last executing test programs:

18.057745417s ago: executing program 1 (id=592):
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000040))
socket$nl_generic(0x10, 0x3, 0x10)
r0 = syz_init_net_socket$bt_hci(0x1f, 0x3, 0x1)
bind$bt_hci(r0, 0x0, 0x0)
r1 = openat$sndseq(0xffffffffffffff9c, &(0x7f0000000000), 0x0)
r2 = socket$inet_sctp(0x2, 0x4, 0x84)
getsockopt$inet_sctp_SCTP_PARTIAL_DELIVERY_POINT(0xffffffffffffffff, 0x84, 0x13, &(0x7f00000000c0)={<r3=>0x0, 0x8}, &(0x7f0000000100)=0x8)
setsockopt$inet_sctp_SCTP_RECONFIG_SUPPORTED(r2, 0x84, 0x75, &(0x7f0000000140)={r3, 0x2f0}, 0x8)
ioctl$SNDRV_SEQ_IOCTL_UNSUBSCRIBE_PORT(r1, 0x40505330, &(0x7f0000000040)={{0x5}, {0x3}, 0x10, 0x1, 0x4})
socket$nl_route(0x10, 0x3, 0x0)
ioctl$sock_SIOCGIFINDEX(0xffffffffffffffff, 0x8933, &(0x7f0000000c80)={'lo\x00'})
bpf$PROG_LOAD(0x5, &(0x7f0000002440)={0x6, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback=0x4, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0xd}, 0x94)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
r4 = syz_open_dev$vim2m(&(0x7f0000000080), 0x80, 0x2)
ioctl$vim2m_VIDIOC_S_FMT(r4, 0xc0d05605, &(0x7f0000000140)={0x3, @raw_data="16b7388e4c036433d0c344b8b62b48fbc4840a8c02ea7972680027260c0f022c83942c6edfa8a6a1332033e5447d76c2bc975e9278a0aec9e5d9f53c3d8839ce26c004050037260902c874d79768fa4d1926ab5c0b4868e100940fd9b7a61df4ff9f48abcbb3033e3aaf87ec68c710d2a9c6158552aa1a4f37408e3f502735a724bba8a403b322f971491cdaad8e3986cb53087dff3b4460a35cc96b1093e03b3257516268c37f3880ca9aa92266b85141f50ee12be456a0eb00"})
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0)
sched_setscheduler(0x0, 0x1, &(0x7f0000000480)=0x45)
sched_setaffinity(0x0, 0x8, &(0x7f0000000100)=0x2)
r5 = syz_open_dev$MSR(&(0x7f00000001c0), 0x0, 0x0)
read$msr(r5, &(0x7f0000019680)=""/102392, 0x18ff8)
ioctl$sock_SIOCETHTOOL(0xffffffffffffffff, 0x8946, 0x0)
r6 = socket$inet_tcp(0x2, 0x1, 0x0)
bind$inet(r6, &(0x7f0000000000)={0x2, 0x4e21, @broadcast}, 0x2f)
connect$inet(r6, &(0x7f0000000180)={0x2, 0x4e21, @dev={0xac, 0x14, 0x14, 0x1b}}, 0x10)
sendto$inet(r6, &(0x7f0000000000), 0xffffffffffffff94, 0x0, 0x0, 0x0)
setsockopt$inet_tcp_TCP_CONGESTION(r6, 0x6, 0xd, &(0x7f0000000040)='hybla', 0x5)
recvfrom$inet(r6, &(0x7f0000000080)=""/8, 0xfffffffffffffd0b, 0x720, 0x0, 0xfffffffffffffd25)
socket(0xd, 0x0, 0x3ff)
connect$inet(0xffffffffffffffff, &(0x7f0000000300)={0x2, 0x0, @remote}, 0x10)
geteuid()

16.390815031s ago: executing program 1 (id=599):
socket$nl_route(0x10, 0x3, 0x0)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x1, 0x0)
bpf$BPF_BTF_LOAD(0x12, &(0x7f00000006c0)={&(0x7f0000000500)=ANY=[@ANYBLOB="9feb01001800000000000000fc000000fc000000080000000e0000000000000200000000010000000000000700000000000000000700000d000000000b00000005000000080000000000000009000000030000000a0000000000000101000000000000000b000000030000000c000000020000000d0000000000000e04000000020000001000000004000004070000000e000000020000005d0300000e000000040000000010000006000000040000000700000005000000050000000f0000000300000004000085390100000a00000000000000060000000c00000000000000ff0100000c00000004000000050000000400000002000000050000000d0000000000000a01000000060000000000000c0200000000615f5f76613000"], &(0x7f0000000300)=""/6, 0x11c, 0x6, 0x1, 0x9}, 0x28)
sendmsg$nl_route_sched(0xffffffffffffffff, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000000040)={&(0x7f00000000c0)=@newtaction={0xa4, 0x30, 0x1, 0xfffffffd, 0x0, {}, [{0x90, 0x1, [@m_ct={0x44, 0xf, 0x0, 0x0, {{0x7}, {0x1c, 0x2, 0x0, 0x1, [@TCA_CT_PARMS={0x18, 0x1, {0x9, 0x11e41e7a, 0x20000000, 0x3, 0xf}}]}, {0x4}, {0xc, 0x7, {0x0, 0x1}}, {0xc, 0x8, {0x0, 0x1}}}}, @m_ife={0x48, 0x1, 0x0, 0x0, {{0x8}, {0x20, 0x2, 0x0, 0x1, [@TCA_IFE_PARMS={0xd6, 0x1, {{0x0, 0x9, 0x0, 0x0, 0x16e}, 0x80}}]}, {0x4}, {0xc}, {0xc, 0x8, {0x2, 0x2}}}}]}]}, 0xa4}, 0x1, 0x0, 0x0, 0x804}, 0x0)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000380)=0x34)
r0 = getpid()
sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x10000000000002)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeef, 0x8031, 0xffffffffffffffff, 0x0)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={<r1=>0xffffffffffffffff, <r2=>0xffffffffffffffff})
connect$unix(r1, &(0x7f000057eff8)=@file={0x0, './file0\x00'}, 0x6e)
sendmmsg$unix(r2, &(0x7f0000000000), 0x914, 0x80)
sched_setaffinity(r0, 0x8, &(0x7f0000000240)=0x2)
recvmmsg(r1, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
socket$netlink(0x10, 0x3, 0x15)
bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xb, &(0x7f0000000840)=ANY=[@ANYBLOB="18000000000000000000000000000000180100002020702500000000002020207b1af8ff00000000bfa100000000000007010000f8ffffffb702000008000000b703000000000000850000007100000095"], &(0x7f0000000200)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback=0x1e, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7}, 0x94)
pipe(0x0)
sendmsg$nl_generic(0xffffffffffffffff, &(0x7f0000000040)={0x0, 0x0, &(0x7f0000000180)={&(0x7f00000001c0)=ANY=[@ANYBLOB="200000002c00070165fa00000000000001000000080001800400060004000235daf92a657dce"], 0x20}, 0x1, 0x0, 0x0, 0xc000}, 0xc010)
bind$inet6(0xffffffffffffffff, &(0x7f0000000000)={0xa, 0x8000002}, 0x1c)
sendto$inet6(0xffffffffffffffff, 0x0, 0x0, 0x22004001, &(0x7f0000b63fe4)={0xa, 0x2, 0x0, @loopback}, 0x1c)
r3 = openat$vicodec1(0xffffffffffffff9c, &(0x7f0000000000), 0x2, 0x0)
preadv(r3, &(0x7f00000000c0)=[{&(0x7f0000000040)=""/98, 0x62}], 0x1, 0x0, 0x0)
bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000840)={0x18, 0x3, &(0x7f0000000380)=ANY=[], &(0x7f0000000340)='GPL\x00', 0x6, 0xba, &(0x7f0000000140)=""/186, 0x41000, 0x6f, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x37}, 0x94)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0)
sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x7)
getpid()
r4 = socket$inet_sctp(0x2, 0x5, 0x84)
listen(r4, 0xfffffffa)
sendmsg$inet_sctp(r4, 0x0, 0x20028cc5)

14.238976324s ago: executing program 1 (id=605):
r0 = openat$tun(0xffffffffffffff9c, &(0x7f0000000240), 0x0, 0x0)
ioctl$TUNSETIFF(r0, 0x400454ca, &(0x7f0000000040)={'syzkaller0\x00', 0x7101})
r1 = socket(0x400000000010, 0x3, 0x0)
r2 = socket$unix(0x1, 0x1, 0x0)
ioctl$sock_SIOCGIFINDEX(r2, 0x8933, &(0x7f0000000100)={'syzkaller0\x00', <r3=>0x0})
sendmsg$nl_route_sched(r1, &(0x7f00000012c0)={0x0, 0x0, &(0x7f0000000080)={&(0x7f0000000400)=@newqdisc={0x38, 0x24, 0x4ee4e6a52ff56541, 0x70bd2a, 0xffffffff, {0x0, 0x0, 0x0, r3, {0x0, 0x1}, {0xffff, 0xffff}, {0xc, 0xf}}, [@qdisc_kind_options=@q_fq_codel={{0xd}, {0x4}}]}, 0x38}, 0x1, 0x0, 0x0, 0x8001}, 0x20000c40)
r4 = openat$tun(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0)
close(r4)
socket$inet6_tcp(0xa, 0x1, 0x0)
ioctl$SIOCSIFHWADDR(r4, 0x8914, &(0x7f0000002280)={'syzkaller0\x00', @multicast})
r5 = socket(0x400000000010, 0x3, 0x0)
r6 = socket$unix(0x1, 0x1, 0x0)
ioctl$sock_SIOCGIFINDEX(r6, 0x8933, &(0x7f0000000100)={'syzkaller0\x00', <r7=>0x0})
sendmsg$nl_route_sched(r5, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000200)={&(0x7f0000000580)=@newtfilter={0x24, 0x2c, 0xd3f, 0x30bd2d, 0x25dfdbfd, {0x0, 0x0, 0x0, r7, {0xc, 0xfff3}, {}, {0x8, 0x10}}}, 0x24}, 0x1, 0x0, 0x0, 0x448c0}, 0x8080)
r8 = socket$kcm(0x11, 0x3, 0x0)
sendmsg$kcm(r8, &(0x7f00000000c0)={&(0x7f0000000140)=@xdp={0x2c, 0xdd86, r3, 0x3c}, 0x80, &(0x7f0000000680)=[{&(0x7f0000000540)='\'', 0x1}], 0x1}, 0x4091)

13.991846913s ago: executing program 1 (id=606):
r0 = socket(0x2, 0x2, 0x1)
ioctl$sock_SIOCGIFINDEX(r0, 0x8933, &(0x7f0000000040)={'batadv_slave_1\x00', <r1=>0x0})
bpf$PROG_LOAD_XDP(0x5, &(0x7f0000000600)={0x6, 0x3, &(0x7f00000001c0)=ANY=[@ANYBLOB="18000000040000f10000000d7eaa7e009500000000000000"], &(0x7f0000000040)='GPL\x00', 0x5, 0x0, 0x0, 0x40f00, 0x40, '\x00', r1, 0x25, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0xbcf8}, 0x94)
bpf$PROG_LOAD_XDP(0x5, &(0x7f0000000380)={0x6, 0x3, &(0x7f0000000480)=ANY=[@ANYBLOB="1800000000c5128d4ca0a3e9e9d46c09abeaae00000000000000000000009500000000000000"], &(0x7f0000000300)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x40, '\x00', r1, 0x25, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x2e}, 0x94)
r2 = socket$nl_route(0x10, 0x3, 0x0)
r3 = socket$packet(0x11, 0x2, 0x300)
ioctl$DRM_IOCTL_SET_CLIENT_CAP(0xffffffffffffffff, 0x4010640d, &(0x7f0000000040)={0x1})
ioctl$ifreq_SIOCGIFINDEX_batadv_hard(r3, 0x8933, &(0x7f00000001c0)={'batadv_slave_1\x00'})
sendmsg$nl_route_sched(r2, &(0x7f0000000040)={0x0, 0x0, &(0x7f00000001c0)={&(0x7f00000004c0)=@getchain={0x44, 0x11, 0x200, 0x0, 0x25dfdbfd, {0x0, 0x0, 0x0, r1, {0x4, 0xffff}, {0x9, 0x4}, {0x0, 0xf}}, [{0x8, 0xb, 0xb7a4}, {0x8, 0xb, 0x80000001}, {0x8, 0xb, 0x24}, {0x8, 0xb, 0x8}]}, 0x44}, 0x1, 0x0, 0x0, 0x48080}, 0x0)
openat$comedi(0xffffffffffffff9c, &(0x7f0000000140)='/dev/comedi4\x00', 0x2, 0x0)
epoll_create1(0x60c5450393048824)
syz_usb_connect(0x3, 0x24, &(0x7f0000000140)=ANY=[@ANYBLOB="12010000cc1ef420890b070064ef000000010902120001000000000904"], 0x0)
close(0x3)
syz_open_dev$dvb_demux(&(0x7f00000002c0), 0x1, 0x0)
syz_open_dev$evdev(&(0x7f0000000000), 0x3, 0x822b01)
syz_open_dev$dvb_demux(&(0x7f00000002c0), 0x1, 0x0)
mmap(&(0x7f0000ffc000/0x1000)=nil, 0x1000, 0x4, 0x1010, 0xffffffffffffffff, 0x0)
mkdirat(0xffffffffffffff9c, &(0x7f0000000240)='./file0\x00', 0xc4)
mount$bind(&(0x7f0000000000)='.\x00', &(0x7f0000000300)='./file0/../file0\x00', 0x0, 0x101091, 0x0)
r4 = syz_open_dev$dri(&(0x7f0000000340), 0x0, 0x0)
ioctl$DRM_IOCTL_GET_STATS(r4, 0x80f864ce, 0x0)
mount$bind(0x0, &(0x7f00000005c0)='./file0\x00', 0x0, 0x100000, 0x0)
mount$bind(&(0x7f00000002c0)='./file0/../file0\x00', &(0x7f0000000440)='./file0/file0\x00', 0x0, 0x23e9c9e, 0x0)
mknodat(0xffffffffffffff9c, &(0x7f0000000040)='./file0\x00', 0x21c0, 0x103)
r5 = landlock_create_ruleset(&(0x7f0000000080)={0x8000}, 0x18, 0x0)
prctl$PR_SET_NO_NEW_PRIVS(0x26, 0x1)
landlock_restrict_self(r5, 0x1)
r6 = openat$dir(0xffffffffffffff9c, &(0x7f00000000c0)='./file0\x00', 0x2, 0x0)
ioctl(r6, 0x541b, 0x0)
ioctl(r6, 0x5451, 0x0)

12.548205403s ago: executing program 1 (id=611):
r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000040), 0x161140, 0x0)
r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0)
ioctl$KVM_CREATE_IRQCHIP(r1, 0xae60)
r2 = syz_open_dev$dvb_demux(0x0, 0x0, 0x2000)
ioctl$DVB_DEMUX_DMX_SET_FILTER(r2, 0x403c6f2b, &(0x7f0000001e40)={0x6, {"2ac78e02ff04856afe13be00", "3dfab043e15fad27a639f105b5e9f977", "04fd4a70f3000000000000005f00"}, 0x40004, 0x1})
preadv(r2, &(0x7f0000000480)=[{&(0x7f0000000180)=""/1, 0x1}], 0x1, 0x1, 0xd)
r3 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0)
ioctl$KVM_SET_CPUID(r3, 0x4008ae8a, &(0x7f00000015c0)={0x1, 0x0, [{0x1, 0x9, 0x7, 0x1, 0x8}]})
r4 = socket$vsock_stream(0x28, 0x1, 0x0)
ioctl$sock_SIOCGIFVLAN_GET_VLAN_EGRESS_PRIORITY_CMD(r4, 0x8982, &(0x7f0000000000))
ioctl$KVM_SET_MP_STATE(r3, 0x4004ae99, &(0x7f00000000c0)=0x3)
ioctl$KVM_SET_LAPIC(r3, 0x4400ae8f, &(0x7f0000000880)={"6cdd4237dd245c8404721efdc9c8dc1964125fa96fa42b761c6ec25b2bec0ba4c81036c93a40c8a4d4412a763b00040000000000003c5ca206c047ecee377abaece6b88378e38e06c5fc191f361d264ffa8b46485f02baee1ab6b8154252066178868d1ef4b53606000000000000007c21a984c2b9ca4bbb7a87165c0c1dbc75d7ea4df1000700000000694525952f44500a1f0db509c32cc7ace842c28f37f06e4ea9f1e5f0c6c379f9cc58bf69fcde317fad4825aa1b6a832d4e48cc41bb5a6baa41d614f6c8941bee805954a62d196a4e8d4bf6b21224b57f530d0000c1ff53bf79a1f5c5dc34cf2645cbc11c4562d22db88d0edc5daee171cc04d96d9ec2db07478f347edbd673c1eeda4a5672b1b285c7988c4ec0922c655ff600000000c00dc290d936d93236051fadfb4b95d06c0bda7ce38dabb7cd103fe4d0c9c963cd717a77f8df8d46099b1f580968af6afbbc19db161c6df3e7c9c71bc08a282fc2c142856b5e4caff4c0a4f72445ef10dcd2c569319d6e9bb2058d023f669a64fc7d9684b45b00000000364673dcfa9235eaa92143ce4bb5c5acb290e8976dcac779ff0000f5620000003d4e185afe28a774b99d3890bd37428617de4cdd6f53c419ce31054182fd098af7b7f1b1152c691611f897558d4b755cb783978d9859b0537b05be23dcb5c4ca9317471a40fa4998cca80e961efffb4e1aa25d8a17deef0c8694c4395fc99be3c3fe7aeb8af4929ce7d346ca62b25d48fda5d10146702f78b233b5208752726ed9f0c340d494b92d19cc930bb8a5f8b4da8f4603ac0c3b698384e17a570dc8524823ed15af4ecfabb4b2541d3c114b7bba1c21a845c9cf0d1cc24aba47e30f558b2246ad95ccf7d2f80cc0ab26f08336ea1a33b79cf35b898837016eb211a1734c7af076e15451e33519fc978f66df7df4557c91024a8dc130a28ef5f63ad07b39c8d23b85cf434e065e8a29a80047fe17dee6f6347b4951f97b5703dc78b1ca9d74ea6a9ae12ab367c0de2659cc38d2f33ddd86e0597d33361eada119b5132145fa4525c488c7fffd6ceda6e9a02ebd97ced6b0161f2cc84615ceb8b18883299c636e9e46724a9a0600a8bb02f3e489631d522019a35fe12a33caf9dd8768ddbc02a484c345c3eff254297b1dbb04989c3f9f3c7b3c985c39b1d313018068d3809bac8c657e39f4f692613e28387e955722908dd88b56163be8312ff47c5b6f280472935af74e97a5a8110a4d74496f4c8ec82ddb010100000000000001a047526865c888c9ff36056cc4ad258021e1581d43badaaec6cc5a2ef989de9801fed6d4be2bfcfe656c9c46bffbe9dd03970800000000000000d372bdd6f89dc1ecf63c23d506114d0fba2bd1c69e8f7e3fccdcda85ce975ec1381b1cec6ddaa76e186719d819164300"})
ioctl$KVM_RUN(r3, 0xae80, 0x0)
r5 = socket$rds(0x15, 0x5, 0x0)
writev(r5, &(0x7f00000014c0)=[{&(0x7f00000004c0)="e5", 0x1}], 0x1)
ioctl$AUTOFS_IOC_FAIL(r3, 0x9361, 0xd3)
ioctl$FBIOGETCMAP(0xffffffffffffffff, 0x4604, &(0x7f00000001c0)={0x2, 0x0, 0x0, 0x0, 0x0, 0x0})
r6 = syz_io_uring_setup(0x3bd4, &(0x7f0000000180)={0x0, 0xcc19, 0x130c8, 0x6, 0x30e}, &(0x7f0000000100), &(0x7f0000000200), &(0x7f0000000000))
io_uring_register$IORING_REGISTER_ENABLE_RINGS(r6, 0xc, 0x0, 0x0)
io_uring_enter(r6, 0x2e6f, 0x8555, 0x2, 0x0, 0x0)
write$cgroup_int(0xffffffffffffffff, 0x0, 0x0)

12.217786125s ago: executing program 1 (id=613):
r0 = socket$nl_generic(0x10, 0x3, 0x10)
socketpair$unix(0x1, 0x3, 0x0, &(0x7f0000000080)={<r1=>0xffffffffffffffff, <r2=>0xffffffffffffffff})
connect$unix(r1, &(0x7f000057eff8)=@abs, 0x6e)
sendmmsg$unix(r2, &(0x7f00000bd000), 0x145, 0x0)
recvmmsg(r1, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
socket$nl_netfilter(0x10, 0x3, 0xc)
socket$netlink(0x10, 0x3, 0x14)
symlink(&(0x7f0000000040)='.\x00', &(0x7f0000000100)='./file0\x00')
mount$bind(&(0x7f0000000380)='./file0\x00', &(0x7f0000000200)='./file0\x00', 0x0, 0x2125099, 0x0)
mount$bind(&(0x7f0000000540)='./file0/file0\x00', &(0x7f0000000300)='./file0\x00', 0x0, 0x2125099, 0x0)
sched_setattr(0x0, &(0x7f0000000100)={0x38, 0x5, 0x0, 0x0, 0x0, 0xb49, 0x9, 0x8, 0x0, 0x3}, 0x0)
r3 = syz_io_uring_setup(0xbdc, &(0x7f0000000640)={0x0, 0xec25, 0x400, 0x1, 0x40000333}, &(0x7f00000000c0), &(0x7f00000001c0), &(0x7f0000000000))
syz_emit_ethernet(0x46, &(0x7f0000000440)=ANY=[@ANYBLOB="aaaaaaaaaaaaffffffffffff86dd60f91e2e00107300fc040000000000000000000000000000ff02000000000000000000000000000100000000ff"], 0x0)
socket$alg(0x26, 0x5, 0x0)
r4 = openat$uinput(0xffffffffffffff9c, 0x0, 0x802, 0x0)
ioctl$UI_SET_EVBIT(r4, 0x40045564, 0x3)
write$uinput_user_dev(r4, &(0x7f0000000080)={'syz1\x00', {0x3ff, 0x3, 0x4}, 0x4d, [0x10004, 0x6, 0x9, 0x8a4, 0xfffffffe, 0x2, 0x7fffffff, 0x80000001, 0x4, 0x1, 0xfd, 0x3c6, 0x7, 0x7, 0xf70, 0x3c00, 0xe7, 0x4007, 0x401, 0xbc5e, 0x4, 0x1, 0x8, 0xffff, 0xe, 0xe, 0x10, 0x20000000, 0x15098855, 0x6, 0x2, 0xfffffffb, 0x6, 0xc, 0xfffffff7, 0x4, 0xe79, 0x7, 0x1, 0x1, 0x1, 0x4, 0x401, 0x9, 0xbdc7, 0xb, 0x1, 0x9, 0x3, 0x1, 0x6, 0x2, 0x5, 0x49, 0x5, 0x9, 0x0, 0x1, 0x1000, 0x3, 0x2, 0x6, 0x7ff, 0xb8547353], [0x6, 0xffffffff, 0x4, 0x5, 0x7ffffdff, 0x1, 0x550, 0x6, 0x2, 0xfffffffc, 0x10001, 0xc, 0x36, 0x4, 0x6, 0x1, 0x9, 0x98, 0x8, 0xe56d, 0xa4, 0x9, 0x99d, 0x8, 0x0, 0xd, 0x10001, 0xfffffffe, 0x6e38, 0x8000, 0xa, 0x6, 0x2, 0x0, 0x5, 0x7, 0x4, 0xd, 0x9, 0xfff, 0x4, 0x0, 0x40000040, 0x1, 0x8, 0x5, 0x8, 0x0, 0x34f1, 0x1ff, 0x4, 0x1b2c5a94, 0x0, 0x9, 0x8, 0x0, 0x1, 0x1, 0x7, 0x6, 0xac, 0x2, 0x54, 0xcfb9], [0x5, 0xdb8, 0x9, 0x4, 0x2, 0x200006, 0x5, 0x5, 0x2, 0x80, 0xfffffffd, 0xc8d3, 0x33, 0x9a45, 0x0, 0xee40000, 0x1, 0x1, 0x40004, 0x69d, 0x8, 0xffff, 0x0, 0x0, 0x40000008, 0x2, 0x4, 0x800, 0x7, 0x9, 0x10000, 0x0, 0x1, 0xfffffffe, 0x3, 0x0, 0x4, 0x8c0, 0x9, 0x2, 0x8, 0x7, 0x6, 0x2, 0x81, 0x8, 0x1, 0x55f2, 0xdf46, 0xfffffffd, 0x7f, 0x9, 0x8000, 0x40, 0x3, 0x2, 0xa, 0x6, 0x2, 0xffffff00, 0xda15, 0x82, 0x3, 0x10], [0x0, 0x897, 0x8, 0x246d, 0x6, 0x101, 0x7fffffff, 0xd, 0x7ff, 0x606, 0x5, 0x9, 0x80000001, 0x2, 0xb, 0x2, 0x7, 0x1, 0x7, 0x8, 0x7ff, 0xffffffff, 0x0, 0x2, 0x6, 0x20c, 0xfffffffd, 0xa18, 0x61c8, 0x6, 0x7ff, 0x101, 0xff, 0x7, 0x9, 0x5, 0x7, 0x101, 0x9, 0x3000000, 0x20e, 0x4000006, 0x7, 0xfffffffd, 0x9, 0x1, 0x4, 0x100009, 0x100, 0x8, 0x3c, 0x4, 0x3, 0x3, 0x15, 0x8000, 0x7, 0x81, 0x8, 0x7, 0xfffffffc, 0x4, 0x6, 0xeff]}, 0x45c)
io_uring_register$IORING_REGISTER_CLONE_BUFFERS(r3, 0x1e, &(0x7f0000000040)={r3}, 0x1)
getsockopt$sock_int(0xffffffffffffffff, 0x1, 0x9, 0x0, &(0x7f0000000040))
sendmsg$nl_generic(r0, &(0x7f0000000140)={0x0, 0x0, &(0x7f0000001ac0)={&(0x7f00000003c0)=ANY=[@ANYBLOB="180000002e00010026bdf000fcdbdf1b04000000040010"], 0x18}, 0x1, 0x0, 0x0, 0x4000d}, 0x20000000)
close(0x3)
syz_usb_connect$uac1(0x3, 0xa2, 0x0, 0x0)
r5 = socket$inet6_tcp(0xa, 0x1, 0x0)
bind$inet6(r5, &(0x7f0000000140)={0xa, 0x4e22}, 0x1c)
listen(r5, 0x0)
syz_emit_ethernet(0x4a, &(0x7f0000000000)={@local, @remote, @void, {@ipv6={0x86dd, @tcp={0x0, 0x6, "0a8435", 0x14, 0x6, 0x1, @remote, @local, {[], {{0x0, 0x4e22, 0x41424344, 0x41424344, 0x0, 0x0, 0x5, 0x2}}}}}}}, 0x0)
ioctl$FS_IOC_SETFLAGS(0xffffffffffffffff, 0x40186f40, &(0x7f0000000440)=0x1f)
ioctl$SNDRV_PCM_IOCTL_TTSTAMP(0xffffffffffffffff, 0x40044103, &(0x7f0000000580)=0xa)
syz_emit_ethernet(0x3a, &(0x7f0000000500)={@local, @empty, @void, {@ipv4={0x800, @tcp={{0x6, 0x4, 0x0, 0x0, 0x2c, 0x0, 0x0, 0x0, 0x6, 0x0, @initdev={0xac, 0x1e, 0x0, 0x0}, @local, {[@ra={0x94, 0x4}]}}, {{0x0, 0x4e22, 0x41424344, 0x41424344, 0x0, 0x6, 0x5, 0x2, 0xfffe, 0x0, 0x8000}}}}}}, 0x0)

11.587519145s ago: executing program 32 (id=613):
r0 = socket$nl_generic(0x10, 0x3, 0x10)
socketpair$unix(0x1, 0x3, 0x0, &(0x7f0000000080)={<r1=>0xffffffffffffffff, <r2=>0xffffffffffffffff})
connect$unix(r1, &(0x7f000057eff8)=@abs, 0x6e)
sendmmsg$unix(r2, &(0x7f00000bd000), 0x145, 0x0)
recvmmsg(r1, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
socket$nl_netfilter(0x10, 0x3, 0xc)
socket$netlink(0x10, 0x3, 0x14)
symlink(&(0x7f0000000040)='.\x00', &(0x7f0000000100)='./file0\x00')
mount$bind(&(0x7f0000000380)='./file0\x00', &(0x7f0000000200)='./file0\x00', 0x0, 0x2125099, 0x0)
mount$bind(&(0x7f0000000540)='./file0/file0\x00', &(0x7f0000000300)='./file0\x00', 0x0, 0x2125099, 0x0)
sched_setattr(0x0, &(0x7f0000000100)={0x38, 0x5, 0x0, 0x0, 0x0, 0xb49, 0x9, 0x8, 0x0, 0x3}, 0x0)
r3 = syz_io_uring_setup(0xbdc, &(0x7f0000000640)={0x0, 0xec25, 0x400, 0x1, 0x40000333}, &(0x7f00000000c0), &(0x7f00000001c0), &(0x7f0000000000))
syz_emit_ethernet(0x46, &(0x7f0000000440)=ANY=[@ANYBLOB="aaaaaaaaaaaaffffffffffff86dd60f91e2e00107300fc040000000000000000000000000000ff02000000000000000000000000000100000000ff"], 0x0)
socket$alg(0x26, 0x5, 0x0)
r4 = openat$uinput(0xffffffffffffff9c, 0x0, 0x802, 0x0)
ioctl$UI_SET_EVBIT(r4, 0x40045564, 0x3)
write$uinput_user_dev(r4, &(0x7f0000000080)={'syz1\x00', {0x3ff, 0x3, 0x4}, 0x4d, [0x10004, 0x6, 0x9, 0x8a4, 0xfffffffe, 0x2, 0x7fffffff, 0x80000001, 0x4, 0x1, 0xfd, 0x3c6, 0x7, 0x7, 0xf70, 0x3c00, 0xe7, 0x4007, 0x401, 0xbc5e, 0x4, 0x1, 0x8, 0xffff, 0xe, 0xe, 0x10, 0x20000000, 0x15098855, 0x6, 0x2, 0xfffffffb, 0x6, 0xc, 0xfffffff7, 0x4, 0xe79, 0x7, 0x1, 0x1, 0x1, 0x4, 0x401, 0x9, 0xbdc7, 0xb, 0x1, 0x9, 0x3, 0x1, 0x6, 0x2, 0x5, 0x49, 0x5, 0x9, 0x0, 0x1, 0x1000, 0x3, 0x2, 0x6, 0x7ff, 0xb8547353], [0x6, 0xffffffff, 0x4, 0x5, 0x7ffffdff, 0x1, 0x550, 0x6, 0x2, 0xfffffffc, 0x10001, 0xc, 0x36, 0x4, 0x6, 0x1, 0x9, 0x98, 0x8, 0xe56d, 0xa4, 0x9, 0x99d, 0x8, 0x0, 0xd, 0x10001, 0xfffffffe, 0x6e38, 0x8000, 0xa, 0x6, 0x2, 0x0, 0x5, 0x7, 0x4, 0xd, 0x9, 0xfff, 0x4, 0x0, 0x40000040, 0x1, 0x8, 0x5, 0x8, 0x0, 0x34f1, 0x1ff, 0x4, 0x1b2c5a94, 0x0, 0x9, 0x8, 0x0, 0x1, 0x1, 0x7, 0x6, 0xac, 0x2, 0x54, 0xcfb9], [0x5, 0xdb8, 0x9, 0x4, 0x2, 0x200006, 0x5, 0x5, 0x2, 0x80, 0xfffffffd, 0xc8d3, 0x33, 0x9a45, 0x0, 0xee40000, 0x1, 0x1, 0x40004, 0x69d, 0x8, 0xffff, 0x0, 0x0, 0x40000008, 0x2, 0x4, 0x800, 0x7, 0x9, 0x10000, 0x0, 0x1, 0xfffffffe, 0x3, 0x0, 0x4, 0x8c0, 0x9, 0x2, 0x8, 0x7, 0x6, 0x2, 0x81, 0x8, 0x1, 0x55f2, 0xdf46, 0xfffffffd, 0x7f, 0x9, 0x8000, 0x40, 0x3, 0x2, 0xa, 0x6, 0x2, 0xffffff00, 0xda15, 0x82, 0x3, 0x10], [0x0, 0x897, 0x8, 0x246d, 0x6, 0x101, 0x7fffffff, 0xd, 0x7ff, 0x606, 0x5, 0x9, 0x80000001, 0x2, 0xb, 0x2, 0x7, 0x1, 0x7, 0x8, 0x7ff, 0xffffffff, 0x0, 0x2, 0x6, 0x20c, 0xfffffffd, 0xa18, 0x61c8, 0x6, 0x7ff, 0x101, 0xff, 0x7, 0x9, 0x5, 0x7, 0x101, 0x9, 0x3000000, 0x20e, 0x4000006, 0x7, 0xfffffffd, 0x9, 0x1, 0x4, 0x100009, 0x100, 0x8, 0x3c, 0x4, 0x3, 0x3, 0x15, 0x8000, 0x7, 0x81, 0x8, 0x7, 0xfffffffc, 0x4, 0x6, 0xeff]}, 0x45c)
io_uring_register$IORING_REGISTER_CLONE_BUFFERS(r3, 0x1e, &(0x7f0000000040)={r3}, 0x1)
getsockopt$sock_int(0xffffffffffffffff, 0x1, 0x9, 0x0, &(0x7f0000000040))
sendmsg$nl_generic(r0, &(0x7f0000000140)={0x0, 0x0, &(0x7f0000001ac0)={&(0x7f00000003c0)=ANY=[@ANYBLOB="180000002e00010026bdf000fcdbdf1b04000000040010"], 0x18}, 0x1, 0x0, 0x0, 0x4000d}, 0x20000000)
close(0x3)
syz_usb_connect$uac1(0x3, 0xa2, 0x0, 0x0)
r5 = socket$inet6_tcp(0xa, 0x1, 0x0)
bind$inet6(r5, &(0x7f0000000140)={0xa, 0x4e22}, 0x1c)
listen(r5, 0x0)
syz_emit_ethernet(0x4a, &(0x7f0000000000)={@local, @remote, @void, {@ipv6={0x86dd, @tcp={0x0, 0x6, "0a8435", 0x14, 0x6, 0x1, @remote, @local, {[], {{0x0, 0x4e22, 0x41424344, 0x41424344, 0x0, 0x0, 0x5, 0x2}}}}}}}, 0x0)
ioctl$FS_IOC_SETFLAGS(0xffffffffffffffff, 0x40186f40, &(0x7f0000000440)=0x1f)
ioctl$SNDRV_PCM_IOCTL_TTSTAMP(0xffffffffffffffff, 0x40044103, &(0x7f0000000580)=0xa)
syz_emit_ethernet(0x3a, &(0x7f0000000500)={@local, @empty, @void, {@ipv4={0x800, @tcp={{0x6, 0x4, 0x0, 0x0, 0x2c, 0x0, 0x0, 0x0, 0x6, 0x0, @initdev={0xac, 0x1e, 0x0, 0x0}, @local, {[@ra={0x94, 0x4}]}}, {{0x0, 0x4e22, 0x41424344, 0x41424344, 0x0, 0x6, 0x5, 0x2, 0xfffe, 0x0, 0x8000}}}}}}, 0x0)

