last executing test programs:

5.870949963s ago: executing program 2 (id=2057):
r0 = socket$inet(0x2, 0x4000000000000001, 0x0)
sendmsg(0xffffffffffffffff, &(0x7f00000000c0)={0x0, 0xfffffffffffffed4, &(0x7f0000000080), 0x1}, 0x88010)
ioctl$SIOCSIFHWADDR(0xffffffffffffffff, 0x8905, 0x0)
setsockopt$inet_tcp_int(r0, 0x6, 0x80000000000002, 0x0, 0x0)
bind$inet(r0, &(0x7f0000000000)={0x2, 0x4e23, @initdev={0xac, 0x1e, 0x0, 0x0}}, 0x10)
sendto$inet(r0, 0x0, 0x0, 0x200007fd, &(0x7f0000000040)={0x2, 0x4e23, @loopback}, 0x10)
setsockopt$sock_int(r0, 0x1, 0x8, 0x0, 0x0)
bpf$BPF_BTF_GET_FD_BY_ID(0x13, &(0x7f00000000c0), 0x4)
sched_setaffinity(0x0, 0x8, &(0x7f0000000100)=0x401)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
r1 = openat$hwrng(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0)
syz_pidfd_open(0x0, 0x0)
sendmsg$AUDIT_SET(r1, 0x0, 0x10)
preadv(r1, &(0x7f0000000140)=[{&(0x7f000001aa80)=""/102393, 0x18ff9}], 0x1, 0x0, 0x0)
openat$vhost_vsock(0xffffff9c, &(0x7f0000000300), 0x2, 0x0)
socket$vsock_stream(0x28, 0x1, 0x0)
listen(0xffffffffffffffff, 0x8)
mmap(&(0x7f0000000000/0xfbe000)=nil, 0xfbe000, 0x2, 0x31, 0xffffffffffffffff, 0x0)
r2 = socket$key(0xf, 0x3, 0x2)
sendmsg$key(r2, &(0x7f0000000280)={0x0, 0x0, &(0x7f0000000940)={0x0, 0xffffffffffffff85}}, 0x10)
mbind(&(0x7f0000001000/0x800000)=nil, 0x800000, 0x4, 0x0, 0x7, 0x0)
r3 = syz_open_procfs(0x0, &(0x7f00000002c0)='net/dev_mcast\x00')
lseek(r3, 0x1000000, 0x0)

5.5035508s ago: executing program 0 (id=2059):
r0 = socket$inet6_sctp(0xa, 0x801, 0x84)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
sched_setaffinity(0x0, 0x8, &(0x7f0000000040)=0x10001)
r1 = openat$hwrng(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0)
socket$inet6(0xa, 0x1, 0x0)
preadv(r1, &(0x7f0000001880)=[{&(0x7f0000001a80)=""/102400, 0x19000}], 0x1, 0x0, 0x800)
socket$inet6_sctp(0xa, 0x5, 0x84)
r2 = socket$nl_xfrm(0x10, 0x3, 0x6)
sendmsg$nl_xfrm(r2, &(0x7f0000000040)={0x0, 0x0, &(0x7f0000000000)={&(0x7f00000003c0)=ANY=[@ANYBLOB="4c0100001000130100000000000000007f00000100"/64, @ANYRES32=0x0, @ANYRES32=0xee00, @ANYBLOB="000000000000000000000000000000000000000032000000ac14140000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000a0001000000000048000200656362286369706865725f6e756c6c290000", @ANYRES32=0x0, @ANYBLOB="04"], 0x14c}}, 0x0)
getsockopt$inet_sctp6_SCTP_SOCKOPT_CONNECTX3(0xffffffffffffffff, 0x84, 0x70, 0x0, &(0x7f0000000580))
openat$nullb(0xffffffffffffff9c, 0x0, 0x0, 0x0)
close(0xffffffffffffffff)
bpf$PROG_LOAD_XDP(0x5, &(0x7f00000000c0)={0x12, 0x1f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0xf}, 0x90)
r3 = socket$nl_route(0x10, 0x3, 0x0)
io_getevents(0x0, 0x3, 0x8, &(0x7f00000005c0)=[{}, {}, {}, {}, {}, {}, {}, {}], 0x0)
ioctl$ifreq_SIOCGIFINDEX_team(r3, 0x8933, 0x0)
sendmsg$nl_route(r3, &(0x7f0000000280)={0x0, 0x0, &(0x7f0000000040)={&(0x7f0000000380)=ANY=[@ANYBLOB="3c00000010000100"/20, @ANYRES32=0x0, @ANYBLOB="0220000000000000140003006d6163766c616e31000000000000000008000a00", @ANYRES32, @ANYBLOB="575e4c73efba88706632129d42539e4569d0c16ae052e7e23a6ac17a0e21c75e05f35ad59a7c263088ce2770a2f12d7d806313dfca45a5066ca051784e1356bc3f010404a072b0d7e3cb1286aeba92970772ca2ee9f57ded5cd98399342253add2addf3e37f12b72a1a7a8308561e69ae1f3fba25fe75c63f9b1c27d71808cde798e68c75dcead8c23368a659a7a151e13b3b32be5edafc72104412c7f9aa19a68d4ad9df3a37bb3bd9eea776710c8e660031093a1a65beaeac1581bc5c8ca31e8126202c6a7c189423287f8"], 0x3c}}, 0x0)
r4 = socket$nl_generic(0x10, 0x3, 0x10)
syz_genetlink_get_family_id$ethtool(&(0x7f0000000040), 0xffffffffffffffff)
ioctl$ifreq_SIOCGIFINDEX_batadv_hard(r4, 0x8933, &(0x7f0000000200)={'batadv_slave_1\x00'})
sendmsg$ETHTOOL_MSG_LINKINFO_GET(r4, &(0x7f0000000180)={0x0, 0x0, &(0x7f0000000140)={0x0, 0x34}}, 0x0)
r5 = fsopen(&(0x7f00000000c0)='binfmt_misc\x00', 0x0)
syz_open_dev$sg(&(0x7f00000060c0), 0x0, 0x0)
close_range(r5, 0xffffffffffffffff, 0x0)
sendto$inet6(r0, &(0x7f00000001c0)='O', 0x1, 0x0, &(0x7f0000000280)={0xa, 0x0, 0x0, @private2}, 0x1c)
getsockopt$inet_sctp6_SCTP_PEER_ADDR_THLDS(r0, 0x84, 0x85, &(0x7f0000000000)={0x0, @in={{0x2, 0x0, @empty}}}, &(0x7f0000000100)=0x90)

5.095377923s ago: executing program 2 (id=2060):
bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000000)={0x0, 0x1, 0x0, &(0x7f0000000200)='GPL\x00'}, 0x90)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
syz_emit_vhci(&(0x7f0000000340)=ANY=[], 0x4)
bpf$MAP_CREATE_RINGBUF(0x0, &(0x7f00000007c0)={0x1b, 0x0, 0x0, 0x40000, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0}, 0x48)
socket$nl_generic(0x10, 0x3, 0x10)
socketpair$unix(0x1, 0x5, 0x0, 0x0)
setsockopt$SO_ATTACH_FILTER(0xffffffffffffffff, 0x1, 0x1a, &(0x7f0000000000)={0x0, 0x0}, 0x8)
sendmmsg$inet(0xffffffffffffffff, &(0x7f0000001b80)=[{{0x0, 0x0, &(0x7f0000001980)=[{0x0}], 0x1}}], 0x1, 0x0)
r0 = fsopen(&(0x7f0000000000)='ramfs\x00', 0x0)
r1 = fsmount(r0, 0x0, 0x8)
mknodat(r1, &(0x7f0000000400)='./file0\x00', 0x0, 0x0)
syz_open_dev$tty1(0xc, 0x4, 0x2)
execveat(r1, &(0x7f00000004c0)='./file0\x00', 0x0, 0x0, 0x0)
ioctl$sock_SIOCGIFVLAN_SET_VLAN_EGRESS_PRIORITY_CMD(0xffffffffffffffff, 0x8982, 0x0)
r2 = syz_genetlink_get_family_id$nl80211(&(0x7f0000000080), 0xffffffffffffffff)
sendmsg$NL80211_CMD_SET_STATION(0xffffffffffffffff, &(0x7f0000000480)={0x0, 0x0, &(0x7f0000000440)={&(0x7f0000000300)=ANY=[@ANYBLOB='0\x00\x00\x00', @ANYRES16=r2, @ANYRES32], 0x30}}, 0x0)
r3 = socket$inet_sctp(0x2, 0x1, 0x84)
setsockopt$inet_sctp_SCTP_SOCKOPT_CONNECTX(r3, 0x84, 0x6e, &(0x7f0000000180)=[@in6={0xa, 0x0, 0x0, @loopback}], 0x1c)
sched_setaffinity(0x0, 0x8, &(0x7f0000000040)=0x10001)
r4 = openat$hwrng(0xffffffffffffff9c, &(0x7f00000002c0), 0x0, 0x0)
preadv(r4, &(0x7f0000000240)=[{&(0x7f0000033a80)=""/102386, 0x18ff2}], 0x1, 0x7, 0x0)
r5 = openat$vmci(0xffffff9c, &(0x7f0000001640), 0x2, 0x0)
ioctl$IOCTL_VMCI_CTX_SET_CPT_STATE(r5, 0x7b2, 0x0)
syz_open_dev$vim2m(&(0x7f0000000000), 0x0, 0x2)
ioctl$vim2m_VIDIOC_CREATE_BUFS(0xffffffffffffffff, 0xc100565c, &(0x7f0000000100)={0x0, 0x0, 0x0, {0x3, @vbi={0x3, 0x0, 0x0, 0x30314442}}})
msync(&(0x7f0000952000/0x2000)=nil, 0x87abbe8d1cc6ad9, 0x6)

4.601809497s ago: executing program 2 (id=2063):
socket$nl_netfilter(0x10, 0x3, 0xc)
socket$caif_stream(0x25, 0x1, 0x1000004)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
sched_setaffinity(0x0, 0x8, &(0x7f0000000040)=0x10001)
r0 = openat$hwrng(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0)
preadv(r0, &(0x7f0000000200)=[{&(0x7f000000d000)=""/102400, 0x19000}, {&(0x7f0000000380)=""/164, 0xa4}], 0x2, 0x0, 0x0)
socket$tipc(0x1e, 0x2, 0x0)
r1 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000000)='blkio.throttle.io_serviced\x00', 0x275a, 0x0)
socket$inet6(0xa, 0x3, 0x3)
bpf$MAP_CREATE(0x0, 0x0, 0x0)
bpf$MAP_LOOKUP_BATCH(0x18, 0x0, 0x0)
setsockopt$inet_sctp6_SCTP_SOCKOPT_BINDX_ADD(0xffffffffffffffff, 0x84, 0x64, 0x0, 0x0)
socket$inet_smc(0x2b, 0x1, 0x0)
read$FUSE(r1, &(0x7f00000020c0)={0x2020}, 0x2020)
socket$inet6_udplite(0xa, 0x2, 0x88)
r2 = socket$nl_xfrm(0x10, 0x3, 0x6)
sendmsg$nl_xfrm(r2, &(0x7f0000000200)={0x0, 0x0, &(0x7f00000001c0)={&(0x7f0000000540)=ANY=[@ANYBLOB="c40000001900674c0000000000000000ff010000000000000000000000000001e000000100000000000000000000000000000000000000000a0000000000", @ANYRES32=0x0, @ANYRES32=0x0, @ANYBLOB], 0xc4}}, 0x0)
r3 = socket$nl_xfrm(0x10, 0x3, 0x6)
sendmsg$nl_xfrm(r3, &(0x7f00000002c0)={0x0, 0x0, &(0x7f0000000200)={&(0x7f0000000600)=ANY=[], 0x1c}}, 0x0)
sendmsg$nl_xfrm(r3, &(0x7f0000000040)={0x0, 0x0, &(0x7f00000001c0)={&(0x7f0000000240)=ANY=[], 0xb8}}, 0x0)
socket$igmp(0x2, 0x3, 0x2)
r4 = socket$inet_udplite(0x2, 0x2, 0x88)
ioctl$sock_inet_SIOCADDRT(r4, 0x890b, &(0x7f00000004c0)={0x0, {0x2, 0x0, @empty}, {0x2, 0x0, @dev}, {0x2, 0x0, @empty}})
r5 = socket$igmp(0x2, 0x3, 0x2)
setsockopt$MRT_ADD_VIF(r5, 0x0, 0xca, &(0x7f0000000000)={0x0, 0x1, 0x0, 0x0, @vifc_lcl_addr=@local, @private=0xa010101}, 0x10)
write$UHID_CREATE2(0xffffffffffffffff, &(0x7f00000001c0)=ANY=[], 0x118)

4.599565931s ago: executing program 0 (id=2073):
r0 = socket$inet6_sctp(0xa, 0x1, 0x84)
setsockopt$inet_sctp6_SCTP_SOCKOPT_BINDX_ADD(r0, 0x84, 0x64, &(0x7f0000000900)=[@in={0x2, 0x4e23, @loopback}, @in6={0xa, 0x0, 0x0, @loopback}], 0x2c)
sendto$inet6(r0, 0x0, 0x0, 0x40, &(0x7f000005ffe4)={0xa, 0x4e27, 0x0, @ipv4={'\x00', '\xff\xff', @empty}}, 0x1c)
r1 = socket$can_j1939(0x1d, 0x2, 0x7)
r2 = socket(0x15, 0x5, 0x0)
r3 = socket$l2tp(0x2, 0x2, 0x73)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
sched_setaffinity(0x0, 0x8, &(0x7f0000000040)=0x10001)
r4 = syz_open_procfs(0xffffffffffffffff, &(0x7f0000000000)='net/ipv6_route\x00')
lseek(r4, 0xae7e, 0x0)
read$FUSE(r4, 0x0, 0x0)
r5 = openat$hwrng(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0)
preadv(r5, &(0x7f0000000240)=[{&(0x7f0000001a80)=""/102386, 0x18ff2}], 0x1, 0x0, 0x0)
sendmsg$unix(r4, &(0x7f000001d140)={&(0x7f000001ab80)=@file={0x0, './file0\x00'}, 0x6e, &(0x7f000001ae80)=[{&(0x7f0000000100)="ba7eae04b0b1008028c5b54c8f4a1afb8e6bbbfe16a77feb9dd4394298febba7", 0x20}, {0x0}, {&(0x7f000001ad00)="08d97198cbbeabe441e918e036958896c72def81347492d40b82069d670b2b9c9d09441b3c7fb0db3a3933485a19c80cc08da96da97372ad61f425210f29cc5ea960529e5a040ef0655a321f985400ec1932503cd157c630", 0x58}, {&(0x7f000001ad80)="19c5b21dd99b571d55f00cb7e217c64c62c851443bb255ab2c131c98ededb7c9543b9c0d8319f7baf601743cf4e4671561de35b736692930303b200e73d73d8b847874a238fe66febc47bc6ed2b1ba168a02296d976b7f3a345295fac60207c12a69a341dbac", 0x66}, {&(0x7f000001ae00)="b520530e86d24ec8b6af487eaa281b5b02e537793e", 0x15}, {&(0x7f000001ae40)="3fda0bfaba41f477fcd0", 0xa}], 0x6, &(0x7f000001d080)=[@rights={{0xc}}, @rights={{0x2c, 0x1, 0x1, [r4, r2, 0xffffffffffffffff, r1, r0, r1, r1, 0xffffffffffffffff]}}, @cred={{0x18}}, @rights={{0x10, 0x1, 0x1, [r1]}}, @rights={{0x20, 0x1, 0x1, [r2, r3, 0xffffffffffffffff, r4, r5]}}, @cred={{0x18, 0x1, 0x2, {0x0, 0x0, 0xee00}}}], 0x98, 0x8000}, 0x2000c800)
setsockopt$IPT_SO_SET_REPLACE(r3, 0x4000000000000, 0x40, &(0x7f00000002c0)=@raw={'raw\x00', 0x4001, 0x3, 0x248, 0x0, 0x0, 0x148, 0x1b4, 0x148, 0x1b4, 0x240, 0x240, 0x1b4, 0x240, 0x7fffffe, 0x0, {[{{@ip={@private, @local, 0x0, 0x0, 'veth0_to_bond\x00', 'nr0\x00'}, 0x0, 0x70, 0xd8}, @unspec=@CT2={0x68, 'CT\x00', 0x2, {0x10, 0x0, 0x0, 0x0, 'snmp\x00', 'syz0\x00'}}}, {{@ip={@local, @initdev={0xac, 0x1e, 0x0, 0x0}, 0x0, 0x0, 'ip6gre0\x00', 'pim6reg\x00'}, 0x0, 0xb8, 0xdc, 0x0, {}, [@inet=@rpfilter={{0x24}}, @inet=@rpfilter={{0x24}}]}, @common=@unspec=@NFQUEUE0={0x24}}], {{'\x00', 0x0, 0x70, 0x94}, {0x24}}}}, 0x2a4)
getsockopt(r2, 0x200000000114, 0x2711, &(0x7f0000000580)=""/102393, &(0x7f0000000040)=0x2a)
getsockopt$SO_J1939_ERRQUEUE(r1, 0x6b, 0x4, &(0x7f0000000140), &(0x7f0000000340)=0x4)
r6 = socket$inet6_tcp(0xa, 0x1, 0x0)
sendfile(r0, r6, 0x0, 0x40000000)
connect$inet6(r6, &(0x7f0000000180)={0xa, 0x4001, 0x0, @dev, 0xd}, 0x1c)
r7 = socket$kcm(0x10, 0x2, 0x4)
setsockopt$SO_J1939_PROMISC(0xffffffffffffffff, 0x6b, 0x2, &(0x7f0000000080), 0x4)
sendmsg$kcm(r7, &(0x7f0000000240)={0x0, 0x0, &(0x7f0000000000)=[{&(0x7f0000000280)="89000000120081ae08060cdc030000007f03e3f7000000006ee2ffca1b1f0000000004c00e72f750375ed08a56331dbf9ed7815e381ad6e747033a0093b837dc6cc01e32efaec8c7a6ec0012100001400c0c0c00bdad446b9bbc7a46e3988285dcdf12f21308f868fece01955fed0009d78f0a947ee2b49e33538afa8af92347514f0b56a20ff27fff", 0x89}], 0x1}, 0x0)
r8 = syz_open_procfs(0x0, &(0x7f00000000c0)='task\x00')
fchdir(r8)
statx(r4, &(0x7f00000001c0)='./file0\x00', 0x0, 0x20, &(0x7f000001aa80))

4.522389858s ago: executing program 4 (id=2064):
r0 = openat$ptmx(0xffffffffffffff9c, &(0x7f00000000c0), 0x0, 0x0)
ioctl$TCSETS(r0, 0x40045431, &(0x7f0000000000)={0x0, 0x0, 0x0, 0x0, 0x0, "0000002000000010000080ffff09ff73e9363b"})
r1 = syz_open_pts(r0, 0x0)
getsockopt$SO_J1939_SEND_PRIO(0xffffffffffffffff, 0x6b, 0x3, &(0x7f00000001c0), 0x0)
close_range(0xffffffffffffffff, 0xffffffffffffffff, 0x2)
bpf$BPF_PROG_DETACH(0x24, &(0x7f00000001c0)={@ifindex, 0xffffffffffffffff, 0x0, 0x0, 0x0, @link_id}, 0x20)
sendmsg$nl_route(0xffffffffffffffff, &(0x7f0000000100)={0x0, 0x0, &(0x7f0000000500)={0x0, 0x38}}, 0x0)
rseq(&(0x7f00000004c0), 0x20, 0x0, 0x0)
close_range(0xffffffffffffffff, 0xffffffffffffffff, 0x2)
r2 = socket$inet6_sctp(0xa, 0x1, 0x84)
bind$inet6(r2, &(0x7f00004b8fe4)={0xa, 0x0, 0x0, @loopback}, 0x1c)
ptrace$poke(0xffffffffffffffff, 0x0, 0x0, 0x0)
ioctl$sock_SIOCSPGRP(0xffffffffffffffff, 0x8902, 0x0)
sendto$inet6(r2, &(0x7f0000847fff)='X', 0xfee4, 0x0, &(0x7f000005ffe4)={0xa, 0x0, 0x0, @loopback}, 0x1c)
ioctl$sock_SIOCGIFINDEX(0xffffffffffffffff, 0x8933, 0x0)
syz_genetlink_get_family_id$ethtool(&(0x7f00000000c0), 0xffffffffffffffff)
openat$cgroup_ro(0xffffffffffffffff, &(0x7f0000000080)='cpuacct.usage_percpu_user\x00', 0x0, 0x0)
syz_genetlink_get_family_id$nl80211(&(0x7f0000000180), 0xffffffffffffffff)
r3 = openat$sysfs(0xffffffffffffff9c, &(0x7f0000000400)='/sys/power/resume', 0x149a82, 0x0)
write$cgroup_int(r3, &(0x7f0000000040)=0x40000, 0x12)
bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000400)={0x8, 0x10, &(0x7f0000000d00)=ANY=[@ANYRESDEC, @ANYRES64, @ANYRESHEX], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, r3, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x200000}, 0x90)
ioctl$UFFDIO_API(r3, 0xc018aa3f, &(0x7f0000000000)={0xaa, 0x40})
ioctl$TCSETSW2(r1, 0x402c542c, &(0x7f0000000200)={0x7, 0x7c0, 0x9, 0x4, 0x9, "eb1b38f9d239edef0724e42eaa0eb9f611876d", 0x7, 0x6})
ioctl$TIOCNXCL(r1, 0x80045440)

4.111930438s ago: executing program 0 (id=2066):
clock_gettime(0x0, 0x0)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
syz_emit_ethernet(0x66, &(0x7f0000000000)={@local, @broadcast, @void, {@ipv6={0x86dd, @udp={0x0, 0x6, "1600", 0x30, 0x2b, 0x0, @private1, @local, {[@hopopts={0x87}, @routing={0x0, 0x2, 0x0, 0x0, 0x0, [@empty]}], {0x0, 0x0, 0x10, 0x0, @gue={{0x2}}}}}}}}, 0x0)
socket$inet6_tcp(0xa, 0x1, 0x0)
socket$l2tp6(0xa, 0x2, 0x73)
socket$inet_sctp(0x2, 0x1, 0x84)
bind$l2tp6(0xffffffffffffffff, &(0x7f0000000100)={0xa, 0x0, 0x0, @empty}, 0x65)
connect$l2tp6(0xffffffffffffffff, 0x0, 0x0)
socket$l2tp6(0xa, 0x2, 0x73)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f00000001c0))
socket$nl_generic(0x10, 0x3, 0x10)
syz_emit_ethernet(0x4a, 0x0, 0x0)
bpf$PROG_LOAD(0x5, &(0x7f00000017c0)={0x0, 0xe, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, &(0x7f0000000000), 0x10}, 0x90)
r0 = openat$kvm(0xffffffffffffff9c, &(0x7f00000004c0), 0x0, 0x0)
r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0)
ioctl$KVM_SET_USER_MEMORY_REGION(r1, 0x4020ae46, &(0x7f0000000400)={0x0, 0x0, 0x0, 0x20002000, &(0x7f0000000000/0x2000)=nil})
r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0)
ioctl$KVM_RUN(r2, 0xae80, 0x0)
syz_kvm_setup_cpu$x86(0xffffffffffffffff, 0xffffffffffffffff, &(0x7f0000fe8000/0x18000)=nil, &(0x7f0000000140)=[@text32={0x20, &(0x7f0000000180)="66b80e010f00d0b0060f21a20f01c40f009b2700000066b80c008ee00f3235008000000f30b80e0000000f23d80f21f835800000a00f23f8c9b9490300000f60b932c00a00b9730200000f32328fe858b660002fb90d090000b800680000ba000000000f30", 0x65}], 0x1, 0x0, 0x0, 0x0)
socketpair$nbd(0x1, 0x1, 0x0, &(0x7f0000000140))
ioctl$KVM_RUN(r2, 0xae80, 0x0)
r3 = openat$hwrng(0xffffffffffffff9c, &(0x7f0000000680), 0x0, 0x0)
sched_setaffinity(0x0, 0x8, &(0x7f00000001c0)=0x5)
preadv(r3, &(0x7f0000001880)=[{&(0x7f00000018c0)=""/102400, 0x19000}], 0x1, 0x0, 0x0)
openat$fuse(0xffffffffffffff9c, 0x0, 0x42, 0x0)
bpf$PROG_LOAD(0x5, &(0x7f0000000440)={0x1, 0x4, &(0x7f0000000400)=@framed={{0xffffffb4, 0x0, 0x0, 0x0, 0x0, 0x69, 0x10, 0x89}, [@ldst={0x4}]}, &(0x7f0000000080)='GPL\x00', 0x2, 0x3f7, &(0x7f000000cf3d)=""/195}, 0x48)

3.99851816s ago: executing program 3 (id=2067):
socket$nl_generic(0x10, 0x3, 0x10)
syz_open_dev$tty1(0xc, 0x4, 0x1)
r0 = socket$packet(0x11, 0x2, 0x300)
setsockopt$packet_int(r0, 0x107, 0x0, 0x0, 0x0)
setsockopt$packet_rx_ring(r0, 0x107, 0x5, 0x0, 0x0)
bpf$PROG_LOAD(0x5, &(0x7f00002a0fb8)={0x0, 0x4, &(0x7f0000000080)=ANY=[@ANYBLOB="62000000000000007b0a00ff", @ANYRES32, @ANYBLOB], &(0x7f0000000140)='GPL\x00', 0x0, 0x95, &(0x7f0000000180)=""/149}, 0x90)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
r1 = openat$hwrng(0xffffffffffffff9c, &(0x7f0000000680), 0x0, 0x0)
sched_setaffinity(0x0, 0x8, &(0x7f00000001c0)=0x5)
preadv(r1, &(0x7f0000001880)=[{&(0x7f0000001a80)=""/102400, 0x19000}], 0x1, 0x0, 0x0)
setsockopt$SO_BINDTODEVICE(0xffffffffffffffff, 0x1, 0x19, &(0x7f0000000240)='wlan0\x00', 0x10)
io_uring_setup(0x19ad, 0x0)
r2 = openat$audio(0xffffffffffffff9c, &(0x7f0000000180), 0x109842, 0x0)
ioctl$SNDCTL_DSP_SETFMT(r2, 0xc0045005, &(0x7f0000000080))
ioctl$SNDCTL_DSP_SETFRAGMENT(r2, 0xc004500a, 0x0)
write$dsp(r2, &(0x7f0000000000)="81", 0x1)
mmap$dsp(&(0x7f0000ffd000/0x2000)=nil, 0x2000, 0x100000b, 0x8012, r2, 0x0)
close(r2)
r3 = gettid()
timer_create(0x0, &(0x7f0000533fa0)={0x0, 0x21, 0x800000000004, @tid=r3}, &(0x7f0000bbdffc))
timer_settime(0x0, 0x0, &(0x7f0000000280)={{0x0, 0x989680}, {0x0, 0x989680}}, 0x0)
pipe(&(0x7f00000002c0)={<r4=>0xffffffffffffffff})
vmsplice(r4, &(0x7f00000014c0)=[{&(0x7f0000000000)='|', 0x1}], 0xf, 0x0)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0)
io_uring_register$IORING_REGISTER_BUFFERS(0xffffffffffffffff, 0x0, &(0x7f00000002c0)=[{&(0x7f0000001700)=""/4095, 0x440000}], 0x100000000000011a)
bind$inet(0xffffffffffffffff, 0x0, 0x0)

3.945627522s ago: executing program 2 (id=2068):
socket$nl_netfilter(0x10, 0x3, 0xc)
add_key$keyring(&(0x7f0000000000), &(0x7f0000000080)={'syz', 0x0}, 0x0, 0x0, 0xffffffffffffffff)
r0 = openat$ptmx(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0)
r1 = socket(0x2b, 0x1, 0x1)
connect$inet6(r1, &(0x7f0000000040)={0xa, 0x0, 0x0, @local, 0x7}, 0x1c)
setsockopt$inet6_tcp_TLS_TX(r1, 0x11e, 0x1, 0x0, 0x0)
socket$inet6(0xa, 0x0, 0x0)
openat$procfs(0xffffffffffffff9c, &(0x7f0000000180)='/proc/asound/seq/timer\x00', 0x0, 0x0)
timer_create(0x0, 0x0, &(0x7f0000000140))
timer_settime(0x0, 0x0, &(0x7f000006b000)={{0x0, 0x989680}, {0x0, 0x9}}, 0x0)
timer_create(0x0, 0x0, &(0x7f0000000040)=<r2=>0x0)
timer_settime(r2, 0x0, &(0x7f00000001c0)={{0x0, 0x989680}, {0x0, 0x1c9c380}}, 0x0)
r3 = syz_io_uring_setup(0x6ae5, &(0x7f0000000440)={0x0, 0x0, 0x2}, &(0x7f0000004000), &(0x7f0000000340))
io_uring_register$IORING_UNREGISTER_IOWQ_AFF(r3, 0x12, 0x0, 0x0)
r4 = socket$netlink(0x10, 0x3, 0x10)
bind$netlink(r4, &(0x7f0000514ff4)={0x10, 0x0, 0x0, 0x2ffffffff}, 0xc)
setsockopt$sock_int(r4, 0x1, 0x8, &(0x7f0000000000), 0x4)
r5 = socket$inet6_tcp(0xa, 0x1, 0x0)
bind$inet6(r5, &(0x7f0000000000)={0xa, 0x4e22, 0x0, @empty}, 0x1c)
setsockopt$packet_int(0xffffffffffffffff, 0x107, 0xf, 0x0, 0x0)
listen(r5, 0x0)
r6 = socket$inet_mptcp(0x2, 0x1, 0x106)
connect$inet(r6, &(0x7f0000000000)={0x2, 0x4e22, @local}, 0x10)
r7 = socket$nl_generic(0x10, 0x3, 0x10)
sendmsg$SMC_PNETID_FLUSH(r7, &(0x7f0000000200)={&(0x7f00000000c0)={0x10, 0x0, 0x0, 0x200000}, 0xc, &(0x7f0000000100)={&(0x7f0000000180)={0x14, 0x0, 0x8, 0x70bd26, 0x25dfdbfc}, 0x14}, 0x1, 0x0, 0x0, 0x4}, 0x40004)
close_range(r0, 0xffffffffffffffff, 0x0)

