last executing test programs:

3m42.231830793s ago: executing program 1 (id=888):
r0 = socket(0x22, 0x2, 0x3)
ioctl$PPPOEIOCDFWD(r0, 0x80044944, 0x1000000000000)
r1 = socket$kcm(0x10, 0x3, 0x10)
sendmsg$nl_route_sched(0xffffffffffffffff, &(0x7f0000000340)={0x0, 0x0, &(0x7f00000002c0)={&(0x7f0000000040)=@newtaction={0x60, 0x30, 0x0, 0x0, 0x0, {}, [{0x4c, 0x1, [@m_ctinfo={0xfffffffffffffeb8, 0x0, 0x0, 0x0, {{0xb}, {0x1c, 0x2, 0x0, 0x1, [@TCA_CTINFO_ZONE]}, {0x4}, {0xfffffffffffffeb6}, {0xc}}}]}]}, 0xfffffffffffffed8}}, 0x0)
r2 = socket$inet_smc(0x2b, 0x1, 0x0)
bind$inet(r2, &(0x7f0000000140)={0x2, 0x4e22, @multicast2}, 0x10)
connect$inet(r2, &(0x7f0000000000)={0x2, 0x4e22, @local}, 0x10)
setsockopt$SO_BINDTODEVICE_wg(r2, 0x1, 0x19, &(0x7f0000000100)='wg0\x00', 0x4)
prctl$PR_SET_SYSCALL_USER_DISPATCH_ON(0x3b, 0x1, 0x0, 0x0, &(0x7f0000006680))
accept4$bt_l2cap(0xffffffffffffffff, 0x0, 0x0, 0x0)
r3 = socket$inet_smc(0x2b, 0x1, 0x0)
bind$inet(r3, &(0x7f0000000140)={0x2, 0x4e22, @multicast2}, 0x10)
connect$inet(r3, &(0x7f0000000000)={0x2, 0x4e22, @local}, 0x10)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0)
r4 = io_uring_setup(0x25f3, &(0x7f0000000340)={0x0, 0x0, 0x2, 0x0, 0x257})
recvmsg$kcm(0xffffffffffffffff, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000001640), 0x0, 0x0, 0x0, 0xffffffc3}, 0x0)
io_uring_enter(r4, 0x2000000, 0x2, 0xf, &(0x7f0000000000), 0x18)
r5 = socket$nl_sock_diag(0x10, 0x3, 0x4)
sendmsg$TCPDIAG_GETSOCK(r5, &(0x7f00000004c0)={0x0, 0x0, &(0x7f0000000180)={&(0x7f0000000e80)=ANY=[@ANYBLOB="4c0000001200010300000000fd08000000000000030200"/46, @ANYBLOB="52560e3c9193566cbc010886ea8024e2eb1dd8134879ed"], 0x4c}}, 0x48010)
sendmsg$kcm(r1, &(0x7f0000000000)={0x0, 0xd18c9b25, &(0x7f0000000080)=[{&(0x7f0000000040)="e03f03003b000b05d25a806c8c6394f90224fc60100005000a000200053582c137153e37000c0180fc0b10000500", 0x33fe0}], 0x1}, 0x0)
openat$cgroup_type(0xffffffffffffffff, &(0x7f00000000c0), 0x2, 0x0)

3m40.813945515s ago: executing program 1 (id=893):
setsockopt$SO_TIMESTAMPING(0xffffffffffffffff, 0x1, 0x25, &(0x7f0000000080)=0x3c4e, 0x4) (async)
r0 = socket$can_raw(0x1d, 0x3, 0x1)
ioctl$ifreq_SIOCGIFINDEX_vcan(r0, 0x8933, &(0x7f0000000000)={'vxcan1\x00'}) (async)
r1 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000040), 0x0, 0x0)
setsockopt$inet_mreqn(0xffffffffffffffff, 0x0, 0x0, &(0x7f0000000000)={@multicast1, @local}, 0xc)
r2 = ioctl$KVM_CREATE_VM(r1, 0xae01, 0x0)
r3 = ioctl$KVM_CREATE_VCPU(r2, 0xae41, 0x0)
ioctl$KVM_SET_USER_MEMORY_REGION(r2, 0x4020ae46, &(0x7f0000000180)={0x0, 0x0, 0x0, 0x2000, &(0x7f0000000000/0x2000)=nil}) (async)
ioctl$KVM_NMI(r3, 0xae9a) (async)
setsockopt$sock_int(0xffffffffffffffff, 0x1, 0x28, &(0x7f00000000c0)=0xfffffc00, 0x4) (async)
bpf$PROG_LOAD(0x5, &(0x7f0000000240)={0x3, 0x4, &(0x7f00000008c0)=ANY=[@ANYBLOB="b7050000000000006110480000000000dc0500002000000095000000000000009abb1723bf24203831c9545b21c751ee4024f479cbe4b89f9808837203000000000000c2d182c7a3221481f5009edaf5f5ac058299e10e790a198f42a715b99fb3d2a73dd025848710155ad1efd7d991408000000000000085a0db0401fa29e075b7ab0408a0d8cfceeb23465bb027ee1151c02af21d8f9aa57e673a6724441d08087aff070eda8abef22b3a806c8226f5a2886c93bd29b37252ba4a6e9cc5f69e75680c431aa855e487ae513abd6c4ee973fce29a26018ed5e0780f8778a602a3533a3dac7da4fe491edf3abfa7bf871c58848ac46ada6776bd9b85df01e626026a59ddfa7a9c879acbfb0bf426785dec7d8611dc850df49ed8633bdb83dd505fb20649f53841a0e200c91f5bf1bb186ed87efc7b6f8859d029c8376ca19265e281fea0a6fd2222f8850c8445758503ede0ce1b3f73ecd8989e8c53c5e679b13802bddf80f3b1d07d6d68bfa12ab34697d40ac1150a842f8bb381344b994c19642a10eb30845a993daaa8bd4aebc595475feb3475d8e802498382e73edb98fcf2df96ab3c870490c4"], &(0x7f00000002c0)='syzkaller\x00', 0x5, 0xfd90, &(0x7f0000000300)=""/195, 0x0, 0x0, '\x00', 0x0, @sched_cls, 0xffffffffffffffff, 0x8, &(0x7f0000000000), 0x1f3, 0x10, &(0x7f0000000080), 0xfffffffffffffc79, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x48) (async)
ioctl$KVM_SET_REGS(r3, 0x4090ae82, &(0x7f0000000380)={[0x0, 0x100000000, 0x0, 0x0, 0x0, 0x0, 0x2004c8, 0x8000000, 0x0, 0x0, 0xfffffffffffffffe]}) (async)
ioctl$KVM_RUN(r3, 0xae80, 0x0) (async)
ioctl$KVM_RUN(r3, 0xae80, 0x0)

3m40.499938117s ago: executing program 1 (id=894):
socket(0x10, 0x3, 0x0)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000080))
mkdirat(0xffffffffffffff9c, &(0x7f0000000000)='./file0\x00', 0x0)
bpf$MAP_CREATE(0x0, &(0x7f0000000540)=ANY=[@ANYBLOB="1b000000000000000000000000000000000000001949e2c7ea91e31ae9d0f1e0c2172c66ca795abf2ccf24cdcb322bea4d1e42f7cfd8d51a77b9e6e85977962460431f5110021b780cc6dddaf9e9a1c63af7a3f3247c93a2f0ca1f89b4f7866428b31789a7057878ff3f9593425e2c8a1187b5a801be8b490a2e00154900e4c4efda24aa1a7ea87e9a5cbefb086cd5b106c912d02056af2241fde4ece5d6548deee589d894efae90", @ANYRES32, @ANYBLOB='\x00\x00\x00\x00\x00\x00\x00\x00', @ANYRES32=0x0, @ANYRES32, @ANYBLOB='\x00'/21], 0x48)
bpf$PROG_LOAD(0x5, 0x0, 0x0)
move_mount(0xffffffffffffffff, 0x0, 0xffffffffffffff9c, &(0x7f0000000180)='./file0\x00', 0x0)
setsockopt$MRT_ADD_MFC_PROXY(0xffffffffffffffff, 0x0, 0xd2, 0x0, 0x0)
syz_open_dev$sndctrl(&(0x7f0000000000), 0x1, 0x0)
r0 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000200)={0x18, 0x4, &(0x7f00000002c0)=ANY=[@ANYBLOB="18010000000000000000000000000000850000006d00000095"], &(0x7f0000000100)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x2, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x80)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000080)={&(0x7f0000000000)='sched_switch\x00', r0}, 0x10)
prlimit64(0x0, 0xe, &(0x7f0000000040)={0x8, 0x88}, 0x0)
sched_setscheduler(0x0, 0x1, &(0x7f0000000240)=0x7)
r1 = getpid()
sched_setscheduler(r1, 0x2, &(0x7f0000000200)=0x7)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={<r2=>0xffffffffffffffff, <r3=>0xffffffffffffffff})
connect$unix(r2, &(0x7f000057eff8)=@abs, 0x6e)
sendmmsg$unix(r3, &(0x7f0000000000), 0x651, 0x0)
recvmmsg(r2, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000000)=0x6)
openat$vcsa(0xffffffffffffff9c, &(0x7f00000000c0), 0x0, 0x0)
socket(0x10, 0x3, 0x0)
r4 = socket$nl_generic(0x10, 0x3, 0x10)
sendmsg$nl_generic(r4, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000180)={&(0x7f0000025fc0)={0x40, 0x3b, 0x107, 0x0, 0x0, {0x4, 0x7c}, [@typed={0x4}, @nested={0xc, 0x1, 0x0, 0x1, [@typed={0x6, 0x6, 0x0, 0x0, @str='\x80\n'}]}, @nested={0x1c, 0x2, 0x0, 0x1, [@typed={0x4, 0x14}, @typed={0x14, 0xc2, 0x0, 0x0, @ipv6=@local}]}]}, 0x40}}, 0xc000)

3m39.545277275s ago: executing program 1 (id=900):
bpf$PROG_LOAD(0x5, &(0x7f0000000680)={0x11, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x94)
prlimit64(0x0, 0xe, &(0x7f0000000280)={0x7, 0x8b}, 0x0)
sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x7)
mkdir(&(0x7f0000000400)='./file0\x00', 0x0)
mount(0x0, &(0x7f0000000140)='./file0\x00', &(0x7f0000000000)='configfs\x00', 0x0, 0x0)
r0 = openat(0xffffffffffffff9c, &(0x7f0000004280)='./file0\x00', 0x0, 0x0)
getdents64(r0, &(0x7f0000000000)=""/41, 0x29)
getdents64(r0, 0xfffffffffffffffe, 0x29)
r1 = getpid()
sched_setaffinity(0x0, 0x0, 0x0)
sched_setscheduler(r1, 0x2, &(0x7f0000000200)=0x6)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={<r2=>0xffffffffffffffff, <r3=>0xffffffffffffffff})
connect$unix(r2, &(0x7f000057eff8)=@abs, 0x6e)
sendmmsg$unix(r3, &(0x7f0000000000), 0x651, 0x0)
recvmmsg(r2, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
r4 = syz_clone(0x0, 0x0, 0x0, 0x0, 0x0, 0x0)
ptrace(0x10, r4)
ptrace$setsig(0x4203, r4, 0x0, &(0x7f0000000000)={0xb, 0x0, 0x6})

3m38.23978578s ago: executing program 1 (id=902):
socket(0x10, 0x803, 0x0)
r0 = inotify_init1(0x800)
r1 = dup(r0)
inotify_rm_watch(r1, 0x0)
r2 = openat$sndseq(0xffffffffffffff9c, &(0x7f0000000080), 0x0)
bpf$TOKEN_CREATE(0x24, 0x0, 0x0)
ioctl$sock_ipv6_tunnel_SIOCADDTUNNEL(r1, 0x89f1, &(0x7f0000000580)={'ip6tnl0\x00', 0x0})
connect$unix(r1, &(0x7f0000000b00)=@file={0x1, './file0\x00'}, 0x6e)
r3 = bpf$BPF_BTF_LOAD(0x12, &(0x7f0000000940)={&(0x7f0000000b80)=ANY=[@ANYRESOCT=r2], &(0x7f00000008c0)=""/83, 0x2f, 0x53, 0x1, 0xfffffffe, 0x0, @void, @value}, 0x28)
bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000a40)={0x11, 0xa, &(0x7f00000003c0)=@framed={{0x18, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x6}, [@map_fd={0x18, 0xa, 0x1, 0x0, r1}, @func={0x85, 0x0, 0x1, 0x0, 0xfffffffffffffff9}, @map_idx={0x18, 0x9, 0x5, 0x0, 0xf}, @map_val={0x18, 0x6, 0x2, 0x0, r1, 0x0, 0x0, 0x0, 0x1}]}, &(0x7f00000001c0)='syzkaller\x00', 0x8, 0x76, &(0x7f0000000480)=""/118, 0x41100, 0x20, '\x00', 0x0, 0x0, r3, 0x8, &(0x7f0000000980)={0x6}, 0x8, 0x10, &(0x7f00000009c0)={0x5, 0x1, 0x26bfda43, 0x9}, 0x10, 0x0, 0x0, 0x0, 0x0, &(0x7f0000000a00), 0x10, 0x9, @void, @value}, 0x94)
socket$nl_generic(0x10, 0x3, 0x10)
socket$can_bcm(0x1d, 0x2, 0x2)
socket$alg(0x26, 0x5, 0x0)
socket(0x10, 0x3, 0x0)
socket$rds(0x15, 0x5, 0x0)
socket$nl_netfilter(0x10, 0x3, 0xc)
bpf$MAP_CREATE_CONST_STR(0x0, &(0x7f00000005c0)=ANY=[@ANYBLOB="0200000004000000080000000100000080000000a2910d61c85c921225f711d2aa415fad48ffff8761568a04685968e31a383478fa3aaff5e46659a6fb3dbbf9ea3e1137c101c43fc6122a8f4ce0c2c249315b4bfc4584b1ad8f18ebb7639abb3e7b8bee731b65ef86a523e72c0d107ca3e569b402409eecc5531567dd956adaca5c062c0364dc57ae3d04a664437f51ea063396078c76c344b861d64eba750ab8a0d9f0", @ANYRES32=0x0, @ANYBLOB='\x00'/20, @ANYRES32=0x0, @ANYRES32=0x0, @ANYBLOB='\x00'/28], 0x48)
r4 = open(&(0x7f0000000280)='.\x00', 0x0, 0x0)
r5 = creat(&(0x7f0000000300)='./bus\x00', 0x0)
copy_file_range(r5, 0x0, r4, 0x0, 0x80, 0x0)
bpf$MAP_CREATE_RINGBUF(0x0, &(0x7f00000007c0)={0x1b, 0x0, 0x0, 0x40000, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value, @void, @value}, 0x48)
socket$xdp(0x2c, 0x3, 0x0)
socket$inet_dccp(0x2, 0x6, 0x0)
socket$unix(0x1, 0x1, 0x0)
socket(0x1d, 0x2, 0x6)
socketpair$unix(0x1, 0x0, 0x0, &(0x7f0000000100))
socket(0x1, 0x803, 0x0)
r6 = socket(0x10, 0x3, 0x0)
sendmsg$nl_route(r6, &(0x7f0000000140)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000180)=@newlink={0x44, 0x10, 0x403, 0x0, 0xfffffffc, {0x0, 0x0, 0x0, 0x0, 0xff7f}, [@IFLA_LINKINFO={0x14, 0x12, 0x0, 0x1, @macsec={{0xb}, {0x4}}}, @IFLA_LINK={0x8}, @IFLA_MASTER={0x8}]}, 0x44}}, 0x0)

3m37.087009289s ago: executing program 1 (id=906):
r0 = syz_open_procfs(0x0, 0x0)
socket$inet_sctp(0x2, 0x1, 0x84)
r1 = socket$can_bcm(0x1d, 0x2, 0x2)
ioctl$ifreq_SIOCGIFINDEX_vcan(r1, 0x8933, &(0x7f0000000080)={'vxcan1\x00', <r2=>0x0})
connect$can_bcm(r1, &(0x7f0000000300)={0x1d, r2}, 0x10)
sendmsg$can_bcm(r1, &(0x7f00000003c0)={0x0, 0x0, &(0x7f0000000380)={&(0x7f0000000480)=ANY=[@ANYBLOB="05"], 0x48}}, 0x0)
sendmsg$can_bcm(r1, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000180)={&(0x7f0000000100)=ANY=[@ANYBLOB="0500"/12, @ANYRES64=0x0, @ANYRES64=0x0, @ANYRES64=0x0, @ANYRES64=0x0, @ANYBLOB="0000000001"], 0x48}}, 0x0)
r3 = socket$nl_route(0x10, 0x3, 0x0)
ioctl$UI_DEV_CREATE(r0, 0x5501)
r4 = socket$nl_route(0x10, 0x3, 0x0)
ioctl$ifreq_SIOCGIFINDEX_vcan(r4, 0x8933, &(0x7f00000000c0)={'vxcan1\x00', <r5=>0x0})
sendmsg$nl_route_sched(r3, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000200)={&(0x7f0000004c00)=@newtfilter={0x24, 0x11, 0xd27, 0x0, 0x0, {0x0, 0x0, 0x74, r5}}, 0x24}, 0x1, 0xf0ffffffffffff}, 0x0)
r6 = seccomp$SECCOMP_SET_MODE_FILTER_LISTENER(0x1, 0x0, &(0x7f00000000c0)={0x1, &(0x7f0000000100)=[{0x6, 0x0, 0x0, 0x7fff0006}]})
close_range(r6, 0xffffffffffffffff, 0x0)
r7 = socket$nl_generic(0x10, 0x3, 0x10)
getsockopt$sock_int(r7, 0x1, 0x2c, 0xffffffffffffffff, &(0x7f0000000040)=0x3c)
writev(r7, &(0x7f0000000040)=[{&(0x7f0000000000)="44a5084149e6a73c794ecc544d4a667b001c9d9a6ea0d8f36a5e48aece3eef85d6d8f0297de1c9f3063e9093caa3659821b170", 0x33}, {&(0x7f0000000240)="dbdd603787cf9f8c9da1f976d1e9dbe231eacb457a9e6e8e7b680d5025c1d705d66664952a4cc7d9a97e172e640c974ca6c1dba7f5941f19cb0a2c25567f843b24d0459becb8b7d49ed821324c22c37f13cdebd47791bf10f508d0dd1d2a2cdb65d3c7a1c6b1b46edcdc5ea32f52bc0e84dbb54b2e", 0x75}, {&(0x7f00000004c0)="b97bd904bed371ada6157c71c4e3f6edc951973c8e274319931ac69f729718e381bd33a65e29039ae4eeff003260add1cc8d4bbf7f2a0056c2b7d25a7d37a3a512852f85efef71b1e0c454e20a3d6e3ea20cd29dc3198aecd84b2ed922afc910742ae545e9f246522938b8fe76995c79036ecbd9722f1aa8cb2aaae444ca42efb2784bc5f220814fbc590b503d206ac58f8aa3bf0093d15ab4311f9b789bde59957edcd46ee00a0571", 0xa9}], 0x3)

3m36.719925451s ago: executing program 32 (id=906):
r0 = syz_open_procfs(0x0, 0x0)
socket$inet_sctp(0x2, 0x1, 0x84)
r1 = socket$can_bcm(0x1d, 0x2, 0x2)
ioctl$ifreq_SIOCGIFINDEX_vcan(r1, 0x8933, &(0x7f0000000080)={'vxcan1\x00', <r2=>0x0})
connect$can_bcm(r1, &(0x7f0000000300)={0x1d, r2}, 0x10)
sendmsg$can_bcm(r1, &(0x7f00000003c0)={0x0, 0x0, &(0x7f0000000380)={&(0x7f0000000480)=ANY=[@ANYBLOB="05"], 0x48}}, 0x0)
sendmsg$can_bcm(r1, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000180)={&(0x7f0000000100)=ANY=[@ANYBLOB="0500"/12, @ANYRES64=0x0, @ANYRES64=0x0, @ANYRES64=0x0, @ANYRES64=0x0, @ANYBLOB="0000000001"], 0x48}}, 0x0)
r3 = socket$nl_route(0x10, 0x3, 0x0)
ioctl$UI_DEV_CREATE(r0, 0x5501)
r4 = socket$nl_route(0x10, 0x3, 0x0)
ioctl$ifreq_SIOCGIFINDEX_vcan(r4, 0x8933, &(0x7f00000000c0)={'vxcan1\x00', <r5=>0x0})
sendmsg$nl_route_sched(r3, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000200)={&(0x7f0000004c00)=@newtfilter={0x24, 0x11, 0xd27, 0x0, 0x0, {0x0, 0x0, 0x74, r5}}, 0x24}, 0x1, 0xf0ffffffffffff}, 0x0)
r6 = seccomp$SECCOMP_SET_MODE_FILTER_LISTENER(0x1, 0x0, &(0x7f00000000c0)={0x1, &(0x7f0000000100)=[{0x6, 0x0, 0x0, 0x7fff0006}]})
close_range(r6, 0xffffffffffffffff, 0x0)
r7 = socket$nl_generic(0x10, 0x3, 0x10)
getsockopt$sock_int(r7, 0x1, 0x2c, 0xffffffffffffffff, &(0x7f0000000040)=0x3c)
writev(r7, &(0x7f0000000040)=[{&(0x7f0000000000)="44a5084149e6a73c794ecc544d4a667b001c9d9a6ea0d8f36a5e48aece3eef85d6d8f0297de1c9f3063e9093caa3659821b170", 0x33}, {&(0x7f0000000240)="dbdd603787cf9f8c9da1f976d1e9dbe231eacb457a9e6e8e7b680d5025c1d705d66664952a4cc7d9a97e172e640c974ca6c1dba7f5941f19cb0a2c25567f843b24d0459becb8b7d49ed821324c22c37f13cdebd47791bf10f508d0dd1d2a2cdb65d3c7a1c6b1b46edcdc5ea32f52bc0e84dbb54b2e", 0x75}, {&(0x7f00000004c0)="b97bd904bed371ada6157c71c4e3f6edc951973c8e274319931ac69f729718e381bd33a65e29039ae4eeff003260add1cc8d4bbf7f2a0056c2b7d25a7d37a3a512852f85efef71b1e0c454e20a3d6e3ea20cd29dc3198aecd84b2ed922afc910742ae545e9f246522938b8fe76995c79036ecbd9722f1aa8cb2aaae444ca42efb2784bc5f220814fbc590b503d206ac58f8aa3bf0093d15ab4311f9b789bde59957edcd46ee00a0571", 0xa9}], 0x3)

9.650365633s ago: executing program 0 (id=1625):
vmsplice(0xffffffffffffffff, &(0x7f00000003c0)=[{&(0x7f0000000200)="abc46908b3df918fe61946b2a7d85cf473884b91c53b94d51db7a5918ed07847c392ee17a23d6fea6e8d3c0f5e15638daf629312107876c7f31ade70432bc5b43f642876bf7e04c45086b9b3695182eeff8243f87f8966baec1a670803eb8ca6b37342f9ea242f21e5726b6c501808457f85459c91ff11", 0x77}], 0x1, 0x8)
r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000140), 0x0, 0x0)
r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0)
r2 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000040)='hugetlb.2MB.usage_in_bytes\x00', 0x275a, 0x0)
write$binfmt_script(r2, &(0x7f0000000240), 0x208e24b)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0x280000b, 0x28011, r2, 0x0)
r3 = dup(r1)
getsockopt$WPAN_SECURITY(r2, 0x0, 0x1, &(0x7f00000000c0), &(0x7f0000000100)=0x4)
r4 = ioctl$KVM_CREATE_VCPU(r3, 0xae41, 0x0)
ioctl$KVM_SET_USER_MEMORY_REGION(r1, 0x4020ae46, &(0x7f0000000080)={0x0, 0x0, 0x0, 0x2000, &(0x7f0000000000/0x2000)=nil})
syz_kvm_setup_cpu$x86(0xffffffffffffffff, r4, &(0x7f0000253000/0x18000)=nil, &(0x7f0000000300)=[@text64={0x40, 0x0}], 0x1, 0x0, 0x0, 0x0)
syz_open_dev$sndctrl(&(0x7f0000000000), 0x0, 0x0)
ioctl$KVM_RUN(r4, 0xae80, 0x0)

9.24502135s ago: executing program 0 (id=1629):
syz_usb_connect(0x0, 0x49, &(0x7f0000000080)={{0x12, 0x1, 0x0, 0x98, 0x33, 0x65, 0x40, 0x18ec, 0x3290, 0xc447, 0x0, 0x0, 0x0, 0x1, [{{0x9, 0x2, 0x37, 0x1, 0x0, 0x0, 0x0, 0x0, [{{0x9, 0x4, 0x0, 0x0, 0x0, 0xe, 0x1, 0x0, 0x0, [@cdc_ncm={{0x6, 0x24, 0x6, 0x0, 0x1, 'X'}, {0x5}, {0xd, 0x24, 0xf, 0x1, 0x0, 0x0, 0x2}, {0x6}, [@network_terminal={0x7}]}]}}]}}]}}, 0x0) (async)
r0 = openat$binderfs(0xffffffffffffff9c, &(0x7f0000000100)='./binderfs2/binder0\x00', 0x0, 0x0)
ioctl$F2FS_IOC_GET_COMPRESS_OPTION(r0, 0x8002f515, &(0x7f00000002c0))
syz_usb_connect$cdc_ncm(0x3, 0x9d, &(0x7f00000004c0)={{0x12, 0x1, 0x300, 0x2, 0x0, 0x0, 0x20, 0x525, 0xa4a1, 0x40, 0x1, 0x2, 0x3, 0x1, [{{0x9, 0x2, 0x8b, 0x2, 0x1, 0x3b, 0x0, 0x2, {{0x9, 0x4, 0x0, 0x0, 0x1, 0x2, 0xd, 0x0, 0x0, {{0x6, 0x24, 0x6, 0x0, 0x1, "b4"}, {0x5, 0x24, 0x0, 0x3b51}, {0xd, 0x24, 0xf, 0x1, 0x47, 0x8001, 0x9, 0x8}, {0x6, 0x24, 0x1a, 0xe63, 0x3a}, [@call_mgmt={0x5, 0x24, 0x1, 0x0, 0x4}, @call_mgmt={0x5, 0x24, 0x1, 0x1, 0x4}, @mbim_extended={0x8, 0x24, 0x1c, 0xaced, 0x6, 0x8001}, @dmm={0x7, 0x24, 0x14, 0x4, 0xd533}, @mdlm={0x15}]}, {{0x9, 0x5, 0x81, 0x3, 0x3ff, 0x5d, 0x1, 0x6}}}, {}, {0x9, 0x4, 0x1, 0x1, 0x2, 0x2, 0xd, 0x0, 0x0, "", {{{0x9, 0x5, 0x82, 0x2, 0x400, 0x80, 0x4, 0x3}}, {{0x9, 0x5, 0x3, 0x2, 0x10, 0xe, 0x3, 0x3}}}}}}}]}}, &(0x7f0000000400)={0xa, &(0x7f0000000180)={0xa, 0x6, 0x110, 0xff, 0x6a, 0x2, 0x8, 0x8}, 0x19, &(0x7f0000000040)={0x5, 0xf, 0x19, 0x1, [@ss_container_id={0x14, 0x10, 0x4, 0x1, "ce2c3d62aa1c44a746e00f49c7dcfa2b"}]}, 0x6, [{0x4, &(0x7f0000000280)=@lang_id={0x4, 0x3, 0x436}}, {0x21, &(0x7f0000000480)=@string={0x21, 0x3, "057fe2fc31c9a64f37af3990e74404408361b5d7e86a29f3c06d20ff45c8f7"}}, {0x4, &(0x7f0000000140)=@lang_id={0x4, 0x3, 0x415}}, {0x4, &(0x7f0000000340)=@lang_id={0x4, 0x3, 0x446}}, {0x91, &(0x7f00000001c0)=@string={0x91, 0x3, "a00fae66838590834b14281356b1be8ecfff2e402222c2607b217d177b5f0a130f6bc18b9753d49fe00592a99811703e4cfcbb002aab427c410bd30b0936be5076d8ba8bad5b85faf2de21169bb4bb70f61c8234b862c0b9211b54dc862c0d1afcc6bb3ac63de34d30ed23827a6118d3892a86507f2c3712ccc3ca55d1695db9e9c55b327007c20674d0601b4c4beb"}}, {0x4, &(0x7f0000000000)=@lang_id={0x4, 0x3, 0x180c}}]})

8.6199615s ago: executing program 4 (id=1633):
r0 = syz_init_net_socket$bt_hci(0x1f, 0x3, 0x1)
openat$rdma_cm(0xffffffffffffff9c, &(0x7f0000000380), 0x2, 0x0) (async)
r1 = openat$rdma_cm(0xffffffffffffff9c, &(0x7f0000000380), 0x2, 0x0)
r2 = openat(0xffffffffffffff9c, &(0x7f0000002540)='./file1\x00', 0x0, 0x0)
openat(0xffffffffffffff9c, &(0x7f0000000040)='./file1\x00', 0x42, 0x0) (async)
r3 = openat(0xffffffffffffff9c, &(0x7f0000000040)='./file1\x00', 0x42, 0x0)
read$FUSE(r3, &(0x7f0000007000)={0x2020}, 0x20a0)
r4 = dup(r2)
sendfile(r3, r4, 0x0, 0xe0000000) (async)
sendfile(r3, r4, 0x0, 0xe0000000)
r5 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000500)={0x18, 0x0, 0x0, &(0x7f0000000000)='GPL\x00', 0x10001, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x90)
syz_init_net_socket$nl_generic(0x10, 0x3, 0x10) (async)
r6 = syz_init_net_socket$nl_generic(0x10, 0x3, 0x10)
r7 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000001280)={0x11, 0x3, &(0x7f0000000940)=ANY=[@ANYBLOB="1800000008000000000000000000000095"], &(0x7f0000000440)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x90)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f00000007c0)={&(0x7f0000000780)='contention_end\x00', r7}, 0x10)
sendmsg$NLBL_CIPSOV4_C_LISTALL(r6, &(0x7f00000009c0)={0x0, 0x0, &(0x7f0000000400)={&(0x7f0000000800)={0x14, 0x0, 0xfb59b128081ca7fb}, 0x14}}, 0x0)
ioctl$sock_SIOCGIFVLAN_GET_VLAN_INGRESS_PRIORITY_CMD(r0, 0x8982, &(0x7f00000001c0))
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f00000000c0)={&(0x7f0000000040)='contention_end\x00', r5}, 0x10)
socket$nl_netfilter(0x10, 0x3, 0xc) (async)
r8 = socket$nl_netfilter(0x10, 0x3, 0xc)
r9 = syz_open_dev$dri(&(0x7f0000000080), 0x1, 0x0)
ioctl$DRM_IOCTL_SET_CLIENT_CAP(r9, 0x4010640d, &(0x7f0000000040)={0x2})
sendmsg$NFT_BATCH(r8, &(0x7f000000c2c0)={0x0, 0x0, &(0x7f0000000200)={&(0x7f00000003c0)=ANY=[@ANYBLOB="140000001000010000000000000000000000000a28000000000a0101000000005e1affd5020000000900010073797a300000000008000240000000032c000000030a01030000e6ff00000000020000000900010073797a30000000000900030073797a320000000014000000110001"], 0x7c}}, 0x0)
r10 = socket$nl_netfilter(0x10, 0x3, 0xc)
sendmsg$NFT_BATCH(r10, &(0x7f0000000380)={0x0, 0x0, &(0x7f00000002c0)={&(0x7f00000000c0)={{0x14}, [@NFT_MSG_DELTABLE={0x14, 0x2, 0xa, 0x5, 0x0, 0x0, {0x2}}], {0x14}}, 0x3c}}, 0x0) (async)
sendmsg$NFT_BATCH(r10, &(0x7f0000000380)={0x0, 0x0, &(0x7f00000002c0)={&(0x7f00000000c0)={{0x14}, [@NFT_MSG_DELTABLE={0x14, 0x2, 0xa, 0x5, 0x0, 0x0, {0x2}}], {0x14}}, 0x3c}}, 0x0)
syz_open_procfs(0xffffffffffffffff, &(0x7f0000000000)='net/wireless\x00') (async)
syz_open_procfs(0xffffffffffffffff, &(0x7f0000000000)='net/wireless\x00')
write$RDMA_USER_CM_CMD_CREATE_ID(r1, &(0x7f00000002c0)={0x0, 0x18, 0xfa00, {0x0, &(0x7f0000000200), 0x111}}, 0x20) (async)
write$RDMA_USER_CM_CMD_CREATE_ID(r1, &(0x7f00000002c0)={0x0, 0x18, 0xfa00, {0x0, &(0x7f0000000200)={<r11=>0xffffffffffffffff}, 0x111}}, 0x20)
write$RDMA_USER_CM_CMD_RESOLVE_IP(r1, &(0x7f0000000140)={0x3, 0x40, 0xfa00, {{0xa, 0x0, 0x0, @mcast2, 0x1}, {0xa, 0x0, 0x0, @mcast1}, r11, 0xfffffffd}}, 0x48)
write$RDMA_USER_CM_CMD_RESOLVE_ADDR(r1, &(0x7f0000000000)={0x15, 0x110, 0xfa08, {r11, 0x0, 0x10, 0x10, 0x0, @in={0x2, 0x0, @empty}, @in={0x2, 0x0, @remote={0xac, 0xc}}}}, 0x118) (async)
write$RDMA_USER_CM_CMD_RESOLVE_ADDR(r1, &(0x7f0000000000)={0x15, 0x110, 0xfa08, {r11, 0x0, 0x10, 0x10, 0x0, @in={0x2, 0x0, @empty}, @in={0x2, 0x0, @remote={0xac, 0xc}}}}, 0x118)
r12 = syz_init_net_socket$bt_hci(0x1f, 0x3, 0x1)
r13 = openat$audio(0xffffffffffffff9c, &(0x7f0000000040), 0x612d6cbdae96bb0a, 0x0)
ioctl$SNDCTL_DSP_SETTRIGGER(r13, 0x40045010, &(0x7f0000000280)=0xa5)
bind$bt_hci(r12, &(0x7f0000000000)={0x1f, 0x1}, 0x3)
syz_usb_connect(0x0, 0x3f, &(0x7f0000000080)=ANY=[@ANYBLOB="12010000d0918108ac051582588f0000000109022d00010000000009040000030b08000009058d67c8002a000009050502000000000009058b6e"], 0x0)

7.552084358s ago: executing program 0 (id=1636):
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0)
sched_setscheduler(0x0, 0x2, 0x0)
sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x400000bce)
ioctl$TCSETS(0xffffffffffffffff, 0x40045431, 0x0)
r0 = socket$inet6(0xa, 0x3, 0x88)
setsockopt$inet6_IPV6_XFRM_POLICY(r0, 0x29, 0x23, &(0x7f0000000440)={{{@in=@dev={0xac, 0x14, 0x14, 0x43}, @in, 0x0, 0x2bb, 0x0, 0x0, 0x2, 0x0, 0x0, 0x2c}, {0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xfffffffffffffffc}, {0xffffffffffffffff}, 0x0, 0x6e6bb1, 0x1}, {{@in=@multicast1, 0x0, 0x6c}, 0xa, @in6=@mcast1, 0x0, 0x1}}, 0xe8)
sched_setscheduler(0x0, 0x2, &(0x7f0000000200)=0x3)
mmap(&(0x7f0000ffc000/0x2000)=nil, 0x2000, 0xb635773f05ebbee0, 0x4000010, 0xffffffffffffffff, 0xc9bce000)
sendmsg$nl_route(0xffffffffffffffff, 0x0, 0x0)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x1, 0x0)
r1 = syz_open_dev$MSR(&(0x7f00000001c0), 0x0, 0x0)
read$msr(r1, &(0x7f0000019680)=""/102392, 0x18ff8)
r2 = socket$nl_generic(0x10, 0x3, 0x10)
sendmsg$BATADV_CMD_SET_MESH(r2, &(0x7f0000000540)={0x0, 0x0, &(0x7f0000000500)={&(0x7f0000000000)=ANY=[@ANYBLOB='$\x00\x00\x00', @ANYRES16, @ANYBLOB="010000000000000000000f00000005002f00df0100000008000300b49a0250744940cbfd0c7d1eabe702ec5b9947f30338813793eb86296784d58c7493e46809f01d74b7d638325ff65fc565d94c61bfa8514bfd3090f343a399c7f71157bf0630fb2a4e9a4db555e3d98c18e73bb2cf2e906aa2aaa7c78af640e296d48c406f7456f8eec208c13d0a", @ANYRES32, @ANYBLOB], 0x24}}, 0x0)
prlimit64(0x0, 0x0, &(0x7f00000000c0)={0x9, 0xd6}, &(0x7f0000000100))
setsockopt$inet6_buf(r0, 0x29, 0x23, &(0x7f0000000580)="d5959fc894ba73ad0d14255c6848533940ae17e513310abcd5f7ebb45b6673f5bd23fa37907c7a7d78e9b36e9abcaebb4e22451f026debb6fae564684e3144116d9edfd0fa2946e91a07dcaf0831a13c5b2f6770ce983be3fd374e55a506983642fee63fe7c1382508240dd1ef96cbcc2c7c85e998f6fd4fdf93ede1788555a5156eb9e7de2a9db1986bd1bc0de897569fbbc848870000004006ffe798b86f993c0491fa1499b682eb9227e95511113f4667a2274e46b02806819506f8a7959a512d2323069d4e15db15f04112478ac1af1eb5d4981d8c9a06b269a719bf63a9fbca0c173b57d6f56b1299318e0867969f3b26f263f8840c2971e1c06f0ba6ce6bea34623a72f9538b9fc70da6bdcb1b362e2247a27ea8f152bb8bf2d71314bffc613609bd", 0xea)
connect$inet6(0xffffffffffffffff, 0x0, 0x0)
r3 = socket(0x10, 0x2, 0x0)
ioctl$sock_SIOCETHTOOL(r3, 0x8946, &(0x7f0000000180)={'bond0\x00', &(0x7f0000000040)=@ethtool_pauseparam={0x26}})
socket$inet_tcp(0x2, 0x1, 0x0)
openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000280)='blkio.bfq.io_merged_recursive\x00', 0x275a, 0x0)

7.551631234s ago: executing program 2 (id=1637):
bpf$ENABLE_STATS(0x20, 0x0, 0x0)
r0 = bpf$MAP_CREATE_CONST_STR(0x0, &(0x7f0000000340)={0x2, 0x4, 0x8, 0x1, 0x80, 0xffffffffffffffff, 0x0, '\x00', 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, @void, @value, @void, @value}, 0x48)
bpf$MAP_UPDATE_CONST_STR(0x2, &(0x7f0000000100)={{r0, <r1=>0xffffffffffffffff}, &(0x7f0000000000), &(0x7f0000000280)='%ps    \x00'}, 0x20)
bpf$BPF_MAP_CONST_STR_FREEZE(0x16, &(0x7f0000000040)={r1}, 0x4)
r2 = bpf$PROG_LOAD(0x5, &(0x7f00000004c0)={0x11, 0x18, &(0x7f00000001c0)=ANY=[@ANYBLOB="18000000000000000000000000000000b7080000000000007b8af8ff00000000b7080000000000007b8af0ff00000000bfa100000000000007010000f8ffffffbfa400000000000007040000f0ffffffb70200000000000018230000", @ANYRES32=r0, @ANYBLOB="0000000000000000b70500000800000085000000a5000000180100002020640500000000002020207b1af8ff00000000bfa100000000000007010000f8ffffffb702000008000000b703000000000000a50000000800000095"], &(0x7f0000000600)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x90)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f00000002c0)={&(0x7f0000000c40)='sys_enter\x00', r2}, 0x10)
arch_prctl$ARCH_SHSTK_ENABLE(0x1003, 0xf0ff1f00000000)
ioctl$TUNSETLINK(0xffffffffffffffff, 0x541b, 0x0)
iopl(0x3)
init_module(0x0, 0x0, 0x0)
r3 = syz_usb_connect(0x0, 0x24, &(0x7f0000000040)={{0x12, 0x1, 0x0, 0xbd, 0x16, 0xf, 0x40, 0x8086, 0x110, 0xbfad, 0x0, 0x0, 0x0, 0x1, [{{0x9, 0x2, 0x12, 0x1, 0x0, 0x0, 0x0, 0x0, [{{0x9, 0x4, 0x0, 0x0, 0x0, 0xa0, 0x12, 0x24}}]}}]}}, 0x0)
syz_usb_control_io$cdc_ecm(r3, 0x0, &(0x7f0000000280)={0x1c, &(0x7f00000005c0), 0x0, 0x0})

