last executing test programs:

4m28.933150823s ago: executing program 2 (id=560):
ppoll(0x0, 0x0, 0x0, 0x0, 0x0)
r0 = syz_init_net_socket$bt_hci(0x1f, 0x3, 0x1)
r1 = bpf$PROG_LOAD_XDP(0x5, &(0x7f0000000480)={0x6, 0x3, &(0x7f0000000680)=ANY=[@ANYBLOB="1800000002000000000000000000000095"], &(0x7f0000000040)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x43}, 0x94)
bpf$BPF_PROG_TEST_RUN(0xa, &(0x7f0000000600)={r1, 0x5, 0xb68, 0x560b0000, &(0x7f0000000000)="219a53f271a76d2688644c6588a8", 0x0, 0xd01, 0x2a0, 0x0, 0x0, 0x0, 0x0, 0x2}, 0x48) (async)
r2 = socket$nl_netfilter(0x10, 0x3, 0xc)
sendmsg$NFT_BATCH(r2, &(0x7f0000000200)={0x0, 0x0, &(0x7f0000000000)={&(0x7f00000002c0)=ANY=[@ANYBLOB="14000000100001000000000000dfff000000000a20000000000a01020000000000000000010000000900010073797a30000000006c000000160a0101000b000000000000010000000900020073797a30000000000900010073797a30000000004000038008000140000000002c0003801400010067656e65766530000000000000000000140001006c6f0000000000000000000000000000080002"], 0xb4}}, 0x0)
bind$bt_hci(r0, &(0x7f0000000100)={0x1f, 0xffff}, 0x6) (async)
setsockopt$bt_hci_HCI_FILTER(r0, 0x0, 0x2, &(0x7f0000000000)={0x2ff, [0x10005, 0x20000400], 0x7}, 0x10) (async)
openat$ptmx(0xffffffffffffff9c, &(0x7f00000001c0), 0x0, 0x0)
bpf$PROG_LOAD(0x5, &(0x7f0000000880)={0x11, 0x18, &(0x7f0000000300)=ANY=[@ANYBLOB="180000000000000000000000000000001801000020756c2500000000002020207b1af8ff00000000bfa100000000000007010000f8ffffffb702000008000000b703000000000000850000007b000000b7080000000000007b8af8ff00000000b7080000000000007b8af0ff00000000bfa100000000000007010000f8ffffffbfa400000000000007040000f0ffffffb702000008"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x4, '\x00', 0x0, @fallback, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94) (async)
r3 = socket$inet_udp(0x2, 0x2, 0x0)
ioctl$sock_ipv4_tunnel_SIOCCHGTUNNEL(r3, 0x89f3, &(0x7f0000000280)={'tunl0\x00', &(0x7f0000000240)={'syztnl2\x00', 0x0, 0x700, 0x7800, 0xfffffffc, 0x0, {{0x5, 0x4, 0x0, 0x0, 0x14, 0x67, 0x0, 0x0, 0x5e55b37311de6d89, 0x0, @broadcast, @broadcast}}}}) (async)
prlimit64(0x0, 0xe, &(0x7f0000000200)={0x8, 0x8a}, 0x0) (async)
sched_setscheduler(0x0, 0x2, &(0x7f0000000180)=0x3) (async)
sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x1, 0x0) (async)
r4 = syz_open_dev$MSR(&(0x7f00000001c0), 0x0, 0x0)
read$msr(r4, &(0x7f0000019680)=""/102392, 0x18ff8) (async)
r5 = bpf$BPF_BTF_LOAD(0x12, &(0x7f00000001c0)={&(0x7f0000000680)=ANY=[@ANYBLOB="9feb01001800000000000000180000001800000004000000020000000000000f"], 0x0, 0x34}, 0x28) (async)
pipe2$9p(&(0x7f00000001c0)={<r6=>0xffffffffffffffff, <r7=>0xffffffffffffffff}, 0x0)
write$P9_RVERSION(r7, &(0x7f0000000080)=ANY=[@ANYBLOB="1500000065ffff0180000008003950323030302e4c"], 0x15)
r8 = dup(r7)
write$FUSE_BMAP(r8, &(0x7f0000000100)={0x18}, 0x18)
write$FUSE_DIRENTPLUS(r8, &(0x7f0000000000)=ANY=[@ANYBLOB="38010000fe0000"], 0x138) (async)
mount$9p_fd(0x0, &(0x7f0000000140)='./file0\x00', &(0x7f0000000180), 0x0, &(0x7f00000004c0)=ANY=[@ANYBLOB='trans=fd,rfdno=', @ANYRESHEX=r6, @ANYBLOB=',wfdno=', @ANYRESHEX=r7]) (async)
lstat(&(0x7f0000000200)='./file0\x00', &(0x7f0000000240)) (async)
sendmsg$NFT_BATCH(0xffffffffffffffff, &(0x7f000000c2c0)={0x0, 0x0, &(0x7f0000000200)={&(0x7f0000000500)=ANY=[@ANYRESDEC=r5], 0x7c}}, 0x80) (async)
sendmsg$NFT_BATCH(0xffffffffffffffff, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000000040)={&(0x7f0000001d40)=ANY=[@ANYBLOB="140000001000010000000200000000000500000a14000000140a030000000000000000000300000920000000080a01040000000000000000020000030900010073797a3000000000140000001100010000000000000000000000000a"], 0x5c}, 0x1, 0x0, 0x0, 0x44}, 0x0) (async)
r9 = socket$alg(0x26, 0x5, 0x0)
bind$alg(r9, &(0x7f0000000000)={0x26, 'aead\x00', 0x0, 0x0, 'generic-gcm-aesni\x00'}, 0x58)

4m28.569970566s ago: executing program 2 (id=564):
r0 = open(&(0x7f0000000280)='.\x00', 0x2000, 0x0)
r1 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000200)={0x18, 0x4, &(0x7f00000002c0)=ANY=[@ANYBLOB="18010000000000000000000000000000850000006d00000095"], &(0x7f0000000100)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x2, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x4}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000080)={&(0x7f0000000000)='sched_switch\x00', r1}, 0x10)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x88}, 0x0)
sched_setscheduler(0x0, 0x1, &(0x7f0000000240)=0x7)
r2 = getpid()
r3 = socket$kcm(0x2d, 0x2, 0x0)
setsockopt$RDS_CANCEL_SENT_TO(r3, 0x114, 0x1, 0x0, 0x0)
sched_setscheduler(r2, 0x2, &(0x7f0000000200)=0x7)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={<r4=>0xffffffffffffffff, <r5=>0xffffffffffffffff})
connect$unix(r4, &(0x7f000057eff8)=@file={0x0, './file0\x00'}, 0x6e)
sendmmsg$unix(r5, &(0x7f0000000000), 0x651, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000000)=0x6)
keyctl$set_reqkey_keyring(0xe, 0x0)
bpf$BPF_TASK_FD_QUERY(0x14, &(0x7f0000000340)={r2, r0, 0x0, 0x57, &(0x7f0000000400)='\x00\x88b;8\xe9\xe6\xf7{\xc1\f\xc7\xd9kbC.\x8e\xe9 Z\xc8~)\xb8Ku\x06C\x9f\xc0\xb6\xd2\x1b\xd6\v\x84\x95\x93\xe8\xbai7\xb4g\'\x05%\x16\xc4Z\xcf\xc3z=\r\xd5\xdc\xf4\xe8Q\xccSO_\x05#\x03\xe9x\x98t_\x16\x15\xf6\xd4Jvi,\xc9Vo\xed2\x8d'}, 0x30)
socket$nl_generic(0x10, 0x3, 0x10)
r6 = openat$adsp1(0xffffffffffffff9c, &(0x7f0000000040), 0xa0201, 0x0)
ioctl$SNDCTL_DSP_CHANNELS(r6, 0xc0045006, &(0x7f0000000180)=0x2)
r7 = openat$dsp1(0xffffffffffffff9c, &(0x7f0000000100), 0x0, 0x0)
write$dsp(r6, &(0x7f00000012c0)="a5", 0x1)
read$dsp(r7, &(0x7f0000001380)=""/229, 0xe5)
recvfrom(0xffffffffffffffff, 0x0, 0x0, 0x10140, 0x0, 0x0)
r8 = seccomp$SECCOMP_SET_MODE_FILTER_LISTENER(0x1, 0x0, &(0x7f0000000040)={0x1, &(0x7f0000000000)=[{0x6, 0x0, 0x0, 0x7fff7ffc}]})
close_range(r8, 0xffffffffffffffff, 0x0)

4m26.889410798s ago: executing program 2 (id=570):
r0 = syz_usb_connect(0x0, 0x24, &(0x7f0000000000)={{0x12, 0x1, 0x0, 0xe7, 0xcc, 0x61, 0x20, 0x10c4, 0x818a, 0x7d8f, 0x1, 0x2, 0x3, 0x1, [{{0x9, 0x2, 0x12, 0x1, 0x0, 0x0, 0xc0, 0x5, [{{0x9, 0x4, 0x23, 0x0, 0x0, 0x3}}]}}]}}, 0x0)
mremap(&(0x7f00004ed000/0x1000)=nil, 0x1000, 0xffffffffffdfffff, 0x3, &(0x7f000082a000/0x400000)=nil)
syz_usb_control_io$cdc_ncm(r0, 0x0, &(0x7f0000000080)={0x44, &(0x7f0000000040)={0x40, 0x0, 0x3, '\x00\x00\x00'}, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0})

4m23.583118463s ago: executing program 2 (id=580):
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x88}, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000240)=0x7)
r0 = getpid()
sched_setscheduler(r0, 0x2, &(0x7f0000000200)=0x7)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={<r1=>0xffffffffffffffff, <r2=>0xffffffffffffffff})
connect$unix(r1, &(0x7f000057eff8)=@abs, 0x6e)
sendmmsg$unix(r2, &(0x7f0000000000), 0x651, 0x0)
recvmmsg(r1, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000000)=0x6)
r3 = bpf$MAP_CREATE_RINGBUF(0x0, &(0x7f00000007c0)=ANY=[@ANYBLOB="1b0000000000000000000000000004"], 0x48)
bpf$PROG_LOAD(0x5, &(0x7f0000000840)={0x20, 0xf, &(0x7f00000002c0)=ANY=[@ANYBLOB="180800002000000000006f80f800000000000018", @ANYRES32=r3, @ANYBLOB="0000000000000000b702000014000000b7030000000000008500000005000000bca900000000000035090100000000009500000000000000bf9800000000000056080000020000008500000007000000b7000000000000009500000000000000"], &(0x7f0000000980)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x28, '\x00', 0x0, @netfilter=0x2d, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4}, 0x94)

4m21.858068915s ago: executing program 2 (id=581):
socketpair$unix(0x1, 0x3, 0x0, &(0x7f0000000080)) (async)
syz_open_dev$vim2m(&(0x7f0000000480), 0xfffffffffffffffe, 0x2) (async)
prlimit64(0x0, 0xe, &(0x7f0000000000)={0x8, 0x100008b}, 0x0) (async)
sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x7) (async)
r0 = getpid()
sched_setscheduler(r0, 0x1, &(0x7f00000001c0)=0x5) (async)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0) (async)
socketpair$unix(0x1, 0x3, 0x0, &(0x7f0000000200)={<r1=>0xffffffffffffffff, <r2=>0xffffffffffffffff})
connect$unix(r1, &(0x7f00000004c0)=@abs, 0x6e)
sendmmsg$unix(r2, &(0x7f00000bd000), 0x318, 0x0) (async)
recvmmsg(r1, &(0x7f00000000c0), 0x10106, 0x2, 0x0) (async)
r3 = socket$inet_tcp(0x2, 0x1, 0x0)
getsockopt$inet_tcp_TCP_REPAIR_WINDOW(r3, 0x6, 0x23, 0x0, &(0x7f00000001c0)) (async)
getsockopt$inet6_buf(0xffffffffffffffff, 0x29, 0x6, 0x0, &(0x7f0000000740)) (async)
r4 = socket$inet_tcp(0x2, 0x1, 0x0) (async)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000540)={0x0}, 0x18)
bpf$MAP_CREATE(0x0, &(0x7f0000000640)=ANY=[@ANYBLOB, @ANYRES32=0x1, @ANYBLOB='\x00'/15, @ANYRES32], 0x50) (async)
ioctl$TCSETSW2(0xffffffffffffffff, 0x402c542c, &(0x7f0000000180)={0x4, 0x7, 0x7, 0x7, 0x9, "1b40d2039e069c9610240ed1fa3f5161dd023b", 0x8, 0x6})
socket$alg(0x26, 0x5, 0x0) (async)
syz_emit_vhci(&(0x7f0000000500)=ANY=[@ANYBLOB="040f0489010504"], 0x7) (async)
socket$alg(0x26, 0x5, 0x0) (async)
openat$iommufd(0xffffffffffffff9c, 0x0, 0x0, 0x0) (async)
ioctl$sock_inet_SIOCSIFADDR(r4, 0x8916, &(0x7f00000002c0)={'veth1_to_batadv\x00', {0x2, 0x4e21, @broadcast}})
ioctl$AUTOFS_DEV_IOCTL_VERSION(0xffffffffffffffff, 0xc0189371, &(0x7f0000000100)={{0x1, 0x1, 0x18}, './file0\x00'}) (async)
bpf$MAP_CREATE_CONST_STR(0x0, &(0x7f0000000140)={0x2, 0x4, 0x8, 0x1, 0x80, 0x0, 0x0, '\x00', 0x0, 0x0, 0x40}, 0x50) (async)
r5 = bpf$MAP_CREATE_CONST_STR(0x0, &(0x7f0000000340)=ANY=[], 0x48)
bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000400)={0xd, 0x10, &(0x7f0000000000)=ANY=[@ANYBLOB="18000000000000000000000000000000b7080000000000007b8af8ff00000000b7080000000000007b8af0ff00000000bf8100000000000007080000f8ffffffbfa400000000000007040000f0ffffffb70200000800000018210000", @ANYRES32=r5, @ANYBLOB="0000000002000000b705000008000000850000007000000095"], &(0x7f0000000300)='GPL\x00', 0x8, 0xffc, &(0x7f00000014c0)=""/4092, 0x41000}, 0x94)

4m21.581140621s ago: executing program 2 (id=583):
sendmsg(0xffffffffffffffff, &(0x7f0000000380)={0x0, 0x0, &(0x7f0000000080)=[{&(0x7f0000000200)='G', 0x1}], 0x1}, 0x0)
r0 = openat$vicodec0(0xffffffffffffff9c, &(0x7f0000000000), 0x2, 0x0)
ioctl$VIDIOC_REQBUFS(r0, 0xc0145608, &(0x7f0000000040)={0x204, 0xa, 0x4, 0x0, 0x1})
r1 = openat$vicodec0(0xffffffffffffff9c, &(0x7f0000000000), 0x2, 0x0)
r2 = socket$nl_route(0x10, 0x3, 0x0)
pipe2$9p(&(0x7f0000000200)={<r3=>0xffffffffffffffff}, 0x80000)
mount$9p_fd(0x0, &(0x7f0000000040)='./cgroup.net/devices.allow\x00', &(0x7f00000000c0), 0x2000040, &(0x7f0000000440)={'trans=fd,', {'rfdno', 0x3d, r3}, 0x2c, {'wfdno', 0x3d, r2}})
ioctl$VIDIOC_REQBUFS(r1, 0xc0585609, &(0x7f0000000040)={0x0, 0xa})
r4 = openat$sysfs(0xffffffffffffff9c, &(0x7f0000000200)='/sys/power/pm_wakeup_irq', 0x0, 0x0)
mmap(&(0x7f0000b16000/0x3000)=nil, 0x3000, 0xb635773f06ebbeef, 0x13, r4, 0x0)
sendmsg(0xffffffffffffffff, &(0x7f0000000380)={0x0, 0x0, &(0x7f0000000080)=[{&(0x7f0000000200)='G', 0x1}], 0x1}, 0x0) (async)
openat$vicodec0(0xffffffffffffff9c, &(0x7f0000000000), 0x2, 0x0) (async)
ioctl$VIDIOC_REQBUFS(r0, 0xc0145608, &(0x7f0000000040)={0x204, 0xa, 0x4, 0x0, 0x1}) (async)
openat$vicodec0(0xffffffffffffff9c, &(0x7f0000000000), 0x2, 0x0) (async)
socket$nl_route(0x10, 0x3, 0x0) (async)
pipe2$9p(&(0x7f0000000200), 0x80000) (async)
mount$9p_fd(0x0, &(0x7f0000000040)='./cgroup.net/devices.allow\x00', &(0x7f00000000c0), 0x2000040, &(0x7f0000000440)={'trans=fd,', {'rfdno', 0x3d, r3}, 0x2c, {'wfdno', 0x3d, r2}}) (async)
ioctl$VIDIOC_REQBUFS(r1, 0xc0585609, &(0x7f0000000040)={0x0, 0xa}) (async)
openat$sysfs(0xffffffffffffff9c, &(0x7f0000000200)='/sys/power/pm_wakeup_irq', 0x0, 0x0) (async)
mmap(&(0x7f0000b16000/0x3000)=nil, 0x3000, 0xb635773f06ebbeef, 0x13, r4, 0x0) (async)

4m6.430418493s ago: executing program 32 (id=583):
sendmsg(0xffffffffffffffff, &(0x7f0000000380)={0x0, 0x0, &(0x7f0000000080)=[{&(0x7f0000000200)='G', 0x1}], 0x1}, 0x0)
r0 = openat$vicodec0(0xffffffffffffff9c, &(0x7f0000000000), 0x2, 0x0)
ioctl$VIDIOC_REQBUFS(r0, 0xc0145608, &(0x7f0000000040)={0x204, 0xa, 0x4, 0x0, 0x1})
r1 = openat$vicodec0(0xffffffffffffff9c, &(0x7f0000000000), 0x2, 0x0)
r2 = socket$nl_route(0x10, 0x3, 0x0)
pipe2$9p(&(0x7f0000000200)={<r3=>0xffffffffffffffff}, 0x80000)
mount$9p_fd(0x0, &(0x7f0000000040)='./cgroup.net/devices.allow\x00', &(0x7f00000000c0), 0x2000040, &(0x7f0000000440)={'trans=fd,', {'rfdno', 0x3d, r3}, 0x2c, {'wfdno', 0x3d, r2}})
ioctl$VIDIOC_REQBUFS(r1, 0xc0585609, &(0x7f0000000040)={0x0, 0xa})
r4 = openat$sysfs(0xffffffffffffff9c, &(0x7f0000000200)='/sys/power/pm_wakeup_irq', 0x0, 0x0)
mmap(&(0x7f0000b16000/0x3000)=nil, 0x3000, 0xb635773f06ebbeef, 0x13, r4, 0x0)
sendmsg(0xffffffffffffffff, &(0x7f0000000380)={0x0, 0x0, &(0x7f0000000080)=[{&(0x7f0000000200)='G', 0x1}], 0x1}, 0x0) (async)
openat$vicodec0(0xffffffffffffff9c, &(0x7f0000000000), 0x2, 0x0) (async)
ioctl$VIDIOC_REQBUFS(r0, 0xc0145608, &(0x7f0000000040)={0x204, 0xa, 0x4, 0x0, 0x1}) (async)
openat$vicodec0(0xffffffffffffff9c, &(0x7f0000000000), 0x2, 0x0) (async)
socket$nl_route(0x10, 0x3, 0x0) (async)
pipe2$9p(&(0x7f0000000200), 0x80000) (async)
mount$9p_fd(0x0, &(0x7f0000000040)='./cgroup.net/devices.allow\x00', &(0x7f00000000c0), 0x2000040, &(0x7f0000000440)={'trans=fd,', {'rfdno', 0x3d, r3}, 0x2c, {'wfdno', 0x3d, r2}}) (async)
ioctl$VIDIOC_REQBUFS(r1, 0xc0585609, &(0x7f0000000040)={0x0, 0xa}) (async)
openat$sysfs(0xffffffffffffff9c, &(0x7f0000000200)='/sys/power/pm_wakeup_irq', 0x0, 0x0) (async)
mmap(&(0x7f0000b16000/0x3000)=nil, 0x3000, 0xb635773f06ebbeef, 0x13, r4, 0x0) (async)

3m20.244840027s ago: executing program 3 (id=722):
socketpair$unix(0x1, 0x3, 0x0, &(0x7f0000000080)={<r0=>0xffffffffffffffff, <r1=>0xffffffffffffffff})
connect$unix(r0, 0x0, 0x0)
sendmmsg$unix(r1, &(0x7f00000bd000), 0x318, 0x0)
recvmmsg(r0, 0x0, 0x0, 0x2, 0x0)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
prctl$PR_SET_MM_MAP(0x23, 0xe, &(0x7f0000000080)={&(0x7f0000ff7000/0x1000)=nil, &(0x7f0000ff1000/0xf000)=nil, &(0x7f0000ffc000/0x4000)=nil, &(0x7f0000ffc000/0x3000)=nil, &(0x7f0000ff8000/0x4000)=nil, &(0x7f0000ff8000/0x3000)=nil, &(0x7f0000ffd000/0x3000)=nil, &(0x7f0000ffb000/0x3000)=nil, &(0x7f0000ff5000/0x1000)=nil, &(0x7f0000ffa000/0x1000)=nil, &(0x7f0000ffa000/0x2000)=nil, 0x0, 0xffffffffffffff2c}, 0x68)
sendmsg$NFT_BATCH(0xffffffffffffffff, &(0x7f0000000080)={0x0, 0x0, 0x0}, 0x24004045)
r2 = io_uring_setup(0x1b7b, &(0x7f0000000040)={0x0, 0xc89f, 0xc000, 0x7, 0x1b5})
bind$alg(0xffffffffffffffff, &(0x7f0000000000)={0x26, 'skcipher\x00', 0x0, 0x0, 'ecb-serpent-avx\x00'}, 0x58)
sendmsg$nl_generic(0xffffffffffffffff, &(0x7f0000000140)={0x0, 0x0, &(0x7f0000000180)={&(0x7f0000000000)=ANY=[@ANYBLOB="21050000"], 0x14}}, 0x0)
io_uring_enter(r2, 0x80002219, 0x7721, 0x16, 0x0, 0x0)

3m16.139136303s ago: executing program 3 (id=729):
sendmsg$nl_generic(0xffffffffffffffff, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000040)={0x0, 0x26c0}}, 0x4010)
getgroups(0x5, &(0x7f0000000100)=[0xffffffffffffffff, 0xee01, <r0=>0x0, 0xee00, 0x0])
setsockopt$sock_cred(0xffffffffffffffff, 0x1, 0x11, &(0x7f0000000180)={0x0, 0xee01, r0}, 0xc)
r1 = openat$uhid(0xffffffffffffff9c, &(0x7f0000000000), 0x2, 0x0)
r2 = openat$nullb(0xffffffffffffff9c, &(0x7f0000000080), 0x4000000002a82, 0x0)
r3 = dup(r2)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0x1000006, 0x28011, r3, 0x2f126000)
r4 = syz_init_net_socket$bt_hci(0x1f, 0x3, 0x1)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
r5 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000500)={0x18, 0xb, &(0x7f0000000180)=ANY=[@ANYBLOB="18000000000000000000000000000000180100002020000000000000000000007b1af8ff00000000bfa100000000000007010000f8ffffffb702000008000000b703000000000000850000000600000095"], &(0x7f00000004c0)='GPL\x00', 0x0, 0x0, 0x0, 0x40f00, 0x0, '\x00', 0x0, 0x2, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0xe}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000200)={&(0x7f00000002c0)='contention_begin\x00', r5, 0x0, 0xd}, 0x18)
prlimit64(0x0, 0xe, &(0x7f00000007c0)={0x8, 0x88}, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000000)=0x8)
openat$sequencer(0xffffffffffffff9c, &(0x7f0000000300), 0x0, 0x0)
r6 = syz_open_dev$sndmidi(&(0x7f00000004c0), 0x2, 0x141102)
writev(r6, &(0x7f0000000840)=[{&(0x7f00000002c0)="94", 0xf000}, {0x0}], 0x2)
bind$bt_hci(r4, &(0x7f0000000080)={0x1f, 0xffff, 0x3}, 0x6)
write(r4, 0x0, 0x0)
fcntl$notify(r2, 0x402, 0x8)
cachestat(r3, &(0x7f0000000180)={0xff}, &(0x7f0000002280), 0x0)
r7 = bpf$MAP_CREATE(0x100000000000000, &(0x7f0000000140)=ANY=[], 0x48)
bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000440)={0x11, 0xb, &(0x7f0000000240)=ANY=[@ANYBLOB="180300000001000000e8e187f63af5cbc371c494e9", @ANYRES32=r7, @ANYBLOB="0000000000000000660000000000000018000000000000000000000000000000950000000000000097030000040000009500000000000000"], 0x0}, 0x94)
write$UHID_CREATE(r1, &(0x7f0000000a00)={0x0, {'syz0\x00', 'syz1\x00', 'syz1\x00', &(0x7f0000000940)=""/3, 0x3, 0x0, 0x4, 0x34, 0xe, 0xc08}}, 0x120)
syz_open_dev$vim2m(&(0x7f0000000580), 0x0, 0x2)
ioctl$sock_SIOCGIFINDEX(0xffffffffffffffff, 0x89a0, 0x0)
r8 = socket$igmp(0x2, 0x3, 0x2)
setsockopt$MRT_INIT(r8, 0x0, 0xc8, &(0x7f0000003d40), 0x4)

3m12.129227255s ago: executing program 3 (id=736):
pipe(&(0x7f00000022c0))
socket$netlink(0x10, 0x3, 0x0)
r0 = syz_open_procfs(0xffffffffffffffff, &(0x7f0000000000)='net/netlink\x00')
setrlimit(0x2, &(0x7f0000000000)={0x4000051, 0xfffffffa})
lsm_get_self_attr(0x64, 0x0, &(0x7f0000001280), 0x0)
prlimit64(0x0, 0xe, &(0x7f0000000100)={0x6, 0x8b}, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000180)=0x4)
sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
r1 = syz_open_dev$MSR(&(0x7f00000001c0), 0x0, 0x0)
read$msr(r1, &(0x7f0000019680)=""/102392, 0x18ff8)
socket$nl_netfilter(0x10, 0x3, 0xc)
sendmsg$IPCTNL_MSG_CT_GET_CTRZERO(r0, &(0x7f0000000580)={0x0, 0x0, &(0x7f0000000540)={0x0, 0x38}, 0x1, 0x0, 0x0, 0x8004}, 0x20000800)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, 0x0, 0x0)
r2 = syz_open_procfs(0xffffffffffffffff, &(0x7f0000000040)='smaps\x00')
preadv(r2, &(0x7f0000001880)=[{&(0x7f0000001a80)=""/102400, 0x19000}], 0x1, 0x40000000, 0x0)

3m10.225312287s ago: executing program 3 (id=741):
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x7, 0x100}, 0x0)
sched_setscheduler(0x0, 0x1, &(0x7f0000000240)=0x7)
connect$inet(0xffffffffffffffff, 0x0, 0x0)
r0 = getpid()
sched_setscheduler(r0, 0x2, &(0x7f0000000200)=0x7)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={<r1=>0xffffffffffffffff, <r2=>0xffffffffffffffff})
connect$unix(r1, &(0x7f000057eff8)=@abs, 0x6e)
sendmmsg$unix(r2, &(0x7f0000000000), 0x651, 0x0)
recvmmsg(r1, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000000)=0x6)
r3 = socket(0x15, 0x5, 0x0)
getsockopt(r3, 0x200000000114, 0x2714, 0x0, &(0x7f0000000000))

3m8.466542065s ago: executing program 3 (id=742):
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8000, 0x20000000019}, 0x0)
sched_setscheduler(0x0, 0x1, &(0x7f0000000300)=0x7)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
getpid()
r0 = syz_clone(0x8000, 0x0, 0xfffffffffffffe7e, 0x0, 0x0, 0x0)
prctl$PR_SCHED_CORE(0x3e, 0x1, r0, 0x1, 0x0)
sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x400000bce)
r1 = syz_open_dev$MSR(&(0x7f00000001c0), 0x0, 0x0)
open(0x0, 0x0, 0x0)
read$msr(r1, &(0x7f0000019680)=""/102392, 0x18ff8)
landlock_restrict_self(0xffffffffffffffff, 0x7)
setsockopt$IP6T_SO_SET_REPLACE(0xffffffffffffffff, 0x29, 0x40, 0x0, 0x0)
getcwd(0x0, 0x0)
socket$inet_tcp(0x2, 0x1, 0x0)
r2 = syz_open_dev$sndctrl(&(0x7f0000001440), 0x0, 0x0)
ioctl$SNDRV_CTL_IOCTL_PCM_INFO(r2, 0xc1205531, &(0x7f0000000340)={0x0, 0x4, 0x0, 0x8002, '\x00', '\x00', '\x00', 0x4, 0xfffffffe, 0x100, 0x0, "abd206a1ebd7cedfd17ebd65400ed41b"})

3m5.197325845s ago: executing program 3 (id=747):
mknod$loop(&(0x7f0000000140)='./file0\x00', 0xfff, 0x1)
r0 = openat$fuse(0xffffffffffffff9c, &(0x7f00000001c0), 0x42, 0x0)
mount$fuse(0x0, &(0x7f00000020c0)='./file0\x00', &(0x7f0000002100), 0x80, &(0x7f0000002140)=ANY=[@ANYBLOB='fd=', @ANYRESHEX=r0, @ANYBLOB=',rootmode=000000000100000,user_id=', @ANYRESDEC=0x0, @ANYBLOB=',group_id=', @ANYRESDEC=0x0])
read$FUSE(r0, &(0x7f0000006300)={0x2020, 0x0, <r1=>0x0}, 0x2020)
write$FUSE_INIT(r0, &(0x7f0000000040)={0x50, 0x0, r1, {0x7, 0x1f, 0x0, 0x10408, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x10}}, 0x50)
syz_fuse_handle_req(r0, &(0x7f00000021c0)="0000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000e00000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000800000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000dc4e00000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000400000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000ba045abcd5dfc67d00000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000081000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000230000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000050000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000a0000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000090000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000dc000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000008000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000209bfd66eea210560000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000020000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000003dc150f4000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000400000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000030000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000f50000000000000000000000000000000000000000000000000000000000000000000000000000000000c6d90000000000001354c4b6000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000f8000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000001a00", 0x2000, &(0x7f00000062c0)={0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, &(0x7f0000000300)={0x20}, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0})
openat(0xffffffffffffff9c, &(0x7f000000c380)='./file0\x00', 0x383, 0x1ac)
r2 = syz_open_dev$vim2m(&(0x7f0000000000), 0x9, 0x2)
syz_init_net_socket$nl_generic(0x10, 0x3, 0x10)
syz_genetlink_get_family_id$nbd(&(0x7f0000000000), 0xffffffffffffffff)
socket$inet_tcp(0x2, 0x1, 0x0)
mkdir(&(0x7f00000002c0)='./file0\x00', 0x0)
mount(0x0, &(0x7f00000001c0)='./file0\x00', &(0x7f00000000c0)='devtmpfs\x00', 0x800, 0x0)
mount$overlay(0x0, &(0x7f0000001340)='./file0\x00', &(0x7f00000000c0), 0x0, &(0x7f00000003c0)={[{@lowerdir={'lowerdir', 0x3d, './file0'}, 0x3a}], [], 0x2f})
r3 = openat2$dir(0xffffffffffffff9c, &(0x7f00000000c0)='./file0\x00', &(0x7f0000000080), 0x18)
bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, 0x0, 0x0)
sched_setscheduler(0x0, 0x2, 0x0)
sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
r4 = syz_open_dev$MSR(&(0x7f00000001c0), 0x0, 0x0)
read$msr(r4, &(0x7f0000019680)=""/102392, 0x18ff8)
getxattr(0x0, &(0x7f0000000340)=@known='security.apparmor\x00', 0x0, 0x0)
fsmount(0xffffffffffffffff, 0x1, 0x0)
getdents64(r3, &(0x7f0000000300)=""/152, 0x98)
r5 = syz_open_dev$ndb(&(0x7f0000000000), 0x0, 0x200)
socketpair$nbd(0x1, 0x1, 0x0, &(0x7f0000000040)={<r6=>0xffffffffffffffff})
ioctl$NBD_SET_SOCK(r5, 0xab00, r6)
r7 = dup3(r5, r2, 0x80000)
ioctl$NBD_DO_IT(r7, 0xab03)

2m49.657433036s ago: executing program 33 (id=747):
mknod$loop(&(0x7f0000000140)='./file0\x00', 0xfff, 0x1)
r0 = openat$fuse(0xffffffffffffff9c, &(0x7f00000001c0), 0x42, 0x0)
mount$fuse(0x0, &(0x7f00000020c0)='./file0\x00', &(0x7f0000002100), 0x80, &(0x7f0000002140)=ANY=[@ANYBLOB='fd=', @ANYRESHEX=r0, @ANYBLOB=',rootmode=000000000100000,user_id=', @ANYRESDEC=0x0, @ANYBLOB=',group_id=', @ANYRESDEC=0x0])
read$FUSE(r0, &(0x7f0000006300)={0x2020, 0x0, <r1=>0x0}, 0x2020)
write$FUSE_INIT(r0, &(0x7f0000000040)={0x50, 0x0, r1, {0x7, 0x1f, 0x0, 0x10408, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x10}}, 0x50)
syz_fuse_handle_req(r0, &(0x7f00000021c0)="0000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000e00000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000800000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000dc4e00000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000400000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000ba045abcd5dfc67d00000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000081000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000230000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000050000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000a0000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000090000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000dc000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000008000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000209bfd66eea210560000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000020000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000003dc150f4000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000400000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000030000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000f50000000000000000000000000000000000000000000000000000000000000000000000000000000000c6d90000000000001354c4b6000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000f8000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000001a00", 0x2000, &(0x7f00000062c0)={0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, &(0x7f0000000300)={0x20}, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0})
openat(0xffffffffffffff9c, &(0x7f000000c380)='./file0\x00', 0x383, 0x1ac)
r2 = syz_open_dev$vim2m(&(0x7f0000000000), 0x9, 0x2)
syz_init_net_socket$nl_generic(0x10, 0x3, 0x10)
syz_genetlink_get_family_id$nbd(&(0x7f0000000000), 0xffffffffffffffff)
socket$inet_tcp(0x2, 0x1, 0x0)
mkdir(&(0x7f00000002c0)='./file0\x00', 0x0)
mount(0x0, &(0x7f00000001c0)='./file0\x00', &(0x7f00000000c0)='devtmpfs\x00', 0x800, 0x0)
mount$overlay(0x0, &(0x7f0000001340)='./file0\x00', &(0x7f00000000c0), 0x0, &(0x7f00000003c0)={[{@lowerdir={'lowerdir', 0x3d, './file0'}, 0x3a}], [], 0x2f})
r3 = openat2$dir(0xffffffffffffff9c, &(0x7f00000000c0)='./file0\x00', &(0x7f0000000080), 0x18)
bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, 0x0, 0x0)
sched_setscheduler(0x0, 0x2, 0x0)
sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
r4 = syz_open_dev$MSR(&(0x7f00000001c0), 0x0, 0x0)
read$msr(r4, &(0x7f0000019680)=""/102392, 0x18ff8)
getxattr(0x0, &(0x7f0000000340)=@known='security.apparmor\x00', 0x0, 0x0)
fsmount(0xffffffffffffffff, 0x1, 0x0)
getdents64(r3, &(0x7f0000000300)=""/152, 0x98)
r5 = syz_open_dev$ndb(&(0x7f0000000000), 0x0, 0x200)
socketpair$nbd(0x1, 0x1, 0x0, &(0x7f0000000040)={<r6=>0xffffffffffffffff})
ioctl$NBD_SET_SOCK(r5, 0xab00, r6)
r7 = dup3(r5, r2, 0x80000)
ioctl$NBD_DO_IT(r7, 0xab03)

14.872488033s ago: executing program 0 (id=1081):
sched_setscheduler(0x0, 0x1, &(0x7f0000000100)=0x2)
sched_setaffinity(0x0, 0x8, &(0x7f0000000200)=0x400000bce)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
r0 = syz_open_dev$MSR(&(0x7f00000001c0), 0x0, 0x0)
read$msr(r0, &(0x7f0000002000)=""/102400, 0x19000)
r1 = memfd_create(&(0x7f0000000300)='[\v\xdbX\xae[\x1a\xa9\xfd\xfa\xae\xd1md\xc8\x85\x00\x00\xfb\xff\x00\x18\x81\x9eG\xd9,\xe2\xc6a\x9f\xe8\xf1\xb3\x86\xe2+Op\xd0\xa2\x82\x1eb;2\xb5\xe1jS\xeb\xbf%||\xa0\x8e\x01\xadT\xc8\f\xe5\x89\xbf3:\x99\x1e\xac`\xc3\xcf\xd3\xae\xd2\a\x11\xa9\xa5^\xff\xf5\x95\xd2q#\xc6\xca\x97\x9d\xcb\x1e\x80\xd6\xd5%N&\xf8#\x80z8Z\xd2}\xf5\xe4\x9f5\x9b\x01\xf9t\xbb\x1er\x14\xdb\xd3\xcd\xfd\xbdnC\xec', 0x4)
execveat(r1, &(0x7f0000000000)='\x00', 0x0, 0x0, 0x1000)
symlink(&(0x7f00000049c0)='.\x00', &(0x7f00000059c0)='./file0\x00')

11.736045644s ago: executing program 0 (id=1090):
syz_io_uring_setup(0xd1, 0x0, 0x0, 0x0)
bpf$MAP_CREATE(0x0, 0x0, 0x50)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000180)=0x3)
sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
r0 = syz_open_dev$MSR(&(0x7f00000001c0), 0x8000002000000, 0x0)
mknodat$loop(0xffffffffffffff9c, &(0x7f0000000040)='./file0\x00', 0x6000, 0x1)
r1 = fsopen(&(0x7f0000000100)='squashfs\x00', 0x1)
fsconfig$FSCONFIG_SET_STRING(r1, 0x1, &(0x7f0000000000)='source', &(0x7f0000000040), 0x0)
fsconfig$FSCONFIG_CMD_CREATE(r1, 0x6, 0x0, 0x0, 0x0)
read$msr(r0, &(0x7f0000032680)=""/102392, 0x18ff8)
r2 = openat$binderfs(0xffffffffffffff9c, &(0x7f0000000380)='./binderfs/binder0\x00', 0x0, 0x0)
r3 = inotify_init1(0x0)
r4 = inotify_add_watch(r3, &(0x7f0000000200)='.\x00', 0x400)
r5 = dup(r3)
syz_io_uring_setup(0x239, &(0x7f0000000740)={0x0, 0x131a, 0x10100}, &(0x7f0000000180)=<r6=>0x0, &(0x7f00000001c0)=<r7=>0x0)
syz_io_uring_submit(r6, r7, &(0x7f0000000040)=@IORING_OP_POLL_ADD={0x6, 0x2, 0x0, @fd_index=0x4, 0x0, 0x0, 0x0, {}, 0x1})
read$FUSE(r5, &(0x7f0000002280)={0x2020}, 0x2020)
futex(&(0x7f0000000240)=0x1, 0xc, 0x1, &(0x7f0000000300)={0x77359400}, &(0x7f0000000340)=0x1, 0x2)
inotify_rm_watch(r5, r4)
ioctl$BINDER_SET_CONTEXT_MGR_EXT(r2, 0x4018620d, &(0x7f00000000c0)={0x73622a85, 0x1000, 0x2})
r8 = openat$binderfs(0xffffffffffffff9c, &(0x7f0000000200)='./binderfs/binder0\x00', 0x0, 0x0)
ioctl$BINDER_WRITE_READ(r8, 0xc0306201, 0x0)
dup3(r8, r2, 0x0)
r9 = openat$binderfs(0xffffffffffffff9c, &(0x7f0000000000)='./binderfs/binder0\x00', 0x802, 0x0)
mmap$binder(&(0x7f0000ffd000/0x2000)=nil, 0x2000, 0x1, 0x11, r9, 0x0)
ioctl$BINDER_SET_CONTEXT_MGR_EXT(r9, 0x4018620d, 0x0)
ioctl$BINDER_WRITE_READ(r8, 0xc0306201, &(0x7f00000001c0)={0xfffffffffffffd27, 0x0, &(0x7f0000000900)=[@transaction={0x40406300, {0x1, 0x0, 0x0, 0x0, 0x23, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}}], 0x0, 0x0, 0x0})
ioctl$BINDER_WRITE_READ(r2, 0xc0306201, &(0x7f0000000180)={0x4c, 0x0, &(0x7f0000000100)=[@transaction_sg={0x40486311, {0x1, 0x0, 0x0, 0x0, 0x30, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x2ff8}], 0x0, 0x0, 0x0})