7.886856315s ago: executing program 3 (id=621):
r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000040), 0x161140, 0x0)
r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0)
ioctl$KVM_CREATE_IRQCHIP(r1, 0xae60)
r2 = syz_open_dev$dvb_demux(0x0, 0x0, 0x2000)
ioctl$DVB_DEMUX_DMX_SET_FILTER(r2, 0x403c6f2b, &(0x7f0000001e40)={0x6, {"2ac78e02ff04856afe13be00", "3dfab043e15fad27a639f105b5e9f977", "04fd4a70f3000000000000005f00"}, 0x40004, 0x1})
preadv(r2, &(0x7f0000000480)=[{&(0x7f0000000180)=""/1, 0x1}], 0x1, 0x1, 0xd)
r3 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0)
ioctl$KVM_SET_CPUID(r3, 0x4008ae8a, &(0x7f00000015c0)={0x1, 0x0, [{0x1, 0x9, 0x7, 0x1, 0x8}]})
r4 = socket$vsock_stream(0x28, 0x1, 0x0)
ioctl$sock_SIOCGIFVLAN_GET_VLAN_EGRESS_PRIORITY_CMD(r4, 0x8982, &(0x7f0000000000))
ioctl$KVM_SET_MP_STATE(r3, 0x4004ae99, &(0x7f00000000c0)=0x3)
ioctl$KVM_SET_LAPIC(r3, 0x4400ae8f, &(0x7f0000000880)={"6cdd4237dd245c8404721efdc9c8dc1964125fa96fa42b761c6ec25b2bec0ba4c81036c93a40c8a4d4412a763b00040000000000003c5ca206c047ecee377abaece6b88378e38e06c5fc191f361d264ffa8b46485f02baee1ab6b8154252066178868d1ef4b53606000000000000007c21a984c2b9ca4bbb7a87165c0c1dbc75d7ea4df1000700000000694525952f44500a1f0db509c32cc7ace842c28f37f06e4ea9f1e5f0c6c379f9cc58bf69fcde317fad4825aa1b6a832d4e48cc41bb5a6baa41d614f6c8941bee805954a62d196a4e8d4bf6b21224b57f530d0000c1ff53bf79a1f5c5dc34cf2645cbc11c4562d22db88d0edc5daee171cc04d96d9ec2db07478f347edbd673c1eeda4a5672b1b285c7988c4ec0922c655ff600000000c00dc290d936d93236051fadfb4b95d06c0bda7ce38dabb7cd103fe4d0c9c963cd717a77f8df8d46099b1f580968af6afbbc19db161c6df3e7c9c71bc08a282fc2c142856b5e4caff4c0a4f72445ef10dcd2c569319d6e9bb2058d023f669a64fc7d9684b45b00000000364673dcfa9235eaa92143ce4bb5c5acb290e8976dcac779ff0000f5620000003d4e185afe28a774b99d3890bd37428617de4cdd6f53c419ce31054182fd098af7b7f1b1152c691611f897558d4b755cb783978d9859b0537b05be23dcb5c4ca9317471a40fa4998cca80e961efffb4e1aa25d8a17deef0c8694c4395fc99be3c3fe7aeb8af4929ce7d346ca62b25d48fda5d10146702f78b233b5208752726ed9f0c340d494b92d19cc930bb8a5f8b4da8f4603ac0c3b698384e17a570dc8524823ed15af4ecfabb4b2541d3c114b7bba1c21a845c9cf0d1cc24aba47e30f558b2246ad95ccf7d2f80cc0ab26f08336ea1a33b79cf35b898837016eb211a1734c7af076e15451e33519fc978f66df7df4557c91024a8dc130a28ef5f63ad07b39c8d23b85cf434e065e8a29a80047fe17dee6f6347b4951f97b5703dc78b1ca9d74ea6a9ae12ab367c0de2659cc38d2f33ddd86e0597d33361eada119b5132145fa4525c488c7fffd6ceda6e9a02ebd97ced6b0161f2cc84615ceb8b18883299c636e9e46724a9a0600a8bb02f3e489631d522019a35fe12a33caf9dd8768ddbc02a484c345c3eff254297b1dbb04989c3f9f3c7b3c985c39b1d313018068d3809bac8c657e39f4f692613e28387e955722908dd88b56163be8312ff47c5b6f280472935af74e97a5a8110a4d74496f4c8ec82ddb010100000000000001a047526865c888c9ff36056cc4ad258021e1581d43badaaec6cc5a2ef989de9801fed6d4be2bfcfe656c9c46bffbe9dd03970800000000000000d372bdd6f89dc1ecf63c23d506114d0fba2bd1c69e8f7e3fccdcda85ce975ec1381b1cec6ddaa76e186719d819164300"})
ioctl$KVM_RUN(r3, 0xae80, 0x0)
r5 = socket$rds(0x15, 0x5, 0x0)
writev(r5, &(0x7f00000014c0)=[{&(0x7f00000004c0)="e5", 0x1}], 0x1)
ioctl$AUTOFS_IOC_FAIL(r3, 0x9361, 0xd3)
ioctl$FBIOGETCMAP(0xffffffffffffffff, 0x4604, &(0x7f00000001c0)={0x2, 0x0, 0x0, 0x0, 0x0, 0x0})
r6 = syz_io_uring_setup(0x3bd4, &(0x7f0000000180)={0x0, 0xcc19, 0x130c8, 0x6, 0x30e}, &(0x7f0000000100), &(0x7f0000000200), &(0x7f0000000000))
io_uring_register$IORING_REGISTER_ENABLE_RINGS(r6, 0xc, 0x0, 0x0)
io_uring_enter(r6, 0x2e6f, 0x8555, 0x2, 0x0, 0x0)
write$cgroup_int(0xffffffffffffffff, 0x0, 0x0)

6.70837633s ago: executing program 2 (id=624):
r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000040), 0x161140, 0x0)
r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0)
ioctl$KVM_CREATE_IRQCHIP(r1, 0xae60)
r2 = syz_open_dev$dvb_demux(0x0, 0x0, 0x2000)
ioctl$DVB_DEMUX_DMX_SET_FILTER(r2, 0x403c6f2b, &(0x7f0000001e40)={0x6, {"2ac78e02ff04856afe13be00", "3dfab043e15fad27a639f105b5e9f977", "04fd4a70f3000000000000005f00"}, 0x40004, 0x1})
preadv(r2, &(0x7f0000000480)=[{&(0x7f0000000180)=""/1, 0x1}], 0x1, 0x1, 0xd)
r3 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0)
ioctl$KVM_SET_CPUID(r3, 0x4008ae8a, &(0x7f00000015c0)={0x1, 0x0, [{0x1, 0x9, 0x7, 0x1, 0x8}]})
r4 = socket$vsock_stream(0x28, 0x1, 0x0)
ioctl$sock_SIOCGIFVLAN_GET_VLAN_EGRESS_PRIORITY_CMD(r4, 0x8982, &(0x7f0000000000))
ioctl$KVM_SET_MP_STATE(r3, 0x4004ae99, &(0x7f00000000c0)=0x3)
ioctl$KVM_RUN(r3, 0xae80, 0x0)
r5 = socket$rds(0x15, 0x5, 0x0)
writev(r5, &(0x7f00000014c0)=[{&(0x7f00000004c0)="e5", 0x1}], 0x1)
ioctl$AUTOFS_IOC_FAIL(r3, 0x9361, 0xd3)
syz_usb_control_io$lan78xx(0xffffffffffffffff, 0x0, 0x0)
ioctl$FBIOGETCMAP(0xffffffffffffffff, 0x4604, &(0x7f00000001c0)={0x2, 0x0, 0x0, 0x0, 0x0, 0x0})
r6 = syz_io_uring_setup(0x3bd4, &(0x7f0000000180)={0x0, 0xcc19, 0x130c8, 0x6, 0x30e}, &(0x7f0000000100), &(0x7f0000000200), &(0x7f0000000000))
io_uring_register$IORING_REGISTER_RESTRICTIONS(r6, 0xb, &(0x7f0000000b00), 0x0)
io_uring_register$IORING_REGISTER_ENABLE_RINGS(r6, 0xc, 0x0, 0x0)
io_uring_enter(r6, 0x2e6f, 0x8555, 0x2, 0x0, 0x0)
write$cgroup_int(0xffffffffffffffff, 0x0, 0x0)

6.694971233s ago: executing program 0 (id=625):
socket$nl_route(0x10, 0x3, 0x0)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x1, 0x0)
bpf$BPF_BTF_LOAD(0x12, &(0x7f00000006c0)={&(0x7f0000000500)=ANY=[@ANYBLOB="9feb01001800000000000000fc000000fc000000080000000e0000000000000200000000010000000000000700000000000000000700000d000000000b00000005000000080000000000000009000000030000000a0000000000000101000000000000000b000000030000000c000000020000000d0000000000000e04000000020000001000000004000004070000000e000000020000005d0300000e000000040000000010000006000000040000000700000005000000050000000f0000000300000004000085390100000a00000000000000060000000c00000000000000ff0100000c00000004000000050000000400000002000000050000000d0000000000000a01000000060000000000000c0200000000615f5f76613000"], &(0x7f0000000300)=""/6, 0x11c, 0x6, 0x1, 0x9}, 0x28)
sendmsg$nl_route_sched(0xffffffffffffffff, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000000040)={&(0x7f00000000c0)=@newtaction={0xa4, 0x30, 0x1, 0xfffffffd, 0x0, {}, [{0x90, 0x1, [@m_ct={0x44, 0xf, 0x0, 0x0, {{0x7}, {0x1c, 0x2, 0x0, 0x1, [@TCA_CT_PARMS={0x18, 0x1, {0x9, 0x11e41e7a, 0x20000000, 0x3, 0xf}}]}, {0x4}, {0xc, 0x7, {0x0, 0x1}}, {0xc, 0x8, {0x0, 0x1}}}}, @m_ife={0x48, 0x1, 0x0, 0x0, {{0x8}, {0x20, 0x2, 0x0, 0x1, [@TCA_IFE_PARMS={0xd6, 0x1, {{0x0, 0x9, 0x0, 0x0, 0x16e}, 0x80}}]}, {0x4}, {0xc}, {0xc, 0x8, {0x2, 0x2}}}}]}]}, 0xa4}, 0x1, 0x0, 0x0, 0x804}, 0x0)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000380)=0x34)
r0 = getpid()
sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x10000000000002)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeef, 0x8031, 0xffffffffffffffff, 0x0)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={<r1=>0xffffffffffffffff, <r2=>0xffffffffffffffff})
connect$unix(r1, &(0x7f000057eff8)=@file={0x0, './file0\x00'}, 0x6e)
sendmmsg$unix(r2, &(0x7f0000000000), 0x914, 0x80)
sched_setaffinity(r0, 0x8, &(0x7f0000000240)=0x2)
recvmmsg(r1, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
socket$netlink(0x10, 0x3, 0x15)
bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xb, &(0x7f0000000840)=ANY=[@ANYBLOB="18000000000000000000000000000000180100002020702500000000002020207b1af8ff00000000bfa100000000000007010000f8ffffffb702000008000000b703000000000000850000007100000095"], &(0x7f0000000200)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback=0x1e, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7}, 0x94)
pipe(0x0)
r3 = socket$inet6_tcp(0xa, 0x1, 0x0)
sendmsg$nl_generic(0xffffffffffffffff, &(0x7f0000000040)={0x0, 0x0, &(0x7f0000000180)={&(0x7f00000001c0)=ANY=[@ANYBLOB="200000002c00070165fa00000000000001000000080001800400060004000235daf92a657dce"], 0x20}, 0x1, 0x0, 0x0, 0xc000}, 0xc010)
bind$inet6(r3, &(0x7f0000000000)={0xa, 0x8000002}, 0x1c)
sendto$inet6(r3, 0x0, 0x0, 0x22004001, &(0x7f0000b63fe4)={0xa, 0x2, 0x0, @loopback}, 0x1c)
r4 = openat$vicodec1(0xffffffffffffff9c, &(0x7f0000000000), 0x2, 0x0)
preadv(r4, &(0x7f00000000c0)=[{&(0x7f0000000040)=""/98, 0x62}], 0x1, 0x0, 0x0)
bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000840)={0x18, 0x3, &(0x7f0000000380)=ANY=[], &(0x7f0000000340)='GPL\x00', 0x6, 0xba, &(0x7f0000000140)=""/186, 0x41000, 0x6f, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x37}, 0x94)
getpid()
listen(0xffffffffffffffff, 0xfffffffa)
sendmsg$inet_sctp(0xffffffffffffffff, 0x0, 0x20028cc5)

6.587939023s ago: executing program 3 (id=626):
socket$nl_generic(0x10, 0x3, 0x10)
syz_init_net_socket$bt_hci(0x1f, 0x3, 0x1)
r0 = openat$sndseq(0xffffffffffffff9c, &(0x7f0000000000), 0x0)
setsockopt$inet_sctp_SCTP_RECONFIG_SUPPORTED(0xffffffffffffffff, 0x84, 0x75, &(0x7f0000000140)={0x0, 0x2f0}, 0x8)
ioctl$SNDRV_SEQ_IOCTL_UNSUBSCRIBE_PORT(r0, 0x40505330, &(0x7f0000000040)={{0x5}, {0x3}, 0x10, 0x1, 0x4})
socket$nl_route(0x10, 0x3, 0x0)
ioctl$sock_SIOCGIFINDEX(0xffffffffffffffff, 0x8933, &(0x7f0000000c80)={'lo\x00'})
bpf$PROG_LOAD(0x5, &(0x7f0000002440)={0x6, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback=0x4, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0xd}, 0x94)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
r1 = syz_open_dev$vim2m(&(0x7f0000000080), 0x80, 0x2)
ioctl$vim2m_VIDIOC_S_FMT(r1, 0xc0d05605, &(0x7f0000000140)={0x3, @raw_data="16b7388e4c036433d0c344b8b62b48fbc4840a8c02ea7972680027260c0f022c83942c6edfa8a6a1332033e5447d76c2bc975e9278a0aec9e5d9f53c3d8839ce26c004050037260902c874d79768fa4d1926ab5c0b4868e100940fd9b7a61df4ff9f48abcbb3033e3aaf87ec68c710d2a9c6158552aa1a4f37408e3f502735a724bba8a403b322f971491cdaad8e3986cb53087dff3b4460a35cc96b1093e03b3257516268c37f3880ca9aa92266b85141f50ee12be456a0eb00"})
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0)
sched_setscheduler(0x0, 0x1, &(0x7f0000000480)=0x45)
sched_setaffinity(0x0, 0x8, &(0x7f0000000100)=0x2)
r2 = syz_open_dev$MSR(&(0x7f00000001c0), 0x0, 0x0)
read$msr(r2, &(0x7f0000019680)=""/102392, 0x18ff8)
ioctl$sock_SIOCETHTOOL(0xffffffffffffffff, 0x8946, 0x0)
r3 = socket$inet_tcp(0x2, 0x1, 0x0)
bind$inet(r3, &(0x7f0000000000)={0x2, 0x4e21, @broadcast}, 0x2f)
connect$inet(r3, &(0x7f0000000180)={0x2, 0x4e21, @dev={0xac, 0x14, 0x14, 0x1b}}, 0x10)
sendto$inet(r3, &(0x7f0000000000), 0xffffffffffffff94, 0x0, 0x0, 0x0)
setsockopt$inet_tcp_TCP_CONGESTION(r3, 0x6, 0xd, &(0x7f0000000040)='hybla', 0x5)
recvfrom$inet(r3, &(0x7f0000000080)=""/8, 0xfffffffffffffd0b, 0x720, 0x0, 0xfffffffffffffd25)

5.579020099s ago: executing program 3 (id=627):
r0 = openat$audio(0xffffffffffffff9c, &(0x7f0000000140), 0x40000000040201, 0x0)
ioctl$SNDCTL_DSP_SETFRAGMENT(r0, 0xc004500a, &(0x7f0000000080))
socket$inet_udp(0x2, 0x2, 0x0)
r1 = socket$igmp(0x2, 0x3, 0x2)
ioctl$sock_SIOCETHTOOL(r1, 0x8946, &(0x7f00000000c0)={'veth1_to_team\x00', &(0x7f0000000080)=@ethtool_wolinfo={0x6, 0x6, 0x2, "b009e8f300d2"}})
r2 = syz_init_net_socket$bt_hci(0x1f, 0x3, 0x1)
bind$bt_hci(r2, &(0x7f0000000040)={0x1f, 0x0, 0x2}, 0x6)
r3 = bpf$PROG_LOAD(0x5, &(0x7f0000000b40)={0x0, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="18090000000000000000000000000000850000006d0000001801000020696c2500000100002020207b1af8ff00000000bf86a26db800000007010000f8ffffffb702000008000000b703000000000000850000007100000095"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x74, '\x00', 0x0, @fallback=0x4, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
bpf$PROG_LOAD(0x5, &(0x7f0000000a80)={0x1b, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000000000000000005a0000008500000022000000180100002020702500000000002020200100000000000000bfa100000000000007010000f8ffffffb702000008000000b7030000000000008500000073"], 0x0, 0x3, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback=0xb, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, r3, 0x0, 0x0, 0x0, 0x0}, 0x94)
bpf$PROG_LOAD(0x5, &(0x7f0000000840)={0x1b, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000000000000000000000000285000000070000001801000020756c2500000000002020207b1af8ff"], 0x0, 0xcb1f, 0x0, 0x0, 0x100, 0x16, '\x00', 0x0, @fallback=0xe, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
r4 = bpf$PROG_LOAD(0x5, &(0x7f0000000240)={0x16, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f00000005c0)='GPL\x00', 0x0, 0x0, 0x0, 0x41000, 0x8, '\x00', 0x0, @flow_dissector=0x11, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
bpf$BPF_PROG_TEST_RUN(0xa, &(0x7f00000000c0)={r4, 0x2000000, 0xe, 0x0, &(0x7f0000000200)="63eced8e46dc92b18236457ee3c8", 0x0, 0x8001, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x50)
r5 = socket$qrtr(0x2a, 0x2, 0x0)
setsockopt(r2, 0x791, 0xb71000, &(0x7f00000004c0)="1300ab4aa2c3efbd42c2c6401af1e99b688a0ce6d25b0359542ab8b640d5036efb39d30ab79c391f74328735b005d72d630f0ddf", 0x34)
bind$qrtr(r5, &(0x7f0000000000)={0x2a, 0xffffffffffffffff, 0x7ffe}, 0xc)
r6 = socket(0x2a, 0x5, 0x4)
recvmmsg$unix(r6, &(0x7f00000005c0)=[{{&(0x7f0000000180), 0x6e, &(0x7f0000000100)=[{&(0x7f0000000780)=""/134, 0x86}, {&(0x7f0000000300)=""/175, 0xaf}, {&(0x7f00000003c0)=""/144, 0x90}, {&(0x7f0000000200)=""/139}, {&(0x7f0000000640)=""/98}, {&(0x7f00000006c0)=""/92}], 0x2, &(0x7f0000000540), 0x64}}], 0x1, 0x2000, &(0x7f0000000600)={0x0, 0x3938700})
socketpair(0x18, 0x20000000000001, 0x0, &(0x7f00000002c0)={0xffffffffffffffff, <r7=>0xffffffffffffffff})
capset(&(0x7f0000000040)={0x19980330}, &(0x7f0000000080)={0x6, 0x6, 0x2, 0x87, 0xffffffff, 0x2})
ioctl$sock_bt_hci(r2, 0x400448e6, 0x0)
r8 = socket$vsock_stream(0x28, 0x1, 0x0)
bind$vsock_stream(r1, &(0x7f0000000740)={0x28, 0x0, 0xffffffff}, 0x10)
listen(r8, 0x0)
r9 = socket$vsock_stream(0x28, 0x1, 0x0)
bind$vsock_stream(r9, &(0x7f0000000280)={0x28, 0x0, 0xffffd8ee}, 0x10)
connect$vsock_stream(r9, &(0x7f0000000080)={0x28, 0x0, 0x2710}, 0x10)
r10 = socket$nl_sock_diag(0x10, 0x3, 0x4)
sendmsg$SOCK_DIAG_BY_FAMILY(r10, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000140)={&(0x7f0000000a40)=ANY=[@ANYBLOB="2800000014001901000000000000000228"], 0x28}}, 0x0)
ioctl$sock_SIOCETHTOOL(r7, 0x8946, &(0x7f0000000900)={'veth1_vlan\x00', &(0x7f0000000540)=@ethtool_coalesce={0x0, 0xffffffff, 0x7d, 0x5, 0xffffff76, 0x4, 0x0, 0x1, 0x1, 0x0, 0x3, 0x10000b, 0x0, 0x501, 0x5, 0x7, 0x0, 0xfffffbff, 0xe, 0x5, 0xffffffff, 0xffffffff, 0x8}})
write$RDMA_USER_CM_CMD_CREATE_ID(r0, &(0x7f0000000500)={0xa00, 0x18, 0xfa00, {0x100000000000000, 0x0}}, 0xfc36)

5.54286897s ago: executing program 4 (id=614):
r0 = openat$fuse(0xffffffffffffff9c, &(0x7f00000001c0), 0x2, 0x0)
mount$fuse(0x0, &(0x7f0000000100)='./file0\x00', &(0x7f0000000140), 0x0, 0x0)
read$FUSE(r0, &(0x7f000000b0c0)={0x2020, 0x0, <r1=>0x0, 0x0, <r2=>0x0}, 0x2020)
write$FUSE_INIT(r0, &(0x7f0000002280)={0x50, 0x0, r1, {0x7, 0x9, 0x0, 0x110002, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10}}, 0x50)
r3 = socket$nl_generic(0x10, 0x3, 0x10)
sendmsg$nl_generic(r3, &(0x7f0000000100)={0x0, 0x0, &(0x7f0000000040)={&(0x7f0000000800)={0x28, 0x2e, 0x9, 0x70bd27, 0x0, {0x4}, [@typed={0x14, 0x1a, 0x0, 0x0, @ipv6=@ipv4={'\x00', '\xff\xff', @local}}]}, 0x28}, 0x1, 0x0, 0x0, 0x42804}, 0x20000084)
syz_fuse_handle_req(r0, 0x0, 0x0, 0x0)
r4 = syz_usb_connect$hid(0x5, 0x36, &(0x7f00000003c0)=ANY=[@ANYBLOB="1201000000080008d804dd0000000000000109022400010000a008090400fe01030001000921fffffd0122050009058103"], 0x0)
syz_usb_control_io$hid(r4, 0x0, 0x0)
syz_usb_control_io$hid(r4, &(0x7f0000000300)={0x24, 0x0, 0x0, &(0x7f0000000440)=ANY=[@ANYBLOB="0022ff"], 0x0}, 0x0)
r5 = syz_open_dev$I2C(&(0x7f0000000000), 0x2, 0x40402)
ioctl$I2C_SMBUS(r5, 0x720, &(0x7f0000000400)={0x0, 0x6, 0x0, 0x0})
r6 = syz_init_net_socket$bt_hci(0x1f, 0x3, 0x1)
bind$bt_hci(r6, 0x0, 0x0)
sendmsg$NFT_MSG_GETGEN(0xffffffffffffffff, &(0x7f0000000340)={&(0x7f0000000000)={0x10, 0x0, 0x0, 0x1000}, 0xc, 0x0, 0x1, 0x0, 0x0, 0x800}, 0x2000010)
write(r6, &(0x7f0000000040)="2e000000010002", 0x7)
read$FUSE(r0, 0x0, 0x0)
mkdirat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000000)='./cgroup.cpu/syz0\x00', 0x1ff)
r7 = openat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000000), 0x200002, 0x0)
r8 = openat$cgroup_int(r7, &(0x7f00000000c0)='hugetlb.2MB.rsvd.max_usage_in_bytes\x00', 0x2, 0x0)
sendfile(r8, r8, 0x0, 0xc92)
ioctl$XFS_IOC_INUMBERS(0xffffffffffffffff, 0x80405880, &(0x7f0000000200)={{0x7, 0x2, 0x100, 0x7fff, 0xff}, [{0x180000000000000, 0x0, 0x4, 0x40}, {0x1, 0x8, 0xc, 0xe}, {0x7, 0xffffffffffffff7f, 0xc3, 0x3}, {0x6, 0x3, 0x7, 0x3}, {0x2, 0x0, 0x9, 0x1}, {0xf, 0xffffffffffff8477, 0x2, 0x7}]})
syz_fuse_handle_req(r0, &(0x7f0000002380)="d37f438c8ff0a793bb0fd85e80a3add0f8f65f17e46f60227e8b09439e47ae441d91f7c50d52383be1a08cfa58969071ef9251774b2aa82db4b537beb0834e94c9f625097a9fd8ae5d86ccc28ae9a5fbf7a931329d6c0aa28650849abea29afd035f5eb12f8126d5b8c277c8c14f25965396c229226cf8b0c6da769454f1981c1b0a8180b80469005a03d24fee1d6f5543a43d7156a0da6f40f6e4344cdfe5f96f373459fabd8c1fb029f3cbb965f11e04c92468dc54884926996135312816573b5f052907705fb31ed724a8097b4eb9a547bd0a4f9c66421393b19fe59fbc07bc8c6319225509823784428ca5f20741130774b9090811966d1de850ef61c965ba07e2fe52380c4bee79f58db0931b3d0c06cfac96c9e8676eb0e10ddcecb47f17e8c4ea80d3f67a9e04f5edae06ec33863b9fb5edf40c87fbdc5a00936d260eb32c3df5a905d3041a54d0fade7b220027169911111af6142645e771ce84efdff5ef5f3fe5b1efdb67ba83dd9f94008f787ecee2ec9849c34a8699900b3151e799fb1704100f2075cf313f719efba77efdfdf5e37379232785af24729608cf1099a9eeb643813fe492fbd86788f43e231fe0a6f3f0bf302efeaffa32890b1e48818959d7d2aabb83f062e356a81605f55da96df097b11471c46947910bb3e5e40a5a5c92077231d68efaec50b848907d1e37e18d885f5bd95d939ade1852a5e2f516781e1868f0894c8c0872c84d9c80fcfe085ac88e2a8caf63b3444f6d5f63c4582e766f1fb06a204d7b8c266e29bb43e04f42dc241b0f6926ea4b0340f0b3ac232d92677f2ec099b17361d988b72311e5e93d6d93ca3bb711c5fb979684f67f6ba32901b8adb223fea467157c55e8d5540743af46d36e6670fe21254ed91e207044db3424d42a63d780f2269ca3417aeb73632fb93dd42b07eff0f5ed90707423066f834c2881ae5272af5b3c04c6b9cadb8b234d24c5341696960a23f242837d91d6751695e9f07577bb81aea171df43b27c44ca5b815e66f63848403320ffdf2926f500b16e7496b835ae7a09288847cbb232e2e271cd732e38309d41ffb55391dc4a157e0c02505f54430a70a9ac197f5573a0b11722aec13a9adea4d8e0022810ca28414964d40cbcbf9d2704aa82637e13d561c4fed2ed602be375e547a7fa7198e6a75293abb3903d0b8204ba21dd369a79159cdd810162c2a2ee722bf4e43b7679dfb8b4ac9e768fb3d391fc4f1839f2e91f1c62050b8154cafb6dd19a3f8716a5c072725c5dad281281605ac02632d041accf07bed8135f4cab566db7e01c6902be5728fb01cd6b17edb8870e3417897a604ec795c440334b1bf9b6180ac13d13298b80b8f4352b0bb36ac151607d6ebedae06f8a0582ecd3963a6df647c38c64402ab29ed79533efbe311df5c29d9f1928371e99094f3e7d8aa3d277fe0e3471c6746ca5dab72d6ec161e05b46829c7b437cbbfd82e8606153f23205f051002e23a17906056a50a0d402814df2bfc1de9906b2ab651770a482315e06146af144acf0beea22a5a9bc61931d293483d0f3bf04e62e89cce3e3ee781b3340f59f8a026228e6f3cab05f23ea71334eadcaa1068f1b67f1eee3ee1698e92bc68759a3534069de9132ef7d853f4e20dc1cac32b42a995da861ee19c52e8387528db1ff0245807a1fb19c1670bc3c56f44db0333d7568eef79964f00d6d242a3735cf372c844d6cfcd9bd8934f14dbd5cb907108190fb7ed919840429d4da052d95a242e93db7f07c2c1f8f141026e15a767cc9386b31a18ecc82c4603354236446e9c79ad6899049648b4244446dad02225c5837fb8b033ce4db1fb044df7131bc99316434f232b8049701d33235e581341c5bb08208703e4daa83c0d4e1ab73e8c0724d0e9d6be114927acd0b792ab9464dd3b67963ed235243ebbc16e6af057e984fffc2554582cdd6548d9a929a89b39650a12511ea208ea9553703ec994318d50cea6a632724b08b0af3c11a4ca9d95dba675112563fbd166463cde649917402548547d54cede66d711d805060beed06c79be0c682dde2548a899bb121926ac690ecf1220764874c37810abc3c64291fef538f8959ed50a4b9f6058b8c45735fc783f3ec592c022b066583950037fed74e12f0fc8f04db78cae682c706fdc3783a206167336ff9e4707ce741893beec04916626c4ed07db0a73bfa5d786e3f3585e4b7b37f3968f08f8971963fefa07b7311d4bef7b5a5d72d3c40297da80d995d866220e005713d69b5dec9a4481301e9aa6ba8a6bb1f911c1d9f827838edb81348231f3da450c1044c9c722d31a1fadccbbac0d82de32f2a46c0a083ec89e2baf21b2b1655702e7d58b950df5904f76f129d15c93f95550e3b52c72eb79a1e09aa253c35fce97977f881f61acc6268c2596b755f18d1c95be938b390565d780929c4c6ba4c8d417775facfffce5c0bcc1f075913f5477563d06b3583c3bdcc7330bd6d1a8bdcce29f8452668a9f2a613f21d5195ba1a1bf134e80be88ee8fdd994936b1b40a0f2e98723d8bc53aef7b5af884f5fccd3eaf2dda01278be0b26eccd63cf68278e06e59889b8b9327550b615df368d99bd6d19636477c4d592e365b0c8c43a23d434ec3d622184f325d6d1c8b704aeac87359d9c09012deb32db9bc034fbf10b4662d6618b4d849a9546f00ed3265c22807072482b0ea4eacad35e10bded78ddc4e4025c7ba521b709e4923cfa8b6964fff4ef513965c4c71a77447daf08f7ddd10f2319b57c8075046ed4820e135f883fd4358edf30fc9965b16885aeb0f82cef2556f67bd33c44edad1a2e3bafe648f5e3797a62931218a468f637832f7ec481526824ebb8de5c207733c54313add8a24131f6de8eb8ddab462b5ac7693f7b278b38728449c9d595af99ba5b1548fd942b7b8538456a261a3ee3a7d18fb3e6180b6cfc9adc76a1defa797b57bcbcb9cb47fdeb2316fd2d913dd4aa0239638fc5c3d29df965aec2ade1f556ad58c9159c9f1b6e05691f476c5ff73230eb74a891f7b285de923d1cab7cf1fe2c82cc6ebcee9dd0be04bbc4d01b2ba8c2525fc4120ffae3df6bfe44663ee532ceb5a21db4f2204386f84e2f51666af55cda90dba169a9cd1adeadd7c90322af2656c3166fee2dc39b2db56e2e18b6f7a24bb7b0494320d2000d629e93427d224587dedb5c196b1796fec0c526a8a0355951045677733b33cb42ec170f137b934c4c6e141a8f8ebbeb1970797a29225901780f96521939b2edf85b1a456e9f97d02782104583757126159f264d9ed95e801561d63f0ca075543813c732e75deb01e585fb5b7bdbd7311d9f346e512b36e972489988f53f42118bbfefd3a52ff1fb97f47eaab7f8baa8e1f397bf877588c1c898690885273e47c1bdce3f220f80828fb7489283d5529756514842974a55cd95aa5a75a18627897836311486300bde4fec1c312c735e5ba3419028cbeeaef709d97752a12f83650aec7305232f22f90b8718113f06b3cf48cae0b365c456aa17610a78454fb81020c84ab51e27891dfe6e3820bb8c4ce0a5f72c72f2523b10be64a3c05f76e7bcb7b6c9aab9e49bc0c2b6044b66c475988f0a078f53912a9c442a40243da943376c8f75e74eac306c61004f6a88a818e3e992c0ccadf44e48c95472359c79f04462598dd467cc140e665e57b9b98702096750b82f291ee11b80a9064dc4a0c790107ac0aca2166e4a964aeadab9ec1ed1ca686b36ff00f75a3a131c09e3297d0471b689475941d09e09c62d94840a6083b1e8d80c22c9e10f3575cf53fe80702e0ef82f43bb13a1128a4f76a1728da93d86a5c86fe831334442deb1e003c96cc40a65ee721e219c06c01e75176d1035ec855258d3fc565f0d6eb31910c3c4e4450c65755ca563f0d877861df816160dbccce49865e0c6e9dc7cc281481b9f6bb8dee95d6a572421f1b2dc1995e0a3fde00ae6073015ae4176519e586ef434df534667d30ab103b7815f5a992e51004471ecdbbd8d9d464e7c24124a928b5aa925458825024ad03ad526a5b08ba1b30fef04288035749c266612bdd5caf4ed5245f67f5fccaabc6b2d8994c395dc7f8ce00089f4eacefb18e65a2d9d04136cd9172ce5aedad596d11fdd4b599f7f544f92a398042821b7c1e6ffdf053a35f95f9997791bbf6a0ecbc69531d14b2fd6b18dce4267816ef2fc135b24d76be1b59e35fd76796e9fd92dcb38c08968d9be724eb8a22575e7a7e2649f2a27fb3fac57f6aa53917ae27cd8efc4b6469de6155c3b9654a70ca7fa318682d1fbbf7e3e9f85f3fdf91f96eba538c899f3aebb79fa0ff96f122859061c2aca2a2fbac5640807cc7dec2a5f37a84cfe69af9775a703281d271a38ce08adcfe26ad3df7d0a1065393791dcb526634ceb5c33061fd83b4e1c72fa175585e0f839c9651002896fc7a6ced33919105de91d17083c8f6985e24ffd0fb35dd558af58cab9003e1fb7f87075704396ff677ae7a99725ac2c50c3a9edb15cce24de9a734f81f5187099b2ec316c6cf536c628445799bfc13803c6e94fa844de4b294b6f9b7f96ecf666c1088eee0997dc3d925e45fe9157ff86699e68ad786e973468de54ca6c9156c2e30541e97fb7b845ec2acdbfab05a03009de8260b444c48c0e64940a441d56446b33c698631f480dbcd6f8726e4c287c262bbb6de251c930e717797af777283e0575e8e1304af50cdc493f429dcbfa518e592550e980bf4516ff177a725c59ed0f8d9384bf9bbfe024560062eaf58bc6dd4ad29d71a39f02e00f6ca44ea68b9019387add513c767693d5535e46b3ff697aaeaeffe8e85b86ae877586fd706fbdcc492208c1b61556b80af1f80b018391a4d42e030d89e57c8c8c323c23805551954bcfeffb2c08f9043f24db22a9285f9edb6c66e1091b9dd8e51a228dac137df945491c53014a79b3e033305b1678d7664afc79bd04b0c397c0fb4a12fe3116b24e4d42830e3fb611b337f449c1e0e9667b09690b37789e45cc3007f4a56539c782fa41cbc30f8b213f36e03a1bcee413ae9b4706561c5c68e0ad645423eb5e799ca52a0cbb7e9468a7a0e253b5ea76f6a79a5dc9d72d5aab07703a814922f1fbe1eba0336659ae0acc46b46088b895846435a02bbacd4663f652c0e1289411bada43f1335d48d8ca7a021a60c8a19a8a894aa3375758a140bd040e24aabb0736f79ad95f2090a78418360cfba57398dbf3645bd6c964e53923ded0751512e8cadb650ab833ec3167e8bf385bfbbba46e0845e745810d0133cea434ddab18ef066caea680f16604baf0ee56b1f631f5ccf754fc79285af9d17d99346f7bcd7048dcbb3f0fbd6c2aaa415821f73e4ef5c09fffa911a7ecda2961342d0db95a92d597e8755e41fda1e39c65efc82ca82b22172b3e2017ec5bfbbdbecccc318190eca29ca4dfe393afbbaede3fbc53aa54fde14a1d98a3f0e673bd710d73a978cd7b37901915811c1a8478c61c4021792bd07d42a0e4f7f367139fd78ad1b6cc23c94bfc98bf73c8891c5c69c00c0aa4ba3d76472543fd8d2fef44f4fa928906a60f726a7aed2c6435ea80ffa1d91efc4a605b48845a1e66a7a79c92a869549383256e7724f796aa893c3a86c8c501dcef329d79d7ad5836cd41d48d0ddee68cd5dce8e59724bcf7a0d6872deae7dd15939db46b978fdb77158c3076ecc720b3fe3fefff15b28f7f1304c375a435f20c714576dfc8c9f53af9b6dd7d7ba14d8fe4408f8ffbd61aa0f1194e3c57d63519f96e42fdc97e7adfd686fdbef39bdca9a2716b337e406a909f3b2eed19e24408e8dbe91b5aa98fa62b6fb6f9f13dee6a5da24b24cd2cd859029aabb2bace5492de4985a19c508d2062e6b580bac1a55a41aecabf0d63f48315a6497f11a5a09bdfd1649203eedcd03069cac0bde4f7691e57e2a054e1c192f6d78f2647af7cfffc4daad033521b87103c5bbb81eafb0ff72c4cfc7beab3cd7074ed50f23021e917e85a0ea2dec4dd0d7f8efa68f15a1296ca768fac34f630014743eeeed57f80165e268c1cef7d5d385edb955195a3e44b8b388dcab72083fc2dc23d71913bb98ef2a34ad6df1675b936e294ebba47dbd74daa8098fcb627a1e17616d8775cf1fdec8676d57ce31bd4bfbe821a03ef251f651ce97dbae57f99c6755470e9cdd17699c568ada69a64621dd5625d95b0b550c596292b1816b9516cc7d8f02f8be32afda1f4357419b28363ced9bf7429e7687531fb00de4d2e03fe4ca448e66ad17c58d909df244f4f7ed265164b42273187816e0872e6818b8bdf48097d108f4c67ffa10038f7d2a705b4489c9af1284a7b34dec3e5b56f350c880277fca26427e0746eece173de1ae1104b7822a9fd45b262e5f3ce16a64dfa69e84f077296144f0c119bd2aac2251f463b3e8177dc259088c8a1794953b248b95e7c6e6f91ed45a7d3bce7e91ec72b98c06ba6c625bfdefc69c7416d89a0b1f3bcab5aed96370d74c6812ef0338368756f83f4be0331cde6d11d9a917483f25beda96af71882c3d4d1b3785932fa0bc93d611c919dcb116699db1a3d26ad6826937a984fa121fac7a45ff220520f702ee942793dbf7023b98c9cca4f150bccd29f26aff58e2255aa73fb7a7abd24b501bd403f24900d42e88c57494ab5ef8bacc07ff9904b100d709cc9b1018cacfa42d839476b7aeceeb2236e2c1151d441b167036bef84069401d67a1473d5d11cc109bd39a1fca5d5aa347c4fd5f6f3c12a8f5d1ec344dc1717f5e8e1aae6d7b7c42aa633ffdcb46c32ac667d933cb9fdaf6d83eefe77d8733a59fcf394d063efa474df67697f881991a34fa79bb78f3b19e9b29cc7b03ca7390b0ca6064a961f3fed249db4ff2c01840373b6242034cbac645d59743f1a90f372ee0c17efade2cef03e3f0edc640dfb629c6b98dc2f28ce06aff3574a2cbdb4b06fba31b2dfe34bba7e34e02a786fa4473d5ba847f4f1e644c1bad62ebd5ca9306219ad6beacb8a54ba299e1bad887293f1b65ff956ea2a562e290df607a608503afee3ae180d600f1d14a9459cd5a399c7e2c7bbde19c11ac869d34ea5e990a759e346c3d538108a277894d6ec7bc6fcd65862a2d9d0696551a4a37379feafb313a09f2575c52641db9f46f4cc5e851f67ce633572b6ffcea7b7c24b44b40d32e55e4f3b426e464c07741648f30d51fe3eb162cadcecf21b7182cc915ffd887e85c385b5989f87910c5c990d639f8d2cd9234c534400088ef49733c94f39131fd51d784a407a07eae6d5359acfa35994ec3760ca3866404a5faed0fb210ce1b849868a6007c8e839ac7518172928277bf2dc43d163d2a0f6146cca1738ec3526762e8e2caf69606a3980bd08fba42ec7cbf48d315e45b834bfb14221de8259250c4ae9590520288c73bfc7d8076d3fe46b772491173ea0daa76cb5cb40637a038ce734d72c0c020494062843715e762d71a8f8518fa7d837391c06b62c96efc17651158657db8ea9a57634b0b5628b06fd5d568fb02185a63a6beb56013cfb4fd1695b102fb58f39161232af39f6d87c5ff6af247df3d549b7f6f81cddf4e3cb12b18634e69df5af55127f72670a3104ce5aba7877c32ee4b0cfa076247a95750e830a240b092baec2f473e83581e5799d69593247f0e78ad8e44c0e0d09fc55888107c4badcdb20b2c82d5915b3b03060e53d199b20b29ad6742655bf62343421f826daf1a3c0c493c96bf719bdf0a8dc9a4fc3f75bcebec3aebfd898ef161cd4e2e33a142c36f673cd8da72edae4f691a4271881d326d77fca0af396bc1eaf9e9d2a047562f91f0e87972e3ae5abb75e352f28c81351c4be6a34e5a01b8ed8461f14e21d1afc9260d838b43e9e2ae078d64b6c718232bcd2b26d3c57beb3c605e00c6f9c1031a3bae4b1872ba5d6c23199253929f1cf57a2e961d798ca9d315fa6b9855c8e7efcc24ccde498a3f1ba23755360044f024753f886f97016bd45a56d802f3e9e040a84f6c46cd5aa99fd4471b97cdb0bd8d265853fb79c42b4cad7eda49ca08d3cefffee2d3f1b5f083a06ea4be4b0acf84ca27e5a8d579d3135f3e59bd5b823b2bef7708189f54c8f0d576e4c6bdbf932b55bc792bb302cddc5c555e4903eff45b493f9498f7bf184035335ad1ba1547795a443c9afb30f932e7d1b042fe1690cd34d98e2331cbe38108be26f8ed615590e8bd99fd01b700b21e6ed61de92297d8b447c723089cee359ccd4517328d54ebc43a3f9173698c4362a6130508c9a0ea57b9a8a74a997a21e3e2a7223ad3debd80f70aff2eba5a862aa667052462bf6635eca2dd3350ef70fda58f8492d34c5b819c802f97b8765680c39fcab3b92f8a8be88a93b5bfc1dbba3fbfd3051c4443e766f4cc6a9d0f96b66a081e9316a44efe5973479ae74bf13c18711218f75d7f4e6f70b0a34ff2a1aec8d1e3181a65b4d5f21f0c19789a2ff90ae5e1298e707628e97e6a5048ac29d916193577506a7f5a9cfb0c73d16a67a2e1f872c8026891e98df07579877460c845bf967f87d75295ed29ddf626340f313bb35a04f9304e34773eda19650f25a08b2bd603297d9edd7f7d1b88d0b18e7bc35b0593961e7403a03550a20a0eab83cb00e659f5fccc189d14b28f11b8f55db517ab124b3718e70868d2131c74640bc682ee785a75cf960a79fead7965d0798d98e386598efb5ce92b0ceeec4e63e2eee3a15642ac72691517c4197a667de3e57a56e2d6e4ecb5a2bc401f90ec2239baf6a9a418267fe2228f7776c7f932a048cd9aada01c2e6d9466ecc434ba61eb97a0d6eb00e719940b3dca3ae25b94e9040ee238184eeaf46e51b61d855ce476d10dd9cb09df18c585304bc4f9e88060e4bdd6e624dd90d7ae8874c0af1e17e67d3bb27babd15880cc61f22b6a0b24df6d03faa13f0c918a7b960f47d939934d9ae90edc40251fb53c9fde3ee255e49c8541d995a644d35b46ab202e56ad1de3da1c5ee587f167b398392d0fba4a43eedeaccb0ba16f571055381fe3885490c71e0805b1b3186bf2652b9a9df69d8d1232cf704fddfb5e7d3ff78ba5ae3b843f4f9b82161e223343240c33a9cd21eb312806163ebb2e60bc98b68b3d95bdd923f6ea831083c13ca65e4a06e999b2d014d0ed218d72c5b776fd21ae21d14e23e9074de20d6d16520b1061aa4db3b5b8077b1c43aa375c68a6243ad582a148dc6878ceb2ab6792cac38ef21765df51171436a412f60f5dc68fba51aae8c4909efa690340fd8a63cbfa4af6235c1c904a20578f54b9c91b1fb8017d05321e0bb9eda1502c1506f3d2939977af87d1f9329e237c129d5cb65e093396f016eb0c2f0aa5cab92a00259f6056532ef188be500fec4cd4614e29daf5b41da2b4742b02999e651c42d2f405344a232e36278785dc7a681d0ee2014ce3214f44ff9d2c3e083e18c299cd7cc8ddea4b805c673cb7479a553f28349235d37874ae3da878a5b6321e501c2b77470dd15b35ace69b1b8e3ba20cce47acb8350f206d136dfdcea697bf558bf3426bb1e0ebcf2797a1c7a181fad43b8c68633b361d40868c279896eb1c628656a9b57dcde8444ff92f2cc1d2dfa1998054487d8fcf11b852019ac21ae0582b1c8f4ff90f31d862e20740d7b803b0f109a8d1506137ca58167e8be1d13e6a5590e2bf2af5cbb7e79db2f4cdec83983463e1e830f54f8534e4c660039c0d372c7c757be3498f6be9ff6b6d13b88ca0ee07a0fd4df8cb13de0fa094cd3b9eb87032a6aaa757a6391ccf98fa7f9d99065b4f747e70ca497af77fbad520c589445d3401c67972ff7e274571b8c35a17ae78de90c81f791a69d70975208153f94ac7199c45de1ca5746887ec677452fd1a018b7287ac45e14ecdf1876229964153cfe6b39f1d50a9be63a0eb10016607ff338751cf9bb97c917d532be1174d0410e26dcfab873769b71db87758c0ad015b1db4b7565e244925ea0dc24313ac65f0355abcfa96c786b8ab7b32166bbf4c7ddae0d3f63d1aad63a9b105e05825aa012e075ba3e1c20b757e1dce75f6fe14e891a20988d365cb5e69206a1b7d8caf2effc73eb577330cb56495fbeaa6b7aef3467a32f53634e468208a8e55d626f98a2b51d39b48341c27306e59c0fc5c8058719b526eac245ce857288976abdfc9be1d4f220817f879c15cf0a258f89cd8269113821b0a1073165923748c6e8e0331ae9e7df11e62a80bf28559850cce385a98e0f48209ebcf69e8938a7605e96f4ffcf580b6c1df742766458763dc91b34035c12396b06ca5995b8feee35e1a3891cca0402fb9e739d8f8aa1a637b7c8c2c458493a323fbe5a76f866e2d9adf0d1d76950bc527a969f61c8519508eb5a93447d212e209c724aa16a949d8be1b14c8711d4c85e728e9d50b5b78b76242f9d59d866a86da0f129201a5b665611360ab3f4b678746cbba1b47884d2bfe4d3e38bf441fac354654c5077620cdf5870fda1fd5ca2bf4780d474a27cb660dd9d7ea83d423240c7ffe743dbefa3b922ac6d5f9544a7d5477dc44761a1d47633f67fe220f37630d678daeb62360b5f4f5d40493169f6554897c5d05c4909834fb2ef1494f8bbbf9e986761b931a26b0ab76b88d4f9b9bd9a024dc39819e0a139eefba8f617401811b4a7b97212aa82965e6008447979d19bfeacceedd48a24d65b8a1705d686fa8c44100d27dca9bc764b74345e1da71bfd9604e2f5bfdd28097f90e98f91ca81b08e827f7a3e742e6c019691afb612042a375985b01b94b3eb61a484fc2ece84f53ba5738273c80047663ec335d31f1ce43c6205a78fe7712626e8e6ff691b5bb9fe1a41909db60d8644d73936c4eb663bbfef030499c8c7d31f4eacae3cbf736a1eba6f85008139ba7eaf5f1ef8804f617e56c820c24f139b7036887f2ed2de32fd63574d0359ad4026e67c550b4ae960a2ce234a20e076da3f91a7ed60bd59a38e1acd7941a66bf3e755a431cead3f01600c6e47564167340f3f853efae37b036988bf4b30849d9dd5d0d09b1799bf9fadca76c497a1345018c8724065291bd8cc633e06359b72040a7673ffe5e86c240d043963bf2d76a0fbf50243a63d45d7f3358e1b9d1f3cbffd7e60429afee778f305e7d8f07c3e49a104f3a4e92118ce84cd11839f507656757d6e89ff296cf792ca2f1429aa80c8092b970d6f065eda3fb25b6b8a699561f8fe5236bbbc96f15860e29326a5a2671a88545a65e587d986615998a124a97820a65f81779b3101086e6f261177a66858d788c5c66521408a9e70238719614aa6232a3ef7a33e99d3b1dcdc20c33e8124b1dabe50ce9e4eadf34685560039e7d7e08f038f2004da7703bc4a30a28409719092e6640e743ee8a4e75dea106314a26ed5cae5d02bf9c8b0e96020a6b7941db7f0c311476f377a992caccff7f1919062f9db36ba72b29e9dc0880fb8eb24f41e0a6cbaa487058c6fbe6b062b372e0b84c9fcfd64d84724b6cda7fb3f582abaa6757782b20f9c1fad78f98273129caaa9496c1dbbbd167b52bae60dc327d1e18d82450ff9b6b108a0f20cbee5", 0x2000, &(0x7f0000004b40)={0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, &(0x7f00000045c0)={0x78, 0x0, 0x10006, {0x8, 0x7, 0x0, {0x0, 0x0, 0x1, 0x40000000000, 0x400000004, 0x2, 0xe767, 0x6, 0xe96, 0x8000, 0x0, 0x0, r2, 0x80000001, 0xe}}}, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0})

