last executing test programs:

16.124571259s ago: executing program 3 (id=2809):
bpf$PROG_LOAD(0x5, &(0x7f0000000440)={0xd, 0x4, &(0x7f0000000280)=ANY=[@ANYBLOB="b4020000000000007b1148000000000085000000d1000000950a030000000000b88166989a2144c4935cd0a0ac5b95d50e314f5291c01024194fa3573d7c84920d37af3d720892ebc02aa51b49"], &(0x7f0000000080)='GPL\x00', 0x4, 0x16, &(0x7f000000cf3d)=""/195, 0x0, 0x0, '\x00', 0x0, @sock_ops, 0xffffffffffffffff, 0x8, &(0x7f0000000000), 0x0, 0x10, &(0x7f0000000000), 0x76}, 0x21)
syz_io_uring_complete(0x0)
bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f00000013c0)={0x18, 0x3, &(0x7f0000000500)=ANY=[], 0x0}, 0x94)
r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000180), 0x2, 0x0)
ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000200)={0x0}, 0x18)
ioctl$KVM_SET_MSRS(0xffffffffffffffff, 0x4008ae89, &(0x7f0000000080)=ANY=[@ANYBLOB="08000000000000009b000040"])
r1 = openat$vmci(0xffffffffffffff9c, &(0x7f0000000740), 0x2, 0x0)
ioctl$IOCTL_VMCI_VERSION2(r1, 0x7a7, &(0x7f0000000080)=0xb0000)
ioctl$IOCTL_VMCI_INIT_CONTEXT(r1, 0x7a0, &(0x7f0000000000)={@my=0x0})
ioctl$IOCTL_VMCI_INIT_CONTEXT(r1, 0x7a0, &(0x7f0000000040)={@local, 0x1})

15.841298879s ago: executing program 3 (id=2811):
syz_usb_connect$hid(0x0, 0x36, &(0x7f0000000000)=ANY=[@ANYBLOB="1201000000000020ac050f0222000182830109022400010100000009040000020301020009210005000122000009058103"], 0x0)
r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000100), 0x0, 0x0)
r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0)
socketpair$tipc(0x1e, 0x2, 0x0, &(0x7f0000000080)={<r2=>0xffffffffffffffff, <r3=>0xffffffffffffffff})
sendmsg$tipc(r3, &(0x7f0000000200)={0x0, 0x0, &(0x7f00000001c0)=[{&(0x7f0000000040)="fb6bba8839fe8bc048c0cdafd1f8a9918bc4055eaaeb6db4ee9bcb25b1811dbf40b3a7da5a8a64db04ed6dd26eea2e37229c339b1f91201c2796173864", 0x3d}], 0x1}, 0x0)
recvmsg(r2, &(0x7f0000000b00)={0x0, 0x0, &(0x7f0000000180)=[{&(0x7f0000000000)=""/60, 0x3c}], 0x1}, 0x40fd)
r4 = bpf$PROG_LOAD(0x5, &(0x7f0000000640)={0x11, 0xb, &(0x7f0000000380)=ANY=[@ANYBLOB="18000000000000000000000000000000180100002020702500000000002020207b1af8ff00000000bfa100000000000007010000f8ffffffb702000002000000b7030000faffffff850000002d00000095"], &(0x7f0000000040)='GPL\x00', 0x4, 0xfffffffffffffed3, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback=0x7, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f00000000c0)={&(0x7f0000000040)='kmem_cache_free\x00', r4}, 0x10)
close(r2)
r5 = openat$comedi(0xffffffffffffff9c, &(0x7f0000000080)='/dev/comedi3\x00', 0x400, 0x0)
ioctl$COMEDI_DEVCONFIG(r5, 0x40946400, 0x0)
ioctl$sock_ipv6_tunnel_SIOCCHGTUNNEL(0xffffffffffffffff, 0x89f3, &(0x7f00000001c0)={'syztnl0\x00', &(0x7f0000000240)={'syztnl2\x00', 0x0, 0x0, 0x3, 0x2, 0xff, 0x21, @empty, @dev={0xfe, 0x80, '\x00', 0x1b}, 0x40, 0x1, 0xffffffff, 0x6}})
openat$kvm(0xffffffffffffff9c, 0x0, 0x101901, 0x0)
ioctl$KVM_CAP_SPLIT_IRQCHIP(0xffffffffffffffff, 0x4068aea3, &(0x7f0000000040)={0x79, 0x0, 0x971})
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000180)=0x4)
sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
r6 = syz_open_dev$MSR(&(0x7f0000000040), 0x0, 0x0)
read$msr(r6, &(0x7f0000019680)=""/102392, 0x18ff8)
ioctl$TIOCSETD(0xffffffffffffffff, 0x5423, 0x0)
r7 = socket$inet6_tcp(0xa, 0x1, 0x0)
setsockopt$IP6T_SO_SET_REPLACE(r7, 0x29, 0x40, &(0x7f0000002080)=@raw={'raw\x00', 0x3c1, 0x3, 0x4a0, 0x2c0, 0x940c, 0x3002, 0x0, 0x2c0, 0x3f8, 0x3d8, 0x3d8, 0x3f8, 0x3d8, 0x3, 0x0, {[{{@ipv6={@ipv4={'\x00', '\xff\xff', @loopback}, @local, [0xff, 0xffffffff, 0x0, 0xff000000], [0xffffff00, 0xff000000], 'erspan0\x00', 'wlan0\x00', {}, {0xff}, 0x2b, 0x3, 0x3, 0x20}, 0x0, 0x298, 0x2c0, 0x0, {}, [@common=@inet=@recent0={{0xf8}, {0x0, 0x2, 0x1, 0x0, 'syz0\x00'}}, @common=@inet=@recent0={{0xf8}, {0x0, 0x0, 0x2, 0x0, 'syz0\x00'}}]}, @common=@inet=@TCPMSS={0x28, 'TCPMSS\x00', 0x0, {0x9}}}, {{@ipv6={@rand_addr=' \x01\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x01', @private0, [0x0, 0x0, 0xff000000, 0xff], [0xffffff00, 0xffffff00, 0xff000000, 0xffffffff], 'team_slave_1\x00', 'veth1_virt_wifi\x00', {0xff}, {}, 0x886215f4d37bb4bb, 0x90, 0x1, 0x69}, 0x0, 0xa8, 0x110}, @unspec=@CT1={0x68, 'CT\x00', 0x1, {0x0, 0x0, 0x0, 0x0, '\x00', 'syz1\x00'}}}], {{'\x00', 0x0, 0xa8, 0xd0}, {0x28}}}}, 0x500)
bpf$MAP_CREATE(0x0, &(0x7f00000002c0)=ANY=[@ANYBLOB="1c0000000200000000", @ANYBLOB="01987d00"/19, @ANYRES32, @ANYBLOB="000000000100"], 0x50)
ioctl$FS_IOC_SETFLAGS(0xffffffffffffffff, 0x40046f41, &(0x7f0000000440)=0x1f)
r8 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x1)
ioctl$KVM_SET_SREGS2(r8, 0x4140aecd, &(0x7f0000000140)={{0xe566c797b7515b9, 0xffff1000, 0xc, 0x9, 0x7f, 0x7, 0x81, 0xff, 0x0, 0x84, 0x0, 0x8}, {0xd000, 0xd000, 0xc, 0x3, 0x3, 0x7, 0x6, 0x6, 0x1, 0x4, 0xfa, 0x5}, {0xf000, 0x8080000, 0x4, 0x4, 0x10, 0x81, 0x4, 0x13, 0x5, 0x1, 0x92, 0x80}, {0x10000, 0xeeef0000, 0xe, 0x7, 0x1, 0x3d, 0x6, 0x0, 0xf9, 0x29, 0x9, 0x9}, {0x1, 0xdddd0000, 0xe, 0x9, 0x5, 0x2, 0x7, 0x2, 0x2, 0x66, 0x2, 0x8}, {0x2000, 0xdddd1000, 0xd, 0x2, 0xad, 0x2, 0x5, 0x5, 0x1, 0xe, 0x6, 0xa}, {0x8000000, 0x10000, 0xb, 0x0, 0xcd, 0x5, 0x5, 0x26, 0x4, 0x6, 0x4c, 0x6}, {0x1, 0xd000, 0xd, 0xe, 0x13, 0x40, 0x3, 0x0, 0x7f, 0xfe, 0x4, 0x7}, {0x100000, 0x5}, {0x1000, 0xff81}, 0x80000005, 0x0, 0xdddd1000, 0x20, 0x5, 0x9000, 0xdddd1000, 0x1, [0x3, 0x2, 0x3, 0x4c345059]})

13.840807156s ago: executing program 0 (id=2816):
r0 = bpf$MAP_CREATE(0x0, &(0x7f0000000080)=@base={0xf, 0x4, 0x8, 0x8, 0x0, 0xffffffffffffffff, 0xfffffffc}, 0x50)
bpf$PROG_LOAD(0x5, &(0x7f00000005c0)={0x11, 0xc, &(0x7f0000000440)=@framed={{}, [@ringbuf_output={{0x18, 0x1, 0x1, 0x0, r0}, {0x7, 0x0, 0xb, 0x8, 0x0, 0x0, 0x401}, {}, {}, {}, {}, {}, {0x85, 0x0, 0x0, 0x3}}]}, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback=0xb, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
r1 = bpf$PROG_LOAD(0x5, &(0x7f0000000880)={0x6, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @xdp, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
bpf$BPF_PROG_TEST_RUN(0xa, &(0x7f0000000340)={r1, 0x2000002, 0xe, 0x0, &(0x7f0000000200)="df33c9f7b9a60000000000000000", 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2}, 0x50)
syz_emit_ethernet(0x3a, &(0x7f0000000000)={@multicast, @link_local={0x1, 0x80, 0xc2, 0x2, 0x0, 0x1}, @val={@val={0x88a8, 0x6, 0x1}, {0x8100, 0x1, 0x1, 0x4}}, {@ipv4={0x800, @udp={{0x5, 0x4, 0x0, 0x0, 0x24, 0x0, 0x0, 0x0, 0x11, 0x0, @initdev={0xac, 0x1e, 0x0, 0x0}, @multicast1}, {0x0, 0x17c1, 0x10, 0x0, @gue={{0x2}}}}}}}, 0x0)

13.635327467s ago: executing program 0 (id=2818):
pipe(&(0x7f0000000000)={<r0=>0xffffffffffffffff, <r1=>0xffffffffffffffff})
r2 = socket$nl_netfilter(0x10, 0x3, 0xc)
sendmsg$IPCTNL_MSG_CT_GET_STATS(r2, &(0x7f0000000100)={&(0x7f0000000040)={0x10, 0x0, 0x0, 0x10}, 0xc, &(0x7f00000000c0)={&(0x7f0000000080)={0x14, 0x5, 0x1, 0xe73c80df265fdc46, 0x0, 0x0, {0x1, 0x0, 0xa}, ["", "", "", "", "", "", ""]}, 0x14}, 0x1, 0x0, 0x0, 0x4000}, 0x80)
syz_emit_ethernet(0xd3, &(0x7f0000000140)={@broadcast, @link_local={0x1, 0x80, 0xc2, 0x0, 0x0, 0xe}, @void, {@x25={0x805, {0x3, 0x80, 0xf, "3f166998829ea6ef680763a387657f9507b60d80b4a1f5a9d43d260a2b63b18a1c19555036c7ad382b8a1647b5fcfd80eecfd7e550307eb411c240a0481f75640665d6fd9943b4520f895fe5a6a7184b6ba3eccbb6129d5396a4ba394f449076a4fb8176d78b3c1e6827bb9bb2907fc809aa4ad101d63db3b0461cb6f4d9d5613ce1c4b4ce0176f51d5f57631c3556fbe6a5ce6b2d61ccff9e4a5c5613a0fe860061bcde8669f9e5efc0b139202106792a7bc0766a1382c7e28649d037901e71786a"}}}}, &(0x7f0000000240)={0x1, 0x4, [0x9ff, 0x249, 0xc34, 0x5c1]})
r3 = add_key$fscrypt_provisioning(&(0x7f0000000280), &(0x7f00000002c0)={'syz', 0x3}, &(0x7f0000000300)={0x2, 0x0, @d}, 0x18, 0xfffffffffffffffa)
keyctl$read(0xb, r3, &(0x7f0000000340)=""/226, 0xe2)
syz_open_dev$dmmidi(&(0x7f0000000440), 0x8000, 0x2200)
keyctl$update(0x2, r3, &(0x7f0000000480)="ac79376d59be46801e1038debaac8aaabe1bc89d86186d887d60aa7d6d853d896e4648b56dd421061f0383dcd47aa6daa94c4210148cdf5ff9e967a6c035bfe2ca3326837a0d693e5a8a667d885f7b54846f135410125e7605388dac6c313c6759c824caad6274d902b62d3fc5468203a8c5d3c41c67987d4d8b5e791cecef400b56d8", 0x83)
ioctl$sock_inet_SIOCDARP(r0, 0x8953, &(0x7f0000000540)={{0x2, 0x4e23, @rand_addr=0x64010102}, {0x6}, 0x8, {0x2, 0x4e24, @broadcast}, 'veth1_virt_wifi\x00'})
timer_getoverrun(0x0)
r4 = add_key$fscrypt_v1(&(0x7f00000005c0), &(0x7f0000000600)={'fscrypt:', @desc1}, &(0x7f0000000640)={0x0, "d8db62d3a9cf41aa6dbfca41de157e4fcc08c21c8f8c2e0fe41254cbe376eb273b77c82992321b45cf61770662cfa4e7aed1fbaf5cde01539841629c3bfaf64a", 0x3a}, 0x48, 0xfffffffffffffffd)
newfstatat(0xffffffffffffff9c, &(0x7f00000006c0)='./file0\x00', &(0x7f0000000700)={0x0, 0x0, 0x0, 0x0, <r5=>0x0}, 0x400)
ioctl$AUTOFS_DEV_IOCTL_REQUESTER(r0, 0xc018937b, &(0x7f0000000780)={{0x1, 0x1, 0x18, r0, {0xee00, <r6=>0x0}}, './file0\x00'})
keyctl$chown(0x4, r4, r5, r6)
openat$tun(0xffffffffffffff9c, &(0x7f00000007c0), 0x82, 0x0)
clock_gettime(0x0, &(0x7f00000011c0)={<r7=>0x0, <r8=>0x0})
recvmmsg$unix(r1, &(0x7f0000001140)=[{{&(0x7f0000000800), 0x6e, &(0x7f0000000a80)=[{&(0x7f0000000880)=""/204, 0xcc}, {&(0x7f0000000980)=""/250, 0xfa}], 0x2, &(0x7f0000000ac0)=[@rights={{0x20, 0x1, 0x1, [<r9=>0xffffffffffffffff, 0xffffffffffffffff, 0xffffffffffffffff, 0xffffffffffffffff]}}, @rights={{0x28, 0x1, 0x1, [0xffffffffffffffff, 0xffffffffffffffff, 0xffffffffffffffff, 0xffffffffffffffff, 0xffffffffffffffff, 0xffffffffffffffff]}}, @rights={{0x24, 0x1, 0x1, [0xffffffffffffffff, <r10=>0xffffffffffffffff, 0xffffffffffffffff, 0xffffffffffffffff, 0xffffffffffffffff]}}, @cred={{0x1c}}, @cred={{0x1c}}], 0xb0}}, {{&(0x7f0000000b80)=@abs, 0x6e, &(0x7f0000001040)=[{&(0x7f0000000c00)=""/121, 0x79}, {&(0x7f0000000c80)=""/227, 0xe3}, {&(0x7f0000000d80)=""/178, 0xb2}, {&(0x7f0000000e40)=""/127, 0x7f}, {&(0x7f0000000ec0)=""/81, 0x51}, {&(0x7f0000000f40)=""/228, 0xe4}], 0x6, &(0x7f00000010c0)=[@rights={{0x20, 0x1, 0x1, [0xffffffffffffffff, 0xffffffffffffffff, 0xffffffffffffffff, 0xffffffffffffffff]}}, @cred={{0x1c, 0x1, 0x2, {0x0, <r11=>0x0}}}, @cred={{0x1c, 0x1, 0x2, {0x0, 0x0, <r12=>0x0}}}], 0x60}}], 0x2, 0x40000000, &(0x7f0000001200)={r7, r8+60000000})
timer_create(0x2, &(0x7f0000001240)={0x0, 0x3}, &(0x7f0000001280)=<r13=>0x0)
timer_gettime(r13, &(0x7f00000012c0))
r14 = gettid()
prctl$PR_SCHED_CORE(0x3e, 0x0, r14, 0x0, &(0x7f0000001300))
timer_settime(r13, 0x2c1984544f437bf6, &(0x7f0000001340), &(0x7f0000001380))
bpf$BPF_BTF_LOAD(0x12, &(0x7f0000001500)={&(0x7f00000013c0)={{0xeb9f, 0x1, 0x0, 0x18, 0x0, 0x3c, 0x3c, 0x6, [@union={0x4, 0x4, 0x0, 0x5, 0x1, 0x2, [{0xe, 0x2, 0x9}, {0xc, 0x5, 0x8001}, {0x7, 0x3, 0x5}, {0xe, 0x4, 0x4}]}]}, {0x0, [0x2e, 0x0, 0x0, 0x0]}}, &(0x7f0000001440)=""/138, 0x5a, 0x8a, 0x1, 0x83, 0x10000, @value=r10}, 0x28)
syz_init_net_socket$bt_hidp(0x1f, 0x3, 0x6)
fchownat(r9, &(0x7f0000001540)='./file0\x00', r11, r12, 0x1000)
socket(0x2, 0x800, 0x8)
uname(&(0x7f0000001580)=""/35)
ioctl$SIOCGIFHWADDR(r1, 0x8927, &(0x7f00000015c0)={'lo\x00'})
pipe2(&(0x7f0000001600)={0xffffffffffffffff, <r15=>0xffffffffffffffff}, 0x0)
close(r15)

12.685977476s ago: executing program 0 (id=2821):
bpf$PROG_LOAD(0x5, &(0x7f0000000440)={0xd, 0x4, &(0x7f0000000280)=ANY=[@ANYBLOB="b4020000000000007b1148000000000085000000d1000000950a030000000000b88166989a2144c4935cd0a0ac5b95d50e314f5291c01024194fa3573d7c84920d37af3d720892ebc02aa51b49"], &(0x7f0000000080)='GPL\x00', 0x4, 0x16, &(0x7f000000cf3d)=""/195, 0x0, 0x0, '\x00', 0x0, @sock_ops, 0xffffffffffffffff, 0x8, &(0x7f0000000000), 0x0, 0x10, &(0x7f0000000000), 0x76}, 0x21)
syz_io_uring_complete(0x0)
bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f00000013c0)={0x18, 0x3, &(0x7f0000000500)=ANY=[], 0x0}, 0x94)
r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000180), 0x2, 0x0)
ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000200)={0x0}, 0x18)
ioctl$KVM_SET_MSRS(0xffffffffffffffff, 0x4008ae89, &(0x7f0000000080)=ANY=[@ANYBLOB="08000000000000009b000040"])
r1 = openat$vmci(0xffffffffffffff9c, &(0x7f0000000740), 0x2, 0x0)
ioctl$IOCTL_VMCI_VERSION2(r1, 0x7a7, &(0x7f0000000080)=0xb0000)
ioctl$IOCTL_VMCI_INIT_CONTEXT(r1, 0x7a0, &(0x7f0000000000)={@my=0x0})
ioctl$IOCTL_VMCI_INIT_CONTEXT(r1, 0x7a0, &(0x7f0000000040)={@local, 0x1})

12.461982392s ago: executing program 0 (id=2823):
r0 = socket$nl_netfilter(0x10, 0x3, 0xc)
socket$nl_xfrm(0x10, 0x3, 0x6)
r1 = bpf$PROG_LOAD(0x5, &(0x7f0000000340)={0x7, 0xc, &(0x7f0000000180)=ANY=[@ANYRES8=r0], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback=0xe, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000600)={&(0x7f00000005c0)='sys_enter\x00', r1}, 0x10)
bpf$PROG_LOAD(0x5, 0x0, 0x0)
ioctl$VIDIOC_G_PRIORITY(0xffffffffffffffff, 0x80045643, 0x914f989e7507b04d)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000200)=0x1)
syz_open_dev$vim2m(&(0x7f0000000280), 0x2, 0x2)
sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
r2 = syz_open_dev$MSR(&(0x7f00000001c0), 0x0, 0x0)
bind$alg(0xffffffffffffffff, &(0x7f0000000000)={0x26, 'skcipher\x00', 0x0, 0x0, 'ecb(aes)\x00'}, 0x58)
setsockopt$ALG_SET_KEY(0xffffffffffffffff, 0x117, 0x1, 0x0, 0x0)
r3 = accept4(0xffffffffffffffff, 0x0, 0x0, 0x800)
sendmmsg$alg(r3, &(0x7f0000000400)=[{0x0, 0x0, 0x0, 0x0, &(0x7f0000000a40)=ANY=[@ANYBLOB="18"], 0x18, 0x4000040}], 0x1, 0x0)
recvmmsg(r3, &(0x7f0000002300)=[{{0x0, 0x0, &(0x7f0000000f80)=[{&(0x7f0000000900)=""/82, 0x52}], 0x1}, 0x7f}], 0x1, 0x11102, 0x0)
read$msr(r2, &(0x7f0000019680)=""/102392, 0x18ff8)
r4 = syz_open_procfs(0x0, &(0x7f0000000080)='oom_score_adj\x00')
pread64(r4, &(0x7f000004b680)=""/102356, 0x18fd4, 0x2)
clock_getres(0xa, 0x0)
r5 = socket$inet_udplite(0x2, 0x2, 0x88)
ioctl$sock_SIOCGIFINDEX(r5, 0x8933, &(0x7f00000002c0)={'bridge_slave_0\x00'})
socket(0x10, 0x80002, 0x0)
socket$kcm(0x2, 0x3, 0x84)
sched_setscheduler(0x0, 0x1, 0x0)
recvmsg(0xffffffffffffffff, 0x0, 0xc0000042)
sched_setscheduler(0x0, 0x0, 0x0)
mmap(&(0x7f0000899000/0x2000)=nil, 0x2000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0)
sendmmsg$unix(0xffffffffffffffff, 0x0, 0x0, 0x0)

12.404149383s ago: executing program 1 (id=2824):
r0 = syz_open_dev$vim2m(&(0x7f0000000100), 0x0, 0x2)
ioctl$vim2m_VIDIOC_REQBUFS(r0, 0xc0145608, &(0x7f0000000000)={0x6, 0x1, 0x1, 0x0, 0x3})
r1 = gettid()
timer_create(0x0, &(0x7f0000533fa0)={0x0, 0x21, 0x800000000004, @tid=r1}, &(0x7f0000bbdffc))
timer_settime(0x0, 0x0, 0x0, 0x0)
ioctl$vim2m_VIDIOC_STREAMOFF(r0, 0x40045612, &(0x7f0000000040)=0x1)
ioctl$vim2m_VIDIOC_STREAMOFF(r0, 0x40045612, &(0x7f0000000080)=0x2)
ioctl$IOMMU_VFIO_IOAS$SET(0xffffffffffffffff, 0x3b88, &(0x7f00000004c0)={0xc})
io_uring_enter(0xffffffffffffffff, 0x666a, 0x90d5, 0x0, &(0x7f0000000480)={[0x7]}, 0x8)

11.737398893s ago: executing program 0 (id=2827):
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, 0x0, 0x0)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x88}, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000180)=0x7)
r0 = getpid()
sched_setscheduler(r0, 0x2, &(0x7f0000000200)=0x4)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x2000000)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={<r1=>0xffffffffffffffff, <r2=>0xffffffffffffffff})
connect$unix(r1, &(0x7f000057eff8)=@abs, 0x6e)
sendmmsg$unix(r2, &(0x7f00000bd000), 0x318, 0x0)
recvmmsg(r1, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
close_range(0xffffffffffffffff, 0xffffffffffffffff, 0x2)
socket$nl_route(0x10, 0x3, 0x0)
getsockopt$sock_cred(0xffffffffffffffff, 0x1, 0x11, &(0x7f0000000040), &(0x7f0000002500)=0xc)
open_tree(0xffffffffffffffff, &(0x7f00000001c0)='./file0\x00', 0x101)
sendmsg$netlink(0xffffffffffffffff, 0x0, 0x0)
fsmount(0xffffffffffffffff, 0x0, 0x0)
bpf$PROG_LOAD(0x5, &(0x7f00000054c0)={0xe, 0x16, &(0x7f0000001900)=ANY=[@ANYBLOB="61106400000012006113740000000000bfa00000000000000700000008ffffffd50301001774004095000000000000006916360000000000bf67000000000000350607000fff07201706000020190000160300000ee60060bf050000000000007b650000000000006507f9ff01000000070700004d83dde4c375000000000000bf54000000000000070400000400f9ffad4301000000000095000000000000001500000000000000950000000000000032ed3c12dc8c27df8ecf264e0f84f9f17d3c30e32f17540faf80250aa20c669a5e12814cb1cea5d4601d295c45a6a0b9bdb7dd399703cac4f6f3be4b369226066812b8e007e733a9a4f1b0af3dda82ee45a010fb94fe9de57b9d8a814261bdb94a05000400c6c60bf70d742a81762bab8395fa64810b5b40d893ea8fe0185473d51b546cad3f1d5ab2af27546e7c955ccefa1f6ab689b555202da2e0ec2871b4a7e65836429a527dc47ebe84a423b6c8d345dc8da3085b0ab71ca1b901627b562ed04ae76002d4519af619e3cca4d69e0dee5eb106774a8f3e6916dfec88158f0200000000c8fb730a5c1bf2b2bb71a629361997a75fd552bdc206438b8ef4901fd03c16dfda44221b235c8ac86d8a297dff0445a15f21dce431e56723888fb126a163f16f920ae2fb494059bba8e3b680324a188076eb685d55c4e9b2ad9bc1172ba7cbebe174aba210d739a018f9bbec63222d20ceddf4d03723f1c932b3a6aa57f1ad2e99e0e67ab93716d20000009f0f53acbb40b4f8e2738270b31562ed834f2af97787f696649a462e7ee4bcf8b07a10fd7ed6735154beb4000000000000000000000000004000bc00f6746a9709e7e78f4ddc211bc3ebe6bd9d42ca0140a7afaab43176e65ec1118d50d1e827f3472f4445d253887a5ad103649afa17690884f800031e03a651bb96589a7e2e509bcc1d161347623cb5e7ac4629c8ab04871bc47287cd31cc43ea0ffb567b40407d000000210000000000000000005f37d8703f37ca364a601ae899a56715a0a62a34c1d926a0f6a5480a55c22fe3a5ac00000000000000000000000500002000000000fb79ea00000000000000000000e4007be511fe32fbc90e2364a55e9bb66ac64423d2d00fea2594e14d90deae46e26c596f84eba90000000000000000fffb0000000082fb0d3cc3aa39ee4b1386bab561cda886fa642994cacd473b543ccb5f0d7b63924f17c67b13631d22a11dc3c693962895496d4f6e9cc54db6c7205a6b06ff7f0000000000007f31d7c8cc5d325c5379b0363ce8bd1f61b007e1ff5f1be1969a1ba791ad46d800000000c7f26a1f37302f3b41eae59809fd05d12f6106f117b062df67d3a6473265dd1410eea68208a3f26b2989b832d8b34a34a4f08b34b3042065acaa10856e858d27adee7daf32903d3fc78700d429a2d4c8b6d803eb83eecfe4c7ff9e6ab5a52e83d089e0b1c23c0f3cdad7a8710e0254f1b11cced7bc3c8da0c44d2ebf9f6f3ff3be4d1458077c2253b0c7c7a1a9fdd63bf910dc20e5cb2a88e59febc47f1212a21f631d22bad050e9856b48ae3a03a497c37758537650fe6db89da3c41fdc3d78e046f6160e1741299e8dc29906870e6431ed1eab5d067a183f064b060a8ec12725d42e3a74863d66bee966b1574f8e01b3f34a267ff0af1cb3f1f815f8989d78854ca4d3116dbc7e2bf2402a75fd7a55733360040855ed5d1c0d634fc5fb38f84d9d87b27f8a5d91217b728f13e3ee20e69e0ffb2780b1a7af137ff7b4c6ea9604faf0453bedf0c5d744b5272b44c23488b2bdbff947c4dfa108cbb88202eeb81f428a5b3c29984864961a57ff52f657a67463d7dbf85ae9321fc2cc17dc4a29b9cba8ded5de8206c812439ab129ae818837ee15620789c524b3baf49a09d8be0fc5beecf153236c19740be9bb7d958d5e87c6c09bf71a894bad62934782cc308e936d7637e07c4a2b4dc87b0da20000d9ef418cf19e7a8c4c328be0ce91798adc2dca87ddd9d064e081383409ed2912c811ae63f03212a5331c2a4ead000000000000000000000000000000000000000000000000001386866b311bd144bc32e059658c9f8342c90c1ade31b78072841b8b5a943d62a44cea6b050c42e3c205fad6a23fb43c93da0f49d911877265e6ee443e37397ecf89021e7f579e8d3a74c12b52938d91e9de07fc8eeeb9505f4a9c26266bf5449484ccc1317c7476"], &(0x7f0000000100)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @sk_skb}, 0x48)

11.733442255s ago: executing program 3 (id=2828):
socket$nl_xfrm(0x10, 0x3, 0x6)
socket$inet_sctp(0x2, 0x1, 0x84)
move_pages(0x0, 0x0, 0x0, 0x0, 0x0, 0x0)
syz_open_pts(0xffffffffffffffff, 0x20800)
prlimit64(0x0, 0xe, &(0x7f00000007c0)={0x8, 0x88}, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000080)=0x8)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
r0 = openat$sequencer2(0xffffffffffffff9c, &(0x7f00000000c0), 0x0, 0x0)
ioctl$SNDCTL_SEQ_OUTOFBAND(r0, 0x40085112, &(0x7f0000000080)=@raw={0xfe, 0x1, "2fbc854ab559"})
openat$sequencer(0xffffffffffffff9c, &(0x7f0000000300), 0x0, 0x0)
r1 = syz_open_dev$sndmidi(&(0x7f00000004c0), 0x2, 0x141102)
writev(r1, &(0x7f0000000840)=[{&(0x7f00000002c0)="94", 0xf000}, {0x0}], 0x2)
openat$nullb(0xffffffffffffff9c, &(0x7f0000001000), 0x20200, 0x0)
r2 = syz_init_net_socket$bt_hidp(0x1f, 0x3, 0x6)
r3 = syz_init_net_socket$bt_l2cap(0x1f, 0x2, 0x0)
connect$bt_l2cap(r3, &(0x7f0000000080)={0x1f, 0x0, @fixed={'\xaa\xaa\xaa\xaa\xaa', 0x10}, 0x7ff}, 0xe)
ioctl$sock_bt_hidp_HIDPCONNADD(r2, 0x400448c8, &(0x7f0000000340)={r3, r3, 0x1, 0x0, 0x0, 0x31, 0x1, 0x10cf, 0x5df, 0x8b, 0x2, 0x3, 'syz0\x00'})
ioctl$sock_bt_hidp_HIDPGETCONNLIST(r2, 0x800448d2, &(0x7f0000000c80)={0x17, &(0x7f0000001040)})
r4 = openat$audio1(0xffffffffffffff9c, 0x0, 0x0, 0x0)
r5 = socket$nl_generic(0x10, 0x3, 0x10)
syz_genetlink_get_family_id$ethtool(&(0x7f0000000440), 0xffffffffffffffff)
r6 = syz_genetlink_get_family_id$ethtool(&(0x7f0000000000), r5)
sendmsg$ETHTOOL_MSG_PAUSE_SET(r5, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000300)={&(0x7f0000000540)={0x34, r6, 0x431, 0x70bd2b, 0xffffffff, {}, [@ETHTOOL_A_PAUSE_HEADER={0x18, 0x1, 0x0, 0x1, [@ETHTOOL_A_HEADER_DEV_NAME={0x14, 0x2, 'netdevsim0\x00'}]}, @ETHTOOL_A_PAUSE_AUTONEG={0x5, 0x2, 0x1}]}, 0x34}, 0x1, 0x0, 0x0, 0x4}, 0x40050)
close(r4)
r7 = socket$alg(0x26, 0x5, 0x0)
bind$alg(r7, 0x0, 0x0)
setsockopt$ALG_SET_KEY(r7, 0x117, 0x1, &(0x7f0000c18000)="ad56b6c5910fae9d6dcd3292ea54c7b6ef915d564c90c200", 0x18)
r8 = seccomp$SECCOMP_SET_MODE_FILTER_LISTENER(0x1, 0xa, &(0x7f0000000280)={0x1, &(0x7f0000000180)=[{0x6, 0x0, 0x0, 0x7fc00101}]})
socket(0x0, 0x0, 0x0)
ioctl$SECCOMP_IOCTL_NOTIF_SEND(r8, 0x80082102, 0x0)