6.037640269s ago: executing program 0 (id=1641):
sendmsg$tipc(0xffffffffffffffff, &(0x7f00000007c0)={0x0, 0x0, &(0x7f00000000c0)=[{&(0x7f0000000240)="ecf516", 0x3}], 0x1, 0x0, 0x0, 0x20040004}, 0x4008044)
r0 = bpf$MAP_CREATE_CONST_STR(0x0, &(0x7f0000000340)={0x2, 0x4, 0x8, 0x1, 0x80, 0x0, 0x0, '\x00', 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, @void, @value, @void, @value}, 0x48)
bpf$PROG_LOAD(0x5, &(0x7f00000004c0)={0x2, 0x10, &(0x7f00000006c0)=@framed={{0x18, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x810000}, [@snprintf={{0x7, 0x0, 0xb, 0x8, 0x0, 0x0, 0xc}, {0x3, 0x0}, {0x5}, {}, {}, {}, {}, {}, {}, {0x18, 0x4, 0x2, 0x0, r0}, {0x7, 0x0, 0xb, 0x3}, {0x85, 0x0, 0x0, 0x94}}]}, &(0x7f0000000040)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x13, '\x00', 0x0, @fallback=0xc, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x94)
bpf$MAP_CREATE(0x0, &(0x7f0000000200)=ANY=[@ANYBLOB="0000000003000000000000010000000000000000", @ANYRES32, @ANYBLOB='\x00'/18, @ANYRES32=0x0, @ANYRES32], 0x48)
r1 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0)
r2 = ioctl$KVM_CREATE_VM(r1, 0xae01, 0x0)
ioctl$KVM_CREATE_IRQCHIP(r2, 0xae60)
r3 = ioctl$KVM_CREATE_VCPU(r2, 0xae41, 0x0)
symlinkat(&(0x7f0000000380)='./file8/file0\x00', 0xffffffffffffff9c, 0x0)
ioctl$KVM_SET_VCPU_EVENTS(r3, 0x4400ae8f, &(0x7f0000000140))
r4 = openat(0xffffffffffffff9c, &(0x7f0000000180)='./file0\x00', 0x101001, 0x0)
writev(r4, &(0x7f0000000000)=[{&(0x7f0000000cc0)="e1", 0x2000}], 0x1)
ioctl$DRM_IOCTL_WAIT_VBLANK(r4, 0xc018643a, &(0x7f0000000040)={0x3e, 0xfffffffd, 0x6})
ioctl$KVM_SET_IRQCHIP(r2, 0x8208ae63, &(0x7f0000000280)={0x2, 0x0, @ioapic={0x0, 0x0, 0x0, 0xf53, 0x0, [{0x0, 0xa}, {}, {}, {0x0, 0x35}, {0x0, 0x0, 0x5}, {}, {}, {0x0, 0x0, 0x3}, {0x4, 0x1}, {0x3, 0x0, 0x2}, {0x0, 0x0, 0x3}, {}, {}, {}, {0x0, 0xfe}, {}, {0x3}, {}, {}, {}, {0x0, 0x20}, {0x0, 0x2}, {}, {0x4, 0x4}]}})
ioctl$KVM_RUN(r3, 0xae80, 0x0)
r5 = socket$netlink(0x10, 0x3, 0x0)
r6 = socket$nl_xfrm(0x10, 0x3, 0x6)
getsockopt$sock_cred(r6, 0x1, 0x11, &(0x7f0000000380)={0x0, <r7=>0x0}, &(0x7f00000003c0)=0xc)
r8 = add_key$user(&(0x7f00000004c0), &(0x7f0000000500)={'syz', 0x1}, &(0x7f0000000540)="96", 0x1, 0xfffffffffffffffe)
keyctl$chown(0x4, r8, r7, 0x0)
keyctl$set_timeout(0xf, r8, 0x9)
setsockopt$netlink_NETLINK_ADD_MEMBERSHIP(r5, 0x10e, 0xb, &(0x7f0000000000)=0x2, 0x4)
sendmsg$nl_route_sched(r5, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000280)={&(0x7f0000000180)=@gettaction={0x14, 0x32, 0x605, 0x70bd25, 0x25dfdbfd}, 0x14}}, 0x0)

5.992048603s ago: executing program 5 (id=1642):
mkdirat(0xffffffffffffff9c, &(0x7f0000002040)='./file0\x00', 0x49)
mount$bind(&(0x7f00000002c0)='.\x00', &(0x7f0000000200)='./file0\x00', 0x0, 0x101091, 0x0)
mount$bind(0x0, &(0x7f0000000140)='./file0\x00', 0x0, 0x24000, 0x0)
mount$bind(&(0x7f0000000380)='./file0\x00', &(0x7f0000000200)='./file0/../file0\x00', 0x0, 0x101091, 0x0)
syz_usb_connect(0x2, 0x5ae, &(0x7f0000000000)={{0x12, 0x1, 0x0, 0x38, 0x14, 0xaf, 0x40, 0xed1, 0x6660, 0x298, 0x0, 0x0, 0x0, 0x1, [{{0x9, 0x2, 0x59c, 0x1, 0x0, 0x0, 0x0, 0x0, [{{0x9, 0x4, 0xf5, 0x0, 0xd, 0x97, 0x73, 0xe3, 0x0, [], [{{0x9, 0x5, 0xc, 0x3, 0x10, 0x4, 0x4, 0x2, [@uac_iso={0x7, 0x25, 0x1, 0x7, 0x2, 0x7}]}}, {{0x9, 0x5, 0x5, 0x8, 0x8, 0x2, 0x8, 0x9, [@uac_iso={0x7, 0x25, 0x1, 0x1, 0x6, 0x401}]}}, {{0x9, 0x5, 0xe, 0x3, 0x3ff, 0x3, 0x1, 0x1d, [@generic={0xb7, 0x2, "cdcbe2f5db3eb0d2adab3f1e4591ad24f37caaf19ab1af4b626d8764773981e546a20109d1e7f24eb5c7ff99345051d9d182c189b1da24a5d880abd9f2c413af9994d11bdb53aea4ab91a57089731a2c78586639df95b1faf8d02a74f5a5f4700981605be8039779d83b1636fb54f2d9d88cb6c1e122e67247cf1c577a1554986f7e5fcdcec3b420db2eb607f8651f9fd2e0b3b2738180dd19d48da2725eed6ded22ce72c5a9bdc6a172838459bb3e8ab860b536bb"}, @uac_iso={0x7, 0x25, 0x1, 0x2, 0x4, 0x6}]}}, {{0x9, 0x5, 0xb, 0x0, 0x200, 0x7, 0x3, 0x6}}, {{0x9, 0x5, 0x0, 0x10, 0x40, 0xb, 0x5, 0x8, [@uac_iso={0x7, 0x25, 0x1, 0x81, 0x6, 0x9}]}}, {{0x9, 0x5, 0xb, 0x3, 0x3d7, 0x0, 0x4e, 0x8}}, {{0x9, 0x5, 0x9, 0x10, 0x8, 0x0, 0x27, 0x16, [@uac_iso={0x7, 0x25, 0x1, 0x100, 0xfe, 0x2000}, @generic={0xf7, 0x2, "7a6882d91dd827e46045d15384df4cdfc7b9708fbaa4f75648538cea5441c3c20718f20a10583865a62230b16a578a7f3cdfa4cb98267569b63b320f671107f8ad2c05b003e905758161ecc7307b4cf80ec4d75baa4c036e6e9922e3ca5721aeecf73671c9fc3e252c4d019d9e95674bff4d0bdc628642b8d5bc09ff85d5bce2e982aa2206d5fb66858ff1ad9fa1162615e47a7449bfb607db7f8c90fb9656aa900081ae1b4040ef78c2b5286e52b6e9f045a17531eff63fc4ed0c774a2f1df58578234f1080c9d7d1f52648f3a45abcb729ddd600def633a24ce57649f941f920f774b0adeb5752c25a45227b264fe259314e94c1"}]}}, {{0x9, 0x5, 0x8, 0x0, 0x200, 0x46, 0x85, 0x2, [@generic={0xe2, 0x8, "7cdaf9026de5e3e8e4ef2688441724b226a7d7b7f5f96407a5d53784fee7304340bdffa6912550d6cab827f4e36ca44a50d99b8123c5c9986fd2e03343e0a96cc9a43345b274fc825df35be7fbd797760123630f91d081409b6ac31eba9c302f6a5c87e285397eef888992505da82b135c7b77ec94529acf5ccd9fe380b24bca4fc0a3fb546f9e224a4df57106cd4d28f918fba4c8232690289cb7bd6dc0030d957914290b6d38161f94b5a2d123f95a8f1c8ff340e98081dc7d6d2f1848c9ea4e588ba4a26d025a58635f734d8ad3513b813f2fa7e06a0269f46b6152c9f79b"}, @generic={0xad, 0x24, "51788821131c3349b3fe9c7fdfc6178f47e3c2e53e7257bf3830b282850319517cafb6e25ec7ab45ed79d83cea5d7c80a1d0c1c03374c11f60322d8b16d1c23375bba70dad6d6fdb29ba268280affe78ba2afef948674cf12917920c10dd69c0eeb8256d1d98216c2ed1bd254fc2cd34e703168c99662e21f63d0308da29f7f7aa52a6f52d22ae372718888c93892384640aea7f178d23770c6b404f473f9f9e3eca67c2c64b096c793bb7"}]}}, {{0x9, 0x5, 0x0, 0x8, 0x20, 0xbc, 0xb, 0xa}}, {{0x9, 0x5, 0x2, 0x0, 0x400, 0x8b, 0x6}}, {{0x9, 0x5, 0x3, 0x0, 0x40, 0x4f, 0x62, 0xc6, [@generic={0xbb, 0x10, "647d8edb226eae6a07c08d066b277a55e0a50ec2e930a75c886b99b95828263333ef70a43f0afc04daeefa2847aa27d0ab2096dfe36c6f7f837decc6e8307752254621d3feadcc9179898a2d80be022086462f06d96ad97c95e4fd697dd4f17111a08f18a0e87b9081c69e4728d42a0b33abb1230d8c5aa3bd1855c8cef4f8023f319dcce1d7a4dc5d66eef527be1ab2e460ee3c8bfeceebbcd87351a8ec631410d80f701ffdaaa270b7d311ac816a4e69a0c9d0a35e96cea6"}]}}, {{0x9, 0x5, 0xa, 0x8, 0x20, 0xa0, 0xfb, 0x6}}, {{0x9, 0x5, 0x3, 0x0, 0x8, 0x1, 0xaa, 0x5, [@generic={0xf3, 0x23, "e3d6a236cf8f04cb68f8fdf8eb4e38dcaa8e8ea5077579cf7b9d2391c43fd1636250a9955f6863d561818c301948f02673baf245fcca93358d47d403b25786d82b297c677651073bae898a4a44be38771ed6deaf318474182997995c20c0e9c5c23d89caff9ec938168d12c8bfa94bd4551c2d1b005af58a631c3fcf8246433cc7b3172064be8887b34c81e5cebfcf64dd7887f5590bc9c473a65873ef84124c3990a91baa3ec9b05c1b193b85473538ae018be4b4fd407ed1c7c7958c1b42c4dde6a4cfd2d02c1c9d87cde72ff7fcfdc812a2dbdfe221cff91696790149360b254a19a504f50b1c4f66d5a88f0d0f72f2"}, @uac_iso={0x7, 0x25, 0x1, 0x2, 0xc0, 0x7}]}}]}}]}}]}}, 0x0)

5.236928378s ago: executing program 4 (id=1643):
r0 = socket(0xb, 0x800000003, 0x2)
r1 = socket(0x10, 0x3, 0x0)
ioctl$ifreq_SIOCGIFINDEX_team(r0, 0x8933, &(0x7f0000000600)={'team0\x00', <r2=>0x0})
sendmsg$nl_route_sched(r1, &(0x7f0000000200)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000780)=@newqdisc={0x88, 0x24, 0xf0b, 0x0, 0x0, {0x0, 0x0, 0x0, r2, {}, {0xffff, 0xffff}, {0x9, 0x6}}, [@qdisc_kind_options=@q_mqprio={{0xb}, {0x58, 0x2, {{0x2, [0x0, 0x0, 0x0, 0x4], 0x0, [0x4, 0x2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2, 0x0, 0x0, 0x0, 0x3], [0x0, 0x4, 0x0, 0x2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x20]}}}}]}, 0x88}}, 0x2001c915)
r3 = syz_init_net_socket$nl_generic(0x10, 0x3, 0x10)
r4 = memfd_create(&(0x7f0000001040)='\xc0\x87:*\x18\xc1k\xa7\x87[\xa0o84I\xaaK\xa5\xd3\v\x86\xca<\x7f\xfd6\x8d}\xd8\xf2G\xb8\xeae)\x90\x86\xe3\x96\b\xe0\xfa\xb1\xd8N\xb2W\xcb\x8d}3lm8\xa57\xc9\x00HO\x00\x00\x00\x00R\xfc\xcb%u3\xec\xde%\x9d\xe4\x1d\rD\x82S\x17?\xd6\xb1\x9aF\xe2\xba[\xc7QR\x9f\x81\x00\x00\x00X\xe8\x19\xe7\xc9AHq\xe4\x16\x00\x00\x00\x00\x002\x11\x17\xd8\xda@4\x9f\xc5*T\x1e^\xf7o\xff\xff\xff\xffwI\x02\xf3\xe3\x8d\xbe\x00\x00\x00\x00\x00\x00\x00%K\x1d\xfd\x17\xde\x87\xdd\xc1\xf0\x91\x1a!\xa5\xd3\v\xc9\x95d\xe3*\xa9\xfa\x99\xae\xb8\x89>\xc9\xf2/\x13{\x1a\x7f\x00\x00\x00\x00+$\xedX\xb7KV\x90\xc3D\x16W\xe6\x83\x15\x9c\xf5\xb4O\x17@d\x81+\xf6\xe6+\xed\r\xd2\xb3\xaa\x9b\x7fC\'\xa2\xf6\x12\xa1\x15Punfo\x7f\x92G\x0e.\xce\xd8h\xb9p2\xccC\xbaH\xc4\xdc\xe2\xa1%)\x85\xc7O]\'9\x92\xad\xfbJ\x02\x1d\x91-\xc99\x9f\"\t&\xbdq\x06`T\xc8\x92\xaf\xad\x06\xdd\xaf\x84\xf4\"\x13\xcf\xe5\x93D\xad~F\xe5\x19\xaa\xaa\xb2\xb1\x03m\x82+\x06\x1bF^\xd3n\xc4F\xc1\xc08\x94\xe6\xe5\x1f\xa7\xf6\xcaA\x90T\xf1\x1b\xe6\xb9\xe7\xff\xc5H\x04\x93\xca\xad\x17UlY\x9a}\r4\xac\x93\xac\v2\xc6\xf9\xbe\xfeI\x8b\xd4/`\xab\x1e\xcf\x7f\b\x94\xfe2.{\xc1\xbe\x9bth~\xcb\xb9E\x10W\xed\xed51[z\xb6>\xd3\xe7Y*\xdb\xa7h\nt\xddP\n\xc5\xeb\xb1ux\x94@\x00\x00g\x02D9\x83\xa7\x97\xf4\xb25wL\x97\xfb\xb9\xccj\xb3\x96\xc1@\xee`{\x87\xa8]\x96\x9cjF^+\xccJ\xcab\xa6\x91\xa0\xeaU\x92\x01\x1f,\xfa\x10\"+\x01\x00\x91\xe9\x1cz\xd1f\x901\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00o\"\x85Np\xba\x0e<\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\xb8V\xe4\xa1C\x90\x17\xcc{\x9d\xf1\xbd\xb0\xca\x03\x96\x85h}\x8f\x1c)X\xc8\xe0\xcb\xec\xcd$\x02f\x8c4\x1aH\x8fC\xbfr\xd39\x92\x1fShu\x9e\b\xd4m\xa8\x16\xa6\xd5\xae\xcb\x03oFQ\"\xf7F\xb7\vp\xb6\xe5\x92\xe2O}.\x95A\x9bH\x8d\xa1\x80\x1b\x14u\xfdK\xcf\xaf\x94i\xf1s\xf7\xb8Jr\xcb3=M\x84\x7f\x181/\x9bQ|4\xaf\xcf\r\xcfz Z\x19\xad_\x13\x99\xf7\xfdOD\xd3\x9d\x9d\x9a\xb1\xf5X\xbe\xc8\xcb\x12\xf4\xb8d5g\xf1\x84\xbd\xe5\xa2\xb3\xda\x82\x10n1\xed\xba\xe3\x96\x85\"\xb6\xa6n\xe7\xfd\xd4\a\x97\x85\x81 /\xc4o\x11\xc8\x1b\xc0\f\xeec\xa4\x7f|P\x00\x00\x00\x000p\xaf\xfdk\xac\xcc\xac`\xc9\xd0?|\xdb\x84g\xb5\xd76\xe7\a<\xadIt\x9b\xeb\x8a\xfe\x9b\aO\xa5?h\xe1B\xa8C\x8e;/\xa8\x94\x1b\x8f\xf0\xa9>\x9e\xff\xc9\xd2\x00h\xcb\xfb\xb6Y\xbfp\xd8\x90\x96\xec\x83N\x8bNnx\xb6\x16Y\xf8sU\xae\xa0\b\x8cLq\n\x1f\x99t\xb6\xffozu\xa0B(\xe9?\xcdA\xba\xa8\x13Qc\xda\x16?\xe8z\x8f\x862!\xbf\xa4\xb8\x9bC\xe9Od\xe8\xd32m\x06RX\x7f\xf7\xc2\n\x7f\x00\x00\x00\x00\x00\x00\x00\rH6-\x8a\x12m\xff\xe9\xa0\r\tk\xda\xa4q(\xae\\\xb6\x14I\xf7\xe0z\xf1<cN\xb6p\xd5\rb\xfa\xdf\v\x00X9\xcd\xb2\xfaF\xb9\xaf\x88\xad\xbf\x94/1=\xf7\x96\xa0\t\xc3\xc4\x15?\xffp\xe5\xe3\x0f\xdb\x8f\r\x19\xec\xfd\x9b\xc2*\x8a\x84\xb2\x1eO+\x8dn\x1a\xb88\x88\xef\xe94N{%k\x04Zf\x94\xc3\xb5\xb6T8\x1d\"d\x10\xc9\xa6$\x1a\xd5}?\x17\xd2\xf5\x00\x1f\xb2\x87\x99\x94\xa7\x18\x13\x06\xdc\xdd\xcc\xc2\x11E\xd0Ghj\x14G\xd0\x11\xb3\xe5\xb3h[\xffg\x9e:\x97\xf2\x1d#E\xfd4\v\xf5B\x06[\xbe\xd41$\x86[\xd2\xa9L\xac#\xb8t>\x84\x8b\x05\xcfd\xe5\xaf\xba\x9d\x8d79\x7f\xc9wB\xd5\x06\xc3>\x05\x81\x8f\xf2;\xf4\xb9Y:\x06\x7f\x14\xc6\xe4\x94\xde\xb8<6', 0x5)
chdir(&(0x7f0000000000)='./cgroup\x00')
munmap(&(0x7f0000002000/0x1000)=nil, 0x1000)
r5 = open(&(0x7f00000000c0)='.\x00', 0x0, 0x0)
getdents(r5, &(0x7f0000001fc0)=""/184, 0xb8)
getdents(r5, &(0x7f00000022c0)=""/177, 0xb1)
r6 = fcntl$dupfd(r4, 0x0, r4)
mmap(&(0x7f0000000000/0x3000)=nil, 0x3000, 0x3000007, 0x11, r6, 0x0)
bpf$PROG_LOAD(0x5, &(0x7f000000e000)={0x8, 0x0, 0x0, 0x0, 0x5, 0x0, 0x0, 0x41100, 0x0, '\x00', 0x0, @fallback=0x11, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, r6, 0x0, 0x0, 0x0, 0x10, 0xffff, @void, @value}, 0x94)
read$FUSE(r6, &(0x7f0000006340)={0x2020}, 0x2020)
write$P9_RLCREATE(r6, &(0x7f0000000180)={0x18, 0xf, 0x1, {{0x20, 0x4, 0x1}, 0xfffffd48}}, 0x18)
sendmsg$NLBL_MGMT_C_ADDDEF(r3, &(0x7f0000000140)={&(0x7f0000000040)={0x10, 0x0, 0x0, 0x10}, 0xc, &(0x7f0000000100)={&(0x7f0000000080)={0x64, 0x0, 0x4, 0x70bd29, 0x25dfdbfc, {}, [@NLBL_MGMT_A_IPV6MASK={0x14, 0x6, @dev={0xfe, 0x80, '\x00', 0x27}}, @NLBL_MGMT_A_IPV6ADDR={0x14, 0x5, @local}, @NLBL_MGMT_A_IPV6ADDR={0x14, 0x5, @private0}, @NLBL_MGMT_A_DOMAIN={0xa, 0x1, 'team0\x00'}, @NLBL_MGMT_A_DOMAIN={0x5, 0x1, '\x00'}]}, 0x64}, 0x1, 0x0, 0x0, 0xc004}, 0x40890)

4.779694224s ago: executing program 0 (id=1644):
syz_open_dev$dri(&(0x7f0000000100), 0x1, 0x0)
r0 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000340)={0x18, 0x3, &(0x7f0000000d00)=ANY=[@ANYBLOB="1800000000000000000000000000000095"], &(0x7f0000000000)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x94)
r1 = bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000200)={&(0x7f00000001c0)='task_newtask\x00', r0}, 0x10)
r2 = bpf$ITER_CREATE(0xb, &(0x7f0000000100)={r1}, 0x8)
close(r2)
r3 = bpf$PROG_LOAD(0x5, &(0x7f0000000480)={0x11, 0x8, &(0x7f0000000580)=ANY=[], &(0x7f0000000380)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x8, &(0x7f0000000000), 0x8, 0x10, &(0x7f0000000000)={0x0, 0x8, 0x0, 0x8}, 0x10, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000180)={&(0x7f0000000540)='rcu_utilization\x00', r3}, 0x10)
r4 = gettid()
kexec_load(0xff0f, 0x1, &(0x7f0000000900)=[{0x0, 0x2, 0x7ffe0000, 0x3e0000}], 0x0)
timer_create(0x0, &(0x7f0000533fa0)={0x0, 0x21, 0x800000000004, @tid=r4}, &(0x7f0000bbdffc))
timer_settime(0x0, 0x0, &(0x7f0000000280)={{0x0, 0x989680}, {0x0, 0x989680}}, 0x0)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000140)={<r5=>0xffffffffffffffff, <r6=>0xffffffffffffffff})
pipe(&(0x7f0000000000)={<r7=>0xffffffffffffffff, <r8=>0xffffffffffffffff})
r9 = openat$pidfd(0xffffffffffffff9c, &(0x7f00000000c0), 0x0, 0x0)
pidfd_send_signal(r9, 0x0, &(0x7f0000000000)={0x0, 0x0, 0x7}, 0x0)
write$P9_RSYMLINK(r7, &(0x7f0000000040)={0x14, 0x11, 0x2, {0x8, 0x3, 0x1}}, 0x14)
splice(r5, 0x0, r8, 0x0, 0x800008ec0, 0x0)
read$FUSE(r7, &(0x7f000000b800)={0x2020}, 0xe80)
dup3(r6, r7, 0x0)
r10 = openat$smackfs_cipso(0xffffffffffffff9c, &(0x7f0000000040)='/sys/fs/smackfs/cipso2\x00', 0x2, 0x0)
writev(r10, &(0x7f0000000200)=[{&(0x7f0000000080)="69ff32", 0x3}], 0x1)
write$binfmt_elf64(r8, &(0x7f00000001c0)=ANY=[], 0xfffffe14)

4.59157711s ago: executing program 3 (id=1645):
r0 = socket$nl_netfilter(0x10, 0x3, 0xc)
umount2(&(0x7f0000000040)='./file0\x00', 0x0)
r1 = openat$iommufd(0xffffffffffffff9c, &(0x7f0000000180), 0x501, 0x0)
bpf$PROG_LOAD(0x5, &(0x7f000000e000)={0x1, 0x4, &(0x7f0000000040)=@framed={{0xffffffb4, 0x5, 0x0, 0x0, 0x0, 0x61, 0x10, 0xa2}, [@ldst={0x7}]}, &(0x7f0000003ff6)='GPL\x00', 0x2, 0xc3, &(0x7f000000cf3d)=""/195, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x8, &(0x7f0000000000), 0x8, 0x10, &(0x7f0000000000), 0x10, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x3c)
ioctl$IOMMU_IOAS_ALLOC(r1, 0x3b81, &(0x7f0000000000)={0xc, 0x0, <r2=>0x0})
ioctl$IOMMU_TEST_OP_MOCK_DOMAIN(r1, 0x3ba0, &(0x7f0000000040)={0x48, 0x2, r2, 0x0, 0x0, <r3=>0x0})
ioctl$IOMMU_HWPT_GET_DIRTY_BITMAP(r1, 0x3b8c, &(0x7f00000000c0)={0x30, r3, 0x1, 0x0, 0x1000, 0x4, 0x9326, 0x0})
r4 = syz_init_net_socket$netrom(0x6, 0x5, 0x0)
getsockopt$IP_VS_SO_GET_SERVICES(r4, 0x0, 0x482, 0x0, 0x0)
r5 = socket$inet_udp(0x2, 0x2, 0x0)
setsockopt$IPT_SO_SET_REPLACE(r5, 0x0, 0x40, &(0x7f00000014c0)=@nat={'nat\x00', 0x62, 0x5, 0x430, 0x398, 0x2a0, 0xffffffff, 0xe0, 0x188, 0x398, 0x398, 0xffffffff, 0x398, 0x398, 0x5, 0x0, {[{{@ip={@multicast2, @initdev={0xac, 0x1e, 0x0, 0x0}, 0x0, 0x0, 'veth0_to_bond\x00', 'wg1\x00'}, 0x0, 0xa8, 0xe0, 0x0, {0x22e}, [@common=@unspec=@statistic={{0x38}}]}, @MASQUERADE={0x38, 'MASQUERADE\x00', 0x0, {0x1, {0x0, @multicast1, @remote, @icmp_id, @icmp_id}}}}, {{@uncond, 0x0, 0x70, 0xa8}, @REDIRECT={0x38, 'REDIRECT\x00', 0x0, {0x1, {0x0, @multicast1, @empty, @gre_key, @icmp_id}}}}, {{@ip={@broadcast, @multicast1, 0x0, 0x0, 'veth1_to_hsr\x00', 'ipvlan0\x00'}, 0x0, 0xe0, 0x118, 0x0, {}, [@common=@socket0={{0x20}}, @common=@osf={{0x50}, {'syz0\x00'}}]}, @DNAT0={0x38, 'DNAT\x00', 0x0, {0x1, {0x0, @private, @multicast2, @gre_key}}}}, {{@ip={@remote, @empty, 0x0, 0x0, 'veth1_to_batadv\x00', 'pim6reg\x00', {0xff}}, 0x0, 0xc0, 0xf8, 0x0, {}, [@common=@ttl={{0x28}}, @common=@inet=@tcpmss={{0x28}, {0xf}}]}, @NETMAP={0x38, 'NETMAP\x00', 0x0, {0x1, {0x16, @remote, @broadcast, @icmp_id}}}}], {{'\x00', 0x0, 0x70, 0x98}, {0x28}}}}, 0x490)
r6 = socket$igmp6(0xa, 0x3, 0x2)
setsockopt$inet6_int(r6, 0x29, 0x7, 0x0, 0x0)
r7 = openat(0xffffffffffffff9c, &(0x7f0000000040)='./cgroup/cgroup.procs\x00', 0x8000, 0x0)
r8 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000180)={0x18, 0x5, &(0x7f0000000280)=ANY=[@ANYBLOB="180000009fff514a000000003a810000850000000700000085000000d000000095"], &(0x7f0000000080)='GPL\x00', 0x0, 0x0, 0x0, 0x41000, 0x0, '\x00', 0x0, 0x2, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0xb863, @void, @value}, 0x90)
socket$inet_udp(0x2, 0x2, 0x0)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000040)={&(0x7f0000000000)='contention_end\x00', r8}, 0x10)
syz_clone3(&(0x7f0000000700)={0x2000a0080, 0x0, 0x0, 0x0, {}, 0x0, 0x0, 0x0, 0x0, 0x0, {r7}}, 0x58)
sendmsg$NFT_BATCH(r0, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000000)={&(0x7f00000003c0)=ANY=[@ANYBLOB="140000001000010000000000000000000000000a20000000000a01080000000000000000010000000900010073797a300000000078000000090a010400000000000000000100000008000a40000000000900020073797a31000000000900010073797a300000000008000540000000253c0011800a0001006c696d69740000002c0002800c000240000000000000000008000540000000000c000140000000000000040008000440000000019741c6d80412a7bd3b92904865ef5b277c6f6c7bdb76053ef5d2d9bebb61105a16bea005cac6f98a986c1faf01a05f2b60167e465f2bae4493a6b58d4c41dc3a2a02e3423f0cb3b21969549cdbf0ec4e3c399c7ac8f85e7b0aff4f0d87225959b3291bdfe08d990448b65639d565608e2cd29e8664417fa9ff88638b6e7de85ac191b2d24c47e336af79ddd749f71d55eebd4a4223c67f3d65ca1aee5e44a28bc29a34054818eeab967fe119acc9e277c030b0262b6b962217fa1ef117ea81dc9bab8dcdec6eedf9d54bcc5bbbd351fd857b1de7aed340d2cf4d2abe3f92d480b40717"], 0xc0}}, 0x4000)

4.508130591s ago: executing program 4 (id=1646):
r0 = openat$kvm(0xffffff9c, &(0x7f0000000040), 0x480, 0x0)
r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0)
bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000002c80)={0x3, 0x5, &(0x7f0000001900)=ANY=[@ANYBLOB="180200000100000000000000000000008500000087000000850000002a00000095"], &(0x7f0000000080)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x90)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000180)=0x1)
sched_setaffinity(0x0, 0x8, &(0x7f0000000200)=0x400000bce)
bpf$ENABLE_STATS(0x20, 0x0, 0x0)
r2 = bpf$PROG_LOAD(0x5, &(0x7f0000000200)={0x4, 0xe, &(0x7f0000002180)=ANY=[@ANYBLOB="b702000007000000bfa30000000000000702000000feffff7a0af0ff1800000079a4f0ff00000000b7060000ffffffff2d6405000000000065040400010001010404000009000000b7030000010000006a0a00fe000000008500000032000000b700000001000000950000000000000075cdc4b57b0c65752a3ad50000007ddd0000cb4500639100f51f00000000000000ff7f0000b52f17cee19d0001000000000000000000cb04fcbb0b9bafe3ba431351a58a885ba9918d37b056b9bbd11b6b9f6cf7db6d574620260000000000008062d77e84cef4a2ab938f65aac33c4d620de2c9b7dc10d7d313f9f57606b83b994fb484510bef2e4872f5c2fe6faaf75e5cc4051ade12f41deff6df6a936b4ec3827c739bb39aad16d875fe369258673b5df11cc2afb53611cc320000bc0b80e80eae8f5e64becef4db2ce77c55dbaca340e4a01e2c9d2d29db3d36dd015c7bd3f15aa6aadbeab2a01685108e61aa000000000000000000000000008b798b4f7458d1863cc67c4c6a06e828e5216f601b19db1af1b5d356d0f062137d866d11be4ba3f0151f07bd4e97d62ecc645e143a60f1c6edc76609077909826151e2b42bf005007e8b0db51662de6d87c41cd3ade010e9468bda6f82881eb8c9cfa72bba6708eecc952a3fd2c46f3c1cde71a19d1a2982492a210e00d2bfea3b8d188df2eff8d56aaae7d32a2e183722537395019f02ec4b85f6aad7faca088de9b26797a8446b16c28d85f225992dbdd5bb01ba51508951c7a7d6ca0916c3a12912715649c2b1c7192a4251b59d378d0616a48c7957e122665c8b7e89eddfc3783f6c9129a7c5f8ee5f50579e2f638f7eb12f63be72a3d817b324d6e417b1c2cbfdcada0a16e31790e26cf101000500496ee2782224cf30f810da86cf1a3204f4c9404f5d7321a4fefc4d1c9139ca4b65b99909950000006b4207e6078625cb2717e21f8f187b1866108b6e8c71e26032176066599783568628f0309c3afa716d3706e1fa89917e131f4034a8383e99c3568fd04201b37cd92ca6d2676bef8310f7032775cfd75652f87b039d543000000000000000008ce31344b554aca78a00000000000000e63a0dba7f6b25e8d5e40a3a571a5dfde3b4dca2d38a9c0ea7b5bcd49f977c609915c7601080d10b96af1eb55922b2ad13a0eeefae505f4535cd9dc69fbab92150c7e74e5c5b051ddf6399b0d00eee5c3afee38cdc55b8d3fbbe210bdec686a23503f4a5f5734a9e204dbc327ec8f9851d273fa07369c419942509198605ff2781f4d2d4685d762d4764f7ff762e09116946137b7ab812a2d408b57206093eea233054c6aa08bffc8a076d476bc28fc21d5297997a7c71f38ee2d7102d0a7bea32f51aba25da0f72b895ec90882f56730236b30e656a1ab2fcb80df49afa05d8c9d5bdc3c1feed5c593a5d84825df543749d993a58"], &(0x7f0000000340)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x8, &(0x7f0000000000), 0x8, 0x10, &(0x7f0000000100), 0x10, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x94)
bpf$BPF_PROG_TEST_RUN(0xa, &(0x7f0000000240)={r2, 0x1f2f, 0x241, 0x38f, &(0x7f00000007c0)="9f44948721919580684010a486dd", 0x0, 0x241, 0x0, 0xb1, 0x0, &(0x7f0000000700)="389ceff69d08b0af1cc71b6262d50660bbaf31a7f8cd6a6f911beb65d5fe6b54bf21a66489121f24fefd198059288c9b735e1898e77a7469489a249292c02a72bc193a3008ebdbf4e9dd4ee8fcceef55402c913c8dd0ebece1330aaa93ece835c5044a246a5967e3acd7c950b3b19f351830e545eb9bc3a9c6dd22ce97f1f857cfe8b68a2370b69ea336006b589368f92deb68f3dfc6f2bfee09f8342da437fce5dcdf658e453e3132bb42067575318c39"}, 0x23)
r3 = syz_open_dev$MSR(&(0x7f00000001c0), 0x0, 0x0)
read$msr(r3, &(0x7f0000019680)=""/102392, 0x18ff8)
ioctl$VIDIOC_QUERYCTRL(0xffffffffffffffff, 0xc0445624, &(0x7f0000000040)={0x64e4ad8f, 0x2, "f256ff5141a2c4847732eb158006fd12ce52de20d2df3345c6b45b8c11c0bf30", 0x3, 0x2, 0xfffffffc, 0x0, 0x4f})
connect$inet6(0xffffffffffffffff, &(0x7f0000000100)={0xa, 0x0, 0x0, @mcast2, 0x5}, 0x1c)
tgkill(0x0, 0x0, 0x1a)
syz_init_net_socket$netrom(0x6, 0x5, 0x0)
r4 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0)
ioctl$KVM_SET_MSRS(r4, 0x4008ae89, &(0x7f0000000200)=ANY=[@ANYBLOB="0100000000000000d90100000000e8ff03"])

4.473194853s ago: executing program 2 (id=1647):
r0 = socket$kcm(0x10, 0x2, 0x10)
sendmsg$kcm(r0, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000080)}, 0x0) (async)
ioctl$IOC_PR_CLEAR(0xffffffffffffffff, 0x401070cd, &(0x7f0000000580)={0x8}) (async, rerun: 32)
r1 = openat$vcsa(0xffffffffffffff9c, &(0x7f0000000040), 0x361080, 0x0) (async, rerun: 32)
getsockopt$inet_pktinfo(0xffffffffffffffff, 0x0, 0x8, &(0x7f0000000180)={<r2=>0x0, @remote}, &(0x7f00000001c0)=0xc) (async, rerun: 64)
r3 = creat(&(0x7f00000000c0)='./file0\x00', 0x0) (rerun: 64)
close(r3) (async)
r4 = socket$inet_dccp(0x2, 0x6, 0x0)
mount$9p_fd(0x0, &(0x7f0000000000)='./file0\x00', &(0x7f0000000640), 0x0, &(0x7f0000000040)={'trans=fd,', {'rfdno', 0x3d, r3}, 0x2c, {'wfdno', 0x3d, r4}}) (async)
bpf$BPF_BTF_GET_NEXT_ID(0x17, &(0x7f0000000280)={0x3, <r5=>0x0}, 0x8)
r6 = openat$nullb(0xffffffffffffff9c, &(0x7f0000001000), 0x169802, 0x0)
r7 = dup(r6)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0x1000006, 0x13, r7, 0x0) (async, rerun: 32)
ioctl$BLKROSET(r7, 0x125d, &(0x7f0000000000)=0x4) (async, rerun: 32)
ioctl$BLKRRPART(r7, 0x125f, 0x0)
r8 = bpf$MAP_CREATE(0x0, &(0x7f00000002c0)=@bloom_filter={0x1e, 0x9, 0x4, 0x4, 0x200, 0xffffffffffffffff, 0x3, '\x00', 0x0, 0xffffffffffffffff, 0x4, 0x2, 0x5, 0x3, @void, @value, @void, @value}, 0x50) (async)
bpf$MAP_UPDATE_CONST_STR(0x2, &(0x7f00000003c0)={{0xffffffffffffffff, <r9=>0xffffffffffffffff}, &(0x7f0000000340), &(0x7f0000000380)='%ps    \x00'}, 0x20)
bpf$PROG_LOAD(0x5, &(0x7f00000004c0)={0x16, 0x10, &(0x7f0000000080)=@ringbuf={{0x18, 0x0, 0x0, 0x0, 0xfffffffd, 0x0, 0x0, 0x0, 0x5314}, {{0x18, 0x1, 0x1, 0x0, r1}}, {}, [@alu={0x0, 0x0, 0x3, 0xa, 0x5, 0x30, 0x8}], {{}, {0x7, 0x0, 0xb, 0x2, 0x0, 0x0, 0xef55caebba45cd6c}, {0x85, 0x0, 0x0, 0x85}}}, &(0x7f0000000100)='syzkaller\x00', 0x401, 0x25, &(0x7f0000000140)=""/37, 0x1e00, 0x13, '\x00', r2, @flow_dissector, r3, 0x8, &(0x7f0000000200)={0x0, 0x3}, 0x8, 0x10, &(0x7f0000000240)={0x2, 0x9, 0x22da, 0x8}, 0x10, r5, r7, 0x5, &(0x7f0000000400)=[0x1, r8, r9, 0xffffffffffffffff, 0xffffffffffffffff], &(0x7f0000000440)=[{0x3, 0x2, 0xe, 0x2}, {0x5, 0x4, 0xc, 0x7}, {0x4, 0x5, 0x8, 0x5}, {0x3, 0x5, 0x10, 0x6}, {0x2, 0x5, 0xc, 0x8}], 0x10, 0x6, @void, @value}, 0x94)

