last executing test programs:

4m24.059859066s ago: executing program 4 (id=354):
mkdirat(0xffffffffffffff9c, &(0x7f0000000280)='./file0\x00', 0x0)
pipe2$9p(&(0x7f0000000240)={<r0=>0xffffffffffffffff, <r1=>0xffffffffffffffff}, 0x0)
write$P9_RVERSION(r1, &(0x7f0000000040)=ANY=[@ANYBLOB="1500000065ffff001000000800395032303030"], 0x15)
r2 = dup(r1)
write$FUSE_BMAP(r2, &(0x7f00000002c0)={0x18}, 0x18)
write$FUSE_DIRENT(r2, &(0x7f0000000000)=ANY=[@ANYBLOB="58000000000000009fed2788c5532994414b47034801d524faf416638217", @ANYRES32], 0x58)
mount$9p_fd(0x0, &(0x7f0000000180)='./file0\x00', &(0x7f0000002340), 0x0, &(0x7f00000000c0)=ANY=[@ANYBLOB='trans=fd,rfdno=', @ANYRESHEX=r0, @ANYBLOB=',wfdno=', @ANYRESDEC=r1])
chdir(0x0)
openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000100)='net_prio.prioidx\x00', 0x275a, 0x0)

4m23.182644375s ago: executing program 4 (id=359):
recvmsg$unix(0xffffffffffffffff, 0x0, 0x0)
bpf$MAP_CREATE(0x0, 0x0, 0x0)
r0 = socket$inet6_sctp(0xa, 0x1, 0x84)
setsockopt$inet_sctp6_SCTP_PEER_ADDR_PARAMS(r0, 0x84, 0x9, &(0x7f0000000580)={0x0, @in={{0x2, 0x0, @empty}}, 0x0, 0x0, 0x400, 0x0, 0x30}, 0x9c)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x5, 0x8b}, 0x0)
sched_setscheduler(0x0, 0x1, &(0x7f0000000100)=0x2)
sched_setaffinity(0x0, 0x8, &(0x7f0000000200)=0x400000bce)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
r1 = syz_open_dev$MSR(&(0x7f00000001c0), 0x0, 0x0)
read$msr(r1, &(0x7f0000002000)=""/102400, 0x19000)
socket$nl_generic(0x10, 0x3, 0x10)
r2 = socket$unix(0x1, 0x1, 0x0)
r3 = socket$unix(0x1, 0x1, 0x0)
bind$unix(r3, &(0x7f0000000380)=@file={0x1, '\xe9\x1fq\x89Y\x1e\x923aK\x00'}, 0x6e)
listen(r3, 0x2)
connect$unix(r2, &(0x7f0000fce000)=@file={0x1, '\xe9\x1fq\x89Y\x1e\x923aK\x00'}, 0xc)
sendmmsg$unix(r2, &(0x7f0000004780)=[{{0x0, 0x0, &(0x7f0000000080)=[{&(0x7f0000000140)="411ffa94", 0x4}], 0x1, &(0x7f0000000900)=ANY=[@ANYBLOB="14000000000000000100000001000000", @ANYRES32=r2], 0x18}}], 0x1, 0x0)
accept(r3, 0x0, 0x0)
bind$inet6(r0, &(0x7f00004b8fe4)={0xa, 0x4e23, 0x0, @loopback}, 0x1c)
sendto$inet6(r0, &(0x7f0000847fff)='X', 0x34000, 0x0, &(0x7f000005ffe4)={0xa, 0x4e23, 0x0, @loopback}, 0x1c)

4m20.404206836s ago: executing program 4 (id=364):
socket$nl_generic(0x10, 0x3, 0x10)
ioctl$VIDIOC_S_TUNER(0xffffffffffffffff, 0x4054561e, 0x0)
r0 = openat$sndseq(0xffffffffffffff9c, &(0x7f0000000000), 0x0)
syz_usb_connect$hid(0x2, 0x36, &(0x7f0000000ec0)={{0x12, 0x1, 0x201, 0x0, 0x0, 0x0, 0x10, 0xc45, 0x5112, 0x40, 0x1, 0x2, 0x3, 0x1, [{{0x9, 0x2, 0x24, 0x1, 0x1, 0x0, 0x40, 0x6, [{{0x9, 0x4, 0x0, 0xde, 0x1, 0x3, 0x1, 0x2, 0xb, {0x9, 0x21, 0x6, 0xda, 0x1, {0x22, 0xe8b}}, {{{0x9, 0x5, 0x81, 0x3, 0x3ff, 0x4, 0xc, 0x4}}}}}]}}]}}, &(0x7f0000001380)={0x0, 0x0, 0x0, 0x0})
ioctl$SNDRV_SEQ_IOCTL_GET_CLIENT_POOL(r0, 0xc058534b, &(0x7f0000000040)={0x9, 0xf, 0x10001, 0x4, 0x4, 0xff})
ioctl$VIDIOC_SUBDEV_S_DV_TIMINGS(0xffffffffffffffff, 0xc0845657, &(0x7f0000000040)={0x0, @bt={0xa00, 0x63c, 0x1, 0x3, 0xd59f83, 0x19f5, 0x3f, 0x7, 0x3, 0x6, 0x2800, 0x2800, 0x12, 0xba2, 0x5, 0x3e, {0x8, 0xffffffff}, 0xd0, 0x9}})
syz_emit_ethernet(0x4e, &(0x7f0000000100)={@link_local, @remote, @void, {@ipv6={0x86dd, @icmpv6={0x0, 0x6, '\x00@\x00', 0x18, 0x3a, 0xff, @private0, @local, {[], @ndisc_na={0x88, 0x0, 0x0, 0xfc, '\x00', @dev}}}}}}, 0x0)
r1 = syz_usb_connect(0x0, 0x24, &(0x7f0000000040)=ANY=[@ANYBLOB="1201000003005740ed0b0011c3ec000000010902120001000000000904"], 0x0)
syz_usb_control_io(r1, 0x0, &(0x7f00000010c0)={0x84, &(0x7f0000000080)=ANY=[@ANYBLOB="00000100000008"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0})
getsockopt$inet_buf(0xffffffffffffffff, 0x6, 0x29, 0x0, 0x0)
ioctl$SNDRV_SEQ_IOCTL_QUERY_NEXT_PORT(r0, 0xc0a85352, &(0x7f0000000100)={{0x5, 0x1}, 'port1\x00', 0x84, 0x40004, 0xfffffa7b, 0x1, 0x7f, 0x9, 0xff, 0x0, 0x1, 0x9})

4m18.340270647s ago: executing program 4 (id=368):
openat$binderfs(0xffffffffffffff9c, &(0x7f0000000040)='./binderfs/binder0\x00', 0x800, 0x0)
r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000040), 0x202, 0x0)
r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0)
r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x2)
ioctl$KVM_SET_USER_MEMORY_REGION(r1, 0x4020ae46, &(0x7f0000000100)={0x0, 0x2, 0x0, 0x2000, &(0x7f0000000000/0x2000)=nil})
syz_kvm_setup_cpu$x86(0xffffffffffffffff, r2, &(0x7f0000001000/0x18000)=nil, &(0x7f0000000080)=[@text32={0x20, 0x0}], 0x1, 0x19, 0x0, 0x0)
syz_kvm_setup_cpu$x86(r1, 0xffffffffffffffff, &(0x7f00001b0000/0x18000)=nil, &(0x7f00000000c0)=[@textreal={0x8, &(0x7f0000000000)="f00fc7484d36f08266060266b9800000c00f326635000400000f308bc1de780066b9aa0200000f322e0f01cf66b9ab0900000f32f2f031b3e759dc2c", 0x3c}], 0x1, 0x9f6a364b3fac2a63, 0x0, 0x0)
ioctl$KVM_RUN(r2, 0xae80, 0x0)
r3 = socket$l2tp6(0xa, 0x2, 0x73)
bind$l2tp6(r3, &(0x7f0000000040)={0xa, 0x0, 0x0, @empty}, 0x20)
syz_emit_ethernet(0x46, &(0x7f0000000440)=ANY=[@ANYBLOB="aaaaaaaaaaaaffffffffffff86dd60f91e2e00107300fc040000000000000000000000000000ff02000000000000000000000000000100000000ff"], 0x0)
recvfrom(r3, 0x0, 0x0, 0x10020, 0x0, 0x0)

4m17.329433614s ago: executing program 4 (id=373):
r0 = socket$netlink(0x10, 0x3, 0xe)
mkdirat(0xffffffffffffff9c, &(0x7f0000000080)='./file1\x00', 0x0) (async)
mkdirat(0xffffffffffffff9c, &(0x7f0000000080)='./file1\x00', 0x0)
mount$fuse(0x0, 0x0, 0x0, 0x2b38094, &(0x7f0000000400)=ANY=[@ANYBLOB='fd=', @ANYRESHEX=0x0]) (async)
mount$fuse(0x0, 0x0, 0x0, 0x2b38094, &(0x7f0000000400)=ANY=[@ANYBLOB='fd=', @ANYRESHEX=0x0])
mount(0x0, &(0x7f0000000380)='./file1\x00', &(0x7f0000000040)='autofs\x00', 0x0, &(0x7f0000000400))
chdir(&(0x7f0000000080)='./file1\x00')
mkdir(&(0x7f0000000340)='./file0\x00', 0x0)
openat$fuse(0xffffffffffffff9c, &(0x7f0000000040), 0x42, 0x0) (async)
r1 = openat$fuse(0xffffffffffffff9c, &(0x7f0000000040), 0x42, 0x0)
mount$fuse(0x0, &(0x7f0000000000)='./file0\x00', &(0x7f0000002100), 0x0, &(0x7f0000002140)=ANY=[@ANYBLOB='fd=', @ANYRESHEX=r1, @ANYBLOB=',rootmode=0000000000000000040000,user_id=', @ANYRESDEC=0x0, @ANYBLOB=',group_id=', @ANYRESDEC=0x0])
write$FUSE_INIT(r1, 0x0, 0x0)
syz_fuse_handle_req(r1, 0x0, 0x0, 0x0)
r2 = open(&(0x7f0000000000)='.\x00', 0x0, 0x0)
r3 = openat$fuse(0xffffffffffffff9c, &(0x7f0000000080), 0x2, 0x0)
mount$fuse(0x0, &(0x7f00000020c0)='./file0\x00', &(0x7f0000000800), 0x0, &(0x7f00000003c0)=ANY=[@ANYBLOB='fd=', @ANYRESHEX=r3, @ANYBLOB=',rootmode=00000000000000000040000,user_id=', @ANYRESDEC=0x0, @ANYBLOB=',group_id=', @ANYRESDEC=0x0]) (async)
mount$fuse(0x0, &(0x7f00000020c0)='./file0\x00', &(0x7f0000000800), 0x0, &(0x7f00000003c0)=ANY=[@ANYBLOB='fd=', @ANYRESHEX=r3, @ANYBLOB=',rootmode=00000000000000000040000,user_id=', @ANYRESDEC=0x0, @ANYBLOB=',group_id=', @ANYRESDEC=0x0])
mount$bind(&(0x7f00000002c0)='.\x00', &(0x7f00000001c0)='./file0\x00', 0x0, 0x101091, 0x0) (async)
mount$bind(&(0x7f00000002c0)='.\x00', &(0x7f00000001c0)='./file0\x00', 0x0, 0x101091, 0x0)
ioctl$AUTOFS_IOC_PROTOSUBVER(r2, 0x40049366, 0x0)
ioctl$vim2m_VIDIOC_REQBUFS(r0, 0xc0145608, &(0x7f0000000000)={0x5, 0x2, 0x0, 0x0, 0xff}) (async)
ioctl$vim2m_VIDIOC_REQBUFS(r0, 0xc0145608, &(0x7f0000000000)={0x5, 0x2, 0x0, 0x0, 0xff})
ioctl$sock_SIOCGIFINDEX(r0, 0x8933, &(0x7f0000000180)={'syz_tun\x00', <r4=>0x0})
sendmsg$nl_route(r0, &(0x7f0000000140)={0x0, 0x0, &(0x7f0000000240)={&(0x7f0000000880)=ANY=[@ANYBLOB="280000001300f5d10300"/20, @ANYRES32=r4, @ANYBLOB="000000000000000008000d0008000004"], 0x28}, 0x1, 0x0, 0x0, 0x40010}, 0x0)

4m15.299629872s ago: executing program 4 (id=376):
mknod(0x0, 0x8001420, 0x0)
open$dir(0x0, 0x6ec76a2667f068ba, 0x80)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x40}, 0x0)
openat(0xffffffffffffff9c, &(0x7f000000c380)='./file0\x00', 0x40, 0x0)
bpf$MAP_CREATE(0x0, 0x0, 0x50)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x88}, 0x0)
sched_setscheduler(0x0, 0x1, &(0x7f0000000240)=0x7)
r0 = getpid()
sched_setscheduler(r0, 0x2, &(0x7f0000000200)=0x7)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={<r1=>0xffffffffffffffff, <r2=>0xffffffffffffffff})
connect$unix(r1, &(0x7f000057eff8)=@abs={0x0, 0x0, 0x4e24}, 0x6e)
sendmmsg$unix(r2, &(0x7f0000000000), 0x651, 0x0)
recvmmsg(r1, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000000)=0x6)
r3 = openat$ttyS3(0xffffffffffffff9c, &(0x7f0000001840), 0x2982, 0x0)
r4 = openat$procfs(0xffffffffffffff9c, &(0x7f0000000000)='/proc/stat\x00', 0x0, 0x0)
sendfile(r3, r4, 0x0, 0x20000023896)
sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x7)
r5 = getpid()
sched_setscheduler(r5, 0x2, &(0x7f0000000200)=0x5)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={<r6=>0xffffffffffffffff})
r7 = socket$qrtr(0x2a, 0x2, 0x0)
connect$qrtr(r7, &(0x7f0000000100)={0x2a, 0x0, 0x1}, 0xc)
r8 = openat$qrtrtun(0xffffffffffffff9c, &(0x7f0000000080), 0x2)
write$binfmt_aout(r8, &(0x7f00000001c0)=ANY=[@ANYBLOB="03010000b5"], 0xc8)
writev(r7, &(0x7f00000000c0)=[{&(0x7f0000002680)="1e", 0x1}], 0x1)
close(0x4)
connect$unix(r6, &(0x7f000057eff8)=@abs={0x0, 0x0, 0x4e21}, 0x6e)

3m59.158964538s ago: executing program 32 (id=376):
mknod(0x0, 0x8001420, 0x0)
open$dir(0x0, 0x6ec76a2667f068ba, 0x80)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x40}, 0x0)
openat(0xffffffffffffff9c, &(0x7f000000c380)='./file0\x00', 0x40, 0x0)
bpf$MAP_CREATE(0x0, 0x0, 0x50)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x88}, 0x0)
sched_setscheduler(0x0, 0x1, &(0x7f0000000240)=0x7)
r0 = getpid()
sched_setscheduler(r0, 0x2, &(0x7f0000000200)=0x7)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={<r1=>0xffffffffffffffff, <r2=>0xffffffffffffffff})
connect$unix(r1, &(0x7f000057eff8)=@abs={0x0, 0x0, 0x4e24}, 0x6e)
sendmmsg$unix(r2, &(0x7f0000000000), 0x651, 0x0)
recvmmsg(r1, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000000)=0x6)
r3 = openat$ttyS3(0xffffffffffffff9c, &(0x7f0000001840), 0x2982, 0x0)
r4 = openat$procfs(0xffffffffffffff9c, &(0x7f0000000000)='/proc/stat\x00', 0x0, 0x0)
sendfile(r3, r4, 0x0, 0x20000023896)
sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x7)
r5 = getpid()
sched_setscheduler(r5, 0x2, &(0x7f0000000200)=0x5)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={<r6=>0xffffffffffffffff})
r7 = socket$qrtr(0x2a, 0x2, 0x0)
connect$qrtr(r7, &(0x7f0000000100)={0x2a, 0x0, 0x1}, 0xc)
r8 = openat$qrtrtun(0xffffffffffffff9c, &(0x7f0000000080), 0x2)
write$binfmt_aout(r8, &(0x7f00000001c0)=ANY=[@ANYBLOB="03010000b5"], 0xc8)
writev(r7, &(0x7f00000000c0)=[{&(0x7f0000002680)="1e", 0x1}], 0x1)
close(0x4)
connect$unix(r6, &(0x7f000057eff8)=@abs={0x0, 0x0, 0x4e21}, 0x6e)

14.989025263s ago: executing program 0 (id=1124):
socket$inet_mptcp(0x2, 0x1, 0x106)
openat$nullb(0xffffffffffffff9c, &(0x7f00000001c0), 0xa802, 0x0)
socketpair$unix(0x1, 0x3, 0x0, &(0x7f0000000080)={<r0=>0xffffffffffffffff, <r1=>0xffffffffffffffff})
connect$unix(r0, &(0x7f000057eff8)=@abs, 0x6e)
sendmmsg$unix(r1, &(0x7f00000bd000), 0x318, 0x0)
recvmmsg(r0, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
r2 = syz_io_uring_setup(0xbdc, &(0x7f0000000640)={0x0, 0xec25, 0x8, 0x1, 0x40000333}, &(0x7f0000000dc0)=<r3=>0x0, &(0x7f00000001c0)=<r4=>0x0)
gettid()
syz_memcpy_off$IO_URING_METADATA_GENERIC(r3, 0x4, 0x0, 0x0, 0x4)
syz_io_uring_submit(r3, r4, &(0x7f0000000200)=@IORING_OP_READV=@pass_iovec={0x1, 0x0, 0x0, @fd_index=0x4, 0x0, &(0x7f0000000600)=[{&(0x7f0000001800)=""/216, 0xd8}], 0x1})
io_uring_enter(r2, 0x847ba, 0x0, 0xe, 0x0, 0x0)

13.188861645s ago: executing program 5 (id=1131):
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x88}, 0x0)
bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, 0x0, 0x0)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, 0x0, 0x0)
sched_setscheduler(0x0, 0x1, &(0x7f0000000240)=0x7)
sendmsg$NL80211_CMD_NEW_KEY(0xffffffffffffffff, &(0x7f00000006c0)={0x0, 0x0, 0x0}, 0x0)
r0 = getpid()
sched_setscheduler(r0, 0x2, &(0x7f0000000200)=0x7)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={<r1=>0xffffffffffffffff, <r2=>0xffffffffffffffff})
connect$unix(r1, &(0x7f000057eff8)=@abs, 0x6e)
sendmmsg$unix(r2, &(0x7f0000000000), 0x651, 0x0)
recvmmsg(r1, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000000)=0x6)
socket$nl_netfilter(0x10, 0x3, 0xc)
r3 = syz_open_dev$sndctrl(&(0x7f0000000080), 0x1, 0x0)
capset(0x0, &(0x7f0000000040))
r4 = syz_open_procfs(0x0, 0x0)
mount$9p_fd(0x0, 0x0, &(0x7f0000000040), 0x0, 0x0)
syz_io_uring_setup(0x2e3b, &(0x7f0000000080)={0x0, 0x482b, 0x10100, 0x1}, &(0x7f0000000140)=<r5=>0x0, &(0x7f0000000300)=<r6=>0x0)
syz_io_uring_submit(r5, r6, &(0x7f0000000180)=@IORING_OP_READV=@pass_iovec={0x1, 0x0, 0x0, @fd=r4, 0x0, &(0x7f0000000800)=[{0x0}, {0x0}], 0x2})
bind$inet6(0xffffffffffffffff, &(0x7f0000000140)={0xa, 0x4e22, 0x0, @empty}, 0x1c)
socket$netlink(0x10, 0x3, 0x4)
ioctl$SNDRV_CTL_IOCTL_ELEM_READ(r3, 0xc4c85512, 0x0)
ioctl$VIDIOC_S_DV_TIMINGS(0xffffffffffffffff, 0xc0845657, &(0x7f0000000380)={0x0, @bt={0x12, 0x7c5, 0x1, 0x3, 0xd59f80, 0x4, 0x5, 0xa, 0x8, 0x5, 0x722, 0xe72, 0x8, 0x8, 0x2e, 0x8, {0xffff945a, 0x1}, 0x3, 0xed}})
bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f00000013c0)={0x18, 0x3, &(0x7f0000000000)=ANY=[@ANYBLOB="18004534e3a6000000000000030000009bd717cbba85b59500000000000000f3acbb35d9fdd2f8b805f4074d"], &(0x7f0000000300)='GPL\x00', 0x5, 0x0, 0x0, 0x41000}, 0x94)

9.559863811s ago: executing program 0 (id=1139):
r0 = socket$nl_netfilter(0x10, 0x3, 0xc)
r1 = socket$nl_netfilter(0x10, 0x3, 0xc)
sendmsg$NFT_BATCH(r1, &(0x7f0000000200)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000240)=ANY=[@ANYBLOB="140000001000010000000000000000000000000a20000000000a03000000000000000000010000000900010073797a30000000006c000000160a01020000000000000000010000000900010073797a30000000000900020073797a3000000000400003802c00038004000100766c616e31000000000000000000000014000100776c616e3100000000000000000000000800014000000000080002"], 0xfc}}, 0x0)
sendmsg$NFT_MSG_GETRULE(r0, &(0x7f0000000180)={0x0, 0x0, &(0x7f0000000140)={&(0x7f00000003c0)=ANY=[@ANYBLOB="200000e7a9825aea6a86300000004b7a30e277310f000000000000005d000000"], 0x20}, 0x1, 0x0, 0x0, 0x4008800}, 0x40)
r2 = socket$inet_sctp(0x2, 0x5, 0x84)
r3 = socket$packet(0x11, 0x3, 0x300)
setsockopt$packet_fanout(r3, 0x107, 0x12, &(0x7f0000000000)={0x3, 0x6}, 0x4)
setsockopt$packet_fanout_data(r3, 0x107, 0x16, &(0x7f00000000c0)={0x1, &(0x7f0000000100)=[{0x6, 0x6, 0xfa, 0x80000001}]}, 0x10)
close_range(r2, 0xffffffffffffffff, 0x0)

9.45714337s ago: executing program 3 (id=1140):
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0) (async, rerun: 64)
sched_setscheduler(0x0, 0x2, &(0x7f0000000640)=0x2) (async, rerun: 64)
r0 = gettid()
r1 = getpgrp(r0)
sched_setaffinity(r1, 0xfe, &(0x7f0000000280)=0x3)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0) (async, rerun: 32)
r2 = syz_open_dev$MSR(&(0x7f00000001c0), 0x0, 0x0) (rerun: 32)
read$msr(r2, &(0x7f0000019680)=""/102392, 0x18ff8)
openat$adsp1(0xffffffffffffff9c, &(0x7f0000000240), 0x300, 0x0) (async, rerun: 64)
r3 = openat$dsp(0xffffffffffffff9c, &(0x7f0000000000), 0x42, 0x0) (rerun: 64)
write$dsp(r3, &(0x7f0000000200)='m', 0x1) (async)
ioctl$SNDCTL_DSP_GETODELAY(r3, 0x80045017, &(0x7f0000000040)) (async, rerun: 64)
ioctl$SOUND_OLD_MIXER_INFO(r3, 0x80304d65, &(0x7f00000000c0)) (async, rerun: 64)
r4 = openat$ptmx(0xffffffffffffff9c, &(0x7f00000001c0), 0x240, 0x0)
ioctl$TIOCSETD(r4, 0x5423, &(0x7f0000000000)=0xf)
ioctl$TCFLSH(r4, 0x400455c8, 0x4) (async)
ioctl$TIOCSTI(r4, 0x5412, &(0x7f0000000040)=0x33) (async)
openat$sequencer2(0xffffffffffffff9c, &(0x7f0000000080), 0x8e383, 0x0)

9.096841217s ago: executing program 0 (id=1141):
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000180)=0x4)
sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
r0 = syz_open_dev$MSR(&(0x7f0000000280), 0x0, 0x0)
read$msr(r0, &(0x7f0000019680)=""/102392, 0x18ff8)
syz_emit_ethernet(0x0, 0x0, 0x0)
bpf$BPF_MAP_CONST_STR_FREEZE(0x16, &(0x7f0000000000), 0x4)
bind$netlink(0xffffffffffffffff, &(0x7f0000000000)={0x10, 0x0, 0x2ddfdbff, 0x2ffffffff}, 0xc)
syz_genetlink_get_family_id$devlink(0x0, 0xffffffffffffffff)
r1 = openat$iommufd(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0)
ioctl$IOMMU_IOAS_ALLOC(r1, 0x3b81, &(0x7f00000000c0)={0xc, 0x0, <r2=>0x0})
bpf$BPF_PROG_WITH_BTFID_LOAD(0x5, &(0x7f0000000300)=@bpf_lsm={0xd, 0x5, &(0x7f0000000040)=@framed={{0x76, 0xa, 0x0, 0x0, 0x0, 0x61, 0x11, 0x3c}, [@initr0]}, &(0x7f0000000000)='GPL\x00'}, 0x80)
ioctl$IOMMU_TEST_OP_MOCK_DOMAIN(r1, 0x3ba0, &(0x7f00000003c0)={0x48, 0x2, r2})
syz_emit_ethernet(0x0, 0x0, 0x0)
r3 = socket$inet6_tcp(0xa, 0x1, 0x0)
setsockopt$inet6_IPV6_FLOWLABEL_MGR(r3, 0x29, 0x1b, &(0x7f0000000000)={@remote}, 0x20)
ioctl$IOMMU_IOAS_MAP$PAGES(r1, 0x3b85, &(0x7f0000000100)={0x28, 0x6, r2, 0x0, &(0x7f0000c00000/0x400000)=nil, 0x400000, 0x51e})
openat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000000), 0x200002, 0x0)
write$cgroup_pid(0xffffffffffffffff, 0x0, 0x0)
r4 = fspick(0xffffffffffffff9c, &(0x7f0000000080)='./file0\x00', 0x1)
fsmount(r4, 0x0, 0x80)
openat(0xffffffffffffff9c, 0x0, 0x2, 0x90)

8.364862961s ago: executing program 5 (id=1142):
r0 = syz_init_net_socket$nl_generic(0x10, 0x3, 0x10)
r1 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000200)={0x18, 0x4, &(0x7f00000002c0)=ANY=[@ANYBLOB="18010000000000000000000000000000850000006d00000095"], &(0x7f0000000100)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x2}, 0x80)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000080)={&(0x7f0000000000)='sched_switch\x00', r1}, 0x10)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0xf, 0x100}, 0x0)
sched_setscheduler(0x0, 0x1, &(0x7f0000000240)=0x7)
r2 = getpid()
sched_setscheduler(r2, 0x2, &(0x7f0000000200)=0x7)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={<r3=>0xffffffffffffffff, <r4=>0xffffffffffffffff})
connect$unix(r3, &(0x7f000057eff8)=@abs={0x0, 0x0, 0xfffffffe}, 0x6e)
sendmmsg$unix(r4, &(0x7f0000000000), 0x651, 0x0)
recvmmsg(r3, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000000)=0x6)
r5 = syz_open_procfs(r2, &(0x7f00000001c0)='net/wireless\x00')
bind$inet6(0xffffffffffffffff, 0x0, 0x0)
connect$unix(r3, 0x0, 0x0)
getsockopt$inet6_tcp_TCP_ZEROCOPY_RECEIVE(0xffffffffffffffff, 0x6, 0x23, &(0x7f0000000240)={&(0x7f0000b95000/0x4000)=nil, 0x4000, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x0)
pread64(r5, &(0x7f0000000480)=""/177, 0xb1, 0xa6)
socket$inet6_sctp(0xa, 0x1, 0x84)
socket$tipc(0x1e, 0x2, 0x0)
pipe(0x0)
fcntl$setpipe(0xffffffffffffffff, 0x407, 0x7000000)
r6 = socket$inet6_tcp(0xa, 0x1, 0x0)
getsockopt$IP_VS_SO_GET_SERVICES(r6, 0x0, 0x482, &(0x7f0000001640)=""/139, &(0x7f0000000100)=0x8)
r7 = syz_open_dev$loop(&(0x7f0000000040), 0x7, 0xc0041)
writev(r7, &(0x7f0000000840)=[{&(0x7f0000000300)="9c7c1f01", 0x4}], 0x1)
r8 = syz_genetlink_get_family_id$netlbl_cipso(&(0x7f0000000100), 0xffffffffffffffff)
sendmsg$NLBL_CIPSOV4_C_ADD(r0, &(0x7f0000000180)={&(0x7f0000000080)={0x10, 0x0, 0x0, 0x2000000}, 0xc, &(0x7f0000000140)={&(0x7f00000008c0)={0x3dc, r8, 0x200, 0x70bd25, 0x25dfdbfd, {}, [@NLBL_CIPSOV4_A_DOI={0x8, 0x1, 0x2}, @NLBL_CIPSOV4_A_MLSLVLLST={0x188, 0x8, 0x0, 0x1, [{0x44, 0x7, 0x0, 0x1, [@NLBL_CIPSOV4_A_MLSLVLLOC={0x8, 0x5, 0x13f22e3f}, @NLBL_CIPSOV4_A_MLSLVLREM={0x8, 0x6, 0x2a}, @NLBL_CIPSOV4_A_MLSLVLLOC={0x8, 0x5, 0x250821f9}, @NLBL_CIPSOV4_A_MLSLVLLOC={0x8, 0x5, 0x9658}, @NLBL_CIPSOV4_A_MLSLVLLOC={0x8, 0x5, 0x33af1859}, @NLBL_CIPSOV4_A_MLSLVLLOC={0x8, 0x5, 0x31aeb28c}, @NLBL_CIPSOV4_A_MLSLVLLOC={0x8, 0x5, 0x6734bde}, @NLBL_CIPSOV4_A_MLSLVLLOC={0x8, 0x5, 0x6f052b21}]}, {0x44, 0x7, 0x0, 0x1, [@NLBL_CIPSOV4_A_MLSLVLLOC={0x8, 0x5, 0x616bca9d}, @NLBL_CIPSOV4_A_MLSLVLLOC={0x8, 0x5, 0x6226b042}, @NLBL_CIPSOV4_A_MLSLVLLOC={0x8, 0x5, 0x764a4772}, @NLBL_CIPSOV4_A_MLSLVLREM={0x8, 0x6, 0x59}, @NLBL_CIPSOV4_A_MLSLVLLOC={0x8, 0x5, 0x3291f1bb}, @NLBL_CIPSOV4_A_MLSLVLREM={0x8, 0x6, 0xf1}, @NLBL_CIPSOV4_A_MLSLVLREM={0x8, 0x6, 0x77}, @NLBL_CIPSOV4_A_MLSLVLREM={0x8, 0x6, 0x34}]}, {0x24, 0x7, 0x0, 0x1, [@NLBL_CIPSOV4_A_MLSLVLLOC={0x8, 0x5, 0x76261518}, @NLBL_CIPSOV4_A_MLSLVLLOC={0x8, 0x5, 0x353ebcf}, @NLBL_CIPSOV4_A_MLSLVLLOC={0x8, 0x5, 0x25cd6ddb}, @NLBL_CIPSOV4_A_MLSLVLLOC={0x8, 0x5, 0xd65c45e}]}, {0xc, 0x7, 0x0, 0x1, [@NLBL_CIPSOV4_A_MLSLVLLOC={0x8, 0x5, 0x5c0e395e}]}, {0x2c, 0x7, 0x0, 0x1, [@NLBL_CIPSOV4_A_MLSLVLLOC={0x8, 0x5, 0x7ba7dcf4}, @NLBL_CIPSOV4_A_MLSLVLLOC={0x8, 0x5, 0x574ef041}, @NLBL_CIPSOV4_A_MLSLVLLOC={0x8, 0x5, 0x76d9bff1}, @NLBL_CIPSOV4_A_MLSLVLREM={0x8, 0x6, 0x79}, @NLBL_CIPSOV4_A_MLSLVLREM={0x8, 0x6, 0xee}]}, {0x2c, 0x7, 0x0, 0x1, [@NLBL_CIPSOV4_A_MLSLVLREM={0x8, 0x6, 0x59}, @NLBL_CIPSOV4_A_MLSLVLREM={0x8, 0x6, 0x200000aa}, @NLBL_CIPSOV4_A_MLSLVLLOC={0x8, 0x5, 0x2027ab1a}, @NLBL_CIPSOV4_A_MLSLVLREM={0x8, 0x6, 0x67}, @NLBL_CIPSOV4_A_MLSLVLREM={0x8, 0x6, 0x70}]}, {0x14, 0x7, 0x0, 0x1, [@NLBL_CIPSOV4_A_MLSLVLREM={0x8, 0x6, 0x51}, @NLBL_CIPSOV4_A_MLSLVLREM={0x8, 0x6, 0xf2}]}, {0x4c, 0x7, 0x0, 0x1, [@NLBL_CIPSOV4_A_MLSLVLLOC={0x8, 0x5, 0x3638cf23}, @NLBL_CIPSOV4_A_MLSLVLLOC={0x8, 0x5, 0x66312679}, @NLBL_CIPSOV4_A_MLSLVLREM={0x8, 0x6, 0xfd}, @NLBL_CIPSOV4_A_MLSLVLLOC={0x8, 0x5, 0x745d6908}, @NLBL_CIPSOV4_A_MLSLVLLOC={0x8, 0x5, 0xcc67e39}, @NLBL_CIPSOV4_A_MLSLVLREM={0x8, 0x6, 0x4e}, @NLBL_CIPSOV4_A_MLSLVLREM={0x8, 0x6, 0x46}, @NLBL_CIPSOV4_A_MLSLVLLOC={0x8, 0x5, 0x452bd5b5}, @NLBL_CIPSOV4_A_MLSLVLREM={0x8, 0x6, 0x1d}]}, {0x14, 0x7, 0x0, 0x1, [@NLBL_CIPSOV4_A_MLSLVLREM={0x8, 0x6, 0xc3}, @NLBL_CIPSOV4_A_MLSLVLREM={0x8, 0x6, 0xfc}]}]}, @NLBL_CIPSOV4_A_MLSCATLST={0x4}, @NLBL_CIPSOV4_A_MLSLVLLST={0x128, 0x8, 0x0, 0x1, [{0x2c, 0x7, 0x0, 0x1, [@NLBL_CIPSOV4_A_MLSLVLREM={0x8, 0x6, 0x7c}, @NLBL_CIPSOV4_A_MLSLVLREM={0x8, 0x6, 0x35}, @NLBL_CIPSOV4_A_MLSLVLLOC={0x8, 0x5, 0x53e8bbc3}, @NLBL_CIPSOV4_A_MLSLVLLOC={0x8, 0x5, 0x1bafda03}, @NLBL_CIPSOV4_A_MLSLVLREM={0x8, 0x6, 0x8a}]}, {0x2c, 0x7, 0x0, 0x1, [@NLBL_CIPSOV4_A_MLSLVLREM={0x8, 0x6, 0x83}, @NLBL_CIPSOV4_A_MLSLVLREM={0x8, 0x6, 0x2}, @NLBL_CIPSOV4_A_MLSLVLREM={0x8, 0x6, 0x4e}, @NLBL_CIPSOV4_A_MLSLVLREM={0x8, 0x6, 0x46}, @NLBL_CIPSOV4_A_MLSLVLLOC={0x8, 0x5, 0xdaaa5b6}]}, {0x1c, 0x7, 0x0, 0x1, [@NLBL_CIPSOV4_A_MLSLVLLOC={0x8, 0x5, 0x702d488e}, @NLBL_CIPSOV4_A_MLSLVLREM={0x8, 0x6, 0xcd}, @NLBL_CIPSOV4_A_MLSLVLREM={0x8, 0x6, 0x26}]}, {0x4}, {0x2c, 0x7, 0x0, 0x1, [@NLBL_CIPSOV4_A_MLSLVLREM={0x8, 0x6, 0xa}, @NLBL_CIPSOV4_A_MLSLVLREM={0x8, 0x6, 0xf1}, @NLBL_CIPSOV4_A_MLSLVLREM={0x8, 0x6, 0x65}, @NLBL_CIPSOV4_A_MLSLVLREM={0x8, 0x6, 0x25}, @NLBL_CIPSOV4_A_MLSLVLLOC={0x8, 0x5, 0x653a4d6a}]}, {0x2c, 0x7, 0x0, 0x1, [@NLBL_CIPSOV4_A_MLSLVLREM={0x8, 0x6, 0x3c}, @NLBL_CIPSOV4_A_MLSLVLLOC={0x8, 0x5, 0x4113008d}, @NLBL_CIPSOV4_A_MLSLVLREM={0x8, 0x6, 0x62}, @NLBL_CIPSOV4_A_MLSLVLLOC={0x8, 0x5, 0x5bb59e36}, @NLBL_CIPSOV4_A_MLSLVLREM={0x8, 0x6, 0x34}]}, {0x24, 0x7, 0x0, 0x1, [@NLBL_CIPSOV4_A_MLSLVLLOC={0x8, 0x5, 0x7083689f}, @NLBL_CIPSOV4_A_MLSLVLLOC={0x8, 0x5, 0x57372a93}, @NLBL_CIPSOV4_A_MLSLVLREM={0x8, 0x6, 0x33}, @NLBL_CIPSOV4_A_MLSLVLREM={0x8, 0x6, 0x42}]}, {0x1c, 0x7, 0x0, 0x1, [@NLBL_CIPSOV4_A_MLSLVLREM={0x8, 0x6, 0x35}, @NLBL_CIPSOV4_A_MLSLVLLOC={0x8, 0x5, 0x2dfdaee6}, @NLBL_CIPSOV4_A_MLSLVLLOC={0x8, 0x5, 0x7c382039}]}, {0x14, 0x7, 0x0, 0x1, [@NLBL_CIPSOV4_A_MLSLVLLOC={0x8, 0x5, 0x441fd6a6}, @NLBL_CIPSOV4_A_MLSLVLREM={0x8, 0x6, 0xc9}]}]}, @NLBL_CIPSOV4_A_DOI={0x8, 0x1, 0x1}, @NLBL_CIPSOV4_A_MLSCATLST={0x104, 0xc, 0x0, 0x1, [{0x14, 0xb, 0x0, 0x1, [@NLBL_CIPSOV4_A_MLSCATREM={0x8, 0xa, 0x85eb}, @NLBL_CIPSOV4_A_MLSCATLOC={0x8, 0x9, 0x5d6b3d76}]}, {0xc, 0xb, 0x0, 0x1, [@NLBL_CIPSOV4_A_MLSCATREM={0x8, 0xa, 0x6e23}]}, {0x24, 0xb, 0x0, 0x1, [@NLBL_CIPSOV4_A_MLSCATLOC={0x8, 0x9, 0x190dfcf4}, @NLBL_CIPSOV4_A_MLSCATREM={0x8, 0xa, 0xa157}, @NLBL_CIPSOV4_A_MLSCATLOC={0x8, 0x9, 0x50865970}, @NLBL_CIPSOV4_A_MLSCATLOC={0x8, 0x9, 0x60feff46}]}, {0x44, 0xb, 0x0, 0x1, [@NLBL_CIPSOV4_A_MLSCATLOC={0x8, 0x9, 0x1fc17f3b}, @NLBL_CIPSOV4_A_MLSCATLOC={0x8, 0x9, 0x7e845ade}, @NLBL_CIPSOV4_A_MLSCATREM={0x8, 0xa, 0xade5}, @NLBL_CIPSOV4_A_MLSCATLOC={0x8, 0x9, 0x2c37c09b}, @NLBL_CIPSOV4_A_MLSCATREM={0x8, 0xa, 0x83cf}, @NLBL_CIPSOV4_A_MLSCATLOC={0x8, 0x9, 0x28eedce6}, @NLBL_CIPSOV4_A_MLSCATREM={0x8, 0xa, 0x293c}, @NLBL_CIPSOV4_A_MLSCATREM={0x8, 0xa, 0xef10}]}, {0x4c, 0xb, 0x0, 0x1, [@NLBL_CIPSOV4_A_MLSCATLOC={0x8, 0x9, 0x4fb63f8d}, @NLBL_CIPSOV4_A_MLSCATLOC={0x8, 0x9, 0x15365f98}, @NLBL_CIPSOV4_A_MLSCATLOC={0x8, 0x9, 0x22ad2e8f}, @NLBL_CIPSOV4_A_MLSCATREM={0x8, 0xa, 0x3c3e}, @NLBL_CIPSOV4_A_MLSCATREM={0x8, 0xa, 0xe78e}, @NLBL_CIPSOV4_A_MLSCATREM={0x8, 0xa, 0x803}, @NLBL_CIPSOV4_A_MLSCATREM={0x8, 0xa, 0x86a3}, @NLBL_CIPSOV4_A_MLSCATREM={0x8, 0xa, 0x1b12}, @NLBL_CIPSOV4_A_MLSCATLOC={0x8, 0x9, 0x2b2755df}]}, {0x2c, 0xb, 0x0, 0x1, [@NLBL_CIPSOV4_A_MLSCATREM={0x8, 0xa, 0x8d2c}, @NLBL_CIPSOV4_A_MLSCATREM={0x8, 0xa, 0xd271}, @NLBL_CIPSOV4_A_MLSCATLOC={0x8, 0x9, 0x451e1338}, @NLBL_CIPSOV4_A_MLSCATLOC={0x8, 0x9, 0x61ce0236}, @NLBL_CIPSOV4_A_MLSCATLOC={0x8, 0x9, 0x58f4e23c}]}]}]}, 0x3dc}, 0x1, 0x0, 0x0, 0xc0}, 0x800)
r9 = openat$ttyS3(0xffffffffffffff9c, &(0x7f0000000080), 0x0, 0x0)
ioctl$TIOCMIWAIT(r9, 0x545c, 0x3000300)