10.268899561s ago: executing program 0 (id=2830):
openat$procfs(0xffffffffffffff9c, &(0x7f0000000900)='/proc/keys\x00', 0x0, 0x0)
openat$kvm(0xffffffffffffff9c, 0x0, 0x2628c3, 0x0)
bpf$TOKEN_CREATE(0x24, 0x0, 0x0)
socketpair$unix(0x1, 0x3, 0x0, &(0x7f00000008c0)={<r0=>0xffffffffffffffff, <r1=>0xffffffffffffffff})
connect$unix(r0, &(0x7f000057eff8)=@file={0x1, '.\x00'}, 0x6e)
sendmmsg$unix(r1, &(0x7f00000bd000), 0x318, 0x0)
openat$kvm(0xffffffffffffff9c, &(0x7f0000000040), 0x1000, 0x0)
recvmmsg(r0, &(0x7f00000033c0)=[{{&(0x7f0000000300)=@ll={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @multicast}, 0x0, &(0x7f0000000240)=[{&(0x7f0000000380)=""/87}, {&(0x7f0000001840)=""/4096}, {&(0x7f0000000400)=""/163}], 0x0, &(0x7f00000004c0)=""/224}, 0xff}, {{&(0x7f00000005c0)=@pppol2tpv3in6={0x18, 0x1, {0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, {0xa, 0x0, 0x0, @local}}}, 0x0, &(0x7f0000000a40)=[{&(0x7f0000000880)=""/9}, {&(0x7f0000002940)=""/15}, {&(0x7f0000000940)=""/219}]}, 0x8}, {{&(0x7f0000000a80)=@in6={0xa, 0x0, 0x0, @private0}, 0x0, &(0x7f0000003540)=[{&(0x7f0000000b00)=""/30}, {&(0x7f0000000b40)=""/118}, {&(0x7f0000000bc0)=""/145}, {&(0x7f0000000c80)=""/157}, {&(0x7f0000000d40)=""/196}, {&(0x7f0000002840)=""/231}], 0x0, &(0x7f00000029c0)=""/91}, 0x9}, {{&(0x7f0000002a40)=@nl, 0x0, &(0x7f0000002d00)=[{&(0x7f0000002ac0)=""/241}, {&(0x7f0000000e40)=""/25}, {&(0x7f0000002bc0)=""/114}, {&(0x7f0000002c40)=""/77}, {&(0x7f0000002cc0)=""/32}]}, 0x3}, {{&(0x7f0000002d80)=@nfc_llcp, 0x0, &(0x7f0000002fc0)=[{&(0x7f0000002e00)=""/182}, {&(0x7f0000002ec0)=""/247}], 0x0, &(0x7f0000003000)=""/84}, 0x2}, {{&(0x7f0000003080)=@nl=@unspec, 0x0, &(0x7f00000032c0)=[{&(0x7f0000003100)=""/217}, {&(0x7f0000003200)=""/56}, {&(0x7f0000003240)=""/114}], 0x0, &(0x7f0000003300)=""/170}, 0x7c}], 0x3ffffffffffff71, 0x42, 0x0)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
sched_setattr(0x0, &(0x7f0000000100)={0x38, 0x5, 0x0, 0x0, 0x0, 0x0, 0x0, 0xfffffffffffffffe}, 0x0)
syz_usb_connect(0x0, 0x5f, &(0x7f0000000000)=ANY=[@ANYBLOB="12010000b1f203401e0903003bd7010203010902"], 0x0)
r2 = socket$kcm(0x2, 0x3, 0x2)
ioctl$sock_SIOCETHTOOL(r2, 0x8946, &(0x7f0000000200)={'bond0\x00', &(0x7f0000000640)=@ethtool_per_queue_op={0x4b, 0xf, [0x4, 0x8, 0xfffffff1, 0x0, 0x0, 0x1, 0x3e9, 0x5, 0x9, 0x6, 0x5, 0x6, 0x7ff, 0x8, 0x4, 0x3ff, 0x4, 0x8, 0x2, 0x4, 0x6, 0x4, 0x8, 0x1, 0xfffffa0c, 0x7, 0x8, 0x9be, 0x3, 0x3ff, 0x6, 0x14dc, 0x147, 0x400005, 0x1, 0x3, 0x4, 0x0, 0x5, 0x6, 0x7, 0x5, 0x0, 0xfffffffb, 0x8, 0x80000000, 0x9, 0x100, 0x5, 0x2, 0x7, 0x5, 0x0, 0x6, 0xf667, 0xfffffffc, 0x4007, 0x80000008, 0x7f, 0x6, 0xc8, 0x6, 0x0, 0xc3, 0x4, 0x10, 0xffffffa8, 0x1, 0x40000009, 0x9, 0x1, 0x83, 0x0, 0xcf, 0x10, 0x401, 0x7, 0x7, 0x2a, 0x71c9, 0x1, 0x31d, 0xfffffeff, 0x20007f, 0x66, 0x1c24, 0xff, 0x9, 0x4, 0x2, 0x3, 0xff, 0x100, 0x126, 0x1, 0x8, 0x40000000, 0xc, 0x2004, 0x8, 0xffffffc0, 0x4, 0x10001, 0x5, 0x74a000, 0x44e27, 0x3ff, 0x0, 0x8356, 0x0, 0x6, 0x9b7, 0x1, 0x80000001, 0x82, 0xea, 0x6, 0x1, 0xff, 0x7, 0x0, 0x4000005, 0x10001, 0x108, 0x69e4, 0x80000001, 0xfffffff4, 0x100]}})
r3 = landlock_create_ruleset(&(0x7f0000000140)={0x9300, 0x0, 0x1}, 0x18, 0x3)
r4 = socket$inet_smc(0x2b, 0x1, 0x0)
r5 = syz_open_dev$sg(&(0x7f00000060c0), 0x0, 0x8002)
r6 = socket$nl_generic(0x10, 0x3, 0x10)
syz_genetlink_get_family_id$wireguard(&(0x7f0000000040), 0xffffffffffffffff)
sendmsg$WG_CMD_SET_DEVICE(r6, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000080)={&(0x7f0000003740)=ANY=[@ANYBLOB="d28bca67924c57a6ab138e548a15ee06e981b74302c976b4c625eaf1de9c88ae4d02f1a4db1dda2808d822bcd06efd23438cac1c41e83a120ef28d26c215a35d788933e7ded90b6a2a8c6bc5fb1ac08500e4faa710cdfc34e0d067b6587c540db302d5baa0ca5ea2ba9f564ccae27b1eee25e2877835459446cc20e54e0a5ade060b87d942cde2f8fd6c9413c26e7198773ca006393e1813aa", @ANYRES8=r3, @ANYBLOB="01000000000000000000010000001804088038010080e40009801c000080060001000200000008000200e00000020500030001000000c4000080060001000a0000001400020000000000000000000000ffff000000000500030001000000060001000200000008000200ac1414bb05000300030000000600010002000000080002007f00000105000300000000000600010002000000080002007f0000010500030002000000060001000200000008000200e00000010500030000000000060001000200000008000200e0000002050003000100000a0000001400020000000000000000000000000000000000050003000200000008000a0001047c73b64c0d408800000024000100975c9d81c983c8209ee781254b899f8ed925ae9f0923c23c62f53c57cdbf691c24000200eff93d58460ea431f2cb4a6894ddb2834088d7445bf5afdd0619ce173f1db717d8020080240002007b4326167f79726ecfae0aeee91d38ba98df91957e9dead91c7bebb4db027bf124000100f44da367a88ee6564f020211456727082f5cebee8b1bf5eb7337341b459b3922080003000f00000008000300040000007c0209804c000080060001000a00000014000200ff0200000000000000000000000000010500030002000000060001000a000000140002000000000000000000000000000000000005000300020000001c00008006000100020000000800020000000000050003000300000058000080060001000a00000014000200fe8000000000000000000000000000bb0500030002000000060001000200000008000200ac1414bb05000300020000000600010002000000080002007f000001050003000300000028000080060001000a00000014000200000000000000000000000000000000010500030003000000c4000080060001000a00000014000200fc0000000000000000000000000000000500030000000000060001000200000008000200ac1e01010500030001000000060001000a00000014000200000000000000000000000000000000000500030003000000060001000a00000014000200000000000000000000000000000000000500030001000000060001000a00000014000200fe80000000000000000000000000003a0500030002000000060001000200000008000200e0000002050003000100000064000080060001000200000008000200ffffffff0500030003000000060001000a00000014000200200100000000000000000000000000020500030002000000060001000a00000014000200fe8800000000000000000000000000010500030001000000640000800600010002000000080002000a0101020500030001000000060001000a00000014000200fe80000000000000000000000000002c0500030000000000060001000a00000014000200ff01000000000000000000000000000105000300020000000400008004000080080007000000000024000300b08073e8d44e91e3da922c22438244bb885c69e269c8e9d835b114293a4ddc6e060006000000000014000200776730000000000000000000000000009f5ca4f8c8408f276fed40bce2d740d9a98cf54a3553e51592c1be8a0727b16d3811dc3f167e5703d5a3f5d78641fcd79610366bfb1adf29f9c51ba76eb35597a597213bd2ce5f276e878b0214c13d49d6a79003825720e1cfcac62ad1f0a6acc5fbbb15d47e7e93f486780ebc503d7a8c3fae6723f7b2bb9d3d0ab40e83ec69e722c3fa23b04596c5a835acbd132c000000000022f07598dba5a371fda2295732de8155269f14f463d162f4d99252a52a209d356530d75b7fc0e80affbd56b50688c42f34eb19b418ba13b5dbddd97a5e46282ed339a8c67a3114c9ede57987d3ad44e4880f0055f95dfdace4"], 0x474}, 0x1, 0x0, 0x0, 0x20008010}, 0x40083)
r7 = fcntl$dupfd(r5, 0x0, r5)
write$sndseq(r7, &(0x7f00000036c0)=[{0xff, 0x0, 0x0, 0x0, @tick=0x4, {0x0, 0x1}, {0x0, 0x89}, @result={0x1, 0x2}}, {0x3, 0x0, 0xff, 0x3, @time={0x6, 0x8e}, {0x7}, {0xfc}, @ext={0xcd, &(0x7f00000035c0)="a8830600361c06876e29f2876ff5573365c1894df00c1d35159f959d3604ae5d24b7eb19b67e253f597773950d87a65bc2a55b7c4d73994fcccf76a831ccc9735046c681fcaeb6e5d81afdc95d7d336c2c48ece26a0ff942e66e627caa1796e1831ce8486dd76c3bbceec389349c0ac2abd4a92c4d21c0c896b749961668fa659e4ef6631735e15fb5d1fa034407f87235b10f067f859976cbc90acf9fbfb9a220096f1d6228730c0f2adb79b667012a0f8da01359d85cdbcc9ea21418345f737389b26de2bea6a883fea85e2e"}}, {0x9, 0xff, 0x7f, 0x9c, @time={0x3, 0x80000001}, {0x2, 0xd}, {0x80, 0xb}, @result={0x4d, 0x8}}], 0x54)
readv(r7, &(0x7f0000000000)=[{&(0x7f0000001140)=""/136, 0x88}], 0x1)
r8 = socket$inet_sctp(0x2, 0x5, 0x84)
getsockopt$inet_sctp6_SCTP_MAX_BURST(r7, 0x84, 0x83, &(0x7f0000000280)=@assoc_value={<r9=>0x0}, &(0x7f00000002c0)=0xfffffffffffffd77)
getsockopt$inet_sctp_SCTP_DEFAULT_SEND_PARAM(r8, 0x84, 0xa, &(0x7f0000000000)={0x5, 0xfff, 0x8, 0x2, 0x5, 0x80000000, 0x5, 0x48a5, r9}, 0x0)
setsockopt$ARPT_SO_SET_REPLACE(r4, 0x0, 0x60, &(0x7f0000000e80)={'filter\x00', 0xb001, 0x4, 0x3b0, 0x0, 0x10c, 0x1f0, 0x2d0, 0x2d0, 0x2d0, 0x7fffffe, 0x0, {[{{@uncond, 0xbc, 0x10c}, @mangle={0x50, 'mangle\x00', 0x0, {@empty, @mac=@local, @rand_addr=0x64010101, @initdev={0xac, 0x1e, 0x1, 0x0}, 0x2, 0x1}}}, {{@uncond, 0xbc, 0xe4, 0x0, {0x0, 0x1e03}}, @unspec=@NFQUEUE3={0x28, 'NFQUEUE\x00', 0x3, {0x46e, 0xfffc}}}, {{@uncond, 0xbc, 0xe0}, @unspec=@CLASSIFY={0x24, 'CLASSIFY\x00', 0x0, {0x31caf518}}}], {{'\x00', 0xbc, 0xe0}, {0x24}}}}, 0x3fc)
madvise(&(0x7f0000bdc000/0x4000)=nil, 0x86ac726dff2f4713, 0xa)
setsockopt$inet6_tcp_int(0xffffffffffffffff, 0x6, 0x24, 0x0, 0x0)
mmap(&(0x7f0000000000/0xff5000)=nil, 0xff5000, 0x3, 0x200000005c832, 0xffffffffffffffff, 0x0)
syz_clone(0x640c7000, 0x0, 0x0, 0x0, 0x0, 0x0)

9.299953106s ago: executing program 4 (id=2832):
r0 = openat$tun(0xffffffffffffff9c, &(0x7f00000003c0), 0x1c1341, 0x0)
ioctl$TUNSETIFF(r0, 0x400454ca, &(0x7f00000000c0)={'syzkaller0\x00', 0x84aebfbd6349b7f2})
r1 = openat$tun(0xffffffffffffff9c, &(0x7f0000000400), 0x0, 0x0)
close(r1)
r2 = socket$nl_generic(0x10, 0x3, 0x10)
r3 = syz_genetlink_get_family_id$tipc(&(0x7f0000000200), 0xffffffffffffffff)
ioctl$IOCTL_GET_NCIDEV_IDX(0xffffffffffffffff, 0x0, &(0x7f0000000700)=<r4=>0x0)
sendmmsg$sock(r2, &(0x7f00000006c0)=[{{&(0x7f0000000100)=@nfc_llcp={0x27, r4, 0x0, 0x0, 0x0, 0x4, "eba9deddac695c4956a0ca907db9ac62ba9721b00d5cf77ec21c7b238017ca7ab123f5c1f7b791606d0f44805d26c3ba8da8dcbf773e07aa0fa0f0aa977c76", 0x34}, 0x80, &(0x7f0000000600)=[{&(0x7f0000000940)="9fbd8b0881fc0190ea7f9257c8c3eb7f63e751803f6eac1f1d33631e90ecfbebc1e68c734aec7946b0b5d55d2f3d990c5d7f6f147f2122cf7b82b6daea56c4cec63efd80bf8c8e4113e412722d72bfe5a9acc113e224af7cdcad8517e2b0416744a37cf1d7674566231934af9278633372d579ada45a57891b44e7a82ec47d6149b14cb9440847546fb0f07aa1bcbfe8d2b61c03f484b3655121936a117bc8e6bf7f686c09dc31b11004928df828ad436a904d", 0xb3}, {&(0x7f0000000080)="23ae7ba4e3b2b6e11472fe3cf91f002d0b08b9c751501f698f21b0797a4fa7f705000000387c8a3367", 0x29}, {&(0x7f0000000440)="fe138b726a4a35fce58582a59b5206416d4f808c0bb011690d53da3242cd3d6d0eedec61252e34154dd09a21dec2575b87f9de14f36226d5d4d39146f6e15bce77607825ab5a05c0ee15ec953b49662bb260785ce39b5f71d1a97eaf0d7b3f96a0bd76b2a369583641c2dbd5a0f5e88d8af886fec426d6f0cf7239980e29b201357f40351f0e8542ea1cbe9bafa64481b28201e4", 0x94}, {&(0x7f0000000180)="436b39a1178d255ff5e75528afda94c563712479b2be3bdb057f10c1b9eea8ace7daff385c4d8bfa4f0823f743ed20d3c168fa5d161607f75e07a055a880dcb88ae26bd8dae1148f6c21fdfbac364ba3a3927264376cfa8fadc65e6a115cd721c8", 0x61}, {&(0x7f0000000240)}, {&(0x7f0000000500)="cfbb8ef8351109322008ef6462253a75fa1b63600abc421819251161333a34eea7ecce0d9899654e415917ac11223140873a78fa96ca3fd197905ea37064b25b7c04be4291ffc500be1e5396ef0d6976f8254928836de7a31296205b25301599702ae64009551c5bd9661ce04a6f59a5f8b5f50f604a5b291ec7917c7d09893fb273950bf5888eafa66848983624187111038175eeec553c41e8607b09b986708dd0f4fd6f7b2baa4636a19b763b23eaa4cf0967774a7e55167b3e5c7b3d808479d9853e9c4ffa028dbf5a0871f742f738bc62eb47a7bfcacd59d84bab9f7e5aaa734fde089b0ea4f6", 0xe9}], 0x6}}], 0x1, 0x80c0)
sendmsg$TIPC_CMD_ENABLE_BEARER(r2, &(0x7f00000002c0)={0x0, 0x0, &(0x7f0000000280)={&(0x7f0000000780)=ANY=[@ANYBLOB='8\x00\x00\x00', @ANYRES16=r3, @ANYBLOB="010000000d0000009a06b5847a3cdade2c0573408964fa009a000100000000000000010000001c0017000400004d00dc48006574683a73797a6b616c6c657230f35b0af739d59bedb81d9ff71ca300c0831cdadd7966cd14062dc4e7bae6138c3c961207a2e27185788f3e6b982b9e5c1f4a84b76280458c7f1a1bb3d78b583e19321b32681204d20c3c6175d1f25d3293a08021f4f86e3ca22166b6440cb87697e75a46c3db5cf551c3022b6fe76227db8b70616d48d15e427432e7fcb502af7f95f51e74bb2aec29c4545a1200"], 0x38}}, 0x0)
ioctl$SIOCSIFHWADDR(r1, 0x8914, &(0x7f0000002280)={'batadv_slave_0\x00', @local})
openat$ptmx(0xffffffffffffff9c, &(0x7f0000000000), 0x2, 0x0)
r5 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000200)={0x18, 0x4, &(0x7f00000002c0)=ANY=[@ANYBLOB="18010000000000000000000000000000850000006d00000095"], &(0x7f0000000100)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x2}, 0x80)
r6 = bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000080)={&(0x7f0000000000)='sched_switch\x00', r5}, 0x10)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x88}, 0x0)
sched_setscheduler(0x0, 0x1, &(0x7f0000000240)=0xa)
getpid()
ioctl$FS_IOC_FSSETXATTR(0xffffffffffffffff, 0x401c5820, &(0x7f0000000380)={0xfffffffe, 0x100, 0x0, 0x3c})
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, r6, 0x0)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000740)={<r7=>0xffffffffffffffff, <r8=>0xffffffffffffffff})
connect$unix(r7, &(0x7f000057eff8)=@abs, 0x6e)
sendmmsg$unix(r8, &(0x7f0000000000), 0x651, 0x0)
recvmmsg(r7, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000040)=0x6)
open(&(0x7f0000000340)='./bus\x00', 0x143142, 0x64)
mount(&(0x7f0000000100), &(0x7f0000000280)='./bus\x00', &(0x7f00000002c0)='9p\x00', 0x2008440, &(0x7f0000000300)='trans=rdma,')
gettid()
r9 = syz_open_dev$tty1(0xc, 0x4, 0x1)
ioctl$KDSIGACCEPT(r9, 0x5607, 0x3)
timer_settime(0x0, 0x0, &(0x7f0000000280)={{0x0, 0x989680}, {0x0, 0x989680}}, 0x0)
writev(r0, &(0x7f0000000900)=[{&(0x7f0000000d40)="eee7ee2cffff62a3b47380c988ca", 0xe}], 0x1)

9.256705195s ago: executing program 2 (id=2833):
bpf$PROG_LOAD(0x5, &(0x7f0000000440)={0xd, 0x4, &(0x7f0000000280)=ANY=[@ANYBLOB="b4020000000000007b1148000000000085000000d1000000950a030000000000b88166989a2144c4935cd0a0ac5b95d50e314f5291c01024194fa3573d7c84920d37af3d720892ebc02aa51b49"], &(0x7f0000000080)='GPL\x00', 0x4, 0x16, &(0x7f000000cf3d)=""/195, 0x0, 0x0, '\x00', 0x0, @sock_ops, 0xffffffffffffffff, 0x8, &(0x7f0000000000), 0x0, 0x10, &(0x7f0000000000), 0x76}, 0x21)
syz_io_uring_complete(0x0)
bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f00000013c0)={0x18, 0x3, &(0x7f0000000500)=ANY=[], 0x0}, 0x94)
r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000180), 0x2, 0x0)
ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000200)={0x0}, 0x18)
ioctl$KVM_SET_MSRS(0xffffffffffffffff, 0x4008ae89, &(0x7f0000000080)=ANY=[@ANYBLOB="08000000000000009b000040"])
r1 = openat$vmci(0xffffffffffffff9c, &(0x7f0000000740), 0x2, 0x0)
ioctl$IOCTL_VMCI_VERSION2(r1, 0x7a7, &(0x7f0000000080)=0xb0000)
ioctl$IOCTL_VMCI_INIT_CONTEXT(r1, 0x7a0, &(0x7f0000000000)={@my=0x0})
ioctl$IOCTL_VMCI_INIT_CONTEXT(r1, 0x7a0, &(0x7f0000000040)={@local, 0x1})

9.07644867s ago: executing program 1 (id=2834):
ioctl$BINDER_SET_CONTEXT_MGR_EXT(0xffffffffffffffff, 0x4018620d, &(0x7f0000000100))
r0 = openat$binderfs(0xffffffffffffff9c, &(0x7f0000000180)='./binderfs/binder0\x00', 0x0, 0x0)
ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000080)={0x8, 0x0, &(0x7f0000000400)=[@increfs], 0x0, 0x0, 0x0})
dup3(r0, 0xffffffffffffffff, 0x0) (async)
r1 = dup3(r0, 0xffffffffffffffff, 0x0)
ioctl$BINDER_WRITE_READ(r1, 0xc0306201, &(0x7f00000003c0)={0x8, 0x0, &(0x7f0000000000)=[@acquire], 0x0, 0x0, 0x0}) (async)
ioctl$BINDER_WRITE_READ(r1, 0xc0306201, &(0x7f00000003c0)={0x8, 0x0, &(0x7f0000000000)=[@acquire], 0x0, 0x0, 0x0})
ioctl$BINDER_WRITE_READ(r1, 0xc0306201, &(0x7f00000001c0)={0x54, 0x0, &(0x7f0000003200)=[@release={0x40046306, 0x1}, @transaction_sg={0x40486311, {0x1, 0x0, 0x0, 0x0, 0x1462, 0x0, 0x0, 0x0, 0x18, 0x0, &(0x7f00000031c0)={0x30, 0x30, 0x30}}, 0x40}], 0x0, 0x0, 0x0})
ioctl$KVM_CAP_MAX_VCPU_ID(r1, 0x4068aea3, &(0x7f0000000400)={0x80, 0x0, 0x3e0}) (async)
ioctl$KVM_CAP_MAX_VCPU_ID(r1, 0x4068aea3, &(0x7f0000000400)={0x80, 0x0, 0x3e0})
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x20000008b}, 0x0)
sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x7) (async)
sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x7)
r2 = getpid()
sched_setscheduler(r2, 0x1, &(0x7f0000000200)=0x7)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={<r3=>0xffffffffffffffff, <r4=>0xffffffffffffffff})
connect$unix(r3, &(0x7f0000000180)=@abs, 0x6e)
sendmmsg$unix(r4, &(0x7f00000bd000), 0x318, 0x0)
recvmmsg(r3, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
sched_setscheduler(r2, 0x6, &(0x7f0000000200)=0x6) (async)
sched_setscheduler(r2, 0x6, &(0x7f0000000200)=0x6)
r5 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000200)={0x18, 0xb, &(0x7f0000000380)=ANY=[@ANYBLOB="18000000000000000000000000000000180100002020000000000000000000007b1af8ff00000000bfa100000000000007010000f8ffffffb702000008000000b703000000000000850000000600000095"], &(0x7f0000000100)='GPL\x00', 0x0, 0x0, 0x0, 0x41100, 0x0, '\x00', 0x0, 0x2}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f00000000c0)={0x0, 0xffffffffffffffff, 0x0, 0x3}, 0x18)
r6 = socket$nl_xfrm(0x10, 0x3, 0x6)
bind$netlink(r6, &(0x7f0000000000)={0x10, 0x0, 0x0, 0x10000000000041}, 0xc) (async)
bind$netlink(r6, &(0x7f0000000000)={0x10, 0x0, 0x0, 0x10000000000041}, 0xc)
r7 = socket$inet6_icmp_raw(0xa, 0x3, 0x3a)
setsockopt$inet6_IPV6_XFRM_POLICY(r7, 0x29, 0x23, &(0x7f0000000480)={{{@in6=@private2={0xfc, 0x2, '\x00', 0x1}, @in=@private=0xa010100, 0x0, 0x0, 0x4e21, 0x0, 0x2, 0x0, 0xa0}, {0x0, 0x0, 0x4, 0xfffffffffffffffd, 0x20, 0x0, 0x0, 0x3}, {0xffffbffffffffffc, 0x0, 0x0, 0x1000000000}, 0x0, 0x0, 0x1, 0x0, 0x1, 0x1}, {{@in=@dev={0xac, 0x14, 0x14, 0x35}, 0x4d3, 0x3c}, 0x2, @in=@multicast1, 0xffffffff, 0x4, 0x0, 0x0, 0x0, 0x0, 0x1}}, 0xe8)
connect$inet6(r7, &(0x7f0000000040)={0xa, 0x0, 0x0, @ipv4={'\x00', '\xff\xff', @loopback}}, 0x1c)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000540)={&(0x7f0000000300)='rcu_utilization\x00', r5}, 0x10)
write$RDMA_USER_CM_CMD_CREATE_ID(0xffffffffffffffff, &(0x7f0000000340)={0x0, 0x18, 0xfa00, {0x1, &(0x7f00000002c0), 0x111}}, 0x20) (async)
write$RDMA_USER_CM_CMD_CREATE_ID(0xffffffffffffffff, &(0x7f0000000340)={0x0, 0x18, 0xfa00, {0x1, &(0x7f00000002c0), 0x111}}, 0x20)
r8 = socket$nl_generic(0x10, 0x3, 0x10)
recvmmsg(r8, &(0x7f0000000000)=[{{0x0, 0x0, 0x0}, 0xacd2}], 0x1, 0x12040, 0x0)
openat$ttyS3(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0) (async)
r9 = openat$ttyS3(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0)
ioctl$TIOCSETD(r9, 0x5423, &(0x7f0000000080)=0x2) (async)
ioctl$TIOCSETD(r9, 0x5423, &(0x7f0000000080)=0x2)
ioctl$TIOCSETD(r9, 0x5423, &(0x7f0000000100)=0x11) (async)
ioctl$TIOCSETD(r9, 0x5423, &(0x7f0000000100)=0x11)

9.016004111s ago: executing program 3 (id=2835):
sendmmsg$inet6(0xffffffffffffffff, &(0x7f0000000440)=[{{&(0x7f0000002180)={0xa, 0x4e21, 0x8, @local, 0x8}, 0x1c, 0x0}}], 0x1, 0x240880d1)
r0 = openat$ptmx(0xffffffffffffff9c, &(0x7f0000000080), 0x41, 0x0)
write$binfmt_aout(r0, &(0x7f00000001c0)=ANY=[], 0xff2e)
ioctl$TCSETS(r0, 0x40045431, &(0x7f0000000dc0)={0x0, 0x0, 0x0, 0x20000, 0xfe, "0062ba7d82000000160000000000f738096304"})
r1 = syz_open_pts(r0, 0x80)
r2 = dup3(r1, r0, 0x80000)
read(r2, &(0x7f00000000c0)=""/226, 0xe2)
r3 = socket$nl_route(0x10, 0x3, 0x0)
sendmsg$nl_route(r3, &(0x7f0000000280)={0x0, 0x0, &(0x7f0000000140)={&(0x7f0000000380)=@newlink={0x3c, 0x10, 0x403, 0x0, 0x25dfdbfe, {0x0, 0x0, 0x74, 0x0, 0x800, 0x2000}, [@IFLA_LINKINFO={0x1c, 0x12, 0x0, 0x1, @bridge={{0xb}, {0xc, 0x2, 0x0, 0x1, [@IFLA_BR_VLAN_PROTOCOL={0x6, 0x8, 0x9a8}]}}}]}, 0x3c}, 0x1, 0x0, 0x0, 0x800}, 0x0)
r4 = socket$nl_generic(0x10, 0x3, 0x10)
r5 = syz_genetlink_get_family_id$devlink(&(0x7f0000000040), 0xffffffffffffffff)
r6 = syz_clone(0x3104400, &(0x7f0000000080)="ff494515a15b562992ece6ce132896edc19fcc41fda54070df6165d5486774bf6182bc8d217b3b", 0x27, &(0x7f00000000c0), &(0x7f0000000100), &(0x7f0000000180)="10fd8b8f196fa145972b287cbb94935882a840328e18e93a7438e6f5aec0e1b3e8c43faa469c4be92d74a4ed678a494aedf179e9970b2e60c10631531c7e19e22eb1ee077f50341a885904fd52496e9023c535771e17a0801d19b914c45ebfbf")
sendmsg$DEVLINK_CMD_RELOAD(r4, &(0x7f0000000300)={&(0x7f0000000000)={0x10, 0x0, 0x0, 0x2000000}, 0xc, &(0x7f00000002c0)={&(0x7f0000000200)={0x60, r5, 0x300, 0x70bd28, 0x25dfdbfd, {}, [{@nsim={{0xe}, {0xf, 0x2, {'netdevsim', 0x0}}}, @DEVLINK_ATTR_NETNS_PID={0x8, 0x8b, r6}}, {@pci={{0x8}, {0x11}}, @DEVLINK_ATTR_NETNS_ID={0x8, 0x8c, 0x3}}]}, 0x60}, 0x1, 0x0, 0x0, 0x24000084}, 0x8000)

9.015606039s ago: executing program 2 (id=2836):
munmap(&(0x7f0000002000/0x2000)=nil, 0x2000)
r0 = inotify_init()
r1 = socket$nl_netfilter(0x10, 0x3, 0xc)
sendmsg$IPSET_CMD_CREATE(r1, &(0x7f0000000040)={0x0, 0x0, &(0x7f0000000080)={&(0x7f00000003c0)={0x60, 0x2, 0x6, 0x5, 0x0, 0x0, {}, [@IPSET_ATTR_REVISION={0x5}, @IPSET_ATTR_SETNAME={0x9, 0x2, 'syz2\x00'}, @IPSET_ATTR_PROTOCOL={0x5}, @IPSET_ATTR_FAMILY={0x5, 0x5, 0xa}, @IPSET_ATTR_TYPENAME={0x11, 0x3, 'hash:net,net\x00'}, @IPSET_ATTR_DATA={0x14, 0x7, 0x0, 0x1, [@IPSET_ATTR_NETMASK={0x5}, @IPSET_ATTR_CADT_FLAGS={0x8, 0x8, 0x1, 0x0, 0x4}]}]}, 0x60}}, 0x0)
inotify_add_watch(r0, &(0x7f0000000000)='.\x00', 0x400017e)
r2 = openat(0xffffffffffffff9c, &(0x7f0000000040)='.\x00', 0x0, 0x0)
fchown(r2, 0x0, 0xee01)
r3 = socket$l2tp6(0xa, 0x2, 0x73)
ioctl$sock_SIOCOUTQ(r3, 0x5411, 0x0)
openat$cgroup_ro(r2, &(0x7f0000000900)='net_prio.prioidx\x00', 0x275a, 0xb)
read$FUSE(r0, &(0x7f0000001fc0)={0x2020}, 0x2020)

8.646639359s ago: executing program 2 (id=2837):
unshare(0x62040200) (async)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0x3, 0x8031, 0xffffffffffffffff, 0x0) (async)
r0 = openat$hwrng(0xffffffffffffff9c, &(0x7f000001aa40), 0x341800, 0x0)
accept4$netrom(r0, 0x0, 0x0, 0x80800) (async)
r1 = socket$inet_tcp(0x2, 0x1, 0x0) (async)
r2 = socket$nl_netfilter(0x10, 0x3, 0xc)
sendmsg$IPCTNL_MSG_CT_GET(r2, &(0x7f0000000240)={0x0, 0x0, &(0x7f0000000180)={&(0x7f0000000100)={0x24, 0x1, 0x1, 0x301, 0x0, 0x0, {0x7, 0x0, 0x5}, [@CTA_STATUS_MASK={0x8, 0x1a, 0x1, 0x0, 0x7}, @CTA_MARK={0x8, 0x8, 0x1, 0x0, 0x8}]}, 0x24}, 0x1, 0x0, 0x0, 0x804}, 0x80) (async)
syz_open_dev$audion(0x0, 0x400000009, 0x60000) (async)
r3 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, 0x0, 0x0) (async)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8000}, 0x0) (async)
syz_open_dev$loop(&(0x7f0000000080), 0x9, 0x80080) (async)
sched_setscheduler(0x0, 0x2, &(0x7f0000000640)=0x3) (async)
sched_setaffinity(0x0, 0x0, 0x0) (async)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
r4 = syz_open_dev$MSR(&(0x7f00000001c0), 0x0, 0x0)
read$msr(r4, &(0x7f0000001a40)=""/102392, 0x18ff8) (async)
bpf$PROG_LOAD(0x5, 0x0, 0x0) (async)
r5 = socket$nl_route(0x10, 0x3, 0x0)
ioctl$sock_SIOCGIFINDEX(r5, 0x8933, &(0x7f0000000080)={'hsr0\x00', <r6=>0x0}) (async)
r7 = socket$nl_route(0x10, 0x3, 0x0)
sendmsg$nl_route(r7, &(0x7f0000000300)={0x0, 0x0, &(0x7f0000000000)={&(0x7f000001aa80)=ANY=[@ANYBLOB="b400000010000904000000000000000000002200", @ANYRES32=r3, @ANYBLOB="fffffffed9526cfd8400128009000100766c616e000000007400028006000100000600000c000200367da1650e000000280003800c00010001800000002000000c000100a1000000c84200000c0001000800000008000000340004800c00010006000000ff0300000c00010004000000080000000c00010004000000020000000c000100050000000300000008000500", @ANYRES32=r6, @ANYBLOB='\b\x00\n\x00', @ANYRESOCT, @ANYRESOCT=r4], 0xb4}}, 0x0)
openat$urandom(0xffffffffffffff9c, &(0x7f0000002180), 0x80000, 0x0)
read$FUSE(0xffffffffffffffff, &(0x7f0000000040)={0x2020}, 0x2020)
ioctl$KVM_RUN(0xffffffffffffffff, 0xae80, 0x0)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f00000003c0)={&(0x7f00000002c0)='contention_end\x00', r3}, 0x10) (async)
mount(&(0x7f0000000100)=@md0, &(0x7f0000000040)='.\x00', &(0x7f0000000000)='virtiofs\x00', 0x5, 0x0)
getsockopt$IPT_SO_GET_INFO(r1, 0x0, 0x40, &(0x7f0000000000)={'raw\x00', 0x7003, [0x0, 0x5]}, &(0x7f0000000100)=0x54)

7.500537395s ago: executing program 3 (id=2838):
r0 = syz_open_dev$dri(&(0x7f00000000c0), 0x6, 0x0)
ioctl$DRM_IOCTL_MODE_GETRESOURCES(r0, 0xc04064a0, &(0x7f00000001c0)={0x0, &(0x7f00000002c0)=[0x0], &(0x7f0000000340)=[0x0], 0x0, 0x0, 0x1, 0x1, 0xff3f})
r1 = socket$inet6(0xa, 0x2, 0x0)
r2 = accept4$llc(0xffffffffffffffff, &(0x7f0000000040)={0x1a, 0x0, 0x0, 0x0, 0x0, 0x0, @link_local}, &(0x7f0000000100)=0x10, 0x100400)
getpeername$llc(r2, &(0x7f0000000140)={0x1a, 0x0, 0x0, 0x0, 0x0, 0x0, @link_local}, &(0x7f0000000180)=0x10)
bind$inet6(r1, &(0x7f0000f5dfe4)={0xa, 0x4e20, 0x0, @empty}, 0x1c)
socket$nl_netfilter(0x10, 0x3, 0xc)
setsockopt$SO_BINDTODEVICE(0xffffffffffffffff, 0x1, 0x19, &(0x7f0000000040)='veth1_virt_wifi\x00', 0x10)
bind$alg(0xffffffffffffffff, 0x0, 0x0)
setsockopt$ALG_SET_KEY(0xffffffffffffffff, 0x117, 0x1, &(0x7f0000000280)="ad56b6c5820fae9d6dcd3292ea54c7beef915d564c", 0x15)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000180)=0x4)
sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2)
r3 = syz_open_dev$MSR(&(0x7f00000001c0), 0x0, 0x0)
r4 = syz_init_net_socket$bt_hci(0x1f, 0x3, 0x1)
bind$bt_hci(r4, &(0x7f0000000040), 0x6)
socket$unix(0x1, 0x1, 0x0)
r5 = socket$inet6(0xa, 0x3, 0xff)
setsockopt$inet6_IPV6_RTHDR(r5, 0x29, 0x39, &(0x7f0000000140)=ANY=[@ANYBLOB="000202"], 0x18)
sendto$l2tp6(r5, 0x0, 0x0, 0x20000890, &(0x7f00000002c0)={0xa, 0x0, 0x7, @private2, 0x6, 0x1}, 0x20)
r6 = syz_init_net_socket$bt_hci(0x1f, 0x3, 0x1)
bind$bt_hci(r6, &(0x7f0000000140)={0x1f, 0xffff, 0x2}, 0x6)
read$msr(r3, &(0x7f0000019680)=""/102392, 0x18ff8)
recvmsg$unix(0xffffffffffffffff, &(0x7f0000000200)={0x0, 0x0, 0x0}, 0x0)
socket$inet6_sctp(0xa, 0x5, 0x84)
r7 = socket$inet_sctp(0x2, 0x1, 0x84)
setsockopt$IP_VS_SO_SET_ADD(r7, 0x0, 0x482, &(0x7f0000000040)={0x84, @multicast1, 0x4e23, 0x2, 'dh\x00', 0x1, 0x5, 0x16}, 0x2c)
bpf$PROG_LOAD(0x5, 0x0, 0xfffffec0)
syz_init_net_socket$bt_hci(0x1f, 0x3, 0x1)