3.907709314s ago: executing program 4 (id=2069):
r0 = socket$inet(0x2, 0x4000000000000001, 0x0)
setsockopt$inet_tcp_int(r0, 0x6, 0x80000000000002, &(0x7f00000000c0)=0x7a, 0x4)
bind$inet(r0, &(0x7f0000000080)={0x2, 0x4e23, @local}, 0x10)
sendto$inet(r0, 0x0, 0x0, 0x200007fd, &(0x7f0000e68000)={0x2, 0x4e23, @local}, 0x10)
setsockopt$inet_tcp_TCP_CONGESTION(r0, 0x6, 0xd, &(0x7f0000000100)='bbr\x00', 0x4)
r1 = syz_open_dev$cec(&(0x7f0000000100), 0x0, 0x0)
r2 = userfaultfd(0x80001)
madvise(&(0x7f00000ec000/0x800000)=nil, 0x800000, 0x17)
ioctl$UFFDIO_API(r2, 0xc018aa3f, &(0x7f0000000000))
ioctl$UFFDIO_REGISTER(r2, 0xc020aa00, &(0x7f0000000080)={{&(0x7f00000e2000/0xc00000)=nil, 0xc00000}, 0x2})
unshare(0x26020480)
r3 = memfd_create(&(0x7f0000000580)='-B\xd5NI\xc5j\x9appp\xf0\b\x84\xa2m\x00\v\x18\x004\x91\xfdy\xdb\xd1\xa7\xb1S\xf1:)\x00\xca\xd7U\x00\x00\xbc\xfa2\xb3\xbb\x8d\xac\xacva}knh#\xcf)\x0f\xc8\xc0`\xaa8\xc7\xc8\x9d\xfdA\b\x10\x92(c\x10d\xee\xa9\x8b\x066\xb8G\xd1c\xe1$\xff\x97k\xde\xc5\xe96\xddU)\xc98M\xcd\xfb\xcc\x82n\x8f~\xd0\xe2y-l\xef_\xb0\x93=\xabQ\xf7 \x1d\xa1\xce\x8b\xac \xe8\x88\xdc\x02\xd7\x04\x9b\x9aL\x9f([4\x81\xf6\xb6\xdf\x16J\xab\xecC\xfe{\xfd\x8a\xa3Eo\tCv\xad\x18\xe9\xd8]B6{\xf0(\xaeW;)\x9f\x9cR\xae\x12G\xd8\xa4\a\x00\x00\x00\x00\x00\x00\x00\x94\xb6\xe8\x885\x92#\x8dE \x86[N\xa7\xd03\xa8\xb4,\x85p\xbd\x88\x02\x1d\xf3\xd5X\xa0\xa9M\xca\xc7\x8b\x8cu\xf0\x00\x00\x00\x00\x00i\xc7\xe7\xbc\xd2\x1e\xf99|\x93\xc7\x7flk\xd2\xa0\xe9\x99`\xff\xf6\xfb\xc4\x9a[\x05\\\x96<\x92\xea}\xec\xac\x17\x9f7\xc0\xa1P\xd0\xf2\x8f\xdc\xf2\xb0\vV\xf7%4_\xba\x81\x95cLW\xfcw\xe0\x97wS\x15\xe4F\xb3\x8a\x9f\b\f\x10z\x14>\x03\xf9\xb0\x95\xbd\xaaF\x02\x86.\xbf\x85\xcfo)G\xb1m\xa8\x01H\x1fO\x9d\x9a\x1b\xfd\xaaf\x96\x92\x96\x1b\xfd\x8e\x10\x8a\x9e:\xa5\x14\xb0`\x82\xd8k\xfd\xd2XNh\xd3\xa3\x03\xb1\x10d)\x11.\xe8~\x8c\x19x\x8f\x82Y\xb9\xc8W\xd1\xa8\xa6b9\xbc\x1a\xff\xc5\xdcObsvRc\x13gb\xa4\x0e~\xbb\r\xb7!\x19\x17\xd56\xec\xb5\xe3\xd2\xa3\x17i\x1c?\xcb\x85\xbe\x13\xa13\x05\x8c\xa6Z\x87\xe0\x91]Bp\xd1\xabg\xd9p\xa9)n\xc5t\x8a\xcb\x1e\xec\x92\xdco\xc1\xe2\x12\xd3\xd1\x19\b&%\xf8a&9\x1b?\f\xd8\xa8\x1a\xc8q\x17\xc2]N\x9c\x80\xb1\x13\xb3\xd6\x01\xad\xc26\x13\x93\xd0\x80$\xc8\x05\x91\x9b\xa8\x02\xc3\x87\xc9\x86^\xb8\x7f\xec\\n\x05\xbf\xd7\x15\xce\xff\x00\xe7\xd9\xc5\r\x00\x02\x00\x00\x00\x00\x00\x00\x15\xd2\xd4~\x88\x19der\xa9B\x91m=\xcd\xf7\x9f\xaa\xe7\x9f\x11\x19\xf8\xe6\x16\x7f\xa8W\xf3\xbf\xcbq\x9d\x14#\xb0}\xb4#\x10\xa3\xc8\xff\xc3\x06\xe9^7\x86\x85\xd4:\x8dQd&E\xf4F\xc7l&\x19\xe6\x95\xec\xa1\n\x9cx\x8d\xf2\xec|\xccYR\xaeZ\xd2\x84\xed0\x00\x00\x00\x00\x00\x00\x00', 0x5)
r4 = dup(r3)
pwritev2(r4, 0x0, 0x0, 0x0, 0x0, 0x0)
r5 = userfaultfd(0x80001)
ioctl$UFFDIO_API(r5, 0xc018aa3f, &(0x7f00000000c0))
r6 = fcntl$dupfd(r2, 0x0, r5)
ioctl$KVM_SET_VCPU_EVENTS(r6, 0x4040aea0, &(0x7f0000000040)={0x2, 0x0, 0x0, 0x0, 0xd, 0x4, 0x1, 0x8, 0x4, 0x5, 0x9d, 0x9, 0x0, 0x3, 0x0, 0x39, 0x2, 0x3, 0x81, '\x00', 0x81, 0x4})
ioctl$UFFDIO_ZEROPAGE(r6, 0xc018aa06, &(0x7f0000000100)={{&(0x7f00003ea000/0x400000)=nil, 0x400000}, 0x1})
madvise(&(0x7f00003c1000/0x1000)=nil, 0xdfc3efff, 0x19)
r7 = epoll_create(0x7fff)
epoll_ctl$EPOLL_CTL_ADD(r7, 0x1, r1, &(0x7f0000000000))
r8 = socket$inet6_sctp(0xa, 0x5, 0x84)
shutdown(r8, 0x0)
getsockopt$inet_sctp6_SCTP_SOCKOPT_CONNECTX3(r8, 0x84, 0x6f, &(0x7f0000000000)={<r9=>0x0, 0x10, &(0x7f00000002c0)=[@in={0x2, 0x0, @local}]}, &(0x7f0000000440)=0x10)
setsockopt$inet_sctp6_SCTP_STREAM_SCHEDULER(r8, 0x84, 0xd, &(0x7f00000000c0)={r9}, 0x8)

3.811618588s ago: executing program 1 (id=2070):
r0 = socket$inet6_tcp(0xa, 0x1, 0x0)
setsockopt$inet6_tcp_int(r0, 0x6, 0x13, &(0x7f0000000100)=0x100000001, 0x4)
syz_genetlink_get_family_id$nl80211(&(0x7f0000000280), 0xffffffffffffffff)
r1 = socket$nl_generic(0x10, 0x3, 0x10)
ioctl$sock_SIOCGIFINDEX_80211(r1, 0x8933, &(0x7f00000003c0)={'wlan0\x00', <r2=>0x0})
sendmsg$NL80211_CMD_SET_INTERFACE(r1, &(0x7f0000000380)={0x0, 0x0, &(0x7f0000000140)={&(0x7f00000002c0)=ANY=[@ANYBLOB='\r\x00\x00\x00', @ANYBLOB="00946b60ab50486fb3f6bbbcd790363be2108d5420dbd3adf3dba7b9a0d66fc45b622c41b924fb5cdd55022788d2934216", @ANYBLOB="0528a2cbd500000000008600000008000300", @ANYRES32=r2], 0x24}}, 0x4040050)
connect$inet6(r0, &(0x7f0000000080)={0xa, 0x0, 0x0, @loopback}, 0x1c)
setsockopt$inet6_tcp_TCP_ULP(r0, 0x6, 0x1f, &(0x7f0000000140), 0x4)
seccomp$SECCOMP_SET_MODE_FILTER_LISTENER(0x1, 0x0, &(0x7f0000000000)={0x1, &(0x7f0000000080)=[{0x6, 0x0, 0x0, 0x7ffffdbd}]})
quotactl_fd$Q_SYNC(0xffffffffffffffff, 0x0, 0x0, 0x0)
r3 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000200), 0x6e401, 0x0)
r4 = ioctl$KVM_CREATE_VM(r3, 0xae01, 0x0)
ioctl$KVM_CREATE_IRQCHIP(r4, 0xae60)
r5 = ioctl$KVM_CREATE_VCPU(r4, 0xae41, 0x0)
r6 = dup(r5)
ioctl$KVM_SET_MSRS(r6, 0xc008ae88, &(0x7f00000000c0)=ANY=[@ANYBLOB="82"])
setsockopt$MRT6_FLUSH(r6, 0x29, 0xd4, &(0x7f0000000040)=0x4, 0x4)
prctl$PR_SET_VMA(0x53564d41, 0x0, &(0x7f0000ffe000/0x2000)=nil, 0x2000, &(0x7f0000000240)='tls\x00')
ioctl$KVM_X86_SET_MCE(r5, 0x4040ae9e, &(0x7f0000000400)={0x2600000000000000, 0xf000, 0x4, 0x0, 0x2})
getsockopt$bt_hci(r0, 0x11a, 0x4, 0x0, 0x0)
bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x0, 0x0, 0x0, 0x0, 0x101, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0}, 0x90)
socket$can_raw(0x1d, 0x3, 0x1)
r7 = socket$packet(0x11, 0x2, 0x300)
ioctl$sock_SIOCGIFINDEX(r7, 0x8933, &(0x7f0000000040)={'vlan1\x00', <r8=>0x0})
setsockopt$packet_add_memb(r6, 0x107, 0x1, &(0x7f0000000080)={r8, 0x1, 0x6, @dev={'\xaa\xaa\xaa\xaa\xaa', 0x24}}, 0x10)
setsockopt$packet_add_memb(r7, 0x107, 0x1, &(0x7f0000000000)={r8, 0x1, 0x6}, 0x10)

3.497176731s ago: executing program 1 (id=2071):
syz_open_dev$vim2m(&(0x7f0000000080), 0x7fff, 0x2)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
sched_setaffinity(0x0, 0x8, &(0x7f0000000040)=0x10001)
r0 = openat$hwrng(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0)
preadv(r0, &(0x7f00000001c0)=[{0x0}], 0x1, 0x0, 0x1)
epoll_create1(0x0)
syz_emit_vhci(&(0x7f0000000040)=ANY=[], 0x21)
epoll_create1(0x0)
socket$inet6_sctp(0xa, 0x1, 0x84)
r1 = openat$adsp1(0xffffffffffffff9c, &(0x7f0000000300), 0x0, 0x0)
r2 = syz_open_dev$media(&(0x7f0000000000), 0x1005, 0x0)
ioctl$MEDIA_IOC_ENUM_LINKS(r2, 0xc01c7c02, &(0x7f0000000540)={0x80000000, 0x0, &(0x7f00000004c0)})
r3 = socket$packet(0x11, 0x2, 0x300)
ioctl$sock_SIOCGIFINDEX(r3, 0x8933, &(0x7f0000000080)={'syz_tun\x00'})
r4 = syz_open_dev$dri(&(0x7f0000000180), 0x1, 0x0)
ioctl$DRM_IOCTL_MODE_CREATE_DUMB(r4, 0xc02064b2, &(0x7f0000000100)={0x8, 0x401, 0xdb})
ioctl$DRM_IOCTL_MODE_CREATE_DUMB(0xffffffffffffffff, 0xc02064b2, &(0x7f0000000080)={0x2, 0x5, 0x3})
ioctl$DRM_IOCTL_MODE_CREATE_DUMB(r4, 0xc02064b2, &(0x7f0000000140)={0x9, 0x9, 0x6c})
ioctl$DRM_IOCTL_MODE_CREATE_DUMB(0xffffffffffffffff, 0xc02064b2, &(0x7f0000000040)={0x49, 0x7fff, 0x1})
ioctl$DRM_IOCTL_MODE_CREATE_DUMB(r4, 0xc02064b2, &(0x7f00000001c0)={0x1ff, 0x3, 0x7fff})
ioctl$DRM_IOCTL_MODE_CREATE_DUMB(0xffffffffffffffff, 0xc02064b2, &(0x7f00000002c0)={0x1003, 0x8, 0x1})
ioctl$DRM_IOCTL_MODE_CREATE_DUMB(r4, 0xc02064b2, &(0x7f0000000240)={0x10001, 0x401f, 0x1})
ioctl$DRM_IOCTL_MODE_CREATE_DUMB(r4, 0xc02064b2, &(0x7f00000003c0)={0x75, 0x4, 0x81})
close_range(r1, 0xffffffffffffffff, 0x0)

3.166756468s ago: executing program 1 (id=2072):
syz_open_dev$vim2m(0x0, 0x7fff, 0x2)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
sched_setaffinity(0x0, 0x8, &(0x7f0000000040)=0x10001)
r0 = openat$hwrng(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0)
preadv(r0, &(0x7f00000001c0)=[{&(0x7f0000033a80)=""/102386, 0x18ff2}, {0x0}], 0x2, 0x0, 0x1)
epoll_create1(0x0)
syz_emit_vhci(&(0x7f0000000040)=ANY=[], 0x21)
epoll_create1(0x0)
socket$inet6_sctp(0xa, 0x1, 0x84)
r1 = openat$adsp1(0xffffffffffffff9c, &(0x7f0000000300), 0x0, 0x0)
r2 = syz_open_dev$media(&(0x7f0000000000), 0x1005, 0x0)
ioctl$MEDIA_IOC_ENUM_LINKS(r2, 0xc01c7c02, &(0x7f0000000540)={0x80000000, 0x0, &(0x7f00000004c0)})
r3 = socket$packet(0x11, 0x2, 0x300)
ioctl$sock_SIOCGIFINDEX(r3, 0x8933, &(0x7f0000000080)={'syz_tun\x00'})
r4 = syz_open_dev$dri(&(0x7f0000000180), 0x1, 0x0)
ioctl$DRM_IOCTL_MODE_CREATE_DUMB(r4, 0xc02064b2, &(0x7f0000000100)={0x8, 0x401, 0xdb})
ioctl$DRM_IOCTL_MODE_CREATE_DUMB(0xffffffffffffffff, 0xc02064b2, &(0x7f0000000080)={0x2, 0x5, 0x3})
ioctl$DRM_IOCTL_MODE_CREATE_DUMB(r4, 0xc02064b2, &(0x7f0000000140)={0x9, 0x9, 0x6c})
ioctl$DRM_IOCTL_MODE_CREATE_DUMB(0xffffffffffffffff, 0xc02064b2, &(0x7f0000000040)={0x49, 0x7fff, 0x1})
ioctl$DRM_IOCTL_MODE_CREATE_DUMB(r4, 0xc02064b2, &(0x7f00000001c0)={0x1ff, 0x3, 0x7fff})
ioctl$DRM_IOCTL_MODE_CREATE_DUMB(0xffffffffffffffff, 0xc02064b2, &(0x7f00000002c0)={0x1003, 0x8, 0x1})
ioctl$DRM_IOCTL_MODE_CREATE_DUMB(r4, 0xc02064b2, &(0x7f0000000240)={0x10001, 0x401f, 0x1})
ioctl$DRM_IOCTL_MODE_CREATE_DUMB(r4, 0xc02064b2, &(0x7f00000003c0)={0x75, 0x4, 0x81})
close_range(r1, 0xffffffffffffffff, 0x0)

2.817881629s ago: executing program 3 (id=2074):
r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0)
ioctl$KVM_GET_MSR_INDEX_LIST(r0, 0xc004ae02, &(0x7f0000002300)=ANY=[@ANYBLOB])
mbind(&(0x7f0000000000/0x600000)=nil, 0x600000, 0x2, &(0x7f0000000000)=0x9, 0x8, 0x0)
mbind(&(0x7f00003cb000/0x4000)=nil, 0x4000, 0x0, 0x0, 0x0, 0x0)
mlock2(&(0x7f00004ad000/0x3000)=nil, 0x3000, 0x0)
mbind(&(0x7f0000001000/0x800000)=nil, 0x800000, 0x0, 0x0, 0x0, 0x0)
r1 = syz_open_procfs(0xffffffffffffffff, &(0x7f00000000c0)='smaps\x00')
socket$inet6_sctp(0xa, 0x0, 0x84)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
sched_setaffinity(0x0, 0x8, &(0x7f0000000040)=0x10001)
r2 = openat$hwrng(0xffffffffffffff9c, &(0x7f00000002c0), 0x0, 0x0)
preadv(r2, &(0x7f00000000c0)=[{&(0x7f0000033a80)=""/102386, 0x18ff2}], 0x1, 0x0, 0x0)
r3 = socket$alg(0x26, 0x5, 0x0)
bind$alg(r3, &(0x7f0000000000)={0x26, 'hash\x00', 0x0, 0x0, 'ghash-generic\x00'}, 0x58)
r4 = syz_open_dev$vim2m(&(0x7f0000000080), 0x20000, 0x2)
ioctl$vim2m_VIDIOC_S_FMT(r4, 0xc0cc5605, &(0x7f00000000c0)={0x1, @pix={0x7, 0x4, 0x30314247, 0x5, 0xe0c, 0x8, 0xa, 0x8, 0x1, 0x1, 0x2, 0x3}})
r5 = openat$vim2m(0xffffff9c, &(0x7f0000000b00), 0x2, 0x0)
ioctl$vim2m_VIDIOC_CREATE_BUFS(r5, 0xc0f8565c, &(0x7f0000000480)={0x0, 0xbd5, 0x2, {0x2, @raw_data="9639a45b883795906fae0f2bd2345dbedaa1b49ccbffb22c51188dd19fd4a75dcaf6f4c57b3b7ca76db82a65a488ca77044ea52bb490fa19281fc69db66891f7a527ff9073a26e944555cca3646bd2e8ee1250ae8dc9f92038f0e3685130b787dbfb3ee6ebd4d0b399089ed86365801f1f7fbaac73b3a2c66e189bdd159497daa02914fe55221a594423bf793d8fe047fee18f5eaddadd67abb4a62d12bb2aa38514eece505a79f57f80f4a5a6970d497c763d75e8c8c482781b18d9e213dc7ed3a553077f375add"}})
ioctl$vim2m_VIDIOC_QBUF(r5, 0xc04c560f, &(0x7f0000000180)=@multiplanar_mmap={0x0, 0x2, 0x4, 0x0, 0x1, {}, {0x0, 0x0, 0x0, 0x0, 0x0, 0x0, "5c0a0551"}, 0x0, 0x1, {0x0}, 0x2})
recvmmsg$unix(0xffffffffffffffff, &(0x7f0000000a40)=[{{0x0, 0x0, &(0x7f0000000780)=[{0x0}], 0x1}}], 0x1, 0x0, 0x0)
setsockopt$ALG_SET_KEY(r3, 0x117, 0x1, &(0x7f0000000200), 0x0)
sendmmsg$unix(0xffffffffffffffff, 0x0, 0x0, 0xfff0)
read$FUSE(r1, &(0x7f0000000180)={0x2020}, 0x2020)
bpf$BPF_GET_PROG_INFO(0xf, &(0x7f00000003c0)={0xffffffffffffffff, 0xe0, &(0x7f00000000c0)={0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, ""/16, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x8, 0x0, 0x0}}, 0x10)
r6 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0)
ioctl$KVM_CREATE_IRQCHIP(r6, 0xae60)

2.816583179s ago: executing program 0 (id=2084):
write$sndseq(0xffffffffffffffff, &(0x7f00000003c0)=[{0x0, 0x0, 0x0, 0x0, @tick, {}, {}, @quote={{}, 0x0, &(0x7f0000000380)={0x0, 0x0, 0x0, 0x0, @tick, {}, {}, @ext={0x3, &(0x7f0000000740)='|2\n'}}}}], 0x1c)
r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0)
r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0)
sendmsg$nl_route_sched(0xffffffffffffffff, &(0x7f0000000140)={0x0, 0x0, &(0x7f00000002c0)={&(0x7f0000000480)=@newqdisc={0x4c, 0x14, 0x0, 0x0, 0x0, {0x2}, [@TCA_STAB={0x28, 0x8, 0x0, 0x1, [{{0x1c, 0x1, {0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1}}, {0x6, 0x2, [0x0]}}]}]}, 0x4c}}, 0x0)
ioctl$KVM_CREATE_IRQCHIP(r1, 0xae60)
r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0)
syz_kvm_setup_cpu$x86(0xffffffffffffffff, 0xffffffffffffffff, &(0x7f0000fe6000/0x18000)=nil, &(0x7f0000000100)=[@text64={0x40, &(0x7f0000000200)="f7790066baa00066b86b4266ef66ba420066b8e20066ef0f29902cbb0000c4e2b1ba8c88d9000000666666440f38826b410f7842280f07b8010000000f01d9c4033921820f47a753fd", 0x49}], 0x1, 0x0, 0x0, 0x0)
ioctl$KVM_SET_VCPU_EVENTS(r2, 0x4400ae8f, 0x0)
ioctl$KVM_SET_REGS(r2, 0x4090ae82, &(0x7f0000000a00)={[], 0x0, 0x78469555c77fef7b})
socket(0x1e, 0x1, 0x0)
r3 = socket$inet6_udp(0xa, 0x2, 0x0)
setsockopt$inet6_buf(r3, 0x29, 0x6, &(0x7f0000000180)="10000000000000002900000043000000", 0x10)
mount$fuse(0x0, &(0x7f00000020c0)='./file0\x00', 0x0, 0x0, 0x0)
mlock(&(0x7f0000fef000/0x2000)=nil, 0x2000)
openat(0xffffffffffffff9c, 0x0, 0x0, 0x0)
write$binfmt_elf32(0xffffffffffffffff, 0x0, 0x1001)
dup3(0xffffffffffffffff, 0xffffffffffffffff, 0x0)
r4 = syz_usb_connect(0x0, 0x24, &(0x7f0000000180)=ANY=[@ANYBLOB="12010000810087406d040e0a759400000001090212000100000000090400200003"], 0x0)
syz_usb_control_io$cdc_ecm(r4, 0x0, 0x0)
syz_usb_control_io$cdc_ncm(r4, 0x0, 0x0)
epoll_ctl$EPOLL_CTL_ADD(0xffffffffffffffff, 0x1, 0xffffffffffffffff, 0x0)
ioctl$KVM_RUN(r2, 0xae80, 0x0)

2.816208397s ago: executing program 2 (id=2075):
r0 = socket$nl_netfilter(0x10, 0x3, 0xc)
sendmsg$NFT_BATCH(r0, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000000)={0x0, 0xec}}, 0x0)
r1 = socket$nl_netfilter(0x10, 0x3, 0xc)
sendmsg$NFT_BATCH(r1, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000000040)={0x0}}, 0x0)
close(r1)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
sched_setaffinity(0x0, 0x8, &(0x7f0000000040)=0x10001)
openat$procfs(0xffffffffffffff9c, &(0x7f0000000180)='/proc/stat\x00', 0x0, 0x0)
r2 = openat$hwrng(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0)
preadv(r2, &(0x7f0000000240)=[{&(0x7f0000001a80)=""/102386, 0x18ff2}], 0x1, 0x0, 0x0)
r3 = bpf$MAP_CREATE_CONST_STR(0x0, &(0x7f0000000240)={0x2, 0x4, 0x8, 0x1, 0x80, 0x0, 0x0, '\x00', 0x0, 0x0}, 0x48)
r4 = bpf$MAP_CREATE_RINGBUF(0x0, &(0x7f00000007c0)={0x1b, 0x0, 0x0, 0x40000, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0}, 0x48)
bpf$PROG_LOAD(0x5, &(0x7f0000000ac0)={0x8, 0x1c, &(0x7f0000000300)=ANY=[@ANYBLOB="1808000000000000000000000000000018110000", @ANYRES32=r4, @ANYBLOB="0000000000000000b702000014000000b7030000030000008500000005000000bf0900000000000055090100000000009500000000000000b7020000000000007b2af0ff00000000d609080000000000db9af0ff41000000bf8600000000000007080000f8ffffffbfa400000000000007040000f0ffffffb70200000800000018280000", @ANYRES32=r3, @ANYBLOB="0000000000000000b7050000080000001500000076000000bf9800000000000056080000000000008500000007000000b70000000000000095"], &(0x7f0000000100)='syzkaller\x00', 0x9, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0)
sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x7)
r5 = syz_open_dev$radio(&(0x7f00000003c0), 0x2, 0x2)
read(r5, &(0x7f0000001e80)=""/96, 0x60)
r6 = socket(0x840000000002, 0x80000, 0xfd)
connect$inet(r6, 0x0, 0x0)
r7 = socket$inet6_tcp(0xa, 0x1, 0x0)
setsockopt$IP6T_SO_SET_REPLACE(r7, 0x29, 0x40, 0x0, 0x0)
r8 = socket$nl_generic(0x10, 0x3, 0x10)
syz_genetlink_get_family_id$devlink(&(0x7f0000000500), 0xffffffffffffffff)
sendmsg$DEVLINK_CMD_SB_POOL_GET(r8, &(0x7f0000000400)={0x0, 0x0, 0x0}, 0x0)
sendmsg$DEVLINK_CMD_TRAP_GROUP_GET(0xffffffffffffffff, &(0x7f0000000100)={0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x4001}, 0x4000080)
sendmsg$unix(0xffffffffffffffff, &(0x7f0000000280)={0x0, 0x0, 0x0}, 0x0)

2.697471473s ago: executing program 1 (id=2076):
openat$vmci(0xffffffffffffff9c, &(0x7f0000000140), 0x2, 0x0)
socket(0x1, 0x2, 0x0)
syz_open_dev$dri(&(0x7f0000000580), 0x0, 0x0)
syz_open_dev$tty1(0xc, 0x4, 0x1)
socket$inet6_sctp(0xa, 0x1, 0x84)
socket$nl_generic(0x10, 0x3, 0x10)
socket$nl_generic(0x10, 0x3, 0x10)
socket$inet6_udp(0xa, 0x2, 0x0)
socket$inet6_udp(0xa, 0x2, 0x0)
socket$inet_udp(0x2, 0x2, 0x0)
openat$6lowpan_enable(0xffffffffffffff9c, &(0x7f0000000040), 0x2, 0x0)
socket$inet_mptcp(0x2, 0x1, 0x106)
socket$nl_generic(0x10, 0x3, 0x10)
socket$nl_xfrm(0x10, 0x3, 0x6)
r0 = syz_io_uring_setup(0x2402, &(0x7f0000000080)={0x0, 0x0, 0x10100}, &(0x7f0000000280)=<r1=>0x0, &(0x7f0000000180)=<r2=>0x0)
socketpair$unix(0x1, 0x5, 0x0, &(0x7f0000000040))
socket$rds(0x15, 0x5, 0x0)
syz_io_uring_setup(0x5c5a, &(0x7f0000000200), 0x0, 0x0)
r3 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000080)='cpu.stat\x00', 0x275a, 0x0)
socket(0xa, 0x3, 0x3a)
socketpair$unix(0x1, 0x1, 0x0, &(0x7f0000000a40))
r4 = socket$alg(0x26, 0x5, 0x0)
write$UHID_CREATE2(r3, &(0x7f0000000040)=ANY=[@ANYRES64=r4], 0x118)
mmap(&(0x7f0000000000/0x3000)=nil, 0x3000, 0x5, 0x12, r3, 0x0)
syz_io_uring_submit(r1, r2, &(0x7f0000000000)=@IORING_OP_SPLICE={0x1e, 0x0, 0x0, @fd_index})
io_uring_enter(r0, 0x2d3e, 0x0, 0x0, 0x0, 0x0)

2.426186889s ago: executing program 4 (id=2077):
r0 = openat$ptmx(0xffffffffffffff9c, &(0x7f00000000c0), 0x0, 0x0)
ioctl$TCSETS(r0, 0x40045431, &(0x7f0000000000)={0x0, 0x0, 0x0, 0x0, 0x0, "0000002000000010000080ffff09ff73e9363b"})
syz_open_pts(r0, 0x0)
getsockopt$SO_J1939_SEND_PRIO(0xffffffffffffffff, 0x6b, 0x3, &(0x7f00000001c0), 0x0)
close_range(0xffffffffffffffff, 0xffffffffffffffff, 0x2)
bpf$BPF_PROG_DETACH(0x24, &(0x7f00000001c0)={@ifindex, 0xffffffffffffffff, 0x0, 0x0, 0x0, @link_id}, 0x20)
sendmsg$nl_route(0xffffffffffffffff, &(0x7f0000000100)={0x0, 0x0, &(0x7f0000000500)={&(0x7f00000001c0)=ANY=[@ANYBLOB="380000004900010000", @ANYRES32=0x0, @ANYBLOB], 0x38}}, 0x0)
rseq(&(0x7f00000004c0), 0x20, 0x0, 0x0)
close_range(0xffffffffffffffff, 0xffffffffffffffff, 0x2)
r1 = socket$inet6_sctp(0xa, 0x1, 0x84)
bind$inet6(r1, &(0x7f00004b8fe4)={0xa, 0x0, 0x0, @loopback}, 0x1c)
ptrace$poke(0xffffffffffffffff, 0x0, 0x0, 0x0)
ioctl$sock_SIOCSPGRP(0xffffffffffffffff, 0x8902, 0x0)
sendto$inet6(r1, &(0x7f0000847fff)='X', 0xfee4, 0x0, &(0x7f000005ffe4)={0xa, 0x0, 0x0, @loopback}, 0x1c)
ioctl$sock_SIOCGIFINDEX(0xffffffffffffffff, 0x8933, 0x0)
syz_genetlink_get_family_id$ethtool(&(0x7f00000000c0), 0xffffffffffffffff)
openat$cgroup_ro(0xffffffffffffffff, &(0x7f0000000080)='cpuacct.usage_percpu_user\x00', 0x0, 0x0)
syz_genetlink_get_family_id$nl80211(&(0x7f0000000180), 0xffffffffffffffff)
r2 = openat$sysfs(0xffffffffffffff9c, &(0x7f0000000400)='/sys/power/resume', 0x149a82, 0x0)
write$cgroup_int(r2, &(0x7f0000000040)=0x40000, 0x12)

2.233210798s ago: executing program 1 (id=2078):
r0 = socket$inet6_sctp(0xa, 0x1, 0x84)
setsockopt$inet_sctp6_SCTP_SOCKOPT_BINDX_ADD(r0, 0x84, 0x64, &(0x7f0000000900)=[@in={0x2, 0x4e23, @loopback}, @in6={0xa, 0x0, 0x0, @loopback}], 0x2c)
sendto$inet6(r0, 0x0, 0x0, 0x40, &(0x7f000005ffe4)={0xa, 0x4e27, 0x0, @ipv4={'\x00', '\xff\xff', @empty}}, 0x1c)
r1 = socket$can_j1939(0x1d, 0x2, 0x7)
r2 = socket(0x15, 0x5, 0x0)
r3 = socket$l2tp(0x2, 0x2, 0x73)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
sched_setaffinity(0x0, 0x8, &(0x7f0000000040)=0x10001)
r4 = syz_open_procfs(0xffffffffffffffff, &(0x7f0000000000)='net/ipv6_route\x00')
lseek(r4, 0xae7e, 0x0)
read$FUSE(r4, 0x0, 0x0)
r5 = openat$hwrng(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0)
preadv(r5, &(0x7f0000000240)=[{&(0x7f0000001a80)=""/102386, 0x18ff2}], 0x1, 0x0, 0x0)
sendmsg$unix(r4, &(0x7f000001d140)={&(0x7f000001ab80)=@file={0x0, './file0\x00'}, 0x6e, &(0x7f000001ae80)=[{&(0x7f0000000100)="ba7eae04b0b1008028c5b54c8f4a1afb8e6bbbfe16a77feb9dd4394298febba7", 0x20}, {0x0}, {&(0x7f000001ad00)="08d97198cbbeabe441e918e036958896c72def81347492d40b82069d670b2b9c9d09441b3c7fb0db3a3933485a19c80cc08da96da97372ad61f425210f29cc5ea960529e5a040ef0655a321f985400ec1932503cd157c630", 0x58}, {&(0x7f000001ad80)="19c5b21dd99b571d55f00cb7e217c64c62c851443bb255ab2c131c98ededb7c9543b9c0d8319f7baf601743cf4e4671561de35b736692930303b200e73d73d8b847874a238fe66febc47bc6ed2b1ba168a02296d976b7f3a345295fac60207c12a69a341dbac", 0x66}, {&(0x7f000001ae00)="b520530e86d24ec8b6af487eaa281b5b02e537793e", 0x15}, {&(0x7f000001ae40)="3fda0bfaba41f477fcd0", 0xa}], 0x6, &(0x7f000001d080)=[@rights={{0xc}}, @rights={{0x2c, 0x1, 0x1, [r4, r2, 0xffffffffffffffff, r1, r0, r1, r1, 0xffffffffffffffff]}}, @cred={{0x18}}, @rights={{0x10, 0x1, 0x1, [r1]}}, @rights={{0x20, 0x1, 0x1, [r2, r3, 0xffffffffffffffff, r4, r5]}}, @cred={{0x18, 0x1, 0x2, {0x0, 0x0, 0xee00}}}], 0x98, 0x8000}, 0x2000c800)
setsockopt$IPT_SO_SET_REPLACE(r3, 0x4000000000000, 0x40, &(0x7f00000002c0)=@raw={'raw\x00', 0x4001, 0x3, 0x248, 0x0, 0x0, 0x148, 0x1b4, 0x148, 0x1b4, 0x240, 0x240, 0x1b4, 0x240, 0x7fffffe, 0x0, {[{{@ip={@private, @local, 0x0, 0x0, 'veth0_to_bond\x00', 'nr0\x00'}, 0x0, 0x70, 0xd8}, @unspec=@CT2={0x68, 'CT\x00', 0x2, {0x10, 0x0, 0x0, 0x0, 'snmp\x00', 'syz0\x00'}}}, {{@ip={@local, @initdev={0xac, 0x1e, 0x0, 0x0}, 0x0, 0x0, 'ip6gre0\x00', 'pim6reg\x00'}, 0x0, 0xb8, 0xdc, 0x0, {}, [@inet=@rpfilter={{0x24}}, @inet=@rpfilter={{0x24}}]}, @common=@unspec=@NFQUEUE0={0x24}}], {{'\x00', 0x0, 0x70, 0x94}, {0x24}}}}, 0x2a4)
getsockopt(r2, 0x200000000114, 0x2711, &(0x7f0000000580)=""/102393, &(0x7f0000000040)=0x2a)
getsockopt$SO_J1939_ERRQUEUE(r1, 0x6b, 0x4, &(0x7f0000000140), &(0x7f0000000340)=0x4)
r6 = socket$inet6_tcp(0xa, 0x1, 0x0)
sendfile(r0, r6, 0x0, 0x40000000)
connect$inet6(r6, &(0x7f0000000180)={0xa, 0x4001, 0x0, @dev, 0xd}, 0x1c)
r7 = socket$kcm(0x10, 0x2, 0x4)
setsockopt$SO_J1939_PROMISC(0xffffffffffffffff, 0x6b, 0x2, &(0x7f0000000080), 0x4)
sendmsg$kcm(r7, &(0x7f0000000240)={0x0, 0x0, &(0x7f0000000000)=[{&(0x7f0000000280)="89000000120081ae08060cdc030000007f03e3f7000000006ee2ffca1b1f0000000004c00e72f750375ed08a56331dbf9ed7815e381ad6e747033a0093b837dc6cc01e32efaec8c7a6ec0012100001400c0c0c00bdad446b9bbc7a46e3988285dcdf12f21308f868fece01955fed0009d78f0a947ee2b49e33538afa8af92347514f0b56a20ff27fff", 0x89}], 0x1}, 0x0)
r8 = syz_open_procfs(0x0, &(0x7f00000000c0)='task\x00')
fchdir(r8)
statx(r4, &(0x7f00000001c0)='./file0\x00', 0x0, 0x20, &(0x7f000001aa80))