5.202224313s ago: executing program 0 (id=628):
ioctl$AUTOFS_DEV_IOCTL_ASKUMOUNT(0xffffffffffffffff, 0xc018937d, &(0x7f0000000140)={{0x1, 0x1, 0x18, <r0=>0xffffffffffffffff, {0xe4a}}, './file0\x00'})
ioctl$USBDEVFS_GETDRIVER(r0, 0x41045508, &(0x7f00000001c0)={0x9, "0077691fb36b0ac7830736840572bf7c604216fdb0542ce1e598f12e442b5d57f9f324953c7105aaf349f30633c8f749f71ddac39308a841cff8855c94586a879c94c7c716d888eb7f7f9b28a294c7a50ef6be840e82c450232ac63651a68016436cf3c8ae32fbd00394669a7579dd2e3bf0b3a55968db004f03020d663adbcfb3f265f54557dfd142f72ac8e8d4641782e9044184bd9fbb3823d7e5dd28cded61c13c2380bdd95c028962d615fec826458a373f3f945f8790acbc5c60d4acd8e255591cb79b53c75ce0da3935bde18910ef65b8d86ac70e8c5d4327659d4fef0523e2298ed809b5d3ce641306e97ea32dec5b7c2d46707850d54b0acdc2784c"})
syz_open_dev$sndctrl(&(0x7f0000000300), 0xc, 0x103000)
r1 = syz_open_dev$sg(&(0x7f00000060c0), 0x0, 0x8002)
mount$cgroup(0x0, &(0x7f0000000000)='.\x00', &(0x7f00000000c0), 0x10012, &(0x7f0000000040)={[{@name={'name', 0x3d, 'noprefix'}}, {}]})
ioctl$SG_SET_FORCE_PACK_ID(r1, 0x227b, &(0x7f00000000c0)=0x2001)
r2 = fcntl$dupfd(r1, 0x0, r1)
write$sndseq(r2, &(0x7f0000000180)=[{0x0, 0x0, 0x0, 0x0, @time={0x98a0, 0x2}, {0x0, 0x5}, {}, @raw32}, {0x0, 0x0, 0x0, 0x0, @time, {}, {}, @note={0xfc}}], 0x38)
getsockopt$inet_mreqn(r2, 0x0, 0x23, &(0x7f0000000080)={@private, @private}, &(0x7f0000000100)=0xc)
readv(r2, &(0x7f0000000480)=[{&(0x7f0000001140)=""/136, 0x88}], 0x1)

5.007429673s ago: executing program 2 (id=629):
r0 = socket$alg(0x26, 0x5, 0x0)
bind$alg(r0, &(0x7f0000000000)={0x26, 'aead\x00', 0x0, 0x0, 'aegis128\x00'}, 0x58)
setsockopt$ALG_SET_AEAD_AUTHSIZE(r0, 0x117, 0x5, 0x0, 0x1)
r1 = socket$kcm(0x11, 0xa, 0x300)
r2 = bpf$MAP_CREATE_RINGBUF(0x0, &(0x7f0000000140)={0x1b, 0x0, 0x0, 0x1, 0x0, 0xffffffffffffffff, 0x101, '\x00', 0x0, 0xffffffffffffffff, 0x5, 0x2, 0x4}, 0x50)
r3 = socket$nl_route(0x10, 0x3, 0x0)
r4 = socket$can_j1939(0x1d, 0x2, 0x7)
setsockopt$SO_J1939_PROMISC(r4, 0x6b, 0x2, &(0x7f0000000080)=0x1, 0x4)
ioctl$ifreq_SIOCGIFINDEX_vcan(r4, 0x8933, &(0x7f00000000c0)={'vcan0\x00', <r5=>0x0})
bind$can_j1939(r4, &(0x7f0000000340)={0x1d, r5, 0x0, {0x2, 0x0, 0x6}, 0xfe}, 0x18)
sendmsg$nl_route_sched(r3, &(0x7f00000002c0)={0x0, 0x0, &(0x7f0000000240)={&(0x7f0000000000)=@newtfilter={0x24, 0x11, 0x1, 0x70bd26, 0x25dfdbfc, {0x0, 0x0, 0x74, r5, {0xb, 0xfff2}, {0xfff1, 0x9}, {0x2, 0xd}}}, 0x24}, 0x1, 0xf0ffffffffffff, 0x0, 0x4012}, 0x20000050)
r6 = bpf$BPF_BTF_LOAD(0x12, &(0x7f0000000580)={&(0x7f0000000340)={{0xeb9f, 0x1, 0x0, 0x18, 0x0, 0x110, 0x110, 0x9, [@typedef={0x1, 0x0, 0x0, 0x8, 0x2}, @func={0x2, 0x0, 0x0, 0xc, 0x3}, @func_proto={0x0, 0x1, 0x0, 0xd, 0x0, [{0x5, 0x4}]}, @const={0x4, 0x0, 0x0, 0xa, 0x2}, @enum64={0x3, 0xa, 0x0, 0x13, 0x0, 0x2, [{0x1, 0x9d, 0x3}, {0xd, 0x7, 0x8}, {0xd, 0x3, 0x950b}, {0xf, 0xe94, 0xff}, {0x4, 0x1ff, 0x1}, {0xa, 0x7}, {0xb, 0x8, 0x6}, {0x4, 0x7fffffff, 0x1}, {0xb, 0xa4a, 0x7}, {0xf, 0x15211520, 0x9}]}, @var={0xa, 0x0, 0x0, 0xe, 0x5}, @struct={0x6, 0x2, 0x0, 0x4, 0x0, 0x4, [{0x8, 0x2, 0xbb5}, {0xa, 0x5, 0x6}]}, @restrict={0x3, 0x0, 0x0, 0xb, 0x4}, @func_proto={0x0, 0x1, 0x0, 0xd, 0x0, [{0x5, 0x1}]}]}, {0x0, [0x30, 0x30, 0x30, 0x2e, 0x61, 0x5f, 0x2e]}}, &(0x7f0000000480)=""/215, 0x131, 0xd7, 0x0, 0xb639, 0x10000}, 0x28)
r7 = bpf$MAP_CREATE(0x0, &(0x7f0000000000)=ANY=[@ANYBLOB="05000000070000000200000007"], 0x50)
r8 = bpf$MAP_CREATE(0x0, &(0x7f00000000c0)=@base={0x1b, 0x0, 0x0, 0x8000}, 0x48)
bpf$PROG_LOAD(0x5, &(0x7f0000000200)={0x0, 0x10, &(0x7f0000000180)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32=r7, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b7040000b98cad95850000000300000018110000", @ANYRES32=r8, @ANYBLOB="0000000000000000b702000000000000850000008600000095"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x29, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x15, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
r9 = bpf$BPF_MAP_GET_FD_BY_ID(0xe, &(0x7f0000000640)={0xffffffffffffffff, 0xfffffffa, 0x8}, 0xc)
r10 = bpf$MAP_CREATE(0x0, &(0x7f00000009c0)=ANY=[@ANYBLOB="0500000004000000ff0f000007"], 0x48)
bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x0, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="18000000000000000000000000f9000018110000", @ANYRES32=r10, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000000000000b70400000000000085000000c300000095"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x200000}, 0x94)
r11 = openat$dlm_control(0xffffff9c, &(0x7f0000000680), 0x480000, 0x0)
bpf$PROG_LOAD_XDP(0x5, &(0x7f0000000740)={0x6, 0xf, &(0x7f00000001c0)=ANY=[@ANYBLOB="1808000000060008000000", @ANYRES32=r2, @ANYBLOB="0000000000000000b702000014000000b7030000000000008500000083000000bf0900000000000055090100000000009500000000000000bf91000000000000b7020000010000008500000085000000b7000000000000009500000000000000"], &(0x7f00000002c0)='syzkaller\x00', 0x1, 0x0, 0x0, 0x41100, 0x9d, '\x00', r5, 0x25, r6, 0x8, &(0x7f00000005c0)={0x3, 0x2}, 0x8, 0x10, &(0x7f0000000600)={0x3, 0xd, 0x1, 0x4}, 0x10, 0x0, 0x0, 0x4, &(0x7f00000006c0)=[r8, r9, r10, r11, 0x1], &(0x7f0000000700)=[{0x2, 0x1, 0xb, 0xa}, {0x0, 0x5, 0x7, 0xb}, {0x3, 0x2, 0x8, 0x7}, {0x2, 0x3, 0x0, 0x7}], 0x10, 0x1}, 0x94)
bpf$MAP_CREATE(0x0, &(0x7f0000000100)=ANY=[@ANYRES32=r1], 0x48)
timer_create(0x0, &(0x7f0000000240)={0x0, 0x21, 0x2, @thr={0x0, 0x0}}, &(0x7f0000000300)=<r12=>0x0)
fcntl$lock(0xffffffffffffffff, 0x25, &(0x7f0000000040)={0x0, 0x0, 0xfd8b, 0x5})
mprotect(&(0x7f0000000000/0xf000)=nil, 0xf000, 0x1)
timer_settime(r12, 0x1, &(0x7f0000000040)={{}, {0x0, 0x989680}}, 0x0)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0x100000e, 0x20c44fb6edc09a38, 0xffffffffffffffff, 0x0)
r13 = open(&(0x7f0000000280)='.\x00', 0x0, 0x0)
mprotect(&(0x7f0000000000/0x3000)=nil, 0x3000, 0x1)
fcntl$lock(r13, 0x410, &(0x7f00000000c0)={0x1, 0x1, 0x1, 0xfffe})
fchown(r13, 0x0, 0x0)

4.637391233s ago: executing program 3 (id=630):
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000040))
socket$nl_generic(0x10, 0x3, 0x10)
syz_init_net_socket$bt_hci(0x1f, 0x3, 0x1)
r0 = openat$sndseq(0xffffffffffffff9c, &(0x7f0000000000), 0x0)
setsockopt$inet_sctp_SCTP_RECONFIG_SUPPORTED(0xffffffffffffffff, 0x84, 0x75, &(0x7f0000000140)={0x0, 0x2f0}, 0x8)
ioctl$SNDRV_SEQ_IOCTL_UNSUBSCRIBE_PORT(r0, 0x40505330, 0x0)
socket$nl_route(0x10, 0x3, 0x0)
ioctl$sock_SIOCGIFINDEX(0xffffffffffffffff, 0x8933, &(0x7f0000000c80)={'lo\x00'})
bpf$PROG_LOAD(0x5, &(0x7f0000002440)={0x6, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback=0x4, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0xd}, 0x94)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
r1 = syz_open_dev$vim2m(&(0x7f0000000080), 0x80, 0x2)
ioctl$vim2m_VIDIOC_S_FMT(r1, 0xc0d05605, &(0x7f0000000140)={0x3, @raw_data="16b7388e4c036433d0c344b8b62b48fbc4840a8c02ea7972680027260c0f022c83942c6edfa8a6a1332033e5447d76c2bc975e9278a0aec9e5d9f53c3d8839ce26c004050037260902c874d79768fa4d1926ab5c0b4868e100940fd9b7a61df4ff9f48abcbb3033e3aaf87ec68c710d2a9c6158552aa1a4f37408e3f502735a724bba8a403b322f971491cdaad8e3986cb53087dff3b4460a35cc96b1093e03b3257516268c37f3880ca9aa92266b85141f50ee12be456a0eb00"})
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0)
sched_setscheduler(0x0, 0x1, &(0x7f0000000480)=0x45)
sched_setaffinity(0x0, 0x8, &(0x7f0000000100)=0x2)
r2 = syz_open_dev$MSR(&(0x7f00000001c0), 0x0, 0x0)
read$msr(r2, &(0x7f0000019680)=""/102392, 0x18ff8)
ioctl$sock_SIOCETHTOOL(0xffffffffffffffff, 0x8946, 0x0)
r3 = socket$inet_tcp(0x2, 0x1, 0x0)
bind$inet(r3, &(0x7f0000000000)={0x2, 0x4e21, @broadcast}, 0x2f)
connect$inet(r3, &(0x7f0000000180)={0x2, 0x4e21, @dev={0xac, 0x14, 0x14, 0x1b}}, 0x10)
sendto$inet(r3, &(0x7f0000000000), 0xffffffffffffff94, 0x0, 0x0, 0x0)
setsockopt$inet_tcp_TCP_CONGESTION(r3, 0x6, 0xd, &(0x7f0000000040)='hybla', 0x5)
recvfrom$inet(r3, &(0x7f0000000080)=""/8, 0xfffffffffffffd0b, 0x720, 0x0, 0xfffffffffffffd25)
socket(0xd, 0x0, 0x3ff)
connect$inet(0xffffffffffffffff, &(0x7f0000000300)={0x2, 0x0, @remote}, 0x10)
geteuid()

4.296353422s ago: executing program 0 (id=631):
unlink(0x0)
mkdir(&(0x7f0000000000)='./cgroup/../file0\x00', 0x0)
r0 = socket$nl_generic(0x10, 0x3, 0x10)
r1 = socket$inet_icmp_raw(0x2, 0x3, 0x1)
syz_emit_ethernet(0x3e, &(0x7f0000000340)={@multicast, @local, @void, {@ipv4={0x800, @icmp={{0x5, 0x4, 0x0, 0x0, 0x30, 0x0, 0x0, 0x3, 0x1, 0x0, @initdev={0xac, 0x1e, 0x0, 0x0}, @local}, @parameter_prob={0xc, 0x0, 0x0, 0x7, 0x7, 0x0, {0x5, 0x4, 0x0, 0x21, 0x7, 0x64, 0x8, 0xf3, 0x1, 0x5, @multicast2, @initdev={0xac, 0x1e, 0x0, 0x0}}}}}}}, 0x0)
ioctl$sock_SIOCINQ(r1, 0x541b, &(0x7f0000000180))
r2 = syz_genetlink_get_family_id$tipc2(&(0x7f0000000180), r0)
sendmsg$TIPC_NL_KEY_SET(r0, &(0x7f0000000100)={0x0, 0x0, &(0x7f0000000080)={&(0x7f00000001c0)={0x54, r2, 0x1, 0x1, 0x0, {0x3}, [@TIPC_NLA_BEARER={0x40, 0x1, 0x0, 0x1, [@TIPC_NLA_BEARER_UDP_OPTS={0x2c, 0x4, {{0x14, 0x1, @in={0x2, 0x0, @dev={0xac, 0x14, 0x14, 0xf}}}, {0x14, 0x2, @in={0x2, 0x0, @initdev={0xac, 0x1e, 0x0, 0x0}}}}}, @TIPC_NLA_BEARER_NAME={0xd, 0x1, @udp='udp:syz2\x00'}]}]}, 0x54}}, 0x0)
sendmsg$TIPC_NL_BEARER_SET(r0, &(0x7f00000000c0)={0x0, 0x500, &(0x7f0000000040)={&(0x7f0000000140)=ANY=[@ANYBLOB='4\x00\x00\x00', @ANYRES16=r2, @ANYBLOB="0100280000000000000002000000200001800d0001007564703a73797a32"], 0x34}}, 0x0)
r3 = socket$packet(0x11, 0x3, 0x300)
ioctl$ifreq_SIOCGIFINDEX_batadv_mesh(r3, 0x8933, &(0x7f0000000080)={'batadv0\x00', <r4=>0x0})
sendto$packet(r3, &(0x7f0000000240)="41d09292b4f980da89cd637b86dd", 0x36, 0x40000, &(0x7f0000000200)={0x11, 0x17, r4, 0x1, 0x4, 0x6, @multicast}, 0x14)

4.123042018s ago: executing program 0 (id=632):
r0 = socket(0xa, 0x80000, 0x800000ff)
openat$uinput(0xffffffffffffff9c, &(0x7f0000000000), 0x2, 0x0)
socket$nl_netfilter(0x10, 0x3, 0xc)
socket$nl_netfilter(0x10, 0x3, 0xc)
openat(0xffffffffffffff9c, &(0x7f000000c380)='./file0\x00', 0x40, 0x0)
openat$fuse(0xffffffffffffff9c, &(0x7f0000002080), 0x42, 0x0)
socket(0x200000100000011, 0x3, 0x0)
fsopen(&(0x7f0000000080)='cgroup2\x00', 0x0)
r1 = socket$igmp(0x2, 0x3, 0x2)
r2 = socket$nl_generic(0x10, 0x3, 0x10)
r3 = getpid()
socket$unix(0x1, 0x1, 0x0)
r4 = openat$binderfs(0xffffffffffffff9c, &(0x7f0000000380)='./binderfs/binder1\x00', 0x0, 0x0)
ioctl$BINDER_SET_CONTEXT_MGR_EXT(r4, 0x4018620d, &(0x7f0000000240)={0x73622a85, 0x0, 0x8000000000005})
r5 = socket$nl_netfilter(0x10, 0x3, 0xc)
sendmsg$IPSET_CMD_CREATE(r5, &(0x7f0000000100)={0x0, 0x0, &(0x7f0000000340)={&(0x7f00000004c0)=ANY=[@ANYBLOB="50000000020601030a0000000000000000000000100003006269746d61703a706f72740005000400000000003000000000050001000700000005000100060000000500050007000000"], 0x50}}, 0x0)
syz_usb_control_io$hid(0xffffffffffffffff, 0x0, 0x0)
syz_usb_control_io$printer(0xffffffffffffffff, &(0x7f0000000180)={0x14, 0x0, 0x0}, 0x0)
sendmsg$IPSET_CMD_CREATE(0xffffffffffffffff, &(0x7f0000001240)={0x0, 0x0, &(0x7f0000000080)={&(0x7f0000000140)=ANY=[@ANYBLOB="34000000090605000a00000000000000000000000900020073797a300000000005000100060000000c00078006000440", @ANYRES16=r1], 0x34}, 0x1, 0x0, 0x0, 0x8000}, 0x0)
openat$fuse(0xffffffffffffff9c, &(0x7f00000000c0), 0x2, 0x0)
syz_pidfd_open(r3, 0x0)
r6 = socket$nl_generic(0x10, 0x3, 0x10)
r7 = syz_genetlink_get_family_id$nl80211(&(0x7f0000000040), 0xffffffffffffffff)
ioctl$sock_SIOCGIFINDEX_80211(r1, 0x8933, &(0x7f0000000000)={'wlan0\x00', <r8=>0x0})
sendmsg$NL80211_CMD_FRAME(r2, &(0x7f0000000240)={0x0, 0x0, &(0x7f0000000200)={&(0x7f0000000400)=ANY=[@ANYBLOB='<\x00\x00\x00', @ANYRES16=r7, @ANYBLOB="010000000000000000003b00000008000300", @ANYRES32=r8, @ANYBLOB="1f003300d000000008021100000108021100000050505050505000001502", @ANYRES8=r6], 0x3c}, 0x1, 0x0, 0x0, 0x8800}, 0x10)
r9 = socket$nl_netfilter(0x10, 0x3, 0xc)
sendmsg$NFT_BATCH(r9, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000000040)={&(0x7f0000000540)=ANY=[@ANYBLOB="140000001000010000000000000000000700000a20000000000a05000000000000000000030000080900010073797a300000000014010000160a01080000000000000000030000000900020073797a3200000000e800038054000380140001007465616d5f736c6176655f31000000001400010063616966300035920000000000000000140001006e7230000000000000000000000000001400010073797a6b616cc62404cf000000000000900003801400010069705f7674693000000000000000000014000100766972745f77696669300000000000001400010067656e657665310000000000000000001400010000000000000000000000000000000000140001007663616e300000000000000000000000140001006e657464657673696d300000000000001400010076657468315f746f5f687372000000000900010073797a3100000000140000001100010000000000000000000300000a"], 0x15c}, 0x1, 0x0, 0x0, 0x8000}, 0x4008014)
recvmmsg(r0, &(0x7f0000000080)=[{{0x0, 0x0, 0x0}, 0x8e0f}], 0x1, 0x40010142, 0x0)

4.037026685s ago: executing program 2 (id=633):
r0 = socket$inet_tcp(0x2, 0x1, 0x0)
bind$inet(r0, &(0x7f0000000000)={0x2, 0x4e21, @broadcast}, 0x2f)
connect$inet(r0, &(0x7f0000000180)={0x2, 0x4e21, @dev={0xac, 0x14, 0x14, 0x1b}}, 0x10)
sendto$inet(r0, &(0x7f0000000000), 0xffffffffffffff94, 0x0, 0x0, 0x0)
setsockopt$inet_tcp_TCP_CONGESTION(r0, 0x6, 0xd, &(0x7f0000000040)='hybla', 0x5)
recvfrom$inet(r0, &(0x7f0000000080)=""/8, 0xfffffffffffffd0b, 0x720, 0x0, 0xfffffffffffffd25)

3.567228188s ago: executing program 3 (id=634):
r0 = syz_init_net_socket$nl_generic(0x10, 0x3, 0x10)
bpf$PROG_LOAD_XDP(0x5, 0x0, 0x0)
openat$full(0xffffffffffffff9c, &(0x7f0000000080), 0x123200, 0x0)
r1 = openat$rfkill(0xffffffffffffff9c, &(0x7f0000000040), 0x801, 0x0)
socket$packet(0x11, 0x2, 0x300)
write$rfkill(r1, &(0x7f0000000080)={0x0, 0x0, 0x3, 0x1}, 0x8)
openat$snapshot(0xffffffffffffff9c, &(0x7f0000000000), 0x6080, 0x0)
socket$inet6_tcp(0xa, 0x1, 0x0)
r2 = landlock_create_ruleset(&(0x7f0000000040)={0x2, 0x3, 0x2}, 0x18, 0x0)
socket$inet_mptcp(0x2, 0x1, 0x106)
sendmsg$NFT_BATCH(0xffffffffffffffff, &(0x7f0000000080)={0x0, 0x0, 0x0}, 0x24004045)
sendmsg$nl_route_sched(0xffffffffffffffff, &(0x7f00000093c0)={0x0, 0x0, &(0x7f0000000080)={&(0x7f0000000000)=@deltfilter={0x24, 0x2d, 0x1, 0x0, 0x0, {0x0, 0x0, 0x0, 0x0, {0x1}, {0x3}, {0xe, 0xe}}}, 0x24}, 0x1, 0x0, 0x0, 0x40005}, 0x0)
r3 = socket$inet_sctp(0x2, 0x1, 0x84)
ioctl$F2FS_IOC_COMPRESS_FILE(0xffffffffffffffff, 0xf518, 0x0)
getsockopt$inet_sctp_SCTP_MAX_BURST(r3, 0x84, 0x14, &(0x7f0000000000)=@assoc_value, &(0x7f0000000040)=0x8)
io_uring_enter(0xffffffffffffffff, 0x2219, 0x7721, 0x16, 0x0, 0x0)
landlock_restrict_self(r2, 0x9)
syz_usb_connect$midi(0x1, 0x0, 0x0, 0x0)
socket$pppl2tp(0x18, 0x1, 0x1)
socket$inet6_udp(0xa, 0x2, 0x0)
getpid()
openat(0xffffffffffffff9c, &(0x7f0000000040)='./cgroup.net/devices.allow\x00', 0x2, 0x48)
r4 = syz_genetlink_get_family_id$ieee802154(&(0x7f0000000b00), r0)
sendmsg$IEEE802154_LLSEC_DEL_DEV(r0, &(0x7f0000000e80)={0x0, 0x0, &(0x7f0000000bc0)={&(0x7f0000000b80)={0x20, r4, 0x1, 0x70bd26, 0x25dfdbfd, {}, [@IEEE802154_ATTR_DEV_NAME={0xa, 0x1, 'wpan0\x00'}]}, 0x20}}, 0x800)
ioctl$sock_SIOCGIFINDEX_802154(r0, 0x8933, &(0x7f0000000000)={'wpan1\x00'})