6.294472615s ago: executing program 1 (id=2839):
openat$sequencer(0xffffffffffffff9c, &(0x7f0000000040), 0x8002, 0x0)
r0 = syz_open_dev$vim2m(&(0x7f0000000040), 0x8, 0x2)
utime(&(0x7f0000001080)='./cgroup.cpu/cgroup.procs\x00', 0x0)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000200)=0x7)
getsockopt$inet_sctp6_SCTP_ENABLE_STREAM_RESET(0xffffffffffffffff, 0x84, 0x76, &(0x7f00000001c0)={<r1=>0x0, 0x5edf}, &(0x7f0000000200)=0x8)
r2 = getpid()
sched_setscheduler(r2, 0x2, &(0x7f0000000200)=0x7)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f00000000c0)={<r3=>0xffffffffffffffff, <r4=>0xffffffffffffffff})
connect$unix(r3, &(0x7f000057eff8)=@abs, 0x6e)
sendmmsg$unix(r4, &(0x7f0000000000), 0x651, 0x0)
recvmmsg(r3, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000000)=0x6)
socketpair$unix(0x1, 0x1, 0x0, &(0x7f0000000040)={<r5=>0xffffffffffffffff, <r6=>0xffffffffffffffff})
bpf$MAP_CREATE(0x0, &(0x7f0000000100)=ANY=[@ANYBLOB="0f00000004000000040000001200000000000000", @ANYRES64=r5, @ANYRESOCT=r4, @ANYRES32=0x0, @ANYRES32, @ANYRES32=r1], 0x48)
r7 = bpf$PROG_LOAD_XDP(0x5, &(0x7f0000000340)={0xe, 0x4, &(0x7f0000000400)=ANY=[@ANYBLOB="18020000801000000000000004000000850000002e00000095"], &(0x7f0000000000)='syzkaller\x00', 0x0, 0x0, 0x0, 0x40f00}, 0x80)
bpf$BPF_PROG_DETACH(0x8, &(0x7f00000002c0)=ANY=[@ANYRES32=r7, @ANYBLOB="2d000000ffef000000000000", @ANYRES32, @ANYBLOB, @ANYRES64=0x0], 0x20)
bpf$MAP_UPDATE_ELEM_TAIL_CALL(0x2, &(0x7f0000000740)={{}, 0x0, &(0x7f0000000700)=r6}, 0x20)
sendmsg$inet(r5, &(0x7f0000000980)={0x0, 0x0, &(0x7f0000000900)}, 0x0)
ioctl$vim2m_VIDIOC_G_FMT(r0, 0xc0d05604, &(0x7f00000001c0)={0x2, @sdr={0x32435750, 0x5}})

6.014508541s ago: executing program 3 (id=2840):
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x88}, 0x0)
r0 = getpid()
sched_setscheduler(r0, 0x2, &(0x7f0000000200)=0x7)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0)
sched_setscheduler(r0, 0x5, &(0x7f0000000040)=0x8)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={<r1=>0xffffffffffffffff, <r2=>0xffffffffffffffff})
connect$unix(r1, &(0x7f000057eff8)=@abs, 0x6e)
sendmmsg$unix(r2, &(0x7f0000000000), 0x40001e0, 0x0)
recvmmsg(r1, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000000)=0x6)
r3 = socket$inet_tcp(0x2, 0x1, 0x0)
getsockopt$inet_tcp_buf(r3, 0x6, 0x23, &(0x7f00000000c0)=""/40, &(0x7f0000000140)=0x28)
bpf$MAP_CREATE(0x0, &(0x7f00000002c0)=@base={0x11, 0x4, 0x4, 0xff}, 0x50)
bpf$MAP_UPDATE_ELEM(0x2, &(0x7f0000000340)={0xffffffffffffffff, &(0x7f0000000140), &(0x7f0000000080)=@udp}, 0x20)

5.250350095s ago: executing program 1 (id=2841):
openat$binderfs(0xffffffffffffff9c, &(0x7f00000000c0)='./binderfs/binder1\x00', 0x1002, 0x0)
socket$inet6_udp(0xa, 0x2, 0x0)
mkdir(&(0x7f00000026c0)='./file0\x00', 0x40)
lsetxattr$security_smack_transmute(&(0x7f0000002a00)='./file0\x00', &(0x7f0000002a40), &(0x7f0000002a80), 0x4, 0x1)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000180)=0x3)
sched_setaffinity(0x0, 0x8, &(0x7f00000000c0)=0xa)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
r0 = syz_open_dev$MSR(&(0x7f00000001c0), 0x0, 0x0)
read$msr(r0, &(0x7f0000019680)=""/102392, 0x18ff8)
prlimit64(0x0, 0xe, 0x0, 0x0)
sendmsg$NFT_BATCH(0xffffffffffffffff, &(0x7f0000000240)={0x0, 0x0, 0x0}, 0x0)
r1 = syz_init_net_socket$bt_l2cap(0x1f, 0x1, 0x3)
r2 = syz_open_dev$video4linux(&(0x7f00000002c0), 0x10000, 0x0)
ioctl$VIDIOC_SUBDEV_S_FRAME_INTERVAL(r2, 0xc0305616, &(0x7f0000000240))
connect$packet(r1, &(0x7f0000000200)={0x1f, 0xf8, 0x0, 0x1, 0x2}, 0x14)
setsockopt$sock_linger(r1, 0x1, 0xd, &(0x7f0000000040)={0x1, 0x380000}, 0x8)
shutdown(r1, 0x1)
openat$fuse(0xffffffffffffff9c, &(0x7f0000000000), 0x2, 0x0)

4.170052098s ago: executing program 1 (id=2842):
r0 = socket$rxrpc(0x21, 0x2, 0xa)
bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, 0x0, 0x0)
bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, 0x0, 0x0)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0)
sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x7)
r1 = getpid()
sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2)
sched_setscheduler(r1, 0x2, &(0x7f0000000200)=0x4)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeef, 0x8031, 0xffffffffffffffff, 0x0)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={<r2=>0xffffffffffffffff, <r3=>0xffffffffffffffff})
connect$unix(r2, &(0x7f000057eff8)=@abs={0x0, 0x0, 0x4e22}, 0x6e)
sendmmsg$unix(r3, &(0x7f0000000000), 0x400000000000041, 0x0)
sched_setaffinity(r1, 0xffffffb3, &(0x7f0000000240)=0x2)
recvmmsg(r2, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
getsockopt$bt_BT_DEFER_SETUP(0xffffffffffffffff, 0x112, 0x7, 0xffffffffffffffff, 0x0)
connect$inet(0xffffffffffffffff, &(0x7f0000000180)={0x2, 0x4e21, @local}, 0x10)
sendto$inet(0xffffffffffffffff, &(0x7f0000000000), 0xffffffffffffff94, 0x0, 0x0, 0x0)
bind$rxrpc(r0, &(0x7f0000000000)=@in6={0x21, 0x0, 0x2, 0x1c, {0xa, 0x4e22, 0x80000000, @mcast1, 0x4}}, 0x24)
syz_memcpy_off$IO_URING_METADATA_GENERIC(0x0, 0x4, &(0x7f0000000080)=0xfffffffc, 0x0, 0x4)
syz_io_uring_submit(0x0, 0x0, &(0x7f00000002c0)=@IORING_OP_WRITEV={0x2, 0x0, 0x4004, @fd_index=0x3, 0x0, 0x0})
r4 = openat$tun(0xffffffffffffff9c, &(0x7f0000000240), 0x0, 0x0)
ioctl$TUNSETIFF(r4, 0x400454ca, &(0x7f0000000040)={'syzkaller0\x00', 0x7101})
r5 = socket(0x10, 0x803, 0x0)
r6 = socket$unix(0x1, 0x1, 0x0)
ioctl$sock_SIOCGIFINDEX(r6, 0x8933, &(0x7f0000000100)={'syzkaller0\x00', <r7=>0x0})
sendmsg$nl_route_sched(r5, &(0x7f00000012c0)={0x0, 0x0, &(0x7f0000000080)={&(0x7f00000005c0)=@newqdisc={0x38, 0x24, 0x4ee4e6a52ff56541, 0x70bd2b, 0xffffffff, {0x0, 0x0, 0x0, r7, {0x0, 0x7}, {0xffff, 0xffff}}, [@qdisc_kind_options=@q_multiq={{0xb}, {0x8, 0x2, {0xfffd}}}]}, 0x38}}, 0x0)
sendmsg$nl_route_sched(r5, &(0x7f0000006040)={0x0, 0x0, &(0x7f0000000300)={&(0x7f0000000340)=@newtfilter={0x68, 0x2c, 0xd27, 0x70bd2a, 0x8000002, {0x0, 0x0, 0x0, r7, {0x0, 0x6}, {}, {0x7, 0xa}}, [@filter_kind_options=@f_basic={{0xa}, {0x38, 0x2, [@TCA_BASIC_EMATCHES={0x34, 0x2, 0x0, 0x1, [@TCA_EMATCH_TREE_HDR={0x8, 0x1, {0xffff}}, @TCA_EMATCH_TREE_LIST={0x28, 0x2, 0x0, 0x1, [@TCF_EM_CANID={0x24, 0x1, 0x0, 0x0, {{0x8, 0x7, 0x4}, {{0x1, 0x0, 0x1}, {0x4, 0x1, 0x1, 0x1}}}}, @TCF_EM_IPSET={0x10, 0x2, 0x0, 0x0, {{0x3}, {0xffffffffffffffff, 0x1, 0x8}}}]}]}]}}]}, 0x68}, 0x1, 0x0, 0x0, 0x24008004}, 0x0)
io_uring_enter(0xffffffffffffffff, 0x3516, 0x0, 0x0, 0x0, 0x0)

4.075913643s ago: executing program 4 (id=2843):
mmap(&(0x7f0000000000/0xfbe000)=nil, 0xfbe000, 0x2, 0x31, 0xffffffffffffffff, 0x0)
r0 = bpf$MAP_CREATE_CONST_STR(0x0, &(0x7f0000000000)=ANY=[@ANYBLOB="0200000004000000080000000100000080000000", @ANYRES32=0x1, @ANYBLOB='\x00'/20, @ANYRES32=0x0, @ANYRES32, @ANYBLOB="00000000000000000000000000000000000000000000000000000000cf0af86c"], 0x50)
r1 = bpf$MAP_CREATE(0x0, &(0x7f00000000c0)=ANY=[@ANYBLOB="1b00000000000000003c00000080000000000000", @ANYRES32, @ANYBLOB='\x00'/20, @ANYRES32=0x0, @ANYRES32, @ANYBLOB='\x00'/28], 0x48)
r2 = bpf$PROG_LOAD(0x5, &(0x7f0000000240)={0x1f, 0x19, &(0x7f0000000500)=@framed={{0x18, 0x0, 0x0, 0x0, 0x1f, 0x0, 0x0, 0x0, 0x7e}, [@ringbuf_output={{0x18, 0x1, 0x1, 0x0, r1}, {0x7, 0x0, 0xb, 0x8, 0x0, 0x0, 0x101}}, @snprintf={{}, {0x3, 0x3, 0x3, 0xa, 0xa}, {0x5}, {}, {}, {}, {}, {}, {}, {0x18, 0x3, 0x2, 0x0, r0}, {}, {0x85, 0x0, 0x0, 0xb3}}]}, &(0x7f00000000c0)='GPL\x00', 0x3, 0x0, 0x0, 0x41100, 0x18, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xebfb}, 0x94)
mkdirat(0xffffffffffffff9c, &(0x7f0000002040)='./file0\x00', 0x0)
mkdir(&(0x7f00000000c0)='./bus\x00', 0x0)
mkdirat(0xffffffffffffff9c, &(0x7f0000000340)='./file1\x00', 0x0)
poll(&(0x7f0000000300)=[{r0, 0x161c}, {r0, 0x4005}, {r2, 0x4000}, {r0, 0x401}, {r2, 0x1}, {r2}, {r1, 0x40a}, {r1, 0x2000}], 0x8, 0x8001)
ioctl$sock_ipv6_tunnel_SIOCGETTUNNEL(0xffffffffffffffff, 0x89f0, &(0x7f00000001c0)={'syztnl0\x00', &(0x7f0000000140)={'syztnl0\x00', <r3=>0x0, 0x4, 0x5, 0x20, 0x8, 0x40, @remote, @remote, 0x7800, 0x7800, 0x9, 0x63}})
r4 = bpf$BPF_BTF_LOAD(0x12, &(0x7f0000000200)={&(0x7f0000000600)={{0xeb9f, 0x1, 0x0, 0x18, 0x0, 0x44, 0x44, 0x5, [@union={0x3, 0x2, 0x0, 0x5, 0x1, 0x5, [{0x2, 0x1, 0x8}, {0x4, 0x3, 0x1}]}, @decl_tag={0x3, 0x0, 0x0, 0x11, 0x4, 0x9}, @int={0xb, 0x0, 0x0, 0x1, 0x0, 0x51, 0x0, 0x3e, 0x5}]}, {0x0, [0x2e, 0x0, 0x61]}}, &(0x7f0000000680)=""/83, 0x61, 0x53, 0x1, 0x0, 0x2e38803f3b9113d}, 0x28)
bpf$MAP_CREATE_CONST_STR(0x0, &(0x7f0000000780)={0x2, 0x4, 0x8, 0x1, 0x80, r1, 0x93b4, '\x00', r3, r4, 0x0, 0x3, 0x2}, 0x50)
mount$overlay(0x0, &(0x7f00000000c0)='./bus\x00', &(0x7f0000000000), 0x0, &(0x7f0000000400)={[{@workdir={'workdir', 0x3d, './bus'}}, {@lowerdir={'lowerdir', 0x3d, './file0'}}, {@upperdir={'upperdir', 0x3d, './file1'}}]})
chdir(&(0x7f0000000080)='./file1\x00')
mkdirat(0xffffffffffffff9c, &(0x7f0000000280)='./file0\x00', 0x10)
mkdir(&(0x7f0000000080)='./bus\x00', 0x0)
mkdir(&(0x7f0000000440)='./file1\x00', 0x0)
mount$overlay(0x0, &(0x7f00000000c0)='./bus\x00', &(0x7f0000000080), 0x0, &(0x7f00000004c0)={[{@workdir={'workdir', 0x3d, './bus'}}, {@lowerdir={'lowerdir', 0x3d, './file0'}}, {@upperdir={'upperdir', 0x3d, './file1'}}, {@index_off}]})
bpf$BPF_GET_PROG_INFO(0xf, &(0x7f0000000740)={r2, 0xe0, &(0x7f00000003c0)={0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2, &(0x7f0000001400)=[0x0, 0x0], ""/16, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x72, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x62, 0x8, 0x0, 0x0}}, 0x10)
socket$pppl2tp(0x18, 0x1, 0x1)

2.850387269s ago: executing program 4 (id=2844):
r0 = syz_open_dev$vim2m(&(0x7f0000000100), 0x0, 0x2)
ioctl$vim2m_VIDIOC_REQBUFS(r0, 0xc0145608, &(0x7f0000000000)={0x6, 0x1, 0x1, 0x0, 0x3})
r1 = gettid()
timer_create(0x0, &(0x7f0000533fa0)={0x0, 0x21, 0x800000000004, @tid=r1}, &(0x7f0000bbdffc))
timer_settime(0x0, 0x0, &(0x7f0000000280)={{0x0, 0x989680}, {0x0, 0x989680}}, 0x0)
ioctl$vim2m_VIDIOC_STREAMOFF(r0, 0x40045612, 0x0)
ioctl$vim2m_VIDIOC_STREAMOFF(r0, 0x40045612, &(0x7f0000000080)=0x2)
ioctl$IOMMU_VFIO_IOAS$SET(0xffffffffffffffff, 0x3b88, &(0x7f00000004c0)={0xc})
io_uring_enter(0xffffffffffffffff, 0x666a, 0x90d5, 0x0, &(0x7f0000000480)={[0x7]}, 0x8)

2.811520088s ago: executing program 2 (id=2845):
r0 = socket$nl_netfilter(0x10, 0x3, 0xc)
sendmsg$NFT_BATCH(r0, &(0x7f000000c2c0)={0x0, 0x0, &(0x7f0000000280)={&(0x7f00000003c0)=ANY=[@ANYBLOB="140000001000000000000000000400000000000a28000000000a0101000000005e1affd5020000000900010073797a300000000008000240000000032c000000030a01030000e6ff00000000020000000900010073797a30000000000900030073797a320000000014000000110001"], 0x7c}}, 0x0)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000080)=0x8)
r1 = getpid()
sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2)
sched_setscheduler(r1, 0x2, &(0x7f0000000200)=0x7)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={<r2=>0xffffffffffffffff, <r3=>0xffffffffffffffff})
connect$unix(r2, &(0x7f000057eff8)=@abs={0x0, 0x0, 0x2000000}, 0x6e)
recvmmsg(r2, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
ioctl$sock_SIOCGIFCONF(r3, 0x8912, &(0x7f00000003c0)=@buf)
socket$inet6_icmp_raw(0xa, 0x3, 0x3a)
r4 = socket$netlink(0x10, 0x3, 0x0)
sendmsg$nl_route(r4, &(0x7f0000000100)={0x0, 0x0, &(0x7f0000001140)={&(0x7f0000000300)=ANY=[@ANYBLOB="4400000010000305fcffffff0000000000000000", @ANYRES32=0x0, @ANYBLOB="05030200157e0000140012800c0001756d6163767461700004000235a3000500333d14629cfa2ed86da1b0c7ce8014f0357ecac64a9a69654e9c44dbb84146fb4b89cbd26fe94fa622168c7b8d301c34fb4d146314573da5", @ANYRES32=0x0, @ANYBLOB="08000400"], 0x44}, 0x1, 0x0, 0x0, 0x8000}, 0x48094)
mkdirat$cgroup_root(0xffffffffffffff9c, 0x0, 0x1ff)
r5 = openat$cgroup_type(0xffffffffffffffff, &(0x7f00000001c0), 0x2, 0x0)
write$cgroup_type(r5, 0x0, 0x0)
syz_emit_vhci(&(0x7f0000000180)=ANY=[@ANYBLOB="043e110b07"], 0xec)
sendmsg$NFT_BATCH(r0, &(0x7f0000000100)={0x0, 0x0, &(0x7f0000000040)={&(0x7f0000000180)=ANY=[@ANYBLOB="14000000100001005d790000000000000500000a60000000060a0b0400000000000000000200000234000480300001800b00010074617267657400002000028008000240000000010800030002b511120c0001004e465155455545000900010073797a30000000000900020073797a320000000014000000110001"], 0x88}}, 0x0)
r6 = openat$comedi(0xffffff9c, &(0x7f0000000040)='/dev/comedi2\x00', 0xa400, 0x0)
ioctl$COMEDI_DEVCONFIG(r6, 0x40946400, &(0x7f0000000140)={'fl512\x00', [0x10, 0x2166, 0x0, 0x100000, 0x88d7, 0x2, 0x1, 0x10, 0x1002, 0xffffffff, 0x600, 0x60e7b7b4, 0x1344, 0x1, 0x7, 0x1, 0x4, 0x3, 0x9, 0xb, 0x103, 0x3, 0x7, 0xa, 0x5, 0x1, 0xb0c4, 0x4, 0x8, 0x400007, 0x1]})

2.648464079s ago: executing program 1 (id=2846):
mmap(&(0x7f0000000000/0xfbe000)=nil, 0xfbe000, 0x2, 0x31, 0xffffffffffffffff, 0x0)
remap_file_pages(&(0x7f0000edc000/0x3000)=nil, 0x3000, 0x0, 0x800, 0x40)
mprotect(&(0x7f0000608000/0x1000)=nil, 0x1000, 0xc)
r0 = socket$inet6_mptcp(0xa, 0x1, 0x106)
sendto$inet6(r0, 0x0, 0x0, 0x20004041, 0x0, 0x0)
r1 = syz_open_dev$sndmidi(0x0, 0x2, 0x141101)
socket(0x10, 0x3, 0x0)
r2 = dup(r1)
write$6lowpan_enable(r2, 0x0, 0x0)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
shmctl$SHM_STAT(0x0, 0xd, 0x0)
r3 = memfd_create(0x0, 0x0)
ftruncate(r3, 0x80079a0)
mmap(&(0x7f0000200000/0x400000)=nil, 0x400000, 0xb, 0x11, r3, 0x0)
r4 = openat$tun(0xffffffffffffff9c, &(0x7f0000000000), 0x40241, 0x0)
ioctl$TUNSETIFF(r4, 0x400454ca, &(0x7f0000000200)={'syzkaller1\x00', 0xc201})
r5 = socket$kcm(0x2, 0xa, 0x2)
ioctl$SIOCSIFHWADDR(r5, 0x8914, &(0x7f0000000180)={'syzkaller1\x00', @link_local})
socket$nl_route(0x10, 0x3, 0x0)
sendmsg$nl_route(0xffffffffffffffff, 0x0, 0x0)
write$tun(r4, &(0x7f0000000040)=ANY=[@ANYBLOB="1cfb32a3ca000000080000000000"], 0xe)
madvise(&(0x7f0000000000/0x600000)=nil, 0x600003, 0x19)
r6 = openat$ttyprintk(0xffffffffffffff9c, 0x0, 0x425041, 0x0)
ioctl$TIOCSETD(r6, 0x5423, &(0x7f0000000000)=0xe)
ioctl$TCFLSH(r6, 0x540b, 0xfffffffffffeffff)
connect$inet6(r0, &(0x7f0000000280)={0xa, 0x0, 0x0, @dev={0xfe, 0x80, '\x00', 0x19}, 0x7}, 0x1c)
r7 = socket$nl_generic(0x10, 0x3, 0x10)
r8 = syz_genetlink_get_family_id$mptcp(&(0x7f00000002c0), 0xffffffffffffffff)
sendmsg$MPTCP_PM_CMD_ADD_ADDR(r7, &(0x7f0000000480)={0x0, 0x0, &(0x7f0000000440)={&(0x7f00000001c0)=ANY=[@ANYBLOB='(\x00\x00\x00', @ANYRES16=r8, @ANYBLOB="0900000000000000000002000000140001800500020001"], 0x28}}, 0x0)
ioctl$VHOST_SET_VRING_ERR(r2, 0x4008af22, &(0x7f0000000240)={0x1, r2})

2.508028647s ago: executing program 4 (id=2847):
r0 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000200)={0x18, 0x4, &(0x7f00000009c0)=ANY=[@ANYBLOB="18010000000000000000000000000000850000006d00000095"], &(0x7f0000000100)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x2}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000080)={&(0x7f0000000000)='sched_switch\x00', r0}, 0x10)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x88}, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000240)=0x7)
r1 = getpid()
sched_setscheduler(r1, 0x2, &(0x7f0000000200)=0x7)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={<r2=>0xffffffffffffffff, <r3=>0xffffffffffffffff})
connect$unix(r2, &(0x7f000057eff8)=@abs={0x0, 0x0, 0x4e24}, 0x6e)
sendmmsg$unix(r3, &(0x7f0000000000), 0x651, 0x0)
recvmmsg(r2, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000000)=0x6)
bpf$PROG_LOAD(0x5, &(0x7f00000054c0)={0x3, 0x16, &(0x7f0000000140)=ANY=[@ANYBLOB="61154c00000000006113300000000000bfa00000000000001503000008004e002d3501000000000095003fbc000000006916000000000000bf67000000000000350605000fff07206706000005000000160302000ee60060bf500000000000000f650000000000006507f9ff0100000007070000cddfffff1e75000000000000bf54000000000000070400000400f9ffad4501000000000095000000000000001500000000000000950000000000000032ed3c12dc8c27df8ecf264e0f84f9f17d3c30e32f1754558f2278af6d71d79a5e12814cb1d8a5d4601d295c45a6a0b9bdb7dd3997f9c9c4f6f3be4b369289aa6812b8e007e733a9a4f1b0af3dda82ee45a010fb94fe9de57b9d8a81426104000000000000c6c60bf70d742a81762bab8395fa64810b5b40d893ea8fe0185473d51b546ccd3f1d5ab2af27546e7c0700000000000000b555202da2e0ec2871b4a7e65836429a527dc47ebe84a423b6c8d345dc8da3085b0ab71ca1b901627b562ed04ae76002d4519af619e3cca4d69e0dee5eb106774a8f3e6916dfec88158f0200000000c8fb730a5c1bf2b2bb71a629361997a75fd552bdc2300000008ac86d8a297dff0445a15f21dce4de9f29eff65aadc841848c9b562a31e56723888fb126a163f16f920ae2fb494059bba8e3b680324a188076eb685d55c4e9b2ad9bc1172ba7cbebe174aba210d739a018f9bbec63222d20cecac4d03723f1c932b3a6aa57f1ad2e99e0e67ab93716d20000009f0f53acbb40b4f8e2738270b31562ed834f2af97787f696649a462e7ee4bcf8b07a10d6735154beb4000000000000000000000000004000bc00f679629709e7e78f4d08000000ebe6bd9d42ca0140a7afaab43176e65ec1118d50d1e827f3472f4445d253880800000000000000690884f800031e03a651bb96589a7e2e509bcc1d161347623cb5e7ac4629c8ab04871bc47287cd31cc43000000207b40407d000000210000000000000000005f37d83f84e98a523d80bd970d703f37ca364a601ae899a56715a0a62a34c6c94cce6994521629ab028acfc1d926a0f6a5489af8dc2f17923f3c40dfd1970a55c22fe3a5ac000000000000000000000000000000c1eb2d91fb79ea00000000000000bb0d0000000000000000b712c1e47be511fe32fbc90e2364a55e9bb609c64423d2d00fea2594e190deae46e26c596f84eba9000000000000003cc3aa39ee4b1386bab561cda886fa642994cacd4722a11dc3c693962895496d4f6e9cc54db6c7205a6b068fff496d2da7d632bd1f61b007e1ff5f1be1969a1ba791ad46d800000000c7f26a0337302f3b41eae59809fd05d12f6186f117b062df67d3a63f3265dd1410eea68208a3f26b2989b832d8b34a34a4f08b34b3042065acaa10856e858d27adee7daf32903d3fc78700d429a2d4c835d803eb83eecfe4c7ff9e6ab5a52e83d089dad7a8710e0254f1b11cced7bc3c8da0c44d2ebf9f6f3ff3be4d1458077c2253b0c7c7a0a9fdd63bf910dc20e5cb2a88e59febc47f1212a21f631dbaa74f22bad050e9856b48ae3a03a497c37758537650fe6db88aa3c41fdc3d78e046f6160e1741299e8dc29906870e6431ed1eab5d067a183f064b060a8ec12725d42e3a74863d66bee966b1574f8e01b3f34a267ff0afa1e1c758a0079b747067312e9815a21cb3f1f8150d999d788535a4d3114dbc7e2bf2402a75fd7a55733360040855ed5d1c0d634fb9fb38f84d9d87b27f8a5d91217b728f13e3ee20e69e0ffb2780b1a7af137ff7b4ff139604faf0a4da65396174b4563d54b52f06c870edf0c5d744b5272b44c23488b2bdbff947c4dfa108cbb88202eeb81f428a5b3c299848649e1a6bff5af657a67463d7dbf85ae9321fad16ee751cd7dde94ec97549c2b517dc4a29b9cba8ded5de8206c812439ab129ae818837ee1562078fc524b3baf49a0be9bb7d958d5e87c6c09bf71a894bad62934782cc308e936d7637e07c4a2a3bc87b0da23c00d9ef418cf19e7a8c4c328be0ce95798adc2dca871073f6bd61dc18402cde8bf377b2eaa45c940aabc86b94f8cbde4d470667bee722a6a2af483ad0d3415ed0f9db059a6cffb92e2a0cfd81434e00000000000000000000d154ba10a8e51489a614e69722bac30000000000000000000000000000c5c4d188ff555285b9743d3aac000583f42d168613151d681a2f71373f20d92c9048407c91fabecfe8b3f2d5454d127edab14ba61ba1cfc4336324c86f3dcb43e9a58208077e90f6ec1c7ac756f61dcc372cdd30b82507489f0bbfbd3c3f21752e81319c0161e154ceb16e00bc7f5a6962dff317f4d014786e432817064874d69a39cb0da31bcc5f81894d8a5cbb8be3f7741b18007dff12eb95066cc6bc256f0a12282224bb031bbee6d23cef7074f6d718b06ca80b57aa183dd0c3eee45891441f2b89b4c67aa9882281393954972046974f18df232cd7fca610e33f51c2d062020f403d85ff36c26e2f6bd1d82f4d3ceb3472d9a77e0057a3bfe697d9ab7585f4a1b381343d2cf855689232f4fc5135790662dc1419a374be9d7b3e5be2886d23add90d862f1a682ff11c798e338af3e5bb0f9d3952b15bf3e0c618c89d20ca1e18a031397693bf3cfbd8417e5b55e641c898c280356f2da222d5d68919d98158578dcf18efa404e508bcbbb8cfcf70086821ebdf34c9a1dff45af873d0ecdf904c2bdbef81f246d26f4b40df949e12bdac18532f4e11c608cc31d60cb591c40a7b386fa1c753336d7220a35118d4919b45eff32aab684e62c6691de14e97aa7e9dc8ecf0cd50540246d2b746e41e5b4e2c095039dfe0f71db6265f7580d098be40ef36faee5d1695830d4242a23e541e6ce9fa1998d8961cf4fe3c8e8fbb566fffffffffc229614a4b7f80d237b8abc6fd0407de31d6e5532f360d379f20f054e5deb27f7922fe6c14eba96c9af409da03290e4009f872d5aaca63dbe239efb1e02dd4fc07f8c5b070e2ddeb4b5afa6df2e7e162962e334d8553cc56008ddc8277fa9e8f6684513bfa827686b6fb71259743f55f46fa7e6379312e93213faf275f0441d46bc5690181244c44bea45854ed4ccd99f3fd328110ae22ef1504ec0566652d742ed8a7e202539c6531824f7399b486fbb906a91b77f2a6ba27bf97ebc7482cea32278a7acd9f2210e6ed2defcbd112f29a92401c5a37c58835f870b056186ef3971d3d9effa5661cabc2a059689dcfb030dd4ac0fe54db67510d3e9a5d36b900000000000000000000000000000000c9e484cf5f8c0955c11b285de46871d62f9d986e73658d228225b21f694dd2dc80e96ce476496973ee14e3d4fd03507c6f7c0c8ae809ddc9a36b4f30d15d08cc8e72d750f5e529cf4cec823b923d382f3f2c42dcb4b316eba77e7f767ae17d4d3427c9379eadbd040fbbe0c6dd8100f1558354bdd35626052c2e66cc34f4e266cc04218764824533cac2736e236b50ae4d800565910200af9cb11002791a91d834ffcc65a6226ecafe0372e3ace29c2441eca24371857aa9eb9b3910a2eb"], &(0x7f0000000100)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @sched_cls, 0xffffffffffffffff, 0x8, &(0x7f0000000000), 0xffffffffffffffd2}, 0x48)

