1, 0x0, 0x40}}}}, {}, {0x9, 0x4, 0x2, 0x1, 0x1, 0x1, 0x2, 0x0, 0x0, {[@as_header={0x7, 0x24, 0x1, 0x7, 0xf9, 0x2}, @format_type_i_continuous={0xb, 0x24, 0x2, 0x1, 0x7f, 0x3, 0x7, 0x5, "", 'Ex\r'}, @format_type_ii_discrete={0xa, 0x24, 0x2, 0x2, 0x41fe, 0x4, 0x5, "03"}]}, {{0x9, 0x5, 0x82, 0x9, 0x3ff, 0xcd, 0xa, 0x9, {0x7, 0x25, 0x1, 0x1, 0x0, 0x6}}}}}}}]}}, &(0x7f0000003640)={0xa, &(0x7f00000030c0)={0xa, 0x6, 0x200, 0xe7, 0x80, 0xef, 0x0, 0x10}, 0x14e, &(0x7f0000003100)={0x5, 0xf, 0x14e, 0x6, [@ss_container_id={0x14, 0x10, 0x4, 0x3, "361e4e888df40a92b447dbf42c9b3f6d"}, @wireless={0xb, 0x10, 0x1, 0xc, 0x82, 0x7, 0xb2, 0x337b, 0x3}, @generic={0xfc, 0x10, 0xb, "c70424475f4a996eab32573328033e234a61f7730f45853ba1a99156e95f6567ff4fd3904eb20b039708a59d9bc71c7bdfab0536dc0715d5ed558e37e8a92f9460376ef8b33829b900575a44504eef9d74ca7956f4f9b66afc914de9d861971e680bbbe65057e4abce87f3bda80e603df59c58b50a21a8c3a1f200e2676adb4de1965259b6e9a40a73ef6a20f76494d01f906b88ebf74b8525b2583d89197584a4cfc68e0c64a18bc9f8d7d37addd4cdb8393459903a2f53878ea7ade82e2963f3f1d01bbdf304b00675bdf828145c029136db12e27e0a50ba37ba7bbd0f0cb8f162931fe5079d1da77fee1315a55dd34d90af86ecabc14569"}, @ssp_cap={0x14, 0x10, 0xa, 0x8, 0x2, 0xe, 0xf000, 0x5, [0x0, 0xffc000]}, @ssp_cap={0x10, 0x10, 0xa, 0x6, 0x1, 0x6, 0xf0f, 0x0, [0xc000]}, @ss_cap={0xa, 0x10, 0x3, 0x0, 0x8, 0x2, 0x1, 0xe}]}, 0x8, [{0x62, &(0x7f0000003280)=@string={0x62, 0x3, "fb4dc032f01e150e9e30efdab4644660e22da1459843b48542ce5547cc48e31b807e40bc8446dc5f35605e0b537349bf2d10d379a435b84f1fb6e769d1d9910d527abb6d19e4d59851873fa8c87ed8e53ed9dd930952ddafd6ce1a7fdcf656e0"}}, {0xca, &(0x7f0000003300)=@string={0xca, 0x3, "990462c2db0d6f52b0f2c27a25c719539b96b5b4ea9380288efc6d31cee1a2e93e0f48553c1ee8bd6b8a78b1faa8f495ed376aa13e625d81c7af6dffb8507093e776d4c02558cbaefabe11120ee8a35843cb071e9fae3311d328ccd6839610c097ca5a00b609a524b4dae510865a23264e305baa5345503b8eb3aaccabd93c1167ac9561198b0c32655dec5227737b1c85f2df8dcbabedea29a827093da1d1d0442e8f32c06dfff675b142365bf3c0d078765ab6b72f86d9391acb46b0b6bef0f8a4464b8ee86bf1"}}, {0x4, &(0x7f0000003400)=@lang_id={0x4, 0x3, 0x2809}}, {0x4, &(0x7f0000003440)=@lang_id={0x4, 0x3, 0x2009}}, {0x33, &(0x7f0000003480)=@string={0x33, 0x3, "9846b48208a9f69b0987b1ceeeb9a77afa37b8c07705d7cbd0af66cf4ed12a9e71180a5f9d41f0fabf2eebedfdab36c98b"}}, {0xd8, &(0x7f00000034c0)=@string={0xd8, 0x3, "4c7c8bcc78e842c703b4dcf0d6bc8b40a4117820cf3c40a029a355b3788c23cd8dc239698ee189956e07945b71d6e10e1d80c03701f98ec2349a1535d85f9b7d2538eca901cd17ca5b4ecc05b4dc23220504de04604c477b0d945da65b252f2a5e0d5fa9f33ea11b143771846233c192d773197a092eec4e0329415865e0eb87f75c5a6028bd28f1fe701167c5703f7a6fe76daa7abf1498411f5499eb07c90d6f9170449198909ebde3b8869b6fb2ec5ec9b48adfb8cbce7706dba0d75eb796bed92f6c46c80de44771ab092d14ebc888b693b385d4"}}, {0x4, &(0x7f00000035c0)=@lang_id={0x4, 0x3, 0x41e}}, {0x4, &(0x7f0000003600)=@lang_id={0x4, 0x3, 0x440a}}]})
syz_usb_control_io(r9, &(0x7f0000003a40)={0x2c, &(0x7f00000036c0)={0x40, 0x8, 0x78, {0x78, 0x5, "97fec1ce7cddec011978257c50c07f6e924058719f7340798b10580c7157b4cabd4750bfc5a2fd6413e7434a064a6db5e5f1c504f590c0df8bbe85511e301f077ea68372b621e6f6473d24f0aec64df65e534053d63d9902b59511ceb57cb03ca7b443052fdaa569bd1eb6a69f9e48cc1d329ff701fb"}}, &(0x7f0000003740)={0x0, 0x3, 0xe7, @string={0xe7, 0x3, "589361f83fb049e70387f657331f2ef0ecac728c8067ae6741998d8d6586c320154eeb3f48cded479f91e817573bbf6183825188588ac5ed45c63337ef53656c13d3a09106a230dc5cf39054c688dc3a7555c372b8eddbd80f137521bc57172e8b088341981640d3f35e6ffed37ddd6e8b003eeffc32af3877b4515b368da35bfcb6fff9270637d9cc386a1c72856c611f99da1565136776372832941c88f2b23f489770362c8338fdb8eb0128e47c1e40d0341e3b80da0be9db8e57c0fc5a9cc652af4108be6ca393f2ae373adac37645c92307ead82d0d53c0884c85675f47838defb747"}}, &(0x7f0000003840)={0x0, 0xf, 0x13c, {0x5, 0xf, 0x13c, 0x6, [@generic={0x96, 0x10, 0x2, "234e0202f93c08209c86cd338f815994db41e644afc0edec6ee0982b9fbb558c125825212332a93e2b7198f5feec8e9104d1fac9f34db769a8f504cd27a29a5e22bc9374242cf1cebb5f69ec37e35def9c85a68756675ceb1234c1d4c79596af8b9c3e32adf0af966f7d7807c7c54beb10fb072c368c33f609c45e179e6215bcf7191200e09bf83ffdfce55ddf0f3b434ead06"}, @generic={0x89, 0x10, 0x1, "f671b0cf78aa25092691696b97d0696af54ed5f920db130cf7a4caeff2204106a03870bc5f5069d606709fa3724c46e1ff5cac3112910a0959ebb2ee06aecf79652e0ff250e99282d7e4a89d5c15dbeff733ac27481a1bff3b779fe99afb8930ad8965fd8ddc98440d5d49870efedea291fbff73e68595a6b7ccb68458df6228ca97a2699cde"}, @ptm_cap={0x3}, @wireless={0xb, 0x10, 0x1, 0xc, 0x25, 0x9, 0x3, 0xfff7, 0x8}, @ext_cap={0x7, 0x10, 0x2, 0x0, 0x5, 0x0, 0x9}, @ptm_cap={0x3}]}}, &(0x7f00000039c0)={0x20, 0x29, 0xf, {0xf, 0x29, 0x10, 0x60, 0x5, 0x4, "715d3997", "cf3be7f3"}}, &(0x7f0000003a00)={0x20, 0x2a, 0xc, {0xc, 0x2a, 0x81, 0x0, 0xd, 0x6c, 0x40, 0x0, 0x8}}}, &(0x7f0000003f00)={0x84, &(0x7f0000003a80)={0x40, 0xe, 0x8a, "7ec59b2c349a47f4c3fabfbbd7b1339530d67eb091a6c80233b7285d8f88eaeb59ed179e87e07665aab5dfd2da8aa09e9249f9551d62277e6321d59cbbb24e4ca0927bfeeae076284e460c6ab9188968b4f515a18b075fd124bcc5c91258b0cd252fb44389ccbf0bb7c9a3b9e07c922756c9c5f34d908f42bbf07f8b93fd05633191cd5cb7015545e312"}, &(0x7f0000003b40)={0x0, 0xa, 0x1, 0x8}, &(0x7f0000003b80)={0x0, 0x8, 0x1, 0x1}, &(0x7f0000003bc0)={0x20, 0x0, 0x4, {0x3, 0x2}}, &(0x7f0000003c00)={0x20, 0x0, 0x8, {0x140, 0x10, [0x0]}}, &(0x7f0000003c40)={0x40, 0x7, 0x2, 0x20}, &(0x7f0000003c80)={0x40, 0x9, 0x1, 0x5}, &(0x7f0000003cc0)={0x40, 0xb, 0x2, "ca69"}, &(0x7f0000003d00)={0x40, 0xf, 0x2, 0x5}, &(0x7f0000003d40)={0x40, 0x13, 0x6, @remote}, &(0x7f0000003d80)={0x40, 0x17, 0x6}, &(0x7f0000003dc0)={0x40, 0x19, 0x2, "78f8"}, &(0x7f0000003e00)={0x40, 0x1a, 0x2, 0x8}, &(0x7f0000003e40)={0x40, 0x1c, 0x1, 0xe}, &(0x7f0000003e80)={0x40, 0x1e, 0x1, 0x4}, &(0x7f0000003ec0)={0x40, 0x21, 0x1, 0x5}})
r10 = syz_usb_connect$hid(0x6, 0x3f, &(0x7f0000003fc0)={{0x12, 0x1, 0x310, 0x0, 0x0, 0x0, 0x8, 0x5ac, 0x30b, 0x40, 0x1, 0x2, 0x3, 0x1, [{{0x9, 0x2, 0x2d, 0x1, 0x1, 0x10, 0xa0, 0x7, [{{0x9, 0x4, 0x0, 0x7, 0x2, 0x3, 0x1, 0x0, 0xc, {0x9, 0x21, 0xfff9, 0x3, 0x1, {0x22, 0x6e0}}, {{{0x9, 0x5, 0x81, 0x3, 0x40, 0x1, 0x6, 0x4}}, [{{0x9, 0x5, 0x2, 0x3, 0x3ff, 0x5, 0x16, 0xf0}}]}}}]}}]}}, &(0x7f0000004140)={0xa, &(0x7f0000004000)={0xa, 0x6, 0x201, 0x7, 0x10, 0x3c, 0x10, 0x10}, 0x53, &(0x7f0000004040)={0x5, 0xf, 0x53, 0x4, [@ssp_cap={0x1c, 0x10, 0xa, 0x5, 0x4, 0x2, 0xff0f, 0x2, [0xc0f0, 0x1fb0, 0xc0c0, 0x3f00]}, @ss_container_id={0x14, 0x10, 0x4, 0x0, "c362c2d94056c6c4b0212aa96bf55e6f"}, @ss_container_id={0x14, 0x10, 0x4, 0x6, "a1a8465bacc88f207f49f9da7f24f847"}, @ss_cap={0xa, 0x10, 0x3, 0x0, 0xa, 0x4, 0x0, 0x7}]}, 0x2, [{0x4, &(0x7f00000040c0)=@lang_id={0x4, 0x3, 0x41a}}, {0x4, &(0x7f0000004100)=@lang_id={0x4, 0x3, 0x1004}}]})
syz_usb_control_io$hid(r10, &(0x7f0000004280)={0x24, &(0x7f0000004180)={0x40, 0x1, 0x4, {0x4, 0xe, "db38"}}, &(0x7f00000041c0)={0x0, 0x3, 0x16, @string={0x16, 0x3, "7674da53ff6c93976f2473f35d2b8659805b5800"}}, &(0x7f0000004200)={0x0, 0x22, 0x10, {[@local=@item_4={0x3, 0x2, 0x7, "5e62c3bc"}, @global=@item_4={0x3, 0x1, 0x9, "05d2da08"}, @local=@item_012={0x0, 0x2, 0x5}, @main=@item_4={0x3, 0x0, 0x9, "774145ff"}]}}, &(0x7f0000004240)={0x0, 0x21, 0x9, {0x9, 0x21, 0x38d, 0x0, 0x1, {0x22, 0xba4}}}}, &(0x7f0000004500)={0x2c, &(0x7f00000042c0)={0x40, 0x13, 0x81, "066d31ba67daf479945487d063f74969ffaf9950af2e316ab53a337df46830e84cc4efb23ca36b9229c7beb17ab62b6057b3094ef3aabc946383d16468d99fac22bfe0fb5c2924e1dc2bf24ea2e87f9bbf7b1e291a0aee2897fdfa89c8bd498d256aaa01f66a3c6c2a7c96eaadf8d022714e6d0501146db4290efbc359dbe0fef9"}, &(0x7f0000004380)={0x0, 0xa, 0x1, 0x7}, &(0x7f00000043c0)={0x0, 0x8, 0x1, 0x5}, &(0x7f0000004400)={0x20, 0x1, 0xba, "bc2bcd5101a32af0bcae5a70103cb4bbce3d7f898cab7ccf238877e23f9cd8062f55c70d8181ff41b337e6e2a6ae8c94d13f735a5dd56d62ee12d1adca51bb971eb3d936a45580029cab7c5ffc1517280f9e40864d4f4772e10750d0a90d22a9d861e00c699b1515d45f1a46b421ad6d7946cc50d4da8447867fdc7d4caebc44d030a39ee06fdfbc47b9f311a8f0f2762d509794a2c526274482e6700ec348235ff257e4d27e6cbc075d9977dda5bfb90be3612e254e8cc14073"}, &(0x7f00000044c0)={0x20, 0x3, 0x1, 0x40}})

2m42.917585756s ago: executing program 1 (id=2761):
prctl$PR_SET_MM(0x23, 0x8, &(0x7f0000001000/0x4000)=nil)
r0 = socket$nl_generic(0x10, 0x3, 0x10)
r1 = syz_genetlink_get_family_id$nl80211(&(0x7f0000000280), 0xffffffffffffffff)
mremap(&(0x7f0000a96000/0x1000)=nil, 0x1000, 0x800000, 0x3, &(0x7f0000130000/0x800000)=nil)
mlock2(&(0x7f0000ff5000/0x9000)=nil, 0x9000, 0x0)
openat$vhost_vsock(0xffffffffffffff9c, &(0x7f0000000180), 0x2, 0x0)
mount(&(0x7f00000000c0)=@nbd={'/dev/nbd', 0x0}, &(0x7f0000000a00)='./file1\x00', 0x0, 0x840, 0x0)
ioctl$sock_SIOCGIFINDEX_80211(r0, 0x8933, &(0x7f00000002c0)={'wlan0\x00', <r2=>0x0})
mlock2(&(0x7f0000238000/0x4000)=nil, 0x4000, 0x0)
sched_setscheduler(0x0, 0x1, 0x0)
sched_setscheduler(0x0, 0x1, &(0x7f0000000040)=0x7)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={0xffffffffffffffff, <r3=>0xffffffffffffffff})
sendmmsg$unix(r3, &(0x7f00000bd000), 0x318, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000200)=0x4)
set_mempolicy(0x3, &(0x7f0000000000)=0x8, 0x8)
r4 = syz_open_dev$usbfs(&(0x7f00000000c0), 0x800000001fe, 0x82)
r5 = dup(r4)
ioctl$USBDEVFS_CONTROL(r5, 0xc0185500, &(0x7f0000000000)={0x23, 0x3, 0x1c, 0x20ec, 0x0, 0x0, 0x0})
sendmsg$NL80211_CMD_FRAME(r0, &(0x7f0000000c00)={0x0, 0x0, &(0x7f0000000640)={&(0x7f0000000080)=ANY=[@ANYBLOB='@\x00\x00\x00', @ANYRES16=r1, @ANYBLOB="010000000000000000003b00000008000300", @ANYRES32=r2, @ANYBLOB="22003300d0000000080211000001080211000000505050505050"], 0x40}}, 0x0)
mmap(&(0x7f0000000000/0xa000)=nil, 0xa000, 0x1000007, 0x2172, 0xffffffffffffffff, 0x0)
munmap(&(0x7f0000002000/0x2000)=nil, 0x2000)
r6 = syz_open_procfs(0xffffffffffffffff, &(0x7f0000000000)='cmdline\x00')
r7 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000280)={0x18, 0x5, &(0x7f0000000040)=ANY=[@ANYBLOB="180100002100000000000000000000108500000075000000a50000002300000095"], &(0x7f0000000000)='syzkaller\x00', 0x0, 0x0, 0x0, 0x40f00}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000100)={&(0x7f0000000140)='mmap_lock_acquire_returned\x00', r7}, 0x10)
r8 = syz_init_net_socket$nl_generic(0x10, 0x3, 0x10)
prctl$PR_SCHED_CORE(0x3e, 0x3, 0x0, 0x0, &(0x7f00000000c0))
ioctl$sock_SIOCGIFINDEX_802154(r8, 0x8933, &(0x7f0000000080)={'wpan3\x00'})
preadv(r6, &(0x7f00000003c0)=[{&(0x7f0000001180)=""/4084, 0xff4}], 0x1, 0x304, 0x21000008)

2m41.176365128s ago: executing program 1 (id=2766):
syz_usb_connect(0x6, 0x36, &(0x7f0000000040)=ANY=[@ANYBLOB="1201000063250800000000207265970000010902240001000000000904000002214c6a0009050702000000da00090589"], 0x0)

2m40.432580537s ago: executing program 1 (id=2772):
r0 = socket$inet6_sctp(0xa, 0x1, 0x84)
sendto$inet6(r0, &(0x7f0000000240)="b1", 0x1, 0x40080c4, &(0x7f0000000140)={0xa, 0x4e1f, 0x1, @loopback, 0xfffffffd}, 0x1c) (async)
getsockopt$inet_sctp6_SCTP_GET_LOCAL_ADDRS(r0, 0x84, 0x6d, &(0x7f00000002c0), &(0x7f0000000040)=0x8) (async)
syz_usb_connect(0x0, 0x36, &(0x7f0000000080)=ANY=[@ANYBLOB="120100003d37d840890457e00000000000010902240003000000000904"], 0x0)

2m38.488835946s ago: executing program 1 (id=2781):
r0 = syz_open_dev$tty20(0xc, 0x4, 0x1)
ioctl$TIOCSTI(r0, 0x5412, &(0x7f0000000140)=0x8)
r1 = syz_open_dev$tty20(0xc, 0x4, 0x1)
r2 = socket$alg(0x26, 0x5, 0x0)
r3 = openat$comedi(0xffffffffffffff9c, &(0x7f0000000080)='/dev/comedi3\x00', 0x400, 0x0)
ioctl$COMEDI_INSNLIST(r3, 0x8010640b, &(0x7f00000000c0))
setsockopt$IP6T_SO_SET_REPLACE(0xffffffffffffffff, 0x29, 0x40, &(0x7f0000000840)=@raw={'raw\x00', 0x3c1, 0x3, 0x3e8, 0x0, 0x111, 0x4b4, 0x0, 0xd4feffff, 0x318, 0x20a, 0x278, 0x318, 0x278, 0x3, 0x0, {[{{@ipv6={@empty, @empty, [0xffffff00], [], 'ipvlan0\x00', 'team_slave_0\x00', {}, {}, 0x6}, 0x7a, 0x198, 0x1c0, 0x0, {}, [@common=@inet=@tcp={{0x30}, {[], [], 0x5, 0x0, 0x2}}, @common=@unspec=@string={{0xc0}, {0x0, 0x0, 'bm\x00', "6d93eb04697dfa39de04767f46614613a407abbf4ed2e83a63b484dbb3bf6b2a850e79009e2905d2f98ba19f91f3c9faee6d3686e9bee067f4e77d9ad66238750c4100d7ee97ec7646259d90edece6e9787a97bc956c01754c34c5c9518c46178ed5f9194454980e579c80eca35a58dc47d1d5e4ff6e216c724e88c702448587", 0x28}}]}, @common=@inet=@TCPMSS={0x28, 'TCPMSS\x00', 0x0, {0xffff}}}, {{@ipv6={@loopback, @private1, [], [], 'veth1_to_hsr\x00', 'pim6reg1\x00'}, 0x0, 0xf0, 0x158, 0x0, {}, [@common=@unspec=@nfacct={{0x48}, {'syz1\x00'}}]}, @unspec=@CT2={0x68, 'CT\x00', 0x2, {0x0, 0x0, 0x0, 0x0, 'pptp\x00', 'syz1\x00'}}}], {{'\x00', 0x0, 0xa8, 0xd0}, {0x28}}}}, 0x448)
bind$alg(r2, &(0x7f0000000140)={0x26, 'hash\x00', 0x0, 0x0, 'blake2b-160\x00'}, 0x58)
r4 = accept4(r2, 0x0, 0x0, 0x800)
recvmmsg$unix(r4, &(0x7f0000003700)=[{{0x0, 0x700, 0x0, 0x0, 0x0, 0x500}}], 0x600, 0x0, 0x0)
accept4$tipc(r4, 0x0, 0x0, 0x0)
ioctl$TCSETSW2(r1, 0x402c542c, &(0x7f00000000c0)={0xffffffd1, 0x2, 0x2, 0x831a, 0x1, "030000000000000000049dd0ffd76d7fcb0b0e", 0x6, 0x201})
ioctl$TIOCSTI(r1, 0x5412, 0x0)
bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000002440)={0x3, 0x4, &(0x7f0000000480)=ANY=[@ANYBLOB], &(0x7f0000000240)='syzkaller\x00'}, 0x94)
socket$l2tp(0x2, 0x2, 0x73)
mkdirat(0xffffffffffffff9c, 0x0, 0x1c0)
r5 = openat$fuse(0xffffffffffffff9c, 0x0, 0x42, 0x0)
read$FUSE(r5, 0x0, 0x0)
mkdirat(0xffffffffffffff9c, &(0x7f0000000080)='./file0/../file0/file0/file0\x00', 0x144)
socket(0x10, 0x803, 0x0)
ioctl$sock_SIOCGIFINDEX(0xffffffffffffffff, 0x8933, &(0x7f0000000100)={'lo\x00'})
r6 = openat$procfs(0xffffffffffffff9c, 0x0, 0x0, 0x0)
r7 = openat$sysctl(0xffffffffffffff9c, &(0x7f0000000140)='/proc/sys/net/ipv4/tcp_sack\x00', 0x1, 0x0)
socket$inet6_sctp(0xa, 0x5, 0x84)
sendfile(r7, r6, &(0x7f00000000c0)=0x8b, 0x100000500)
r8 = socket$inet_tcp(0x2, 0x1, 0x0)
bind$inet(r8, &(0x7f0000000080)={0x2, 0x4e21, @multicast2}, 0x10)
connect$inet(r8, &(0x7f0000000180)={0x2, 0x4e21, @local}, 0x10)
openat$kvm(0xffffffffffffff9c, &(0x7f0000000080), 0x0, 0x0)
getsockopt$bt_hci(0xffffffffffffffff, 0x84, 0x18, &(0x7f0000000080)=""/4076, &(0x7f0000000040)=0xfec)

2m37.497786196s ago: executing program 1 (id=2785):
r0 = openat$nullb(0xffffffffffffff9c, &(0x7f0000000000), 0xa4242, 0x0)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0x2000007, 0x38011, r0, 0x0)
madvise(&(0x7f0000000000/0xc00000)=nil, 0xc00000, 0xe)
r1 = openat$nullb(0xffffffffffffff9c, &(0x7f0000000080), 0x4000000044082, 0x0)
r2 = socket$can_bcm(0x1d, 0x2, 0x2)
connect$can_bcm(r2, &(0x7f0000000040), 0x10)
sendmsg$netlink(r2, &(0x7f0000005d80)={&(0x7f0000000440)=@kern={0x1d, 0x0, 0x0, 0x10000}, 0x4, &(0x7f0000000200)=[{&(0x7f0000000280)=ANY=[], 0x38}, {0x0}], 0x2, 0x0, 0x0, 0x404c8d1}, 0x0)
fallocate(r1, 0x11, 0x100000, 0x4000000000078000)
socket$inet6(0xa, 0x2, 0x3a)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x5, 0x8b}, 0x0)
sched_setscheduler(0x0, 0x1, &(0x7f0000000100)=0x2)
recvmsg$unix(0xffffffffffffffff, 0x0, 0x0)
r3 = socket$inet6_sctp(0xa, 0x1, 0x84)
setsockopt$inet_sctp6_SCTP_PEER_ADDR_PARAMS(r3, 0x84, 0x9, &(0x7f0000000580)={0x0, @in={{0x2, 0x0, @empty}}, 0x8000, 0x0, 0x400, 0x0, 0x30}, 0x9c)
prlimit64(0x0, 0xe, 0x0, 0x0)
sched_setaffinity(0x0, 0x8, &(0x7f0000000200)=0x400000bce)
r4 = syz_open_dev$MSR(&(0x7f00000001c0), 0x0, 0x0)
read$msr(r4, &(0x7f0000002000)=""/102400, 0x19000)
bind$inet6(r3, &(0x7f0000000040)={0xa, 0x4e23, 0x0, @loopback, 0x4}, 0x1c)
sendto$inet6(r3, &(0x7f0000847fff)='X', 0x34000, 0x0, &(0x7f000005ffe4)={0xa, 0x4e23, 0x0, @loopback}, 0x1c)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
r5 = syz_open_dev$MSR(&(0x7f00000001c0), 0x0, 0x0)
read$msr(r5, &(0x7f0000002000)=""/102400, 0x19000)
r6 = syz_open_dev$video(&(0x7f00000002c0), 0x20000000005, 0x8100)
r7 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000540)='blkio.bfq.io_service_bytes\x00', 0x275a, 0x0)
write$UHID_CREATE2(r7, &(0x7f0000000180)=ANY=[], 0x118)
mmap(&(0x7f0000000000/0x3000)=nil, 0x3000, 0x5, 0x12, r7, 0x0)
ioctl$VIDIOC_G_PARM(r6, 0xc0cc5615, 0x0)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, 0x0, 0x0)
fanotify_mark(0xffffffffffffffff, 0x4, 0x8000000, 0xffffffffffffffff, 0x0)

2m22.394110002s ago: executing program 33 (id=2785):
r0 = openat$nullb(0xffffffffffffff9c, &(0x7f0000000000), 0xa4242, 0x0)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0x2000007, 0x38011, r0, 0x0)
madvise(&(0x7f0000000000/0xc00000)=nil, 0xc00000, 0xe)
r1 = openat$nullb(0xffffffffffffff9c, &(0x7f0000000080), 0x4000000044082, 0x0)
r2 = socket$can_bcm(0x1d, 0x2, 0x2)
connect$can_bcm(r2, &(0x7f0000000040), 0x10)
sendmsg$netlink(r2, &(0x7f0000005d80)={&(0x7f0000000440)=@kern={0x1d, 0x0, 0x0, 0x10000}, 0x4, &(0x7f0000000200)=[{&(0x7f0000000280)=ANY=[], 0x38}, {0x0}], 0x2, 0x0, 0x0, 0x404c8d1}, 0x0)
fallocate(r1, 0x11, 0x100000, 0x4000000000078000)
socket$inet6(0xa, 0x2, 0x3a)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x5, 0x8b}, 0x0)
sched_setscheduler(0x0, 0x1, &(0x7f0000000100)=0x2)
recvmsg$unix(0xffffffffffffffff, 0x0, 0x0)
r3 = socket$inet6_sctp(0xa, 0x1, 0x84)
setsockopt$inet_sctp6_SCTP_PEER_ADDR_PARAMS(r3, 0x84, 0x9, &(0x7f0000000580)={0x0, @in={{0x2, 0x0, @empty}}, 0x8000, 0x0, 0x400, 0x0, 0x30}, 0x9c)
prlimit64(0x0, 0xe, 0x0, 0x0)
sched_setaffinity(0x0, 0x8, &(0x7f0000000200)=0x400000bce)
r4 = syz_open_dev$MSR(&(0x7f00000001c0), 0x0, 0x0)
read$msr(r4, &(0x7f0000002000)=""/102400, 0x19000)
bind$inet6(r3, &(0x7f0000000040)={0xa, 0x4e23, 0x0, @loopback, 0x4}, 0x1c)
sendto$inet6(r3, &(0x7f0000847fff)='X', 0x34000, 0x0, &(0x7f000005ffe4)={0xa, 0x4e23, 0x0, @loopback}, 0x1c)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
r5 = syz_open_dev$MSR(&(0x7f00000001c0), 0x0, 0x0)
read$msr(r5, &(0x7f0000002000)=""/102400, 0x19000)
r6 = syz_open_dev$video(&(0x7f00000002c0), 0x20000000005, 0x8100)
r7 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000540)='blkio.bfq.io_service_bytes\x00', 0x275a, 0x0)
write$UHID_CREATE2(r7, &(0x7f0000000180)=ANY=[], 0x118)
mmap(&(0x7f0000000000/0x3000)=nil, 0x3000, 0x5, 0x12, r7, 0x0)
ioctl$VIDIOC_G_PARM(r6, 0xc0cc5615, 0x0)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, 0x0, 0x0)
fanotify_mark(0xffffffffffffffff, 0x4, 0x8000000, 0xffffffffffffffff, 0x0)

34.794152512s ago: executing program 3 (id=3065):
r0 = socket$nl_route(0x10, 0x3, 0x0)
r1 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000200), 0x0, 0x0)
madvise(&(0x7f0000c00000/0x400000)=nil, 0x400000, 0xe) (async, rerun: 32)
syz_memcpy_off$IO_URING_METADATA_GENERIC(0x0, 0x0, &(0x7f0000000180), 0xc06620, 0x4) (async, rerun: 32)
madvise(&(0x7f0000c0c000/0x1000)=nil, 0x1000, 0x14) (async)
r2 = openat$sw_sync_info(0xffffffffffffff9c, &(0x7f0000000ac0), 0x602800, 0x0)
unshare(0x400) (async, rerun: 64)
fanotify_mark(r2, 0x1, 0x40000021, r2, 0x0) (async, rerun: 64)
ioctl$KVM_GET_EMULATED_CPUID(r1, 0xc008ae09, &(0x7f0000000140)={0x1, 0x0, [{0x40000001, 0xfffff4b4, 0x2, 0x2, 0x3, 0x80000001, 0x9}]}) (async)
ioctl$KVM_IRQFD(0xffffffffffffffff, 0x4020ae76, 0x0) (async)
syz_usb_connect(0x5, 0x24, &(0x7f0000000400)=ANY=[@ANYBLOB="12010000cef8bd08410e424176bc010203030902120001000000000904"], 0x0) (async)
capset(&(0x7f0000000340)={0x19980330}, &(0x7f0000000040)={0x0, 0x2}) (async)
syz_open_dev$dri(&(0x7f0000000080), 0x1, 0x0) (async)
sendmsg$nl_route(r0, &(0x7f0000000240)={0x0, 0x0, &(0x7f0000000100)={&(0x7f00000007c0)=ANY=[@ANYBLOB="380000004800210028bd7000fddbdf250a002000", @ANYRES32=0x0, @ANYBLOB="00110000080002ff0000000014000100ff020000000000000000000000000001"], 0x38}, 0x1, 0x0, 0x0, 0x4}, 0x0) (async)
bpf$PROG_LOAD(0x5, &(0x7f000000e000)={0x10, 0x4, &(0x7f0000000040)=ANY=[@ANYBLOB="b4000000000000007910480000000000610434000000000095000000"], &(0x7f0000003ff6)='GPL\x00', 0x2, 0xc3, &(0x7f000000cf3d)=""/195, 0x0, 0x8, '\x00', 0x0, @sk_msg, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0xffffffffffffffff}, 0x94) (async)
ioctl$KVM_IRQFD(r2, 0x4020ae76, &(0x7f0000000000)={r2, 0xffffbff8, 0x2, r2})

34.492331525s ago: executing program 3 (id=3068):
r0 = inotify_add_watch(0xffffffffffffffff, 0x0, 0x70000009)
r1 = bpf$MAP_CREATE(0x0, &(0x7f00000009c0)=ANY=[@ANYBLOB="020000000400000008000000070000000010"], 0x48)
bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x0, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32=<r2=>r1, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b704000000000000850000000100000095"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback=0x8, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x8}, 0x94)
r3 = openat$ptmx(0xffffffffffffff9c, &(0x7f0000000040), 0x0, 0x0)
ioctl$TIOCSETD(r3, 0x5423, &(0x7f00000000c0)=0xf)
r4 = fcntl$dupfd(r3, 0x0, r3)
r5 = bpf$PROG_LOAD(0x5, &(0x7f0000000700)={0x16, 0xc, &(0x7f0000000800)=ANY=[@ANYRESHEX=r4, @ANYRES8=r2, @ANYRESHEX=r3, @ANYRES64=r0, @ANYRESHEX], &(0x7f0000000640)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x4, '\x00', 0x0, @fallback=0x13, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000000)={&(0x7f0000000100)='net_dev_xmit\x00', r5}, 0x10)
r6 = openat$binderfs(0xffffffffffffff9c, &(0x7f00000000c0)='./binderfs/binder0\x00', 0x0, 0x0)
ioctl$BINDER_SET_CONTEXT_MGR_EXT(r6, 0x4018620d, &(0x7f0000000100)={0x73622a85, 0x0, 0x400000000000000})
r7 = openat$binderfs(0xffffffffffffff9c, &(0x7f0000000180)='./binderfs/binder0\x00', 0x0, 0x0)
ioctl$BINDER_WRITE_READ(r7, 0xc0306201, &(0x7f0000000080)={0x8, 0x0, &(0x7f0000000280)=[@increfs], 0x0, 0x0, 0x0})
r8 = dup3(r7, r6, 0x0)
r9 = openat$binderfs(0xffffffffffffff9c, &(0x7f0000000040)='./binderfs/binder0\x00', 0x0, 0x0)
bpf$PROG_LOAD(0x5, &(0x7f0000000600)={0x11, 0x14, &(0x7f0000000400)=ANY=[@ANYBLOB="18"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0}, 0x94)
r10 = syz_open_dev$vim2m(&(0x7f0000000000), 0x8000000000, 0x2)
ioctl$vim2m_VIDIOC_CREATE_BUFS(r10, 0xc100565c, &(0x7f0000000140)={0x0, 0x40, 0x4, {0x2, @raw_data="3d924b8271394fa4ec01eb92492ff84715d1a004d08b012a7cafe27a5f313d31bbdae50511ca5be6bfe92437ed0d21b5180e375be56b3b9306d7dbb26bf9f22de7ac7681cca450055250217bdf1113b4258293ba4efed33147bda8454dd115bd5ba066ba06f2854cc96db9a98055cbde9fd084a1223ada91ed2e832907a01ab5ee65f997b617f73d1aa5a6dfc47acdc5eb834f8e448469d235e4380cbcc3310200970349a3c1374ffec96177b67caa0656f9664277cadb8597e7d911ad1da457ef9744b0993c57a7"}})
ioctl$vim2m_VIDIOC_PREPARE_BUF(r10, 0xc058565d, &(0x7f00000003c0)=@fd={0x0, 0x2, 0x4, 0x0, 0x0, {0x0, 0x2710}, {0x0, 0x0, 0x0, 0x0, 0x0, 0x0, "f06e4b56"}, 0x0, 0x4, {}, 0x5c000000})
mmap$binder(&(0x7f0000ffd000/0x3000)=nil, 0x3000, 0x1, 0x11, r9, 0x0)
ioctl$BINDER_SET_CONTEXT_MGR_EXT(r9, 0x4018620d, &(0x7f00000002c0)={0x73622a85, 0x10a})
ioctl$BINDER_WRITE_READ(r8, 0xc0306201, &(0x7f00000003c0)={0x8, 0x0, &(0x7f0000000000)=[@acquire], 0x0, 0x0, 0x0})
r11 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f00000008c0)={0x11, 0x5, &(0x7f0000000000)=ANY=[@ANYBLOB="18000000000000000000000000000000770000000e000000850000002a00000095"], &(0x7f0000000400)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x2}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000380)={&(0x7f00000003c0)='io_uring_register\x00', r11}, 0x18)
r12 = syz_io_uring_setup(0x41593, &(0x7f0000001900)={0x0, 0xf5dc, 0x4000, 0x3, 0x2f0}, &(0x7f00000004c0), &(0x7f0000002c00))
io_uring_register$IORING_UNREGISTER_RING_FDS(r12, 0x15, &(0x7f0000002ac0)=[{0xf00, 0x0, 0x2000000, 0x0, 0x0}], 0x1)
ioctl$BINDER_WRITE_READ(r4, 0xc0306201, &(0x7f0000000300)={0x0, 0x0, &(0x7f0000000840), 0x0, 0x0, 0x0})
prlimit64(0x0, 0x7, &(0x7f0000000ec0), 0x0)
ioctl$BINDER_WRITE_READ(r9, 0xc0306201, &(0x7f0000000680)={0x0, 0x0, 0x0, 0x1, 0x1000000000000, &(0x7f0000000340)="cb"})
sendmsg$nl_route(0xffffffffffffffff, &(0x7f0000000140)={0x0, 0x0, &(0x7f00000006c0)={&(0x7f00000005c0)=ANY=[@ANYBLOB="440004d4faac19ec8f20ffff0000000000000000", @ANYRES32=0x0, @ANYBLOB="00000000000000002400128009000100626f6e64000000001400028005001100000000000800120000000000"], 0x44}}, 0x0)
bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x40f00, 0x0, '\x00', 0x0, @fallback=0x1e, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)

32.976793823s ago: executing program 3 (id=3073):
r0 = socket$tipc(0x1e, 0x5, 0x0)
setsockopt$TIPC_GROUP_JOIN(r0, 0x10f, 0x87, &(0x7f0000000080)={0x40, 0x3, 0x2}, 0x10)
r1 = openat$dsp(0xffffffffffffff9c, &(0x7f0000000000), 0x42, 0x0)
mount$9p_fd(0x0, &(0x7f0000000100)='.\x00', &(0x7f0000000040), 0x0, &(0x7f00000001c0)=ANY=[@ANYBLOB='trans=fd,rfdno=', @ANYRESHEX=r1, @ANYBLOB=',wfdno=', @ANYRESOCT=r0])
r2 = socket$l2tp(0x2, 0x2, 0x73)
bind$inet(r2, &(0x7f0000000080)={0x2, 0x0, @multicast1}, 0x10)
socket(0x40000000015, 0x5, 0x0)
ioctl$AUTOFS_DEV_IOCTL_ASKUMOUNT(0xffffffffffffffff, 0xc018937d, 0x0)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x88}, 0x0)
sched_setscheduler(0x0, 0x1, &(0x7f0000000240)=0x7)
r3 = getpid()
sched_setscheduler(r3, 0x2, &(0x7f0000000200)=0x7)
r4 = socket$kcm(0x2, 0x3, 0x2)
sendmmsg$sock(r4, &(0x7f000000a040)=[{{&(0x7f0000000180)=@l2tp={0x2, 0x0, @empty, 0x4}, 0x80, 0x0, 0x0, &(0x7f0000000900)=[@timestamping={{0x14, 0x1, 0x41, 0x8}}], 0x18}}], 0x1, 0x10)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={<r5=>0xffffffffffffffff, <r6=>0xffffffffffffffff})
connect$unix(r5, &(0x7f000057eff8)=@file={0x1, './file0\x00'}, 0x6e)
sendmmsg$unix(r6, &(0x7f0000000000), 0x651, 0x0)
recvmmsg(r5, &(0x7f00000000c0), 0x0, 0x2, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000000)=0x6)
r7 = fanotify_init(0x20, 0x40000)
fanotify_mark(r7, 0x105, 0x5000003a, 0xffffffffffffffff, 0x0)
r8 = socket$alg(0x26, 0x5, 0x0)
bind$alg(r8, &(0x7f0000000000)={0x26, 'hash\x00', 0x0, 0x0, 'ghash-generic\x00'}, 0x58)
r9 = accept4(r8, 0x0, 0x0, 0x0)
setsockopt$ALG_SET_KEY(0xffffffffffffffff, 0x117, 0x1, &(0x7f00000000c0)="ad56b6cc0400aeb995298992ea5400c2", 0x10)
sendmmsg$unix(r9, &(0x7f0000000680), 0x4924924924925c6, 0x0)
bpf$PROG_LOAD(0x5, 0x0, 0x0)
ptrace(0x10, 0x1)
syz_emit_ethernet(0x74, &(0x7f0000000040)=ANY=[@ANYBLOB="0180c2000000000000000000080045000024000000000073907800000372567b6931ed456b61c2f42a00ac1414aa00000000febc90780200000000000000"], 0x0)

31.520498974s ago: executing program 3 (id=3078):
r0 = syz_open_procfs(0x0, &(0x7f0000000100)='syscall\x00') (async)
socket$nl_route(0x10, 0x3, 0x0) (async, rerun: 32)
r1 = socket$nl_route(0x10, 0x3, 0x0) (rerun: 32)
setsockopt$netlink_NETLINK_TX_RING(r1, 0x10e, 0xc, &(0x7f0000000040)={0x4, 0xfffffeff, 0xfffffff8, 0xfffffffc}, 0x10)
sendmsg$nl_route(r1, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000180)={&(0x7f00000003c0)=ANY=[@ANYBLOB="1c0000001a00010027bd700000000000022020000000fd00002000009c647291a7e0d454a7040f2e5a9fb72f1d305cbd6cae40664c1b469f03a5fef482d651bb16ae4c6e406eabf78cb5eec710c5cde7f1977141192c7ad7bf2149d1306d08bd94f65558fa8479b8f9718813c10263e0bad0127c97f0a9978cfc9f65b6a42a682e36cf55f5e7ecf00b"], 0x1c}}, 0x48010) (async)
fcntl$getownex(r0, 0x10, &(0x7f0000000300)={0x0, <r2=>0x0})
sched_setscheduler(r2, 0x2, &(0x7f0000000340)=0x3) (async)
r3 = socket$inet6_tcp(0xa, 0x1, 0x0)
setsockopt$inet6_tcp_int(r3, 0x6, 0x13, &(0x7f0000000080)=0x100000001, 0x4) (async)
connect$inet6(r3, &(0x7f0000000200)={0xa, 0x0, 0x0, @loopback}, 0x1c)
setsockopt$inet6_tcp_TCP_ULP(r3, 0x6, 0x1f, &(0x7f00000000c0), 0x4) (async)
setsockopt$inet6_tcp_TCP_REPAIR_QUEUE(r3, 0x6, 0x14, &(0x7f0000000600)=0x1, 0x4) (async, rerun: 32)
setsockopt$inet6_tcp_TLS_TX(r3, 0x11a, 0x1, &(0x7f0000000100)=@gcm_256={{0x303}, "0f78fbc54b6c106c", "75fd7583f127c5c356354c80ea765edaa15f377fb214e20fda1b0241bed67dc4", "b1726789", "fb442565fb00"}, 0x38) (rerun: 32)
sendto$inet6(r3, &(0x7f00000001c0), 0xffffffffffffff13, 0x0, 0x0, 0x3000137)
bind$inet6(0xffffffffffffffff, &(0x7f0000000140)={0xa, 0x4e22, 0x0, @rand_addr=' \x01\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x01', 0xa}, 0x1c)
socket$nl_netfilter(0x10, 0x3, 0xc) (async, rerun: 32)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0) (async, rerun: 32)
prlimit64(0x0, 0xe, &(0x7f0000000000)={0x8, 0x100008b}, 0x0) (async)
sched_setscheduler(0x0, 0x1, &(0x7f0000002200)=0x1)
r4 = syz_open_dev$MSR(&(0x7f00000001c0), 0x0, 0x0)
read$msr(r4, &(0x7f0000002700)=""/102392, 0x18ff8) (async)
accept4(0xffffffffffffffff, 0x0, 0x0, 0x0) (async)
bpf$PROG_LOAD(0x5, 0x0, 0x0) (async)
r5 = socket(0x1, 0x803, 0x0)
getsockname$packet(r5, &(0x7f0000000100)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f00000002c0)=0x14)
socket$inet6_tcp(0xa, 0x1, 0x0) (async, rerun: 32)
openat$sndseq(0xffffffffffffff9c, &(0x7f0000000240), 0x400000) (async, rerun: 32)
r6 = syz_usb_connect$hid(0x0, 0x36, &(0x7f0000000040)={{0x12, 0x1, 0x0, 0x0, 0x0, 0x0, 0x20, 0x403, 0x6030, 0x0, 0x0, 0x0, 0x0, 0x1, [{{0x9, 0x2, 0x24, 0x1, 0x0, 0x0, 0x0, 0x0, [{{0x9, 0x4, 0x0, 0x0, 0x1, 0x3, 0x0, 0x0, 0x0, {0x9, 0x21, 0x0, 0x0, 0x1, {0x22, 0x2}}}}]}}]}}, 0x0)
syz_usb_control_io(r6, 0x0, 0x0) (async)
syz_usb_control_io$hid(r6, &(0x7f0000000000)={0x24, 0x0, 0x0, &(0x7f0000000480)=ANY=[@ANYBLOB="f4210200000081a4a4f33074cc1416542deda00007b7ca0022ad249cc3a69c89b971d62efd9e09a20a9113a82fd5dc5bcc72320ca79ffb30736d7710d4b316f0b59001b661aef73a2796dbd9c113e82facbf23c008aea5d576719c32de8a84dea2a2456ac7d24a6b94e92904f2672cf4e8d20254cc1dd01a0b4916897d1d6bebe85e7cac713651e225e2e931ee6dea68d0297265c0ae5849d0c5db6170070c960c285ec0b4266e69fd0d6a95ad8cb04f8447f2ac27775beb8649845035c6c5818b361481e1d2e5083a5f0d7b897963b57e968b496b98ca2491cd6d0e4e32d03468dbb573f07405918c2378"], 0x0}, 0x0)