3.475445248s ago: executing program 0 (id=635):
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000040))
socket$nl_generic(0x10, 0x3, 0x10)
r0 = syz_init_net_socket$bt_hci(0x1f, 0x3, 0x1)
bind$bt_hci(r0, &(0x7f0000000040)={0x1f, 0x0, 0x1}, 0x6)
r1 = openat$sndseq(0xffffffffffffff9c, &(0x7f0000000000), 0x0)
r2 = socket$inet_sctp(0x2, 0x4, 0x84)
getsockopt$inet_sctp_SCTP_PARTIAL_DELIVERY_POINT(0xffffffffffffffff, 0x84, 0x13, 0x0, &(0x7f0000000100))
setsockopt$inet_sctp_SCTP_RECONFIG_SUPPORTED(r2, 0x84, 0x75, &(0x7f0000000140)={0x0, 0x2f0}, 0x8)
ioctl$SNDRV_SEQ_IOCTL_UNSUBSCRIBE_PORT(r1, 0x40505330, &(0x7f0000000040)={{0x5}, {0x3}, 0x10, 0x1, 0x4})
socket$nl_route(0x10, 0x3, 0x0)
ioctl$sock_SIOCGIFINDEX(0xffffffffffffffff, 0x8933, &(0x7f0000000c80)={'lo\x00'})
bpf$PROG_LOAD(0x5, &(0x7f0000002440)={0x6, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback=0x4, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0xd}, 0x94)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
r3 = syz_open_dev$vim2m(&(0x7f0000000080), 0x80, 0x2)
ioctl$vim2m_VIDIOC_S_FMT(r3, 0xc0d05605, &(0x7f0000000140)={0x3, @raw_data="16b7388e4c036433d0c344b8b62b48fbc4840a8c02ea7972680027260c0f022c83942c6edfa8a6a1332033e5447d76c2bc975e9278a0aec9e5d9f53c3d8839ce26c004050037260902c874d79768fa4d1926ab5c0b4868e100940fd9b7a61df4ff9f48abcbb3033e3aaf87ec68c710d2a9c6158552aa1a4f37408e3f502735a724bba8a403b322f971491cdaad8e3986cb53087dff3b4460a35cc96b1093e03b3257516268c37f3880ca9aa92266b85141f50ee12be456a0eb00"})
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0)
sched_setscheduler(0x0, 0x1, &(0x7f0000000480)=0x45)
sched_setaffinity(0x0, 0x8, &(0x7f0000000100)=0x2)
r4 = syz_open_dev$MSR(&(0x7f00000001c0), 0x0, 0x0)
read$msr(r4, &(0x7f0000019680)=""/102392, 0x18ff8)
ioctl$sock_SIOCETHTOOL(0xffffffffffffffff, 0x8946, 0x0)
r5 = socket$inet_tcp(0x2, 0x1, 0x0)
bind$inet(r5, &(0x7f0000000000)={0x2, 0x4e21, @broadcast}, 0x2f)
connect$inet(r5, &(0x7f0000000180)={0x2, 0x4e21, @dev={0xac, 0x14, 0x14, 0x1b}}, 0x10)
sendto$inet(r5, &(0x7f0000000000), 0xffffffffffffff94, 0x0, 0x0, 0x0)
setsockopt$inet_tcp_TCP_CONGESTION(r5, 0x6, 0xd, &(0x7f0000000040)='hybla', 0x5)
recvfrom$inet(r5, &(0x7f0000000080)=""/8, 0xfffffffffffffd0b, 0x720, 0x0, 0xfffffffffffffd25)
socket(0xd, 0x0, 0x3ff)
connect$inet(0xffffffffffffffff, &(0x7f0000000300)={0x2, 0x0, @remote}, 0x10)
geteuid()

3.104600669s ago: executing program 2 (id=636):
openat$vicodec0(0xffffffffffffff9c, 0x0, 0x2, 0x0)
openat$binderfs(0xffffffffffffff9c, &(0x7f0000000380)='./binderfs/binder0\x00', 0x0, 0x0)
openat$rtc(0xffffffffffffff9c, &(0x7f0000000200), 0x140, 0x0)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x1, 0x0)
prlimit64(0x0, 0xe, &(0x7f0000000380)={0x8, 0x100008b}, 0x0)
sched_setscheduler(0x0, 0x1, &(0x7f0000000200)=0x5)
openat$sequencer(0xffffffffffffff9c, &(0x7f0000000300), 0x80200, 0x0)
r0 = syz_open_dev$sndmidi(&(0x7f00000004c0), 0x2, 0x141102)
writev(r0, &(0x7f0000000840)=[{&(0x7f00000002c0)="94", 0xf000}, {0x0}], 0x2)
bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f00000005c0)={0x0, 0x0, 0x0, 0x0, 0x4}, 0x94)
ioctl$sock_SIOCGIFINDEX_80211(0xffffffffffffffff, 0x8933, 0x0)
sendmsg$NL80211_CMD_START_P2P_DEVICE(0xffffffffffffffff, &(0x7f0000000280)={0x0, 0x0, &(0x7f0000000240)={&(0x7f0000000500)=ANY=[@ANYBLOB="1c000000", @ANYRES16=0x0, @ANYBLOB="040026bd7000fbdbdf255900000008000300", @ANYRES32, @ANYBLOB="e416b6d6cd15f949aef9abbeb2a116e4b9dbce661059a3dd3b4258c35be69b0b6787f930eeb90f11e63020e26a0f82f0a5972534a30d707ae13536b4bcd213e4b1706b728e50119eb7c2a559b5dba72bf42b9c6d4b83e85b0b2853f9dbc52a497293b00b93f40a231af248e3e6886a6efa1602d5681056fd89db46141d86ad223e6a1e043d7bfd"], 0x1c}, 0x1, 0x0, 0x0, 0x80}, 0x4001)
bpf$PROG_LOAD(0x5, 0x0, 0x0)
r1 = fsopen(&(0x7f00000001c0)='ramfs\x00', 0x0)
fsconfig$FSCONFIG_CMD_CREATE(r1, 0x6, 0x0, 0x0, 0x0)
r2 = syz_init_net_socket$x25(0x9, 0x5, 0x0)
listen(r2, 0x0)
openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x42, 0x90)
inotify_init1(0x0)
acct(0x0)
getpid()
r3 = socket$nl_netfilter(0x10, 0x3, 0xc)
sendmsg$IPSET_CMD_CREATE(r3, &(0x7f0000000040)={0x0, 0x0, &(0x7f0000001140)={&(0x7f0000000200)=ANY=[@ANYBLOB="140000000206ff0300000000000000000000003e"], 0x14}}, 0x0)
r4 = socket$nl_netfilter(0x10, 0x3, 0xc)
sendmsg$IPSET_CMD_ADD(r4, &(0x7f00000002c0)={0x0, 0x0, &(0x7f0000000080)={&(0x7f0000000400)=ANY=[@ANYBLOB="480000000906014ab20c249e55c940c562150200000000000000000200ffff200007800c00018007000140e000000208000a40000000020500031e0200534231f912642cce00000000000000da00000900020073797a310000000005000100070000f7b2eb7e4182481e59dcecb235d5d50575e3c4646691b60e5a4b6b9313d2eb9cedca47b709b7cd175cdf3c65ae77b8bf23"], 0x48}, 0x1, 0x0, 0x0, 0x800}, 0x40c0080)
fsmount(r1, 0x0, 0x0)
mount_setattr(0xffffffffffffffff, 0x0, 0x0, &(0x7f0000000300)={0x78, 0x10008a, 0x80000}, 0x20)
open(&(0x7f0000000040)='./bus\x00', 0x143142, 0x80)

2.995598693s ago: executing program 2 (id=637):
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000040))
socket$nl_generic(0x10, 0x3, 0x10)
r0 = syz_init_net_socket$bt_hci(0x1f, 0x3, 0x1)
bind$bt_hci(r0, &(0x7f0000000040)={0x1f, 0x0, 0x1}, 0x6)
r1 = openat$sndseq(0xffffffffffffff9c, &(0x7f0000000000), 0x0)
r2 = socket$inet_sctp(0x2, 0x4, 0x84)
getsockopt$inet_sctp_SCTP_PARTIAL_DELIVERY_POINT(0xffffffffffffffff, 0x84, 0x13, 0x0, &(0x7f0000000100))
setsockopt$inet_sctp_SCTP_RECONFIG_SUPPORTED(r2, 0x84, 0x75, &(0x7f0000000140)={0x0, 0x2f0}, 0x8)
ioctl$SNDRV_SEQ_IOCTL_UNSUBSCRIBE_PORT(r1, 0x40505330, &(0x7f0000000040)={{0x5}, {0x3}, 0x10, 0x1, 0x4})
socket$nl_route(0x10, 0x3, 0x0)
ioctl$sock_SIOCGIFINDEX(0xffffffffffffffff, 0x8933, &(0x7f0000000c80)={'lo\x00'})
bpf$PROG_LOAD(0x5, &(0x7f0000002440)={0x6, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback=0x4, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0xd}, 0x94)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
r3 = syz_open_dev$vim2m(&(0x7f0000000080), 0x80, 0x2)
ioctl$vim2m_VIDIOC_S_FMT(r3, 0xc0d05605, &(0x7f0000000140)={0x3, @raw_data="16b7388e4c036433d0c344b8b62b48fbc4840a8c02ea7972680027260c0f022c83942c6edfa8a6a1332033e5447d76c2bc975e9278a0aec9e5d9f53c3d8839ce26c004050037260902c874d79768fa4d1926ab5c0b4868e100940fd9b7a61df4ff9f48abcbb3033e3aaf87ec68c710d2a9c6158552aa1a4f37408e3f502735a724bba8a403b322f971491cdaad8e3986cb53087dff3b4460a35cc96b1093e03b3257516268c37f3880ca9aa92266b85141f50ee12be456a0eb00"})
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0)
sched_setscheduler(0x0, 0x1, &(0x7f0000000480)=0x45)
sched_setaffinity(0x0, 0x8, &(0x7f0000000100)=0x2)
r4 = syz_open_dev$MSR(&(0x7f00000001c0), 0x0, 0x0)
read$msr(r4, &(0x7f0000019680)=""/102392, 0x18ff8)
ioctl$sock_SIOCETHTOOL(0xffffffffffffffff, 0x8946, 0x0)
r5 = socket$inet_tcp(0x2, 0x1, 0x0)
bind$inet(r5, &(0x7f0000000000)={0x2, 0x4e21, @broadcast}, 0x2f)
connect$inet(r5, &(0x7f0000000180)={0x2, 0x4e21, @dev={0xac, 0x14, 0x14, 0x1b}}, 0x10)
sendto$inet(r5, &(0x7f0000000000), 0xffffffffffffff94, 0x0, 0x0, 0x0)
setsockopt$inet_tcp_TCP_CONGESTION(r5, 0x6, 0xd, &(0x7f0000000040)='hybla', 0x5)
recvfrom$inet(r5, &(0x7f0000000080)=""/8, 0xfffffffffffffd0b, 0x720, 0x0, 0xfffffffffffffd25)
socket(0xd, 0x0, 0x3ff)
connect$inet(0xffffffffffffffff, &(0x7f0000000300)={0x2, 0x0, @remote}, 0x10)
geteuid()

2.395331474s ago: executing program 4 (id=638):
mkdirat(0xffffffffffffff9c, &(0x7f0000000340)='./file1\x00', 0x0)
mkdirat(0xffffffffffffff9c, &(0x7f00000000c0)='./file3\x00', 0x0)
mkdirat(0xffffffffffffff9c, &(0x7f0000000240)='./file2\x00', 0x207)
socket$nl_generic(0x10, 0x3, 0x10)
r0 = socket$netlink(0x10, 0x3, 0x0)
socket$inet6_sctp(0xa, 0x5, 0x84)
syz_io_uring_setup(0x8d2, 0x0, 0x0, &(0x7f0000000080), &(0x7f0000000000))
io_uring_setup(0x30aa, 0x0)
openat$binderfs(0xffffffffffffff9c, &(0x7f0000000380)='./binderfs/binder0\x00', 0x800, 0x0)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
prlimit64(0x0, 0xe, &(0x7f0000000380)={0x8, 0x100008b}, 0x0)
sched_setscheduler(0x0, 0x1, &(0x7f0000000000)=0x7)
accept4(r0, &(0x7f0000000140)=@phonet, 0x0, 0x800)
r1 = syz_open_dev$sndmidi(&(0x7f0000000240), 0x2, 0x40102)
writev(r1, &(0x7f0000000840)=[{&(0x7f00000002c0)="94", 0xf000}, {0x0}], 0x2f)
syz_open_dev$sndmidi(0x0, 0x2, 0x141102)
r2 = openat$comedi(0xffffff9c, &(0x7f0000000040)='/dev/comedi2\x00', 0xa400, 0x0)
ioctl$COMEDI_DEVCONFIG(r2, 0x40946400, &(0x7f0000000140)={'c6xdigio\x00', [0x9e0, 0x5, 0xfffffffe, 0x0, 0x8, 0x0, 0x5, 0x10, 0x1004, 0xffffffff, 0x1, 0x5, 0x347, 0x1, 0x4007, 0x7ff8, 0xf02, 0x3, 0x3, 0x1, 0x100, 0x6, 0x6, 0x80007, 0x5, 0x1, 0xb0c4, 0x7df, 0x9, 0x410007, 0x4]})
mount$overlay(0x0, &(0x7f0000000100)='./file0\x00', &(0x7f0000000000), 0x0, &(0x7f00000000c0)={[{@workdir={'workdir', 0x3d, './file0'}}, {@lowerdir={'lowerdir', 0x3d, '.'}}, {@upperdir={'upperdir', 0x3d, './file2'}}], [], 0x2c})
r3 = openat$dir(0xffffffffffffff9c, &(0x7f0000000000)='./file0/file1\x00', 0x20400, 0x20)
setxattr$security_capability(&(0x7f0000000380)='./file0/file1\x00', &(0x7f00000001c0), 0x0, 0x0, 0x3)
fdatasync(r3)
fdatasync(r3)
getresuid(&(0x7f0000000100), &(0x7f0000000180), &(0x7f00000001c0))
syz_open_dev$usbfs(&(0x7f0000000080), 0xf, 0x8041)
timer_create(0x0, &(0x7f00000000c0)={0x0, 0x21, 0x2}, &(0x7f0000000300)=<r4=>0x0)
fcntl$lock(0xffffffffffffffff, 0x7, &(0x7f0000000040)={0x0, 0x0, 0x8000, 0x3ff})
mprotect(&(0x7f0000000000/0xf000)=nil, 0xf000, 0x9)
timer_settime(r4, 0x1, &(0x7f0000000040)={{0x77359400}}, 0x0)

2.314552588s ago: executing program 4 (id=639):
seccomp$SECCOMP_SET_MODE_FILTER_LISTENER(0x1, 0x0, &(0x7f00000000c0)={0x0, 0x0})
sendmsg$IPVS_CMD_ZERO(0xffffffffffffffff, 0x0, 0xc114)
r0 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000840)={0x18, 0x3, &(0x7f0000000280)=ANY=[@ANYRES64], &(0x7f0000000000)='GPL\x00', 0x2, 0xba, &(0x7f0000000140)=""/186, 0x41000, 0x2b, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x37}, 0x94)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0)
sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x7)
r1 = getpid()
sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2)
sched_setscheduler(r1, 0x2, &(0x7f0000000200)=0x6)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeef, 0x8031, 0xffffffffffffffff, 0x0)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={<r2=>0xffffffffffffffff, <r3=>0xffffffffffffffff})
connect$unix(r2, &(0x7f000057eff8)=@file={0x0, './file0\x00'}, 0x6e)
sendmmsg$unix(r3, &(0x7f0000000000), 0x400000000000041, 0x0)
sched_setaffinity(r1, 0x8, &(0x7f0000000240)=0x2)
recvmmsg(r2, &(0x7f0000000040), 0x80002c1, 0x2, 0x0)
r4 = fsopen(&(0x7f0000000040)='ocfs2_dlmfs\x00', 0x0)
fsconfig$FSCONFIG_CMD_CREATE(r4, 0x8, 0x0, 0x0, 0x4000)
bpf$MAP_CREATE(0x0, 0x0, 0x0)
fsconfig$FSCONFIG_SET_STRING(0xffffffffffffffff, 0x1, &(0x7f0000000000)='source', &(0x7f00000000c0)='%(:2', 0x0)
r5 = fsopen(&(0x7f0000000040)='afs\x00', 0x0)
fsconfig$FSCONFIG_SET_STRING(r5, 0x1, &(0x7f0000000000)='source', &(0x7f0000000180)='%(,c\xbe\xfbL:', 0x0)
socket$inet_tcp(0x2, 0x1, 0x0)
unshare(0x6a040000)
r6 = openat$6lowpan_enable(0xffffffffffffff9c, &(0x7f0000000340), 0x2, 0x0)
fsetxattr$trusted_overlay_origin(r0, &(0x7f0000000100), &(0x7f0000000300), 0x2, 0x2)
sendmsg$nl_generic(0xffffffffffffffff, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000180)={&(0x7f0000000080)=ANY=[@ANYRES64=r6], 0x38}}, 0x4000000)
kexec_load(0x0, 0x1, &(0x7f0000000000)=[{0x0, 0x1f, 0x7ffdd000, 0x8000}], 0x320000)
writev(r6, &(0x7f0000000540)=[{&(0x7f0000001680)='0', 0x1}, {&(0x7f00000007c0)}], 0x2)

2.141521793s ago: executing program 3 (id=640):
socket$nl_route(0x10, 0x3, 0x0)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x1, 0x0)
bpf$BPF_BTF_LOAD(0x12, &(0x7f00000006c0)={&(0x7f0000000500)=ANY=[@ANYBLOB="9feb01001800000000000000fc000000fc000000080000000e0000000000000200000000010000000000000700000000000000000700000d000000000b00000005000000080000000000000009000000030000000a0000000000000101000000000000000b000000030000000c000000020000000d0000000000000e04000000020000001000000004000004070000000e000000020000005d0300000e000000040000000010000006000000040000000700000005000000050000000f0000000300000004000085390100000a00000000000000060000000c00000000000000ff0100000c00000004000000050000000400000002000000050000000d0000000000000a01000000060000000000000c0200000000615f5f76613000"], &(0x7f0000000300)=""/6, 0x11c, 0x6, 0x1, 0x9}, 0x28)
sendmsg$nl_route_sched(0xffffffffffffffff, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000000040)={&(0x7f00000000c0)=@newtaction={0xa4, 0x30, 0x1, 0xfffffffd, 0x0, {}, [{0x90, 0x1, [@m_ct={0x44, 0xf, 0x0, 0x0, {{0x7}, {0x1c, 0x2, 0x0, 0x1, [@TCA_CT_PARMS={0x18, 0x1, {0x9, 0x11e41e7a, 0x20000000, 0x3, 0xf}}]}, {0x4}, {0xc, 0x7, {0x0, 0x1}}, {0xc, 0x8, {0x0, 0x1}}}}, @m_ife={0x48, 0x1, 0x0, 0x0, {{0x8}, {0x20, 0x2, 0x0, 0x1, [@TCA_IFE_PARMS={0xd6, 0x1, {{0x0, 0x9, 0x0, 0x0, 0x16e}, 0x80}}]}, {0x4}, {0xc}, {0xc, 0x8, {0x2, 0x2}}}}]}]}, 0xa4}, 0x1, 0x0, 0x0, 0x804}, 0x0)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000380)=0x34)
r0 = getpid()
sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x10000000000002)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeef, 0x8031, 0xffffffffffffffff, 0x0)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={<r1=>0xffffffffffffffff, <r2=>0xffffffffffffffff})
connect$unix(r1, &(0x7f000057eff8)=@file={0x0, './file0\x00'}, 0x6e)
sendmmsg$unix(r2, &(0x7f0000000000), 0x914, 0x80)
sched_setaffinity(r0, 0x8, &(0x7f0000000240)=0x2)
recvmmsg(r1, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
socket$netlink(0x10, 0x3, 0x15)
bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xb, &(0x7f0000000840)=ANY=[@ANYBLOB="18000000000000000000000000000000180100002020702500000000002020207b1af8ff00000000bfa100000000000007010000f8ffffffb702000008000000b703000000000000850000007100000095"], &(0x7f0000000200)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback=0x1e, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7}, 0x94)
pipe(0x0)
r3 = socket$inet6_tcp(0xa, 0x1, 0x0)
sendmsg$nl_generic(0xffffffffffffffff, &(0x7f0000000040)={0x0, 0x0, &(0x7f0000000180)={&(0x7f00000001c0)=ANY=[@ANYBLOB="200000002c00070165fa00000000000001000000080001800400060004000235daf92a657dce"], 0x20}, 0x1, 0x0, 0x0, 0xc000}, 0xc010)
bind$inet6(r3, &(0x7f0000000000)={0xa, 0x8000002}, 0x1c)
sendto$inet6(r3, 0x0, 0x0, 0x22004001, &(0x7f0000b63fe4)={0xa, 0x2, 0x0, @loopback}, 0x1c)
r4 = openat$vicodec1(0xffffffffffffff9c, &(0x7f0000000000), 0x2, 0x0)
preadv(r4, &(0x7f00000000c0)=[{&(0x7f0000000040)=""/98, 0x62}], 0x1, 0x0, 0x0)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0)
getpid()
listen(0xffffffffffffffff, 0xfffffffa)
sendmsg$inet_sctp(0xffffffffffffffff, 0x0, 0x20028cc5)

2.133086625s ago: executing program 0 (id=641):
socket$nl_netfilter(0x10, 0x3, 0xc)
r0 = syz_usb_connect$rtl8150(0x3, 0x3f, &(0x7f0000000140)={{0x12, 0x1, 0x200, 0xff, 0xff, 0xff, 0x40, 0xbda, 0x8150, 0x0, 0x1, 0x2, 0x3, 0x1, [{{0x9, 0x2, 0x2d}}]}}, 0x0)
madvise(&(0x7f0000000000/0x800000)=nil, 0x800000, 0xe)
madvise(&(0x7f0000000000/0xc00000)=nil, 0xc00000, 0x16)
mremap(&(0x7f0000ffc000/0x4000)=nil, 0x4000, 0x600000, 0x3, &(0x7f0000a00000/0x600000)=nil)
syz_usb_control_io$rtl8150(r0, 0x0, 0x0)
r1 = userfaultfd(0x801)
madvise(&(0x7f0000000000/0x600000)=nil, 0x600000, 0x4)
ioctl$UFFDIO_API(r1, 0xc018aa3f, &(0x7f00000000c0)={0xaa, 0x80})
ioctl$UFFDIO_REGISTER(r1, 0xc020aa00, &(0x7f0000000080)={{&(0x7f00000e2000/0xc00000)=nil, 0xc00000}, 0x2})
ioctl$UFFDIO_COPY(r1, 0xc028aa05, &(0x7f0000000180)={&(0x7f00002b9000/0x400000)=nil, &(0x7f00003ab000/0x2000)=nil, 0x400000, 0x2, 0x2})
r2 = socket$nl_netfilter(0x10, 0x3, 0xc)
sendmsg$NFT_BATCH(0xffffffffffffffff, &(0x7f0000000180)={&(0x7f0000000000)={0x10, 0x0, 0x0, 0x4}, 0xc, &(0x7f0000000140)={&(0x7f0000000040)={{0x14, 0x10, 0x1, 0x0, 0x0, {0xa}}, [@NFT_MSG_NEWSET={0xd0, 0x9, 0xa, 0x301, 0x0, 0x0, {0x0, 0x0, 0x1}, [@NFTA_SET_DESC={0xc, 0x9, 0x0, 0x1, [@NFTA_SET_DESC_SIZE={0x8, 0x1, 0x1, 0x0, 0x1}]}, @NFTA_SET_DATA_LEN={0x8, 0x7, 0x1, 0x0, 0x4}, @NFTA_SET_KEY_TYPE={0x8, 0x4, 0x1, 0x0, 0x1}, @NFTA_SET_DESC={0x14, 0x9, 0x0, 0x1, [@NFTA_SET_DESC_SIZE={0x8, 0x1, 0x1, 0x0, 0x9}, @NFTA_SET_DESC_SIZE={0x8, 0x1, 0x1, 0x0, 0x3}]}, @NFTA_SET_EXPRESSIONS={0x8c, 0x12, 0x0, 0x1, [{0x14, 0x1, 0x0, 0x1, @synproxy={{0xd}, @void}}, {0x3c, 0x1, 0x0, 0x1, @queue={{0xa}, @val={0x2c, 0x2, 0x0, 0x1, [@NFTA_QUEUE_TOTAL={0x6, 0x2, 0x1, 0x0, 0x5}, @NFTA_QUEUE_TOTAL={0x6, 0x2, 0x1, 0x0, 0xbf0}, @NFTA_QUEUE_NUM={0x6, 0x1, 0x1, 0x0, 0x2}, @NFTA_QUEUE_FLAGS={0x6}, @NFTA_QUEUE_FLAGS={0x6, 0x3, 0x1, 0x0, 0x1}]}}}, {0x38, 0x1, 0x0, 0x1, @fwd={{0x8}, @val={0x2c, 0x2, 0x0, 0x1, [@NFTA_FWD_SREG_ADDR={0x8, 0x2, 0x1, 0x0, 0x15}, @NFTA_FWD_SREG_DEV={0x8, 0x1, 0x1, 0x0, 0x9}, @NFTA_FWD_SREG_DEV={0x8, 0x1, 0x1, 0x0, 0xa}, @NFTA_FWD_SREG_DEV={0x8, 0x1, 0x1, 0x0, 0x9}, @NFTA_FWD_NFPROTO={0x8, 0x3, 0x1, 0x0, 0xa}]}}}]}]}], {0x14, 0x11, 0x1, 0x0, 0x0, {0x1}}}, 0xf8}, 0x1, 0x0, 0x0, 0x80}, 0x10)
sendmsg$IPSET_CMD_DESTROY(r2, &(0x7f0000001640)={0x0, 0x0, &(0x7f0000001600)={&(0x7f0000001580)={0x28, 0x3, 0x6, 0x5, 0x0, 0x0, {0xa, 0x0, 0x5}, [@IPSET_ATTR_SETNAME={0x9, 0x2, 'syz1\x00'}, @IPSET_ATTR_PROTOCOL={0x5}]}, 0x28}, 0x1, 0x0, 0x0, 0x40}, 0x14)

28.307481ms ago: executing program 2 (id=642):
socket$packet(0x11, 0x3, 0x300) (async)
socket$packet(0x11, 0x3, 0x300)
socket$packet(0x11, 0x2, 0x300)
r0 = openat(0xffffffffffffffff, &(0x7f0000000380)='./cgroup.cpu/cgroup.procs\x00', 0x0, 0x0)
openat$sequencer2(0xffffffffffffff9c, &(0x7f0000000080), 0x0, 0x0)
bpf$MAP_CREATE(0x0, 0x0, 0x50)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0) (async)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
prlimit64(0x0, 0xe, &(0x7f0000000380)={0x8, 0x100008b}, 0x0)
syz_io_uring_setup(0x45, &(0x7f0000000300)={0x0, 0xf20f, 0x40, 0x2, 0x1b}, &(0x7f0000000100), &(0x7f00000000c0), &(0x7f0000000000))
sched_setscheduler(0x0, 0x6, &(0x7f0000000000)=0x7)
r1 = syz_open_dev$sndmidi(&(0x7f00000004c0), 0x2, 0x143102)
writev(r1, &(0x7f0000000840)=[{&(0x7f00000002c0)="94", 0xf000}, {0x0}], 0x2) (async)
writev(r1, &(0x7f0000000840)=[{&(0x7f00000002c0)="94", 0xf000}, {0x0}], 0x2)
socket$nl_route(0x10, 0x3, 0x0)
socket$nl_netfilter(0x10, 0x3, 0xc)
r2 = socket$kcm(0xa, 0x1, 0x106)
sendmsg$kcm(r2, &(0x7f0000000140)={0x0, 0x0, 0x0}, 0x20000011)
sendmsg$kcm(r2, &(0x7f0000000780)={&(0x7f0000000000)=@in6={0xa, 0xfffe, 0x0, @ipv4={'\x00', '\xff\xff', @remote}, 0x2}, 0x80, 0x0}, 0xe07e872420dfefca)
sendmsg$nl_generic(0xffffffffffffffff, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000180)={&(0x7f0000003580)=ANY=[@ANYBLOB="20000000240000012ebd7000fbdbdf25027c00000cb9fd72c32d9e5e2fa29c79"], 0x20}, 0x1, 0x0, 0x0, 0x4048011}, 0x8010)
r3 = socket$nl_rdma(0x10, 0x3, 0x14)
sendmsg$RDMA_NLDEV_CMD_NEWLINK(r3, &(0x7f0000000240)={0x0, 0x0, &(0x7f0000000200)={&(0x7f0000000080)=ANY=[@ANYBLOB="38000000031401002cbd7000fcdbdf250900020073797a32000000000800410073697700140033006c6f"], 0x38}, 0x1, 0x0, 0x0, 0x8040044}, 0x810)
sendmsg$RDMA_NLDEV_CMD_DELLINK(r3, &(0x7f00000002c0)={0x0, 0x0, &(0x7f0000000280)={&(0x7f00000015c0)=ANY=[@ANYBLOB="18000000041401002dbd7000fedbdf250800010000000000ba30b28e994c1a08786eb807e0000000000000000000009fe70ba83a7a66e67a0bae5cfaccbbb81e28d7b568da", @ANYRESHEX, @ANYRESOCT], 0x18}, 0x1, 0x0, 0x0, 0x671ec167a4b72164}, 0x0) (async)
sendmsg$RDMA_NLDEV_CMD_DELLINK(r3, &(0x7f00000002c0)={0x0, 0x0, &(0x7f0000000280)={&(0x7f00000015c0)=ANY=[@ANYBLOB="18000000041401002dbd7000fedbdf250800010000000000ba30b28e994c1a08786eb807e0000000000000000000009fe70ba83a7a66e67a0bae5cfaccbbb81e28d7b568da", @ANYRESHEX, @ANYRESOCT], 0x18}, 0x1, 0x0, 0x0, 0x671ec167a4b72164}, 0x0)
sendmsg$NFT_BATCH(r0, &(0x7f00000000c0)={0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x4848}, 0x0)
ioctl$KVM_XEN_HVM_CONFIG(0xffffffffffffffff, 0x4038ae7a, &(0x7f0000000100)={0x0, 0x642, 0x0, 0x0})
openat$kvm(0xffffffffffffff9c, &(0x7f0000000200), 0x0, 0x0) (async)
r4 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000200), 0x0, 0x0)
r5 = ioctl$KVM_CREATE_VM(r4, 0xae01, 0x0)
ioctl$KVM_CREATE_VCPU(r5, 0xae41, 0x0) (async)
r6 = ioctl$KVM_CREATE_VCPU(r5, 0xae41, 0x0)
ioctl$KVM_SET_USER_MEMORY_REGION(r5, 0x4020ae46, &(0x7f0000000180)={0x0, 0x0, 0x0, 0x2000, &(0x7f0000000000/0x2000)=nil}) (async)
ioctl$KVM_SET_USER_MEMORY_REGION(r5, 0x4020ae46, &(0x7f0000000180)={0x0, 0x0, 0x0, 0x2000, &(0x7f0000000000/0x2000)=nil})
ioctl$KVM_SET_REGS(r6, 0x4090ae82, &(0x7f00000003c0)={[0x60000000004, 0x1000000000, 0x5, 0x41, 0x2000000, 0x0, 0x2004cc, 0x0, 0xa1b, 0x8, 0x5, 0x0, 0x3, 0x2], 0x10000, 0x202})
ioctl$KVM_SET_SREGS(r6, 0x4138ae84, &(0x7f0000000100)={{0x100000, 0xdddd1000, 0x0, 0x2, 0x81, 0x10, 0x3, 0x7, 0x0, 0x8, 0x9}, {0x8080000, 0x10000, 0xc, 0x0, 0x2, 0x0, 0xfd, 0x0, 0x7, 0xbf}, {0xb000, 0x8080000, 0xc, 0x0, 0x27, 0xc4, 0x0, 0x0, 0x8, 0x3, 0x40, 0x3}, {0xeeef0000, 0x33331000, 0x18592cbc7c573fc6, 0x9, 0x1, 0x9, 0x9, 0xd, 0x8, 0xf, 0x4}, {0x80a0000, 0xeeee8000, 0xb, 0x0, 0x0, 0x6, 0x0, 0x0, 0x0, 0x3f, 0x6}, {0xb000, 0x0, 0x9, 0x76, 0x2, 0x1, 0x2, 0x80, 0x0, 0xff, 0x6}, {0xeeee8000, 0xeeee0000, 0x3, 0x4, 0x3, 0x0, 0xa1, 0x20, 0x0, 0x0, 0x4}, {0x2, 0x50000, 0xc, 0x3, 0x0, 0x7, 0x9, 0x40, 0x26, 0x0, 0x0, 0x2}, {0x80a0000, 0x8cc}, {0x40000, 0x80f3}, 0xddf8ffd3, 0x0, 0x0, 0x110, 0xe, 0xf001, 0xd000, [0x80000004, 0x0, 0x10000, 0xfffffffffffdffff]}) (async)
ioctl$KVM_SET_SREGS(r6, 0x4138ae84, &(0x7f0000000100)={{0x100000, 0xdddd1000, 0x0, 0x2, 0x81, 0x10, 0x3, 0x7, 0x0, 0x8, 0x9}, {0x8080000, 0x10000, 0xc, 0x0, 0x2, 0x0, 0xfd, 0x0, 0x7, 0xbf}, {0xb000, 0x8080000, 0xc, 0x0, 0x27, 0xc4, 0x0, 0x0, 0x8, 0x3, 0x40, 0x3}, {0xeeef0000, 0x33331000, 0x18592cbc7c573fc6, 0x9, 0x1, 0x9, 0x9, 0xd, 0x8, 0xf, 0x4}, {0x80a0000, 0xeeee8000, 0xb, 0x0, 0x0, 0x6, 0x0, 0x0, 0x0, 0x3f, 0x6}, {0xb000, 0x0, 0x9, 0x76, 0x2, 0x1, 0x2, 0x80, 0x0, 0xff, 0x6}, {0xeeee8000, 0xeeee0000, 0x3, 0x4, 0x3, 0x0, 0xa1, 0x20, 0x0, 0x0, 0x4}, {0x2, 0x50000, 0xc, 0x3, 0x0, 0x7, 0x9, 0x40, 0x26, 0x0, 0x0, 0x2}, {0x80a0000, 0x8cc}, {0x40000, 0x80f3}, 0xddf8ffd3, 0x0, 0x0, 0x110, 0xe, 0xf001, 0xd000, [0x80000004, 0x0, 0x10000, 0xfffffffffffdffff]})
ioctl$KVM_RUN(r6, 0xae80, 0x0) (async)
ioctl$KVM_RUN(r6, 0xae80, 0x0)
socket$inet_sctp(0x2, 0x5, 0x84) (async)
socket$inet_sctp(0x2, 0x5, 0x84)

0s ago: executing program 4 (id=643):
r0 = socket(0xa, 0x80000, 0x800000ff)
openat$uinput(0xffffffffffffff9c, &(0x7f0000000000), 0x2, 0x0)
socket$nl_netfilter(0x10, 0x3, 0xc)
socket$nl_netfilter(0x10, 0x3, 0xc)
openat(0xffffffffffffff9c, &(0x7f000000c380)='./file0\x00', 0x40, 0x0)
openat$fuse(0xffffffffffffff9c, &(0x7f0000002080), 0x42, 0x0)
socket(0x200000100000011, 0x3, 0x0)
fsopen(&(0x7f0000000080)='cgroup2\x00', 0x0)
r1 = socket$igmp(0x2, 0x3, 0x2)
r2 = socket$nl_generic(0x10, 0x3, 0x10)
r3 = getpid()
socket$unix(0x1, 0x1, 0x0)
r4 = openat$binderfs(0xffffffffffffff9c, &(0x7f0000000380)='./binderfs/binder1\x00', 0x0, 0x0)
ioctl$BINDER_SET_CONTEXT_MGR_EXT(r4, 0x4018620d, &(0x7f0000000240)={0x73622a85, 0x0, 0x8000000000005})
r5 = socket$nl_netfilter(0x10, 0x3, 0xc)
sendmsg$IPSET_CMD_CREATE(r5, &(0x7f0000000100)={0x0, 0x0, &(0x7f0000000340)={&(0x7f00000004c0)=ANY=[@ANYBLOB="50000000020601030a0000000000000000000000100003006269746d61703a706f72740005000400000000003000000000050001000700000005000100060000000500050007000000"], 0x50}}, 0x0)
syz_usb_control_io$hid(0xffffffffffffffff, 0x0, 0x0)
syz_usb_control_io$printer(0xffffffffffffffff, &(0x7f0000000180)={0x14, 0x0, 0x0}, 0x0)
sendmsg$IPSET_CMD_CREATE(0xffffffffffffffff, &(0x7f0000001240)={0x0, 0x0, &(0x7f0000000080)={&(0x7f0000000140)=ANY=[@ANYBLOB="34000000090605000a00000000000000000000000900020073797a300000000005000100060000000c00078006000440", @ANYRES16=r1], 0x34}, 0x1, 0x0, 0x0, 0x8000}, 0x0)
openat$fuse(0xffffffffffffff9c, &(0x7f00000000c0), 0x2, 0x0)
syz_pidfd_open(r3, 0x0)
r6 = socket$nl_generic(0x10, 0x3, 0x10)
r7 = syz_genetlink_get_family_id$nl80211(&(0x7f0000000040), 0xffffffffffffffff)
ioctl$sock_SIOCGIFINDEX_80211(r1, 0x8933, &(0x7f0000000000)={'wlan0\x00', <r8=>0x0})
sendmsg$NL80211_CMD_FRAME(r2, &(0x7f0000000240)={0x0, 0x0, &(0x7f0000000200)={&(0x7f0000000400)=ANY=[@ANYBLOB='<\x00\x00\x00', @ANYRES16=r7, @ANYBLOB="010000000000000000003b00000008000300", @ANYRES32=r8, @ANYBLOB="1f003300d000000008021100000108021100000050505050505000001502", @ANYRES8=r6], 0x3c}, 0x1, 0x0, 0x0, 0x8800}, 0x10)
socket$nl_netfilter(0x10, 0x3, 0xc)
recvmmsg(r0, &(0x7f0000000080)=[{{0x0, 0x0, 0x0}, 0x8e0f}], 0x1, 0x40010142, 0x0)

kernel console output (not intermixed with test programs):

