last executing test programs:

12m4.690896444s ago: executing program 2 (id=353):
r0 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000340)={0x9, 0x10, 0x0, &(0x7f0000000180)='GPL\x00', 0x8, 0x0, 0x0, 0x41000, 0x3, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x37, @void, @value}, 0x94)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0xa, 0xe1}, 0x0)
bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, 0x0, 0x0)
fsconfig$FSCONFIG_CMD_CREATE(0xffffffffffffffff, 0x6, 0x0, 0x0, 0x0)
prlimit64(0x0, 0x8, &(0x7f0000000140)={0xb, 0x81}, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000400)=0x8)
r1 = getpid()
sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2)
sched_setscheduler(r1, 0x1, &(0x7f0000000200)=0x7)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f00000000c0)={<r2=>0xffffffffffffffff, <r3=>0xffffffffffffffff})
connect$unix(r2, &(0x7f000057eff8)=@abs={0x0, 0x0, 0x2000000}, 0x6e)
sendmmsg$unix(r3, &(0x7f0000000000), 0x651, 0x0)
recvmmsg(r2, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
setsockopt$IP6T_SO_SET_REPLACE(0xffffffffffffffff, 0x29, 0x40, 0x0, 0x0)
bpf$MAP_CREATE(0x0, 0x0, 0x50)
prctl$PR_SET_SECCOMP(0x16, 0x2, &(0x7f0000000000)={0x0, 0x0})
socket$inet_udp(0x2, 0x2, 0x0)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000380)={0x0, r0, 0x0, 0x3}, 0xfffffffffffffffc)
timer_gettime(0x0, &(0x7f0000000000))
request_key(&(0x7f0000000100)='id_legacy\x00', &(0x7f0000001ffb)={'syz', 0x1, 0xc}, &(0x7f0000000080)='R\x10rust\xe3c*sgrVix:De', 0x0)
r4 = socket$unix(0x1, 0x1, 0x0)
bind$unix(r4, &(0x7f0000003000)=@abs={0x1}, 0x4f)
mlock(&(0x7f00009fa000/0x1000)=nil, 0x1000)
munlockall()
munlockall()
madvise(&(0x7f0000000000/0x600000)=nil, 0x600002, 0x8)

12m3.156953096s ago: executing program 2 (id=357):
socket$inet_sctp(0x2, 0x5, 0x84)
bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000200)={0x18, 0x4, &(0x7f00000009c0)=ANY=[], &(0x7f0000000100)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x2, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x94)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x88}, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000240)=0x7)
r0 = getpid()
sched_setscheduler(r0, 0x2, &(0x7f0000000200)=0x7)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={<r1=>0xffffffffffffffff, <r2=>0xffffffffffffffff})
connect$unix(r1, &(0x7f000057eff8)=@abs, 0x6e)
sendmmsg$unix(r2, &(0x7f0000000000), 0x651, 0x0)
recvmmsg(r1, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000000)=0x6)
bpf$MAP_CREATE_TAIL_CALL(0x0, &(0x7f0000000540)={0x3, 0x4, 0x4, 0xa, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value, @void, @value}, 0x48)
bpf$MAP_CREATE_RINGBUF(0x0, 0x0, 0x0)
getsockopt$inet_sctp6_SCTP_MAX_BURST(0xffffffffffffffff, 0x84, 0xc, &(0x7f0000000000)=@assoc_value, &(0x7f0000000040)=0x8)
r3 = syz_init_net_socket$bt_sco(0x1f, 0x5, 0x2)
fcntl$setownex(r3, 0xf, &(0x7f0000000140))

12m2.166386201s ago: executing program 2 (id=360):
openat$cgroup_ro(0xffffffffffffff9c, &(0x7f00000001c0)='memory.events\x00', 0x275a, 0x0)
r0 = bpf$MAP_CREATE(0x0, &(0x7f00000000c0)=@base={0x1b, 0x0, 0x0, 0x8000, 0x0, 0xffffffffffffffff, 0x0, '\x00', 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, @void, @value, @void, @value}, 0x48)
bpf$PROG_LOAD(0x5, &(0x7f0000000000)={0x11, 0x10, &(0x7f0000000240)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32=r0, @ANYBLOB="0000000000000000b702000014000000b7030000000000008500000083000000bf0900000000000055090100000000009500a51cec5e2d137c85000005000000bf91000000000000b702"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x9, '\x00', 0x0, @fallback=0x5384b9927ce1a186, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x94)
bpf$MAP_CREATE_CONST_STR(0x0, &(0x7f0000000340)=ANY=[@ANYBLOB="02000000040000000800000001"], 0x48)
bpf$PROG_LOAD(0x5, &(0x7f0000000100)={0x1f, 0x11, &(0x7f0000000200)=ANY=[@ANYBLOB="18000000ffffffff000000000000000085000000a8000000b7080000000000007b8af8ff00000000b7080000000000007b8af0ff00000000bfa100000000000007010000f8ffffffbfa400000000000007040000f0ff"], &(0x7f0000000b00)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x1a, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x94)
r1 = socket$nl_generic(0x10, 0x3, 0x10)
r2 = socket$alg(0x26, 0x5, 0x0)
bind$alg(r2, &(0x7f00000004c0)={0x26, 'skcipher\x00', 0x0, 0x0, 'cbc-camellia-asm\x00'}, 0x58)
setsockopt$ALG_SET_KEY(r2, 0x117, 0x1, &(0x7f0000000280)="ad56b6c5820fae9d6dcd3292ea54c7beef915d564c90c200", 0x18)
r3 = accept4(r2, 0x0, 0x0, 0x800)
sendmmsg$alg(r3, &(0x7f0000000040)=[{0x0, 0x0, &(0x7f0000000000)=[{&(0x7f0000000080)="f78d9ca38fff48f3be52163448412ba8", 0xfffffe3f}, {&(0x7f0000000140)="ebe3a0e9796cfd1647e299f4e376fdba128280b372219d205e81f4a7f71c1926aae1efd7e0054a863f3d5cfe6cb55b5bb9fa6935849e6098ed884e7cb51726b360fbb37b4fe035bbb095873048"}, {&(0x7f00000003c0)="e8700e444d50a969ff67347cff6127e6ef12ee3819271482a4975a52c1ab9b8b4db3945d1032005eabe97b4dc33a47d3a158da988456d30026b433186f53cdcdb93a4722bf306a10470d50f5cb1ece9ead3459bab1cf1538cd0b157653c5e892962c80f158c443e9c6ad7d2a8103ef2f4b93766b9a21501f94c1568b13756b66f74f46cf801704d2da8b96c34070b233af0afcc436712e58ed25e721193af05a045ad3fdc928f02f3dbad19d3e66eebda2e63f3f46ef4511cee26d7b48241847bf9e343ef4674c45e2a085060f11"}], 0x1, &(0x7f0000000380)=[@op={0x18, 0x117, 0x3, 0x1}], 0x18}], 0x1, 0x40800)
recvmsg(r3, &(0x7f00000005c0)={0x0, 0x0, &(0x7f00000001c0)=[{&(0x7f00000000c0)=""/81, 0x7ffff000}, {&(0x7f0000000200)=""/83, 0x20000253}], 0x2}, 0x0)
r4 = syz_genetlink_get_family_id$nl80211(&(0x7f0000000080), 0xffffffffffffffff)
ioctl$sock_SIOCGIFINDEX_80211(r1, 0x8933, &(0x7f00000013c0)={'wlan1\x00', <r5=>0x0})
sendmsg$NL80211_CMD_FRAME(r1, &(0x7f0000001380)={0x0, 0x0, &(0x7f0000001340)={&(0x7f0000000680)=ANY=[@ANYBLOB="f4060000", @ANYRES16=r4, @ANYRES32=r5, @ANYBLOB="d506330080000000ffffffffffff080211000001"], 0x6f4}}, 0x0)

12m1.889472055s ago: executing program 2 (id=361):
sendmsg$nl_route(0xffffffffffffffff, &(0x7f0000000300)={0x0, 0x0, &(0x7f0000000080)={&(0x7f0000000040)=ANY=[], 0x44}, 0x1, 0x0, 0x0, 0x10}, 0x0)
sendmsg$nl_route_sched(0xffffffffffffffff, 0x0, 0x0)
clock_nanosleep(0xb, 0x0, &(0x7f0000000000)={0x77359400}, 0xfffffffffffffffe)
clock_adjtime(0x0, &(0x7f0000000040)={0xd4e, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2, 0x0, 0x3})

12m0.16124396s ago: executing program 2 (id=366):
mkdirat(0xffffffffffffff9c, &(0x7f0000000780)='./file1\x00', 0x0)
mount$fuse(0x0, 0x0, 0x0, 0xfc5cd7921c2c19c4, &(0x7f0000000400)=ANY=[@ANYBLOB='fd=', @ANYRESHEX=0x0])
mount(0x0, &(0x7f0000000380)='./file1\x00', &(0x7f0000000040)='autofs\x00', 0x0, &(0x7f0000000400))
chdir(&(0x7f0000000080)='./file1\x00')
r0 = syz_clone(0x0, 0x0, 0x0, 0x0, 0x0, 0x0)
mkdir(&(0x7f0000000300)='./bus\x00', 0x0)
chdir(&(0x7f00000003c0)='./bus\x00')
setpgid(r0, 0x0)
setpgid(0x0, r0)
openat(0xffffffffffffff9c, &(0x7f0000000680)='./bus\x00', 0x4100, 0xd1)

11m58.08343506s ago: executing program 2 (id=368):
syz_mount_image$udf(&(0x7f0000000080), &(0x7f0000000180)='./file1\x00', 0x4040, &(0x7f00000015c0)=ANY=[@ANYBLOB='lastblock=00000000000000000000,umask=00000000000000000000002,dmode=00000000000000000077777,novrs,shortad,shortad,undelete,iocharset=cp437,shortad,umask=00000000000000000000006,dmode=00000000000000000000011,fileset=00000000000000000011,uid=', @ANYRES8=0x0, @ANYRESDEC=0x0, @ANYBLOB="cdf7c0c4ada580d5d36bd90806b670b73bb5112f75ca483652cf9b8a22555c3af34a84c5747ac51aa890ca205a0f27d7dde81ad3a01f21810b6de2d56be05416c54e1c6e8459e1643b129327581f7716b38db3d3f3bbeb6d1b846a2aad654e1795850a1f82ac738387d9c3009d18eb2a78258fcc4ac4eb6a12a5650e10ebf077d9ab33f24de7cbffe0", @ANYRESHEX], 0x2, 0xc3f, &(0x7f0000001780)="$eJzs3U9sHNd9B/DfGy3FpdxWTOwoThoXm7ZIZcVy9S+mYhXuqqbZBpBlIRRzC8CVSKkLUyRBUo1spAXTSw89BCiKHnIi0BoFUjQwmiLokWldILn4UOTUE9HCRlD0wBYBcgoYzOxbcUWRNi3+EWV9Prb43Z19b+a9eesZWdCbFwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAABAxB+8cvHU6fSwWwEA7KfLo189dcb9HwAeK1f9/z8AAAAAAAAAAAAAABx0KYp4MlLMXl5N49X7jvqldt/tO2PDI5tXG0hVzUNV+fJX/fSZs+e+9MLQ+W5eak9/QP3d9tl4bfTqxcbLM7dm5ybn5ycnGmPT7eszE5Pb3sNO6290ojoBjVuv3564cWO+ceb5s/d8fGfw/f4njg1eGHr25DPdsmPDIyOj60XqveVrD9yQjq1meByOIk5Giue+99PUiogidn4u6vs79hsNVJ04UXVibHik6shUuzW9UH54pXsiiohGT6Vm9xxtPhZR69vXPmytGbFYNr9s8Imye6OzrbnWtanJxpXW3EJ7oT0zfSV1Wlv2pxFFnE8RSxGx0n//7vqiiFqk+M7R1XQtIg51z8MXq4nBW7ej2MM+bkPZzkZfxFLxCIzZAdYfRbwaKX72zvG4nq8z1bXmCxGvlvmDiLfKfCkilV+McxHvbfI94tFUiyL+shz/C6tporoedK8rl77W+Mr0jZmest3ryke8P9x3pXhI94eBDbk/7rs2Ha1+HpRrUz2KaFVX/NX04L/ZAQAAAAAAAAAAAAAAAGC3DUQRn4kUr/zHn1TziqOal370wtAfDv5q75zxpz9kP2XZ5yNisdjenNzDeWLglXQlpYc8l/hxVo8i/jTP//vWw24MAAAAAAAAAAAAAAAAAADAY62In0SKF989npaid03x9vTNxtXWtanOqrDdtX+7a6avra2tNVInmznHcy7mXMq5nHMlZxS5fs5mzvGcizmXci7nXMkZh3L9nM2c4zkXcy7lXM65kjNquX7OZs7xnIs5l3Iu51zJGQdk7V4AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAgI+TIor4RaT49jdWU6SIaEaMRyeX+x926wAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAACAUn8q4vuRovFHzbvbahGRqn87jpc/zkXzcJmfjOZQmS9F82LOVpW15rceQvvZmb5UxI8jRX/97bsDnse/r/Pu7tcg3vrm+rvP1jp5qPvh4Pv9Txw7emFo5Dee3up12qwBJy61p2/faYwNj4yM9myu5aN/smfbYD5usTtdJyLm33jz9dbU1OTcg78ovwIPUr0c4Z0ffT9fpNqD9dSLR/RF1A5EMx5O33kMlPf/9yLF7777n90bfuf+X49f6by7e4ePn//Z+v3/xY072ub9v7axXr7/l/f0ze7/T/ZsezH/bqSvFlFfuDXbdyyiPv/Gmyfbt1o3J29OTp87derLQ0NfPnuq73BE/UZ7arLn1a6cLgAAAAAAAAAAAAAAAID9k4r4/UjR+vFqakTEnWq+1uCFoWdPPnMoDlXzre6Zt/3a6NWLjZdnbs3OTc7PT040xqbb12cmJrd7uHo13WtseGRPOvOhBva4/QP1l2dm35hr3/zjhU0/P1K/eG1+Ya51ffOPYyCKiGbvlhNVg8eGR6pGT7Vb01XVK5tOpv/o+lIR/xUprp9rpM/nbXn+/8YZ/vfM/1/cuKM9mv//iZ5t5TFTKuLnkeJ3/urp+HzVziNx3znL5f4uUpw4/7lcLg6X5bpt6DxXoDMzsCz7f5Hin35xb9nufMgn18ue3vaJfUSU4380Unz/L74bv5m33fv8h83H/8jGHe3R+D/Vs+3IPc8r2HHXyeN/MlK89OTb8Vt52wc9/6P77I3jufDd53Ps0fh/qmfbYD7ub+9O1wEAAAAAAAAAAB5pfamIv48UPxyppRfytu38/b+JjTvao7//9emebRO7s17Rh77Y8UkFAAAAgAOiLxXxk0hxc+Htu3Oo753/3TP/8/fW538Opw2fVn/O92vVcwN288//eg3m447vvNsAAAAAAAAAAAAAAAAAAABwoKRUxAt5PfXxaj7/xJbrqS9Hilf+57lcLh0ry3XXgR+sftYvz0yfvDg1NXO9tdC6NjXZGJ1tXZ8s6z4VKVb/9nO5blGtr95db76zxvv6WuxzkWLkH7plO2uxd9cmf2q97Omy7CcixX//471lu+tYf2q97Jmy7N9Eiq//y+Zlj62XPVuW/W6k+NHXG92yR8qy3eejfnq97PPXZ4o9GBUAAAAAAAAAAAAAAAAAAAAeN32piD+PFP97a+nuXP68/n9fz9vKW9/sWe9/gzvVOv+D1fr/W71+kPX/q+cKLG51VAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA+HhKUcSbkWL28mpa7i/fd9Qvtadv3xkbHtm82kCqah6qype/6qfPnD33pReGznfzg+vvts/Ea6NXLzZenrk1Ozc5Pz850Ribbl+fmZjc9h52Wn+jE9UJaNx6/fbEjRvzjTPPn73n4zuD7/c/cWzwwtCzJ5/plh0bHhkZ7SlT63vgo98nbbH9cBTx15Hiue/9NP2wP6KInZ+L+747u9iPbRioOnGi6sTY8EjVkal2a3qh/PBK90QUEY2eSs3uOdqHsdiRZsRi2fyywSfK7o3OtuZa16YmG1dacwvthfbM9JXUaW3Zn0YUcT5FLEXESv/9u+uLIl6PFN85upr+tT/iUPc8fPHy6FdPndm6HcUe9nEbynY2+iKWikdgzA6w/ijinyPFz945Hv/WH1GLzq/4QsSrZf4g4q3ojHcqvxjnIt7b5HvEo6kWRfx/Of4XVtM7/flSXV1XLn2t8ZXpGzM9ZbvXlV2/P+yvgX092gG/NtWjiB9VV/zV9O/+uwYAAAAAAAAAAAAAAAA4QIr49Ujx4rvHUzU/+O6c4vb0zcbV1rWpzrS+7ty/7pzptbW1tUbqZDPneM7FnEs5l3Ou5Iwi18/ZLLO+tjae3y/mXMq5nHMlZxzK9XM2c47nXMy5lHM550rOqOX6OZs5x3Mu5lzKuZxzJec+z2cHAAAAAAAAAAAAAAAAAAAeE0X1T4pvf2M1rfV31pcej04uWw/0Y++XAQAA//8acfcO")
prlimit64(0x0, 0xe, &(0x7f00000007c0)={0x8, 0x88}, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000080)=0x8)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
openat$sequencer(0xffffffffffffff9c, &(0x7f0000000300), 0x0, 0x0)
r0 = syz_open_dev$sndmidi(&(0x7f00000004c0), 0x2, 0x141102)
writev(r0, &(0x7f0000000840)=[{&(0x7f00000002c0)="94", 0xf000}, {0x0}], 0x2)
r1 = socket$nl_netfilter(0x10, 0x3, 0xc)
sendmsg$IPSET_CMD_CREATE(r1, &(0x7f0000000100)={0x0, 0x0, &(0x7f00000000c0)={&(0x7f0000000140)=ANY=[@ANYBLOB="4c0000000206248200000000000000000000fcff04000100070000000900020073ffff0000000000050005000a000000050004000000000011000300686173683a69702c706f72740000"], 0x4c}}, 0x0)
sendmsg$IPSET_CMD_ADD(r1, &(0x7f00000002c0)={0x0, 0x0, &(0x7f0000000240)={&(0x7f0000000400)=ANY=[@ANYBLOB], 0x2c}, 0x1, 0x0, 0x0, 0x10000082}, 0x80)
prctl$PR_SET_IO_FLUSHER(0x43, 0x1)
r2 = socket$nl_netfilter(0x10, 0x3, 0xc)
sendmsg$IPSET_CMD_SWAP(r2, &(0x7f00000018c0)={0x0, 0x0, &(0x7f0000001880)={&(0x7f0000000200)=ANY=[@ANYBLOB="1c00000086060108000000000000000000000007050001000700634e3fa1ee0000"], 0x1c}, 0x1, 0x0, 0x0, 0x4000000}, 0x40)
prctl$PR_SET_IO_FLUSHER(0x43, 0x0)
r3 = socket$inet6_sctp(0xa, 0x5, 0x84)
setsockopt$inet_sctp6_SCTP_DELAYED_SACK(r3, 0x84, 0x10, &(0x7f0000000080)=@sack_info={0x0, 0x6, 0xfffffffe}, 0xc)
getsockopt$inet_sctp6_SCTP_DELAYED_SACK(r3, 0x84, 0x10, &(0x7f00000000c0)=@sack_info={0x0, 0x6, 0x3}, &(0x7f0000000540)=0xc)
r4 = socket$inet6_sctp(0xa, 0x1, 0x84)
setsockopt$inet_sctp6_SCTP_ENABLE_STREAM_RESET(r4, 0x84, 0x76, &(0x7f00000003c0)={0x0, 0x7}, 0x8)
setsockopt$inet_sctp6_SCTP_RECONFIG_SUPPORTED(r4, 0x84, 0x75, &(0x7f0000000000)={0x0, 0xca}, 0x8)
setsockopt$inet_sctp_SCTP_SOCKOPT_BINDX_ADD(r4, 0x84, 0x64, &(0x7f0000000040)=[@in6={0xa, 0x4e23, 0x0, @loopback}], 0x1c)
sendmmsg$inet6(r4, &(0x7f0000000b40)=[{{&(0x7f0000000180)={0xa, 0x4e23, 0x0, @loopback}, 0x1c, &(0x7f0000002180)=[{&(0x7f0000000140)="e9", 0x1}], 0x1}}], 0x1, 0x600c000)
r5 = syz_open_procfs(0x0, &(0x7f0000000240)='mountinfo\x00')
mount$9p_fd(0x0, 0x0, &(0x7f0000000080), 0x0, &(0x7f0000000280)=ANY=[@ANYBLOB='trans=fd,rfdno=', @ANYRESHEX=r5, @ANYBLOB=',wfdno=', @ANYRESHEX=r5, @ANYBLOB="e4340000"])
umount2(&(0x7f0000000040)='.\x00', 0x2)
setsockopt$inet_sctp6_SCTP_RESET_STREAMS(r4, 0x84, 0x77, &(0x7f00000001c0)=ANY=[@ANYRESHEX=r3], 0xc)
r6 = syz_init_net_socket$bt_hci(0x1f, 0x3, 0x1)
getsockopt$inet_IP_IPSEC_POLICY(r6, 0x0, 0x10, 0x0, &(0x7f0000000780))

11m41.46684944s ago: executing program 32 (id=368):
syz_mount_image$udf(&(0x7f0000000080), &(0x7f0000000180)='./file1\x00', 0x4040, &(0x7f00000015c0)=ANY=[@ANYBLOB='lastblock=00000000000000000000,umask=00000000000000000000002,dmode=00000000000000000077777,novrs,shortad,shortad,undelete,iocharset=cp437,shortad,umask=00000000000000000000006,dmode=00000000000000000000011,fileset=00000000000000000011,uid=', @ANYRES8=0x0, @ANYRESDEC=0x0, @ANYBLOB="cdf7c0c4ada580d5d36bd90806b670b73bb5112f75ca483652cf9b8a22555c3af34a84c5747ac51aa890ca205a0f27d7dde81ad3a01f21810b6de2d56be05416c54e1c6e8459e1643b129327581f7716b38db3d3f3bbeb6d1b846a2aad654e1795850a1f82ac738387d9c3009d18eb2a78258fcc4ac4eb6a12a5650e10ebf077d9ab33f24de7cbffe0", @ANYRESHEX], 0x2, 0xc3f, &(0x7f0000001780)="$eJzs3U9sHNd9B/DfGy3FpdxWTOwoThoXm7ZIZcVy9S+mYhXuqqbZBpBlIRRzC8CVSKkLUyRBUo1spAXTSw89BCiKHnIi0BoFUjQwmiLokWldILn4UOTUE9HCRlD0wBYBcgoYzOxbcUWRNi3+EWV9Prb43Z19b+a9eesZWdCbFwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAABAxB+8cvHU6fSwWwEA7KfLo189dcb9HwAeK1f9/z8AAAAAAAAAAAAAABx0KYp4MlLMXl5N49X7jvqldt/tO2PDI5tXG0hVzUNV+fJX/fSZs+e+9MLQ+W5eak9/QP3d9tl4bfTqxcbLM7dm5ybn5ycnGmPT7eszE5Pb3sNO6290ojoBjVuv3564cWO+ceb5s/d8fGfw/f4njg1eGHr25DPdsmPDIyOj60XqveVrD9yQjq1meByOIk5Giue+99PUiogidn4u6vs79hsNVJ04UXVibHik6shUuzW9UH54pXsiiohGT6Vm9xxtPhZR69vXPmytGbFYNr9s8Imye6OzrbnWtanJxpXW3EJ7oT0zfSV1Wlv2pxFFnE8RSxGx0n//7vqiiFqk+M7R1XQtIg51z8MXq4nBW7ej2MM+bkPZzkZfxFLxCIzZAdYfRbwaKX72zvG4nq8z1bXmCxGvlvmDiLfKfCkilV+McxHvbfI94tFUiyL+shz/C6tporoedK8rl77W+Mr0jZmest3ryke8P9x3pXhI94eBDbk/7rs2Ha1+HpRrUz2KaFVX/NX04L/ZAQAAAAAAAAAAAAAAAGC3DUQRn4kUr/zHn1TziqOal370wtAfDv5q75zxpz9kP2XZ5yNisdjenNzDeWLglXQlpYc8l/hxVo8i/jTP//vWw24MAAAAAAAAAAAAAAAAAADAY62In0SKF989npaid03x9vTNxtXWtanOqrDdtX+7a6avra2tNVInmznHcy7mXMq5nHMlZxS5fs5mzvGcizmXci7nXMkZh3L9nM2c4zkXcy7lXM65kjNquX7OZs7xnIs5l3Iu51zJGQdk7V4AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAgI+TIor4RaT49jdWU6SIaEaMRyeX+x926wAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAACAUn8q4vuRovFHzbvbahGRqn87jpc/zkXzcJmfjOZQmS9F82LOVpW15rceQvvZmb5UxI8jRX/97bsDnse/r/Pu7tcg3vrm+rvP1jp5qPvh4Pv9Txw7emFo5Dee3up12qwBJy61p2/faYwNj4yM9myu5aN/smfbYD5usTtdJyLm33jz9dbU1OTcg78ovwIPUr0c4Z0ffT9fpNqD9dSLR/RF1A5EMx5O33kMlPf/9yLF7777n90bfuf+X49f6by7e4ePn//Z+v3/xY072ub9v7axXr7/l/f0ze7/T/ZsezH/bqSvFlFfuDXbdyyiPv/Gmyfbt1o3J29OTp87derLQ0NfPnuq73BE/UZ7arLn1a6cLgAAAAAAAAAAAAAAAID9k4r4/UjR+vFqakTEnWq+1uCFoWdPPnMoDlXzre6Zt/3a6NWLjZdnbs3OTc7PT040xqbb12cmJrd7uHo13WtseGRPOvOhBva4/QP1l2dm35hr3/zjhU0/P1K/eG1+Ya51ffOPYyCKiGbvlhNVg8eGR6pGT7Vb01XVK5tOpv/o+lIR/xUprp9rpM/nbXn+/8YZ/vfM/1/cuKM9mv//iZ5t5TFTKuLnkeJ3/urp+HzVziNx3znL5f4uUpw4/7lcLg6X5bpt6DxXoDMzsCz7f5Hin35xb9nufMgn18ue3vaJfUSU4380Unz/L74bv5m33fv8h83H/8jGHe3R+D/Vs+3IPc8r2HHXyeN/MlK89OTb8Vt52wc9/6P77I3jufDd53Ps0fh/qmfbYD7ub+9O1wEAAAAAAAAAAB5pfamIv48UPxyppRfytu38/b+JjTvao7//9emebRO7s17Rh77Y8UkFAAAAgAOiLxXxk0hxc+Htu3Oo753/3TP/8/fW538Opw2fVn/O92vVcwN288//eg3m447vvNsAAAAAAAAAAAAAAAAAAABwoKRUxAt5PfXxaj7/xJbrqS9Hilf+57lcLh0ry3XXgR+sftYvz0yfvDg1NXO9tdC6NjXZGJ1tXZ8s6z4VKVb/9nO5blGtr95db76zxvv6WuxzkWLkH7plO2uxd9cmf2q97Omy7CcixX//471lu+tYf2q97Jmy7N9Eiq//y+Zlj62XPVuW/W6k+NHXG92yR8qy3eejfnq97PPXZ4o9GBUAAAAAAAAAAAAAAAAAAAAeN32piD+PFP97a+nuXP68/n9fz9vKW9/sWe9/gzvVOv+D1fr/W71+kPX/q+cKLG51VAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA+HhKUcSbkWL28mpa7i/fd9Qvtadv3xkbHtm82kCqah6qype/6qfPnD33pReGznfzg+vvts/Ea6NXLzZenrk1Ozc5Pz850Ribbl+fmZjc9h52Wn+jE9UJaNx6/fbEjRvzjTPPn73n4zuD7/c/cWzwwtCzJ5/plh0bHhkZ7SlT63vgo98nbbH9cBTx15Hiue/9NP2wP6KInZ+L+747u9iPbRioOnGi6sTY8EjVkal2a3qh/PBK90QUEY2eSs3uOdqHsdiRZsRi2fyywSfK7o3OtuZa16YmG1dacwvthfbM9JXUaW3Zn0YUcT5FLEXESv/9u+uLIl6PFN85upr+tT/iUPc8fPHy6FdPndm6HcUe9nEbynY2+iKWikdgzA6w/ijinyPFz945Hv/WH1GLzq/4QsSrZf4g4q3ojHcqvxjnIt7b5HvEo6kWRfx/Of4XVtM7/flSXV1XLn2t8ZXpGzM9ZbvXlV2/P+yvgX092gG/NtWjiB9VV/zV9O/+uwYAAAAAAAAAAAAAAAA4QIr49Ujx4rvHUzU/+O6c4vb0zcbV1rWpzrS+7ty/7pzptbW1tUbqZDPneM7FnEs5l3Ou5Iwi18/ZLLO+tjae3y/mXMq5nHMlZxzK9XM2c47nXMy5lHM550rOqOX6OZs5x3Mu5lzKuZxzJec+z2cHAAAAAAAAAAAAAAAAAAAeE0X1T4pvf2M1rfV31pcej04uWw/0Y++XAQAA//8acfcO")
prlimit64(0x0, 0xe, &(0x7f00000007c0)={0x8, 0x88}, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000080)=0x8)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
openat$sequencer(0xffffffffffffff9c, &(0x7f0000000300), 0x0, 0x0)
r0 = syz_open_dev$sndmidi(&(0x7f00000004c0), 0x2, 0x141102)
writev(r0, &(0x7f0000000840)=[{&(0x7f00000002c0)="94", 0xf000}, {0x0}], 0x2)
r1 = socket$nl_netfilter(0x10, 0x3, 0xc)
sendmsg$IPSET_CMD_CREATE(r1, &(0x7f0000000100)={0x0, 0x0, &(0x7f00000000c0)={&(0x7f0000000140)=ANY=[@ANYBLOB="4c0000000206248200000000000000000000fcff04000100070000000900020073ffff0000000000050005000a000000050004000000000011000300686173683a69702c706f72740000"], 0x4c}}, 0x0)
sendmsg$IPSET_CMD_ADD(r1, &(0x7f00000002c0)={0x0, 0x0, &(0x7f0000000240)={&(0x7f0000000400)=ANY=[@ANYBLOB], 0x2c}, 0x1, 0x0, 0x0, 0x10000082}, 0x80)
prctl$PR_SET_IO_FLUSHER(0x43, 0x1)
r2 = socket$nl_netfilter(0x10, 0x3, 0xc)
sendmsg$IPSET_CMD_SWAP(r2, &(0x7f00000018c0)={0x0, 0x0, &(0x7f0000001880)={&(0x7f0000000200)=ANY=[@ANYBLOB="1c00000086060108000000000000000000000007050001000700634e3fa1ee0000"], 0x1c}, 0x1, 0x0, 0x0, 0x4000000}, 0x40)
prctl$PR_SET_IO_FLUSHER(0x43, 0x0)
r3 = socket$inet6_sctp(0xa, 0x5, 0x84)
setsockopt$inet_sctp6_SCTP_DELAYED_SACK(r3, 0x84, 0x10, &(0x7f0000000080)=@sack_info={0x0, 0x6, 0xfffffffe}, 0xc)
getsockopt$inet_sctp6_SCTP_DELAYED_SACK(r3, 0x84, 0x10, &(0x7f00000000c0)=@sack_info={0x0, 0x6, 0x3}, &(0x7f0000000540)=0xc)
r4 = socket$inet6_sctp(0xa, 0x1, 0x84)
setsockopt$inet_sctp6_SCTP_ENABLE_STREAM_RESET(r4, 0x84, 0x76, &(0x7f00000003c0)={0x0, 0x7}, 0x8)
setsockopt$inet_sctp6_SCTP_RECONFIG_SUPPORTED(r4, 0x84, 0x75, &(0x7f0000000000)={0x0, 0xca}, 0x8)
setsockopt$inet_sctp_SCTP_SOCKOPT_BINDX_ADD(r4, 0x84, 0x64, &(0x7f0000000040)=[@in6={0xa, 0x4e23, 0x0, @loopback}], 0x1c)
sendmmsg$inet6(r4, &(0x7f0000000b40)=[{{&(0x7f0000000180)={0xa, 0x4e23, 0x0, @loopback}, 0x1c, &(0x7f0000002180)=[{&(0x7f0000000140)="e9", 0x1}], 0x1}}], 0x1, 0x600c000)
r5 = syz_open_procfs(0x0, &(0x7f0000000240)='mountinfo\x00')
mount$9p_fd(0x0, 0x0, &(0x7f0000000080), 0x0, &(0x7f0000000280)=ANY=[@ANYBLOB='trans=fd,rfdno=', @ANYRESHEX=r5, @ANYBLOB=',wfdno=', @ANYRESHEX=r5, @ANYBLOB="e4340000"])
umount2(&(0x7f0000000040)='.\x00', 0x2)
setsockopt$inet_sctp6_SCTP_RESET_STREAMS(r4, 0x84, 0x77, &(0x7f00000001c0)=ANY=[@ANYRESHEX=r3], 0xc)
r6 = syz_init_net_socket$bt_hci(0x1f, 0x3, 0x1)
getsockopt$inet_IP_IPSEC_POLICY(r6, 0x0, 0x10, 0x0, &(0x7f0000000780))

6m9.374766286s ago: executing program 3 (id=1451):
r0 = socket$netlink(0x10, 0x3, 0x10)
bind$netlink(r0, &(0x7f0000514ff4)={0x10, 0x0, 0x0, 0x2ffffffff}, 0xc)
accept4(0xffffffffffffffff, 0x0, 0x0, 0x0)
bind$alg(0xffffffffffffffff, 0x0, 0x0)
syz_open_dev$usbfs(&(0x7f0000000100), 0x76, 0x101301)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x88}, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000240)=0x7)
getpid()
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={<r1=>0xffffffffffffffff, <r2=>0xffffffffffffffff})
connect$unix(r1, &(0x7f000057eff8)=@abs, 0x6e)
sendmmsg$unix(r2, &(0x7f0000000000), 0x651, 0x0)
recvmmsg(r1, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000000)=0x6)
r3 = socket$alg(0x26, 0x5, 0x0)
bind$alg(r3, &(0x7f0000000000)={0x26, 'skcipher\x00', 0x0, 0x0, 'cbc(des3_ede)\x00'}, 0x58)
setsockopt$ALG_SET_KEY(r3, 0x117, 0x1, &(0x7f0000c18000)="beef915d564c90c200"/24, 0x18)
r4 = accept$alg(r3, 0x0, 0x0)
write$binfmt_script(r4, &(0x7f0000004180), 0xff77)
recvmmsg(r4, &(0x7f0000000780)=[{{0x0, 0x0, 0x0}, 0x4}, {{0x0, 0x0, &(0x7f0000000500)=[{0x0}, {&(0x7f00000001c0)=""/51, 0x33}, {0x0}, {&(0x7f0000000400)=""/96, 0x60}, {0x0}], 0x5}, 0xb}], 0x2, 0x0, 0x0)

6m3.259441954s ago: executing program 3 (id=1467):
syz_open_procfs(0x0, 0x0)
r0 = bpf$PROG_LOAD(0x5, &(0x7f0000000080)={0x11, 0x8, &(0x7f0000000a80)=ANY=[], &(0x7f0000000100)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000640)={&(0x7f0000000080)='sched_switch\x00', r0}, 0x18)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000080)=0x8)
r1 = getpid()
sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2)
sched_setscheduler(r1, 0x2, &(0x7f0000000200)=0x7)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={<r2=>0xffffffffffffffff, <r3=>0xffffffffffffffff})
sendmmsg$unix(r3, &(0x7f0000000000), 0x651, 0x0)
recvmmsg(r2, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
mkdirat(0xffffffffffffff9c, &(0x7f0000002040)='./file0\x00', 0x0)
mkdirat(0xffffffffffffff9c, &(0x7f0000000340)='./file1\x00', 0x0)
mount(0x0, &(0x7f0000000140)='./file0\x00', &(0x7f0000000040)='sysfs\x00', 0x0, 0x0)
mkdir(&(0x7f0000000300)='./bus\x00', 0x0)
mount$overlay(0x0, &(0x7f00000000c0)='./bus\x00', &(0x7f0000000080), 0x0, &(0x7f0000000340)={[{@workdir={'workdir', 0x3d, './bus'}}, {@lowerdir={'lowerdir', 0x3d, './file0'}}, {@xino_on}, {@upperdir={'upperdir', 0x3d, './file1'}}]})
chdir(&(0x7f00000000c0)='./bus\x00')
chdir(&(0x7f00000000c0)='./bus\x00')
mkdir(&(0x7f0000000240)='./bus\x00', 0x0)
r4 = openat$dir(0xffffffffffffff9c, &(0x7f0000000040)='.\x00', 0x0, 0x60)
getdents(r4, &(0x7f0000000140)=""/194, 0xc2)

6m2.298597778s ago: executing program 3 (id=1472):
bpf$MAP_CREATE(0x0, &(0x7f0000000640)=ANY=[], 0x50)
r0 = userfaultfd(0x80801)
prlimit64(0x0, 0xe, &(0x7f00000007c0)={0x8, 0x88}, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000080)=0x8)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
openat$sequencer(0xffffffffffffff9c, &(0x7f0000000300), 0x0, 0x0)
r1 = syz_open_dev$sndmidi(&(0x7f0000000000), 0x2, 0x141102)
writev(r1, &(0x7f0000000840)=[{&(0x7f00000002c0)="94", 0xf000}, {0x0}], 0x2)
ioctl$UFFDIO_API(r0, 0xc018aa3f, &(0x7f00000000c0)={0xaa, 0x20})
ioctl$UFFDIO_REGISTER(r0, 0xc020aa00, &(0x7f0000000040)={{&(0x7f00000e2000/0xc00000)=nil, 0xc00000}, 0x1})
ioctl$UFFDIO_REGISTER(r0, 0xc020aa04, 0x0)

6m1.141850434s ago: executing program 3 (id=1476):
r0 = socket$igmp(0x2, 0x3, 0x2)
setsockopt$EBT_SO_SET_ENTRIES(r0, 0x0, 0x80, &(0x7f0000000080)=@broute={'broute\x00', 0x70, 0x0, 0x0, [0x0, 0x0, 0x0, 0x0, 0x200000001300, 0x200000001330], 0x0, 0x0, 0x0}, 0x108)
setsockopt$MRT_ADD_MFC_PROXY(r0, 0x0, 0xd2, &(0x7f0000000000)={@multicast1, @private=0xa010101, 0xffffffffffffffff, "103da7e949a5e3c90978e4b70438abe1e9a2114ee7e26fb0b9a66faa5887f5cd", 0xff, 0x9, 0x8, 0x1}, 0x3c)
r1 = socket$inet6_sctp(0xa, 0x5, 0x84)
setsockopt$inet6_IPV6_RTHDR(r1, 0x29, 0x39, &(0x7f0000000080)=ANY=[@ANYBLOB="00020201"], 0x18)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x88}, 0x0)
sched_setscheduler(0x0, 0x1, &(0x7f0000000240)=0x7)
r2 = getpid()
sched_setscheduler(r2, 0x2, &(0x7f0000000200)=0x7)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={<r3=>0xffffffffffffffff, <r4=>0xffffffffffffffff})
connect$unix(r3, &(0x7f000057eff8)=@abs, 0x6e)
sendmmsg$unix(r4, &(0x7f0000000000), 0x651, 0x0)
recvmmsg(r3, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000000)=0x6)
r5 = socket$nl_xfrm(0x10, 0x3, 0x6)
bind$netlink(r5, &(0x7f00000000c0)={0x10, 0x0, 0x0, 0x8822d55593a2179}, 0xc)
r6 = socket$nl_xfrm(0x10, 0x3, 0x6)
r7 = socket$vsock_stream(0x28, 0x1, 0x0)
ioctl$int_in(r7, 0x5421, &(0x7f0000000080)=0xfffffffffbfffffe)
bpf$PROG_LOAD(0x5, &(0x7f0000000440)={0xb, 0x6, &(0x7f0000000000)=@framed={{0x6, 0x0, 0x0, 0x0, 0x0, 0x69, 0x11, 0x4b}, [@func={0x85, 0x0, 0x1, 0x0, 0x2}, @call={0x85, 0x0, 0x0, 0x8c}, @exit], {0x95, 0x0, 0x5a5}}, &(0x7f0000000080)='GPL\x00', 0x5, 0x29e, &(0x7f000000cf3d)=""/195, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x6, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x70)
connect$vsock_stream(r7, &(0x7f0000000000)={0x28, 0x0, 0x0, @local}, 0x10)
shutdown(r7, 0x0)
sendmsg$nl_xfrm(r6, &(0x7f0000000180)={0x0, 0x0, &(0x7f00000001c0)={&(0x7f00000004c0)=ANY=[@ANYBLOB="3c010000190001000000000000000000e0000001000000000000000000000000fe8000000000000000000000000000aa4e220000000000000a00000000000000", @ANYRES32=0x0, @ANYRES32=0x0, @ANYBLOB="00000000000000000104000000000000feffffffffffffff030000000000000000000000000000000000000000000000000000000000000001000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000001000000000000008400050020010000000000000000000000000000000000002b00000000000000000000000000000000000000000500000000000002000700000000000000000000000000e00000020000000000000000000000004000000033"], 0x13c}}, 0x20040880)
sendmmsg$inet6(r1, &(0x7f0000000a80)=[{{&(0x7f0000000200)={0xa, 0x4e20, 0x4d7, @private0={0xfc, 0x0, '\x00', 0x1}, 0x3}, 0x1c, &(0x7f0000000900)=[{&(0x7f0000000400)="fc", 0x1}], 0x1}}], 0x1, 0x4c040)