9.834760206s ago: executing program 6 (id=1094):
r0 = bpf$MAP_CREATE(0x0, &(0x7f0000000280)=@base={0xa, 0x4, 0xdd, 0xa}, 0x50) (async)
bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x0, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="18000000000000000000000000000000850000000f00000018010000646c6c2500000000000000007b1af8ff00000000bfa100000000000007010000f8ffffffb702000008000000b703000000000000850000000600000095"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0}, 0x90) (async)
sendmsg$nl_route_sched(0xffffffffffffffff, 0x0, 0x0)
r1 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000200)={0x18, 0x4, &(0x7f00000002c0)=ANY=[@ANYBLOB="18010000000000000000000000000000850000006d00000095"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x2}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000080)={&(0x7f0000000000)='sched_switch\x00', r1}, 0x10) (async)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x88}, 0x0) (async)
sched_setscheduler(0x0, 0x1, &(0x7f0000000240)=0x7) (async)
r2 = getpid()
sched_setscheduler(r2, 0x1, &(0x7f0000000300)=0x7) (async)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={<r3=>0xffffffffffffffff, <r4=>0xffffffffffffffff})
connect$unix(r3, &(0x7f000057eff8)=@abs, 0x6e) (async)
sendmmsg$unix(r4, &(0x7f0000000000), 0x651, 0x0) (async)
recvmmsg(r3, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000000)=0x6) (async)
sendmsg$nl_route_sched(0xffffffffffffffff, &(0x7f0000000800)={0x0, 0x0, &(0x7f0000000140)={&(0x7f00000001c0)=@gettclass={0x24, 0x2a, 0x129, 0x70b52d, 0x4, {0x0, 0x0, 0x0, 0x0, {0xfff3, 0x1}, {0x6, 0xf}, {0xc, 0xb}}}, 0x24}, 0x1, 0x0, 0x0, 0x4080}, 0x40004) (async)
r5 = socket$nl_generic(0x10, 0x3, 0x10)
sendmsg$nl_generic(r5, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000180)={&(0x7f00000001c0)=ANY=[@ANYBLOB="340000003e000900000000000008000003000000040004001c000180180010"], 0x34}, 0x1, 0xfdff}, 0x84)
r6 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0x14, &(0x7f0000000400)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32=r0, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b7040000000000008500000001"], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000bc0)={&(0x7f0000000940)='percpu_alloc_percpu\x00', r6}, 0x10)
bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000600)={0x3, 0x3, &(0x7f0000000000)=@framed={{0x7a, 0xa, 0x0, 0xff00, 0x0, 0x71, 0x10, 0x43}}, &(0x7f0000000480)='syzkaller\x00'}, 0x80)

9.773628569s ago: executing program 0 (id=1095):
ioctl$KVM_CHECK_EXTENSION(0xffffffffffffffff, 0xae03, 0x26)
r0 = socket$inet6_sctp(0xa, 0x5, 0x84)
setsockopt$inet_sctp6_SCTP_SOCKOPT_BINDX_ADD(r0, 0x84, 0x64, &(0x7f0000000080)=[@in={0x2, 0x4e20, @empty}], 0x10) (async)
r1 = syz_open_dev$vcsu(&(0x7f0000000140), 0x3, 0x10000)
prlimit64(0x0, 0xe, &(0x7f0000000000)={0xa, 0x8b}, 0x0) (async)
sched_setscheduler(0x0, 0x2, &(0x7f0000000640)=0x2) (async, rerun: 32)
sched_setaffinity(0x0, 0x8, &(0x7f0000000280)=0x2) (rerun: 32)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0) (async)
r2 = syz_open_dev$MSR(&(0x7f00000001c0), 0x0, 0x0)
read$msr(r2, &(0x7f0000019680)=""/102392, 0x18ff8) (async)
r3 = openat$sysctl(0xffffffffffffff9c, &(0x7f0000000200)='/proc/sys/net/ipv4/tcp_dsack\x00', 0x1, 0x0) (async, rerun: 64)
io_uring_setup(0xf08, &(0x7f0000000780)={0x0, 0xfb6e, 0x38c1, 0x4, 0xf0, 0x0, r1}) (rerun: 64)
prctl$PR_SET_MM_MAP(0x23, 0xe, &(0x7f0000000000)={&(0x7f0000fff000/0x1000)=nil, &(0x7f0000ffd000/0x3000)=nil, &(0x7f0000ffc000/0x4000)=nil, &(0x7f000000c000/0x1000)=nil, &(0x7f000001f000/0x1000)=nil, &(0x7f0000015000/0x3000)=nil, &(0x7f0000ffb000/0x2000)=nil, &(0x7f000000c000/0x4000)=nil, &(0x7f000001d000/0x3000)=nil, &(0x7f0000012000/0x4000)=nil, &(0x7f0000ffc000/0x1000)=nil, 0x0}, 0x68)
syz_fuse_handle_req(0xffffffffffffffff, 0x0, 0x0, 0x0) (async)
syz_fuse_handle_req(0xffffffffffffffff, 0x0, 0x0, &(0x7f0000000040)={0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}) (async)
sendmsg$nl_route_sched(0xffffffffffffffff, &(0x7f0000000300)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000400)=@deltclass={0x50, 0x29, 0x400, 0x70bd29, 0x25dfdbfe, {0x0, 0x0, 0x0, 0x0, {0x10, 0xd}, {0x0, 0xb}, {0x3, 0xf}}, [@tclass_kind_options=@c_prio={0x9}, @tclass_kind_options=@c_prio={0x9}, @TCA_RATE={0x6, 0x5, {0x6, 0xa6}}, @tclass_kind_options=@c_multiq={0xb}]}, 0x50}, 0x1, 0x0, 0x0, 0x80}, 0x4000080) (async, rerun: 32)
sendfile(r3, 0xffffffffffffffff, &(0x7f0000002080)=0x64, 0x23b) (async, rerun: 32)
r4 = socket$nl_generic(0x10, 0x3, 0x10)
r5 = syz_genetlink_get_family_id$nl80211(&(0x7f0000000380), r4)
ioctl$sock_SIOCGIFINDEX_80211(r4, 0x8933, &(0x7f00000000c0)={'wlan0\x00', <r6=>0x0})
sendmsg$NL80211_CMD_DEL_KEY(r4, &(0x7f0000004340)={0x0, 0x0, &(0x7f0000004300)={&(0x7f0000000180)=ANY=[@ANYBLOB="f5c8914800000000", @ANYRES16=r5, @ANYBLOB="010029bd7000ffdbdf250c00000008000300", @ANYRES32=r6, @ANYBLOB="04006e8004002800"], 0x24}, 0x1, 0x0, 0x0, 0x4c804}, 0x0) (async)
setsockopt$inet_sctp6_SCTP_SOCKOPT_BINDX_REM(r1, 0x84, 0x65, 0x0, 0x0) (async, rerun: 64)
r7 = socket$can_j1939(0x1d, 0x2, 0x7) (rerun: 64)
ioctl$ifreq_SIOCGIFINDEX_vcan(r7, 0x8933, &(0x7f0000000200)={'vxcan1\x00', <r8=>0x0})
bind$can_j1939(r7, &(0x7f0000000000)={0x1d, r8, 0x0, {0x0, 0x1}, 0xfe}, 0x18)
sendmsg$can_j1939(r7, &(0x7f00000002c0)={&(0x7f00000000c0)={0x1d, 0x0, 0x2, {0x0, 0x409ee07df186b7eb}}, 0x18, &(0x7f00000004c0)={0x0}, 0x1, 0x0, 0x0, 0x4004044}, 0x0) (async, rerun: 32)
getsockopt$inet_sctp6_SCTP_SOCKOPT_CONNECTX3(r0, 0x84, 0x6f, &(0x7f00000000c0)={0x0, 0x1c, &(0x7f00000003c0)=[@in6={0xa, 0x4e22, 0x2, @private2={0xfc, 0x2, '\x00', 0x1}, 0x2}]}, &(0x7f0000000100)=0x10) (async, rerun: 32)
setsockopt$inet_sctp6_SCTP_PEER_ADDR_THLDS(r0, 0x84, 0x85, &(0x7f0000000240)={0x0, @in={{0x2, 0x0, @empty}}, 0xff, 0x3}, 0x90) (async)
r9 = userfaultfd(0x80801)
ioctl$UFFDIO_API(r9, 0xc018aa3f, &(0x7f00000000c0))

9.709445173s ago: executing program 4 (id=1096):
r0 = socket$nl_route(0x10, 0x3, 0x0)
sendmsg$nl_route(r0, &(0x7f0000000000)={0x0, 0x46, &(0x7f0000000140)={&(0x7f0000000200)=@newlink={0x20, 0x10, 0x800, 0x70bd28, 0xffffffff, {0x0, 0xcf, 0x0, 0x0, 0x111cf}}, 0x20}}, 0x0)

9.266375614s ago: executing program 4 (id=1098):
r0 = socket$nl_route(0x10, 0x3, 0x0)
r1 = open(&(0x7f0000000340)='./cgroup\x00', 0x0, 0x120)
getdents(r1, 0x0, 0x0) (async)
sendmsg$nl_route(r0, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000040)={&(0x7f0000000080)=ANY=[@ANYBLOB="5800000010000104fcffffff0000000000000000", @ANYRES32=0x0, @ANYBLOB="0000000040000000380012800b0001006272696467650000280002800c002300076b"], 0x58}}, 0x0)

8.945256652s ago: executing program 6 (id=1099):
r0 = fsopen(&(0x7f0000000000)='ramfs\x00', 0x1)
fsconfig$FSCONFIG_CMD_CREATE(r0, 0x6, 0x0, 0x0, 0x0)
r1 = fsmount(r0, 0x0, 0x78)
fchdir(r1)
ioctl$UFFDIO_API(r1, 0xc018aa3f, &(0x7f0000000080)={0xaa, 0xd6})
r2 = creat(&(0x7f0000000100)='./file0\x00', 0x7a)
r3 = memfd_create(&(0x7f0000000080)='-\x03\xb0\xdbm\x0e\xf1\xe0\xa5', 0x4)
lseek(r3, 0xfffffffffffffffd, 0x2)
write$binfmt_elf32(r2, &(0x7f0000000040)=ANY=[@ANYBLOB="7f454c46000000000000000000000000030006000000000000000000380000000000000000191bda0000200001000000000280000000000003"], 0x69)
syz_fuse_handle_req(0xffffffffffffffff, 0x0, 0x0, &(0x7f0000000a00)={0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, &(0x7f0000000200)={0x90, 0xfffffffffffffff5, 0x0, {0x0, 0x0, 0x0, 0x4, 0x6, 0x0, {0x5, 0x2, 0x1000b, 0x100000a, 0x3, 0x0, 0xfffffffe, 0x8000000, 0x0, 0x8000, 0x2000002, 0x0, 0x0, 0x7, 0x4}}}, 0x0, 0x0, 0x0, 0x0, 0x0})
r4 = open(&(0x7f0000000380)='./bus\x00', 0x40, 0x0)
r5 = creat(&(0x7f0000000200)='./bus\x00', 0x84)
r6 = openat$cuse(0xffffffffffffff9c, &(0x7f0000000280), 0x2, 0x0)
bpf$BPF_BTF_LOAD(0x12, 0x0, 0x0)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xf, 0x4008031, 0xffffffffffffffff, 0x0)
madvise(&(0x7f00000ec000/0x800000)=nil, 0x800000, 0x17)
madvise(&(0x7f0000000000/0x600000)=nil, 0x600000, 0x15)
madvise(&(0x7f0000000000/0x2000)=nil, 0x8000000, 0x19)
madvise(&(0x7f0000000000/0x600000)=nil, 0x600000, 0x9)
write$FUSE_NOTIFY_STORE(r5, &(0x7f0000000240)=ANY=[@ANYBLOB='+'], 0x2b)
sendfile(r6, r4, 0x0, 0x4000000053d2)
close(r2)
r7 = fanotify_init(0x20, 0x800)
r8 = open$dir(&(0x7f00000000c0)='./file0\x00', 0x40000, 0x4)
fanotify_mark(r7, 0x641, 0x1020, r8, 0x0)
execve(&(0x7f0000000200)='./file0\x00', 0x0, 0x0)

8.297079696s ago: executing program 4 (id=1102):
r0 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xb, &(0x7f0000000180)=ANY=[@ANYBLOB="18000000000000000000000000000000180100002020702500000000002020207b1af8ff00000000bfa100000000000007010000f8ffffffb702000000000000b7030000ddffffff850000002d00000095"], &(0x7f0000000040)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000180)={&(0x7f0000003680)='sched_switch\x00', r0}, 0x10)
timer_create(0x0, &(0x7f00000003c0)={0x0, 0x21, 0x800000000004}, &(0x7f0000000380))
r1 = socket$inet_udp(0x2, 0x2, 0x0)
bpf$PROG_LOAD_XDP(0x5, 0x0, 0x0)
bpf$PROG_LOAD(0x5, &(0x7f0000000200)={0x11, 0xc, &(0x7f0000000440)=ANY=[], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
syz_open_procfs$namespace(0x0, 0xfffffffffffffffe)
bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, 0x0, 0x0)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0)
sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x8)
sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2)
sendmsg$ETHTOOL_MSG_LINKMODES_SET(0xffffffffffffffff, &(0x7f0000001780)={&(0x7f0000000300)={0x10, 0x0, 0x0, 0x80}, 0xc, &(0x7f0000000340)={&(0x7f0000000400)={0x135c, 0x0, 0x200, 0x70bd29, 0x25dfdbfd, {}, [@ETHTOOL_A_LINKMODES_OURS={0x1124, 0x3, 0x0, 0x1, [@ETHTOOL_A_BITSET_VALUE={0x1004, 0x4, "f4fb421bb8bf50390aa16661d13634aaa01dad9d12c4f6f890c4fc825f6548c7639a0e6a51e719d660daff39e5d7582d7852b6284b1690995704264960782fee272d91a05167e1d979f83b53dc64c7cd5598ae3ee911e17c0c7b0f0f7c29cd533a244e1d327cd4e6f6cb460a5538c17f99ca5a8797895fc8fff4e06ea53380fc9bf96edfc7eb1234e0e12213025b1ebbd3eed4c9c2a43a4e5869858725cb36062b4d8f6936c62b053d414e8eff3582721f8b0596aeaf71948fa9d70928ba047f1ceaed77a3096ca30d9afc13b4da7a8398ddfb5b540bf184c94cd3dbe92386bc5862bb46f73ae974d029b1a52c207bd905805982565bf9776a248e46153928cb644fd252a91f1f9c7a93faa9cb8cc9b1f91a7210bd96cf1e88e58cf216ccbe097c3a15998766240106c8b915d94e0565165a1d29b254a799c64430f1e800c7dfadeffb285f0ac825fe1bf1aa3ac2989cb9c37e624ec8752f22c273b517f00bca3294c8a8f17a76f69789d6b3bf17e3a752f01dbf7f1415a4eab23c8834e3c3892fc0eb94111eea6a31f931e2a890a03cf714fbea1ebf678d8215aae5d8ecb7af146af8be47545264b888ee12852967abe642172d831d12b69b0c7cab830277e48b29b1b90675401aaf840371e1836ee9ffa1f06bc2c9ad836178b4ca40e5c1a77108b78f913cab39887cced3c0a4c4c89aceff76b9377de4b8978c4a3ca281d39f1f88278c0b4a5e0b9d8d15ad0660ebde542974689069b979fcc3ce43f32f3cac5cd22e971c0b2447e929f77935c6b0ed1aa44c13f9684b92612c5e0198021aadbc950c4f600122c0899f626b475bda01b75c3690ab39a34de83259aa46d08c98fbdf36219f027fd1892344eb4c9aace8df32db6de87307ba940c351807df4642615b6ea698ea757fe9ec225f8d113cdce5e837aaa1b7426f5742925bd87ec76989b44d52ff99e086be6886499fb90c47c2a8e2cf29d15fe0c8986b3c537ca2cf345f49aa57040881e117d1e3448110aee5b04942653e3f0f8ff2a9a5617f09e26e80b757d4fd8e64838bb6265ea1959545d27a33cc8a03a20d04f39ef7abf0152a38363de53dbb2506268c7fbe14a05ea5b537d7fda0d907e2a6b6cfb2867dd5cccccc7ed4347653760f78a9bd76c819a8b8263989a1d5701ac4121a00f21f12a8619c86fc6d39754407587e7d72089a063eeb6749d86b474fcfb49b9312c02ad30a0556b047b4374891fde673f7caa70a0b9dcdf1bd8a655d7b3910aa5517e6fd78b94191ea79cf74a9e5831e6df5a05f8a0dc24e31b1b9afdbd422276cbe2bd80e484173c7b55d61027c54f475378ae8eb0315c72fbca2f97480775569eba1106b9a5c451f68e8b67b57831ffacf92ecf4df5ebffceebbbe6a4bb5a7ceb1d09a79c2672dd0703840719b39459e771ede589e77be6280a30f6964a2dd0db5ff8d0319cf8630438c9120891c06a291322c57bc534f9bd8c7a2b1a98ef6a29fca0f5ebcad17184f5e0b5388393e9b851ec5388e952b5895ef07404f5d6a65e7d0d1374963e5c229513eed85b7dec88ced111f1ad304e125d0018e43fa00501227232dcbf7b1a7e308d5647dbbfc7ef11553487395bf69c1b0fa16d5f016afa4267939a3bad91504738f54f56fd75a42328b4a8bb3aadc7cdbfcd2ab7e86381ab2366bda6dc471f23a5812461c7e026e76880e9ff47a16159d8fbaacc325800d33691f0da217470045c53e5fcc120252cad3ebd883cf4cd9fcf4ec935e63663c30ed5b9b7748347bd8a7e0c9d8c6e3ab96b9d124631f6f40c87bd3cd73b70c0801d22caa9e109fe83f0c96b2045ce95577a870d342a0e5110b25fd5cdd99a971c69176021458581dbadf7495ee100751847a58a122ec5728de51b4f9e9b9487ef49f7d8f6392b9bc197bbe66adfefffb2da24b6b15eee9653756328c7d62cfddb726475c0011c0072bf68e0d020ea1aeb7dc5a05c9978bafc5af8b342f417954bee11fc648c936bd37bf72bf9267dec94cdfa0722d5baf861e38a26ff561f66deb9327d18820e351c1e3545128f08ed321f022d323462fb8410a0dadda2f3f2c42818d644f3b2f4d5d2f8da01fbbef27183f06edfe5fa1ac5dc1ff4f0a222ae94f438d2d696d491c4da6da70b2cc58069cbbfb1ee9a9f9ee2bb37c03f145850f83a40212972ad4cca1caf827c1e8ef97f0ecd64171cdcc42e2b38c0d086e478b66e242cc186209cdc8867c817cd7683c5eba70d4c1104714db242a2a3cbcc1d8ecfe3dc0cef35c906950ecee3e8831665d4c3ef44ec5135ccc82df6044bbb3ff8930bc1af1463176f657df4e931ff3010a0fe29bac9ce988a9dda01c04a5ae6bbd1699081ce1e7eabb1937c572cbc79819f670b4f1a05f25c5780ed02af84fae9a84290358ef8501c50cbd594ebdeee47f0aaefad56a46b4534f264f517802b6f64fbb1985cb29388da588c8aa5821547f8af42324b9fddf4874047eb6cf6015a151e2c0c61464153cb2b66f2765655c7499cf40d746ea2418205158f6eae60a3d079568e25a9b34473dfa9981f3b4fb979243f68dae40725c5b76bb4c42f622010ff97859b9ce12082013591f0ac0125e52bac59c653c06c1b41adbe4e214982ab955e81df68c1fbcbcee03f020685891bd22a0df3d33240b3c1e60a54b90323989f7dc05edad52696234e3bc2e112ba7f904ffbbd6583d9bf4b4bce73c91ba938011f6f404b9a3671e738e2d0bf633e616b7bbf47309c63b6f12217eba4abb379786d347ab5d78a083dfbcce2af37c51e6ef3ff24255bc57f7993abc1d9ba60bc766af0c957171abe15d285ef326ba93515484b1117befe719dab80a23addf359f503ded5b77349fba3497e59598adf541c40f1c769a834dde21abd11ed250f09b6b5861bb97ab076d717a4885bd08fb5fdbb9af1113dc3f54ebd4c8c01ff67d25f69332bcfc9da2e9fc95773b6a0e6108fcf8d8fa662bd307701d7b49f30f56eb7f2433e6828aad9c24cca73ce9b05425d73f9117e4b7d338bfdf49762febfd93d0bacbb409d4ee0363df4894e3801f0fcb69aad22f8f05f5703d5104b9770deac61d61c4a320c3177530944f78f0740355d2073b1895c89148b04beee4e33123d786ae51037317285d51a9b021a808758cd4985a082afa80e4237782297cad0d01e08523b84c1437452d5ab01ea6b5ed62124bf51e1b4f4bfe62ce0c5fe4d02c5a706699fb36091fde4c83d2bcc7d6a55442de4c803dacae8a5e90344333311e451dffa1775f8f0b376f69c003515a9e9641c2a76febfb2ebcc3f24b3bb457b7786185d849a182c71d952de9159f8072481b4d2f9c4411a768b364d7510b6043c9c30c3c10a2de89779782e0a668a9252c576a1d0b9baafff41bb78e4726b8e98eba9a2d4b2cf5cdd141d2fd72c77d40895e680b27663064bfb0213fb6e4901888242279e437b0184e8f47121717cac8af63829eca65d5def35913a8e8a3a9caec72c8935bd452b69539d0b34675a054c4b7c3e2750eaf3588039d39e25a31005291c246ad718c2f64a15189add076b10dbcb6de605340c8f32d69ec6ab126c6e3571705998539c2da2b6ec53f45fa88e74fe4705f37a61b405d07ce8ef35e5c799bee3bc521c18b6a598883b19419205d375f545ece572946f38d05660e18c14da2d633191acc58571ab61805ce06ac3b2a7201c831ba5c7f28b9dac94b3ed1af3676c5633cff453f4d48fd85464c2553e539a7c05e80ff3548b654309603157d8d1202c813091b793da17596428593a33dcbae0a8b81e0a29a01f2f3efec74d4bb1b64a9c9502cfa37eb8b4e18ec8d11601f88a5b83f2035cad93b226d034aede24905287701faab9a96fc593cc8810a7e8aad4a2e0d1195deaf009f4309710f906bcdb664121214d19880ba0169fc69fc63f1d6b267fc6cb6a50a01bbba3cce6e805aff246bb5f9887ce2dcdfb57c99ea92309b61178273251952a87169d20e96a0e7e3765f046dea0d28769669ea3111f6f666bfa2a6aee2dbb1005ea21b00e35b18a072059c56a1a4acab1bfb7bd49998f54e6866caba252715fcd6fb601ca2c36e38d15098a903fa75a29ff093148d83f7020fea8aa4cf828c30b66491425287b1064f6ab76f9e08b9a68b359a563f3482edc342c5df6b88dc29edf9fef42916154f8c529f76d08316927461358f21eab7a9bb71b8e05e0f3d96ae5bb5511d9d2f2a8341b6b8b8aa80a3cc9230a1580054a1d276f6166228de221126563ba5abd6da40fcdf5268db21c71c8493cf789c9333e7c9d2c236104f644b1af1218b76482987cbb68cb4c8bd22cb836a9f510d4bbfd5035e0f0d31658585a9a2ef627eed05ed18acbb43d960c749c62d89d27916f693ace7070a23f083a897bb7cf358a368f2ef0647006c8882760fafd7b7c1bc6be13bf9c9c08d0e5dd2e2dfd2eb9e327a882b40f528ea675bf75ee3af011323a6deec90f5b1d1886900fc6a2e02c94818c49b55e32d5333204ad7c2c9a1a7e57f5e79b1abfda46ec7be4d823d2d734d9cb91c99e095848eab30993529672ade4709e9d1c72fab4c62d145106b05e64ef3a801b006285c9484e3d3af9b8bc45d8eaa8377ff6e0ddb16a7e110bdb45ac868aaeef033b7d7bf21a8a4ca940753b5615b209f79545acf11b391584feadd455d8313c309aec15e6751d82b5240131b0069a7018066efea2b2515714de85635c3c1cfaef9a6098aa24e07b420790fc91c12fead8a6b4478a4d1bad6bef59f307a09a5c0b89f8adef1eca500b8e0e52e56cfef5bbced0a6d433db3dd1e5811c0e1d797358246a369ed134e7bca651c3993910a9e660f7a93d9c4ca6d794fe8f79a05e25a7a02da481fd2eb2d7b25f92f08bb6a4a37bedf5492c265d7a524ba485785fad0524fa94f8ac339211bd522c2b60284d6bf07ab8164a690b6d8ecd662af97a193d5c1a54dec5264599eeffce95ede32a57f89b48d4ae9751602223ccbadf862f3150728b3664b413750f237478caa70cd5bbc9401ad1aa699f3aa1da242b3fa966ffd6bec4372e9217a3aa28600ce3bf32218ec580cc3072949ef703e9e422060b92be693b6be56b7c94d3df7083ab7e61022842c9bc9a54359cc50ea0919f25115668d0b9528658a4e5a88d21744db68f6c8eeef290cdec68b2e280fb522867c0f85aa2d38c7a7522e2ba3d195e436a642b3ac29ef97b53edd48532126ac3dc5e23f6f42dc9ff2533ff366df8a46edea649ef25df0b68e6721d4c96122f7c1b14aa34761caa1723d8f66e02629937fc490e05e06226ca30c0dba079c4ae14379ffaa6f0679c28940b7eb107c419c289744a7490e4ee8bc935b673715aef93315d2d2bcd5d821ab3eb8a908bc2926a90ef0ba76f071b4ce7f64c340d301a8445063e04a3f314750cf001d8864ab2b85c2c61a4acdbe888355266188962e017e411c7fac713ce072a3b40e4cfee821b91fcfc606fd3a97ce146c2316a6a1f62aeb9de8e1a5d44093394aad82b14629b86ca570369ebf2681b4742b9fe6562a08e417b8275641023830069f4929785d2306e3ff6fd5524e38f43b8560669265922f4c4c3d4f77f74bd6b8ed126f342559c83126b713149676b049de23e1e82f07a58aef7de44a95b646470603203112537e9f55118b9e7e7f9095a027c1fdc0c8010b334a4b1a71e86e7129f49b2d5480a9897a3d48cb43300390a0e2aa8123f6a3991eef68e1391638b854973fd118446bd4b1264f983ef9506372f1604124f7fc5e990901b4abd5ea548685f7d6867f03580e61aee6c2"}, @ETHTOOL_A_BITSET_NOMASK={0x4}, @ETHTOOL_A_BITSET_NOMASK={0x4}, @ETHTOOL_A_BITSET_SIZE={0x8, 0x2, 0x200}, @ETHTOOL_A_BITSET_MASK={0xfb, 0x5, "5ab1f674c5f1d9faf74b14cf27f8796c487ccf1e06a36ba25012c486a731ea8ec07bd987e3684fc46541c0286a105d7911a847fcee17b2a0b4921e2afc04103419492b822077dde86c98bedd31ca922693a9060142797d69a04a4ba351d178d9181c3aa5a208d71b8826766f2fbe324d3c7920c40bd2b13a25c398fe6e79dfa7f1285c42757015b942b78f630449824a5246d0aebb3871bca633670bb4b75d3ae3cfafc6b7c44b1a476b1a62e8f8bc1ae7be976ff6f67f6df16e0e5b428c7ce01f70a0370d82b6b93792ca8e0f1c13f1f00a7b88b644981bf3c1e887ddbca02b6e58b8e3a45c23d0d91a007eaec715db717002b515cd52"}, @ETHTOOL_A_BITSET_VALUE={0x6, 0x4, "cd7a"}, @ETHTOOL_A_BITSET_SIZE={0x8, 0x2, 0x3}]}, @ETHTOOL_A_LINKMODES_MASTER_SLAVE_CFG={0x5, 0x7, 0x5}, @ETHTOOL_A_LINKMODES_MASTER_SLAVE_CFG={0x5, 0x7, 0x3}, @ETHTOOL_A_LINKMODES_OURS={0x214, 0x3, 0x0, 0x1, [@ETHTOOL_A_BITSET_BITS={0x40, 0x3, 0x0, 0x1, [{0x28, 0x1, 0x0, 0x1, [@ETHTOOL_A_BITSET_BIT_VALUE={0x4}, @ETHTOOL_A_BITSET_BIT_NAME={0x8, 0x2, 'bpf\x00'}, @ETHTOOL_A_BITSET_BIT_INDEX={0x8, 0x1, 0x9}, @ETHTOOL_A_BITSET_BIT_INDEX={0x8, 0x1, 0x2}, @ETHTOOL_A_BITSET_BIT_INDEX={0x8}]}, {0x14, 0x1, 0x0, 0x1, [@ETHTOOL_A_BITSET_BIT_INDEX={0x8, 0x1, 0xd}, @ETHTOOL_A_BITSET_BIT_INDEX={0x8, 0x1, 0x1}]}]}, @ETHTOOL_A_BITSET_NOMASK={0x4}, @ETHTOOL_A_BITSET_BITS={0x30, 0x3, 0x0, 0x1, [{0x2c, 0x1, 0x0, 0x1, [@ETHTOOL_A_BITSET_BIT_INDEX={0x8, 0x1, 0x1}, @ETHTOOL_A_BITSET_BIT_INDEX={0x8, 0x1, 0xfffff4ea}, @ETHTOOL_A_BITSET_BIT_NAME={0xc, 0x2, 'ip_vti0\x00'}, @ETHTOOL_A_BITSET_BIT_VALUE={0x4}, @ETHTOOL_A_BITSET_BIT_NAME={0x8, 0x2, '/*(\x00'}]}]}, @ETHTOOL_A_BITSET_SIZE={0x8, 0x2, 0x715b}, @ETHTOOL_A_BITSET_VALUE={0x38, 0x4, "7f40a1334b89a00cd1b05d6ee04e1ad7689df814984bc071c676d5b7e83e10a2e7cc8a116ae420a7b2706f9b1029dd0695dbbcc2"}, @ETHTOOL_A_BITSET_BITS={0xc4, 0x3, 0x0, 0x1, [{0x24, 0x1, 0x0, 0x1, [@ETHTOOL_A_BITSET_BIT_NAME={0xe, 0x2, 'hashlimit\x00'}, @ETHTOOL_A_BITSET_BIT_INDEX={0x8, 0x1, 0x6}, @ETHTOOL_A_BITSET_BIT_NAME={0x8, 0x2, 'raw\x00'}]}, {0xc, 0x1, 0x0, 0x1, [@ETHTOOL_A_BITSET_BIT_NAME={0x8, 0x2, 'bpf\x00'}]}, {0x1c, 0x1, 0x0, 0x1, [@ETHTOOL_A_BITSET_BIT_INDEX={0x8, 0x1, 0x4}, @ETHTOOL_A_BITSET_BIT_INDEX={0x8, 0x1, 0x80000001}, @ETHTOOL_A_BITSET_BIT_INDEX={0x8, 0x1, 0x6}]}, {0x38, 0x1, 0x0, 0x1, [@ETHTOOL_A_BITSET_BIT_VALUE={0x4}, @ETHTOOL_A_BITSET_BIT_NAME={0x8, 0x2, '[-%\x00'}, @ETHTOOL_A_BITSET_BIT_INDEX={0x8, 0x1, 0x8}, @ETHTOOL_A_BITSET_BIT_INDEX={0x8, 0x1, 0xfa}, @ETHTOOL_A_BITSET_BIT_NAME={0x5, 0x2, '\x00'}, @ETHTOOL_A_BITSET_BIT_INDEX={0x8, 0x1, 0x1}, @ETHTOOL_A_BITSET_BIT_INDEX={0x8, 0x1, 0x2}]}, {0x2c, 0x1, 0x0, 0x1, [@ETHTOOL_A_BITSET_BIT_INDEX={0x8, 0x1, 0xfffffffb}, @ETHTOOL_A_BITSET_BIT_INDEX={0x8, 0x1, 0x65c}, @ETHTOOL_A_BITSET_BIT_NAME={0x7, 0x2, '=*\x00'}, @ETHTOOL_A_BITSET_BIT_VALUE={0x4}, @ETHTOOL_A_BITSET_BIT_VALUE={0x4}, @ETHTOOL_A_BITSET_BIT_NAME={0x8, 0x2, 'raw\x00'}]}, {0x10, 0x1, 0x0, 0x1, [@ETHTOOL_A_BITSET_BIT_NAME={0xa, 0x2, '{{%\xb4%\x00'}]}]}, @ETHTOOL_A_BITSET_VALUE={0xd, 0x4, "bbed494ad12279b2ff"}, @ETHTOOL_A_BITSET_MASK={0x87, 0x5, "112a6763efd2182c5854c9e49f5bee15b3666afaf8401e57499b9aacc942c777ab1961eb8a4c1d7eee58b33fbc3ebcac82b506f79eb5106b89d6646943f3260a0b9ed254cc906d23f049d9f29dddb423683feac7489e9b0d98b92b21b010a07b733fbf0ef54fdaa6acdd381868f34847824ca312c9e0894fd404e678ed2eb248536c61"}]}]}, 0x135c}, 0x1, 0x0, 0x0, 0x4044014}, 0x20008004)
sched_setscheduler(0x0, 0x2, &(0x7f0000000200)=0x7)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={<r2=>0xffffffffffffffff, <r3=>0xffffffffffffffff})
connect$unix(r2, &(0x7f000057eff8)=@abs, 0x6e)
sendmmsg$unix(r3, &(0x7f0000000000), 0x651, 0x0)
recvmmsg(r2, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
r4 = socket$nl_route(0x10, 0x3, 0x0)
ioctl$ifreq_SIOCGIFINDEX_wireguard(r4, 0x8933, &(0x7f00000000c0)={'wg2\x00', <r5=>0x0})
sendmsg$nl_route(r4, &(0x7f0000000280)={0x0, 0x0, &(0x7f0000000000)={&(0x7f00000002c0)=ANY=[@ANYBLOB="340000001000110400"/20, @ANYRES32=r5, @ANYBLOB="c7b18f4c2dc2beca08000400000000000c001a"], 0x34}}, 0x0)
r6 = openat$ppp(0xffffffffffffff9c, &(0x7f0000001740), 0x101042, 0x0)
ioctl$PPPIOCNEWUNIT(r6, 0xc004743e, &(0x7f0000000100))
ioctl$PPPIOCSACTIVE(r6, 0x40107446, &(0x7f0000000080)={0x2, &(0x7f00000000c0)=[{0x48, 0x8, 0xfe, 0x8}, {0x6, 0x0, 0x0, 0x8eb6}]})
writev(r6, &(0x7f0000000000)=[{&(0x7f0000000140)="15ef", 0x2}], 0x1)
socket$nl_xfrm(0x10, 0x3, 0x6)
setsockopt$IPT_SO_SET_REPLACE(r1, 0x0, 0x40, &(0x7f0000002480)=@raw={'raw\x00', 0x8, 0x3, 0x4e8, 0x0, 0x11, 0x148, 0x340, 0x0, 0x450, 0x2a8, 0x2a8, 0x450, 0x2a8, 0x3, 0x0, {[{{@uncond, 0x0, 0x2f8, 0x340, 0x0, {}, [@common=@inet=@hashlimit1={{0x58}, {'ip_vti0\x00', {0x0, 0x0, 0x3f, 0x0, 0x88000000, 0x3, 0x7}}}, @common=@unspec=@bpf1={{0x230}, @pinned={0x1, 0x0, 0x0, './file0\x00'}}]}, @unspec=@CT0={0x48}}, {{@ip={@multicast2, @empty, 0x0, 0x0, 'vlan0\x00', 'netdevsim0\x00'}, 0x0, 0xd0, 0x110, 0x0, {}, [@inet=@rpfilter={{0x28}}, @common=@unspec=@quota={{0x38}, {0x0, 0x0, 0x81}}]}, @common=@inet=@LOG={0x40, 'LOG\x00', 0x0, {0x4f, 0x7, "72f6daeff0a9c6294e211d2d88fe6dcff5d0e552201da3b7a1fdb30dcb59"}}}], {{'\x00', 0x0, 0x70, 0x98}, {0x28}}}}, 0x548)

8.296711387s ago: executing program 0 (id=1103):
bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x20, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000000000000b70400000000000085000000c300000095"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x50, '\x00', 0x0, @netfilter, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0}, 0x94)
r0 = bpf$MAP_CREATE(0x0, &(0x7f0000000c80)=ANY=[@ANYBLOB="1b00000000000000000000000080"], 0x50)
bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x0, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000000000000000000000000018120000", @ANYRES32=r0, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000002000000b7040000000000008500000043"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback=0x23, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0}, 0x94)
r1 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x1f, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000240)='GPL\x00', 0x4, 0x0, 0x0, 0x0, 0x1a, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
bpf$PROG_BIND_MAP(0xa, &(0x7f00000004c0)={r1}, 0xc)
creat(&(0x7f0000000280)='./file0\x00', 0xecf86c37d53049cc)
socket$nl_xfrm(0x10, 0x3, 0x6)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x5, 0x8b}, 0x0)
sched_setaffinity(0x0, 0x8, &(0x7f0000000200)=0x5b6e)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
r2 = syz_open_dev$MSR(&(0x7f00000001c0), 0x0, 0x0)
read$msr(r2, &(0x7f0000002000)=""/102400, 0x19000)
r3 = socket$nl_generic(0x10, 0x3, 0x10)
ioctl$TCFLSH(0xffffffffffffffff, 0x400455c8, 0x1)
r4 = syz_genetlink_get_family_id$batadv(&(0x7f0000000400), 0xffffffffffffffff)
sendmsg$BATADV_CMD_SET_MESH(r3, &(0x7f0000000540)={0x0, 0x0, &(0x7f0000000500)={&(0x7f0000000000)={0x24, r4, 0x1, 0x70bd28, 0x1, {}, [@BATADV_ATTR_MESH_IFINDEX={0x8}, @BATADV_ATTR_GW_MODE={0x5, 0x33, 0x1}]}, 0x24}}, 0x80)
r5 = socket$nl_generic(0x10, 0x3, 0x10)
ioctl$ifreq_SIOCGIFINDEX_batadv_mesh(r5, 0x8933, &(0x7f0000000140)={'batadv0\x00', <r6=>0x0})
r7 = socket$nl_route(0x10, 0x3, 0x0)
sendmsg$nl_route_sched(r7, &(0x7f0000000280)={0x0, 0x0, &(0x7f0000000240)={&(0x7f0000000340)=@getqdisc={0x24, 0x26, 0x200, 0x70bd2c, 0x25dfdbfb, {0x0, 0x0, 0x0, r6, {0x4, 0xffff}, {0x0, 0xd}, {0x2, 0xfff2}}}, 0x24}, 0x1, 0xf0ffffffffffff}, 0x0)
r8 = syz_init_net_socket$bt_l2cap(0x1f, 0x5, 0x0)
bind$bt_l2cap(r8, &(0x7f0000000000)={0x1f, 0x0, @any, 0x4, 0x1}, 0xe)
r9 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f00000003c0)={0x18, 0x3, &(0x7f0000000080)=ANY=[@ANYBLOB="d9620bb35df5a66a86e792bb95c26b1d77ca91a98aee8188776186a5e1b4ea4c95bfa044c6d0a0b0825516bbb9d3927a42b09c8a27765673f4f074"], &(0x7f0000000000)='syzkaller\x00', 0x0, 0x0, 0x0, 0x41100, 0x78, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x1}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000040)={&(0x7f00000000c0)='spmi_cmd\x00', r9, 0x0, 0xfffffffffffffffe}, 0x18)