29.494802429s ago: executing program 3 (id=3086):
socketpair$unix(0x1, 0x2, 0x0, &(0x7f00000000c0)={<r0=>0xffffffffffffffff, <r1=>0xffffffffffffffff})
connect$unix(r0, &(0x7f000057eff8)=@abs, 0x57)
sendmmsg$unix(r1, &(0x7f00000bd000), 0x318, 0x0)
ioctl$LOOP_CHANGE_FD(0xffffffffffffffff, 0x4c06, r1)
recvmmsg(r0, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0) (async)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
sched_setattr(0x0, &(0x7f0000000280)={0x38, 0x5, 0x8, 0x8001, 0x0, 0x9, 0x0, 0xfffffe0000000001, 0xfa11, 0xffffffff}, 0x0)
fsetxattr$security_capability(r0, 0x0, 0x0, 0x0, 0x2)
socket$l2tp6(0xa, 0x2, 0x73) (async)
r2 = socket$l2tp6(0xa, 0x2, 0x73)
clock_adjtime(0x7, 0x0) (async)
clock_adjtime(0x7, 0x0)
write$USERIO_CMD_SEND_INTERRUPT(0xffffffffffffffff, 0x0, 0x0) (async)
write$USERIO_CMD_SEND_INTERRUPT(0xffffffffffffffff, 0x0, 0x0)
bpf$MAP_CREATE(0x100000000000000, &(0x7f0000000440)=@base={0xa, 0x9, 0x8, 0x2}, 0x48) (async)
bpf$MAP_CREATE(0x100000000000000, &(0x7f0000000440)=@base={0xa, 0x9, 0x8, 0x2}, 0x48)
bpf$PROG_LOAD_XDP(0x5, &(0x7f0000000340)={0xe, 0x4, &(0x7f0000000180)=@framed={{0x18, 0x2}, [@call={0x85, 0x0, 0x0, 0x88}]}, &(0x7f0000000000)='GPL\x00'}, 0x94)
madvise(&(0x7f0000a93000/0x4000)=nil, 0x4000, 0x80000000e)
sendmsg$nl_route(0xffffffffffffffff, &(0x7f00000002c0)={0x0, 0x0, 0x0}, 0x8040) (async)
sendmsg$nl_route(0xffffffffffffffff, &(0x7f00000002c0)={0x0, 0x0, 0x0}, 0x8040)
openat$kvm(0xffffffffffffff9c, &(0x7f0000000240), 0x0, 0x0)
ioctl$KVM_CREATE_VCPU(0xffffffffffffffff, 0xae41, 0x0)
r3 = socket(0x10, 0x80002, 0x0)
sendmsg$nl_route(r3, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000000040)={&(0x7f0000001440)=ANY=[@ANYBLOB="1c0000005e0021a5553f8c6b23cbff070000e5373526a01edb"], 0x1c}}, 0x0)
recvmmsg$unix(r3, &(0x7f0000002380)=[{{0x0, 0x0, &(0x7f0000001340)=[{&(0x7f00000002c0)=""/4096, 0x1020}], 0x1}}], 0x8, 0x34000, 0x0) (async)
recvmmsg$unix(r3, &(0x7f0000002380)=[{{0x0, 0x0, &(0x7f0000001340)=[{&(0x7f00000002c0)=""/4096, 0x1020}], 0x1}}], 0x8, 0x34000, 0x0)
getsockopt$inet_sctp6_SCTP_PR_ASSOC_STATUS(r2, 0x84, 0x73, &(0x7f0000000040)={<r4=>0x0, 0x8, 0x30, 0x155894c, 0xffffffffffffffff}, &(0x7f0000000080)=0x18)
getsockopt$inet_sctp_SCTP_DEFAULT_SEND_PARAM(r3, 0x84, 0xa, &(0x7f0000000140)={0x5a, 0x6, 0x200, 0x1, 0x6c73, 0x6a8d, 0x5, 0x3, r4}, &(0x7f0000000200)=0x20) (async)
getsockopt$inet_sctp_SCTP_DEFAULT_SEND_PARAM(r3, 0x84, 0xa, &(0x7f0000000140)={0x5a, 0x6, 0x200, 0x1, 0x6c73, 0x6a8d, 0x5, 0x3, r4}, &(0x7f0000000200)=0x20)
openat$binfmt_register(0xffffffffffffff9c, &(0x7f0000000000), 0x1, 0x0)
process_mrelease(0xffffffffffffffff, 0x0)
openat$vmci(0xffffffffffffff9c, &(0x7f0000000740), 0x2, 0x0) (async)
r5 = openat$vmci(0xffffffffffffff9c, &(0x7f0000000740), 0x2, 0x0)
ioctl$IOCTL_VMCI_VERSION2(r5, 0x7a7, &(0x7f0000000100)=0x80000)
ioctl$IOCTL_VMCI_INIT_CONTEXT(r5, 0x7a0, &(0x7f00000002c0)={@host})
ioctl$IOCTL_VMCI_QUEUEPAIR_ALLOC(r5, 0x7a8, &(0x7f00000001c0)={{@host}, @host, 0x0, 0x0, 0x2449})
ioctl$IOCTL_VMCI_QUEUEPAIR_ALLOC(r5, 0x7a8, 0x0)
ioctl$IOCTL_VMCI_VERSION2(r5, 0x7a7, &(0x7f00000000c0)=0xb0000) (async)
ioctl$IOCTL_VMCI_VERSION2(r5, 0x7a7, &(0x7f00000000c0)=0xb0000)

27.785499364s ago: executing program 3 (id=3090):
io_uring_setup(0x74f8, &(0x7f00000005c0)={0x0, 0x1})
r0 = openat$nullb(0xffffffffffffff9c, &(0x7f0000000580), 0x0, 0x0)
r1 = socket$alg(0x26, 0x5, 0x0)
bind$alg(r1, &(0x7f0000000000)={0x26, 'aead\x00', 0x0, 0x0, 'aegis128-generic\x00'}, 0x58)
setsockopt$ALG_SET_KEY(r1, 0x117, 0x1, &(0x7f0000000080)="ab553fec94248c32e27d04000000288a", 0x10)
dup(r0)
r2 = bpf$MAP_CREATE_CONST_STR(0x0, &(0x7f0000000580)=ANY=[@ANYBLOB="0200000004000000080000000100000080"], 0x50)
bpf$MAP_UPDATE_CONST_STR(0x2, &(0x7f00000000c0)={{r2, <r3=>0xffffffffffffffff}, &(0x7f0000000040), &(0x7f0000000080)='%-5lx  \x00'}, 0x20)
r4 = openat$nullb(0xffffffffffffff9c, &(0x7f0000000000), 0xa4242, 0x0)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0x2000007, 0x38011, r4, 0x0)
ioctl$sock_SIOCGIFINDEX_80211(0xffffffffffffffff, 0x8933, 0x0)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000180)=0x1)
sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
r5 = syz_open_dev$MSR(&(0x7f00000001c0), 0x0, 0x0)
read$msr(r5, &(0x7f0000019680)=""/102392, 0x18ff8)
getsockopt$inet_mreqn(0xffffffffffffffff, 0x0, 0x24, 0x0, 0x0)
r6 = openat$userio(0xffffffffffffff9c, &(0x7f0000000000), 0x2002, 0x0)
write$USERIO_CMD_REGISTER(r6, &(0x7f0000000100), 0x2)
r7 = openat$sw_sync_info(0xffffffffffffff9c, &(0x7f0000000200), 0x6100, 0x0)
bpf$PROG_LOAD_XDP(0x5, &(0x7f0000000440)={0xe, 0x4, &(0x7f0000000400)=ANY=[@ANYBLOB], &(0x7f0000000000)='syzkaller\x00', 0x1ff, 0x0, 0x0, 0x40f00, 0x20}, 0x94)
ioctl$SOUND_PCM_READ_CHANNELS(r7, 0x80045006, &(0x7f0000000340))
r8 = openat$sndtimer(0xffffffffffffff9c, &(0x7f0000000100), 0x0)
ioctl$int_in(r8, 0x5452, &(0x7f0000000080)=0x1494)
fcntl$setstatus(r8, 0x4, 0x0)
bpf$BPF_PROG_DETACH(0x8, &(0x7f0000000080)=ANY=[@ANYRES32, @ANYRES32=r5, @ANYRES8=r8], 0x10)
mlock(&(0x7f0000000000/0x800000)=nil, 0x800000)
mbind(&(0x7f0000001000/0x800000)=nil, 0x800000, 0x0, 0x0, 0x0, 0x2)
bpf$BPF_MAP_CONST_STR_FREEZE(0x16, &(0x7f0000000100)={r3}, 0x4)

11.61163599s ago: executing program 34 (id=3090):
io_uring_setup(0x74f8, &(0x7f00000005c0)={0x0, 0x1})
r0 = openat$nullb(0xffffffffffffff9c, &(0x7f0000000580), 0x0, 0x0)
r1 = socket$alg(0x26, 0x5, 0x0)
bind$alg(r1, &(0x7f0000000000)={0x26, 'aead\x00', 0x0, 0x0, 'aegis128-generic\x00'}, 0x58)
setsockopt$ALG_SET_KEY(r1, 0x117, 0x1, &(0x7f0000000080)="ab553fec94248c32e27d04000000288a", 0x10)
dup(r0)
r2 = bpf$MAP_CREATE_CONST_STR(0x0, &(0x7f0000000580)=ANY=[@ANYBLOB="0200000004000000080000000100000080"], 0x50)
bpf$MAP_UPDATE_CONST_STR(0x2, &(0x7f00000000c0)={{r2, <r3=>0xffffffffffffffff}, &(0x7f0000000040), &(0x7f0000000080)='%-5lx  \x00'}, 0x20)
r4 = openat$nullb(0xffffffffffffff9c, &(0x7f0000000000), 0xa4242, 0x0)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0x2000007, 0x38011, r4, 0x0)
ioctl$sock_SIOCGIFINDEX_80211(0xffffffffffffffff, 0x8933, 0x0)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000180)=0x1)
sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
r5 = syz_open_dev$MSR(&(0x7f00000001c0), 0x0, 0x0)
read$msr(r5, &(0x7f0000019680)=""/102392, 0x18ff8)
getsockopt$inet_mreqn(0xffffffffffffffff, 0x0, 0x24, 0x0, 0x0)
r6 = openat$userio(0xffffffffffffff9c, &(0x7f0000000000), 0x2002, 0x0)
write$USERIO_CMD_REGISTER(r6, &(0x7f0000000100), 0x2)
r7 = openat$sw_sync_info(0xffffffffffffff9c, &(0x7f0000000200), 0x6100, 0x0)
bpf$PROG_LOAD_XDP(0x5, &(0x7f0000000440)={0xe, 0x4, &(0x7f0000000400)=ANY=[@ANYBLOB], &(0x7f0000000000)='syzkaller\x00', 0x1ff, 0x0, 0x0, 0x40f00, 0x20}, 0x94)
ioctl$SOUND_PCM_READ_CHANNELS(r7, 0x80045006, &(0x7f0000000340))
r8 = openat$sndtimer(0xffffffffffffff9c, &(0x7f0000000100), 0x0)
ioctl$int_in(r8, 0x5452, &(0x7f0000000080)=0x1494)
fcntl$setstatus(r8, 0x4, 0x0)
bpf$BPF_PROG_DETACH(0x8, &(0x7f0000000080)=ANY=[@ANYRES32, @ANYRES32=r5, @ANYRES8=r8], 0x10)
mlock(&(0x7f0000000000/0x800000)=nil, 0x800000)
mbind(&(0x7f0000001000/0x800000)=nil, 0x800000, 0x0, 0x0, 0x0, 0x2)
bpf$BPF_MAP_CONST_STR_FREEZE(0x16, &(0x7f0000000100)={r3}, 0x4)

9.758086843s ago: executing program 6 (id=3158):
r0 = socket$nl_route(0x10, 0x3, 0x0)
sendmsg$nl_route(r0, &(0x7f0000000380)={0x0, 0x0, &(0x7f00000002c0)={&(0x7f0000000600)=ANY=[@ANYBLOB="6400000010e5360400000000fddbdf2500000000", @ANYRES32=0x0, @ANYBLOB="9b0c0400030500004400128008000100736974003800028005000a000100000006000d000200000008000300ffffffff060008001d00000014000b00fc010000000000000000000000000001"], 0x64}, 0x1, 0x0, 0x0, 0x8851}, 0x40000c8)

9.466351979s ago: executing program 6 (id=3160):
ioctl$DRM_IOCTL_MODE_CREATE_LEASE(0xffffffffffffffff, 0xc01864c6, &(0x7f0000000040)={&(0x7f0000000000)=[0x0, 0x0, 0x0, 0x0, 0x0, 0x0], 0x6, 0x800, 0x0, <r0=>0xffffffffffffffff})
close_range(r0, 0xffffffffffffffff, 0x2)
r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x35)
ioctl$DRM_IOCTL_MODE_GETPLANE(r0, 0xc02064b6, &(0x7f00000000c0)={0x0, <r2=>0x0, 0x0, 0x0, 0x0, 0x5, &(0x7f0000000080)=[0x0, 0x0, 0x0, 0x0, 0x0]})
ioctl$DRM_IOCTL_MODE_SETGAMMA(r0, 0xc02064a5, &(0x7f00000001c0)={r2, 0x3, &(0x7f0000000100)=[0x6, 0x1, 0x1], &(0x7f0000000140)=[0x9, 0x1ff, 0x9], &(0x7f0000000180)=[0x10, 0xe, 0x7, 0x1000]})
ioctl$CEC_RECEIVE(r0, 0xc0386106, &(0x7f0000000200)={0x400, 0x5, 0x100, 0x8, 0x9, 0x1, "3b6593e63106520aec908c4584144dfb", 0x8, 0x3, 0x20, 0x4, 0x10, 0x80, 0x81})
fsetxattr$security_evm(r1, &(0x7f0000000240), &(0x7f0000000280)=@ng={0x4, 0x7, "3ac0d36378e6b34f996fcf61"}, 0xe, 0x0)
sendto$phonet(r0, &(0x7f00000002c0)="fdf8185023fb4bc0179a3dab91346a47f7f06e92acf8f4152371343f5932b74965fa1f8061be78e12a6b4754ab5eaec28535154b9e3fcb9326898383af92a096de8eac8c680ef5a21cd09d5df7b6591cb007844ebd34d5badbb6629915c9fcdb091aec0039ade23f295930ca781b2eae69a3b36723178430b1829c7fcd93d18c88dd", 0x82, 0x4080, &(0x7f0000000380)={0x23, 0x8, 0x3, 0xb4}, 0x10)
ioctl$DRM_IOCTL_DROP_MASTER(r0, 0x641f)
r3 = syz_genetlink_get_family_id$tipc2(&(0x7f0000000400), r0)
sendmsg$TIPC_NL_MEDIA_SET(r0, &(0x7f0000000700)={&(0x7f00000003c0)={0x10, 0x0, 0x0, 0x80000}, 0xc, &(0x7f00000006c0)={&(0x7f0000000440)={0x248, r3, 0x300, 0x70bd28, 0x25dfdbfd, {}, [@TIPC_NLA_BEARER={0x48, 0x1, 0x0, 0x1, [@TIPC_NLA_BEARER_UDP_OPTS={0x44, 0x4, {{0x20, 0x1, @in6={0xa, 0x4e22, 0x3, @rand_addr=' \x01\x00', 0x5}}, {0x20, 0x2, @in6={0xa, 0x4e24, 0x3, @ipv4={'\x00', '\xff\xff', @empty}, 0x8000}}}}]}, @TIPC_NLA_MEDIA={0xf0, 0x5, 0x0, 0x1, [@TIPC_NLA_MEDIA_PROP={0x4c, 0x2, 0x0, 0x1, [@TIPC_NLA_PROP_WIN={0x8, 0x3, 0x6}, @TIPC_NLA_PROP_PRIO={0x8, 0x1, 0x2}, @TIPC_NLA_PROP_MTU={0x8, 0x4, 0x2}, @TIPC_NLA_PROP_TOL={0x8, 0x2, 0x3}, @TIPC_NLA_PROP_MTU={0x8, 0x4, 0x1676}, @TIPC_NLA_PROP_TOL={0x8, 0x2, 0x3}, @TIPC_NLA_PROP_TOL={0x8, 0x2, 0xa}, @TIPC_NLA_PROP_TOL={0x8, 0x2, 0xa}, @TIPC_NLA_PROP_TOL={0x8, 0x2, 0xbd9c}]}, @TIPC_NLA_MEDIA_NAME={0x8, 0x1, 'eth\x00'}, @TIPC_NLA_MEDIA_NAME={0x8, 0x1, 'eth\x00'}, @TIPC_NLA_MEDIA_PROP={0x14, 0x2, 0x0, 0x1, [@TIPC_NLA_PROP_MTU={0x8, 0x4, 0x7fff}, @TIPC_NLA_PROP_MTU={0x8, 0x4, 0x3}]}, @TIPC_NLA_MEDIA_PROP={0x2c, 0x2, 0x0, 0x1, [@TIPC_NLA_PROP_PRIO={0x8, 0x1, 0x5}, @TIPC_NLA_PROP_WIN={0x8, 0x3, 0x7}, @TIPC_NLA_PROP_TOL={0x8, 0x2, 0x1}, @TIPC_NLA_PROP_PRIO={0x8, 0x1, 0xd}, @TIPC_NLA_PROP_TOL={0x8, 0x2, 0x9}]}, @TIPC_NLA_MEDIA_NAME={0x8, 0x1, 'eth\x00'}, @TIPC_NLA_MEDIA_NAME={0x8, 0x1, 'eth\x00'}, @TIPC_NLA_MEDIA_PROP={0x1c, 0x2, 0x0, 0x1, [@TIPC_NLA_PROP_PRIO={0x8, 0x1, 0x10}, @TIPC_NLA_PROP_PRIO={0x8, 0x1, 0x14}, @TIPC_NLA_PROP_MTU={0x8, 0x4, 0x5}]}, @TIPC_NLA_MEDIA_PROP={0x24, 0x2, 0x0, 0x1, [@TIPC_NLA_PROP_WIN={0x8, 0x3, 0xa626}, @TIPC_NLA_PROP_TOL={0x8, 0x2, 0xf5f}, @TIPC_NLA_PROP_MTU={0x8, 0x4, 0xfffffff9}, @TIPC_NLA_PROP_WIN={0x8, 0x3, 0x8}]}]}, @TIPC_NLA_LINK={0xfc, 0x4, 0x0, 0x1, [@TIPC_NLA_LINK_PROP={0x3c, 0x7, 0x0, 0x1, [@TIPC_NLA_PROP_MTU={0x8, 0x4, 0x6}, @TIPC_NLA_PROP_WIN={0x8, 0x3, 0x5}, @TIPC_NLA_PROP_MTU={0x8, 0x4, 0x9}, @TIPC_NLA_PROP_MTU={0x8, 0x4, 0xa}, @TIPC_NLA_PROP_TOL={0x8, 0x2, 0xcb9f}, @TIPC_NLA_PROP_TOL={0x8, 0x2, 0x3}, @TIPC_NLA_PROP_WIN={0x8, 0x3, 0x2}]}, @TIPC_NLA_LINK_PROP={0x1c, 0x7, 0x0, 0x1, [@TIPC_NLA_PROP_WIN={0x8, 0x3, 0xd25}, @TIPC_NLA_PROP_TOL={0x8, 0x2, 0x9}, @TIPC_NLA_PROP_MTU={0x8, 0x4, 0x5}]}, @TIPC_NLA_LINK_PROP={0x44, 0x7, 0x0, 0x1, [@TIPC_NLA_PROP_MTU={0x8, 0x4, 0x6}, @TIPC_NLA_PROP_TOL={0x8, 0x2, 0x2}, @TIPC_NLA_PROP_MTU={0x8, 0x4, 0xfffffff8}, @TIPC_NLA_PROP_WIN={0x8, 0x3, 0xa6a3}, @TIPC_NLA_PROP_PRIO={0x8, 0x1, 0x13}, @TIPC_NLA_PROP_MTU={0x8, 0x4, 0x7fff}, @TIPC_NLA_PROP_MTU={0x8, 0x4, 0xb}, @TIPC_NLA_PROP_PRIO={0x8, 0x1, 0x11}]}, @TIPC_NLA_LINK_PROP={0x44, 0x7, 0x0, 0x1, [@TIPC_NLA_PROP_PRIO={0x8, 0x1, 0x5}, @TIPC_NLA_PROP_TOL={0x8, 0x2, 0xffffffff}, @TIPC_NLA_PROP_WIN={0x8, 0x3, 0x2}, @TIPC_NLA_PROP_TOL={0x8, 0x2, 0xa}, @TIPC_NLA_PROP_TOL={0x8, 0x2, 0x7f}, @TIPC_NLA_PROP_WIN={0x8, 0x3, 0x4}, @TIPC_NLA_PROP_PRIO={0x8, 0x1, 0x19}, @TIPC_NLA_PROP_PRIO={0x8, 0x1, 0x12}]}, @TIPC_NLA_LINK_NAME={0x9, 0x1, 'syz1\x00'}, @TIPC_NLA_LINK_NAME={0x9, 0x1, 'syz1\x00'}]}]}, 0x248}, 0x1, 0x0, 0x0, 0x40000}, 0x48084)
ioctl$SNDRV_RAWMIDI_IOCTL_STATUS64(r0, 0xc0385720, &(0x7f0000000740))
bpf$BPF_GET_BTF_INFO(0xf, &(0x7f0000000880)={0xffffffffffffffff, 0x20, &(0x7f0000000840)={&(0x7f0000000780)=""/28, 0x1c, 0x0, &(0x7f00000007c0)=""/81, 0x51}}, 0x10)
r4 = syz_genetlink_get_family_id$nl80211(&(0x7f0000000900), r0)
sendmsg$NL80211_CMD_TDLS_OPER(r0, &(0x7f0000000a00)={&(0x7f00000008c0)={0x10, 0x0, 0x0, 0x8004}, 0xc, &(0x7f00000009c0)={&(0x7f0000000940)={0x60, r4, 0x100, 0x70bd27, 0x7, {{}, {@val={0x8}, @void}}, [@NL80211_ATTR_TDLS_OPERATION={0x5, 0x8a, 0x2}, @NL80211_ATTR_MAC={0xa}, @NL80211_ATTR_TDLS_OPERATION={0x5, 0x8a, 0x2}, @NL80211_ATTR_TDLS_OPERATION={0x5, 0x8a, 0x4}, @NL80211_ATTR_MAC={0xa}, @NL80211_ATTR_TDLS_OPERATION={0x5, 0x8a, 0x1}, @NL80211_ATTR_MAC={0xa, 0x6, @device_b}]}, 0x60}, 0x1, 0x0, 0x0, 0x20001000}, 0x41)
ioctl$sock_FIOGETOWN(r0, 0x8903, &(0x7f0000000a40)=<r5=>0x0)
sched_setscheduler(r5, 0x5, &(0x7f0000000a80)=0xfff)
ioctl$SOUND_MIXER_READ_RECSRC(r0, 0x80044dff, &(0x7f0000000ac0))
r6 = accept4$vsock_stream(r0, &(0x7f0000000b00)={0x28, 0x0, 0x2710, @host}, 0x10, 0x800)
pwrite64(r6, &(0x7f0000000b40)="06472dc3bb3cb7e5c3aaf25e8b7f33097ea8e6e4aec7d2f999633c9b3cc040dc5589cb4e919b57eba1c538fd577bf80de187e4a11c6c9a5bdf5ac5688cbd29c63a1766f170b85ac19e286c118e015adbbbd919fb782b4c7139cdfeb3683abd207bae7453b362e3fcb5c5d553937666597c77aa0a1f06694c993363fe67aee61e32bcf7f5c8e86c7786671697c4bb63579b422775cbdad83a49b756664d3e9993bd84c411f4a83d3284d3a62941a5298be6c718816390e5cd1d0833eccd48795f86f7d77c229fbd62592eaef7a3ebe40264b44fdda4", 0xd5, 0xf)
ioctl$SNDCTL_DSP_GETISPACE(r0, 0x8010500d, &(0x7f0000000c40))
connect$phonet_pipe(r0, &(0x7f0000000c80)={0x23, 0x3, 0x78, 0x6}, 0x10)
write$P9_RLINK(r0, &(0x7f0000000cc0)={0x7, 0x47, 0x1}, 0x7)
ioctl$AUTOFS_DEV_IOCTL_REQUESTER(r0, 0xc018937b, &(0x7f0000000d80)={{0x1, 0x1, 0x18, <r7=>r1, {<r8=>0xee00}}, './file0\x00'})
lstat(&(0x7f0000000dc0)='./file0\x00', &(0x7f0000000e00)={0x0, 0x0, 0x0, 0x0, <r9=>0x0})
fstat(r6, &(0x7f0000000e80)={0x0, 0x0, 0x0, 0x0, <r10=>0x0})
mount$fuse(0x0, &(0x7f0000000d00)='./file0\x00', &(0x7f0000000d40), 0x1082, &(0x7f0000000f00)={{'fd', 0x3d, r0}, 0x2c, {'rootmode', 0x3d, 0x1000}, 0x2c, {'user_id', 0x3d, r8}, 0x2c, {'group_id', 0x3d, 0xee00}, 0x2c, {[{@blksize={'blksize', 0x3d, 0x800}}, {@default_permissions}, {@max_read={'max_read', 0x3d, 0x4}}, {@default_permissions}], [{@dont_measure}, {@smackfstransmute={'smackfstransmute', 0x3d, '-!**/'}}, {@rootcontext={'rootcontext', 0x3d, 'sysadm_u'}}, {@obj_user={'obj_user', 0x3d, 'TIPCv2\x00'}}, {@measure}, {@fowner_gt={'fowner>', r9}}, {@obj_type={'obj_type', 0x3d, 'TIPCv2\x00'}}, {@euid_lt={'euid<', r10}}]}})
sendmsg$nl_route_sched(r7, &(0x7f0000001140)={&(0x7f0000001080)={0x10, 0x0, 0x0, 0x1}, 0xc, &(0x7f0000001100)={&(0x7f00000010c0)=@gettclass={0x24, 0x2a, 0x800, 0x70bd25, 0x25dfdbfd, {0x0, 0x0, 0x0, 0x0, {0x7, 0xf}, {0x5, 0xb}, {0x8, 0x9}}, ["", "", "", "", "", "", ""]}, 0x24}, 0x1, 0x0, 0x0, 0x40000014}, 0x40001)
ioctl$PPPIOCGMRU(r7, 0x80047453, &(0x7f0000001180))
ioctl$KVM_SET_CPUID2(r0, 0x4008ae90, &(0x7f00000011c0)={0x3, 0x0, [{0x7, 0x8, 0x4, 0x5, 0x280, 0x17d, 0x1}, {0x80000019, 0x0, 0x6, 0x5, 0x80, 0xbf9000, 0xfff}, {0x80000019, 0x9, 0x2, 0x3, 0x22e84563, 0x9, 0x1}]})

9.400656687s ago: executing program 6 (id=3161):
r0 = socket$inet6_sctp(0xa, 0x1, 0x84)
setsockopt$inet_sctp6_SCTP_PEER_ADDR_PARAMS(r0, 0x84, 0x9, &(0x7f0000000140)={0x0, @in={{0x2, 0x4e24, @empty}}, 0x4fd, 0x4, 0x3f8, 0x0, 0x32}, 0x9c)
bind$inet6(r0, &(0x7f00004b8fe4)={0xa, 0x4e23, 0x0, @loopback}, 0x1c)
sendto$inet6(r0, &(0x7f00000002c0)='X', 0x1, 0x0, &(0x7f000005ffe4)={0xa, 0x4e23, 0x0, @loopback}, 0x1c)
r1 = openat$fuse(0xffffffffffffff9c, &(0x7f0000000000), 0x2, 0x0)
read$FUSE(0xffffffffffffffff, &(0x7f0000000f40)={0x2020, 0x0, <r2=>0x0}, 0x2020)
write$FUSE_IOCTL(r1, &(0x7f0000000080)={0x20, 0x0, r2, {0x80000001, 0x4, 0xe5b, 0x588a}}, 0x20)
bpf$PROG_LOAD(0x5, &(0x7f0000000600)={0x3, 0xb, &(0x7f0000000180)=ANY=[@ANYBLOB="1800010000202070259a0474e1002020207b1af8ff5dfacc47bfa100000000000007010000fffdffffb7020000080095000000000000000400"], &(0x7f0000000200)='GPL\x00', 0xe, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @sched_cls=0x7b, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
sendmmsg$inet6(r0, &(0x7f0000004900)=[{{0x0, 0x0, &(0x7f0000000040)=[{&(0x7f0000000240)="af", 0x1}], 0x1}}, {{0x0, 0x0, &(0x7f0000000480)=[{&(0x7f0000000b80)="bda033176eb146b36ef41f221a4e7ce4a02598d750606488520915c6806affc0a913781c7211ce1fcd59a12b5d5afdaf9d723f092ce9d1eed16e208f2e79831ca049e8979ad94621175c2c48c10e33b29f2def51498743b057efc21efe4be4d9f02e9d236f27190c29c5da0f3799452f5e3640340502fde4ae8c56b303e1b79b3d1842bf6277771bef544c745e7a80c9e7efdd1c619f69b9d01839aa326776d335689e4db7cb7e32fad8f4c40e943b43eb4ea173d720bf5998149625a731643636c8ddbe61e1d7d4736f8414a84acc40557012c82697d8a59c873424aefb3c7ff0dba302efaaf887a477b1ab7ea6c1def9db3514e444c1ef36c6cf42cde90d4bbb2e923a5d16a1bb191ad91cab867cd55037d507a12803f3df1b81f1857fad085dbc5c46aac14230d7a4f8b36d6bc63b4a16cd309b7697b421a662b83001b5ce5ab3ff80800243107df7aa6cae9a5db6a8f2a53ef7d6c6aeac76b83a15466c74a9cdbcde8505e3d14c0c3a47a36bf464168202dc88e25f4c1da57faf0eaa7ff16bdd751c2ae5778e169c8ffba57c9a20e24ad51e6e8e02b721e8ca94f131cc98e03b34b615a1db4080362de4ef215d5a0541aeb0c742a2636ac5af8538ceb3585ef9dca8037df55baa072096073b005b53eff0b899de59bc2b5d687d109520571eeacb30124c4012fe6cb9e3bf451be3d219206ddc35099101533cff5aee6c4783e00e6dd391f664052a6c66c62f62a49fde8fbe336543bf99b55e53b801e54c1d0a292da83db26a8a870ac1d8751c4bc0d495277295cd3a17f9e9a25d70214a17b981b62d5c75356ed025df3557a8b59648edd9d1dbdf169d91f9d85cfac11a57db0a14f03e8934a2cc98d389912a0d9942a40c3ee98d35da61d3bab1a32c9d788e9f74ee57012ca5bfd0dc090b591c64aae6a205fbd349fc372bbd7429983a69cae26ff8b5b019144d318ba225e46bc6cf8d7d3e5952333042542b2fd4fb4d88a3651dd8e14ecc2845d4e71f7dfd128e9e2ee2ab0062a3e701bb2477bfd73d7396ae522f11fa481078d1c7f7905e0846fb072dcf7c06102b3816ec4a3518514c7166d7385b680469f5184a93953258952554e68d93ea8f789c4f13982b65996d7d9cf19f0b39b72e1dc9079d84413bbc30d24fc481e24ef1beacb8bc15f50c2663d684d16a1c71b2c8a568481f4f1b254ccd66fbef4cacfc3e13f2c943a264e429824bef7297f93076aea55ed9cf12512ce3ac3df331695024bd1e53369a87caf6894fce811a64dad315402678de", 0x38f}, {&(0x7f00000003c0)="439e9c06fc666cabc8569d63a866b31ff3ceda1e28f23f", 0x17}], 0x2}}], 0x2, 0x0)

9.352537632s ago: executing program 5 (id=3162):
r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000240), 0x0, 0x0)
ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) (async)
r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0)
ioctl$KVM_CAP_DIRTY_LOG_RING(r1, 0x4068aea3, &(0x7f0000000080)={0xc0, 0x0, 0x12000})
r2 = eventfd2(0x0, 0x80800)
ioctl$KVM_IOEVENTFD(r1, 0x4040ae79, &(0x7f0000000040)={0x8181, 0x0, 0x1, r2, 0x7})
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0)
sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x7) (async)
sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x7)
bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f00000004c0)={0x11, 0x4, &(0x7f00000002c0)=ANY=[@ANYBLOB="18010000000000000000000000000000850000006d00000095"], &(0x7f00000000c0)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x2}, 0x94) (async)
r3 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f00000004c0)={0x11, 0x4, &(0x7f00000002c0)=ANY=[@ANYBLOB="18010000000000000000000000000000850000006d00000095"], &(0x7f00000000c0)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x2}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000080)={&(0x7f0000000000)='sched_switch\x00', r3}, 0x10)
r4 = getpid()
sched_setscheduler(r4, 0x0, &(0x7f0000000200)=0x6) (async)
sched_setscheduler(r4, 0x0, &(0x7f0000000200)=0x6)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f00000001c0)) (async)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f00000001c0)={<r5=>0xffffffffffffffff, <r6=>0xffffffffffffffff})
connect$unix(r5, &(0x7f000057eff8)=@file={0x1, './file0\x00'}, 0x6e)
sendmmsg$unix(r6, &(0x7f0000000000), 0x651, 0x0)
recvmmsg(0xffffffffffffffff, &(0x7f00000000c0), 0x0, 0x2, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000240)=0x6)
syz_open_dev$vbi(&(0x7f0000000040), 0x2, 0x2) (async)
r7 = syz_open_dev$vbi(&(0x7f0000000040), 0x2, 0x2)
ioctl$VIDIOC_SUBSCRIBE_EVENT(r7, 0x4020565a, &(0x7f0000000180)={0x5, 0x98f904, 0x1})
ptrace$ARCH_SHSTK_ENABLE(0x1e, r4, 0x0, 0x5001)
socket$kcm(0x10, 0x2, 0x0) (async)
socket$kcm(0x10, 0x2, 0x0)
mincore(&(0x7f0000184000/0x2000)=nil, 0x2000, 0x0)
ioctl$TCFLSH(0xffffffffffffffff, 0x400455c8, 0x2)
bind$bt_hci(0xffffffffffffffff, 0x0, 0x0)
syz_open_procfs(0xffffffffffffffff, &(0x7f0000000000)='status\x00') (async)
r8 = syz_open_procfs(0xffffffffffffffff, &(0x7f0000000000)='status\x00')
lseek(r8, 0x10000000007, 0x0)
r9 = socket$inet6_sctp(0xa, 0x801, 0x84)
connect$inet6(r9, &(0x7f0000000100)={0xa, 0x0, 0x0, @private1, 0x200000}, 0x1c) (async)
connect$inet6(r9, &(0x7f0000000100)={0xa, 0x0, 0x0, @private1, 0x200000}, 0x1c)
sendto$inet6(r9, &(0x7f00000001c0), 0x0, 0x80, &(0x7f0000000280)={0xa, 0x0, 0xfffffffd, @private2}, 0x1c)
ioctl$BTRFS_IOC_SPACE_INFO(r3, 0xc0109414, &(0x7f0000000d80)={0x0, 0x6}) (async)
ioctl$BTRFS_IOC_SPACE_INFO(r3, 0xc0109414, &(0x7f0000000d80)={0x0, 0x6})

