last executing test programs:

11.862948027s ago: executing program 0 (id=234):
r0 = syz_usb_connect$hid(0x0, 0x36, &(0x7f0000000080)={{0x12, 0x1, 0x200, 0x0, 0x0, 0x0, 0x8, 0x56a, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, [{{0x9, 0x2, 0x24, 0x1, 0x0, 0x0, 0x0, 0x0, [{{0x9, 0x4, 0x0, 0x0, 0x1, 0x3, 0x0, 0x0, 0x0, {0x9, 0x21, 0x0, 0x0, 0x1, {0x22, 0xb}}}}]}}]}}, 0x0)
syz_usb_control_io(r0, 0x0, 0x0)
syz_usb_control_io$hid(r0, &(0x7f0000000000)={0x24, 0x0, 0x0, &(0x7f00000000c0)={0x0, 0x22, 0xb, {[@local=@item_4={0x3, 0x2, 0x1}, @main=@item_4={0x3, 0x0, 0x8, "f46f17d0"}, @global=@item_012={0x0, 0x1, 0x1}]}}, 0x0}, 0x0)

10.312923657s ago: executing program 1 (id=241):
r0 = socket$inet6(0xa, 0x2, 0x0)
bind$inet6(r0, &(0x7f00000000c0)={0xa, 0x4e22}, 0x1c)
r1 = socket$inet6(0xa, 0x2, 0x0)
setsockopt$sock_int(r1, 0x1, 0xf, &(0x7f0000000240)=0x9, 0x4)
bind$inet6(r1, &(0x7f0000000040)={0xa, 0xe22, 0x0, @empty}, 0x1c)
r2 = socket$netlink(0x10, 0x3, 0x8000000004)
writev(r2, &(0x7f0000000180)=[{&(0x7f00000001c0)="580000001500add427323b472545b4560a117fffffff81000e220e227f000008925aa80013007b00090080007f000001e809000000ff0000f03ac7100003ffffffffffffffffffffffe7ee000000deff0000000200000000", 0x58}], 0x1)

10.221691312s ago: executing program 1 (id=242):
syz_open_dev$tty1(0xc, 0x4, 0x1)
epoll_create1(0x0)
epoll_create1(0x0)
bpf$MAP_CREATE_RINGBUF(0x0, &(0x7f00000009c0)=ANY=[@ANYBLOB="1b0000000000000000000000000004"], 0x48)
r0 = bpf$MAP_CREATE_RINGBUF(0x0, &(0x7f00000009c0)=ANY=[], 0x48)
bpf$PROG_LOAD(0x5, &(0x7f0000000b00)={0x11, 0xf, &(0x7f0000000340)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32=r0, @ANYBLOB="0000000000000000b702000014000000b7030000000000008500000083000000bf0900000000000055090100000000009500000800000000bf91000000000000b702000043e7b5538500000085000000b70000000000000095"], &(0x7f0000000080)='syzkaller\x00', 0x0, 0x0, 0x0, 0x41100, 0x0, '\x00', 0x0, @fallback=0x26, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x94)
socket$inet6_udplite(0xa, 0x2, 0x88)
unshare(0x60400)
pselect6(0x40, &(0x7f00000001c0)={0x0, 0x0, 0x3, 0xfffffffffffffffd}, 0x0, &(0x7f00000002c0)={0x3ff, 0x0, 0x0, 0x9, 0x0, 0x0, 0x7fffffff}, 0x0, 0x0)

10.147172847s ago: executing program 4 (id=244):
ioctl$KVM_CREATE_VM(0xffffffffffffffff, 0xae01, 0x0)
bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f00000000c0)={0x14, 0x4, &(0x7f0000000240)=ANY=[], &(0x7f0000000080)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x94)
openat$uinput(0xffffffffffffff9c, 0x0, 0x0, 0x0)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000080)=0x8)
getpid()
sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={<r0=>0xffffffffffffffff, <r1=>0xffffffffffffffff})
connect$unix(r0, &(0x7f000057eff8)=@file={0x0, './file0\x00'}, 0x6e)
sendmmsg$unix(r1, &(0x7f0000000000), 0x651, 0x0)
recvmmsg(r0, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
r2 = bpf$MAP_CREATE_RINGBUF(0x0, &(0x7f0000000180)=ANY=[@ANYBLOB="1b0000000000000000000000000004"], 0x48)
r3 = bpf$PROG_LOAD(0x5, &(0x7f0000000580)={0x11, 0xf, &(0x7f0000000200)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32=r2, @ANYBLOB="0000000000000000b702000014000000b7030000000000008500000083000000bf0900000000000055090100000000009500000000000000bf91000000000000b7020000000000008500000085000000b70000000000000095"], &(0x7f0000001dc0)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000540)={&(0x7f0000000080)='sched_switch\x00', r3}, 0x2d)
r4 = socket$can_bcm(0x1d, 0x2, 0x2)
connect$can_bcm(r4, &(0x7f0000000000), 0x10)
setsockopt$SO_TIMESTAMPING(r4, 0x1, 0x25, &(0x7f0000000280)=0xc9, 0x4)
sendmsg$can_bcm(r4, &(0x7f0000000140)={0x0, 0x0, &(0x7f0000000100)={&(0x7f0000000080)=ANY=[@ANYBLOB="0500000003080000", @ANYRES64=0x0, @ANYRES64=0x2710], 0x80}}, 0x0)
recvmmsg(r4, 0x0, 0x0, 0x120, 0x0)
bind$inet(0xffffffffffffffff, &(0x7f0000000000)={0x2, 0x6e24, @empty}, 0x10)

10.031671379s ago: executing program 3 (id=245):
r0 = syz_genetlink_get_family_id$nl80211(&(0x7f0000000580), 0xffffffffffffffff)
bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f00000000c0)={0x8, 0x3, 0x0, 0x0, 0x8, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x94)
sendmsg$nl_route(0xffffffffffffffff, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000040)={&(0x7f0000000080)=ANY=[@ANYBLOB="6000000010", @ANYRES32=0x0, @ANYBLOB="0000000000000000400012800e00010069703665727370616e0000002c0002801400050000000000000000000000000000000001"], 0x60}}, 0x0)
r1 = socket$nl_generic(0x10, 0x3, 0x10)
ioctl$sock_SIOCGIFINDEX_80211(r1, 0x8933, &(0x7f0000000300)={'wlan0\x00', <r2=>0x0})
sendmsg$NL80211_CMD_JOIN_MESH(r1, &(0x7f0000000400)={0x0, 0x0, &(0x7f00000003c0)={&(0x7f0000000080)=ANY=[@ANYBLOB='L\x00\x00\x00', @ANYRES16=r0, @ANYBLOB="010000000000000000004400000008000300", @ANYRES32=r2, @ANYBLOB="08002600851600000a00180000000000000000001c005a8018000180140003"], 0x4c}}, 0x0)

10.010997349s ago: executing program 3 (id=246):
prlimit64(0x0, 0xe, &(0x7f0000000240)={0x8, 0x248}, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000080)=0x7)
r0 = getpid()
sched_setscheduler(r0, 0x2, &(0x7f0000000200)=0x6)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0xffffe000)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f00000001c0)={<r1=>0xffffffffffffffff, <r2=>0xffffffffffffffff})
connect$unix(r1, &(0x7f00000004c0)=@abs={0x0, 0x0, 0x4e21}, 0x6e)
sendmmsg$unix(r2, &(0x7f0000000000), 0x651, 0x0)
recvmmsg(r1, &(0x7f00000000c0), 0x3fffffffffffeda, 0x2, 0x0)
r3 = bpf$MAP_CREATE(0x0, &(0x7f0000000380)=ANY=[@ANYBLOB="1b00000000000000000000000080"], 0x48)
copy_file_range(r3, &(0x7f0000000300)=0x6, r2, 0x0, 0xb, 0x0)
r4 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xf, &(0x7f0000000180)=ANY=[@ANYBLOB="18000000000f0000000000000c00000018110000", @ANYRES32=r3, @ANYBLOB="0000000000000000b702000014000200b7030000000000008500000083000000bf0900000000000055090100000000009500000000000000bf91000000000000b7020000000000008500000084000000b70000000000000095"], &(0x7f0000000200)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000740)={&(0x7f00000006c0)='sched_switch\x00', r4}, 0x10)
r5 = openat$ttyS3(0xffffffffffffff9c, &(0x7f0000000000), 0x2, 0x0)
ioctl$TIOCSTI(r5, 0x5412, 0x0)
r6 = openat$uinput(0xffffffffffffff9c, &(0x7f0000000040), 0x802, 0x0)
ioctl$UI_DEV_CREATE(r6, 0x5501)
read$FUSE(0xffffffffffffffff, 0x0, 0x0)
r7 = openat$vhost_vsock(0xffffffffffffff9c, &(0x7f00000015c0), 0x2, 0x0)
ioctl$VHOST_SET_VRING_BASE(r7, 0xaf01, 0x0)
sendmsg$NFQNL_MSG_CONFIG(0xffffffffffffffff, &(0x7f0000000240)={0x0, 0x0, &(0x7f0000000200)={&(0x7f0000000040)=ANY=[@ANYBLOB="140000fb8ad2f248391a59010d3c120cc8000000"], 0x14}}, 0x0)
sendmsg$NFQNL_MSG_VERDICT_BATCH(0xffffffffffffffff, &(0x7f0000000400)={0x0, 0x0, &(0x7f00000003c0)={&(0x7f0000000440)=ANY=[@ANYBLOB="20000000030301030000000000010000070000000c00020000000000000000095214c7a7623bfde56d9b5010e72223c763b85c10e3267c28f8c630830d795043d200e94fd178"], 0x20}, 0x1, 0x0, 0x0, 0x20004000}, 0x4)
bpf$PROG_LOAD(0x5, &(0x7f0000000ac0)={0x1c, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback=0xb, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x52, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x94)

8.737754544s ago: executing program 1 (id=247):
bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xb, 0x0, 0x0, 0x4, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x94)
syz_open_dev$usbfs(0x0, 0x800000001fe, 0x181002)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000080)=0x8)
sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2)
sched_setscheduler(0x0, 0x2, &(0x7f0000000200)=0x7)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={<r0=>0xffffffffffffffff, <r1=>0xffffffffffffffff})
connect$unix(r0, &(0x7f000057eff8)=@file={0x0, './file0\x00'}, 0x6e)
sendmmsg$unix(r1, &(0x7f0000000000), 0x651, 0x0)
recvmmsg(r0, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
bpf$MAP_CREATE_RINGBUF(0x0, &(0x7f0000000180)={0x1b, 0x0, 0x0, 0x40000, 0x0, 0x0, 0x0, '\x00', 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, @void, @value, @void, @value}, 0x48)
r2 = bpf$PROG_LOAD(0x5, &(0x7f0000000680)={0x11, 0x0, 0x0, &(0x7f0000001dc0)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000540)={&(0x7f0000000080)='sched_switch\x00', r2}, 0x2d)
bpf$PROG_LOAD(0x5, 0x0, 0x0)
bpf$PROG_LOAD(0x5, &(0x7f0000000140)={0x17, 0x3, &(0x7f0000000200)=@framed={{0x85, 0x0, 0x0, 0x0, 0x65, 0x4}}, &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @cgroup_sysctl, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0xa0)

7.438620105s ago: executing program 3 (id=249):
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, 0x0, 0x0)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0xa, 0x8b}, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000080)=0x8)
r0 = getpid()
sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2)
sched_setscheduler(r0, 0x1, &(0x7f0000000200)=0x7)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000180)={<r1=>0xffffffffffffffff, <r2=>0xffffffffffffffff})
connect$unix(r1, &(0x7f0000000400)=@abs={0x0, 0x0, 0x4e24}, 0x6e)
sendmmsg$unix(r2, &(0x7f0000000000), 0x651, 0x0)
recvmmsg(r1, 0x0, 0x0, 0x2, 0x0)
r3 = socket(0x10, 0x3, 0x0)
setsockopt$netlink_NETLINK_TX_RING(r3, 0x10e, 0xc, &(0x7f0000000040)={0x5}, 0x10)
sendmsg$nl_route(r3, &(0x7f0000000380)={0x0, 0x0, &(0x7f0000000140)={&(0x7f00000000c0)=ANY=[@ANYBLOB="2c0000001a00010000000000000000000a0000000000000000000000080010000000000006001500"], 0x2c}}, 0x0)
r4 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xb, &(0x7f0000000ac0)=ANY=[@ANYBLOB="1800000000000000000000000000000018010000786c6c2500000000002020207b1af8ff00000000bfa100000000000007010000f8ffffffb702000008000000b7030000fdffffff850000002d00000095"], &(0x7f0000000000)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0xa, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000240)={&(0x7f00000001c0)='mm_page_alloc_extfrag\x00', r4}, 0x18)
inotify_add_watch(0xffffffffffffffff, &(0x7f0000000080)='./file1\x00', 0x42000773)
ftruncate(0xffffffffffffffff, 0x6000000)
sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2)
openat$procfs(0xffffffffffffff9c, &(0x7f0000000040)='/proc/timer_list\x00', 0x0, 0x0)
socket$inet_udp(0x2, 0x2, 0x0)
r5 = socket$nl_route(0x10, 0x3, 0x0)
socket$inet6_udp(0xa, 0x2, 0x0)
sendmsg$nl_route_sched(r5, &(0x7f0000001200)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000080)=@newqdisc={0x38, 0x24, 0x4ee4e6a52ff56541, 0x70bd28, 0x0, {0x0, 0x0, 0x0, 0x0, {}, {0xffff, 0xffff}, {0xd}}, [@qdisc_kind_options=@q_fq={{0x7}, {0xc, 0x2, [@TCA_FQ_FLOW_MAX_RATE={0x8, 0x7, 0x10001}]}}]}, 0x38}}, 0x0)
socket$nl_route(0x10, 0x3, 0x0)

7.126799108s ago: executing program 0 (id=250):
r0 = creat(&(0x7f0000000040)='./file0\x00', 0x81)
close(r0)
syz_open_procfs$pagemap(0x0, &(0x7f0000000840))
mount$9p_fd(0x0, &(0x7f0000000000)='./file0\x00', &(0x7f00000000c0), 0x1000000, &(0x7f0000000080)=ANY=[@ANYBLOB='trans=fd,rfdno=', @ANYRESHEX=r0, @ANYBLOB=',wfdno=', @ANYRESHEX])

6.990902348s ago: executing program 0 (id=251):
prlimit64(0x0, 0xe, &(0x7f0000000140)={0xa, 0x8b}, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000080)=0x8)
r0 = getpid()
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000300))
sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2)
sched_setscheduler(r0, 0x2, &(0x7f0000000200)=0x7)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={<r1=>0xffffffffffffffff, <r2=>0xffffffffffffffff})
connect$unix(r1, &(0x7f0000000180)=@abs, 0x6e)
sendmmsg$unix(r2, &(0x7f0000000000), 0x651, 0x0)
recvmmsg(r1, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
bpf$PROG_LOAD(0x5, 0x0, 0x0)
r3 = socket$unix(0x1, 0x2, 0x0)
bind$unix(r3, &(0x7f0000000100)=@file={0x1, '\xe9\x1fq\x89Y\x1e\x923aK\x00'}, 0x6e)
sendmsg$unix(r3, 0x0, 0x20008840)
recvmmsg(r3, &(0x7f0000000c00), 0x0, 0x1000400000de, 0x0)
ioctl$sock_SIOCETHTOOL(r3, 0x8946, &(0x7f0000000000)={'veth0_to_team\x00', 0x0})
sendto$inet6(0xffffffffffffffff, 0x0, 0x0, 0x24008844, 0x0, 0x0)