4.452276072s ago: executing program 3 (id=1648):
r0 = socket$nl_route(0x10, 0x3, 0x0)
sendmsg$nl_route(r0, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000140)={&(0x7f00000000c0)=@newlink={0x48, 0x10, 0x403, 0x0, 0x0, {}, [@IFLA_LINKINFO={0x28, 0x12, 0x0, 0x1, @ip6gretap={{0xe}, {0x14, 0x2, 0x0, 0x1, [@IFLA_GRE_ENCAP_LIMIT={0x5}, @IFLA_GRE_TTL={0x5}]}}}]}, 0x48}}, 0x0)
r1 = syz_init_net_socket$bt_hci(0x1f, 0x3, 0x1)
accept$inet6(r1, 0x0, 0x0)
r2 = openat$iommufd(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0)
ioctl$IOMMU_IOAS_ALLOC(r2, 0x3b81, &(0x7f0000000080)={0x19, 0x0, <r3=>0x0})
ioctl$IOMMU_IOAS_MAP$PAGES(r2, 0x3b85, &(0x7f00000000c0)={0x28, 0x7, r3, 0x0, &(0x7f0000ffa000/0x3000)=nil, 0x3000})
ioctl$IOMMU_TEST_OP_CREATE_ACCESS(r2, 0x3ba0, &(0x7f00000001c0)={0x48, 0x5, r3, 0x0, <r4=>0xffffffffffffffff, 0x1})
ioctl$IOMMU_TEST_OP_ACCESS_PAGES(r2, 0x3ba0, &(0x7f0000000240)={0x48, 0x7, r4, 0x0, 0x0, 0x0, 0x0, 0x3, 0x20ffa000})
ioctl$IOMMU_TEST_OP_ACCESS_PAGES$syz(r2, 0x3ba0, &(0x7f0000000100)={0x48, 0x7, r4, 0x0, 0x10001, 0x0, 0x9, 0x24de1d, 0x178f1a})

3.79203057s ago: executing program 2 (id=1649):
bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000300)={0x11, 0x5, &(0x7f00000002c0)=ANY=[@ANYBLOB="18050000000000fe000000004b64ffec850000007d000000040000000700000095"], &(0x7f0000000080)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x60, '\x00', 0x0, 0x2, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x94)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0)
sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x7)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0)
r0 = getpid()
sched_setscheduler(r0, 0x2, &(0x7f0000000200)=0x6)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={<r1=>0xffffffffffffffff, <r2=>0xffffffffffffffff})
connect$unix(r1, &(0x7f000057eff8)=@abs, 0x6e)
sendmmsg$unix(r2, &(0x7f0000000000), 0x651, 0x0)
recvmmsg(r1, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
r3 = socket$inet6(0xa, 0x2, 0x0)
bind$inet6(r3, &(0x7f0000f5dfe4)={0xa, 0x4e20, 0x0, @empty}, 0x1c)
recvmmsg(r3, &(0x7f0000000040), 0x400000000000284, 0x2, 0x0)
sendto$inet6(r3, 0x0, 0x0, 0x0, &(0x7f0000000300)={0xa, 0x4e20, 0x0, @mcast2}, 0x1c)

3.791816784s ago: executing program 0 (id=1650):
r0 = syz_usb_connect$hid(0x0, 0x36, &(0x7f0000000040)=ANY=[@ANYBLOB="12010000000018105e04da0700000000000109022400010000000009040000090300000009210000000122220009058103"], 0x0)
syz_usb_control_io$hid(r0, 0x0, 0x0)
syz_usb_control_io$hid(r0, &(0x7f0000000000)={0x24, 0x0, 0x0, &(0x7f0000000100)=ANY=[@ANYBLOB="002222000000a1231306010003e7e036042a90a0270200b849da053e2503a74c9c911b0b5d8c3dda"], 0x0}, 0x0)
syz_usb_connect$hid(0x0, 0x36, &(0x7f0000000040)=ANY=[@ANYBLOB="12010000000018105e04da0700000000000109022400010000000009040000090300000009210000000122220009058103"], 0x0) (async)
syz_usb_control_io$hid(r0, 0x0, 0x0) (async)
syz_usb_control_io$hid(r0, &(0x7f0000000000)={0x24, 0x0, 0x0, &(0x7f0000000100)=ANY=[@ANYBLOB="002222000000a1231306010003e7e036042a90a0270200b849da053e2503a74c9c911b0b5d8c3dda"], 0x0}, 0x0) (async)

3.786465356s ago: executing program 3 (id=1651):
openat$ptmx(0xffffffffffffff9c, &(0x7f00000000c0), 0x0, 0x0)
openat$ptmx(0xffffffffffffff9c, &(0x7f0000000100), 0x1f5001, 0x0)
r0 = memfd_create(&(0x7f00000001c0)='\xa3\x9fn\xb4dR\x04i5\x02\xac\xce\xe1\x88\x9d[@8\xd7\xcc\x1f 9I\x7f\x15\x1d\x93=\xb5\xe7\\\'L\xe6\xd2\x8e\xbc)JtTDq\x81\xcf\x81\xba\xe51\xf5\x00\x00\x00\x00\x00\x00\x00\x05L\xbf\xcf\x91\xdfM\xf3\x02^T*\x00\x02\xb9~B\x9f\xacl\x1d3\x06o\xf8\x16H\xaa*\x02\xf7\xfb\x06\xf1\x83\x92\xa8\xc2\xcb\xae\xb0\xb4\x93\xb8\x04\xf1\x99\xc2yY+\xd9y\x8a\xd5b\xe8\"q\x1b0)\xccm\xacz\xc1\xadd\x9b6a\xf3\xdds\xbb\x88\xff\b\x85\xb3s\x00\x0e\xbcfvi\x85\xfc.|\xd4h\xec\x82o\x8e\x93\x11\xc1\xd4\xae\x05\x17=\xd9R\xd0\xd4\x90\xcf\x9b\xdc\xaeV\x88\x94\x9f\xe3\xefqi\xed\xaaw\xbe\xd0\xd0\xc8d\x96G\xcf\x066\x84\x82-tBl\x9e+\xd3\xed\xce\x9f\x83\x86\xf9\x12\x16Ts\x80\x13]C\xfb`\xc2`\xf7\x1a\x00\x00\x00\x00\x00\x00\x00k\xae\xcb\x1a.\xc2\x8f\xd1x4]PZ\x9e\xd5Y\xf0L\xa4\xbc\x84\xf6\x04L\xff0\x8b\\*\xf9,\xb6\r\x97\xedy\xe0\x8a\xe2\x8ck\xc6S\xc3g\xb9\x1a\xf8\x8f \x9d\x00u7\xd8\'\xf1E\xa4(Q\x80Fy\xb5\xe4q\xc9\xff \xd8\x9d\xad\x11\xf8m\xd3\xbc\x9e\x10\x04\x7f!\xca\x0ev\x15h$\x01\xdd\xe5\xce\xf8*\xb3\x01\x85\a\xe4qv&\x9c\xac\x9aN~o\xe5\x89\xd5\a\x9f\f\x1f\xc2e/\x8d\x1e\n\xd0_\xbd!^\xa46\xb8j\xc0x\n\xdb\xe1\xa3\xd6\xae;\r\x92@\xa5I\x88Z1F\xf0\x1at\t\xd0\x8a\x04m\x06\xf3BL\xffS\x9eY\xf4\xb0U \xf8\xd00\x88y\xebX\x92\xd5\xbb\xa1h7\xf3\xe0\x0f\xbd\x02\xe4%\xf9\xb1\x87\x8aM\xfeG\xb2L\xbd\x92-\xcd\x1f\xf4\xe1,\xb7G|\xec\"\xa2\xab\xf6\x84\xe0\xcf1\x9a', 0x0)
write$binfmt_elf64(r0, &(0x7f0000000640)=ANY=[@ANYBLOB="7f454c4600000000000000000000000003003e00ffff0000000000000000000040000000000000000000000000000000000000000000380002"], 0x78)
r1 = fanotify_init(0x200, 0x0)
r2 = dup(r0)
fanotify_mark(r1, 0x221, 0x48001069, r2, 0x0)
landlock_add_rule$LANDLOCK_RULE_PATH_BENEATH(r2, 0x1, &(0x7f00000001c0)={0x4000}, 0x0)
r3 = openat2(0xffffffffffffff9c, &(0x7f0000000140)='./file0\x00', &(0x7f0000000180)={0x202140, 0xa0, 0x10}, 0x18)
ioctl$TIOCSETD(r3, 0x5423, &(0x7f0000000000)=0x6)
r4 = openat$ttyS3(0xffffffffffffff9c, &(0x7f0000000080), 0x0, 0x0)
ioctl$TIOCSETD(r4, 0x5423, &(0x7f0000000040)=0x14)

3.615447664s ago: executing program 4 (id=1652):
ioctl$DRM_IOCTL_SYNCOBJ_HANDLE_TO_FD_SYNC_FILE(0xffffffffffffffff, 0xc01064c1, &(0x7f0000000000)={0x0, 0x1, <r0=>0xffffffffffffffff})
cachestat(r0, &(0x7f0000000040)={0xffffffffffffffff, 0x6}, &(0x7f0000000080), 0x0) (async, rerun: 32)
getsockopt$inet_sctp_SCTP_ADAPTATION_LAYER(0xffffffffffffffff, 0x84, 0x7, &(0x7f00000000c0), &(0x7f0000000100)=0x4) (async, rerun: 32)
r1 = syz_init_net_socket$nl_generic(0x10, 0x3, 0x10)
syz_genetlink_get_family_id$net_dm(&(0x7f0000000140), r1)
r2 = socket(0x1e, 0x6, 0x99)
getsockopt$inet_sctp6_SCTP_ADAPTATION_LAYER(r2, 0x84, 0x7, &(0x7f0000000180), &(0x7f00000001c0)=0x4) (async, rerun: 32)
r3 = syz_open_dev$ttys(0xc, 0x2, 0x1) (rerun: 32)
ioctl$GIO_UNIMAP(r3, 0x4b66, &(0x7f0000000240)={0x4, &(0x7f0000000200)=[{}, {}, {}, {}]}) (async, rerun: 64)
r4 = openat$qat_adf_ctl(0xffffffffffffff9c, &(0x7f0000000280), 0x410080, 0x0) (rerun: 64)
fcntl$setownex(r4, 0xf, &(0x7f00000002c0)) (async)
ioctl$IOCTL_STOP_ACCEL_DEV(r4, 0x40096101, &(0x7f0000000400)={{&(0x7f0000000380)={'Accelerator0\x00', {}, {&(0x7f0000000300)={'Accelerator1\x00'}}}}, 0xe}) (async)
r5 = bpf$TOKEN_CREATE(0x24, &(0x7f0000000600)={0x0, r2}, 0x8)
r6 = bpf$BPF_BTF_LOAD(0x12, &(0x7f00000005c0)={&(0x7f0000000440)={{0xeb9f, 0x1, 0x0, 0x18, 0x0, 0x25, 0x25, 0x2, [@ptr={0x1}, @datasec={0x8, 0x1, 0x0, 0xf, 0x1, [{0x1, 0x2, 0x10}], 'Q'}]}}, &(0x7f00000004c0)=""/193, 0x42, 0xc1, 0x0, 0x2, 0x10000, @value=r5}, 0x28) (async)
r7 = accept4(r2, &(0x7f0000000640)=@isdn, &(0x7f00000006c0)=0x80, 0xc00)
r8 = socket$inet6_udplite(0xa, 0x2, 0x88)
sendmsg$nl_netfilter(r2, &(0x7f0000001bc0)={&(0x7f0000000700)={0x10, 0x0, 0x0, 0x80000000}, 0xc, &(0x7f0000001b80)={&(0x7f0000000740)={0x143c, 0x14, 0xa, 0x401, 0x70bd25, 0x25dfdbfd, {0x7, 0x0, 0x8}, [@typed={0xa4, 0x45, 0x0, 0x0, @binary="b44d237ea5e084a49461fd7adb1c843e2d6c6ad7ec503139f0d57cb524a8530f69e5a03b1286be7081cafa07bf8f333a51d42b5e27118281d3563340821466752de510d3383a6a5bc78535665c16c2c330eda6478cff31e3715d05939c66ba74ad3fb5412e9abb4b2fb3e2611fa6fce01c49125804b37e77db997777042cee5d1f51aa85e23bb173ce2265e0dffe72062f372dc78aeae0238d1731a64528665b"}, @typed={0xc, 0x90, 0x0, 0x0, @u64=0xffffffff}, @nested={0x13e, 0x94, 0x0, 0x1, [@generic="61607e08311facb69b0486a5610a170aebaf6fe29e26750e4628eae39e43a84a90f935f5a8de5c1715a924d5999f501a21fde8701edfc9a04ce5822b287eccf62fc95149520c0476142b2e1329856d62090edb88b05de341fee054c9e5d1954fbac207790a7f77b453f497f263b3047f3ef6134c04761c82cb0fad4c1bb41a5aa1eac95f09dbb686bc0f319601fdbe0f090d6407f9bc865f32c6726fde8272d0c9d178e237cbe34bf39380409e3bcc86e4780612d0c59938174040a17a872fd84c471e720f73cab790c49bf293bf228902059ebf172b327814f631ddfadc7fbdcd1f434ffeead64d26aa9aa7520ba72981284c", @typed={0x14, 0x48, 0x0, 0x0, @ipv6=@rand_addr=' \x01\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x01'}, @typed={0x4, 0xfd}, @generic="c8ac8456761ef2a456069f15c5a9c9c184ec1c", @typed={0xc, 0x128, 0x0, 0x0, @u64=0xb}, @typed={0x8, 0x7, 0x0, 0x0, @u32=0x6}, @typed={0x8, 0x126, 0x0, 0x0, @fd=r3}]}, @nested={0x214, 0xcb, 0x0, 0x1, [@generic="09f488711555219c79a67fc24ceb26370bede4b88d13381907ebb1db2439e65e32b493d001c2f7f23eca9cf6e5c0e1a81b9f4e5fc45731e3acda412bf394c4ec4afb07b0fd353c50ce87fd1c3bc80f3665468fdbf0ca194224578309b9e23b486109ba6a2920737d9921f64b8ae7f8db75a72598b7e81671f852968d409a2c983a109e42edbac68bdbfe1bb9be83b02d44b9c51bd7c1dd8dae1e", @generic="7c7571ee6936f0854d7f76d4f524540043d6aa1bd0ba568b1801b4094f7a205279dcffd2a2c90cce4cf27054ac6410a981cd7c471420e70352a635483852beeeb7c26215f88c954a5b93f8cd8f30747fea86aa8736b8ad40b68ca3933e77f0e4cbffe976bd9c446acd7e1456d17fe7458142f8ddb13e186a4b4bc97ad6bd956c71c1bfd75c0706b5758357f9d18cfdc1a7", @generic="feabc399520b4afe4341b12213d40a2e8901576d9fe0e140901b3f0c485daabee04ac27205af47cf463c5110d2bb72e96ac6cdd204171eb840d94f18662e56fd7b645b54f2807d5950a8b25bbc7df9d933b72fa51bef0f2d7eb1c954b3090a1aace16814669cfd57be490f4c3fc44f69103faa94ded3ae524757b2dad21df0f81e418338a4c08fe99facb5189b3569693d59bc5c29d818e03bc78f178356d7dc5160962c129cf15b2af98abb43282087ef3ea10f4fd22a1498991b51fd86849d26619103672bd59ea9b3dad3b1002a7581a280046fde9f6c40c2ce6703", @typed={0x8, 0x7d, 0x0, 0x0, @fd=r8}]}, @nested={0x1010, 0x110, 0x0, 0x1, [@generic="c0a5afeeeed64621bfec71722d2629d429dfe3470bc69d0b5422850aaa7f7b9d864460f4e3cf3c52e2aeb29d66e2679e4751601794a128ed4f08883c370ac75fce2253e10b1d1f0a6a1cfe88ffc5600b914b651d4ce4be47f6478d733c64999827927b87d6fe9ce96eaaa55d199f5406225cde9e51b66b8554db84d85c752a96f8ec3075ae20f805d6511194151b7ff9b3886aa4ab225ab0dfeb379c1077aa118fd510a5729ad06b76c90829431b90e87b944d51f29e77ef76e4b80e6c716cd94d0a1563eddd8048ae322b97c76f75edd317e6de83dd00cac3feb41eaa5c1bfa30d82d990623e8eee660144743029045098a2cfefc84ebecfc54976a5198ca43d2500b1c482903539508585d0449b640fd55ef0a81e7a4d552346b5cf8d7ae608cd7209ad3af5adb834407500994f53839caaf2e72f7260ed2caf333e05fc018dd60bcab635e1cfeabe475f9fdf6e22367d4d8c8656216f09668dea5ed0da35fb654e5b82997e30288a769a0474792229a7f001a67b83f2c05adb6edbbc35e3450e4cfe34d9886b1c2a6ec5793cf5f945cc6be348dccd938df266a77c26c18fb5e0fdd5c24287baa589246f31a0a50dec9bf7a2c9582c74f1d3f1dbb334e363dc9e3a8b4eef0f536388631f7d2bbdb7d19f89ff3369b30c7a0610dfeb4b768932e574f8a9e12c79f7779164f5314c65853ec3456711f0323b67678979e1bdfe2a5a0b63e9beddf15e68710db93721fb981745f5bee723e9bedb05a56e489e6dda18e59573656854e892c081d5c224d2f020cdc8f78731c9a9e52ab0a0eadd57396ecd4c2c5b3906afcbc4e0fb60e112921a702af667ea1666951265b9a4567a2c917c2c79fac84d6dc07da0ccb16e1cd3e999bf17fc7a337240eb21420c2e41867fa73e4eaa40b21dab74b1dd02262a685b0fc64857686d5ba4ae223625b2f2db7afa8c952acd64355ddae693d2377a947c42c2a41e27071f1e6058358b3a378714446512b316c36f9c29c365b8854599aa781f96a59764a11bd5e8d6dfc51d369496d4d142ea00719b1f5231934b01b1c99fbfbacf8c3a68aae1527c7fe26552e6492a7f0428a7aedbf9fbbb32e035a76f3f1a9dd12dd56fa9f957c4c004b6dc497d74d396ebbedce194721c55976baf4876ddc343621494c3d4ab379781d7d072fa6e2b3606203fbb299ef0d9ef2defdc2ebd047b1a08dbf9427a0a78152e4792dc44bd969d2376fc1af2ba5518565f8b92243ae4481d60b4764d3e37a776ea45f336fa0d9a2277c2c5fbca816fb1ee31629e6dc10b2deecceea2c7c903b4006415b5fc3a27531b93044e01a447f97018f780e2c699c6cab34839c77e1832dfd2c7c56c125e4f9195b874dcbead63df8725fad0a6a5e71e4b0b058fababca43d698bcf92f10b38f0fd15f25dcc91ad9a277efb19ee67802d8329b890312f0f2afaf61f2428a31c38d1a2303118dcef15a890272ab891a7b90a7ad30ae96ccc3d1fa8e099d34816dc2b976738277d6565648b0ee96a365c4edc17fcd82eeda51244120ceffcd698c2628d9ec840d0716a3c861802b7841979744a370aec81987fb40186be26c78614cf6fba12c73bd358d989b2be1705c0e7c91894b48c2e26f45111589a33920b021465c0f631a97a7b81eeace3bd73407927366d697d89910ab7d9ee996c7baf9a3adea13b8db95de808f1c1de6409de83e08cdf2581e749aec45618bab03f787486404fb358aec2c7991dfb1d655d0908cb6fa710b0033d386c564952168c392930cd817a5d6041553ace114518c6c683d320784d8df9485d43f1d0a7f031bd5ddcec67dc07db76d357243802959995023e55fae3d4904e345bfabc5897ee8b6a5641d65b5e420674bf191239101e5ad43ab9046489fbe7afd3b1a03c8971500d44ff303089490a3e0d40be05b2a26147d88a549dee96fed5fce3765a8c3171d8192ffd660d46f78c715dde989b7dc126a94cbcbb5d34006b3026c2217a04d3d92feadeee2b4723ae622e468ebc7dde494dc7df3813afb1a92164a20c45c06ff31317440c5c5c8753f687209f3af93a43c1da86228d72328aac54cb2bb09c78a0320c3130abe7df03d008045c3c864bc0d85a24c92ac75321fb09bed4c08cd936678718bd0bcee6546152325a04f47808135c4a11b69d6683b19991b4ba4980f6c8b33abccd24fbd7d5511d39435dddf1e07863485f35d9a24fade65de78fb2f0898b21e5ba1289c093090526b608d23c1bae3c9018038070008eab0445490f57e92d16d1f537960f2dcecb8ea4099fd337fd8f625f987404342d65e7a8cfdb32e909bb6c79deaba766240e2eec34eb7c53ec39e7d2da84173451f7b1e1b159ecbd1184e439c29a64f63e0f2d58d653aff02bc20cdbd05967c06e1e4265553f41d6ec8f1f098519ed2f39665a915f39e33d4a21308df4dc3b557c454767c00d09b37cec4d5e61ca0b135f12e230708441b8c6c0bd5fd2db311428a238ee47895f2699515572a442d410a7ec7b480105016cd5f095479dd99e2d50ec9fd5b48fb3e6b497d8ca13856f757377f6bd99cd6082a7d9bca316d2bf2eee0bce79bcd164312f2bbcf621fd73c04bcb4bbbf1977e5f309bd1e8f74bf517dd5b1bb3ef31020a9c2999f05a59ba3e12d4c4ca0bcce278617aa3ca3d95d901fe75bbbf61677cc09ed9973ed66bcb286d30fa803dd11a88e4ec90fdc81206a2227ca51d789f41be2948982ad84f4330478b07cf3c8694a5c2750ee020726e16967b999ea8e497af215c4b56e50f66a87f74d0e5c69d18cb2b897eb5085a16d1a693f38c023752133bb12f7785814d983315e1c428e7b7556f374a825eccfa32d6818de7044ab32b96b4ec0582803e605ab75fb5cd90d72605d16504234e6339b2b3313bb8f41819b0e14cf2cef1cf254ef0269910f7508d6cd7254afd9d32c3409e28923639ff6cb4d884a48319a3c7324a4754c47daabf55f856834a43f87c7e208cd89527fe0578eea79fcf4cad484a38600f2cf8455f54aedf3656dd0a53cfc68f0e4a029495b31e47c8c6156b2a1e38b9189d5348f424e638cd1779bb790fca188a332e5aa5a9c9a7a38688a610a74933aeefb4bbf0fab9609baa4850d2dc4bd050de946fc1bc936b46762f9f3ce1241fa33e7c1b943e84bce3caea44940d661c9fc0f987218797035d61b0c13adfd58027777f8b3f4d22830afb9cb59f90e5f7931e14a4c8da53700d1dc2c3394103d9633ab43adfeea290bd5eea41ac7e9c1cb4f50f67c3b625dbea1e107e9d9f0d4591749c32633ae16f41ce09464c6b9557e7a619abcd7aba35861509b192d622cf981677f1c62d72375680b42dcb6a6b398fde23a34310ab6bfac51f539f68fa698ddd9794d4f60d3544796d79fd34e90d149edfdefaf72c78f2bcc6527ecbc68428dbab853c6f70c25e9a85435936ecb276ea01857720e0dd5aca8a3907455b860921b28e8b417ab29fee7c9f846bc2fd23e0f2be571993aabaf4648762a6a016dc1dc10cd13c5f5ea9db4f309eb29de4810aba3cb96ed6c2924f9613b1c508e75a71da816b0e1895cb706753e3b785f2f8c7b93db487e54d5c5a3fcdfd2a97b53319b3b9663ee833917f8bd959b4daa28247d2635c3b39f976ccc593c0214e81e2510eda924c35dbe44435e22431929947c8c6af6e146a58f4c21ca27a624c5a7fce5e6f1a05c53d93520f3b8713630ad4e3caa3877b1977bad7be158883c9200620b54aa91575b08f49295806539a352182f6b045b5420004364993c7ee5b821e0cef6c4bd11c777690ef89921cf359ba61da183a15f31445773d4d76a37d4176f394c1db707664289ec307b827d1331b3120b7067ae81a82eb9cc4eabcccd2291b25521205f9ca0198ffb8572835ae60deb257c0f0842824be467a4fd66cb682d453af60a0a7a3da0b0b0f227cdd921b89cc802b35b5bc1c541677fa2deb33e2ac82aa376ee881f7a5aa12aa48fbe894c7897575faa92ea9c11fc8ba7ed37de0ff6367a2e0f71dc3611159a0273eee42dcd92f622a4f923c940670c1f9b1ba11c65405fc919874549178bb325f59e0799373264a6d76d25a5616487c8bedc645881da9912a0cd7d5a5186b9325a07e1615877801cef160ce9fc7c6f813982baabeb45aea262483cf0d7d96ff5d45432937b7bde70507a28c7f42815fb5ec8c6f3152a145ac4d4a94faa509b7e1dc0d1f9a97d8d186dc712a47f1626fb2915f11b2c6f4ad14af2d94f06599f9d3cae07108fa20493f7eeb86c7eb7d831dac5e8a0c64eec630b2e2c3aa02a0b03c88e2a1845acad0417e026e654512557e02e7b4cd1757c1a6e755ab98f49ae3bd2a0e13d46bd9c3cb18a3755c2c0cb94b5ed70655d45ab1d558520af9f1bd7a586355889b3b1cd579a3896d5974c21ea90e98601d5d443e7bc01a03a3e7e92747eba981ca04088de2def5ce945f75e6ca148df92c4dda6432a10752e62f6ffc572d700e17ec7ae4ca2482a39b38d98ce2a783d024f01ac437a9d5a50482ebf78aace0f4716d236e557f1946ecaff7f84cb8c51187a7d2c2ac439bf59cbaca94c3bfc16f39d5da1d5f240721520f2e8d8002e32dd4e540ed47366bba53a0f8b609e8b3e108630baaf014b364dd832c875456e8ed617545f165b7f57c75507e9a777666bf64249e04ba44f85a01f778442e7dffd63645353b47a5a6a0326cfd3a26b11e18d4841dd1aac06940475dde57af90532a39267edfbc95193c75158434effabfb6b8ac944a35fd7d1151744194e70fe52adb4a9cbd7c1c7d957869973ffc3c2a222c9e8979f438dc6e191be217137acd5603753b767663d59b78a60abee1b3a95583a1c3d40e614bc871aeeaeed0d50e6f717e8f5adce8e7e3b5f4d900cad0ea5fa954534513cae56aab7444e4a945bda748776ab407c9d3abbea8e256512c315985adf23f387f9df10be43755828a054a8de366052936faac3abda2532eff18f9b54ce60fdea7050b811a980c4f34927196624e31ce74e4c1e174828acd977f20a51e5c4bf9074374bef7b0338703e69811066a4b5104d8f2ff0aae5a213c9d9a6d0e16bb17b8cfee9295dbb0cb86c3d1dfc9323181d75559a5e156b12190015c245970bd5ea81be027f299a1e14d84cb1aa773c4fd17c02713f1257d1dc9b06984a61bdd3b7e8be2da8bbf1542e3f0f739845f2f6149e37562b4ff9f42218ea2c1dd38068f1ad932c78460551db8b9fe29dd52992d606c45ba2f294351255ea9ab8e5408fd665541587713820f633107bded93ce052dcd8951959c8bd053c688ab50044d92fd98670a348eac6bdf265da65f1225e13fd183217be18f83f2981c3707c73129acda95e5144984fbb1cf3de9cf111eb9b34c098d6d1222b92f2904deb9d1a3b0e8bad071d86cce4292a907c777e0098e94fddf2f888c73f34872206eec23ca6f58262b022e982f5c0469727faefb5df28273238e8a4be5987e67cb34ea732346353b33ddd268aa08097d62d16a4bd57453259131a58c1018470ce9f0b8ab2d09f571c11e8c3554fb1da0e6aeb9e26283e11ebd4ed7c5e6c760fcc57c565609f0ca8a2ad2400cae30964cc7c93fbdf59ca8564e474cb94f50dc6f71abbe288896aa71bdb9fcc41052374f39f4484bd0257bfbceabefb70fbf3a855da646678706e29ce7a534acaf059daacafde7c77bb06898110e14f2705f1434a9ff6a3420862c0843310c69b26491620a9bc662a41910908f8abe151455e51178913c1524e89f1ef77dd151bb6876d6717b496ed96d8493797853", @typed={0xc, 0x97, 0x0, 0x0, @u64=0x4}]}, @typed={0x8, 0xc, 0x0, 0x0, @ipv4=@initdev={0xac, 0x1e, 0x8, 0x0}}, @nested={0x8, 0x14c, 0x0, 0x1, [@typed={0x4, 0x143}]}, @typed={0x4, 0x9d}]}, 0x143c}, 0x1, 0x0, 0x0, 0x4000884}, 0x40000)
ioctl$IOMMU_VFIO_IOMMU_MAP_DMA(r8, 0x3b71, &(0x7f0000001c40)={0x20, 0x4, &(0x7f0000001c00)="8226a057d285afdf7ae1da03a0d4e00f26874eb15ed5596b05f9f3b031bee1", 0x9, 0xe1}) (async, rerun: 64)
bind$vsock_stream(r2, &(0x7f0000001c80)={0x28, 0x0, 0x2710, @hyper}, 0x10) (rerun: 64)
r9 = ioctl$KVM_CREATE_VCPU(r6, 0xae41, 0x2)
ioctl$KVM_RUN(r9, 0xae80, 0x0) (async)
r10 = openat$cgroup(0xffffffffffffffff, &(0x7f0000001cc0)='syz1\x00', 0x200002, 0x0)
openat$cgroup_pressure(r10, &(0x7f0000001d00)='cpu.pressure\x00', 0x2, 0x0) (async, rerun: 64)
r11 = syz_genetlink_get_family_id$nl80211(&(0x7f0000001d80), r2) (rerun: 64)
sendmsg$NL80211_CMD_GET_MESH_CONFIG(r7, &(0x7f0000001e40)={&(0x7f0000001d40)={0x10, 0x0, 0x0, 0x400000}, 0xc, &(0x7f0000001e00)={&(0x7f0000001dc0)={0x1c, r11, 0x0, 0x70bd29, 0x25dfdbff, {{}, {@val={0x8}, @void}}, ["", "", "", "", "", "", ""]}, 0x1c}, 0x1, 0x0, 0x0, 0x88c0}, 0x44) (async)
r12 = syz_genetlink_get_family_id$tipc(&(0x7f0000001ec0), r7)
sendmsg$TIPC_CMD_GET_REMOTE_MNG(r7, &(0x7f0000001f80)={&(0x7f0000001e80)={0x10, 0x0, 0x0, 0x200}, 0xc, &(0x7f0000001f40)={&(0x7f0000001f00)={0x1c, r12, 0x200, 0x70bd2c, 0x25dfdbfc, {}, ["", "", "", "", "", ""]}, 0x1c}, 0x1, 0x0, 0x0, 0x8040}, 0x4000000)
pwritev(r9, &(0x7f0000002240)=[{&(0x7f0000001fc0)="ecb40cb1c6a1b4ab1826d89351becc73bb25d12a12b41944ab517ac0705ee25c5f4b2454c5ee862323fb6125dd5abaf590212c2bb75818ca9d7acb285f0a84b484d239294c00d283e9e1456af9033a1f615fab158260df15f291b1ec2b37a8d39cfce10405c3c7aef346bf7f6d0483e6bef73bc40fb688de1402bc8cfc391e", 0x7f}, {&(0x7f0000002040)="b1bd568bcb055d9e0ff0abb78b215332d59235768e7c43a981cb42886a1ac29ae95b8f9521a2de9ed67bf1de78600b381945a593fc", 0x35}, {&(0x7f0000002080)="6c0fa53adb9769ddb8a1b090bbc6998a967dfd56ed387278279bf50025a23458e090d104ceac691db0a178c42e5223ff236a5936230f3c03a9311d2f723ba05ecb798f7d737327eab0be075058dd682f1f46213f1cd59949d61be0c623762bae26ae983d5c7a7bbcc06e4be447a70c8ae9d2191f06660355ad26eadb", 0x7c}, {&(0x7f0000002100)="29155b01dc453028ba9ea429683f079a22f159796025e605cd22036c7cce8a820eae70bcf46c2f3290fe7400125179772ad58ac6c32f15e8f3ca3e8b2411d1c117b914d87aef234bbb3995be1aee44ce3769381b73975a60e756c192acf290082f6d1d0e23b88d96272d0c4eca3b6ae8521cf18f8c438de8b3a0cb044d2d63652b2af28d0bd08a443fae18c08ee28a9eb125d57d14e788b7baaa1291263fd1fea8f029d812812ce0c67cabb95109d10861e2df7caae67afc27d79d3903834a02fe9a2f5d0a62e247a7a69c5a195ec8206152a77fcd7c4b31d6ea0fbbebe36dab14421d35be0dc00e63ab96d5dac4", 0xee}, {&(0x7f0000002200)="f68f1caf380f1bf31c703f16b54468f5f0ae33b701ba535cb0a18a8c8c48f95e4941e56c66ef", 0x26}], 0x5, 0x7fffffff, 0x8) (async)
connect$x25(r7, &(0x7f00000022c0)={0x9, @remote={'\xcc\xcc\xcc\xcc\xcc\xcc\xcc\xcc\xcc\xcc\xcc\xcc\xcc\xcc', 0x3}}, 0x12) (async, rerun: 64)
ioctl$UDMABUF_CREATE(0xffffffffffffffff, 0x40187542, &(0x7f0000002340)={0xffffffffffffffff, 0x0, 0xfffffffffffff000, 0x1000}) (rerun: 64)

2.854961431s ago: executing program 4 (id=1653):
r0 = openat$uinput(0xffffffffffffff9c, &(0x7f00000000c0), 0x0, 0x0)
ioctl$UI_DEV_SETUP(r0, 0x405c5503, &(0x7f0000000180)={{}, 'syz0\x00'})
ioctl$UI_DEV_CREATE(r0, 0x5501)
ioctl$UI_DEV_SETUP(r0, 0x405c5503, 0x0)
syz_usb_connect$uac1(0x0, 0xa6, &(0x7f00000000c0)={{0x12, 0x1, 0x0, 0x0, 0x0, 0x0, 0x10, 0x1d6b, 0x101, 0x40, 0x1, 0x2, 0x3, 0x1, [{{0x9, 0x2, 0x94, 0x3, 0x1, 0x0, 0x0, 0x0, {{0x9, 0x4, 0x0, 0x0, 0x0, 0x1, 0x1, 0x0, 0x0, {{}, [@feature_unit={0x13, 0x24, 0x6, 0x0, 0x0, 0x6, [0x0, 0x0, 0x0, 0x0, 0x0, 0x0]}, @output_terminal={0x9}, @selector_unit={0x9, 0x24, 0x5, 0x0, 0x0, "f8431cfd"}, @output_terminal={0x9, 0x24, 0x3, 0x0, 0x0, 0x0, 0x4}, @selector_unit={0x7, 0x24, 0x5, 0x4, 0x1, '\x00\x00'}]}}, {}, {0x9, 0x4, 0x1, 0x1, 0x1, 0x1, 0x2, 0x0, 0x0, {}, {{0x9, 0x5, 0x1, 0x9, 0x0, 0x0, 0x0, 0x0, {0x7}}}}, {}, {0x9, 0x4, 0x2, 0x1, 0x1, 0x1, 0x2, 0x0, 0x0, {}, {{0x9, 0x5, 0x82, 0x9, 0x0, 0x0, 0x0, 0x0, {0x7}}}}}}}]}}, 0x0)

2.854534171s ago: executing program 5 (id=1654):
r0 = socket$nl_route(0x10, 0x3, 0x0)
ioctl$sock_ipv6_tunnel_SIOCGET6RD(0xffffffffffffffff, 0x89f8, &(0x7f0000000040)={'syztnl1\x00', &(0x7f0000000140)={'erspan0\x00', <r1=>0x0, 0x20, 0x10, 0x5, 0x0, {{0xe, 0x4, 0x0, 0x5, 0x38, 0x67, 0x0, 0xc, 0x2f, 0x0, @initdev={0xac, 0x1e, 0x0, 0x0}, @remote, {[@timestamp={0x44, 0x14, 0x3f, 0x0, 0xe, [0x5, 0x6, 0x3, 0xfffff801]}, @noop, @lsrr={0x83, 0xf, 0x7d, [@multicast1, @broadcast, @empty]}]}}}}})
ioctl$SECCOMP_IOCTL_NOTIF_RECV(0xffffffffffffffff, 0xc0502100, &(0x7f00000001c0)={0x0, <r2=>0x0})
sendmsg$nl_route(r0, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000000000)={&(0x7f00000000c0)=@newlink={0x54, 0x10, 0x401, 0xfffffffc, 0x0, {0x0, 0x0, 0x0, 0x0, 0x40008}, [@IFLA_MASTER={0x8, 0xa, r1}, @IFLA_NET_NS_PID={0x8, 0x13, r2}, @IFLA_PHYS_SWITCH_ID={0x1a, 0x24, "5c2fa696612932aa53f842589e7c0e1adf00b84564c1"}, @IFLA_LINK_NETNSID={0x8, 0x25, 0x2}]}, 0x54}, 0x1, 0x0, 0x0, 0x4008080}, 0x0)

2.850122707s ago: executing program 2 (id=1655):
r0 = openat$sequencer(0xffffffffffffff9c, &(0x7f0000000080), 0x0, 0x0)
r1 = socket(0x28, 0x5, 0x0)
setsockopt$sock_int(r1, 0x1, 0x2e, &(0x7f0000000040)=0x3, 0x4)
r2 = epoll_create1(0x0)
epoll_ctl$EPOLL_CTL_ADD(r2, 0x1, r1, &(0x7f0000000000))
ioctl$SNDCTL_SEQ_OUTOFBAND(r0, 0x40085112, &(0x7f0000000040)=@e={0xff, 0x3, 0xa, 0xc9, @generic=0x8, 0xf4, 0x10, 0x5})
openat$sequencer(0xffffffffffffff9c, &(0x7f0000000080), 0x0, 0x0) (async)
socket(0x28, 0x5, 0x0) (async)
setsockopt$sock_int(r1, 0x1, 0x2e, &(0x7f0000000040)=0x3, 0x4) (async)
epoll_create1(0x0) (async)
epoll_ctl$EPOLL_CTL_ADD(r2, 0x1, r1, &(0x7f0000000000)) (async)
ioctl$SNDCTL_SEQ_OUTOFBAND(r0, 0x40085112, &(0x7f0000000040)=@e={0xff, 0x3, 0xa, 0xc9, @generic=0x8, 0xf4, 0x10, 0x5}) (async)

