last executing test programs:

39.510214766s ago: executing program 3 (id=3100):
r0 = syz_open_dev$sndctrl(&(0x7f0000000040), 0x0, 0x0)
r1 = syz_open_dev$sndctrl(&(0x7f0000000040), 0x0, 0x0)
ioctl$SNDRV_CTL_IOCTL_ELEM_ADD(r1, 0xc1105517, &(0x7f0000002580)={{0x0, 0x0, 0x0, 0x0, 'syz1\x00', 0xffffffff}, 0x5, 0x0, 0x1, 0x0, 0x0, 0x0, 'syz0\x00', 0x0})
ioctl$SNDRV_CTL_IOCTL_SUBSCRIBE_EVENTS(r0, 0xc0045516, &(0x7f0000000000)=0xffb)
ioctl$SNDRV_CTL_IOCTL_ELEM_ADD(r0, 0xc1105517, &(0x7f0000000080)={{0x0, 0x2, 0x3ff, 0x80, 'syz0\x00', 0x2}, 0x5, 0x0, 0x1, 0x0, 0x0, 0x8, 'syz1\x00', 0x0})
r2 = socket$inet_tcp(0x2, 0x1, 0x0)
setsockopt$sock_int(r2, 0x1, 0x3c, &(0x7f0000000400)=0x1, 0xa)
sendto(r2, &(0x7f0000000540)="f6b4ff270e6532b2d40765f9e8b460bd68b7e03a08d842e54efc234e21b4fec0541e98608bd3070ff700079b3dc0d7520e7351a1b4266e018855fc4819c097783f98064577274ff947328e4fa0ac578dfad9dba45afb427b80a1b4825dc8e8f06667f93a3d429d004d1933f47ac6e2d5d8b1e58d4eb92fa0a5c5b87b800712e299d0c714c78406947586a02fb600029a4daeb3efe7cba41f2d2d6626f63c7c7f0271cbac55d23e0afc639d9810", 0xfe6d621e554cffe6, 0xd63a66976f7dfbe0, 0x0, 0x0)
r3 = socket$alg(0x26, 0x5, 0x0)
bind$alg(r3, 0x0, 0x0)
setsockopt$ALG_SET_KEY(r3, 0x117, 0x1, &(0x7f0000c18000)="ad56b6c5820fae9d6dcd3292ea54c7beef915d564c90c200", 0x18)
r4 = accept4(r3, 0x0, 0x0, 0x80800)
sendmmsg$alg(r4, &(0x7f0000000380)=[{0x0, 0x0, &(0x7f00000002c0)=[{&(0x7f0000000000)="75899b166ef465ebdf3985d305c82df3806ad9922917ca929f6a4bf1cda392e0a041dc6133af6fcd6c232805d9af87535e796adbada01cbd73bf446315e8ad07d64cb17cbfacd81381c880c373a19b898201e80e0f48e26d0ece", 0x5a}, {&(0x7f0000000980)="35d141df804fa269d5af2383cb9f41003dd63924be096c8a80d3e2422de820e311e5d03071c91caa7a6ec1bfb3daf9c19e4ec468da48fbc1f529d2052e0b6a96c26b9750db3d2da4e7a064ad205122408f2de4e007c56b657733c67f9a4db5e23fabe5e98bbb7fba590c5fd3ebfb082900ec364cef4b", 0x76}], 0x2, &(0x7f0000000340)=[@op={0x18, 0x117, 0x3, 0x1}], 0x18}], 0x1, 0x40800)
recvmsg(r4, &(0x7f00000005c0)={0x0, 0x0, &(0x7f00000007c0)=[{&(0x7f00000000c0)=""/25, 0x19}], 0x1}, 0x0)
r5 = openat$audio1(0xffffffffffffff9c, &(0x7f0000000080), 0x129202, 0x0)
ioctl$SNDCTL_DSP_SETFMT(r5, 0xc0045005, &(0x7f0000000140)=0x2000)
ppoll(&(0x7f0000000040)=[{r5, 0x20}, {r5, 0x13}], 0x2, 0x0, 0x0, 0x0)
mmap$dsp(&(0x7f0000ff9000/0x2000)=nil, 0x2000, 0x100000f, 0x11, r5, 0x0)
ioctl$SNDCTL_DSP_SETFMT(r5, 0xc0045005, &(0x7f0000000000)=0x4000)
mmap(&(0x7f0000000000/0x2000)=nil, 0x2000, 0x3000001, 0x32, 0xffffffffffffffff, 0x0)

39.141610699s ago: executing program 3 (id=3103):
r0 = socket(0x10, 0x3, 0x0)
socket$nl_route(0x10, 0x3, 0x0)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
timer_create(0x0, &(0x7f0000000200)={0x0, 0x21, 0x2, @tid=0xffffffffffffffff}, &(0x7f0000000300)=<r1=>0x0)
fcntl$lock(0xffffffffffffffff, 0x6, &(0x7f0000000040)={0x0, 0x0, 0x60d3, 0x5})
mprotect(&(0x7f0000000000/0xf000)=nil, 0xf000, 0x1)
timer_settime(r1, 0x1, &(0x7f0000000040)={{0x0, 0x3938700}, {0x0, 0x989680}}, 0x0)
mmap(&(0x7f0000000000/0xa000)=nil, 0xa000, 0xd3283d0368e269b3, 0x8031, 0xffffffffffffffff, 0xfffff000)
mknodat(0xffffffffffffff9c, &(0x7f0000000140)='./file4\x00', 0x11c0, 0x0)
ioctl$sock_SIOCGIFINDEX(0xffffffffffffffff, 0x8933, 0x0)
r2 = openat$vhost_vsock(0xffffffffffffff9c, &(0x7f00000000c0), 0x2, 0x0)
ioctl$VHOST_SET_VRING_BASE(r2, 0xaf01, 0x0)
ioctl$VHOST_SET_FEATURES(r2, 0x4008af00, &(0x7f0000000080)=0x200000000)
bind$tipc(0xffffffffffffffff, 0x0, 0x0)
ioctl$VHOST_SET_VRING_ADDR(r2, 0x4028af11, 0x0)
ioctl$ifreq_SIOCGIFINDEX_batadv_mesh(r0, 0x8933, &(0x7f0000000200))
r3 = syz_open_dev$sndmidi(0x0, 0x2, 0x141121)
r4 = dup(r3)
write$6lowpan_enable(r4, 0x0, 0x0)
syz_io_uring_setup(0x40038ff, &(0x7f0000000480)={0x0, 0x200003, 0x10100}, 0x0, 0x0)

38.618713481s ago: executing program 3 (id=3104):
r0 = openat$vicodec0(0xffffffffffffff9c, &(0x7f0000000000), 0x2, 0x0)
ioctl$VIDIOC_S_STD(r0, 0x40085618, &(0x7f00000001c0)=0x1700)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000340)={<r1=>0xffffffffffffffff, <r2=>0xffffffffffffffff})
bind$inet6(0xffffffffffffffff, 0x0, 0x0)
connect$unix(r1, &(0x7f000057eff8)=@abs, 0x6e)
sendmmsg$unix(r2, &(0x7f00000bd000), 0x318, 0x0)
recvmmsg(r1, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
r3 = userfaultfd(0x80801)
ioctl$UFFDIO_API(r3, 0xc018aa3f, &(0x7f0000000040)={0xaa, 0x100})
ioctl$UFFDIO_REGISTER(r3, 0xc020aa00, &(0x7f0000000180)={{&(0x7f0000ffc000/0x4000)=nil, 0x4000}, 0x1})
ioctl$UFFDIO_ZEROPAGE(r3, 0xc020aa08, &(0x7f0000000000)={{&(0x7f0000ffd000/0x2000)=nil, 0x2000}, 0x1})
r4 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000180), 0x2, 0x0)
r5 = ioctl$KVM_CREATE_VM(r4, 0xae01, 0x0)
ioctl$KVM_SET_USER_MEMORY_REGION(r5, 0x4020ae46, &(0x7f0000000000)={0x2, 0x0, 0xffffe000, 0x2000, &(0x7f0000ffd000/0x2000)=nil})
rt_sigprocmask(0x0, &(0x7f00000000c0)={[0xffffffffffffffff]}, 0x0, 0x8)
bpf$PROG_LOAD(0x5, &(0x7f00000017c0)={0x1, 0xe, &(0x7f0000000c00)=ANY=[@ANYBLOB="b7000000ff000000bfa30000000000000703000000feffff620af0fff8ffffff71a4f0ff000000002d040200000000001d400200000000004604000001ed000062030000000000001d440000000000007a0a00fe00ffffffc3030000f1000000b5000000000000009500000000000000023bc065b58111c6dfa041b63af4a3912435f1a864a710e4d58db6a693002e7f3be361917adef6ee1c8a2a4f8ef1e50becb19bc461e91a7168c50000000190f32050e436fe275daf51efd601b6bf01c8e8b1b526375ec4dd6fcd82e4fee5bef7af9aa0d7d600c095199fe3ff3128e599b0eaebbdbd732c9cc00eec363e4a8f6456e2cc21557c0afc646cb7798b3e6440c2fbdb00c37dfca3e35208b0bb0d2cd829e654400e2438ec649dc74a28610643a98d9ec21ead2ed51b104d4d91af25b845d8a7925c3109b151b8b9f75dd08d123deda88c658d42ecbf28bf7076c15b463bebba2c598b4fc72f526d8e8afcb913466aaa7f6df70252e79166d858fcd0e06dd31af9612f2460d0b11008e59a5923906f88b53987ad1714e72ba7a54f0c33d39000d06a59ff616236fd9aa58f2477184b6a89adaf17b0a6041bdef728d236619074d6ebdfd1f5089048ddff6da40f9411fe722631cb467600ade70063e5291569b33d21dae356e1c51f03a801be8189679a16da18ec0ae564162a27afea62d84f3a10746443d6438e959532e0617d419c6bc6ea9f2bca4464f56e24e6d2105bd901204a1deeed4155617572652d950ad31928b0b0c3dc2869f478341d02d0f5ad94b081fcd507acb4b9c65fee9d5a17f48a7382f13d000000225d85ae49cee383dc5049076b989b40000000000000da60d2ae20cfb91d6a49964757cdf538f9ce2bdb1ab062cd54e67011d355d84ce97bb0c6b4a595e487efbb2d71cde2c140952f9a0f0bc6980fe78683ac5c0c31032599ddd71063be9261b2e1aab1675b34a22048ef8c126aeef5f510a8f1aded94a129e4aec6f8d9ab06faffc3a15d96c2ea3e2e04cfe031b2875353193f82ade69d0540059fe6c7fe7cd8697502c7596566d674e425da5e87e59602a9f6590521d31d3804b3e0a1053abdc31282dfb15eb6841bb64a1b304502dda787343ce3c953992e4a982f3c48153baae244e7bf37548c7f1a4cad2422ee965a38f7defbd2160242b104e20dc2d9b0c35608d402ccdd9069bd50b994fda7a9de44028d6112a0c2d21b2dc98816106dec28eaeb883418f562ae00003ea96d10f172c0374d6eed826416050000000bfe9b4a9c5a90ff59d54d1f92ecc4e95dd2d18383117c039862198899b212c55318294270a1ad10c80fef7c24d47afce829ba0f85da6d888f18ea40ab959f6074ab2a40d85d15017ab513cdc6c0e57fb1c1ca571380d7b4ead35a385e0b4a26b702396df7e0465f2f994114f244a9bf93f04bf072f0861f7580e69db384ac7eeedcf2ba1a9508f9d6aba582a896a9f1ffa968eacea75caf822a7a63ba34015ea5aacb1188883ad2a3b1832371fe5bc621426d1ed0a4a99702cc1b6912a1e717d29135753208165b9cdbae2ed9dc7358f0ebadde0b727f27feeb744ddcc536cbae315c7d1fe1399562ba6824840b08000000f6f2f9a6a8346962a350845ffa0d829e4f79adc287906943408e6df3c3bfd03aac93df8866fb010aec0e92bed1fe39af169d2a466f0db6f3d9436a7d55fc30511d00000000c95265b2bd83d64a532869d701723fedcbada1ee7baa5b6a686b50f0937f778af083e055f6138a757ebd0ed93517a6b244f9acf41ac5d73a008364e0606a594817031fc2f52c8785fe0721719b3d654026c6ea08b83b123145ab5703dad844ceb201ddeb6dc5f6a903792283c42efc54fa84323afc4c10eff462c8843187f1dd48ef3fa293774d582956ff0f40b10ca94f6feeb2893c17888e1cdba94a6ea80c33ead5722c3293a493f1479531dd88261458f40d31fe8df15efaaeea831555877f9538d6ee6ba65893ff1f908ba7554ba583fef3ec7932f5954f31a878e2fae6691d1aee1da02ba516467df3e7d1daac43738012e4fee18a22da19fcdb4c2890cda1f96b952511e3a69d694d625e0b2f808890205f3a6da2819d2f9e77c7c64affa54fec0136cbafa5f62e96753b639a924599c1f69219927ea5301fff0a6063d427f0688430754c02180d61542c25000000000000000005a7b57f03ca91a01ba2e30ca99e8ebc15ecb4d91675767999d146aef7799738b292fd640dfef6b04d086f737a159d7e0c6e4d81ad64a8bbca48568325b2969e2b15f36b788bce5ccdbaf75c94cb93499f6947a967a7bce14c6de4e7c0660d80010f5c653d22d49030a8c2a4ab595bf4238f18ca428dafc7ac96d404607a0000000051a2104f22e6db5a62b5089c1b45282d38864daa3ae81d6b0968d1d2867b91b7d120617d12d91db2633d6864da40b54783a17aaeb6737c323f9f98e354cc98dcfe23ad01bd1c61563e69ffe1c2c73e1661261173f359e93d2c5e424c17998809ec8f0232b3955e052a4cecd89008f70314a0bdd491ec86a4555d89fe0120f64c62e8e3ed8bcb45202c3d4bbec8d722824c0ebca8db1ea4a003d2fbdc1f9be78537756ab5bbe4fe9af5d785d0128171c90d9900ce2532b0f9d01c4b45294fbba468df3e1b393cb4e62e754598e47df6bd06431c94bc5d047899fd219f448bf9189c65c9d91eda6b52a373803a9efe44f86909bc90addb7b9aee813df534aac4b3093c91b8068cd849904568916694d461b76a58d88cf0f520310a1e9fdc18cde98d662eee077515d0a8811922929e085392ab3d1311b8243266d87047f601fa88a0da36b9f302e82623951743283070744f143fdec90ba5a82668d5fac114c13955ad6dca5db2231d8ba14c54c47ed04a4b4ace17e357e1d6432399f87a7a14245bbd796a09313b247b95d37ff40a404bdad74bd20000000000000000000099fef7cd7af3ce64a92f95d89d125b1e641240d7e5e27a3d1f7684448c3e3822d617e205061298b939a191be4b48e169bde2cae3accc5bd40a2968b59c93d35f8e42366fdef9a2abae1cf01ce68abff28861aac8302d268569dd42e194e330c7aaa54ebbcefd23f21ce8153b9926e12e925cb56119df72c7533a48d028ad0c74e2a9478fa3be18a1a2b65079cc1c7bc46dd12305a1ae9dd19e8d525206c0a728cfd42193abe8130b51d6c9b94c5513df2d85e8c01a2d69841f3d7799ac04bdc590bb1c89b9c695f163e57343c9bfb59909433c9001c5f8b23e38534a538fc933cac6c2a92d038df638a0f226df9fb857bd414c2cd69985e8053e3dfa41614d7c74d04d8c2471041d17c730fad28395f8d4688898cd58b9d600c851626529bb58aa364b55e73f053450665e7b94ad1012fd7a8139166fd5e59c84f4ab279b1b99c028db4cb9680c8035f967db18de738844da7e260a830c1ffa49f5af3c15423a0e315acb82a3e89218cb314e68fda4d94aa1d815babc13b9fd336d205c5913ef670000000000000000ba470bfe62fe2933082149d42e8a00a5b4f7e9ad0500000000000000"], &(0x7f00000001c0)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x8, &(0x7f0000000000), 0x0, 0x10, &(0x7f0000000000), 0xfffffffffffffd64}, 0x48)
r6 = ioctl$KVM_CREATE_VCPU(r5, 0xae41, 0x2)
ioctl$KVM_RUN(r6, 0xae80, 0x0)
sched_setattr(0x0, 0x0, 0x0)

35.15618684s ago: executing program 3 (id=3112):
r0 = userfaultfd(0x80001)
ioctl$UFFDIO_API(r0, 0xc018aa3f, &(0x7f0000000140))
ioctl$UFFDIO_REGISTER(r0, 0xc020aa00, &(0x7f0000000080)={{&(0x7f0000ffd000/0x3000)=nil, 0x3000}, 0x1})
madvise(&(0x7f0000000000/0x400000)=nil, 0x400000, 0x19)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000080)={<r1=>0xffffffffffffffff, <r2=>0xffffffffffffffff})
connect$unix(r1, &(0x7f0000000300)=@abs, 0x6e)
sendmmsg$unix(r2, &(0x7f00000bd000), 0x318, 0x0)
recvmmsg(r1, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
syz_genetlink_get_family_id$ethtool(0x0, 0xffffffffffffffff)
bind$alg(0xffffffffffffffff, 0x0, 0x0)
pipe(&(0x7f00000045c0)={<r3=>0xffffffffffffffff, <r4=>0xffffffffffffffff})
openat(0xffffffffffffff9c, 0x0, 0x2, 0x0)
vmsplice(r4, &(0x7f0000001440)=[{&(0x7f0000001a00)="ce", 0x1}], 0x1, 0x4)
ioctl$UFFDIO_COPY(r0, 0xc028aa05, &(0x7f0000000040)={&(0x7f0000ffd000/0x3000)=nil, &(0x7f0000000000/0x3000)=nil, 0x3000})
read$FUSE(r3, &(0x7f0000009780)={0x2020}, 0x2020)
sendmsg$nl_route_sched(0xffffffffffffffff, &(0x7f0000000040)={0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x80c2}, 0x2004c801)
sendmsg$nl_route_sched(0xffffffffffffffff, 0x0, 0x4880)
chown(0x0, 0x0, 0x0)
ioctl$VIDIOC_SUBDEV_ENUM_MBUS_CODE(0xffffffffffffffff, 0xc0305602, &(0x7f0000000040)={0x0, 0x7, 0x3012, 0x1})

35.121172553s ago: executing program 0 (id=3114):
r0 = syz_open_procfs(0x0, &(0x7f00000001c0)='maps\x00')
socketpair$unix(0x1, 0x3, 0x0, &(0x7f0000000080)={<r1=>0xffffffffffffffff, <r2=>0xffffffffffffffff})
connect$unix(r1, &(0x7f000057eff8)=@abs, 0x6e)
sendmmsg$unix(r2, &(0x7f00000bd000), 0x318, 0x0)
recvmmsg(r1, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
seccomp$SECCOMP_SET_MODE_FILTER_LISTENER(0x1, 0x0, 0x0)
r3 = syz_clone(0x0, 0x0, 0x0, 0x0, 0x0, 0x0)
tgkill(r3, r3, 0x1a)
r4 = gettid()
timer_create(0x7, &(0x7f0000533fa0)={0x0, 0x21, 0x800000000004, @tid=r4}, &(0x7f0000bbdffc))
timer_settime(0x0, 0x0, &(0x7f0000000280)={{0x0, 0x989680}, {0x0, 0x989680}}, 0x0)
syz_usb_connect(0x5, 0x35, &(0x7f0000000040)=ANY=[], 0x0)
r5 = socket$inet(0x2, 0x2, 0x0)
prctl$PR_SET_SYSCALL_USER_DISPATCH_ON(0x3b, 0x1, 0x0, 0x0, &(0x7f0000006680))
mmap(&(0x7f0000ffe000/0x1000)=nil, 0x1000, 0x1000003, 0x8031, 0xffffffffffffffff, 0x0)
shutdown(r5, 0x0)
recvmmsg(r5, &(0x7f00000066c0), 0xa0d, 0x0, 0x0)
unshare(0x22020400)
ioctl$KVM_SET_USER_MEMORY_REGION(r0, 0xc0686611, &(0x7f0000000180)={0x67, 0x0, 0x2000000, 0x2000, &(0x7f0000ffd000/0x2000)=nil})

33.201595395s ago: executing program 3 (id=3119):
socket$nl_route(0x10, 0x3, 0x0)
socketpair$unix(0x1, 0x3, 0x0, &(0x7f00000001c0)={<r0=>0xffffffffffffffff, <r1=>0xffffffffffffffff})
connect$unix(r0, &(0x7f00000010c0)=@abs, 0x38)
sendmmsg$unix(r1, &(0x7f00000bd000), 0x318, 0x0)
recvmmsg(r0, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
sendmsg(r1, &(0x7f0000000180)={0x0, 0x0, 0x0}, 0x0)
sched_setattr(0x0, &(0x7f0000000100)={0x38, 0x5, 0x0, 0x0, 0x0, 0xb49, 0x9, 0x8, 0x0, 0x3}, 0x0)
r2 = socket$nl_netfilter(0x10, 0x3, 0xc)
sendmsg$NFULNL_MSG_CONFIG(r2, 0x0, 0x0)
close(0xffffffffffffffff)
openat$sequencer2(0xffffffffffffff9c, &(0x7f0000000240), 0x8417f, 0x0)
r3 = socket$nl_netfilter(0x10, 0x3, 0xc)
sendmsg$NFT_BATCH(r3, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000040)={&(0x7f0000001240)=ANY=[@ANYRESDEC], 0xfc}}, 0x4000005)
bpf$BPF_TASK_FD_QUERY(0x14, &(0x7f0000000080)={0xffffffffffffffff, 0xffffffffffffffff, 0x0, 0x2c, &(0x7f0000000000)='/proc/sys/net/\x00\x00v4\x00\x00s/\x92ync_\x00le\xf44.\x00\x00\x00\x00\xd4\xa2\x88\x00\xd1l,'}, 0x30)
r4 = openat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000000), 0x200002, 0x0)
fchdir(r4)
r5 = openat(0xffffffffffffff9c, &(0x7f0000000040)='.\x00', 0x0, 0x0)
getdents64(r5, &(0x7f00000000c0)=""/4096, 0x1000)
getdents(r5, 0x0, 0x0)

32.036127895s ago: executing program 0 (id=3121):
socketpair$unix(0x1, 0x3, 0x0, &(0x7f0000000080)={<r0=>0xffffffffffffffff, <r1=>0xffffffffffffffff})
connect$unix(r0, &(0x7f000057eff8)=@abs, 0x6e)
sendmmsg$unix(r1, &(0x7f00000bd000), 0x318, 0x0)
recvmmsg(r0, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
unshare(0x26020480)
bpf$PROG_LOAD(0x5, &(0x7f00000017c0)={0x1, 0xe, &(0x7f0000000200)=ANY=[@ANYBLOB], &(0x7f00000001c0)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x4, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x8, &(0x7f0000000000), 0x8, 0x10, &(0x7f0000000000), 0x10}, 0x94)
socket$inet_sctp(0x2, 0x1, 0x84)
sendmsg(r1, &(0x7f0000000180)={0x0, 0x0, 0x0}, 0x0)
sched_setattr(0x0, &(0x7f0000000100)={0x38, 0x5, 0x0, 0x0, 0x0, 0xb49, 0x9, 0x8, 0x0, 0x3}, 0x0)
r2 = socket$nl_netfilter(0x10, 0x3, 0xc)
r3 = socket$nl_rdma(0x10, 0x3, 0x14)
sendmsg$RDMA_NLDEV_CMD_GET_CHARDEV(r3, &(0x7f0000000100)={0x0, 0x0, &(0x7f0000000080)={&(0x7f00000000c0)={0x28, 0x140f, 0x1, 0x800000, 0x25dfdbfe, "", [@RDMA_NLDEV_ATTR_CHARDEV_TYPE={0xc, 0x45, 'rdma_cm\x00'}, @RDMA_NLDEV_ATTR_CHARDEV_TYPE={0xfffffffffffffdb8, 0x45, 'issm\x00'}]}, 0x28}, 0x1, 0x0, 0x0, 0x4004011}, 0x0)
sendmsg$IPSET_CMD_CREATE(r2, &(0x7f0000000100)={0x0, 0x0, &(0x7f00000000c0)={&(0x7f0000000440)=ANY=[@ANYBLOB="600000000206010200000000000000000000000014000780050014000700000008001240000500000900020073797a3200000000050001000700000011000300686173683a6e65742c6e657400000000050005000a000000050004"], 0x60}}, 0x0)
timer_create(0x0, 0x0, &(0x7f0000000000))
syz_open_procfs(0x0, 0x0)
r4 = syz_open_dev$dri(&(0x7f0000000080), 0x1, 0x0)
ioctl$DRM_IOCTL_MODE_OBJ_GETPROPERTIES(r4, 0xc02064b9, &(0x7f0000000dc0)={0x0, 0x0})
inotify_init1(0x0)
quotactl$Q_SYNC(0xffffffff80000100, 0x0, 0x0, 0x0)

30.678095332s ago: executing program 3 (id=3124):
r0 = socket$nl_netfilter(0x10, 0x3, 0xc)
sendmsg$NFNL_MSG_COMPAT_GET(r0, &(0x7f0000000500)={0x0, 0x0, &(0x7f00000003c0)={&(0x7f0000000340)={0x1c, 0x0, 0xb, 0x101, 0x0, 0x0, {0x3, 0x0, 0x8}, [@NFTA_COMPAT_REV={0x8, 0x2, 0x1, 0x0, 0x500}]}, 0x1c}, 0x1, 0x0, 0x0, 0x60004000}, 0x40010)
r1 = socket$nl_netfilter(0x10, 0x3, 0xc)
sendmsg$NFNL_MSG_CTHELPER_NEW(r1, &(0x7f0000000200)={&(0x7f00000000c0)={0x10, 0x0, 0x0, 0xbdd2d932e4d38f0c}, 0xc, &(0x7f00000001c0)={&(0x7f0000000180)={0x1c, 0x0, 0x9, 0x201, 0x0, 0x0, {}, [@NFCTH_PRIV_DATA_LEN={0x8, 0x5, 0x1, 0x0, 0x1c}]}, 0x1c}, 0x1, 0x0, 0x0, 0x4}, 0x20010010)
r2 = fsopen(&(0x7f00000001c0)='ramfs\x00', 0x0)
fsconfig$FSCONFIG_CMD_CREATE(r2, 0x6, 0x0, 0x0, 0x0)
fchdir(0xffffffffffffffff)
r3 = syz_mount_image$fuse(0x0, &(0x7f00000000c0)='./file0\x00', 0x8001, 0x0, 0x0, 0x0, 0x0)
r4 = open_tree(0xffffffffffffff9c, &(0x7f0000000080)='./file0\x00', 0x89901)
mkdirat(r3, &(0x7f0000000040)='./file0\x00', 0x48)
move_mount(r4, &(0x7f0000000140)='.\x00', 0xffffffffffffff9c, &(0x7f0000000180)='./file0\x00', 0x0)
r5 = open_tree(0xffffffffffffff9c, &(0x7f0000000640)='\x00', 0x89901)
move_mount(r5, &(0x7f0000000140)='.\x00', 0xffffffffffffff9c, &(0x7f0000000300)='./file0\x00', 0x0)
mkdirat(0xffffffffffffff9c, &(0x7f0000001dc0)='./file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa\x00', 0x0)
rename(0x0, &(0x7f0000000200)='./file0\x00')
r6 = syz_open_dev$vbi(&(0x7f0000000000), 0x0, 0x2)
r7 = socket$nl_generic(0x10, 0x3, 0x10)
sendmsg$nl_generic(r7, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000180)={&(0x7f00000003c0)={0x18, 0x3c, 0x107, 0xfffffffc, 0x0, {0x4, 0x7c}, [@nested={0x4, 0x5}]}, 0x18}}, 0xc000)
ioctl$VIDIOC_SUBDEV_S_DV_TIMINGS(r6, 0xc0845657, &(0x7f0000000200)={0x0, @bt={0x8a5, 0x93, 0x1, 0x2, 0xd59f80, 0x196f, 0x100, 0x819ef, 0x5c2f460d, 0x1, 0x27fd, 0x2, 0x3, 0x40bb6, 0x16, 0x10, {0x81, 0xfffffff8}, 0xd0, 0x9}})
sendmsg$IPCTNL_MSG_CT_DELETE(r0, &(0x7f0000000140)={&(0x7f0000000000)={0x10, 0x0, 0x0, 0x800000}, 0xc, &(0x7f0000000100)={&(0x7f0000000040)={0x54, 0x2, 0x1, 0x401, 0x0, 0x0, {0x1, 0x0, 0x7}, [@CTA_TUPLE_ORIG={0x40, 0x1, 0x0, 0x1, [@CTA_TUPLE_PROTO={0xc, 0x2, 0x0, 0x1, {0x5}}, @CTA_TUPLE_PROTO={0xc, 0x2, 0x0, 0x1, {0x5, 0x1, 0x88}}, @CTA_TUPLE_ZONE={0x6}, @CTA_TUPLE_PROTO={0xc, 0x2, 0x0, 0x1, {0x5, 0x1, 0x21}}, @CTA_TUPLE_ZONE={0x6, 0x3, 0x1, 0x0, 0x2}, @CTA_TUPLE_ZONE={0x6, 0x3, 0x1, 0x0, 0x4}]}]}, 0x54}, 0x1, 0x0, 0x0, 0x20000841}, 0x0)