7.848769653s ago: executing program 3 (id=1144):
setsockopt$sock_timeval(0xffffffffffffffff, 0x1, 0x43, &(0x7f00000000c0)={0x77359400}, 0x10)
r0 = openat$nullb(0xffffffffffffff9c, &(0x7f0000000140), 0x4000000105082, 0x0)
openat$nullb(0xffffffffffffff9c, &(0x7f00000003c0), 0x141200, 0x0)
r1 = bpf$MAP_CREATE(0x0, &(0x7f0000000740)=ANY=[@ANYBLOB="0e00000004000000040000000348000000000000ed6f7d97c4112bc82b53adef65e1f7261f3551752c3b55961d632077b4390b040cb9003784b59934f6c3580f46d10a55f7bc7d49cc61a56473968f6fea15fbec0229e4e0d5bb33bb7c3de7b7cca30906ddf5f70a3095a1292a7739bcb5e924da0f260b685de0beee44b69fad249937297b5f460f82935258bf8f3a4025ae", @ANYRES32, @ANYBLOB='\x00'/20, @ANYRES32=0x0, @ANYRES32, @ANYBLOB='\x00'/28], 0x50)
bpf$PROG_LOAD(0x5, &(0x7f0000000840)={0x8, 0x1c, &(0x7f0000000d80)=ANY=[@ANYRES8=r0, @ANYRES32=r1, @ANYBLOB="0000000000000000b702000014000000b7030000000000008500000005000000bf0900000000000035090500000000019400000000070000b7020000000000006b9af0ff000000007609000000000000dbaaf0fff1000000bf86000000000000070800000d000000bfa400000000000007040000f0ffffff560000000800000018220000", @ANYRES32, @ANYBLOB="0000000000000000b7050000080000004608f0ff76000000bf9800000000000056080000000000008500000019000000b70000000000000095"], &(0x7f0000000980)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @cgroup_skb, 0x0, 0xf00, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
syz_io_uring_setup(0xbdc, &(0x7f0000000640)={0x0, 0xec25, 0x8, 0x1, 0x40000333}, &(0x7f0000000dc0)=<r2=>0x0, &(0x7f00000001c0)=<r3=>0x0)
syz_memcpy_off$IO_URING_METADATA_GENERIC(r2, 0x0, &(0x7f0000000180)=0xfffffffc, 0x0, 0x4)
syz_io_uring_submit(r2, r3, &(0x7f0000000200)=@IORING_OP_SHUTDOWN={0x22, 0xa, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x1})
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000340)=0x2)
r4 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000100), 0x100, 0x0)
r5 = ioctl$KVM_CREATE_VM(r4, 0xae01, 0x0)
r6 = ioctl$KVM_CREATE_VCPU(r5, 0xae41, 0x0)
ioctl$KVM_CAP_ENFORCE_PV_FEATURE_CPUID(r6, 0x4068aea3, &(0x7f0000000140)={0xbe, 0x0, 0x1})
syz_kvm_setup_cpu$x86(r5, r6, &(0x7f0000fe6000/0x18000)=nil, &(0x7f0000000300)=[@textreal={0x8, 0x0}], 0x1, 0x4, 0x0, 0x0)
ioctl$KVM_SET_MSRS(r6, 0x4008ae89, &(0x7f0000000000)=ANY=[@ANYBLOB="0100000000f3ffff024d564b"])

6.237961072s ago: executing program 0 (id=1147):
r0 = openat$btrfs_control(0xffffffffffffff9c, &(0x7f0000000080), 0x202042, 0x0)
r1 = bpf$PROG_LOAD_XDP(0x5, &(0x7f0000000480)={0x6, 0x3, &(0x7f0000000040)=ANY=[@ANYRES8=r0], &(0x7f00000002c0)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x25, r0}, 0x94)
r2 = socket$inet6(0xa, 0x3, 0x6)
setsockopt$inet6_buf(r2, 0x29, 0x39, &(0x7f0000000040)="ff02040000ffffffffffffffff1f2be82db1af0000000000", 0x18)
connect$inet6(r2, &(0x7f0000000080)={0xa, 0x4e2b, 0xb, @private1={0xfc, 0x1, '\x00', 0x6}, 0x6}, 0x1c)
setsockopt$inet6_IPV6_RTHDRDSTOPTS(r2, 0x29, 0x37, &(0x7f0000000000)={0x5e}, 0x8)
sendmmsg$inet6(r2, &(0x7f0000002940)=[{{0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x8000000}}], 0x62, 0x0)
setsockopt$packet_fanout(0xffffffffffffffff, 0x107, 0x12, 0x0, 0x0)
syz_emit_ethernet(0x80, &(0x7f0000000000)=ANY=[@ANYBLOB="ffffffffffff00000000000086dd69193914004a2f00fe880000000000000000000000000101ff02000000"], 0x0)
bpf$BPF_PROG_TEST_RUN(0xa, &(0x7f0000000600)={r1, 0x5, 0x100, 0x739, &(0x7f0000000000)="ff", 0x0, 0x149c, 0x503, 0x0, 0x0, 0x0, 0x0, 0x2, 0xffff80fe, 0x1}, 0x48)

5.255952403s ago: executing program 3 (id=1148):
r0 = socket$nl_netfilter(0x10, 0x3, 0xc)
sendmsg$NFNL_MSG_ACCT_NEW(r0, &(0x7f0000000180)={0x0, 0x0, &(0x7f0000000100)={&(0x7f00000001c0)=ANY=[@ANYRES32=r0], 0x2c}, 0x1, 0x0, 0x0, 0x95}, 0x800)
r1 = socket$alg(0x26, 0x5, 0x0)
r2 = socket$unix(0x1, 0x1, 0x0)
r3 = socket$unix(0x1, 0x1, 0x0)
newfstatat(0xffffffffffffff9c, &(0x7f00000000c0)='.\x00', &(0x7f0000000100)={0x0, 0x0, 0x0, 0x0, <r4=>0x0}, 0x0)
setresuid(0x0, r4, 0x0)
bind$unix(r3, &(0x7f0000003000)=@file={0x1}, 0x6e)
listen(r3, 0x0)
connect$unix(r2, &(0x7f0000000640)=@file={0x1}, 0x6e)
bind$alg(r1, &(0x7f0000000540)={0x26, 'rng\x00', 0x0, 0x0, 'drbg_pr_hmac_sha256\x00'}, 0x58)
setsockopt$ALG_SET_KEY(r1, 0x117, 0x1, &(0x7f00000006c0)="361c95", 0x3)
pipe2(&(0x7f0000000040)={<r5=>0xffffffffffffffff}, 0x80080)
ioctl$I2C_RDWR(r5, 0x707, &(0x7f0000000200)={&(0x7f00000000c0)=[{0x59d, 0x210, 0xf, &(0x7f0000000080)="bc35085f204d1c08995ed4d606f3ed"}], 0x1})
sendmsg$NFNL_MSG_ACCT_DEL(r0, &(0x7f0000000a00)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000240)=ANY=[@ANYBLOB="280062c422a7114f160307010000000000000000ee0e2d9bbff1950cffb34f5eb780011f97afd818157e6d1f9d6e975176ce5e8baf8d8fff961484775b3b31792ba14d2486411df04e70b458d417547b324fc7e99340a203f0f4d11f068f1a756bdd888e8db79c9b7ed162b05c587ba29ab4c7d86ab4a109c85f19dec60fc65172d73c3d6a3281bf63817f421a7153138f27f96beccc3ba754a940189daca85cc3c22f61529d3a32492284effcaa37d0da5e0ea85e01fa9efd11f101efe152acbb883b39e663f33748045a514d50bdf29a0c71f2fe4500eba654d77831998be192e18c5ac3e55b8a5d71cd128698afb890b93ffbe839a730070aeddc5b60213652805d05abf5c521501892fc8f7a09178840d726cab8b4c2b870f31a85603d6faafae69f927f95746bdb4351238da6e55cd9ea94714b75770654"], 0x28}, 0x1, 0x0, 0x0, 0xcb5d58d386348ea6}, 0x80810)

5.254762955s ago: executing program 5 (id=1149):
socket$inet_mptcp(0x2, 0x1, 0x106)
openat$nullb(0xffffffffffffff9c, &(0x7f00000001c0), 0xa802, 0x0)
socketpair$unix(0x1, 0x3, 0x0, &(0x7f0000000080)={<r0=>0xffffffffffffffff, <r1=>0xffffffffffffffff})
connect$unix(r0, &(0x7f000057eff8)=@abs, 0x6e)
sendmmsg$unix(r1, &(0x7f00000bd000), 0x318, 0x0)
recvmmsg(r0, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
r2 = syz_io_uring_setup(0xbdc, &(0x7f0000000640)={0x0, 0xec25, 0x8, 0x1, 0x40000333}, &(0x7f0000000dc0)=<r3=>0x0, &(0x7f00000001c0)=<r4=>0x0)
gettid()
syz_memcpy_off$IO_URING_METADATA_GENERIC(r3, 0x4, 0x0, 0x0, 0x4)
syz_io_uring_submit(r3, r4, &(0x7f0000000200)=@IORING_OP_READV=@pass_iovec={0x1, 0x0, 0x0, @fd_index=0x4, 0x0, &(0x7f0000000600)=[{&(0x7f0000001800)=""/216, 0xd8}], 0x1})
io_uring_enter(r2, 0x847ba, 0x0, 0xe, 0x0, 0x0)

4.70030163s ago: executing program 0 (id=1152):
r0 = socket$nl_generic(0x10, 0x3, 0x10)
ioctl$sock_SIOCGIFINDEX(r0, 0x8933, &(0x7f0000000080)={'bridge0\x00', <r1=>0x0})
r2 = socket$nl_route(0x10, 0x3, 0x0)
sendmsg$nl_route(r2, &(0x7f0000000200)={0x0, 0x0, &(0x7f0000000180)={&(0x7f0000000780)=@newlink={0x44, 0x10, 0xfffffffffffffdff, 0x70bd2b, 0x25dfdbfb, {0x0, 0x0, 0x0, 0x0, 0x0, 0x33822}, [@IFLA_LINKINFO={0x14, 0x12, 0x0, 0x1, @macvlan={{0xc}, {0x2}}}, @IFLA_LINK={0x8, 0x5, r1}, @IFLA_MASTER={0x8, 0xa, r1}]}, 0x44}, 0x1, 0x0, 0x1000000, 0x1}, 0x20040040)

4.648575418s ago: executing program 3 (id=1154):
sendmmsg$inet(0xffffffffffffffff, 0x0, 0x0, 0x0)
r0 = socket$netlink(0x10, 0x3, 0x10)
r1 = socket$inet6(0xa, 0x1, 0x0)
setsockopt$inet6_int(r1, 0x29, 0xb, &(0x7f0000000040)=0x9eb6, 0x4)
getsockopt$inet6_buf(r1, 0x29, 0x6, 0x0, &(0x7f0000000080))
bind$netlink(r0, &(0x7f0000514ff4)={0x10, 0x0, 0x0, 0x2ffffffff}, 0xc)
r2 = socket$netlink(0x10, 0x3, 0x10)
bind$netlink(r2, &(0x7f0000514ff4)={0x10, 0x0, 0x0, 0x2ffffffff}, 0xc)
setsockopt$sock_int(r2, 0x1, 0x8, &(0x7f0000000300), 0x4)
setsockopt$netlink_NETLINK_BROADCAST_ERROR(r2, 0x10e, 0x4, &(0x7f0000000040)=0x1800, 0x4)
socket$nl_netfilter(0x10, 0x3, 0xc)
bpf$MAP_CREATE(0x0, &(0x7f00000009c0)=ANY=[@ANYBLOB="0e000000040000000800000005"], 0x48)
socket$inet6_sctp(0xa, 0x1, 0x84)
r3 = socket$inet6_sctp(0xa, 0x1, 0x84)
setsockopt$inet_sctp6_SCTP_ENABLE_STREAM_RESET(r3, 0x84, 0x76, &(0x7f0000000200)={0x0, 0x7}, 0x8)
setsockopt$inet_sctp6_SCTP_RECONFIG_SUPPORTED(r3, 0x84, 0x75, &(0x7f0000000340)={0x0, 0xcc}, 0x8)
setsockopt$inet_sctp_SCTP_SOCKOPT_BINDX_ADD(r3, 0x84, 0x64, &(0x7f0000000280)=[@in6={0xa, 0x4e23, 0x0, @loopback}], 0x1c)
sendmmsg$inet6(r3, &(0x7f0000000780)=[{{&(0x7f0000000080)={0xa, 0x4e23, 0x0, @loopback, 0x3}, 0x1c, &(0x7f0000000500)=[{&(0x7f00000034c0)='\x00', 0x1}], 0x1}}], 0x1, 0x3404c8d4)
setsockopt$inet_sctp6_SCTP_RESET_STREAMS(r3, 0x84, 0x77, &(0x7f0000000040)=ANY=[@ANYRES32=0x0, @ANYRES16=r3], 0x1000f)
sendmsg$IEEE802154_START_REQ(0xffffffffffffffff, &(0x7f0000000100)={0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x1}, 0x0)
openat$audio1(0xffffffffffffff9c, &(0x7f0000000240), 0x20402, 0x0)
r4 = add_key$user(&(0x7f00000003c0), &(0x7f0000000440), &(0x7f00000000c0), 0xc9, 0xfffffffffffffffd)
keyctl$dh_compute(0x17, &(0x7f0000000000)={r4, r4, r4}, 0x0, 0x0, &(0x7f0000000280)={&(0x7f00000000c0)={'sm3\x00'}})
r5 = socket$nl_generic(0x10, 0x3, 0x10)
r6 = socket$nl_generic(0x10, 0x3, 0x10)
sendmsg$nl_generic(r6, &(0x7f0000000140)={0x0, 0x0, &(0x7f0000001ac0)={&(0x7f0000000000)=ANY=[@ANYBLOB="2c0000002d00010026bd7000fcdbdf2504"], 0x2c}, 0x1, 0x0, 0x0, 0x4000d}, 0x20008010)
r7 = syz_genetlink_get_family_id$tipc(&(0x7f00000000c0), r0)
r8 = bpf$PROG_LOAD(0x5, &(0x7f0000000080)={0x8, 0xe, &(0x7f0000000880)=ANY=[@ANYBLOB="b702000000000000bfa30000000000000703000000feffff7a0af0ff1100001f79a4f0ff00000000b706000000000081ad64020000000000450404000100ff0f1704000001130a00b7040000050000006a0af2fe00000000850000001a000000b700000000000000950000000000000000e154cd844a954b26c933f7ffffffffffffff55bb2007ee51050512da90b5b42128aa090a79507df719af36349f298129da4871307b534bf901115e17392ac66ad022186a8929d1c000006146001e04aeacea799a22a2fa030000c412f6cae80043eb27d53319d0ad229e5752548300000000dbc2777df1509516f06f1330cf8c3a8b1ff72e6127b0dd488318b5790bee7ebd4745b7cdd77b85b941092314fd085f028f4e09d63781987af2abd55a87ac0394b2f92ffab7d153d62058d0a413b217369ca8b6712f000000001b1df65b3e1b9bf115646914ce53d13d0ccacda1ef16fdcceaede3faedc51d29a47fc813ce3d32cfc7a504c271d6d6f4ea6bf97f2f1be2ea2e534300bcb3fdc4b4861004eefbda7f54f82a804d4a69bf9bc5fa77ee293fbd165a5a68488e40b030166565a097b1b44b451de7940b0000db8db03d4b7745fef1d04ec633dee254a6d491b8496da787e814c4fdf0b4a387b4c8149d18c1020029a18986252a70f8f92eb6f0e8c7db000068fbaa2e2a27efd9104297f2c58159f02d1b72183aacf4a84f9130b775dd4e9e3070756f97ad791fa909ac06b57479321a0574fb304bc2a1681989328c8ddc20ea011bf5742e0ef94234db1f00000000000000c20fb4791ec85821d0c48fb657c29b309c73f0977e7cde65a82b94c461d7962b35f421c3552772ca7f3e2c25a65f75ca13fb7c8bbd6ff43cb78b6e7dac1aba4b20dc7de058a4dfa7e85a8bdf1d41aad8bda74d66f47cc17d8ba3eec0fd80f82c5f573c6d294d366505000000da0fde0745db06753a7ac7fe13cab6692422a46e9ffe2d4a2d32f7528751313694bf5700b20ef0c248ddd3da323947004cacadcaff2066bb5d4045c9585638c2153a6eee01738b0c10671f4f559b7dcb98a6273b8c5f1e24d9f679e4fbe948dfb4cc4a389485ee7af1f0387c93559653f50a471c69608241730459f012b060e7d23fd39206000000000000eb55d00162325ba141bd587cc9dad46de56ef907b059b99a79ae5498f6589880ed6eea7b9c670012f80cd6a1397953ba5870786554df26236ebced9390cb6941b8365d936a7d2120eca291963eb2d537d87cbb54e588ee5d6944ee4de5c183c960119451c31539b22809e1d7f0c7a06a9fa87d64cb77872a0aa9a104e16b3b8c6e64836ac3f32f53c9a2bae513464ca03aff14b9aa4bd9539f5096412b92012e095b84c202060098df3314f0e399d1b9f27e3c33269c0e153b28b2d4410572bc45b9d3fa02208d304d455c363000000000223201780200c6ed7966130b547dbf8b497af0a77f52f2cd39000000200000e81c23cf14156951210001c800000000001500000000000928ee53595a779d243a48cea769470424d28804c026ab7f4a5c81921e0128dfd70b438af60b060000000000000056642b49b745f3bf2c01808b6d7d748308eea09f0161b4735efbf3411738d6ee7aebf9ef40662d7836d252c566e1ee938a9a6804ed3a1079b0282a12043408cd60b9e53978c81839be0000000000456f7d2a42cb13da2022f23eaec61854f640f701db0276652f6c74f20675eb781925441578e93046aaddea394cd8ffd3d628293e591dc6f71c2710a7ea8a4fdc214e1cc275b26adfa892e6de9200000000e50e5bafecea4d4134f9d006c8d6883eca5c9c58c9e93311ab50fe82d5a96b09c68c73de2f04f15d005387577f480000ea65559eb00e014df20fa209bcbb5c252b11a60ca770663da451790cc36000906d5a9fad98c308e39bd5ffb6151d79c1cee1cdfba05e3633c26d3927ae1beb065f5ac33fdbe28a5ffc83f2f085185cc92fe7f791e8f6429309d6adab4b7e508e5bf024ed8f8a005f2b2bdc0af7c4c61241750d50515a59a3ad09e8802e8f4f535447dc0fc9d5f99a145dfcedad69da9cd4b75c624600e78f4458542b14f29611f95d4a318384eb20c20bb82aa31771cd379ec83554cea5e6539db7384e1f58d81f2f2653c4d9818708e27c89b552d583f436137a3c5dc714c9402c21d181aae59efb28d4f91652f6750b9195599d60c534ee8e8ff0755b09004c25edb85bcff24c757aa80900000000b6638c420eb4304f66e3a37aaf000000c42a570f0e9d76fd545470f862f8c3c14fa9ecd1e877b0d8ca84c044859e85e6158f9184bc61a9a284df80e4636c25b96174326d82761c26e329555f9290af40000000000000100000fd3763655500344bae34347f5ab0d534b8d63e4ca3b671f2de1cdf519192c6b59a601fd419a5c16e2055b8505809ed2ee9647c5d3b0000bc00edf5e9020c09ab004321610b857e8717974b633b21cb32f0e03280e09758bd445ab91d201782d656ab09f508bbbaca005452b79d7b574a247f1d2fe45b3c4e93da3d51de647c10dd49944dc87c92b32af00f191b66b6a6f732a91f0a2e9120be61e58c79d497247d278888901d44bf77e8246605a644e9e3d769db497c3960df05caee994adc38a436367a54b9e182b78e9a0ceb9a2c4f63902c1ad1a7c5a08d0920a23c2a86abbdf357849a651733e57f3101985602688888ccb85c87b4f8ffffff7f000000002c331fca28541b7ca211115b43f8b1894c8fa8a14dc4810f61ae96c18cc7130000000000000102000000000000000000000027c9585c0cead5d619d18475ccde2857279a9375de5858818f3c4a4fa6ce46f4d42b07199de8b99231ace58c77a23b0000e49666c464d35ca9b50f3ed3b3da8c17a23692759ccf5a205311b7d122532697b861dfb54609fd88e6043bd52ae84c1bb0c8a6c769da52b3d42c68a3102fa1296dfff4a979369b0e8ebc62887aa46e820a74f91381dcc198e353047db70686d147357024eb3cb94f1e8918a0d6e2949affcacb5ba0a56aa063b4dc521a3d9356b4b8b5917c4c860495b240e80063bde261fd00000000007271e28ef6806bc8e139c49b91c76b0d395832f1e2aad3e519f1634e8fbd8d31330d89069f9448a2ff93060ff073b3a113e47edf76f7d1b8b90bc0df4cfb0b9c8c80158b44ecae9420654f7016b0aac117087406d343e27b372d6027ab2aec8f2bcad7fe6bb932bc5751d2974e95455a277fa3b472bc7bbdd2ac5a1ea608e8137ace03361607cc1a84be659355629ab13ad49008c3fcfa2423439a3607961d5b59da48a0155e8e42cc13c702cc40c99cf86c2021d72f9f4ab1b00de555a5a39593c93871ff7eb5ecadb64837a2d88723ef65aa5152e3d55e5c66585e2112f5ec64b639a9864e57581b61f2b0960600000000000000265f091e7bce17d20604c5ab751773a5cf8a719a7ada06ed03832bf274707c7c970edc20f4a1eaa3b61045a20097208d03f7a146a6901913618738679d4e0af53eae997eecfa0dc3dcec19d3d9205450765d659200c92701ee75c8710470d9eb6f62c5c721883f1544ba66271c8dab05a933746c16b6e93294b561c6715a32a394ed1e6c01670c931bfa76c58c6f34d64e758a7a7f7d33c49336d4cba2cbb170ad7539a45774dfcc55257215c8ae719dc1c232fc6699ef01005887d04a543030b4328ab48744ac23ff56fd2da52eb9fb2eefcdd2d92d73ac1b111ea895e1fec36a3579879acfe366d393f1fa9cbe08d9ba57a443643e9cd251dc88e91a5e458e66ea1e822d55d4dd919a95eb4c25a08cb6e1070000003a0fd07a4ad9df240e00006aaa2db0dfe416146840d88bd08365e547c970e2983200703864a3b9c4682cb479dad6d34d211b05267eb1355520e9ec0c5014b0832f7fb35782fdbfcbf5e23a7f5d51ea480371748d18d8e10608ab8261fe058d1732f28814a9981d84a04a2bb36c89bdd245e3293a14df1ac567301a79514f103abd387d6ef2d9d94508ac0f6135c8921279573eefd5d4e33b9ef585980789a94d9848906f545559d30000b5040f0776703363249ca984cbb09752f099efbb9e7362e4999594c1086d8958e9469db01d85fb0b9b3148663e9ea2e755d96c70e540b4200e4cf82986712dd733b26d00e947d03c42215118426d548cb2077b43b89e4163d260faea1db53e2cf3427c90aefa2662a1c2b28b0e020e872bda1d39da508de5dbc37d03ee056b2579a1d16799589a2600000000aa00006c94bcaf115fbbcb212e3cb7fd9afe16d1fff2d047e508aa5f6de0ea4e9ec1b3a4ab1f8b5f312fc50000000000000000000000000042709db6de7e969ac0ce18b47280fb1b1b1531648122fed3e25edecb5200f5000000000000166f7d36b2966c19af7ffa6afa69e50821c9aa3ae60fbc196cf8ad2f7f86d79db1bb0ecbf9c3d0d3d407574def838e4def26ed9c7e6c69858f7813be8ffc565583663bebfe7485660b67e1436cbc6d4d3c48ab7b033d7d1195173edb16643f69cb779802839d490a4df94e5ea89c192af2ae83876edd59c9a7140e12ba591f073ec604f7e8f1e100cd414e9237ecfc052d9a73a868cd0e4b06da0435af72fb0d25657e8f5464b19fa83f977e6900000000367871fa37420e7a232ef9b440bb0639994c655d144c5786939d6a187b81f9ddd2bec36cd28371b1754cb6c53697fb23576ee0d3fd0a5803c9be9fe364803184f1a7a9a8eb64d17d238fa3238a001aa8ed040a69e9ec0a627e3b3ca64d4680d819c14c71684581000000000000000000000000000000000000c6a6587715865fe14558960bc936bc838bd1f2a00b17a407457681d0760000000000000040000000000000000000004faeabea6de40ae30291662594c993099ef041c264a64d77d69e0cdfa620a191704cef91e269044acf844de65a099200265e13c2a8f9b717886dea8e79407e34bc268a17965033ca1dfeeaf9b49bc68f1546595642f9fc008875ddb7aebda7a16b1d20dd8b65bcdac8cdc75a173fd2e57a9c37bf5a52ea001ec981dd7ad4e5944575ced39233ada8f3c1b856644812828bb79536a5188d14fe537250dc107121534cbbc7598f48aa2335616ae8eb72acf6982048e568e37f1f58e9714343587734c7ec0fa5c44d13165d6384bf9500757b4b0275950d6e7c451eef3fd353d47c54c4c2cf7318e6c24583ba0966225284d1abac80786519c563ddf0e6c023d537ca6e0d6d4e072c98f45415d13f0dcea174f162ebd00b42264f6fa3dccd09f4101dd254e54423b30e06713eccfacb6ffb38afff920980af938a4d78f4b9a6b5c7424e91121cda789104ee490d25843f1622bba93257cc23e45cd7ed42abdb991d51804e674e507dfd53b5ab6944df33f4f494b926f2ceb329550b46e82a939ad82b385e66809d7d4d3630b6f22c2f41fdaa0fadeea09fa4f7005813643c2d6307d55689faf6f656327ac5872a3bd4c11363909a8b9f30e5401993a0f6e1a9b42287542647d1e86b02b7e36319414629ac1f35e1457f922da0c2de76c9e97944efad0a3ad78cda81c5b82709d696e85bbf4595ef9664a6aff8cf96446cb6c26595f4eb659d26c846471f6551dbb24fc6c03a01e33efcd5939472b687d31be9bd9bd1bcda45bd2236f06c000000007d348ebcb9d810d4dc3d55bbe4055ce9c45267daeec7a7d8b498f507e933cc02fb53c2c28fa09ce5ada5de1415309761f6378c794f8ce23c1f7add4f65280ab446ea2d130000000000000000000000d1a0313ff63bc4e4463688db1d6ac7f4595a02c89349a973f118d936f33ea18e69d7739f4532e1b8580ef125b47cf5b402b6f2beffed6cc9afe2b548c4dbc78363118818d9473f29d52444685c41620eeaeb1f8786e87aeaf287fb9b63b30e6761507503dcd47b64f0b6157999c82bd151bee0c67f3e664225bd917b38aeae1da5524eefef1772d759df9ec9b4197383f9a66217e180e434e650dd560aa3ed42acddd44d6f45807a3c63e15929cfbebc7eef1a319d3147a6c06bd974168ac689392fa851ebdf524ca2331148ff7e855cccc106074ca92153734d5c5e3f9efc6592b08e0c07c7b5d42ec71484bb2a4c0f4293138369f39f9fa4a9cc607b42ba6102f918ce4e76d66fba450e940ed6a6a301a0b761a9cd849962fae5059bda419fd2a170ea387c10a4ada5893f38486069ef1bfdbb432ab322c887d7a94fa967135833157bafbed3b48bb267fc3aa56d1e5b66417a673b40884fc91ec9558eab6a08222dfe37767095b2d94cda881290d6017137595cdd53972353f485adfde8015cac0e1acd64ca97d67023f75a54b1ebe55053652ad16292a15e79dc58ba080f795f1a548da6f669e5c34afc272e5a32e85d5f44979431eab3fcd8d33d54000000000000000000ff1f3f6f4b33adcbee66736b4b35b5b909bc7ddd03f17f5f6436156a56c7e77e0808703b370f0cb4f00074200ae3e4ea0611d548f34582848903e4459d0a18ab9b113ebc614fafe4bd03cb1a8843e592f1b102b1bb87f13c50a1dc5df223e5bbcd06c55393f9c0e08ab6509bbed0dfedbf37309c99bf1e1fc7512afb7bd334653356419f8aa57f1224a54a85a3041657fb5037dda5b0f2e6a9673cc0d51b28954ef8c0ca82e69d198729b2c984a04b0f6ef9486767f5928461df5b8f84e0b790fa7d9088fdb7b7e6f020d4eae420155f1739307421fc3e9d4ffaffff2434f3d167d24bead3c6cedb2dd480d5c8b21c0edb06893c1fb18e9e716525f115055a84daca135d8972280324a9ffd4e636c87225c2512eb3e0fe65972c84361536e52a6ea677ffcb4bf8fac2009f24c01b7c86c203ce9093dd53b154110f033a25034752dc8561ed7bb7343e069ba1ad6f1d7437b584d2c292088d3d80e8834ae8760cc0211cb03f3ed168131eba4c8a0000000000000000000000000019c2dbe83523a58f68e66fa9fdf1d2878bf2ff524e6da7f918e87c1b1de17ff8077ba247fd5498310ae532b9bc6c583edfa97f7a4c00cce855a225dc017afc3c06e8a72b62bdb64e83cb6a319eb551345cfb24aaa02ddc4ec2daa942dc6e2332d724b11c0d9c8ff4ee94849938f5d231fdb5984d5442b564c079fce70ac620dcf7739693beca9dff66e957dd2fc03ce462da31e7f7a657118387727e8500"/5107], &(0x7f0000000100)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @cgroup_skb}, 0x48)
bpf$BPF_PROG_TEST_RUN(0xa, &(0x7f0000000000)={r8, 0x0, 0x13, 0x0, &(0x7f0000000180)="5620d59bb619dfc227b53d1f52b3cbfcbcbef7", 0x0, 0xf001, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x50)
sendmsg$TIPC_CMD_DISABLE_BEARER(r5, &(0x7f00000001c0)={&(0x7f0000000080)={0x10, 0x0, 0x0, 0xc000200}, 0xc, &(0x7f0000000180)={&(0x7f0000000100)=ANY=[@ANYBLOB="02000000", @ANYRES16=r7, @ANYBLOB="000425bd7000fbdbdf250100000000000000024100000010001369623a6970766c616e300000"], 0x2c}, 0x1, 0x0, 0x0, 0x800}, 0x40c1)

4.468807136s ago: executing program 0 (id=1155):
ioctl$AUTOFS_DEV_IOCTL_CLOSEMOUNT(0xffffffffffffffff, 0xc0189375, &(0x7f0000000280)={{0x1, 0x1, 0x18}, './file0\x00'})
bpf$MAP_CREATE(0x0, &(0x7f0000000640)=ANY=[@ANYBLOB="1200000001000000080000000b"], 0x50)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000100))
r0 = syz_init_net_socket$nl_generic(0x10, 0x3, 0x10)
syz_genetlink_get_family_id$netlbl_mgmt(&(0x7f0000000040), r0)
r1 = openat$ttyS3(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0)
bpf$PROG_LOAD(0x5, &(0x7f0000000600)={0x10, 0x3, &(0x7f0000000100)=ANY=[], 0x0, 0x0, 0x0, 0x0, 0x40f00, 0x0, '\x00', 0x0, @fallback=0x24, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3}, 0x94)
ioctl$TIOCSETD(r1, 0x5423, &(0x7f0000000080)=0x2)
r2 = socket$rds(0x15, 0x5, 0x0)
ioctl$sock_SIOCETHTOOL(r2, 0x89fb, &(0x7f0000000040)={'bond0\x00', 0x0})
openat$mixer(0xffffffffffffff9c, &(0x7f0000000080), 0x101403, 0x0)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x5, 0x8b}, 0x0)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000000)={<r3=>0xffffffffffffffff})
bpf$MAP_UPDATE_ELEM_TAIL_CALL(0x2, &(0x7f0000000140)={{}, &(0x7f0000000180), &(0x7f0000000280)=r3}, 0x20)
sched_setaffinity(0x0, 0x8, &(0x7f0000000200)=0x400000bce)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
r4 = syz_open_dev$MSR(&(0x7f00000001c0), 0x0, 0x0)
read$msr(r4, &(0x7f0000002000)=""/102400, 0x19000)
mprotect(&(0x7f0000ffe000/0x1000)=nil, 0x1000, 0x3000002)
socket$nl_route(0x10, 0x3, 0x0)
socket$nl_generic(0x10, 0x3, 0x10)
getcwd(0x0, 0xfffffffffffffe7d)

4.422074152s ago: executing program 2 (id=1156):
r0 = socket$igmp(0x2, 0x3, 0x2)
setsockopt$SO_BINDTODEVICE(r0, 0x1, 0x19, &(0x7f0000000040)='veth0_to_team\x00', 0x10)
sendmsg$nl_route_sched(0xffffffffffffffff, 0x0, 0x0)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0)
sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x7)
r1 = getpid()
sched_setscheduler(r1, 0x2, &(0x7f0000000200)=0x4)
setsockopt$inet6_IPV6_FLOWLABEL_MGR(0xffffffffffffffff, 0x29, 0x20, &(0x7f0000000040)={@private1, 0xfffffff9, 0x1, 0xff, 0x1, 0x7, 0x8e}, 0x20)
ioctl$sock_SIOCGIFINDEX_80211(0xffffffffffffffff, 0x8933, &(0x7f0000000040)={'wlan0\x00'})
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeef, 0x8031, 0xffffffffffffffff, 0x0)
shmget$private(0x0, 0x1000, 0x100, &(0x7f0000619000/0x1000)=nil)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={<r2=>0xffffffffffffffff, <r3=>0xffffffffffffffff})
connect$unix(r2, &(0x7f000057eff8)=@file={0x0, './file0\x00'}, 0x6e)
sendmmsg$unix(r3, &(0x7f0000000000), 0x400000000000041, 0x0)
recvmmsg(r2, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
syz_io_uring_submit(0x0, 0x0, 0x0)
socket$inet(0x2, 0x2, 0x0)
socket$netlink(0x10, 0x3, 0x0)
r4 = socket(0x1, 0x80802, 0x0)
ioctl$sock_SIOCGIFINDEX(r4, 0x8933, &(0x7f0000000080)={'veth0_to_batadv\x00', <r5=>0x0})
r6 = socket$packet(0x11, 0x2, 0x300)
setsockopt$packet_fanout(r6, 0x107, 0x12, &(0x7f0000000000), 0x8)
r7 = socket$packet(0x11, 0x2, 0x300)
bind$packet(r7, &(0x7f00000001c0)={0x11, 0x0, r5, 0x1, 0x0, 0x6, @link_local}, 0x14)
setsockopt$packet_fanout(r7, 0x107, 0x12, &(0x7f0000000000), 0x8)
connect$inet(r0, &(0x7f0000000080)={0x2, 0x4e23, @rand_addr=0x64010102}, 0x10)
connect$inet(r0, &(0x7f00000000c0)={0x2, 0x4e20, @initdev={0xac, 0x1e, 0x1, 0x0}}, 0x10)