9.004452004s ago: executing program 6 (id=3163):
r0 = syz_usb_connect$hid(0x2, 0x36, &(0x7f0000000040)=ANY=[@ANYBLOB="63010000000000100513083088000000000109e70224000100000000090400000103000000092105000001220500090581030002000000"], 0x0)
syz_usb_control_io(r0, 0x0, 0x0)
mkdirat(0xffffffffffffff9c, &(0x7f0000000040)='./file0\x00', 0x1c0)
syz_usb_connect(0x0, 0x6a8, &(0x7f0000000480)={{0x12, 0x1, 0x201, 0x6d, 0x42, 0x7, 0x8, 0x4bb, 0x93a, 0x945e, 0x1, 0x2, 0x3, 0x1, [{{0x9, 0x2, 0x696, 0x3, 0x47, 0x9, 0x40, 0x9, [{{0x9, 0x4, 0x19, 0xe8, 0x1, 0xa5, 0xa6, 0xe, 0x8, [@generic={0x59, 0x22, "9142c51cd3b2c823070eb5656cc8b529460c6fbec30c92cca9c503fd4fbce01bfc39938971b1954fa9aa3eab1d3ef7fca2df0c7db24ed8be5dc4c013cf734f81d034500b3d34b3fb6ec99c43b68cc15dee4b27b83146a6"}, @cdc_ncm={{0xa, 0x24, 0x6, 0x0, 0x1, "1eec7a5390"}, {0x5, 0x24, 0x0, 0x9682}, {0xd, 0x24, 0xf, 0x1, 0x41c, 0x2, 0x3, 0x1}, {0x6, 0x24, 0x1a, 0x3}, [@acm={0x4, 0x24, 0x2, 0x2}, @mdlm={0x15, 0x24, 0x12, 0xcf20}, @acm={0x4, 0x24, 0x2, 0xd}, @dmm={0x7, 0x24, 0x14, 0x6, 0xdeec}, @acm={0x4, 0x24, 0x2, 0xc}]}], [{{0x9, 0x5, 0x1, 0x10, 0x20, 0x1, 0xdf, 0xb7}}]}}, {{0x9, 0x4, 0xb8, 0x1, 0x6, 0x26, 0xf2, 0x90, 0x6, [], [{{0x9, 0x5, 0x7, 0x10, 0x8, 0x99, 0xc, 0x0, [@uac_iso={0x7, 0x25, 0x1, 0x2, 0x4, 0x4}]}}, {{0x9, 0x5, 0xa, 0x10, 0x8, 0x9, 0x5, 0xc, [@generic={0x101, 0xc, "b4215c93cc737547e34425ffe20de5ac2fb0fd0e79655e0fbaa4e46f989d345fbf6c7f9cf3e107b9cec2e76c3483d97baf52f3fc17f2fa85ed6b6b2b4c60c555746c3adccb456bbe2244bc6ae557a9edea7d5305cf3fb21e2e60110b935cb619c717ec18c1390f9f3ce64f348f8c638778feabe4734399102e35db83cb5b8be8147cdd6bc82d54ea0ba1c8019d9a66fdcb57f382d186f9eb51172936fd966644546c7078447cfc5a270a1dc8e9f3f704d4e9b59fe17006e5cf696eefea32a315681ead6b956023515da7fd5f8d5724fbc757e0e9868147c35fd37f49c3e8f99a651944e50fc8326f430fc0ea253a160ad6793f2adb161cf8a4176eec7923f9"}]}}, {{0x9, 0x5, 0x0, 0x0, 0x420, 0xb0, 0x7, 0xd}}, {{0x9, 0x5, 0x5, 0x10, 0x0, 0x6, 0x7, 0x16}}, {{0x9, 0x5, 0xd, 0x0, 0x400, 0xab, 0x3e, 0xf7, [@uac_iso={0x7, 0x25, 0x1, 0x82, 0x5, 0x7}]}}, {{0x9, 0x5, 0x5, 0x10, 0x420, 0x0, 0x3, 0x1, [@uac_iso={0x7, 0x25, 0x1, 0x80, 0x7, 0x9}, @generic={0xf0, 0xf, "1e3c66ab5cc123cc4fe871aaca701cf6824c14b1a393c4c590cd831f902a779349553ca5a64173ce82b44b4dd6909bac8e50345c8bba8a6f68db8dd98784bd0523634b8b86909842eebcf83fb986d38320c2638b32e600b731e38cdf5fb6e61e592c83ebf7069de1005f605d7af5e6498894b53b8ca1a80ff583d50a436f567fa1031c6e7f01ad7b5fe2ea891dbf6b66c96495be809d4d4c969f698145c648a542f50ec6120521d43980cc03934bcfbfad1c6ca986addaafde1d05a41fed39c498a51c7a8d55c7ec2f6f3133387c6575865ad27bef04ad4c42b35f6e0769de94f4970cea8f8414698fad11f61260"}]}}]}}, {{0x9, 0x4, 0x59, 0xff, 0xf, 0xff, 0x5d, 0x81, 0x0, [@uac_as={[@format_type_i_continuous={0xa, 0x24, 0x2, 0x1, 0x20, 0x1, 0x0, 0x6, "", "05f2"}, @format_type_i_discrete={0x8, 0x24, 0x2, 0x1, 0x80, 0x3, 0x40, 0x1}]}, @hid_hid={0x9, 0x21, 0x6, 0x2, 0x1, {0x22, 0xb44}}], [{{0x9, 0x5, 0x3a5691d4632939d9, 0x10, 0x10, 0x28, 0x6, 0x7}}, {{0x9, 0x5, 0x6, 0x0, 0x8, 0x8, 0x7}}, {{0x9, 0x5, 0x2, 0x8, 0x40, 0x7, 0x4, 0x4}}, {{0x9, 0x5, 0xf, 0x0, 0x400, 0x96, 0x5, 0x3, [@uac_iso={0x7, 0x25, 0x1, 0x2, 0x1, 0xd7a4}]}}, {{0x9, 0x5, 0xb, 0x4, 0x8, 0x0, 0x8, 0x2}}, {{0x9, 0x5, 0x9, 0xc, 0x3ff, 0x7d, 0x9, 0x5}}, {{0x9, 0x5, 0xf, 0x8, 0x200, 0xb4, 0x0, 0x80, [@generic={0xe1, 0x3, "4b227223b749c173704fbf1a10be64e2f0ba7f841b809dd72c2f20b32e64428c0472e158f2fb89d80bedbc01757ab592a8064ab7f8c598a84e9acbf218df82f7a00d5bcef00d652c89d34f9816aa4878f6be0fb02b09d6ebe2bf166f597ffb78ebe547af04b169209ad9d05d20c3f329bc76cd891b540535878850ff437ceb704c58eb932f7c6590a44f46dc4cfdd0aef10c8bf08507789d4fe7985e30997d57acfbd9480414e67e5d010df92f5def90f7f0258706135ce49bf66521a09603cffc4da90894f93e3e861e3d6b82942da74068db45fafe0f9c4fbc2a2790e70e"}, @uac_iso={0x7, 0x25, 0x1, 0x3, 0x0, 0x800}]}}, {{0x9, 0x5, 0x5, 0xc, 0x200, 0x7, 0x7, 0x80}}, {{0x9, 0x5, 0xe, 0x0, 0x3ff, 0x8, 0x1, 0x7f, [@uac_iso={0x7, 0x25, 0x1, 0x1, 0x3, 0xfff}]}}, {{0x9, 0x5, 0xc, 0x3, 0x3ff, 0x2e, 0x4, 0x7}}, {{0x9, 0x5, 0x4, 0x0, 0x400, 0x7, 0x4, 0x1, [@generic={0x42, 0x4, "2b763c760e68a81c9be71e4d4e49d3b5e07b2213a71912b3c6244cf8a814eb97af244b273c91b5fd6da1cd93d5c53e1dbd94fde15e62171a20a984b175b9d84c"}, @generic={0x30, 0x24, "0db9458e33954fed845d3bd2024d64632eeead0668fc372946cdd0dff8747ed33f48093f1b45cdcedf65defcd737"}]}}, {{0x9, 0x5, 0x5, 0x3, 0x3ff, 0x9, 0x11, 0x3, [@generic={0xac, 0x0, "b316f67ad060ab86ecb8837f836301339eb17a88f69dc80081f1cce97177e1e88716c568835ee5d03555989f87bd6df8f297c1f7f96ab11e3b421ff4d5bc3ff10378f37f2d22e3b48939b0871b4b76abc92613bd012cc6b196e9ad92cb1a2b7a82a787619ab83e9960187048c226caaf7736c3ef8019736223a939db6900e2b74033462f97430c5983e0e9510df5662f820d451fc4e48e5c9b9b618d6bc21661121e3094f6504c92c739"}, @uac_iso={0x7, 0x25, 0x1, 0x80, 0x2c, 0x10}]}}, {{0x9, 0x5, 0x1, 0x0, 0x3ff, 0xe9, 0x7f, 0x7}}, {{0x9, 0x5, 0xa, 0x2, 0x400, 0x80, 0x36, 0x0, [@uac_iso={0x7, 0x25, 0x1, 0x3, 0x1, 0x57}, @uac_iso={0x7, 0x25, 0x1, 0x83, 0x9, 0x3}]}}, {{0x9, 0x5, 0xa, 0x4, 0x30, 0x2, 0x6, 0x4, [@generic={0xbf, 0x23, "59a80f768ebf4679264980d438d5e31c1273785ca49b4f7067e0b529bbe27e2d31fe38560b85cb9cea4aec5c7e7858cb472a896d240898980b5edefd836c749522860fa48e70ca2943476fbe2540cc46f96c3d7852e9c917ed049784e716fbfb5387d0e1b835553d8b4381077c57d83e52f401bb969f7cf2349eace7e0c0141a9efa85a47a82f0dff2f8ee18d1310d5f762928e9d2d42024afe7bd8add0e979ba3dada86eca286b9dea050ee04065fc4d8814916c6853135d4eb6a03f2"}]}}]}}]}}]}}, &(0x7f0000000b40)={0xa, &(0x7f0000000000)={0xa, 0x6, 0x0, 0x6, 0x10, 0x0, 0x8, 0x8}, 0x3e, &(0x7f0000000080)={0x5, 0xf, 0x3e, 0x4, [@ssp_cap={0x20, 0x10, 0xa, 0x10, 0x5, 0x3, 0xf000, 0x1, [0xf, 0xff00c0, 0xc000, 0xffc0cf, 0xc0c0]}, @wireless={0xb, 0x10, 0x1, 0x0, 0x95, 0x3, 0x2, 0x9}, @wireless={0xb, 0x10, 0x1, 0xc, 0x5, 0x0, 0x7, 0x4611, 0x1}, @ptm_cap={0x3}]}, 0x7, [{0x15, &(0x7f00000000c0)=@string={0x15, 0x3, "07a5a4a3763996e731e545074104161facc882"}}, {0x4, &(0x7f00000001c0)=@lang_id={0x4, 0x3, 0x80c}}, {0x43, &(0x7f0000000240)=@string={0x43, 0x3, "455b20d20c66400f569accc286ad9ffefe5b78f8869ee618f5d5ec9fa71b1a977f326ff7b6d01886d301c2689cdd327d7fc32a2af0cd07da694a1aa50411fb166d"}}, {0x4, &(0x7f00000002c0)=@lang_id={0x4, 0x3, 0x455}}, {0x4, &(0x7f0000000340)=@lang_id={0x4, 0x3, 0x4c0a}}, {0x4, &(0x7f0000000380)=@lang_id={0x4, 0x3, 0x480a}}, {0x4, &(0x7f0000000400)=@lang_id={0x4, 0x3, 0x180a}}]})
mount$afs(0x0, &(0x7f0000002840)='./file0\x00', &(0x7f0000002880), 0x700, &(0x7f0000000200)=ANY=[@ANYBLOB='dyn'])
mount$bind(&(0x7f0000000300)='./file0\x00', &(0x7f0000000140)='./file0/file0\x00', 0x0, 0x1805406, 0x0)
syz_emit_ethernet(0x4e, &(0x7f00000020c0)=ANY=[@ANYBLOB="aaaaaaaaaaaaaaaaaaaaaa3986dd6c370c8900182b01fec00000000000000000000000000025fe8000000000000000000000000000aaff"], 0x0)
mount$9p_unix(&(0x7f0000000440)='./file0/file0/file0\x00', &(0x7f0000000180)='./file0/file0\x00', 0x0, 0x121f408, 0x0)
syz_usb_control_io(r0, &(0x7f00000003c0)={0x2c, &(0x7f0000000100)=ANY=[@ANYBLOB='\x00\x00\b'], 0x0, 0x0, 0x0, 0x0}, 0x0)

8.567256849s ago: executing program 4 (id=3165):
syz_init_net_socket$nl_rdma(0x10, 0x3, 0x10)
ioctl$TIOCSETD(0xffffffffffffffff, 0x5423, 0x0)
ioctl$TCFLSH(0xffffffffffffffff, 0x540b, 0x0)
r0 = socket$nl_route(0x10, 0x3, 0x0)
r1 = socket$packet(0x11, 0x2, 0x300)
ioctl$ifreq_SIOCGIFINDEX_vcan(0xffffffffffffffff, 0x8933, &(0x7f0000000100)={'vcan0\x00', <r2=>0x0})
r3 = socket(0x1, 0x803, 0x0)
getsockname$packet(r3, &(0x7f0000000100)={0x11, 0x0, <r4=>0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000080))
r5 = socket(0x9, 0x3, 0x0)
sendmsg$nl_route(r5, &(0x7f0000000140)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000480)=ANY=[@ANYBLOB="500000001000010400"/20, @ANYRES32=0x0, @ANYBLOB="7fff0000000000002800128009000100766c616e000000001800028006000100340200000c0002001f0000001e00000008000500", @ANYRES32=r4], 0x50}}, 0x0)
sendmmsg$inet6(r5, &(0x7f0000000c40)=[{{&(0x7f0000000040)={0xa, 0x4e21, 0x0, @remote, 0x5}, 0x1c, &(0x7f00000000c0)=[{&(0x7f0000000300)="362c85eddcf4076ccf136715df3254d5006d665e79a2809fcfd60be39c15487ead98d33208373380edd2f47ac13e22a678afc182c5a798fd64051fe5380e9fcff24f32b6d48314d9276c8e8db68e1bad5ca24c443f1f138d5f8f754988ffd734c8ce8d2db9cf7efb84fab087cad28c2cef907afe8cb0bebaac6aa0cd0cb8f2f90119543a177d6d879a2527ab8e940ec645b6751fc48e9fc9b439a65b2114c3c46d5a9b5c14bdf9ba1fe15e592bf03965084b2296ab0df387a1b13662e8d488d77408738f63731bf60fc4223515f516c5957fca6570e23b2ec053b88383154c035754fb", 0xe3}, {&(0x7f0000000500)="a212b41e8da085dc09ebb1246e5345e815513b679d8a83bd36723a932383cb4255f9a2c5255a29ef5d523f313bedb157fbea3a93d6221f8bcdab6bd56fc8903590c06796628b1f506e8fd7533d729d8f5a14444f42416fd10d52910c42ee3cf9f2639337bd54a0c30b2739e82931b0d00a3e1c45557082155709f4fbcb4f5cd78686ebd186fc384820cd9f0696be0eddbadcad6326424ffc3f8fa67eae5c024436b85fdc62dce6f487353bad6b007d8864550c95a22fa62304bf8bfb", 0xbc}, {&(0x7f00000005c0)="4afec6b2f19099d48dfe57c03eee22933af008d059a7e53d88121473c613d0adc33977807628cc407df25daf97b13a8cd4476e43267589b7cb84d938a5f7f353137886402c8de26fc188020a48a8abb06fff75276cfd9f24746077fd6aab531d780be0ff8dbbeaf758cab15a055d8e2bae561351d62d3541c2965e6598dfe6d4bff68716ac0f06559df6630471b2811d7bc491c085057ab0fc59a74e82d4b1039f75663e420bf96d9d740a3807a0e750f091c7da5c392000cba74154bed60625b7", 0xc1}, {&(0x7f0000000180)="845a34a3d6eb57765b5944f1dc77555df6b5231281c7cd6572389ff6415ea7aea1dee78071a3b83e670073039a419abd7fc29beb85c37a856e643f8391618cc19b2359bdc2d16161d73f9127d4d85d56273a", 0x52}], 0x4, &(0x7f00000006c0)=[@rthdr_2292={{0x58, 0x29, 0x39, {0x6, 0x8, 0x1, 0x1, 0x0, [@local, @remote, @remote, @dev={0xfe, 0x80, '\x00', 0x34}]}}}, @hoplimit_2292={{0x14, 0x29, 0x8, 0xfff}}, @rthdrdstopts={{0x50, 0x29, 0x37, {0x16, 0x7, '\x00', [@padn={0x1, 0x5, [0x0, 0x0, 0x0, 0x0, 0x0]}, @hao={0xc9, 0x10, @remote}, @pad1, @padn={0x1, 0x5, [0x0, 0x0, 0x0, 0x0, 0x0]}, @calipso={0x7, 0x10, {0x2, 0x2, 0x7, 0x40, [0x7fffffffffffffff]}}, @pad1]}}}, @dontfrag={{0x14, 0x29, 0x3e, 0x8}}, @hopopts={{0x70, 0x29, 0x36, {0x2c, 0xa, '\x00', [@hao={0xc9, 0x10, @loopback}, @enc_lim={0x4, 0x1, 0x6}, @pad1, @padn={0x1, 0x5, [0x0, 0x0, 0x0, 0x0, 0x0]}, @calipso={0x7, 0x28, {0x3, 0x8, 0xf8, 0xec, [0x8, 0x7, 0xa44, 0x5]}}, @enc_lim={0x4, 0x1, 0xb}, @pad1, @padn={0x1, 0x1, [0x0]}]}}}, @rthdr={{0x28, 0x29, 0x39, {0xc48538ce0ef24d5d, 0x2, 0x1, 0x7, 0x0, [@initdev={0xfe, 0x88, '\x00', 0x0, 0x0}]}}}], 0x170}}, {{0x0, 0x0, &(0x7f0000000b80)=[{&(0x7f0000000840)="7a819ddfecbf82d57480109f20a3e5d62e5056a3f7f1e34db98ec434c481563c6df6fdd5d17ad4625ff6adfc62ae9f14108dcf7ed1170ba56f14cbc65c2d269b69ae5bc32fdc247260b97860ccbb0c7a85adeee3d829c3306ef7595b805349c7e4b623ddc244fd29290b69b2a2e2034f501d4f6877369a782722861cc5e1b7860780b98f1e4f815b3cf58945344cc838f859b2fa77fe6a04b1a3714c2fd6f0ad1a9a887f22b9023121b1dddfd66a0821954ab5e88d4dfdc30eaf31c0d1d623516341962ee368b19f54a4a4ab9560abf2903d35b5e6adee4a00b731e5757710f392a5f8f13e89c7c4e7", 0xe9}, {&(0x7f0000000400)="b5fbeab61a80b93b0aba35f826a6bc847f5275804654a8b8247c2ffb17b6d386c7df6741653f135e64f23a33d2cd275f21f554e876a4b795e503eb50eb2d98fc3c6568a62dffbdd8310b9ad42e063801ba38b4c5cc4e6721022b4bae7c5a6c4121b6721778e003b8bae5", 0x6a}, {&(0x7f0000000940)="2886ded3055b02bbe4549d85b71044a211af98c381c74c612651e15c84dfe8afec85ee20062287e1b1a911039a90573af883e7f40472de5bdfde0fb758681a07febcaf939ff3ba4b2ecdb67b586f22ce66a5163af5767119978069a066ee866498a553e2a933c11bf12c49535e511b8aa07ac16e9692a543406e55166b17a8d1da9a02513b1e149cba5c8c3bacd67fa7da20f40675ce710492528a272e2d864417c00e374bbcedfdbfe692af16fe6050aed29ab47da13e90340b838654104a9db8038b870901a501f2b8c4ac8a7d91eebad8f31cf70fee0067548571b192a1f4fadd3658c7d1914c17334ad9e86faa324cedab90", 0xf4}, {&(0x7f0000000a40)="e66ec6d44aa8a50b1ffeb0992745a0ec9915", 0x12}, {&(0x7f0000000a80)="3dba74b604c7a681b8dc8a5312874b8f6804cad26646741919be35435ffb235c30e73edf5ce9e89cbf1b3214b12f7a280f40ff6c05bfe0151aa0dc8db6a20eebdbcbc9d37f5f886b9f1979673a12a6df3e88de1a28c2256983bc5a283d7443ad9e901792cd4b4835e6f983de6a59a480eed7793e10bd3f", 0x77}, {&(0x7f0000000b00)="9925fcd08da597c7539e5b20ce4e1974176e4fb4d48aa6b08722182650", 0x1d}, {&(0x7f0000000b40)="e80c8c11754429604f3821f69778406d5237b3a873e0adda0d10826ea470d7ce057f27", 0x23}], 0x7, &(0x7f0000000c00)=[@dstopts_2292={{0x40, 0x29, 0x4, {0x62, 0x4, '\x00', [@jumbo={0xc2, 0x4, 0xd73}, @pad1, @padn={0x1, 0x6, [0x0, 0x0, 0x0, 0x0, 0x0, 0x0]}, @hao={0xc9, 0x10, @private2={0xfc, 0x2, '\x00', 0x1}}]}}}], 0x40}}], 0x2, 0x4000)
socket$phonet_pipe(0x23, 0x5, 0x2)
r6 = socket(0x1, 0x803, 0x0)
r7 = socket$inet6_icmp_raw(0xa, 0x3, 0x3a)
setsockopt$inet6_int(r7, 0x29, 0x19, &(0x7f0000000400)=0xa4, 0x4)
syz_emit_ethernet(0x6e, &(0x7f0000000440)={@multicast, @dev, @void, {@ipv6={0x86dd, @icmpv6={0x0, 0x6, '\x00', 0x38, 0x3a, 0x1, @private0={0xfc, 0x0, '\x00', 0x1}, @mcast2, {[], @time_exceed={0x2, 0x1, 0x0, 0x0, '\x00', {0x0, 0x6, "fd9003", 0x0, 0x3a, 0x0, @remote, @private0={0xfc, 0x0, '\x00', 0x1}, [], "5467e8296fe849e5"}}}}}}}, 0x0)
recvmmsg(r7, &(0x7f0000002780)=[{{0x0, 0xfffffffffffffde1, 0x0}}], 0x1, 0x2140, 0x0)
getsockname$packet(r6, &(0x7f0000000100)={0x11, 0x0, <r8=>0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f00000002c0)=0x14)
r9 = openat$cachefiles(0xffffffffffffff9c, &(0x7f0000000cc0), 0x20000, 0x0)
sendmsg$nl_route(r9, &(0x7f0000000e00)={&(0x7f0000000d00)={0x10, 0x0, 0x0, 0x8040}, 0xc, &(0x7f0000000dc0)={&(0x7f0000000d40)=@ipv4_newaddr={0x78, 0x14, 0x400, 0x70bd2c, 0x25dfdbfd, {0x2, 0x78, 0x93, 0xfd, r2}, [@IFA_ADDRESS={0x8, 0x1, @multicast1}, @IFA_TARGET_NETNSID={0x8}, @IFA_TARGET_NETNSID={0x8, 0xa, 0x4}, @IFA_CACHEINFO={0x14, 0x6, {0x4, 0x120000, 0x3, 0x2}}, @IFA_LOCAL={0x8, 0x2, @initdev={0xac, 0x1e, 0x1, 0x0}}, @IFA_ADDRESS={0x8, 0x1, @broadcast}, @IFA_CACHEINFO={0x14, 0x6, {0x6, 0x5, 0x9}}, @IFA_FLAGS={0x8, 0x8, 0x442}, @IFA_LOCAL={0x8, 0x2, @broadcast}]}, 0x78}, 0x1, 0x0, 0x0, 0x4004004}, 0x4)
sendmsg$nl_route(0xffffffffffffffff, &(0x7f0000000280)={0x0, 0x0, &(0x7f0000000080)={&(0x7f0000001880)=ANY=[@ANYBLOB="500000001000210400000000fedbdf2500000000", @ANYRES32=0x0, @ANYBLOB="adffa888e16000002800128009000100766c616e00000000180002800c0002000e0000000a000000060001000004000008000500", @ANYRES32=r8], 0x50}}, 0x2)
bind$l2tp(0xffffffffffffffff, 0x0, 0x0)
syz_usb_connect$hid(0x0, 0x36, 0x0, 0x0)
ioctl$sock_SIOCGIFINDEX(r1, 0x8933, &(0x7f0000000080)={'veth1_to_hsr\x00', <r10=>0x0})
sendmsg$nl_route_sched(r0, &(0x7f0000000200)={0x0, 0x0, &(0x7f0000000240)={&(0x7f0000004c00)=@newtfilter={0x24, 0x11, 0xd27, 0x0, 0x0, {0x0, 0x0, 0x74, r10}}, 0x24}, 0x1, 0xf0ffffffffffff}, 0x0)

7.529226484s ago: executing program 5 (id=3166):
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000100)=0x5)
sched_setaffinity(0x0, 0xff43, &(0x7f00000002c0)=0x2)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
r0 = syz_open_dev$MSR(&(0x7f00000007c0), 0x0, 0x0)
read$msr(r0, &(0x7f0000019680)=""/102392, 0x18ff8)
r1 = socket$tipc(0x1e, 0x2, 0x0)
sendmsg$TIPC_NL_MON_GET(0xffffffffffffffff, 0x0, 0x10)
bind$tipc(r1, &(0x7f0000000100)=@name={0x1e, 0x2, 0x0, {{0x42}}}, 0x10)
setsockopt$TIPC_GROUP_JOIN(r1, 0x10f, 0x87, &(0x7f0000000080)={0x41, 0x5, 0x2}, 0x10)
sendmsg$tipc(0xffffffffffffffff, &(0x7f00000008c0)={&(0x7f0000000600)=@name, 0x10, 0x0, 0x0, 0x0, 0x0, 0x881}, 0x80)
keyctl$KEYCTL_WATCH_KEY(0x20, 0x0, 0xffffffffffffffff, 0x0)
r2 = openat$6lowpan_enable(0xffffffffffffff9c, &(0x7f0000000000), 0x2, 0x0)
read(r2, &(0x7f00000000c0)=""/177, 0xb1)

6.692431875s ago: executing program 4 (id=3169):
r0 = socket$nl_route(0x10, 0x3, 0x0)
r1 = socket$inet6(0xa, 0x2, 0x0)
setsockopt$inet6_mreq(r1, 0x29, 0x1b, &(0x7f0000000100)={@remote}, 0x14)
ioctl$sock_SIOCGIFINDEX(r0, 0x8933, &(0x7f0000000040)={'ipvlan0\x00', <r2=>0x0})
r3 = socket$inet6(0xa, 0x80002, 0x0)
setsockopt$sock_int(r3, 0x1, 0x46, &(0x7f0000000340)=0x80000004, 0x4)
r4 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000000), 0x80b00, 0x0)
r5 = ioctl$KVM_CREATE_VM(r4, 0xae01, 0x0)
ioctl$KVM_CREATE_IRQCHIP(r5, 0xae60)
r6 = ioctl$KVM_CREATE_VCPU(r5, 0xae41, 0x0)
ioctl$KVM_SET_LAPIC(r6, 0x4400ae8f, &(0x7f00000007c0)={"32b60071e6d63041af26886499ca72783f42fe772e25747246617bfded3443ab87c8d420d6aefb124048c933b58a332154c092f33a487b140a64dbce34462c7fd24f95538f797080b546273ca043e139c0e78f28344a12cc61b2696e2daac24c99aa17b90abc97cc747177881a0787265ad912f8284ad013a325e905424db660905a9a1bfcf8148f9da360288baf21162885649691a00c5513c8effefcb5db9f489fb24b481c82d118d6025fd64c156d81182a8ccbcd506dffac0d5b90421c63b1bed278a15ff9c3f74f428d036783514cd5e7d148d060acb8247003175c7b209bef9a18c3088cf5b164ceb61c3f735cac473f873a97aa45d2183fa485f4125e0c64714c424c689dd206a8b53ae5180a59719cfd1dbc05711a7d90ee44a2e166fc50ed7378987c149a873173be48cd33794668b1d5b65523b5a359b2c0a8b3b797af35ebd36e177b68668f8ea621ea89caca949d2ec63685a8776af90666ce91eb698fc3114f7eaf61b649ffbb1ed6ad321c0d884012a297772ae9e334461f3ce90d7e24efbb23a00af7d46fca8b5efb587e201a45bebbeb05f1f8cc899de36e771fd9bf7a4077d6f4232ededdf951df5c8b915fef31a76d2ee71bca3789e33895f1f865a009a46f47edbd57b5517784aaa4a26224c2d3809d0cdaa10964a23b870592c2e92021bc3be8a6d251ec07bf5f75653eba319527d51a61af03c73c0d8308797f3f9f461fdd517184e36c862f098b9af5e29b22fd63a38f723abaf5b17bff478e09a95d384e03a94671f0fb8aa6871240057526e48d7aea6dfb9482117a5a8a23152299edc171e0586855460255e13598a019683a1151d215729f571d3fca3b7b735f07e6ac30db04c479de0dd4e9e1bde885c1c510dcb33633ffca5d75063de3373c25e3e0415d9e6e686874fd7b01b96d6bcf2e05e5c609b6f60b304bedd1af93b63f71322c2d990f6ad7a45607470d098d0dd8895d915b899f45ea8a74459b1c87fd1cdea66f35d1bfaf3e12a7ea20b0711c489430f200a56cb208df45c09f5a39517024fe3565502a7acbc0ec9b2463f67535852ae7a3872d8b505e11c0ad5b3c03aefdd87a37fc1835be25ae95454c900c46cbebac01c6ffcf37eddb033c55db5f194da63092d9bd0b418763d18f5e6955165cbf07c1a3ed11977a41a0d548926ad7495c3006ac6ff02f58bae1c4bbc0686c060016664d7ab35266c62d78e509b63b41b9070cfa8aaab08edcc8593779d022643c1e20a6a5dfdb5ec15d5a55659a5c4c4150727f003344a3deb8129a8d60db8639f31d47211fff233266d42784e7389494736c2ba17fd5fbe08a0075ca3be7e89d2533ffddfcc20de5ca585d883c6e8fd25c4d7a5f4c770797fd86aebf1f7546c78aa37bf1fc984b90ccdadbd311273f699fbc8b03680a87ff5f065e162557621ccabe023399f2"})
ioctl$KVM_SET_IRQCHIP(r5, 0x8208ae63, &(0x7f0000000580)={0x2, 0x0, @ioapic={0x8080000, 0xb, 0xfffffffb, 0xfffffffe, 0x0, [{0xc, 0x3, 0x8, '\x00', 0xb4}, {0x83, 0x1d, 0x4, '\x00', 0x4b}, {0xf9, 0xf, 0x7, '\x00', 0xda}, {0x0, 0x5, 0x0, '\x00', 0x8}, {0x8, 0x10, 0x8}, {0x2, 0x9, 0x6, '\x00', 0xfd}, {0x6, 0xe, 0x47, '\x00', 0x6}, {0x5, 0x90, 0x1, '\x00', 0xe9}, {0xe, 0x4, 0xa7, '\x00', 0x1}, {0x9, 0xcc, 0x6, '\x00', 0x4}, {0x1, 0x9, 0x10, '\x00', 0x8}, {0x0, 0x0, 0x5, '\x00', 0x7}, {0x1, 0x8a, 0x6, '\x00', 0x4}, {0x3, 0xf1, 0x6, '\x00', 0xb2}, {0x7, 0x4, 0x6, '\x00', 0xfd}, {0x6, 0x0, 0x4, '\x00', 0xd}, {0x7, 0x2, 0x4, '\x00', 0x3}, {0xec, 0x3, 0x4}, {0xf, 0x6, 0x6, '\x00', 0x1}, {0x9, 0x3, 0x56, '\x00', 0x4}, {0x1, 0x3, 0x7, '\x00', 0x4}, {0xd, 0x40, 0x7, '\x00', 0x7}, {0x5, 0xfd, 0x7, '\x00', 0x2}, {0x4, 0x8, 0xfa, '\x00', 0x42}]}})
setsockopt$inet6_mreq(r1, 0x29, 0x1b, &(0x7f0000000000)={@remote, r2}, 0x14)
sendmsg$nl_route_sched(r0, &(0x7f00000002c0)={0x0, 0x0, &(0x7f0000000240)={&(0x7f0000000440)=@newtfilter={0x24, 0x11, 0x1, 0x70bd28, 0x2000, {0x0, 0x0, 0x74, r2, {0xfffd, 0x10}, {0xc, 0xfff1}, {0xfff2, 0x3}}}, 0x24}, 0x1, 0xf0ffffffffffff, 0x0, 0x14004804}, 0x840)
socket$nl_route(0x10, 0x3, 0x0) (async)
socket$inet6(0xa, 0x2, 0x0) (async)
setsockopt$inet6_mreq(r1, 0x29, 0x1b, &(0x7f0000000100)={@remote}, 0x14) (async)
ioctl$sock_SIOCGIFINDEX(r0, 0x8933, &(0x7f0000000040)={'ipvlan0\x00'}) (async)
socket$inet6(0xa, 0x80002, 0x0) (async)
setsockopt$sock_int(r3, 0x1, 0x46, &(0x7f0000000340)=0x80000004, 0x4) (async)
openat$kvm(0xffffffffffffff9c, &(0x7f0000000000), 0x80b00, 0x0) (async)
ioctl$KVM_CREATE_VM(r4, 0xae01, 0x0) (async)
ioctl$KVM_CREATE_IRQCHIP(r5, 0xae60) (async)
ioctl$KVM_CREATE_VCPU(r5, 0xae41, 0x0) (async)
ioctl$KVM_SET_LAPIC(r6, 0x4400ae8f, &(0x7f00000007c0)={"32b60071e6d63041af26886499ca72783f42fe772e25747246617bfded3443ab87c8d420d6aefb124048c933b58a332154c092f33a487b140a64dbce34462c7fd24f95538f797080b546273ca043e139c0e78f28344a12cc61b2696e2daac24c99aa17b90abc97cc747177881a0787265ad912f8284ad013a325e905424db660905a9a1bfcf8148f9da360288baf21162885649691a00c5513c8effefcb5db9f489fb24b481c82d118d6025fd64c156d81182a8ccbcd506dffac0d5b90421c63b1bed278a15ff9c3f74f428d036783514cd5e7d148d060acb8247003175c7b209bef9a18c3088cf5b164ceb61c3f735cac473f873a97aa45d2183fa485f4125e0c64714c424c689dd206a8b53ae5180a59719cfd1dbc05711a7d90ee44a2e166fc50ed7378987c149a873173be48cd33794668b1d5b65523b5a359b2c0a8b3b797af35ebd36e177b68668f8ea621ea89caca949d2ec63685a8776af90666ce91eb698fc3114f7eaf61b649ffbb1ed6ad321c0d884012a297772ae9e334461f3ce90d7e24efbb23a00af7d46fca8b5efb587e201a45bebbeb05f1f8cc899de36e771fd9bf7a4077d6f4232ededdf951df5c8b915fef31a76d2ee71bca3789e33895f1f865a009a46f47edbd57b5517784aaa4a26224c2d3809d0cdaa10964a23b870592c2e92021bc3be8a6d251ec07bf5f75653eba319527d51a61af03c73c0d8308797f3f9f461fdd517184e36c862f098b9af5e29b22fd63a38f723abaf5b17bff478e09a95d384e03a94671f0fb8aa6871240057526e48d7aea6dfb9482117a5a8a23152299edc171e0586855460255e13598a019683a1151d215729f571d3fca3b7b735f07e6ac30db04c479de0dd4e9e1bde885c1c510dcb33633ffca5d75063de3373c25e3e0415d9e6e686874fd7b01b96d6bcf2e05e5c609b6f60b304bedd1af93b63f71322c2d990f6ad7a45607470d098d0dd8895d915b899f45ea8a74459b1c87fd1cdea66f35d1bfaf3e12a7ea20b0711c489430f200a56cb208df45c09f5a39517024fe3565502a7acbc0ec9b2463f67535852ae7a3872d8b505e11c0ad5b3c03aefdd87a37fc1835be25ae95454c900c46cbebac01c6ffcf37eddb033c55db5f194da63092d9bd0b418763d18f5e6955165cbf07c1a3ed11977a41a0d548926ad7495c3006ac6ff02f58bae1c4bbc0686c060016664d7ab35266c62d78e509b63b41b9070cfa8aaab08edcc8593779d022643c1e20a6a5dfdb5ec15d5a55659a5c4c4150727f003344a3deb8129a8d60db8639f31d47211fff233266d42784e7389494736c2ba17fd5fbe08a0075ca3be7e89d2533ffddfcc20de5ca585d883c6e8fd25c4d7a5f4c770797fd86aebf1f7546c78aa37bf1fc984b90ccdadbd311273f699fbc8b03680a87ff5f065e162557621ccabe023399f2"}) (async)
ioctl$KVM_SET_IRQCHIP(r5, 0x8208ae63, &(0x7f0000000580)={0x2, 0x0, @ioapic={0x8080000, 0xb, 0xfffffffb, 0xfffffffe, 0x0, [{0xc, 0x3, 0x8, '\x00', 0xb4}, {0x83, 0x1d, 0x4, '\x00', 0x4b}, {0xf9, 0xf, 0x7, '\x00', 0xda}, {0x0, 0x5, 0x0, '\x00', 0x8}, {0x8, 0x10, 0x8}, {0x2, 0x9, 0x6, '\x00', 0xfd}, {0x6, 0xe, 0x47, '\x00', 0x6}, {0x5, 0x90, 0x1, '\x00', 0xe9}, {0xe, 0x4, 0xa7, '\x00', 0x1}, {0x9, 0xcc, 0x6, '\x00', 0x4}, {0x1, 0x9, 0x10, '\x00', 0x8}, {0x0, 0x0, 0x5, '\x00', 0x7}, {0x1, 0x8a, 0x6, '\x00', 0x4}, {0x3, 0xf1, 0x6, '\x00', 0xb2}, {0x7, 0x4, 0x6, '\x00', 0xfd}, {0x6, 0x0, 0x4, '\x00', 0xd}, {0x7, 0x2, 0x4, '\x00', 0x3}, {0xec, 0x3, 0x4}, {0xf, 0x6, 0x6, '\x00', 0x1}, {0x9, 0x3, 0x56, '\x00', 0x4}, {0x1, 0x3, 0x7, '\x00', 0x4}, {0xd, 0x40, 0x7, '\x00', 0x7}, {0x5, 0xfd, 0x7, '\x00', 0x2}, {0x4, 0x8, 0xfa, '\x00', 0x42}]}}) (async)
setsockopt$inet6_mreq(r1, 0x29, 0x1b, &(0x7f0000000000)={@remote, r2}, 0x14) (async)
sendmsg$nl_route_sched(r0, &(0x7f00000002c0)={0x0, 0x0, &(0x7f0000000240)={&(0x7f0000000440)=@newtfilter={0x24, 0x11, 0x1, 0x70bd28, 0x2000, {0x0, 0x0, 0x74, r2, {0xfffd, 0x10}, {0xc, 0xfff1}, {0xfff2, 0x3}}}, 0x24}, 0x1, 0xf0ffffffffffff, 0x0, 0x14004804}, 0x840) (async)

6.675653184s ago: executing program 5 (id=3170):
r0 = socket$kcm(0x10, 0x2, 0x0)
sendmsg$kcm(r0, &(0x7f0000000600)={0x0, 0x0, &(0x7f0000000080)=[{&(0x7f00000002c0)="2e00000010008188040f80ec59acbc0413010048100000005e140602000000000e000a000f00000002800000121f", 0x2e}], 0x1}, 0x0)
socket$kcm(0x29, 0x7, 0x0)
r1 = socket$kcm(0x10, 0x2, 0x0)
sendmsg$kcm(r1, &(0x7f0000000600)={0x0, 0xfffffffe, &(0x7f0000000080)=[{&(0x7f0000000000)="2e00000010008188040f80ec59acbc0413a1f8480b0000005e140602000000000e000a000f00000002800000121f", 0x2e}], 0x1}, 0x0)
r2 = mmap$KVM_VCPU(&(0x7f0000ffb000/0x2000)=nil, 0x930, 0x1000002, 0x30, 0xffffffffffffffff, 0x0)
syz_memcpy_off$KVM_EXIT_HYPERCALL(r2, 0x20, &(0x7f0000000040)="1002d7d957c9dc8dda937c7b61567297207adb3029e20544ec044c2fbb6bf865c9331165cb94d9fcb78cb57f9b40b11393c0030046c2e390f91dbd9ddf7accf1295f9abfb2b534ba", 0x0, 0x48)
r3 = socket$nl_rdma(0x10, 0x3, 0x14)
sendmsg$RDMA_NLDEV_CMD_NEWLINK(r3, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000080)={&(0x7f0000000680)=ANY=[@ANYBLOB="38000000031401002abd7000fedbdf250900020073797a3100000000080041007369770014003300626f6e6430"], 0x38}, 0x1, 0x0, 0x0, 0x8801}, 0x20000000)

6.442837041s ago: executing program 2 (id=3171):
r0 = socket$inet_udp(0x2, 0x2, 0x0)
r1 = inotify_init()
inotify_add_watch(r1, &(0x7f0000000100)='./file0/file0\x00', 0x400017a)
r2 = openat(0xffffffffffffff9c, &(0x7f0000000040)='.\x00', 0x68cd42, 0x4)
r3 = socket$unix(0x1, 0x1, 0x0)
bind$unix(r3, &(0x7f0000000000)=@file={0x1, './file0\x00'}, 0x6e)
syz_emit_vhci(&(0x7f0000000080)=@HCI_SCODATA_PKT={0x3, {0xc8, 0x6c}, "7020e9158445a8d753268d3476e182c5647e1b48ca0969effa262a860ada37b8013d21822057b5f6f4dd9424f5bcfb48903bc3f65883a870fd4d7a849b15fa7feb87749585d62a18314e8f5921ab62e9e187d046b31a44bf866f13b9a6f6e8c062c9481c3a09ed76ab56fee5"}, 0x70)
mmap(&(0x7f0000000000/0x200000)=nil, 0x200000, 0x300000b, 0x204031, 0xffffffffffffffff, 0xec776000)
openat$cgroup_ro(r2, &(0x7f0000000900)='net_prio.prioidx\x00', 0x275a, 0xb)
read$FUSE(r1, &(0x7f0000001fc0)={0x2020}, 0x2020)
bind$inet(r0, &(0x7f00000001c0)={0x2, 0x0, @local}, 0x16)
connect$inet(r0, &(0x7f0000000480)={0x2, 0x0, @multicast2}, 0x10)
setsockopt$inet_IP_XFRM_POLICY(r0, 0x0, 0x11, &(0x7f00000002c0)={{{@in6=@mcast1, @in=@multicast1, 0x0, 0x0, 0x0, 0x0, 0x2, 0x0, 0x0, 0x0, 0x0, 0xee01}, {0x10000, 0x0, 0x0, 0x0, 0xfffffffffffffffc, 0x0, 0x0, 0xfffffffffffffffd}, {0x0, 0x8, 0x0, 0x8}, 0xfffeffff, 0x0, 0x1, 0x0, 0x1}, {{@in=@remote, 0x2, 0x6c}, 0x0, @in6=@private1={0xfc, 0x1, '\x00', 0x1}, 0x0, 0x5, 0x0, 0xb7}}, 0xe8)
sendmmsg(r0, &(0x7f0000007fc0), 0x800001d, 0xb00)

5.932335391s ago: executing program 4 (id=3172):
r0 = syz_init_net_socket$nl_generic(0x10, 0x3, 0x10)
socket(0x40000000015, 0x5, 0x0) (async)
r1 = socket(0x40000000015, 0x5, 0x0)
bind$inet6(r1, &(0x7f0000000040)={0xa, 0x4e24, 0x2, @loopback}, 0x1c) (async)
bind$inet6(r1, &(0x7f0000000040)={0xa, 0x4e24, 0x2, @loopback}, 0x1c)
sendto$inet6(r1, 0x0, 0x0, 0x0, 0x0, 0x0) (async)
sendto$inet6(r1, 0x0, 0x0, 0x0, 0x0, 0x0)
r2 = syz_genetlink_get_family_id$netlbl_mgmt(&(0x7f0000000300), r0)
userfaultfd(0x1)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000040)=0x3)
prctl$PR_SET_VMA(0x53564d41, 0x0, &(0x7f0000ffa000/0x2000)=nil, 0x2000, 0x0)
sched_setaffinity(0x0, 0x8, &(0x7f0000000280)=0x2)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0) (async)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
syz_open_dev$MSR(&(0x7f00000001c0), 0x0, 0x0) (async)
r3 = syz_open_dev$MSR(&(0x7f00000001c0), 0x0, 0x0)
read$msr(r3, &(0x7f0000001a40)=""/102392, 0x18ff8) (async)
read$msr(r3, &(0x7f0000001a40)=""/102392, 0x18ff8)
syz_open_dev$sndctrl(&(0x7f0000000100), 0x0, 0x0)
socket(0x40000000015, 0x5, 0x0) (async)
r4 = socket(0x40000000015, 0x5, 0x0)
setsockopt$IP6T_SO_SET_REPLACE(r1, 0x29, 0x40, &(0x7f0000000b80)=@raw={'raw\x00', 0x9, 0x3, 0x318, 0x0, 0xffffffff, 0xffffffff, 0x110, 0xffffffff, 0x248, 0xffffffff, 0xffffffff, 0x248, 0xffffffff, 0x3, &(0x7f0000000000), {[{{@uncond, 0x0, 0xd0, 0x110, 0x0, {}, [@inet=@rpfilter={{0x28}, {0x2}}]}, @common=@inet=@LOG={0x40, 'LOG\x00', 0x0, {0x6, 0xf, "53547de09200f26455ec81206e5fdf9936854d4d49dbbfb035269e5c682f"}}}, {{@uncond, 0x0, 0xf8, 0x138, 0x0, {}, [@common=@mh={{0x28}, {"af29", 0x1}}, @inet=@rpfilter={{0x28}, {0x8}}]}, @common=@inet=@LOG={0x40, 'LOG\x00', 0x0, {0xd, 0x2, "d4bbc00847cf3b61d4e52890938d9a9fd9942bdcf60fc847c3d30bbb3374"}}}], {{'\x00', 0x0, 0xa8, 0xd0}, {0x28}}}}, 0x378)
connect$inet(r4, &(0x7f0000000040)={0x2, 0x0, @loopback}, 0x10) (async)
connect$inet(r4, &(0x7f0000000040)={0x2, 0x0, @loopback}, 0x10)
bind$inet(r4, &(0x7f0000000340)={0x2, 0x0, @loopback}, 0x57)
r5 = openat$vicodec0(0xffffffffffffff9c, &(0x7f0000000240), 0x2, 0x0)
write$RDMA_USER_CM_CMD_SET_OPTION(r5, &(0x7f00000002c0)={0xe, 0x18, 0xfa00, @id_afonly={0x0}}, 0x20) (async)
write$RDMA_USER_CM_CMD_SET_OPTION(r5, &(0x7f00000002c0)={0xe, 0x18, 0xfa00, @id_afonly={0x0}}, 0x20)
ioctl$VIDIOC_CREATE_BUFS(r5, 0xc100565c, &(0x7f0000000140)={0x0, 0x5, 0x4, {0xa, @pix_mp={0x9, 0x81, 0x0, 0x8, 0xc, [{0x4, 0xfffffffc}, {0x3, 0x8000}, {0xa64a88ed, 0x7fffffff}, {0x200, 0x3ff}, {0x5, 0x1}, {0x4ce, 0x10008}, {0x7ff, 0x9}, {0x2, 0x1}], 0x6, 0xff, 0x1, 0x1, 0x7}}, 0x56a})
sendmsg$nl_route_sched(r4, &(0x7f00000007c0)={0x0, 0x0, &(0x7f0000000780)={0x0}}, 0x0)
recvmmsg(r4, &(0x7f0000000b40)=[{{0x0, 0x1f00, 0x0, 0x0, &(0x7f0000000280)=""/11, 0xb}}], 0x5df, 0x2, 0x0)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8000}, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000640)=0x2)
r6 = socket$inet_udplite(0x2, 0x2, 0x88)
ioctl$sock_SIOCGIFINDEX(r6, 0x8933, &(0x7f0000000340)={'bridge_slave_0\x00', <r7=>0x0})
r8 = socket$netlink(0x10, 0x3, 0x0)
sendmsg$nl_route(r8, &(0x7f0000000100)={0x0, 0x0, &(0x7f00000000c0)={&(0x7f0000001900)=ANY=[@ANYBLOB="2800010000000000000000220000000007000000", @ANYRES32=r7, @ANYBLOB="000000004800000008000c0004000700"], 0x28}}, 0x0) (async)
sendmsg$nl_route(r8, &(0x7f0000000100)={0x0, 0x0, &(0x7f00000000c0)={&(0x7f0000001900)=ANY=[@ANYBLOB="2800010000000000000000220000000007000000", @ANYRES32=r7, @ANYBLOB="000000004800000008000c0004000700"], 0x28}}, 0x0)
sendmsg$NLBL_MGMT_C_ADD(r0, &(0x7f0000000480)={0x0, 0x0, &(0x7f0000000440)={&(0x7f00000001c0)=ANY=[@ANYBLOB="f4000000", @ANYRES16=r2, @ANYBLOB="cd3e000000000000000001000000c700010043ecf8a07715e5bcdb7f9af2eacc913a7640e8332d1daac5516c7f094b740c631f175dddd0f0a8ebd26792040200006f64e62cd3404917f3be657330adc6bf2f2ab6286f917412935536f4406edcdc8a37d2c301a5e2568cb3696d7ed256da47bd6246c86e86ac9cfbdae22622b43a13e9096385b4cb17bf6d8436e77f709e436462ad3ba28f73bf36e8e358673326e220d60a9d3d7e3c932faf89062b965db52beeff385e442adbb8d87480d48f4b3d4530e8528300080007000a0101020800080000000000080002000700"/238], 0xf4}}, 0x0)