5.537484587s ago: executing program 3 (id=253):
r0 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000002180)='blkio.bfq.io_merged\x00', 0x275a, 0x0)
ftruncate(r0, 0xc17a)
mbind(&(0x7f0000000000/0x600000)=nil, 0x600000, 0x2, &(0x7f0000000080)=0x9, 0x5, 0x0)
mbind(&(0x7f00005f7000/0x2000)=nil, 0x2000, 0x0, 0x0, 0x0, 0x0)
mremap(&(0x7f000008f000/0x2000)=nil, 0x2000, 0x1000, 0x3, &(0x7f0000486000/0x1000)=nil)

5.230662846s ago: executing program 2 (id=254):
mq_open(&(0x7f0000001500)='eth0\x00#\x13\xaeu\xe0\xfbu0*\xf3\x11i\xdd\xd9\xc6\x87\xde\xbf_\xa0\xf6\xdfk\xbf.\"\xa6\xc0#p\xcd\x1c/\xa6\xf2\xbcyL\x85a\xb5\xbb~+>\xbc\x93\xf8\xab\x9a3\x85l\x1d\x15\x11\x1a{@!2\xb6!\xae\xf79k\x90\x88\v8I$\xfdQ\x1d\x90=r\xd8\xc0\xd8\t/\x8dv\xd3\xa7\xd8J\xfd\x94#KT\xdd\x14\xd3\xe1\xbe_$A=z\xee\xbd/X\xbemOX)s\x94\xde\xbe_\x88N\xb8\xde\xeb)\xcd\xc56m\n\v\x01\xbe\xeb\xbb\x91\x11z\xc2|d\x1b\x04\xd2\xf9yx\xb2\x1b\bLTrw\x88|0\t\xc6\xe2\x9c\xed\\\xd8[\xc8\x04 \xf3\xac]V\x1d:\xfc\xc3\x9e\x02\ax\xef\xfe\x1c.TT\xcf\xbf\xf5\x80a%\xdcQ\xb3CuT\xcc\x02\xea\x91\xe8\xd8\x01YZy\xe6!\x89\x9c\xd1\xa6\x167\x8avs\xb2\a\xfe\xb3j*\xad\x18I\xcc\xe9\xaa{]\xef\xb7\xf2\xee*\xf95\bJt\xd0s\xc4\xaa\xc8\x13~\xb2\xf20\xbdf\xdb\xaeG\xe3\xfb\xef\x94\xef:Q\x1b\xe3\xa3\xa4}\xef`e\xcdL\xab\xdb\r\xf2y\x9fg1\xf4\t\x18i/!\x13\xf1,\x8cu\xaa\xbf~)\x94\x1b2\x93\x86\xe7\x9a\xf2j\xa8\x96\xa6\xa2\xfcN\x81\xafTh\xb3\x1bo:\xe8\vq7S\xe4H\xf3L\xa0\x9c\x97B\x12\x10\x9d\xaa\x7fq\x06\xb9(\xf6\x1c\x83\xb1[\x84\x10aF\x9b\xda\xeb\xc4*\x02q\xb2\x92\x00\x8cv\xac AN\xb9\xaa\xe0\x9d\x97Te\x81\x98L\xfe\x97+u\xd3^\xb1\xf0\xe0\x1f\xbd\a\xbb\xe5\x18\x9ds\x12ha\x00\xeb\x84\x99\xc6\x0f\xf1\xd5LD\xa87\xa0DQ\x8a2\x16!8,\xbc%$\xf1\xf2\xd6\x9cy\xecK\xda\xc5\xdc\xfa\xdd\xf6\b\xc6\xb4\x14\x16\x9c\x7f\x92\x85\xb0\xa2%:\xf0\xf4\x150\x0f\xb4\xa6d\xb4\xe4L\x19W\xd5\x90\xf7l\x1b\xfe\xde\vh\x97=\b\x00.\xac\vh\xfe\x84Q}\x838/\x83\xebP\xbe\xd6+:\xceE\\\x95\xd4\xac\x92\x87\xd7\x98\x97\xe3\xec\xad\xd5\xac\x80C\x84R\x88r^g\xbaQ(\x9a>\xe2\xba\xa8=\x17\f04\x8f\x1f\xf2\x88*@v\xe7\xd1\xee\xb3\xc2\x8dT\xda\x81g\xd9\x1a:hzW6s)x\x06\xae\x11\xf2\x1e\xcd\v\xe5L\x19\x96s\xbc\x9e\xf4\x10$\r\xa4\xd8\xa2\xa2\xfcM\xc5R3~$\xc0\xa5n\x9a W\xb1e\xcc<$\xdf\x15\f]\x15\xf5#G\xce\xaf\x88U\xfa\x80\xf24\xf6\xb5\xef\xe2z\xcf\x9eN\x92\xac\x81{\xe6\xbd\xd7\x16\xe6F\xe2\x9e\x91%\x94\v\xb9\xdc\xd6\x87\x8f\xcd\xc1\xb05\x81\x81\xf8\xe9X\xe8Kt9@\xf4\xe1\xa6=\xc9\xe1:p4\nP[f\x1d\xfd\xfa\x839\x8d\x0e\xd1\xf9\xa0\xd2^E\xe5\xedo.\xaa\xf2\xb4\xcdn\x14\f\xcd\x83_yk\xda\xc5\x89\xf0Z\xea\x1d\xbd\xc00\v\xa3\xb3\xbe\xe6\x8b\x18/\xa8\xaaY\xf2\x89\x0f\x9enOOr\x00\xb2\x01\x1f:Z\xb8\xee;\xe3;\x8aPV\xce\xee\xf8[\x16\n\xe6:z\xb8\x1dvk\a{\xc1\x14\xd9+\xdb\t\x11\x90y\xe8\\\xe6\xfc\xca\xb4\xcbC\xd6\xd0\xbeC\xce\xc0L\xdb\xcd\xb3\x907c\xb4\xa6\xce\xdb[\xce\x122N\xa3\xc7Q<\x1a\xa5\xb3)\xc5\x98\x84\x8a\x82\x19\xb0\t\xac\x10\\\x8c\xbe\xcb\raIYe[\xa8\xc4\xac\x0e\xbb\x0f\b^\xdag\xe2\xa9\"\xf5h\'\xcf\xd9\x1b\xef\xe3\xe7y\x82\x1e\xca\x7f\x02 \xcf\x9e\xe0\xd9TM\xb9\n\xa9\xad3\x91\xa5\xe6!\xcd\xa2\xa4\x14\x12\xf9\xbf\xa8b\xcec:\xd7\'\f\f\x957\xc9}\r\xa6\xaa\x0f\xca\x96\xeb', 0x42, 0x185, 0x0)
r0 = openat$rdma_cm(0xffffffffffffff9c, &(0x7f00000001c0), 0x2, 0x0)
write$RDMA_USER_CM_CMD_CREATE_ID(r0, &(0x7f0000000480)={0x0, 0x18, 0xfa00, {0x0, &(0x7f00000002c0)={<r1=>0xffffffffffffffff}, 0x13f}}, 0x20)
mmap(&(0x7f0000ffb000/0x3000)=nil, 0x3000, 0x0, 0x110, 0xffffffffffffffff, 0x45ff0000)
write$RDMA_USER_CM_CMD_RESOLVE_IP(r0, &(0x7f0000000100)={0x3, 0x40, 0xfa00, {{0x2, 0x4e21, 0x0, @rand_addr=' \x01\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x01'}, {0xa, 0x0, 0x0, @mcast2}, r1}}, 0x48)
r2 = openat$rdma_cm(0xffffffffffffff9c, &(0x7f0000000540), 0x2, 0x0)
write$RDMA_USER_CM_CMD_CREATE_ID(r2, &(0x7f0000000480)={0x0, 0x18, 0xfa00, {0x0, &(0x7f00000002c0)={<r3=>0xffffffffffffffff}, 0x13f}}, 0x20)
write$RDMA_USER_CM_CMD_RESOLVE_IP(r2, &(0x7f0000000100)={0x3, 0x40, 0xfa00, {{0xa, 0x4e21, 0xffffffff, @loopback}, {0xa, 0x0, 0x0, @remote}, r3}}, 0x48)
close(0x4)

5.101897362s ago: executing program 3 (id=255):
r0 = bpf$MAP_CREATE(0x0, &(0x7f00000009c0)=ANY=[@ANYBLOB="0200000004000000080000000c"], 0x48)
r1 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xd, &(0x7f0000000300)=ANY=[@ANYBLOB="18010000000000000000000000080021850000006d00000018110000", @ANYRES32=r0, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b7"], &(0x7f0000000040)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback=0x29, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f00000001c0)={&(0x7f0000000180)='kfree\x00', r1}, 0x10)
r2 = syz_usb_connect$hid(0x0, 0x36, &(0x7f0000000080)=ANY=[@ANYBLOB="1201000000000020bd28940000000000000109022400010000000009040100010300000009210000000122070009058103"], 0x0)
syz_usb_control_io(r2, 0x0, 0x0)
syz_usb_control_io$cdc_ecm(r2, &(0x7f0000000500)={0x14, &(0x7f00000001c0)={0x40, 0x23, 0x7, {0x7, 0x31, "edff017fdc"}}, 0x0}, 0x0)
r3 = creat(&(0x7f00000001c0)='./file0\x00', 0x8)
close(r3)
syz_usb_control_io$hid(r2, &(0x7f0000000180)={0x24, 0x0, &(0x7f0000000540)={0x0, 0x3, 0x4, @lang_id={0x4, 0x3, 0x42d}}, 0x0, 0x0}, 0x0)

5.026877174s ago: executing program 2 (id=256):
prlimit64(0x0, 0xc, &(0x7f0000000140)={0x8, 0x93}, 0x0)
write$UHID_INPUT(0xffffffffffffffff, 0x0, 0x0)
syz_usb_connect$cdc_ncm(0x4, 0x6e, &(0x7f0000000040)=ANY=[], 0x0)
syz_usb_connect(0x5, 0x64, &(0x7f0000000000)=ANY=[@ANYBLOB="12010000cb8be7406d04230807000102030109025200010000000009044000000e0100390a240108000b020102082407010500070e11240606060509000600040007000300390c2402050302060254df000a09"], 0x0)
r0 = syz_open_dev$vim2m(&(0x7f0000000000), 0x800, 0x2)
ioctl$vim2m_VIDIOC_S_CTRL(r0, 0xc008561c, &(0x7f0000000040)={0xf0f022})
r1 = syz_open_dev$video(&(0x7f0000000440), 0x8, 0x0)
pselect6(0x40, &(0x7f0000000400), &(0x7f0000000000)={0x1f}, 0x0, 0x0, 0x0)
ioctl$VIDIOC_S_SELECTION(r1, 0xc040565f, &(0x7f0000000940)={0xa, 0x100, 0x3, {0x8000, 0x1000, 0x4, 0x2}})
socket$inet6_tcp(0xa, 0x1, 0x0)
r2 = syz_init_net_socket$bt_hci(0x1f, 0x3, 0x1)
ioctl$sock_bt_hci(r2, 0x800448d2, &(0x7f0000000100))

4.76546093s ago: executing program 4 (id=257):
r0 = openat$tun(0xffffffffffffff9c, &(0x7f0000000240), 0x0, 0x0)
ioctl$TUNSETIFF(r0, 0x400454ca, &(0x7f0000000040)={'syzkaller0\x00', 0x7101})
r1 = socket(0x400000000010, 0x3, 0x0)
socket$unix(0x1, 0x1, 0x0)
sendmsg$nl_route_sched(r1, &(0x7f00000012c0)={0x0, 0x0, &(0x7f0000000000)={&(0x7f00000005c0)=@newqdisc={0x38, 0x24, 0x4ee4e6a52ff56541, 0x70bd2a, 0x25dfdbfb, {0x0, 0x0, 0x0, 0x0, {0x0, 0x1}, {0xffff, 0xffff}, {0xffff, 0x9}}, [@qdisc_kind_options=@q_multiq={{0xb}, {0x8}}]}, 0x38}}, 0x4000)
sendmsg$nl_route_sched(r1, &(0x7f0000000580)={0x0, 0x0, &(0x7f0000000200)={&(0x7f000000af40)=@newtfilter={0x7c, 0x2c, 0xd27, 0x30bd29, 0x25dfdbfc, {0x0, 0x0, 0x0, 0x0, {0x0, 0xf}, {}, {0x7, 0x9}}, [@filter_kind_options=@f_cgroup={{0xb}, {0x44, 0x2, [@TCA_CGROUP_POLICE={0x40, 0x2, [@TCA_POLICE_TBF={0x3c, 0x1, {0x6, 0x20000000, 0xb467, 0x6, 0x6, {0xdd, 0x2, 0x7fff, 0x6, 0x5, 0x401}, {0x2, 0xfc8ca8388efb58b1, 0x8, 0xe5a, 0x39}, 0x0, 0x100, 0x7}}]}]}}, @TCA_CHAIN={0x8, 0xb, 0x3}]}, 0x7c}, 0x1, 0x0, 0x0, 0x24000014}, 0x20084084)

4.627720579s ago: executing program 4 (id=258):
socketpair$unix(0x1, 0x5, 0x0, &(0x7f00000000c0)={0xffffffffffffffff, <r0=>0xffffffffffffffff})
pipe(&(0x7f0000000080)={<r1=>0xffffffffffffffff, <r2=>0xffffffffffffffff})
symlinkat(&(0x7f0000002040)='./file0/file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa/file0\x00', 0xffffffffffffff9c, &(0x7f0000000000)='./file0\x00')
r3 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000740)={0x11, 0x4, &(0x7f0000000180)=ANY=[@ANYBLOB="18010000010000000000000000030000850000007b00000095"], &(0x7f0000000100)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x2, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000200)={&(0x7f0000000340)='kfree\x00', r3}, 0x10)
removexattr(&(0x7f0000000040)='./file0\x00', &(0x7f0000000080)=@known='user.incfs.metadata\x00')
splice(r0, 0x0, r2, 0x0, 0x1, 0x0)
sendmsg$nl_xfrm(0xffffffffffffffff, 0x0, 0x0)
mmap(&(0x7f0000000000/0x95c000)=nil, 0x95c000, 0x200000b, 0x8c4b815a5465c2b2, 0xffffffffffffffff, 0x0)
r4 = socket$inet_tcp(0x2, 0x1, 0x0)
setsockopt$sock_int(r4, 0x1, 0x3c, &(0x7f0000000040)=0x1, 0x4)
setsockopt$inet_tcp_TCP_REPAIR(r4, 0x6, 0x13, &(0x7f00000000c0)=0x1, 0x4)
connect$inet(r4, &(0x7f0000000080)={0x2, 0x0, @loopback}, 0x10)
setsockopt$inet_tcp_TCP_REPAIR(r4, 0x6, 0x13, &(0x7f00000001c0)=0xffffffffffffffff, 0x4)
sendmsg$TIPC_CMD_SHOW_NAME_TABLE(r1, &(0x7f0000000300)={&(0x7f0000000140)={0x10, 0x0, 0x0, 0x100000}, 0xc, &(0x7f00000002c0)={0x0}, 0x1, 0x0, 0x0, 0x12}, 0x1)
sendmmsg$inet(r4, &(0x7f0000000d00)=[{{0x0, 0x1e, &(0x7f0000002c00)=[{&(0x7f0000001500)="b25b365c0254a7c6fc7ea6155a71b613b02d1645aab67271075189c3540c4dd19ebfb3c4acf87f2eeb258e62cc6ae96db360d874500cb86b4185ee533bf708", 0x3f}, {&(0x7f0000002800)="cf", 0x1}, {&(0x7f0000000380)="08e0ac8fb1d99df61d7b518d0a62071e7ec69f658d5a52d7eb7ea31db43f8cf570f335a80860ac4cc240dc149d8468493db8aad089f590d62e0bcb9d1dcee636ee311ee51839b7201745baef82209b2ab741dc5ea481ae9dcebe39b1101a42a8c82de46107541c240ad0d9ee4a9340cffd72aaea692a60993637c81d23a0d0ebbae66f1eb2771df2482c043d8715ae788b56cc91eaa4d6bbdec82d8f91eb822d0b5f3ebd86", 0x1}, {&(0x7f0000000180)="8a", 0x1}, {&(0x7f0000002b40)='-', 0x1}], 0x5}}, {{0x0, 0x0, &(0x7f0000002f00)=[{&(0x7f0000001580)="ce90bfdbcfb8a86a74f6799f98c36e23e210f053830ac8e978a0785884001a7099c4b9016f1a65a57390caf78c272cbf9711f94505dd525af1ff7d013438df5b844226f41b81e58eb73366", 0x4b}, {&(0x7f0000000540)="f2e659a0b00d26c2ee15", 0xa}, {&(0x7f0000002e40)="d4", 0x1}], 0x3}}, {{0x0, 0x0, &(0x7f0000000580)=[{&(0x7f0000003000)="e1", 0x1}, {&(0x7f00000010c0)="fa", 0x1}, {&(0x7f0000001680)="d8", 0x1}, {&(0x7f0000001600)="f2964dd16e01d56b414499264923beda58d7da0313c1ccafe53965750f25bdaa6b56a87307ec23d48b6f35ce49a813a2bc3cb23fdf42826bdc16788ff466919594de5bf8a1fa5d825947271ade4a95efeb170c", 0xfffffd57}, {&(0x7f0000001340)="b8", 0x1}, {&(0x7f0000000500)="01", 0x1}, {&(0x7f0000000280)="87", 0x1}], 0x7}}, {{0x0, 0x0, &(0x7f0000001540)=[{&(0x7f0000000140), 0x1}, {&(0x7f0000000340)="e4", 0xfffffec2}], 0x2, 0x0, 0xffffff84}}], 0x5f, 0x4000000)