6m0.189073338s ago: executing program 3 (id=1477):
r0 = socket$netlink(0x10, 0x3, 0x10)
bind$netlink(r0, &(0x7f0000514ff4)={0x10, 0x0, 0x0, 0x2ffffffff}, 0xc)
accept4(0xffffffffffffffff, 0x0, 0x0, 0x0)
bind$alg(0xffffffffffffffff, 0x0, 0x0)
syz_open_dev$usbfs(&(0x7f0000000100), 0x76, 0x101301)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x88}, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000240)=0x7)
getpid()
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={<r1=>0xffffffffffffffff, <r2=>0xffffffffffffffff})
connect$unix(r1, &(0x7f000057eff8)=@abs, 0x6e)
sendmmsg$unix(r2, &(0x7f0000000000), 0x651, 0x0)
recvmmsg(r1, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000000)=0x6)
r3 = socket$alg(0x26, 0x5, 0x0)
bind$alg(r3, &(0x7f0000000000)={0x26, 'skcipher\x00', 0x0, 0x0, 'cbc(des3_ede)\x00'}, 0x58)
setsockopt$ALG_SET_KEY(r3, 0x117, 0x1, &(0x7f0000c18000)="beef915d564c90c200"/24, 0x18)
r4 = accept$alg(r3, 0x0, 0x0)
write$binfmt_script(r4, &(0x7f0000004180), 0xff77)
recvmmsg(r4, &(0x7f0000000780)=[{{0x0, 0x0, 0x0}, 0x4}, {{0x0, 0x0, &(0x7f0000000500)=[{0x0}, {&(0x7f00000001c0)=""/51, 0x33}, {0x0}, {&(0x7f0000000400)=""/96, 0x60}, {0x0}], 0x5}, 0xb}], 0x2, 0x0, 0x0)

5m54.749277857s ago: executing program 3 (id=1498):
r0 = ioctl$KVM_CREATE_VM(0xffffffffffffffff, 0xae01, 0x0)
ioctl$KVM_CREATE_VCPU(r0, 0xae41, 0x2)
r1 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000100), 0x0, 0x0)
r2 = ioctl$KVM_CREATE_VM(r1, 0xae01, 0x0)
ioctl$KVM_SET_USER_MEMORY_REGION(r2, 0x4020ae46, &(0x7f0000000080)={0x0, 0x3, 0x0, 0x3d70000000, &(0x7f0000ffe000/0x2000)=nil})
ioctl$KVM_CAP_MANUAL_DIRTY_LOG_PROTECT2(r2, 0x4068aea3, &(0x7f0000000140)={0xa8, 0x0, 0x1})
ioctl$KVM_GET_DIRTY_LOG(r2, 0x4010ae42, &(0x7f00000000c0)={0x0, 0x0, &(0x7f000000f000/0x2000)=nil})

5m38.686236008s ago: executing program 33 (id=1498):
r0 = ioctl$KVM_CREATE_VM(0xffffffffffffffff, 0xae01, 0x0)
ioctl$KVM_CREATE_VCPU(r0, 0xae41, 0x2)
r1 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000100), 0x0, 0x0)
r2 = ioctl$KVM_CREATE_VM(r1, 0xae01, 0x0)
ioctl$KVM_SET_USER_MEMORY_REGION(r2, 0x4020ae46, &(0x7f0000000080)={0x0, 0x3, 0x0, 0x3d70000000, &(0x7f0000ffe000/0x2000)=nil})
ioctl$KVM_CAP_MANUAL_DIRTY_LOG_PROTECT2(r2, 0x4068aea3, &(0x7f0000000140)={0xa8, 0x0, 0x1})
ioctl$KVM_GET_DIRTY_LOG(r2, 0x4010ae42, &(0x7f00000000c0)={0x0, 0x0, &(0x7f000000f000/0x2000)=nil})

2m51.204352318s ago: executing program 0 (id=2070):
prlimit64(0x0, 0xe, &(0x7f0000000140)={0xa, 0x200000000000008b}, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000080)=0x8)
r0 = getpid()
sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2)
sched_setscheduler(r0, 0x2, &(0x7f0000000200)=0x7)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={<r1=>0xffffffffffffffff, <r2=>0xffffffffffffffff})
connect$unix(r1, &(0x7f000057eff8)=@abs, 0x6e)
sendmmsg$unix(r2, &(0x7f0000000000), 0x651, 0x0)
recvmmsg(r1, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x10, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b704000000000000850000000100000095"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x94)
r3 = bpf$PROG_LOAD(0x5, &(0x7f00000005c0)={0x18, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000380)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000540)={&(0x7f0000000140)='sched_switch\x00', r3}, 0x10)
r4 = openat(0xffffffffffffff9c, &(0x7f0000000140)='./cgroup.cpu/cgroup.procs\x00', 0x80540, 0x188)
read$hiddev(r4, &(0x7f0000000080)=""/39, 0x27)

2m50.004409095s ago: executing program 0 (id=2075):
openat$kvm(0xffffffffffffff9c, &(0x7f0000000100), 0x103, 0x0)
r0 = socket$inet6_tcp(0xa, 0x1, 0x0)
setsockopt$inet6_tcp_TCP_ULP(r0, 0x6, 0x1f, 0x0, 0x0)
bpf$MAP_CREATE(0x0, 0x0, 0x48)
syz_init_net_socket$nfc_llcp(0x27, 0x2, 0x1)
prlimit64(0x0, 0xe, &(0x7f00000007c0)={0xb, 0x88}, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000080)=0x8)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
openat$sequencer(0xffffffffffffff9c, 0x0, 0x0, 0x0)
r1 = syz_open_dev$sndmidi(&(0x7f00000004c0), 0x2, 0x141102)
writev(r1, &(0x7f0000000840)=[{&(0x7f00000002c0)="94", 0xf000}, {0x0}], 0x2)
iopl(0x3)
init_module(&(0x7f0000000340)=ANY=[@ANYBLOB], 0x78, 0x0)
r2 = mq_open(&(0x7f0000000180)=' \x01\x9c\x147\xb3\xcf\xfc\xc3\xa2W)\xebs\x93\xa7\xc7!Q\x8f\xf6\xec\xa5fs\xf5l{T\x87r\xd2)r\xa7\xd6\bO\x9a\x98\xf52:\"\xf4\x12\xc0T+\xcd\x9fv|\x8d\xd5\xb2Dvc\x8e\x93\xd8\xd6\xa0\xc56\xd2x\xe3c:\x00\x00\x00\x00\x00\x00\x00\x00\x97\x97\x9c \xdc\xaavt\x18\xcen\xe4\x03\x84;7\xfb\x84r\xf4\xe7\xc9\b\x987\xaa\x85\xfb\x05%\xa8\xe5b\x81\x8e}\xe1r\xf7s2\x82\xe57&b', 0x41, 0x80, 0x0)
sendmsg$nl_route(0xffffffffffffffff, &(0x7f0000000300)={0x0, 0x0, &(0x7f0000000080)={0x0, 0x48}, 0x1, 0x0, 0x0, 0x10}, 0x0)
sendmsg$nl_route_sched(0xffffffffffffffff, &(0x7f00000096c0)={0x0, 0x0, &(0x7f0000000080)={&(0x7f00000003c0)=@newtaction={0x6c, 0x30, 0x9, 0x0, 0x0, {}, [{0x58, 0x1, [@m_vlan={0x54, 0x1, 0x0, 0x0, {{0x9}, {0x28, 0x2, 0x0, 0x1, [@TCA_VLAN_PARMS={0x1c, 0x2, {{0x0, 0x0, 0x0, 0x0, 0x6c05}, 0x3}}, @TCA_VLAN_PUSH_VLAN_ID={0x6}]}, {0x4}, {0xc}, {0xc}}}]}]}, 0x6c}}, 0x0)
sendmsg$nl_route_sched(0xffffffffffffffff, &(0x7f00000002c0)={0x0, 0x0, &(0x7f0000000280)={&(0x7f0000000180)=@newqdisc={0x24, 0x24, 0x200, 0x70bd2d, 0x25dfdbff, {0x0, 0x0, 0x0, 0x0, {0xd}, {0xffff, 0xffff}, {0x5, 0x4}}}, 0x24}, 0x1, 0x0, 0x0, 0x40011}, 0x40)
r3 = socket$netlink(0x10, 0x3, 0x0)
sendmmsg(r3, &(0x7f00000002c0), 0x40000000000009f, 0x0)
mmap(&(0x7f000074f000/0x1000)=nil, 0x1000, 0xb635773f04ebbeee, 0x11, r2, 0x15b77000)
close(0xffffffffffffffff)
socket$nl_route(0x10, 0x3, 0x0)
r4 = socket$nl_netfilter(0x10, 0x3, 0xc)
sendmsg$IPSET_CMD_CREATE(r4, &(0x7f0000000100)={0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x4}, 0x0)
syz_open_dev$dri(&(0x7f0000000080), 0xf003, 0x0)
ioctl$UFFDIO_REGISTER(0xffffffffffffffff, 0xc020aa00, &(0x7f0000000240)={{&(0x7f0000400000/0x1000)=nil, 0x20400000}, 0x1})
r5 = syz_open_dev$vbi(&(0x7f0000000000), 0x1, 0x2)
ioctl$VIDIOC_QBUF(r5, 0xc058565d, &(0x7f0000000200)=@fd={0x0, 0x5, 0x4, 0x0, 0x0, {}, {0x0, 0x0, 0x0, 0x0, 0x0, 0x0, "8000"}, 0x0, 0x2, {}, 0x20800})
close(0x3)
openat$nci(0xffffffffffffff9c, &(0x7f00000000c0), 0x2, 0x0)

2m46.543373625s ago: executing program 0 (id=2085):
prlimit64(0x0, 0xe, &(0x7f0000000140)={0xa, 0x200000000000008b}, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000080)=0x8)
r0 = getpid()
sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2)
sched_setscheduler(r0, 0x2, &(0x7f0000000200)=0x7)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={<r1=>0xffffffffffffffff, <r2=>0xffffffffffffffff})
connect$unix(r1, &(0x7f000057eff8)=@abs, 0x6e)
sendmmsg$unix(r2, &(0x7f0000000000), 0x651, 0x0)
recvmmsg(r1, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x10, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b704000000000000850000000100000095"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x94)
r3 = bpf$PROG_LOAD(0x5, &(0x7f00000005c0)={0x18, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000380)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000540)={&(0x7f0000000140)='sched_switch\x00', r3}, 0x10)
r4 = openat(0xffffffffffffff9c, &(0x7f0000000140)='./cgroup.cpu/cgroup.procs\x00', 0x80540, 0x188)
read$hiddev(r4, &(0x7f0000000080)=""/39, 0x27)

2m44.586037793s ago: executing program 0 (id=2088):
creat(&(0x7f0000000040)='./file0\x00', 0x0)
r0 = openat$fuse(0xffffffffffffff9c, &(0x7f0000002080), 0x42, 0x0)
mount$fuse(0x0, &(0x7f00000020c0)='./file0\x00', &(0x7f0000002100), 0x0, &(0x7f0000002140)=ANY=[@ANYBLOB='fd=', @ANYRESHEX=r0, @ANYBLOB=',rootmode=00000000000000000100000,user_id=', @ANYRESDEC=0x0, @ANYBLOB=',group_id=', @ANYRESDEC=0x0])
read$FUSE(r0, &(0x7f0000006380)={0x2020, 0x0, <r1=>0x0}, 0x2020)
write$FUSE_INIT(r0, &(0x7f0000000040)={0x50, 0x0, r1, {0x7, 0x1f}}, 0x50)
syz_fuse_handle_req(r0, &(0x7f00000021c0)="d56cea33946c0eae3241d3604bfce89adddb2eb96960338db7572fa254eb7c69dc0cb526989630e26224c258c8d70ccacc5564d67723f4756c0399174c5460c4995942d24092c36dc820e97344798b5bb45423f853bf50e374323abacf0388cd091016b7a3d7843f4d3ae1658bd34d967e3323a64908442788dbc99c1f4248da53fb5be2c8001236b994ca594e3b3c588beaf3cb1c32c072d768b9e665e7d87044fdfc1fd6452593e6793963153f3850bf85042a5c139799ba8f6cb8d877fc436c4f1601270d6e29d60a4c80d6315e46f4219494ce897127d0b76f5d681e90f4e9282468ef7993cd92076aed266c1db8b81b93adc4969c9b89b32b8768c9f39f2d148e933dbb651746a9364f49986ef73b4c29f647b82b83216bb8179fe5346fdacdc5fda4bd48875cd2f1cf57a0c9a91e059446bac310a6d68948675c35a8e442168fd84d78d9800e5b05bdbce3a6eac65bee7279a3628f2a08931d3d52ce490652c20f8ae529eaf24bf421dad976c68b234ee6f6210c9f9aac3a55c6939d6aa3805b95619546264ff3ff82d0dc690e8ead61b6ed528c3c117cd771a3b7feb214ce8d720640d97f14b399b7f46dc4aad83117e8e642ccb117d13f345536fc3801c124cfaf8aa7aafff6c8df3fdd4469c077eccbd8ddacad80d9113dfde26ae67b226185743b2d53667fb3016fe114f87484ab614ddf0887c4b2c85351ab21a0ece6c066a154b38b4d7c1792d2db2cc5f8ceb42078187949d354b7a08d1529f3d10814757179c860db031dad4a3dc13ca01d1013238ed5f7a9674fcc77f0d34e2118fb851c970d86ecf9de1cfdb8d3ab197480e263c3207c3d7ebe17f9547c7c56b08e83de875294d0fd68df1926ecac24350b2c70bd73e14122ed480c564353d34049e67c26036fc35d04022cd35d6ac00756d3b8550bb22ae80a4bd630a00268d07fa249b0bf545dfbf01bea2f12b30738c6e13156244eb24e6d69ba7c3acdbbefe8bbc06b821aebf836ca07a3cc7b6b24686ed8f3b23085c893e72188b797651c5ab5cceb1465414a325f793a3af6d06eed7eb734ad05bc1f6619e8485259f570a482a67273ee01fe15dd938afce026f1111c7a38ed6d1aba34f009ce1e99140fd0db2de74150541fd48dd2ec5b1d15669de2ffe3a198184b6186ccda31aa64c585ff8cb65b67fe1455753895a88b6ab4c6bf1bb8329739178147e6f15801bfa707bd9ec9da662573ce07af684bb7c880a7d63b0a0a7300881408c44e95c679ea32b0eab845d0b333f245e8d6006258678704aa8cccdaf80cc46138d5b7a0804fdfa34c91d61a0d2fa6c62e7d1a675e5743f845ab40ea5df0182d6eb9781905c94751c75a411699a76f48433142c5f109d5dfddcc0b1dc6254efd5ea50d6ffbc7b9ca031e1a0123844b63c48b964645c6d24707582825e219bcd61677ed4fc45ee1f4be91b4c1b856d65a86acf22b8b0d588bc473248ac040326b1490c2fea24bc0c0a721e2ed63e39973cd4d38df1001dba9b9d995c229655dd26f3cd3d64077ec111e2c370717cb4cd068e0d3a52f1027d3df953e1f1ac768a7215a3695722b1b6714ce43801451a9532212b651d073c780d61712aebadd145c1cd95c1dc0dcf51850046ae5771e365f45858a36e48afe563ec0afee3803ff6a35bc25217b53eda39bb813b8d3d728c21a0b80d014003143666c0d1398cc46a01aaaf97117edda217f984010e7c5cf32535a669d4f11f6b70e3a3b823987ef7c9f878415063bf05205e13bcf7acb287bd0bb0fce77529a711f0ed145ea2ecf2194658dff17c5681cf8c7ad8521d235a705292af4878b3f124be2df661026c091d6c07aae1a74c919f7478d1083f70b3a0fe00c2e220ab998b4595268b6f7cabbfc85e59dfb6ab7a794cd3fd70d5cc4d70ca933a4452df5a345cb31f3267de53519ba39c915d492cd4652843f1d30a5fb311e3b5d868347969f013c5e3b4841b22240abcb61a14ff567186766ce8f6ae64877f672835dbff4fcf19c8230d8a402397630effb698a8b0c9a28ae028d7938ffde488fd64113085bce504cd0551e0eb3730c3f781cbecf0c41d2338766d3f6096661c1f1bec3162b8a0c4099fccd9480e821df8782c2e070530befb62bccd8539fe9dc7d8d3f9bded1bb34db3f2d6050885c8f1d57f5e603f629de7491f5fd9fafcceb565abeaec838b10a763a00a4607d4330bdcedc066d8cf9790d806e03c219866bb8f053a6e602645436d1f469df1d5008f5dcd4bdb7ce5b76ec015a8f4693cb2a63ceb2be00bcf221f0ca32db4efaf8f7022622b335fa8dea4afdd86be10be6c4d66e5f57416add4480509cb98cf31cdda84644eeb782eea041d4bc0e005a20bccc3c4a08cefcdb91cc2c61d9231c4e36e96f6edd2133f9b34e7da90ce20d1c60ff223c6a204bb942766a359b923573bbbaf2a827d79e4f649e79a840216ac4ddb3409c94e71ff08d109bc3f0cf6583219de7d7131a956f835ecf5c131a0b1e056a86d800a0204243f3b695029578c064306a31db53f28a8f0c0302486cd05970904e9b5c53100ac1aabb3110a89820e4d8307c3d46084999d0456c53fec61a9242b486eb41a90f3300fdfd0d8a472e8da7a842588721d1df1f5e4cc425efebc75a904ef4cc881346a4bc23eef4d492e3efccebab86ae4213f42671370579ee7f8341396e9515619e100a8fae2c5cba0139a088579ece7a603c8b8bab9998223fe862dff8480aeaa5970c90b894e5f71c2784e4dfd50ed3e9ed91036e8356c09464de13b4a95227203133b2c2c71cd6323492f083bda58ad7721b6666b9cd93f93f0288482813fd8aade02cca81cd35257e023504ac4f86be1c7a810b67c6d7077f5cdbd305b618a05c03d196894bfb1a6ff511e59ac8ce45d16cee95e1de0797a543728caaa43e5ae42a12b6bb7910d18d4e1ea89d264491287eb23a76095a12a39c46a7c85349e2969edaed3c1fa6a2150494f63f4c98c65fcdd650ac7424ac1ae64421294356ac1e4dbf9d4c817f081f4f7751ebf56788d799bac29dc0bfe83ead7ab3e338b8b84df4cad2b549aaac4e6048a6fa8f8f6f1f7e0e51c8b3c872f18c466e590222b03230f46bc8e9a0171bbd2096c7a480d6a6f29bd74b60105bebda42e59cc830c4b31f6c52687b4ec2ba869149ae363d711d099f94ceade1ada193e931ed9aea0a280ed5f25ad5ab3b4083f140ca17b43e5f6aef2c24a28a0262c80a040187e052ea7d54a528b6fcc176ed3afc07fe6a661d050fb4a3a6abfa3dac5f3230540b45af060781cb5499c2894d6a4a2bf908ddd48d6b34207f56c31229e206c88db3552ceb6e82a0fa2bf7f97baf603d37d6a8b1f2b1f5f95b251129ed05351681908b7cf5cf6cc86dd854174cc19713b4d262b021952b6da5f20f57bbacca62f5b7124409aa625bbea59819baebc1bc2dd188feba48c998d0dbed60d44b8a4f0ac28f6c1c8c9998f7406f1a34e4ce902be2420f7ff51a5ab3b1faa86ab2ec1edbea2493cae090abde43ff27d685c993dedb24eb255772cc56fbd104f4f5275f10d54d7cacb8cbf188ae1a4d29ea880068fb2696b3ba6e8a7c15939e1f7c394ab4bd4c4bef2383121cbeb18646a8e013d570cee3eeecd7fbe84a619f8aa2e34f2e1e9b99d0c7d7d179d9df8d2e2f1cd7ba2c7e60166dc14e5e4ed9c41195935e2884b5bd0057ed0155a5d4c6482e8f554e4cd0d0aef7d6487801ab54d54eb41755d833ab83883b40f47595063ad2a0fee5c661f86b8ab04ad0047d988ad86b3c520eb78dc3d750a57e777f5d766349f1a687e090f744206cb5d048346061b414060f6826d8a884e93f73f1f1f4cb8bd6e8d1215d436d390dbda35b555f550e11e6d8008fce1c429bd9bbd04a1fbb9de28663c1be4d8d7e506bc681ada28a69014b972919b5f70cbb770349324c9af0b7ee7ff4cc8bfe807fb9faa0a69498448b22192d578a1e82582b943051beb543ddca8b643ee6c76ee32278aa8bc92b44a8439a24ed5040545349ab05e831d4511a8da03ca539659585b2267a73775f1cb7c2c5548d3508c896f99a8e5cb55160ab1267e320ac2d7c8f8b57079dd14d301636a1374e24541f8d453978998ed256b381bcf638bb372ce1ebefb341656c02f4092a7667ffec5505e4938dcb03d404654430e244f9f7f7d0fb4189a93f7c2bd7a4fcb3ccff79e41a98adcac3e4c19eebebaec15bd8cea1df0e509cdef62ae10c66734d162caf35a6e511baa717f769c2e449892224fa8ae78de9138cf6ea1d939998a8cb68b0e83cf604e03b99634796d3d495e4617f8fdd9764631e7ed6eafa797deb1159259777bf2915d48b63286f6d6528ad4ca5783609263d9a03aad41ec8ef1e2e1e77734d27229f801192be238468854945c20dab4e1baff9dd593361efda1de95e04561d33cd73a45dff5f85b2e85b0747a49345ac8d38add8ef9c14685eb3d3432f3f994e3ddd4e45b16005870485253afc4f08d8a6d8023b722284d11d56c6ff9209a5bacb7ce1708244bd21878b8cd5c13ab453bd589f6196322de9faede39ce6f94c75d008d2d7ced27a2375cc62c3d5c15c1c4301a01299d8f4c41e5a44e4130e9555a356d6b19728c7d3c86cb9a1ddf906ab63a9447f8233bcd09bd74cf9749f085f0c4689ef40dbc41a7a299f0f891d9d0d3e39409d4d774da53bfb6e8ce668ce50885558e909add2cb9bda2f7e9232541b1a7f742a99740f486ef4f7c98e4052f2da705c56a18d5a8289ae6cbb9dc7de13a8cf420b7a930abaae813b40517d84ae984dfc94cd1021e0e4a7a9e7de841018d474083ca28a829ee03fe625cafcbedadcdef6621ccd679fcd9c9a9ab2136211f8c9a679895aa39facf2d6668e5098b3dd8e0ad78d8caf250dc38f2c9518bccb353ef3418d3906827514c1959d58344ee11a0ef1c1424495cc1a9910187685a47d6dd91f07e5081c5ac3f1b6e363069694dd9072684c5ab0ba56157c10f5fa8409e5bc43b38b31f24a306ca5f7e3de9a392eac1984e877ecb3dfd044f1449b4ae9b586051b1780c0ce462919f4a4b54ad8011d013c3962fc6697d33c2dc6771fec664c82cb16144619b207deb4391866d6c1976b945c5959d19018f15376ce3b05666747743527f22b54171da4dabee2f4e469a5521067de4f92e2bad02e15e812b6cbd27ec88a9eccf600ce7f5643392da9ff6b6412f8e7c68d8c8b9e0006e41777e2a1363a9556befbbb110dff3a84b179da3838acde0b25f53798733a9fb463d76b630aef7c8a43f6219482b34b893fd99cf3a013ecefde7c5c6528e304c1868ff3fd8dd5aba348a05dc950b1c4c281cbb28b800d6d0da180fdee06ec3bad6f97180295ed1d77078156a885b5b0c501ea563e8871adb97dd6052de0ab369bf2d98f434bb2d172d9967bb73d3eba6b52bb8d55d8963bf58d310afedb51c0f94c7814b6da30fd8056ab7be74ac31b1b75c217e3ab93eadcb2d253e5d8bbe47c0f1a411a9e502cf4301d898d905cd5db828e56a722394fa11cca64a03a42e7fc1b3481b71ca0b6a3d9bd1fc8229f7f9d3e6aa0d48051942579fb759201d4715db9a2d399e0745a66dbbd571accf1f2e15573ce832e91bd1f042ab758d9ec13e354f38454cc42668c8d60358916f7e937015f6c38732bcf6131ecde001892cb20fe47153e7e23b1cd2fc4a22662e7bde09f7df10fcbf475783fe23a0fdcb2c3bd8b28453ce523ac19ff77e68c3e9fa0193b796ea68f44132b3a96adebc04181e503f52be4778ef422ce3e6ca38514fa18b500ca518590479e8c73a7942dc2e237d82cda953ae1b296b97ee8ed62e2e755d6ddea7c0334e1b8d76c278bdc454724003106cb6fdc85340d1e784ac8b6551eaabc33c502163ce0d401627bd22ba6be90089372bfa3f91ee745e45844ef8dc0fe3936bef07f9c1d3aadfa4c8e99be6b038bed6beb9597add881da2acc1a3a471f500d68f639cd2bf6f4afab919a2cf747bcbb42b95684e8741b485c3297cf07c7bd98d6653421b61f701a06b82be0fbeecd32eb00feca9c5732bb5e565bccf8c9feb27a50760a785bbb50402768cbd458811e284a604b3374faf3480e1736743665617de9c32fd10e37105ac6dd5303f1a6dc78950bce56215c2a2f9e0ccbc0bf9fe8ccf7647ed29e2aa4948689d681a7a9fe582631338f3eea3df846f28564038ab75aa2a8ee5416b66ceeda9d8f56ecefe07f6a21ace83a2e15ad408d0a480f56708e3d1c96020b124c58f6ff5247f73aff7f77d389167650b8a0b98c97f87a1e5d6c08fa99874ff144bfa905e9da3812f010eeee00f3c9b594450faab5342e1b6e98fed5714a802b67b3e5b1964a62606aacb8222efd4980823f076675ae859e64de7b08f7a0b3d8bc829e1a93eb3b4975b4761cd7fa743e393da537c91f658ea2b23c94244498cdc4bc32c8b9859b9d9792eeabdce635b2d61c311949204826054dba0880505e2b53cc3521fa8b68bbba2ec05050bd3244c02752af1555625ddf50a3656c0043005c43c26a2dc907d5dd67efa831ad974151067b436a75fe99b8c94c9ca9737279fa1aaa09b0108c48c79c7e4ec1eeccfd43aa8e7ab6cacf5a956fc47d4ce77fe719d6eec1730d3e3b3be71d313f644177b6d16df0180848c28b850fbf71168a1ee4e5639bc46f2555b3984dbb91520538dfa6a1905abfb7238ff344d0a7d760f040718a57cfb56634e7de7584097f69f87630693bcf410796266cc3f50302feacfb556bad2506b7191023817527dfe5973101712bda922472076633133a11a76e8bc7d763a2cdaa53fa8d47d442fcc572f791d66d10d8d6a9058ecbbcd6d3dbe45d67b75e1091dd0368bea33ef0f56ba68885630429c24800922062e1066f2d4c4b795332ab03239548df4e6e01c432fe5eb29e8e63f6c7ba4f2edefa208c69e781786e4717c2f71dc2032a98cf1e6d66c10831e17ee776edc6b060ae20d025dc570a88e17da771acd32b7b93d46e43a917b8e2ba8232ad2707324b9b04dd8ee50c3c5a4372c0b1461ab2b7424faf00c7162bd8e8ffc7fadcb055403b0fa7087226ba4330e746af97a3f915f0b9e105759e81fe94a0df0cd6c324fb0b871491b5516c2fbc82c77b07159e3f4c0b7952b74cb4e203a69f241485191e1afc76d12a56db065b0513a41582f655340603c73cb39b728c97d1e919ecf963b91ec2282d25dc426db873394055beb0f9ba20545e2465ce2d0d962f42e1e4c79bdea4cd2829269ff7ef650bbeb5083d39dc7aad668af0b01c521192c548857473b29991f7bb917b5814fe945f4c3ed9bbe0563f4004b391b76860e9fd6b7c0baae82e4ac033f62a2c6ce6a2311b8700b06b5215e604a9b99d37e00450fc7790e893176e9fecda220f838a078a8ef7da7d499b1fe0eb8780c4b9705a6a10674e61b5c228fae1c13488f98c10c1792fa40229dba44b1cb534f9fab6a14407687761d738c91f4b8d4371a1de1a47bde0563a6fc88c4886be5d48c4cb89078c255eb1639598379daf50a672cbf4d8add2d4af6c02aeb1d0f86b611abd363409c7c7fc0b66f307ad3df24241fe06d0f7617d6c3987bb9e5d8f1712aebf095fad19b3b4fcb9cc4fb39012f333c4b040666259ee7bc43cff299a527a8914d71324e91c774b84e9392e615453e9fc648c539059b66f780c888892fe8b30eba799ed18fab08ebc3b9da8bc12a249456351bc0ebafc9f54d5d24697fb53eeb5e734527d690620989f605f57dc65a15a754d304be592acc616cd528b6986064b4457b96cf1fb0ab383a0585acf9887b18e1d6d3aff1e7f2328ea0313a2b36f6f79d671d9ddc4d34fb8fb55a596b2a16c63757083fb4bd01be2e1d82e47c5a44e052279097c5a18feae9884e102cf087611a3b94467ad61635dae6275974f6e6ca7a42ded0ee4577574d56b142853a8c955d92d1eb780de11dc9289acd193214ed4c9f5f26d0481cb3c0c0b8d4c9ad929c61ffeed66bf2e4f7018049593b99358d93559847d55654cee93da30f6578d2e295909791d227a12c09cd4a0edec25d3155086b64a787997a53265cbffb7fe6a2bfd589e12b4d0e21a600276e920397888443584aa99a06d7cfef8e68eeab8fa739c3d8fb74581ceff295110742e763320bed3a4be982b3ebed15ecde37e849aaa91959327d25149f38854ea1137f870aff99979e5e74cc9e45be12e3f0f9912a0955e718a4917e835bca50f43ce92a6bc60ed006b8f623fbacebbfb3dcb4fabd9941a5487c6f637de9a2005a6bc4062e1210a08a51d6f8a5e3f6f97fe90dc7e2e21d4d2f038c0fbc1918aa00e230a4a0e5c41a4808fb9a731271fcc1e73713c9592aa4b2ddccd0d13c3cb68d51166623153445c9ec955c6870dc8543c0684883186082e34ea5714febf8b46921015c3623220d17529896e1a6edac6e32fea2ba30db203238300353602c17dddad7608cad8170b520f6d9d32cdf0156a1de4e9b9eea78f73255ddc6da6994a6018ff900d9886590602ca6a072d8aa5645e2adac0744e2d5b2e1038c746635d5814692c3498aa9043b68f8ce79c44678c5a7d5bc26c085475853b229b2af3dc822ec58047f313c778aae2b64995148174e42908f3ecacd3921855790c0c5a25814416930293010b4f917979d837f4ef9d2d6dce804f5c0926244097746252124a6e0055559ffab197c38778f717362152af8f6dbf7ee03df050ab9b8909556691c2c2775f0f9c26a545db7ba698a4ce37de877705ea97ac0a002db274ea8360a4aa732c2d5e7417138c60cbea69d3b4993ada6a9d8f51d851543a6500a31bac5a057dbef498001f08a44e3c4141900e18b6d73c28c8c67dca805edeb5376384cefe75be1f127225e4d9724b7047d68fa2ed4629e91711a37c80158a07dbce78918931402b472a98a5d5c6b66a2d116314577e94298c37bc441499a9ecea132d87c5d305a0f8f0b3ed16f3b820941082c73b28391d8482ca0cfa78e1e09aa588b0eb1849c6c7916a6bbe56134a6bd93ea306dec125982628dea1db6d022d210627959e1dc819c841f173ed25f356909222e481a1ebb31185fbaeacbd359d2779efe4554ccdac7f4bcc528f656a45049331e16e9c0c796423ec9c7cba15c69d4a8a7741699910f33cc9798a8bf1e48182f08029a14d0131654fd388225d7509e1d7a484e9c7df34d1680bfc6b8d1f6f3920cc4113509fe42dfbd6b261000da9651f7e18088f6c2564472046e5eb7e8c9f8b5286a7452741a7103ced710bfb8e699fb8b1a85c0ae887cc06ef2ff9e2a2b1a77bb4d44ddd4a4e1ba60afcb92baaef108b60486d409889cbb2b1cc77ddff7e4b6caf8cf3488764d84bf3605eb9df709ac6cb36d1a3de89cdd6657f0e6b4009e6dac5d9be14f4ed997cf61e5aaec932520c321359cf286adf6e2dc3094794ae61a4f16089d06e3dc62c958950e73213c1e865c894fe7b8a30de65f5534a1e9c5d19ed49397980126322cb9c72c46a86d7487571300d85b3b5661555f20ab63a78f846c1b8f51a19610a11ffee44f7ccf0f1d67f4148b2c828d74c7f3993965c9067114467a71d242113a68574e28601fce343a023ecc68a72d75259f9a5dce144a7f61ef327192f6474d2bbd06fde3049fe7fb306ba3f54337008d7dbdeaf28a37a224e38ade23adb076cefd3148efcb62539a96d4dfc53f369e34c3d493ac3a5e8c8881133be630a2a906703da62ce7cc02ace9f666d6c3d4b9763a83548825ee1efb54ee3475b09e2616c5bdde3d193181bf020e8ac9ac25f32604b6c11de8ad1a15b9f908c6d7e79181aad1d741b7434aa92597a835c53b9e4b61d6069fa4ee921824d17c98784a8c04590f8d2cf877662b410cae4ebd1ba3616074c020d8cb6099a095735635490d318821310ddd016150edb80370b8d4e2f05557fd619b17192c13353cdae76d495821c610c8641e5b3dff1e7f2ea77b17810ca7975b8e36b7f501a8710b326ef92672096ef66598510902fe663e2a9ef00c3a052f1cfb1739fccb4371f8f28bb92654de5bf87cc2863e92e6d7e4b45d773f90f434eafc8f8398a48527af829a6cae359e7af5941bef158f53798058351107ce58f79ed21036770f6e10e7da92bbca25f369ee83a0f894bbf366a1361f8125b4ffd8e8b4d47ec68cd6b37c840cc5beb8cf65b2269ea1a0e9c371a571f30458ff8ad9bbf8723c19ddae1de5ca7461a436ffcd103c01a20f3252ba0965ee928cfb0d002b9aa4d4f20c805b77e67c8d991c4d07e5419bec9626a32c115d28253dd5f16c17182c1779edf49bdfe3823d87fec88929801163a27bfaeddfd8cdccae8cc3bfd6a9f2e2fec5971fa560c434debd434ff4d0058dcb05d9f3ac5193c458472d6d1685f9f46c8864900c5edbaeeee08971ee1c087f2e11467ff4766743bccf9e3414feedd6dcb904b92a05eec5de8db95444b920c995c770edcedcf7bffc48836c8f30037dde47f0e66fd79550de0ebc3c0c3eba0b66e2a353542eeb20397800e5f41635c5ec2f9a271461bcee8e570ddf945b186f15ab5cabe2a3123189935c6b9010b31732c425a9b2582b097486a5a7b1880b2f16104484e1ca83fa9c278b87e30e4b0cf6ed66c87a979c05683ac94a295d1c53e6f0975a079dd9a2825fdd6ae0926ba1a69f3f69f408eea9d00fbd43235a52c53d11963a611b81dd9f5e05582e1822398873e883662a64c225be19e0b85e102e23fb73d5dcb11435a5437d7418b0409f2e60793038f55ed54c79882b3a17e74ae2148bd558d131dbf446edeb0d05353492534e216761cfcf6582d066a8235a2bd5eb383350a52d7fc2761514e27b6125cb3e387c103dd62e31f5b789c217811c80ccbe3f10fec7a19ad32dc9271368b6d6ba549c45dfd8018507c40962b6ac6468c3078edb71d8ec7f728be8cc23dea1139ac30c2e8d0fc077280e420fbbffc896863db5f1e76922d7dd8e4479c1be822e74212c6f74765e108f916a1b83f6efc8ea54080e9a28b1ba5813a1fefddbe2d0cda413ee1463985b51b59f818f440c9b6a10e4ebf71d37995ae9694ba5867ca2eb2f7bf4e58d26149f2b25943fba216beb3de1f954bcf1bd32ce358b5d23023ab456ebbc493ead41e25b62b5b4ace6c5c18c9a8d512a9cbb4dd59f33663f6138d6b06bc8eb1ec9caccc0077b2e68e7a09d412dfa352e7e5c3942b710ab1648e16d0adda424d9fc2d15c619f4e8093c2b9521e4cdb3f22e655f52ce0fcc1bfd94e56cba8decadb68214451be53f9286c82d2a4912bd2394d1133be908409d791d6d8c2194ca37a76a38d6d0a1fced6478848891d9264cfc08fa849d720339ce00977cad8d9738372184098a7333dd1564d1d7754b4aa4afd6217585804159d31f53017869cb78b718c837b7fd176ce19e3d6996b6f055ed3ba7cd55b0349676c0c113c33d070081ce4ef29af156c4ac8ce760013688d0295d90271e23ef3ca10ec2b3b889855a153c867ce79297a10a02d21e5e8995fbc10d2f4d4bf521565376053b80937bfafaac688108f9962b7c72cf0111874ac8ae27d024ee2f9d57f15b9910a7486ef7542c6629fb0520c93a445542d", 0x2000, &(0x7f00000002c0)={0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, &(0x7f0000000580)={0x20}, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0})
r2 = openat(0xffffffffffffff9c, &(0x7f0000000180)='./file0\x00', 0x24c01, 0x0)
write$FUSE_NOTIFY_RETRIEVE(r2, &(0x7f0000000000)={0x30}, 0x30)
dup3(r2, r0, 0x0)