2.732076655s ago: executing program 3 (id=1656):
r0 = openat$vimc1(0xffffffffffffff9c, &(0x7f00000000c0), 0x2, 0x0)
ioctl$VIDIOC_EXPBUF(r0, 0xc0405610, &(0x7f0000000180)={0xa})
r1 = socket$inet_udp(0x2, 0x2, 0x0)
bind$inet(r1, &(0x7f0000000100)={0x2, 0x0, @local}, 0x10)
ioctl$VIDIOC_SUBSCRIBE_EVENT(r0, 0x4020565a, &(0x7f0000000080)={0x2, 0x80000000, 0x2})
setsockopt$sock_int(r1, 0x1, 0x6, &(0x7f0000000000)=0x4, 0x4)
connect$inet(r1, &(0x7f0000000280)={0x2, 0x0, @broadcast}, 0x10)
r2 = openat$ipvs(0xffffffffffffff9c, &(0x7f0000000040)='/proc/sys/net/ipv4/vs/sync_sock_size\x00', 0x2, 0x0)
write$cgroup_int(r2, &(0x7f0000000340)=0x4, 0x12)
r3 = socket$inet_smc(0x2b, 0x1, 0x0)
setsockopt$IP_VS_SO_SET_STARTDAEMON(r3, 0x0, 0x48b, &(0x7f0000000000)={0x2, 'hsr0\x00'}, 0x18)
connect$inet(r1, &(0x7f0000000240)={0x2, 0x0, @initdev={0xac, 0x1e, 0x0, 0x0}}, 0x10)
r4 = socket$nl_netfilter(0x10, 0x3, 0xc)
sendmsg$NFT_BATCH(r4, &(0x7f000000c2c0)={0x0, 0x0, &(0x7f0000000200)={&(0x7f00000002c0)=ANY=[@ANYBLOB="140000001000010000000000000000000000000a28000000000a0101000000005e1affd5020000000900010073797a300000000008000240000000032c000000030a01030000e6ff00000000020000000900010073797a30000000000900030073797a320000000014000000110001"], 0x7c}}, 0x0)
sendmsg$NFT_BATCH(r4, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000040)={&(0x7f0000000380)=ANY=[@ANYBLOB="140000001000010000000000000000000000000a2c000000060a09040000000000000000020000000900020073797a32000000000900010073797a300000000070000000080a01010000000000000000020000000900010073797a30000000000900020073797a32000000002c00058008000140000000000800024000000000080001400000000608000140000000f9080001400000005c0800094000000002"], 0xc4}}, 0x0)
sendmmsg$inet(r1, &(0x7f0000004d00)=[{{0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x30000}}], 0x300, 0xf00)
openat$vimc1(0xffffffffffffff9c, &(0x7f00000000c0), 0x2, 0x0) (async)
ioctl$VIDIOC_EXPBUF(r0, 0xc0405610, &(0x7f0000000180)={0xa}) (async)
socket$inet_udp(0x2, 0x2, 0x0) (async)
bind$inet(r1, &(0x7f0000000100)={0x2, 0x0, @local}, 0x10) (async)
ioctl$VIDIOC_SUBSCRIBE_EVENT(r0, 0x4020565a, &(0x7f0000000080)={0x2, 0x80000000, 0x2}) (async)
setsockopt$sock_int(r1, 0x1, 0x6, &(0x7f0000000000)=0x4, 0x4) (async)
connect$inet(r1, &(0x7f0000000280)={0x2, 0x0, @broadcast}, 0x10) (async)
openat$ipvs(0xffffffffffffff9c, &(0x7f0000000040)='/proc/sys/net/ipv4/vs/sync_sock_size\x00', 0x2, 0x0) (async)
write$cgroup_int(r2, &(0x7f0000000340)=0x4, 0x12) (async)
socket$inet_smc(0x2b, 0x1, 0x0) (async)
setsockopt$IP_VS_SO_SET_STARTDAEMON(r3, 0x0, 0x48b, &(0x7f0000000000)={0x2, 'hsr0\x00'}, 0x18) (async)
connect$inet(r1, &(0x7f0000000240)={0x2, 0x0, @initdev={0xac, 0x1e, 0x0, 0x0}}, 0x10) (async)
socket$nl_netfilter(0x10, 0x3, 0xc) (async)
sendmsg$NFT_BATCH(r4, &(0x7f000000c2c0)={0x0, 0x0, &(0x7f0000000200)={&(0x7f00000002c0)=ANY=[@ANYBLOB="140000001000010000000000000000000000000a28000000000a0101000000005e1affd5020000000900010073797a300000000008000240000000032c000000030a01030000e6ff00000000020000000900010073797a30000000000900030073797a320000000014000000110001"], 0x7c}}, 0x0) (async)
sendmsg$NFT_BATCH(r4, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000040)={&(0x7f0000000380)=ANY=[@ANYBLOB="140000001000010000000000000000000000000a2c000000060a09040000000000000000020000000900020073797a32000000000900010073797a300000000070000000080a01010000000000000000020000000900010073797a30000000000900020073797a32000000002c00058008000140000000000800024000000000080001400000000608000140000000f9080001400000005c0800094000000002"], 0xc4}}, 0x0) (async)
sendmmsg$inet(r1, &(0x7f0000004d00)=[{{0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x30000}}], 0x300, 0xf00) (async)

2.712020785s ago: executing program 5 (id=1657):
r0 = socket(0x11, 0x800000003, 0x0)
r1 = socket(0x10, 0x3, 0x0)
socket$isdn(0x22, 0x3, 0x1)
bpf$PROG_LOAD(0x5, 0x0, 0x0)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0)
sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x7)
r2 = getpid()
syz_clone(0x0, 0x0, 0xfffffe11, 0x0, 0x0, 0x0)
prctl$PR_SCHED_CORE(0x3e, 0x3, r2, 0x1, 0x0)
sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x400000bce)
r3 = syz_open_dev$MSR(&(0x7f00000001c0), 0x0, 0x0)
read$msr(r3, 0x0, 0x0)
bpf$TOKEN_CREATE(0x24, 0x0, 0x0)
r4 = syz_open_dev$tty1(0xc, 0x4, 0x1)
r5 = fsopen(&(0x7f0000000000)='exfat\x00', 0x0)
unshare(0xc000600)
r6 = openat$zero(0xffffffffffffff9c, &(0x7f0000000080), 0x200000, 0x0)
fcntl$getownex(r6, 0x10, 0x0)
fsconfig$FSCONFIG_SET_STRING(r5, 0x1, &(0x7f0000000080)='iocharset', &(0x7f00000000c0)='io#harset', 0x0)
connect$llc(r0, &(0x7f0000000040)={0x1a, 0x302, 0x7, 0x2, 0x2, 0x64, @random="0c23c83dfddc"}, 0x10)
fsconfig$FSCONFIG_SET_STRING(r5, 0x1, &(0x7f0000001100)='iocharset', &(0x7f0000001140)='\xe0^@&&}\'\x00', 0x0)
ioctl$KDFONTOP_GET(r4, 0x4b72, &(0x7f0000000080)={0x2, 0x0, 0x0, 0x0, 0x0, 0x0})
ioctl$ifreq_SIOCGIFINDEX_team(r0, 0x8933, &(0x7f0000000600)={'team0\x00', <r7=>0x0})
sendmsg$nl_route_sched(r1, &(0x7f0000000200)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000780)=@newqdisc={0x24, 0x24, 0xf0b, 0x0, 0x0, {0x0, 0x0, 0x0, r7, {}, {0xffff, 0xffff}, {0x9, 0x6}}}, 0x24}}, 0x0)

2.667180704s ago: executing program 2 (id=1658):
r0 = socket$nl_route(0x10, 0x3, 0x0) (async)
syz_open_dev$sg(&(0x7f0000000000), 0x0, 0x0) (async)
io_setup(0x3, &(0x7f0000000180)=<r1=>0x0)
r2 = fsmount(0xffffffffffffffff, 0x0, 0x4)
syz_genetlink_get_family_id$l2tp(&(0x7f0000000080), r2)
r3 = syz_open_procfs(0x0, &(0x7f00000001c0)='fd/3\x00')
io_submit(r1, 0x1, &(0x7f0000002340)=[&(0x7f0000000040)={0x0, 0x300, 0x0, 0x5, 0x0, r3, 0x0}]) (async)
sendmsg$nl_route(r0, &(0x7f0000000280)={0x0, 0x0, &(0x7f0000000140)={&(0x7f0000000000)=ANY=[@ANYBLOB="440000001000030400"/20, @ANYRES32=0x0, @ANYBLOB="0000000000003665727370616e0000000800028004001200080004000c0d0000"], 0x44}}, 0x0)

2.33608536s ago: executing program 5 (id=1659):
r0 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000300)={0x11, 0x5, 0x0, &(0x7f0000000080)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x60, '\x00', 0x0, 0x2, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000540)={&(0x7f0000000080)='sched_switch\x00', r0}, 0x10)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0)
sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x7)
ioctl$DRM_IOCTL_MODE_GETRESOURCES(0xffffffffffffffff, 0xc04064a0, 0x0)
sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x7)
r1 = getpid()
sched_setscheduler(r1, 0x2, &(0x7f0000000200)=0x6)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={<r2=>0xffffffffffffffff})
connect$unix(r2, &(0x7f000057eff8)=@abs, 0x6e)
recvmmsg(r2, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
r3 = socket$inet6(0xa, 0x2, 0x0)
bind$inet6(r3, &(0x7f0000f5dfe4)={0xa, 0x4e20, 0x0, @empty}, 0x1c)
recvmmsg(r3, &(0x7f0000000040), 0x400000000000284, 0x2, 0x0)
sendto$inet6(r3, 0x0, 0x0, 0x0, &(0x7f0000000300)={0xa, 0x4e20, 0x0, @mcast2}, 0x1c)

2.335716598s ago: executing program 3 (id=1660):
mount$overlay(0x0, 0x0, 0x0, 0x0, 0x0) (async)
mount$overlay(0x0, 0x0, 0x0, 0x0, 0x0)
syz_usb_connect$hid(0x0, 0x36, &(0x7f0000000000)=ANY=[@ANYBLOB="1201000000000010bd28710000000000000109022400010000000009040100010300000009210200000122050009058103"], 0x0) (async)
r0 = syz_usb_connect$hid(0x0, 0x36, &(0x7f0000000000)=ANY=[@ANYBLOB="1201000000000010bd28710000000000000109022400010000000009040100010300000009210200000122050009058103"], 0x0)
syz_usb_control_io(r0, 0x0, 0x0)
seccomp$SECCOMP_SET_MODE_FILTER_LISTENER(0x1, 0x0, &(0x7f00000000c0)={0x4, &(0x7f0000000180)=[{0x7, 0x0, 0x0, 0xffff7ffc}]})
r1 = openat$cgroup_int(0xffffffffffffffff, &(0x7f0000000100)='rdma.max\x00', 0x2, 0x0)
write$cgroup_int(r1, &(0x7f0000000140)=0x3, 0x12)
syz_open_dev$usbmon(&(0x7f0000000080), 0x1, 0x2080)
socket(0x10, 0x3, 0x0) (async)
r2 = socket(0x10, 0x3, 0x0)
syz_open_dev$sndctrl(&(0x7f0000000000), 0x1, 0x101000) (async)
r3 = syz_open_dev$sndctrl(&(0x7f0000000000), 0x1, 0x101000)
ioctl$SNDRV_CTL_IOCTL_RAWMIDI_NEXT_DEVICE(r3, 0xc0045540, &(0x7f00000000c0)=0xa)
ioctl$KVM_CREATE_VM(0xffffffffffffffff, 0xae01, 0x0) (async)
ioctl$KVM_CREATE_VM(0xffffffffffffffff, 0xae01, 0x0)
r4 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f00000001c0)='blkio.bfq.io_wait_time_recursive\x00', 0x275a, 0x0)
write$binfmt_script(r4, &(0x7f0000000200), 0x208e24b)
preadv(r4, &(0x7f00000015c0)=[{&(0x7f0000000080)=""/124, 0xffffff23}], 0x1, 0x0, 0x0)
madvise(&(0x7f0000000000/0x600000)=nil, 0x600000, 0x15)
r5 = syz_open_dev$MSR(&(0x7f00000001c0), 0x0, 0x0)
read$msr(r5, &(0x7f0000019680)=""/102392, 0x8)
write(r2, &(0x7f0000000040)="240000001e005f031400ff01000000f80700b3586ff606c2e553797c080008e467dc0000", 0x24)
syz_usb_control_io(r0, &(0x7f00000002c0)={0x2c, &(0x7f0000000080)={0x0, 0xd, 0x5, {0x5, 0x22, "4a20ee"}}, 0x0, 0x0, 0x0, 0x0}, 0x0) (async)
syz_usb_control_io(r0, &(0x7f00000002c0)={0x2c, &(0x7f0000000080)={0x0, 0xd, 0x5, {0x5, 0x22, "4a20ee"}}, 0x0, 0x0, 0x0, 0x0}, 0x0)

1.850861245s ago: executing program 2 (id=1661):
r0 = syz_usb_connect(0x0, 0x3f, &(0x7f0000000540)=ANY=[@ANYBLOB="11010000733336088dee1edb23610000000109022d0101100000000904000003fe03010009cd8d1f0002000000090505020000fcffff09058b1e20"], 0x0)
syz_usb_ep_read(r0, 0x3, 0xe1, &(0x7f00000000c0)=""/225)
syz_emit_vhci(&(0x7f0000000040)=ANY=[@ANYBLOB="fd2e010046bb1598c3b04bd95b581544bc768fffd27b71419da3b7f10eec56d4c9f1b383f453fdefe841e7ce6fa883b5ffff7ee78ff2c26dcb3bf033fcbd18888d27bfb783bbee97e585d40bf13f4fae07"], 0x4)

1.712829342s ago: executing program 3 (id=1662):
r0 = openat$kvm(0xffffff9c, &(0x7f0000000040), 0x480, 0x0)
r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0)
bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000002c80)={0x3, 0x5, &(0x7f0000001900)=ANY=[@ANYBLOB="180200000100000000000000000000008500000087000000850000002a00000095"], &(0x7f0000000080)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x90)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000180)=0x1)
sched_setaffinity(0x0, 0x8, &(0x7f0000000200)=0x400000bce)
bpf$ENABLE_STATS(0x20, 0x0, 0x0)
bpf$PROG_LOAD(0x5, &(0x7f0000000200)={0x4, 0xe, &(0x7f0000002180)=ANY=[@ANYBLOB="b702000007000000bfa30000000000000702000000feffff7a0af0ff1800000079a4f0ff00000000b7060000ffffffff2d6405000000000065040400010001010404000009000000b7030000010000006a0a00fe000000008500000032000000b700000001000000950000000000000075cdc4b57b0c65752a3ad50000007ddd0000cb4500639100f51f00000000000000ff7f0000b52f17cee19d0001000000000000000000cb04fcbb0b9bafe3ba431351a58a885ba9918d37b056b9bbd11b6b9f6cf7db6d574620260000000000008062d77e84cef4a2ab938f65aac33c4d620de2c9b7dc10d7d313f9f57606b83b994fb484510bef2e4872f5c2fe6faaf75e5cc4051ade12f41deff6df6a936b4ec3827c739bb39aad16d875fe369258673b5df11cc2afb53611cc320000bc0b80e80eae8f5e64becef4db2ce77c55dbaca340e4a01e2c9d2d29db3d36dd015c7bd3f15aa6aadbeab2a01685108e61aa000000000000000000000000008b798b4f7458d1863cc67c4c6a06e828e5216f601b19db1af1b5d356d0f062137d866d11be4ba3f0151f07bd4e97d62ecc645e143a60f1c6edc76609077909826151e2b42bf005007e8b0db51662de6d87c41cd3ade010e9468bda6f82881eb8c9cfa72bba6708eecc952a3fd2c46f3c1cde71a19d1a2982492a210e00d2bfea3b8d188df2eff8d56aaae7d32a2e183722537395019f02ec4b85f6aad7faca088de9b26797a8446b16c28d85f225992dbdd5bb01ba51508951c7a7d6ca0916c3a12912715649c2b1c7192a4251b59d378d0616a48c7957e122665c8b7e89eddfc3783f6c9129a7c5f8ee5f50579e2f638f7eb12f63be72a3d817b324d6e417b1c2cbfdcada0a16e31790e26cf101000500496ee2782224cf30f810da86cf1a3204f4c9404f5d7321a4fefc4d1c9139ca4b65b99909950000006b4207e6078625cb2717e21f8f187b1866108b6e8c71e26032176066599783568628f0309c3afa716d3706e1fa89917e131f4034a8383e99c3568fd04201b37cd92ca6d2676bef8310f7032775cfd75652f87b039d543000000000000000008ce31344b554aca78a00000000000000e63a0dba7f6b25e8d5e40a3a571a5dfde3b4dca2d38a9c0ea7b5bcd49f977c609915c7601080d10b96af1eb55922b2ad13a0eeefae505f4535cd9dc69fbab92150c7e74e5c5b051ddf6399b0d00eee5c3afee38cdc55b8d3fbbe210bdec686a23503f4a5f5734a9e204dbc327ec8f9851d273fa07369c419942509198605ff2781f4d2d4685d762d4764f7ff762e09116946137b7ab812a2d408b57206093eea233054c6aa08bffc8a076d476bc28fc21d5297997a7c71f38ee2d7102d0a7bea32f51aba25da0f72b895ec90882f56730236b30e656a1ab2fcb80df49afa05d8c9d5bdc3c1feed5c593a5d84825df543749d993a58"], &(0x7f0000000340)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x8, &(0x7f0000000000), 0x8, 0x10, &(0x7f0000000100), 0x10, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x94)
add_key$keyring(&(0x7f0000000080), 0x0, 0x0, 0x0, 0xffffffffffffffff)
r2 = syz_open_dev$MSR(&(0x7f00000001c0), 0x0, 0x0)
read$msr(r2, &(0x7f0000019680)=""/102392, 0x18ff8)
ioctl$VIDIOC_QUERYCTRL(0xffffffffffffffff, 0xc0445624, &(0x7f0000000040)={0x64e4ad8f, 0x2, "f256ff5141a2c4847732eb158006fd12ce52de20d2df3345c6b45b8c11c0bf30", 0x3, 0x2, 0xfffffffc, 0x0, 0x4f})
connect$inet6(0xffffffffffffffff, &(0x7f0000000100)={0xa, 0x0, 0x0, @mcast2, 0x5}, 0x1c)
tgkill(0x0, 0x0, 0x1a)
syz_init_net_socket$netrom(0x6, 0x5, 0x0)
r3 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0)
ioctl$KVM_SET_MSRS(r3, 0x4008ae89, &(0x7f0000000200)=ANY=[@ANYBLOB="0100000000000000d90100000000e8ff03"])

1.36863074s ago: executing program 5 (id=1663):
prlimit64(0x0, 0xe, &(0x7f0000000040)={0x8, 0x420000008b}, 0x0)
sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x7)
r0 = getpid()
sched_setscheduler(r0, 0x2, &(0x7f0000000200)=0x7)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={<r1=>0xffffffffffffffff, <r2=>0xffffffffffffffff})
connect$unix(r1, &(0x7f0000000180)=@abs, 0x6e)
sendmmsg$unix(r2, &(0x7f00000bd000), 0x318, 0x0)
recvmmsg(r1, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000200)=0x4)
r3 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000200)={0x18, 0x4, &(0x7f00000002c0)=ANY=[@ANYBLOB="18010000000000000000000000000000850000006d00000095"], &(0x7f0000000100)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x2, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x90)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000080)={&(0x7f0000000000)='sched_switch\x00', r3}, 0x10)
syz_open_dev$sg(&(0x7f0000000140), 0x0, 0x4001)
bpf$BPF_BTF_LOAD(0x12, &(0x7f00000000c0)={&(0x7f00000003c0)=ANY=[@ANYBLOB="9feb0100b7010000000000000c0000000c000000020000000300000000006b68bb60888b26f177a5c400050000000000000fd4839109000000000000000b7cc741a736314f5c70eddbdc50808ec40912e1c373b39d92d7f9828786c16d4e17935be780b501561fb8b59bfa24b596de94b4c46b24a6e009e8d7d519d1956ea59bac26e284c195b3"], 0x0, 0x26, 0x0, 0xa, 0x0, 0x0, @void, @value}, 0x28)
r4 = syz_io_uring_setup(0x82e, &(0x7f0000000300)={0x0, 0x0, 0x10100}, &(0x7f0000000100), &(0x7f0000000080))
io_uring_register$IORING_REGISTER_PBUF_RING(r4, 0x16, &(0x7f0000000380)={&(0x7f0000001000)={[{0x0}, {0x0}, {0x0}, {0x0}]}, 0x4}, 0x1)
bpf$PROG_LOAD(0x5, &(0x7f0000000200)={0x0, 0xe, &(0x7f0000000a40)=ANY=[@ANYBLOB="b70200000d000000bfa300000000000005000000000000007a0af0fff8ffffff79a4f0ff00000000b7060000ffffffff2d6405000000000065060400010000050404000001007d60b7030000000000006a0a00fe00000000850000000d000000b7000000000000009500000000000000496cf27fb6d2c643db7e2d5fb4b0936cdf827fb43a431ca711fcd0cdfa146ed3d09a6175037958e27106e225b7937f02008b5e5a076d83923dd29c034055b67d5b310efcfa89147a7fb0a93d035f2f206d2ef831ab7ea0c34f17e3ad6eecbb622003b538dfd8e012e79578e51bc53099e90f4580d7be3e8c254a5cba117cbdb9cd38bdb2ca8e050000003a14817ac61e4dd11183a13477bf7e060e3670ef0e6a9f65f1328d6704902cbe7bc04b82d2789cb132b8667c214733a18c8b6619f28d996d60a17e3c184b751c51160100000000000080148b9a31ee8dc8b544f3c4a532e60a0ac346dfebd31a08060000000200000000000000334d83239dd20100008000000000d858e8327ef01fb6c86acac12233f9a1fb9c2aec61ce63a38d2fd50117b89a9ab359b4eea0c6e957bc73ddc4eabba08a406f99f7b1e1ad828267d4eadd3964663e085354133f7130856f756436303767d2e24f29e5dad9796edb697a6ea0183babc190ae2ebf8aad34732181feb28cb0bae7c34dc5e7c805210600000000000000c3dec04b25df45d4f71ab158c36657b7218baa07a99bd50499ccc421ace5e845885efb5b9964e4beba3da8223fe5308e4e65ee93e107000000f8ddebf70132a4d01776839b8eccf707882042e716df9b57b290c661d4e85031086197bcc5cb0e221a0c34323c129102b6ff0100002e88a1940b3c02ed9c92d6f64b1282dc51bb0015982730711c599e1c72ffa11ed8be1a6830d7507005154c46bd3ca96318c570f0721fc7aa2a5836ba99fe1f86468694f22cdf550ef091a78098534f0d973059594119d06d5ea9a8d0857382ec6e2a071474cfc12346e47ad97f4ead7cf70a9d1cdac944779dc08a705414888700a30e2366c6a06b3367a389ca39059787790017b0689a173db9c24db65c1e00015c1d093dab18fd0699fe3304000000323e9c707fe81436b024c2574980397bc49d70c060d57bc88fbe3bbaa058b040362ab926150763fb099408885afc2bf9a46a076b7babfcddeff8c35030669ea69f5e4be1b8e0d6697e97186f9ae97d5670dba6623279f73db9dec75070cd9ab0fda6b069ef6d2857ca3e4e6068f1bf710d133d541da86e0477e4a6cc999dc21c3ef408e6b178e7c9f274d7fafc8d757d33dfa35aa2b2ff7f9a7d365e63845f3e1092f8dde8af3904ea0f4b82649b83ed4fa0f873339c4cadecc13219ba7518aa4f7db34ead13484742067ab743c1d82a5687f2ed690000010000000000000000000000000000000000000099d4fa0000000000003f0ecdc7c82e72919c91d2039afe17e95edef8ba72205beff7771bcb293747b88486cacee403000000a2919a4b09e168e4e4d5ff2ed893f2e314679fa69fc7e0cf761f91b18725704a01c56009a9f748e5aaf30a10bd8c409b1870c1f75e26b45264e3d3f8e0048e55ae289c2f884d0766cddc76eb7f601110ff39053c262279f4ef00fbdb8c328615a9ec84f27a9f3938ae736138b8c1ec220c1540bf3d162dc1c27fa30f0dc60b9f257db5d1c7ed2efce676a93110904d5e055af44664b53c764d61443f73552195c7ccfbf9f03c44432eaa3b7501d4239354da8de21eada75d3a3afb2c76ff0700007976694b6a0f0e946766f57544ff52cef0dd811bec4e3c0a30f2d7d19d26d201721b8eded3bc475958dd498ee2b2d6146e33fc0de1dc2e0516ac565ddb1d4ae89e671282a2d3066ac968c7d7d7db195f255b1b4a85eb9ee0a3b68c9e209756623adf685dd715d68ed1274b4d5502f512493af8f98c615cac3666c58f785c3f758be352a71871d5c081197d37980e4f4e26b5476fb20407ff7098b7174bef66fa03a99b5c0c20b378065fac4ef9ac2d0d804b9400000060e5d3f1749f6aecf69ba83a71caa9bdddc679f1b826f74b6563a4be1fd82b73c8c2bc65f63982"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x90)
r5 = bpf$BPF_BTF_LOAD(0x12, &(0x7f0000000200)={&(0x7f0000000280)=ANY=[@ANYBLOB="9feb010018000000000000000c0000000c00000004000000020000000000000f0400000000005f"], 0x0, 0x28, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x20)
bpf$MAP_CREATE_CONST_STR(0x0, &(0x7f00000005c0)={0x2, 0x4, 0x4, 0x1, 0x80, 0xffffffffffffffff, 0x0, '\x00', 0x0, r5, 0x0, 0x1, 0x0, 0x0, @void, @value, @void, @value}, 0x50)

250.354592ms ago: executing program 5 (id=1664):
prlimit64(0x0, 0xe, &(0x7f0000000040)={0x8, 0x420000008b}, 0x0)
sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x7)
r0 = getpid()
sched_setscheduler(r0, 0x2, &(0x7f0000000200)=0x7)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={<r1=>0xffffffffffffffff, <r2=>0xffffffffffffffff})
connect$unix(r1, &(0x7f0000000180)=@abs, 0x6e)
sendmmsg$unix(r2, &(0x7f00000bd000), 0x318, 0x0)
recvmmsg(r1, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000200)=0x4)
r3 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000200)={0x18, 0x4, &(0x7f00000002c0)=ANY=[@ANYBLOB="18010000000000000000000000000000850000006d00000095"], &(0x7f0000000100)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x2, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x90)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000080)={&(0x7f0000000000)='sched_switch\x00', r3}, 0x10)
syz_open_dev$sg(&(0x7f0000000140), 0x0, 0x4001)
bpf$BPF_BTF_LOAD(0x12, &(0x7f00000000c0)={&(0x7f00000003c0)=ANY=[@ANYBLOB="9feb0100b7010000000000000c0000000c000000020000000300000000006b68bb60888b26f177a5c400050000000000000fd4839109000000000000000b7cc741a736314f5c70eddbdc50808ec40912e1c373b39d92d7f9828786c16d4e17935be780b501561fb8b59bfa24b596de94b4c46b24a6e009e8d7d519d1956ea59bac26e284c195b3"], 0x0, 0x26, 0x0, 0xa, 0x0, 0x0, @void, @value}, 0x28)
r4 = syz_io_uring_setup(0x82e, &(0x7f0000000300)={0x0, 0x0, 0x10100}, &(0x7f0000000100), &(0x7f0000000080))
io_uring_register$IORING_REGISTER_PBUF_RING(r4, 0x16, &(0x7f0000000380)={&(0x7f0000001000)={[{0x0}, {0x0}, {0x0}, {0x0}]}, 0x4}, 0x1)
bpf$PROG_LOAD(0x5, &(0x7f0000000200)={0x0, 0xe, &(0x7f0000000a40)=ANY=[@ANYBLOB="b70200000d000000bfa300000000000005000000000000007a0af0fff8ffffff79a4f0ff00000000b7060000ffffffff2d6405000000000065060400010000050404000001007d60b7030000000000006a0a00fe00000000850000000d000000b7000000000000009500000000000000496cf27fb6d2c643db7e2d5fb4b0936cdf827fb43a431ca711fcd0cdfa146ed3d09a6175037958e27106e225b7937f02008b5e5a076d83923dd29c034055b67d5b310efcfa89147a7fb0a93d035f2f206d2ef831ab7ea0c34f17e3ad6eecbb622003b538dfd8e012e79578e51bc53099e90f4580d7be3e8c254a5cba117cbdb9cd38bdb2ca8e050000003a14817ac61e4dd11183a13477bf7e060e3670ef0e6a9f65f1328d6704902cbe7bc04b82d2789cb132b8667c214733a18c8b6619f28d996d60a17e3c184b751c51160100000000000080148b9a31ee8dc8b544f3c4a532e60a0ac346dfebd31a08060000000200000000000000334d83239dd20100008000000000d858e8327ef01fb6c86acac12233f9a1fb9c2aec61ce63a38d2fd50117b89a9ab359b4eea0c6e957bc73ddc4eabba08a406f99f7b1e1ad828267d4eadd3964663e085354133f7130856f756436303767d2e24f29e5dad9796edb697a6ea0183babc190ae2ebf8aad34732181feb28cb0bae7c34dc5e7c805210600000000000000c3dec04b25df45d4f71ab158c36657b7218baa07a99bd50499ccc421ace5e845885efb5b9964e4beba3da8223fe5308e4e65ee93e107000000f8ddebf70132a4d01776839b8eccf707882042e716df9b57b290c661d4e85031086197bcc5cb0e221a0c34323c129102b6ff0100002e88a1940b3c02ed9c92d6f64b1282dc51bb0015982730711c599e1c72ffa11ed8be1a6830d7507005154c46bd3ca96318c570f0721fc7aa2a5836ba99fe1f86468694f22cdf550ef091a78098534f0d973059594119d06d5ea9a8d0857382ec6e2a071474cfc12346e47ad97f4ead7cf70a9d1cdac944779dc08a705414888700a30e2366c6a06b3367a389ca39059787790017b0689a173db9c24db65c1e00015c1d093dab18fd0699fe3304000000323e9c707fe81436b024c2574980397bc49d70c060d57bc88fbe3bbaa058b040362ab926150763fb099408885afc2bf9a46a076b7babfcddeff8c35030669ea69f5e4be1b8e0d6697e97186f9ae97d5670dba6623279f73db9dec75070cd9ab0fda6b069ef6d2857ca3e4e6068f1bf710d133d541da86e0477e4a6cc999dc21c3ef408e6b178e7c9f274d7fafc8d757d33dfa35aa2b2ff7f9a7d365e63845f3e1092f8dde8af3904ea0f4b82649b83ed4fa0f873339c4cadecc13219ba7518aa4f7db34ead13484742067ab743c1d82a5687f2ed690000010000000000000000000000000000000000000099d4fa0000000000003f0ecdc7c82e72919c91d2039afe17e95edef8ba72205beff7771bcb293747b88486cacee403000000a2919a4b09e168e4e4d5ff2ed893f2e314679fa69fc7e0cf761f91b18725704a01c56009a9f748e5aaf30a10bd8c409b1870c1f75e26b45264e3d3f8e0048e55ae289c2f884d0766cddc76eb7f601110ff39053c262279f4ef00fbdb8c328615a9ec84f27a9f3938ae736138b8c1ec220c1540bf3d162dc1c27fa30f0dc60b9f257db5d1c7ed2efce676a93110904d5e055af44664b53c764d61443f73552195c7ccfbf9f03c44432eaa3b7501d4239354da8de21eada75d3a3afb2c76ff0700007976694b6a0f0e946766f57544ff52cef0dd811bec4e3c0a30f2d7d19d26d201721b8eded3bc475958dd498ee2b2d6146e33fc0de1dc2e0516ac565ddb1d4ae89e671282a2d3066ac968c7d7d7db195f255b1b4a85eb9ee0a3b68c9e209756623adf685dd715d68ed1274b4d5502f512493af8f98c615cac3666c58f785c3f758be352a71871d5c081197d37980e4f4e26b5476fb20407ff7098b7174bef66fa03a99b5c0c20b378065fac4ef9ac2d0d804b9400000060e5d3f1749f6aecf69ba83a71caa9bdddc679f1b826f74b6563a4be1fd82b73c8c2bc65f63982"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x90)
r5 = bpf$BPF_BTF_LOAD(0x12, &(0x7f0000000200)={&(0x7f0000000280)=ANY=[@ANYBLOB="9feb010018000000000000000c0000000c00000004000000020000000000000f0400000000005f"], 0x0, 0x28, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x20)
bpf$MAP_CREATE_CONST_STR(0x0, &(0x7f00000005c0)={0x2, 0x4, 0x4, 0x1, 0x80, 0xffffffffffffffff, 0x0, '\x00', 0x0, r5, 0x0, 0x1, 0x0, 0x0, @void, @value, @void, @value}, 0x50)

0s ago: executing program 4 (id=1665):
mkdirat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000000)='./cgroup.cpu/syz1\x00', 0x1ff)
pipe2$9p(&(0x7f0000000000)={<r0=>0xffffffffffffffff}, 0x0)
mkdirat(0xffffffffffffff9c, &(0x7f0000000000)='./file0\x00', 0x0)
mkdirat(0xffffffffffffff9c, &(0x7f0000002040)='./file0\x00', 0x0)
mount$bind(&(0x7f0000000c40)='.\x00', &(0x7f0000000200)='./file0/../file0\x00', 0x0, 0x101090, 0x0)
mount(0x0, &(0x7f0000000d40)='./file0\x00', 0x0, 0x100000, 0x0)
pivot_root(&(0x7f00000005c0)='./file0/../file0/../file0\x00', &(0x7f00000001c0)='./file0\x00')
mount(0x0, &(0x7f0000000140)='./file0\x00', &(0x7f0000000040)='cgroup2\x00', 0x0, 0x0)
open(&(0x7f0000000100)='./file0\x00', 0x0, 0x0)
umount2(&(0x7f0000000040)='./file0\x00', 0x4)
r1 = creat(&(0x7f0000000100)='./bus\x00', 0x0)
splice(r0, 0x0, r1, 0x0, 0x16, 0x0)
setsockopt$IPT_SO_SET_REPLACE(r1, 0x0, 0x40, &(0x7f0000000a40)=@mangle={'mangle\x00', 0x1f, 0x6, 0x490, 0x1d0, 0x360, 0x360, 0x1d0, 0x1d0, 0x3f8, 0x3f8, 0x3f8, 0x3f8, 0x3f8, 0x6, &(0x7f00000000c0), {[{{@ip={@rand_addr=0x64010101, @broadcast, 0xffffff00, 0xffffffff, 'caif0\x00', 'wg2\x00', {}, {0xff}, 0x6c, 0x3, 0x2}, 0x0, 0x98, 0xc0, 0x0, {}, [@inet=@rpfilter={{0x28}, {0x3}}]}, @ECN={0x28, 'ECN\x00', 0x0, {0x20, 0x3}}}, {{@uncond, 0x0, 0xe8, 0x110, 0x0, {}, [@inet=@rpfilter={{0x28}, {0x2}}, @common=@osf={{0x50}, {'syz0\x00', 0x0, 0x2, 0x0, 0x2}}]}, @TTL={0x28, 'TTL\x00', 0x0, {0x3}}}, {{@uncond, 0x0, 0x98, 0xc0, 0x0, {}, [@inet=@rpfilter={{0x28}, {0x5}}]}, @unspec=@CHECKSUM={0x28}}, {{@ip={@multicast2, @broadcast, 0x0, 0xffffff00, 'team_slave_1\x00', 'veth1_to_team\x00', {}, {0xff}, 0x88, 0x3, 0x2}, 0x0, 0x98, 0xd0, 0x0, {}, [@inet=@rpfilter={{0x28}}]}, @common=@inet=@SET3={0x38, 'SET\x00', 0x3, {{0x2, 0x1, 0x1}, {0x0, 0x5, 0x4}, {0x1, 0x5}, 0x8000, 0x1}}}, {{@ip={@loopback, @dev={0xac, 0x14, 0x14, 0x40}, 0xffffffff, 0x0, 'bridge_slave_1\x00', 'ipvlan1\x00', {0xff}, {}, 0x29, 0x2, 0x22}, 0x0, 0x70, 0x98}, @inet=@DSCP={0x28, 'DSCP\x00', 0x0, {0x32}}}], {{'\x00', 0x0, 0x70, 0x98}, {0x28}}}}, 0x4f0)
r2 = openat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000000), 0x200002, 0x0)
r3 = openat$cgroup_int(r2, &(0x7f0000000080)='cpuset.sched_load_balance\x00', 0x2, 0x0)
writev(r3, &(0x7f00000009c0)=[{&(0x7f0000000400)="c8d00b720228f5012385d9a758946acfe1218ae0925bf9016a14e7f4456b6d3c3ce0dca2e8d95dbfabf68f597dc826eddf07c0cbf509d685a987db536b71dc900d15a92fe2c71ec86d046e99e163b107554eb2f2f056f40603d46d76b3b98c3e0d4d7eb709dbdc8e6cceede1d646c2fb822af7a8628a48072c43367bccb3931c280ba95d0d81862463f7333dfc0873734ec3dc1358e183d020a6dbd9f75eb3659aeb642478c0b1607a9b25d1f30bee4d4cc9b8b70f13b6e7cc24156c621d8488c47e", 0xc2}, {&(0x7f0000000280)="6ce0b696d2206483cc6a254ec61455573103d3c3213bdcf85311e54f55ccd724416874b8d879276b43d42961625f64a9a53be1a622835c5d6a0ced67e4dd0447876c0728fdc628babd9095c98139cdcd8051f3276602c3d8", 0x58}, {&(0x7f0000000380)="9088ec3e08111ec5241d8acb086a974ae1f7e396bc5a03a1c4c06111b7728fa98e3b7a6fc21a", 0x26}, {&(0x7f00000005c0)="77ce6e8aee5dc1160da47266694a0337a9ac08cf5644f644fac0e5c30b6beb600af84957ab46e8d00e9513ba5ad8ad4831517f4bab47fd9363a16b39722e63d1969f7bbda0f8cd224eaf12217326ba37ec34341e97ccbe0ee1114837dbf6ac6452ed", 0x62}, {&(0x7f0000002a80)="1740b0a8f21b2359c78a87d3405a031cc3f074b4cb17c768562aadfa46a2d00d3cf5fac77452df0b30ac788c01ed18690e2251a858bf18369ad9d08d1241e01343946a662b6362b54ea3479c5b749a2560e585251c09f04028b1fae9b5cdbb24211d6b5910eb84e98d862e57553db1332dc777742083e65c8d11b7172442bc1b4ba5b534bcf3c32f748d0e94f506a034508be5e7d7ab618607e4a1517ecdce0f7910bebef858c8f2cfcf11fa3beb9583b02591217fa79a5c6a6e881051059c39252517cfdb5340bc0cd5ff48fe3eb4c5e783c8adb17ded171983a3d88ace4872982605532e97740ff7d8ebacea0bec993005e2cc7e92da403c93bfa6861697cf9e220cc1d3029f2ce1f980d2c8a096d4f4248e2f5ffbf700e7335975b517a0c618461b6b5c2ea1106f836de375135664296500a42582d3663093a3abcafef68cdd5de52dbbb1a19b07ba7fab6709a09478dd7fce8aa4241315c93f6c6e4f7f8972adae3ddc2b1da727f4d5105517eb40ade69bfaf0685865a023594ebbd8091b587b8e8cca77b5ea2f5032f3f41d96ce019afb820be0342ca32d6688bb614a745eb2ed444b80509d68ad0625addb37dbfde0f59cc340e035f9f8ccd822f5a926187aa7caef4d27ec5092d48bd329366e60b6ae040de3645f8131f28a1306a84c10c87bac436ed7f0b9de4405e94141d81b276280c2f1b270ac5a50ba1b74f94a5b4712873ee5fc2443733d6cae556cdcc6e31dcda6960d0b184203791b204bddbcc53323421955cfad3064aaf500c2e8c4aba9bcd795a0d073401a0c5f32b44e314bb3b0b646f5f9206880d7e0e895c24aec3ef776f38d98486c0d6d88afbfb8d4288671eaaefdeb9e9d9d7fc6726c437ae7617a54a49373d1d4ef1cb226242835a7ad104dcf74881119af5b3bd341173ea924e74be2ad4fc3ffde4434d430d9636b0127e66d9583d0eacac1fc5686aa5ae3d70a4e3cc1784e6297bcf2690059f8683a068848296dbb274f2115d428d6ee8feec74ed6a9b5fd07a9f9ce9045811316ea6af8d113d9ec90c5e890b43bf9d7f5b05257a5f4dfd45a2fc2d2b851bbe8dae65bd98be3813fbd558ba5b1f7a970ec68922ed9416693cc838e724b8f9102deb2f820e7531ae0178a01b7d0e633608572e5a130316f535108ee793d725b0ec9fed8534ca598a85eed04184bcce454141831439186328de00e06ed78b834e557ad12fa15206e91c83ed60d1e83b4dd6257e56de1afe41ef71352966739858a9552bea8f6b502f73eb8642f098a4e8d364bd2922035a41cb4c47a59315f1f7424d6e099ed7eb40a43ab464dd569a9b7e3398ccb0b80ab4c0f5638117cdff9580821b4356be3e86d2473ecd4dda9ad4094632b6ee0adca9015750af91fef81527c1bb83e03c0d9062ffa9e16645e461c0f98f54a2dfdb6065318814ada2999abc53afcd3a8425c8cdb7fdd9d0a934e9cde76a99bb9c0dd790c9677814fd70f2317b758e056c692f9675857b8a8b9ef47b0e2c0dc8547d54bd3a29e08601cf6fcdb32b5537921ea4e9756f130bb158e82714ac1c905bd51f2f91808781195282b679b56163fb6caa5cb4cbd5c5a547f18022454a8072038b1954159f659fb407911869affc3b15c1583a20853594ffd3033522a5449c72843114b1797e357bc9941e70219881a560d9d8ca563eff4aa0bb31b4cd32686c62018b033f50d8e3dd13d55243bc8f61e48ea8f1dab7dc059e0b9827659c9dfb5bd5d402513f905de55eda4b0fae269bee34070b1de3b362d2a7663679aec5384d9e5742f72473dc2b11d367f62e0b0cda0d01414d7d185837c83cf8839942091bf239872469e638cb7d6e4fef2c5277c04c82eac4ca925c59f12de062e890bc399a36126e7fd29cd05311adb91ef5e346510bc3252435af3ebac2e895b4858f6457d5928a98176fe6968cc234cad87fc0f4885beba70bb061594f9ca3058a649962959be08eceb575dcbfb453cfb2101503b96f929dc8d5cc5ebf628cb303204ad1d721b45c6b45ec72f0ca676f9e26f873016636364c8acd1b1722a94a0baa8361ba47a1d1b24d901b9c51562f494178f5eeebe5278c16ba02922c206eaad15155c3c2685e4024aef33772b6c0eccd7f376c2702f9e479215a0c036d130878573a8bac9e23e5bab510156fc5519a15ec8842bc105dbf0f5a5ebaa028ae38bfddcf7092591b7cadd8b9d3804f41c7d8eb532106c4fef4ca3201a0153df9f8fb7917ad327cb3b2a7741bbca1d0aef6312f39441778a464445dc9e2765088fa665877d92060d7bdc06b826a901319da5e5d1c55bf7333dd012dcdf1268dd0d8a0009a6c0060d917fdf1dccecda20f7ea9fb1ee801266c1dc3307408bd8cb83d16dd5f2d99e5945d38938f7a14aa1ec1a809b040fa3d75b5436d011f1d6ac334ad569a0398e75f98df4136c0889694a6a5f7383d900d4729b3cdc260d6e1d832c45acd1b8e4184eb83b7c26c42285b747c299b8648f7fd4e2337e415ecc7533370fe93f8d5954875be1d3fca3dabfec869422004d1eb8d6e9665f6d4e2a22dbe0c17678b720cf9319c232fa10e5ca8101d3e76c15b4a35110ab970e1492ced4d23aebf658246655cea191c4cafc36485e73f8012cb263026955eea52365095d733cf767c4b4bfc808f563131e8a45b85c47359b9269d792fe598a87afe296522f65096937a19697c987e9c1de042d04898ec937520cb033571ff1fcd21b632bbb84421214670f908fe265221b1dc82ab7367e92242ce2b438bf356681fd93fae260fef52db8244e59bd9e9d343d8333305a1dee5ff3fe30ffa2880d3639e210930189cd41e1ecc0caf807d86c496a3f857c8143cae1c1a5aa7e26734e9052b7bbf5df0bd4aa553433a9628ae7d4c557a3be3fffa2f1be1c332c934626377a7994bdb0c67a6b39dcb0eb1f2483b11eb7f36f2064370a9991feb9ec55bc16d07796172f23929b98a69b00df0e3980a09aacc5b0ad6687c3aee8e34252fb9c2cbdced11bb3cb0ef0beaebb5745a1797eabbc3bc02229c990afbdade10d15a96dd0b5393f3ec12320a2708af7c38ca4ff13e1e4971ad68790e23be9a2ea14bda4bdbc1b099d5f1e47dbab99dbbb1adc0ac73dae1984899fad54d66b818c8824ac6e8f3fb4109831a7bebaf1e5df68b39a38dfb4255aed60f5f560369db105114b0d343900ddf46d857e0f1c6f75e75630cdaf44f009e0a8a3c9f4d13893b037cd3bac5b6e5be22426942ee376c8bdf07c6d3856f9efaeab05aa6a03bb54619308102d0c5f798d18ea4b1146989cd09081e5d908408ac74fded5198d112d93a0344bfda040d849505852cc7be0b17741cd173a30cf94b3126f7ad919413edaafb4d7a995053e07bb0f1e8fbce0e52dba88b352f1d169d184e5d9250e28a570c4555f6c32b47843f85da972f0a8f2f3df2b6ea49da554f36574314e07980b555a78d14ecddaf03e3ddc5f83ccad6de64a060230b41c354fc320b130993eff21243a7e033516dd384967b64a397e9f16cedc09b5c5da467970c4a618457894c1fe05ca9ee91e5cfb83f7bf7c49f87bb53316d59cfe7053e9a5a0dc9e011941904b82eb51f2560571f03832ab59f454b0786285712aed9387c4d85f53644af8c551ea5fcd374c26a7d3f95f6809a0f091e4c6386a4afbbe6c8c48eaee9a54cfd6b2a015e762d6826bb410a8cd20657e77fddfbac77ee30bba0bf603d1f3ee2f41caf9890c1a3ba33e0946a3243ca42912a0075896e994a830c6d7424a2302061da7331d7103b84cd50b6195c54532ab568f7b49ce8d97ec82dc8a5c635f456408c357c286d4c138ef8c0b10322e16d28cf5f42597ff7a417801ebc443c51fa9091308d4d34c68e8443f82cf6c87dfe079a0cff6bac3573fa7c8f925642b479449849e9242f4049c6a9a12343010080538c012e6ae3603f5e48c6532a81e340c3959f0d2f0a69bd07131804b757abd331e9b12c09a6b76e0a41f440f9e2ce67c785ce7f2c4253a86c42f8393503943b2ab608aca13f39139879dc85a9606baa602ddf1fb726b28ef2bf20b58075d0f3b260680505ad76bb62a0f7d047a06b416b645388b1535dac62fe0a025e647bbac1fbe3732e00609ea4f44b4b1a6df9005bc1ab03464f66222c01b12e989e2bfd3979f8d0c26b18d7f9cb3e07a23d673c64c8bda78e90f66e13dda2f56d74410bda6d6db92f25569744a5f07e42a736cf18140cd9eba9c3e82fc871f7b8123ab4c6391c65bc6a5b53a6c2919a7dd952d4fa4ceff3c296f3c9a3805726b150c1d3a7474f2432fe849f701dfcc603bc81b5d60b19260b389264232c0ebe9ff568b1b57405b21870ddbea9392e2b1e5b479de57591915f5b049ae2a0cd58e481dccfd4a55659cb79f6cb4f689d59cd8c9cd05b1b12a28b331508dbc7e5c45a48e8270d918b28ef9e3be1195cccea959209fa086a9f2d242b1dddda66342285e6e5b648f18caaab603c8618a0840f389304081fd0a1d056a2c2cb1bd49a41dbb47cf22e983531b7e5fb4cfaf08050083ddb2968637b4746efc34f934ad5cae9b8854eac32b45a1f7cd1a20ec33dd0049c6735187a05fe8ac2df9a87e91032b20ce9c7e91889864874f446e49d4ca6a9e832ac8f497af385e7ef28b45cdbfdeed104183df2017cec9c05cbe77c361d5cb5b7126fecb367818f12139830ceffe8e529ba85355d629602eca9f441d852faf1fff952e60142f6deff5202a15614f39c495f37e2750d4d94cf0f077233139b990b11581e9e8a891bc3bd64f08bd05ace0ce06c6c397d95eb627341a22b10564d89bbbcacaeaa23494b33043151744241654be3b98698c3db89181fcea73e15445ebd3c1760a8ecff0898d900e9c902dcde2ebe288d431f8fc66b44f86a43a2375edd1ffdb7ec587a64fe0c1ba610c5d9218d89c06870e4cdab35e09b1b2d6b44f9e0b30fbb75ad7d1934a018c58c44805739310bed340eeb51849ed3342a90bb1d4599942bcfd5aea7104895bbd544c5e57c16881a3d5e9ecfe8f3e2647e2b560d68d0eb99901dd2fa19999a619381adb1818fdd95e28ce82666c998af11972fb431de821f391c59eb1c627649906525a6c6227f5bbdbd52329624a43bd3fe466143ac17e63794315e729f5e98f4746d7cb268a742d1791dbb43db51c69f9cec83e2fb758244b6284f859f5060bb15b", 0xe5f}], 0x5)
socketpair$nbd(0x1, 0x1, 0x0, &(0x7f0000000180)={0xffffffffffffffff, <r4=>0xffffffffffffffff})
ioctl$SIOCSIFHWADDR(r4, 0x8994, &(0x7f0000000900)={'bond0\x00', @random="0600002000"})