30.050250862s ago: executing program 0 (id=3125):
r0 = openat$vicodec0(0xffffffffffffff9c, &(0x7f0000000000), 0x2, 0x0)
ioctl$VIDIOC_S_STD(r0, 0x40085618, &(0x7f00000001c0)=0x1700)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000340)={<r1=>0xffffffffffffffff, <r2=>0xffffffffffffffff})
bind$inet6(0xffffffffffffffff, 0x0, 0x0)
connect$unix(r1, &(0x7f000057eff8)=@abs, 0x6e)
sendmmsg$unix(r2, &(0x7f00000bd000), 0x318, 0x0)
recvmmsg(r1, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
r3 = userfaultfd(0x80801)
ioctl$UFFDIO_API(r3, 0xc018aa3f, &(0x7f0000000040)={0xaa, 0x100})
ioctl$UFFDIO_REGISTER(r3, 0xc020aa00, &(0x7f0000000180)={{&(0x7f0000ffc000/0x4000)=nil, 0x4000}, 0x1})
ioctl$UFFDIO_ZEROPAGE(r3, 0xc020aa08, &(0x7f0000000000)={{&(0x7f0000ffd000/0x2000)=nil, 0x2000}, 0x1})
r4 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000180), 0x2, 0x0)
r5 = ioctl$KVM_CREATE_VM(r4, 0xae01, 0x0)
ioctl$KVM_SET_USER_MEMORY_REGION(r5, 0x4020ae46, &(0x7f0000000000)={0x2, 0x0, 0xffffe000, 0x2000, &(0x7f0000ffd000/0x2000)=nil})
rt_sigprocmask(0x0, &(0x7f00000000c0)={[0xffffffffffffffff]}, 0x0, 0x8)
bpf$PROG_LOAD(0x5, &(0x7f00000017c0)={0x1, 0xe, &(0x7f0000000c00)=ANY=[@ANYBLOB="b7000000ff000000bfa30000000000000703000000feffff620af0fff8ffffff71a4f0ff000000002d040200000000001d400200000000004604000001ed000062030000000000001d440000000000007a0a00fe00ffffffc3030000f1000000b5000000000000009500000000000000023bc065b58111c6dfa041b63af4a3912435f1a864a710e4d58db6a693002e7f3be361917adef6ee1c8a2a4f8ef1e50becb19bc461e91a7168c50000000190f32050e436fe275daf51efd601b6bf01c8e8b1b526375ec4dd6fcd82e4fee5bef7af9aa0d7d600c095199fe3ff3128e599b0eaebbdbd732c9cc00eec363e4a8f6456e2cc21557c0afc646cb7798b3e6440c2fbdb00c37dfca3e35208b0bb0d2cd829e654400e2438ec649dc74a28610643a98d9ec21ead2ed51b104d4d91af25b845d8a7925c3109b151b8b9f75dd08d123deda88c658d42ecbf28bf7076c15b463bebba2c598b4fc72f526d8e8afcb913466aaa7f6df70252e79166d858fcd0e06dd31af9612f2460d0b11008e59a5923906f88b53987ad1714e72ba7a54f0c33d39000d06a59ff616236fd9aa58f2477184b6a89adaf17b0a6041bdef728d236619074d6ebdfd1f5089048ddff6da40f9411fe722631cb467600ade70063e5291569b33d21dae356e1c51f03a801be8189679a16da18ec0ae564162a27afea62d84f3a10746443d6438e959532e0617d419c6bc6ea9f2bca4464f56e24e6d2105bd901204a1deeed4155617572652d950ad31928b0b0c3dc2869f478341d02d0f5ad94b081fcd507acb4b9c65fee9d5a17f48a7382f13d000000225d85ae49cee383dc5049076b989b40000000000000da60d2ae20cfb91d6a49964757cdf538f9ce2bdb1ab062cd54e67011d355d84ce97bb0c6b4a595e487efbb2d71cde2c140952f9a0f0bc6980fe78683ac5c0c31032599ddd71063be9261b2e1aab1675b34a22048ef8c126aeef5f510a8f1aded94a129e4aec6f8d9ab06faffc3a15d96c2ea3e2e04cfe031b2875353193f82ade69d0540059fe6c7fe7cd8697502c7596566d674e425da5e87e59602a9f6590521d31d3804b3e0a1053abdc31282dfb15eb6841bb64a1b304502dda787343ce3c953992e4a982f3c48153baae244e7bf37548c7f1a4cad2422ee965a38f7defbd2160242b104e20dc2d9b0c35608d402ccdd9069bd50b994fda7a9de44028d6112a0c2d21b2dc98816106dec28eaeb883418f562ae00003ea96d10f172c0374d6eed826416050000000bfe9b4a9c5a90ff59d54d1f92ecc4e95dd2d18383117c039862198899b212c55318294270a1ad10c80fef7c24d47afce829ba0f85da6d888f18ea40ab959f6074ab2a40d85d15017ab513cdc6c0e57fb1c1ca571380d7b4ead35a385e0b4a26b702396df7e0465f2f994114f244a9bf93f04bf072f0861f7580e69db384ac7eeedcf2ba1a9508f9d6aba582a896a9f1ffa968eacea75caf822a7a63ba34015ea5aacb1188883ad2a3b1832371fe5bc621426d1ed0a4a99702cc1b6912a1e717d29135753208165b9cdbae2ed9dc7358f0ebadde0b727f27feeb744ddcc536cbae315c7d1fe1399562ba6824840b08000000f6f2f9a6a8346962a350845ffa0d829e4f79adc287906943408e6df3c3bfd03aac93df8866fb010aec0e92bed1fe39af169d2a466f0db6f3d9436a7d55fc30511d00000000c95265b2bd83d64a532869d701723fedcbada1ee7baa5b6a686b50f0937f778af083e055f6138a757ebd0ed93517a6b244f9acf41ac5d73a008364e0606a594817031fc2f52c8785fe0721719b3d654026c6ea08b83b123145ab5703dad844ceb201ddeb6dc5f6a903792283c42efc54fa84323afc4c10eff462c8843187f1dd48ef3fa293774d582956ff0f40b10ca94f6feeb2893c17888e1cdba94a6ea80c33ead5722c3293a493f1479531dd88261458f40d31fe8df15efaaeea831555877f9538d6ee6ba65893ff1f908ba7554ba583fef3ec7932f5954f31a878e2fae6691d1aee1da02ba516467df3e7d1daac43738012e4fee18a22da19fcdb4c2890cda1f96b952511e3a69d694d625e0b2f808890205f3a6da2819d2f9e77c7c64affa54fec0136cbafa5f62e96753b639a924599c1f69219927ea5301fff0a6063d427f0688430754c02180d61542c25000000000000000005a7b57f03ca91a01ba2e30ca99e8ebc15ecb4d91675767999d146aef7799738b292fd640dfef6b04d086f737a159d7e0c6e4d81ad64a8bbca48568325b2969e2b15f36b788bce5ccdbaf75c94cb93499f6947a967a7bce14c6de4e7c0660d80010f5c653d22d49030a8c2a4ab595bf4238f18ca428dafc7ac96d404607a0000000051a2104f22e6db5a62b5089c1b45282d38864daa3ae81d6b0968d1d2867b91b7d120617d12d91db2633d6864da40b54783a17aaeb6737c323f9f98e354cc98dcfe23ad01bd1c61563e69ffe1c2c73e1661261173f359e93d2c5e424c17998809ec8f0232b3955e052a4cecd89008f70314a0bdd491ec86a4555d89fe0120f64c62e8e3ed8bcb45202c3d4bbec8d722824c0ebca8db1ea4a003d2fbdc1f9be78537756ab5bbe4fe9af5d785d0128171c90d9900ce2532b0f9d01c4b45294fbba468df3e1b393cb4e62e754598e47df6bd06431c94bc5d047899fd219f448bf9189c65c9d91eda6b52a373803a9efe44f86909bc90addb7b9aee813df534aac4b3093c91b8068cd849904568916694d461b76a58d88cf0f520310a1e9fdc18cde98d662eee077515d0a8811922929e085392ab3d1311b8243266d87047f601fa88a0da36b9f302e82623951743283070744f143fdec90ba5a82668d5fac114c13955ad6dca5db2231d8ba14c54c47ed04a4b4ace17e357e1d6432399f87a7a14245bbd796a09313b247b95d37ff40a404bdad74bd20000000000000000000099fef7cd7af3ce64a92f95d89d125b1e641240d7e5e27a3d1f7684448c3e3822d617e205061298b939a191be4b48e169bde2cae3accc5bd40a2968b59c93d35f8e42366fdef9a2abae1cf01ce68abff28861aac8302d268569dd42e194e330c7aaa54ebbcefd23f21ce8153b9926e12e925cb56119df72c7533a48d028ad0c74e2a9478fa3be18a1a2b65079cc1c7bc46dd12305a1ae9dd19e8d525206c0a728cfd42193abe8130b51d6c9b94c5513df2d85e8c01a2d69841f3d7799ac04bdc590bb1c89b9c695f163e57343c9bfb59909433c9001c5f8b23e38534a538fc933cac6c2a92d038df638a0f226df9fb857bd414c2cd69985e8053e3dfa41614d7c74d04d8c2471041d17c730fad28395f8d4688898cd58b9d600c851626529bb58aa364b55e73f053450665e7b94ad1012fd7a8139166fd5e59c84f4ab279b1b99c028db4cb9680c8035f967db18de738844da7e260a830c1ffa49f5af3c15423a0e315acb82a3e89218cb314e68fda4d94aa1d815babc13b9fd336d205c5913ef670000000000000000ba470bfe62fe2933082149d42e8a00a5b4f7e9ad0500000000000000"], &(0x7f00000001c0)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x8, &(0x7f0000000000), 0x0, 0x10, &(0x7f0000000000), 0xfffffffffffffd64}, 0x48)
r6 = ioctl$KVM_CREATE_VCPU(r5, 0xae41, 0x2)
ioctl$KVM_RUN(r6, 0xae80, 0x0)
sched_setattr(0x0, 0x0, 0x0)

26.906603234s ago: executing program 0 (id=3130):
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x1, 0x0)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0xfffffffffffffffd}, 0x0)
r0 = getpid()
sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeef, 0x8031, 0xffffffffffffffff, 0x0)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={<r1=>0xffffffffffffffff, <r2=>0xffffffffffffffff})
connect$unix(r1, &(0x7f000057eff8)=@file={0x0, './file0\x00'}, 0x6e)
sendmmsg$unix(r2, &(0x7f0000000000), 0x400000000000041, 0x0)
sched_setaffinity(r0, 0x8, &(0x7f0000000240)=0x2)
recvmmsg(r1, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
syz_usbip_server_init(0x1)
r3 = syz_io_uring_setup(0xdaa, &(0x7f0000000380)={0x0, 0x0, 0x13291, 0x8, 0x2000}, &(0x7f0000000100), &(0x7f0000000000))
r4 = syz_clone(0x0, 0x0, 0x0, 0x0, 0x0, 0x0)
r5 = socket$nl_netfilter(0x10, 0x3, 0xc)
sendmsg$NFT_MSG_GETOBJ(r5, &(0x7f00000004c0)={0x0, 0x0, &(0x7f0000000140)={&(0x7f0000000480)=ANY=[], 0x34}}, 0x0)
fcntl$lock(r3, 0x5, &(0x7f0000000040)={0x0, 0x4, 0xa58e, 0x7fffffffffffffff, r4})
openat$mixer(0xffffffffffffff9c, &(0x7f0000000080), 0x101403, 0x0)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000180)={0x0}, 0x18)
r6 = openat$ptmx(0xffffffffffffff9c, &(0x7f00000000c0), 0x121301, 0x0)
ioctl$TIOCSETD(r6, 0x5423, &(0x7f0000000040)=0xd)

23.783647858s ago: executing program 0 (id=3135):
r0 = socket$nl_netfilter(0x10, 0x3, 0xc)
sendmsg$NFNL_MSG_COMPAT_GET(r0, &(0x7f0000000500)={0x0, 0x0, &(0x7f00000003c0)={&(0x7f0000000340)={0x1c, 0x0, 0xb, 0x101, 0x0, 0x0, {0x3, 0x0, 0x8}, [@NFTA_COMPAT_REV={0x8, 0x2, 0x1, 0x0, 0x500}]}, 0x1c}, 0x1, 0x0, 0x0, 0x60004000}, 0x40010)
r1 = socket$nl_netfilter(0x10, 0x3, 0xc)
sendmsg$NFNL_MSG_CTHELPER_NEW(r1, &(0x7f0000000200)={&(0x7f00000000c0)={0x10, 0x0, 0x0, 0xbdd2d932e4d38f0c}, 0xc, &(0x7f00000001c0)={&(0x7f0000000180)={0x1c, 0x0, 0x9, 0x201, 0x0, 0x0, {}, [@NFCTH_PRIV_DATA_LEN={0x8, 0x5, 0x1, 0x0, 0x1c}]}, 0x1c}, 0x1, 0x0, 0x0, 0x4}, 0x20010010)
r2 = fsopen(&(0x7f00000001c0)='ramfs\x00', 0x0)
fsconfig$FSCONFIG_CMD_CREATE(r2, 0x6, 0x0, 0x0, 0x0)
fchdir(0xffffffffffffffff)
r3 = syz_mount_image$fuse(0x0, &(0x7f00000000c0)='./file0\x00', 0x8001, 0x0, 0x0, 0x0, 0x0)
r4 = open_tree(0xffffffffffffff9c, &(0x7f0000000080)='./file0\x00', 0x89901)
mkdirat(r3, &(0x7f0000000040)='./file0\x00', 0x48)
move_mount(r4, &(0x7f0000000140)='.\x00', 0xffffffffffffff9c, &(0x7f0000000180)='./file0\x00', 0x0)
r5 = open_tree(0xffffffffffffff9c, &(0x7f0000000640)='\x00', 0x89901)
move_mount(r5, &(0x7f0000000140)='.\x00', 0xffffffffffffff9c, &(0x7f0000000300)='./file0\x00', 0x0)
mkdirat(0xffffffffffffff9c, &(0x7f0000001dc0)='./file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa\x00', 0x0)
rename(0x0, &(0x7f0000000200)='./file0\x00')
r6 = syz_open_dev$vbi(&(0x7f0000000000), 0x0, 0x2)
r7 = socket$nl_generic(0x10, 0x3, 0x10)
sendmsg$nl_generic(r7, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000180)={&(0x7f00000003c0)={0x18, 0x3c, 0x107, 0xfffffffc, 0x0, {0x4, 0x7c}, [@nested={0x4, 0x5}]}, 0x18}}, 0xc000)
ioctl$VIDIOC_SUBDEV_S_DV_TIMINGS(r6, 0xc0845657, &(0x7f0000000200)={0x0, @bt={0x8a5, 0x93, 0x1, 0x2, 0xd59f80, 0x196f, 0x100, 0x819ef, 0x5c2f460d, 0x1, 0x27fd, 0x2, 0x3, 0x40bb6, 0x16, 0x10, {0x81, 0xfffffff8}, 0xd0, 0x9}})
sendmsg$IPCTNL_MSG_CT_DELETE(r0, &(0x7f0000000140)={&(0x7f0000000000)={0x10, 0x0, 0x0, 0x800000}, 0xc, &(0x7f0000000100)={&(0x7f0000000040)={0x54, 0x2, 0x1, 0x401, 0x0, 0x0, {0x1, 0x0, 0x7}, [@CTA_TUPLE_ORIG={0x40, 0x1, 0x0, 0x1, [@CTA_TUPLE_PROTO={0xc, 0x2, 0x0, 0x1, {0x5}}, @CTA_TUPLE_PROTO={0xc, 0x2, 0x0, 0x1, {0x5, 0x1, 0x88}}, @CTA_TUPLE_ZONE={0x6}, @CTA_TUPLE_PROTO={0xc, 0x2, 0x0, 0x1, {0x5, 0x1, 0x21}}, @CTA_TUPLE_ZONE={0x6, 0x3, 0x1, 0x0, 0x2}, @CTA_TUPLE_ZONE={0x6, 0x3, 0x1, 0x0, 0x4}]}]}, 0x54}, 0x1, 0x0, 0x0, 0x20000841}, 0x0)

23.600287056s ago: executing program 0 (id=3136):
socketpair$unix(0x1, 0x3, 0x0, &(0x7f0000000080)={<r0=>0xffffffffffffffff, <r1=>0xffffffffffffffff})
connect$unix(r0, &(0x7f000057eff8)=@abs, 0x6e)
sendmmsg$unix(r1, &(0x7f00000bd000), 0x318, 0x0)
recvmmsg(r0, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
sched_setattr(0x0, &(0x7f0000000280)={0x38, 0x5, 0x8, 0x8001, 0x0, 0x9, 0x0, 0xfffffe0000000001, 0xfa11, 0xffffffff}, 0x0)
syz_usb_control_io$printer(0xffffffffffffffff, 0x0, 0x0)
syz_usb_control_io$cdc_ncm(0xffffffffffffffff, 0x0, 0x0)
bpf$PROG_LOAD(0x5, &(0x7f0000000240)={0x1, 0x4, &(0x7f0000000040)=@framed={{0xffffffb7, 0x5, 0x0, 0x0, 0x0, 0x61, 0x10, 0x2c}, [@ldst={0x0, 0x0, 0x2}]}, &(0x7f00000002c0)='GPL\x00', 0x5, 0xbc, &(0x7f0000000300)=""/188, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, &(0x7f0000000080), 0x10}, 0x94)
openat$pfkey(0xffffffffffffff9c, &(0x7f0000000080), 0x20000, 0x0)
mprotect(&(0x7f0000000000/0x2000)=nil, 0x2000, 0x1)
r2 = inotify_init1(0x800)
r3 = inotify_add_watch(r2, &(0x7f0000000080)='.\x00', 0x2000775)
inotify_rm_watch(r2, r3)
r4 = syz_open_dev$usbfs(&(0x7f00000000c0), 0x204, 0x2)
mmap(&(0x7f0000000000/0x400000)=nil, 0x400000, 0x0, 0x11012, r4, 0x0)
modify_ldt$write(0x1, 0x0, 0x0)
madvise(&(0x7f0000bdc000/0x4000)=nil, 0x86ac726dff2f4713, 0xa)
syz_clone(0x640c7400, 0x0, 0x0, 0x0, 0x0, 0x0)
mmap(&(0x7f0000000000/0xfff000)=nil, 0xfff002, 0x0, 0x2000000000032, 0xffffffffffffffff, 0x0)

13.270502062s ago: executing program 4 (id=3155):
socket$rxrpc(0x21, 0x2, 0xa)
socketpair$unix(0x1, 0x3, 0x0, &(0x7f0000000080)={<r0=>0xffffffffffffffff, <r1=>0xffffffffffffffff})
connect$unix(r0, &(0x7f00000000c0)=@file={0x0, './file0\x00'}, 0x6e)
sendmmsg$unix(r1, &(0x7f00000bd000), 0x318, 0x0)
recvmmsg(r0, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
r2 = openat$uinput(0xffffffffffffff9c, &(0x7f0000000040), 0x802, 0x0)
write$uinput_user_dev(r2, &(0x7f0000000b00)={'syz1\x00', {0xf8, 0x100, 0x8, 0x3}, 0x20, [0x8000003, 0x4, 0x80, 0x143b4048, 0x5, 0x7, 0xa, 0x3000000, 0xea1, 0x0, 0x589f, 0x1000, 0x1e, 0x81, 0x0, 0xffffff80, 0x1, 0x2, 0x1000, 0x3, 0x40000000, 0xfffffff9, 0x2, 0xc, 0x3, 0x394d, 0x9, 0x0, 0x5, 0x53987b9e, 0xc, 0x0, 0x0, 0x2, 0x0, 0x3, 0x8, 0xffffce2d, 0x2, 0x8, 0x5, 0x1004, 0x1, 0x81, 0xfffffff8, 0x4, 0x40, 0x7ff, 0x7c2c0bf, 0x5, 0x5, 0x3, 0x8001, 0x1, 0xc2000000, 0xa560, 0xfffff801, 0x8, 0xd809, 0x395, 0x9, 0x8, 0x1, 0x5], [0x76, 0x100, 0x1, 0x7, 0x0, 0x8e8, 0x5, 0xe, 0xfffffffe, 0x4, 0xb16, 0x2, 0x9061, 0x8, 0x8, 0x5, 0xb3f, 0x3, 0x7, 0x4c, 0xff, 0x4557, 0x1, 0x8, 0x7, 0x5d01, 0x5, 0x3, 0x7, 0x4, 0x5, 0x9114, 0x3, 0x7, 0xda0f, 0xac, 0x9, 0xc, 0x2, 0x400, 0x4, 0x2, 0x3, 0x8, 0xd, 0x8e6, 0x1, 0x7, 0x200, 0xd4a, 0x10, 0x8, 0xf1c, 0x8, 0x27, 0x6, 0x9, 0x5, 0x6, 0x8, 0x0, 0x1, 0x7f, 0x5], [0x1, 0x2, 0x9, 0x872d, 0xfffffffb, 0x75cb, 0x4b, 0x1000, 0x3, 0x1, 0x0, 0x4, 0x9, 0x3a7d, 0x3, 0x1000, 0x2, 0x7, 0x0, 0xfff, 0x22, 0x6, 0x7, 0x432c, 0x20000, 0xd, 0x3, 0x1020, 0x4, 0x2, 0x9, 0x100, 0x1, 0x5, 0x8001, 0x4, 0x1, 0x7f, 0xffff2840, 0x1e0000, 0x8000, 0x80000001, 0x5, 0x3, 0x3, 0x9, 0x4, 0x7, 0x7, 0x0, 0x1, 0x2, 0xd4b, 0x2a, 0x3, 0x9, 0x9, 0x22f, 0x7, 0x80, 0x400, 0x2, 0x3, 0x5], [0xef, 0x8000000, 0xfffffffe, 0x8001, 0x4da1, 0x4, 0x1000, 0x200, 0x7, 0x80, 0x8, 0x6, 0x3, 0x80000001, 0x4, 0x0, 0x10c5, 0x324, 0x0, 0x3, 0xcf, 0x8, 0x9, 0x3, 0x40009b33, 0x1, 0x2, 0x3b, 0x2, 0x37fe, 0xff6f, 0x9, 0x0, 0xc, 0x0, 0x3, 0x8, 0x3, 0x7ffffeff, 0x2, 0xff, 0x74, 0x8, 0xc3f, 0x6, 0x7, 0x9, 0x7ff, 0x7, 0x5, 0x4, 0x5, 0xdc, 0x8, 0x7ff, 0x6, 0xdbe3bca, 0x9, 0x8000, 0x93e7, 0xad7, 0x2, 0x3, 0x1ff]}, 0x45c)
ioctl$UI_SET_EVBIT(r2, 0x40045564, 0x4)
r3 = socket(0x10, 0x2, 0x0)
ioctl$sock_SIOCETHTOOL(r3, 0x8946, &(0x7f0000000340)={'caif0\x00', 0x0})
prlimit64(0x0, 0xe, 0x0, 0x0)
syz_genetlink_get_family_id$nl80211(&(0x7f0000000180), 0xffffffffffffffff)
openat$cgroup_subtree(0xffffffffffffffff, 0x0, 0x2, 0x0)
syz_io_uring_setup(0xcdf, &(0x7f00000005c0)={0x0, 0x5883, 0x0, 0x0, 0x85}, 0x0, &(0x7f0000000280))
syz_memcpy_off$IO_URING_METADATA_GENERIC(0x0, 0x4, &(0x7f0000000080)=0xfffffffc, 0x0, 0x4)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0x2, 0x8031, 0xffffffffffffffff, 0x0)
madvise(&(0x7f0000000000/0x600000)=nil, 0x600003, 0x19)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f00000004c0)={0x0, 0xffffffffffffffff, 0x0, 0x51}, 0x18)
mbind(&(0x7f0000001000/0x800000)=nil, 0x800000, 0x0, 0x0, 0x0, 0x2)

11.449803691s ago: executing program 1 (id=3157):
socketpair$unix(0x1, 0x3, 0x0, &(0x7f0000000080)={<r0=>0xffffffffffffffff, <r1=>0xffffffffffffffff})
connect$unix(r0, &(0x7f000057eff8)=@abs={0x0, 0x0, 0x4e20}, 0x6e)
sendmmsg$unix(r1, &(0x7f00000bd000), 0x318, 0x0)
recvmmsg(r0, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
r2 = socket$key(0xf, 0x3, 0x2)
r3 = fsopen(&(0x7f0000000000)='cifs\x00', 0x0)
fsconfig$FSCONFIG_SET_STRING(r3, 0x1, &(0x7f0000000040)='source', &(0x7f0000005fc0)='//\xf2/\x06\b/\xdf/o\xdc\xea\x95\x9a\x82\x10\x97W\x8f7\x98\x9b\\/\\\xf9\rmD\x94)U\xdb\x15X.I\n}\xf3\x9d\xe4_\x05\x9cqf4I^#b?9\xde\xafu\'\x83L\xe0\x97\xe1n_\xa4%\xb1\x97\x93\xafv\xce/\\\xb4L\xf2_\xa7\xfb\xf4\x84\x1fA\xeas^\xef\xa2\x85\xa3!\xfb\x93\xd7R\xab2\x1eW\xe9h\x9b\xf7ul\xf9D\xd4\x82X5\x13\xaa\x87\xf9\xba\xa9m\x14\x14R_\x9a\\>4\xce\x8e_#\xf8D\xb1\xdep\x01\xcc:\xa6\xc5n\xeb\xab\xf70\x99\xef\x8b<M\n\xc0`[\x82\xf6$\xa4\xbe\x1e\xd3\xe4\xd9L\x14\xed\xcf\xcb\x92\xf1\x83\x1a1\xa6\xf3e\xc2F\xc3\x00\xaa\xd5\xfc\x1bR\xa9\x8c\xb4&\x9f\xa2$\x06\x1a\xb0W#\xf4\xde6\x04c\xc0\xeec\xa0l\xd5d\xe5\xcd\xb2\xc10\x97w\x87\xe5\x06\x91W\rr\xf5\x97%\xe8pO\xeb]\xc2\x98C\xffK\xa0\xb3\\\x99{\xcdR\x92\x94\xf7\x1d\x01Q\x1a\xbd\x15b\x15h\xe2!\x00\xb9z)\x19\x00\xee\xd2)[p`\xb3\x03\xa7p\'X\xec\xcdoX\x05\xff\xff/o\xb2\xad\xb8\x89i@\f\xffS&\x8a\xc9\xfez\xc2\x90\xe7F\xa6\xdb\r\x03j,N\xe1lw\n\xad\xe8\xf0\xbd\xa1\x98\xce\xf9\x1eR\x9cc\xc5ke_\xa7\x11\"\x04\xd8.\xa0\x15\x83\xf1\x92\xdby\xe9\xdc@.\xc1g\xc6\fc\xa26\xd8\xdf\xef\xf7\x9c\x1a\xcc\x8am\x8b7\xcf\xc5\xa6\xf4\f\xabj%Y\xa9\xdd\x0e9e\xb5\xec\x99@\xd2\t\n\xb1o', 0x0)
fsconfig$FSCONFIG_SET_STRING(r3, 0x1, &(0x7f0000000080)='source', &(0x7f0000000240)='//\xf2/\x06\b\xa30\\/\xdc\xea\x95\x9a\x82\x10\x97W\x8f7\x98\x9b\\/\\\xf9\rmD\x94)U\xdb\x15X.I\n}\xf3\x9d\xe4_\x05\x9cqf4I^#b?9\xde\xafu\'\x83L\xe0\x97\xe1n_\xa4%\xb1\x97\x93\xafv\xce/\\\xb4L\xf2_\xa7\xfb\xf4\x84\x1fA\xeas\x9d\x14\xe3\v\xa3!\xfb\x93\xd7R\xab2\x1eW\xe9h\x9b\xf7Gl\xf9D\xd4\x82X5\x13\xaa\x87\xf9\xba\xa9m\x14\x14R_\x9a\\>4\xce\x8e_#\xf8D\xb1\xdep\x01\xcc:\xa6\xc5n\xeb\xab\xf70\x99\xef\x8b<M\n\xc0`[\x82\xf6$\xa4\xbe\x1e\xd3\xe4\xd9L\x14\xed\xcfK\xcc\xeb,\x1a1\xa6\xf3e\xc2F\xc3\x00\xaa\xd5\xfc\x1bR\xa9\x8c\xb4&\x9f\xa2$\x06\x1a\xb0W#\xf4\xde6\x04c\xc0\xeec\xa0l\xd5d\xe5\xcd\xb2\xc10\x97w\x87\xe5\x06\x91W\rr\xf5\x97%\xe8pO\xeb]\xc2\x98C\xffK\xa0\xb3\\\x99{\xcdR\x92\x94\xf7\x1d\x01Q\x1a\xbd\x15b\x15h\xe2!\x00\xb9z)\x19\x00\xee\xd2)[p`\xb3\x03\xa7p\'X\xec\xcdoX\x05\xff\xff/o\xb2\xad\xb8\x89i@\f\xffS&\x8a\xc9\xfez\xc2\x90\xe7F\xa6\xdb\r\x03j,N\xe1lw\n\xad\xe8\xf0\xbd\xa1\x98\xce\xf9\x1eR\x9cc\xc5ke_\xa7\x11\"\x04\xd8.\xa0\x15\x83\xf1\x92\xdby\xe9\xdc@.\xc1g\xc6\fc\xa26\xd8\xdf\xef\xf7\x9c\x1a\xcc\x8am\x8b7\xcf\xc5\xa6\xf4\f\xabj%Y\xa9\xdd\x0e9e\xb5\xec\x99@\xd2\t\n\xb1o', 0x0)
sendmsg$key(r2, &(0x7f00000000c0)={0x3, 0x0, &(0x7f0000000340)={&(0x7f0000000400)=ANY=[@ANYBLOB="020100030e00000000000000000000000500060000003a000a00000000000000fc020000000000000000000000000000000000000000000005000500000000000a00"/76], 0x70}, 0x1, 0x7}, 0x0)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
write$RDMA_USER_CM_CMD_CREATE_ID(r1, 0x0, 0x0)
sched_setattr(0x0, &(0x7f0000000100)={0x38, 0x5, 0x0, 0x1, 0x0, 0x0, 0x4ee59ce4, 0xfffffffffffffffe, 0xfffffffc}, 0x0)
r4 = getpid()
getdents(0xffffffffffffffff, 0x0, 0x0)
r5 = socket$nl_netfilter(0x10, 0x3, 0xc)
sendmsg$NFT_BATCH(r5, &(0x7f0000000200)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000240)=ANY=[@ANYBLOB="140000001000010000000000000000000000000a20000000000a03000000000000000000010000000900010073797a300000000074000000160a05000000000000000000010000000900020073797a30000000000900010073797a300000000008000740000000034000038008000240000000000800014000006d"], 0xbc}}, 0x0)
r6 = syz_pidfd_open(r4, 0x0)
ioctl$DRM_IOCTL_AGP_ENABLE(0xffffffffffffffff, 0x40086432, 0x0)
setns(r6, 0x8020000)
syz_clone3(&(0x7f00000008c0)={0x14860000, 0x0, 0x0, 0x0, {0x28}, 0x0, 0x0, 0x0, 0x0}, 0x58)

10.588624275s ago: executing program 4 (id=3158):
syz_open_procfs(0x0, 0x0)
r0 = socket$nl_route(0x10, 0x3, 0x0)
socket(0x1, 0x803, 0x0)
sendmsg$nl_route(r0, &(0x7f0000000080)={0x0, 0x0, 0x0}, 0x804)
r1 = syz_usb_connect$hid(0x0, 0x36, 0x0, 0x0)
syz_usb_control_io$hid(r1, 0x0, 0x0)
r2 = syz_open_dev$video4linux(0x0, 0x5, 0x0)
ioctl$VIDIOC_SUBDEV_G_FMT(r2, 0xc0585604, &(0x7f00000001c0)={0x0, 0x1000000, {0x28, 0x64, 0x2025, 0x5, 0x1, 0x0, 0x1, 0x4}})
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xf, 0x4008032, 0xffffffffffffffff, 0x0)
socketpair$unix(0x1, 0x2, 0x0, 0x0)
connect$unix(0xffffffffffffffff, &(0x7f000057eff8)=@abs, 0x6e)
sendmmsg$unix(0xffffffffffffffff, &(0x7f00000bd000), 0x318, 0x0)
recvmmsg(0xffffffffffffffff, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
sendmsg(0xffffffffffffffff, &(0x7f0000000180)={0x0, 0x0, 0x0}, 0x0)
madvise(&(0x7f0000000000/0x600000)=nil, 0x600003, 0x15)
madvise(&(0x7f0000000000/0x600000)=nil, 0x600000, 0x3)

9.984151149s ago: executing program 1 (id=3159):
socketpair$unix(0x1, 0x3, 0x0, &(0x7f0000000480)={<r0=>0xffffffffffffffff, <r1=>0xffffffffffffffff})
connect$unix(r0, &(0x7f000057eff8)=@abs, 0x6e)
openat$dsp1(0xffffffffffffff9c, 0x0, 0x20500, 0x0)
sendmmsg$unix(r1, &(0x7f00000bd000), 0x318, 0x0)
recvmmsg(r0, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
sendmsg(r1, &(0x7f0000000180)={0x0, 0x0, 0x0}, 0x0)
socket(0x400000000010, 0x3, 0x0)
setsockopt$inet6_IPV6_FLOWLABEL_MGR(0xffffffffffffffff, 0x29, 0x20, 0x0, 0x0)
setsockopt$inet6_IPV6_FLOWLABEL_MGR(0xffffffffffffffff, 0x29, 0x20, 0x0, 0x0)
r2 = openat$audio1(0xffffffffffffff9c, &(0x7f0000000080), 0x129202, 0x0)
r3 = openat$sysfs(0xffffffffffffff9c, 0x0, 0x141a82, 0x10)
read$FUSE(r3, &(0x7f0000000e40)={0x2020}, 0x2020)
ioctl$SNDCTL_DSP_SETFMT(r2, 0xc0045005, &(0x7f00000000c0)=0x20)
ppoll(0x0, 0x0, 0x0, 0x0, 0x0)
connect$unix(0xffffffffffffffff, &(0x7f00000002c0)=@abs={0x0, 0x0, 0x4e20}, 0x6e)
write$binfmt_elf32(r2, 0x0, 0x4cd)
socket$nl_sock_diag(0x10, 0x3, 0x4)
ioctl$SNDCTL_DSP_SETFMT(r2, 0xc0045005, &(0x7f0000000100)=0x1)
write$dsp(r2, &(0x7f0000000140)="755a5398d512d39077459e67ee110daaf0413bc745ef85b89f2141d513969bd8", 0xffaa)