Warning: Permanently added '[localhost]:49098' (ED25519) to the list of known hosts.
[   48.008172][ T5682] cgroup: Unknown subsys name 'net'
[   48.159384][ T5682] cgroup: Unknown subsys name 'cpuset'
[   48.165863][ T5682] cgroup: Unknown subsys name 'rlimit'
Setting up swapspace version 1, size = 127995904 bytes
[   49.155753][ T5682] Adding 124996k swap on ./swap-file.  Priority:0 extents:1 across:124996k 
[   52.997874][ T5753] Bluetooth: hci1: unexpected cc 0x0c03 length: 249 > 1
[   53.003070][ T5756] Bluetooth: hci0: unexpected cc 0x0c03 length: 249 > 1
[   53.003927][ T5753] Bluetooth: hci1: unexpected cc 0x1003 length: 249 > 9
[   53.006911][ T5754] Bluetooth: hci2: unexpected cc 0x0c03 length: 249 > 1
[   53.007504][ T5755] Bluetooth: hci3: unexpected cc 0x0c03 length: 249 > 1
[   53.007887][ T5756] Bluetooth: hci0: unexpected cc 0x1003 length: 249 > 9
[   53.008816][ T5756] Bluetooth: hci0: unexpected cc 0x1001 length: 249 > 9
[   53.009880][ T5753] Bluetooth: hci1: unexpected cc 0x1001 length: 249 > 9
[   53.010135][ T5755] Bluetooth: hci3: unexpected cc 0x1003 length: 249 > 9
[   53.010183][ T5756] Bluetooth: hci0: unexpected cc 0x0c23 length: 249 > 4
[   53.011198][ T5755] Bluetooth: hci3: unexpected cc 0x1001 length: 249 > 9
[   53.011289][ T5756] Bluetooth: hci0: unexpected cc 0x0c38 length: 249 > 2
[   53.016650][ T5754] Bluetooth: hci2: unexpected cc 0x1003 length: 249 > 9
[   53.016803][ T5755] Bluetooth: hci3: unexpected cc 0x0c23 length: 249 > 4
[   53.020967][ T5754] Bluetooth: hci2: unexpected cc 0x1001 length: 249 > 9
[   53.024169][ T5755] Bluetooth: hci3: unexpected cc 0x0c38 length: 249 > 2
[   53.024233][ T5753] Bluetooth: hci1: unexpected cc 0x0c23 length: 249 > 4
[   53.026417][ T5753] Bluetooth: hci1: unexpected cc 0x0c38 length: 249 > 2
[   53.027849][ T5754] Bluetooth: hci2: unexpected cc 0x0c23 length: 249 > 4
[   53.029106][ T5754] Bluetooth: hci2: unexpected cc 0x0c38 length: 249 > 2
[   53.645546][ T5739] bridge0: port 1(bridge_slave_0) entered blocking state
[   53.648513][ T5739] bridge0: port 1(bridge_slave_0) entered disabled state
[   53.650977][ T5739] bridge_slave_0: entered allmulticast mode
[   53.653817][ T5739] bridge_slave_0: entered promiscuous mode
[   53.666055][ T5739] bridge0: port 2(bridge_slave_1) entered blocking state
[   53.668506][ T5739] bridge0: port 2(bridge_slave_1) entered disabled state
[   53.671105][ T5739] bridge_slave_1: entered allmulticast mode
[   53.674404][ T5739] bridge_slave_1: entered promiscuous mode
[   53.693047][ T5741] bridge0: port 1(bridge_slave_0) entered blocking state
[   53.695495][ T5741] bridge0: port 1(bridge_slave_0) entered disabled state
[   53.697850][ T5741] bridge_slave_0: entered allmulticast mode
[   53.700630][ T5741] bridge_slave_0: entered promiscuous mode
[   53.747655][ T5741] bridge0: port 2(bridge_slave_1) entered blocking state
[   53.750570][ T5741] bridge0: port 2(bridge_slave_1) entered disabled state
[   53.753135][ T5741] bridge_slave_1: entered allmulticast mode
[   53.756438][ T5741] bridge_slave_1: entered promiscuous mode
[   53.767773][ T5739] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link
[   53.787052][ T5743] bridge0: port 1(bridge_slave_0) entered blocking state
[   53.789814][ T5743] bridge0: port 1(bridge_slave_0) entered disabled state
[   53.792458][ T5743] bridge_slave_0: entered allmulticast mode
[   53.796209][ T5743] bridge_slave_0: entered promiscuous mode
[   53.807146][ T5739] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link
[   53.819255][ T5740] bridge0: port 1(bridge_slave_0) entered blocking state
[   53.821960][ T5740] bridge0: port 1(bridge_slave_0) entered disabled state
[   53.825663][ T5740] bridge_slave_0: entered allmulticast mode
[   53.829817][ T5740] bridge_slave_0: entered promiscuous mode
[   53.835025][ T5743] bridge0: port 2(bridge_slave_1) entered blocking state
[   53.837523][ T5743] bridge0: port 2(bridge_slave_1) entered disabled state
[   53.839969][ T5743] bridge_slave_1: entered allmulticast mode
[   53.842883][ T5743] bridge_slave_1: entered promiscuous mode
[   53.854521][ T5741] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link
[   53.870990][ T5740] bridge0: port 2(bridge_slave_1) entered blocking state
[   53.873477][ T5740] bridge0: port 2(bridge_slave_1) entered disabled state
[   53.876879][ T5740] bridge_slave_1: entered allmulticast mode
[   53.880676][ T5740] bridge_slave_1: entered promiscuous mode
[   53.890746][ T5741] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link
[   53.905291][ T5739] team0: Port device team_slave_0 added
[   53.925349][ T5743] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link
[   53.935960][ T5739] team0: Port device team_slave_1 added
[   53.951438][ T5743] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link
[   53.962079][ T5741] team0: Port device team_slave_0 added
[   53.965544][ T5741] team0: Port device team_slave_1 added
[   53.974304][ T5740] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link
[   53.991781][ T5739] batman_adv: batadv0: Adding interface: batadv_slave_0
[   53.994623][ T5739] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1532 would solve the problem.
[   54.003643][ T5739] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active
[   54.009590][ T5740] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link
[   54.013927][ T5743] team0: Port device team_slave_0 added
[   54.022553][ T5739] batman_adv: batadv0: Adding interface: batadv_slave_1
[   54.024943][ T5739] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1532 would solve the problem.
[   54.033302][ T5739] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active
[   54.045044][ T5743] team0: Port device team_slave_1 added
[   54.047238][ T5741] batman_adv: batadv0: Adding interface: batadv_slave_0
[   54.049559][ T5741] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1532 would solve the problem.
[   54.057735][ T5741] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active
[   54.082602][ T5741] batman_adv: batadv0: Adding interface: batadv_slave_1
[   54.085246][ T5741] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1532 would solve the problem.
[   54.093259][ T5741] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active
[   54.098433][ T5740] team0: Port device team_slave_0 added
[   54.107956][ T5740] team0: Port device team_slave_1 added
[   54.127772][ T5743] batman_adv: batadv0: Adding interface: batadv_slave_0
[   54.130346][ T5743] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1532 would solve the problem.
[   54.138436][ T5743] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active
[   54.143248][ T5743] batman_adv: batadv0: Adding interface: batadv_slave_1
[   54.145401][ T5743] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1532 would solve the problem.
[   54.153317][ T5743] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active
[   54.172039][ T5740] batman_adv: batadv0: Adding interface: batadv_slave_0
[   54.174334][ T5740] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1532 would solve the problem.
[   54.182574][ T5740] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active
[   54.187232][ T5740] batman_adv: batadv0: Adding interface: batadv_slave_1
[   54.189626][ T5740] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1532 would solve the problem.
[   54.198105][ T5740] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active
[   54.232092][ T5739] hsr_slave_0: entered promiscuous mode
[   54.235532][ T5739] hsr_slave_1: entered promiscuous mode
[   54.247062][ T5741] hsr_slave_0: entered promiscuous mode
[   54.249172][ T5741] hsr_slave_1: entered promiscuous mode
[   54.251129][ T5741] debugfs: 'hsr0' already exists in 'hsr'
[   54.252794][ T5741] Cannot create hsr debugfs directory
[   54.271479][ T5743] hsr_slave_0: entered promiscuous mode
[   54.274923][ T5743] hsr_slave_1: entered promiscuous mode
[   54.278159][ T5743] debugfs: 'hsr0' already exists in 'hsr'
[   54.280422][ T5743] Cannot create hsr debugfs directory
[   54.308311][ T5740] hsr_slave_0: entered promiscuous mode
[   54.310631][ T5740] hsr_slave_1: entered promiscuous mode
[   54.312772][ T5740] debugfs: 'hsr0' already exists in 'hsr'
[   54.314610][ T5740] Cannot create hsr debugfs directory
[   54.577115][ T5739] netdevsim netdevsim1 netdevsim0: renamed from eth0
[   54.583848][ T5739] 8021q: adding VLAN 0 to HW filter on device netdevsim0
[   54.586696][ T5739] netdevsim netdevsim1 netdevsim1: renamed from eth1
[   54.591010][ T5739] 8021q: adding VLAN 0 to HW filter on device netdevsim1
[   54.602908][ T5739] netdevsim netdevsim1 netdevsim2: renamed from eth2
[   54.608413][ T5739] 8021q: adding VLAN 0 to HW filter on device netdevsim2
[   54.611294][ T5739] netdevsim netdevsim1 netdevsim3: renamed from eth3
[   54.616310][ T5739] 8021q: adding VLAN 0 to HW filter on device netdevsim3
[   54.647228][ T5740] netdevsim netdevsim2 netdevsim0: renamed from eth0
[   54.652868][ T5740] 8021q: adding VLAN 0 to HW filter on device netdevsim0
[   54.656098][ T5740] netdevsim netdevsim2 netdevsim1: renamed from eth1
[   54.663312][ T5740] 8021q: adding VLAN 0 to HW filter on device netdevsim1
[   54.670302][ T5740] netdevsim netdevsim2 netdevsim2: renamed from eth2
[   54.677110][ T5740] 8021q: adding VLAN 0 to HW filter on device netdevsim2
[   54.682296][ T5740] netdevsim netdevsim2 netdevsim3: renamed from eth3
[   54.687630][ T5740] 8021q: adding VLAN 0 to HW filter on device netdevsim3
[   54.756442][ T5741] netdevsim netdevsim3 netdevsim0: renamed from eth0
[   54.763035][ T5741] 8021q: adding VLAN 0 to HW filter on device netdevsim0
[   54.769375][ T5741] netdevsim netdevsim3 netdevsim1: renamed from eth1
[   54.775476][ T5741] 8021q: adding VLAN 0 to HW filter on device netdevsim1
[   54.778545][ T5741] netdevsim netdevsim3 netdevsim2: renamed from eth2
[   54.786565][ T5741] 8021q: adding VLAN 0 to HW filter on device netdevsim2
[   54.789494][ T5741] netdevsim netdevsim3 netdevsim3: renamed from eth3
[   54.794706][ T5741] 8021q: adding VLAN 0 to HW filter on device netdevsim3
[   54.879260][ T5743] netdevsim netdevsim0 netdevsim0: renamed from eth0
[   54.888038][ T5743] 8021q: adding VLAN 0 to HW filter on device netdevsim0
[   54.890980][ T5743] netdevsim netdevsim0 netdevsim1: renamed from eth1
[   54.896755][ T5743] 8021q: adding VLAN 0 to HW filter on device netdevsim1
[   54.902790][ T5743] netdevsim netdevsim0 netdevsim2: renamed from eth2
[   54.909170][ T5743] 8021q: adding VLAN 0 to HW filter on device netdevsim2
[   54.914592][ T5739] 8021q: adding VLAN 0 to HW filter on device bond0
[   54.919350][ T5743] netdevsim netdevsim0 netdevsim3: renamed from eth3
[   54.924442][ T5743] 8021q: adding VLAN 0 to HW filter on device netdevsim3
[   54.959490][ T5740] 8021q: adding VLAN 0 to HW filter on device bond0
[   54.963401][ T5739] 8021q: adding VLAN 0 to HW filter on device team0
[   54.985419][   T46] bridge0: port 1(bridge_slave_0) entered blocking state
[   54.988414][   T46] bridge0: port 1(bridge_slave_0) entered forwarding state
[   54.998178][   T12] bridge0: port 2(bridge_slave_1) entered blocking state
[   55.000647][   T12] bridge0: port 2(bridge_slave_1) entered forwarding state
[   55.006785][ T5740] 8021q: adding VLAN 0 to HW filter on device team0
[   55.025413][   T12] bridge0: port 1(bridge_slave_0) entered blocking state
[   55.027688][   T12] bridge0: port 1(bridge_slave_0) entered forwarding state
[   55.038038][   T12] bridge0: port 2(bridge_slave_1) entered blocking state
[   55.040363][   T12] bridge0: port 2(bridge_slave_1) entered forwarding state
[   55.073114][ T5741] 8021q: adding VLAN 0 to HW filter on device bond0
[   55.086472][ T5753] Bluetooth: hci1: command tx timeout
[   55.086557][ T5100] Bluetooth: hci0: command tx timeout
[   55.086770][ T5752] Bluetooth: hci3: command tx timeout
[   55.087463][ T5752] Bluetooth: hci2: command tx timeout
[   55.115775][ T5741] 8021q: adding VLAN 0 to HW filter on device team0
[   55.128303][ T1212] bridge0: port 1(bridge_slave_0) entered blocking state
[   55.130641][ T1212] bridge0: port 1(bridge_slave_0) entered forwarding state
[   55.148454][ T1212] bridge0: port 2(bridge_slave_1) entered blocking state
[   55.150966][ T1212] bridge0: port 2(bridge_slave_1) entered forwarding state
[   55.165668][ T5743] 8021q: adding VLAN 0 to HW filter on device bond0
[   55.179860][ T5743] 8021q: adding VLAN 0 to HW filter on device team0
[   55.192784][  T231] bridge0: port 1(bridge_slave_0) entered blocking state
[   55.195126][  T231] bridge0: port 1(bridge_slave_0) entered forwarding state
[   55.203272][   T13] bridge0: port 2(bridge_slave_1) entered blocking state
[   55.205590][   T13] bridge0: port 2(bridge_slave_1) entered forwarding state
[   55.432685][ T5740] 8021q: adding VLAN 0 to HW filter on device batadv0
[   55.471459][ T5740] veth0_vlan: entered promiscuous mode
[   55.481801][ T5740] veth1_vlan: entered promiscuous mode
[   55.491914][ T5739] 8021q: adding VLAN 0 to HW filter on device batadv0
[   55.498594][ T5741] 8021q: adding VLAN 0 to HW filter on device batadv0
[   55.523741][ T5740] veth0_macvtap: entered promiscuous mode
[   55.543611][ T5740] veth1_macvtap: entered promiscuous mode
[   55.558014][ T5741] veth0_vlan: entered promiscuous mode
[   55.561761][ T5739] veth0_vlan: entered promiscuous mode
[   55.576438][ T5741] veth1_vlan: entered promiscuous mode
[   55.580017][ T5739] veth1_vlan: entered promiscuous mode
[   55.585119][ T5743] 8021q: adding VLAN 0 to HW filter on device batadv0
[   55.589397][ T5740] batman_adv: batadv0: Interface activated: batadv_slave_0
[   55.601799][ T5740] batman_adv: batadv0: Interface activated: batadv_slave_1
[   55.609883][  T231] netdevsim netdevsim2 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0
[   55.624397][  T231] netdevsim netdevsim2 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0
[   55.628093][  T231] netdevsim netdevsim2 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0
[   55.634465][  T231] netdevsim netdevsim2 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0
[   55.647409][ T5741] veth0_macvtap: entered promiscuous mode
[   55.653655][ T5739] veth0_macvtap: entered promiscuous mode
[   55.666361][ T5741] veth1_macvtap: entered promiscuous mode
[   55.679700][ T5739] veth1_macvtap: entered promiscuous mode
[   55.711845][ T5741] batman_adv: batadv0: Interface activated: batadv_slave_0
[   55.712851][  T231] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[   55.717788][  T231] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50
[   55.722390][ T5739] batman_adv: batadv0: Interface activated: batadv_slave_0
[   55.729150][ T5743] veth0_vlan: entered promiscuous mode
[   55.734767][ T5741] batman_adv: batadv0: Interface activated: batadv_slave_1
[   55.749005][ T5739] batman_adv: batadv0: Interface activated: batadv_slave_1
[   55.755588][  T231] netdevsim netdevsim3 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0
[   55.763139][ T1212] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[   55.766186][  T231] netdevsim netdevsim3 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0
[   55.767146][ T1212] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50
[   55.769661][  T231] netdevsim netdevsim3 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0
[   55.774674][ T5743] veth1_vlan: entered promiscuous mode
[   55.786090][  T231] netdevsim netdevsim3 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0
[   55.788963][  T231] netdevsim netdevsim1 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0
[   55.801338][  T231] netdevsim netdevsim1 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0
[   55.804158][  T231] netdevsim netdevsim1 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0
[   55.814900][  T231] netdevsim netdevsim1 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0
[   55.845898][ T5743] veth0_macvtap: entered promiscuous mode
[   55.862635][ T5740] soft_limit_in_bytes is deprecated and will be removed. Please report your usecase to linux-mm@kvack.org if you depend on this functionality.
[   55.896756][ T5743] veth1_macvtap: entered promiscuous mode
[   55.907542][ T5743] batman_adv: batadv0: Interface activated: batadv_slave_0
[   55.913871][   T13] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[   55.920532][   T13] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50
[   55.944119][ T5743] batman_adv: batadv0: Interface activated: batadv_slave_1
[   55.956253][ T1252] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[   55.961340][ T1212] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[   55.961523][ T1252] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50
[   55.978269][ T1212] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50
[   55.985766][   T12] netdevsim netdevsim0 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0
[   55.989324][ T5890] mmap: syz.2.3 (5890) uses deprecated remap_file_pages() syscall. See Documentation/mm/remap_file_pages.rst.
[   55.990813][   T12] netdevsim netdevsim0 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0
[   56.009345][   T12] netdevsim netdevsim0 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0
[   56.013666][   T12] netdevsim netdevsim0 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0
[   56.028828][   T12] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[   56.033155][   T12] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50
[   56.087470][ T1212] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[   56.096877][ T1212] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50
[   56.140613][   T12] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[   56.144797][   T12] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50
[   57.088548][ T5920] bridge_slave_0: left allmulticast mode
[   57.091130][ T5920] bridge_slave_0: left promiscuous mode
[   57.094593][ T5920] bridge0: port 1(bridge_slave_0) entered disabled state
[   57.115409][ T5920] bridge_slave_1: left allmulticast mode
[   57.117429][ T5920] bridge_slave_1: left promiscuous mode
[   57.120600][ T5920] bridge0: port 2(bridge_slave_1) entered disabled state
[   57.135717][ T5920] bond0: (slave bond_slave_0): Releasing backup interface
[   57.148371][ T5920] bond0: (slave bond_slave_1): Releasing backup interface
[   57.165530][ T5100] Bluetooth: hci1: command tx timeout
[   57.166260][ T5920] team0: Port device team_slave_0 removed
[   57.175644][ T5744] Bluetooth: hci3: command tx timeout
[   57.178474][ T5100] Bluetooth: hci0: command tx timeout
[   57.180598][ T5753] Bluetooth: hci2: command tx timeout
[   57.188112][ T5920] team0: Port device team_slave_1 removed
[   57.191025][ T5920] batman_adv: batadv0: Interface deactivated: batadv_slave_0
[   57.193929][ T5920] batman_adv: batadv0: Removing interface: batadv_slave_0
[   57.199188][ T5920] batman_adv: batadv0: Interface deactivated: batadv_slave_1
[   57.199634][ T5924] netlink: 4 bytes leftover after parsing attributes in process `syz.3.11'.
[   57.202090][ T5920] batman_adv: batadv0: Removing interface: batadv_slave_1
[   57.210641][ T5920] A link change request failed with some changes committed already. Interface hsr_slave_0 may have been left with an inconsistent configuration, please check.
[   57.229678][ T5923] team0: Mode changed to "activebackup"
[   57.236955][ T5925] vlan0: entered promiscuous mode
[   57.828078][ T5946] =======================================================
[   57.828078][ T5946] WARNING: The mand mount option has been deprecated and
[   57.828078][ T5946]          and is ignored by this kernel. Remove the mand
[   57.828078][ T5946]          option from the mount to silence this warning.
[   57.828078][ T5946] =======================================================
[   59.247108][ T5744] Bluetooth: hci2: command tx timeout
[   59.248704][ T5744] Bluetooth: hci3: command tx timeout
[   59.250580][ T5100] Bluetooth: hci0: command tx timeout
[   61.325693][ T5100] Bluetooth: hci2: command tx timeout
[   61.327527][ T5100] Bluetooth: hci3: command 0x0419 tx timeout
[   61.329570][ T5744] Bluetooth: hci0: command tx timeout
[   62.518529][ T5991] netlink: 8 bytes leftover after parsing attributes in process `syz.3.25'.
[   62.856192][ T5753] Bluetooth: hci1: Controller not accepting commands anymore: ncmd = 0
[   62.859328][ T5753] Bluetooth: hci1: Injecting HCI hardware error event
[   62.862630][ T5100] Bluetooth: hci1: hardware error 0x00
[   63.025907][   T29] usb 5-1: new high-speed USB device number 2 using dummy_hcd
[   63.084690][ T5991] ALSA: mixer_oss: invalid OSS volume ''
[   63.100310][ T1252] Bluetooth: (null): Invalid header checksum
[   63.182002][   T12] Bluetooth: (null): Invalid header checksum
[   63.275122][   T12] Bluetooth: (null): Invalid header checksum
[   63.275820][   T29] usb 5-1: Using ep0 maxpacket: 8
[   63.294408][   T29] usb 5-1: unable to get BOS descriptor or descriptor too short
[   63.318039][   T29] usb 5-1: New USB device found, idVendor=0582, idProduct=0089, bcdDevice= 0.40
[   63.322528][   T29] usb 5-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[   63.353813][   T29] usb 5-1: Product: syz
[   63.405015][ T5753] Bluetooth: hci3: command 0x0419 tx timeout
[   63.408284][   T29] usb 5-1: Manufacturer: syz
[   63.429613][   T29] usb 5-1: SerialNumber: syz
[   63.503356][ T1212] Bluetooth: (null): Invalid header checksum
[   63.963233][   T29] usb 5-1: 1:1 : bogus bTerminalLink 6
[   64.032573][   T29] usb 5-1: USB disconnect, device number 2
[   64.198794][ T5742] udevd[5742]: error opening ATTR{/sys/devices/platform/dummy_hcd.0/usb5/5-1/5-1:1.0/sound/card3/controlC3/../uevent} for writing: No such file or directory
[   64.634904][ T5790] usb 6-1: new full-speed USB device number 2 using dummy_hcd
[   64.796588][ T5790] usb 6-1: config 5 has an invalid descriptor of length 0, skipping remainder of the config
[   64.801081][ T5790] usb 6-1: config 5 has 0 interfaces, different from the descriptor's value: 1
[   64.805891][ T5790] usb 6-1: New USB device found, idVendor=3923, idProduct=718a, bcdDevice=d8.d7
[   64.809071][ T5790] usb 6-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[   64.811733][ T5790] usb 6-1: Product: syz
[   64.813227][ T5790] usb 6-1: Manufacturer: syz
[   64.814831][ T5790] usb 6-1: SerialNumber: syz
[   64.924872][ T5100] Bluetooth: hci1: Opcode 0x0c03 failed: -110
[   65.502188][ T6036] netlink: 12 bytes leftover after parsing attributes in process `syz.0.38'.
[   65.565705][ T6042] wireguard0: entered promiscuous mode
[   67.488650][ T5790] usb 6-1: USB disconnect, device number 2
[   68.009720][ T6076] netlink: 16 bytes leftover after parsing attributes in process `syz.3.50'.
[   68.265748][ T6082] netlink: 4 bytes leftover after parsing attributes in process `syz.3.50'.
[   68.295849][ T6081] bridge0: port 2(bridge_slave_1) entered disabled state
[   68.299718][ T6081] bridge0: port 1(bridge_slave_0) entered disabled state
[   68.396498][ T6081] batman_adv: batadv0: Interface deactivated: batadv_slave_0
[   68.402133][ T6081] batman_adv: batadv0: Interface deactivated: batadv_slave_1
[   68.551549][ T6082] vlan2: entered promiscuous mode
[   68.553450][ T6082] bridge0: entered promiscuous mode
[   68.591841][ T1252] netdevsim netdevsim3 netdevsim0: unset [1, 0] type 2 family 0 port 6081 - 0
[   68.613638][ T1252] netdevsim netdevsim3 netdevsim1: unset [1, 0] type 2 family 0 port 6081 - 0
[   68.622475][ T1252] netdevsim netdevsim3 netdevsim2: unset [1, 0] type 2 family 0 port 6081 - 0
[   68.640116][ T1252] netdevsim netdevsim3 netdevsim3: unset [1, 0] type 2 family 0 port 6081 - 0
[   68.788536][ T5100] block nbd0: Receive control failed (result -32)
[   68.788663][ T5753] block nbd0: Receive control failed (result -32)
[   69.615336][ T6105] kAFS: unable to lookup cell '(,c��L'
[   70.273399][ T6112] netlink: 8 bytes leftover after parsing attributes in process `syz.2.58'.
[   70.313884][ T6112] netlink: 44 bytes leftover after parsing attributes in process `syz.2.58'.
[   71.574686][ T6125] fuse: Unknown parameter 'fd�0x0000000000000003'
[   71.892297][ T6137] netlink: 24 bytes leftover after parsing attributes in process `syz.2.63'.
[   72.139903][ T6143] netlink: 104 bytes leftover after parsing attributes in process `syz.0.64'.
[   72.221780][ T6144] overlayfs: overlapping lowerdir path
[   72.821007][ T6154] netlink: 16 bytes leftover after parsing attributes in process `syz.0.67'.
[   72.961698][ T6156] netlink: 4 bytes leftover after parsing attributes in process `syz.2.66'.
[   73.074965][    T9] usb 5-1: new high-speed USB device number 3 using dummy_hcd
[   73.234821][    T9] usb 5-1: Using ep0 maxpacket: 8
[   73.238456][    T9] usb 5-1: config 0 interface 0 altsetting 254 endpoint 0x81 has an invalid bInterval 0, changing to 7
[   73.242423][    T9] usb 5-1: config 0 interface 0 altsetting 254 endpoint 0x81 has invalid wMaxPacketSize 0
[   73.245967][    T9] usb 5-1: config 0 interface 0 has no altsetting 0
[   73.249359][    T9] usb 5-1: New USB device found, idVendor=04d8, idProduct=00dd, bcdDevice= 0.00
[   73.254958][    T9] usb 5-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[   73.259978][    T9] usb 5-1: config 0 descriptor??
[   73.390207][ T6158] sctp: sctp_transport_update_pmtu: Reported pmtu 68 too low, using default minimum of 512
[   73.420627][ T6157] sctp: sctp_transport_update_pmtu: Reported pmtu 68 too low, using default minimum of 512
[   73.514032][ T6165] netlink: 16 bytes leftover after parsing attributes in process `syz.3.70'.
[   73.568845][ T6166] netlink: 8 bytes leftover after parsing attributes in process `syz.1.71'.
[   73.701051][ T6154] Bluetooth: MGMT ver 1.23
[   73.754904][ T5748] usb 8-1: new high-speed USB device number 2 using dummy_hcd
[   73.904860][ T5748] usb 8-1: Using ep0 maxpacket: 8
[   73.909064][ T5748] usb 8-1: config 0 interface 0 altsetting 254 endpoint 0x81 has an invalid bInterval 0, changing to 7
[   73.913478][ T5748] usb 8-1: config 0 interface 0 altsetting 254 endpoint 0x81 has invalid wMaxPacketSize 0
[   73.917932][ T5748] usb 8-1: config 0 interface 0 has no altsetting 0
[   73.920936][ T5748] usb 8-1: New USB device found, idVendor=04d8, idProduct=00dd, bcdDevice= 0.00
[   73.924593][ T5748] usb 8-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[   73.933344][ T5748] usb 8-1: config 0 descriptor??
[   74.692834][ T6184] syz.2.76 uses obsolete (PF_INET,SOCK_PACKET)
[   75.459602][ T6198] syz.1.78 (6198): /proc/6196/oom_adj is deprecated, please use /proc/6196/oom_score_adj instead.
[   75.821072][    T9] usbhid 5-1:0.0: can't add hid device: -71
[   75.823144][    T9] usbhid 5-1:0.0: probe with driver usbhid failed with error -71
[   75.827825][    T9] usb 5-1: USB disconnect, device number 3
[   75.936413][ T6203] usb usb1: usbfs: interface 0 claimed by hub while 'syz.0.80' sets config #1
[   75.944861][ T6203] comedi comedi3: Minor 1 could not be opened
[   75.948519][ T6203] bochs-drm 0000:00:01.0: vgaarb: VGA decodes changed: olddecodes=io+mem,decodes=none:owns=io+mem
[   76.052071][ T6205] batman_adv: batadv0: Adding interface: dummy0
[   76.054662][ T6205] batman_adv: batadv0: The MTU of interface dummy0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1532 would solve the problem.
[   76.055152][ T1430] ieee802154 phy0 wpan0: encryption failed: -22
[   76.065517][ T6205] batman_adv: batadv0: Interface activated: dummy0
[   76.072653][ T1430] ieee802154 phy1 wpan1: encryption failed: -22
[   76.081612][ T6205] batadv0: mtu less than device minimum
[   76.086521][ T6205] batman_adv: batadv0: Forced to purge local tt entries to fit new maximum fragment MTU (-320)
[   76.092985][ T6205] batman_adv: batadv0: Forced to purge local tt entries to fit new maximum fragment MTU (-320)
[   76.098589][ T6205] batman_adv: batadv0: Forced to purge local tt entries to fit new maximum fragment MTU (-320)
[   76.104359][ T6205] batman_adv: batadv0: Forced to purge local tt entries to fit new maximum fragment MTU (-320)
[   76.109950][ T6205] batman_adv: batadv0: Forced to purge local tt entries to fit new maximum fragment MTU (-320)
[   76.115391][ T6205] batman_adv: batadv0: Forced to purge local tt entries to fit new maximum fragment MTU (-320)
[   76.120967][ T6205] batman_adv: batadv0: Forced to purge local tt entries to fit new maximum fragment MTU (-320)
[   76.126383][ T6205] batman_adv: batadv0: Forced to purge local tt entries to fit new maximum fragment MTU (-320)
[   76.132053][ T6205] batman_adv: batadv0: Forced to purge local tt entries to fit new maximum fragment MTU (-320)
[   76.490517][ T5748] usbhid 8-1:0.0: can't add hid device: -71
[   76.506186][ T5748] usbhid 8-1:0.0: probe with driver usbhid failed with error -71
[   76.544114][ T5748] usb 8-1: USB disconnect, device number 2
[   77.393372][   T40] audit: type=1326 audit(1778639624.967:2): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=6225 comm="syz.0.87" exe="/syz-executor" sig=9 arch=40000003 syscall=252 compat=1 ip=0xf6feefcc code=0x0
[   77.768342][ T6230] netlink: 72 bytes leftover after parsing attributes in process `syz.3.88'.
[   77.776131][ T6230] netlink: 'syz.3.88': attribute type 1 has an invalid length.
[   77.886914][   T50] usb 5-1: new high-speed USB device number 4 using dummy_hcd
[   77.917169][   T12] Bluetooth: (null): Invalid header checksum
[   78.035471][ T1252] Bluetooth: (null): Invalid header checksum
[   78.039590][ T6235] kvm: vcpu 0: requested 128 ns lapic timer period limited to 200000 ns
[   78.043995][ T6235] kvm: vcpu 0: requested lapic timer restore with starting count register 0x390=1812281087 (231971979136 ns) > initial count (200000 ns). Using initial count to start timer.
[   78.048201][   T50] usb 5-1: config 0 has no interfaces?
[   78.051658][   T50] usb 5-1: New USB device found, idVendor=5443, idProduct=0042, bcdDevice= 0.00
[   78.055479][   T50] usb 5-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[   78.060169][   T50] usb 5-1: config 0 descriptor??
[   78.148018][ T1252] Bluetooth: (null): Invalid header checksum
[   78.267926][   T12] Bluetooth: (null): Invalid header checksum
[   78.381829][  T231] Bluetooth: (null): Invalid header checksum
[   78.488564][   T74] Bluetooth: (null): Invalid header checksum
[   78.597531][ T1252] Bluetooth: (null): Invalid header checksum
[   78.716764][  T231] Bluetooth: (null): Invalid header checksum
[   78.891757][ T6241] fuse: fd is not a fuse device
[   78.935578][ T6241] netlink: 4 bytes leftover after parsing attributes in process `syz.2.91'.
[   79.067095][ T6247] netlink: 'syz.2.94': attribute type 4 has an invalid length.
[   79.191892][ T6252] netlink: 4 bytes leftover after parsing attributes in process `syz.2.95'.
[   79.204953][ T5732] usb 6-1: new high-speed USB device number 3 using dummy_hcd
[   79.354845][ T5732] usb 6-1: Using ep0 maxpacket: 32
[   80.398286][   T50] usb 5-1: USB disconnect, device number 4
[   81.126360][ T6275] batman_adv: batadv0: Interface deactivated: dummy0
[   81.128980][ T6275] batman_adv: batadv0: Removing interface: dummy0
[   81.135783][ T6275] bridge_slave_0: left allmulticast mode
[   81.137798][ T6275] bridge_slave_0: left promiscuous mode