2.213001505s ago: executing program 2 (id=2079):
r0 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x3, 0xc, &(0x7f0000000000)=ANY=[@ANYBLOB="180000000000000000000000000000008500000061000000180100002020732500000000002020207b1af8ff00000000bfa100000000000007010000f8ffffffb702000008000000b703000000000000850000007000000095"], &(0x7f0000000200)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90)
bpf$BPF_PROG_TEST_RUN(0xa, &(0x7f0000000080)={0xffffffffffffffff, 0x18000000000002a0, 0xe, 0x0, &(0x7f00000002c0)="b9ff03076003008cb89e08f086dd", 0x0, 0x0, 0x60000000, 0x0, 0x0, 0x0, 0x0}, 0x50)
r1 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xb, &(0x7f0000000180)=ANY=[@ANYBLOB="18000000000000000000000000000000180100002020702500000000002020207b1af8ff00000000bfa100000000000007010000f8ffffffb702000000000000b7030000e8ffffff850000000400000095"], &(0x7f0000000040)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f00000000c0)={&(0x7f0000000080)='sched_switch\x00', r1}, 0x10)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0)
sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x7)
getpid()
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={<r2=>0xffffffffffffffff, <r3=>0xffffffffffffffff})
connect$unix(r2, &(0x7f000057eff8)=@file={0x0, './file0\x00'}, 0x6e)
sendmmsg$unix(r3, &(0x7f0000000b40), 0x2b842ac, 0x0)
recvmmsg(r2, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
r4 = openat$sndseq(0xffffffffffffff9c, 0x0, 0x0)
setresgid(0x0, 0xee00, 0x0)
remap_file_pages(&(0x7f0000ffb000/0x4000)=nil, 0x4000, 0x0, 0xfffffffffffffffc, 0x0)
r5 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000100)='cgroup.stat\x00', 0x275a, 0x0)
mmap(&(0x7f0000000000/0x3000)=nil, 0x3000, 0x0, 0x12, r5, 0x0)
msync(&(0x7f0000002000/0x1000)=nil, 0x1000, 0x4)
mmap(&(0x7f0000ffc000/0x1000)=nil, 0x1000, 0x2000000, 0x80010, r0, 0xa671d000)
bpf$BPF_PROG_TEST_RUN(0xa, &(0x7f0000000500)={r0, 0x0, 0x8, 0x8, &(0x7f00000002c0)="0000ffffffffa000", &(0x7f0000000300)=""/8, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x50)
r6 = shmget$private(0x0, 0x3000, 0x0, &(0x7f0000ffb000/0x3000)=nil)
r7 = shmat(r6, &(0x7f0000ff2000/0xe000)=nil, 0x5000)
shmdt(r7)
openat2$dir(0xffffffffffffff9c, &(0x7f0000000480)='./file0\x00', &(0x7f00000004c0)={0x335340, 0x61}, 0x18)
statx(r4, &(0x7f0000000240)='./file0\x00', 0x400, 0x0, &(0x7f0000000340))
shmat(0x0, &(0x7f0000ff7000/0x3000)=nil, 0x4000)

1.93229801s ago: executing program 3 (id=2080):
r0 = openat$ptmx(0xffffffffffffff9c, &(0x7f00000000c0), 0x0, 0x0)
ioctl$TCSETS(r0, 0x40045431, &(0x7f0000000000)={0x0, 0x0, 0x0, 0x0, 0x0, "0000002000000010000080ffff09ff73e9363b"})
r1 = syz_open_pts(r0, 0x0)
getsockopt$SO_J1939_SEND_PRIO(0xffffffffffffffff, 0x6b, 0x3, &(0x7f00000001c0), 0x0)
close_range(0xffffffffffffffff, 0xffffffffffffffff, 0x2)
bpf$BPF_PROG_DETACH(0x24, &(0x7f00000001c0)={@ifindex, 0xffffffffffffffff, 0x0, 0x0, 0x0, @link_id}, 0x20)
sendmsg$nl_route(0xffffffffffffffff, &(0x7f0000000100)={0x0, 0x0, &(0x7f0000000500)={0x0, 0x38}}, 0x0)
rseq(&(0x7f00000004c0), 0x20, 0x0, 0x0)
close_range(0xffffffffffffffff, 0xffffffffffffffff, 0x2)
r2 = socket$inet6_sctp(0xa, 0x1, 0x84)
bind$inet6(r2, &(0x7f00004b8fe4)={0xa, 0x0, 0x0, @loopback}, 0x1c)
ptrace$poke(0xffffffffffffffff, 0x0, 0x0, 0x0)
ioctl$sock_SIOCSPGRP(0xffffffffffffffff, 0x8902, 0x0)
sendto$inet6(r2, &(0x7f0000847fff)='X', 0xfee4, 0x0, &(0x7f000005ffe4)={0xa, 0x0, 0x0, @loopback}, 0x1c)
ioctl$sock_SIOCGIFINDEX(0xffffffffffffffff, 0x8933, 0x0)
syz_genetlink_get_family_id$ethtool(&(0x7f00000000c0), 0xffffffffffffffff)
openat$cgroup_ro(0xffffffffffffffff, &(0x7f0000000080)='cpuacct.usage_percpu_user\x00', 0x0, 0x0)
syz_genetlink_get_family_id$nl80211(&(0x7f0000000180), 0xffffffffffffffff)
r3 = openat$sysfs(0xffffffffffffff9c, &(0x7f0000000400)='/sys/power/resume', 0x149a82, 0x0)
write$cgroup_int(r3, &(0x7f0000000040)=0x40000, 0x12)
bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000400)={0x8, 0x10, &(0x7f0000000d00)=ANY=[@ANYRESDEC, @ANYRES64, @ANYRESHEX], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, r3, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x200000}, 0x90)
ioctl$UFFDIO_API(r3, 0xc018aa3f, &(0x7f0000000000)={0xaa, 0x40})
ioctl$TCSETSW2(r1, 0x402c542c, &(0x7f0000000200)={0x7, 0x7c0, 0x9, 0x4, 0x9, "eb1b38f9d239edef0724e42eaa0eb9f611876d", 0x7, 0x6})
ioctl$TIOCNXCL(r1, 0x80045440)

1.796156723s ago: executing program 4 (id=2081):
syz_open_dev$vim2m(0x0, 0x7fff, 0x2)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
sched_setaffinity(0x0, 0x8, &(0x7f0000000040)=0x10001)
r0 = openat$hwrng(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0)
preadv(r0, &(0x7f00000001c0)=[{&(0x7f0000033a80)=""/102386, 0x18ff2}, {0x0}], 0x2, 0x0, 0x1)
epoll_create1(0x0)
syz_emit_vhci(&(0x7f0000000040)=ANY=[], 0x21)
epoll_create1(0x0)
socket$inet6_sctp(0xa, 0x1, 0x84)
r1 = openat$adsp1(0xffffffffffffff9c, &(0x7f0000000300), 0x0, 0x0)
r2 = syz_open_dev$media(&(0x7f0000000000), 0x1005, 0x0)
ioctl$MEDIA_IOC_ENUM_LINKS(r2, 0xc01c7c02, &(0x7f0000000540)={0x80000000, 0x0, &(0x7f00000004c0)})
r3 = socket$packet(0x11, 0x2, 0x300)
ioctl$sock_SIOCGIFINDEX(r3, 0x8933, &(0x7f0000000080)={'syz_tun\x00'})
r4 = syz_open_dev$dri(&(0x7f0000000180), 0x1, 0x0)
ioctl$DRM_IOCTL_MODE_CREATE_DUMB(r4, 0xc02064b2, &(0x7f0000000100)={0x8, 0x401, 0xdb})
ioctl$DRM_IOCTL_MODE_CREATE_DUMB(0xffffffffffffffff, 0xc02064b2, &(0x7f0000000080)={0x2, 0x5, 0x3})
ioctl$DRM_IOCTL_MODE_CREATE_DUMB(r4, 0xc02064b2, &(0x7f0000000140)={0x9, 0x9, 0x6c})
ioctl$DRM_IOCTL_MODE_CREATE_DUMB(0xffffffffffffffff, 0xc02064b2, &(0x7f0000000040)={0x49, 0x7fff, 0x1})
ioctl$DRM_IOCTL_MODE_CREATE_DUMB(r4, 0xc02064b2, &(0x7f00000001c0)={0x1ff, 0x3, 0x7fff})
ioctl$DRM_IOCTL_MODE_CREATE_DUMB(0xffffffffffffffff, 0xc02064b2, &(0x7f00000002c0)={0x1003, 0x8, 0x1})
ioctl$DRM_IOCTL_MODE_CREATE_DUMB(r4, 0xc02064b2, &(0x7f0000000240)={0x10001, 0x401f, 0x1})
ioctl$DRM_IOCTL_MODE_CREATE_DUMB(r4, 0xc02064b2, &(0x7f00000003c0)={0x75, 0x4, 0x81})
close_range(r1, 0xffffffffffffffff, 0x0)

1.511668661s ago: executing program 3 (id=2082):
syz_open_dev$vim2m(&(0x7f0000000080), 0x7fff, 0x2)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
sched_setaffinity(0x0, 0x8, &(0x7f0000000040)=0x10001)
r0 = openat$hwrng(0xffffffffffffff9c, 0x0, 0x0, 0x0)
preadv(r0, &(0x7f00000001c0)=[{&(0x7f0000033a80)=""/102386, 0x18ff2}, {0x0}], 0x2, 0x0, 0x1)
epoll_create1(0x0)
syz_emit_vhci(&(0x7f0000000040)=ANY=[], 0x21)
epoll_create1(0x0)
socket$inet6_sctp(0xa, 0x1, 0x84)
r1 = openat$adsp1(0xffffffffffffff9c, &(0x7f0000000300), 0x0, 0x0)
r2 = syz_open_dev$media(&(0x7f0000000000), 0x1005, 0x0)
ioctl$MEDIA_IOC_ENUM_LINKS(r2, 0xc01c7c02, &(0x7f0000000540)={0x80000000, 0x0, &(0x7f00000004c0)})
r3 = socket$packet(0x11, 0x2, 0x300)
ioctl$sock_SIOCGIFINDEX(r3, 0x8933, &(0x7f0000000080)={'syz_tun\x00'})
r4 = syz_open_dev$dri(&(0x7f0000000180), 0x1, 0x0)
ioctl$DRM_IOCTL_MODE_CREATE_DUMB(r4, 0xc02064b2, &(0x7f0000000100)={0x8, 0x401, 0xdb})
ioctl$DRM_IOCTL_MODE_CREATE_DUMB(0xffffffffffffffff, 0xc02064b2, &(0x7f0000000080)={0x2, 0x5, 0x3})
ioctl$DRM_IOCTL_MODE_CREATE_DUMB(r4, 0xc02064b2, &(0x7f0000000140)={0x9, 0x9, 0x6c})
ioctl$DRM_IOCTL_MODE_CREATE_DUMB(0xffffffffffffffff, 0xc02064b2, &(0x7f0000000040)={0x49, 0x7fff, 0x1})
ioctl$DRM_IOCTL_MODE_CREATE_DUMB(r4, 0xc02064b2, &(0x7f00000001c0)={0x1ff, 0x3, 0x7fff})
ioctl$DRM_IOCTL_MODE_CREATE_DUMB(0xffffffffffffffff, 0xc02064b2, &(0x7f00000002c0)={0x1003, 0x8, 0x1})
ioctl$DRM_IOCTL_MODE_CREATE_DUMB(r4, 0xc02064b2, &(0x7f0000000240)={0x10001, 0x401f, 0x1})
ioctl$DRM_IOCTL_MODE_CREATE_DUMB(r4, 0xc02064b2, &(0x7f00000003c0)={0x75, 0x4, 0x81})
close_range(r1, 0xffffffffffffffff, 0x0)

1.115443148s ago: executing program 1 (id=2083):
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, 0x0, 0x0)
bpf$MAP_CREATE(0x0, 0x0, 0x0)
bpf$PROG_LOAD(0x5, 0x0, 0x0)
seccomp$SECCOMP_SET_MODE_FILTER_LISTENER(0x1, 0x0, &(0x7f0000000040)={0x1, &(0x7f0000000000)=[{0x6, 0x0, 0x0, 0x7fff7ffc}]})
mkdirat(0xffffffffffffff9c, &(0x7f0000000040)='./file0\x00', 0x0)
openat(0xffffffffffffff9c, &(0x7f0000004280)='./file0\x00', 0x0, 0x0)
r0 = openat$tun(0xffffffffffffff9c, &(0x7f00000038c0), 0x0, 0x0)
ioctl$TUNSETIFF(r0, 0x400454ca, &(0x7f0000001440)={'\x00', 0x2})
ioctl$TUNGETVNETLE(r0, 0x800454dd, &(0x7f0000000000))
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, 0x0, 0x0)
write$P9_RVERSION(0xffffffffffffffff, 0x0, 0x15)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x0, 0x8b}, 0x0)
sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x7)
getpid()
sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={<r1=>0xffffffffffffffff, <r2=>0xffffffffffffffff})
connect$unix(0xffffffffffffffff, &(0x7f000057eff8)=@abs, 0x6e)
sendmmsg$unix(r2, &(0x7f0000000000), 0x651, 0x0)
recvmmsg(r1, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
ioctl$KVM_IOEVENTFD(0xffffffffffffffff, 0x4040ae79, 0x0)
setsockopt$netlink_NETLINK_ADD_MEMBERSHIP(0xffffffffffffffff, 0x10e, 0xb, 0x0, 0x0)
sendmsg$nl_route(0xffffffffffffffff, 0x0, 0x0)
r3 = socket$nl_generic(0x10, 0x3, 0x10)
r4 = syz_genetlink_get_family_id$tipc2(&(0x7f0000000040), 0xffffffffffffffff)
sendmsg$TIPC_NL_UDP_GET_REMOTEIP(r3, &(0x7f00000060c0)={0x0, 0x0, &(0x7f0000006080)={&(0x7f0000000280)={0x28, r4, 0xb01, 0x0, 0x0, {}, [@TIPC_NLA_BEARER={0x14, 0x1, 0x0, 0x1, [@TIPC_NLA_BEARER_NAME={0xd, 0x1, @udp='udp:syz2\x00'}]}]}, 0x28}}, 0x10)

1.108457173s ago: executing program 3 (id=2085):
socket$nl_generic(0x10, 0x3, 0x10)
r0 = socket$inet6_sctp(0xa, 0x1, 0x84)
r1 = gettid()
timer_create(0x0, &(0x7f0000533fa0)={0x0, 0x21, 0x800000000004, @tid=r1}, &(0x7f0000bbdffc))
futex_waitv(&(0x7f0000000ac0)=[{0x0, &(0x7f0000000740), 0x82}], 0x1, 0x0, &(0x7f0000000800)={0x77359400}, 0x0)
timer_settime(0x0, 0x0, &(0x7f0000000400)={{0x0, 0x989680}, {0x0, 0x3938700}}, 0x0)
syz_open_procfs(0x0, 0x0)
sendto$inet6(r0, &(0x7f0000000380)='X', 0x1, 0x0, &(0x7f0000000140)={0xa, 0x0, 0x0, @private2}, 0x1c)
setsockopt$inet_sctp6_SCTP_EVENTS(r0, 0x84, 0xb, 0x0, 0x0)
setsockopt$SO_TIMESTAMP(r0, 0x1, 0x4b, &(0x7f0000000040)=0x5, 0x4)
shutdown(r0, 0x1)
recvmmsg(r0, &(0x7f0000000a80), 0x0, 0x40012101, 0x0)
openat$sysfs(0xffffffffffffff9c, &(0x7f0000000640)='/sys/power/pm_test', 0x42, 0x0)
io_setup(0x20, &(0x7f0000001140))
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
r2 = openat$hwrng(0xffffffffffffff9c, &(0x7f0000000680), 0x0, 0x0)
sched_setaffinity(0x0, 0x0, 0x0)
preadv(r2, &(0x7f0000001880)=[{&(0x7f0000001a80)=""/102394, 0x19045}], 0x1, 0x0, 0x0)
socket$inet6_tcp(0xa, 0x1, 0x0)
r3 = socket$inet6_mptcp(0xa, 0x1, 0x106)
getsockopt$inet6_tcp_int(r3, 0x6, 0x24, &(0x7f0000000c00), &(0x7f0000002000)=0x2)
syz_open_dev$usbfs(&(0x7f0000000100), 0x77, 0x101301)
openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x42, 0x0)
fcntl$setsig(0xffffffffffffffff, 0xa, 0x0)
r4 = socket$nl_netfilter(0x10, 0x3, 0xc)
sendmsg$NFT_BATCH(r4, &(0x7f000000c2c0)={0x0, 0x0, &(0x7f0000000200)={&(0x7f0000000340)=ANY=[@ANYBLOB="140000001000010000000000000000000000000a28000000000a0101000000005e1affd5020000000900010073797a300000000008000240000000032c000000030a01030000e6ff00000000020000000900010073797a30000000000900030073797a320000000014000000"], 0x7c}}, 0x0)