3.388775303s ago: executing program 2 (id=1158):
socket$vsock_stream(0x28, 0x1, 0x0)
socket$inet(0x2, 0x2, 0x0)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000180)=0x4)
sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2)
r0 = openat$vmci(0xffffffffffffff9c, &(0x7f0000000000), 0x2, 0x0)
ioctl$IOCTL_VMCI_VERSION2(r0, 0x7a7, &(0x7f00000007c0)=0x90000)
ioctl$IOCTL_VMCI_INIT_CONTEXT(r0, 0x7a0, &(0x7f0000000140)={@my=0x1})
ioctl$IOCTL_VMCI_QUEUEPAIR_ALLOC(r0, 0x7a8, &(0x7f00000001c0)={{@my=0x0, 0xffffbfff}, @my=0x1, 0x9, 0x2000000, 0x6449, 0xfffffffffffffffd, 0x8, 0xfffffffd, 0x2})
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
r1 = syz_open_dev$MSR(&(0x7f00000001c0), 0x0, 0x0)
read$msr(r1, &(0x7f0000019680)=""/102392, 0x18ff8)
r2 = openat$ttyprintk(0xffffffffffffff9c, 0x0, 0x0, 0x0)
ioctl$TCXONC(r2, 0x540a, 0x0)
ioctl$TCXONC(r2, 0x540a, 0x2)
r3 = socket$inet6_tcp(0xa, 0x1, 0x0)
ioctl$sock_SIOCSIFVLAN_ADD_VLAN_CMD(r3, 0x8983, &(0x7f0000000080)={0x0, 'ipvlan1\x00', {0x2}})
sendmmsg$inet(0xffffffffffffffff, 0x0, 0x0, 0x20008000)
unshare(0x22020600)
r4 = fsopen(&(0x7f00000001c0)='ramfs\x00', 0x0)
fsconfig$FSCONFIG_CMD_CREATE(r4, 0x6, 0x0, 0x0, 0x0)
r5 = fsmount(r4, 0x1, 0x80)
epoll_wait(r5, 0x0, 0x0, 0x0)
mknod$loop(&(0x7f0000000140)='./file0\x00', 0xfff, 0x0)
execve(0x0, 0x0, 0x0)
mount(0x0, &(0x7f0000019080)='./file0\x00', 0x0, 0x23010, 0x0)
execve(&(0x7f0000000040)='./file0\x00', 0x0, 0x0)
bind$inet6(0xffffffffffffffff, &(0x7f0000d84000)={0xa, 0x2, 0x0, @loopback, 0x7}, 0x1c)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000240))
sendto$inet6(0xffffffffffffffff, &(0x7f0000000380)="e8", 0x1, 0x20000045, 0x0, 0x0)

2.612288995s ago: executing program 2 (id=1160):
r0 = socket$inet6(0xa, 0x2, 0x0)
setsockopt$inet6_int(r0, 0x29, 0x4e, &(0x7f0000000040)=0x78, 0x4)
sendmmsg$inet6(r0, &(0x7f0000007cc0)=[{{&(0x7f0000000000)={0xa, 0x4e21, 0x81, @remote, 0x5}, 0x1c, 0x0, 0x0, &(0x7f0000000a00)=[@pktinfo={{0x24, 0x29, 0x32, {@loopback={0x300}}}}, @rthdrdstopts={{0x18, 0x29, 0x37, {0x2e}}}], 0x40}}], 0x1, 0x40)

2.349201237s ago: executing program 3 (id=1161):
r0 = syz_init_net_socket$ax25(0x3, 0x5, 0xca)
syz_clone(0x11, 0x0, 0x0, 0x0, 0x0, 0x0)
bind$ax25(r0, &(0x7f0000000080)={{0x3, @null, 0x1}, [@default, @default, @default, @bcast, @bcast, @default, @null, @rose={0xbb, 0xbb, 0xbb, 0x1, 0x0}]}, 0x48)
connect$ax25(r0, &(0x7f0000000000)={{0x3, @null, 0x8}, [@default, @netrom={0xbb, 0xbb, 0xbb, 0xbb, 0xbb, 0x0, 0x0}, @bcast, @rose={0xbb, 0xbb, 0xbb, 0x1, 0x0}, @remote={0xcc, 0xcc, 0xcc, 0xcc, 0xcc, 0xcc, 0x2}, @remote={0xcc, 0xcc, 0xcc, 0xcc, 0xcc, 0xcc, 0x1}, @netrom={0xbb, 0xbb, 0xbb, 0xbb, 0xbb, 0x0, 0x0}, @rose={0xbb, 0xbb, 0xbb, 0x1, 0x0}]}, 0x48) (fail_nth: 1)

2.343204921s ago: executing program 2 (id=1162):
r0 = socket$nl_netfilter(0x10, 0x3, 0xc)
sendmsg$NFT_BATCH(r0, &(0x7f000000c2c0)={0x0, 0x0, &(0x7f0000000200)={&(0x7f00000003c0)=ANY=[@ANYBLOB="140000001000010000000000000000000000000a28000000000a0101000000005e1affd5020000000900010073797a300000000008000240000000032c000000030a01030000e6ff00000000020000000900010073797a30000000000900030073797a320000000014000000110001"], 0x7c}}, 0x0)
sendmsg$NFT_BATCH(r0, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000240)=ANY=[@ANYBLOB="140000001000010000000000000000000000000a54000000060a09040000000000000000028ff410ff99d1760da59b759d73b40000002800048024b11380090001006d6574610000000014000280080001400000001b080002400000000b0900010073797a30000000040300020073797a3200000000140000001100"], 0x7c}, 0x1, 0x0, 0x0, 0x44}, 0x0)

2.305709478s ago: executing program 1 (id=1163):
r0 = openat$sysctl(0xffffffffffffff9c, &(0x7f0000000340)='/proc/sys/net/ipv4/tcp_mtu_probing\x00', 0x1, 0x0)
r1 = socket$nl_netfilter(0x10, 0x3, 0xc)
sendmsg$NFT_BATCH(r1, &(0x7f000000c2c0)={0x0, 0x0, &(0x7f0000000200)={&(0x7f00000002c0)=ANY=[@ANYBLOB="140000001000010000000000000000000000000a28000000000a0101000000005e1affd5021900000900010073797a300000000008000240000000032c000000030a01030000e6ff00000000020000000900010073797a30000000000900030073797a320000000014000000110001"], 0x7c}}, 0x0)
sendmsg$NFT_BATCH(r1, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000040)={&(0x7f0000000340)=ANY=[@ANYBLOB="140000001000010000000000000000000000000a6c000000060a09040000000000000000020000000900020073797a32000000000900010073797a30", @ANYRES16=r0], 0x94}, 0x1, 0x0, 0x0, 0x80}, 0x20000000)

1.904827472s ago: executing program 1 (id=1164):
r0 = syz_init_net_socket$ax25(0x3, 0x5, 0xca)
r1 = socket$pppl2tp(0x18, 0x1, 0x1)
r2 = socket$inet6_udp(0xa, 0x2, 0x0)
connect$pppl2tp(r1, &(0x7f0000000240)=@pppol2tpin6={0x18, 0x1, {0x0, r2, 0x8, 0x0, 0x0, 0x0, {0xa, 0x0, 0x0, @rand_addr=' \x01\x00'}}}, 0x32)
r3 = socket$pppl2tp(0x18, 0x1, 0x1)
r4 = socket$inet6_udp(0xa, 0x2, 0x0)
connect$pppl2tp(r3, &(0x7f0000000040)=@pppol2tp={0x18, 0x1, {0x0, r4, {0x2, 0x0, @multicast2}, 0x2}}, 0x26)
r5 = socket$pppl2tp(0x18, 0x1, 0x1)
connect$pppl2tp(r5, &(0x7f0000000240)=@pppol2tpin6={0x18, 0x1, {0x0, 0xffffffffffffffff, 0x8, 0x1, 0x400, 0x0, {0xa, 0x0, 0xe38, @private0}}}, 0x32)
r6 = socket$nl_generic(0x10, 0x3, 0x10)
mmap(&(0x7f0000000000/0xff5000)=nil, 0xff5000, 0x2000002, 0x200000005c832, 0xffffffffffffffff, 0x0)
r7 = io_uring_setup(0x1694, &(0x7f0000000340)={0x0, 0x0, 0x0, 0x3, 0x3d4})
io_uring_register$IORING_REGISTER_BUFFERS(r7, 0x0, &(0x7f0000000280)=[{&(0x7f0000001700)=""/4095, 0xfff}], 0x1)
r8 = syz_genetlink_get_family_id$l2tp(&(0x7f0000000040), 0xffffffffffffffff)
sendmsg$L2TP_CMD_TUNNEL_GET(r6, &(0x7f0000000100)={0x0, 0x0, &(0x7f00000000c0)={&(0x7f0000000800)=ANY=[@ANYBLOB="14000000", @ANYRES16=r8, @ANYBLOB="2503000000000000000008"], 0x14}}, 0x0)
syz_clone(0x11, 0x0, 0x0, 0x0, 0x0, 0x0)
bind$ax25(r0, &(0x7f0000000080)={{0x3, @null, 0x1}, [@default, @default, @default, @bcast, @bcast, @default, @null, @rose={0xbb, 0xbb, 0xbb, 0x1, 0x0}]}, 0x48)
connect$ax25(r0, &(0x7f0000000000)={{0x3, @null, 0x8}, [@default, @null, @bcast, @rose={0xbb, 0xbb, 0xbb, 0x1, 0x0}, @default, @remote={0xcc, 0xcc, 0xcc, 0xcc, 0xcc, 0xcc, 0x1}, @null, @default]}, 0x48)

1.904289028s ago: executing program 2 (id=1165):
r0 = socket$alg(0x26, 0x5, 0x0)
bind$alg(r0, &(0x7f0000000300)={0x26, 'hash\x00', 0x0, 0x0, 'sha512-generic\x00'}, 0x58)
r1 = accept(r0, 0x0, 0x0)
sendmsg$netlink(r1, &(0x7f0000001900)={0x0, 0x0, &(0x7f00000004c0)=[{&(0x7f0000002080)=ANY=[@ANYBLOB="1000115502da442426bd7000e6dbdf25ff4274f41e1c4a1aceb72ee44ae58b099398e18ec5d358c1c0a60ce238f7f31e2d762fc6605fe094c71d67921fb108ed98e9725498ad22da78db106108637fd0c344"], 0x10}], 0x1, 0x0, 0x0, 0x4}, 0x20008040)
r2 = openat$cuse(0xffffffffffffff9c, &(0x7f0000000000), 0x2, 0x0)
read$FUSE(r2, &(0x7f0000000040)={0x2020}, 0x2020)
r3 = socket$inet6(0xa, 0x80002, 0x0)
setsockopt$sock_linger(r3, 0x1, 0x3c, &(0x7f0000000340)={0x1, 0x6d}, 0x8)
setsockopt$SO_TIMESTAMPING(r3, 0x1, 0x41, &(0x7f0000000480)=0x4b92, 0x4)
r4 = fcntl$dupfd(r3, 0x2, 0xffffffffffffffff)
splice(r2, 0x0, r4, 0x0, 0x2000, 0x0)
ioctl$NS_GET_USERNS(r4, 0xb701, 0x0)
sendto$inet(r1, 0x0, 0x0, 0x20004081, 0x0, 0x0)

1.756774751s ago: executing program 5 (id=1166):
r0 = socket$nl_generic(0x10, 0x3, 0x10)
syz_genetlink_get_family_id$ethtool(&(0x7f0000000b00), r0)
socket$nl_generic(0x10, 0x3, 0x10)
r1 = socket$inet6_udplite(0xa, 0x2, 0x88)
bind$inet6(r1, &(0x7f0000000240)={0xa, 0x4e22, 0x9, @local, 0x9}, 0x1c)
connect$inet6(r1, &(0x7f00000000c0)={0xa, 0x4e22, 0x659, @initdev={0xfe, 0x88, '\x00', 0x0, 0x0}, 0x400000ff}, 0x2)
setsockopt$inet6_IPV6_ADDRFORM(r1, 0x29, 0x1, &(0x7f0000000000), 0x4)
bind$inet6(0xffffffffffffffff, &(0x7f0000000080)={0xa, 0x4e21, 0x9, @ipv4={'\x00', '\xff\xff', @empty}, 0x17}, 0x1c)
r2 = syz_open_procfs(0x0, &(0x7f0000000100)='net/udplite6\x00')
socket(0xa, 0x3, 0x3a)
syz_open_dev$usbmon(&(0x7f0000001980), 0x1, 0x10280)
bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, 0x0, 0x0)
setsockopt$MRT_ADD_VIF(r2, 0x0, 0xca, &(0x7f0000000300)={0x0, 0x4, 0x3, 0x5, @vifc_lcl_ifindex, @remote}, 0x10)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0)
sched_setscheduler(0x0, 0x1, &(0x7f00000000c0)=0x7)
r3 = getpid()
sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2)
sched_setscheduler(r3, 0x2, &(0x7f0000000200)=0x6)
mmap(&(0x7f0000778000/0x4000)=nil, 0x4000, 0xb635773f06ebbeef, 0x8031, 0xffffffffffffffff, 0xc2354000)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f00000001c0)={<r4=>0xffffffffffffffff, <r5=>0xffffffffffffffff})
connect$unix(r4, &(0x7f000057eff8)=@file={0x0, './file0\x00'}, 0x6e)
sendmmsg$unix(r5, &(0x7f0000000000), 0x400000000000041, 0x0)
recvmmsg(r4, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
prctl$PR_SET_SECUREBITS(0x1c, 0x1d)
r6 = openat$rdma_cm(0xffffffffffffff9c, &(0x7f0000000100), 0x2, 0x0)
write$RDMA_USER_CM_CMD_CREATE_ID(r6, &(0x7f0000000040)={0x0, 0x7, 0xfa00, {0x0, &(0x7f0000000000)={<r7=>0xffffffffffffffff}, 0x13f}}, 0x20)
write$RDMA_USER_CM_CMD_RESOLVE_ADDR(r6, &(0x7f0000000440)={0x15, 0x110, 0xfa00, {r7, 0xfffffffd, 0x0, 0x30, 0x0, @in6={0xa, 0x4e22, 0x3, @empty, 0x4}, @in={0x2, 0x4e22, @multicast1}}}, 0x118)
write$RDMA_USER_CM_CMD_LISTEN(r6, &(0x7f0000000180)={0x7, 0x8, 0xfa00, {r7, 0x9}}, 0x10)
chdir(0x0)
socket$inet_mptcp(0x2, 0x1, 0x106)

1.690200468s ago: executing program 1 (id=1167):
r0 = bpf$PROG_LOAD(0x5, &(0x7f00000005c0)={0x12, 0x4, &(0x7f0000000340)=ANY=[], &(0x7f00000000c0)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @cgroup_sock_addr=0xb, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
r1 = openat(0xffffffffffffff9c, &(0x7f0000000280)='./cgroup\x00', 0x40000, 0x6)
bpf$BPF_LINK_CREATE(0x1c, &(0x7f00000002c0)={r0, r1, 0xb, 0x0, @val=@netfilter={0x0, 0x1, 0x5, 0x1}}, 0x20)
r2 = socket$nl_generic(0x10, 0x3, 0x10)
r3 = syz_genetlink_get_family_id$fou(&(0x7f0000002b40), 0xffffffffffffffff)
sendmsg$FOU_CMD_ADD(r2, &(0x7f0000002c00)={0x0, 0x0, &(0x7f0000002bc0)={&(0x7f0000002b80)={0x38, r3, 0x1, 0x0, 0x0, {}, [@FOU_ATTR_PEER_PORT={0x6, 0xa, 0x4e22}, @FOU_ATTR_AF={0x5, 0x2, 0xa}, @FOU_ATTR_PEER_V6={0x14, 0x9, @ipv4={'\x00', '\xff\xff', @initdev={0xac, 0x1e, 0x0, 0x0}}}]}, 0x38}}, 0x0)

1.662635678s ago: executing program 3 (id=1168):
r0 = syz_usb_connect(0x5, 0x2d, &(0x7f0000000080)=ANY=[@ANYBLOB="120100000cb768405e0483020b9901e4020109021b000100000000090400fb015c291d00090509"], 0x0)
syz_open_dev$sndpcmp(&(0x7f0000000080), 0x3, 0x800)
r1 = bpf$MAP_CREATE(0x0, &(0x7f0000000180)=ANY=[@ANYBLOB="1e00000000000000030000000700000000000000", @ANYRES32=0x1, @ANYBLOB="000000000000000000000000eaffffff00000000", @ANYRES32=0x0, @ANYRES32, @ANYBLOB='\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\f\x00'/28], 0x48)
bpf$PROG_LOAD_XDP(0x5, &(0x7f0000000a40)={0x3, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32=r1, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b704000000000000850000005900000095"], 0x0}, 0x90)
bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0xa, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000240)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90)
r2 = syz_io_uring_setup(0x10c, &(0x7f0000000380)={0x0, 0x5885, 0x10, 0x0, 0x2c5}, &(0x7f0000000340)=<r3=>0x0, &(0x7f0000000280)=<r4=>0x0)
syz_memcpy_off$IO_URING_METADATA_GENERIC(r3, 0x4, &(0x7f0000000080)=0xfffffffc, 0x0, 0x4)
pipe2(&(0x7f0000000000)={<r5=>0xffffffffffffffff, <r6=>0xffffffffffffffff}, 0x4000)
write$P9_RGETLOCK(r6, &(0x7f00000000c0)=ANY=[], 0xffffff6a)
pipe2(&(0x7f0000000040)={0xffffffffffffffff, <r7=>0xffffffffffffffff}, 0x84000)
openat$ptmx(0xffffffffffffff9c, &(0x7f0000000400), 0x40240, 0x0)
tee(r5, r7, 0x2, 0x3)
tee(r5, r7, 0x60000000000, 0x0)
syz_io_uring_submit(r3, r4, &(0x7f00000002c0)=@IORING_OP_SYMLINKAT={0x26, 0x10, 0x0, 0xffffffffffffffff, &(0x7f0000000240)='./file2\x00', &(0x7f0000000680)='./file2\x00'})
io_uring_enter(r2, 0x3516, 0x0, 0x0, 0x0, 0x0)
syz_open_dev$sndpcmp(&(0x7f0000000000), 0x3, 0x4000)
r8 = socket$nl_netfilter(0x10, 0x3, 0xc)
sendmsg$NFT_BATCH(r8, &(0x7f000000c2c0)={0x0, 0x0, &(0x7f0000000200)={&(0x7f0000000300)=ANY=[@ANYBLOB="140000001000010000000000000000000000000a24000000000a07000000000000000000020000000900010073797a3000000000040006005c000000030a01020000000000000000020000000900010073797a30000000003900030091abc12404cf37"], 0xbc}}, 0x0)
bpf$BPF_BTF_LOAD(0x12, &(0x7f0000000780)={&(0x7f0000000080)=ANY=[@ANYBLOB="9feb010018000000000000000c0000000c00000007000000010000000000000f08000000005f2e002e6100"], &(0x7f00000000c0)=""/254, 0x2b, 0xfe, 0xa, 0x2}, 0x28)
syz_usb_disconnect(r0)

1.487823113s ago: executing program 5 (id=1169):
pipe(&(0x7f0000000000)={0xffffffffffffffff, <r0=>0xffffffffffffffff})
r1 = socket$inet6(0xa, 0x2, 0x0)
bind$inet6(r1, &(0x7f0000000380)={0xa, 0x14e24}, 0x1c)
connect$inet6(r1, &(0x7f0000000040)={0xa, 0x4e24, 0x0, @private2, 0x5}, 0x1c)
sendmmsg$inet6(r1, &(0x7f0000000540)=[{{0x0, 0x0, &(0x7f00000004c0)=[{&(0x7f0000000140)="a4", 0x1}], 0x1}}], 0x1, 0xc8040)
r2 = socket$inet6_tcp(0xa, 0x1, 0x0)
setsockopt$inet6_tcp_int(r2, 0x6, 0x13, &(0x7f0000000240)=0x100000001, 0x59)
connect$inet6(r2, &(0x7f0000000200)={0xa, 0xffff, 0x0, @loopback}, 0x1c)
setsockopt$inet6_tcp_TCP_ULP(r2, 0x6, 0x1f, &(0x7f0000000000), 0x4)
setsockopt$inet6_tcp_TLS_TX(r2, 0x11a, 0x2, &(0x7f0000000b80)=@gcm_256={{0x304}, "76f7bc3e4ae1c84c", "af193cff4810ba5ac120d096eb00b40752095b4285514ca312c52e3a08756735", '8\x00', "bc3a20b10f4ad11e"}, 0x38)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0xe, 0x8b}, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000080)=0x8)
socketpair$unix(0x1, 0x2, 0x0, 0x0)
write$P9_RGETLOCK(0xffffffffffffffff, 0x0, 0xffffff6a)
pipe2(0x0, 0x0)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
openat$sequencer(0xffffffffffffff9c, &(0x7f0000000300), 0x80200, 0x0)
r3 = syz_open_dev$sndmidi(&(0x7f00000004c0), 0x2, 0x141102)
writev(r3, &(0x7f0000000840)=[{&(0x7f00000002c0)="94", 0xf000}, {0x0}], 0x2)
r4 = syz_io_uring_setup(0x88f, &(0x7f0000000140)={0x0, 0xaee2, 0x100, 0x2, 0xbfdffffc}, &(0x7f0000000000)=<r5=>0x0, &(0x7f0000000280)=<r6=>0x0)
syz_memcpy_off$IO_URING_METADATA_GENERIC(r5, 0x4, &(0x7f0000000080)=0xfffffffc, 0x0, 0x4)
syz_io_uring_submit(r5, r6, &(0x7f00000002c0)=@IORING_OP_POLL_ADD={0x6, 0x0, 0x0, @fd_index=0x3})
io_uring_enter(r4, 0x75fa, 0xe475, 0x0, 0x0, 0x0)
sendmmsg$unix(0xffffffffffffffff, 0x0, 0x0, 0x0)
sendmmsg(r1, &(0x7f0000001b80)=[{{0x0, 0x0, &(0x7f0000000640)=[{&(0x7f0000000b80)='\a', 0x1}], 0x1}}], 0x1, 0x0)
splice(r1, 0x0, r0, 0x0, 0x7ffff000, 0x6)

1.486942265s ago: executing program 1 (id=1170):
read$FUSE(0xffffffffffffffff, 0x0, 0x0)
r0 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000200)={0x18, 0x4, &(0x7f00000002c0)=ANY=[@ANYBLOB="18010000000000000000000000000000850000006d00000095"], &(0x7f0000000100)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x2}, 0x90)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000080)={&(0x7f0000000000)='sched_switch\x00', r0}, 0x10)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000080)=0x8)
r1 = getpid()
sched_setscheduler(r1, 0x2, &(0x7f0000000200)=0x7)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f05ebbeef, 0x8031, 0xffffffffffffffff, 0x1000)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={<r2=>0xffffffffffffffff, <r3=>0xffffffffffffffff})
connect$unix(r2, &(0x7f000057eff8)=@abs, 0x6e)
sendmmsg$unix(r3, &(0x7f0000000000), 0x651, 0x0)
recvmmsg(r2, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
openat$binder_debug(0xffffffffffffff9c, &(0x7f0000000300)='/sys/kernel/debug/binder/failed_transaction_log\x00', 0x0, 0x0)
syz_open_procfs(0xffffffffffffffff, 0x0)
mlock(&(0x7f0000002000/0x2000)=nil, 0x2000)
r4 = socket$vsock_stream(0x28, 0x1, 0x0)
bind$vsock_stream(r4, &(0x7f0000000040)={0x28, 0x0, 0x2710, @local}, 0x10)
listen(r4, 0x0)
r5 = socket$vsock_stream(0x28, 0x1, 0x0)
connect$vsock_stream(r5, &(0x7f0000000640)={0x28, 0x0, 0x2710}, 0x10)
r6 = accept(r4, 0x0, 0x0)
r7 = bpf$MAP_CREATE(0x0, 0x0, 0x48)
bpf$MAP_UPDATE_ELEM(0x2, &(0x7f0000000140)={r7, &(0x7f0000000080), &(0x7f00000002c0)=@tcp=r6}, 0x20)
recvmsg$can_bcm(r6, &(0x7f00000003c0)={0x0, 0x0, 0x0}, 0x0)

203.490732ms ago: executing program 1 (id=1171):
sendmsg$IPSET_CMD_CREATE(0xffffffffffffffff, 0x0, 0x0)
r0 = bpf$PROG_LOAD(0x5, &(0x7f0000000200)={0x4, 0xe, &(0x7f0000000840)=ANY=[@ANYBLOB="b702000000000000bfa30000000000000703000000feffff7a0af0fff8fff0ff79a4f0ff00000000b7060000ffffffff6d6405000000000065040400010000000404000001000000b7050000400000006a0a80fe000000008500000053000000b70000000000000095000010000000004e62011c3034fdb117168bd07ba08af339d1a1ee35fe163a255c33282044b32495ef8ab9adc67ccc945ff15d802f5132143c0a9fc7a84452569957c1002ed7d458e17f791f4798c8eb484de03312c69b3edff5be26765ba5f8f2879021c2ea53ac547a654bbd2db5356b971d83dd12742be9087a3e7b7c0efd3e38c794eb06b0b8c392904ae7dd5e4dee88518ddf12dddd4bfc6a4dd3b6beba51074229b0d4b504516c4c3e5d1aa044d8d00728141cd67bcd68f253288e655c6b34e02e90637ef2912ba7de26ff2357ef17f95a25780c3a057826ef4e912f01a201e694e3049b8c8fe8b65d8d66bb766f7f3f918c86a702522368d9f81897133af94a5a4cff7f4d8b9d8eaf302f0b2e0c252b0000000000000000ee917bca4885bbf597a14ab6458e6272d88e0c8088f404f011289ebc5623faa1182632161e073af1d69a2e36be115be3b325ecd201d2ffb0a7fa4f5d1106560cdcf071defd0a8be3b69ce3e4f361aca75827426dde87fdf4617222674280f55e98107450c19b861299fcd9ed9d8679406419406bf0c5329bd5b4697336112b0b8756ce3574046bf611a108f8df4d1a88597840b702b6fa8edfff8faf8b8ec039bab385cac0535373bb8fab90539b1a65ddff841eb671f7faf39a43a66c5540b8762b42007c9ec43193ccf617dbf8a12b4a189edbf9fb7c42b1f435ccd4b19b53b60322af0aa66e8f448e1bd96822e6b70b62912c926dbe417cccd4f696d528fa8a3ea847f10e9b1106f3bb506f1d7fbdf801000000000000006c028eb5b5a073d0de5538ab42e171b3baae34c35987b0dda497ac3f5e97e60eaeea15c6d55badf9b86b1c000100006e60cd06c9ed24313ce607d403bb6030f800000000690db0221b1705c501f802ff59b4e683efa4b6e77e042072ec9eb8166f6e28b49a7705a1befc4d315878f88a8fb1dd679fb4c5557abae6849917dc51a89d47b728502f7e621fc0e3ba04020000c149ee6601728c750930519339b44197c22da865059b475afd96187d881e93b42a5fdfd686d8900c44c67133eeb0109dcb60dddad58037fda65885a15a42560ee3027a5ebf95254744f10fd607bc3100b94932b8d9447c42f6e21ee0e54f8be386bdc09decece910a481e648e0cb074536a25ff581d92af08a06f857311a2f14326b0b290205e91a682e00c8762cbc6b904c980eef6e6ae00f0000000000006a8194479700a02b92bec8d05eae1f24fdd7b80d3dde04c22f689594de2ebb9687219de8d73ac83823feb402a2415a9850d5f0183ec67be96dc0e4acd7acf1dfe79d6771903b76e2ae47d972651390c22d641030e1ddac018dc3116e1803af10a5f2b5f7ba58aca5bcabbbab24414a3810788e5503e4be66d683daac5f00000000000000001000ba96edb95ede0e1957c2a2754258d9fd028096cc15a8b912b494d4bbe609031ea1ca65a548941d5d16297757310d9daebd5a3dabbced3b051129cd60a37d397643324e6f0aadf978d639650000000000000000570b0acbcaa196e6b46e213a34c1a550e7c2d8cee7a278cee591f360e345d37dc9f8991a16c08d72317e42d2ac9126acd76130ef1086016697e4d51c4b42b2efc8edab88d46bc3d5d6e5a634c912bc40513643bf44cb416b3149040220aa39035ae46d16d879fc815a5cb84b0d5c8ad970128adf8dec1171e860ca54ce5d6a5aa0327bca4f49a710bf8a8399071237fe5d764e2034873c94a4f21287f3bce3eeb69e94df2e14e4ab10cc7834b304bc879b80255991dd7aac2e92c9e7c411c019d229c1f1e563152f1c5ae9cda3e808000000a0c779d624c5a2b7491b8f73e767389ecd1dee951353bb22b7caf89468871520823715cfebd04189c6c6b34bd8a6541f6bc0630000000000f94e85f5111add3a3cb5bcace95f38465402c39df835754ef33056b0e1134187822c001a25304f3e00b44675d0a25a21dc4023c642cc6f5a75c45a29ab933600acf9a2d471b73a73178cdf309e5d53311996215b44295dfddc1dd6b81132e999366e460d15d366e84da02b8afc40c47e733f804460ed8300ec34eab2ed80097bd32ff1a6143ab1476037e474ca876187c85bed4391215cd77e6a1fd6399a498b96b9b0cca93255acb08c67e50004c5af6fd5b4ce7c1ebc9202bd7b329a4d2530486d5999dd7f90ebecca37f2869135438f05407b1fd7481daf9ec94b799c12e714d573e2a6331f496254f254a60c52b2026ed6a72c82cd191490fabe7b151f92e5d700f21830d613fbe490f305b3845a78817e59bf7ed36471dbca01d39e50ae2535"], &(0x7f0000000340)='syzkaller\x00'}, 0x94)
bpf$BPF_PROG_TEST_RUN(0xa, &(0x7f0000000280)={r0, 0xfeffff, 0x113, 0x0, &(0x7f0000000700)="c45c573d395de5b2891a7d637a223920f181c2e57d71483cfb2d075a3fa67258e080a194805cdb0c26d3f7ffb1e0d9cf4fa36dcb2168b72de48ac8f93e6804f1c4d70898d0810e044d7e1778eaac5dfdcc9f1208905522025bcfdf1b6f969b094d5c022c2b7ffefde71e0627b9a2069cc1e0175c4b8860aad4b0a103c589f676b6c4e85eb3950c533b6e62c39ccf9ae9bfe54ee5887358d44f46337fbe090d7c7e55847edee8130ffd3d1e719e01a68b0e691c0d35b0b56e0b514036342fd56f08ac0083f3c2fe41a1295a3d23cf3d160d4fd90f66beba68860456ed41272e1e68d16c2564c85f5556e18784113c493d13253e14d6eb891707fba3c30d07d5ee8619e4426cafec4cf6a3723c455d09b586b248", 0x0, 0xf0, 0x0, 0x0, 0x0, 0x0}, 0x50)
socket$pppl2tp(0x18, 0x1, 0x1)
socket$inet_udp(0x2, 0x2, 0x0)
r1 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, &(0x7f0000000300)=ANY=[@ANYBLOB="18010000120000000000000000000000850000006d000000180100002020642500000000002020207b1af8ff00000000bfa100000000000007010000f8ffffffb702000008000000b703000000000000850000000600000095"], &(0x7f0000000040)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000240)={&(0x7f0000000280)='contention_end\x00', r1}, 0x10)
pipe(&(0x7f0000000000)={<r2=>0xffffffffffffffff, <r3=>0xffffffffffffffff})
vmsplice(r2, &(0x7f00000001c0)=[{&(0x7f0000000180)="fdc6d6ad", 0x4}], 0x1, 0x5)
vmsplice(r3, &(0x7f0000000380)=[{&(0x7f0000013580)='\r', 0x1}], 0x1, 0x1)
r4 = socket$nl_netfilter(0x10, 0x3, 0xc)
sendmsg$NFQNL_MSG_CONFIG(r4, &(0x7f0000000240)={0x0, 0x0, &(0x7f0000000200)={&(0x7f0000000180)={0x1c, 0x2, 0x3, 0x3, 0x0, 0x0, {}, [@NFQA_CFG_CMD={0x8, 0x1, {0x1}}]}, 0x1c}}, 0x0)
r5 = socket$inet6_sctp(0xa, 0x801, 0x84)
setsockopt$inet_sctp6_SCTP_AUTH_ACTIVE_KEY(r5, 0x84, 0x83, &(0x7f0000000480), 0x8)
getsockopt$inet6_IPV6_FLOWLABEL_MGR(0xffffffffffffffff, 0x29, 0x20, &(0x7f0000000100)={@remote, 0x0, 0x2}, 0x0)
r6 = syz_init_net_socket$bt_l2cap(0x1f, 0x1, 0x3)
ioctl$FS_IOC_GETFSLABEL(r6, 0x400452c8, &(0x7f0000000100))
r7 = socket$nl_route(0x10, 0x3, 0x0)
r8 = socket$inet6_mptcp(0xa, 0x1, 0x106)
getsockopt$inet6_tcp_int(r8, 0x6, 0x24, &(0x7f0000000c00), &(0x7f0000002000)=0x2)
sendmsg$nl_route_sched(r7, &(0x7f0000002f80)={0x0, 0x0, &(0x7f0000002f40)={&(0x7f0000000080)=@newtaction={0x18, 0x30, 0x20, 0x0, 0x0, {}, [{0x4}]}, 0x18}, 0x1, 0x0, 0x0, 0x4000}, 0x0)
bpf$BPF_BTF_LOAD(0x12, &(0x7f0000000340)={&(0x7f0000000280)={{0xeb9f, 0x1, 0x0, 0x18, 0x0, 0x18, 0x18, 0x6, [@enum64={0x3, 0x1, 0x0, 0x13, 0x0, 0x8, [{0x3, 0x8, 0x5}]}]}, {0x0, [0x61, 0x61, 0x61, 0x61]}}, 0x0, 0x36, 0x0, 0x1, 0x9b2987a6}, 0x28)
r9 = socket$nl_xfrm(0x10, 0x3, 0x6)
sendmsg$nl_xfrm(r9, &(0x7f0000000540)={0x0, 0x0, &(0x7f0000000340)={&(0x7f0000000580)=@allocspi={0x104, 0x16, 0x1, 0x0, 0x0, {{{@in=@empty, @in6=@mcast1, 0x0, 0x0, 0x0, 0x0, 0xa, 0x0, 0x0, 0x0, 0x0, 0xffffffffffffffff}, {@in6=@initdev={0xfe, 0x88, '\x00', 0x0, 0x0}, 0xfffffffe, 0x33}, @in=@broadcast, {0x0, 0x0, 0x0, 0x0, 0x80}, {}, {}, 0x0, 0x3504, 0x2}}, [@mark={0xc, 0x15, {0x35075b}}]}, 0x104}, 0x1, 0x0, 0x0, 0x840}, 0x0)

101.032538ms ago: executing program 2 (id=1172):
r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000440), 0x0, 0x0)
r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0)
r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x2)
mmap(&(0x7f0000000000/0x3000)=nil, 0x3000, 0x1000003, 0x13, r2, 0x0)
bpf$PROG_LOAD(0x5, &(0x7f0000000440)={0xa, 0x6, &(0x7f00000002c0)=ANY=[@ANYBLOB="050000000000000073118600000000008510000002000000850000007600000095000810000000009500a50500000000e2044545cfbd17576630"], 0x0, 0x5, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x6}, 0x94)
ioctl$KVM_SET_REGS(r2, 0x4090ae82, &(0x7f00000000c0)={[0x1, 0x0, 0x0, 0x2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4, 0x0, 0x0, 0x5, 0x5, 0x80000000, 0x8], 0x0, 0x8340})
ioctl$KVM_RUN(r2, 0xae80, 0x0)
ioctl$KVM_RUN(r2, 0xae80, 0x0)
pipe2$9p(&(0x7f0000000240)={0xffffffffffffffff, <r3=>0xffffffffffffffff}, 0x0)
write$P9_RVERSION(r3, &(0x7f0000000080)=ANY=[@ANYBLOB="1500000065ffff097b000008"], 0x15)
r4 = dup(r3)
r5 = syz_open_dev$media(&(0x7f00000000c0), 0x103, 0x0)
ioctl$MEDIA_IOC_REQUEST_ALLOC(r5, 0x80047c05, &(0x7f0000000100)=<r6=>0xffffffffffffffff)
poll(&(0x7f0000000000)=[{r6, 0x1}, {r5, 0x1104}], 0x2, 0xffffffff)
r7 = eventfd(0xc)
ioctl$VHOST_SET_VRING_KICK(r4, 0x4008af20, &(0x7f0000000040)={0x2, r7})
ioctl$VHOST_SET_VRING_ADDR(0xffffffffffffffff, 0x4028af11, &(0x7f0000000280)={0x2, 0x1, 0x0, 0x0, &(0x7f0000000480)=""/74, 0x8080000})
bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x0, 0xb, 0x0, 0x0, 0x0, 0x0, 0x0, 0x41000, 0x0, '\x00', 0x0, @fallback=0x1e, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
r8 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000200), 0x161642, 0x0)
setsockopt$inet_mreqn(0xffffffffffffffff, 0x0, 0x0, &(0x7f0000000000)={@multicast1, @local}, 0xc)
r9 = ioctl$KVM_CREATE_VM(r8, 0xae01, 0x0)
r10 = ioctl$KVM_CREATE_VCPU(r9, 0xae41, 0x0)
openat$cuse(0xffffffffffffff9c, &(0x7f0000000340), 0x2, 0x0)
ioctl$KVM_SET_USER_MEMORY_REGION(r9, 0x4020ae46, &(0x7f0000000180)={0x0, 0x0, 0x0, 0x2000, &(0x7f0000000000/0x2000)=nil})
ioctl$KVM_NMI(r10, 0xae9a)
ioctl$KVM_SET_REGS(r10, 0x4090ae82, &(0x7f0000000800)={[0x40000, 0x100000000, 0x0, 0x0, 0x100000, 0x0, 0x4, 0x8000000, 0x0, 0xe, 0xfffffffffffffffd, 0x0, 0x80000000000000, 0x8], 0x0, 0x201})
recvmsg$inet_nvme(r4, &(0x7f0000000300)={0x0, 0x0, &(0x7f00000002c0)=[{&(0x7f0000000500)=""/194, 0xc2}, {&(0x7f00000001c0)=""/9, 0x9}, {&(0x7f0000000600)=""/248, 0xf8}], 0x3, &(0x7f0000000700)=""/217, 0xd9}, 0x120)
ioctl$KVM_RUN(r10, 0xae80, 0x0)
ioctl$KVM_RUN(r10, 0xae80, 0x0)