5.585951483s ago: executing program 5 (id=3173):
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0) (async)
sched_setscheduler(0x0, 0x2, &(0x7f0000000080)=0x8)
r0 = getpid()
sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2)
sched_setscheduler(r0, 0x2, &(0x7f0000000200)=0x7)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0) (async)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000240)={<r1=>0xffffffffffffffff, <r2=>0xffffffffffffffff})
connect$unix(r1, &(0x7f000057eff8)=@abs, 0x6e) (async)
sendmmsg$unix(r2, &(0x7f0000000000), 0x651, 0x0) (async)
recvmmsg(r1, &(0x7f00000000c0), 0x10106, 0x2, 0x0) (async)
r3 = bpf$MAP_CREATE(0x0, &(0x7f0000000180)=ANY=[@ANYBLOB="0b0000000800000001"], 0x48)
bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, &(0x7f0000000ac0)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32=r3, @ANYBLOB="0000000000000000b708000002001e007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b704000000000000850000000100000095"], &(0x7f0000000700)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, 0x0, 0x0) (async)
openat$procfs(0xffffffffffffff9c, &(0x7f0000000000)='/proc/bus/input/devices\x00', 0x0, 0x0) (async)
io_setup(0x3, &(0x7f0000000140)) (async)
r4 = socket$inet6(0xa, 0x80002, 0x0) (async)
newfstatat(0xffffffffffffff9c, &(0x7f0000000380)='./file0\x00', &(0x7f00000003c0)={0x0, 0x0, 0x0, 0x0, 0x0, <r5=>0x0}, 0x1000) (async)
stat(&(0x7f0000000900)='\x00', 0x0)
getsockopt$sock_cred(r2, 0x1, 0x11, &(0x7f0000000500)={0x0, <r6=>0x0}, &(0x7f0000000540)=0xc)
mount$9p_unix(&(0x7f0000000280)='./file0\x00', &(0x7f0000000300)='./file0\x00', &(0x7f0000000340), 0x40000, &(0x7f0000000580)={'trans=unix,', {[{@access_uid}, {@cache_none}, {@dfltgid={'dfltgid', 0x3d, r5}}, {@dfltgid}], [{@fowner_gt={'fowner>', r6}}, {@fowner_eq}, {@smackfsdef}, {@smackfsdef={'smackfsdef', 0x3d, 'cache=none'}}, {@fsname={'fsname', 0x3d, '{'}}, {@flag='dirsync'}]}}) (async)
connect$inet6(r4, &(0x7f0000000000)={0xa, 0x4e27, 0xffffffff, @ipv4={'\x00', '\xff\xff', @dev={0xac, 0x14, 0x14, 0x27}}, 0x5}, 0x1c) (async)
r7 = socket$nl_netfilter(0x10, 0x3, 0xc)
sendmsg$NFT_BATCH(r7, &(0x7f000000c2c0)={0x0, 0x0, &(0x7f0000000200)={&(0x7f00000003c0)=ANY=[@ANYBLOB="140000001000010000000000000000001c6a000a28000000000a0101000000005e1affd5020000000900010073797a300000000008000240000000032c000000030a01030000e6ff00000000020000000900010073797a30000000000900030073797a320000000014000000110001"], 0x7c}}, 0x0) (async)
sendmsg$NFT_BATCH(r7, &(0x7f0000000080)={0x0, 0x0, &(0x7f00000000c0)={&(0x7f0000000440)={{0x14}, [@NFT_MSG_NEWRULE={0x6c, 0x6, 0xa, 0x409, 0x0, 0x0, {0x2}, [@NFTA_RULE_CHAIN={0x9, 0x2, 'syz2\x00'}, @NFTA_RULE_TABLE={0x9, 0x1, 'syz0\x00'}, @NFTA_RULE_EXPRESSIONS={0x38, 0x4, 0x0, 0x1, [{0x34, 0x1, 0x0, 0x1, @payload={{0xc}, @val={0x24, 0x2, 0x0, 0x1, [@NFTA_PAYLOAD_LEN={0x8, 0x4, 0x1, 0x0, 0xc2}, @NFTA_PAYLOAD_BASE={0x8}, @NFTA_PAYLOAD_SREG={0x8}, @NFTA_PAYLOAD_OFFSET={0x8}]}}}]}, @NFTA_RULE_USERDATA={0x6, 0x7, 0x1, 0x0, "6198"}]}], {0x14}}, 0x94}, 0x1, 0x0, 0x0, 0x4000000}, 0x24008000) (async)
r8 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000100)='cpuset.effective_cpus\x00', 0x275a, 0x0) (async)
r9 = socket$inet6_mptcp(0xa, 0x1, 0x106)
setsockopt$inet6_int(r9, 0x29, 0x1a, &(0x7f0000000040), 0x4)
r10 = socket$nl_route(0x10, 0x3, 0x0)
sendmsg$nl_route(r10, &(0x7f0000000280)={0x0, 0x0, &(0x7f0000000140)={&(0x7f00000005c0)=@newlink={0x44, 0x10, 0x403, 0x0, 0x25dfdbfe, {0x0, 0x0, 0x74, 0x0, 0x800, 0x55007}, [@IFLA_LINKINFO={0x24, 0x12, 0x0, 0x1, @bridge={{0xb}, {0x14, 0x2, 0x0, 0x1, [@IFLA_BR_MCAST_QUERIER={0x5, 0x19, 0x2}, @IFLA_BR_MCAST_HASH_ELASTICITY={0x8, 0x1a, 0x4}]}}}]}, 0x44}, 0x1, 0x0, 0x0, 0x800}, 0x0) (async)
fcntl$lock(r8, 0x24, &(0x7f00000000c0)={0x2, 0x2, 0x1})

5.233760343s ago: executing program 6 (id=3174):
sendmsg$nl_route_sched(0xffffffffffffffff, 0x0, 0x0)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0)
bind$l2tp6(0xffffffffffffffff, &(0x7f0000000000)={0xa, 0x0, 0x1, @empty}, 0x20) (async, rerun: 64)
r0 = socket$nl_generic(0x10, 0x3, 0x10) (async, rerun: 64)
r1 = syz_genetlink_get_family_id$l2tp(&(0x7f0000000140), 0xffffffffffffffff)
sendmsg$L2TP_CMD_TUNNEL_CREATE(r0, &(0x7f0000000380)={0x0, 0x0, &(0x7f0000000040)={&(0x7f00000003c0)=ANY=[@ANYBLOB='\\\x00\x00\x00', @ANYRES16=r1, @ANYBLOB="0100000000000000000001000500050007000000000008000900000000001400200000000000000000000000e1ffe000000108000a0000000000060002000100000014001f"], 0x5c}, 0x1, 0x6c}, 0x0)
sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x7)
r2 = getpid() (async)
sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2)
sched_setscheduler(r2, 0x2, &(0x7f0000000200)=0x4)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeef, 0x8031, 0xffffffffffffffff, 0x0) (async)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={<r3=>0xffffffffffffffff, <r4=>0xffffffffffffffff})
connect$unix(r3, &(0x7f000057eff8)=@file={0x0, './file0\x00'}, 0x6e) (async)
sendmmsg$unix(r4, &(0x7f0000000000), 0x400000000000041, 0x0)
sched_setaffinity(r2, 0x8, &(0x7f0000000240)=0x2) (async)
recvmmsg(r3, &(0x7f00000000c0), 0x10106, 0x2, 0x0) (async, rerun: 64)
r5 = syz_clone(0x1000000, 0x0, 0x0, 0x0, 0x0, 0x0) (rerun: 64)
ptrace(0x10, r5) (async, rerun: 32)
ptrace$getregset(0x4205, r5, 0x202, &(0x7f0000000240)={0x0}) (rerun: 32)
openat$sequencer(0xffffffffffffff9c, 0x0, 0x8002, 0x0)
socket$inet6(0xa, 0x5, 0x0)
r6 = openat$kvm(0xffffffffffffff9c, &(0x7f00000000c0), 0x3456b75efe11fa28, 0x0)
r7 = ioctl$KVM_CREATE_VM(r6, 0xae01, 0x0) (async)
r8 = socket$can_j1939(0x1d, 0x2, 0x7)
setsockopt$SO_J1939_FILTER(r8, 0x6b, 0x1, &(0x7f00000001c0)=[{0x0, 0x3, {0x1, 0xf0, 0x3}, {0x2, 0x1, 0x1}, 0xff, 0xfe}, {0x2, 0x1, {0x0, 0xf0}, {0x1, 0xff, 0x3}, 0xff}, {0x1, 0x1, {0x1, 0x1, 0x3}, {0x1, 0xff, 0x1}, 0xfd, 0x1}, {0x3, 0x2, {0x0, 0x0, 0x4}, {0x0, 0x1, 0x4}, 0x1, 0xff}, {0x1, 0x1, {0x2, 0xff, 0x1}, {0x2, 0x0, 0x1}, 0x2, 0xfd}, {0x1, 0x2, {0x2, 0x1, 0x4}, {0x1, 0x0, 0x4}, 0x1, 0x1}], 0xc0) (async)
r9 = ioctl$KVM_CREATE_VCPU(r7, 0xae41, 0x0) (async)
ioctl$KVM_CLEAR_DIRTY_LOG(r7, 0xc018aec0, &(0x7f0000000000)={0x1000a, 0x380, 0x2c0, 0x0})
ioctl$KVM_SET_USER_MEMORY_REGION(r7, 0x4020ae46, 0x0) (async)
ioctl$KVM_SET_REGS(r9, 0x4090ae82, 0x0)

5.136206957s ago: executing program 2 (id=3175):
prlimit64(0x0, 0xe, 0x0, 0x0)
sched_setscheduler(0x0, 0x1, 0x0)
bpf$PROG_LOAD(0x5, 0x0, 0x0)
bind$alg(0xffffffffffffffff, &(0x7f0000000080)={0x26, 'skcipher\x00', 0x0, 0x0, 'xts(ecb-aes-aesni)\x00'}, 0x58)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x219}, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000180)=0x3)
socket$inet6_mptcp(0xa, 0x1, 0x106)
sched_setaffinity(0x0, 0x8, &(0x7f00000000c0)=0xa)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
r0 = syz_open_dev$MSR(&(0x7f00000001c0), 0x0, 0x0)
read$msr(r0, &(0x7f0000032680)=""/102400, 0x19000)
r1 = socket$nl_generic(0x10, 0x3, 0x10)
ioctl$sock_SIOCGIFINDEX_80211(r1, 0x8933, 0x0)
r2 = socket$nl_generic(0x10, 0x3, 0x10)
syz_genetlink_get_family_id$nl80211(0x0, 0xffffffffffffffff)
mount(&(0x7f0000000080)=@filename='./file0\x00', &(0x7f00000000c0)='./file0\x00', &(0x7f0000000180)='fuseblk\x00', 0x8851, 0x0)
sendmsg$NL80211_CMD_TDLS_MGMT(r2, &(0x7f0000000300)={0x0, 0x0, &(0x7f00000007c0)={&(0x7f0000000100)=ANY=[], 0x4c}}, 0x0)
r3 = openat$ptmx(0xffffffffffffff9c, &(0x7f0000000100), 0x800, 0x0)
bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000600)={0x10, 0x3, &(0x7f0000000000)=ANY=[@ANYBLOB="1daa000000000000611e7d719fc5a4dbd7249f497e"], &(0x7f0000000480)='syzkaller\x00'}, 0x94)
ioctl$TIOCSETD(r3, 0x5423, &(0x7f0000000040)=0x14)
capset(&(0x7f0000000080)={0x20071026}, 0x0)
ioctl$TIOCSETD(r3, 0x5423, &(0x7f0000000480)=0x1)

4.826055978s ago: executing program 5 (id=3176):
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000180)=0x3)
sched_setaffinity(0x0, 0x8, &(0x7f00000000c0)=0xa)
r0 = socket$inet_tcp(0x2, 0x1, 0x0)
setsockopt$inet_opts(r0, 0x0, 0x8, 0x0, 0x0)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
r1 = socket$inet(0x2, 0x4000000000000001, 0x0)
sendmmsg$inet(r1, &(0x7f0000001340)=[{{0x0, 0x0, &(0x7f0000000480)=[{0x0}], 0x1}}], 0x1, 0x20000001)
r2 = socket$inet_udp(0x2, 0x2, 0x0)
r3 = dup2(r2, r2)
setsockopt$IPT_SO_SET_REPLACE(r3, 0x0, 0x40, &(0x7f0000000b40)=@nat={'nat\x00', 0x62, 0x5, 0x528, 0x0, 0x2a0, 0xffffffff, 0x2a0, 0x2a0, 0x490, 0x490, 0xffffffff, 0x490, 0x490, 0x5, 0x0, {[{{@ip={@multicast2, @initdev={0xac, 0x1e, 0x0, 0x0}, 0x0, 0x0, 'veth0_to_bond\x00', 'wg1\x00'}, 0x0, 0xa8, 0xe0, 0x0, {0x22e}, [@common=@unspec=@statistic={{0x38}}]}, @MASQUERADE={0x38, 'MASQUERADE\x00', 0x0, {0x4f00, {0x0, @multicast1, @remote, @icmp_id, @icmp_id}}}}, {{@uncond, 0x0, 0x70, 0xa8}, @SNAT0={0x38, 'SNAT\x00', 0x0, {0x3dc, {0x0, @private, @remote, @icmp_id, @gre_key}}}}, {{@ip={@broadcast, @multicast1, 0x0, 0x0, 'veth1_to_team\x00', 'ipvlan0\x00'}, 0x0, 0xe0, 0x118, 0x0, {}, [@common=@socket0={{0x20}}, @common=@osf={{0x50}, {'syz0\x00'}}]}, @DNAT0={0x38, 'DNAT\x00', 0x0, {0x1, {0x0, @private, @multicast2, @gre_key, @icmp_id}}}}, {{@ip={@remote, @dev, 0x0, 0x0, 'veth1_to_batadv\x00', 'netdevsim0\x00'}, 0x0, 0x1b8, 0x1f0, 0x0, {}, [@common=@unspec=@comment={{0x120}}, @common=@icmp={{0x28}, {0x0, "6e82"}}]}, @NETMAP={0x38, 'NETMAP\x00', 0x0, {0x1, {0x0, @remote, @broadcast, @icmp_id}}}}], {{'\x00', 0x0, 0x70, 0x98}, {0x28}}}}, 0x588)
ioctl$VIDIOC_QUERYMENU(0xffffffffffffffff, 0xc02c5625, &(0x7f0000000180)={0x8000, 0xc5f7, @name="ac2ad54970138065d4b1a10a14b7e65642722c3da99ba40f000026e78ffc1e0a"})
r4 = add_key$user(&(0x7f00000001c0), &(0x7f0000000300)={'syz', 0x1}, &(0x7f0000000480)="fef0eca86999a4a0c7cb5b0006000000", 0x10, 0xfffffffffffffffe)
r5 = add_key$user(&(0x7f00000003c0), &(0x7f0000000440), &(0x7f00000000c0), 0xc9, 0xfffffffffffffffd)
keyctl$dh_compute(0x17, &(0x7f0000000140)={r5, r5, r4}, &(0x7f00000000c0)=""/83, 0x53, 0x0)
read$FUSE(r1, &(0x7f0000003000)={0x2020}, 0x2020)
r6 = syz_open_dev$MSR(&(0x7f00000001c0), 0x0, 0x0)
r7 = socket$nl_generic(0x10, 0x3, 0x10)
r8 = syz_genetlink_get_family_id$tipc2(&(0x7f00000021c0), 0xffffffffffffffff)
sendmsg$TIPC_NL_LINK_GET(r7, &(0x7f00000035c0)={0x0, 0x0, &(0x7f0000003580)={&(0x7f0000002200)={0x18, r8, 0xc8da923139bed765, 0x70bd2b, 0x25dfdbfc, {}, [@TIPC_NLA_LINK={0x4}]}, 0x18}, 0x1, 0x0, 0x0, 0x40810}, 0x200080c0)
read$msr(r6, &(0x7f0000019680)=""/102392, 0x18ff8)
r9 = bpf$MAP_CREATE_CONST_STR(0x0, &(0x7f0000000240)={0x2, 0x4, 0x8, 0x1, 0x80, 0x0}, 0x50)
r10 = bpf$MAP_CREATE_RINGBUF(0x0, &(0x7f00000007c0)={0x1b, 0x0, 0x0, 0x40000, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0}, 0x48)
bpf$PROG_LOAD(0x5, &(0x7f0000000840)={0x10, 0x1c, &(0x7f0000000040)=@ringbuf={{0x18, 0x8}, {{0x18, 0x1, 0x1, 0x0, r10}, {}, {}, {0x85, 0x0, 0x0, 0x5}, {0x4, 0x1, 0xb, 0x9, 0xa}}, {{0x5, 0x0, 0x3, 0x9, 0x0, 0x1, 0x3801}, {0x2c}}, [@snprintf={{0x7, 0x0, 0xb, 0x2}, {0x3, 0x3, 0x3, 0xa, 0x9}, {0x5, 0x0, 0xb, 0x9}, {0x3, 0x3, 0x6, 0xa, 0xa, 0xfff8, 0xf1}, {0x7, 0x1, 0xb, 0x6, 0x8}, {0x7, 0x0, 0x0, 0x8}, {}, {}, {0x7, 0x0, 0xc}, {0x18, 0x2, 0x2, 0x0, r9}, {}, {0x46, 0x8, 0xfff0, 0x76}}], {{0x7, 0x1, 0xb, 0x8}, {0x6, 0x0, 0x5, 0x8}, {0x85, 0x0, 0x0, 0x7}}}, &(0x7f0000000980)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @sk_msg, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90)

4.735903109s ago: executing program 4 (id=3177):
r0 = socket$nl_netfilter(0x10, 0x3, 0xc)
sendmsg$NFT_BATCH(r0, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000080)={&(0x7f0000000240)=ANY=[@ANYBLOB="140000001000010000000000000000000500000a28000000000a030000000000000000000a00000708000240000000020900010073797a31000000002c000000030a010100000000000000000a0000070900010073797a31000000000900030073797a320000000014000000110001"], 0x7c}, 0x1, 0x0, 0x0, 0x4000}, 0x0)
sendmsg$NFT_BATCH(r0, &(0x7f0000000040)={0x0, 0x0, &(0x7f0000009b00)={&(0x7f0000000140)=ANY=[@ANYBLOB="140000001000010000000000000000000500000a54000000060a010400000000000000000a00fffd0900010073797a31000000020900020073797a320000000028000480240001800b000100736f636b65740000140002800800014000000000080002"], 0x7c}, 0x1, 0x0, 0x0, 0x4000850}, 0x24000000)

3.176651152s ago: executing program 4 (id=3178):
syz_usb_connect(0x0, 0x3d, &(0x7f0000000240)=ANY=[@ANYBLOB="12010000bdce4208110f80106afc0000000109022b00010000000009043700022ee5cd0009058010ff037f790209050e0320000980070705ab0b78"], 0x0)
r0 = syz_open_dev$char_usb(0xc, 0xb4, 0x0)
r1 = epoll_create(0x1)
epoll_ctl$EPOLL_CTL_ADD(r1, 0x1, r0, &(0x7f0000000040))
ioctl$AUTOFS_DEV_IOCTL_VERSION(0xffffffffffffffff, 0xc0189371, &(0x7f0000000080)={{0x1, 0x1, 0x18, <r2=>r1}, './file0\x00'})
sendmsg$qrtr(r2, &(0x7f00000007c0)={&(0x7f00000000c0)={0x2a, 0x0, 0x8000}, 0xc, &(0x7f0000000700)=[{&(0x7f0000000100)="4464e863862059fe73665068246d0c2756905f0aa0bd5a1f7bf24ba42c033b1756540109c5a01088", 0x28}, {&(0x7f0000000140)="9ed6616ea324bbb795c7777922ea64d5c8898e5b4a76044d28e059a0e1491c7d640f7da813127f5712753971a37768a4a4ebc963481257c83d02dd6009b9d28ffbbf8fe0b14e9e67ec32d7f90aea711504a9bc48a8bb55515b7b12ac7825c11605bb7cefef093b6ee9df51fac6244dd04aeb52c444f44b59e9e11db049f85aec0c0bba68c9e1a6c834a0d10e1dbd948cc0f519074a8dfffab99e21568635a1fc1a5fa30e399ae12fa98b369bc669ea57e8ac4d79d57e60eb536398a2b5fea7a1d818e93806da401ced22be1763eb2bcede9706dac388940b420ed0d3b0167abc2e0605c1002f5c8972", 0xe9}, {&(0x7f0000000280)="92a67f22d8e87e685ef3d6828a162b5ff477e739cfe6392ff278277997707d73dba4575ef1fac71f4be5bc6df6cdfba02c501b82b869ce70541dde385ab71c2f7798a67fd697a07e2306e116a5fa6e0f8cd1419a38c1953161ea17d71915b81e3c56c12def1532b686dc10b509d7bb97503e84c82d5e4b39f3e01832d92b4eb3a88a5a2d0954c7bd4e085d439f77c22d34497c75745fc126b1a36409c34dcb0da503f8600dfea68b", 0xa8}, {&(0x7f0000000340)="174b97ad0465c7d6dea48fe68e720423c8e4c3367757d90fd5424ded1d4160351666f754e9c78efd27caaa2abbf52a33d12e837fc7df116845eabc7dbd6c1aefd70fdb5be547425e4601370ac4da8033d5d681ec219e36d274d91e5ceda3c01c1179358ad16bf09b601f5937653029cfbc349569cc1e5018f48420f32f7406e0fd309a4bd48d489b0bafd949184fca4b2cb7fd5ee100f3e59ee37bfbf7b5b90541be7b111ba3dee80fa343a4c7d5b366ebb762548e8b7e1de5c6", 0xba}, {&(0x7f0000000400)="87b6eb219db92541db1f3f60045183d5db4194a67c8150de81b4134c52bbba95aff82d411232cc30fcc508be3c87fddbd0cd6070b8d9e966a49cee20613ec20939086ba20ca1aed5c77792f3209cdf58da452ca6492291b8efd6dcda8860d88e4ac7557f44f770af9d18ef1590be3ddc277dce1ff6b8f21b0e145f47131c6e6faf40841cb24c34c9bf39fd7550a524469e13e32378e1e978a2dbcf1f3b1a3e5452d97aec73f7d773573f33ecd4", 0xad}, {&(0x7f00000004c0)="8785f0c59cafd1503a5548830d6cd20de39115221fcc381fcac6f1f10c6e59f909b423cd20efb1aec0b8177aa3b5b40ca1e4d58e3b87d00ef87ab013a5e83cfc26114378852d24a3c12301c0f722ab02bbac35f002e2c2490672b8eccbff6bef25af2f83921a2c00e5337e305acc70cfbb97af8b7478227d2e9c37ccb6202c0eb28e3088f82f6243c9a345de56dc0520e1b1e4056a", 0x95}, {&(0x7f0000000580)="37e53626e2f67024f351e085b7c4bfeb2b89a5810853536534ebfa367d05bae2f6739f0a38d39acc6f62fa2fab93aa193af746f869587c8be585c16d97b9e626648a89d4a7d4432012144a486a7e5ad9ccb79a0a74f731cb0b582a2ebb26e54e3f78ba73ae22a9b05875a25fb0aa6f2f4c6614753a", 0x75}, {&(0x7f0000000600)="f5bd9b57bdf19998df387d122d3827c837166344a69f941730320bdbad892bc513f88c32a87bd4f8f11efe19b1ad7a8e8dd5b9ac0f27a96e45caef893101d6dfbc4323bcae0ffe8f935d8320192f87dc2b8a686a866caee0991f663d0cbe2fdff606ac601dddefba49803f2d0aa4e5", 0x6f}, {&(0x7f0000000680)="c46788d25a2271", 0x7}, {&(0x7f00000006c0)="47b217e1c8b8cfef040a4a0622b1b3e822faa4dbd4479d9b67bf", 0x1a}], 0xa, 0x0, 0x0, 0x40000}, 0x38)
epoll_wait(r1, &(0x7f0000000000)=[{}], 0x1, 0xe)

3.176079792s ago: executing program 5 (id=3179):
r0 = syz_usb_connect$uac1(0x3, 0xa7, &(0x7f0000000000)=ANY=[@ANYBLOB="12015002000000206b1d0101400001020301090295000301a0a0090904000000010100000a2401900c020201020c240202060203840c0008120daa471fcfda0a0007000500190c240803090034c5e5eb68a3082405010201013f0924030201030301"], &(0x7f0000001c40)={0x0, 0x0, 0x0, 0x0})
syz_usb_connect(0x0, 0x3e, 0x0, 0x0)
mq_open(0x0, 0x0, 0x0, &(0x7f0000000180)={0x8001})
r1 = add_key$user(&(0x7f00000003c0), &(0x7f0000000440), &(0x7f00000000c0), 0xc9, 0xfffffffffffffffd)
keyctl$dh_compute(0x17, &(0x7f0000000040)={r1, r1, r1}, &(0x7f0000001cc0)=""/194, 0xc2, &(0x7f00000000c0)={&(0x7f0000000000)={'xxhash64-generic\x00'}}) (async)
keyctl$dh_compute(0x17, &(0x7f0000000040)={r1, r1, r1}, &(0x7f0000001cc0)=""/194, 0xc2, &(0x7f00000000c0)={&(0x7f0000000000)={'xxhash64-generic\x00'}})
ioctl$DRM_IOCTL_MODE_CREATE_DUMB(0xffffffffffffffff, 0xc02064b2, 0x0)
r2 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000200)={0x18, 0x4, &(0x7f00000002c0)=ANY=[@ANYBLOB="18010000000000000000000000000000850000006d00000095"], &(0x7f0000000100)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x2}, 0x80)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000080)={&(0x7f0000000000)='sched_switch\x00', r2}, 0x10) (async)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000080)={&(0x7f0000000000)='sched_switch\x00', r2}, 0x10)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x88}, 0x0)
sched_setscheduler(0x0, 0x1, &(0x7f0000000240)=0x7)
r3 = getpid()
sched_setscheduler(r3, 0x2, &(0x7f0000000200)=0x7)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0) (async)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={<r4=>0xffffffffffffffff, <r5=>0xffffffffffffffff})
connect$unix(r4, &(0x7f000057eff8)=@abs, 0x6e) (async)
connect$unix(r4, &(0x7f000057eff8)=@abs, 0x6e)
sendmmsg$unix(r5, &(0x7f0000000000), 0x651, 0x0)
recvmmsg(r4, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000000)=0x6) (async)
sched_setscheduler(0x0, 0x2, &(0x7f0000000000)=0x6)
mremap(&(0x7f0000ffc000/0x2000)=nil, 0x2000, 0x1000, 0x3, &(0x7f0000ffe000/0x1000)=nil) (async)
mremap(&(0x7f0000ffc000/0x2000)=nil, 0x2000, 0x1000, 0x3, &(0x7f0000ffe000/0x1000)=nil)
read$FUSE(0xffffffffffffffff, &(0x7f00000020c0)={0x2020}, 0x2020) (async)
read$FUSE(0xffffffffffffffff, &(0x7f00000020c0)={0x2020}, 0x2020)
r6 = socket$inet6_sctp(0xa, 0x1, 0x84)
setsockopt$inet_sctp6_SCTP_ENABLE_STREAM_RESET(r6, 0x84, 0x76, 0x0, 0x0)
setsockopt$inet_sctp6_SCTP_RECONFIG_SUPPORTED(r6, 0x84, 0x75, 0x0, 0x0) (async)
setsockopt$inet_sctp6_SCTP_RECONFIG_SUPPORTED(r6, 0x84, 0x75, 0x0, 0x0)
r7 = bpf$PROG_LOAD(0x5, &(0x7f0000000100)={0x1, 0x4, &(0x7f0000000040)=ANY=[@ANYBLOB="b4080000400000006110540000000000a6000000000000009500000000000000"], &(0x7f0000003ff6)='GPL\x00', 0x5, 0xfd90, &(0x7f000000cf3d)=""/195, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x8, &(0x7f00000000c0), 0x0, 0x10, &(0x7f0000000080), 0xffffffffffffffb2}, 0x48)
socket(0x10, 0x803, 0x0) (async)
r8 = socket(0x10, 0x803, 0x0)
setsockopt$sock_attach_bpf(r8, 0x1, 0x32, &(0x7f0000000400)=r7, 0x4)
sendmsg$nl_generic(r8, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000080)={&(0x7f0000000440)={0x14, 0x52, 0x1, 0x0, 0x0, {0x2}}, 0x14}}, 0x0)
syz_usb_connect(0x2, 0x24, &(0x7f0000000000)=ANY=[@ANYBLOB="12010002cc2cdf4063073020"], 0x0) (async)
syz_usb_connect(0x2, 0x24, &(0x7f0000000000)=ANY=[@ANYBLOB="12010002cc2cdf4063073020"], 0x0)
syz_usb_disconnect(r0)
syz_open_dev$dri(&(0x7f0000000180), 0x1, 0x0)

3.018282647s ago: executing program 2 (id=3180):
r0 = socket$nl_netfilter(0x10, 0x3, 0xc)
ioctl$AUTOFS_DEV_IOCTL_SETPIPEFD(0xffffffffffffffff, 0xc0189378, &(0x7f0000000140)={{0x1, 0x1, 0x18, <r1=>r0, {r0}}, './file0\x00'})
r2 = syz_genetlink_get_family_id$mptcp(&(0x7f00000001c0), 0xffffffffffffffff)
sendmsg$MPTCP_PM_CMD_ADD_ADDR(r1, &(0x7f0000000380)={&(0x7f0000000180)={0x10, 0x0, 0x0, 0x200000}, 0xc, &(0x7f0000000340)={&(0x7f0000000300)={0x24, r2, 0x20, 0x70bd2b, 0x25dfdbfe, {}, [@MPTCP_PM_ATTR_LOC_ID={0x5, 0x5, 0x81}, @MPTCP_PM_ATTR_LOC_ID={0x5, 0x5, 0x4}]}, 0x24}, 0x1, 0x0, 0x0, 0x20002851}, 0x800)
r3 = socket$nl_netfilter(0x10, 0x3, 0xc)
sendmsg$NFT_BATCH(r3, &(0x7f000000c2c0)={0x0, 0x0, &(0x7f0000000200)={&(0x7f00000000c0)=ANY=[], 0x7c}}, 0x20000008)
r4 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000200), 0x0, 0x0)
ioctl$KVM_CREATE_VM(r4, 0xae01, 0x0)
r5 = openat$tun(0xffffffffffffff9c, &(0x7f0000000000), 0x262200, 0x0)
close(r5)
openat$ptmx(0xffffffffffffff9c, &(0x7f00000000c0), 0x2, 0x0)
r6 = socket$inet6(0xa, 0x2, 0x0)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x20000008b}, 0x0)
sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x7)
r7 = getpid()
sched_setscheduler(r7, 0x2, &(0x7f0000000200)=0x7)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={<r8=>0xffffffffffffffff, <r9=>0xffffffffffffffff})
connect$unix(r8, &(0x7f0000000180)=@abs, 0x6e)
sendmmsg$unix(r9, &(0x7f00000bd000), 0x318, 0x0)
recvmmsg(r8, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000200)=0x4)
r10 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000200)={0x18, 0xb, &(0x7f0000000380)=ANY=[@ANYBLOB="18000000000000000000000000000000180100002020000000000000000000007b1af8ff00000000bfa100000000000007010000f8ffffffb702000008000000b703000000000000850000000600000095"], &(0x7f0000000100)='GPL\x00', 0x0, 0x0, 0x0, 0x41100, 0x0, '\x00', 0x0, 0x2}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000540)={&(0x7f0000000300)='rcu_utilization\x00', r10}, 0x10)
openat$ipvs(0xffffffffffffff9c, 0x0, 0x2, 0x0)
bpf$PROG_LOAD_XDP(0x5, &(0x7f0000000140)={0x6, 0x3, &(0x7f0000000680)=ANY=[@ANYBLOB="180000000200000000"], 0x0}, 0x94)
r11 = socket$inet6_tcp(0xa, 0x1, 0x0)
bpf$BPF_BTF_LOAD(0x12, &(0x7f0000000200)={&(0x7f0000000080)=ANY=[@ANYBLOB="9feb01001800000000000000180000001800000004000000000000000000000b00000000020000000000"], 0x0, 0x34, 0x0, 0xa}, 0x28)
epoll_ctl$EPOLL_CTL_MOD(0xffffffffffffffff, 0x3, r6, &(0x7f0000000c40)={0xf0006000})
setsockopt$inet6_mreq(r11, 0x29, 0x1b, &(0x7f0000000200)={@dev={0xfe, 0x80, '\x00', 0xfc}}, 0x14)
socket$inet6_tcp(0xa, 0x1, 0x0)

1.636671702s ago: executing program 6 (id=3181):
r0 = syz_open_dev$vim2m(&(0x7f0000000000), 0x7, 0x2)
ioctl$vim2m_VIDIOC_S_FMT(r0, 0xc0d05605, &(0x7f0000000140)={0x1, @pix_mp={0x0, 0x0, 0x32314247, 0x0, 0x0, [{}, {}, {}, {}, {}, {}, {}, {0x0, 0x4}]}})
r1 = syz_usb_connect(0x0, 0x4a, &(0x7f0000000040)=ANY=[@ANYBLOB="120100005520f010402038b1420104000001090238000100000000090400000371055900090582eb1000000001020009050276"], 0x0)
socket$pppl2tp(0x18, 0x1, 0x1)
r2 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000002000)={0x18, 0xb, &(0x7f0000000640)=ANY=[@ANYBLOB="18000000000000000000000000000000180100002020000000000000000000007b1af8ff00000000bfa100000000000007010000f8ffffffb702000008000000b703000000000000850000000600000095"], &(0x7f00000004c0)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x2}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000200)={&(0x7f00000002c0)='contention_begin\x00', r2, 0x0, 0xd}, 0x18)
r3 = socket$nl_generic(0x10, 0x3, 0x10)
sendmsg$nl_generic(r3, &(0x7f0000001040)={0x0, 0x0, &(0x7f0000000140)={&(0x7f0000000180)={0x14, 0x39, 0x301, 0x70bd29, 0x25dfdbfe, {0x1}}, 0x14}}, 0x4008055)
socket$kcm(0x11, 0x2, 0x300)
bpf$PROG_LOAD(0x5, &(0x7f0000000240)={0x1, 0x4, &(0x7f00000004c0)=ANY=[], &(0x7f0000000200)='GPL\x00', 0x0, 0x0, 0x0, 0x41000, 0x0, '\x00', 0x0, @fallback=0xe, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
r4 = socket$kcm(0x10, 0x3, 0x10)
r5 = syz_init_net_socket$nl_rdma(0x10, 0x3, 0x10)
sendmsg$netlink(r5, &(0x7f0000000040)={0x0, 0x0, &(0x7f0000000000)=[{&(0x7f00000000c0)=ANY=[@ANYBLOB="200000002d0001000000ea001000000004000080050011802efff20004001d"], 0x20}], 0x1}, 0x300)
sendmsg$kcm(r4, &(0x7f0000000080)={0x0, 0x0, 0x0}, 0x44)
r6 = socket$alg(0x26, 0x5, 0x0)
bind$alg(r6, &(0x7f0000000080)={0x26, 'skcipher\x00', 0x0, 0x0, 'cts(cbc(aes))\x00'}, 0x58)
r7 = accept4(r6, 0x0, 0x0, 0x0)
sendmsg$alg(r7, 0x0, 0x0)
sendmsg$TIPC_NL_MEDIA_SET(r7, &(0x7f0000001800)={0x0, 0x0, &(0x7f00000017c0)={0x0, 0x12f4}, 0x1, 0x0, 0x0, 0x4044010}, 0x0)
recvmsg$unix(r7, 0x0, 0x0)
ioctl$SNDRV_PCM_IOCTL_HW_PARAMS(0xffffffffffffffff, 0xc2604111, &(0x7f00000006c0)={0x401, [[0x5, 0x9, 0x7, 0x1, 0xfffffff7, 0x5, 0x4, 0x3], [0x40, 0xff, 0x60, 0x6d, 0xcfa4, 0x52ff, 0x3, 0x2], [0x0, 0xc, 0x4, 0xfffffff4, 0x1ff, 0x9, 0x0, 0x8]], '\x00', [{0xffffffff, 0x555, 0x1, 0x1, 0x1}, {0x100, 0xffffffff, 0x0, 0x1}, {0x4964, 0x7fffffff, 0x1, 0x1, 0x1}, {0x1, 0x6, 0x1, 0x0, 0x1}, {0x9, 0x0, 0x0, 0x1, 0x1}, {0x1, 0x3, 0x1, 0x1, 0x0, 0x1}, {0x0, 0x7, 0x1, 0x0, 0x0, 0x1}, {0x0, 0xd8e, 0x0, 0x1, 0x0, 0x1}, {0x2, 0x5, 0x1}, {0x3, 0x100, 0x0, 0x1, 0x1, 0x1}, {0x1, 0xffff, 0x1, 0x1}, {0x6, 0x37}], '\x00', 0x6})
socketpair(0x1a, 0x6, 0x0, &(0x7f0000000080)={<r8=>0xffffffffffffffff})
sendmsg$L2TP_CMD_SESSION_DELETE(r8, &(0x7f0000000140)={0x0, 0x0, &(0x7f0000000100)={&(0x7f0000000800)=ANY=[], 0x3c}, 0x1, 0x0, 0x0, 0x20048010}, 0x30)
syz_genetlink_get_family_id$devlink(&(0x7f0000000180), r8)
socket$nl_generic(0x10, 0x3, 0x10)
socket$inet6_udp(0xa, 0x2, 0x0)
r9 = syz_init_net_socket$nl_rdma(0x10, 0x3, 0x10)
sendmsg$SMC_PNETID_DEL(r9, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000040)={&(0x7f0000000200)=ANY=[@ANYBLOB='@\x00\x00\x00', @ANYRES16, @ANYBLOB="0100000000000000000002020200090001007b"], 0x40}, 0x1, 0x40030000000000}, 0x0)
syz_usb_control_io$cdc_ecm(r1, &(0x7f0000000580)={0x14, 0x0, &(0x7f0000000300)={0x0, 0x3, 0x1a, {0x1a}}}, 0x0)
syz_usb_connect(0x4, 0x2d, &(0x7f00000005c0)={{0x12, 0x1, 0x110, 0x3d, 0xcf, 0x82, 0x40, 0x67b, 0x2507, 0x3, 0x1, 0x2, 0x3, 0x1, [{{0x9, 0x2, 0x1b, 0x2, 0xf3, 0xe, 0xe0, 0x2, [{{0x9, 0x4, 0x24, 0x3, 0x0, 0xac, 0xee, 0x38, 0x4}}, {{0x9, 0x4, 0x9f, 0xc, 0x0, 0x7, 0xf1, 0x69}}]}}]}}, 0x0)

1.504683993s ago: executing program 2 (id=3182):
r0 = openat$dir(0xffffffffffffff9c, &(0x7f0000000000)='.\x00', 0x0, 0x0)
r1 = fanotify_init(0x18, 0x0)
fanotify_mark(r1, 0x105, 0x4800003a, r0, 0x0)
r2 = inotify_init1(0x0)
socket$inet6_udp(0xa, 0x2, 0x0)
socketpair$unix(0x1, 0x3, 0x0, &(0x7f0000000180))
r3 = bpf$ITER_CREATE(0x21, 0x0, 0x0)
r4 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000200)={0x18, 0xb, &(0x7f0000000380)=ANY=[@ANYBLOB="18000000000000000000000000000000180100002020000000000000000000007b1af8ff00000000bfa100000000000007010000f8ffffffb702000008000000b703000000000000850000000600000095"], &(0x7f00000002c0)='GPL\x00', 0x0, 0x0, 0x0, 0x41100, 0x0, '\x00', 0x0, 0x2}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000540)={&(0x7f0000000300)='rcu_utilization\x00', r4}, 0x10)
bpf$MAP_CREATE(0x600000000000000, &(0x7f0000000100)=@base={0xf, 0x4, 0x4, 0x20002, 0x0, 0x1, 0xfffffffd, '\x00', 0x0, 0xffffffffffffffff, 0x8000000, 0x4}, 0x50)
mkdirat$cgroup(r3, &(0x7f00000000c0)='syz1\x00', 0x1ff)
listen(0xffffffffffffffff, 0x0)
inotify_add_watch(r2, &(0x7f0000000440)='.\x00', 0x12000021)
r5 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f00000001c0)='cpuacct.usage_percpu_user\x00', 0x275a, 0x0)
write$binfmt_script(r5, &(0x7f0000000000), 0x208e24b)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0x1000003, 0x28011, r5, 0x0)
preadv(r5, &(0x7f00000015c0)=[{&(0x7f0000000080)=""/124, 0xffffff23}], 0x1, 0x0, 0x0)