9.983825252s ago: executing program 2 (id=3160):
openat$kvm(0xffffffffffffff9c, &(0x7f0000000040), 0x20040, 0x0)
socketpair$unix(0x1, 0x3, 0x0, &(0x7f0000000080)={<r0=>0xffffffffffffffff, <r1=>0xffffffffffffffff})
connect$unix(r0, &(0x7f0000000300)=@abs, 0x6e)
sendmmsg$unix(r1, &(0x7f00000bd000), 0x318, 0x0)
recvmmsg(r0, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
close_range(0xffffffffffffffff, 0xffffffffffffffff, 0x2)
openat(0xffffffffffffff9c, &(0x7f0000000040)='.\x00', 0x202400, 0x0)
sched_setattr(0x0, &(0x7f0000000100)={0x38, 0x5, 0x0, 0x0, 0x0, 0xb4c, 0x9, 0x6, 0x0, 0x3}, 0x0)
add_key(&(0x7f00000000c0)='pkcs7_test\x00', 0x0, &(0x7f0000000000)="100c0681000000ba8b0ad775b31b", 0xe, 0xfffffffffffffffc)
sendmsg$NL80211_CMD_NEW_STATION(0xffffffffffffffff, 0x0, 0x0)
r2 = openat$ptmx(0xffffffffffffff9c, &(0x7f00000000c0), 0x0, 0x0)
ioctl$TCSETS(r2, 0x40045431, &(0x7f0000000140)={0x0, 0xdffffffe, 0x80, 0x0, 0x0, "8100e1c8e80b598c36ff000800"})
r3 = syz_open_pts(r2, 0x141601)
fcntl$setstatus(r3, 0x4, 0x102800)
write(r3, &(0x7f0000000000)="d5", 0xfffffedf)
ioctl$UFFDIO_API(0xffffffffffffffff, 0xc018aa3f, &(0x7f0000000080)={0xaa, 0x582})
ioctl$TIOCSETD(r3, 0x5423, &(0x7f0000000040)=0x3)
r4 = seccomp$SECCOMP_SET_MODE_FILTER_LISTENER(0x1, 0x0, &(0x7f0000000340)={0x1, &(0x7f0000000000)=[{0x6, 0xf, 0x0, 0x7fff8000}]})
close_range(r4, 0xffffffffffffffff, 0x0)

8.130747623s ago: executing program 2 (id=3161):
r0 = socket$inet6_tcp(0xa, 0x1, 0x0)
listen(r0, 0x220c)
r1 = socket$inet6_tcp(0xa, 0x1, 0x0)
listen(r1, 0x0)
r2 = socket$inet6_tcp(0xa, 0x1, 0x0)
listen(r2, 0x0)
r3 = socket$inet6_tcp(0xa, 0x1, 0x0)
listen(r3, 0x0)
r4 = socket$inet6_tcp(0xa, 0x1, 0x0)
bind$inet6(r4, &(0x7f0000000040)={0xa, 0x4e22, 0x0, @empty}, 0x1c)
r5 = socket$inet6_tcp(0xa, 0x1, 0x0)
listen(r5, 0x0)
r6 = socket$inet6_tcp(0xa, 0x1, 0x0)
listen(r6, 0x0)
r7 = socket$inet6_tcp(0xa, 0x1, 0x0)
listen(r7, 0x0)
r8 = socket$netlink(0x10, 0x3, 0x8000000004)
writev(r8, &(0x7f0000000040)=[{&(0x7f0000000200)="580000001400192340834b80040d8c560a06e7bc45ff810500000000000058000b480000945f64009400050028925a01000000000000008000f0fffeffa809000000", 0x42}], 0x1)

7.979330422s ago: executing program 2 (id=3162):
socketpair$unix(0x1, 0x3, 0x0, &(0x7f0000000080)={<r0=>0xffffffffffffffff, <r1=>0xffffffffffffffff})
connect$unix(r0, &(0x7f000057eff8)=@abs, 0x6e)
sendmmsg$unix(r1, &(0x7f00000bd000), 0x218, 0x0)
r2 = openat$tun(0xffffffffffffff9c, &(0x7f0000000000), 0x40241, 0x0)
ioctl$TUNSETIFF(r2, 0x400454ca, &(0x7f0000000200)={'syzkaller1\x00', 0xc201})
r3 = socket$kcm(0x2, 0xa, 0x2)
ioctl$SIOCSIFHWADDR(r3, 0x8914, &(0x7f0000000240)={'syzkaller1\x00', @multicast})
write$tun(r2, &(0x7f0000000080)={@val={0x3, 0x800}, @val={0x1, 0x0, 0x0, 0x800, 0x14, 0x16}, @ipv4=@icmp={{0x5, 0x4, 0x0, 0x0, 0x30, 0x65, 0x0, 0x0, 0x1, 0x0, @private=0xa010100, @local}, @dest_unreach={0x4, 0xc, 0x0, 0x0, 0x0, 0x0, {0x5, 0x4, 0x0, 0x0, 0x3, 0x0, 0x1, 0x0, 0x11, 0x0, @multicast2, @loopback}}}}, 0x3e)
recvmmsg(r0, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
openat$dsp1(0xffffffffffffff9c, 0x0, 0x0, 0x0)
mmap(&(0x7f0000ffe000/0x2000)=nil, 0x2000, 0x100000f, 0x810, 0xffffffffffffffff, 0x57c68000)
sched_setattr(0x0, &(0x7f0000000100)={0x38, 0x5, 0x0, 0x0, 0x0, 0x0, 0x0, 0xfffffffffffffffe}, 0x0)
r4 = socket$inet_mptcp(0x2, 0x1, 0x106)
socket$nl_route(0x10, 0x3, 0x0)
bind$inet(r4, &(0x7f0000000080)={0x2, 0x4e24, @multicast2}, 0x10)
connect$inet(r4, &(0x7f00000009c0)={0x2, 0x4e24, @dev={0xac, 0x14, 0x14, 0x21}}, 0x10)
seccomp$SECCOMP_SET_MODE_FILTER_LISTENER(0x1, 0x7, &(0x7f0000000100)={0x1, &(0x7f0000000000)=[{0x6, 0x0, 0x0, 0x7fff0000}]})
getcwd(&(0x7f0000000540)=""/4096, 0x1000)
shutdown(r4, 0x1)

7.477165073s ago: executing program 4 (id=3163):
syz_open_procfs(0x0, 0x0)
r0 = socket$nl_route(0x10, 0x3, 0x0)
socket(0x1, 0x803, 0x0)
sendmsg$nl_route(r0, &(0x7f0000000080)={0x0, 0x0, 0x0}, 0x804)
r1 = syz_usb_connect$hid(0x0, 0x36, 0x0, 0x0)
syz_usb_control_io$hid(r1, 0x0, 0x0)
r2 = syz_open_dev$video4linux(0x0, 0x5, 0x0)
ioctl$VIDIOC_SUBDEV_G_FMT(r2, 0xc0585604, &(0x7f00000001c0)={0x0, 0x1000000, {0x28, 0x64, 0x2025, 0x5, 0x1, 0x0, 0x1, 0x4}})
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xf, 0x4008032, 0xffffffffffffffff, 0x0)
socketpair$unix(0x1, 0x2, 0x0, 0x0)
connect$unix(0xffffffffffffffff, &(0x7f000057eff8)=@abs, 0x6e)
sendmmsg$unix(0xffffffffffffffff, &(0x7f00000bd000), 0x318, 0x0)
recvmmsg(0xffffffffffffffff, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
sendmsg(0xffffffffffffffff, &(0x7f0000000180)={0x0, 0x0, 0x0}, 0x0)
madvise(&(0x7f0000000000/0x600000)=nil, 0x600003, 0x15)
madvise(&(0x7f0000000000/0x600000)=nil, 0x600000, 0x3)

6.800413831s ago: executing program 1 (id=3164):
prctl$PR_SET_THP_DISABLE(0x29, 0x8)
sendmsg$NFT_BATCH(0xffffffffffffffff, 0x0, 0x0)
fsmount(0xffffffffffffffff, 0x0, 0x0)
openat$sysctl(0xffffff9c, &(0x7f0000000080)='/proc/sys/net/ipv4/tcp_window_scaling\x00', 0x1, 0x0)
open_tree(0xffffffffffffff9c, 0x0, 0x89980)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
socketpair$unix(0x1, 0x3, 0x0, &(0x7f0000000080)={<r0=>0xffffffffffffffff, <r1=>0xffffffffffffffff})
connect$unix(r0, &(0x7f0000000180)=@abs={0x0, 0x0, 0x4e24}, 0x6e)
sendmmsg$unix(r1, &(0x7f00000bd000), 0x318, 0x0)
recvmmsg(r0, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
r2 = openat(0xffffffffffffff9c, &(0x7f0000000000)='./file1\x00', 0x401c2, 0x0)
ftruncate(r2, 0x8800000)
socketpair$nbd(0x1, 0x1, 0x0, &(0x7f00000000c0)={<r3=>0xffffffffffffffff, <r4=>0xffffffffffffffff})
recvmmsg(r4, &(0x7f00000034c0)=[{{0x0, 0x0, &(0x7f0000001e40)=[{&(0x7f0000000b80)=""/4096, 0x20001b80}, {&(0x7f0000001b80)=""/112, 0x70}], 0x2, 0x0, 0xa0028cb4}}], 0x40000000000013c, 0x700, 0x0)
sendfile(r3, r2, 0x0, 0x578410eb)
fcntl$lock(0xffffffffffffffff, 0x25, &(0x7f00000000c0))
openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000080)='cpuset.effective_cpus\x00', 0x275a, 0x0)
recvmmsg(0xffffffffffffffff, 0x0, 0x0, 0x2, 0x0)
openat$binder_debug(0xffffffffffffff9c, 0x0, 0x0, 0x0)
madvise(&(0x7f0000a93000/0x4000)=nil, 0x4000, 0x80000000e)

5.680397126s ago: executing program 1 (id=3165):
socketpair$unix(0x1, 0x3, 0x0, &(0x7f0000000080)={<r0=>0xffffffffffffffff, <r1=>0xffffffffffffffff})
sendmmsg$unix(r1, &(0x7f00000bd000), 0x318, 0x0)
recvmmsg(r0, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
r2 = socket$inet6_sctp(0xa, 0x1, 0x84)
setsockopt$inet_sctp6_SCTP_SOCKOPT_BINDX_ADD(r2, 0x84, 0x64, &(0x7f0000000080)=[@in={0x2, 0x4e20, @empty}], 0x10)
getsockopt$inet_sctp6_SCTP_SOCKOPT_CONNECTX3(r2, 0x84, 0x6f, &(0x7f00000000c0)={<r3=>0x0, 0x10, &(0x7f0000000040)=[@in={0x2, 0x4e20, @dev={0xac, 0x14, 0x14, 0x20}}]}, &(0x7f0000000100)=0x10)
setsockopt$inet6_opts(r2, 0x29, 0x39, &(0x7f0000000000)=@fragment={0x3b, 0x0, 0x1, 0x0, 0x0, 0x6, 0x68}, 0x8)
r4 = socket$nl_generic(0x10, 0x3, 0x10)
ioctl$sock_SIOCGIFINDEX_80211(r4, 0x8933, &(0x7f0000000080)={'wlan1\x00', <r5=>0x0})
r6 = syz_genetlink_get_family_id$nl80211(&(0x7f0000000000), 0xffffffffffffffff)
sendmsg$NL80211_CMD_SET_CQM(r4, &(0x7f0000000200)={0x0, 0x0, &(0x7f0000000280)={&(0x7f0000000580)={0x2c, r6, 0x1, 0x0, 0x0, {{}, {@val={0x8, 0x3, r5}, @void}}, [@NL80211_ATTR_CQM={0x10, 0x5e, 0x0, 0x1, [@NL80211_ATTR_CQM_RSSI_HYST={0x8, 0x2, 0x1000000}, @NL80211_ATTR_CQM_RSSI_THOLD={0x4}]}]}, 0x2c}}, 0x0)
r7 = socket$netlink(0x10, 0x3, 0x0)
r8 = socket(0x200000000000011, 0x2, 0x0)
ioctl$sock_SIOCGIFINDEX(r8, 0x8933, 0x0)
sendmsg$nl_route(r7, &(0x7f0000000200)={0x0, 0x0, &(0x7f0000000540)={&(0x7f0000000240)=ANY=[@ANYBLOB="3c000000100005ff04000000000000000000004a", @ANYRES32=0x0, @ANYBLOB="0000000000000000140012800b00010062617461647600000400028008000a00", @ANYRES32, @ANYBLOB], 0x3c}}, 0x0)
setsockopt$inet_sctp6_SCTP_PEER_ADDR_PARAMS(r2, 0x84, 0x9, &(0x7f0000000840)={r3, @in6={{0xa, 0x4e20, 0x3ae, @empty, 0x129}}, 0x2, 0x2, 0x614, 0x1, 0xd, 0x7, 0x4}, 0x9c)

4.593806787s ago: executing program 1 (id=3166):
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
socketpair$unix(0x1, 0x3, 0x0, &(0x7f0000000080)={<r0=>0xffffffffffffffff, <r1=>0xffffffffffffffff})
connect$unix(r0, &(0x7f000057eff8)=@abs, 0x6e)
sendmmsg$unix(r1, &(0x7f00000bd000), 0x318, 0x0)
recvmmsg(r0, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
sendmsg(r1, &(0x7f0000000180)={0x0, 0x0, 0x0}, 0x0)
sched_setattr(0x0, &(0x7f0000000100)={0x38, 0x5, 0x0, 0x0, 0x0, 0xb49, 0x9, 0x8, 0x0, 0x3}, 0x0)
syz_open_dev$dri(0x0, 0xd21, 0x4000)
syz_fuse_handle_req(0xffffffffffffffff, 0x0, 0x0, 0x0)
syz_open_dev$vbi(0x0, 0x0, 0x2)
ioctl$BLKTRACESTART(0xffffffffffffffff, 0x1274, 0x0)
syz_genetlink_get_family_id$l2tp(&(0x7f0000000040), 0xffffffffffffffff)
gettid()
r2 = socket$nl_generic(0x10, 0x3, 0x10)
sendmsg$nl_generic(r2, &(0x7f0000000180)={0x0, 0x0, &(0x7f0000000200)={&(0x7f0000000300)=ANY=[@ANYBLOB="18000000240001030000000000000000010000000400ae"], 0x18}, 0x1, 0x0, 0x0, 0x8001}, 0x4000)
recvmmsg(r2, &(0x7f0000002c00)=[{{0x0, 0x0, 0x0}, 0x200001}, {{0x0, 0x0, 0x0}, 0x200}, {{0x0, 0x0, 0x0}, 0x401}, {{0x0, 0x0, 0x0}, 0x101}, {{0x0, 0x0, 0x0}, 0x40}, {{0x0, 0x0, 0x0}, 0x409}, {{0x0, 0x0, &(0x7f0000000600)=[{&(0x7f0000000540)=""/130, 0x82}, {&(0x7f0000001a00)=""/4109, 0x100d}, {&(0x7f0000006080)=""/4085, 0xff5}, {&(0x7f0000000340)=""/113, 0x71}, {&(0x7f0000000240)=""/78, 0x4e}, {&(0x7f0000000100)=""/98, 0x62}, {&(0x7f00000003c0)=""/100, 0x64}, {&(0x7f0000000440)=""/67, 0x43}], 0x8}, 0x4db}, {{0x0, 0x0, 0x0}, 0x8}], 0x8, 0x0, 0x0)
r3 = openat$procfs(0xffffffffffffff9c, &(0x7f0000000000)='/proc/partitions\x00', 0x0, 0x0)
r4 = openat$sysctl(0xffffffffffffff9c, &(0x7f00000000c0)='/proc/sys/vm/drop_caches\x00', 0x1, 0x0)
timer_create(0x2, &(0x7f0000000080)={0x0, 0x3c, 0x0, @thr={0x0, &(0x7f0000000100)}}, 0x0)
sendfile(r4, r3, &(0x7f0000002080)=0x64, 0x21c)

4.593473362s ago: executing program 2 (id=3167):
r0 = socket$netlink(0x10, 0x3, 0x0)
socketpair$nbd(0x1, 0x1, 0x0, &(0x7f00000007c0)={<r1=>0xffffffffffffffff})
r2 = syz_open_dev$dri(&(0x7f0000000080), 0x0, 0x0)
ioctl$DRM_IOCTL_MODE_CREATE_DUMB(r2, 0xc02064b2, &(0x7f0000000180)={0x9, 0x5, 0x10009})
mmap(&(0x7f0000001000/0x4000)=nil, 0x4000, 0x4, 0x11, r2, 0x100000)
munmap(&(0x7f0000001000/0x3000)=nil, 0x3000)
syz_emit_vhci(&(0x7f0000001680)=@HCI_EVENT_PKT={0x4, @hci_ev_auth_complete={{0x6, 0x3}, {0x0, 0xc9}}}, 0x6)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
timer_create(0x0, &(0x7f0000000080)={0x0, 0x11, 0x0, @thr={0x0, 0x0}}, &(0x7f0000000000))
timer_settime(0x0, 0x0, &(0x7f0000000240)={{0x0, 0x8}, {0x0, 0x9}}, 0x0)
r3 = openat$random(0xffffffffffffff9c, &(0x7f0000002080), 0x0, 0x0)
r4 = dup(r3)
read$FUSE(r4, &(0x7f0000000040)={0x2020}, 0xfdef)
ioctl$sock_SIOCETHTOOL(r1, 0x8946, &(0x7f0000000f00)={'dummy0\x00', 0x0})
r5 = syz_io_uring_setup(0x131, &(0x7f0000000340)={0x0, 0x5cb1, 0x2, 0x4, 0xfffffffd}, &(0x7f0000000140), &(0x7f0000000280))
io_uring_enter(r5, 0x1e76, 0x0, 0x6, 0x0, 0x0)
sendmsg$nl_route(r0, &(0x7f0000000240)={0x0, 0x0, &(0x7f00000000c0)={&(0x7f0000000000)=@newlink={0x20, 0x10, 0x200, 0x0, 0x1, {0x0, 0x0, 0x0, 0x0, 0x1809}}, 0x20}, 0x1, 0x0, 0x0, 0x4004040}, 0x0)

4.59307773s ago: executing program 4 (id=3168):
socketpair$unix(0x1, 0x3, 0x0, &(0x7f0000000080)={<r0=>0xffffffffffffffff})
connect$unix(r0, &(0x7f000057eff8)=@abs, 0x6e)
recvmmsg(r0, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
r1 = socket$inet6_sctp(0xa, 0x1, 0x84)
setsockopt$inet_sctp6_SCTP_SOCKOPT_BINDX_ADD(r1, 0x84, 0x64, &(0x7f0000000080)=[@in={0x2, 0x4e20, @empty}], 0x10)
getsockopt$inet_sctp6_SCTP_SOCKOPT_CONNECTX3(r1, 0x84, 0x6f, &(0x7f00000000c0)={<r2=>0x0, 0x10, &(0x7f0000000040)=[@in={0x2, 0x4e20, @dev={0xac, 0x14, 0x14, 0x20}}]}, &(0x7f0000000100)=0x10)
setsockopt$inet6_opts(r1, 0x29, 0x39, &(0x7f0000000000)=@fragment={0x3b, 0x0, 0x1, 0x0, 0x0, 0x6, 0x68}, 0x8)
r3 = socket$nl_generic(0x10, 0x3, 0x10)
ioctl$sock_SIOCGIFINDEX_80211(r3, 0x8933, &(0x7f0000000080)={'wlan1\x00', <r4=>0x0})
r5 = syz_genetlink_get_family_id$nl80211(&(0x7f0000000000), 0xffffffffffffffff)
sendmsg$NL80211_CMD_SET_CQM(r3, &(0x7f0000000200)={0x0, 0x0, &(0x7f0000000280)={&(0x7f0000000580)={0x2c, r5, 0x1, 0x0, 0x0, {{}, {@val={0x8, 0x3, r4}, @void}}, [@NL80211_ATTR_CQM={0x10, 0x5e, 0x0, 0x1, [@NL80211_ATTR_CQM_RSSI_HYST={0x8, 0x2, 0x1000000}, @NL80211_ATTR_CQM_RSSI_THOLD={0x4}]}]}, 0x2c}}, 0x0)
r6 = socket$netlink(0x10, 0x3, 0x0)
r7 = socket(0x200000000000011, 0x2, 0x0)
ioctl$sock_SIOCGIFINDEX(r7, 0x8933, 0x0)
sendmsg$nl_route(r6, &(0x7f0000000200)={0x0, 0x0, &(0x7f0000000540)={&(0x7f0000000240)=ANY=[@ANYBLOB="3c000000100005ff04000000000000000000004a", @ANYRES32=0x0, @ANYBLOB="0000000000000000140012800b00010062617461647600000400028008000a00", @ANYRES32, @ANYBLOB], 0x3c}}, 0x0)
setsockopt$inet_sctp6_SCTP_PEER_ADDR_PARAMS(r1, 0x84, 0x9, &(0x7f0000000840)={r2, @in6={{0xa, 0x4e20, 0x3ae, @empty, 0x129}}, 0x2, 0x2, 0x614, 0x1, 0xd, 0x7, 0x4}, 0x9c)

4.149947142s ago: executing program 2 (id=3169):
socketpair$unix(0x1, 0x3, 0x0, &(0x7f0000000080)={<r0=>0xffffffffffffffff, <r1=>0xffffffffffffffff})
connect$unix(r0, &(0x7f000057eff8)=@abs, 0x6e)
sendmmsg$unix(r1, &(0x7f00000bd000), 0x318, 0x0)
pipe(&(0x7f00000000c0))
recvmmsg(r0, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x1, 0x0)
sendmsg(r1, &(0x7f0000000280)={0x0, 0x0, 0x0}, 0x0)
ioctl$SNDRV_RAWMIDI_IOCTL_INFO(0xffffffffffffffff, 0xc0305720, &(0x7f0000000580))
syz_usb_connect(0x0, 0x5f, 0x0, 0x0)
syz_open_procfs(0xffffffffffffffff, &(0x7f0000000140)='stat\x00')
syz_clone(0x11, 0x0, 0x0, 0x0, 0x0, 0x0)
write$6lowpan_control(0xffffffffffffffff, &(0x7f0000000180)='connect aa:aa:aa:aa:aa:11 0', 0x1b)
openat$adsp1(0xffffffffffffff9c, &(0x7f0000000140), 0x2, 0x0)
inotify_init1(0x0)
syz_open_dev$tty1(0xc, 0x4, 0x1)
r2 = socket$nl_netfilter(0x10, 0x3, 0xc)
sendmsg$IPSET_CMD_CREATE(r2, &(0x7f0000000100)={0x0, 0x0, &(0x7f00000000c0)={&(0x7f0000000140)={0x50, 0x2, 0x6, 0x5, 0x0, 0x0, {}, [@IPSET_ATTR_PROTOCOL={0x5}, @IPSET_ATTR_SETNAME={0x9, 0x2, 'syz1\x00'}, @IPSET_ATTR_DATA={0xc, 0x7, 0x0, 0x1, [@IPSET_ATTR_HASHSIZE={0x8}]}, @IPSET_ATTR_TYPENAME={0xc, 0x3, 'hash:ip\x00'}, @IPSET_ATTR_FAMILY={0x5, 0x5, 0xa}, @IPSET_ATTR_REVISION={0x5, 0x4, 0x1}]}, 0x50}, 0x1, 0x0, 0x0, 0x4004000}, 0x40080)
r3 = socket$nl_netfilter(0x10, 0x3, 0xc)
sendmsg$IPSET_CMD_FLUSH(r3, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000180)={&(0x7f0000000100)={0x1c, 0x4, 0x6, 0x101, 0x0, 0x0, {}, [@IPSET_ATTR_PROTOCOL={0x5}]}, 0x1c}}, 0x0)
openat$snapshot(0xffffffffffffff9c, &(0x7f0000000680), 0x40000, 0x19)

3.542226779s ago: executing program 4 (id=3170):
mmap$IORING_OFF_SQ_RING(&(0x7f0000400000/0xc00000)=nil, 0xc00000, 0x0, 0x50, 0xffffffffffffffff, 0x0)
socket(0xa, 0x3, 0x3a)
socketpair$unix(0x1, 0x3, 0x0, &(0x7f0000000080)={<r0=>0xffffffffffffffff, <r1=>0xffffffffffffffff})
connect$unix(r0, &(0x7f000057eff8)=@abs, 0x6e)
r2 = syz_open_dev$vim2m(&(0x7f0000000000), 0x3, 0x2)
ioctl$vim2m_VIDIOC_STREAMOFF(r2, 0x40045612, &(0x7f0000000080)=0x7)
sendmmsg$unix(r1, &(0x7f00000bd000), 0x318, 0x0)
recvmmsg(r0, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
sched_setattr(0x0, &(0x7f0000000280)={0x38, 0x5, 0x8, 0x8001, 0x0, 0x9, 0x0, 0xfffffe0000000001, 0xfa11, 0xffffffff}, 0x0)
madvise(&(0x7f0000a93000/0x4000)=nil, 0x4000, 0x80000000e)
r3 = openat$binderfs(0xffffffffffffff9c, &(0x7f0000000380)='./binderfs/binder0\x00', 0x0, 0x0)
ioctl$BINDER_SET_CONTEXT_MGR_EXT(r3, 0x4018620d, &(0x7f0000000280)={0x73622a85, 0x110b, 0x8000000000002})
r4 = openat$binderfs(0xffffffffffffff9c, &(0x7f0000000200)='./binderfs/binder0\x00', 0x0, 0x0)
ioctl$BINDER_WRITE_READ(r4, 0xc0306201, &(0x7f0000000080)={0x8, 0x0, &(0x7f0000000400)=[@increfs], 0xffffffffffffff61, 0x0, 0x0})
r5 = dup3(r4, r3, 0x0)
ioctl$BINDER_SET_CONTEXT_MGR_EXT(0xffffffffffffffff, 0x4018620d, &(0x7f0000000040)={0x73622a85, 0x10a})
ioctl$BINDER_WRITE_READ(r5, 0xc0306201, &(0x7f00000003c0)={0x54, 0x0, &(0x7f0000002440)=[@acquire, @transaction_sg={0x40486311, {0x1, 0x0, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x18, 0x0, &(0x7f0000002240)={0x30, 0x30, 0x30}}}], 0x0, 0x0, 0x0})
r6 = openat$binder_debug(0xffffffffffffff9c, &(0x7f0000000140)='/sys/kernel/debug/binder/stats\x00', 0x0, 0x0)
read$FUSE(r6, &(0x7f0000000180)={0x2020}, 0x143b)

2.187779793s ago: executing program 4 (id=3171):
socketpair$unix(0x1, 0x3, 0x0, &(0x7f0000000080)={<r0=>0xffffffffffffffff, <r1=>0xffffffffffffffff})
connect$unix(r0, &(0x7f000057eff8)=@abs, 0x6e)
sendmmsg$unix(r1, &(0x7f00000bd000), 0x318, 0x0)
recvmmsg(r0, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
sched_setattr(0x0, &(0x7f0000000280)={0x38, 0x5, 0x8, 0x8001, 0x0, 0x9, 0x0, 0xfffffe0000000001, 0xfa11, 0xffffffff}, 0x0)
openat$ttyS3(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0)
r2 = syz_usb_connect(0x0, 0x24, 0x0, 0x0)
close_range(0xffffffffffffffff, 0xffffffffffffffff, 0x6)
syz_usb_control_io$printer(r2, 0x0, 0x0)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200))
r3 = syz_io_uring_setup(0x49a, &(0x7f0000000400)={0x0, 0x7daf, 0x3180, 0x8000, 0xe1}, &(0x7f0000000340)=<r4=>0x0, &(0x7f0000000040)=<r5=>0x0)
syz_memcpy_off$IO_URING_METADATA_GENERIC(r4, 0x4, &(0x7f0000000000)=0xffb, 0x0, 0x4)
syz_io_uring_setup(0x10a, &(0x7f0000000680)={0x0, 0x80334c, 0x10, 0x3, 0x3d3}, &(0x7f0000000200)=<r6=>0x0, &(0x7f0000000300))
r7 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f00000000c0)='cpuset.memory_pressure_enabled\x00', 0x275a, 0x0)
syz_io_uring_submit(0x0, 0x0, &(0x7f00000001c0)=@IORING_OP_TEE={0x21, 0x0, 0x0, @fd_index=0x3, 0x0, 0x0, 0x1, 0x7})
write$UHID_CREATE2(r7, &(0x7f00000001c0)=ANY=[@ANYBLOB="06"], 0x118)
mmap(&(0x7f0000000000/0x3000)=nil, 0x3000, 0x1, 0x12, r7, 0x0)
syz_io_uring_submit(r6, r5, &(0x7f0000000000)=@IORING_OP_OPENAT={0x12, 0x0, 0x0, 0xffffffffffffff9c, 0x0, 0x0, 0x60, 0x185100, 0x23456})
io_uring_enter(r3, 0x627, 0xc1040000, 0x43, 0x0, 0x0)

393.484607ms ago: executing program 1 (id=3172):
socketpair$unix(0x1, 0x3, 0x0, &(0x7f0000000080)={<r0=>0xffffffffffffffff, <r1=>0xffffffffffffffff})
sendmmsg$unix(r1, &(0x7f00000bd000), 0x318, 0x0)
recvmmsg(r0, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
r2 = socket$inet6_sctp(0xa, 0x1, 0x84)
setsockopt$inet_sctp6_SCTP_SOCKOPT_BINDX_ADD(r2, 0x84, 0x64, &(0x7f0000000080)=[@in={0x2, 0x4e20, @empty}], 0x10)
getsockopt$inet_sctp6_SCTP_SOCKOPT_CONNECTX3(r2, 0x84, 0x6f, &(0x7f00000000c0)={<r3=>0x0, 0x10, &(0x7f0000000040)=[@in={0x2, 0x4e20, @dev={0xac, 0x14, 0x14, 0x20}}]}, &(0x7f0000000100)=0x10)
setsockopt$inet6_opts(r2, 0x29, 0x39, &(0x7f0000000000)=@fragment={0x3b, 0x0, 0x1, 0x0, 0x0, 0x6, 0x68}, 0x8)
r4 = socket$nl_generic(0x10, 0x3, 0x10)
ioctl$sock_SIOCGIFINDEX_80211(r4, 0x8933, &(0x7f0000000080)={'wlan1\x00', <r5=>0x0})
r6 = syz_genetlink_get_family_id$nl80211(&(0x7f0000000000), 0xffffffffffffffff)
sendmsg$NL80211_CMD_SET_CQM(r4, &(0x7f0000000200)={0x0, 0x0, &(0x7f0000000280)={&(0x7f0000000580)={0x2c, r6, 0x1, 0x0, 0x0, {{}, {@val={0x8, 0x3, r5}, @void}}, [@NL80211_ATTR_CQM={0x10, 0x5e, 0x0, 0x1, [@NL80211_ATTR_CQM_RSSI_HYST={0x8, 0x2, 0x1000000}, @NL80211_ATTR_CQM_RSSI_THOLD={0x4}]}]}, 0x2c}}, 0x0)
r7 = socket$netlink(0x10, 0x3, 0x0)
r8 = socket(0x200000000000011, 0x2, 0x0)
ioctl$sock_SIOCGIFINDEX(r8, 0x8933, 0x0)
sendmsg$nl_route(r7, &(0x7f0000000200)={0x0, 0x0, &(0x7f0000000540)={&(0x7f0000000240)=ANY=[@ANYBLOB="3c000000100005ff04000000000000000000004a", @ANYRES32=0x0, @ANYBLOB="0000000000000000140012800b00010062617461647600000400028008000a00", @ANYRES32, @ANYBLOB], 0x3c}}, 0x0)
setsockopt$inet_sctp6_SCTP_PEER_ADDR_PARAMS(r2, 0x84, 0x9, &(0x7f0000000840)={r3, @in6={{0xa, 0x4e20, 0x3ae, @empty, 0x129}}, 0x2, 0x2, 0x614, 0x1, 0xd, 0x7, 0x4}, 0x9c)