1.357588426s ago: executing program 4 (id=2848):
r0 = bpf$MAP_CREATE_TAIL_CALL(0x0, &(0x7f0000000040)=ANY=[@ANYBLOB="0300000004000000040000000a"], 0x50)
r1 = bpf$PROG_LOAD(0x5, &(0x7f0000000680)={0x3, 0x8, &(0x7f0000000d80)=ANY=[@ANYBLOB="1800000000000000000000000000000018120000", @ANYRES32=r0, @ANYBLOB="0000000000000000b70300000000008085000000c0000000b70000000000000095"], &(0x7f0000000780)='GPL\x00', 0x0, 0x0, 0x0, 0x41100, 0x0, '\x00', 0x0, @sched_cls, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
r2 = syz_io_uring_setup(0x48be, &(0x7f0000001280)={0x0, 0x0, 0x0, 0x3}, &(0x7f0000000000), &(0x7f0000001180))
io_uring_register$IORING_REGISTER_BUFFERS(r2, 0x0, 0x0, 0x0)
r3 = syz_open_procfs(0x0, &(0x7f0000000040)='fdinfo/3\x00')
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
prlimit64(0x0, 0xe, &(0x7f0000000380)={0x8, 0x100008b}, 0x0)
sched_setscheduler(0x0, 0x1, &(0x7f0000000200)=0x5)
openat$sequencer(0xffffffffffffff9c, &(0x7f0000000300), 0x80200, 0x0)
r4 = socket$nl_xfrm(0x10, 0x3, 0x6)
sendmsg$nl_xfrm(r4, &(0x7f00000035c0)={0x0, 0x0, &(0x7f0000003580)={&(0x7f0000000a40)=@newsa={0x140, 0x10, 0x1, 0x0, 0x0, {{@in6=@remote, @in6=@remote, 0x0, 0xfff7, 0x2000, 0x1, 0x0, 0x0, 0x0, 0x3b, 0x0, 0xffffffffffffffff}, {@in=@rand_addr=0x64010102, 0x0, 0x32}, @in6=@loopback, {0x0, 0x4, 0x0, 0x0, 0x3, 0x0, 0x4}, {0x800000000000, 0x4, 0x40000000}, {}, 0x70bd25, 0x3501, 0xa, 0x0, 0x1}, [@algo_comp={0x48, 0x3, {{'deflate\x00'}, 0x45}}, @offload={0xc, 0x1c, {0x0, 0x2}}]}, 0x140}, 0x1, 0x0, 0x0, 0x4004000}, 0x4810)
r5 = syz_open_dev$sndmidi(&(0x7f00000004c0), 0x2, 0x141102)
writev(r5, &(0x7f0000000840)=[{&(0x7f00000002c0)="94", 0xf000}, {0x0}], 0x2)
bpf$MAP_CREATE(0x0, &(0x7f0000000000)=ANY=[@ANYBLOB="1b000000ddff01000000b0f8b7c4fe0600c9e563", @ANYRES32, @ANYBLOB='\x00'/20, @ANYRES32=0x0, @ANYRES32, @ANYBLOB='\x00'/28], 0x50)
mount$afs(0x0, &(0x7f00000001c0)='./file0\x00', &(0x7f00000002c0), 0x0, 0x0)
chdir(&(0x7f00000000c0)='./file0\x00')
renameat2(0xffffffffffffff9c, &(0x7f0000000140)='./file0\x00', 0xffffffffffffff9c, &(0x7f0000000600)='./file5\x00', 0x2)
bpf$MAP_CREATE(0x0, &(0x7f0000000400)=@base={0xe, 0x4, 0x4, 0x3}, 0x50)
bpf$MAP_CREATE_CONST_STR(0x0, &(0x7f0000000240)={0x2, 0x4, 0x8, 0x1, 0x80, 0x0, 0x0, '\x00', 0x0, 0x0}, 0x50)
r6 = syz_open_dev$tty1(0xc, 0x4, 0x1)
write$UHID_INPUT(r6, &(0x7f0000002080)={0xfc, {"a2336848149e516d4b5e071887f70e09d038e7ff7fc6e5539b0d500a8b089b3f383563030890e0879b0a71c6e70a9b334a959b669a242f0a0af3988f7ef319520100ffe8d178708c523c921b1b3e31070d0773090acd3b78130daa61d8e8040000005802b77f07227227b7ba67e0e78657a6f5c2a874e62a9ccdc0d31a0c9f318c0da1993bd160e233df4a62179c6f30e065cd5b91cd0ae193973735b36d5b1b63dd1c00305d3f46635eb016d5b1dda98e2d749be7bd1df1fb3b231fdcdb5075a9aaa1b469c3090000000000000075271b286329d169934288fd789aa37d6e98b224fd44b65b31334ffc55cc82cd3ac32ecdb08ced6f9081b4dd0d8b38f3cd4498bee800490841bdb114f6b76383709d8f5c55432a909fda039aec54a1236e80f6a8abadea7662496bddbb42be6bfb2f17959d1f416e56c71b1931870262f5e801119242ca026bfc821e7e7daf2451138e645bb80c617669314e2fbe70de98ec76a9e40dad47f36fd9f7d0d42a4b5f1185ccdcf16ff46295d8a0fa17713c5802630933a9a34af674f3f39fe23491237c08822dec110911e893d0a8c4f677747abc360934b82910ff85bfd995083bba2987a67399eac427d145d546a40b9f6ff14ac488ec130fb3850a27af9544ae15a7e454dea05918b41243513f000000000000000a3621c56cea8d20fa911a0c41db6ebe8cac64f17679141d54b34bbc9903f1d4ab966203861b5b15a841f2b575a8bd0d78248ebe4d9a80002695104f674c2431dca141fae269cab70e9a66f3c3a9a63e9639e1f59c0ede26c6b5d74b078a5e15c31634e5ae098ce9ee70771aaa18119a867e1088334975e9f73483b6a62fa678ca14ffd9f9db2a7869d85864056526f889af43a6056080572286522449df466c632b3570243f989cce7cd9f465e41e610c20d80421d653a5520000008213b704c7fb082ff27590678ef9f190bae97909507041d860420c5664b27921b14dc1db8892fd32d0ad7bc946813591ad8deff4b05f60cea0da7710ac0000000000008000bea37ce0d0d4aa202f928d28381aab144a5d429a04a6a2b83c7068ae949ed06e288e810bac9c76600025e19c907f8ea2e2010000008271a1f5f8528f227e79c1389dbdfffe492f21579d2c15b8c70cdb1c332d86d87341432750861ec2bc3451edca194b221cfec4603d276bbaa1dfa6d4fb8a48a76eafc9a9a0270e4c10d64cd5a62427264f2377fe763c43470833ac96c45f357cbbaba8f1b1fdcc7cbb61a7cdb9744ed7f9129aede2be21ccfdc4e9134f8684b3a4f354da9a795e96334e207dff70f1988037b2ed3aaf575c0b88d8f146684078416d59fdee5325928974d12dad99dac44c3f0008047096a44002bebc2420aed92fa9b6578b4779415d4ac01b75d5495c118045651cf41c2fc48b778efa5ea5677747430af4162b987b80c3e001cd34e5c92f76cc4c24eeb8bc4e9ac2aed9e53803ed0ca4ae3a9737d214060005ea6f1783e287b3bee96e3a726eafe2fdfaa78d1f48c13b64df07847754b8400daaa69bf5c8f4350aeae9ca1207e78283cd0b20ceb360c7e658828163e2d25c4aa348561f927e88f63aa70e73a5e69b3df3495903f06572e1e007fa55a2999f596d067312f5779e8dbfdcf3427138f3d444d2639a10477f9bec4b0bbb6e3c04be68981f392203dd0ee3ef478e16dacfc5e3e03cf7ab8e3902f1b0ff034ef655b253ca509383815b1b6fc6522d4e4fdc11a48cf42d48604675fde2b94cf00500a2690891abf8ab9c015073014d9e08d4338b8780bdecd436cf0541359bafffa45237f104b96210403b2de9efed496f2730d56bd068ed211cf847535edecb7b373f78b095b68441a34cb51682a8ae4d24ad0465f3927f889b81305c038e79a7962fb385a882e8020f06c4c2ba1dd5cac7c18876da865d258734dd73583df292892448039ef799cf0630becdcce04579b5561dc825ab829827945e020c1f67ee615feb6243378e0610060f02cca4e91b2f001edb3d78fb4b55668dda93aec92a5de203717aa49c2d284acfabe262fccfcbb2b75a2183c46eb65ca8104e1b4da7fbb77ab2fc043aead87c32ab875ee7c2e7b7019c982cd3b43eaeb1a5fb135c0c7dcee8fe6516a328032f88c042891824659e9e94265c803b35ee5f83a2b210520106b8a358b50ab7a1fa89af9c251fe5294b3d1802d5676d95f160ec97b1ad94872cb2044642c37b4a6cc6c04effc1672db7e4b68d787d9a7a508ae54b3cd7369dde50e8c77d95a3d361c040babb171607caac2a3559ad4f75465f49c0d0ae3716db6e00cb11db4a5fade2a57c10238e204a67737c3b42aae501b20f7694a00f16e2d0174035a2c22656dc29880acebdbe8ddbd75c2f998d8ac2dfad2ba3a504767b6b45a45957f24d758ed024b3849cd9c30e23ef4df5c89644f48bb536f7945b59d7bcddff754413d135273ea8e75f22f216c6b9990ae71806f2c00b4025c48b75c0f73cdb9a7b8fa367b50028067e7f16f4dd569d462f4f19eacdb3ed70eeebb4483f8fd777d443e8b40427db6fe29068c0ca3d2414442e8f3a154704b0e51bc664a137b26be719f4f7c9a5678a674dfc95df80b9ce375dd649c8c704e509bd88c8e63d8c7dd67071115c8982ba46af4d6adcc9f68a75b9397b035153faf46366e7205dd8d6f37525c1a0e94610dd94323f6c15d085197149bfd6655548cfd9c52c9711937f79abb1a124f1210465483cd3b2d78378cfb85ed82e7da0f6eb6d279f2ae455925d0f6f1ba571eba281f2a654fb39ddff3b484539ff158e7c5419e037f3e3ad038f2211f1033195563c7f93cd54b9094f226e783271e1e5a2a2c10712eab625d64931cd4ffe6738d97b9b5ef828ee9fb059fc01af0e79c1e14b1d25988c69a399567c1f93768f7971d31488b8658a20878b7c1dd7ba02fc42939dde3d4a3339a65d507dc59c51097b40517705da56e9ebf0afa53282bf86dbb58c548069ff6eb95aade7cc66d7bbef724779ca1f731b3346ff177050373d79ff7b3e7f9bc0c1b4b266a8878b90baaa039d3e3b63979ac3df6e6f4859afd50238c7547a39b60810938044ae185d2ba3e00a4e73676864ae090d81eaee5ee6cf1d0ab378dd4dd891e937c2ea5410e0513005000000000000003911fab964c271550027697b52160687461602f88df165d884b36ec2b6c25a2f33c715687e9d4afb8843dd014e5c5ad8fe995754bd9cf32fce1e31919c4b2082fb0a30b9deae84bed4b2804563407308c58c89d9e99c81769177e6d594f88a4facfd4c735a20307c737afa2d60399473296b831dbd933d93994ba3064279b10ea0c5833f41f157ea2302993dbe433b1aa3a3766d5439020484f4113c4c859465c3b415c3432f81db8719539d5bf372aaaea1cc43a6c5cbe59758bfee2916580dac4b008e595f437491d87abed02cefcd9db53d94d02daee67918e5d6787463373b4b87c9050000002f7809959bc048850613d17ca51055f2f416a44fe180d2d50c312cca7cb14a2bdc331f57a9817139a206fc76957227ffff2de20a4b8e3737fbb42913777c06376f799eba367e21f94ca598705f5dcb767d6f0900d6b0f6095e53c4c4234d0c1fbe434f6ab8f43c0013ee93b83946ee7759e89d7bdd1a32d7b311711b757fe43c06d21a35810d8fe98b27faea8aa12bc8716eefc5c97c45ac33eeec964c5214bc3a9359bdea1cccab94f15e36319cb34ebcacedb82c2ed3de5a8a8f0011e8f74e82d7f96093530e76692839d7961939adfdeeeaff19d11efcafb6d546fef271e89d6cc2389e81ff58cefcce3fbf4625a7e7de40e42e07b34449e15e065cc7340002000000000000f288a4510de03dab19d26285eda89156d50dd385a60333ba5bbf5d77cd7007ad1519ad5470de3dd6d6080cafccf8a97406bb6b68a1f0c4549820a73c880f475f732ae00398e8bd1f4108b7807fb33b72685ec37a2d3f766413a60459516246e5a1d998a2017aef0948a68cf255315ab80dd349e891aef595dc4d470e8ac32a308e15fc37d06aeac289c0523f483e1ff7408c6087f1ab652f2ef91d4f2b01987b0f46da034e080000007ee8101a3934c54e24b48ec0275e2d0687dc746b0827cbf652f406c6b95f2722e58c05f752ce2126596e1cd7655b904801784c416b22f73d324678e2724f43f1fe687c7e8a60c28b82b6528341b648cdd56fed7cdcbb1575912d5ecd36dea3bca0b7427d8392c6289455e8f8d2ab2242729251ae033a9e02210e62df0546a74b333a1c48f95fd54acb5741259e8c5488efeee327415cc19451432c6f14c27693102a3cd84857cd6586fc5ca9a93eb0145fac0662ff86107f998a8ef7df8aa14046c55b03d3d47f88a8d60f7774a2ee08758897fb411a94b3c2fc5d5f0db42c0456ec015f08e5247d33ae2d35603ff8454c16f8342856935125102bb784ed7148b6ce431b63ee356b0c785f2f47b90e29389f22fc5b59a70efaea2bd40195af4486220d702e30bfc43c10ec23ea6283994a7dde4dcb61fea6b651fb1d62458d0741a12830052fcc460db043afe525629b40d7cee458e4cb5e930ed624806c43a006e3933ed07c2b8081c128ad2706f48261ff07000000000000613bc18f5a38d442768af38041efe03d152ef95ff569e76db2391f4509d7f339d92fdb4a89364949da398000000000000000d80a4fe654578376e599aff3565b1d531f30912b9945030b81ea9935fd46edb44a78f615255490a4b621501f2a9e4d24624c4dac9274118c67584f5d374755534d7f68f679c4ff516a9c861a0e7e65868fcb2bf1cb9aea4e05df72279fdb0d2b9e935c5af3cf474bed79dfc248c1f5aea4b8b32c5d295e57079d0fe662a46b7f71cd47744db86c50b704c971d90295c7b2c7439a2d78ccfa79b5fc2bff6bbf840262bf89394b3e0691953264d2700c838fa2c7b3425260f59500000000004ca7c12f45858d6284ca6270d6b2f0e58fded8a7b4a302a97bc641df07720ba2b26bbfcc807ca0abb1b44322269c21c5ec68cb068ea88067d905ea917bb03eefdaebdeabf2d0dce80997c915c8949de992587c2cb5fe36d7d3e5db21b094b8b77940b5f07722e47a08d367e5f84c96ec664b72934b99b3109af65d77e86abd6859cddf4bbae1f0930462df15fddbc48562ea3511a8065ef028cf12f14dcf6ebecd8d884836174faf1aa609e5f1ee1162dfa13bdc1fa7cfaadba85c72e9758f03a755d0be53f8d2a1dfb1c68cc164b0a0780d971a96ea2c4d4ca0398c2235980a9307b3d5bd3b01faffd0a5dbed2881a9700af561ac8c6b00000000000000f96f06817fb903729a7db6ff957697c9ede7885d94ffb0969be0daf60af93109eb1dee72e4363f51af62af6fb2a6df3bec89822a7a0b678058fa3fef86faec216eb6992162f8dcbf719c148cd2f9c55f4901203a9a8a2c3e90f3943dbc10360a1a49700d1dfbf66d69f6fbaf506c8bcce8bb0d872a02238926407a4eddd5d0fc5a752f9000", 0x1000}}, 0x1006)
r7 = socket$nl_netfilter(0x10, 0x3, 0xc)
sendmsg$IPSET_CMD_CREATE(r7, &(0x7f0000000000)={0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x41}, 0x0)
socket$nl_netfilter(0x10, 0x3, 0xc)
syz_io_uring_setup(0x24b9, &(0x7f00000011c0)={0x0, 0x7216, 0x40, 0x1, 0x1a3}, &(0x7f0000001140), &(0x7f0000001240))
pread64(r3, &(0x7f0000000080)=""/237, 0xed, 0x0)
openat$audio(0xffffffffffffff9c, 0x0, 0x40000000040201, 0x0)
bpf$BPF_PROG_TEST_RUN(0xa, &(0x7f00000003c0)={r1, 0x0, 0xe, 0x0, &(0x7f0000000380)="c1dfb061cd21d3084d94d3540800", 0x0, 0xadf0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x50)
r8 = socket$nl_generic(0x10, 0x3, 0x10)
sendmsg$nl_generic(r8, 0x0, 0xc800)

1.204351088s ago: executing program 2 (id=2849):
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, 0x0, 0x0)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x88}, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000180)=0x7)
r0 = getpid()
sched_setscheduler(r0, 0x2, &(0x7f0000000200)=0x4)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x2000000)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={<r1=>0xffffffffffffffff, <r2=>0xffffffffffffffff})
connect$unix(r1, &(0x7f000057eff8)=@abs, 0x6e)
sendmmsg$unix(r2, &(0x7f00000bd000), 0x318, 0x0)
recvmmsg(r1, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
close_range(0xffffffffffffffff, 0xffffffffffffffff, 0x2)
socket$nl_route(0x10, 0x3, 0x0)
getsockopt$sock_cred(0xffffffffffffffff, 0x1, 0x11, &(0x7f0000000040), &(0x7f0000002500)=0xc)
open_tree(0xffffffffffffffff, &(0x7f00000001c0)='./file0\x00', 0x101)
sendmsg$netlink(0xffffffffffffffff, 0x0, 0x0)
fsmount(0xffffffffffffffff, 0x0, 0x0)
bpf$PROG_LOAD(0x5, &(0x7f00000054c0)={0xe, 0x16, &(0x7f0000001900)=ANY=[@ANYBLOB="61106400000041006113740000000000bfa00000000000000700000008ffffffd50301001774004095000000000000006916360000000000bf67000000000000350607000fff07201706000020190000160300000ee60060bf050000000000007b650000000000006507f9ff01000000070700004d83dde4c375000000000000bf54000000000000070400000400f9ffad4301000000000095000000000000001500000000000000950000000000000032ed3c12dc8c27df8ecf264e0f84f9f17d3c30e32f17540faf80250aa20c669a5e12814cb1cea5d4601d295c45a6a0b9bdb7dd399703cac4f6f3be4b369226066812b8e007e733a9a4f1b0af3dda82ee45a010fb94fe9de57b9d8a814261bdb94a05000400c6c60bf70d742a81762bab8395fa64810b5b40d893ea8fe0185473d51b546cad3f1d5ab2af27546e7c955ccefa1f6ab689b555202da2e0ec2871b4a7e65836429a527dc47ebe84a423b6c8d345dc8da3085b0ab71ca1b901627b562ed04ae76002d4519af619e3cca4d69e0dee5eb106774a8f3e6916dfec88158f0200000000c8fb730a5c1bf2b2bb71a629361997a75fd552bdc206438b8ef4901fd03c16dfda44221b235c8ac86d8a297dff0445a15f21dce431e56723888fb126a163f16f920ae2fb494059bba8e3b680324a188076eb685d55c4e9b2ad9bc1172ba7cbebe174aba210d739a018f9bbec63222d20ceddf4d03723f1c932b3a6aa57f1ad2e99e0e67ab93716d20000009f0f53acbb40b4f8e2738270b31562ed834f2af97787f696649a462e7ee4bcf8b07a10fd7ed6735154beb4000000000000000000000000004000bc00f6746a9709e7e78f4ddc211bc3ebe6bd9d42ca0140a7afaab43176e65ec1118d50d1e827f3472f4445d253887a5ad103649afa17690884f800031e03a651bb96589a7e2e509bcc1d161347623cb5e7ac4629c8ab04871bc47287cd31cc43ea0ffb567b40407d000000210000000000000000005f37d8703f37ca364a601ae899a56715a0a62a34c1d926a0f6a5480a55c22fe3a5ac00000000000000000000000500002000000000fb79ea00000000000000000000e4007be511fe32fbc90e2364a55e9bb66ac64423d2d00fea2594e14d90deae46e26c596f84eba90000000000000000fffb0000000082fb0d3cc3aa39ee4b1386bab561cda886fa642994cacd473b543ccb5f0d7b63924f17c67b13631d22a11dc3c693962895496d4f6e9cc54db6c7205a6b06ff7f0000000000007f31d7c8cc5d325c5379b0363ce8bd1f61b007e1ff5f1be1969a1ba791ad46d800000000c7f26a1f37302f3b41eae59809fd05d12f6106f117b062df67d3a6473265dd1410eea68208a3f26b2989b832d8b34a34a4f08b34b3042065acaa10856e858d27adee7daf32903d3fc78700d429a2d4c8b6d803eb83eecfe4c7ff9e6ab5a52e83d089e0b1c23c0f3cdad7a8710e0254f1b11cced7bc3c8da0c44d2ebf9f6f3ff3be4d1458077c2253b0c7c7a1a9fdd63bf910dc20e5cb2a88e59febc47f1212a21f631d22bad050e9856b48ae3a03a497c37758537650fe6db89da3c41fdc3d78e046f6160e1741299e8dc29906870e6431ed1eab5d067a183f064b060a8ec12725d42e3a74863d66bee966b1574f8e01b3f34a267ff0af1cb3f1f815f8989d78854ca4d3116dbc7e2bf2402a75fd7a55733360040855ed5d1c0d634fc5fb38f84d9d87b27f8a5d91217b728f13e3ee20e69e0ffb2780b1a7af137ff7b4c6ea9604faf0453bedf0c5d744b5272b44c23488b2bdbff947c4dfa108cbb88202eeb81f428a5b3c29984864961a57ff52f657a67463d7dbf85ae9321fc2cc17dc4a29b9cba8ded5de8206c812439ab129ae818837ee15620789c524b3baf49a09d8be0fc5beecf153236c19740be9bb7d958d5e87c6c09bf71a894bad62934782cc308e936d7637e07c4a2b4dc87b0da20000d9ef418cf19e7a8c4c328be0ce91798adc2dca87ddd9d064e081383409ed2912c811ae63f03212a5331c2a4ead000000000000000000000000000000000000000000000000001386866b311bd144bc32e059658c9f8342c90c1ade31b78072841b8b5a943d62a44cea6b050c42e3c205fad6a23fb43c93da0f49d911877265e6ee443e37397ecf89021e7f579e8d3a74c12b52938d91e9de07fc8eeeb9505f4a9c26266bf5449484ccc1317c7476"], &(0x7f0000000100)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @sk_skb}, 0x48)

955.980592ms ago: executing program 4 (id=2850):
prlimit64(0x0, 0xe, &(0x7f0000000140)={0xa, 0x8b}, 0x0) (async)
syz_emit_ethernet(0x76, &(0x7f0000000080)=ANY=[@ANYRES16], 0x0)
sched_setscheduler(0x0, 0x2, 0x0) (async)
socketpair$unix(0x1, 0x2, 0x0, 0x0) (async)
openat$iommufd(0xffffffffffffff9c, 0x0, 0x101100, 0x0) (async)
ioctl$sock_SIOCGPGRP(0xffffffffffffffff, 0x8904, 0x0)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x6, 0x8b}, 0x0) (async)
sched_setscheduler(0x0, 0x2, &(0x7f0000000180)=0x2)
sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
r0 = syz_open_dev$MSR(&(0x7f00000001c0), 0x0, 0x0)
read$msr(r0, &(0x7f0000019680)=""/102392, 0x18ff8)
bpf$PROG_LOAD_XDP(0x5, &(0x7f0000000380)={0x18, 0x7, &(0x7f0000000080)=ANY=[@ANYBLOB="18000000000000000000000000000000e50003000000000085100000fcffffff250001000000000085100000faffffff9500000000000000"], &(0x7f0000000140)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x8}, 0x90)
sendmmsg$unix(0xffffffffffffffff, 0x0, 0x0, 0x0)
prctl$PR_SET_SYSCALL_USER_DISPATCH_ON(0x3b, 0x1, 0x0, 0x0, &(0x7f0000006680))
clock_getres(0x7, 0x0) (async)
recvmmsg(0xffffffffffffffff, 0x0, 0x0, 0x2, 0x0)
r1 = socket$kcm(0x10, 0x2, 0x0)
sendmsg$inet(r1, &(0x7f0000000140)={0x0, 0x0, &(0x7f0000000100), 0x0, 0x0, 0x0, 0x1f000801}, 0x240000c0)
sendmsg$NL80211_CMD_SET_INTERFACE(0xffffffffffffffff, 0x0, 0x20040000) (async)
r2 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000580), 0x2, 0x0)
r3 = ioctl$KVM_CREATE_VM(r2, 0xae01, 0x0)
ioctl$KVM_CAP_MANUAL_DIRTY_LOG_PROTECT2(r3, 0x4068aea3, &(0x7f0000000000)={0xa8, 0x0, 0x3}) (async)
socket$nl_generic(0x10, 0x3, 0x10) (async)
ioctl$KVM_SET_USER_MEMORY_REGION(r3, 0x4020ae46, &(0x7f0000000080)={0x0, 0x3, 0x0, 0x3d70000000, &(0x7f0000ffe000/0x2000)=nil}) (async)
r4 = ioctl$KVM_CREATE_VCPU(r3, 0xae41, 0x0)
ioctl$KVM_RUN(r4, 0xae80, 0x0)
ioctl$KVM_CLEAR_DIRTY_LOG(r3, 0xc018aec0, &(0x7f0000000140)={0x0, 0x240, 0x380, &(0x7f0000000180)=[0x6bd1a312, 0xec66, 0xff, 0x8, 0x98bd, 0x80000000000000c, 0x0, 0x4, 0x10000, 0x7, 0x9004, 0x9, 0x8, 0x0, 0x7, 0x49, 0x3ff, 0x5, 0x2, 0x1, 0x5, 0x7, 0xc1, 0x1, 0x2, 0x2, 0x6, 0x9, 0x96, 0xffffffff, 0xffffffff00000000, 0x0, 0x5, 0x7, 0x4, 0x1, 0x9, 0x888f, 0x1, 0x6, 0x46, 0x1, 0x3, 0xa3de, 0x20000000006, 0x8, 0x7, 0x400, 0x3, 0xffffffffffbfffb7, 0xfffffffffffffffa, 0x2, 0xd, 0x6, 0x4, 0xe6, 0x200000000000101, 0x5, 0x9, 0x66, 0x6, 0x0, 0x40000005, 0xfffffffeffffffff, 0x9, 0xd, 0x10001, 0xbbd9, 0x80000000, 0xfffffffffffffc00, 0x2, 0x7, 0x2, 0xcdc, 0x4000000007, 0x2, 0x3, 0x2, 0x2, 0xfff, 0x6, 0x4, 0x1, 0xab6, 0x0, 0x4, 0x0, 0xffffffffffffff81, 0x9, 0xff, 0x6, 0x28000000, 0x5, 0x9, 0x3, 0x7, 0xf6, 0x4, 0x6, 0x204, 0x7, 0xe53e, 0x4, 0x8, 0x2293332f, 0x6, 0x5, 0x1e, 0xd, 0x2, 0x4, 0xfffffffffffffffb, 0x80000001, 0x7, 0xdfd4, 0xfff9, 0x10, 0x20005, 0x8, 0x1, 0x53e0f0fe, 0xeb4, 0x3, 0xfffffffffffffffe, 0xb692, 0xcc, 0x8, 0x1000003]}) (async)
sendmsg$NFQNL_MSG_CONFIG(0xffffffffffffffff, 0x0, 0x0) (async)
ioctl$KVM_CREATE_VM(r2, 0xae01, 0x35)

0s ago: executing program 2 (id=2851):
openat$sequencer(0xffffffffffffff9c, &(0x7f0000000040), 0x8002, 0x0)
r0 = syz_open_dev$vim2m(&(0x7f0000000040), 0x8, 0x2)
utime(&(0x7f0000001080)='./cgroup.cpu/cgroup.procs\x00', 0x0)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000200)=0x7)
getsockopt$inet_sctp6_SCTP_ENABLE_STREAM_RESET(0xffffffffffffffff, 0x84, 0x76, &(0x7f00000001c0)={<r1=>0x0, 0x5edf}, &(0x7f0000000200)=0x8)
r2 = getpid()
sched_setscheduler(r2, 0x2, &(0x7f0000000200)=0x7)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f00000000c0)={<r3=>0xffffffffffffffff, <r4=>0xffffffffffffffff})
connect$unix(r3, &(0x7f000057eff8)=@abs, 0x6e)
sendmmsg$unix(r4, &(0x7f0000000000), 0x651, 0x0)
recvmmsg(r3, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000000)=0x6)
socketpair$unix(0x1, 0x1, 0x0, &(0x7f0000000040)={<r5=>0xffffffffffffffff, <r6=>0xffffffffffffffff})
bpf$MAP_CREATE(0x0, &(0x7f0000000100)=ANY=[@ANYBLOB="0f00000004000000040000001200000000000000", @ANYRES64=r5, @ANYRESOCT=r4, @ANYRES32=0x0, @ANYRES32, @ANYRES32=r1], 0x48)
r7 = bpf$PROG_LOAD_XDP(0x5, &(0x7f0000000340)={0xe, 0x4, &(0x7f0000000400)=ANY=[@ANYBLOB="18020000801000000000000004000000850000002e00000095"], &(0x7f0000000000)='syzkaller\x00', 0x0, 0x0, 0x0, 0x40f00}, 0x80)
bpf$BPF_PROG_DETACH(0x8, &(0x7f00000002c0)=ANY=[@ANYRES32=r7, @ANYBLOB="2d000000ffef000000000000", @ANYRES32, @ANYBLOB, @ANYRES64=0x0], 0x20)
bpf$MAP_UPDATE_ELEM_TAIL_CALL(0x2, &(0x7f0000000740)={{}, 0x0, &(0x7f0000000700)=r6}, 0x20)
sendmsg$inet(r5, &(0x7f0000000980)={0x0, 0x0, &(0x7f0000000900)}, 0x0)
ioctl$vim2m_VIDIOC_G_FMT(r0, 0xc0d05604, &(0x7f00000001c0)={0x2, @sdr={0x32435750, 0x5}})

kernel console output (not intermixed with test programs):