1.323240794s ago: executing program 4 (id=3183):
r0 = syz_open_dev$usbfs(&(0x7f0000000180), 0x205, 0x2581)
r1 = fcntl$dupfd(r0, 0x0, r0)
r2 = openat$sequencer(0xffffffffffffff9c, &(0x7f0000000040), 0x8002, 0x0)
write$P9_RSTATu(r2, &(0x7f00000007c0)={0x22c, 0x2, 0x0, {{0x500, 0xeb, 0x0, 0x0, {}, 0x2810000, 0x0, 0x0, 0x0, 0x1b, '\x04nodev{evoo~\x059\xc6\x00\x05\x00\x007\xd9:\x8b\x92\x00\x00\x00', 0x38, 'pg>\xff\xeb\t\xb55\x1f[\xde\x05@\x00\x00\x00\x00\x18{\x82\x00\xb5\x00\x00+Y_\xcb\x14\x03CT\xb9\xfd\x9e\xf1\x96\xa5\x1c\xd5\x15z\xdc\x81\x03\xb4\x94\xe1\x00\x00\x00\x00\x00\x00\x00\x00', 0x10, '\bg\xa4m\v\x9c\r\xe2kw\x9c\xb0\x17\xc9l\x00', 0x55, '\xf8\xf6i\xfbqm\xcf1^\xca\xf3\x85@\x9a\xc6[\x94\bg\x8c,;\x9e\x1dR\xc3l\xde{\xa4\xa4\x00\xb4\xb0\xb4\xf1t\xa6f\xa8R\x9aE\x1b4\a\xdb\xda\xb2\x88K\xaf\x05\x00\x00\x00\x00\x00\x00\x00G\xec!\xca\xbf\xf2\x0f\x9c\x1c\xbe6\xf4\xfd\x1aL\xc2\x80\xe8\xe2\x89\xdad\x9a7\x00'}, 0x12c, 'odev/n\xb1{#\x00\xf9\xda\xa5\xee#&n\xcf\x85\xfe\xa6^B\xd9y\xa3\xfd\xe5\xf4u\xda\xf0;\x11r\xd9{\xad\xc7\tZ\xfdv\xfeO\x04A\xf7\xf7t\x1e\xac\x03\x00\x00\xec\xff\x00\x00\xdb\xa0\xc2\xf7\xf0\x9f\xf5<~M\x1a\xd6n-\a\x01\x98\x01\x9f0\x11\x84G\xaa\x9at\xf5\x16\x85\xf5\x06\xae\x89H\x06\x87\x82g\xd5\xa1)\x8dy,J7\xf2\xe1\xcb\xbd$\x82\x92\x9a\r\x89r\xb5\xcfs.\xa5\xb0\xd7#\x85\x9d\xba?\x93\xae\xd3\xb4.\xe7\xca\xc0}\xe0\x9d\x1dh\xa6\x033\xa8\x82F}+1\xaa\xcd\xf9\x18\x85I\xb1\x12]lL\x9b\x18\xc2\xfbV\xc5}}\xc6&\xe49\a\x96\xa1\xebH\'Fi\xab\x13\xf8\xb1\x1d\x14`Y\xf3\x10\xe2cMY?\xece\xd5)\xf3\x82\x06fd\xdf$NL\x90W\np\x04\x9f9\x9f\x06\x1fu\xb7y|\xe1\xfe\x11\xea\x91\x96\t\xd5\x1aA\xdd=\xe3\x04\xbd|~\xd0\xa4V\xf0\xae\x12Qa\x05\xc9\xce\x88}\xf5\xa6\xe0\xb6\xa7}Yl\xf8\x8b\xa6\xe5\xc69|}P!\xd7\x98\x95(\xfd\x179\xe1\xc2\xd8\x7f\xff\x00'/300, 0x0, 0x0, 0xee01}}, 0x22c)
ioctl$USBDEVFS_SUBMITURB(r1, 0x8038550a, &(0x7f0000000000)=@urb_type_control={0x2, {}, 0x0, 0x0, &(0x7f0000000080)={0x80, 0x0, 0x0, 0x0, 0x7995}, 0xfff7, 0x0, 0x0, 0x48000000, 0x0, 0x0, 0x0})
madvise(&(0x7f0000000000/0x600000)=nil, 0x600000, 0x15)
ioctl$USBDEVFS_REAPURBNDELAY(r1, 0x4004550d, &(0x7f0000000500))
r3 = bpf$MAP_CREATE(0x0, &(0x7f0000000040)=ANY=[@ANYRES8=r0], 0x50)
r4 = bpf$PROG_LOAD(0x5, &(0x7f0000000600)={0x11, 0xd, &(0x7f00000006c0)=ANY=[@ANYBLOB="18000000000000000000000000000000850000000700000018110000", @ANYRES32=r3, @ANYRES32=r3], &(0x7f0000000300)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback=0x19, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
bpf$PROG_BIND_MAP(0xa, &(0x7f00000004c0)={r4}, 0xc)

696.303919ms ago: executing program 2 (id=3184):
r0 = openat$tun(0xffffffffffffff9c, &(0x7f0000000040), 0x48241, 0x0)
socketpair$tipc(0x1e, 0x1, 0x0, &(0x7f0000000000)={<r1=>0xffffffffffffffff, <r2=>0xffffffffffffffff})
setsockopt$TIPC_SRC_DROPPABLE(r2, 0x10f, 0x80, &(0x7f0000000080)=0x2, 0x4)
sendmsg$kcm(0xffffffffffffffff, &(0x7f0000000940)={0x0, 0x0, &(0x7f0000000180)=[{&(0x7f0000000000)="d8000000180081064e81f782db44b904021d080006007c09e8fe55a10a0015400100142603600e120800060000000401a8001600040001", 0x37}], 0x1}, 0x0)
r3 = socket$kcm(0x10, 0x2, 0x0)
write$cgroup_subtree(r3, &(0x7f0000000000)=ANY=[], 0xfe45) (async)
ioctl$BTRFS_IOC_SET_RECEIVED_SUBVOL(r1, 0xc0c89425, &(0x7f0000000100)={"bd21681774fdbe79d1d5b9cc2e0e5808", 0x0, <r4=>0x0, {0x2, 0x5}, {0x7}, 0x6, [0x3, 0x3, 0x9, 0x0, 0x488, 0x1000, 0x80000000000000, 0x10000, 0xff, 0xca2, 0x4, 0x8000, 0x0, 0x7, 0x62b, 0xfffffffffffffffa]}) (async, rerun: 32)
ioctl$BTRFS_IOC_BALANCE_V2(r2, 0xc4009420, &(0x7f0000000300)={0x11, 0x4, {0x38c, @usage=0x800, <r5=>0x0, 0x800, 0x80, 0x6, 0x9, 0x0, 0x42, @usage=0xe72b, 0x6, 0xc5, [0x4, 0x7, 0x0, 0x6, 0x1, 0x803]}, {0x0, @struct={0x5, 0x2d8d3483}, 0x0, 0x5, 0x1, 0x3ff, 0x7, 0x4, 0x0, @usage=0x1ff, 0x9, 0x4, [0x5, 0x2, 0x2787, 0x9, 0x2c5, 0x1]}, {0x0, @usage=0x8, 0x0, 0x3, 0x80000000, 0x9, 0x6, 0xfffffffffffffffa, 0x2, @usage=0x4, 0xffffffff, 0xff30, [0x5, 0x9, 0x8, 0x4a65, 0x7, 0x1]}, {0x81, 0x1, 0x6}}) (rerun: 32)
ioctl$BTRFS_IOC_SNAP_DESTROY_V2(r0, 0x5000943f, &(0x7f0000000a80)={{r1}, r4, 0x2, @unused=[0x6, 0x401, 0x9, 0xfff], @devid=r5})
ioctl$TUNSETIFF(r0, 0x400454ca, &(0x7f00000000c0)={'syzkaller1\x00', 0x6bf1c2d5adba8c32}) (async)
writev(r0, &(0x7f00000002c0)=[{&(0x7f0000000a40)="2e9b3d0007e03dd65193dfb6c575963f86ddf06712e9232f2b8db0049d90491ceaebfd26d4eef23248000000f858dbb8a19052343f", 0x35}, {&(0x7f0000000200)="c67f0d7df9", 0x49}], 0x44)

0s ago: executing program 2 (id=3185):
prlimit64(0x0, 0xe, 0x0, 0x0)
r0 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000200)={0x18, 0x4, &(0x7f00000002c0)=ANY=[@ANYBLOB="18010000000000000000000000000000850000006d00000095"], &(0x7f0000000100)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x2}, 0x80)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000080)={&(0x7f0000000000)='sched_switch\x00', r0}, 0x10)
bpf$MAP_CREATE(0x0, 0x0, 0x48)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x88}, 0x0)
sched_setscheduler(0x0, 0x1, &(0x7f0000000240)=0x7)
r1 = getpid()
sched_setscheduler(r1, 0x2, &(0x7f0000000200)=0x7)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={<r2=>0xffffffffffffffff, <r3=>0xffffffffffffffff})
connect$unix(r2, &(0x7f0000000380)=@file={0x0, './file0\x00'}, 0x6e)
sendmmsg$unix(r3, &(0x7f0000000000), 0x651, 0x0)
recvmmsg(r2, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000000)=0x6)
ioctl$ifreq_SIOCGIFINDEX_batadv_hard(0xffffffffffffffff, 0x8933, 0x0)
socket$kcm(0x2, 0x200000000000001, 0x0)
r4 = mq_open(&(0x7f0000001140)='eth0\x00#\x13\xaeu\xe0\xfbu0*\xf3\x11i\xdd\xd9\xc6\x87\xde\xbf_\xa0\xf6\xdfk\xbf.\"\xa6\xc0#p\xcd\x1c/\xa6\xf2\xbcyL\x85a\xb5\xbb~+>\xbc\x93\xf8\xab\x9a3\x85l\x1d\x15\x11\x1a{@!2\xb6!\xae\xf79kx\x88\v8I$\xfdQ\x1d\x90=r\xd8\xc0\xd8\t/\x8dv\x00\x00\xd8J\xfd\x94#KT\xdd\x14\xd3\xe1\xbe_$A=z\xee\xbd/X\xbemOX)s\x94\xde\xbe_\x88N\xb8\xde\xeb)\xcd\xc56m\n\v\x01\xbe\xeb\xbb\x91\x11z\xc2|d\x1b\x04\xd2\xf9yx\xb2\x1b\bLTrw\x88|0\t\xc6\xe2\x9c\xed\\\xd8[\xc8\x04 \xf3\xac]V\x1d:\xfc\xc3\x9e\x02\ax\xef\xfe\x1c.TT\xcf\xbf\xf5\x80a%\xdcQ\xb3CuT\xcc\x02\xea\x91\xe8\xd8\x01YZy\xe6!\x89\x9c\xd1\xa6\x167\x8avs\xb2\a\xfe\xb3j*\xad\x18I\xcc\xe9\xaa{]\xef\xb7\xf2\xee*\xf95\bJt\xd0s\xc4\xaa\xc8\x13~\xb2\xf20\xbdf\xdb\xaeG\xe3\xfb\xef\x94\xef:Q\x1b\xe3\xa3\xa4}\xef`e\xcdL\xab\xdb\r\xf2y\x9fg1\xf4\t\x18i/!\x13\xf1,\x8cu\xaa\xbf~)\x94\x1b2\x93\x86\xe7\x9a\xf2j\xa8\x96\xa6\xa2\xfcN\x81\xafTh\xb3\x1bo:\xe8\vq7S\xe4H\xf3L\xa0\x9c\x97B\x12\x10\x9d\xaa\x7fq\x06\xb9(\xf6\x1c\x83\xb1[\x84\x10aF\x9b\xda\xeb\xc4*\x02q\xb2\x92\x00\x8cv\xac AN\xb9\xaa\xe0\x9d\x97Te\x81\x98L\xfe\x97+u\xd3^\xb1\xf0\xe0\x1f\xbd\a\xbb\xe5\x18\x9ds\x12ha\x00\xeb\x84\x99\xc6\x0f\xf1\xd5LD\xa87\xa0DQ\x8a2\x16Q\x0e\xe4oz\x85\xabg\xd6\x9cy\xecK\xda\xc5\xdc\xfa\xdd\xf6\b\xc6\xb4\x14\x16\x9c\x7f\x92\x85\xb0\xa2%:\xf0\xf4\x150\x0f\xb4\xa6d\xb4\xe4L\x19W\xd5\x90\xf7l\x1b\xfe\xde\vh\x97=m\x82.\xac\vh\xfe\x84Q}\x838/\x83\xebP\xbe\xd6+:\xceE\\\x95\xd4\xac\x92\x87\xd7\x98\x97\xe3\xec\xad\xd5\xac\x80C\x84R\x88r^g\xbaQ(\x9a>\xe2\xba\xa8=\x17\f04\x8f\x1f\xf2\x88*@v\xe7\xd1\xee\xb3\xc2\x8dT\xda\x81g\xd9\x1a:hzW6s)x\x06\xae\x11\xf2\x1e\xcd\v\xe5L\x19\x96s\xbc\x9e\xf4\x10$\r\xa4\xd8\xa2\xa2\xfcM\xc5R3~$\xc0\xa5n\x9a W\xb1e\xcc<$\xdf\x15\f]\x15\xf5#G\xce\xaf\x88U\xfa\x80\xf24\xf6\xb5\xef\xe2z\xcf\x9eN\x92\xac\x81{\xe6\xbd\xd7\x16\xe6F\xe2\x9e\x91%\x94\v\xb9\xdc\xd6\xa5\x8f\xcd\xc1\xb05\x81\x81\xf8\xe9X\xe8Kt9@\xf4\xe1\xa6=\xc9\xe1:p4\nP[f\x1d\xfd\xfa\x839\x8d\x0e\xd1\xf9\xa0\xd2^E\xe5\xedo.\xaa\xf2\xb4\xcdn\x14\f\xcd\x83_yk\xda\xc5\x89\xf0Z\xea\x1d\xbd\xc00\v\xa3\xb3\xbe\xe6\x8b\x18/\xa8\xaaY\xf2\x89\x0f\x9enOOr\x00\xb2\x01\x1f:Z\xb8\xee;\xe3;\x8aPV\xce\xee\xf8[\x16\n\xe6:z\xb8\x1dvk\a{\xc1\x14\xd9+\xdb\t\x11\x90y\xe8\\\xe6\xfc\xca\xb4\xcbC\xd6\xd0\xbeC\xce\xc0L\xdb\xcd\xb3\x907c\xb4\xa6\xce\xdb[\xce\x122N\xa3\xc7Q<\x1a\xa5\xb3)\xc5\x98\x84\x8a\x82\x19\xb0\t\xac\x10\\\x8c\xbe\xcb\raIYe[\xa8\xc4\xac\x0e\xbb\x0f\b^\xdag\xe2\xa9\"\xf5h\'\xcf\xd9\x1b\xef\xe3\xe7y\x82\x1e\xca\x7f\x02 \xcf\x9e\xe0\xd9TM\xb9\n\xa9\xad3\x91\xa5\xe6!\xcd\xa2\xa4\x14\x12\xf9\xbf\xa8b\xcec:\xd7\'\f\f\x957\xc9}\r\xa6\xaa\x0f\xca\x96\xeb', 0x42, 0x0, 0x0)
mq_timedsend(r4, 0x0, 0x2000, 0x6, 0x0)
r5 = socket$nl_xfrm(0x10, 0x3, 0x6)
sendmsg$nl_xfrm(r5, &(0x7f0000000380)={0x0, 0x0, &(0x7f0000000340)={&(0x7f00000009c0)=@migrate={0xcc, 0x21, 0x1, 0x0, 0x4, {{@in6=@private2, @in6=@private2, 0x0, 0x0, 0x0, 0x0, 0xa}}, [@migrate={0x50, 0x11, [{@in6=@mcast2, @in=@private=0xa010100, @in=@private=0xa010100, @in=@rand_addr=0x6, 0x3c, 0x0, 0x0, 0x0, 0xa, 0xa}]}, @user_kmaddress={0x2c, 0x13, {@in=@loopback, @in=@multicast1, 0x0, 0xa}}]}, 0xcc}}, 0x0)
socket(0x2, 0x80805, 0x0)
r6 = socket$xdp(0x2c, 0x3, 0x0)
setsockopt$XDP_RX_RING(r6, 0x11b, 0x2, 0x0, 0x0)
ioctl$sock_SIOCGIFINDEX(0xffffffffffffffff, 0x8933, &(0x7f0000000300)={'ipvlan1\x00'})
setsockopt$XDP_UMEM_COMPLETION_RING(r6, 0x11b, 0x6, 0x0, 0x0)
setsockopt$XDP_UMEM_FILL_RING(r6, 0x11b, 0x5, &(0x7f0000000140)=0x4000, 0x4)
r7 = socket$vsock_stream(0x28, 0x1, 0x0)
ioctl$int_in(r7, 0x5421, 0x0)
connect$vsock_stream(r7, 0x0, 0x0)
bpf$PROG_LOAD(0x5, 0x0, 0x0)

kernel console output (not intermixed with test programs):