4.422840503s ago: executing program 1 (id=259):
prlimit64(0x0, 0xe, &(0x7f0000000240)={0x8, 0x248}, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000080)=0x7)
r0 = getpid()
sched_setscheduler(r0, 0x2, &(0x7f0000000200)=0x6)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0xffffe000)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f00000001c0)={<r1=>0xffffffffffffffff, <r2=>0xffffffffffffffff})
connect$unix(r1, &(0x7f00000004c0)=@abs={0x0, 0x0, 0x4e21}, 0x6e)
sendmmsg$unix(r2, &(0x7f0000000000), 0x651, 0x0)
recvmmsg(r1, &(0x7f00000000c0), 0x3fffffffffffeda, 0x2, 0x0)
r3 = bpf$MAP_CREATE(0x0, &(0x7f0000000380)=ANY=[@ANYBLOB="1b00000000000000000000000080"], 0x48)
copy_file_range(r3, &(0x7f0000000300)=0x6, r2, 0x0, 0xb, 0x0)
r4 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xf, &(0x7f0000000180)=ANY=[@ANYBLOB="18000000000f0000000000000c00000018110000", @ANYRES32=r3, @ANYBLOB="0000000000000000b702000014000200b7030000000000008500000083000000bf0900000000000055090100000000009500000000000000bf91000000000000b7020000000000008500000084000000b70000000000000095"], &(0x7f0000000200)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000740)={&(0x7f00000006c0)='sched_switch\x00', r4}, 0x10)
r5 = openat$ttyS3(0xffffffffffffff9c, &(0x7f0000000000), 0x2, 0x0)
ioctl$TIOCSTI(r5, 0x5412, 0x0)
r6 = openat$uinput(0xffffffffffffff9c, &(0x7f0000000040), 0x802, 0x0)
ioctl$UI_DEV_CREATE(r6, 0x5501)
read$FUSE(0xffffffffffffffff, 0x0, 0x0)
r7 = openat$vhost_vsock(0xffffffffffffff9c, &(0x7f00000015c0), 0x2, 0x0)
ioctl$VHOST_SET_VRING_BASE(r7, 0xaf01, 0x0)
sendmsg$NFQNL_MSG_CONFIG(0xffffffffffffffff, &(0x7f0000000240)={0x0, 0x0, &(0x7f0000000200)={&(0x7f0000000040)=ANY=[@ANYBLOB="140000fb8ad2f248391a59010d3c120cc8000000"], 0x14}}, 0x0)
sendmsg$NFQNL_MSG_VERDICT_BATCH(0xffffffffffffffff, &(0x7f0000000400)={0x0, 0x0, &(0x7f00000003c0)={&(0x7f0000000440)=ANY=[@ANYBLOB="20000000030301030000000000010000070000000c00020000000000000000095214c7a7623bfde56d9b5010e72223c763b85c10e3267c28f8c630830d795043d200e94fd178"], 0x20}, 0x1, 0x0, 0x0, 0x20004000}, 0x4)
bpf$PROG_LOAD(0x5, &(0x7f0000000ac0)={0x1c, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback=0xb, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x52, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x94)

3.227829316s ago: executing program 2 (id=260):
r0 = socket$inet_udplite(0x2, 0x2, 0x88)
setsockopt$sock_int(r0, 0x1, 0x2f, 0x0, 0x0)

3.126812764s ago: executing program 0 (id=261):
r0 = socket$can_bcm(0x1d, 0x2, 0x2)
ioctl$ifreq_SIOCGIFINDEX_vcan(r0, 0x8933, &(0x7f0000000080)={'vxcan1\x00', <r1=>0x0})
connect$can_bcm(r0, &(0x7f0000000040)={0x1d, r1}, 0x10)
r2 = socket$nl_route(0x10, 0x3, 0x0)
ioctl$ifreq_SIOCGIFINDEX_vcan(r2, 0x8933, &(0x7f0000000000)={'vxcan0\x00', <r3=>0x0})
sendmsg$nl_route_sched(r2, &(0x7f0000000200)={0x0, 0x0, &(0x7f00000002c0)={&(0x7f0000000080)=@getchain={0x24, 0x11, 0x1, 0x0, 0x2000001, {0x0, 0x0, 0x0, r3, {0x1}, {0x9}, {0xfff2, 0x6}}}, 0x24}}, 0x40044)
sendmsg$can_bcm(r0, 0x0, 0x240400c6)

3.101911694s ago: executing program 2 (id=262):
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000080)=0x8)
r0 = getpid()
sched_setscheduler(r0, 0x1, &(0x7f0000000100)=0x5)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000001480)={<r1=>0xffffffffffffffff, <r2=>0xffffffffffffffff})
connect$unix(r1, &(0x7f0000000000)=@abs={0x0, 0x0, 0x4e22}, 0x6e)
sendmmsg$unix(r2, &(0x7f00000bd000), 0x318, 0x0)
recvmmsg(r1, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
bpf$MAP_CREATE(0x0, &(0x7f00000000c0)=@base={0x1b, 0x0, 0x0, 0x8000, 0x0, 0xffffffffffffffff, 0x0, '\x00', 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, @void, @value, @void, @value}, 0x48)
bpf$PROG_LOAD(0x5, 0x0, 0x0)
r3 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, &(0x7f0000000240)=ANY=[], &(0x7f0000000200)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x90)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000300)={&(0x7f0000000000)='sched_switch\x00', r3}, 0x10)
socket$inet6(0xa, 0x3, 0x7)
r4 = openat$tun(0xffffffffffffff9c, &(0x7f0000000080), 0x0, 0x0)
ioctl$TUNSETIFF(r4, 0x400454ca, &(0x7f0000000140)={'pim6reg1\x00', 0x1})
bpf$PROG_LOAD_XDP(0x5, &(0x7f0000000a40)={0x3, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b704000000000000850000005900000095"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x25, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x42, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x90)
close(r4)

1.813414023s ago: executing program 1 (id=263):
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, 0x0, 0x0)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0xa, 0x8b}, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000080)=0x8)
r0 = getpid()
sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2)
sched_setscheduler(r0, 0x1, &(0x7f0000000200)=0x7)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000180)={<r1=>0xffffffffffffffff, <r2=>0xffffffffffffffff})
connect$unix(r1, &(0x7f0000000400)=@abs={0x0, 0x0, 0x4e24}, 0x6e)
sendmmsg$unix(r2, &(0x7f0000000000), 0x651, 0x0)
recvmmsg(r1, 0x0, 0x0, 0x2, 0x0)
r3 = socket(0x10, 0x3, 0x0)
setsockopt$netlink_NETLINK_TX_RING(r3, 0x10e, 0xc, &(0x7f0000000040)={0x5}, 0x10)
sendmsg$nl_route(r3, &(0x7f0000000380)={0x0, 0x0, &(0x7f0000000140)={&(0x7f00000000c0)=ANY=[@ANYBLOB="2c0000001a00010000000000000000000a0000000000000000000000080010000000000006001500"], 0x2c}}, 0x0)
r4 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xb, &(0x7f0000000ac0)=ANY=[@ANYBLOB="1800000000000000000000000000000018010000786c6c2500000000002020207b1af8ff00000000bfa100000000000007010000f8ffffffb702000008000000b7030000fdffffff850000002d00000095"], &(0x7f0000000000)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0xa, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000240)={&(0x7f00000001c0)='mm_page_alloc_extfrag\x00', r4}, 0x18)
inotify_add_watch(0xffffffffffffffff, &(0x7f0000000080)='./file1\x00', 0x42000773)
ftruncate(0xffffffffffffffff, 0x6000000)
sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2)
openat$procfs(0xffffffffffffff9c, &(0x7f0000000040)='/proc/timer_list\x00', 0x0, 0x0)
socket$inet_udp(0x2, 0x2, 0x0)
r5 = socket$nl_route(0x10, 0x3, 0x0)
socket$inet6_udp(0xa, 0x2, 0x0)
sendmsg$nl_route_sched(r5, &(0x7f0000001200)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000080)=@newqdisc={0x38, 0x24, 0x4ee4e6a52ff56541, 0x70bd28, 0x0, {0x0, 0x0, 0x0, 0x0, {}, {0xffff, 0xffff}, {0xd}}, [@qdisc_kind_options=@q_fq={{0x7}, {0xc, 0x2, [@TCA_FQ_FLOW_MAX_RATE={0x8, 0x7, 0x10001}]}}]}, 0x38}}, 0x0)
socket$nl_route(0x10, 0x3, 0x0)

1.539593873s ago: executing program 0 (id=264):
bpf$TOKEN_CREATE(0x24, 0x0, 0x0)
bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000340)={0x11, 0x5, 0x0, &(0x7f0000000400)='GPL\x00', 0xffffffff, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x2, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, 0x0, 0x0)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000080)=0x8)
sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2)
r0 = getpid()
sched_setscheduler(r0, 0x2, &(0x7f0000000200)=0x7)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={<r1=>0xffffffffffffffff, <r2=>0xffffffffffffffff})
connect$unix(r1, &(0x7f000057eff8)=@file={0x0, './file0\x00'}, 0x6e)
sendmmsg$unix(r2, &(0x7f0000000000), 0x651, 0x0)
recvmmsg(r1, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000540)={&(0x7f0000000080)='sched_switch\x00'}, 0x2d)
socket$tipc(0x1e, 0x5, 0x0)
r3 = openat$sndtimer(0xffffffffffffff9c, &(0x7f0000000000), 0x0)
ioctl$SNDRV_TIMER_IOCTL_GINFO(r3, 0xc0f85403, 0x0)
openat$kvm(0xffffffffffffff9c, 0x0, 0x20040, 0x0)
ioctl$USBDEVFS_DISCONNECT_CLAIM(0xffffffffffffffff, 0x8108551b, &(0x7f0000000000)={0x3, 0x1, "ec9fe44d4dc356a65274d7c727e7e53c1bb714e315eeb406bfdd73835e57647aa7e3470c6017832b10b386a6f73791011c26a9aa141f406e373f000000000000007b92490400fe7750bec83bf6ed5b67213fa7d6c0823fd154ed29ed7eff0d2eff1907e1ff468f65b0f0b46caa357d70ee438e901d7645c090272081f98fd2e3e5a63e006204df635e731a5bfcf142f45295174546186356f0ebf7d25a57ff070000000000004ae9f0bf94b99e6b87de5f79d383d05bb32701da87400785a49788f08caecc9e0c48a3740bbe6e1c1fd400cfdfe756bcb7d08e36655c00"})
r4 = syz_genetlink_get_family_id$nl80211(&(0x7f0000000080), 0xffffffffffffffff)
sendmsg$NL80211_CMD_START_AP(0xffffffffffffffff, &(0x7f0000000640)={0x0, 0x0, &(0x7f0000000400)={&(0x7f0000000740)={0x40, r4, 0x5, 0x0, 0x0, {{}, {@void, @val={0xc, 0x99, {0x4, 0x853}}}}, [@NL80211_ATTR_SSID={0x1e, 0x34, @random="f56ccaf56e7888ac4c2b77d46e797620ab8812eab0e3d94dcfc6"}]}, 0x40}, 0x1, 0x0, 0x0, 0x80}, 0x0)

1.440993164s ago: executing program 2 (id=265):
r0 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000002180)='blkio.bfq.io_merged\x00', 0x275a, 0x0)
ftruncate(r0, 0xc17a)
mbind(&(0x7f0000000000/0x600000)=nil, 0x600000, 0x2, &(0x7f0000000080)=0x9, 0x5, 0x0)
mbind(&(0x7f00005f7000/0x2000)=nil, 0x2000, 0x0, 0x0, 0x0, 0x0)
mremap(&(0x7f000008f000/0x2000)=nil, 0x2000, 0x1000, 0x3, &(0x7f0000486000/0x1000)=nil)