0s ago: executing program 2 (id=3173):
r0 = socket$netlink(0x10, 0x3, 0x0)
socketpair$nbd(0x1, 0x1, 0x0, &(0x7f00000007c0)={<r1=>0xffffffffffffffff})
r2 = syz_open_dev$dri(&(0x7f0000000080), 0x0, 0x0)
ioctl$DRM_IOCTL_MODE_CREATE_DUMB(r2, 0xc02064b2, &(0x7f0000000180)={0x9, 0x5, 0x10009})
mmap(&(0x7f0000001000/0x4000)=nil, 0x4000, 0x4, 0x11, r2, 0x100000)
munmap(&(0x7f0000001000/0x3000)=nil, 0x3000)
syz_emit_vhci(&(0x7f0000001680)=@HCI_EVENT_PKT={0x4, @hci_ev_auth_complete={{0x6, 0x3}, {0x0, 0xc9}}}, 0x6)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
timer_create(0x0, &(0x7f0000000080)={0x0, 0x11, 0x0, @thr={0x0, 0x0}}, &(0x7f0000000000))
timer_settime(0x0, 0x0, &(0x7f0000000240)={{0x0, 0x8}, {0x0, 0x9}}, 0x0)
r3 = dup(0xffffffffffffffff)
read$FUSE(r3, &(0x7f0000000040)={0x2020}, 0xfdef)
ioctl$sock_SIOCETHTOOL(r1, 0x8946, &(0x7f0000000f00)={'dummy0\x00', &(0x7f0000000180)=@ethtool_perm_addr={0x4b, 0x9, "437207000000100047"}})
r4 = syz_io_uring_setup(0x131, &(0x7f0000000340)={0x0, 0x5cb1, 0x2, 0x4, 0xfffffffd}, &(0x7f0000000140), &(0x7f0000000280))
io_uring_enter(r4, 0x1e76, 0x0, 0x6, 0x0, 0x0)
sendmsg$nl_route(r0, &(0x7f0000000240)={0x0, 0x0, &(0x7f00000000c0)={&(0x7f0000000000)=@newlink={0x20, 0x10, 0x200, 0x0, 0x1, {0x0, 0x0, 0x0, 0x0, 0x1809}}, 0x20}, 0x1, 0x0, 0x0, 0x4004040}, 0x0)

kernel console output (not intermixed with test programs):