kernel console output (not intermixed with test programs):

 1-1:0.0: non-zero urb status (-71)
[  346.642206][    C0] radio-si470x 1-1:0.0: non-zero urb status (-71)
[  346.648666][    C0] radio-si470x 1-1:0.0: non-zero urb status (-71)
[  346.655152][    C0] radio-si470x 1-1:0.0: non-zero urb status (-71)
[  346.664903][    T9] radio-si470x 1-1:0.0: probe with driver radio-si470x failed with error -22
[  346.681139][    T9] usb 1-1: USB disconnect, device number 26
[  348.893928][ T9997] openvswitch: netlink: Actions may not be safe on all matching packets
[  349.045351][T10001] netlink: 'syz.3.1020': attribute type 10 has an invalid length.
[  349.236199][T10001] bond0: (slave wlan1): Enslaving as an active interface with an up link
[  350.116633][T10033] netlink: 8 bytes leftover after parsing attributes in process `syz.4.1023'.
[  352.225658][T10056] fuse: Bad value for 'user_id'
[  352.258948][T10056] fuse: Bad value for 'user_id'
[  352.594610][    T8] usb 5-1: new high-speed USB device number 37 using dummy_hcd
[  352.817395][T10069] kvm_intel: kvm [10063]: vcpu0, guest rIP: 0xfff0 Unhandled WRMSR(0x1d9) = 0x20000303
[  352.939388][    T9] usb 4-1: new high-speed USB device number 38 using dummy_hcd
[  352.947183][    T8] usb 5-1: device descriptor read/64, error -71
[  353.092825][T10070] openvswitch: netlink: Actions may not be safe on all matching packets
[  353.309962][    T8] usb 5-1: new high-speed USB device number 38 using dummy_hcd
[  353.739438][T10079] iommufd_mock iommufd_mock0: Adding to iommu group 0
[  353.895481][    T9] usb 4-1: New USB device found, idVendor=0bed, idProduct=1100, bcdDevice=ec.c3
[  353.905664][    T9] usb 4-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  353.915245][    T8] usb 5-1: device descriptor read/64, error -71
[  353.941335][    T9] usb 4-1: config 0 descriptor??
[  353.971605][    T9] cp210x 4-1:0.0: cp210x converter detected
[  354.037940][    T8] usb usb5-port1: attempt power cycle
[  354.246608][ T5872] usb 1-1: new high-speed USB device number 27 using dummy_hcd
[  354.447681][    T8] usb 5-1: new high-speed USB device number 39 using dummy_hcd
[  354.527693][T10089] netlink: 8 bytes leftover after parsing attributes in process `syz.2.1041'.
[  354.650968][ T5872] usb 1-1: device descriptor read/64, error -71
[  354.790049][    T9] cp210x 4-1:0.0: failed to get vendor val 0x0010 size 3: -32
[  355.571371][T10054] Process accounting resumed
[  355.584763][T10054] kernel write not supported for file /asound/timers (pid: 10054 comm: syz.4.1031)
[  355.662398][    T8] usb 5-1: device descriptor read/8, error -71
[  355.724924][ T5872] usb 1-1: new high-speed USB device number 28 using dummy_hcd
[  355.801661][T10106] netlink: 32 bytes leftover after parsing attributes in process `syz.5.1044'.
[  355.877307][T10106] netlink: 32 bytes leftover after parsing attributes in process `syz.5.1044'.
[  356.597942][ T5872] usb 1-1: device descriptor read/64, error -71
[  356.604380][    T9] cp210x 4-1:0.0: failed to get vendor val 0x000e size 678: -71
[  356.612199][    T9] cp210x 4-1:0.0: GPIO initialisation failed: -71
[  356.624986][    T9] usb 4-1: cp210x converter now attached to ttyUSB0
[  356.633394][    T9] usb 4-1: USB disconnect, device number 38
[  356.656594][    T9] cp210x ttyUSB0: cp210x converter now disconnected from ttyUSB0
[  356.672318][    T9] cp210x 4-1:0.0: device disconnected
[  356.904528][T10117] netlink: 209852 bytes leftover after parsing attributes in process `syz.5.1047'.
[  356.938500][ T5872] usb usb1-port1: attempt power cycle
[  356.949787][T10117] openvswitch: netlink: Tunnel attr 0 has unexpected len 0 expected 8
[  356.996354][T10120] openvswitch: netlink: Actions may not be safe on all matching packets
[  357.224431][T10110] kernel write not supported for file /asound/timers (pid: 10110 comm: syz.4.1045)
[  357.248543][T10127] netlink: 428 bytes leftover after parsing attributes in process `syz.0.1051'.
[  357.511805][T10127] netlink: 32 bytes leftover after parsing attributes in process `syz.0.1051'.
[  358.264171][T10142] netlink: 12 bytes leftover after parsing attributes in process `syz.0.1054'.
[  358.447687][T10148] netlink: 8 bytes leftover after parsing attributes in process `syz.3.1053'.
[  358.556192][T10152] dummy0: entered promiscuous mode
[  358.566934][T10152] team0: Device macvtap1 failed to register rx_handler
[  358.580715][T10152] dummy0: left promiscuous mode
[  358.604993][ T5872] usb 3-1: new high-speed USB device number 27 using dummy_hcd
[  358.779210][T10145] kernel write not supported for file /asound/timers (pid: 10145 comm: syz.4.1052)
[  358.857161][ T5872] usb 3-1: config 0 interface 0 altsetting 0 has an invalid descriptor for endpoint zero, skipping
[  358.896310][ T5872] usb 3-1: config 0 interface 0 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 21
[  358.944550][ T5872] usb 3-1: New USB device found, idVendor=047f, idProduct=ffff, bcdDevice= 0.00
[  358.954171][  T969] usb 6-1: new high-speed USB device number 4 using dummy_hcd
[  358.974380][ T5872] usb 3-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  359.071041][T10159] netlink: 'syz.4.1058': attribute type 1 has an invalid length.
[  359.080434][T10159] netlink: 512 bytes leftover after parsing attributes in process `syz.4.1058'.
[  359.155705][ T5872] usb 3-1: config 0 descriptor??
[  359.192582][T10158] kernel write not supported for file /asound/timers (pid: 10158 comm: syz.4.1058)
[  359.218029][ T5872] usbhid 3-1:0.0: couldn't find an input interrupt endpoint
[  359.461729][T10178] syz.4.1062 (10178): /proc/10177/oom_adj is deprecated, please use /proc/10177/oom_score_adj instead.
[  359.719244][  T969] usb 6-1: New USB device found, idVendor=0bed, idProduct=1100, bcdDevice=ec.c3
[  359.735583][  T969] usb 6-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  359.781397][  T969] usb 6-1: config 0 descriptor??
[  359.803872][  T969] cp210x 6-1:0.0: cp210x converter detected
[  359.813479][T10189] openvswitch: netlink: Actions may not be safe on all matching packets
[  359.844008][T10177] kernel write not supported for file /asound/timers (pid: 10177 comm: syz.4.1062)
[  359.935170][T10192] netlink: 4 bytes leftover after parsing attributes in process `syz.0.1060'.
[  359.964803][T10192] batman_adv: batadv0: Interface deactivated: batadv_slave_0
[  359.976461][T10192] batman_adv: batadv0: Removing interface: batadv_slave_0
[  359.991843][T10192] batman_adv: batadv0: Interface deactivated: batadv_slave_1
[  360.009253][T10192] batman_adv: batadv0: Removing interface: batadv_slave_1
[  360.207121][  T969] cp210x 6-1:0.0: failed to get vendor val 0x0010 size 3: -32
[  361.264362][T10195] kernel write not supported for file /asound/timers (pid: 10195 comm: syz.4.1064)
[  361.285784][T10217] netlink: 428 bytes leftover after parsing attributes in process `syz.3.1065'.
[  361.295813][T10217] netlink: 32 bytes leftover after parsing attributes in process `syz.3.1065'.
[  361.924863][ T8225] usb 5-1: new high-speed USB device number 41 using dummy_hcd
[  362.085146][ T8225] usb 5-1: Using ep0 maxpacket: 8
[  362.092083][ T8225] usb 5-1: config 0 interface 0 altsetting 0 endpoint 0x8D has an invalid bInterval 42, changing to 9
[  362.105750][ T8225] usb 5-1: config 0 interface 0 altsetting 0 endpoint 0x8D has invalid maxpacket 26056, setting to 1024
[  362.143909][ T8225] usb 5-1: config 0 interface 0 altsetting 0 endpoint 0x5 has invalid wMaxPacketSize 0
[  362.183763][ T8225] usb 5-1: config 0 interface 0 altsetting 0 bulk endpoint 0x5 has invalid maxpacket 0
[  362.217209][ T8225] usb 5-1: config 0 interface 0 altsetting 0 bulk endpoint 0x8B has invalid maxpacket 241
[  362.284180][  T969] cp210x 6-1:0.0: failed to get vendor val 0x000e size 678: -71
[  362.317877][  T969] cp210x 6-1:0.0: GPIO initialisation failed: -71
[  362.340548][ T8225] usb 5-1: New USB device found, idVendor=05ac, idProduct=8215, bcdDevice=8d.58
[  362.349785][ T8225] usb 5-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  362.350877][T10246] 9pnet_fd: Insufficient options for proto=fd
[  362.360558][ T8225] usb 5-1: config 0 descriptor??
[  362.370019][T10225] raw-gadget.2 gadget.4: fail, usb_ep_enable returned -22
[  362.379978][T10225] raw-gadget.2 gadget.4: fail, usb_ep_enable returned -22
[  362.423804][  T969] usb 6-1: cp210x converter now attached to ttyUSB0
[  362.489027][  T969] usb 6-1: USB disconnect, device number 4
[  362.503349][    T8] usb 3-1: USB disconnect, device number 27
[  363.419232][  T969] cp210x ttyUSB0: cp210x converter now disconnected from ttyUSB0
[  363.540271][  T969] cp210x 6-1:0.0: device disconnected
[  363.721513][T10267] hfsplus: unable to find HFS+ superblock
[  364.325797][T10279] netlink: 428 bytes leftover after parsing attributes in process `syz.0.1078'.
[  364.355943][T10279] netlink: 32 bytes leftover after parsing attributes in process `syz.0.1078'.
[  364.415877][ T5140] Bluetooth: hci5: Opcode 0x0c03 failed: -110
[  364.739506][  T969] usb 4-1: new high-speed USB device number 39 using dummy_hcd
[  364.908570][  T969] usb 4-1: New USB device found, idVendor=0bed, idProduct=1100, bcdDevice=ec.c3
[  364.925329][  T969] usb 4-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  364.941723][  T969] usb 4-1: config 0 descriptor??
[  364.959228][  T969] cp210x 4-1:0.0: cp210x converter detected
[  365.065501][    T9] usb 1-1: new high-speed USB device number 30 using dummy_hcd
[  365.997762][ T8225] usb 6-1: new high-speed USB device number 5 using dummy_hcd
[  366.020258][T10224] kernel write not supported for file /asound/timers (pid: 10224 comm: syz.4.1066)
[  366.031206][  T969] cp210x 4-1:0.0: failed to get vendor val 0x0010 size 3: -32
[  366.067469][    T9] usb 1-1: New USB device found, idVendor=0bed, idProduct=1100, bcdDevice=ec.c3
[  366.077003][    T9] usb 1-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  366.132281][    T9] usb 1-1: config 0 descriptor??
[  366.153661][    T9] cp210x 1-1:0.0: cp210x converter detected
[  366.509189][ T8225] usb 6-1: Using ep0 maxpacket: 8
[  366.521659][ T8225] usb 6-1: config 135 has an invalid interface number: 230 but max is 0
[  366.532127][ T8225] usb 6-1: config 135 has an invalid descriptor of length 128, skipping remainder of the config
[  366.542930][ T8225] usb 6-1: config 135 has no interface number 0
[  366.564838][ T8225] usb 6-1: too many endpoints for config 135 interface 230 altsetting 126: 53, using maximum allowed: 30
[  366.620853][ T8225] usb 6-1: config 135 interface 230 altsetting 126 has 0 endpoint descriptors, different from the interface descriptor's value: 53
[  366.705894][    T9] cp210x 1-1:0.0: failed to get vendor val 0x0010 size 3: -32
[  366.895804][ T8225] usb 6-1: config 135 interface 230 has no altsetting 0
[  367.501557][ T8225] usb 6-1: New USB device found, idVendor=18ec, idProduct=3288, bcdDevice=3f.3a
[  367.555595][ T8225] usb 6-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  367.939966][ T8225] usb 6-1: Product: syz
[  368.213732][ T8225] usb 6-1: Manufacturer: syz
[  368.241157][ T8225] usb 6-1: SerialNumber: syz
[  368.294887][  T969] cp210x 4-1:0.0: failed to get vendor val 0x000e size 678: -71
[  368.302687][  T969] cp210x 4-1:0.0: GPIO initialisation failed: -71
[  368.316247][  T969] usb 4-1: cp210x converter now attached to ttyUSB0
[  368.344347][  T969] usb 4-1: USB disconnect, device number 39
[  368.347374][ T8225] usb 6-1: can't set config #135, error -71
[  368.395714][T10335] netlink: 188 bytes leftover after parsing attributes in process `syz.2.1088'.
[  368.476168][  T969] cp210x ttyUSB0: cp210x converter now disconnected from ttyUSB0
[  368.484549][  T969] cp210x 4-1:0.0: device disconnected
[  368.521410][ T8225] usb 6-1: USB disconnect, device number 5
[  369.576067][    T9] cp210x 1-1:0.0: failed to get vendor val 0x000e size 678: -71
[  369.594437][    T9] cp210x 1-1:0.0: GPIO initialisation failed: -71
[  369.604385][    T9] usb 1-1: cp210x converter now attached to ttyUSB0
[  369.616422][    T9] usb 1-1: USB disconnect, device number 30
[  369.650639][    T9] cp210x ttyUSB0: cp210x converter now disconnected from ttyUSB0
[  369.733669][    T9] cp210x 1-1:0.0: device disconnected
[  369.739502][  T969] usb 5-1: USB disconnect, device number 41
[  369.858831][T10360] netlink: 428 bytes leftover after parsing attributes in process `syz.4.1092'.
[  369.894959][ T5921] usb 3-1: new high-speed USB device number 28 using dummy_hcd
[  369.985045][T10360] netlink: 32 bytes leftover after parsing attributes in process `syz.4.1092'.
[  370.049750][ T5921] usb 3-1: Using ep0 maxpacket: 16
[  370.056835][T10369] binder_alloc: binder_alloc_mmap_handler: 10368 20ffd000-21000000 already mapped failed -16
[  370.071854][ T5921] usb 3-1: New USB device found, idVendor=054c, idProduct=0038, bcdDevice=16.f5
[  370.080080][T10360] kernel write not supported for file /asound/timers (pid: 10360 comm: syz.4.1092)
[  370.081860][ T5921] usb 3-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  370.122475][ T5921] usb 3-1: Product: syz
[  370.126897][ T5921] usb 3-1: Manufacturer: syz
[  370.131521][ T5921] usb 3-1: SerialNumber: syz
[  370.183443][ T5921] usb 3-1: config 0 descriptor??
[  370.391393][ T5921] visor 3-1:0.0: Sony Clie 3.5 converter detected
[  370.570548][ T5921] usb 3-1: clie_3_5_startup: get config number bad return length: 0
[  370.657366][T10390] futex_wake_op: syz.4.1098 tries to shift op by -1; fix this program
[  370.702435][T10390] futex_wake_op: syz.4.1098 tries to shift op by 32; fix this program
[  371.130955][T10377] kernel write not supported for file /asound/timers (pid: 10377 comm: syz.4.1098)
[  371.150810][ T5921] visor 3-1:0.0: probe with driver visor failed with error -5
[  371.180827][T10391] kvm_intel: kvm [10371]: vcpu0, guest rIP: 0xfff0 Unhandled WRMSR(0x1d9) = 0x20000303
[  371.273696][ T5921] usb 3-1: USB disconnect, device number 28
[  371.674401][T10401] kernel write not supported for file /asound/timers (pid: 10401 comm: syz.4.1101)
[  371.815034][  T969] usb 1-1: new high-speed USB device number 31 using dummy_hcd
[  371.825025][    T9] usb 6-1: new high-speed USB device number 6 using dummy_hcd
[  371.964862][ T5873] usb 4-1: new high-speed USB device number 40 using dummy_hcd
[  371.998160][  T969] usb 1-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7
[  372.030558][    T9] usb 6-1: New USB device found, idVendor=0bed, idProduct=1100, bcdDevice=ec.c3
[  372.054145][  T969] usb 1-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0
[  372.073655][    T9] usb 6-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  372.092419][  T969] usb 1-1: New USB device found, idVendor=27b8, idProduct=01ed, bcdDevice= 0.00
[  372.103614][    T9] usb 6-1: config 0 descriptor??
[  372.112218][  T969] usb 1-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  372.122225][    T9] cp210x 6-1:0.0: cp210x converter detected
[  372.139854][  T969] usb 1-1: config 0 descriptor??
[  372.175436][ T5873] usb 4-1: Using ep0 maxpacket: 16
[  372.182986][ T5873] usb 4-1: config 0 has an invalid interface number: 107 but max is 0
[  372.192792][ T5873] usb 4-1: config 0 has no interface number 0
[  372.213160][ T5873] usb 4-1: config 0 interface 107 altsetting 0 endpoint 0x88 has invalid wMaxPacketSize 0
[  372.236637][ T5873] usb 4-1: New USB device found, idVendor=06cd, idProduct=0131, bcdDevice=16.60
[  372.258217][ T5873] usb 4-1: New USB device strings: Mfr=175, Product=2, SerialNumber=3
[  372.268570][ T5873] usb 4-1: Product: syz
[  372.272937][ T5873] usb 4-1: Manufacturer: syz
[  372.285560][ T5873] usb 4-1: SerialNumber: syz
[  372.389783][ T5873] usb 4-1: config 0 descriptor??
[  372.573280][    T9] cp210x 6-1:0.0: failed to get vendor val 0x0010 size 3: -32
[  372.594224][ T5873] keyspan 4-1:0.107: Keyspan 4 port adapter converter detected
[  372.603449][ T5873] keyspan 4-1:0.107: found no endpoint descriptor for endpoint 81
[  372.611476][ T5873] keyspan 4-1:0.107: unsupported endpoint type 0
[  373.809004][  T969] hid-led 0003:27B8:01ED.000B: probe with driver hid-led failed with error -71
[  373.819593][ T5873] keyspan 4-1:0.107: found no endpoint descriptor for endpoint 1
[  373.831970][  T969] usb 1-1: USB disconnect, device number 31
[  373.849409][ T5873] usb 4-1: Keyspan 4 port adapter converter now attached to ttyUSB0
[  373.918335][T10419] kernel write not supported for file /asound/timers (pid: 10419 comm: syz.4.1105)
[  373.930436][ T5873] keyspan 4-1:0.107: found no endpoint descriptor for endpoint 2
[  373.940667][ T5873] usb 4-1: Keyspan 4 port adapter converter now attached to ttyUSB1
[  373.953470][ T5873] keyspan 4-1:0.107: found no endpoint descriptor for endpoint 4
[  373.973786][ T5873] usb 4-1: Keyspan 4 port adapter converter now attached to ttyUSB2
[  374.018307][ T5873] keyspan 4-1:0.107: found no endpoint descriptor for endpoint 6
[  374.052387][ T5873] usb 4-1: Keyspan 4 port adapter converter now attached to ttyUSB3
[  374.650831][    T9] cp210x 6-1:0.0: failed to get vendor val 0x000e size 678: -71
[  375.474029][    T9] cp210x 6-1:0.0: GPIO initialisation failed: -71
[  375.575075][T10452] kvm_intel: kvm [10442]: vcpu0, guest rIP: 0xfff0 Unhandled WRMSR(0x1d9) = 0x20000303
[  375.624482][    T9] usb 6-1: cp210x converter now attached to ttyUSB4
[  375.694987][    T9] usb 6-1: USB disconnect, device number 6
[  375.743397][ T5921] usb 4-1: USB disconnect, device number 40
[  375.744446][    T9] cp210x ttyUSB4: cp210x converter now disconnected from ttyUSB4
[  375.755582][ T5921] keyspan_4 ttyUSB0: Keyspan 4 port adapter converter now disconnected from ttyUSB0
[  375.811828][ T5921] keyspan_4 ttyUSB1: Keyspan 4 port adapter converter now disconnected from ttyUSB1
[  375.821061][    T9] cp210x 6-1:0.0: device disconnected
[  375.843300][T10452] kernel write not supported for file /asound/timers (pid: 10452 comm: syz.4.1109)
[  375.914410][ T5921] keyspan_4 ttyUSB2: Keyspan 4 port adapter converter now disconnected from ttyUSB2
[  375.960005][ T5921] keyspan_4 ttyUSB3: Keyspan 4 port adapter converter now disconnected from ttyUSB3
[  376.007440][ T5921] keyspan 4-1:0.107: device disconnected
[  376.136218][T10484] lo speed is unknown, defaulting to 1000
[  376.153963][T10484] lo speed is unknown, defaulting to 1000
[  376.174210][T10484] lo speed is unknown, defaulting to 1000
[  376.202456][T10475] kernel write not supported for file /asound/timers (pid: 10475 comm: syz.4.1117)
[  376.249409][T10484] iwpm_register_pid: Unable to send a nlmsg (client = 2)
[  376.350258][T10484] infiniband syz2: RDMA CMA: cma_listen_on_dev, error -98
[  376.430925][T10501] kernel write not supported for file /asound/timers (pid: 10501 comm: syz.4.1122)
[  376.443116][T10483] kernel write not supported for file /asound/timers (pid: 10483 comm: syz.4.1117)
[  376.515797][T10494] fuse: Bad value for 'fd'
[  376.529729][T10484] lo speed is unknown, defaulting to 1000
[  376.568671][T10484] lo speed is unknown, defaulting to 1000
[  376.601614][T10504] netlink: 'syz.2.1121': attribute type 1 has an invalid length.
[  376.678537][T10484] lo speed is unknown, defaulting to 1000
[  376.703327][T10484] lo speed is unknown, defaulting to 1000
[  376.741175][T10484] lo speed is unknown, defaulting to 1000
[  376.748540][T10509] kernel write not supported for file /asound/timers (pid: 10509 comm: syz.4.1123)
[  376.950753][T10521] netlink: 428 bytes leftover after parsing attributes in process `syz.4.1125'.
[  376.971030][T10521] netlink: 32 bytes leftover after parsing attributes in process `syz.4.1125'.
[  377.007772][T10521] kernel write not supported for file /asound/timers (pid: 10521 comm: syz.4.1125)
[  377.279105][T10526] Bluetooth: hci5: Frame reassembly failed (-84)
[  377.293426][ T6205] Bluetooth: hci5: Frame reassembly failed (-84)
[  377.361802][T10531] netlink: 8 bytes leftover after parsing attributes in process `syz.2.1129'.
[  377.949390][T10543] kvm_intel: kvm [10537]: vcpu0, guest rIP: 0xfff0 Unhandled WRMSR(0x1d9) = 0x20000303
[  378.760147][ T1298] ieee802154 phy0 wpan0: encryption failed: -22
[  378.766736][ T1298] ieee802154 phy1 wpan1: encryption failed: -22
[  378.801647][T10548] syz.2.1132: attempt to access beyond end of device
[  378.801647][T10548] nbd2: rw=4096, sector=0, nr_sectors = 2 limit=0
[  378.963954][T10562] bridge2: entered promiscuous mode
[  378.985712][T10562] bridge2: entered allmulticast mode
[  379.375870][ T5833] Bluetooth: hci5: command 0xfc11 tx timeout
[  379.455789][ T5140] Bluetooth: hci5: Entering manufacturer mode failed (-110)
[  379.479147][T10534] kernel write not supported for file /asound/timers (pid: 10534 comm: syz.4.1127)
[  379.584802][    T9] usb 3-1: new high-speed USB device number 29 using dummy_hcd
[  379.735255][    T9] usb 3-1: Using ep0 maxpacket: 8
[  379.750359][    T9] usb 3-1: New USB device found, idVendor=0ccd, idProduct=00b3, bcdDevice=2d.ea
[  379.784155][    T9] usb 3-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  379.799028][    T9] usb 3-1: Product: syz
[  379.804398][    T9] usb 3-1: Manufacturer: syz
[  379.809321][    T9] usb 3-1: SerialNumber: syz
[  379.823203][    T9] usb 3-1: config 0 descriptor??
[  379.972975][T10574] kernel write not supported for file /asound/timers (pid: 10574 comm: syz.4.1136)
[  380.045041][    T9] usb 3-1: dvb_usb_v2: found a 'TerraTec NOXON DAB Stick' in warm state
[  380.151335][T10566] kernel write not supported for file /asound/timers (pid: 10566 comm: syz.4.1136)
[  380.174594][T10579] hsr0: entered promiscuous mode
[  381.112388][T10592] pimreg3: entered allmulticast mode
[  381.271171][ T5921] usb 6-1: new high-speed USB device number 7 using dummy_hcd
[  382.288182][T10597] kernel write not supported for file /asound/timers (pid: 10597 comm: syz.4.1141)
[  382.368894][    T9] dvb_usb_rtl28xxu 3-1:0.0: probe with driver dvb_usb_rtl28xxu failed with error -71
[  382.410506][    T9] usb 3-1: USB disconnect, device number 29
[  382.522738][ T5921] usb 6-1: config index 0 descriptor too short (expected 23569, got 27)
[  382.556818][ T5921] usb 6-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0
[  382.578110][ T5921] usb 6-1: New USB device found, idVendor=03eb, idProduct=0002, bcdDevice=ba.c0
[  382.592268][ T5921] usb 6-1: New USB device strings: Mfr=5, Product=0, SerialNumber=0
[  382.603929][ T5921] usb 6-1: Manufacturer: syz
[  382.987081][ T5921] usb 6-1: config 0 descriptor??
[  383.010183][T10610] kernel write not supported for file /asound/timers (pid: 10610 comm: syz.4.1145)
[  383.088975][ T5921] rc_core: IR keymap rc-hauppauge not found
[  383.102439][ T5921] Registered IR keymap rc-empty
[  383.113863][ T5921] rc rc0: IgorPlug-USB IR Receiver as /devices/platform/dummy_hcd.5/usb6/6-1/6-1:0.0/rc/rc0
[  383.127468][ T5921] input: IgorPlug-USB IR Receiver as /devices/platform/dummy_hcd.5/usb6/6-1/6-1:0.0/rc/rc0/input36
[  383.229019][    T9] usb 6-1: USB disconnect, device number 7
[  383.464843][  T969] usb 5-1: new high-speed USB device number 42 using dummy_hcd
[  383.487364][T10631] input: syz0 as /devices/virtual/input/input37
[  383.548145][T10631] netlink: 20 bytes leftover after parsing attributes in process `syz.0.1152'.
[  383.573814][T10631] syz_tun: entered promiscuous mode
[  383.589714][T10631] syz_tun: left promiscuous mode
[  383.614953][  T969] usb 5-1: Using ep0 maxpacket: 32
[  383.630634][  T969] usb 5-1: config 1 interface 0 altsetting 0 has an endpoint descriptor with address 0xFF, changing to 0x8F
[  383.642872][  T969] usb 5-1: config 1 interface 0 altsetting 0 endpoint 0x8F has an invalid bInterval 0, changing to 7
[  383.656975][  T969] usb 5-1: config 1 interface 0 altsetting 0 endpoint 0x8F has invalid wMaxPacketSize 0
[  383.667229][  T969] usb 5-1: config 1 interface 0 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 2
[  383.685644][  T969] usb 5-1: New USB device found, idVendor=05ac, idProduct=020f, bcdDevice= 0.22
[  383.695635][  T969] usb 5-1: New USB device strings: Mfr=1, Product=130, SerialNumber=131
[  383.704548][  T969] usb 5-1: Product: syz
[  383.709498][  T969] usb 5-1: Manufacturer: syz
[  383.722225][  T969] usb 5-1: SerialNumber: syz
[  383.781146][  T969] input: appletouch as /devices/platform/dummy_hcd.4/usb5/5-1/5-1:1.0/input/input38
[  384.250094][ T5874] usb 5-1: USB disconnect, device number 42
[  384.452851][ T5874] appletouch 5-1:1.0: input: appletouch disconnected
[  384.750694][T10647] kernel write not supported for file /asound/timers (pid: 10647 comm: syz.4.1148)
[  385.210259][T10664] sctp: [Deprecated]: syz.0.1162 (pid 10664) Use of struct sctp_assoc_value in delayed_ack socket option.
[  385.210259][T10664] Use struct sctp_sack_info instead
[  385.258849][T10658] kernel write not supported for file /asound/timers (pid: 10658 comm: syz.4.1159)
[  385.367454][T10668] loop2: detected capacity change from 0 to 7
[  385.384464][T10668] Dev loop2: unable to read RDB block 7
[  385.416238][T10668]  loop2: AHDI p1 p2
[  385.431283][T10668] loop2: partition table partially beyond EOD, truncated
[  385.455006][T10668] loop2: p1 start 2214592512 is beyond EOD, truncated
[  385.486535][T10670] netlink: 8 bytes leftover after parsing attributes in process `syz.4.1165'.
[  385.566041][T10670] kernel write not supported for file /asound/timers (pid: 10670 comm: syz.4.1165)
[  386.472226][T10684] Process accounting paused
[  387.487393][T10704] tmpfs: Unknown parameter 'usrquota'
[  388.195580][T10717] lo speed is unknown, defaulting to 1000
[  388.276914][T10718] netlink: 2 bytes leftover after parsing attributes in process `syz.0.1178'.
[  388.725968][ T5833] Bluetooth: hci0: command 0x0405 tx timeout
[  388.941785][ T5874] usb 4-1: new full-speed USB device number 41 using dummy_hcd
[  390.076540][    T9] usb 5-1: new high-speed USB device number 43 using dummy_hcd
[  390.180710][T10744] netlink: 8 bytes leftover after parsing attributes in process `syz.5.1183'.
[  390.418659][    T9] usb 5-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7
[  390.485378][    T9] usb 5-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0
[  390.525758][ T5874] usb 4-1: device descriptor read/all, error -71
[  390.880786][    T9] usb 5-1: New USB device found, idVendor=0d8c, idProduct=0022, bcdDevice= 0.00
[  390.904781][    T9] usb 5-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  390.966573][    T9] usb 5-1: config 0 descriptor??
[  391.587080][    T9] usbhid 5-1:0.0: can't add hid device: -71
[  391.598120][    T9] usbhid 5-1:0.0: probe with driver usbhid failed with error -71
[  391.629247][    T9] usb 5-1: USB disconnect, device number 43
[  392.052789][T10778] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium
[  392.650375][T10796] netlink: 312 bytes leftover after parsing attributes in process `syz.5.1198'.
[  393.265968][T10805] vxcan3: entered promiscuous mode
[  393.271294][T10805] vxcan3: entered allmulticast mode
[  394.666410][T10837] fuse: Bad value for 'fd'
[  394.844993][ T5874] usb 4-1: new high-speed USB device number 43 using dummy_hcd
[  395.432768][T10835] lo speed is unknown, defaulting to 1000
[  395.589187][T10833] lo speed is unknown, defaulting to 1000
[  395.665517][ T5874] usb 4-1: Using ep0 maxpacket: 16
[  395.672466][ T5874] usb 4-1: config 7 has an invalid interface number: 247 but max is 0
[  395.705243][ T5874] usb 4-1: config 7 has no interface number 0
[  395.711422][ T5874] usb 4-1: config 7 interface 247 altsetting 0 endpoint 0xB has invalid wMaxPacketSize 0
[  395.750072][ T5874] usb 4-1: config 7 interface 247 altsetting 0 endpoint 0x9 has invalid wMaxPacketSize 0
[  395.786805][ T5874] usb 4-1: config 7 interface 247 altsetting 0 bulk endpoint 0x9 has invalid maxpacket 0
[  395.832396][ T5874] usb 4-1: New USB device found, idVendor=3923, idProduct=718a, bcdDevice=6c.22
[  395.853787][ T5874] usb 4-1: New USB device strings: Mfr=1, Product=74, SerialNumber=147
[  395.871108][ T5874] usb 4-1: Product: syz
[  395.875517][ T5921] usb 6-1: new high-speed USB device number 8 using dummy_hcd
[  395.887162][ T5874] usb 4-1: Manufacturer: syz
[  395.901133][ T5874] usb 4-1: SerialNumber: syz
[  395.924816][ T5872] usb 1-1: new high-speed USB device number 32 using dummy_hcd
[  395.979440][ T5874] ni6501 4-1:7.247: driver 'ni6501' failed to auto-configure device.
[  396.015919][ T5921] usb 6-1: device descriptor read/64, error -71
[  396.096899][ T5872] usb 1-1: config 0 has an invalid descriptor of length 255, skipping remainder of the config
[  396.160091][ T5872] usb 1-1: config 0 interface 0 altsetting 0 has 0 endpoint descriptors, different from the interface descriptor's value: 1
[  396.195119][ T5872] usb 1-1: New USB device found, idVendor=056a, idProduct=0065, bcdDevice= 0.00
[  396.202786][ T5874] usb 4-1: USB disconnect, device number 43
[  396.212992][ T5872] usb 1-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  396.280945][ T5921] usb 6-1: new high-speed USB device number 9 using dummy_hcd
[  396.301328][ T5872] usb 1-1: config 0 descriptor??
[  396.330369][ T5872] usbhid 1-1:0.0: couldn't find an input interrupt endpoint
[  396.445885][ T5921] usb 6-1: device descriptor read/64, error -71
[  396.461582][T10942] tipc: Enabling of bearer <udp:syz1> rejected, failed to enable media
[  396.555232][ T5921] usb usb6-port1: attempt power cycle
[  397.236365][T10951] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy
[  397.246353][T10951] misc raw-gadget: fail, usb_gadget_register_driver returned -16
[  397.465386][ T5921] usb 6-1: new high-speed USB device number 10 using dummy_hcd
[  397.488095][ T5921] usb 6-1: device descriptor read/8, error -71
[  397.842876][ T5921] usb 6-1: new high-speed USB device number 11 using dummy_hcd
[  398.035286][ T5921] usb 6-1: device descriptor read/8, error -71
[  398.208867][ T5921] usb usb6-port1: unable to enumerate USB device
[  398.758426][    T9] usb 5-1: new high-speed USB device number 44 using dummy_hcd
[  398.767969][  T969] usb 1-1: USB disconnect, device number 32
[  398.965157][    T9] usb 5-1: New USB device found, idVendor=0bed, idProduct=1100, bcdDevice=ec.c3
[  398.995838][    T9] usb 5-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  399.045718][    T9] usb 5-1: config 0 descriptor??
[  399.056187][    T9] cp210x 5-1:0.0: cp210x converter detected
[  399.466251][    T9] cp210x 5-1:0.0: failed to get vendor val 0x000e size 3: -32
[  400.242341][    T9] usb 5-1: cp210x converter now attached to ttyUSB0
[  400.279383][    T9] usb 5-1: USB disconnect, device number 44
[  400.292744][    T9] cp210x ttyUSB0: cp210x converter now disconnected from ttyUSB0
[  400.305707][    T9] cp210x 5-1:0.0: device disconnected
[  400.830088][T11044] netlink: 4 bytes leftover after parsing attributes in process `syz.2.1224'.
[  401.531875][T11048] loop2: detected capacity change from 0 to 7
[  401.576633][T11048] Dev loop2: unable to read RDB block 7
[  401.594158][T11048]  loop2: AHDI p1 p2
[  401.643385][T11048] loop2: partition table partially beyond EOD, truncated
[  401.666095][T11048] loop2: p1 start 2214592512 is beyond EOD, truncated
[  401.811377][T11059] netlink: 16 bytes leftover after parsing attributes in process `syz.0.1227'.
[  401.989132][T11065] fuse: Bad value for 'fd'
[  402.264904][   T29] kauditd_printk_skb: 16 callbacks suppressed
[  402.264926][   T29] audit: type=1326 audit(1731264370.835:85): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=11058 comm="syz.4.1226" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f8f7837e719 code=0x7ffc0000
[  402.293302][   T29] audit: type=1326 audit(1731264370.835:86): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=11058 comm="syz.4.1226" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f8f7837e719 code=0x7ffc0000
[  402.315249][   T29] audit: type=1326 audit(1731264370.835:87): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=11058 comm="syz.4.1226" exe="/root/syz-executor" sig=0 arch=c000003e syscall=157 compat=0 ip=0x7f8f7837e719 code=0x7ffc0000
[  402.336942][   T29] audit: type=1326 audit(1731264370.835:88): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=11058 comm="syz.4.1226" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f8f7837e719 code=0x7ffc0000
[  402.358627][   T29] audit: type=1326 audit(1731264370.835:89): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=11058 comm="syz.4.1226" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f8f7837e719 code=0x7ffc0000
[  402.380402][   T29] audit: type=1326 audit(1731264370.845:90): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=11058 comm="syz.4.1226" exe="/root/syz-executor" sig=0 arch=c000003e syscall=321 compat=0 ip=0x7f8f7837e719 code=0x7ffc0000
[  402.402194][   T29] audit: type=1326 audit(1731264370.845:91): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=11058 comm="syz.4.1226" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f8f7837e719 code=0x7ffc0000
[  402.423852][   T29] audit: type=1326 audit(1731264370.845:92): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=11058 comm="syz.4.1226" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f8f7837e719 code=0x7ffc0000
[  402.445413][   T29] audit: type=1326 audit(1731264370.845:93): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=11058 comm="syz.4.1226" exe="/root/syz-executor" sig=0 arch=c000003e syscall=321 compat=0 ip=0x7f8f7837e719 code=0x7ffc0000
[  402.472700][   T29] audit: type=1326 audit(1731264370.855:94): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=11058 comm="syz.4.1226" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f8f7837e719 code=0x7ffc0000
[  402.777507][T11084] netlink: 276 bytes leftover after parsing attributes in process `syz.3.1233'.
[  403.476070][T11096] netlink: 40 bytes leftover after parsing attributes in process `syz.2.1235'.
[  403.616317][T11108] netlink: 8 bytes leftover after parsing attributes in process `syz.2.1238'.
[  403.625241][T11108] nbd: must specify a device to reconfigure
[  404.029772][ T5872] usb 1-1: new full-speed USB device number 33 using dummy_hcd
[  404.188463][ T5872] usb 1-1: config 0 has an invalid interface number: 39 but max is 0