43.382153ms ago: executing program 1 (id=1173):
r0 = openat$procfs(0xffffffffffffff9c, &(0x7f0000000000)='/proc/partitions\x00', 0x0, 0x0)
r1 = openat$sysctl(0xffffffffffffff9c, &(0x7f0000000040)='/proc/sys/vm/drop_caches\x00', 0x1, 0x0)
sendfile(r1, r0, &(0x7f0000002080)=0x64, 0x23b)
r2 = socket$xdp(0x2c, 0x3, 0x0)
setsockopt$XDP_UMEM_REG(r2, 0x11b, 0x4, &(0x7f00000000c0)={&(0x7f0000000000), 0x101000, 0x800, 0x3, 0x1}, 0x20)
setsockopt$XDP_TX_RING(r2, 0x11b, 0x3, &(0x7f00000003c0)=0x800, 0x4)
r3 = syz_usb_connect(0x0, 0x24, &(0x7f0000001140)={{0x12, 0x1, 0x0, 0xbd, 0xf7, 0x13, 0x8, 0x2770, 0x930c, 0x8d6a, 0x1, 0x2, 0x3, 0x1, [{{0x9, 0x2, 0x12, 0x1, 0x0, 0x0, 0x0, 0x0, [{{0x9, 0x4, 0x0, 0x0, 0x0, 0x2a, 0xc5, 0x98}}]}}]}}, 0x0)
syz_usb_control_io$cdc_ncm(r3, 0x0, &(0x7f00000003c0)={0x24, &(0x7f00000000c0)={0x0, 0x13, 0x6, "fc19d02303f6"}, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0})
syz_usb_control_io$uac1(r3, 0x0, 0x0)
syz_usb_control_io$cdc_ncm(r3, 0x0, 0x0)
syz_usb_control_io$cdc_ecm(r3, 0x0, 0x0)
socketpair$unix(0x1, 0x5, 0x0, &(0x7f0000000080)={0xffffffffffffffff, <r4=>0xffffffffffffffff})
ioctl$sock_SIOCGIFINDEX(r4, 0x8933, &(0x7f0000000000)={'veth1_to_batadv\x00', <r5=>0x0})
syz_usb_control_io$cdc_ecm(r3, &(0x7f0000001e80)={0x14, &(0x7f0000001e00)={0x0, 0x21, 0x44, {0x44, 0x22, "cf2cebcdb973f7a7e65df347feeba725a366ca4c82f3ecc898a4c0b09ccf604e5adddaf9a640b35ee102167c6ed5a96c4bb8b53faede04d92654eb71e6c0d1546472"}}, &(0x7f0000000540)={0x0, 0x3, 0x1a, {0x1a}}}, &(0x7f0000002040)={0x1c, &(0x7f0000001ec0)={0x0, 0x3, 0xde, "474afdb70d0f556acc9fa0c39de788f80f387a02dfc9df9354a5545fa6a944575ed23944ac6df3aad97caa57a2ce1bf964b067ba5aa68604fe8dedbc1a56736b288ff6b4a102a497e73aad8064c2922c2292084013aa4a7aceaced1339e8dd8280edabe6bd4c1b9537db4d66f9c55293ef7dca88ff33bd5f7af599610664d9316239fab2cdf4fd73826e20f3827413394bcd13e65c94b21e010a8156da72f72b1dfa7f8d9d766814eae1e0c4770c681e7f228e93f55ea49515ea98ee7136676a6f8449af21c929b3b0de43cbbf23fd947461e9be302bf4a0e86e15fe9a5e"}, &(0x7f0000001fc0)={0x0, 0xa, 0x1, 0x6}, &(0x7f0000002000)={0x0, 0x8, 0x1, 0xc}})
setsockopt$XDP_UMEM_COMPLETION_RING(r2, 0x11b, 0x6, &(0x7f0000000180)=0x20, 0x4)
setsockopt$XDP_UMEM_FILL_RING(r2, 0x11b, 0x5, &(0x7f0000000140)=0x4000, 0x4)
bind$xdp(r2, &(0x7f00000001c0)={0x2c, 0x8, r5}, 0x10)
getsockopt$inet_pktinfo(0xffffffffffffffff, 0x0, 0x8, &(0x7f0000001b40)={<r6=>0x0, @loopback, @broadcast}, &(0x7f0000001b80)=0xc)
sendmmsg$inet6(r0, &(0x7f0000001d40)=[{{&(0x7f0000000000)={0xa, 0x4e21, 0x4, @private1, 0x5}, 0x1c, &(0x7f00000002c0)=[{&(0x7f0000000040)="86c229ca450c4f3832007eae37052935ad801b2106e947ee682dbef6c4e39eb6d7db0ba9a638ca196fddc8570217ae3211ba54d97120010c1c952b1c09d00181fef68ce5d7028509598083b1fdf4", 0x4e}, {&(0x7f00000000c0)="8bc9d196e9d96bea51981f782e6da1ebab025895892e92e8702552650ff79fd9d1c00ca2c55fe0e4427216ddd894d394e360fd658d8418ebaa8c47082acea906ad0e7e32e1c90763a96c6c82ffa0f3209df4855d345d8b3641451338ea1fa04a7c2b3adbfe0cd85c0b986949db1fc8263cd1d4f67311f368b68c543dbe47ddfd9fef1219be7eba8975b5e152c27f3d8fccf0914c358695e8ebad3c7a75f513000a2e9c6d11da128c45274bbbcd3bd5bc52", 0xb1}, {&(0x7f0000000180)="c8dd0ee6a9b052f186e01aa94f132547091d07a639c975de3c93218c8d6585d56329ac72fb216f4a347659fd6e07a5e5a8db63d71b36ef19ee411f4da4ba630a8dc909e31c99f13134b0e927bcf73637a721b05499d7f02c7b779c81b2f0f1961ec79a4f12fc8f1df19d84ff987bd40cb798caaad96bb83eaf147e50decc3b677166a8cb3a960d51c96aa6f57c9bccd94885d9dd88d7a360bfbedb6bfcfb8b58de2ecb3ea6a67e0def2468fdd4619ea1eb1f63bd66161089c105", 0xba}], 0x3}}, {{&(0x7f0000000300)={0xa, 0x4e22, 0x8, @loopback, 0x7ff}, 0x1c, &(0x7f0000000640)=[{&(0x7f0000000340)="95d8fc03e996731390dc58993add85a094e896627c9fdc2b7200bb4235d19991043c7f36d5571b808c4c3fdbaf0e853b77ef1e6b2a1d5b8ac1b8dca6a331f7f0a456d77eab16264339fffea1692df99929f970cb7c01945bcea72650dea53e23a07ed2a42f36f32d26b29af0f0024e9e323a7c128f08a64bf7fc295c70b82cf19611f9a6c9498337ac51873c4387e053b0d2470ff656b1251d9cd4f6dadd0d30c80e08c172bca874600b41220cd6d007a773306dcfece22639a4b83d5c687e833df657a0de524b689d816272cf5f52df5a603ad59823976f6734ce91743249181cd7c51eac7b910f13ff2df727d07d07d3e3b87b1f", 0xf5}, {&(0x7f0000000440)="27ce91c32af2cea3bc6f3de6c93318e50a24aa770df45ff9a02220042eb7407ac19f5a8a7a03e5e949005418621c93fdc966851977935dcfd34a50b820f5f865fcb8861ad9bce7e2470f5868474ae682c6928cd219b52560a631aa153cf3f424e329111760e7e7830fdedac28efc3f2427be397286643a270f4dbb4d1a244af437544f0702ca15dbe4598637dfcbdd639e9599e4244ec6139a4663ea2daa632c86bf76cf45618e878d7948264c89773eb28222aa5a04897f2bea7d53f5e815a5e367b026cae83aa723de624a5c100c2fcaf308c2cb2671619fd7e889d48f", 0xde}, {&(0x7f0000000540)}, {&(0x7f0000000580)="1af00fa678315166510fc01822572664b03ccc992b1967e3104aff91a88fd43aaebf9a28e03e9bf72b33ffb2bcf309f835919b9ade537d8fb033da0e62a6f083c093ce3d8278c680c4ed93ab77bc2ab368a9cf248ff07f6208878590d12a05270596f61b35e95ad979254b05eb1d1d1a089837e4095000f7ad9872a92fd812fc1928abba38a23493abb00784003bc34cf4e5877c6ba5405662", 0x99}], 0x4, &(0x7f00000007c0)=[@tclass={{0x14, 0x29, 0x43, 0x9}}, @hopopts_2292={{0x20, 0x29, 0x36, {0xc, 0x0, '\x00', [@enc_lim={0x4, 0x1, 0x3}]}}}, @hopopts={{0x20, 0x29, 0x36, {0x3c, 0x0, '\x00', [@ra={0x5, 0x2, 0x4e}]}}}, @rthdrdstopts={{0x28, 0x29, 0x37, {0x5c, 0x1, '\x00', [@jumbo={0xc2, 0x4, 0x1000}, @ra]}}}, @pktinfo={{0x24, 0x29, 0x32, {@private0, r5}}}, @hoplimit_2292={{0x14, 0x29, 0x8, 0x1a5a}}, @hopopts={{0x1050, 0x29, 0x36, {0x32, 0x206, '\x00', [@generic={0x8, 0x4, "4c6bda90"}, @generic={0x8, 0x1000, "c5cc3298211dd6cbfe0e2174111f64ed31e11fd738f969b82d945ccd6708323c5706b4e55db17fd4ce62bdc183c831d0c3bd2a421408cf015c85f57ab4e651f1cac9fcfd7dc37c5fbbe5f724059e614aec6544b67ac112666a4a1e259fb95a0bd2d29ad84c75ec51d9e26fe0dfadb6ab3b0906acb59e8bd6c548bd40d8b578ed6994b4a6519db0ae7bf09750293eed026217b31c9ffd0c506d339e1074ea02d758282c6b093e9a4b2cc1db487c283e69d331567bf57804edcd8b8b6ed3bccd68bb976c1456bdb56d188c96bf83145f240bd9e847c7901e9c0c757ebf1feb56f4da985a9a43d21315d625e9b6564b0657d704ad189eb4f45ed027aeaf5e062b1a9446286f84a2a8fbc3a44b82ea1eebccf3dd3572f3f5ccd4579c432bd3276edad0a29af91d2da711f48a3e30c48a72cf885e199bae85205c5c58172907383086df7323942009df50926fc666545329e25138d146f8280454947da9b094d1956e0a3c6ac25e64271ef39934e1eb458d5bf80053f9f5983a6af33c00168886091fc947b53558b9ab624bef614a51244145178f36ec02b75557134f60f39a06d8bc751ff7816cbfe5b4f9bc161caeccb53cfe9f00d6c799317c041b3c11879f2c64f6689ddcb8ce7554cae184085b6dd72c91b7a18af1bef1850aed57a81103b199545432abdeafb444167220be277dab7a5109b536c903623ddaf340ec960c05a92c4a809d9e950b92e5c6b4e936000d4198eca69d22d624a698cd15a3f24497390017fa4c5d98c8be794a08ade771e82986cc190c5caf88f783b57e32a8706d9fffacde318d9d450868c111b6883755bc78c4c928e08be46fb1c2790498895eefae83d0f263cef40263b6f2bbcff8bec64f2a14a3bcc71d55b250679bea1e81e462ade5b1ab756c08ccb0fd84deba56cddcf48aca3e27ba08e8416a1631a3160c0f138cb3af7f17103d0b736692fb51c521bad671437e264fff17e2b6d508d8870f99784d4cb4ea0b5f73fc1bbe3d4a686efc14527a44a43b9d87225cbed45a40c0465ef327a26d6d75a23e80e7ff0613b10771d1a9eaff2277b58395a8295504a37e75bf74644f8ffeb53bbc15d475d9da83c57516a382d91d713488a50368c9d90401fd5ad7443d332e8c99b75268a313e85fc1dd7c34d433f70927983d66c2c1e0675dde6fc55f1d6d6bd47daec845a4acc47ce682fb162f177170bcb351e903a0344eca8987a714fc456422845551cde3f5c3e730a34c9ea6e1c6e23ed28f68e92332d164d911dff0802b255cee09437b499336cbd1c961e4da04bc0f4136410088aad31d784d77afa7be695a856744e05a84dcb3d3ab8de6bb0737286a5b028b7d35d66b9c19e933f9cefb6264d18763936ee5861ede475f8984a1c85d13af24326c0c25a7ef2bffd27381001a71cff73260ab7dfa80bcd696d887bfbb7c33a889de918e9ff8de8dd132615d6554a4a3553d59a6e153ab3ac7c35b41396b4177607e438bf84cbba27a90f57c2ffa817b8ef2bb4c5d4e2b8ad79e9c68ebbcf745943d7191c04b4753b531a544b8b7cc7717316041ad9f525d5a02e08358f48f254a6311f214e1dce400a770caf5ead6a93d5624ef301f74299f38a9b9bd5569c730535bafee1c96a653c837cb68585b82f680e1595b5dc65d22299b93fcedb621add7317cd33a8a729b623c12cbb9fb0a286935b78d290ff1b34047c74a33eb15d3be53d0b636627fa28b00f6eeb985162e3afdf4c04f6a50cee3ec7c47c67e6d143ee3518feb8e44e3683ef79639073aee7094c62d8f3195150316980c29855cabe1e0c38d378c303d28d4d885dc36091acc5cb7de9e10c043a73a3ae575ed1cf0a1f143b140c7a7568601a5a9a76855cadac2e8c695d4ddff386450bdf041df6eb69428b9d3f1690bbe9da37c9dc469173d2770b33700cae85e5afa495c3542378b95afd0ab558e1a6fd7565c3278559a600694cb3253116da5abd993ceeed7a6982e682c634e01c3578a125cd13ec8890dcf90842214a0ceec069e8d2939c2e0d5efa6b879ca3231a0d864d8a19a7b9d93592c920351fbe258158efccf5a2f58f3f2bc5fa1255456d5c59d191717e0d8baeef61c54dd434585cad38557a3a948ff9ed7059f3feb7cf440db858a42c8014b09b51af0cf6949a0787f2ed73a90e4c28d0c13a53fd9547e5d9cff510adfe08795b46f1a1d483875513e348768b43ef037f9d1c7d1098e3f099f0b6dd8808ad5281021f99f512cf74e5eb959cb9ac2d60069d8f194a65080387ec18de873401a338ea976a98742937e581faf454e47a9ccc76992c5d2fc4abcc04fedff8a7f903276037be61c5276b010c29eaad8d4deecfee186d4cda16222dbd3154a7dca62e48bb757ee259f5fbf75cf5417d306fa9e8fdbcb76c9d17430be555aa151f341169d460bd724351223305868c6e5deaf856d0e6ee751a353220b78d27897867de222dcd3cbc58cff8f83f383de4733346add13b3fb310b7d50322ce1da99292959fa34ccfd621418883dc93cabef9f32c7ddefa5636acb86b2433929e263f9197a1b352396f21a9c46a8cfea66dd9e34584bead19ac0d3386b3ff8ba9d97ee3be4f7483c18a0ec7bbb51668adaedbe6e27b7fcb03e83b96aefe598c193ba0a579d2ef90986a9a9671845a747e9935520ddc0c535a6e7b0176c033555b8601aa461aa667a5209793785a1363c0af02c71d4e4b7ca233ca2531c5ab72af374b396c6b294b563d30605b3dfcb15f4b8335e8b9d5ea8c1f9e43c023b1393be2e102e6b52c7dc955e282c6f7a1a8b9cd8dd89f1e7499b9af1940c698062d1bd6046e444519f618054f64e2cb6d967aa1f30b5e60f862ad58e1c1711ec54314b675503c5eeff2753ca1d111bde5c66a4ba6e19d01273ffff2f03ec7c60de64b74983f85f59e040a046c3e014ae1293593a56ecd6d9bc5b78ecc8df3960bfe7cb3f988c2b759fc814e0459e0cf1979b63e5968c12ea97882794952d5641dba852dc38c82442a8cc19872331ea1dbcd351777c9863b1d338e3db2807031896b226ca1bead44cdbe37ede5c0155a08a9d0af751519d33723883e14883d6900e0ebd95c65482f6dd571b4f34f1b2d5b383c4b64bb4009ea4285cb4533e83746db38834d367ed34140830038d639522eb59e106d8dcf5d4e48dae92a9e4edbe671a151c690f00f4622fb8ec67441d2b1e0da9923f32e325d8732f21b7192900cc24e4748214409e66755075eedc8ce0406b055262f392a0b975f1253f4ed07138fdb798fc85b6161d4a243441271dd5c9a44995f909656dc8c8914499e6ec8c818b2bdfb7390eb2ad882005eb57622ce39e2fff74026a3e289bf9205d95d138d371348c0ff08647b794eb3bad1d6a207d8798f10effa613e70c37e40dd67523479e364b91f6b399d4692bfd776fb0d303fc90c4ff7335bf1d75a35217c8404e5a2834f8323649e66f8ad9705d04d43c1ae9fb7b03ee0c7ea61bdad5ba23d64a97463dcf0de9e3faa82bd2061b6c832bbc5747dd54b028b26abaefe01bf966ca78a4b9fcaa39875b4f379627c92e8523fb710b418d3df3b7bf866c5a3f839ed45612825d2806e477da3c4735276af8f515c0dc18d30db29f47286e34b1f118a074ff9a1580cd465a7c4fd41951aec8ebfcd5d69421ed6cffb2b73bb841aaa780a687058f7a3d5a05cf481c8892c69dc6f32bab5b959e4895dd83173d1cfd44b75e2f06840239f16a657c66173179732d9e772ca3a6e002f946b6c3ee28297e488434d11be96d5986548852fac5228488b6a0d98d3767d070f54c56f3ddb0cf6fbace3c28512ae9d5873155e8f023b9d7e9be0ecb844520e06f961f6e9db446b0e56cc534442830b44ac0a3fe07a441931de9beba68719ab6338c06fb0d1e851adee22262c729fc0396e8994be17199f168829b0a4e486cf994d219dfaaa0bf9432b807d2950f33d10edad5a04cf15952581bc9cd1229a589a037f09b73abdf66a99ef5af7fc041c6a8772cfc97471303f9560572f275a22be72ae17efd3f6d300611f13fa321e1cf2f6aa3a3fc5ed6c68d501945c15d623279fe6ad4a1bcc669ead8a02d70d63caf0a2ef8061aa9de85226381687895daabe057a1a56502eaac2a561028295cf720446aeb041545fe47edcdcaca254fdb214fe6ccece0b1ae0614e28091c6461a7ef91552424b40ddb20eeaceb02bbc6812708151b37ec15b8d491e4a1dbb0b8cd8745ad2cc8b08d4c4377d5ed433ea3c18c081a5b1d47dc8893254344fb11b0b6e205e897d6abdf188176ea721d6fde81a793a3ab01422bff4199c7ace40972fdb836d4376e37fdcda7d2e340bc0a18edaede8b08fc4233cf09996ead7b7f5244db5733d0c07f7d79bbdf07b4960a873ac81985747f5fe118ba7b252b0ab7ad1f1637d52abad836268a211537f7d97d9a0559bc5e3279b332cd90fad424ba6d53d6fc033913f9ab1dc29c6f0743a227583d87963aaf732495384bc790135bff056fab570f3532eeee68200ea3115965ba9d780222dafbdc5a4cef35d44087f54aa6a6c6f5fb27d77a232c03d152f0fdcf80110536e3f8ff73ce2156fd0e91d26ce8fd798832cf2eefa0575c2f1febe05d38f3849faf50a5058f9089947418d7190a0137c6bd358057e290ce16cb7818c00bb7652672e392dac575397f94bc0d2704ccf222bd3cdfaa8b22768ff1461789e72a3dbe02b2a2fc14743627833f156d89b91e6b73306b65ad95750524851ab57d9bb6e4a2b8c12b57edf5343735dab09951ae439b88fef790e42bda1f8187365c37d5dfd4b6c189420a9e3e98fb069e77b2b3c11d480ed8b47a3ddbf6bf03076745f5ba63c1f015a7a1e7670357ce91efa0475fbf10b3542aa8a2f6c77d7ead781dc336e32c15ef4f874408e53f6658a137b231f8b858452f5e7381ea26bb2cda8d440111b79e6627ad3edadec6cbfe726f9176d171e151aa0637de766c3c80725307cfe86179f1950159deb4df5de493d7b3d5e3ff4513e25c3d3be971caec0776dff5c1d825f1a60aa9da8b3d20085160db89ea70bec3c972504c2b5b3d243f19e82a1ed2f5b43c7fd45240ba03aedf9446f67e8ffee673fa51795636f09175a4042bb34fb8fe9ae0ea7026e54bfccb56339d8081d15292426002a415b772543cfcaf85b778309168811fe3828f3f7d306f4407c284695c255b4a48b1d8b56d02bba013411708622327a94b58f3de5e9b26c639e13babe4bf668d718a8296ab6524b6bf90297ddf5fc3adbe749c84e55d387e1f2952901054cf3bd262d97bb26d85e4abbbeb25d62a22a83c578a8228edb6580accc560f286b4728d061ef976089a30e9f617199d71965b3a6561ac3bc9624d02c74fd211a3b47b281a99eb6ca60a8ec1c059920318308db3eebc7192ce6ccb2d9952491da9ec0cdb88fca0196697cf82e9f47ce5106f6eee0dc82621a8922af93db2a60b889ee43e21073c925423e65713957e770d8ed5923d400a92ad6ac16143a7ab9f58f7a5f83fa547b4308ca671136c96c7dbb1f4cea13ccc3f466fb9ec6552036317f882560b0c6659aaee71f6aacea8dd925cee895e2f626e7b7e2ee07eb6b4ade7285c2e561e617a157fd97f0b0c9399e9e3adb34c4b2be859a8b04fae97ca520b39e33f35aaf8ccbb2d1d34d0a294aaae936836e8f1512e763e933cba84af9013f629573f6ee1d81ea82a29fad26d02e9fdb7ca5b980ea9cd684941ad5a41b230686dc8b912d9c9ff00456918b68f6955ac99ba9e734b131ee803372a0578e086a"}, @padn={0x1, 0x7, [0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0]}, @hao={0xc9, 0x10, @local}, @enc_lim={0x4, 0x1, 0x9}, @jumbo={0xc2, 0x4, 0x4}, @jumbo={0xc2, 0x4, 0x8001}]}}}, @hopopts_2292={{0x30, 0x29, 0x36, {0x84, 0x2, '\x00', [@enc_lim={0x4, 0x1, 0x9}, @ra={0x5, 0x2, 0x2}, @padn={0x1, 0x3, [0x0, 0x0, 0x0]}, @padn={0x1, 0x4, [0x0, 0x0, 0x0, 0x0]}]}}}], 0x1140}}, {{&(0x7f0000001900)={0xa, 0x4e22, 0x4, @private2={0xfc, 0x2, '\x00', 0x1}, 0x3}, 0x1c, &(0x7f0000001b00)=[{&(0x7f0000001940)="6393382e31837f6a88fca67273fd726092817ed5ffbd57bd617607e8ce2198e73376a393c69a9dc0a90a16d01e59132933f1ba31589ff950672a7217ea96d519588574f316a52d9c7bda2f05b405daed5f9fc97b37abe9f68e5092e77b7ef2922e31b1d65be6528293bff34dfb94a0ec9f5f8ec1a0f9e5e53ea1641e443c2f6c2c7bd41825b1dbd7cfed4d20b6596c71c79677f425ce24363de7417e97b2b299185ee16d2554df837027d1f6ebba8c6e438918efc841a35b8990393bf224feba3132ed6722ef13484a53eda4b483d0200babf11b0e290fd77a9ebc", 0xdb}, {&(0x7f0000001a40)="dd9101978294b3cc6ba03db766b51dc4530fb5bc08f7e5d7772412ec4fbd83f3e4a900b31fd5703deac25ee3dd0c5fbd042f7a2460f0befc8516d405f4d412bbccc367886f5eb1811f724783259bc4f881517121ba86a43963c302e870880975418401204ade065849242713418651654fcaa9d3e4f8ee6b2070a54642413c7d7257a87febb38e03", 0x88}], 0x2, &(0x7f0000001bc0)=[@hopopts_2292={{0x50, 0x29, 0x36, {0x6c, 0x6, '\x00', [@pad1, @hao={0xc9, 0x10, @local}, @enc_lim={0x4, 0x1, 0x2}, @padn={0x1, 0x2, [0x0, 0x0]}, @hao={0xc9, 0x10, @private2={0xfc, 0x2, '\x00', 0x1}}, @ra={0x5, 0x2, 0xff}]}}}, @tclass={{0x14, 0x29, 0x43, 0xbfd}}, @hoplimit_2292={{0x14, 0x29, 0x8, 0x6fa}}, @rthdrdstopts={{0x30, 0x29, 0x37, {0x3c, 0x2, '\x00', [@padn={0x1, 0x7, [0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0]}, @pad1, @enc_lim={0x4, 0x1, 0xff}, @enc_lim={0x4, 0x1, 0x6}]}}}, @dstopts={{0x80, 0x29, 0x37, {0x6c, 0xc, '\x00', [@padn={0x1, 0xa, [0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0]}, @pad1, @calipso={0x7, 0x40, {0x2, 0xe, 0x2, 0x575, [0xb5b1, 0x3, 0x800, 0x5, 0x8, 0xfffffffffffffff9, 0x2]}}, @pad1, @padn={0x1, 0x8, [0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0]}, @enc_lim={0x4, 0x1, 0x6}]}}}, @pktinfo={{0x24, 0x29, 0x32, {@remote, r6}}}], 0x158}}], 0x3, 0x0)
r7 = bpf$MAP_CREATE_CONST_STR(0x0, &(0x7f0000000240)={0x2, 0x4, 0x8, 0x1, 0x80, 0x0, 0x0, '\x00', 0x0, 0x0}, 0x48)
sendto$packet(0xffffffffffffffff, &(0x7f00000000c0)='?', 0x1, 0x0, 0x0, 0x0)
r8 = bpf$MAP_CREATE(0x0, &(0x7f0000000000)=@base={0x19, 0x4, 0x4, 0x2, 0x0, 0x1}, 0x48)
bpf$MAP_GET_NEXT_KEY(0x2, &(0x7f0000000180)={r8, &(0x7f00000000c0), &(0x7f0000000000)=""/10, 0x2}, 0x20)
bpf$MAP_GET_NEXT_KEY(0x2, &(0x7f0000000200)={r8, &(0x7f0000000080), &(0x7f0000000000)=""/10, 0x2}, 0x20)
bpf$MAP_GET_NEXT_KEY(0x4, &(0x7f0000000b40)={r8, &(0x7f0000000a80), &(0x7f0000000ac0)=""/68}, 0x20)
bpf$PROG_LOAD(0x5, &(0x7f0000000680)={0x9, 0x5, &(0x7f0000000740)=@framed={{0x18, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4}, [@map_fd={0x18, 0x0, 0x1, 0x0, r7}]}, &(0x7f0000000780)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @cgroup_sock=0xd, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)

0s ago: executing program 5 (id=1174):
r0 = openat$sysctl(0xffffffffffffff9c, &(0x7f0000000340)='/proc/sys/net/ipv4/tcp_mtu_probing\x00', 0x1, 0x0)
r1 = socket$nl_netfilter(0x10, 0x3, 0xc)
sendmsg$NFT_BATCH(r1, &(0x7f000000c2c0)={0x0, 0x0, &(0x7f0000000200)={&(0x7f00000002c0)=ANY=[@ANYBLOB="140000001000010000000000000000000000000a28000000000a0101000000005e1affd5021900000900010073797a300000000008000240000000032c000000030a01030000e6ff00000000020000000900010073797a30000000000900030073797a320000000014000000110001"], 0x7c}}, 0x0)
sendmsg$NFT_BATCH(r1, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000040)={&(0x7f0000000340)=ANY=[@ANYBLOB="140000001000010000000000000000000000000a6c000000060a09040000000000000000020000000900020073797a32000000000900010073797a30", @ANYRES16=r0], 0x94}, 0x1, 0x0, 0x0, 0x80}, 0x20000000)

kernel console output (not intermixed with test programs):