r cycle
[  725.097071][ T5848] usb 3-1: new high-speed USB device number 54 using dummy_hcd
[  725.256121][ T5848] usb 3-1: Using ep0 maxpacket: 16
[  725.263273][ T5848] usb 3-1: config index 0 descriptor too short (expected 16456, got 72)
[  725.271816][ T5848] usb 3-1: config 0 has an invalid interface number: 125 but max is 1
[  725.280082][ T5848] usb 3-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config
[  725.290312][ T5848] usb 3-1: config 0 has 1 interface, different from the descriptor's value: 2
[  725.299277][ T5848] usb 3-1: config 0 has no interface number 0
[  725.308068][ T5848] usb 3-1: New USB device found, idVendor=050d, idProduct=0002, bcdDevice=23.27
[  725.318039][ T5848] usb 3-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  725.326136][ T5848] usb 3-1: Product: syz
[  725.330321][ T5848] usb 3-1: Manufacturer: syz
[  725.334918][ T5848] usb 3-1: SerialNumber: syz
[  725.335692][ T8159] usb 5-1: new high-speed USB device number 71 using dummy_hcd
[  725.342948][ T5848] usb 3-1: config 0 descriptor??
[  725.376356][ T8159] usb 5-1: device descriptor read/8, error -71
[  725.781682][ T8159] usb 5-1: new high-speed USB device number 72 using dummy_hcd
[  725.826117][ T8159] usb 5-1: device descriptor read/8, error -71
[  725.999909][ T8159] usb usb5-port1: unable to enumerate USB device
[  728.114104][ T8159] usb 3-1: USB disconnect, device number 54
[  729.657302][T12264] net_ratelimit: 188 callbacks suppressed
[  729.663149][T12264] openvswitch: netlink: Missing key (keys=1040, expected=2000)
[  730.243419][T12267] netlink: 44 bytes leftover after parsing attributes in process `syz.0.1679'.
[  730.267710][T12267] netlink: 5 bytes leftover after parsing attributes in process `syz.0.1679'.
[  730.457592][T12267] A link change request failed with some changes committed already. Interface lo may have been left with an inconsistent configuration, please check.
[  730.634015][T12277] netlink: 8 bytes leftover after parsing attributes in process `syz.4.1683'.
[  730.693131][T12277] netlink: 12 bytes leftover after parsing attributes in process `syz.4.1683'.
[  730.930076][T12277] netlink: 8 bytes leftover after parsing attributes in process `syz.4.1683'.
[  731.045493][T12277] netlink: 12 bytes leftover after parsing attributes in process `syz.4.1683'.
[  732.477968][T12297] netlink: 'syz.1.1688': attribute type 39 has an invalid length.
[  734.006940][T12321] openvswitch: netlink: Missing key (keys=1040, expected=2000)
[  734.360000][T12323] tmpfs: Bad value for 'uid'
[  734.364758][T12323] tmpfs: Bad value for 'uid'
[  735.839692][T12339] kvm: vcpu 0: requested lapic timer restore with starting count register 0x390=3070988179 (3070988179 ns) > initial count (1876204212 ns). Using initial count to start timer.
[  736.094158][T12351] sctp: [Deprecated]: syz.4.1705 (pid 12351) Use of int in max_burst socket option deprecated.
[  736.094158][T12351] Use struct sctp_assoc_value instead
[  738.901781][T12370] lo speed is unknown, defaulting to 1000
[  741.271921][T12416] netlink: 24 bytes leftover after parsing attributes in process `syz.3.1720'.
[  743.364328][ T8160] usb 3-1: new high-speed USB device number 55 using dummy_hcd
[  743.775474][ T8160] usb 3-1: Using ep0 maxpacket: 32
[  743.783519][ T8160] usb 3-1: config 0 interface 0 altsetting 0 endpoint 0x4 has an invalid bInterval 52, changing to 9
[  743.786367][T12443] sctp: [Deprecated]: syz.1.1728 (pid 12443) Use of int in max_burst socket option.
[  743.786367][T12443] Use struct sctp_assoc_value instead
[  743.796102][ T8160] usb 3-1: config 0 interface 0 altsetting 0 endpoint 0x4 has invalid maxpacket 8241, setting to 1024
[  744.785415][ T8160] usb 3-1: New USB device found, idVendor=13b1, idProduct=0042, bcdDevice=58.16
[  744.794599][ T8160] usb 3-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  744.805879][ T8160] usb 3-1: Product: syz
[  744.810093][ T8160] usb 3-1: Manufacturer: syz
[  744.814724][ T8160] usb 3-1: SerialNumber: syz
[  744.823580][ T8160] usb 3-1: config 0 descriptor??
[  745.645562][ T5158] Bluetooth: hci4: command 0x0c1a tx timeout
[  745.703930][T12427] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy
[  745.728025][ T8160] usb 3-1: Warning: ath10k USB support is incomplete, don't expect anything to work!
[  745.736363][T12427] misc raw-gadget: fail, usb_gadget_register_driver returned -16
[  745.777738][T12451] netlink: 8 bytes leftover after parsing attributes in process `syz.3.1730'.
[  745.786901][T10285] usb 3-1: Failed to submit usb control message: -71
[  745.793925][T10285] usb 3-1: unable to send the bmi data to the device: -71
[  745.811995][ T8160] usb 3-1: USB disconnect, device number 55
[  745.845733][T10285] usb 3-1: unable to get target info from device
[  745.887994][T10285] usb 3-1: could not get target info (-71)
[  745.893985][T10285] usb 3-1: could not probe fw (-71)
[  746.787765][T12451] netlink: 'syz.3.1730': attribute type 2 has an invalid length.
[  747.957641][   T30] audit: type=1326 audit(1755629536.704:255): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=12487 comm="syz.0.1741" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f025718ebe9 code=0x7ffc0000
[  747.997626][T12490] sctp: [Deprecated]: syz.1.1742 (pid 12490) Use of int in max_burst socket option.
[  747.997626][T12490] Use struct sctp_assoc_value instead
[  748.022658][   T30] audit: type=1326 audit(1755629536.714:256): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=12487 comm="syz.0.1741" exe="/root/syz-executor" sig=0 arch=c000003e syscall=135 compat=0 ip=0x7f025718ebe9 code=0x7ffc0000
[  748.062213][   T30] audit: type=1326 audit(1755629536.714:257): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=12487 comm="syz.0.1741" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f025718ebe9 code=0x7ffc0000
[  748.145454][   T30] audit: type=1326 audit(1755629536.714:258): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=12487 comm="syz.0.1741" exe="/root/syz-executor" sig=0 arch=c000003e syscall=155 compat=0 ip=0x7f025718ebe9 code=0x7ffc0000
[  748.230587][   T30] audit: type=1326 audit(1755629536.714:259): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=12487 comm="syz.0.1741" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f025718ebe9 code=0x7ffc0000
[  748.284939][T10285] Bluetooth: hci5: Frame reassembly failed (-84)
[  750.224447][T12508] lo speed is unknown, defaulting to 1000
[  750.256005][T12521] fuse: Bad value for 'rootmode'
[  750.306307][ T5158] Bluetooth: hci5: Entering manufacturer mode failed (-110)
[  750.401959][T12509] lo speed is unknown, defaulting to 1000
[  750.587964][T12531] openvswitch: netlink: Flow actions may not be safe on all matching packets.
[  752.465887][ T1303] ieee802154 phy0 wpan0: encryption failed: -22
[  752.472830][ T5848] usb 3-1: new high-speed USB device number 56 using dummy_hcd
[  752.474833][ T1303] ieee802154 phy1 wpan1: encryption failed: -22
[  752.661530][ T5848] usb 3-1: Using ep0 maxpacket: 32
[  752.685814][ T5848] usb 3-1: config 0 has an invalid interface number: 2 but max is 0
[  752.720621][ T5848] usb 3-1: config 0 has no interface number 0
[  752.730938][ T5848] usb 3-1: config 0 interface 2 altsetting 4 endpoint 0x81 has an invalid bInterval 0, changing to 7
[  752.760176][ T5848] usb 3-1: config 0 interface 2 altsetting 4 endpoint 0x81 has invalid wMaxPacketSize 0
[  753.519509][ T5848] usb 3-1: config 0 interface 2 altsetting 4 has 1 endpoint descriptor, different from the interface descriptor's value: 2
[  753.539551][ T5848] usb 3-1: config 0 interface 2 has no altsetting 0
[  753.630685][ T5848] usb 3-1: New USB device found, idVendor=5543, idProduct=0781, bcdDevice= 0.00
[  753.640118][ T5848] usb 3-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  753.711875][ T5848] usb 3-1: config 0 descriptor??
[  754.130031][ T5848] uclogic 0003:5543:0781.000B: unknown main item tag 0x0
[  754.154412][   T24] usb 5-1: new high-speed USB device number 73 using dummy_hcd
[  754.172703][ T5848] uclogic 0003:5543:0781.000B: unknown main item tag 0x0
[  754.181941][ T5848] uclogic 0003:5543:0781.000B: unknown main item tag 0x0
[  754.199663][ T5848] uclogic 0003:5543:0781.000B: unknown main item tag 0x0
[  754.219511][ T5848] uclogic 0003:5543:0781.000B: unknown main item tag 0x0
[  754.227130][ T5848] uclogic 0003:5543:0781.000B: unknown main item tag 0x0
[  754.234261][ T5848] uclogic 0003:5543:0781.000B: unknown main item tag 0x0
[  754.262181][ T5848] uclogic 0003:5543:0781.000B: hidraw0: USB HID v0.07 Device [HID 5543:0781] on usb-dummy_hcd.2-1/input2
[  754.346182][   T24] usb 5-1: Using ep0 maxpacket: 8
[  754.353580][   T24] usb 5-1: config 2 has an invalid interface number: 169 but max is 0
[  754.364729][   T24] usb 5-1: config 2 has no interface number 0
[  754.371460][   T24] usb 5-1: config 2 interface 169 altsetting 0 has an invalid descriptor for endpoint zero, skipping
[  754.382885][   T24] usb 5-1: config 2 interface 169 altsetting 0 has an endpoint descriptor with address 0xAB, changing to 0x8B
[  754.396297][   T24] usb 5-1: config 2 interface 169 altsetting 0 endpoint 0x8B has an invalid bInterval 129, changing to 11
[  754.408154][   T24] usb 5-1: config 2 interface 169 altsetting 0 endpoint 0x8B has invalid maxpacket 58232, setting to 1024
[  754.431076][   T24] usb 5-1: config 2 interface 169 altsetting 0 has 3 endpoint descriptors, different from the interface descriptor's value: 2
[  754.446154][   T24] usb 5-1: New USB device found, idVendor=1163, idProduct=0200, bcdDevice=b8.92
[  754.475426][   T24] usb 5-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  754.485697][ T8159] usb 1-1: new high-speed USB device number 55 using dummy_hcd
[  754.510009][   T24] cypress_m8 5-1:2.169: DeLorme Earthmate USB converter detected
[  754.645641][ T8159] usb 1-1: Using ep0 maxpacket: 32
[  754.672208][ T8159] usb 1-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7
[  754.697717][ T8159] usb 1-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0
[  754.723664][ T8159] usb 1-1: New USB device found, idVendor=0079, idProduct=1801, bcdDevice= 0.00
[  754.723898][   T24] usb 5-1: DeLorme Earthmate USB converter now attached to ttyUSB0
[  754.745961][   T24] usb 5-1: USB disconnect, device number 73
[  754.748210][ T8159] usb 1-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  754.761944][   T24] earthmate ttyUSB0: DeLorme Earthmate USB converter now disconnected from ttyUSB0
[  754.772214][   T24] cypress_m8 5-1:2.169: device disconnected
[  754.790172][ T8159] usb 1-1: config 0 descriptor??
[  754.814275][ T5975] usb 3-1: USB disconnect, device number 56
[  755.241929][ T8159] hid_mf 0003:0079:1801.000C: item fetching failed at offset 0/2
[  755.250821][ T8159] hid_mf 0003:0079:1801.000C: HID parse failed.
[  755.257436][ T8159] hid_mf 0003:0079:1801.000C: probe with driver hid_mf failed with error -22
[  755.946072][ T8159] usb 1-1: USB disconnect, device number 55
[  756.390448][T12604] netlink: 'syz.4.1773': attribute type 21 has an invalid length.
[  756.406314][T12604] netlink: 'syz.4.1773': attribute type 22 has an invalid length.
[  756.414483][T12604] netlink: 'syz.4.1773': attribute type 23 has an invalid length.
[  756.427223][T12604] netlink: 'syz.4.1773': attribute type 25 has an invalid length.
[  756.439937][T12604] netlink: 'syz.4.1773': attribute type 26 has an invalid length.
[  756.450532][T12604] netlink: 16 bytes leftover after parsing attributes in process `syz.4.1773'.
[  757.316292][ T8159] usb 5-1: new full-speed USB device number 74 using dummy_hcd
[  757.565206][ T8159] usb 5-1: config 0 interface 0 altsetting 0 has an invalid descriptor for endpoint zero, skipping
[  757.626101][ T8159] usb 5-1: config 0 interface 0 altsetting 0 has an endpoint descriptor with address 0xFF, changing to 0x8F
[  757.655889][ T5975] usb 3-1: new high-speed USB device number 57 using dummy_hcd
[  757.675501][ T8159] usb 5-1: config 0 interface 0 altsetting 0 endpoint 0x8F has an invalid bInterval 0, changing to 10
[  757.731045][ T8159] usb 5-1: config 0 interface 0 altsetting 0 endpoint 0x8F has invalid maxpacket 65535, setting to 64
[  757.767859][ T8159] usb 5-1: config 0 interface 0 altsetting 0 has 2 endpoint descriptors, different from the interface descriptor's value: 1
[  757.815123][T12626] netlink: 32 bytes leftover after parsing attributes in process `syz.1.1781'.
[  757.825071][T12626] netlink: 32 bytes leftover after parsing attributes in process `syz.1.1781'.
[  757.841579][ T8159] usb 5-1: New USB device found, idVendor=084e, idProduct=1001, bcdDevice=ed.ae
[  757.855552][ T5975] usb 3-1: Using ep0 maxpacket: 32
[  757.864447][ T8159] usb 5-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  757.883041][ T8159] usb 5-1: Product: syz
[  757.883128][ T5975] usb 3-1: config 1 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7
[  757.892869][ T8159] usb 5-1: Manufacturer: syz
[  757.909453][ T8159] usb 5-1: SerialNumber: syz
[  757.913611][ T5975] usb 3-1: config 1 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0
[  757.919982][ T8159] usb 5-1: config 0 descriptor??
[  757.935606][ T5975] usb 3-1: config 1 interface 0 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 2
[  757.958696][T12619] raw-gadget.1 gadget.4: fail, usb_ep_enable returned -22
[  757.971871][ T8159] input: KB Gear Tablet as /devices/platform/dummy_hcd.4/usb5/5-1/5-1:0.0/input/input19
[  757.977940][ T5975] usb 3-1: New USB device found, idVendor=05ac, idProduct=020f, bcdDevice= 0.22
[  758.008092][ T5975] usb 3-1: New USB device strings: Mfr=1, Product=130, SerialNumber=131
[  758.025795][ T5975] usb 3-1: Product: syz
[  758.035643][ T5975] usb 3-1: Manufacturer: syz
[  758.049534][ T5975] usb 3-1: SerialNumber: syz
[  758.063700][ T5975] input: appletouch as /devices/platform/dummy_hcd.2/usb3/3-1/3-1:1.0/input/input20
[  758.285917][ T8159] usb 1-1: new full-speed USB device number 56 using dummy_hcd
[  758.820597][ T8159] usb 1-1: device descriptor read/64, error -71
[  759.102980][ T5975] usb 3-1: USB disconnect, device number 57
[  759.128339][ T5975] appletouch 3-1:1.0: input: appletouch disconnected
[  759.836630][ T8159] usb 1-1: new full-speed USB device number 57 using dummy_hcd
[  760.070292][ T8160] usb 5-1: USB disconnect, device number 74
[  760.128137][ T8159] usb 1-1: device descriptor read/64, error -71
[  760.235894][ T8159] usb usb1-port1: attempt power cycle
[  760.715100][ T8160] usb 5-1: new high-speed USB device number 75 using dummy_hcd
[  760.955649][ T8160] usb 5-1: Using ep0 maxpacket: 16
[  761.351991][ T8160] usb 5-1: config 0 has an invalid interface number: 105 but max is 0
[  761.393086][ T8160] usb 5-1: config 0 descriptor has 1 excess byte, ignoring
[  761.400934][ T8160] usb 5-1: config 0 has no interface number 0
[  761.413869][ T8160] usb 5-1: New USB device found, idVendor=046d, idProduct=08f3, bcdDevice= b.28
[  761.459470][ T8160] usb 5-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  761.495520][ T8160] usb 5-1: Product: syz
[  761.519123][ T8160] usb 5-1: Manufacturer: syz
[  761.541349][ T8160] usb 5-1: SerialNumber: syz
[  761.554484][ T8160] usb 5-1: config 0 descriptor??
[  761.647309][T12657] vimc link validate: Scaler:src:640x480 (0x33424752, 8, 0, 0, 0) RGB/YUV Capture:snk:640x480 (0x33424752, 8, 0, 0, 0)
[  761.816998][T12644] ptm ptm1: ldisc open failed (-12), clearing slot 1
[  761.921878][ T8160] usb 5-1: Found UVC 0.00 device syz (046d:08f3)
[  761.942623][ T8160] usb 5-1: No valid video chain found.
[  761.988910][ T8160] usb 5-1: USB disconnect, device number 75
[  762.011555][T12668] tmpfs: Bad value for 'mpol'
[  762.988435][T12688] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy
[  763.026749][T12688] misc raw-gadget: fail, usb_gadget_register_driver returned -16
[  763.225510][   T24] usb 1-1: new high-speed USB device number 59 using dummy_hcd
[  763.279127][ T8160] usb 3-1: new high-speed USB device number 58 using dummy_hcd
[  763.376582][   T24] usb 1-1: device descriptor read/64, error -71
[  763.655699][ T8160] usb 3-1: Using ep0 maxpacket: 32
[  763.663095][ T8160] usb 3-1: config 1 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7
[  763.677569][ T8160] usb 3-1: config 1 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0
[  763.738668][ T8160] usb 3-1: config 1 interface 0 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 2
[  763.761979][ T8160] usb 3-1: New USB device found, idVendor=05ac, idProduct=020f, bcdDevice= 0.22
[  763.814142][ T8160] usb 3-1: New USB device strings: Mfr=1, Product=130, SerialNumber=131
[  763.823377][ T8160] usb 3-1: Product: syz
[  763.848528][   T24] usb 1-1: new high-speed USB device number 60 using dummy_hcd
[  763.956741][ T8160] usb 3-1: Manufacturer: syz
[  763.969247][ T8160] usb 3-1: SerialNumber: syz
[  764.020715][ T8160] input: appletouch as /devices/platform/dummy_hcd.2/usb3/3-1/3-1:1.0/input/input21
[  764.085474][   T24] usb 1-1: device descriptor read/64, error -71
[  764.140962][T12708] netlink: 8 bytes leftover after parsing attributes in process `syz.4.1804'.
[  764.154935][T12708] netlink: 8 bytes leftover after parsing attributes in process `syz.4.1804'.
[  764.195789][   T24] usb usb1-port1: attempt power cycle
[  764.716082][   T24] usb 1-1: new high-speed USB device number 61 using dummy_hcd
[  764.787414][   T24] usb 1-1: device descriptor read/8, error -71
[  764.912970][ T5975] usb 3-1: USB disconnect, device number 58
[  764.924017][T12718] fuse: Bad value for 'fd'
[  765.010886][T12720] No control pipe specified
[  765.043148][ T5975] appletouch 3-1:1.0: input: appletouch disconnected
[  765.075782][   T24] usb 1-1: new high-speed USB device number 62 using dummy_hcd
[  765.114075][   T24] usb 1-1: device descriptor read/8, error -71
[  765.199318][T12728] input: syz0 as /devices/virtual/input/input22
[  765.240392][   T24] usb usb1-port1: unable to enumerate USB device
[  765.308639][T12731] netlink: 60 bytes leftover after parsing attributes in process `syz.4.1809'.
[  766.115921][T12742] netlink: 24 bytes leftover after parsing attributes in process `syz.2.1811'.
[  768.341270][T12761] netlink: 4 bytes leftover after parsing attributes in process `syz.2.1818'.
[  768.409061][T12766] netlink: 20 bytes leftover after parsing attributes in process `syz.2.1818'.
[  770.358473][T12799] lo speed is unknown, defaulting to 1000
[  770.382503][T12797] netlink: 12 bytes leftover after parsing attributes in process `syz.2.1830'.
[  770.425732][ T5975] usb 5-1: new high-speed USB device number 76 using dummy_hcd
[  770.575740][ T5975] usb 5-1: device descriptor read/64, error -71
[  770.816571][ T5975] usb 5-1: new high-speed USB device number 77 using dummy_hcd
[  771.125451][ T5975] usb 5-1: device descriptor read/64, error -71
[  771.971667][ T5975] usb usb5-port1: attempt power cycle
[  772.335674][ T5975] usb 5-1: new high-speed USB device number 78 using dummy_hcd
[  772.949929][T12842] fuse: Bad value for 'fd'
[  772.962433][ T5975] usb 5-1: device descriptor read/8, error -71
[  774.648905][T12873] netlink: 'syz.0.1850': attribute type 6 has an invalid length.
[  774.680523][T12873] geneve2: entered promiscuous mode
[  774.685924][T12873] geneve2: entered allmulticast mode
[  775.662407][T12883] xt_hashlimit: size too large, truncated to 1048576
[  776.323487][T12887] 
: renamed from bridge_slave_0 (while UP)
[  777.013626][T12899] iommufd_mock iommufd_mock0: Adding to iommu group 0
[  777.862081][T12900] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy
[  777.887643][T12900] misc raw-gadget: fail, usb_gadget_register_driver returned -16
[  778.095525][ T5848] usb 1-1: new full-speed USB device number 63 using dummy_hcd
[  778.274689][ T5848] usb 1-1: unable to get BOS descriptor or descriptor too short
[  778.286375][ T5848] usb 1-1: not running at top speed; connect to a high speed hub
[  778.319727][ T5848] usb 1-1: config 1 interface 0 altsetting 249 has 1 endpoint descriptor, different from the interface descriptor's value: 2
[  778.342108][ T5848] usb 1-1: config 1 interface 0 has no altsetting 0
[  778.367956][ T5848] usb 1-1: New USB device found, idVendor=05ac, idProduct=0236, bcdDevice= 0.40
[  778.382976][ T5848] usb 1-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  778.424715][ T5848] usb 1-1: Product: syz
[  778.440303][ T5848] usb 1-1: Manufacturer: syz
[  778.474883][ T5848] usb 1-1: SerialNumber: syz
[  779.898977][ T5848] input: bcm5974 as /devices/platform/dummy_hcd.0/usb1/1-1/1-1:1.0/input/input23
[  779.998335][ T5193] bcm5974 1-1:1.0: could not read from device
[  780.003963][ T5848] usb 1-1: USB disconnect, device number 63
[  780.811049][T12944] kAFS: unable to lookup cell ''
[  783.215398][T12995] sctp: [Deprecated]: syz.1.1879 (pid 12995) Use of int in max_burst socket option.
[  783.215398][T12995] Use struct sctp_assoc_value instead
[  783.467410][ T8159] usb 1-1: new high-speed USB device number 64 using dummy_hcd
[  783.878154][ T8159] usb 1-1: config 0 has an invalid interface number: 168 but max is 0
[  783.897177][ T8159] usb 1-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config
[  783.902059][T13002] fanotify: failed to encode fid (type=0, len=0, err=-2)
[  783.918651][ T8159] usb 1-1: config 0 has no interface number 0
[  783.945503][ T8159] usb 1-1: config 0 interface 168 altsetting 0 endpoint 0x3 has invalid wMaxPacketSize 0
[  783.982021][ T8159] usb 1-1: config 0 interface 168 altsetting 0 has 3 endpoint descriptors, different from the interface descriptor's value: 16
[  784.035567][ T8159] usb 1-1: New USB device found, idVendor=0959, idProduct=2bd0, bcdDevice=48.98
[  784.085454][ T8159] usb 1-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  784.162471][ T8159] usb 1-1: config 0 descriptor??
[  784.192326][ T8159] HFC-S_USB 1-1:0.168: probe with driver HFC-S_USB failed with error -5
[  784.355510][ T8155] usb 3-1: new high-speed USB device number 59 using dummy_hcd
[  784.705568][ T8155] usb 3-1: Using ep0 maxpacket: 32
[  784.976810][ T8159] usb 1-1: USB disconnect, device number 64
[  784.990860][ T8155] usb 3-1: config 1 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7
[  785.007310][ T8155] usb 3-1: config 1 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0
[  785.021322][ T8155] usb 3-1: config 1 interface 0 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 2
[  785.056256][ T8155] usb 3-1: New USB device found, idVendor=05ac, idProduct=020f, bcdDevice= 0.22
[  785.075076][ T8155] usb 3-1: New USB device strings: Mfr=1, Product=130, SerialNumber=131
[  785.107410][ T8155] usb 3-1: Product: syz
[  785.125383][ T8155] usb 3-1: Manufacturer: syz
[  785.140381][ T8155] usb 3-1: SerialNumber: syz
[  785.177054][ T8155] input: appletouch as /devices/platform/dummy_hcd.2/usb3/3-1/3-1:1.0/input/input24
[  786.461196][ T8155] usb 3-1: USB disconnect, device number 59
[  786.807364][ T5848] IPVS: starting estimator thread 0...
[  786.956254][ T8155] appletouch 3-1:1.0: input: appletouch disconnected
[  787.045847][T13044] IPVS: using max 25 ests per chain, 60000 per kthread
[  787.371699][T13059] netlink: 8 bytes leftover after parsing attributes in process `syz.3.1900'.
[  787.494516][T13059] netlink: 'syz.3.1900': attribute type 2 has an invalid length.
[  788.005562][ T5848] usb 3-1: new full-speed USB device number 60 using dummy_hcd
[  788.066125][ T8155] usb 5-1: new high-speed USB device number 80 using dummy_hcd
[  788.173333][ T5848] usb 3-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 10
[  788.199455][ T5848] usb 3-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0
[  788.211262][ T5848] usb 3-1: New USB device found, idVendor=1e7d, idProduct=319c, bcdDevice= 0.00
[  788.224179][ T5848] usb 3-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  788.236323][ T5848] usb 3-1: config 0 descriptor??
[  788.255578][ T8155] usb 5-1: Using ep0 maxpacket: 8
[  788.267681][ T8155] usb 5-1: New USB device found, idVendor=047d, idProduct=5003, bcdDevice=2f.8c
[  788.286030][ T8155] usb 5-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  788.301386][ T8155] usb 5-1: Product: syz
[  788.314423][ T8155] usb 5-1: Manufacturer: syz
[  788.324750][ T8155] usb 5-1: SerialNumber: syz
[  788.350309][ T8155] usb 5-1: config 0 descriptor??
[  788.362159][ T8155] gspca_main: se401-2.14.0 probing 047d:5003
[  788.438249][T13075] netlink: 20 bytes leftover after parsing attributes in process `syz.1.1905'.
[  788.613393][   T30] audit: type=1326 audit(1755629577.364:260): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=13067 comm="syz.3.1903" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fc460d8ebe9 code=0x7fc00000
[  788.657059][ T5848] isku 0003:1E7D:319C.000D: unknown main item tag 0x0
[  788.664094][ T5848] isku 0003:1E7D:319C.000D: unknown main item tag 0x0
[  788.704361][ T5848] isku 0003:1E7D:319C.000D: hidraw0: USB HID v0.00 Device [HID 1e7d:319c] on usb-dummy_hcd.2-1/input0
[  789.015029][ T5848] isku 0003:1E7D:319C.000D: couldn't init struct isku_device
[  789.044931][ T5848] isku 0003:1E7D:319C.000D: couldn't install keyboard
[  789.062276][ T5848] isku 0003:1E7D:319C.000D: probe with driver isku failed with error -71
[  789.744227][ T5848] usb 3-1: USB disconnect, device number 60
[  789.765276][ T8155] gspca_se401: write req failed req 0x57 val 0x00 error -110
[  789.818648][ T8155] se401 5-1:0.0: probe with driver se401 failed with error -110
[  789.896933][T13094] tmpfs: Bad value for 'mpol'
[  789.950993][T13098] netlink: 8 bytes leftover after parsing attributes in process `syz.3.1913'.
[  790.108156][T13098] netlink: 'syz.3.1913': attribute type 2 has an invalid length.
[  790.238631][T13109] netlink: 4 bytes leftover after parsing attributes in process `syz.0.1915'.
[  790.249225][T13109] netlink: 'syz.0.1915': attribute type 1 has an invalid length.
[  791.026103][ T5848] usb 5-1: USB disconnect, device number 80
[  791.171713][T13121] openvswitch: netlink: Missing key (keys=1040, expected=2000)
[  792.032922][T13127] netlink: 12 bytes leftover after parsing attributes in process `syz.4.1920'.
[  793.644386][T13142] netlink: 8 bytes leftover after parsing attributes in process `syz.1.1925'.
[  793.738765][T13147] netlink: 8 bytes leftover after parsing attributes in process `syz.0.1926'.
[  793.866311][T13148] netlink: 'syz.0.1926': attribute type 2 has an invalid length.
[  794.796333][T13156] netlink: 'syz.0.1929': attribute type 20 has an invalid length.
[  797.914951][T13203] fuse: Bad value for 'rootmode'
[  798.126429][T13206] input: syz0 as /devices/virtual/input/input27
[  798.673791][T13219] 9pnet_fd: Insufficient options for proto=fd
[  798.694747][   T30] audit: type=1326 audit(1755629587.434:261): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=13218 comm="syz.0.1950" exe="/root/syz-executor" sig=31 arch=c000003e syscall=202 compat=0 ip=0x7f025718ebe9 code=0x0
[  799.280481][T13231] syz.2.1954: attempt to access beyond end of device
[  799.280481][T13231] nbd2: rw=0, sector=0, nr_sectors = 1 limit=0
[  799.355841][T13225] IPVS: set_ctl: invalid protocol: 47 172.20.20.16:20000
[  799.581663][T13233] vimc link validate: Scaler:src:640x480 (0x33424752, 8, 0, 0, 0) RGB/YUV Capture:snk:640x480 (0x33424752, 8, 0, 0, 0)
[  799.646422][T13227] cgroup2: Unknown parameter 'rootcontext'
[  800.590327][T13242] netlink: 8 bytes leftover after parsing attributes in process `syz.0.1956'.
[  800.628319][T13244] netlink: 8 bytes leftover after parsing attributes in process `syz.3.1957'.
[  800.648751][T13244] netlink: 8 bytes leftover after parsing attributes in process `syz.3.1957'.
[  801.191521][T13242] netlink: 'syz.0.1956': attribute type 2 has an invalid length.
[  802.605441][ T5848] usb 1-1: new high-speed USB device number 65 using dummy_hcd
[  802.884298][ T8155] usb 3-1: new high-speed USB device number 61 using dummy_hcd
[  803.757804][ T5848] usb 1-1: config 1 has too many interfaces: 66, using maximum allowed: 32
[  803.766696][ T5848] usb 1-1: config 1 has an invalid descriptor of length 55, skipping remainder of the config
[  803.777172][ T5848] usb 1-1: config 1 has 1 interface, different from the descriptor's value: 66
[  803.786233][ T5848] usb 1-1: config 1 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 52, changing to 9
[  803.803707][ T8155] usb 3-1: device descriptor read/64, error -71
[  803.881564][T13271] sctp: [Deprecated]: syz.1.1966 (pid 13271) Use of int in max_burst socket option.
[  803.881564][T13271] Use struct sctp_assoc_value instead
[  804.020610][ T5848] usb 1-1: config 1 interface 0 altsetting 0 endpoint 0x81 has invalid maxpacket 8241, setting to 1024
[  804.045817][T13268] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy
[  804.079631][ T5848] usb 1-1: New USB device found, idVendor=7d25, idProduct=a415, bcdDevice= 0.40
[  804.099830][ T5848] usb 1-1: New USB device strings: Mfr=1, Product=4, SerialNumber=0
[  804.108504][T13268] misc raw-gadget: fail, usb_gadget_register_driver returned -16
[  804.126590][ T5848] usb 1-1: Product: syz
[  804.131420][ T5848] usb 1-1: Manufacturer: syz
[  804.145986][T13275] tmpfs: Unknown parameter '0x0000000000000000������'
[  804.235539][ T8155] usb 3-1: new high-speed USB device number 62 using dummy_hcd
[  804.268448][ T5848] cdc_wdm 1-1:1.0: skipping garbage
[  804.273877][ T5848] cdc_wdm 1-1:1.0: skipping garbage
[  804.281705][ T5848] cdc_wdm 1-1:1.0: cdc-wdm0: USB WDM device
[  804.287985][ T5848] cdc_wdm 1-1:1.0: Unknown control protocol
[  804.385433][ T8155] usb 3-1: device descriptor read/64, error -71
[  804.385441][ T5975] usb 5-1: new high-speed USB device number 81 using dummy_hcd
[  804.483789][T13282] netlink: 240 bytes leftover after parsing attributes in process `syz.1.1970'.
[  804.507694][ T8155] usb usb3-port1: attempt power cycle
[  804.539994][ T5975] usb 5-1: New USB device found, idVendor=0cf3, idProduct=9271, bcdDevice= 1.08
[  804.554940][ T5975] usb 5-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  804.573470][ T5975] usb 5-1: Product: syz
[  804.579708][ T5975] usb 5-1: Manufacturer: syz
[  804.584601][ T5975] usb 5-1: SerialNumber: syz
[  804.600531][ T5975] usb 5-1: ath9k_htc: Firmware ath9k_htc/htc_9271-1.4.0.fw requested
[  804.620533][ T5848] usb 5-1: ath9k_htc: Transferred FW: ath9k_htc/htc_9271-1.4.0.fw, size: 51008
[  804.679610][ T5975] usb 1-1: USB disconnect, device number 65
[  804.875592][ T8155] usb 3-1: new high-speed USB device number 63 using dummy_hcd
[  804.897608][ T8155] usb 3-1: device descriptor read/8, error -71
[  805.109887][ T8156] usb 5-1: USB disconnect, device number 81
[  805.136479][ T8155] usb 3-1: new high-speed USB device number 64 using dummy_hcd
[  805.655661][ T5848] ath9k_htc 5-1:1.0: ath9k_htc: Target is unresponsive
[  805.665044][ T5848] ath9k_htc: Failed to initialize the device
[  805.695262][ T8156] usb 5-1: ath9k_htc: USB layer deinitialized
[  805.701983][ T8155] usb 3-1: device descriptor read/8, error -71
[  805.935668][ T5975] usb 1-1: new high-speed USB device number 66 using dummy_hcd
[  805.983682][ T8155] usb usb3-port1: unable to enumerate USB device
[  806.050285][T13305] netlink: 7 bytes leftover after parsing attributes in process `syz.3.1977'.
[  806.062471][T13305] netlink: 7 bytes leftover after parsing attributes in process `syz.3.1977'.
[  806.149205][T13307] netlink: 4 bytes leftover after parsing attributes in process `syz.1.1973'.
[  806.715423][ T5975] usb 1-1: Using ep0 maxpacket: 8
[  807.044296][ T5975] usb 1-1: device descriptor read/all, error -71
[  807.756881][   T24] usb 3-1: new full-speed USB device number 65 using dummy_hcd
[  808.502379][T13321] iommufd_mock iommufd_mock0: Adding to iommu group 0
[  808.669223][T13343] tmpfs: Unknown parameter 'no�wap'
[  808.678462][   T24] usb 3-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid maxpacket 1023, setting to 64
[  808.691910][T13344] fuse: Bad value for 'fd'
[  808.696739][   T24] usb 3-1: New USB device found, idVendor=04f3, idProduct=0755, bcdDevice= 0.00
[  808.724729][   T24] usb 3-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  808.754246][   T24] usb 3-1: config 0 descriptor??
[  808.763231][T13316] raw-gadget.0 gadget.2: fail, usb_ep_enable returned -22
[  808.913742][T13354] x_tables: ip6_tables: quota.0 match: invalid size 24 (kernel) != (user) 144
[  808.933024][T13354] netlink: 16 bytes leftover after parsing attributes in process `syz.1.1992'.
[  808.959358][T13354] netlink: 16 bytes leftover after parsing attributes in process `syz.1.1992'.
[  809.019726][T13357] iommufd_mock iommufd_mock0: Adding to iommu group 0
[  809.196756][   T24] elan 0003:04F3:0755.000E: hidraw0: USB HID v1.01 Device [HID 04f3:0755] on usb-dummy_hcd.2-1/input0
[  809.215188][T13365] netlink: 16 bytes leftover after parsing attributes in process `syz.0.1996'.
[  809.458317][ T8156] usb 3-1: USB disconnect, device number 65
[  809.475534][ T8155] usb 1-1: new high-speed USB device number 68 using dummy_hcd
[  809.626019][ T8155] usb 1-1: device descriptor read/64, error -71
[  809.686508][   T24] usb 5-1: new high-speed USB device number 82 using dummy_hcd
[  809.875483][ T8155] usb 1-1: new high-speed USB device number 69 using dummy_hcd
[  809.935474][   T24] usb 5-1: device descriptor read/64, error -71
[  810.294159][ T8155] usb 1-1: device descriptor read/64, error -71
[  810.718685][ T8155] usb usb1-port1: attempt power cycle
[  810.796369][T13378] sock: sock_timestamping_bind_phc: sock not bind to device
[  810.807313][T13379] sock: sock_timestamping_bind_phc: sock not bind to device
[  810.942133][   T24] usb 5-1: new high-speed USB device number 83 using dummy_hcd
[  812.023402][ T8155] usb 1-1: new high-speed USB device number 70 using dummy_hcd
[  812.132090][ T8155] usb 1-1: device descriptor read/8, error -71
[  812.221139][   T24] usb 5-1: device descriptor read/64, error -71
[  812.505696][   T24] usb usb5-port1: attempt power cycle
[  812.615532][ T8155] usb 1-1: new high-speed USB device number 71 using dummy_hcd