1.336794409s ago: executing program 4 (id=266):
mq_open(&(0x7f0000001500)='eth0\x00#\x13\xaeu\xe0\xfbu0*\xf3\x11i\xdd\xd9\xc6\x87\xde\xbf_\xa0\xf6\xdfk\xbf.\"\xa6\xc0#p\xcd\x1c/\xa6\xf2\xbcyL\x85a\xb5\xbb~+>\xbc\x93\xf8\xab\x9a3\x85l\x1d\x15\x11\x1a{@!2\xb6!\xae\xf79k\x90\x88\v8I$\xfdQ\x1d\x90=r\xd8\xc0\xd8\t/\x8dv\xd3\xa7\xd8J\xfd\x94#KT\xdd\x14\xd3\xe1\xbe_$A=z\xee\xbd/X\xbemOX)s\x94\xde\xbe_\x88N\xb8\xde\xeb)\xcd\xc56m\n\v\x01\xbe\xeb\xbb\x91\x11z\xc2|d\x1b\x04\xd2\xf9yx\xb2\x1b\bLTrw\x88|0\t\xc6\xe2\x9c\xed\\\xd8[\xc8\x04 \xf3\xac]V\x1d:\xfc\xc3\x9e\x02\ax\xef\xfe\x1c.TT\xcf\xbf\xf5\x80a%\xdcQ\xb3CuT\xcc\x02\xea\x91\xe8\xd8\x01YZy\xe6!\x89\x9c\xd1\xa6\x167\x8avs\xb2\a\xfe\xb3j*\xad\x18I\xcc\xe9\xaa{]\xef\xb7\xf2\xee*\xf95\bJt\xd0s\xc4\xaa\xc8\x13~\xb2\xf20\xbdf\xdb\xaeG\xe3\xfb\xef\x94\xef:Q\x1b\xe3\xa3\xa4}\xef`e\xcdL\xab\xdb\r\xf2y\x9fg1\xf4\t\x18i/!\x13\xf1,\x8cu\xaa\xbf~)\x94\x1b2\x93\x86\xe7\x9a\xf2j\xa8\x96\xa6\xa2\xfcN\x81\xafTh\xb3\x1bo:\xe8\vq7S\xe4H\xf3L\xa0\x9c\x97B\x12\x10\x9d\xaa\x7fq\x06\xb9(\xf6\x1c\x83\xb1[\x84\x10aF\x9b\xda\xeb\xc4*\x02q\xb2\x92\x00\x8cv\xac AN\xb9\xaa\xe0\x9d\x97Te\x81\x98L\xfe\x97+u\xd3^\xb1\xf0\xe0\x1f\xbd\a\xbb\xe5\x18\x9ds\x12ha\x00\xeb\x84\x99\xc6\x0f\xf1\xd5LD\xa87\xa0DQ\x8a2\x16!8,\xbc%$\xf1\xf2\xd6\x9cy\xecK\xda\xc5\xdc\xfa\xdd\xf6\b\xc6\xb4\x14\x16\x9c\x7f\x92\x85\xb0\xa2%:\xf0\xf4\x150\x0f\xb4\xa6d\xb4\xe4L\x19W\xd5\x90\xf7l\x1b\xfe\xde\vh\x97=\b\x00.\xac\vh\xfe\x84Q}\x838/\x83\xebP\xbe\xd6+:\xceE\\\x95\xd4\xac\x92\x87\xd7\x98\x97\xe3\xec\xad\xd5\xac\x80C\x84R\x88r^g\xbaQ(\x9a>\xe2\xba\xa8=\x17\f04\x8f\x1f\xf2\x88*@v\xe7\xd1\xee\xb3\xc2\x8dT\xda\x81g\xd9\x1a:hzW6s)x\x06\xae\x11\xf2\x1e\xcd\v\xe5L\x19\x96s\xbc\x9e\xf4\x10$\r\xa4\xd8\xa2\xa2\xfcM\xc5R3~$\xc0\xa5n\x9a W\xb1e\xcc<$\xdf\x15\f]\x15\xf5#G\xce\xaf\x88U\xfa\x80\xf24\xf6\xb5\xef\xe2z\xcf\x9eN\x92\xac\x81{\xe6\xbd\xd7\x16\xe6F\xe2\x9e\x91%\x94\v\xb9\xdc\xd6\x87\x8f\xcd\xc1\xb05\x81\x81\xf8\xe9X\xe8Kt9@\xf4\xe1\xa6=\xc9\xe1:p4\nP[f\x1d\xfd\xfa\x839\x8d\x0e\xd1\xf9\xa0\xd2^E\xe5\xedo.\xaa\xf2\xb4\xcdn\x14\f\xcd\x83_yk\xda\xc5\x89\xf0Z\xea\x1d\xbd\xc00\v\xa3\xb3\xbe\xe6\x8b\x18/\xa8\xaaY\xf2\x89\x0f\x9enOOr\x00\xb2\x01\x1f:Z\xb8\xee;\xe3;\x8aPV\xce\xee\xf8[\x16\n\xe6:z\xb8\x1dvk\a{\xc1\x14\xd9+\xdb\t\x11\x90y\xe8\\\xe6\xfc\xca\xb4\xcbC\xd6\xd0\xbeC\xce\xc0L\xdb\xcd\xb3\x907c\xb4\xa6\xce\xdb[\xce\x122N\xa3\xc7Q<\x1a\xa5\xb3)\xc5\x98\x84\x8a\x82\x19\xb0\t\xac\x10\\\x8c\xbe\xcb\raIYe[\xa8\xc4\xac\x0e\xbb\x0f\b^\xdag\xe2\xa9\"\xf5h\'\xcf\xd9\x1b\xef\xe3\xe7y\x82\x1e\xca\x7f\x02 \xcf\x9e\xe0\xd9TM\xb9\n\xa9\xad3\x91\xa5\xe6!\xcd\xa2\xa4\x14\x12\xf9\xbf\xa8b\xcec:\xd7\'\f\f\x957\xc9}\r\xa6\xaa\x0f\xca\x96\xeb', 0x42, 0x185, 0x0)
r0 = openat$rdma_cm(0xffffffffffffff9c, &(0x7f00000001c0), 0x2, 0x0)
write$RDMA_USER_CM_CMD_CREATE_ID(r0, &(0x7f0000000480)={0x0, 0x18, 0xfa00, {0x0, &(0x7f00000002c0)={<r1=>0xffffffffffffffff}, 0x13f}}, 0x20)
mmap(&(0x7f0000ffb000/0x3000)=nil, 0x3000, 0x0, 0x110, 0xffffffffffffffff, 0x45ff0000)
write$RDMA_USER_CM_CMD_RESOLVE_IP(r0, &(0x7f0000000100)={0x3, 0x40, 0xfa00, {{0x2, 0x4e21, 0x0, @rand_addr=' \x01\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x01'}, {0xa, 0x0, 0x0, @mcast2}, r1}}, 0x48)
r2 = openat$rdma_cm(0xffffffffffffff9c, &(0x7f0000000540), 0x2, 0x0)
write$RDMA_USER_CM_CMD_SET_OPTION(r2, &(0x7f0000000380)={0xe, 0x18, 0xfa00, @id_afonly={&(0x7f0000000000)=0x1, 0xffffffffffffffff, 0x0, 0x2, 0x4}}, 0x20)
write$RDMA_USER_CM_CMD_RESOLVE_IP(r2, &(0x7f0000000100)={0x3, 0x40, 0xfa00, {{0xa, 0x4e21, 0xffffffff, @loopback}, {0xa, 0x0, 0x0, @remote}}}, 0x48)
close(0x4)

1.230012603s ago: executing program 2 (id=267):
ioctl$KVM_CREATE_VM(0xffffffffffffffff, 0xae01, 0x0)
bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f00000000c0)={0x14, 0x4, &(0x7f0000000240)=ANY=[@ANYBLOB], &(0x7f0000000080)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x94)
openat$uinput(0xffffffffffffff9c, 0x0, 0x0, 0x0)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000080)=0x8)
getpid()
sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={<r0=>0xffffffffffffffff, <r1=>0xffffffffffffffff})
connect$unix(r0, &(0x7f000057eff8)=@file={0x0, './file0\x00'}, 0x6e)
sendmmsg$unix(r1, &(0x7f0000000000), 0x651, 0x0)
recvmmsg(r0, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
r2 = bpf$MAP_CREATE_RINGBUF(0x0, &(0x7f0000000180)=ANY=[@ANYBLOB="1b0000000000000000000000000004"], 0x48)
r3 = bpf$PROG_LOAD(0x5, &(0x7f0000000580)={0x11, 0xf, &(0x7f0000000200)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32=r2, @ANYBLOB="0000000000000000b702000014000000b7030000000000008500000083000000bf0900000000000055090100000000009500000000000000bf91000000000000b7020000000000008500000085000000b70000000000000095"], &(0x7f0000001dc0)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000540)={&(0x7f0000000080)='sched_switch\x00', r3}, 0x2d)
r4 = socket$can_bcm(0x1d, 0x2, 0x2)
connect$can_bcm(r4, &(0x7f0000000000), 0x10)
setsockopt$SO_TIMESTAMPING(r4, 0x1, 0x25, &(0x7f0000000280)=0xc9, 0x4)
sendmsg$can_bcm(r4, &(0x7f0000000140)={0x0, 0x0, &(0x7f0000000100)={&(0x7f0000000080)=ANY=[@ANYBLOB="0500000003080000", @ANYRES64=0x0, @ANYRES64=0x2710], 0x80}}, 0x0)
recvmmsg(r4, 0x0, 0x0, 0x120, 0x0)
bind$inet(0xffffffffffffffff, &(0x7f0000000000)={0x2, 0x6e24, @empty}, 0x10)

1.228101459s ago: executing program 4 (id=268):
r0 = openat$tun(0xffffffffffffff9c, &(0x7f0000000240), 0x0, 0x0)
ioctl$TUNSETIFF(r0, 0x400454ca, &(0x7f0000000040)={'syzkaller0\x00', 0x7101})
r1 = socket(0x400000000010, 0x3, 0x0)
socket$unix(0x1, 0x1, 0x0)
sendmsg$nl_route_sched(r1, &(0x7f00000012c0)={0x0, 0x0, &(0x7f0000000000)={&(0x7f00000005c0)=@newqdisc={0x38, 0x24, 0x4ee4e6a52ff56541, 0x70bd2a, 0x25dfdbfb, {0x0, 0x0, 0x0, 0x0, {0x0, 0x1}, {0xffff, 0xffff}, {0xffff, 0x9}}, [@qdisc_kind_options=@q_multiq={{0xb}, {0x8}}]}, 0x38}}, 0x4000)
sendmsg$nl_route_sched(r1, &(0x7f0000000580)={0x0, 0x0, &(0x7f0000000200)={&(0x7f000000af40)=@newtfilter={0x7c, 0x2c, 0xd27, 0x30bd29, 0x25dfdbfc, {0x0, 0x0, 0x0, 0x0, {0x0, 0xf}, {}, {0x7, 0x9}}, [@filter_kind_options=@f_cgroup={{0xb}, {0x44, 0x2, [@TCA_CGROUP_POLICE={0x40, 0x2, [@TCA_POLICE_TBF={0x3c, 0x1, {0x6, 0x20000000, 0xb467, 0x6, 0x6, {0xdd, 0x2, 0x7fff, 0x6, 0x5, 0x401}, {0x2, 0xfc8ca8388efb58b1, 0x8, 0xe5a, 0x39}, 0x0, 0x100, 0x7}}]}]}}, @TCA_CHAIN={0x8, 0xb, 0x3}]}, 0x7c}, 0x1, 0x0, 0x0, 0x24000014}, 0x20084084)

1.108101371s ago: executing program 3 (id=269):
bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xb, 0x0, 0x0, 0x4, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x94)
syz_open_dev$usbfs(0x0, 0x800000001fe, 0x181002)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000080)=0x8)
sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2)
sched_setscheduler(0x0, 0x2, &(0x7f0000000200)=0x7)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={<r0=>0xffffffffffffffff, <r1=>0xffffffffffffffff})
connect$unix(r0, &(0x7f000057eff8)=@file={0x0, './file0\x00'}, 0x6e)
sendmmsg$unix(r1, &(0x7f0000000000), 0x651, 0x0)
recvmmsg(r0, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
r2 = bpf$MAP_CREATE_RINGBUF(0x0, &(0x7f0000000180)={0x1b, 0x0, 0x0, 0x40000, 0x0, 0x0, 0x0, '\x00', 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, @void, @value, @void, @value}, 0x48)
r3 = bpf$PROG_LOAD(0x5, &(0x7f0000000680)={0x11, 0xf, &(0x7f0000000340)=@ringbuf={{}, {{0x18, 0x1, 0x1, 0x0, r2}}, {}, [], {{}, {}, {0x85, 0x0, 0x0, 0x84}}}, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000540)={&(0x7f0000000080)='sched_switch\x00', r3}, 0x2d)
bpf$PROG_LOAD(0x5, 0x0, 0x0)
bpf$PROG_LOAD(0x5, &(0x7f0000000140)={0x17, 0x3, &(0x7f0000000200)=@framed={{0x85, 0x0, 0x0, 0x0, 0x65, 0x4}}, &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @cgroup_sysctl, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0xa0)

260.615417ms ago: executing program 1 (id=270):
r0 = syz_open_dev$loop(&(0x7f0000000140), 0x760, 0xa382)
r1 = memfd_create(&(0x7f0000000880)='C\x13\xfc2\x95WD\xaa\xba^\x90\xfd\x8d\xc2\xb1[\x81\xda\xda\xd6\x8c\xc99\xec\x0e*||\xe4\xb3\xc4\xb6\v\xaa\x15\x86,\xac\x8d\x89cu\x10\xdc\x93\x9b\xb4\x93\xafE*:\xe4\xdd\xa5\xa75\xb8\x1e;7\xb7.V\xdcrw[\r\x98\x93j\x9c\xf6\xf8\x99\xefF_\xcd\xdf!b\xc5\xec\ntb\xff\b\xaaF?!\x9f\a\x1a\x03\f\xe94\x1deU\x06zS\xc90\xb9voI\xa5/\xb4\xa7@\xa1\\B\xc2@\r_b\x9a\xeb\b\x81\x00V\xd6/N\xc5\xc6f\xb1\x95Z\xe5w^\xd8\xe7J\x80\xf7\xae\xafuv\x84\x9eG\xd1\xe7\x9b\xf0_9\xc2\x9b\xfd\xc3\xf3\xe4\x95P\xf1m\xcf\xc2\xe1\xe6\xa6\x8c\x11\xfb\xb8S\x8b\x92\\\asW-Ee\x02\x00\x00\x00\xd0;Q\xc1~\x89\xec\xc8\x9b\x88\a\xf2\x93\x82(\x8b\x00\xd8\xb4T\x80\x95\x93\x9c5\xcf\t\x04\x00\x00\x00\x00\x00\x00v\xef\xee+\xab\x9c\x00^R\xb2n?i=\xbe\x16\x8a\xbf\xe3\xcdB\xed\xe14\xe8\xd0\xb7\xff\xfeQ\x1c\x85n8\x1b\xc1\b\x00\x00\x00\x00\x00\x00\x00\x17\x94\xdfW<GE\xf1\xe9\xf1q\x8c\xf0\xae\x98\x8c\xe0\xc1g}\xaeW\xaa\xa1\x90\x8c\n$\xa6\xbb\x10\xaf\xc7~\x11\x03<v\xe9\xc7K\xf6]\x11)u\xd3\x15\x01}\xe25$\xb0\x86v\x80\r\x9c\xb8\xe6\xd3(\xa0G2s\xa9&\xb3QU~u\x13\x05kKp\xa6&\x8eu\x1d\xb2\xa9!\xc9\xfa\xd0dG5\xcbf<}r\xab\x9c\xd9f6iN\xaa>\x92z\xbe\xb2R)\xf1K\xd7\xaf\x99\xf6d\xe8\xec\xb7\xbd+T3\xa6\xa9\xfaY-1qs\x82\xefn*\x96\xc9\x1e\xf4\xd1\x02Dt\xc0\x19\xf7\x89\x96.D [F\xeeYW\x95\x13\xc7;\x94\x13^\x13\xaf\xf0C\x9c\xabf\x1daCS2\x02\xb0\xef\xc7\x8c\x9e\xed\a\n<V\xaa\xbfZ1\xa82\x85\x99\x0e$U\xb4X\xc7\xfa\f\b\x8f\xc4\xbeIt\xe4\xc51\xba\xb9H\xe8\x96\x94\xd7\xdc\x81\x111\t\xafl\x97\xd8T\xd40\x90ON\xaaFY\xb4\xb3\xf4\xf8JT\xc5:\xc5\aGc\xb5\x12\x90\x7f\x00\x91\xce@\xe5\xd3A\xcc\xd5|\x9f\x8e5\x042\x9a\xc1\xa1\a\xb7\xf5\xbc,\xd1\xd3k8\xc5', 0x1)
ioctl$LOOP_CHANGE_FD(r0, 0x4c00, r1)
ioctl$LOOP_SET_STATUS(r0, 0x4c02, &(0x7f00000001c0)={0x0, {}, 0x0, {}, 0x7fff, 0x4, 0xffffffff, 0x18, "28f5c9ea1f1ae4be4111ab18d2da69bde58cd7af40fd150b70aac11c2e16bd5bba7663c435aff94793ddd7aae07ef35f17bf01933bdb6fd7ecdd91b59ca8d541", "07a9310978042a8bfe1406584a128d7469166f4f07b84819e7df4af14e1df82d", [0x6, 0x1]})

229.900215ms ago: executing program 0 (id=271):
r0 = syz_genetlink_get_family_id$nl80211(&(0x7f00000003c0), 0xffffffffffffffff)
r1 = socket$nl_generic(0x10, 0x3, 0x10)
ioctl$sock_SIOCGIFINDEX_80211(r1, 0x8933, &(0x7f0000000540)={'wlan0\x00', <r2=>0x0})
sendmsg$NL80211_CMD_NEW_KEY(r1, &(0x7f00000006c0)={0x0, 0x0, &(0x7f0000000680)={&(0x7f0000000780)={0x58, r0, 0x801, 0x70bd2c, 0x0, {{}, {@val={0x8, 0x3, r2}, @void}}, [@NL80211_ATTR_KEY={0x30, 0x50, 0x0, 0x1, [@NL80211_KEY_DATA_WEP104={0x11, 0x1, "4abee339084eeef16f162471f4"}, @NL80211_KEY_TYPE={0x8}, @NL80211_KEY_IDX={0x5}, @NL80211_KEY_CIPHER={0x8, 0x3, 0xfac06}]}, @NL80211_ATTR_MAC={0xa, 0x6, @device_b}]}, 0x58}, 0x1, 0x0, 0x0, 0x44151}, 0x0)