2m44.305721357s ago: executing program 0 (id=2090):
syz_init_net_socket$nl_generic(0x10, 0x3, 0x10)
sendmsg$nl_xfrm(0xffffffffffffffff, 0x0, 0x0)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000080)=0x8)
ioperm(0x376, 0x5, 0x10)
socket$inet6_icmp(0xa, 0x2, 0x3a)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x1, 0x0)
openat$sequencer(0xffffffffffffff9c, &(0x7f0000000300), 0x0, 0x0)
r0 = syz_open_dev$sndmidi(&(0x7f00000004c0), 0x2, 0x141102)
writev(r0, &(0x7f0000000840)=[{&(0x7f00000002c0)="94", 0xf000}, {0x0}], 0x2)
syz_open_dev$vim2m(&(0x7f0000000000), 0x7, 0x2)
r1 = openat$ttyS3(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0)
ioctl$TIOCSETD(r1, 0x5423, &(0x7f00000000c0)=0xd)
ioctl$TIOCSTI(r1, 0x5412, &(0x7f0000000180)=0xdd)
execveat(0xffffffffffffffff, &(0x7f0000000000)='\x00', 0x0, 0x0, 0x1000)
bpf$PROG_LOAD(0x5, &(0x7f0000000080)={0x1d, 0x0, 0x0, &(0x7f0000000b80)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @lsm=0x1b, 0xffffffffffffffff, 0x8, &(0x7f0000000000), 0x8, 0x10, 0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x94)
syz_emit_vhci(&(0x7f0000000080)=ANY=[@ANYBLOB="043e1f1b", @ANYRES64], 0x22)
r2 = syz_init_net_socket$nl_generic(0x10, 0x3, 0x10)
syz_genetlink_get_family_id$netlbl_unlabel(&(0x7f0000000040), r2)
sendmsg$nl_route(0xffffffffffffffff, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000300)={&(0x7f0000000240)=ANY=[@ANYBLOB="5000000010001f02000000000000000000000000fafbc8bd49f220ec752d45", @ANYRES32=0x0, @ANYBLOB="0000000000000000300012800b0001006272696467650000200002800a001400aaaaaaaaaabb0000080009000000000005002d0000000000"], 0x50}}, 0x0)
socket(0x2b, 0x1, 0x0)
syz_genetlink_get_family_id$nbd(&(0x7f0000000380), 0xffffffffffffffff)

2m42.904521768s ago: executing program 0 (id=2095):
socket$netlink(0x10, 0x3, 0x0)
prlimit64(0x0, 0xe, 0x0, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000280)=0x3)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
sched_setaffinity(0x0, 0x8, &(0x7f00000000c0)=0x6)
r0 = syz_open_dev$MSR(&(0x7f00000001c0), 0x0, 0x0)
read$msr(r0, &(0x7f0000032680)=""/102392, 0x18ff8)
prctl$PR_SET_SECCOMP(0x16, 0x2, 0x0)
r1 = timerfd_create(0x7, 0x0)
timerfd_settime(r1, 0x2, &(0x7f0000007000)={{}, {0x0, 0x989680}}, 0x0)
r2 = openat$uinput(0xffffffffffffff9c, &(0x7f00000000c0), 0x2, 0x0)
write$uinput_user_dev(r2, &(0x7f0000000100)={'syz0\x00', {}, 0x0, [0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xfffffffc, 0x7, 0x0, 0x0, 0x0, 0x2, 0x0, 0x0, 0x0, 0x40, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xfffffffc, 0x0, 0x0, 0x0, 0x0, 0x10001, 0x0, 0x0, 0x0, 0x0, 0x82, 0x3, 0xfffffffc, 0x0, 0x0, 0x0, 0x0, 0x0, 0x40000, 0x0, 0x3, 0x0, 0x0, 0x0, 0xb, 0x0, 0x0, 0x0, 0x4], [0x0, 0x0, 0x2, 0x0, 0x10000000, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x5, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x9, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xfffffffc], [0x0, 0x0, 0x0, 0x0, 0x1, 0x2, 0x0, 0x0, 0x2, 0x0, 0x2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xfffffffe, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x400, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xfffffffd, 0x0, 0x0, 0x0, 0x0, 0x4000, 0x4000000, 0x0, 0x0, 0x0, 0x0, 0x5], [0x0, 0x9, 0x8, 0x0, 0x0, 0x0, 0x0, 0x8, 0xc7, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2, 0x2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x9, 0x0, 0x0, 0x0, 0x0, 0x2, 0x2, 0x0, 0x0, 0x0, 0x2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10000000]}, 0x45c)
ioctl$UI_DEV_CREATE(r2, 0x5501)
r3 = gettid()
timer_create(0x0, &(0x7f0000001640)={0x0, 0x21, 0x800000000004, @tid=r3}, &(0x7f0000bbdffc))
readv(r2, &(0x7f00000018c0)=[{&(0x7f0000001700)=""/221, 0xdd}], 0x1)
timer_settime(0x0, 0x0, 0x0, 0x0)
bpf$MAP_CREATE(0x0, &(0x7f00000005c0)=ANY=[@ANYRES32, @ANYRES32, @ANYRES32], 0x48)
socket$nl_generic(0x10, 0x3, 0x10)
openat$sndseq(0xffffffffffffff9c, 0x0, 0x42002)
lseek(0xffffffffffffffff, 0xaea, 0x3)

2m27.613003138s ago: executing program 34 (id=2095):
socket$netlink(0x10, 0x3, 0x0)
prlimit64(0x0, 0xe, 0x0, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000280)=0x3)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
sched_setaffinity(0x0, 0x8, &(0x7f00000000c0)=0x6)
r0 = syz_open_dev$MSR(&(0x7f00000001c0), 0x0, 0x0)
read$msr(r0, &(0x7f0000032680)=""/102392, 0x18ff8)
prctl$PR_SET_SECCOMP(0x16, 0x2, 0x0)
r1 = timerfd_create(0x7, 0x0)
timerfd_settime(r1, 0x2, &(0x7f0000007000)={{}, {0x0, 0x989680}}, 0x0)
r2 = openat$uinput(0xffffffffffffff9c, &(0x7f00000000c0), 0x2, 0x0)
write$uinput_user_dev(r2, &(0x7f0000000100)={'syz0\x00', {}, 0x0, [0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xfffffffc, 0x7, 0x0, 0x0, 0x0, 0x2, 0x0, 0x0, 0x0, 0x40, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xfffffffc, 0x0, 0x0, 0x0, 0x0, 0x10001, 0x0, 0x0, 0x0, 0x0, 0x82, 0x3, 0xfffffffc, 0x0, 0x0, 0x0, 0x0, 0x0, 0x40000, 0x0, 0x3, 0x0, 0x0, 0x0, 0xb, 0x0, 0x0, 0x0, 0x4], [0x0, 0x0, 0x2, 0x0, 0x10000000, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x5, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x9, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xfffffffc], [0x0, 0x0, 0x0, 0x0, 0x1, 0x2, 0x0, 0x0, 0x2, 0x0, 0x2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xfffffffe, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x400, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xfffffffd, 0x0, 0x0, 0x0, 0x0, 0x4000, 0x4000000, 0x0, 0x0, 0x0, 0x0, 0x5], [0x0, 0x9, 0x8, 0x0, 0x0, 0x0, 0x0, 0x8, 0xc7, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2, 0x2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x9, 0x0, 0x0, 0x0, 0x0, 0x2, 0x2, 0x0, 0x0, 0x0, 0x2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10000000]}, 0x45c)
ioctl$UI_DEV_CREATE(r2, 0x5501)
r3 = gettid()
timer_create(0x0, &(0x7f0000001640)={0x0, 0x21, 0x800000000004, @tid=r3}, &(0x7f0000bbdffc))
readv(r2, &(0x7f00000018c0)=[{&(0x7f0000001700)=""/221, 0xdd}], 0x1)
timer_settime(0x0, 0x0, 0x0, 0x0)
bpf$MAP_CREATE(0x0, &(0x7f00000005c0)=ANY=[@ANYRES32, @ANYRES32, @ANYRES32], 0x48)
socket$nl_generic(0x10, 0x3, 0x10)
openat$sndseq(0xffffffffffffff9c, 0x0, 0x42002)
lseek(0xffffffffffffffff, 0xaea, 0x3)

15.085817332s ago: executing program 4 (id=2484):
r0 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000440)={0x18, 0x4, &(0x7f00000003c0)=ANY=[@ANYBLOB="18010000000000000000000000000000850000006d00000095"], &(0x7f0000000380)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x2, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x4, @void, @value}, 0x94)
r1 = bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000080)={&(0x7f0000000000)='sched_switch\x00', r0}, 0x10)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x88}, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000240)=0x7)
r2 = getpid()
sched_setscheduler(r2, 0x2, &(0x7f0000000200)=0x7)
bind$inet(0xffffffffffffffff, &(0x7f0000000080)={0x2, 0x4e21, @broadcast}, 0x10)
connect$inet(0xffffffffffffffff, 0x0, 0x0)
signalfd(r1, 0x0, 0x0)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f00000000c0)={<r3=>0xffffffffffffffff, <r4=>0xffffffffffffffff})
connect$unix(r3, &(0x7f000057eff8)=@abs, 0x6e)
sendmmsg$unix(r4, &(0x7f0000000000), 0x651, 0x0)
recvmmsg(r3, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000000)=0x6)
syz_genetlink_get_family_id$ieee802154(&(0x7f0000000880), 0xffffffffffffffff)
bpf$BPF_BTF_LOAD(0x12, &(0x7f0000000740)={&(0x7f0000000640)={{0xeb9f, 0x1, 0x0, 0x18, 0x0, 0xc, 0xc, 0x3, [@float={0x2, 0x0, 0x0, 0x10, 0x10}]}, {0x0, [0x0]}}, 0x0, 0x27, 0x0, 0x1, 0x80000001, 0x0, @void, @value}, 0x28)
sendmsg$IEEE802154_LLSEC_SETPARAMS(0xffffffffffffffff, 0x0, 0x40010)
syz_init_net_socket$netrom(0x6, 0x5, 0x0)
sendmsg$DEVLINK_CMD_RATE_DEL(0xffffffffffffffff, 0x0, 0x8000)

13.575317414s ago: executing program 5 (id=2486):
r0 = socket$nl_netfilter(0x10, 0x3, 0xc)
openat$kvm(0xffffffffffffff9c, 0x0, 0x8b0040, 0x0)
prlimit64(0x0, 0xe, &(0x7f00000007c0)={0xb, 0x88}, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000080)=0x8)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
openat$sequencer(0xffffffffffffff9c, &(0x7f0000000240), 0xaaa43, 0x0)
r1 = syz_open_dev$sndmidi(&(0x7f00000004c0), 0x2, 0x141102)
writev(r1, &(0x7f0000000840)=[{&(0x7f00000002c0)="94", 0xf000}, {0x0}], 0x2)
r2 = socket$inet(0xa, 0x801, 0x84)
listen(r2, 0x8)
getsockopt$inet_sctp6_SCTP_DEFAULT_SEND_PARAM(0xffffffffffffffff, 0x84, 0xa, &(0x7f0000000180)={0x3, 0x2, 0x208, 0x3a, 0x5, 0xfffffffa, 0x7fffffff, 0xdc}, &(0x7f0000000380)=0x20)
r3 = syz_open_dev$dri(&(0x7f0000000480), 0x1ff, 0x0)
ioctl$DRM_IOCTL_SET_CLIENT_CAP(0xffffffffffffffff, 0x4010640d, &(0x7f0000000000)={0x1, 0x2})
ioctl$DRM_IOCTL_MODE_SETPLANE(r3, 0xc03064b7, 0x0)
r4 = syz_open_dev$dri(&(0x7f00000000c0), 0x1ff, 0x0)
ioctl$DRM_IOCTL_MODE_GETRESOURCES(r4, 0xc04064a0, &(0x7f0000000040)={0x0, &(0x7f00000002c0)=[<r5=>0x0], 0x0, 0x0, 0xfffffd52, 0x1})
ioctl$DRM_IOCTL_MODE_CURSOR(r3, 0xc01c64a3, &(0x7f0000000280)={0x3, r5, 0x0, 0x0, 0xa, 0x1ff, 0x1})
close_range(0xffffffffffffffff, 0xffffffffffffffff, 0x0)
listen(0xffffffffffffffff, 0x2)
syz_open_procfs(0x0, 0x0)
socket$nl_route(0x10, 0x3, 0x0)
sendmsg$NFNL_MSG_ACCT_NEW(r0, &(0x7f0000000180)={0x0, 0x0, 0x0}, 0x0)
sendmsg$NFNL_MSG_ACCT_DEL(r0, &(0x7f0000000440)={0x0, 0x0, &(0x7f0000000400)={&(0x7f0000000680)=ANY=[@ANYBLOB="200000000307010400000000000000000000000409e0000073797a3000000000"], 0x20}, 0x1, 0x0, 0x0, 0x20040080}, 0x4040)

13.326420138s ago: executing program 4 (id=2487):
r0 = bpf$MAP_CREATE(0x0, &(0x7f00000009c0)=@base={0x6, 0x4, 0x8, 0x8, 0x0, 0xffffffffffffffff, 0x0, '\x00', 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, @void, @value, @void, @value}, 0x48)
open(0x0, 0x0, 0x0)
syz_open_dev$dri(&(0x7f0000000080), 0xa, 0x0)
open(&(0x7f0000000180)='.\x00', 0x10000, 0x0)
prlimit64(0x0, 0xe, &(0x7f0000000040)={0x8, 0x8b}, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000180)=0x4)
sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
r1 = syz_open_dev$MSR(&(0x7f00000001c0), 0x0, 0x0)
read$msr(r1, &(0x7f0000019680)=""/102392, 0x18ff8)
socket$nl_generic(0x10, 0x3, 0x10)
syz_genetlink_get_family_id$nl80211(0x0, 0xffffffffffffffff)
r2 = syz_open_dev$sg(0x0, 0x0, 0x101005)
syz_init_net_socket$x25(0x9, 0x5, 0x0)
ioctl$SG_SET_DEBUG(r2, 0x227e, 0x0)
bpf$MAP_UPDATE_ELEM_TAIL_CALL(0x2, &(0x7f0000000140)={{r0}, &(0x7f0000000040), &(0x7f0000000100)}, 0x20)

11.78146039s ago: executing program 5 (id=2490):
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
prlimit64(0x0, 0xe, &(0x7f0000000380)={0x8, 0x100008b}, 0x0)
sched_setscheduler(0x0, 0x1, &(0x7f0000000000)=0x7)
openat$sequencer(0xffffffffffffff9c, &(0x7f0000000300), 0x0, 0x0)
r0 = syz_open_dev$sndmidi(&(0x7f00000004c0), 0x2, 0x141102)
writev(r0, &(0x7f0000000840)=[{&(0x7f00000002c0)="94", 0xf000}, {0x0}], 0x2)
mlock(&(0x7f0000000000/0x800000)=nil, 0x800000)
munlockall()
munlockall()
r1 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0)
r2 = ioctl$KVM_CREATE_VM(r1, 0xae01, 0x0)
r3 = ioctl$KVM_CREATE_VCPU(r2, 0xae41, 0x1)
syz_kvm_setup_cpu$x86(r2, 0xffffffffffffffff, &(0x7f0000fe8000/0x18000)=nil, &(0x7f00000000c0)=[@text32={0x20, 0x0}], 0x1, 0x0, 0x0, 0x0)
syz_kvm_setup_cpu$x86(r1, r3, &(0x7f0000fe8000/0x18000)=nil, &(0x7f0000000180)=[@textreal={0x8, 0x0}], 0x1, 0x5a, 0x0, 0x0)
ioctl$KVM_RUN(r3, 0xae80, 0x0)
r4 = openat$binderfs(0xffffffffffffff9c, &(0x7f0000000380)='./binderfs/binder0\x00', 0x0, 0x0)
ioctl$BINDER_SET_CONTEXT_MGR_EXT(r4, 0x4018620d, &(0x7f00000000c0)={0x73622a85, 0x110b, 0x8000000000002})
r5 = openat$binderfs(0xffffffffffffff9c, &(0x7f0000000200)='./binderfs/binder0\x00', 0x0, 0x0)
ioctl$BINDER_WRITE_READ(r5, 0xc0306201, 0x0)
openat$vmci(0xffffffffffffff9c, 0x0, 0x2, 0x0)
dup3(r5, r4, 0x0)
pipe(0x0)
write$P9_RWRITE(0xffffffffffffffff, &(0x7f0000000040)={0xb}, 0x11000)
r6 = openat$binderfs(0xffffffffffffff9c, 0x0, 0x802, 0x0)
ioctl$BINDER_ENABLE_ONEWAY_SPAM_DETECTION(r5, 0x40046210, &(0x7f0000000100)=0x1)
mmap$binder(&(0x7f0000ffd000/0x3000)=nil, 0x3000, 0x1, 0x11, r6, 0x0)
ioctl$BINDER_SET_CONTEXT_MGR_EXT(r6, 0x4018620d, &(0x7f0000000240))
ioctl$BINDER_WRITE_READ(r4, 0xc0306201, &(0x7f00000001c0)={0x50, 0x0, &(0x7f0000000140)=[@reply_sg={0x40486312, {0x0, 0x0, 0x0, 0x0, 0x21, 0x0, 0x0, 0x48, 0x18, &(0x7f00000004c0)={@flat=@binder={0x73622a85, 0xa, 0x2}, @flat=@handle={0x73682a85, 0x1000, 0x2}, @fd={0x66642a85, 0x0, r5}}, &(0x7f0000000080)={0x0, 0x18, 0x30}}, 0x1000}, @register_looper], 0x0, 0x0, 0x0})
ioctl$BINDER_WRITE_READ(r5, 0xc0306201, &(0x7f0000000c00)={0x0, 0x0, 0x0, 0x1, 0x1000000, &(0x7f0000000b00)="94"})

11.588227663s ago: executing program 4 (id=2491):
r0 = syz_open_dev$cec(0x0, 0x0, 0x181201)
r1 = syz_usb_connect(0x0, 0x2d, &(0x7f0000000040)=ANY=[@ANYBLOB="1201000050cb5340450c10108e492940a80909021b00090000000009040002010035040009058dff86"], 0x0)
syz_open_dev$char_usb(0xc, 0xb4, 0x10000)
syz_usb_disconnect(r1)
ioctl$CEC_S_MODE(r0, 0x40046109, 0x0)
r2 = syz_open_procfs(0xffffffffffffffff, &(0x7f0000000140)='net/ip6_tables_matches\x00')
close_range(r2, 0xffffffffffffffff, 0x0)

10.577358677s ago: executing program 1 (id=2494):
bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000200)={0x18, 0x4, &(0x7f00000002c0)=ANY=[@ANYBLOB="18010000000000000000000000000000850000006d000000"], &(0x7f0000000040)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x2, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, 0x0, 0x0)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x85}, 0x0)
sched_setscheduler(0x0, 0x1, &(0x7f0000000240)=0x7)
r0 = getpid()
sched_setscheduler(r0, 0x2, &(0x7f0000000200)=0x7)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={<r1=>0xffffffffffffffff, <r2=>0xffffffffffffffff})
connect$unix(r1, &(0x7f000057eff8)=@abs={0x0, 0x0, 0x4e20}, 0x6e)
sendmmsg$unix(r2, &(0x7f0000000000), 0x651, 0x0)
recvmmsg(r1, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000000)=0x6)
openat(0xffffffffffffff9c, 0x0, 0x0, 0x0)
prctl$PR_SET_MM_MAP(0x23, 0xe, &(0x7f0000000000)={&(0x7f0000ffc000/0x4000)=nil, &(0x7f0000ffd000/0x3000)=nil, &(0x7f0000a5f000/0x3000)=nil, &(0x7f0000ffc000/0x3000)=nil, &(0x7f0000ffc000/0x4000)=nil, &(0x7f0000ffd000/0x3000)=nil, &(0x7f0000ffe000/0x1000)=nil, &(0x7f0000000000/0x2000)=nil, &(0x7f0000fff000/0x1000)=nil, &(0x7f0000ffb000/0x4000)=nil, &(0x7f0000ffc000/0x1000)=nil, 0x0}, 0x68)
ptrace(0x10, 0x1)

9.70981934s ago: executing program 5 (id=2496):
r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000000), 0x20042, 0x0)
r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0)
r2 = dup(r1)
r3 = ioctl$KVM_CREATE_VCPU(r2, 0xae41, 0x2)
syz_kvm_setup_cpu$x86(0xffffffffffffffff, r3, &(0x7f0000000000/0x18000)=nil, &(0x7f0000000040)=[@text64={0x40, 0x0}], 0x1, 0x11, 0x0, 0x0)
r4 = openat$ptmx(0xffffffffffffff9c, &(0x7f0000000180), 0x482, 0x0)
ioctl$TCSETS(r4, 0x5402, &(0x7f0000000000)={0xfffffffc, 0x0, 0x0, 0x0, 0xff, "db8f2d2b3b7596160c6981acf8805944823a7f"})
write$binfmt_aout(r4, &(0x7f0000000380)=ANY=[], 0xff2e)
ioctl$TCSETS(r4, 0x40045431, &(0x7f0000000040)={0x0, 0x0, 0x0, 0x0, 0x83, "00000000000000000000ffff00"})
ioctl$TCSETS(r4, 0x5402, &(0x7f0000000080)={0x0, 0xfffffffd, 0x0, 0x6, 0x1, "e315bc1cc24ff7b7cdb242e1ff0aa6905446b3"})
r5 = syz_open_pts(r4, 0x48500)
r6 = dup3(r5, r4, 0x0)
read$FUSE(r6, &(0x7f0000003f80)={0x2020}, 0x2020)

9.555602922s ago: executing program 1 (id=2498):
fsopen(0x0, 0x0)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000080)=0x8)
r0 = getpid()
sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2)
sched_setscheduler(r0, 0x2, &(0x7f0000000200)=0x7)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={<r1=>0xffffffffffffffff, <r2=>0xffffffffffffffff})
connect$unix(r1, &(0x7f000057eff8)=@abs={0x0, 0x0, 0x4e24}, 0x6e)
sendmmsg$unix(r2, &(0x7f0000000000), 0x651, 0x0)
recvmmsg(r1, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
bpf$MAP_CREATE_RINGBUF(0x0, &(0x7f0000000180)=ANY=[@ANYBLOB], 0x48)
bpf$PROG_LOAD(0x5, &(0x7f0000000340)={0x11, 0xf, &(0x7f0000000200)=ANY=[], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x94)
syz_emit_ethernet(0x36, &(0x7f0000000180)={@multicast, @random="50a245d5cde0", @void, {@ipv4={0x800, @icmp={{0x5, 0x4, 0x0, 0x0, 0x28, 0x0, 0x0, 0x0, 0x2, 0x0, @empty, @empty}, @timestamp_reply={0x11, 0xe0, 0x0, 0x0, 0x0, 0x10001}}}}}, 0x0)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, 0x0, 0x0)
sendto$inet6(0xffffffffffffffff, 0x0, 0x0, 0x20088004, 0x0, 0x0)
r3 = socket$inet(0x2, 0x2, 0x0)
setsockopt$inet_mreqsrc(r3, 0x0, 0x25, &(0x7f0000000100)={@multicast2, @loopback, @empty}, 0xc)

7.941855845s ago: executing program 6 (id=2499):
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x88}, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000240)=0x7)
r0 = getpid()
r1 = socket$nl_generic(0x10, 0x3, 0x10)
sendmsg$SEG6_CMD_SETHMAC(r1, &(0x7f00000004c0)={0x0, 0x0, &(0x7f00000001c0)={&(0x7f00000000c0)={0x30, 0x0, 0x1, 0x0, 0x0, {}, [@SEG6_ATTR_SECRETLEN={0x5, 0x5, 0x1}, @SEG6_ATTR_SECRET={0x4}, @SEG6_ATTR_ALGID={0x5}, @SEG6_ATTR_HMACKEYID={0x8, 0x3, 0x1}]}, 0x30}}, 0x0)
sched_setscheduler(r0, 0x2, &(0x7f0000000200)=0x7)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbee2, 0x8031, 0xffffffffffffffff, 0x0)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={<r2=>0xffffffffffffffff, <r3=>0xffffffffffffffff})
connect$unix(r2, &(0x7f000057eff8)=@abs={0x0, 0x0, 0x4e21}, 0x6e)
sendmmsg$unix(r3, &(0x7f0000000000), 0x651, 0x0)
recvmmsg(r2, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000100)=0x6)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000000)={<r4=>0xffffffffffffffff})
r5 = socket$nl_generic(0x10, 0x3, 0x10)
r6 = socket$kcm(0xa, 0x922000000003, 0x11)
setsockopt$sock_attach_bpf(r6, 0x29, 0x24, &(0x7f00000000c0), 0x4)
sendmsg$kcm(r6, &(0x7f0000000000)={&(0x7f00000002c0)=@l2tp6={0xa, 0x0, 0x0, @mcast1, 0x9}, 0x80, &(0x7f0000000080)=[{&(0x7f0000000340)="f400000000002c00fe8000"/20, 0x14}], 0x1}, 0x0)
dup2(r6, r4)
r7 = syz_genetlink_get_family_id$batadv(&(0x7f0000003000), r5)
ioctl$ifreq_SIOCGIFINDEX_batadv_mesh(r4, 0x8933, &(0x7f0000003040)={'batadv0\x00', <r8=>0x0})
sendmsg$BATADV_CMD_TP_METER(r5, &(0x7f0000003140)={0x0, 0x0, &(0x7f0000003100)={&(0x7f0000003080)={0x1c, r7, 0x1, 0x70bd2b, 0x25dfdbfb, {}, [@BATADV_ATTR_MESH_IFINDEX={0x8, 0x3, r8}]}, 0x1c}, 0x1, 0x0, 0x0, 0x20000050}, 0x20040084)
r9 = socket$inet_smc(0x2b, 0x1, 0x0)
getsockopt$IP_VS_SO_GET_TIMEOUT(r9, 0x0, 0x486, &(0x7f0000000000), &(0x7f0000000040)=0xc)
write$RDMA_USER_CM_CMD_RESOLVE_IP(0xffffffffffffffff, 0x0, 0x0)

7.932006216s ago: executing program 1 (id=2500):
syz_init_net_socket$nl_generic(0x10, 0x3, 0x10)
sendmsg$nl_xfrm(0xffffffffffffffff, 0x0, 0x0)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000080)=0x8)
ioperm(0x376, 0x5, 0x10)
socket$inet6_icmp(0xa, 0x2, 0x3a)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x1, 0x0)
openat$sequencer(0xffffffffffffff9c, &(0x7f0000000300), 0x0, 0x0)
r0 = syz_open_dev$sndmidi(&(0x7f00000004c0), 0x2, 0x141102)
writev(r0, &(0x7f0000000840)=[{0x0}, {0x0}], 0x2)
syz_open_dev$vim2m(&(0x7f0000000000), 0x7, 0x2)
r1 = openat$ttyS3(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0)
ioctl$TIOCSETD(r1, 0x5423, &(0x7f00000000c0)=0xd)
ioctl$TIOCSTI(r1, 0x5412, &(0x7f0000000180)=0xdd)
execveat(0xffffffffffffffff, &(0x7f0000000000)='\x00', 0x0, 0x0, 0x1000)
bpf$PROG_LOAD(0x5, &(0x7f0000000080)={0x1d, 0x0, 0x0, &(0x7f0000000b80)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @lsm=0x1b, 0xffffffffffffffff, 0x8, &(0x7f0000000000), 0x8, 0x10, 0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x94)
syz_emit_vhci(&(0x7f0000000080)=ANY=[@ANYBLOB="043e1f1b", @ANYRES64], 0x22)
r2 = syz_init_net_socket$nl_generic(0x10, 0x3, 0x10)
syz_genetlink_get_family_id$netlbl_unlabel(&(0x7f0000000040), r2)
sendmsg$nl_route(0xffffffffffffffff, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000300)={&(0x7f0000000240)=ANY=[@ANYBLOB="5000000010001f02000000000000000000000000fafbc8bd49f220ec752d45", @ANYRES32=0x0, @ANYBLOB="0000000000000000300012800b0001006272696467650000200002800a001400aaaaaaaaaabb0000080009000000000005002d0000000000"], 0x50}}, 0x0)
socket(0x2b, 0x1, 0x0)
syz_genetlink_get_family_id$nbd(&(0x7f0000000380), 0xffffffffffffffff)

7.762238968s ago: executing program 4 (id=2502):
syz_open_dev$dri(&(0x7f00000000c0), 0x1ff, 0x0)
syz_kvm_setup_cpu$x86(0xffffffffffffffff, 0xffffffffffffffff, &(0x7f0000000000/0x18000)=nil, 0x0, 0x0, 0x0, 0x0, 0x0)
openat$kvm(0xffffffffffffff9c, 0x0, 0x0, 0x0)
bpf$PROG_LOAD(0x5, &(0x7f00000054c0)={0x16, 0x16, 0x0, &(0x7f00000000c0)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @flow_dissector=0x11, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, &(0x7f0000000000), 0x10, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x94)
ioctl$KVM_CREATE_IRQCHIP(0xffffffffffffffff, 0xae60)
ioctl$KVM_SET_VCPU_EVENTS(0xffffffffffffffff, 0x4400ae8f, &(0x7f0000000140)=@x86={0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, 0x0, 0x9, 0x0, 0x0, 0x0, 0x0, 0x0, 0xff, 0xff, 0x3})
syz_usb_connect$hid(0x4, 0xfd14, 0x0, 0x0)
r0 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000180)={0x18, 0x5, 0x0, &(0x7f0000000280)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x2, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000480)={&(0x7f0000000100)='sys_exit\x00', r0}, 0x10)
ioctl$KVM_SET_XCRS(0xffffffffffffffff, 0x4188aea7, 0x0)
signalfd(0xffffffffffffffff, 0x0, 0x0)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000640)=0x2)
sched_setaffinity(0x0, 0x8, &(0x7f0000000280)=0x2)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
r1 = syz_open_dev$MSR(&(0x7f00000001c0), 0x0, 0x0)
bpf$PROG_LOAD(0x5, &(0x7f00000017c0)={0x1, 0xe, &(0x7f0000000200)=ANY=[@ANYBLOB="b700000081000000bfa30000000000000703000000feffff720a00fef8ffffff71a400fe0000000071101000000000001d300200000000004704000001ed030407030000060000001d440000000000006b0a20fe0000000072030000000a0000e500f9ff000000009500000000000000023bc065b58111c6dfa041b63af4a3912435f1a864a710aad58db6a693002e7f3be361917adef6ee1c8a2a4f8ef1e50becb19bc461e91a7168c50000000190f32050e436fe275daf51efd601b6bf01c8e8b1b526375ec4dd6fcd82e4fe51bef7af9aa0d7d600c095199fe3ff3128e599b0eaebbdbd732c9cc00eec363e4a8f6456e2cc21557c0afc646cb7798b3e6440c2fbdb00a3e35208b0bb0d2cd829e654400e2438ec649dc74a28610643a98d9ec21ead2ed51b104d4d91af25b845d8a7925c3109b151b8b9f75dd08d123deda88c658d42ecbf28bf7076c15b463bebc72f526d8e8afcb913466aaa7f6df70252e79166d858fcd0e06dd31af9612f2460d0b11008e59a5923906f88b53987ad1714e72ba7a54f0c33d39000d06a59ff616276fd9aa58f2477184b6a89adaf17b0a6041bdef728d236619074d6ebdfd1f5089048ddff6da40f9411fe722631cb467600ade70063e5291569b33d21dae356e1c51f03a801be8189679a16da18ec0ae564162a27afea62d84f3a10746443d6438e959532e0617d419c6bc6ea9f2bca4464f56e24e6d2105bd901204a1deeed4155617572652d950ad31928b0b0c3dc2869f478341d02d0f5ad94b081fcd507acb4b9c65fee9d5a17f48a7382f13d000000225d85ae49cee383dc5049076b989b40000000000000da60d2ae20cfb91d6a49964757cdf538f9ce2bdb1ab062cd54e67011d355d84ce97bb0c6b4a595e487efbb2d71cde2c140952f9a0f0bc6980fe78683ac5c0c31032599ddd71063be9261b2e1aab1675b34a26048ef8c126aeef5f510a8f1aded94a129e4aec6f8d9ab06faffc3a15d96c2ea3e2e04cfe031b2875353193f82ade69d0540059fe6c7fe7cd8697502c7596566d674e425da5e87e59602a9f6590521d31d3804b3e0a1053abdc31282dfb15eb6841bb64a1b304502dda787343ce3c953992e4a982f3c48153baae244e7bf37548c7f1a4cad2422ee965a38f7defbd2160242b104e20dc2d9b0c35608d402ccdd9069bd50b994fda7a9de44028d6112a0c2d21b2dc98816106dec28eaeb883418f562ae00003ea96d10f172c0374d6eed826416050000000bfe9b4a9c5a90ff59d54d1f92ecc4e95dd2d18383117c039862198899b212c55318294270a1ad10c80fef7c24d47afce829ba0f85da6d888f18ea40ab959f6074ab2a40d85d15017ab513cdc6c0e57fb1c1ca571380d7b4ead35a385e0b4a26b702396df7e0c1e02b6e4114f244a9bf93f04bf072f0861f7580e69db384ac7eeedcf2ba1a9508f9d6aba582a896a9f1ffa968eacea75caf822a7a63ba34015ea5aacb1188883ad2a3b1832371fe5bc621426d1ed0a4a99702cc1b6912a1e717d29135753208165b9cdbae2ed9dc7358f0ebadde0b727f27feeb744ddcc536cbae315c7d1fe1399562ba6824840bd2951680f6f2f9a6a8346962a350845ffa0d829e4f79adc287906943408e6df3c391e97ba48db0a5adbfd03aac93df8866fb010aec0e92bed1fe39af169d2a466f0db6f3d9436a7d55fc30511d00e10000c95265b2bd83d64a532869d701723fedcbada1ee7baa5b6a686b50f0937f778af083e055f6138a757ebd0ed91124a6b244f9acf41ac5d73a008364e0606a594817031fc2f52c8785fe0721719b3d654026c6ea08b83b5703dad844ceb201ddeb6dc5f6a903792283c42efc54fa84323afc4c10eff462c8843187f1dd48ef3fa293774d582956ff0f40b10ca94f6feeb2893c17888e1cdba94a6ea80c33ead5722c3293a493f1479531dd88261458f40d31fe8df15efaaeea831555877f9538d6ee6ba65893ff1f908ba7554ba583fef3ec7932f5954f31a878e2fae6691d1aee1da02ba516467df3e7d1daac43738012e4fee18a22da19fcdb4c2890cda1f96b952511e3a69d694d625e0b2f808890205f3a6da2819d2f9e77c7c64affa54fec0136cbafa5f6f096753b639a924599c1f69219927ea5301fff0a6063d427f0688430754c02180d61542c2571f983e9673560000000000000000005a7b57f03ca91a01ba2e30ca99e8ebc15ecb4d91675767999d146aef7799738b292fd640dfef6b04d086f737a159d7e0c6e4d81ad64a8bbca48568325b2969e2b15f36b788bce5ccdbaf75c94cb93499f6947a967a7bce14c6de4e7c0660d80010f5c653d22d490cba8c2a4ab595bf4238f18ca428dafc7ac96d404607a0000000051a2104f22e6db5a62b5089c1b45282d38864daa3ae81d6b0968d1d2867b91b7d120617d12d91db2633d6864da40b54783a17aaeb6737c323f9f98e354cc98dcfe23ad01bd1c61563e69ffe1c2c73e16e1461173f359e93d2c5e424c17998809ec8f0232b3955e052a4cecd89008f70314a0bdec86f9b1eb93d491ec86a4555d89fe0120f64c62e8e3ed8bcb45202c3d4bbec8d722824c0ebca8db1ea4a003d2fbdc1f9be78537756ab5bbe4fe9af5d785d0128171c90d9900ce2532b0f9d01c4b45294fbba468df3e1b583cb4e62e754598e47df6bd06431c94bc5d047899fd219f448bf9189c65c9d91eda6b52a373803a9efe44f86909bc90addb7b9aee813df534aac4b3093c91b8068cd84990453f806694d461b76a58d88cf0f520310a1e80dc18cde9ad662eee077515d0a8811922929e085392ab3d1311b8243266d87047f601fa88a0da36b9f302e8262395174328f2482d14008de83070744f143fdec90ba5a82668d5fac114c13955ad6dca5db2231d8ba14c54c47ed04a4b4ace17e357e1d6432399f87a7a14245bbd796a090f3b247b95d37ff40a404bdad74bd20000000000000000000099fef7cd7af3ce64a92f95d89d125b1e641240d7e5e27a3d1f7684448c3e3822d617e205061298b939a191be4b48e169bde2cae3accc5bd40a2968b59c93d35f8e42366fdef9a2abae1cf01ce68abff28861aac8302d268569dd42e194e330c7aaa54ebbcefd23f21ce8153b9926e12e925cb56119df72c7533a48d028ad0c74e2a9478fa3be18a1a2b65079cc1c00000000000000f59dd19e8d525206c0a728cfd42193abe8130bc01a2d69841f3d7799ac04bdc590bb1c89b9c695f163e57343c9bfb59909433c9001c5f8b23e38534a538fc933cac6c2a92d038df638a0f226df9fb857bd414c2cd69985e8053e3dfa41614d7c74d04d8c2471041d17c730fad28395f8d4688898cd58b9d600c851626529bb58aa364b55e73f053450665e7b"], &(0x7f00000001c0)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, &(0x7f0000000000), 0x10, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x94)
read$msr(r1, &(0x7f0000019680)=""/102392, 0x18ff8)
r2 = socket(0x40000000015, 0x5, 0x0)
getsockopt(r2, 0x200000000114, 0x8, &(0x7f0000019780)=""/102387, &(0x7f00000003c0)=0xfffffffffffffdc8)
capset(&(0x7f0000000080)={0x20071026}, &(0x7f0000000040)={0x200000, 0x200000})
timer_create(0x2, 0x0, &(0x7f0000000d40))
r3 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000080)='cpu.stat\x00', 0x275a, 0x0)
mmap(&(0x7f0000000000/0x3000)=nil, 0x3000, 0x5, 0x12, r3, 0x0)
ioctl$USBDEVFS_SETINTERFACE(0xffffffffffffffff, 0x80045510, &(0x7f0000000000))

6.95110606s ago: executing program 5 (id=2503):
socketpair$unix(0x1, 0x3, 0x0, &(0x7f0000000080)={<r0=>0xffffffffffffffff, <r1=>0xffffffffffffffff})
connect$unix(r0, &(0x7f000057eff8)=@abs, 0x6e)
sendmmsg$unix(r1, &(0x7f00000bd000), 0x318, 0x0)
recvmmsg(r0, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
sendmsg(r1, &(0x7f0000000180)={0x0, 0x0, 0x0}, 0x0)
sched_setattr(0x0, 0x0, 0x0)
mmap(&(0x7f0000aa2000/0x2000)=nil, 0x2000, 0x300000f, 0x728389e01e01aa78, 0xffffffffffffffff, 0xed0c3000)
r2 = socket(0xf, 0x3, 0x2)
write(r2, &(0x7f0000000380)="02", 0x33fe0)

6.950615709s ago: executing program 6 (id=2504):
r0 = socket$nl_xfrm(0x10, 0x3, 0x6)
sendmsg$nl_xfrm(r0, &(0x7f0000001880)={0x0, 0x0, &(0x7f0000001840)={0x0}, 0x1, 0x0, 0x0, 0x40800}, 0x4004010)
r1 = openat(0xffffffffffffff9c, 0x0, 0x8042, 0x108)
write$binfmt_elf32(0xffffffffffffffff, 0x0, 0x69)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0xc, 0x8b}, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000080)=0x8)
r2 = getpid()
sched_setscheduler(r2, 0x2, &(0x7f0000000200)=0x7)
bpf$PROG_LOAD(0x5, 0x0, 0x0)
fanotify_mark(0xffffffffffffffff, 0x1, 0x1020, 0xffffffffffffffff, 0x0)
execve(0x0, 0x0, 0x0)
fcntl$setlease(r1, 0x400, 0x1)
r3 = socket$nl_route(0x10, 0x3, 0x0)
ioctl$ifreq_SIOCGIFINDEX_batadv_hard(0xffffffffffffffff, 0x8933, &(0x7f0000000000)={'batadv_slave_0\x00', <r4=>0x0})
sendmsg$nl_route(0xffffffffffffffff, &(0x7f0000000100)={0x0, 0x0, &(0x7f00000000c0)={&(0x7f0000000140)=@ipv6_newnexthop={0x20, 0x68, 0x5fb9a818fb7378e9, 0x0, 0x0, {0xa, 0x0, 0x1}, [@NHA_OIF={0x8, 0x5, r4}]}, 0x20}}, 0x0)
sendmsg$nl_route(r3, &(0x7f0000004380)={0x0, 0x0, &(0x7f00000000c0)={&(0x7f0000000100)=ANY=[@ANYBLOB="240000001800090400000001000000010a00"], 0x24}}, 0x0)
r5 = socket$netlink(0x10, 0x3, 0x0)
sendmsg$nl_route(r5, &(0x7f0000000140)={0x0, 0xfeffffff, &(0x7f0000000100)={&(0x7f0000000000)=ANY=[@ANYBLOB="3c0000001800efe000000000000000000a00000000000000000000000c00090008000000", @ANYRES32=0x0, @ANYBLOB="1400050000000000000000000000000000000002"], 0x3c}, 0x1, 0x11}, 0x0)