ngs: Mfr=0, Product=0, SerialNumber=3
[  872.331260][   T24] usb 3-1: SerialNumber: syz
[  872.565845][   T24] usb 3-1: 0:2 : does not exist
[  873.005402][T17438] syzkaller0: entered promiscuous mode
[  873.017436][T17438] syzkaller0: entered allmulticast mode
[  873.035551][T17438] tipc: Enabled bearer <eth:syzkaller0>, priority 0
[  873.055320][T17438] sch_tbf: burst 127 is lower than device syzkaller0 mtu (1514) !
[  873.099420][T17438] tipc: Resetting bearer <eth:syzkaller0>
[  873.125840][T17437] tipc: Resetting bearer <eth:syzkaller0>
[  873.365139][T17437] tipc: Disabling bearer <eth:syzkaller0>
[  873.401407][   T24] usb 3-1: USB disconnect, device number 53
[  874.849917][T17470] @: renamed from vlan0
[  876.738094][   T24] usb 5-1: new high-speed USB device number 37 using dummy_hcd
[  877.063293][   T24] usb 5-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7
[  877.084438][   T24] usb 5-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0
[  877.102483][   T24] usb 5-1: New USB device found, idVendor=10c4, idProduct=ea90, bcdDevice= 0.00
[  877.123852][   T24] usb 5-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  877.150585][   T24] usb 5-1: config 0 descriptor??
[  877.591475][   T24] cp2112 0003:10C4:EA90.0018: unknown main item tag 0x0
[  877.713515][   T24] cp2112 0003:10C4:EA90.0018: hidraw0: USB HID v0.00 Device [HID 10c4:ea90] on usb-dummy_hcd.4-1/input0
[  877.834450][   T24] cp2112 0003:10C4:EA90.0018: Part Number: 0x82 Device Version: 0xFE
[  879.167355][T17507] netlink: 16 bytes leftover after parsing attributes in process `syz.1.2239'.
[  879.404095][T13951] usb 5-1: reset high-speed USB device number 37 using dummy_hcd
[  880.339110][T17519] netlink: 4 bytes leftover after parsing attributes in process `syz.2.2240'.
[  880.848930][   T30] audit: type=1326 audit(1757727670.692:404): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=17525 comm="syz.1.2243" exe="/root/syz-executor" sig=31 arch=40000003 syscall=240 compat=1 ip=0xf7f92539 code=0x0
[  881.255472][   T30] audit: type=1326 audit(1757727671.092:405): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=17532 comm="syz.4.2245" exe="/root/syz-executor" sig=9 arch=40000003 syscall=252 compat=1 ip=0xf7f72539 code=0x0
[  881.391104][   T24] usb 5-1: USB disconnect, device number 37
[  885.004324][T17585] openvswitch: netlink: Flow actions may not be safe on all matching packets.
[  886.241403][T17601] netlink: 4388 bytes leftover after parsing attributes in process `syz.1.2258'.
[  886.322869][T17602] netlink: 4 bytes leftover after parsing attributes in process `syz.3.2259'.
[  886.930005][T17604] netlink: 28 bytes leftover after parsing attributes in process `syz.4.2261'.
[  886.939557][T17604] netlink: 28 bytes leftover after parsing attributes in process `syz.4.2261'.
[  889.382539][T17626] syzkaller0: entered promiscuous mode
[  889.402895][T17626] syzkaller0: entered allmulticast mode
[  892.986469][T17659] IPVS: set_ctl: invalid protocol: 170 0.0.0.0:32770
[  893.105323][T17669] netlink: 'syz.1.2277': attribute type 1 has an invalid length.
[  893.383915][T17669] 8021q: adding VLAN 0 to HW filter on device bond4
[  893.567682][T17669] bond3: (slave bond4): making interface the new active one
[  893.699752][T17669] bond3: (slave bond4): Enslaving as an active interface with an up link
[  895.209746][T17669] bond3: (slave gretap2): Enslaving as a backup interface with an up link
[  895.409397][T17700] syzkaller0: entered promiscuous mode
[  895.412883][T17669] netlink: 28 bytes leftover after parsing attributes in process `syz.1.2277'.
[  895.424183][T17700] syzkaller0: entered allmulticast mode
[  895.649527][T17669] 8021q: adding VLAN 0 to HW filter on device bond3
[  896.746215][T17715] kvm: vcpu 0: requested lapic timer restore with starting count register 0x390=3070988179 (3070988179 ns) > initial count (1876204212 ns). Using initial count to start timer.
[  897.460949][T17705] random: crng reseeded on system resumption
[  899.141352][ T5935] usb 2-1: new full-speed USB device number 54 using dummy_hcd
[  899.313057][ T5935] usb 2-1: unable to get BOS descriptor or descriptor too short
[  899.338867][ T5935] usb 2-1: not running at top speed; connect to a high speed hub
[  899.369343][ T5935] usb 2-1: config 7 has an invalid interface number: 180 but max is 0
[  899.388325][ T5935] usb 2-1: config 7 has no interface number 0
[  899.395725][ T5935] usb 2-1: config 7 interface 180 has no altsetting 0
[  899.441620][ T5935] usb 2-1: New USB device found, idVendor=06a2, idProduct=0003, bcdDevice=3c.f2
[  899.451141][ T5935] usb 2-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  899.460113][ T5935] usb 2-1: Product: syz
[  899.464326][ T5935] usb 2-1: SerialNumber: syz
[  899.740836][T17738] netlink: 'syz.2.2288': attribute type 10 has an invalid length.
[  899.760297][T17738] netlink: 'syz.2.2288': attribute type 10 has an invalid length.
[  899.769125][T17738] dummy0: left promiscuous mode
[  899.776354][T17738] dummy0: left allmulticast mode
[  899.876083][T17738] team0: Failed to send port change of device dummy0 via netlink (err -105)
[  899.892155][T17738] team0: Port device dummy0 removed
[  899.903958][T17738] dummy0: entered promiscuous mode
[  899.910085][T17738] dummy0: entered allmulticast mode
[  899.916330][T17738] bond0: (slave dummy0): Enslaving as an active interface with an up link
[  899.930332][T17740] tipc: Enabling of bearer <eth:syzkaller0> rejected, already enabled
[  900.178340][    T9] usb 5-1: new high-speed USB device number 38 using dummy_hcd
[  900.361906][    T9] usb 5-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0
[  900.427663][    T9] usb 5-1: config 0 interface 0 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 5
[  900.936748][    T9] usb 5-1: New USB device found, idVendor=1e7d, idProduct=2d50, bcdDevice= 0.00
[  900.982433][    T9] usb 5-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  901.025501][    T9] usb 5-1: config 0 descriptor??
[  901.458588][    T9] usbhid 5-1:0.0: can't add hid device: -71
[  901.468562][    T9] usbhid 5-1:0.0: probe with driver usbhid failed with error -71
[  901.496309][    T9] usb 5-1: USB disconnect, device number 38
[  901.869899][T17751] syzkaller0: entered promiscuous mode
[  901.875584][T17751] syzkaller0: entered allmulticast mode
[  902.107372][ T5935] gspca_main: gspca_topro-2.14.0 probing 06a2:0003
[  902.148495][ T5935] gspca_topro: reg_w err -71
[  902.198488][ T5935] gspca_topro: Sensor soi763a
[  902.228685][ T5935] usb 2-1: USB disconnect, device number 54
[  902.371808][T17761] netlink: 28 bytes leftover after parsing attributes in process `syz.1.2295'.
[  902.409111][T17761] netlink: 28 bytes leftover after parsing attributes in process `syz.1.2295'.
[  903.175355][T17768] openvswitch: netlink: Flow actions may not be safe on all matching packets.
[  905.913132][   T30] audit: type=1326 audit(1757727695.742:406): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=17788 comm="syz.2.2303" exe="/root/syz-executor" sig=0 arch=40000003 syscall=240 compat=1 ip=0xf70ae539 code=0x7ffc0000
[  905.939011][   T30] audit: type=1326 audit(1757727695.742:407): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=17788 comm="syz.2.2303" exe="/root/syz-executor" sig=0 arch=40000003 syscall=240 compat=1 ip=0xf70ae539 code=0x7ffc0000
[  906.101286][   T30] audit: type=1326 audit(1757727695.742:408): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=17788 comm="syz.2.2303" exe="/root/syz-executor" sig=0 arch=40000003 syscall=282 compat=1 ip=0xf70ae539 code=0x7ffc0000
[  906.129985][   T30] audit: type=1326 audit(1757727695.742:409): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=17788 comm="syz.2.2303" exe="/root/syz-executor" sig=0 arch=40000003 syscall=240 compat=1 ip=0xf70ae539 code=0x7ffc0000
[  906.160975][   T30] audit: type=1326 audit(1757727695.742:410): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=17788 comm="syz.2.2303" exe="/root/syz-executor" sig=0 arch=40000003 syscall=345 compat=1 ip=0xf70ae539 code=0x7ffc0000
[  906.202242][   T30] audit: type=1326 audit(1757727695.742:411): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=17788 comm="syz.2.2303" exe="/root/syz-executor" sig=0 arch=40000003 syscall=240 compat=1 ip=0xf70ae539 code=0x7ffc0000
[  906.272259][   T30] audit: type=1326 audit(1757727695.742:412): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=17788 comm="syz.2.2303" exe="/root/syz-executor" sig=0 arch=40000003 syscall=352 compat=1 ip=0xf70ae539 code=0x7ffc0000
[  906.828981][   T30] audit: type=1326 audit(1757727695.742:413): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=17788 comm="syz.2.2303" exe="/root/syz-executor" sig=0 arch=40000003 syscall=240 compat=1 ip=0xf70ae539 code=0x7ffc0000
[  906.852619][   T30] audit: type=1326 audit(1757727695.752:414): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=17788 comm="syz.2.2303" exe="/root/syz-executor" sig=0 arch=40000003 syscall=295 compat=1 ip=0xf70ae539 code=0x7ffc0000
[  907.315358][   T30] audit: type=1326 audit(1757727695.752:415): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=17788 comm="syz.2.2303" exe="/root/syz-executor" sig=0 arch=40000003 syscall=295 compat=1 ip=0xf70ae539 code=0x7ffc0000
[  907.858552][ T5935] usb 5-1: new high-speed USB device number 39 using dummy_hcd
[  908.028355][ T5935] usb 5-1: Using ep0 maxpacket: 32
[  908.148851][ T5935] usb 5-1: config 0 has no interfaces?
[  908.172344][ T5935] usb 5-1: New USB device found, idVendor=0424, idProduct=9901, bcdDevice=c2.57
[  908.220704][ T5935] usb 5-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  908.307395][ T5935] usb 5-1: Product: syz
[  908.312983][T17823] tipc: Enabling of bearer <eth:syzk> rejected, failed to enable media
[  908.335975][ T5935] usb 5-1: Manufacturer: syz
[  908.345630][ T5935] usb 5-1: SerialNumber: syz
[  908.369657][ T5935] usb 5-1: config 0 descriptor??
[  908.380726][T17824] syzkaller0: entered promiscuous mode
[  908.390992][T17824] syzkaller0: entered allmulticast mode
[  908.970366][T17807] netlink: 4 bytes leftover after parsing attributes in process `syz.4.2306'.
[  909.012576][T13951] usb 5-1: USB disconnect, device number 39
[  910.339343][T13951] usb 4-1: new high-speed USB device number 44 using dummy_hcd
[  910.519277][T13951] usb 4-1: Using ep0 maxpacket: 16
[  910.578000][T13951] usb 4-1: New USB device found, idVendor=1004, idProduct=61aa, bcdDevice=4f.75
[  910.655207][T17854] binder: 17843:17854 ioctl c018620c 800000c0 returned -22
[  910.703480][T13951] usb 4-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  910.712846][T13951] usb 4-1: Product: syz
[  910.717106][T13951] usb 4-1: Manufacturer: syz
[  910.722731][T13951] usb 4-1: SerialNumber: syz
[  911.358855][T13951] usb 4-1: config 0 descriptor??
[  911.377531][T13951] usb 4-1: bad CDC descriptors
[  912.139448][T17827] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy
[  912.156398][T17827] misc raw-gadget: fail, usb_gadget_register_driver returned -16
[  913.533064][ T5935] usb 4-1: USB disconnect, device number 44
[  913.780789][T17874] vlan2: entered allmulticast mode
[  913.785948][T17874] macsec0: entered allmulticast mode
[  914.111571][T17874] veth1_macvtap: entered allmulticast mode
[  914.796718][T17888] netlink: 28 bytes leftover after parsing attributes in process `syz.1.2321'.
[  915.061867][T17888] netlink: 28 bytes leftover after parsing attributes in process `syz.1.2321'.
[  919.512007][T17943] netlink: 4388 bytes leftover after parsing attributes in process `syz.3.2333'.
[  919.866578][T17946] 8021q: adding VLAN 0 to HW filter on device batadv0
[  919.877463][T17946] batadv0: entered promiscuous mode
[  919.883858][T17946] batadv0: entered allmulticast mode
[  919.893157][T17946] team0: Port device batadv0 added
[  920.870893][T17952] netlink: 28 bytes leftover after parsing attributes in process `syz.2.2335'.
[  920.928653][   T30] kauditd_printk_skb: 6 callbacks suppressed
[  920.928672][   T30] audit: type=1800 audit(1757727710.762:422): pid=17955 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed comm="syz.0.2345" name="SYSV00000000" dev="hugetlbfs" ino=0 res=0 errno=0
[  920.958898][T17952] netlink: 28 bytes leftover after parsing attributes in process `syz.2.2335'.
[  921.315677][    T9] usb 1-1: new high-speed USB device number 44 using dummy_hcd
[  921.486741][    T9] usb 1-1: Using ep0 maxpacket: 8
[  921.507329][    T9] usb 1-1: config 1 has 2 interfaces, different from the descriptor's value: 3
[  921.519755][    T9] usb 1-1: config 1 has no interface number 1
[  921.525955][    T9] usb 1-1: config 1 interface 2 altsetting 1 endpoint 0x82 has an invalid bInterval 0, changing to 7
[  921.557224][    T9] usb 1-1: New USB device found, idVendor=1d6b, idProduct=0101, bcdDevice= 0.40
[  921.568583][    T9] usb 1-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  921.577028][    T9] usb 1-1: Product: syz
[  921.582670][    T9] usb 1-1: Manufacturer: syz
[  921.589791][    T9] usb 1-1: SerialNumber: syz
[  923.288776][T17973] netlink: 4 bytes leftover after parsing attributes in process `syz.4.2338'.
[  923.693061][    T9] usb 1-1: 2:1 : format type 0 is detected, processed as PCM
[  923.765207][    T9] usb 1-1: 2:1 : sample bitwidth 243 in over sample bytes 3
[  923.815713][    T9] usb 1-1: 2:1 : invalid UAC_FORMAT_TYPE desc
[  923.827806][    T9] usb 1-1: 2:1 : invalid channels 0
[  923.898630][    T9] usb 1-1: USB disconnect, device number 44
[  924.152242][ T7931] udevd[7931]: error opening ATTR{/sys/devices/platform/dummy_hcd.0/usb1/1-1/1-1:1.0/sound/card3/controlC3/../uevent} for writing: No such file or directory
[  924.396922][T17989] openvswitch: netlink: Flow key attr not present in new flow.
[  926.428387][   T24] usb 1-1: new high-speed USB device number 45 using dummy_hcd
[  926.648036][   T24] usb 1-1: Using ep0 maxpacket: 8
[  926.657646][   T24] usb 1-1: config 1 has an invalid descriptor of length 0, skipping remainder of the config
[  926.740916][   T24] usb 1-1: config 1 has 1 interface, different from the descriptor's value: 2
[  926.773766][   T24] usb 1-1: config 1 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 100, changing to 10
[  926.798419][   T24] usb 1-1: config 1 interface 0 altsetting 0 endpoint 0x81 has invalid maxpacket 24936, setting to 1024
[  926.889323][   T24] usb 1-1: New USB device found, idVendor=0225, idProduct=0000, bcdDevice= 0.00
[  927.027965][   T24] usb 1-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  927.150234][   T24] hub 1-1:1.0: bad descriptor, ignoring hub
[  927.218708][   T24] hub 1-1:1.0: probe with driver hub failed with error -5
[  927.226579][   T24] cdc_wdm 1-1:1.0: skipping garbage
[  927.248582][   T24] cdc_wdm 1-1:1.0: skipping garbage
[  927.288139][ T5935] usb 2-1: new full-speed USB device number 55 using dummy_hcd
[  927.358188][   T24] cdc_wdm 1-1:1.0: cdc-wdm0: USB WDM device
[  927.368240][   T24] cdc_wdm 1-1:1.0: Unknown control protocol
[  927.546309][ T5935] usb 2-1: config 0 has no interfaces?
[  927.580454][ T5935] usb 2-1: New USB device found, idVendor=091e, idProduct=0003, bcdDevice=d7.3b
[  927.597957][ T5935] usb 2-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  927.606126][ T5935] usb 2-1: Product: syz
[  927.610656][ T5935] usb 2-1: Manufacturer: syz
[  927.615251][ T5935] usb 2-1: SerialNumber: syz
[  927.720721][ T5935] usb 2-1: config 0 descriptor??
[  928.933998][   T30] audit: type=1800 audit(1757727718.772:423): pid=18030 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed comm="syz.3.2353" name="SYSV00000000" dev="hugetlbfs" ino=0 res=0 errno=0
[  928.962957][T18029] netlink: 28 bytes leftover after parsing attributes in process `syz.4.2354'.
[  928.971953][T18029] netlink: 28 bytes leftover after parsing attributes in process `syz.4.2354'.
[  928.989460][T18019] cdc_wdm 1-1:1.0: Error autopm - -16
[  928.995928][   T24] usb 1-1: USB disconnect, device number 45
[  929.388169][ T5935] usb 4-1: new high-speed USB device number 45 using dummy_hcd
[  929.469052][   T24] usb 2-1: USB disconnect, device number 55
[  929.647353][ T5935] usb 4-1: Using ep0 maxpacket: 8
[  929.778619][ T5935] usb 4-1: config 1 has 2 interfaces, different from the descriptor's value: 3
[  929.788386][ T5935] usb 4-1: config 1 has no interface number 1
[  929.794527][ T5935] usb 4-1: config 1 interface 2 altsetting 1 endpoint 0x82 has an invalid bInterval 0, changing to 7
[  930.174136][T18037] random: crng reseeded on system resumption
[  930.369406][ T5935] usb 4-1: New USB device found, idVendor=1d6b, idProduct=0101, bcdDevice= 0.40
[  930.379157][ T5935] usb 4-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  930.398358][ T5935] usb 4-1: Product: syz
[  930.406817][ T5935] usb 4-1: Manufacturer: syz
[  930.427053][ T5935] usb 4-1: SerialNumber: syz
[  931.578034][ T1302] ieee802154 phy0 wpan0: encryption failed: -22
[  931.584440][ T1302] ieee802154 phy1 wpan1: encryption failed: -22
[  932.409498][ T5935] usb 4-1: 2:1 : format type 0 is detected, processed as PCM
[  932.443173][ T5935] usb 4-1: 2:1 : sample bitwidth 243 in over sample bytes 3
[  932.476558][ T5935] usb 4-1: 2:1 : invalid UAC_FORMAT_TYPE desc
[  932.486953][ T5935] usb 4-1: 2:1 : invalid channels 0
[  932.540848][ T5935] usb 4-1: USB disconnect, device number 45
[  933.680551][ T7931] udevd[7931]: error opening ATTR{/sys/devices/platform/dummy_hcd.3/usb4/4-1/4-1:1.0/sound/card3/controlC3/../uevent} for writing: No such file or directory
[  934.580980][T18079] netlink: 28 bytes leftover after parsing attributes in process `syz.1.2366'.
[  934.597934][T18079] netlink: 28 bytes leftover after parsing attributes in process `syz.1.2366'.
[  935.952502][T18094] random: crng reseeded on system resumption
[  937.123013][   T30] audit: type=1800 audit(1757727726.932:424): pid=18121 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed comm="syz.4.2374" name="SYSV00000000" dev="hugetlbfs" ino=0 res=0 errno=0
[  937.418485][ T5935] usb 5-1: new high-speed USB device number 40 using dummy_hcd
[  937.860053][T18115] openvswitch: netlink: Flow actions may not be safe on all matching packets.
[  938.288382][ T5935] usb 5-1: Using ep0 maxpacket: 8
[  938.325740][ T5935] usb 5-1: config 1 has 2 interfaces, different from the descriptor's value: 3
[  938.336025][ T5935] usb 5-1: config 1 has no interface number 1
[  938.343993][ T5935] usb 5-1: config 1 interface 2 altsetting 1 endpoint 0x82 has an invalid bInterval 0, changing to 7
[  938.793126][ T5935] usb 5-1: New USB device found, idVendor=1d6b, idProduct=0101, bcdDevice= 0.40
[  938.853607][ T5935] usb 5-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  938.884000][ T5935] usb 5-1: Product: syz
[  938.934547][ T5935] usb 5-1: Manufacturer: syz
[  938.947866][ T5935] usb 5-1: SerialNumber: syz
[  939.643563][T18134] netlink: 28 bytes leftover after parsing attributes in process `syz.0.2378'.
[  939.652692][T18134] netlink: 28 bytes leftover after parsing attributes in process `syz.0.2378'.
[  939.723114][T18134] team0: entered promiscuous mode
[  939.759007][T18134] team_slave_0: entered promiscuous mode
[  939.772023][T18134] team_slave_1: entered promiscuous mode
[  939.798645][T18134] team0: left promiscuous mode
[  939.803609][T18134] team_slave_0: left promiscuous mode
[  939.809843][T18134] team_slave_1: left promiscuous mode
[  940.804108][ T5935] usb 5-1: 2:1 : format type 0 is detected, processed as PCM
[  940.830542][ T5935] usb 5-1: 2:1 : sample bitwidth 243 in over sample bytes 3
[  940.839124][ T5935] usb 5-1: 2:1 : invalid UAC_FORMAT_TYPE desc
[  940.845292][ T5935] usb 5-1: 2:1 : invalid channels 0
[  941.365723][ T5935] usb 5-1: USB disconnect, device number 40
[  941.369401][T18155] tipc: Enabled bearer <eth:syzkaller0>, priority 0
[  941.394374][T18155] syzkaller0: entered promiscuous mode
[  941.408602][T18155] syzkaller0: entered allmulticast mode
[  941.498192][T18155] tipc: Resetting bearer <eth:syzkaller0>
[  941.509615][T18154] tipc: Resetting bearer <eth:syzkaller0>
[  941.530264][T18154] tipc: Disabling bearer <eth:syzkaller0>
[  942.450195][T18168] tipc: Enabled bearer <eth:syzkaller0>, priority 0
[  942.569619][T18174] syzkaller0: entered promiscuous mode
[  942.583217][T18174] syzkaller0: entered allmulticast mode
[  943.042216][T18168] tipc: Resetting bearer <eth:syzkaller0>
[  943.058803][T18167] tipc: Resetting bearer <eth:syzkaller0>
[  943.656314][T18167] tipc: Disabling bearer <eth:syzkaller0>
[  944.297985][   T24] usb 5-1: new full-speed USB device number 41 using dummy_hcd
[  944.547611][   T24] usb 5-1: config 0 has no interfaces?
[  944.565480][   T24] usb 5-1: New USB device found, idVendor=091e, idProduct=0003, bcdDevice=d7.3b
[  944.595041][   T24] usb 5-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  944.646370][T18195] binder: 18190:18195 ioctl c018620c 800000c0 returned -22
[  945.080733][T18200] IPVS: Error connecting to the multicast addr
[  945.152251][   T24] usb 5-1: Product: syz
[  945.172519][   T24] usb 5-1: Manufacturer: syz
[  945.203014][   T24] usb 5-1: SerialNumber: syz
[  945.313657][   T24] usb 5-1: config 0 descriptor??
[  946.853608][ T5935] usb 5-1: USB disconnect, device number 41
[  948.483511][T18227] kvm: pic: non byte read
[  948.564074][T18227] kvm: pic: level sensitive irq not supported
[  948.564140][T18227] kvm: pic: non byte read
[  948.654711][T18227] kvm: pic: level sensitive irq not supported
[  948.654777][T18227] kvm: pic: non byte read
[  948.823642][T18233] kvm: vcpu 0: requested lapic timer restore with starting count register 0x390=3070988179 (3070988179 ns) > initial count (1876204212 ns). Using initial count to start timer.
[  948.844505][T18227] kvm: pic: level sensitive irq not supported
[  948.844570][T18227] kvm: pic: non byte read
[  948.873867][T18227] kvm: pic: level sensitive irq not supported
[  948.873932][T18227] kvm: pic: non byte read
[  948.902641][T18227] kvm: pic: level sensitive irq not supported
[  948.902688][T18227] kvm: pic: non byte read
[  948.998613][T18227] kvm: pic: level sensitive irq not supported
[  948.998680][T18227] kvm: pic: non byte read
[  950.528367][T18253] netlink: 4 bytes leftover after parsing attributes in process `syz.0.2401'.
[  950.584828][T18256] netlink: 4 bytes leftover after parsing attributes in process `syz.0.2401'.
[  950.864703][T18260] random: crng reseeded on system resumption
[  950.956459][T18253] macvtap2: entered promiscuous mode
[  951.011356][T18253] macvtap2: entered allmulticast mode
[  951.060942][T18262] netlink: 28 bytes leftover after parsing attributes in process `syz.2.2403'.
[  951.202349][T18262] netlink: 28 bytes leftover after parsing attributes in process `syz.2.2403'.
[  951.224749][T18253] dummy0: entered allmulticast mode
[  951.285728][T18256] dummy0: left allmulticast mode
[  952.399216][T18274] netlink: 20 bytes leftover after parsing attributes in process `syz.2.2408'.
[  952.418083][T18274] netlink: 20 bytes leftover after parsing attributes in process `syz.2.2408'.
[  952.450203][    T9] IPVS: starting estimator thread 0...
[  952.465493][T18274] netlink: 48 bytes leftover after parsing attributes in process `syz.2.2408'.
[  952.568159][T18276] IPVS: using max 50 ests per chain, 120000 per kthread
[  953.625424][T18286] netlink: 'syz.3.2410': attribute type 10 has an invalid length.
[  953.710504][T18293] netlink: 'syz.3.2410': attribute type 10 has an invalid length.
[  953.853830][T18286] dummy0: entered allmulticast mode
[  953.865227][T18286] team0: Port device dummy0 added
[  953.957289][T18293] team0: Failed to send port change of device dummy0 via netlink (err -105)
[  954.135867][T18293] dummy0: left allmulticast mode
[  954.666066][T18293] team0: Failed to send options change via netlink (err -105)
[  954.694818][T18293] team0: Failed to send port change of device dummy0 via netlink (err -105)
[  954.770156][T18293] team0: Port device dummy0 removed
[  954.873623][T18293] bond0: (slave dummy0): Enslaving as an active interface with an up link
[  954.979684][T18300] tipc: Enabling of bearer <eth:syzkaller0> rejected, failed to enable media
[  955.108712][T18312] syzkaller0: entered promiscuous mode
[  955.120224][T18312] syzkaller0: entered allmulticast mode
[  956.173107][T18330] random: crng reseeded on system resumption
[  958.218209][   T30] audit: type=1800 audit(1757727748.052:425): pid=18355 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed comm="syz.1.2425" name="SYSV00000000" dev="hugetlbfs" ino=0 res=0 errno=0
[  958.537843][   T24] usb 2-1: new high-speed USB device number 56 using dummy_hcd
[  959.137883][   T24] usb 2-1: Using ep0 maxpacket: 8
[  959.162490][   T24] usb 2-1: config 1 has 2 interfaces, different from the descriptor's value: 3
[  959.176486][   T24] usb 2-1: config 1 has no interface number 1
[  959.189954][   T24] usb 2-1: config 1 interface 2 altsetting 1 endpoint 0x82 has an invalid bInterval 0, changing to 7
[  959.331998][   T24] usb 2-1: New USB device found, idVendor=1d6b, idProduct=0101, bcdDevice= 0.40
[  959.341266][   T24] usb 2-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  959.350483][   T24] usb 2-1: Product: syz
[  959.372222][   T24] usb 2-1: Manufacturer: syz
[  959.406639][   T24] usb 2-1: SerialNumber: syz
[  959.942346][T18372] netlink: 'syz.4.2429': attribute type 10 has an invalid length.
[  959.964160][T18372] team0: Device dummy0 failed to register rx_handler
[  959.996343][T18372] netlink: 'syz.4.2429': attribute type 10 has an invalid length.
[  960.280974][T18374] netlink: 28 bytes leftover after parsing attributes in process `syz.3.2431'.
[  960.298941][T18374] netlink: 28 bytes leftover after parsing attributes in process `syz.3.2431'.
[  961.019496][   T24] usb 2-1: 2:1 : format type 0 is detected, processed as PCM
[  961.026957][   T24] usb 2-1: 2:1 : sample bitwidth 243 in over sample bytes 3
[  961.048391][   T24] usb 2-1: 2:1 : invalid UAC_FORMAT_TYPE desc
[  961.057536][   T24] usb 2-1: 2:1 : invalid channels 0
[  961.286534][   T24] usb 2-1: USB disconnect, device number 56
[  961.352958][ T7931] udevd[7931]: error opening ATTR{/sys/devices/platform/dummy_hcd.1/usb2/2-1/2-1:1.0/sound/card3/controlC3/../uevent} for writing: No such file or directory
[  961.676124][T18399] netlink: 4388 bytes leftover after parsing attributes in process `syz.2.2435'.
[  963.198646][ T5935] usb 1-1: new full-speed USB device number 46 using dummy_hcd
[  963.359939][ T5935] usb 1-1: config 7 has an invalid interface number: 192 but max is 0
[  963.369390][ T5935] usb 1-1: config 7 has no interface number 0
[  963.376494][ T5935] usb 1-1: config 7 interface 192 has no altsetting 0
[  964.198333][ T5935] usb 1-1: New USB device found, idVendor=09fb, idProduct=ebbe, bcdDevice=d4.8d
[  964.207424][ T5935] usb 1-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  964.227711][ T5935] usb 1-1: Product: syz
[  964.233125][ T5935] usb 1-1: Manufacturer: syz
[  964.258578][ T5935] usb 1-1: SerialNumber: syz
[  966.799993][T18443] netlink: 28 bytes leftover after parsing attributes in process `syz.3.2444'.
[  966.858210][T18443] netlink: 28 bytes leftover after parsing attributes in process `syz.3.2444'.
[  966.891471][T18408] syz.0.2436: vmalloc error: size 16777216, failed to allocated page array size 32768, mode:0xdc2(GFP_KERNEL|__GFP_HIGHMEM|__GFP_ZERO), nodemask=(null),cpuset=/,mems_allowed=0-1
[  966.919851][T18446] CIFS: VFS: Malformed UNC in devname
[  966.948208][T18408] CPU: 1 UID: 0 PID: 18408 Comm: syz.0.2436 Not tainted syzkaller #0 PREEMPT(full) 
[  966.948259][T18408] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 08/18/2025
[  966.948287][T18408] Call Trace:
[  966.948295][T18408]  <TASK>
[  966.948304][T18408]  dump_stack_lvl+0x189/0x250
[  966.948335][T18408]  ? __pfx_dump_stack_lvl+0x10/0x10
[  966.948359][T18408]  ? __pfx__printk+0x10/0x10
[  966.948385][T18408]  ? cpuset_print_current_mems_allowed+0x1f/0x360
[  966.948407][T18408]  ? cpuset_print_current_mems_allowed+0x1f/0x360
[  966.948430][T18408]  ? cpuset_print_current_mems_allowed+0x2ee/0x360
[  966.948454][T18408]  warn_alloc+0x214/0x310
[  966.948491][T18408]  ? __pfx_warn_alloc+0x10/0x10
[  966.948528][T18408]  ? __get_vm_area_node+0x28f/0x300
[  966.948557][T18408]  ? xp_create_and_assign_umem+0x184/0xce0
[  966.948584][T18408]  __vmalloc_node_range_noprof+0x67e/0x12f0
[  966.948645][T18408]  ? __pfx___vmalloc_node_range_noprof+0x10/0x10
[  966.948688][T18408]  ? rcu_is_watching+0x15/0xb0
[  966.948711][T18408]  ? xp_create_and_assign_umem+0x184/0xce0
[  966.948732][T18408]  ? xp_create_and_assign_umem+0x184/0xce0
[  966.948753][T18408]  __kvmalloc_node_noprof+0x3b8/0x5f0
[  966.948782][T18408]  ? xp_create_and_assign_umem+0x184/0xce0
[  966.948804][T18408]  ? xp_create_and_assign_umem+0xa4/0xce0
[  966.948831][T18408]  xp_create_and_assign_umem+0x184/0xce0
[  966.948863][T18408]  ? dev_get_by_index+0x22/0x2e0
[  966.948890][T18408]  ? dev_get_by_index+0x22/0x2e0
[  966.948923][T18408]  xsk_bind+0x42d/0xf90
[  966.948947][T18408]  ? apparmor_socket_bind+0xff/0x1e0
[  966.948980][T18408]  __sys_bind+0x2c6/0x3e0
[  966.949002][T18408]  ? __pfx___sys_bind+0x10/0x10
[  966.949018][T18408]  ? __irq_exit_rcu+0xca/0x1f0
[  966.949062][T18408]  __ia32_sys_bind+0x7a/0x90
[  966.949083][T18408]  __do_fast_syscall_32+0xb6/0x2b0
[  966.949107][T18408]  do_fast_syscall_32+0x34/0x80
[  966.949118][T18408]  entry_SYSENTER_compat_after_hwframe+0x84/0x8e
[  966.949138][T18408] RIP: 0023:0xf7f62539
[  966.949158][T18408] Code: 03 74 b4 01 10 07 03 74 b0 01 10 08 03 74 d8 01 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 51 52 55 89 e5 0f 34 cd 80 <5d> 5a 59 c3 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90
[  966.949174][T18408] RSP: 002b:00000000f544555c EFLAGS: 00000206 ORIG_RAX: 0000000000000169
[  966.949195][T18408] RAX: ffffffffffffffda RBX: 0000000000000004 RCX: 0000000080000100
[  966.949210][T18408] RDX: 0000000000000010 RSI: 0000000000000000 RDI: 0000000000000000
[  966.949222][T18408] RBP: 0000000000000000 R08: 0000000000000000 R09: 0000000000000000
[  966.949234][T18408] R10: 0000000000000000 R11: 0000000000000206 R12: 0000000000000000
[  966.949246][T18408] R13: 0000000000000000 R14: 0000000000000000 R15: 0000000000000000
[  966.949265][T18408]  </TASK>
[  966.949274][T18408] Mem-Info:
[  967.219343][T18408] active_anon:9990 inactive_anon:0 isolated_anon:0
[  967.219343][T18408]  active_file:18538 inactive_file:3805 isolated_file:0
[  967.219343][T18408]  unevictable:768 dirty:334 writeback:0
[  967.219343][T18408]  slab_reclaimable:11356 slab_unreclaimable:103376
[  967.219343][T18408]  mapped:32215 shmem:1357 pagetables:1320
[  967.219343][T18408]  sec_pagetables:0 bounce:0
[  967.219343][T18408]  kernel_misc_reclaimable:0
[  967.219343][T18408]  free:1326892 free_pcp:11186 free_cma:0
[  967.264735][    C0] vkms_vblank_simulate: vblank timer overrun
[  967.291095][T18408] Node 0 active_anon:36760kB inactive_anon:0kB active_file:74148kB inactive_file:15092kB unevictable:1536kB isolated(anon):0kB isolated(file):0kB mapped:128856kB dirty:1332kB writeback:0kB shmem:3892kB shmem_thp:0kB shmem_pmdmapped:0kB anon_thp:0kB kernel_stack:12568kB pagetables:5124kB sec_pagetables:0kB all_unreclaimable? no Balloon:0kB
[  967.322891][    C0] vkms_vblank_simulate: vblank timer overrun
[  967.406249][T18408] Node 1 active_anon:0kB inactive_anon:0kB active_file:4kB inactive_file:128kB unevictable:1536kB isolated(anon):0kB isolated(file):0kB mapped:4kB dirty:4kB writeback:0kB shmem:1536kB shmem_thp:0kB shmem_pmdmapped:0kB anon_thp:0kB kernel_stack:48kB pagetables:156kB sec_pagetables:0kB all_unreclaimable? no Balloon:0kB
[  967.438147][T18408] Node 0 DMA free:15360kB boost:0kB min:204kB low:252kB high:300kB reserved_highatomic:0KB free_highatomic:0KB active_anon:0kB inactive_anon:0kB active_file:0kB inactive_file:0kB unevictable:0kB writepending:0kB present:15992kB managed:15360kB mlocked:0kB bounce:0kB free_pcp:0kB local_pcp:0kB free_cma:0kB
[  967.470924][T18408] lowmem_reserve[]: 0 2497 2499 2499 2499
[  967.485075][T18408] Node 0 DMA32 free:1391324kB boost:0kB min:34248kB low:42808kB high:51368kB reserved_highatomic:0KB free_highatomic:0KB active_anon:34972kB inactive_anon:0kB active_file:73904kB inactive_file:13848kB unevictable:1536kB writepending:1332kB present:3129332kB managed:2557420kB mlocked:0kB bounce:0kB free_pcp:31240kB local_pcp:19332kB free_cma:0kB
[  967.584187][T18408] lowmem_reserve[]: 0 0 1 1 1
[  967.594520][T18408] Node 0 Normal free:24kB boost:0kB min:20kB low:24kB high:28kB reserved_highatomic:0KB free_highatomic:0KB active_anon:88kB inactive_anon:0kB active_file:244kB inactive_file:1244kB unevictable:0kB writepending:0kB present:1048580kB managed:1644kB mlocked:0kB bounce:0kB free_pcp:44kB local_pcp:16kB free_cma:0kB
[  967.778311][T18408] lowmem_reserve[]: 0 0 0 0 0
[  967.783821][T18408] Node 1 Normal free:3900860kB boost:0kB min:55632kB low:69540kB high:83448kB reserved_highatomic:0KB free_highatomic:0KB active_anon:0kB inactive_anon:0kB active_file:4kB inactive_file:128kB unevictable:1536kB writepending:4kB present:4194300kB managed:4111100kB mlocked:0kB bounce:0kB free_pcp:18240kB local_pcp:2656kB free_cma:0kB
[  967.819321][T18408] lowmem_reserve[]: 0 0 0 0 0
[  967.856345][T18408] Node 0 DMA: 0*4kB 0*8kB 0*16kB 0*32kB 0*64kB 0*128kB 0*256kB 0*512kB 1*1024kB (U) 1*2048kB (M) 3*4096kB (M) = 15360kB
[  967.871865][T18408] Node 0 DMA32: 255*4kB (UM) 258*8kB (ME) 311*16kB (UM) 165*32kB (ME) 85*64kB (ME) 37*128kB (UME) 29*256kB (UME) 25*512kB (ME) 14*1024kB (UM) 3*2048kB (ME) 324*4096kB (UM) = 1391324kB