0s ago: executing program 4 (id=272):
r0 = bpf$MAP_CREATE(0x0, &(0x7f0000001780)=ANY=[@ANYBLOB="02000000040000000600000005000000"], 0x48)
r1 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000001070000000000000000260018110000", @ANYRES32=r0, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b704000000000000850000000100000095"], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000540)={&(0x7f0000000000)='sched_switch\x00', r1}, 0x10)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000080)=0x8)
r2 = getpid()
sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2)
sched_setscheduler(r2, 0x2, &(0x7f0000000200)=0x7)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={<r3=>0xffffffffffffffff, <r4=>0xffffffffffffffff})
connect$unix(r3, &(0x7f000057eff8)=@abs={0x0, 0x0, 0x2000000}, 0x6e)
sendmmsg$unix(r4, &(0x7f0000000000), 0x651, 0x0)
recvmmsg(r3, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
bpf$PROG_LOAD(0x5, 0x0, 0x0)
sendmsg$nl_xfrm(0xffffffffffffffff, 0x0, 0x24010000)
add_key$fscrypt_v1(&(0x7f0000000000), 0x0, &(0x7f0000000080)={0x0, "69dcaf20127e9a854529f45826cb35be51682e30944313e2ca73845d177d601880221daeccfda56b75cfe2bad94f000066b2ddab614fec2236da7d88ea07c9ee"}, 0x48, 0xfffffffffffffffe)
bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x0, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x94)
r5 = bpf$MAP_CREATE(0x0, &(0x7f00000000c0)=ANY=[@ANYBLOB], 0x48)
bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x0, 0xc, &(0x7f0000000440)=ANY=[@ANYRES32=r5, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x94)
ioperm(0x0, 0x2, 0x3)
prlimit64(0x0, 0xe, &(0x7f0000000240)={0x8, 0x248}, 0x0)
getpid()
bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000200)={0xd, 0x4, &(0x7f0000000000)=@framed={{}, [@ldst={0x1, 0x3, 0x3, 0x9, 0x1, 0xb0}]}, &(0x7f0000000080)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x80)

kernel console output (not intermixed with test programs):