[  812.718489][T13391] netlink: 8 bytes leftover after parsing attributes in process `syz.4.2004'.
[  812.875039][T13392] netlink: 'syz.4.2004': attribute type 2 has an invalid length.
[  812.907537][ T8155] usb 1-1: device not accepting address 71, error -71
[  813.325461][ T8155] usb usb1-port1: unable to enumerate USB device
[  813.907135][T13401] netlink: 'syz.3.2007': attribute type 3 has an invalid length.
[  813.914955][T13401] netlink: 'syz.3.2007': attribute type 3 has an invalid length.
[  813.923902][ T1303] ieee802154 phy0 wpan0: encryption failed: -22
[  813.930745][ T1303] ieee802154 phy1 wpan1: encryption failed: -22
[  814.345975][T13415] fuse: Bad value for 'fd'
[  814.519516][ T8155] usb 1-1: new high-speed USB device number 72 using dummy_hcd
[  814.631327][T13422] overlayfs: failed to clone upperpath
[  814.700833][ T8155] usb 1-1: no configurations
[  814.711267][ T8155] usb 1-1: can't read configurations, error -22
[  815.077120][ T8155] usb 1-1: new high-speed USB device number 73 using dummy_hcd
[  815.428411][ T8155] usb 1-1: no configurations
[  816.063960][ T8155] usb 1-1: can't read configurations, error -22
[  816.087076][ T8155] usb usb1-port1: attempt power cycle
[  816.536099][ T8155] usb 1-1: new high-speed USB device number 74 using dummy_hcd
[  816.576683][ T8155] usb 1-1: no configurations
[  816.585644][ T8155] usb 1-1: can't read configurations, error -22
[  817.216014][ T8155] usb 1-1: new high-speed USB device number 75 using dummy_hcd
[  817.322188][ T8155] usb 1-1: device descriptor read/8, error -71
[  817.486569][ T8155] usb usb1-port1: unable to enumerate USB device
[  818.797121][T13456] netlink: 12 bytes leftover after parsing attributes in process `syz.4.2025'.
[  821.665506][   T24] usb 3-1: new high-speed USB device number 66 using dummy_hcd
[  821.855634][   T24] usb 3-1: Using ep0 maxpacket: 32
[  821.874180][   T24] usb 3-1: config 1 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7
[  821.903836][   T24] usb 3-1: config 1 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0
[  821.960455][   T24] usb 3-1: config 1 interface 0 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 2
[  821.990579][   T24] usb 3-1: New USB device found, idVendor=05ac, idProduct=020f, bcdDevice= 0.22
[  822.156100][   T24] usb 3-1: New USB device strings: Mfr=1, Product=130, SerialNumber=131
[  822.165075][   T24] usb 3-1: Product: syz
[  822.169351][   T24] usb 3-1: Manufacturer: syz
[  822.174105][   T24] usb 3-1: SerialNumber: syz
[  822.198418][   T24] input: appletouch as /devices/platform/dummy_hcd.2/usb3/3-1/3-1:1.0/input/input28
[  822.215454][ T1218] usb 1-1: new high-speed USB device number 76 using dummy_hcd
[  822.575593][ T1218] usb 1-1: Using ep0 maxpacket: 8
[  823.129387][ T1218] usb 1-1: config index 0 descriptor too short (expected 301, got 45)
[  823.165436][ T1218] usb 1-1: config 16 interface 0 altsetting 0 endpoint 0x5 has invalid wMaxPacketSize 0
[  823.176395][ T1218] usb 1-1: config 16 interface 0 altsetting 0 bulk endpoint 0x5 has invalid maxpacket 0
[  823.198470][ T1218] usb 1-1: config 16 interface 0 altsetting 0 bulk endpoint 0x8B has invalid maxpacket 32
[  823.217969][ T1218] usb 1-1: config 16 interface 0 altsetting 0 has 2 endpoint descriptors, different from the interface descriptor's value: 3
[  823.286138][ T1218] usb 1-1: New USB device found, idVendor=ee8d, idProduct=db1e, bcdDevice=61.23
[  823.753501][ T1218] usb 1-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  823.961382][ T8156] usb 3-1: USB disconnect, device number 66
[  823.993078][ T8156] appletouch 3-1:1.0: input: appletouch disconnected
[  824.098272][ T1218] usb 1-1: usb_control_msg returned -32
[  824.144984][ T1218] usbtmc 1-1:16.0: can't read capabilities
[  824.456141][T13494] netlink: 12 bytes leftover after parsing attributes in process `syz.3.2039'.
[  824.506555][ T1218] usb 1-1: USB disconnect, device number 76
[  826.230758][T13531] netlink: 12 bytes leftover after parsing attributes in process `syz.0.2051'.
[  826.280411][T13534] netlink: 56 bytes leftover after parsing attributes in process `syz.3.2052'.
[  826.821575][T13540] netlink: 28 bytes leftover after parsing attributes in process `syz.3.2054'.
[  826.833937][T13544] netlink: 4 bytes leftover after parsing attributes in process `syz.0.2056'.
[  827.081241][ T8155] usb 3-1: new full-speed USB device number 67 using dummy_hcd
[  827.515456][ T8155] usb 3-1: device descriptor read/64, error -71
[  828.071224][T13567] 9pnet_virtio: no channels available for device 127.0.0.1
[  828.152161][ T8155] usb 3-1: new full-speed USB device number 68 using dummy_hcd
[  828.595534][ T8155] usb 3-1: device descriptor read/64, error -71
[  828.823125][ T8155] usb usb3-port1: attempt power cycle
[  829.615558][ T8155] usb 3-1: new full-speed USB device number 69 using dummy_hcd
[  829.678493][ T8155] usb 3-1: device descriptor read/8, error -71
[  829.753461][T13583] netlink: 12 bytes leftover after parsing attributes in process `syz.3.2066'.
[  829.840558][T13585] ubi31: attaching mtd0
[  829.849392][T13585] ubi31: scanning is finished
[  829.854123][T13585] ubi31: empty MTD device detected
[  830.026075][T13585] ubi31: attached mtd0 (name "mtdram test device", size 0 MiB)
[  830.034877][T13585] ubi31: PEB size: 4096 bytes (4 KiB), LEB size: 3968 bytes
[  830.042279][T13585] ubi31: min./max. I/O unit sizes: 1/64, sub-page size 1
[  830.049353][T13585] ubi31: VID header offset: 64 (aligned 64), data offset: 128
[  830.056978][T13585] ubi31: good PEBs: 32, bad PEBs: 0, corrupted PEBs: 0
[  830.063943][T13585] ubi31: user volume: 0, internal volumes: 1, max. volumes count: 23
[  830.072138][T13585] ubi31: max/mean erase counter: 0/0, WL threshold: 4096, image sequence number: 608185108
[  830.082318][T13585] ubi31: available PEBs: 28, total reserved PEBs: 4, PEBs reserved for bad PEB handling: 0
[  830.106100][ T8160] usb 1-1: new high-speed USB device number 77 using dummy_hcd
[  830.638258][T13590] ubi31: background thread "ubi_bgt31d" started, PID 13590
[  830.815639][ T8160] usb 1-1: Using ep0 maxpacket: 32
[  830.829415][ T8160] usb 1-1: config 1 has an invalid descriptor of length 0, skipping remainder of the config
[  830.892287][ T8160] usb 1-1: config 1 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7
[  830.921643][ T8160] usb 1-1: config 1 interface 0 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 22
[  830.966614][ T8160] usb 1-1: New USB device found, idVendor=0525, idProduct=a4a1, bcdDevice= 0.40
[  830.994925][ T8160] usb 1-1: New USB device strings: Mfr=0, Product=0, SerialNumber=1
[  831.028839][ T8160] usb 1-1: SerialNumber: syz
[  831.068635][ T8160] cdc_acm 1-1:1.0: Control and data interfaces are not separated!
[  831.098085][ T8160] cdc_acm 1-1:1.0: This needs exactly 3 endpoints
[  831.117246][ T8160] cdc_acm 1-1:1.0: probe with driver cdc_acm failed with error -22
[  831.268068][T13574] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy
[  831.277095][T13574] misc raw-gadget: fail, usb_gadget_register_driver returned -16
[  832.409699][   T30] audit: type=1326 audit(1755629621.164:262): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=13569 comm="syz.0.2063" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f025718ebe9 code=0x7fc00000
[  833.326612][ T8156] usb 1-1: USB disconnect, device number 77
[  833.717514][T13636] netlink: 4 bytes leftover after parsing attributes in process `syz.2.2077'.
[  836.195784][T13656] netlink: 12 bytes leftover after parsing attributes in process `syz.4.2080'.
[  837.627055][T13681] ptrace attach of "./syz-executor exec"[5844] was attempted by "./syz-executor exec"[13681]
[  837.721941][T13682] netlink: 'syz.3.2092': attribute type 2 has an invalid length.
[  837.730688][T13682] netlink: 8 bytes leftover after parsing attributes in process `syz.3.2092'.
[  837.755468][ T5975] usb 5-1: new high-speed USB device number 85 using dummy_hcd
[  837.965418][ T5975] usb 5-1: Using ep0 maxpacket: 16
[  837.972557][ T5975] usb 5-1: config 0 interface 0 altsetting 0 has an endpoint descriptor with address 0xF3, changing to 0x83
[  837.984713][ T5975] usb 5-1: config 0 interface 0 altsetting 0 endpoint 0x83 has an invalid bInterval 0, changing to 7
[  838.000967][ T5975] usb 5-1: New USB device found, idVendor=2040, idProduct=0264, bcdDevice=4e.d1
[  838.010566][ T5975] usb 5-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  838.022873][ T5975] usb 5-1: Product: syz
[  838.032988][ T5975] usb 5-1: Manufacturer: syz
[  838.039327][ T5975] usb 5-1: SerialNumber: syz
[  838.050440][ T5975] usb 5-1: config 0 descriptor??
[  838.058597][ T5975] em28xx 5-1:0.0: New device syz syz @ 480 Mbps (2040:0264, interface 0, class 0)
[  838.095437][ T5975] em28xx 5-1:0.0: Audio interface 0 found (Vendor Class)
[  838.898487][T13692] netlink: 12 bytes leftover after parsing attributes in process `syz.0.2096'.
[  839.017335][ T5975] em28xx 5-1:0.0: unknown em28xx chip ID (0)
[  839.039944][ T5975] em28xx 5-1:0.0: Config register raw data: 0xfffffffb
[  839.784783][T13702] netlink: 256 bytes leftover after parsing attributes in process `syz.0.2099'.
[  839.794425][T13702] netlink: 19720 bytes leftover after parsing attributes in process `syz.0.2099'.
[  839.846778][ T5975] em28xx 5-1:0.0: AC97 command still being executed: not handled properly!
[  839.967262][ T5975] em28xx 5-1:0.0: Unknown AC97 audio processor detected!
[  840.353183][T13712] 9pnet_virtio: no channels available for device 127.0.0.1
[  841.019721][ T5975] em28xx 5-1:0.0: couldn't setup AC97 register 2
[  841.032272][ T5975] em28xx 5-1:0.0: couldn't setup AC97 register 4
[  841.077850][   T24] usb 1-1: new high-speed USB device number 78 using dummy_hcd
[  841.091766][ T5975] em28xx 5-1:0.0: couldn't setup AC97 register 6
[  841.111009][ T5975] em28xx 5-1:0.0: couldn't setup AC97 register 54
[  841.121250][ T5975] em28xx 5-1:0.0: couldn't setup AC97 register 56
[  841.149356][ T5975] usb 5-1: USB disconnect, device number 85
[  841.326035][   T24] usb 1-1: Using ep0 maxpacket: 32
[  841.344040][   T24] usb 1-1: config 1 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7
[  841.348882][T13747] netlink: 8 bytes leftover after parsing attributes in process `syz.3.2111'.
[  841.364856][   T24] usb 1-1: config 1 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0
[  842.080403][   T24] usb 1-1: config 1 interface 0 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 2
[  842.112257][   T24] usb 1-1: New USB device found, idVendor=05ac, idProduct=020f, bcdDevice= 0.22
[  842.125378][   T24] usb 1-1: New USB device strings: Mfr=1, Product=130, SerialNumber=131
[  842.133806][   T24] usb 1-1: Product: syz
[  842.203339][T13747] netlink: 'syz.3.2111': attribute type 2 has an invalid length.
[  842.215801][T13744] xt_CT: No such helper "syz0"
[  842.237263][   T24] usb 1-1: Manufacturer: syz
[  842.242027][   T24] usb 1-1: SerialNumber: syz
[  842.263132][   T24] input: appletouch as /devices/platform/dummy_hcd.0/usb1/1-1/1-1:1.0/input/input29
[  842.312548][T13757] netlink: 48 bytes leftover after parsing attributes in process `syz.3.2115'.
[  842.324313][T13757] netlink: 48 bytes leftover after parsing attributes in process `syz.3.2115'.
[  842.668899][T13764] ubi31: detaching mtd0
[  842.784261][T13764] ubi31: mtd0 is detached
[  842.785675][ T8159] usb 5-1: new high-speed USB device number 86 using dummy_hcd
[  843.087261][ T8159] usb 5-1: config 0 interface 0 altsetting 0 endpoint 0x9 has invalid wMaxPacketSize 0
[  843.104099][ T8159] usb 5-1: New USB device found, idVendor=045e, idProduct=0283, bcdDevice=99.0b
[  843.117890][ T8159] usb 5-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  843.146861][ T8159] usb 5-1: Product: syz
[  843.151100][ T8159] usb 5-1: Manufacturer: syz
[  843.165582][ T8159] usb 5-1: SerialNumber: syz
[  843.178341][ T8159] usb 5-1: config 0 descriptor??
[  843.187025][ T5975] usb 1-1: USB disconnect, device number 78
[  843.214736][ T5975] appletouch 1-1:1.0: input: appletouch disconnected
[  844.678374][ T8159] usb 5-1: USB disconnect, device number 86
[  845.413256][T13790] overlayfs: failed to clone lowerpath
[  845.433464][T13790] netlink: 4 bytes leftover after parsing attributes in process `syz.3.2122'.
[  845.587996][T13796] netlink: 8 bytes leftover after parsing attributes in process `syz.2.2125'.
[  845.705390][T13797] netlink: 'syz.2.2125': attribute type 2 has an invalid length.
[  845.985411][ T8159] usb 5-1: new full-speed USB device number 87 using dummy_hcd
[  846.416104][ T8159] usb 5-1: device descriptor read/64, error -71
[  846.675584][ T8159] usb 5-1: new full-speed USB device number 88 using dummy_hcd
[  847.103618][ T8159] usb 5-1: device descriptor read/64, error -71
[  847.418748][T13815] dlm: non-version read from control device 8224
[  847.516930][ T8159] usb usb5-port1: attempt power cycle
[  847.985427][ T8159] usb 5-1: new full-speed USB device number 89 using dummy_hcd
[  849.934596][ T8159] usb 5-1: device descriptor read/8, error -71
[  850.915549][   T24] usb 1-1: new high-speed USB device number 79 using dummy_hcd
[  852.953933][T13887] netlink: 'syz.2.2149': attribute type 1 has an invalid length.
[  853.175831][   T24] usb 1-1: new high-speed USB device number 80 using dummy_hcd
[  853.405524][   T24] usb 1-1: Using ep0 maxpacket: 16
[  853.477122][   T24] usb 1-1: too many configurations: 188, using maximum allowed: 8
[  853.576776][   T24] usb 1-1: unable to read config index 0 descriptor/start: -61
[  853.624982][   T24] usb 1-1: can't read configurations, error -61
[  853.765418][   T24] usb 1-1: new high-speed USB device number 81 using dummy_hcd
[  853.955426][   T24] usb 1-1: Using ep0 maxpacket: 16
[  853.982209][   T24] usb 1-1: too many configurations: 188, using maximum allowed: 8
[  854.007637][   T24] usb 1-1: unable to read config index 0 descriptor/start: -61
[  854.045251][   T24] usb 1-1: can't read configurations, error -61
[  854.107417][   T24] usb usb1-port1: attempt power cycle
[  855.004746][T13913] 9pnet: p9_errstr2errno: server reported unknown error �00000000000000000000010
[  855.155397][   T24] usb 1-1: new high-speed USB device number 82 using dummy_hcd
[  855.186201][   T24] usb 1-1: Using ep0 maxpacket: 16
[  855.192325][   T24] usb 1-1: too many configurations: 188, using maximum allowed: 8
[  855.214310][   T24] usb 1-1: unable to read config index 0 descriptor/start: -61
[  855.261900][   T24] usb 1-1: can't read configurations, error -61
[  856.159114][   T24] usb 1-1: new high-speed USB device number 83 using dummy_hcd
[  856.236044][   T24] usb 1-1: device descriptor read/8, error -71
[  856.348179][   T24] usb usb1-port1: unable to enumerate USB device
[  856.986703][T13950] netlink: 12 bytes leftover after parsing attributes in process `syz.2.2171'.
[  857.025425][ T8155] usb 1-1: new high-speed USB device number 84 using dummy_hcd
[  857.375861][ T5975] usb 5-1: new high-speed USB device number 91 using dummy_hcd
[  857.885548][ T8155] usb 1-1: Using ep0 maxpacket: 32
[  858.121970][ T8155] usb 1-1: config 0 has an invalid interface number: 54 but max is 0
[  858.134490][ T8155] usb 1-1: config 0 has no interface number 0
[  858.154996][ T8155] usb 1-1: config 0 interface 54 altsetting 16 bulk endpoint 0x6 has invalid maxpacket 1023
[  858.170363][ T8155] usb 1-1: config 0 interface 54 altsetting 16 bulk endpoint 0x82 has invalid maxpacket 8
[  858.214139][ T8155] usb 1-1: config 0 interface 54 has no altsetting 0
[  858.238396][T13955] overlayfs: failed to clone upperpath
[  858.256013][ T5975] usb 5-1: Using ep0 maxpacket: 16
[  858.269097][ T5975] usb 5-1: unable to get BOS descriptor or descriptor too short
[  858.295112][ T5975] usb 5-1: config 129 has an invalid interface number: 145 but max is 0
[  858.307648][ T5975] usb 5-1: config 129 has no interface number 0
[  858.328335][ T8155] usb 1-1: New USB device found, idVendor=0cf2, idProduct=6250, bcdDevice=46.42
[  858.352427][ T8155] usb 1-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  858.359355][ T5975] usb 5-1: config 129 interface 145 altsetting 250 bulk endpoint 0xE has invalid maxpacket 16
[  858.370863][ T8155] usb 1-1: Product: syz
[  858.370885][ T8155] usb 1-1: Manufacturer: syz
[  858.385536][ T5975] usb 5-1: config 129 interface 145 has no altsetting 0
[  858.408044][ T5975] usb 5-1: New USB device found, idVendor=0644, idProduct=800f, bcdDevice= d.2f
[  858.413833][ T8155] usb 1-1: SerialNumber: syz
[  858.425473][ T5975] usb 5-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  858.439542][ T5975] usb 5-1: Product: ဌ
[  858.443774][ T5975] usb 5-1: Manufacturer: Й
[  858.459540][ T8155] usb 1-1: config 0 descriptor??
[  858.464823][ T5975] usb 5-1: SerialNumber: 㷸砯엁険ꁪ床跛᪝酲炙磢윻発➷簤딩㎚椐礏놝笥㝵ઃ㗅␩蟚핌郼᥵羸‟〰演ٌᆥ㎌ꥸ럁柴駦繿ꢿ≟잝句橴彋╩뇊嘫㓮Ṕ罷ﳥ腱商ퟢ⦣䩷ⳃቪꈎ匞숞頏玗셳⮝賰ﲠ鰯ꄶᓥ毸不쒝笗뭛㒛䅰泉ㆽ䱄ᓵ⬈㯄ﰎ὞ⲹ䢝鍒
[  858.470219][T13941] raw-gadget.1 gadget.0: fail, usb_ep_enable returned -22
[  858.541262][T13941] raw-gadget.1 gadget.0: fail, usb_ep_enable returned -22
[  858.721923][T13934] raw-gadget.0 gadget.4: fail, usb_ep_enable returned -22
[  858.792348][ T8155] ums_eneub6250 1-1:0.54: USB Mass Storage device detected
[  858.828937][ T8155] scsi host1: usb-storage 1-1:0.54
[  858.852576][T13963] Invalid ELF header magic: != ELF
[  858.999904][ T5975] usb 5-1: disable ehci-hcd to run US-144
[  859.008599][ T5975] usb 5-1: USB disconnect, device number 91
[  859.043364][ T8155] ums_eneub6250 1-1:0.54: probe with driver ums_eneub6250 failed with error 3
[  859.100246][ T8155] usb 1-1: USB disconnect, device number 84
[  859.500573][T13977] netlink: 216 bytes leftover after parsing attributes in process `syz.1.2177'.
[  860.403386][T13990] netlink: 12 bytes leftover after parsing attributes in process `syz.2.2181'.
[  860.707711][T13990] 8021q: adding VLAN 0 to HW filter on device bond1
[  861.277936][T14003] netlink: 12 bytes leftover after parsing attributes in process `syz.3.2184'.
[  861.921700][T14018] netlink: 72 bytes leftover after parsing attributes in process `syz.3.2189'.
[  862.196172][ T5975] usb 3-1: new high-speed USB device number 71 using dummy_hcd
[  863.005356][ T5975] usb 3-1: Using ep0 maxpacket: 16
[  863.020445][ T5975] usb 3-1: unable to get BOS descriptor or descriptor too short
[  863.045595][ T5975] usb 3-1: config 129 has an invalid interface number: 145 but max is 0
[  863.068896][ T5975] usb 3-1: config 129 has no interface number 0
[  863.084025][ T5975] usb 3-1: config 129 interface 145 altsetting 250 bulk endpoint 0xE has invalid maxpacket 16
[  863.216735][ T5975] usb 3-1: config 129 interface 145 has no altsetting 0
[  863.252488][ T5975] usb 3-1: New USB device found, idVendor=0644, idProduct=800f, bcdDevice= d.2f
[  863.261920][ T5975] usb 3-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  863.288947][ T5975] usb 3-1: Product: ဌ
[  863.293250][ T5975] usb 3-1: Manufacturer: Й
[  863.298327][ T5975] usb 3-1: SerialNumber: 㷸砯엁険ꁪ床跛᪝酲炙磢윻発➷簤딩㎚椐礏놝笥㝵ઃ㗅␩蟚핌郼᥵羸‟〰演ٌᆥ㎌ꥸ럁柴駦繿ꢿ≟잝句橴彋╩뇊嘫㓮Ṕ罷ﳥ腱商ퟢ⦣䩷ⳃቪꈎ匞숞頏玗셳⮝賰ﲠ鰯ꄶᓥ毸不쒝笗뭛㒛䅰泉ㆽ䱄ᓵ⬈㯄ﰎ὞ⲹ䢝鍒
[  863.371551][T14019] raw-gadget.0 gadget.2: fail, usb_ep_enable returned -22
[  863.404719][T14043] pim6reg: entered allmulticast mode
[  863.415785][ T8155] usb 1-1: new high-speed USB device number 85 using dummy_hcd
[  863.423274][T14045] rdma_op ffff8880255369f0 conn xmit_rdma 0000000000000000
[  863.619459][ T5975] usb 3-1: disable ehci-hcd to run US-144
[  863.655705][ T5975] usb 3-1: USB disconnect, device number 71
[  863.695458][ T8155] usb 1-1: Using ep0 maxpacket: 32
[  863.704539][ T8155] usb 1-1: config 1 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7
[  863.747247][ T8155] usb 1-1: config 1 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0
[  863.789078][ T8155] usb 1-1: config 1 interface 0 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 2
[  863.968378][ T8155] usb 1-1: New USB device found, idVendor=05ac, idProduct=020f, bcdDevice= 0.22
[  863.978830][ T8155] usb 1-1: New USB device strings: Mfr=1, Product=130, SerialNumber=131
[  863.989339][ T8155] usb 1-1: Product: syz
[  863.993631][ T8155] usb 1-1: Manufacturer: syz
[  863.998773][ T8155] usb 1-1: SerialNumber: syz
[  864.721604][ T8155] input: appletouch as /devices/platform/dummy_hcd.0/usb1/1-1/1-1:1.0/input/input30
[  865.616090][T14061] netlink: 96 bytes leftover after parsing attributes in process `syz.4.2201'.
[  865.837549][ T8156] usb 1-1: USB disconnect, device number 85
[  865.883473][ T8156] appletouch 1-1:1.0: input: appletouch disconnected
[  866.044599][T14068] netlink: 4 bytes leftover after parsing attributes in process `syz.2.2203'.
[  866.412093][T14075] Dead loop on virtual device ip6_vti0, fix it urgently!
[  866.495032][T14078] ALSA: seq fatal error: cannot create timer (-22)
[  866.530915][T14080] netlink: 8 bytes leftover after parsing attributes in process `syz.1.2205'.
[  866.545539][T14080] netlink: 8 bytes leftover after parsing attributes in process `syz.1.2205'.
[  866.807821][T14078] ./file0: Can't open blockdev
[  867.986583][T14093] netlink: 44 bytes leftover after parsing attributes in process `syz.3.2209'.
[  868.010189][T14093] netlink: 43 bytes leftover after parsing attributes in process `syz.3.2209'.
[  868.069661][T14093] netlink: 'syz.3.2209': attribute type 6 has an invalid length.
[  868.112007][T14093] netlink: 'syz.3.2209': attribute type 5 has an invalid length.
[  868.140405][T14093] netlink: 43 bytes leftover after parsing attributes in process `syz.3.2209'.
[  870.365531][ T5975] usb 1-1: new high-speed USB device number 86 using dummy_hcd
[  870.528490][ T5975] usb 1-1: New USB device found, idVendor=0813, idProduct=0001, bcdDevice=3a.08
[  870.542233][ T5975] usb 1-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  870.564182][ T5975] usb 1-1: config 0 descriptor??
[  870.580156][ T5975] gspca_main: cpia1-2.14.0 probing 0813:0001
[  870.692841][T14133] netlink: 4 bytes leftover after parsing attributes in process `syz.4.2222'.
[  870.781382][T14117] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy
[  870.801624][T14117] misc raw-gadget: fail, usb_gadget_register_driver returned -16
[  871.026249][ T5975] gspca_cpia1: usb_control_msg 03, error -71
[  871.041326][ T5975] gspca_cpia1: usb_control_msg 01, error -71
[  871.058992][ T5975] cpia1 1-1:0.0: only firmware version 1 is supported (got: 0)
[  871.074033][ T5975] usb 1-1: USB disconnect, device number 86
[  872.096975][T14147] netlink: 'syz.4.2226': attribute type 10 has an invalid length.
[  872.123986][T14147] netlink: 40 bytes leftover after parsing attributes in process `syz.4.2226'.
[  872.162844][T14147] bond0: entered promiscuous mode
[  872.183512][T14147] bond_slave_0: entered promiscuous mode
[  872.238325][T14147] bond_slave_1: entered promiscuous mode
[  872.267276][T14147] batadv0: entered promiscuous mode
[  872.280019][T14147] bond0: entered allmulticast mode
[  872.286739][T14147] bond_slave_0: entered allmulticast mode
[  872.292738][T14147] bond_slave_1: entered allmulticast mode
[  872.302211][T14147] batadv0: entered allmulticast mode
[  872.350703][T14147] bridge0: port 3(bond0) entered blocking state
[  872.361888][T14147] bridge0: port 3(bond0) entered disabled state
[  873.387801][T14147] bridge0: port 3(bond0) entered blocking state
[  873.394323][T14147] bridge0: port 3(bond0) entered forwarding state
[  873.427971][T10287] batman_adv: batadv0: No IGMP Querier present - multicast optimizations disabled
[  873.437998][T10287] batman_adv: batadv0: No MLD Querier present - multicast optimizations disabled
[  873.590882][T14171] random: crng reseeded on system resumption
[  875.340766][ T1303] ieee802154 phy0 wpan0: encryption failed: -22
[  875.347489][ T1303] ieee802154 phy1 wpan1: encryption failed: -22
[  875.380153][T14181] netlink: 16 bytes leftover after parsing attributes in process `syz.4.2235'.
[  875.413489][T10325] Bluetooth: hci1: unknown advertising packet type: 0x70
[  875.755604][ T5975] usb 5-1: new high-speed USB device number 92 using dummy_hcd
[  876.083672][ T8156] usb 3-1: new high-speed USB device number 72 using dummy_hcd
[  876.125448][ T5975] usb 5-1: Using ep0 maxpacket: 8
[  877.016283][ T5975] usb 5-1: config 0 interface 0 altsetting 0 endpoint 0x8D has an invalid bInterval 42, changing to 9
[  877.027555][ T5975] usb 5-1: config 0 interface 0 altsetting 0 endpoint 0x5 has invalid wMaxPacketSize 0
[  877.037639][ T5975] usb 5-1: config 0 interface 0 altsetting 0 bulk endpoint 0x5 has invalid maxpacket 0
[  877.047661][ T5975] usb 5-1: config 0 interface 0 altsetting 0 endpoint 0x8B has invalid maxpacket 12336, setting to 1024
[  877.062891][ T5975] usb 5-1: config 0 interface 0 altsetting 0 bulk endpoint 0x8B has invalid maxpacket 1024
[  877.074358][ T5975] usb 5-1: New USB device found, idVendor=05ac, idProduct=8215, bcdDevice=8f.58
[  877.083724][ T5975] usb 5-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  877.146817][ T5975] usb 5-1: config 0 descriptor??
[  877.152904][T14182] raw-gadget.1 gadget.4: fail, usb_ep_enable returned -22
[  877.336911][ T8156] usb 3-1: Using ep0 maxpacket: 32
[  877.349038][ T8156] usb 3-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config
[  877.430976][ T8156] usb 3-1: config 0 has 0 interfaces, different from the descriptor's value: 1
[  877.453330][ T8156] usb 3-1: New USB device found, idVendor=1608, idProduct=020c, bcdDevice=e7.2c
[  877.481516][ T8156] usb 3-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  877.508629][ T8156] usb 3-1: Product: syz
[  877.520448][ T8156] usb 3-1: Manufacturer: syz
[  877.542176][ T8156] usb 3-1: SerialNumber: syz
[  877.572862][ T8156] usb 3-1: config 0 descriptor??
[  877.719129][T14199] netlink: 'syz.3.2241': attribute type 12 has an invalid length.
[  877.727432][T14199] netlink: 'syz.3.2241': attribute type 29 has an invalid length.
[  877.735700][T14199] netlink: 148 bytes leftover after parsing attributes in process `syz.3.2241'.
[  878.141124][ T5975] usb 1-1: new high-speed USB device number 87 using dummy_hcd
[  879.731545][ T5975] usb 1-1: device descriptor read/64, error -71
[  879.738441][T10325] Bluetooth: hci5: Opcode 0x0c03 failed: -71
[  879.985504][ T5975] usb 1-1: new high-speed USB device number 88 using dummy_hcd
[  880.050613][ T8160] usb 5-1: USB disconnect, device number 92
[  880.298331][ T5975] usb 1-1: device descriptor read/64, error -71
[  880.460903][ T5975] usb usb1-port1: attempt power cycle
[  880.759999][T14220] netlink: 'syz.1.2247': attribute type 13 has an invalid length.
[  880.797862][   T24] usb 3-1: USB disconnect, device number 72
[  881.395710][   T24] usb 3-1: new high-speed USB device number 73 using dummy_hcd
[  881.607397][   T24] usb 3-1: New USB device found, idVendor=0bed, idProduct=1100, bcdDevice=ec.c3
[  881.658748][   T24] usb 3-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  881.678773][T14233] hfs: unable to load iocharset "io#harset"
[  881.783049][T14220] A link change request failed with some changes committed already. Interface caif0 may have been left with an inconsistent configuration, please check.
[  881.799007][   T24] usb 3-1: config 0 descriptor??
[  881.816996][   T24] cp210x 3-1:0.0: cp210x converter detected
[  882.019745][   T24] cp210x 3-1:0.0: failed to get vendor val 0x370b size 1: -71
[  882.035645][   T24] cp210x 3-1:0.0: querying part number failed
[  882.068137][   T24] usb 3-1: cp210x converter now attached to ttyUSB0
[  882.092520][   T24] usb 3-1: USB disconnect, device number 73
[  882.134517][   T24] cp210x ttyUSB0: cp210x converter now disconnected from ttyUSB0
[  882.171928][   T24] cp210x 3-1:0.0: device disconnected
[  882.569023][T14258] netlink: 'syz.1.2258': attribute type 10 has an invalid length.
[  882.577141][T14258] bridge0: port 2(bridge_slave_1) entered disabled state
[  882.584826][T14258] bridge0: port 1(
) entered disabled state
[  882.596090][T14258] bridge0: port 2(bridge_slave_1) entered blocking state
[  882.603250][T14258] bridge0: port 2(bridge_slave_1) entered forwarding state
[  882.610760][T14258] bridge0: port 1(
) entered blocking state
[  882.616811][T14258] bridge0: port 1(
) entered forwarding state
[  882.627225][T14258] bond0: (slave bridge0): Enslaving as an active interface with an up link
[  882.742214][T14261] netlink: 'syz.1.2260': attribute type 10 has an invalid length.
[  882.809124][T14261] bond0: (slave wlan1): Enslaving as an active interface with an up link
[  883.035504][ T5975] usb 3-1: new high-speed USB device number 74 using dummy_hcd
[  883.205772][ T5975] usb 3-1: Using ep0 maxpacket: 16
[  883.234433][ T5975] usb 3-1: config 1 has an invalid descriptor of length 0, skipping remainder of the config
[  883.261375][ T5975] usb 3-1: config 1 has 1 interface, different from the descriptor's value: 3
[  883.280868][ T5975] usb 3-1: New USB device found, idVendor=1d6b, idProduct=0101, bcdDevice= 0.40
[  883.297778][ T5975] usb 3-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  883.315785][ T5975] usb 3-1: Product: syz
[  883.320016][ T5975] usb 3-1: Manufacturer: syz
[  883.324736][ T5975] usb 3-1: SerialNumber: syz
[  883.743544][ T5975] usb 3-1: USB disconnect, device number 74
[  883.842108][T14281] IPVS: length: 129 != 8
[  888.640746][T14319] netlink: 12 bytes leftover after parsing attributes in process `syz.2.2275'.
[  888.833616][T14311] netlink: 'syz.0.2272': attribute type 1 has an invalid length.
[  888.842157][T14311] netlink: 'syz.0.2272': attribute type 2 has an invalid length.
[  888.854428][T14311] netlink: 4 bytes leftover after parsing attributes in process `syz.0.2272'.
[  890.759689][T14343] netlink: 8 bytes leftover after parsing attributes in process `syz.1.2283'.
[  890.790515][T14343] netlink: 4 bytes leftover after parsing attributes in process `syz.1.2283'.
[  893.013614][T14365] netlink: 12 bytes leftover after parsing attributes in process `syz.2.2288'.
[  894.865034][T14379] input: syz1 as /devices/virtual/input/input33
[  897.030580][T14399] netlink: 4 bytes leftover after parsing attributes in process `syz.4.2299'.
[  897.395490][T14407] afs: Unknown parameter 'floc{'
[  898.054638][T14217] usb 3-1: new low-speed USB device number 75 using dummy_hcd
[  898.232545][T14217] usb 3-1: Invalid ep0 maxpacket: 64
[  898.395871][T14217] usb 3-1: new low-speed USB device number 76 using dummy_hcd
[  898.575535][T14217] usb 3-1: Invalid ep0 maxpacket: 64
[  898.962074][T14423] netlink: 12 bytes leftover after parsing attributes in process `syz.4.2303'.
[  899.037861][T14217] usb usb3-port1: attempt power cycle
[  899.642834][T14217] usb 3-1: new low-speed USB device number 77 using dummy_hcd
[  900.154010][T14217] usb 3-1: device descriptor read/8, error -71
[  900.749101][T14446] 9pnet_virtio: no channels available for device 127.0.0.1
[  902.780379][T14471] netlink: 12 bytes leftover after parsing attributes in process `syz.0.2319'.
[  903.286491][T14473] netlink: 'syz.3.2320': attribute type 2 has an invalid length.
[  903.751441][T14491] netlink: 'syz.3.2327': attribute type 10 has an invalid length.
[  903.759970][T14491] bridge0: port 2(bridge_slave_1) entered disabled state
[  903.767213][T14491] bridge0: port 1(bridge_slave_0) entered disabled state
[  903.777874][T14491] bridge0: port 2(bridge_slave_1) entered blocking state
[  903.785004][T14491] bridge0: port 2(bridge_slave_1) entered forwarding state
[  903.792485][T14491] bridge0: port 1(bridge_slave_0) entered blocking state
[  903.799911][T14491] bridge0: port 1(bridge_slave_0) entered forwarding state
[  903.809642][T14491] bond0: (slave bridge0): Enslaving as an active interface with an up link
[  903.933358][T14498] ./cgroup: Can't lookup blockdev
[  905.067196][T14519] netlink: 4 bytes leftover after parsing attributes in process `syz.4.2335'.
[  905.867670][ T5848] usb 3-1: new high-speed USB device number 79 using dummy_hcd
[  906.067472][ T5848] usb 3-1: Using ep0 maxpacket: 32
[  906.101384][ T5848] usb 3-1: config 1 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7
[  906.135103][ T5848] usb 3-1: config 1 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0
[  906.168755][ T5848] usb 3-1: config 1 interface 0 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 2
[  906.185658][T14526] batadv_slave_0: entered promiscuous mode
[  906.228142][ T5848] usb 3-1: New USB device found, idVendor=05ac, idProduct=020f, bcdDevice= 0.22
[  906.242735][ T5848] usb 3-1: New USB device strings: Mfr=1, Product=130, SerialNumber=131
[  906.265013][ T5848] usb 3-1: Product: syz
[  906.275120][ T5848] usb 3-1: Manufacturer: syz
[  906.283285][ T5848] usb 3-1: SerialNumber: syz
[  906.285912][T14519] batadv_slave_0: left promiscuous mode
[  906.320362][ T5848] input: appletouch as /devices/platform/dummy_hcd.2/usb3/3-1/3-1:1.0/input/input35
[  906.352514][T14538] netlink: 'syz.1.2338': attribute type 2 has an invalid length.
[  906.454927][ T8160] usb 1-1: new low-speed USB device number 90 using dummy_hcd
[  906.631158][ T8160] usb 1-1: unable to get BOS descriptor or descriptor too short
[  906.639431][T14542] netlink: 4 bytes leftover after parsing attributes in process `syz.4.2340'.
[  906.649740][T14542] veth1_macvtap: left promiscuous mode
[  906.686300][ T8160] usb 1-1: config 7 has an invalid interface number: 83 but max is 0
[  906.709221][ T8160] usb 1-1: config 7 has no interface number 0
[  906.722476][ T8160] usb 1-1: config 7 interface 83 altsetting 254 endpoint 0x7 has invalid maxpacket 16, setting to 0
[  906.760524][ T8160] usb 1-1: No eUSB2 isoc ep 7 companion for config 7 interface 83 altsetting 254
[  906.775525][ T8160] usb 1-1: config 7 interface 83 has no altsetting 0
[  906.802015][ T8160] usb 1-1: string descriptor 0 read error: -22
[  906.809834][ T8160] usb 1-1: New USB device found, idVendor=19d2, idProduct=0145, bcdDevice=44.f5
[  906.910930][ T8160] usb 1-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  906.948231][ T8160] option 1-1:7.83: GSM modem (1-port) converter detected
[  907.048322][T14217] usb 3-1: USB disconnect, device number 79
[  907.120866][T14217] appletouch 3-1:1.0: input: appletouch disconnected