6.445804207s ago: executing program 1 (id=2506):
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
prlimit64(0x0, 0xe, &(0x7f0000000380)={0x8, 0x100008b}, 0x0)
sched_setscheduler(0x0, 0x1, &(0x7f0000000000)=0x7)
openat$sequencer(0xffffffffffffff9c, &(0x7f0000000300), 0x0, 0x0)
r0 = syz_open_dev$sndmidi(&(0x7f00000004c0), 0x2, 0x141102)
writev(r0, &(0x7f0000000840)=[{&(0x7f00000002c0)="94", 0xf000}, {0x0}], 0x2)
mlock(&(0x7f0000000000/0x800000)=nil, 0x800000)
munlockall()
munlockall()
r1 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0)
r2 = ioctl$KVM_CREATE_VM(r1, 0xae01, 0x0)
r3 = ioctl$KVM_CREATE_VCPU(r2, 0xae41, 0x1)
syz_kvm_setup_cpu$x86(r2, 0xffffffffffffffff, &(0x7f0000fe8000/0x18000)=nil, &(0x7f00000000c0)=[@text32={0x20, 0x0}], 0x1, 0x0, 0x0, 0x0)
syz_kvm_setup_cpu$x86(r1, r3, &(0x7f0000fe8000/0x18000)=nil, &(0x7f0000000180)=[@textreal={0x8, 0x0}], 0x1, 0x5a, 0x0, 0x0)
ioctl$KVM_RUN(r3, 0xae80, 0x0)
r4 = openat$binderfs(0xffffffffffffff9c, &(0x7f0000000380)='./binderfs/binder0\x00', 0x0, 0x0)
ioctl$BINDER_SET_CONTEXT_MGR_EXT(r4, 0x4018620d, &(0x7f00000000c0)={0x73622a85, 0x110b, 0x8000000000002})
r5 = openat$binderfs(0xffffffffffffff9c, &(0x7f0000000200)='./binderfs/binder0\x00', 0x0, 0x0)
ioctl$BINDER_WRITE_READ(r5, 0xc0306201, 0x0)
openat$vmci(0xffffffffffffff9c, 0x0, 0x2, 0x0)
dup3(r5, r4, 0x0)
pipe(0x0)
write$P9_RWRITE(0xffffffffffffffff, &(0x7f0000000040)={0xb}, 0x11000)
r6 = openat$binderfs(0xffffffffffffff9c, 0x0, 0x802, 0x0)
ioctl$BINDER_ENABLE_ONEWAY_SPAM_DETECTION(r5, 0x40046210, &(0x7f0000000100)=0x1)
mmap$binder(&(0x7f0000ffd000/0x3000)=nil, 0x3000, 0x1, 0x11, r6, 0x0)
ioctl$BINDER_SET_CONTEXT_MGR_EXT(r6, 0x4018620d, &(0x7f0000000240))
ioctl$BINDER_WRITE_READ(r4, 0xc0306201, &(0x7f00000001c0)={0x50, 0x0, &(0x7f0000000140)=[@reply_sg={0x40486312, {0x0, 0x0, 0x0, 0x0, 0x21, 0x0, 0x0, 0x48, 0x18, &(0x7f00000004c0)={@flat=@binder={0x73622a85, 0xa, 0x2}, @flat=@handle={0x73682a85, 0x1000, 0x2}, @fd={0x66642a85, 0x0, r5}}, &(0x7f0000000080)={0x0, 0x18, 0x30}}, 0x1000}, @register_looper], 0x0, 0x0, 0x0})
ioctl$BINDER_WRITE_READ(r5, 0xc0306201, &(0x7f0000000c00)={0x0, 0x0, 0x0, 0x1, 0x1000000, &(0x7f0000000b00)="94"})

6.425551738s ago: executing program 6 (id=2507):
openat$ptp0(0xffffffffffffff9c, &(0x7f00000000c0), 0x0, 0x0)
r0 = socket$nl_netfilter(0x10, 0x3, 0xc)
openat$kvm(0xffffffffffffff9c, 0x0, 0x8b0040, 0x0)
prlimit64(0x0, 0xe, &(0x7f00000007c0)={0xb, 0x88}, 0x0)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
openat$sequencer(0xffffffffffffff9c, &(0x7f0000000240), 0xaaa43, 0x0)
r1 = syz_open_dev$sndmidi(&(0x7f00000004c0), 0x2, 0x141102)
writev(r1, &(0x7f0000000840)=[{&(0x7f00000002c0)="94", 0xf000}, {0x0}], 0x2)
r2 = socket$inet(0xa, 0x801, 0x84)
connect$inet(r2, &(0x7f0000004cc0)={0x2, 0x0, @remote={0xac, 0x14, 0xffffffffffffffff}}, 0x10)
listen(r2, 0x8)
r3 = accept4(r2, 0x0, 0x0, 0x0)
getsockopt$inet_sctp6_SCTP_DEFAULT_SEND_PARAM(r3, 0x84, 0xa, &(0x7f0000000180)={0x3, 0x2, 0x208, 0x3a, 0x5, 0xfffffffa, 0x7fffffff, 0xdc}, &(0x7f0000000380)=0x20)
r4 = syz_open_dev$dri(&(0x7f0000000480), 0x1ff, 0x0)
ioctl$DRM_IOCTL_MODE_CREATE_DUMB(0xffffffffffffffff, 0xc02064b2, &(0x7f0000000200)={0x6, 0x102})
ioctl$DRM_IOCTL_SET_CLIENT_CAP(0xffffffffffffffff, 0x4010640d, &(0x7f0000000000)={0x1, 0x2})
ioctl$DRM_IOCTL_MODE_SETPLANE(r4, 0xc03064b7, 0x0)
r5 = syz_open_dev$dri(&(0x7f00000000c0), 0x1ff, 0x0)
ioctl$DRM_IOCTL_MODE_GETRESOURCES(r5, 0xc04064a0, &(0x7f0000000040)={0x0, &(0x7f00000002c0)=[<r6=>0x0], 0x0, 0x0, 0xfffffd52, 0x1})
ioctl$DRM_IOCTL_MODE_CURSOR(r4, 0xc01c64a3, &(0x7f0000000280)={0x3, r6, 0x0, 0x0, 0xa, 0x1ff, 0x1})
close_range(0xffffffffffffffff, 0xffffffffffffffff, 0x0)
listen(0xffffffffffffffff, 0x2)
syz_open_procfs(0x0, 0x0)
socket$nl_route(0x10, 0x3, 0x0)
sendmsg$NFNL_MSG_ACCT_NEW(r0, &(0x7f0000000180)={0x0, 0x0, 0x0}, 0x0)
sendmsg$NFNL_MSG_ACCT_DEL(r0, &(0x7f0000000440)={0x0, 0x0, &(0x7f0000000400)={&(0x7f0000000680)=ANY=[@ANYBLOB="200000000307010400000000000000000000000409e0000073797a3000000000"], 0x20}, 0x1, 0x0, 0x0, 0x20040080}, 0x4040)

5.484765271s ago: executing program 7 (id=2508):
r0 = socket$netlink(0x10, 0x3, 0xc)
bind$netlink(r0, 0x0, 0x0)
mknod$loop(&(0x7f0000000000)='./file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa\x00', 0x0, 0x1)
r1 = bpf$PROG_LOAD(0x5, &(0x7f0000000200)={0xc, 0xe, &(0x7f0000000a80)=ANY=[@ANYBLOB="b702000003000000bfa30000000000000703000000feffff7a0af0fff8ffffff79a4f0ff00000000b7060000ffffffff2d640500000000006504040001001f000404000001007d60b7030000000000006a0a00fe00000100850000000d000000b7000000000000009500000000000000c74396c8e3ebbadc20e5a7ef8c9ac1465cbf188ef10871b81ac7553358380b3a1f59916ffc9bf0bdf81524f07fb2819bf5774fedda52e39c90af27db5b56024df96b4673b4e8d5467e114604ea09b290a248a120c9c6cd87cef9000000a39c15a7ef365cc27dfeac7b9b0e9048517354b0ca4f9cf8b59ee6fa003fe1f2c4c15f20a07db4583a462d8be6602186fd68ee14a19ea2eb42122b8635a66ce6b5b92356081bc0f18a0ca83dbc089a9813c1efa26001b3f486ebfaae85c4d0b96778478ae5355e6f923b11056969f486f80a35f7f2339704fa93fa915ab8e1e0d7f31ebd19455e6827cd493907bf9d0000000000000000000000004e1fa60acabcf0553910ca2e5ea499fd5889dde9261f0848a5b8af657bfc96049308e8953431b269053627a1523551c160c813969925a892d266792352ec0204596a37ce8d6d260b32239bddbce2e79f93cb5a0ad897adb53b397d07c50f84b74f2605a565ee149016aa75ea31c0087dcd821b47c8b36efc6da4fb2ea7f1f36c85856b73ac9872babc62149699b6b8c796a79d833eb4b5ca668d430db5653a2b3c5b87e17ca1"], &(0x7f0000000340)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x8, &(0x7f0000000000), 0x0, 0x10, &(0x7f0000000000), 0x2ca, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x48)
bpf$BPF_PROG_TEST_RUN(0xa, &(0x7f0000000080)={r1, 0x18000000000002a0, 0x2f9, 0x543, &(0x7f0000000040)="b90103600040f000009e0ff008001fffffe100004000632177fb7f0200017f020001be3e7d2a182fff", 0x0, 0x104, 0x6000000000000000, 0x0, 0xfeb9, &(0x7f0000000400)="9209558f0c5fb25cd57f98113135c3171b8b331fbc04f0e6955a796ff8e3aae3cac46cec3030dfc999058aea01f0e6dcf2f9d480d328655aca003927bd50ed49d4843c8a0a2a4b26ceb747947200bd644c85e7a8a7d7cfce840c02a7d69c9e0bca410f64d43290abbbf3131e1fa8bd8c3e5f19d5a491d3d4c1a0fe47de9eebaf073ac3da6256bdb681d18fbd607c9b0d710442bcf78bc36fd3c035812bde582a262bff0e4d6181c818fccf542868c6e602d97bea23a101955dc76bcc984142ab305387aa348566d688edd291a3e9d08952adbdf60462bb7f7faebcdfccf17115708b0d73d0f3a469ce7d8374219b3f92c92bcec4958d474bb281c26691949d054b784a5866f081e53eb9cfd7"}, 0x28)

4.951870538s ago: executing program 1 (id=2509):
bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, 0x0, 0x0)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x88}, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000180)=0x7)
setsockopt$IP6T_SO_SET_REPLACE(0xffffffffffffffff, 0x29, 0x40, 0x0, 0x0)
r0 = getpid()
sched_setscheduler(r0, 0x2, &(0x7f0000000200)=0x7)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbee2, 0x8031, 0xffffffffffffffff, 0x0)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={<r1=>0xffffffffffffffff, <r2=>0xffffffffffffffff})
connect$unix(r1, &(0x7f000057eff8)=@abs={0x0, 0x0, 0x4e21}, 0x6e)
sendmmsg$unix(r2, &(0x7f0000000000), 0x651, 0x0)
recvmmsg(r1, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000000)=0x6)
bpf$BPF_PROG_WITH_BTFID_LOAD(0x5, &(0x7f0000000300)=@bpf_lsm={0xd, 0x5, &(0x7f0000000040)=@framed={{0xd6, 0xa, 0x0, 0x0, 0x0, 0x61, 0x11, 0x88}, [@initr0]}, &(0x7f0000000000)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x4c, '\x00', 0x0, 0x1b, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x94)
bpf$PROG_LOAD(0x5, 0x0, 0x0)
socket$key(0xf, 0x3, 0x2)
r3 = openat$sysfs(0xffffffffffffff9c, 0x0, 0x7d1e02, 0x90)
sendfile(r3, r3, 0x0, 0x101)
r4 = socket$inet6(0xa, 0x2, 0x0)
setsockopt$inet6_IPV6_FLOWLABEL_MGR(r4, 0x29, 0x20, &(0x7f0000000280)={@mcast2, 0x800, 0x0, 0x103, 0x1}, 0x20)
pread64(0xffffffffffffffff, 0x0, 0x0, 0x97)
bpf$PROG_LOAD_XDP(0x5, 0x0, 0x0)
openat$ttyprintk(0xffffffffffffff9c, &(0x7f00000003c0), 0x50402, 0x0)
bpf$OBJ_PIN_PROG(0x6, &(0x7f0000000080)=@generic={&(0x7f00000000c0)='./file0\x00', r3}, 0x18)
r5 = socket$inet6_sctp(0xa, 0x1, 0x84)
setsockopt(r5, 0x84, 0x7f, &(0x7f0000000040)='!S', 0x2)
r6 = socket$inet6(0xa, 0x3, 0x2c)
setsockopt$IP6T_SO_SET_REPLACE(r6, 0x29, 0x40, &(0x7f0000000a00)=@raw={'raw\x00', 0x3c1, 0x3, 0x468, 0x170, 0x1170, 0x1170, 0x0, 0x1170, 0x398, 0x1398, 0x1398, 0x398, 0x1398, 0x3, 0x0, {[{{@ipv6={@ipv4={'\x00', '\xff\xff', @multicast2}, @remote, [], [], 'veth0_vlan\x00', 'veth0_to_hsr\x00', {}, {}, 0x84, 0x0, 0x0, 0x10}, 0x0, 0x128, 0x170, 0x0, {}, [@common=@inet=@multiport={{0x50}, {0x0, 0x1, [0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1000, 0x0, 0x0, 0x3, 0x0, 0x4e20], [0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xfc]}}, @common=@unspec=@connmark={{0x30}}]}, @common=@inet=@TEE={0x48, 'TEE\x00', 0x1, {@ipv4=@multicast2, 'netpci0\x00'}}}, {{@ipv6={@rand_addr=' \x01\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x01', @initdev={0xfe, 0x88, '\x00', 0x0, 0x0}, [0xffffff00, 0xffffffff, 0xff000000, 0xff], [0xffffffff, 0xff, 0x0, 0xff], 'syzkaller1\x00', 'hsr0\x00', {0xff}, {}, 0x3a, 0x4, 0x5, 0x46}, 0x0, 0x1e0, 0x228, 0x0, {}, [@common=@rt={{0x138}, {0x1, [], 0x0, 0x0, 0x0, [@empty, @dev={0xfe, 0x80, '\x00', 0x43}, @remote, @remote, @private2, @rand_addr=' \x01\x00', @initdev={0xfe, 0x88, '\x00', 0x0, 0x0}, @private1, @mcast1, @empty, @remote, @mcast2, @empty, @rand_addr=' \x01\x00', @rand_addr=' \x01\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x02', @remote], 0x1}}]}, @unspec=@CT0={0x48, 'CT\x00', 0x0, {0x0, 0x0, 0x0, 0x0, 'snmp_trap\x00', {0x100000000}}}}], {{'\x00', 0x0, 0xa8, 0xd0}, {0x28}}}}, 0x4c8)

4.767141221s ago: executing program 4 (id=2510):
ioctl$PTP_EXTTS_REQUEST2(0xffffffffffffffff, 0x40043d14, 0x0)
socketpair$nbd(0x1, 0x1, 0x0, &(0x7f0000000500)={0xffffffffffffffff, <r0=>0xffffffffffffffff})
syz_open_dev$evdev(0x0, 0x3e, 0x208604)
io_setup(0x6, 0x0)
syz_usb_connect(0x0, 0x2d, &(0x7f0000000180)=ANY=[@ANYBLOB="1201fb0019030320d812010079de01ec020109021b0001000003000904000001785ecc00090585020004"], 0x0)
syz_open_dev$char_usb(0xc, 0xb4, 0x0)
r1 = syz_open_dev$char_usb(0xc, 0xb4, 0x0)
read$char_usb(r1, 0x0, 0x11)
ioctl$F2FS_IOC_MOVE_RANGE(r0, 0x541b, &(0x7f0000000040)={<r2=>0xffffffffffffffff, 0x0, 0x4, 0x8040000000000000})
close_range(r2, 0xffffffffffffffff, 0x0)

4.738684972s ago: executing program 7 (id=2511):
bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, 0x0, 0x0)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x88}, 0x0)
sched_setscheduler(0x0, 0x1, &(0x7f0000000240)=0x7)
r0 = getpid()
sched_setscheduler(r0, 0x2, &(0x7f0000000200)=0x7)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={<r1=>0xffffffffffffffff, <r2=>0xffffffffffffffff})
connect$unix(r1, &(0x7f000057eff8)=@abs, 0x6e)
sendmmsg$unix(r2, &(0x7f0000000000), 0x651, 0x0)
recvmmsg(r1, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000000)=0x6)
bpf$MAP_CREATE_CONST_STR(0x0, 0x0, 0x50)
r3 = add_key$keyring(0x0, 0x0, 0x0, 0x0, 0xfffffffffffffffd)
keyctl$KEYCTL_MOVE(0x1e, r3, 0xfffffffffffffffb, r3, 0x1)
getdents(0xffffffffffffffff, 0x0, 0x0)
open_by_handle_at(0xffffffffffffffff, 0x0, 0x1)
ioctl$sock_SIOCETHTOOL(r2, 0x8946, &(0x7f00000003c0)={'ip6tnl0\x00', &(0x7f00000000c0)=@ethtool_ringparam={0x11, 0x8, 0xffffffd6, 0x6, 0x80000001, 0xfffffff7, 0x6, 0x4, 0x8000}})
mlock2(&(0x7f0000627000/0x3000)=nil, 0x3000, 0x0)
mremap(&(0x7f0000532000/0x3000)=nil, 0x3000, 0x1000, 0x3, &(0x7f0000190000/0x1000)=nil)
mlock(&(0x7f0000626000/0x5000)=nil, 0x5000)
syz_io_uring_setup(0x6ae9, &(0x7f0000000340)={0x0, 0x40000002, 0x4000}, &(0x7f0000000400), 0x0)
sendmsg$nl_generic(0xffffffffffffffff, &(0x7f0000000180)={0x0, 0x0, &(0x7f0000000140)={&(0x7f0000001700)=ANY=[@ANYBLOB="1800000024000103000000000000000001"], 0x18}, 0x1, 0x0, 0x0, 0x8001}, 0x4000)
recvmmsg(0xffffffffffffffff, &(0x7f0000004ec0), 0x0, 0x2000, 0x0)
sendmsg$netlink(0xffffffffffffffff, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000000)=[{&(0x7f0000000440)=ANY=[@ANYBLOB="180100002e00010000000000fcdbdf25"], 0x118}], 0x1, 0x0, 0x0, 0x1}, 0x0)
mount(&(0x7f0000000140)=@nbd={'/dev/nbd', 0x0}, 0x0, &(0x7f0000000080)='qnx6\x00', 0x208800, 0x0)

4.017894732s ago: executing program 6 (id=2512):
setsockopt$inet6_tcp_TCP_REPAIR(0xffffffffffffffff, 0x6, 0x13, &(0x7f0000000100)=0x1, 0x4)
setsockopt$inet6_tcp_TCP_REPAIR(0xffffffffffffffff, 0x6, 0x13, 0x0, 0x0)
ioctl$sock_inet_tcp_SIOCINQ(0xffffffffffffffff, 0x8901, 0x0)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000180)=0x4)
sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
r0 = syz_open_dev$MSR(&(0x7f00000001c0), 0x0, 0x0)
read$msr(r0, &(0x7f0000019680)=""/102392, 0x18ff8)
unshare(0x44000200)

3.935885173s ago: executing program 1 (id=2513):
r0 = syz_usb_connect$cdc_ncm(0x0, 0x72, &(0x7f00000000c0)=ANY=[@ANYBLOB="1201000002000040257d15a4400001040001090260004201000000090400000102090000052406000105240000000d240f01000004eaffffff1e0006031a00000804800200090581", @ANYBLOB="f7", @ANYRESDEC], 0x0)
openat$cgroup_ro(0xffffffffffffff9c, 0x0, 0x7a05, 0x1700)
syz_open_dev$char_usb(0xc, 0xb4, 0x0)
syz_usb_ep_write(r0, 0x81, 0x8, &(0x7f0000000080)="00012c615bc20000")

2.819642569s ago: executing program 7 (id=2514):
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x88}, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000240)=0x7)
r0 = getpid()
r1 = socket$nl_generic(0x10, 0x3, 0x10)
sendmsg$SEG6_CMD_SETHMAC(r1, &(0x7f00000004c0)={0x0, 0x0, &(0x7f00000001c0)={&(0x7f00000000c0)={0x30, 0x0, 0x1, 0x0, 0x0, {}, [@SEG6_ATTR_SECRETLEN={0x5, 0x5, 0x1}, @SEG6_ATTR_SECRET={0x4}, @SEG6_ATTR_ALGID={0x5}, @SEG6_ATTR_HMACKEYID={0x8, 0x3, 0x1}]}, 0x30}}, 0x0)
sched_setscheduler(r0, 0x2, &(0x7f0000000200)=0x7)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbee2, 0x8031, 0xffffffffffffffff, 0x0)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={<r2=>0xffffffffffffffff, <r3=>0xffffffffffffffff})
connect$unix(r2, &(0x7f000057eff8)=@abs={0x0, 0x0, 0x4e21}, 0x6e)
sendmmsg$unix(r3, &(0x7f0000000000), 0x651, 0x0)
recvmmsg(r2, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000100)=0x6)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000000)={<r4=>0xffffffffffffffff})
r5 = socket$nl_generic(0x10, 0x3, 0x10)
r6 = socket$kcm(0xa, 0x922000000003, 0x11)
setsockopt$sock_attach_bpf(r6, 0x29, 0x24, &(0x7f00000000c0), 0x4)
sendmsg$kcm(r6, &(0x7f0000000000)={&(0x7f00000002c0)=@l2tp6={0xa, 0x0, 0x0, @mcast1, 0x9}, 0x80, &(0x7f0000000080)=[{&(0x7f0000000340)="f400000000002c00fe8000"/20, 0x14}], 0x1}, 0x0)
dup2(r6, r4)
r7 = syz_genetlink_get_family_id$batadv(&(0x7f0000003000), r5)
ioctl$ifreq_SIOCGIFINDEX_batadv_mesh(r4, 0x8933, &(0x7f0000003040)={'batadv0\x00', <r8=>0x0})
sendmsg$BATADV_CMD_TP_METER(r5, &(0x7f0000003140)={0x0, 0x0, &(0x7f0000003100)={&(0x7f0000003080)={0x1c, r7, 0x1, 0x70bd2b, 0x25dfdbfb, {}, [@BATADV_ATTR_MESH_IFINDEX={0x8, 0x3, r8}]}, 0x1c}, 0x1, 0x0, 0x0, 0x20000050}, 0x20040084)
r9 = socket$inet_smc(0x2b, 0x1, 0x0)
getsockopt$IP_VS_SO_GET_TIMEOUT(r9, 0x0, 0x486, &(0x7f0000000000), &(0x7f0000000040)=0xc)
write$RDMA_USER_CM_CMD_RESOLVE_IP(0xffffffffffffffff, 0x0, 0x0)

1.568325247s ago: executing program 7 (id=2515):
r0 = socket$packet(0x11, 0x3, 0x300)
r1 = socket$nl_route(0x10, 0x3, 0x0)
ioctl$sock_SIOCGIFINDEX(r1, 0x8933, &(0x7f0000000340)={'tunl0\x00', <r2=>0x0})
setsockopt$packet_add_memb(r0, 0x107, 0x1, &(0x7f0000000000)={r2, 0x1, 0x6}, 0x10)

1.481745409s ago: executing program 6 (id=2516):
syz_init_net_socket$nl_generic(0x10, 0x3, 0x10)
sendmsg$nl_xfrm(0xffffffffffffffff, 0x0, 0x0)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000080)=0x8)
ioperm(0x376, 0x5, 0x10)
socket$inet6_icmp(0xa, 0x2, 0x3a)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x1, 0x0)
openat$sequencer(0xffffffffffffff9c, &(0x7f0000000300), 0x0, 0x0)
r0 = syz_open_dev$sndmidi(&(0x7f00000004c0), 0x2, 0x141102)
writev(r0, &(0x7f0000000840)=[{0x0}, {0x0}], 0x2)
syz_open_dev$vim2m(&(0x7f0000000000), 0x7, 0x2)
r1 = openat$ttyS3(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0)
ioctl$TIOCSETD(r1, 0x5423, &(0x7f00000000c0)=0xd)
ioctl$TIOCSTI(r1, 0x5412, &(0x7f0000000180)=0xdd)
execveat(0xffffffffffffffff, &(0x7f0000000000)='\x00', 0x0, 0x0, 0x1000)
bpf$PROG_LOAD(0x5, &(0x7f0000000080)={0x1d, 0x0, 0x0, &(0x7f0000000b80)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @lsm=0x1b, 0xffffffffffffffff, 0x8, &(0x7f0000000000), 0x8, 0x10, 0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x94)
syz_emit_vhci(&(0x7f0000000080)=ANY=[@ANYBLOB="043e1f1b", @ANYRES64], 0x22)
r2 = syz_init_net_socket$nl_generic(0x10, 0x3, 0x10)
syz_genetlink_get_family_id$netlbl_unlabel(&(0x7f0000000040), r2)
sendmsg$nl_route(0xffffffffffffffff, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000300)={&(0x7f0000000240)=ANY=[@ANYBLOB="5000000010001f02000000000000000000000000fafbc8bd49f220ec752d45", @ANYRES32=0x0, @ANYBLOB="0000000000000000300012800b0001006272696467650000200002800a001400aaaaaaaaaabb0000080009000000000005002d0000000000"], 0x50}}, 0x0)
socket(0x2b, 0x1, 0x0)
syz_genetlink_get_family_id$nbd(&(0x7f0000000380), 0xffffffffffffffff)

1.3794179s ago: executing program 7 (id=2517):
openat$cgroup_ro(0xffffffffffffff9c, &(0x7f00000001c0)='memory.events\x00', 0x275a, 0x0)
bpf$MAP_CREATE(0x0, &(0x7f00000000c0)=ANY=[@ANYRES32, @ANYBLOB='\x00'/20, @ANYRES32=0x0, @ANYRES32, @ANYBLOB="030000"], 0x50)
bpf$PROG_LOAD(0x5, &(0x7f0000000000)={0x11, 0x10, &(0x7f0000000240)=ANY=[@ANYBLOB="18000000000000000000", @ANYBLOB="0000000000000000b702000014000000b7030000000000008500000083000000bf0900000000000055090100000000009500a51cec5e2d137c85000005000000bf91000000000000b702e300000000008500000084"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x9, '\x00', 0x0, @fallback=0x5384b9927ce1a186, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x94)
bpf$MAP_CREATE_CONST_STR(0x0, &(0x7f0000000340)=ANY=[@ANYBLOB="02000000040000000800000001"], 0x48)
bpf$PROG_LOAD(0x5, &(0x7f0000000100)={0x1f, 0x11, &(0x7f0000000200)=ANY=[@ANYBLOB="18000000ffffffff000000000000000085000000a8000000b7080000000000007b8af8ff00000000b7080000000000007b8af0ff00000000bfa100"], &(0x7f0000000b00)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x1a, '\x00', 0x0, @fallback=0x17, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x94)
r0 = socket$nl_generic(0x10, 0x3, 0x10)
r1 = socket$alg(0x26, 0x5, 0x0)
sendmsg$nl_xfrm(0xffffffffffffffff, &(0x7f00000004c0)={0x0, 0x0, &(0x7f00000000c0)={&(0x7f0000000240)=ANY=[@ANYBLOB="5000e6ff2600010000000000000000000a010100000000000000000000000000ac1e010100"/60, @ANYRES32=0x0], 0x50}}, 0x0)
bind$alg(r1, &(0x7f00000004c0)={0x26, 'skcipher\x00', 0x0, 0x0, 'cbc-camellia-asm\x00'}, 0x58)
setsockopt$ALG_SET_KEY(r1, 0x117, 0x1, &(0x7f0000000280)="ad56b6c5820fae9d6dcd3292ea54c7beef915d564c90c200", 0x18)
sendmsg$ETHTOOL_MSG_LINKMODES_GET(0xffffffffffffffff, &(0x7f0000000d00)={&(0x7f00000002c0)={0x10, 0x0, 0x0, 0x1000}, 0xc, 0x0, 0x1, 0x0, 0x0, 0x20004051}, 0xc4)
r2 = accept4(r1, 0x0, 0x0, 0x800)
syz_genetlink_get_family_id$ethtool(&(0x7f0000000240), 0xffffffffffffffff)
sendmsg$ETHTOOL_MSG_LINKMODES_SET(0xffffffffffffffff, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000600)=ANY=[], 0x50}, 0x1, 0x0, 0x0, 0x80}, 0x800)
sendmmsg$alg(r2, &(0x7f0000000040)=[{0x0, 0x0, &(0x7f0000000000)=[{&(0x7f0000000080)="f78d9ca38fff48f3be52163448412ba8", 0xfffffe3f}, {&(0x7f0000000140)="ebe3a0e9796cfd1647e299f4e376fdba128280b372219d205e81f4a7f71c1926aae1efd7e0054a863f3d5cfe6cb55b5bb9fa6935849e6098ed884e7cb51726b360fbb37b4fe035bbb095873048"}, {&(0x7f00000003c0)="e8700e444d50a969ff67347cff6127e6ef12ee3819271482a4975a52c1ab9b8b4db3945d1032005eabe97b4dc33a47d3a158da988456d30026b433186f53cdcdb93a4722bf306a10470d50f5cb1ece9ead3459bab1cf1538cd0b157653c5e892962c80f158c443e9c6ad7d2a8103ef2f4b93766b9a21501f94c1568b13756b66f74f46cf801704d2da8b96c34070b233af0afcc436712e58ed25e721193af05a045ad3fdc928f02f3dbad19d3e66eebda2e63f3f46ef4511cee26d7b48241847bf9e343ef4674c45e2a085060f11"}], 0x1, &(0x7f0000000380)=[@op={0x18, 0x117, 0x3, 0x1}], 0x18}], 0x1, 0x40800)
recvmsg(r2, &(0x7f00000005c0)={0x0, 0x0, &(0x7f00000001c0)=[{&(0x7f00000000c0)=""/81, 0x7ffff000}, {&(0x7f0000000200)=""/83, 0x20000253}], 0x2}, 0x0)
r3 = syz_genetlink_get_family_id$nl80211(&(0x7f0000000080), 0xffffffffffffffff)
ioctl$sock_SIOCGIFINDEX_80211(r0, 0x8933, &(0x7f00000013c0)={'wlan1\x00', <r4=>0x0})
sendmsg$NL80211_CMD_FRAME(r0, &(0x7f0000001380)={0x0, 0x0, &(0x7f0000001340)={&(0x7f0000000680)=ANY=[@ANYBLOB="f4060000", @ANYRES16=r3, @ANYRES32=r4, @ANYBLOB="d506330080000000ffffffffffff080211000001"], 0x6f4}}, 0x0)

1.330483391s ago: executing program 5 (id=2518):
r0 = socket$inet_udp(0x2, 0x2, 0x0)
setsockopt$sock_int(r0, 0x1, 0x3c, &(0x7f00000000c0)=0x1, 0x4)
r1 = socket$packet(0x11, 0x3, 0x300)
setsockopt$packet_rx_ring(r1, 0x107, 0x5, &(0x7f0000000040)=@req3={0x1000, 0x3a, 0x1000, 0x3a}, 0x1c)
sendmmsg$inet(r0, &(0x7f0000000040)=[{{&(0x7f0000000100)={0x2, 0x4e23, @empty}, 0x10, 0x0}}], 0x1, 0x4000800)

1.292713112s ago: executing program 6 (id=2519):
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
prlimit64(0x0, 0xe, &(0x7f0000000380)={0x8, 0x100008b}, 0x0)
sched_setscheduler(0x0, 0x1, &(0x7f0000000000)=0x7)
openat$sequencer(0xffffffffffffff9c, &(0x7f0000000300), 0x0, 0x0)
r0 = syz_open_dev$sndmidi(&(0x7f00000004c0), 0x2, 0x141102)
writev(r0, &(0x7f0000000840)=[{&(0x7f00000002c0)="94", 0xf000}, {0x0}], 0x2)
mlock(&(0x7f0000000000/0x800000)=nil, 0x800000)
munlockall()
munlockall()
r1 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0)
r2 = ioctl$KVM_CREATE_VM(r1, 0xae01, 0x0)
r3 = ioctl$KVM_CREATE_VCPU(r2, 0xae41, 0x1)
syz_kvm_setup_cpu$x86(r2, 0xffffffffffffffff, &(0x7f0000fe8000/0x18000)=nil, &(0x7f00000000c0)=[@text32={0x20, 0x0}], 0x1, 0x0, 0x0, 0x0)
syz_kvm_setup_cpu$x86(r1, r3, &(0x7f0000fe8000/0x18000)=nil, &(0x7f0000000180)=[@textreal={0x8, 0x0}], 0x1, 0x5a, 0x0, 0x0)
ioctl$KVM_RUN(r3, 0xae80, 0x0)
r4 = openat$binderfs(0xffffffffffffff9c, &(0x7f0000000380)='./binderfs/binder0\x00', 0x0, 0x0)
ioctl$BINDER_SET_CONTEXT_MGR_EXT(r4, 0x4018620d, &(0x7f00000000c0)={0x73622a85, 0x110b, 0x8000000000002})
r5 = openat$binderfs(0xffffffffffffff9c, &(0x7f0000000200)='./binderfs/binder0\x00', 0x0, 0x0)
ioctl$BINDER_WRITE_READ(r5, 0xc0306201, 0x0)
openat$vmci(0xffffffffffffff9c, 0x0, 0x2, 0x0)
dup3(r5, r4, 0x0)
pipe(0x0)
write$P9_RWRITE(0xffffffffffffffff, &(0x7f0000000040)={0xb}, 0x11000)
r6 = openat$binderfs(0xffffffffffffff9c, 0x0, 0x802, 0x0)
ioctl$BINDER_ENABLE_ONEWAY_SPAM_DETECTION(r5, 0x40046210, &(0x7f0000000100)=0x1)
mmap$binder(&(0x7f0000ffd000/0x3000)=nil, 0x3000, 0x1, 0x11, r6, 0x0)
ioctl$BINDER_SET_CONTEXT_MGR_EXT(r6, 0x4018620d, &(0x7f0000000240))
ioctl$BINDER_WRITE_READ(r4, 0xc0306201, &(0x7f00000001c0)={0x50, 0x0, &(0x7f0000000140)=[@reply_sg={0x40486312, {0x0, 0x0, 0x0, 0x0, 0x21, 0x0, 0x0, 0x48, 0x18, &(0x7f00000004c0)={@flat=@binder={0x73622a85, 0xa, 0x2}, @flat=@handle={0x73682a85, 0x1000, 0x2}, @fd={0x66642a85, 0x0, r5}}, &(0x7f0000000080)={0x0, 0x18, 0x30}}, 0x1000}, @register_looper], 0x0, 0x0, 0x0})
ioctl$BINDER_WRITE_READ(r5, 0xc0306201, &(0x7f0000000c00)={0x0, 0x0, 0x0, 0x1, 0x1000000, &(0x7f0000000b00)="94"})

1.248335802s ago: executing program 5 (id=2520):
syz_open_dev$dri(&(0x7f00000000c0), 0x1ff, 0x0)
syz_kvm_setup_cpu$x86(0xffffffffffffffff, 0xffffffffffffffff, &(0x7f0000000000/0x18000)=nil, 0x0, 0x0, 0x0, 0x0, 0x0)
openat$kvm(0xffffffffffffff9c, 0x0, 0x0, 0x0)
bpf$PROG_LOAD(0x5, &(0x7f00000054c0)={0x16, 0x16, 0x0, &(0x7f00000000c0)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @flow_dissector=0x11, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, &(0x7f0000000000), 0x10, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x94)
ioctl$KVM_CREATE_IRQCHIP(0xffffffffffffffff, 0xae60)
ioctl$KVM_SET_VCPU_EVENTS(0xffffffffffffffff, 0x4400ae8f, &(0x7f0000000140)=@x86={0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, 0x0, 0x9, 0x0, 0x0, 0x0, 0x0, 0x0, 0xff, 0xff, 0x3})
syz_usb_connect$hid(0x4, 0xfd14, 0x0, 0x0)
r0 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000180)={0x18, 0x5, 0x0, &(0x7f0000000280)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x2, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000480)={&(0x7f0000000100)='sys_exit\x00', r0}, 0x10)
ioctl$KVM_SET_XCRS(0xffffffffffffffff, 0x4188aea7, 0x0)
signalfd(0xffffffffffffffff, 0x0, 0x0)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000640)=0x2)
sched_setaffinity(0x0, 0x8, &(0x7f0000000280)=0x2)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
r1 = syz_open_dev$MSR(&(0x7f00000001c0), 0x0, 0x0)
bpf$PROG_LOAD(0x5, &(0x7f00000017c0)={0x1, 0xe, &(0x7f0000000200)=ANY=[@ANYBLOB="b700000081000000bfa30000000000000703000000feffff720a00fef8ffffff71a400fe0000000071101000000000001d300200000000004704000001ed030407030000060000001d440000000000006b0a20fe0000000072030000000a0000e500f9ff000000009500000000000000023bc065b58111c6dfa041b63af4a3912435f1a864a710aad58db6a693002e7f3be361917adef6ee1c8a2a4f8ef1e50becb19bc461e91a7168c50000000190f32050e436fe275daf51efd601b6bf01c8e8b1b526375ec4dd6fcd82e4fe51bef7af9aa0d7d600c095199fe3ff3128e599b0eaebbdbd732c9cc00eec363e4a8f6456e2cc21557c0afc646cb7798b3e6440c2fbdb00a3e35208b0bb0d2cd829e654400e2438ec649dc74a28610643a98d9ec21ead2ed51b104d4d91af25b845d8a7925c3109b151b8b9f75dd08d123deda88c658d42ecbf28bf7076c15b463bebc72f526d8e8afcb913466aaa7f6df70252e79166d858fcd0e06dd31af9612f2460d0b11008e59a5923906f88b53987ad1714e72ba7a54f0c33d39000d06a59ff616276fd9aa58f2477184b6a89adaf17b0a6041bdef728d236619074d6ebdfd1f5089048ddff6da40f9411fe722631cb467600ade70063e5291569b33d21dae356e1c51f03a801be8189679a16da18ec0ae564162a27afea62d84f3a10746443d6438e959532e0617d419c6bc6ea9f2bca4464f56e24e6d2105bd901204a1deeed4155617572652d950ad31928b0b0c3dc2869f478341d02d0f5ad94b081fcd507acb4b9c65fee9d5a17f48a7382f13d000000225d85ae49cee383dc5049076b989b40000000000000da60d2ae20cfb91d6a49964757cdf538f9ce2bdb1ab062cd54e67011d355d84ce97bb0c6b4a595e487efbb2d71cde2c140952f9a0f0bc6980fe78683ac5c0c31032599ddd71063be9261b2e1aab1675b34a26048ef8c126aeef5f510a8f1aded94a129e4aec6f8d9ab06faffc3a15d96c2ea3e2e04cfe031b2875353193f82ade69d0540059fe6c7fe7cd8697502c7596566d674e425da5e87e59602a9f6590521d31d3804b3e0a1053abdc31282dfb15eb6841bb64a1b304502dda787343ce3c953992e4a982f3c48153baae244e7bf37548c7f1a4cad2422ee965a38f7defbd2160242b104e20dc2d9b0c35608d402ccdd9069bd50b994fda7a9de44028d6112a0c2d21b2dc98816106dec28eaeb883418f562ae00003ea96d10f172c0374d6eed826416050000000bfe9b4a9c5a90ff59d54d1f92ecc4e95dd2d18383117c039862198899b212c55318294270a1ad10c80fef7c24d47afce829ba0f85da6d888f18ea40ab959f6074ab2a40d85d15017ab513cdc6c0e57fb1c1ca571380d7b4ead35a385e0b4a26b702396df7e0c1e02b6e4114f244a9bf93f04bf072f0861f7580e69db384ac7eeedcf2ba1a9508f9d6aba582a896a9f1ffa968eacea75caf822a7a63ba34015ea5aacb1188883ad2a3b1832371fe5bc621426d1ed0a4a99702cc1b6912a1e717d29135753208165b9cdbae2ed9dc7358f0ebadde0b727f27feeb744ddcc536cbae315c7d1fe1399562ba6824840bd2951680f6f2f9a6a8346962a350845ffa0d829e4f79adc287906943408e6df3c391e97ba48db0a5adbfd03aac93df8866fb010aec0e92bed1fe39af169d2a466f0db6f3d9436a7d55fc30511d00e10000c95265b2bd83d64a532869d701723fedcbada1ee7baa5b6a686b50f0937f778af083e055f6138a757ebd0ed91124a6b244f9acf41ac5d73a008364e0606a594817031fc2f52c8785fe0721719b3d654026c6ea08b83b5703dad844ceb201ddeb6dc5f6a903792283c42efc54fa84323afc4c10eff462c8843187f1dd48ef3fa293774d582956ff0f40b10ca94f6feeb2893c17888e1cdba94a6ea80c33ead5722c3293a493f1479531dd88261458f40d31fe8df15efaaeea831555877f9538d6ee6ba65893ff1f908ba7554ba583fef3ec7932f5954f31a878e2fae6691d1aee1da02ba516467df3e7d1daac43738012e4fee18a22da19fcdb4c2890cda1f96b952511e3a69d694d625e0b2f808890205f3a6da2819d2f9e77c7c64affa54fec0136cbafa5f6f096753b639a924599c1f69219927ea5301fff0a6063d427f0688430754c02180d61542c2571f983e9673560000000000000000005a7b57f03ca91a01ba2e30ca99e8ebc15ecb4d91675767999d146aef7799738b292fd640dfef6b04d086f737a159d7e0c6e4d81ad64a8bbca48568325b2969e2b15f36b788bce5ccdbaf75c94cb93499f6947a967a7bce14c6de4e7c0660d80010f5c653d22d490cba8c2a4ab595bf4238f18ca428dafc7ac96d404607a0000000051a2104f22e6db5a62b5089c1b45282d38864daa3ae81d6b0968d1d2867b91b7d120617d12d91db2633d6864da40b54783a17aaeb6737c323f9f98e354cc98dcfe23ad01bd1c61563e69ffe1c2c73e16e1461173f359e93d2c5e424c17998809ec8f0232b3955e052a4cecd89008f70314a0bdec86f9b1eb93d491ec86a4555d89fe0120f64c62e8e3ed8bcb45202c3d4bbec8d722824c0ebca8db1ea4a003d2fbdc1f9be78537756ab5bbe4fe9af5d785d0128171c90d9900ce2532b0f9d01c4b45294fbba468df3e1b583cb4e62e754598e47df6bd06431c94bc5d047899fd219f448bf9189c65c9d91eda6b52a373803a9efe44f86909bc90addb7b9aee813df534aac4b3093c91b8068cd84990453f806694d461b76a58d88cf0f520310a1e80dc18cde9ad662eee077515d0a8811922929e085392ab3d1311b8243266d87047f601fa88a0da36b9f302e8262395174328f2482d14008de83070744f143fdec90ba5a82668d5fac114c13955ad6dca5db2231d8ba14c54c47ed04a4b4ace17e357e1d6432399f87a7a14245bbd796a090f3b247b95d37ff40a404bdad74bd20000000000000000000099fef7cd7af3ce64a92f95d89d125b1e641240d7e5e27a3d1f7684448c3e3822d617e205061298b939a191be4b48e169bde2cae3accc5bd40a2968b59c93d35f8e42366fdef9a2abae1cf01ce68abff28861aac8302d268569dd42e194e330c7aaa54ebbcefd23f21ce8153b9926e12e925cb56119df72c7533a48d028ad0c74e2a9478fa3be18a1a2b65079cc1c00000000000000f59dd19e8d525206c0a728cfd42193abe8130bc01a2d69841f3d7799ac04bdc590bb1c89b9c695f163e57343c9bfb59909433c9001c5f8b23e38534a538fc933cac6c2a92d038df638a0f226df9fb857bd414c2cd69985e8053e3dfa41614d7c74d04d8c2471041d17c730fad28395f8d4688898cd58b9d600c851626529bb58aa364b55e73f053450665e7b"], &(0x7f00000001c0)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, &(0x7f0000000000), 0x10, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x94)
read$msr(r1, &(0x7f0000019680)=""/102392, 0x18ff8)
r2 = socket(0x40000000015, 0x5, 0x0)
getsockopt(r2, 0x200000000114, 0x8, &(0x7f0000019780)=""/102387, &(0x7f00000003c0)=0xfffffffffffffdc8)
capset(&(0x7f0000000080)={0x20071026}, &(0x7f0000000040)={0x200000, 0x200000})
timer_create(0x2, 0x0, &(0x7f0000000d40))
r3 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000080)='cpu.stat\x00', 0x275a, 0x0)
mmap(&(0x7f0000000000/0x3000)=nil, 0x3000, 0x5, 0x12, r3, 0x0)
ioctl$USBDEVFS_SETINTERFACE(0xffffffffffffffff, 0x80045510, &(0x7f0000000000))