8.010328755s ago: executing program 5 (id=1105):
socket$nl_generic(0x10, 0x3, 0x10)
r0 = socket$inet6(0xa, 0x3, 0x84)
setsockopt$inet6_IPV6_XFRM_POLICY(r0, 0x29, 0x23, &(0x7f0000000280)={{{@in=@rand_addr=0x64010102, @in=@dev={0xac, 0x14, 0x14, 0x28}, 0x0, 0x156, 0x2, 0x3, 0x2, 0x0, 0x0, 0x5e}, {0x0, 0x0, 0xffffffffffffffff, 0x2, 0xfffffffffffffffe, 0x2000000, 0x4}, {0x4, 0x0, 0x10000000000004}, 0x1, 0x0, 0x1, 0x0, 0x0, 0x2}, {{@in=@local, 0x0, 0x2b}, 0xa, @in6=@private0, 0x3507, 0x4, 0x0, 0x0, 0xffffffff, 0x8, 0x4}}, 0xe8)
connect$inet6(r0, &(0x7f0000000000)={0xa, 0x0, 0x0, @ipv4={'\x00', '\xff\xff', @dev={0xac, 0x14, 0x14, 0xff}}}, 0x1c)
socket$inet6(0xa, 0x80001, 0x0)
keyctl$instantiate(0xc, 0x0, 0x0, 0x2a, 0x0)
add_key(0x0, 0x0, &(0x7f0000000100), 0x0, 0x0)
openat$procfs(0xffffffffffffff9c, 0x0, 0x0, 0x0)
arch_prctl$ARCH_SHSTK_DISABLE(0x5002, 0x1)
arch_prctl$ARCH_SHSTK_ENABLE(0x5001, 0x1)
r1 = syz_clone(0x11, 0x0, 0x0, 0x0, 0x0, 0x0)
arch_prctl$ARCH_SHSTK_ENABLE(0x5001, 0x2)
ptrace$ARCH_SHSTK_ENABLE(0x1e, r1, 0x1, 0x5001)
ptrace$getregset(0x4204, r1, 0x204, 0x0)
ptrace$setregset(0x4205, r1, 0x204, 0x0)
map_shadow_stack(&(0x7f0000000000/0x200000)=nil, 0x200000, 0x1)
arch_prctl$ARCH_SHSTK_DISABLE(0x5002, 0x1)
r2 = syz_init_net_socket$netrom(0x6, 0x5, 0x0)
connect$netrom(r2, &(0x7f0000000140)={{0x6, @rose}, [@bcast, @rose={0xbb, 0xbb, 0xbb, 0x1, 0x0}, @default, @bcast, @bcast, @bcast, @bcast, @rose={0xbb, 0xbb, 0xbb, 0x1, 0x0}]}, 0x48)
r3 = syz_init_net_socket$bt_hci(0x1f, 0x3, 0x1)
ioctl$sock_inet_SIOCSIFFLAGS(r3, 0x8914, &(0x7f0000000100)={'nr0\x00', 0x2})
madvise(&(0x7f000025b000/0x3000)=nil, 0x3000, 0x9)
r4 = socket$pppoe(0x18, 0x1, 0x0)
connect$pppoe(r4, 0x0, 0x0)
ioctl$PPPIOCGCHAN(r4, 0x80047437, &(0x7f0000001f00))
socket(0x848000000015, 0x805, 0x0)
r5 = socket$nl_netfilter(0x10, 0x3, 0xc)
sendmsg$NFT_BATCH(r5, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000040)={&(0x7f00000004c0)=ANY=[@ANYBLOB="140000001000010000000000000000000000000a20000000000a01030000000000000000010000000900010073797a300000000040000000030a01020000000000000000010000000900030073797a3200000000140004800800027698eed7fd400000000008000140000000000900010073797a300000000040000000060a010400000000000000000100000008000b40000000000900010073797a30000000001800048014000180090001006c6173740000000004000280140000001100010000000000000000000000000ae7780da35d3e9c0d450e4a336494137ca88877cfeaf4c7f94d7c8c48661f4aa907a489bc44c5"], 0xc8}}, 0x0)
syz_emit_ethernet(0x46, &(0x7f0000000340)={@dev={'\xaa\xaa\xaa\xaa\xaa', 0x11}, @link_local, @void, {@ipv6={0x86dd, @icmpv6={0x0, 0x6, "cb763e", 0x10, 0x3a, 0xff, @empty, @ipv4={'\x00', '\xff\xff', @remote}, {[], @ndisc_ra}}}}}, 0x0)

6.690336616s ago: executing program 5 (id=1107):
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0)
sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x7)
r0 = getpid()
sched_setscheduler(r0, 0x2, &(0x7f0000000200)=0x4)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeef, 0x8031, 0xffffffffffffffff, 0x0)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={<r1=>0xffffffffffffffff, <r2=>0xffffffffffffffff})
connect$unix(r1, &(0x7f000057eff8)=@file={0x0, './file0\x00'}, 0x6e)
sendmmsg$unix(r2, &(0x7f0000000000), 0x400000000000041, 0x0)
recvmmsg(r1, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, 0x0, 0x0)
socketpair(0xf, 0x3, 0x2, &(0x7f00000001c0)={0xffffffffffffffff, <r3=>0xffffffffffffffff})
open_tree(0xffffffffffffff9c, &(0x7f0000000640)='\x00', 0x89901)
r4 = syz_genetlink_get_family_id$nl80211(&(0x7f0000000580), 0xffffffffffffffff)
r5 = socket$nl_generic(0x10, 0x3, 0x10)
ioctl$sock_SIOCGIFINDEX_80211(r5, 0x8933, &(0x7f0000000000)={'wlan0\x00', <r6=>0x0})
sendmsg$NL80211_CMD_SET_TID_CONFIG(r5, &(0x7f0000000680)={0x0, 0x0, &(0x7f0000000040)={&(0x7f0000000080)={0x1c, r4, 0x10ada85e65c25359, 0x70bd29, 0x8000000, {{0x6b}, {@val={0x8, 0x3, r6}, @void}}}, 0x1c}}, 0x800)
sendmsg$NL80211_CMD_REMAIN_ON_CHANNEL(r3, &(0x7f0000000280)={&(0x7f00000000c0)={0x10, 0x0, 0x0, 0x2}, 0xc, 0x0, 0x1, 0x0, 0x0, 0x4000042}, 0x24000800)
r7 = openat$nullb(0xffffffffffffff9c, 0x0, 0x282, 0x0)
sendfile(r7, r7, 0x0, 0x40008)
mknod$loop(&(0x7f0000000140)='./file0\x00', 0xfff, 0x0)
r8 = socket$nl_route(0x10, 0x3, 0x0)
sendmsg$nl_route(r8, 0x0, 0x0)
r9 = openat$iommufd(0xffffffffffffff9c, &(0x7f0000000080), 0x0, 0x0)
ioctl$IOMMU_TEST_OP_MOCK_DOMAIN_FLAGS(r9, 0x3ba0, &(0x7f0000000000)={0x48})
write(0xffffffffffffffff, &(0x7f0000000040)="2400000021002551241c0165ff00fc020200000000100f000ee1000c08000b0000000000", 0x24)

5.661947191s ago: executing program 1 (id=1108):
r0 = syz_init_net_socket$nl_generic(0x10, 0x3, 0x10)
r1 = syz_genetlink_get_family_id$nl802154(&(0x7f0000000080), r0) (async)
ioctl$sock_SIOCGIFINDEX_802154(r0, 0x8933, &(0x7f0000000140)={'wpan0\x00', <r2=>0x0}) (async)
r3 = syz_io_uring_setup(0x5c2, &(0x7f0000000140)={0x0, 0x0, 0x0, 0x8003}, &(0x7f0000000240)=<r4=>0x0, &(0x7f0000000200)=<r5=>0x0)
syz_memcpy_off$IO_URING_METADATA_GENERIC(r4, 0x4, &(0x7f0000000080)=0xfffffff8, 0x0, 0x4) (async)
syz_io_uring_submit(r4, r5, &(0x7f00000004c0)=@IORING_OP_RECV=@use_registered_buffer={0x1b, 0x38, 0x3, r3, 0x0, 0x0, 0x0, 0x1, 0x1, {0x2}})
io_uring_enter(r3, 0x6e2, 0x600, 0x1, 0x0, 0x0)
shutdown(0xffffffffffffffff, 0x0)
r6 = bpf$PROG_LOAD(0x5, &(0x7f0000000080)={0x11, 0x8, &(0x7f00000038c0)=ANY=[@ANYBLOB="620af8ff0c200021bfa100000000000007010000f8ffffffb702000003000000bd120000000000008500000006000000b70000000000000095000000000000003faf4f1e7f2aa3d9b18ed81c0c869b51ec6c0af4e0e4a9446c7670568982b4e020f698393aa0f3881f9c24aa56f15199fad0093c59d66b5ece9f36c70d0f13905ea23c22624c9f87f9793f50bb546040677b0c5077da80fb982c1e9400e693146cea484a415b76966118b64f751a0f241b072e90080008002d75593a625704f07a72c234664c0af9360a1f7a5e6b607130c89f18c0c1089d8b853289e01aa27ae8b09e00e79ab20b0b8e1148f49faf2ad0000000000000006fa03c6468972089b302d7bf6023cdcedb5e0125ebbc08dee510cb2364149215108333719acd97cfa107d40224edc5465a932b77e74e802a0d42bc6099ad2300000080006ef6c1ff0900000000000010c63a949e8b7955394ffa82b8e942c89112f4ab87b1bfeda7be586602d985430cea0162ab3fcf4591c926abfb0767192302000000b0eea24492a660583eecb42cbcd3de3a83209da17a0faf60fd6ad9b97aa5fa68480366c9c6fd6fa5043aa3926b81e3b59c95c25a573dc2edcaea2b1a52496dfcaf99431412fd134a996382a1a04d5bb924cfe5f3185418d605ffff9c4d2ec7c32f2095e63c80aff9fa740b5b7632f32030916f89c6dad7603f2ba2a790d62d6faec2fed44da4928b30142ba11de6c5d50b83bae613402216b5054d1e7c13b1355d6f4a8245ffa4997da97e22f4c0eb97fca585ec6bf58351d564beb6d952aab9c70764b0a8a7583c90b3433b809bdb9fbd48bc873495cbff8a326eea31ae4e0f7505ebf6c9d13330ca005ace1a84521f14518c9b476fccbd6c712016219848624b87cec2dbe98223a0eb4fa39f6b5c02e6d6d90756ff57902a8f57000000009700cf0b4b8bc2294133000000000000000000030000000000000000000000000010008bc0d9559711e6e8861c46495ba585a4b2d02edc3e28dd271c896249ed85b980680b00002b435ac15fc0288d9b2a169cdcacc413038dafb7a2c8cb482bac0ac502d9ba96ffffff7f0000100000000000007d5ad897ef3b7cda42013d53046da21b40216e14ba2d6ad5656bfff17addaedab25b30002abbba7fa725f38400be7c1f001b2cd317902f19e385be9e48dccff729433282830689da6b53b263339863297771429d120000003341bf4abacac95900fca0493cf29b33dcc9ffffffffffffffd39fec2271ff01589646efd1cf870cd7bb2366fde41f94290c2a5ff870ce41fd3467decb05cfd9fcb32c8ed1dbd9d10a64c1083d5e71b5565b1768ee58969c41595229df17bcad70fb4021428ce970275d13b78100788f11f76161d46ea3ab60fa4d30dc94ef241875f3b4ce0232fcea69c271d7fa29822aea68a660e717a04becff0f719197724f4fce1093b62d7e8c7123d8ec571be54c72d978cf906df0042e36acd37d7f9e119f2c06f815312e0cfe222a06f56dd022c074eb8a322fb0bf47c0a8d154b405c37feaf3dd95f6ef2ae582786105c7df8be5877050c91301bb997316dbf17866fb84d4173731efe895ff2e1c5560926e90109b598502d3e959efc71f665c4d75cf2458e3546c1c776da64fb5abee0acfd235f2f4632c9062ece84c99a061887a20639b41c8c12ee86c50804042b3fb5aac518a75f9e7d7101d5e186c489b3a06fb99e0aa7f23a054de2f4d92d6bd72ee2c9fdc75aaaf1e3e483b4ad05573af40326993947d9a631bcbf3583784acbda216550d7aec6b79e30cbd128f54c2d3335457acf37331766e472391e358c3b377327ac9ecc34f24c9ae153ec60ad0694dc55bff9f5f45f90400000000000000d6b2c5ea1393fdf24285bff3b89c9cc0ad1857216f1a985f369191ae954febb3df464bfe0f7f3ee9afe7befb89d2777399f5874c553aeb3729cffe86e66964ae09bb6d163118e4cbe024fd4500f8ff0700000000cc9d8046c216c1f895778cb25122a2a9f9b444aeadea2a40da8daccf080842a486721737390cbf3a74cb2003016f1514216bdf57d2a40d40b51ab63e96ec8485b3b8a8c9ae3d14f93100c2e0893862eef552fcde2981f48c482bde8a168c3f5db2fea6f26e4a4304e50c349f4f9ecee27defc93871c5f99b355b72d538ba4958ea8e4aa37094191e10096e7e60fc3541a2c905a1a95e9571bf38ae1981c4238ecaee6f75cd0a6881bd1517a8250ddc8674152f94e3a409e2a3bce109b60000000000000000d6d5210d7503000000a87a27602b81f76386f1535bef1497f92186086e29c6bc5a1fad6ec9a31137abf9a404abde7750898b1bd627e873f8703be8672d70d1ab57075228a9f46ed9bd1f08fb8191bbab2dc51de3a61f0868afc4294859323e6c257a45319f18101288d139bd3da20fed05a8fe64680b0a3fc22dd70400000000946912d6c98cd1a9fbe1e7d58c08acaf30235b918a31d2eca55f74a23641f61f2d5b308cf0d031b0c7f0ced69993e9960ff5f76015e6009556237badf4e7965bbe2777e808fcba821aa8e8c5c39609ff854352cb4900000000000000000000000000c1fee30a3f7a85d1b29e58c77685efc0ceb1c8e5729c66418d169fc03aa188546b3ad2a182068e1e3a0e2505bc7f41019645466a53f1c96e0d4b3bc19faa5449209b083dbd334b47f067bbab40743b2a42010082008df75cf43f8ecc8d3726602111b40e761fd21081920382f14d12ca3c3431ee97471c2ed01faa7eaa69eb7f7f80572fdd11bb1d0d1280fbc22bf73468788df51710d7d31c632fc5ed1762eb0b428ee751c47d8e894f745a868404a0bf35f0121008b722b1eaa6aedfa1bf2e7ccb2d61d5d76331945ecefa26b8471d42645288d7226bbd9ccd628ab84875f2c50ba891cea592b0430a537a395dc73bda367bf12cb7d81691a5fe8c47be395656a297e9df0e71f96756ea5cce7daac4be290159f6bcd75f0dda9de5532e71ae9e48b0ed0254a83100000000f6fbb869604d51a36a54c832e45b2569dc0d90b075225fde44c4e0973171ad47d6b0fdf9743af932cd6db49a47613808bad959710300000000000000832d0a45fa4242e24c7e800003c9e8095e02985f28e678f66422436f949e2ab8f162d7e3f855e378f4a1f40b0c6fb2d4b205a800b6d713acebc5b014e61a543a5a194f9ac18d76b5440e3b1a569e7397f6cafa86966d7ba19e720413267a6ccea9c439671d2c680f2753ca184eeeb843450368acb4383a01d25eb3d1e23e0f2645d1cdfa9fa410632f95a5f622f851c66ee7e30393cd7a4d67ff2a49c4f93c0984b5c2d4523497dad64f95f08493564a1df87111c9bf3194fef97dcecc467ace45feeb685c5870d05f88a0f463db88d377442e1349acaf766218b54a9d624778e1c4e064c98e494198276eb2df7766411bef0ebb5000000000006065d635b0b7a00ee767221d8af9753387e0cd8d718f54a29df6fba3bd4c440e6e2172e3fcc01b8babb757b5c59217b80d0db3ba582814a604e4ef7a803e9ca7c85b35c9b93a9e0885e238b44ae1c2e64cce3b27083b8246829e64056000302bffff15405bd5f2eba20000000000000000000000000000000000009a9823fd8fbc5aa165099c5ed032b48ea12d8e0588dc52702e4084913a06d468d0928bad76d697e1f85ab030e788d38788ee5b5428d4a971cc97db9fd2310801570735ce129e7e77fc2777692664a1488fd8d6dff4dad618fd54f529d4555c6507009ee69dd1bc55258789b24052137e9637f3efbab71720f88cf573fe0e5239c000be2733c49546f6e8a9175ec6f14dbf72cac91643b2fd99c29eca28a3c2e60d5e5b8795fae16a7c3ea57e728eca35eaf0155a39f97580e079175426c088a0208040982a0000000000000000000000000051ceaaf0159fe61f2eade7603d0a7a56fb09cd119ac06adb6597155ae47846892bb414c024d8cbe9240b71ec6dc2124d3a19e2d714b273d95d1d3aa737cb04a33615ff2a730e51067d5d675d7122361c37c61a43b5afd865b60d4cae891b73220f17d25985a7f76834995e53a93a1c7b9eef267df691ca983a0b15bda7f6c5c1ca7aa50261a3089a1ebf0734c9b07e8951ff023263ad5aed8cfb49b49e128c697724c057d22c5df5aef27ce3db11d5ad5527d149d076e1a87e2df27c0cb8a67ad026bf953e88f10447e125c2c0f1aebee1f3390a9e3ddad4e2a6e0f6e4569fdefa19e870e04acf9493b963f98e23cfc665e4f465fa3f801e1957c399e45f61d3459b1c606204368bb931345af2823c487d2fd99db6ea6e008e7ffa06ca861551189d155bd077a79fe2c7e961352e56824f727d21d41eae78bfec4a2d7a7edbc8ef958c5ea599f7c25bf71c2340558aa12fdd24a88aaad5921aee7dae6a2f3009d9cb43ab4898d0f0aa565431b6abe585d75db04d1c9ba0b9de4ae8b0d3132bc6810cc9a693979f55174a72e1df9fdef35bc470f9e6e591982757f45c52c645d891bf63bb21fb66926ebe1a8525611fc3e8bb8795c36dc2a86b5ab46ff33cc74f61751b2dae92676db85c8d0c721b7ea4544bf51c95c86fcac1f434d09d1ee4928aafe23de66fed972e0dddfb33f64e48701b049239e7f552d816441d11c4c2647c014462344359198d97c4b6e9ed31ca18987b64de079b2bed641e8a92f13ca70844c65cb423d01950b0ebf44bd28e09c05d9ae5dd689fb880fb18d042219f5ac60c3a03b085abf3e8e3efc842a8d328733461f04c99607061c65ed14c61322a5ac2d371a95b8ad867857ed13a4fa4ae033a09673866cd77f4bcdaaa05207166b19a8758d8855400d8c6a7242dc207251e8797eca24ea4f487663e60f2f5e1f1424958fd148f846830e88a42d93e1fe9c0b4a4a268921738938aa9f3cb3811ac87c54c8ebc8bcfb4613cc3a997ff1579edbd4ade8020e3ad001b072b1a751b588ac4639f35a58e00a50c0270608c7a7f10132b1c25b9ea81232fbef665f6212f875b2a000000000000000000000000000000000000000000000000000000a0cc2b89ce1525748ce167cbabb881f060599a6a59f645edca1d5c24b2f6b8c997a8f3e1b7679984a566d98d4d31198ee4c5ea7be0d99cf89bba4a6fd0bec12e7792bec3c5038e13b1982f80cdecd07f8908a983a7c9fb81c2ba7f7e87c991f30e50d1b3bbe4cf2a2f5d4571b6568ada51bc121c9139d2a8e0638c84066b1759081802"], &(0x7f0000000380)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x8, &(0x7f0000000000), 0x8, 0x10, &(0x7f0000000000), 0x10}, 0x2e)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000180)={&(0x7f0000000540)='rcu_utilization\x00', r6}, 0x10)
syz_kvm_setup_cpu$x86(0xffffffffffffffff, 0xffffffffffffffff, &(0x7f0000016000/0x18000)=nil, 0x0, 0x0, 0x4e, 0x0, 0x0) (async)
syz_emit_ethernet(0x3e, 0x0, 0x0)
sendmsg$NL802154_CMD_DEL_SEC_DEVKEY(r0, &(0x7f0000000e40)={0x0, 0x0, &(0x7f0000000380)={&(0x7f0000000500)=ANY=[@ANYBLOB='l\x00\x00\x00', @ANYRES16=r1, @ANYBLOB="010025bd7000fbdbdf251e00000008000300", @ANYRES32=r2, @ANYBLOB="50002f800c0002000203aaaaaaaaaaaa28000380080001000200"], 0x6c}, 0x1, 0x0, 0x0, 0x20000041}, 0x4880)

5.545962635s ago: executing program 5 (id=1109):
r0 = socket$inet_sctp(0x2, 0x5, 0x84)
r1 = socket$inet6_sctp(0xa, 0x1, 0x84)
setsockopt(r1, 0x84, 0x81, &(0x7f0000000280)="1a00000002000000", 0x8)
setsockopt$inet_sctp6_SCTP_AUTH_CHUNK(r1, 0x84, 0x15, &(0x7f0000000040)={0x6}, 0x1)
setsockopt$inet_sctp_SCTP_SOCKOPT_BINDX_ADD(r1, 0x84, 0x64, &(0x7f0000000000)=[@in6={0xa, 0x4e23, 0x401, @loopback}], 0x1c)
sendto$inet6(r1, &(0x7f00000003c0), 0x0, 0x400c0d4, &(0x7f0000000140)={0xa, 0x4e23, 0x1, @loopback, 0xffffffff}, 0x1c)
close_range(r0, 0xffffffffffffffff, 0x0)

5.356549136s ago: executing program 5 (id=1110):
r0 = socket$inet6_icmp_raw(0xa, 0x3, 0x3a)
socketpair$tipc(0x1e, 0x2, 0x0, &(0x7f0000000200)={<r1=>0xffffffffffffffff})
ioctl$sock_SIOCGIFINDEX(r0, 0x8933, &(0x7f0000000100)={'bridge0\x00', <r2=>0x0})
r3 = socket$netlink(0x10, 0x3, 0x0)
ioctl$ifreq_SIOCGIFINDEX_batadv_mesh(r1, 0x8933, &(0x7f0000000140)={'batadv0\x00', <r4=>0x0})
bpf$BPF_GET_PROG_INFO(0xf, &(0x7f0000000400)={0xffffffffffffffff, 0xe0, &(0x7f0000000300)={0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, ""/16, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, &(0x7f0000000140), &(0x7f0000000200), 0x8, 0x0, 0x8, 0x0, 0x0}}, 0x10)
r5 = bpf$BPF_PROG_WITH_BTFID_LOAD(0x5, &(0x7f0000000240)=@bpf_lsm={0x18, 0x7, &(0x7f0000000180)=@raw=[@func={0x85, 0x0, 0x1, 0x0, 0x4}, @exit, @initr0, @exit, @func={0x85, 0x0, 0x1, 0x0, 0xfffffffffffffffc}, @exit], &(0x7f00000000c0)='GPL\x00'}, 0x78)
bpf$BPF_GET_PROG_INFO(0xf, &(0x7f0000000580)={r5, 0xe0, &(0x7f0000000380)={0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, ""/16, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x8, 0x0, 0x0}}, 0x10)
sendmsg$nl_route(r3, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000001140)={&(0x7f0000000300)=ANY=[@ANYBLOB="440000001000030500000000ffdbdf2500000000", @ANYRES32=0x0, @ANYBLOB="15460100ef000000140012800b0001006d616373656300000400028008000500", @ANYRES32=r2, @ANYBLOB='\b\x00\n\x00', @ANYRES32=r4], 0x44}, 0x1, 0x0, 0x0, 0x200488c0}, 0x0)

5.197254326s ago: executing program 1 (id=1111):
syz_open_procfs(0x0, &(0x7f0000000100)='syscall\x00')
r0 = openat$nullb(0xffffffffffffff9c, &(0x7f0000000040), 0x2c240, 0x0) (async)
r1 = syz_open_dev$loop(&(0x7f0000000080), 0x47ffffa, 0x122c42)
ioctl$LOOP_CONFIGURE(r1, 0x4c0a, &(0x7f0000000440)={r0, 0x0, {0x0, 0x0, 0x0, 0x20000000000008, 0x200000, 0x0, 0x0, 0x0, 0x1c, "339f020bbe78b39843d601010000000000080d0ec0c1b4e9b1c4369d03740250ceaac594b1b3d741dd17c18e8438ef2a565ef1e83323695c58d66500", "a1163939c787a16c1ca43f8539f3d3289737f0374c72a964a0193b3e8772fd29f35239d200", "24431a1e77a68e174f000000000000000010e200000000000000000000000200"}}) (async)
ioctl$LOOP_CHANGE_FD(r1, 0x4c06, r0)
r2 = socket$nl_route(0x10, 0x3, 0x0) (async)
r3 = socket(0x1, 0x803, 0x0)
getsockname$packet(r3, &(0x7f0000000100)={0x11, 0x0, <r4=>0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000040)=0x14)
sendmsg$nl_route(r2, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000080)={&(0x7f0000000140)=@newlink={0x20, 0x10, 0x401, 0x0, 0x0, {0x0, 0x0, 0x0, r4, 0x0, 0x402d1}}, 0x20}, 0x1, 0x0, 0x0, 0x24048040}, 0x4000000)

4.907634449s ago: executing program 1 (id=1112):
bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x20, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32], 0x0, 0x0, 0x0, 0x0, 0x0, 0x50, '\x00', 0x0, @netfilter, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0}, 0x94)
bpf$MAP_CREATE(0x0, &(0x7f0000000c80)=ANY=[@ANYBLOB="1b00000000000000000000000080"], 0x50)
r0 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x1f, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000240)='GPL\x00', 0x4, 0x0, 0x0, 0x0, 0x1a, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
bpf$PROG_BIND_MAP(0xa, &(0x7f00000004c0)={r0}, 0xc)
creat(&(0x7f0000000280)='./file0\x00', 0xecf86c37d53049cc)
socket$nl_xfrm(0x10, 0x3, 0x6)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x5, 0x8b}, 0x0)
sched_setscheduler(0x0, 0x1, &(0x7f0000000100)=0x2)
sched_setaffinity(0x0, 0x8, &(0x7f0000000200)=0x5b6e)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
r1 = syz_open_dev$MSR(&(0x7f00000001c0), 0x0, 0x0)
read$msr(r1, &(0x7f0000002000)=""/102400, 0x19000)
r2 = socket$nl_generic(0x10, 0x3, 0x10)
ioctl$TCFLSH(0xffffffffffffffff, 0x400455c8, 0x1)
r3 = syz_genetlink_get_family_id$batadv(&(0x7f0000000400), 0xffffffffffffffff)
ioctl$ifreq_SIOCGIFINDEX_batadv_mesh(r2, 0x8933, &(0x7f0000000440)={'batadv0\x00', <r4=>0x0})
sendmsg$BATADV_CMD_SET_MESH(r2, &(0x7f0000000540)={0x0, 0x0, &(0x7f0000000500)={&(0x7f0000000000)={0x24, r3, 0x1, 0x70bd28, 0x1, {}, [@BATADV_ATTR_MESH_IFINDEX={0x8, 0x3, r4}, @BATADV_ATTR_GW_MODE={0x5, 0x33, 0x1}]}, 0x24}}, 0x80)
r5 = socket$nl_generic(0x10, 0x3, 0x10)
ioctl$ifreq_SIOCGIFINDEX_batadv_mesh(r5, 0x8933, &(0x7f0000000140)={'batadv0\x00', <r6=>0x0})
r7 = socket$nl_route(0x10, 0x3, 0x0)
sendmsg$nl_route_sched(r7, &(0x7f0000000280)={0x0, 0x0, &(0x7f0000000240)={&(0x7f0000000340)=@getqdisc={0x24, 0x26, 0x200, 0x70bd2c, 0x25dfdbfb, {0x0, 0x0, 0x0, r6, {0x4, 0xffff}, {0x0, 0xd}, {0x2, 0xfff2}}}, 0x24}, 0x1, 0xf0ffffffffffff}, 0x0)
r8 = syz_init_net_socket$bt_l2cap(0x1f, 0x5, 0x0)
bind$bt_l2cap(r8, &(0x7f0000000000)={0x1f, 0x0, @any, 0x4, 0x1}, 0xe)
r9 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f00000003c0)={0x18, 0x3, &(0x7f0000000080)=ANY=[@ANYBLOB="d9620bb35df5a66a86e792bb95c26b1d77ca91a98aee8188776186a5e1b4ea4c95bfa044c6d0a0b0825516bbb9d3927a42b09c8a27765673f4f074"], &(0x7f0000000000)='syzkaller\x00', 0x0, 0x0, 0x0, 0x41100, 0x78, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x1}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000040)={&(0x7f00000000c0)='spmi_cmd\x00', r9, 0x0, 0xfffffffffffffffe}, 0x18)
syz_emit_vhci(0x0, 0x16)
socket$nl_netfilter(0x10, 0x3, 0xc)

4.808931491s ago: executing program 1 (id=1113):
r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000440), 0x141800, 0x0)
r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0)
ioctl$KVM_CAP_SPLIT_IRQCHIP(r1, 0x4068aea3, &(0x7f0000000040)={0x79, 0x0, 0x5})
ioctl$AUTOFS_IOC_CATATONIC(r0, 0x9362, 0x0)
r2 = openat(0xffffffffffffff9c, &(0x7f0000000080)='./file0\x00', 0x183341, 0x0)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x20000008b}, 0x0)
sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x7)
r3 = getpid()
sched_setscheduler(r3, 0x1, &(0x7f0000000040)=0x7)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={<r4=>0xffffffffffffffff, <r5=>0xffffffffffffffff})
connect$unix(r4, &(0x7f0000000180)=@abs, 0x6e)
sendmmsg$unix(r5, &(0x7f00000bd000), 0x318, 0x0)
recvmmsg(r4, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000200)=0x4)
set_mempolicy(0x3, 0x0, 0x8)
sendmsg$kcm(0xffffffffffffffff, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000000)=[{&(0x7f0000004500)}], 0x1}, 0x0)
syz_80211_inject_frame(&(0x7f0000000340)=@device_b, &(0x7f0000000280)=ANY=[@ANYBLOB="e0380600ffffffffffff080211000000d0505050505093000c0103007f00200101368d73e1afebb26d9e2521c283ef1636b9d4bbaa9ba9a22b8f749a7490291c36a751333757cf6c5a98e720305052facccd83bd1bd0ab848f864c05c4986ac31d8103cb51af4ccb494380779cc366360e10e01e8ee5d1a3bc052831444e39c82ecbf5002ba185478576d6cac4f29c45"], 0x22)
readv(0xffffffffffffffff, &(0x7f0000000140)=[{0x0}], 0x1)
seccomp$SECCOMP_SET_MODE_FILTER_LISTENER(0x1, 0x7, &(0x7f0000000100)={0x1, &(0x7f0000000000)=[{0x6, 0x0, 0x0, 0x7fff0200}]})
listxattr(&(0x7f0000000100)='./file0\x00', 0x0, 0x0)
madvise(&(0x7f0000000000/0x800000)=nil, 0x800000, 0xe)
madvise(&(0x7f0000000000/0xc00000)=nil, 0xc00000, 0x16)
ioctl$TIOCSPGRP(r2, 0x5410, &(0x7f0000000240)=r3)
r6 = socket$nl_generic(0x10, 0x3, 0x10)
r7 = syz_genetlink_get_family_id$nl80211(&(0x7f0000000080), 0xffffffffffffffff)
ioctl$sock_SIOCGIFINDEX_80211(r6, 0x8933, &(0x7f0000000640)={'wlan0\x00', <r8=>0x0})
sendmsg$NL80211_CMD_SET_INTERFACE(r6, &(0x7f0000000100)={0x0, 0x0, &(0x7f0000000140)={&(0x7f0000000180)={0x24, r7, 0x5, 0x0, 0x0, {{}, {@val={0x8, 0x3, r8}, @void}}, [@NL80211_ATTR_IFTYPE={0x8, 0x5, 0x2}]}, 0x24}, 0x1, 0x0, 0x0, 0x1}, 0x0)
sendmsg$NL80211_CMD_CONNECT(r6, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000200)={&(0x7f0000000000)={0x48, r7, 0x5, 0x70bd25, 0x8, {{}, {@val={0x8, 0x3, r8}, @void}}, [@NL80211_ATTR_HT_CAPABILITY_MASK={0x1e, 0x94, {0x800, 0x1, 0x2, 0x0, {0x2, 0x111b, 0x0, 0xa4, 0x0, 0x0, 0x0, 0x1, 0x1}, 0x800, 0x4, 0x1}}, @NL80211_ATTR_SSID={0x5, 0x34, @random="b2"}, @NL80211_ATTR_DISABLE_HT={0x4}]}, 0x48}, 0x1, 0x0, 0x0, 0x10}, 0x4)
r9 = userfaultfd(0x801)
ioctl$UFFDIO_API(r9, 0xc018aa3f, &(0x7f0000000000)={0xaa, 0x280})

4.749160883s ago: executing program 5 (id=1114):
bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000200)={0x8, 0x3, 0x0, 0x0, 0xe, 0x0, 0x0, 0x0, 0x51, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x4d50}, 0x94) (async)
mprotect(&(0x7f0000000000/0x800000)=nil, 0x800000, 0x5) (async)
socket$inet6_sctp(0xa, 0x5, 0x84) (async)
r0 = socket$nl_generic(0x10, 0x3, 0x10)
r1 = socket$nl_generic(0x10, 0x3, 0x10)
r2 = openat$adsp1(0xffffffffffffff9c, &(0x7f0000000300), 0x0, 0x0) (async)
r3 = syz_open_dev$dri(&(0x7f0000000180), 0x1, 0x0) (async, rerun: 64)
r4 = syz_open_dev$dri(&(0x7f0000000180), 0x1, 0x0) (rerun: 64)
ioctl$DRM_IOCTL_MODE_CREATE_DUMB(r4, 0xc02064b2, &(0x7f0000000100)={0x6, 0x1f, 0x6}) (async)
ioctl$DRM_IOCTL_MODE_CREATE_DUMB(r3, 0xc02064b2, &(0x7f00000000c0)={0xdb, 0x1ff, 0xb})
ioctl$DRM_IOCTL_MODE_CREATE_DUMB(r4, 0xc02064b2, &(0x7f0000000000)={0x7fff, 0x8, 0x100}) (async)
ioctl$DRM_IOCTL_MODE_CREATE_DUMB(r3, 0xc02064b2, &(0x7f0000000240)={0x2, 0x5, 0x40003}) (async, rerun: 32)
r5 = syz_open_dev$dri(&(0x7f0000000180), 0x1, 0x0) (async, rerun: 32)
r6 = syz_open_dev$dri(&(0x7f0000000180), 0x1, 0x20400)
ioctl$DRM_IOCTL_MODE_CREATE_DUMB(r6, 0xc02064b2, &(0x7f0000000340)={0xda2, 0x8166, 0x7})
ioctl$DRM_IOCTL_MODE_CREATE_DUMB(r3, 0xc02064b2, &(0x7f0000000200)={0x200, 0x1fb, 0xc38}) (async)
r7 = syz_open_dev$dri(&(0x7f00000003c0), 0x1, 0xd1a00)
ioctl$DRM_IOCTL_MODE_CREATE_DUMB(r7, 0xc02064b2, &(0x7f0000000340)={0x8, 0x8169, 0x6, 0x0, <r8=>0x0})
ioctl$DRM_IOCTL_MODE_CREATE_DUMB(r5, 0xc02064b2, &(0x7f0000000280)={0x40, 0x403, 0xc}) (async)
r9 = syz_open_dev$dri(&(0x7f0000000100), 0x1f, 0x0) (async)
ioctl$DRM_IOCTL_MODE_CREATE_DUMB(r4, 0xc02064b2, &(0x7f00000001c0)={0x7, 0x1, 0x7}) (async)
ioctl$DRM_IOCTL_MODE_DESTROY_DUMB(r5, 0xc00464b4, &(0x7f0000000400)={r8})
ioctl$DRM_IOCTL_MODE_CREATE_DUMB(r3, 0xc02064b2, &(0x7f0000000040)={0x49, 0x7fff, 0x4})
ioctl$DRM_IOCTL_MODE_CREATE_DUMB(r9, 0xc02064b2, &(0x7f0000000140)={0x6, 0x1000, 0x800}) (async)
ioctl$DRM_IOCTL_MODE_CREATE_DUMB(r3, 0xc02064b2, &(0x7f0000000380)={0xff, 0x3, 0xd83f})
ioctl$DRM_IOCTL_MODE_CREATE_DUMB(r3, 0xc02064b2, &(0x7f00000002c0)={0x8, 0xd7, 0x8}) (async)
close_range(r2, 0xffffffffffffffff, 0x0)
r10 = syz_genetlink_get_family_id$tipc2(&(0x7f0000000640), 0xffffffffffffffff)
sendmsg$TIPC_NL_MEDIA_SET(r1, &(0x7f00000007c0)={0x0, 0x0, &(0x7f0000000780)={&(0x7f0000000080)=ANY=[@ANYBLOB=',\x00\x00\x00', @ANYRES16=r10, @ANYBLOB="010027bd7000fddbdf250b0000001800"], 0x2c}, 0x1, 0x0, 0x0, 0x800}, 0x4000)
sendmsg$TIPC_NL_MEDIA_GET(r0, &(0x7f0000000180)={&(0x7f0000000000)={0x10, 0x0, 0x0, 0x4000}, 0xc, &(0x7f0000000140)={&(0x7f0000000040)={0xe8, r10, 0x200, 0x70bd28, 0x25dfdbfb, {}, [@TIPC_NLA_BEARER={0x90, 0x1, 0x0, 0x1, [@TIPC_NLA_BEARER_DOMAIN={0x8, 0x3, 0x1}, @TIPC_NLA_BEARER_NAME={0xd, 0x1, @udp='udp:syz1\x00'}, @TIPC_NLA_BEARER_NAME={0x12, 0x1, @l2={'ib', 0x3a, 'netdevsim0\x00'}}, @TIPC_NLA_BEARER_PROP={0x3c, 0x2, 0x0, 0x1, [@TIPC_NLA_PROP_MTU={0x8, 0x4, 0x4}, @TIPC_NLA_PROP_TOL={0x8, 0x2, 0xffffffff}, @TIPC_NLA_PROP_MTU={0x8}, @TIPC_NLA_PROP_PRIO={0x8, 0x1, 0x11}, @TIPC_NLA_PROP_PRIO={0x8, 0x1, 0x15}, @TIPC_NLA_PROP_TOL={0x8}, @TIPC_NLA_PROP_PRIO={0x8, 0x1, 0xc}]}, @TIPC_NLA_BEARER_PROP={0x24, 0x2, 0x0, 0x1, [@TIPC_NLA_PROP_TOL={0x8, 0x2, 0x40000}, @TIPC_NLA_PROP_PRIO={0x8, 0x1, 0x1}, @TIPC_NLA_PROP_MTU={0x8}, @TIPC_NLA_PROP_MTU={0x8, 0x4, 0x10}]}]}, @TIPC_NLA_SOCK={0x30, 0x2, 0x0, 0x1, [@TIPC_NLA_SOCK_REF={0x8, 0x2, 0x7fff}, @TIPC_NLA_SOCK_CON={0xc, 0x3, 0x0, 0x1, [@TIPC_NLA_CON_NODE={0x8, 0x2, 0xfff}]}, @TIPC_NLA_SOCK_HAS_PUBL={0x4}, @TIPC_NLA_SOCK_ADDR={0x8, 0x1, 0x3}, @TIPC_NLA_SOCK_ADDR={0x8}, @TIPC_NLA_SOCK_CON={0x4}]}, @TIPC_NLA_PUBL={0x14, 0x3, 0x0, 0x1, [@TIPC_NLA_PUBL_TYPE={0x8, 0x1, 0x7}, @TIPC_NLA_PUBL_UPPER={0x8, 0x3, 0x3}]}]}, 0xe8}, 0x1, 0x0, 0x0, 0x11}, 0x0)