  153.045014][ T5957] usb 5-1: config 1 has no interface number 1
[  153.065447][ T5898] I/O error, dev nbd2, sector 2 op 0x0:(READ) flags 0x0 phys_seg 1 prio class 0
[  153.075141][ T5957] usb 5-1: config 1 interface 0 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 0
[  153.121822][ T5957] usb 5-1: config 1 interface 2 altsetting 1 endpoint 0x82 has an invalid bInterval 127, changing to 4
[  153.133292][ T5898] Buffer I/O error on dev nbd2, logical block 1, async page read
[  153.133496][ T5898] I/O error, dev nbd2, sector 4 op 0x0:(READ) flags 0x0 phys_seg 1 prio class 0
[  153.183018][ T5957] usb 5-1: New USB device found, idVendor=1d6b, idProduct=0101, bcdDevice= 0.40
[  153.307419][ T5898] Buffer I/O error on dev nbd2, logical block 2, async page read
[  153.340086][ T5957] usb 5-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  153.375714][ T5898] I/O error, dev nbd2, sector 6 op 0x0:(READ) flags 0x0 phys_seg 1 prio class 0
[  153.442097][ T5957] usb 5-1: Product: syz
[  154.091848][ T5957] usb 5-1: Manufacturer: syz
[  154.105623][ T5957] usb 5-1: SerialNumber: syz
[  154.124808][ T5898] Buffer I/O error on dev nbd2, logical block 3, async page read
[  154.151552][ T5957] usb 5-1: can't set config #1, error -71
[  154.177736][ T5898] I/O error, dev nbd2, sector 0 op 0x0:(READ) flags 0x0 phys_seg 1 prio class 0
[  154.191840][ T5957] usb 5-1: USB disconnect, device number 7
[  154.249642][ T5898] Buffer I/O error on dev nbd2, logical block 0, async page read
[  154.284264][ T5898] I/O error, dev nbd2, sector 2 op 0x0:(READ) flags 0x0 phys_seg 1 prio class 0
[  154.365382][ T5898] Buffer I/O error on dev nbd2, logical block 1, async page read
[  154.389864][ T5898] I/O error, dev nbd2, sector 4 op 0x0:(READ) flags 0x0 phys_seg 1 prio class 0
[  154.420415][ T5898] Buffer I/O error on dev nbd2, logical block 2, async page read
[  154.484450][ T5898] I/O error, dev nbd2, sector 6 op 0x0:(READ) flags 0x0 phys_seg 1 prio class 0
[  154.532900][ T5898] Buffer I/O error on dev nbd2, logical block 3, async page read
[  154.999737][ T5898] I/O error, dev nbd2, sector 0 op 0x0:(READ) flags 0x0 phys_seg 1 prio class 0
[  155.009572][ T5898] Buffer I/O error on dev nbd2, logical block 0, async page read
[  155.029096][ T5898] I/O error, dev nbd2, sector 2 op 0x0:(READ) flags 0x0 phys_seg 1 prio class 0
[  155.093645][ T5898] Buffer I/O error on dev nbd2, logical block 1, async page read
[  155.102068][ T5958] usb 3-1: new high-speed USB device number 10 using dummy_hcd
[  155.134759][ T5898] ldm_validate_partition_table(): Disk read failed.
[  155.247256][ T5898] Dev nbd2: unable to read RDB block 0
[  155.261060][ T5898]  nbd2: unable to read partition table
[  155.315478][ T5958] usb 3-1: Using ep0 maxpacket: 16
[  155.334492][ T5898] ldm_validate_partition_table(): Disk read failed.
[  155.350330][ T5958] usb 3-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config
[  155.403435][ T5898] Dev nbd2: unable to read RDB block 0
[  155.417847][ T5958] usb 3-1: New USB device found, idVendor=0fe6, idProduct=9700, bcdDevice=d1.9a
[  155.443435][ T5898]  nbd2: unable to read partition table
[  155.458590][ T5958] usb 3-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  155.688707][ T5958] usb 3-1: Product: syz
[  155.692934][ T5958] usb 3-1: Manufacturer: syz
[  155.715310][ T5958] usb 3-1: SerialNumber: syz
[  155.733400][ T5958] usb 3-1: config 0 descriptor??
[  155.765032][ T5958] dm9601 3-1:0.0: probe with driver dm9601 failed with error -22
[  155.785409][    T9] usb 2-1: new high-speed USB device number 6 using dummy_hcd
[  155.807434][ T5958] sr9700 3-1:0.0: probe with driver sr9700 failed with error -22
[  155.955310][    T9] usb 2-1: Using ep0 maxpacket: 32
[  156.201220][ T5974] usb 3-1: USB disconnect, device number 10
[  156.225544][    T9] usb 2-1: config 0 has an invalid interface number: 1 but max is 0
[  156.255376][    T9] usb 2-1: config 0 has no interface number 0
[  156.279871][    T9] usb 2-1: New USB device found, idVendor=8086, idProduct=9500, bcdDevice=b6.d8
[  156.307481][    T9] usb 2-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  156.325672][    T9] usb 2-1: Product: syz
[  156.335315][    T9] usb 2-1: Manufacturer: syz
[  156.360971][    T9] usb 2-1: SerialNumber: syz
[  156.387505][    T9] usb 2-1: config 0 descriptor??
[  156.416969][    T9] usb 2-1: dvb_usb_v2: found a 'Intel CE9500 reference design' in warm state
[  156.435509][    T9] usb 2-1: selecting invalid altsetting 1
[  156.451993][    T9] usb 2-1: dvb_usb_ce6230: usb_set_interface() failed=-22
[  156.475767][    T9] usb 2-1: dvb_usb_v2: will pass the complete MPEG2 transport stream to the software demuxer
[  156.525824][    T9] dvbdev: DVB: registering new adapter (Intel CE9500 reference design)
[  156.571528][    T9] usb 2-1: media controller created
[  156.626369][    T9] dvbdev: dvb_create_media_entity: media entity 'dvb-demux' registered.
[  156.635607][ T5974] usb 3-1: new high-speed USB device number 11 using dummy_hcd
[  156.815397][ T5974] usb 3-1: device descriptor read/64, error -71
[  157.075720][ T5974] usb 3-1: new high-speed USB device number 12 using dummy_hcd
[  157.256302][ T5974] usb 3-1: device descriptor read/64, error -71
[  157.734250][ T5974] usb usb3-port1: attempt power cycle
[  157.755648][    T9] usb 2-1: dvb_usb_ce6230: usb_control_msg() failed=-110
[  158.251185][    T9] zl10353_read_register: readreg error (reg=127, ret==-110)
[  158.305495][ T5974] usb 3-1: new high-speed USB device number 13 using dummy_hcd
[  158.356878][ T5974] usb 3-1: device descriptor read/8, error -71
[  158.596080][ T5974] usb 3-1: new high-speed USB device number 14 using dummy_hcd
[  158.657266][ T5974] usb 3-1: device descriptor read/8, error -71
[  158.757841][ T6829] =======================================================
[  158.757841][ T6829] WARNING: The mand mount option has been deprecated and
[  158.757841][ T6829]          and is ignored by this kernel. Remove the mand
[  158.757841][ T6829]          option from the mount to silence this warning.
[  158.757841][ T6829] =======================================================
[  158.805640][ T5974] usb usb3-port1: unable to enumerate USB device
[  158.836918][ T6829] debugfs: Invalid uid '0x00000000ffffffff'
[  159.594428][    T9] usb 2-1: USB disconnect, device number 6
[  161.640925][ T6860] netlink: 'syz.3.249': attribute type 1 has an invalid length.
[  161.941970][ T6865] blk_print_req_error: 138 callbacks suppressed
[  161.941990][ T6865] I/O error, dev nbd0, sector 0 op 0x0:(READ) flags 0x0 phys_seg 1 prio class 0
[  162.066574][ T6865] buffer_io_error: 138 callbacks suppressed
[  162.066593][ T6865] Buffer I/O error on dev nbd0, logical block 0, async page read
[  162.094121][ T6865] I/O error, dev nbd0, sector 2 op 0x0:(READ) flags 0x0 phys_seg 1 prio class 0
[  162.847200][ T6865] Buffer I/O error on dev nbd0, logical block 1, async page read
[  162.906685][ T6865] I/O error, dev nbd0, sector 4 op 0x0:(READ) flags 0x0 phys_seg 1 prio class 0
[  162.985953][ T6865] Buffer I/O error on dev nbd0, logical block 2, async page read
[  163.040902][ T6865] I/O error, dev nbd0, sector 6 op 0x0:(READ) flags 0x0 phys_seg 1 prio class 0
[  163.121050][ T6865] Buffer I/O error on dev nbd0, logical block 3, async page read
[  163.171972][ T6865] I/O error, dev nbd0, sector 0 op 0x0:(READ) flags 0x0 phys_seg 1 prio class 0
[  163.282879][ T6865] Buffer I/O error on dev nbd0, logical block 0, async page read
[  163.312375][ T6865] I/O error, dev nbd0, sector 2 op 0x0:(READ) flags 0x0 phys_seg 1 prio class 0
[  163.322575][ T6865] Buffer I/O error on dev nbd0, logical block 1, async page read
[  163.333001][ T6865] I/O error, dev nbd0, sector 4 op 0x0:(READ) flags 0x0 phys_seg 1 prio class 0
[  163.344875][ T6865] Buffer I/O error on dev nbd0, logical block 2, async page read
[  163.355070][ T6865] I/O error, dev nbd0, sector 6 op 0x0:(READ) flags 0x0 phys_seg 1 prio class 0
[  163.371376][ T6865] Buffer I/O error on dev nbd0, logical block 3, async page read
[  163.380288][ T6865] I/O error, dev nbd0, sector 0 op 0x0:(READ) flags 0x0 phys_seg 1 prio class 0
[  163.395817][ T6865] Buffer I/O error on dev nbd0, logical block 0, async page read
[  163.405102][ T6865] I/O error, dev nbd0, sector 2 op 0x0:(READ) flags 0x0 phys_seg 1 prio class 0
[  163.417395][ T6865] Buffer I/O error on dev nbd0, logical block 1, async page read
[  163.432203][ T6865] ldm_validate_partition_table(): Disk read failed.
[  163.468142][ T6865] Dev nbd0: unable to read RDB block 0
[  163.483359][ T6865]  nbd0: unable to read partition table
[  163.508429][ T6865] (syz.0.251,6865,0):ocfs2_get_sector:1714 ERROR: status = -5
[  163.542583][ T6865] (syz.0.251,6865,0):ocfs2_sb_probe:753 ERROR: status = -5
[  163.589801][ T6865] (syz.0.251,6865,0):ocfs2_fill_super:989 ERROR: superblock probe failed!
[  163.639326][ T6865] (syz.0.251,6865,0):ocfs2_fill_super:1177 ERROR: status = -5
[  164.126651][ T6889] ubi0: attaching mtd0
[  164.130959][ T6889] ubi0 error: ubi_attach_mtd_dev: bad VID header (1) or data offsets (65)
[  165.818357][ T6901] xt_NFQUEUE: number of queues (65532) out of range (got 66665)
[  165.996977][   T30] audit: type=1326 audit(1752644201.245:34): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=6883 comm="syz.1.257" exe="/root/syz-executor" sig=9 arch=c000003e syscall=231 compat=0 ip=0x7f99add8e929 code=0x0
[  166.883545][ T6917] netlink: 'syz.3.266': attribute type 3 has an invalid length.
[  166.895949][ T6917] netlink: 'syz.3.266': attribute type 1 has an invalid length.
[  166.914232][ T6917] netlink: 216 bytes leftover after parsing attributes in process `syz.3.266'.
[  166.926387][ T6917] NCSI netlink: No device for ifindex 33022
[  166.961853][ T6917] No buffer was provided with the request
[  169.048319][   T96] block nbd1: Possible stuck request ffff88802576e000: control (read@0,1024B). Runtime 30 seconds
[  169.060329][   T96] block nbd1: Possible stuck request ffff88802576e1c0: control (read@1024,1024B). Runtime 30 seconds
[  169.072055][   T96] block nbd1: Possible stuck request ffff88802576e380: control (read@2048,1024B). Runtime 30 seconds
[  169.085812][   T96] block nbd1: Possible stuck request ffff88802576e540: control (read@3072,1024B). Runtime 30 seconds
[  170.342804][ T6954] netlink: 80 bytes leftover after parsing attributes in process `syz.3.273'.
[  170.607821][ T6964] ubi0: attaching mtd0
[  170.612427][ T6964] ubi0 error: ubi_attach_mtd_dev: bad VID header (1) or data offsets (65)
[  170.755452][ T5958] usb 3-1: new high-speed USB device number 15 using dummy_hcd
[  170.786684][   T30] audit: type=1326 audit(1752644206.035:35): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=6956 comm="syz.1.274" exe="/root/syz-executor" sig=9 arch=c000003e syscall=231 compat=0 ip=0x7f99add8e929 code=0x0
[  170.930307][ T5958] usb 3-1: device descriptor read/64, error -71
[  171.775305][ T5958] usb 3-1: new high-speed USB device number 16 using dummy_hcd
[  171.951594][ T5958] usb 3-1: device descriptor read/64, error -71
[  172.466144][ T5958] usb usb3-port1: attempt power cycle
[  172.967197][ T6991] syz_tun: entered allmulticast mode
[  173.133178][ T5958] usb 3-1: new high-speed USB device number 17 using dummy_hcd
[  173.223538][ T5841] Bluetooth: hci4: SCO packet for unknown connection handle 954
[  173.852617][ T5958] usb 3-1: device descriptor read/8, error -71
[  174.378376][ T5957] hid-generic 0003:0004:0000.0002: unknown main item tag 0x0
[  174.442826][ T5957] hid-generic 0003:0004:0000.0002: unknown main item tag 0x0
[  174.541244][ T5957] hid-generic 0003:0004:0000.0002: unknown main item tag 0x0
[  175.010142][ T5957] hid-generic 0003:0004:0000.0002: hidraw0: USB HID v0.00 Device [syz0] on syz1
[  175.596454][ T6991] syz_tun: left allmulticast mode
[  176.100246][ T7007] fido_id[7007]: Failed to open report descriptor at '/sys/devices/virtual/misc/uhid/report_descriptor': No such file or directory
[  176.289472][ T7021] ubi0: attaching mtd0
[  176.293759][ T7021] ubi0 error: ubi_attach_mtd_dev: bad VID header (1) or data offsets (65)
[  178.327312][ T7045] netlink: 4 bytes leftover after parsing attributes in process `syz.2.292'.
[  178.337268][ T7045] openvswitch: netlink: Flow actions may not be safe on all matching packets.
[  178.616786][   T30] audit: type=1326 audit(1752644213.865:36): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=7010 comm="syz.4.290" exe="/root/syz-executor" sig=9 arch=c000003e syscall=231 compat=0 ip=0x7fc6b918e929 code=0x0
[  178.669128][ T7050] netlink: 16 bytes leftover after parsing attributes in process `syz.0.281'.
[  178.712294][ T7050] netlink: 4 bytes leftover after parsing attributes in process `syz.0.281'.
[  178.966543][ T5913] usb 3-1: new high-speed USB device number 19 using dummy_hcd
[  179.201389][ T5913] usb 3-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7
[  179.286722][ T5913] usb 3-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0
[  179.335893][ T5913] usb 3-1: config 0 interface 0 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 21
[  179.417365][ T5913] usb 3-1: New USB device found, idVendor=047f, idProduct=ffff, bcdDevice= 0.00
[  179.444242][ T5913] usb 3-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  179.479923][ T5913] usb 3-1: config 0 descriptor??
[  180.149078][ T5913] plantronics 0003:047F:FFFF.0003: reserved main item tag 0xe
[  180.299495][ T5913] plantronics 0003:047F:FFFF.0003: unknown main item tag 0x0
[  180.536871][ T7064] netlink: 16 bytes leftover after parsing attributes in process `syz.2.295'.
[  180.599023][ T5913] plantronics 0003:047F:FFFF.0003: hiddev0,hidraw0: USB HID v0.40 Device [HID 047f:ffff] on usb-dummy_hcd.2-1/input0
[  180.903756][ T7073] 9pnet_fd: Insufficient options for proto=fd
[  181.956267][ T7085] netlink: 68 bytes leftover after parsing attributes in process `syz.0.304'.
[  181.980098][ T5957] usb 3-1: USB disconnect, device number 19
[  183.086836][ T7085] workqueue: Failed to create a rescuer kthread for wq "nfc2_nci_rx_wq": -EINTR
[  183.910697][ T7103] xt_socket: unknown flags 0x4
[  184.698576][ T7111] netlink: 4 bytes leftover after parsing attributes in process `syz.0.312'.
[  184.822987][ T7118] 9pnet_fd: Insufficient options for proto=fd
[  185.627072][ T7131] xt_TCPMSS: Only works on TCP SYN packets
[  186.379251][ T7154] xt_socket: unknown flags 0x4
[  188.350379][ T7184] xt_socket: unknown flags 0x4
[  190.070879][ T7205] xt_TCPMSS: Only works on TCP SYN packets
[  190.488872][ T7209] netlink: 8 bytes leftover after parsing attributes in process `syz.0.332'.
[  190.978838][ T5912] usb 5-1: new high-speed USB device number 8 using dummy_hcd
[  190.998854][ T7221] xt_socket: unknown flags 0x4
[  191.087945][ T7220] nbd3: detected capacity change from 0 to 127
[  191.175546][ T5912] usb 5-1: Using ep0 maxpacket: 16
[  191.197920][ T5912] usb 5-1: config 0 interface 0 altsetting 0 has an endpoint descriptor with address 0xF3, changing to 0x83
[  191.240428][ T5912] usb 5-1: config 0 interface 0 altsetting 0 endpoint 0x83 has an invalid bInterval 0, changing to 7
[  191.287499][ T5912] usb 5-1: New USB device found, idVendor=2040, idProduct=0264, bcdDevice=4e.d1
[  191.299511][ T5912] usb 5-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  191.449828][ T5912] usb 5-1: Product: syz
[  191.498484][ T5912] usb 5-1: Manufacturer: syz
[  191.583569][   T50] block nbd3: Receive control failed (result -104)
[  191.585345][ T5912] usb 5-1: SerialNumber: syz
[  191.806378][ T5912] usb 5-1: config 0 descriptor??
[  191.828626][ T5912] em28xx 5-1:0.0: New device syz syz @ 480 Mbps (2040:0264, interface 0, class 0)
[  191.874985][ T5912] em28xx 5-1:0.0: Audio interface 0 found (Vendor Class)
[  192.033490][ T7231] iommufd_mock iommufd_mock0: Adding to iommu group 0
[  193.071041][   T30] audit: type=1800 audit(1752644228.075:37): pid=7232 uid=0 auid=4294967295 ses=4294967295 subj=_ op=collect_data cause=failed(directio) comm="syz.0.338" name="bus" dev="overlay" ino=422 res=0 errno=0
[  193.152090][ T5912] em28xx 5-1:0.0: unknown em28xx chip ID (0)
[  193.425732][ T5912] em28xx 5-1:0.0: Config register raw data: 0xfffffffb
[  193.560476][ T5912] em28xx 5-1:0.0: AC97 chip type couldn't be determined
[  193.594683][ T5912] em28xx 5-1:0.0: No AC97 audio processor
[  193.729220][ T7240] netlink: 20 bytes leftover after parsing attributes in process `syz.0.342'.
[  194.549820][ T1302] ieee802154 phy0 wpan0: encryption failed: -22
[  194.563785][ T1302] ieee802154 phy1 wpan1: encryption failed: -22
[  194.639267][ T7244] netlink: 248 bytes leftover after parsing attributes in process `syz.0.342'.
[  194.702221][ T7244] netlink: 12 bytes leftover after parsing attributes in process `syz.0.342'.
[  195.372239][ T7261] netlink: 4 bytes leftover after parsing attributes in process `syz.2.345'.
[  195.553872][ T7263] xt_socket: unknown flags 0x4
[  195.557484][ T5912] usb 5-1: USB disconnect, device number 8
[  195.576914][ T5912] em28xx 5-1:0.0: Disconnecting em28xx
[  195.612078][ T5912] em28xx 5-1:0.0: Freeing device
[  195.901273][ T5974] usb 3-1: new high-speed USB device number 20 using dummy_hcd
[  196.705372][ T5974] usb 3-1: Using ep0 maxpacket: 32
[  197.260761][ T5974] usb 3-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7
[  197.272783][ T5974] usb 3-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0
[  197.283556][ T5974] usb 3-1: New USB device found, idVendor=0403, idProduct=6030, bcdDevice= 0.00
[  197.294082][ T5974] usb 3-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  197.446096][ T5974] usb 3-1: config 0 descriptor??
[  199.216095][ T5974] usbhid 3-1:0.0: can't add hid device: -71
[  199.227659][ T5974] usbhid 3-1:0.0: probe with driver usbhid failed with error -71
[  199.515931][   T96] block nbd1: Possible stuck request ffff88802576e000: control (read@0,1024B). Runtime 60 seconds
[  199.531015][   T96] block nbd1: Possible stuck request ffff88802576e1c0: control (read@1024,1024B). Runtime 60 seconds
[  199.550966][   T96] block nbd1: Possible stuck request ffff88802576e380: control (read@2048,1024B). Runtime 60 seconds
[  199.562559][   T96] block nbd1: Possible stuck request ffff88802576e540: control (read@3072,1024B). Runtime 60 seconds
[  199.595487][ T5974] usb 3-1: USB disconnect, device number 20
[  200.955405][    T9] usb 5-1: new full-speed USB device number 9 using dummy_hcd
[  201.118500][    T9] usb 5-1: unable to get BOS descriptor or descriptor too short
[  201.130530][    T9] usb 5-1: not running at top speed; connect to a high speed hub
[  201.164968][    T9] usb 5-1: config 1 interface 0 altsetting 222 endpoint 0x81 has invalid maxpacket 1023, setting to 64
[  201.187668][    T9] usb 5-1: config 1 interface 0 has no altsetting 0
[  201.206888][    T9] usb 5-1: New USB device found, idVendor=0c45, idProduct=5112, bcdDevice= 0.40
[  201.222946][    T9] usb 5-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  201.264912][    T9] usb 5-1: Product: syz
[  201.270133][    T9] usb 5-1: Manufacturer: syz
[  201.282242][    T9] usb 5-1: SerialNumber: syz
[  201.310018][ T7307] raw-gadget.1 gadget.4: fail, usb_ep_enable returned -22
[  201.561419][ T7307] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy
[  201.577754][ T7307] misc raw-gadget: fail, usb_gadget_register_driver returned -16
[  201.608732][    T9] usbhid 5-1:1.0: can't add hid device: -71
[  201.615626][    T9] usbhid 5-1:1.0: probe with driver usbhid failed with error -71
[  201.624874][ T7317] xt_socket: unknown flags 0x4
[  201.665555][    T9] usb 5-1: USB disconnect, device number 9
[  202.623011][ T7328] kvm: emulating exchange as write
[  203.785770][ T7338] nbd4: detected capacity change from 0 to 127
[  203.929380][ T7346] netlink: 8 bytes leftover after parsing attributes in process `syz.0.374'.
[  204.053410][   T50] block nbd4: Receive control failed (result -32)
[  205.011166][ T7298] block nbd4: Dead connection, failed to find a fallback
[  205.083002][ T7298] block nbd4: shutting down sockets
[  205.225276][ T7298] blk_print_req_error: 55 callbacks suppressed
[  205.225294][ T7298] I/O error, dev nbd4, sector 0 op 0x0:(READ) flags 0x0 phys_seg 1 prio class 0
[  205.295252][ T7298] buffer_io_error: 54 callbacks suppressed
[  205.295269][ T7298] Buffer I/O error on dev nbd4, logical block 0, async page read
[  205.358279][ T7298] I/O error, dev nbd4, sector 2 op 0x0:(READ) flags 0x0 phys_seg 1 prio class 0
[  205.412411][ T7298] Buffer I/O error on dev nbd4, logical block 1, async page read
[  205.458518][ T7298] I/O error, dev nbd4, sector 4 op 0x0:(READ) flags 0x0 phys_seg 1 prio class 0
[  205.489545][ T7298] Buffer I/O error on dev nbd4, logical block 2, async page read
[  205.513039][ T7298] I/O error, dev nbd4, sector 6 op 0x0:(READ) flags 0x0 phys_seg 1 prio class 0
[  205.554784][ T7298] Buffer I/O error on dev nbd4, logical block 3, async page read
[  205.583232][ T7298] I/O error, dev nbd4, sector 0 op 0x0:(READ) flags 0x0 phys_seg 1 prio class 0
[  205.618980][ T7298] Buffer I/O error on dev nbd4, logical block 0, async page read
[  205.663052][ T7298] I/O error, dev nbd4, sector 2 op 0x0:(READ) flags 0x0 phys_seg 1 prio class 0
[  205.691774][ T7298] Buffer I/O error on dev nbd4, logical block 1, async page read
[  206.372150][ T7298] I/O error, dev nbd4, sector 4 op 0x0:(READ) flags 0x0 phys_seg 1 prio class 0
[  206.386618][ T7298] Buffer I/O error on dev nbd4, logical block 2, async page read
[  206.400339][ T7298] I/O error, dev nbd4, sector 6 op 0x0:(READ) flags 0x0 phys_seg 1 prio class 0
[  206.492004][ T7298] Buffer I/O error on dev nbd4, logical block 3, async page read
[  206.582385][ T7298] I/O error, dev nbd4, sector 0 op 0x0:(READ) flags 0x0 phys_seg 1 prio class 0
[  206.642606][ T7298] Buffer I/O error on dev nbd4, logical block 0, async page read
[  206.695742][ T7298] I/O error, dev nbd4, sector 2 op 0x0:(READ) flags 0x0 phys_seg 1 prio class 0
[  206.847866][ T7298] Buffer I/O error on dev nbd4, logical block 1, async page read
[  206.864310][ T7298] ldm_validate_partition_table(): Disk read failed.
[  206.874169][ T7298] Dev nbd4: unable to read RDB block 0
[  206.888832][ T7357] xt_socket: unknown flags 0x4
[  206.897293][ T7298]  nbd4: unable to read partition table
[  206.988749][ T7298] ldm_validate_partition_table(): Disk read failed.
[  207.010684][ T7298] Dev nbd4: unable to read RDB block 0
[  207.048452][ T7298]  nbd4: unable to read partition table
[  207.647865][ T7359] ptm ptm0: ldisc open failed (-12), clearing slot 0
[  208.015607][ T5974] usb 2-1: new high-speed USB device number 7 using dummy_hcd
[  208.197491][ T5974] usb 2-1: config 0 interface 0 altsetting 0 endpoint 0x4 has invalid wMaxPacketSize 0
[  208.235796][ T5974] usb 2-1: config 0 interface 0 altsetting 0 endpoint 0x7 has invalid wMaxPacketSize 0
[  208.269198][ T5974] usb 2-1: New USB device found, idVendor=1b5c, idProduct=0105, bcdDevice= 1.f1
[  208.295306][ T5974] usb 2-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  208.335253][ T5974] usb 2-1: Product: syz
[  208.353609][ T5974] usb 2-1: Manufacturer: syz
[  208.365719][ T5974] usb 2-1: SerialNumber: syz
[  208.415387][ T5974] usb 2-1: config 0 descriptor??
[  209.029325][ T5974] ftdi_sio 2-1:0.0: FTDI USB Serial Device converter detected
[  209.046700][ T5974] usb 2-1: Detected SIO
[  209.061387][ T5974] ftdi_sio ttyUSB0: Overriding wMaxPacketSize on endpoint 4
[  209.105009][ T7374] ldm_validate_partition_table(): Disk read failed.
[  209.122606][ T5974] ftdi_sio ttyUSB0: Overriding wMaxPacketSize on endpoint 7
[  209.167728][ T5974] usb 2-1: FTDI USB Serial Device converter now attached to ttyUSB0
[  209.187403][ T7374] Dev nbd0: unable to read RDB block 0
[  209.217852][ T7374]  nbd0: unable to read partition table
[  209.282625][ T7378] block nbd0: Cannot use ioctl interface on a netlink controlled device.
[  210.205735][ T7381] netlink: 36 bytes leftover after parsing attributes in process `syz.0.375'.
[  210.395700][ T7381] netlink: 16 bytes leftover after parsing attributes in process `syz.0.375'.
[  210.766980][ T5957] usb 4-1: new high-speed USB device number 6 using dummy_hcd
[  210.793980][ T7385] overlay: filesystem on ./bus not supported as upperdir
[  211.506113][ T5957] usb 4-1: Using ep0 maxpacket: 16
[  211.523771][ T5957] usb 4-1: config 0 interface 0 altsetting 0 has an endpoint descriptor with address 0xF3, changing to 0x83
[  211.552982][ T5957] usb 4-1: config 0 interface 0 altsetting 0 endpoint 0x83 has an invalid bInterval 0, changing to 7
[  211.586802][ T5957] usb 4-1: New USB device found, idVendor=2040, idProduct=0264, bcdDevice=4e.d1
[  211.606836][ T5957] usb 4-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  211.632230][ T5957] usb 4-1: Product: syz
[  211.649927][ T5957] usb 4-1: Manufacturer: syz
[  211.673479][ T5957] usb 4-1: SerialNumber: syz
[  211.824407][ T5957] usb 4-1: config 0 descriptor??
[  211.839558][ T5957] em28xx 4-1:0.0: New device syz syz @ 480 Mbps (2040:0264, interface 0, class 0)
[  211.853456][ T5957] em28xx 4-1:0.0: Audio interface 0 found (Vendor Class)
[  212.257898][ T7399] No buffer was provided with the request
[  212.699522][ T5957] em28xx 4-1:0.0: unknown em28xx chip ID (0)
[  212.708115][ T5957] em28xx 4-1:0.0: Config register raw data: 0x00
[  212.711917][ T5912] usb 2-1: USB disconnect, device number 7
[  212.770311][ T5912] ftdi_sio ttyUSB0: FTDI USB Serial Device converter now disconnected from ttyUSB0
[  212.948041][ T5912] ftdi_sio 2-1:0.0: device disconnected
[  213.295539][ T7402] nbd5: detected capacity change from 0 to 127
[  213.370135][ T7409] xt_socket: unknown flags 0x4
[  213.603151][   T50] block nbd5: Receive control failed (result -104)
[  214.464423][ T5957] usb 4-1: USB disconnect, device number 6
[  215.046372][ T5957] em28xx 4-1:0.0: Disconnecting em28xx
[  215.069040][ T5957] em28xx 4-1:0.0: Freeing device
[  217.327431][ T7444] netlink: 4 bytes leftover after parsing attributes in process `syz.1.400'.
[  217.489426][ T7446] xt_socket: unknown flags 0x4
[  218.285207][ T7444] team0 (unregistering): Failed to send port change of device team_slave_0 via netlink (err -105)
[  218.411953][ T7444] team0 (unregistering): Port device team_slave_0 removed
[  218.443919][ T7444] team0 (unregistering): Failed to send options change via netlink (err -105)
[  218.484536][ T7444] team0 (unregistering): Failed to send port change of device team_slave_1 via netlink (err -105)
[  218.553433][ T7444] team0 (unregistering): Port device team_slave_1 removed
[  221.835625][   T96] block nbd3: Possible stuck request ffff8880257fe000: control (read@0,1024B). Runtime 30 seconds
[  221.847979][   T96] block nbd3: Possible stuck request ffff8880257fe1c0: control (read@1024,1024B). Runtime 30 seconds
[  221.867462][   T96] block nbd3: Possible stuck request ffff8880257fe380: control (read@2048,1024B). Runtime 30 seconds
[  221.887603][   T96] block nbd3: Possible stuck request ffff8880257fe540: control (read@3072,1024B). Runtime 30 seconds
[  222.360215][ T7490] netlink: 4 bytes leftover after parsing attributes in process `syz.0.413'.
[  222.774359][ T5841] Bluetooth: hci1: unexpected cc 0x0c03 length: 249 > 1
[  222.787638][ T5841] Bluetooth: hci1: unexpected cc 0x1003 length: 249 > 9
[  222.799952][ T5841] Bluetooth: hci1: unexpected cc 0x1001 length: 249 > 9
[  222.811230][ T5841] Bluetooth: hci1: unexpected cc 0x0c23 length: 249 > 4
[  222.823350][ T5841] Bluetooth: hci1: unexpected cc 0x0c38 length: 249 > 2
[  223.175310][ T5957] usb 3-1: new high-speed USB device number 21 using dummy_hcd
[  223.324923][ T7490] team0 (unregistering): Failed to send port change of device team_slave_0 via netlink (err -105)
[  223.361687][ T7490] team0 (unregistering): Port device team_slave_0 removed
[  223.399047][ T5957] usb 3-1: Using ep0 maxpacket: 16
[  223.421085][ T7490] team0 (unregistering): Failed to send options change via netlink (err -105)
[  223.473211][ T7490] team0 (unregistering): Failed to send port change of device team_slave_1 via netlink (err -105)
[  223.487455][ T5957] usb 3-1: config 0 interface 0 altsetting 0 has an endpoint descriptor with address 0xF3, changing to 0x83
[  223.530538][ T7490] team0 (unregistering): Port device team_slave_1 removed
[  223.548664][ T5957] usb 3-1: config 0 interface 0 altsetting 0 endpoint 0x83 has an invalid bInterval 0, changing to 7
[  223.605925][ T5957] usb 3-1: New USB device found, idVendor=2040, idProduct=0264, bcdDevice=4e.d1
[  223.615023][ T5957] usb 3-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  223.957880][ T5957] usb 3-1: Product: syz
[  224.141491][ T5957] usb 3-1: Manufacturer: syz
[  224.151332][ T5957] usb 3-1: SerialNumber: syz
[  224.238369][ T5957] usb 3-1: config 0 descriptor??
[  224.498098][ T5957] em28xx 3-1:0.0: New device syz syz @ 480 Mbps (2040:0264, interface 0, class 0)
[  224.514705][ T5957] em28xx 3-1:0.0: Audio interface 0 found (Vendor Class)
[  224.876500][   T50] Bluetooth: hci1: command tx timeout
[  225.216356][ T5957] em28xx 3-1:0.0: unknown em28xx chip ID (0)
[  225.224875][ T5957] em28xx 3-1:0.0: Config register raw data: 0x00
[  225.259861][ T7518] netlink: 4 bytes leftover after parsing attributes in process `syz.3.421'.
[  227.011816][   T50] Bluetooth: hci1: command tx timeout
[  228.737194][ T7496] chnl_net:caif_netlink_parms(): no params data found
[  228.755402][ T5957] usb 3-1: USB disconnect, device number 21
[  228.786891][ T5957] em28xx 3-1:0.0: Disconnecting em28xx
[  228.836049][ T5957] em28xx 3-1:0.0: Freeing device
[  228.947160][ T7532] netlink: 'syz.3.423': attribute type 10 has an invalid length.
[  228.955452][ T7532] netlink: 40 bytes leftover after parsing attributes in process `syz.3.423'.
[  229.125279][   T50] Bluetooth: hci1: command tx timeout
[  229.179883][ T7532] dummy0: entered promiscuous mode
[  229.271270][ T7532] bridge0: port 3(dummy0) entered blocking state
[  229.284762][ T7532] bridge0: port 3(dummy0) entered disabled state
[  229.296606][ T7532] dummy0: entered allmulticast mode
[  229.354428][ T7532] bridge0: port 3(dummy0) entered blocking state
[  229.362585][ T7532] bridge0: port 3(dummy0) entered forwarding state
[  230.980289][ T6769] block nbd1: Possible stuck request ffff88802576e000: control (read@0,1024B). Runtime 90 seconds
[  230.991336][ T6769] block nbd1: Possible stuck request ffff88802576e1c0: control (read@1024,1024B). Runtime 90 seconds
[  231.020404][ T6769] block nbd1: Possible stuck request ffff88802576e380: control (read@2048,1024B). Runtime 90 seconds
[  231.074295][ T6769] block nbd1: Possible stuck request ffff88802576e540: control (read@3072,1024B). Runtime 90 seconds
[  231.195327][   T50] Bluetooth: hci1: command tx timeout
[  231.434574][   T30] audit: type=1326 audit(1752644266.675:38): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=7551 comm="syz.1.430" exe="/root/syz-executor" sig=9 arch=c000003e syscall=231 compat=0 ip=0x7f99add8e929 code=0x0
[  232.187414][ T7496] bridge0: port 1(bridge_slave_0) entered blocking state
[  232.207205][ T7496] bridge0: port 1(bridge_slave_0) entered disabled state
[  232.216951][ T7496] bridge_slave_0: entered allmulticast mode
[  232.228932][ T7496] bridge_slave_0: entered promiscuous mode
[  232.237760][ T7496] bridge0: port 2(bridge_slave_1) entered blocking state
[  232.251442][ T7496] bridge0: port 2(bridge_slave_1) entered disabled state
[  232.281825][ T7496] bridge_slave_1: entered allmulticast mode
[  232.300368][ T7496] bridge_slave_1: entered promiscuous mode
[  232.465137][ T7496] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link
[  232.497467][ T7496] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link
[  232.586224][ T7496] team0: Port device team_slave_0 added
[  232.603879][ T7563] netlink: 'syz.2.432': attribute type 1 has an invalid length.
[  232.627615][ T7496] team0: Port device team_slave_1 added
[  232.905496][ T5840] usb 4-1: new high-speed USB device number 7 using dummy_hcd
[  233.488306][ T5840] usb 4-1: Using ep0 maxpacket: 16
[  233.616333][ T5840] usb 4-1: unable to read config index 0 descriptor/start: -61
[  233.616801][ T7575] netlink: 'syz.0.436': attribute type 1 has an invalid length.
[  233.636736][ T5840] usb 4-1: can't read configurations, error -61
[  233.776889][ T5912] usb 3-1: new high-speed USB device number 22 using dummy_hcd
[  233.797449][ T7496] batman_adv: batadv0: Adding interface: batadv_slave_0
[  233.805943][ T7496] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[  234.026659][ T7577] libceph: resolve '.
[  234.026659][ T7577] #)|.��f��ǝ�a���2s�o�w���?�'�%ЏKAq�f��C���z�e�Sb3L)Hy�o����������Ǥ�Y�M�����h�E$
[  234.026659][ T7577] ' (ret=-3): failed
[  234.370816][ T5840] usb 4-1: new high-speed USB device number 8 using dummy_hcd
[  234.380445][ T7496] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active
[  234.403606][ T7496] batman_adv: batadv0: Adding interface: batadv_slave_1
[  234.410907][ T7496] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[  234.448236][ T7496] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active
[  234.549293][ T5912] usb 3-1: config 27 interface 0 altsetting 0 endpoint 0x8B has an invalid bInterval 0, changing to 7
[  234.575807][ T5840] usb 4-1: Using ep0 maxpacket: 16
[  234.591210][ T5912] usb 3-1: config 27 interface 0 altsetting 0 bulk endpoint 0xB has invalid maxpacket 47
[  234.607573][ T5840] usb 4-1: unable to read config index 0 descriptor/start: -61
[  234.617337][ T5840] usb 4-1: can't read configurations, error -61
[  234.625924][ T5912] usb 3-1: New USB device found, idVendor=0582, idProduct=0014, bcdDevice=bb.9d
[  234.642377][ T5840] usb usb4-port1: attempt power cycle
[  234.650702][ T5912] usb 3-1: New USB device strings: Mfr=0, Product=13, SerialNumber=0
[  234.679243][ T5912] usb 3-1: Product: syz
[  234.911488][ T7573] raw-gadget.1 gadget.2: fail, usb_ep_enable returned -22
[  234.945686][ T5912] usb 3-1: Quirk or no altset; falling back to MIDI 1.0
[  235.037704][ T7586] process 'syz.1.438' launched '/dev/fd/4' with NULL argv: empty string added
[  235.985318][ T5840] usb 4-1: new high-speed USB device number 9 using dummy_hcd
[  236.000087][ T7588] overlayfs: failed to resolve './file1/file0': -2
[  236.454605][ T5840] usb 4-1: device descriptor read/8, error -71
[  236.475296][ T5912] usb 3-1: USB disconnect, device number 22
[  236.603262][ T7496] hsr_slave_0: entered promiscuous mode