.551920][T15657] netlink: 32 bytes leftover after parsing attributes in process `syz.4.2632'.
[  834.126380][T15677] iommufd_mock iommufd_mock0: Adding to iommu group 0
[  834.806793][T15084] gs_usb 2-1:0.0: Couldn't get device config: (err=-110)
[  835.850558][T15084] gs_usb 2-1:0.0: probe with driver gs_usb failed with error -110
[  835.967946][    T9] usb 2-1: USB disconnect, device number 116
[  836.699880][   T30] audit: type=1326 audit(1755450756.995:277): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=15708 comm="syz.4.2647" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f3fb738ebe9 code=0x7ffc0000
[  836.746286][T15709] netlink: 8 bytes leftover after parsing attributes in process `syz.4.2647'.
[  836.753430][   T30] audit: type=1326 audit(1755450756.995:278): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=15708 comm="syz.4.2647" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f3fb738ebe9 code=0x7ffc0000
[  836.804126][   T30] audit: type=1326 audit(1755450757.025:279): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=15708 comm="syz.4.2647" exe="/root/syz-executor" sig=0 arch=c000003e syscall=118 compat=0 ip=0x7f3fb738ebe9 code=0x7ffc0000
[  836.864861][   T30] audit: type=1326 audit(1755450757.025:280): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=15708 comm="syz.4.2647" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f3fb738ebe9 code=0x7ffc0000
[  836.910962][   T10] usb 2-1: new high-speed USB device number 117 using dummy_hcd
[  836.958133][   T30] audit: type=1326 audit(1755450757.025:281): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=15708 comm="syz.4.2647" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f3fb738ebe9 code=0x7ffc0000
[  837.037776][   T30] audit: type=1326 audit(1755450757.025:282): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=15708 comm="syz.4.2647" exe="/root/syz-executor" sig=0 arch=c000003e syscall=3 compat=0 ip=0x7f3fb738ebe9 code=0x7ffc0000
[  837.081048][    T9] usb 6-1: new high-speed USB device number 10 using dummy_hcd
[  837.097122][   T10] usb 2-1: New USB device found, idVendor=0cf3, idProduct=9374, bcdDevice=bc.3b
[  837.118073][   T10] usb 2-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  837.138558][   T30] audit: type=1326 audit(1755450757.025:283): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=15708 comm="syz.4.2647" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f3fb738ebe9 code=0x7ffc0000
[  837.165215][   T10] usb 2-1: config 0 descriptor??
[  837.166856][   T30] audit: type=1326 audit(1755450757.025:284): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=15708 comm="syz.4.2647" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f3fb738ebe9 code=0x7ffc0000
[  837.362306][T15724] lo speed is unknown, defaulting to 1000
[  837.767775][   T30] audit: type=1326 audit(1755450757.035:285): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=15708 comm="syz.4.2647" exe="/root/syz-executor" sig=0 arch=c000003e syscall=41 compat=0 ip=0x7f3fb738ebe9 code=0x7ffc0000
[  837.796854][   T30] audit: type=1326 audit(1755450757.035:286): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=15708 comm="syz.4.2647" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f3fb738ebe9 code=0x7ffc0000
[  837.864384][    T9] usb 6-1: config 1 has 2 interfaces, different from the descriptor's value: 3
[  837.879549][T15696] delete_channel: no stack
[  837.880984][    T9] usb 6-1: config 1 has no interface number 1
[  837.890626][    T9] usb 6-1: config 1 interface 0 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 0
[  837.994209][    T9] usb 6-1: New USB device found, idVendor=1d6b, idProduct=0101, bcdDevice= 0.40
[  838.011459][    T9] usb 6-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  838.040183][    T9] usb 6-1: Product: syz
[  838.068259][    T9] usb 6-1: Manufacturer: syz
[  838.091051][    T9] usb 6-1: SerialNumber: syz
[  838.352048][    T9] usb 6-1: found format II with max.bitrate = 26774, frame size=1
[  838.404732][    T9] usb 6-1: found format II with max.bitrate = 26774, frame size=1
[  838.462903][    T9] usb 6-1: failed to enable PITCH for EP 0x82
[  838.581431][    T9] usb 6-1: USB disconnect, device number 10
[  840.292209][T15758] netlink: 'syz.1.2657': attribute type 39 has an invalid length.
[  842.232339][T15751] netlink: 8 bytes leftover after parsing attributes in process `syz.5.2656'.
[  842.909375][   T10] ath6kl: Failed to submit usb control message: -71
[  842.916226][   T10] ath6kl: unable to send the bmi data to the device: -71
[  842.923462][   T10] ath6kl: Unable to send get target info: -71
[  842.935260][   T10] ath6kl: Failed to init ath6kl core: -71
[  842.942775][   T10] ath6kl_usb 2-1:0.0: probe with driver ath6kl_usb failed with error -71
[  842.958569][   T10] usb 2-1: USB disconnect, device number 117
[  843.354629][ T5907] usb 5-1: new high-speed USB device number 99 using dummy_hcd
[  843.523756][ T5907] usb 5-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7
[  843.791685][ T5907] usb 5-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0
[  844.026423][ T6011] usb 4-1: new high-speed USB device number 15 using dummy_hcd
[  844.469244][ T5907] usb 5-1: New USB device found, idVendor=10c4, idProduct=ea90, bcdDevice= 0.00
[  844.505145][ T5907] usb 5-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  844.544579][ T5907] usb 5-1: config 0 descriptor??
[  844.635131][ T6011] usb 4-1: Using ep0 maxpacket: 32
[  844.651567][ T6011] usb 4-1: config 0 has an invalid descriptor of length 51, skipping remainder of the config
[  844.683127][ T6011] usb 4-1: New USB device found, idVendor=22b8, idProduct=6027, bcdDevice=c2.80
[  844.692427][ T6011] usb 4-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  844.716728][ T6011] usb 4-1: Product: syz
[  844.722177][ T6011] usb 4-1: Manufacturer: syz
[  844.727441][ T6011] usb 4-1: SerialNumber: syz
[  844.742953][ T6011] usb 4-1: config 0 descriptor??
[  844.754560][ T6011] cdc_ether 4-1:0.0: probe with driver cdc_ether failed with error -22
[  844.768726][ T6011] usb 4-1: unsupported MDLM descriptors
[  844.911088][    T9] usb 6-1: new high-speed USB device number 11 using dummy_hcd
[  844.996293][ T2155] usb 4-1: USB disconnect, device number 15
[  845.028370][ T5907] cp2112 0003:10C4:EA90.0012: item fetching failed at offset 5/7
[  845.052371][ T5907] cp2112 0003:10C4:EA90.0012: parse failed
[  845.071458][ T5907] cp2112 0003:10C4:EA90.0012: probe with driver cp2112 failed with error -22
[  845.093758][    T9] usb 6-1: New USB device found, idVendor=0bed, idProduct=1100, bcdDevice=ec.c3
[  845.106602][    T9] usb 6-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  845.118627][    T9] usb 6-1: config 0 descriptor??
[  845.123775][ T6011] usb 2-1: new full-speed USB device number 118 using dummy_hcd
[  845.303759][    T9] cp210x 6-1:0.0: cp210x converter detected
[  845.355102][T15084] usb 5-1: USB disconnect, device number 99
[  845.988913][ T6011] usb 2-1: too many configurations: 177, using maximum allowed: 8
[  846.011219][ T6011] usb 2-1: config index 0 descriptor too short (expected 24330, got 36)
[  846.019695][ T6011] usb 2-1: config 64 has too many interfaces: 146, using maximum allowed: 32
[  846.125340][    T9] cp210x 6-1:0.0: failed to get vendor val 0x000e size 3: -32
[  846.151280][ T6011] usb 2-1: config 64 has an invalid descriptor of length 64, skipping remainder of the config
[  846.161782][ T6011] usb 2-1: config 64 has 0 interfaces, different from the descriptor's value: 146
[  846.172624][ T6011] usb 2-1: config index 1 descriptor too short (expected 24330, got 36)
[  846.186253][ T6011] usb 2-1: config 64 has too many interfaces: 146, using maximum allowed: 32
[  846.195191][ T6011] usb 2-1: config 64 has an invalid descriptor of length 64, skipping remainder of the config
[  846.208496][ T6011] usb 2-1: config 64 has 0 interfaces, different from the descriptor's value: 146
[  846.236477][ T6011] usb 2-1: config index 2 descriptor too short (expected 24330, got 36)
[  846.262031][ T6011] usb 2-1: config 64 has too many interfaces: 146, using maximum allowed: 32
[  846.325158][ T6011] usb 2-1: config 64 has an invalid descriptor of length 64, skipping remainder of the config
[  846.359479][ T6011] usb 2-1: config 64 has 0 interfaces, different from the descriptor's value: 146
[  846.394514][ T6011] usb 2-1: unable to read config index 3 descriptor/start: -71
[  846.422728][ T6011] usb 2-1: can't read configurations, error -71
[  846.431956][T15818] openvswitch: netlink: Flow actions attr not present in new flow.
[  846.503057][    T9] usb 6-1: cp210x converter now attached to ttyUSB0
[  846.720602][T15829] netlink: 4 bytes leftover after parsing attributes in process `syz.3.2677'.
[  848.611036][ T6011] usb 2-1: new full-speed USB device number 119 using dummy_hcd
[  848.866743][T12380] usb 6-1: USB disconnect, device number 11
[  848.879708][ T6011] usb 2-1: config 0 interface 0 altsetting 0 endpoint 0x84 has invalid wMaxPacketSize 0
[  848.915800][T12380] cp210x ttyUSB0: cp210x converter now disconnected from ttyUSB0
[  848.950255][ T6011] usb 2-1: New USB device found, idVendor=2040, idProduct=0264, bcdDevice=4e.d1
[  848.966073][ T6011] usb 2-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  848.982128][ T6011] usb 2-1: Product: syz
[  848.998294][T12380] cp210x 6-1:0.0: device disconnected
[  849.004208][ T6011] usb 2-1: Manufacturer: syz
[  849.015762][ T6011] usb 2-1: SerialNumber: syz
[  849.047203][ T6011] usb 2-1: config 0 descriptor??
[  849.103633][ T6011] em28xx 2-1:0.0: New device syz syz @ 12 Mbps (2040:0264, interface 0, class 0)
[  849.113730][ T6011] em28xx 2-1:0.0: Device initialization failed.
[  849.120050][ T6011] em28xx 2-1:0.0: Device must be connected to a high-speed USB 2.0 port.
[  849.154502][T15842] sctp: [Deprecated]: syz.5.2682 (pid 15842) Use of int in maxseg socket option.
[  849.154502][T15842] Use struct sctp_assoc_value instead
[  849.438041][T15847] netlink: 8 bytes leftover after parsing attributes in process `syz.2.2679'.
[  849.708874][T15084] usb 2-1: USB disconnect, device number 119
[  850.263341][T15857] lo speed is unknown, defaulting to 1000
[  850.671764][T15866] /dev/nullb0: Can't open blockdev
[  852.707731][T15878] netlink: 8 bytes leftover after parsing attributes in process `syz.1.2690'.
[  852.949586][T15888] netlink: 4 bytes leftover after parsing attributes in process `syz.2.2691'.
[  854.513768][T15910] netlink: 8 bytes leftover after parsing attributes in process `syz.1.2697'.
[  856.497294][T15922] netlink: 136 bytes leftover after parsing attributes in process `syz.1.2699'.
[  856.585711][T15926] securityfs: Unknown parameter '�c��\��-uKP�{�Ao���d����\�������*�p$0.p��
M�QJ�u�ʲRJJ�{�v��o�����'
[  856.744659][T15932] netlink: 12 bytes leftover after parsing attributes in process `syz.3.2698'.
[  856.914785][ T6011] usb 5-1: new high-speed USB device number 100 using dummy_hcd
[  857.300524][ T6011] usb 5-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config
[  857.601729][ T6011] usb 5-1: config 0 interface 0 has no altsetting 0
[  857.621106][ T6011] usb 5-1: New USB device found, idVendor=10fd, idProduct=1513, bcdDevice=7e.ce
[  857.630212][ T6011] usb 5-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  857.691132][ T6011] usb 5-1: Product: syz
[  857.707029][ T6011] usb 5-1: Manufacturer: syz
[  857.749494][ T6011] usb 5-1: SerialNumber: syz
[  857.799168][ T6011] usb 5-1: config 0 descriptor??
[  857.816509][ T6011] dvb-usb: found a 'MSI DIGI VOX mini II DVB-T USB2.0' in warm state.
[  857.835725][ T6011] dvb-usb: will pass the complete MPEG2 transport stream to the software demuxer.
[  857.857959][ T6011] dvbdev: DVB: registering new adapter (MSI DIGI VOX mini II DVB-T USB2.0)
[  857.872629][ T6011] usb 5-1: media controller created
[  857.903709][ T6011] dvbdev: dvb_create_media_entity: media entity 'dvb-demux' registered.
[  857.981029][T15084] usb 6-1: new high-speed USB device number 12 using dummy_hcd
[  858.013115][T15950] netlink: 4 bytes leftover after parsing attributes in process `syz.1.2706'.
[  858.074538][ T6011] DVB: Unable to find symbol tda10046_attach()
[  858.088050][ T6011] dvb-usb: no frontend was attached by 'MSI DIGI VOX mini II DVB-T USB2.0'
[  858.117727][ T6011] dvb-usb: MSI DIGI VOX mini II DVB-T USB2.0 successfully initialized and connected.
[  858.146580][ T6011] dvb_usb_m920x 5-1:0.0: probe with driver dvb_usb_m920x failed with error -71
[  858.168626][T15084] usb 6-1: Using ep0 maxpacket: 32
[  858.175340][ T6011] usb 5-1: USB disconnect, device number 100
[  858.190643][T15084] usb 6-1: config 0 has an invalid interface number: 51 but max is 0
[  858.229546][T15084] usb 6-1: config 0 has no interface number 0
[  858.244269][T15084] usb 6-1: New USB device found, idVendor=061d, idProduct=c150, bcdDevice=ce.6f
[  858.254103][T15084] usb 6-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  858.267815][T15084] usb 6-1: Product: syz
[  858.275780][T15084] usb 6-1: Manufacturer: syz
[  858.286343][T15084] usb 6-1: SerialNumber: syz
[  858.304687][T15084] usb 6-1: config 0 descriptor??
[  858.323353][T15084] quatech2 6-1:0.51: Quatech 2nd gen USB to Serial Driver converter detected
[  858.705516][T15084] usb 6-1: Quatech 2nd gen USB to Serial Driver converter now attached to ttyUSB0
[  858.723971][T15084] usb 6-1: Quatech 2nd gen USB to Serial Driver converter now attached to ttyUSB1
[  858.731243][   T30] kauditd_printk_skb: 29 callbacks suppressed
[  858.731261][   T30] audit: type=1326 audit(1755450779.025:316): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=15964 comm="syz.4.2710" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f3fb738ebe9 code=0x7ffc0000
[  858.810695][   T30] audit: type=1326 audit(1755450779.025:317): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=15964 comm="syz.4.2710" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f3fb738ebe9 code=0x7ffc0000
[  859.037502][ T5849] Bluetooth: hci2: unknown advertising packet type: 0x20
[  859.039358][   T30] audit: type=1326 audit(1755450779.335:318): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=15964 comm="syz.4.2710" exe="/root/syz-executor" sig=0 arch=c000003e syscall=314 compat=0 ip=0x7f3fb738ebe9 code=0x7ffc0000
[  859.046602][    C1] quatech-serial ttyUSB0: qt2_process_read_urb - unsupported command 12
[  859.082218][   T30] audit: type=1326 audit(1755450779.335:319): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=15964 comm="syz.4.2710" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f3fb738ebe9 code=0x7ffc0000
[  859.250968][   T30] audit: type=1326 audit(1755450779.335:320): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=15964 comm="syz.4.2710" exe="/root/syz-executor" sig=0 arch=c000003e syscall=46 compat=0 ip=0x7f3fb738ebe9 code=0x7ffc0000
[  859.306136][   T30] audit: type=1326 audit(1755450779.335:321): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=15964 comm="syz.4.2710" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f3fb738ebe9 code=0x7ffc0000
[  859.331153][   T30] audit: type=1326 audit(1755450779.335:322): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=15964 comm="syz.4.2710" exe="/root/syz-executor" sig=0 arch=c000003e syscall=1 compat=0 ip=0x7f3fb738ebe9 code=0x7ffc0000
[  859.940899][   T30] audit: type=1326 audit(1755450779.335:323): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=15964 comm="syz.4.2710" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f3fb738ebe9 code=0x7ffc0000
[  860.020892][   T30] audit: type=1326 audit(1755450779.335:324): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=15964 comm="syz.4.2710" exe="/root/syz-executor" sig=0 arch=c000003e syscall=1 compat=0 ip=0x7f3fb738ebe9 code=0x7ffc0000
[  860.069485][   T30] audit: type=1326 audit(1755450779.335:325): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=15964 comm="syz.4.2710" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f3fb738ebe9 code=0x7ffc0000
[  860.279988][T15988] netlink: 4 bytes leftover after parsing attributes in process `syz.3.2716'.
[  860.309347][T15989] netlink: 4 bytes leftover after parsing attributes in process `syz.3.2716'.
[  860.387478][T15989] Cannot find add_set index 3 as target
[  861.869078][    C1] usb 6-1: qt2_read_bulk_callback - non-zero urb status: -71
[  861.870102][ T5907] usb 6-1: USB disconnect, device number 12
[  862.372078][ T5907] quatech-serial ttyUSB0: Quatech 2nd gen USB to Serial Driver converter now disconnected from ttyUSB0
[  862.379811][T16010] netlink: 8 bytes leftover after parsing attributes in process `syz.2.2722'.
[  862.433054][ T5907] quatech-serial ttyUSB1: Quatech 2nd gen USB to Serial Driver converter now disconnected from ttyUSB1
[  862.486167][ T5907] quatech2 6-1:0.51: device disconnected
[  862.496725][T16018] netlink: 'syz.1.2725': attribute type 13 has an invalid length.
[  862.509853][T16018] macvtap0: entered promiscuous mode
[  862.518586][T16018] macvtap0: refused to change device tx_queue_len
[  862.632788][T16023] netlink: 4 bytes leftover after parsing attributes in process `syz.3.2726'.
[  862.647707][T16023] netlink: 'syz.3.2726': attribute type 1 has an invalid length.
[  864.354838][T16041] binder: BINDER_SET_CONTEXT_MGR already set
[  864.398384][T16041] binder: 16036:16041 ioctl 4018620d 200000000040 returned -16
[  865.747264][T16051] mkiss: ax0: crc mode is auto.
[  866.291516][ T5907] usb 5-1: new high-speed USB device number 101 using dummy_hcd
[  866.650938][ T5907] usb 5-1: Using ep0 maxpacket: 8
[  866.718404][ T5907] usb 5-1: config 1 has an invalid descriptor of length 0, skipping remainder of the config
[  866.767728][ T5907] usb 5-1: New USB device found, idVendor=0525, idProduct=a4a1, bcdDevice= 0.40
[  866.797309][ T5907] usb 5-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  866.824651][ T5907] usb 5-1: Product: syz
[  866.829374][ T5907] usb 5-1: Manufacturer: syz
[  866.841163][ T5907] usb 5-1: SerialNumber: syz
[  866.862127][ T5907] usb 5-1: bad CDC descriptors
[  867.767621][T16065] vlan2: entered promiscuous mode
[  867.779880][ T5907] usb 5-1: USB disconnect, device number 101
[  867.791667][T16065] netdevsim netdevsim5 netdevsim0: entered promiscuous mode
[  867.824233][T16065] vlan2: entered allmulticast mode
[  867.839964][T16065] netdevsim netdevsim5 netdevsim0: entered allmulticast mode
[  867.889416][T16065] team0: Device vlan2 is up. Set it down before adding it as a team port
[  869.387413][T16089] openvswitch: netlink: IP tunnel attribute has 20 unknown bytes.
[  869.519315][T16098] netlink: 12 bytes leftover after parsing attributes in process `syz.4.2750'.
[  869.538532][T16098] netlink: 88 bytes leftover after parsing attributes in process `syz.4.2750'.
[  869.881532][T16107] lo speed is unknown, defaulting to 1000
[  870.329126][ T1303] ieee802154 phy0 wpan0: encryption failed: -22
[  870.340916][ T1303] ieee802154 phy1 wpan1: encryption failed: -22
[  870.464506][ T9183] bridge0: port 3(team0) entered disabled state
[  871.210960][ T6011] usb 2-1: new high-speed USB device number 120 using dummy_hcd
[  871.393467][ T6011] usb 2-1: Using ep0 maxpacket: 16
[  871.421496][ T6011] usb 2-1: config 1 has an invalid descriptor of length 0, skipping remainder of the config
[  871.442269][ T6011] usb 2-1: config 1 has 1 interface, different from the descriptor's value: 3
[  871.466726][ T6011] usb 2-1: New USB device found, idVendor=1d6b, idProduct=0101, bcdDevice= 0.40
[  871.577948][ T6011] usb 2-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  871.592315][ T6011] usb 2-1: Product: ⠉
[  871.606421][ T6011] usb 2-1: Manufacturer: ҙ쉢ෛ副竂윥匙際뒵鏪⢀ﲎㅭ༾啈Ḽ뷨詫노꣺间㟭ꅪ戾腝꿇ｭ傸鍰盧샔堥껋뻺ሑ墣쭃ḇ꺟ᄳ⣓훌隃쀐쪗Zশ⒥ქ媆☣ぎ꩛䕓㭐뎎첪ᄼ걧憕謙㈌嵥勬猧ᱻ跟ꯋ꠩धꄽ탑⹄㊏淀녵㙂타癸뙚⾷ᨹ䛋뚰ꓸ䭆
[  871.688819][ T6011] usb 2-1: SerialNumber:  
[  872.081530][   T30] kauditd_printk_skb: 19 callbacks suppressed
[  872.081579][   T30] audit: type=1326 audit(1755450792.375:345): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=16106 comm="syz.5.2752" exe="/root/syz-executor" sig=31 arch=c000003e syscall=202 compat=0 ip=0x7f49d5b8ebe9 code=0x0
[  872.135922][ T6011] usb 2-1: 0:2 : does not exist
[  872.178616][ T6011] usb 2-1: USB disconnect, device number 120
[  872.392385][T16112] Bluetooth: hci3: command 0x0406 tx timeout
[  872.793858][T16139] netlink: 8 bytes leftover after parsing attributes in process `syz.5.2759'.
[  873.092698][T16148] GUP no longer grows the stack in syz.1.2761 (16148): 200000004000-20000000a000 (200000002000)
[  873.114776][T16148] CPU: 1 UID: 0 PID: 16148 Comm: syz.1.2761 Not tainted 6.16.0-syzkaller #0 PREEMPT(full) 
[  873.114808][T16148] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 07/12/2025
[  873.114822][T16148] Call Trace:
[  873.114830][T16148]  <TASK>
[  873.114839][T16148]  dump_stack_lvl+0x189/0x250
[  873.114876][T16148]  ? __pfx_dump_stack_lvl+0x10/0x10
[  873.114900][T16148]  ? __pfx__printk+0x10/0x10
[  873.114925][T16148]  ? find_vma+0xe7/0x160
[  873.114964][T16148]  __get_user_pages+0x2a60/0x30b0
[  873.115052][T16148]  ? __pfx___get_user_pages+0x10/0x10
[  873.115095][T16148]  get_user_pages_remote+0x2f9/0xaa0
[  873.115125][T16148]  ? __pfx_mtree_load+0x10/0x10
[  873.115156][T16148]  ? __pfx_get_user_pages_remote+0x10/0x10
[  873.115199][T16148]  __access_remote_vm+0x215/0x5f0
[  873.115232][T16148]  ? __pfx___access_remote_vm+0x10/0x10
[  873.115258][T16148]  ? alloc_pages_noprof+0xbe/0x190
[  873.115287][T16148]  proc_pid_cmdline_read+0x440/0x840
[  873.115311][T16148]  ? __asan_memset+0x22/0x50
[  873.115348][T16148]  ? __pfx_proc_pid_cmdline_read+0x10/0x10
[  873.115375][T16148]  ? rw_verify_area+0x258/0x650
[  873.115413][T16148]  vfs_readv+0x5aa/0x850
[  873.115438][T16148]  ? __pfx_proc_pid_cmdline_read+0x10/0x10
[  873.115465][T16148]  ? __pfx_vfs_readv+0x10/0x10
[  873.115510][T16148]  ? __fget_files+0x2a/0x420
[  873.115541][T16148]  ? __fget_files+0x3a0/0x420
[  873.115563][T16148]  ? __fget_files+0x2a/0x420
[  873.115597][T16148]  __x64_sys_preadv+0x197/0x2a0
[  873.115625][T16148]  ? __pfx___x64_sys_preadv+0x10/0x10
[  873.115645][T16148]  ? rcu_is_watching+0x15/0xb0
[  873.115675][T16148]  ? do_syscall_64+0xbe/0x3b0
[  873.115704][T16148]  do_syscall_64+0xfa/0x3b0
[  873.115724][T16148]  ? lockdep_hardirqs_on+0x9c/0x150
[  873.115745][T16148]  ? entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  873.115765][T16148]  ? clear_bhb_loop+0x60/0xb0
[  873.115791][T16148]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  873.115811][T16148] RIP: 0033:0x7ff2d078ebe9
[  873.115832][T16148] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[  873.115850][T16148] RSP: 002b:00007ff2d1539038 EFLAGS: 00000246 ORIG_RAX: 0000000000000127
[  873.115873][T16148] RAX: ffffffffffffffda RBX: 00007ff2d09b6090 RCX: 00007ff2d078ebe9
[  873.115889][T16148] RDX: 0000000000000001 RSI: 00002000000003c0 RDI: 0000000000000009
[  873.115904][T16148] RBP: 00007ff2d0811e19 R08: 0000000021000008 R09: 0000000000000000
[  873.115918][T16148] R10: 0000000000000304 R11: 0000000000000246 R12: 0000000000000000
[  873.115932][T16148] R13: 00007ff2d09b6128 R14: 00007ff2d09b6090 R15: 00007ffe876d33c8
[  873.115969][T16148]  </TASK>
[  874.985018][T16167] wg1: entered promiscuous mode
[  875.014784][T16167] wg1: entered allmulticast mode
[  875.236543][T16171] netlink: 8 bytes leftover after parsing attributes in process `syz.4.2769'.
[  875.519735][T16183] Falling back ldisc for ptm0.
[  875.720917][T15084] usb 2-1: new high-speed USB device number 121 using dummy_hcd
[  875.798315][T16112] Bluetooth: hci5: unexpected cc 0x0c03 length: 249 > 1
[  875.811138][T16112] Bluetooth: hci5: unexpected cc 0x1003 length: 249 > 9
[  875.819990][T16112] Bluetooth: hci5: unexpected cc 0x1001 length: 249 > 9
[  875.843703][T16112] Bluetooth: hci5: unexpected cc 0x0c23 length: 249 > 4
[  875.854456][T16112] Bluetooth: hci5: unexpected cc 0x0c38 length: 249 > 2
[  876.031215][T15084] usb 2-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config
[  876.037482][T16190] lo speed is unknown, defaulting to 1000
[  876.053911][T15084] usb 2-1: config 0 has 1 interface, different from the descriptor's value: 3
[  876.156042][T15084] usb 2-1: New USB device found, idVendor=0489, idProduct=e057, bcdDevice= 0.00
[  876.194080][T15084] usb 2-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  876.467366][T15084] usb 2-1: config 0 descriptor??
[  876.535986][T16203] vlan0: entered promiscuous mode
[  876.541317][T16203] syz_tun: entered promiscuous mode
[  876.610266][T16190] chnl_net:caif_netlink_parms(): no params data found
[  876.633629][T16204] overlay: ./file1 is not a directory
[  876.642105][T16204] overlay: ./file0 is not a directory
[  876.687845][T15084] Bluetooth: Can't get state to change to load ram patch err
[  876.707819][T15084] Bluetooth: Loading patch file failed
[  876.728669][T15084] ath3k 2-1:0.0: probe with driver ath3k failed with error -71
[  876.821691][T15084] usb 2-1: USB disconnect, device number 121
[  876.945678][T16204] hfs: unable to load iocharset "io#harset"
[  877.156067][T16190] bridge0: port 1(bridge_slave_0) entered blocking state
[  877.165515][T16190] bridge0: port 1(bridge_slave_0) entered disabled state
[  877.185283][T16190] bridge_slave_0: entered allmulticast mode
[  877.200670][T16190] bridge_slave_0: entered promiscuous mode
[  877.284370][T16190] bridge0: port 2(bridge_slave_1) entered blocking state
[  877.323705][T16190] bridge0: port 2(bridge_slave_1) entered disabled state
[  877.344593][T16190] bridge_slave_1: entered allmulticast mode
[  877.393917][T16190] bridge_slave_1: entered promiscuous mode
[  877.911246][T16112] Bluetooth: hci5: command tx timeout
[  877.982374][T16190] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link
[  878.178594][T16190] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link
[  878.429796][T16190] team0: Port device team_slave_0 added
[  878.465287][T16190] team0: Port device team_slave_1 added
[  879.395189][T16246] fanotify: failed to encode fid (type=0, len=0, err=-2)
[  879.991341][T16112] Bluetooth: hci5: command tx timeout
[  880.046492][T16190] batman_adv: batadv0: Adding interface: batadv_slave_0
[  880.054460][T16190] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[  880.086222][T16190] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active
[  880.153452][T16190] batman_adv: batadv0: Adding interface: batadv_slave_1
[  880.164006][T16190] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[  880.196598][T16190] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active
[  880.716777][T16190] hsr_slave_0: entered promiscuous mode
[  880.727811][T16190] hsr_slave_1: entered promiscuous mode
[  880.735591][T16190] debugfs: Directory 'hsr0' with parent 'hsr' already present!
[  880.748746][T16190] Cannot create hsr debugfs directory
[  880.760332][T14279] bridge_slave_1: left promiscuous mode
[  880.770688][T14279] bridge0: port 2(bridge_slave_1) entered disabled state
[  880.789828][T14279] bridge_slave_0: left promiscuous mode
[  880.797650][T14279] bridge0: port 1(bridge_slave_0) entered disabled state
[  881.221105][T16257] /dev/nullb0: Can't open blockdev
[  881.251787][T16257] 9pnet_fd: Insufficient options for proto=fd
[  882.854814][T16112] Bluetooth: hci5: command tx timeout
[  884.872772][ T5849] Bluetooth: hci5: command tx timeout
[  885.436488][T14279] bond2 (unregistering): (slave gretap1): Releasing active interface
[  886.381338][T16288] /dev/nullb0: Can't open blockdev
[  886.548741][T14279] bond0 (unregistering): (slave bridge0): Releasing backup interface
[  888.148498][T14279] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface
[  888.163227][T14279] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface
[  888.185696][T14279] bond0 (unregistering): Released all slaves
[  888.555525][T14279] bond1 (unregistering): Released all slaves
[  888.914742][T14279] bond2 (unregistering): Released all slaves
[  889.189071][T14279] bond3 (unregistering): Released all slaves
[  889.530057][T14279] bond4 (unregistering): Released all slaves
[  889.704377][T16271] lo speed is unknown, defaulting to 1000
[  889.855854][T14279] tipc: Left network mode
[  890.215729][T16303] netlink: 'syz.4.2802': attribute type 10 has an invalid length.
[  890.244198][T16302] netlink: 'syz.4.2802': attribute type 10 has an invalid length.
[  890.839078][T14279] hsr_slave_0: left promiscuous mode
[  891.037388][T14279] hsr_slave_1: left promiscuous mode
[  891.056469][T14279] batman_adv: batadv0: Removing interface: batadv_slave_0
[  891.094963][T16314] xt_physdev: --physdev-out and --physdev-is-out only supported in the FORWARD and POSTROUTING chains with bridged traffic
[  891.177421][T16316] input: syz1 as /devices/virtual/input/input32
[  891.248003][T16316] netlink: 52 bytes leftover after parsing attributes in process `syz.4.2805'.
[  892.296629][T14279] team0 (unregistering): Port device team_slave_1 removed
[  892.469144][T14279] team0 (unregistering): Port device team_slave_0 removed
[  892.721580][ T5907] usb 6-1: new high-speed USB device number 13 using dummy_hcd
[  892.888608][ T5907] usb 6-1: device descriptor read/64, error -71
[  892.897166][ T5849] Bluetooth: hci2: command 0x0406 tx timeout
[  893.151162][ T5907] usb 6-1: new high-speed USB device number 14 using dummy_hcd
[  893.301443][ T5907] usb 6-1: device descriptor read/64, error -71
[  893.412261][ T5907] usb usb6-port1: attempt power cycle
[  893.631028][    T9] usb 5-1: new full-speed USB device number 102 using dummy_hcd
[  893.764321][ T5907] usb 6-1: new high-speed USB device number 15 using dummy_hcd
[  893.812245][ T5907] usb 6-1: device descriptor read/8, error -71
[  893.833009][    T9] usb 5-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid maxpacket 1023, setting to 64
[  893.855034][    T9] usb 5-1: New USB device found, idVendor=04f3, idProduct=0755, bcdDevice= 0.00
[  893.874487][    T9] usb 5-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  893.912307][    T9] usb 5-1: config 0 descriptor??
[  893.931785][T16322] raw-gadget.1 gadget.4: fail, usb_ep_enable returned -22
[  893.979845][T16190] netdevsim netdevsim2 netdevsim0: renamed from eth0
[  893.999485][T16190] netdevsim netdevsim2 netdevsim1: renamed from eth1
[  894.030587][T16190] netdevsim netdevsim2 netdevsim2: renamed from eth2
[  894.065977][ T5907] usb 6-1: new high-speed USB device number 16 using dummy_hcd
[  894.074796][T16190] netdevsim netdevsim2 netdevsim3: renamed from eth3
[  894.099639][ T5849] Bluetooth: hci0: unexpected cc 0x0c03 length: 249 > 1
[  894.125873][ T5849] Bluetooth: hci0: unexpected cc 0x1003 length: 249 > 9
[  894.135719][ T5849] Bluetooth: hci0: unexpected cc 0x1001 length: 249 > 9
[  894.144969][ T5907] usb 6-1: device descriptor read/8, error -71
[  894.156703][ T5849] Bluetooth: hci0: unexpected cc 0x0c23 length: 249 > 4
[  894.166237][ T5849] Bluetooth: hci0: unexpected cc 0x0c38 length: 249 > 2
[  894.271281][ T5907] usb usb6-port1: unable to enumerate USB device
[  894.494805][T16190] 8021q: adding VLAN 0 to HW filter on device bond0
[  894.534337][T16190] 8021q: adding VLAN 0 to HW filter on device team0
[  894.564917][ T6188] bridge0: port 1(bridge_slave_0) entered blocking state
[  894.572130][ T6188] bridge0: port 1(bridge_slave_0) entered forwarding state
[  894.584905][    T9] usbhid 5-1:0.0: can't add hid device: -71
[  894.600984][    T9] usbhid 5-1:0.0: probe with driver usbhid failed with error -71
[  894.618925][ T6188] bridge0: port 2(bridge_slave_1) entered blocking state
[  894.619255][    T9] usb 5-1: USB disconnect, device number 102
[  894.626156][ T6188] bridge0: port 2(bridge_slave_1) entered forwarding state
[  894.651026][ T5907] usb 4-1: new full-speed USB device number 16 using dummy_hcd
[  894.816810][ T5907] usb 4-1: config 2 has an invalid interface number: 211 but max is 0
[  894.825166][ T5907] usb 4-1: config 2 has no interface number 0
[  894.831418][ T5907] usb 4-1: config 2 interface 211 altsetting 0 endpoint 0x4 has invalid maxpacket 512, setting to 64
[  894.844654][ T5907] usb 4-1: config 2 interface 211 altsetting 0 endpoint 0x82 has invalid wMaxPacketSize 0
[  894.862404][ T5907] usb 4-1: New USB device found, idVendor=2040, idProduct=8268, bcdDevice=27.95
[  894.881016][ T5907] usb 4-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  894.899288][ T5907] usb 4-1: Product: syz
[  894.903586][ T5907] usb 4-1: Manufacturer: syz
[  894.908217][ T5907] usb 4-1: SerialNumber: syz
[  894.935117][T16338] raw-gadget.2 gadget.3: fail, usb_ep_enable returned -22
[  894.950099][ T5907] em28xx 4-1:2.211: New device syz syz @ 12 Mbps (2040:8268, interface 211, class 211)
[  894.987017][ T5907] em28xx 4-1:2.211: Device initialization failed.
[  894.997129][ T5907] em28xx 4-1:2.211: Device must be connected to a high-speed USB 2.0 port.
[  895.017515][T16328] chnl_net:caif_netlink_parms(): no params data found
[  895.238872][   T24] usb 4-1: USB disconnect, device number 16
[  895.336672][T16328] bridge0: port 1(bridge_slave_0) entered blocking state
[  895.350727][T16328] bridge0: port 1(bridge_slave_0) entered disabled state
[  895.367766][T16328] bridge_slave_0: entered allmulticast mode
[  895.379543][T16328] bridge_slave_0: entered promiscuous mode
[  895.561847][T16190] 8021q: adding VLAN 0 to HW filter on device batadv0
[  895.633916][T16328] bridge0: port 2(bridge_slave_1) entered blocking state
[  895.641928][T16328] bridge0: port 2(bridge_slave_1) entered disabled state
[  895.649203][T16328] bridge_slave_1: entered allmulticast mode
[  895.662228][T16328] bridge_slave_1: entered promiscuous mode
[  896.298098][ T5849] Bluetooth: hci0: command tx timeout
[  896.876020][T16328] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link
[  896.994369][T16328] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link
[  897.000930][ T5844] usb 4-1: new high-speed USB device number 17 using dummy_hcd
[  897.257708][T16328] team0: Port device team_slave_0 added
[  897.329784][T16328] team0: Port device team_slave_1 added
[  897.353551][ T5844] usb 4-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7
[  898.091656][ T5844] usb 4-1: New USB device found, idVendor=1e7d, idProduct=2e22, bcdDevice= 0.00
[  898.110964][ T5844] usb 4-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  898.189413][ T5844] usb 4-1: config 0 descriptor??
[  898.311443][ T5849] Bluetooth: hci0: command tx timeout
[  898.410352][T16328] batman_adv: batadv0: Adding interface: batadv_slave_0
[  898.425975][T16328] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[  898.481168][T16328] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active
[  898.502838][T16328] batman_adv: batadv0: Adding interface: batadv_slave_1
[  898.509832][T16328] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[  898.622088][T16328] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active
[  898.711418][T16190] veth0_vlan: entered promiscuous mode
[  898.738280][T16389] netlink: 8 bytes leftover after parsing attributes in process `syz.4.2819'.
[  898.765456][ T5844] koneplus 0003:1E7D:2E22.0013: unknown main item tag 0x2
[  898.797680][ T5844] koneplus 0003:1E7D:2E22.0013: item fetching failed at offset 3/7
[  898.816811][ T5844] koneplus 0003:1E7D:2E22.0013: parse failed
[  898.848716][ T5844] koneplus 0003:1E7D:2E22.0013: probe with driver koneplus failed with error -22
[  898.862227][T16328] hsr_slave_0: entered promiscuous mode
[  898.900552][T16328] hsr_slave_1: entered promiscuous mode
[  898.941997][T16328] debugfs: Directory 'hsr0' with parent 'hsr' already present!
[  898.978587][T16328] Cannot create hsr debugfs directory
[  899.078300][T16190] veth1_vlan: entered promiscuous mode
[  899.245910][T16190] veth0_macvtap: entered promiscuous mode
[  900.400981][ T5849] Bluetooth: hci0: command tx timeout
[  901.297689][   T24] usb 4-1: USB disconnect, device number 17
[  901.452813][T16190] veth1_macvtap: entered promiscuous mode
[  901.849561][T16190] batman_adv: batadv0: Interface activated: batadv_slave_0
[  901.890951][ T5844] usb 6-1: new high-speed USB device number 17 using dummy_hcd
[  901.962102][T16190] batman_adv: batadv0: Interface activated: batadv_slave_1
[  902.061864][ T5844] usb 6-1: Using ep0 maxpacket: 32
[  902.087475][ T5844] usb 6-1: config 0 interface 0 has no altsetting 0
[  902.114471][ T5844] usb 6-1: New USB device found, idVendor=16d0, idProduct=10b8, bcdDevice=de.8e
[  902.128304][ T5844] usb 6-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  902.144547][ T5844] usb 6-1: Product: syz
[  902.165643][ T5844] usb 6-1: Manufacturer: syz
[  902.170302][ T5844] usb 6-1: SerialNumber: syz
[  902.176708][T16190] netdevsim netdevsim2 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0
[  902.200317][T16190] netdevsim netdevsim2 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0
[  902.216800][ T5844] usb 6-1: config 0 descriptor??
[  902.224801][T16190] netdevsim netdevsim2 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0
[  902.242020][T16190] netdevsim netdevsim2 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0
[  902.473229][ T5849] Bluetooth: hci0: command tx timeout
[  902.902468][ T5844] gs_usb 6-1:0.0: Configuring for 2 interfaces
[  903.651432][ T5975] usb 4-1: new high-speed USB device number 18 using dummy_hcd
[  903.699247][T16402] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy
[  903.755215][    C1] raw-gadget.1 gadget.3: ignoring, device is not running
[  903.774868][T16402] misc raw-gadget: fail, usb_gadget_register_driver returned -16
[  903.855314][ T6345] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[  903.903657][ T6345] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50
[  903.921812][ T5975] usb 4-1: device descriptor read/64, error -32
[  904.026929][ T5844] gs_usb 6-1:0.0: Couldn't register candev for channel 1 (-EINVAL)
[  904.028531][T16328] netdevsim netdevsim6 netdevsim0: renamed from eth0
[  904.050248][T16328] netdevsim netdevsim6 netdevsim1: renamed from eth1
[  904.094600][   T36] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[  904.103728][   T36] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50
[  904.178507][ T5975] usb 4-1: new high-speed USB device number 19 using dummy_hcd
[  904.272146][T16328] netdevsim netdevsim6 netdevsim2: renamed from eth2
[  904.294952][T16328] netdevsim netdevsim6 netdevsim3: renamed from eth3
[  904.317435][ T5844] gs_usb 6-1:0.0: probe with driver gs_usb failed with error -22
[  904.361635][ T5975] usb 4-1: Using ep0 maxpacket: 16
[  904.376044][ T5844] usb 6-1: USB disconnect, device number 17
[  904.402853][ T5975] usb 4-1: config 0 has an invalid descriptor of length 129, skipping remainder of the config
[  904.439721][ T5975] usb 4-1: config 0 has 0 interfaces, different from the descriptor's value: 1
[  904.476777][ T5975] usb 4-1: New USB device found, idVendor=056a, idProduct=00b3, bcdDevice= 0.04
[  904.486054][ T5975] usb 4-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  904.544184][ T5975] usb 4-1: config 0 descriptor??
[  904.613194][T16328] 8021q: adding VLAN 0 to HW filter on device bond0
[  904.664740][T16328] 8021q: adding VLAN 0 to HW filter on device team0
[  904.687672][   T55] bridge0: port 1(bridge_slave_0) entered blocking state
[  904.694912][   T55] bridge0: port 1(bridge_slave_0) entered forwarding state
[  904.732556][ T6345] bridge0: port 2(bridge_slave_1) entered blocking state
[  904.739844][ T6345] bridge0: port 2(bridge_slave_1) entered forwarding state
[  905.110968][    T9] usb 3-1: new full-speed USB device number 41 using dummy_hcd
[  905.214544][ T5907] usb 6-1: new high-speed USB device number 18 using dummy_hcd
[  905.292541][    T9] usb 3-1: unable to get BOS descriptor or descriptor too short
[  905.319335][    T9] usb 3-1: not running at top speed; connect to a high speed hub
[  905.348437][    T9] usb 3-1: config 1 has an invalid descriptor of length 0, skipping remainder of the config
[  905.375948][    T9] usb 3-1: config 1 interface 1 altsetting 1 endpoint 0x1 has an invalid bInterval 147, changing to 4
[  905.387767][ T5907] usb 6-1: Using ep0 maxpacket: 32
[  905.417125][ T5907] usb 6-1: config 0 has an invalid interface number: 6 but max is 0
[  905.436563][    T9] usb 3-1: config 1 interface 2 altsetting 1 endpoint 0x82 has an invalid bInterval 0, changing to 4
[  905.455534][T16328] 8021q: adding VLAN 0 to HW filter on device batadv0
[  905.462735][ T5907] usb 6-1: config 0 has 2 interfaces, different from the descriptor's value: 1
[  905.472352][ T5907] usb 6-1: config 0 has no interface number 1
[  905.483012][    T9] usb 3-1: New USB device found, idVendor=1d6b, idProduct=0101, bcdDevice= 0.40
[  905.493595][    T9] usb 3-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  905.516090][    T9] usb 3-1: Product: syz
[  905.521645][    T9] usb 3-1: Manufacturer: syz
[  905.526743][ T5907] usb 6-1: New USB device found, idVendor=10cf, idProduct=8061, bcdDevice=b7.12
[  905.547172][ T5907] usb 6-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  905.555319][ T5907] usb 6-1: Product: syz
[  905.560258][    T9] usb 3-1: SerialNumber: syz
[  905.573848][ T5907] usb 6-1: Manufacturer: syz
[  905.586495][ T5907] usb 6-1: SerialNumber: syz
[  905.607478][ T5907] usb 6-1: config 0 descriptor??
[  905.644972][ T5907] comedi comedi5: driver 'vmk80xx' has successfully auto-configured 'K8061 (VM140)'.
[  906.430229][T16434] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy
[  906.440584][ T5907] vmk80xx 6-1:0.0: driver 'vmk80xx' failed to auto-configure device.
[  906.498173][T16434] misc raw-gadget: fail, usb_gadget_register_driver returned -16
[  906.519758][ T5907] usb 6-1: USB disconnect, device number 18
[  906.597393][    T9] usb 3-1: 2:1 : UAC_AS_GENERAL descriptor not found
[  906.604937][   T10] usb 4-1: USB disconnect, device number 19
[  906.720381][    T9] usb 3-1: USB disconnect, device number 41
[  906.824850][T16452] FAULT_INJECTION: forcing a failure.
[  906.824850][T16452] name failslab, interval 1, probability 0, space 0, times 0
[  906.882706][T16452] CPU: 0 UID: 0 PID: 16452 Comm: syz.3.2830 Not tainted 6.16.0-syzkaller #0 PREEMPT(full) 
[  906.882738][T16452] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 07/12/2025
[  906.882750][T16452] Call Trace:
[  906.882758][T16452]  <TASK>
[  906.882767][T16452]  dump_stack_lvl+0x189/0x250
[  906.882796][T16452]  ? __pfx____ratelimit+0x10/0x10
[  906.882817][T16452]  ? __pfx_dump_stack_lvl+0x10/0x10
[  906.882840][T16452]  ? __pfx__printk+0x10/0x10
[  906.882874][T16452]  ? __pfx___might_resched+0x10/0x10
[  906.882895][T16452]  ? fs_reclaim_acquire+0x7d/0x100
[  906.882943][T16452]  should_fail_ex+0x414/0x560
[  906.882981][T16452]  should_failslab+0xa8/0x100
[  906.883013][T16452]  __kmalloc_noprof+0xcb/0x4f0
[  906.883032][T16452]  ? ethnl_default_notify+0x184/0x990
[  906.883078][T16452]  ethnl_default_notify+0x184/0x990
[  906.883112][T16452]  ? lockdep_hardirqs_on+0x9c/0x150
[  906.883135][T16452]  ? __pfx_ethnl_default_notify+0x10/0x10
[  906.883178][T16452]  ? __pfx_ethnl_set_pause+0x10/0x10
[  906.883209][T16452]  ? mutex_is_locked+0x17/0x50
[  906.883231][T16452]  ? rtnl_is_locked+0x15/0x20
[  906.883264][T16452]  ethnl_default_set_doit+0x64e/0xa20
[  906.883307][T16452]  ? __pfx_ethnl_default_set_doit+0x10/0x10
[  906.883343][T16452]  ? genl_family_rcv_msg_attrs_parse+0x1c9/0x2a0
[  906.883375][T16452]  genl_family_rcv_msg_doit+0x215/0x300
[  906.883404][T16452]  ? __pfx_genl_family_rcv_msg_doit+0x10/0x10
[  906.883441][T16452]  ? bpf_lsm_capable+0x9/0x20
[  906.883464][T16452]  ? security_capable+0x7e/0x2e0
[  906.883496][T16452]  genl_rcv_msg+0x60e/0x790
[  906.883527][T16452]  ? __pfx_genl_rcv_msg+0x10/0x10
[  906.883545][T16452]  ? ref_tracker_free+0x63a/0x7d0
[  906.883564][T16452]  ? __pfx_ethnl_default_set_doit+0x10/0x10
[  906.883594][T16452]  ? __pfx_ref_tracker_free+0x10/0x10
[  906.883628][T16452]  netlink_rcv_skb+0x205/0x470
[  906.883670][T16452]  ? __pfx_genl_rcv_msg+0x10/0x10
[  906.883694][T16452]  ? __pfx_netlink_rcv_skb+0x10/0x10
[  906.883745][T16452]  ? down_read+0x1ad/0x2e0
[  906.883773][T16452]  genl_rcv+0x28/0x40
[  906.883792][T16452]  netlink_unicast+0x75c/0x8e0
[  906.883833][T16452]  netlink_sendmsg+0x805/0xb30
[  906.883875][T16452]  ? __pfx_netlink_sendmsg+0x10/0x10
[  906.883914][T16452]  ? bpf_lsm_socket_sendmsg+0x9/0x20
[  906.883934][T16452]  ? __pfx_netlink_sendmsg+0x10/0x10
[  906.883964][T16452]  __sock_sendmsg+0x21c/0x270
[  906.883994][T16452]  ____sys_sendmsg+0x505/0x830
[  906.884032][T16452]  ? __pfx_____sys_sendmsg+0x10/0x10
[  906.884076][T16452]  ? import_iovec+0x74/0xa0
[  906.884110][T16452]  ___sys_sendmsg+0x21f/0x2a0
[  906.884144][T16452]  ? __pfx____sys_sendmsg+0x10/0x10
[  906.884224][T16452]  ? __fget_files+0x2a/0x420
[  906.884246][T16452]  ? __fget_files+0x3a0/0x420
[  906.884284][T16452]  __x64_sys_sendmsg+0x19b/0x260
[  906.884318][T16452]  ? __pfx___x64_sys_sendmsg+0x10/0x10
[  906.884362][T16452]  ? __pfx_ksys_write+0x10/0x10
[  906.884379][T16452]  ? rcu_is_watching+0x15/0xb0
[  906.884407][T16452]  ? do_syscall_64+0xbe/0x3b0
[  906.884435][T16452]  do_syscall_64+0xfa/0x3b0
[  906.884456][T16452]  ? lockdep_hardirqs_on+0x9c/0x150
[  906.884477][T16452]  ? entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  906.884497][T16452]  ? clear_bhb_loop+0x60/0xb0
[  906.884523][T16452]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  906.884542][T16452] RIP: 0033:0x7f594c78ebe9
[  906.884561][T16452] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[  906.884579][T16452] RSP: 002b:00007f594d563038 EFLAGS: 00000246 ORIG_RAX: 000000000000002e
[  906.884603][T16452] RAX: ffffffffffffffda RBX: 00007f594c9b5fa0 RCX: 00007f594c78ebe9
[  906.884618][T16452] RDX: 0000000000000000 RSI: 00002000000000c0 RDI: 0000000000000003
[  906.884631][T16452] RBP: 00007f594d563090 R08: 0000000000000000 R09: 0000000000000000
[  906.884644][T16452] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[  906.884666][T16452] R13: 00007f594c9b6038 R14: 00007f594c9b5fa0 R15: 00007fff6916bc48
[  906.884703][T16452]  </TASK>
[  908.242630][ T5849] Bluetooth: hci2: unexpected event 0x01 length: 4 > 1
[  908.686311][T16328] veth0_vlan: entered promiscuous mode
[  908.778821][T16328] veth1_vlan: entered promiscuous mode