3.793086755s ago: executing program 6 (id=1115):
r0 = creat(&(0x7f0000000280)='./file0\x00', 0xecf86c37d53049cc)
write$binfmt_elf32(r0, &(0x7f0000000100)=ANY=[@ANYBLOB="7f454c4605030908770000000000000003000600155eef2e5a020002380000000b03010008000000e10a200003000100070403000000420e0400000009000000ffff000020000000010400000080000005000000010000000100000003000000bd0400000700100003000000fffbffff000000000800000003"], 0x98)
close(r0)
socket$kcm(0x2, 0x5, 0x84)
io_uring_setup(0x177d, &(0x7f00000002c0)={0x0, 0x698c, 0x40, 0x2, 0xfffffffe})
open(&(0x7f0000000180)='./bus\x00', 0x14927e, 0x0)
open_tree(0xffffffffffffff9c, &(0x7f0000000380)='\x00', 0x89901)
r1 = socket$can_bcm(0x1d, 0x2, 0x2)
connect$can_bcm(r1, &(0x7f00000000c0), 0x10)
sendmsg$NL80211_CMD_FRAME(0xffffffffffffffff, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000100)={&(0x7f0000000140)=ANY=[@ANYRES16=r1], 0x448}}, 0x0)
r2 = openat$ttyprintk(0xffffffffffffff9c, &(0x7f0000000080), 0x1, 0x0)
ioctl$TIOCSETD(r2, 0x5423, &(0x7f0000000900)=0x19)
writev(r2, &(0x7f0000000040)=[{0x0}, {&(0x7f0000000180)="da", 0x1}], 0x2)
sendmmsg$inet(r1, &(0x7f0000001b00)=[{{0x0, 0x0, &(0x7f00000001c0)=[{&(0x7f0000000080)="050000007402b8f4191db62b", 0xc}, {&(0x7f0000000440)="9f336d70bf41f19e47e98b4015e3b0384d86a1ceb4e530554ebc8154bf392bcf9ce0b09f879bd7aaf9d086e3", 0x2c}], 0x2}}, {{0x0, 0x0, &(0x7f0000000100), 0x2}}], 0x40000000000003a, 0x0)
r3 = openat$ttyprintk(0xffffffffffffff9c, &(0x7f0000000040), 0x21041, 0x0)
ioctl$TIOCSETD(r3, 0x5423, &(0x7f0000000000)=0xe)
ioctl$TCFLSH(r3, 0x540b, 0xfffffffffffeffff)
bpf$PROG_LOAD(0x5, &(0x7f000000e000)={0x15, 0x4, &(0x7f00000000c0)=ANY=[@ANYBLOB="b400000000000000791028000000000069004200000000009500740000000000", @ANYRESDEC], &(0x7f0000003ff6)='GPL\x00', 0x2, 0xfd90, &(0x7f000000cf3d)=""/164, 0x0, 0x25, '\x00', 0x0, @sk_reuseport, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0xffffff8f}, 0x48)
fcntl$setstatus(r0, 0x4, 0x400)
execve(&(0x7f00000000c0)='./file0\x00', 0x0, 0x0)
creat(&(0x7f0000000280)='./file0\x00', 0xecf86c37d53049cc) (async)
write$binfmt_elf32(r0, &(0x7f0000000100)=ANY=[@ANYBLOB="7f454c4605030908770000000000000003000600155eef2e5a020002380000000b03010008000000e10a200003000100070403000000420e0400000009000000ffff000020000000010400000080000005000000010000000100000003000000bd0400000700100003000000fffbffff000000000800000003"], 0x98) (async)
close(r0) (async)
socket$kcm(0x2, 0x5, 0x84) (async)
io_uring_setup(0x177d, &(0x7f00000002c0)={0x0, 0x698c, 0x40, 0x2, 0xfffffffe}) (async)
open(&(0x7f0000000180)='./bus\x00', 0x14927e, 0x0) (async)
open_tree(0xffffffffffffff9c, &(0x7f0000000380)='\x00', 0x89901) (async)
socket$can_bcm(0x1d, 0x2, 0x2) (async)
connect$can_bcm(r1, &(0x7f00000000c0), 0x10) (async)
sendmsg$NL80211_CMD_FRAME(0xffffffffffffffff, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000100)={&(0x7f0000000140)=ANY=[@ANYRES16=r1], 0x448}}, 0x0) (async)
openat$ttyprintk(0xffffffffffffff9c, &(0x7f0000000080), 0x1, 0x0) (async)
ioctl$TIOCSETD(r2, 0x5423, &(0x7f0000000900)=0x19) (async)
writev(r2, &(0x7f0000000040)=[{0x0}, {&(0x7f0000000180)="da", 0x1}], 0x2) (async)
sendmmsg$inet(r1, &(0x7f0000001b00)=[{{0x0, 0x0, &(0x7f00000001c0)=[{&(0x7f0000000080)="050000007402b8f4191db62b", 0xc}, {&(0x7f0000000440)="9f336d70bf41f19e47e98b4015e3b0384d86a1ceb4e530554ebc8154bf392bcf9ce0b09f879bd7aaf9d086e3", 0x2c}], 0x2}}, {{0x0, 0x0, &(0x7f0000000100), 0x2}}], 0x40000000000003a, 0x0) (async)
openat$ttyprintk(0xffffffffffffff9c, &(0x7f0000000040), 0x21041, 0x0) (async)
ioctl$TIOCSETD(r3, 0x5423, &(0x7f0000000000)=0xe) (async)
ioctl$TCFLSH(r3, 0x540b, 0xfffffffffffeffff) (async)
bpf$PROG_LOAD(0x5, &(0x7f000000e000)={0x15, 0x4, &(0x7f00000000c0)=ANY=[@ANYBLOB="b400000000000000791028000000000069004200000000009500740000000000", @ANYRESDEC], &(0x7f0000003ff6)='GPL\x00', 0x2, 0xfd90, &(0x7f000000cf3d)=""/164, 0x0, 0x25, '\x00', 0x0, @sk_reuseport, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0xffffff8f}, 0x48) (async)
fcntl$setstatus(r0, 0x4, 0x400) (async)
execve(&(0x7f00000000c0)='./file0\x00', 0x0, 0x0) (async)

3.657902159s ago: executing program 5 (id=1116):
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x6, 0x8b}, 0x0)
sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
r0 = syz_open_dev$MSR(&(0x7f00000001c0), 0x0, 0x0)
read$msr(r0, &(0x7f0000019680)=""/102392, 0x18ff8)
connect$inet6(0xffffffffffffffff, 0x0, 0x0)
r1 = openat$dsp(0xffffffffffffff9c, &(0x7f0000000000), 0x42f82, 0x0)
ioctl$SNDCTL_DSP_SPEED(r1, 0xc0045002, &(0x7f0000000180))
write$dsp(r1, &(0x7f00000001c0)="5cba91a4", 0xffffffd9)

3.425299176s ago: executing program 6 (id=1117):
socket$inet6(0xa, 0x2, 0x0)
r0 = socket$inet6_tcp(0xa, 0x1, 0x0)
setsockopt$inet6_tcp_int(r0, 0x6, 0x13, &(0x7f0000000040)=0x100000001, 0x76dc)
connect$inet6(r0, &(0x7f0000000100)={0xa, 0x0, 0x0, @empty}, 0x1c)
r1 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f00000003c0)={0x18, 0xb, &(0x7f0000000640)=ANY=[@ANYBLOB="18000000000000000000000000000000180100002020000000000000000000007b1af8ff00000000bfa100000000000007010000f8ffffffb702000008000000b703000000000000850000000600000095"], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x46, '\x00', 0x0, 0x2, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x2}, 0x94)
socket$kcm(0x1e, 0x2, 0x0)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000200)={&(0x7f00000002c0)='contention_begin\x00', r1, 0x0, 0xd}, 0x18)
prlimit64(0x0, 0xe, &(0x7f00000007c0)={0x8, 0x88}, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000080)=0x8)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
openat$sequencer(0xffffffffffffff9c, &(0x7f0000000300), 0x0, 0x0)
r2 = syz_open_dev$sndmidi(&(0x7f00000004c0), 0x2, 0x141102)
writev(r2, &(0x7f0000000840)=[{&(0x7f00000002c0)="94", 0xf000}, {0x0}], 0x2)
pselect6(0x40, &(0x7f00000001c0)={0x0, 0x0, 0x3, 0xfffffffffffffffd, 0x0, 0x0, 0x0, 0x8}, 0x0, &(0x7f00000002c0)={0x3ff, 0x0, 0x0, 0x9, 0x0, 0x0, 0x7fffffff, 0x2}, 0x0, 0x0)

3.211701241s ago: executing program 1 (id=1118):
syz_io_uring_setup(0xd1, 0x0, 0x0, 0x0)
bpf$MAP_CREATE(0x0, 0x0, 0x50)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000180)=0x3)
sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
r0 = syz_open_dev$MSR(&(0x7f00000001c0), 0x8000002000000, 0x0)
mknodat$loop(0xffffffffffffff9c, &(0x7f0000000040)='./file0\x00', 0x6000, 0x1)
r1 = fsopen(&(0x7f0000000100)='squashfs\x00', 0x1)
fsconfig$FSCONFIG_SET_STRING(r1, 0x1, &(0x7f0000000000)='source', &(0x7f0000000040), 0x0)
fsconfig$FSCONFIG_CMD_CREATE(r1, 0x6, 0x0, 0x0, 0x0)
read$msr(r0, &(0x7f0000032680)=""/102392, 0x18ff8)
r2 = openat$binderfs(0xffffffffffffff9c, &(0x7f0000000380)='./binderfs/binder0\x00', 0x0, 0x0)
r3 = inotify_init1(0x0)
r4 = inotify_add_watch(r3, &(0x7f0000000200)='.\x00', 0x400)
r5 = dup(r3)
syz_io_uring_setup(0x239, &(0x7f0000000740)={0x0, 0x131a, 0x10100}, &(0x7f0000000180)=<r6=>0x0, &(0x7f00000001c0)=<r7=>0x0)
syz_io_uring_submit(r6, r7, &(0x7f0000000040)=@IORING_OP_POLL_ADD={0x6, 0x2, 0x0, @fd_index=0x4, 0x0, 0x0, 0x0, {}, 0x1})
read$FUSE(r5, &(0x7f0000002280)={0x2020}, 0x2020)
futex(&(0x7f0000000240)=0x1, 0xc, 0x1, &(0x7f0000000300)={0x77359400}, &(0x7f0000000340)=0x1, 0x2)
inotify_rm_watch(r5, r4)
ioctl$BINDER_SET_CONTEXT_MGR_EXT(r2, 0x4018620d, &(0x7f00000000c0)={0x73622a85, 0x1000, 0x2})
r8 = openat$binderfs(0xffffffffffffff9c, &(0x7f0000000200)='./binderfs/binder0\x00', 0x0, 0x0)
ioctl$BINDER_WRITE_READ(r8, 0xc0306201, &(0x7f0000000080)={0x0, 0x0, 0x0, 0x0, 0x0, 0x0})
dup3(r8, r2, 0x0)
r9 = openat$binderfs(0xffffffffffffff9c, 0x0, 0x802, 0x0)
mmap$binder(&(0x7f0000ffd000/0x2000)=nil, 0x2000, 0x1, 0x11, r9, 0x0)
ioctl$BINDER_SET_CONTEXT_MGR_EXT(r9, 0x4018620d, 0x0)
ioctl$BINDER_WRITE_READ(r8, 0xc0306201, &(0x7f00000001c0)={0xfffffffffffffd27, 0x0, &(0x7f0000000900)=[@transaction={0x40406300, {0x1, 0x0, 0x0, 0x0, 0x23, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}}], 0x0, 0x0, 0x0})
ioctl$BINDER_WRITE_READ(r2, 0xc0306201, &(0x7f0000000180)={0x4c, 0x0, &(0x7f0000000100)=[@transaction_sg={0x40486311, {0x1, 0x0, 0x0, 0x0, 0x30, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x2ff8}], 0x0, 0x0, 0x0})

3.211307648s ago: executing program 0 (id=1119):
ioctl$AUTOFS_DEV_IOCTL_OPENMOUNT(0xffffffffffffffff, 0xc0189374, &(0x7f0000000040)={{0x1, 0x1, 0x18, <r0=>0xffffffffffffffff, {0x9}}, './file0\x00'})
sendmsg$NFT_MSG_GETCHAIN(r0, &(0x7f00000001c0)={&(0x7f0000000080)={0x10, 0x0, 0x0, 0x100}, 0xc, &(0x7f0000000180)={&(0x7f00000000c0)={0x44, 0x4, 0xa, 0x900, 0x0, 0x0, {0x7, 0x0, 0x5}, [@NFTA_CHAIN_COUNTERS={0x1c, 0x8, 0x0, 0x1, [@NFTA_COUNTER_PACKETS={0xc, 0x2, 0x1, 0x0, 0x1000000fff}, @NFTA_COUNTER_BYTES={0xc, 0x1, 0x1, 0x0, 0x1}]}, @NFTA_CHAIN_HANDLE={0xc, 0x2, 0x1, 0x0, 0x5}, @NFTA_CHAIN_FLAGS={0x8, 0xa, 0x1, 0x0, 0x3}]}, 0x44}, 0x1, 0x0, 0x0, 0x4}, 0x4000840)
bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, 0x0, 0x0)
r1 = syz_usb_connect$hid(0x0, 0x1e, &(0x7f0000000000)={{0x12, 0x1, 0x0, 0x0, 0x0, 0x0, 0x10, 0x56a, 0x331, 0x0, 0x0, 0x0, 0x0, 0x1, [{{0x9, 0x2, 0x24, 0x1, 0x0, 0x0, 0x80, 0x0, [{{0x9, 0x4, 0x0, 0x2, 0x1, 0x3, 0x0, 0x1, 0x0, {0x9, 0x21, 0x0, 0x0, 0x1, {0x22, 0x4f8}}, {{{0x9, 0x5, 0x81, 0x3, 0x40, 0x4}}}}}]}}]}}, 0x0)
syz_usb_control_io(r1, 0x0, 0x0)
syz_usb_control_io$printer(0xffffffffffffffff, &(0x7f00000003c0)={0x14, 0x0, &(0x7f0000000240)={0x0, 0x3, 0x2e, @string={0x2e, 0x3, "7d8dc79220d8ad866be62f227d1c7f1aa59b3f7e46f971324bf3aca177ab5a87c94cc8c75ecd3fed3cf9120a"}}}, 0x0)
syz_usb_control_io$hid(r1, &(0x7f0000000340)={0x24, 0x0, 0x0, &(0x7f0000000140)=ANY=[@ANYBLOB="00220508"], 0x0}, 0x0)

2.119402142s ago: executing program 4 (id=1120):
r0 = socket$inet_sctp(0x2, 0x5, 0x84)
r1 = socket$inet6_sctp(0xa, 0x1, 0x84)
setsockopt(r1, 0x84, 0x81, &(0x7f0000000280)="1a00000002000000", 0x8)
setsockopt$inet_sctp6_SCTP_AUTH_CHUNK(r1, 0x84, 0x15, &(0x7f0000000040)={0x6}, 0x1)
setsockopt$inet_sctp_SCTP_SOCKOPT_BINDX_ADD(r1, 0x84, 0x64, &(0x7f0000000000)=[@in6={0xa, 0x4e23, 0x401, @loopback}], 0x1c)
sendto$inet6(r1, &(0x7f00000003c0), 0x0, 0x400c0d4, &(0x7f0000000140)={0xa, 0x4e23, 0x1, @loopback, 0xffffffff}, 0x1c)
close_range(r0, 0xffffffffffffffff, 0x0)

2.00699341s ago: executing program 1 (id=1121):
socket$nl_route(0x10, 0x3, 0x0)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0)
sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x8)
r0 = getpid()
r1 = bpf$MAP_CREATE_CONST_STR(0x0, &(0x7f00000004c0)=ANY=[@ANYBLOB="0200000004000000080000000100000080"], 0x48)
bpf$BPF_MAP_CONST_STR_FREEZE(0x16, &(0x7f0000000480)={r1}, 0x4)
r2 = bpf$PROG_LOAD(0x5, &(0x7f0000000300)={0x11, 0x10, &(0x7f00000003c0)=ANY=[@ANYBLOB="18000000510700140000000000000001b7080000000000007b8af8ff00000000b7080000fcffffff7b8af0ff00000000bfa100000000000007010000f8ffffffbfa400000000000007040000f0ffffffb70200000800000018230000", @ANYRES32=r1, @ANYBLOB="0000000000000000b70500000800000085000000a500000095"], &(0x7f0000000200)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000540)={&(0x7f0000000080)='sched_switch\x00', r2}, 0x10)
sched_setscheduler(r0, 0x2, &(0x7f0000000200)=0x7)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000240)={<r3=>0xffffffffffffffff, <r4=>0xffffffffffffffff})
connect$unix(r3, &(0x7f0000000480)=@abs={0x0, 0x0, 0x8004e24}, 0x6e)
sendmmsg$unix(r4, &(0x7f0000000000), 0x651, 0x0)
recvmmsg(r3, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
r5 = socket$nl_generic(0x10, 0x3, 0x10)
r6 = syz_genetlink_get_family_id$nl80211(&(0x7f0000000080), 0xffffffffffffffff)
sendmsg$NL80211_CMD_REMAIN_ON_CHANNEL(r5, &(0x7f0000000480)={0x0, 0x0, &(0x7f0000000140)={&(0x7f00000001c0)={0x1c, r6, 0x9c3fa077fa966179, 0x0, 0x0, {{0x7e}, {@val={0x8}, @void}}}, 0x1c}, 0x1, 0x0, 0x0, 0x4008084}, 0x0)
openat$cgroup_ro(0xffffffffffffff9c, 0x0, 0x275a, 0x0)
r7 = socket$inet6_tcp(0xa, 0x1, 0x0)
close(r7)
r8 = socket$inet6_mptcp(0xa, 0x1, 0x106)
bind$inet6(r7, &(0x7f0000000040)={0xa, 0x4e22, 0x0, @empty, 0x200}, 0x1c)
listen(r8, 0x0)
r9 = socket$inet_mptcp(0x2, 0x1, 0x106)
connect$inet(r9, &(0x7f0000000000)={0x2, 0x4e22, @empty}, 0x10)
r10 = accept(r8, 0x0, 0x0)
r11 = socket$nl_route(0x10, 0x3, 0x0)
sendmsg$nl_route(r11, &(0x7f0000000140)={0x0, 0x0, &(0x7f0000000080)={&(0x7f00000000c0)=ANY=[@ANYBLOB="280000001000010800"/20, @ANYRES32=0x0, @ANYBLOB="d4d9dfdb6510fba808001b"], 0x28}, 0x1, 0x0, 0x0, 0x20048054}, 0x0)
sendmsg$NFT_BATCH(0xffffffffffffffff, 0x0, 0x0)
sendmsg$TEAM_CMD_OPTIONS_SET(r10, &(0x7f0000000300)={0x0, 0x0, &(0x7f0000000440)={&(0x7f0000000200)=ANY=[], 0xfffffdef}, 0x1, 0x0, 0x0, 0x2400c840}, 0x0)

2.006105873s ago: executing program 4 (id=1122):
r0 = socket$l2tp(0x2, 0x2, 0x73)
setsockopt$SO_BINDTODEVICE(r0, 0x1, 0x19, &(0x7f0000000180)='batadv0\x00', 0x10)
bind$inet(r0, &(0x7f0000000080)={0x2, 0x0, @remote}, 0x10)
connect$inet(r0, &(0x7f0000000280)={0x2, 0x4e20, @private=0xa010101}, 0x10)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f00000001c0)=0x8)
r1 = getpid()
sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2)
sched_setscheduler(r1, 0x2, &(0x7f0000000200)=0x7)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, r0, 0x6770c000)
socketpair$unix(0x1, 0x5, 0x0, &(0x7f0000000200)={<r2=>0xffffffffffffffff, <r3=>0xffffffffffffffff})
connect$unix(r2, &(0x7f000057eff8)=@abs, 0x6e)
sendmmsg$unix(r3, &(0x7f0000000000), 0x651, 0x0)
recvmmsg(r3, &(0x7f00000000c0), 0x0, 0x2, 0x0)
r4 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000200)={0x18, 0x5, &(0x7f0000000400)=ANY=[@ANYBLOB="6cd9e058ae4714ee46e4dff2d3c073748e1417b27964800076b4908e"], &(0x7f0000000180)='GPL\x00', 0x1, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x2, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x40, 0x0, 0x0, 0x10, 0x1}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000080)={&(0x7f0000000380)='sched_switch\x00', r4}, 0x18)
r5 = openat$rdma_cm(0xffffffffffffff9c, &(0x7f0000000200), 0x2, 0x0)
write$RDMA_USER_CM_CMD_CREATE_ID(r5, &(0x7f00000002c0)={0x0, 0x18, 0xfa00, {0x0, &(0x7f0000000300)={<r6=>0xffffffffffffffff}, 0x2}}, 0x20)
write$RDMA_USER_CM_CMD_RESOLVE_ADDR(r5, &(0x7f0000000000)={0x15, 0x110, 0xfa08, {r6, 0x0, 0x10, 0x10, 0x0, @in={0x2, 0x0, @empty}, @in={0x2, 0x0, @empty}}}, 0x118)
r7 = open_tree(0xffffffffffffffff, &(0x7f0000000340)='./file0\x00', 0x900)
write$cgroup_subtree(r7, &(0x7f00000003c0)={[{0x2b, 'blkio'}, {0x2d, 'blkio'}, {0x2d, 'perf_event'}, {0x2d, 'net_prio'}, {0x2d, 'devices'}]}, 0x2d)
r8 = bpf$PROG_LOAD(0x5, &(0x7f0000000240)={0x11, 0xb, &(0x7f0000000180)=ANY=[@ANYBLOB="18000000000000000000000000000000180100002020702500000000002020207b1af8ff00000000bfa100000000000007010000f8ffffffb702000000000000b703000000000000850000000400000095"], &(0x7f0000000040)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback=0x9, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000200)={&(0x7f0000000100)='kfree\x00', r8}, 0x18)
r9 = bpf$MAP_CREATE(0x0, &(0x7f0000000100)=ANY=[@ANYBLOB="1700000000000000008400000100000000000000", @ANYRES32=0x1, @ANYBLOB='\x00'/20, @ANYRES32=0x0, @ANYRES32, @ANYBLOB='\x00'/28], 0x50)
bpf$MAP_UPDATE_ELEM_TAIL_CALL(0x2, &(0x7f0000000080)={{r9, <r10=>0xffffffffffffffff}, 0x0, &(0x7f0000000040)}, 0x20)
bpf$MAP_LOOKUP_ELEM(0x1, &(0x7f0000000200)={r10, 0x0, &(0x7f0000001780)=""/4096}, 0x20)
write$RDMA_USER_CM_CMD_QUERY(r5, &(0x7f00000001c0)={0x13, 0x10, 0xfa00, {&(0x7f0000000480), r6, 0x2}}, 0x18)
openat$ttyS3(0xffffffffffffff9c, 0x0, 0x121602, 0x0)
socket$inet_tcp(0x2, 0x1, 0x0)
socket$nl_netfilter(0x10, 0x3, 0xc)

1.977968206s ago: executing program 6 (id=1123):
bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x20, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32], 0x0, 0x0, 0x0, 0x0, 0x0, 0x50, '\x00', 0x0, @netfilter, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0}, 0x94)
bpf$MAP_CREATE(0x0, &(0x7f0000000c80)=ANY=[@ANYBLOB="1b00000000000000000000000080"], 0x50)
r0 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x1f, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000240)='GPL\x00', 0x4, 0x0, 0x0, 0x0, 0x1a, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
bpf$PROG_BIND_MAP(0xa, &(0x7f00000004c0)={r0}, 0xc)
creat(&(0x7f0000000280)='./file0\x00', 0xecf86c37d53049cc)
socket$nl_xfrm(0x10, 0x3, 0x6)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x5, 0x8b}, 0x0)
sched_setscheduler(0x0, 0x1, &(0x7f0000000100)=0x2)
sched_setaffinity(0x0, 0x8, &(0x7f0000000200)=0x5b6e)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
r1 = syz_open_dev$MSR(&(0x7f00000001c0), 0x0, 0x0)
read$msr(r1, &(0x7f0000002000)=""/102400, 0x19000)
r2 = socket$nl_generic(0x10, 0x3, 0x10)
ioctl$TCFLSH(0xffffffffffffffff, 0x400455c8, 0x1)
r3 = syz_genetlink_get_family_id$batadv(&(0x7f0000000400), 0xffffffffffffffff)
ioctl$ifreq_SIOCGIFINDEX_batadv_mesh(r2, 0x8933, &(0x7f0000000440)={'batadv0\x00', <r4=>0x0})
sendmsg$BATADV_CMD_SET_MESH(r2, &(0x7f0000000540)={0x0, 0x0, &(0x7f0000000500)={&(0x7f0000000000)={0x24, r3, 0x1, 0x70bd28, 0x1, {}, [@BATADV_ATTR_MESH_IFINDEX={0x8, 0x3, r4}, @BATADV_ATTR_GW_MODE={0x5, 0x33, 0x1}]}, 0x24}}, 0x80)
r5 = socket$nl_generic(0x10, 0x3, 0x10)
ioctl$ifreq_SIOCGIFINDEX_batadv_mesh(r5, 0x8933, &(0x7f0000000140)={'batadv0\x00', <r6=>0x0})
r7 = socket$nl_route(0x10, 0x3, 0x0)
sendmsg$nl_route_sched(r7, &(0x7f0000000280)={0x0, 0x0, &(0x7f0000000240)={&(0x7f0000000340)=@getqdisc={0x24, 0x26, 0x200, 0x70bd2c, 0x25dfdbfb, {0x0, 0x0, 0x0, r6, {0x4, 0xffff}, {0x0, 0xd}, {0x2, 0xfff2}}}, 0x24}, 0x1, 0xf0ffffffffffff}, 0x0)
r8 = syz_init_net_socket$bt_l2cap(0x1f, 0x5, 0x0)
bind$bt_l2cap(r8, &(0x7f0000000000)={0x1f, 0x0, @any, 0x4, 0x1}, 0xe)
r9 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f00000003c0)={0x18, 0x3, &(0x7f0000000080)=ANY=[@ANYBLOB="d9620bb35df5a66a86e792bb95c26b1d77ca91a98aee8188776186a5e1b4ea4c95bfa044c6d0a0b0825516bbb9d3927a42b09c8a27765673f4f074"], &(0x7f0000000000)='syzkaller\x00', 0x0, 0x0, 0x0, 0x41100, 0x78, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x1}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000040)={&(0x7f00000000c0)='spmi_cmd\x00', r9, 0x0, 0xfffffffffffffffe}, 0x18)
syz_emit_vhci(0x0, 0x16)
socket$nl_netfilter(0x10, 0x3, 0xc)

161.225214ms ago: executing program 0 (id=1124):
socket$inet6_icmp_raw(0xa, 0x3, 0x3a)
r0 = socket$nl_xfrm(0x10, 0x3, 0x6)
sendmsg$nl_xfrm(r0, &(0x7f0000000040)={0x0, 0x0, &(0x7f00000001c0)={&(0x7f0000000480)=ANY=[@ANYBLOB="fc0000001900674c0000000000000000e0000001000000000000000000000000e000000200000000000000000000000000000000000000000a00000000000000", @ANYRES32=0x0, @ANYRES32=0x0, @ANYBLOB="0000000000000000000000000000400000000000000000000000000000000000000000000000000001000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000010000000000000044000500000000000000000000000000000000000000000033"], 0xfc}}, 0x0)
r1 = socket$inet6_tcp(0xa, 0x1, 0x0)
syz_clone(0x301000, &(0x7f00000000c0)="f66baf03278c909be0cc9b449a5bef1c88aed2fead03392b5f23c6acf1be3cf76e61e80e9e38ce03fccd7542c8ae7fb0e07f9b578d759c4735c392f32a2793bf56e1c2dcf9295ce00713454dd3f21652a5ee64cb7a1b33bc929d089b750a3f26a224914992a7eb36ee68450af114e607cfe3d5d2bd8d0315bb115b9fa214ef73ed126cb53a860bf5b74aab97532d9a00118978e6a5c1b97b2f49b87ac5ac5f18112a5877df8b71e0fbadb53baec62e2ce919ce3e79", 0xb5, &(0x7f0000000000), &(0x7f0000000180), &(0x7f0000000200)="16d929592ad6250eb9f223b73f5f33f52247d04c875608db7302a301aa2e74dac64526d43f6cd6a2db6153cbe63d40fff4072b3bd8e531fa9a4ca0d34f0468c561d2daa1f9e005eb1511dc75b0ac23181ae272a129a772660098ba381476d38639534332357bb97e97bd1fa601ad1a93e6899bfe8473a1aa5ff09faf478b117f024de7715eb16a6bf3adf82766af70c49dfcf0749dee1861954a3e94019c647264f7057938467db2f9674904347f6b50812e7e8eb682ebf8f47e2addef00f4d42d00ca86ff5897f1478678e3ddb2e5ab57888b28503b5ac5c5d43b4529ad24742545901b98")
setsockopt$inet6_int(r1, 0x29, 0x46, 0x0, 0x0)
mkdir(&(0x7f0000000300)='./file0\x00', 0x0)
mount(0x0, &(0x7f0000000140)='./file0\x00', &(0x7f0000000000)='configfs\x00', 0x0, 0x0)
mount$fuse(0x0, &(0x7f0000000440)='./file0/file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa\x00', 0x0, 0x0, 0x0)
connect$inet6(r1, &(0x7f0000000080), 0x1c)
r2 = socket$nl_generic(0x10, 0x3, 0x10)
ioctl$sock_SIOCGIFINDEX_80211(r2, 0x8933, &(0x7f0000000400)={'wlan0\x00', <r3=>0x0})
r4 = syz_genetlink_get_family_id$nl80211(&(0x7f0000000180), 0xffffffffffffffff)
sendmsg$NL80211_CMD_TRIGGER_SCAN(r2, &(0x7f0000000e80)={0x0, 0x0, &(0x7f0000000e40)={&(0x7f0000000ec0)={0x30, r4, 0x1, 0x70bd2b, 0x25dfdbfb, {{}, {@val={0x8, 0x3, r3}, @void}}, [@NL80211_ATTR_SCAN_SSIDS={0x14, 0x2d, 0x0, 0x1, [{0xa, 0x0, @default_ibss_ssid}, {0x4}]}]}, 0x30}, 0x1, 0x0, 0x0, 0x24004084}, 0x40000)
r5 = open(&(0x7f0000000380)='./file1\x00', 0x109042, 0x0)
r6 = bpf$PROG_LOAD(0x5, &(0x7f000000e000)={0xe, 0x4, &(0x7f0000000540)=ANY=[@ANYBLOB="b4050000fdff7f006110580000000000c60000000000000095000000000000009f33ef60916e6e713f1eeb0b725ad99b817fd98cd824498949714ffaac8a6f770600dcca55f21f3ca9e822d182054d54d53cd2b6db714e4beb5447000001000000008f2b9000f22425e4097ed62cbc891061017cfa6fa26fa7088c60897d4a6148a1c1e43f00001bde60beac671e8e8fdecb03588aa623fa71f31bf0f871ab5c2ff88afc60027f4e5b5271ed58e835cf0d0000000098b51fe6b1b8d9dbe87dcff414ed000000000000000000000000000000000000000000000000000000b347abe6352a080f8140e5fd10747b6ecdb3540546bf636e3d6e700e5b0500000000000000eb9e1403e6c8f7a187eaf60f3a17f0f046a307a403c19d9829c90bd2114252581567acae715cbe1b57d5cda432c5b910400623d24195405f2e76ccb7b37b41215c184e731fb1"], &(0x7f0000003ff6)='GPL\x00', 0x4, 0xfd90, &(0x7f000000cf3d)=""/195, 0x0, 0x0, '\x00', 0x0, @sk_skb, 0xffffffffffffffff, 0x8, &(0x7f0000000000), 0x366, 0x10, &(0x7f0000000000), 0x1dd}, 0x48)
r7 = bpf$MAP_CREATE(0x0, &(0x7f0000000200)=@base={0xf, 0x4, 0x4, 0x12}, 0x48)
r8 = bpf$BPF_LINK_CREATE(0x1c, &(0x7f00000001c0)={r6, r7, 0x26, 0x0, @void}, 0x10)
bpf$LINK_DETACH(0x22, &(0x7f0000000400)=r8, 0x4)
bpf$LINK_DETACH(0x22, &(0x7f00000002c0)=r8, 0x4)
fallocate(r5, 0x0, 0x7ffffffffffffffe, 0x7000000)
bind$vsock_stream(r5, &(0x7f0000000300)={0x28, 0x0, 0x2711, @my=0x0}, 0x10)
r9 = socket$inet6_udplite(0xa, 0x2, 0x88)
bind$inet6(r9, &(0x7f0000000080)={0xa, 0x4e21, 0x5, @loopback, 0x4}, 0x1c)
connect$inet6(r9, &(0x7f00000000c0)={0xa, 0x4e21, 0x659, @empty, 0xff}, 0x1c)
setsockopt$inet6_IPV6_ADDRFORM(r9, 0x29, 0x1, &(0x7f0000000100), 0x4)
socket$nl_netfilter(0x10, 0x3, 0xc)

17.765893ms ago: executing program 4 (id=1125):
r0 = syz_usb_connect$hid(0x5, 0x36, &(0x7f00000002c0)={{0x12, 0x1, 0x200, 0x0, 0x0, 0x0, 0x20, 0x56a, 0x94, 0x0, 0x0, 0x0, 0x0, 0x1, [{{0x9, 0x2, 0x24, 0x1, 0x0, 0x0, 0x20, 0x0, [{{0x9, 0x4, 0x0, 0x80, 0x3, 0x3, 0x0, 0x0, 0x0, {0x9, 0x21, 0x5, 0x2, 0x1, {0x22, 0x5}}, {{{0x9, 0x5, 0x81, 0x3, 0x200, 0x0, 0x3}}}}}]}}]}}, 0x0)
pipe2$watch_queue(0x0, 0x80)
r1 = add_key$keyring(0x0, 0x0, 0x0, 0x0, 0xffffffffffffffff)
socketpair$unix(0x1, 0x3, 0x0, &(0x7f0000000080)={<r2=>0xffffffffffffffff})
ioctl$FS_IOC_SETFLAGS(r2, 0x40086602, &(0x7f00000000c0)=0x2000000)
keyctl$KEYCTL_WATCH_KEY(0x20, r1, 0xffffffffffffffff, 0xb0)
syz_usb_control_io$hid(r0, 0x0, 0x0)
syz_usb_control_io$hid(r0, &(0x7f0000000040)={0x24, 0x0, 0x0, &(0x7f0000000080)={0x0, 0x22, 0x3, {[@global=@item_012={0x0, 0x1, 0x3}, @global=@item_012={0x1, 0x1, 0x4, ','}]}}, 0x0}, 0x0)
add_key$fscrypt_provisioning(&(0x7f00000000c0), &(0x7f0000000100)={'syz', 0x1}, &(0x7f0000000140)={0x3, 0x0, @a}, 0x48, r1)
r3 = openat$uinput(0xffffffffffffff9c, &(0x7f0000000000), 0x2, 0x0)
lseek(r3, 0x25e, 0x0)