[   81.141125][ T6275] bridge0: port 1(bridge_slave_0) entered disabled state
[   81.149427][ T6275] bridge_slave_1: left allmulticast mode
[   81.151575][ T6275] bridge_slave_1: left promiscuous mode
[   81.153682][ T6275] bridge0: port 2(bridge_slave_1) entered disabled state
[   81.162478][ T6275] bond0: (slave bond_slave_0): Releasing backup interface
[   81.180574][ T6275] bond0: (slave bond_slave_1): Releasing backup interface
[   81.197580][ T6275] team0: Port device team_slave_0 removed
[   81.203965][ T6275] team0: Port device team_slave_1 removed
[   81.206891][ T6275] batman_adv: batadv0: Interface deactivated: batadv_slave_0
[   81.209443][ T6275] batman_adv: batadv0: Removing interface: batadv_slave_0
[   81.213722][ T6275] batman_adv: batadv0: Interface deactivated: batadv_slave_1
[   81.217229][ T6275] batman_adv: batadv0: Removing interface: batadv_slave_1
[   81.221804][ T6275] net_ratelimit: 10 callbacks suppressed
[   81.221816][ T6275] A link change request failed with some changes committed already. Interface hsr_slave_0 may have been left with an inconsistent configuration, please check.
[   81.298566][ T6275] team0: Mode changed to "loadbalance"
[   81.524671][ T6284] netlink: 16 bytes leftover after parsing attributes in process `syz.0.102'.
[   81.795165][    T9] usb 5-1: new high-speed USB device number 5 using dummy_hcd
[   81.945006][    T9] usb 5-1: Using ep0 maxpacket: 8
[   81.954534][    T9] usb 5-1: config 0 interface 0 altsetting 254 endpoint 0x81 has an invalid bInterval 0, changing to 7
[   81.963928][    T9] usb 5-1: config 0 interface 0 altsetting 254 endpoint 0x81 has invalid wMaxPacketSize 0
[   81.974892][    T9] usb 5-1: config 0 interface 0 has no altsetting 0
[   81.984112][ T5732] usb 6-1: unable to get BOS descriptor or descriptor too short
[   81.988192][    T9] usb 5-1: New USB device found, idVendor=04d8, idProduct=00dd, bcdDevice= 0.00
[   81.995455][ T5732] usb 6-1: unable to read config index 0 descriptor/start: -71
[   81.998070][ T5732] usb 6-1: can't read configurations, error -71
[   82.001451][    T9] usb 5-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[   82.035363][    T9] usb 5-1: config 0 descriptor??
[   82.111543][ T6288] fuse: Bad value for 'fd'
[   82.181282][ T6288] netlink: 4 bytes leftover after parsing attributes in process `syz.1.104'.
[   82.341083][ T6297] netlink: 16 bytes leftover after parsing attributes in process `syz.1.106'.
[   82.550134][ T6300] fuse: fd is not a fuse device
[   83.357810][   T10] cfg80211: failed to load regulatory.db
[   83.415366][ T5732] usb 6-1: new high-speed USB device number 4 using dummy_hcd
[   83.564954][ T5732] usb 6-1: Using ep0 maxpacket: 8
[   83.570282][ T5732] usb 6-1: config 0 interface 0 altsetting 254 endpoint 0x81 has an invalid bInterval 0, changing to 7
[   83.573976][ T5732] usb 6-1: config 0 interface 0 altsetting 254 endpoint 0x81 has invalid wMaxPacketSize 0
[   83.577310][ T5732] usb 6-1: config 0 interface 0 has no altsetting 0
[   83.579673][ T5732] usb 6-1: New USB device found, idVendor=04d8, idProduct=00dd, bcdDevice= 0.00
[   83.582794][ T5732] usb 6-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[   83.587760][ T5732] usb 6-1: config 0 descriptor??
[   84.483840][    T9] usbhid 5-1:0.0: can't add hid device: -71
[   84.487454][    T9] usbhid 5-1:0.0: probe with driver usbhid failed with error -71
[   84.495765][    T9] usb 5-1: USB disconnect, device number 5
[   84.810483][ T6312] kvm: vcpu 0: requested lapic timer restore with starting count register 0x390=1812281087 (231971979136 ns) > initial count (200000 ns). Using initial count to start timer.
[   85.204932][ T6317] netlink: 8 bytes leftover after parsing attributes in process `syz.3.111'.
[   85.209907][ T6317] 9pnet_virtio: no channels available for device 127.0.0.1
[   85.309155][ T5732] usbhid 6-1:0.0: can't add hid device: -71
[   85.316728][ T5732] usbhid 6-1:0.0: probe with driver usbhid failed with error -71
[   85.336144][ T5732] usb 6-1: USB disconnect, device number 4
[   85.464950][ T5790] usb 8-1: new high-speed USB device number 3 using dummy_hcd
[   85.578203][ T6322] netlink: 4 bytes leftover after parsing attributes in process `syz.2.113'.
[   85.614830][ T5790] usb 8-1: Using ep0 maxpacket: 32
[   85.621011][ T5790] usb 8-1: config 0 has an invalid interface number: 1 but max is 0
[   85.625570][ T5790] usb 8-1: config 0 has no interface number 0
[   85.629405][ T5790] usb 8-1: New USB device found, idVendor=8086, idProduct=9500, bcdDevice=b6.d8
[   85.633668][ T5790] usb 8-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[   85.636685][ T5790] usb 8-1: Product: syz
[   85.638050][ T5790] usb 8-1: Manufacturer: syz
[   85.639768][ T5790] usb 8-1: SerialNumber: syz
[   85.643975][ T5790] usb 8-1: config 0 descriptor??
[   85.655829][ T5790] usb 8-1: dvb_usb_v2: found a 'Intel CE9500 reference design' in warm state
[   85.662210][ T5790] usb 8-1: selecting invalid altsetting 1
[   85.664554][ T5790] usb 8-1: dvb_usb_ce6230: usb_set_interface() failed=-22
[   85.675923][ T5790] usb 8-1: dvb_usb_v2: will pass the complete MPEG2 transport stream to the software demuxer
[   85.679462][ T5790] dvbdev: DVB: registering new adapter (Intel CE9500 reference design)
[   85.684006][ T5790] usb 8-1: media controller created
[   85.693072][ T5790] dvbdev: dvb_create_media_entity: media entity 'dvb-demux' registered.
[   85.755067][ T5732] usb 6-1: new high-speed USB device number 5 using dummy_hcd
[   85.914840][ T5732] usb 6-1: Using ep0 maxpacket: 32
[   86.766671][ T5790] usb 8-1: dvb_usb_ce6230: usb_control_msg() failed=-110
[   86.770834][ T5790] zl10353_read_register: readreg error (reg=127, ret==-110)
[   86.786772][ T6317] usb 8-1: dvb_usb_ce6230: usb_control_msg() failed=-32
[   88.147347][ T5790] usb 8-1: USB disconnect, device number 3
[   88.242151][ T6348] netlink: 4 bytes leftover after parsing attributes in process `syz.3.123'.
[   88.406016][ T5732] usb 6-1: unable to get BOS descriptor or descriptor too short
[   88.421851][ T5732] usb 6-1: unable to read config index 0 descriptor/start: -71
[   88.426980][ T5732] usb 6-1: can't read configurations, error -71
[   88.496789][ T6359] PID 6359 killed due to inadequate hugepage pool
[   88.664262][ T6366] kvm: vcpu 0: requested lapic timer restore with starting count register 0x390=1812281087 (231971979136 ns) > initial count (200000 ns). Using initial count to start timer.
[   89.185953][ T6379] netlink: 4 bytes leftover after parsing attributes in process `syz.0.132'.
[   89.663716][ T6388] kAFS: unable to lookup cell '(,c��L'
[   89.738206][ T6390] fuse: Unknown parameter 'fd�0x0000000000000003'
[   93.239623][ T6426] netlink: 16 bytes leftover after parsing attributes in process `syz.1.143'.
[   93.494981][ T5790] usb 6-1: new high-speed USB device number 7 using dummy_hcd
[   93.705819][ T6435] kAFS: unable to lookup cell '(,c��L'
[   94.597205][ T5790] usb 6-1: Using ep0 maxpacket: 8
[   94.600581][ T5790] usb 6-1: config 0 interface 0 altsetting 254 endpoint 0x81 has an invalid bInterval 0, changing to 7
[   94.604527][ T5790] usb 6-1: config 0 interface 0 altsetting 254 endpoint 0x81 has invalid wMaxPacketSize 0
[   94.608736][ T5790] usb 6-1: config 0 interface 0 has no altsetting 0
[   94.610950][ T5790] usb 6-1: New USB device found, idVendor=04d8, idProduct=00dd, bcdDevice= 0.00
[   94.614045][ T5790] usb 6-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[   94.619013][ T5790] usb 6-1: config 0 descriptor??
[   94.729971][ T6449] netlink: 16 bytes leftover after parsing attributes in process `syz.0.148'.
[   94.974946][   T29] usb 5-1: new high-speed USB device number 6 using dummy_hcd
[   95.124881][   T29] usb 5-1: Using ep0 maxpacket: 8
[   95.128322][   T29] usb 5-1: config 0 interface 0 altsetting 254 endpoint 0x81 has an invalid bInterval 0, changing to 7
[   95.132338][   T29] usb 5-1: config 0 interface 0 altsetting 254 endpoint 0x81 has invalid wMaxPacketSize 0
[   95.135727][   T29] usb 5-1: config 0 interface 0 has no altsetting 0
[   95.138247][   T29] usb 5-1: New USB device found, idVendor=04d8, idProduct=00dd, bcdDevice= 0.00
[   95.141214][   T29] usb 5-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[   95.145734][   T29] usb 5-1: config 0 descriptor??
[   95.241244][ T6452] netlink: 52 bytes leftover after parsing attributes in process `syz.2.149'.
[   95.381498][ T6456] netlink: 52 bytes leftover after parsing attributes in process `syz.2.151'.
[   95.405513][ T6458] netlink: 4 bytes leftover after parsing attributes in process `syz.3.152'.
[   95.589885][   T29] mcp2221 0003:04D8:00DD.0002: unknown main item tag 0x0
[   95.593488][   T29] mcp2221 0003:04D8:00DD.0002: unknown main item tag 0x0
[   95.597332][   T29] mcp2221 0003:04D8:00DD.0002: unknown main item tag 0x0
[   95.600398][   T29] mcp2221 0003:04D8:00DD.0002: unknown main item tag 0x0
[   95.603675][   T29] mcp2221 0003:04D8:00DD.0002: unknown main item tag 0x0
[   95.612461][   T29] mcp2221 0003:04D8:00DD.0002: USB HID vff.ff Device [HID 04d8:00dd] on usb-dummy_hcd.0-1/input0
[   96.214802][ T5790] usbhid 6-1:0.0: can't add hid device: -71
[   96.223171][ T5790] usbhid 6-1:0.0: probe with driver usbhid failed with error -71
[   96.232154][ T5790] usb 6-1: USB disconnect, device number 7
[   96.490682][ T6480] kAFS: unable to lookup cell '(,c��L'
[   96.918767][   T58] usb 5-1: reset high-speed USB device number 6 using dummy_hcd
[   97.708150][ T6500] fuse: Unknown parameter 'fd�0x0000000000000003'
[   97.717453][ T6497] netlink: 52 bytes leftover after parsing attributes in process `syz.3.161'.
[   98.514382][   T29] usb 5-1: USB disconnect, device number 6
[   98.754289][ T6514] netlink: 16 bytes leftover after parsing attributes in process `syz.2.164'.
[   99.790120][ T6533] netlink: 16 bytes leftover after parsing attributes in process `syz.3.171'.
[  100.057799][   T34] usb 8-1: new high-speed USB device number 4 using dummy_hcd
[  100.225019][   T34] usb 8-1: Using ep0 maxpacket: 8
[  100.259418][   T34] usb 8-1: config 0 interface 0 altsetting 254 endpoint 0x81 has an invalid bInterval 0, changing to 7
[  100.271867][   T34] usb 8-1: config 0 interface 0 altsetting 254 endpoint 0x81 has invalid wMaxPacketSize 0
[  100.277947][   T34] usb 8-1: config 0 interface 0 has no altsetting 0
[  100.282238][   T34] usb 8-1: New USB device found, idVendor=04d8, idProduct=00dd, bcdDevice= 0.00
[  100.287368][   T34] usb 8-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  100.308555][   T34] usb 8-1: config 0 descriptor??
[  100.844398][   T34] mcp2221 0003:04D8:00DD.0003: unknown main item tag 0x0
[  100.847001][   T34] mcp2221 0003:04D8:00DD.0003: unknown main item tag 0x0
[  100.851200][   T34] mcp2221 0003:04D8:00DD.0003: unknown main item tag 0x0
[  100.856541][   T34] mcp2221 0003:04D8:00DD.0003: unknown main item tag 0x0
[  100.864097][   T34] mcp2221 0003:04D8:00DD.0003: unknown main item tag 0x0
[  100.872025][   T34] mcp2221 0003:04D8:00DD.0003: USB HID vff.ff Device [HID 04d8:00dd] on usb-dummy_hcd.3-1/input0
[  102.009388][ T6543] kAFS: unable to lookup cell '(,c��L'
[  102.111212][   T34] usb 8-1: reset high-speed USB device number 4 using dummy_hcd
[  102.694344][ T6563] kAFS: unable to lookup cell '(,c��L'
[  102.720855][   T40] audit: type=1804 audit(1778639650.297:3): pid=6564 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=invalid_pcr cause=open_writers comm="syz.2.177" name="file0" dev="ramfs" ino=10157 res=1 errno=0
[  104.117753][ T5790] usb 8-1: USB disconnect, device number 4
[  104.901521][ T6601] vhci_hcd vhci_hcd.0: pdev(1) rhport(0) sockfd(6)
[  104.901587][ T6601] vhci_hcd vhci_hcd.0: devid(0) speed(6) speed_str(super-speed-plus)
[  104.953968][ T6601] vhci_hcd vhci_hcd.0: Device attached
[  105.130534][ T6611] netlink: 16 bytes leftover after parsing attributes in process `syz.3.187'.
[  105.214887][   T29] usb 40-1: SetAddress Request (2) to port 0
[  105.214939][   T29] usb 40-1: new SuperSpeed USB device number 2 using vhci_hcd
[  105.374914][   T34] usb 8-1: new high-speed USB device number 5 using dummy_hcd
[  105.509661][ T6605] vhci_hcd: connection reset by peer
[  105.520730][   T74] vhci_hcd vhci_hcd.1: stop threads
[  105.521112][   T74] vhci_hcd vhci_hcd.1: release socket
[  105.521906][   T74] vhci_hcd vhci_hcd.1: disconnect device
[  105.525155][   T34] usb 8-1: Using ep0 maxpacket: 8
[  105.537779][   T34] usb 8-1: config 0 interface 0 altsetting 254 endpoint 0x81 has an invalid bInterval 0, changing to 7
[  105.541811][   T34] usb 8-1: config 0 interface 0 altsetting 254 endpoint 0x81 has invalid wMaxPacketSize 0
[  105.548731][   T34] usb 8-1: config 0 interface 0 has no altsetting 0
[  105.551458][   T34] usb 8-1: New USB device found, idVendor=04d8, idProduct=00dd, bcdDevice= 0.00
[  105.555386][   T34] usb 8-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  105.561200][   T34] usb 8-1: config 0 descriptor??
[  105.978893][   T34] mcp2221 0003:04D8:00DD.0004: unknown main item tag 0x0
[  105.984491][   T34] mcp2221 0003:04D8:00DD.0004: unknown main item tag 0x0
[  105.987304][   T34] mcp2221 0003:04D8:00DD.0004: unknown main item tag 0x0
[  105.990442][   T34] mcp2221 0003:04D8:00DD.0004: unknown main item tag 0x0
[  105.993724][   T34] mcp2221 0003:04D8:00DD.0004: unknown main item tag 0x0
[  105.996792][   T34] mcp2221 0003:04D8:00DD.0004: USB HID vff.ff Device [HID 04d8:00dd] on usb-dummy_hcd.3-1/input0
[  106.361192][ T6637] netlink: 52 bytes leftover after parsing attributes in process `syz.2.195'.
[  106.394964][   T34] usb 6-1: new full-speed USB device number 8 using dummy_hcd
[  106.566663][   T34] usb 6-1: config 5 has an invalid descriptor of length 0, skipping remainder of the config
[  106.571177][   T34] usb 6-1: config 5 has 0 interfaces, different from the descriptor's value: 1
[  106.576343][   T34] usb 6-1: New USB device found, idVendor=3923, idProduct=718a, bcdDevice=d8.d7
[  106.579804][   T34] usb 6-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  106.582660][   T34] usb 6-1: Product: syz
[  106.584036][   T34] usb 6-1: Manufacturer: syz
[  106.585977][   T34] usb 6-1: SerialNumber: syz
[  107.005653][ T5753] Bluetooth: hci0: Controller not accepting commands anymore: ncmd = 0
[  107.010542][ T5753] Bluetooth: hci0: Injecting HCI hardware error event
[  107.013632][ T5753] Bluetooth: hci0: hardware error 0x00
[  107.245799][   T39] usb 8-1: reset high-speed USB device number 5 using dummy_hcd
[  107.654861][  T843] usb 5-1: new high-speed USB device number 7 using dummy_hcd
[  107.804977][  T843] usb 5-1: Using ep0 maxpacket: 32
[  108.865764][ T5790] usb 8-1: USB disconnect, device number 5
[  109.086412][ T5753] Bluetooth: hci0: Opcode 0x0c03 failed: -110
[  109.173521][   T34] usb 6-1: USB disconnect, device number 8
[  109.279647][ T6661] netlink: 52 bytes leftover after parsing attributes in process `syz.1.203'.
[  111.450331][   T29] usb 40-1: device descriptor read/8, error -110
[  111.453634][ T6666] kAFS: unable to lookup cell '(,c��L'
[  111.459499][ T6665] kAFS: unable to lookup cell '(,c��L'
[  111.630220][  T843] usb 5-1: unable to get BOS descriptor or descriptor too short
[  111.637877][  T843] usb 5-1: unable to read config index 0 descriptor/start: -71
[  111.644335][  T843] usb 5-1: can't read configurations, error -71
[  111.677477][ T6674] fuse: Unknown parameter 'fd�0x0000000000000003'
[  111.835548][   T29] usb usb40-port1: attempt power cycle
[  112.399202][   T29] usb usb40-port1: unable to enumerate USB device
[  113.304933][ T5790] usb 5-1: new high-speed USB device number 9 using dummy_hcd
[  113.371314][ T6698] FAULT_INJECTION: forcing a failure.
[  113.371314][ T6698] name fail_usercopy, interval 1, probability 0, space 0, times 1
[  113.375662][ T6698] CPU: 1 UID: 0 PID: 6698 Comm: syz.1.210 Not tainted syzkaller #0 PREEMPT(full) 
[  113.375696][ T6698] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014
[  113.375721][ T6698] Call Trace:
[  113.375728][ T6698]  <TASK>
[  113.375734][ T6698]  dump_stack_lvl+0x100/0x190
[  113.375767][ T6698]  should_fail_ex.cold+0x5/0xa
[  113.375797][ T6698]  _copy_from_user+0x2e/0xd0
[  113.375818][ T6698]  get_compat_msghdr+0xb3/0x4b0
[  113.375837][ T6698]  ? __pfx_get_compat_msghdr+0x10/0x10
[  113.375852][ T6698]  ? rcu_is_watching+0x12/0xc0
[  113.375869][ T6698]  ? ___sys_sendmsg+0x19d/0x1e0
[  113.375885][ T6698]  ? kfree+0x1dd/0x6c0
[  113.375903][ T6698]  ? __pfx__kstrtoull+0x10/0x10
[  113.375918][ T6698]  ___sys_sendmsg+0x1b6/0x1e0
[  113.375935][ T6698]  ? __pfx____sys_sendmsg+0x10/0x10
[  113.375952][ T6698]  ? __lock_acquire+0x4a5/0x2630
[  113.375974][ T6698]  ? __pfx___might_resched+0x10/0x10
[  113.375991][ T6698]  __sys_sendmmsg+0x2ff/0x430
[  113.376006][ T6698]  ? __pfx___sys_sendmmsg+0x10/0x10
[  113.376024][ T6698]  ? __fget_files+0x215/0x3d0
[  113.376045][ T6698]  ? fput+0x79/0x100
[  113.376062][ T6698]  ? ksys_write+0x1ac/0x250
[  113.376077][ T6698]  __ia32_compat_sys_sendmmsg+0x9d/0x100
[  113.376092][ T6698]  ? lockdep_hardirqs_on+0x78/0x100
[  113.376111][ T6698]  __do_fast_syscall_32+0xe7/0x950
[  113.376129][ T6698]  ? lockdep_hardirqs_on+0x78/0x100
[  113.376146][ T6698]  do_fast_syscall_32+0x32/0x70
[  113.376165][ T6698]  entry_SYSENTER_compat_after_hwframe+0x84/0x8e
[  113.376181][ T6698] RIP: 0023:0xf7f68fcc
[  113.376191][ T6698] Code: d2 74 05 c1 e8 0c 89 02 8b 5d fc 31 c0 c9 c3 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 0f 1f 00 51 52 55 89 e5 0f 34 cd 80 <5d> 5a 59 c3 90 2e 8d b4 26 00 00 00 00 8d b4 26 00 00 00 00 58 b8
[  113.376201][ T6698] RSP: 002b:00000000f53e450c EFLAGS: 00000292 ORIG_RAX: 0000000000000159
[  113.376214][ T6698] RAX: ffffffffffffffda RBX: 0000000000000003 RCX: 0000000080001c00
[  113.376221][ T6698] RDX: 0000000000000159 RSI: 0000000000040840 RDI: 0000000000000000
[  113.376227][ T6698] RBP: 0000000000000000 R08: 0000000000000000 R09: 0000000000000000
[  113.376233][ T6698] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000
[  113.376239][ T6698] R13: 0000000000000000 R14: 0000000000000000 R15: 0000000000000000
[  113.376253][ T6698]  </TASK>
[  113.495245][ T5790] usb 5-1: Using ep0 maxpacket: 32
[  113.565013][ T6083] usb 8-1: new high-speed USB device number 6 using dummy_hcd
[  113.744861][ T6083] usb 8-1: Using ep0 maxpacket: 32
[  116.030710][ T5790] usb 5-1: unable to get BOS descriptor or descriptor too short
[  116.036574][ T5790] usb 5-1: unable to read config index 0 descriptor/start: -71
[  116.040743][ T5790] usb 5-1: can't read configurations, error -71
[  116.212881][ T6726] fuse: Unknown parameter 'fd�0x0000000000000003'
[  116.293231][ T6083] usb 8-1: unable to get BOS descriptor or descriptor too short
[  116.301861][ T6083] usb 8-1: unable to read config index 0 descriptor/start: -71
[  116.314925][ T6083] usb 8-1: can't read configurations, error -71
[  116.337468][ T6735] A link change request failed with some changes committed already. Interface hsr_slave_0 may have been left with an inconsistent configuration, please check.
[  116.371545][ T6735] fuse: fd is not a fuse device
[  116.386996][ T6735] netlink: 68 bytes leftover after parsing attributes in process `syz.2.223'.
[  116.390580][ T6735] netlink: 200 bytes leftover after parsing attributes in process `syz.2.223'.
[  116.507179][ T6740] capability: warning: `syz.2.225' uses deprecated v2 capabilities in a way that may be insecure
[  119.186734][ T6777] Process accounting resumed
[  119.390166][ T6788] fuse: Unknown parameter 'fd�0x0000000000000003'
[  121.009264][ T6784] netlink: 4 bytes leftover after parsing attributes in process `syz.2.237'.
[  121.061343][ T6795] kvm: vcpu 0: requested lapic timer restore with starting count register 0x390=1812281087 (231971979136 ns) > initial count (200000 ns). Using initial count to start timer.
[  123.314877][    T9] usb 5-1: new full-speed USB device number 11 using dummy_hcd
[  123.476113][    T9] usb 5-1: config 5 has an invalid descriptor of length 0, skipping remainder of the config
[  123.481759][    T9] usb 5-1: config 5 has 0 interfaces, different from the descriptor's value: 1
[  123.486693][    T9] usb 5-1: New USB device found, idVendor=3923, idProduct=718a, bcdDevice=d8.d7
[  123.490902][    T9] usb 5-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  123.493490][    T9] usb 5-1: Product: syz
[  123.495106][    T9] usb 5-1: Manufacturer: syz
[  123.497686][    T9] usb 5-1: SerialNumber: syz
[  125.602253][ T6850] netlink: zone id is out of range
[  125.658885][ T6850] netlink: set zone limit has 4 unknown bytes
[  125.948664][ T6851] kAFS: unable to lookup cell '(,c��L'
[  126.107553][    T9] usb 5-1: USB disconnect, device number 11
[  126.294454][ T6859] netlink: 4 bytes leftover after parsing attributes in process `syz.3.251'.
[  126.783282][ T5790] IPVS: starting estimator thread 0...
[  126.803591][ T6874] IPVS: set_ctl: invalid protocol: 103 100.1.1.0:20004
[  126.914920][ T6875] IPVS: using max 42 ests per chain, 100800 per kthread
[  127.794862][   T58] usb 5-1: new full-speed USB device number 12 using dummy_hcd
[  127.956946][   T58] usb 5-1: config 5 has an invalid descriptor of length 0, skipping remainder of the config
[  127.961618][   T58] usb 5-1: config 5 has 0 interfaces, different from the descriptor's value: 1
[  127.971132][   T58] usb 5-1: New USB device found, idVendor=3923, idProduct=718a, bcdDevice=d8.d7
[  127.975567][   T58] usb 5-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  127.979288][   T58] usb 5-1: Product: syz
[  127.981427][   T58] usb 5-1: Manufacturer: syz
[  127.983664][   T58] usb 5-1: SerialNumber: syz
[  128.481985][ T6894] kvm: vcpu 0: requested lapic timer restore with starting count register 0x390=1812281087 (231971979136 ns) > initial count (200000 ns). Using initial count to start timer.
[  128.539498][ T6897] netlink: 4 bytes leftover after parsing attributes in process `syz.2.262'.
[  128.699893][ T6911] ecryptfs_validate_options: You must supply at least one valid auth tok signature as a mount parameter; see the eCryptfs README
[  128.706254][ T6911] Error validating options; rc = [-22]
[  129.232190][ T6924] netlink: 4 bytes leftover after parsing attributes in process `syz.1.271'.
[  131.195597][   T58] usb 5-1: USB disconnect, device number 12
[  132.168547][ T6955] netlink: 4 bytes leftover after parsing attributes in process `syz.0.278'.
[  132.172943][ T6955] A link change request failed with some changes committed already. Interface lo may have been left with an inconsistent configuration, please check.
[  132.224153][ T6954] loop4: detected capacity change from 0 to 2640
[  132.241141][ T6010] Buffer I/O error on dev loop4, logical block 0, async page read
[  132.300456][ T6954] Buffer I/O error on dev loop4, logical block 0, lost async page write
[  132.311512][ T6954] Buffer I/O error on dev loop4, logical block 1, lost async page write
[  132.311559][ T6962] Buffer I/O error on dev loop4, logical block 0, lost async page write
[  132.327577][ T6954] Buffer I/O error on dev loop4, logical block 2, lost async page write
[  132.345629][ T6954] Buffer I/O error on dev loop4, logical block 3, lost async page write
[  132.370435][ T6954] Buffer I/O error on dev loop4, logical block 4, lost async page write
[  132.371005][ T6964] netlink: 4 bytes leftover after parsing attributes in process `syz.2.280'.
[  132.383513][ T6954] Buffer I/O error on dev loop4, logical block 5, lost async page write
[  132.405766][ T6954] Buffer I/O error on dev loop4, logical block 6, lost async page write
[  132.408463][ T6954] Buffer I/O error on dev loop4, logical block 7, lost async page write
[  132.521954][ T6970] fuse: Unknown parameter 'fd�0x0000000000000003'
[  133.465027][ T6984] netlink: 16 bytes leftover after parsing attributes in process `syz.1.284'.
[  133.804926][ T5846] usb 6-1: new high-speed USB device number 9 using dummy_hcd
[  133.974870][ T5846] usb 6-1: Using ep0 maxpacket: 8
[  133.982488][ T5846] usb 6-1: config 0 interface 0 altsetting 254 endpoint 0x81 has an invalid bInterval 0, changing to 7
[  133.990702][ T5846] usb 6-1: config 0 interface 0 altsetting 254 endpoint 0x81 has invalid wMaxPacketSize 0
[  133.998169][ T5846] usb 6-1: config 0 interface 0 has no altsetting 0
[  134.000970][ T5846] usb 6-1: New USB device found, idVendor=04d8, idProduct=00dd, bcdDevice= 0.00
[  134.006780][ T5846] usb 6-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  134.022694][ T5846] usb 6-1: config 0 descriptor??
[  134.501517][ T6993] syzkaller0: entered promiscuous mode
[  134.504136][ T6993] syzkaller0: entered allmulticast mode
[  135.157010][ T5846] mcp2221 0003:04D8:00DD.0005: unknown main item tag 0x0
[  135.160306][ T5846] mcp2221 0003:04D8:00DD.0005: unknown main item tag 0x0
[  135.176383][ T5846] mcp2221 0003:04D8:00DD.0005: unknown main item tag 0x0
[  135.184916][ T5846] mcp2221 0003:04D8:00DD.0005: unknown main item tag 0x0
[  135.188065][ T5846] mcp2221 0003:04D8:00DD.0005: unknown main item tag 0x0
[  135.199784][ T5846] mcp2221 0003:04D8:00DD.0005: USB HID vff.ff Device [HID 04d8:00dd] on usb-dummy_hcd.1-1/input0
[  136.395328][ T5846] usb 6-1: reset high-speed USB device number 9 using dummy_hcd
[  137.337764][    T9] usb 6-1: USB disconnect, device number 9
[  137.492188][ T1430] ieee802154 phy0 wpan0: encryption failed: -22
[  137.495531][ T1430] ieee802154 phy1 wpan1: encryption failed: -22
[  138.324007][ T7040] kAFS: unable to lookup cell '(,c��L'
[  138.725224][ T7047] FAULT_INJECTION: forcing a failure.
[  138.725224][ T7047] name failslab, interval 1, probability 0, space 0, times 1
[  138.740958][ T7047] CPU: 2 UID: 0 PID: 7047 Comm: syz.3.301 Not tainted syzkaller #0 PREEMPT(full) 
[  138.740977][ T7047] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014
[  138.740984][ T7047] Call Trace:
[  138.740988][ T7047]  <TASK>
[  138.740993][ T7047]  dump_stack_lvl+0x100/0x190
[  138.741018][ T7047]  should_fail_ex.cold+0x5/0xa
[  138.741034][ T7047]  should_failslab+0xc2/0x120
[  138.741049][ T7047]  __kmalloc_cache_noprof+0x7a/0x6f0
[  138.741066][ T7047]  ? tcf_block_get_ext+0x94d/0x1950
[  138.741084][ T7047]  ? _raw_spin_unlock_irqrestore+0x3b/0x80
[  138.741102][ T7047]  tcf_block_get_ext+0x94d/0x1950
[  138.741118][ T7047]  ? qdisc_create+0x70/0x1070
[  138.741128][ T7047]  ? netlink_unicast+0x585/0x850
[  138.741146][ T7047]  ? netlink_sendmsg+0x8b0/0xda0
[  138.741162][ T7047]  tcf_block_get+0xa8/0x100
[  138.741178][ T7047]  ? __pfx_tcf_block_get+0x10/0x10
[  138.741193][ T7047]  ? __pfx_tcf_chain_head_change_dflt+0x10/0x10
[  138.741207][ T7047]  ? __pfx_drr_init_qdisc+0x10/0x10
[  138.741224][ T7047]  drr_init_qdisc+0x2e/0x100
[  138.741241][ T7047]  ? __pfx_drr_init_qdisc+0x10/0x10
[  138.741258][ T7047]  qdisc_create+0x47b/0x1070
[  138.741270][ T7047]  tc_modify_qdisc+0xdcf/0x2120
[  138.741284][ T7047]  ? __pfx_tc_modify_qdisc+0x10/0x10
[  138.741294][ T7047]  ? __lock_acquire+0x4a5/0x2630
[  138.741316][ T7047]  ? __pfx_tc_modify_qdisc+0x10/0x10
[  138.741326][ T7047]  rtnetlink_rcv_msg+0x3c9/0xe90
[  138.741343][ T7047]  ? __pfx_rtnetlink_rcv_msg+0x10/0x10
[  138.741359][ T7047]  ? __lock_acquire+0x4a5/0x2630
[  138.741372][ T7047]  netlink_rcv_skb+0x159/0x420
[  138.741388][ T7047]  ? __pfx_rtnetlink_rcv_msg+0x10/0x10
[  138.741403][ T7047]  ? __pfx_netlink_rcv_skb+0x10/0x10
[  138.741423][ T7047]  ? netlink_deliver_tap+0x1ae/0xcc0
[  138.741441][ T7047]  netlink_unicast+0x585/0x850
[  138.741458][ T7047]  ? __pfx_netlink_unicast+0x10/0x10
[  138.741478][ T7047]  netlink_sendmsg+0x8b0/0xda0
[  138.741498][ T7047]  ? __pfx_netlink_sendmsg+0x10/0x10
[  138.741518][ T7047]  ? aa_sock_msg_perm.isra.0+0x100/0x1b0
[  138.741544][ T7047]  ____sys_sendmsg+0x9e1/0xb70
[  138.741560][ T7047]  ? __pfx_netlink_sendmsg+0x10/0x10
[  138.741577][ T7047]  ? __pfx_____sys_sendmsg+0x10/0x10
[  138.741600][ T7047]  ___sys_sendmsg+0x190/0x1e0
[  138.741618][ T7047]  ? __pfx____sys_sendmsg+0x10/0x10
[  138.741641][ T7047]  ? find_held_lock+0x2b/0x80
[  138.741665][ T7047]  __sys_sendmsg+0x170/0x220
[  138.741678][ T7047]  ? __pfx___sys_sendmsg+0x10/0x10
[  138.741690][ T7047]  ? __fget_files+0x21f/0x3d0
[  138.741708][ T7047]  ? ksys_write+0x1ac/0x250
[  138.741736][ T7047]  ? rcu_is_watching+0x12/0xc0
[  138.741752][ T7047]  __do_fast_syscall_32+0xe7/0x950
[  138.741770][ T7047]  ? lockdep_hardirqs_on+0x78/0x100
[  138.741788][ T7047]  do_fast_syscall_32+0x32/0x70
[  138.741806][ T7047]  entry_SYSENTER_compat_after_hwframe+0x84/0x8e
[  138.741821][ T7047] RIP: 0023:0xf7f27fcc
[  138.741831][ T7047] Code: d2 74 05 c1 e8 0c 89 02 8b 5d fc 31 c0 c9 c3 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 0f 1f 00 51 52 55 89 e5 0f 34 cd 80 <5d> 5a 59 c3 90 2e 8d b4 26 00 00 00 00 8d b4 26 00 00 00 00 58 b8
[  138.741842][ T7047] RSP: 002b:00000000f53e650c EFLAGS: 00000292 ORIG_RAX: 0000000000000172
[  138.741854][ T7047] RAX: ffffffffffffffda RBX: 0000000000000006 RCX: 0000000080000340
[  138.741861][ T7047] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000000000000
[  138.741867][ T7047] RBP: 0000000000000000 R08: 0000000000000000 R09: 0000000000000000
[  138.741873][ T7047] R10: 0000000000000000 R11: 0000000000000292 R12: 0000000000000000
[  138.741880][ T7047] R13: 0000000000000000 R14: 0000000000000000 R15: 0000000000000000
[  138.741894][ T7047]  </TASK>
[  139.181531][ T7057] nbd3: detected capacity change from 0 to 63
[  139.190192][ T7058] block nbd3: NBD_DISCONNECT
[  139.192377][ T7058] block nbd3: Disconnected due to user request.
[  139.210368][ T7058] block nbd3: shutting down sockets
[  139.231703][ T7060] syzkaller0: entered promiscuous mode
[  139.234056][ T7060] syzkaller0: entered allmulticast mode
[  139.235546][    C0] I/O error, dev nbd3, sector 0 op 0x0:(READ) flags 0x0 phys_seg 1 prio class 2
[  139.239891][    C0] buffer_io_error: 322 callbacks suppressed
[  139.239908][    C0] Buffer I/O error on dev nbd3, logical block 0, async page read
[  139.251424][    C0] I/O error, dev nbd3, sector 2 op 0x0:(READ) flags 0x0 phys_seg 1 prio class 2
[  139.254225][    C0] Buffer I/O error on dev nbd3, logical block 1, async page read
[  139.256884][    C0] I/O error, dev nbd3, sector 4 op 0x0:(READ) flags 0x0 phys_seg 1 prio class 2
[  139.260041][    C0] Buffer I/O error on dev nbd3, logical block 2, async page read
[  139.262776][    C0] I/O error, dev nbd3, sector 6 op 0x0:(READ) flags 0x0 phys_seg 1 prio class 2
[  139.265660][    C0] Buffer I/O error on dev nbd3, logical block 3, async page read
[  139.268312][ T6010] I/O error, dev nbd3, sector 0 op 0x0:(READ) flags 0x0 phys_seg 1 prio class 2
[  139.274810][ T6010] Buffer I/O error on dev nbd3, logical block 0, async page read
[  139.278388][ T6010] I/O error, dev nbd3, sector 2 op 0x0:(READ) flags 0x0 phys_seg 1 prio class 2
[  139.281886][ T6010] Buffer I/O error on dev nbd3, logical block 1, async page read
[  139.284621][ T6010] I/O error, dev nbd3, sector 4 op 0x0:(READ) flags 0x0 phys_seg 1 prio class 2
[  139.288939][ T6010] Buffer I/O error on dev nbd3, logical block 2, async page read
[  139.292234][ T6010] I/O error, dev nbd3, sector 6 op 0x0:(READ) flags 0x0 phys_seg 1 prio class 2