1.153813463s ago: executing program 7 (id=2521):
bpf$PROG_LOAD(0x5, &(0x7f0000000340)={0x3, 0xc, &(0x7f0000000000)=ANY=[@ANYBLOB="180000000000000000000000000000008500000061000000180100002020732500000000002020207b1af8ff00000000bfa100000000000007010000f8ffbfffb702000008000000b703000000000000850000007b00"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @sched_cls, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x94)
r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000140), 0x0, 0x0)
r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0)
r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x1)
ioctl$KVM_X86_SETUP_MCE(r2, 0x4008ae9c, &(0x7f0000000000)={0xc, 0x4, 0x70})
ioctl$KVM_SET_MSRS(r2, 0x4008ae89, &(0x7f0000000040)=ANY=[@ANYBLOB="01000000000000008802"])

0s ago: executing program 4 (id=2522):
ioctl$USBDEVFS_REAPURB(0xffffffffffffffff, 0x4008550c, 0x0)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0xc, 0x8b}, 0x0)
sched_setscheduler(0x0, 0x1, &(0x7f0000000300)=0x9)
bpf$MAP_CREATE(0x0, 0x0, 0x50)
r0 = getpid()
sched_setscheduler(r0, 0x2, &(0x7f0000000000)=0x4)
timer_create(0x0, &(0x7f0000000680)={0x0, 0x21}, &(0x7f0000000100))
timer_settime(0x0, 0x0, &(0x7f000006b000)={{0x0, 0x8}, {0x0, 0x9}}, 0x0)
r1 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000080)='cpuset.effective_cpus\x00', 0x275a, 0x0)
fcntl$lock(r1, 0x25, &(0x7f0000000000)={0x1})
r2 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000100)='cpuset.effective_cpus\x00', 0x275a, 0x0)
fcntl$lock(r2, 0x26, &(0x7f0000000380)={0x1, 0x0, 0x7})
r3 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000100)='cpuset.effective_cpus\x00', 0x275a, 0x0)
fcntl$lock(r3, 0x26, &(0x7f0000000380)={0x1, 0x0, 0x103ff})

kernel console output (not intermixed with test programs):