0s ago: executing program 6 (id=1126):
openat$audio(0xffffffffffffff9c, &(0x7f0000000000), 0x440, 0x0)
socket$inet_udp(0x2, 0x2, 0x0)
socket$nl_generic(0x10, 0x3, 0x10)
socket$inet6_tcp(0xa, 0x1, 0x0)
prlimit64(0x0, 0xe, &(0x7f00000007c0)={0x8, 0x88}, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000080)=0x8)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
openat$sequencer(0xffffffffffffff9c, &(0x7f0000000300), 0x0, 0x0)
r0 = syz_open_dev$sndmidi(&(0x7f00000004c0), 0x2, 0x141102)
openat$procfs(0xffffffffffffff9c, &(0x7f0000000000)='/proc/mdstat\x00', 0x0, 0x0)
writev(r0, &(0x7f0000000840)=[{&(0x7f00000002c0)="94", 0xf000}, {0x0}], 0x2)
pselect6(0x40, &(0x7f0000000000)={0x6, 0x2, 0x8000000000000000, 0x0, 0x2, 0x0, 0x100, 0x10001003}, 0x0, &(0x7f00000002c0)={0x3ff, 0x8, 0x1000000000, 0x689, 0x2, 0x3ffffffffd, 0x2, 0x7}, 0x0, 0x0)
add_key(&(0x7f0000000040)='rxrpc\x00', 0x0, &(0x7f0000000100)="01000000a0caccf05a94a66bb55a2a630b00c145f94cd977", 0xf0e4, 0xffffffffffffffff)
openat$audio(0xffffffffffffff9c, &(0x7f0000000000), 0x440, 0x0) (async)
socket$inet_udp(0x2, 0x2, 0x0) (async)
socket$nl_generic(0x10, 0x3, 0x10) (async)
socket$inet6_tcp(0xa, 0x1, 0x0) (async)
prlimit64(0x0, 0xe, &(0x7f00000007c0)={0x8, 0x88}, 0x0) (async)
sched_setscheduler(0x0, 0x2, &(0x7f0000000080)=0x8) (async)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0) (async)
openat$sequencer(0xffffffffffffff9c, &(0x7f0000000300), 0x0, 0x0) (async)
syz_open_dev$sndmidi(&(0x7f00000004c0), 0x2, 0x141102) (async)
openat$procfs(0xffffffffffffff9c, &(0x7f0000000000)='/proc/mdstat\x00', 0x0, 0x0) (async)
writev(r0, &(0x7f0000000840)=[{&(0x7f00000002c0)="94", 0xf000}, {0x0}], 0x2) (async)
pselect6(0x40, &(0x7f0000000000)={0x6, 0x2, 0x8000000000000000, 0x0, 0x2, 0x0, 0x100, 0x10001003}, 0x0, &(0x7f00000002c0)={0x3ff, 0x8, 0x1000000000, 0x689, 0x2, 0x3ffffffffd, 0x2, 0x7}, 0x0, 0x0) (async)
add_key(&(0x7f0000000040)='rxrpc\x00', 0x0, &(0x7f0000000100)="01000000a0caccf05a94a66bb55a2a630b00c145f94cd977", 0xf0e4, 0xffffffffffffffff) (async)

kernel console output (not intermixed with test programs):