[  139.296433][ T6010] Buffer I/O error on dev nbd3, logical block 3, async page read
[  139.299215][ T6010] I/O error, dev nbd3, sector 0 op 0x0:(READ) flags 0x0 phys_seg 1 prio class 2
[  139.303200][ T6010] Buffer I/O error on dev nbd3, logical block 0, async page read
[  139.310130][ T6010] I/O error, dev nbd3, sector 2 op 0x0:(READ) flags 0x0 phys_seg 1 prio class 2
[  139.313764][ T6010] Buffer I/O error on dev nbd3, logical block 1, async page read
[  139.325270][ T6010] ldm_validate_partition_table(): Disk read failed.
[  139.345133][ T6010] Dev nbd3: unable to read RDB block 0
[  139.362246][ T6010]  nbd3: unable to read partition table
[  139.380958][ T6010] ldm_validate_partition_table(): Disk read failed.
[  139.385701][ T7063] kvm: vcpu 0: requested lapic timer restore with starting count register 0x390=1812281087 (231971979136 ns) > initial count (200000 ns). Using initial count to start timer.
[  139.388692][ T6010] Dev nbd3: unable to read RDB block 0
[  139.394579][ T6010]  nbd3: unable to read partition table
[  147.532775][ T7072] veth1_macvtap: left promiscuous mode
[  147.534784][ T7072] macsec0: entered allmulticast mode
[  149.054860][   T34] usb 5-1: new full-speed USB device number 13 using dummy_hcd
[  149.206958][   T34] usb 5-1: config 5 has an invalid descriptor of length 0, skipping remainder of the config
[  149.214810][   T34] usb 5-1: config 5 has 0 interfaces, different from the descriptor's value: 1
[  149.217107][   T34] usb 5-1: New USB device found, idVendor=3923, idProduct=718a, bcdDevice=d8.d7
[  149.234823][   T34] usb 5-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  149.236162][ T7106] bridge1: trying to set multicast query interval below minimum, setting to 100 (1000ms)
[  149.237786][   T34] usb 5-1: Product: syz
[  149.247965][   T34] usb 5-1: Manufacturer: syz
[  149.251968][   T34] usb 5-1: SerialNumber: syz
[  149.301681][ T7108] faux_driver vkms: [drm] Unknown color mode 9; guessing buffer size.
[  150.711457][ T7148] FAULT_INJECTION: forcing a failure.
[  150.711457][ T7148] name failslab, interval 1, probability 0, space 0, times 0
[  150.717200][ T7148] CPU: 2 UID: 0 PID: 7148 Comm: syz.1.328 Not tainted syzkaller #0 PREEMPT(full) 
[  150.717225][ T7148] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014
[  150.717235][ T7148] Call Trace:
[  150.717241][ T7148]  <TASK>
[  150.717247][ T7148]  dump_stack_lvl+0x100/0x190
[  150.717273][ T7148]  should_fail_ex.cold+0x5/0xa
[  150.717295][ T7148]  should_failslab+0xc2/0x120
[  150.717314][ T7148]  kmem_cache_alloc_noprof+0x7b/0x6e0
[  150.717338][ T7148]  ? skb_clone+0x190/0x400
[  150.717360][ T7148]  skb_clone+0x190/0x400
[  150.717378][ T7148]  netlink_deliver_tap+0xaed/0xcc0
[  150.717404][ T7148]  netlink_unicast+0x62b/0x850
[  150.717429][ T7148]  ? __pfx_netlink_unicast+0x10/0x10
[  150.717456][ T7148]  netlink_sendmsg+0x8b0/0xda0
[  150.717481][ T7148]  ? __pfx_netlink_sendmsg+0x10/0x10
[  150.717504][ T7148]  ? aa_sock_msg_perm.isra.0+0x100/0x1b0
[  150.717534][ T7148]  ____sys_sendmsg+0x9e1/0xb70
[  150.717553][ T7148]  ? __pfx_netlink_sendmsg+0x10/0x10
[  150.717576][ T7148]  ? __pfx_____sys_sendmsg+0x10/0x10
[  150.717607][ T7148]  ___sys_sendmsg+0x190/0x1e0
[  150.717649][ T7148]  ? __pfx____sys_sendmsg+0x10/0x10
[  150.717683][ T7148]  ? find_held_lock+0x2b/0x80
[  150.717719][ T7148]  __sys_sendmsg+0x170/0x220
[  150.717737][ T7148]  ? __pfx___sys_sendmsg+0x10/0x10
[  150.717752][ T7148]  ? __fget_files+0x21f/0x3d0
[  150.717778][ T7148]  ? ksys_write+0x1ac/0x250
[  150.717797][ T7148]  ? rcu_is_watching+0x12/0xc0
[  150.717820][ T7148]  __do_fast_syscall_32+0xe7/0x950
[  150.717844][ T7148]  ? lockdep_hardirqs_on+0x78/0x100
[  150.717878][ T7148]  do_fast_syscall_32+0x32/0x70
[  150.717901][ T7148]  entry_SYSENTER_compat_after_hwframe+0x84/0x8e
[  150.717921][ T7148] RIP: 0023:0xf7f68fcc
[  150.717935][ T7148] Code: d2 74 05 c1 e8 0c 89 02 8b 5d fc 31 c0 c9 c3 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 0f 1f 00 51 52 55 89 e5 0f 34 cd 80 <5d> 5a 59 c3 90 2e 8d b4 26 00 00 00 00 8d b4 26 00 00 00 00 58 b8
[  150.717950][ T7148] RSP: 002b:00000000f542650c EFLAGS: 00000292 ORIG_RAX: 0000000000000172
[  150.717967][ T7148] RAX: ffffffffffffffda RBX: 0000000000000003 RCX: 00000000800004c0
[  150.717999][ T7148] RDX: 0000000000000110 RSI: 0000000000000000 RDI: 0000000000000000
[  150.718008][ T7148] RBP: 0000000000000000 R08: 0000000000000000 R09: 0000000000000000
[  150.718017][ T7148] R10: 0000000000000000 R11: 0000000000000292 R12: 0000000000000000
[  150.718025][ T7148] R13: 0000000000000000 R14: 0000000000000000 R15: 0000000000000000
[  150.718047][ T7148]  </TASK>
[  151.135280][   T39] usb 6-1: new high-speed USB device number 10 using dummy_hcd
[  151.304857][   T39] usb 6-1: Using ep0 maxpacket: 8
[  151.308308][   T39] usb 6-1: config 1 has 1 interface, different from the descriptor's value: 7
[  151.313232][   T39] usb 6-1: New USB device found, idVendor=082d, idProduct=0100, bcdDevice=70.4b
[  151.317411][   T39] usb 6-1: New USB device strings: Mfr=44, Product=2, SerialNumber=3
[  151.320850][   T39] usb 6-1: Product: syz
[  151.322746][   T39] usb 6-1: Manufacturer: syz
[  151.324463][   T39] usb 6-1: SerialNumber: syz
[  151.535642][   T39] usb 6-1: palm_os_3_probe - error -32 getting connection information
[  151.537381][ T7153] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy
[  151.538719][   T39] visor 6-1:1.0: probe with driver visor failed with error -32
[  151.549371][ T7153] misc raw-gadget: fail, usb_gadget_register_driver returned -16
[  151.555133][ T5846] usb 6-1: USB disconnect, device number 10
[  151.617154][ T7174] netlink: 16 bytes leftover after parsing attributes in process `syz.2.337'.
[  151.629076][ T7172] netlink: 4 bytes leftover after parsing attributes in process `syz.3.336'.
[  151.809778][   T34] usb 5-1: USB disconnect, device number 13
[  152.025033][   T58] usb 8-1: new high-speed USB device number 8 using dummy_hcd
[  152.152580][ T7188] syzkaller0: entered promiscuous mode
[  152.154496][ T7188] syzkaller0: entered allmulticast mode
[  152.174906][   T58] usb 8-1: Using ep0 maxpacket: 32
[  152.219552][ T7191] kAFS: unable to lookup cell '(,c��L'
[  152.336167][ T7196] overlayfs: failed to clone upperpath
[  152.420427][ T7199] fuse: Unknown parameter 'fd�0xffffffffffffffff'
[  153.486951][ T5753] Bluetooth: hci2: Controller not accepting commands anymore: ncmd = 0
[  153.498714][ T5753] Bluetooth: hci2: Injecting HCI hardware error event
[  153.525839][ T5100] Bluetooth: hci2: hardware error 0x00
[  154.081564][ T7206] fuse: fd is not a fuse device
[  154.896563][   T58] usb 8-1: unable to get BOS descriptor or descriptor too short
[  155.009948][   T58] usb 8-1: unable to read config index 0 descriptor/start: -71
[  155.015084][   T58] usb 8-1: can't read configurations, error -71
[  155.156259][ T7228] fuse: Unknown parameter 'fd�0xffffffffffffffff'
[  155.724911][ T5100] Bluetooth: hci2: Opcode 0x0c03 failed: -110
[  158.275419][ T7263] loop4: detected capacity change from 0 to 2640
[  158.285748][ T7263] buffer_io_error: 138 callbacks suppressed
[  158.285764][ T7263] Buffer I/O error on dev loop4, logical block 0, lost async page write
[  158.290915][ T7263] Buffer I/O error on dev loop4, logical block 1, lost async page write
[  158.293701][ T7263] Buffer I/O error on dev loop4, logical block 2, lost async page write
[  158.297140][ T7263] Buffer I/O error on dev loop4, logical block 3, lost async page write
[  158.299962][ T7263] Buffer I/O error on dev loop4, logical block 4, lost async page write
[  158.302966][ T7263] Buffer I/O error on dev loop4, logical block 5, lost async page write
[  158.307036][ T7263] Buffer I/O error on dev loop4, logical block 6, lost async page write
[  158.310021][ T7263] Buffer I/O error on dev loop4, logical block 7, lost async page write
[  158.312880][ T7263] Buffer I/O error on dev loop4, logical block 8, lost async page write
[  158.316103][ T7263] Buffer I/O error on dev loop4, logical block 9, lost async page write
[  158.398499][ T7271] netlink: 16 bytes leftover after parsing attributes in process `syz.2.366'.
[  159.004884][   T50] usb 5-1: new high-speed USB device number 14 using dummy_hcd
[  159.701800][ T7295] FAULT_INJECTION: forcing a failure.
[  159.701800][ T7295] name fail_usercopy, interval 1, probability 0, space 0, times 0
[  159.706760][ T7295] CPU: 3 UID: 0 PID: 7295 Comm: syz.3.374 Tainted: G             L      syzkaller #0 PREEMPT(full) 
[  159.706781][ T7295] Tainted: [L]=SOFTLOCKUP
[  159.706785][ T7295] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014
[  159.706792][ T7295] Call Trace:
[  159.706796][ T7295]  <TASK>
[  159.706801][ T7295]  dump_stack_lvl+0x100/0x190
[  159.706820][ T7295]  should_fail_ex.cold+0x5/0xa
[  159.706835][ T7295]  _copy_to_user+0x32/0xd0
[  159.706848][ T7295]  simple_read_from_buffer+0xcb/0x170
[  159.706864][ T7295]  proc_fail_nth_read+0x1af/0x230
[  159.706882][ T7295]  ? __pfx_proc_fail_nth_read+0x10/0x10
[  159.706900][ T7295]  ? rw_verify_area+0xce/0x6d0
[  159.706912][ T7295]  ? __pfx_proc_fail_nth_read+0x10/0x10
[  159.706929][ T7295]  vfs_read+0x1e4/0xb30
[  159.706943][ T7295]  ? __pfx_vfs_read+0x10/0x10
[  159.706954][ T7295]  ? find_held_lock+0x2b/0x80
[  159.706970][ T7295]  ? __fget_files+0x215/0x3d0
[  159.706984][ T7295]  ? __fget_files+0x21f/0x3d0
[  159.707000][ T7295]  ksys_read+0x12a/0x250
[  159.707012][ T7295]  ? __pfx_ksys_read+0x10/0x10
[  159.707024][ T7295]  ? rcu_is_watching+0x12/0xc0
[  159.707038][ T7295]  ? rcu_is_watching+0x12/0xc0
[  159.707052][ T7295]  do_int80_emulation+0x141/0x700
[  159.707074][ T7295]  asm_int80_emulation+0x1a/0x20
[  159.707086][ T7295] RIP: 0023:0xf71261ab
[  159.707096][ T7295] Code: 57 56 53 8b 44 24 14 f6 00 08 75 23 8b 44 24 18 8b 5c 24 1c 8b 4c 24 20 8b 54 24 24 8b 74 24 28 8b 7c 24 2c 8b 6c 24 30 cd 80 <5b> 5e 5f 5d c3 5b 5e 5f 5d e9 f7 a1 ff ff 66 90 66 90 66 90 90 53
[  159.707106][ T7295] RSP: 002b:00000000f53e64bc EFLAGS: 00000246 ORIG_RAX: 0000000000000003
[  159.707118][ T7295] RAX: ffffffffffffffda RBX: 0000000000000005 RCX: 00000000f53e65d0
[  159.707125][ T7295] RDX: 000000000000000f RSI: 0000000000000000 RDI: 0000000000000000
[  159.707131][ T7295] RBP: 0000000000000000 R08: 0000000000000000 R09: 0000000000000000
[  159.707136][ T7295] R10: 0000000000000000 R11: 0000000000000292 R12: 0000000000000000
[  159.707142][ T7295] R13: 0000000000000000 R14: 0000000000000000 R15: 0000000000000000
[  159.707155][ T7295]  </TASK>
[  159.714427][ T7297] netlink: 'syz.2.375': attribute type 1 has an invalid length.
[  159.795021][   T50] usb 5-1: Using ep0 maxpacket: 32
[  159.809296][   T50] usb 5-1: config 1 interface 0 has no altsetting 0
[  159.815553][   T50] usb 5-1: New USB device found, idVendor=04b8, idProduct=0202, bcdDevice= 0.40
[  159.820050][   T50] usb 5-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  159.823820][   T50] usb 5-1: Product: 滛輂넫ۻ蔖鶥ꏪ휑⹱㵍墍綋懗訓䮡崡㲎珛쀈釐ꬵ⨰܌楀音菢ﳔꧮ檼⼡ኑ肒㔴掖팳胷榶ᄨ痽䆕郅崶鳟懩舐苇蕍赫挿쵭畾⧊痿寥⒆
[  159.833241][   T50] usb 5-1: Manufacturer: 
[  159.834704][ T7297] workqueue: Failed to create a rescuer kthread for wq "bond1": -EINTR
[  159.835257][   T50] usb 5-1: SerialNumber: syz
[  159.864908][   T29] usb 6-1: new full-speed USB device number 11 using dummy_hcd
[  160.016704][   T29] usb 6-1: config 5 has an invalid descriptor of length 0, skipping remainder of the config
[  160.020903][   T29] usb 6-1: config 5 has 0 interfaces, different from the descriptor's value: 1
[  160.029098][   T29] usb 6-1: New USB device found, idVendor=3923, idProduct=718a, bcdDevice=d8.d7
[  160.032654][   T29] usb 6-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  160.035995][   T29] usb 6-1: Product: syz
[  160.037816][   T29] usb 6-1: Manufacturer: syz
[  160.039997][   T29] usb 6-1: SerialNumber: syz
[  160.127574][ T7281] Bluetooth: hci3: Opcode 0x0c1a failed: -4
[  160.132817][ T7281] Bluetooth: hci3: Opcode 0x0406 failed: -4
[  160.144161][ T7281] Bluetooth: hci3: Opcode 0x0406 failed: -4
[  160.220913][   T50] usb 5-1: USB disconnect, device number 14
[  160.301600][ T7317] netlink: 16 bytes leftover after parsing attributes in process `syz.0.380'.
[  160.644849][   T50] usb 5-1: new high-speed USB device number 15 using dummy_hcd
[  160.794950][   T50] usb 5-1: Using ep0 maxpacket: 8
[  160.803132][   T50] usb 5-1: config 0 interface 0 altsetting 254 endpoint 0x81 has an invalid bInterval 0, changing to 7
[  160.809238][   T50] usb 5-1: config 0 interface 0 altsetting 254 endpoint 0x81 has invalid wMaxPacketSize 0
[  160.812609][   T50] usb 5-1: config 0 interface 0 has no altsetting 0
[  160.816042][   T50] usb 5-1: New USB device found, idVendor=04d8, idProduct=00dd, bcdDevice= 0.00
[  160.820206][   T50] usb 5-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  160.825960][   T50] usb 5-1: config 0 descriptor??
[  161.257039][   T50] mcp2221 0003:04D8:00DD.0006: unknown main item tag 0x0
[  161.263318][   T50] mcp2221 0003:04D8:00DD.0006: unknown main item tag 0x0
[  161.266480][   T50] mcp2221 0003:04D8:00DD.0006: unknown main item tag 0x0
[  161.269775][   T50] mcp2221 0003:04D8:00DD.0006: unknown main item tag 0x0
[  161.273169][   T50] mcp2221 0003:04D8:00DD.0006: unknown main item tag 0x0
[  161.277194][   T50] mcp2221 0003:04D8:00DD.0006: USB HID vff.ff Device [HID 04d8:00dd] on usb-dummy_hcd.0-1/input0
[  162.114801][    T0] NOHZ tick-stop error: local softirq work is pending, handler #280!!!
[  162.214869][ T5100] Bluetooth: hci3: command 0x0419 tx timeout
[  162.508697][   T50] usb 5-1: reset high-speed USB device number 15 using dummy_hcd
[  162.554812][    T0] NOHZ tick-stop error: local softirq work is pending, handler #280!!!
[  162.594797][    T0] NOHZ tick-stop error: local softirq work is pending, handler #202!!!
[  162.707053][   T29] usb 6-1: USB disconnect, device number 11
[  163.065459][ T7338] Zero length message leads to an empty skb
[  163.185817][ T7338] syzkaller0: entered promiscuous mode
[  163.187992][ T7338] syzkaller0: entered allmulticast mode
[  163.511981][ T7341] netlink: 'syz.2.385': attribute type 1 has an invalid length.
[  163.608258][ T7346] loop4: detected capacity change from 0 to 2640
[  163.622252][ T7314] buffer_io_error: 320 callbacks suppressed
[  163.622292][ T7314] Buffer I/O error on dev loop4, logical block 0, async page read
[  163.628874][ T7347] netlink: 4 bytes leftover after parsing attributes in process `syz.2.385'.
[  163.637348][ T7314] Buffer I/O error on dev loop4, logical block 0, async page read
[  163.645583][ T7314] Buffer I/O error on dev loop4, logical block 0, async page read
[  163.655408][ T7314] Buffer I/O error on dev loop4, logical block 0, async page read
[  163.659821][ T7314] Buffer I/O error on dev loop4, logical block 0, async page read
[  164.285461][ T5100] Bluetooth: hci3: command 0x0419 tx timeout
[  164.286535][ T6083] usb 5-1: USB disconnect, device number 15
[  166.364934][ T5100] Bluetooth: hci3: command 0x0419 tx timeout
[  166.957131][ T7341] workqueue: Failed to create a rescuer kthread for wq "bond1": -EINTR
[  167.188465][ T7384] netlink: 16 bytes leftover after parsing attributes in process `syz.3.394'.
[  167.454862][ T5856] usb 8-1: new high-speed USB device number 10 using dummy_hcd
[  168.295066][ T5856] usb 8-1: Using ep0 maxpacket: 8
[  168.307956][ T5856] usb 8-1: config 0 interface 0 altsetting 254 endpoint 0x81 has an invalid bInterval 0, changing to 7
[  168.311945][ T5856] usb 8-1: config 0 interface 0 altsetting 254 endpoint 0x81 has invalid wMaxPacketSize 0
[  168.315792][ T5856] usb 8-1: config 0 interface 0 has no altsetting 0
[  168.321635][ T5856] usb 8-1: New USB device found, idVendor=04d8, idProduct=00dd, bcdDevice= 0.00
[  168.324963][ T5856] usb 8-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  169.136768][ T5856] usb 8-1: config 0 descriptor??
[  169.318570][ T7413] kAFS: unable to lookup cell '(,c��L'
[  169.339803][    T0] NOHZ tick-stop error: local softirq work is pending, handler #28a!!!
[  169.368307][    T0] NOHZ tick-stop error: local softirq work is pending, handler #280!!!
[  169.638333][    T0] NOHZ tick-stop error: local softirq work is pending, handler #08!!!
[  169.657204][    T0] NOHZ tick-stop error: local softirq work is pending, handler #08!!!
[  169.675861][    T0] NOHZ tick-stop error: local softirq work is pending, handler #08!!!
[  169.685894][    T0] NOHZ tick-stop error: local softirq work is pending, handler #40!!!
[  170.322142][ T5856] mcp2221 0003:04D8:00DD.0007: unknown main item tag 0x0
[  170.326805][ T5856] mcp2221 0003:04D8:00DD.0007: unknown main item tag 0x0
[  170.330005][ T5856] mcp2221 0003:04D8:00DD.0007: unknown main item tag 0x0
[  170.333019][ T5856] mcp2221 0003:04D8:00DD.0007: unknown main item tag 0x0
[  170.335856][ T5856] mcp2221 0003:04D8:00DD.0007: unknown main item tag 0x0
[  170.339367][ T5856] mcp2221 0003:04D8:00DD.0007: USB HID vff.ff Device [HID 04d8:00dd] on usb-dummy_hcd.3-1/input0
[  171.238635][ T6654] usb 8-1: USB disconnect, device number 10
[  171.370408][ T7440] netlink: 8 bytes leftover after parsing attributes in process `syz.3.408'.
[  172.131534][ T7463] kAFS: unable to lookup cell '(,c��L'
[  173.055746][ T7468] netlink: 16 bytes leftover after parsing attributes in process `syz.1.414'.
[  173.424871][ T6654] usb 6-1: new high-speed USB device number 12 using dummy_hcd
[  174.164839][ T6654] usb 6-1: Using ep0 maxpacket: 8
[  174.169738][ T6654] usb 6-1: config 0 interface 0 altsetting 254 endpoint 0x81 has an invalid bInterval 0, changing to 7
[  174.175605][ T6654] usb 6-1: config 0 interface 0 altsetting 254 endpoint 0x81 has invalid wMaxPacketSize 0
[  174.179969][ T6654] usb 6-1: config 0 interface 0 has no altsetting 0
[  174.183205][ T6654] usb 6-1: New USB device found, idVendor=04d8, idProduct=00dd, bcdDevice= 0.00
[  174.188335][ T6654] usb 6-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  174.200814][ T6654] usb 6-1: config 0 descriptor??
[  174.633577][ T6654] mcp2221 0003:04D8:00DD.0008: unknown main item tag 0x0
[  174.638576][ T6654] mcp2221 0003:04D8:00DD.0008: unknown main item tag 0x0
[  174.642055][ T6654] mcp2221 0003:04D8:00DD.0008: unknown main item tag 0x0
[  174.645922][ T6654] mcp2221 0003:04D8:00DD.0008: unknown main item tag 0x0
[  174.651270][ T6654] mcp2221 0003:04D8:00DD.0008: unknown main item tag 0x0
[  174.665558][ T6654] mcp2221 0003:04D8:00DD.0008: USB HID vff.ff Device [HID 04d8:00dd] on usb-dummy_hcd.1-1/input0
[  175.825219][ T6654] usb 6-1: reset high-speed USB device number 12 using dummy_hcd
[  175.984489][   T40] audit: type=1326 audit(1778639723.557:4): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=7498 comm="syz.0.423" exe="/syz-executor" sig=0 arch=40000003 syscall=240 compat=1 ip=0xf6feefcc code=0x7ffc0000
[  176.014428][   T40] audit: type=1326 audit(1778639723.587:5): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=7498 comm="syz.0.423" exe="/syz-executor" sig=0 arch=40000003 syscall=295 compat=1 ip=0xf6feefcc code=0x7ffc0000
[  176.066160][   T40] audit: type=1326 audit(1778639723.647:6): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=7498 comm="syz.0.423" exe="/syz-executor" sig=0 arch=40000003 syscall=240 compat=1 ip=0xf6feefcc code=0x7ffc0000
[  176.112757][   T40] audit: type=1326 audit(1778639723.677:7): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=7498 comm="syz.0.423" exe="/syz-executor" sig=0 arch=40000003 syscall=240 compat=1 ip=0xf6feefcc code=0x7ffc0000
[  176.142798][   T40] audit: type=1326 audit(1778639723.707:8): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=7498 comm="syz.0.423" exe="/syz-executor" sig=0 arch=40000003 syscall=361 compat=1 ip=0xf6feefcc code=0x7ffc0000
[  176.155597][   T40] audit: type=1326 audit(1778639723.717:9): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=7498 comm="syz.0.423" exe="/syz-executor" sig=0 arch=40000003 syscall=240 compat=1 ip=0xf6feefcc code=0x7ffc0000
[  176.165149][   T40] audit: type=1326 audit(1778639723.737:10): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=7498 comm="syz.0.423" exe="/syz-executor" sig=0 arch=40000003 syscall=359 compat=1 ip=0xf6feefcc code=0x7ffc0000
[  176.172600][   T40] audit: type=1326 audit(1778639723.737:11): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=7498 comm="syz.0.423" exe="/syz-executor" sig=0 arch=40000003 syscall=240 compat=1 ip=0xf6feefcc code=0x7ffc0000
[  176.187851][   T40] audit: type=1326 audit(1778639723.737:12): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=7498 comm="syz.0.423" exe="/syz-executor" sig=0 arch=40000003 syscall=357 compat=1 ip=0xf6feefcc code=0x7ffc0000
[  176.203662][   T40] audit: type=1326 audit(1778639723.737:13): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=7498 comm="syz.0.423" exe="/syz-executor" sig=0 arch=40000003 syscall=240 compat=1 ip=0xf6feefcc code=0x7ffc0000
[  176.835705][   T34] usb 6-1: USB disconnect, device number 12
[  177.734840][   T50] usb 5-1: new high-speed USB device number 16 using dummy_hcd
[  177.886732][   T50] usb 5-1: config 74 has an invalid descriptor of length 0, skipping remainder of the config
[  177.891027][   T50] usb 5-1: config 74 has 0 interfaces, different from the descriptor's value: 1
[  177.895711][   T50] usb 5-1: New USB device found, idVendor=13b1, idProduct=0042, bcdDevice=df.bb
[  177.899531][   T50] usb 5-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  180.516810][   T50] usb 5-1: string descriptor 0 read error: -71
[  180.540417][   T50] usb 5-1: USB disconnect, device number 16
[  181.170870][ T7582] kAFS: unable to lookup cell '(,c��L'
[  183.954882][ T6083] usb 6-1: new full-speed USB device number 13 using dummy_hcd
[  184.116780][ T6083] usb 6-1: config 5 has an invalid descriptor of length 0, skipping remainder of the config
[  184.121339][ T6083] usb 6-1: config 5 has 0 interfaces, different from the descriptor's value: 1
[  184.129120][ T6083] usb 6-1: New USB device found, idVendor=3923, idProduct=718a, bcdDevice=d8.d7
[  184.133525][ T6083] usb 6-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  184.137648][ T6083] usb 6-1: Product: syz
[  184.139591][ T6083] usb 6-1: Manufacturer: syz
[  184.141697][ T6083] usb 6-1: SerialNumber: syz
[  184.976960][ T7621] kAFS: unable to lookup cell '(,c��L'
[  186.709047][ T6083] usb 6-1: USB disconnect, device number 13
[  186.764222][ T7632] netlink: 52 bytes leftover after parsing attributes in process `syz.1.452'.
[  187.061824][ T7637] syzkaller0: entered promiscuous mode
[  187.086640][ T7637] syzkaller0: entered allmulticast mode
[  187.529104][ T7658] process 'syz.1.459' launched './file2' with NULL argv: empty string added
[  187.854872][ T6083] usb 6-1: new high-speed USB device number 14 using dummy_hcd
[  188.014843][ T6083] usb 6-1: Using ep0 maxpacket: 8
[  188.018924][ T6083] usb 6-1: config 168 descriptor has 1 excess byte, ignoring
[  188.022661][ T6083] usb 6-1: too many endpoints for config 168 interface 0 altsetting 188: 100, using maximum allowed: 30
[  188.028133][ T6083] usb 6-1: config 168 interface 0 altsetting 188 endpoint 0x3 has an invalid bInterval 255, changing to 11
[  188.033011][ T6083] usb 6-1: config 168 interface 0 altsetting 188 has an endpoint descriptor with address 0xFF, changing to 0x8F
[  188.045084][ T6083] usb 6-1: config 168 interface 0 altsetting 188 endpoint 0x8F has an invalid bInterval 0, changing to 7
[  188.060005][ T6083] usb 6-1: config 168 interface 0 altsetting 188 endpoint 0x8F has invalid maxpacket 59391, setting to 1024
[  188.074913][ T6083] usb 6-1: config 168 interface 0 altsetting 188 has 2 endpoint descriptors, different from the interface descriptor's value: 100
[  188.085072][ T6083] usb 6-1: config 168 interface 0 has no altsetting 0
[  188.091015][ T6083] usb 6-1: config 168 descriptor has 1 excess byte, ignoring
[  188.097624][ T6083] usb 6-1: too many endpoints for config 168 interface 0 altsetting 188: 100, using maximum allowed: 30
[  188.110326][ T6083] usb 6-1: config 168 interface 0 altsetting 188 endpoint 0x3 has an invalid bInterval 255, changing to 11
[  188.116943][ T6083] usb 6-1: config 168 interface 0 altsetting 188 has an endpoint descriptor with address 0xFF, changing to 0x8F
[  188.120832][ T6083] usb 6-1: config 168 interface 0 altsetting 188 endpoint 0x8F has an invalid bInterval 0, changing to 7
[  188.124385][ T6083] usb 6-1: config 168 interface 0 altsetting 188 endpoint 0x8F has invalid maxpacket 59391, setting to 1024
[  188.134963][ T6083] usb 6-1: config 168 interface 0 altsetting 188 has 2 endpoint descriptors, different from the interface descriptor's value: 100
[  188.145090][ T6083] usb 6-1: config 168 interface 0 has no altsetting 0
[  188.149097][ T6083] usb 6-1: config 168 descriptor has 1 excess byte, ignoring
[  188.155094][ T6083] usb 6-1: too many endpoints for config 168 interface 0 altsetting 188: 100, using maximum allowed: 30
[  188.159846][ T6083] usb 6-1: config 168 interface 0 altsetting 188 endpoint 0x3 has an invalid bInterval 255, changing to 11
[  188.165426][ T6083] usb 6-1: config 168 interface 0 altsetting 188 has an endpoint descriptor with address 0xFF, changing to 0x8F
[  188.170293][ T6083] usb 6-1: config 168 interface 0 altsetting 188 endpoint 0x8F has an invalid bInterval 0, changing to 7
[  188.174552][ T6083] usb 6-1: config 168 interface 0 altsetting 188 endpoint 0x8F has invalid maxpacket 59391, setting to 1024
[  188.182767][ T6083] usb 6-1: config 168 interface 0 altsetting 188 has 2 endpoint descriptors, different from the interface descriptor's value: 100
[  188.189211][ T6083] usb 6-1: config 168 interface 0 has no altsetting 0
[  188.200496][ T6083] usb 6-1: string descriptor 0 read error: -22
[  188.215071][ T6083] usb 6-1: New USB device found, idVendor=0a07, idProduct=0064, bcdDevice=40.6e
[  188.229939][ T6083] usb 6-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  188.256460][ T6083] adutux 6-1:168.0: ADU100  now attached to /dev/usb/adutux0
[  188.964816][   T34] usb 5-1: new high-speed USB device number 17 using dummy_hcd
[  189.144796][   T34] usb 5-1: Using ep0 maxpacket: 32
[  190.204007][ T7695] input: syz1 as /devices/virtual/input/input6
[  190.490920][ T7701] wg2 speed is unknown, defaulting to 1000
[  190.548973][ T7701] wg2 speed is unknown, defaulting to 1000
[  190.588346][ T7701] wg2 speed is unknown, defaulting to 1000
[  190.609542][   T50] usb 6-1: USB disconnect, device number 14
[  190.710451][ T7706] netlink: 4 bytes leftover after parsing attributes in process `syz.3.474'.
[  190.900083][ T7711] FAULT_INJECTION: forcing a failure.
[  190.900083][ T7711] name fail_usercopy, interval 1, probability 0, space 0, times 0
[  190.908264][ T7711] CPU: 0 UID: 0 PID: 7711 Comm: syz.3.477 Tainted: G             L      syzkaller #0 PREEMPT(full) 
[  190.908286][ T7711] Tainted: [L]=SOFTLOCKUP
[  190.908289][ T7711] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014
[  190.908296][ T7711] Call Trace:
[  190.908300][ T7711]  <TASK>
[  190.908305][ T7711]  dump_stack_lvl+0x100/0x190
[  190.908335][ T7711]  should_fail_ex.cold+0x5/0xa
[  190.908352][ T7711]  _copy_from_user+0x2e/0xd0
[  190.908368][ T7711]  kstrtouint_from_user+0xd6/0x1d0
[  190.908383][ T7711]  ? __pfx_kstrtouint_from_user+0x10/0x10
[  190.908397][ T7711]  ? __lock_acquire+0x4a5/0x2630
[  190.908416][ T7711]  proc_fail_nth_write+0x83/0x220
[  190.908436][ T7711]  ? __pfx_proc_fail_nth_write+0x10/0x10
[  190.908457][ T7711]  vfs_write+0x2aa/0x1070
[  190.908472][ T7711]  ? __pfx_proc_fail_nth_write+0x10/0x10
[  190.908490][ T7711]  ? __pfx_vfs_write+0x10/0x10
[  190.908502][ T7711]  ? find_held_lock+0x2b/0x80
[  190.908516][ T7711]  ? __fget_files+0x215/0x3d0
[  190.908531][ T7711]  ? __fget_files+0x21f/0x3d0
[  190.908547][ T7711]  ksys_write+0x12a/0x250
[  190.908560][ T7711]  ? __pfx_ksys_write+0x10/0x10
[  190.908573][ T7711]  ? rcu_is_watching+0x12/0xc0
[  190.908589][ T7711]  do_int80_emulation+0x141/0x700
[  190.908610][ T7711]  asm_int80_emulation+0x1a/0x20
[  190.908623][ T7711] RIP: 0023:0xf71261ab
[  190.908632][ T7711] Code: 57 56 53 8b 44 24 14 f6 00 08 75 23 8b 44 24 18 8b 5c 24 1c 8b 4c 24 20 8b 54 24 24 8b 74 24 28 8b 7c 24 2c 8b 6c 24 30 cd 80 <5b> 5e 5f 5d c3 5b 5e 5f 5d e9 f7 a1 ff ff 66 90 66 90 66 90 90 53
[  190.908642][ T7711] RSP: 002b:00000000f53e64bc EFLAGS: 00000246 ORIG_RAX: 0000000000000004
[  190.908654][ T7711] RAX: ffffffffffffffda RBX: 0000000000000006 RCX: 00000000f53e65d0
[  190.908660][ T7711] RDX: 0000000000000001 RSI: 0000000000000000 RDI: 0000000000000000
[  190.908666][ T7711] RBP: 0000000000000000 R08: 0000000000000000 R09: 0000000000000000
[  190.908672][ T7711] R10: 0000000000000000 R11: 0000000000000292 R12: 0000000000000000
[  190.908678][ T7711] R13: 0000000000000000 R14: 0000000000000000 R15: 0000000000000000
[  190.908692][ T7711]  </TASK>
[  191.111799][ T7714] kvm: vcpu 0: requested lapic timer restore with starting count register 0x390=1812281087 (231971979136 ns) > initial count (200000 ns). Using initial count to start timer.
[  191.294201][   T29] wg2 speed is unknown, defaulting to 1000
[  191.297662][ T7701] infiniband syz2: set active
[  191.302845][ T7701] infiniband syz2: added wg2
[  191.416324][ T7701] smbdirect: ib_dev[syz2]: added: IB_CA max_fast_reg_page_list_len=512 device_cap_flags=0x1c001223c76 kernel_cap_flags=0x14 page_size_cap=0xfffff000
[  191.423601][ T7701] smbdirect: ib_dev[syz2]: num_ports=1 max_qp_rd_atom=128 max_qp_init_rd_atom=128 max_sgl_rd=0 max_sge_rd=32 max_cqe=32767 max_qp_wr=1048576 max_send_sge=32 max_recv_sge=32
[  191.431287][ T7701] smbdirect: ib_dev[syz2]PORT[1]: iwarp=0 ib=0 roce=1 v1=0 v2=1 core_cap_flags=0x803005
[  191.484622][ T7701] RDS/IB: syz2: added
[  191.489467][ T7701] smc: adding ib device syz2 with port count 1
[  191.492942][ T7701] smc:    ib device syz2 port 1 has no pnetid
[  191.500626][   T29] wg2 speed is unknown, defaulting to 1000
[  191.535543][ T7701] wg2 speed is unknown, defaulting to 1000
[  191.706732][   T34] usb 5-1: unable to get BOS descriptor or descriptor too short
[  191.715535][   T34] usb 5-1: unable to read config index 0 descriptor/start: -71
[  191.720919][   T34] usb 5-1: can't read configurations, error -71
[  191.801176][ T7701] wg2 speed is unknown, defaulting to 1000
[  192.048321][ T7701] wg2 speed is unknown, defaulting to 1000
[  192.276989][ T7732] kAFS: unable to lookup cell '(,c��L'
[  192.301935][ T7701] wg2 speed is unknown, defaulting to 1000
[  192.686679][ T7701] wg2 speed is unknown, defaulting to 1000
[  197.734259][ T7792] netlink: 4 bytes leftover after parsing attributes in process `syz.3.497'.
[  197.813183][ T7795] kAFS: unable to lookup cell '(,c��L'
[  198.083700][ T7795] wg2 speed is unknown, defaulting to 1000
[  198.574908][   T34] usb 6-1: new high-speed USB device number 15 using dummy_hcd
[  198.724902][   T34] usb 6-1: Using ep0 maxpacket: 32
[  198.927634][ T1430] ieee802154 phy0 wpan0: encryption failed: -22
[  198.930293][ T1430] ieee802154 phy1 wpan1: encryption failed: -22
[  199.052304][ T7817] tipc: Started in network mode
[  199.054015][ T7817] tipc: Node identity 1e6f973b3889, cluster identity 4711
[  199.058308][ T7817] tipc: Enabled bearer <eth:syzkaller0>, priority 0