[  908.846259][T16328] veth0_macvtap: entered promiscuous mode
[  908.886168][T16328] veth1_macvtap: entered promiscuous mode
[  908.931136][T16328] batman_adv: batadv0: Interface activated: batadv_slave_0
[  908.946398][T16328] batman_adv: batadv0: Interface activated: batadv_slave_1
[  909.295855][T16481] netlink: 'syz.5.2837': attribute type 16 has an invalid length.
[  909.303816][T16481] netlink: 'syz.5.2837': attribute type 17 has an invalid length.
[  909.512254][T16481] A link change request failed with some changes committed already. Interface caif0 may have been left with an inconsistent configuration, please check.
[  909.533484][ T5975] usb 5-1: new high-speed USB device number 103 using dummy_hcd
[  909.545520][   T30] audit: type=1326 audit(1755450829.464:346): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=16476 comm="syz.3.2838" exe="/root/syz-executor" sig=31 arch=c000003e syscall=202 compat=0 ip=0x7f594c78ebe9 code=0x0
[  909.582708][T16328] netdevsim netdevsim6 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0
[  909.606529][T16328] netdevsim netdevsim6 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0
[  909.628499][T16328] netdevsim netdevsim6 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0
[  909.653651][T16328] netdevsim netdevsim6 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0
[  909.737052][ T5975] usb 5-1: Using ep0 maxpacket: 32
[  909.757693][ T5975] usb 5-1: config 0 has an invalid interface number: 85 but max is 0
[  909.775009][ T5975] usb 5-1: config 0 has no interface number 0
[  909.928426][ T9183] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[  909.939715][ T5975] usb 5-1: config 0 interface 85 altsetting 7 endpoint 0x82 has an invalid bInterval 0, changing to 7
[  909.966282][ T9183] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50
[  909.974435][ T5975] usb 5-1: config 0 interface 85 has no altsetting 0
[  909.989534][ T5975] usb 5-1: New USB device found, idVendor=05ac, idProduct=0219, bcdDevice=f0.72
[  910.002704][ T5975] usb 5-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  910.020276][ T5975] usb 5-1: Product: syz
[  910.026839][ T5975] usb 5-1: Manufacturer: syz
[  910.031847][ T5975] usb 5-1: SerialNumber: syz
[  910.068978][ T5975] usb 5-1: config 0 descriptor??
[  910.177358][ T6188] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[  910.218008][ T6188] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50
[  910.550277][T16473] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy
[  910.602855][T16473] misc raw-gadget: fail, usb_gadget_register_driver returned -16
[  910.816520][ T5975] appletouch 5-1:0.85: Geyser mode initialized.
[  910.825989][ T5975] input: appletouch as /devices/platform/dummy_hcd.4/usb5/5-1/5-1:0.85/input/input33
[  911.680262][    T9] usb 5-1: USB disconnect, device number 103
[  911.680447][    C1] appletouch 5-1:0.85: atp_complete: usb_submit_urb failed with result -19
[  911.799055][    T9] appletouch 5-1:0.85: input: appletouch disconnected
[  913.127905][T16520] netlink: 12 bytes leftover after parsing attributes in process `syz.3.2841'.
[  914.028956][T16511] program syz.6.2845 is using a deprecated SCSI ioctl, please convert it to SG_IO
[  914.082564][T16531] vhci_hcd vhci_hcd.0: pdev(2) rhport(0) sockfd(5)
[  914.089140][T16531] vhci_hcd vhci_hcd.0: devid(0) speed(1) speed_str(low-speed)
[  914.147477][T16531] vhci_hcd vhci_hcd.0: Device attached
[  914.435892][T16533] vhci_hcd: connection closed
[  914.889353][   T10] usb 37-1: new low-speed USB device number 2 using vhci_hcd
[  914.907709][   T12] vhci_hcd: stop threads
[  914.957101][   T12] vhci_hcd: release socket
[  914.985608][   T12] vhci_hcd: disconnect device
[  915.506884][T16557] netlink: 12 bytes leftover after parsing attributes in process `syz.4.2856'.
[  916.460921][T16112] Bluetooth: hci0: command 0x0405 tx timeout
[  916.918898][T16573] /dev/nullb0: Can't open blockdev
[  917.113652][   T30] audit: type=1326 audit(1755450836.564:347): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=16574 comm="syz.4.2862" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f3fb738ebe9 code=0x7ffc0000
[  917.146330][ T5907] usb 6-1: new high-speed USB device number 19 using dummy_hcd
[  917.172221][   T30] audit: type=1326 audit(1755450836.564:348): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=16574 comm="syz.4.2862" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f3fb738ebe9 code=0x7ffc0000
[  917.205092][   T30] audit: type=1326 audit(1755450836.620:349): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=16574 comm="syz.4.2862" exe="/root/syz-executor" sig=0 arch=c000003e syscall=123 compat=0 ip=0x7f3fb738ebe9 code=0x7ffc0000
[  917.305489][   T30] audit: type=1326 audit(1755450836.620:350): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=16574 comm="syz.4.2862" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f3fb738ebe9 code=0x7ffc0000
[  917.358898][ T5907] usb 6-1: Using ep0 maxpacket: 32
[  917.394277][ T5907] usb 6-1: config 0 interface 0 altsetting 0 bulk endpoint 0x85 has invalid maxpacket 9
[  917.424806][   T30] audit: type=1326 audit(1755450836.620:351): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=16574 comm="syz.4.2862" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f3fb738ebe9 code=0x7ffc0000
[  917.476638][ T5907] usb 6-1: New USB device found, idVendor=14c8, idProduct=0003, bcdDevice= 5.6c
[  917.486038][ T5907] usb 6-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  917.508954][   T30] audit: type=1326 audit(1755450836.620:352): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=16574 comm="syz.4.2862" exe="/root/syz-executor" sig=0 arch=c000003e syscall=162 compat=0 ip=0x7f3fb738ebe9 code=0x7ffc0000
[  917.545680][ T5907] usb 6-1: Product: syz
[  917.549913][ T5907] usb 6-1: Manufacturer: syz
[  917.567833][ T5907] usb 6-1: SerialNumber: syz
[  917.595131][ T5907] usb 6-1: config 0 descriptor??
[  917.604819][   T30] audit: type=1326 audit(1755450836.732:353): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=16574 comm="syz.4.2862" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f3fb738ebe9 code=0x7ffc0000
[  917.640990][T16571] raw-gadget.0 gadget.5: fail, usb_ep_enable returned -22
[  917.691815][ T5907] input: syz syz as /devices/platform/dummy_hcd.5/usb6/6-1/6-1:0.0/input/input34
[  917.726716][   T30] audit: type=1326 audit(1755450836.732:354): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=16574 comm="syz.4.2862" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f3fb738ebe9 code=0x7ffc0000
[  917.953843][T16571] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy
[  917.963622][T16571] misc raw-gadget: fail, usb_gadget_register_driver returned -16
[  918.092069][T16449] usb 6-1: USB disconnect, device number 19
[  918.092141][    C0] usbtouchscreen 6-1:0.0: usbtouch_irq - usb_submit_urb failed with result: -19
[  919.069719][ T5907] usb 3-1: new high-speed USB device number 43 using dummy_hcd
[  919.274322][ T5907] usb 3-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7
[  919.349171][ T5907] usb 3-1: New USB device found, idVendor=0079, idProduct=1846, bcdDevice= 0.00
[  919.379432][ T5907] usb 3-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  919.412650][ T5907] usb 3-1: config 0 descriptor??
[  919.602153][ T1153] Bluetooth: hci6: Frame reassembly failed (-84)
[  921.247955][   T10] vhci_hcd: vhci_device speed not set
[  921.263027][ T5907] hid_mf 0003:0079:1846.0014: hidraw0: USB HID v0.00 Device [HID 0079:1846] on usb-dummy_hcd.2-1/input0
[  921.274913][ T5907] hid_mf 0003:0079:1846.0014: Invalid report, this should never happen!
[  921.292347][ T5907] hid_mf 0003:0079:1846.0014: Force feedback init failed.
[  921.399959][T12380] usb 4-1: new high-speed USB device number 20 using dummy_hcd
[  921.491307][ T5975] usb 3-1: USB disconnect, device number 43
[  921.560866][T12380] usb 4-1: device descriptor read/64, error -71
[  921.778975][ T5849] Bluetooth: hci6: command 0x1003 tx timeout
[  921.785640][T16112] Bluetooth: hci6: Opcode 0x1003 failed: -110
[  921.944157][T12380] usb 4-1: new high-speed USB device number 21 using dummy_hcd
[  922.098885][T12380] usb 4-1: device descriptor read/64, error -71
[  922.262472][T12380] usb usb4-port1: attempt power cycle
[  922.953894][T12380] usb 4-1: new high-speed USB device number 22 using dummy_hcd
[  923.239043][T12380] usb 4-1: device not accepting address 22, error -71
[  923.880297][   T10] usb 6-1: new high-speed USB device number 20 using dummy_hcd
[  923.976635][T12380] usb 4-1: new high-speed USB device number 23 using dummy_hcd
[  924.022866][T12380] usb 4-1: config 1 has an invalid descriptor of length 0, skipping remainder of the config
[  924.048946][T12380] usb 4-1: config 1 has 1 interface, different from the descriptor's value: 3
[  924.073392][   T10] usb 6-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7
[  924.096986][ T5907] usb 7-1: new full-speed USB device number 2 using dummy_hcd
[  924.121728][T12380] usb 4-1: New USB device found, idVendor=08b7, idProduct=0000, bcdDevice= 0.00
[  924.161227][   T10] usb 6-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0
[  924.182407][T12380] usb 4-1: New USB device strings: Mfr=0, Product=0, SerialNumber=3
[  924.193152][   T10] usb 6-1: config 0 interface 0 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 21
[  924.978738][T12380] usb 4-1: SerialNumber: syz
[  924.987045][   T10] usb 6-1: New USB device found, idVendor=047f, idProduct=ffff, bcdDevice= 0.00
[  924.996880][   T10] usb 6-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  925.032212][   T10] usb 6-1: config 0 descriptor??
[  925.059207][ T5907] usb 7-1: config 0 has an invalid interface number: 133 but max is 0
[  925.084564][ T5907] usb 7-1: config 0 has no interface number 0
[  925.099662][ T5907] usb 7-1: New USB device found, idVendor=06cd, idProduct=0121, bcdDevice=dd.3d
[  925.130726][ T5907] usb 7-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  925.140228][ T5907] usb 7-1: Product: syz
[  925.144547][ T5907] usb 7-1: Manufacturer: syz
[  925.151361][ T5907] usb 7-1: SerialNumber: syz
[  925.161777][ T5907] usb 7-1: config 0 descriptor??
[  925.241368][T12380] usb 4-1: 0:2 : does not exist
[  925.303310][T12380] usb 4-1: USB disconnect, device number 23
[  925.420771][T16647] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy
[  925.433750][T16647] misc raw-gadget: fail, usb_gadget_register_driver returned -16
[  925.483264][   T10] plantronics 0003:047F:FFFF.0015: ignoring exceeding usage max
[  925.519311][   T10] plantronics 0003:047F:FFFF.0015: unbalanced collection at end of report description
[  925.539127][ T5907] keyspan 7-1:0.133: Keyspan 1 port adapter converter detected
[  926.032772][   T10] plantronics 0003:047F:FFFF.0015: parse failed
[  926.041093][T16636] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy
[  926.044461][ T5907] keyspan 7-1:0.133: found no endpoint descriptor for endpoint 81
[  926.070131][   T10] plantronics 0003:047F:FFFF.0015: probe with driver plantronics failed with error -22
[  926.093750][T16636] misc raw-gadget: fail, usb_gadget_register_driver returned -16
[  926.097628][ T5907] keyspan 7-1:0.133: found no endpoint descriptor for endpoint 1
[  926.169026][ T5907] keyspan 7-1:0.133: found no endpoint descriptor for endpoint 2
[  926.220698][ T5907] usb 7-1: Keyspan 1 port adapter converter now attached to ttyUSB0
[  926.259354][ T5907] usb 7-1: USB disconnect, device number 2
[  926.322767][ T5907] keyspan_1 ttyUSB0: Keyspan 1 port adapter converter now disconnected from ttyUSB0
[  926.373829][ T5907] keyspan 7-1:0.133: device disconnected
[  926.895171][ T5907] usb 7-1: new high-speed USB device number 3 using dummy_hcd
[  927.055498][ T5907] usb 7-1: device descriptor read/64, error -71
[  927.241824][T16677] netlink: 256 bytes leftover after parsing attributes in process `syz.3.2891'.
[  927.327269][ T5975] usb 6-1: USB disconnect, device number 20
[  927.335981][ T5907] usb 7-1: new high-speed USB device number 4 using dummy_hcd
[  927.505554][ T5907] usb 7-1: device descriptor read/64, error -71
[  927.656010][ T5907] usb usb7-port1: attempt power cycle
[  929.001309][ T5907] usb 7-1: new high-speed USB device number 5 using dummy_hcd
[  929.989914][ T5907] usb 7-1: device descriptor read/8, error -71
[  931.010811][ T5975] usb 5-1: new high-speed USB device number 104 using dummy_hcd
[  931.235862][ T5975] usb 5-1: Using ep0 maxpacket: 8
[  931.266145][ T5975] usb 5-1: New USB device found, idVendor=0ccd, idProduct=00b3, bcdDevice=2d.ee
[  931.311589][ T5975] usb 5-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  931.349304][ T5975] usb 5-1: Product: syz
[  931.379234][ T5975] usb 5-1: Manufacturer: syz
[  931.410563][ T5975] usb 5-1: SerialNumber: syz
[  931.496347][ T5975] usb 5-1: config 0 descriptor??
[  931.757870][ T5975] dvb_usb_rtl28xxu 5-1:0.0: chip type detection failed -71
[  931.791717][ T5975] dvb_usb_rtl28xxu 5-1:0.0: probe with driver dvb_usb_rtl28xxu failed with error -71
[  931.809252][ T5975] usb 5-1: USB disconnect, device number 104
[  932.416070][T16726] netlink: 24 bytes leftover after parsing attributes in process `syz.2.2905'.
[  933.667094][ T1303] ieee802154 phy0 wpan0: encryption failed: -22
[  933.673678][ T1303] ieee802154 phy1 wpan1: encryption failed: -22
[  934.289497][T16740] overlayfs: conflicting options: userxattr,redirect_dir=on
[  934.574899][T12380] usb 4-1: new high-speed USB device number 24 using dummy_hcd
[  934.787337][T12380] usb 4-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7
[  934.829021][T12380] usb 4-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0
[  934.885787][ T5976] usb 5-1: new high-speed USB device number 105 using dummy_hcd
[  934.910886][T12380] usb 4-1: config 0 interface 0 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 21
[  934.949020][T12380] usb 4-1: New USB device found, idVendor=047f, idProduct=ffff, bcdDevice= 0.00
[  934.969168][T12380] usb 4-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  935.020932][T12380] usb 4-1: config 0 descriptor??
[  935.067701][ T5975] usb 6-1: new high-speed USB device number 21 using dummy_hcd
[  935.169430][ T5976] usb 5-1: Using ep0 maxpacket: 16
[  935.343474][ T5975] usb 6-1: Using ep0 maxpacket: 16
[  935.369820][ T5975] usb 6-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config
[  935.382851][ T5975] usb 6-1: config 0 interface 0 altsetting 0 has an endpoint descriptor with address 0x33, changing to 0x3
[  935.399671][ T5975] usb 6-1: config 0 interface 0 altsetting 0 endpoint 0x3 has an invalid bInterval 0, changing to 7
[  935.424620][T16449] usb 7-1: new high-speed USB device number 7 using dummy_hcd
[  935.428944][ T5975] usb 6-1: config 0 interface 0 altsetting 0 endpoint 0x2 has invalid maxpacket 51807, setting to 1024
[  935.485261][ T5976] usb 5-1: New USB device found, idVendor=0d49, idProduct=7010, bcdDevice= c.90
[  935.589325][ T5976] usb 5-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  935.653278][ T5975] usb 6-1: config 0 interface 0 altsetting 0 bulk endpoint 0x2 has invalid maxpacket 1024
[  935.758173][ T5976] usb 5-1: Product: syz
[  935.763957][T12380] plantronics 0003:047F:FFFF.0016: hiddev0,hidraw0: USB HID v0.40 Device [HID 047f:ffff] on usb-dummy_hcd.3-1/input0
[  935.768778][ T5976] usb 5-1: Manufacturer: syz
[  935.784577][ T5975] usb 6-1: config 0 interface 0 altsetting 0 has 2 endpoint descriptors, different from the interface descriptor's value: 3
[  935.798028][ T5976] usb 5-1: SerialNumber: syz
[  935.804513][ T5975] usb 6-1: New USB device found, idVendor=2040, idProduct=b138, bcdDevice= 1.42
[  935.815757][ T5975] usb 6-1: New USB device strings: Mfr=4, Product=0, SerialNumber=0
[  935.828283][ T5976] usb 5-1: config 0 descriptor??
[  935.833750][ T5975] usb 6-1: Manufacturer: syz
[  935.848656][ T5976] ums-onetouch 5-1:0.0: USB Mass Storage device detected
[  935.858141][ T5975] usb 6-1: config 0 descriptor??
[  935.864383][T16449] usb 7-1: device descriptor read/64, error -71
[  936.078272][   T10] usb 3-1: new high-speed USB device number 44 using dummy_hcd
[  936.099315][ T5976] usb 6-1: USB disconnect, device number 21
[  936.107053][    T9] usb 5-1: USB disconnect, device number 105
[  936.154438][T16449] usb 7-1: new high-speed USB device number 8 using dummy_hcd
[  936.227960][   T10] usb 3-1: device descriptor read/64, error -71
[  936.314597][T16449] usb 7-1: device descriptor read/64, error -71
[  936.452786][T16449] usb usb7-port1: attempt power cycle
[  936.495658][   T10] usb 3-1: new high-speed USB device number 45 using dummy_hcd
[  936.644902][   T10] usb 3-1: device descriptor read/64, error -71
[  936.767190][   T10] usb usb3-port1: attempt power cycle
[  937.731807][T16449] usb 7-1: new high-speed USB device number 9 using dummy_hcd
[  937.778775][T16449] usb 7-1: device descriptor read/8, error -71
[  938.012765][T16773] (unnamed net_device) (uninitialized): option lacp_active: mode dependency failed, not supported in mode balance-rr(0)
[  938.125049][   T10] usb 3-1: new high-speed USB device number 46 using dummy_hcd
[  939.260780][   T10] usb 3-1: device descriptor read/8, error -71
[  939.351610][T12380] usb 4-1: USB disconnect, device number 24
[  940.109828][    T9] usb 6-1: new high-speed USB device number 22 using dummy_hcd
[  940.600385][   T30] audit: type=1326 audit(1755450858.536:355): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=16794 comm="syz.5.2924" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f49d5b8ebe9 code=0x7fc00000
[  941.593296][T16827] openvswitch: netlink: Missing key (keys=40, expected=200000)
[  942.012133][ T5976] usb 5-1: new high-speed USB device number 106 using dummy_hcd
[  942.971282][ T5976] usb 5-1: device descriptor read/64, error -71
[  943.338089][ T5976] usb 5-1: new high-speed USB device number 107 using dummy_hcd
[  943.615876][ T5976] usb 5-1: device descriptor read/64, error -71
[  943.733734][ T5976] usb usb5-port1: attempt power cycle
[  943.912720][T16849] Process accounting resumed
[  944.192438][ T5976] usb 5-1: new high-speed USB device number 108 using dummy_hcd
[  944.258546][ T5976] usb 5-1: device descriptor read/8, error -71
[  944.556261][ T5976] usb 5-1: new high-speed USB device number 109 using dummy_hcd
[  945.336613][ T5976] usb 5-1: device not accepting address 109, error -71
[  946.668428][ T5976] usb usb5-port1: unable to enumerate USB device
[  947.096922][T16863] fuse: Bad value for 'user_id'
[  947.115323][T16863] fuse: Bad value for 'user_id'
[  947.222405][T16865] netlink: 4 bytes leftover after parsing attributes in process `syz.4.2942'.
[  948.253157][T16880] netlink: 4 bytes leftover after parsing attributes in process `syz.6.2948'.
[  949.597325][T16890] sit0: entered promiscuous mode
[  949.602453][T16890] netlink: 'syz.4.2949': attribute type 1 has an invalid length.
[  949.610202][T16890] netlink: 1 bytes leftover after parsing attributes in process `syz.4.2949'.
[  950.005726][T16888] netlink: 12 bytes leftover after parsing attributes in process `syz.2.2950'.
[  950.703026][   T24] usb 5-1: new full-speed USB device number 110 using dummy_hcd
[  951.056820][   T24] usb 5-1: device descriptor read/64, error -71
[  951.355216][   T24] usb 5-1: new full-speed USB device number 111 using dummy_hcd
[  951.831834][   T24] usb 5-1: device descriptor read/64, error -71
[  951.967749][   T24] usb usb5-port1: attempt power cycle
[  952.467242][   T24] usb 5-1: new full-speed USB device number 112 using dummy_hcd
[  952.580507][   T24] usb 5-1: device descriptor read/8, error -71
[  952.948176][   T24] usb 5-1: new full-speed USB device number 113 using dummy_hcd
[  953.040208][   T24] usb 5-1: device descriptor read/8, error -71
[  953.223258][   T24] usb usb5-port1: unable to enumerate USB device
[  955.696116][T16936] netlink: 64 bytes leftover after parsing attributes in process `syz.6.2961'.
[  956.070996][    T9] usb 4-1: new full-speed USB device number 25 using dummy_hcd
[  956.133854][   T10] usb 7-1: new high-speed USB device number 11 using dummy_hcd
[  956.255360][    T9] usb 4-1: device descriptor read/64, error -71
[  956.326156][   T10] usb 7-1: Using ep0 maxpacket: 32
[  956.338051][   T10] usb 7-1: config 0 has an invalid interface number: 132 but max is 0
[  956.346271][   T10] usb 7-1: config 0 has no interface number 0
[  956.368994][   T10] usb 7-1: config 0 interface 132 has no altsetting 0
[  956.381891][   T10] usb 7-1: New USB device found, idVendor=0525, idProduct=9901, bcdDevice=39.75
[  956.393734][   T10] usb 7-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  956.412303][   T10] usb 7-1: Product: syz
[  956.416569][   T10] usb 7-1: Manufacturer: syz
[  956.422249][   T10] usb 7-1: SerialNumber: syz
[  956.447240][   T10] usb 7-1: config 0 descriptor??
[  956.497632][ T5976] usb 3-1: new high-speed USB device number 48 using dummy_hcd
[  956.575817][    T9] usb 4-1: new full-speed USB device number 26 using dummy_hcd
[  956.667184][   T30] audit: type=1326 audit(1755450873.559:356): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=16950 comm="syz.4.2967" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f3fb738ebe9 code=0x7ffc0000
[  956.674795][ T5976] usb 3-1: Using ep0 maxpacket: 8
[  956.706344][   T10] cdc_subset 7-1:0.132: probe with driver cdc_subset failed with error -71
[  956.723685][    T9] usb 4-1: device descriptor read/64, error -71
[  956.741446][ T5976] usb 3-1: unable to get BOS descriptor or descriptor too short
[  956.742598][   T30] audit: type=1326 audit(1755450873.559:357): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=16950 comm="syz.4.2967" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f3fb738ebe9 code=0x7ffc0000
[  956.759931][ T5976] usb 3-1: config 1 has an invalid interface number: 4 but max is 2
[  956.794794][ T5976] usb 3-1: config 1 has no interface number 1
[  956.797249][   T10] usb 7-1: USB disconnect, device number 11
[  956.814428][ T5976] usb 3-1: too many endpoints for config 1 interface 4 altsetting 16: 195, using maximum allowed: 30
[  956.814582][   T30] audit: type=1326 audit(1755450873.559:358): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=16950 comm="syz.4.2967" exe="/root/syz-executor" sig=0 arch=c000003e syscall=53 compat=0 ip=0x7f3fb738ebe9 code=0x7ffc0000
[  956.852752][    T9] usb usb4-port1: attempt power cycle
[  956.860450][   T30] audit: type=1326 audit(1755450873.559:359): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=16950 comm="syz.4.2967" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f3fb738ebe9 code=0x7ffc0000
[  956.884506][   T30] audit: type=1326 audit(1755450873.568:360): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=16950 comm="syz.4.2967" exe="/root/syz-executor" sig=0 arch=c000003e syscall=42 compat=0 ip=0x7f3fb738ebe9 code=0x7ffc0000
[  956.885299][ T5976] usb 3-1: config 1 interface 4 altsetting 16 has 0 endpoint descriptors, different from the interface descriptor's value: 195
[  956.924497][   T30] audit: type=1326 audit(1755450873.568:361): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=16950 comm="syz.4.2967" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f3fb738ebe9 code=0x7ffc0000
[  956.952037][   T30] audit: type=1326 audit(1755450873.568:362): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=16950 comm="syz.4.2967" exe="/root/syz-executor" sig=0 arch=c000003e syscall=41 compat=0 ip=0x7f3fb738ebe9 code=0x7ffc0000
[  956.975159][   T30] audit: type=1326 audit(1755450873.568:363): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=16950 comm="syz.4.2967" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f3fb738ebe9 code=0x7ffc0000
[  956.992638][ T5976] usb 3-1: config 1 interface 4 has no altsetting 0
[  956.997538][   T30] audit: type=1326 audit(1755450873.568:364): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=16950 comm="syz.4.2967" exe="/root/syz-executor" sig=0 arch=c000003e syscall=257 compat=0 ip=0x7f3fb738ebe9 code=0x7ffc0000
[  957.023780][ T5976] usb 3-1: New USB device found, idVendor=1d6b, idProduct=0101, bcdDevice= 0.40
[  957.025546][   T30] audit: type=1326 audit(1755450873.568:365): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=16950 comm="syz.4.2967" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f3fb738ebe9 code=0x7ffc0000
[  957.059938][ T5976] usb 3-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  957.073758][ T5976] usb 3-1: Product: syz
[  957.081315][ T5976] usb 3-1: Manufacturer: syz
[  957.086081][ T5976] usb 3-1: SerialNumber: syz
[  957.245595][    T9] usb 4-1: new full-speed USB device number 27 using dummy_hcd
[  957.272075][    T9] usb 4-1: device descriptor read/8, error -71
[  957.320207][T16946] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy
[  957.343217][T16946] misc raw-gadget: fail, usb_gadget_register_driver returned -16
[  957.370973][T16946] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy
[  957.436524][T16946] misc raw-gadget: fail, usb_gadget_register_driver returned -16
[  957.472858][T16946] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy
[  957.501320][T16946] misc raw-gadget: fail, usb_gadget_register_driver returned -16
[  957.536255][T16946] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy
[  957.546955][    T9] usb 4-1: new full-speed USB device number 28 using dummy_hcd
[  957.584581][T16946] misc raw-gadget: fail, usb_gadget_register_driver returned -16
[  957.603217][    T9] usb 4-1: device descriptor read/8, error -71
[  957.614728][T16946] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy
[  957.647775][T16946] misc raw-gadget: fail, usb_gadget_register_driver returned -16
[  957.736566][ T5976] usb 3-1: 2:1 : sample bitwidth 247 in over sample bytes 4
[  958.408212][    T9] usb usb4-port1: unable to enumerate USB device
[  958.440909][ T5976] usb 3-1: 2:1 : invalid UAC_FORMAT_TYPE desc
[  958.485319][ T5976] hub 3-1:1.4: Invalid hub with more than one config or interface
[  958.501458][ T5976] hub 3-1:1.4: probe with driver hub failed with error -22
[  958.541692][   T10] usb 7-1: new high-speed USB device number 12 using dummy_hcd
[  958.552733][ T5976] usb 3-1: USB disconnect, device number 48
[  958.688865][   T10] usb 7-1: device descriptor read/64, error -71
[  958.779530][ T5975] usb 5-1: new full-speed USB device number 114 using dummy_hcd
[  958.924077][ T5975] usb 5-1: device descriptor read/64, error -71
[  958.945363][   T10] usb 7-1: new high-speed USB device number 13 using dummy_hcd
[  959.127880][   T10] usb 7-1: device descriptor read/64, error -71
[  959.180770][ T5975] usb 5-1: new full-speed USB device number 115 using dummy_hcd
[  959.707141][   T10] usb usb7-port1: attempt power cycle
[  959.757865][ T5975] usb 5-1: device descriptor read/64, error -71
[  959.918964][ T5975] usb usb5-port1: attempt power cycle
[  960.063866][T16982] vhci_hcd vhci_hcd.0: pdev(2) rhport(0) sockfd(11)
[  960.063909][T16982] vhci_hcd vhci_hcd.0: devid(0) speed(3) speed_str(high-speed)
[  960.063987][T16982] vhci_hcd vhci_hcd.0: Device attached
[  960.067977][   T10] usb 7-1: new high-speed USB device number 14 using dummy_hcd
[  960.093891][   T10] usb 7-1: device descriptor read/8, error -71
[  960.347070][   T10] usb 7-1: new high-speed USB device number 15 using dummy_hcd
[  960.436193][   T10] usb 7-1: device descriptor read/8, error -71
[  960.806720][ T5975] usb 5-1: new full-speed USB device number 116 using dummy_hcd
[  960.824945][   T24] usb 37-1: new high-speed USB device number 3 using vhci_hcd
[  960.863791][T16983] vhci_hcd: connection closed
[  961.180696][T16984] vhci_hcd: sendmsg failed!, ret=-32 for 48
[  961.184189][ T5975] usb 5-1: device descriptor read/8, error -71
[  961.184782][   T10] usb usb7-port1: unable to enumerate USB device
[  961.287660][ T9180] vhci_hcd: stop threads
[  961.287786][ T9180] vhci_hcd: release socket
[  961.288013][ T9180] vhci_hcd: disconnect device
[  961.468623][ T5975] usb 5-1: new full-speed USB device number 117 using dummy_hcd
[  961.477564][T16955] delete_channel: no stack
[  961.504898][ T5975] usb 5-1: device descriptor read/8, error -71
[  961.592037][T16987] netlink: 8 bytes leftover after parsing attributes in process `syz.2.2979'.
[  961.680338][ T5975] usb usb5-port1: unable to enumerate USB device
[  964.580084][T17013] overlayfs: conflicting options: userxattr,redirect_dir=on
[  964.588098][T15458] bond0: (slave syz_tun): Releasing backup interface
[  964.836023][   T10] usb 7-1: new full-speed USB device number 16 using dummy_hcd
[  964.870685][T17017] sctp: [Deprecated]: syz.2.2987 (pid 17017) Use of int in max_burst socket option.
[  964.870685][T17017] Use struct sctp_assoc_value instead
[  965.000741][   T10] usb 7-1: device descriptor read/64, error -71
[  965.284987][   T10] usb 7-1: new full-speed USB device number 17 using dummy_hcd
[  965.292997][T17026] syzkaller0: mtu less than device minimum
[  965.319397][ T5849] Bluetooth: hci1: unexpected cc 0x0c03 length: 249 > 1
[  965.332264][ T5849] Bluetooth: hci1: unexpected cc 0x1003 length: 249 > 9
[  965.341654][ T5849] Bluetooth: hci1: unexpected cc 0x1001 length: 249 > 9
[  965.387192][ T5849] Bluetooth: hci1: unexpected cc 0x0c23 length: 249 > 4
[  965.395288][ T5849] Bluetooth: hci1: unexpected cc 0x0c38 length: 249 > 2
[  965.488077][   T10] usb 7-1: device descriptor read/64, error -71
[  965.623846][   T10] usb usb7-port1: attempt power cycle
[  966.044197][   T10] usb 7-1: new full-speed USB device number 18 using dummy_hcd
[  966.080076][   T10] usb 7-1: device descriptor read/8, error -71
[  966.216577][T17027] chnl_net:caif_netlink_parms(): no params data found
[  966.341524][   T10] usb 7-1: new full-speed USB device number 19 using dummy_hcd
[  966.386955][   T10] usb 7-1: device descriptor read/8, error -71
[  966.525728][   T10] usb usb7-port1: unable to enumerate USB device
[  966.771139][   T24] vhci_hcd: vhci_device speed not set
[  967.145382][T17027] bridge0: port 1(bridge_slave_0) entered blocking state
[  967.154634][T17027] bridge0: port 1(bridge_slave_0) entered disabled state
[  967.182256][T17027] bridge_slave_0: entered allmulticast mode
[  967.211815][T17027] bridge_slave_0: entered promiscuous mode
[  967.237548][T17027] bridge0: port 2(bridge_slave_1) entered blocking state
[  967.258996][T17027] bridge0: port 2(bridge_slave_1) entered disabled state
[  967.292320][T17027] bridge_slave_1: entered allmulticast mode
[  967.416620][T17027] bridge_slave_1: entered promiscuous mode
[  967.615724][ T5849] Bluetooth: hci1: command tx timeout
[  968.860590][T17027] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link
[  968.961114][T17027] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link
[  969.206507][T17027] team0: Port device team_slave_0 added
[  969.261209][T17027] team0: Port device team_slave_1 added
[  969.839394][ T5849] Bluetooth: hci1: command tx timeout
[  970.861125][T17027] batman_adv: batadv0: Adding interface: batadv_slave_0
[  970.921120][T17027] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[  970.983019][   T30] kauditd_printk_skb: 43 callbacks suppressed
[  970.983041][   T30] audit: type=1326 audit(1755450886.954:409): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=17101 comm="syz.2.3005" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fa0e698ebe9 code=0x7ffc0000
[  970.994581][T17027] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active
[  971.034773][T17027] batman_adv: batadv0: Adding interface: batadv_slave_1
[  971.058066][T17027] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[  971.089735][   T30] audit: type=1326 audit(1755450886.954:410): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=17101 comm="syz.2.3005" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fa0e698ebe9 code=0x7ffc0000
[  971.124065][   T30] audit: type=1326 audit(1755450886.954:411): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=17101 comm="syz.2.3005" exe="/root/syz-executor" sig=0 arch=c000003e syscall=111 compat=0 ip=0x7fa0e698ebe9 code=0x7ffc0000
[  971.138119][T17027] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active
[  971.150219][   T30] audit: type=1326 audit(1755450886.954:412): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=17101 comm="syz.2.3005" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fa0e698ebe9 code=0x7ffc0000
[  971.183151][   T30] audit: type=1326 audit(1755450886.954:413): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=17101 comm="syz.2.3005" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fa0e698ebe9 code=0x7ffc0000
[  971.212574][   T30] audit: type=1326 audit(1755450886.954:414): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=17101 comm="syz.2.3005" exe="/root/syz-executor" sig=0 arch=c000003e syscall=234 compat=0 ip=0x7fa0e698ebe9 code=0x7ffc0000
[  971.250277][ T2155] usb 3-1: new high-speed USB device number 49 using dummy_hcd
[  971.427526][ T2155] usb 3-1: Using ep0 maxpacket: 32
[  971.450956][   T30] audit: type=1326 audit(1755450886.954:415): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=17101 comm="syz.2.3005" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fa0e698ebe9 code=0x7ffc0000
[  971.465204][ T2155] usb 3-1: config 0 has an invalid interface number: 42 but max is 0
[  971.485483][   T30] audit: type=1326 audit(1755450886.954:416): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=17101 comm="syz.2.3005" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fa0e698ebe9 code=0x7ffc0000
[  971.536272][ T2155] usb 3-1: config 0 has no interface number 0
[  971.540501][   T30] audit: type=1326 audit(1755450886.954:417): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=17101 comm="syz.2.3005" exe="/root/syz-executor" sig=0 arch=c000003e syscall=321 compat=0 ip=0x7fa0e698ebe9 code=0x7ffc0000
[  971.557177][ T2155] usb 3-1: New USB device found, idVendor=1bcf, idProduct=0b40, bcdDevice=42.27
[  971.579369][ T2155] usb 3-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  971.587763][ T2155] usb 3-1: Product: syz
[  971.591970][ T2155] usb 3-1: Manufacturer: syz
[  971.607598][ T2155] usb 3-1: SerialNumber: syz
[  971.665137][ T2155] usb 3-1: config 0 descriptor??
[  971.719897][T17027] hsr_slave_0: entered promiscuous mode
[  971.771953][T17027] hsr_slave_1: entered promiscuous mode
[  971.810508][T17027] debugfs: Directory 'hsr0' with parent 'hsr' already present!
[  971.870945][T17027] Cannot create hsr debugfs directory
[  971.923996][   T30] audit: type=1326 audit(1755450886.954:418): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=17101 comm="syz.2.3005" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fa0e698ebe9 code=0x7ffc0000
[  972.065411][ T5849] Bluetooth: hci1: command tx timeout
[  972.150323][ T2155] usb 3-1: Found UVC 0.00 device syz (1bcf:0b40)
[  972.156758][ T2155] usb 3-1: Forcing UVC version to 1.0a
[  972.198502][ T2155] usb 3-1: No valid video chain found.
[  972.221047][ T2155] usb 3-1: USB disconnect, device number 49
[  972.839667][T17027] netdevsim netdevsim4 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 34585 - 0
[  972.876665][T17027] netdevsim netdevsim4 netdevsim3 (unregistering): unset [1, 1] type 2 family 0 port 54953 - 0
[  973.713534][T17027] netdevsim netdevsim4 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 34585 - 0
[  973.784055][T17027] netdevsim netdevsim4 netdevsim2 (unregistering): unset [1, 1] type 2 family 0 port 54953 - 0
[  973.853575][T17123] fuse: Bad value for 'rootmode'
[  974.026230][T17027] netdevsim netdevsim4 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 34585 - 0
[  974.083331][T17027] netdevsim netdevsim4 netdevsim1 (unregistering): unset [1, 1] type 2 family 0 port 54953 - 0
[  974.293135][ T5849] Bluetooth: hci1: command tx timeout
[  975.161206][T17027] netdevsim netdevsim4 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 34585 - 0
[  975.254658][T17027] netdevsim netdevsim4 netdevsim0 (unregistering): unset [1, 1] type 2 family 0 port 54953 - 0
[  975.938282][T17027] netdevsim netdevsim4 netdevsim0: renamed from eth0
[  975.991198][T17027] netdevsim netdevsim4 netdevsim1: renamed from eth1
[  976.037929][T17027] netdevsim netdevsim4 netdevsim2: renamed from eth2
[  976.198103][T17153] syz.6.3017: attempt to access beyond end of device
[  976.198103][T17153] nbd6: rw=0, sector=0, nr_sectors = 1 limit=0
[  976.212983][T17153] (syz.6.3017,17153,0):ocfs2_get_sector:1714 ERROR: status = -5
[  976.221035][T17153] (syz.6.3017,17153,0):ocfs2_sb_probe:753 ERROR: status = -5
[  976.228804][T17153] (syz.6.3017,17153,0):ocfs2_fill_super:989 ERROR: superblock probe failed!
[  976.239459][T17153] (syz.6.3017,17153,0):ocfs2_fill_super:1177 ERROR: status = -5
[  976.331138][T17027] netdevsim netdevsim4 netdevsim3: renamed from eth3
[  976.399447][T17144] delete_channel: no stack
[  977.361998][T17027] 8021q: adding VLAN 0 to HW filter on device bond0
[  977.470599][T17027] 8021q: adding VLAN 0 to HW filter on device team0
[  977.557693][ T6188] bridge0: port 1(bridge_slave_0) entered blocking state
[  977.564919][ T6188] bridge0: port 1(bridge_slave_0) entered forwarding state
[  977.625819][ T6188] bridge0: port 2(bridge_slave_1) entered blocking state
[  977.633101][ T6188] bridge0: port 2(bridge_slave_1) entered forwarding state
[  978.577833][T17171] Bluetooth: MGMT ver 1.23
[  978.913035][T17173] overlayfs: failed to resolve './file0': -2
[  980.102267][ T5976] usb 6-1: new high-speed USB device number 23 using dummy_hcd
[  980.278618][T17027] 8021q: adding VLAN 0 to HW filter on device batadv0
[  980.320528][ T5976] usb 6-1: config 0 interface 0 altsetting 0 endpoint 0x4 has invalid wMaxPacketSize 0
[  980.333016][ T5976] usb 6-1: config 0 interface 0 altsetting 0 has 2 endpoint descriptors, different from the interface descriptor's value: 1
[  980.369100][ T5976] usb 6-1: New USB device found, idVendor=2294, idProduct=425a, bcdDevice=d1.41
[  980.389488][ T5976] usb 6-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  980.410494][ T5976] usb 6-1: Product: syz
[  980.417162][ T5976] usb 6-1: Manufacturer: syz
[  980.421942][ T5976] usb 6-1: SerialNumber: syz
[  980.440489][ T5976] usb 6-1: config 0 descriptor??
[  980.467435][ T5976] usb 6-1: ucan: probing device on interface #0
[  980.473748][ T5976] usb 6-1: ucan: invalid EP count (1)
[  980.491448][ T5976] usb 6-1: ucan: probe failed; try to update the device firmware
[  980.492230][   T30] kauditd_printk_skb: 68 callbacks suppressed
[  980.492246][   T30] audit: type=1326 audit(1755450895.840:487): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=17192 comm="syz.2.3025" exe="/root/syz-executor" sig=9 arch=c000003e syscall=231 compat=0 ip=0x7fa0e698ebe9 code=0x0
[  980.648535][T17193] Bluetooth: hci4: Opcode 0x0c1a failed: -4
[  980.657361][T17193] Bluetooth: hci3: Opcode 0x0c1a failed: -4
[  980.752800][T17193] Bluetooth: hci3: Opcode 0x0406 failed: -4
[  980.758500][T12380] usb 6-1: USB disconnect, device number 23
[  981.210598][T17193] Bluetooth: hci2: Opcode 0x0c1a failed: -4
[  981.537153][T17193] Bluetooth: hci2: Opcode 0x0406 failed: -4
[  981.589121][T17193] Bluetooth: hci5: Opcode 0x0c1a failed: -4
[  981.595169][T17193] Bluetooth: hci5: Opcode 0x0406 failed: -4
[  981.677324][T17193] Bluetooth: hci5: Opcode 0x0406 failed: -4
[  981.724027][T17193] Bluetooth: hci0: Opcode 0x0c1a failed: -4
[  981.763828][T17193] Bluetooth: hci0: Opcode 0x0406 failed: -4
[  981.800085][T17193] Bluetooth: hci0: Opcode 0x0406 failed: -4
[  981.848718][T17193] Bluetooth: hci1: Opcode 0x0c1a failed: -4
[  981.877482][T17193] Bluetooth: hci1: Opcode 0x0406 failed: -4
[  981.892222][T17193] Bluetooth: hci1: Opcode 0x0406 failed: -4
[  982.061363][T17027] veth0_vlan: entered promiscuous mode
[  982.108024][T17027] veth1_vlan: entered promiscuous mode
[  982.186858][ T5976] usb 6-1: new high-speed USB device number 24 using dummy_hcd
[  982.186858][   T10] usb 7-1: new high-speed USB device number 20 using dummy_hcd
[  982.200648][T17027] veth0_macvtap: entered promiscuous mode
[  982.265801][T17027] veth1_macvtap: entered promiscuous mode
[  982.336876][T17027] batman_adv: batadv0: Interface activated: batadv_slave_0
[  982.347186][   T10] usb 7-1: Using ep0 maxpacket: 8
[  982.356854][   T10] usb 7-1: config 2 has an invalid interface number: 169 but max is 0
[  982.392651][   T10] usb 7-1: config 2 has no interface number 0
[  982.396032][T17027] batman_adv: batadv0: Interface activated: batadv_slave_1
[  982.411379][ T5976] usb 6-1: Using ep0 maxpacket: 16
[  982.430387][   T10] usb 7-1: config 2 interface 169 altsetting 0 has an invalid descriptor for endpoint zero, skipping
[  982.434438][ T5976] usb 6-1: config 1 has an invalid descriptor of length 0, skipping remainder of the config
[  982.473190][T17027] netdevsim netdevsim4 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0
[  982.485695][   T10] usb 7-1: config 2 interface 169 altsetting 0 has an endpoint descriptor with address 0xAB, changing to 0x8B
[  982.495749][ T5976] usb 6-1: config 1 has 1 interface, different from the descriptor's value: 3
[  982.518806][   T10] usb 7-1: config 2 interface 169 altsetting 0 endpoint 0x8B has an invalid bInterval 129, changing to 11
[  982.520439][ T5976] usb 6-1: New USB device found, idVendor=1d6b, idProduct=0101, bcdDevice= 0.40
[  982.550435][T17027] netdevsim netdevsim4 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0
[  982.551991][   T10] usb 7-1: config 2 interface 169 altsetting 0 endpoint 0x8B has invalid maxpacket 58232, setting to 1024
[  982.559178][T17027] netdevsim netdevsim4 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0
[  982.593031][ T5976] usb 6-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  982.601098][ T5976] usb 6-1: Product: syz
[  982.614364][ T5976] usb 6-1: Manufacturer: syz
[  982.619022][ T5976] usb 6-1: SerialNumber: syz
[  982.624868][   T10] usb 7-1: config 2 interface 169 altsetting 0 has 3 endpoint descriptors, different from the interface descriptor's value: 2
[  982.634219][T17027] netdevsim netdevsim4 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0
[  982.645022][T17215] netlink: 4 bytes leftover after parsing attributes in process `syz.2.3029'.
[  982.667470][T17219] input: syz0 as /devices/virtual/input/input37
[  982.675117][ T5849] Bluetooth: hci4: command 0x0c1a tx timeout
[  982.677801][   T10] usb 7-1: New USB device found, idVendor=1163, idProduct=0200, bcdDevice=b8.92
[  982.716797][   T10] usb 7-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  982.810916][   T10] cypress_m8 7-1:2.169: DeLorme Earthmate USB converter detected
[  982.849963][ T5849] Bluetooth: hci3: command 0x0406 tx timeout
[  982.910861][ T5976] usb 6-1: 0:2 : does not exist
[  983.009161][ T5976] usb 6-1: 5:0: failed to get current value for ch 0 (-22)
[  983.075222][T14746] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[  983.083246][T14746] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50
[  983.099988][ T5976] usb 6-1: USB disconnect, device number 24
[  983.196660][T16507] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[  983.223146][T16507] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50
[  983.277288][T12380] usb 3-1: new high-speed USB device number 50 using dummy_hcd
[  983.353095][ T5849] Bluetooth: hci2: command 0x0406 tx timeout
[  983.483416][T12380] usb 3-1: Using ep0 maxpacket: 16
[  983.489014][T17223] netlink: 4 bytes leftover after parsing attributes in process `syz.4.2981'.
[  983.506253][T12380] usb 3-1: too many configurations: 18, using maximum allowed: 8
[  983.530147][T12380] usb 3-1: unable to read config index 0 descriptor/start: -61
[  983.556744][T12380] usb 3-1: can't read configurations, error -61
[  983.715652][T12380] usb 3-1: new high-speed USB device number 51 using dummy_hcd
[  983.758186][    C0] hrtimer: interrupt took 35512 ns
[  983.781033][ T5849] Bluetooth: hci5: command 0x0c1a tx timeout
[  983.865955][ T5849] Bluetooth: hci0: command 0x0405 tx timeout
[  983.886626][T12380] usb 3-1: Using ep0 maxpacket: 16
[  983.895549][T12380] usb 3-1: too many configurations: 18, using maximum allowed: 8
[  983.922566][T12380] usb 3-1: unable to read config index 0 descriptor/start: -61
[  983.930593][T12380] usb 3-1: can't read configurations, error -61
[  983.937431][T12380] usb usb3-port1: attempt power cycle
[  983.989387][T17230] veth0: entered promiscuous mode
[  984.049448][ T5849] Bluetooth: hci1: command 0x0c1a tx timeout
[  984.130638][T17230] veth0: left promiscuous mode
[  984.170907][   T10] usb 7-1: DeLorme Earthmate USB converter now attached to ttyUSB0
[  984.239484][   T10] usb 7-1: USB disconnect, device number 20
[  984.302629][   T10] earthmate ttyUSB0: DeLorme Earthmate USB converter now disconnected from ttyUSB0
[  984.321749][T12380] usb 3-1: new high-speed USB device number 52 using dummy_hcd
[  984.368385][   T10] cypress_m8 7-1:2.169: device disconnected
[  984.389105][T12380] usb 3-1: Using ep0 maxpacket: 16
[  984.398849][T17240] syz.6.3037: attempt to access beyond end of device
[  984.398849][T17240] nbd6: rw=2048, sector=2, nr_sectors = 1 limit=0
[  984.401924][T12380] usb 3-1: too many configurations: 18, using maximum allowed: 8
[  984.421083][   T24] usb 4-1: new high-speed USB device number 29 using dummy_hcd
[  984.434698][T12380] usb 3-1: unable to read config index 0 descriptor/start: -61
[  984.454630][T12380] usb 3-1: can't read configurations, error -61
[  984.612368][   T24] usb 4-1: New USB device found, idVendor=0bed, idProduct=1100, bcdDevice=ec.c3
[  984.625573][ T5975] usb 5-1: new high-speed USB device number 118 using dummy_hcd
[  984.657061][   T24] usb 4-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  984.731188][   T24] usb 4-1: config 0 descriptor??
[  984.768094][T17243] smc: net device bond0 applied user defined pnetid SYZ2
[  984.795284][T12380] usb 3-1: new high-speed USB device number 53 using dummy_hcd
[  984.796234][   T24] cp210x 4-1:0.0: cp210x converter detected
[  984.870414][ T2155] usb 6-1: new high-speed USB device number 25 using dummy_hcd
[  984.887711][ T5975] usb 5-1: Using ep0 maxpacket: 16
[  984.960066][ T5975] usb 5-1: unable to get BOS descriptor or descriptor too short