hcd
[  246.177794][ T5905] usb 2-1: Using ep0 maxpacket: 8
[  246.210318][ T7316] fuse: Bad value for 'fd'
[  246.217607][ T5905] usb 2-1: config 2 has an invalid interface number: 31 but max is 0
[  246.249785][ T5905] usb 2-1: config 2 has no interface number 0
[  246.257838][ T5905] usb 2-1: config 2 interface 31 has no altsetting 0
[  246.289024][ T5905] usb 2-1: New USB device found, idVendor=1a86, idProduct=e092, bcdDevice=53.3f
[  246.316136][ T5905] usb 2-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  246.319897][   T24] usb 3-1: new high-speed USB device number 12 using dummy_hcd
[  246.336442][ T5905] usb 2-1: Product: syz
[  246.349751][ T5905] usb 2-1: Manufacturer: syz
[  246.354471][ T5905] usb 2-1: SerialNumber: syz
[  246.533948][ T7322] [U] 
[  246.542640][ T7323] IPVS: set_ctl: invalid protocol: 25647 47.116.116.121:28786
[  247.109774][   T24] usb 3-1: Using ep0 maxpacket: 16
[  247.117801][   T24] usb 3-1: config 0 has an invalid interface number: 8 but max is 0
[  247.211752][   T24] usb 3-1: config 0 has no interface number 0
[  247.217985][   T24] usb 3-1: config 0 interface 8 altsetting 0 endpoint 0x8F has an invalid bInterval 0, changing to 7
[  247.238855][   T24] usb 3-1: config 0 interface 8 altsetting 0 endpoint 0x8F has invalid wMaxPacketSize 0
[  247.252197][   T24] usb 3-1: New USB device found, idVendor=0d8c, idProduct=000e, bcdDevice=8e.8f
[  247.268363][   T24] usb 3-1: New USB device strings: Mfr=0, Product=24, SerialNumber=3
[  247.303112][   T24] usb 3-1: Product: syz
[  247.328135][   T24] usb 3-1: SerialNumber: syz
[  247.362199][   T24] usb 3-1: config 0 descriptor??
[  247.380869][   T24] cm109 3-1:0.8: invalid payload size 0, expected 4
[  247.403111][   T24] input: CM109 USB driver as /devices/platform/dummy_hcd.2/usb3/3-1/3-1:0.8/input/input8
[  247.419194][ T7334] warning: `syz.3.351' uses wireless extensions which will stop working for Wi-Fi 7 hardware; use nl80211
[  247.514319][ T7328] delete_channel: no stack
[  247.595583][ T7315] syz_tun: entered allmulticast mode
[  247.617538][ T7315] dvmrp1: entered allmulticast mode
[  247.647639][ T7314] syz_tun: left allmulticast mode
[  247.672260][    C1] cm109 3-1:0.8: cm109_urb_ctl_callback: urb status -71
[  247.673142][ T5921] usb 3-1: USB disconnect, device number 12
[  247.679528][    C1] cm109 3-1:0.8: cm109_submit_buzz_toggle: usb_submit_urb (urb_ctl) failed -19
[  247.734053][ T5921] cm109 3-1:0.8: cm109_toggle_buzzer_sync: usb_control_msg() failed -19
[  248.653365][ T5905] ch9200 2-1:2.31: probe with driver ch9200 failed with error -22
[  249.606465][ T5905] usb 2-1: USB disconnect, device number 9
[  251.756535][ T7381] comedi comedi0: comedi_config --init_data is deprecated
[  252.304668][ T7388] overlay: ./file0 is not a directory
[  252.610154][ T7392] ipvlan2: entered promiscuous mode
[  254.154941][ T7392] syz.2.365 (7392) used greatest stack depth: 19616 bytes left
[  254.285063][ T7404] netlink: 12 bytes leftover after parsing attributes in process `syz.4.368'.
[  254.369646][ T7409] netlink: 'syz.3.372': attribute type 8 has an invalid length.
[  256.074602][ T1301] ieee802154 phy0 wpan0: encryption failed: -22
[  256.108051][ T7426] tmpfs: Unknown parameter 'grpquotañinode_hardlimit'
[  256.195761][ T1301] ieee802154 phy1 wpan1: encryption failed: -22
[  257.043867][ T7437] netlink: 8 bytes leftover after parsing attributes in process `syz.4.377'.
[  257.099012][ T7437] netlink: 'syz.4.377': attribute type 39 has an invalid length.
[  259.689652][   T10] usb 4-1: new full-speed USB device number 6 using dummy_hcd
[  259.959774][ T7471] 9pnet_fd: Insufficient options for proto=fd
[  259.971751][   T10] usb 4-1: config 27 interface 0 altsetting 0 has an endpoint descriptor with address 0xBA, changing to 0x8A
[  260.113192][   T10] usb 4-1: config 27 interface 0 altsetting 0 endpoint 0x8A has invalid maxpacket 127, setting to 64
[  260.389575][   T10] usb 4-1: config 27 interface 0 altsetting 0 endpoint 0xB has an invalid bInterval 0, changing to 10
[  260.413574][   T10] usb 4-1: config 27 interface 0 altsetting 0 endpoint 0xB has invalid wMaxPacketSize 0
[  260.442355][   T10] usb 4-1: New USB device found, idVendor=0582, idProduct=0014, bcdDevice=bf.9d
[  260.499070][   T10] usb 4-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  260.587534][ T7453] raw-gadget.0 gadget.3: fail, usb_ep_enable returned -22
[  260.612573][   T10] usb 4-1: Quirk or no altset; falling back to MIDI 1.0
[  260.867942][ T6197] Bluetooth: hci5: Frame reassembly failed (-84)
[  261.037614][   T10] snd-usb-audio 4-1:27.0: probe with driver snd-usb-audio failed with error -12
[  261.227710][ T7487] hub 8-0:1.0: USB hub found
[  261.237148][ T7487] hub 8-0:1.0: 1 port detected
[  261.490919][   T10] usb 4-1: USB disconnect, device number 6
[  262.372058][   T10] usb 4-1: new high-speed USB device number 7 using dummy_hcd
[  262.604178][   T10] usb 4-1: config 0 interface 0 altsetting 0 has an endpoint descriptor with address 0xFF, changing to 0x8F
[  262.616274][   T10] usb 4-1: config 0 interface 0 altsetting 0 endpoint 0x8F has an invalid bInterval 0, changing to 7
[  262.628117][   T10] usb 4-1: config 0 interface 0 altsetting 0 endpoint 0x8F has invalid wMaxPacketSize 0
[  262.655258][   T10] usb 4-1: config 0 interface 0 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 21
[  262.678786][   T10] usb 4-1: New USB device found, idVendor=047f, idProduct=ffff, bcdDevice= 0.00
[  262.688968][   T10] usb 4-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  262.703003][   T10] usb 4-1: config 0 descriptor??
[  262.843922][   T24] usb 1-1: new high-speed USB device number 12 using dummy_hcd
[  262.850894][ T7509] netlink: 28 bytes leftover after parsing attributes in process `syz.4.397'.
[  262.870304][ T5844] Bluetooth: hci5: Opcode 0x1003 failed: -110
[  263.138402][   T10] plantronics 0003:047F:FFFF.0003: unknown main item tag 0x3
[  263.158043][   T10] plantronics 0003:047F:FFFF.0003: unbalanced collection at end of report description
[  263.177022][ T7514] netlink: 4 bytes leftover after parsing attributes in process `syz.2.400'.
[  263.203704][ T7514] netlink: 13740 bytes leftover after parsing attributes in process `syz.2.400'.
[  263.219394][   T24] usb 1-1: Using ep0 maxpacket: 32
[  263.233432][   T24] usb 1-1: New USB device found, idVendor=0cf2, idProduct=6250, bcdDevice=10.ae
[  263.251238][   T24] usb 1-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  263.260745][   T10] plantronics 0003:047F:FFFF.0003: parse failed
[  263.266607][   T24] usb 1-1: Product: syz
[  263.272068][   T24] usb 1-1: Manufacturer: syz
[  263.276716][   T24] usb 1-1: SerialNumber: syz
[  263.283942][   T10] plantronics 0003:047F:FFFF.0003: probe with driver plantronics failed with error -22
[  263.286116][   T24] usb 1-1: config 0 descriptor??
[  263.466653][ T7519] xt_hashlimit: max too large, truncated to 1048576
[  263.537614][   T24] ums_eneub6250 1-1:0.0: USB Mass Storage device detected
[  264.079256][   T10] usb 4-1: USB disconnect, device number 7
[  264.103684][ T7516] overlay: ./file0 is not a directory
[  264.150322][   T24] usb 1-1: USB disconnect, device number 12
[  264.358621][ T7527] GUP no longer grows the stack in syz.2.402 (7527): 200000005000-200000008000 (200000004000)
[  264.369535][ T7527] CPU: 1 UID: 0 PID: 7527 Comm: syz.2.402 Not tainted 6.16.0-syzkaller #0 PREEMPT(full) 
[  264.369562][ T7527] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 07/12/2025
[  264.369574][ T7527] Call Trace:
[  264.369590][ T7527]  <TASK>
[  264.369599][ T7527]  dump_stack_lvl+0x189/0x250
[  264.369631][ T7527]  ? __pfx_dump_stack_lvl+0x10/0x10
[  264.369653][ T7527]  ? __pfx__printk+0x10/0x10
[  264.369675][ T7527]  ? find_vma+0xe7/0x160
[  264.369711][ T7527]  fixup_user_fault+0x661/0x720
[  264.369746][ T7527]  fault_in_user_writeable+0x72/0xe0
[  264.369771][ T7527]  futex_lock_pi+0x283/0xa60
[  264.369807][ T7527]  ? __pfx_futex_lock_pi+0x10/0x10
[  264.369830][ T7527]  ? _raw_spin_unlock_irqrestore+0xad/0x110
[  264.369894][ T7527]  ? __pfx_futex_wake_mark+0x10/0x10
[  264.369939][ T7527]  ? __pfx_userfaultfd_unmap_complete+0x10/0x10
[  264.369977][ T7527]  do_futex+0x292/0x420
[  264.370008][ T7527]  ? __pfx_do_futex+0x10/0x10
[  264.370032][ T7527]  ? __vm_munmap+0x301/0x3d0
[  264.370065][ T7527]  __se_sys_futex+0x36f/0x400
[  264.370097][ T7527]  ? __pfx___se_sys_futex+0x10/0x10
[  264.370122][ T7527]  ? fdget+0x184/0x1e0
[  264.370151][ T7527]  ? __x64_sys_futex+0x21/0xf0
[  264.370179][ T7527]  do_syscall_64+0xfa/0x3b0
[  264.370199][ T7527]  ? lockdep_hardirqs_on+0x9c/0x150
[  264.370218][ T7527]  ? entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  264.370236][ T7527]  ? clear_bhb_loop+0x60/0xb0
[  264.370260][ T7527]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  264.370278][ T7527] RIP: 0033:0x7f95dfd8ebe9
[  264.370297][ T7527] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[  264.370313][ T7527] RSP: 002b:00007f95ddfd5038 EFLAGS: 00000246 ORIG_RAX: 00000000000000ca
[  264.370334][ T7527] RAX: ffffffffffffffda RBX: 00007f95dffb6090 RCX: 00007f95dfd8ebe9
[  264.370347][ T7527] RDX: 00000000fffffffd RSI: 000000000000008d RDI: 0000200000004000
[  264.370360][ T7527] RBP: 00007f95dfe11e19 R08: 0000000000000000 R09: 0000000000000000
[  264.370372][ T7527] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000
[  264.370384][ T7527] R13: 00007f95dffb6128 R14: 00007f95dffb6090 R15: 00007ffd5fea0e18
[  264.370417][ T7527]  </TASK>
[  264.901393][ T7535] netlink: 20 bytes leftover after parsing attributes in process `syz.2.404'.
[  265.602279][ T7536] block nbd1: NBD_DISCONNECT
[  265.616317][ T7536] block nbd1: Disconnected due to user request.
[  265.635211][ T7536] block nbd1: shutting down sockets
[  266.267514][   T30] audit: type=1800 audit(1755900874.294:118): pid=7518 uid=0 auid=4294967295 ses=4294967295 subj=_ op=collect_data cause=failed comm="syz.1.399" name="/" dev="fuse" ino=1 res=0 errno=0
[  266.759717][   T24] usb 3-1: new high-speed USB device number 13 using dummy_hcd
[  266.855735][ T7559] tipc: Enabling of bearer <eth:syzkaller0> rejected, failed to enable media
[  266.981179][   T24] usb 3-1: config 0 has an invalid interface number: 50 but max is 0
[  266.998039][   T24] usb 3-1: config 0 has no interface number 0
[  267.008797][   T24] usb 3-1: config 0 interface 50 altsetting 0 endpoint 0x82 has an invalid bInterval 0, changing to 7
[  267.024588][   T24] usb 3-1: config 0 interface 50 altsetting 0 endpoint 0x82 has invalid maxpacket 26470, setting to 1024
[  267.044142][   T24] usb 3-1: New USB device found, idVendor=0c45, idProduct=1010, bcdDevice=e6.fc
[  267.057409][   T24] usb 3-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  267.075191][   T24] usb 3-1: Product: syz
[  267.087012][   T24] usb 3-1: Manufacturer: syz
[  267.123048][   T24] usb 3-1: SerialNumber: syz
[  267.147919][   T24] usb 3-1: config 0 descriptor??
[  267.177579][ T7546] raw-gadget.0 gadget.2: fail, usb_ep_enable returned -22
[  267.262747][   T24] yurex 3-1:0.50: USB YUREX device now attached to Yurex #0
[  267.467746][   T24] usb 3-1: USB disconnect, device number 13
[  267.520811][   T24] yurex 3-1:0.50: USB YUREX #0 now disconnected
[  268.527688][ T7576] netlink: 12 bytes leftover after parsing attributes in process `syz.4.413'.
[  269.097852][ T7577] [U] „
[  269.733381][ T7584] input: syz0 as /devices/virtual/input/input10
[  270.982001][   T24] usb 4-1: new high-speed USB device number 8 using dummy_hcd
[  271.025567][ T7599] kvm: user requested TSC rate below hardware speed
[  271.071993][ T7599] kvm: user requested TSC rate below hardware speed
[  271.093349][ T7603] netlink: 'syz.2.421': attribute type 10 has an invalid length.
[  271.101384][ T7603] netlink: 40 bytes leftover after parsing attributes in process `syz.2.421'.
[  271.119834][ T7603] batadv0: entered promiscuous mode
[  271.125136][ T7603] batadv0: entered allmulticast mode
[  271.133341][ T7603] bridge0: port 3(batadv0) entered blocking state
[  271.140738][ T7603] bridge0: port 3(batadv0) entered disabled state
[  271.150597][ T7603] bridge0: port 3(batadv0) entered blocking state
[  271.157268][ T7603] bridge0: port 3(batadv0) entered forwarding state
[  271.165291][   T24] usb 4-1: Using ep0 maxpacket: 16
[  271.178306][ T7606] netlink: 168 bytes leftover after parsing attributes in process `syz.0.422'.
[  271.189927][   T24] usb 4-1: config 0 interface 0 altsetting 0 endpoint 0x83 has invalid maxpacket 10829, setting to 1024
[  271.216331][ T7605] netlink: 168 bytes leftover after parsing attributes in process `syz.0.422'.
[  271.229482][   T24] usb 4-1: config 0 interface 0 altsetting 0 bulk endpoint 0x83 has invalid maxpacket 1024
[  271.242673][   T24] usb 4-1: New USB device found, idVendor=134c, idProduct=0002, bcdDevice=ec.7e
[  271.264508][   T24] usb 4-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  271.279383][   T24] usb 4-1: Product: syz
[  271.289427][   T24] usb 4-1: Manufacturer: syz
[  271.295951][   T24] usb 4-1: SerialNumber: syz
[  271.339708][   T24] usb 4-1: config 0 descriptor??
[  271.359588][ T7591] raw-gadget.0 gadget.3: fail, usb_ep_enable returned -22
[  271.401684][   T24] hub 4-1:0.0: bad descriptor, ignoring hub
[  271.407696][   T24] hub 4-1:0.0: probe with driver hub failed with error -5
[  271.517203][   T24] input: syz syz as /devices/platform/dummy_hcd.3/usb4/4-1/4-1:0.0/input/input11
[  271.528187][ T6225] batman_adv: batadv0: No IGMP Querier present - multicast optimizations disabled
[  271.538228][ T6225] batman_adv: batadv0: No MLD Querier present - multicast optimizations disabled
[  271.760271][    C1] usbtouchscreen 4-1:0.0: usbtouch_irq - usb_submit_urb failed with result: -1
[  275.939359][   T43] usb 4-1: USB disconnect, device number 8
[  276.401879][ T7632] bridge0: port 2(bridge_slave_1) entered disabled state
[  276.410354][ T7632] bridge0: port 1(bridge_slave_0) entered disabled state
[  280.359953][ T7646] usb usb7: usbfs: process 7646 (syz.1.432) did not claim interface 0 before use
[  284.523438][   T10] usb 3-1: new full-speed USB device number 14 using dummy_hcd
[  286.065275][ T7681] netlink: 12 bytes leftover after parsing attributes in process `syz.4.440'.
[  286.599995][ T5905] usb 2-1: new high-speed USB device number 10 using dummy_hcd
[  286.831412][ T7677] overlayfs: missing 'lowerdir'
[  286.969842][ T5905] usb 2-1: Using ep0 maxpacket: 32
[  287.026045][ T5905] usb 2-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config
[  287.053365][ T5905] usb 2-1: config 0 interface 0 altsetting 0 has 0 endpoint descriptors, different from the interface descriptor's value: 3
[  287.152195][ T5905] usb 2-1: New USB device found, idVendor=413c, idProduct=819b, bcdDevice=a7.c0
[  287.227487][ T5905] usb 2-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  287.270505][ T5905] usb 2-1: Product: syz
[  287.299529][ T5905] usb 2-1: Manufacturer: syz
[  287.543398][ T5905] usb 2-1: SerialNumber: syz
[  287.626424][ T5905] usb 2-1: config 0 descriptor??
[  287.670701][ T7698] trusted_key: encrypted_key: insufficient parameters specified
[  287.842256][ T7704] netlink: 12 bytes leftover after parsing attributes in process `syz.0.449'.
[  287.897137][ T7704] block device autoloading is deprecated and will be removed.
[  287.906477][ T7704] syz.0.449: attempt to access beyond end of device
[  287.906477][ T7704] md0: rw=2048, sector=0, nr_sectors = 8 limit=0
[  288.226956][ T7713] netlink: 'syz.2.451': attribute type 10 has an invalid length.
[  288.419028][ T7722] genirq: Flags mismatch irq 31. 00200000 (comedi_parport) vs. 00200000 (virtio1-input.0)
[  288.559748][ T5905] qmi_wwan 2-1:0.0: probe with driver qmi_wwan failed with error -22
[  288.681622][ T5921] usb 1-1: new high-speed USB device number 14 using dummy_hcd
[  288.696070][ T5905] usb 2-1: USB disconnect, device number 10
[  288.879366][ T5921] usb 1-1: Using ep0 maxpacket: 32
[  289.520356][ T5921] usb 1-1: config 1 has an invalid descriptor of length 1, skipping remainder of the config
[  289.520386][ T5921] usb 1-1: config 1 has 1 interface, different from the descriptor's value: 3
[  289.571131][ T5921] usb 1-1: New USB device found, idVendor=1d6b, idProduct=0101, bcdDevice= 0.40
[  289.571166][ T5921] usb 1-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  289.571187][ T5921] usb 1-1: Product: syz
[  289.571203][ T5921] usb 1-1: Manufacturer: syz
[  289.571219][ T5921] usb 1-1: SerialNumber: syz
[  289.781488][ T7716] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy
[  289.781721][ T7716] misc raw-gadget: fail, usb_gadget_register_driver returned -16
[  289.791940][ T7739] netlink: 12 bytes leftover after parsing attributes in process `syz.2.457'.
[  289.880119][ T5921] usb 1-1: 0:2 : does not exist
[  290.216621][ T5921] usb 1-1: USB disconnect, device number 14
[  290.927675][ T7755] sctp: failed to load transform for md5: -2
[  291.258428][ T7749] bridge0: port 2(bridge_slave_1) entered disabled state
[  291.265803][ T7749] bridge0: port 1(bridge_slave_0) entered disabled state
[  292.608732][ T7749] batman_adv: batadv0: Interface deactivated: batadv_slave_0
[  292.644068][ T7749] batman_adv: batadv0: Interface deactivated: batadv_slave_1
[  293.101191][ T7749] netdevsim netdevsim4 netdevsim0: unset [1, 0] type 2 family 0 port 6081 - 0
[  293.111895][ T7749] netdevsim netdevsim4 netdevsim1: unset [1, 0] type 2 family 0 port 6081 - 0
[  293.126227][ T7749] netdevsim netdevsim4 netdevsim2: unset [1, 0] type 2 family 0 port 6081 - 0
[  293.139154][ T7749] netdevsim netdevsim4 netdevsim3: unset [1, 0] type 2 family 0 port 6081 - 0
[  293.355804][ T1218] usb 1-1: new full-speed USB device number 15 using dummy_hcd
[  293.396792][ T7764] syzkaller0: entered promiscuous mode
[  293.402695][ T7764] syzkaller0: entered allmulticast mode
[  293.531323][ T1218] usb 1-1: config 1 has an invalid descriptor of length 0, skipping remainder of the config
[  293.599802][ T1218] usb 1-1: config 1 has 1 interface, different from the descriptor's value: 3
[  293.995978][ T1218] usb 1-1: New USB device found, idVendor=1d6b, idProduct=0101, bcdDevice= 0.00
[  294.007260][ T1218] usb 1-1: New USB device strings: Mfr=0, Product=0, SerialNumber=3
[  294.057279][ T1218] usb 1-1: SerialNumber: syz
[  294.087029][ T1218] usb 1-1: 0:2 : does not exist
[  294.224478][ T7786] netlink: 60 bytes leftover after parsing attributes in process `syz.3.469'.
[  296.063947][ T7786] netdevsim netdevsim3 netdevsim0: entered promiscuous mode
[  296.072539][ T7786] macvtap1: entered allmulticast mode
[  296.088708][ T7786] netdevsim netdevsim3 netdevsim0: entered allmulticast mode
[  296.108124][ T7786] netdevsim netdevsim3 netdevsim0: left allmulticast mode
[  296.116656][ T7786] netdevsim netdevsim3 netdevsim0: left promiscuous mode
[  296.292551][ T1218] usb 1-1: USB disconnect, device number 15
[  298.483126][ T7822] input: syz0 as /devices/virtual/input/input13
[  300.025692][ T7833] tipc: Enabling of bearer <eth:syzkaller0> rejected, failed to enable media
[  300.083354][ T7833] IPv4: Oversized IP packet from 172.20.20.170
[  300.092859][    C0] IPv4: Oversized IP packet from 172.20.20.170
[  300.100435][    C0] IPv4: Oversized IP packet from 172.20.20.170
[  300.108605][ T7833] IPv4: Oversized IP packet from 172.20.20.170
[  300.115734][    C0] IPv4: Oversized IP packet from 172.20.20.170
[  300.122300][    C0] IPv4: Oversized IP packet from 172.20.20.170
[  300.159947][ T7833] IPv4: Oversized IP packet from 172.20.20.170
[  300.169373][    C0] IPv4: Oversized IP packet from 172.20.20.170
[  300.176395][    C0] IPv4: Oversized IP packet from 172.20.20.170
[  300.203896][ T7833] IPv4: Oversized IP packet from 172.20.20.170
[  300.211525][ T7837] mmap: syz.2.482 (7837) uses deprecated remap_file_pages() syscall. See Documentation/mm/remap_file_pages.rst.
[  300.272007][ T7841] netlink: 12 bytes leftover after parsing attributes in process `syz.4.484'.
[  300.539697][   T24] usb 4-1: new full-speed USB device number 9 using dummy_hcd
[  300.829461][   T24] usb 4-1: not running at top speed; connect to a high speed hub
[  300.855640][   T24] usb 4-1: config 9 has an invalid interface number: 233 but max is 1
[  300.877230][   T24] usb 4-1: config 9 has an invalid interface number: 158 but max is 1
[  300.896486][   T24] usb 4-1: config 9 contains an unexpected descriptor of type 0x1, skipping
[  300.907288][   T24] usb 4-1: config 9 has no interface number 0
[  300.916877][   T24] usb 4-1: config 9 has no interface number 1
[  300.924825][   T24] usb 4-1: config 9 interface 158 altsetting 255 endpoint 0xD has invalid maxpacket 1024, setting to 64
[  300.939186][   T24] usb 4-1: config 9 interface 158 altsetting 255 has a duplicate endpoint with address 0xE, skipping
[  300.969899][   T24] usb 4-1: config 9 interface 158 altsetting 255 endpoint 0x5 has invalid maxpacket 1023, setting to 64
[  300.994136][   T24] usb 4-1: config 9 interface 158 altsetting 255 has an invalid descriptor for endpoint zero, skipping
[  301.015926][   T24] usb 4-1: config 9 interface 158 altsetting 255 has a duplicate endpoint with address 0x6, skipping
[  301.037253][   T24] usb 4-1: config 9 interface 158 altsetting 255 has an invalid descriptor for endpoint zero, skipping
[  301.064751][   T24] usb 4-1: config 9 interface 158 altsetting 255 has an invalid descriptor for endpoint zero, skipping
[  301.133344][   T24] usb 4-1: config 9 interface 233 has no altsetting 0
[  301.154714][   T24] usb 4-1: config 9 interface 158 has no altsetting 0
[  301.177995][   T24] usb 4-1: New USB device found, idVendor=1546, idProduct=1342, bcdDevice=97.34
[  301.219173][   T24] usb 4-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  301.237707][   T24] usb 4-1: Product: 몃毺暧ম۷ᦕᳶ氪冻♫˟�嶋懅ไ羘繮푅က䎠ᔙ컕汷㠉䰔曂㴜㕯��傃㱹毆�ൗ窗�㜉蓿᷼䜾蘃桫㞬୒痌ᑴ�ʶ횭鰪瑴ț숋�텧榜蹫ព臩㹂迵鈠誎
[  301.278346][   T24] usb 4-1: Manufacturer: �
[  301.284246][   T24] usb 4-1: SerialNumber: à  
[  303.121435][   T24] option 4-1:9.233: GSM modem (1-port) converter detected
[  303.295763][   T24] option 4-1:9.158: GSM modem (1-port) converter detected
[  303.396643][   T24] usb 4-1: USB disconnect, device number 9
[  303.439146][   T24] option 4-1:9.233: device disconnected
[  303.508614][   T24] option 4-1:9.158: device disconnected
[  303.609696][ T7772] usb 3-1: new high-speed USB device number 15 using dummy_hcd
[  304.099614][ T7772] usb 3-1: Using ep0 maxpacket: 8
[  304.241994][ T7772] usb 3-1: config 1 has 1 interface, different from the descriptor's value: 7
[  304.292680][ T7772] usb 3-1: New USB device found, idVendor=082d, idProduct=0100, bcdDevice=70.4b
[  304.326517][ T7772] usb 3-1: New USB device strings: Mfr=44, Product=2, SerialNumber=3
[  304.359644][ T7772] usb 3-1: Product: syz
[  304.372882][ T7864] ceph: No mds server is up or the cluster is laggy
[  304.374616][ T7772] usb 3-1: Manufacturer: syz
[  304.380226][ T7869] ceph: No mds server is up or the cluster is laggy
[  304.602418][ T7772] usb 3-1: SerialNumber: syz
[  305.334762][ T7772] usb 3-1: Invalid connection information received from device
[  305.538871][ T5931] usb 3-1: USB disconnect, device number 15
[  305.954530][ T7898] netlink: 24 bytes leftover after parsing attributes in process `syz.4.495'.
[  306.129448][ T7905] netlink: 12 bytes leftover after parsing attributes in process `syz.3.496'.
[  306.682967][    T9] usb 5-1: new high-speed USB device number 10 using dummy_hcd
[  306.696130][ T7915] block device autoloading is deprecated and will be removed.
[  306.902069][    T9] usb 5-1: config 0 interface 0 altsetting 251 endpoint 0x9 has invalid wMaxPacketSize 0
[  306.999810][    T9] usb 5-1: config 0 interface 0 has no altsetting 0
[  307.142183][    T9] usb 5-1: New USB device found, idVendor=045e, idProduct=0283, bcdDevice=99.0b
[  307.283800][    T9] usb 5-1: New USB device strings: Mfr=1, Product=228, SerialNumber=2
[  307.439531][    T9] usb 5-1: Product: syz
[  307.476435][    T9] usb 5-1: Manufacturer: syz
[  307.488781][    T9] usb 5-1: SerialNumber: syz
[  307.513205][    T9] usb 5-1: config 0 descriptor??
[  307.542581][    T9] usb 5-1: selecting invalid altsetting 0
[  307.575044][ T7924] net_ratelimit: 16 callbacks suppressed
[  307.575066][ T7924] A link change request failed with some changes committed already. Interface lo may have been left with an inconsistent configuration, please check.
[  307.637660][ T7909] Bluetooth: hci1: Opcode 0x0c1a failed: -4
[  307.681015][ T7909] Bluetooth: hci1: Opcode 0x0406 failed: -4
[  307.966771][ T7909] Bluetooth: hci0: Opcode 0x0c1a failed: -4
[  307.994201][ T7909] Bluetooth: hci0: Opcode 0x0406 failed: -4
[  308.050616][ T7909] Bluetooth: hci2: Opcode 0x0c1a failed: -4
[  308.087860][ T7909] Bluetooth: hci2: Opcode 0x0406 failed: -4
[  308.281544][ T7909] Bluetooth: hci3: Opcode 0x0c1a failed: -4
[  308.315101][ T7909] Bluetooth: hci3: Opcode 0x0406 failed: -4
[  308.331129][ T7909] Bluetooth: hci4: Opcode 0x0c1a failed: -4
[  308.433015][ T7946] netlink: 12 bytes leftover after parsing attributes in process `syz.2.508'.
[  309.697488][ T5844] Bluetooth: hci1: command 0x0406 tx timeout
[  310.111759][ T7962] xt_hashlimit: max too large, truncated to 1048576
[  310.138659][ T5844] Bluetooth: hci2: command 0x0406 tx timeout
[  310.138673][ T5857] Bluetooth: hci0: command 0x0406 tx timeout
[  310.309607][ T5844] Bluetooth: hci3: command 0x0406 tx timeout
[  310.389807][ T5844] Bluetooth: hci4: command 0x0406 tx timeout
[  311.361514][ T5931] usb 5-1: USB disconnect, device number 10
[  311.750499][ T5841] Bluetooth: hci1: command 0x0406 tx timeout
[  312.149376][ T5857] Bluetooth: hci0: command 0x0406 tx timeout
[  312.229531][ T5857] Bluetooth: hci2: command 0x0406 tx timeout
[  312.431719][ T5857] Bluetooth: hci3: command 0x0406 tx timeout
[  313.924791][ T7998] netlink: 12 bytes leftover after parsing attributes in process `syz.2.521'.
[  314.580669][ T8007] Bluetooth: hci1: Opcode 0x0c1a failed: -4
[  314.597952][ T8007] Bluetooth: hci0: Opcode 0x0c1a failed: -4
[  314.745016][ T8016] xt_hashlimit: max too large, truncated to 1048576
[  315.390720][ T8007] Bluetooth: hci2: Opcode 0x0c1a failed: -4
[  315.397168][ T8007] Bluetooth: hci3: Opcode 0x0c1a failed: -4
[  315.471518][ T8007] Bluetooth: hci4: Opcode 0x0c1a failed: -4
[  315.889731][ T5931] usb 5-1: new high-speed USB device number 11 using dummy_hcd
[  316.191289][ T5931] usb 5-1: device descriptor read/64, error -71
[  316.470817][ T5931] usb 5-1: new high-speed USB device number 12 using dummy_hcd
[  316.549521][ T5983] usb 3-1: new high-speed USB device number 16 using dummy_hcd
[  316.629508][ T5857] Bluetooth: hci0: command 0x0406 tx timeout
[  316.629663][ T5844] Bluetooth: hci1: command 0x0406 tx timeout
[  316.789466][ T5844] Bluetooth: hci2: command 0x0406 tx timeout
[  316.802649][ T5983] usb 3-1: config 0 interface 0 altsetting 251 endpoint 0x9 has invalid wMaxPacketSize 0
[  316.823913][ T5983] usb 3-1: config 0 interface 0 has no altsetting 0
[  316.852012][ T5983] usb 3-1: New USB device found, idVendor=045e, idProduct=0283, bcdDevice=99.0b
[  316.879463][ T5983] usb 3-1: New USB device strings: Mfr=1, Product=228, SerialNumber=2
[  316.928260][ T5983] usb 3-1: Product: syz
[  316.989317][ T5983] usb 3-1: Manufacturer: syz
[  316.998424][ T5983] usb 3-1: SerialNumber: syz
[  317.016859][ T5983] usb 3-1: config 0 descriptor??
[  317.026001][ T5983] usb 3-1: selecting invalid altsetting 0
[  317.429649][ T5844] Bluetooth: hci3: command 0x0406 tx timeout
[  317.515475][ T1301] ieee802154 phy0 wpan0: encryption failed: -22
[  317.522017][ T1301] ieee802154 phy1 wpan1: encryption failed: -22
[  317.528413][ T5844] Bluetooth: hci4: command 0x0406 tx timeout
[  319.489532][ T5931] usb 5-1: new high-speed USB device number 13 using dummy_hcd
[  319.659516][ T5931] usb 5-1: Using ep0 maxpacket: 32
[  319.666732][ T5931] usb 5-1: config 1 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7
[  319.677993][ T5931] usb 5-1: config 1 interface 0 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 2
[  319.727871][ T5931] usb 5-1: New USB device found, idVendor=05ac, idProduct=020f, bcdDevice= 0.22
[  319.741399][ T5931] usb 5-1: New USB device strings: Mfr=1, Product=130, SerialNumber=131
[  319.762337][ T5931] usb 5-1: Product: syz
[  319.771172][ T5931] usb 5-1: Manufacturer: syz
[  319.784963][ T5931] usb 5-1: SerialNumber: syz
[  319.821318][ T5931] input: appletouch as /devices/platform/dummy_hcd.4/usb5/5-1/5-1:1.0/input/input14
[  319.907049][ T8060] netlink: 12 bytes leftover after parsing attributes in process `syz.0.535'.
[  321.079437][ T5914] usb 2-1: new full-speed USB device number 11 using dummy_hcd
[  321.421993][ T7772] usb 3-1: USB disconnect, device number 16
[  321.956478][ T8076] loop1: detected capacity change from 0 to 7
[  321.969455][ T8076] Dev loop1: unable to read RDB block 7
[  321.975172][ T8076]  loop1: AHDI p4
[  321.985379][ T8076] loop1: partition table partially beyond EOD, truncated
[  323.155664][ T5931] usb 5-1: USB disconnect, device number 13
[  323.344052][ T5931] appletouch 5-1:1.0: input: appletouch disconnected
[  325.581805][ T8076] syz.0.541 (8076): drop_caches: 2
[  328.759965][ T7772] usb 3-1: new high-speed USB device number 17 using dummy_hcd
[  328.983523][ T7772] usb 3-1: config 0 descriptor has 1 excess byte, ignoring
[  329.106953][ T7772] usb 3-1: config 0 interface 0 altsetting 0 endpoint 0x9 has invalid wMaxPacketSize 0
[  329.169544][ T7772] usb 3-1: config 0 interface 0 altsetting 0 endpoint 0xA has an invalid bInterval 0, changing to 7
[  329.223328][ T7772] usb 3-1: config 0 interface 0 altsetting 0 endpoint 0xA has invalid maxpacket 50176, setting to 1024
[  329.250525][ T7772] usb 3-1: New USB device found, idVendor=045e, idProduct=0283, bcdDevice=99.0b
[  329.269528][ T7772] usb 3-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  329.278112][ T7772] usb 3-1: Product: syz
[  329.282782][ T7772] usb 3-1: Manufacturer: syz
[  329.288321][ T7772] usb 3-1: SerialNumber: syz
[  329.319215][ T7772] usb 3-1: config 0 descriptor??
[  329.368432][ T7772] usb 3-1: 0:0 : invalid sync pipe. is_playback 1, ep 0a, bSynchAddress f8
[  329.692033][ T8135] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy
[  329.702948][ T8135] misc raw-gadget: fail, usb_gadget_register_driver returned -16
[  330.332557][ T7772] usb 3-1: USB disconnect, device number 17
[  330.410889][ T8138] loop2: detected capacity change from 0 to 7
[  330.423125][ T8138] Dev loop2: unable to read RDB block 7
[  330.429031][ T8138]  loop2: AHDI p1 p2
[  330.438150][ T8138] loop2: partition table partially beyond EOD, truncated
[  330.445931][ T8138] loop2: p1 size 4244635647 extends beyond EOD, truncated
[  330.907985][ T8146] netdevsim netdevsim1 netdevsim0: set [0, 0] type 1 family 0 port 8472 - 0
[  330.917890][ T8146] netdevsim netdevsim1 netdevsim1: set [0, 0] type 1 family 0 port 8472 - 0
[  330.927074][ T8146] netdevsim netdevsim1 netdevsim2: set [0, 0] type 1 family 0 port 8472 - 0
[  330.935931][ T8146] netdevsim netdevsim1 netdevsim3: set [0, 0] type 1 family 0 port 8472 - 0
[  331.002959][ T8146] netdevsim netdevsim1 netdevsim0: unset [0, 0] type 1 family 0 port 8472 - 0
[  331.012373][ T8146] netdevsim netdevsim1 netdevsim1: unset [0, 0] type 1 family 0 port 8472 - 0
[  331.021578][ T8146] netdevsim netdevsim1 netdevsim2: unset [0, 0] type 1 family 0 port 8472 - 0
[  331.030542][ T8146] netdevsim netdevsim1 netdevsim3: unset [0, 0] type 1 family 0 port 8472 - 0
[  331.550122][ T8163] kvm: MONITOR instruction emulated as NOP!
[  331.787919][ T8171] iommufd_mock iommufd_mock0: Adding to iommu group 0
[  332.582311][ T8175] netlink: 'syz.4.566': attribute type 3 has an invalid length.
[  333.429891][ T8178] Cannot find del_set index 0 as target
[  333.436706][ T8183] netlink: 12 bytes leftover after parsing attributes in process `syz.0.567'.
[  333.996741][ T8187] overlayfs: failed to resolve './file1': -2
[  334.239382][    T9] usb 3-1: new high-speed USB device number 18 using dummy_hcd
[  334.313104][ T8203] netlink: 'syz.3.572': attribute type 6 has an invalid length.
[  334.376273][ T8203] netlink: 24 bytes leftover after parsing attributes in process `syz.3.572'.
[  334.569602][ T5931] usb 2-1: new high-speed USB device number 12 using dummy_hcd
[  334.613614][    T9] usb 3-1: Using ep0 maxpacket: 32
[  334.703774][   T30] audit: type=1326 audit(1755900942.754:119): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=8201 comm="syz.3.572" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f6b7238ebe9 code=0x7ffc0000
[  334.789937][    T9] usb 3-1: config 0 has an invalid interface number: 35 but max is 0
[  334.808466][    T9] usb 3-1: config 0 has no interface number 0
[  334.821949][    T9] usb 3-1: New USB device found, idVendor=10c4, idProduct=818a, bcdDevice=7d.8f
[  334.831567][ T5931] usb 2-1: Using ep0 maxpacket: 32
[  334.843139][ T5931] usb 2-1: config 0 interface 0 has no altsetting 0
[  334.852284][    T9] usb 3-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  334.859561][   T30] audit: type=1326 audit(1755900942.784:120): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=8201 comm="syz.3.572" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f6b7238ebe9 code=0x7ffc0000
[  334.863999][ T5931] usb 2-1: New USB device found, idVendor=16d0, idProduct=10b8, bcdDevice=de.8e
[  334.894161][    T9] usb 3-1: Product: syz
[  334.943956][    T9] usb 3-1: Manufacturer: syz
[  334.981184][    T9] usb 3-1: SerialNumber: syz
[  335.009820][   T30] audit: type=1326 audit(1755900942.974:121): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=8201 comm="syz.3.572" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f6b7238ebe9 code=0x7ffc0000
[  335.050232][ T5931] usb 2-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  335.068748][    T9] usb 3-1: config 0 descriptor??
[  335.116261][    T9] radio-si470x 3-1:0.35: could not find interrupt in endpoint
[  335.127937][ T5931] usb 2-1: Product: syz
[  335.137519][    T9] radio-si470x 3-1:0.35: probe with driver radio-si470x failed with error -5
[  335.146816][ T5931] usb 2-1: Manufacturer: syz
[  335.158144][   T30] audit: type=1326 audit(1755900942.984:122): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=8201 comm="syz.3.572" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f6b7238ebe9 code=0x7ffc0000
[  335.179681][    C0] vkms_vblank_simulate: vblank timer overrun
[  335.188478][ T5931] usb 2-1: SerialNumber: syz
[  335.197019][   T30] audit: type=1326 audit(1755900942.994:123): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=8201 comm="syz.3.572" exe="/root/syz-executor" sig=0 arch=c000003e syscall=248 compat=0 ip=0x7f6b7238ebe9 code=0x7ffc0000
[  335.221773][ T5931] usb 2-1: config 0 descriptor??
[  335.237158][   T30] audit: type=1326 audit(1755900942.994:124): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=8201 comm="syz.3.572" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f6b7238ebe9 code=0x7ffc0000
[  335.265518][   T30] audit: type=1326 audit(1755900942.994:125): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=8201 comm="syz.3.572" exe="/root/syz-executor" sig=0 arch=c000003e syscall=16 compat=0 ip=0x7f6b7238ebe9 code=0x7ffc0000
[  335.289176][   T30] audit: type=1326 audit(1755900942.994:126): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=8201 comm="syz.3.572" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f6b7238ebe9 code=0x7ffc0000
[  335.310898][    C0] vkms_vblank_simulate: vblank timer overrun
[  335.321549][    T9] radio-raremono 3-1:0.35: Thanko's Raremono connected: (10C4:818A)
[  335.343993][   T30] audit: type=1326 audit(1755900942.994:127): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=8201 comm="syz.3.572" exe="/root/syz-executor" sig=0 arch=c000003e syscall=16 compat=0 ip=0x7f6b7238ebe9 code=0x7ffc0000
[  335.366194][   T30] audit: type=1326 audit(1755900942.994:128): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=8201 comm="syz.3.572" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f6b7238ebe9 code=0x7ffc0000
[  335.783628][ T8218] iommufd_mock iommufd_mock0: Adding to iommu group 0
[  336.315935][    T9] radio-raremono 3-1:0.35: raremono_cmd_main failed (-71)
[  336.339364][    T9] radio-raremono 3-1:0.35: V4L2 device registered as radio48
[  336.354865][    T9] usb 3-1: USB disconnect, device number 18
[  336.377328][    T9] radio-raremono 3-1:0.35: Thanko's Raremono disconnected
[  336.521992][ T5931] gs_usb 2-1:0.0: Configuring for 2 interfaces
[  336.915287][ T8226] syz.0.579: attempt to access beyond end of device
[  336.915287][ T8226] loop0: rw=0, sector=0, nr_sectors = 1 limit=0
[  336.929676][ T8226] (syz.0.579,8226,0):ocfs2_get_sector:1714 ERROR: status = -5
[  336.939720][ T8226] (syz.0.579,8226,0):ocfs2_sb_probe:753 ERROR: status = -5
[  336.947307][ T8226] (syz.0.579,8226,0):ocfs2_fill_super:989 ERROR: superblock probe failed!
[  336.956848][ T8226] (syz.0.579,8226,0):ocfs2_fill_super:1177 ERROR: status = -5
[  338.400263][ T5931] gs_usb 2-1:0.0: Disabling termination support for channel 0 (-ETIMEDOUT)
[  338.444994][ T5931] gs_usb 2-1:0.0: Couldn't get bit timing const for channel 1 (-EPIPE)
[  338.613122][ T5931] gs_usb 2-1:0.0: probe with driver gs_usb failed with error -32
[  338.786010][ T5931] usb 2-1: USB disconnect, device number 12
[  339.156258][ T8247] xt_hashlimit: max too large, truncated to 1048576
[  340.590526][ T8266] trusted_key: encrypted_key: keyword 'new' not allowed when called from .update method
[  344.499401][ T8302] netlink: 4 bytes leftover after parsing attributes in process `syz.1.600'.
[  344.869692][    T9] usb 4-1: new high-speed USB device number 10 using dummy_hcd
[  345.398367][    T9] usb 4-1: New USB device found, idVendor=0424, idProduct=7850, bcdDevice= 0.00
[  345.412531][    T9] usb 4-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  345.428703][    T9] usb 4-1: Product: syz
[  345.439484][    T9] usb 4-1: Manufacturer: syz
[  345.449567][    T9] usb 4-1: SerialNumber: syz
[  345.944065][ T8317] iommufd_mock iommufd_mock0: Adding to iommu group 0
[  346.660863][ T8319] program syz.4.605 is using a deprecated SCSI ioctl, please convert it to SG_IO
[  347.239840][    T9] lan78xx 4-1:1.0 (unnamed net_device) (uninitialized): Failed to write register index 0x00000010. ret = -EPROTO
[  347.264659][    T9] lan78xx 4-1:1.0 (unnamed net_device) (uninitialized): Registers INIT FAILED....
[  347.298521][    T9] lan78xx 4-1:1.0 (unnamed net_device) (uninitialized): Bind routine FAILED
[  347.650495][    T9] lan78xx 4-1:1.0: probe with driver lan78xx failed with error -71
[  348.744963][    T9] usb 4-1: USB disconnect, device number 10
[  349.252646][   T24] usb 5-1: new high-speed USB device number 14 using dummy_hcd
[  349.499741][   T24] usb 5-1: Using ep0 maxpacket: 8
[  349.707023][   T24] usb 5-1: New USB device found, idVendor=0c45, idProduct=613a, bcdDevice=c4.6d
[  349.720585][   T24] usb 5-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  349.728708][   T24] usb 5-1: Product: syz
[  349.886279][   T24] usb 5-1: Manufacturer: syz
[  349.954565][   T24] usb 5-1: SerialNumber: syz
[  350.012517][   T24] usb 5-1: config 0 descriptor??
[  350.085551][   T24] gspca_main: sonixj-2.14.0 probing 0c45:613a
[  350.345788][ T6747] Bluetooth: hci5: Frame reassembly failed (-84)
[  350.388809][ T6747] Bluetooth: hci5: Frame reassembly failed (-84)
[  350.603663][   T24] gspca_sonixj: reg_w1 err -110
[  350.611137][   T24] sonixj 5-1:0.0: probe with driver sonixj failed with error -110
[  350.815571][ T8351] batman_adv: batadv0: Adding interface: dummy0
[  350.830244][ T8351] batman_adv: batadv0: The MTU of interface dummy0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[  350.865015][ T8351] batman_adv: batadv0: Interface activated: dummy0
[  351.089879][ T5857] Bluetooth: hci1: Malformed MSFT vendor event: 0x02
[  352.013010][ T5931] usb 5-1: USB disconnect, device number 14
[  352.391105][ T5844] Bluetooth: hci5: Opcode 0x1003 failed: -110
[  355.359697][   T30] kauditd_printk_skb: 3 callbacks suppressed
[  355.359714][   T30] audit: type=1326 audit(1755900962.464:132): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=8389 comm="syz.3.628" exe="/root/syz-executor" sig=9 arch=c000003e syscall=231 compat=0 ip=0x7f6b7238ebe9 code=0x0
[  360.014619][   T64] Bluetooth: hci5: Frame reassembly failed (-84)
[  362.104509][ T5844] Bluetooth: hci5: command 0x1003 tx timeout
[  362.104720][ T5857] Bluetooth: hci5: Opcode 0x1003 failed: -110
[  363.180386][ T5844] Bluetooth: hci5: unexpected cc 0x0c03 length: 249 > 1
[  363.222289][ T5844] Bluetooth: hci5: unexpected cc 0x1003 length: 249 > 9
[  363.240970][ T5844] Bluetooth: hci5: unexpected cc 0x1001 length: 249 > 9
[  363.284212][ T5844] Bluetooth: hci5: unexpected cc 0x0c23 length: 249 > 4
[  363.419206][ T5844] Bluetooth: hci5: unexpected cc 0x0c38 length: 249 > 2
[  364.309932][ T8430] Bluetooth: MGMT ver 1.23
[  364.355398][ T5844] Bluetooth: hci3: Malformed LE Event: 0x1d
[  365.520517][ T5844] Bluetooth: hci5: command tx timeout
[  367.036035][ T8422] chnl_net:caif_netlink_parms(): no params data found
[  367.044218][ T8456] ip_tunnel: non-ECT from 172.20.20.187 with TOS=0x2
[  367.508265][ T8422] bridge0: port 1(bridge_slave_0) entered blocking state
[  367.540098][ T8463] vimc link validate: Scaler:src:640x480 (0x33424752, 8, 0, 0, 0) RGB/YUV Capture:snk:640x480 (0x33424752, 8, 0, 0, 0)
[  367.581415][ T8422] bridge0: port 1(bridge_slave_0) entered disabled state
[  367.589790][ T5844] Bluetooth: hci5: command tx timeout
[  367.597975][ T8422] bridge_slave_0: entered allmulticast mode
[  367.615484][ T8422] bridge_slave_0: entered promiscuous mode
[  367.635635][ T8422] bridge0: port 2(bridge_slave_1) entered blocking state
[  367.646956][ T8422] bridge0: port 2(bridge_slave_1) entered disabled state
[  367.657181][ T8422] bridge_slave_1: entered allmulticast mode
[  367.678933][ T8422] bridge_slave_1: entered promiscuous mode
[  368.442004][ T8422] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link
[  368.529948][ T8422] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link
[  368.800693][ T8470] netlink: 'syz.4.649': attribute type 1 has an invalid length.
[  368.808426][ T8470] netlink: 224 bytes leftover after parsing attributes in process `syz.4.649'.
[  368.917133][ T8422] team0: Port device team_slave_0 added
[  369.182083][ T8422] team0: Port device team_slave_1 added
[  369.448547][ T8422] batman_adv: batadv0: Adding interface: batadv_slave_0
[  369.457523][ T8422] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[  370.434697][ T5844] Bluetooth: hci5: command tx timeout
[  370.434702][ T8422] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active
[  370.473596][ T8422] batman_adv: batadv0: Adding interface: batadv_slave_1
[  370.668417][ T8422] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[  370.849404][ T8422] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active
[  370.849860][ T8486] netlink: 12 bytes leftover after parsing attributes in process `syz.1.655'.
[  371.724862][ T8422] hsr_slave_0: entered promiscuous mode
[  371.735020][ T8422] hsr_slave_1: entered promiscuous mode
[  371.763446][ T8422] debugfs: Directory 'hsr0' with parent 'hsr' already present!
[  371.793736][ T8422] Cannot create hsr debugfs directory
[  372.509778][ T5844] Bluetooth: hci5: command tx timeout
[  373.738721][ T8511] netlink: 'syz.4.662': attribute type 12 has an invalid length.
[  374.085764][ T8422] netdevsim netdevsim5 netdevsim0: renamed from eth0
[  374.100342][    T9] usb 2-1: new high-speed USB device number 13 using dummy_hcd
[  374.135834][ T8422] netdevsim netdevsim5 netdevsim1: renamed from eth1
[  374.154925][ T8422] netdevsim netdevsim5 netdevsim2: renamed from eth2
[  374.181801][ T8422] netdevsim netdevsim5 netdevsim3: renamed from eth3
[  374.785778][    T9] usb 2-1: Using ep0 maxpacket: 8
[  374.810756][    T9] usb 2-1: config index 0 descriptor too short (expected 301, got 45)
[  374.822403][    T9] usb 2-1: config 16 interface 0 altsetting 0 endpoint 0x5 has invalid wMaxPacketSize 0
[  374.839827][    T9] usb 2-1: config 16 interface 0 altsetting 0 bulk endpoint 0x5 has invalid maxpacket 0
[  374.849779][    T9] usb 2-1: config 16 interface 0 altsetting 0 bulk endpoint 0x8B has invalid maxpacket 32
[  374.859872][    T9] usb 2-1: config 16 interface 0 altsetting 0 has 2 endpoint descriptors, different from the interface descriptor's value: 3
[  374.894284][    T9] usb 2-1: New USB device found, idVendor=ee8d, idProduct=db1e, bcdDevice=61.23
[  374.918102][    T9] usb 2-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  375.166713][    T9] usb 2-1: usb_control_msg returned -32
[  375.200264][    T9] usbtmc 2-1:16.0: can't read capabilities
[  375.219059][ T8422] 8021q: adding VLAN 0 to HW filter on device bond0
[  375.275405][ T8422] 8021q: adding VLAN 0 to HW filter on device team0
[  375.317724][ T1157] bridge0: port 1(bridge_slave_0) entered blocking state
[  375.325726][ T1157] bridge0: port 1(bridge_slave_0) entered forwarding state
[  375.429582][ T1157] bridge0: port 2(bridge_slave_1) entered blocking state
[  375.436750][ T1157] bridge0: port 2(bridge_slave_1) entered forwarding state
[  376.469068][ T8532] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy
[  376.538715][ T8532] misc raw-gadget: fail, usb_gadget_register_driver returned -16
[  377.002111][ T8422] 8021q: adding VLAN 0 to HW filter on device batadv0
[  377.289939][ T5931] usb 5-1: new full-speed USB device number 15 using dummy_hcd
[  377.472017][ T5931] usb 5-1: config 0 has an invalid interface number: 1 but max is 0
[  377.499763][ T8422] veth0_vlan: entered promiscuous mode
[  377.507785][ T5931] usb 5-1: config 0 has no interface number 0