[  907.164959][ T8160] usb 1-1: USB disconnect, device number 90
[  907.179360][ T8160] option 1-1:7.83: device disconnected
[  907.381455][T14558] fuse: Bad value for 'fd'
[  907.474458][T14560] netlink: 12 bytes leftover after parsing attributes in process `syz.1.2347'.
[  907.850901][T14568] tmpfs: Bad value for 'mpol'
[  909.263902][T14590] netlink: 'syz.2.2357': attribute type 15 has an invalid length.
[  909.285356][T14590] netlink: 24 bytes leftover after parsing attributes in process `syz.2.2357'.
[  909.615764][ T8156] usb 1-1: new high-speed USB device number 91 using dummy_hcd
[  909.790001][ T8156] usb 1-1: Using ep0 maxpacket: 8
[  909.851371][ T8156] usb 1-1: config 168 descriptor has 1 excess byte, ignoring
[  909.948365][ T8156] usb 1-1: config 168 interface 0 altsetting 0 endpoint 0x3 has an invalid bInterval 255, changing to 11
[  909.987309][ T8156] usb 1-1: config 168 interface 0 altsetting 0 has an endpoint descriptor with address 0xFF, changing to 0x8F
[  910.115336][ T8156] usb 1-1: config 168 interface 0 altsetting 0 endpoint 0x8F has an invalid bInterval 0, changing to 7
[  910.135019][ T8156] usb 1-1: config 168 interface 0 altsetting 0 endpoint 0x8F has invalid maxpacket 59391, setting to 1024
[  910.226272][ T8156] usb 1-1: config 168 descriptor has 1 excess byte, ignoring
[  910.264395][ T8156] usb 1-1: config 168 interface 0 altsetting 0 endpoint 0x3 has an invalid bInterval 255, changing to 11
[  910.455357][ T8156] usb 1-1: config 168 interface 0 altsetting 0 has an endpoint descriptor with address 0xFF, changing to 0x8F
[  910.475415][ T8156] usb 1-1: config 168 interface 0 altsetting 0 endpoint 0x8F has an invalid bInterval 0, changing to 7
[  910.486949][ T8156] usb 1-1: config 168 interface 0 altsetting 0 endpoint 0x8F has invalid maxpacket 59391, setting to 1024
[  910.500160][ T8156] usb 1-1: config 168 descriptor has 1 excess byte, ignoring
[  910.507837][ T8156] usb 1-1: config 168 interface 0 altsetting 0 endpoint 0x3 has an invalid bInterval 255, changing to 11
[  910.528823][ T8156] usb 1-1: config 168 interface 0 altsetting 0 has an endpoint descriptor with address 0xFF, changing to 0x8F
[  910.543575][ T8156] usb 1-1: config 168 interface 0 altsetting 0 endpoint 0x8F has an invalid bInterval 0, changing to 7
[  910.558440][ T8156] usb 1-1: config 168 interface 0 altsetting 0 endpoint 0x8F has invalid maxpacket 59391, setting to 1024
[  910.574483][ T8156] usb 1-1: string descriptor 0 read error: -22
[  910.584630][ T8156] usb 1-1: New USB device found, idVendor=0a07, idProduct=0064, bcdDevice=40.6e
[  910.595136][ T8156] usb 1-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  910.623753][ T8156] adutux 1-1:168.0: ADU100  now attached to /dev/usb/adutux0
[  910.721133][T14610] iommufd_mock iommufd_mock0: Adding to iommu group 0
[  910.822271][ T8156] usb 1-1: USB disconnect, device number 91
[  914.209254][T14667] FAULT_INJECTION: forcing a failure.
[  914.209254][T14667] name fail_usercopy, interval 1, probability 0, space 0, times 0
[  914.265454][T14667] CPU: 0 UID: 0 PID: 14667 Comm: syz.0.2379 Not tainted 6.16.0-syzkaller #0 PREEMPT(full) 
[  914.265487][T14667] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 07/12/2025
[  914.265501][T14667] Call Trace:
[  914.265511][T14667]  <TASK>
[  914.265521][T14667]  dump_stack_lvl+0x189/0x250
[  914.265562][T14667]  ? __pfx____ratelimit+0x10/0x10
[  914.265594][T14667]  ? __pfx_dump_stack_lvl+0x10/0x10
[  914.265619][T14667]  ? __pfx__printk+0x10/0x10
[  914.265648][T14667]  ? __might_fault+0xb0/0x130
[  914.265683][T14667]  should_fail_ex+0x414/0x560
[  914.265712][T14667]  copy_fpstate_to_sigframe+0xa8d/0xce0
[  914.265750][T14667]  ? copy_fpstate_to_sigframe+0x181/0xce0
[  914.265790][T14667]  ? __pfx_copy_fpstate_to_sigframe+0x10/0x10
[  914.265839][T14667]  ? __lock_acquire+0xab9/0xd20
[  914.265868][T14667]  ? fpu__alloc_mathframe+0xad/0x130
[  914.265901][T14667]  get_sigframe+0x58d/0x7d0
[  914.265939][T14667]  ? __pfx_get_sigframe+0x10/0x10
[  914.265984][T14667]  x64_setup_rt_frame+0x15c/0xd40
[  914.266021][T14667]  ? lockdep_hardirqs_on+0x9c/0x150
[  914.266045][T14667]  ? _raw_spin_unlock_irq+0x2e/0x50
[  914.266062][T14667]  ? get_signal+0x1122/0x1310
[  914.266092][T14667]  ? __pfx_x64_setup_rt_frame+0x10/0x10
[  914.266137][T14667]  arch_do_signal_or_restart+0x3dc/0x750
[  914.266178][T14667]  ? __pfx_arch_do_signal_or_restart+0x10/0x10
[  914.266226][T14667]  ? exit_to_user_mode_loop+0x40/0x110
[  914.266251][T14667]  exit_to_user_mode_loop+0x75/0x110
[  914.266274][T14667]  do_syscall_64+0x2bd/0x3b0
[  914.266298][T14667]  ? lockdep_hardirqs_on+0x9c/0x150
[  914.266321][T14667]  ? entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  914.266344][T14667]  ? clear_bhb_loop+0x60/0xb0
[  914.266371][T14667]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  914.266394][T14667] RIP: 0033:0x7f025718ebe7
[  914.266414][T14667] Code: ff ff ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 <0f> 05 48 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89
[  914.266433][T14667] RSP: 002b:00007f0257fd2038 EFLAGS: 00000246 ORIG_RAX: 0000000000000000
[  914.266457][T14667] RAX: 0000000000000000 RBX: 00007f02573b5fa0 RCX: 00007f025718ebe9
[  914.266473][T14667] RDX: 0000000000000023 RSI: 0000200000000000 RDI: 0000000000000004
[  914.266487][T14667] RBP: 00007f0257fd2090 R08: 0000000000000000 R09: 0000000000000000
[  914.266501][T14667] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[  914.266514][T14667] R13: 00007f02573b6038 R14: 00007f02573b5fa0 R15: 00007ffdb7fa5058
[  914.266549][T14667]  </TASK>
[  917.323033][T14712] netlink: 'syz.4.2392': attribute type 4 has an invalid length.
[  917.694328][T14723] netlink: 212388 bytes leftover after parsing attributes in process `syz.4.2396'.
[  917.741692][T14723] netlink: get zone limit has 8 unknown bytes
[  918.615936][T14732] netlink: 16 bytes leftover after parsing attributes in process `syz.3.2398'.
[  919.824218][T10325] Bluetooth: hci2: unknown advertising packet type: 0x70
[  920.235948][T14217] usb 5-1: new low-speed USB device number 93 using dummy_hcd
[  920.565013][T14743] netlink: 'syz.0.2400': attribute type 2 has an invalid length.
[  921.300759][T14217] usb 5-1: device descriptor read/all, error -71
[  922.503990][ T8156] usb 1-1: new high-speed USB device number 93 using dummy_hcd
[  922.557842][T14766] netlink: 4 bytes leftover after parsing attributes in process `syz.1.2408'.
[  923.651008][ T8156] usb 1-1: config 1 has an invalid descriptor of length 0, skipping remainder of the config
[  923.668455][ T8156] usb 1-1: config 1 has 1 interface, different from the descriptor's value: 3
[  923.700328][ T8156] usb 1-1: New USB device found, idVendor=08b7, idProduct=0000, bcdDevice= 0.00
[  923.709647][ T8156] usb 1-1: New USB device strings: Mfr=0, Product=0, SerialNumber=3
[  923.735316][ T8156] usb 1-1: SerialNumber: syz
[  924.779112][ T8156] usb 1-1: 0:2 : does not exist
[  925.788494][T14784] netlink: 128 bytes leftover after parsing attributes in process `syz.1.2413'.
[  925.826551][ T8156] usb 1-1: USB disconnect, device number 93
[  926.595873][T14789] loop9: detected capacity change from 0 to 7
[  926.602619][T14789] buffer_io_error: 4 callbacks suppressed
[  926.602636][T14789] Buffer I/O error on dev loop9, logical block 0, async page read
[  926.609645][T14217] usb 3-1: new high-speed USB device number 80 using dummy_hcd
[  926.616728][T14789] Buffer I/O error on dev loop9, logical block 0, async page read
[  926.632123][T14789] Buffer I/O error on dev loop9, logical block 0, async page read
[  926.640145][T14789] Buffer I/O error on dev loop9, logical block 0, async page read
[  926.649051][T14789] Buffer I/O error on dev loop9, logical block 0, async page read
[  926.657119][T14789] Buffer I/O error on dev loop9, logical block 0, async page read
[  926.665060][T14789] Buffer I/O error on dev loop9, logical block 0, async page read
[  926.673021][T14789] ldm_validate_partition_table(): Disk read failed.
[  926.679763][T14789] Buffer I/O error on dev loop9, logical block 0, async page read
[  926.687797][T14789] Buffer I/O error on dev loop9, logical block 0, async page read
[  926.695803][T14789] Buffer I/O error on dev loop9, logical block 0, async page read
[  926.703893][T14789] Dev loop9: unable to read RDB block 0
[  926.709843][T14789]  loop9: unable to read partition table
[  926.715839][T14789] loop9: partition table beyond EOD, truncated
[  926.722041][T14789] loop_reread_partitions: partition scan of loop9 (�被x������ڬ��dG�����ݡ�����
[  926.722041][T14789] 
) failed (rc=-5)
[  927.115202][T14791] netlink: 'syz.3.2416': attribute type 2 has an invalid length.
[  930.832342][T14824] binder: 14812:14824 ioctl 4018620d 0 returned -22
[  931.116735][T14827] loop9: detected capacity change from 0 to 7
[  931.124178][T14827] ldm_validate_partition_table(): Disk read failed.
[  931.131375][T14827] Dev loop9: unable to read RDB block 0
[  931.137379][T14827]  loop9: unable to read partition table
[  931.143248][T14827] loop9: partition table beyond EOD, truncated
[  931.149502][T14827] loop_reread_partitions: partition scan of loop9 (�被x������ڬ��dG�����ݡ�����
[  931.149502][T14827] 
) failed (rc=-5)
[  932.417668][T14828] netlink: 128 bytes leftover after parsing attributes in process `syz.3.2428'.
[  932.903915][T14840] netlink: 'syz.2.2430': attribute type 10 has an invalid length.
[  932.914307][T14841] netlink: 48 bytes leftover after parsing attributes in process `syz.3.2431'.
[  932.984061][T14841] netlink: 48 bytes leftover after parsing attributes in process `syz.3.2431'.
[  933.233782][T14840] team0: Port device wlan1 added
[  933.507154][T14849] FAULT_INJECTION: forcing a failure.
[  933.507154][T14849] name fail_usercopy, interval 1, probability 0, space 0, times 0
[  933.559982][T14849] CPU: 1 UID: 0 PID: 14849 Comm: syz.0.2434 Not tainted 6.16.0-syzkaller #0 PREEMPT(full) 
[  933.560019][T14849] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 07/12/2025
[  933.560033][T14849] Call Trace:
[  933.560041][T14849]  <TASK>
[  933.560051][T14849]  dump_stack_lvl+0x189/0x250
[  933.560088][T14849]  ? __pfx____ratelimit+0x10/0x10
[  933.560112][T14849]  ? __pfx_dump_stack_lvl+0x10/0x10
[  933.560137][T14849]  ? __pfx__printk+0x10/0x10
[  933.560181][T14849]  should_fail_ex+0x414/0x560
[  933.560211][T14849]  _copy_from_user+0x2d/0xb0
[  933.560243][T14849]  ___bpf_copy_key+0xa5/0x110
[  933.560267][T14849]  map_update_elem+0x200/0x750
[  933.560306][T14849]  ? bpf_lsm_bpf+0x9/0x20
[  933.560338][T14849]  __sys_bpf+0x6a9/0x860
[  933.560373][T14849]  ? __pfx___sys_bpf+0x10/0x10
[  933.560421][T14849]  ? ksys_write+0x22a/0x250
[  933.560445][T14849]  ? __pfx_ksys_write+0x10/0x10
[  933.560463][T14849]  ? rcu_is_watching+0x15/0xb0
[  933.560497][T14849]  __x64_sys_bpf+0x7c/0x90
[  933.560528][T14849]  do_syscall_64+0xfa/0x3b0
[  933.560552][T14849]  ? lockdep_hardirqs_on+0x9c/0x150
[  933.560575][T14849]  ? entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  933.560597][T14849]  ? clear_bhb_loop+0x60/0xb0
[  933.560625][T14849]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  933.560646][T14849] RIP: 0033:0x7f025718ebe9
[  933.560666][T14849] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[  933.560685][T14849] RSP: 002b:00007f0257fd2038 EFLAGS: 00000246 ORIG_RAX: 0000000000000141
[  933.560708][T14849] RAX: ffffffffffffffda RBX: 00007f02573b5fa0 RCX: 00007f025718ebe9
[  933.560725][T14849] RDX: 0000000000000020 RSI: 0000200000000380 RDI: 0000000000000002
[  933.560739][T14849] RBP: 00007f0257fd2090 R08: 0000000000000000 R09: 0000000000000000
[  933.560753][T14849] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[  933.560766][T14849] R13: 00007f02573b6038 R14: 00007f02573b5fa0 R15: 00007ffdb7fa5058
[  933.560802][T14849]  </TASK>
[  934.235522][T14217] usb 1-1: new high-speed USB device number 94 using dummy_hcd
[  934.519643][T14217] usb 1-1: Using ep0 maxpacket: 8
[  934.681889][T14217] usb 1-1: New USB device found, idVendor=0763, idProduct=2081, bcdDevice=d0.ab
[  934.707703][T14217] usb 1-1: New USB device strings: Mfr=1, Product=228, SerialNumber=2
[  934.728175][T14217] usb 1-1: Product: syz
[  934.738713][T14217] usb 1-1: Manufacturer: syz
[  934.747721][T14217] usb 1-1: SerialNumber: syz
[  934.762313][T14217] usb 1-1: config 0 descriptor??
[  935.810545][T14869] netlink: 128 bytes leftover after parsing attributes in process `syz.3.2441'.
[  936.215414][T14188] Bluetooth: hci4: command 0x0c1a tx timeout
[  936.510688][T14217] usb 1-1: USB disconnect, device number 94
[  936.840403][ T1303] ieee802154 phy0 wpan0: encryption failed: -22
[  936.847796][ T1303] ieee802154 phy1 wpan1: encryption failed: -22
[  939.316429][   T30] audit: type=1800 audit(1755629727.164:263): pid=14885 uid=0 auid=4294967295 ses=4294967295 subj=_ op=collect_data cause=failed comm="syz.4.2444" name="SYSV00000000" dev="tmpfs" ino=0 res=0 errno=0
[  939.350460][T14884] netlink: 16 bytes leftover after parsing attributes in process `syz.1.2446'.
[  940.505019][T14905] netlink: 128 bytes leftover after parsing attributes in process `syz.3.2453'.
[  946.039788][T14962] netlink: 128 bytes leftover after parsing attributes in process `syz.2.2468'.
[  949.375473][ T8156] usb 1-1: new high-speed USB device number 95 using dummy_hcd
[  950.118223][ T8156] usb 1-1: Using ep0 maxpacket: 32
[  950.717001][T14993] netlink: 16 bytes leftover after parsing attributes in process `syz.1.2477'.
[  951.666837][T14995] netlink: 4 bytes leftover after parsing attributes in process `syz.2.2479'.
[  952.046392][T15003] netlink: 128 bytes leftover after parsing attributes in process `syz.4.2482'.
[  952.812368][T14995] hsr_slave_1 (unregistering): left promiscuous mode
[  954.437659][ T8156] usb 1-1: device descriptor read/all, error -71
[  956.133879][ T5985] usb 5-1: new high-speed USB device number 95 using dummy_hcd
[  956.636335][ T5985] usb 5-1: Using ep0 maxpacket: 16
[  956.696775][ T5985] usb 5-1: New USB device found, idVendor=061d, idProduct=c020, bcdDevice=9c.15
[  956.709611][ T5985] usb 5-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  956.736778][ T5985] usb 5-1: Product: syz
[  956.753941][ T5985] usb 5-1: Manufacturer: syz
[  956.914716][ T5985] usb 5-1: SerialNumber: syz
[  956.929015][ T5985] usb 5-1: config 0 descriptor??
[  956.942258][ T5985] ssu100 5-1:0.0: Quatech SSU-100 USB to Serial Driver converter detected
[  957.517322][T15073] netlink: 20 bytes leftover after parsing attributes in process `syz.0.2502'.
[  957.698099][ T5985] ssu100 5-1:0.0: probe with driver ssu100 failed with error -110
[  959.330967][ T8156] usb 5-1: USB disconnect, device number 95
[  959.450244][T15086] netlink: 'syz.3.2507': attribute type 1 has an invalid length.
[  959.556294][T15090] netlink: 92 bytes leftover after parsing attributes in process `syz.2.2508'.
[  960.156127][T15098] netlink: 16 bytes leftover after parsing attributes in process `syz.4.2506'.
[  960.539385][T15102] ip6gre1: entered allmulticast mode
[  960.556220][T10290] ip6_tunnel: ip6gre1 xmit: Local address not yet configured!
[  961.821014][T15109] CIFS: iocharset name too long
[  962.075362][ T5848] usb 5-1: new high-speed USB device number 96 using dummy_hcd
[  962.183652][T15123] netlink: 1041 bytes leftover after parsing attributes in process `syz.1.2516'.
[  962.225526][ T5848] usb 5-1: device descriptor read/64, error -71
[  962.237907][   T30] audit: type=1326 audit(1755629750.994:264): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=15124 comm="syz.3.2517" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fc460d8ebe9 code=0x7ffc0000
[  962.318509][   T30] audit: type=1326 audit(1755629750.994:265): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=15124 comm="syz.3.2517" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fc460d8ebe9 code=0x7ffc0000
[  962.370771][   T30] audit: type=1326 audit(1755629750.994:266): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=15124 comm="syz.3.2517" exe="/root/syz-executor" sig=0 arch=c000003e syscall=321 compat=0 ip=0x7fc460d8ebe9 code=0x7ffc0000
[  962.415433][   T30] audit: type=1326 audit(1755629750.994:267): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=15124 comm="syz.3.2517" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fc460d8ebe9 code=0x7ffc0000
[  962.465860][   T30] audit: type=1326 audit(1755629750.994:268): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=15124 comm="syz.3.2517" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fc460d8ebe9 code=0x7ffc0000
[  962.505379][   T30] audit: type=1326 audit(1755629750.994:269): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=15124 comm="syz.3.2517" exe="/root/syz-executor" sig=0 arch=c000003e syscall=321 compat=0 ip=0x7fc460d8ebe9 code=0x7ffc0000
[  962.535491][ T5848] usb 5-1: new high-speed USB device number 97 using dummy_hcd
[  962.559193][   T30] audit: type=1326 audit(1755629751.024:270): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=15124 comm="syz.3.2517" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fc460d8ebe9 code=0x7ffc0000
[  962.591923][   T30] audit: type=1326 audit(1755629751.024:271): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=15124 comm="syz.3.2517" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fc460d8ebe9 code=0x7ffc0000
[  962.629080][   T30] audit: type=1326 audit(1755629751.024:272): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=15124 comm="syz.3.2517" exe="/root/syz-executor" sig=0 arch=c000003e syscall=16 compat=0 ip=0x7fc460d8ebe9 code=0x7ffc0000
[  962.654416][   T30] audit: type=1326 audit(1755629751.024:273): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=15124 comm="syz.3.2517" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fc460d8ebe9 code=0x7ffc0000
[  962.685858][ T5848] usb 5-1: device descriptor read/64, error -71
[  962.796539][ T5848] usb usb5-port1: attempt power cycle
[  963.009704][ T8156] usb 1-1: new high-speed USB device number 97 using dummy_hcd
[  963.175402][ T8156] usb 1-1: Using ep0 maxpacket: 8
[  963.188302][ T8156] usb 1-1: config index 0 descriptor too short (expected 301, got 45)
[  963.208135][ T8156] usb 1-1: config 16 interface 0 altsetting 0 endpoint 0x5 has invalid wMaxPacketSize 0
[  963.218274][ T8156] usb 1-1: config 16 interface 0 altsetting 0 bulk endpoint 0x5 has invalid maxpacket 0
[  963.233339][ T8156] usb 1-1: config 16 interface 0 altsetting 0 bulk endpoint 0x8B has invalid maxpacket 32
[  963.255484][ T8156] usb 1-1: config 16 interface 0 altsetting 0 has 2 endpoint descriptors, different from the interface descriptor's value: 3
[  963.273004][ T8156] usb 1-1: New USB device found, idVendor=ee8d, idProduct=db1e, bcdDevice=61.23
[  963.282410][ T8156] usb 1-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  963.285439][ T5848] usb 5-1: new high-speed USB device number 98 using dummy_hcd
[  963.356026][ T5848] usb 5-1: device descriptor read/8, error -71
[  963.507050][ T8156] usb 1-1: GET_CAPABILITIES returned 0
[  963.512801][ T8156] usbtmc 1-1:16.0: can't read capabilities
[  963.596495][ T5848] usb 5-1: new high-speed USB device number 99 using dummy_hcd
[  963.636123][ T5848] usb 5-1: device descriptor read/8, error -71
[  963.647915][ T8156] usb 1-1: USB disconnect, device number 97
[  963.764094][ T5848] usb usb5-port1: unable to enumerate USB device
[  963.792229][T15155] bridge_slave_0: invalid flags given to default FDB implementation
[  965.015449][    C0] ip6_tunnel: ip6gre1 xmit: Local address not yet configured!
[  966.278659][T15182] netlink: 12 bytes leftover after parsing attributes in process `syz.3.2537'.
[  968.352361][T15199] netlink: 16 bytes leftover after parsing attributes in process `syz.1.2542'.
[  968.383147][T14188] Bluetooth: hci4: unknown advertising packet type: 0x70
[  969.278563][T15202] netlink: 16 bytes leftover after parsing attributes in process `syz.3.2543'.
[  969.295500][T15202] netlink: 16 bytes leftover after parsing attributes in process `syz.3.2543'.
[  969.369813][T15204] netlink: 16 bytes leftover after parsing attributes in process `syz.4.2541'.
[  969.397146][T14188] Bluetooth: hci1: unknown advertising packet type: 0x70
[  974.393627][T15247] netlink: 16 bytes leftover after parsing attributes in process `syz.0.2556'.
[  974.439568][T14188] Bluetooth: hci0: unknown advertising packet type: 0x70
[  974.535569][    C0] ip6_tunnel: ip6gre1 xmit: Local address not yet configured!
[  976.282734][T15260] netlink: 'syz.4.2562': attribute type 10 has an invalid length.
[  976.292629][T15260] bridge0: port 3(bond0) entered disabled state
[  976.300456][T15260] bridge0: port 2(bridge_slave_1) entered disabled state
[  976.308164][T15260] bridge0: port 1(bridge_slave_0) entered disabled state
[  976.418239][T15260] bridge0: port 3(bond0) entered blocking state
[  976.424700][T15260] bridge0: port 3(bond0) entered forwarding state
[  976.431526][T15260] bridge0: port 2(bridge_slave_1) entered blocking state
[  976.438854][T15260] bridge0: port 2(bridge_slave_1) entered forwarding state
[  976.445429][T14217] usb 1-1: new high-speed USB device number 98 using dummy_hcd
[  976.446475][T15260] bridge0: port 1(bridge_slave_0) entered blocking state
[  976.460887][T15260] bridge0: port 1(bridge_slave_0) entered forwarding state
[  976.502583][T15260] bridge0: port 3(bond0) entered disabled state
[  976.509148][T15260] bridge0: port 2(bridge_slave_1) entered disabled state
[  976.516497][T15260] bridge0: port 1(bridge_slave_0) entered disabled state
[  977.079923][T14217] usb 1-1: config 0 interface 0 altsetting 251 endpoint 0x9 has invalid wMaxPacketSize 0
[  977.093751][T14217] usb 1-1: config 0 interface 0 has no altsetting 0
[  977.110924][T14217] usb 1-1: New USB device found, idVendor=045e, idProduct=0283, bcdDevice=99.0b
[  977.120773][T14217] usb 1-1: New USB device strings: Mfr=1, Product=228, SerialNumber=2
[  977.135600][T14217] usb 1-1: Product: syz
[  977.146007][T14217] usb 1-1: Manufacturer: syz
[  977.159456][T14217] usb 1-1: SerialNumber: syz
[  977.172678][T14217] usb 1-1: config 0 descriptor??
[  977.201958][T14217] usb 1-1: selecting invalid altsetting 0
[  977.480452][T14217] usb 1-1: USB disconnect, device number 98
[  979.833644][T15300] loop9: detected capacity change from 0 to 7
[  979.840478][T15300] buffer_io_error: 18 callbacks suppressed
[  979.840495][T15300] Buffer I/O error on dev loop9, logical block 0, async page read
[  979.854427][T15300] Buffer I/O error on dev loop9, logical block 0, async page read
[  979.862437][T15300] Buffer I/O error on dev loop9, logical block 0, async page read
[  979.870498][T15300] Buffer I/O error on dev loop9, logical block 0, async page read
[  979.878526][T15300] Buffer I/O error on dev loop9, logical block 0, async page read
[  979.887392][T15300] Buffer I/O error on dev loop9, logical block 0, async page read
[  979.896339][T15300] Buffer I/O error on dev loop9, logical block 0, async page read
[  979.904536][T15300] ldm_validate_partition_table(): Disk read failed.
[  979.911520][T15300] Buffer I/O error on dev loop9, logical block 0, async page read
[  979.925606][T15300] Buffer I/O error on dev loop9, logical block 0, async page read
[  979.934356][T15300] Buffer I/O error on dev loop9, logical block 0, async page read
[  979.942751][T15300] Dev loop9: unable to read RDB block 0
[  979.949670][T15300]  loop9: unable to read partition table
[  979.955942][T15300] loop9: partition table beyond EOD, truncated
[  979.962211][T15300] loop_reread_partitions: partition scan of loop9 (�被x������ڬ��dG�����ݡ�����
[  979.962211][T15300] 
) failed (rc=-5)
[  980.865498][T15302] netlink: 16 bytes leftover after parsing attributes in process `syz.1.2572'.
[  981.486554][T15309] netlink: 'syz.0.2575': attribute type 2 has an invalid length.
[  981.538181][T15311] netlink: 'syz.1.2576': attribute type 10 has an invalid length.
[  981.546392][T15311] bridge0: port 2(bridge_slave_1) entered disabled state
[  981.553554][T15311] bridge0: port 1(
) entered disabled state
[  986.872934][ T8160] usb 5-1: new full-speed USB device number 100 using dummy_hcd
[  987.195030][ T8160] usb 5-1: New USB device found, idVendor=0ccd, idProduct=00b3, bcdDevice=2d.ea
[  987.211255][ T8160] usb 5-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  987.232917][ T8160] usb 5-1: Product: syz
[  987.251186][ T8160] usb 5-1: Manufacturer: syz
[  987.262578][ T8160] usb 5-1: SerialNumber: syz
[  987.342866][T15360] netlink: 16 bytes leftover after parsing attributes in process `syz.3.2586'.
[  987.933775][ T8160] usb 5-1: config 0 descriptor??
[  988.149184][ T8160] usb 5-1: dvb_usb_v2: found a 'TerraTec NOXON DAB Stick' in warm state
[  988.766254][T15370] netlink: 128 bytes leftover after parsing attributes in process `syz.3.2591'.
[  990.511190][ T8160] dvb_usb_rtl28xxu 5-1:0.0: probe with driver dvb_usb_rtl28xxu failed with error -32
[  990.623074][ T8160] usb 5-1: USB disconnect, device number 100
[  992.122280][T15386] syz_tun: entered allmulticast mode
[  992.142443][T15386] syz_tun: left allmulticast mode
[  992.455602][    C0] ip6_tunnel: ip6gre1 xmit: Local address not yet configured!
[  994.171328][T15403] netlink: 16 bytes leftover after parsing attributes in process `syz.0.2601'.
[  995.432270][T15414] netlink: 128 bytes leftover after parsing attributes in process `syz.0.2603'.
[  998.385821][ T1303] ieee802154 phy0 wpan0: encryption failed: -22
[  998.392193][ T1303] ieee802154 phy1 wpan1: encryption failed: -22
[  998.589412][T15450] binder: 15447:15450 unknown command 0
[  998.597979][T15450] binder: 15447:15450 ioctl c0306201 2000000003c0 returned -22
[  998.721914][T15459] 9pnet_virtio: no channels available for device 127.0.0.1
[ 1000.953624][T15460] netlink: 128 bytes leftover after parsing attributes in process `syz.3.2618'.
[ 1001.161263][T15486] netlink: 12 bytes leftover after parsing attributes in process `syz.1.2626'.
[ 1004.869421][ T5848] usb 1-1: new high-speed USB device number 99 using dummy_hcd
[ 1005.193044][ T5848] usb 1-1: config 2 has an invalid interface number: 163 but max is 0
[ 1005.209698][ T5848] usb 1-1: config 2 has no interface number 0
[ 1005.217054][ T5848] usb 1-1: config 2 interface 163 has no altsetting 0
[ 1005.231494][ T5848] usb 1-1: New USB device found, idVendor=05ac, idProduct=8514, bcdDevice=d8.dd
[ 1006.213699][ T5848] usb 1-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[ 1006.245299][ T5848] usb 1-1: Product: syz
[ 1006.249550][ T5848] usb 1-1: Manufacturer: syz
[ 1006.254195][ T5848] usb 1-1: SerialNumber: syz
[ 1006.458510][T15544] ipvlan3: entered promiscuous mode
[ 1006.507296][T15544] netlink: 'syz.1.2643': attribute type 7 has an invalid length.
[ 1006.568166][ T5848] usb 1-1: Found UVC 0.00 device syz (05ac:8514)
[ 1006.603365][ T5848] usb 1-1: No valid video chain found.
[ 1006.609245][T15549] netlink: 'syz.4.2642': attribute type 2 has an invalid length.
[ 1006.627609][T15544] : entered promiscuous mode
[ 1006.636037][ T5848] usb 1-1: USB disconnect, device number 99
[ 1006.746018][T15552] netlink: 8 bytes leftover after parsing attributes in process `syz.3.2644'.
[ 1007.429862][T15565] 9pnet_virtio: no channels available for device 127.0.0.1
[ 1008.373135][T15574] bond0: option active_slave: mode dependency failed, not supported in mode balance-rr(0)
[ 1008.406876][T15579] netlink: 12 bytes leftover after parsing attributes in process `syz.1.2653'.
[ 1009.781812][T15589] netlink: 'syz.2.2656': attribute type 2 has an invalid length.
[ 1009.944686][T15595] loop2: detected capacity change from 0 to 7
[ 1009.953836][T15595] Dev loop2: unable to read RDB block 7
[ 1009.962388][T15595]  loop2: unable to read partition table
[ 1009.978476][T15595] loop2: partition table beyond EOD, truncated
[ 1010.008278][T15595] loop_reread_partitions: partition scan of loop2 (�被x������ ) failed (rc=-5)
[ 1010.237071][T15592] geneve2: entered promiscuous mode
[ 1010.254153][T15592] geneve2: entered allmulticast mode
[ 1010.280385][T15597] netlink: 'syz.3.2655': attribute type 10 has an invalid length.
[ 1011.396889][T15597] bridge0: port 2(bridge_slave_1) entered disabled state
[ 1011.404224][T15597] bridge0: port 1(bridge_slave_0) entered disabled state
[ 1012.361794][T15617] netlink: 12 bytes leftover after parsing attributes in process `syz.2.2665'.
[ 1012.410028][T15615] netlink: 'syz.1.2664': attribute type 10 has an invalid length.
[ 1012.730230][T15623] xt_nat: multiple ranges no longer supported
[ 1012.975565][ T5848] usb 1-1: new high-speed USB device number 100 using dummy_hcd
[ 1013.352186][T15626] fuse: Bad value for 'fd'
[ 1014.219474][ T5848] usb 1-1: config 1 interface 0 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 18
[ 1014.304785][ T5848] usb 1-1: New USB device found, idVendor=0525, idProduct=a4a1, bcdDevice= 0.40
[ 1014.341904][ T5848] usb 1-1: New USB device strings: Mfr=0, Product=0, SerialNumber=1
[ 1014.371594][ T5848] usb 1-1: SerialNumber: syz
[ 1015.506810][ T5848] cdc_ether 1-1:1.0: probe with driver cdc_ether failed with error -22
[ 1015.528837][ T5848] usb 1-1: USB disconnect, device number 100
[ 1016.235900][T15654] netlink: 'syz.0.2673': attribute type 10 has an invalid length.
[ 1016.247163][T15654] bridge0: port 3(netdevsim0) entered disabled state
[ 1016.254591][T15654] bridge0: port 1(bridge_slave_0) entered disabled state
[ 1016.528448][T15654] bridge0: port 3(netdevsim0) entered blocking state
[ 1016.535405][T15654] bridge0: port 3(netdevsim0) entered forwarding state
[ 1016.542906][T15654] bridge0: port 1(bridge_slave_0) entered blocking state
[ 1016.550202][T15654] bridge0: port 1(bridge_slave_0) entered forwarding state
[ 1016.669614][T15662] netlink: 'syz.1.2676': attribute type 10 has an invalid length.
[ 1016.764376][T15654] bond0: (slave bridge0): Enslaving as an active interface with an up link
[ 1016.899702][T10325] Bluetooth: hci5: unexpected cc 0x0c03 length: 249 > 1
[ 1016.909953][T10325] Bluetooth: hci5: unexpected cc 0x1003 length: 249 > 9
[ 1016.927920][T10325] Bluetooth: hci5: unexpected cc 0x1001 length: 249 > 9
[ 1017.001145][T10325] Bluetooth: hci5: unexpected cc 0x0c23 length: 249 > 4
[ 1017.010061][T10325] Bluetooth: hci5: unexpected cc 0x0c38 length: 249 > 2
[ 1017.238646][T15666] lo speed is unknown, defaulting to 1000
[ 1019.105575][T14188] Bluetooth: hci5: command tx timeout
[ 1019.626340][T15666] chnl_net:caif_netlink_parms(): no params data found
[ 1021.175863][T15711] fuse: Bad value for 'rootmode'
[ 1021.182096][T14188] Bluetooth: hci5: command tx timeout
[ 1021.213482][T15666] bridge0: port 1(bridge_slave_0) entered blocking state
[ 1021.231093][T15666] bridge0: port 1(bridge_slave_0) entered disabled state
[ 1021.251394][T15666] bridge_slave_0: entered allmulticast mode
[ 1021.263359][T15666] bridge_slave_0: entered promiscuous mode
[ 1021.307204][T15666] bridge0: port 2(bridge_slave_1) entered blocking state
[ 1021.324710][T15666] bridge0: port 2(bridge_slave_1) entered disabled state
[ 1021.394713][T15666] bridge_slave_1: entered allmulticast mode
[ 1021.443565][T15666] bridge_slave_1: entered promiscuous mode
[ 1022.911229][T12009] usb 5-1: new high-speed USB device number 101 using dummy_hcd
[ 1023.285612][T14188] Bluetooth: hci5: command tx timeout
[ 1023.627821][T15666] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link
[ 1023.638995][T12009] usb 5-1: config 1 interface 0 altsetting 3 bulk endpoint 0x1 has invalid maxpacket 1024
[ 1023.649586][T12009] usb 5-1: config 1 interface 0 altsetting 3 has 2 endpoint descriptors, different from the interface descriptor's value: 1
[ 1023.694769][T15666] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link
[ 1023.765373][T12009] usb 5-1: config 1 interface 0 has no altsetting 0
[ 1023.809115][T12009] usb 5-1: New USB device found, idVendor=0525, idProduct=a4a8, bcdDevice= 0.40
[ 1023.830978][T12009] usb 5-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[ 1023.865113][T12009] usb 5-1: Product: ᐇ
[ 1023.902469][T12009] usb 5-1: Manufacturer: ы
[ 1023.915504][T12009] usb 5-1: SerialNumber: 灷瘚컲鄍콐ʕ瓩Ḵ᳐鲩ۓ㌧蝚㤈缵꿟멙濷꺡８ꄉ艸簔씞⃷垪竢털雄轲쟕錎⮷࣋殖휯⮟锋꽤䓂杘廛╬奉斬ᘾ⾆䋕貔ᒃ덚尰螹鸃㞽睉態圜碝캆翁칹苮畽浉췇褐䜇㽛∇䖓↶ᔶ≅圠단ᵍ奬！࿆꾣䮾ꑤଣ淒
[ 1023.926158][T15666] team0: Port device team_slave_0 added
[ 1024.013992][T15720] raw-gadget.0 gadget.4: fail, usb_ep_enable returned -22
[ 1024.023034][T15720] raw-gadget.0 gadget.4: fail, usb_ep_enable returned -22
[ 1024.037068][T15666] team0: Port device team_slave_1 added
[ 1024.172634][T15739] netlink: 12 bytes leftover after parsing attributes in process `syz.1.2694'.
[ 1024.226313][T15741] netlink: 40 bytes leftover after parsing attributes in process `syz.2.2695'.
[ 1024.243545][T15666] batman_adv: batadv0: Adding interface: batadv_slave_0
[ 1024.261244][T15666] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[ 1024.324271][T15666] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active
[ 1024.377450][T15666] batman_adv: batadv0: Adding interface: batadv_slave_1
[ 1024.402229][T15666] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[ 1024.449111][T15713] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy
[ 1024.465805][T15713] misc raw-gadget: fail, usb_gadget_register_driver returned -16
[ 1024.484099][T15666] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active
[ 1024.547182][T12009] usblp 5-1:1.0: usblp0: USB Unidirectional printer dev 101 if 0 alt 3 proto 1 vid 0x0525 pid 0xA4A8
[ 1024.585496][T12009] usb 5-1: USB disconnect, device number 101
[ 1024.781135][T12009] usblp0: removed
[ 1025.335659][T14188] Bluetooth: hci5: command tx timeout
[ 1025.494346][T15666] hsr_slave_0: entered promiscuous mode
[ 1025.629367][T15666] hsr_slave_1: entered promiscuous mode
[ 1025.635905][T15666] debugfs: Directory 'hsr0' with parent 'hsr' already present!
[ 1025.643510][T15666] Cannot create hsr debugfs directory
[ 1025.769277][T15753] netlink: 36 bytes leftover after parsing attributes in process `syz.2.2700'.
[ 1025.888880][T15761] netlink: 12 bytes leftover after parsing attributes in process `syz.0.2701'.