[  236.644155][ T7496] hsr_slave_1: entered promiscuous mode
[  236.672433][ T7496] debugfs: Directory 'hsr0' with parent 'hsr' already present!
[  236.748812][ T5973] udevd[5973]: error opening ATTR{/sys/devices/platform/dummy_hcd.2/usb3/3-1/3-1:27.0/sound/card3/controlC3/../uevent} for writing: No such file or directory
[  236.789857][ T7496] Cannot create hsr debugfs directory
[  239.095951][ T7496] netdevsim netdevsim5 netdevsim0: renamed from eth0
[  239.129573][ T7496] netdevsim netdevsim5 netdevsim1: renamed from eth1
[  239.157665][ T7496] netdevsim netdevsim5 netdevsim2: renamed from eth2
[  239.191347][ T7496] netdevsim netdevsim5 netdevsim3: renamed from eth3
[  239.202179][ T7634] netlink: 8 bytes leftover after parsing attributes in process `syz.3.446'.
[  239.881752][ T7496] 8021q: adding VLAN 0 to HW filter on device bond0
[  239.940970][ T7496] 8021q: adding VLAN 0 to HW filter on device team0
[  239.962767][   T58] bridge0: port 1(bridge_slave_0) entered blocking state
[  239.970206][   T58] bridge0: port 1(bridge_slave_0) entered forwarding state
[  240.040958][   T58] bridge0: port 2(bridge_slave_1) entered blocking state
[  240.048930][   T58] bridge0: port 2(bridge_slave_1) entered forwarding state
[  240.248237][ T7628] mmap: syz.1.448 (7628): VmData 25972736 exceed data ulimit 8. Update limits or use boot option ignore_rlimit_data.
[  240.892598][ T7496] 8021q: adding VLAN 0 to HW filter on device batadv0
[  242.144499][ T7678] comedi comedi0: rti802: I/O port conflict (0xee,4)
[  242.628376][   T30] audit: type=1804 audit(1752644277.375:39): pid=7678 uid=0 auid=4294967295 ses=4294967295 subj=_ op=invalid_pcr cause=open_writers comm="syz.3.456" name="/newroot/96/file0" dev="tmpfs" ino=516 res=1 errno=0
[  243.666304][   T96] block nbd5: Possible stuck request ffff88802590e000: control (read@0,1024B). Runtime 30 seconds
[  243.677607][   T96] block nbd5: Possible stuck request ffff88802590e1c0: control (read@1024,1024B). Runtime 30 seconds
[  243.689558][   T96] block nbd5: Possible stuck request ffff88802590e380: control (read@2048,1024B). Runtime 30 seconds
[  243.700971][   T96] block nbd5: Possible stuck request ffff88802590e540: control (read@3072,1024B). Runtime 30 seconds
[  245.201719][ T7496] veth0_vlan: entered promiscuous mode
[  245.258057][ T7496] veth1_vlan: entered promiscuous mode
[  245.324691][ T7714] Cannot find add_set index 0 as target
[  245.369998][ T7496] veth0_macvtap: entered promiscuous mode
[  245.419395][ T7496] veth1_macvtap: entered promiscuous mode
[  245.461993][ T7718] xt_TCPMSS: Only works on TCP SYN packets
[  245.561976][ T7496] batman_adv: batadv0: Interface activated: batadv_slave_0
[  245.641183][ T7496] batman_adv: batadv0: Interface activated: batadv_slave_1
[  245.731952][ T7496] netdevsim netdevsim5 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0
[  245.776293][ T7496] netdevsim netdevsim5 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0
[  245.796497][ T7496] netdevsim netdevsim5 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0
[  245.825341][ T7496] netdevsim netdevsim5 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0
[  247.155823][ T7733] nbd6: detected capacity change from 0 to 127
[  247.230750][   T50] block nbd6: Receive control failed (result -32)
[  247.664961][ T7298] block nbd6: Dead connection, failed to find a fallback
[  247.710469][ T7298] block nbd6: shutting down sockets
[  247.800170][ T7298] blk_print_req_error: 202 callbacks suppressed
[  247.800369][ T7298] I/O error, dev nbd6, sector 0 op 0x0:(READ) flags 0x0 phys_seg 1 prio class 0
[  248.615033][ T7298] buffer_io_error: 202 callbacks suppressed
[  248.615046][ T7298] Buffer I/O error on dev nbd6, logical block 0, async page read
[  248.656564][ T7298] I/O error, dev nbd6, sector 2 op 0x0:(READ) flags 0x0 phys_seg 1 prio class 0
[  248.680362][ T7298] Buffer I/O error on dev nbd6, logical block 1, async page read
[  248.698468][ T7298] I/O error, dev nbd6, sector 4 op 0x0:(READ) flags 0x0 phys_seg 1 prio class 0
[  248.715665][ T7298] Buffer I/O error on dev nbd6, logical block 2, async page read
[  248.732379][ T7298] I/O error, dev nbd6, sector 6 op 0x0:(READ) flags 0x0 phys_seg 1 prio class 0
[  248.914245][ T7298] Buffer I/O error on dev nbd6, logical block 3, async page read
[  248.954947][ T3484] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[  249.317306][ T3484] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50
[  249.344650][ T7298] I/O error, dev nbd6, sector 0 op 0x0:(READ) flags 0x0 phys_seg 1 prio class 0
[  250.970376][ T7298] Buffer I/O error on dev nbd6, logical block 0, async page read
[  251.020465][ T7298] I/O error, dev nbd6, sector 2 op 0x0:(READ) flags 0x0 phys_seg 1 prio class 0
[  251.170788][ T7298] Buffer I/O error on dev nbd6, logical block 1, async page read
[  251.181028][ T7741] Bluetooth: hci0: Opcode 0x0c1a failed: -4
[  251.187218][ T7741] Bluetooth: hci2: Opcode 0x0c1a failed: -4
[  251.820955][ T7741] Bluetooth: hci3: Opcode 0x0c1a failed: -4
[  251.831393][ T7298] I/O error, dev nbd6, sector 4 op 0x0:(READ) flags 0x0 phys_seg 1 prio class 0
[  251.842667][ T7160] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[  251.861496][ T7298] Buffer I/O error on dev nbd6, logical block 2, async page read
[  251.946983][ T7298] I/O error, dev nbd6, sector 6 op 0x0:(READ) flags 0x0 phys_seg 1 prio class 0
[  251.964062][ T7741] Bluetooth: hci4: Opcode 0x0c1a failed: -4
[  251.974969][ T7298] Buffer I/O error on dev nbd6, logical block 3, async page read
[  251.990426][ T7298] I/O error, dev nbd6, sector 0 op 0x0:(READ) flags 0x0 phys_seg 1 prio class 0
[  251.992998][ T7160] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50
[  252.008548][   T96] block nbd3: Possible stuck request ffff8880257fe000: control (read@0,1024B). Runtime 60 seconds
[  252.019237][   T96] block nbd3: Possible stuck request ffff8880257fe1c0: control (read@1024,1024B). Runtime 60 seconds
[  252.025545][ T7741] Bluetooth: hci1: Opcode 0x0c1a failed: -4
[  252.031307][   T96] block nbd3: Possible stuck request ffff8880257fe380: control (read@2048,1024B). Runtime 60 seconds
[  252.049613][   T96] block nbd3: Possible stuck request ffff8880257fe540: control (read@3072,1024B). Runtime 60 seconds
[  252.096964][ T7298] Buffer I/O error on dev nbd6, logical block 0, async page read
[  252.102453][ T7741] Bluetooth: hci1: Opcode 0x0406 failed: -4
[  252.164646][ T7298] I/O error, dev nbd6, sector 2 op 0x0:(READ) flags 0x0 phys_seg 1 prio class 0
[  252.165402][ T7765] usb usb2: Requested nonsensical USBDEVFS_URB_ZERO_PACKET.
[  252.204930][ T7741] Bluetooth: hci1: Opcode 0x0406 failed: -4
[  252.226396][ T7763] netlink: 'syz.1.474': attribute type 15 has an invalid length.
[  252.230002][ T7298] Buffer I/O error on dev nbd6, logical block 1, async page read
[  252.995358][ T7298] I/O error, dev nbd6, sector 4 op 0x0:(READ) flags 0x0 phys_seg 1 prio class 0
[  253.006577][ T7298] I/O error, dev nbd6, sector 6 op 0x0:(READ) flags 0x0 phys_seg 1 prio class 0
[  253.062424][ T7298] I/O error, dev nbd6, sector 0 op 0x0:(READ) flags 0x0 phys_seg 1 prio class 0
[  253.109606][ T7298] I/O error, dev nbd6, sector 2 op 0x0:(READ) flags 0x0 phys_seg 1 prio class 0
[  253.157263][ T7298] I/O error, dev nbd6, sector 4 op 0x0:(READ) flags 0x0 phys_seg 1 prio class 0
[  253.200155][ T7298] I/O error, dev nbd6, sector 6 op 0x0:(READ) flags 0x0 phys_seg 1 prio class 0
[  253.203861][   T50] Bluetooth: hci2: command 0x0c1a tx timeout
[  253.215356][ T5841] Bluetooth: hci0: command 0x0c1a tx timeout
[  253.251791][ T7298] I/O error, dev nbd6, sector 0 op 0x0:(READ) flags 0x0 phys_seg 1 prio class 0
[  253.275809][ T7774] netlink: 8 bytes leftover after parsing attributes in process `syz.2.478'.
[  253.306614][ T7774] openvswitch: netlink: Flow actions may not be safe on all matching packets.
[  253.870156][ T5841] Bluetooth: hci3: command 0x0c1a tx timeout
[  253.873078][ T7298] buffer_io_error: 6 callbacks suppressed
[  253.873095][ T7298] Buffer I/O error on dev nbd6, logical block 0, async page read
[  253.890108][ T7298] I/O error, dev nbd6, sector 2 op 0x0:(READ) flags 0x0 phys_seg 1 prio class 0
[  253.899292][ T7298] Buffer I/O error on dev nbd6, logical block 1, async page read
[  253.907550][ T7298] I/O error, dev nbd6, sector 4 op 0x0:(READ) flags 0x0 phys_seg 1 prio class 0
[  253.918087][ T7298] Buffer I/O error on dev nbd6, logical block 2, async page read
[  253.926528][ T7298] I/O error, dev nbd6, sector 6 op 0x0:(READ) flags 0x0 phys_seg 1 prio class 0
[  253.936909][ T7298] Buffer I/O error on dev nbd6, logical block 3, async page read
[  253.990250][ T7298] Buffer I/O error on dev nbd6, logical block 0, async page read
[  253.998345][ T7785] overlayfs: failed to create directory ./bus/work (errno: 13); mounting read-only
[  254.028562][ T5841] Bluetooth: hci4: command 0x0c1a tx timeout
[  254.076388][ T5841] Bluetooth: hci1: command 0x0c1a tx timeout
[  254.086012][ T7298] Buffer I/O error on dev nbd6, logical block 1, async page read
[  254.096352][ T7298] Buffer I/O error on dev nbd6, logical block 2, async page read
[  254.104269][ T7298] Buffer I/O error on dev nbd6, logical block 3, async page read
[  254.112672][ T7298] Buffer I/O error on dev nbd6, logical block 0, async page read
[  254.121796][ T7298] Buffer I/O error on dev nbd6, logical block 1, async page read
[  254.130828][ T7298] ldm_validate_partition_table(): Disk read failed.
[  254.136026][ T7785] overlayfs: fs on './file0' does not support file handles, falling back to index=off,nfs_export=off.
[  254.139919][ T7298] Dev nbd6: unable to read RDB block 0
[  254.156345][ T7298]  nbd6: unable to read partition table
[  254.187556][ T7298] ldm_validate_partition_table(): Disk read failed.
[  254.230841][ T7785] overlayfs: failed to get uuid (101/file1, err=-13); falling back to uuid=null.
[  254.249602][ T7298] Dev nbd6: unable to read RDB block 0
[  254.293028][ T7298]  nbd6: unable to read partition table
[  254.352908][ T7795] sctp: [Deprecated]: syz.3.480 (pid 7795) Use of struct sctp_assoc_value in delayed_ack socket option.
[  254.352908][ T7795] Use struct sctp_sack_info instead
[  255.760650][ T1302] ieee802154 phy0 wpan0: encryption failed: -22
[  255.763828][ T5957] usb 2-1: new full-speed USB device number 8 using dummy_hcd
[  255.775385][ T1302] ieee802154 phy1 wpan1: encryption failed: -22
[  256.127400][ T7818] xt_socket: unknown flags 0x4
[  256.157565][ T5841] Bluetooth: hci1: command 0x0c1a tx timeout
[  257.155329][ T7819] netlink: 92 bytes leftover after parsing attributes in process `syz.5.486'.
[  258.235515][ T5841] Bluetooth: hci1: command 0x0c1a tx timeout
[  258.679066][ T7861] netlink: 8 bytes leftover after parsing attributes in process `syz.5.498'.
[  258.718454][   T30] audit: type=1800 audit(1752644293.945:40): pid=7847 uid=0 auid=4294967295 ses=4294967295 subj=_ op=collect_data cause=failed(directio) comm="syz.3.494" name="file1" dev="overlay" ino=561 res=0 errno=0
[  259.693287][ T7882] xt_socket: unknown flags 0x4
[  261.572621][   T96] block nbd1: Possible stuck request ffff88802576e000: control (read@0,1024B). Runtime 120 seconds
[  261.583470][   T96] block nbd1: Possible stuck request ffff88802576e1c0: control (read@1024,1024B). Runtime 120 seconds
[  261.594578][   T96] block nbd1: Possible stuck request ffff88802576e380: control (read@2048,1024B). Runtime 120 seconds
[  261.605986][   T96] block nbd1: Possible stuck request ffff88802576e540: control (read@3072,1024B). Runtime 120 seconds
[  261.681966][ T7906] netlink: 28 bytes leftover after parsing attributes in process `syz.1.510'.
[  261.804177][ T7906] lo speed is unknown, defaulting to 1000
[  261.812092][ T7906] lo speed is unknown, defaulting to 1000
[  261.825805][ T7906] lo speed is unknown, defaulting to 1000
[  261.890117][ T7906] iwpm_register_pid: Unable to send a nlmsg (client = 2)
[  261.957460][ T7906] infiniband syz0: RDMA CMA: cma_listen_on_dev, error -98
[  262.250274][ T7906] lo speed is unknown, defaulting to 1000
[  262.258101][ T7906] lo speed is unknown, defaulting to 1000
[  262.264876][ T7906] lo speed is unknown, defaulting to 1000
[  262.272823][ T7906] lo speed is unknown, defaulting to 1000
[  262.279660][ T7906] lo speed is unknown, defaulting to 1000
[  262.286490][ T7906] lo speed is unknown, defaulting to 1000
[  263.972281][ T5841] block nbd7: Receive control failed (result -32)
[  264.097624][ T7922] nbd7: detected capacity change from 0 to 127
[  264.216273][ T6499] block nbd7: Dead connection, failed to find a fallback
[  264.223371][ T6499] block nbd7: shutting down sockets
[  264.279436][ T6499] blk_print_req_error: 128 callbacks suppressed
[  264.279455][ T6499] I/O error, dev nbd7, sector 0 op 0x0:(READ) flags 0x0 phys_seg 1 prio class 0
[  264.382032][ T6499] buffer_io_error: 122 callbacks suppressed
[  264.382047][ T6499] Buffer I/O error on dev nbd7, logical block 0, async page read
[  264.466939][ T6499] I/O error, dev nbd7, sector 2 op 0x0:(READ) flags 0x0 phys_seg 1 prio class 0
[  264.485220][ T6499] Buffer I/O error on dev nbd7, logical block 1, async page read
[  264.513224][ T6499] I/O error, dev nbd7, sector 4 op 0x0:(READ) flags 0x0 phys_seg 1 prio class 0
[  264.644100][ T7936] comedi comedi1: pcl816: I/O port conflict (0x2,16)
[  264.660830][ T6499] Buffer I/O error on dev nbd7, logical block 2, async page read
[  264.694394][ T7937] xt_socket: unknown flags 0x4
[  264.754152][ T6499] I/O error, dev nbd7, sector 6 op 0x0:(READ) flags 0x0 phys_seg 1 prio class 0
[  264.829740][ T6499] Buffer I/O error on dev nbd7, logical block 3, async page read
[  264.857890][ T6499] I/O error, dev nbd7, sector 0 op 0x0:(READ) flags 0x0 phys_seg 1 prio class 0
[  264.891811][ T6499] Buffer I/O error on dev nbd7, logical block 0, async page read
[  265.086286][ T6499] I/O error, dev nbd7, sector 2 op 0x0:(READ) flags 0x0 phys_seg 1 prio class 0
[  265.095602][ T6499] Buffer I/O error on dev nbd7, logical block 1, async page read
[  265.105299][ T6499] I/O error, dev nbd7, sector 4 op 0x0:(READ) flags 0x0 phys_seg 1 prio class 0
[  265.114518][ T6499] Buffer I/O error on dev nbd7, logical block 2, async page read
[  265.126157][ T6499] I/O error, dev nbd7, sector 6 op 0x0:(READ) flags 0x0 phys_seg 1 prio class 0
[  265.252489][ T7948] lo speed is unknown, defaulting to 1000
[  265.620054][ T6499] Buffer I/O error on dev nbd7, logical block 3, async page read
[  265.628414][ T6499] I/O error, dev nbd7, sector 0 op 0x0:(READ) flags 0x0 phys_seg 1 prio class 0
[  265.649998][ T6499] Buffer I/O error on dev nbd7, logical block 0, async page read
[  265.659637][ T6499] I/O error, dev nbd7, sector 2 op 0x0:(READ) flags 0x0 phys_seg 1 prio class 0
[  265.670814][ T6499] Buffer I/O error on dev nbd7, logical block 1, async page read
[  265.888166][ T6499] ldm_validate_partition_table(): Disk read failed.
[  266.148983][ T6499] Dev nbd7: unable to read RDB block 0
[  266.278955][ T6499]  nbd7: unable to read partition table
[  266.453803][ T6499] ldm_validate_partition_table(): Disk read failed.
[  266.506672][ T6499] Dev nbd7: unable to read RDB block 0
[  266.522680][ T7969] xt_hashlimit: size too large, truncated to 1048576
[  266.527465][ T6499]  nbd7: unable to read partition table
[  266.607085][ T7970] tc_dump_action: action bad kind
[  266.636715][ T7965] overlayfs: missing 'lowerdir'
[  268.277433][ T7988] Cannot find add_set index 0 as target
[  268.815698][ T7982] netlink: 40 bytes leftover after parsing attributes in process `syz.2.530'.
[  269.012522][ T7991] netlink: 28 bytes leftover after parsing attributes in process `syz.3.533'.
[  269.046549][   T24] usb 6-1: new high-speed USB device number 2 using dummy_hcd
[  269.085893][ T7991] netlink: 28 bytes leftover after parsing attributes in process `syz.3.533'.
[  269.102450][ T7992] bond1: entered allmulticast mode
[  269.198278][ T7991] batadv0: entered promiscuous mode
[  269.205525][ T7991] syz_tun: entered promiscuous mode
[  269.256749][   T24] usb 6-1: Using ep0 maxpacket: 16
[  269.271855][   T24] usb 6-1: config 0 interface 0 altsetting 0 has an endpoint descriptor with address 0xF3, changing to 0x83
[  269.296235][   T24] usb 6-1: config 0 interface 0 altsetting 0 endpoint 0x83 has an invalid bInterval 0, changing to 7
[  269.323490][   T24] usb 6-1: New USB device found, idVendor=2040, idProduct=0264, bcdDevice=4e.d1
[  269.353706][   T24] usb 6-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  269.386564][   T24] usb 6-1: Product: syz
[  269.390791][   T24] usb 6-1: Manufacturer: syz
[  269.419773][   T24] usb 6-1: SerialNumber: syz
[  269.486772][   T24] usb 6-1: config 0 descriptor??
[  269.504828][   T24] em28xx 6-1:0.0: New device syz syz @ 480 Mbps (2040:0264, interface 0, class 0)
[  269.564299][   T24] em28xx 6-1:0.0: Audio interface 0 found (Vendor Class)
[  269.651321][ T8002] xt_socket: unknown flags 0x4
[  270.117981][   T24] em28xx 6-1:0.0: unknown em28xx chip ID (0)
[  270.125545][   T24] em28xx 6-1:0.0: Config register raw data: 0x00
[  270.790899][ T8028] veth0_to_team: entered promiscuous mode
[  270.796911][ T8028] veth0_to_team: entered allmulticast mode
[  271.931214][   T24] usb 6-1: USB disconnect, device number 2
[  271.956695][   T24] em28xx 6-1:0.0: Disconnecting em28xx
[  271.976035][   T24] em28xx 6-1:0.0: Freeing device
[  272.959601][ T5935] usb 3-1: new high-speed USB device number 23 using dummy_hcd
[  273.570037][ T5935] usb 3-1: config 0 interface 0 altsetting 0 has an endpoint descriptor with address 0xFF, changing to 0x8F
[  273.614410][ T5935] usb 3-1: config 0 interface 0 altsetting 0 endpoint 0x8F has an invalid bInterval 0, changing to 7
[  273.644238][ T5935] usb 3-1: config 0 interface 0 altsetting 0 endpoint 0x8F has invalid wMaxPacketSize 0
[  273.700696][ T5935] usb 3-1: config 0 interface 0 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 21
[  273.745330][ T5935] usb 3-1: New USB device found, idVendor=047f, idProduct=ffff, bcdDevice= 0.00
[  273.754959][ T5935] usb 3-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  273.804594][ T5935] usb 3-1: config 0 descriptor??
[  273.869991][ T8053] xt_TCPMSS: Only works on TCP SYN packets
[  273.949295][   T24] usb 6-1: new high-speed USB device number 3 using dummy_hcd
[  274.094632][ T8035] openvswitch: netlink: IP tunnel attribute has 12 unknown bytes.
[  274.131342][ T8056] xt_socket: unknown flags 0x4
[  274.255206][   T24] usb 6-1: Using ep0 maxpacket: 32
[  274.257667][ T8058] xt_bpf: check failed: parse error
[  274.292119][   T24] usb 6-1: config 0 has an invalid interface number: 67 but max is 0
[  274.304106][   T24] usb 6-1: config 0 has no interface number 0
[  274.328093][   T24] usb 6-1: New USB device found, idVendor=0424, idProduct=9901, bcdDevice=c2.57
[  274.337520][   T96] block nbd5: Possible stuck request ffff88802590e000: control (read@0,1024B). Runtime 60 seconds
[  274.348462][   T96] block nbd5: Possible stuck request ffff88802590e1c0: control (read@1024,1024B). Runtime 60 seconds
[  274.361742][   T96] block nbd5: Possible stuck request ffff88802590e380: control (read@2048,1024B). Runtime 60 seconds
[  274.373799][   T96] block nbd5: Possible stuck request ffff88802590e540: control (read@3072,1024B). Runtime 60 seconds
[  274.389785][   T24] usb 6-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  274.395424][ T5935] plantronics 0003:047F:FFFF.0004: hiddev0,hidraw0: USB HID v0.40 Device [HID 047f:ffff] on usb-dummy_hcd.2-1/input0
[  274.419919][   T24] usb 6-1: Product: syz
[  274.428699][   T24] usb 6-1: Manufacturer: syz
[  274.439629][   T24] usb 6-1: SerialNumber: syz
[  274.464320][   T24] usb 6-1: config 0 descriptor??
[  274.477994][   T24] smsc95xx v2.0.0
[  275.055277][   T24] smsc95xx 6-1:0.67 (unnamed net_device) (uninitialized): Failed to read reg index 0x00000030: -32
[  275.072250][   T24] smsc95xx 6-1:0.67 (unnamed net_device) (uninitialized): Error reading E2P_CMD
[  275.119860][ T8068] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy
[  275.151027][ T8068] misc raw-gadget: fail, usb_gadget_register_driver returned -16
[  275.203471][ T5935] usb 3-1: USB disconnect, device number 23
[  275.431342][    T9] hid-generic 0003:0004:0000.0005: unknown main item tag 0x0
[  275.457587][    T9] hid-generic 0003:0004:0000.0005: unknown main item tag 0x0
[  275.469968][    T9] hid-generic 0003:0004:0000.0005: unknown main item tag 0x0
[  275.478708][ T5958] usb 2-1: new high-speed USB device number 9 using dummy_hcd
[  275.507607][    T9] hid-generic 0003:0004:0000.0005: hidraw0: USB HID v0.00 Device [syz0] on syz1
[  275.794863][ T5958] usb 2-1: Using ep0 maxpacket: 16
[  275.867011][ T5958] usb 2-1: config 0 interface 0 altsetting 0 has an endpoint descriptor with address 0xF3, changing to 0x83
[  275.988041][ T5958] usb 2-1: config 0 interface 0 altsetting 0 endpoint 0x83 has an invalid bInterval 0, changing to 7
[  276.081543][ T5958] usb 2-1: New USB device found, idVendor=2040, idProduct=0264, bcdDevice=4e.d1
[  276.107292][ T5958] usb 2-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  276.120494][ T5958] usb 2-1: Product: syz
[  276.124768][ T5958] usb 2-1: Manufacturer: syz
[  276.141277][ T5958] usb 2-1: SerialNumber: syz
[  276.153101][ T5958] usb 2-1: config 0 descriptor??
[  276.318876][ T5958] em28xx 2-1:0.0: New device syz syz @ 480 Mbps (2040:0264, interface 0, class 0)
[  276.353465][ T5958] em28xx 2-1:0.0: Audio interface 0 found (Vendor Class)
[  276.540466][ T8096] xt_TCPMSS: Only works on TCP SYN packets
[  277.655359][   T24] smsc95xx 6-1:0.67 (unnamed net_device) (uninitialized): Failed to write reg index 0x00000038: -71
[  277.673852][   T24] smsc95xx 6-1:0.67: probe with driver smsc95xx failed with error -71
[  278.305307][   T24] usb 6-1: USB disconnect, device number 3
[  278.313537][ T5958] em28xx 2-1:0.0: unknown em28xx chip ID (0)
[  278.333616][ T7298] udevd[7298]: setting mode of /dev/bus/usb/006/003 to 020664 failed: No such file or directory
[  278.356337][ T5958] em28xx 2-1:0.0: Config register raw data: 0x00
[  278.370001][ T7298] udevd[7298]: setting owner of /dev/bus/usb/006/003 to uid=0, gid=0 failed: No such file or directory
[  278.385246][    T9] usb 3-1: new high-speed USB device number 24 using dummy_hcd
[  278.560005][    T9] usb 3-1: Using ep0 maxpacket: 16
[  278.587158][    T9] usb 3-1: config 0 has an invalid interface number: 237 but max is 0
[  278.600343][    T9] usb 3-1: config 0 has no interface number 0
[  278.613160][    T9] usb 3-1: config 0 interface 237 has no altsetting 0
[  278.630125][    T9] usb 3-1: New USB device found, idVendor=0e41, idProduct=5057, bcdDevice= 6.ad
[  278.649964][    T9] usb 3-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  278.663018][    T9] usb 3-1: Product: syz
[  278.670285][    T9] usb 3-1: Manufacturer: syz
[  278.675042][    T9] usb 3-1: SerialNumber: syz
[  278.691401][    T9] usb 3-1: config 0 descriptor??
[  278.710974][    T9] snd_usb_podhd 3-1:0.237: Line 6 POD HD300 found
[  278.904415][    T9] snd_usb_podhd 3-1:0.237: cannot get proper max packet size
[  278.922531][ T8111]  nullb0: AHDI p1
[  278.940972][ T8114] batadv1: entered promiscuous mode
[  279.096486][    T9] snd_usb_podhd 3-1:0.237: Line 6 POD HD300 now disconnected
[  279.121284][    T9] snd_usb_podhd 3-1:0.237: probe with driver snd_usb_podhd failed with error -22
[  279.133557][    T9] usb 3-1: USB disconnect, device number 24
[  279.565577][   T24] usb 6-1: new high-speed USB device number 4 using dummy_hcd
[  279.915368][   T24] usb 6-1: Using ep0 maxpacket: 8
[  279.923014][   T24] usb 6-1: unable to read config index 0 descriptor/start: -61
[  279.930978][   T24] usb 6-1: can't read configurations, error -61
[  279.974364][ T5974] hid-generic 0003:0004:0000.0006: unknown main item tag 0x0
[  279.982288][ T5974] hid-generic 0003:0004:0000.0006: unknown main item tag 0x0
[  279.991671][ T5974] hid-generic 0003:0004:0000.0006: unknown main item tag 0x0
[  280.004317][ T5974] hid-generic 0003:0004:0000.0006: hidraw0: USB HID v0.00 Device [syz0] on syz1
[  280.079244][   T24] usb 6-1: new high-speed USB device number 5 using dummy_hcd
[  280.120497][ T5958] usb 2-1: USB disconnect, device number 9
[  280.136013][ T5958] em28xx 2-1:0.0: Disconnecting em28xx
[  280.163517][ T5958] em28xx 2-1:0.0: Freeing device
[  280.235557][   T24] usb 6-1: Using ep0 maxpacket: 8
[  280.274734][   T24] usb 6-1: unable to read config index 0 descriptor/start: -61
[  280.304999][   T24] usb 6-1: can't read configurations, error -61
[  280.327062][   T24] usb usb6-port1: attempt power cycle
[  280.409159][ T8136] xt_TCPMSS: Only works on TCP SYN packets
[  280.470157][ T8138] usb usb1: usbfs: process 8138 (syz.0.576) did not claim interface 0 before use
[  281.485336][   T24] usb 6-1: new high-speed USB device number 6 using dummy_hcd
[  281.579337][   T24] usb 6-1: Using ep0 maxpacket: 8
[  281.597892][   T24] usb 6-1: unable to read config index 0 descriptor/start: -61
[  281.631452][ T8147] mkiss: ax0: crc mode is auto.
[  281.637937][   T24] usb 6-1: can't read configurations, error -61
[  281.727644][ T8147] openvswitch: netlink: IP tunnel dst address not specified
[  281.815294][   T24] usb 6-1: new high-speed USB device number 7 using dummy_hcd
[  281.896410][   T24] usb 6-1: Using ep0 maxpacket: 8
[  281.907021][   T24] usb 6-1: unable to read config index 0 descriptor/start: -61
[  281.914905][   T24] usb 6-1: can't read configurations, error -61
[  281.943056][   T24] usb usb6-port1: unable to enumerate USB device
[  282.095318][ T5974] usb 3-1: new high-speed USB device number 25 using dummy_hcd
[  282.245722][ T5974] usb 3-1: Using ep0 maxpacket: 16
[  282.266627][ T5974] usb 3-1: config 0 interface 0 altsetting 0 has an endpoint descriptor with address 0xF3, changing to 0x83
[  282.318978][ T5974] usb 3-1: config 0 interface 0 altsetting 0 endpoint 0x83 has an invalid bInterval 0, changing to 7
[  282.400399][ T5974] usb 3-1: New USB device found, idVendor=2040, idProduct=0264, bcdDevice=4e.d1
[  282.434554][ T5974] usb 3-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  283.284568][   T96] block nbd3: Possible stuck request ffff8880257fe000: control (read@0,1024B). Runtime 90 seconds
[  283.298136][   T96] block nbd3: Possible stuck request ffff8880257fe1c0: control (read@1024,1024B). Runtime 90 seconds
[  283.309119][   T96] block nbd3: Possible stuck request ffff8880257fe380: control (read@2048,1024B). Runtime 90 seconds
[  283.320072][   T96] block nbd3: Possible stuck request ffff8880257fe540: control (read@3072,1024B). Runtime 90 seconds
[  283.339819][ T5974] usb 3-1: Product: syz
[  283.344130][ T5974] usb 3-1: Manufacturer: syz
[  283.350422][ T5974] usb 3-1: SerialNumber: syz
[  283.369853][ T5974] usb 3-1: config 0 descriptor??
[  283.381393][ T5974] em28xx 3-1:0.0: New device syz syz @ 480 Mbps (2040:0264, interface 0, class 0)
[  283.390867][ T5974] em28xx 3-1:0.0: Audio interface 0 found (Vendor Class)
[  283.682074][    T9] hid-generic 0003:0004:0000.0007: unknown main item tag 0x0
[  283.691187][    T9] hid-generic 0003:0004:0000.0007: unknown main item tag 0x0
[  283.721345][    T9] hid-generic 0003:0004:0000.0007: unknown main item tag 0x0
[  283.741647][    T9] hid-generic 0003:0004:0000.0007: hidraw0: USB HID v0.00 Device [syz0] on syz1
[  284.018068][ T5974] em28xx 3-1:0.0: unknown em28xx chip ID (0)
[  284.034074][ T5974] em28xx 3-1:0.0: Config register raw data: 0x00
[  284.101119][   T30] audit: type=1326 audit(1752644319.345:41): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=8176 comm="syz.1.578" exe="/root/syz-executor" sig=9 arch=c000003e syscall=231 compat=0 ip=0x7f99add8e929 code=0x0
[  285.695338][    T9] usb 6-1: new high-speed USB device number 8 using dummy_hcd
[  285.816392][ T5958] usb 3-1: USB disconnect, device number 25
[  285.836731][ T5958] em28xx 3-1:0.0: Disconnecting em28xx
[  285.855801][    T9] usb 6-1: Using ep0 maxpacket: 16
[  285.869585][    T9] usb 6-1: config 5 has an invalid interface number: 24 but max is 1
[  285.895385][    T9] usb 6-1: config 5 contains an unexpected descriptor of type 0x1, skipping
[  286.444539][ T5958] em28xx 3-1:0.0: Freeing device
[  286.449673][    T9] usb 6-1: config 5 contains an unexpected descriptor of type 0x1, skipping
[  286.463316][    T9] usb 6-1: config 5 has an invalid interface number: 229 but max is 1
[  286.471914][    T9] usb 6-1: config 5 has no interface number 0
[  286.478497][    T9] usb 6-1: config 5 has no interface number 1
[  286.486463][    T9] usb 6-1: config 5 interface 24 altsetting 3 endpoint 0xF has invalid maxpacket 512, setting to 64
[  286.500207][    T9] usb 6-1: config 5 interface 24 altsetting 3 endpoint 0xA has invalid maxpacket 1015, setting to 64
[  287.432113][    T9] usb 6-1: config 5 interface 24 altsetting 3 endpoint 0x1 has invalid wMaxPacketSize 0
[  287.475218][    T9] usb 6-1: config 5 interface 24 altsetting 3 endpoint 0x3 has invalid maxpacket 1537, setting to 64
[  287.520280][    T9] usb 6-1: config 5 interface 24 altsetting 3 has an invalid descriptor for endpoint zero, skipping
[  287.575313][    T9] usb 6-1: config 5 interface 24 altsetting 3 endpoint 0xC has invalid maxpacket 512, setting to 64
[  287.701529][    T9] usb 6-1: config 5 interface 24 altsetting 3 has a duplicate endpoint with address 0xF, skipping
[  288.265246][    T9] usb 6-1: config 5 interface 24 altsetting 3 has a duplicate endpoint with address 0xC, skipping
[  288.278398][    T9] usb 6-1: config 5 interface 24 altsetting 3 has a duplicate endpoint with address 0x1, skipping
[  288.294732][    T9] usb 6-1: config 5 interface 24 altsetting 3 has a duplicate endpoint with address 0xC, skipping
[  288.345234][    T9] usb 6-1: config 5 interface 24 altsetting 3 has a duplicate endpoint with address 0x3, skipping
[  288.417280][    T9] usb 6-1: config 5 interface 229 altsetting 128 has a duplicate endpoint with address 0x1, skipping
[  288.708742][    T9] usb 6-1: config 5 interface 229 altsetting 128 has a duplicate endpoint with address 0xA, skipping
[  288.920012][    T9] usb 6-1: config 5 interface 229 altsetting 128 has an invalid descriptor for endpoint zero, skipping
[  289.035513][    T9] usb 6-1: config 5 interface 229 altsetting 128 bulk endpoint 0x4 has invalid maxpacket 1024
[  289.057309][    T9] usb 6-1: config 5 interface 24 has no altsetting 0
[  289.064180][    T9] usb 6-1: config 5 interface 229 has no altsetting 0
[  289.679741][ T8230] RDS: rds_bind could not find a transport for fec0:ffff::1, load rds_tcp or rds_rdma?
[  290.145832][ T8219] iommufd_mock iommufd_mock0: Adding to iommu group 0
[  290.443552][    T9] usb 6-1: string descriptor 0 read error: -71
[  290.960775][    T9] usb 6-1: New USB device found, idVendor=0bfd, idProduct=010b, bcdDevice=92.33
[  290.977908][    T9] usb 6-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  290.999702][    T9] usb 6-1: Interface #229 referenced by multiple IADs
[  291.021542][    T9] usb 6-1: can't set config #5, error -71
[  291.043360][    T9] usb 6-1: USB disconnect, device number 8
[  291.214953][ T8233] iommufd_mock iommufd_mock0: Adding to iommu group 0
[  291.600708][   T96] block nbd1: Possible stuck request ffff88802576e000: control (read@0,1024B). Runtime 150 seconds
[  291.611861][   T96] block nbd1: Possible stuck request ffff88802576e1c0: control (read@1024,1024B). Runtime 150 seconds
[  291.636280][   T96] block nbd1: Possible stuck request ffff88802576e380: control (read@2048,1024B). Runtime 150 seconds
[  291.649278][   T96] block nbd1: Possible stuck request ffff88802576e540: control (read@3072,1024B). Runtime 150 seconds
[  292.200391][    T9] usb 2-1: new high-speed USB device number 10 using dummy_hcd
[  292.595443][    T9] usb 2-1: Using ep0 maxpacket: 16
[  292.616076][    T9] usb 2-1: config 0 interface 0 altsetting 0 has an endpoint descriptor with address 0xF3, changing to 0x83
[  292.639434][    T9] usb 2-1: config 0 interface 0 altsetting 0 endpoint 0x83 has an invalid bInterval 0, changing to 7
[  292.662055][ T8242] iommufd_mock iommufd_mock0: Adding to iommu group 0
[  292.692675][    T9] usb 2-1: New USB device found, idVendor=2040, idProduct=0264, bcdDevice=4e.d1
[  292.740718][    T9] usb 2-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  292.751214][    T9] usb 2-1: Product: syz
[  292.785773][    T9] usb 2-1: Manufacturer: syz
[  292.800439][    T9] usb 2-1: SerialNumber: syz
[  292.814546][    T9] usb 2-1: config 0 descriptor??
[  292.837706][    T9] em28xx 2-1:0.0: New device syz syz @ 480 Mbps (2040:0264, interface 0, class 0)
[  292.857902][    T9] em28xx 2-1:0.0: Audio interface 0 found (Vendor Class)
[  293.804030][ T8256] ubi0: attaching mtd0
[  293.816450][ T8256] ubi0 error: ubi_attach_mtd_dev: bad VID header (1) or data offsets (65)
[  294.151673][   T30] audit: type=1326 audit(1752644329.395:42): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=8251 comm="syz.0.614" exe="/root/syz-executor" sig=9 arch=c000003e syscall=231 compat=0 ip=0x7ff95978e929 code=0x0
[  294.195974][    T9] em28xx 2-1:0.0: unknown em28xx chip ID (0)
[  294.231761][    T9] em28xx 2-1:0.0: Config register raw data: 0x00
[  294.735392][    T9] usb 4-1: new high-speed USB device number 11 using dummy_hcd
[  294.798417][ T5957] usb 3-1: new high-speed USB device number 26 using dummy_hcd
[  295.035861][    T9] usb 4-1: Using ep0 maxpacket: 8
[  295.116272][ T5957] usb 3-1: Using ep0 maxpacket: 16
[  295.280302][    T9] usb 4-1: unable to get BOS descriptor or descriptor too short
[  295.298924][ T5957] usb 3-1: config 1 contains an unexpected descriptor of type 0x2, skipping
[  295.318670][ T5957] usb 3-1: config 1 has an invalid descriptor of length 0, skipping remainder of the config
[  295.337048][    T9] usb 4-1: config 0 interface 0 altsetting 0 has an endpoint descriptor with address 0xEE, changing to 0x8E
[  295.363771][ T5957] usb 3-1: config 1 has 1 interface, different from the descriptor's value: 3
[  295.374501][    T9] usb 4-1: config 0 interface 0 altsetting 0 endpoint 0x8E has an invalid bInterval 0, changing to 7
[  295.399961][ T5957] usb 3-1: New USB device found, idVendor=1d6b, idProduct=0101, bcdDevice= 0.40
[  295.411205][    T9] usb 4-1: config 0 interface 0 altsetting 0 endpoint 0x8E has invalid wMaxPacketSize 0
[  295.430241][ T5957] usb 3-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  295.446082][    T9] usb 4-1: config 0 interface 0 altsetting 0 endpoint 0x3 has invalid wMaxPacketSize 0