1.054640467s ago: executing program 4 (id=2086):
r0 = socket$unix(0x1, 0x1, 0x0)
bind$unix(0xffffffffffffffff, &(0x7f0000003000)=@file={0x1, '\xe9\x1fq\x89Y\x1e\x923aK\x00'}, 0x6e)
listen(0xffffffffffffffff, 0x0)
connect$unix(r0, &(0x7f0000000180)=@file={0x1, '\xe9\x1fq\x89Y\x1e\x923aK\x00'}, 0x6e)
syz_open_dev$vim2m(&(0x7f0000000080), 0x7, 0x2)
openat$adsp1(0xffffffffffffff9c, 0x0, 0x0, 0x0)
r1 = openat(0xffffffffffffff9c, &(0x7f000000c380)='./file0\x00', 0x40, 0x0)
r2 = openat$fuse(0xffffffffffffff9c, &(0x7f0000002080), 0x42, 0x0)
mount$fuse(0x0, &(0x7f00000020c0)='./file0\x00', &(0x7f0000002100), 0x0, &(0x7f0000002140)=ANY=[@ANYBLOB='fd=', @ANYRESHEX=r2, @ANYBLOB=',rootmode=00000000000000000100000,user_id=', @ANYRESDEC=0x0, @ANYBLOB=',group_id=', @ANYRESDEC=0x0])
read$FUSE(r2, &(0x7f00000021c0)={0x2020, 0x0, <r3=>0x0}, 0x2020)
write$FUSE_INIT(r2, &(0x7f0000000040)={0x50, 0x0, r3, {0x7, 0x1f, 0x0, 0x90c20}}, 0x50)
syz_fuse_handle_req(r2, &(0x7f000000e3c0)="000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000002000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000080000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000dc4e00000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000400000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000ba045abcd5dfc67d000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000230000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000050000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000a000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000008000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000209bfd66eea210560000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000020000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000040000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000001354c4b600", 0x2000, &(0x7f00000062c0)={0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, &(0x7f0000006340)={0x20}, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0})
syz_fuse_handle_req(r2, &(0x7f0000004200)="a28096c80abf3543ecde7564abff5085d2227ebcb0f164ae92706ad0b083a3f469a3efd15b4921e9c3063b98b3082068e7c31950dde842eac55df0f991453cad62a6956b0b6f7b8cf49b506a3060fe1127eca99663ade8efa89ee189acb5f3b92f6bc4c46621c803eed0d0bb5f32384870ed08f89d4f74445762fb99715e083c4c92a8878be19ffacc30d0f2da64f971cd40563163adc15670ecf25cd3ad96138967c4b53ad9d04b5193ab5fb674aa0030a9d703d1baf810ce897f969121f142161919e583c275671b999e7f363891dfdfdf3556d01b86ee29eca8fccbfeaf1771395148706cc6e6be7ce29fc9ffef061b5420950c1a525bf75ad06edec51538d1c5bbc77da72dc90fd9998936fffdda2427e5a68966c7e2208f76304680182ec73007e482f034195712af922db2726195d997708734db9e7825a864be00b2a4f800881fc0363f5e618398454f35b148b4ccb88d418269fac868a8ba4a2d5b4f06a1ac01b5ad158b842e05adca22c7372585bf4ce95560b6c1e021a3ed2ff7bd3b6b3c7734c3b66d7e4c460096312082f89b16baa6e73814aa60925780cd92cd65087e260ec046fc363264366a9df2c849c0644911303946adad544521ceb469a3e193ecc9a7876403fac461a4a70d6193b2451189a5c5120b3535e9edf619108af7f517b58abd3fa7fb1ab832213430d2e6901076fba9c9e1acc6c6f48ff0e419bbc45589745a176f52a7407ad5e3dd49acb31b47862806f47077dda04905e45a80a12cbcd4d2dd9fe66c2d1f99394fed8ec60961cd2dc7115a96ece432fac86d51bebb08b95f447a83792fe80291fca7b298c9043ef2c26f0f7e42798d3f54c84b94c24c76c555d83ecc53b99bb22d71845e5cf21a5ba7fbeffeb6306e1730db14561b950a3f24bcfd78d4ab0d97de8054bb1a6077ae7cca6e45d846d3df82298d07212922742cb0facac3b77edfbab90e9ee2d4f7b0ee9b17bb11ec5e5721340d84cb6bd93428167e69b47759172557acda313c3decdfc6fe9336bfade459f43b39d0f2289f9142db280f4ee668e650e12858c577e12e2b9a57ee66c834be97979bcbe94747fa5d8d0b7d3a9f8f218df1bf960f828429a1efe838616b18faf6629236ddbded43a093efae163228e5c38fd7714743c2fcca47e3382bcfb1ab893fd7377527b4ec43f3fa60ebd338161d8de7cad65b15579e4af258f5fe3a63c2637a15703207029b0899b5427767647baef11e291358e6e54f6f13d3d2ca7a5e7969e04d2733b3b9ab822c69a3cfac097384de5071a9b74a656136d55eb190df08747b509fd610ff62b4950ef71c934fe21a48a4931d3d9458b415f112cee65c660f5490e982341da1c58634b3967ca6f3596d20cc90f508382156e36f16539093240ef5f2aa6a2c0dff2a67df30dcf50bf6e0b82a3d49f2d532a8dde1b3ceefcf0837190b74186090d1c18b59917d7efce1adfb238ef4a7b1d22c4cef09320221de883e97e6882466508de06fcdabad3b741bdca2cff879d57ddda52f42b3dcb8a78cfc05826af7e4ff155960ff8491194f4d321ef195990abaeeefdcb852d1e1e3703f317385a9458b6c2dd9db830f757ec29c9939fc7313e639fe485bc1e41ddaaef3fbf1f7cc527c8fad0d21b8082482caad7bee440e5097665f636c3dfec82f8c98afb6243bc3944939675a594277d278ba4361461f7da52e224e4ce5dee4a467bf6ae9f67b61ac6eb0a440406abac2016eec907e241c57f5f44be47290fd0fef785ff04df3810ccd637b4d97a84bae8486a36f75d872e645fe46625969fc2d1f032c56ed44bd98ea27bd9b6ddc8eb2dc2ec9f90f2f1ca1bd20e37ac58b03c84c872f4ba47310654986641460dfdd531ac62a76ad87b89c103ac5c9c2e7e70c66447b3412d4a1e5cbc30e16939505116c04de33ae054ed366de8d1f971c2de439957a194e22a488f58d7efd46439177f3f3c45a1475927eecd846d3d2e6a2ab5c7f8addd99062c2fc6b272d1f51bb8f22f1b6f8bb3faf8aa85e5eb9abf7df5cf8f26267323808b0833a987989cbe59205e7ad06556e2d1b8a4873ca1cbcbc8d43abc145fd4eb832e7a58ab2c793d003ce7b1850ce45eb7480417a1e9eb9d39a1028a2a04a2aa649c098c4f8eee514db5f6021173bb254b8e22b150b2ca01dc7ff235db46ed78d07f43d1adab13b8445d1b32069eb45f9d389fcf5a3f7d3ebe243c5b1fe17b1f5a3d571b65f21b9e471e818172554dc956749b99cb7a5f303ec480d7194a2ba86e204f06aa1becdddc8c49082c527e7064ac2ad77dc05639d3d2a7778f6943ed6105ebf6f0b9e94fddbe05c236ec000f4d1d4e496b10068211ab68ada4c7f7ac61f5f5ba5f1810d5bbe87ff4f8356af0d3f682baedb0ad8f8488b277421f0a03fc5e3095ee34bc4472d8f17e3f7013cf2f79f5ff3ea4b6bae56d1365a33b09bfa9a496323f7da923b7e29dce4beb81035f13130004c96e56d7ef6ca6c101d20c27a218e623227c33c9e488b17e7ae9ac20da8240501f7b614a1730f164553fe479ef149866e4ea47296814284a3d3eb7cbb294289ffb996e0eb053b9c16e54cf267832e3d360eb196ed51305630223309ea97215628f01ec9d3ea48096418d5e962cac5063460f0a18772ec7ce66d14a1cce14b52c40bbbfafccbf1e76f09e57ff0718048e5b993157a6cf4718826b1e09430413a3596a15c4a620fa8c8e1d1663e5739f9f790ddbb3be0e00187d43717d659242467d8681ac10303346157f894d9037641417010e9654c6a5b22263e73a5a37128f50078a980c30930321aa5c5e7851d5d392ddce3a14a96916fa8421ae6728f37f5de7c3e98feb4babd4e1bd2315d595e209d52748f70adc2284fcdaa6ad880470d2a071f3490aaf3491fb64b4547419e8eccdc491a8921156cb4811ad1e66514a32b0b31b641438881f28c1e6461b4f451938999af671e8c6a5cd0c072a9fe4cdbefe24ca616f3d0a15ac97cca835b1a440e04fa28340c6044176c8ecc8ee0d033d47db8a0aacfa0eabdfa1c9509fc2604008f01cbafeb5bd2b503b809ed672340b9a576593f1ef388391b54b605e7a15bef7b1345627a34fca57738b0f8f4f19eea93c903495274a4425a1a1cc6c4c6e335b631df5185c95b485e4257867b5347a40e4e14dcc560f061fd4fd265137dc68afd548adde778f1330f769acb1ccf5da14ff6992c24e210ea6e6179421881b803393bc6974e37106c5b5b3b5d0b3469f8969bffb7e4ceb2c98e928e74366492d27235ae4c74a2f48511aeeaa53a2beafa7a331b50e454c507af1b63350a5cef35668a5b9325014192277e509561008b3601088f79d42eaa8b1e4ae2000b31749e2b8094312ddb7f3c1cd625ef885c11fa22a66e374b52b3425e0b8016154e1fd8471339e32e7373d63ab646d893fbe09ae07b06074c01401ea76b3c382a9d32f24f93c789964e16bc4206ecd75c10917ab84ffd8d6cdf4cd28fd90375ff28518f8c1a3befc538e1b9e427fb671988d29f2fb2fcd039f4d341c84eb4d7cf600ddaba88bb094e4d87a1419180149f491368e648b69985b05ac39a4ecdd3c5135f3a5c8ad7792dacb6470144bb9e67805a211efb3ec9ccaf8e0901345fb19e4da579e1fbe86a1207f4f13c3436009c2c640b7cf3f8b77ca7bd994bf93308027359c6dd1b7db1e153fc0821968ef36c003b6c73fe890f4de24f5c6458dbaaf3819edeaa91783c3cfc7e773689236248195c7bbd60113f2476fa3687621d668d1728ee433d2f8f4db707345d30f1e52ab87a2a0afd547c6bb06500f59f17facde48f693490e22494b75d11df1a143b85068d143ef6a9bb5937a9df380c8948f1a01e9675e18409edb0f6b9605b68e34632fcce472dc50b90b0f6dcd57931f78e1e8861a0fb62e72b0baad6f9d23c1cfb0f19b25013c8d9fcd786a2f6f79768b5fb398f7b2baa31ce8156d1fc4a46c1c463fdf30360d42aeed2ef11611d0b7f654bb51052fd4dc39328f8ec4c58bbda05e6f1b3c8f6d8adca0268f2410e9a4a7d63b6616006d0e02f6edacc10e5c54fd85f15a8bd7648a293f23d6a699bd9a675250475a73a96d7475e4fabb89fb5e7de5d7a3479aa485c0befc60d0ac4fd5ac6dbecceb06cad86e219fc0ce4720758917811a3215f8d13e413bfb64fc065fc421aede0b56691797dac428c7e463479fa591b9072c309b7533e427c5cc11a1f6cf9a5b995d328d796d874c5b55dfc12a5039b413ce319cf5ba1f355c4e0717d32650b43e18010f37f048731931c52c4f36eb969dda702afe96c2a5241350a67ba2d026946189c5e281293c9a8e2cff3784776f1de78b917101b54e5ab00c045ea15f28a0e3f509962cf8bd3385d85250737eae5c34ece86b86669c13b00308a3b13c0ac3c83ff26fb52a4aa83c1233a9490cb9ca917a056908931751bddb88a62379a713395f0764e4a393faf253a4026d0472270e6036287d56850df1751543484d65b3062155b6300e0024241c59a862ae769c1a9232a2d9fb24705177a09cceb3eefbf9f106f67e01be14cdeb4d2fc7d8661df3e75de5ccd09a7e559f028fb9837c621ea0045b4d1b679067f246339c974631aa7134d4e910efb28d3c48929cef1df7e6c73668762d55086b6c59c36ac90154135fd7ca4e4047dd0aa161fa982d8edf9c0cb9666477e096c55718f6e4742415fefd4f696d1f1ccd6322bc19496ddebd36282a7c707d5b44113e30678e6e33ab7d34be04a59ac614d6a54134490998be02636fa91633d6294781c2b9a54c611c0045cfcfe81f49aa21b29d835cd2047c854486fd8e65a2ebf629f7ced602b9dd107bfde483e5c9b5cbba4a08cdce09920bda9978b7fc2b4a89bf1573a26389e52090fdf5dccf22111dc8c42fd3c8c477092895398086cc22cca665269e193fc650742a361a44b857d258429f701f22e9b7615bc3dab78c1479a41cf8575cdb17169470b347adfc03e03daea3e269725cfc72df5664b9df36d2f2b55013b71133e0b80577a47182511ebb308b6248d457bd2af7b28e77182c305241178c4124ab102771fd5a8c3dacb8775de881301d71587c76bcf0a97a72ad244d0c42fd71aceec32dd48bb5c9a95b391166c832ac5bac8c7cae4d18b3f7d9f2e4782fdf97732e3d51f67bbb57f989ee0d7589dbd0c2a5c63840e914b9d7d720fa120acbffebf816b588b2ccc052e7fa78992e0ea39dd21a122add41195f8e2e1acd777c1a4e8ef4362fef441feb4d9252c6bfbd2742152300a32027776e3341620d3c8d9365e10e81adcca7d87a0e555c98a0353c692557d90ee9be3fbaab766abf93e2462149fd99c92a5fc58d899ee75535cd1fe1386c5ab0b157c2102039d6015258f59cef3f15b951893a30ae839f740402a30b34e7be73796286403c5beb0853d856d83f1b00b48328f56dcb32e1faab08a3435b1482bf18b21c95aefeaafa7fd761c7f28d416fcde06bf7aee5c6e9eb50e55874253ba3f1d0ce2505b4fc7c3fc996bfbb8446bafe84f5bea94bfd7ca5aeaf237fe793b66e5c521d4092e4e1f9bde1dfcfe53fa55005d21cfa833a338fd9792614129336060e10d1911862070761aa20c2902eb7c5a355eff4cf6253d7102a2ca1fead4c53b57d576d104c081310d92797e4e2e8c269d19910d0d4cedf30fa28ba680c00137f83de940624229b6a125ce5233c6cf4a3640b74f58f288dad8451fbe37641c5559a5f3caf1299c8bfb230723652278fe378efd8e459b9da26cffeb58468a6301dbc06d713ba2d8d43d9038f5f2dc8b831ba58a88eeb5b1786b21e398aeeeb7c1f3d6f01d82b3947862fb9e7cbd7da5d04c5fcd34da28d53e2246e3ac1e3a619ad174efa6435eaa0fc94d610799ce0158421dce046306eb5042143daa336d52206b12610ea6389cdda49bf5af1d4ee42ac090a94ae7b7612073f3a5c36a2205eda887f41478f7d20f18667f941f71eebcfa76c1ab28f2a49a3bd56bd3f4e6bd079ab3fe2d94782236e83585a03e52907abaef7456a95d5d3f3d37efdc035dbfd7c41b8ba0af2df8adf1cf24f7ff0beccd3d26bc91caf42314ef7e466f74e19ae0df2e2298fc2f694a7ec134632035585d530e7e19f65c256f001d75382d9825ef741bc213af186377d9ca10d3722354e1897ca5c23ac6a52c9ad0e6b686e1776f7ec65df033e8f4d5db80c1bc354093b319cb70df93d610667675816328c99322f14e636b95f04e6497f139d508b453f53ddb5c289d849fd5407c9bdcefd1642abd46e28cb4e94371bdc606eeb67c9fe17747c68f2d50e82711da4d3edb0eda06f41b7f93fa8fb4d83cf21c79da67000bac2275508217ade1659fa8d24e5f8efb9f4bd21073ebef3d06368eb03fa3cf0d638448bd055ed20d292033ffdba538559c8ff9a2a5c8f83b5c393643d6585d1df994c3be43e72b8f3f53114d2a5f6bcedb573842b23b6a3eb7fca8495bf03bd03fde7b19bd39a16cec49e01f38e671af33cae082d9788e3202799bc466babec2080528d0609c0b731964719093735b4c1e73bd0705637c47516922197c552baeaf3516b5e3bbc2cd1afa3ef8215196ed580d9561092f620b897e98e786a0c7cbb0eedda8063292ba6482497f5f6bb62fb5ab4c97cb7658dc6579718eb97b547fcf47ced1426561af93a15fb4dc6d3d93b868644943c2c94b23b0570bbb81df2666c24f5abccfcdd71e209f3bb43c01d17f9bc8b9af2c26762fc6a741a150b7d1186e4f35175f3c315243e1c11e92c43a1fc492eef5a13c77a81fcf514ebfd0f8e645dae15a07e86b2f01fda065db4505a5eea83cb616f744f6bee731be191c65449c02603556d5a51422cf9c2f19f8d6843e0c1091e0708aa271e91f71c8602b9fa72189e036b7cb6af1569f21269283de94a6d7fe5849fd433d5b719c80419873db0587fc29786cc598d896fb16360bddd2ce12e54d05418f4f5e5f2d7aafe9fcd6268cbe2e9e6329ffb6c67fab8f3ce673028cc06aaa6b857556bba3b44d3fab5b6e875e70a2f3ad4b2ff76f31ead3462d3801ba373b3c2f545e94f57021575e2947f81f53283fc0a5137fd44fa3d074c92de54a0a3465c858f5a7ef08313faddbc3663e4e0167f3cba39612057a7518fbfb031f5ad0f9f75831973ebd733b82e554bf3fdec84e51f65dab6028c6c51366d9d4700fdf255e4c7bd70766e7f2281b3f2a5363f85ce49f9135904d14bcb117ad754c2594dcdca2d30e40ff265b5accfb116f64ed99aad570c4c5a91efdbb984ac651d8721405a0342cf77f448c17a152eabf29e88950558a86d0074e1cefab1eb7c366682f686ee1338737e675ea58eb8b4c86b9f28a6f6e96459f29e3b4dc59ff044c61a0dcc5c31d803e6e98420e446229ccdec3d0f705e92ffe016bb3696373eadab7f35ccf65ab4d9be09a085ce21bbd7c0555376e4d7fe68b5e7a64f48b5127825fb2be598d991f9c1a54bf52713417dcc599e812d85513a537e6eafa738edc972b67e065595d11678449bce6cd3d69800a649b560d0e057c502ca3e72e97820829ecfea801192c3f4e2c8763c095a43ee6fe45fe8730130937668df1d4ee577ada28238be03286481f2d2a004cc4d48856e71fbd64f1a0043a4520ecbbf1b3abdc96b87a27be8495a20542967aa4cd3a44a11502419a083d84e97abfde0901b66dde48388649a0ed6d93b9f20c530e990c7c52370a114d800d6ab3f6687d6bbc105b63738fe05fa6cac98ad6663936bb18cb923264e44312c24c2ce8e642bb73c921012b68a26a70977446b8f15f9d62467d8b356560c183a6bd6cd76ec868c3bd94a595cd7bf996755a508a814980c5e588b275200c45afd900c8c2de329ec2484b0e3ecd7b0960e5e3425881d1ff7f8bd8b20f5cc98ffc3acb77f5e88775a4bd3ab9f9eb027e27d3af55ebdf4eebab48ea911128d668d00fc3f5b5480aa0d9a4af563ba577384448e5425157133d59e1cef3c722f33700bd372825046b1fa5824e405154a3af1440bc2b75acfbd07cf92e8c162587e74b5ab66b1c6aeab3ad5fa3ee91da4900ef30ad04baea326df912517dd96e1696b4a91faa66675978a375e81f25464a1073dc6737af08d7e25956bb31d438548a7da38662d49db812a8cf1d6cc65f5c63879fd9ee7fd2a66ca3fc1a768cb239aab88c87206470b4c60592afeb6d69ed97a8f990155862ba4e22b64804142c131a23792937aa8a8696e165c24d7692a04bb4471b0f0d2507fe7c8618421428fc7a0acc984ca5cc6bacb772e8a717bbaa646f9643275910a6037afaf5a80678d18edda138a4e13d06d04a5d06431eab48738225cf1567e960e765728dc12e91b91c6f2b33dfb6e033aa68c1c2334d24335abc4a7a1df5636dec29091da54d5f5a1fff41e4a35a0c2f04f968f7d78e2f51c73577e2192bb20f289aaba5a175c2ed533855bd9ed9a842ad482136dd5e0cf45eb5e2d31ff62a3be1cf8a94a58316e74f4ab9fc54f3a0bb83beef0f355993bdea2c83e61cdc796bf2564ae51fae616799e8711998cd88d35cd9824452fdd65226174b46792cb87f4dd282e4e6f67eb66da413ad877ed6ce775f7e19bc93f48bb9e5ec04009de3c042aeacf7f4b25ad6b30e017303f64fe07ac79e8744aab6926d117f13513d0469cef335fe1d0d787c2d0b2c031a9521786ac10e9f8b768271680337f2c3262abdccb5d3107c632bf1f74c83ee91f49988222fb080cc8faa9b1a02526d8b6087e0b2354173d29016b3309587c16f057dd812aa63c3169150de81f3af97d082a8f8da4ce4f909ff649821d7f96d97613552e8cc4902e046ecfa329b1d980ff5ece69b8f1615fdff5244f41cec0af924624ae1641ecae5fa26c5fb9006e57100ee71377ced7c255ae17a0845e2ee0287c62c1852f93877f9f86157ca9675d383fff5cd6f2b001ec0136c07cf37f5ace1853122c2baa1092d418e2a490c4a5c8f56b828ce1bafeef4e77f095d6b4ed99d56f66812cb19be540ebe5d52e7eff2d69cbb8477e11514f7e3604bf9999f78c2f1ca6f60a2216b87fa0f25269c425b7d50709b200912b3b7899c95e12d6e9c4dacc19e327721860e0477a53e6793fbb7fb9704a848f395f48c24a6e79b9e1358cc3497251de88b8d3a7b22c6d8af1a7fab81530d9f0cc98f62debb222b54780d89794238532717b447d71b46a60ed481c21db85b590b31720009695ecffd4ef029964e5d5149622233ac013e960a005c924f73ea82c318455546c53d74aa3f7e2ff26aa074c40a55aba8b08027fc19b596eec6c4f89bae39e74b9aad88344f7cc5ad3eefa5095f2ab47222e9a357ecd71c6700ac576025201490d9e446603dfd4bda7617dd500981b2d2ab8c43882a5208494cb3f8ebc720bca8a7cf6c80bd7aaaf89507bb3412ea490a78973f12cc30413e9df1458917ea3d68b438d424c1314bc8d01939c5a5a842438281e62d0c800dee704b2a6cd3e1e4b885a6b26b894a98765fa3308c9e4b87f93625faecdb17c29a27cd243bf6030a67874ec9f2443cf8154261ac2a834c01cbe1f314ee7aa3ca552e1648cf8b42a63f249e3538026e09e44d69dc259adb0d1a0cbccb5a5dd5d0dccc90d023da79d5634188ff060f7e35a5f9d7ad99546824d63975d4452de876093f4e997dc46eedcd80a9eebf5e4f077fbb10c7d9e19a3419e7b845972a3b62613c5404a209b16fa88e0ff49d7b4f21fecc1f773c5b4be61021e0cab8602c6e8257649303aaeafcbb178e7a460ff07f219c46eb6fe5bf8113723e454003bd707767c107daf4255751daaf8decf35262640058924eb6587868b2c08230b317e97396ebc928ba8d274ca0eed0bfcb637676003c64e8c1e1a0420b6c96a44226061ced41b8448382abd2f3d0c472afcde231fbc9ee90c2f1132f8e2391246f95ad93354c7460e20de996ad0f61b13b27646887a637cede90b94b7d8c3130f0fe060e8d955c711a2700b302a75bdeb32a0a6802ea795cb114f5f82a1a381a86bbff88b299e47728b746dff964c94c52b661b9429376b1320b46081426b7c340206dc0da151bf84be2a49e78b6b5938753d2b1be8d9e67c43c5d70e72519f5f90d0500e84ee38f82b191ac4d968b0a37901fd923cb289d585693ac3c3f8a94fca6df45e694e199a9cd0b1bc1fa7394bcc96aae670dca6605a998793b7e067ac410ba631057b8b76fcbe9524df820c02efef1608b743cd2aa6d60d3d8e476fa12d3acc329f8272b087d89471177ed531fec1f9c24a975ca2fcd8c246a33e291a3f00b7f234052067a0059c86762475256bb5e7dac6f121a0925506b18933c6e314915d4b3b2130aafc2483ef22ff8bb7b887565b1bd22fabca22037d8fc9437f675c5313526266f60bb7c7c47f30c7d567ed142ea5ec367c4298328d20e5344f01c0c90cf8a6302f4d84b6ba7495fba314a05ba29b63bb6d458fdb05a4411136958309f418fb178e19aa09ff9e62b29732fb2986c96e738f7a688cb2122dbb8f2ad9a5f28bc49ec0c462413552afee8e403259b55ad6dc334dde7f2d306929dd01f2aa6036cafd41874522689301b81c9e50e86828894140356db0a3317b081ed9d8148c41e77e6bda6287762532b86eb91f5480915680deb8a91fb8656b7f0109064865d2b846af0861f67d3f720d6e306540cd7b68f095ef3690b88ea93fb6a402ff5697597cda83171f159e85307d1a8c01611189bd4eb4f0453ab88d43ae181a562a76902a67c687514079d6f4304d9a7c0fa24b6e86074ea0a9fd8187c120312078f5ebfa674adc0303734bf8f6b5585943706594192ad24c9f7d9794fb83758924f862855ddd50bff58b522c43d73c03289baec628cd693cab93101b1e473b76532510e10f03e86812fea6f2d6f5467dcf29e6d7cf8524f383a0ded3f0951c3ffb171a6b8a6d97b5fa8899a19f1a3d0e934a1d4741076e4394ba225158f697bf7d5651717c6950229a0be22e8120d76a414edbcd03d505264b7ede8272ccbd6dbdcebaf11daf6a652f6f9eb74ba7a3ecc942892891388005ae5d971e4e79d696564906dffd44845b704a9abc2fa5ba1bb69a548423a08044ad6d0e365db7e6bea0f3844a452759716cb98dcf326001ec90c1c343174098cdf47ea2e13341058ca014d2a30e9ba3c526de72a6e387181bf76a278c9cbc518d8c374a3f1d9802a39464a100903dbec16f8f095f5d82d9d09507281e4f7fe0ce4fbeced193902a5f658af2a4c1d0952dabdc6ae5830b6b5a2c3f5b8d33a73665990822e5f4a7ce5366755a1615543bdf78299c71e890e0bedb6ec277b10a389d6a3ba9c037221421279e51ab50fb115de2076cc99444202e88ebd9d0fbe4e60234b7b761495ac6c9e615ddac8176164a88fb6d6cc2b52672c8949afe3efc1e87a598896bc93e421423844fcaafe65af898a015b3bcaf623ebeef9a57155af5278ceb52b995f7ca466d9e18b05e86380679e0257cff6d0c6750078462f2ee4701d6d8289ed848b877cf5918625b7937060d667c11119881c30809056892352c6c53c01e395af6866ea350e6f21fa3db772c1177c759999973b51e11ffc5908", 0x2000, &(0x7f0000000240)={0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, &(0x7f00000000c0)={0x78, 0x0, 0x0, {0x401, 0x0, 0x0, {0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x8000}}}, 0x0, 0x0, 0x0, 0x0, 0x0})
r4 = openat(0xffffffffffffff9c, &(0x7f0000000000)='./file0\x00', 0x20c01, 0x0)
write$binfmt_elf32(r4, &(0x7f0000000540)=ANY=[], 0xa8)
io_setup(0x1fe, &(0x7f0000000200)=<r5=>0x0)
io_submit(r5, 0x1417, &(0x7f0000000700)=[&(0x7f0000000440)={0x18, 0x7000000, 0x4, 0x1, 0x0, r4, &(0x7f0000000180)='\x00', 0x37000}])
dup3(r1, r2, 0x0)
setsockopt$inet_tcp_TCP_REPAIR_OPTIONS(0xffffffffffffffff, 0x6, 0x16, 0x0, 0x0)
r6 = fsopen(0x0, 0x0)
fsconfig$FSCONFIG_CMD_CREATE(r6, 0x6, 0x0, 0x0, 0x0)
fsconfig$FSCONFIG_SET_FLAG(r6, 0x0, 0x0, 0x0, 0x0)
close_range(0xffffffffffffffff, 0xffffffffffffffff, 0x0)
fsconfig$FSCONFIG_CMD_RECONFIGURE(r6, 0x7, 0x0, 0x0, 0x0)
setsockopt$SO_BINDTODEVICE(0xffffffffffffffff, 0x1, 0x19, 0x0, 0x0)
sendmsg$nl_xfrm(0xffffffffffffffff, 0x0, 0x0)

662.494978ms ago: executing program 0 (id=2087):
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
sched_setaffinity(0x0, 0x8, &(0x7f0000000040)=0x10001)
r0 = openat$hwrng(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0)
preadv(r0, &(0x7f00000001c0)=[{&(0x7f0000033a80)=""/102386, 0x18ff2}, {0x0}], 0x2, 0x0, 0x1)
epoll_create1(0x0)
syz_emit_vhci(&(0x7f0000000040)=ANY=[], 0x21)
epoll_create1(0x0)
socket$inet6_sctp(0xa, 0x1, 0x84)
r1 = openat$adsp1(0xffffffffffffff9c, &(0x7f0000000300), 0x0, 0x0)
r2 = syz_open_dev$media(&(0x7f0000000000), 0x1005, 0x0)
ioctl$MEDIA_IOC_ENUM_LINKS(r2, 0xc01c7c02, &(0x7f0000000540)={0x80000000, 0x0, &(0x7f00000004c0)})
socket$packet(0x11, 0x2, 0x300)
r3 = syz_open_dev$dri(&(0x7f0000000180), 0x1, 0x0)
ioctl$DRM_IOCTL_MODE_CREATE_DUMB(r3, 0xc02064b2, &(0x7f0000000100)={0x8, 0x401, 0xdb})
ioctl$DRM_IOCTL_MODE_CREATE_DUMB(0xffffffffffffffff, 0xc02064b2, &(0x7f0000000080)={0x2, 0x5, 0x3})
ioctl$DRM_IOCTL_MODE_CREATE_DUMB(r3, 0xc02064b2, &(0x7f0000000140)={0x9, 0x9, 0x6c})
ioctl$DRM_IOCTL_MODE_CREATE_DUMB(0xffffffffffffffff, 0xc02064b2, &(0x7f0000000040)={0x49, 0x7fff, 0x1})
ioctl$DRM_IOCTL_MODE_CREATE_DUMB(r3, 0xc02064b2, &(0x7f00000001c0)={0x1ff, 0x3, 0x7fff})
ioctl$DRM_IOCTL_MODE_CREATE_DUMB(0xffffffffffffffff, 0xc02064b2, &(0x7f00000002c0)={0x1003, 0x8, 0x1})
ioctl$DRM_IOCTL_MODE_CREATE_DUMB(r3, 0xc02064b2, &(0x7f0000000240)={0x10001, 0x401f, 0x1})
ioctl$DRM_IOCTL_MODE_CREATE_DUMB(r3, 0xc02064b2, &(0x7f00000003c0)={0x75, 0x4, 0x81})
close_range(r1, 0xffffffffffffffff, 0x0)

259.810013ms ago: executing program 0 (id=2088):
socketpair$nbd(0x1, 0x1, 0x0, &(0x7f0000000580)={0xffffffffffffffff, <r0=>0xffffffffffffffff})
socket$nl_netfilter(0x10, 0x3, 0xc)
setsockopt$inet6_tcp_TCP_CONGESTION(0xffffffffffffffff, 0x6, 0xd, &(0x7f0000000180)='westwood\x00', 0x9)
sched_setaffinity(0x0, 0x8, &(0x7f0000000040)=0x10001)
preadv(0xffffffffffffffff, 0x0, 0xfffffffffffffe89, 0x0, 0x0)
bpf$PROG_LOAD(0x5, 0x0, 0x0)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
r1 = openat$hwrng(0xffffffffffffff9c, &(0x7f00000002c0), 0x0, 0x0)
preadv(r1, &(0x7f0000000580)=[{&(0x7f0000000640)=""/102396, 0x18ffc}, {0x0}], 0x2, 0x0, 0x0)
r2 = socket$inet(0x2, 0x4000000000000001, 0x0)
setsockopt$inet_tcp_int(r2, 0x6, 0x80000000000002, &(0x7f00000000c0)=0x7a, 0x4)
r3 = socket$inet_smc(0x2b, 0x1, 0x0)
getsockname$inet(r3, &(0x7f0000000140)={0x2, 0x0, @remote}, &(0x7f00000001c0)=0x10)
bind$inet(r2, &(0x7f0000000080)={0x2, 0x4e23, @multicast1}, 0x10)
sendto$inet(r2, 0x0, 0x0, 0x200007fd, &(0x7f0000e68000)={0x2, 0x4e23, @local}, 0x10)
setsockopt$inet_tcp_TCP_CONGESTION(r2, 0x6, 0xd, &(0x7f0000000100)='bbr\x00', 0x4)
sendmmsg$inet(0xffffffffffffffff, 0x0, 0x0, 0x0)
setsockopt$sock_int(r2, 0x1, 0x0, 0x0, 0x0)
sendto$inet(r2, &(0x7f00000012c0)="09268a927f1f6588b967481241ba7860fcfaf65ac618ded8974895abeaf4b4834ff922b3f1e0b02bd67aa03059bcecc7a95425a3a07e758044ab4ea6f7ae55d88fecf90b1a7511bf746bec66ba", 0x20c8, 0x11, 0x0, 0x27)
openat$cgroup_ro(0xffffffffffffff9c, 0x0, 0x275a, 0x0)
ioctl$VIDIOC_SUBDEV_ENUM_MBUS_CODE(r1, 0xc0305602, &(0x7f00000003c0)={0x0, 0x0, 0x1004})
connect$inet6(0xffffffffffffffff, &(0x7f0000000100)={0xa, 0x0, 0x0, @dev, 0x2}, 0x1c)
sendto$inet6(0xffffffffffffffff, &(0x7f0000000080), 0x0, 0x0, 0x0, 0x0)
bpf$MAP_CREATE(0x0, &(0x7f0000000000), 0x48)
ioctl$SIOCSIFHWADDR(r0, 0x89f0, &(0x7f0000000900)={'tunl0\x00', @random='\x00\x00\x00 \x00'})
bpf$BPF_GET_PROG_INFO(0xf, 0x0, 0x0)