[ 1027.015538][    C0] ip6_tunnel: ip6gre1 xmit: Local address not yet configured!
[ 1028.020042][T15666] netdevsim netdevsim3 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[ 1029.123614][T15666] netdevsim netdevsim3 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[ 1029.349858][T15666] netdevsim netdevsim3 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[ 1029.600536][T15666] netdevsim netdevsim3 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[ 1029.862622][T15802] fuse: Bad value for 'fd'
[ 1029.890733][T15801] lo speed is unknown, defaulting to 1000
[ 1030.193759][T15809] fuse: Bad value for 'rootmode'
[ 1030.949487][T15816] netlink: 8 bytes leftover after parsing attributes in process `syz.0.2719'.
[ 1031.105833][T15816] fuse: Bad value for 'fd'
[ 1031.587703][T15666] netdevsim netdevsim3 netdevsim0: renamed from eth0
[ 1031.606421][T15666] netdevsim netdevsim3 netdevsim1: renamed from eth1
[ 1031.743533][T15666] netdevsim netdevsim3 netdevsim2: renamed from eth2
[ 1031.761338][T15666] netdevsim netdevsim3 netdevsim3: renamed from eth3
[ 1032.075034][T15666] 8021q: adding VLAN 0 to HW filter on device bond0
[ 1032.156986][T15666] 8021q: adding VLAN 0 to HW filter on device team0
[ 1032.188763][   T49] bridge0: port 1(bridge_slave_0) entered blocking state
[ 1032.196013][   T49] bridge0: port 1(bridge_slave_0) entered forwarding state
[ 1032.438686][ T1108] bridge0: port 2(bridge_slave_1) entered blocking state
[ 1032.445927][ T1108] bridge0: port 2(bridge_slave_1) entered forwarding state
[ 1034.396654][T15666] 8021q: adding VLAN 0 to HW filter on device batadv0
[ 1034.580876][T15867] 9pnet_virtio: no channels available for device 127.0.0.1
[ 1035.667850][T15666] veth0_vlan: entered promiscuous mode
[ 1035.812092][T15666] veth1_vlan: entered promiscuous mode
[ 1036.066777][T15666] veth0_macvtap: entered promiscuous mode
[ 1036.130712][T15666] veth1_macvtap: entered promiscuous mode
[ 1036.229411][T15666] batman_adv: batadv0: Interface activated: batadv_slave_0
[ 1036.272361][T15666] batman_adv: batadv0: Interface activated: batadv_slave_1
[ 1036.317600][T15666] netdevsim netdevsim3 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0
[ 1036.346707][T15666] netdevsim netdevsim3 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0
[ 1036.564682][T15666] netdevsim netdevsim3 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0
[ 1036.574565][T15666] netdevsim netdevsim3 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0
[ 1036.954308][T15889] netlink: 'syz.4.2738': attribute type 10 has an invalid length.
[ 1036.968271][T15890] binder: 15882:15890 ioctl c0306201 0 returned -14
[ 1037.057008][T15889] bridge0: port 3(bond0) entered blocking state
[ 1037.063444][T15889] bridge0: port 3(bond0) entered forwarding state
[ 1037.070329][T15889] bridge0: port 2(bridge_slave_1) entered blocking state
[ 1037.077577][T15889] bridge0: port 2(bridge_slave_1) entered forwarding state
[ 1037.085035][T15889] bridge0: port 1(bridge_slave_0) entered blocking state
[ 1037.092297][T15889] bridge0: port 1(bridge_slave_0) entered forwarding state
[ 1037.110558][T15889] bridge0: port 3(bond0) entered disabled state
[ 1037.117560][T15889] bridge0: port 2(bridge_slave_1) entered disabled state
[ 1037.125984][T15889] bridge0: port 1(bridge_slave_0) entered disabled state
[ 1037.524750][ T1108] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[ 1037.533036][ T1108] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50
[ 1037.667290][ T3535] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[ 1037.676010][ T3535] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50
[ 1039.052670][T15911] 9pnet_virtio: no channels available for device 127.0.0.1
[ 1042.526559][T10325] Bluetooth: hci2: unexpected cc 0x0c03 length: 249 > 1
[ 1042.544174][T10325] Bluetooth: hci2: unexpected cc 0x1003 length: 249 > 9
[ 1042.552598][T10325] Bluetooth: hci2: unexpected cc 0x1001 length: 249 > 9
[ 1042.652762][T10325] Bluetooth: hci2: unexpected cc 0x0c23 length: 249 > 4
[ 1042.666194][T10325] Bluetooth: hci2: unexpected cc 0x0c38 length: 249 > 2
[ 1043.499949][T15945] binder: 15932:15945 ioctl c0306201 0 returned -14
[ 1043.656476][T15940] lo speed is unknown, defaulting to 1000
[ 1044.715324][T14217] usb 1-1: new high-speed USB device number 101 using dummy_hcd
[ 1044.907526][T15953] loop9: detected capacity change from 0 to 7
[ 1045.105671][T14217] usb 1-1: Using ep0 maxpacket: 32
[ 1045.124761][T15953] buffer_io_error: 4 callbacks suppressed
[ 1045.124774][T15953] Buffer I/O error on dev loop9, logical block 0, async page read
[ 1045.157364][T14217] usb 1-1: config 0 has an invalid interface number: 168 but max is 0
[ 1045.578223][T10325] Bluetooth: hci2: command tx timeout
[ 1045.848942][T14217] usb 1-1: config 0 has no interface number 0
[ 1045.855149][T14217] usb 1-1: New USB device found, idVendor=06b9, idProduct=4061, bcdDevice=b0.c6
[ 1045.871630][T14217] usb 1-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[ 1046.064190][T15940] chnl_net:caif_netlink_parms(): no params data found
[ 1046.072317][T15953] Buffer I/O error on dev loop9, logical block 0, async page read
[ 1046.115453][T15953] Buffer I/O error on dev loop9, logical block 0, async page read
[ 1046.181741][T14217] usb 1-1: config 0 descriptor??
[ 1046.201688][T14217] speedtch 1-1:0.168: speedtch_bind: wrong device class 176
[ 1046.214856][T14217] speedtch 1-1:0.168: usbatm_usb_probe: bind failed: -19!
[ 1046.225833][T15953] Buffer I/O error on dev loop9, logical block 0, async page read
[ 1046.234754][T15953] Buffer I/O error on dev loop9, logical block 0, async page read
[ 1046.243326][T15953] Buffer I/O error on dev loop9, logical block 0, async page read
[ 1046.251801][T15953] Buffer I/O error on dev loop9, logical block 0, async page read
[ 1046.262419][T15953] ldm_validate_partition_table(): Disk read failed.
[ 1046.285442][T15953] Buffer I/O error on dev loop9, logical block 0, async page read
[ 1046.293479][T15953] Buffer I/O error on dev loop9, logical block 0, async page read
[ 1046.354516][T15953] Buffer I/O error on dev loop9, logical block 0, async page read
[ 1046.531101][T15953] Dev loop9: unable to read RDB block 0
[ 1046.806600][T15953]  loop9: unable to read partition table
[ 1047.326534][T15953] loop9: partition table beyond EOD, truncated
[ 1047.332865][T15953] loop_reread_partitions: partition scan of loop9 (�被x������ڬ��dG�����ݡ�����
[ 1047.332865][T15953] 
) failed (rc=-5)
[ 1047.435932][   T30] kauditd_printk_skb: 60 callbacks suppressed
[ 1047.435952][   T30] audit: type=1326 audit(1755629836.194:334): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=15984 comm="syz.2.2759" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f342878ebe9 code=0x7ffc0000
[ 1047.546456][   T30] audit: type=1326 audit(1755629836.194:335): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=15984 comm="syz.2.2759" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f342878ebe9 code=0x7ffc0000
[ 1047.702707][   T30] audit: type=1326 audit(1755629836.194:336): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=15984 comm="syz.2.2759" exe="/root/syz-executor" sig=0 arch=c000003e syscall=321 compat=0 ip=0x7f342878ebe9 code=0x7ffc0000
[ 1047.724707][    C1] vkms_vblank_simulate: vblank timer overrun
[ 1047.737034][T15940] bridge0: port 1(bridge_slave_0) entered blocking state
[ 1047.777722][T15940] bridge0: port 1(bridge_slave_0) entered disabled state
[ 1047.785043][T15940] bridge_slave_0: entered allmulticast mode
[ 1047.820669][T15940] bridge_slave_0: entered promiscuous mode
[ 1047.828113][   T30] audit: type=1326 audit(1755629836.194:337): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=15984 comm="syz.2.2759" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f342878ebe9 code=0x7ffc0000
[ 1047.844063][T15940] bridge0: port 2(bridge_slave_1) entered blocking state
[ 1047.890069][T15940] bridge0: port 2(bridge_slave_1) entered disabled state
[ 1047.952009][   T30] audit: type=1326 audit(1755629836.194:338): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=15984 comm="syz.2.2759" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f342878ebe9 code=0x7ffc0000
[ 1047.976024][T15940] bridge_slave_1: entered allmulticast mode
[ 1048.012883][T15940] bridge_slave_1: entered promiscuous mode
[ 1048.015612][ T5985] usb 4-1: new full-speed USB device number 24 using dummy_hcd
[ 1048.054727][   T30] audit: type=1326 audit(1755629836.204:339): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=15984 comm="syz.2.2759" exe="/root/syz-executor" sig=0 arch=c000003e syscall=321 compat=0 ip=0x7f342878ebe9 code=0x7ffc0000
[ 1048.081556][T10325] Bluetooth: hci2: command tx timeout
[ 1048.109223][   T30] audit: type=1326 audit(1755629836.204:340): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=15984 comm="syz.2.2759" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f342878ebe9 code=0x7ffc0000
[ 1048.131209][   T30] audit: type=1326 audit(1755629836.204:341): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=15984 comm="syz.2.2759" exe="/root/syz-executor" sig=0 arch=c000003e syscall=321 compat=0 ip=0x7f342878ebe9 code=0x7ffc0000
[ 1048.156095][   T30] audit: type=1326 audit(1755629836.204:342): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=15984 comm="syz.2.2759" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f342878ebe9 code=0x7ffc0000
[ 1048.179550][   T30] audit: type=1326 audit(1755629836.204:343): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=15984 comm="syz.2.2759" exe="/root/syz-executor" sig=0 arch=c000003e syscall=321 compat=0 ip=0x7f342878ebe9 code=0x7ffc0000
[ 1048.180296][ T5985] usb 4-1: config 131 has an invalid interface number: 242 but max is 0
[ 1048.237915][T15993] fuse: Unknown parameter 'user_id00000000000000000000'
[ 1048.315161][T15940] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link
[ 1048.328306][ T5985] usb 4-1: config 131 has no interface number 0
[ 1048.362365][ T5985] usb 4-1: config 131 interface 242 altsetting 13 endpoint 0x2 has invalid maxpacket 7573, setting to 64
[ 1048.388174][T15940] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link
[ 1048.425023][ T5985] usb 4-1: config 131 interface 242 altsetting 13 endpoint 0xC has invalid wMaxPacketSize 0
[ 1048.603077][ T5985] usb 4-1: config 131 interface 242 has no altsetting 0
[ 1048.612959][ T5985] usb 4-1: New USB device found, idVendor=0bfd, idProduct=010b, bcdDevice=19.10
[ 1048.623483][ T5985] usb 4-1: New USB device strings: Mfr=1, Product=2, SerialNumber=5
[ 1048.632224][ T5985] usb 4-1: Product: syz
[ 1048.636546][ T5985] usb 4-1: Manufacturer: syz
[ 1048.641752][ T5985] usb 4-1: SerialNumber: syz
[ 1048.652397][T15989] raw-gadget.1 gadget.3: fail, usb_ep_enable returned -22
[ 1048.871400][T15940] team0: Port device team_slave_0 added
[ 1049.087482][T15940] team0: Port device team_slave_1 added
[ 1049.898763][T16003] xt_connbytes: Forcing CT accounting to be enabled
[ 1049.906308][T16003] Cannot find set identified by id 0 to match
[ 1050.146256][T10325] Bluetooth: hci2: command tx timeout
[ 1050.597044][T15940] batman_adv: batadv0: Adding interface: batadv_slave_0
[ 1050.604279][T15940] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[ 1050.632221][T15940] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active
[ 1050.817550][T15940] batman_adv: batadv0: Adding interface: batadv_slave_1
[ 1050.824682][T15940] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[ 1050.851358][T15940] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active
[ 1050.873701][ T5848] usb 1-1: USB disconnect, device number 101
[ 1051.800704][ T5985] kvaser_usb 4-1:131.242: error -ENODEV: Cannot get usb endpoint(s)
[ 1051.854399][ T5985] usb 4-1: USB disconnect, device number 24
[ 1051.948826][T16009] exFAT-fs (nullb0): invalid boot record signature
[ 1051.997652][T16009] exFAT-fs (nullb0): failed to read boot sector
[ 1052.003967][T16009] exFAT-fs (nullb0): failed to recognize exfat type
[ 1052.107545][T15940] hsr_slave_0: entered promiscuous mode
[ 1052.139460][T15940] hsr_slave_1: entered promiscuous mode
[ 1052.150261][T15940] debugfs: Directory 'hsr0' with parent 'hsr' already present!
[ 1052.179864][T15940] Cannot create hsr debugfs directory
[ 1052.235465][T10325] Bluetooth: hci2: command tx timeout
[ 1052.497895][T16023] netlink: 128 bytes leftover after parsing attributes in process `syz.3.2769'.
[ 1053.075341][ T8160] usb 1-1: new high-speed USB device number 102 using dummy_hcd
[ 1053.225468][ T8160] usb 1-1: Using ep0 maxpacket: 32
[ 1053.241872][ T8160] usb 1-1: config 1 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7
[ 1053.268702][ T8160] usb 1-1: config 1 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0
[ 1053.327789][ T8160] usb 1-1: config 1 interface 0 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 2
[ 1053.370332][ T8160] usb 1-1: New USB device found, idVendor=05ac, idProduct=020f, bcdDevice= 0.22
[ 1053.380147][ T8160] usb 1-1: New USB device strings: Mfr=1, Product=130, SerialNumber=131
[ 1053.398505][ T8160] usb 1-1: Product: syz
[ 1053.408082][ T8160] usb 1-1: Manufacturer: syz
[ 1053.421648][ T8160] usb 1-1: SerialNumber: syz
[ 1053.447499][T16028] kvm: pic: single mode not supported
[ 1053.447661][T16028] kvm: pic: level sensitive irq not supported
[ 1053.458749][ T8160] input: appletouch as /devices/platform/dummy_hcd.0/usb1/1-1/1-1:1.0/input/input39
[ 1053.600995][T15940] netdevsim netdevsim1 netdevsim3 (unregistering): unset [0, 0] type 1 family 0 port 8472 - 0
[ 1053.632203][T15940] netdevsim netdevsim1 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[ 1054.026088][T15940] netdevsim netdevsim1 netdevsim2 (unregistering): unset [0, 0] type 1 family 0 port 8472 - 0
[ 1054.851768][T15940] netdevsim netdevsim1 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[ 1055.946347][T15940] netdevsim netdevsim1 netdevsim1 (unregistering): unset [0, 0] type 1 family 0 port 8472 - 0
[ 1055.973018][T15940] netdevsim netdevsim1 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[ 1057.110544][T15940] netdevsim netdevsim1 netdevsim0 (unregistering): unset [0, 0] type 1 family 0 port 8472 - 0
[ 1057.165408][T15940] netdevsim netdevsim1 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[ 1057.249329][T14217] usb 1-1: USB disconnect, device number 102
[ 1057.281899][T14217] appletouch 1-1:1.0: input: appletouch disconnected
[ 1057.282959][T16058] fuse: Bad value for 'fd'
[ 1057.485047][T16063] fuse: Bad value for 'fd'
[ 1059.670533][ T1303] ieee802154 phy0 wpan0: encryption failed: -22
[ 1059.677108][ T1303] ieee802154 phy1 wpan1: encryption failed: -22
[ 1060.930843][T15940] netdevsim netdevsim1 netdevsim0: renamed from eth0
[ 1061.100924][T15940] netdevsim netdevsim1 netdevsim1: renamed from eth1
[ 1061.169318][T15940] netdevsim netdevsim1 netdevsim2: renamed from eth2
[ 1061.212235][T15940] netdevsim netdevsim1 netdevsim3: renamed from eth3
[ 1061.590577][T15940] 8021q: adding VLAN 0 to HW filter on device bond0
[ 1061.686388][T15940] 8021q: adding VLAN 0 to HW filter on device team0
[ 1061.742082][T10287] bridge0: port 1(bridge_slave_0) entered blocking state
[ 1061.749383][T10287] bridge0: port 1(bridge_slave_0) entered forwarding state
[ 1061.971370][T10287] bridge0: port 2(bridge_slave_1) entered blocking state
[ 1061.978648][T10287] bridge0: port 2(bridge_slave_1) entered forwarding state
[ 1063.240746][T16093] fuse: Bad value for 'fd'
[ 1063.375430][ T5848] usb 1-1: new high-speed USB device number 103 using dummy_hcd
[ 1063.474188][T16108] fuse: Bad value for 'fd'
[ 1063.591046][ T5848] usb 1-1: config 0 has an invalid interface number: 117 but max is 0
[ 1063.627736][ T5848] usb 1-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config
[ 1063.678991][ T5848] usb 1-1: config 0 has no interface number 0
[ 1064.651230][ T5848] usb 1-1: config 0 interface 117 altsetting 0 endpoint 0x88 has invalid wMaxPacketSize 0
[ 1064.671849][ T5848] usb 1-1: config 0 interface 117 altsetting 0 has 2 endpoint descriptors, different from the interface descriptor's value: 3
[ 1064.855126][T16120] netlink: 12 bytes leftover after parsing attributes in process `syz.3.2791'.
[ 1064.871135][ T5848] usb 1-1: New USB device found, idVendor=0afa, idProduct=03e8, bcdDevice=99.d0
[ 1064.880750][ T5848] usb 1-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[ 1064.889153][ T5848] usb 1-1: Product: syz
[ 1064.893445][ T5848] usb 1-1: Manufacturer: syz
[ 1064.898558][ T5848] usb 1-1: SerialNumber: syz
[ 1064.947628][ T5848] usb 1-1: config 0 descriptor??
[ 1065.454567][ T5848] usbtouchscreen 1-1:0.117: probe with driver usbtouchscreen failed with error -71
[ 1066.045547][ T5848] usb 1-1: USB disconnect, device number 103
[ 1066.264859][T15940] 8021q: adding VLAN 0 to HW filter on device batadv0
[ 1066.309532][T16137] sctp: [Deprecated]: syz.2.2796 (pid 16137) Use of int in max_burst socket option.
[ 1066.309532][T16137] Use struct sctp_assoc_value instead
[ 1067.437934][T15940] veth0_vlan: entered promiscuous mode
[ 1067.471221][T15940] veth1_vlan: entered promiscuous mode
[ 1067.593703][T15940] veth0_macvtap: entered promiscuous mode
[ 1067.622014][T15940] veth1_macvtap: entered promiscuous mode
[ 1067.661046][T15940] batman_adv: batadv0: Interface activated: batadv_slave_0
[ 1067.683490][T15940] batman_adv: batadv0: Interface activated: batadv_slave_1
[ 1067.699763][T15940] netdevsim netdevsim1 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0
[ 1067.724873][T15940] netdevsim netdevsim1 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0
[ 1067.763378][T15940] netdevsim netdevsim1 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0
[ 1067.792233][T15940] netdevsim netdevsim1 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0
[ 1068.646205][T10283] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[ 1068.654105][T10283] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50
[ 1069.399043][T16172] overlayfs: failed to clone lowerpath
[ 1069.406122][ T3548] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[ 1069.455282][ T3548] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50
[ 1069.456788][T16172] overlayfs: failed to clone upperpath
[ 1070.035651][T16178] netlink: 'syz.0.2805': attribute type 10 has an invalid length.
[ 1070.049201][T16178] bridge0: port 3(netdevsim0) entered disabled state
[ 1070.056398][T16178] bridge0: port 1(bridge_slave_0) entered disabled state
[ 1070.542180][T10325] Bluetooth: hci1: unexpected event for opcode 0x09c9
[ 1071.105356][T14217] usb 4-1: new high-speed USB device number 25 using dummy_hcd
[ 1071.735335][T14217] usb 4-1: Using ep0 maxpacket: 32
[ 1071.745808][T14217] usb 4-1: config 1 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7
[ 1071.802366][T14217] usb 4-1: config 1 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0
[ 1072.008518][T14217] usb 4-1: config 1 interface 0 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 2
[ 1072.765494][T14217] usb 4-1: New USB device found, idVendor=05ac, idProduct=020f, bcdDevice= 0.22
[ 1072.801854][T14217] usb 4-1: New USB device strings: Mfr=1, Product=130, SerialNumber=131
[ 1072.824967][T14217] usb 4-1: Product: syz
[ 1072.835634][T14217] usb 4-1: Manufacturer: syz
[ 1072.840324][T14217] usb 4-1: SerialNumber: syz
[ 1072.879059][T14217] input: appletouch as /devices/platform/dummy_hcd.3/usb4/4-1/4-1:1.0/input/input41
[ 1073.835910][T14217] usb 4-1: USB disconnect, device number 25
[ 1073.870764][T16225] netlink: 36 bytes leftover after parsing attributes in process `syz.2.2820'.
[ 1073.902195][T14217] appletouch 4-1:1.0: input: appletouch disconnected
[ 1076.333161][T16247] input: Bluetooth HID Boot Protocol Device as /devices/virtual/bluetooth/hci2/hci2:200/input42
[ 1076.886300][   T30] kauditd_printk_skb: 36 callbacks suppressed
[ 1076.886322][   T30] audit: type=1326 audit(1755629864.568:380): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=16245 comm="syz.3.2828" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f9b6c58ebe9 code=0x7fc00000
[ 1076.914646][   T30] audit: type=1326 audit(1755629864.568:381): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=16245 comm="syz.3.2828" exe="/root/syz-executor" sig=0 arch=c000003e syscall=41 compat=0 ip=0x7f9b6c58ebe9 code=0x7fc00000
[ 1076.955541][   T30] audit: type=1326 audit(1755629864.568:382): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=16245 comm="syz.3.2828" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f9b6c58ebe9 code=0x7fc00000
[ 1076.977957][   T30] audit: type=1326 audit(1755629864.568:383): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=16245 comm="syz.3.2828" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f9b6c58ebe9 code=0x7fc00000
[ 1077.000225][   T30] audit: type=1326 audit(1755629864.568:384): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=16245 comm="syz.3.2828" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f9b6c58ebe9 code=0x7fc00000
[ 1077.022585][   T30] audit: type=1326 audit(1755629864.568:385): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=16245 comm="syz.3.2828" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f9b6c58ebe9 code=0x7fc00000
[ 1077.045068][   T30] audit: type=1326 audit(1755629864.568:386): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=16245 comm="syz.3.2828" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f9b6c58ebe9 code=0x7fc00000
[ 1077.096562][T10283] bridge_slave_1: left allmulticast mode
[ 1077.102816][T10283] bridge_slave_1: left promiscuous mode
[ 1077.127491][T10283] bridge0: port 2(bridge_slave_1) entered disabled state
[ 1077.174937][   T30] audit: type=1326 audit(1755629864.568:387): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=16245 comm="syz.3.2828" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f9b6c58ebe9 code=0x7fc00000
[ 1077.266733][T10283] bridge_slave_0: left allmulticast mode
[ 1077.286819][   T30] audit: type=1326 audit(1755629864.568:388): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=16245 comm="syz.3.2828" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f9b6c58ebe9 code=0x7fc00000
[ 1077.293010][T10283] bridge_slave_0: left promiscuous mode
[ 1077.366073][T10283] bridge0: port 1(bridge_slave_0) entered disabled state
[ 1077.393507][   T30] audit: type=1326 audit(1755629864.568:389): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=16245 comm="syz.3.2828" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f9b6c58ebe9 code=0x7fc00000
[ 1077.525300][ T8159] usb 1-1: new high-speed USB device number 104 using dummy_hcd
[ 1077.718841][ T8159] usb 1-1: config 0 has no interfaces?
[ 1077.746565][ T8159] usb 1-1: New USB device found, idVendor=091e, idProduct=0003, bcdDevice=d7.3b
[ 1077.771900][ T8159] usb 1-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[ 1077.845296][ T8159] usb 1-1: Product: syz
[ 1077.878920][ T8159] usb 1-1: Manufacturer: syz
[ 1077.924001][ T8159] usb 1-1: SerialNumber: syz
[ 1077.962857][ T8159] usb 1-1: config 0 descriptor??
[ 1079.294306][T10283] bond0 (unregistering): (slave bridge0): Releasing backup interface
[ 1080.252454][ T5985] IPVS: starting estimator thread 0...
[ 1080.355358][T16293] IPVS: using max 35 ests per chain, 84000 per kthread
[ 1080.566227][T10283] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface
[ 1080.583028][T10283] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface
[ 1081.367357][T10283] bond0 (unregistering): Released all slaves
[ 1081.825311][T16283] lo speed is unknown, defaulting to 1000
[ 1081.994558][T16286] lo speed is unknown, defaulting to 1000
[ 1082.092776][T10283] : left promiscuous mode
[ 1083.539308][T16310] overlayfs: failed to clone upperpath
[ 1083.575596][T14188] Bluetooth: hci2: command 0x0405 tx timeout
[ 1083.604655][T16310] overlayfs: failed to clone upperpath
[ 1084.271944][T16325] netlink: 16 bytes leftover after parsing attributes in process `syz.2.2845'.
[ 1084.331154][T10325] Bluetooth: hci3: unknown advertising packet type: 0x70
[ 1085.437566][T16317] netlink: 8 bytes leftover after parsing attributes in process `syz.1.2846'.
[ 1085.503524][T16317] netlink: 8 bytes leftover after parsing attributes in process `syz.1.2846'.
[ 1085.521018][T16334] netlink: 8 bytes leftover after parsing attributes in process `syz.4.2848'.
[ 1086.826059][T10283] 
[ 1086.828544][T10283] ======================================================
[ 1086.835580][T10283] WARNING: possible circular locking dependency detected
[ 1086.842606][T10283] 6.16.0-syzkaller #0 Not tainted
[ 1086.847649][T10283] ------------------------------------------------------
[ 1086.854682][T10283] kworker/u8:14/10283 is trying to acquire lock:
[ 1086.861010][T10283] ffff88803424ce00 (team->team_lock_key#4){+.+.}-{4:4}, at: team_del_slave+0x32/0x1c0
[ 1086.870710][T10283] 
[ 1086.870710][T10283] but task is already holding lock:
[ 1086.878081][T10283] ffff88807b880768 (&rdev->wiphy.mtx){+.+.}-{4:4}, at: ieee80211_remove_interfaces+0x133/0x6d0
[ 1086.888457][T10283] 
[ 1086.888457][T10283] which lock already depends on the new lock.
[ 1086.888457][T10283] 
[ 1086.898862][T10283] 
[ 1086.898862][T10283] the existing dependency chain (in reverse order) is:
[ 1086.907879][T10283] 
[ 1086.907879][T10283] -> #1 (&rdev->wiphy.mtx){+.+.}-{4:4}:
[ 1086.915710][T10283]        lock_acquire+0x120/0x360
[ 1086.920831][T10283]        __mutex_lock+0x182/0xe80
[ 1086.925861][T10283]        ieee80211_open+0xed/0x1f0
[ 1086.930976][T10283]        __dev_open+0x470/0x880
[ 1086.935848][T10283]        netif_open+0xaa/0x170
[ 1086.940643][T10283]        dev_open+0x125/0x260
[ 1086.945435][T10283]        team_add_slave+0xb36/0x2840
[ 1086.950757][T10283]        do_set_master+0x530/0x6d0
[ 1086.955886][T10283]        do_setlink+0xcf0/0x41c0
[ 1086.960853][T10283]        rtnl_newlink+0x160b/0x1c70
[ 1086.966067][T10283]        rtnetlink_rcv_msg+0x7cc/0xb70
[ 1086.971538][T10283]        netlink_rcv_skb+0x205/0x470
[ 1086.976837][T10283]        netlink_unicast+0x75c/0x8e0
[ 1086.982222][T10283]        netlink_sendmsg+0x805/0xb30
[ 1086.987524][T10283]        __sock_sendmsg+0x21c/0x270
[ 1086.992828][T10283]        ____sys_sendmsg+0x505/0x830
[ 1086.998131][T10283]        ___sys_sendmsg+0x21f/0x2a0
[ 1087.003348][T10283]        __x64_sys_sendmsg+0x19b/0x260
[ 1087.008825][T10283]        do_syscall_64+0xfa/0x3b0
[ 1087.013884][T10283]        entry_SYSCALL_64_after_hwframe+0x77/0x7f
[ 1087.020331][T10283] 
[ 1087.020331][T10283] -> #0 (team->team_lock_key#4){+.+.}-{4:4}:
[ 1087.028527][T10283]        validate_chain+0xb9b/0x2140
[ 1087.033824][T10283]        __lock_acquire+0xab9/0xd20
[ 1087.039040][T10283]        lock_acquire+0x120/0x360
[ 1087.044173][T10283]        __mutex_lock+0x182/0xe80
[ 1087.049207][T10283]        team_del_slave+0x32/0x1c0
[ 1087.054340][T10283]        team_device_event+0x285/0xa20
[ 1087.059815][T10283]        notifier_call_chain+0x1b3/0x3e0
[ 1087.065466][T10283]        unregister_netdevice_many_notify+0x15d8/0x2320
[ 1087.072415][T10283]        unregister_netdevice_queue+0x33c/0x380
[ 1087.078671][T10283]        _cfg80211_unregister_wdev+0x165/0x590
[ 1087.084846][T10283]        ieee80211_remove_interfaces+0x49a/0x6d0
[ 1087.091186][T10283]        ieee80211_unregister_hw+0x5d/0x2c0
[ 1087.097098][T10283]        mac80211_hwsim_del_radio+0x275/0x460
[ 1087.103444][T10283]        hwsim_exit_net+0x584/0x640
[ 1087.108656][T10283]        ops_undo_list+0x497/0x990
[ 1087.113786][T10283]        cleanup_net+0x4c5/0x800
[ 1087.118739][T10283]        process_scheduled_works+0xade/0x17b0
[ 1087.124818][T10283]        worker_thread+0x8a0/0xda0
[ 1087.129949][T10283]        kthread+0x70e/0x8a0
[ 1087.134556][T10283]        ret_from_fork+0x3fc/0x770
[ 1087.139677][T10283]        ret_from_fork_asm+0x1a/0x30
[ 1087.145105][T10283] 
[ 1087.145105][T10283] other info that might help us debug this:
[ 1087.145105][T10283] 
[ 1087.155428][T10283]  Possible unsafe locking scenario:
[ 1087.155428][T10283] 
[ 1087.162884][T10283]        CPU0                    CPU1
[ 1087.168261][T10283]        ----                    ----
[ 1087.173639][T10283]   lock(&rdev->wiphy.mtx);
[ 1087.178171][T10283]                                lock(team->team_lock_key#4);
[ 1087.185651][T10283]                                lock(&rdev->wiphy.mtx);
[ 1087.192699][T10283]   lock(team->team_lock_key#4);
[ 1087.197657][T10283] 
[ 1087.197657][T10283]  *** DEADLOCK ***
[ 1087.197657][T10283] 
[ 1087.205803][T10283] 5 locks held by kworker/u8:14/10283:
[ 1087.211263][T10283]  #0: ffff88801b2fb948 ((wq_completion)netns){+.+.}-{0:0}, at: process_scheduled_works+0x9b4/0x17b0
[ 1087.222165][T10283]  #1: ffffc90003a4fbc0 (net_cleanup_work){+.+.}-{0:0}, at: process_scheduled_works+0x9ef/0x17b0
[ 1087.232723][T10283]  #2: ffffffff8f4fd310 (pernet_ops_rwsem){++++}-{4:4}, at: cleanup_net+0xf7/0x800
[ 1087.242171][T10283]  #3: ffffffff8f509f08 (rtnl_mutex){+.+.}-{4:4}, at: ieee80211_unregister_hw+0x55/0x2c0
[ 1087.252095][T10283]  #4: ffff88807b880768 (&rdev->wiphy.mtx){+.+.}-{4:4}, at: ieee80211_remove_interfaces+0x133/0x6d0
[ 1087.262994][T10283] 
[ 1087.262994][T10283] stack backtrace:
[ 1087.268898][T10283] CPU: 1 UID: 0 PID: 10283 Comm: kworker/u8:14 Not tainted 6.16.0-syzkaller #0 PREEMPT(full) 
[ 1087.268918][T10283] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 07/12/2025
[ 1087.268931][T10283] Workqueue: netns cleanup_net
[ 1087.268957][T10283] Call Trace:
[ 1087.268963][T10283]  <TASK>
[ 1087.268972][T10283]  dump_stack_lvl+0x189/0x250
[ 1087.268994][T10283]  ? __pfx_dump_stack_lvl+0x10/0x10
[ 1087.269019][T10283]  ? __pfx__printk+0x10/0x10
[ 1087.269041][T10283]  ? print_lock_name+0xde/0x100
[ 1087.269063][T10283]  print_circular_bug+0x2ee/0x310
[ 1087.269085][T10283]  check_noncircular+0x134/0x160
[ 1087.269108][T10283]  validate_chain+0xb9b/0x2140
[ 1087.269130][T10283]  ? lockdep_hardirqs_on+0x9c/0x150
[ 1087.269153][T10283]  __lock_acquire+0xab9/0xd20
[ 1087.269171][T10283]  ? team_del_slave+0x32/0x1c0
[ 1087.269193][T10283]  lock_acquire+0x120/0x360
[ 1087.269207][T10283]  ? team_del_slave+0x32/0x1c0
[ 1087.269232][T10283]  ? __mutex_trylock_common+0x153/0x260
[ 1087.269255][T10283]  __mutex_lock+0x182/0xe80
[ 1087.269274][T10283]  ? team_del_slave+0x32/0x1c0
[ 1087.269296][T10283]  ? rcu_is_watching+0x15/0xb0
[ 1087.269318][T10283]  ? team_del_slave+0x32/0x1c0
[ 1087.269341][T10283]  ? __pfx___mutex_lock+0x10/0x10
[ 1087.269360][T10283]  ? bond_netdev_event+0xd9/0xe80
[ 1087.269386][T10283]  ? __pfx___mutex_lock+0x10/0x10
[ 1087.269405][T10283]  ? __pfx_bond_netdev_event+0x10/0x10
[ 1087.269433][T10283]  team_del_slave+0x32/0x1c0
[ 1087.269457][T10283]  team_device_event+0x285/0xa20
[ 1087.269474][T10283]  notifier_call_chain+0x1b3/0x3e0
[ 1087.269497][T10283]  unregister_netdevice_many_notify+0x15d8/0x2320
[ 1087.269523][T10283]  ? __pfx_unregister_netdevice_many_notify+0x10/0x10
[ 1087.269544][T10283]  ? __lock_acquire+0xab9/0xd20
[ 1087.269568][T10283]  unregister_netdevice_queue+0x33c/0x380
[ 1087.269588][T10283]  ? __pfx_unregister_netdevice_queue+0x10/0x10
[ 1087.269609][T10283]  _cfg80211_unregister_wdev+0x165/0x590
[ 1087.269635][T10283]  ieee80211_remove_interfaces+0x49a/0x6d0
[ 1087.269655][T10283]  ? __pfx_synchronize_rcu+0x10/0x10
[ 1087.269676][T10283]  ? __pfx_ieee80211_remove_interfaces+0x10/0x10
[ 1087.269695][T10283]  ? rcu_is_watching+0x15/0xb0
[ 1087.269716][T10283]  ieee80211_unregister_hw+0x5d/0x2c0
[ 1087.269744][T10283]  mac80211_hwsim_del_radio+0x275/0x460
[ 1087.269772][T10283]  ? __pfx_mac80211_hwsim_del_radio+0x10/0x10
[ 1087.269801][T10283]  hwsim_exit_net+0x584/0x640
[ 1087.269823][T10283]  ? __pfx_hwsim_exit_net+0x10/0x10
[ 1087.269846][T10283]  ? __ip_vs_dev_cleanup_batch+0x238/0x260
[ 1087.269872][T10283]  ops_undo_list+0x497/0x990
[ 1087.269897][T10283]  ? __pfx_ops_undo_list+0x10/0x10
[ 1087.269925][T10283]  cleanup_net+0x4c5/0x800
[ 1087.269949][T10283]  ? __pfx_cleanup_net+0x10/0x10
[ 1087.269973][T10283]  ? _raw_spin_unlock_irq+0x23/0x50
[ 1087.269987][T10283]  ? process_scheduled_works+0x9ef/0x17b0
[ 1087.270011][T10283]  ? process_scheduled_works+0x9ef/0x17b0
[ 1087.270029][T10283]  process_scheduled_works+0xade/0x17b0
[ 1087.270058][T10283]  ? __pfx_process_scheduled_works+0x10/0x10
[ 1087.270082][T10283]  worker_thread+0x8a0/0xda0
[ 1087.270110][T10283]  kthread+0x70e/0x8a0
[ 1087.270133][T10283]  ? __pfx_worker_thread+0x10/0x10
[ 1087.270150][T10283]  ? __pfx_kthread+0x10/0x10
[ 1087.270172][T10283]  ? _raw_spin_unlock_irq+0x23/0x50
[ 1087.270187][T10283]  ? lockdep_hardirqs_on+0x9c/0x150
[ 1087.270202][T10283]  ? __pfx_kthread+0x10/0x10
[ 1087.270224][T10283]  ret_from_fork+0x3fc/0x770
[ 1087.270241][T10283]  ? __pfx_ret_from_fork+0x10/0x10
[ 1087.270260][T10283]  ? __switch_to_asm+0x39/0x70
[ 1087.270280][T10283]  ? __switch_to_asm+0x33/0x70
[ 1087.270300][T10283]  ? __pfx_kthread+0x10/0x10
[ 1087.270322][T10283]  ret_from_fork_asm+0x1a/0x30
[ 1087.270349][T10283]  </TASK>
[ 1087.835682][T10283] team0: Port device wlan1 removed
[ 1088.139032][ T5985] usb 1-1: USB disconnect, device number 104
[ 1088.177806][T10283] hsr_slave_0: left promiscuous mode
[ 1088.184758][T10283] hsr_slave_1: left promiscuous mode
[ 1088.191100][T10283] batman_adv: batadv0: Interface deactivated: batadv_slave_0
[ 1088.205451][T10283] batman_adv: batadv0: Removing interface: batadv_slave_0
[ 1088.217662][T10283] batman_adv: batadv0: Interface deactivated: batadv_slave_1
[ 1088.225094][T10283] batman_adv: batadv0: Removing interface: batadv_slave_1
[ 1088.240068][T10283] veth1_macvtap: left promiscuous mode
[ 1088.247666][T10283] veth0_macvtap: left promiscuous mode
[ 1088.253361][T10283] veth1_vlan: left promiscuous mode
[ 1088.259202][T10283] veth0_vlan: left promiscuous mode
[ 1088.521732][T10283] team0 (unregistering): Port device team_slave_1 removed
[ 1088.559442][T10283] team0 (unregistering): Port device team_slave_0 removed
[ 1088.755009][ T5985] lo speed is unknown, defaulting to 1000
[ 1088.761712][ T5985] infiniband syz2: ib_query_port failed (-19)
[ 1095.495511][    C0] ip6_tunnel: ip6gre1 xmit: Local address not yet configured!