[  295.465196][ T5957] usb 3-1: Product: syz
[  295.472173][ T5957] usb 3-1: Manufacturer: syz
[  295.478133][    T9] usb 4-1: config 0 interface 0 altsetting 0 bulk endpoint 0xC has invalid maxpacket 1
[  295.495240][ T5957] usb 3-1: SerialNumber: syz
[  295.533293][    T9] usb 4-1: config 0 interface 0 altsetting 0 endpoint 0xF has invalid wMaxPacketSize 0
[  295.572827][    T9] usb 4-1: config 0 interface 0 altsetting 0 has an endpoint descriptor with address 0x31, changing to 0x1
[  295.599126][    T9] usb 4-1: config 0 interface 0 altsetting 0 endpoint 0x1 has invalid maxpacket 13364, setting to 64
[  295.631152][    T9] usb 4-1: New USB device found, idVendor=0763, idProduct=1002, bcdDevice=5f.84
[  295.660644][    T9] usb 4-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  295.699690][    T9] usb 4-1: Product: syz
[  295.709840][    T9] usb 4-1: Manufacturer: syz
[  295.714523][    T9] usb 4-1: SerialNumber: syz
[  295.736897][    T9] usb 4-1: config 0 descriptor??
[  295.751910][ T8270] raw-gadget.1 gadget.3: fail, usb_ep_enable returned -22
[  295.945868][ T8292] iommufd_mock iommufd_mock0: Adding to iommu group 0
[  296.280223][ T5957] usb 3-1: 0:2 : does not exist
[  296.328351][ T1225] usb 2-1: USB disconnect, device number 10
[  296.341176][ T8273] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy
[  296.346184][ T1225] em28xx 2-1:0.0: Disconnecting em28xx
[  296.350136][ T8273] misc raw-gadget: fail, usb_gadget_register_driver returned -16
[  296.876480][ T1225] em28xx 2-1:0.0: Freeing device
[  297.407540][ T5957] usb 3-1: 1:0: cannot get min/max values for control 4 (id 1)
[  297.452813][    T9] usb 4-1: Quirk or no altset; falling back to MIDI 1.0
[  297.460835][ T5957] usb 3-1: USB disconnect, device number 26
[  298.368673][    T9] usb 4-1: USB disconnect, device number 11
[  298.623467][ T7607] udevd[7607]: error opening ATTR{/sys/devices/platform/dummy_hcd.3/usb4/4-1/4-1:0.0/sound/card4/controlC4/../uevent} for writing: No such file or directory
[  298.905605][ T8332] FAULT_INJECTION: forcing a failure.
[  298.905605][ T8332] name fail_usercopy, interval 1, probability 0, space 0, times 1
[  298.920259][ T5841] Bluetooth: hci2: unexpected cc 0x2039 length: 9 > 1
[  298.930635][ T5841] Bluetooth: hci2: unexpected event for opcode 0x2039
[  298.973357][ T8332] CPU: 1 UID: 0 PID: 8332 Comm: syz.1.634 Not tainted 6.16.0-rc6-syzkaller-00002-g155a3c003e55 #0 PREEMPT(full) 
[  298.973384][ T8332] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025
[  298.973399][ T8332] Call Trace:
[  298.973407][ T8332]  <TASK>
[  298.973421][ T8332]  dump_stack_lvl+0x189/0x250
[  298.973444][ T8332]  ? __pfx____ratelimit+0x10/0x10
[  298.973469][ T8332]  ? __pfx_dump_stack_lvl+0x10/0x10
[  298.973487][ T8332]  ? __pfx__printk+0x10/0x10
[  298.973507][ T8332]  ? __might_fault+0xb0/0x130
[  298.973540][ T8332]  should_fail_ex+0x414/0x560
[  298.973568][ T8332]  _copy_from_user+0x2d/0xb0
[  298.973587][ T8332]  ucma_write+0x158/0x2e0
[  298.973609][ T8332]  ? __pfx_ucma_write+0x10/0x10
[  298.973625][ T8332]  ? security_file_permission+0x75/0x290
[  298.973650][ T8332]  ? rw_verify_area+0x258/0x650
[  298.973670][ T8332]  ? __pfx_ucma_write+0x10/0x10
[  298.973689][ T8332]  vfs_write+0x27e/0xa90
[  298.973718][ T8332]  ? __pfx_vfs_write+0x10/0x10
[  298.973741][ T8332]  ? __fget_files+0x2a/0x420
[  298.973759][ T8332]  ? __fget_files+0x2a/0x420
[  298.973776][ T8332]  ? __fget_files+0x3a0/0x420
[  298.973789][ T8332]  ? __fget_files+0x2a/0x420
[  298.973813][ T8332]  ksys_write+0x145/0x250
[  298.973836][ T8332]  ? __pfx_ksys_write+0x10/0x10
[  298.973854][ T8332]  ? rcu_is_watching+0x15/0xb0
[  298.973877][ T8332]  ? do_syscall_64+0xbe/0x3b0
[  298.973898][ T8332]  do_syscall_64+0xfa/0x3b0
[  298.973913][ T8332]  ? lockdep_hardirqs_on+0x9c/0x150
[  298.973935][ T8332]  ? entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  298.973951][ T8332]  ? clear_bhb_loop+0x60/0xb0
[  298.973971][ T8332]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  298.973987][ T8332] RIP: 0033:0x7f99add8e929
[  298.974008][ T8332] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[  298.974021][ T8332] RSP: 002b:00007f99aec1e038 EFLAGS: 00000246 ORIG_RAX: 0000000000000001
[  298.974046][ T8332] RAX: ffffffffffffffda RBX: 00007f99adfb5fa0 RCX: 00007f99add8e929
[  298.974059][ T8332] RDX: 0000000000000048 RSI: 0000200000000180 RDI: 0000000000000003
[  298.974070][ T8332] RBP: 00007f99aec1e090 R08: 0000000000000000 R09: 0000000000000000
[  298.974080][ T8332] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[  298.974090][ T8332] R13: 0000000000000000 R14: 00007f99adfb5fa0 R15: 00007ffc17832ec8
[  298.974125][ T8332]  </TASK>
[  299.207480][    C1] vkms_vblank_simulate: vblank timer overrun
[  299.687350][ T5957] usb 2-1: new high-speed USB device number 11 using dummy_hcd
[  299.941371][ T8338] iommufd_mock iommufd_mock0: Adding to iommu group 0
[  299.997682][ T5957] usb 2-1: Using ep0 maxpacket: 16
[  300.070713][ T5957] usb 2-1: config 0 has an invalid descriptor of length 45, skipping remainder of the config
[  300.085034][ T5957] usb 2-1: config 0 interface 0 altsetting 0 has 0 endpoint descriptors, different from the interface descriptor's value: 1
[  300.162553][ T5957] usb 2-1: New USB device found, idVendor=1fd2, idProduct=6007, bcdDevice= 0.00
[  300.197739][ T5957] usb 2-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  300.344484][ T5957] usb 2-1: config 0 descriptor??
[  301.208201][ T8335] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy
[  301.220696][ T8335] misc raw-gadget: fail, usb_gadget_register_driver returned -16
[  301.247650][ T5957] usb 2-1: string descriptor 0 read error: -71
[  301.307765][ T5957] usbhid 2-1:0.0: couldn't find an input interrupt endpoint
[  301.326153][ T5957] usb 2-1: USB disconnect, device number 11
[  301.488870][ T8352] netlink: 2 bytes leftover after parsing attributes in process `syz.3.641'.
[  302.259363][ T8357] input: syz1 as /devices/virtual/input/input7
[  302.272700][ T8357] input: failed to attach handler leds to device input7, error: -6
[  302.629081][ T8367] netlink: 'syz.1.645': attribute type 21 has an invalid length.
[  302.640710][ T8367] netlink: 128 bytes leftover after parsing attributes in process `syz.1.645'.
[  303.046434][ T5841] Bluetooth: hci2: Controller not accepting commands anymore: ncmd = 0
[  303.115673][ T5841] Bluetooth: hci2: Injecting HCI hardware error event
[  303.127481][   T50] Bluetooth: hci2: hardware error 0x00
[  303.705501][ T8376] netlink: 36 bytes leftover after parsing attributes in process `syz.2.648'.
[  304.235544][ T8350] netlink: 'syz.3.641': attribute type 5 has an invalid length.
[  304.253628][ T8367] netlink: 'syz.1.645': attribute type 4 has an invalid length.
[  304.263711][ T8367] netlink: 3 bytes leftover after parsing attributes in process `syz.1.645'.
[  304.403035][   T96] block nbd5: Possible stuck request ffff88802590e000: control (read@0,1024B). Runtime 90 seconds
[  304.413849][   T96] block nbd5: Possible stuck request ffff88802590e1c0: control (read@1024,1024B). Runtime 90 seconds
[  304.424985][   T96] block nbd5: Possible stuck request ffff88802590e380: control (read@2048,1024B). Runtime 90 seconds
[  304.436018][   T96] block nbd5: Possible stuck request ffff88802590e540: control (read@3072,1024B). Runtime 90 seconds
[  305.527478][   T50] Bluetooth: hci2: Opcode 0x0c03 failed: -110
[  305.780758][ T8388] 9pnet_fd: Insufficient options for proto=fd
[  306.733865][ T8408] syz_tun: entered allmulticast mode
[  306.811944][ T8394] syz_tun: left allmulticast mode
[  307.043516][ T8416] netlink: 92 bytes leftover after parsing attributes in process `syz.3.659'.
[  308.235990][ T5840] usb 4-1: new high-speed USB device number 12 using dummy_hcd
[  308.840875][ T5840] usb 4-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 28, changing to 8
[  309.575805][ T5840] usb 4-1: config 0 interface 0 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 5
[  309.653239][ T5840] usb 4-1: New USB device found, idVendor=05ac, idProduct=0232, bcdDevice= 0.00
[  309.700169][ T5840] usb 4-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  309.841041][ T5840] usb 4-1: config 0 descriptor??
[  309.882978][ T5840] input: bcm5974 as /devices/platform/dummy_hcd.3/usb4/4-1/4-1:0.0/input/input8
[  310.102547][ T5193] bcm5974 4-1:0.0: could not read from device
[  310.164531][ T5193] bcm5974 4-1:0.0: could not read from device
[  310.202754][ T5840] usb 4-1: USB disconnect, device number 12
[  311.380761][ T8480] FAULT_INJECTION: forcing a failure.
[  311.380761][ T8480] name failslab, interval 1, probability 0, space 0, times 0
[  311.380797][ T8480] CPU: 0 UID: 0 PID: 8480 Comm: syz.2.676 Not tainted 6.16.0-rc6-syzkaller-00002-g155a3c003e55 #0 PREEMPT(full) 
[  311.380818][ T8480] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025
[  311.380828][ T8480] Call Trace:
[  311.380835][ T8480]  <TASK>
[  311.380843][ T8480]  dump_stack_lvl+0x189/0x250
[  311.380866][ T8480]  ? __pfx____ratelimit+0x10/0x10
[  311.380891][ T8480]  ? __pfx_dump_stack_lvl+0x10/0x10
[  311.380909][ T8480]  ? __pfx__printk+0x10/0x10
[  311.380934][ T8480]  ? __pfx___might_resched+0x10/0x10
[  311.380952][ T8480]  ? fs_reclaim_acquire+0x7d/0x100
[  311.380974][ T8480]  should_fail_ex+0x414/0x560
[  311.381003][ T8480]  should_failslab+0xa8/0x100
[  311.381028][ T8480]  __kmalloc_noprof+0xcb/0x4f0
[  311.381050][ T8480]  ? iovec_from_user+0x87/0x250
[  311.381079][ T8480]  iovec_from_user+0x87/0x250
[  311.381103][ T8480]  __import_iovec+0x163/0x7f0
[  311.381133][ T8480]  import_iovec+0x74/0xa0
[  311.381155][ T8480]  ___sys_sendmsg+0x1e7/0x2a0
[  311.381180][ T8480]  ? __pfx____sys_sendmsg+0x10/0x10
[  311.381236][ T8480]  ? __fget_files+0x2a/0x420
[  311.381252][ T8480]  ? __fget_files+0x3a0/0x420
[  311.381277][ T8480]  __sys_sendmmsg+0x227/0x430
[  311.381305][ T8480]  ? __pfx___sys_sendmmsg+0x10/0x10
[  311.381323][ T8480]  ? __mutex_unlock_slowpath+0x1cd/0x700
[  311.381366][ T8480]  ? ksys_write+0x22a/0x250
[  311.381390][ T8480]  ? __pfx_ksys_write+0x10/0x10
[  311.381409][ T8480]  ? rcu_is_watching+0x15/0xb0
[  311.381434][ T8480]  __x64_sys_sendmmsg+0xa0/0xc0
[  311.381457][ T8480]  do_syscall_64+0xfa/0x3b0
[  311.381472][ T8480]  ? lockdep_hardirqs_on+0x9c/0x150
[  311.381495][ T8480]  ? entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  311.381512][ T8480]  ? clear_bhb_loop+0x60/0xb0
[  311.381533][ T8480]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  311.381549][ T8480] RIP: 0033:0x7f82b6d8e929
[  311.381563][ T8480] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[  311.381578][ T8480] RSP: 002b:00007f82b7c1c038 EFLAGS: 00000246 ORIG_RAX: 0000000000000133
[  311.381598][ T8480] RAX: ffffffffffffffda RBX: 00007f82b6fb5fa0 RCX: 00007f82b6d8e929
[  311.381611][ T8480] RDX: 0400000000000172 RSI: 0000200000003cc0 RDI: 0000000000000003
[  311.381623][ T8480] RBP: 00007f82b7c1c090 R08: 0000000000000000 R09: 0000000000000000
[  311.381634][ T8480] R10: 0000000004001c00 R11: 0000000000000246 R12: 0000000000000001
[  311.381644][ T8480] R13: 0000000000000000 R14: 00007f82b6fb5fa0 R15: 00007ffed7c440f8
[  311.381672][ T8480]  </TASK>
[  313.284621][ T8494] pci 0000:00:05.0: vgaarb: VGA decodes changed: olddecodes=io+mem,decodes=none:owns=io+mem
[  313.443643][   T96] block nbd3: Possible stuck request ffff8880257fe000: control (read@0,1024B). Runtime 120 seconds
[  313.443686][   T96] block nbd3: Possible stuck request ffff8880257fe1c0: control (read@1024,1024B). Runtime 120 seconds
[  313.443709][   T96] block nbd3: Possible stuck request ffff8880257fe380: control (read@2048,1024B). Runtime 120 seconds
[  313.443732][   T96] block nbd3: Possible stuck request ffff8880257fe540: control (read@3072,1024B). Runtime 120 seconds
[  314.365513][   T30] audit: type=1326 audit(1752644349.605:43): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=8508 comm="syz.3.682" exe="/root/syz-executor" sig=9 arch=c000003e syscall=231 compat=0 ip=0x7f99f5b8e929 code=0x0
[  314.386301][ T8516] netlink: 'syz.1.685': attribute type 2 has an invalid length.
[  314.525928][ T8518] iommufd_mock iommufd_mock0: Adding to iommu group 0
[  315.571844][ T8523] program syz.1.686 is using a deprecated SCSI ioctl, please convert it to SG_IO
[  316.389332][ T8533] IPVS: sync thread started: state = MASTER, mcast_ifn = veth0_virt_wifi, syncid = 33554432, id = 0
[  317.181178][   T24] hid-generic 0003:0004:0000.0008: unknown main item tag 0x0
[  317.201737][ T1302] ieee802154 phy0 wpan0: encryption failed: -22
[  317.208546][ T1302] ieee802154 phy1 wpan1: encryption failed: -22
[  317.220899][   T24] hid-generic 0003:0004:0000.0008: unknown main item tag 0x0
[  317.234856][   T24] hid-generic 0003:0004:0000.0008: unknown main item tag 0x0
[  317.275969][   T24] hid-generic 0003:0004:0000.0008: hidraw0: USB HID v0.00 Device [syz0] on syz1
[  317.405463][    T9] usb 3-1: new high-speed USB device number 27 using dummy_hcd
[  317.567776][    T9] usb 3-1: device descriptor read/64, error -71
[  317.882799][    T9] usb 3-1: new high-speed USB device number 28 using dummy_hcd
[  318.045670][    T9] usb 3-1: device descriptor read/64, error -71
[  318.208988][    T9] usb usb3-port1: attempt power cycle
[  318.705291][    T9] usb 3-1: new high-speed USB device number 29 using dummy_hcd
[  318.966338][    T9] usb 3-1: device descriptor read/8, error -71
[  319.270212][    T9] usb 3-1: new high-speed USB device number 30 using dummy_hcd
[  319.308770][    T9] usb 3-1: device descriptor read/8, error -71
[  319.420087][    T9] usb usb3-port1: unable to enumerate USB device
[  321.927721][ T5840] usb 2-1: new high-speed USB device number 12 using dummy_hcd
[  321.962532][   T96] block nbd1: Possible stuck request ffff88802576e000: control (read@0,1024B). Runtime 180 seconds
[  321.975777][   T96] block nbd1: Possible stuck request ffff88802576e1c0: control (read@1024,1024B). Runtime 180 seconds
[  321.986901][   T96] block nbd1: Possible stuck request ffff88802576e380: control (read@2048,1024B). Runtime 180 seconds
[  321.997949][   T96] block nbd1: Possible stuck request ffff88802576e540: control (read@3072,1024B). Runtime 180 seconds
[  322.178469][ T5840] usb 2-1: New USB device found, idVendor=0bed, idProduct=1100, bcdDevice=ec.c3
[  322.188044][ T5840] usb 2-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  322.209505][ T5840] usb 2-1: config 0 descriptor??
[  322.226359][ T5840] cp210x 2-1:0.0: cp210x converter detected
[  322.585841][ T8628] Illegal XDP return value 4294967294 on prog  (id 192) dev N/A, expect packet loss!
[  322.649511][ T5840] cp210x 2-1:0.0: failed to get vendor val 0x0010 size 3: -71
[  322.685077][ T5840] cp210x 2-1:0.0: failed to get vendor val 0x000e size 678: -71
[  322.977589][ T5840] cp210x 2-1:0.0: GPIO initialisation failed: -71
[  322.987280][ T5840] usb 2-1: cp210x converter now attached to ttyUSB0
[  322.999322][ T5840] usb 2-1: USB disconnect, device number 12
[  323.012400][ T5840] cp210x ttyUSB0: cp210x converter now disconnected from ttyUSB0
[  323.024894][ T5840] cp210x 2-1:0.0: device disconnected
[  323.497082][ T8636] IPVS: lc: UDP 224.0.0.2:0 - no destination available
[  323.535648][ T5840] IPVS: starting estimator thread 0...
[  323.640055][ T8641] IPVS: using max 31 ests per chain, 74400 per kthread
[  323.984292][ T8646] netlink: 152 bytes leftover after parsing attributes in process `syz.0.720'.
[  323.993398][ T8646] tipc: Enabling of bearer <udp:syz0> rejected, already enabled
[  324.065259][ T5840] usb 2-1: new high-speed USB device number 13 using dummy_hcd
[  324.607069][ T5840] usb 2-1: New USB device found, idVendor=0c45, idProduct=628f, bcdDevice=1f.44
[  324.642425][ T5840] usb 2-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  324.691110][ T5840] usb 2-1: config 0 descriptor??
[  324.739513][ T5840] gspca_main: gspca_sn9c20x-2.14.0 probing 0c45:628f
[  324.971841][ T8663] netlink: 40 bytes leftover after parsing attributes in process `syz.0.725'.
[  325.275611][ T5840] gspca_sn9c20x: Write register 1000 failed -110
[  325.302591][ T5840] gspca_sn9c20x: Device initialization failed
[  325.330414][ T5840] gspca_sn9c20x 2-1:0.0: probe with driver gspca_sn9c20x failed with error -110
[  325.798186][ T8686] netlink: 8 bytes leftover after parsing attributes in process `syz.2.733'.
[  326.115730][ T8691] netlink: 8 bytes leftover after parsing attributes in process `syz.3.735'.
[  326.904127][ T8691] ip6gretap0: entered promiscuous mode
[  326.966269][ T8691] macsec1: entered promiscuous mode
[  326.971699][ T8691] macsec1: entered allmulticast mode
[  326.978410][ T8691] ip6gretap0: entered allmulticast mode
[  327.029978][    T9] usb 2-1: USB disconnect, device number 13
[  327.065806][ T8691] ip6gretap0: left allmulticast mode
[  327.071380][ T8691] ip6gretap0: left promiscuous mode
[  327.553337][    T9] hid-generic 0003:0004:0000.0009: unknown main item tag 0x0
[  327.599432][    T9] hid-generic 0003:0004:0000.0009: unknown main item tag 0x0
[  327.797236][    T9] hid-generic 0003:0004:0000.0009: unknown main item tag 0x0
[  327.867933][    T9] hid-generic 0003:0004:0000.0009: hidraw0: USB HID v0.00 Device [syz0] on syz1
[  328.287860][ T8709] fido_id[8709]: Failed to open report descriptor at '/sys/devices/virtual/misc/uhid/report_descriptor': No such file or directory
[  328.575225][   T24] usb 4-1: new high-speed USB device number 13 using dummy_hcd
[  329.555210][   T24] usb 4-1: Using ep0 maxpacket: 32
[  329.654161][   T24] usb 4-1: New USB device found, idVendor=0b89, idProduct=0007, bcdDevice=ef.64
[  329.679666][   T24] usb 4-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  329.772852][   T24] usb 4-1: config 0 descriptor??
[  329.820954][   T24] as10x_usb: device has been detected
[  329.880303][   T24] dvbdev: DVB: registering new adapter (nBox DVB-T Dongle)
[  330.020851][   T24] usb 4-1: DVB: registering adapter 1 frontend 0 (nBox DVB-T Dongle)...
[  330.140091][   T24] as10x_usb: error during firmware upload part1
[  330.168115][   T24] Registered device nBox DVB-T Dongle
[  330.202215][   T24] usb 4-1: USB disconnect, device number 13
[  330.796832][   T24] Unregistered device nBox DVB-T Dongle
[  330.818193][   T24] as10x_usb: device has been disconnected
[  332.915746][ T8737] tty tty23: ldisc open failed (-12), clearing slot 22
[  333.070787][ T8754] futex_wake_op: syz.3.753 tries to shift op by 32; fix this program
[  334.717024][   T96] block nbd5: Possible stuck request ffff88802590e000: control (read@0,1024B). Runtime 120 seconds
[  334.728061][   T96] block nbd5: Possible stuck request ffff88802590e1c0: control (read@1024,1024B). Runtime 120 seconds
[  334.739234][   T96] block nbd5: Possible stuck request ffff88802590e380: control (read@2048,1024B). Runtime 120 seconds
[  334.750567][   T96] block nbd5: Possible stuck request ffff88802590e540: control (read@3072,1024B). Runtime 120 seconds
[  337.681473][ T8793] netlink: 8 bytes leftover after parsing attributes in process `syz.3.763'.
[  337.737758][ T8793] netlink: 4 bytes leftover after parsing attributes in process `syz.3.763'.
[  337.812163][ T8793] netlink: 16 bytes leftover after parsing attributes in process `syz.3.763'.
[  338.608558][ T8813] netlink: 36 bytes leftover after parsing attributes in process `syz.2.772'.
[  341.035388][ T5957] usb 4-1: new high-speed USB device number 14 using dummy_hcd
[  341.205202][ T5957] usb 4-1: Using ep0 maxpacket: 32
[  341.229823][ T5957] usb 4-1: config 0 interface 0 has no altsetting 0
[  341.273572][ T5957] usb 4-1: New USB device found, idVendor=1b1c, idProduct=1c0c, bcdDevice= 0.00
[  341.297847][ T5957] usb 4-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  341.353530][ T5957] usb 4-1: config 0 descriptor??
[  341.804801][ T5957] corsair-psu 0003:1B1C:1C0C.000A: unknown main item tag 0x0
[  341.818647][ T5957] corsair-psu 0003:1B1C:1C0C.000A: unknown main item tag 0x0
[  341.846205][ T5957] corsair-psu 0003:1B1C:1C0C.000A: unknown main item tag 0x0
[  341.888202][ T5957] corsair-psu 0003:1B1C:1C0C.000A: unknown main item tag 0x0
[  341.914844][ T5957] corsair-psu 0003:1B1C:1C0C.000A: unknown main item tag 0x0
[  341.939744][ T5957] corsair-psu 0003:1B1C:1C0C.000A: hidraw0: USB HID v4.06 Device [HID 1b1c:1c0c] on usb-dummy_hcd.3-1/input0
[  341.972488][ T8848] ubi31: attaching mtd0
[  341.989287][ T8848] ubi31: scanning is finished
[  341.994020][ T8848] ubi31: empty MTD device detected
[  342.019473][ T5957] corsair-psu 0003:1B1C:1C0C.000A: unable to initialize device (-71)
[  342.069456][ T5957] corsair-psu 0003:1B1C:1C0C.000A: probe with driver corsair-psu failed with error -71
[  342.114281][ T5957] usb 4-1: USB disconnect, device number 14
[  342.593855][ T8864] fido_id[8864]: Failed to open report descriptor at '/sys/devices/platform/dummy_hcd.3/usb4/4-1/report_descriptor': No such file or directory
[  342.623401][ T8848] ubi31: attached mtd0 (name "mtdram test device", size 0 MiB)
[  342.631263][ T8848] ubi31: PEB size: 4096 bytes (4 KiB), LEB size: 3968 bytes
[  342.650240][ T8848] ubi31: min./max. I/O unit sizes: 1/64, sub-page size 1
[  342.688040][ T8848] ubi31: VID header offset: 64 (aligned 64), data offset: 128
[  342.698595][ T8848] ubi31: good PEBs: 32, bad PEBs: 0, corrupted PEBs: 0
[  342.707688][ T8848] ubi31: user volume: 0, internal volumes: 1, max. volumes count: 23
[  342.727136][ T8848] ubi31: max/mean erase counter: 0/0, WL threshold: 4096, image sequence number: 2358090720
[  342.740146][ T8848] ubi31: available PEBs: 28, total reserved PEBs: 4, PEBs reserved for bad PEB handling: 0
[  342.753367][ T8872] ubi31: background thread "ubi_bgt31d" started, PID 8872
[  344.076274][   T96] block nbd3: Possible stuck request ffff8880257fe000: control (read@0,1024B). Runtime 150 seconds
[  344.088389][   T96] block nbd3: Possible stuck request ffff8880257fe1c0: control (read@1024,1024B). Runtime 150 seconds
[  344.100453][   T96] block nbd3: Possible stuck request ffff8880257fe380: control (read@2048,1024B). Runtime 150 seconds
[  344.112552][   T96] block nbd3: Possible stuck request ffff8880257fe540: control (read@3072,1024B). Runtime 150 seconds
[  344.235288][    T9] usb 4-1: new high-speed USB device number 15 using dummy_hcd
[  344.484606][ T8891] netlink: 8 bytes leftover after parsing attributes in process `syz.5.795'.
[  344.496855][    T9] usb 4-1: Using ep0 maxpacket: 8
[  344.515656][ T8891] netlink: 8 bytes leftover after parsing attributes in process `syz.5.795'.
[  344.534858][    T9] usb 4-1: New USB device found, idVendor=0757, idProduct=0a00, bcdDevice= 0.00
[  344.546063][    T9] usb 4-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  344.566575][    T9] usb 4-1: config 0 descriptor??
[  345.532407][ T8884] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy
[  345.654657][ T8884] misc raw-gadget: fail, usb_gadget_register_driver returned -16
[  348.163581][    T9] usbhid 4-1:0.0: can't add hid device: -71
[  348.175283][    T9] usbhid 4-1:0.0: probe with driver usbhid failed with error -71
[  348.214850][    T9] usb 4-1: USB disconnect, device number 15
[  349.971865][ T8931] bridge0: port 3(syz_tun) entered blocking state
[  349.979178][ T8931] bridge0: port 3(syz_tun) entered disabled state
[  349.986962][ T8931] syz_tun: entered allmulticast mode
[  350.004266][ T8931] syz_tun: entered promiscuous mode
[  350.013422][ T8931] bridge0: port 3(syz_tun) entered blocking state
[  350.020239][ T8931] bridge0: port 3(syz_tun) entered forwarding state
[  350.053326][ T8931] xt_CT: You must specify a L4 protocol and not use inversions on it
[  352.269394][ T8958] netlink: 36 bytes leftover after parsing attributes in process `syz.0.813'.
[  352.405157][   T96] block nbd1: Possible stuck request ffff88802576e000: control (read@0,1024B). Runtime 210 seconds
[  352.415991][   T96] block nbd1: Possible stuck request ffff88802576e1c0: control (read@1024,1024B). Runtime 210 seconds
[  352.427030][   T96] block nbd1: Possible stuck request ffff88802576e380: control (read@2048,1024B). Runtime 210 seconds
[  352.438081][   T96] block nbd1: Possible stuck request ffff88802576e540: control (read@3072,1024B). Runtime 210 seconds
[  353.621166][ T8976] nbd: must specify at least one socket
[  358.199402][ T9019] netlink: 36 bytes leftover after parsing attributes in process `syz.1.827'.
[  358.973261][ T9032] netlink: 4 bytes leftover after parsing attributes in process `syz.3.830'.
[  359.082164][ T9034] nbd: must specify at least one socket
[  359.359076][ T5957] usb 3-1: new high-speed USB device number 31 using dummy_hcd
[  359.575376][ T5957] usb 3-1: device descriptor read/64, error -71
[  359.785577][   T30] audit: type=1326 audit(1752644395.035:44): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=9043 comm="syz.5.835" exe="/root/syz-executor" sig=9 arch=c000003e syscall=231 compat=0 ip=0x7fd9d518e929 code=0x0
[  359.815495][ T5958] usb 2-1: new full-speed USB device number 14 using dummy_hcd
[  359.835285][ T5957] usb 3-1: new high-speed USB device number 32 using dummy_hcd
[  359.977732][ T5957] usb 3-1: device descriptor read/64, error -71
[  360.013573][ T5958] usb 2-1: config 1 interface 0 altsetting 211 endpoint 0x81 has invalid maxpacket 1024, setting to 64
[  360.064715][ T5958] usb 2-1: config 1 interface 0 has no altsetting 0
[  360.092452][ T5958] usb 2-1: New USB device found, idVendor=05ac, idProduct=0250, bcdDevice= 0.40
[  360.155654][ T5957] usb usb3-port1: attempt power cycle
[  360.199990][ T5958] usb 2-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  360.218828][ T5958] usb 2-1: Product: syz
[  360.218851][ T5958] usb 2-1: Manufacturer: 䂡硹댓硒᪸⓵墘
[  360.262533][ T5958] usb 2-1: SerialNumber: syz
[  360.269754][ T9041] raw-gadget.1 gadget.1: fail, usb_ep_enable returned -22
[  360.565201][ T5957] usb 3-1: new high-speed USB device number 33 using dummy_hcd
[  360.645583][ T5957] usb 3-1: device descriptor read/8, error -71
[  360.911379][ T5957] usb 3-1: new high-speed USB device number 34 using dummy_hcd
[  360.967703][ T5957] usb 3-1: device descriptor read/8, error -71
[  361.111338][ T5957] usb usb3-port1: unable to enumerate USB device
[  361.500718][ T9065] 9pnet: Unknown protocol version 9p20\++}
[  361.511437][ T9065] 9pnet: Unknown protocol version 9p20\++}
[  362.905357][ T5958] usbhid 2-1:1.0: can't add hid device: -71
[  362.928094][ T5958] usbhid 2-1:1.0: probe with driver usbhid failed with error -71
[  362.974515][ T5958] usb 2-1: USB disconnect, device number 14
[  363.820086][ T9102] netlink: 36 bytes leftover after parsing attributes in process `syz.1.849'.
[  365.195864][   T96] block nbd5: Possible stuck request ffff88802590e000: control (read@0,1024B). Runtime 150 seconds
[  365.207009][   T96] block nbd5: Possible stuck request ffff88802590e1c0: control (read@1024,1024B). Runtime 150 seconds
[  365.220167][   T96] block nbd5: Possible stuck request ffff88802590e380: control (read@2048,1024B). Runtime 150 seconds
[  365.232359][   T96] block nbd5: Possible stuck request ffff88802590e540: control (read@3072,1024B). Runtime 150 seconds
[  366.531986][   T30] audit: type=1326 audit(1752644401.775:45): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=9134 comm="syz.1.858" exe="/root/syz-executor" sig=9 arch=c000003e syscall=231 compat=0 ip=0x7f99add8e929 code=0x0
[  366.552727][    C1] vkms_vblank_simulate: vblank timer overrun
[  368.672897][ T9157] ubi: mtd0 is already attached to ubi31
[  368.863787][   T30] audit: type=1326 audit(1752644404.105:46): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=9151 comm="syz.2.861" exe="/root/syz-executor" sig=9 arch=c000003e syscall=231 compat=0 ip=0x7f82b6d8e929 code=0x0
[  368.884575][    C1] vkms_vblank_simulate: vblank timer overrun
[  371.846671][ T9186] iommufd_mock iommufd_mock0: Adding to iommu group 0
[  372.482246][ T9194] tmpfs: Bad value for 'mpol'
[  372.533177][ T9196] netlink: 8 bytes leftover after parsing attributes in process `syz.0.872'.
[  373.498616][ T9207] ubi: mtd0 is already attached to ubi31
[  373.562911][ T9210] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy
[  373.601465][ T9210] misc raw-gadget: fail, usb_gadget_register_driver returned -16
[  373.689403][   T30] audit: type=1326 audit(1752644408.925:47): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=9204 comm="syz.5.876" exe="/root/syz-executor" sig=9 arch=c000003e syscall=231 compat=0 ip=0x7fd9d518e929 code=0x0
[  373.815337][    T9] usb 2-1: new high-speed USB device number 15 using dummy_hcd
[  374.064490][ T9217] iommufd_mock iommufd_mock0: Adding to iommu group 0
[  374.182894][   T96] block nbd3: Possible stuck request ffff8880257fe000: control (read@0,1024B). Runtime 180 seconds
[  374.196214][   T96] block nbd3: Possible stuck request ffff8880257fe1c0: control (read@1024,1024B). Runtime 180 seconds
[  374.207293][   T96] block nbd3: Possible stuck request ffff8880257fe380: control (read@2048,1024B). Runtime 180 seconds
[  374.218979][   T96] block nbd3: Possible stuck request ffff8880257fe540: control (read@3072,1024B). Runtime 180 seconds
[  374.325267][    T9] usb 2-1: Using ep0 maxpacket: 8
[  374.363857][    T9] usb 2-1: config 0 has an invalid interface number: 122 but max is 0
[  374.405139][    T9] usb 2-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config
[  374.432744][    T9] usb 2-1: config 0 has no interface number 0
[  374.446459][    T9] usb 2-1: config 0 interface 122 altsetting 0 endpoint 0xA has invalid maxpacket 512, setting to 64
[  374.639880][    T9] usb 2-1: config 0 interface 122 altsetting 0 endpoint 0x8 has invalid wMaxPacketSize 0
[  374.650445][    T9] usb 2-1: config 0 interface 122 altsetting 0 bulk endpoint 0x8 has invalid maxpacket 0
[  374.660475][    T9] usb 2-1: config 0 interface 122 altsetting 0 has 3 endpoint descriptors, different from the interface descriptor's value: 8
[  374.688960][    T9] usb 2-1: New USB device found, idVendor=1286, idProduct=2046, bcdDevice= 5.b7
[  374.827505][    T9] usb 2-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  375.022773][    T9] usb 2-1: Product: syz
[  375.121624][    T9] usb 2-1: Manufacturer: syz
[  375.231851][    T9] usb 2-1: SerialNumber: syz
[  375.376199][    T9] usb 2-1: config 0 descriptor??
[  375.952733][    T9] usb 2-1: NFC: intf ffff8880226fa000 id ffffffff8eb411e0
[  375.995447][    T9] usb 2-1: USB disconnect, device number 15
[  377.153379][   T24] usb 2-1: new high-speed USB device number 16 using dummy_hcd
[  378.418080][ T9263] iommufd_mock iommufd_mock0: Adding to iommu group 0
[  378.661462][ T1302] ieee802154 phy0 wpan0: encryption failed: -22
[  378.699878][ T1302] ieee802154 phy1 wpan1: encryption failed: -22
[  378.980943][ T9272] ubi: mtd0 is already attached to ubi31
[  379.301758][   T30] audit: type=1326 audit(1752644414.545:48): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=9265 comm="syz.1.892" exe="/root/syz-executor" sig=9 arch=c000003e syscall=231 compat=0 ip=0x7f99add8e929 code=0x0
[  382.114397][ T9318] iommufd_mock iommufd_mock0: Adding to iommu group 0
[  382.477319][   T96] block nbd1: Possible stuck request ffff88802576e000: control (read@0,1024B). Runtime 240 seconds
[  382.489508][   T96] block nbd1: Possible stuck request ffff88802576e1c0: control (read@1024,1024B). Runtime 240 seconds
[  382.501142][   T96] block nbd1: Possible stuck request ffff88802576e380: control (read@2048,1024B). Runtime 240 seconds
[  382.513772][   T96] block nbd1: Possible stuck request ffff88802576e540: control (read@3072,1024B). Runtime 240 seconds
[  384.752020][ T9352] ubi: mtd0 is already attached to ubi31
[  384.909087][   T30] audit: type=1326 audit(1752644420.155:49): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=9344 comm="syz.3.911" exe="/root/syz-executor" sig=9 arch=c000003e syscall=231 compat=0 ip=0x7f99f5b8e929 code=0x0
[  385.209238][ T9367] bridge0: received packet on syz_tun with own address as source address (addr:aa:aa:aa:aa:aa:aa, vlan:0)
[  385.244630][ T9366] nbd: must specify at least one socket
[  385.505190][ T5957] usb 3-1: new high-speed USB device number 35 using dummy_hcd
[  385.600234][ T5912] hid-generic 0003:0004:0000.000B: unknown main item tag 0x0
[  385.611848][ T5912] hid-generic 0003:0004:0000.000B: unknown main item tag 0x0
[  385.619711][ T5912] hid-generic 0003:0004:0000.000B: unknown main item tag 0x0
[  385.647742][ T5912] hid-generic 0003:0004:0000.000B: hidraw0: USB HID v0.00 Device [syz0] on syz1
[  385.675350][ T5957] usb 3-1: device descriptor read/64, error -71
[  385.967954][ T5957] usb 3-1: new high-speed USB device number 36 using dummy_hcd
[  386.420565][ T5957] usb 3-1: device descriptor read/64, error -71
[  387.118373][ T5957] usb usb3-port1: attempt power cycle
[  387.439838][ T9392] Bluetooth: hci0: Opcode 0x0c1a failed: -4
[  387.450590][ T9392] Bluetooth: hci3: Opcode 0x0c1a failed: -4
[  387.462825][ T9392] Bluetooth: hci4: Opcode 0x0c1a failed: -4
[  387.473112][ T9392] Bluetooth: hci1: Opcode 0x0c1a failed: -4
[  387.675810][ T9406] netlink: 132 bytes leftover after parsing attributes in process `syz.5.926'.
[  388.022572][   T30] audit: type=1326 audit(1752644423.265:50): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=9412 comm="syz.5.928" exe="/root/syz-executor" sig=9 arch=c000003e syscall=231 compat=0 ip=0x7fd9d518e929 code=0x0
[  388.349772][ T9427] netlink: 36 bytes leftover after parsing attributes in process `syz.0.930'.
[  388.867103][ T9434] nbd: must specify at least one socket
[  389.618167][   T50] Bluetooth: hci0: command 0x0c1a tx timeout
[  389.624510][ T5841] Bluetooth: hci1: command 0x0c1a tx timeout
[  389.631052][ T5841] Bluetooth: hci4: command 0x0c1a tx timeout
[  389.634943][ T5848] Bluetooth: hci3: command 0x0c1a tx timeout
[  390.768572][ T5957] hid-generic 0003:0004:0000.000C: unknown main item tag 0x0
[  390.854074][ T5957] hid-generic 0003:0004:0000.000C: unknown main item tag 0x0
[  390.906467][ T5957] hid-generic 0003:0004:0000.000C: unknown main item tag 0x0
[  390.949430][ T5957] hid-generic 0003:0004:0000.000C: hidraw0: USB HID v0.00 Device [syz0] on syz1
[  393.074501][ T9474] nbd: must specify at least one socket
[  394.370307][ T9493] ubi: mtd0 is already attached to ubi31
[  395.017787][   T30] audit: type=1326 audit(1752644430.255:51): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=9486 comm="syz.5.947" exe="/root/syz-executor" sig=9 arch=c000003e syscall=231 compat=0 ip=0x7fd9d518e929 code=0x0