[  985.062842][ T5849] Bluetooth: hci3: command 0x0406 tx timeout
[  985.097614][ T5975] usb 5-1: config 7 interface 0 has no altsetting 0
[  985.147590][ T2155] usb 6-1: Using ep0 maxpacket: 8
[  985.347256][ T5975] usb 5-1: New USB device found, idVendor=a257, idProduct=2013, bcdDevice=8f.26
[  985.396498][ T2155] usb 6-1: New USB device found, idVendor=0c45, idProduct=613e, bcdDevice=c4.6d
[  985.500040][ T5975] usb 5-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  985.508733][ T2155] usb 6-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  985.512258][T12380] usb 3-1: Using ep0 maxpacket: 16
[  985.523120][T12380] usb 3-1: too many configurations: 18, using maximum allowed: 8
[  985.543145][T12380] usb 3-1: unable to read config index 0 descriptor/start: -61
[  985.551445][T12380] usb 3-1: can't read configurations, error -61
[  985.559749][T12380] usb usb3-port1: unable to enumerate USB device
[  985.571570][ T5975] usb 5-1: Product: syz
[  985.582373][ T2155] usb 6-1: Product: syz
[  985.586402][ T5849] Bluetooth: hci2: command 0x0406 tx timeout
[  985.590386][ T5975] usb 5-1: Manufacturer: syz
[  985.601311][ T2155] usb 6-1: Manufacturer: syz
[  985.605976][ T2155] usb 6-1: SerialNumber: syz
[  985.635460][ T5975] usb 5-1: SerialNumber: syz
[  985.855934][ T2155] usb 6-1: config 0 descriptor??
[  985.892375][ T2155] gspca_main: sonixj-2.14.0 probing 0c45:613e
[  986.052148][   T24] cp210x 4-1:0.0: failed to get vendor val 0x0010 size 3: -32
[  986.067716][ T5849] Bluetooth: hci5: command 0x0c1a tx timeout
[  986.089232][ T5849] Bluetooth: hci0: command 0x0405 tx timeout
[  986.115810][T17237] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy
[  986.261863][ T5849] Bluetooth: hci1: command 0x0c1a tx timeout
[  986.403541][T17237] misc raw-gadget: fail, usb_gadget_register_driver returned -16
[  986.447258][ T2155] gspca_sonixj: reg_w1 err -110
[  986.488943][   T24] usb 4-1: cp210x converter now attached to ttyUSB0
[  986.490097][T17237] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy
[  986.518721][ T2155] sonixj 6-1:0.0: probe with driver sonixj failed with error -110
[  986.543894][T17237] misc raw-gadget: fail, usb_gadget_register_driver returned -16
[  986.626051][T17237] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy
[  986.667419][T17237] misc raw-gadget: fail, usb_gadget_register_driver returned -16
[  986.701953][T17237] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy
[  986.767061][T17237] misc raw-gadget: fail, usb_gadget_register_driver returned -16
[  986.767565][T17252] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy
[  986.869402][T17252] misc raw-gadget: fail, usb_gadget_register_driver returned -16
[  987.089718][ T5975] usb 5-1: USB disconnect, device number 118
[  987.737119][   T24] usb 5-1: new high-speed USB device number 119 using dummy_hcd
[  987.972880][   T24] usb 5-1: config 160 has an invalid interface number: 200 but max is 0
[  988.004318][   T24] usb 5-1: config 160 has no interface number 0
[  988.023480][   T24] usb 5-1: config 160 interface 200 has no altsetting 0
[  988.052541][   T24] usb 5-1: New USB device found, idVendor=21bb, idProduct=2070, bcdDevice=87.0b
[  988.080085][   T24] usb 5-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  988.098692][   T24] usb 5-1: Product: syz
[  988.107473][   T24] usb 5-1: Manufacturer: syz
[  988.119100][   T24] usb 5-1: SerialNumber: syz
[  988.227325][ T5849] Bluetooth: hci5: command 0x0c1a tx timeout
[  988.256552][T17280] block device autoloading is deprecated and will be removed.
[  988.312653][ T5849] Bluetooth: hci0: command 0x0405 tx timeout
[  988.488570][ T2155] usb 4-1: USB disconnect, device number 29
[  988.499177][ T5849] Bluetooth: hci1: command 0x0c1a tx timeout
[  988.518498][ T2155] cp210x ttyUSB0: cp210x converter now disconnected from ttyUSB0
[  988.539965][ T2155] cp210x 4-1:0.0: device disconnected
[  988.600350][T17286] libceph: resolve '.
[  988.600350][T17286] #)|.��f��ǝ�a���2s�o�w���?�'�%ЏKAq�f��C���z�e�Sb3L)Hy�o����������Ǥ�Y�M�����h�E$
[  988.600350][T17286] ' (ret=-3): failed
[  988.677654][   T24] usb 5-1: Quirk or no altset; falling back to MIDI 1.0
[  988.684702][   T24] usb 5-1: MIDIStreaming interface descriptor not found
[  988.806711][   T24] usb 5-1: USB disconnect, device number 119
[  988.975556][T16449] usb 6-1: USB disconnect, device number 25
[  990.076597][T16449] usb 3-1: new high-speed USB device number 54 using dummy_hcd
[  990.236845][T16449] usb 3-1: Using ep0 maxpacket: 8
[  990.282228][T16449] usb 3-1: unable to get BOS descriptor or descriptor too short
[  990.291925][T16449] usb 3-1: config 7 has an invalid descriptor of length 0, skipping remainder of the config
[  990.322489][T16449] usb 3-1: config 7 interface 0 altsetting 0 endpoint 0x7 has an invalid bInterval 0, changing to 7
[  990.365743][T16449] usb 3-1: No eUSB2 isoc ep 7 companion for config 7 interface 0 altsetting 0
[  990.374768][T16449] usb 3-1: config 7 interface 0 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 2
[  990.442930][T16449] usb 3-1: New USB device found, idVendor=0489, idProduct=e0b5, bcdDevice=ae.2a
[  990.463009][T16449] usb 3-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  990.493450][T16449] usb 3-1: Product: syz
[  990.511833][T16449] usb 3-1: Manufacturer: syz
[  990.533441][T16449] usb 3-1: SerialNumber: syz
[  990.832455][T16449] usb 3-1: USB disconnect, device number 54
[  990.866325][T17315] block nbd4: shutting down sockets
[  992.514817][T17339] netlink: 8 bytes leftover after parsing attributes in process `syz.6.3059'.
[  993.131023][ T2155] usb 4-1: new high-speed USB device number 30 using dummy_hcd
[  993.326383][ T2155] usb 4-1: Using ep0 maxpacket: 16
[  993.333953][ T2155] usb 4-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config
[  993.359045][ T2155] usb 4-1: New USB device found, idVendor=05ac, idProduct=0244, bcdDevice= 0.00
[  993.384919][ T2155] usb 4-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  993.429241][ T2155] usb 4-1: config 0 descriptor??
[  993.452869][ T2155] input: bcm5974 as /devices/platform/dummy_hcd.3/usb4/4-1/4-1:0.0/input/input38
[  996.469625][ T5191] bcm5974 4-1:0.0: could not read from device
[  996.526831][ T5191] bcm5974 4-1:0.0: could not read from device
[  996.582330][ T5191] bcm5974 4-1:0.0: could not read from device
[  996.589233][ T2155] usb 4-1: USB disconnect, device number 30
[  999.402554][ T1303] ieee802154 phy0 wpan0: encryption failed: -22
[  999.889937][ T1303] ieee802154 phy1 wpan1: encryption failed: -22
[ 1001.353881][T17379] erofs (device nbd4): cannot find valid erofs superblock
[ 1001.751795][T17390] binder: BINDER_SET_CONTEXT_MGR already set
[ 1001.757854][T17390] binder: 17387:17390 ioctl 4018620d 200000000100 returned -16
[ 1002.107118][    T9] usb 7-1: new high-speed USB device number 21 using dummy_hcd
[ 1002.442111][    T9] usb 7-1: config 0 interface 0 altsetting 0 endpoint 0x85 has an invalid bInterval 0, changing to 7
[ 1002.532723][    T9] usb 7-1: config 0 interface 0 altsetting 0 has an endpoint descriptor with address 0xF3, changing to 0x83
[ 1002.723725][    T9] usb 7-1: config 0 interface 0 altsetting 0 endpoint 0x83 has invalid wMaxPacketSize 0
[ 1002.766287][    T9] usb 7-1: New USB device found, idVendor=2040, idProduct=1605, bcdDevice= a.94
[ 1002.775566][    T9] usb 7-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[ 1002.831695][    T9] usb 7-1: config 0 descriptor??
[ 1002.856552][    T9] em28xx 7-1:0.0: error: skipping audio endpoint 0x83, because it uses bulk transfers !
[ 1003.098986][T17390] binder: 17387:17390 ioctl c018620c 200000000140 returned -1
[ 1003.228908][T17404] ptrace attach of "./syz-executor exec"[14928] was attempted by "./syz-executor exec"[17404]
[ 1003.364936][T17388] binder: 17387:17388 ioctl c018620c 200000000140 returned -1
[ 1003.417054][T17388] binder: BINDER_SET_CONTEXT_MGR already set
[ 1003.463677][ T2155] kernel read not supported for file /dsp (pid: 2155 comm: kworker/1:2)
[ 1003.685718][T17388] binder: 17387:17388 ioctl 4018620d 2000000002c0 returned -16
[ 1003.812449][   T24] usb 7-1: USB disconnect, device number 21
[ 1004.209429][T16449] usb 6-1: new high-speed USB device number 26 using dummy_hcd
[ 1004.407644][T16449] usb 6-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config
[ 1004.441111][T16449] usb 6-1: New USB device found, idVendor=0000, idProduct=0000, bcdDevice= 0.00
[ 1004.461357][T16449] usb 6-1: New USB device strings: Mfr=3, Product=1, SerialNumber=0
[ 1004.483202][T16449] usb 6-1: Product: syz
[ 1004.499373][T16449] usb 6-1: Manufacturer: syz
[ 1004.518409][T16449] usb 6-1: config 0 descriptor??
[ 1004.548192][T16449] gspca_main: spca501-2.14.0 probing 0000:0000
[ 1005.227064][T17427] netlink: 8 bytes leftover after parsing attributes in process `syz.6.3080'.
[ 1005.467424][T16449] gspca_spca501: reg write: error -71
[ 1005.480421][T16449] spca501 6-1:0.0: Reg write failed for 0x02,0xa048,0x00
[ 1005.845253][T16449] spca501 6-1:0.0: probe with driver spca501 failed with error -22
[ 1005.871220][T16449] usb 6-1: USB disconnect, device number 26
[ 1006.188446][T17444] netlink: 'syz.5.3084': attribute type 1 has an invalid length.
[ 1006.809349][T17461] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy
[ 1006.879510][T17461] misc raw-gadget: fail, usb_gadget_register_driver returned -16
[ 1007.053132][ T2155] usb 7-1: new high-speed USB device number 22 using dummy_hcd
[ 1007.096310][T16449] usb 6-1: new high-speed USB device number 27 using dummy_hcd
[ 1007.250298][ T2155] usb 7-1: New USB device found, idVendor=041e, idProduct=4053, bcdDevice=e6.56
[ 1007.314347][T16449] usb 6-1: config 0 has an invalid interface number: 64 but max is 0
[ 1007.341341][ T2155] usb 7-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[ 1007.373810][T16449] usb 6-1: config 0 has no interface number 0
[ 1007.389764][ T2155] usb 7-1: config 0 descriptor??
[ 1007.409059][T16449] usb 6-1: New USB device found, idVendor=046d, idProduct=0823, bcdDevice= 0.07
[ 1007.424142][T16449] usb 6-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[ 1007.451657][T16449] usb 6-1: Product: syz
[ 1007.465511][T16449] usb 6-1: Manufacturer: syz
[ 1007.469346][ T2155] gspca_main: gspca_zc3xx-2.14.0 probing 041e:4053
[ 1007.489131][T16449] usb 6-1: SerialNumber: syz
[ 1007.520822][T16449] usb 6-1: config 0 descriptor??
[ 1007.673204][ T2155] gspca_zc3xx: reg_w_i err -71
[ 1007.678127][ T2155] gspca_zc3xx 7-1:0.0: probe with driver gspca_zc3xx failed with error -71
[ 1007.778386][ T2155] usb 7-1: USB disconnect, device number 22
[ 1007.794238][T16449] usb 6-1: Found UVC 0.08 device syz (046d:0823)
[ 1007.817735][T16449] usb 6-1: No valid video chain found.
[ 1007.863116][T16449] usb 6-1: USB disconnect, device number 27
[ 1007.896035][T17463] syz_tun: entered promiscuous mode
[ 1007.915509][T17463] syz_tun: entered allmulticast mode
[ 1007.984784][T17463] team0: Port device syz_tun added
[ 1008.456785][ T2155] usb 3-1: new full-speed USB device number 55 using dummy_hcd
[ 1008.671978][ T2155] usb 3-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 10
[ 1008.688746][ T2155] usb 3-1: New USB device found, idVendor=0b05, idProduct=17e0, bcdDevice= 0.00
[ 1008.706508][ T2155] usb 3-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[ 1008.754078][ T2155] usb 3-1: config 0 descriptor??
[ 1008.915014][ T5975] usb 7-1: new high-speed USB device number 23 using dummy_hcd
[ 1009.062137][T17490] binder: 17487:17490 ioctl c0306201 200000000380 returned -14
[ 1009.257991][ T5975] usb 7-1: config 0 has an invalid interface number: 255 but max is 0
[ 1009.267029][ T5975] usb 7-1: config 0 has no interface number 0
[ 1009.273189][ T5975] usb 7-1: too many endpoints for config 0 interface 255 altsetting 255: 255, using maximum allowed: 30
[ 1009.287385][ T5975] usb 7-1: config 0 interface 255 altsetting 255 has 0 endpoint descriptors, different from the interface descriptor's value: 255
[ 1009.308927][T17490] netlink: 8 bytes leftover after parsing attributes in process `syz.4.3098'.
[ 1009.330807][ T5975] usb 7-1: config 0 interface 255 has no altsetting 0
[ 1009.348192][ T5975] usb 7-1: New USB device found, idVendor=0bed, idProduct=1100, bcdDevice=ec.c3
[ 1009.357821][ T5975] usb 7-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[ 1009.371004][ T5975] usb 7-1: config 0 descriptor??
[ 1009.379903][ T5975] cp210x 7-1:0.255: cp210x converter detected
[ 1009.460728][ T2155] usbhid 3-1:0.0: can't add hid device: -71
[ 1009.479167][ T2155] usbhid 3-1:0.0: probe with driver usbhid failed with error -71
[ 1009.548708][ T2155] usb 3-1: USB disconnect, device number 55
[ 1009.819291][ T5975] cp210x 7-1:0.255: failed to get vendor val 0x000e size 3: -71
[ 1009.861409][ T5975] usb 7-1: cp210x converter now attached to ttyUSB0
[ 1009.882939][ T5975] usb 7-1: USB disconnect, device number 23
[ 1009.902109][ T5975] cp210x ttyUSB0: cp210x converter now disconnected from ttyUSB0
[ 1009.940794][ T5975] cp210x 7-1:0.255: device disconnected
[ 1011.297511][ T5849] Bluetooth: hci1: unexpected subevent 0x01 length: 11 < 18
[ 1011.405806][T17509] netlink: 16 bytes leftover after parsing attributes in process `syz.6.3102'.
[ 1011.842790][T12380] usb 5-1: new high-speed USB device number 120 using dummy_hcd
[ 1011.917324][   T10] usb 3-1: new high-speed USB device number 56 using dummy_hcd
[ 1012.109764][T12380] usb 5-1: Using ep0 maxpacket: 16
[ 1012.117230][T12380] usb 5-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7
[ 1012.131137][T12380] usb 5-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0
[ 1012.152509][   T10] usb 3-1: device descriptor read/64, error -71
[ 1012.163902][T12380] usb 5-1: config 0 interface 0 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 9
[ 1012.182222][T12380] usb 5-1: New USB device found, idVendor=0457, idProduct=07da, bcdDevice= 0.00
[ 1012.191550][T12380] usb 5-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[ 1012.203083][T12380] usb 5-1: config 0 descriptor??
[ 1012.410851][   T10] usb 3-1: new high-speed USB device number 57 using dummy_hcd
[ 1012.582015][   T10] usb 3-1: device descriptor read/64, error -71
[ 1012.672029][T12380] hid-multitouch 0003:0457:07DA.0017: hidraw0: USB HID v0.00 Device [HID 0457:07da] on usb-dummy_hcd.4-1/input0
[ 1012.715528][   T10] usb usb3-port1: attempt power cycle
[ 1012.874609][    T9] usb 5-1: USB disconnect, device number 120
[ 1013.039949][T12380] usb 6-1: new high-speed USB device number 28 using dummy_hcd
[ 1013.067044][T17541] netlink: 24 bytes leftover after parsing attributes in process `syz.6.3113'.
[ 1013.093489][   T10] usb 3-1: new high-speed USB device number 58 using dummy_hcd
[ 1013.116296][   T10] usb 3-1: device descriptor read/8, error -71
[ 1013.436301][T12380] usb 6-1: Using ep0 maxpacket: 8
[ 1013.449438][T12380] usb 6-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config
[ 1013.468111][T12380] usb 6-1: config 0 has 1 interface, different from the descriptor's value: 10
[ 1013.477235][T12380] usb 6-1: config 0 interface 0 altsetting 0 has 0 endpoint descriptors, different from the interface descriptor's value: 1
[ 1013.493036][T12380] usb 6-1: New USB device found, idVendor=0525, idProduct=a4a1, bcdDevice= 0.40
[ 1013.502389][T12380] usb 6-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[ 1013.511057][T12380] usb 6-1: Product: syz
[ 1013.854077][ T5975] usb 7-1: new high-speed USB device number 24 using dummy_hcd
[ 1014.023491][ T5975] usb 7-1: Using ep0 maxpacket: 32
[ 1014.068851][ T5975] usb 7-1: New USB device found, idVendor=041e, idProduct=400b, bcdDevice=3e.e7
[ 1014.209766][ T5975] usb 7-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[ 1014.212117][T12380] usb 6-1: Manufacturer: syz
[ 1014.223757][T12380] usb 6-1: SerialNumber: syz
[ 1014.231913][T12380] usb 6-1: config 0 descriptor??
[ 1014.239921][T12380] cdc_ncm 6-1:0.0: CDC Union missing and no IAD found
[ 1014.246774][T12380] cdc_ncm 6-1:0.0: bind() failure
[ 1014.256968][ T5975] usb 7-1: config 0 descriptor??
[ 1014.269308][   T10] usb 3-1: new high-speed USB device number 59 using dummy_hcd
[ 1014.276585][ T5975] gspca_main: sunplus-2.14.0 probing 041e:400b
[ 1014.337331][   T10] usb 3-1: device descriptor read/8, error -71
[ 1014.473991][   T10] usb usb3-port1: unable to enumerate USB device
[ 1014.530800][T17534] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy
[ 1014.547685][T17534] misc raw-gadget: fail, usb_gadget_register_driver returned -16
[ 1014.586549][   T10] usb 6-1: USB disconnect, device number 28
[ 1014.880996][ T5975] gspca_sunplus: reg_w_riv err -110
[ 1014.886330][ T5975] sunplus 7-1:0.0: probe with driver sunplus failed with error -110
[ 1015.707855][T17562] netlink: 'syz.5.3119': attribute type 10 has an invalid length.
[ 1016.666195][ T5975] usb 7-1: USB disconnect, device number 24
[ 1018.374697][   T10] usb 3-1: new high-speed USB device number 60 using dummy_hcd
[ 1018.577624][   T10] usb 3-1: Using ep0 maxpacket: 32
[ 1018.622107][   T10] usb 3-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7
[ 1018.674013][   T10] usb 3-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0
[ 1018.722371][   T10] usb 3-1: New USB device found, idVendor=1e7d, idProduct=2d51, bcdDevice= 0.00
[ 1018.743977][   T10] usb 3-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[ 1018.767963][   T10] usb 3-1: config 0 descriptor??
[ 1019.681777][   T10] koneplus 0003:1E7D:2D51.0018: unknown main item tag 0x0
[ 1019.784158][   T10] koneplus 0003:1E7D:2D51.0018: unknown main item tag 0x0
[ 1019.894873][   T10] koneplus 0003:1E7D:2D51.0018: unknown main item tag 0x0
[ 1019.934201][   T10] koneplus 0003:1E7D:2D51.0018: unknown main item tag 0x0
[ 1019.962197][   T10] koneplus 0003:1E7D:2D51.0018: unknown main item tag 0x0
[ 1019.995530][   T10] koneplus 0003:1E7D:2D51.0018: hidraw0: USB HID v0.00 Device [HID 1e7d:2d51] on usb-dummy_hcd.2-1/input0
[ 1020.181358][T12380] usb 7-1: new high-speed USB device number 25 using dummy_hcd
[ 1020.352254][T12380] usb 7-1: Using ep0 maxpacket: 8
[ 1020.360112][T12380] usb 7-1: config 0 has an invalid interface number: 176 but max is 0
[ 1020.368999][T12380] usb 7-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config
[ 1020.380872][T12380] usb 7-1: config 0 has no interface number 0
[ 1020.405606][T12380] usb 7-1: config 0 interface 176 altsetting 0 bulk endpoint 0xB has invalid maxpacket 32
[ 1020.422474][T12380] usb 7-1: config 0 interface 176 altsetting 0 endpoint 0xC has invalid maxpacket 1536, setting to 1024
[ 1020.440351][T12380] usb 7-1: config 0 interface 176 altsetting 0 has a duplicate endpoint with address 0xB, skipping
[ 1020.456979][T12380] usb 7-1: config 0 interface 176 altsetting 0 has an endpoint descriptor with address 0x96, changing to 0x86
[ 1020.475439][T12380] usb 7-1: config 0 interface 176 altsetting 0 endpoint 0x86 has invalid wMaxPacketSize 0
[ 1020.497320][T12380] usb 7-1: config 0 interface 176 altsetting 0 has 5 endpoint descriptors, different from the interface descriptor's value: 6
[ 1020.556402][T12380] usb 7-1: New USB device found, idVendor=1781, idProduct=0898, bcdDevice=c1.ab
[ 1020.586180][T12380] usb 7-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[ 1020.624539][T12380] usb 7-1: Product: syz
[ 1020.637137][T12380] usb 7-1: Manufacturer: syz
[ 1020.650580][T12380] usb 7-1: SerialNumber: syz
[ 1020.669941][T12380] usb 7-1: config 0 descriptor??
[ 1020.678770][T17621] raw-gadget.1 gadget.6: fail, usb_ep_enable returned -22
[ 1021.083126][T17634] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy
[ 1021.358115][T17634] misc raw-gadget: fail, usb_gadget_register_driver returned -16
[ 1021.373241][   T10] koneplus 0003:1E7D:2D51.0018: couldn't init struct koneplus_device
[ 1021.395848][T12380] pxrc 7-1:0.176: Could not find endpoint
[ 1021.421475][   T10] koneplus 0003:1E7D:2D51.0018: couldn't install mouse
[ 1021.466362][   T10] koneplus 0003:1E7D:2D51.0018: probe with driver koneplus failed with error -71
[ 1021.507111][T12380] usb 7-1: USB disconnect, device number 25
[ 1021.599697][   T10] usb 3-1: USB disconnect, device number 60
[ 1022.076417][T17643] vhci_hcd vhci_hcd.0: pdev(2) rhport(0) sockfd(11)
[ 1022.083084][T17643] vhci_hcd vhci_hcd.0: devid(0) speed(1) speed_str(low-speed)
[ 1022.100222][T17643] vhci_hcd vhci_hcd.0: Device attached
[ 1022.449374][ T5975] usb 37-1: new low-speed USB device number 4 using vhci_hcd
[ 1022.982424][   T10] usb 3-1: new high-speed USB device number 61 using dummy_hcd
[ 1023.142494][   T10] usb 3-1: Using ep0 maxpacket: 16
[ 1023.151292][   T10] usb 3-1: config 0 has no interfaces?
[ 1023.158177][   T10] usb 3-1: New USB device found, idVendor=0955, idProduct=7214, bcdDevice=ed.00
[ 1023.167462][   T10] usb 3-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[ 1023.179124][   T10] usb 3-1: config 0 descriptor??
[ 1023.292310][T15084] usb 5-1: new high-speed USB device number 121 using dummy_hcd
[ 1023.485036][T15084] usb 5-1: Using ep0 maxpacket: 16
[ 1023.492813][T15084] usb 5-1: config 1 has an invalid descriptor of length 0, skipping remainder of the config
[ 1023.516703][T15084] usb 5-1: config 1 has 1 interface, different from the descriptor's value: 3
[ 1023.543957][T15084] usb 5-1: New USB device found, idVendor=1d6b, idProduct=0101, bcdDevice= 1.40
[ 1023.565542][T15084] usb 5-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[ 1023.591569][T15084] usb 5-1: Product: syz
[ 1023.595838][T15084] usb 5-1: Manufacturer: syz
[ 1023.600467][T15084] usb 5-1: SerialNumber: syz
[ 1023.605769][ T2155] usb 7-1: new full-speed USB device number 26 using dummy_hcd
[ 1023.809642][ T2155] usb 7-1: config 0 has an invalid interface number: 1 but max is 0
[ 1023.819871][ T2155] usb 7-1: config 0 has no interface number 0
[ 1023.826052][ T2155] usb 7-1: New USB device found, idVendor=0b48, idProduct=1005, bcdDevice=8c.1e
[ 1023.835518][ T2155] usb 7-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[ 1023.852977][T15084] usb 5-1: 0:2 : does not exist
[ 1023.864499][ T2155] usb 7-1: config 0 descriptor??
[ 1023.877587][ T2155] usb 7-1: selecting invalid altsetting 1
[ 1023.900404][ T2155] dvb_ttusb_budget: ttusb_init_controller: error
[ 1023.912410][T15084] usb 5-1: USB disconnect, device number 121
[ 1023.919747][ T2155] dvbdev: DVB: registering new adapter (Technotrend/Hauppauge Nova-USB)
[ 1024.095640][ T2155] DVB: Unable to find symbol cx22700_attach()
[ 1024.277874][ T2155] DVB: Unable to find symbol tda10046_attach()
[ 1024.307583][ T2155] dvb_ttusb_budget: no frontend driver found for device [0b48:1005]
[ 1024.334176][ T2155] usb 7-1: USB disconnect, device number 26
[ 1024.891095][T17644] vhci_hcd: connection reset by peer
[ 1024.992464][T12380] usb 3-1: USB disconnect, device number 61
[ 1024.992866][T14746] vhci_hcd: stop threads
[ 1025.067049][T14746] vhci_hcd: release socket
[ 1025.071619][T14746] vhci_hcd: disconnect device
[ 1025.643676][T16112] Bluetooth: hci6: unexpected cc 0x0c03 length: 249 > 1
[ 1025.656377][T16112] Bluetooth: hci6: unexpected cc 0x1003 length: 249 > 9
[ 1025.671116][T16112] Bluetooth: hci6: unexpected cc 0x1001 length: 249 > 9
[ 1025.679576][T16112] Bluetooth: hci6: unexpected cc 0x0c23 length: 249 > 4
[ 1025.689668][T16112] Bluetooth: hci6: unexpected cc 0x0c38 length: 249 > 2
[ 1026.173562][T17687] tipc: Started in network mode
[ 1026.200222][T17687] tipc: Node identity d67b60f7f8fa, cluster identity 4711
[ 1026.209274][T17687] tipc: Enabled bearer <eth:syzkaller0>, priority 0
[ 1026.245989][T17695] netlink: 'syz.2.3159': attribute type 1 has an invalid length.
[ 1026.305409][T17696] syzkaller0: entered promiscuous mode
[ 1026.326522][T17696] syzkaller0: entered allmulticast mode
[ 1026.901897][T17675] chnl_net:caif_netlink_parms(): no params data found
[ 1026.957627][T17689] tipc: Resetting bearer <eth:syzkaller0>
[ 1027.027437][T17689] tipc: Disabling bearer <eth:syzkaller0>
[ 1027.100043][T15084] usb 7-1: new full-speed USB device number 27 using dummy_hcd
[ 1027.320875][T15084] usb 7-1: unable to read config index 0 descriptor/start: -61
[ 1027.338112][T15084] usb 7-1: can't read configurations, error -61
[ 1027.391102][T17717] netlink: 4 bytes leftover after parsing attributes in process `syz.4.3165'.
[ 1027.547791][T15084] usb 7-1: new full-speed USB device number 28 using dummy_hcd
[ 1027.806145][T15084] usb 7-1: unable to read config index 0 descriptor/start: -61
[ 1027.848910][T15084] usb 7-1: can't read configurations, error -61
[ 1027.897034][T15084] usb usb7-port1: attempt power cycle
[ 1027.911295][T16112] Bluetooth: hci6: command tx timeout
[ 1028.044247][T17717] hsr_slave_1 (unregistering): left promiscuous mode
[ 1028.115728][T17675] bridge0: port 1(bridge_slave_0) entered blocking state
[ 1028.132451][T17675] bridge0: port 1(bridge_slave_0) entered disabled state
[ 1028.147100][T17675] bridge_slave_0: entered allmulticast mode
[ 1028.165105][T17675] bridge_slave_0: entered promiscuous mode
[ 1028.184250][T17675] bridge0: port 2(bridge_slave_1) entered blocking state
[ 1028.194750][ T5975] vhci_hcd: vhci_device speed not set
[ 1028.217185][T17675] bridge0: port 2(bridge_slave_1) entered disabled state
[ 1028.243158][T17675] bridge_slave_1: entered allmulticast mode
[ 1028.271801][T17675] bridge_slave_1: entered promiscuous mode
[ 1028.328497][T15084] usb 7-1: new full-speed USB device number 29 using dummy_hcd
[ 1028.483182][T15084] usb 7-1: unable to read config index 0 descriptor/start: -61
[ 1028.526410][T15084] usb 7-1: can't read configurations, error -61
[ 1028.670123][T15084] usb 7-1: new full-speed USB device number 30 using dummy_hcd
[ 1028.872911][T15084] usb 7-1: unable to read config index 0 descriptor/start: -61
[ 1028.957602][T15084] usb 7-1: can't read configurations, error -61
[ 1028.997283][T17675] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link
[ 1029.008160][T15084] usb usb7-port1: unable to enumerate USB device
[ 1029.048174][T17675] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link
[ 1029.178768][T17726] uprobe: syz.2.3168:17726 failed to unregister, leaking uprobe
[ 1029.211006][T17731] netlink: 'syz.5.3170': attribute type 10 has an invalid length.
[ 1029.216863][T17675] team0: Port device team_slave_0 added
[ 1029.253643][T17728] kvm: Disabled LAPIC found during irq injection
[ 1029.268761][T17731] 8021q: adding VLAN 0 to HW filter on device team0
[ 1029.278628][T17731] bond0: (slave team0): Enslaving as an active interface with an up link
[ 1029.294491][T17675] team0: Port device team_slave_1 added
[ 1029.301023][T17731] netlink: 'syz.5.3170': attribute type 10 has an invalid length.
[ 1029.322645][T17732] netlink: 4 bytes leftover after parsing attributes in process `syz.4.3169'.
[ 1029.365623][T17731] bond0: (slave syz_tun): Enslaving as an active interface with an up link
[ 1029.455630][T16112] Bluetooth: hci5: SCO packet for unknown connection handle 200
[ 1029.481833][T17675] batman_adv: batadv0: Adding interface: batadv_slave_0
[ 1029.516582][T17733] infiniband syz1: RDMA CMA: cma_listen_on_dev, error -98
[ 1029.527752][T17675] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[ 1029.582659][T17675] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active
[ 1029.638381][T17675] batman_adv: batadv0: Adding interface: batadv_slave_1
[ 1029.646207][T17675] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[ 1029.726278][T17675] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active
[ 1030.163935][ T5849] Bluetooth: hci6: command tx timeout
[ 1030.628407][T17675] hsr_slave_0: entered promiscuous mode
[ 1030.937231][T17675] hsr_slave_1: entered promiscuous mode
[ 1030.943843][T17675] debugfs: Directory 'hsr0' with parent 'hsr' already present!
[ 1030.968779][T17675] Cannot create hsr debugfs directory
[ 1032.367353][ T5849] Bluetooth: hci6: command tx timeout
[ 1032.930783][T17675] netdevsim netdevsim7 netdevsim0: renamed from eth0
[ 1032.976300][T17675] netdevsim netdevsim7 netdevsim1: renamed from eth1
[ 1032.988993][ T5975] usb 6-1: new high-speed USB device number 29 using dummy_hcd
[ 1033.010139][T12380] usb 5-1: new high-speed USB device number 122 using dummy_hcd
[ 1033.022525][T17675] netdevsim netdevsim7 netdevsim2: renamed from eth2
[ 1033.047436][T17675] netdevsim netdevsim7 netdevsim3: renamed from eth3
[ 1033.172283][ T5975] usb 6-1: Using ep0 maxpacket: 32
[ 1033.175637][T12380] usb 5-1: Using ep0 maxpacket: 8
[ 1033.193360][ T5975] usb 6-1: unable to get BOS descriptor or descriptor too short
[ 1033.216713][T12380] usb 5-1: config 0 has an invalid interface number: 55 but max is 0
[ 1033.217665][ T5975] usb 6-1: config 1 contains an unexpected descriptor of type 0x2, skipping
[ 1033.233364][T12380] usb 5-1: config 0 has no interface number 0
[ 1033.254302][ T5975] usb 6-1: config 1 has an invalid descriptor of length 0, skipping remainder of the config
[ 1033.267078][T12380] usb 5-1: config 0 interface 55 altsetting 0 has an invalid descriptor for endpoint zero, skipping
[ 1033.291761][ T5975] usb 6-1: config 1 has 1 interface, different from the descriptor's value: 3
[ 1033.310808][T12380] usb 5-1: config 0 interface 55 altsetting 0 has an endpoint descriptor with address 0xAB, changing to 0x8B
[ 1033.316538][ T5975] usb 6-1: New USB device found, idVendor=1d6b, idProduct=0101, bcdDevice= 0.40
[ 1033.357170][T12380] usb 5-1: config 0 interface 55 altsetting 0 endpoint 0x8B has an invalid bInterval 0, changing to 7
[ 1033.362823][ T5975] usb 6-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[ 1033.397311][T12380] usb 5-1: config 0 interface 55 altsetting 0 has 3 endpoint descriptors, different from the interface descriptor's value: 2
[ 1033.415281][ T5975] usb 6-1: Product: syz
[ 1033.426706][ T5975] usb 6-1: Manufacturer: syz
[ 1033.429205][T17675] 8021q: adding VLAN 0 to HW filter on device bond0
[ 1033.439602][ T5975] usb 6-1: SerialNumber: syz
[ 1033.450694][T12380] usb 5-1: New USB device found, idVendor=0f11, idProduct=1080, bcdDevice=fc.6a
[ 1033.470358][ T5849] Bluetooth: hci1: command 0x0c1a tx timeout
[ 1033.489187][T12380] usb 5-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[ 1033.506838][T12380] usb 5-1: config 0 descriptor??
[ 1033.523653][T12380] ldusb 5-1:0.55: LD USB Device #0 now attached to major 180 minor 0
[ 1033.535233][T17675] 8021q: adding VLAN 0 to HW filter on device team0
[ 1033.571246][   T36] bridge0: port 1(bridge_slave_0) entered blocking state
[ 1033.578600][   T36] bridge0: port 1(bridge_slave_0) entered forwarding state
[ 1033.649015][T14746] bridge0: port 2(bridge_slave_1) entered blocking state
[ 1033.656325][T14746] bridge0: port 2(bridge_slave_1) entered forwarding state
[ 1033.803888][T12380] usb 5-1: USB disconnect, device number 122
[ 1033.853257][T12380] ldusb 5-1:0.55: LD USB Device #0 now disconnected
[ 1034.082178][T17675] hsr0: Slave A (hsr_slave_0) is not up; please bring it up to get a fully working HSR network
[ 1034.100879][T17675] hsr0: Slave B (hsr_slave_1) is not up; please bring it up to get a fully working HSR network
[ 1034.463860][    T9] usb 7-1: new high-speed USB device number 31 using dummy_hcd
[ 1034.677799][    T9] usb 7-1: Using ep0 maxpacket: 16
[ 1034.688428][T16112] Bluetooth: hci6: command tx timeout
[ 1034.731253][    T9] usb 7-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config
[ 1034.741462][    T9] usb 7-1: config 0 interface 0 altsetting 0 endpoint 0x82 has an invalid bInterval 0, changing to 7
[ 1034.827465][    T9] usb 7-1: config 0 interface 0 altsetting 0 endpoint 0x2 has invalid wMaxPacketSize 0
[ 1034.848317][    T9] usb 7-1: config 0 interface 0 altsetting 0 bulk endpoint 0x2 has invalid maxpacket 0
[ 1034.902236][    T9] usb 7-1: config 0 interface 0 altsetting 0 has 2 endpoint descriptors, different from the interface descriptor's value: 3
[ 1034.971817][    T9] usb 7-1: New USB device found, idVendor=2040, idProduct=b138, bcdDevice= 1.42
[ 1034.997002][    T9] usb 7-1: New USB device strings: Mfr=4, Product=0, SerialNumber=0
[ 1035.041163][    T9] usb 7-1: Manufacturer: syz
[ 1035.083522][    T9] usb 7-1: config 0 descriptor??
[ 1035.276128][T17797] netlink: 'syz.2.3184': attribute type 21 has an invalid length.
[ 1035.354013][T17675] 8021q: adding VLAN 0 to HW filter on device batadv0
[ 1035.682551][    T9] rc_core: IR keymap rc-hauppauge not found
[ 1035.725402][    T9] Registered IR keymap rc-empty
[ 1035.730504][    T9] mceusb 7-1:0.0: Error: mce write submit urb error = -90
[ 1035.800723][    T9] mceusb 7-1:0.0: Error: mce write submit urb error = -90
[ 1035.834526][    T9] rc rc0: Conexant Hybrid TV (cx231xx) MCE IR no TX as /devices/platform/dummy_hcd.6/usb7/7-1/7-1:0.0/rc/rc0
[ 1035.888058][ T5975] usb 6-1: 0:2 : does not exist
[ 1035.889668][    T9] input: Conexant Hybrid TV (cx231xx) MCE IR no TX as /devices/platform/dummy_hcd.6/usb7/7-1/7-1:0.0/rc/rc0/input40
[ 1035.995554][ T5975] usb 6-1: USB disconnect, device number 29
[ 1036.153355][    T9] mceusb 7-1:0.0: Error: mce write submit urb error = -90
[ 1036.185889][    T9] mceusb 7-1:0.0: Error: mce write submit urb error = -90
[ 1036.347987][   T31] INFO: task syz.1.2785:16235 blocked for more than 143 seconds.
SYZFAIL: failed to recv rpc
fd=3 want=4 recv=0 n=0 (errno 9: Bad file descriptor)
[ 1036.570641][   T31]       Not tainted 6.16.0-syzkaller #0
[ 1036.734098][   T31] "echo 0 > /proc/sys/kernel/hung_task_timeout_secs" disables this message.
[ 1036.827933][   T31] task:syz.1.2785      state:D stack:24656 pid:16235 tgid:16235 ppid:5847   task_flags:0x440040 flags:0x00004004
[ 1036.921243][   T31] Call Trace:
[ 1036.965231][   T31]  <TASK>
[ 1036.965616][    T9] mceusb 7-1:0.0: Error: mce write submit urb error = -90
[ 1036.987201][   T31]  __schedule+0x16aa/0x4c90
[ 1036.992733][   T31]  ? schedule+0x165/0x360
[ 1036.997126][   T31]  ? __pfx___schedule+0x10/0x10
[ 1037.008321][    T9] mceusb 7-1:0.0: Error: mce write submit urb error = -90
[ 1037.038855][   T31]  ? schedule+0x91/0x360
[ 1037.043353][    T9] mceusb 7-1:0.0: Error: mce write submit urb error = -90
[ 1037.050714][   T31]  schedule+0x165/0x360
[ 1037.069987][   T31]  ? rwsem_down_read_slowpath+0x568/0x880
[ 1037.076113][    T9] mceusb 7-1:0.0: Error: mce write submit urb error = -90
[ 1037.093864][   T31]  schedule_preempt_disabled+0x13/0x30
[ 1037.099401][   T31]  rwsem_down_read_slowpath+0x552/0x880
[ 1037.115163][   T31]  ? __pfx_rwsem_down_read_slowpath+0x10/0x10
[ 1037.121311][   T31]  ? page_cache_ra_order+0x445/0xc70
[ 1037.136647][    T9] mceusb 7-1:0.0: Error: mce write submit urb error = -90
[ 1037.189986][    T9] mceusb 7-1:0.0: Error: mce write submit urb error = -90
[ 1037.214184][   T31]  down_read+0x98/0x2e0
[ 1037.218433][   T31]  page_cache_ra_order+0x445/0xc70
[ 1037.239130][    T9] mceusb 7-1:0.0: Error: mce write submit urb error = -90
[ 1037.301749][   T31]  ? maybe_unlock_mmap_for_io+0x225/0x2d0
[ 1037.310356][   T31]  do_sync_mmap_readahead+0x31a/0x5f0
[ 1037.315804][   T31]  ? __pfx_do_sync_mmap_readahead+0x10/0x10
[ 1037.329129][    T9] mceusb 7-1:0.0: Error: mce write submit urb error = -90
[ 1037.379590][    T9] mceusb 7-1:0.0: Registered 424242424242 with mce emulator interface version 1
[ 1037.388833][   T31]  ? count_memcg_event_mm+0x1d/0x250
[ 1037.414366][   T31]  ? count_memcg_event_mm+0x1d/0x250
[ 1037.419735][   T31]  filemap_fault+0x62a/0x1200
[ 1037.424474][   T31]  ? __pfx_filemap_fault+0x10/0x10
[ 1037.435756][    T9] mceusb 7-1:0.0: 2 tx ports (0x0 cabled) and 2 rx sensors (0x0 active)
[ 1037.470983][    T9] usb 7-1: USB disconnect, device number 31
[ 1037.478528][   T31]  ? rcu_is_watching+0x15/0xb0
[ 1037.483364][   T31]  ? __raw_spin_lock_init+0x45/0x100
[ 1037.488714][   T31]  __do_fault+0x138/0x390
[ 1037.521605][   T31]  __handle_mm_fault+0x198b/0x5620
[ 1037.526798][   T31]  ? __lock_acquire+0xab9/0xd20
[ 1037.531747][   T31]  ? __pfx___handle_mm_fault+0x10/0x10
[ 1037.553465][   T31]  ? lock_vma_under_rcu+0xf8/0x710
[ 1037.558661][   T31]  ? lock_vma_under_rcu+0xf8/0x710
[ 1037.563817][   T31]  ? __pfx_lock_vma_under_rcu+0x10/0x10
[ 1037.585478][   T31]  handle_mm_fault+0x2d5/0x7f0
[ 1037.590330][   T31]  do_user_addr_fault+0xa81/0x1390
[ 1037.595503][   T31]  ? rcu_is_watching+0x15/0xb0
[ 1037.617507][   T31]  ? trace_page_fault_user+0x84/0x1e0
[ 1037.622968][   T31]  exc_page_fault+0x76/0xf0
[ 1037.627532][   T31]  asm_exc_page_fault+0x26/0x30
[ 1037.669033][   T31] RIP: 0033:0x7ff2d0756922
[ 1037.673582][   T31] RSP: 002b:00007ffe876d3528 EFLAGS: 00010246
[ 1037.679691][   T31] RAX: 0000200000847fff RBX: 0000000000000004 RCX: ffffffffffffff58
[ 1037.688221][   T31] RDX: 0000000000000001 RSI: 0000001b302202d3 RDI: 0000200000847fff
[ 1037.724417][   T31] RBP: 00007ff2d09b7da0 R08: 0000001b30620000 R09: 0000000000000002
[ 1037.732470][   T31] R10: 0000000000000000 R11: 0000000000000000 R12: 00007ff2d09b618c
[ 1037.777856][   T31] R13: 00007ff2d09b6180 R14: fffffffffffffffe R15: 00007ffe876d3640
[ 1037.785935][   T31]  </TASK>
[ 1037.820659][   T31] 
[ 1037.820659][   T31] Showing all locks held in the system:
[ 1037.828457][   T31] 6 locks held by kworker/0:0/9:
[ 1037.852714][   T31]  #0: ffff888021e94d48 ((wq_completion)usb_hub_wq){+.+.}-{0:0}, at: process_scheduled_works+0x9b4/0x17b0
[ 1037.876298][   T31]  #1: ffffc900000e7bc0 ((work_completion)(&hub->events)){+.+.}-{0:0}, at: process_scheduled_works+0x9ef/0x17b0
[ 1037.906117][   T31]  #2: ffff888143bae198 (&dev->mutex){....}-{4:4}, at: hub_event+0x184/0x4a20
[ 1037.915100][   T31]  #3: ffff8880212d6198 (&dev->mutex){....}-{4:4}, at: usb_disconnect+0xf8/0x950
[ 1037.938342][   T31]  #4: ffff8880278c0160 (&dev->mutex){....}-{4:4}, at: device_release_driver_internal+0xb6/0x7c0
[ 1037.959592][   T31]  #5: ffffffff8ef805e8 (input_mutex){+.+.}-{4:4}, at: __input_unregister_device+0x2d8/0x5e0
[ 1037.969899][   T31] 1 lock held by khungtaskd/31:
[ 1037.991796][   T31]  #0: ffffffff8e13f0e0 (rcu_read_lock){....}-{1:3}, at: debug_show_all_locks+0x2e/0x180
[ 1038.001794][   T31] 2 locks held by getty/5598:
[ 1038.023748][   T31]  #0: ffff8880317360a0 (&tty->ldisc_sem){++++}-{0:0}, at: tty_ldisc_ref_wait+0x25/0x70
[ 1038.033606][   T31]  #1: ffffc9000332e2f0 (&ldata->atomic_read_lock){+.+.}-{4:4}, at: n_tty_read+0x43e/0x1400
[ 1038.066513][   T31] 4 locks held by kworker/u8:15/9180:
[ 1038.071949][   T31] 4 locks held by kworker/u8:1/14279:
[ 1038.095162][   T31]  #0: ffff88801b2fb948 ((wq_completion)netns){+.+.}-{0:0}, at: process_scheduled_works+0x9b4/0x17b0
[ 1038.119965][   T31]  #1: ffffc9001c27fbc0 (net_cleanup_work){+.+.}-{0:0}, at: process_scheduled_works+0x9ef/0x17b0
[ 1038.141349][   T31]  #2: ffffffff8f4fd310 (pernet_ops_rwsem){++++}-{4:4}, at: cleanup_net+0xf7/0x800
[ 1038.150764][   T31]  #3: ffffffff8e144ac0 (rcu_state.barrier_mutex){+.+.}-{4:4}, at: rcu_barrier+0x4c/0x570
[ 1038.163908][   T31] 1 lock held by syz.1.2785/16235:
[ 1038.169064][   T31]  #0: ffff888148dc6540 (mapping.invalidate_lock){++++}-{4:4}, at: page_cache_ra_order+0x445/0xc70
[ 1038.180057][   T31] 3 locks held by syz.1.2785/16236:
[ 1038.185362][   T31] 1 lock held by syz.3.3090/17464:
[ 1038.190505][   T31]  #0: ffff888148dc6540 (mapping.invalidate_lock){++++}-{4:4}, at: page_cache_ra_order+0x445/0xc70
[ 1038.202265][   T31] 1 lock held by syz.4.3183/17792:
[ 1038.207784][   T31]  #0: ffff888143bae198 (&dev->mutex){....}-{4:4}, at: usbdev_open+0x16e/0x760
[ 1038.216900][   T31] 1 lock held by dhcpcd/17814:
[ 1038.221689][   T31]  #0: ffff888058ab8808 (&sb->s_type->i_mutex_key#10){+.+.}-{4:4}, at: sock_close+0x9b/0x240
[ 1038.232155][   T31] 2 locks held by dhcpcd/17815:
[ 1038.237039][   T31]  #0: ffff88802131a258 (sk_lock-AF_PACKET){+.+.}-{0:0}, at: packet_do_bind+0x32/0xcd0
[ 1038.246837][   T31]  #1: ffffffff8e144bf8 (rcu_state.exp_mutex){+.+.}-{4:4}, at: synchronize_rcu_expedited+0x3b9/0x730
[ 1038.257888][   T31] 
[ 1038.281517][   T31] =============================================
[ 1038.281517][   T31] 
[ 1038.289986][   T31] NMI backtrace for cpu 0
[ 1038.290003][   T31] CPU: 0 UID: 0 PID: 31 Comm: khungtaskd Not tainted 6.16.0-syzkaller #0 PREEMPT(full) 
[ 1038.290026][   T31] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 07/12/2025
[ 1038.290038][   T31] Call Trace:
[ 1038.290048][   T31]  <TASK>
[ 1038.290057][   T31]  dump_stack_lvl+0x189/0x250
[ 1038.290083][   T31]  ? __wake_up_klogd+0xd9/0x110
[ 1038.290114][   T31]  ? __pfx_dump_stack_lvl+0x10/0x10
[ 1038.290138][   T31]  ? __pfx__printk+0x10/0x10
[ 1038.290178][   T31]  nmi_cpu_backtrace+0x39e/0x3d0
[ 1038.290213][   T31]  ? __pfx_nmi_cpu_backtrace+0x10/0x10
[ 1038.290253][   T31]  ? _printk+0xcf/0x120
[ 1038.290282][   T31]  ? __pfx__printk+0x10/0x10
[ 1038.290312][   T31]  ? __pfx_nmi_raise_cpu_backtrace+0x10/0x10
[ 1038.290345][   T31]  nmi_trigger_cpumask_backtrace+0x17a/0x300
[ 1038.290378][   T31]  watchdog+0xfee/0x1030
[ 1038.290411][   T31]  ? watchdog+0x1de/0x1030
[ 1038.290451][   T31]  kthread+0x70e/0x8a0
[ 1038.290482][   T31]  ? __pfx_watchdog+0x10/0x10
[ 1038.290510][   T31]  ? __pfx_kthread+0x10/0x10
[ 1038.290540][   T31]  ? _raw_spin_unlock_irq+0x23/0x50
[ 1038.290561][   T31]  ? lockdep_hardirqs_on+0x9c/0x150
[ 1038.290581][   T31]  ? __pfx_kthread+0x10/0x10
[ 1038.290609][   T31]  ret_from_fork+0x3fc/0x770
[ 1038.290635][   T31]  ? __pfx_ret_from_fork+0x10/0x10
[ 1038.290662][   T31]  ? __switch_to_asm+0x39/0x70
[ 1038.290686][   T31]  ? __switch_to_asm+0x33/0x70
[ 1038.290708][   T31]  ? __pfx_kthread+0x10/0x10
[ 1038.290736][   T31]  ret_from_fork_asm+0x1a/0x30
[ 1038.290778][   T31]  </TASK>
[ 1038.290798][   T31] Sending NMI from CPU 0 to CPUs 1:
[ 1038.454058][    C1] NMI backtrace for cpu 1
[ 1038.454078][    C1] CPU: 1 UID: 0 PID: 6345 Comm: kworker/u8:11 Not tainted 6.16.0-syzkaller #0 PREEMPT(full) 
[ 1038.454097][    C1] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 07/12/2025
[ 1038.454108][    C1] Workqueue: events_unbound nsim_dev_trap_report_work
[ 1038.454131][    C1] RIP: 0010:lockdep_hardirqs_on_prepare+0xfc/0x2a0
[ 1038.454158][    C1] Code: 8e d1 00 00 00 49 89 de 49 81 c6 f0 0a 00 00 45 31 ff 4d 89 f4 eb 13 49 ff c7 48 63 83 e8 0a 00 00 49 83 c4 28 49 39 c7 7d 44 <49> 83 ff 31 73 2d 41 8b 44 24 20 a9 00 00 04 00 74 db 25 00 00 03
[ 1038.454172][    C1] RSP: 0018:ffffc90004b87700 EFLAGS: 00000093
[ 1038.454186][    C1] RAX: 0000000000000004 RBX: ffff888025c5da00 RCX: ffffffff934b51b8
[ 1038.454199][    C1] RDX: 0000000000000002 RSI: ffff888025c5e518 RDI: ffff888025c5da00
[ 1038.454211][    C1] RBP: ffffc90004b877d0 R08: ffffffff8fa0b3f7 R09: 1ffffffff1f4167e
[ 1038.454223][    C1] R10: dffffc0000000000 R11: fffffbfff1f4167f R12: ffff888025c5e540
[ 1038.454236][    C1] R13: ffff888049f0b000 R14: ffff888025c5e4f0 R15: 0000000000000002
[ 1038.454248][    C1] FS:  0000000000000000(0000) GS:ffff888125d57000(0000) knlGS:0000000000000000
[ 1038.454262][    C1] CS:  0010 DS: 0000 ES: 0000 CR0: 0000000080050033
[ 1038.454275][    C1] CR2: 000055c3bef4b168 CR3: 0000000033d1a000 CR4: 00000000003526f0
[ 1038.454292][    C1] DR0: 0000040000000000 DR1: 000000000000064f DR2: 0000000000000006
[ 1038.454303][    C1] DR3: 0000000000000006 DR6: 00000000ffff0ff0 DR7: 0000000000000400
[ 1038.454314][    C1] Call Trace:
[ 1038.454321][    C1]  <TASK>
[ 1038.454330][    C1]  trace_hardirqs_on+0x28/0x40
[ 1038.454351][    C1]  _raw_spin_unlock_irqrestore+0x85/0x110
[ 1038.454376][    C1]  ? __pfx__raw_spin_unlock_irqrestore+0x10/0x10
[ 1038.454399][    C1]  ? crng_make_state+0x13a/0x700
[ 1038.454418][    C1]  debug_check_no_obj_freed+0x451/0x470
[ 1038.454447][    C1]  ? skb_release_data+0x62d/0x7c0
[ 1038.454469][    C1]  kfree+0x112/0x440
[ 1038.454493][    C1]  skb_release_data+0x62d/0x7c0
[ 1038.454518][    C1]  consume_skb+0x9e/0xf0
[ 1038.454540][    C1]  nsim_dev_trap_report_work+0x7cf/0xb80
[ 1038.454562][    C1]  ? process_scheduled_works+0x9ef/0x17b0
[ 1038.454580][    C1]  process_scheduled_works+0xade/0x17b0
[ 1038.454607][    C1]  ? __pfx_process_scheduled_works+0x10/0x10
[ 1038.454630][    C1]  worker_thread+0x8a0/0xda0
[ 1038.454656][    C1]  kthread+0x70e/0x8a0
[ 1038.454677][    C1]  ? __pfx_worker_thread+0x10/0x10
[ 1038.454694][    C1]  ? __pfx_kthread+0x10/0x10
[ 1038.454714][    C1]  ? _raw_spin_unlock_irq+0x23/0x50
[ 1038.454728][    C1]  ? lockdep_hardirqs_on+0x9c/0x150
[ 1038.454744][    C1]  ? __pfx_kthread+0x10/0x10
[ 1038.454764][    C1]  ret_from_fork+0x3fc/0x770
[ 1038.454781][    C1]  ? __pfx_ret_from_fork+0x10/0x10
[ 1038.454798][    C1]  ? __switch_to_asm+0x39/0x70
[ 1038.454817][    C1]  ? __switch_to_asm+0x33/0x70
[ 1038.454835][    C1]  ? __pfx_kthread+0x10/0x10
[ 1038.454854][    C1]  ret_from_fork_asm+0x1a/0x30
[ 1038.454878][    C1]  </TASK>
[ 1038.921995][   T31] Kernel panic - not syncing: hung_task: blocked tasks
[ 1038.928913][   T31] CPU: 0 UID: 0 PID: 31 Comm: khungtaskd Not tainted 6.16.0-syzkaller #0 PREEMPT(full) 
[ 1038.938662][   T31] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 07/12/2025
[ 1038.948761][   T31] Call Trace:
[ 1038.952075][   T31]  <TASK>
[ 1038.955032][   T31]  dump_stack_lvl+0x99/0x250
[ 1038.959664][   T31]  ? __asan_memcpy+0x40/0x70
[ 1038.964325][   T31]  ? __pfx_dump_stack_lvl+0x10/0x10
[ 1038.969563][   T31]  ? __pfx__printk+0x10/0x10
[ 1038.974216][   T31]  panic+0x2db/0x790
[ 1038.978155][   T31]  ? __pfx_panic+0x10/0x10
[ 1038.982602][   T31]  ? nmi_backtrace_stall_check+0x433/0x440
[ 1038.988454][   T31]  ? preempt_schedule_thunk+0x16/0x30
[ 1038.993860][   T31]  ? nmi_trigger_cpumask_backtrace+0x2b6/0x300
[ 1039.000039][   T31]  watchdog+0x102d/0x1030
[ 1039.004392][   T31]  ? watchdog+0x1de/0x1030
[ 1039.008836][   T31]  kthread+0x70e/0x8a0
[ 1039.012927][   T31]  ? __pfx_watchdog+0x10/0x10
[ 1039.017629][   T31]  ? __pfx_kthread+0x10/0x10
[ 1039.022237][   T31]  ? _raw_spin_unlock_irq+0x23/0x50
[ 1039.027450][   T31]  ? lockdep_hardirqs_on+0x9c/0x150
[ 1039.032659][   T31]  ? __pfx_kthread+0x10/0x10
[ 1039.037262][   T31]  ret_from_fork+0x3fc/0x770
[ 1039.041871][   T31]  ? __pfx_ret_from_fork+0x10/0x10
[ 1039.046998][   T31]  ? __switch_to_asm+0x39/0x70
[ 1039.051776][   T31]  ? __switch_to_asm+0x33/0x70
[ 1039.056547][   T31]  ? __pfx_kthread+0x10/0x10
[ 1039.061165][   T31]  ret_from_fork_asm+0x1a/0x30
[ 1039.065978][   T31]  </TASK>
[ 1039.069242][   T31] Kernel Offset: disabled
[ 1039.073578][   T31] Rebooting in 86400 seconds..