232.884213ms ago: executing program 4 (id=2089):
r0 = syz_usb_connect$hid(0x0, 0x36, &(0x7f0000000000)=ANY=[@ANYBLOB="12010000000000404c05d50310000200000109022400010000000009041200010300000009210000000122010009058103"], 0x0)
syz_usb_ep_read(r0, 0x1, 0x1000, &(0x7f0000000b40)=""/4096)
syz_usb_control_io(r0, 0x0, 0x0)
bpf$MAP_UPDATE_CONST_STR(0x2, 0x0, 0x0)
r1 = fsopen(&(0x7f0000000280)='cifs\x00', 0x0)
fsconfig$FSCONFIG_SET_STRING(r1, 0x1, 0x0, &(0x7f0000002280)='//\xf2b\x06\b\xba\xdf/o\xdc\xea\x95\x9a\x82\x10\x97W\x8f7\x98\x9b\\/\\\x00\rmD\x94)U\xdb\x15X.I\n}\xf3\x9d\xe4_\x05\x9cqf4I^#b?9\xde\xafu\'\x83L\xe0\x97\xe1n_\xa4%\xb1\x97\x93\xafv\xce/\\\xb4L\xf2_\xa7\xfb\xf4\x84\x1fA\xeas^\xef\xa2\x85\xa3!\xfb\x97\xd7R\xab2\x1eW\xe9h\x9b\xf7ul\xf9D\xd4\x82X5\x13\xaa\x87\xf9\xba\xa9m\x14\x14R_\x9a\\>4\xce\x8e_#\xf8DD\x9bp\x01\xcc:\xa6\xc5n\x9f\xfb\x81 \x10\x0fQ\x90}Zd\xeb\xab\xf70\x99\xef\x8b<M\n\xc0`[\x82\xf6$\xa4\xbe\x1e\xd3\xe4\xd9L\x14\xed\xcfK\xcc\xeb,\x1a1\xa6\xf3e\xc2F\xc3V\x9c\x8c\xf8\xf7\xe2\xd5\x8bE\xee5\x00\xaa\xd5\xfc\x1b$\x06\x1a\xb0W#\xf4\xde6\x04c\xc0\xeec\xa0l\xd5d\xe5\xcd\xb2\xc10\x97w\x87\xe5\x06\x91W\rr\xf5\x97%\xe8pO\xeb]\xc2\x98C\xffK\xa0\xb3\\\x99{\xcdR\x92\x94\xf7\x1d\x01Q\x1a\xbd\x15b\x15h\xe2!\x00\xb9z)\x19\x00\xee\xd2)[p`\xb3\x03\xa7p\'X\xec\xcdoX\x05\xff\xff/o\xb2\xad\xb8\x89i@\f\xffS&\x8a\xc9\xfez\xc2\x90\xe7F\xa6\xdb\r\x03j,N\xe1lw\xec\xac\xe8\xf0\xbd\xa1\x98\xce\xf9\x1eR\x9cc\xc5ke_\xa7\x11\"\x04\xd8.\xa0\x15\x83\xf1\x92\xdby\xe9\xdc@.\xc1g\xc6\fc\xa26\xd8\xdf\xec\x9es\xee\xcc\x8am\x8b7\xcf\xc5\xa6\xf4\f\xabj%Y\xa9\xdd\x0e9e\xb5\xec\x99@\xd2\t\n\xb1o\x00\x00\x00\x00\x00\x00\x00\x00_\tN\xfd\xa2\xc2SPu\xe7\xc0+SL\xa1', 0x0)
fsconfig$FSCONFIG_SET_STRING(r1, 0x1, &(0x7f0000000080)='source', &(0x7f0000000500)='c::=/\x10\xcd\xb7@\x88\xedP9\xf5,\xef\x87\xc9G\xeb\xd9\xf9\xcd\xb1\xac!\xa7\x9c\x8f\xc98\xcb-\t\xcf-\xdd\xc4\xafK\x8d\xb1R8m\xc1[A\x99g\x9d\x8a\"\x98:\xc1I<\xdf;\x11t\xd3\xd2\x19\x964\xff\x03\xbc\x7fo\xe8\x89\x01:\x8b=\xab[X\x10\x18\x8d\xbf\xe1\x88\x16YJa\xf5\x82\xbc\x11\xda\x82\"\x00\x00\x00\x00\xcc\x82\xef]\x83\xf1w\xcb\x9ew\xa8\x85\xc5\xcc2F\xf1\xacp\xdf\x1e\x9f\xd5Y\x03\xe0\xd0\x90\xea\x06\xf6\x18\x84d\r\xc0\x84\x85j3^M\xea\x00m\xe55\x83\xec\xe1eD\xf8\xe3\xd84=JC\xae4+', 0x0)
chdir(0x0)
syz_mount_image$fuse(0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0)
ioctl$FS_IOC_SET_ENCRYPTION_POLICY(0xffffffffffffffff, 0xc020662a, 0x0)
syz_usb_control_io$hid(r0, &(0x7f00000000c0)={0x14, 0x0, 0x0, &(0x7f0000000b00)=ANY=[@ANYBLOB="002205"], 0x0}, 0x0)
r2 = syz_open_dev$evdev(&(0x7f0000000000), 0x4, 0x0)
r3 = socket$nl_generic(0x10, 0x3, 0x10)
syz_genetlink_get_family_id$nl80211(&(0x7f00000001c0), 0xffffffffffffffff)
r4 = openat$vnet(0xffffffffffffff9c, &(0x7f0000000000), 0x2, 0x0)
pwritev2(r4, &(0x7f0000000040)=[{&(0x7f00000000c0)="02", 0x1}, {0x0}], 0x2, 0x0, 0x0, 0x0)
sendmsg$NL80211_CMD_JOIN_MESH(r3, 0x0, 0x0)
r5 = syz_open_procfs(0x0, &(0x7f0000000100)='net/ip_vs\x00')
preadv(r5, &(0x7f0000000280), 0x0, 0x0, 0x0)
r6 = openat$cgroup_ro(r5, &(0x7f0000000040)='blkio.bfq.io_queued\x00', 0x0, 0x0)
syz_emit_ethernet(0x5e, &(0x7f0000000180)={@local, @link_local, @void, {@ipv4={0x800, @tcp={{0x9, 0x4, 0x0, 0x0, 0x50, 0x0, 0x0, 0x0, 0x6, 0x0, @remote, @local, {[@timestamp={0x44, 0x10, 0xa, 0x0, 0x0, [0x0, 0x0, 0x0]}]}}, {{0x0, 0x4e22, 0x41424344, 0x41424344, 0x0, 0x6, 0xb, 0xc2, 0x0, 0x0, 0x0, {[@window={0x3, 0x3}, @md5sig={0x13, 0x12, "c851616c0500cb080000000000e79490"}, @sack={0x5, 0x2}]}}}}}}}, 0x0)
ioctl$EVIOCSKEYCODE_V2(r2, 0x40284504, &(0x7f0000000080)={0xff, 0x1f, 0x0, 0x2, "01800000cd91582af51d010000000000004000"})
r7 = socket$nl_generic(0x10, 0x3, 0x10)
ioctl$sock_SIOCGIFINDEX_80211(r7, 0x8933, 0x0)
syz_genetlink_get_family_id$nl80211(&(0x7f0000000280), 0xffffffffffffffff)
write$UHID_INPUT(r6, &(0x7f0000002440)={0x8, {"6639269bda79f2de6ba886a4bca05a029a24e20ca394db368ff78af0a19edaf1d99721af0c95c6ffcbc53a8676e8cfcc14f3e7a6e91e723985fd33e9c12966e221f42a2002f0fad8cf83322ba952be3b0804847da8a2b2470a633ad960866291b95986ebaf7f3d740df535a389661c41a22bf16df795aedee3e88a45743bfb43b86b26d849454f729338ddc704a40a3565d32ce25fddc3e108487d2071fc48a60c41cd94ecc48bdc5042d7b2a5b9c95f5fe5b063cbe0d03c3dd51e10a10cf9b55210857a3925403a3aae8533eda2821381761de14c9a1eb13906e7ef48a1a0fa10cda39f46091083bcbe4d1565f0fc0fd35ba8122fb76858888397d9fce008269fd129622432fa21971528f9a6d58844b29046f8b3cba33ae7046edb57f4da8bf852d3535a0b87dfebc2f7ab738cb7524a8525e1ee20cb75a3b7850f0afa338ff14f827109fe80775ae6a755f6ef8424ae2134221fbf6b5490d5e48b3d12a74b7f9aa2beb4a8f083ea78e95c99cdbcfad3cf0436547cd3720d479068b7a692318289ae2f56baa4c667c645aca19ff8a8b0c95be92e2aa5044e82cebede3e1774b07375af4c6b26c160cbd777a707c9cff11644e19a7e3229910f6f2da627c66d3cbc54646b46228f00413410f8a136cd4b1de1ac267518c79fe5b0719a793dfc71d25be8292bffaa8721218e3cd134db0d2da2f4a0e6e357c19600564f75218850508c8a8a86eea93a2d22bd9f63a4a536431d9de6bc4b356c4799cde1acb381bd743c0982f2f5588e309880018752d93fea5b3d5b2bf799de6f4ac93fe326472029bf20f93cace338ad9dacaa917f66d5b7261e1a035b4d1b1b3fbd782cc6eb5dd4bd0f9c129ed6fc1779a02c9815427061a6455290de7f7b74698bfa73be9692f57e11cb1b7c9e3848ce06518672a725692f984ec9f429c49baf06d608811a9cdbe95ed92902758881ad77119d79207934f01e52ffb230259ba438fe099882297801f361d7f3401ec7b3f993c26969982e294cf91a2506788b86a94bf3e5ee3972f62bf276e8acff7cacb515a4afa3d09db5bbc5ed0c07f30542938a8578411cdac18eb92bc3339a9849a60f19d5806d00b4586a5ac32b7e583dc4ca9818f7b5bcbd57c227f785e4f17a867064bf34f7da5688a3a1a42f5e7520e021a18262a7e389a2466cafb3582b84b0b93cf2f9a3c83beed762953467d086998cb3b71f37fe1a4b511525f3634415e6920171797ca4cd71da404c86da6bf3d19506230d9543b50151d96fca417320dc17b2c6091bb7d66d3297911f56bd58d801841663f7a8db3997cf404e106cf1a6f65b2d303cd1fd091d447d934a6c0ceb8ab8e8f8ba1bf3a5c642829da80ef73d05bb046b512dae556f344a0188ae306a9f26f4ecf2475d80069ee18dccbd382848449b95b7955b2456977a362ecd3b8af32c186016454d0226ebaf6cd3cb7de99a5454695760bc5b0dec5554430ac5efced586113dc265209f8ceac36cb3683565006664149769e4ccdbee966a94621400ad60300752c37fb3a24c2b5180045cb2567c8f8f49d72a882ac4704a5881d425dac4434a3052c675c50bcf62898d26fd3058ee62559c01079c4a913afd11f69245822fedb8ad5063d098dbb672ebf559e7e063f8f181112d48734e398c3c5fbf3efae632dad8d0aade7ac9cdf469026981eaec1b1dc6f53df31d5c6a50296ad3bc478b05fae09a1cbb1b79aac40d38839ffa585a61614535a4c1fe12129af2b1c4519760d03f7a71ecd3824a56b581f011cd1a5622e0ac49fac8a5287bc40f30ca5f3870a1f3354d580d02b7dc454c276c4c919407639f01d81cd40878037bf332d67ee258541d33002c731cf70359b2373e1f40670e5f3ac493624ff25cb4294aee9fd60bc35b5ab487ee13174a77b8b05031cebc0d886cc0aa3f3193138ee22b97996a50d890554c5e5e0993ff91edfa5b3244fe88bc2138f18a27a04d57be15280eaa20ac5f28fe222e82b584815b527a7909434051f107fff751d7530d96db4987468293c87ddcfccb7abe3cf59bb2389dae6ec9af323f13e299538ef6b521a022eb3668180b62e780a07f36bc6b4435c32fd36bbbda6941f6e49e96a23fa7ad8f9b1062b21fa46e037132eeb2a577cd6c4f373d7111020b2940a22fb7050775c5c3315c787b8a49d8111a22ba6b5dfb9b096eab117acbec586fc3c8d0050f6507ad88ac2ae28476c5e300b60837f89e28ac91aec4527d01b4224c61a27fa72331679de715fd1b515f1f871ba5f8c5dfa534322f19f3d4eab6bc4ea13da3d11066761bbe33741b2d7d0bae7daee23795eef926ace67caba1a168ce83cd66740c98f4a91e28490bfc5e3d90d5b257257a3da51304783b16958dc3e4ca842ebc8381cbccc3f4f43d33507755330663136bd8d11dac1cf2414d4624fc9261cf60f582cd00353f753d0e766b26798b270d100277873770b455f3217db176c902ed73227bdd23cf8b7344f868d093ef8a1f0aa5801d2290fb92f3a890ad92aef0a05e00472707e8508ccbd91eaaa49938f0f390e28927996b98e6b3293b84f576b2e80096ea08c7cc9545961c7cfc4c700068c0680ecde1cfa38289d77df268cd888ffff8eb0b1fb025004b0bd8cd52b44dc17a5447493110c6c17adbe3974b6f57fd504728687d7200d7a293029bc9a9f063a56ddabbc00c90f035f60f2a71e1b9b577474e43dfe6a91ebd986c273505a4944cff030959ecdc6d4c509a44fffd46c45148696f5e2cc304a8a40d5b83357fed513dd95530b49e7d64e48be41531faacd529aaae026850a056da238d805c2a92398156bd567866c83616b97e38a14f1cba2323e75f6fd78376d60133d11b7c667d66bc2e14d78b6a96cfbcde2acbd3a7512713e59f6df75d6d66cca22e60293e0c6e11d63927636e652caca05abbd812dec74ba232fb5219873360f7ef3aac7618d301a6e3310e8b2a35b21f3cf41d8f03d1cbc1ec863ea7f3bbc63098df9af5de37365c1d22bc4f40ee3a8fd359291284abb0bfc5bc599ed295fd9e02a96af307bef339e2485e5846665cd2a1d90ff8102d1a049d448255d335ac18616980e26109f512965de85e4109fa0ea7dc29d6fbe9e71807753e3b8dd46c3f3dc4dcecf984788362331779c0f7464aff5445e5646dfc0cc94ce11c88136139c74dc6e9a6fcd5902bad09f208255df0f3f568c287e3a07e066175c405c7ec6cd65d1b8cc1ce279c22760464475ba186628e9efd324a29b022510adbe1eb03c3413d37ac796fd330d7e1ba3e8269f92e718e56ab0c0da3504c7736dada8ca638c867cbdb8a66ffbc5787ef749639a929f9ddaecff1f5f7d031577507f4fac8a2a95bffc21020f35bbc7f79e637a04e7420383e9a3c053e1eaca9ed956dea92d4c8c34dbaf50ed3492b5da30dc80e19f315b5926b89f1c7bb06788df575c362a842a141d0601ffbfbd341c70b2d512814e5e9f87fda4d1415c3bb5e346a1ad74dc2f49ea32a43331829cd36b917706bb7ae94c22d3321ecf5f5630ab90dc39210f4f0b8eb533e29bd195a3c1712973dd21a81023e30f43fb477d5ccc68b754d92f69889b4c28becf96be3cec115a00ceb691c226dd52b3e86c9e57bad0954b624bbe17bf03b0ba05965c1ce6fbf6cd019f53ce90cd5231dd69827821118a5f67a8a9c21902c62cafac9b33f6cf0940aded9188386feae4d5f2b2e0b654b986d7b4576432b35ae240ba7bcc10bd6b1d8f26d7d0250ea240693c8b3dde64d04437cd54a774a094ddc7846101753c21a8bec8fa1d62b8140b005457e772a402805092dc12baa3e8b98abec1403b82a28e29e9c5f3045a12be0e88112e8bac7f381c0f47fded7b611a931377f0b9e22a5a9aaa6eb07234fda03f9d5826b084e140f6e611988c9eb265ace3e53bc5120699533e904e9c9196d43c6019bb00f4cbfaf9e3b9a6364472607d6125f330ed08583f46f1f6e859ea9a4f36eaa1f5b9582df49af46081cf14daea1bae15f3ca44f9fb67801c7df5e381869a546dd578221a69866bc268f08aab44983a1198b367596ea6ff25fa873cce1d05b3e784533dc00e13cf5a54554264a70d5309352c0ec1fcf0ae47476765f5e465db298a3f7da741a30a42a7cbfbe54dd7583f25f4f4732b40b2bf58357ad9e28ef7cebf2df685253545a7c619181fd088d34f20e63ea52ffe6dc901da0365cc902611bf8b2f3ca8cfa9c22416694879c67fbf8205b1568a2f9321a1bddf53056db25157989b579726ef3a6fc3222232e57788f331667082423f38411bbb3e16046cc4931148312d8d42bd449e814691708c9a7dd6075d39488341a3eb15c3cca9270949d28a7d246e90ec398c8d1c2cdc0a46336cc00398ede71733c3ddd42a304c49b6dff365f94a731ed1a1e87f531c4e25ef0efc0f4c11968fa5684485f2b1f4f68a50084088c82f9a6213460c64db32aff8ee540c76afd5f627a7193ad145651dd9ca77710dbb185d4af8216b9c3072c22580fc7f369571ab1ff9fdd94ec05f7940a0446c1bd512cbb22e522a768dc2fe8db86ea472c6bd8e07b0fdfe02936999a3da6d06697752907c6cbc4410386c36df2aa8be6380afdec0c656c28505044e146259f923dec707d2369b96d7667f378d79414a10813451f273de32768accea2cf5c1c7036e54f9ec39c535ecd754a847459f721af3805717675c9fcea29f1846fd1e135c814660cd14f5a8e74499d0eb742d1527932f0311273cbca974f2cadb14bdb6f9ba8663b5f6398ac81f7c016bbd7956a499890fa0688624ef7cd74f1aab09e5e2f5c7ccd427d8b1e718b525d392a837978acf17e45cbd85334f7d2869510c58977b0067b53c71f3467f5b58d81eb462e89dd786533e89a805f0ae583a579b6605a257daabaaa5427178e1f82cb809a3031afb0d52fefc7f303a654741cb787cb8321111e35a25a4fb659caeb5b2ac6a0707be9a07e252a0b9fb61f6664cc1ea516dd3479abcbb94a9dd342a3318d57539d69e2f3d5d007e25df252e5583fe768f66390a6b0a83aebb59d9fdc06baae1b5612756c3ef9f81d612f9143376724841c4b5a47d70afd6563e62211e08539832ffa2f81e9c680b169995e17986cbc44c16dd8ed633497f92110df60c41953ff928f2c78f61345f9f34d41f22a3ee96d3f746ddae21af17956c0755252208433e66476bb7e9fb955b0e120f085e0fdca62866f8947168ea514d95a0953964a5468e92443b9310ac3382c90238db84bdad6baca9383badecc444168d672656d7779c320d42e0309804667f7c482508927b32b56d10a8fb614a72da6e25a5d7ff1c8e3838b8fc84f6ea507376693d33ba151f650992294deed13cbd977762cc088fc308f3419895fa64f94684da7784f15a5ca2405d9f7786fbe8cdb2d6c428613d4ce440bb5908963224e37dd83d7204591801a3b38033bfca3249d83edc24e5d8e193767ac44324db6a7c768367f177770a07852eba233f6195c1235abac0ec557068c002a465cffa6f0b3afbde08a89e5e12def154a71136f3ed2b54c216099a545e6e350ac17dca34745e42434564c484d70480bd82d2d9f4ef0d733573376fc53b781fd12e126f541860c542f05e5fccf2484a652dd8bbbf9424cfa2223947367b5d01be608d599b932138711c49dd3f6906251b9227b0c99c530ef06c901d4a4a99b9de2e3eb0b79b43bf31fe6f6a2cf5ed752affcb6635b95b952d901c47fc95b8481bd153df8f84f7ef12c8c1aad79da4adf6db076346f1634ce42a881c555a053f5a1", 0x1000}}, 0x1006)

0s ago: executing program 3 (id=2090):
ioctl$ifreq_SIOCGIFINDEX_batadv_hard(0xffffffffffffffff, 0x8933, 0x0)
ioctl$KVM_SET_MSRS(0xffffffffffffffff, 0xc008ae88, &(0x7f00000000c0)=ANY=[@ANYBLOB="820000000000000081000040"])
r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0)
syz_usbip_server_init(0x1)
r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0)
r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0)
r3 = dup(r2)
ioctl$KVM_SET_MSRS(r3, 0x4008ae89, &(0x7f00000000c0)=ANY=[])
syz_usb_connect(0x0, 0x24, &(0x7f0000000440)=ANY=[@ANYBLOB="120100002eab5a40401c3405cc6d01020301090212000100000000090400000076dfdb00a5da88f4307a6df108a6b81ec224913b45b2423a9b415b1858a821749a07cbcc52de9de38b0e7277de99acc42e04"], 0x0)
r4 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0)
r5 = ioctl$KVM_CREATE_VM(r4, 0xae01, 0x0)
r6 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000080), 0x200c0, 0x0)
ioctl$KVM_CREATE_VM(r6, 0xae01, 0x0)
ioctl$KVM_CREATE_IRQCHIP(r5, 0xae60)
r7 = ioctl$KVM_CREATE_VCPU(r5, 0xae41, 0x2)
ioctl$KVM_SET_VCPU_EVENTS(r7, 0x4400ae8f, &(0x7f0000000140)={0x0, 0x58, 0x0, 0x0, 0x1, 0x0, 0x0, 0x1, 0x0, 0x4})
ioctl$KVM_SET_IRQCHIP(r5, 0x8208ae63, &(0x7f0000000280)={0x2, 0x0, @ioapic={0x0, 0x0, 0x0, 0x10020f58, 0x0, [{}, {}, {}, {0x0, 0x35}]}})
r8 = openat$hwrng(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0)
preadv(r8, &(0x7f0000000240)=[{&(0x7f0000033a80)=""/102386, 0x18ff2}], 0x1, 0x0, 0x1)
r9 = openat$nullb(0xffffffffffffff9c, &(0x7f0000000040), 0x4000, 0x0)
preadv2(r9, &(0x7f0000000080)=[{&(0x7f0000001200)=""/4096, 0xffe02}], 0x2, 0x0, 0x0, 0x0)
ioctl$AUTOFS_DEV_IOCTL_PROTOVER(r8, 0xc0189372, &(0x7f0000000040)={{0x1, 0x1, 0x18, r4, {0x3}}, './file0\x00'})
openat$tun(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0)
syz_emit_vhci(&(0x7f0000000000)=ANY=[@ANYBLOB="040e08007b0c"], 0xb)
ioctl$KVM_RUN(r7, 0x8004ae98, 0x0)
pselect6(0x0, 0x0, &(0x7f0000000140), 0x0, &(0x7f00000001c0)={0x0, 0x989680}, 0x0)

kernel console output (not intermixed with test programs):