[  395.276811][   T96] block nbd5: Possible stuck request ffff88802590e000: control (read@0,1024B). Runtime 180 seconds
[  395.288536][   T96] block nbd5: Possible stuck request ffff88802590e1c0: control (read@1024,1024B). Runtime 180 seconds
[  395.299909][   T96] block nbd5: Possible stuck request ffff88802590e380: control (read@2048,1024B). Runtime 180 seconds
[  395.310942][   T96] block nbd5: Possible stuck request ffff88802590e540: control (read@3072,1024B). Runtime 180 seconds
[  395.627481][ T1225] hid-generic 0003:0004:0000.000D: unknown main item tag 0x0
[  395.639999][ T1225] hid-generic 0003:0004:0000.000D: unknown main item tag 0x0
[  395.647774][ T1225] hid-generic 0003:0004:0000.000D: unknown main item tag 0x0
[  395.762184][ T1225] hid-generic 0003:0004:0000.000D: hidraw0: USB HID v0.00 Device [syz0] on syz1
[  397.872356][ T9545] netlink: 36 bytes leftover after parsing attributes in process `syz.0.962'.
[  398.259090][ T9562] ubi: mtd0 is already attached to ubi31
[  398.452141][   T30] audit: type=1326 audit(1752644433.695:52): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=9551 comm="syz.1.965" exe="/root/syz-executor" sig=9 arch=c000003e syscall=231 compat=0 ip=0x7f99add8e929 code=0x0
[  398.804192][ T5912] hid-generic 0003:0004:0000.000E: unknown main item tag 0x0
[  398.935008][ T5912] hid-generic 0003:0004:0000.000E: unknown main item tag 0x0
[  398.972733][ T5912] hid-generic 0003:0004:0000.000E: unknown main item tag 0x0
[  399.295571][ T5912] hid-generic 0003:0004:0000.000E: hidraw0: USB HID v0.00 Device [syz0] on syz1
[  400.419731][ T1225] usb 2-1: new high-speed USB device number 17 using dummy_hcd
[  400.585295][ T1225] usb 2-1: Using ep0 maxpacket: 32
[  401.194962][ T1225] usb 2-1: config 0 has an invalid interface number: 12 but max is 0
[  401.210847][ T1225] usb 2-1: config 0 has no interface number 0
[  401.228900][ T1225] usb 2-1: config 0 interface 12 has no altsetting 0
[  401.711566][ T1225] usb 2-1: New USB device found, idVendor=2c42, idProduct=1202, bcdDevice=85.40
[  401.722977][ T1225] usb 2-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  401.776642][ T1225] usb 2-1: Product: syz
[  401.784828][ T9606] Unsupported ieee802154 address type: 0
[  401.819979][ T1225] usb 2-1: Manufacturer: syz
[  401.824633][ T1225] usb 2-1: SerialNumber: syz
[  401.837161][ T1225] usb 2-1: config 0 descriptor??
[  401.897393][ T9610] netlink: 36 bytes leftover after parsing attributes in process `syz.3.981'.
[  402.005566][    T9] usb 6-1: new high-speed USB device number 9 using dummy_hcd
[  402.139674][ T5912] hid-generic 0003:0004:0000.000F: unknown main item tag 0x0
[  402.148825][ T5912] hid-generic 0003:0004:0000.000F: unknown main item tag 0x0
[  402.156330][ T5912] hid-generic 0003:0004:0000.000F: unknown main item tag 0x0
[  402.166591][ T5912] hid-generic 0003:0004:0000.000F: hidraw0: USB HID v0.00 Device [syz0] on syz1
[  402.177623][ T9617] ubi: mtd0 is already attached to ubi31
[  402.185720][    T9] usb 6-1: config 0 interface 0 altsetting 0 endpoint 0x82 has an invalid bInterval 0, changing to 7
[  402.213919][    T9] usb 6-1: config 0 interface 0 altsetting 0 endpoint 0x82 has invalid maxpacket 50628, setting to 1024
[  402.225447][    T9] usb 6-1: New USB device found, idVendor=0cf3, idProduct=9374, bcdDevice=bc.3b
[  402.234881][    T9] usb 6-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  402.246808][    T9] usb 6-1: config 0 descriptor??
[  402.295627][   T30] audit: type=1326 audit(1752644437.545:53): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=9613 comm="syz.0.983" exe="/root/syz-executor" sig=9 arch=c000003e syscall=231 compat=0 ip=0x7ff95978e929 code=0x0
[  402.316397][    C1] vkms_vblank_simulate: vblank timer overrun
[  402.589613][    T9] ath6kl: Failed to submit usb control message: -71
[  402.597424][    T9] ath6kl: unable to send the bmi data to the device: -71
[  402.604586][    T9] ath6kl: Unable to send get target info: -71
[  402.618602][    T9] ath6kl: Failed to init ath6kl core: -71
[  402.633166][    T9] ath6kl_usb 6-1:0.0: probe with driver ath6kl_usb failed with error -71
[  402.644919][    T9] usb 6-1: USB disconnect, device number 9
[  402.979419][ T1225] f81534 2-1:0.12: f81534_get_register: reg: 1003 failed: -71
[  403.005240][ T1225] f81534 2-1:0.12: f81534_find_config_idx: read failed: -71
[  403.013520][ T1225] f81534 2-1:0.12: f81534_calc_num_ports: find idx failed: -71
[  403.023697][ T1225] f81534 2-1:0.12: probe with driver f81534 failed with error -71
[  403.573808][ T1225] usb 2-1: USB disconnect, device number 17
[  404.378590][   T96] block nbd3: Possible stuck request ffff8880257fe000: control (read@0,1024B). Runtime 210 seconds
[  404.389446][   T96] block nbd3: Possible stuck request ffff8880257fe1c0: control (read@1024,1024B). Runtime 210 seconds
[  404.401126][   T96] block nbd3: Possible stuck request ffff8880257fe380: control (read@2048,1024B). Runtime 210 seconds
[  404.412697][   T96] block nbd3: Possible stuck request ffff8880257fe540: control (read@3072,1024B). Runtime 210 seconds
[  410.435773][ T9695] nbd8: detected capacity change from 0 to 127
[  410.869768][ T5848] block nbd8: Receive control failed (result -32)
[  411.346472][ T9706] netlink: 24 bytes leftover after parsing attributes in process `syz.5.1009'.
[  412.651545][   T96] block nbd1: Possible stuck request ffff88802576e000: control (read@0,1024B). Runtime 270 seconds
[  412.695464][   T96] block nbd1: Possible stuck request ffff88802576e1c0: control (read@1024,1024B). Runtime 270 seconds
[  412.707168][   T96] block nbd1: Possible stuck request ffff88802576e380: control (read@2048,1024B). Runtime 270 seconds
[  412.718455][   T96] block nbd1: Possible stuck request ffff88802576e540: control (read@3072,1024B). Runtime 270 seconds
[  413.604508][ T9725] binder: 9724:9725 ioctl 4018620d 0 returned -22
[  413.647591][ T9735] ubi: mtd0 is already attached to ubi31
[  413.666075][ T9725] binder: 9724:9725 ioctl c0306201 0 returned -14
[  413.804413][   T30] audit: type=1326 audit(1752644449.045:54): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=9726 comm="syz.3.1015" exe="/root/syz-executor" sig=9 arch=c000003e syscall=231 compat=0 ip=0x7f99f5b8e929 code=0x0
[  416.742875][ T9770] 9pnet_fd: Insufficient options for proto=fd
[  416.926350][ T9773] netlink: 'syz.0.1028': attribute type 1 has an invalid length.
[  417.370740][   T30] audit: type=1326 audit(1752644452.575:55): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=9790 comm="syz.5.1035" exe="/root/syz-executor" sig=9 arch=c000003e syscall=231 compat=0 ip=0x7fd9d518e929 code=0x0
[  419.123811][ T9811] ubi: mtd0 is already attached to ubi31
[  419.766463][   T30] audit: type=1326 audit(1752644455.015:56): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=9800 comm="syz.2.1037" exe="/root/syz-executor" sig=9 arch=c000003e syscall=231 compat=0 ip=0x7f82b6d8e929 code=0x0
[  421.999962][ T9853] netlink: 'syz.5.1048': attribute type 4 has an invalid length.
[  422.794772][ T9829] sctp: [Deprecated]: syz.3.1042 (pid 9829) Use of int in max_burst socket option.
[  422.794772][ T9829] Use struct sctp_assoc_value instead
[  425.420027][   T96] block nbd5: Possible stuck request ffff88802590e000: control (read@0,1024B). Runtime 210 seconds
[  425.431536][   T96] block nbd5: Possible stuck request ffff88802590e1c0: control (read@1024,1024B). Runtime 210 seconds
[  425.443514][   T96] block nbd5: Possible stuck request ffff88802590e380: control (read@2048,1024B). Runtime 210 seconds
[  425.455029][   T96] block nbd5: Possible stuck request ffff88802590e540: control (read@3072,1024B). Runtime 210 seconds
[  427.136730][ T9890] iommufd_mock iommufd_mock0: Adding to iommu group 0
[  430.071023][ T9940] netlink: del zone limit has 4 unknown bytes
[  433.891717][ T5957] usb 4-1: new full-speed USB device number 16 using dummy_hcd
[  434.047922][ T5957] usb 4-1: config 1 has an invalid descriptor of length 150, skipping remainder of the config
[  434.058999][ T5957] usb 4-1: config 1 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 10
[  434.572081][ T5957] usb 4-1: config 1 interface 1 altsetting 1 endpoint 0x82 has invalid maxpacket 60156, setting to 64
[  434.620459][ T5957] usb 4-1: config 1 interface 1 altsetting 1 has 1 endpoint descriptor, different from the interface descriptor's value: 2
[  434.932086][ T5957] usb 4-1: New USB device found, idVendor=0525, idProduct=a4a1, bcdDevice= 0.40
[  435.307564][ T5957] usb 4-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  435.315721][ T5957] usb 4-1: Product: syz
[  435.320072][ T5957] usb 4-1: Manufacturer: syz
[  435.320144][   T96] block nbd3: Possible stuck request ffff8880257fe000: control (read@0,1024B). Runtime 240 seconds
[  435.326212][ T5957] usb 4-1: SerialNumber: syz
[  435.337370][   T96] block nbd3: Possible stuck request ffff8880257fe1c0: control (read@1024,1024B). Runtime 240 seconds
[  435.356287][   T96] block nbd3: Possible stuck request ffff8880257fe380: control (read@2048,1024B). Runtime 240 seconds
[  435.368210][   T96] block nbd3: Possible stuck request ffff8880257fe540: control (read@3072,1024B). Runtime 240 seconds
[  436.648991][ T5957] cdc_ncm 4-1:1.0: failed GET_NTB_PARAMETERS
[  436.675438][ T5957] cdc_ncm 4-1:1.0: bind() failure
[  436.701819][ T5957] cdc_ncm 4-1:1.1: CDC Union missing and no IAD found
[  436.744754][ T5957] cdc_ncm 4-1:1.1: bind() failure
[  436.928930][   T30] audit: type=1804 audit(1752644472.175:57): pid=10060 uid=0 auid=4294967295 ses=4294967295 subj=_ op=invalid_pcr cause=open_writers comm="syz.0.1104" name="/newroot/262/file0" dev="tmpfs" ino=1389 res=1 errno=0
[  436.963766][T10060] ref_ctr going negative. vaddr: 0x200000ffc002, curr val: -29824, delta: 1
[  436.973278][T10060] ref_ctr increment failed for inode: 0x56d offset: 0x7 ref_ctr_offset: 0x2 of mm: 0xffff88801a471e00
[  438.186776][ T5840] usb 4-1: USB disconnect, device number 16
[  440.248381][ T1302] ieee802154 phy0 wpan0: encryption failed: -22
[  440.254807][ T1302] ieee802154 phy1 wpan1: encryption failed: -22
[  441.008901][T10086] netlink: 'syz.1.1112': attribute type 9 has an invalid length.
[  441.164715][T10084] iommufd_mock iommufd_mock0: Adding to iommu group 0
[  441.527938][T10092] ptrace attach of "./syz-executor exec"[10093] was attempted by "./syz-executor exec"[10092]
[  442.065600][ T1225] usb 2-1: new high-speed USB device number 18 using dummy_hcd
[  442.318622][ T1225] usb 2-1: New USB device found, idVendor=1a86, idProduct=7522, bcdDevice=35.36
[  442.661231][ T1225] usb 2-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  442.796034][ T1225] usb 2-1: Product: syz
[  442.852743][ T1225] usb 2-1: Manufacturer: syz
[  442.919369][ T1225] usb 2-1: SerialNumber: syz
[  443.043881][ T1225] usb 2-1: config 0 descriptor??
[  443.068438][ T1225] ch341 2-1:0.0: ch341-uart converter detected
[  443.275988][   T96] block nbd1: Possible stuck request ffff88802576e000: control (read@0,1024B). Runtime 300 seconds
[  443.287180][   T96] block nbd1: Possible stuck request ffff88802576e1c0: control (read@1024,1024B). Runtime 300 seconds
[  443.298313][   T96] block nbd1: Possible stuck request ffff88802576e380: control (read@2048,1024B). Runtime 300 seconds
[  443.309362][   T96] block nbd1: Possible stuck request ffff88802576e540: control (read@3072,1024B). Runtime 300 seconds
[  444.397468][T10119] netlink: 36 bytes leftover after parsing attributes in process `syz.3.1118'.
[  444.484587][T10119] netlink: 4 bytes leftover after parsing attributes in process `syz.3.1118'.
[  444.494956][T10119] batman_adv: batadv0: Interface deactivated: batadv_slave_1
[  444.759886][T10091] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy
[  444.796172][T10091] misc raw-gadget: fail, usb_gadget_register_driver returned -16
[  444.851126][T10119] batman_adv: batadv0: Removing interface: batadv_slave_1
[  446.040868][T10130] netlink: 60 bytes leftover after parsing attributes in process `syz.2.1123'.
[  446.076715][ T1225] ch341-uart ttyUSB0: failed to read break control: -110
[  446.084210][ T1225] ch341-uart ttyUSB0: probe with driver ch341-uart failed with error -110
[  446.314692][T10142] iommufd_mock iommufd_mock0: Adding to iommu group 0
[  447.244093][ T5913] usb 2-1: USB disconnect, device number 18
[  447.268944][ T5913] ch341 2-1:0.0: device disconnected
[  450.321944][T10167] FAULT_INJECTION: forcing a failure.
[  450.321944][T10167] name fail_usercopy, interval 1, probability 0, space 0, times 0
[  450.345384][T10167] CPU: 1 UID: 0 PID: 10167 Comm: syz.2.1136 Not tainted 6.16.0-rc6-syzkaller-00002-g155a3c003e55 #0 PREEMPT(full) 
[  450.345403][T10167] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025
[  450.345413][T10167] Call Trace:
[  450.345421][T10167]  <TASK>
[  450.345427][T10167]  dump_stack_lvl+0x189/0x250
[  450.345443][T10167]  ? __pfx____ratelimit+0x10/0x10
[  450.345458][T10167]  ? __pfx_dump_stack_lvl+0x10/0x10
[  450.345468][T10167]  ? __pfx__printk+0x10/0x10
[  450.345480][T10167]  ? __might_fault+0xb0/0x130
[  450.345499][T10167]  should_fail_ex+0x414/0x560
[  450.345516][T10167]  _copy_from_user+0x2d/0xb0
[  450.345528][T10167]  ___sys_sendmsg+0x158/0x2a0
[  450.345542][T10167]  ? __pfx____sys_sendmsg+0x10/0x10
[  450.345572][T10167]  ? __fget_files+0x2a/0x420
[  450.345581][T10167]  ? __fget_files+0x3a0/0x420
[  450.345595][T10167]  __x64_sys_sendmsg+0x19b/0x260
[  450.345608][T10167]  ? __pfx___x64_sys_sendmsg+0x10/0x10
[  450.345624][T10167]  ? __pfx_ksys_write+0x10/0x10
[  450.345635][T10167]  ? rcu_is_watching+0x15/0xb0
[  450.345649][T10167]  ? do_syscall_64+0xbe/0x3b0
[  450.345660][T10167]  do_syscall_64+0xfa/0x3b0
[  450.345668][T10167]  ? lockdep_hardirqs_on+0x9c/0x150
[  450.345681][T10167]  ? entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  450.345691][T10167]  ? clear_bhb_loop+0x60/0xb0
[  450.345702][T10167]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  450.345711][T10167] RIP: 0033:0x7f82b6d8e929
[  450.345721][T10167] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[  450.345730][T10167] RSP: 002b:00007f82b7c1c038 EFLAGS: 00000246 ORIG_RAX: 000000000000002e
[  450.345742][T10167] RAX: ffffffffffffffda RBX: 00007f82b6fb5fa0 RCX: 00007f82b6d8e929
[  450.345749][T10167] RDX: 0000000000000000 RSI: 0000200000000080 RDI: 0000000000000003
[  450.345755][T10167] RBP: 00007f82b7c1c090 R08: 0000000000000000 R09: 0000000000000000
[  450.345761][T10167] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[  450.345767][T10167] R13: 0000000000000000 R14: 00007f82b6fb5fa0 R15: 00007ffed7c440f8
[  450.345782][T10167]  </TASK>
[  451.230977][ T5913] usb 2-1: new high-speed USB device number 19 using dummy_hcd
[  451.332244][T10174] netlink: 36 bytes leftover after parsing attributes in process `syz.2.1138'.
[  451.409458][ T5913] usb 2-1: config 0 interface 0 altsetting 251 endpoint 0x9 has invalid wMaxPacketSize 0
[  451.425147][ T5913] usb 2-1: config 0 interface 0 has no altsetting 0
[  451.438316][ T5913] usb 2-1: New USB device found, idVendor=045e, idProduct=0283, bcdDevice=99.0b
[  451.448184][ T5913] usb 2-1: New USB device strings: Mfr=1, Product=228, SerialNumber=2
[  451.472118][ T5913] usb 2-1: Product: syz
[  451.485302][ T5913] usb 2-1: Manufacturer: syz
[  451.498127][ T5913] usb 2-1: SerialNumber: syz
[  451.516684][ T5913] usb 2-1: config 0 descriptor??
[  452.392196][ T5913] usb 2-1: selecting invalid altsetting 0
[  453.050199][T10194] iommufd_mock iommufd_mock0: Adding to iommu group 0
[  453.661109][T10200] netlink: 'syz.2.1143': attribute type 7 has an invalid length.
[  453.715895][T10201] bridge0: received packet on syz_tun with own address as source address (addr:aa:aa:aa:aa:aa:aa, vlan:0)
[  453.808241][T10200] : entered promiscuous mode
[  454.202182][ T5913] usb 2-1: USB disconnect, device number 19
[  454.499136][T10206] FAULT_INJECTION: forcing a failure.
[  454.499136][T10206] name fail_usercopy, interval 1, probability 0, space 0, times 0
[  454.544202][T10206] CPU: 1 UID: 0 PID: 10206 Comm: syz.1.1146 Not tainted 6.16.0-rc6-syzkaller-00002-g155a3c003e55 #0 PREEMPT(full) 
[  454.544230][T10206] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025
[  454.544241][T10206] Call Trace:
[  454.544248][T10206]  <TASK>
[  454.544257][T10206]  dump_stack_lvl+0x189/0x250
[  454.544282][T10206]  ? __pfx____ratelimit+0x10/0x10
[  454.544308][T10206]  ? __pfx_dump_stack_lvl+0x10/0x10
[  454.544326][T10206]  ? __pfx__printk+0x10/0x10
[  454.544349][T10206]  ? __might_fault+0xb0/0x130
[  454.544383][T10206]  should_fail_ex+0x414/0x560
[  454.544412][T10206]  _copy_from_user+0x2d/0xb0
[  454.544432][T10206]  ___sys_sendmsg+0x158/0x2a0
[  454.544457][T10206]  ? __pfx____sys_sendmsg+0x10/0x10
[  454.544516][T10206]  ? __fget_files+0x2a/0x420
[  454.544531][T10206]  ? __fget_files+0x3a0/0x420
[  454.544558][T10206]  __x64_sys_sendmsg+0x19b/0x260
[  454.544582][T10206]  ? __pfx___x64_sys_sendmsg+0x10/0x10
[  454.544638][T10206]  ? __pfx_ksys_write+0x10/0x10
[  454.544658][T10206]  ? rcu_is_watching+0x15/0xb0
[  454.544682][T10206]  ? do_syscall_64+0xbe/0x3b0
[  454.544703][T10206]  do_syscall_64+0xfa/0x3b0
[  454.544718][T10206]  ? lockdep_hardirqs_on+0x9c/0x150
[  454.544742][T10206]  ? entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  454.544759][T10206]  ? clear_bhb_loop+0x60/0xb0
[  454.544780][T10206]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  454.544797][T10206] RIP: 0033:0x7f99add8e929
[  454.544813][T10206] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[  454.544827][T10206] RSP: 002b:00007f99aec1e038 EFLAGS: 00000246 ORIG_RAX: 000000000000002e
[  454.544853][T10206] RAX: ffffffffffffffda RBX: 00007f99adfb5fa0 RCX: 00007f99add8e929
[  454.544866][T10206] RDX: 0000000000000000 RSI: 0000200000000440 RDI: 0000000000000003
[  454.544877][T10206] RBP: 00007f99aec1e090 R08: 0000000000000000 R09: 0000000000000000
[  454.544888][T10206] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[  454.544899][T10206] R13: 0000000000000000 R14: 00007f99adfb5fa0 R15: 00007ffc17832ec8
[  454.544928][T10206]  </TASK>
[  455.498958][   T96] block nbd5: Possible stuck request ffff88802590e000: control (read@0,1024B). Runtime 240 seconds
[  455.515688][   T96] block nbd5: Possible stuck request ffff88802590e1c0: control (read@1024,1024B). Runtime 240 seconds
[  455.533101][   T96] block nbd5: Possible stuck request ffff88802590e380: control (read@2048,1024B). Runtime 240 seconds
[  456.054481][   T96] block nbd5: Possible stuck request ffff88802590e540: control (read@3072,1024B). Runtime 240 seconds
[  456.249987][T10232] netlink: 36 bytes leftover after parsing attributes in process `syz.1.1153'.
[  456.361960][T10233] netlink: 24 bytes leftover after parsing attributes in process `syz.3.1154'.
[  457.233060][T10249] FAULT_INJECTION: forcing a failure.
[  457.233060][T10249] name failslab, interval 1, probability 0, space 0, times 0
[  457.365712][T10249] CPU: 1 UID: 0 PID: 10249 Comm: syz.1.1157 Not tainted 6.16.0-rc6-syzkaller-00002-g155a3c003e55 #0 PREEMPT(full) 
[  457.365731][T10249] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025
[  457.365738][T10249] Call Trace:
[  457.365743][T10249]  <TASK>
[  457.365748][T10249]  dump_stack_lvl+0x189/0x250
[  457.365763][T10249]  ? __pfx____ratelimit+0x10/0x10
[  457.365778][T10249]  ? __pfx_dump_stack_lvl+0x10/0x10
[  457.365789][T10249]  ? __pfx__printk+0x10/0x10
[  457.365802][T10249]  ? __pfx___might_resched+0x10/0x10
[  457.365813][T10249]  ? fs_reclaim_acquire+0x7d/0x100
[  457.365826][T10249]  should_fail_ex+0x414/0x560
[  457.365843][T10249]  should_failslab+0xa8/0x100
[  457.365858][T10249]  __kmalloc_node_track_caller_noprof+0xcc/0x4e0
[  457.365872][T10249]  ? resume_store+0x148/0x460
[  457.365887][T10249]  kstrndup+0x80/0x160
[  457.365899][T10249]  resume_store+0x148/0x460
[  457.365910][T10249]  ? sysfs_file_kobj+0x1a/0x230
[  457.365925][T10249]  ? __pfx_resume_store+0x10/0x10
[  457.365956][T10249]  ? sysfs_file_kobj+0x1a/0x230
[  457.365969][T10249]  ? sysfs_file_kobj+0x1a/0x230
[  457.365980][T10249]  ? sysfs_file_kobj+0x1a/0x230
[  457.365992][T10249]  ? sysfs_file_kobj+0x1e4/0x230
[  457.366005][T10249]  ? sysfs_kf_write+0x166/0x260
[  457.366020][T10249]  ? __pfx_sysfs_kf_write+0x10/0x10
[  457.366032][T10249]  kernfs_fop_write_iter+0x378/0x4f0
[  457.366048][T10249]  vfs_write+0x54b/0xa90
[  457.366064][T10249]  ? __pfx_kernfs_fop_write_iter+0x10/0x10
[  457.366077][T10249]  ? __pfx_vfs_write+0x10/0x10
[  457.366101][T10249]  ? __fget_files+0x2a/0x420
[  457.366115][T10249]  ksys_write+0x145/0x250
[  457.366129][T10249]  ? __pfx_ksys_write+0x10/0x10
[  457.366144][T10249]  ? do_syscall_64+0xbe/0x3b0
[  457.366156][T10249]  do_syscall_64+0xfa/0x3b0
[  457.366166][T10249]  ? entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  457.366176][T10249]  ? asm_sysvec_apic_timer_interrupt+0x1a/0x20
[  457.366185][T10249]  ? clear_bhb_loop+0x60/0xb0
[  457.366196][T10249]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  457.366206][T10249] RIP: 0033:0x7f99add8e929
[  457.366215][T10249] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[  457.366223][T10249] RSP: 002b:00007f99aec1e038 EFLAGS: 00000246 ORIG_RAX: 0000000000000001
[  457.366235][T10249] RAX: ffffffffffffffda RBX: 00007f99adfb5fa0 RCX: 00007f99add8e929
[  457.366242][T10249] RDX: 0000000000000012 RSI: 0000200000000040 RDI: 0000000000000006
[  457.366248][T10249] RBP: 00007f99aec1e090 R08: 0000000000000000 R09: 0000000000000000
[  457.366254][T10249] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[  457.366260][T10249] R13: 0000000000000000 R14: 00007f99adfb5fa0 R15: 00007ffc17832ec8
[  457.366276][T10249]  </TASK>
[  457.732948][T10252] 8021q: VLANs not supported on ipvlan1
[  458.571022][T10261] netlink: 64 bytes leftover after parsing attributes in process `syz.1.1163'.
[  458.587230][T10262] netlink: 64 bytes leftover after parsing attributes in process `syz.2.1162'.
[  458.602558][T10260] FAULT_INJECTION: forcing a failure.
[  458.602558][T10260] name fail_usercopy, interval 1, probability 0, space 0, times 0
[  458.615898][T10260] CPU: 1 UID: 0 PID: 10260 Comm: syz.3.1161 Not tainted 6.16.0-rc6-syzkaller-00002-g155a3c003e55 #0 PREEMPT(full) 
[  458.615914][T10260] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025
[  458.615921][T10260] Call Trace:
[  458.615926][T10260]  <TASK>
[  458.615930][T10260]  dump_stack_lvl+0x189/0x250
[  458.615946][T10260]  ? __pfx____ratelimit+0x10/0x10
[  458.615969][T10260]  ? __pfx_dump_stack_lvl+0x10/0x10
[  458.615980][T10260]  ? __pfx__printk+0x10/0x10
[  458.615991][T10260]  ? __might_fault+0xb0/0x130
[  458.616010][T10260]  should_fail_ex+0x414/0x560
[  458.616027][T10260]  _copy_from_user+0x2d/0xb0
[  458.616039][T10260]  __sys_connect+0x123/0x440
[  458.616050][T10260]  ? __fget_files+0x3a0/0x420
[  458.616059][T10260]  ? __pfx___sys_connect+0x10/0x10
[  458.616075][T10260]  ? __pfx_ksys_write+0x10/0x10
[  458.616087][T10260]  ? rcu_is_watching+0x15/0xb0
[  458.616102][T10260]  __x64_sys_connect+0x7a/0x90
[  458.616112][T10260]  do_syscall_64+0xfa/0x3b0
[  458.616121][T10260]  ? lockdep_hardirqs_on+0x9c/0x150
[  458.616134][T10260]  ? entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  458.616144][T10260]  ? clear_bhb_loop+0x60/0xb0
[  458.616155][T10260]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  458.616164][T10260] RIP: 0033:0x7f99f5b8e929
[  458.616174][T10260] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[  458.616182][T10260] RSP: 002b:00007f99f6ac7038 EFLAGS: 00000246 ORIG_RAX: 000000000000002a
[  458.616194][T10260] RAX: ffffffffffffffda RBX: 00007f99f5db5fa0 RCX: 00007f99f5b8e929
[  458.616201][T10260] RDX: 0000000000000048 RSI: 0000200000000000 RDI: 0000000000000004
[  458.616209][T10260] RBP: 00007f99f6ac7090 R08: 0000000000000000 R09: 0000000000000000
[  458.616216][T10260] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[  458.616221][T10260] R13: 0000000000000000 R14: 00007f99f5db5fa0 R15: 00007ffd9a768b88
[  458.616236][T10260]  </TASK>
[  459.435351][ T1225] usb 4-1: new high-speed USB device number 17 using dummy_hcd
[  460.036432][ T1225] usb 4-1: config 0 interface 0 altsetting 251 endpoint 0x9 has invalid wMaxPacketSize 0
[  460.175708][ T1225] usb 4-1: config 0 interface 0 has no altsetting 0
[  460.591517][ T1225] usb 4-1: New USB device found, idVendor=045e, idProduct=0283, bcdDevice=99.0b
[  460.605235][ T1225] usb 4-1: New USB device strings: Mfr=1, Product=228, SerialNumber=2
[  460.621269][ T1225] usb 4-1: Product: syz
[  460.625811][ T1225] usb 4-1: Manufacturer: syz
[  460.630953][ T1225] usb 4-1: SerialNumber: syz
[  460.638781][ T1225] usb 4-1: config 0 descriptor??
[  460.655918][ T1225] usb 4-1: selecting invalid altsetting 0
[  460.864792][T10289] ------------[ cut here ]------------
[  460.870742][T10289] WARNING: CPU: 0 PID: 10289 at ./include/linux/memcontrol.h:371 folio_memcg+0x1a8/0x310
[  460.880616][T10289] Modules linked in:
[  460.884688][T10289] CPU: 0 UID: 0 PID: 10289 Comm: syz.2.1172 Not tainted 6.16.0-rc6-syzkaller-00002-g155a3c003e55 #0 PREEMPT(full) 
[  460.896895][T10289] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025
[  460.907001][T10289] RIP: 0010:folio_memcg+0x1a8/0x310
[  460.912231][T10289] Code: 80 3c 28 00 74 08 4c 89 f7 e8 74 ca 1b 00 4d 8b 36 4c 89 f0 5b 41 5c 41 5d 41 5e 41 5f 5d e9 0f 56 65 09 cc e8 f9 74 ba ff 90 <0f> 0b 90 eb c5 44 89 e1 80 e1 07 80 c1 03 38 c1 0f 8c fe fe ff ff
[  460.932353][T10289] RSP: 0018:ffffc90003caf250 EFLAGS: 00010287
[  460.938768][T10289] RAX: ffffffff8205bd57 RBX: 0000000000000000 RCX: 0000000000080000
[  460.946782][T10289] RDX: ffffc9000c41a000 RSI: 00000000000019b0 RDI: 00000000000019b1
[  460.954746][T10289] RBP: 0000000000000000 R08: ffffea0000a4a8c7 R09: 1ffffd4000149518
[  460.962824][T10289] R10: dffffc0000000000 R11: fffff94000149519 R12: ffffea0000a4a8f0
[  460.970847][T10289] R13: dffffc0000000000 R14: ffff888075dd6000 R15: 0000000000000002
[  460.978838][T10289] FS:  00007f82b7c1c6c0(0000) GS:ffff888125c4f000(0000) knlGS:0000000000000000
[  460.987856][T10289] CS:  0010 DS: 0000 ES: 0000 CR0: 0000000080050033
[  460.994432][T10289] CR2: 0000000000000000 CR3: 000000002a158000 CR4: 00000000003526f0
[  461.002450][T10289] Call Trace:
[  461.005751][T10289]  <TASK>
[  461.008670][T10289]  workingset_activation+0x5f/0x4a0
[  461.013852][T10289]  ? folio_mark_accessed+0x2b1/0x4a0
[  461.019173][T10289]  folio_mark_accessed+0x3b5/0x4a0
[  461.024280][T10289]  kvm_release_page_clean+0x9a/0xe0
[  461.029914][T10289]  kvm_tdp_page_fault+0x2dd/0x370
[  461.034934][T10289]  kvm_mmu_do_page_fault+0x2c5/0x640
[  461.040570][T10289]  ? __pfx_kvm_mmu_do_page_fault+0x10/0x10
[  461.046436][T10289]  ? vmx_handle_exit_irqoff+0x29e/0xad0
[  461.051972][T10289]  kvm_mmu_page_fault+0x22f/0xb70
[  461.057036][T10289]  ? __pfx_handle_ept_violation+0x10/0x10
[  461.062745][T10289]  vmx_handle_exit+0x1090/0x18a0
[  461.067711][T10289]  ? vcpu_run+0x361c/0x6f70
[  461.072209][T10289]  vcpu_run+0x432e/0x6f70
[  461.076586][T10289]  ? vcpu_run+0x361c/0x6f70
[  461.081104][T10289]  ? __pfx_vcpu_run+0x10/0x10
[  461.085845][T10289]  ? kvm_arch_vcpu_ioctl_run+0x1f3/0x1940
[  461.091582][T10289]  ? rcu_is_watching+0x15/0xb0
[  461.096481][T10289]  kvm_arch_vcpu_ioctl_run+0xfc9/0x1940
[  461.102057][T10289]  ? kvm_arch_vcpu_ioctl_run+0x1f3/0x1940
[  461.107829][T10289]  ? __pfx_kvm_arch_vcpu_ioctl_run+0x10/0x10
[  461.113803][T10289]  ? rcu_is_watching+0x15/0xb0
[  461.118641][T10289]  ? look_up_lock_class+0x74/0x170
[  461.123746][T10289]  ? register_lock_class+0x51/0x320
[  461.129372][T10289]  ? __lock_acquire+0xab9/0xd20
[  461.134238][T10289]  kvm_vcpu_ioctl+0x95c/0xe90
[  461.139335][T10289]  ? __pfx_kvm_vcpu_ioctl+0x10/0x10
[  461.144540][T10289]  ? __lock_acquire+0xab9/0xd20
[  461.149437][T10289]  ? __asan_memset+0x22/0x50
[  461.154198][T10289]  ? smack_file_ioctl+0x302/0x340
[  461.159349][T10289]  ? __pfx_smack_file_ioctl+0x10/0x10
[  461.164721][T10289]  ? __fget_files+0x2a/0x420
[  461.169346][T10289]  ? __fget_files+0x3a0/0x420
[  461.174019][T10289]  ? __fget_files+0x2a/0x420
[  461.178658][T10289]  ? bpf_lsm_file_ioctl+0x9/0x20
[  461.183591][T10289]  ? __pfx_kvm_vcpu_ioctl+0x10/0x10
[  461.188867][T10289]  __se_sys_ioctl+0xfc/0x170
[  461.193455][T10289]  do_syscall_64+0xfa/0x3b0
[  461.198147][T10289]  ? lockdep_hardirqs_on+0x9c/0x150
[  461.203344][T10289]  ? entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  461.209484][T10289]  ? clear_bhb_loop+0x60/0xb0
[  461.214150][T10289]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  461.220061][T10289] RIP: 0033:0x7f82b6d8e929
[  461.224459][T10289] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[  461.244562][T10289] RSP: 002b:00007f82b7c1c038 EFLAGS: 00000246 ORIG_RAX: 0000000000000010
[  461.253292][T10289] RAX: ffffffffffffffda RBX: 00007f82b6fb5fa0 RCX: 00007f82b6d8e929
[  461.261294][T10289] RDX: 0000000000000000 RSI: 000000000000ae80 RDI: 000000000000000e
[  461.269319][T10289] RBP: 00007f82b6e10b39 R08: 0000000000000000 R09: 0000000000000000
[  461.277404][T10289] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000
[  461.285449][T10289] R13: 0000000000000000 R14: 00007f82b6fb5fa0 R15: 00007ffed7c440f8
[  461.293447][T10289]  </TASK>
[  461.296588][T10289] Kernel panic - not syncing: kernel: panic_on_warn set ...
[  461.303851][T10289] CPU: 0 UID: 0 PID: 10289 Comm: syz.2.1172 Not tainted 6.16.0-rc6-syzkaller-00002-g155a3c003e55 #0 PREEMPT(full) 
[  461.315918][T10289] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025
[  461.325960][T10289] Call Trace:
[  461.329221][T10289]  <TASK>
[  461.332136][T10289]  dump_stack_lvl+0x99/0x250
[  461.336721][T10289]  ? __asan_memcpy+0x40/0x70
[  461.341341][T10289]  ? __pfx_dump_stack_lvl+0x10/0x10
[  461.346522][T10289]  ? __pfx__printk+0x10/0x10
[  461.351133][T10289]  panic+0x2db/0x790
[  461.355015][T10289]  ? __pfx_panic+0x10/0x10
[  461.359457][T10289]  __warn+0x31b/0x4b0
[  461.363454][T10289]  ? folio_memcg+0x1a8/0x310
[  461.368035][T10289]  ? folio_memcg+0x1a8/0x310
[  461.372608][T10289]  report_bug+0x2be/0x4f0
[  461.376923][T10289]  ? folio_memcg+0x1a8/0x310
[  461.381511][T10289]  ? folio_memcg+0x1a8/0x310
[  461.386098][T10289]  ? folio_memcg+0x1aa/0x310
[  461.390677][T10289]  handle_bug+0x84/0x160
[  461.394907][T10289]  exc_invalid_op+0x1a/0x50
[  461.399403][T10289]  asm_exc_invalid_op+0x1a/0x20
[  461.404234][T10289] RIP: 0010:folio_memcg+0x1a8/0x310
[  461.409419][T10289] Code: 80 3c 28 00 74 08 4c 89 f7 e8 74 ca 1b 00 4d 8b 36 4c 89 f0 5b 41 5c 41 5d 41 5e 41 5f 5d e9 0f 56 65 09 cc e8 f9 74 ba ff 90 <0f> 0b 90 eb c5 44 89 e1 80 e1 07 80 c1 03 38 c1 0f 8c fe fe ff ff
[  461.429032][T10289] RSP: 0018:ffffc90003caf250 EFLAGS: 00010287
[  461.435092][T10289] RAX: ffffffff8205bd57 RBX: 0000000000000000 RCX: 0000000000080000
[  461.443153][T10289] RDX: ffffc9000c41a000 RSI: 00000000000019b0 RDI: 00000000000019b1
[  461.451110][T10289] RBP: 0000000000000000 R08: ffffea0000a4a8c7 R09: 1ffffd4000149518
[  461.459073][T10289] R10: dffffc0000000000 R11: fffff94000149519 R12: ffffea0000a4a8f0
[  461.467028][T10289] R13: dffffc0000000000 R14: ffff888075dd6000 R15: 0000000000000002
[  461.474986][T10289]  ? folio_memcg+0x1a7/0x310
[  461.479572][T10289]  workingset_activation+0x5f/0x4a0
[  461.484752][T10289]  ? folio_mark_accessed+0x2b1/0x4a0
[  461.490026][T10289]  folio_mark_accessed+0x3b5/0x4a0
[  461.495123][T10289]  kvm_release_page_clean+0x9a/0xe0
[  461.500303][T10289]  kvm_tdp_page_fault+0x2dd/0x370
[  461.505330][T10289]  kvm_mmu_do_page_fault+0x2c5/0x640
[  461.510639][T10289]  ? __pfx_kvm_mmu_do_page_fault+0x10/0x10
[  461.516465][T10289]  ? vmx_handle_exit_irqoff+0x29e/0xad0
[  461.521995][T10289]  kvm_mmu_page_fault+0x22f/0xb70
[  461.527008][T10289]  ? __pfx_handle_ept_violation+0x10/0x10
[  461.532723][T10289]  vmx_handle_exit+0x1090/0x18a0
[  461.537655][T10289]  ? vcpu_run+0x361c/0x6f70
[  461.542166][T10289]  vcpu_run+0x432e/0x6f70
[  461.546491][T10289]  ? vcpu_run+0x361c/0x6f70
[  461.551003][T10289]  ? __pfx_vcpu_run+0x10/0x10
[  461.555666][T10289]  ? kvm_arch_vcpu_ioctl_run+0x1f3/0x1940
[  461.561373][T10289]  ? rcu_is_watching+0x15/0xb0
[  461.566120][T10289]  kvm_arch_vcpu_ioctl_run+0xfc9/0x1940
[  461.571655][T10289]  ? kvm_arch_vcpu_ioctl_run+0x1f3/0x1940
[  461.577356][T10289]  ? __pfx_kvm_arch_vcpu_ioctl_run+0x10/0x10
[  461.583324][T10289]  ? rcu_is_watching+0x15/0xb0
[  461.588071][T10289]  ? look_up_lock_class+0x74/0x170
[  461.593165][T10289]  ? register_lock_class+0x51/0x320
[  461.598348][T10289]  ? __lock_acquire+0xab9/0xd20
[  461.603194][T10289]  kvm_vcpu_ioctl+0x95c/0xe90
[  461.607867][T10289]  ? __pfx_kvm_vcpu_ioctl+0x10/0x10
[  461.613051][T10289]  ? __lock_acquire+0xab9/0xd20
[  461.617883][T10289]  ? __asan_memset+0x22/0x50
[  461.622454][T10289]  ? smack_file_ioctl+0x302/0x340
[  461.627461][T10289]  ? __pfx_smack_file_ioctl+0x10/0x10
[  461.632820][T10289]  ? __fget_files+0x2a/0x420
[  461.637389][T10289]  ? __fget_files+0x3a0/0x420
[  461.642050][T10289]  ? __fget_files+0x2a/0x420
[  461.646639][T10289]  ? bpf_lsm_file_ioctl+0x9/0x20
[  461.651559][T10289]  ? __pfx_kvm_vcpu_ioctl+0x10/0x10
[  461.656764][T10289]  __se_sys_ioctl+0xfc/0x170
[  461.661365][T10289]  do_syscall_64+0xfa/0x3b0
[  461.665853][T10289]  ? lockdep_hardirqs_on+0x9c/0x150
[  461.671042][T10289]  ? entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  461.677088][T10289]  ? clear_bhb_loop+0x60/0xb0
[  461.681752][T10289]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  461.687625][T10289] RIP: 0033:0x7f82b6d8e929
[  461.692022][T10289] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[  461.711622][T10289] RSP: 002b:00007f82b7c1c038 EFLAGS: 00000246 ORIG_RAX: 0000000000000010
[  461.720022][T10289] RAX: ffffffffffffffda RBX: 00007f82b6fb5fa0 RCX: 00007f82b6d8e929
[  461.727981][T10289] RDX: 0000000000000000 RSI: 000000000000ae80 RDI: 000000000000000e
[  461.735936][T10289] RBP: 00007f82b6e10b39 R08: 0000000000000000 R09: 0000000000000000
[  461.743892][T10289] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000
[  461.751847][T10289] R13: 0000000000000000 R14: 00007f82b6fb5fa0 R15: 00007ffed7c440f8
[  461.759817][T10289]  </TASK>
[  461.763114][T10289] Kernel Offset: disabled
[  461.767428][T10289] Rebooting in 86400 seconds..