[  967.891112][T18408] Node 0 Normal: 2*4kB (M) 2*8kB (M) 0*16kB 0*32kB 0*64kB 0*128kB 0*256kB 0*512kB 0*1024kB 0*2048kB 0*4096kB = 24kB
[  967.930637][T18408] Node 1 Normal: 235*4kB (UME) 56*8kB (UME) 47*16kB (UME) 225*32kB (UME) 75*64kB (UME) 7*128kB (UME) 5*256kB (UME) 5*512kB (UME) 3*1024kB (ME) 2*2048kB (ME) 946*4096kB (UM) = 3900860kB
[  967.956162][T18408] Node 0 hugepages_total=0 hugepages_free=0 hugepages_surp=0 hugepages_size=1048576kB
[  967.966904][T18408] Node 0 hugepages_total=4 hugepages_free=4 hugepages_surp=0 hugepages_size=2048kB
[  967.979960][T18408] Node 1 hugepages_total=0 hugepages_free=0 hugepages_surp=0 hugepages_size=1048576kB
[  967.991459][T18408] Node 1 hugepages_total=0 hugepages_free=0 hugepages_surp=0 hugepages_size=2048kB
[  968.003316][T18408] 23674 total pagecache pages
[  968.010677][T18408] 3 pages in swap cache
[  968.015185][T18408] Free swap  = 124984kB
[  968.021960][T18408] Total swap = 124996kB
[  968.026416][T18408] 2097051 pages RAM
[  968.032414][T18408] 0 pages HighMem/MovableOnly
[  968.037402][T18408] 425670 pages reserved
[  968.048351][T18408] 0 pages cma reserved
[  968.391600][ T5935] usb 1-1: USB disconnect, device number 46
[  969.247833][   T24] usb 1-1: new high-speed USB device number 47 using dummy_hcd
[  969.487908][   T24] usb 1-1: Using ep0 maxpacket: 32
[  969.496245][   T24] usb 1-1: config 0 has an invalid interface number: 184 but max is 0
[  969.515823][   T24] usb 1-1: config 0 has no interface number 0
[  969.583760][   T24] usb 1-1: config 0 interface 184 has no altsetting 0
[  969.585663][T18474] tipc: Enabling of bearer <eth:syzkaller0> rejected, already enabled
[  969.612279][   T24] usb 1-1: New USB device found, idVendor=0424, idProduct=7500, bcdDevice=69.ee
[  969.638245][   T24] usb 1-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  969.665210][   T24] usb 1-1: Product: syz
[  969.676586][   T24] usb 1-1: Manufacturer: syz
[  969.690427][   T24] usb 1-1: SerialNumber: syz
[  969.730539][   T24] usb 1-1: config 0 descriptor??
[  969.767141][   T24] smsc75xx v1.0.0
[  969.776768][   T24] smsc75xx 1-1:0.184 (unnamed net_device) (uninitialized): usbnet_get_endpoints failed: -22
[  969.789167][   T24] smsc75xx 1-1:0.184: probe with driver smsc75xx failed with error -22
[  971.558733][ T5935] usb 1-1: USB disconnect, device number 47
[  973.061924][T18512] netlink: 28 bytes leftover after parsing attributes in process `syz.1.2461'.
[  973.146101][T18512] netlink: 28 bytes leftover after parsing attributes in process `syz.1.2461'.
[  973.920283][   T30] audit: type=1326 audit(1757727763.762:426): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=18519 comm="syz.0.2463" exe="/root/syz-executor" sig=0 arch=40000003 syscall=240 compat=1 ip=0xf7f62539 code=0x7ffc0000
[  974.306254][T18521] kvm: vcpu 0: requested lapic timer restore with starting count register 0x390=3070988179 (3070988179 ns) > initial count (1876204212 ns). Using initial count to start timer.
[  974.868066][   T30] audit: type=1326 audit(1757727763.792:427): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=18519 comm="syz.0.2463" exe="/root/syz-executor" sig=0 arch=40000003 syscall=240 compat=1 ip=0xf7f62539 code=0x7ffc0000
[  975.067891][   T30] audit: type=1326 audit(1757727763.792:428): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=18519 comm="syz.0.2463" exe="/root/syz-executor" sig=0 arch=40000003 syscall=359 compat=1 ip=0xf7f62539 code=0x7ffc0000
[  975.337466][   T30] audit: type=1326 audit(1757727763.792:429): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=18519 comm="syz.0.2463" exe="/root/syz-executor" sig=0 arch=40000003 syscall=240 compat=1 ip=0xf7f62539 code=0x7ffc0000
[  975.359533][    C1] vkms_vblank_simulate: vblank timer overrun
[  975.477182][   T30] audit: type=1326 audit(1757727763.792:430): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=18519 comm="syz.0.2463" exe="/root/syz-executor" sig=0 arch=40000003 syscall=240 compat=1 ip=0xf7f62539 code=0x7ffc0000
[  975.516937][T18536] netlink: 28 bytes leftover after parsing attributes in process `syz.2.2467'.
[  975.725462][   T30] audit: type=1326 audit(1757727763.792:431): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=18519 comm="syz.0.2463" exe="/root/syz-executor" sig=0 arch=40000003 syscall=386 compat=1 ip=0xf7f62539 code=0x7ffc0000
[  975.749702][T18536] netlink: 28 bytes leftover after parsing attributes in process `syz.2.2467'.
[  975.793788][   T30] audit: type=1326 audit(1757727763.792:432): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=18519 comm="syz.0.2463" exe="/root/syz-executor" sig=0 arch=40000003 syscall=240 compat=1 ip=0xf7f62539 code=0x7ffc0000
[  976.106101][T18524] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium
[  976.368212][   T30] audit: type=1326 audit(1757727763.792:433): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=18519 comm="syz.0.2463" exe="/root/syz-executor" sig=0 arch=40000003 syscall=240 compat=1 ip=0xf7f62539 code=0x7ffc0000
[  976.638250][   T30] audit: type=1326 audit(1757727763.792:434): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=18519 comm="syz.0.2463" exe="/root/syz-executor" sig=0 arch=40000003 syscall=274 compat=1 ip=0xf7f62539 code=0x7ffc0000
[  976.660446][   T30] audit: type=1326 audit(1757727763.792:435): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=18519 comm="syz.0.2463" exe="/root/syz-executor" sig=0 arch=40000003 syscall=240 compat=1 ip=0xf7f62539 code=0x7ffc0000
[  976.682466][    C1] vkms_vblank_simulate: vblank timer overrun
[  979.784787][T18580] netlink: 'syz.0.2472': attribute type 10 has an invalid length.
[  979.795723][T18580] team0: Device dummy0 failed to register rx_handler
[  979.842981][T18576] sctp: [Deprecated]: syz.2.2473 (pid 18576) Use of struct sctp_assoc_value in delayed_ack socket option.
[  979.842981][T18576] Use struct sctp_sack_info instead
[  979.889640][T18580] netlink: 'syz.0.2472': attribute type 10 has an invalid length.
[  982.689698][ T5935] usb 2-1: new high-speed USB device number 57 using dummy_hcd
[  982.927527][   T24] usb 1-1: new high-speed USB device number 48 using dummy_hcd
[  982.969091][ T5935] usb 2-1: Using ep0 maxpacket: 8
[  982.976750][ T5935] usb 2-1: config 168 descriptor has 1 excess byte, ignoring
[  982.987547][ T5935] usb 2-1: config 168 interface 0 altsetting 0 endpoint 0x3 has an invalid bInterval 255, changing to 11
[  983.005724][ T5935] usb 2-1: config 168 interface 0 altsetting 0 has an endpoint descriptor with address 0xFF, changing to 0x8F
[  983.035926][ T5935] usb 2-1: config 168 interface 0 altsetting 0 endpoint 0x8F has an invalid bInterval 0, changing to 7
[  983.069280][ T5935] usb 2-1: config 168 interface 0 altsetting 0 endpoint 0x8F has invalid maxpacket 59391, setting to 1024
[  983.090122][ T5935] usb 2-1: config 168 descriptor has 1 excess byte, ignoring
[  983.098313][ T5935] usb 2-1: config 168 interface 0 altsetting 0 endpoint 0x3 has an invalid bInterval 255, changing to 11
[  983.122726][ T5935] usb 2-1: config 168 interface 0 altsetting 0 has an endpoint descriptor with address 0xFF, changing to 0x8F
[  983.162083][ T5935] usb 2-1: config 168 interface 0 altsetting 0 endpoint 0x8F has an invalid bInterval 0, changing to 7
[  983.193585][ T5935] usb 2-1: config 168 interface 0 altsetting 0 endpoint 0x8F has invalid maxpacket 59391, setting to 1024
[  983.232504][ T5935] usb 2-1: config 168 descriptor has 1 excess byte, ignoring
[  983.242649][ T5935] usb 2-1: config 168 interface 0 altsetting 0 endpoint 0x3 has an invalid bInterval 255, changing to 11
[  983.270454][ T5935] usb 2-1: config 168 interface 0 altsetting 0 has an endpoint descriptor with address 0xFF, changing to 0x8F
[  983.414377][ T5935] usb 2-1: config 168 interface 0 altsetting 0 endpoint 0x8F has an invalid bInterval 0, changing to 7
[  983.467861][ T5935] usb 2-1: config 168 interface 0 altsetting 0 endpoint 0x8F has invalid maxpacket 59391, setting to 1024
[  983.492834][ T5935] usb 2-1: string descriptor 0 read error: -22
[  983.500650][ T5935] usb 2-1: New USB device found, idVendor=0a07, idProduct=0064, bcdDevice=40.6e
[  983.510461][ T5935] usb 2-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  983.554873][ T5935] adutux 2-1:168.0: ADU100  now attached to /dev/usb/adutux0
[  983.560285][   T24] usb 1-1: New USB device found, idVendor=2770, idProduct=9052, bcdDevice=15.f5
[  983.589775][   T24] usb 1-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  983.685338][   T24] usb 1-1: Product: syz
[  983.689615][   T24] usb 1-1: Manufacturer: syz
[  983.698012][   T24] usb 1-1: SerialNumber: syz
[  983.710834][   T24] usb 1-1: config 0 descriptor??
[  983.734624][   T24] gspca_main: sq905c-2.14.0 probing 2770:9052
[  984.120835][T13951] usb 2-1: USB disconnect, device number 57
[  984.121400][T18610] usb 2-1: Couldn't submit interrupt_out_urb -19
[  984.269586][   T24] gspca_sq905c: sq905c_read: usb_control_msg failed (-71)
[  984.278760][   T24] sq905c 1-1:0.0: Reading version command failed
[  984.295604][   T24] sq905c 1-1:0.0: probe with driver sq905c failed with error -71
[  984.350027][   T24] usb 1-1: USB disconnect, device number 48
[  985.678496][ T5935] usb 4-1: new full-speed USB device number 46 using dummy_hcd
[  985.844887][ T5935] usb 4-1: unable to get BOS descriptor or descriptor too short
[  985.855633][ T5935] usb 4-1: not running at top speed; connect to a high speed hub
[  985.869131][ T5935] usb 4-1: config 7 has an invalid interface number: 180 but max is 0
[  985.885474][ T5935] usb 4-1: config 7 has no interface number 0
[  985.892629][ T5935] usb 4-1: config 7 interface 180 has no altsetting 0
[  986.534797][ T5935] usb 4-1: New USB device found, idVendor=06a2, idProduct=0003, bcdDevice=3c.f2
[  986.563724][ T5935] usb 4-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  986.660015][T18646] netlink: 28 bytes leftover after parsing attributes in process `syz.4.2491'.
[  986.670753][T18646] netlink: 28 bytes leftover after parsing attributes in process `syz.4.2491'.
[  986.700066][ T5935] usb 4-1: Product: syz
[  986.809898][ T5935] usb 4-1: SerialNumber: syz
[  987.313372][T18652] netlink: 4 bytes leftover after parsing attributes in process `syz.0.2492'.
[  988.742373][ T5935] gspca_main: gspca_topro-2.14.0 probing 06a2:0003
[  988.920723][ T5935] gspca_topro: reg_w err -71
[  988.958019][T18675] netlink: 4 bytes leftover after parsing attributes in process `syz.3.2498'.
[  988.967364][ T5935] gspca_topro: Sensor soi763a
[  988.969957][T18675] netlink: 107 bytes leftover after parsing attributes in process `syz.3.2498'.
[  989.110337][ T5935] usb 4-1: USB disconnect, device number 46
[  989.411248][   T24] usb 1-1: new high-speed USB device number 49 using dummy_hcd
[  989.592371][   T24] usb 1-1: Using ep0 maxpacket: 32
[  989.747910][   T24] usb 1-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config
[  989.759588][   T24] usb 1-1: config 0 has no interfaces?
[  989.768287][   T24] usb 1-1: New USB device found, idVendor=046d, idProduct=c31c, bcdDevice= 0.40
[  989.818532][   T24] usb 1-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  989.880384][   T24] usb 1-1: config 0 descriptor??
[  991.778398][T18703] netlink: 20 bytes leftover after parsing attributes in process `syz.4.2501'.
[  993.088983][ T1302] ieee802154 phy0 wpan0: encryption failed: -22
[  993.095575][ T1302] ieee802154 phy1 wpan1: encryption failed: -22
[  993.161143][   T24] usb 1-1: USB disconnect, device number 49
[  994.982585][T18722] block device autoloading is deprecated and will be removed.
[  997.158957][ T5935] usb 5-1: new high-speed USB device number 42 using dummy_hcd
[  997.188326][    T9] IPVS: starting estimator thread 0...
[  997.325398][T18743] IPVS: using max 39 ests per chain, 93600 per kthread
[  997.687981][ T5935] usb 5-1: Using ep0 maxpacket: 8
[  997.697365][ T5935] usb 5-1: New USB device found, idVendor=0ccd, idProduct=00b3, bcdDevice=2d.ea
[  997.728418][ T5935] usb 5-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  997.919646][   T49] batman_adv: batadv1: adding TT local entry 33:33:00:00:00:01 to non-existent VLAN -1
[  997.942437][ T5935] usb 5-1: Product: syz
[  997.971732][ T5935] usb 5-1: Manufacturer: syz
[  997.976356][ T5935] usb 5-1: SerialNumber: syz
[  998.259321][ T5935] usb 5-1: config 0 descriptor??
[  998.778175][ T5935] usb 5-1: dvb_usb_v2: found a 'TerraTec NOXON DAB Stick' in warm state
[  999.245873][T18759] netlink: 12 bytes leftover after parsing attributes in process `syz.2.2516'.
[  999.310004][T18763] netlink: 'syz.3.2518': attribute type 2 has an invalid length.
[  999.331470][T18763] : entered promiscuous mode
[  999.347408][T18761] tipc: Enabled bearer <eth:syzkaller0>, priority 0
[  999.410893][T18761] syzkaller0: entered promiscuous mode
[  999.416408][T18761] syzkaller0: entered allmulticast mode
[  999.550934][T18761] tipc: Resetting bearer <eth:syzkaller0>
[  999.566253][T18760] tipc: Resetting bearer <eth:syzkaller0>
[  999.593094][T18770] netlink: 4 bytes leftover after parsing attributes in process `syz.0.2521'.
[  999.608716][T18760] tipc: Disabling bearer <eth:syzkaller0>
[  999.617555][T18770] netlink: 4 bytes leftover after parsing attributes in process `syz.0.2521'.
[  999.634178][T18770] netlink: 4 bytes leftover after parsing attributes in process `syz.0.2521'.
[  999.645366][T18770] netlink: 4 bytes leftover after parsing attributes in process `syz.0.2521'.
[  999.683774][T18772] netlink: 4 bytes leftover after parsing attributes in process `syz.3.2520'.
[ 1000.581044][ T5935] dvb_usb_rtl28xxu 5-1:0.0: probe with driver dvb_usb_rtl28xxu failed with error -71
[ 1000.597129][ T5935] usb 5-1: USB disconnect, device number 42
[ 1001.025736][T18788] netlink: 4 bytes leftover after parsing attributes in process `syz.1.2524'.
[ 1001.930174][T18796] netlink: 28 bytes leftover after parsing attributes in process `syz.4.2527'.
[ 1001.942757][T18796] netlink: 28 bytes leftover after parsing attributes in process `syz.4.2527'.
[ 1002.327971][    T9] usb 2-1: new high-speed USB device number 58 using dummy_hcd
[ 1002.871166][    T9] usb 2-1: New USB device found, idVendor=1604, idProduct=8001, bcdDevice=44.1f
[ 1002.893981][    T9] usb 2-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[ 1002.923172][    T9] usb 2-1: Product: syz
[ 1002.968782][    T9] usb 2-1: Manufacturer: syz
[ 1002.995560][    T9] usb 2-1: SerialNumber: syz
[ 1003.027056][T18811] blktrace: Concurrent blktraces are not allowed on sg0
[ 1003.102983][    T9] usb 2-1: config 0 descriptor??
[ 1003.525758][T18813] netlink: 60 bytes leftover after parsing attributes in process `syz.1.2526'.
[ 1003.538822][T18795] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy
[ 1003.567702][T18795] misc raw-gadget: fail, usb_gadget_register_driver returned -16
[ 1003.696451][   T24] usb 2-1: USB disconnect, device number 58
[ 1003.704175][T18815] vlan0: entered promiscuous mode
[ 1003.728541][T18815] batadv0: entered promiscuous mode
[ 1004.862542][T18823] random: crng reseeded on system resumption
[ 1005.863055][   T30] kauditd_printk_skb: 36 callbacks suppressed
[ 1005.863075][   T30] audit: type=1800 audit(1757727795.702:472): pid=18846 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed comm="syz.2.2535" name="SYSV00000000" dev="hugetlbfs" ino=1 res=0 errno=0
[ 1006.939693][   T24] usb 3-1: new high-speed USB device number 54 using dummy_hcd
[ 1007.227936][   T24] usb 3-1: Using ep0 maxpacket: 8
[ 1007.248499][   T24] usb 3-1: config 1 has 2 interfaces, different from the descriptor's value: 3
[ 1007.261256][   T24] usb 3-1: config 1 has no interface number 1
[ 1007.267396][   T24] usb 3-1: config 1 interface 2 altsetting 1 endpoint 0x82 has an invalid bInterval 0, changing to 7
[ 1007.348182][   T24] usb 3-1: New USB device found, idVendor=1d6b, idProduct=0101, bcdDevice= 0.40
[ 1007.359829][   T24] usb 3-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[ 1007.477767][   T24] usb 3-1: Product: syz
[ 1007.482186][   T24] usb 3-1: Manufacturer: syz
[ 1007.497883][   T24] usb 3-1: SerialNumber: syz
[ 1008.153920][T18864] netlink: 'syz.1.2538': attribute type 8 has an invalid length.
[ 1008.996742][   T24] usb 3-1: 2:1 : format type 0 is detected, processed as PCM
[ 1009.084314][   T24] usb 3-1: 2:1 : sample bitwidth 243 in over sample bytes 3
[ 1009.120890][   T24] usb 3-1: 2:1 : invalid UAC_FORMAT_TYPE desc
[ 1009.151627][   T30] audit: type=1326 audit(1757727798.992:473): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=18876 comm="syz.2.2544" exe="/root/syz-executor" sig=31 arch=40000003 syscall=240 compat=1 ip=0xf70ae539 code=0x0
[ 1009.298912][   T24] usb 3-1: 2:1 : invalid channels 0
[ 1009.535234][   T24] usb 3-1: USB disconnect, device number 54
[ 1010.371389][T18886] __nla_validate_parse: 2 callbacks suppressed
[ 1010.371403][T18886] netlink: 28 bytes leftover after parsing attributes in process `syz.1.2545'.
[ 1010.438377][T18886] netlink: 28 bytes leftover after parsing attributes in process `syz.1.2545'.
[ 1011.296513][T18897] netlink: 'syz.1.2549': attribute type 1 has an invalid length.
[ 1011.600054][   T30] audit: type=1326 audit(1757727801.402:474): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=18896 comm="syz.1.2549" exe="/root/syz-executor" sig=0 arch=40000003 syscall=240 compat=1 ip=0xf7f92539 code=0x7ffc0000
[ 1011.668001][   T30] audit: type=1326 audit(1757727801.402:475): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=18896 comm="syz.1.2549" exe="/root/syz-executor" sig=0 arch=40000003 syscall=310 compat=1 ip=0xf7f92539 code=0x7ffc0000
[ 1011.701451][   T30] audit: type=1326 audit(1757727801.402:476): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=18896 comm="syz.1.2549" exe="/root/syz-executor" sig=0 arch=40000003 syscall=240 compat=1 ip=0xf7f92539 code=0x7ffc0000
[ 1011.728158][   T30] audit: type=1326 audit(1757727801.412:477): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=18896 comm="syz.1.2549" exe="/root/syz-executor" sig=0 arch=40000003 syscall=55 compat=1 ip=0xf7f92539 code=0x7ffc0000
[ 1011.750286][   T30] audit: type=1326 audit(1757727801.412:478): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=18896 comm="syz.1.2549" exe="/root/syz-executor" sig=0 arch=40000003 syscall=240 compat=1 ip=0xf7f92539 code=0x7ffc0000
[ 1015.349662][T18949] vxlan0: entered promiscuous mode
[ 1015.486331][T18949] vxlan0: entered allmulticast mode
[ 1015.533501][T18949] team0: Port device vxlan0 added
[ 1015.610506][ T7458] netdevsim netdevsim3 netdevsim0: set [0, 0] type 1 family 0 port 8472 - 0
[ 1015.625961][ T7458] netdevsim netdevsim3 netdevsim1: set [0, 0] type 1 family 0 port 8472 - 0
[ 1015.659473][ T7458] netdevsim netdevsim3 netdevsim2: set [0, 0] type 1 family 0 port 8472 - 0
[ 1015.738133][ T7458] netdevsim netdevsim3 netdevsim3: set [0, 0] type 1 family 0 port 8472 - 0
[ 1018.663460][T18978] tipc: Enabled bearer <eth:syzkaller0>, priority 0
[ 1018.671518][T18978] syzkaller0: entered promiscuous mode
[ 1018.677011][T18978] syzkaller0: entered allmulticast mode
[ 1018.682742][   T24] usb 3-1: new high-speed USB device number 55 using dummy_hcd
[ 1018.731807][T18978] tipc: Resetting bearer <eth:syzkaller0>
[ 1018.743162][T18977] tipc: Resetting bearer <eth:syzkaller0>
[ 1018.934127][T18977] tipc: Disabling bearer <eth:syzkaller0>
[ 1019.114565][   T24] usb 3-1: config 0 has an invalid interface number: 1 but max is 0
[ 1019.130482][   T24] usb 3-1: config 0 has no interface number 0
[ 1019.136701][   T24] usb 3-1: config 0 interface 1 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7
[ 1019.159560][   T24] usb 3-1: config 0 interface 1 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0
[ 1019.235662][   T24] usb 3-1: config 0 interface 1 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 2
[ 1019.257367][   T24] usb 3-1: New USB device found, idVendor=28bd, idProduct=0042, bcdDevice= 0.00
[ 1019.296235][   T24] usb 3-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[ 1019.359310][   T24] usb 3-1: config 0 descriptor??
[ 1019.404103][T18986] tipc: Enabled bearer <eth:syzkaller0>, priority 0
[ 1019.418315][T18986] syzkaller0: entered promiscuous mode
[ 1019.423951][T18986] syzkaller0: entered allmulticast mode
[ 1019.528844][T18986] tipc: Resetting bearer <eth:syzkaller0>
[ 1019.568752][T18991] netlink: 4 bytes leftover after parsing attributes in process `syz.1.2569'.
[ 1019.772627][T18985] tipc: Resetting bearer <eth:syzkaller0>
[ 1019.835952][T18985] tipc: Disabling bearer <eth:syzkaller0>
[ 1020.206526][   T24] input: HID 28bd:0042 as /devices/platform/dummy_hcd.2/usb3/3-1/3-1:0.1/0003:28BD:0042.0019/input/input40
[ 1020.281927][T19000] netlink: 28 bytes leftover after parsing attributes in process `syz.0.2572'.
[ 1020.305823][T19000] netlink: 8 bytes leftover after parsing attributes in process `syz.0.2572'.
[ 1020.354474][   T24] uclogic 0003:28BD:0042.0019: input,hidraw0: USB HID v0.00 Keypad [HID 28bd:0042] on usb-dummy_hcd.2-1/input1
[ 1020.429546][T18975] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy
[ 1020.452374][T18975] misc raw-gadget: fail, usb_gadget_register_driver returned -16
[ 1020.468234][T18975] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy
[ 1020.515016][T18975] misc raw-gadget: fail, usb_gadget_register_driver returned -16
[ 1021.627876][   T24] usb 3-1: USB disconnect, device number 55
[ 1021.937145][T19003] fido_id[19003]: Failed to open report descriptor at '/sys/devices/platform/dummy_hcd.2/usb3/report_descriptor': No such file or directory
[ 1022.101187][T19002] syz.4.2571 (19002): drop_caches: 2
[ 1023.815490][T19039] netlink: 4 bytes leftover after parsing attributes in process `syz.1.2579'.
[ 1023.826583][T19038] raw_sendmsg: syz.1.2579 forgot to set AF_INET. Fix it!
[ 1024.470794][T19042] tipc: Enabled bearer <eth:syzkaller0>, priority 0
[ 1024.520018][T19042] syzkaller0: entered promiscuous mode
[ 1024.525512][T19042] syzkaller0: entered allmulticast mode
[ 1024.631610][T19042] tipc: Resetting bearer <eth:syzkaller0>
[ 1024.653985][T19041] tipc: Resetting bearer <eth:syzkaller0>
[ 1024.739975][T19041] tipc: Disabling bearer <eth:syzkaller0>
[ 1025.098191][ T5866] usb 2-1: new high-speed USB device number 59 using dummy_hcd
[ 1025.784085][ T5866] usb 2-1: config 0 has no interfaces?
[ 1025.792738][ T5866] usb 2-1: New USB device found, idVendor=18b4, idProduct=fffb, bcdDevice=dc.7b
[ 1025.809392][ T5866] usb 2-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[ 1026.094573][ T5866] usb 2-1: Product: syz
[ 1026.103384][ T5866] usb 2-1: Manufacturer: syz
[ 1026.426243][ T5866] usb 2-1: SerialNumber: syz
[ 1026.718273][ T5866] usb 2-1: config 0 descriptor??
[ 1026.986141][   T24] usb 2-1: USB disconnect, device number 59
[ 1027.258920][T19077] tipc: Enabled bearer <eth:syzkaller0>, priority 0
[ 1027.273882][T19077] tipc: Resetting bearer <eth:syzkaller0>
[ 1027.302418][T19076] tipc: Disabling bearer <eth:syzkaller0>
[ 1029.741020][   T30] audit: type=1800 audit(1757727819.572:479): pid=19109 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed comm="syz.1.2592" name="SYSV00000000" dev="hugetlbfs" ino=1 res=0 errno=0
[ 1030.077836][   T24] usb 2-1: new high-speed USB device number 60 using dummy_hcd
[ 1030.440135][   T24] usb 2-1: Using ep0 maxpacket: 8
[ 1030.468281][   T24] usb 2-1: config 1 has 2 interfaces, different from the descriptor's value: 3
[ 1030.478329][   T24] usb 2-1: config 1 has no interface number 1
[ 1030.484523][   T24] usb 2-1: config 1 interface 2 altsetting 1 endpoint 0x82 has an invalid bInterval 0, changing to 7
[ 1030.548260][   T24] usb 2-1: New USB device found, idVendor=1d6b, idProduct=0101, bcdDevice= 0.40
[ 1030.557590][   T24] usb 2-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[ 1030.567045][   T24] usb 2-1: Product: syz
[ 1030.571560][   T24] usb 2-1: Manufacturer: syz
[ 1030.586551][   T24] usb 2-1: SerialNumber: syz
[ 1032.491143][   T24] usb 2-1: 2:1 : format type 0 is detected, processed as PCM
[ 1032.526049][   T24] usb 2-1: 2:1 : sample bitwidth 243 in over sample bytes 3
[ 1032.543687][   T24] usb 2-1: 2:1 : invalid UAC_FORMAT_TYPE desc
[ 1032.553815][   T24] usb 2-1: 2:1 : invalid channels 0
[ 1032.612255][   T24] usb 2-1: USB disconnect, device number 60
[ 1032.648817][T19140] tipc: Enabled bearer <eth:syzkaller0>, priority 0
[ 1032.749133][T19140] syzkaller0: entered promiscuous mode
[ 1032.754653][T19140] syzkaller0: entered allmulticast mode
[ 1033.095499][T19144] netlink: 24 bytes leftover after parsing attributes in process `syz.4.2602'.
[ 1033.123159][T19139] tipc: Resetting bearer <eth:syzkaller0>
[ 1033.168212][T19139] tipc: Disabling bearer <eth:syzkaller0>
[ 1034.259965][T19159] netlink: 28 bytes leftover after parsing attributes in process `syz.0.2605'.
[ 1034.269130][T19159] netlink: 28 bytes leftover after parsing attributes in process `syz.0.2605'.
[ 1034.289161][T19159] team0: entered promiscuous mode
[ 1034.295544][T19159] team_slave_0: entered promiscuous mode
[ 1034.302975][T19159] team_slave_1: entered promiscuous mode
[ 1034.316131][T19159] team0: left promiscuous mode
[ 1034.321044][T19159] team_slave_0: left promiscuous mode
[ 1034.326687][T19159] team_slave_1: left promiscuous mode
[ 1034.791922][   T30] audit: type=1326 audit(1757727824.632:480): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=19167 comm="syz.0.2608" exe="/root/syz-executor" sig=0 arch=40000003 syscall=240 compat=1 ip=0xf7f62539 code=0x7ffc0000
[ 1034.820093][T19169] netlink: 8 bytes leftover after parsing attributes in process `syz.0.2608'.
[ 1034.866997][   T30] audit: type=1326 audit(1757727824.662:481): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=19167 comm="syz.0.2608" exe="/root/syz-executor" sig=0 arch=40000003 syscall=240 compat=1 ip=0xf7f62539 code=0x7ffc0000
[ 1034.878581][T19168] tipc: Enabled bearer <eth:syzkaller0>, priority 0
[ 1034.955397][   T30] audit: type=1326 audit(1757727824.662:482): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=19167 comm="syz.0.2608" exe="/root/syz-executor" sig=0 arch=40000003 syscall=295 compat=1 ip=0xf7f62539 code=0x7ffc0000
[ 1034.978309][T19168] syzkaller0: entered promiscuous mode
[ 1034.978332][T19168] syzkaller0: entered allmulticast mode
[ 1034.995180][   T30] audit: type=1326 audit(1757727824.662:483): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=19167 comm="syz.0.2608" exe="/root/syz-executor" sig=0 arch=40000003 syscall=240 compat=1 ip=0xf7f62539 code=0x7ffc0000
[ 1035.020140][   T30] audit: type=1326 audit(1757727824.662:484): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=19167 comm="syz.0.2608" exe="/root/syz-executor" sig=0 arch=40000003 syscall=240 compat=1 ip=0xf7f62539 code=0x7ffc0000
[ 1035.052271][   T30] audit: type=1326 audit(1757727824.662:485): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=19167 comm="syz.0.2608" exe="/root/syz-executor" sig=0 arch=40000003 syscall=54 compat=1 ip=0xf7f62539 code=0x7ffc0000
[ 1035.082122][   T30] audit: type=1326 audit(1757727824.662:486): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=19167 comm="syz.0.2608" exe="/root/syz-executor" sig=0 arch=40000003 syscall=240 compat=1 ip=0xf7f62539 code=0x7ffc0000
[ 1035.109204][   T30] audit: type=1326 audit(1757727824.662:487): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=19167 comm="syz.0.2608" exe="/root/syz-executor" sig=0 arch=40000003 syscall=240 compat=1 ip=0xf7f62539 code=0x7ffc0000
[ 1035.118584][T19168] tipc: Resetting bearer <eth:syzkaller0>
[ 1035.133106][   T30] audit: type=1326 audit(1757727824.662:488): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=19167 comm="syz.0.2608" exe="/root/syz-executor" sig=0 arch=40000003 syscall=38 compat=1 ip=0xf7f62539 code=0x7ffc0000
[ 1035.185101][   T30] audit: type=1326 audit(1757727824.662:489): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=19167 comm="syz.0.2608" exe="/root/syz-executor" sig=0 arch=40000003 syscall=240 compat=1 ip=0xf7f62539 code=0x7ffc0000
[ 1035.207944][T19165] tipc: Resetting bearer <eth:syzkaller0>
[ 1035.233319][T19165] tipc: Disabling bearer <eth:syzkaller0>
[ 1037.944006][T19185] syz.1.2620 (19185): drop_caches: 2
[ 1038.441094][T19200] tipc: Enabled bearer <eth:syzkaller0>, priority 0
[ 1038.452674][T19200] syzkaller0: entered promiscuous mode
[ 1038.458814][T19200] syzkaller0: entered allmulticast mode
[ 1038.535219][T19199] tipc: Resetting bearer <eth:syzkaller0>
[ 1038.632081][T19199] tipc: Disabling bearer <eth:syzkaller0>
[ 1039.188143][T19208] netlink: 28 bytes leftover after parsing attributes in process `syz.2.2618'.
[ 1039.200350][T19208] netlink: 28 bytes leftover after parsing attributes in process `syz.2.2618'.
[ 1039.290028][T19211] netlink: 4 bytes leftover after parsing attributes in process `syz.1.2616'.
[ 1039.306263][T19203] syz.4.2615 (19203): drop_caches: 2
[ 1041.078651][T19245] binder: 19241:19245 ioctl c0306201 80000080 returned -14
[ 1041.218536][T19247] syz.2.2625 (19247): drop_caches: 2
[ 1041.225565][T19247] syz.2.2625 (19247): drop_caches: 2
[ 1042.989191][T19265] tipc: Enabled bearer <eth:syzkaller0>, priority 0
[ 1043.215972][T19260] syzkaller0: entered promiscuous mode
[ 1043.221575][T19260] syzkaller0: entered allmulticast mode
[ 1043.253923][T19272] F2FS-fs: Conflicting test_dummy_encryption options
[ 1048.053088][T19265] tipc: Resetting bearer <eth:syzkaller0>
[ 1048.063263][T19258] tipc: Resetting bearer <eth:syzkaller0>
[ 1048.083654][T19258] tipc: Disabling bearer <eth:syzkaller0>
[ 1048.602382][T19304] delete_channel: no stack
[ 1049.986697][T19301] delete_channel: no stack
[ 1050.900582][T19326] netlink: 209588 bytes leftover after parsing attributes in process `syz.4.2643'.
[ 1051.139405][ T5935] hid (null): unknown global tag 0xe
[ 1051.209425][ T5935] hid-generic 0081:01FF:0000.001A: unknown main item tag 0x4
[ 1051.226187][ T5935] hid-generic 0081:01FF:0000.001A: unknown main item tag 0x0
[ 1051.248987][ T5935] hid-generic 0081:01FF:0000.001A: unknown main item tag 0x7
[ 1051.455402][ T5935] hid-generic 0081:01FF:0000.001A: unknown global tag 0xe
[ 1051.900235][ T5935] hid-generic 0081:01FF:0000.001A: item 0 4 1 14 parsing failed
[ 1051.914862][ T5935] hid-generic 0081:01FF:0000.001A: probe with driver hid-generic failed with error -22
[ 1052.137842][   T24] usb 2-1: new high-speed USB device number 61 using dummy_hcd
[ 1052.356924][   T24] usb 2-1: Using ep0 maxpacket: 32
[ 1052.395858][   T24] usb 2-1: config 0 has an invalid interface number: 51 but max is 0
[ 1052.407284][   T24] usb 2-1: config 0 has no interface number 0
[ 1052.584503][   T24] usb 2-1: New USB device found, idVendor=061d, idProduct=c150, bcdDevice=ce.6f
[ 1052.702177][   T24] usb 2-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[ 1052.711220][   T24] usb 2-1: Product: syz
[ 1052.715540][   T24] usb 2-1: Manufacturer: syz
[ 1052.724682][   T24] usb 2-1: SerialNumber: syz
[ 1052.736842][   T24] usb 2-1: config 0 descriptor??
[ 1052.756140][   T30] kauditd_printk_skb: 20 callbacks suppressed
[ 1052.756158][   T30] audit: type=1326 audit(1757727842.562:510): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=19354 comm="syz.2.2648" exe="/root/syz-executor" sig=0 arch=40000003 syscall=240 compat=1 ip=0xf70ae539 code=0x7ffc0000
[ 1052.801374][   T24] quatech2 2-1:0.51: Quatech 2nd gen USB to Serial Driver converter detected
[ 1052.891478][   T30] audit: type=1326 audit(1757727842.562:511): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=19354 comm="syz.2.2648" exe="/root/syz-executor" sig=0 arch=40000003 syscall=172 compat=1 ip=0xf70ae539 code=0x7ffc0000
[ 1053.032850][   T24] usb 2-1: Quatech 2nd gen USB to Serial Driver converter now attached to ttyUSB0
[ 1053.215596][    C1] quatech-serial ttyUSB0: qt2_process_read_urb - unsupported command 91
[ 1053.216375][   T30] audit: type=1326 audit(1757727842.612:512): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=19354 comm="syz.2.2648" exe="/root/syz-executor" sig=0 arch=40000003 syscall=240 compat=1 ip=0xf70ae539 code=0x7ffc0000
[ 1053.280073][   T24] usb 2-1: Quatech 2nd gen USB to Serial Driver converter now attached to ttyUSB1
[ 1053.445024][   T30] audit: type=1326 audit(1757727842.612:513): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=19354 comm="syz.2.2648" exe="/root/syz-executor" sig=0 arch=40000003 syscall=240 compat=1 ip=0xf70ae539 code=0x7ffc0000
[ 1053.520629][T19360] netlink: 4 bytes leftover after parsing attributes in process `syz.1.2644'.
[ 1053.676794][   T30] audit: type=1326 audit(1757727842.632:514): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=19354 comm="syz.2.2648" exe="/root/syz-executor" sig=0 arch=40000003 syscall=259 compat=1 ip=0xf70ae539 code=0x7ffc0000
[ 1053.826758][    C1] usb 2-1: qt2_read_bulk_callback - non-zero urb status: -71
[ 1053.838209][   T24] usb 2-1: USB disconnect, device number 61
[ 1053.848518][   T30] audit: type=1326 audit(1757727842.632:515): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=19354 comm="syz.2.2648" exe="/root/syz-executor" sig=0 arch=40000003 syscall=240 compat=1 ip=0xf70ae539 code=0x7ffc0000
[ 1053.878314][   T30] audit: type=1326 audit(1757727842.632:516): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=19354 comm="syz.2.2648" exe="/root/syz-executor" sig=0 arch=40000003 syscall=240 compat=1 ip=0xf70ae539 code=0x7ffc0000
[ 1053.901248][   T30] audit: type=1326 audit(1757727842.632:517): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=19354 comm="syz.2.2648" exe="/root/syz-executor" sig=0 arch=40000003 syscall=260 compat=1 ip=0xf70ae539 code=0x7ffc0000
[ 1054.110613][T19369] A link change request failed with some changes committed already. Interface dummy0 may have been left with an inconsistent configuration, please check.