Warning: Permanently added '10.128.0.150' (ED25519) to the list of known hosts.
[   79.677542][ T5808] cgroup: Unknown subsys name 'net'
[   79.855938][ T5808] cgroup: Unknown subsys name 'cpuset'
[   79.865261][ T5808] cgroup: Unknown subsys name 'rlimit'
Setting up swapspace version 1, size = 127995904 bytes
[   81.556192][ T5808] Adding 124996k swap on ./swap-file.  Priority:0 extents:1 across:124996k 
[   84.184040][   T51] Bluetooth: hci0: unexpected cc 0x0c03 length: 249 > 1
[   84.200408][   T51] Bluetooth: hci0: unexpected cc 0x1003 length: 249 > 9
[   84.230482][   T51] Bluetooth: hci0: unexpected cc 0x1001 length: 249 > 9
[   84.241434][   T51] Bluetooth: hci0: unexpected cc 0x0c23 length: 249 > 4
[   84.260296][   T51] Bluetooth: hci0: unexpected cc 0x0c38 length: 249 > 2
[   84.284842][ T5822] Bluetooth: hci1: unexpected cc 0x0c03 length: 249 > 1
[   84.294060][ T5142] Bluetooth: hci1: unexpected cc 0x1003 length: 249 > 9
[   84.302422][ T5822] Bluetooth: hci1: unexpected cc 0x1001 length: 249 > 9
[   84.311812][ T5822] Bluetooth: hci1: unexpected cc 0x0c23 length: 249 > 4
[   84.320231][ T5822] Bluetooth: hci1: unexpected cc 0x0c38 length: 249 > 2
[   84.350608][ T5822] Bluetooth: hci2: unexpected cc 0x0c03 length: 249 > 1
[   84.358554][ T5822] Bluetooth: hci2: unexpected cc 0x1003 length: 249 > 9
[   84.367619][ T5822] Bluetooth: hci3: unexpected cc 0x0c03 length: 249 > 1
[   84.376368][ T5822] Bluetooth: hci3: unexpected cc 0x1003 length: 249 > 9
[   84.384349][ T5822] Bluetooth: hci2: unexpected cc 0x1001 length: 249 > 9
[   84.384351][ T5827] Bluetooth: hci3: unexpected cc 0x1001 length: 249 > 9
[   84.389014][ T5822] Bluetooth: hci2: unexpected cc 0x0c23 length: 249 > 4
[   84.406777][ T5827] Bluetooth: hci3: unexpected cc 0x0c23 length: 249 > 4
[   84.410901][ T5822] Bluetooth: hci2: unexpected cc 0x0c38 length: 249 > 2
[   84.434549][ T5822] Bluetooth: hci3: unexpected cc 0x0c38 length: 249 > 2
[   84.446292][ T5142] Bluetooth: hci4: unexpected cc 0x0c03 length: 249 > 1
[   84.459424][ T5142] Bluetooth: hci4: unexpected cc 0x1003 length: 249 > 9
[   84.467989][ T5142] Bluetooth: hci4: unexpected cc 0x1001 length: 249 > 9
[   84.476455][ T5142] Bluetooth: hci4: unexpected cc 0x0c23 length: 249 > 4
[   84.484295][ T5142] Bluetooth: hci4: unexpected cc 0x0c38 length: 249 > 2
[   85.108537][ T5819] chnl_net:caif_netlink_parms(): no params data found
[   85.279458][ T5823] chnl_net:caif_netlink_parms(): no params data found
[   85.303367][ T5833] chnl_net:caif_netlink_parms(): no params data found
[   85.339883][ T5824] chnl_net:caif_netlink_parms(): no params data found
[   85.508309][ T5830] chnl_net:caif_netlink_parms(): no params data found
[   85.527735][ T5819] bridge0: port 1(bridge_slave_0) entered blocking state
[   85.535083][ T5819] bridge0: port 1(bridge_slave_0) entered disabled state
[   85.543090][ T5819] bridge_slave_0: entered allmulticast mode
[   85.551374][ T5819] bridge_slave_0: entered promiscuous mode
[   85.598271][ T5819] bridge0: port 2(bridge_slave_1) entered blocking state
[   85.605536][ T5819] bridge0: port 2(bridge_slave_1) entered disabled state
[   85.613144][ T5819] bridge_slave_1: entered allmulticast mode
[   85.620545][ T5819] bridge_slave_1: entered promiscuous mode
[   85.736802][ T5824] bridge0: port 1(bridge_slave_0) entered blocking state
[   85.744075][ T5824] bridge0: port 1(bridge_slave_0) entered disabled state
[   85.751896][ T5824] bridge_slave_0: entered allmulticast mode
[   85.758977][ T5824] bridge_slave_0: entered promiscuous mode
[   85.769751][ T5819] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link
[   85.792652][ T5823] bridge0: port 1(bridge_slave_0) entered blocking state
[   85.799867][ T5823] bridge0: port 1(bridge_slave_0) entered disabled state
[   85.807246][ T5823] bridge_slave_0: entered allmulticast mode
[   85.815427][ T5823] bridge_slave_0: entered promiscuous mode
[   85.835212][ T5824] bridge0: port 2(bridge_slave_1) entered blocking state
[   85.842851][ T5824] bridge0: port 2(bridge_slave_1) entered disabled state
[   85.850391][ T5824] bridge_slave_1: entered allmulticast mode
[   85.857492][ T5824] bridge_slave_1: entered promiscuous mode
[   85.866616][ T5819] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link
[   85.901968][ T5823] bridge0: port 2(bridge_slave_1) entered blocking state
[   85.909131][ T5823] bridge0: port 2(bridge_slave_1) entered disabled state
[   85.916915][ T5823] bridge_slave_1: entered allmulticast mode
[   85.924099][ T5823] bridge_slave_1: entered promiscuous mode
[   85.985217][ T5833] bridge0: port 1(bridge_slave_0) entered blocking state
[   85.992519][ T5833] bridge0: port 1(bridge_slave_0) entered disabled state
[   85.999804][ T5833] bridge_slave_0: entered allmulticast mode
[   86.007685][ T5833] bridge_slave_0: entered promiscuous mode
[   86.060742][ T5819] team0: Port device team_slave_0 added
[   86.066952][ T5833] bridge0: port 2(bridge_slave_1) entered blocking state
[   86.074638][ T5833] bridge0: port 2(bridge_slave_1) entered disabled state
[   86.082215][ T5833] bridge_slave_1: entered allmulticast mode
[   86.089304][ T5833] bridge_slave_1: entered promiscuous mode
[   86.098834][ T5823] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link
[   86.108340][ T5830] bridge0: port 1(bridge_slave_0) entered blocking state
[   86.117850][ T5830] bridge0: port 1(bridge_slave_0) entered disabled state
[   86.125099][ T5830] bridge_slave_0: entered allmulticast mode
[   86.133770][ T5830] bridge_slave_0: entered promiscuous mode
[   86.144140][ T5824] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link
[   86.157896][ T5824] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link
[   86.169154][ T5819] team0: Port device team_slave_1 added
[   86.191917][ T5823] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link
[   86.217123][ T5830] bridge0: port 2(bridge_slave_1) entered blocking state
[   86.224687][ T5830] bridge0: port 2(bridge_slave_1) entered disabled state
[   86.231929][ T5830] bridge_slave_1: entered allmulticast mode
[   86.239037][ T5830] bridge_slave_1: entered promiscuous mode
[   86.348062][ T5833] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link
[   86.357675][ T5822] Bluetooth: hci1: command tx timeout
[   86.369295][ T5833] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link
[   86.383101][ T5823] team0: Port device team_slave_0 added
[   86.404916][ T5824] team0: Port device team_slave_0 added
[   86.411904][ T5819] batman_adv: batadv0: Adding interface: batadv_slave_0
[   86.418872][ T5819] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[   86.445610][ T5822] Bluetooth: hci0: command tx timeout
[   86.445675][ T5819] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active
[   86.478858][ T5823] team0: Port device team_slave_1 added
[   86.501629][ T5830] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link
[   86.510958][ T5822] Bluetooth: hci3: command tx timeout
[   86.518918][ T5824] team0: Port device team_slave_1 added
[   86.524644][ T5142] Bluetooth: hci2: command tx timeout
[   86.524913][ T5822] Bluetooth: hci4: command tx timeout
[   86.537595][ T5819] batman_adv: batadv0: Adding interface: batadv_slave_1
[   86.544853][ T5819] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[   86.571221][ T5819] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active
[   86.611999][ T5830] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link
[   86.675920][ T5833] team0: Port device team_slave_0 added
[   86.685221][ T5833] team0: Port device team_slave_1 added
[   86.691753][ T5823] batman_adv: batadv0: Adding interface: batadv_slave_0
[   86.698719][ T5823] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[   86.725196][ T5823] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active
[   86.738994][ T5823] batman_adv: batadv0: Adding interface: batadv_slave_1
[   86.746148][ T5823] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[   86.772129][ T5823] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active
[   86.797729][ T5824] batman_adv: batadv0: Adding interface: batadv_slave_0
[   86.805103][ T5824] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[   86.831447][ T5824] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active
[   86.867581][ T5830] team0: Port device team_slave_0 added
[   86.875284][ T5824] batman_adv: batadv0: Adding interface: batadv_slave_1
[   86.882486][ T5824] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[   86.908749][ T5824] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active
[   86.949224][ T5830] team0: Port device team_slave_1 added
[   86.986215][ T5833] batman_adv: batadv0: Adding interface: batadv_slave_0
[   86.994730][ T5833] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[   87.025761][ T5833] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active
[   87.039657][ T5833] batman_adv: batadv0: Adding interface: batadv_slave_1
[   87.051910][ T5833] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[   87.082908][ T5833] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active
[   87.172671][ T5819] hsr_slave_0: entered promiscuous mode
[   87.179596][ T5819] hsr_slave_1: entered promiscuous mode
[   87.266009][ T5830] batman_adv: batadv0: Adding interface: batadv_slave_0
[   87.273690][ T5830] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[   87.300353][ T5830] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active
[   87.314251][ T5830] batman_adv: batadv0: Adding interface: batadv_slave_1
[   87.321598][ T5830] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[   87.347873][ T5830] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active
[   87.387475][ T5823] hsr_slave_0: entered promiscuous mode
[   87.395979][ T5823] hsr_slave_1: entered promiscuous mode
[   87.403338][ T5823] debugfs: Directory 'hsr0' with parent 'hsr' already present!
[   87.411443][ T5823] Cannot create hsr debugfs directory
[   87.453846][ T5824] hsr_slave_0: entered promiscuous mode
[   87.460972][ T5824] hsr_slave_1: entered promiscuous mode
[   87.467164][ T5824] debugfs: Directory 'hsr0' with parent 'hsr' already present!
[   87.476374][ T5824] Cannot create hsr debugfs directory
[   87.503617][ T5833] hsr_slave_0: entered promiscuous mode
[   87.509955][ T5833] hsr_slave_1: entered promiscuous mode
[   87.516944][ T5833] debugfs: Directory 'hsr0' with parent 'hsr' already present!
[   87.524555][ T5833] Cannot create hsr debugfs directory
[   87.695052][ T5830] hsr_slave_0: entered promiscuous mode
[   87.702436][ T5830] hsr_slave_1: entered promiscuous mode
[   87.708564][ T5830] debugfs: Directory 'hsr0' with parent 'hsr' already present!
[   87.716555][ T5830] Cannot create hsr debugfs directory
[   88.252233][ T5823] netdevsim netdevsim2 netdevsim0: renamed from eth0
[   88.267883][ T5823] netdevsim netdevsim2 netdevsim1: renamed from eth1
[   88.295430][ T5823] netdevsim netdevsim2 netdevsim2: renamed from eth2
[   88.314411][ T5823] netdevsim netdevsim2 netdevsim3: renamed from eth3
[   88.365574][ T5833] netdevsim netdevsim0 netdevsim0: renamed from eth0
[   88.378625][ T5833] netdevsim netdevsim0 netdevsim1: renamed from eth1
[   88.404072][ T5833] netdevsim netdevsim0 netdevsim2: renamed from eth2
[   88.415743][ T5833] netdevsim netdevsim0 netdevsim3: renamed from eth3
[   88.437158][ T5822] Bluetooth: hci1: command tx timeout
[   88.489288][ T5824] netdevsim netdevsim3 netdevsim0: renamed from eth0
[   88.505362][ T5824] netdevsim netdevsim3 netdevsim1: renamed from eth1
[   88.520562][ T5822] Bluetooth: hci0: command tx timeout
[   88.529009][ T5824] netdevsim netdevsim3 netdevsim2: renamed from eth2
[   88.576116][ T5824] netdevsim netdevsim3 netdevsim3: renamed from eth3
[   88.590823][ T5822] Bluetooth: hci4: command tx timeout
[   88.596377][ T5822] Bluetooth: hci2: command tx timeout
[   88.602089][ T5142] Bluetooth: hci3: command tx timeout
[   88.676582][ T5830] netdevsim netdevsim4 netdevsim0: renamed from eth0
[   88.687883][ T5830] netdevsim netdevsim4 netdevsim1: renamed from eth1
[   88.699619][ T5830] netdevsim netdevsim4 netdevsim2: renamed from eth2
[   88.713605][ T5830] netdevsim netdevsim4 netdevsim3: renamed from eth3
[   88.807970][ T5819] netdevsim netdevsim1 netdevsim0: renamed from eth0
[   88.829066][ T5819] netdevsim netdevsim1 netdevsim1: renamed from eth1
[   88.864091][ T5819] netdevsim netdevsim1 netdevsim2: renamed from eth2
[   88.876144][ T5819] netdevsim netdevsim1 netdevsim3: renamed from eth3
[   88.942445][ T5833] 8021q: adding VLAN 0 to HW filter on device bond0
[   89.012811][ T5833] 8021q: adding VLAN 0 to HW filter on device team0
[   89.049349][   T49] bridge0: port 1(bridge_slave_0) entered blocking state
[   89.056665][   T49] bridge0: port 1(bridge_slave_0) entered forwarding state
[   89.079378][ T5824] 8021q: adding VLAN 0 to HW filter on device bond0
[   89.096154][   T49] bridge0: port 2(bridge_slave_1) entered blocking state
[   89.103379][   T49] bridge0: port 2(bridge_slave_1) entered forwarding state
[   89.130760][ T5823] 8021q: adding VLAN 0 to HW filter on device bond0
[   89.168939][ T5824] 8021q: adding VLAN 0 to HW filter on device team0
[   89.211848][ T5830] 8021q: adding VLAN 0 to HW filter on device bond0
[   89.244351][   T49] bridge0: port 1(bridge_slave_0) entered blocking state
[   89.251546][   T49] bridge0: port 1(bridge_slave_0) entered forwarding state
[   89.261932][   T49] bridge0: port 2(bridge_slave_1) entered blocking state
[   89.269188][   T49] bridge0: port 2(bridge_slave_1) entered forwarding state
[   89.294589][ T5823] 8021q: adding VLAN 0 to HW filter on device team0
[   89.332732][   T49] bridge0: port 1(bridge_slave_0) entered blocking state
[   89.339918][   T49] bridge0: port 1(bridge_slave_0) entered forwarding state
[   89.393039][ T5830] 8021q: adding VLAN 0 to HW filter on device team0
[   89.413325][   T49] bridge0: port 2(bridge_slave_1) entered blocking state
[   89.420570][   T49] bridge0: port 2(bridge_slave_1) entered forwarding state
[   89.446264][ T5819] 8021q: adding VLAN 0 to HW filter on device bond0
[   89.481983][   T59] bridge0: port 1(bridge_slave_0) entered blocking state
[   89.489122][   T59] bridge0: port 1(bridge_slave_0) entered forwarding state
[   89.513259][ T1328] bridge0: port 2(bridge_slave_1) entered blocking state
[   89.520417][ T1328] bridge0: port 2(bridge_slave_1) entered forwarding state
[   89.621662][ T5819] 8021q: adding VLAN 0 to HW filter on device team0
[   89.696493][ T1328] bridge0: port 1(bridge_slave_0) entered blocking state
[   89.703763][ T1328] bridge0: port 1(bridge_slave_0) entered forwarding state
[   89.765236][ T5830] hsr0: Slave B (hsr_slave_1) is not up; please bring it up to get a fully working HSR network
[   89.801148][   T49] bridge0: port 2(bridge_slave_1) entered blocking state
[   89.808417][   T49] bridge0: port 2(bridge_slave_1) entered forwarding state
[   90.226115][ T5833] 8021q: adding VLAN 0 to HW filter on device batadv0
[   90.359831][ T5824] 8021q: adding VLAN 0 to HW filter on device batadv0
[   90.466788][ T5823] 8021q: adding VLAN 0 to HW filter on device batadv0
[   90.494624][ T5830] 8021q: adding VLAN 0 to HW filter on device batadv0
[   90.517455][ T5822] Bluetooth: hci1: command tx timeout
[   90.526261][ T5833] veth0_vlan: entered promiscuous mode
[   90.542110][ T5833] veth1_vlan: entered promiscuous mode
[   90.582914][ T5833] veth0_macvtap: entered promiscuous mode
[   90.590479][ T5822] Bluetooth: hci0: command tx timeout
[   90.600607][ T5833] veth1_macvtap: entered promiscuous mode
[   90.626246][ T5833] batman_adv: batadv0: Interface activated: batadv_slave_0
[   90.639992][ T5833] batman_adv: batadv0: Interface activated: batadv_slave_1
[   90.667508][ T5833] netdevsim netdevsim0 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0
[   90.677946][ T5822] Bluetooth: hci4: command tx timeout
[   90.683851][ T5142] Bluetooth: hci2: command tx timeout
[   90.683865][   T51] Bluetooth: hci3: command tx timeout
[   90.702310][ T5833] netdevsim netdevsim0 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0
[   90.711618][ T5833] netdevsim netdevsim0 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0
[   90.721446][ T5833] netdevsim netdevsim0 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0
[   90.788530][ T5824] veth0_vlan: entered promiscuous mode
[   90.903329][ T5824] veth1_vlan: entered promiscuous mode
[   90.938940][ T5823] veth0_vlan: entered promiscuous mode
[   90.975734][ T5819] 8021q: adding VLAN 0 to HW filter on device batadv0
[   91.037686][ T5823] veth1_vlan: entered promiscuous mode
[   91.097834][ T1328] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[   91.134788][ T1328] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50
[   91.144200][ T5824] veth0_macvtap: entered promiscuous mode
[   91.209628][ T5824] veth1_macvtap: entered promiscuous mode
[   91.243123][ T5823] veth0_macvtap: entered promiscuous mode
[   91.274712][ T1328] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[   91.283936][ T1328] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50
[   91.297273][ T5823] veth1_macvtap: entered promiscuous mode
[   91.328786][ T5830] veth0_vlan: entered promiscuous mode
[   91.338494][ T5819] veth0_vlan: entered promiscuous mode
[   91.347637][ T5824] batman_adv: batadv0: Interface activated: batadv_slave_0
[   91.399212][ T5824] batman_adv: batadv0: Interface activated: batadv_slave_1
[   91.418004][ T5823] batman_adv: batadv0: Interface activated: batadv_slave_0
[   91.425328][ T5833] soft_limit_in_bytes is deprecated and will be removed. Please report your usecase to linux-mm@kvack.org if you depend on this functionality.
[   91.445656][ T5830] veth1_vlan: entered promiscuous mode
[   91.455062][ T5819] veth1_vlan: entered promiscuous mode
[   91.467233][ T5824] netdevsim netdevsim3 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0
[   91.479379][ T5824] netdevsim netdevsim3 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0