[  404.199212][ T5872] usb 1-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config
[  404.254487][ T5872] usb 1-1: config 0 has no interface number 0
[  404.293094][ T5872] usb 1-1: New USB device found, idVendor=0499, idProduct=4d3f, bcdDevice=d2.2a
[  404.316539][T11122] loop2: detected capacity change from 0 to 7
[  404.319829][ T5872] usb 1-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  404.347725][ T5872] usb 1-1: Product: syz
[  404.352378][ T5872] usb 1-1: Manufacturer: syz
[  404.357961][ T5872] usb 1-1: SerialNumber: syz
[  404.372902][T11122] Dev loop2: unable to read RDB block 7
[  404.389272][T11122]  loop2: AHDI p1 p2
[  404.389419][ T5872] usb 1-1: config 0 descriptor??
[  404.416143][T11122] loop2: partition table partially beyond EOD, truncated
[  404.458759][T11122] loop2: p1 start 2214592512 is beyond EOD, truncated
[  404.503678][ T5202] Dev loop2: unable to read RDB block 7
[  404.520900][ T5202]  loop2: AHDI p1 p2
[  404.684823][ T5202] loop2: partition table partially beyond EOD, truncated
[  404.705230][ T5872] usb 1-1: USB disconnect, device number 33
[  405.209953][ T5202] loop2: p1 start 2214592512 is beyond EOD, truncated
[  405.391831][T11147] FAULT_INJECTION: forcing a failure.
[  405.391831][T11147] name fail_usercopy, interval 1, probability 0, space 0, times 0
[  405.411015][T11147] CPU: 0 UID: 0 PID: 11147 Comm: syz.4.1245 Not tainted 6.12.0-rc6-syzkaller-00279-gde2f378f2b77 #0
[  405.421830][T11147] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/30/2024
[  405.431914][T11147] Call Trace:
[  405.435208][T11147]  <TASK>
[  405.438157][T11147]  dump_stack_lvl+0x241/0x360
[  405.442856][T11147]  ? __pfx_dump_stack_lvl+0x10/0x10
[  405.448095][T11147]  ? __pfx__printk+0x10/0x10
[  405.452716][T11147]  ? __pfx_lock_release+0x10/0x10
[  405.457779][T11147]  should_fail_ex+0x3b0/0x4e0
[  405.462577][T11147]  _copy_from_user+0x2f/0xc0
[  405.467194][T11147]  bm_entry_write+0x133/0x550
[  405.471878][T11147]  ? __pfx_bm_entry_write+0x10/0x10
[  405.477079][T11147]  ? __pfx_bm_entry_write+0x10/0x10
[  405.482275][T11147]  vfs_write+0x2a3/0xd30
[  405.486523][T11147]  ? fdget_pos+0x24e/0x320
[  405.490969][T11147]  ? __pfx_vfs_write+0x10/0x10
[  405.495736][T11147]  ? __fget_files+0x3f3/0x470
[  405.500420][T11147]  ? fdget_pos+0x24e/0x320
[  405.504836][T11147]  ksys_write+0x183/0x2b0
[  405.509166][T11147]  ? __pfx_ksys_write+0x10/0x10
[  405.514016][T11147]  ? do_syscall_64+0x100/0x230
[  405.518783][T11147]  ? do_syscall_64+0xb6/0x230
[  405.523459][T11147]  do_syscall_64+0xf3/0x230
[  405.527962][T11147]  ? clear_bhb_loop+0x35/0x90
[  405.532645][T11147]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  405.538642][T11147] RIP: 0033:0x7f8f7837e719
[  405.543059][T11147] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[  405.562676][T11147] RSP: 002b:00007f8f791fe038 EFLAGS: 00000246 ORIG_RAX: 0000000000000001
[  405.571211][T11147] RAX: ffffffffffffffda RBX: 00007f8f78535f80 RCX: 00007f8f7837e719
[  405.579183][T11147] RDX: 0000000000000003 RSI: 0000000020000240 RDI: 0000000000000003
[  405.587173][T11147] RBP: 00007f8f791fe090 R08: 0000000000000000 R09: 0000000000000000
[  405.595140][T11147] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[  405.603105][T11147] R13: 0000000000000000 R14: 00007f8f78535f80 R15: 00007ffe4b7ecd18
[  405.611090][T11147]  </TASK>
[  407.073782][T11188] netlink: 'syz.0.1254': attribute type 1 has an invalid length.
[  407.134844][T11186] netlink: 'syz.0.1254': attribute type 1 has an invalid length.
[  407.513045][T11210] netlink: 8 bytes leftover after parsing attributes in process `syz.2.1256'.
[  410.304836][    T9] usb 1-1: new high-speed USB device number 34 using dummy_hcd
[  410.565136][    T9] usb 1-1: New USB device found, idVendor=17e9, idProduct=8b4e, bcdDevice=9c.08
[  410.574370][    T9] usb 1-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  410.854527][    T9] usb 1-1: config 0 descriptor??
[  411.038787][   T29] kauditd_printk_skb: 14 callbacks suppressed
[  411.038805][   T29] audit: type=1326 audit(1731264379.865:109): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=11282 comm="syz.2.1275" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f383577e719 code=0x7ffc0000
[  411.069911][   T29] audit: type=1326 audit(1731264379.865:110): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=11282 comm="syz.2.1275" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f383577e719 code=0x7ffc0000
[  411.080810][T11248] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy
[  411.100958][T11248] misc raw-gadget: fail, usb_gadget_register_driver returned -16
[  411.122975][   T29] audit: type=1326 audit(1731264379.945:111): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=11282 comm="syz.2.1275" exe="/root/syz-executor" sig=0 arch=c000003e syscall=97 compat=0 ip=0x7f383577e719 code=0x7ffc0000
[  411.145001][   T29] audit: type=1326 audit(1731264379.945:112): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=11282 comm="syz.2.1275" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f383577e719 code=0x7ffc0000
[  411.167352][   T29] audit: type=1326 audit(1731264379.945:113): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=11282 comm="syz.2.1275" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f383577e719 code=0x7ffc0000
[  411.190888][   T29] audit: type=1326 audit(1731264379.945:114): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=11282 comm="syz.2.1275" exe="/root/syz-executor" sig=0 arch=c000003e syscall=257 compat=0 ip=0x7f383577d0b0 code=0x7ffc0000
[  411.255327][   T29] audit: type=1326 audit(1731264380.075:115): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=11282 comm="syz.2.1275" exe="/root/syz-executor" sig=0 arch=c000003e syscall=16 compat=0 ip=0x7f383577e31b code=0x7ffc0000
[  411.288804][   T29] audit: type=1326 audit(1731264380.075:116): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=11282 comm="syz.2.1275" exe="/root/syz-executor" sig=0 arch=c000003e syscall=16 compat=0 ip=0x7f383577e31b code=0x7ffc0000
[  411.311371][   T29] audit: type=1326 audit(1731264380.075:117): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=11282 comm="syz.2.1275" exe="/root/syz-executor" sig=0 arch=c000003e syscall=16 compat=0 ip=0x7f383577e31b code=0x7ffc0000
[  411.333550][   T29] audit: type=1326 audit(1731264380.075:118): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=11282 comm="syz.2.1275" exe="/root/syz-executor" sig=0 arch=c000003e syscall=16 compat=0 ip=0x7f383577e31b code=0x7ffc0000
[  411.356924][    T9] [drm] vendor descriptor length:6 data:06 5f 01 00 00 00 00 00 00 00 00
[  411.366447][    T9] [drm:udl_init] *ERROR* Unrecognized vendor firmware descriptor
[  411.484913][ T5874] usb 3-1: new high-speed USB device number 30 using dummy_hcd
[  411.612619][    T9] [drm:udl_init] *ERROR* Selecting channel failed
[  411.640153][    T9] [drm] Initialized udl 0.0.1 for 1-1:0.0 on minor 2
[  411.647488][    T9] [drm] Initialized udl on minor 2
[  411.655447][    T9] udl 1-1:0.0: [drm] *ERROR* Read EDID byte 0 failed err ffffffb9
[  411.671264][ T5874] usb 3-1: New USB device found, idVendor=0bed, idProduct=1100, bcdDevice=ec.c3
[  411.676659][    T9] udl 1-1:0.0: [drm] Cannot find any crtc or sizes
[  411.879112][  T969] udl 1-1:0.0: [drm] *ERROR* Read EDID byte 0 failed err ffffffb9
[  412.078820][  T969] udl 1-1:0.0: [drm] Cannot find any crtc or sizes
[  412.268103][ T5874] usb 3-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  412.279325][ T5874] usb 3-1: config 0 descriptor??
[  412.286084][    T9] usb 1-1: USB disconnect, device number 34
[  412.316229][ T5874] cp210x 3-1:0.0: cp210x converter detected
[  412.738436][ T5874] usb 3-1: cp210x converter now attached to ttyUSB0
[  412.810775][T11340] openvswitch: netlink: Actions may not be safe on all matching packets
[  413.741256][    T9] usb 3-1: USB disconnect, device number 30
[  413.938024][    T9] cp210x ttyUSB0: cp210x converter now disconnected from ttyUSB0
[  413.949342][    T9] cp210x 3-1:0.0: device disconnected
[  414.040493][T11365] openvswitch: netlink: Actions may not be safe on all matching packets
[  415.009938][T11386] devpts: called with bogus options
[  415.042503][T11379] netlink: 40 bytes leftover after parsing attributes in process `syz.3.1285'.
[  415.604862][  T969] usb 3-1: new full-speed USB device number 31 using dummy_hcd
[  415.766533][  T969] usb 3-1: config 0 has an invalid interface number: 52 but max is 0
[  415.775791][  T969] usb 3-1: config 0 has an invalid descriptor of length 255, skipping remainder of the config
[  415.800529][  T969] usb 3-1: config 0 has no interface number 0
[  415.869259][  T969] usb 3-1: config 0 interface 52 altsetting 1 has an endpoint descriptor with address 0xFF, changing to 0x8F
[  415.894141][  T969] usb 3-1: config 0 interface 52 altsetting 1 endpoint 0x8F has invalid maxpacket 65535, setting to 64
[  415.933354][  T969] usb 3-1: config 0 interface 52 altsetting 1 has 1 endpoint descriptor, different from the interface descriptor's value: 2
[  416.453950][  T969] usb 3-1: config 0 interface 52 has no altsetting 0
[  416.477707][  T969] usb 3-1: New USB device found, idVendor=06cb, idProduct=0007, bcdDevice= 0.00
[  416.487153][  T969] usb 3-1: New USB device strings: Mfr=0, Product=149, SerialNumber=35
[  416.533583][  T969] usb 3-1: Product: syz
[  416.541179][T11412] Process accounting resumed
[  416.561213][  T969] usb 3-1: SerialNumber: syz
[  416.566749][T11412] kernel write not supported for file /asound/timers (pid: 11412 comm: syz.4.1293)
[  416.579542][  T969] usb 3-1: config 0 descriptor??
[  416.614500][T11420] netlink: 24 bytes leftover after parsing attributes in process `syz.3.1294'.
[  416.623999][T11420] netlink: 348 bytes leftover after parsing attributes in process `syz.3.1294'.
[  416.788761][  T969] input: syz (Stick) as /devices/platform/dummy_hcd.2/usb3/3-1/3-1:0.52/input/input39
[  417.049014][  T969] usb 3-1: USB disconnect, device number 31
[  417.548052][T11463] netlink: 40 bytes leftover after parsing attributes in process `syz.0.1299'.
[  418.395744][T11439] kernel write not supported for file /asound/timers (pid: 11439 comm: syz.4.1295)
[  418.548653][T11470] cgroup: fork rejected by pids controller in /syz2
[  418.909694][T11502] openvswitch: netlink: Actions may not be safe on all matching packets
[  419.211642][T11518] netlink: 4 bytes leftover after parsing attributes in process `syz.3.1310'.
[  419.408391][ T6205] netdevsim netdevsim2 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  419.424934][ T5874] usb 5-1: new full-speed USB device number 45 using dummy_hcd
[  419.596836][ T5874] usb 5-1: config 0 has an invalid interface number: 39 but max is 0
[  419.606973][ T5874] usb 5-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config
[  419.625524][ T5874] usb 5-1: config 0 has no interface number 0
[  419.659679][ T5874] usb 5-1: New USB device found, idVendor=0499, idProduct=4d3f, bcdDevice=d2.2a
[  419.663058][ T6205] netdevsim netdevsim2 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  419.697700][ T5874] usb 5-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  419.718178][ T5874] usb 5-1: Product: syz
[  419.731650][ T5874] usb 5-1: Manufacturer: syz
[  419.751600][ T5874] usb 5-1: SerialNumber: syz
[  419.779742][ T5874] usb 5-1: config 0 descriptor??
[  420.656601][ T6205] netdevsim netdevsim2 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  420.854960][ T6205] netdevsim netdevsim2 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  420.865759][ T5874] usb 5-1: USB disconnect, device number 45
[  420.919767][ T5833] Bluetooth: hci2: unexpected cc 0x0c03 length: 249 > 1
[  420.943444][ T5833] Bluetooth: hci2: unexpected cc 0x1003 length: 249 > 9
[  420.957706][ T5833] Bluetooth: hci2: unexpected cc 0x1001 length: 249 > 9
[  421.013375][ T5833] Bluetooth: hci2: unexpected cc 0x0c23 length: 249 > 4
[  421.022514][ T5833] Bluetooth: hci2: unexpected cc 0x0c25 length: 249 > 3
[  421.031521][ T5833] Bluetooth: hci2: unexpected cc 0x0c38 length: 249 > 2
[  421.142575][T11531] lo speed is unknown, defaulting to 1000
[  421.428018][T11498] kernel write not supported for file /asound/timers (pid: 11498 comm: syz.4.1305)
[  421.527004][T11581] openvswitch: netlink: Actions may not be safe on all matching packets
[  422.205123][ T6205] bridge_slave_1: left allmulticast mode
[  422.210863][ T6205] bridge_slave_1: left promiscuous mode
[  422.392254][ T6205] bridge0: port 2(bridge_slave_1) entered disabled state
[  422.510209][ T6205] bridge_slave_0: left allmulticast mode
[  422.527670][ T6205] bridge_slave_0: left promiscuous mode
[  422.546292][ T6205] bridge0: port 1(bridge_slave_0) entered disabled state
[  422.624064][T11589] kernel write not supported for file /asound/timers (pid: 11589 comm: syz.4.1317)
[  423.137915][ T5833] Bluetooth: hci2: command tx timeout
[  423.259166][ T6205] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface
[  423.271999][ T6205] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface
[  423.284448][ T6205] bond0 (unregistering): Released all slaves
[  423.311420][ T6205] bond1 (unregistering): Released all slaves
[  423.404878][T11609] netlink: 4 bytes leftover after parsing attributes in process `syz.4.1321'.
[  423.549186][ T6205] IPVS: stopping backup sync thread 6629 ...
[  423.586133][T11613] kernel write not supported for file /asound/timers (pid: 11613 comm: syz.4.1321)
[  424.740877][T11655] kernel write not supported for file /asound/timers (pid: 11655 comm: syz.4.1324)
[  425.124971][T11737] openvswitch: netlink: Actions may not be safe on all matching packets
[  425.226154][ T5833] Bluetooth: hci2: command tx timeout
[  425.687718][T11744] kvm_intel: kvm [11727]: vcpu0, guest rIP: 0xfff0 Unhandled WRMSR(0x1d9) = 0x20000303
[  425.788516][T11531] chnl_net:caif_netlink_parms(): no params data found
[  425.863657][T11735] kernel write not supported for file /asound/timers (pid: 11735 comm: syz.4.1325)
[  425.959534][T11635] random: crng reseeded on system resumption
[  426.237890][ T6205] hsr_slave_0: left promiscuous mode
[  426.261593][ T6205] hsr_slave_1: left promiscuous mode
[  426.266943][T11781] netlink: 12 bytes leftover after parsing attributes in process `syz.3.1328'.
[  426.403902][ T6205] batman_adv: batadv0: Interface deactivated: batadv_slave_0
[  426.415122][ T6205] batman_adv: batadv0: Removing interface: batadv_slave_0
[  426.508999][T11786] openvswitch: netlink: Actions may not be safe on all matching packets
[  427.091688][ T6205] batman_adv: batadv0: Interface deactivated: batadv_slave_1
[  427.157276][ T6205] batman_adv: batadv0: Removing interface: batadv_slave_1
[  427.162377][T11786] kernel write not supported for file /asound/timers (pid: 11786 comm: syz.4.1329)
[  427.240282][ T6205] veth1_macvtap: left promiscuous mode
[  427.284488][ T6205] veth0_macvtap: left promiscuous mode
[  427.291889][T11793] netlink: 12 bytes leftover after parsing attributes in process `syz.4.1331'.
[  427.304886][ T5833] Bluetooth: hci2: command tx timeout
[  427.305489][ T6205] veth1_vlan: left promiscuous mode
[  427.584818][ T6205] veth0_vlan: left promiscuous mode
[  427.602972][T11793] kernel write not supported for file /asound/timers (pid: 11793 comm: syz.4.1331)
[  428.308603][T11804] openvswitch: netlink: Actions may not be safe on all matching packets
[  428.347654][T11804] kernel write not supported for file /asound/timers (pid: 11804 comm: syz.4.1333)
[  428.818297][ T6205] team0 (unregistering): Port device team_slave_1 removed
[  428.869562][ T6205] team0 (unregistering): Port device team_slave_0 removed
[  429.353063][T11788] netlink: 24 bytes leftover after parsing attributes in process `syz.3.1330'.
[  429.375069][ T5833] Bluetooth: hci2: command tx timeout
[  429.380438][T11806] netlink: 4 bytes leftover after parsing attributes in process `syz.5.1334'.
[  429.400472][T11810] netlink: 4 bytes leftover after parsing attributes in process `syz.4.1335'.
[  429.471486][T11810] kernel write not supported for file /asound/timers (pid: 11810 comm: syz.4.1335)
[  430.204416][T11531] bridge0: port 1(bridge_slave_0) entered blocking state
[  430.220339][T11531] bridge0: port 1(bridge_slave_0) entered disabled state
[  430.231522][T11531] bridge_slave_0: entered allmulticast mode
[  430.243888][T11531] bridge_slave_0: entered promiscuous mode
[  430.276066][T11531] bridge0: port 2(bridge_slave_1) entered blocking state
[  430.298695][T11531] bridge0: port 2(bridge_slave_1) entered disabled state
[  430.320753][T11531] bridge_slave_1: entered allmulticast mode
[  430.347842][T11531] bridge_slave_1: entered promiscuous mode
[  430.424826][  T969] usb 4-1: new high-speed USB device number 44 using dummy_hcd
[  430.485000][T11897] loop2: detected capacity change from 0 to 7
[  430.490649][T11531] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link
[  430.502401][T11897] Dev loop2: unable to read RDB block 7
[  430.509526][T11531] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link
[  430.552344][T11897]  loop2: AHDI p1 p2
[  430.574837][T11897] loop2: partition table partially beyond EOD, truncated
[  430.599829][T11897] loop2: p1 start 2214592512 is beyond EOD, truncated
[  430.615819][  T969] usb 4-1: Using ep0 maxpacket: 8
[  430.784478][T11531] team0: Port device team_slave_0 added
[  430.848567][T11531] team0: Port device team_slave_1 added
[  430.855329][  T969] usb 4-1: unable to get BOS descriptor or descriptor too short
[  430.867574][  T969] usb 4-1: unable to read config index 0 descriptor/start: -71
[  430.885178][  T969] usb 4-1: can't read configurations, error -71
[  431.079837][T11843] kernel write not supported for file /asound/timers (pid: 11843 comm: syz.4.1337)
[  431.153976][T11959] openvswitch: netlink: Actions may not be safe on all matching packets
[  431.908850][T11979] openvswitch: netlink: Actions may not be safe on all matching packets
[  431.942314][T11531] batman_adv: batadv0: Adding interface: batadv_slave_0
[  432.006379][T11531] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[  432.189207][T11531] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active
[  432.490037][T11938] lo speed is unknown, defaulting to 1000
[  432.517026][T11531] batman_adv: batadv0: Adding interface: batadv_slave_1
[  432.640118][T11531] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[  432.666238][    C1] vkms_vblank_simulate: vblank timer overrun
[  432.714798][ T5873] usb 6-1: new high-speed USB device number 12 using dummy_hcd
[  432.722739][T11989] kernel write not supported for file /asound/timers (pid: 11989 comm: syz.4.1343)
[  432.802353][T11531] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active
[  432.835899][T11988] netlink: 4 bytes leftover after parsing attributes in process `syz.0.1346'.
[  433.015117][ T5873] usb 6-1: Using ep0 maxpacket: 32
[  433.722392][T12010] kernel write not supported for file /asound/timers (pid: 12010 comm: syz.4.1347)
[  433.769875][T12009] dlm: no local IP address has been set
[  433.784919][T12009] dlm: cannot start dlm midcomms -107
[  433.802243][ T5873] usb 6-1: config 4 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7
[  433.824838][ T5873] usb 6-1: config 4 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0
[  433.834637][ T5873] usb 6-1: New USB device found, idVendor=046d, idProduct=c314, bcdDevice= 0.40
[  433.853144][ T5833] Bluetooth: hci3: unexpected event for opcode 0x1003
[  433.862800][ T5873] usb 6-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  433.895074][ T5873] hub 6-1:4.0: USB hub found
[  433.929376][ T5873] hub 6-1:4.0: config failed, can't read hub descriptor (err -22)
[  433.976765][ T5873] usb 6-1: USB disconnect, device number 12
[  434.085953][T12073] loop2: detected capacity change from 0 to 7
[  434.111183][T12073] Dev loop2: unable to read RDB block 7
[  434.124267][T12073]  loop2: AHDI p1 p2
[  434.151612][T12073] loop2: partition table partially beyond EOD, truncated
[  434.171476][T11531] hsr_slave_0: entered promiscuous mode
[  434.184252][T11531] hsr_slave_1: entered promiscuous mode
[  434.207951][T11531] debugfs: Directory 'hsr0' with parent 'hsr' already present!
[  434.221374][T12073] loop2: p1 start 2214592512 is beyond EOD, truncated
[  434.231028][T11531] Cannot create hsr debugfs directory
[  434.870222][T12087] netlink: 44 bytes leftover after parsing attributes in process `syz.5.1352'.
[  434.968754][T12031] kernel write not supported for file /asound/timers (pid: 12031 comm: syz.4.1349)
[  435.250089][T12158] kernel write not supported for file /asound/timers (pid: 12158 comm: syz.4.1354)
[  435.265131][  T972] usb 6-1: new high-speed USB device number 13 using dummy_hcd
[  435.438394][  T972] usb 6-1: config 0 interface 0 altsetting 0 endpoint 0x9 has invalid wMaxPacketSize 0
[  435.454429][  T972] usb 6-1: New USB device found, idVendor=045e, idProduct=0283, bcdDevice=99.0b
[  435.470714][  T972] usb 6-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  435.494413][  T972] usb 6-1: Product: syz
[  435.506748][  T972] usb 6-1: Manufacturer: syz
[  435.511564][  T972] usb 6-1: SerialNumber: syz
[  435.672469][  T972] usb 6-1: config 0 descriptor??
[  435.674780][  T969] usb 5-1: new high-speed USB device number 46 using dummy_hcd
[  436.534810][  T969] usb 5-1: Using ep0 maxpacket: 8
[  436.541753][  T969] usb 5-1: config 135 has an invalid interface number: 230 but max is 0
[  436.564607][  T969] usb 5-1: config 135 has an invalid descriptor of length 128, skipping remainder of the config
[  436.592609][  T969] usb 5-1: config 135 has no interface number 0
[  436.623304][  T969] usb 5-1: too many endpoints for config 135 interface 230 altsetting 126: 53, using maximum allowed: 30
[  436.689529][  T969] usb 5-1: config 135 interface 230 altsetting 126 has 0 endpoint descriptors, different from the interface descriptor's value: 53
[  436.725645][  T969] usb 5-1: config 135 interface 230 has no altsetting 0
[  437.134877][ T5140] Bluetooth: hci0: command 0x0405 tx timeout
[  437.150734][T12213] kvm_intel: kvm [12188]: vcpu0, guest rIP: 0xfff0 Unhandled WRMSR(0x1d9) = 0x20000303
[  437.312861][T12222] 9pnet_fd: Insufficient options for proto=fd
[  437.392364][  T969] usb 5-1: New USB device found, idVendor=18ec, idProduct=3288, bcdDevice=3f.3a
[  437.410923][  T969] usb 5-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  437.419586][  T969] usb 5-1: Product: syz
[  437.423841][  T969] usb 5-1: Manufacturer: syz
[  437.430155][  T969] usb 5-1: SerialNumber: syz
[  437.529782][ T5873] usb 6-1: USB disconnect, device number 13
[  437.855115][ T5833] Bluetooth: hci3: Controller not accepting commands anymore: ncmd = 0
[  437.864571][ T5833] Bluetooth: hci3: Injecting HCI hardware error event
[  437.874628][ T5140] Bluetooth: hci3: hardware error 0x00
[  437.901325][T12264] netlink: 4 bytes leftover after parsing attributes in process `syz.0.1358'.
[  438.020496][T11531] netdevsim netdevsim2 netdevsim0: renamed from eth0
[  438.261646][T11531] netdevsim netdevsim2 netdevsim1: renamed from eth1
[  438.306585][T11531] netdevsim netdevsim2 netdevsim2: renamed from eth2
[  438.367416][T11531] netdevsim netdevsim2 netdevsim3: renamed from eth3
[  438.993859][T11531] 8021q: adding VLAN 0 to HW filter on device bond0
[  439.080367][T11531] 8021q: adding VLAN 0 to HW filter on device team0
[  439.141800][ T9562] bridge0: port 1(bridge_slave_0) entered blocking state
[  439.149001][ T9562] bridge0: port 1(bridge_slave_0) entered forwarding state
[  439.165683][T12167] kernel write not supported for file /asound/timers (pid: 12167 comm: syz.4.1355)
[  439.186817][  T969] usb 5-1: Found UVC 0.00 device syz (18ec:3288)
[  439.193224][  T969] usb 5-1: No valid video chain found.
[  439.231378][  T969] usb 5-1: USB disconnect, device number 46
[  439.442202][ T6186] bridge0: port 2(bridge_slave_1) entered blocking state
[  439.449418][ T6186] bridge0: port 2(bridge_slave_1) entered forwarding state
[  439.449460][T12295] loop2: detected capacity change from 0 to 7
[  440.172651][ T5140] Bluetooth: hci3: Opcode 0x0c03 failed: -110
[  440.186211][ T1298] ieee802154 phy1 wpan1: encryption failed: -22
[  440.265018][T12295] Dev loop2: unable to read RDB block 7
[  440.279254][T12295]  loop2: AHDI p1 p2
[  440.283220][T12295] loop2: partition table partially beyond EOD, truncated
[  440.291158][T12295] loop2: p1 start 2214592512 is beyond EOD, truncated
[  441.460702][T12331] kernel write not supported for file /asound/timers (pid: 12331 comm: syz.4.1367)
[  442.312823][T12334] netlink: 4 bytes leftover after parsing attributes in process `syz.0.1369'.
[  442.407592][T12342] tmpfs: Unknown parameter 'usrquota '
[  443.944080][T11531] 8021q: adding VLAN 0 to HW filter on device batadv0
[  444.036819][T12369] netlink: 8 bytes leftover after parsing attributes in process `syz.3.1376'.
[  444.132864][T11531] veth0_vlan: entered promiscuous mode
[  444.162324][T11531] veth1_vlan: entered promiscuous mode
[  444.219939][T11531] veth0_macvtap: entered promiscuous mode
[  444.249666][T11531] veth1_macvtap: entered promiscuous mode
[  444.313795][T11531] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0
[  444.334056][T11531] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  444.349652][T11531] batman_adv: batadv0: Interface activated: batadv_slave_0
[  444.379826][T11531] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1
[  444.392442][T11531] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  444.427083][T11531] batman_adv: batadv0: Interface activated: batadv_slave_1
[  444.593830][T11531] netdevsim netdevsim2 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0
[  444.628600][T11531] netdevsim netdevsim2 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0
[  444.647314][T11531] netdevsim netdevsim2 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0
[  444.771790][T11531] netdevsim netdevsim2 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0
[  445.555349][ T6186] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[  445.597582][ T6186] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50
[  445.687229][ T6186] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[  445.706470][ T6186] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50
[  446.431877][T12425] netlink: 40 bytes leftover after parsing attributes in process `syz.2.1383'.
[  446.833842][T12445] openvswitch: netlink: Actions may not be safe on all matching packets
[  447.015493][ T5905] usb 6-1: new high-speed USB device number 14 using dummy_hcd
[  447.422510][T12449] netlink: 'syz.2.1386': attribute type 10 has an invalid length.
[  447.444803][ T5905] usb 6-1: Using ep0 maxpacket: 16
[  447.468529][ T5905] usb 6-1: New USB device found, idVendor=2137, idProduct=0001, bcdDevice=2a.35
[  447.505378][T12452] fuse: Bad value for 'fd'
[  447.510273][ T5905] usb 6-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  447.544606][ T5905] usb 6-1: Product: syz
[  447.554193][T12449] bridge0: port 2(bridge_slave_1) entered disabled state
[  447.561736][T12449] bridge0: port 1(bridge_slave_0) entered disabled state
[  447.573264][ T5905] usb 6-1: Manufacturer: syz
[  447.581226][ T5905] usb 6-1: SerialNumber: syz
[  447.611303][ T5905] usb 6-1: config 0 descriptor??
[  447.629178][T12449] bridge0: port 2(bridge_slave_1) entered blocking state
[  447.636408][T12449] bridge0: port 2(bridge_slave_1) entered forwarding state
[  447.643855][T12449] bridge0: port 1(bridge_slave_0) entered blocking state
[  447.651030][T12449] bridge0: port 1(bridge_slave_0) entered forwarding state
[  447.691425][ T5905] as10x_usb: device has been detected
[  447.725469][ T5905] dvbdev: DVB: registering new adapter (Sky IT Digital Key (green led))
[  447.760958][ T5905] usb 6-1: DVB: registering adapter 1 frontend 0 (Sky IT Digital Key (green led))...
[  447.836709][T12449] bond0: (slave bridge0): Enslaving as an active interface with an up link
[  447.878908][T12429] random: crng reseeded on system resumption
[  447.931118][ T5905] as10x_usb: error during firmware upload part1
[  447.972751][ T5905] Registered device Sky IT Digital Key (green led)
[  448.586504][T12481] hfsplus: unable to find HFS+ superblock
[  449.292338][T12487] netlink: 2 bytes leftover after parsing attributes in process `syz.2.1390'.
[  449.342472][ T8225] usb 6-1: USB disconnect, device number 14
[  449.360321][ T8225] Unregistered device Sky IT Digital Key (green led)
[  449.367802][ T8225] as10x_usb: device has been disconnected
[  449.794413][T12519] openvswitch: netlink: Actions may not be safe on all matching packets
[  450.938195][T12526] netlink: 40 bytes leftover after parsing attributes in process `syz.0.1395'.
[  451.680195][T12541] netlink: 'syz.5.1397': attribute type 20 has an invalid length.
[  452.559961][ T5140] Bluetooth: hci0: unexpected event for opcode 0x0c22
[  452.783146][T12338] Process accounting paused
[  452.821254][ T5905] usb 6-1: new high-speed USB device number 15 using dummy_hcd
[  453.017351][ T5905] usb 6-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7
[  453.055934][ T5905] usb 6-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0
[  453.076070][ T5905] usb 6-1: New USB device found, idVendor=046d, idProduct=c222, bcdDevice= 0.00
[  453.114938][ T5905] usb 6-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  453.173085][ T5905] usb 6-1: config 0 descriptor??
[  453.219427][T12578] kvm_intel: kvm [12567]: vcpu0, guest rIP: 0xfff0 Unhandled WRMSR(0x1d9) = 0x20000303
[  453.645574][ T5905] lg-g15 0003:046D:C222.000C: unknown main item tag 0x0
[  453.652743][ T5905] lg-g15 0003:046D:C222.000C: item fetching failed at offset 9/11
[  453.661276][ T5905] lg-g15 0003:046D:C222.000C: probe with driver lg-g15 failed with error -22
[  453.959546][T12600] netlink: 2 bytes leftover after parsing attributes in process `syz.0.1402'.
[  454.467181][T12599] lo speed is unknown, defaulting to 1000
[  454.539892][ T5905] usb 6-1: USB disconnect, device number 15
[  455.533773][T12662] netlink: 40 bytes leftover after parsing attributes in process `syz.3.1406'.
[  455.596767][T12670] loop2: detected capacity change from 0 to 7
[  455.657271][T12670] Dev loop2: unable to read RDB block 7
[  455.668968][T12670]  loop2: AHDI p1 p2
[  455.682228][T12670] loop2: partition table partially beyond EOD, truncated
[  455.762853][T12670] loop2: p1 start 2214592512 is beyond EOD, truncated
[  455.985067][ T5905] usb 6-1: new high-speed USB device number 16 using dummy_hcd
[  456.386570][ T5905] usb 6-1: config 0 has an invalid interface number: 117 but max is 0
[  456.451251][T12698] netlink: 8 bytes leftover after parsing attributes in process `syz.3.1411'.
[  456.485419][ T5905] usb 6-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config
[  456.769486][ T5905] usb 6-1: config 0 has no interface number 0
[  457.014782][ T5905] usb 6-1: config 0 interface 117 altsetting 0 endpoint 0x88 has invalid wMaxPacketSize 0
[  457.033124][ T5905] usb 6-1: config 0 interface 117 altsetting 0 has 2 endpoint descriptors, different from the interface descriptor's value: 3
[  457.111918][ T5905] usb 6-1: New USB device found, idVendor=0afa, idProduct=03e8, bcdDevice=99.d0
[  457.111951][ T5905] usb 6-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  457.111974][ T5905] usb 6-1: Product: syz
[  457.111989][ T5905] usb 6-1: Manufacturer: syz
[  457.112004][ T5905] usb 6-1: SerialNumber: syz
[  457.116668][ T5905] usb 6-1: config 0 descriptor??
[  457.539779][T12723] kvm_intel: kvm [12713]: vcpu0, guest rIP: 0xfff0 Unhandled WRMSR(0x1d9) = 0x20000303
[  457.855164][ T5905] usbtouchscreen 6-1:0.117: probe with driver usbtouchscreen failed with error -71
[  457.895653][ T5905] usb 6-1: USB disconnect, device number 16
[  457.949569][T12718] FAULT_INJECTION: forcing a failure.
[  457.949569][T12718] name fail_usercopy, interval 1, probability 0, space 0, times 0
[  457.995720][T12735] netlink: 40 bytes leftover after parsing attributes in process `syz.2.1417'.
[  458.034917][T12718] CPU: 1 UID: 0 PID: 12718 Comm: syz.0.1414 Not tainted 6.12.0-rc6-syzkaller-00279-gde2f378f2b77 #0
[  458.045727][T12718] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/30/2024
[  458.055808][T12718] Call Trace:
[  458.059103][T12718]  <TASK>
[  458.062048][T12718]  dump_stack_lvl+0x241/0x360
[  458.066763][T12718]  ? __pfx_dump_stack_lvl+0x10/0x10
[  458.071986][T12718]  ? __pfx__printk+0x10/0x10
[  458.076608][T12718]  ? snprintf+0xda/0x120
[  458.080876][T12718]  should_fail_ex+0x3b0/0x4e0
[  458.085565][T12718]  _copy_to_user+0x31/0xb0
[  458.089986][T12718]  simple_read_from_buffer+0xca/0x150
[  458.095388][T12718]  proc_fail_nth_read+0x1e9/0x250
[  458.100443][T12718]  ? __pfx_proc_fail_nth_read+0x10/0x10
[  458.106071][T12718]  ? rw_verify_area+0x55e/0x6f0
[  458.110926][T12718]  ? __pfx_proc_fail_nth_read+0x10/0x10
[  458.116506][T12718]  vfs_read+0x1fc/0xb70
[  458.120684][T12718]  ? fdget_pos+0x24e/0x320
[  458.125111][T12718]  ? __pfx_vfs_read+0x10/0x10
[  458.129801][T12718]  ? __fget_files+0x3f3/0x470
[  458.134504][T12718]  ? fdget_pos+0x24e/0x320
[  458.138944][T12718]  ksys_read+0x183/0x2b0
[  458.143221][T12718]  ? __pfx_ksys_read+0x10/0x10
[  458.148028][T12718]  ? do_syscall_64+0x100/0x230
[  458.152813][T12718]  ? do_syscall_64+0xb6/0x230
[  458.157500][T12718]  do_syscall_64+0xf3/0x230
[  458.162022][T12718]  ? clear_bhb_loop+0x35/0x90
[  458.166722][T12718]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  458.172627][T12718] RIP: 0033:0x7fcafd37d15c
[  458.177110][T12718] Code: ec 28 48 89 54 24 18 48 89 74 24 10 89 7c 24 08 e8 69 8e 02 00 48 8b 54 24 18 48 8b 74 24 10 41 89 c0 8b 7c 24 08 31 c0 0f 05 <48> 3d 00 f0 ff ff 77 34 44 89 c7 48 89 44 24 08 e8 bf 8e 02 00 48
[  458.196717][T12718] RSP: 002b:00007fcafe221030 EFLAGS: 00000246 ORIG_RAX: 0000000000000000
[  458.205131][T12718] RAX: ffffffffffffffda RBX: 00007fcafd535f80 RCX: 00007fcafd37d15c
[  458.213109][T12718] RDX: 000000000000000f RSI: 00007fcafe2210a0 RDI: 0000000000000005
[  458.221109][T12718] RBP: 00007fcafe221090 R08: 0000000000000000 R09: 0000000000000000