ng attributes in process `syz.0.1777'.
[  613.262551][ T5285] usb 5-1: new high-speed USB device number 59 using dummy_hcd
[  613.403040][   T47] usb 2-1: new high-speed USB device number 75 using dummy_hcd
[  613.433824][T15066] bridge0: port 1(bridge_slave_0) entered blocking state
[  613.440995][T15066] bridge0: port 1(bridge_slave_0) entered disabled state
[  613.465640][T15066] bridge_slave_0: entered allmulticast mode
[  613.494637][ T5285] usb 5-1: config 0 interface 0 has no altsetting 0
[  613.503526][T15066] bridge_slave_0: entered promiscuous mode
[  613.511664][ T5285] usb 5-1: New USB device found, idVendor=046d, idProduct=0a0e, bcdDevice=94.75
[  613.523922][ T5285] usb 5-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  613.541840][ T5285] usb 5-1: config 0 descriptor??
[  613.543854][T15066] bridge0: port 2(bridge_slave_1) entered blocking state
[  613.569147][T15066] bridge0: port 2(bridge_slave_1) entered disabled state
[  613.579535][T15066] bridge_slave_1: entered allmulticast mode
[  613.597248][T15066] bridge_slave_1: entered promiscuous mode
[  613.638646][   T47] usb 2-1: config 0 interface 0 altsetting 0 has an invalid descriptor for endpoint zero, skipping
[  613.656457][   T47] usb 2-1: New USB device found, idVendor=0cf3, idProduct=9375, bcdDevice=1a.9e
[  613.668198][   T47] usb 2-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  613.676837][   T25] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog
[  613.698393][   T47] usb 2-1: config 0 descriptor??
[  613.744280][T15066] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link
[  613.774210][T15066] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link
[  613.832707][ T5286] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog
[  614.008517][T15066] team0: Port device team_slave_0 added
[  614.047984][T15066] team0: Port device team_slave_1 added
[  614.183055][ T5285] video4linux radio32: keene_cmd_set failed (-71)
[  614.190056][ T5285] radio-keene 5-1:0.0: V4L2 device registered as radio32
[  614.215663][ T5285] usb 5-1: USB disconnect, device number 59
[  614.248163][T15066] batman_adv: batadv0: Adding interface: batadv_slave_0
[  614.257606][T15066] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[  614.284448][T15066] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active
[  614.302535][   T47] ath6kl: Failed to submit usb control message: -71
[  614.318400][T15066] batman_adv: batadv0: Adding interface: batadv_slave_1
[  614.343233][   T47] ath6kl: unable to send the bmi data to the device: -71
[  614.350866][   T47] ath6kl: Unable to send get target info: -71
[  614.360565][   T47] ath6kl: Failed to init ath6kl core: -71
[  614.367222][   T47] ath6kl_usb 2-1:0.0: probe with driver ath6kl_usb failed with error -71
[  614.380007][   T47] usb 2-1: USB disconnect, device number 75
[  614.400116][T15066] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[  614.428719][T15066] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active
[  614.487587][   T12] bridge_slave_1: left allmulticast mode
[  614.509750][   T12] bridge_slave_1: left promiscuous mode
[  614.523930][   T12] bridge0: port 2(bridge_slave_1) entered disabled state
[  614.542874][   T12] bridge_slave_0: left allmulticast mode
[  614.548575][   T12] bridge_slave_0: left promiscuous mode
[  614.556875][   T12] bridge0: port 1(bridge_slave_0) entered disabled state
[  614.792756][ T5232] Bluetooth: hci7: command tx timeout
[  614.884268][    T8] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog
[  615.196793][ T5230] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog
[  615.508877][   T12] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface
[  615.521022][   T12] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface
[  615.536803][   T12] bond0 (unregistering): Released all slaves
[  615.697095][T15066] hsr_slave_0: entered promiscuous mode
[  615.707943][T15066] hsr_slave_1: entered promiscuous mode
[  615.716173][T15066] debugfs: Directory 'hsr0' with parent 'hsr' already present!
[  615.725015][T15066] Cannot create hsr debugfs directory
[  615.921609][  T940] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog
[  615.989270][   T12] hsr_slave_0: left promiscuous mode
[  616.000455][   T12] hsr_slave_1: left promiscuous mode
[  616.028122][   T12] batman_adv: batadv0: Interface deactivated: batadv_slave_0
[  616.053596][   T12] batman_adv: batadv0: Removing interface: batadv_slave_0
[  616.079087][   T12] batman_adv: batadv0: Interface deactivated: batadv_slave_1
[  616.106424][   T12] batman_adv: batadv0: Removing interface: batadv_slave_1
[  616.195115][   T12] veth1_macvtap: left promiscuous mode
[  616.200791][   T12] veth1_vlan: left promiscuous mode
[  616.242477][   T12] veth0_vlan: left promiscuous mode
[  616.873776][   T47] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog
[  616.969903][  T940] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog
[  617.169788][   T12] team0 (unregistering): Port device team_slave_1 removed
[  617.251366][   T12] team0 (unregistering): Port device team_slave_0 removed
[  618.002605][  T940] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog
[  618.233569][   T47] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog
[  618.724247][   T12] IPVS: stop unused estimator thread 0...
[  619.033000][ T5286] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog
[  619.040157][T15066] netdevsim netdevsim3 netdevsim0: renamed from eth0
[  619.072850][T15066] netdevsim netdevsim3 netdevsim1: renamed from eth1
[  619.110748][T15066] netdevsim netdevsim3 netdevsim2: renamed from eth2
[  619.149579][T15066] netdevsim netdevsim3 netdevsim3: renamed from eth3
[  619.405650][T15066] 8021q: adding VLAN 0 to HW filter on device bond0
[  619.438781][T15066] 8021q: adding VLAN 0 to HW filter on device team0
[  619.467411][ T1130] bridge0: port 1(bridge_slave_0) entered blocking state
[  619.474603][ T1130] bridge0: port 1(bridge_slave_0) entered forwarding state
[  619.502050][ T1051] bridge0: port 2(bridge_slave_1) entered blocking state
[  619.509231][ T1051] bridge0: port 2(bridge_slave_1) entered forwarding state
[  619.707676][T15066] 8021q: adding VLAN 0 to HW filter on device batadv0
[  619.873684][T15066] veth0_vlan: entered promiscuous mode
[  619.933642][T15066] veth1_vlan: entered promiscuous mode
[  620.046333][T15066] veth0_macvtap: entered promiscuous mode
[  620.075011][    T8] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog
[  620.088476][T15066] veth1_macvtap: entered promiscuous mode
[  620.157388][T15066] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0
[  620.183199][T15066] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  620.221521][T15066] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0
[  620.246205][T15066] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  620.266681][T15066] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0
[  620.278549][T15066] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  620.289184][T15066] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0
[  620.300156][T15066] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  620.310051][T15066] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0
[  620.322044][T15066] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  620.332462][T15066] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0
[  620.344341][T15066] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  620.354702][T15066] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0
[  620.366312][T15066] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  620.377843][T15066] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0
[  620.388375][T15066] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  620.400867][T15066] batman_adv: batadv0: Interface activated: batadv_slave_0
[  620.413333][T15066] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1
[  620.424338][T15066] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  620.434261][T15066] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1
[  620.445196][T15066] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  620.456465][T15066] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1
[  620.467530][T15066] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  620.480462][T15066] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1
[  620.491447][T15066] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  620.501843][T15066] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1
[  620.512826][T15066] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  620.522815][T15066] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1
[  620.540329][T15066] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  620.550701][T15066] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1
[  620.562053][T15066] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  620.572944][T15066] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1
[  620.584551][T15066] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  620.597127][T15066] batman_adv: batadv0: Interface activated: batadv_slave_1
[  620.649976][T15066] netdevsim netdevsim3 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0
[  620.672293][T15066] netdevsim netdevsim3 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0
[  620.681039][T15066] netdevsim netdevsim3 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0
[  620.691618][T15066] netdevsim netdevsim3 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0
[  620.861009][  T977] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[  620.891788][  T977] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50
[  620.944432][  T977] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[  620.968182][  T977] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50
[  621.113185][    T8] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog
[  621.234420][T15262] raw_sendmsg: syz.0.1781 forgot to set AF_INET. Fix it!
[  621.273180][ T5230] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog
[  621.308408][T15262] netlink: 'syz.0.1781': attribute type 12 has an invalid length.
[  621.581299][T15258] pim6reg: entered allmulticast mode
[  621.635750][T15275] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog
[  621.671903][T15258] pim6reg: left allmulticast mode
[  621.712416][   T47] usb 4-1: new high-speed USB device number 52 using dummy_hcd
[  621.782459][ T5286] usb 3-1: new high-speed USB device number 68 using dummy_hcd
[  621.893438][   T47] usb 4-1: Using ep0 maxpacket: 8
[  621.910867][   T47] usb 4-1: string descriptor 0 read error: -22
[  621.948952][   T47] usb 4-1: New USB device found, idVendor=1415, idProduct=0003, bcdDevice=65.5d
[  621.996429][   T47] usb 4-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  622.016585][ T5286] usb 3-1: config 0 interface 0 has no altsetting 0
[  622.029728][ T5286] usb 3-1: New USB device found, idVendor=046d, idProduct=0a0e, bcdDevice=94.75
[  622.052027][ T5286] usb 3-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  622.053217][   T47] usb 4-1: config 0 descriptor??
[  622.078875][ T5286] usb 3-1: config 0 descriptor??
[  622.155020][    T8] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog
[  622.729888][ T5286] video4linux radio32: keene_cmd_set failed (-71)
[  622.764308][ T5286] radio-keene 3-1:0.0: V4L2 device registered as radio32
[  622.813223][ T5286] usb 3-1: USB disconnect, device number 68
[  622.892716][   T47] dvb-usb: found a 'Sony PlayTV' in cold state, will try to load a firmware
[  622.937762][   T47] dvb-usb: downloading firmware from file 'dvb-usb-dib0700-1.20.fw'
[  622.956335][   T47] dib0700: firmware download failed at 7 with -22
[  622.977127][   T47] usb 4-1: USB disconnect, device number 52
[  623.204192][ T5282] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog
[  623.277545][   T47] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog
[  624.233069][    T8] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog
[  624.318533][ T5285] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog
[  624.567173][ T1264] ieee802154 phy0 wpan0: encryption failed: -22
[  624.574358][ T1264] ieee802154 phy1 wpan1: encryption failed: -22
[  624.751405][T15357] hub 9-0:1.0: USB hub found
[  624.760377][T15357] hub 9-0:1.0: 8 ports detected
[  625.295688][ T5286] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog
[  625.842482][ T5286] usb 2-1: new high-speed USB device number 76 using dummy_hcd
[  625.933555][T15389] input: syz0 as /devices/virtual/input/input43
[  626.041322][ T5286] usb 2-1: config index 0 descriptor too short (expected 4114, got 18)
[  626.091510][ T5286] usb 2-1: New USB device found, idVendor=066b, idProduct=20f9, bcdDevice=ff.94
[  626.124692][ T5286] usb 2-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  626.135106][ T5286] usb 2-1: Product: syz
[  626.140834][ T5286] usb 2-1: Manufacturer: syz
[  626.146386][ T5286] usb 2-1: SerialNumber: syz
[  626.169397][ T5286] usb 2-1: config 0 descriptor??
[  626.258802][T15396] sch_tbf: burst 0 is lower than device macvlan1 mtu (1514) !
[  626.315139][ T5282] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog
[  626.477407][   T47] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog
[  626.677643][T15411] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog
[  626.806504][T15400] syzkaller1: entered promiscuous mode
[  626.812029][T15400] syzkaller1: entered allmulticast mode
[  626.816247][T15413] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog
[  626.902566][ T5282] usb 3-1: new high-speed USB device number 69 using dummy_hcd
[  627.092766][ T5282] usb 3-1: device descriptor read/64, error -71
[  627.148539][   T29] kauditd_printk_skb: 25 callbacks suppressed
[  627.148558][   T29] audit: type=1326 audit(1725198580.830:673): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=15381 comm="syz.1.1794" exe="/root/syz-executor" sig=0 arch=40000003 syscall=240 compat=1 ip=0xf7f95579 code=0x7ffc0000
[  627.247967][   T29] audit: type=1326 audit(1725198580.830:674): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=15381 comm="syz.1.1794" exe="/root/syz-executor" sig=0 arch=40000003 syscall=240 compat=1 ip=0xf7f95579 code=0x7ffc0000
[  627.269967][    C0] vkms_vblank_simulate: vblank timer overrun
[  627.303824][   T29] audit: type=1326 audit(1725198580.830:675): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=15381 comm="syz.1.1794" exe="/root/syz-executor" sig=0 arch=40000003 syscall=226 compat=1 ip=0xf7f95579 code=0x7ffc0000
[  627.353027][   T25] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog
[  627.381395][   T29] audit: type=1326 audit(1725198580.830:676): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=15381 comm="syz.1.1794" exe="/root/syz-executor" sig=0 arch=40000003 syscall=240 compat=1 ip=0xf7f95579 code=0x7ffc0000
[  627.403446][    C0] vkms_vblank_simulate: vblank timer overrun
[  627.433469][ T5282] usb 3-1: new high-speed USB device number 70 using dummy_hcd
[  627.461104][ T5286] asix 2-1:0.0 (unnamed net_device) (uninitialized): Failed to read reg index 0x0000: -71
[  627.485174][ T5286] asix 2-1:0.0 (unnamed net_device) (uninitialized): Error reading PHY_ID register: ffffffb9
[  627.495628][ T5286] asix 2-1:0.0: probe with driver asix failed with error -71
[  627.501297][   T29] audit: type=1326 audit(1725198580.830:677): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=15381 comm="syz.1.1794" exe="/root/syz-executor" sig=0 arch=40000003 syscall=240 compat=1 ip=0xf7f95579 code=0x7ffc0000
[  627.506387][ T5286] usb 2-1: USB disconnect, device number 76
[  627.558332][   T29] audit: type=1326 audit(1725198580.830:678): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=15381 comm="syz.1.1794" exe="/root/syz-executor" sig=0 arch=40000003 syscall=295 compat=1 ip=0xf7f95579 code=0x7ffc0000
[  627.652266][   T29] audit: type=1326 audit(1725198580.840:679): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=15381 comm="syz.1.1794" exe="/root/syz-executor" sig=0 arch=40000003 syscall=240 compat=1 ip=0xf7f95579 code=0x7ffc0000
[  627.674928][ T5282] usb 3-1: device descriptor read/64, error -71
[  627.703679][   T29] audit: type=1326 audit(1725198580.840:680): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=15381 comm="syz.1.1794" exe="/root/syz-executor" sig=0 arch=40000003 syscall=240 compat=1 ip=0xf7f95579 code=0x7ffc0000
[  627.789581][   T29] audit: type=1326 audit(1725198580.840:681): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=15381 comm="syz.1.1794" exe="/root/syz-executor" sig=0 arch=40000003 syscall=55 compat=1 ip=0xf7f95579 code=0x7ffc0000
[  627.822614][ T5282] usb usb3-port1: attempt power cycle
[  627.828715][ T1072] netdevsim netdevsim3 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  627.893764][   T29] audit: type=1326 audit(1725198580.840:682): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=15381 comm="syz.1.1794" exe="/root/syz-executor" sig=0 arch=40000003 syscall=240 compat=1 ip=0xf7f95579 code=0x7ffc0000
[  628.218355][ T1072] netdevsim netdevsim3 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  628.393747][    T8] net_ratelimit: 1 callbacks suppressed
[  628.393768][    T8] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog
[  628.408238][T15432] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog
[  628.417106][T15432] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog
[  628.428323][T15432] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog
[  628.456199][T15432] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog
[  628.466651][T15432] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog
[  628.480225][T15432] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog
[  628.490247][T15432] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog
[  628.496106][ T1072] netdevsim netdevsim3 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  628.657941][ T1072] netdevsim netdevsim3 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  628.686859][ T5239] Bluetooth: hci7: unexpected cc 0x0c03 length: 249 > 1
[  628.699083][ T5239] Bluetooth: hci7: unexpected cc 0x1003 length: 249 > 9
[  628.732574][ T5239] Bluetooth: hci7: unexpected cc 0x1001 length: 249 > 9
[  628.757409][ T5239] Bluetooth: hci7: unexpected cc 0x0c23 length: 249 > 4
[  628.783645][ T5239] Bluetooth: hci7: unexpected cc 0x0c25 length: 249 > 3
[  628.802300][ T5239] Bluetooth: hci7: unexpected cc 0x0c38 length: 249 > 2
[  629.129350][ T1072] bridge_slave_1: left allmulticast mode
[  629.142430][   T25] usb 1-1: new high-speed USB device number 85 using dummy_hcd
[  629.166032][ T1072] bridge_slave_1: left promiscuous mode
[  629.171837][ T1072] bridge0: port 2(bridge_slave_1) entered disabled state
[  629.230985][ T1072] bridge_slave_0: left allmulticast mode
[  629.240208][ T1072] bridge_slave_0: left promiscuous mode
[  629.252304][ T1072] bridge0: port 1(bridge_slave_0) entered disabled state
[  629.342427][   T25] usb 1-1: Using ep0 maxpacket: 8
[  629.350588][   T25] usb 1-1: config index 0 descriptor too short (expected 301, got 45)
[  629.361446][   T25] usb 1-1: config 16 interface 0 altsetting 0 endpoint 0x5 has invalid wMaxPacketSize 0
[  629.372786][   T25] usb 1-1: config 16 interface 0 altsetting 0 bulk endpoint 0x5 has invalid maxpacket 0
[  629.384407][   T25] usb 1-1: config 16 interface 0 altsetting 0 bulk endpoint 0x8B has invalid maxpacket 32
[  629.395638][   T25] usb 1-1: config 16 interface 0 altsetting 0 has 2 endpoint descriptors, different from the interface descriptor's value: 3
[  629.412428][   T25] usb 1-1: New USB device found, idVendor=ee8d, idProduct=db1e, bcdDevice=61.23
[  629.422371][   T25] usb 1-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  629.444810][  T940] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog
[  629.676696][   T47] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog
[  629.690127][   T25] usb 1-1: usb_control_msg returned -32
[  629.726615][   T25] usbtmc 1-1:16.0: can't read capabilities
[  630.876856][ T5232] Bluetooth: hci7: command tx timeout
[  631.116598][ T1072] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface
[  631.135223][ T1072] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface
[  631.157776][ T1072] bond0 (unregistering): Released all slaves
[  631.815439][ T5282] usb 1-1: USB disconnect, device number 85
[  631.890059][T15507] netlink: 209844 bytes leftover after parsing attributes in process `syz.1.1823'.
[  632.177555][ T1072] hsr_slave_0: left promiscuous mode
[  632.224293][ T1072] hsr_slave_1: left promiscuous mode
[  632.260152][ T1072] batman_adv: batadv0: Interface deactivated: batadv_slave_0
[  632.310469][ T1072] batman_adv: batadv0: Removing interface: batadv_slave_0
[  632.331166][ T1072] batman_adv: batadv0: Interface deactivated: batadv_slave_1
[  632.339497][ T1072] batman_adv: batadv0: Removing interface: batadv_slave_1
[  632.402481][ T5282] usb 1-1: new high-speed USB device number 86 using dummy_hcd
[  632.492518][ T1072] veth1_macvtap: left promiscuous mode
[  632.571531][ T1072] veth0_macvtap: left promiscuous mode
[  632.590544][ T1072] veth1_vlan: left promiscuous mode
[  632.608386][ T1072] veth0_vlan: left promiscuous mode
[  632.666568][ T5282] usb 1-1: config 0 interface 0 has no altsetting 0
[  632.714168][ T5282] usb 1-1: New USB device found, idVendor=046d, idProduct=0a0e, bcdDevice=94.75
[  632.771229][ T5282] usb 1-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  632.804740][ T5282] usb 1-1: config 0 descriptor??
[  632.953676][ T5232] Bluetooth: hci7: command tx timeout
[  633.374386][   T29] kauditd_printk_skb: 5 callbacks suppressed
[  633.374406][   T29] audit: type=1326 audit(1725198587.050:688): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=15537 comm="syz.4.1831" exe="/root/syz-executor" sig=0 arch=40000003 syscall=240 compat=1 ip=0xf7f43579 code=0x7ffc0000
[  633.403108][    C0] vkms_vblank_simulate: vblank timer overrun
[  633.434668][   T25] net_ratelimit: 130 callbacks suppressed
[  633.434691][   T25] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog
[  633.449777][ T5282] video4linux radio32: keene_cmd_set failed (-71)
[  633.450640][   T29] audit: type=1326 audit(1725198587.050:689): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=15537 comm="syz.4.1831" exe="/root/syz-executor" sig=0 arch=40000003 syscall=240 compat=1 ip=0xf7f43579 code=0x7ffc0000
[  633.488504][ T5282] radio-keene 1-1:0.0: V4L2 device registered as radio32
[  633.526664][T15538] netlink: 2 bytes leftover after parsing attributes in process `syz.4.1831'.
[  633.544361][ T5282] usb 1-1: USB disconnect, device number 86
[  633.557262][   T29] audit: type=1326 audit(1725198587.050:690): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=15537 comm="syz.4.1831" exe="/root/syz-executor" sig=0 arch=40000003 syscall=357 compat=1 ip=0xf7f43579 code=0x7ffc0000
[  633.601052][  T940] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog
[  633.645316][   T29] audit: type=1326 audit(1725198587.080:691): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=15537 comm="syz.4.1831" exe="/root/syz-executor" sig=0 arch=40000003 syscall=240 compat=1 ip=0xf7f43579 code=0x7ffc0000
[  633.671696][   T29] audit: type=1326 audit(1725198587.080:692): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=15537 comm="syz.4.1831" exe="/root/syz-executor" sig=0 arch=40000003 syscall=240 compat=1 ip=0xf7f43579 code=0x7ffc0000
[  633.728650][   T29] audit: type=1326 audit(1725198587.100:693): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=15537 comm="syz.4.1831" exe="/root/syz-executor" sig=0 arch=40000003 syscall=357 compat=1 ip=0xf7f43579 code=0x7ffc0000
[  633.764816][   T29] audit: type=1326 audit(1725198587.100:694): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=15537 comm="syz.4.1831" exe="/root/syz-executor" sig=0 arch=40000003 syscall=240 compat=1 ip=0xf7f43579 code=0x7ffc0000
[  633.798406][   T29] audit: type=1326 audit(1725198587.100:695): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=15537 comm="syz.4.1831" exe="/root/syz-executor" sig=0 arch=40000003 syscall=240 compat=1 ip=0xf7f43579 code=0x7ffc0000
[  633.850912][   T29] audit: type=1326 audit(1725198587.100:696): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=15537 comm="syz.4.1831" exe="/root/syz-executor" sig=0 arch=40000003 syscall=430 compat=1 ip=0xf7f43579 code=0x7ffc0000
[  633.875151][   T29] audit: type=1326 audit(1725198587.100:697): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=15537 comm="syz.4.1831" exe="/root/syz-executor" sig=0 arch=40000003 syscall=240 compat=1 ip=0xf7f43579 code=0x7ffc0000
[  633.901559][    C0] vkms_vblank_simulate: vblank timer overrun
[  634.552674][T15547] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog
[  634.593859][T15547] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog
[  634.625909][T15547] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog
[  634.640987][T15549] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog
[  634.658936][    T8] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog
[  634.668175][T15549] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog
[  634.705640][T15549] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog
[  634.742651][ T5282] usb 1-1: new high-speed USB device number 87 using dummy_hcd
[  634.807136][   T25] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog
[  634.866659][ T1072] team0 (unregistering): Port device team_slave_1 removed
[  634.956052][ T5282] usb 1-1: config 0 interface 0 has no altsetting 0
[  634.970981][ T5282] usb 1-1: New USB device found, idVendor=046d, idProduct=0a0e, bcdDevice=94.75
[  634.981787][ T5282] usb 1-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  634.990335][    T8] usb 3-1: new high-speed USB device number 72 using dummy_hcd
[  635.014874][ T1072] team0 (unregistering): Port device team_slave_0 removed
[  635.020744][ T5282] usb 1-1: config 0 descriptor??
[  635.032605][ T5232] Bluetooth: hci7: command tx timeout
[  635.228362][    T8] usb 3-1: config index 0 descriptor too short (expected 58733, got 36)
[  635.237759][    T8] usb 3-1: config 39 has too many interfaces: 126, using maximum allowed: 32
[  635.250737][    T8] usb 3-1: config 39 has an invalid descriptor of length 0, skipping remainder of the config
[  635.295156][    T8] usb 3-1: config 39 has 0 interfaces, different from the descriptor's value: 126
[  635.347051][    T8] usb 3-1: New USB device found, idVendor=1e7d, idProduct=2db4, bcdDevice= 0.00
[  635.357399][    T8] usb 3-1: New USB device strings: Mfr=0, Product=9, SerialNumber=0
[  635.366543][    T8] usb 3-1: Product: syz
[  635.689852][ T5282] video4linux radio32: keene_cmd_set failed (-71)
[  635.699845][ T5282] radio-keene 1-1:0.0: V4L2 device registered as radio32
[  635.751795][ T5282] usb 1-1: USB disconnect, device number 87
[  636.166689][    T8] usb 3-1: USB disconnect, device number 72
[  636.334050][T15440] chnl_net:caif_netlink_parms(): no params data found
[  636.486142][T15566] netlink: 'syz.0.1836': attribute type 4 has an invalid length.
[  636.593124][T15566] netlink: 'syz.0.1836': attribute type 4 has an invalid length.
[  636.881142][T15577] netlink: 'syz.2.1838': attribute type 1 has an invalid length.
[  636.889219][T15577] netlink: 157116 bytes leftover after parsing attributes in process `syz.2.1838'.
[  636.975744][T15440] bridge0: port 1(bridge_slave_0) entered blocking state
[  637.012480][T15440] bridge0: port 1(bridge_slave_0) entered disabled state
[  637.019706][T15583] syz.2.1838 calls setitimer() with new_value NULL pointer. Misfeature support will be removed
[  637.019772][T15440] bridge_slave_0: entered allmulticast mode
[  637.113095][ T5232] Bluetooth: hci7: command tx timeout
[  637.114524][T15440] bridge_slave_0: entered promiscuous mode
[  637.245970][T15440] bridge0: port 2(bridge_slave_1) entered blocking state
[  637.275154][T15440] bridge0: port 2(bridge_slave_1) entered disabled state
[  637.294047][T15440] bridge_slave_1: entered allmulticast mode
[  637.335650][T15440] bridge_slave_1: entered promiscuous mode
[  637.615208][T15595] netlink: 2 bytes leftover after parsing attributes in process `syz.0.1842'.
[  637.656876][T15440] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link
[  637.699808][T15440] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link
[  638.150771][ T1072] netdevsim netdevsim1 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  638.239612][T15440] team0: Port device team_slave_0 added
[  638.278467][T15440] team0: Port device team_slave_1 added
[  638.284349][    T8] usb 3-1: new high-speed USB device number 73 using dummy_hcd
[  638.492811][T15603] binder: 15602:15603 ioctl 4018620d 0 returned -22
[  638.520186][    T8] usb 3-1: Using ep0 maxpacket: 8
[  638.615049][ T1072] netdevsim netdevsim1 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  638.646011][ T5239] Bluetooth: hci0: unexpected cc 0x0c03 length: 249 > 1
[  638.659865][ T5239] Bluetooth: hci0: unexpected cc 0x1003 length: 249 > 9
[  638.670035][ T5239] Bluetooth: hci0: unexpected cc 0x1001 length: 249 > 9
[  638.705738][ T5239] Bluetooth: hci0: unexpected cc 0x0c23 length: 249 > 4
[  638.716902][T15440] batman_adv: batadv0: Adding interface: batadv_slave_0
[  638.725088][ T5239] Bluetooth: hci0: unexpected cc 0x0c25 length: 249 > 3
[  638.735115][ T5239] Bluetooth: hci0: unexpected cc 0x0c38 length: 249 > 2
[  638.842515][T15440] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[  638.868470][    C0] vkms_vblank_simulate: vblank timer overrun
[  638.891263][ T5282] net_ratelimit: 11 callbacks suppressed
[  638.891286][ T5282] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog
[  638.897448][T15618] vivid-008: disconnect
[  638.922325][T15440] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active
[  639.009953][    T8] usb 3-1: unable to get BOS descriptor or descriptor too short
[  639.039403][    T8] usb 3-1: unable to read config index 0 descriptor/start: -71
[  639.047671][    T8] usb 3-1: can't read configurations, error -71
[  639.107377][T15602] vivid-008: reconnect
[  639.142067][ T1072] netdevsim netdevsim1 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  639.183610][T15440] batman_adv: batadv0: Adding interface: batadv_slave_1
[  639.192438][T15440] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[  639.229525][T15440] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active
[  639.274545][ T5285] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog
[  639.523553][ T1072] netdevsim netdevsim1 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  639.689301][T15440] hsr_slave_0: entered promiscuous mode
[  639.709467][T15440] hsr_slave_1: entered promiscuous mode
[  639.718264][T15440] debugfs: Directory 'hsr0' with parent 'hsr' already present!
[  639.729655][T15440] Cannot create hsr debugfs directory
[  639.930257][   T47] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog
[  639.939208][   T47] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog
[  639.950439][  T977] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog
[  639.960478][  T940] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog
[  639.969894][ T5285] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog
[  640.780879][ T1072] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface
[  640.792624][ T5239] Bluetooth: hci0: command tx timeout
[  640.814745][ T1072] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface
[  640.828356][ T1072] bond0 (unregistering): Released all slaves
[  640.874433][   T25] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog
[  640.972893][  T940] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog
[  641.098296][T15617] chnl_net:caif_netlink_parms(): no params data found
[  641.838076][ T3008] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog
[  641.861077][ T1072] hsr_slave_0: left promiscuous mode
[  641.875433][ T1072] hsr_slave_1: left promiscuous mode
[  641.895573][ T1072] batman_adv: batadv0: Interface deactivated: batadv_slave_0
[  641.912717][ T1072] batman_adv: batadv0: Removing interface: batadv_slave_0
[  641.936307][ T1072] batman_adv: batadv0: Interface deactivated: batadv_slave_1
[  641.952549][ T1072] batman_adv: batadv0: Removing interface: batadv_slave_1
[  642.002963][ T1072] veth1_macvtap: left promiscuous mode
[  642.008575][ T1072] veth0_macvtap: left promiscuous mode
[  642.014359][ T1072] veth1_vlan: left promiscuous mode
[  642.020076][ T1072] veth0_vlan: left promiscuous mode
[  642.834578][ T1072] team0 (unregistering): Port device team_slave_1 removed
[  642.873324][ T5239] Bluetooth: hci0: command tx timeout
[  642.907210][ T1072] team0 (unregistering): Port device team_slave_0 removed
[  643.704698][T15617] bridge0: port 1(bridge_slave_0) entered blocking state
[  643.719931][T15617] bridge0: port 1(bridge_slave_0) entered disabled state
[  643.728914][T15617] bridge_slave_0: entered allmulticast mode
[  643.756163][T15617] bridge_slave_0: entered promiscuous mode
[  643.775736][T15617] bridge0: port 2(bridge_slave_1) entered blocking state
[  643.797012][T15617] bridge0: port 2(bridge_slave_1) entered disabled state
[  643.804574][T15617] bridge_slave_1: entered allmulticast mode
[  643.813478][T15617] bridge_slave_1: entered promiscuous mode
[  643.910242][T15617] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link
[  643.935988][T15617] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link
[  643.942818][   T47] net_ratelimit: 4 callbacks suppressed
[  643.942837][   T47] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog
[  644.072793][ T5286] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog
[  644.138575][T15617] team0: Port device team_slave_0 added
[  644.221055][T15617] team0: Port device team_slave_1 added
[  644.266193][T15440] netdevsim netdevsim3 netdevsim0: renamed from eth0
[  644.298712][T15617] batman_adv: batadv0: Adding interface: batadv_slave_0
[  644.312603][T15617] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[  644.339821][T15617] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active
[  644.353429][T15440] netdevsim netdevsim3 netdevsim1: renamed from eth1
[  644.376130][T15617] batman_adv: batadv0: Adding interface: batadv_slave_1
[  644.395990][T15617] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[  644.430309][T15617] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active
[  644.443748][T15440] netdevsim netdevsim3 netdevsim2: renamed from eth2
[  644.455373][T15440] netdevsim netdevsim3 netdevsim3: renamed from eth3
[  644.511156][T15617] hsr_slave_0: entered promiscuous mode
[  644.519901][T15617] hsr_slave_1: entered promiscuous mode
[  644.531715][T15617] debugfs: Directory 'hsr0' with parent 'hsr' already present!
[  644.549014][T15617] Cannot create hsr debugfs directory
[  644.952988][ T5239] Bluetooth: hci0: command tx timeout
[  644.979395][T15440] 8021q: adding VLAN 0 to HW filter on device bond0
[  645.041882][T15440] 8021q: adding VLAN 0 to HW filter on device team0
[  645.051391][   T47] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog
[  645.059602][   T47] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog
[  645.079022][ T1130] bridge0: port 1(bridge_slave_0) entered blocking state
[  645.086218][ T1130] bridge0: port 1(bridge_slave_0) entered forwarding state
[  645.113561][    T8] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog
[  645.151180][ T1130] bridge0: port 2(bridge_slave_1) entered blocking state
[  645.158393][ T1130] bridge0: port 2(bridge_slave_1) entered forwarding state
[  645.305967][T15440] 8021q: adding VLAN 0 to HW filter on device batadv0
[  645.451670][T15440] veth0_vlan: entered promiscuous mode
[  645.475581][T15617] netdevsim netdevsim1 netdevsim0: renamed from eth0
[  645.493912][T15440] veth1_vlan: entered promiscuous mode
[  645.546896][T15617] netdevsim netdevsim1 netdevsim1: renamed from eth1
[  645.578049][T15617] netdevsim netdevsim1 netdevsim2: renamed from eth2
[  645.647769][T15617] netdevsim netdevsim1 netdevsim3: renamed from eth3
[  645.690919][T15440] veth0_macvtap: entered promiscuous mode
[  645.743444][T15440] veth1_macvtap: entered promiscuous mode
[  645.799774][T15440] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0
[  645.816962][T15440] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  645.830470][T15440] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0
[  645.842718][T15440] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  645.856425][T15440] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0
[  645.870034][T15440] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  645.881066][T15440] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0
[  645.894066][T15440] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  645.905050][T15440] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0
[  645.916749][T15440] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  645.927243][T15440] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0
[  645.938260][T15440] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  645.948311][T15440] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0
[  645.959376][T15440] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  645.973041][T15440] batman_adv: batadv0: Interface activated: batadv_slave_0
[  646.021022][T15440] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1
[  646.033138][T15440] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  646.044834][T15440] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1
[  646.056191][T15440] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  646.066397][T15440] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1
[  646.080534][T15440] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  646.099527][T15440] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1
[  646.110763][T15440] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  646.124281][T15440] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1
[  646.135301][T15440] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  646.145281][T15440] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1
[  646.156698][ T5282] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog
[  646.165718][T15440] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  646.176025][T15440] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1
[  646.187724][T15440] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  646.200454][T15440] batman_adv: batadv0: Interface activated: batadv_slave_1
[  646.212994][T15440] netdevsim netdevsim3 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0
[  646.221726][T15440] netdevsim netdevsim3 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0