d with error -71
[  423.196855][ T8328] tmpfs: Unknown parameter 'usrquota'
[  423.210760][ T5490] usbtest: probe of 1-1:1.1 failed with error -71
[  423.226746][ T5490] usb 1-1: USB disconnect, device number 7
[  424.360394][ T8365] IPv6: ADDRCONF(NETDEV_CHANGE): bpq0: link becomes ready
[  426.297175][ T8365] 8021q: adding VLAN 0 to HW filter on device bond0
[  426.345591][ T8365] bond0: (slave rose0): Enslaving as an active interface with an up link
[  426.641152][ T4282] IPv6: ADDRCONF(NETDEV_CHANGE): bond0: link becomes ready
[  427.697459][ T8402] mmap: syz.3.1107 (8402) uses deprecated remap_file_pages() syscall. See Documentation/vm/remap_file_pages.rst.
[  428.428541][ T8401] VFS: Can't find a Minix filesystem V1 | V2 | V3 on device nullb0.
[  431.931376][   T23] usb 6-1: new high-speed USB device number 3 using dummy_hcd
[  432.240795][   T23] usb 6-1: Using ep0 maxpacket: 16
[  432.361022][   T23] usb 6-1: too many endpoints for config 0 interface 0 altsetting 0: 65, using maximum allowed: 30
[  432.399800][   T23] usb 6-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0
[  432.419673][   T23] usb 6-1: config 0 interface 0 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 65
[  432.447368][   T23] usb 6-1: New USB device found, idVendor=0419, idProduct=0001, bcdDevice= 0.00
[  432.467800][   T23] usb 6-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  432.516497][   T23] usb 6-1: config 0 descriptor??
[  433.070791][   T13] usb 5-1: new high-speed USB device number 9 using dummy_hcd
[  433.481423][   T13] usb 5-1: New USB device found, idVendor=9710, idProduct=7730, bcdDevice=96.33
[  433.557987][   T13] usb 5-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  433.671834][   T13] usb 5-1: config 0 descriptor??
[  433.733348][   T23] samsung 0003:0419:0001.0001: unknown main item tag 0x0
[  433.750975][   T23] samsung 0003:0419:0001.0001: unknown main item tag 0x0
[  433.758023][   T23] samsung 0003:0419:0001.0001: unknown main item tag 0x0
[  433.780682][   T23] samsung 0003:0419:0001.0001: unknown main item tag 0x0
[  433.807319][   T23] samsung 0003:0419:0001.0001: hidraw0: USB HID v0.00 Device [HID 0419:0001] on usb-dummy_hcd.5-1/input0
[  433.835800][   T23] usb 6-1: USB disconnect, device number 3
[  434.029164][ T8461] fido_id[8461]: Failed to open report descriptor at '/sys/devices/platform/dummy_hcd.5/usb6/report_descriptor': No such file or directory
[  434.200810][ T5490] usb 4-1: new full-speed USB device number 8 using dummy_hcd
[  434.561044][ T5490] usb 4-1: config 0 has an invalid interface number: 93 but max is 0
[  434.602305][ T5490] usb 4-1: config 0 has no interface number 0
[  434.851365][ T5490] usb 4-1: New USB device found, idVendor=10b8, idProduct=1bb4, bcdDevice=34.65
[  434.889909][ T5490] usb 4-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  434.969098][ T5490] usb 4-1: Product: syz
[  435.000829][ T5490] usb 4-1: Manufacturer: syz
[  435.006005][ T5490] usb 4-1: SerialNumber: syz
[  435.019927][ T5490] usb 4-1: config 0 descriptor??
[  435.280871][ T5490] dvb-usb: found a 'DiBcom TFE7090PVR reference design' in warm state.
[  435.348262][ T5490] dvb-usb: will use the device's hardware PID filter (table count: 32).
[  435.391293][ T5490] dvbdev: DVB: registering new adapter (DiBcom TFE7090PVR reference design)
[  435.448121][ T5490] usb 4-1: media controller created
[  435.665863][ T5490] dvbdev: dvb_create_media_entity: media entity 'dvb-demux' registered.
[  435.971182][   T13] usb 5-1: Cannot set autoneg
[  435.977338][   T13] MOSCHIP usb-ethernet driver: probe of 5-1:0.0 failed with error -71
[  436.139481][   T13] usb 5-1: USB disconnect, device number 9
[  436.145628][ T5490] DVB: Unable to find symbol dib7000p_attach()
[  436.151949][ T5490] dvb-usb: no frontend was attached by 'DiBcom TFE7090PVR reference design'
[  436.205966][ T5490] dvb-usb: will use the device's hardware PID filter (table count: 32).
[  436.261325][ T5490] dvbdev: DVB: registering new adapter (DiBcom TFE7090PVR reference design)
[  436.294546][ T5490] usb 4-1: media controller created
[  436.312371][ T5490] dvbdev: dvb_create_media_entity: media entity 'dvb-demux' registered.
[  436.371138][ T5490] dib0700: the master dib7090 has to be initialized first
[  436.512950][ T5490] dvb-usb: no frontend was attached by 'DiBcom TFE7090PVR reference design'
[  436.714128][ T8503] netlink: 48 bytes leftover after parsing attributes in process `syz.3.1135'.
[  437.693309][ T5490] rc_core: IR keymap rc-dib0700-rc5 not found
[  437.700207][ T5490] Registered IR keymap rc-empty
[  438.108103][ T5490] dvb-usb: could not initialize remote control.
[  438.134896][ T5490] dvb-usb: DiBcom TFE7090PVR reference design successfully initialized and connected.
[  438.226164][ T5490] usb 4-1: USB disconnect, device number 8
[  438.873141][ T8535] sch_tbf: burst 19872 is lower than device lo mtu (65550) !
[  438.885629][ T5490] dvb-usb: DiBcom TFE7090PVR reference design successfully deinitialized and disconnected.
[  439.380880][ T4242] usb 5-1: new high-speed USB device number 10 using dummy_hcd
[  439.580709][ T4242] usb 5-1: device descriptor read/64, error -71
[  439.636022][ T1420] ieee802154 phy0 wpan0: encryption failed: -22
[  439.642776][ T1420] ieee802154 phy1 wpan1: encryption failed: -22
[  440.320735][ T4242] usb 5-1: new high-speed USB device number 11 using dummy_hcd
[  440.550885][ T4242] usb 5-1: device descriptor read/64, error -71
[  440.681443][ T4242] usb usb5-port1: attempt power cycle
[  441.093459][ T4242] usb 5-1: new high-speed USB device number 12 using dummy_hcd
[  441.380694][ T4242] usb 5-1: device not accepting address 12, error -71
[  442.414026][ T8574] netlink: 'syz.5.1153': attribute type 1 has an invalid length.
[  442.609614][ T8576] bond1: (slave ip6gretap1): Enslaving as a backup interface with an up link
[  442.656308][ T8578] netlink: 28 bytes leftover after parsing attributes in process `syz.5.1153'.
[  442.705225][ T8578] bond1 (unregistering): (slave ip6gretap1): Releasing backup interface
[  442.728434][ T8578] bond1 (unregistering): Released all slaves
[  443.063720][ T8587] gfs2: not a GFS2 filesystem
[  444.437306][ T8598] binder: 8595:8598 ioctl c0306201 0 returned -14
[  444.554501][ T8598] binder: 8595:8598 ioctl c0306201 200000000c00 returned -14
[  446.977946][ T8643] VFS: Can't find a Minix filesystem V1 | V2 | V3 on device nullb0.
[  447.003575][ T8645] netlink: 12 bytes leftover after parsing attributes in process `syz.1.1165'.
[  447.106196][ T8645] device vlan2 entered promiscuous mode
[  447.174595][ T8645] device veth0_virt_wifi entered promiscuous mode
[  447.218077][ T8648] IPv6: RTM_NEWROUTE with no NLM_F_CREATE or NLM_F_REPLACE
[  447.415464][ T8656] vivid-001: disconnect
[  447.433621][ T8655] vivid-001: reconnect
[  447.613098][ T8662] kvm: vcpu 0: requested lapic timer restore with starting count register 0x390=3070988179 (3070988179 ns) > initial count (1876204212 ns). Using initial count to start timer.
[  447.720731][ T5490] usb 5-1: new high-speed USB device number 14 using dummy_hcd
[  448.067713][ T8672] netlink: 48 bytes leftover after parsing attributes in process `syz.3.1184'.
[  448.142667][ T5490] usb 5-1: New USB device found, idVendor=055f, idProduct=c420, bcdDevice=6a.33
[  448.823373][ T5490] usb 5-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  448.887024][ T5490] usb 5-1: config 0 descriptor??
[  449.077956][ T5490] gspca_main: sunplus-2.14.0 probing 055f:c420
[  449.640720][ T5490] gspca_sunplus: reg_w_riv err -110
[  449.646062][ T5490] sunplus: probe of 5-1:0.0 failed with error -110
[  449.899483][ T8688] uffd: Set unprivileged_userfaultfd sysctl knob to 1 if kernel faults must be handled without obtaining CAP_SYS_PTRACE capability
[  451.149365][    C1] vcan0: j1939_tp_rxtimer: 0xffff88806302d000: rx timeout, send abort
[  451.161010][    C1] vcan0: j1939_xtp_rx_abort_one: 0xffff88806302d000: 0x2f000: (3) A timeout occurred and this is the connection abort to close the session.
[  451.730990][ T5490] usb 5-1: USB disconnect, device number 14
[  451.740646][ T8717] VFS: Can't find a Minix filesystem V1 | V2 | V3 on device nullb0.
[  452.044386][ T8725] netlink: 68 bytes leftover after parsing attributes in process `syz.4.1196'.
[  453.062168][ T8738] netlink: 48 bytes leftover after parsing attributes in process `syz.3.1199'.
[  456.106822][ T8770] kvm: vcpu 0: requested lapic timer restore with starting count register 0x390=3070988179 (3070988179 ns) > initial count (1876204212 ns). Using initial count to start timer.
[  460.890678][ T8813] 8021q: VLANs not supported on xfrm0
[  462.667884][ T8831] gfs2: not a GFS2 filesystem
[  463.418889][ T8835] IPv6: RTM_NEWROUTE with no NLM_F_CREATE or NLM_F_REPLACE
[  463.426176][ T8835] IPv6: NLM_F_CREATE should be set when creating new route
[  466.620294][ T8857] kernel read not supported for file / 
�7���âW)�s���!Q���fs�l{T�r�)r��O���2:"��T+͟v|�ղDvc���֠�6�x�c: (pid: 8857 comm: syz.0.1229)
[  466.635212][   T26] audit: type=1800 audit(1749301501.190:15): pid=8857 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed comm="syz.0.1229" name=20019C1437B3CFFCC3A25729EB7393A7C721518FF6ECA56673F56C7B548772D22972A7D6084F9A98F5323A22F412C0542BCD9F767C8DD5B24476638E93D8D6A0C536D278E3633A dev="mqueue" ino=49709 res=0 errno=0
[  467.568722][ T8869] gfs2: not a GFS2 filesystem
[  468.778905][ T8877] overlayfs: fs on './file0' does not support file handles, falling back to index=off,nfs_export=off.
[  468.790275][ T8877] overlayfs: "xino" feature enabled using 2 upper inode bits.
[  470.903819][ T8888] tipc: Started in network mode
[  471.223091][ T8888] tipc: Node identity 7f000001, cluster identity 4711
[  471.230419][ T8888] tipc: New replicast peer: 172.30.0.6
[  471.236756][ T8888] tipc: Enabled bearer <udp:syz2>, priority 10
[  473.207319][ T4242] tipc: Node number set to 2130706433
[  475.342377][ T8926] overlayfs: fs on './file0' does not support file handles, falling back to index=off,nfs_export=off.
[  475.353506][ T8926] overlayfs: "xino" feature enabled using 2 upper inode bits.
[  478.455725][ T8964] VFS: Can't find a Minix filesystem V1 | V2 | V3 on device nullb0.
[  478.773235][ T4242] usb 4-1: new high-speed USB device number 9 using dummy_hcd
[  478.908113][ T8973] gfs2: not a GFS2 filesystem
[  479.052377][ T4242] usb 4-1: Using ep0 maxpacket: 8
[  479.952810][ T8980] ubi31: attaching mtd0
[  480.250840][ T4242] usb 4-1: New USB device found, idVendor=1660, idProduct=0932, bcdDevice=80.ea
[  480.289862][ T8980] ubi31: scanning is finished
[  480.300574][ T4242] usb 4-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  480.304065][ T8980] ubi31: empty MTD device detected
[  480.320071][ T4242] usb 4-1: Product: syz
[  480.324617][ T4242] usb 4-1: Manufacturer: syz
[  480.329228][ T4242] usb 4-1: SerialNumber: syz
[  480.345483][ T4242] usb 4-1: config 0 descriptor??
[  480.398279][ T4242] dvb-usb: found a 'Medion MD95700 (MDUSBTV-HYBRID)' in warm state.
[  480.410502][ T4242] usb 4-1: setting power ON
[  480.419398][ T4242] dvb-usb: bulk message failed: -22 (2/0)
[  480.595333][ T4242] dvb-usb: will pass the complete MPEG2 transport stream to the software demuxer.
[  480.607903][ T8963] dvb-usb: bulk message failed: -22 (3/0)
[  480.630738][ T8980] ubi31: attached mtd0 (name "mtdram test device", size 0 MiB)
[  480.638474][ T8963] usb 4-1: gpio_write failed.
[  480.648533][ T8963] dvb-usb: bulk message failed: -22 (3/0)
[  480.664337][ T8980] ubi31: PEB size: 4096 bytes (4 KiB), LEB size: 3968 bytes
[  480.676468][ T4242] dvbdev: DVB: registering new adapter (Medion MD95700 (MDUSBTV-HYBRID))
[  480.687403][ T8980] ubi31: min./max. I/O unit sizes: 1/64, sub-page size 1
[  480.704723][ T8980] ubi31: VID header offset: 64 (aligned 64), data offset: 128
[  480.730672][ T4242] usb 4-1: media controller created
[  480.757276][ T8980] ubi31: good PEBs: 32, bad PEBs: 0, corrupted PEBs: 0
[  480.774505][ T8980] ubi31: user volume: 0, internal volumes: 1, max. volumes count: 23
[  480.780381][ T4242] dvbdev: dvb_create_media_entity: media entity 'dvb-demux' registered.
[  480.802778][ T8980] ubi31: max/mean erase counter: 0/0, WL threshold: 4096, image sequence number: 2433854852
[  480.835058][ T8980] ubi31: available PEBs: 28, total reserved PEBs: 4, PEBs reserved for bad PEB handling: 0
[  480.864322][ T8987] ubi31: background thread "ubi_bgt31d" started, PID 8987
[  480.888451][ T4242] usb 4-1: selecting invalid altsetting 6
[  480.927996][ T4242] usb 4-1: digital interface selection failed (-22)
[  480.955976][ T4242] dvb-usb: no frontend was attached by 'Medion MD95700 (MDUSBTV-HYBRID)'
[  481.024031][ T4242] usb 4-1: setting power OFF
[  481.160434][ T4242] dvb-usb: bulk message failed: -22 (2/0)
[  481.207696][ T4242] dvb-usb: Medion MD95700 (MDUSBTV-HYBRID) successfully initialized and connected.
[  481.432818][ T8989] netlink: 'syz.1.1274': attribute type 62 has an invalid length.
[  481.796971][ T4242] (NULL device *): no alternate interface
[  481.814295][ T4242] dvb-usb: Medion MD95700 (MDUSBTV-HYBRID) successfully deinitialized and disconnected.
[  481.834516][ T4242] usb 4-1: USB disconnect, device number 9
[  482.603059][ T9008] IPv6: RTM_NEWROUTE with no NLM_F_CREATE or NLM_F_REPLACE
[  482.610299][ T9008] IPv6: NLM_F_CREATE should be set when creating new route
[  482.963995][ T9015] gfs2: not a GFS2 filesystem
[  483.803683][ T9026] VFS: Can't find a Minix filesystem V1 | V2 | V3 on device nullb0.
[  484.032052][ T9034] sch_tbf: burst 19872 is lower than device lo mtu (65550) !
[  485.572521][ T9047] netlink: 'syz.4.1288': attribute type 62 has an invalid length.
[  486.958339][ T9060] gfs2: not a GFS2 filesystem
[  490.211013][ T9091] netlink: 12 bytes leftover after parsing attributes in process `syz.3.1300'.
[  491.121770][ T9090] VFS: Can't find a Minix filesystem V1 | V2 | V3 on device nullb0.
[  491.457967][ T9098] netlink: 'syz.0.1302': attribute type 62 has an invalid length.
[  492.771024][ T9102] Invalid ELF header magic: != ELF
[  492.791859][ T9102] kernel read not supported for file / 
�7���âW)�s���!Q���fs�l{T�r�)r��O���2:"��T+͟v|�ղDvc���֠�6�x�c: (pid: 9102 comm: syz.0.1304)
[  492.806338][   T26] audit: type=1800 audit(1749301527.360:16): pid=9102 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed comm="syz.0.1304" name=20019C1437B3CFFCC3A25729EB7393A7C721518FF6ECA56673F56C7B548772D22972A7D6084F9A98F5323A22F412C0542BCD9F767C8DD5B24476638E93D8D6A0C536D278E3633A dev="mqueue" ino=49709 res=0 errno=0
[  492.837856][    C1] vkms_vblank_simulate: vblank timer overrun
[  493.098212][ T9118] VFS: Can't find a Minix filesystem V1 | V2 | V3 on device nullb0.
[  494.529932][ T9137] overlayfs: failed to resolve './file0': -2
[  495.267985][ T9143] netlink: 'syz.5.1315': attribute type 62 has an invalid length.
[  495.326393][ T9144] VFS: Can't find a Minix filesystem V1 | V2 | V3 on device nullb0.
[  495.775155][ T9150] overlayfs: failed to resolve './file0': -2
[  496.823372][ T9166] IPv6: RTM_NEWROUTE with no NLM_F_CREATE or NLM_F_REPLACE
[  496.830670][ T9166] IPv6: NLM_F_CREATE should be set when creating new route
[  497.172151][ T9175] overlayfs: failed to resolve './file0': -2
[  497.700694][ T9177] sch_tbf: burst 19872 is lower than device lo mtu (65550) !
[  498.013830][ T9174] VFS: Can't find a Minix filesystem V1 | V2 | V3 on device nullb0.
[  498.051156][ T9184] netlink: 44 bytes leftover after parsing attributes in process `syz.3.1329'.
[  500.411091][ T9212] netlink: 'syz.0.1337': attribute type 62 has an invalid length.
[  500.458650][ T9214] IPv6: RTM_NEWROUTE with no NLM_F_CREATE or NLM_F_REPLACE
[  501.075050][ T1420] ieee802154 phy0 wpan0: encryption failed: -22
[  501.077159][ T9220] sch_tbf: burst 19872 is lower than device lo mtu (65550) !
[  501.091392][ T1420] ieee802154 phy1 wpan1: encryption failed: -22
[  503.270338][ T9246] IPv6: RTM_NEWROUTE with no NLM_F_CREATE or NLM_F_REPLACE
[  503.435945][ T9237] binder: 9231:9237 ioctl c0306201 0 returned -14
[  503.447993][ T9237] binder: 9231:9237 ioctl c0306201 200000000c00 returned -14
[  505.827565][ T9270] sch_tbf: burst 19872 is lower than device lo mtu (65550) !
[  506.442048][ T9292] IPv6: RTM_NEWROUTE with no NLM_F_CREATE or NLM_F_REPLACE
[  507.470509][ T9305] kvm: vcpu 0: requested lapic timer restore with starting count register 0x390=3070988179 (3070988179 ns) > initial count (1876204212 ns). Using initial count to start timer.
[  508.568331][ T9317] usb usb8: usbfs: process 9317 (syz.4.1370) did not claim interface 0 before use
[  509.621261][   T13] usb 4-1: new high-speed USB device number 10 using dummy_hcd
[  509.649723][ T9330] binder: 9321:9330 ioctl c0306201 0 returned -14
[  510.446567][ T9330] binder: 9321:9330 ioctl c0306201 200000000c00 returned -14
[  510.486435][ T9336] IPv6: RTM_NEWROUTE with no NLM_F_CREATE or NLM_F_REPLACE
[  510.493669][ T9336] IPv6: NLM_F_CREATE should be set when creating new route
[  510.516375][   T13] usb 4-1: Using ep0 maxpacket: 32
[  510.790669][   T13] usb 4-1: config 0 has an invalid interface number: 1 but max is 0
[  510.800267][   T13] usb 4-1: config 0 has no interface number 0
[  510.852816][   T13] usb 4-1: config 0 interface 1 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7
[  510.868979][   T13] usb 4-1: config 0 interface 1 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0
[  510.879500][   T13] usb 4-1: New USB device found, idVendor=28bd, idProduct=0094, bcdDevice= 0.00
[  510.888850][   T13] usb 4-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  510.903873][   T13] usb 4-1: config 0 descriptor??
[  511.750776][   T13] uclogic 0003:28BD:0094.0002: failed retrieving string descriptor #100: -71
[  511.769696][   T13] uclogic 0003:28BD:0094.0002: failed retrieving pen parameters: -71
[  511.790255][   T13] uclogic 0003:28BD:0094.0002: pen probing failed: -71
[  511.807696][   T13] uclogic 0003:28BD:0094.0002: failed probing parameters: -71
[  511.823503][   T13] uclogic: probe of 0003:28BD:0094.0002 failed with error -71
[  511.849245][   T13] usb 4-1: USB disconnect, device number 10
[  512.382841][ T9363] netlink: 'syz.1.1384': attribute type 62 has an invalid length.
[  513.105928][ T9368] netlink: 12 bytes leftover after parsing attributes in process `syz.4.1386'.
[  513.299741][ T9373] IPv6: RTM_NEWROUTE with no NLM_F_CREATE or NLM_F_REPLACE
[  514.526682][ T9382] binder: 9381:9382 ioctl c0306201 0 returned -14
[  514.536155][ T9382] binder: 9381:9382 ioctl c0306201 200000000c00 returned -14
[  517.185223][ T9409] netlink: 'syz.1.1397': attribute type 62 has an invalid length.
[  517.231378][ T9410] overlayfs: fs on './file0' does not support file handles, falling back to index=off,nfs_export=off.
[  517.242470][ T9410] overlayfs: "xino" feature enabled using 2 upper inode bits.
[  517.804963][ T9414] IPv6: RTM_NEWROUTE with no NLM_F_CREATE or NLM_F_REPLACE
[  518.011863][ T9417] kvm: vcpu 0: requested lapic timer restore with starting count register 0x390=3070988179 (3070988179 ns) > initial count (1876204212 ns). Using initial count to start timer.
[  519.089111][ T9435] binder: 9433:9435 ioctl c0306201 0 returned -14
[  519.098390][ T9435] binder: 9433:9435 ioctl c0306201 200000000c00 returned -14
[  519.140972][ T9432] kvm: vcpu 0: requested lapic timer restore with starting count register 0x390=3070988179 (3070988179 ns) > initial count (1876204212 ns). Using initial count to start timer.
[  521.038559][ T9457] netlink: 'syz.0.1409': attribute type 62 has an invalid length.
[  523.186578][ T9469] overlayfs: fs on './file0' does not support file handles, falling back to index=off,nfs_export=off.
[  523.197856][ T9469] overlayfs: "xino" feature enabled using 2 upper inode bits.
[  525.207816][ T9480] binder: 9479:9480 ioctl c0306201 0 returned -14
[  525.222084][ T9480] binder: 9479:9480 ioctl c0306201 200000000c00 returned -14
[  525.272203][ T9485] kvm: vcpu 0: requested lapic timer restore with starting count register 0x390=3070988179 (3070988179 ns) > initial count (1876204212 ns). Using initial count to start timer.
[  526.562442][ T9501] netlink: 'syz.1.1421': attribute type 62 has an invalid length.
[  527.419895][ T9502] fuseblk: Bad value for 'fd'
[  528.903021][ T9527] kvm: vcpu 0: requested lapic timer restore with starting count register 0x390=3070988179 (3070988179 ns) > initial count (1876204212 ns). Using initial count to start timer.
[  530.137364][ T9540] binder: 9539:9540 ioctl c0306201 0 returned -14
[  530.146236][ T9540] binder: 9539:9540 ioctl c0306201 200000000c00 returned -14
[  530.432981][ T9556] netlink: 'syz.4.1435': attribute type 62 has an invalid length.
[  532.385321][ T9575] overlayfs: fs on './file0' does not support file handles, falling back to index=off,nfs_export=off.
[  532.396475][ T9575] overlayfs: "xino" feature enabled using 2 upper inode bits.
[  533.355126][ T9582] kvm: vcpu 0: requested lapic timer restore with starting count register 0x390=3070988179 (3070988179 ns) > initial count (1876204212 ns). Using initial count to start timer.
[  535.750813][ T9616] overlayfs: fs on './file0' does not support file handles, falling back to index=off,nfs_export=off.
[  535.761903][ T9616] overlayfs: "xino" feature enabled using 2 upper inode bits.
[  536.399852][ T9607] binder: 9606:9607 ioctl c0306201 0 returned -14
[  536.408094][ T9607] binder: 9606:9607 ioctl c0306201 200000000c00 returned -14
[  537.604384][ T9630] kvm: vcpu 0: requested lapic timer restore with starting count register 0x390=3070988179 (3070988179 ns) > initial count (1876204212 ns). Using initial count to start timer.
[  538.004306][ T9641] kvm: vcpu 0: requested lapic timer restore with starting count register 0x390=3070988179 (3070988179 ns) > initial count (1876204212 ns). Using initial count to start timer.
[  539.805017][ T9655] VFS: Can't find a Minix filesystem V1 | V2 | V3 on device nullb0.
[  540.375721][ T9666] overlayfs: fs on './file0' does not support file handles, falling back to index=off,nfs_export=off.
[  540.386888][ T9666] overlayfs: "xino" feature enabled using 2 upper inode bits.
[  540.772747][ T9668] binder: 9667:9668 ioctl c0306201 0 returned -14
[  540.780510][ T9668] binder: 9667:9668 ioctl c0306201 200000000c00 returned -14
[  542.130714][ T9681] kvm: vcpu 0: requested lapic timer restore with starting count register 0x390=3070988179 (3070988179 ns) > initial count (1876204212 ns). Using initial count to start timer.
[  542.812408][ T9691] syz.3.1476 (9691) used greatest stack depth: 20736 bytes left
[  544.458325][ T9714] netlink: 16 bytes leftover after parsing attributes in process `syz.4.1481'.
[  544.715311][    C1] vxcan0: j1939_tp_rxtimer: 0xffff88806232ec00: rx timeout, send abort
[  545.168441][ T9729] overlayfs: fs on './file0' does not support file handles, falling back to index=off,nfs_export=off.
[  545.179538][ T9729] overlayfs: "xino" feature enabled using 2 upper inode bits.
[  545.215858][    C1] vxcan0: j1939_tp_rxtimer: 0xffff88806232c400: rx timeout, send abort
[  545.224679][    C1] vxcan0: j1939_tp_rxtimer: 0xffff88806232ec00: abort rx timeout. Force session deactivation
[  545.724321][    C1] vxcan0: j1939_tp_rxtimer: 0xffff88806232c400: abort rx timeout. Force session deactivation
[  546.181132][ T9732] kvm: vcpu 0: requested lapic timer restore with starting count register 0x390=3070988179 (3070988179 ns) > initial count (1876204212 ns). Using initial count to start timer.
[  547.130976][ T9742] kvm: vcpu 0: requested lapic timer restore with starting count register 0x390=3070988179 (3070988179 ns) > initial count (1876204212 ns). Using initial count to start timer.
[  547.180701][ T9723] binder: 9721:9723 ioctl c0306201 0 returned -14
[  547.188562][ T9723] binder: 9721:9723 ioctl c0306201 200000000c00 returned -14
[  548.742779][ T9770] overlayfs: fs on './file0' does not support file handles, falling back to index=off,nfs_export=off.
[  548.754048][ T9770] overlayfs: "xino" feature enabled using 2 upper inode bits.
[  549.343149][ T9768] netlink: 12 bytes leftover after parsing attributes in process `syz.0.1495'.
[  550.406024][ T9768] device vlan2 entered promiscuous mode
[  551.950491][ T9809] Invalid ELF header magic: != ELF
[  552.245312][ T9809] kernel read not supported for file / 
�7���âW)�s���!Q���fs�l{T�r�)r��O���2:"��T+͟v|�ղDvc���֠�6�x�c: (pid: 9809 comm: syz.0.1508)
[  552.939030][   T26] audit: type=1800 audit(1749301587.490:17): pid=9809 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed comm="syz.0.1508" name=20019C1437B3CFFCC3A25729EB7393A7C721518FF6ECA56673F56C7B548772D22972A7D6084F9A98F5323A22F412C0542BCD9F767C8DD5B24476638E93D8D6A0C536D278E3633A dev="mqueue" ino=49709 res=0 errno=0
[  553.416170][ T9828] overlayfs: fs on './file0' does not support file handles, falling back to index=off,nfs_export=off.
[  553.427504][ T9828] overlayfs: "xino" feature enabled using 2 upper inode bits.
[  553.523545][ T9806] binder: 9804:9806 ioctl c0306201 0 returned -14
[  553.619865][ T9806] binder: 9804:9806 ioctl c0306201 200000000c00 returned -14
[  554.648545][ T9837] VFS: Can't find a Minix filesystem V1 | V2 | V3 on device nullb0.
[  556.984807][ T9854] kvm: vcpu 0: requested lapic timer restore with starting count register 0x390=3070988179 (3070988179 ns) > initial count (1876204212 ns). Using initial count to start timer.
[  557.267792][ T9859] kvm: vcpu 0: requested lapic timer restore with starting count register 0x390=3070988179 (3070988179 ns) > initial count (1876204212 ns). Using initial count to start timer.
[  558.345769][ T9869] netlink: 12 bytes leftover after parsing attributes in process `syz.0.1518'.
[  558.414672][ T9869] device vlan2 entered promiscuous mode
[  558.552461][ T9871] overlayfs: fs on './file0' does not support file handles, falling back to index=off,nfs_export=off.
[  558.563553][ T9871] overlayfs: "xino" feature enabled using 2 upper inode bits.
[  559.505528][ T9878] Invalid ELF header magic: != ELF
[  559.721508][ T9875] kernel read not supported for file / 
�7���âW)�s���!Q���fs�l{T�r�)r��O���2:"��T+͟v|�ղDvc���֠�6�x�c: (pid: 9875 comm: syz.4.1524)
[  560.072720][   T26] audit: type=1800 audit(1749301594.620:18): pid=9875 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed comm="syz.4.1524" name=20019C1437B3CFFCC3A25729EB7393A7C721518FF6ECA56673F56C7B548772D22972A7D6084F9A98F5323A22F412C0542BCD9F767C8DD5B24476638E93D8D6A0C536D278E3633A dev="mqueue" ino=39809 res=0 errno=0
[  560.588474][ T9884] binder: 9880:9884 ioctl c0306201 0 returned -14
[  560.599488][ T9884] binder: 9880:9884 ioctl c0306201 200000000c00 returned -14
[  561.837245][ T9901] kvm: vcpu 0: requested lapic timer restore with starting count register 0x390=3070988179 (3070988179 ns) > initial count (1876204212 ns). Using initial count to start timer.
[  563.175354][ T1420] ieee802154 phy0 wpan0: encryption failed: -22
[  563.181705][ T1420] ieee802154 phy1 wpan1: encryption failed: -22
[  563.233211][ T9920] overlayfs: fs on './file0' does not support file handles, falling back to index=off,nfs_export=off.
[  563.244745][ T9920] overlayfs: "xino" feature enabled using 2 upper inode bits.
[  563.667010][ T9925] tmpfs: Unknown parameter 'grpquota'
[  565.269860][ T9934] Invalid ELF header magic: != ELF
[  565.524105][ T9934] kernel read not supported for file / 
�7���âW)�s���!Q���fs�l{T�r�)r��O���2:"��T+͟v|�ղDvc���֠�6�x�c: (pid: 9934 comm: syz.1.1539)
[  565.681587][   T26] audit: type=1800 audit(1749301600.150:19): pid=9934 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed comm="syz.1.1539" name=20019C1437B3CFFCC3A25729EB7393A7C721518FF6ECA56673F56C7B548772D22972A7D6084F9A98F5323A22F412C0542BCD9F767C8DD5B24476638E93D8D6A0C536D278E3633A dev="mqueue" ino=35800 res=0 errno=0
[  566.172426][ T9946] VFS: Can't find a Minix filesystem V1 | V2 | V3 on device nullb0.
[  567.238972][ T9955] overlayfs: fs on './file0' does not support file handles, falling back to index=off,nfs_export=off.
[  567.250065][ T9955] overlayfs: "xino" feature enabled using 2 upper inode bits.
[  567.601599][   T23] usb 2-1: new high-speed USB device number 5 using dummy_hcd
[  567.920791][   T23] usb 2-1: Using ep0 maxpacket: 8
[  568.339059][ T9971] netlink: 12 bytes leftover after parsing attributes in process `syz.4.1552'.
[  568.780779][   T23] usb 2-1: config 16 interface 0 altsetting 0 endpoint 0x5 has invalid wMaxPacketSize 0
[  568.987686][   T23] usb 2-1: config 16 interface 0 altsetting 0 bulk endpoint 0x5 has invalid maxpacket 0
[  569.024047][   T23] usb 2-1: config 16 interface 0 altsetting 0 bulk endpoint 0x8B has invalid maxpacket 32
[  569.037101][   T23] usb 2-1: config 16 interface 0 altsetting 0 has 2 endpoint descriptors, different from the interface descriptor's value: 3
[  569.755441][   T23] usb 2-1: New USB device found, idVendor=ee8d, idProduct=db1a, bcdDevice=61.23
[  569.764671][   T23] usb 2-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  569.776439][ T4209] Bluetooth: hci5: command 0x0409 tx timeout
[  569.838893][ T9981] Invalid ELF header magic: != ELF
[  570.050722][   T23] usb 2-1: usb_control_msg returned -32
[  570.117190][   T23] usbtmc 2-1:16.0: can't read capabilities
[  570.123940][ T9981] kernel read not supported for file /$ (pid: 9981 comm: syz.5.1554)
[  570.249379][   T26] audit: type=1800 audit(1749301604.800:20): pid=9981 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed comm="syz.5.1554" name="$" dev="mqueue" ino=54245 res=0 errno=0
[  570.347846][ T9962] chnl_net:caif_netlink_parms(): no params data found
[  570.652424][T10000] overlayfs: fs on './file0' does not support file handles, falling back to index=off,nfs_export=off.
[  570.663660][T10000] overlayfs: "xino" feature enabled using 2 upper inode bits.
[  570.795221][ T9987] binder: 9983:9987 ioctl c0306201 0 returned -14
[  570.802952][ T9962] bridge0: port 1(bridge_slave_0) entered blocking state
[  570.829364][ T9962] bridge0: port 1(bridge_slave_0) entered disabled state
[  571.687630][ T9987] binder: 9983:9987 ioctl c0306201 200000000c00 returned -14
[  571.698342][ T9962] device bridge_slave_0 entered promiscuous mode
[  571.753475][ T9962] bridge0: port 2(bridge_slave_1) entered blocking state
[  571.769275][ T4209] usb 2-1: USB disconnect, device number 5
[  571.797707][ T4239] Bluetooth: hci5: command 0x041b tx timeout
[  571.862638][ T9962] bridge0: port 2(bridge_slave_1) entered disabled state
[  571.883384][ T9962] device bridge_slave_1 entered promiscuous mode
[  571.929235][ T9962] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link
[  571.953230][ T9962] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link
[  572.263514][ T9962] team0: Port device team_slave_0 added
[  572.396713][T10009] VFS: Can't find a Minix filesystem V1 | V2 | V3 on device nullb0.
[  572.410192][ T9962] team0: Port device team_slave_1 added
[  572.432775][ T9962] batman_adv: batadv0: Adding interface: batadv_slave_0
[  572.440074][ T9962] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[  572.466075][    C0] vkms_vblank_simulate: vblank timer overrun
[  572.473764][ T9962] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active
[  572.487013][ T9962] batman_adv: batadv0: Adding interface: batadv_slave_1
[  572.494131][ T9962] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[  572.520009][    C0] vkms_vblank_simulate: vblank timer overrun
[  572.530136][ T9962] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active
[  572.709859][ T9962] device hsr_slave_0 entered promiscuous mode
[  572.726812][ T9962] device hsr_slave_1 entered promiscuous mode
[  573.030800][ T9962] debugfs: Directory 'hsr0' with parent 'hsr' already present!
[  573.038476][ T9962] Cannot create hsr debugfs directory
[  573.311120][T10020] netlink: 12 bytes leftover after parsing attributes in process `syz.0.1564'.
[  574.105823][ T4209] Bluetooth: hci5: command 0x040f tx timeout
[  575.159128][T10033] Invalid ELF header magic: != ELF
[  575.518078][T10030] kernel read not supported for file / 
�7���âW)�s���!Q���fs�l{T�r�)r��O���2:"��T+͟v|�ղDvc���֠�6�x�c: (pid: 10030 comm: syz.1.1567)
[  575.611170][T10042] fuseblk: Bad value for 'fd'
[  576.349364][   T26] audit: type=1800 audit(1749301610.900:21): pid=10030 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed comm="syz.1.1567" name=20019C1437B3CFFCC3A25729EB7393A7C721518FF6ECA56673F56C7B548772D22972A7D6084F9A98F5323A22F412C0542BCD9F767C8DD5B24476638E93D8D6A0C536D278E3633A dev="mqueue" ino=35800 res=0 errno=0
[  576.389769][ T4209] Bluetooth: hci5: command 0x0419 tx timeout
[  577.427435][ T9962] netdevsim netdevsim6 netdevsim0: renamed from eth0
[  577.446886][ T9962] netdevsim netdevsim6 netdevsim1: renamed from eth1
[  577.462344][ T9962] netdevsim netdevsim6 netdevsim2: renamed from eth2
[  577.607484][ T9962] netdevsim netdevsim6 netdevsim3: renamed from eth3
[  577.812719][T10067] gfs2: not a GFS2 filesystem
[  578.698971][T10077] netlink: 12 bytes leftover after parsing attributes in process `syz.5.1578'.
[  579.530763][ T9962] 8021q: adding VLAN 0 to HW filter on device bond0
[  579.546491][  T144] IPv6: ADDRCONF(NETDEV_CHANGE): veth1: link becomes ready
[  579.585080][  T144] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready
[  579.785305][ T9962] 8021q: adding VLAN 0 to HW filter on device team0
[  579.824799][  T144] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bridge: link becomes ready
[  579.921329][T10089] fuseblk: Bad value for 'fd'
[  580.578646][  T144] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready
[  580.587570][  T144] bridge0: port 1(bridge_slave_0) entered blocking state
[  580.594668][  T144] bridge0: port 1(bridge_slave_0) entered forwarding state
[  580.818560][  T144] IPv6: ADDRCONF(NETDEV_CHANGE): bridge0: link becomes ready
[  581.755679][ T4284] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bridge: link becomes ready
[  581.810285][ T4284] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready
[  581.990359][ T4284] bridge0: port 2(bridge_slave_1) entered blocking state
[  581.997494][ T4284] bridge0: port 2(bridge_slave_1) entered forwarding state
[  582.508366][ T4284] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bond: link becomes ready
[  582.517935][ T4284] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bond: link becomes ready
[  582.527265][ T4284] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_team: link becomes ready
[  582.538811][ T4284] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_0: link becomes ready
[  582.550097][ T4284] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_team: link becomes ready
[  582.559181][ T4284] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_1: link becomes ready
[  582.574540][ T9962] hsr0: Slave A (hsr_slave_0) is not up; please bring it up to get a fully working HSR network
[  582.585499][ T9962] hsr0: Slave B (hsr_slave_1) is not up; please bring it up to get a fully working HSR network
[  582.837048][T10113] Invalid ELF header magic: != ELF
[  582.858047][ T4284] IPv6: ADDRCONF(NETDEV_CHANGE): team0: link becomes ready
[  582.867650][ T4284] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_hsr: link becomes ready
[  582.884694][ T4284] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_0: link becomes ready
[  582.947799][T10116] gfs2: not a GFS2 filesystem
[  583.332931][ T4284] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_hsr: link becomes ready
[  583.341867][ T4284] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_1: link becomes ready
[  583.350282][ T4284] IPv6: ADDRCONF(NETDEV_CHANGE): hsr0: link becomes ready
[  583.355813][T10113] kernel read not supported for file / 
�7���âW)�s���!Q���fs�l{T�r�)r��O���2:"��T+͟v|�ղDvc���֠�6�x�c: (pid: 10113 comm: syz.1.1587)
[  583.510910][   T26] audit: type=1800 audit(1749301618.070:22): pid=10113 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed comm="syz.1.1587" name=20019C1437B3CFFCC3A25729EB7393A7C721518FF6ECA56673F56C7B548772D22972A7D6084F9A98F5323A22F412C0542BCD9F767C8DD5B24476638E93D8D6A0C536D278E3633A dev="mqueue" ino=35800 res=0 errno=0
[  583.542534][    C0] vkms_vblank_simulate: vblank timer overrun
[  585.120645][ T4242] usb 6-1: new high-speed USB device number 4 using dummy_hcd
[  585.774246][ T6932] IPv6: ADDRCONF(NETDEV_CHANGE): vxcan1: link becomes ready
[  585.786109][ T6932] IPv6: ADDRCONF(NETDEV_CHANGE): vxcan0: link becomes ready
[  585.799208][ T9962] 8021q: adding VLAN 0 to HW filter on device batadv0
[  585.983245][ T4242] usb 6-1: Using ep0 maxpacket: 8
[  586.736418][ T4242] usb 6-1: config 179 has an invalid interface number: 65 but max is 0
[  586.744771][ T4242] usb 6-1: config 179 has an invalid descriptor of length 0, skipping remainder of the config
[  586.755399][ T4242] usb 6-1: config 179 has no interface number 0
[  586.761945][ T4242] usb 6-1: config 179 interface 65 altsetting 0 endpoint 0xF has an invalid bInterval 0, changing to 7
[  586.773210][ T4242] usb 6-1: config 179 interface 65 altsetting 0 endpoint 0xF has invalid maxpacket 1025, setting to 1024
[  586.784622][ T4242] usb 6-1: config 179 interface 65 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 23
[  586.803268][ T4242] usb 6-1: New USB device found, idVendor=12ab, idProduct=90a3, bcdDevice=1e.eb
[  586.863853][ T4242] usb 6-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  586.936379][ T4242] usb 6-1: can't set config #179, error -71
[  587.080044][ T4242] usb 6-1: USB disconnect, device number 4
[  587.330259][T10166] netlink: 'syz.5.1599': attribute type 62 has an invalid length.
[  587.853540][ T6932] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_virt_wifi: link becomes ready
[  587.874057][ T6932] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_virt_wifi: link becomes ready
[  587.909471][ T4300] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_vlan: link becomes ready
[  587.936076][ T4300] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_vlan: link becomes ready
[  588.497975][ T4300] IPv6: ADDRCONF(NETDEV_CHANGE): vlan0: link becomes ready
[  588.557151][ T4300] IPv6: ADDRCONF(NETDEV_CHANGE): vlan1: link becomes ready
[  588.606575][ T9962] device veth0_vlan entered promiscuous mode
[  588.635985][ T9962] device veth1_vlan entered promiscuous mode
[  588.786436][ T4282] IPv6: ADDRCONF(NETDEV_CHANGE): macvlan0: link becomes ready
[  588.795940][ T4282] IPv6: ADDRCONF(NETDEV_CHANGE): macvlan1: link becomes ready
[  588.821254][ T4282] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_macvtap: link becomes ready
[  588.976855][ T4282] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_macvtap: link becomes ready
[  589.731589][ T9962] device veth0_macvtap entered promiscuous mode
[  589.791428][ T9962] device veth1_macvtap entered promiscuous mode
[  589.971025][ T9962] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0
[  590.720742][ T9962] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  590.740579][ T9962] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0
[  590.920972][ T9962] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  590.937562][ T9962] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0
[  590.948021][ T9962] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  590.957844][ T9962] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0
[  590.968916][ T9962] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  591.409868][ T9962] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0
[  591.429680][ T9962] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  591.543000][T10219] netlink: 12 bytes leftover after parsing attributes in process `syz.5.1614'.
[  591.895265][ T9962] batman_adv: batadv0: Interface activated: batadv_slave_0
[  592.017451][ T4274] IPv6: ADDRCONF(NETDEV_CHANGE): batadv_slave_0: link becomes ready
[  592.103841][ T4274] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_batadv: link becomes ready
[  592.249713][ T9962] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1
[  592.312128][ T9962] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  592.322788][ T9962] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1
[  592.333324][ T9962] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  592.343292][ T9962] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1
[  592.353845][ T9962] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  592.363758][ T9962] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1
[  592.377886][ T9962] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  592.387832][ T9962] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1
[  592.493845][ T9962] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  592.511431][ T9962] batman_adv: batadv0: Interface activated: batadv_slave_1
[  592.523305][ T9962] netdevsim netdevsim6 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0
[  592.533327][ T9962] netdevsim netdevsim6 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0
[  592.544390][ T9962] netdevsim netdevsim6 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0
[  592.619252][T10227] netlink: 'syz.0.1615': attribute type 62 has an invalid length.
[  592.652229][ T9962] netdevsim netdevsim6 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0
[  592.675003][    T9] IPv6: ADDRCONF(NETDEV_CHANGE): batadv_slave_1: link becomes ready
[  593.292756][    T9] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_batadv: link becomes ready
[  594.924122][T10249] gfs2: not a GFS2 filesystem
[  595.624788][ T4281] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[  595.643338][ T4281] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50
[  595.779628][ T1477] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[  595.803431][ T1477] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50
[  595.814068][ T4282] IPv6: ADDRCONF(NETDEV_CHANGE): wlan0: link becomes ready
[  595.935613][T10257] netlink: 12 bytes leftover after parsing attributes in process `syz.4.1626'.
[  596.173225][ T1477] IPv6: ADDRCONF(NETDEV_CHANGE): wlan1: link becomes ready
[  599.390015][T10287] vhci_hcd vhci_hcd.0: pdev(6) rhport(0) sockfd(3)
[  599.396975][T10287] vhci_hcd vhci_hcd.0: devid(0) speed(3) speed_str(high-speed)
[  599.447079][T10288] overlayfs: fs on './file0' does not support file handles, falling back to index=off,nfs_export=off.
[  599.460675][T10287] vhci_hcd vhci_hcd.0: Device attached
[  599.596288][T10289] vhci_hcd: connection closed
[  599.600346][ T4281] vhci_hcd: stop threads
[  599.677450][ T4281] vhci_hcd: release socket
[  599.686967][T10288] overlayfs: "xino" feature enabled using 2 upper inode bits.
[  599.706140][ T4281] vhci_hcd: disconnect device
[  599.989980][T10301] sch_tbf: burst 19872 is lower than device lo mtu (65550) !
[  600.038573][ T4248] usb 1-1: new high-speed USB device number 8 using dummy_hcd
[  600.543657][T10304] Invalid ELF header magic: != ELF
[  600.791128][ T4248] usb 1-1: config 0 has no interfaces?
[  600.951361][ T4248] usb 1-1: New USB device found, idVendor=0525, idProduct=a4a1, bcdDevice= 0.40
[  600.983541][ T4248] usb 1-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  601.054662][ T4248] usb 1-1: Product: syz
[  601.090887][ T4248] usb 1-1: Manufacturer: syz
[  601.136759][ T4248] usb 1-1: SerialNumber: syz
[  601.233537][ T4248] usb 1-1: config 0 descriptor??
[  601.571082][T10243] usb 1-1: USB disconnect, device number 8
[  601.700206][T10316] fuse: Unknown parameter 'group_id00000000000000000000'
[  603.852847][T10339] Invalid ELF header magic: != ELF
[  604.869897][T10352] fuse: Unknown parameter 'group_id00000000000000000000'
[  604.969295][T10354] netlink: 12 bytes leftover after parsing attributes in process `syz.0.1644'.
[  605.146839][T10359] overlayfs: fs on './file0' does not support file handles, falling back to index=off,nfs_export=off.
[  605.158257][T10359] overlayfs: "xino" feature enabled using 2 upper inode bits.
[  605.441773][T10354] device vlan2 entered promiscuous mode
[  608.488363][T10393] fuse: Bad value for 'user_id'
[  608.917185][T10399] vhci_hcd: Failed attach request for unsupported USB speed: UNKNOWN
[  608.952153][T10399] sg_write: data in/out 209152/1 bytes for SCSI command 0xf2-- guessing data in;
[  608.952153][T10399]    program syz.4.1665 not setting count and/or reply_len properly
[  614.562382][T10436] fuse: Bad value for 'user_id'
[  616.198689][T10452] netlink: 48 bytes leftover after parsing attributes in process `syz.4.1679'.
[  619.305557][T10440] netlink: 12 bytes leftover after parsing attributes in process `syz.6.1677'.
[  619.430448][T10440] device vlan2 entered promiscuous mode
[  619.436360][T10440] device veth0_virt_wifi entered promiscuous mode
[  620.475462][T10484] fuse: Bad value for 'user_id'
[  621.868786][T10495] netlink: 48 bytes leftover after parsing attributes in process `syz.4.1691'.
[  623.953222][ T1420] ieee802154 phy0 wpan0: encryption failed: -22
[  623.959921][ T1420] ieee802154 phy1 wpan1: encryption failed: -22
[  626.898940][T10539] fuse: Bad value for 'fd'
[  628.401889][T10243] usb 7-1: new high-speed USB device number 2 using dummy_hcd
[  628.521372][T10559] gfs2: not a GFS2 filesystem
[  629.460583][T10243] usb 7-1: Using ep0 maxpacket: 16
[  629.931260][T10572] ax25_connect(): syz.1.1716 uses autobind, please contact jreuter@yaina.de
[  629.951410][T10572] bond0: (slave rose0): Error: Device is in use and cannot be enslaved