[  458.229172][T12718] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[  458.237136][T12718] R13: 0000000000000000 R14: 00007fcafd535f80 R15: 00007ffdb935fca8
[  458.245111][T12718]  </TASK>
[  458.248184][    C1] vkms_vblank_simulate: vblank timer overrun
[  458.667795][T12750] loop2: detected capacity change from 0 to 7
[  458.688273][T12750] Dev loop2: unable to read RDB block 7
[  458.693873][T12750]  loop2: AHDI p1 p2
[  458.701637][T12750] loop2: partition table partially beyond EOD, truncated
[  458.735747][T12750] loop2: p1 start 2214592512 is beyond EOD, truncated
[  458.870867][T12758] lo speed is unknown, defaulting to 1000
[  459.142294][T12759] netlink: 2 bytes leftover after parsing attributes in process `syz.2.1419'.
[  459.338533][ T5872] usb 4-1: new high-speed USB device number 46 using dummy_hcd
[  459.614973][ T5872] usb 4-1: Using ep0 maxpacket: 32
[  459.623216][ T5872] usb 4-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7
[  459.638608][ T5872] usb 4-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0
[  459.723491][ T5872] usb 4-1: New USB device found, idVendor=046d, idProduct=c31c, bcdDevice= 0.40
[  459.764485][ T5872] usb 4-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  459.818257][ T5872] usb 4-1: config 0 descriptor??
[  459.831536][ T5872] hub 4-1:0.0: USB hub found
[  460.100300][ T5872] hub 4-1:0.0: 1 port detected
[  460.236437][T12821] netlink: 8 bytes leftover after parsing attributes in process `syz.5.1426'.
[  460.450559][T12737] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy
[  460.547253][T12737] misc raw-gadget: fail, usb_gadget_register_driver returned -16
[  461.327114][ T5872] hub 4-1:0.0: hub_hub_status failed (err = -32)
[  461.333510][ T5872] hub 4-1:0.0: config failed, can't get hub status (err -32)
[  461.355324][ T5872] usbhid 4-1:0.0: can't add hid device: -32
[  461.361362][ T5872] usbhid 4-1:0.0: probe with driver usbhid failed with error -32
[  461.444361][ T5874] hid-generic 0000:0000:0000.000D: unknown main item tag 0x0
[  461.479066][ T5874] hid-generic 0000:0000:0000.000D: hidraw0: <UNKNOWN> HID v0.00 Device [syz0] on syz1
[  461.479305][T12838] netlink: 40 bytes leftover after parsing attributes in process `syz.5.1429'.
[  461.499338][T12840] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy
[  461.508523][T12840] misc raw-gadget: fail, usb_gadget_register_driver returned -16
[  462.100021][T12851] syzkaller1: entered promiscuous mode
[  462.107425][T12851] syzkaller1: entered allmulticast mode
[  463.238224][T12876] loop2: detected capacity change from 0 to 7
[  463.257387][T12876] Dev loop2: unable to read RDB block 7
[  463.267294][ T5872] usb 4-1: USB disconnect, device number 46
[  463.290330][T12876]  loop2: AHDI p1 p2
[  463.294325][T12876] loop2: partition table partially beyond EOD, truncated
[  463.304390][T12876] loop2: p1 start 2214592512 is beyond EOD, truncated
[  463.415034][ T5905] usb 6-1: new high-speed USB device number 17 using dummy_hcd
[  463.551505][ T5873] usb 3-1: new high-speed USB device number 32 using dummy_hcd
[  463.722806][T12891] lo speed is unknown, defaulting to 1000
[  463.987524][T12892] netlink: 2 bytes leftover after parsing attributes in process `syz.3.1436'.
[  464.180662][ T5905] usb 6-1: Using ep0 maxpacket: 32
[  464.195868][ T5905] usb 6-1: config index 0 descriptor too short (expected 2210, got 1175)
[  464.204331][ T5905] usb 6-1: config 0 has an invalid interface number: 241 but max is 2
[  464.270175][ T5905] usb 6-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config
[  464.295001][ T5905] usb 6-1: config 0 has 1 interface, different from the descriptor's value: 3
[  464.305624][ T5905] usb 6-1: config 0 has no interface number 0
[  464.317800][ T5905] usb 6-1: config 0 interface 241 altsetting 4 has an invalid descriptor for endpoint zero, skipping
[  464.330064][ T5905] usb 6-1: config 0 interface 241 altsetting 4 has an endpoint descriptor with address 0xAE, changing to 0x8E
[  464.342809][ T5905] usb 6-1: config 0 interface 241 altsetting 4 endpoint 0x8E has an invalid bInterval 0, changing to 7
[  464.354332][ T5905] usb 6-1: config 0 interface 241 altsetting 4 endpoint 0x8E has invalid wMaxPacketSize 0
[  464.365322][ T5905] usb 6-1: config 0 interface 241 altsetting 4 has 3 endpoint descriptors, different from the interface descriptor's value: 14
[  464.381466][ T5905] usb 6-1: config 0 interface 241 has no altsetting 0
[  464.402061][ T5905] usb 6-1: New USB device found, idVendor=046d, idProduct=0a0e, bcdDevice=e0.70
[  464.416464][ T5905] usb 6-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  464.424895][ T5905] usb 6-1: Product: syz
[  464.429814][ T5905] usb 6-1: Manufacturer: syz
[  464.434857][ T5905] usb 6-1: SerialNumber: syz
[  464.451220][ T5905] usb 6-1: config 0 descriptor??
[  464.464766][ T5873] usb 3-1: device descriptor read/64, error -71
[  465.537969][ T5873] usb 3-1: new high-speed USB device number 33 using dummy_hcd
[  465.645598][T12925] netlink: 8 bytes leftover after parsing attributes in process `syz.3.1439'.
[  465.915989][ T5873] usb 3-1: device descriptor read/64, error -71
[  466.097049][ T5905] usb 6-1: USB disconnect, device number 17
[  466.155020][ T5873] usb usb3-port1: attempt power cycle
[  466.239699][T12936] hfsplus: unable to find HFS+ superblock
[  466.765652][T12938] block nbd4: NBD_DISCONNECT
[  467.617605][T12958] netlink: 4 bytes leftover after parsing attributes in process `syz.2.1445'.
[  467.629202][T12958] netlink: 4 bytes leftover after parsing attributes in process `syz.2.1445'.
[  467.642968][T12958] bond_slave_0: entered promiscuous mode
[  467.649113][T12958] bond_slave_1: entered promiscuous mode
[  467.654975][T12958] bridge0: entered promiscuous mode
[  468.465369][ T5874] usb 6-1: new high-speed USB device number 18 using dummy_hcd
[  468.490898][T12958] macvtap1: entered promiscuous mode
[  468.526199][T12958] bond0: entered promiscuous mode
[  468.532726][T12958] macvtap1: entered allmulticast mode
[  468.538339][T12958] bond0: entered allmulticast mode
[  468.543486][T12958] bond_slave_0: entered allmulticast mode
[  468.549371][T12958] bond_slave_1: entered allmulticast mode
[  468.564668][T12958] bridge0: entered allmulticast mode
[  468.585738][T12958] 8021q: adding VLAN 0 to HW filter on device macvtap1
[  468.598147][T12975] lo speed is unknown, defaulting to 1000
[  468.635328][T12976] netlink: 2 bytes leftover after parsing attributes in process `syz.4.1447'.
[  468.658327][T12970] A link change request failed with some changes committed already. Interface bond0 may have been left with an inconsistent configuration, please check.
[  468.758270][ T5874] usb 6-1: Using ep0 maxpacket: 8
[  468.768934][ T5874] usb 6-1: New USB device found, idVendor=1557, idProduct=7720, bcdDevice=b7.eb
[  468.806711][ T5874] usb 6-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  469.159939][ T5874] usb 6-1: config 0 descriptor??
[  469.622813][T13030] netlink: 8 bytes leftover after parsing attributes in process `syz.0.1450'.
[  469.843563][T13046] FAULT_INJECTION: forcing a failure.
[  469.843563][T13046] name fail_usercopy, interval 1, probability 0, space 0, times 0
[  469.907999][T13046] CPU: 1 UID: 0 PID: 13046 Comm: syz.4.1453 Not tainted 6.12.0-rc6-syzkaller-00279-gde2f378f2b77 #0
[  469.918908][T13046] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/30/2024
[  469.928983][T13046] Call Trace:
[  469.932280][T13046]  <TASK>
[  469.935223][T13046]  dump_stack_lvl+0x241/0x360
[  469.939929][T13046]  ? __pfx_dump_stack_lvl+0x10/0x10
[  469.945152][T13046]  ? __pfx__printk+0x10/0x10
[  469.949771][T13046]  ? snprintf+0xda/0x120
[  469.954041][T13046]  should_fail_ex+0x3b0/0x4e0
[  469.958749][T13046]  _copy_to_user+0x31/0xb0
[  469.963276][T13046]  simple_read_from_buffer+0xca/0x150
[  469.968675][T13046]  proc_fail_nth_read+0x1e9/0x250
[  469.973724][T13046]  ? __pfx_proc_fail_nth_read+0x10/0x10
[  469.979285][T13046]  ? rw_verify_area+0x55e/0x6f0
[  469.984154][T13046]  ? __pfx_proc_fail_nth_read+0x10/0x10
[  469.989705][T13046]  vfs_read+0x1fc/0xb70
[  469.993890][T13046]  ? fdget_pos+0x24e/0x320
[  469.998332][T13046]  ? __pfx_vfs_read+0x10/0x10
[  470.003039][T13046]  ? __fget_files+0x3f3/0x470
[  470.007754][T13046]  ? fdget_pos+0x24e/0x320
[  470.012195][T13046]  ksys_read+0x183/0x2b0
[  470.016462][T13046]  ? __pfx_ksys_read+0x10/0x10
[  470.021256][T13046]  ? do_syscall_64+0x100/0x230
[  470.026045][T13046]  ? do_syscall_64+0xb6/0x230
[  470.030758][T13046]  do_syscall_64+0xf3/0x230
[  470.035298][T13046]  ? clear_bhb_loop+0x35/0x90
[  470.039999][T13046]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  470.045915][T13046] RIP: 0033:0x7f8f7837d15c
[  470.050358][T13046] Code: ec 28 48 89 54 24 18 48 89 74 24 10 89 7c 24 08 e8 69 8e 02 00 48 8b 54 24 18 48 8b 74 24 10 41 89 c0 8b 7c 24 08 31 c0 0f 05 <48> 3d 00 f0 ff ff 77 34 44 89 c7 48 89 44 24 08 e8 bf 8e 02 00 48
[  470.070078][T13046] RSP: 002b:00007f8f791fe030 EFLAGS: 00000246 ORIG_RAX: 0000000000000000
[  470.078528][T13046] RAX: ffffffffffffffda RBX: 00007f8f78535f80 RCX: 00007f8f7837d15c
[  470.086527][T13046] RDX: 000000000000000f RSI: 00007f8f791fe0a0 RDI: 0000000000000003
[  470.094523][T13046] RBP: 00007f8f791fe090 R08: 0000000000000000 R09: 0000000000000000
[  470.102522][T13046] R10: 00000000200003c0 R11: 0000000000000246 R12: 0000000000000001
[  470.110517][T13046] R13: 0000000000000000 R14: 00007f8f78535f80 R15: 00007ffe4b7ecd18
[  470.118530][T13046]  </TASK>
[  470.121727][    C1] vkms_vblank_simulate: vblank timer overrun
[  470.130156][ T5874] asix 6-1:0.0 (unnamed net_device) (uninitialized): Failed to read reg index 0x0000: -32
[  470.158943][ T5874] asix 6-1:0.0: probe with driver asix failed with error -32
[  471.134232][T13063] 9pnet_fd: Insufficient options for proto=fd
[  471.682845][ T8225] usb 6-1: USB disconnect, device number 18
[  471.984546][T13079] lo speed is unknown, defaulting to 1000
[  472.118759][T13087] netlink: 536 bytes leftover after parsing attributes in process `syz.4.1461'.
[  472.928305][T13116] lo speed is unknown, defaulting to 1000
[  473.365366][T13117] netlink: 2 bytes leftover after parsing attributes in process `syz.3.1462'.
[  473.675791][T13142] openvswitch: netlink: Actions may not be safe on all matching packets
[  474.138083][T13146] netlink: 8 bytes leftover after parsing attributes in process `syz.4.1464'.
[  474.853982][T13157] 9pnet_fd: Insufficient options for proto=fd
[  475.410388][T13183] netlink: 420 bytes leftover after parsing attributes in process `syz.3.1474'.
[  475.423337][T13183] netlink: 80 bytes leftover after parsing attributes in process `syz.3.1474'.
[  475.577743][T13191] vhci_hcd: Failed attach request for unsupported USB speed: UNKNOWN
[  475.588985][T13191] vhci_hcd: Failed attach request for unsupported USB speed: UNKNOWN
[  475.614851][ T8225] usb 5-1: new high-speed USB device number 47 using dummy_hcd
[  475.639766][T13187] lo speed is unknown, defaulting to 1000
[  475.654174][T13198] vhci_hcd: Failed attach request for unsupported USB speed: UNKNOWN
[  475.665975][T13191] vhci_hcd: Failed attach request for unsupported USB speed: UNKNOWN
[  475.679576][T13191] vhci_hcd: Failed attach request for unsupported USB speed: UNKNOWN
[  475.747323][T13191] netlink: 16178 bytes leftover after parsing attributes in process `syz.5.1475'.
[  475.794841][ T8225] usb 5-1: Using ep0 maxpacket: 16
[  475.802321][ T8225] usb 5-1: config 0 interface 0 altsetting 0 endpoint 0x8 has an invalid bInterval 0, changing to 7
[  475.819627][ T8225] usb 5-1: config 0 interface 0 altsetting 0 endpoint 0x8 has invalid wMaxPacketSize 0
[  475.852364][ T8225] usb 5-1: New USB device found, idVendor=077d, idProduct=0410, bcdDevice=ec.c1
[  475.861816][ T8225] usb 5-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  475.882040][ T8225] usb 5-1: Product: syz
[  475.886989][ T8225] usb 5-1: Manufacturer: syz
[  475.891757][ T8225] usb 5-1: SerialNumber: syz
[  475.906024][ T8225] usb 5-1: config 0 descriptor??
[  476.192363][ T8225] powermate 5-1:0.0: probe with driver powermate failed with error -5
[  476.203630][ T8225] usb 5-1: USB disconnect, device number 47
[  476.405515][T13258] lo speed is unknown, defaulting to 1000
[  476.672712][T13259] netlink: 2 bytes leftover after parsing attributes in process `syz.0.1477'.
[  477.770923][T13317] netlink: 8 bytes leftover after parsing attributes in process `syz.2.1480'.
[  478.195068][T13321] netlink: 'syz.5.1481': attribute type 3 has an invalid length.
[  478.196230][T13316] netlink: 3084 bytes leftover after parsing attributes in process `syz.4.1483'.
[  478.234996][T13316] netlink: 199836 bytes leftover after parsing attributes in process `syz.4.1483'.
[  478.262935][T13318] lo speed is unknown, defaulting to 1000
[  478.507594][T13362] netlink: 420 bytes leftover after parsing attributes in process `syz.5.1486'.
[  478.507631][T13362] netlink: 80 bytes leftover after parsing attributes in process `syz.5.1486'.
[  478.628362][ T5921] usb 5-1: new full-speed USB device number 48 using dummy_hcd
[  478.875490][ T5905] usb 6-1: new high-speed USB device number 19 using dummy_hcd
[  478.932879][ T5921] usb 5-1: config 0 has an invalid interface number: 8 but max is 0
[  478.941960][ T5921] usb 5-1: config 0 has no interface number 0
[  479.000789][ T5921] usb 5-1: config 0 interface 8 altsetting 0 endpoint 0x8F has an invalid bInterval 0, changing to 10
[  479.062828][ T5921] usb 5-1: config 0 interface 8 altsetting 0 endpoint 0x8F has invalid wMaxPacketSize 0
[  479.103888][ T5873] usb 1-1: new high-speed USB device number 35 using dummy_hcd
[  479.110759][ T5921] usb 5-1: New USB device found, idVendor=0d8c, idProduct=000e, bcdDevice=8e.8f
[  479.124919][ T5921] usb 5-1: New USB device strings: Mfr=0, Product=24, SerialNumber=3
[  479.133958][ T5921] usb 5-1: Product: syz
[  479.138522][ T5905] usb 6-1: Using ep0 maxpacket: 8
[  479.139178][ T5921] usb 5-1: SerialNumber: syz
[  479.165557][ T5921] usb 5-1: config 0 descriptor??
[  479.194468][ T5921] cm109 5-1:0.8: invalid payload size 0, expected 4
[  479.250665][ T5921] input: CM109 USB driver as /devices/platform/dummy_hcd.4/usb5/5-1/5-1:0.8/input/input41
[  479.351069][ T5905] usb 6-1: config index 0 descriptor too short (expected 301, got 45)
[  479.425501][ T5873] usb 1-1: Using ep0 maxpacket: 32
[  479.484880][ T5905] usb 6-1: config 16 interface 0 altsetting 0 endpoint 0x5 has invalid wMaxPacketSize 0
[  479.545403][ T5873] usb 1-1: config 1 interface 0 has no altsetting 0
[  479.661550][ T5905] usb 6-1: config 16 interface 0 altsetting 0 bulk endpoint 0x5 has invalid maxpacket 0
[  479.686009][ T5873] usb 1-1: New USB device found, idVendor=05ac, idProduct=0246, bcdDevice= 0.40
[  479.710314][    C1] cm109 5-1:0.8: cm109_urb_ctl_callback: urb status -71
[  479.720996][    C1] cm109 5-1:0.8: cm109_urb_ctl_callback: urb status -71
[  479.721906][    C1] cm109 5-1:0.8: cm109_urb_ctl_callback: urb status -71
[  479.729026][ T5873] usb 1-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  479.737222][    C1] cm109 5-1:0.8: cm109_urb_ctl_callback: urb status -71
[  479.744460][    T8] usb 5-1: USB disconnect, device number 48
[  479.750860][    C1] cm109 5-1:0.8: cm109_submit_buzz_toggle: usb_submit_urb (urb_ctl) failed -19
[  479.760920][ T5905] usb 6-1: config 16 interface 0 altsetting 0 endpoint 0x8B has invalid wMaxPacketSize 0
[  479.766645][    C1] vkms_vblank_simulate: vblank timer overrun
[  479.801556][ T5873] usb 1-1: Product: syz
[  479.807092][ T5873] usb 1-1: Manufacturer: syz
[  479.816563][    T8] cm109 5-1:0.8: cm109_toggle_buzzer_sync: usb_control_msg() failed -19
[  479.827149][ T5873] usb 1-1: SerialNumber: syz
[  479.846936][ T5905] usb 6-1: config 16 interface 0 altsetting 0 bulk endpoint 0x8B has invalid maxpacket 0
[  479.881735][ T5905] usb 6-1: config 16 interface 0 altsetting 0 has 2 endpoint descriptors, different from the interface descriptor's value: 3
[  479.898623][ T5905] usb 6-1: New USB device found, idVendor=ee8d, idProduct=db1e, bcdDevice=61.23
[  479.908334][ T5905] usb 6-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  479.936385][ T5905] usbtmc 6-1:16.0: probe with driver usbtmc failed with error -22
[  480.088748][ T5873] input: bcm5974 as /devices/platform/dummy_hcd.0/usb1/1-1/1-1:1.0/input/input42
[  480.095353][ T5921] usb 4-1: new full-speed USB device number 47 using dummy_hcd
[  480.109470][ T5187] bcm5974 1-1:1.0: could not read from device
[  480.532284][    T8] usb 6-1: USB disconnect, device number 19
[  480.549203][ T5187] bcm5974 1-1:1.0: could not read from device
[  480.560511][T13422] hfsplus: unable to find HFS+ superblock
[  480.566360][ T5873] usb 1-1: USB disconnect, device number 35
[  480.581877][ T5921] usb 4-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config
[  480.592955][ T5921] usb 4-1: config 0 interface 0 altsetting 0 has an invalid descriptor for endpoint zero, skipping
[  480.604328][ T5921] usb 4-1: config 0 interface 0 altsetting 0 endpoint 0x84 has an invalid bInterval 0, changing to 10
[  480.615463][ T5921] usb 4-1: config 0 interface 0 altsetting 0 endpoint 0x84 has invalid maxpacket 196, setting to 64
[  480.626358][ T5921] usb 4-1: config 0 interface 0 altsetting 0 has 2 endpoint descriptors, different from the interface descriptor's value: 5
[  480.659238][ T5921] usb 4-1: New USB device found, idVendor=091e, idProduct=0003, bcdDevice=d7.3b
[  480.672344][ T5921] usb 4-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  480.685988][ T5921] usb 4-1: Product: syz
[  480.690227][ T5921] usb 4-1: Manufacturer: syz
[  480.695166][ T5921] usb 4-1: SerialNumber: syz
[  480.702439][ T5921] usb 4-1: config 0 descriptor??
[  480.715466][ T5921] garmin_gps 4-1:0.0: Garmin GPS usb/tty converter detected
[  480.724350][ T5921] garmin_gps ttyUSB0: garmin_write_bulk - usb_submit_urb(write bulk) failed with status = -8
[  480.735081][ T5921] garmin_gps ttyUSB0: probe with driver garmin_gps failed with error -8
[  480.839128][T13443] xt_SECMARK: unable to map security context 'unconfined'
[  480.912354][T13457] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy
[  480.942578][T13457] misc raw-gadget: fail, usb_gadget_register_driver returned -16
[  480.990898][ T5874] usb 4-1: USB disconnect, device number 47
[  481.028909][ T5874] garmin_gps 4-1:0.0: device disconnected
[  481.109743][T13463] netlink: 8 bytes leftover after parsing attributes in process `syz.2.1495'.
[  481.155802][    T8] usb 5-1: new high-speed USB device number 49 using dummy_hcd
[  481.624862][    T8] usb 5-1: Using ep0 maxpacket: 8
[  481.634547][    T8] usb 5-1: config 135 has an invalid interface number: 230 but max is 0
[  481.650603][    T8] usb 5-1: config 135 has an invalid descriptor of length 128, skipping remainder of the config
[  481.681413][    T8] usb 5-1: config 135 has no interface number 0
[  481.700616][T13477] netlink: 420 bytes leftover after parsing attributes in process `syz.5.1498'.
[  481.708056][    T8] usb 5-1: too many endpoints for config 135 interface 230 altsetting 126: 53, using maximum allowed: 30
[  481.710538][T13477] netlink: 80 bytes leftover after parsing attributes in process `syz.5.1498'.
[  482.464349][    T8] usb 5-1: config 135 interface 230 altsetting 126 has 0 endpoint descriptors, different from the interface descriptor's value: 53
[  482.478005][    T8] usb 5-1: config 135 interface 230 has no altsetting 0
[  482.487810][    T8] usb 5-1: New USB device found, idVendor=18ec, idProduct=3288, bcdDevice=3f.3a
[  482.504010][    T8] usb 5-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  482.524214][    T8] usb 5-1: Product: syz
[  482.613015][    T8] usb 5-1: Manufacturer: syz
[  482.623480][    T8] usb 5-1: SerialNumber: syz
[  483.143050][ T5873] usb 1-1: new high-speed USB device number 36 using dummy_hcd
[  483.325478][ T5873] usb 1-1: Using ep0 maxpacket: 32
[  483.333277][ T5873] usb 1-1: New USB device found, idVendor=0fd9, idProduct=0025, bcdDevice=29.40
[  483.343450][ T5873] usb 1-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  483.355117][ T5873] usb 1-1: config 0 descriptor??
[  483.397592][T13512] overlayfs: option "volatile" is meaningless in a non-upper mount, ignoring it.
[  483.433089][T13512] overlayfs: NFS export requires "redirect_dir=nofollow" on non-upper mount, falling back to nfs_export=off.
[  483.482410][T13512] overlayfs: missing 'lowerdir'
[  483.529822][    T8] usb 5-1: Found UVC 0.00 device syz (18ec:3288)
[  483.537154][    T8] usb 5-1: No valid video chain found.
[  483.557762][    T8] usb 5-1: USB disconnect, device number 49
[  483.579372][ T5873] dvb-usb: found a 'Elgato EyeTV Sat' in warm state.
[  483.606091][ T5873] dvb-usb: will pass the complete MPEG2 transport stream to the software demuxer.
[  483.630483][ T5873] dvbdev: DVB: registering new adapter (Elgato EyeTV Sat)
[  483.651263][ T5873] usb 1-1: media controller created
[  483.681981][ T5873] dvbdev: dvb_create_media_entity: media entity 'dvb-demux' registered.
[  483.834913][ T5872] usb 6-1: new high-speed USB device number 20 using dummy_hcd
[  483.994902][ T5872] usb 6-1: Using ep0 maxpacket: 16
[  484.229196][ T5873] az6027: usb out operation failed. (-71)
[  484.872458][ T5873] stb0899_attach: Driver disabled by Kconfig
[  485.121034][ T5873] az6027: no front-end attached
[  485.121034][ T5873] 
[  485.130214][ T5872] usb 6-1: config 0 has an invalid interface number: 224 but max is 0
[  485.138652][ T5872] usb 6-1: config 0 has no interface number 0
[  485.144888][ T5872] usb 6-1: config 0 interface 224 altsetting 0 bulk endpoint 0x4 has invalid maxpacket 16
[  485.155142][ T5872] usb 6-1: config 0 interface 224 altsetting 0 bulk endpoint 0x82 has invalid maxpacket 64
[  485.165527][ T5873] az6027: usb out operation failed. (-71)
[  485.171488][ T5873] dvb-usb: no frontend was attached by 'Elgato EyeTV Sat'
[  485.179973][ T5873] input: IR-receiver inside an USB DVB receiver as /devices/platform/dummy_hcd.0/usb1/1-1/input/input43
[  485.196247][ T5872] usb 6-1: config 0 has an invalid interface number: 224 but max is 0
[  485.197209][T13449] Process accounting resumed
[  485.204943][ T5872] usb 6-1: config 0 has no interface number 0
[  485.217221][ T5872] usb 6-1: config 0 interface 224 altsetting 0 bulk endpoint 0x4 has invalid maxpacket 16
[  485.227240][ T5872] usb 6-1: config 0 interface 224 altsetting 0 bulk endpoint 0x82 has invalid maxpacket 64
[  485.239723][ T5873] dvb-usb: schedule remote query interval to 400 msecs.
[  485.246942][ T5873] dvb-usb: Elgato EyeTV Sat successfully initialized and connected.
[  485.266715][ T5873] usb 1-1: USB disconnect, device number 36
[  485.290289][T13449] kernel write not supported for file /asound/timers (pid: 13449 comm: syz.4.1494)
[  485.332803][ T5872] usb 6-1: config 0 has an invalid interface number: 224 but max is 0
[  485.341150][ T5872] usb 6-1: config 0 has no interface number 0
[  485.364798][ T5872] usb 6-1: config 0 interface 224 altsetting 0 bulk endpoint 0x4 has invalid maxpacket 16
[  485.376275][T13564] openvswitch: netlink: Actions may not be safe on all matching packets
[  485.382637][ T5872] usb 6-1: config 0 interface 224 altsetting 0 bulk endpoint 0x82 has invalid maxpacket 64
[  485.401977][ T5872] usb 6-1: config 0 has an invalid interface number: 224 but max is 0
[  485.422023][ T5872] usb 6-1: config 0 has no interface number 0
[  485.434255][   T29] kauditd_printk_skb: 33 callbacks suppressed
[  485.434274][   T29] audit: type=1326 audit(1731264454.259:152): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=13563 comm="syz.2.1510" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f108bd7e719 code=0x7ffc0000
[  485.443924][ T5872] usb 6-1: config 0 interface 224 altsetting 0 bulk endpoint 0x4 has invalid maxpacket 16
[  485.504961][ T5873] dvb-usb: Elgato EyeTV Sat successfully deinitialized and disconnected.
[  485.518800][   T29] audit: type=1326 audit(1731264454.299:153): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=13563 comm="syz.2.1510" exe="/root/syz-executor" sig=0 arch=c000003e syscall=319 compat=0 ip=0x7f108bd7e719 code=0x7ffc0000
[  485.563706][ T5872] usb 6-1: config 0 interface 224 altsetting 0 bulk endpoint 0x82 has invalid maxpacket 64
[  485.563827][   T29] audit: type=1326 audit(1731264454.299:154): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=13563 comm="syz.2.1510" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f108bd7e719 code=0x7ffc0000
[  485.563862][   T29] audit: type=1326 audit(1731264454.299:155): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=13563 comm="syz.2.1510" exe="/root/syz-executor" sig=0 arch=c000003e syscall=32 compat=0 ip=0x7f108bd7e719 code=0x7ffc0000
[  485.563893][   T29] audit: type=1326 audit(1731264454.299:156): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=13563 comm="syz.2.1510" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f108bd7e719 code=0x7ffc0000
[  485.564153][   T29] audit: type=1326 audit(1731264454.299:157): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=13563 comm="syz.2.1510" exe="/root/syz-executor" sig=0 arch=c000003e syscall=40 compat=0 ip=0x7f108bd7e719 code=0x7ffc0000
[  485.564186][   T29] audit: type=1326 audit(1731264454.299:158): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=13563 comm="syz.2.1510" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f108bd7e719 code=0x7ffc0000
[  485.564215][   T29] audit: type=1326 audit(1731264454.309:159): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=13563 comm="syz.2.1510" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f108bd7e719 code=0x7ffc0000
[  485.564640][   T29] audit: type=1326 audit(1731264454.309:160): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=13563 comm="syz.2.1510" exe="/root/syz-executor" sig=0 arch=c000003e syscall=321 compat=0 ip=0x7f108bd7e719 code=0x7ffc0000
[  485.565040][ T5872] usb 6-1: config 0 has an invalid interface number: 224 but max is 0
[  485.565066][ T5872] usb 6-1: config 0 has no interface number 0
[  485.565100][ T5872] usb 6-1: config 0 interface 224 altsetting 0 bulk endpoint 0x4 has invalid maxpacket 16
[  485.565125][ T5872] usb 6-1: config 0 interface 224 altsetting 0 bulk endpoint 0x82 has invalid maxpacket 64
[  485.565731][   T29] audit: type=1326 audit(1731264454.309:161): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=13563 comm="syz.2.1510" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f108bd7e719 code=0x7ffc0000
[  485.566899][ T5872] usb 6-1: New USB device found, idVendor=0402, idProduct=5632, bcdDevice=ea.ac
[  485.566927][ T5872] usb 6-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  485.566948][ T5872] usb 6-1: Product: syz
[  485.566964][ T5872] usb 6-1: Manufacturer: syz
[  485.566980][ T5872] usb 6-1: SerialNumber: syz
[  485.568957][ T5872] usb 6-1: config 0 descriptor??
[  485.569686][T13512] raw-gadget.1 gadget.5: fail, usb_ep_enable returned -22
[  485.569803][T13512] raw-gadget.1 gadget.5: fail, usb_ep_enable returned -22
[  485.846618][T13512] raw-gadget.1 gadget.5: fail, usb_ep_enable returned -22
[  485.856101][T13512] raw-gadget.1 gadget.5: fail, usb_ep_enable returned -22
[  486.083495][ T5872] cdc_subset 6-1:0.224 usb0: register 'cdc_subset' at usb-dummy_hcd.5-1, ALi M5632, 8a:dc:f0:c0:41:c0
[  486.398108][ T5874] usb 6-1: USB disconnect, device number 20
[  486.741071][ T5874] cdc_subset 6-1:0.224 usb0: unregister 'cdc_subset' usb-dummy_hcd.5-1, ALi M5632
[  486.831146][T13572] kernel write not supported for file /asound/timers (pid: 13572 comm: syz.4.1511)
[  487.580830][T13623] kernel write not supported for file /asound/timers (pid: 13623 comm: syz.4.1517)
[  489.892561][T13666] ALSA: mixer_oss: invalid OSS volume ''
[  490.394389][T13634] overlayfs: fs on './file0' does not support file handles, falling back to index=off,nfs_export=off.
[  490.406576][T13634] overlay: filesystem on ./bus not supported as upperdir
[  491.654091][T13669] kernel write not supported for file /asound/timers (pid: 13669 comm: syz.4.1519)
[  492.750083][T13726] netlink: 36 bytes leftover after parsing attributes in process `syz.3.1530'.
[  493.304930][ T5905] usb 5-1: new full-speed USB device number 50 using dummy_hcd
[  493.566357][ T5905] usb 5-1: config 0 has an invalid interface number: 39 but max is 0
[  493.574574][ T5905] usb 5-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config
[  493.584763][ T5905] usb 5-1: config 0 has no interface number 0
[  493.593535][ T5905] usb 5-1: New USB device found, idVendor=0499, idProduct=4d3f, bcdDevice=d2.2a
[  494.225643][ T5905] usb 5-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  494.233702][ T5905] usb 5-1: Product: syz
[  494.237986][ T5905] usb 5-1: Manufacturer: syz
[  494.242605][ T5905] usb 5-1: SerialNumber: syz
[  494.345981][ T5905] usb 5-1: config 0 descriptor??
[  495.229003][T13715] kernel write not supported for file /asound/timers (pid: 13715 comm: syz.4.1531)
[  495.662424][ T5905] usb 5-1: USB disconnect, device number 50
[  497.397545][T13827] nvme_fabrics: missing parameter 'transport=%s'
[  497.416990][T13827] nvme_fabrics: missing parameter 'nqn=%s'
[  498.216290][T13836] netlink: 'syz.2.1549': attribute type 5 has an invalid length.
[  498.229736][ T5905] usb 5-1: new high-speed USB device number 51 using dummy_hcd
[  499.140893][ T5905] usb 5-1: Using ep0 maxpacket: 16
[  499.348623][T13794] kernel write not supported for file /asound/timers (pid: 13794 comm: syz.4.1543)
[  499.415234][ T5905] usb 5-1: device descriptor read/all, error -71
[  499.816682][T13864] netlink: 8 bytes leftover after parsing attributes in process `syz.4.1553'.
[  499.864844][ T8225] usb 3-1: new high-speed USB device number 35 using dummy_hcd
[  500.019113][ T8225] usb 3-1: Using ep0 maxpacket: 8
[  500.033542][ T8225] usb 3-1: config 4 has an invalid interface number: 182 but max is 0
[  500.051853][ T8225] usb 3-1: config 4 has no interface number 0
[  500.060065][ T8225] usb 3-1: config 4 interface 182 altsetting 0 has an invalid descriptor for endpoint zero, skipping
[  500.078484][ T8225] usb 3-1: config 4 interface 182 altsetting 0 endpoint 0x1 has invalid wMaxPacketSize 0
[  500.092144][ T8225] usb 3-1: New USB device found, idVendor=0499, idProduct=1033, bcdDevice=5c.79
[  500.123066][ T8225] usb 3-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  500.142396][T13869] kernel write not supported for file /asound/timers (pid: 13869 comm: syz.4.1553)
[  500.149423][ T8225] usb 3-1: Product: syz
[  500.177891][ T8225] usb 3-1: Manufacturer: syz
[  500.182529][ T8225] usb 3-1: SerialNumber: syz
[  500.279619][  T972] usb 6-1: new full-speed USB device number 21 using dummy_hcd
[  500.547787][  T972] usb 6-1: device descriptor read/64, error -71
[  500.582755][T13887] kernel write not supported for file /asound/timers (pid: 13887 comm: syz.4.1556)
[  501.365318][  T972] usb 6-1: new full-speed USB device number 22 using dummy_hcd
[  501.524864][  T972] usb 6-1: device descriptor read/64, error -71
[  501.607141][T13908] netdevsim netdevsim3 netdevsim0: set [0, 0] type 1 family 0 port 8472 - 0
[  501.611386][ T8225] usb 3-1: Quirk or no altset; falling back to MIDI 1.0
[  501.620108][T13908] netdevsim netdevsim3 netdevsim1: set [0, 0] type 1 family 0 port 8472 - 0
[  501.625819][ T1298] ieee802154 phy1 wpan1: encryption failed: -22
[  501.632899][T13908] netdevsim netdevsim3 netdevsim2: set [0, 0] type 1 family 0 port 8472 - 0
[  501.641340][  T972] usb usb6-port1: attempt power cycle
[  501.647566][T13908] netdevsim netdevsim3 netdevsim3: set [0, 0] type 1 family 0 port 8472 - 0
[  501.701955][ T8225] snd-usb-audio 3-1:4.182: probe with driver snd-usb-audio failed with error -2
[  501.722045][ T8225] usb 3-1: USB disconnect, device number 35
[  501.778416][T13928] Mount JFS Failure: -22
[  501.933416][ T5140] Bluetooth: hci4: ACL packet for unknown connection handle 0
[  501.945850][ T6270] udevd[6270]: error opening ATTR{/sys/devices/platform/dummy_hcd.2/usb3/3-1/3-1:4.182/sound/card3/controlC3/../uevent} for writing: No such file or directory
[  502.024900][  T972] usb 6-1: new full-speed USB device number 23 using dummy_hcd
[  502.055687][  T972] usb 6-1: device descriptor read/8, error -71
[  502.295025][  T972] usb 6-1: new full-speed USB device number 24 using dummy_hcd
[  502.352772][  T972] usb 6-1: device descriptor read/8, error -71
[  502.517465][  T972] usb usb6-port1: unable to enumerate USB device
[  503.005798][T13905] kernel write not supported for file /asound/timers (pid: 13905 comm: syz.4.1559)
[  503.555047][  T972] usb 4-1: new high-speed USB device number 48 using dummy_hcd
[  503.744459][  T972] usb 4-1: Using ep0 maxpacket: 8
[  503.770333][  T972] usb 4-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7
[  503.784931][  T972] usb 4-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0
[  503.822383][  T972] usb 4-1: New USB device found, idVendor=04d8, idProduct=f372, bcdDevice= 0.00
[  503.873929][  T972] usb 4-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  503.950760][  T972] usb 4-1: config 0 descriptor??
[  505.173046][  T972] usbhid 4-1:0.0: can't add hid device: -71
[  505.181707][  T972] usbhid 4-1:0.0: probe with driver usbhid failed with error -71
[  505.257367][  T972] usb 4-1: USB disconnect, device number 48
[  505.506621][T13987] netlink: zone id is out of range
[  505.513720][T13987] netlink: zone id is out of range
[  505.524884][T13987] netlink: zone id is out of range
[  505.532290][T13987] netlink: zone id is out of range
[  505.539526][T13987] netlink: zone id is out of range
[  505.544874][   T25] usb 1-1: new high-speed USB device number 37 using dummy_hcd
[  505.550312][T13987] netlink: set zone limit has 4 unknown bytes
[  505.705717][   T25] usb 1-1: Using ep0 maxpacket: 32
[  505.714463][   T25] usb 1-1: New USB device found, idVendor=0fe6, idProduct=9800, bcdDevice=e2.de
[  505.728053][T13953] kernel write not supported for file /asound/timers (pid: 13953 comm: syz.4.1567)
[  505.737692][   T25] usb 1-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  505.747430][T13999] netlink: 44 bytes leftover after parsing attributes in process `syz.2.1575'.