[   91.488452][ T5824] netdevsim netdevsim3 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0
[   91.497484][ T5824] netdevsim netdevsim3 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0
[   91.534744][ T5823] batman_adv: batadv0: Interface activated: batadv_slave_1
[   91.584018][ T5823] netdevsim netdevsim2 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0
[   91.595760][ T5823] netdevsim netdevsim2 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0
[   91.605450][ T5823] netdevsim netdevsim2 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0
[   91.614325][ T5823] netdevsim netdevsim2 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0
[   91.706317][ T5830] veth0_macvtap: entered promiscuous mode
[   91.718957][ T5830] veth1_macvtap: entered promiscuous mode
[   91.796631][ T5819] veth0_macvtap: entered promiscuous mode
[   91.814368][ T5819] veth1_macvtap: entered promiscuous mode
[   91.908755][ T5830] batman_adv: batadv0: Interface activated: batadv_slave_0
[   91.931312][ T5830] batman_adv: batadv0: Interface activated: batadv_slave_1
[   91.964125][ T5819] batman_adv: batadv0: Interface activated: batadv_slave_0
[   91.999191][ T5918] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[   92.005660][ T5819] batman_adv: batadv0: Interface activated: batadv_slave_1
[   92.014758][ T5918] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50
[   92.052547][ T5819] netdevsim netdevsim1 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0
[   92.061832][ T5819] netdevsim netdevsim1 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0
[   92.077767][ T5819] netdevsim netdevsim1 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0
[   92.087145][ T5819] netdevsim netdevsim1 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0
[   92.098405][ T1328] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[   92.099359][ T5830] netdevsim netdevsim4 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0
[   92.107041][ T1328] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50
[   92.122422][  T978] cfg80211: failed to load regulatory.db
[   92.123569][   T10] usb 1-1: new high-speed USB device number 2 using dummy_hcd
[   92.129167][ T5830] netdevsim netdevsim4 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0
[   92.149443][ T5830] netdevsim netdevsim4 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0
[   92.158365][ T5830] netdevsim netdevsim4 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0
[   92.232424][ T1328] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[   92.241430][ T1328] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50
[   92.293402][   T10] usb 1-1: config 0 has an invalid interface number: 1 but max is 0
[   92.312351][   T49] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[   92.331303][   T10] usb 1-1: config 0 has no interface number 0
[   92.341934][   T49] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50
[   92.351996][   T10] usb 1-1: New USB device found, idVendor=18b4, idProduct=fffb, bcdDevice=dc.7b
[   92.382639][   T10] usb 1-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[   92.425959][   T10] usb 1-1: Product: syz
[   92.432125][   T10] usb 1-1: Manufacturer: syz
[   92.447250][   T10] usb 1-1: SerialNumber: syz
[   92.483206][   T10] usb 1-1: config 0 descriptor??
[   92.542753][   T49] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[   92.573763][   T49] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50
[   92.592469][   T51] Bluetooth: hci1: command tx timeout
[   92.610332][ T1328] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[   92.618214][ T1328] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50
[   92.670821][   T51] Bluetooth: hci0: command tx timeout
[   92.719400][   T10] usb 1-1: dvb_usb_v2: found a 'E3C EC168 reference design' in warm state
[   92.744127][   T10] usb 1-1: dvb_usb_v2: will pass the complete MPEG2 transport stream to the software demuxer
[   92.759560][   T51] Bluetooth: hci3: command tx timeout
[   92.765238][   T51] Bluetooth: hci4: command tx timeout
[   92.765287][ T5822] Bluetooth: hci2: command tx timeout
[   92.771618][   T10] dvbdev: DVB: registering new adapter (E3C EC168 reference design)
[   92.785289][   T10] usb 1-1: media controller created
[   92.838635][   T10] dvbdev: dvb_create_media_entity: media entity 'dvb-demux' registered.
[   92.881559][ T1328] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[   92.895630][ T1328] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50
[   92.978343][ T5953] kvm_intel: L1TF CPU bug present and SMT on, data leak possible. See CVE-2018-3646 and https://www.kernel.org/doc/html/latest/admin-guide/hw-vuln/l1tf.html for details.
[   93.012475][   T10] i2c i2c-1: ec100: i2c rd failed=-71 reg=33
[   93.037663][ T1328] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[   93.078742][ T1328] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50
[   93.143618][   T10] usb 1-1: USB disconnect, device number 2
[   93.619870][ T5967] binder: 5966:5967 ioctl c0306201 200000000a00 returned -14
[   94.539462][ T5985] netlink: 'syz.2.16': attribute type 4 has an invalid length.
[   94.708081][ T5822] Bluetooth: hci4: unexpected cc 0x0c5b length: 5 > 1
[   95.030475][ T5942] usb 4-1: new high-speed USB device number 2 using dummy_hcd
[   95.154736][ T5993] team0 (unregistering): Port device team_slave_0 removed
[   95.181293][ T5993] team0 (unregistering): Port device team_slave_1 removed
[   95.197456][ T5942] usb 4-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7
[   95.222471][ T5942] usb 4-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0
[   95.254515][ T5942] usb 4-1: New USB device found, idVendor=1b96, idProduct=000f, bcdDevice= 0.00
[   95.275951][ T5942] usb 4-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[   95.303462][ T5942] usb 4-1: config 0 descriptor??
[   95.735101][ T5942] ntrig 0003:1B96:000F.0001: unknown main item tag 0x0
[   95.795830][ T5942] ntrig 0003:1B96:000F.0001: hidraw0: USB HID v0.00 Device [HID 1b96:000f] on usb-dummy_hcd.3-1/input0
[   95.926542][ T5942] ntrig 0003:1B96:000F.0001: Firmware version: 5.10.12.37.6 (a9eb a68c)
[   96.148791][ T5876] usb 4-1: USB disconnect, device number 2
[   96.702088][   T10] usb 3-1: new high-speed USB device number 2 using dummy_hcd
[   96.709806][ T5876] usb 5-1: new high-speed USB device number 2 using dummy_hcd
[   96.900380][   T10] usb 3-1: Using ep0 maxpacket: 8
[   96.906017][ T5876] usb 5-1: Using ep0 maxpacket: 32
[   96.926166][ T5876] usb 5-1: config 0 has an invalid interface number: 1 but max is 0
[   96.935142][   T10] usb 3-1: New USB device found, idVendor=04a5, idProduct=3003, bcdDevice=3a.b2
[   96.944470][ T5876] usb 5-1: config 0 has no interface number 0
[   96.953111][   T10] usb 3-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[   97.027056][ T5876] usb 5-1: config 0 interface 1 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7
[   97.038117][   T10] usb 3-1: Product: syz
[   97.042594][   T10] usb 3-1: Manufacturer: syz
[   97.047259][   T10] usb 3-1: SerialNumber: syz
[   97.060375][ T5876] usb 5-1: config 0 interface 1 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0
[   97.081233][   T10] usb 3-1: config 0 descriptor??
[   97.090386][ T5876] usb 5-1: New USB device found, idVendor=28bd, idProduct=0094, bcdDevice= 0.00
[   97.114689][ T5876] usb 5-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[   97.157212][ T5876] usb 5-1: config 0 descriptor??
[   97.319637][   T10] gspca_main: sunplus-2.14.0 probing 04a5:3003
[   97.519612][   T10] gspca_sunplus: reg_w_riv err -71
[   97.532087][   T10] sunplus 3-1:0.0: probe with driver sunplus failed with error -71
[   97.551651][   T10] usb 3-1: USB disconnect, device number 2
[   97.962524][ T5876] uclogic 0003:28BD:0094.0002: pen parameters not found
[   97.974949][ T5876] uclogic 0003:28BD:0094.0002: interface is invalid, ignoring
[   98.188044][ T5876] usb 5-1: USB disconnect, device number 2
[   98.275211][ T6061] Bluetooth: MGMT ver 1.23
[   98.280626][ T6061] Bluetooth: hci0: service_discovery: expected 4 bytes, got 7 bytes
[   99.473597][   T30] audit: type=1326 audit(1749870715.604:2): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=6083 comm="syz.1.55" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7feb08d8e929 code=0x7ffc0000
[   99.513712][   T30] audit: type=1326 audit(1749870715.604:3): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=6083 comm="syz.1.55" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7feb08d8e929 code=0x7ffc0000
[   99.542144][   T30] audit: type=1326 audit(1749870715.624:4): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=6083 comm="syz.1.55" exe="/root/syz-executor" sig=0 arch=c000003e syscall=257 compat=0 ip=0x7feb08d8e929 code=0x7ffc0000
[   99.583635][   T30] audit: type=1326 audit(1749870715.624:5): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=6083 comm="syz.1.55" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7feb08d8e929 code=0x7ffc0000
[   99.785748][   T30] audit: type=1326 audit(1749870715.624:6): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=6083 comm="syz.1.55" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7feb08d8e929 code=0x7ffc0000
[   99.835930][   T30] audit: type=1326 audit(1749870715.634:7): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=6083 comm="syz.1.55" exe="/root/syz-executor" sig=0 arch=c000003e syscall=285 compat=0 ip=0x7feb08d8e929 code=0x7ffc0000
[   99.886937][   T30] audit: type=1326 audit(1749870715.704:8): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=6083 comm="syz.1.55" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7feb08d8e929 code=0x7ffc0000
[   99.935758][ T6090] Bluetooth: hci0: service_discovery: expected 4 bytes, got 7 bytes
[  101.470197][ T5895] usb 4-1: new high-speed USB device number 3 using dummy_hcd
[  101.620208][ T5895] usb 4-1: Using ep0 maxpacket: 16
[  101.637379][ T5895] usb 4-1: New USB device found, idVendor=17ef, idProduct=721e, bcdDevice=de.06
[  101.670406][ T5895] usb 4-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  101.707121][ T5895] usb 4-1: Product: syz
[  102.563164][ T5895] usb 4-1: Manufacturer: syz
[  102.567850][ T5895] usb 4-1: SerialNumber: syz
[  102.591064][ T5895] r8152-cfgselector 4-1: Unknown version 0x0000
[  102.597404][ T5895] r8152-cfgselector 4-1: config 0 descriptor??
[  102.859175][ T5895] r8152-cfgselector 4-1: Unknown version 0x0000
[  102.890540][ T5895] r8152-cfgselector 4-1: bad CDC descriptors
[  102.923290][ T5895] r8152-cfgselector 4-1: USB disconnect, device number 3
[  103.200204][ T5902] usb 1-1: new high-speed USB device number 3 using dummy_hcd
[  103.350425][ T5902] usb 1-1: Using ep0 maxpacket: 8
[  103.366863][ T5902] usb 1-1: New USB device found, idVendor=04a5, idProduct=3003, bcdDevice=3a.b2
[  103.385176][ T5902] usb 1-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  103.394174][ T5902] usb 1-1: Product: syz
[  103.398494][ T5902] usb 1-1: Manufacturer: syz
[  103.404452][ T5902] usb 1-1: SerialNumber: syz
[  103.418489][ T5902] usb 1-1: config 0 descriptor??
[  103.509266][ T5822] block nbd2: Receive control failed (result -32)
[  103.516678][ T6145] block nbd2: shutting down sockets
[  103.653656][ T5902] gspca_main: sunplus-2.14.0 probing 04a5:3003
[  103.696732][ T6162] overlayfs: failed to resolve './file1': -2
[  103.869519][ T5902] gspca_sunplus: reg_w_riv err -71
[  103.883328][ T5902] sunplus 1-1:0.0: probe with driver sunplus failed with error -71
[  103.919921][ T6164] netdevsim netdevsim2: Direct firmware load for  failed with error -2
[  103.925054][ T5902] usb 1-1: USB disconnect, device number 3
[  103.980354][ T6171] netlink: 14 bytes leftover after parsing attributes in process `syz.2.84'.
[  104.005262][ T6164] netdevsim netdevsim2: Falling back to sysfs fallback for: 
[  104.055555][ T6171] hsr_slave_0: left promiscuous mode
[  104.069293][ T6171] hsr_slave_1: left promiscuous mode
[  104.126655][ T6172] netlink: 'syz.4.87': attribute type 4 has an invalid length.
[  104.157228][ T6172] netlink: 'syz.4.87': attribute type 4 has an invalid length.
[  105.266224][ T6183] netlink: 4 bytes leftover after parsing attributes in process `syz.2.91'.
[  105.296123][ T6183] netlink: 4 bytes leftover after parsing attributes in process `syz.2.91'.
[  105.338170][ T6183] netlink: 4 bytes leftover after parsing attributes in process `syz.2.91'.
[  105.813177][ T6183] netlink: 4 bytes leftover after parsing attributes in process `syz.2.91'.
[  105.902887][ T6183] netlink: 4 bytes leftover after parsing attributes in process `syz.2.91'.
[  105.903004][ T6183] netlink: 4 bytes leftover after parsing attributes in process `syz.2.91'.
[  106.283004][ T6196] block nbd4: shutting down sockets
[  109.225126][ T6224] Bluetooth: hci0: service_discovery: expected 4 bytes, got 7 bytes
[  110.595644][ T5822] block nbd1: Receive control failed (result -32)
[  110.605135][ T6238] block nbd1: shutting down sockets
[  110.640113][ T5895] usb 1-1: new high-speed USB device number 4 using dummy_hcd
[  112.780449][ T5895] usb 1-1: config 1 has an invalid descriptor of length 0, skipping remainder of the config
[  113.420242][ T6257] netlink: 4 bytes leftover after parsing attributes in process `syz.1.117'.
[  113.460164][ T5895] usb 1-1: config 1 has 1 interface, different from the descriptor's value: 3
[  113.467608][ T5895] usb 1-1: New USB device found, idVendor=08b7, idProduct=0000, bcdDevice= 0.00
[  113.467685][ T5895] usb 1-1: New USB device strings: Mfr=0, Product=0, SerialNumber=3
[  113.467757][ T5895] usb 1-1: SerialNumber: syz
[  113.917400][ T5895] usb 1-1: can't set config #1, error -71
[  113.964629][ T5895] usb 1-1: USB disconnect, device number 4
[  114.559811][ T6267] syz.4.120 calls setitimer() with new_value NULL pointer. Misfeature support will be removed
[  119.385902][ T6313] netlink: 4 bytes leftover after parsing attributes in process `syz.4.135'.
[  120.063893][ T6312] Zero length message leads to an empty skb
[  120.213744][ T6316] process 'syz.3.139' launched '/dev/fd/4' with NULL argv: empty string added
[  120.248524][ T6316] UDPLite6: UDP-Lite is deprecated and scheduled to be removed in 2025, please contact the netdev mailing list
[  121.840379][ T5942] usb 4-1: new high-speed USB device number 4 using dummy_hcd
[  122.012060][ T5942] usb 4-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7
[  122.033325][ T5942] usb 4-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0
[  122.052392][ T5942] usb 4-1: New USB device found, idVendor=1b96, idProduct=000f, bcdDevice= 0.00
[  122.070221][ T5942] usb 4-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  122.159785][ T5942] usb 4-1: config 0 descriptor??
[  122.615987][ T5942] usbhid 4-1:0.0: can't add hid device: -71
[  122.663577][ T5942] usbhid 4-1:0.0: probe with driver usbhid failed with error -71
[  122.746534][ T5942] usb 4-1: USB disconnect, device number 4
[  123.240561][ T6358] netlink: 'syz.0.154': attribute type 4 has an invalid length.
[  124.201201][ T5942] usb 3-1: new high-speed USB device number 3 using dummy_hcd
[  125.240198][ T5942] usb 3-1: Using ep0 maxpacket: 32
[  125.263646][ T5942] usb 3-1: config 0 has an invalid interface number: 1 but max is 0
[  125.295355][ T5942] usb 3-1: config 0 has no interface number 0
[  125.323209][ T5942] usb 3-1: config 0 interface 1 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7
[  125.411507][ T5942] usb 3-1: config 0 interface 1 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0
[  125.473943][ T5942] usb 3-1: New USB device found, idVendor=28bd, idProduct=0094, bcdDevice= 0.00
[  125.548587][ T5942] usb 3-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  125.667721][ T5942] usb 3-1: config 0 descriptor??
[  126.033600][ T6379] netlink: 48 bytes leftover after parsing attributes in process `syz.4.159'.
[  126.045199][ T6379] tc_dump_action: action bad kind
[  126.315315][ T5943] libceph: connect (1)[c::]:6789 error -101
[  126.336783][ T5942] uclogic 0003:28BD:0094.0003: pen parameters not found
[  126.365269][ T5943] libceph: mon0 (1)[c::]:6789 connect error
[  126.377829][ T5942] uclogic 0003:28BD:0094.0003: interface is invalid, ignoring
[  126.393223][ T5943] libceph: connect (1)[c::]:6789 error -101
[  126.424501][ T5943] libceph: mon0 (1)[c::]:6789 connect error
[  126.540745][ T5943] usb 3-1: USB disconnect, device number 3
[  126.710177][ T5942] libceph: connect (1)[c::]:6789 error -101
[  126.729204][ T5942] libceph: mon0 (1)[c::]:6789 connect error
[  127.068805][ T6381] ceph: No mds server is up or the cluster is laggy
[  127.395183][ T6395] tmpfs: Bad value for 'mpol'
[  127.534261][ T6397] netlink: 'syz.0.166': attribute type 4 has an invalid length.
[  127.836432][ T5822] Bluetooth: hci4: Ignoring connect complete event for invalid link type
[  128.834704][ T6410] netlink: 8 bytes leftover after parsing attributes in process `syz.4.171'.
[  129.272242][ T5942] libceph: connect (1)[c::]:6789 error -101
[  129.278396][ T5942] libceph: mon0 (1)[c::]:6789 connect error
[  129.749813][ T5942] libceph: connect (1)[c::]:6789 error -101
[  129.800617][ T5942] libceph: mon0 (1)[c::]:6789 connect error
[  129.930231][ T6419] ceph: No mds server is up or the cluster is laggy
[  130.234128][ T6434] netlink: 'syz.1.178': attribute type 4 has an invalid length.
[  130.260440][ T5822] Bluetooth: hci2: Ignoring connect complete event for invalid link type
[  130.965795][   T10] usb 2-1: new high-speed USB device number 2 using dummy_hcd
[  131.270437][   T10] usb 2-1: Using ep0 maxpacket: 8
[  132.030919][    T0] NOHZ tick-stop error: local softirq work is pending, handler #100!!!
[  132.113455][   T10] usb 2-1: New USB device found, idVendor=04a5, idProduct=3003, bcdDevice=3a.b2
[  132.123742][    T0] NOHZ tick-stop error: local softirq work is pending, handler #40!!!
[  132.181770][   T10] usb 2-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  132.189930][   T10] usb 2-1: Product: syz