[  630.120851][T10243] usb 7-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config
[  630.131759][T10582] fuse: Bad value for 'fd'
[  630.159860][T10243] usb 7-1: config 0 has no interfaces?
[  631.152018][T10243] usb 7-1: New USB device found, idVendor=14f7, idProduct=0500, bcdDevice=44.85
[  632.104983][T10243] usb 7-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  632.113321][T10243] usb 7-1: Product: syz
[  632.117572][T10243] usb 7-1: Manufacturer: syz
[  632.122555][T10243] usb 7-1: SerialNumber: syz
[  632.129069][T10243] usb 7-1: config 0 descriptor??
[  632.160647][T10243] usb 7-1: can't set config #0, error -71
[  632.167808][T10243] usb 7-1: USB disconnect, device number 2
[  633.812366][T10611] binder: 10607:10611 ioctl c0306201 0 returned -14
[  633.862395][T10611] binder: 10607:10611 ioctl c0306201 200000000c00 returned -14
[  633.999821][T10629] fuse: Bad value for 'fd'
[  634.922853][T10638] sctp: [Deprecated]: syz.5.1732 (pid 10638) Use of struct sctp_assoc_value in delayed_ack socket option.
[  634.922853][T10638] Use struct sctp_sack_info instead
[  636.968840][T10649] IPv6: RTM_NEWROUTE with no NLM_F_CREATE or NLM_F_REPLACE
[  638.988086][T10666] fuse: Bad value for 'fd'
[  642.421375][T10703] fuse: Bad value for 'fd'
[  642.943827][T10692] binder: 10686:10692 ioctl c0306201 0 returned -14
[  642.987576][T10687] binder: 10686:10687 ioctl c0306201 200000000c00 returned -14
[  643.100601][   T23] usb 7-1: new high-speed USB device number 3 using dummy_hcd
[  643.147758][T10718] VFS: Can't find a Minix filesystem V1 | V2 | V3 on device nullb0.
[  644.128337][T10723] netlink: 4 bytes leftover after parsing attributes in process `syz.4.1758'.
[  644.160706][   T23] usb 7-1: Using ep0 maxpacket: 8
[  645.386178][   T23] usb 7-1: New USB device found, idVendor=0ccd, idProduct=00b3, bcdDevice=2d.ea
[  645.396663][   T23] usb 7-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  645.405417][   T23] usb 7-1: Product: syz
[  645.409711][   T23] usb 7-1: Manufacturer: syz
[  645.414684][   T23] usb 7-1: SerialNumber: syz
[  645.434027][   T23] usb 7-1: config 0 descriptor??
[  645.510805][   T23] usb 7-1: can't set config #0, error -71
[  645.517612][   T23] usb 7-1: USB disconnect, device number 3
[  645.798311][T10751] fuse: Bad value for 'fd'
[  645.810758][   T13] usb 5-1: new low-speed USB device number 15 using dummy_hcd
[  646.410744][   T13] usb 5-1: config 0 has an invalid interface number: 55 but max is 0
[  646.428266][   T13] usb 5-1: config 0 has no interface number 0
[  646.450701][   T13] usb 5-1: config 0 interface 55 altsetting 0 has an invalid endpoint with address 0x80, skipping
[  646.470649][   T13] usb 5-1: config 0 interface 55 altsetting 0 endpoint 0xE has invalid maxpacket 32, setting to 8
[  646.490578][   T13] usb 5-1: config 0 interface 55 altsetting 0 has an invalid endpoint with address 0xAB, skipping
[  646.520560][   T13] usb 5-1: config 0 interface 55 altsetting 0 has 3 endpoint descriptors, different from the interface descriptor's value: 2
[  646.556535][   T13] usb 5-1: New USB device found, idVendor=0f11, idProduct=1080, bcdDevice=fc.6a
[  646.586539][   T13] usb 5-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  646.624559][   T13] usb 5-1: config 0 descriptor??
[  646.640915][T10745] raw-gadget.0 gadget: fail, usb_ep_enable returned -22
[  646.647958][T10745] raw-gadget.0 gadget: fail, usb_ep_enable returned -22
[  646.696725][   T13] ldusb 5-1:0.55: Interrupt in endpoint not found
[  646.916706][   T13] usb 5-1: USB disconnect, device number 15
[  647.000791][T10765] netlink: 12 bytes leftover after parsing attributes in process `syz.5.1768'.
[  647.030049][T10765] device vlan2 entered promiscuous mode
[  647.119859][T10767] overlayfs: fs on './file0' does not support file handles, falling back to index=off,nfs_export=off.
[  647.144882][T10767] overlayfs: "xino" feature enabled using 2 upper inode bits.
[  649.286444][T10790] fuse: Invalid rootmode
[  650.011713][T10800] block nbd0: NBD_DISCONNECT
[  650.971212][   T13] usb 1-1: new high-speed USB device number 9 using dummy_hcd
[  651.551045][   T13] usb 1-1: config 0 interface 0 has no altsetting 0
[  651.769192][   T13] usb 1-1: New USB device found, idVendor=046d, idProduct=0a0e, bcdDevice=94.75
[  651.779479][   T13] usb 1-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  651.828775][   T13] usb 1-1: config 0 descriptor??
[  652.991791][T10832] fuse: Invalid rootmode
[  653.301371][   T13] video4linux radio48: keene_cmd_main failed (-110)
[  653.314245][   T13] radio-keene 1-1:0.0: V4L2 device registered as radio48
[  655.027269][T10847] overlayfs: fs on './file0' does not support file handles, falling back to index=off,nfs_export=off.
[  655.038511][T10847] overlayfs: "xino" feature enabled using 2 upper inode bits.
[  656.884820][   T23] usb 1-1: USB disconnect, device number 9
[  656.924926][T10864] netlink: 'syz.6.1799': attribute type 12 has an invalid length.
[  657.087516][T10869] netlink: 12 bytes leftover after parsing attributes in process `syz.1.1793'.
[  657.385264][T10869] device vlan2 entered promiscuous mode
[  658.127214][T10879] netlink: 44 bytes leftover after parsing attributes in process `syz.5.1803'.
[  659.574134][T10902] VFS: Can't find a Minix filesystem V1 | V2 | V3 on device nullb0.
[  660.032912][T10911] netlink: 12 bytes leftover after parsing attributes in process `syz.5.1813'.
[  661.128713][T10916] gfs2: not a GFS2 filesystem
[  662.411009][ T4248] usb 5-1: new high-speed USB device number 16 using dummy_hcd
[  662.654885][ T4248] usb 5-1: Using ep0 maxpacket: 8
[  662.664183][T10941] netlink: 1624 bytes leftover after parsing attributes in process `syz.6.1823'.
[  662.771236][ T4248] usb 5-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config
[  662.786076][ T4248] usb 5-1: New USB device found, idVendor=046d, idProduct=0892, bcdDevice=6d.2a
[  662.804698][ T4248] usb 5-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  662.838464][ T4248] usb 5-1: config 0 descriptor??
[  662.882616][ T4248] gspca_main: vc032x-2.14.0 probing 046d:0892
[  663.140551][   T23] usb 6-1: new high-speed USB device number 5 using dummy_hcd
[  663.411077][   T23] usb 6-1: Using ep0 maxpacket: 32
[  663.530931][   T23] usb 6-1: config 0 has an invalid interface number: 184 but max is 0
[  663.577024][   T23] usb 6-1: config 0 has no interface number 0
[  663.667246][   T23] usb 6-1: config 0 interface 184 has no altsetting 0
[  663.950894][   T23] usb 6-1: New USB device found, idVendor=0424, idProduct=7500, bcdDevice=69.ee
[  663.963237][   T23] usb 6-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  663.980736][   T23] usb 6-1: Product: syz
[  663.989342][   T23] usb 6-1: Manufacturer: syz
[  663.999966][   T23] usb 6-1: SerialNumber: syz
[  664.020259][   T23] usb 6-1: config 0 descriptor??
[  664.111727][   T23] smsc75xx v1.0.0
[  664.115478][   T23] smsc75xx 6-1:0.184 (unnamed net_device) (uninitialized): usbnet_get_endpoints failed: -22
[  664.151307][   T23] smsc75xx: probe of 6-1:0.184 failed with error -22
[  664.463811][ T4210] usb 6-1: USB disconnect, device number 5
[  664.580681][ T4248] gspca_vc032x: reg_w err -71
[  664.585550][ T4248] vc032x: probe of 5-1:0.0 failed with error -71
[  664.612055][ T4248] usb 5-1: USB disconnect, device number 16
[  664.679096][T10961] netlink: 12 bytes leftover after parsing attributes in process `syz.6.1827'.
[  664.771367][T10961] device vlan2 entered promiscuous mode
[  666.954401][T10996] gfs2: not a GFS2 filesystem
[  667.085421][T11002] netlink: 12 bytes leftover after parsing attributes in process `syz.6.1842'.
[  669.137012][T11013] netlink: 1624 bytes leftover after parsing attributes in process `syz.6.1846'.
[  669.274282][T11018] fuse: Bad value for 'rootmode'
[  669.365691][T11019] netlink: 'syz.5.1847': attribute type 62 has an invalid length.
[  671.273428][T11035] netlink: 12 bytes leftover after parsing attributes in process `syz.4.1854'.
[  672.911875][T11042] binfmt_misc: register: failed to install interpreter file ./file0
[  673.982566][T11065] netlink: 16 bytes leftover after parsing attributes in process `syz.1.1862'.
[  674.242230][ T4210] usb 5-1: new high-speed USB device number 17 using dummy_hcd
[  674.850643][ T4210] usb 5-1: Using ep0 maxpacket: 16
[  675.032991][ T4210] usb 5-1: config 0 interface 0 altsetting 2 endpoint 0x81 has an invalid bInterval 0, changing to 7
[  675.064368][ T4210] usb 5-1: config 0 interface 0 altsetting 2 endpoint 0x81 has invalid wMaxPacketSize 0
[  675.113333][ T4210] usb 5-1: config 0 interface 0 has no altsetting 0
[  675.137697][ T4210] usb 5-1: New USB device found, idVendor=056a, idProduct=0331, bcdDevice= 0.00
[  675.254692][ T4210] usb 5-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  675.642469][ T4210] usb 5-1: config 0 descriptor??
[  676.213296][T11084] IPv6: RTM_NEWROUTE with no NLM_F_CREATE or NLM_F_REPLACE
[  676.640719][ T4239] usb 6-1: new full-speed USB device number 6 using dummy_hcd
[  676.903376][ T3506] usb 5-1: USB disconnect, device number 17
[  677.919576][ T4239] usb 6-1: config 0 has no interfaces?
[  678.892028][T11117] netlink: 'syz.0.1879': attribute type 62 has an invalid length.
[  679.173795][ T4239] usb 6-1: New USB device found, idVendor=0424, idProduct=012c, bcdDevice=22.7e
[  679.193158][ T4239] usb 6-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  679.218633][ T4239] usb 6-1: Product: syz
[  679.260635][T11121] IPv6: RTM_NEWROUTE with no NLM_F_CREATE or NLM_F_REPLACE
[  679.347228][ T4239] usb 6-1: Manufacturer: syz
[  679.369205][ T4239] usb 6-1: SerialNumber: syz
[  679.402868][ T4239] usb 6-1: config 0 descriptor??
[  679.430815][ T4239] usb 6-1: can't set config #0, error -71
[  679.449068][ T4239] usb 6-1: USB disconnect, device number 6
[  679.813738][T11142] gfs2: not a GFS2 filesystem
[  680.952234][T11156] IPv6: RTM_NEWROUTE with no NLM_F_CREATE or NLM_F_REPLACE
[  681.220611][ T4239] usb 7-1: new high-speed USB device number 4 using dummy_hcd
[  681.370340][T11170] netlink: 'syz.1.1895': attribute type 62 has an invalid length.
[  681.450670][   T23] usb 6-1: new high-speed USB device number 7 using dummy_hcd
[  681.530678][ T4239] usb 7-1: Using ep0 maxpacket: 16
[  681.821197][ T4239] usb 7-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config
[  681.909420][ T4239] usb 7-1: config 0 has no interfaces?
[  682.154560][   T23] usb 6-1: Using ep0 maxpacket: 16
[  682.241424][ T4239] usb 7-1: New USB device found, idVendor=05d1, idProduct=2001, bcdDevice= 6.00
[  682.261521][ T4239] usb 7-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  682.269607][ T4239] usb 7-1: Product: syz
[  682.279787][ T4239] usb 7-1: Manufacturer: syz
[  682.286119][ T4239] usb 7-1: SerialNumber: syz
[  682.349312][ T4239] usb 7-1: config 0 descriptor??
[  682.380968][   T23] usb 6-1: unable to get BOS descriptor or descriptor too short
[  682.520902][   T23] usb 6-1: config 1 has 2 interfaces, different from the descriptor's value: 3
[  682.551286][   T23] usb 6-1: config 1 has no interface number 1
[  682.568226][   T23] usb 6-1: config 1 interface 0 altsetting 0 has an invalid endpoint with address 0x15, skipping
[  682.580154][   T23] usb 6-1: config 1 interface 0 altsetting 0 has 2 endpoint descriptors, different from the interface descriptor's value: 0
[  682.751097][   T23] usb 6-1: New USB device found, idVendor=1d6b, idProduct=0101, bcdDevice= 0.40
[  682.777476][   T23] usb 6-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  682.787482][   T23] usb 6-1: Product: syz
[  682.791731][   T23] usb 6-1: Manufacturer: syz
[  682.829552][   T23] usb 6-1: SerialNumber: syz
[  682.906647][T11179] binder: 11178:11179 ioctl 4018620d 0 returned -22
[  682.950873][T11161] raw-gadget.1 gadget: fail, usb_ep_enable returned -22
[  683.350993][   T23] usb 6-1: 2:1: invalid format type 0x1001 is detected, processed as PCM
[  683.420682][   T23] usb 6-1: failed to enable PITCH for EP 0x82
[  683.430479][T11193] gfs2: not a GFS2 filesystem
[  684.320914][   T13] usb 7-1: USB disconnect, device number 4
[  684.332366][   T23] usb 6-1: USB disconnect, device number 7
[  684.413411][T11197] IPv6: RTM_NEWROUTE with no NLM_F_CREATE or NLM_F_REPLACE
[  684.760955][T11213] netlink: 24 bytes leftover after parsing attributes in process `syz.4.1908'.
[  685.152412][T11215] netlink: 'syz.6.1907': attribute type 62 has an invalid length.
[  685.393946][ T1420] ieee802154 phy0 wpan0: encryption failed: -22
[  685.400339][ T1420] ieee802154 phy1 wpan1: encryption failed: -22
[  685.431919][T11211] netlink: 4 bytes leftover after parsing attributes in process `syz.5.1910'.
[  685.650062][ T4160] udevd[4160]: error opening ATTR{/sys/devices/platform/dummy_hcd.5/usb6/6-1/6-1:1.0/sound/card3/controlC3/../uevent} for writing: No such file or directory
[  685.775042][T11219] fuse: Unknown parameter 'use00000000000000000000'
[  687.502363][T11243] IPv6: RTM_NEWROUTE with no NLM_F_CREATE or NLM_F_REPLACE
[  687.639522][T11249] netlink: 12 bytes leftover after parsing attributes in process `syz.5.1920'.
[  690.679744][T11267] fuse: Unknown parameter 'user_i00000000000000000000'
[  692.989219][   T13] Bluetooth: hci5: command 0x0406 tx timeout
[  693.024682][T11294] IPv6: RTM_NEWROUTE with no NLM_F_CREATE or NLM_F_REPLACE
[  693.026053][T11291] netlink: 2384 bytes leftover after parsing attributes in process `syz.4.1932'.
[  694.961014][T11313] gfs2: not a GFS2 filesystem
[  695.067998][T11318] fuse: Unknown parameter 'user_i00000000000000000000'
[  695.330621][   T23] usb 5-1: new full-speed USB device number 18 using dummy_hcd
[  695.746731][T11320] netlink: 48 bytes leftover after parsing attributes in process `syz.1.1941'.
[  695.971647][T11335] IPv6: RTM_NEWROUTE with no NLM_F_CREATE or NLM_F_REPLACE
[  696.010767][   T23] usb 5-1: config 1 has an invalid descriptor of length 0, skipping remainder of the config
[  696.041510][   T23] usb 5-1: config 1 has 1 interface, different from the descriptor's value: 3
[  696.171502][T11340] netlink: 12 bytes leftover after parsing attributes in process `syz.5.1945'.
[  696.944244][T11338] xt_socket: unknown flags 0x8
[  697.000947][   T23] usb 5-1: New USB device found, idVendor=1d6b, idProduct=0101, bcdDevice= 0.00
[  697.030388][   T23] usb 5-1: New USB device strings: Mfr=0, Product=0, SerialNumber=3
[  697.038737][   T23] usb 5-1: SerialNumber: syz
[  697.973907][   T23] usb 5-1: 0:2 : does not exist
[  698.065307][T11359] fuse: Unknown parameter 'user_i00000000000000000000'
[  698.093046][   T23] usb 5-1: USB disconnect, device number 18
[  698.466353][T11367] sp0: Synchronizing with TNC
[  698.992173][ T4301] udevd[4301]: error opening ATTR{/sys/devices/platform/dummy_hcd.4/usb5/5-1/5-1:1.0/sound/card3/controlC3/../uevent} for writing: No such file or directory
[  699.108586][ T4248] Bluetooth: hci2: Controller not accepting commands anymore: ncmd = 0
[  699.117504][ T4248] Bluetooth: hci2: Injecting HCI hardware error event
[  699.127156][ T4169] Bluetooth: hci2: hardware error 0x00
[  699.255159][T11370] IPv6: RTM_NEWROUTE with no NLM_F_CREATE or NLM_F_REPLACE
[  699.278469][T11361] netlink: 48 bytes leftover after parsing attributes in process `syz.5.1954'.
[  701.486303][T11403] netlink: 'syz.5.1966': attribute type 62 has an invalid length.
[  701.510600][ T4239] usb 1-1: new high-speed USB device number 10 using dummy_hcd
[  701.890581][ T4239] usb 1-1: Using ep0 maxpacket: 32
[  701.932183][T11412] netlink: 'syz.6.1968': attribute type 10 has an invalid length.
[  702.090171][ T4239] usb 1-1: config 0 has an invalid interface number: 184 but max is 0
[  702.159246][ T4239] usb 1-1: config 0 has no interface number 0
[  702.165816][ T4239] usb 1-1: config 0 interface 184 has no altsetting 0
[  702.349576][T11412] bond0: (slave wlan1): Enslaving as an active interface with an up link
[  702.371053][T11417] netlink: 48 bytes leftover after parsing attributes in process `syz.1.1972'.
[  702.380660][ T4239] usb 1-1: New USB device found, idVendor=0424, idProduct=7500, bcdDevice=69.ee
[  702.389805][ T4239] usb 1-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  702.428742][ T4239] usb 1-1: Product: syz
[  702.443422][ T4239] usb 1-1: Manufacturer: syz
[  702.453089][ T4239] usb 1-1: SerialNumber: syz
[  702.460474][ T4239] usb 1-1: config 0 descriptor??
[  702.511546][ T4239] smsc75xx v1.0.0
[  702.515708][ T4239] smsc75xx 1-1:0.184 (unnamed net_device) (uninitialized): usbnet_get_endpoints failed: -22
[  702.538804][ T4239] smsc75xx: probe of 1-1:0.184 failed with error -22
[  703.251079][   T13] usb 1-1: USB disconnect, device number 10
[  703.767224][T11440] fuse: Unknown parameter 'user_id00000000000000000000'
[  704.060771][ T4210] usb 5-1: new high-speed USB device number 19 using dummy_hcd
[  704.406864][T11445] binder: 11441:11445 ioctl c0306201 0 returned -14
[  704.560579][ T4210] usb 5-1: Using ep0 maxpacket: 32
[  704.681147][ T4210] usb 5-1: config 0 has an invalid interface number: 133 but max is 0
[  704.820568][ T4210] usb 5-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config
[  706.034895][ T4210] usb 5-1: config 0 has no interface number 0
[  706.041603][ T4210] usb 5-1: config 0 interface 133 altsetting 0 bulk endpoint 0xB has invalid maxpacket 1024
[  706.052692][ T4210] usb 5-1: config 0 interface 133 altsetting 0 bulk endpoint 0xF has invalid maxpacket 16
[  706.063139][ T4210] usb 5-1: config 0 interface 133 altsetting 0 has 2 endpoint descriptors, different from the interface descriptor's value: 3
[  706.426068][T11468] IPv6: RTM_NEWROUTE with no NLM_F_CREATE or NLM_F_REPLACE
[  706.433341][T11468] IPv6: NLM_F_CREATE should be set when creating new route
[  706.601132][T11455] netlink: 48 bytes leftover after parsing attributes in process `syz.0.1984'.
[  706.700929][ T4210] usb 5-1: New USB device found, idVendor=0424, idProduct=012c, bcdDevice=71.1e
[  706.719831][ T4210] usb 5-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  706.858719][T11473] netlink: 12 bytes leftover after parsing attributes in process `syz.4.1988'.
[  706.886223][ T4210] usb 5-1: Product: syz
[  706.915121][ T4210] usb 5-1: config 0 descriptor??
[  706.961014][ T4210] usb 5-1: can't set config #0, error -71
[  706.986927][ T4210] usb 5-1: USB disconnect, device number 19
[  707.248143][T11483] binder: 11481:11483 ioctl c0306201 0 returned -14
[  707.257502][T11483] binder: 11481:11483 ioctl c0306201 200000000c00 returned -14
[  707.560581][ T4210] usb 5-1: new high-speed USB device number 20 using dummy_hcd
[  708.620551][ T4210] usb 5-1: Using ep0 maxpacket: 32
[  708.741081][ T4210] usb 5-1: config 0 has an invalid interface number: 184 but max is 0
[  708.762279][T11502] IPv6: RTM_NEWROUTE with no NLM_F_CREATE or NLM_F_REPLACE
[  708.859303][T11504] overlayfs: fs on './file0' does not support file handles, falling back to index=off,nfs_export=off.
[  708.870908][T11504] overlayfs: "xino" feature enabled using 2 upper inode bits.
[  709.421285][ T4210] usb 5-1: config 0 has no interface number 0
[  709.427421][ T4210] usb 5-1: config 0 interface 184 has no altsetting 0
[  710.516293][T11510] Invalid ELF header magic: != ELF
[  710.580698][ T4210] usb 5-1: string descriptor 0 read error: -71
[  710.587141][ T4210] usb 5-1: New USB device found, idVendor=0424, idProduct=7500, bcdDevice=69.ee
[  710.607428][ T4210] usb 5-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  710.617707][ T4210] usb 5-1: config 0 descriptor??
[  710.637044][T11508] kernel read not supported for file / 
�7���âW)�s���!Q���fs�l{T�r�)r��O���2:"��T+͟v|�ղDvc���֠�6�x�c: (pid: 11508 comm: syz.0.2000)
[  710.651858][ T4210] usb 5-1: can't set config #0, error -71
[  710.689224][ T4210] usb 5-1: USB disconnect, device number 20
[  710.803173][T11519] binder: 11518:11519 ioctl c0306201 0 returned -14
[  710.811688][   T26] audit: type=1800 audit(1749301745.370:23): pid=11508 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed comm="syz.0.2000" name=20019C1437B3CFFCC3A25729EB7393A7C721518FF6ECA56673F56C7B548772D22972A7D6084F9A98F5323A22F412C0542BCD9F767C8DD5B24476638E93D8D6A0C536D278E3633A dev="mqueue" ino=49709 res=0 errno=0
[  710.846477][T11519] binder: 11518:11519 ioctl c0306201 200000000c00 returned -14
[  711.029944][T11528] netlink: 12 bytes leftover after parsing attributes in process `syz.6.2002'.
[  713.135321][T11548] IPv6: RTM_NEWROUTE with no NLM_F_CREATE or NLM_F_REPLACE
[  715.304350][T11575] netlink: 12 bytes leftover after parsing attributes in process `syz.0.2018'.
[  715.489500][T11574] binder: 11565:11574 ioctl c0306201 0 returned -14
[  716.186544][T11583] Invalid ELF header magic: != ELF
[  716.208491][T11566] binder: 11565:11566 ioctl c0306201 200000000c00 returned -14
[  716.300249][T11576] kernel read not supported for file / 
�7���âW)�s���!Q���fs�l{T�r�)r��O���2:"��T+͟v|�ղDvc���֠�6�x�c: (pid: 11576 comm: syz.5.2017)
[  716.365172][   T26] audit: type=1800 audit(1749301750.920:24): pid=11576 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed comm="syz.5.2017" name=20019C1437B3CFFCC3A25729EB7393A7C721518FF6ECA56673F56C7B548772D22972A7D6084F9A98F5323A22F412C0542BCD9F767C8DD5B24476638E93D8D6A0C536D278E3633A dev="mqueue" ino=41227 res=0 errno=0
[  716.396940][    C0] vkms_vblank_simulate: vblank timer overrun
[  716.516536][T11589] IPv6: RTM_NEWROUTE with no NLM_F_CREATE or NLM_F_REPLACE
[  717.743130][T11604] nf_conntrack: default automatic helper assignment has been turned off for security reasons and CT-based firewall rule not found. Use the iptables CT target to attach helpers instead.
[  718.075971][T11614] trusted_key: encrypted_key: master key parameter 'user:' is invalid
[  718.389626][T11615] overlayfs: fs on './file0' does not support file handles, falling back to index=off,nfs_export=off.
[  718.400953][T11615] overlayfs: "xino" feature enabled using 2 upper inode bits.
[  719.244159][T11617] netlink: 1688 bytes leftover after parsing attributes in process `syz.1.2030'.
[  720.693591][T11629] IPv6: RTM_NEWROUTE with no NLM_F_CREATE or NLM_F_REPLACE
[  720.800048][T11627] binder: 11626:11627 ioctl c0306201 0 returned -14
[  720.811791][T11627] binder: 11626:11627 ioctl c0306201 200000000c00 returned -14
[  721.233115][T11644] netlink: 4 bytes leftover after parsing attributes in process `syz.0.2038'.
[  722.382518][T11668] overlayfs: fs on './file0' does not support file handles, falling back to index=off,nfs_export=off.
[  722.394722][T11668] overlayfs: "xino" feature enabled using 2 upper inode bits.
[  723.202506][T11675] IPv6: RTM_NEWROUTE with no NLM_F_CREATE or NLM_F_REPLACE
[  725.359862][T11706] netlink: 12 bytes leftover after parsing attributes in process `syz.4.2050'.
[  725.378073][T11702] KVM: KVM_SET_CPUID{,2} after KVM_RUN may cause guest instability
[  725.386367][T11702] KVM: KVM_SET_CPUID{,2} will fail after KVM_RUN starting with Linux 5.16
[  725.400653][   T13] usb 6-1: new high-speed USB device number 8 using dummy_hcd
[  725.414899][T11706] device vlan2 entered promiscuous mode
[  726.800717][   T13] usb 6-1: Using ep0 maxpacket: 16
[  727.330778][   T13] usb 6-1: unable to read config index 0 descriptor/all
[  727.396440][   T13] usb 6-1: can't read configurations, error -71
[  728.306476][T11726] IPv6: RTM_NEWROUTE with no NLM_F_CREATE or NLM_F_REPLACE
[  728.869774][T11729] xt_policy: neither incoming nor outgoing policy selected
[  729.039293][T11731] gfs2: not a GFS2 filesystem
[  730.642400][T11742] binder: 11741:11742 ioctl c0306201 0 returned -14
[  730.651254][T11742] binder: 11741:11742 ioctl c0306201 200000000c00 returned -14
[  731.125693][T11751] overlayfs: fs on './file0' does not support file handles, falling back to index=off,nfs_export=off.
[  731.137077][T11751] overlayfs: "xino" feature enabled using 2 upper inode bits.
[  732.081881][T11753] bridge0: port 3(vlan2) entered blocking state
[  732.088211][T11753] bridge0: port 3(vlan2) entered disabled state
[  732.095340][T11753] device vlan2 entered promiscuous mode
[  732.101237][T11753] device vlan1 entered promiscuous mode
[  732.107813][T11753] bridge0: port 3(vlan2) entered blocking state
[  732.114394][T11753] bridge0: port 3(vlan2) entered forwarding state
[  732.410777][   T23] usb 2-1: new full-speed USB device number 6 using dummy_hcd
[  732.896509][   T23] usb 2-1: config 0 has an invalid interface number: 1 but max is 0
[  732.914291][   T23] usb 2-1: config 0 has no interface number 0
[  732.921588][   T23] usb 2-1: New USB device found, idVendor=0b48, idProduct=1005, bcdDevice=8c.1e
[  732.934733][   T23] usb 2-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  732.961663][   T23] usb 2-1: config 0 descriptor??
[  732.972070][T11764] IPv6: RTM_NEWROUTE with no NLM_F_CREATE or NLM_F_REPLACE
[  733.025869][   T23] usb 2-1: selecting invalid altsetting 1
[  733.065613][   T23] dvb_ttusb_budget: ttusb_init_controller: error
[  733.220970][T11771] Invalid ELF header magic: != ELF
[  733.232954][T11771] kernel read not supported for file / 
�7���âW)�s���!Q���fs�l{T�r�)r��O���2:"��T+͟v|�ղDvc���֠�6�x�c: (pid: 11771 comm: syz.0.2075)
[  733.247585][   T26] audit: type=1800 audit(1749301767.800:25): pid=11771 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed comm="syz.0.2075" name=20019C1437B3CFFCC3A25729EB7393A7C721518FF6ECA56673F56C7B548772D22972A7D6084F9A98F5323A22F412C0542BCD9F767C8DD5B24476638E93D8D6A0C536D278E3633A dev="mqueue" ino=49709 res=0 errno=0
[  733.279355][   T23] dvbdev: DVB: registering new adapter (Technotrend/Hauppauge Nova-USB)
[  733.609031][   T23] DVB: Unable to find symbol cx22700_attach()
[  734.241256][   T23] DVB: Unable to find symbol tda10046_attach()
[  734.367883][   T23] dvb_ttusb_budget: no frontend driver found for device [0b48:1005]
[  734.378610][T11781] gfs2: not a GFS2 filesystem
[  734.421101][   T23] usb 2-1: USB disconnect, device number 6
[  737.599126][T11808] binder: 11807:11808 ioctl c0306201 0 returned -14
[  737.608019][T11808] binder: 11807:11808 ioctl c0306201 200000000c00 returned -14
[  737.754479][T11817] IPv6: RTM_NEWROUTE with no NLM_F_CREATE or NLM_F_REPLACE
[  741.822279][T11856] overlayfs: fs on './file0' does not support file handles, falling back to index=off,nfs_export=off.
[  741.833982][T11856] overlayfs: "xino" feature enabled using 2 upper inode bits.
[  743.012728][T11868] IPv6: RTM_NEWROUTE with no NLM_F_CREATE or NLM_F_REPLACE
[  743.460676][T11813] usb 6-1: new high-speed USB device number 10 using dummy_hcd
[  743.746825][T11863] input: syz0 as /devices/virtual/input/input9
[  743.990660][T11813] usb 6-1: Using ep0 maxpacket: 16
[  744.291074][T11813] usb 6-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config
[  744.360050][T11813] usb 6-1: config 0 has no interfaces?
[  744.840646][T11813] usb 6-1: New USB device found, idVendor=13b1, idProduct=0042, bcdDevice=2b.29
[  744.853285][T11813] usb 6-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  744.861727][T11813] usb 6-1: Product: syz
[  744.866146][T11813] usb 6-1: Manufacturer: syz
[  744.871322][T11813] usb 6-1: SerialNumber: syz
[  744.893660][T11813] usb 6-1: config 0 descriptor??
[  745.938497][ T4210] usb 6-1: USB disconnect, device number 10
[  746.911197][ T1420] ieee802154 phy0 wpan0: encryption failed: -22
[  746.917561][ T1420] ieee802154 phy1 wpan1: encryption failed: -22
[  747.040624][ T4248] usb 2-1: new high-speed USB device number 7 using dummy_hcd
[  747.147102][T11911] overlayfs: fs on './file0' does not support file handles, falling back to index=off,nfs_export=off.
[  747.158651][T11911] overlayfs: "xino" feature enabled using 2 upper inode bits.
[  747.744260][T11918] IPv6: RTM_NEWROUTE with no NLM_F_CREATE or NLM_F_REPLACE
[  747.760555][ T4248] usb 2-1: Using ep0 maxpacket: 8
[  748.580731][ T4248] usb 2-1: New USB device found, idVendor=1660, idProduct=0932, bcdDevice=80.ea
[  749.332961][ T4248] usb 2-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  749.380663][ T4248] usb 2-1: Product: syz
[  749.612290][T11936] netlink: 12 bytes leftover after parsing attributes in process `syz.6.2116'.
[  750.254106][ T4248] usb 2-1: Manufacturer: syz
[  750.258739][ T4248] usb 2-1: SerialNumber: syz
[  750.288346][ T4248] usb 2-1: config 0 descriptor??
[  751.413617][T11939] netlink: 20 bytes leftover after parsing attributes in process `syz.1.2118'.
[  751.450702][ T4248] usb 2-1: can't set config #0, error -71
[  751.493822][ T4248] usb 2-1: USB disconnect, device number 7
[  753.910610][ T4210] usb 2-1: new high-speed USB device number 8 using dummy_hcd
[  756.520649][ T4210] usb 2-1: unable to read config index 0 descriptor/start: -71
[  756.528461][ T4210] usb 2-1: can't read configurations, error -71
[  756.649738][T11983] netlink: 12 bytes leftover after parsing attributes in process `syz.6.2132'.
[  760.324713][    T7] Bluetooth: hci3: command 0x0409 tx timeout
[  761.732571][T11989] chnl_net:caif_netlink_parms(): no params data found
[  762.493433][ T4248] Bluetooth: hci3: command 0x041b tx timeout
[  763.220632][T12032] orangefs_mount: mount request failed with -4
[  763.413006][T12038] netlink: 12 bytes leftover after parsing attributes in process `syz.5.2144'.
[  764.554768][ T4210] Bluetooth: hci3: command 0x040f tx timeout
[  764.602241][T11989] bridge0: port 1(bridge_slave_0) entered blocking state
[  764.674653][T11989] bridge0: port 1(bridge_slave_0) entered disabled state
[  766.713166][T11989] device bridge_slave_0 entered promiscuous mode
[  767.026465][T11989] bridge0: port 2(bridge_slave_1) entered blocking state
[  767.093040][    T7] Bluetooth: hci3: command 0x0419 tx timeout
[  767.176049][T11989] bridge0: port 2(bridge_slave_1) entered disabled state
[  767.421530][T11989] device bridge_slave_1 entered promiscuous mode
[  768.047996][T12064] binder: 12060:12064 ioctl c0306201 0 returned -14
[  768.078639][T12064] binder: 12060:12064 ioctl c0306201 200000000c00 returned -14
[  768.364512][T12076] gfs2: not a GFS2 filesystem
[  768.412230][T11989] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link
[  768.742819][T11989] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link
[  768.934541][T11989] team0: Port device team_slave_0 added
[  769.196609][T11989] team0: Port device team_slave_1 added
[  769.316468][T11989] batman_adv: batadv0: Adding interface: batadv_slave_0
[  769.367811][T12088] netlink: 12 bytes leftover after parsing attributes in process `syz.6.2156'.
[  769.396424][T11989] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[  769.755402][T11989] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active
[  769.811742][T12091] xt_hashlimit: size too large, truncated to 1048576
[  769.964939][T11989] batman_adv: batadv0: Adding interface: batadv_slave_1
[  770.047941][T11989] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[  770.108676][T11989] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active
[  770.189138][T11989] device hsr_slave_0 entered promiscuous mode
[  770.208829][T11989] device hsr_slave_1 entered promiscuous mode
[  770.218791][T11989] debugfs: Directory 'hsr0' with parent 'hsr' already present!
[  770.232225][T11989] Cannot create hsr debugfs directory
[  770.495050][T11989] netdevsim netdevsim7 netdevsim0: renamed from eth0
[  770.522367][T11989] netdevsim netdevsim7 netdevsim1: renamed from eth1
[  770.548898][T11989] netdevsim netdevsim7 netdevsim2: renamed from eth2
[  770.584988][T11989] netdevsim netdevsim7 netdevsim3: renamed from eth3
[  770.796824][T11989] 8021q: adding VLAN 0 to HW filter on device bond0
[  770.833064][  T145] IPv6: ADDRCONF(NETDEV_CHANGE): veth1: link becomes ready
[  770.854868][  T145] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready
[  770.883297][T11989] 8021q: adding VLAN 0 to HW filter on device team0
[  770.908178][ T6932] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bridge: link becomes ready
[  770.933206][ T6932] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready
[  770.959513][ T6932] bridge0: port 1(bridge_slave_0) entered blocking state
[  770.966662][ T6932] bridge0: port 1(bridge_slave_0) entered forwarding state
[  771.029042][ T6932] IPv6: ADDRCONF(NETDEV_CHANGE): bridge0: link becomes ready
[  771.051030][ T6932] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bridge: link becomes ready
[  771.080074][ T6932] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready
[  771.103238][ T6932] bridge0: port 2(bridge_slave_1) entered blocking state
[  771.110299][ T6932] bridge0: port 2(bridge_slave_1) entered forwarding state
[  771.150852][ T6932] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bond: link becomes ready
[  771.176215][ T6932] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bond: link becomes ready
[  771.218550][ T6932] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_team: link becomes ready
[  771.271648][ T6932] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_0: link becomes ready
[  771.285421][ T6932] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_team: link becomes ready
[  771.299027][ T6932] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_1: link becomes ready
[  771.325832][T11989] hsr0: Slave A (hsr_slave_0) is not up; please bring it up to get a fully working HSR network
[  771.357909][T11989] hsr0: Slave B (hsr_slave_1) is not up; please bring it up to get a fully working HSR network
[  771.376912][ T6932] IPv6: ADDRCONF(NETDEV_CHANGE): team0: link becomes ready
[  771.386981][ T6932] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_hsr: link becomes ready
[  771.401948][ T6932] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_0: link becomes ready
[  771.419166][ T6932] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_hsr: link becomes ready
[  771.429146][ T6932] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_1: link becomes ready
[  771.458588][ T6932] IPv6: ADDRCONF(NETDEV_CHANGE): hsr0: link becomes ready
[  771.624113][ T6932] IPv6: ADDRCONF(NETDEV_CHANGE): vxcan1: link becomes ready
[  771.631784][ T6932] IPv6: ADDRCONF(NETDEV_CHANGE): vxcan0: link becomes ready
[  771.656613][T11989] 8021q: adding VLAN 0 to HW filter on device batadv0
[  771.838539][ T4274] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_virt_wifi: link becomes ready
[  771.855117][ T4274] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_virt_wifi: link becomes ready
[  771.889697][ T4274] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_vlan: link becomes ready
[  771.899825][ T4274] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_vlan: link becomes ready
[  771.918314][T11989] device veth0_vlan entered promiscuous mode
[  771.927796][ T4274] IPv6: ADDRCONF(NETDEV_CHANGE): vlan0: link becomes ready
[  771.936464][ T4274] IPv6: ADDRCONF(NETDEV_CHANGE): vlan1: link becomes ready
[  771.958960][T11989] device veth1_vlan entered promiscuous mode
[  771.996515][ T4274] IPv6: ADDRCONF(NETDEV_CHANGE): macvlan0: link becomes ready
[  772.013409][ T4274] IPv6: ADDRCONF(NETDEV_CHANGE): macvlan1: link becomes ready
[  772.026228][ T4274] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_macvtap: link becomes ready
[  772.042430][ T4274] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_macvtap: link becomes ready
[  772.071386][T11989] device veth0_macvtap entered promiscuous mode
[  772.091833][T11989] device veth1_macvtap entered promiscuous mode
[  772.190762][   T23] usb 2-1: new high-speed USB device number 10 using dummy_hcd
[  772.324639][T11989] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0
[  772.394566][T11989] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  772.450594][   T23] usb 2-1: Using ep0 maxpacket: 32
[  772.467446][T11989] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0
[  772.510659][ T4208] usb 6-1: new full-speed USB device number 11 using dummy_hcd
[  772.553167][T11989] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  772.570884][   T23] usb 2-1: config 1 has an invalid interface number: 242 but max is 0
[  772.590605][   T23] usb 2-1: config 1 has no interface number 0
[  772.625922][   T23] usb 2-1: config 1 interface 242 has no altsetting 0
[  772.635594][T11989] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0
[  772.716645][T11989] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  772.785756][T11989] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0
[  772.841150][   T23] usb 2-1: New USB device found, idVendor=2eca, idProduct=c101, bcdDevice= 7.df
[  772.872349][   T23] usb 2-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  772.882776][T11989] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  772.893030][ T4208] usb 6-1: config 1 has an invalid descriptor of length 0, skipping remainder of the config
[  772.925017][ T4208] usb 6-1: config 1 has 1 interface, different from the descriptor's value: 3
[  772.954229][   T23] usb 2-1: Product: syz
[  772.957452][T11989] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0
[  772.968735][   T23] usb 2-1: Manufacturer: syz
[  772.968872][T11989] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  772.983301][T11989] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0
[  772.986343][   T23] usb 2-1: SerialNumber: syz
[  772.993739][T11989] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  772.995097][T11989] batman_adv: batadv0: Interface activated: batadv_slave_0
[  773.016733][ T9266] IPv6: ADDRCONF(NETDEV_CHANGE): macvtap0: link becomes ready
[  773.038481][ T9266] IPv6: ADDRCONF(NETDEV_CHANGE): macsec0: link becomes ready
[  773.054761][ T9266] IPv6: ADDRCONF(NETDEV_CHANGE): batadv_slave_0: link becomes ready
[  773.068321][ T9266] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_batadv: link becomes ready
[  773.111279][T11989] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1
[  773.122014][T11989] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  773.131869][T11989] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1
[  773.131963][ T4208] usb 6-1: New USB device found, idVendor=1d6b, idProduct=0101, bcdDevice= 0.40
[  773.142293][T11989] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  773.142305][T11989] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1
[  773.142319][T11989] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  773.142328][T11989] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1
[  773.142340][T11989] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  773.142357][T11989] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1
[  773.142369][T11989] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  773.142381][T11989] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1
[  773.142392][T11989] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  773.143615][T11989] batman_adv: batadv0: Interface activated: batadv_slave_1
[  773.153226][ T4208] usb 6-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  773.206964][ T6932] IPv6: ADDRCONF(NETDEV_CHANGE): batadv_slave_1: link becomes ready
[  773.251840][ T4208] usb 6-1: Product: syz
[  773.290670][   T23] aqc111: probe of 2-1:1.242 failed with error -71
[  773.349471][ T6932] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_batadv: link becomes ready
[  774.151436][   T23] usb 2-1: USB disconnect, device number 10
[  774.157444][ T4208] usb 6-1: Manufacturer: syz
[  774.166879][T12121] netlink: 12 bytes leftover after parsing attributes in process `syz.6.2165'.
[  774.178220][ T4208] usb 6-1: SerialNumber: syz
[  774.199277][T11989] netdevsim netdevsim7 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0
[  774.232846][T11989] netdevsim netdevsim7 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0
[  774.250831][T11989] netdevsim netdevsim7 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0
[  774.381555][T11989] netdevsim netdevsim7 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0
[  774.399488][T12126] gfs2: not a GFS2 filesystem
[  774.500975][ T4208] usb 6-1: 0:2 : does not exist
[  774.760088][ T4208] usb 6-1: USB disconnect, device number 11
[  774.819792][ T4274] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[  774.853786][ T4274] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50
[  774.866510][ T4284] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[  774.925892][ T4274] IPv6: ADDRCONF(NETDEV_CHANGE): wlan0: link becomes ready
[  774.978146][ T4284] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50
[  775.026454][ T6932] IPv6: ADDRCONF(NETDEV_CHANGE): wlan1: link becomes ready
[  775.210113][T12142] netlink: 12 bytes leftover after parsing attributes in process `syz.5.2169'.
[  776.684994][T12159] netlink: 12 bytes leftover after parsing attributes in process `syz.6.2174'.
[  778.075235][T12170] netlink: 12 bytes leftover after parsing attributes in process `syz.7.2176'.
[  778.752575][T12168] netlink: 'syz.6.2178': attribute type 10 has an invalid length.
[  780.222525][T12202] netlink: 12 bytes leftover after parsing attributes in process `syz.1.2185'.
[  781.976596][T11813] usb 6-1: new high-speed USB device number 12 using dummy_hcd
[  781.995679][T12219] netlink: 12 bytes leftover after parsing attributes in process `syz.4.2192'.
[  784.156096][T12228] device syzkaller0 entered promiscuous mode
[  784.333397][T11813] usb 6-1: device not accepting address 12, error -71
[  787.027979][T12265] netlink: 12 bytes leftover after parsing attributes in process `syz.1.2206'.
[  788.971537][   T23] usb 2-1: new high-speed USB device number 11 using dummy_hcd
[  789.550597][   T23] usb 2-1: Using ep0 maxpacket: 32
[  790.140675][   T23] usb 2-1: config 0 has an invalid interface number: 184 but max is 0
[  790.171728][T12298] Invalid ELF header magic: != ELF
[  790.178219][T12298] kernel read not supported for file / 
�7���âW)�s���!Q���fs�l{T�r�)r��O���2:"��T+͟v|�ղDvc���֠�6�x�c: (pid: 12298 comm: syz.6.2216)
[  790.192831][   T26] audit: type=1800 audit(1749301824.750:26): pid=12298 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed comm="syz.6.2216" name=20019C1437B3CFFCC3A25729EB7393A7C721518FF6ECA56673F56C7B548772D22972A7D6084F9A98F5323A22F412C0542BCD9F767C8DD5B24476638E93D8D6A0C536D278E3633A dev="mqueue" ino=64677 res=0 errno=0
[  790.239485][   T23] usb 2-1: config 0 has no interface number 0
[  790.248020][T12301] IPv6: RTM_NEWROUTE with no NLM_F_CREATE or NLM_F_REPLACE
[  790.286879][   T23] usb 2-1: config 0 interface 184 has no altsetting 0
[  790.750628][   T23] usb 2-1: New USB device found, idVendor=0424, idProduct=7500, bcdDevice=69.ee
[  791.185561][   T23] usb 2-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  791.210514][   T23] usb 2-1: Product: syz
[  791.215335][   T23] usb 2-1: Manufacturer: syz
[  791.219953][   T23] usb 2-1: SerialNumber: syz
[  791.681949][   T23] usb 2-1: config 0 descriptor??
[  791.710751][   T23] usb 2-1: can't set config #0, error -71
[  791.763783][   T23] usb 2-1: USB disconnect, device number 11
[  795.605808][T12343] IPv6: RTM_NEWROUTE with no NLM_F_CREATE or NLM_F_REPLACE
[  795.776836][T12347] netlink: 12 bytes leftover after parsing attributes in process `syz.4.2230'.
[  796.910767][   T23] usb 8-1: new high-speed USB device number 2 using dummy_hcd
[  799.390755][   T23] usb 8-1: Using ep0 maxpacket: 32
[  799.631016][   T23] usb 8-1: device descriptor read/all, error -71
[  800.645682][T12389] netlink: 12 bytes leftover after parsing attributes in process `syz.5.2242'.
[  802.354346][T12401] netlink: 'syz.6.2244': attribute type 62 has an invalid length.
[  802.516629][ T5490] usb 2-1: new high-speed USB device number 12 using dummy_hcd
[  802.802805][ T4210] usb 5-1: new high-speed USB device number 21 using dummy_hcd
[  803.017861][ T5490] usb 2-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7
[  803.220538][ T4210] usb 5-1: Using ep0 maxpacket: 32
[  803.260210][ T5490] usb 2-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0
[  803.490585][ T4210] usb 5-1: config 0 has an invalid interface number: 184 but max is 0
[  804.050034][ T5490] usb 2-1: New USB device found, idVendor=28de, idProduct=1142, bcdDevice= 0.00
[  804.060028][ T4210] usb 5-1: config 0 has no interface number 0
[  804.069574][ T4210] usb 5-1: config 0 interface 184 has no altsetting 0
[  804.076762][ T5490] usb 2-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  804.093497][ T5490] usb 2-1: config 0 descriptor??
[  804.380761][ T4210] usb 5-1: New USB device found, idVendor=0424, idProduct=7500, bcdDevice=69.ee
[  804.399722][ T4210] usb 5-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  804.408000][ T4210] usb 5-1: Product: syz
[  804.419103][ T4210] usb 5-1: Manufacturer: syz
[  804.423808][ T4210] usb 5-1: SerialNumber: syz
[  805.248060][ T5490] hid-steam 0003:28DE:1142.0004: unknown main item tag 0x1
[  805.260701][ T4210] usb 5-1: config 0 descriptor??
[  805.277074][ T5490] hid-steam 0003:28DE:1142.0004: item fetching failed at offset 4/5
[  805.454733][ T4210] usb 5-1: can't set config #0, error -71
[  805.481366][ T4210] usb 5-1: USB disconnect, device number 21
[  805.487756][ T5490] hid-steam 0003:28DE:1142.0004: steam_probe:parse of hid interface failed
[  806.194647][T12431] gfs2: not a GFS2 filesystem
[  806.259302][ T5490] hid-steam: probe of 0003:28DE:1142.0004 failed with error -22
[  806.346219][ T5490] usb 2-1: USB disconnect, device number 12
[  806.455091][   T13] Bluetooth: hci4: Controller not accepting commands anymore: ncmd = 0
[  806.626484][   T13] Bluetooth: hci4: Injecting HCI hardware error event