[ 1054.140390][   T24] quatech-serial ttyUSB0: Quatech 2nd gen USB to Serial Driver converter now disconnected from ttyUSB0
[ 1054.208283][   T30] audit: type=1326 audit(1757727842.632:518): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=19354 comm="syz.2.2648" exe="/root/syz-executor" sig=0 arch=40000003 syscall=119 compat=1 ip=0xf70ae558 code=0x7ffc0000
[ 1054.262297][   T24] quatech-serial ttyUSB1: Quatech 2nd gen USB to Serial Driver converter now disconnected from ttyUSB1
[ 1054.429488][ T1302] ieee802154 phy0 wpan0: encryption failed: -22
[ 1054.441105][   T24] quatech2 2-1:0.51: device disconnected
[ 1054.482267][ T1302] ieee802154 phy1 wpan1: encryption failed: -22
[ 1054.489543][ T5935] usb 5-1: new high-speed USB device number 43 using dummy_hcd
[ 1054.509163][   T30] audit: type=1326 audit(1757727842.632:519): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=19354 comm="syz.2.2648" exe="/root/syz-executor" sig=0 arch=40000003 syscall=119 compat=1 ip=0xf70ae558 code=0x7ffc0000
[ 1054.803601][ T5935] usb 5-1: Using ep0 maxpacket: 16
[ 1054.954747][ T5935] usb 5-1: New USB device found, idVendor=1004, idProduct=61aa, bcdDevice=4f.75
[ 1055.211838][ T5935] usb 5-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[ 1055.296884][ T5935] usb 5-1: Product: syz
[ 1055.301538][ T5935] usb 5-1: Manufacturer: syz
[ 1055.306731][ T5935] usb 5-1: SerialNumber: syz
[ 1055.396337][T19355] netlink: 48 bytes leftover after parsing attributes in process `syz.2.2648'.
[ 1055.641837][ T5935] usb 5-1: config 0 descriptor??
[ 1055.694437][ T5935] usb 5-1: bad CDC descriptors
[ 1055.795160][T19355] netlink: 4 bytes leftover after parsing attributes in process `syz.2.2648'.
[ 1056.768844][T19364] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy
[ 1056.781895][T19364] misc raw-gadget: fail, usb_gadget_register_driver returned -16
[ 1056.822319][T19385] netlink: 180 bytes leftover after parsing attributes in process `syz.1.2655'.
[ 1056.833749][T19385] netlink: 180 bytes leftover after parsing attributes in process `syz.1.2655'.
[ 1056.845542][T19385] netlink: 180 bytes leftover after parsing attributes in process `syz.1.2655'.
[ 1057.872800][T13951] usb 5-1: USB disconnect, device number 43
[ 1062.551134][T19456] usb usb8: usbfs: process 19456 (syz.2.2669) did not claim interface 0 before use
[ 1064.689819][T19485] netlink: 28 bytes leftover after parsing attributes in process `syz.2.2674'.
[ 1064.700401][T19485] netlink: 28 bytes leftover after parsing attributes in process `syz.2.2674'.
[ 1075.751219][T19598] netlink: 28 bytes leftover after parsing attributes in process `syz.4.2698'.
[ 1075.767481][T19598] netlink: 28 bytes leftover after parsing attributes in process `syz.4.2698'.
[ 1076.028368][    T9] usb 4-1: new high-speed USB device number 47 using dummy_hcd
[ 1076.316652][    T9] usb 4-1: Using ep0 maxpacket: 8
[ 1076.362043][    T9] usb 4-1: config 1 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7
[ 1076.388518][    T9] usb 4-1: config 1 interface 1 altsetting 1 bulk endpoint 0x82 has invalid maxpacket 1023
[ 1076.413194][    T9] usb 4-1: config 1 interface 1 altsetting 1 bulk endpoint 0x3 has invalid maxpacket 16
[ 1076.454194][    T9] usb 4-1: New USB device found, idVendor=0525, idProduct=a4a1, bcdDevice= 0.40
[ 1076.464631][    T9] usb 4-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[ 1076.484582][    T9] usb 4-1: Product:  
[ 1076.494727][    T9] usb 4-1: Manufacturer: 倊
[ 1076.503257][    T9] usb 4-1: SerialNumber: 㰁
[ 1076.827495][T19600] loop8: detected capacity change from 0 to 8
[ 1076.845235][T19600] Dev loop8: unable to read RDB block 8
[ 1076.852344][T19600]  loop8: unable to read partition table
[ 1076.869818][T19600] loop8: partition table beyond EOD, truncated
[ 1076.876206][T19600] loop_reread_partitions: partition scan of loop8 (�被x�^>�� �) failed (rc=-5)
[ 1076.931231][    T9] cdc_ncm 4-1:1.0: bind() failure
[ 1076.962096][    T9] cdc_ncm 4-1:1.1: CDC Union missing and no IAD found
[ 1077.327537][    T9] cdc_ncm 4-1:1.1: bind() failure
[ 1077.463280][    T9] usb 4-1: USB disconnect, device number 47
[ 1078.659597][T19635] netlink: 28 bytes leftover after parsing attributes in process `syz.1.2717'.
[ 1078.704019][T19635] netlink: 28 bytes leftover after parsing attributes in process `syz.1.2717'.
[ 1078.988608][ T5935] usb 5-1: new high-speed USB device number 44 using dummy_hcd
[ 1079.229799][ T5935] usb 5-1: config 0 has no interfaces?
[ 1079.239551][ T5935] usb 5-1: New USB device found, idVendor=18b4, idProduct=fffb, bcdDevice=dc.7b
[ 1079.275663][ T5935] usb 5-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[ 1079.296029][ T5935] usb 5-1: Product: syz
[ 1079.340465][ T5935] usb 5-1: Manufacturer: syz
[ 1079.348321][ T5935] usb 5-1: SerialNumber: syz
[ 1079.366287][ T5935] usb 5-1: config 0 descriptor??
[ 1080.912141][T13951] usb 5-1: USB disconnect, device number 44
[ 1081.495316][T19666] F2FS-fs: Conflicting test_dummy_encryption options
[ 1082.220487][   T24] usb 3-1: new high-speed USB device number 56 using dummy_hcd
[ 1082.597829][   T24] usb 3-1: Using ep0 maxpacket: 8
[ 1082.616654][   T24] usb 3-1: New USB device found, idVendor=0ccd, idProduct=00b3, bcdDevice=2d.ea
[ 1082.688824][   T24] usb 3-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[ 1082.704483][   T24] usb 3-1: Product: syz
[ 1082.713179][   T24] usb 3-1: Manufacturer: syz
[ 1082.942366][   T24] usb 3-1: SerialNumber: syz
[ 1082.980348][   T24] usb 3-1: config 0 descriptor??
[ 1083.207547][   T24] usb 3-1: dvb_usb_v2: found a 'TerraTec NOXON DAB Stick' in warm state
[ 1084.177637][T19690] IPVS: Schedule: port zero only supported in persistent services, check your ipvs configuration
[ 1084.949999][   T24] dvb_usb_rtl28xxu 3-1:0.0: probe with driver dvb_usb_rtl28xxu failed with error -71
[ 1084.961108][   T24] usb 3-1: USB disconnect, device number 56
[ 1089.113491][T19750] netlink: 180 bytes leftover after parsing attributes in process `syz.2.2732'.
[ 1089.126407][T19750] netlink: 180 bytes leftover after parsing attributes in process `syz.2.2732'.
[ 1089.139981][T19750] netlink: 180 bytes leftover after parsing attributes in process `syz.2.2732'.
[ 1090.002138][T19763] binder: 19762:19763 ioctl 541b 80000140 returned -22
[ 1090.370802][T19770] netlink: 28 bytes leftover after parsing attributes in process `syz.4.2738'.
[ 1090.381178][T19770] netlink: 28 bytes leftover after parsing attributes in process `syz.4.2738'.
[ 1091.097593][T19783] tipc: Enabling of bearer <eth:syzkaller0> rejected, already enabled
[ 1091.137421][T19781] netlink: 21 bytes leftover after parsing attributes in process `syz.4.2740'.
[ 1093.449433][T19804] tipc: Enabled bearer <eth:syzkaller0>, priority 0
[ 1093.465529][T19804] syzkaller0: entered promiscuous mode
[ 1093.474923][T19804] syzkaller0: entered allmulticast mode
[ 1093.555818][T19804] tipc: Resetting bearer <eth:syzkaller0>
[ 1093.645470][T19810] F2FS-fs: Conflicting test_dummy_encryption options
[ 1093.686395][T19803] tipc: Resetting bearer <eth:syzkaller0>
[ 1094.329297][T19803] tipc: Disabling bearer <eth:syzkaller0>
[ 1095.000246][T19825] tipc: Enabled bearer <eth:syzkaller0>, priority 0
[ 1095.076049][T19828] syzkaller0: entered promiscuous mode
[ 1095.087073][T19828] syzkaller0: entered allmulticast mode
[ 1095.138828][T19825] tipc: Resetting bearer <eth:syzkaller0>
[ 1095.267797][   T24] usb 4-1: new high-speed USB device number 48 using dummy_hcd
[ 1095.280854][T19823] tipc: Resetting bearer <eth:syzkaller0>
[ 1095.308849][T19823] tipc: Disabling bearer <eth:syzkaller0>
[ 1095.828939][   T24] usb 4-1: New USB device found, idVendor=8086, idProduct=0110, bcdDevice=bf.ad
[ 1095.856356][   T24] usb 4-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[ 1096.396617][   T24] usb 4-1: config 0 descriptor??
[ 1097.040559][   T24] gspca_main: spca508-2.14.0 probing 8086:0110
[ 1098.068053][   T24] gspca_spca508: reg_read err -110
[ 1098.076983][   T24] gspca_spca508: reg_read err -32
[ 1098.091321][   T24] gspca_spca508: reg_read err -32
[ 1098.122150][   T24] gspca_spca508: reg_read err -32
[ 1098.147580][   T24] gspca_spca508: reg write: error -32
[ 1098.470598][   T24] spca508 4-1:0.0: probe with driver spca508 failed with error -32
[ 1099.556242][ T5935] usb 4-1: USB disconnect, device number 48
[ 1099.698671][T19879] netlink: 28 bytes leftover after parsing attributes in process `syz.1.2762'.
[ 1099.707857][T19879] netlink: 28 bytes leftover after parsing attributes in process `syz.1.2762'.
[ 1099.867165][T19883] tipc: Enabled bearer <eth:syzkaller0>, priority 0
[ 1099.890672][T19882] syzkaller0: entered promiscuous mode
[ 1099.896598][T19882] syzkaller0: entered allmulticast mode
[ 1099.936817][T19882] tipc: Resetting bearer <eth:syzkaller0>
[ 1099.947326][T19881] tipc: Resetting bearer <eth:syzkaller0>
[ 1099.968374][ T5935] usb 4-1: new high-speed USB device number 49 using dummy_hcd
[ 1099.990693][T19881] tipc: Disabling bearer <eth:syzkaller0>
[ 1100.151112][ T5935] usb 4-1: Using ep0 maxpacket: 32
[ 1100.158508][ T5935] usb 4-1: config 0 has an invalid interface number: 51 but max is 0
[ 1100.167220][ T5935] usb 4-1: config 0 has no interface number 0
[ 1100.177425][   T30] kauditd_printk_skb: 550 callbacks suppressed
[ 1100.177441][   T30] audit: type=1326 audit(1757727890.022:1070): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=19886 comm="syz.0.2766" exe="/root/syz-executor" sig=0 arch=40000003 syscall=240 compat=1 ip=0xf7f62539 code=0x7ffc0000
[ 1100.209340][ T5935] usb 4-1: New USB device found, idVendor=061d, idProduct=c150, bcdDevice=ce.6f
[ 1100.259323][ T5935] usb 4-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[ 1100.264376][   T30] audit: type=1326 audit(1757727890.022:1071): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=19886 comm="syz.0.2766" exe="/root/syz-executor" sig=0 arch=40000003 syscall=240 compat=1 ip=0xf7f62539 code=0x7ffc0000
[ 1100.419005][ T5935] usb 4-1: Product: syz
[ 1100.443813][ T5935] usb 4-1: Manufacturer: syz
[ 1100.458425][ T5935] usb 4-1: SerialNumber: syz
[ 1100.470176][   T30] audit: type=1326 audit(1757727890.042:1072): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=19886 comm="syz.0.2766" exe="/root/syz-executor" sig=0 arch=40000003 syscall=172 compat=1 ip=0xf7f62539 code=0x7ffc0000
[ 1100.493946][ T5935] usb 4-1: config 0 descriptor??
[ 1100.502949][ T5935] quatech2 4-1:0.51: Quatech 2nd gen USB to Serial Driver converter detected
[ 1100.518604][   T30] audit: type=1326 audit(1757727890.042:1073): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=19886 comm="syz.0.2766" exe="/root/syz-executor" sig=0 arch=40000003 syscall=240 compat=1 ip=0xf7f62539 code=0x7ffc0000
[ 1100.541623][   T30] audit: type=1326 audit(1757727890.042:1074): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=19886 comm="syz.0.2766" exe="/root/syz-executor" sig=0 arch=40000003 syscall=240 compat=1 ip=0xf7f62539 code=0x7ffc0000
[ 1100.647845][   T30] audit: type=1326 audit(1757727890.072:1075): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=19886 comm="syz.0.2766" exe="/root/syz-executor" sig=0 arch=40000003 syscall=259 compat=1 ip=0xf7f62539 code=0x7ffc0000
[ 1100.778721][ T5935] usb 4-1: Quatech 2nd gen USB to Serial Driver converter now attached to ttyUSB0
[ 1100.789281][   T30] audit: type=1326 audit(1757727890.072:1076): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=19886 comm="syz.0.2766" exe="/root/syz-executor" sig=0 arch=40000003 syscall=240 compat=1 ip=0xf7f62539 code=0x7ffc0000
[ 1100.823287][ T5935] usb 4-1: Quatech 2nd gen USB to Serial Driver converter now attached to ttyUSB1
[ 1100.903182][   T30] audit: type=1326 audit(1757727890.072:1077): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=19886 comm="syz.0.2766" exe="/root/syz-executor" sig=0 arch=40000003 syscall=240 compat=1 ip=0xf7f62539 code=0x7ffc0000
[ 1100.962677][    C0] quatech-serial ttyUSB0: qt2_process_read_urb - unsupported command 91
[ 1101.042295][   T30] audit: type=1326 audit(1757727890.072:1078): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=19886 comm="syz.0.2766" exe="/root/syz-executor" sig=0 arch=40000003 syscall=260 compat=1 ip=0xf7f62539 code=0x7ffc0000
[ 1101.342623][T19892] netlink: 4 bytes leftover after parsing attributes in process `syz.3.2763'.
[ 1101.353493][   T30] audit: type=1326 audit(1757727890.072:1079): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=19886 comm="syz.0.2766" exe="/root/syz-executor" sig=0 arch=40000003 syscall=119 compat=1 ip=0xf7f62558 code=0x7ffc0000
[ 1102.443179][    C0] usb 4-1: qt2_read_bulk_callback - non-zero urb status: -71
[ 1102.451435][ T5935] usb 4-1: USB disconnect, device number 49
[ 1102.467429][ T5935] quatech-serial ttyUSB0: Quatech 2nd gen USB to Serial Driver converter now disconnected from ttyUSB0
[ 1102.553214][ T5935] quatech-serial ttyUSB1: Quatech 2nd gen USB to Serial Driver converter now disconnected from ttyUSB1
[ 1102.566412][ T5935] quatech2 4-1:0.51: device disconnected
[ 1102.956527][T19907] netlink: 28 bytes leftover after parsing attributes in process `syz.4.2769'.
[ 1103.028425][T19907] netlink: 28 bytes leftover after parsing attributes in process `syz.4.2769'.
[ 1103.373570][T19914] netlink: 28 bytes leftover after parsing attributes in process `syz.0.2781'.
[ 1103.384225][T19914] netlink: 28 bytes leftover after parsing attributes in process `syz.0.2781'.
[ 1103.426446][T19914] team0: entered promiscuous mode
[ 1103.541100][T19914] team_slave_0: entered promiscuous mode
[ 1103.551396][T19914] team_slave_1: entered promiscuous mode
[ 1103.757831][T19914] team0: left promiscuous mode
[ 1103.762827][T19914] team_slave_0: left promiscuous mode
[ 1103.772412][T19914] team_slave_1: left promiscuous mode
[ 1109.431954][T19975] netlink: 28 bytes leftover after parsing attributes in process `syz.0.2785'.
[ 1109.531540][T19975] netlink: 28 bytes leftover after parsing attributes in process `syz.0.2785'.
[ 1109.639762][T19975] team0: entered promiscuous mode
[ 1109.668301][T19975] team_slave_0: entered promiscuous mode
[ 1109.685992][T19975] team_slave_1: entered promiscuous mode
[ 1109.701948][T19975] team0: left promiscuous mode
[ 1109.708557][T19975] team_slave_0: left promiscuous mode
[ 1109.714544][T19975] team_slave_1: left promiscuous mode
[ 1109.910435][T19978] netlink: 28 bytes leftover after parsing attributes in process `syz.1.2786'.
[ 1109.946773][T19978] netlink: 28 bytes leftover after parsing attributes in process `syz.1.2786'.
[ 1110.182219][T19985] netlink: 4 bytes leftover after parsing attributes in process `syz.3.2789'.
[ 1113.767734][T20026] netlink: 28 bytes leftover after parsing attributes in process `syz.2.2799'.
[ 1113.788212][T20026] netlink: 28 bytes leftover after parsing attributes in process `syz.2.2799'.
[ 1115.860522][ T1302] ieee802154 phy0 wpan0: encryption failed: -22
[ 1115.866840][ T1302] ieee802154 phy1 wpan1: encryption failed: -22
[ 1116.641254][   T30] kauditd_printk_skb: 596 callbacks suppressed
[ 1116.641275][   T30] audit: type=1326 audit(1757727906.442:1676): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=20055 comm="syz.3.2803" exe="/root/syz-executor" sig=0 arch=40000003 syscall=119 compat=1 ip=0xf708e558 code=0x7ffc0000
[ 1116.672188][   T30] audit: type=1326 audit(1757727906.442:1677): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=20055 comm="syz.3.2803" exe="/root/syz-executor" sig=0 arch=40000003 syscall=240 compat=1 ip=0xf708e539 code=0x7ffc0000
[ 1116.718305][   T30] audit: type=1326 audit(1757727906.442:1678): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=20055 comm="syz.3.2803" exe="/root/syz-executor" sig=0 arch=40000003 syscall=119 compat=1 ip=0xf708e558 code=0x7ffc0000
[ 1116.903495][   T30] audit: type=1326 audit(1757727906.442:1679): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=20055 comm="syz.3.2803" exe="/root/syz-executor" sig=0 arch=40000003 syscall=240 compat=1 ip=0xf708e539 code=0x7ffc0000
[ 1117.050923][   T30] audit: type=1326 audit(1757727906.442:1680): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=20055 comm="syz.3.2803" exe="/root/syz-executor" sig=0 arch=40000003 syscall=240 compat=1 ip=0xf708e539 code=0x7ffc0000
[ 1117.079535][   T30] audit: type=1326 audit(1757727906.442:1681): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=20055 comm="syz.3.2803" exe="/root/syz-executor" sig=0 arch=40000003 syscall=119 compat=1 ip=0xf708e558 code=0x7ffc0000
[ 1117.124525][   T30] audit: type=1326 audit(1757727906.442:1682): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=20055 comm="syz.3.2803" exe="/root/syz-executor" sig=0 arch=40000003 syscall=240 compat=1 ip=0xf708e539 code=0x7ffc0000
[ 1117.200800][   T30] audit: type=1326 audit(1757727906.442:1683): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=20055 comm="syz.3.2803" exe="/root/syz-executor" sig=0 arch=40000003 syscall=240 compat=1 ip=0xf708e539 code=0x7ffc0000
[ 1117.395365][   T30] audit: type=1326 audit(1757727906.442:1684): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=20055 comm="syz.3.2803" exe="/root/syz-executor" sig=0 arch=40000003 syscall=240 compat=1 ip=0xf708e539 code=0x7ffc0000
[ 1117.608571][   T30] audit: type=1326 audit(1757727906.442:1685): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=20055 comm="syz.3.2803" exe="/root/syz-executor" sig=0 arch=40000003 syscall=240 compat=1 ip=0xf708e539 code=0x7ffc0000
[ 1120.949021][T20103] netlink: 28 bytes leftover after parsing attributes in process `syz.4.2813'.
[ 1120.968271][T20103] netlink: 28 bytes leftover after parsing attributes in process `syz.4.2813'.
[ 1122.541354][T20117] A link change request failed with some changes committed already. Interface dummy0 may have been left with an inconsistent configuration, please check.
[ 1123.230365][T20126] netlink: 12 bytes leftover after parsing attributes in process `syz.4.2819'.
[ 1123.529959][T20131] bridge0: port 1(veth9) entered blocking state
[ 1123.536562][T20131] bridge0: port 1(veth9) entered disabled state
[ 1123.978112][T20131] veth9: entered allmulticast mode
[ 1124.016287][T20131] veth9: entered promiscuous mode
[ 1124.232499][T20126] bridge0: port 2(veth0_to_bond) entered blocking state
[ 1124.300884][T20126] bridge0: port 2(veth0_to_bond) entered disabled state
[ 1124.402920][T20126] veth0_to_bond: entered allmulticast mode
[ 1124.419987][T20126] veth0_to_bond: entered promiscuous mode
[ 1124.446642][T20131] vlan0: entered allmulticast mode
[ 1124.454865][T20131] veth0_to_hsr: entered allmulticast mode
[ 1124.485122][T20131] bridge0: port 3(vlan0) entered blocking state
[ 1124.564361][T20131] bridge0: port 3(vlan0) entered disabled state
[ 1124.576123][T20131] vlan0: entered promiscuous mode
[ 1124.581896][T20131] veth0_to_hsr: entered promiscuous mode
[ 1125.169921][T20144] tipc: Enabled bearer <eth:syzkaller0>, priority 0
[ 1125.178332][T20144] syzkaller0: entered promiscuous mode
[ 1125.183801][T20144] syzkaller0: entered allmulticast mode
[ 1125.205400][T20144] tipc: Resetting bearer <eth:syzkaller0>
[ 1125.216491][T20143] tipc: Resetting bearer <eth:syzkaller0>
[ 1125.236174][T20143] tipc: Disabling bearer <eth:syzkaller0>
[ 1126.169311][T20149] netlink: 180 bytes leftover after parsing attributes in process `syz.0.2824'.
[ 1127.026867][T20148] netlink: 180 bytes leftover after parsing attributes in process `syz.0.2824'.
[ 1127.087954][T20148] netlink: 180 bytes leftover after parsing attributes in process `syz.0.2824'.
[ 1127.118445][    T9] usb 4-1: new full-speed USB device number 50 using dummy_hcd
[ 1127.321618][    T9] usb 4-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config
[ 1127.341875][    T9] usb 4-1: config 0 has 1 interface, different from the descriptor's value: 2
[ 1127.616892][    T9] usb 4-1: New USB device found, idVendor=05d8, idProduct=810a, bcdDevice=92.b8
[ 1127.655178][    T9] usb 4-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[ 1127.684461][    T9] usb 4-1: config 0 descriptor??
[ 1127.697377][    T9] dvb-usb: found a 'Artec T1 USB2.0' in warm state.
[ 1127.711048][    T9] dvb-usb: bulk message failed: -22 (3/0)
[ 1127.780396][    T9] dvb-usb: will use the device's hardware PID filter (table count: 16).
[ 1127.832883][    T9] dvbdev: DVB: registering new adapter (Artec T1 USB2.0)
[ 1127.861953][    T9] usb 4-1: media controller created
[ 1127.890829][    T9] dvbdev: dvb_create_media_entity: media entity 'dvb-demux' registered.
[ 1127.994680][    T9] dvb-usb: bulk message failed: -22 (6/0)
[ 1128.014564][    T9] dvb-usb: no frontend was attached by 'Artec T1 USB2.0'
[ 1128.047899][    T9] input: IR-receiver inside an USB DVB receiver as /devices/platform/dummy_hcd.3/usb4/4-1/input/input42
[ 1128.197523][    T9] dvb-usb: schedule remote query interval to 150 msecs.
[ 1128.202906][T20182] netlink: 4 bytes leftover after parsing attributes in process `syz.4.2832'.
[ 1128.223855][    T9] dvb-usb: Artec T1 USB2.0 successfully initialized and connected.
[ 1128.380674][    T9] dvb-usb: bulk message failed: -22 (1/0)
[ 1128.387327][    T9] dvb-usb: error while querying for an remote control event.
[ 1128.558110][    T9] dvb-usb: bulk message failed: -22 (1/0)
[ 1128.588158][    T9] dvb-usb: error while querying for an remote control event.
[ 1128.796544][    T9] dvb-usb: bulk message failed: -22 (1/0)
[ 1128.813057][    T9] dvb-usb: error while querying for an remote control event.
[ 1129.076589][    T9] dvb-usb: bulk message failed: -22 (1/0)
[ 1129.076588][   T24] usb 5-1: new high-speed USB device number 45 using dummy_hcd
[ 1129.158313][    T9] dvb-usb: error while querying for an remote control event.
[ 1129.371146][    T9] dvb-usb: bulk message failed: -22 (1/0)
[ 1129.379233][    T9] dvb-usb: error while querying for an remote control event.
[ 1129.391857][   T24] usb 5-1: unable to get BOS descriptor or descriptor too short
[ 1129.432995][   T24] usb 5-1: config 3 has an invalid descriptor of length 0, skipping remainder of the config
[ 1129.476649][   T24] usb 5-1: New USB device found, idVendor=0cf3, idProduct=1010, bcdDevice=26.db
[ 1129.493714][   T24] usb 5-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[ 1129.510197][   T24] usb 5-1: Product: syz
[ 1129.741400][   T24] usb 5-1: Manufacturer: syz
[ 1129.741429][    T9] dvb-usb: bulk message failed: -22 (1/0)
[ 1129.741472][    T9] dvb-usb: error while querying for an remote control event.
[ 1129.823423][   T24] usb 5-1: SerialNumber: syz
[ 1129.901189][    T9] dvb-usb: bulk message failed: -22 (1/0)
[ 1129.912298][    T9] dvb-usb: error while querying for an remote control event.
[ 1130.005006][T20199] netlink: 28 bytes leftover after parsing attributes in process `syz.0.2836'.
[ 1130.014713][T20199] netlink: 28 bytes leftover after parsing attributes in process `syz.0.2836'.
[ 1130.036971][T20199] team0: entered promiscuous mode
[ 1130.043326][T20199] team_slave_0: entered promiscuous mode
[ 1130.054337][T20199] team_slave_1: entered promiscuous mode
[ 1130.067288][T20199] team0: left promiscuous mode
[ 1130.073428][T20199] team_slave_0: left promiscuous mode
[ 1130.079663][T20199] team_slave_1: left promiscuous mode
[ 1130.108380][    T9] dvb-usb: bulk message failed: -22 (1/0)
[ 1130.115086][    T9] dvb-usb: error while querying for an remote control event.
[ 1130.298232][    T9] dvb-usb: bulk message failed: -22 (1/0)
[ 1130.308937][    T9] dvb-usb: error while querying for an remote control event.
[ 1130.471949][    T9] dvb-usb: bulk message failed: -22 (1/0)
[ 1130.492118][    T9] dvb-usb: error while querying for an remote control event.
[ 1130.545630][    T9] usb 4-1: USB disconnect, device number 50
[ 1130.594026][    T9] dvb-usb: Artec T1 USB2.0 successfully deinitialized and disconnected.
[ 1130.739903][   T24] usb 5-1: reset high-speed USB device number 45 using dummy_hcd
[ 1130.901077][   T24] usb 5-1: unable to get BOS descriptor or descriptor too short
[ 1131.156141][   T24] usb 5-1: USB disconnect, device number 45
[ 1133.920900][T20249] vhci_hcd: Failed attach request for unsupported USB speed: UNKNOWN
[ 1134.581604][ T5935] usb 2-1: new high-speed USB device number 62 using dummy_hcd
[ 1135.348464][ T5935] usb 2-1: Using ep0 maxpacket: 16
[ 1135.356506][ T5935] usb 2-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7
[ 1135.400336][ T5935] usb 2-1: New USB device found, idVendor=044e, idProduct=121e, bcdDevice= 0.00
[ 1135.564106][ T5935] usb 2-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[ 1135.629181][ T5935] usb 2-1: config 0 descriptor??
[ 1136.196879][T20280] netlink: 12 bytes leftover after parsing attributes in process `syz.2.2851'.
[ 1136.455993][T20280] bridge3: port 1(veth3) entered blocking state
[ 1136.612880][T20280] bridge3: port 1(veth3) entered disabled state
[ 1136.654969][T20280] veth3: entered allmulticast mode
[ 1136.705336][T20280] veth3: entered promiscuous mode
[ 1136.732459][T20283] veth0_to_bond: left allmulticast mode
[ 1136.742422][T20283] bridge3: port 2(veth0_to_bond) entered blocking state
[ 1136.876065][T20283] bridge3: port 2(veth0_to_bond) entered disabled state
[ 1136.911146][T20283] veth0_to_bond: entered allmulticast mode
[ 1136.969791][T20283] veth0_to_bond: entered promiscuous mode
[ 1137.432095][T20284] vlan2: entered allmulticast mode
[ 1137.556349][T20284] bridge3: port 3(vlan2) entered blocking state
[ 1137.563084][T20284] bridge3: port 3(vlan2) entered disabled state
[ 1137.607532][T20284] vlan2: entered promiscuous mode
[ 1137.678203][T20284] veth0_to_hsr: entered promiscuous mode
[ 1138.092749][ T5935] usbhid 2-1:0.0: can't add hid device: -71
[ 1138.100866][ T5935] usbhid 2-1:0.0: probe with driver usbhid failed with error -71
[ 1138.111327][ T5935] usb 2-1: USB disconnect, device number 62
[ 1138.935629][T20312] netlink: 28 bytes leftover after parsing attributes in process `syz.2.2859'.
[ 1139.148580][T20312] netlink: 28 bytes leftover after parsing attributes in process `syz.2.2859'.
[ 1140.808093][    T9] usb 3-1: new high-speed USB device number 57 using dummy_hcd
[ 1141.126264][    T9] usb 3-1: config 27 interface 0 altsetting 0 endpoint 0x8B has an invalid bInterval 0, changing to 7
[ 1141.168530][    T9] usb 3-1: config 27 interface 0 altsetting 0 bulk endpoint 0xB has invalid maxpacket 47
[ 1141.228311][    T9] usb 3-1: New USB device found, idVendor=0582, idProduct=0014, bcdDevice=bb.9d
[ 1141.274981][    T9] usb 3-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[ 1141.471911][T20323] raw-gadget.0 gadget.2: fail, usb_ep_enable returned -22
[ 1141.548351][    T9] usb 3-1: Quirk or no altset; falling back to MIDI 1.0
[ 1141.585155][T20315] syz.2.2860 (20315): drop_caches: 1
[ 1141.774792][T20321] syz.2.2860 (20321): drop_caches: 1
[ 1142.086900][T20315] syz.2.2860 (20315): drop_caches: 1
[ 1142.737267][    T9] usb 3-1: USB disconnect, device number 57
[ 1144.657919][   T30] kauditd_printk_skb: 515 callbacks suppressed
[ 1144.657940][   T30] audit: type=1800 audit(1757727934.492:2201): pid=20370 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed comm="syz.2.2871" name="SYSV00000000" dev="tmpfs" ino=0 res=0 errno=0
[ 1151.492403][T20455] vhci_hcd vhci_hcd.0: pdev(2) rhport(0) sockfd(5)
[ 1151.498967][T20455] vhci_hcd vhci_hcd.0: devid(0) speed(1) speed_str(low-speed)
[ 1151.660391][T20455] vhci_hcd vhci_hcd.0: Device attached
[ 1151.833730][T20456] vhci_hcd: connection closed
[ 1151.834434][   T56] vhci_hcd: stop threads
[ 1151.844541][   T56] vhci_hcd: release socket
[ 1151.850406][   T56] vhci_hcd: disconnect device
[ 1151.897958][   T24] usb 37-1: new low-speed USB device number 2 using vhci_hcd
[ 1151.905535][   T24] usb 37-1: enqueue for inactive port 0
[ 1151.982933][   T24] vhci_hcd: vhci_device speed not set
[ 1152.227802][T13951] usb 4-1: new high-speed USB device number 51 using dummy_hcd
[ 1152.338236][    T9] usb 2-1: new full-speed USB device number 63 using dummy_hcd
[ 1152.396421][T13951] usb 4-1: Using ep0 maxpacket: 32
[ 1152.425308][T13951] usb 4-1: New USB device found, idVendor=174f, idProduct=6a31, bcdDevice=26.3f
[ 1152.444815][T13951] usb 4-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[ 1152.510901][T13951] usb 4-1: Product: syz
[ 1152.557932][T13951] usb 4-1: Manufacturer: syz
[ 1152.666474][T13951] usb 4-1: SerialNumber: syz
[ 1152.706519][T13951] usb 4-1: config 0 descriptor??
[ 1152.730312][T13951] gspca_main: stk1135-2.14.0 probing 174f:6a31
[ 1153.250811][T13951] gspca_stk1135: reg_w 0x2 err -110
[ 1153.260207][T13951] gspca_stk1135: serial bus timeout: status=0x00
[ 1153.327984][T13951] gspca_stk1135: Sensor write failed
[ 1153.355618][T13951] gspca_stk1135: serial bus timeout: status=0x00
[ 1153.425366][T13951] gspca_stk1135: Sensor write failed
[ 1153.441655][T13951] gspca_stk1135: serial bus timeout: status=0x00
[ 1153.465393][T13951] gspca_stk1135: Sensor read failed
[ 1153.481650][T13951] gspca_stk1135: serial bus timeout: status=0x00
[ 1153.514954][T13951] gspca_stk1135: Sensor read failed
[ 1153.533915][T13951] gspca_stk1135: Detected sensor type unknown (0x0)
[ 1153.558428][T13951] gspca_stk1135: serial bus timeout: status=0x00
[ 1153.635440][T13951] gspca_stk1135: Sensor read failed
[ 1153.661845][T13951] gspca_stk1135: serial bus timeout: status=0x00
[ 1153.706850][T13951] gspca_stk1135: Sensor read failed
[ 1153.764682][T13951] gspca_stk1135: serial bus timeout: status=0x00
[ 1153.776042][T13951] gspca_stk1135: Sensor write failed
[ 1153.791826][T13951] gspca_stk1135: serial bus timeout: status=0x00
[ 1153.814840][T13951] gspca_stk1135: Sensor write failed
[ 1154.156689][T13951] stk1135 4-1:0.0: probe with driver stk1135 failed with error -110
[ 1154.185486][T13951] usb 4-1: USB disconnect, device number 51
[ 1155.083773][    T9] usb 2-1: unable to get BOS descriptor or descriptor too short
[ 1155.105646][    T9] usb 2-1: unable to read config index 0 descriptor/start: -71
[ 1155.126876][    T9] usb 2-1: can't read configurations, error -71
[ 1156.401225][T13951] usb 5-1: new high-speed USB device number 46 using dummy_hcd
[ 1156.411829][T20508] syz.4.2902 (20508): drop_caches: 1
[ 1156.474762][T20506] syz.4.2902 (20506): drop_caches: 1
[ 1156.623997][T20506] syz.4.2902 (20506): drop_caches: 1
[ 1156.641005][T13951] usb 5-1: config 27 interface 0 altsetting 0 endpoint 0x8B has an invalid bInterval 0, changing to 7
[ 1156.688067][T13951] usb 5-1: config 27 interface 0 altsetting 0 bulk endpoint 0xB has invalid maxpacket 47
[ 1156.853434][T13951] usb 5-1: New USB device found, idVendor=0582, idProduct=0014, bcdDevice=bb.9d
[ 1156.868066][T13951] usb 5-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[ 1156.951881][T20509] raw-gadget.0 gadget.4: fail, usb_ep_enable returned -22
[ 1157.070051][T13951] usb 5-1: Quirk or no altset; falling back to MIDI 1.0
[ 1158.236384][    T9] usb 5-1: USB disconnect, device number 46
[ 1161.984502][T20575] netlink: 28 bytes leftover after parsing attributes in process `syz.2.2916'.
[ 1162.236279][T20575] netlink: 28 bytes leftover after parsing attributes in process `syz.2.2916'.
[ 1163.154270][T20589] A link change request failed with some changes committed already. Interface dummy0 may have been left with an inconsistent configuration, please check.
[ 1164.377331][T20594] trusted_key: encrypted_key: insufficient parameters specified
[ 1164.714802][T20599] tipc: Enabled bearer <eth:syzkaller0>, priority 0
[ 1164.801122][T20599] syzkaller0: entered promiscuous mode
[ 1164.859542][T20599] syzkaller0: entered allmulticast mode
[ 1164.925213][T20599] tipc: Resetting bearer <eth:syzkaller0>
[ 1164.974856][T20598] tipc: Resetting bearer <eth:syzkaller0>
[ 1165.010355][T20598] tipc: Disabling bearer <eth:syzkaller0>
[ 1166.057936][T20620] tipc: Enabled bearer <eth:syzkaller0>, priority 0
[ 1166.094523][T20620] syzkaller0: entered promiscuous mode
[ 1166.118240][T20620] syzkaller0: entered allmulticast mode
[ 1166.218444][T20620] tipc: Resetting bearer <eth:syzkaller0>
[ 1166.229014][T20616] tipc: Resetting bearer <eth:syzkaller0>
[ 1166.246303][T20616] tipc: Disabling bearer <eth:syzkaller0>
[ 1166.333161][T20622] netlink: 28 bytes leftover after parsing attributes in process `syz.0.2927'.
[ 1166.360186][T20622] netlink: 28 bytes leftover after parsing attributes in process `syz.0.2927'.
[ 1166.363772][T20624] bond1: option mode: unable to set because the bond device has slaves
[ 1166.439821][T20622] team0: entered promiscuous mode
[ 1166.478288][T20622] team_slave_0: entered promiscuous mode
[ 1166.508757][T20622] team_slave_1: entered promiscuous mode
[ 1166.554183][T20622] team0: left promiscuous mode
[ 1166.559307][T20622] team_slave_0: left promiscuous mode
[ 1166.569676][T20622] team_slave_1: left promiscuous mode
[ 1166.632609][T20624] 8021q: adding VLAN 0 to HW filter on device macvlan3
[ 1166.642651][T20624] macvlan3: entered allmulticast mode
[ 1166.666384][T20624] bond1: (slave macvlan3): Enslaving as a backup interface with an up link
[ 1167.789700][T20639] binder: 20638:20639 unknown command 0
[ 1167.828402][T20639] binder: 20638:20639 ioctl c0306201 80000080 returned -22
[ 1167.867439][T20639] netlink: 8 bytes leftover after parsing attributes in process `syz.2.2932'.
[ 1169.423043][T20663] syz.0.2935 (20663): drop_caches: 2
[ 1169.430595][T20663] syz.0.2935 (20663): drop_caches: 2
[ 1170.504872][T20677] tipc: Enabling of bearer <eth:syzkaller0> rejected, already enabled
[ 1172.890858][T20704] fuseblk: Bad value for 'fd'
[ 1172.984655][T20705] netlink: 28 bytes leftover after parsing attributes in process `syz.3.2947'.
[ 1173.031814][T20705] netlink: 28 bytes leftover after parsing attributes in process `syz.3.2947'.