[  377.519212][ T8422] veth1_vlan: entered promiscuous mode
[  377.531702][ T5931] usb 5-1: New USB device found, idVendor=0b48, idProduct=1005, bcdDevice=8c.1e
[  377.544121][ T5931] usb 5-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  377.561303][ T5931] usb 5-1: config 0 descriptor??
[  377.578095][ T5931] usb 5-1: selecting invalid altsetting 1
[  377.593465][ T5931] dvb_ttusb_budget: ttusb_init_controller: error
[  377.619122][ T5931] dvbdev: DVB: registering new adapter (Technotrend/Hauppauge Nova-USB)
[  377.641750][ T8422] veth0_macvtap: entered promiscuous mode
[  377.692400][ T8422] veth1_macvtap: entered promiscuous mode
[  377.700740][ T5931] DVB: Unable to find symbol cx22700_attach()
[  377.775114][ T8422] batman_adv: batadv0: Interface activated: batadv_slave_0
[  377.794890][   T24] usb 2-1: USB disconnect, device number 13
[  377.874795][ T8422] batman_adv: batadv0: Interface activated: batadv_slave_1
[  377.905885][ T5931] DVB: Unable to find symbol tda10046_attach()
[  377.940552][ T5931] dvb_ttusb_budget: no frontend driver found for device [0b48:1005]
[  377.952200][ T8422] netdevsim netdevsim5 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0
[  377.965872][ T5931] usb 5-1: USB disconnect, device number 15
[  377.972312][ T8422] netdevsim netdevsim5 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0
[  377.987741][ T8422] netdevsim netdevsim5 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0
[  378.009065][ T8422] netdevsim netdevsim5 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0
[  378.959875][ T1301] ieee802154 phy1 wpan1: encryption failed: -22
[  379.305850][ T8568] netlink: 12 bytes leftover after parsing attributes in process `syz.4.673'.
[  379.360454][ T6225] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[  379.368333][ T6225] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50
[  379.499070][ T8568] 8021q: adding VLAN 0 to HW filter on device bond2
[  379.783865][ T8571] macvlan2: entered promiscuous mode
[  380.442804][ T8571] macvlan2: entered allmulticast mode
[  380.449879][ T8571] bond2: entered promiscuous mode
[  380.457727][ T8571] 8021q: adding VLAN 0 to HW filter on device macvlan2
[  380.501139][ T8571] bond2: left promiscuous mode
[  382.362459][ T6048] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[  382.371396][ T6048] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50
[  382.569591][ T8586] netlink: 'syz.3.676': attribute type 10 has an invalid length.
[  382.604041][ T8586] 8021q: adding VLAN 0 to HW filter on device team0
[  382.622553][ T8586] team0: entered promiscuous mode
[  382.627739][ T8586] team_slave_0: entered promiscuous mode
[  382.634524][ T8586] team_slave_1: entered promiscuous mode
[  382.642436][ T8586] team0: entered allmulticast mode
[  382.647646][ T8586] team_slave_0: entered allmulticast mode
[  382.653673][ T8586] team_slave_1: entered allmulticast mode
[  382.693868][ T8586] bond0: (slave team0): Enslaving as an active interface with an up link
[  388.332626][ T8631] binder: 8627:8631 ioctl c0306201 0 returned -14
[  388.405198][   T30] audit: type=1800 audit(1755900996.464:133): pid=8634 uid=0 auid=4294967295 ses=4294967295 subj=_ op=collect_data cause=failed comm="syz.3.690" name="SYSV00000000" dev="hugetlbfs" ino=0 res=0 errno=0
[  389.720435][    T9] usb 5-1: new high-speed USB device number 16 using dummy_hcd
[  389.949517][    T9] usb 5-1: Using ep0 maxpacket: 16
[  390.296832][    T9] usb 5-1: config 1 interface 0 altsetting 255 endpoint 0x1 has invalid wMaxPacketSize 0
[  390.340150][    T9] usb 5-1: config 1 interface 0 altsetting 255 bulk endpoint 0x1 has invalid maxpacket 0
[  390.367350][    T9] usb 5-1: config 1 interface 0 altsetting 255 has 1 endpoint descriptor, different from the interface descriptor's value: 2
[  390.409684][    T9] usb 5-1: config 1 interface 0 has no altsetting 0
[  390.417266][ T8652] sch_tbf: burst 19872 is lower than device lo mtu (65550) !
[  390.419116][    T9] usb 5-1: New USB device found, idVendor=0525, idProduct=a4a8, bcdDevice= 0.40
[  390.438894][    T9] usb 5-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  390.464429][   T30] audit: type=1326 audit(1755900998.514:134): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=8653 comm="syz.0.696" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fa59358ebe9 code=0x7ffc0000
[  390.508633][    T9] usb 5-1: Product: syz
[  390.515001][    T9] usb 5-1: Manufacturer: syz
[  390.539329][    T9] usb 5-1: SerialNumber: syz
[  390.539468][   T30] audit: type=1326 audit(1755900998.514:135): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=8653 comm="syz.0.696" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fa59358ebe9 code=0x7ffc0000
[  390.586043][   T30] audit: type=1326 audit(1755900998.514:136): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=8653 comm="syz.0.696" exe="/root/syz-executor" sig=0 arch=c000003e syscall=140 compat=0 ip=0x7fa59358ebe9 code=0x7ffc0000
[  391.050205][   T30] audit: type=1326 audit(1755900998.514:137): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=8653 comm="syz.0.696" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fa59358ebe9 code=0x7ffc0000
[  391.056534][    T9] usblp 5-1:1.0: usblp0: USB Unidirectional printer dev 16 if 0 alt 255 proto 1 vid 0x0525 pid 0xA4A8
[  391.863900][ T5844] Bluetooth: hci3: unexpected event for opcode 0x042c
[  392.651286][    T9] usb 5-1: USB disconnect, device number 16
[  392.685434][    T9] usblp0: removed
[  396.843745][ T5931] hid-generic 0000:0004:0034.0004: unknown main item tag 0x0
[  396.917518][ T5931] hid-generic 0000:0004:0034.0004: unknown main item tag 0x0
[  396.956049][ T5931] hid-generic 0000:0004:0034.0004: unknown main item tag 0x0
[  397.025690][ T5931] hid-generic 0000:0004:0034.0004: hidraw0: <UNKNOWN> HID v0.0e Device [syz0] on syz1
[  402.819164][ T5931] hid-generic 0000:0004:0034.0005: unknown main item tag 0x0
[  402.867977][ T5931] hid-generic 0000:0004:0034.0005: unknown main item tag 0x0
[  403.938387][ T5931] hid-generic 0000:0004:0034.0005: unknown main item tag 0x0
[  404.161982][ T5931] hid-generic 0000:0004:0034.0005: hidraw0: <UNKNOWN> HID v0.0e Device [syz0] on syz1
[  405.987154][ T5931] hid-generic 0000:0004:0034.0006: unknown main item tag 0x0
[  406.082435][ T5931] hid-generic 0000:0004:0034.0006: unknown main item tag 0x0
[  406.161581][ T5931] hid-generic 0000:0004:0034.0006: unknown main item tag 0x0
[  406.364588][ T5931] hid-generic 0000:0004:0034.0006: hidraw0: <UNKNOWN> HID v0.0e Device [syz0] on syz1
[  415.343057][ T8828] vlan2: entered promiscuous mode
[  415.348419][ T8828] vlan2: entered allmulticast mode
[  415.460966][ T8828] hsr_slave_1: entered allmulticast mode
[  416.107342][ T8828] netlink: 4 bytes leftover after parsing attributes in process `syz.1.750'.
[  421.225603][ T8846] netlink: 'syz.1.754': attribute type 10 has an invalid length.
[  421.246851][ T8846] team0: Port device dummy0 added
[  422.771026][ T8850] overlayfs: missing 'lowerdir'
[  422.838581][ T8853] overlay: ./file0 is not a directory
[  424.071193][ T8870] netlink: 'syz.0.760': attribute type 6 has an invalid length.
[  424.143130][ T8870] netlink: 24 bytes leftover after parsing attributes in process `syz.0.760'.
[  425.357926][ T8874] syz.4.759 (8874) used greatest stack depth: 15448 bytes left
[  425.538779][ T8869] block nbd3: shutting down sockets
[  425.547875][   T30] audit: type=1800 audit(1755901033.603:138): pid=8856 uid=0 auid=4294967295 ses=4294967295 subj=_ op=collect_data cause=failed comm="syz.3.747" name="/" dev="fuse" ino=1 res=0 errno=0
[  425.933424][   T30] audit: type=1326 audit(1755901033.773:139): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=8863 comm="syz.0.760" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fa59358ebe9 code=0x7ffc0000
[  426.738365][   T30] audit: type=1326 audit(1755901033.773:140): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=8863 comm="syz.0.760" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fa59358ebe9 code=0x7ffc0000
[  426.893948][   T30] audit: type=1326 audit(1755901033.973:141): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=8863 comm="syz.0.760" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fa59358ebe9 code=0x7ffc0000
[  427.031683][   T30] audit: type=1326 audit(1755901033.973:142): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=8863 comm="syz.0.760" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fa59358ebe9 code=0x7ffc0000
[  427.053224][    C0] vkms_vblank_simulate: vblank timer overrun
[  427.078205][   T30] audit: type=1326 audit(1755901033.973:143): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=8863 comm="syz.0.760" exe="/root/syz-executor" sig=0 arch=c000003e syscall=248 compat=0 ip=0x7fa59358ebe9 code=0x7ffc0000
[  427.105234][   T30] audit: type=1326 audit(1755901033.973:144): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=8863 comm="syz.0.760" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fa59358ebe9 code=0x7ffc0000
[  428.120452][ T5857] Bluetooth: hci5: command 0x0405 tx timeout
[  429.129514][   T30] audit: type=1326 audit(1755901033.973:145): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=8863 comm="syz.0.760" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fa59358ebe9 code=0x7ffc0000
[  429.989659][ T8897] iommufd_mock iommufd_mock0: Adding to iommu group 0
[  430.479539][   T30] audit: type=1326 audit(1755901033.973:146): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=8863 comm="syz.0.760" exe="/root/syz-executor" sig=0 arch=c000003e syscall=16 compat=0 ip=0x7fa59358ebe9 code=0x7ffc0000
[  430.619574][   T30] audit: type=1326 audit(1755901033.973:147): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=8863 comm="syz.0.760" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fa59358ebe9 code=0x7ffc0000
[  430.776870][   T30] audit: type=1326 audit(1755901033.973:148): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=8863 comm="syz.0.760" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fa59358ebe9 code=0x7ffc0000
[  431.049120][   T30] audit: type=1326 audit(1755901033.993:149): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=8863 comm="syz.0.760" exe="/root/syz-executor" sig=0 arch=c000003e syscall=16 compat=0 ip=0x7fa59358ebe9 code=0x7ffc0000
[  431.070652][    C0] vkms_vblank_simulate: vblank timer overrun
[  431.519520][   T30] audit: type=1326 audit(1755901033.993:150): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=8863 comm="syz.0.760" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fa59358ebe9 code=0x7ffc0000
[  431.541185][   T30] audit: type=1326 audit(1755901033.993:151): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=8863 comm="syz.0.760" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fa59358ebe9 code=0x7ffc0000
[  432.567562][   T30] audit: type=1326 audit(1755901033.993:152): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=8863 comm="syz.0.760" exe="/root/syz-executor" sig=0 arch=c000003e syscall=16 compat=0 ip=0x7fa59358ebe9 code=0x7ffc0000
[  432.588904][    C0] vkms_vblank_simulate: vblank timer overrun
[  432.596060][   T30] audit: type=1326 audit(1755901033.993:153): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=8863 comm="syz.0.760" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fa59358ebe9 code=0x7ffc0000
[  432.617911][   T30] audit: type=1326 audit(1755901033.993:154): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=8863 comm="syz.0.760" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fa59358ebe9 code=0x7ffc0000
[  432.639378][    C0] vkms_vblank_simulate: vblank timer overrun
[  437.797042][ T8937] netlink: 8 bytes leftover after parsing attributes in process `syz.0.777'.
[  437.847017][ T5844] Bluetooth: hci6: unexpected cc 0x0c03 length: 249 > 1
[  437.868642][ T5844] Bluetooth: hci6: unexpected cc 0x1003 length: 249 > 9
[  437.879804][ T5844] Bluetooth: hci6: unexpected cc 0x1001 length: 249 > 9
[  437.896564][ T8937] netlink: 8 bytes leftover after parsing attributes in process `syz.0.777'.
[  437.921680][ T5844] Bluetooth: hci6: unexpected cc 0x0c23 length: 249 > 4
[  437.934253][ T5844] Bluetooth: hci6: unexpected cc 0x0c38 length: 249 > 2
[  437.958709][ T8937] netlink: 8 bytes leftover after parsing attributes in process `syz.0.777'.
[  438.004622][ T8937] netlink: 8 bytes leftover after parsing attributes in process `syz.0.777'.
[  438.826331][ T8949] xt_hashlimit: max too large, truncated to 1048576
[  439.854171][ T8957] iommufd_mock iommufd_mock0: Adding to iommu group 0
[  439.989410][ T5844] Bluetooth: hci6: command tx timeout
[  440.402852][ T1301] ieee802154 phy1 wpan1: encryption failed: -22
[  442.591255][ T5844] Bluetooth: hci6: command tx timeout
[  442.667224][ T8938] chnl_net:caif_netlink_parms(): no params data found
[  443.508732][   T64] netdevsim netdevsim3 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  443.732686][   T64] netdevsim netdevsim3 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  444.058660][   T64] netdevsim netdevsim3 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  444.204785][ T8987] overlay: ./file0 is not a directory
[  444.423287][   T64] netdevsim netdevsim3 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  444.629360][ T5844] Bluetooth: hci6: command tx timeout
[  445.771936][ T9008] xt_hashlimit: max too large, truncated to 1048576
[  446.711879][ T5857] Bluetooth: hci6: command tx timeout
[  446.737388][ T8938] bridge0: port 1(bridge_slave_0) entered blocking state
[  446.745524][ T8938] bridge0: port 1(bridge_slave_0) entered disabled state
[  446.753337][ T8938] bridge_slave_0: entered allmulticast mode
[  446.939619][ T8994] Bluetooth: hci1: Opcode 0x0c1a failed: -4
[  446.948198][ T5857] block nbd5: Receive control failed (result -32)
[  446.950477][ T8938] bridge_slave_0: entered promiscuous mode
[  446.958372][ T9003] block nbd5: shutting down sockets
[  446.978434][ T8994] Bluetooth: hci0: Opcode 0x0c1a failed: -4
[  446.983605][ T8938] bridge0: port 2(bridge_slave_1) entered blocking state
[  446.992113][ T8994] Bluetooth: hci2: Opcode 0x0c1a failed: -4
[  447.001155][ T8994] Bluetooth: hci4: Opcode 0x0c1a failed: -4
[  447.007500][ T8994] Bluetooth: hci5: Opcode 0x0c1a failed: -4
[  447.023449][ T8994] Bluetooth: hci5: Opcode 0x0406 failed: -4
[  447.029851][ T8938] bridge0: port 2(bridge_slave_1) entered disabled state
[  447.029942][   T30] audit: type=1800 audit(1755901055.083:155): pid=8988 uid=0 auid=4294967295 ses=4294967295 subj=_ op=collect_data cause=failed comm="syz.5.788" name="/" dev="fuse" ino=1 res=0 errno=0
[  447.038553][ T8938] bridge_slave_1: entered allmulticast mode
[  447.064923][ T8994] Bluetooth: hci5: Opcode 0x0406 failed: -4
[  447.069873][ T8938] bridge_slave_1: entered promiscuous mode
[  447.167559][ T8994] Bluetooth: hci6: Opcode 0x0c1a failed: -4
[  447.174670][ T8994] Bluetooth: hci6: Opcode 0x0406 failed: -4
[  447.187209][ T8994] Bluetooth: hci6: Opcode 0x0406 failed: -4
[  447.608706][ T8938] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link
[  447.653652][ T8938] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link
[  448.010184][ T8938] team0: Port device team_slave_0 added
[  448.045435][ T8938] team0: Port device team_slave_1 added
[  448.447320][ T9024] netlink: 'syz.1.795': attribute type 6 has an invalid length.
[  448.480200][ T9024] netlink: 24 bytes leftover after parsing attributes in process `syz.1.795'.
[  448.714534][   T30] audit: type=1326 audit(1755901056.773:156): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=9022 comm="syz.1.795" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f55a998ebe9 code=0x7ffc0000
[  448.949655][ T5844] Bluetooth: hci1: command 0x0406 tx timeout
[  449.017030][ T8938] batman_adv: batadv0: Adding interface: batadv_slave_0
[  449.039385][ T5844] Bluetooth: hci5: command 0x0405 tx timeout
[  449.045462][ T5844] Bluetooth: hci4: command 0x0406 tx timeout
[  449.051639][ T5841] Bluetooth: hci2: command 0x0406 tx timeout
[  449.058234][ T5841] Bluetooth: hci0: command 0x0406 tx timeout
[  449.068883][   T30] audit: type=1326 audit(1755901056.773:157): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=9022 comm="syz.1.795" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f55a998ebe9 code=0x7ffc0000
[  449.090730][ T8938] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[  449.116856][    C0] vkms_vblank_simulate: vblank timer overrun
[  449.159587][   T30] audit: type=1326 audit(1755901056.873:158): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=9022 comm="syz.1.795" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f55a998ebe9 code=0x7ffc0000
[  449.231337][ T5857] Bluetooth: hci6: command 0x0405 tx timeout
[  449.237755][ T8938] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active
[  449.248509][   T30] audit: type=1326 audit(1755901056.873:159): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=9022 comm="syz.1.795" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f55a998ebe9 code=0x7ffc0000
[  449.271638][   T30] audit: type=1326 audit(1755901056.873:160): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=9022 comm="syz.1.795" exe="/root/syz-executor" sig=0 arch=c000003e syscall=248 compat=0 ip=0x7f55a998ebe9 code=0x7ffc0000
[  449.293316][   T30] audit: type=1326 audit(1755901056.873:161): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=9022 comm="syz.1.795" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f55a998ebe9 code=0x7ffc0000
[  449.314742][    C0] vkms_vblank_simulate: vblank timer overrun
[  449.326032][   T30] audit: type=1326 audit(1755901056.873:162): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=9022 comm="syz.1.795" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f55a998ebe9 code=0x7ffc0000
[  449.609269][   T30] audit: type=1326 audit(1755901056.883:163): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=9022 comm="syz.1.795" exe="/root/syz-executor" sig=0 arch=c000003e syscall=16 compat=0 ip=0x7f55a998ebe9 code=0x7ffc0000
[  449.611484][ T8938] batman_adv: batadv0: Adding interface: batadv_slave_1
[  449.655467][   T30] audit: type=1326 audit(1755901056.893:164): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=9022 comm="syz.1.795" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f55a998ebe9 code=0x7ffc0000
[  449.682657][ T8938] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[  449.861161][ T8938] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active
[  450.015015][   T64] bridge_slave_1: left allmulticast mode
[  450.031436][   T64] bridge_slave_1: left promiscuous mode
[  450.073628][   T64] bridge0: port 2(bridge_slave_1) entered disabled state
[  450.181400][   T64] bridge_slave_0: left allmulticast mode
[  450.199460][   T64] bridge_slave_0: left promiscuous mode
[  450.205865][   T64] bridge0: port 1(bridge_slave_0) entered disabled state
[  450.884974][ T9032] ptrace attach of "./syz-executor exec"[5835] was attempted by "                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                              
[  451.109632][ T5844] Bluetooth: hci5: command 0x0405 tx timeout
[  451.269631][ T5844] Bluetooth: hci6: command 0x0405 tx timeout
[  453.270495][ T5857] Bluetooth: hci5: command 0x0405 tx timeout
[  453.346526][ T9060] iommufd_mock iommufd_mock0: Adding to iommu group 0
[  453.354911][ T5857] Bluetooth: hci6: command 0x0405 tx timeout
[  454.200050][ T1218] usb 6-1: new full-speed USB device number 2 using dummy_hcd
[  454.656328][ T1218] usb 6-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config
[  454.706201][ T1218] usb 6-1: New USB device found, idVendor=2040, idProduct=b138, bcdDevice= 1.42
[  454.730412][ T1218] usb 6-1: New USB device strings: Mfr=4, Product=0, SerialNumber=0
[  454.738579][ T1218] usb 6-1: Manufacturer: syz
[  454.776158][ T1218] usb 6-1: config 0 descriptor??
[  455.123387][   T64] bond0 (unregistering): left promiscuous mode
[  455.131931][   T64] bond_slave_0: left promiscuous mode
[  455.137667][   T64] bond_slave_1: left promiscuous mode
[  455.145991][   T64] team0: left promiscuous mode
[  455.154366][   T64] team_slave_0: left promiscuous mode
[  455.167208][   T64] team_slave_1: left promiscuous mode
[  455.443129][ T5857] Bluetooth: hci6: command 0x0405 tx timeout
[  455.477008][   T64] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface
[  455.586358][   T64] bond_slave_0: left allmulticast mode
[  455.640298][   T64] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface
[  455.657036][   T64] bond_slave_1: left allmulticast mode
[  455.723629][   T64] bond0 (unregistering): (slave team0): Releasing backup interface
[  455.778829][   T64] team0: left allmulticast mode
[  455.791387][   T64] team_slave_0: left allmulticast mode
[  455.821588][   T64] team_slave_1: left allmulticast mode
[  455.900512][   T64] bond0 (unregistering): Released all slaves
[  455.990454][ T9063] netlink: 16402 bytes leftover after parsing attributes in process `syz.5.804'.
[  456.909919][ T8938] hsr_slave_0: entered promiscuous mode
[  457.152119][ T8938] hsr_slave_1: entered promiscuous mode
[  457.158332][ T8938] debugfs: Directory 'hsr0' with parent 'hsr' already present!
[  457.209850][ T8938] Cannot create hsr debugfs directory
[  457.239352][ T5931] usb 6-1: USB disconnect, device number 2
[  459.560839][   T64] batadv0: left promiscuous mode
[  459.849813][   T64] hsr_slave_0: left promiscuous mode
[  459.864732][   T64] hsr_slave_1: left promiscuous mode
[  459.872484][   T64] batman_adv: batadv0: Interface deactivated: batadv_slave_0
[  459.890360][   T64] batman_adv: batadv0: Removing interface: batadv_slave_0
[  459.903941][   T64] batman_adv: batadv0: Interface deactivated: batadv_slave_1
[  459.920587][   T64] batman_adv: batadv0: Removing interface: batadv_slave_1
[  460.142652][   T64] veth1_macvtap: left promiscuous mode
[  460.149901][   T64] veth0_macvtap: left promiscuous mode
[  460.157659][   T64] veth1_vlan: left promiscuous mode
[  460.164939][   T64] veth0_vlan: left promiscuous mode
[  461.246550][ T9129] iommufd_mock iommufd_mock0: Adding to iommu group 0
[  461.909156][ T9131] usb usb2: Requested nonsensical USBDEVFS_URB_ZERO_PACKET.
[  463.635215][   T64] team0 (unregistering): Port device team_slave_1 removed
[  463.696183][   T64] team0 (unregistering): Port device team_slave_0 removed
[  464.400374][ T9125] Bluetooth: hci1: Opcode 0x0c1a failed: -4
[  464.408179][ T9125] Bluetooth: hci0: Opcode 0x0c1a failed: -4
[  464.430657][ T9125] Bluetooth: hci2: Opcode 0x0c1a failed: -4
[  464.436865][ T9125] Bluetooth: hci4: Opcode 0x0c1a failed: -4
[  464.469584][ T5841] Bluetooth: hci6: command 0x0405 tx timeout
[  464.476439][ T9125] Bluetooth: hci5: Opcode 0x0c1a failed: -4
[  464.494918][ T9125] Bluetooth: hci6: Opcode 0x0c1a failed: -4
[  464.506797][ T9151] netlink: 24 bytes leftover after parsing attributes in process `syz.5.825'.
[  464.710987][ T8938] netdevsim netdevsim6 netdevsim0: renamed from eth0
[  464.769554][    T9] usb 5-1: new high-speed USB device number 17 using dummy_hcd
[  464.781868][ T8938] netdevsim netdevsim6 netdevsim1: renamed from eth1
[  464.844972][ T8938] netdevsim netdevsim6 netdevsim2: renamed from eth2
[  464.970221][    T9] usb 5-1: Using ep0 maxpacket: 8
[  464.999138][ T8938] netdevsim netdevsim6 netdevsim3: renamed from eth3
[  465.027951][    T9] usb 5-1: config 179 has an invalid interface number: 65 but max is 0
[  465.090764][    T9] usb 5-1: config 179 has no interface number 0
[  465.135310][    T9] usb 5-1: config 179 interface 65 altsetting 12 endpoint 0xF has an invalid bInterval 63, changing to 9
[  465.493219][    T9] usb 5-1: config 179 interface 65 altsetting 12 endpoint 0xF has invalid maxpacket 57605, setting to 1024
[  465.622038][    T9] usb 5-1: config 179 interface 65 altsetting 12 endpoint 0x83 has an invalid bInterval 52, changing to 9
[  465.922084][    T9] usb 5-1: config 179 interface 65 altsetting 12 endpoint 0x83 has invalid maxpacket 8241, setting to 1024
[  465.949104][    T9] usb 5-1: config 179 interface 65 altsetting 12 has 2 endpoint descriptors, different from the interface descriptor's value: 23
[  466.603757][ T5841] Bluetooth: hci4: command 0x0406 tx timeout
[  466.623268][ T5841] Bluetooth: hci2: command 0x0406 tx timeout
[  466.639529][ T5857] Bluetooth: hci0: command 0x0406 tx timeout
[  466.645618][ T5857] Bluetooth: hci1: command 0x0406 tx timeout
[  466.652080][ T5857] Bluetooth: hci6: command 0x0405 tx timeout
[  466.658126][ T5857] Bluetooth: hci5: command 0x0405 tx timeout
[  466.699256][    T9] usb 5-1: config 179 interface 65 has no altsetting 0
[  466.722278][    T9] usb 5-1: New USB device found, idVendor=12ab, idProduct=0004, bcdDevice= 0.00
[  466.758872][    T9] usb 5-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  466.795604][ T9172] netlink: 'syz.4.830': attribute type 32 has an invalid length.
[  466.795995][    T9] usb 5-1: can't set config #179, error -71
[  466.815735][    T9] usb 5-1: USB disconnect, device number 17
[  467.158880][ T8938] 8021q: adding VLAN 0 to HW filter on device bond0
[  467.637813][ T8938] 8021q: adding VLAN 0 to HW filter on device team0
[  467.656383][ T1157] bridge0: port 1(bridge_slave_0) entered blocking state
[  467.663609][ T1157] bridge0: port 1(bridge_slave_0) entered forwarding state
[  467.966317][ T6746] bridge0: port 2(bridge_slave_1) entered blocking state
[  467.973715][ T6746] bridge0: port 2(bridge_slave_1) entered forwarding state
[  468.412563][ T9194] iommufd_mock iommufd_mock0: Adding to iommu group 0
[  470.747754][ T8938] hsr0: Slave A (hsr_slave_0) is not up; please bring it up to get a fully working HSR network
[  470.771396][ T8938] hsr0: Slave B (hsr_slave_1) is not up; please bring it up to get a fully working HSR network
[  474.686693][ T8938] 8021q: adding VLAN 0 to HW filter on device batadv0
[  475.560394][   T30] kauditd_printk_skb: 6 callbacks suppressed
[  475.560433][   T30] audit: type=1326 audit(1755901083.433:171): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=9225 comm="syz.0.841" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fa59358ebe9 code=0x7ffc0000
[  475.857539][   T30] audit: type=1326 audit(1755901083.433:172): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=9225 comm="syz.0.841" exe="/root/syz-executor" sig=0 arch=c000003e syscall=271 compat=0 ip=0x7fa59358ebe9 code=0x7ffc0000
[  475.996568][   T30] audit: type=1326 audit(1755901083.453:173): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=9225 comm="syz.0.841" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fa59358ebe9 code=0x7ffc0000
[  476.058358][   T30] audit: type=1326 audit(1755901083.453:174): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=9225 comm="syz.0.841" exe="/root/syz-executor" sig=0 arch=c000003e syscall=283 compat=0 ip=0x7fa59358ebe9 code=0x7ffc0000
[  476.271067][   T30] audit: type=1326 audit(1755901083.453:175): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=9225 comm="syz.0.841" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fa59358ebe9 code=0x7ffc0000
[  476.293308][   T30] audit: type=1326 audit(1755901083.453:176): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=9225 comm="syz.0.841" exe="/root/syz-executor" sig=0 arch=c000003e syscall=287 compat=0 ip=0x7fa59358ebe9 code=0x7ffc0000
[  476.324161][   T30] audit: type=1326 audit(1755901083.453:177): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=9225 comm="syz.0.841" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fa59358ebe9 code=0x7ffc0000
[  476.362627][   T30] audit: type=1326 audit(1755901083.453:178): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=9225 comm="syz.0.841" exe="/root/syz-executor" sig=0 arch=c000003e syscall=257 compat=0 ip=0x7fa59358d550 code=0x7ffc0000
[  476.568536][ T8938] veth0_vlan: entered promiscuous mode
[  477.064166][   T30] audit: type=1326 audit(1755901083.453:179): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=9225 comm="syz.0.841" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fa59358ebe9 code=0x7ffc0000
[  477.138834][   T30] audit: type=1326 audit(1755901083.453:180): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=9225 comm="syz.0.841" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fa59358ebe9 code=0x7ffc0000
[  477.149085][ T8938] veth1_vlan: entered promiscuous mode
[  477.219379][ T9242] netlink: 'syz.0.844': attribute type 32 has an invalid length.
[  477.388110][ T8938] veth0_macvtap: entered promiscuous mode
[  477.399951][ T8938] veth1_macvtap: entered promiscuous mode
[  478.106353][ T8938] batman_adv: batadv0: Interface activated: batadv_slave_0
[  478.183874][ T8938] batman_adv: batadv0: Interface activated: batadv_slave_1
[  478.229881][ T8938] netdevsim netdevsim6 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0
[  478.238676][ T8938] netdevsim netdevsim6 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0
[  478.413881][ T8938] netdevsim netdevsim6 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0
[  478.422964][ T8938] netdevsim netdevsim6 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0
[  478.712271][ T9255] batman_adv: batadv0: adding TT local entry aa:aa:aa:aa:aa:2a to non-existent VLAN 1340
[  478.723532][ T5972] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[  478.783852][ T5972] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50
[  479.819092][ T1105] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[  479.831746][ T1105] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50
[  479.997732][ T1210] usb 6-1: new high-speed USB device number 3 using dummy_hcd
[  480.207012][ T1210] usb 6-1: config 0 interface 0 altsetting 251 endpoint 0x9 has invalid wMaxPacketSize 0
[  480.426681][ T1210] usb 6-1: config 0 interface 0 has no altsetting 0
[  480.513437][ T1210] usb 6-1: New USB device found, idVendor=045e, idProduct=0283, bcdDevice=99.0b
[  480.546044][ T1210] usb 6-1: New USB device strings: Mfr=1, Product=228, SerialNumber=2
[  480.584390][ T1210] usb 6-1: Product: syz
[  480.588641][ T1210] usb 6-1: Manufacturer: syz
[  480.615224][ T1210] usb 6-1: SerialNumber: syz
[  480.672621][ T1210] usb 6-1: config 0 descriptor??
[  482.892226][ T1210] usb 6-1: selecting invalid altsetting 0
[  483.689381][ T9294] netlink: 'syz.1.856': attribute type 32 has an invalid length.
[  484.717410][    T9] usb 6-1: USB disconnect, device number 3
[  486.102879][ T9300] Bluetooth: hci1: Opcode 0x0c1a failed: -4
[  486.161639][ T9300] Bluetooth: hci0: Opcode 0x0c1a failed: -4
[  486.207187][ T9300] Bluetooth: hci2: Opcode 0x0c1a failed: -4
[  486.289073][ T9300] Bluetooth: hci4: Opcode 0x0c1a failed: -4
[  486.312725][ T9300] Bluetooth: hci5: Opcode 0x0c1a failed: -4
[  486.325892][ T9324] FAULT_INJECTION: forcing a failure.
[  486.325892][ T9324] name fail_usercopy, interval 1, probability 0, space 0, times 1
[  486.353974][ T9300] Bluetooth: hci6: Opcode 0x0c1a failed: -4
[  486.378224][ T1210] kernel write not supported for file /124/sched (pid: 1210 comm: kworker/1:2)
[  486.388069][ T9324] CPU: 0 UID: 0 PID: 9324 Comm: syz.6.863 Not tainted 6.16.0-syzkaller #0 PREEMPT(full) 
[  486.388095][ T9324] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 07/12/2025
[  486.388106][ T9324] Call Trace:
[  486.388113][ T9324]  <TASK>
[  486.388122][ T9324]  dump_stack_lvl+0x189/0x250
[  486.388151][ T9324]  ? __pfx____ratelimit+0x10/0x10
[  486.388175][ T9324]  ? __pfx_dump_stack_lvl+0x10/0x10
[  486.388197][ T9324]  ? __pfx__printk+0x10/0x10
[  486.388231][ T9324]  ? __might_fault+0xb0/0x130
[  486.388265][ T9324]  should_fail_ex+0x414/0x560
[  486.388303][ T9324]  _copy_from_user+0x2d/0xb0
[  486.388330][ T9324]  ___sys_sendmsg+0x158/0x2a0
[  486.388365][ T9324]  ? __pfx____sys_sendmsg+0x10/0x10
[  486.388439][ T9324]  ? __fget_files+0x2a/0x420
[  486.388462][ T9324]  ? __fget_files+0x3a0/0x420
[  486.388498][ T9324]  __sys_sendmmsg+0x227/0x430
[  486.388532][ T9324]  ? __pfx___sys_sendmmsg+0x10/0x10
[  486.388561][ T9324]  ? __mutex_unlock_slowpath+0x1cd/0x700
[  486.388616][ T9324]  ? ksys_write+0x22a/0x250
[  486.388640][ T9324]  ? __pfx_ksys_write+0x10/0x10
[  486.388656][ T9324]  ? rcu_is_watching+0x15/0xb0
[  486.388685][ T9324]  __x64_sys_sendmmsg+0xa0/0xc0
[  486.388715][ T9324]  do_syscall_64+0xfa/0x3b0
[  486.388734][ T9324]  ? lockdep_hardirqs_on+0x9c/0x150
[  486.388754][ T9324]  ? entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  486.388773][ T9324]  ? clear_bhb_loop+0x60/0xb0
[  486.388796][ T9324]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  486.388814][ T9324] RIP: 0033:0x7f67dad8ebe9
[  486.388832][ T9324] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[  486.388849][ T9324] RSP: 002b:00007f67dbc09038 EFLAGS: 00000246 ORIG_RAX: 0000000000000133
[  486.388870][ T9324] RAX: ffffffffffffffda RBX: 00007f67dafb5fa0 RCX: 00007f67dad8ebe9
[  486.388885][ T9324] RDX: 0000000000000001 RSI: 0000200000002d80 RDI: 0000000000000003
[  486.388898][ T9324] RBP: 00007f67dbc09090 R08: 0000000000000000 R09: 0000000000000000
[  486.388910][ T9324] R10: 0000000004040814 R11: 0000000000000246 R12: 0000000000000001
[  486.388923][ T9324] R13: 00007f67dafb6038 R14: 00007f67dafb5fa0 R15: 00007ffee1f04568
[  486.388956][ T9324]  </TASK>
[  486.604265][    C0] vkms_vblank_simulate: vblank timer overrun
[  488.189891][ T5857] Bluetooth: hci1: command 0x0406 tx timeout
[  488.248978][ T5857] Bluetooth: hci2: command 0x0406 tx timeout
[  488.255250][ T5857] Bluetooth: hci0: command 0x0406 tx timeout
[  488.345440][ T5857] Bluetooth: hci4: command 0x0406 tx timeout
[  488.629298][ T5841] Bluetooth: hci5: command 0x0405 tx timeout
[  488.635570][ T5841] Bluetooth: hci6: command 0x0405 tx timeout
[  488.776111][ T9352] netlink: 104 bytes leftover after parsing attributes in process `syz.0.871'.
[  489.899477][ T1210] usb 7-1: new high-speed USB device number 2 using dummy_hcd
[  490.175847][ T1210] usb 7-1: config 0 interface 0 altsetting 251 endpoint 0x9 has invalid wMaxPacketSize 0
[  490.356478][ T1210] usb 7-1: config 0 interface 0 has no altsetting 0
[  490.600768][ T1210] usb 7-1: New USB device found, idVendor=045e, idProduct=0283, bcdDevice=99.0b
[  490.610098][ T1210] usb 7-1: New USB device strings: Mfr=1, Product=228, SerialNumber=2
[  490.618439][ T1210] usb 7-1: Product: syz
[  490.622823][ T1210] usb 7-1: Manufacturer: syz
[  490.627526][ T1210] usb 7-1: SerialNumber: syz
[  490.637940][ T1210] usb 7-1: config 0 descriptor??
[  490.649534][ T1210] usb 7-1: selecting invalid altsetting 0
[  492.970169][ T1218] usb 7-1: USB disconnect, device number 2
[  493.618094][ T9400] netlink: 28 bytes leftover after parsing attributes in process `syz.6.881'.
[  496.527216][ T9404] netlink: 24 bytes leftover after parsing attributes in process `syz.6.883'.
[  496.875411][ T9418] netlink: 'syz.0.887': attribute type 32 has an invalid length.
[  498.229440][ T9427] netlink: 80 bytes leftover after parsing attributes in process `syz.0.890'.
[  498.250914][ T9426] netdevsim netdevsim6 netdevsim0: set [0, 0] type 1 family 0 port 8472 - 0
[  498.259900][ T9426] netdevsim netdevsim6 netdevsim1: set [0, 0] type 1 family 0 port 8472 - 0
[  498.268695][ T9426] netdevsim netdevsim6 netdevsim2: set [0, 0] type 1 family 0 port 8472 - 0
[  498.277496][ T9426] netdevsim netdevsim6 netdevsim3: set [0, 0] type 1 family 0 port 8472 - 0
[  498.286402][ T9427] netlink: 'syz.0.890': attribute type 3 has an invalid length.
[  498.289891][ T9428] openvswitch: netlink: Flow actions may not be safe on all matching packets.
[  500.335018][ T9452] netlink: 'syz.4.898': attribute type 4 has an invalid length.
[  501.217971][ T9462] netlink: 36 bytes leftover after parsing attributes in process `syz.6.893'.
[  501.258370][ T9452] syz.4.898: vmalloc error: size 69206016, failed to allocated page array size 135168, mode:0x400dc2(GFP_KERNEL_ACCOUNT|__GFP_HIGHMEM|__GFP_ZERO), nodemask=(null),cpuset=/,mems_allowed=0-1
[  501.305270][ T9452] CPU: 0 UID: 0 PID: 9452 Comm: syz.4.898 Not tainted 6.16.0-syzkaller #0 PREEMPT(full) 
[  501.305301][ T9452] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 07/12/2025
[  501.305313][ T9452] Call Trace:
[  501.305323][ T9452]  <TASK>
[  501.305332][ T9452]  dump_stack_lvl+0x189/0x250
[  501.305368][ T9452]  ? __pfx_dump_stack_lvl+0x10/0x10
[  501.305394][ T9452]  ? __pfx__printk+0x10/0x10
[  501.305433][ T9452]  ? cpuset_print_current_mems_allowed+0x1f/0x360
[  501.305459][ T9452]  ? cpuset_print_current_mems_allowed+0x1f/0x360
[  501.305487][ T9452]  ? cpuset_print_current_mems_allowed+0x2ee/0x360
[  501.305517][ T9452]  warn_alloc+0x214/0x310
[  501.305547][ T9452]  ? __pfx_warn_alloc+0x10/0x10
[  501.305578][ T9452]  ? __get_vm_area_node+0x28f/0x300
[  501.305600][ T9452]  ? nf_tables_newset+0x132b/0x2530
[  501.305634][ T9452]  __vmalloc_node_range_noprof+0x67e/0x12f0
[  501.305687][ T9452]  ? nft_hash_estimate+0x102/0x260
[  501.305715][ T9452]  ? __pfx___vmalloc_node_range_noprof+0x10/0x10
[  501.305750][ T9452]  ? rcu_is_watching+0x15/0xb0
[  501.305774][ T9452]  ? nf_tables_newset+0x132b/0x2530
[  501.305802][ T9452]  ? nf_tables_newset+0x132b/0x2530
[  501.305831][ T9452]  __kvmalloc_node_noprof+0x3b8/0x5f0
[  501.305854][ T9452]  ? nf_tables_newset+0x132b/0x2530
[  501.305887][ T9452]  ? nft_table_lookup+0x211/0x230
[  501.305903][ T9452]  ? nft_set_lookup+0x128/0x150
[  501.305922][ T9452]  ? nft_hash_privsize+0xf/0xf0
[  501.305950][ T9452]  nf_tables_newset+0x132b/0x2530
[  501.305993][ T9452]  ? __pfx_nf_tables_newset+0x10/0x10
[  501.306046][ T9452]  ? __nla_parse+0x40/0x60
[  501.306075][ T9452]  nfnetlink_rcv+0x112f/0x2520
[  501.306133][ T9452]  ? __pfx_nfnetlink_rcv+0x10/0x10
[  501.306166][ T9452]  ? __lock_acquire+0xab9/0xd20
[  501.306238][ T9452]  ? netlink_deliver_tap+0x2e/0x1b0
[  501.306266][ T9452]  ? netlink_deliver_tap+0x2e/0x1b0
[  501.306300][ T9452]  netlink_unicast+0x75c/0x8e0
[  501.306339][ T9452]  netlink_sendmsg+0x805/0xb30
[  501.306380][ T9452]  ? __pfx_netlink_sendmsg+0x10/0x10
[  501.306426][ T9452]  ? bpf_lsm_socket_sendmsg+0x9/0x20
[  501.306446][ T9452]  ? __pfx_netlink_sendmsg+0x10/0x10
[  501.306477][ T9452]  __sock_sendmsg+0x21c/0x270
[  501.306508][ T9452]  ____sys_sendmsg+0x505/0x830
[  501.306545][ T9452]  ? __pfx_____sys_sendmsg+0x10/0x10
[  501.306595][ T9452]  ? import_iovec+0x74/0xa0
[  501.306628][ T9452]  ___sys_sendmsg+0x21f/0x2a0
[  501.306663][ T9452]  ? __pfx____sys_sendmsg+0x10/0x10
[  501.306744][ T9452]  ? __fget_files+0x2a/0x420
[  501.306767][ T9452]  ? __fget_files+0x3a0/0x420
[  501.306803][ T9452]  __x64_sys_sendmsg+0x19b/0x260
[  501.306838][ T9452]  ? __pfx___x64_sys_sendmsg+0x10/0x10
[  501.306885][ T9452]  ? rcu_is_watching+0x15/0xb0
[  501.306912][ T9452]  ? do_syscall_64+0xbe/0x3b0
[  501.306940][ T9452]  do_syscall_64+0xfa/0x3b0
[  501.306961][ T9452]  ? lockdep_hardirqs_on+0x9c/0x150
[  501.306983][ T9452]  ? entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  501.307003][ T9452]  ? clear_bhb_loop+0x60/0xb0
[  501.307029][ T9452]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  501.307049][ T9452] RIP: 0033:0x7fe53018ebe9
[  501.307069][ T9452] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[  501.307085][ T9452] RSP: 002b:00007fe52e3f6038 EFLAGS: 00000246 ORIG_RAX: 000000000000002e
[  501.307108][ T9452] RAX: ffffffffffffffda RBX: 00007fe5303b5fa0 RCX: 00007fe53018ebe9
[  501.307133][ T9452] RDX: 0000000000000000 RSI: 00002000000000c0 RDI: 0000000000000008
[  501.307146][ T9452] RBP: 00007fe530211e19 R08: 0000000000000000 R09: 0000000000000000
[  501.307158][ T9452] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000
[  501.307169][ T9452] R13: 00007fe5303b6038 R14: 00007fe5303b5fa0 R15: 00007ffda2868848
[  501.307204][ T9452]  </TASK>
[  501.307237][ T9452] Mem-Info:
[  501.684233][ T5931] usb 2-1: new high-speed USB device number 14 using dummy_hcd
[  501.708228][ T9452] active_anon:3147 inactive_anon:9437 isolated_anon:0
[  501.708228][ T9452]  active_file:13970 inactive_file:40927 isolated_file:0
[  501.708228][ T9452]  unevictable:768 dirty:146 writeback:0
[  501.708228][ T9452]  slab_reclaimable:10672 slab_unreclaimable:101227
[  501.708228][ T9452]  mapped:43693 shmem:9986 pagetables:1027
[  501.708228][ T9452]  sec_pagetables:0 bounce:0
[  501.708228][ T9452]  kernel_misc_reclaimable:0
[  501.708228][ T9452]  free:1284461 free_pcp:20203 free_cma:0
[  501.754042][    C0] vkms_vblank_simulate: vblank timer overrun
[  501.761932][ T9452] Node 0 active_anon:12588kB inactive_anon:37648kB active_file:55680kB inactive_file:163708kB unevictable:1536kB isolated(anon):0kB isolated(file):0kB mapped:174772kB dirty:584kB writeback:0kB shmem:38408kB shmem_thp:0kB shmem_pmdmapped:0kB anon_thp:0kB writeback_tmp:0kB kernel_stack:11732kB pagetables:4052kB sec_pagetables:0kB all_unreclaimable? no Balloon:0kB
[  501.795787][    C0] vkms_vblank_simulate: vblank timer overrun
[  501.835902][ T1301] ieee802154 phy1 wpan1: encryption failed: -22
[  501.866993][ T9467] netlink: 'syz.0.900': attribute type 32 has an invalid length.
[  501.875841][ T9452] Node 1 active_anon:0kB inactive_anon:0kB active_file:200kB inactive_file:0kB unevictable:1536kB isolated(anon):0kB isolated(file):0kB mapped:0kB dirty:0kB writeback:0kB shmem:1536kB shmem_thp:0kB shmem_pmdmapped:0kB anon_thp:0kB writeback_tmp:0kB kernel_stack:48kB pagetables:156kB sec_pagetables:0kB all_unreclaimable? no Balloon:0kB
[  501.907496][    C0] vkms_vblank_simulate: vblank timer overrun
[  501.959751][ T9452] Node 0 DMA free:15360kB boost:0kB min:204kB low:252kB high:300kB reserved_highatomic:0KB free_highatomic:0KB active_anon:0kB inactive_anon:0kB active_file:0kB inactive_file:0kB unevictable:0kB writepending:0kB present:15992kB managed:15360kB mlocked:0kB bounce:0kB free_pcp:0kB local_pcp:0kB free_cma:0kB
[  502.066542][ T9452] lowmem_reserve[]: 0 2500 2502 2502 2502
[  502.094668][ T9452] Node 0 DMA32 free:1230904kB boost:0kB min:34264kB low:42828kB high:51392kB reserved_highatomic:0KB free_highatomic:0KB active_anon:12584kB inactive_anon:46904kB active_file:53920kB inactive_file:163640kB unevictable:1536kB writepending:684kB present:3129332kB managed:2560996kB mlocked:0kB bounce:0kB free_pcp:43400kB local_pcp:11024kB free_cma:0kB
[  502.132784][ T5931] usb 2-1: Using ep0 maxpacket: 8
[  502.164135][ T5931] usb 2-1: config 16 interface 0 altsetting 0 endpoint 0x5 has invalid wMaxPacketSize 0
[  502.174045][ T5931] usb 2-1: config 16 interface 0 altsetting 0 bulk endpoint 0x5 has invalid maxpacket 0
[  502.189204][ T5931] usb 2-1: config 16 interface 0 altsetting 0 bulk endpoint 0x8B has invalid maxpacket 32
[  502.196049][ T9452] lowmem_reserve[]:
[  502.202446][ T5931] usb 2-1: config 16 interface 0 altsetting 0 has 2 endpoint descriptors, different from the interface descriptor's value: 3
[  502.207962][ T9464] delete_channel: no stack
[  502.221612][ T5931] usb 2-1: New USB device found, idVendor=ee8d, idProduct=db1a, bcdDevice=61.23
[  502.221642][ T5931] usb 2-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  502.225182][ T9452]  0 0 1 1 1
[  502.323119][ T9452] Node 0 Normal free:20kB boost:0kB min:24kB low:28kB high:32kB reserved_highatomic:0KB free_highatomic:0KB active_anon:4kB inactive_anon:44kB active_file:1760kB inactive_file:68kB unevictable:0kB writepending:0kB present:1048580kB managed:1904kB mlocked:0kB bounce:0kB free_pcp:8kB local_pcp:0kB free_cma:0kB
[  502.389073][ T9452] lowmem_reserve[]: 0 0 0 0 0
[  502.537647][ T9452] Node 1 Normal free:3891048kB boost:0kB min:55612kB low:69512kB high:83412kB reserved_highatomic:0KB free_highatomic:0KB active_anon:0kB inactive_anon:0kB active_file:200kB inactive_file:0kB unevictable:1536kB writepending:0kB present:4194300kB managed:4111164kB mlocked:0kB bounce:0kB free_pcp:28284kB local_pcp:12136kB free_cma:0kB
[  502.897724][ T9452] lowmem_reserve[]: 0 0 0 0 0
[  502.926002][ T9452] Node 0 DMA: 0*4kB 0*8kB 0*16kB 0*32kB 0*64kB 0*128kB 0*256kB 0*512kB 1*1024kB (U) 1*2048kB (M) 3*4096kB (M) = 15360kB
[  502.974529][ T5931] usb 2-1: usb_control_msg returned -71
[  502.980281][ T5931] usbtmc 2-1:16.0: can't read capabilities
[  502.991895][ T5931] usb 2-1: USB disconnect, device number 14
[  503.008583][ T9452] Node 0 DMA32: 8*4kB (UME) 7*8kB (UE) 8*16kB (UE) 6*32kB (UME) 177*64kB (UME) 74*128kB (UM) 40*256kB (UM) 26*512kB (UME) 26*1024kB (UME) 5*2048kB (ME) 280*4096kB (M) = 1228504kB
[  503.030522][ T9452] Node 0 Normal: 1*4kB (M) 0*8kB 1*16kB (M) 0*32kB 0*64kB 0*128kB 0*256kB 0*512kB 0*1024kB 0*2048kB 0*4096kB = 20kB
[  503.043459][ T9452] Node 1 Normal: 208*4kB (UE) 41*8kB (UME) 44*16kB (UME) 77*32kB (UME) 38*64kB (UME) 10*128kB (UME) 4*256kB (ME) 2*512kB (M) 2*1024kB (ME) 2*2048kB (UE) 946*4096kB (M) = 3891048kB
[  503.072747][ T9452] Node 0 hugepages_total=0 hugepages_free=0 hugepages_surp=0 hugepages_size=1048576kB
[  503.097287][ T9452] Node 0 hugepages_total=4 hugepages_free=4 hugepages_surp=0 hugepages_size=2048kB
[  503.115411][ T9452] Node 1 hugepages_total=0 hugepages_free=0 hugepages_surp=0 hugepages_size=1048576kB
[  503.136752][ T9452] Node 1 hugepages_total=0 hugepages_free=0 hugepages_surp=0 hugepages_size=2048kB
[  503.719803][ T9480] batman_adv: batadv0: adding TT local entry aa:aa:aa:aa:aa:2a to non-existent VLAN 1340
[  503.734858][ T9452] 63829 total pagecache pages
[  503.740573][ T9452] 0 pages in swap cache
[  503.746979][ T9452] Free swap  = 124996kB
[  503.751815][ T9452] Total swap = 124996kB
[  503.756044][ T9452] 2097051 pages RAM
[  503.823509][ T9452] 0 pages HighMem/MovableOnly
[  503.828264][ T9452] 424695 pages reserved
[  503.886141][ T9452] 0 pages cma reserved
[  504.163321][ T7772] usb 6-1: new high-speed USB device number 4 using dummy_hcd
[  504.330558][ T7772] usb 6-1: device descriptor read/64, error -71