[  505.754958][   T25] usb 1-1: Product: syz
[  505.765179][   T25] usb 1-1: Manufacturer: syz
[  505.769847][   T25] usb 1-1: SerialNumber: syz
[  505.796708][   T25] usb 1-1: config 0 descriptor??
[  505.816055][   T25] CoreChips 1-1:0.0: probe with driver CoreChips failed with error -22
[  506.021690][T14007] kernel write not supported for file /asound/timers (pid: 14007 comm: syz.4.1577)
[  506.687807][T14014] kernel write not supported for file /asound/timers (pid: 14014 comm: syz.4.1579)
[  506.850889][T14027] netlink: 8 bytes leftover after parsing attributes in process `syz.3.1582'.
[  506.867865][T14027] netlink: 8 bytes leftover after parsing attributes in process `syz.3.1582'.
[  507.405037][ T5905] usb 3-1: new high-speed USB device number 36 using dummy_hcd
[  507.581892][ T5905] usb 3-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 32, changing to 9
[  507.593723][ T5905] usb 3-1: New USB device found, idVendor=04f3, idProduct=0755, bcdDevice= 0.00
[  507.609507][ T5905] usb 3-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  507.656335][ T5905] usb 3-1: config 0 descriptor??
[  507.806150][T14050] kernel write not supported for file /asound/timers (pid: 14050 comm: syz.4.1581)
[  507.881154][ T5905] usbhid 3-1:0.0: can't add hid device: -71
[  507.906803][ T5905] usbhid 3-1:0.0: probe with driver usbhid failed with error -71
[  507.924788][  T972] usb 6-1: new high-speed USB device number 25 using dummy_hcd
[  507.948228][ T5905] usb 3-1: USB disconnect, device number 36
[  508.185233][  T972] usb 6-1: device descriptor read/64, error -71
[  508.886175][ T5921] usb 1-1: USB disconnect, device number 37
[  508.944872][ T5873] usb 5-1: new high-speed USB device number 53 using dummy_hcd
[  508.980313][T14087] netlink: 24 bytes leftover after parsing attributes in process `syz.3.1590'.
[  509.071577][  T972] usb 6-1: new high-speed USB device number 26 using dummy_hcd
[  509.095206][ T5873] usb 5-1: device descriptor read/64, error -71
[  509.329100][T14106] syz.2.1594 (14106): drop_caches: 4
[  509.345281][ T5873] usb 5-1: new high-speed USB device number 54 using dummy_hcd
[  509.388437][T14101] x_tables: ip_tables: osf match: only valid for protocol 6
[  509.525252][ T5873] usb 5-1: device descriptor read/64, error -71
[  509.645403][ T5873] usb usb5-port1: attempt power cycle
[  509.785823][ T5921] usb 1-1: new high-speed USB device number 38 using dummy_hcd
[  509.793576][  T972] usb 6-1: device descriptor read/64, error -71
[  509.905217][  T972] usb usb6-port1: attempt power cycle
[  510.144914][ T5873] usb 5-1: new high-speed USB device number 55 using dummy_hcd
[  510.168873][ T5873] usb 5-1: device descriptor read/8, error -71
[  510.475186][ T5873] usb 5-1: new high-speed USB device number 56 using dummy_hcd
[  510.575282][ T5921] usb 1-1: Using ep0 maxpacket: 8
[  510.638481][ T5921] usb 1-1: New USB device found, idVendor=0ccd, idProduct=10a3, bcdDevice=23.a2
[  510.645834][ T5873] usb 5-1: device descriptor read/8, error -71
[  510.669374][ T5921] usb 1-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  510.704308][ T5921] usb 1-1: Product: syz
[  510.711173][ T5921] usb 1-1: Manufacturer: syz
[  510.719984][ T5921] usb 1-1: SerialNumber: syz
[  510.737031][ T5921] usb 1-1: config 0 descriptor??
[  510.758221][ T5873] usb usb5-port1: unable to enumerate USB device
[  510.850977][   T29] kauditd_printk_skb: 19 callbacks suppressed
[  510.851364][   T29] audit: type=1326 audit(1731264479.679:181): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=14128 comm="syz.2.1598" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f108bd7e719 code=0x7ffc0000
[  510.909927][T14134] Trying to write to read-only block-device nullb0
[  510.959042][T14062] kernel write not supported for file /asound/timers (pid: 14062 comm: syz.4.1587)
[  511.059919][ T5921] usb 1-1: dvb_usb_v2: found a 'Terratec H7' in warm state
[  511.064763][   T29] audit: type=1326 audit(1731264479.679:182): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=14128 comm="syz.2.1598" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f108bd7e719 code=0x7ffc0000
[  511.506483][   T29] audit: type=1326 audit(1731264479.689:183): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=14128 comm="syz.2.1598" exe="/root/syz-executor" sig=0 arch=c000003e syscall=152 compat=0 ip=0x7f108bd7e719 code=0x7ffc0000
[  511.659624][T14142] vivid-000: =================  START STATUS  =================
[  511.704828][T14142] vivid-000: Generate PTS: true
[  511.710393][T14142] vivid-000: Generate SCR: true
[  511.841038][T14142] tpg source WxH: 320x180 (Y'CbCr)
[  511.962643][T14142] tpg field: 1
[  512.077844][T14142] tpg crop: 320x180@0x0
[  512.082028][T14142] tpg compose: 320x180@0x0
[  512.086628][T14142] tpg colorspace: 8
[  512.090446][T14142] tpg transfer function: 0/0
[  512.095273][T14142] tpg Y'CbCr encoding: 0/0
[  512.099710][T14142] tpg quantization: 0/0
[  512.103878][T14142] tpg RGB range: 0/2
[  512.107814][T14142] vivid-000: ==================  END STATUS  ==================
[  512.132529][   T29] audit: type=1326 audit(1731264479.689:184): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=14128 comm="syz.2.1598" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f108bd7e719 code=0x7ffc0000
[  512.310504][T14146] netlink: 16 bytes leftover after parsing attributes in process `syz.4.1600'.
[  512.400990][   T29] audit: type=1326 audit(1731264479.689:185): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=14128 comm="syz.2.1598" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f108bd7e719 code=0x7ffc0000
[  512.422688][    C1] vkms_vblank_simulate: vblank timer overrun
[  512.494112][   T29] audit: type=1326 audit(1731264479.709:186): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=14128 comm="syz.2.1598" exe="/root/syz-executor" sig=0 arch=c000003e syscall=32 compat=0 ip=0x7f108bd7e719 code=0x7ffc0000
[  512.552525][   T29] audit: type=1326 audit(1731264479.709:187): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=14128 comm="syz.2.1598" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f108bd7e719 code=0x7ffc0000
[  512.610634][   T29] audit: type=1326 audit(1731264479.709:188): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=14128 comm="syz.2.1598" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f108bd7e719 code=0x7ffc0000
[  512.673407][   T29] audit: type=1326 audit(1731264479.709:189): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=14128 comm="syz.2.1598" exe="/root/syz-executor" sig=0 arch=c000003e syscall=9 compat=0 ip=0x7f108bd7e719 code=0x7ffc0000
[  512.726064][   T29] audit: type=1326 audit(1731264479.719:190): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=14128 comm="syz.2.1598" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f108bd7e719 code=0x7ffc0000
[  513.003924][T14146] kernel write not supported for file /asound/timers (pid: 14146 comm: syz.4.1600)
[  513.145137][ T5905] usb 4-1: new high-speed USB device number 49 using dummy_hcd
[  513.295198][ T5905] usb 4-1: Using ep0 maxpacket: 32
[  513.305483][ T5873] IPVS: starting estimator thread 0...
[  513.332972][ T5921] usb write operation failed. (-71)
[  513.343032][ T5921] usb 1-1: dvb_usb_v2: will pass the complete MPEG2 transport stream to the software demuxer
[  513.353576][ T5921] dvbdev: DVB: registering new adapter (Terratec H7)
[  513.355679][ T5905] usb 4-1: New USB device found, idVendor=041e, idProduct=400b, bcdDevice=3e.e7
[  513.360330][ T5921] usb 1-1: media controller created
[  513.376235][ T5921] usb read operation failed. (-71)
[  513.386469][ T5921] usb write operation failed. (-71)
[  513.395055][T14192] IPVS: using max 19 ests per chain, 45600 per kthread
[  513.395699][ T5921] dvb_usb_az6007 1-1:0.0: probe with driver dvb_usb_az6007 failed with error -5
[  513.415046][ T5921] usb 1-1: USB disconnect, device number 38
[  513.442976][ T5905] usb 4-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  513.465045][ T8225] usb 3-1: new high-speed USB device number 37 using dummy_hcd
[  513.480485][T14200] netlink: 'syz.5.1611': attribute type 15 has an invalid length.
[  513.509419][ T5905] usb 4-1: config 0 descriptor??
[  513.533416][ T5905] gspca_main: sunplus-2.14.0 probing 041e:400b
[  513.550777][T14200] netlink: 324 bytes leftover after parsing attributes in process `syz.5.1611'.
[  513.629277][T14206] tmpfs: Bad value for 'size'
[  513.639939][ T8225] usb 3-1: config 1 has an invalid descriptor of length 0, skipping remainder of the config
[  513.659582][ T8225] usb 3-1: config 1 has 1 interface, different from the descriptor's value: 2
[  513.805464][ T8225] usb 3-1: config 1 interface 0 altsetting 0 has 0 endpoint descriptors, different from the interface descriptor's value: 1
[  513.806012][T14176] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy
[  513.822956][ T8225] usb 3-1: New USB device found, idVendor=0525, idProduct=a4a1, bcdDevice= 0.40
[  513.843103][ T8225] usb 3-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  513.862846][T14176] misc raw-gadget: fail, usb_gadget_register_driver returned -16
[  514.071671][ T8225] usb 3-1: Product: syz
[  514.099814][ T5905] gspca_sunplus: reg_w_riv err -110
[  514.327762][ T5905] sunplus 4-1:0.0: probe with driver sunplus failed with error -110
[  514.339028][ T8225] usb 3-1: Manufacturer: syz
[  514.343648][ T8225] usb 3-1: SerialNumber: syz
[  514.383024][ T8225] usb 3-1: selecting invalid altsetting 1
[  514.392484][T14176] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy
[  514.425115][T14176] misc raw-gadget: fail, usb_gadget_register_driver returned -16
[  514.462087][T14176] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy
[  514.515104][T14176] misc raw-gadget: fail, usb_gadget_register_driver returned -16
[  514.562206][T14176] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy
[  514.594817][T14176] misc raw-gadget: fail, usb_gadget_register_driver returned -16
[  514.621842][T14176] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy
[  514.649772][T14176] misc raw-gadget: fail, usb_gadget_register_driver returned -16
[  514.987424][ T8225] cdc_ncm 3-1:1.0: SET_NTB_FORMAT failed
[  515.735268][ T8225] usb 3-1: selecting invalid altsetting 1
[  515.741068][ T8225] cdc_ncm 3-1:1.0: bind() failure
[  515.813807][ T8225] usb 3-1: USB disconnect, device number 37
[  515.917668][ T5905] usb 4-1: USB disconnect, device number 49
[  516.155971][T14262] fuse: Bad value for 'fd'
[  516.283269][T14266] 9pnet_fd: Insufficient options for proto=fd
[  516.285770][T14267] trusted_key: encrypted_key: keyword 'upd_te' not recognized
[  517.579163][  T969] usb 6-1: new high-speed USB device number 28 using dummy_hcd
[  517.930309][  T969] usb 6-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7
[  517.971187][  T969] usb 6-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0
[  517.994530][  T969] usb 6-1: config 0 interface 0 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 2
[  518.031597][  T969] usb 6-1: New USB device found, idVendor=1a34, idProduct=0802, bcdDevice= 0.00
[  518.058017][  T969] usb 6-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  518.064987][T14300] netlink: 60 bytes leftover after parsing attributes in process `syz.3.1627'.
[  518.079720][T14300] netlink: 'syz.3.1627': attribute type 2 has an invalid length.
[  518.089040][T14300] netlink: 'syz.3.1627': attribute type 1 has an invalid length.
[  518.093204][  T969] usb 6-1: config 0 descriptor??
[  518.102375][T14300] netlink: 28 bytes leftover after parsing attributes in process `syz.3.1627'.
[  518.122677][T14300] netlink: 8 bytes leftover after parsing attributes in process `syz.3.1627'.
[  518.251620][T14306] loop2: detected capacity change from 0 to 7
[  518.265867][T14306] Dev loop2: unable to read RDB block 7
[  518.285104][ T5905] usb 3-1: new high-speed USB device number 38 using dummy_hcd
[  518.304217][T14306]  loop2: AHDI p1 p2
[  518.318837][T14306] loop2: partition table partially beyond EOD, truncated
[  518.332177][T14306] loop2: p1 start 2214592512 is beyond EOD, truncated
[  518.446824][T14312] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy
[  518.456189][ T5905] usb 3-1: Using ep0 maxpacket: 8
[  518.465584][T14312] misc raw-gadget: fail, usb_gadget_register_driver returned -16
[  518.477803][ T5905] usb 3-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config
[  518.500968][ T5905] usb 3-1: config 0 has no interfaces?
[  518.509005][ T5905] usb 3-1: New USB device found, idVendor=1557, idProduct=7720, bcdDevice=b7.eb
[  518.520497][ T5905] usb 3-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  518.531291][T14271] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy
[  518.549839][T14271] misc raw-gadget: fail, usb_gadget_register_driver returned -16
[  518.576587][ T5905] usb 3-1: config 0 descriptor??
[  518.603228][T14189] Process accounting paused
[  518.605460][  T969] usbhid 6-1:0.0: can't add hid device: -71
[  518.613810][  T969] usbhid 6-1:0.0: probe with driver usbhid failed with error -71
[  518.626096][  T969] usb 6-1: USB disconnect, device number 28
[  518.654985][ T5873] usb 1-1: new high-speed USB device number 39 using dummy_hcd
[  518.709465][T14335] netlink: 8 bytes leftover after parsing attributes in process `syz.4.1631'.
[  518.718759][T14335] netlink: 20 bytes leftover after parsing attributes in process `syz.4.1631'.
[  518.807611][ T5873] usb 1-1: New USB device found, idVendor=18ec, idProduct=3290, bcdDevice=c4.47
[  518.812714][   T29] kauditd_printk_skb: 7 callbacks suppressed
[  518.812732][   T29] audit: type=1326 audit(1731264487.639:198): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=14292 comm="syz.2.1626" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f108bd7e719 code=0x7ffc0000
[  518.818119][ T5873] usb 1-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  518.823194][T14294] autofs: Bad value for 'fd'
[  518.864046][   T29] audit: type=1326 audit(1731264487.639:199): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=14292 comm="syz.2.1626" exe="/root/syz-executor" sig=0 arch=c000003e syscall=459 compat=0 ip=0x7f108bd7e719 code=0x7ffc0000
[  518.885634][    C1] vkms_vblank_simulate: vblank timer overrun
[  518.922739][   T29] audit: type=1326 audit(1731264487.639:200): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=14292 comm="syz.2.1626" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f108bd7e719 code=0x7ffc0000
[  518.949552][ T5873] usb 1-1: config 0 descriptor??
[  518.950720][   T29] audit: type=1326 audit(1731264487.639:201): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=14292 comm="syz.2.1626" exe="/root/syz-executor" sig=0 arch=c000003e syscall=83 compat=0 ip=0x7f108bd7e719 code=0x7ffc0000
[  518.980443][T14294] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy
[  518.991392][T14294] misc raw-gadget: fail, usb_gadget_register_driver returned -16
[  519.028485][ T5921] usb 3-1: USB disconnect, device number 38
[  519.050486][   T29] audit: type=1326 audit(1731264487.639:202): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=14292 comm="syz.2.1626" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f108bd7e719 code=0x7ffc0000
[  519.072049][    C1] vkms_vblank_simulate: vblank timer overrun
[  519.123643][   T29] audit: type=1326 audit(1731264487.639:203): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=14292 comm="syz.2.1626" exe="/root/syz-executor" sig=0 arch=c000003e syscall=165 compat=0 ip=0x7f108bd7e719 code=0x7ffc0000
[  519.151148][   T29] audit: type=1326 audit(1731264487.639:204): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=14292 comm="syz.2.1626" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f108bd7e719 code=0x7ffc0000
[  519.191421][ T5873] usb 1-1: string descriptor 0 read error: -71
[  519.207991][ T5873] usb 1-1: Found UVC 0.00 device <unnamed> (18ec:3290)
[  519.221985][ T5873] usb 1-1: No valid video chain found.
[  519.230414][   T29] audit: type=1326 audit(1731264487.649:205): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=14292 comm="syz.2.1626" exe="/root/syz-executor" sig=0 arch=c000003e syscall=165 compat=0 ip=0x7f108bd7e719 code=0x7ffc0000
[  519.261623][ T5873] usb 1-1: USB disconnect, device number 39
[  519.287568][   T29] audit: type=1326 audit(1731264487.739:206): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=14292 comm="syz.2.1626" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f108bd7e719 code=0x7ffc0000
[  519.310111][   T29] audit: type=1326 audit(1731264487.739:207): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=14292 comm="syz.2.1626" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f108bd7e719 code=0x7ffc0000
[  520.118614][    T8] usb 5-1: new high-speed USB device number 57 using dummy_hcd
[  520.280573][    T8] usb 5-1: Using ep0 maxpacket: 8
[  520.304774][    T8] usb 5-1: config 0 interface 0 altsetting 0 endpoint 0x8D has an invalid bInterval 42, changing to 9
[  520.320363][    T8] usb 5-1: config 0 interface 0 altsetting 0 endpoint 0x5 has invalid wMaxPacketSize 0
[  520.378197][    T8] usb 5-1: config 0 interface 0 altsetting 0 bulk endpoint 0x5 has invalid maxpacket 0
[  520.392163][    T8] usb 5-1: config 0 interface 0 altsetting 0 endpoint 0x8B has invalid wMaxPacketSize 0
[  520.403323][    T8] usb 5-1: config 0 interface 0 altsetting 0 bulk endpoint 0x8B has invalid maxpacket 0
[  520.576584][    T8] usb 5-1: New USB device found, idVendor=05ac, idProduct=8215, bcdDevice=8f.58
[  520.602703][    T8] usb 5-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  520.723809][ T8225] usb 3-1: new high-speed USB device number 39 using dummy_hcd
[  521.528712][    T8] usb 5-1: config 0 descriptor??
[  521.721653][T14409] kvm: vcpu 0: requested lapic timer restore with starting count register 0x390=536870976 (1073741952 ns) > initial count (4 ns). Using initial count to start timer.
[  521.743229][ T8225] usb 3-1: New USB device found, idVendor=8086, idProduct=0110, bcdDevice=bf.ad
[  521.752995][ T8225] usb 3-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  521.767144][ T5140] Bluetooth: hci5: urb ffff888021f07500 submission failed (90)
[  521.778340][ T8225] usb 3-1: config 0 descriptor??
[  521.788251][ T8225] gspca_main: spca508-2.14.0 probing 8086:0110
[  521.806980][T14409] tc_dump_action: action bad kind
[  521.929515][    T9] usb 6-1: new full-speed USB device number 30 using dummy_hcd
[  521.983049][ T5873] usb 5-1: USB disconnect, device number 57
[  522.401249][ T8225] gspca_spca508: reg_read err -71
[  522.407879][ T8225] gspca_spca508: reg_read err -71
[  522.490235][ T8225] gspca_spca508: reg_read err -71
[  522.634380][ T8225] gspca_spca508: reg_read err -71
[  522.730077][ T8225] gspca_spca508: reg write: error -71
[  522.738820][    T9] usb 6-1: config 0 has an invalid interface number: 245 but max is 0
[  522.747263][    T9] usb 6-1: config 0 contains an unexpected descriptor of type 0x2, skipping
[  522.757155][    T9] usb 6-1: config 0 contains an unexpected descriptor of type 0x2, skipping
[  522.763435][ T8225] spca508 3-1:0.0: probe with driver spca508 failed with error -71
[  522.775667][    T9] usb 6-1: config 0 has no interface number 0
[  522.783723][    T9] usb 6-1: config 0 interface 245 altsetting 0 endpoint 0xE has invalid maxpacket 1023, setting to 64
[  522.795183][    T9] usb 6-1: config 0 interface 245 altsetting 0 endpoint 0xB has invalid maxpacket 512, setting to 64
[  522.798408][ T8225] usb 3-1: USB disconnect, device number 39
[  522.806177][    T9] usb 6-1: config 0 interface 245 altsetting 0 has an invalid descriptor for endpoint zero, skipping
[  522.806205][    T9] usb 6-1: config 0 interface 245 altsetting 0 has a duplicate endpoint with address 0xB, skipping
[  522.806230][    T9] usb 6-1: config 0 interface 245 altsetting 0 endpoint 0x8 has invalid maxpacket 512, setting to 64
[  522.806257][    T9] usb 6-1: config 0 interface 245 altsetting 0 has an invalid descriptor for endpoint zero, skipping
[  522.806279][    T9] usb 6-1: config 0 interface 245 altsetting 0 endpoint 0x2 has invalid maxpacket 1024, setting to 64
[  522.806307][    T9] usb 6-1: config 0 interface 245 altsetting 0 has a duplicate endpoint with address 0x3, skipping
[  522.806341][    T9] usb 6-1: New USB device found, idVendor=0ed1, idProduct=6660, bcdDevice= 2.98
[  522.806364][    T9] usb 6-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  522.808880][    T9] usb 6-1: config 0 descriptor??
[  522.945604][T14404] raw-gadget.2 gadget.5: fail, usb_ep_enable returned -22
[  522.953021][T14404] raw-gadget.2 gadget.5: fail, usb_ep_enable returned -22
[  522.964206][    T9] usb-storage 6-1:0.245: USB Mass Storage device detected
[  522.985540][    T9] usb-storage 6-1:0.245: Quirks match for vid 0ed1 pid 6660: 8
[  522.995864][T14450] iommufd_mock iommufd_mock0: Adding to iommu group 0
[  523.005446][T14450] x_tables: ip_tables: osf match: only valid for protocol 6
[  523.504856][ T5873] usb 6-1: USB disconnect, device number 30
[  524.696522][ T5905] usb 1-1: new high-speed USB device number 40 using dummy_hcd
[  524.800973][T14508] input: syz0 as /devices/virtual/input/input44
[  524.854956][ T5905] usb 1-1: Using ep0 maxpacket: 16
[  524.861792][ T5905] usb 1-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7
[  524.870005][T14521] hsr0: left promiscuous mode
[  524.887542][T14522] IPVS: sync thread started: state = BACKUP, mcast_ifn = hsr0, syncid = 0, id = 0
[  524.887685][T14521] netlink: 16 bytes leftover after parsing attributes in process `syz.3.1656'.
[  524.919107][ T5905] usb 1-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0
[  525.427939][ T5921] usb 5-1: new high-speed USB device number 58 using dummy_hcd
[  525.501737][T14538] netlink: 36 bytes leftover after parsing attributes in process `syz.2.1658'.
[  525.518926][T14541] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy
[  525.558939][T14541] misc raw-gadget: fail, usb_gadget_register_driver returned -16
[  525.584869][ T5921] usb 5-1: Using ep0 maxpacket: 16
[  525.597661][ T5921] usb 5-1: config 1 interface 1 altsetting 1 endpoint 0x1 has an invalid bInterval 0, changing to 7
[  525.613906][ T5921] usb 5-1: config 1 interface 1 altsetting 1 endpoint 0x1 has invalid wMaxPacketSize 0
[  525.634597][ T5921] usb 5-1: config 1 interface 2 altsetting 1 endpoint 0x82 has an invalid bInterval 0, changing to 7
[  525.689952][ T5921] usb 5-1: config 1 interface 2 altsetting 1 endpoint 0x82 has invalid wMaxPacketSize 0
[  525.749726][ T5921] usb 5-1: New USB device found, idVendor=1d6b, idProduct=0101, bcdDevice= 0.40
[  525.775194][ T8225] usb 4-1: new high-speed USB device number 50 using dummy_hcd
[  525.782580][ T5905] usb 1-1: config 0 interface 0 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 9
[  525.795958][ T5905] usb 1-1: New USB device found, idVendor=045e, idProduct=07da, bcdDevice= 0.00
[  525.800293][ T5921] usb 5-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  525.883649][ T5921] usb 5-1: Product: syz
[  525.897921][ T5921] usb 5-1: Manufacturer: syz
[  525.906213][ T5905] usb 1-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  525.911240][ T5921] usb 5-1: SerialNumber: syz
[  525.925470][ T5905] usb 1-1: config 0 descriptor??
[  526.151303][   T25] usb 3-1: new high-speed USB device number 40 using dummy_hcd
[  526.273680][ T5921] usb 5-1: USB disconnect, device number 58
[  526.325102][   T25] usb 3-1: Using ep0 maxpacket: 8
[  526.338940][   T25] usb 3-1: config index 0 descriptor too short (expected 301, got 45)
[  526.394305][   T25] usb 3-1: config 16 interface 0 altsetting 0 endpoint 0x5 has invalid wMaxPacketSize 0
[  526.499475][ T5905] microsoft 0003:045E:07DA.000E: unknown main item tag 0x1
[  526.517824][ T5905] microsoft 0003:045E:07DA.000E: unknown global tag 0xe
[  526.527943][ T5905] microsoft 0003:045E:07DA.000E: item 0 4 1 14 parsing failed
[  526.536823][ T5905] microsoft 0003:045E:07DA.000E: parse failed
[  526.540876][   T25] usb 3-1: config 16 interface 0 altsetting 0 bulk endpoint 0x5 has invalid maxpacket 0
[  526.543348][ T5905] microsoft 0003:045E:07DA.000E: probe with driver microsoft failed with error -22
[  526.683680][   T25] usb 3-1: config 16 interface 0 altsetting 0 bulk endpoint 0x8B has invalid maxpacket 32
[  526.684941][T14484] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy
[  526.698738][   T25] usb 3-1: config 16 interface 0 altsetting 0 has 2 endpoint descriptors, different from the interface descriptor's value: 3
[  527.266069][T14484] misc raw-gadget: fail, usb_gadget_register_driver returned -16
[  527.266916][   T25] usb 3-1: New USB device found, idVendor=ee8d, idProduct=db1e, bcdDevice=61.23
[  527.298044][ T6270] udevd[6270]: error opening ATTR{/sys/devices/platform/dummy_hcd.4/usb5/5-1/5-1:1.0/sound/card3/controlC3/../uevent} for writing: No such file or directory
[  527.314240][   T25] usb 3-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  528.431000][T14611] 
[  528.433374][T14611] ======================================================
[  528.440488][T14611] WARNING: possible circular locking dependency detected
[  528.447520][T14611] 6.12.0-rc6-syzkaller-00279-gde2f378f2b77 #0 Not tainted
[  528.454637][T14611] ------------------------------------------------------
[  528.461658][T14611] syz.4.1665/14611 is trying to acquire lock:
[  528.467718][T14611] ffff88806d1eac68 (&pipe->mutex){+.+.}-{3:3}, at: iter_file_splice_write+0x330/0x1510
[  528.477383][T14611] 
[  528.477383][T14611] but task is already holding lock:
[  528.484738][T14611] ffff888029f30420 (sb_writers#5){.+.+}-{0:0}, at: do_splice+0xce4/0x18e0
[  528.493270][T14611] 
[  528.493270][T14611] which lock already depends on the new lock.
[  528.493270][T14611] 
[  528.503662][T14611] 
[  528.503662][T14611] the existing dependency chain (in reverse order) is:
[  528.512664][T14611] 
[  528.512664][T14611] -> #3 (sb_writers#5){.+.+}-{0:0}:
[  528.520075][T14611]        lock_acquire+0x1ed/0x550
[  528.525118][T14611]        sb_start_write+0x4d/0x1c0
[  528.530240][T14611]        mnt_want_write+0x3f/0x90
[  528.535261][T14611]        ovl_create_object+0x13a/0x3a0
[  528.540718][T14611]        path_openat+0x1c03/0x3590
[  528.545823][T14611]        do_filp_open+0x235/0x490
[  528.550845][T14611]        do_sys_openat2+0x13e/0x1d0
[  528.556036][T14611]        __x64_sys_openat+0x247/0x2a0
[  528.561403][T14611]        do_syscall_64+0xf3/0x230
[  528.566425][T14611]        entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  528.572836][T14611] 
[  528.572836][T14611] -> #2 (&ovl_i_mutex_dir_key[depth]#2){++++}-{3:3}:
[  528.581707][T14611]        lock_acquire+0x1ed/0x550
[  528.586731][T14611]        down_read+0xb1/0xa40
[  528.591404][T14611]        lookup_slow+0x45/0x70
[  528.596166][T14611]        walk_component+0x2e1/0x410
[  528.601355][T14611]        path_lookupat+0x16f/0x450
[  528.606454][T14611]        filename_lookup+0x256/0x610
[  528.611736][T14611]        kern_path+0x35/0x50
[  528.616317][T14611]        lookup_bdev+0xc5/0x290
[  528.621165][T14611]        resume_store+0x1a0/0x710
[  528.626261][T14611]        kernfs_fop_write_iter+0x3a0/0x500
[  528.632081][T14611]        vfs_write+0xaeb/0xd30
[  528.636849][T14611]        ksys_write+0x183/0x2b0
[  528.641701][T14611]        do_syscall_64+0xf3/0x230
[  528.646722][T14611]        entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  528.653132][T14611] 
[  528.653132][T14611] -> #1 (&of->mutex){+.+.}-{3:3}:
[  528.660340][T14611]        lock_acquire+0x1ed/0x550
[  528.665387][T14611]        __mutex_lock+0x136/0xd70
[  528.670406][T14611]        kernfs_fop_write_iter+0x1ea/0x500
[  528.676210][T14611]        iter_file_splice_write+0xbfa/0x1510
[  528.682182][T14611]        do_splice+0xd68/0x18e0
[  528.687020][T14611]        __se_sys_splice+0x331/0x4a0
[  528.692300][T14611]        do_syscall_64+0xf3/0x230
[  528.697317][T14611]        entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  528.703724][T14611] 
[  528.703724][T14611] -> #0 (&pipe->mutex){+.+.}-{3:3}:
[  528.711108][T14611]        validate_chain+0x18ef/0x5920
[  528.716494][T14611]        __lock_acquire+0x1384/0x2050
[  528.721860][T14611]        lock_acquire+0x1ed/0x550
[  528.726885][T14611]        __mutex_lock+0x136/0xd70
[  528.731919][T14611]        iter_file_splice_write+0x330/0x1510
[  528.737895][T14611]        do_splice+0xd68/0x18e0
[  528.742745][T14611]        __se_sys_splice+0x331/0x4a0
[  528.748024][T14611]        do_syscall_64+0xf3/0x230
[  528.753052][T14611]        entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  528.759460][T14611] 
[  528.759460][T14611] other info that might help us debug this:
[  528.759460][T14611] 
[  528.769675][T14611] Chain exists of:
[  528.769675][T14611]   &pipe->mutex --> &ovl_i_mutex_dir_key[depth]#2 --> sb_writers#5
[  528.769675][T14611] 
[  528.783419][T14611]  Possible unsafe locking scenario:
[  528.783419][T14611] 
[  528.790853][T14611]        CPU0                    CPU1
[  528.796203][T14611]        ----                    ----
[  528.801556][T14611]   rlock(sb_writers#5);
[  528.805800][T14611]                                lock(&ovl_i_mutex_dir_key[depth]#2);
[  528.813949][T14611]                                lock(sb_writers#5);
[  528.820624][T14611]   lock(&pipe->mutex);
[  528.824778][T14611] 
[  528.824778][T14611]  *** DEADLOCK ***
[  528.824778][T14611] 
[  528.832925][T14611] 1 lock held by syz.4.1665/14611:
[  528.838033][T14611]  #0: ffff888029f30420 (sb_writers#5){.+.+}-{0:0}, at: do_splice+0xce4/0x18e0
[  528.847006][T14611] 
[  528.847006][T14611] stack backtrace:
[  528.852883][T14611] CPU: 1 UID: 0 PID: 14611 Comm: syz.4.1665 Not tainted 6.12.0-rc6-syzkaller-00279-gde2f378f2b77 #0
[  528.863637][T14611] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/30/2024
[  528.873690][T14611] Call Trace:
[  528.876963][T14611]  <TASK>
[  528.879891][T14611]  dump_stack_lvl+0x241/0x360
[  528.884568][T14611]  ? __pfx_dump_stack_lvl+0x10/0x10
[  528.889764][T14611]  ? __pfx__printk+0x10/0x10
[  528.894350][T14611]  print_circular_bug+0x13a/0x1b0
[  528.899366][T14611]  check_noncircular+0x36a/0x4a0
[  528.904296][T14611]  ? __pfx_register_lock_class+0x10/0x10
[  528.909928][T14611]  ? __pfx_check_noncircular+0x10/0x10
[  528.915377][T14611]  ? lockdep_lock+0x123/0x2b0
[  528.920045][T14611]  ? __lock_acquire+0x1384/0x2050
[  528.925065][T14611]  validate_chain+0x18ef/0x5920
[  528.929918][T14611]  ? __pfx_validate_chain+0x10/0x10
[  528.935109][T14611]  ? unwind_next_frame+0x18e6/0x22d0
[  528.940409][T14611]  ? preempt_count_add+0x93/0x190
[  528.945505][T14611]  ? 0xffffffffa0001a48
[  528.949671][T14611]  ? 0xffffffffa0001a48
[  528.953822][T14611]  ? is_bpf_text_address+0x285/0x2a0
[  528.959128][T14611]  ? is_bpf_text_address+0x26/0x2a0
[  528.964334][T14611]  ? __pfx_stack_trace_consume_entry+0x10/0x10
[  528.970493][T14611]  ? kernel_text_address+0xa7/0xe0
[  528.975614][T14611]  ? __kernel_text_address+0xd/0x40
[  528.980805][T14611]  ? unwind_get_return_address+0x4d/0x90
[  528.986438][T14611]  ? arch_stack_walk+0xfd/0x150
[  528.991283][T14611]  ? mark_lock+0x9a/0x360
[  528.995618][T14611]  __lock_acquire+0x1384/0x2050
[  529.000477][T14611]  lock_acquire+0x1ed/0x550
[  529.006114][T14611]  ? iter_file_splice_write+0x330/0x1510
[  529.011933][T14611]  ? __pfx_lock_acquire+0x10/0x10
[  529.016964][T14611]  ? __pfx___might_resched+0x10/0x10
[  529.022260][T14611]  __mutex_lock+0x136/0xd70
[  529.026764][T14611]  ? iter_file_splice_write+0x330/0x1510
[  529.032400][T14611]  ? iter_file_splice_write+0x330/0x1510
[  529.038030][T14611]  ? __pfx___mutex_lock+0x10/0x10
[  529.043054][T14611]  ? iter_file_splice_write+0x303/0x1510
[  529.048678][T14611]  ? iter_file_splice_write+0x303/0x1510
[  529.054303][T14611]  ? rcu_is_watching+0x15/0xb0
[  529.059060][T14611]  ? iter_file_splice_write+0x303/0x1510
[  529.064687][T14611]  ? iter_file_splice_write+0x303/0x1510
[  529.070321][T14611]  ? __kmalloc_noprof+0x21a/0x400
[  529.075339][T14611]  iter_file_splice_write+0x330/0x1510
[  529.080804][T14611]  ? __pfx_iter_file_splice_write+0x10/0x10
[  529.086785][T14611]  ? rcu_read_lock_any_held+0xb7/0x160
[  529.092330][T14611]  ? __pfx_rcu_read_lock_any_held+0x10/0x10
[  529.098219][T14611]  ? file_start_write+0x5e/0x250
[  529.103326][T14611]  ? __pfx_iter_file_splice_write+0x10/0x10
[  529.109644][T14611]  do_splice+0xd68/0x18e0
[  529.113970][T14611]  ? __pfx_lock_release+0x10/0x10
[  529.118996][T14611]  ? lockdep_hardirqs_on+0x99/0x150
[  529.124191][T14611]  ? pipe_clear_nowait+0x196/0x220
[  529.129301][T14611]  ? __pfx_do_splice+0x10/0x10
[  529.134338][T14611]  __se_sys_splice+0x331/0x4a0
[  529.139146][T14611]  ? __pfx___se_sys_splice+0x10/0x10
[  529.144441][T14611]  ? do_syscall_64+0x100/0x230
[  529.149210][T14611]  ? __x64_sys_splice+0x21/0xf0
[  529.154064][T14611]  do_syscall_64+0xf3/0x230
[  529.158565][T14611]  ? clear_bhb_loop+0x35/0x90
[  529.163240][T14611]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  529.169130][T14611] RIP: 0033:0x7f8f7837e719
[  529.173534][T14611] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[  529.193135][T14611] RSP: 002b:00007f8f791fe038 EFLAGS: 00000246 ORIG_RAX: 0000000000000113
[  529.201543][T14611] RAX: ffffffffffffffda RBX: 00007f8f78535f80 RCX: 00007f8f7837e719
[  529.209505][T14611] RDX: 0000000000000006 RSI: 0000000000000000 RDI: 0000000000000003
[  529.217468][T14611] RBP: 00007f8f783f139e R08: 0000000000000016 R09: 0000000000000000
[  529.225432][T14611] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000
[  529.233393][T14611] R13: 0000000000000000 R14: 00007f8f78535f80 R15: 00007ffe4b7ecd18
[  529.241368][T14611]  </TASK>
[  529.244395][    C1] vkms_vblank_simulate: vblank timer overrun
[  529.257586][ T5905] usb 1-1: USB disconnect, device number 40
[  529.271380][   T25] usb 3-1: usb_control_msg returned -71
[  529.277538][   T25] usbtmc 3-1:16.0: can't read capabilities
[  529.290657][   T25] usb 3-1: USB disconnect, device number 40