[ 1175.081875][T20727] pim6reg: entered allmulticast mode
[ 1175.146764][T20733] A link change request failed with some changes committed already. Interface dummy0 may have been left with an inconsistent configuration, please check.
[ 1176.595805][T20738] vhci_hcd vhci_hcd.0: pdev(4) rhport(0) sockfd(5)
[ 1176.602362][T20738] vhci_hcd vhci_hcd.0: devid(0) speed(1) speed_str(low-speed)
[ 1176.654591][T20738] vhci_hcd vhci_hcd.0: Device attached
[ 1176.930242][T13951] usb 41-1: new low-speed USB device number 3 using vhci_hcd
[ 1177.176408][T20739] vhci_hcd: connection reset by peer
[ 1177.299789][T17224] vhci_hcd: stop threads
[ 1177.300766][ T1302] ieee802154 phy0 wpan0: encryption failed: -22
[ 1177.304085][T17224] vhci_hcd: release socket
[ 1177.315659][ T1302] ieee802154 phy1 wpan1: encryption failed: -22
[ 1177.323432][T17224] vhci_hcd: disconnect device
[ 1177.921802][T20754] netlink: 28 bytes leftover after parsing attributes in process `syz.4.2955'.
[ 1177.933742][T20754] netlink: 28 bytes leftover after parsing attributes in process `syz.4.2955'.
[ 1178.030666][T20758] netlink: 44 bytes leftover after parsing attributes in process `syz.1.2954'.
[ 1179.779018][T20778] netem: change failed
[ 1181.089680][T20805] netlink: 'syz.4.2966': attribute type 5 has an invalid length.
[ 1182.137134][T20823] syz.2.2969 (20823): drop_caches: 2
[ 1182.223895][T20823] syz.2.2969 (20823): drop_caches: 2
[ 1182.728341][T13951] vhci_hcd: vhci_device speed not set
[ 1184.208182][    T9] usb 3-1: new full-speed USB device number 58 using dummy_hcd
[ 1185.154178][T20843] vhci_hcd vhci_hcd.0: pdev(0) rhport(0) sockfd(5)
[ 1185.160735][T20843] vhci_hcd vhci_hcd.0: devid(0) speed(1) speed_str(low-speed)
[ 1185.174648][T20849] vhci_hcd: connection closed
[ 1185.176981][T20843] vhci_hcd vhci_hcd.0: Device attached
[ 1185.192641][ T7464] vhci_hcd: stop threads
[ 1185.197219][ T7464] vhci_hcd: release socket
[ 1185.202588][ T7464] vhci_hcd: disconnect device
[ 1187.183276][    T9] usb 3-1: unable to get BOS descriptor or descriptor too short
[ 1187.237035][    T9] usb 3-1: unable to read config index 0 descriptor/start: -71
[ 1187.253476][    T9] usb 3-1: can't read configurations, error -71
[ 1189.420131][T20902] mac80211_hwsim hwsim7 wlan1: left allmulticast mode
[ 1189.532930][T20905] netlink: 'syz.1.2987': attribute type 10 has an invalid length.
[ 1189.543431][T20905] mac80211_hwsim hwsim7 wlan1: entered allmulticast mode
[ 1189.570737][T20905] bond0: (slave wlan1): Enslaving as an active interface with an up link
[ 1192.102493][T20936] netlink: 'syz.3.2993': attribute type 12 has an invalid length.
[ 1193.031787][T20947] netlink: 28 bytes leftover after parsing attributes in process `syz.3.2997'.
[ 1193.058401][T20947] netlink: 28 bytes leftover after parsing attributes in process `syz.3.2997'.
[ 1195.570512][T20983] netlink: 28 bytes leftover after parsing attributes in process `syz.1.3005'.
[ 1195.607501][T20983] netlink: 28 bytes leftover after parsing attributes in process `syz.1.3005'.
[ 1195.996077][T20994] kvm: vcpu 0: requested lapic timer restore with starting count register 0x390=4262885938 (68206175008 ns) > initial count (38369542160 ns). Using initial count to start timer.
[ 1200.648288][T21052] warning: `syz.0.3024' uses wireless extensions which will stop working for Wi-Fi 7 hardware; use nl80211
[ 1202.273717][T21067] netlink: 4 bytes leftover after parsing attributes in process `syz.4.3015'.
[ 1202.354160][T21067] tipc: Enabled bearer <udp:syz2>, priority 10
[ 1203.164421][T21075] netlink: 12 bytes leftover after parsing attributes in process `syz.1.3018'.
[ 1203.176159][T21075] netlink: 12 bytes leftover after parsing attributes in process `syz.1.3018'.
[ 1206.638732][T21119] netlink: 'syz.0.3029': attribute type 1 has an invalid length.
[ 1206.926095][T21123] syz.4.3028 (21123): drop_caches: 2
[ 1206.946717][T21123] syz.4.3028 (21123): drop_caches: 2
[ 1207.042041][T21125] binder: 21122:21125 ioctl 4018620d 0 returned -22
[ 1207.245518][T21129] binder: 21122:21129 ioctl c0306201 80000540 returned -22
[ 1207.930380][   T13] batman_adv: batadv0: adding TT local entry 33:33:00:00:00:01 to non-existent VLAN -1
[ 1208.542796][T21139] netlink: 196 bytes leftover after parsing attributes in process `syz.1.3032'.
[ 1208.697874][T13951] usb 4-1: new high-speed USB device number 52 using dummy_hcd
[ 1208.849637][T13951] usb 4-1: too many configurations: 67, using maximum allowed: 8
[ 1208.872536][T13951] usb 4-1: New USB device found, idVendor=0cf3, idProduct=9271, bcdDevice= 1.08
[ 1208.903032][T13951] usb 4-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[ 1208.929815][T13951] usb 4-1: Product: syz
[ 1208.946705][T13951] usb 4-1: Manufacturer: syz
[ 1208.963012][T13951] usb 4-1: SerialNumber: syz
[ 1209.061198][T13951] usb 4-1: ath9k_htc: Firmware ath9k_htc/htc_9271-1.4.0.fw requested
[ 1209.140996][T21143] netlink: 28 bytes leftover after parsing attributes in process `syz.4.3035'.
[ 1209.218476][T21143] netlink: 28 bytes leftover after parsing attributes in process `syz.4.3035'.
[ 1209.331087][   T24] usb 4-1: ath9k_htc: Transferred FW: ath9k_htc/htc_9271-1.4.0.fw, size: 51008
[ 1209.426342][T21148] netlink: 44 bytes leftover after parsing attributes in process `syz.0.3044'.
[ 1209.496911][T21147] pim6reg: entered allmulticast mode
[ 1210.893410][T21161] tipc: Enabling of bearer <eth:syzkaller0> rejected, failed to enable media
[ 1211.150410][   T24] usb 4-1: Service connection timeout for: 256
[ 1211.311136][   T24] ath9k_htc 4-1:1.0: ath9k_htc: Unable to initialize HTC services
[ 1211.404348][   T24] ath9k_htc: Failed to initialize the device
[ 1211.421643][   T24] usb 4-1: ath9k_htc: USB layer deinitialized
[ 1211.745283][ T5935] usb 4-1: USB disconnect, device number 52
[ 1213.094208][T21189] netlink: 8 bytes leftover after parsing attributes in process `syz.1.3040'.
[ 1214.330395][T21201] fuseblk: Bad value for 'fd'
[ 1214.627084][T21203] netlink: 48 bytes leftover after parsing attributes in process `syz.2.3046'.
[ 1214.789765][T21203] netlink: 4 bytes leftover after parsing attributes in process `syz.2.3046'.
[ 1217.501961][T21231] netlink: 35 bytes leftover after parsing attributes in process `syz.0.3053'.
[ 1217.528117][T21231] netlink: 8 bytes leftover after parsing attributes in process `syz.0.3053'.
[ 1218.367277][   T30] audit: type=1800 audit(1757728008.202:2202): pid=21243 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed comm="syz.2.3055" name="bus" dev="ramfs" ino=92266 res=0 errno=0
[ 1219.615486][T21253] netlink: 'syz.1.3067': attribute type 12 has an invalid length.
[ 1219.858231][T21263] netlink: 'syz.2.3058': attribute type 12 has an invalid length.
[ 1220.347837][   T24] usb 5-1: new full-speed USB device number 47 using dummy_hcd
[ 1221.225518][T21277] kvm: apic: phys broadcast and lowest prio
[ 1222.715228][   T24] usb 5-1: unable to get BOS descriptor or descriptor too short
[ 1222.738911][   T24] usb 5-1: unable to read config index 0 descriptor/start: -71
[ 1222.746900][   T24] usb 5-1: can't read configurations, error -71
[ 1223.165252][T21295] netlink: 'syz.0.3064': attribute type 5 has an invalid length.
[ 1224.305554][T21312] PKCS7: Unknown OID: [5] (bad)
[ 1224.311970][T21312] PKCS7: Only support pkcs7_signedData type
[ 1224.422385][T21313] syzkaller1: entered promiscuous mode
[ 1224.498486][T21313] syzkaller1: entered allmulticast mode
[ 1225.436945][T21327] binder_alloc: 21324: binder_alloc_buf, no vma
[ 1226.829234][ T5935] usb 4-1: new full-speed USB device number 53 using dummy_hcd
[ 1226.884519][T21355] loop5: detected capacity change from 0 to 2391
[ 1226.969772][T21356] loop5: detected capacity change from 2391 to 4927
[ 1227.833885][T19307] buffer_io_error: 2923 callbacks suppressed
[ 1227.833977][T19307] Buffer I/O error on dev loop5, logical block 615, async page read
[ 1230.498591][ T5935] usb 4-1: unable to get BOS descriptor or descriptor too short
[ 1230.515485][ T5935] usb 4-1: unable to read config index 0 descriptor/start: -71
[ 1230.554326][ T5935] usb 4-1: can't read configurations, error -71
[ 1231.012493][T21386] netlink: 'syz.3.3085': attribute type 5 has an invalid length.
[ 1231.086640][T21358] netlink: 'syz.2.3084': attribute type 1 has an invalid length.
[ 1231.293085][T21383] bond2: (slave ip6gretap1): Enslaving as a backup interface with an up link
[ 1231.306569][T17224] bond2: Warning: No 802.3ad response from the link partner for any adapters in the bond
[ 1231.356177][T21391] vhci_hcd vhci_hcd.0: pdev(1) rhport(0) sockfd(5)
[ 1231.362735][T21391] vhci_hcd vhci_hcd.0: devid(0) speed(1) speed_str(low-speed)
[ 1231.375219][T21358] 8021q: adding VLAN 0 to HW filter on device bond2
[ 1231.381369][T21391] vhci_hcd vhci_hcd.0: Device attached
[ 1231.703025][T17224] bond2: Warning: No 802.3ad response from the link partner for any adapters in the bond
[ 1231.758297][   T24] usb 35-1: new low-speed USB device number 3 using vhci_hcd
[ 1232.061563][T21358] veth5: entered promiscuous mode
[ 1232.082470][T21358] bond2: (slave veth5): Enslaving as a backup interface with a down link
[ 1232.366524][T21392] vhci_hcd: connection reset by peer
[ 1232.387255][ T7458] vhci_hcd: stop threads
[ 1232.394501][ T7458] vhci_hcd: release socket
[ 1232.432309][ T7458] vhci_hcd: disconnect device
[ 1232.773603][T21409] netlink: 'syz.0.3090': attribute type 12 has an invalid length.
[ 1233.842776][T21427] syz.3.3093 (21427): drop_caches: 2
[ 1233.872497][T21427] syz.3.3093 (21427): drop_caches: 2
[ 1234.004162][ T5935] usb 5-1: new high-speed USB device number 49 using dummy_hcd
[ 1234.679052][ T5935] usb 5-1: too many configurations: 67, using maximum allowed: 8
[ 1234.697020][ T5935] usb 5-1: New USB device found, idVendor=0cf3, idProduct=9271, bcdDevice= 1.08
[ 1234.706975][ T5935] usb 5-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[ 1234.728632][ T5935] usb 5-1: Product: syz
[ 1234.756484][ T5935] usb 5-1: Manufacturer: syz
[ 1234.771807][ T5935] usb 5-1: SerialNumber: syz
[ 1234.800201][ T5935] usb 5-1: ath9k_htc: Firmware ath9k_htc/htc_9271-1.4.0.fw requested
[ 1234.818888][    T9] usb 5-1: ath9k_htc: Transferred FW: ath9k_htc/htc_9271-1.4.0.fw, size: 51008
[ 1235.262762][T21437] netlink: 28 bytes leftover after parsing attributes in process `syz.1.3097'.
[ 1235.272153][T21437] netlink: 28 bytes leftover after parsing attributes in process `syz.1.3097'.
[ 1236.005328][T21439] tipc: Enabling of bearer <eth:syzkaller0> rejected, already enabled
[ 1236.248188][T13951] usb 5-1: USB disconnect, device number 49
[ 1236.257776][    T9] usb 5-1: Service connection timeout for: 256
[ 1236.264121][    T9] ath9k_htc 5-1:1.0: ath9k_htc: Unable to initialize HTC services
[ 1236.290161][    T9] ath9k_htc: Failed to initialize the device
[ 1236.300422][T13951] usb 5-1: ath9k_htc: USB layer deinitialized
[ 1236.674338][T21462] netlink: 'syz.2.3102': attribute type 5 has an invalid length.
[ 1236.888342][   T24] vhci_hcd: vhci_device speed not set
[ 1237.302320][T21472] fuseblk: Bad value for 'fd'
[ 1238.458136][    T9] usb 3-1: new high-speed USB device number 60 using dummy_hcd
[ 1238.688278][    T9] usb 3-1: Using ep0 maxpacket: 32
[ 1238.791207][ T1302] ieee802154 phy0 wpan0: encryption failed: -22
[ 1238.798574][    T9] usb 3-1: config 0 has an invalid interface number: 1 but max is 0
[ 1238.807200][ T1302] ieee802154 phy1 wpan1: encryption failed: -22
[ 1238.824285][    T9] usb 3-1: config 0 has no interface number 0
[ 1238.846312][    T9] usb 3-1: New USB device found, idVendor=8086, idProduct=9500, bcdDevice=b6.d8
[ 1238.870727][    T9] usb 3-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[ 1238.907047][    T9] usb 3-1: Product: syz
[ 1238.935899][    T9] usb 3-1: Manufacturer: syz
[ 1238.959754][    T9] usb 3-1: SerialNumber: syz
[ 1238.974973][    T9] usb 3-1: config 0 descriptor??
[ 1239.010876][    T9] usb 3-1: dvb_usb_v2: found a 'Intel CE9500 reference design' in warm state
[ 1239.046596][    T9] usb 3-1: selecting invalid altsetting 1
[ 1239.056066][    T9] usb 3-1: dvb_usb_ce6230: usb_set_interface() failed=-22
[ 1239.079127][    T9] usb 3-1: dvb_usb_v2: will pass the complete MPEG2 transport stream to the software demuxer
[ 1239.094308][    T9] dvbdev: DVB: registering new adapter (Intel CE9500 reference design)
[ 1239.103404][    T9] usb 3-1: media controller created
[ 1239.144548][    T9] dvbdev: dvb_create_media_entity: media entity 'dvb-demux' registered.
[ 1239.389095][T21478] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy
[ 1239.453695][T21478] misc raw-gadget: fail, usb_gadget_register_driver returned -16
[ 1239.556492][    T9] usb 3-1: dvb_usb_ce6230: usb_control_msg() failed=-71
[ 1239.589034][    T9] zl10353_read_register: readreg error (reg=127, ret==-71)
[ 1240.238824][    T9] usb 3-1: dvb_usb_ce6230: usb_set_interface() failed=-71
[ 1240.529304][    T9] usb 3-1: USB disconnect, device number 60
[ 1242.218546][    T9] usb 2-1: new high-speed USB device number 65 using dummy_hcd
[ 1242.752304][    T9] usb 2-1: Using ep0 maxpacket: 16
[ 1242.767343][    T9] usb 2-1: New USB device found, idVendor=04dd, idProduct=8002, bcdDevice=fc.b6
[ 1242.784013][    T9] usb 2-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[ 1242.793229][    T9] usb 2-1: Product: syz
[ 1242.805756][    T9] usb 2-1: Manufacturer: syz
[ 1242.820466][    T9] usb 2-1: SerialNumber: syz
[ 1242.888881][    T9] usb 2-1: config 0 descriptor??
[ 1242.985330][    T9] safe_serial 2-1:0.0: safe_serial converter detected
[ 1243.086503][    T9] usb 2-1: safe_serial converter now attached to ttyUSB0
[ 1243.542313][   T24] usb 2-1: USB disconnect, device number 65
[ 1243.561815][   T24] safe_serial ttyUSB0: safe_serial converter now disconnected from ttyUSB0
[ 1243.572748][   T24] safe_serial 2-1:0.0: device disconnected
[ 1243.937481][T21539] netlink: 12 bytes leftover after parsing attributes in process `syz.0.3121'.
[ 1245.515117][   T13] netdevsim netdevsim3 netdevsim3 (unregistering): unset [0, 0] type 1 family 0 port 8472 - 0
[ 1245.551317][   T13] netdevsim netdevsim3 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[ 1245.564828][   T13] netdevsim netdevsim3 netdevsim3 (unregistering): unset [1, 1] type 2 family 0 port 20000 - 0
[ 1245.706117][   T13] netdevsim netdevsim3 netdevsim2 (unregistering): unset [0, 0] type 1 family 0 port 8472 - 0
[ 1245.726005][   T13] netdevsim netdevsim3 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[ 1245.746463][   T13] netdevsim netdevsim3 netdevsim2 (unregistering): unset [1, 1] type 2 family 0 port 20000 - 0
[ 1246.200162][   T13] netdevsim netdevsim3 netdevsim1 (unregistering): unset [0, 0] type 1 family 0 port 8472 - 0
[ 1246.948491][   T13] netdevsim netdevsim3 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[ 1247.071512][   T13] netdevsim netdevsim3 netdevsim1 (unregistering): unset [1, 1] type 2 family 0 port 20000 - 0
[ 1248.302771][   T13] netdevsim netdevsim3 netdevsim0 (unregistering): unset [0, 0] type 1 family 0 port 8472 - 0
[ 1248.591060][   T13] netdevsim netdevsim3 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[ 1248.672440][   T13] netdevsim netdevsim3 netdevsim0 (unregistering): unset [1, 1] type 2 family 0 port 20000 - 0
[ 1248.736092][T21578] Bluetooth: hci4: unexpected cc 0x0c03 length: 249 > 1
[ 1248.756210][T21578] Bluetooth: hci4: unexpected cc 0x1003 length: 249 > 9
[ 1248.766779][T21578] Bluetooth: hci4: unexpected cc 0x1001 length: 249 > 9
[ 1248.794187][T21578] Bluetooth: hci4: unexpected cc 0x0c23 length: 249 > 4
[ 1248.802023][T21578] Bluetooth: hci4: unexpected cc 0x0c38 length: 249 > 2
[ 1248.828382][ T5873] Bluetooth: hci4: unexpected cc 0x0c03 length: 249 > 1
[ 1248.839163][ T5873] Bluetooth: hci4: unexpected cc 0x1003 length: 249 > 9
[ 1248.847149][ T5873] Bluetooth: hci4: unexpected cc 0x1001 length: 249 > 9
[ 1248.857004][ T5873] Bluetooth: hci4: unexpected cc 0x0c23 length: 249 > 4
[ 1248.864930][ T5873] Bluetooth: hci4: unexpected cc 0x0c38 length: 249 > 2
[ 1249.435470][   T13] team0: left allmulticast mode
[ 1249.468370][   T13] team_slave_0: left allmulticast mode
[ 1249.561336][   T13] team_slave_1: left allmulticast mode
[ 1249.582799][   T13] vxlan0: left allmulticast mode
[ 1249.605567][   T13] team0: left promiscuous mode
[ 1249.668151][   T13] team_slave_0: left promiscuous mode
[ 1249.778465][   T13] team_slave_1: left promiscuous mode
[ 1249.798447][   T13] vxlan0: left promiscuous mode
[ 1249.805724][   T13] bridge0: port 3(team0) entered disabled state
[ 1250.113614][   T13] bridge_slave_1: left allmulticast mode
[ 1250.128658][   T13] bridge_slave_1: left promiscuous mode
[ 1250.144043][   T13] bridge0: port 2(bridge_slave_1) entered disabled state
[ 1250.358587][T21602] vhci_hcd vhci_hcd.0: pdev(0) rhport(0) sockfd(5)
[ 1250.365157][T21602] vhci_hcd vhci_hcd.0: devid(0) speed(1) speed_str(low-speed)
[ 1250.376647][   T13] bridge_slave_0: left allmulticast mode
[ 1250.392986][   T13] bridge_slave_0: left promiscuous mode
[ 1250.408444][   T13] bridge0: port 1(bridge_slave_0) entered disabled state
[ 1250.431089][T21602] vhci_hcd vhci_hcd.0: Device attached
[ 1250.826948][   T13] bond_slave_0: left promiscuous mode
[ 1250.957747][T13951] usb 33-1: new low-speed USB device number 2 using vhci_hcd
[ 1251.006000][T21603] vhci_hcd: connection closed
[ 1251.006274][T21578] Bluetooth: hci4: command tx timeout
[ 1251.014454][T16414] vhci_hcd: stop threads
[ 1251.019813][   T13] bond_slave_1: left promiscuous mode
[ 1251.034776][T16414] vhci_hcd: release socket
[ 1251.039664][T16414] vhci_hcd: disconnect device
[ 1251.485100][   T13] bond3 (unregistering): (slave gretap1): Releasing active interface
[ 1251.541322][   T13] bond2 (unregistering): (slave geneve2): Releasing active interface
[ 1251.660026][   T13] team0: Port device vxlan0 removed
[ 1251.796369][T21618] netlink: 'syz.1.3133': attribute type 5 has an invalid length.
[ 1252.103392][   T13] bond1 (unregistering): (slave macvlan2): Removing an active aggregator
[ 1252.115582][   T13] bond1 (unregistering): (slave macvlan2): Releasing backup interface
[ 1252.139036][   T13] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface
[ 1252.156200][   T13] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface
[ 1252.180135][   T13] bond0 (unregistering): (slave dummy0): Releasing backup interface
[ 1252.194596][   T13] bond0 (unregistering): Released all slaves
[ 1252.469244][   T13] bond1 (unregistering): Released all slaves
[ 1252.688490][   T13] bond2 (unregistering): Released all slaves
[ 1252.728603][   T13] bond3 (unregistering): Released all slaves
[ 1253.103279][T21578] Bluetooth: hci4: command tx timeout
[ 1253.348645][   T13] : left promiscuous mode
[ 1253.620582][   T13] : left promiscuous mode
[ 1253.820866][   T13] tipc: Left network mode
[ 1255.036930][T21580] chnl_net:caif_netlink_parms(): no params data found
[ 1255.229617][T21578] Bluetooth: hci4: command tx timeout
[ 1255.569912][   T13] hsr_slave_0: left promiscuous mode
[ 1255.586211][   T13] hsr_slave_1: left promiscuous mode
[ 1255.783139][   T13] veth1_macvtap: left allmulticast mode
[ 1255.790161][   T13] veth1_macvtap: left promiscuous mode
[ 1255.796295][   T13] veth0_macvtap: left promiscuous mode
[ 1255.813861][   T13] veth1_vlan: left promiscuous mode
[ 1256.417819][T13951] vhci_hcd: vhci_device speed not set
[ 1256.530348][ T5873] Bluetooth: hci1: unexpected cc 0x0c03 length: 249 > 1
[ 1256.556977][ T5873] Bluetooth: hci1: unexpected cc 0x1003 length: 249 > 9
[ 1256.579169][ T5873] Bluetooth: hci1: unexpected cc 0x1001 length: 249 > 9
[ 1256.587047][ T5873] Bluetooth: hci1: unexpected cc 0x0c23 length: 249 > 4
[ 1256.597100][ T5873] Bluetooth: hci1: unexpected cc 0x0c38 length: 249 > 2
[ 1257.299161][T21578] Bluetooth: hci4: command tx timeout
[ 1258.258215][   T13] team0 (unregistering): Port device team_slave_1 removed
[ 1258.470214][   T13] team0 (unregistering): Port device team_slave_0 removed
[ 1258.658964][T21578] Bluetooth: hci1: command tx timeout
[ 1259.103208][T21698] netlink: 'syz.1.3148': attribute type 5 has an invalid length.
[ 1260.439875][T21707] vhci_hcd vhci_hcd.0: pdev(4) rhport(0) sockfd(5)
[ 1260.446444][T21707] vhci_hcd vhci_hcd.0: devid(0) speed(1) speed_str(low-speed)
[ 1260.466275][T21707] vhci_hcd vhci_hcd.0: Device attached
[ 1260.725843][T13951] usb 41-1: new low-speed USB device number 4 using vhci_hcd
[ 1260.737970][T21578] Bluetooth: hci1: command tx timeout
[ 1261.165551][T21708] vhci_hcd: connection reset by peer
[ 1261.171243][   T56] vhci_hcd: stop threads
[ 1261.175869][   T56] vhci_hcd: release socket
[ 1261.213443][   T56] vhci_hcd: disconnect device
[ 1261.310886][T21580] bridge0: port 1(bridge_slave_0) entered blocking state
[ 1261.360269][T21580] bridge0: port 1(bridge_slave_0) entered disabled state
[ 1261.372136][T21580] bridge_slave_0: entered allmulticast mode
[ 1261.383508][T21580] bridge_slave_0: entered promiscuous mode
[ 1261.405035][T21580] bridge0: port 2(bridge_slave_1) entered blocking state
[ 1261.523688][T21580] bridge0: port 2(bridge_slave_1) entered disabled state
[ 1261.536217][T21580] bridge_slave_1: entered allmulticast mode
[ 1261.611826][T21580] bridge_slave_1: entered promiscuous mode
[ 1262.144542][T21580] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link
[ 1262.392796][T21580] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link
[ 1262.859579][T21578] Bluetooth: hci1: command tx timeout
[ 1262.940047][T21580] team0: Port device team_slave_0 added
[ 1263.450009][T21580] team0: Port device team_slave_1 added
[ 1264.211817][T21580] batman_adv: batadv0: Adding interface: batadv_slave_0
[ 1264.249185][T21580] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[ 1264.320790][T21580] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active
[ 1264.494904][T21580] batman_adv: batadv0: Adding interface: batadv_slave_1
[ 1264.504334][T21765] netlink: 44 bytes leftover after parsing attributes in process `syz.1.3157'.
[ 1264.538480][T21580] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[ 1264.633768][T21580] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active
[ 1264.912486][T21578] Bluetooth: hci1: command tx timeout
[ 1264.922954][T21668] chnl_net:caif_netlink_parms(): no params data found
[ 1265.266317][T21580] hsr_slave_0: entered promiscuous mode
[ 1265.276172][T21580] hsr_slave_1: entered promiscuous mode
[ 1265.286634][T21580] debugfs: 'hsr0' already exists in 'hsr'
[ 1265.304246][T21580] Cannot create hsr debugfs directory
[ 1265.847862][T13951] vhci_hcd: vhci_device speed not set
[ 1265.942797][T21792] PKCS7: Unknown OID: [5] (bad)
[ 1265.952152][T21792] PKCS7: Only support pkcs7_signedData type
[ 1267.134169][T21668] bridge0: port 1(bridge_slave_0) entered blocking state
[ 1267.158655][T21668] bridge0: port 1(bridge_slave_0) entered disabled state
[ 1267.186271][T21668] bridge_slave_0: entered allmulticast mode
[ 1267.210019][T21668] bridge_slave_0: entered promiscuous mode
[ 1267.310261][   T13] bridge_slave_1: left allmulticast mode
[ 1267.315967][   T13] bridge_slave_1: left promiscuous mode
[ 1267.340677][   T13] bridge0: port 2(bridge_slave_1) entered disabled state
[ 1267.524417][   T13] bridge_slave_0: left allmulticast mode
[ 1267.530523][   T13] bridge_slave_0: left promiscuous mode
[ 1267.536346][   T13] bridge0: port 1(bridge_slave_0) entered disabled state
[ 1267.831887][   T13] bond2 (unregistering): (slave gretap1): Releasing active interface
[ 1268.120363][   T13] bond0 (unregistering): (slave vxlan0): Releasing backup interface
[ 1268.130670][   T13] vxlan0 (unregistering): left promiscuous mode
[ 1269.617526][   T13] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface
[ 1269.639642][   T13] bond_slave_0: left promiscuous mode
[ 1269.659968][   T13] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface
[ 1269.669774][   T13] bond_slave_1: left promiscuous mode
[ 1269.678780][   T13] bond0 (unregistering): Released all slaves
[ 1269.705539][   T13] bond1 (unregistering): Released all slaves
[ 1269.736822][   T13] bond2 (unregistering): Released all slaves
[ 1269.761074][T21668] bridge0: port 2(bridge_slave_1) entered blocking state
[ 1269.781010][T21668] bridge0: port 2(bridge_slave_1) entered disabled state
[ 1269.789968][T21668] bridge_slave_1: entered allmulticast mode
[ 1269.833134][T21668] bridge_slave_1: entered promiscuous mode
[ 1269.974021][   T13] : left promiscuous mode
[ 1270.095921][T21668] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link
[ 1270.176695][   T13] tipc: Left network mode
[ 1270.182085][T21668] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link
[ 1270.442356][T21668] team0: Port device team_slave_0 added
[ 1270.513626][T21668] team0: Port device team_slave_1 added
[ 1270.801093][T21668] batman_adv: batadv0: Adding interface: batadv_slave_0
[ 1270.812910][T21668] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[ 1270.845090][T21668] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active
[ 1270.915622][T21668] batman_adv: batadv0: Adding interface: batadv_slave_1
[ 1270.959804][T21668] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[ 1270.991215][T21668] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active
[ 1271.788591][T21668] hsr_slave_0: entered promiscuous mode
[ 1271.795511][T21668] hsr_slave_1: entered promiscuous mode
[ 1271.839522][T21864] syz.1.3166 (21864): drop_caches: 2
[ 1271.896078][T21864] syz.1.3166 (21864): drop_caches: 2
[ 1271.956809][T21668] debugfs: 'hsr0' already exists in 'hsr'
[ 1272.098294][T21668] Cannot create hsr debugfs directory
[ 1272.366432][   T13] hsr_slave_0: left promiscuous mode
[ 1272.437181][   T13] hsr_slave_1: left promiscuous mode
[ 1272.443931][   T13] batman_adv: batadv0: Removing interface: batadv_slave_0
[ 1272.486276][   T13] batman_adv: batadv0: Removing interface: batadv_slave_1
[ 1272.514435][T21870] binder: 21866:21870 ioctl c0306201 80000080 returned -14
[ 1272.782746][   T13] pim6reg (unregistering): left allmulticast mode
[ 1274.389388][   T13] team0 (unregistering): Port device team_slave_1 removed
[ 1274.560664][   T13] team0 (unregistering): Port device team_slave_0 removed
[ 1275.465093][T21580] netdevsim netdevsim3 netdevsim0: renamed from eth0
[ 1275.493026][T21863] Bluetooth: hci4: Opcode 0x0c1a failed: -4
[ 1275.510873][T21863] Bluetooth: hci4: Opcode 0x0406 failed: -4
[ 1275.526402][T21580] netdevsim netdevsim3 netdevsim1: renamed from eth1
[ 1275.538741][T21863] Bluetooth: hci4: Opcode 0x0406 failed: -4
[ 1275.546877][T21863] Bluetooth: hci1: Opcode 0x0c1a failed: -4
[ 1275.557564][T21863] Bluetooth: hci1: Opcode 0x0406 failed: -4
[ 1275.575386][T21863] Bluetooth: hci1: Opcode 0x0406 failed: -4
[ 1275.818497][T21580] netdevsim netdevsim3 netdevsim2: renamed from eth2
[ 1275.911050][T21580] netdevsim netdevsim3 netdevsim3: renamed from eth3
[ 1276.005134][   T13] IPVS: stop unused estimator thread 0...
[ 1276.272248][   T13] ------------[ cut here ]------------
[ 1276.278143][   T13] WARNING: CPU: 0 PID: 13 at net/xfrm/xfrm_state.c:3303 xfrm_state_fini+0x26d/0x2f0
[ 1276.287565][   T13] Modules linked in:
[ 1276.292153][   T13] CPU: 0 UID: 0 PID: 13 Comm: kworker/u8:1 Not tainted syzkaller #0 PREEMPT(full) 
[ 1276.302074][   T13] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 08/18/2025
[ 1276.312441][   T13] Workqueue: netns cleanup_net
[ 1276.317212][   T13] RIP: 0010:xfrm_state_fini+0x26d/0x2f0
[ 1276.323087][   T13] Code: c1 e8 03 42 80 3c 28 00 74 08 48 89 df e8 bb 6d 00 f8 48 8b 3b 5b 41 5c 41 5d 41 5e 41 5f 5d e9 39 28 e1 f7 e8 04 fb 9c f7 90 <0f> 0b 90 e9 fd fd ff ff e8 f6 fa 9c f7 90 0f 0b 90 e9 60 fe ff ff
[ 1276.343111][   T13] RSP: 0018:ffffc90000127898 EFLAGS: 00010293
[ 1276.349563][   T13] RAX: ffffffff8a22c3fc RBX: ffff8880335f8000 RCX: ffff88801cec8000
[ 1276.357527][   T13] RDX: 0000000000000000 RSI: ffffffff8dba9339 RDI: ffff88801cec8000
[ 1276.365821][   T13] RBP: ffffc900001279b0 R08: ffffffff8fa3a437 R09: 1ffffffff1f47486
[ 1276.374116][   T13] R10: dffffc0000000000 R11: fffffbfff1f47487 R12: ffffffff8f632bc0
[ 1276.382235][   T13] R13: 1ffff92000024f40 R14: ffff8880335f9480 R15: dffffc0000000000
[ 1276.390235][   T13] FS:  0000000000000000(0000) GS:ffff888125c15000(0000) knlGS:0000000000000000
[ 1276.399210][   T13] CS:  0010 DS: 0000 ES: 0000 CR0: 0000000080050033
[ 1276.405791][   T13] CR2: 00005649d91fd950 CR3: 0000000073e08000 CR4: 00000000003526f0
[ 1276.414336][   T13] DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000
[ 1276.422617][   T13] DR3: 000000000000000e DR6: 00000000ffff0ff0 DR7: 0000000000000400
[ 1276.430871][   T13] Call Trace:
[ 1276.434143][   T13]  <TASK>
[ 1276.437078][   T13]  xfrm_net_exit+0x2d/0x70
[ 1276.441879][   T13]  ops_undo_list+0x49a/0x990
[ 1276.446468][   T13]  ? __pfx_ops_undo_list+0x10/0x10
[ 1276.451864][   T13]  ? do_raw_spin_unlock+0x122/0x240
[ 1276.457061][   T13]  cleanup_net+0x4c5/0x800
[ 1276.461796][   T13]  ? __pfx_cleanup_net+0x10/0x10
[ 1276.466721][   T13]  ? _raw_spin_unlock_irq+0x23/0x50
[ 1276.472209][   T13]  ? process_scheduled_works+0x9ef/0x17b0
[ 1276.478420][   T13]  ? process_scheduled_works+0x9ef/0x17b0
[ 1276.484162][   T13]  process_scheduled_works+0xae1/0x17b0
[ 1276.490089][   T13]  ? __pfx_process_scheduled_works+0x10/0x10
[ 1276.496068][   T13]  worker_thread+0x8a0/0xda0
[ 1276.501280][   T13]  kthread+0x70e/0x8a0
[ 1276.505376][   T13]  ? __pfx_worker_thread+0x10/0x10
[ 1276.510816][   T13]  ? __pfx_kthread+0x10/0x10
[ 1276.515407][   T13]  ? _raw_spin_unlock_irq+0x23/0x50
[ 1276.520895][   T13]  ? lockdep_hardirqs_on+0x9c/0x150
[ 1276.526094][   T13]  ? __pfx_kthread+0x10/0x10
[ 1276.531098][   T13]  ret_from_fork+0x436/0x7d0
[ 1276.535682][   T13]  ? __pfx_ret_from_fork+0x10/0x10
[ 1276.541059][   T13]  ? __switch_to_asm+0x39/0x70
[ 1276.545830][   T13]  ? __switch_to_asm+0x33/0x70
[ 1276.551138][   T13]  ? __pfx_kthread+0x10/0x10
[ 1276.555762][   T13]  ret_from_fork_asm+0x1a/0x30
[ 1276.561120][   T13]  </TASK>
[ 1276.564158][   T13] Kernel panic - not syncing: kernel: panic_on_warn set ...
[ 1276.571444][   T13] CPU: 0 UID: 0 PID: 13 Comm: kworker/u8:1 Not tainted syzkaller #0 PREEMPT(full) 
[ 1276.580740][   T13] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 08/18/2025
[ 1276.590912][   T13] Workqueue: netns cleanup_net
[ 1276.595704][   T13] Call Trace:
[ 1276.598996][   T13]  <TASK>
[ 1276.601938][   T13]  dump_stack_lvl+0x99/0x250
[ 1276.606546][   T13]  ? __asan_memcpy+0x40/0x70
[ 1276.611152][   T13]  ? __pfx_dump_stack_lvl+0x10/0x10
[ 1276.616378][   T13]  ? __pfx__printk+0x10/0x10
[ 1276.620992][   T13]  vpanic+0x281/0x750
[ 1276.624975][   T13]  ? __pfx__printk+0x10/0x10
[ 1276.629562][   T13]  ? __pfx_vpanic+0x10/0x10
[ 1276.634059][   T13]  ? is_bpf_text_address+0x292/0x2b0
[ 1276.639358][   T13]  panic+0xb9/0xc0
[ 1276.643070][   T13]  ? __pfx_panic+0x10/0x10
[ 1276.647490][   T13]  __warn+0x31b/0x4b0
[ 1276.651466][   T13]  ? xfrm_state_fini+0x26d/0x2f0
[ 1276.656407][   T13]  ? xfrm_state_fini+0x26d/0x2f0
[ 1276.661340][   T13]  report_bug+0x2be/0x4f0
[ 1276.665660][   T13]  ? xfrm_state_fini+0x26d/0x2f0
[ 1276.670594][   T13]  ? xfrm_state_fini+0x26d/0x2f0
[ 1276.675527][   T13]  ? xfrm_state_fini+0x26f/0x2f0
[ 1276.680463][   T13]  handle_bug+0x84/0x160
[ 1276.684700][   T13]  exc_invalid_op+0x1a/0x50
[ 1276.689203][   T13]  asm_exc_invalid_op+0x1a/0x20
[ 1276.694044][   T13] RIP: 0010:xfrm_state_fini+0x26d/0x2f0
[ 1276.699610][   T13] Code: c1 e8 03 42 80 3c 28 00 74 08 48 89 df e8 bb 6d 00 f8 48 8b 3b 5b 41 5c 41 5d 41 5e 41 5f 5d e9 39 28 e1 f7 e8 04 fb 9c f7 90 <0f> 0b 90 e9 fd fd ff ff e8 f6 fa 9c f7 90 0f 0b 90 e9 60 fe ff ff
[ 1276.719214][   T13] RSP: 0018:ffffc90000127898 EFLAGS: 00010293
[ 1276.725280][   T13] RAX: ffffffff8a22c3fc RBX: ffff8880335f8000 RCX: ffff88801cec8000
[ 1276.733242][   T13] RDX: 0000000000000000 RSI: ffffffff8dba9339 RDI: ffff88801cec8000
[ 1276.741204][   T13] RBP: ffffc900001279b0 R08: ffffffff8fa3a437 R09: 1ffffffff1f47486
[ 1276.749165][   T13] R10: dffffc0000000000 R11: fffffbfff1f47487 R12: ffffffff8f632bc0
[ 1276.757125][   T13] R13: 1ffff92000024f40 R14: ffff8880335f9480 R15: dffffc0000000000
[ 1276.765092][   T13]  ? xfrm_state_fini+0x26c/0x2f0
[ 1276.770123][   T13]  ? xfrm_state_fini+0x26c/0x2f0
[ 1276.775061][   T13]  xfrm_net_exit+0x2d/0x70
[ 1276.779466][   T13]  ops_undo_list+0x49a/0x990
[ 1276.784052][   T13]  ? __pfx_ops_undo_list+0x10/0x10
[ 1276.789158][   T13]  ? do_raw_spin_unlock+0x122/0x240
[ 1276.794356][   T13]  cleanup_net+0x4c5/0x800
[ 1276.798767][   T13]  ? __pfx_cleanup_net+0x10/0x10
[ 1276.803707][   T13]  ? _raw_spin_unlock_irq+0x23/0x50
[ 1276.808915][   T13]  ? process_scheduled_works+0x9ef/0x17b0
[ 1276.814622][   T13]  ? process_scheduled_works+0x9ef/0x17b0
[ 1276.820338][   T13]  process_scheduled_works+0xae1/0x17b0
[ 1276.825897][   T13]  ? __pfx_process_scheduled_works+0x10/0x10
[ 1276.831888][   T13]  worker_thread+0x8a0/0xda0
[ 1276.836490][   T13]  kthread+0x70e/0x8a0
[ 1276.840556][   T13]  ? __pfx_worker_thread+0x10/0x10
[ 1276.845665][   T13]  ? __pfx_kthread+0x10/0x10
[ 1276.850249][   T13]  ? _raw_spin_unlock_irq+0x23/0x50
[ 1276.855447][   T13]  ? lockdep_hardirqs_on+0x9c/0x150
[ 1276.860633][   T13]  ? __pfx_kthread+0x10/0x10
[ 1276.865216][   T13]  ret_from_fork+0x436/0x7d0
[ 1276.869797][   T13]  ? __pfx_ret_from_fork+0x10/0x10
[ 1276.874903][   T13]  ? __switch_to_asm+0x39/0x70
[ 1276.879657][   T13]  ? __switch_to_asm+0x33/0x70
[ 1276.884414][   T13]  ? __pfx_kthread+0x10/0x10
[ 1276.888996][   T13]  ret_from_fork_asm+0x1a/0x30
[ 1276.893769][   T13]  </TASK>
[ 1276.897032][   T13] Kernel Offset: disabled
[ 1276.901338][   T13] Rebooting in 86400 seconds..