[  199.067968][ T7817] syzkaller0: entered promiscuous mode
[  199.069882][ T7817] syzkaller0: entered allmulticast mode
[  199.087271][ T7817] tipc: Resetting bearer <eth:syzkaller0>
[  199.110620][ T7817] tipc: Resetting bearer <eth:syzkaller0>
[  199.147846][ T7817] tipc: Disabling bearer <eth:syzkaller0>
[  200.934198][ T7821] kAFS: unable to lookup cell '(,c��L'
[  201.000698][ T7822] wg2 speed is unknown, defaulting to 1000
[  201.299705][   T34] usb 6-1: unable to get BOS descriptor or descriptor too short
[  201.309270][   T34] usb 6-1: unable to read config index 0 descriptor/start: -71
[  201.314825][   T34] usb 6-1: can't read configurations, error -71
[  203.768396][ T7857] netlink: 'syz.3.510': attribute type 1 has an invalid length.
[  203.788053][ T7857] bond1: entered promiscuous mode
[  203.789875][ T7857] bond1: entered allmulticast mode
[  203.792087][ T7857] 8021q: adding VLAN 0 to HW filter on device bond1
[  203.855815][ T7863] erspan1: entered allmulticast mode
[  203.865088][ T7863] bond1: (slave erspan1): making interface the new active one
[  203.867579][ T7863] erspan1: entered promiscuous mode
[  203.870655][ T7863] bond1: (slave erspan1): Enslaving as an active interface with an up link
[  204.064480][ T7873] netlink: 52 bytes leftover after parsing attributes in process `syz.2.512'.
[  204.233505][   T40] kauditd_printk_skb: 14 callbacks suppressed
[  204.233519][   T40] audit: type=1800 audit(1778639751.807:28): pid=7897 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=set_data cause=unavailable-hash-algorithm comm="syz.2.514" name="/newroot/172/memory.stat" dev="tmpfs" ino=947 res=0 errno=0
[  204.338421][ T7903] netlink: 4 bytes leftover after parsing attributes in process `syz.2.515'.
[  204.914065][ T7920] kAFS: unable to lookup cell '(,c��L'
[  205.010015][ T7920] wg2 speed is unknown, defaulting to 1000
[  205.524875][    T0] NOHZ tick-stop error: local softirq work is pending, handler #80!!!
[  206.804622][ T7929] 9p: Bad value for 'rfdno'
[  206.907981][ T7931] netlink: 16 bytes leftover after parsing attributes in process `syz.2.520'.
[  208.703955][ T7970] kAFS: unable to lookup cell '(,c��L'
[  208.829317][ T7970] wg2 speed is unknown, defaulting to 1000
[  208.903043][ T7973] trusted_key: syz.0.531 sent an empty control message without MSG_MORE.
[  209.677359][ T7982] netlink: 168 bytes leftover after parsing attributes in process `syz.0.534'.
[  209.762054][ T7985] FAULT_INJECTION: forcing a failure.
[  209.762054][ T7985] name failslab, interval 1, probability 0, space 0, times 0
[  209.780297][ T7985] CPU: 2 UID: 0 PID: 7985 Comm: syz.0.535 Tainted: G             L      syzkaller #0 PREEMPT(full) 
[  209.780319][ T7985] Tainted: [L]=SOFTLOCKUP
[  209.780323][ T7985] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014
[  209.780329][ T7985] Call Trace:
[  209.780335][ T7985]  <TASK>
[  209.780339][ T7985]  dump_stack_lvl+0x100/0x190
[  209.780360][ T7985]  should_fail_ex.cold+0x5/0xa
[  209.780402][ T7985]  ? tomoyo_encode2+0xfb/0x3c0
[  209.780420][ T7985]  should_failslab+0xc2/0x120
[  209.780436][ T7985]  __kmalloc_noprof+0xe0/0x850
[  209.780450][ T7985]  tomoyo_encode2+0xfb/0x3c0
[  209.780466][ T7985]  tomoyo_encode+0x29/0x50
[  209.780479][ T7985]  tomoyo_realpath_from_path+0x18c/0x690
[  209.780496][ T7985]  tomoyo_path_number_perm+0x23c/0x580
[  209.780507][ T7985]  ? tomoyo_path_number_perm+0x22e/0x580
[  209.780519][ T7985]  ? __pfx_tomoyo_path_number_perm+0x10/0x10
[  209.780531][ T7985]  ? get_pid_task+0x106/0x250
[  209.780564][ T7985]  ? find_held_lock+0x2b/0x80
[  209.780579][ T7985]  ? __fget_files+0x215/0x3d0
[  209.780591][ T7985]  ? hook_file_ioctl_common+0x149/0x410
[  209.780605][ T7985]  ? __fget_files+0x215/0x3d0
[  209.780619][ T7985]  ? __fget_files+0x21f/0x3d0
[  209.780634][ T7985]  security_file_ioctl_compat+0xd3/0x230
[  209.780648][ T7985]  __ia32_compat_sys_ioctl+0xc2/0x360
[  209.780661][ T7985]  __do_fast_syscall_32+0xe7/0x950
[  209.780682][ T7985]  ? lockdep_hardirqs_on+0x78/0x100
[  209.780699][ T7985]  do_fast_syscall_32+0x32/0x70
[  209.780716][ T7985]  entry_SYSENTER_compat_after_hwframe+0x84/0x8e
[  209.780731][ T7985] RIP: 0023:0xf6feefcc
[  209.780740][ T7985] Code: d2 74 05 c1 e8 0c 89 02 8b 5d fc 31 c0 c9 c3 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 0f 1f 00 51 52 55 89 e5 0f 34 cd 80 <5d> 5a 59 c3 90 2e 8d b4 26 00 00 00 00 8d b4 26 00 00 00 00 58 b8
[  209.780753][ T7985] RSP: 002b:00000000f53dd50c EFLAGS: 00000292 ORIG_RAX: 0000000000000036
[  209.780765][ T7985] RAX: ffffffffffffffda RBX: 0000000000000003 RCX: 0000000040088a01
[  209.780772][ T7985] RDX: 0000000080000000 RSI: 0000000000000000 RDI: 0000000000000000
[  209.780778][ T7985] RBP: 0000000000000000 R08: 0000000000000000 R09: 0000000000000000
[  209.780784][ T7985] R10: 0000000000000000 R11: 0000000000000292 R12: 0000000000000000
[  209.780790][ T7985] R13: 0000000000000000 R14: 0000000000000000 R15: 0000000000000000
[  209.780803][ T7985]  </TASK>
[  209.780814][ T7985] ERROR: Out of memory at tomoyo_realpath_from_path.
[  209.918806][ T7984] netlink: 8 bytes leftover after parsing attributes in process `syz.1.533'.
[  209.919403][ T7989] fuse: Unknown parameter 'fd�0x0000000000000003'
[  209.924448][ T7984] netlink: 20 bytes leftover after parsing attributes in process `syz.1.533'.
[  209.950111][ T7984] netlink: 8 bytes leftover after parsing attributes in process `syz.1.533'.
[  209.953155][ T7984] netlink: 20 bytes leftover after parsing attributes in process `syz.1.533'.
[  210.036898][ T1252] netdevsim netdevsim1 netdevsim0: set [0, 0] type 1 family 0 port 8472 - 0
[  210.040803][ T1252] netdevsim netdevsim1 netdevsim1: set [0, 0] type 1 family 0 port 8472 - 0
[  210.043769][ T1252] netdevsim netdevsim1 netdevsim2: set [0, 0] type 1 family 0 port 8472 - 0
[  210.051726][ T1252] netdevsim netdevsim1 netdevsim3: set [0, 0] type 1 family 0 port 8472 - 0
[  211.571271][ T8003] nbd1: detected capacity change from 0 to 63
[  211.629405][ T8009] netlink: 4 bytes leftover after parsing attributes in process `syz.1.542'.
[  211.729999][ T5100] block nbd1: Receive control failed (result -104)
[  212.675494][ T8013] kAFS: unable to lookup cell '(,c��L'
[  212.720286][ T8013] wg2 speed is unknown, defaulting to 1000
[  212.971826][ T8038] kAFS: unable to lookup cell '(,c��L'
[  213.197721][ T8044] netlink: 4 bytes leftover after parsing attributes in process `syz.0.551'.
[  213.706111][ T8038] wg2 speed is unknown, defaulting to 1000
[  214.399755][ T5100] Bluetooth: hci3: unexpected event for opcode 0x0405
[  214.563243][ T8060] netlink: 36 bytes leftover after parsing attributes in process `syz.1.556'.
[  214.792353][ T8067] loop4: detected capacity change from 0 to 2640
[  214.804348][ T7103] Buffer I/O error on dev loop4, logical block 0, async page read
[  214.808962][ T7103] Buffer I/O error on dev loop4, logical block 0, async page read
[  214.812992][ T7103] Buffer I/O error on dev loop4, logical block 0, async page read
[  214.818311][ T7103] Buffer I/O error on dev loop4, logical block 0, async page read
[  214.826074][ T7103] Buffer I/O error on dev loop4, logical block 0, async page read
[  214.868998][ T8069] kvm: vcpu 0: requested lapic timer restore with starting count register 0x390=1812281087 (231971979136 ns) > initial count (200000 ns). Using initial count to start timer.
[  214.984879][   T34] usb 5-1: new high-speed USB device number 19 using dummy_hcd
[  215.144989][   T34] usb 5-1: Using ep0 maxpacket: 32
[  215.268099][ T8072] kAFS: unable to lookup cell '(,c��L'
[  215.280148][ T8072] wg2 speed is unknown, defaulting to 1000
[  216.567347][ T8088] netlink: 'syz.2.564': attribute type 1 has an invalid length.
[  216.588459][ T8088] warning: `syz.2.564' uses wireless extensions which will stop working for Wi-Fi 7 hardware; use nl80211
[  217.032436][ T8100] kAFS: unable to lookup cell '(,c��L'
[  217.072783][ T8100] wg2 speed is unknown, defaulting to 1000
[  218.081356][ T8104] kvm: vcpu 0: requested lapic timer restore with starting count register 0x390=1812281087 (231971979136 ns) > initial count (200000 ns). Using initial count to start timer.
[  218.344368][   T34] usb 5-1: unable to get BOS descriptor or descriptor too short
[  218.358036][   T34] usb 5-1: unable to read config index 0 descriptor/start: -71
[  218.361029][   T34] usb 5-1: can't read configurations, error -71
[  218.747868][ T8112] kAFS: unable to lookup cell '(,c��L'
[  218.761977][ T8112] wg2 speed is unknown, defaulting to 1000
[  219.605463][ T5748] usb 8-1: new full-speed USB device number 11 using dummy_hcd
[  220.285882][ T5748] usb 8-1: config 5 has an invalid descriptor of length 0, skipping remainder of the config
[  220.290838][ T5748] usb 8-1: config 5 has 0 interfaces, different from the descriptor's value: 1
[  220.298068][ T5748] usb 8-1: New USB device found, idVendor=3923, idProduct=718a, bcdDevice=d8.d7
[  220.301496][ T5748] usb 8-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  220.304481][ T5748] usb 8-1: Product: syz
[  220.306639][ T5748] usb 8-1: Manufacturer: syz
[  220.308736][ T5748] usb 8-1: SerialNumber: syz
[  220.805074][ T6083] usb 6-1: new high-speed USB device number 17 using dummy_hcd
[  220.947423][ T8150] kvm: vcpu 0: requested lapic timer restore with starting count register 0x390=1812281087 (231971979136 ns) > initial count (200000 ns). Using initial count to start timer.
[  220.965420][ T6083] usb 6-1: Using ep0 maxpacket: 32
[  222.381085][ T5748] usb 8-1: USB disconnect, device number 11
[  222.681645][ T8174] netlink: 12 bytes leftover after parsing attributes in process `syz.3.586'.
[  223.525807][ T6083] usb 6-1: unable to get BOS descriptor or descriptor too short
[  223.535922][ T6083] usb 6-1: unable to read config index 0 descriptor/start: -71
[  223.538937][ T6083] usb 6-1: can't read configurations, error -71
[  224.131020][ T8210] syzkaller0: entered promiscuous mode
[  224.133120][ T8210] syzkaller0: entered allmulticast mode
[  224.894962][ T6083] usb 8-1: new high-speed USB device number 12 using dummy_hcd
[  225.064924][ T6083] usb 8-1: Using ep0 maxpacket: 8
[  225.069875][ T6083] usb 8-1: config 0 has an invalid interface number: 55 but max is 0
[  225.074050][ T6083] usb 8-1: config 0 has no interface number 0
[  225.077533][ T6083] usb 8-1: config 0 interface 55 altsetting 0 has an invalid descriptor for endpoint zero, skipping
[  225.082307][ T6083] usb 8-1: config 0 interface 55 altsetting 0 has an endpoint descriptor with address 0xAB, changing to 0x8B
[  225.089918][ T6083] usb 8-1: config 0 interface 55 altsetting 0 endpoint 0x8B has an invalid bInterval 0, changing to 7
[  225.094605][ T6083] usb 8-1: config 0 interface 55 altsetting 0 has 3 endpoint descriptors, different from the interface descriptor's value: 2
[  225.100700][ T6083] usb 8-1: New USB device found, idVendor=0f11, idProduct=1080, bcdDevice=fc.6a
[  225.105326][ T6083] usb 8-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  225.153484][ T6083] usb 8-1: config 0 descriptor??
[  225.167833][ T6083] ldusb 8-1:0.55: LD USB Device #0 now attached to major 180 minor 0
[  225.748429][ T8222] fuse: fd is not a fuse device
[  226.459857][ T8247] netlink: 36 bytes leftover after parsing attributes in process `syz.2.601'.
[  227.233636][ T8254] kvm: vcpu 0: requested lapic timer restore with starting count register 0x390=1812281087 (231971979136 ns) > initial count (200000 ns). Using initial count to start timer.
[  227.444135][ T8261] syzkaller0: entered promiscuous mode
[  227.448050][ T8261] syzkaller0: entered allmulticast mode
[  227.688097][ T5748] usb 8-1: USB disconnect, device number 12
[  227.707499][ T5748] ldusb 8-1:0.55: LD USB Device #0 now disconnected
[  228.034841][ T5790] usb 6-1: new high-speed USB device number 19 using dummy_hcd
[  228.185015][ T5790] usb 6-1: Using ep0 maxpacket: 32
[  228.188688][ T5790] usb 6-1: New USB device found, idVendor=0b89, idProduct=0007, bcdDevice=ef.64
[  228.191764][ T5790] usb 6-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  228.197028][ T5790] usb 6-1: config 0 descriptor??
[  228.215797][ T5790] as10x_usb: device has been detected
[  228.221280][ T5790] dvbdev: DVB: registering new adapter (nBox DVB-T Dongle)
[  228.237257][ T5790] usb 6-1: DVB: registering adapter 1 frontend 0 (nBox DVB-T Dongle)...
[  228.268078][ T5790] as10x_usb: error during firmware upload part1
[  228.271498][ T5790] Registered device nBox DVB-T Dongle
[  228.495422][ T5790] usb 6-1: USB disconnect, device number 19
[  228.531294][ T5790] Unregistered device nBox DVB-T Dongle
[  228.535040][ T5790] as10x_usb: device has been disconnected
[  229.230162][ T8283] netlink: 36 bytes leftover after parsing attributes in process `syz.2.612'.
[  229.341480][ T7889] netdevsim netdevsim1 netdevsim3 (unregistering): unset [0, 0] type 1 family 0 port 8472 - 0
[  229.346302][ T7889] netdevsim netdevsim1 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  229.434620][ T7889] netdevsim netdevsim1 netdevsim2 (unregistering): unset [0, 0] type 1 family 0 port 8472 - 0
[  229.438302][ T7889] netdevsim netdevsim1 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  229.538587][ T7889] netdevsim netdevsim1 netdevsim1 (unregistering): unset [0, 0] type 1 family 0 port 8472 - 0
[  229.543118][ T7889] netdevsim netdevsim1 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  229.611387][ T7889] netdevsim netdevsim1 netdevsim0 (unregistering): unset [0, 0] type 1 family 0 port 8472 - 0
[  229.618492][ T7889] netdevsim netdevsim1 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  229.880250][ T7889] bridge_slave_1: left allmulticast mode
[  229.887125][ T7889] bridge_slave_1: left promiscuous mode
[  229.892138][ T7889] bridge0: port 2(bridge_slave_1) entered disabled state
[  229.902231][ T7889] bridge_slave_0: left allmulticast mode
[  229.904166][ T7889] bridge_slave_0: left promiscuous mode
[  229.906867][ T7889] bridge0: port 1(bridge_slave_0) entered disabled state
[  230.184654][ T5753] Bluetooth: hci0: unexpected cc 0x0c03 length: 249 > 1
[  230.194922][ T5753] Bluetooth: hci0: unexpected cc 0x1003 length: 249 > 9
[  230.199522][ T5753] Bluetooth: hci0: unexpected cc 0x1001 length: 249 > 9
[  230.206506][ T5753] Bluetooth: hci0: unexpected cc 0x0c23 length: 249 > 4
[  230.210386][ T5753] Bluetooth: hci0: unexpected cc 0x0c38 length: 249 > 2
[  230.235197][ T7889] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface
[  230.242514][ T7889] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface
[  230.250208][ T7889] bond0 (unregistering): Released all slaves
[  230.258254][ T5451] 8021q: adding VLAN 0 to HW filter on device eth2
[  230.335678][ T5790] usb 8-1: new full-speed USB device number 13 using dummy_hcd
[  230.439408][ T5451] 8021q: adding VLAN 0 to HW filter on device eth3
[  230.493799][ T8312] netlink: 52 bytes leftover after parsing attributes in process `syz.0.617'.
[  230.519532][ T8296] wg2 speed is unknown, defaulting to 1000
[  230.800784][ T5451] 8021q: adding VLAN 0 to HW filter on device eth4
[  231.025139][ T5790] usb 8-1: config 5 has an invalid descriptor of length 0, skipping remainder of the config
[  231.131708][ T5451] 8021q: adding VLAN 0 to HW filter on device eth5
[  231.155571][ T7889] hsr_slave_0: left promiscuous mode
[  231.158559][ T7889] hsr_slave_1: left promiscuous mode
[  231.161217][ T7889] batman_adv: batadv0: Interface deactivated: batadv_slave_0
[  231.163949][ T7889] batman_adv: batadv0: Removing interface: batadv_slave_0
[  231.191067][ T7889] batman_adv: batadv0: Interface deactivated: batadv_slave_1
[  231.194807][ T7889] batman_adv: batadv0: Removing interface: batadv_slave_1
[  231.207422][ T5790] usb 8-1: config 5 has 0 interfaces, different from the descriptor's value: 1
[  231.215517][ T5790] usb 8-1: New USB device found, idVendor=3923, idProduct=718a, bcdDevice=d8.d7
[  231.219220][ T5790] usb 8-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  231.221808][ T5790] usb 8-1: Product: syz
[  231.223164][ T5790] usb 8-1: Manufacturer: syz
[  231.224805][ T5790] usb 8-1: SerialNumber: syz
[  231.229597][ T8332] fuse: Unknown parameter 'fd�0x0000000000000003'
[  231.249764][ T7889] veth1_macvtap: left promiscuous mode
[  231.253717][ T7889] veth0_macvtap: left promiscuous mode
[  231.256566][ T7889] veth1_vlan: left promiscuous mode
[  231.266721][ T7889] veth0_vlan: left promiscuous mode
[  231.373715][ T8335] fuse: Unknown parameter 'fd�0x0000000000000003'
[  231.614236][ T7889] team0 (unregistering): Port device team_slave_1 removed
[  231.679626][ T7889] team0 (unregistering): Port device team_slave_0 removed
[  232.304951][ T5753] Bluetooth: hci0: command tx timeout
[  232.927989][ T8296] bridge0: port 1(bridge_slave_0) entered blocking state
[  232.931568][ T8296] bridge0: port 1(bridge_slave_0) entered disabled state
[  232.935373][ T8296] bridge_slave_0: entered allmulticast mode
[  232.939817][ T8296] bridge_slave_0: entered promiscuous mode
[  232.945457][ T8296] bridge0: port 2(bridge_slave_1) entered blocking state
[  232.949055][ T8296] bridge0: port 2(bridge_slave_1) entered disabled state
[  232.953364][ T8296] bridge_slave_1: entered allmulticast mode
[  232.958366][ T8296] bridge_slave_1: entered promiscuous mode
[  233.000278][ T8296] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link
[  233.012631][ T8296] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link
[  233.095986][ T8296] team0: Port device team_slave_0 added
[  233.143252][ T8296] team0: Port device team_slave_1 added
[  233.203174][ T8296] batman_adv: batadv0: Adding interface: batadv_slave_0
[  233.206165][ T8296] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1532 would solve the problem.
[  233.218053][ T8296] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active
[  233.223734][ T8296] batman_adv: batadv0: Adding interface: batadv_slave_1
[  233.226886][ T8296] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1532 would solve the problem.
[  233.237314][ T8296] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active
[  233.277720][ T8296] hsr_slave_0: entered promiscuous mode
[  233.285932][ T8296] hsr_slave_1: entered promiscuous mode
[  233.467817][ T8296] netdevsim netdevsim4 netdevsim0: renamed from eth0
[  233.675887][ T5790] usb 8-1: USB disconnect, device number 13
[  233.713588][ T8296] 8021q: adding VLAN 0 to HW filter on device netdevsim0
[  233.732415][ T8296] netdevsim netdevsim4 netdevsim1: renamed from eth1
[  233.778620][ T8296] 8021q: adding VLAN 0 to HW filter on device netdevsim1
[  233.794322][ T8296] netdevsim netdevsim4 netdevsim2: renamed from eth2
[  233.846577][ T8296] 8021q: adding VLAN 0 to HW filter on device netdevsim2
[  233.854630][ T8361] kvm: vcpu 0: requested lapic timer restore with starting count register 0x390=1812281087 (231971979136 ns) > initial count (200000 ns). Using initial count to start timer.
[  233.904705][ T8296] netdevsim netdevsim4 netdevsim3: renamed from eth3
[  233.926636][ T8296] 8021q: adding VLAN 0 to HW filter on device netdevsim3
[  234.364840][ T5753] Bluetooth: hci0: command tx timeout
[  234.657044][ T8296] 8021q: adding VLAN 0 to HW filter on device bond0
[  234.681995][ T8296] 8021q: adding VLAN 0 to HW filter on device team0
[  234.689778][ T1212] bridge0: port 1(bridge_slave_0) entered blocking state
[  234.692521][ T1212] bridge0: port 1(bridge_slave_0) entered forwarding state
[  234.701100][   T59] bridge0: port 2(bridge_slave_1) entered blocking state
[  234.703732][   T59] bridge0: port 2(bridge_slave_1) entered forwarding state
[  235.310677][ T8296] 8021q: adding VLAN 0 to HW filter on device batadv0
[  235.537895][ T8296] veth0_vlan: entered promiscuous mode
[  235.545486][ T8296] veth1_vlan: entered promiscuous mode
[  235.571924][ T8296] veth0_macvtap: entered promiscuous mode
[  235.580616][ T8296] veth1_macvtap: entered promiscuous mode
[  235.602144][ T8296] batman_adv: batadv0: Interface activated: batadv_slave_0
[  235.611751][ T8296] batman_adv: batadv0: Interface activated: batadv_slave_1
[  235.620598][   T59] netdevsim netdevsim4 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0
[  235.628332][   T59] netdevsim netdevsim4 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0
[  235.642654][   T59] netdevsim netdevsim4 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0
[  235.651389][   T59] netdevsim netdevsim4 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0
[  235.909811][   T12] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[  235.916636][   T12] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50
[  235.973085][ T1212] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[  235.977081][ T1212] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50
[  236.146639][ T8412] capability: warning: `syz.3.627' uses 32-bit capabilities (legacy support in use)
[  236.195267][ T8415] netlink: 16 bytes leftover after parsing attributes in process `syz.4.614'.
[  236.423425][ T8417] sg_write: data in/out 39036/14 bytes for SCSI command 0x0-- guessing data in;
[  236.423425][ T8417]    program syz.0.628 not setting count and/or reply_len properly
[  236.445041][ T5753] Bluetooth: hci0: command tx timeout
[  236.445065][ T5790] usb 9-1: new high-speed USB device number 2 using dummy_hcd
[  236.594909][ T5790] usb 9-1: Using ep0 maxpacket: 8
[  236.601389][ T8419] netlink: 4 bytes leftover after parsing attributes in process `syz.2.629'.
[  236.601547][ T5790] usb 9-1: config 0 interface 0 altsetting 254 endpoint 0x81 has an invalid bInterval 0, changing to 7
[  236.608634][ T5790] usb 9-1: config 0 interface 0 altsetting 254 endpoint 0x81 has invalid wMaxPacketSize 0
[  236.619188][ T5790] usb 9-1: config 0 interface 0 has no altsetting 0
[  236.622025][ T5790] usb 9-1: New USB device found, idVendor=04d8, idProduct=00dd, bcdDevice= 0.00
[  236.626816][ T5790] usb 9-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  236.632474][ T5790] usb 9-1: config 0 descriptor??
[  237.055830][ T5790] mcp2221 0003:04D8:00DD.0009: unknown main item tag 0x0
[  237.061798][ T5790] mcp2221 0003:04D8:00DD.0009: unknown main item tag 0x0
[  237.065820][ T5790] mcp2221 0003:04D8:00DD.0009: unknown main item tag 0x0
[  237.069492][ T5790] mcp2221 0003:04D8:00DD.0009: unknown main item tag 0x0
[  237.074306][ T5790] mcp2221 0003:04D8:00DD.0009: unknown main item tag 0x0
[  237.078375][ T5790] mcp2221 0003:04D8:00DD.0009: USB HID vff.ff Device [HID 04d8:00dd] on usb-dummy_hcd.4-1/input0
[  237.413224][ T8430] tipc: Started in network mode
[  237.416284][ T8430] tipc: Node identity ac14140f, cluster identity 4711
[  237.427235][ T8430] tipc: New replicast peer: 172.30.0.1
[  237.430707][ T8430] tipc: Enabled bearer <udp:syz2>, priority 10
[  237.437782][ T8430] netlink: 12 bytes leftover after parsing attributes in process `syz.0.631'.
[  237.441000][ T8430] tipc: Disabling bearer <udp:syz2>
[  237.592996][ T8433] netlink: 36 bytes leftover after parsing attributes in process `syz.0.632'.
[  238.152580][ T8438] Bluetooth: hci3: Opcode 0x0c1a failed: -4
[  238.156126][ T8438] Bluetooth: hci3: Error when powering off device on rfkill (-4)
[  238.168805][ T8441] Bluetooth: hci0: Opcode 0x0c1a failed: -4
[  238.175622][ T8441] Bluetooth: hci0: Opcode 0x0406 failed: -4
[  238.206357][ T8441] Bluetooth: hci0: Opcode 0x0406 failed: -4
[  238.336810][ T5790] usb 9-1: reset high-speed USB device number 2 using dummy_hcd
[  238.378243][ T8438] Bluetooth: hci0: Opcode 0x0c1a failed: -4
[  238.381441][ T8438] Bluetooth: hci0: Error when powering off device on rfkill (-4)
[  238.539098][ T8463] netlink: 52 bytes leftover after parsing attributes in process `syz.2.636'.
[  239.725449][ T8505] kAFS: unable to lookup cell '(,c��L'
[  239.735082][ T5748] usb 5-1: new high-speed USB device number 21 using dummy_hcd
[  239.789303][ T8505] wg2 speed is unknown, defaulting to 1000
[  240.746318][ T5748] usb 5-1: New USB device found, idVendor=0bda, idProduct=8150, bcdDevice= 0.00
[  240.826984][ T5748] usb 5-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  240.827946][   T34] usb 9-1: USB disconnect, device number 2
[  240.832364][ T5748] usb 5-1: Product: syz
[  240.832382][ T5748] usb 5-1: Manufacturer: syz
[  240.840724][ T5748] usb 5-1: SerialNumber: syz
[  241.694490][ T8512] netlink: 36 bytes leftover after parsing attributes in process `syz.4.643'.
[  241.767183][ T8514] siw: device registration error -23
[  241.816035][ T5317] block nbd1: Possible stuck request ffff88802752e000: control (read@0,1024B). Runtime 30 seconds
[  241.827488][ T8515] Oops: general protection fault, probably for non-canonical address 0xdffffc000000000d: 0000 [#1] SMP KASAN NOPTI
[  241.832346][ T8515] KASAN: null-ptr-deref in range [0x0000000000000068-0x000000000000006f]
[  241.836761][ T8515] CPU: 0 UID: 0 PID: 8515 Comm: syz.2.642 Tainted: G             L      syzkaller #0 PREEMPT(full) 
[  241.841583][ T8515] Tainted: [L]=SOFTLOCKUP
[  241.843442][ T8515] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014
[  241.847654][ T8515] RIP: 0010:kernel_sock_shutdown+0x47/0x70
[  241.850049][ T8515] Code: fc ff df 48 89 fa 48 c1 ea 03 80 3c 02 00 75 33 48 b8 00 00 00 00 00 fc ff df 4c 8b 63 20 49 8d 7c 24 68 48 89 fa 48 c1 ea 03 <80> 3c 02 00 75 1a 49 8b 44 24 68 89 ee 48 89 df 5b 5d 41 5c e9 cc
[  241.859169][ T8515] RSP: 0018:ffffc900045f7170 EFLAGS: 00010202
[  241.861752][ T8515] RAX: dffffc0000000000 RBX: ffff888000859240 RCX: 0000000000000000
[  241.865092][ T8515] RDX: 000000000000000d RSI: ffffffff8952e692 RDI: 0000000000000068
[  241.868399][ T8515] RBP: 0000000000000002 R08: 0000000000000000 R09: fffffbfff21afb8a
[  241.871956][ T8515] R10: ffffffff90d7dc57 R11: 0000000000000000 R12: 0000000000000000
[  241.874982][ T5317] block nbd1: Possible stuck request ffff88802752e1c0: control (read@1024,1024B). Runtime 30 seconds
[  241.875593][ T8515] R13: ffff88805be1cd80 R14: 0000000000000002 R15: 0000000000000018
[  241.880489][ T5317] block nbd1: Possible stuck request ffff88802752e380: control (read@2048,1024B). Runtime 30 seconds
[  241.883691][ T8515] FS:  0000000000000000(0000) GS:ffff888097177000(0063) knlGS:00000000f53b5b40
[  241.888442][ T5317] block nbd1: Possible stuck request ffff88802752e540: control (read@3072,1024B). Runtime 30 seconds
[  241.892497][ T8515] CS:  0010 DS: 002b ES: 002b CR0: 0000000080050033
[  241.899955][ T8515] CR2: 00000000f7217810 CR3: 0000000027f7f000 CR4: 0000000000352ef0
[  241.903372][ T8515] Call Trace:
[  241.905014][ T8515]  <TASK>
[  241.906512][ T8515]  ? __pfx_rxe_ns_pernet_set_sk4+0x10/0x10
[  241.909437][ T8515]  udp_tunnel_sock_release+0x68/0x80
[  241.911556][ T8515]  rxe_sock_put+0xae/0x130
[  241.913566][ T8515]  ? __pfx_rxe_dellink+0x10/0x10
[  241.915771][ T8515]  rxe_net_del+0x83/0x120
[  241.917702][ T8515]  rxe_dellink+0x15/0x20
[  241.919859][ T8515]  nldev_dellink+0x289/0x3c0
[  241.922299][ T8515]  ? __pfx_nldev_dellink+0x10/0x10
[  241.924902][ T8515]  ? rcu_is_watching+0x12/0xc0
[  241.927145][ T8515]  ? apparmor_capable+0x1d7/0x4d0
[  241.929408][ T8515]  ? bpf_lsm_capable+0x9/0x10
[  241.931409][ T8515]  ? security_capable+0x80/0x260
[  241.933536][ T8515]  ? ns_capable+0xd2/0xf0
[  241.935389][ T8515]  ? __pfx_nldev_dellink+0x10/0x10
[  241.937525][ T8515]  rdma_nl_rcv_msg+0x392/0x6f0
[  241.939588][ T8515]  ? __pfx_rdma_nl_rcv_msg+0x10/0x10
[  241.942066][ T8515]  ? __lock_acquire+0x4a5/0x2630
[  241.944609][ T8515]  rdma_nl_rcv_skb.constprop.0.isra.0+0x2cb/0x410
[  241.947502][ T8515]  ? __pfx_rdma_nl_rcv_skb.constprop.0.isra.0+0x10/0x10
[  241.950370][ T8515]  ? netlink_deliver_tap+0x1ae/0xcc0
[  241.952712][ T8515]  netlink_unicast+0x585/0x850
[  241.954901][ T8515]  ? __pfx_netlink_unicast+0x10/0x10
[  241.957568][ T8515]  netlink_sendmsg+0x8b0/0xda0
[  241.959869][ T8515]  ? __pfx_netlink_sendmsg+0x10/0x10
[  241.962031][ T8515]  ? aa_sock_msg_perm.isra.0+0x100/0x1b0
[  241.964355][ T8515]  ____sys_sendmsg+0x9e1/0xb70
[  241.966361][ T8515]  ? __pfx_netlink_sendmsg+0x10/0x10
[  241.968628][ T8515]  ? __pfx_____sys_sendmsg+0x10/0x10
[  241.970759][ T8515]  ? __pfx___futex_wait+0x10/0x10
[  241.972778][ T8515]  ? __pfx_futex_wake_mark+0x10/0x10
[  241.975331][ T8515]  ___sys_sendmsg+0x190/0x1e0
[  241.978055][ T8515]  ? __pfx____sys_sendmsg+0x10/0x10
[  241.980703][ T8515]  ? find_held_lock+0x2b/0x80
[  241.982938][ T8515]  __sys_sendmsg+0x170/0x220
[  241.984917][ T8515]  ? __pfx___sys_sendmsg+0x10/0x10
[  241.987114][ T8515]  ? rcu_is_watching+0x12/0xc0
[  241.989176][ T8515]  __do_fast_syscall_32+0xe7/0x950
[  241.991412][ T8515]  do_fast_syscall_32+0x32/0x70
[  241.993480][ T8515]  entry_SYSENTER_compat_after_hwframe+0x84/0x8e
[  241.996172][ T8515] RIP: 0023:0xf7f14fcc
[  241.998137][ T8515] Code: d2 74 05 c1 e8 0c 89 02 8b 5d fc 31 c0 c9 c3 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 0f 1f 00 51 52 55 89 e5 0f 34 cd 80 <5d> 5a 59 c3 90 2e 8d b4 26 00 00 00 00 8d b4 26 00 00 00 00 58 b8
[  242.007095][ T8515] RSP: 002b:00000000f53b550c EFLAGS: 00000292 ORIG_RAX: 0000000000000172
[  242.010931][ T8515] RAX: ffffffffffffffda RBX: 000000000000000a RCX: 00000000800002c0
[  242.014634][ T8515] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000000000000
[  242.018032][ T8515] RBP: 0000000000000000 R08: 0000000000000000 R09: 0000000000000000
[  242.021354][ T8515] R10: 0000000000000000 R11: 0000000000000292 R12: 0000000000000000
[  242.024662][ T8515] R13: 0000000000000000 R14: 0000000000000000 R15: 0000000000000000
[  242.028379][ T8515]  </TASK>
[  242.029828][ T8515] Modules linked in:
[  242.031914][ T8515] ---[ end trace 0000000000000000 ]---
SYZFAIL: failed to recv rpc
fd=3 want=4 recv=0 n=0 (errno 9: Bad file descriptor)
[  242.040848][ T5748] rtl8150 5-1:1.0: couldn't reset the device
[  242.045176][ T5748] rtl8150 5-1:1.0: probe with driver rtl8150 failed with error -5
[  242.048535][ T8515] RIP: 0010:kernel_sock_shutdown+0x47/0x70
[  242.059826][ T5748] usb 5-1: USB disconnect, device number 21
[  242.088060][ T8515] Code: fc ff df 48 89 fa 48 c1 ea 03 80 3c 02 00 75 33 48 b8 00 00 00 00 00 fc ff df 4c 8b 63 20 49 8d 7c 24 68 48 89 fa 48 c1 ea 03 <80> 3c 02 00 75 1a 49 8b 44 24 68 89 ee 48 89 df 5b 5d 41 5c e9 cc
[  242.098928][ T8515] RSP: 0018:ffffc900045f7170 EFLAGS: 00010202
[  242.101024][ T8515] RAX: dffffc0000000000 RBX: ffff888000859240 RCX: 0000000000000000
[  242.103588][ T8515] RDX: 000000000000000d RSI: ffffffff8952e692 RDI: 0000000000000068
[  242.108778][ T8514] smc: removing ib device syz2
[  242.114235][ T8515] RBP: 0000000000000002 R08: 0000000000000000 R09: fffffbfff21afb8a
[  242.116978][ T8515] R10: ffffffff90d7dc57 R11: 0000000000000000 R12: 0000000000000000
[  242.119547][ T8515] R13: ffff88805be1cd80 R14: 0000000000000002 R15: 0000000000000018
[  242.125421][ T8515] FS:  0000000000000000(0000) GS:ffff888097377000(0063) knlGS:00000000f53b5b40
[  242.129219][ T8515] CS:  0010 DS: 002b ES: 002b CR0: 0000000080050033
[  242.132602][ T8515] CR2: 00007fd3be6d76b0 CR3: 0000000027f7f000 CR4: 0000000000352ef0
[  242.135494][ T8514] smbdirect: ib_dev[syz2] removed
[  242.140030][ T8515] Kernel panic - not syncing: Fatal exception
[  242.143418][ T8515] Kernel Offset: disabled
[  242.144988][ T8515] Rebooting in 86400 seconds..