[  646.232133][T15440] netdevsim netdevsim3 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0
[  646.244367][T15440] netdevsim netdevsim3 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0
[  646.429545][T15617] 8021q: adding VLAN 0 to HW filter on device bond0
[  646.502750][ T3008] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[  646.533639][ T3008] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50
[  646.575478][T15617] 8021q: adding VLAN 0 to HW filter on device team0
[  646.614975][ T1083] bridge0: port 1(bridge_slave_0) entered blocking state
[  646.622116][ T1083] bridge0: port 1(bridge_slave_0) entered forwarding state
[  646.650713][ T1083] bridge0: port 2(bridge_slave_1) entered blocking state
[  646.657891][ T1083] bridge0: port 2(bridge_slave_1) entered forwarding state
[  646.767681][ T1130] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[  646.821354][ T1130] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50
[  646.901317][T15617] hsr0: Slave B (hsr_slave_1) is not up; please bring it up to get a fully working HSR network
[  646.956122][  T977] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog
[  646.967108][   T25] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog
[  646.986192][ T5285] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog
[  647.036068][ T5239] Bluetooth: hci0: command tx timeout
[  647.062963][T15617] 8021q: adding VLAN 0 to HW filter on device batadv0
[  647.130213][T15617] veth0_vlan: entered promiscuous mode
[  647.186025][T15617] veth1_vlan: entered promiscuous mode
[  647.195622][ T5286] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog
[  647.418874][T15617] veth0_macvtap: entered promiscuous mode
[  647.441162][T15692] x_tables: arp_tables: CLASSIFY target: used from hooks INPUT, but only usable from FORWARD/OUTPUT
[  647.499922][T15617] veth1_macvtap: entered promiscuous mode
[  647.677467][T15617] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0
[  647.692518][   T25] usb 4-1: new high-speed USB device number 53 using dummy_hcd
[  647.705357][T15617] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  647.719030][T15617] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0
[  647.730901][T15617] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  647.741522][T15617] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0
[  647.752689][T15617] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  647.766639][T15617] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0
[  647.777812][T15617] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  647.788055][T15617] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0
[  647.798821][T15617] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  647.809854][T15617] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0
[  647.821877][T15617] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  647.833979][T15617] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0
[  647.846404][T15617] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  647.856928][T15617] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0
[  647.876643][T15617] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  647.888118][   T25] usb 4-1: device descriptor read/64, error -71
[  647.896607][T15617] batman_adv: batadv0: Interface activated: batadv_slave_0
[  647.908923][T15617] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1
[  647.943474][T15617] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  647.973108][T15617] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1
[  648.028608][T15617] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  648.066879][T15617] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1
[  648.078898][T15617] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  648.091384][T15617] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1
[  648.136063][T15617] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  648.146473][T15617] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1
[  648.157959][T15617] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  648.174115][   T25] usb 4-1: new high-speed USB device number 54 using dummy_hcd
[  648.182815][T15617] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1
[  648.202343][T15617] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  648.229868][T15617] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1
[  648.243322][T15617] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  648.253717][T15617] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1
[  648.265470][T15617] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  648.279160][T15617] batman_adv: batadv0: Interface activated: batadv_slave_1
[  648.311027][T15617] netdevsim netdevsim1 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0
[  648.352540][   T25] usb 4-1: device descriptor read/64, error -71
[  648.363358][T15617] netdevsim netdevsim1 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0
[  648.385422][T15617] netdevsim netdevsim1 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0
[  648.395251][T15617] netdevsim netdevsim1 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0
[  648.492847][   T25] usb usb4-port1: attempt power cycle
[  648.664162][ T1130] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[  648.672006][ T1130] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50
[  648.764711][ T1083] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[  648.815479][ T1083] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50
[  648.942513][   T25] usb 4-1: new high-speed USB device number 55 using dummy_hcd
[  649.007578][   T25] usb 4-1: device descriptor read/8, error -71
[  649.034700][T15720] net_ratelimit: 2 callbacks suppressed
[  649.034721][T15720] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog
[  649.049041][    C0] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog
[  649.086189][T15720] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog
[  649.157445][T15716] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog
[  649.173028][    C0] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog
[  649.241818][T15716] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog
[  649.273007][    T9] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog
[  649.302520][   T25] usb 4-1: new high-speed USB device number 56 using dummy_hcd
[  649.342973][ T5285] usb 1-1: new high-speed USB device number 88 using dummy_hcd
[  649.404354][   T25] usb 4-1: device descriptor read/8, error -71
[  649.532684][   T25] usb usb4-port1: unable to enumerate USB device
[  649.574369][ T5285] usb 1-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7
[  649.606804][ T5285] usb 1-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0
[  649.617684][ T5285] usb 1-1: config 0 interface 0 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 21
[  649.631173][ T5285] usb 1-1: New USB device found, idVendor=047f, idProduct=ffff, bcdDevice= 0.00
[  649.647156][ T5285] usb 1-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  649.666859][ T5285] usb 1-1: config 0 descriptor??
[  650.088667][ T5285] plantronics 0003:047F:FFFF.001B: unknown main item tag 0x0
[  650.117829][ T5285] plantronics 0003:047F:FFFF.001B: unknown main item tag 0x0
[  650.141567][ T5285] plantronics 0003:047F:FFFF.001B: No inputs registered, leaving
[  650.154395][    C1] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog
[  650.194373][ T5285] plantronics 0003:047F:FFFF.001B: hiddev0,hidraw0: USB HID v0.40 Device [HID 047f:ffff] on usb-dummy_hcd.0-1/input0
[  650.329595][    T9] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog
[  650.404323][   T29] kauditd_printk_skb: 50 callbacks suppressed
[  650.404342][   T29] audit: type=1326 audit(1725198604.100:748): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=15743 comm="syz.4.1848" exe="/root/syz-executor" sig=0 arch=40000003 syscall=240 compat=1 ip=0xf7f43579 code=0x7ffc0000
[  650.468503][T15744] netlink: 2 bytes leftover after parsing attributes in process `syz.4.1848'.
[  650.537966][   T29] audit: type=1326 audit(1725198604.100:749): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=15743 comm="syz.4.1848" exe="/root/syz-executor" sig=0 arch=40000003 syscall=240 compat=1 ip=0xf7f43579 code=0x7ffc0000
[  650.610020][   T29] audit: type=1326 audit(1725198604.110:750): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=15743 comm="syz.4.1848" exe="/root/syz-executor" sig=0 arch=40000003 syscall=357 compat=1 ip=0xf7f43579 code=0x7ffc0000
[  650.652669][ T5230] usb 1-1: USB disconnect, device number 88
[  650.757677][   T29] audit: type=1326 audit(1725198604.110:751): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=15743 comm="syz.4.1848" exe="/root/syz-executor" sig=0 arch=40000003 syscall=240 compat=1 ip=0xf7f43579 code=0x7ffc0000
[  650.793432][ T5285] usb 4-1: new high-speed USB device number 57 using dummy_hcd
[  650.802330][  T940] usb 2-1: new high-speed USB device number 77 using dummy_hcd
[  650.867580][   T29] audit: type=1326 audit(1725198604.130:752): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=15743 comm="syz.4.1848" exe="/root/syz-executor" sig=0 arch=40000003 syscall=357 compat=1 ip=0xf7f43579 code=0x7ffc0000
[  650.922037][   T29] audit: type=1326 audit(1725198604.130:753): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=15743 comm="syz.4.1848" exe="/root/syz-executor" sig=0 arch=40000003 syscall=240 compat=1 ip=0xf7f43579 code=0x7ffc0000
[  650.945583][   T29] audit: type=1326 audit(1725198604.130:754): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=15743 comm="syz.4.1848" exe="/root/syz-executor" sig=0 arch=40000003 syscall=240 compat=1 ip=0xf7f43579 code=0x7ffc0000
[  650.969108][   T29] audit: type=1326 audit(1725198604.140:755): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=15743 comm="syz.4.1848" exe="/root/syz-executor" sig=0 arch=40000003 syscall=430 compat=1 ip=0xf7f43579 code=0x7ffc0000
[  650.991863][   T29] audit: type=1326 audit(1725198604.140:756): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=15743 comm="syz.4.1848" exe="/root/syz-executor" sig=0 arch=40000003 syscall=240 compat=1 ip=0xf7f43579 code=0x7ffc0000
[  651.002970][T15762] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog
[  651.018387][   T29] audit: type=1326 audit(1725198604.140:757): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=15743 comm="syz.4.1848" exe="/root/syz-executor" sig=0 arch=40000003 syscall=240 compat=1 ip=0xf7f43579 code=0x7ffc0000
[  651.044786][  T940] usb 2-1: Using ep0 maxpacket: 8
[  651.045013][ T5285] usb 4-1: config 0 interface 0 altsetting 0 has an invalid descriptor for endpoint zero, skipping
[  651.069212][  T940] usb 2-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7
[  651.080367][  T940] usb 2-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0
[  651.090509][  T940] usb 2-1: New USB device found, idVendor=6666, idProduct=8804, bcdDevice= 0.00
[  651.102540][  T940] usb 2-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  651.122113][  T940] usb 2-1: config 0 descriptor??
[  651.148986][ T5285] usb 4-1: New USB device found, idVendor=0cf3, idProduct=9375, bcdDevice=1a.9e
[  651.182391][ T5285] usb 4-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  651.204236][ T5285] usb 4-1: config 0 descriptor??
[  651.577778][  T940] smartjoyplus 0003:6666:8804.001C: hidraw0: USB HID v0.00 Device [HID 6666:8804] on usb-dummy_hcd.1-1/input0
[  651.599523][  T940] smartjoyplus 0003:6666:8804.001C: Force feedback for SmartJoy PLUS PS2/USB adapter
[  651.887296][T15780] usb usb7: Requested nonsensical USBDEVFS_URB_ZERO_PACKET.
[  651.910463][T15780] input: syz0 as /devices/virtual/input/input44
[  652.117932][ T5230] usb 2-1: USB disconnect, device number 77
[  652.267820][ T5285] ath6kl: Failed to submit usb control message: -110
[  652.320157][ T5285] ath6kl: unable to send the bmi data to the device: -110
[  652.335523][ T5285] ath6kl: Unable to send get target info: -110
[  652.344156][ T5285] ath6kl: Failed to init ath6kl core: -110
[  652.350574][ T5285] ath6kl_usb 4-1:0.0: probe with driver ath6kl_usb failed with error -110
[  652.369288][ T5285] usb 4-1: USB disconnect, device number 57
[  652.772700][ T5286] usb 3-1: new high-speed USB device number 75 using dummy_hcd
[  652.981293][ T5286] usb 3-1: Using ep0 maxpacket: 32
[  653.007978][ T5286] usb 3-1: config 0 has too many interfaces: 65, using maximum allowed: 32
[  653.049519][ T5286] usb 3-1: config 0 has 1 interface, different from the descriptor's value: 65
[  653.083979][ T5286] usb 3-1: New USB device found, idVendor=174f, idProduct=6a31, bcdDevice=26.3f
[  653.116503][ T5286] usb 3-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  653.151984][ T5286] usb 3-1: Product: syz
[  653.169349][ T5286] usb 3-1: Manufacturer: syz
[  653.196023][ T5286] usb 3-1: SerialNumber: syz
[  653.237769][ T5286] usb 3-1: config 0 descriptor??
[  653.263952][ T5286] gspca_main: stk1135-2.14.0 probing 174f:6a31
[  653.842611][ T5285] usb 1-1: new high-speed USB device number 89 using dummy_hcd
[  653.959427][ T5286] gspca_stk1135: reg_w 0x0 err -71
[  654.013510][ T5286] gspca_stk1135: serial bus timeout: status=0x00
[  654.019900][ T5286] gspca_stk1135: Sensor write failed
[  654.041688][ T5286] gspca_stk1135: serial bus timeout: status=0x00
[  654.051171][ T5286] gspca_stk1135: Sensor write failed
[  654.058662][ T5286] gspca_stk1135: serial bus timeout: status=0x00
[  654.062371][ T5285] usb 1-1: Using ep0 maxpacket: 8
[  654.066546][ T5286] gspca_stk1135: Sensor read failed
[  654.076599][ T5286] gspca_stk1135: serial bus timeout: status=0x00
[  654.096830][ T5286] gspca_stk1135: Sensor read failed
[  654.102083][ T5286] gspca_stk1135: Detected sensor type unknown (0x0)
[  654.113518][ T5285] usb 1-1: string descriptor 0 read error: -22
[  654.121543][ T5286] gspca_stk1135: serial bus timeout: status=0x00
[  654.132082][ T5285] usb 1-1: New USB device found, idVendor=1415, idProduct=0003, bcdDevice=65.5d
[  654.147153][ T5286] gspca_stk1135: Sensor read failed
[  654.153608][ T5286] gspca_stk1135: serial bus timeout: status=0x00
[  654.159958][ T5286] gspca_stk1135: Sensor read failed
[  654.168567][ T5286] gspca_stk1135: serial bus timeout: status=0x00
[  654.183249][ T5286] gspca_stk1135: Sensor write failed
[  654.189149][ T5286] gspca_stk1135: serial bus timeout: status=0x00
[  654.198873][ T5286] gspca_stk1135: Sensor write failed
[  654.201157][   T25] net_ratelimit: 8 callbacks suppressed
[  654.201172][   T25] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog
[  654.219244][ T5286] stk1135 3-1:0.0: probe with driver stk1135 failed with error -71
[  654.235812][   T47] usb 2-1: new high-speed USB device number 78 using dummy_hcd
[  654.238956][ T5286] usb 3-1: USB disconnect, device number 75
[  654.254449][ T5285] usb 1-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  654.283443][ T5285] usb 1-1: config 0 descriptor??
[  654.465791][   T47] usb 2-1: config 0 interface 0 has no altsetting 0
[  654.480560][   T47] usb 2-1: New USB device found, idVendor=046d, idProduct=0a0e, bcdDevice=94.75
[  654.509662][    T9] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog
[  654.518167][   T47] usb 2-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  654.544905][   T47] usb 2-1: config 0 descriptor??
[  654.634548][   T25] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog
[  654.942345][ T5285] dvb-usb: found a 'Sony PlayTV' in cold state, will try to load a firmware
[  655.013037][ T5285] dvb-usb: downloading firmware from file 'dvb-usb-dib0700-1.20.fw'
[  655.045627][ T5285] dib0700: firmware download failed at 7 with -22
[  655.057871][T15856] netlink: 2 bytes leftover after parsing attributes in process `syz.3.1871'.
[  655.071588][ T5285] usb 1-1: USB disconnect, device number 89
[  655.167444][   T47] video4linux radio32: keene_cmd_set failed (-71)
[  655.189714][   T47] radio-keene 2-1:0.0: V4L2 device registered as radio32
[  655.224665][T15863] xt_CT: You must specify a L4 protocol and not use inversions on it
[  655.253009][   T47] usb 2-1: USB disconnect, device number 78
[  655.513443][    T9] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog
[  656.424806][T15900] netlink: 'syz.1.1877': attribute type 6 has an invalid length.
[  656.440260][T15900] netlink: 181400 bytes leftover after parsing attributes in process `syz.1.1877'.
[  656.553346][    T9] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog
[  656.962420][    T9] usb 4-1: new high-speed USB device number 58 using dummy_hcd
[  657.210136][    T9] usb 4-1: config 0 has no interfaces?
[  657.235616][    T9] usb 4-1: New USB device found, idVendor=0525, idProduct=a4a1, bcdDevice= 0.40
[  657.253630][    T9] usb 4-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  657.261673][    T9] usb 4-1: Product: syz
[  657.265913][    T9] usb 4-1: Manufacturer: syz
[  657.272160][    T9] usb 4-1: SerialNumber: syz
[  657.289123][    T9] usb 4-1: config 0 descriptor??
[  657.308244][   T47] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog
[  657.585179][T15915] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy
[  657.594396][    T8] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog
[  657.621067][T15915] misc raw-gadget: fail, usb_gadget_register_driver returned -16
[  657.667439][T15915] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy
[  657.689374][T15915] misc raw-gadget: fail, usb_gadget_register_driver returned -16
[  657.762380][    T9] usb 2-1: new high-speed USB device number 79 using dummy_hcd
[  657.802332][  T940] usb 3-1: new high-speed USB device number 76 using dummy_hcd
[  657.866054][ T5286] usb 4-1: USB disconnect, device number 58
[  657.896565][   T47] usb 1-1: new high-speed USB device number 90 using dummy_hcd
[  657.947085][    T9] usb 2-1: config 27 interface 0 altsetting 0 endpoint 0x8B has an invalid bInterval 0, changing to 7
[  657.961107][    T9] usb 2-1: config 27 interface 0 altsetting 0 bulk endpoint 0xB has invalid maxpacket 47
[  657.971972][    T9] usb 2-1: New USB device found, idVendor=0582, idProduct=0014, bcdDevice=bb.9d
[  657.981764][    T9] usb 2-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  657.998216][  T940] usb 3-1: New USB device found, idVendor=1d50, idProduct=606f, bcdDevice=9f.d4
[  658.008606][  T940] usb 3-1: New USB device strings: Mfr=188, Product=0, SerialNumber=0
[  658.023049][T15926] raw-gadget.1 gadget.1: fail, usb_ep_enable returned -22
[  658.035400][    T9] usb 2-1: Quirk or no altset; falling back to MIDI 1.0
[  658.051097][  T940] usb 3-1: Manufacturer: syz
[  658.064078][  T940] usb 3-1: config 0 descriptor??
[  658.104526][   T47] usb 1-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config
[  658.147511][   T47] usb 1-1: config 0 has 0 interfaces, different from the descriptor's value: 1
[  658.178504][   T47] usb 1-1: New USB device found, idVendor=1a34, idProduct=0802, bcdDevice= 0.00
[  658.193329][   T47] usb 1-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  658.217589][   T47] usb 1-1: config 0 descriptor??
[  658.475975][    C0] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog
[  658.532783][  T940] gs_usb 3-1:0.0: Couldn't get device config: (err=-121)
[  658.546200][  T940] gs_usb 3-1:0.0: probe with driver gs_usb failed with error -121
[  658.632838][    T9] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog
[  658.668085][T15933] netlink: 12 bytes leftover after parsing attributes in process `syz.0.1894'.
[  658.829155][    T9] usb 2-1: USB disconnect, device number 79
[  658.914438][  T940] usb 4-1: new high-speed USB device number 59 using dummy_hcd
[  659.083329][ T5285] usb 5-1: new high-speed USB device number 60 using dummy_hcd
[  659.102339][  T940] usb 4-1: Using ep0 maxpacket: 8
[  659.123468][T15944] netlink: 8 bytes leftover after parsing attributes in process `syz.2.1885'.
[  659.135205][  T940] usb 4-1: string descriptor 0 read error: -22
[  659.141529][  T940] usb 4-1: New USB device found, idVendor=1415, idProduct=0003, bcdDevice=65.5d
[  659.174761][  T940] usb 4-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  659.189754][  T940] usb 4-1: config 0 descriptor??
[  659.276628][ T5285] usb 5-1: config 0 interface 0 has no altsetting 0
[  659.293708][ T5285] usb 5-1: New USB device found, idVendor=046d, idProduct=0a0e, bcdDevice=94.75
[  659.313871][ T5285] usb 5-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  659.336912][ T5285] usb 5-1: config 0 descriptor??
[  659.700408][ T5282] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog
[  659.905000][T15951] vhci_hcd vhci_hcd.0: pdev(1) rhport(0) sockfd(12)
[  659.911693][T15951] vhci_hcd vhci_hcd.0: devid(0) speed(3) speed_str(high-speed)
[  659.933912][T15951] vhci_hcd vhci_hcd.0: Device attached
[  659.975779][ T5285] video4linux radio32: keene_cmd_set failed (-71)
[  659.982477][ T5285] radio-keene 5-1:0.0: V4L2 device registered as radio32
[  659.995974][ T5285] usb 5-1: USB disconnect, device number 60
[  660.022626][  T940] dvb-usb: found a 'Sony PlayTV' in cold state, will try to load a firmware
[  660.077623][  T940] dvb-usb: downloading firmware from file 'dvb-usb-dib0700-1.20.fw'
[  660.104342][  T940] dib0700: firmware download failed at 7 with -22
[  660.149008][  T940] usb 4-1: USB disconnect, device number 59
[  660.233708][   T47] usb 11-1: new high-speed USB device number 3 using vhci_hcd
[  660.316076][ T5285] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog
[  660.494842][T15952] vhci_hcd: connection reset by peer
[  660.506510][ T1072] vhci_hcd: stop threads
[  660.508640][ T8369] usb 1-1: USB disconnect, device number 90
[  660.517371][ T1072] vhci_hcd: release socket
[  660.517506][ T1072] vhci_hcd: disconnect device
[  660.594720][    T9] usb 3-1: USB disconnect, device number 76
[  660.716271][  T940] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog
[  661.142465][ T5286] usb 4-1: new high-speed USB device number 60 using dummy_hcd
[  661.152320][ T8369] usb 1-1: new high-speed USB device number 91 using dummy_hcd
[  661.202518][    T9] usb 3-1: new high-speed USB device number 77 using dummy_hcd
[  661.344179][ T5286] usb 4-1: New USB device found, idVendor=0bed, idProduct=1100, bcdDevice=ec.c3
[  661.362389][ T5286] usb 4-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  661.363272][ T8369] usb 1-1: too many configurations: 124, using maximum allowed: 8
[  661.381774][ T5286] usb 4-1: config 0 descriptor??
[  661.399374][ T5286] cp210x 4-1:0.0: cp210x converter detected
[  661.412868][    T9] usb 3-1: Using ep0 maxpacket: 16
[  661.420724][    T9] usb 3-1: config 0 interface 0 altsetting 0 endpoint 0x89 has an invalid bInterval 0, changing to 7
[  661.422340][ T8369] usb 1-1: config 1 has an invalid descriptor of length 0, skipping remainder of the config
[  661.432547][    T9] usb 3-1: config 0 interface 0 altsetting 0 endpoint 0x89 has invalid wMaxPacketSize 0
[  661.454204][    T9] usb 3-1: New USB device found, idVendor=0158, idProduct=0100, bcdDevice= 0.00
[  661.463738][    T9] usb 3-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  661.484715][    T9] usb 3-1: config 0 descriptor??
[  661.495935][ T8369] usb 1-1: config 1 has 1 interface, different from the descriptor's value: 3
[  661.514088][ T8369] usb 1-1: config 1 has an invalid descriptor of length 0, skipping remainder of the config
[  661.532337][ T8369] usb 1-1: config 1 has 1 interface, different from the descriptor's value: 3
[  661.555550][ T8369] usb 1-1: config 1 has an invalid descriptor of length 0, skipping remainder of the config
[  661.573725][ T8369] usb 1-1: config 1 has 1 interface, different from the descriptor's value: 3
[  661.584551][ T8369] usb 1-1: config 1 has an invalid descriptor of length 0, skipping remainder of the config
[  661.595931][ T8369] usb 1-1: config 1 has 1 interface, different from the descriptor's value: 3
[  661.606322][ T8369] usb 1-1: config 1 has an invalid descriptor of length 0, skipping remainder of the config
[  661.617537][ T8369] usb 1-1: config 1 has 1 interface, different from the descriptor's value: 3
[  661.628004][ T8369] usb 1-1: config 1 has an invalid descriptor of length 0, skipping remainder of the config
[  661.638350][ T8369] usb 1-1: config 1 has 1 interface, different from the descriptor's value: 3
[  661.649739][ T8369] usb 1-1: config 1 has an invalid descriptor of length 0, skipping remainder of the config
[  661.660420][ T8369] usb 1-1: config 1 has 1 interface, different from the descriptor's value: 3
[  661.675055][ T8369] usb 1-1: config 1 has an invalid descriptor of length 0, skipping remainder of the config
[  661.687223][ T5230] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog
[  661.696963][ T8369] usb 1-1: config 1 has 1 interface, different from the descriptor's value: 3
[  661.708939][ T8369] usb 1-1: New USB device found, idVendor=089d, idProduct=0000, bcdDevice= 3.00
[  661.718328][ T8369] usb 1-1: New USB device strings: Mfr=81, Product=116, SerialNumber=235
[  661.727132][ T8369] usb 1-1: Product: syz
[  661.731670][ T8369] usb 1-1: Manufacturer: syz
[  661.736417][ T8369] usb 1-1: SerialNumber: syz
[  661.752995][T15976] netlink: 12 bytes leftover after parsing attributes in process `syz.3.1892'.
[  661.754176][  T940] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog
[  661.944832][T15957] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy
[  661.975071][T15957] misc raw-gadget: fail, usb_gadget_register_driver returned -16
[  662.036755][T15957] xt_NFQUEUE: number of total queues is 0
[  662.178378][ T8369] usb 1-1: USB disconnect, device number 91
[  662.285912][    T9] usbhid 3-1:0.0: can't add hid device: -71
[  662.286053][    T9] usbhid 3-1:0.0: probe with driver usbhid failed with error -71
[  662.329374][    T9] usb 3-1: USB disconnect, device number 77
[  662.793236][  T940] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog
[  662.872986][    T9] usb 5-1: new high-speed USB device number 61 using dummy_hcd
[  663.070096][    T9] usb 5-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config
[  663.084485][    T9] usb 5-1: config 0 has 0 interfaces, different from the descriptor's value: 1
[  663.094439][    T9] usb 5-1: New USB device found, idVendor=17e9, idProduct=8b4e, bcdDevice=9c.08
[  663.108984][    T9] usb 5-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  663.121978][    T9] usb 5-1: config 0 descriptor??
[  663.358053][ T5230] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog
[  663.582321][ T8369] usb 3-1: new high-speed USB device number 78 using dummy_hcd
[  663.645156][T16007] IPVS: length: 134 != 24
[  663.684575][ T5230] usb 1-1: new high-speed USB device number 92 using dummy_hcd
[  663.774550][ T8369] usb 3-1: config 0 interface 0 has no altsetting 0
[  663.796434][ T8369] usb 3-1: New USB device found, idVendor=046d, idProduct=0a0e, bcdDevice=94.75
[  663.808287][ T8369] usb 3-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  663.826234][ T8369] usb 3-1: config 0 descriptor??
[  663.832805][    C0] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog
[  663.841385][    C0] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog
[  663.849966][    C0] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog
[  663.864451][ T5286] cp210x 4-1:0.0: failed to get vendor val 0x370b size 1: -71
[  663.882903][ T5230] usb 1-1: Using ep0 maxpacket: 8
[  663.896984][ T5230] usb 1-1: string descriptor 0 read error: -22
[  663.906072][ T5230] usb 1-1: New USB device found, idVendor=1415, idProduct=0003, bcdDevice=65.5d
[  663.916569][ T5230] usb 1-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  663.927439][ T5230] usb 1-1: config 0 descriptor??
[  663.941412][ T5286] cp210x 4-1:0.0: querying part number failed
[  664.000462][ T5286] usb 4-1: cp210x converter now attached to ttyUSB0
[  664.035072][ T5286] usb 4-1: USB disconnect, device number 60
[  664.079869][ T5286] cp210x ttyUSB0: cp210x converter now disconnected from ttyUSB0
[  664.131738][ T5286] cp210x 4-1:0.0: device disconnected
[  664.425684][   T25] usb 5-1: USB disconnect, device number 61
[  664.476925][T15994] kvm_intel: set kvm_intel.dump_invalid_vmcs=1 to dump internal KVM state.
[  664.556624][ T8369] video4linux radio32: keene_cmd_set failed (-71)
[  664.569335][ T8369] radio-keene 3-1:0.0: V4L2 device registered as radio32
[  664.597260][ T8369] usb 3-1: USB disconnect, device number 78
[  664.891448][    T9] net_ratelimit: 2 callbacks suppressed
[  664.891470][    T9] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog
[  664.956005][ T5230] dvb-usb: found a 'Sony PlayTV' in cold state, will try to load a firmware
[  664.973846][ T5230] dvb-usb: downloading firmware from file 'dvb-usb-dib0700-1.20.fw'
[  664.985100][ T5230] dib0700: firmware download failed at 7 with -22
[  664.997018][ T5230] usb 1-1: USB disconnect, device number 92
[  665.172390][ T8369] usb 4-1: new full-speed USB device number 61 using dummy_hcd
[  665.362585][   T47] vhci_hcd: vhci_device speed not set
[  665.370638][ T8369] usb 4-1: not running at top speed; connect to a high speed hub
[  665.406361][ T8369] usb 4-1: config 1 interface 0 has no altsetting 0
[  665.427155][ T8369] usb 4-1: New USB device found, idVendor=0525, idProduct=a4a1, bcdDevice= 0.40
[  665.438068][ T8369] usb 4-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  665.447747][ T8369] usb 4-1: Manufacturer: ᰉ
[  665.452699][ T8369] usb 4-1: SerialNumber: 耹盏Ǻ磬ꢄ㡁忘튳㈸鹤楞㓾㟢歨㬤냴졄ﲀￂ⧞ꓪ㭲핚츐࢞젿͚ž伵䚳
[  665.583155][T16028] kvm: vcpu 0: requested lapic timer restore with starting count register 0x390=536871360 (1073742720 ns) > initial count (1073742080 ns). Using initial count to start timer.
[  665.606862][T16031] netlink: 4 bytes leftover after parsing attributes in process `syz.4.1911'.
[  665.688922][T16031] netlink: 4 bytes leftover after parsing attributes in process `syz.4.1911'.
[  665.913017][    T9] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog
[  665.913157][ T8369] cdc_ether 4-1:1.0: probe with driver cdc_ether failed with error -71
[  665.958862][ T8369] usb 4-1: USB disconnect, device number 61
[  666.398149][ T8369] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog
[  666.402338][ T5286] usb 1-1: new high-speed USB device number 93 using dummy_hcd
[  666.606885][ T5286] usb 1-1: config 0 interface 0 altsetting 0 has an invalid descriptor for endpoint zero, skipping
[  666.644793][ T5286] usb 1-1: New USB device found, idVendor=0cf3, idProduct=9375, bcdDevice=1a.9e
[  666.654399][ T5286] usb 1-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  666.669774][ T5286] usb 1-1: config 0 descriptor??
[  666.712403][    C1] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog
[  666.969509][    T9] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog
[  666.980673][T16055] xt_CT: You must specify a L4 protocol and not use inversions on it
[  667.398966][ T5286] ath6kl: Failed to submit usb control message: -71
[  667.436530][ T5286] ath6kl: unable to send the bmi data to the device: -71
[  667.464765][ T5286] ath6kl: Unable to send get target info: -71
[  667.508756][ T5286] ath6kl: Failed to init ath6kl core: -71
[  667.544554][ T5286] ath6kl_usb 1-1:0.0: probe with driver ath6kl_usb failed with error -71
[  667.566369][ T5286] usb 1-1: USB disconnect, device number 93
[  667.762308][    C1] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog
[  667.994133][    T9] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog
[  668.202457][ T5286] usb 4-1: new high-speed USB device number 62 using dummy_hcd
[  668.404216][ T5286] usb 4-1: config 0 interface 0 has no altsetting 0
[  668.413438][ T5286] usb 4-1: New USB device found, idVendor=046d, idProduct=0a0e, bcdDevice=94.75
[  668.427119][ T5286] usb 4-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  668.450938][ T5286] usb 4-1: config 0 descriptor??
[  668.514224][   T29] kauditd_printk_skb: 81 callbacks suppressed
[  668.514242][   T29] audit: type=1326 audit(1725198622.210:839): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=16079 comm="syz.1.1923" exe="/root/syz-executor" sig=0 arch=40000003 syscall=240 compat=1 ip=0xf7f01579 code=0x7ffc0000
[  668.524897][T16080] netlink: 2 bytes leftover after parsing attributes in process `syz.1.1923'.
[  668.553580][    T9] usb 1-1: new high-speed USB device number 94 using dummy_hcd
[  668.599791][   T29] audit: type=1326 audit(1725198622.210:840): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=16079 comm="syz.1.1923" exe="/root/syz-executor" sig=0 arch=40000003 syscall=240 compat=1 ip=0xf7f01579 code=0x7ffc0000
[  668.638008][   T29] audit: type=1326 audit(1725198622.210:841): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=16079 comm="syz.1.1923" exe="/root/syz-executor" sig=0 arch=40000003 syscall=357 compat=1 ip=0xf7f01579 code=0x7ffc0000
[  668.670790][   T29] audit: type=1326 audit(1725198622.210:842): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=16079 comm="syz.1.1923" exe="/root/syz-executor" sig=0 arch=40000003 syscall=240 compat=1 ip=0xf7f01579 code=0x7ffc0000
[  668.694035][   T29] audit: type=1326 audit(1725198622.210:843): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=16079 comm="syz.1.1923" exe="/root/syz-executor" sig=0 arch=40000003 syscall=357 compat=1 ip=0xf7f01579 code=0x7ffc0000
[  668.716019][    C1] vkms_vblank_simulate: vblank timer overrun
[  668.723736][   T29] audit: type=1326 audit(1725198622.210:844): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=16079 comm="syz.1.1923" exe="/root/syz-executor" sig=0 arch=40000003 syscall=240 compat=1 ip=0xf7f01579 code=0x7ffc0000
[  668.744336][    T9] usb 1-1: config 0 interface 0 has no altsetting 0
[  668.745795][    C1] vkms_vblank_simulate: vblank timer overrun
[  668.747591][   T29] audit: type=1326 audit(1725198622.210:845): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=16079 comm="syz.1.1923" exe="/root/syz-executor" sig=0 arch=40000003 syscall=240 compat=1 ip=0xf7f01579 code=0x7ffc0000
[  668.780314][    C1] vkms_vblank_simulate: vblank timer overrun
[  668.786779][   T29] audit: type=1326 audit(1725198622.210:846): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=16079 comm="syz.1.1923" exe="/root/syz-executor" sig=0 arch=40000003 syscall=430 compat=1 ip=0xf7f01579 code=0x7ffc0000
[  668.808916][    C1] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog
[  668.818537][   T29] audit: type=1326 audit(1725198622.210:847): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=16079 comm="syz.1.1923" exe="/root/syz-executor" sig=0 arch=40000003 syscall=240 compat=1 ip=0xf7f01579 code=0x7ffc0000
[  668.841300][   T29] audit: type=1326 audit(1725198622.210:848): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=16079 comm="syz.1.1923" exe="/root/syz-executor" sig=0 arch=40000003 syscall=240 compat=1 ip=0xf7f01579 code=0x7ffc0000
[  668.863300][    C1] vkms_vblank_simulate: vblank timer overrun
[  668.889549][    T9] usb 1-1: New USB device found, idVendor=046d, idProduct=0a0e, bcdDevice=94.75
[  668.927271][    T9] usb 1-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  668.954818][    T9] usb 1-1: config 0 descriptor??
[  669.038998][    T8] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog
[  669.282723][T16070] kvm_intel: set kvm_intel.dump_invalid_vmcs=1 to dump internal KVM state.
[  669.295145][ T5286] video4linux radio32: keene_cmd_set failed (-71)
[  669.305677][ T5286] radio-keene 4-1:0.0: V4L2 device registered as radio32
[  669.316104][ T5286] usb 4-1: USB disconnect, device number 62
[  669.376596][ T8369] usb 3-1: new high-speed USB device number 79 using dummy_hcd
[  669.436529][   T47] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog
[  669.572410][ T8369] usb 3-1: Using ep0 maxpacket: 8
[  669.576728][    T9] video4linux radio33: keene_cmd_set failed (-71)
[  669.584217][ T8369] usb 3-1: string descriptor 0 read error: -22
[  669.605148][    T9] radio-keene 1-1:0.0: V4L2 device registered as radio33
[  669.611552][ T8369] usb 3-1: New USB device found, idVendor=1415, idProduct=0003, bcdDevice=65.5d
[  669.626831][    T9] usb 1-1: USB disconnect, device number 94
[  669.647075][ T8369] usb 3-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  669.661068][ T8369] usb 3-1: config 0 descriptor??
[  670.076577][    T9] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog
[  670.132441][  T940] usb 2-1: new high-speed USB device number 80 using dummy_hcd
[  670.170862][ T8369] dvb-usb: found a 'Sony PlayTV' in cold state, will try to load a firmware
[  670.183565][ T8369] dvb-usb: downloading firmware from file 'dvb-usb-dib0700-1.20.fw'
[  670.191689][ T8369] dib0700: firmware download failed at 7 with -22
[  670.206077][ T8369] usb 3-1: USB disconnect, device number 79
[  670.345240][  T940] usb 2-1: config 1 interface 0 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 0
[  670.394599][T16102] netlink: 12 bytes leftover after parsing attributes in process `syz.4.1928'.
[  670.418329][  T940] usb 2-1: New USB device found, idVendor=05ac, idProduct=025b, bcdDevice= 0.40
[  670.446825][  T940] usb 2-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  670.499069][  T940] usb 2-1: Product: syz
[  670.514381][  T940] usb 2-1: Manufacturer: syz
[  670.522589][  T940] usb 2-1: SerialNumber: syz
[  670.546589][  T940] input: bcm5974 as /devices/platform/dummy_hcd.1/usb2/2-1/2-1:1.0/input/input45
[  670.842322][ T8369] usb 1-1: new high-speed USB device number 95 using dummy_hcd
[  670.955737][T16110] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog
[  670.964235][    C1] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog
[  671.106647][ T8369] usb 1-1: New USB device found, idVendor=08fd, idProduct=0002, bcdDevice=ca.fd
[  671.116833][ T8369] usb 1-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  671.126411][ T8369] usb 1-1: Product: syz
[  671.126604][ T5286] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog
[  671.131105][ T8369] usb 1-1: Manufacturer: syz
[  671.146642][ T8369] usb 1-1: SerialNumber: syz
[  671.170139][ T8369] usb 1-1: config 0 descriptor??
[  671.266280][ T5239] Bluetooth: hci8: urb ffff888024ad1f00 submission failed (2)
[  671.297456][   T47] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog
[  671.306365][ T4672] bcm5974 2-1:1.0: could not read from device
[  671.415353][ T4672] bcm5974 2-1:1.0: could not read from device
[  671.441479][  T940] usb 2-1: USB disconnect, device number 80
[  671.534612][ T5248] udevd[5248]: Unable to EVIOCGABS device "/dev/input/event4"
[  671.552427][ T5248] udevd[5248]: Unable to EVIOCGABS device "/dev/input/event4"
[  671.560210][ T5248] udevd[5248]: Unable to EVIOCGABS device "/dev/input/event4"
[  671.574318][ T5248] udevd[5248]: Unable to EVIOCGABS device "/dev/input/event4"