[  132.260154][   T10] usb 2-1: Manufacturer: syz
[  132.265430][   T10] usb 2-1: SerialNumber: syz
[  132.287263][   T10] usb 2-1: config 0 descriptor??
[  132.569986][   T10] gspca_main: sunplus-2.14.0 probing 04a5:3003
[  133.123096][ T1303] ieee802154 phy0 wpan0: encryption failed: -22
[  133.230068][ T1303] ieee802154 phy1 wpan1: encryption failed: -22
[  133.650213][   T10] gspca_sunplus: reg_w_riv err -71
[  133.660592][   T10] sunplus 2-1:0.0: probe with driver sunplus failed with error -71
[  133.715012][   T10] usb 2-1: USB disconnect, device number 2
[  133.821453][ T6475] netlink: 'syz.4.193': attribute type 4 has an invalid length.
[  134.220230][ T5902] usb 3-1: new high-speed USB device number 4 using dummy_hcd
[  134.451530][ T5902] usb 3-1: Using ep0 maxpacket: 32
[  134.488184][ T5902] usb 3-1: config 0 interface 0 altsetting 0 bulk endpoint 0x85 has invalid maxpacket 9
[  134.555738][ T5902] usb 3-1: New USB device found, idVendor=14c8, idProduct=0003, bcdDevice= 5.6c
[  134.581885][ T5902] usb 3-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  134.634524][ T5902] usb 3-1: Product: syz
[  134.657665][ T5902] usb 3-1: Manufacturer: syz
[  134.692179][ T5902] usb 3-1: SerialNumber: syz
[  134.827340][ T5902] usb 3-1: config 0 descriptor??
[  134.865133][ T6477] raw-gadget.0 gadget.2: fail, usb_ep_enable returned -22
[  134.918316][ T5902] input: syz syz as /devices/platform/dummy_hcd.2/usb3/3-1/3-1:0.0/input/input7
[  135.291618][ T6490] syz.4.199: attempt to access beyond end of device
[  135.291618][ T6490] loop0: rw=2048, sector=0, nr_sectors = 8 limit=0
[  135.456391][ T5895] usb 3-1: USB disconnect, device number 4
[  135.462448][    C1] usbtouchscreen 3-1:0.0: usbtouch_irq - usb_submit_urb failed with result: -19
[  135.970622][ T5902] usb 5-1: new high-speed USB device number 3 using dummy_hcd
[  136.140469][ T5902] usb 5-1: Using ep0 maxpacket: 32
[  136.168000][ T5902] usb 5-1: config 0 has an invalid interface number: 12 but max is 0
[  136.188122][ T5902] usb 5-1: config 0 has no interface number 0
[  136.430557][ T5902] usb 5-1: config 0 interface 12 has no altsetting 0
[  136.455212][ T5902] usb 5-1: New USB device found, idVendor=2c42, idProduct=1202, bcdDevice=85.40
[  136.476555][ T5902] usb 5-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  136.540367][ T5902] usb 5-1: Product: syz
[  136.558500][ T5902] usb 5-1: Manufacturer: syz
[  136.575536][ T5902] usb 5-1: SerialNumber: syz
[  136.625913][ T5902] usb 5-1: config 0 descriptor??
[  137.000537][ T5895] usb 2-1: new high-speed USB device number 3 using dummy_hcd
[  137.180118][ T5895] usb 2-1: Using ep0 maxpacket: 16
[  137.229611][ T5895] usb 2-1: New USB device found, idVendor=06be, idProduct=a232, bcdDevice=33.f3
[  137.249270][ T5895] usb 2-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  137.289685][ T5895] usb 2-1: Product: syz
[  137.309981][ T5895] usb 2-1: Manufacturer: syz
[  137.315014][ T5895] usb 2-1: SerialNumber: syz
[  137.372573][ T5895] usb 2-1: config 0 descriptor??
[  137.962784][ T5895] dvb-usb: found a 'AME DTV-5100 USB2.0 DVB-T' in warm state.
[  138.228221][ T5895] dvb-usb: will pass the complete MPEG2 transport stream to the software demuxer.
[  138.250930][ T5895] dvbdev: DVB: registering new adapter (AME DTV-5100 USB2.0 DVB-T)
[  138.259071][ T5895] usb 2-1: media controller created
[  138.971224][ T5902] f81534 5-1:0.12: f81534_set_register: reg: 1002 data: 0 failed: -71
[  139.018947][ T5895] dvbdev: dvb_create_media_entity: media entity 'dvb-demux' registered.
[  139.039926][ T5902] f81534 5-1:0.12: f81534_find_config_idx: read failed: -71
[  139.090117][ T5902] f81534 5-1:0.12: f81534_calc_num_ports: find idx failed: -71
[  139.121584][ T5902] f81534 5-1:0.12: probe with driver f81534 failed with error -71
[  139.180879][ T5902] usb 5-1: USB disconnect, device number 3
[  139.227742][ T5895] zl10353_read_register: readreg error (reg=127, ret==0)
[  139.253027][ T5895] dvb-usb: no frontend was attached by 'AME DTV-5100 USB2.0 DVB-T'
[  139.287771][ T5895] dvb-usb: AME DTV-5100 USB2.0 DVB-T successfully initialized and connected.
[  139.319782][ T5895] usb 2-1: USB disconnect, device number 3
[  139.430200][ T5943] usb 3-1: new high-speed USB device number 5 using dummy_hcd
[  139.449540][ T5895] dvb-usb: AME DTV-5100 USB2.0 DVB-T successfully deinitialized and disconnected.
[  139.608718][ T5943] usb 3-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7
[  139.645827][ T5943] usb 3-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0
[  139.667416][ T5943] usb 3-1: New USB device found, idVendor=1b96, idProduct=000f, bcdDevice= 0.00
[  139.686893][ T5943] usb 3-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  139.733041][ T5943] usb 3-1: config 0 descriptor??
[  140.148217][ T5943] usbhid 3-1:0.0: can't add hid device: -71
[  140.168150][ T5943] usbhid 3-1:0.0: probe with driver usbhid failed with error -71
[  140.197393][ T5943] usb 3-1: USB disconnect, device number 5
[  142.604494][ T6565] 9pnet_fd: Insufficient options for proto=fd
[  142.840391][ T5895] usb 1-1: new high-speed USB device number 5 using dummy_hcd
[  145.106742][ T5895] usb 1-1: device not accepting address 5, error -71
[  146.706071][ T6600] 9pnet_fd: Insufficient options for proto=fd
[  146.720494][ T5895] usb 1-1: new high-speed USB device number 6 using dummy_hcd
[  147.622874][ T5895] usb 1-1: Using ep0 maxpacket: 8
[  147.656201][ T5895] usb 1-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7
[  147.680215][ T5895] usb 1-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0
[  147.701377][ T5895] usb 1-1: New USB device found, idVendor=056a, idProduct=0000, bcdDevice= 0.00
[  147.720745][ T5895] usb 1-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  147.740569][ T5895] usb 1-1: config 0 descriptor??
[  149.007043][  T978] usb 1-1: USB disconnect, device number 6
[  150.906287][ T6635] 9pnet_fd: Insufficient options for proto=fd
[  153.240095][ T5876] usb 4-1: new high-speed USB device number 5 using dummy_hcd
[  153.280102][   T10] usb 3-1: new high-speed USB device number 6 using dummy_hcd
[  153.412713][ T5876] usb 4-1: Using ep0 maxpacket: 32
[  153.430528][ T5876] usb 4-1: config 0 has an invalid interface number: 1 but max is 0
[  153.448938][ T5876] usb 4-1: config 0 has no interface number 0
[  153.459053][ T5876] usb 4-1: config 0 interface 1 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7
[  153.481564][   T10] usb 3-1: config 0 has an invalid interface number: 64 but max is 0
[  153.489712][   T10] usb 3-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config
[  153.500458][ T5876] usb 4-1: config 0 interface 1 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0
[  153.520390][   T10] usb 3-1: config 0 has no interface number 0
[  153.530077][ T5876] usb 4-1: New USB device found, idVendor=28bd, idProduct=0094, bcdDevice= 0.00
[  153.549547][ T5876] usb 4-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  153.571052][   T10] usb 3-1: New USB device found, idVendor=046d, idProduct=0823, bcdDevice= 0.07
[  153.580700][   T10] usb 3-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  153.588748][   T10] usb 3-1: Product: syz
[  153.595204][   T10] usb 3-1: Manufacturer: syz
[  153.599905][   T10] usb 3-1: SerialNumber: syz
[  153.611935][ T5876] usb 4-1: config 0 descriptor??
[  153.618588][   T10] usb 3-1: config 0 descriptor??
[  153.851947][   T10] usb 3-1: Found UVC 0.08 device syz (046d:0823)
[  153.858556][   T10] usb 3-1: No valid video chain found.
[  153.867100][   T10] usb 3-1: USB disconnect, device number 6
[  154.739296][ T6664] UDPLite: UDP-Lite is deprecated and scheduled to be removed in 2025, please contact the netdev mailing list
[  154.825638][ T5876] uclogic 0003:28BD:0094.0005: pen parameters not found
[  154.840903][ T5876] uclogic 0003:28BD:0094.0005: interface is invalid, ignoring
[  154.934208][ T6666] netlink: 4 bytes leftover after parsing attributes in process `syz.0.261'.
[  156.013081][ T5902] usb 4-1: USB disconnect, device number 5
[  157.970860][ T6691] 
[  157.973255][ T6691] ======================================================
[  157.980300][ T6691] WARNING: possible circular locking dependency detected
[  157.987340][ T6691] 6.16.0-rc1-syzkaller-00157-g02adc1490e6d #0 Not tainted
[  157.994474][ T6691] ------------------------------------------------------
[  158.001513][ T6691] syz.1.270/6691 is trying to acquire lock:
[  158.007425][ T6691] ffffffff8f868828 (uevent_sock_mutex){+.+.}-{4:4}, at: kobject_uevent_net_broadcast+0x27e/0x560
[  158.018015][ T6691] 
[  158.018015][ T6691] but task is already holding lock:
[  158.025494][ T6691] ffff888143303b58 (&q->q_usage_counter(io)#25){++++}-{0:0}, at: loop_set_status+0x227/0xaf0
[  158.035750][ T6691] 
[  158.035750][ T6691] which lock already depends on the new lock.
[  158.035750][ T6691] 
[  158.046175][ T6691] 
[  158.046175][ T6691] the existing dependency chain (in reverse order) is:
[  158.055219][ T6691] 
[  158.055219][ T6691] -> #2 (&q->q_usage_counter(io)#25){++++}-{0:0}:
[  158.063879][ T6691]        lock_acquire+0x120/0x360
[  158.068944][ T6691]        blk_alloc_queue+0x538/0x620
[  158.074271][ T6691]        __blk_mq_alloc_disk+0x162/0x340
[  158.079945][ T6691]        loop_add+0x41b/0xad0
[  158.084648][ T6691]        loop_init+0x173/0x230
[  158.089440][ T6691]        do_one_initcall+0x233/0x820
[  158.094776][ T6691]        do_initcall_level+0x137/0x1f0
[  158.100268][ T6691]        do_initcalls+0x69/0xd0
[  158.105150][ T6691]        kernel_init_freeable+0x3d9/0x570
[  158.110908][ T6691]        kernel_init+0x1d/0x1d0
[  158.115791][ T6691]        ret_from_fork+0x3fc/0x770
[  158.120939][ T6691]        ret_from_fork_asm+0x1a/0x30
[  158.126260][ T6691] 
[  158.126260][ T6691] -> #1 (fs_reclaim){+.+.}-{0:0}:
[  158.133517][ T6691]        lock_acquire+0x120/0x360
[  158.138595][ T6691]        fs_reclaim_acquire+0x72/0x100
[  158.144090][ T6691]        kmem_cache_alloc_node_noprof+0x47/0x3c0
[  158.150449][ T6691]        __alloc_skb+0x112/0x2d0
[  158.155413][ T6691]        alloc_uevent_skb+0x7d/0x230
[  158.160773][ T6691]        kobject_uevent_net_broadcast+0x2fa/0x560
[  158.167216][ T6691]        kobject_uevent_env+0x55b/0x8c0
[  158.172788][ T6691]        kobject_synth_uevent+0x527/0xb00
[  158.178519][ T6691]        bus_uevent_store+0x115/0x170
[  158.183897][ T6691]        kernfs_fop_write_iter+0x378/0x4f0
[  158.189712][ T6691]        vfs_write+0x548/0xa90
[  158.194484][ T6691]        ksys_write+0x145/0x250
[  158.199340][ T6691]        do_syscall_64+0xfa/0x3b0
[  158.204370][ T6691]        entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  158.210790][ T6691] 
[  158.210790][ T6691] -> #0 (uevent_sock_mutex){+.+.}-{4:4}:
[  158.218625][ T6691]        validate_chain+0xb9b/0x2140
[  158.223923][ T6691]        __lock_acquire+0xab9/0xd20
[  158.229132][ T6691]        lock_acquire+0x120/0x360
[  158.234164][ T6691]        __mutex_lock+0x182/0xe80
[  158.239192][ T6691]        kobject_uevent_net_broadcast+0x27e/0x560
[  158.245616][ T6691]        kobject_uevent_env+0x55b/0x8c0
[  158.251170][ T6691]        loop_set_status+0x4d3/0xaf0
[  158.256465][ T6691]        lo_ioctl+0xa5e/0x2410
[  158.261236][ T6691]        blkdev_ioctl+0x5a5/0x6d0
[  158.266275][ T6691]        __se_sys_ioctl+0xf9/0x170
[  158.271391][ T6691]        do_syscall_64+0xfa/0x3b0
[  158.276422][ T6691]        entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  158.282840][ T6691] 
[  158.282840][ T6691] other info that might help us debug this:
[  158.282840][ T6691] 
[  158.293074][ T6691] Chain exists of:
[  158.293074][ T6691]   uevent_sock_mutex --> fs_reclaim --> &q->q_usage_counter(io)#25
[  158.293074][ T6691] 
[  158.306824][ T6691]  Possible unsafe locking scenario:
[  158.306824][ T6691] 
[  158.314276][ T6691]        CPU0                    CPU1
[  158.319642][ T6691]        ----                    ----
[  158.325008][ T6691]   lock(&q->q_usage_counter(io)#25);
[  158.330398][ T6691]                                lock(fs_reclaim);
[  158.336908][ T6691]                                lock(&q->q_usage_counter(io)#25);
[  158.344821][ T6691]   lock(uevent_sock_mutex);
[  158.349423][ T6691] 
[  158.349423][ T6691]  *** DEADLOCK ***
[  158.349423][ T6691] 
[  158.357570][ T6691] 3 locks held by syz.1.270/6691:
[  158.362747][ T6691]  #0: ffff888143316400 (&lo->lo_mutex){+.+.}-{4:4}, at: loop_set_status+0x2c/0xaf0
[  158.372181][ T6691]  #1: ffff888143303b58 (&q->q_usage_counter(io)#25){++++}-{0:0}, at: loop_set_status+0x227/0xaf0
[  158.382818][ T6691]  #2: ffff888143303b90 (&q->q_usage_counter(queue)#19){+.+.}-{0:0}, at: loop_set_status+0x227/0xaf0
[  158.393721][ T6691] 
[  158.393721][ T6691] stack backtrace:
[  158.399612][ T6691] CPU: 0 UID: 0 PID: 6691 Comm: syz.1.270 Not tainted 6.16.0-rc1-syzkaller-00157-g02adc1490e6d #0 PREEMPT(full) 
[  158.399633][ T6691] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025
[  158.399642][ T6691] Call Trace:
[  158.399652][ T6691]  <TASK>
[  158.399659][ T6691]  dump_stack_lvl+0x189/0x250
[  158.399684][ T6691]  ? __pfx_dump_stack_lvl+0x10/0x10
[  158.399705][ T6691]  ? __pfx__printk+0x10/0x10
[  158.399721][ T6691]  ? print_lock_name+0xde/0x100
[  158.399746][ T6691]  print_circular_bug+0x2ee/0x310
[  158.399772][ T6691]  check_noncircular+0x134/0x160
[  158.399797][ T6691]  validate_chain+0xb9b/0x2140
[  158.399827][ T6691]  __lock_acquire+0xab9/0xd20
[  158.399848][ T6691]  ? kobject_uevent_net_broadcast+0x27e/0x560
[  158.399865][ T6691]  lock_acquire+0x120/0x360
[  158.399890][ T6691]  ? kobject_uevent_net_broadcast+0x27e/0x560
[  158.399911][ T6691]  __mutex_lock+0x182/0xe80
[  158.399925][ T6691]  ? kobject_uevent_net_broadcast+0x27e/0x560
[  158.399942][ T6691]  ? vsnprintf+0xe11/0xf00
[  158.399960][ T6691]  ? kobject_uevent_net_broadcast+0x27e/0x560
[  158.399977][ T6691]  ? __pfx___mutex_lock+0x10/0x10
[  158.399992][ T6691]  ? add_uevent_var+0x278/0x450
[  158.400013][ T6691]  ? kobject_uevent_env+0x50a/0x8c0
[  158.400029][ T6691]  ? __pfx_add_uevent_var+0x10/0x10
[  158.400045][ T6691]  kobject_uevent_net_broadcast+0x27e/0x560
[  158.400064][ T6691]  kobject_uevent_env+0x55b/0x8c0
[  158.400083][ T6691]  loop_set_status+0x4d3/0xaf0
[  158.400107][ T6691]  lo_ioctl+0xa5e/0x2410
[  158.400124][ T6691]  ? __kernel_text_address+0xd/0x40
[  158.400141][ T6691]  ? unwind_get_return_address+0x4d/0x90
[  158.400162][ T6691]  ? __pfx_stack_trace_consume_entry+0x10/0x10
[  158.400178][ T6691]  ? arch_stack_walk+0xfc/0x150
[  158.400203][ T6691]  ? __pfx_lo_ioctl+0x10/0x10
[  158.400224][ T6691]  ? __lock_acquire+0xab9/0xd20
[  158.400251][ T6691]  ? __lock_acquire+0xab9/0xd20
[  158.400272][ T6691]  ? __lock_acquire+0xab9/0xd20
[  158.400294][ T6691]  ? __lock_acquire+0xab9/0xd20
[  158.400316][ T6691]  ? __lock_acquire+0xab9/0xd20
[  158.400341][ T6691]  ? is_bpf_text_address+0x26/0x2b0
[  158.400363][ T6691]  ? is_bpf_text_address+0x292/0x2b0
[  158.400383][ T6691]  ? is_bpf_text_address+0x26/0x2b0
[  158.400404][ T6691]  ? kernel_text_address+0xa5/0xe0
[  158.400421][ T6691]  ? __kernel_text_address+0xd/0x40
[  158.400438][ T6691]  ? unwind_get_return_address+0x4d/0x90
[  158.400459][ T6691]  ? __pfx_stack_trace_consume_entry+0x10/0x10
[  158.400474][ T6691]  ? arch_stack_walk+0xfc/0x150
[  158.400499][ T6691]  ? stack_trace_save+0x9c/0xe0
[  158.400518][ T6691]  ? kasan_save_track+0x4f/0x80
[  158.400532][ T6691]  ? kasan_save_track+0x3e/0x80
[  158.400547][ T6691]  ? kasan_save_free_info+0x46/0x50
[  158.400568][ T6691]  ? __kasan_slab_free+0x62/0x70
[  158.400583][ T6691]  ? kfree+0x18e/0x440
[  158.400598][ T6691]  ? tomoyo_path_number_perm+0x47a/0x5a0
[  158.400616][ T6691]  ? security_file_ioctl+0xcb/0x2d0
[  158.400635][ T6691]  ? __se_sys_ioctl+0x47/0x170
[  158.400649][ T6691]  ? do_syscall_64+0xfa/0x3b0
[  158.400670][ T6691]  ? do_vfs_ioctl+0xf37/0x1990
[  158.400686][ T6691]  ? __pfx_do_vfs_ioctl+0x10/0x10
[  158.400703][ T6691]  ? kasan_quarantine_put+0xdd/0x220
[  158.400720][ T6691]  ? blkdev_common_ioctl+0xfc3/0x2450
[  158.400742][ T6691]  ? tomoyo_path_number_perm+0x1bc/0x5a0
[  158.400761][ T6691]  ? tomoyo_path_number_perm+0x1bc/0x5a0
[  158.400778][ T6691]  ? __pfx_blkdev_common_ioctl+0x10/0x10
[  158.400799][ T6691]  ? tomoyo_path_number_perm+0x4e2/0x5a0
[  158.400816][ T6691]  ? tomoyo_path_number_perm+0x1bc/0x5a0
[  158.400835][ T6691]  ? __pfx_tomoyo_path_number_perm+0x10/0x10
[  158.400858][ T6691]  ? __lock_acquire+0xab9/0xd20
[  158.400885][ T6691]  ? __asan_memset+0x22/0x50
[  158.400898][ T6691]  ? smack_file_ioctl+0x24a/0x340
[  158.400915][ T6691]  ? __pfx_smack_file_ioctl+0x10/0x10
[  158.400932][ T6691]  ? __pfx_lo_ioctl+0x10/0x10
[  158.400950][ T6691]  blkdev_ioctl+0x5a5/0x6d0
[  158.400971][ T6691]  ? __pfx_blkdev_ioctl+0x10/0x10
[  158.400991][ T6691]  ? __fget_files+0x2a/0x420
[  158.401011][ T6691]  ? bpf_lsm_file_ioctl+0x9/0x20
[  158.401032][ T6691]  ? __pfx_blkdev_ioctl+0x10/0x10
[  158.401052][ T6691]  __se_sys_ioctl+0xf9/0x170
[  158.401068][ T6691]  do_syscall_64+0xfa/0x3b0
[  158.401080][ T6691]  ? lockdep_hardirqs_on+0x9c/0x150
[  158.401102][ T6691]  ? entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  158.401117][ T6691]  ? clear_bhb_loop+0x60/0xb0
[  158.401133][ T6691]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  158.401148][ T6691] RIP: 0033:0x7feb08d8e929
[  158.401162][ T6691] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[  158.401175][ T6691] RSP: 002b:00007feb09cdb038 EFLAGS: 00000246 ORIG_RAX: 0000000000000010
[  158.401192][ T6691] RAX: ffffffffffffffda RBX: 00007feb08fb5fa0 RCX: 00007feb08d8e929
[  158.401203][ T6691] RDX: 00002000000001c0 RSI: 0000000000004c02 RDI: 0000000000000003
[  158.401213][ T6691] RBP: 00007feb08e10b39 R08: 0000000000000000 R09: 0000000000000000
[  158.401222][ T6691] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000
[  158.401231][ T6691] R13: 0000000000000000 R14: 00007feb08fb5fa0 R15: 00007fffed8b83c8
[  158.401247][ T6691]  </TASK>