[  806.634068][ T9967] Bluetooth: hci4: hardware error 0x00
[  807.551345][T12449] netlink: 12 bytes leftover after parsing attributes in process `syz.5.2257'.
[  808.369522][ T1420] ieee802154 phy0 wpan0: encryption failed: -22
[  808.375905][ T1420] ieee802154 phy1 wpan1: encryption failed: -22
[  808.894088][   T26] audit: type=1326 audit(1749301843.450:27): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=12458 comm="syz.6.2261" exe="/root/syz-executor" sig=31 arch=c000003e syscall=202 compat=0 ip=0x7fd75c81c929 code=0x0
[  809.203286][T12464] device batadv1 entered promiscuous mode
[  810.340533][ T4239] usb 7-1: new high-speed USB device number 5 using dummy_hcd
[  811.331136][ T4239] usb 7-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0
[  811.401440][ T4239] usb 7-1: New USB device found, idVendor=046d, idProduct=c222, bcdDevice= 0.00
[  811.499758][ T4239] usb 7-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  811.630364][ T4239] usb 7-1: config 0 descriptor??
[  811.840666][ T4209] usb 8-1: new high-speed USB device number 4 using dummy_hcd
[  811.932494][ T5490] usb 6-1: new high-speed USB device number 14 using dummy_hcd
[  812.272870][T12488] overlayfs: failed to resolve './file1': -2
[  813.314355][ T5490] usb 6-1: Using ep0 maxpacket: 32
[  813.519736][T12487] Invalid ELF header magic: != ELF
[  813.529505][T12487] kernel read not supported for file / 
�7���âW)�s���!Q���fs�l{T�r�)r��O���2:"��T+͟v|�ղDvc���֠�6�x�c: (pid: 12487 comm: syz.1.2270)
[  813.544234][ T4209] usb 8-1: Using ep0 maxpacket: 8
[  813.544248][   T26] audit: type=1800 audit(1749301848.110:28): pid=12487 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed comm="syz.1.2270" name=20019C1437B3CFFCC3A25729EB7393A7C721518FF6ECA56673F56C7B548772D22972A7D6084F9A98F5323A22F412C0542BCD9F767C8DD5B24476638E93D8D6A0C536D278E3633A dev="mqueue" ino=35800 res=0 errno=0
[  813.580878][    C0] vkms_vblank_simulate: vblank timer overrun
[  813.770606][ T5490] usb 6-1: config 0 has an invalid interface number: 184 but max is 0
[  813.770679][ T4239] usbhid 7-1:0.0: can't add hid device: -71
[  813.780336][ T5490] usb 6-1: config 0 has no interface number 0
[  813.791095][ T4239] usbhid: probe of 7-1:0.0 failed with error -71
[  813.793111][ T4239] usb 7-1: USB disconnect, device number 5
[  813.823607][ T5490] usb 6-1: config 0 interface 184 has no altsetting 0
[  813.914491][T12500] IPv6: RTM_NEWROUTE with no NLM_F_CREATE or NLM_F_REPLACE
[  813.967434][ T4209] usb 8-1: New USB device found, idVendor=1660, idProduct=0932, bcdDevice=80.ea
[  813.977545][ T4209] usb 8-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  813.985674][ T4209] usb 8-1: Product: syz
[  813.989878][ T4209] usb 8-1: Manufacturer: syz
[  813.994568][ T4209] usb 8-1: SerialNumber: syz
[  814.000882][ T4209] usb 8-1: config 0 descriptor??
[  814.031828][T12504] netlink: 552 bytes leftover after parsing attributes in process `syz.6.2274'.
[  814.043225][ T4209] dvb-usb: found a 'Medion MD95700 (MDUSBTV-HYBRID)' in warm state.
[  814.061577][T12504] netlink: 40 bytes leftover after parsing attributes in process `syz.6.2274'.
[  814.062429][ T4209] usb 8-1: setting power ON
[  814.093032][ T5490] usb 6-1: New USB device found, idVendor=0424, idProduct=7500, bcdDevice=69.ee
[  814.102640][ T5490] usb 6-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  814.110793][ T5490] usb 6-1: Product: syz
[  814.539179][ T4209] dvb-usb: bulk message failed: -22 (2/0)
[  814.554860][ T5490] usb 6-1: config 0 descriptor??
[  814.574972][ T4209] dvb-usb: will pass the complete MPEG2 transport stream to the software demuxer.
[  814.587117][ T5490] usb 6-1: can't set config #0, error -71
[  814.690758][ T4209] dvbdev: DVB: registering new adapter (Medion MD95700 (MDUSBTV-HYBRID))
[  814.721079][ T4209] usb 8-1: media controller created
[  814.722847][ T4169] sysfs: cannot create duplicate filename '/devices/virtual/bluetooth/hci3/hci3:201'
[  814.737889][ T4169] CPU: 0 PID: 4169 Comm: kworker/u5:1 Not tainted 5.15.185-syzkaller #0
[  814.746225][ T4169] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025
[  814.756270][ T4169] Workqueue: hci3 hci_rx_work
[  814.760956][ T4169] Call Trace:
[  814.764223][ T4169]  <TASK>
[  814.767139][ T4169]  dump_stack_lvl+0x168/0x230
[  814.771804][ T4169]  ? show_regs_print_info+0x20/0x20
[  814.776988][ T4169]  ? load_image+0x3b0/0x3b0
[  814.781486][ T4169]  sysfs_create_dir_ns+0x252/0x280
[  814.786583][ T4169]  ? __lock_acquire+0x7c60/0x7c60
[  814.791599][ T4169]  ? sysfs_warn_dup+0xa0/0xa0
[  814.796289][ T4169]  ? le_conn_complete_evt+0xcbc/0x1590
[  814.801769][ T4169]  ? hci_event_packet+0xe05/0x12f0
[  814.806890][ T4169]  ? process_one_work+0x863/0x1000
[  814.812015][ T4169]  ? do_raw_spin_unlock+0x11d/0x230
[  814.817224][ T4169]  kobject_add_internal+0x662/0xd00
[  814.822439][ T4169]  kobject_add+0x152/0x210
[  814.826867][ T4169]  ? kobject_init+0x1d0/0x1d0
[  814.831555][ T4169]  ? klist_children_get+0x50/0x50
[  814.836585][ T4169]  ? get_device_parent+0x121/0x3f0
[  814.841713][ T4169]  device_add+0x483/0xfb0
[  814.846059][ T4169]  hci_conn_add_sysfs+0xd1/0x1e0
[  814.851009][ T4169]  le_conn_complete_evt+0xcbc/0x1590
[  814.856315][ T4169]  ? cs_le_create_conn+0x5e0/0x5e0
[  814.861444][ T4169]  ? __mutex_trylock_common+0x14f/0x250
[  814.867005][ T4169]  hci_le_meta_evt+0x289/0x3b80
[  814.871881][ T4169]  ? hci_event_packet+0x36d/0x12f0
[  814.876990][ T4169]  ? hci_event_packet+0x2e2/0x12f0
[  814.882103][ T4169]  ? __lock_acquire+0x7c60/0x7c60
[  814.887191][ T4169]  ? hci_remote_host_features_evt+0x280/0x280
[  814.893347][ T4169]  ? __mutex_unlock_slowpath+0x19e/0x6a0
[  814.898987][ T4169]  ? mark_lock+0x94/0x320
[  814.903327][ T4169]  ? mutex_unlock+0x10/0x10
[  814.907839][ T4169]  ? lockdep_hardirqs_on_prepare+0x3fc/0x760
[  814.913834][ T4169]  ? lock_chain_count+0x20/0x20
[  814.918707][ T4169]  ? __rwlock_init+0x140/0x140
[  814.923473][ T4169]  hci_event_packet+0xe05/0x12f0
[  814.928410][ T4169]  ? lockdep_hardirqs_on+0x94/0x140
[  814.933609][ T4169]  ? rcu_lock_release+0x20/0x20
[  814.938458][ T4169]  ? hci_send_to_monitor+0x9c/0x4a0
[  814.943660][ T4169]  hci_rx_work+0x255/0xa10
[  814.948076][ T4169]  process_one_work+0x863/0x1000
[  814.953014][ T4169]  ? worker_detach_from_pool+0x240/0x240
[  814.958636][ T4169]  ? lockdep_hardirqs_off+0x70/0x100
[  814.963927][ T4169]  ? _raw_spin_lock_irq+0xab/0xe0
[  814.968951][ T4169]  ? _raw_spin_lock_irqsave+0xf0/0xf0
[  814.974331][ T4169]  ? wq_worker_running+0x97/0x170
[  814.979359][ T4169]  worker_thread+0xaa8/0x12a0
[  814.984052][ T4169]  kthread+0x436/0x520
[  814.988114][ T4169]  ? rcu_lock_release+0x20/0x20
[  814.992964][ T4169]  ? kthread_blkcg+0xd0/0xd0
[  814.997549][ T4169]  ret_from_fork+0x1f/0x30
[  815.001973][ T4169]  </TASK>
[  815.005096][    C0] vkms_vblank_simulate: vblank timer overrun
[  815.017029][ T4169] kobject_add_internal failed for hci3:201 with -EEXIST, don't try to register things with the same name in the same directory.
[  815.030409][ T4169] Bluetooth: hci3: failed to register connection device
[  815.043534][ T5490] usb 6-1: USB disconnect, device number 14
[  815.175617][ T4248] usb 7-1: new high-speed USB device number 6 using dummy_hcd
[  815.188545][ T4209] dvbdev: dvb_create_media_entity: media entity 'dvb-demux' registered.
[  815.421321][ T4209] usb 8-1: selecting invalid altsetting 6
[  815.460222][ T4209] usb 8-1: digital interface selection failed (-22)
[  815.495199][ T4209] dvb-usb: no frontend was attached by 'Medion MD95700 (MDUSBTV-HYBRID)'
[  815.690821][ T4209] usb 8-1: setting power OFF
[  815.700569][ T4209] dvb-usb: bulk message failed: -22 (2/0)
[  815.706306][ T4209] dvb-usb: Medion MD95700 (MDUSBTV-HYBRID) successfully initialized and connected.
[  815.743634][ T4209] (NULL device *): no alternate interface
[  815.793569][ T4209] dvb-usb: Medion MD95700 (MDUSBTV-HYBRID) successfully deinitialized and disconnected.
[  815.907289][ T4209] usb 8-1: USB disconnect, device number 4
[  816.090626][ T4248] usb 7-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7
[  816.478465][ T4248] usb 7-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0
[  816.920614][ T4248] usb 7-1: New USB device found, idVendor=044f, idProduct=b65d, bcdDevice= 0.00
[  816.950107][ T4248] usb 7-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  816.981427][ T4248] usb 7-1: config 0 descriptor??
[  817.042844][T12535] Invalid ELF header magic: != ELF
[  817.050295][T12535] kernel read not supported for file / 
�7���âW)�s���!Q���fs�l{T�r�)r��O���2:"��T+͟v|�ղDvc���֠�6�x�c: (pid: 12535 comm: syz.4.2283)
[  817.064990][   T26] audit: type=1800 audit(1749301851.630:29): pid=12535 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed comm="syz.4.2283" name=20019C1437B3CFFCC3A25729EB7393A7C721518FF6ECA56673F56C7B548772D22972A7D6084F9A98F5323A22F412C0542BCD9F767C8DD5B24476638E93D8D6A0C536D278E3633A dev="mqueue" ino=39809 res=0 errno=0
[  817.120649][ T4248] usb 7-1: can't set config #0, error -71
[  817.139333][ T4248] usb 7-1: USB disconnect, device number 6
[  817.205775][T12540] IPv6: RTM_NEWROUTE with no NLM_F_CREATE or NLM_F_REPLACE
[  817.426343][   T26] audit: type=1326 audit(1749301851.980:30): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=12542 comm="syz.6.2286" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fd75c81c929 code=0x7ffc0000
[  817.459797][T12549] netlink: 12 bytes leftover after parsing attributes in process `syz.5.2282'.
[  817.649847][   T26] audit: type=1326 audit(1749301851.980:31): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=12542 comm="syz.6.2286" exe="/root/syz-executor" sig=0 arch=c000003e syscall=433 compat=0 ip=0x7fd75c81c929 code=0x7ffc0000
[  817.680608][ T4208] usb 2-1: new high-speed USB device number 13 using dummy_hcd
[  818.259889][   T26] audit: type=1326 audit(1749301851.980:32): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=12542 comm="syz.6.2286" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fd75c81c929 code=0x7ffc0000
[  818.283903][   T26] audit: type=1326 audit(1749301851.980:33): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=12542 comm="syz.6.2286" exe="/root/syz-executor" sig=0 arch=c000003e syscall=257 compat=0 ip=0x7fd75c81b290 code=0x7ffc0000
[  818.309236][   T26] audit: type=1326 audit(1749301851.980:34): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=12542 comm="syz.6.2286" exe="/root/syz-executor" sig=0 arch=c000003e syscall=257 compat=0 ip=0x7fd75c81b290 code=0x7ffc0000
[  818.336242][   T26] audit: type=1326 audit(1749301851.980:35): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=12542 comm="syz.6.2286" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fd75c81c929 code=0x7ffc0000
[  818.360943][   T26] audit: type=1326 audit(1749301851.980:36): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=12542 comm="syz.6.2286" exe="/root/syz-executor" sig=0 arch=c000003e syscall=302 compat=0 ip=0x7fd75c81c929 code=0x7ffc0000
[  818.450619][ T4208] usb 2-1: Using ep0 maxpacket: 32
[  818.571069][ T4208] usb 2-1: config 0 has an invalid interface number: 184 but max is 0
[  818.581434][ T4208] usb 2-1: config 0 has no interface number 0
[  818.587768][ T4208] usb 2-1: config 0 interface 184 has no altsetting 0
[  818.653585][   T26] audit: type=1326 audit(1749301851.980:37): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=12542 comm="syz.6.2286" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fd75c81c929 code=0x7ffc0000
[  818.886391][   T26] audit: type=1326 audit(1749301851.980:38): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=12542 comm="syz.6.2286" exe="/root/syz-executor" sig=0 arch=c000003e syscall=144 compat=0 ip=0x7fd75c81c929 code=0x7ffc0000
[  818.890821][ T4208] usb 2-1: New USB device found, idVendor=0424, idProduct=7500, bcdDevice=69.ee
[  819.113168][ T4208] usb 2-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  819.145599][ T4208] usb 2-1: Product: syz
[  819.155066][ T4208] usb 2-1: Manufacturer: syz
[  819.165057][ T4208] usb 2-1: SerialNumber: syz
[  819.184547][ T4208] usb 2-1: config 0 descriptor??
[  819.231678][ T4208] smsc75xx v1.0.0
[  819.235997][ T4208] smsc75xx 2-1:0.184 (unnamed net_device) (uninitialized): usbnet_get_endpoints failed: -22
[  819.249587][ T4208] smsc75xx: probe of 2-1:0.184 failed with error -22
[  819.440556][ T4208] usb 2-1: USB disconnect, device number 13
[  820.207148][T12576] IPv6: RTM_NEWROUTE with no NLM_F_CREATE or NLM_F_REPLACE
[  820.214532][T12576] IPv6: NLM_F_CREATE should be set when creating new route
[  821.076297][T12580] Invalid ELF header magic: != ELF
[  821.105646][T12580] kernel read not supported for file / 
�7���âW)�s���!Q���fs�l{T�r�)r��O���2:"��T+͟v|�ղDvc���֠�6�x�c: (pid: 12580 comm: syz.7.2297)
[  821.253273][ T4248] Bluetooth: hci3: command 0x0406 tx timeout
[  822.657935][T12607] IPv6: RTM_NEWROUTE with no NLM_F_CREATE or NLM_F_REPLACE
[  824.184067][   T26] kauditd_printk_skb: 22 callbacks suppressed
[  824.184082][   T26] audit: type=1326 audit(1749301858.720:61): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=12598 comm="syz.4.2302" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f4fe9c4b929 code=0x7ffc0000
[  824.981105][   T26] audit: type=1326 audit(1749301858.720:62): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=12598 comm="syz.4.2302" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f4fe9c4b929 code=0x7ffc0000
[  825.007531][   T26] audit: type=1326 audit(1749301859.430:63): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=12598 comm="syz.4.2302" exe="/root/syz-executor" sig=0 arch=c000003e syscall=302 compat=0 ip=0x7f4fe9c4b929 code=0x7ffc0000
[  825.854368][   T26] audit: type=1326 audit(1749301859.430:64): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=12598 comm="syz.4.2302" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f4fe9c4b929 code=0x7ffc0000
[  826.315456][T12623] binder: 12619:12623 ioctl c0306201 0 returned -14
[  826.324037][T12623] binder: 12619:12623 ioctl c0306201 200000000c00 returned -14
[  826.407285][   T26] audit: type=1326 audit(1749301860.020:65): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=12598 comm="syz.4.2302" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f4fe9c4b929 code=0x7ffc0000
[  826.445345][   T26] audit: type=1326 audit(1749301860.070:66): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=12598 comm="syz.4.2302" exe="/root/syz-executor" sig=0 arch=c000003e syscall=46 compat=0 ip=0x7f4fe9c4b929 code=0x7ffc0000
[  826.469065][   T26] audit: type=1326 audit(1749301860.070:67): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=12598 comm="syz.4.2302" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f4fe9c4b929 code=0x7ffc0000
[  826.501047][   T26] audit: type=1326 audit(1749301860.070:68): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=12598 comm="syz.4.2302" exe="/root/syz-executor" sig=0 arch=c000003e syscall=54 compat=0 ip=0x7f4fe9c4b929 code=0x7ffc0000
[  826.530555][   T26] audit: type=1326 audit(1749301860.070:69): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=12598 comm="syz.4.2302" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f4fe9c4b929 code=0x7ffc0000
[  826.556011][   T26] audit: type=1326 audit(1749301860.070:70): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=12598 comm="syz.4.2302" exe="/root/syz-executor" sig=0 arch=c000003e syscall=257 compat=0 ip=0x7f4fe9c4a290 code=0x7ffc0000
[  826.640606][ T4239] usb 7-1: new high-speed USB device number 7 using dummy_hcd
[  827.500822][ T4239] usb 7-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0
[  827.523328][ T4239] usb 7-1: New USB device found, idVendor=046d, idProduct=c222, bcdDevice= 0.00
[  827.535188][T12645] Invalid ELF header magic: != ELF
[  827.543553][T12645] kernel read not supported for file / 
�7���âW)�s���!Q���fs�l{T�r�)r��O���2:"��T+͟v|�ղDvc���֠�6�x�c: (pid: 12645 comm: syz.5.2316)
[  827.639068][ T4239] usb 7-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  827.831789][ T4239] usb 7-1: config 0 descriptor??
[  830.910668][ T4239] usbhid 7-1:0.0: can't add hid device: -71
[  830.917309][ T4239] usbhid: probe of 7-1:0.0 failed with error -71
[  831.754718][ T4239] usb 7-1: USB disconnect, device number 7
[  833.920581][ T4239] usb 7-1: new high-speed USB device number 8 using dummy_hcd
[  834.180636][ T4239] usb 7-1: Using ep0 maxpacket: 32
[  834.277244][T12692] binder: 12688:12692 ioctl c0306201 0 returned -14
[  834.289593][T12692] binder: 12688:12692 ioctl c0306201 200000000c00 returned -14
[  834.311167][ T4239] usb 7-1: config 0 has an invalid interface number: 250 but max is 0
[  834.369603][ T4239] usb 7-1: config 0 has no interface number 0
[  834.944694][ T4239] usb 7-1: New USB device found, idVendor=04f1, idProduct=1001, bcdDevice=19.63
[  834.954524][ T4239] usb 7-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  834.962866][ T4239] usb 7-1: Product: syz
[  834.967041][ T4239] usb 7-1: Manufacturer: syz
[  834.971969][ T4239] usb 7-1: SerialNumber: syz
[  835.008928][ T4239] usb 7-1: config 0 descriptor??
[  835.070644][ T4239] usb 7-1: can't set config #0, error -71
[  835.100226][ T4239] usb 7-1: USB disconnect, device number 8
[  836.349873][T12710] capability: warning: `syz.1.2334' uses deprecated v2 capabilities in a way that may be insecure
[  836.530710][ T4239] usb 7-1: new high-speed USB device number 9 using dummy_hcd
[  837.480655][ T4239] usb 7-1: Using ep0 maxpacket: 16
[  838.661216][ T4239] usb 7-1: New USB device found, idVendor=06be, idProduct=a232, bcdDevice=33.f3
[  838.805198][ T4239] usb 7-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  838.819273][ T4239] usb 7-1: config 0 descriptor??
[  838.840685][ T4239] usb 7-1: can't set config #0, error -71
[  838.969800][ T4239] usb 7-1: USB disconnect, device number 9
[  842.838885][T12767] netlink: 12 bytes leftover after parsing attributes in process `syz.1.2350'.
[  844.453878][T12788] binder: 12783:12788 ioctl c0306201 0 returned -14
[  848.583369][T12812] netlink: 12 bytes leftover after parsing attributes in process `syz.1.2362'.
[  849.432419][T12834] overlayfs: fs on './file0' does not support file handles, falling back to index=off,nfs_export=off.
[  849.443584][T12834] overlayfs: "xino" feature enabled using 2 upper inode bits.
[  850.694320][ T5490] usb 6-1: new high-speed USB device number 15 using dummy_hcd
[  850.960514][ T5490] usb 6-1: Using ep0 maxpacket: 16
[  851.231609][T12848] binder: 12845:12848 ioctl c0306201 0 returned -14
[  852.480592][ T5490] usb 6-1: unable to read config index 0 descriptor/all
[  852.582024][ T5490] usb 6-1: can't read configurations, error -71
[  853.062577][T12865] IPv6: Can't replace route, no match found
[  853.535298][T12869] sg_write: data in/out 524252/17 bytes for SCSI command 0x1-- guessing data in;
[  853.535298][T12869]    program syz.7.2380 not setting count and/or reply_len properly
[  856.532800][T12901] kernel read not supported for file / 
�7���âW)�s���!Q���fs�l{T�r�)r��O���2:"��T+͟v|�ղDvc���֠�6�x�c: (pid: 12901 comm: syz.7.2390)
[  856.547741][   T26] kauditd_printk_skb: 9 callbacks suppressed
[  856.547753][   T26] audit: type=1800 audit(1749301891.100:80): pid=12901 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed comm="syz.7.2390" name=20019C1437B3CFFCC3A25729EB7393A7C721518FF6ECA56673F56C7B548772D22972A7D6084F9A98F5323A22F412C0542BCD9F767C8DD5B24476638E93D8D6A0C536D278E3633A dev="mqueue" ino=65113 res=0 errno=0
[  858.972610][T12912] binder: 12906:12912 ioctl 4018620d 0 returned -22
[  858.979830][T12912] binder: 12906:12912 ioctl c0306201 0 returned -14
[  858.988324][T12912] binder: 12906:12912 ioctl c0306201 200000000c00 returned -14
[  860.234560][   T26] audit: type=1326 audit(1749301894.790:81): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=12927 comm="syz.6.2398" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fd75c81c929 code=0x7ffc0000
[  860.256791][    C1] vkms_vblank_simulate: vblank timer overrun
[  861.363145][   T26] audit: type=1326 audit(1749301895.510:82): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=12927 comm="syz.6.2398" exe="/root/syz-executor" sig=0 arch=c000003e syscall=433 compat=0 ip=0x7fd75c81c929 code=0x7ffc0000
[  861.398622][   T26] audit: type=1326 audit(1749301895.510:83): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=12927 comm="syz.6.2398" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fd75c81c929 code=0x7ffc0000
[  861.435577][   T26] audit: type=1326 audit(1749301895.510:84): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=12927 comm="syz.6.2398" exe="/root/syz-executor" sig=0 arch=c000003e syscall=257 compat=0 ip=0x7fd75c81b290 code=0x7ffc0000
[  861.719017][ T4208] usb 6-1: new high-speed USB device number 17 using dummy_hcd
[  862.656825][   T26] audit: type=1326 audit(1749301895.510:85): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=12927 comm="syz.6.2398" exe="/root/syz-executor" sig=0 arch=c000003e syscall=257 compat=0 ip=0x7fd75c81b290 code=0x7ffc0000
[  862.670659][ T4208] usb 6-1: config 1 has too many interfaces: 66, using maximum allowed: 32
[  863.333573][   T26] audit: type=1326 audit(1749301895.510:86): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=12927 comm="syz.6.2398" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fd75c81c929 code=0x7ffc0000
[  863.392587][ T4208] usb 6-1: config 1 has an invalid descriptor of length 55, skipping remainder of the config
[  863.416172][   T26] audit: type=1326 audit(1749301895.510:87): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=12927 comm="syz.6.2398" exe="/root/syz-executor" sig=0 arch=c000003e syscall=302 compat=0 ip=0x7fd75c81c929 code=0x7ffc0000
[  863.420539][ T4208] usb 6-1: config 1 has 1 interface, different from the descriptor's value: 66
[  863.460524][ T4208] usb 6-1: config 1 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 52, changing to 9
[  863.471899][ T4208] usb 6-1: config 1 interface 0 altsetting 0 endpoint 0x81 has invalid maxpacket 8241, setting to 1024
[  863.570834][   T26] audit: type=1326 audit(1749301895.510:88): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=12927 comm="syz.6.2398" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fd75c81c929 code=0x7ffc0000
[  863.610837][ T4208] usb 6-1: New USB device found, idVendor=7d25, idProduct=a415, bcdDevice= 0.40
[  863.635215][ T4208] usb 6-1: New USB device strings: Mfr=1, Product=4, SerialNumber=0
[  863.771179][   T26] audit: type=1326 audit(1749301895.510:89): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=12927 comm="syz.6.2398" exe="/root/syz-executor" sig=0 arch=c000003e syscall=144 compat=0 ip=0x7fd75c81c929 code=0x7ffc0000
[  864.455283][ T4208] usb 6-1: Product: syz
[  864.459679][ T4208] usb 6-1: Manufacturer: syz
[  864.940679][ T4208] usb 6-1: can't set config #1, error -71
[  864.952333][ T4208] usb 6-1: USB disconnect, device number 17
[  865.054396][   T26] audit: type=1326 audit(1749301895.510:90): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=12927 comm="syz.6.2398" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fd75c81c929 code=0x7ffc0000
[  865.236323][   T26] audit: type=1326 audit(1749301895.510:91): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=12927 comm="syz.6.2398" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fd75c81c929 code=0x7ffc0000
[  865.487369][   T26] audit: type=1326 audit(1749301895.520:92): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=12927 comm="syz.6.2398" exe="/root/syz-executor" sig=0 arch=c000003e syscall=157 compat=0 ip=0x7fd75c81c929 code=0x7ffc0000
[  865.739941][T12977] binder: 12974:12977 ioctl 4018620d 0 returned -22
[  865.748530][T12977] binder: 12974:12977 ioctl c0306201 0 returned -14
[  865.760327][T12977] binder: 12974:12977 ioctl c0306201 200000000c00 returned -14
[  866.104657][   T26] audit: type=1326 audit(1749301895.520:93): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=12927 comm="syz.6.2398" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fd75c81c929 code=0x7ffc0000
[  866.162470][   T26] audit: type=1326 audit(1749301895.520:94): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=12927 comm="syz.6.2398" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fd75c81c929 code=0x7ffc0000
[  866.191776][T12981] netlink: 452 bytes leftover after parsing attributes in process `syz.5.2412'.
[  866.231978][T12957] netlink: 12 bytes leftover after parsing attributes in process `syz.1.2406'.
[  866.366177][T12988] netlink: 4 bytes leftover after parsing attributes in process `syz.5.2415'.
[  866.428544][T12988] netlink: 12 bytes leftover after parsing attributes in process `syz.5.2415'.
[  866.575097][T12997] netlink: 12 bytes leftover after parsing attributes in process `syz.6.2417'.
[  866.702003][ T4210] usb 5-1: new low-speed USB device number 22 using dummy_hcd
[  867.910897][ T4210] usb 5-1: New USB device found, idVendor=1557, idProduct=7720, bcdDevice=b7.eb
[  867.944810][ T4210] usb 5-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  868.323803][T13013] netlink: 'syz.7.2419': attribute type 10 has an invalid length.
[  868.331780][T13013] netlink: 40 bytes leftover after parsing attributes in process `syz.7.2419'.
[  868.342534][T13013] device bond0 entered promiscuous mode
[  868.348198][T13013] device bond_slave_0 entered promiscuous mode
[  868.354790][T13013] device bond_slave_1 entered promiscuous mode
[  868.362121][T13013] bridge0: port 3(bond0) entered blocking state
[  868.368536][T13013] bridge0: port 3(bond0) entered disabled state
[  868.380825][T13013] bridge0: port 3(bond0) entered blocking state
[  868.387103][T13013] bridge0: port 3(bond0) entered forwarding state
[  868.974878][ T4210] usb 5-1: config 0 descriptor??
[  869.768241][ T1420] ieee802154 phy0 wpan0: encryption failed: -22
[  869.790641][ T1420] ieee802154 phy1 wpan1: encryption failed: -22
[  871.350980][ T4210] asix 5-1:0.0 (unnamed net_device) (uninitialized): Failed to write reg index 0x0000: -71
[  871.588061][ T4210] asix 5-1:0.0 (unnamed net_device) (uninitialized): Failed to send software reset: ffffffb9
[  871.603970][ T4210] asix: probe of 5-1:0.0 failed with error -71
[  872.000483][T13042] binder: 13032:13042 ioctl 4018620d 0 returned -22
[  872.009074][T13042] binder: 13032:13042 ioctl c0306201 0 returned -14
[  872.020662][T13042] binder: 13032:13042 ioctl c0306201 200000000c00 returned -14
[  872.219711][ T4210] usb 5-1: USB disconnect, device number 22
[  872.532896][T13052] netlink: 12 bytes leftover after parsing attributes in process `syz.6.2430'.
[  874.515327][T13082] xt_CT: You must specify a L4 protocol and not use inversions on it
[  874.593362][T13084] netlink: 12 bytes leftover after parsing attributes in process `syz.1.2438'.
[  877.580728][ T4210] usb 8-1: new high-speed USB device number 5 using dummy_hcd
[  878.672129][ T4210] usb 8-1: config 0 interface 0 altsetting 185 endpoint 0x81 has invalid wMaxPacketSize 0
[  878.707563][ T4210] usb 8-1: config 0 interface 0 has no altsetting 0
[  878.721724][ T4210] usb 8-1: New USB device found, idVendor=05ac, idProduct=027a, bcdDevice= 0.00
[  878.846028][ T4210] usb 8-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  878.862972][ T4210] usb 8-1: config 0 descriptor??
[  878.952889][T13123] nvme_fabrics: unknown parameter or missing value '#! ./file0' in ctrl creation request
[  879.113627][T13129] ptrace attach of "./syz-executor exec"[4174] was attempted by "./syz-executor exec"[13129]
[  879.150600][ T4210] usbhid 8-1:0.0: can't add hid device: -71
[  879.949287][ T4210] usbhid: probe of 8-1:0.0 failed with error -71
[  879.979246][ T4210] usb 8-1: USB disconnect, device number 5
[  881.290535][ T4210] usb 8-1: new high-speed USB device number 6 using dummy_hcd
[  882.030905][T12131] Bluetooth: hci3: command 0x0406 tx timeout
[  882.290548][ T4210] usb 8-1: Using ep0 maxpacket: 32
[  882.465832][ T4210] usb 8-1: New USB device found, idVendor=0fd9, idProduct=0025, bcdDevice=29.40
[  882.612779][ T4210] usb 8-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  882.649727][ T4210] usb 8-1: config 0 descriptor??
[  882.972201][ T4210] dvb-usb: found a 'Elgato EyeTV Sat' in warm state.
[  883.246081][ T4210] dvb-usb: will pass the complete MPEG2 transport stream to the software demuxer.
[  883.280915][ T4210] dvbdev: DVB: registering new adapter (Elgato EyeTV Sat)
[  883.288292][ T4210] usb 8-1: media controller created
[  883.305239][ T4210] dvbdev: dvb_create_media_entity: media entity 'dvb-demux' registered.
[  883.351981][ T4210] az6027: usb out operation failed. (-71)
[  883.380584][ T4210] az6027: usb out operation failed. (-71)
[  883.386358][ T4210] stb0899_attach: Driver disabled by Kconfig
[  883.404539][ T4210] az6027: no front-end attached
[  883.404539][ T4210] 
[  883.430573][ T4210] az6027: usb out operation failed. (-71)
[  883.436641][ T4210] dvb-usb: no frontend was attached by 'Elgato EyeTV Sat'
[  883.467624][ T4210] input: IR-receiver inside an USB DVB receiver as /devices/platform/dummy_hcd.7/usb8/8-1/input/input11
[  883.497372][ T4210] dvb-usb: schedule remote query interval to 400 msecs.
[  883.525981][ T4210] dvb-usb: Elgato EyeTV Sat successfully initialized and connected.
[  883.566405][ T4210] usb 8-1: USB disconnect, device number 6
[  883.583665][T13173] ptrace attach of "./syz-executor exec"[5715] was attempted by "./syz-executor exec"[13173]
[  883.650574][ T4210] dvb-usb: Elgato EyeTV Sat successfully deinitialized and disconnected.
[  883.951703][T13180] nf_conntrack: default automatic helper assignment has been turned off for security reasons and CT-based firewall rule not found. Use the iptables CT target to attach helpers instead.
[  886.633360][T13195] overlayfs: fs on './file0' does not support file handles, falling back to index=off,nfs_export=off.
[  886.644574][T13195] overlayfs: "xino" feature enabled using 2 upper inode bits.
[  887.834157][T13215] ptrace attach of "./syz-executor exec"[4174] was attempted by "./syz-executor exec"[13215]
[  887.849039][T13213] ksmbd: Unknown IPC event: 6, ignore.
[  890.971305][T13240] netlink: 12 bytes leftover after parsing attributes in process `syz.5.2486'.
[  891.760558][ T5490] usb 5-1: new high-speed USB device number 23 using dummy_hcd
[  891.918272][T13252] binder: 13247:13252 ioctl c0306201 0 returned -14
[  891.929181][T13252] binder: 13247:13252 ioctl c0306201 200000000c00 returned -14
[  892.430771][T13256] netlink: 8 bytes leftover after parsing attributes in process `syz.1.2492'.
[  892.440867][T13256] IPv6: RTM_NEWROUTE with no NLM_F_CREATE or NLM_F_REPLACE
[  892.538680][T13261] overlayfs: fs on './file0' does not support file handles, falling back to index=off,nfs_export=off.
[  892.549808][T13261] overlayfs: "xino" feature enabled using 2 upper inode bits.
[  892.748454][T13264] ptrace attach of "./syz-executor exec"[4168] was attempted by " ��      ��      �      ��      ��      ��      ��              ��      ��      ��                 ����                                                                                                                                                                                                                                                                                                                                                                                                                           "[13264]
[  892.841403][ T5490] usb 5-1: too many configurations: 9, using maximum allowed: 8
[  893.255509][ T5490] usb 5-1: config 0 has 1 interface, different from the descriptor's value: 9
[  893.284561][ T5490] usb 5-1: config 0 interface 0 altsetting 2 endpoint 0x8D has an invalid bInterval 0, changing to 7
[  893.300633][ T5490] usb 5-1: config 0 interface 0 has no altsetting 0
[  893.490719][ T5490] usb 5-1: config 0 has 1 interface, different from the descriptor's value: 9
[  893.533711][ T5490] usb 5-1: config 0 interface 0 altsetting 2 endpoint 0x8D has an invalid bInterval 0, changing to 7
[  893.546067][ T5490] usb 5-1: config 0 interface 0 has no altsetting 0
[  893.736664][ T5490] usb 5-1: config 0 has 1 interface, different from the descriptor's value: 9
[  895.122686][ T5490] usb 5-1: config 0 interface 0 altsetting 2 endpoint 0x8D has an invalid bInterval 0, changing to 7
[  895.284789][ T5490] usb 5-1: config 0 interface 0 has no altsetting 0
[  895.771924][ T5490] usb 5-1: unable to read config index 3 descriptor/start: -71
[  896.078884][ T5490] usb 5-1: can't read configurations, error -71
[  896.587057][T13297] netlink: 8 bytes leftover after parsing attributes in process `syz.6.2504'.
[  896.597946][T13297] IPv6: RTM_NEWROUTE with no NLM_F_CREATE or NLM_F_REPLACE
[  896.821755][T13306] overlayfs: fs on './file0' does not support file handles, falling back to index=off,nfs_export=off.
[  896.833006][T13306] overlayfs: "xino" feature enabled using 2 upper inode bits.
[  897.222883][T13307] binder: 13301:13307 ioctl c0306201 0 returned -14
[  897.234331][T13307] binder: 13301:13307 ioctl c0306201 200000000c00 returned -14
[  898.002320][T13305] netlink: 12 bytes leftover after parsing attributes in process `syz.6.2507'.
[  898.364642][T13318] xt_CT: You must specify a L4 protocol and not use inversions on it
[  899.440693][ T5490] usb 2-1: new high-speed USB device number 14 using dummy_hcd
[  900.201162][ T4208] usb 5-1: new high-speed USB device number 25 using dummy_hcd
[  900.700736][ T5490] usb 2-1: config 1 has too many interfaces: 66, using maximum allowed: 32
[  900.709423][ T5490] usb 2-1: config 1 has an invalid descriptor of length 55, skipping remainder of the config
[  901.340712][ T5490] usb 2-1: config 1 has 1 interface, different from the descriptor's value: 66
[  901.370580][ T5490] usb 2-1: config 1 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 52, changing to 9
[  901.382969][ T5490] usb 2-1: config 1 interface 0 altsetting 0 endpoint 0x81 has invalid maxpacket 8241, setting to 1024
[  901.390540][ T4208] usb 5-1: Using ep0 maxpacket: 32
[  901.570706][ T5490] usb 2-1: New USB device found, idVendor=7d25, idProduct=a415, bcdDevice= 0.40
[  901.605356][ T5490] usb 2-1: New USB device strings: Mfr=1, Product=4, SerialNumber=0
[  901.640781][ T4208] usb 5-1: config 0 interface 0 altsetting 0 bulk endpoint 0x85 has invalid maxpacket 1024
[  901.657646][ T5490] usb 2-1: Product: syz
[  901.695822][ T5490] usb 2-1: Manufacturer: syz
[  901.802427][ T5490] cdc_wdm 2-1:1.0: skipping garbage
[  901.807669][ T5490] cdc_wdm 2-1:1.0: skipping garbage
[  901.820659][ T4208] usb 5-1: New USB device found, idVendor=12d8, idProduct=0001, bcdDevice=de.79
[  901.830934][ T5490] cdc_wdm 2-1:1.0: cdc-wdm0: USB WDM device
[  901.864368][ T5490] cdc_wdm 2-1:1.0: Unknown control protocol
[  902.222145][T13346] binder: 13343:13346 ioctl c0306201 0 returned -14
[  902.233375][T13346] binder: 13343:13346 ioctl c0306201 200000000c00 returned -14
[  902.656570][ T4208] usb 5-1: New USB device strings: Mfr=1, Product=236, SerialNumber=2
[  902.664847][ T4208] usb 5-1: Product: syz
[  902.669017][ T4208] usb 5-1: Manufacturer: syz
[  902.673692][ T4208] usb 5-1: SerialNumber: syz
[  902.682501][ T4208] usb 5-1: config 0 descriptor??
[  902.690704][ T5490] usb 2-1: USB disconnect, device number 14
[  902.861470][ T4208] usb 5-1: can't set config #0, error -71
[  902.887193][ T4208] usb 5-1: USB disconnect, device number 25
[  943.290067][ T1420] ieee802154 phy0 wpan0: encryption failed: -22
[  943.296438][ T1420] ieee802154 phy1 wpan1: encryption failed: -22
[ 1008.410372][    C0] rcu: INFO: rcu_preempt self-detected stall on CPU
[ 1008.416983][    C0] rcu: 	0-...!: (10501 ticks this GP) idle=7b5/1/0x4000000000000000 softirq=38517/38517 fqs=0 
[ 1008.428435][    C0] 	(t=10502 jiffies g=52553 q=12)
[ 1008.433445][    C0] rcu: rcu_preempt kthread timer wakeup didn't happen for 10502 jiffies! g52553 f0x0 RCU_GP_WAIT_FQS(5) ->state=0x402
[ 1008.445745][    C0] rcu: 	Possible timer handling issue on cpu=0 timer-softirq=53236
[ 1008.453609][    C0] rcu: rcu_preempt kthread starved for 10505 jiffies! g52553 f0x0 RCU_GP_WAIT_FQS(5) ->state=0x402 ->cpu=0
[ 1008.464946][    C0] rcu: 	Unless rcu_preempt kthread gets sufficient CPU time, OOM is now expected behavior.
[ 1008.474919][    C0] rcu: RCU grace-period kthread stack dump:
[ 1008.480787][    C0] task:rcu_preempt     state:I stack:27584 pid:   15 ppid:     2 flags:0x00004000
[ 1008.489969][    C0] Call Trace:
[ 1008.493225][    C0]  <TASK>
[ 1008.496139][    C0]  __schedule+0x11b8/0x43b0
[ 1008.500626][    C0]  ? schedule_preempt_disabled+0x20/0x20
[ 1008.506244][    C0]  ? _raw_spin_unlock_irqrestore+0xf6/0x100
[ 1008.512117][    C0]  ? _raw_spin_unlock+0x40/0x40
[ 1008.516950][    C0]  ? rcu_is_watching+0x11/0xa0
[ 1008.521691][    C0]  ? release_firmware_map_entry+0x190/0x190
[ 1008.527571][    C0]  schedule+0x11b/0x1e0
[ 1008.531708][    C0]  schedule_timeout+0x15c/0x280
[ 1008.536537][    C0]  ? console_conditional_schedule+0x40/0x40
[ 1008.542408][    C0]  ? update_process_times+0x200/0x200
[ 1008.547761][    C0]  ? prepare_to_swait_event+0x331/0x350
[ 1008.553289][    C0]  rcu_gp_fqs_loop+0x29e/0x11b0
[ 1008.558118][    C0]  ? lockdep_hardirqs_on+0x94/0x140
[ 1008.563300][    C0]  ? rcu_gp_init+0xd58/0x10e0
[ 1008.567961][    C0]  ? rcu_gp_init+0x10e0/0x10e0
[ 1008.573409][    C0]  ? _raw_spin_unlock_irq+0x1f/0x40
[ 1008.578595][    C0]  ? lockdep_hardirqs_on+0x94/0x140
[ 1008.583776][    C0]  rcu_gp_kthread+0x98/0x350
[ 1008.588345][    C0]  ? rcu_report_qs_rsp+0x1a0/0x1a0
[ 1008.593453][    C0]  ? _raw_spin_unlock_irqrestore+0xaa/0x100
[ 1008.599328][    C0]  ? __kthread_parkme+0x157/0x1b0
[ 1008.604339][    C0]  kthread+0x436/0x520
[ 1008.608477][    C0]  ? rcu_report_qs_rsp+0x1a0/0x1a0
[ 1008.613571][    C0]  ? kthread_blkcg+0xd0/0xd0
[ 1008.618139][    C0]  ret_from_fork+0x1f/0x30
[ 1008.622543][    C0]  </TASK>
[ 1008.625539][    C0] rcu: Stack dump where RCU GP kthread last ran:
[ 1008.631837][    C0] NMI backtrace for cpu 0
[ 1008.636146][    C0] CPU: 0 PID: 13358 Comm: syz.4.2522 Not tainted 5.15.185-syzkaller #0
[ 1008.644364][    C0] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025
[ 1008.654402][    C0] Call Trace:
[ 1008.657667][    C0]  <IRQ>
[ 1008.660495][    C0]  dump_stack_lvl+0x168/0x230
[ 1008.665159][    C0]  ? show_regs_print_info+0x20/0x20
[ 1008.670337][    C0]  ? load_image+0x3b0/0x3b0
[ 1008.674831][    C0]  nmi_cpu_backtrace+0x397/0x3d0
[ 1008.679757][    C0]  ? nmi_trigger_cpumask_backtrace+0x280/0x280
[ 1008.685896][    C0]  ? _printk+0xcc/0x110
[ 1008.690034][    C0]  ? cpu_online+0x1d/0x30
[ 1008.694343][    C0]  ? load_image+0x3b0/0x3b0
[ 1008.698832][    C0]  ? arch_trigger_cpumask_backtrace+0x10/0x10
[ 1008.705025][    C0]  nmi_trigger_cpumask_backtrace+0x163/0x280
[ 1008.710997][    C0]  rcu_check_gp_kthread_starvation+0x1cd/0x250
[ 1008.717134][    C0]  print_cpu_stall+0x318/0x5f0
[ 1008.721881][    C0]  rcu_sched_clock_irq+0x6d8/0x1110
[ 1008.727072][    C0]  ? rcutree_dead_cpu+0x20/0x20
[ 1008.731905][    C0]  ? account_process_tick+0x227/0x3a0
[ 1008.737267][    C0]  update_process_times+0x193/0x200
[ 1008.742445][    C0]  tick_sched_timer+0x37d/0x560
[ 1008.747274][    C0]  __hrtimer_run_queues+0x4fe/0xc40
[ 1008.752455][    C0]  ? tick_setup_sched_timer+0x2c0/0x2c0
[ 1008.757986][    C0]  ? hrtimer_interrupt+0x8d0/0x8d0
[ 1008.763076][    C0]  ? ktime_get_update_offsets_now+0x3ce/0x3e0
[ 1008.769126][    C0]  hrtimer_interrupt+0x3bb/0x8d0
[ 1008.774058][    C0]  __sysvec_apic_timer_interrupt+0x137/0x4a0
[ 1008.780015][    C0]  sysvec_apic_timer_interrupt+0x9b/0xc0
[ 1008.785626][    C0]  </IRQ>
[ 1008.788539][    C0]  <TASK>
[ 1008.791452][    C0]  asm_sysvec_apic_timer_interrupt+0x16/0x20
[ 1008.797421][    C0] RIP: 0010:syscall_enter_from_user_mode+0x2a/0x70
[ 1008.803904][    C0] Code: 41 56 53 48 89 f3 49 89 fe 48 8b 7c 24 10 e8 3d f6 ff ff eb 31 eb 35 e8 44 6a dc f7 e8 3f 68 dc f7 fb 65 48 8b 05 c6 f7 60 76 <48> 8b 70 08 40 f6 c6 3f 74 0b 4c 89 f7 5b 41 5e e9 a1 9f c4 f7 48
[ 1008.823492][    C0] RSP: 0018:ffffc90003357f08 EFLAGS: 00000286
[ 1008.829539][    C0] RAX: ffff888051300000 RBX: 000000000000000f RCX: c285d05c62507700
[ 1008.837606][    C0] RDX: dffffc0000000000 RSI: ffffffff8a0b11c0 RDI: ffffffff8a59a740
[ 1008.845562][    C0] RBP: ffffc90003357f48 R08: dffffc0000000000 R09: fffffbfff1ad157e
[ 1008.853514][    C0] R10: fffffbfff1ad157e R11: 1ffffffff1ad157d R12: 0000000000000000
[ 1008.861467][    C0] R13: 0000000000000000 R14: ffffc90003357f58 R15: 0000000000000000
[ 1008.869433][    C0]  ? syscall_enter_from_user_mode+0x21/0x70
[ 1008.875400][    C0]  do_syscall_64+0x24/0xa0
[ 1008.879794][    C0]  ? clear_bhb_loop+0x30/0x80
[ 1008.884453][    C0]  ? clear_bhb_loop+0x30/0x80
[ 1008.889108][    C0]  entry_SYSCALL_64_after_hwframe+0x66/0xd0
[ 1008.894986][    C0] RIP: 0033:0x7f4fe9be7b19
[ 1008.899382][    C0] Code: 64 c7 00 16 00 00 00 b8 ff ff ff ff c3 0f 1f 40 00 90 66 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 c7 c0 0f 00 00 00 0f 05 <0f> 1f 80 00 00 00 00 48 81 ec 48 01 00 00 49 89 d0 64 48 8b 04 25
[ 1008.918971][    C0] RSP: 002b:00007f4fe7a91a80 EFLAGS: 00000202 ORIG_RAX: 000000000000000f
[ 1008.927366][    C0] RAX: ffffffffffffffda RBX: 00007f4fe9e73080 RCX: 00007f4fe9be7b19
[ 1008.935314][    C0] RDX: 00007f4fe7a91a80 RSI: 00007f4fe7a91bb0 RDI: 0000000000000021
[ 1008.943276][    C0] RBP: 00007f4fe9ccdb39 R08: 0000000000000000 R09: 0000000000000000
[ 1008.951223][    C0] R10: 0000000000000000 R11: 0000000000000202 R12: 0000000000000000
[ 1008.959171][    C0] R13: 0000000000000000 R14: 00007f4fe9e73080 R15: 00007ffedf34a958
[ 1008.967130][    C0]  </TASK>
[ 1008.970152][    C0] NMI backtrace for cpu 0
[ 1008.974453][    C0] CPU: 0 PID: 13358 Comm: syz.4.2522 Not tainted 5.15.185-syzkaller #0
[ 1008.982667][    C0] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025
[ 1008.992697][    C0] Call Trace:
[ 1008.995953][    C0]  <IRQ>
[ 1008.998867][    C0]  dump_stack_lvl+0x168/0x230
[ 1009.003528][    C0]  ? show_regs_print_info+0x20/0x20
[ 1009.008704][    C0]  ? load_image+0x3b0/0x3b0
[ 1009.013191][    C0]  ? try_to_wake_up+0x69d/0x1050
[ 1009.018111][    C0]  nmi_cpu_backtrace+0x397/0x3d0
[ 1009.023026][    C0]  ? nmi_trigger_cpumask_backtrace+0x280/0x280
[ 1009.029162][    C0]  ? _raw_spin_lock_irqsave+0xb0/0xf0
[ 1009.034519][    C0]  ? _raw_spin_lock+0x40/0x40
[ 1009.039175][    C0]  ? arch_trigger_cpumask_backtrace+0x10/0x10
[ 1009.045225][    C0]  nmi_trigger_cpumask_backtrace+0x163/0x280
[ 1009.051186][    C0]  rcu_dump_cpu_stacks+0x22f/0x380
[ 1009.056280][    C0]  print_cpu_stall+0x31d/0x5f0
[ 1009.061020][    C0]  rcu_sched_clock_irq+0x6d8/0x1110
[ 1009.066199][    C0]  ? rcutree_dead_cpu+0x20/0x20
[ 1009.071031][    C0]  ? account_process_tick+0x227/0x3a0
[ 1009.076381][    C0]  update_process_times+0x193/0x200
[ 1009.081555][    C0]  tick_sched_timer+0x37d/0x560
[ 1009.086388][    C0]  __hrtimer_run_queues+0x4fe/0xc40
[ 1009.091570][    C0]  ? tick_setup_sched_timer+0x2c0/0x2c0
[ 1009.097096][    C0]  ? hrtimer_interrupt+0x8d0/0x8d0
[ 1009.102296][    C0]  ? ktime_get_update_offsets_now+0x3ce/0x3e0
[ 1009.108343][    C0]  hrtimer_interrupt+0x3bb/0x8d0
[ 1009.113292][    C0]  __sysvec_apic_timer_interrupt+0x137/0x4a0
[ 1009.119252][    C0]  sysvec_apic_timer_interrupt+0x9b/0xc0
[ 1009.124867][    C0]  </IRQ>
[ 1009.127774][    C0]  <TASK>
[ 1009.130681][    C0]  asm_sysvec_apic_timer_interrupt+0x16/0x20
[ 1009.136635][    C0] RIP: 0010:syscall_enter_from_user_mode+0x2a/0x70
[ 1009.143112][    C0] Code: 41 56 53 48 89 f3 49 89 fe 48 8b 7c 24 10 e8 3d f6 ff ff eb 31 eb 35 e8 44 6a dc f7 e8 3f 68 dc f7 fb 65 48 8b 05 c6 f7 60 76 <48> 8b 70 08 40 f6 c6 3f 74 0b 4c 89 f7 5b 41 5e e9 a1 9f c4 f7 48
[ 1009.162691][    C0] RSP: 0018:ffffc90003357f08 EFLAGS: 00000286
[ 1009.168734][    C0] RAX: ffff888051300000 RBX: 000000000000000f RCX: c285d05c62507700
[ 1009.176685][    C0] RDX: dffffc0000000000 RSI: ffffffff8a0b11c0 RDI: ffffffff8a59a740
[ 1009.184635][    C0] RBP: ffffc90003357f48 R08: dffffc0000000000 R09: fffffbfff1ad157e
[ 1009.192586][    C0] R10: fffffbfff1ad157e R11: 1ffffffff1ad157d R12: 0000000000000000
[ 1009.200534][    C0] R13: 0000000000000000 R14: ffffc90003357f58 R15: 0000000000000000
[ 1009.208496][    C0]  ? syscall_enter_from_user_mode+0x21/0x70
[ 1009.214393][    C0]  do_syscall_64+0x24/0xa0
[ 1009.218791][    C0]  ? clear_bhb_loop+0x30/0x80
[ 1009.223448][    C0]  ? clear_bhb_loop+0x30/0x80
[ 1009.228100][    C0]  entry_SYSCALL_64_after_hwframe+0x66/0xd0
[ 1009.233969][    C0] RIP: 0033:0x7f4fe9be7b19
[ 1009.238390][    C0] Code: 64 c7 00 16 00 00 00 b8 ff ff ff ff c3 0f 1f 40 00 90 66 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 c7 c0 0f 00 00 00 0f 05 <0f> 1f 80 00 00 00 00 48 81 ec 48 01 00 00 49 89 d0 64 48 8b 04 25
[ 1009.257976][    C0] RSP: 002b:00007f4fe7a91a80 EFLAGS: 00000202 ORIG_RAX: 000000000000000f
[ 1009.266363][    C0] RAX: ffffffffffffffda RBX: 00007f4fe9e73080 RCX: 00007f4fe9be7b19
[ 1009.274312][    C0] RDX: 00007f4fe7a91a80 RSI: 00007f4fe7a91bb0 RDI: 0000000000000021
[ 1009.282261][    C0] RBP: 00007f4fe9ccdb39 R08: 0000000000000000 R09: 0000000000000000
[ 1009.290210][    C0] R10: 0000000000000000 R11: 0000000000000202 R12: 0000000000000000
[ 1009.298154][    C0] R13: 0000000000000000 R14: 00007f4fe9e73080 R15: 00007ffedf34a958
[ 1009.306109][    C0]  </TASK>