[  504.609620][ T7772] usb 6-1: new high-speed USB device number 5 using dummy_hcd
[  504.833731][ T7772] usb 6-1: device descriptor read/64, error -71
[  505.016200][ T7772] usb usb6-port1: attempt power cycle
[  505.827192][ T7772] usb 6-1: new high-speed USB device number 6 using dummy_hcd
[  506.045837][ T7772] usb 6-1: device descriptor read/8, error -71
[  506.951124][ T7772] usb 6-1: new high-speed USB device number 7 using dummy_hcd
[  507.295853][ T7772] usb 6-1: device not accepting address 7, error -71
[  507.366519][ T7772] usb usb6-port1: unable to enumerate USB device
[  507.429256][ T1210] usb 7-1: new high-speed USB device number 3 using dummy_hcd
[  507.755982][ T1210] usb 7-1: config 0 interface 0 altsetting 251 endpoint 0x9 has invalid wMaxPacketSize 0
[  507.839373][ T1210] usb 7-1: config 0 interface 0 has no altsetting 0
[  507.884492][ T1210] usb 7-1: New USB device found, idVendor=045e, idProduct=0283, bcdDevice=99.0b
[  507.901225][ T9520] netlink: 'syz.0.913': attribute type 32 has an invalid length.
[  507.961123][ T1210] usb 7-1: New USB device strings: Mfr=1, Product=228, SerialNumber=2
[  508.385863][ T9519] syz.4.914: attempt to access beyond end of device
[  508.385863][ T9519] loop9: rw=2048, sector=0, nr_sectors = 8 limit=0
[  508.399096][ T9519] SQUASHFS error: Failed to read block 0x0: -5
[  508.425616][ T1210] usb 7-1: Product: syz
[  508.430883][ T1210] usb 7-1: Manufacturer: syz
[  508.435618][ T1210] usb 7-1: SerialNumber: syz
[  508.472001][ T1210] usb 7-1: config 0 descriptor??
[  508.693907][ T9523] binder: 9516:9523 ioctl 4018620d 0 returned -22
[  509.221413][ T1210] usb 7-1: selecting invalid altsetting 0
[  509.689680][ T1210] usb 7-1: USB disconnect, device number 3
[  510.473993][ T9536] netlink: 'syz.6.916': attribute type 6 has an invalid length.
[  510.639612][ T9536] netlink: 24 bytes leftover after parsing attributes in process `syz.6.916'.
[  511.105287][   T30] kauditd_printk_skb: 14 callbacks suppressed
[  511.106135][   T30] audit: type=1326 audit(1755901119.153:195): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=9532 comm="syz.6.916" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f67dad8ebe9 code=0x7ffc0000
[  511.271665][ T9544] syz.5.920: attempt to access beyond end of device
[  511.271665][ T9544] loop11: rw=2048, sector=0, nr_sectors = 8 limit=0
[  511.284861][ T9544] SQUASHFS error: Failed to read block 0x0: -5
[  511.759751][ T9548] binder: 9543:9548 ioctl 4018620d 0 returned -22
[  511.768476][   T30] audit: type=1326 audit(1755901119.153:196): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=9532 comm="syz.6.916" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f67dad8ebe9 code=0x7ffc0000
[  512.355295][ T9552] netlink: 64 bytes leftover after parsing attributes in process `syz.5.921'.
[  512.391458][ T9554] netlink: 68 bytes leftover after parsing attributes in process `syz.0.923'.
[  512.419550][ T9554] netlink: 12 bytes leftover after parsing attributes in process `syz.0.923'.
[  512.434605][ T9554] netlink: 20 bytes leftover after parsing attributes in process `syz.0.923'.
[  516.023201][ T9582] syz.4.932: attempt to access beyond end of device
[  516.023201][ T9582] loop9: rw=2048, sector=0, nr_sectors = 8 limit=0
[  516.037266][ T9582] SQUASHFS error: Failed to read block 0x0: -5
[  516.199499][ T1218] usb 7-1: new high-speed USB device number 4 using dummy_hcd
[  516.489598][ T1218] usb 7-1: Using ep0 maxpacket: 16
[  516.632159][ T1218] usb 7-1: New USB device found, idVendor=06be, idProduct=a232, bcdDevice=33.f3
[  516.646471][ T9585] binder: 9581:9585 ioctl 4018620d 0 returned -22
[  516.711030][ T1218] usb 7-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  516.840871][ T1218] usb 7-1: Product: syz
[  516.845222][ T1218] usb 7-1: Manufacturer: syz
[  516.858450][ T1218] usb 7-1: SerialNumber: syz
[  516.866401][ T1218] usb 7-1: config 0 descriptor??
[  516.926872][ T9591] netlink: 'syz.0.934': attribute type 32 has an invalid length.
[  517.096340][ T1218] dvb-usb: found a 'AME DTV-5100 USB2.0 DVB-T' in warm state.
[  517.123100][ T1218] dvb-usb: will pass the complete MPEG2 transport stream to the software demuxer.
[  517.171725][ T1218] dvbdev: DVB: registering new adapter (AME DTV-5100 USB2.0 DVB-T)
[  517.208555][ T1218] usb 7-1: media controller created
[  518.019636][ T9599] netlink: 'syz.4.935': attribute type 6 has an invalid length.
[  518.115365][ T9599] netlink: 24 bytes leftover after parsing attributes in process `syz.4.935'.
[  518.259776][ T9602] workqueue: Failed to create a rescuer kthread for wq "nfc2_nci_rx_wq": -EINTR
[  518.471149][ T1218] dvbdev: dvb_create_media_entity: media entity 'dvb-demux' registered.
[  518.542472][   T30] audit: type=1326 audit(1755901126.603:197): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=9592 comm="syz.4.935" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fe53018ebe9 code=0x7ffc0000
[  518.701713][   T30] audit: type=1326 audit(1755901126.623:198): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=9592 comm="syz.4.935" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fe53018ebe9 code=0x7ffc0000
[  518.703639][ T1218] zl10353_read_register: readreg error (reg=127, ret==0)
[  518.723178][    C1] vkms_vblank_simulate: vblank timer overrun
[  518.799080][ T9610] netlink: 12 bytes leftover after parsing attributes in process `syz.6.937'.
[  518.921496][   T30] audit: type=1326 audit(1755901126.643:199): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=9592 comm="syz.4.935" exe="/root/syz-executor" sig=0 arch=c000003e syscall=162 compat=0 ip=0x7fe53018ebe9 code=0x7ffc0000
[  518.948694][ T1218] dvb-usb: no frontend was attached by 'AME DTV-5100 USB2.0 DVB-T'
[  519.063196][ T1218] dvb-usb: AME DTV-5100 USB2.0 DVB-T successfully initialized and connected.
[  519.506023][   T30] audit: type=1326 audit(1755901126.963:200): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=9592 comm="syz.4.935" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fe53018ebe9 code=0x7ffc0000
[  519.539782][ T1218] usb 7-1: USB disconnect, device number 4
[  519.849734][   T30] audit: type=1326 audit(1755901126.973:201): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=9592 comm="syz.4.935" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fe53018ebe9 code=0x7ffc0000
[  519.867956][ T1218] dvb-usb: AME DTV-5100 USB2.0 DVB-T successfully deinitialized and disconnected.
[  520.741620][ T9633] syz.5.945: attempt to access beyond end of device
[  520.741620][ T9633] loop11: rw=2048, sector=0, nr_sectors = 8 limit=0
[  520.754824][ T9633] SQUASHFS error: Failed to read block 0x0: -5
[  520.938901][ T9636] binder: 9632:9636 ioctl 4018620d 0 returned -22
[  522.762896][ T5857] Bluetooth: hci6: command 0x0405 tx timeout
[  522.795113][ T9620] Bluetooth: hci1: Opcode 0x0c1a failed: -110
[  522.809253][ T5857] Bluetooth: hci1: command 0x0406 tx timeout
[  523.075500][ T9649] mmap: syz.0.950 (9649): VmData 37728256 exceed data ulimit 7. Update limits or use boot option ignore_rlimit_data.
[  523.154776][ T9620] Bluetooth: hci0: Opcode 0x0c1a failed: -4
[  523.167242][ T9620] Bluetooth: hci2: Opcode 0x0c1a failed: -4
[  523.212979][ T9620] Bluetooth: hci4: Opcode 0x0c1a failed: -4
[  523.224711][ T9620] Bluetooth: hci5: Opcode 0x0c1a failed: -4
[  523.238357][ T9620] Bluetooth: hci6: Opcode 0x0c1a failed: -4
[  523.499246][ T5914] usb 2-1: new high-speed USB device number 15 using dummy_hcd
[  523.708849][ T9656] netlink: 4 bytes leftover after parsing attributes in process `syz.6.951'.
[  523.720738][ T9656] MTD: Attempt to mount non-MTD device "/dev/nullb0"
[  523.728754][ T9656] /dev/nullb0: Can't open blockdev
[  525.159485][ T5857] Bluetooth: hci0: command 0x0406 tx timeout
[  525.200116][ T5841] Bluetooth: hci2: command 0x0406 tx timeout
[  525.892232][ T5857] Bluetooth: hci6: command 0x0405 tx timeout
[  525.898418][ T5857] Bluetooth: hci5: command 0x0405 tx timeout
[  525.904911][ T5156] Bluetooth: hci4: command 0x0406 tx timeout
[  528.199331][ T5914] usb 7-1: new high-speed USB device number 5 using dummy_hcd
[  528.641439][ T9682] syz.1.958: attempt to access beyond end of device
[  528.641439][ T9682] loop3: rw=2048, sector=0, nr_sectors = 8 limit=0
[  528.654682][ T9682] SQUASHFS error: Failed to read block 0x0: -5
[  528.834947][ T9683] binder: 9681:9683 ioctl 4018620d 0 returned -22
[  529.121208][ T5914] usb 7-1: Using ep0 maxpacket: 32
[  529.153988][ T5914] usb 7-1: unable to get BOS descriptor or descriptor too short
[  529.202153][ T5914] usb 7-1: config 2 has an invalid interface number: 189 but max is 0
[  529.277438][ T5914] usb 7-1: config 2 has no interface number 0
[  529.319351][ T5914] usb 7-1: config 2 interface 189 altsetting 11 has an invalid endpoint descriptor of length 3, skipping
[  530.273189][ T5914] usb 7-1: config 2 interface 189 has no altsetting 0
[  530.286282][ T5914] usb 7-1: string descriptor 0 read error: -71
[  530.292770][ T5914] usb 7-1: New USB device found, idVendor=041e, idProduct=3f19, bcdDevice=9b.52
[  530.302006][ T5914] usb 7-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  530.330385][ T5914] usb 7-1: can't set config #2, error -71
[  530.338138][ T5914] usb 7-1: USB disconnect, device number 5
[  531.321849][ T9691] Bluetooth: hci1: Opcode 0x0c1a failed: -4
[  531.380217][ T9691] Bluetooth: hci0: Opcode 0x0c1a failed: -4
[  531.410323][ T9691] Bluetooth: hci2: Opcode 0x0c1a failed: -4
[  531.453230][ T9691] Bluetooth: hci4: Opcode 0x0c1a failed: -4
[  531.470926][ T9691] Bluetooth: hci5: Opcode 0x0c1a failed: -4
[  531.509559][ T9691] Bluetooth: hci6: Opcode 0x0c1a failed: -4
[  531.989823][ T5983] usb 2-1: new high-speed USB device number 16 using dummy_hcd
[  532.759071][ T9708] evm: overlay not supported
[  532.869336][ T9668] Bluetooth: hci1: command 0x0406 tx timeout
[  533.092913][ T5983] usb 2-1: config 0 interface 0 altsetting 251 endpoint 0x9 has invalid wMaxPacketSize 0
[  533.103159][ T5983] usb 2-1: config 0 interface 0 has no altsetting 0
[  533.114220][ T5983] usb 2-1: New USB device found, idVendor=045e, idProduct=0283, bcdDevice=99.0b
[  533.209302][ T5983] usb 2-1: New USB device strings: Mfr=1, Product=228, SerialNumber=2
[  533.221347][ T5983] usb 2-1: Product: syz
[  533.229318][ T5983] usb 2-1: Manufacturer: syz
[  533.235698][ T5983] usb 2-1: SerialNumber: syz
[  533.271406][ T5983] usb 2-1: config 0 descriptor??
[  533.405629][ T5983] usb 2-1: selecting invalid altsetting 0
[  533.429327][ T9668] Bluetooth: hci2: command 0x0406 tx timeout
[  533.429567][ T5844] Bluetooth: hci0: command 0x0406 tx timeout
[  533.512887][ T5844] Bluetooth: hci5: command 0x0405 tx timeout
[  533.519487][ T9668] Bluetooth: hci4: command 0x0406 tx timeout
[  533.589283][ T9668] Bluetooth: hci6: command 0x0405 tx timeout
[  535.827168][ T5829] usb 2-1: USB disconnect, device number 16
[  537.843242][ T9747] netlink: 12 bytes leftover after parsing attributes in process `syz.6.976'.
[  537.873391][ T9749] netlink: 12 bytes leftover after parsing attributes in process `syz.6.976'.
[  540.130919][ T9770] netlink: 4 bytes leftover after parsing attributes in process `syz.6.982'.
[  540.474393][    T9] usb 7-1: new high-speed USB device number 6 using dummy_hcd
[  542.379267][    T9] usb 7-1: Using ep0 maxpacket: 8
[  542.392792][    T9] usb 7-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config
[  542.428892][    T9] usb 7-1: New USB device found, idVendor=0421, idProduct=798f, bcdDevice=86.54
[  542.449527][    T9] usb 7-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  542.479229][    T9] usb 7-1: Product: syz
[  542.483477][    T9] usb 7-1: Manufacturer: syz
[  542.488117][    T9] usb 7-1: SerialNumber: syz
[  542.531023][    T9] usb 7-1: config 0 descriptor??
[  542.575639][    T9] cdc_phonet 7-1:0.0: probe with driver cdc_phonet failed with error -22
[  542.754043][    T9] usb 7-1: USB disconnect, device number 6
[  547.490036][    T9] usb 7-1: new high-speed USB device number 7 using dummy_hcd
[  547.517466][ T9842] x_tables: arp_tables: CLASSIFY target: used from hooks INPUT, but only usable from FORWARD/OUTPUT
[  547.929510][    T9] usb 7-1: Using ep0 maxpacket: 32
[  548.199572][    T9] usb 7-1: config 0 interface 0 altsetting 0 has an endpoint descriptor with address 0xA6, changing to 0x86
[  548.232265][    T9] usb 7-1: config 0 interface 0 altsetting 0 endpoint 0x86 has an invalid bInterval 0, changing to 7
[  548.276440][    T9] usb 7-1: config 0 interface 0 altsetting 0 endpoint 0x86 has invalid wMaxPacketSize 0
[  548.409234][    T9] usb 7-1: config 0 interface 0 altsetting 0 endpoint 0x7 has an invalid bInterval 255, changing to 11
[  548.429466][    T9] usb 7-1: config 0 interface 0 altsetting 0 endpoint 0x7 has invalid maxpacket 59391, setting to 1024
[  548.466646][    T9] usb 7-1: New USB device found, idVendor=05ef, idProduct=020a, bcdDevice=91.36
[  548.503235][    T9] usb 7-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  548.517943][    T9] usb 7-1: Product: syz
[  548.524662][    T9] usb 7-1: Manufacturer: syz
[  548.536835][    T9] usb 7-1: SerialNumber: syz
[  548.584786][    T9] usb 7-1: config 0 descriptor??
[  549.085369][ T9835] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy
[  549.222182][ T9835] misc raw-gadget: fail, usb_gadget_register_driver returned -16
[  549.556282][    T9] iforce 7-1:0.0: usb_submit_urb failed: -32
[  549.573010][    T9] iforce 7-1:0.0: usb_submit_urb failed: -32
[  549.573710][ T9835] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy
[  549.635278][ T9835] misc raw-gadget: fail, usb_gadget_register_driver returned -16
[  550.351659][    T9] iforce 7-1:0.0: usb_submit_urb failed: -71
[  550.358202][    T9] iforce 7-1:0.0: usb_submit_urb failed: -71
[  550.376040][    T9] iforce 7-1:0.0: usb_submit_urb failed: -71
[  550.383206][    T9] iforce 7-1:0.0: usb_submit_urb failed: -71
[  550.404902][    T9] iforce 7-1:0.0: usb_submit_urb failed: -71
[  550.411706][    T9] iforce 7-1:0.0: usb_submit_urb failed: -71
[  550.426815][    T9] iforce 7-1:0.0: usb_submit_urb failed: -71
[  550.433506][    T9] iforce 7-1:0.0: usb_submit_urb failed: -71
[  550.460774][    T9] iforce 7-1:0.0: usb_submit_urb failed: -71
[  550.467391][    T9] iforce 7-1:0.0: usb_submit_urb failed: -71
[  550.482482][    T9] iforce 7-1:0.0: usb_submit_urb failed: -71
[  550.500935][    T9] iforce 7-1:0.0: usb_submit_urb failed: -71
[  550.521802][    T9] iforce 7-1:0.0: usb_submit_urb failed: -71
[  550.534110][    T9] iforce 7-1:0.0: usb_submit_urb failed: -71
[  550.554952][    T9] iforce 7-1:0.0: usb_submit_urb failed: -71
[  550.572145][    T9] iforce 7-1:0.0: usb_submit_urb failed: -71
[  550.582657][    T9] iforce 7-1:0.0: usb_submit_urb failed: -71
[  550.599093][    T9] input input15: Timeout waiting for response from device.
[  550.638250][    T9] usb 7-1: USB disconnect, device number 7
[  552.895595][ T9906] sd 0:0:1:0: device reset
[  554.294252][ T9913] FAULT_INJECTION: forcing a failure.
[  554.294252][ T9913] name failslab, interval 1, probability 0, space 0, times 0
[  554.307117][ T9913] CPU: 0 UID: 0 PID: 9913 Comm: syz.6.1016 Not tainted 6.16.0-syzkaller #0 PREEMPT(full) 
[  554.307144][ T9913] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 07/12/2025
[  554.307156][ T9913] Call Trace:
[  554.307165][ T9913]  <TASK>
[  554.307174][ T9913]  dump_stack_lvl+0x189/0x250
[  554.307203][ T9913]  ? __pfx____ratelimit+0x10/0x10
[  554.307226][ T9913]  ? __pfx_dump_stack_lvl+0x10/0x10
[  554.307248][ T9913]  ? __pfx__printk+0x10/0x10
[  554.307278][ T9913]  ? __pfx___might_resched+0x10/0x10
[  554.307301][ T9913]  ? fs_reclaim_acquire+0x7d/0x100
[  554.307332][ T9913]  should_fail_ex+0x414/0x560
[  554.307359][ T9913]  should_failslab+0xa8/0x100
[  554.307382][ T9913]  __kmalloc_cache_noprof+0x70/0x3d0
[  554.307402][ T9913]  ? alloc_pipe_info+0xe9/0x4d0
[  554.307428][ T9913]  alloc_pipe_info+0xe9/0x4d0
[  554.307454][ T9913]  splice_direct_to_actor+0xa5d/0xcc0
[  554.307478][ T9913]  ? __schedule+0x16c8/0x4c90
[  554.307506][ T9913]  ? rcu_is_watching+0x15/0xb0
[  554.307533][ T9913]  ? __lock_acquire+0xab9/0xd20
[  554.307554][ T9913]  ? __pfx_direct_splice_actor+0x10/0x10
[  554.307575][ T9913]  ? __pfx_splice_direct_to_actor+0x10/0x10
[  554.307610][ T9913]  do_splice_direct+0x181/0x270
[  554.307643][ T9913]  ? __pfx_do_splice_direct+0x10/0x10
[  554.307666][ T9913]  ? __pfx_direct_file_splice_eof+0x10/0x10
[  554.307697][ T9913]  ? rw_verify_area+0x258/0x650
[  554.307732][ T9913]  do_sendfile+0x4da/0x7e0
[  554.307768][ T9913]  ? __pfx_do_sendfile+0x10/0x10
[  554.307808][ T9913]  __se_sys_sendfile64+0x13e/0x190
[  554.307836][ T9913]  ? __pfx___se_sys_sendfile64+0x10/0x10
[  554.307868][ T9913]  ? do_syscall_64+0xbe/0x3b0
[  554.307895][ T9913]  do_syscall_64+0xfa/0x3b0
[  554.307919][ T9913]  ? entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  554.307939][ T9913]  ? asm_sysvec_reschedule_ipi+0x1a/0x20
[  554.307958][ T9913]  ? clear_bhb_loop+0x60/0xb0
[  554.307983][ T9913]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  554.308002][ T9913] RIP: 0033:0x7f67dad8ebe9
[  554.308022][ T9913] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[  554.308040][ T9913] RSP: 002b:00007f67dbbc7038 EFLAGS: 00000246 ORIG_RAX: 0000000000000028
[  554.308062][ T9913] RAX: ffffffffffffffda RBX: 00007f67dafb6180 RCX: 00007f67dad8ebe9
[  554.308077][ T9913] RDX: 0000000000000000 RSI: 0000000000000007 RDI: 0000000000000007
[  554.308089][ T9913] RBP: 00007f67dbbc7090 R08: 0000000000000000 R09: 0000000000000000
[  554.308102][ T9913] R10: 0000000000000006 R11: 0000000000000246 R12: 0000000000000001
[  554.308114][ T9913] R13: 00007f67dafb6218 R14: 00007f67dafb6180 R15: 00007ffee1f04568
[  554.308148][ T9913]  </TASK>
[  558.602734][ T9900] Bluetooth: hci1: Opcode 0x0c1a failed: -4
[  558.672189][ T9900] Bluetooth: hci0: Opcode 0x0c1a failed: -4
[  558.784399][ T9900] Bluetooth: hci2: Opcode 0x0c1a failed: -4
[  558.821224][ T9900] Bluetooth: hci4: Opcode 0x0c1a failed: -4
[  558.827454][ T9900] Bluetooth: hci5: Opcode 0x0c1a failed: -4
[  558.854637][ T9900] Bluetooth: hci6: Opcode 0x0c1a failed: -4
[  558.926497][ T9934] netlink: 12 bytes leftover after parsing attributes in process `syz.6.1021'.
[  559.080555][ T9934] bridge1: port 1(veth3) entered blocking state
[  559.088412][ T9934] bridge1: port 1(veth3) entered disabled state
[  559.095370][ T9934] veth3: entered allmulticast mode
[  559.103717][ T9934] veth3: entered promiscuous mode
[  559.124659][ T9938] bridge1: port 2(veth0_to_bond) entered blocking state
[  559.137430][ T9938] bridge1: port 2(veth0_to_bond) entered disabled state
[  559.163815][ T9938] veth0_to_bond: entered allmulticast mode
[  559.178422][ T9938] veth0_to_bond: entered promiscuous mode
[  559.195961][ T9934] vlan2: entered allmulticast mode
[  559.201333][ T9934] veth1: entered allmulticast mode
[  559.206730][ T9934] bridge1: port 3(vlan2) entered blocking state
[  559.213256][ T9934] bridge1: port 3(vlan2) entered disabled state
[  559.224540][ T9934] vlan2: entered promiscuous mode
[  559.229689][ T9934] veth1: entered promiscuous mode
[  559.290127][ T9941] syz.6.1025: attempt to access beyond end of device
[  559.290127][ T9941] loop13: rw=2048, sector=0, nr_sectors = 8 limit=0
[  559.303667][ T9941] SQUASHFS error: Failed to read block 0x0: -5
[  559.522294][ T9942] binder: 9940:9942 ioctl 4018620d 0 returned -22
[  560.559506][ T9953] netlink: 'syz.5.1026': attribute type 1 has an invalid length.
[  560.567450][ T9953] IPv6: RTM_NEWROUTE with no NLM_F_CREATE or NLM_F_REPLACE
[  560.575216][ T9953] IPv6: NLM_F_CREATE should be set when creating new route
[  560.582547][ T9953] IPv6: NLM_F_CREATE should be set when creating new route
[  560.594683][ T9949] netlink: 'syz.5.1026': attribute type 1 has an invalid length.
[  560.619446][ T9949] IPv6: RTM_NEWROUTE with no NLM_F_CREATE or NLM_F_REPLACE
[  560.629948][ T5844] Bluetooth: hci1: command 0x0406 tx timeout
[  560.719599][ T5844] Bluetooth: hci0: command 0x0406 tx timeout
[  560.809239][ T5844] Bluetooth: hci2: command 0x0406 tx timeout
[  560.869531][ T5841] Bluetooth: hci4: command 0x0406 tx timeout
[  560.875952][ T5857] Bluetooth: hci5: command 0x0405 tx timeout
[  560.882643][ T5844] Bluetooth: hci6: command 0x0405 tx timeout
[  563.000184][ T9668] Bluetooth: hci6: command 0x0405 tx timeout
[  563.295412][ T1301] ieee802154 phy1 wpan1: encryption failed: -22
[  564.300911][ T9976] netlink: 'syz.5.1034': attribute type 6 has an invalid length.
[  564.314070][ T9973] netlink: 12 bytes leftover after parsing attributes in process `syz.4.1033'.
[  564.347551][ T9976] netlink: 'syz.5.1034': attribute type 83 has an invalid length.
[  564.661375][ T9983] netlink: 5 bytes leftover after parsing attributes in process `syz.1.1035'.
[  564.826310][ T9985] syz.4.1037: attempt to access beyond end of device
[  564.826310][ T9985] loop9: rw=2048, sector=0, nr_sectors = 8 limit=0
[  564.839638][ T9985] SQUASHFS error: Failed to read block 0x0: -5
[  565.215985][ T9983] openvswitch: netlink: Flow actions may not be safe on all matching packets.
[  565.298429][ T9987] binder: 9982:9987 ioctl 4018620d 0 returned -22
[  565.940350][T10000] Bluetooth: hci1: Opcode 0x0c1a failed: -4
[  565.962301][T10000] Bluetooth: hci0: Opcode 0x0c1a failed: -4
[  565.979535][T10000] Bluetooth: hci2: Opcode 0x0c1a failed: -4
[  565.992657][T10000] Bluetooth: hci4: Opcode 0x0c1a failed: -4
[  566.013161][T10000] Bluetooth: hci5: Opcode 0x0c1a failed: -4
[  566.022124][T10000] Bluetooth: hci6: Opcode 0x0c1a failed: -4
[  567.469479][   T30] audit: type=1326 audit(1755901181.465:202): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=9977 comm="syz.6.1036" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f67dad8ebe9 code=0x7fc00000
[  568.450509][ T9668] Bluetooth: hci2: command 0x0406 tx timeout
[  568.450536][ T5857] Bluetooth: hci1: command 0x0406 tx timeout
[  568.450588][ T5857] Bluetooth: hci6: command 0x0405 tx timeout
[  568.456660][ T9668] Bluetooth: hci5: command 0x0405 tx timeout
[  568.464065][ T5841] Bluetooth: hci4: command 0x0406 tx timeout
[  568.488205][ T5844] Bluetooth: hci0: command 0x0406 tx timeout
[  569.854266][T10032] xt_hashlimit: max too large, truncated to 1048576
[  570.954764][T10029] netlink: 212376 bytes leftover after parsing attributes in process `syz.1.1048'.
[  571.076011][T10041] netlink: 'syz.0.1051': attribute type 6 has an invalid length.
[  571.109636][T10041] netlink: 24 bytes leftover after parsing attributes in process `syz.0.1051'.
[  571.517005][   T30] audit: type=1326 audit(1755901185.465:203): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=10038 comm="syz.0.1051" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fa59358ebe9 code=0x7ffc0000
[  571.565872][   T30] audit: type=1326 audit(1755901185.465:204): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=10038 comm="syz.0.1051" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fa59358ebe9 code=0x7ffc0000
[  571.589318][   T30] audit: type=1326 audit(1755901185.515:205): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=10038 comm="syz.0.1051" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fa59358ebe9 code=0x7ffc0000
[  571.614605][   T30] audit: type=1326 audit(1755901185.525:206): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=10038 comm="syz.0.1051" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fa59358ebe9 code=0x7ffc0000
[  571.640300][   T30] audit: type=1326 audit(1755901185.525:207): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=10038 comm="syz.0.1051" exe="/root/syz-executor" sig=0 arch=c000003e syscall=248 compat=0 ip=0x7fa59358ebe9 code=0x7ffc0000
[  571.662255][   T30] audit: type=1326 audit(1755901185.525:208): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=10038 comm="syz.0.1051" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fa59358ebe9 code=0x7ffc0000
[  571.717080][   T30] audit: type=1326 audit(1755901185.525:209): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=10038 comm="syz.0.1051" exe="/root/syz-executor" sig=0 arch=c000003e syscall=16 compat=0 ip=0x7fa59358ebe9 code=0x7ffc0000
[  571.756085][   T30] audit: type=1326 audit(1755901185.525:210): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=10038 comm="syz.0.1051" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fa59358ebe9 code=0x7ffc0000
[  571.896972][   T30] audit: type=1326 audit(1755901185.525:211): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=10038 comm="syz.0.1051" exe="/root/syz-executor" sig=0 arch=c000003e syscall=16 compat=0 ip=0x7fa59358ebe9 code=0x7ffc0000
[  571.918634][    C0] vkms_vblank_simulate: vblank timer overrun
[  572.655963][T10054] Cannot find add_set index 0 as target
[  577.000977][T10082] xt_hashlimit: max too large, truncated to 1048576
[  579.123998][T10095] kvm_intel: set kvm_intel.dump_invalid_vmcs=1 to dump internal KVM state.
[  580.075659][T10090] input: syz1 as /devices/virtual/input/input16
[  581.289210][ T5905] usb 7-1: new high-speed USB device number 8 using dummy_hcd
[  581.579387][ T5905] usb 7-1: Using ep0 maxpacket: 8
[  581.611306][ T5905] usb 7-1: New USB device found, idVendor=0ccd, idProduct=0039, bcdDevice=90.7b
[  581.659181][ T5905] usb 7-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  581.710265][ T5905] pvrusb2: Hardware description: Terratec Grabster AV400
[  581.730086][ T5905] pvrusb2: **********
[  581.735913][ T5905] pvrusb2: ***WARNING*** Support for this device (Terratec Grabster AV400) is experimental.
[  581.783146][ T5905] pvrusb2: Important functionality might not be entirely working.
[  581.806931][ T5905] pvrusb2: Please consider contacting the driver author to help with further stabilization of the driver.
[  581.895342][ T5905] pvrusb2: **********
[  581.918539][T10114] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy
[  581.953235][T10116] bridge0: port 2(bridge_slave_1) entered disabled state
[  581.960667][T10116] bridge0: port 1(bridge_slave_0) entered disabled state
[  582.031513][T10114] misc raw-gadget: fail, usb_gadget_register_driver returned -16
[  582.104561][T10114] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy
[  582.152205][T10114] misc raw-gadget: fail, usb_gadget_register_driver returned -16
[  582.171440][T10116] bridge0: port 2(bridge_slave_1) entered blocking state
[  582.179485][T10116] bridge0: port 2(bridge_slave_1) entered forwarding state
[  582.188834][T10116] bridge0: port 1(bridge_slave_0) entered blocking state
[  582.196191][T10116] bridge0: port 1(bridge_slave_0) entered forwarding state
[  582.225073][T10117] netlink: 16 bytes leftover after parsing attributes in process `syz.0.1071'.
[  582.228821][T10116] team0: Port device bridge0 added
[  582.306093][T10114] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy
[  582.411510][T10114] misc raw-gadget: fail, usb_gadget_register_driver returned -16
[  582.429987][T10114] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy
[  582.446511][T10114] misc raw-gadget: fail, usb_gadget_register_driver returned -16
[  582.533706][T10114] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy
[  582.608881][T10114] misc raw-gadget: fail, usb_gadget_register_driver returned -16
[  582.731177][ T5905] usb 7-1: USB disconnect, device number 8
[  582.734247][ T2344] pvrusb2: Invalid write control endpoint
[  582.902554][ T2344] pvrusb2: Invalid write control endpoint
[  582.933656][ T2344] pvrusb2: ***WARNING*** Detected a wedged cx25840 chip; the device will not work.
[  582.959916][ T2344] pvrusb2: ***WARNING*** Try power cycling the pvrusb2 device.
[  582.974700][ T2344] pvrusb2: ***WARNING*** Disabling further access to the device to prevent other foul-ups.
[  582.989446][ T5931] usb 5-1: new high-speed USB device number 18 using dummy_hcd
[  583.010375][ T2344] pvrusb2: Device being rendered inoperable
[  583.046622][ T2344] cx25840 2-0044: Unable to detect h/w, assuming cx23887
[  583.056217][ T2344] cx25840 2-0044: cx23887 A/V decoder found @ 0x88 (pvrusb2_a)
[  583.068494][ T2344] pvrusb2: Attached sub-driver cx25840
[  583.074351][ T2344] pvrusb2: ***WARNING*** pvrusb2 device hardware appears to be jammed and I can't clear it.
[  583.084779][ T2344] pvrusb2: You might need to power cycle the pvrusb2 device in order to recover.
[  583.179179][ T5931] usb 5-1: Using ep0 maxpacket: 16
[  583.197028][ T5931] usb 5-1: config 0 has 0 interfaces, different from the descriptor's value: 1
[  583.220831][ T5931] usb 5-1: New USB device found, idVendor=04d8, idProduct=00dd, bcdDevice= 0.00
[  583.239298][ T5931] usb 5-1: New USB device strings: Mfr=0, Product=0, SerialNumber=224
[  583.267614][ T5931] usb 5-1: SerialNumber: syz
[  583.295854][ T5931] usb 5-1: config 0 descriptor??
[  583.420905][T10140] xt_hashlimit: max too large, truncated to 1048576
[  584.190961][    T9] usb 6-1: new high-speed USB device number 8 using dummy_hcd
[  584.329188][    T9] usb 6-1: device descriptor read/64, error -71
[  584.428454][ T5905] usb 7-1: new full-speed USB device number 9 using dummy_hcd
[  584.579216][    T9] usb 6-1: new high-speed USB device number 9 using dummy_hcd
[  584.611476][ T5905] usb 7-1: unable to get BOS descriptor or descriptor too short
[  584.647851][ T5905] usb 7-1: not running at top speed; connect to a high speed hub
[  584.669695][ T5905] usb 7-1: config 1 contains an unexpected descriptor of type 0x2, skipping
[  584.679608][ T5905] usb 7-1: config 1 has an invalid descriptor of length 1, skipping remainder of the config
[  584.693798][ T5905] usb 7-1: config 1 has 2 interfaces, different from the descriptor's value: 3
[  584.702960][ T5905] usb 7-1: config 1 interface 1 altsetting 1 endpoint 0x1 has invalid maxpacket 8193, setting to 64
[  584.720228][ T5905] usb 7-1: New USB device found, idVendor=1d6b, idProduct=0101, bcdDevice= 0.40
[  584.729431][ T5905] usb 7-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  584.739407][    T9] usb 6-1: device descriptor read/64, error -71
[  584.861185][    T9] usb usb6-port1: attempt power cycle
[  585.219480][    T9] usb 6-1: new high-speed USB device number 10 using dummy_hcd
[  585.254422][    T9] usb 6-1: device descriptor read/8, error -71
[  585.299917][ T5905] usb 7-1: Product: syz
[  585.304201][ T5905] usb 7-1: Manufacturer: syz
[  585.308928][ T5905] usb 7-1: SerialNumber: syz
[  585.476634][T10154] ptm ptm8: ldisc open failed (-12), clearing slot 8
[  585.509332][    T9] usb 6-1: new high-speed USB device number 11 using dummy_hcd
[  585.535624][ T5905] usb 7-1: 0:2 : does not exist
[  585.554186][    T9] usb 6-1: device descriptor read/8, error -71
[  585.621023][ T5905] usb 7-1: USB disconnect, device number 9
[  585.670338][    T9] usb usb6-port1: unable to enumerate USB device
[  585.686258][T10159] 9pnet_fd: Insufficient options for proto=fd
[  585.702491][T10159] 9pnet_fd: Insufficient options for proto=fd
[  586.452037][ T5905] usb 5-1: USB disconnect, device number 18
[  586.534772][T10168] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy
[  586.571695][T10168] misc raw-gadget: fail, usb_gadget_register_driver returned -16
[  587.149316][ T5905] usb 5-1: new high-speed USB device number 19 using dummy_hcd
[  587.359388][ T5905] usb 5-1: Using ep0 maxpacket: 8
[  587.368669][ T5905] usb 5-1: config 127 has an invalid interface number: 195 but max is 1
[  587.378607][ T5905] usb 5-1: config 127 has an invalid interface number: 242 but max is 1
[  587.387480][ T5905] usb 5-1: config 127 has no interface number 0
[  587.395067][ T5905] usb 5-1: config 127 has no interface number 1
[  587.401728][ T5905] usb 5-1: config 127 interface 242 altsetting 2 has an invalid descriptor for endpoint zero, skipping
[  587.417716][ T5905] usb 5-1: config 127 interface 195 has no altsetting 0
[  587.425054][ T5905] usb 5-1: config 127 interface 242 has no altsetting 0
[  587.489866][ T5905] usb 5-1: New USB device found, idVendor=1415, idProduct=2000, bcdDevice=3e.d0
[  588.022291][ T5905] usb 5-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  588.051428][ T5905] usb 5-1: Product: syz
[  588.056638][ T5905] usb 5-1: Manufacturer: syz
[  588.065633][ T5905] usb 5-1: SerialNumber: syz
[  588.347917][ T5905] usb 5-1: USB disconnect, device number 19
[  588.860014][T10187] xt_hashlimit: max too large, truncated to 1048576
[  589.701278][   T30] kauditd_printk_skb: 4 callbacks suppressed
[  589.701302][   T30] audit: type=1326 audit(1755901203.755:216): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=10160 comm="syz.1.1083" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f55a998ebe9 code=0x7fc00000
[  589.767918][T10188] binder: 10184:10188 ioctl c0306201 0 returned -14
[  589.794956][T10188] binder: 10184:10188 ioctl 4018620d 0 returned -22
[  590.504500][T10200] netlink: 'syz.1.1093': attribute type 12 has an invalid length.
[  590.549669][T10200] netlink: 132 bytes leftover after parsing attributes in process `syz.1.1093'.
[  591.229292][T10218] netlink: 24 bytes leftover after parsing attributes in process `syz.4.1098'.
[  593.371084][T10255] netlink: 12 bytes leftover after parsing attributes in process `syz.5.1105'.
[  593.482636][T10261] syz.1.1106: attempt to access beyond end of device
[  593.482636][T10261] loop3: rw=2048, sector=0, nr_sectors = 8 limit=0
[  593.496141][T10261] SQUASHFS error: Failed to read block 0x0: -5
[  593.525875][T10254] xt_hashlimit: max too large, truncated to 1048576
[  593.899658][T10267] iommufd_mock iommufd_mock0: Adding to iommu group 0
[  595.036169][T10276] bridge0: entered promiscuous mode
[  595.060971][T10276] batman_adv: batadv0: Adding interface: macsec1
[  595.068063][T10276] batman_adv: batadv0: The MTU of interface macsec1 is too small (1468) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[  595.155282][T10276] batman_adv: batadv0: Interface activated: macsec1
[  595.581113][T10288] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium
[  596.955171][T10306] syz.1.1118: attempt to access beyond end of device
[  596.955171][T10306] loop3: rw=2048, sector=0, nr_sectors = 8 limit=0
[  596.968351][T10306] SQUASHFS error: Failed to read block 0x0: -5
[  600.599896][T10322] 
[  600.602277][T10322] ======================================================
[  600.609379][T10322] WARNING: possible circular locking dependency detected
[  600.616399][T10322] 6.16.0-syzkaller #0 Not tainted
[  600.621420][T10322] ------------------------------------------------------
[  600.628537][T10322] syz.1.1121/10322 is trying to acquire lock:
[  600.634599][T10322] ffff888071e40e00 (team->team_lock_key#5){+.+.}-{4:4}, at: team_device_event+0x182/0xa20
[  600.644616][T10322] 
[  600.644616][T10322] but task is already holding lock:
[  600.651999][T10322] ffff888072e5ad30 (&dev_instance_lock_key#3){+.+.}-{4:4}, at: do_setlink+0x388/0x41c0
[  600.661696][T10322] 
[  600.661696][T10322] which lock already depends on the new lock.
[  600.661696][T10322] 
[  600.672183][T10322] 
[  600.672183][T10322] the existing dependency chain (in reverse order) is:
[  600.681221][T10322] 
[  600.681221][T10322] -> #1 (&dev_instance_lock_key#3){+.+.}-{4:4}:
[  600.689687][T10322]        lock_acquire+0x120/0x360
[  600.694730][T10322]        __mutex_lock+0x182/0xe80
[  600.699785][T10322]        dev_set_mtu+0x10e/0x260
[  600.704768][T10322]        team_add_slave+0x8b8/0x2840
[  600.710075][T10322]        do_set_master+0x530/0x6d0
[  600.715199][T10322]        do_setlink+0xcf0/0x41c0
[  600.720158][T10322]        rtnl_newlink+0x160b/0x1c70
[  600.725370][T10322]        rtnetlink_rcv_msg+0x7cc/0xb70
[  600.730843][T10322]        netlink_rcv_skb+0x205/0x470
[  600.736148][T10322]        netlink_unicast+0x75c/0x8e0
[  600.741443][T10322]        netlink_sendmsg+0x805/0xb30
[  600.746739][T10322]        __sock_sendmsg+0x21c/0x270
[  600.751964][T10322]        ____sys_sendmsg+0x505/0x830
[  600.757266][T10322]        ___sys_sendmsg+0x21f/0x2a0
[  600.762499][T10322]        __x64_sys_sendmsg+0x19b/0x260
[  600.767970][T10322]        do_syscall_64+0xfa/0x3b0
[  600.773007][T10322]        entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  600.779427][T10322] 
[  600.779427][T10322] -> #0 (team->team_lock_key#5){+.+.}-{4:4}:
[  600.787614][T10322]        validate_chain+0xb9b/0x2140
[  600.792917][T10322]        __lock_acquire+0xab9/0xd20
[  600.798115][T10322]        lock_acquire+0x120/0x360
[  600.803142][T10322]        __mutex_lock+0x182/0xe80
[  600.808179][T10322]        team_device_event+0x182/0xa20
[  600.813641][T10322]        notifier_call_chain+0x1b3/0x3e0
[  600.819286][T10322]        __dev_notify_flags+0x18d/0x2e0
[  600.824850][T10322]        netif_change_flags+0xe8/0x1a0
[  600.830330][T10322]        do_setlink+0xc55/0x41c0
[  600.835277][T10322]        rtnl_newlink+0x149f/0x1c70
[  600.840485][T10322]        rtnetlink_rcv_msg+0x7cc/0xb70
[  600.845953][T10322]        netlink_rcv_skb+0x205/0x470
[  600.851254][T10322]        netlink_unicast+0x75c/0x8e0
[  600.856545][T10322]        netlink_sendmsg+0x805/0xb30
[  600.861838][T10322]        __sock_sendmsg+0x21c/0x270
[  600.867048][T10322]        ____sys_sendmsg+0x505/0x830
[  600.872346][T10322]        ___sys_sendmsg+0x21f/0x2a0
[  600.877558][T10322]        __x64_sys_sendmsg+0x19b/0x260
[  600.883028][T10322]        do_syscall_64+0xfa/0x3b0
[  600.888058][T10322]        entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  600.894478][T10322] 
[  600.894478][T10322] other info that might help us debug this:
[  600.894478][T10322] 
[  600.904706][T10322]  Possible unsafe locking scenario:
[  600.904706][T10322] 
[  600.912165][T10322]        CPU0                    CPU1
[  600.917535][T10322]        ----                    ----
[  600.922908][T10322]   lock(&dev_instance_lock_key#3);
[  600.928128][T10322]                                lock(team->team_lock_key#5);
[  600.935602][T10322]                                lock(&dev_instance_lock_key#3);
[  600.943338][T10322]   lock(team->team_lock_key#5);
[  600.948290][T10322] 
[  600.948290][T10322]  *** DEADLOCK ***
[  600.948290][T10322] 
[  600.956441][T10322] 2 locks held by syz.1.1121/10322:
[  600.961640][T10322]  #0: ffffffff8f509f08 (rtnl_mutex){+.+.}-{4:4}, at: rtnl_newlink+0x8db/0x1c70
[  600.970727][T10322]  #1: ffff888072e5ad30 (&dev_instance_lock_key#3){+.+.}-{4:4}, at: do_setlink+0x388/0x41c0
[  600.980896][T10322] 
[  600.980896][T10322] stack backtrace:
[  600.986801][T10322] CPU: 0 UID: 0 PID: 10322 Comm: syz.1.1121 Not tainted 6.16.0-syzkaller #0 PREEMPT(full) 
[  600.986823][T10322] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 07/12/2025
[  600.986832][T10322] Call Trace:
[  600.986841][T10322]  <TASK>
[  600.986849][T10322]  dump_stack_lvl+0x189/0x250
[  600.986874][T10322]  ? __pfx_dump_stack_lvl+0x10/0x10
[  600.986892][T10322]  ? __pfx__printk+0x10/0x10
[  600.986912][T10322]  ? print_lock_name+0xde/0x100
[  600.986932][T10322]  print_circular_bug+0x2ee/0x310
[  600.986952][T10322]  check_noncircular+0x134/0x160
[  600.986973][T10322]  validate_chain+0xb9b/0x2140
[  600.987000][T10322]  ? __lock_acquire+0xab9/0xd20
[  600.987019][T10322]  __lock_acquire+0xab9/0xd20
[  600.987035][T10322]  ? team_device_event+0x182/0xa20
[  600.987049][T10322]  lock_acquire+0x120/0x360
[  600.987062][T10322]  ? team_device_event+0x182/0xa20
[  600.987085][T10322]  ? _raw_spin_unlock_irqrestore+0x85/0x110
[  600.987112][T10322]  __mutex_lock+0x182/0xe80
[  600.987128][T10322]  ? team_device_event+0x182/0xa20
[  600.987145][T10322]  ? __try_to_del_timer_sync+0x34a/0x3a0
[  600.987166][T10322]  ? team_device_event+0x182/0xa20
[  600.987181][T10322]  ? __pfx___mutex_lock+0x10/0x10
[  600.987196][T10322]  ? __timer_delete_sync+0x218/0x2d0
[  600.987224][T10322]  team_device_event+0x182/0xa20
[  600.987239][T10322]  notifier_call_chain+0x1b3/0x3e0
[  600.987259][T10322]  __dev_notify_flags+0x18d/0x2e0
[  600.987285][T10322]  ? __pfx___dev_notify_flags+0x10/0x10
[  600.987306][T10322]  ? __dev_change_flags+0x4cc/0x6d0
[  600.987330][T10322]  ? __pfx___dev_change_flags+0x10/0x10
[  600.987351][T10322]  ? netif_state_change+0x256/0x3a0
[  600.987374][T10322]  netif_change_flags+0xe8/0x1a0
[  600.987398][T10322]  do_setlink+0xc55/0x41c0
[  600.987421][T10322]  ? trace_sched_exit_tp+0x38/0x120
[  600.987446][T10322]  ? __pfx_do_setlink+0x10/0x10
[  600.987473][T10322]  ? __lock_acquire+0xab9/0xd20
[  600.987489][T10322]  ? __mutex_trylock_common+0x153/0x260
[  600.987509][T10322]  ? __pfx___mutex_trylock_common+0x10/0x10
[  600.987529][T10322]  ? rcu_is_watching+0x15/0xb0
[  600.987546][T10322]  ? trace_contention_end+0x39/0x120
[  600.987564][T10322]  ? __mutex_lock+0x330/0xe80
[  600.987583][T10322]  ? rtnl_newlink+0x8db/0x1c70
[  600.987602][T10322]  ? rcu_is_watching+0x15/0xb0
[  600.987618][T10322]  ? __pfx___mutex_lock+0x10/0x10
[  600.987638][T10322]  ? ns_capable+0x8a/0xf0
[  600.987653][T10322]  ? rtnl_link_get_net_capable+0x16a/0x350
[  600.987677][T10322]  rtnl_newlink+0x149f/0x1c70
[  600.987701][T10322]  ? __pfx_rtnl_newlink+0x10/0x10
[  600.987719][T10322]  ? __schedule+0x16c8/0x4c90
[  600.987740][T10322]  ? preempt_schedule_irq+0xb5/0x150
[  600.987757][T10322]  ? __pfx___schedule+0x10/0x10
[  600.987769][T10322]  ? preempt_schedule_common+0x83/0xd0
[  600.987785][T10322]  ? __pfx_preempt_schedule+0x10/0x10
[  600.987800][T10322]  ? preempt_schedule_notrace_thunk+0x16/0x30
[  600.987825][T10322]  ? rcu_is_watching+0x15/0xb0
[  600.987841][T10322]  ? trace_irq_disable+0x37/0x110
[  600.987862][T10322]  ? preempt_schedule_irq+0xde/0x150
[  600.987877][T10322]  ? __pfx_preempt_schedule_irq+0x10/0x10
[  600.987894][T10322]  ? irqentry_exit+0x74/0x90
[  600.987909][T10322]  ? lockdep_hardirqs_on+0x9c/0x150
[  600.987927][T10322]  ? __lock_acquire+0xab9/0xd20
[  600.987949][T10322]  ? __pfx_rtnl_newlink+0x10/0x10
[  600.987968][T10322]  rtnetlink_rcv_msg+0x7cc/0xb70
[  600.987996][T10322]  ? rtnetlink_rcv_msg+0x1ab/0xb70
[  600.988014][T10322]  ? __pfx_rtnetlink_rcv_msg+0x10/0x10
[  600.988036][T10322]  ? __pfx_rcu_preempt_deferred_qs_irqrestore+0x10/0x10
[  600.988062][T10322]  netlink_rcv_skb+0x205/0x470
[  600.988083][T10322]  ? rcu_is_watching+0x15/0xb0
[  600.988098][T10322]  ? __pfx_rtnetlink_rcv_msg+0x10/0x10
[  600.988119][T10322]  ? __pfx_netlink_rcv_skb+0x10/0x10
[  600.988144][T10322]  ? netlink_deliver_tap+0x2e/0x1b0
[  600.988168][T10322]  netlink_unicast+0x75c/0x8e0
[  600.988190][T10322]  netlink_sendmsg+0x805/0xb30
[  600.988212][T10322]  ? __pfx_preempt_schedule_irq+0x10/0x10
[  600.988229][T10322]  ? __pfx_netlink_sendmsg+0x10/0x10
[  600.988253][T10322]  ? bpf_lsm_socket_sendmsg+0x9/0x20
[  600.988268][T10322]  ? __pfx_netlink_sendmsg+0x10/0x10
[  600.988289][T10322]  __sock_sendmsg+0x21c/0x270
[  600.988308][T10322]  ____sys_sendmsg+0x505/0x830
[  600.988333][T10322]  ? __pfx_____sys_sendmsg+0x10/0x10
[  600.988359][T10322]  ? import_iovec+0x74/0xa0
[  600.988382][T10322]  ___sys_sendmsg+0x21f/0x2a0
[  600.988405][T10322]  ? __pfx____sys_sendmsg+0x10/0x10
[  600.988440][T10322]  ? __fget_files+0x2a/0x420
[  600.988457][T10322]  ? __fget_files+0x3a0/0x420
[  600.988477][T10322]  __x64_sys_sendmsg+0x19b/0x260
[  600.988500][T10322]  ? __pfx___x64_sys_sendmsg+0x10/0x10
[  600.988527][T10322]  ? rcu_is_watching+0x15/0xb0
[  600.988545][T10322]  ? do_syscall_64+0xbe/0x3b0
[  600.988563][T10322]  do_syscall_64+0xfa/0x3b0
[  600.988580][T10322]  ? entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  600.988595][T10322]  ? asm_sysvec_reschedule_ipi+0x1a/0x20
[  600.988611][T10322]  ? clear_bhb_loop+0x60/0xb0
[  600.988627][T10322]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  600.988643][T10322] RIP: 0033:0x7f55a998ebe9
[  600.988664][T10322] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[  600.988684][T10322] RSP: 002b:00007f55aa84c038 EFLAGS: 00000246 ORIG_RAX: 000000000000002e
[  600.988702][T10322] RAX: ffffffffffffffda RBX: 00007f55a9bb6360 RCX: 00007f55a998ebe9
[  600.988714][T10322] RDX: 0000000000000000 RSI: 0000200000000140 RDI: 000000000000000d
[  600.988724][T10322] RBP: 00007f55a9a11e19 R08: 0000000000000000 R09: 0000000000000000
[  600.988735][T10322] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000
[  600.988745][T10322] R13: 00007f55a9bb63f8 R14: 00007f55a9bb6360 R15: 00007fff2bbc12e8
[  600.988762][T10322]  </TASK>
[  601.546381][ T5983] usb 5-1: new high-speed USB device number 20 using dummy_hcd
[  601.699157][ T5983] usb 5-1: Using ep0 maxpacket: 32
[  601.705821][ T5983] usb 5-1: config 0 interface 0 altsetting 128 endpoint 0x81 has an invalid bInterval 0, changing to 7
[  601.717262][ T5983] usb 5-1: config 0 interface 0 altsetting 128 has 1 endpoint descriptor, different from the interface descriptor's value: 3
[  601.730447][ T5983] usb 5-1: config 0 interface 0 has no altsetting 0
[  601.737090][ T5983] usb 5-1: New USB device found, idVendor=056a, idProduct=0094, bcdDevice= 0.00
[  601.746548][ T5983] usb 5-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  601.755500][ T5983] usb 5-1: config 0 descriptor??
[  601.891621][T10322] batman_adv: batadv0: Interface deactivated: batadv_slave_0
[  601.928541][T10322] batman_adv: batadv0: Interface deactivated: batadv_slave_1
[  602.209304][T10322] netdevsim netdevsim1 netdevsim0: unset [1, 0] type 2 family 0 port 6081 - 0
[  602.218261][T10322] netdevsim netdevsim1 netdevsim1: unset [1, 0] type 2 family 0 port 6081 - 0
[  602.227511][T10322] netdevsim netdevsim1 netdevsim2: unset [1, 0] type 2 family 0 port 6081 - 0
[  602.236443][T10322] netdevsim netdevsim1 netdevsim3: unset [1, 0] type 2 family 0 port 6081 - 0
[  602.568712][ T5983] usbhid 5-1:0.0: can't add hid device: -71
[  602.574913][ T5983] usbhid 5-1:0.0: probe with driver usbhid failed with error -71
[  602.584061][ T5983] usb 5-1: USB disconnect, device number 20