[  671.743582][ T5230] usb 1-1: USB disconnect, device number 95
[  671.763697][T16119] input: syz0 as /devices/virtual/input/input46
[  671.777266][T16105] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium
[  672.152552][ T5286] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog
[  672.322338][    C1] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog
[  672.473054][   T47] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog
[  672.522643][ T5230] usb 5-1: new high-speed USB device number 62 using dummy_hcd
[  672.720110][ T5230] usb 5-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7
[  672.733570][ T5230] usb 5-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0
[  672.744027][ T5230] usb 5-1: config 0 interface 0 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 21
[  672.757529][ T5230] usb 5-1: New USB device found, idVendor=047f, idProduct=ffff, bcdDevice= 0.00
[  672.766806][ T5230] usb 5-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  672.776732][ T5230] usb 5-1: config 0 descriptor??
[  672.811344][T16145] netlink: 16 bytes leftover after parsing attributes in process `syz.3.1940'.
[  672.851441][T16145] dvmrp0: entered allmulticast mode
[  672.942345][  T940] usb 3-1: new high-speed USB device number 80 using dummy_hcd
[  673.156059][  T940] usb 3-1: config 0 interface 0 has no altsetting 0
[  673.165745][  T940] usb 3-1: New USB device found, idVendor=046d, idProduct=0a0e, bcdDevice=94.75
[  673.190191][  T940] usb 3-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  673.199474][ T5286] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog
[  673.231031][  T940] usb 3-1: config 0 descriptor??
[  673.280525][ T5230] plantronics 0003:047F:FFFF.001D: unknown main item tag 0x0
[  673.309480][ T5230] plantronics 0003:047F:FFFF.001D: unknown main item tag 0x0
[  673.352346][    C1] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog
[  673.394610][ T5230] plantronics 0003:047F:FFFF.001D: No inputs registered, leaving
[  673.404515][T16157] x_tables: arp_tables: CLASSIFY target: used from hooks INPUT, but only usable from FORWARD/OUTPUT
[  673.443523][ T5230] plantronics 0003:047F:FFFF.001D: hiddev0,hidraw0: USB HID v0.40 Device [HID 047f:ffff] on usb-dummy_hcd.4-1/input0
[  673.448970][T16155] 
: renamed from bond0 (while UP)
[  673.886497][T16138] kvm_intel: set kvm_intel.dump_invalid_vmcs=1 to dump internal KVM state.
[  673.904527][  T940] video4linux radio32: keene_cmd_set failed (-71)
[  673.910989][  T940] radio-keene 3-1:0.0: V4L2 device registered as radio32
[  673.936525][  T940] usb 3-1: USB disconnect, device number 80
[  674.072110][ T5285] usb 5-1: USB disconnect, device number 62
[  674.482894][   T29] kauditd_printk_skb: 24 callbacks suppressed
[  674.482907][   T29] audit: type=1326 audit(1725198628.180:873): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=16147 comm="syz.3.1943" exe="/root/syz-executor" sig=31 arch=40000003 syscall=240 compat=1 ip=0xf746d579 code=0x0
[  675.016932][T16177] input: syz0 as /devices/virtual/input/input47
[  675.287713][ T5286] net_ratelimit: 3 callbacks suppressed
[  675.287735][ T5286] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog
[  675.361266][T16187] netlink: 16 bytes leftover after parsing attributes in process `syz.3.1951'.
[  675.432377][    C1] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog
[  675.512960][ T5285] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog
[  675.906408][   T29] audit: type=1326 audit(1725198629.600:874): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=16190 comm="syz.4.1953" exe="/root/syz-executor" sig=0 arch=40000003 syscall=240 compat=1 ip=0xf7f43579 code=0x7ffc0000
[  675.952698][   T29] audit: type=1326 audit(1725198629.620:875): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=16190 comm="syz.4.1953" exe="/root/syz-executor" sig=0 arch=40000003 syscall=240 compat=1 ip=0xf7f43579 code=0x7ffc0000
[  676.039193][T16191] netlink: 2 bytes leftover after parsing attributes in process `syz.4.1953'.
[  676.063347][   T29] audit: type=1326 audit(1725198629.670:876): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=16190 comm="syz.4.1953" exe="/root/syz-executor" sig=0 arch=40000003 syscall=357 compat=1 ip=0xf7f43579 code=0x7ffc0000
[  676.175265][   T29] audit: type=1326 audit(1725198629.670:877): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=16190 comm="syz.4.1953" exe="/root/syz-executor" sig=0 arch=40000003 syscall=240 compat=1 ip=0xf7f43579 code=0x7ffc0000
[  676.197244][    C0] vkms_vblank_simulate: vblank timer overrun
[  676.321315][   T29] audit: type=1326 audit(1725198629.670:878): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=16190 comm="syz.4.1953" exe="/root/syz-executor" sig=0 arch=40000003 syscall=240 compat=1 ip=0xf7f43579 code=0x7ffc0000
[  676.351770][T16204] xt_CT: You must specify a L4 protocol and not use inversions on it
[  676.355205][ T5286] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog
[  676.472326][    C1] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog
[  676.484738][   T29] audit: type=1326 audit(1725198629.690:879): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=16190 comm="syz.4.1953" exe="/root/syz-executor" sig=0 arch=40000003 syscall=357 compat=1 ip=0xf7f43579 code=0x7ffc0000
[  676.564759][   T29] audit: type=1326 audit(1725198629.690:880): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=16190 comm="syz.4.1953" exe="/root/syz-executor" sig=0 arch=40000003 syscall=240 compat=1 ip=0xf7f43579 code=0x7ffc0000
[  676.661672][   T29] audit: type=1326 audit(1725198629.700:881): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=16190 comm="syz.4.1953" exe="/root/syz-executor" sig=0 arch=40000003 syscall=430 compat=1 ip=0xf7f43579 code=0x7ffc0000
[  676.689556][T16209] x_tables: arp_tables: CLASSIFY target: used from hooks INPUT, but only usable from FORWARD/OUTPUT
[  676.750666][   T29] audit: type=1326 audit(1725198629.700:882): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=16190 comm="syz.4.1953" exe="/root/syz-executor" sig=0 arch=40000003 syscall=240 compat=1 ip=0xf7f43579 code=0x7ffc0000
[  677.192528][    T9] usb 4-1: new high-speed USB device number 63 using dummy_hcd
[  677.318419][T16225] netlink: 4 bytes leftover after parsing attributes in process `syz.1.1962'.
[  677.338724][T16225] netlink: 4 bytes leftover after parsing attributes in process `syz.1.1962'.
[  677.404239][    T9] usb 4-1: config 0 interface 0 has no altsetting 0
[  677.437125][    T9] usb 4-1: New USB device found, idVendor=046d, idProduct=0a0e, bcdDevice=94.75
[  677.446399][  T940] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog
[  677.463214][ T1083] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog
[  677.473932][ T8369] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog
[  677.494333][ T5286] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog
[  677.507146][    T9] usb 4-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  677.522483][    C1] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog
[  677.541198][    T9] usb 4-1: config 0 descriptor??
[  677.963926][    T8] usb 3-1: new high-speed USB device number 81 using dummy_hcd
[  678.154804][ T5239] Bluetooth: hci0: Controller not accepting commands anymore: ncmd = 0
[  678.165985][ T5239] Bluetooth: hci0: Injecting HCI hardware error event
[  678.176354][ T5232] Bluetooth: hci0: hardware error 0x00
[  678.203653][    T8] usb 3-1: Using ep0 maxpacket: 32
[  678.209179][T16214] kvm_intel: set kvm_intel.dump_invalid_vmcs=1 to dump internal KVM state.
[  678.220940][    T8] usb 3-1: New USB device found, idVendor=055f, idProduct=d001, bcdDevice=88.92
[  678.230452][    T9] video4linux radio32: keene_cmd_set failed (-71)
[  678.239441][    T8] usb 3-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  678.248291][    T9] radio-keene 4-1:0.0: V4L2 device registered as radio32
[  678.259568][    T8] usb 3-1: config 0 descriptor??
[  678.267017][    T9] usb 4-1: USB disconnect, device number 63
[  678.278099][    T8] gspca_main: nw80x-2.14.0 probing 055f:d001
[  678.472543][ T8369] usb 1-1: new high-speed USB device number 96 using dummy_hcd
[  678.536031][ T5239] Bluetooth: hci0: unexpected event for opcode 0x0c46
[  678.639917][T16244] usb usb7: Requested nonsensical USBDEVFS_URB_ZERO_PACKET.
[  678.669068][T16244] input: syz0 as /devices/virtual/input/input48
[  678.682323][ T8369] usb 1-1: Using ep0 maxpacket: 16
[  678.706890][ T8369] usb 1-1: config 0 interface 0 altsetting 0 endpoint 0x89 has an invalid bInterval 0, changing to 7
[  678.728262][ T8369] usb 1-1: config 0 interface 0 altsetting 0 endpoint 0x89 has invalid wMaxPacketSize 0
[  678.739206][ T8369] usb 1-1: New USB device found, idVendor=0158, idProduct=0100, bcdDevice= 0.00
[  678.751714][ T8369] usb 1-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  678.787148][ T8369] usb 1-1: config 0 descriptor??
[  679.219315][T16234] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy
[  679.254838][T16234] misc raw-gadget: fail, usb_gadget_register_driver returned -16
[  679.274198][T16234] xt_NFQUEUE: number of total queues is 0
[  679.312527][ T5286] usb 2-1: new high-speed USB device number 81 using dummy_hcd
[  679.492620][ T8369] usbhid 1-1:0.0: can't add hid device: -71
[  679.511860][ T8369] usbhid 1-1:0.0: probe with driver usbhid failed with error -71
[  679.521097][ T5286] usb 2-1: Using ep0 maxpacket: 32
[  679.535395][ T8369] usb 1-1: USB disconnect, device number 96
[  679.554261][ T5286] usb 2-1: config 1 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7
[  679.579136][ T5286] usb 2-1: New USB device found, idVendor=0525, idProduct=a4a1, bcdDevice= 0.40
[  679.591124][ T5286] usb 2-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  679.606603][ T5286] usb 2-1: Product: syz
[  679.610829][ T5286] usb 2-1: Manufacturer: syz
[  679.623700][ T5286] usb 2-1: SerialNumber: syz
[  680.191993][T16246] input: syz0 as /devices/virtual/input/input49
[  680.217666][    T8] gspca_nw80x: reg_w err -71
[  680.233632][ T5232] Bluetooth: hci0: Opcode 0x0c03 failed: -110
[  680.236887][    T8] nw80x 3-1:0.0: probe with driver nw80x failed with error -71
[  680.255008][    T8] usb 3-1: USB disconnect, device number 81
[  680.634906][    T9] net_ratelimit: 5 callbacks suppressed
[  680.634926][    T9] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog
[  680.891829][ T8369] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog
[  680.922094][ T5286] cdc_ncm 2-1:1.0: MAC-Address: 42:42:42:42:42:42
[  680.952553][ T5286] cdc_ncm 2-1:1.0: dwNtbInMaxSize=16 is too small. Using 2048
[  680.960132][ T5286] cdc_ncm 2-1:1.0: setting rx_max = 2048
[  681.322490][    T9] usb 4-1: new high-speed USB device number 64 using dummy_hcd
[  681.446561][ T5286] cdc_ncm 2-1:1.0: setting tx_max = 88
[  681.464636][ T5286] cdc_ncm 2-1:1.0 usb0: register 'cdc_ncm' at usb-dummy_hcd.1-1, CDC NCM (NO ZLP), 42:42:42:42:42:42
[  681.507042][ T5286] usb 2-1: USB disconnect, device number 81
[  681.525225][ T5286] cdc_ncm 2-1:1.0 usb0: unregister 'cdc_ncm' usb-dummy_hcd.1-1, CDC NCM (NO ZLP)
[  681.552710][    T9] usb 4-1: New USB device found, idVendor=04bb, idProduct=0901, bcdDevice=55.ba
[  681.603057][ T5230] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog
[  681.622385][ T5285] usb 3-1: new high-speed USB device number 82 using dummy_hcd
[  681.657767][    T9] usb 4-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  681.675020][ T5288] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog
[  681.693774][    T9] usb 4-1: Product: syz
[  681.718084][    T9] usb 4-1: Manufacturer: syz
[  681.736145][    T9] usb 4-1: SerialNumber: syz
[  681.762035][    T9] usb 4-1: config 0 descriptor??
[  681.814444][ T5285] usb 3-1: config 0 interface 0 has no altsetting 0
[  681.858617][ T5285] usb 3-1: New USB device found, idVendor=046d, idProduct=0a0e, bcdDevice=94.75
[  681.922310][    C1] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog
[  681.942374][ T5285] usb 3-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  681.959658][ T8369] usb 1-1: new high-speed USB device number 97 using dummy_hcd
[  681.971726][ T5285] usb 3-1: config 0 descriptor??
[  682.039934][    T9] kaweth 4-1:0.0: Firmware present in device.
[  682.123465][ T8369] usb 1-1: device descriptor read/64, error -71
[  682.220706][    T9] kaweth 4-1:0.0: Error reading configuration (-32), no net device created
[  682.276682][    T9] kaweth 4-1:0.0: probe with driver kaweth failed with error -5
[  682.452457][ T8369] usb 1-1: new high-speed USB device number 98 using dummy_hcd
[  682.506451][T16295] netlink: 8 bytes leftover after parsing attributes in process `syz.1.1983'.
[  682.597536][T16282] kvm_intel: set kvm_intel.dump_invalid_vmcs=1 to dump internal KVM state.
[  682.622346][ T8369] usb 1-1: device descriptor read/64, error -71
[  682.644406][ T5285] video4linux radio32: keene_cmd_set failed (-71)
[  682.662178][ T5285] radio-keene 3-1:0.0: V4L2 device registered as radio32
[  682.713771][ T5288] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog
[  682.714904][ T5285] usb 3-1: USB disconnect, device number 82
[  682.754853][ T8369] usb usb1-port1: attempt power cycle
[  682.793569][   T12] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog
[  682.821881][ T5288] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog
[  682.833930][    T9] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog
[  682.872774][ T5230] usb 2-1: new high-speed USB device number 82 using dummy_hcd
[  682.952452][    C1] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog
[  682.952553][ T5239] Bluetooth: hci5: command 0x0406 tx timeout
[  683.162603][ T5230] usb 2-1: Using ep0 maxpacket: 8
[  683.187114][ T5230] usb 2-1: New USB device found, idVendor=0ccd, idProduct=0099, bcdDevice=95.0d
[  683.198945][ T8369] usb 1-1: new high-speed USB device number 99 using dummy_hcd
[  683.227655][ T5230] usb 2-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  683.270692][ T8369] usb 1-1: device descriptor read/8, error -71
[  683.285827][ T5230] usb 2-1: Product: syz
[  683.304094][ T5230] usb 2-1: Manufacturer: syz
[  683.317736][ T5230] usb 2-1: SerialNumber: syz
[  683.335507][ T5230] usb 2-1: config 0 descriptor??
[  683.567596][ T5230] usb 2-1: dvb_usb_v2: usb_bulk_msg() failed=-22
[  683.587406][ T8369] usb 1-1: new high-speed USB device number 100 using dummy_hcd
[  683.588384][T16303] netlink: 8 bytes leftover after parsing attributes in process `syz.2.1985'.
[  683.605135][ T5230] dvb_usb_af9015 2-1:0.0: probe with driver dvb_usb_af9015 failed with error -22
[  683.616623][ T5230] usb 2-1: dvb_usb_v2: usb_bulk_msg() failed=-22
[  683.624260][ T5230] dvb_usb_af9035 2-1:0.0: probe with driver dvb_usb_af9035 failed with error -22
[  683.643037][ T5230] usb 2-1: USB disconnect, device number 82
[  683.654130][ T8369] usb 1-1: device descriptor read/8, error -71
[  683.783912][ T8369] usb usb1-port1: unable to enumerate USB device
[  684.019146][    T9] usb 4-1: USB disconnect, device number 64
[  684.346454][T16314] netlink: 'syz.1.1988': attribute type 9 has an invalid length.
[  684.362554][T16314] netlink: 209836 bytes leftover after parsing attributes in process `syz.1.1988'.
[  684.694913][   T29] kauditd_printk_skb: 24 callbacks suppressed
[  684.694931][   T29] audit: type=1326 audit(1725198638.390:907): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=16320 comm="syz.0.1990" exe="/root/syz-executor" sig=0 arch=40000003 syscall=240 compat=1 ip=0xf745d579 code=0x7ffc0000
[  684.755134][T16321] netlink: 2 bytes leftover after parsing attributes in process `syz.0.1990'.
[  684.795572][T16324] binder: 16322:16324 ioctl 4018620d 0 returned -22
[  684.819417][   T29] audit: type=1326 audit(1725198638.430:908): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=16320 comm="syz.0.1990" exe="/root/syz-executor" sig=0 arch=40000003 syscall=240 compat=1 ip=0xf745d579 code=0x7ffc0000
[  684.868925][   T29] audit: type=1326 audit(1725198638.430:909): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=16320 comm="syz.0.1990" exe="/root/syz-executor" sig=0 arch=40000003 syscall=357 compat=1 ip=0xf745d579 code=0x7ffc0000
[  684.937078][   T29] audit: type=1326 audit(1725198638.430:910): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=16320 comm="syz.0.1990" exe="/root/syz-executor" sig=0 arch=40000003 syscall=240 compat=1 ip=0xf745d579 code=0x7ffc0000
[  685.028733][   T29] audit: type=1326 audit(1725198638.430:911): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=16320 comm="syz.0.1990" exe="/root/syz-executor" sig=0 arch=40000003 syscall=240 compat=1 ip=0xf745d579 code=0x7ffc0000
[  685.160088][   T29] audit: type=1326 audit(1725198638.440:912): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=16320 comm="syz.0.1990" exe="/root/syz-executor" sig=0 arch=40000003 syscall=357 compat=1 ip=0xf745d579 code=0x7ffc0000
[  685.182066][    C0] vkms_vblank_simulate: vblank timer overrun
[  685.335477][   T29] audit: type=1326 audit(1725198638.440:913): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=16320 comm="syz.0.1990" exe="/root/syz-executor" sig=0 arch=40000003 syscall=240 compat=1 ip=0xf745d579 code=0x7ffc0000
[  685.431088][   T29] audit: type=1326 audit(1725198638.440:914): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=16320 comm="syz.0.1990" exe="/root/syz-executor" sig=0 arch=40000003 syscall=430 compat=1 ip=0xf745d579 code=0x7ffc0000
[  685.462776][ T5285] usb 3-1: new high-speed USB device number 83 using dummy_hcd
[  685.496317][   T29] audit: type=1326 audit(1725198638.440:915): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=16320 comm="syz.0.1990" exe="/root/syz-executor" sig=0 arch=40000003 syscall=240 compat=1 ip=0xf745d579 code=0x7ffc0000
[  685.544772][ T8369] usb 4-1: new high-speed USB device number 65 using dummy_hcd
[  685.565917][   T29] audit: type=1326 audit(1725198638.440:916): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=16320 comm="syz.0.1990" exe="/root/syz-executor" sig=0 arch=40000003 syscall=431 compat=1 ip=0xf745d579 code=0x7ffc0000
[  685.613650][T16341] netlink: 16 bytes leftover after parsing attributes in process `syz.4.1996'.
[  685.664713][ T5285] usb 3-1: config 1 interface 0 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 0
[  685.710221][ T5285] usb 3-1: New USB device found, idVendor=05ac, idProduct=025b, bcdDevice= 0.40
[  685.747714][ T5285] usb 3-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  685.760082][ T5285] usb 3-1: Product: syz
[  685.767693][ T5285] usb 3-1: Manufacturer: syz
[  685.772878][ T8369] usb 4-1: config 0 interface 0 has no altsetting 0
[  685.782699][ T8369] usb 4-1: New USB device found, idVendor=046d, idProduct=0a0e, bcdDevice=94.75
[  685.791962][ T5285] usb 3-1: SerialNumber: syz
[  685.798727][ T8369] usb 4-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  685.814811][ T5285] input: bcm5974 as /devices/platform/dummy_hcd.2/usb3/3-1/3-1:1.0/input/input50
[  685.829406][ T8369] usb 4-1: config 0 descriptor??
[  685.855664][T16341] dvmrp0: entered allmulticast mode
[  686.005923][ T1130] net_ratelimit: 10 callbacks suppressed
[  686.005946][ T1130] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog
[  686.021695][   T47] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog
[  686.052958][ T1264] ieee802154 phy0 wpan0: encryption failed: -22
[  686.063577][ T1264] ieee802154 phy1 wpan1: encryption failed: -22
[  686.072325][    C1] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog
[  686.130920][ T5288] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog
[  686.458623][T16334] kvm_intel: set kvm_intel.dump_invalid_vmcs=1 to dump internal KVM state.
[  686.474779][ T8369] video4linux radio32: keene_cmd_set failed (-71)
[  686.485083][ T8369] radio-keene 4-1:0.0: V4L2 device registered as radio32
[  686.502555][ T8369] usb 4-1: USB disconnect, device number 65
[  686.539225][T16348] netlink: 12 bytes leftover after parsing attributes in process `syz.1.1998'.
[  686.624651][ T4672] bcm5974 3-1:1.0: could not read from device
[  686.713445][ T5285] usb 3-1: USB disconnect, device number 83
[  687.169770][T16360] netlink: 16 bytes leftover after parsing attributes in process `syz.2.2001'.
[  687.232536][ T5288] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog
[  687.532394][ T5285] usb 2-1: new high-speed USB device number 83 using dummy_hcd
[  687.793022][ T5285] usb 2-1: too many configurations: 9, using maximum allowed: 8
[  687.815598][ T5285] usb 2-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config
[  687.847431][T16380] usb usb7: Requested nonsensical USBDEVFS_URB_ZERO_PACKET.
[  687.855441][ T5285] usb 2-1: config 0 has 1 interface, different from the descriptor's value: 9
[  687.867264][ T5285] usb 2-1: config 0 interface 0 altsetting 2 has 0 endpoint descriptors, different from the interface descriptor's value: 1
[  687.880553][ T5285] usb 2-1: config 0 interface 0 has no altsetting 0
[  687.888731][ T5285] usb 2-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config
[  687.896496][T16380] input: syz0 as /devices/virtual/input/input51
[  687.899004][ T5285] usb 2-1: config 0 has 1 interface, different from the descriptor's value: 9
[  687.914791][ T5285] usb 2-1: config 0 interface 0 altsetting 2 has 0 endpoint descriptors, different from the interface descriptor's value: 1
[  687.935405][ T5285] usb 2-1: config 0 interface 0 has no altsetting 0
[  687.944208][ T5285] usb 2-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config
[  687.954631][ T5285] usb 2-1: config 0 has 1 interface, different from the descriptor's value: 9
[  687.965838][ T5285] usb 2-1: config 0 interface 0 altsetting 2 has 0 endpoint descriptors, different from the interface descriptor's value: 1
[  687.986029][ T5285] usb 2-1: config 0 interface 0 has no altsetting 0
[  687.994446][ T5285] usb 2-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config
[  688.005892][ T5285] usb 2-1: config 0 has 1 interface, different from the descriptor's value: 9
[  688.015682][ T5285] usb 2-1: config 0 interface 0 altsetting 2 has 0 endpoint descriptors, different from the interface descriptor's value: 1
[  688.042255][ T5285] usb 2-1: config 0 interface 0 has no altsetting 0
[  688.051012][ T5285] usb 2-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config
[  688.062420][ T5285] usb 2-1: config 0 has 1 interface, different from the descriptor's value: 9
[  688.071446][ T5285] usb 2-1: config 0 interface 0 altsetting 2 has 0 endpoint descriptors, different from the interface descriptor's value: 1
[  688.087010][ T5285] usb 2-1: config 0 interface 0 has no altsetting 0
[  688.095251][ T5285] usb 2-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config
[  688.105584][ T5285] usb 2-1: config 0 has 1 interface, different from the descriptor's value: 9
[  688.114653][ T5285] usb 2-1: config 0 interface 0 altsetting 2 has 0 endpoint descriptors, different from the interface descriptor's value: 1
[  688.141447][ T5285] usb 2-1: config 0 interface 0 has no altsetting 0
[  688.149466][ T5285] usb 2-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config
[  688.161211][ T5285] usb 2-1: config 0 has 1 interface, different from the descriptor's value: 9
[  688.182463][ T5285] usb 2-1: config 0 interface 0 altsetting 2 has 0 endpoint descriptors, different from the interface descriptor's value: 1
[  688.205787][ T5285] usb 2-1: config 0 interface 0 has no altsetting 0
[  688.225341][ T5285] usb 2-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config
[  688.236442][ T5285] usb 2-1: config 0 has 1 interface, different from the descriptor's value: 9
[  688.252439][ T5285] usb 2-1: config 0 interface 0 altsetting 2 has 0 endpoint descriptors, different from the interface descriptor's value: 1
[  688.265702][ T5285] usb 2-1: config 0 interface 0 has no altsetting 0
[  688.280925][ T5285] usb 2-1: New USB device found, idVendor=0c45, idProduct=1010, bcdDevice=49.8e
[  688.290490][ T5285] usb 2-1: New USB device strings: Mfr=41, Product=64, SerialNumber=168
[  688.309477][ T5285] usb 2-1: Product: syz
[  688.315293][ T5285] usb 2-1: Manufacturer: syz
[  688.315449][    T9] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog
[  688.319896][ T5285] usb 2-1: SerialNumber: syz
[  688.390627][ T5285] usb 2-1: config 0 descriptor??
[  688.432617][ T5285] yurex 2-1:0.0: Could not find endpoints
[  688.547988][T16385] netlink: 2 bytes leftover after parsing attributes in process `syz.2.2007'.
[  688.560219][T16386] input: syz0 as /devices/virtual/input/input52
[  688.595981][ T1130] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog
[  688.604467][    C0] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog
[  689.084659][ T5288] usb 2-1: USB disconnect, device number 83
[  689.226278][T16397] netlink: 4 bytes leftover after parsing attributes in process `syz.3.2010'.
[  689.300015][T16397] ipvlan2: entered allmulticast mode
[  689.304008][T16401] netlink: 2 bytes leftover after parsing attributes in process `syz.0.2011'.
[  689.368392][ T5288] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog
[  689.382907][T16397] veth0_vlan: entered allmulticast mode
[  689.491151][T16407] netlink: 209844 bytes leftover after parsing attributes in process `syz.2.2012'.
[  689.572688][   T47] usb 4-1: new high-speed USB device number 66 using dummy_hcd
[  689.804558][   T47] usb 4-1: Using ep0 maxpacket: 8
[  689.820183][   T47] usb 4-1: config 0 has an invalid interface number: 1 but max is 0
[  689.850783][   T47] usb 4-1: config 0 has no interface number 0
[  689.875588][T16409] netlink: 'syz.2.2013': attribute type 29 has an invalid length.
[  689.877230][   T47] usb 4-1: config 0 interface 1 altsetting 0 endpoint 0x82 has an invalid bInterval 0, changing to 7
[  689.911641][T16409] netlink: 'syz.2.2013': attribute type 29 has an invalid length.
[  689.932657][   T47] usb 4-1: New USB device found, idVendor=07c0, idProduct=1512, bcdDevice=30.22
[  689.953471][   T47] usb 4-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  689.973917][   T47] usb 4-1: config 0 descriptor??
[  690.004309][   T47] iowarrior 4-1:0.1: IOWarrior product=0x1512, serial= interface=1 now attached to iowarrior0
[  690.198291][   T29] kauditd_printk_skb: 87 callbacks suppressed
[  690.198310][   T29] audit: type=1326 audit(1725198643.890:1004): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=16418 comm="syz.2.2016" exe="/root/syz-executor" sig=0 arch=40000003 syscall=240 compat=1 ip=0xf749d579 code=0x7ffc0000
[  690.372472][   T29] audit: type=1326 audit(1725198643.940:1005): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=16418 comm="syz.2.2016" exe="/root/syz-executor" sig=0 arch=40000003 syscall=192 compat=1 ip=0xf749d579 code=0x7ffc0000
[  690.394563][    C0] vkms_vblank_simulate: vblank timer overrun
[  690.411931][ T5288] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog
[  690.442592][   T29] audit: type=1326 audit(1725198643.940:1006): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=16418 comm="syz.2.2016" exe="/root/syz-executor" sig=0 arch=40000003 syscall=240 compat=1 ip=0xf749d579 code=0x7ffc0000
[  690.464677][    C0] vkms_vblank_simulate: vblank timer overrun
[  690.507877][   T29] audit: type=1326 audit(1725198643.940:1007): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=16418 comm="syz.2.2016" exe="/root/syz-executor" sig=0 arch=40000003 syscall=240 compat=1 ip=0xf749d579 code=0x7ffc0000
[  690.530001][    C0] vkms_vblank_simulate: vblank timer overrun
[  690.553985][ T5288] usb 4-1: USB disconnect, device number 66
[  690.559937][    C0] iowarrior 4-1:0.1: iowarrior_callback - usb_submit_urb failed with result -19
[  690.627603][   T29] audit: type=1326 audit(1725198643.950:1008): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=16418 comm="syz.2.2016" exe="/root/syz-executor" sig=0 arch=40000003 syscall=365 compat=1 ip=0xf749d579 code=0x7ffc0000
[  690.660229][   T47] usb 2-1: new low-speed USB device number 84 using dummy_hcd
[  690.676326][ T5288] iowarrior 4-1:0.1: I/O-Warror #0 now disconnected
[  690.752881][   T29] audit: type=1326 audit(1725198643.950:1009): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=16418 comm="syz.2.2016" exe="/root/syz-executor" sig=0 arch=40000003 syscall=240 compat=1 ip=0xf749d579 code=0x7ffc0000
[  690.795754][   T29] audit: type=1326 audit(1725198643.950:1010): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=16418 comm="syz.2.2016" exe="/root/syz-executor" sig=0 arch=40000003 syscall=240 compat=1 ip=0xf749d579 code=0x7ffc0000
[  690.840816][   T29] audit: type=1326 audit(1725198643.950:1011): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=16418 comm="syz.2.2016" exe="/root/syz-executor" sig=0 arch=40000003 syscall=366 compat=1 ip=0xf749d579 code=0x7ffc0000
[  690.863008][    C0] vkms_vblank_simulate: vblank timer overrun
[  690.906531][   T47] usb 2-1: config 168 descriptor has 1 excess byte, ignoring
[  690.919149][   T29] audit: type=1326 audit(1725198643.950:1012): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=16418 comm="syz.2.2016" exe="/root/syz-executor" sig=0 arch=40000003 syscall=240 compat=1 ip=0xf749d579 code=0x7ffc0000
[  690.922260][   T47] usb 2-1: config 168 interface 0 altsetting 0 endpoint 0x3 is Bulk; changing to Interrupt
[  690.944532][   T29] audit: type=1326 audit(1725198643.950:1013): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=16418 comm="syz.2.2016" exe="/root/syz-executor" sig=0 arch=40000003 syscall=240 compat=1 ip=0xf749d579 code=0x7ffc0000
[  691.016037][   T47] usb 2-1: config 168 interface 0 altsetting 0 endpoint 0x3 has invalid wMaxPacketSize 0
[  691.030282][   T47] usb 2-1: config 168 interface 0 altsetting 0 endpoint 0x84 has an invalid bInterval 0, changing to 10
[  691.043759][   T47] usb 2-1: config 168 interface 0 altsetting 0 endpoint 0x84 has invalid wMaxPacketSize 0
[  691.059980][    T9] usb 5-1: new high-speed USB device number 63 using dummy_hcd
[  691.081036][   T47] usb 2-1: config 168 descriptor has 1 excess byte, ignoring
[  691.089790][   T47] usb 2-1: config 168 interface 0 altsetting 0 endpoint 0x3 is Bulk; changing to Interrupt
[  691.123987][   T47] usb 2-1: config 168 interface 0 altsetting 0 endpoint 0x3 has invalid wMaxPacketSize 0
[  691.135781][   T47] usb 2-1: config 168 interface 0 altsetting 0 endpoint 0x84 has an invalid bInterval 0, changing to 10
[  691.147584][   T47] usb 2-1: config 168 interface 0 altsetting 0 endpoint 0x84 has invalid wMaxPacketSize 0
[  691.160133][   T47] usb 2-1: config 168 descriptor has 1 excess byte, ignoring
[  691.171964][   T47] usb 2-1: config 168 interface 0 altsetting 0 endpoint 0x3 is Bulk; changing to Interrupt
[  691.182602][   T47] usb 2-1: config 168 interface 0 altsetting 0 endpoint 0x3 has invalid wMaxPacketSize 0
[  691.194580][   T47] usb 2-1: config 168 interface 0 altsetting 0 endpoint 0x84 has an invalid bInterval 0, changing to 10
[  691.206225][   T47] usb 2-1: config 168 interface 0 altsetting 0 endpoint 0x84 has invalid wMaxPacketSize 0
[  691.220124][   T47] usb 2-1: string descriptor 0 read error: -22
[  691.227936][   T47] usb 2-1: New USB device found, idVendor=0a07, idProduct=0064, bcdDevice=40.6e
[  691.238550][   T47] usb 2-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  691.252993][   T47] adutux 2-1:168.0: ADU100  now attached to /dev/usb/adutux0
[  691.276758][    T9] usb 5-1: Using ep0 maxpacket: 8
[  691.298816][    T9] usb 5-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config
[  691.312920][    T9] usb 5-1: config 0 interface 0 altsetting 0 has an endpoint descriptor with address 0xFF, changing to 0x8F
[  691.330924][    T9] usb 5-1: config 0 interface 0 altsetting 0 bulk endpoint 0x8F has invalid maxpacket 124
[  691.343484][    T9] usb 5-1: config 0 interface 0 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 2
[  691.356820][    T9] usb 5-1: New USB device found, idVendor=0af0, idProduct=6751, bcdDevice=75.8b
[  691.366446][    T9] usb 5-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  691.392058][    T9] usb 5-1: config 0 descriptor??
[  691.413109][T16430] raw-gadget.0 gadget.4: fail, usb_ep_enable returned -22
[  691.435445][    T8] net_ratelimit: 3 callbacks suppressed
[  691.435474][    T8] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog
[  691.471113][    T9] hso 5-1:0.0: Can't find BULK OUT endpoint
[  691.512373][    C1] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog
[  691.536393][    T9] usb 2-1: USB disconnect, device number 84
[  691.763697][ T3008] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog
[  691.772804][    T9] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog
[  691.781942][ T5288] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog
[  691.975365][T16444] netlink: 40 bytes leftover after parsing attributes in process `syz.2.2022'.
[  692.427912][T16450] netlink: 4 bytes leftover after parsing attributes in process `syz.1.2025'.
[  692.554596][ T5288] usb 5-1: USB disconnect, device number 63
[  692.562344][    C1] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog
[  692.672570][T16458] tipc: Started in network mode
[  692.698053][T16458] tipc: Node identity ffffffff, cluster identity 4711
[  692.706032][T16458] tipc: Node number set to 4294967295
[  692.796039][    T8] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog
[  692.842382][    T9] usb 2-1: new high-speed USB device number 85 using dummy_hcd
[  692.927713][T16452] netdevsim netdevsim0: Direct firmware load for ng failed with error -2
[  692.971706][T16452] netdevsim netdevsim0: Falling back to sysfs fallback for: ng
[  693.035959][T16464] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog
[  693.044498][    C0] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog
[  693.054329][    T9] usb 2-1: Using ep0 maxpacket: 16
[  693.064552][    T9] usb 2-1: New USB device found, idVendor=18d1, idProduct=1eaf, bcdDevice= 7.79
[  693.074065][    T9] usb 2-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  693.083109][    T9] usb 2-1: Product: syz
[  693.087318][    T9] usb 2-1: Manufacturer: syz
[  693.092337][    T9] usb 2-1: SerialNumber: syz
[  693.099179][    T9] usb 2-1: config 0 descriptor??
[  693.592492][    C1] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog
[  693.613078][    T9] usb 2-1: Cannot retrieve CPort count: -110
[  693.619155][    T9] usb 2-1: Cannot retrieve CPort count: -110
[  693.634244][    T9] es2_ap_driver 2-1:0.0: probe with driver es2_ap_driver failed with error -110
[  693.649101][T16474] netlink: 8 bytes leftover after parsing attributes in process `syz.4.2030'.
[  693.807383][ T5285] usb 2-1: USB disconnect, device number 85
[  694.096518][T16484] netlink: 16 bytes leftover after parsing attributes in process `syz.3.2034'.
[  694.122786][    T9] usb 3-1: new high-speed USB device number 84 using dummy_hcd
[  694.149571][T16484] netlink: 104 bytes leftover after parsing attributes in process `syz.3.2034'.
[  694.161860][T16484] netlink: 104 bytes leftover after parsing attributes in process `syz.3.2034'.
[  694.334992][    T9] usb 3-1: config 0 interface 0 has no altsetting 0
[  694.351416][    T9] usb 3-1: New USB device found, idVendor=046d, idProduct=0a0e, bcdDevice=94.75
[  694.393640][ T5288] usb 5-1: new high-speed USB device number 64 using dummy_hcd
[  694.408506][    T9] usb 3-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  694.479539][    T9] usb 3-1: config 0 descriptor??
[  694.492788][   T47] usb 1-1: new high-speed USB device number 101 using dummy_hcd
[  694.633271][ T5288] usb 5-1: config 0 interface 0 has no altsetting 0
[  694.639943][ T5288] usb 5-1: New USB device found, idVendor=046d, idProduct=0a0e, bcdDevice=94.75
[  694.685233][ T5288] usb 5-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  694.712500][   T47] usb 1-1: Using ep0 maxpacket: 8
[  694.722087][ T5288] usb 5-1: config 0 descriptor??
[  694.739520][   T47] usb 1-1: config 168 descriptor has 1 excess byte, ignoring
[  694.764052][   T47] usb 1-1: config 168 interface 0 altsetting 0 endpoint 0x3 has an invalid bInterval 255, changing to 11
[  694.796775][   T47] usb 1-1: config 168 interface 0 altsetting 0 has an endpoint descriptor with address 0xFF, changing to 0x8F
[  694.811622][   T47] usb 1-1: config 168 interface 0 altsetting 0 endpoint 0x8F has an invalid bInterval 0, changing to 7
[  694.827414][   T47] usb 1-1: config 168 interface 0 altsetting 0 endpoint 0x8F has invalid maxpacket 59391, setting to 1024
[  694.843086][   T47] usb 1-1: config 168 descriptor has 1 excess byte, ignoring
[  694.855176][   T47] usb 1-1: config 168 interface 0 altsetting 0 endpoint 0x3 has an invalid bInterval 255, changing to 11
[  694.914073][   T47] usb 1-1: config 168 interface 0 altsetting 0 has an endpoint descriptor with address 0xFF, changing to 0x8F
[  694.933729][   T47] usb 1-1: config 168 interface 0 altsetting 0 endpoint 0x8F has an invalid bInterval 0, changing to 7
[  694.945945][   T47] usb 1-1: config 168 interface 0 altsetting 0 endpoint 0x8F has invalid maxpacket 59391, setting to 1024
[  694.965093][   T47] usb 1-1: config 168 descriptor has 1 excess byte, ignoring
[  694.973239][   T47] usb 1-1: config 168 interface 0 altsetting 0 endpoint 0x3 has an invalid bInterval 255, changing to 11
[  694.987287][   T47] usb 1-1: config 168 interface 0 altsetting 0 has an endpoint descriptor with address 0xFF, changing to 0x8F
[  695.002384][   T47] usb 1-1: config 168 interface 0 altsetting 0 endpoint 0x8F has an invalid bInterval 0, changing to 7
[  695.021956][   T47] usb 1-1: config 168 interface 0 altsetting 0 endpoint 0x8F has invalid maxpacket 59391, setting to 1024
[  695.047107][   T47] usb 1-1: string descriptor 0 read error: -22
[  695.055348][   T47] usb 1-1: New USB device found, idVendor=0a07, idProduct=0064, bcdDevice=40.6e
[  695.072408][   T47] usb 1-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  695.092510][   T47] adutux 1-1:168.0: ADU100  now attached to /dev/usb/adutux0
[  695.129035][    T9] video4linux radio32: keene_cmd_set failed (-71)
[  695.144922][    T9] radio-keene 3-1:0.0: V4L2 device registered as radio32
[  695.162564][    T9] usb 3-1: USB disconnect, device number 84
[  695.386684][T16486] kvm_intel: set kvm_intel.dump_invalid_vmcs=1 to dump internal KVM state.
[  695.429988][T16505] macsec1: entered promiscuous mode
[  695.472612][T16505] macvlan0: entered promiscuous mode
[  695.480725][ T5288] video4linux radio33: keene_cmd_set failed (-71)
[  695.493585][ T5288] radio-keene 5-1:0.0: V4L2 device registered as radio33
[  695.509673][ T5288] usb 5-1: USB disconnect, device number 64
[  695.556555][T16505] macvlan0: left promiscuous mode
[  695.677137][ T5285] usb 1-1: USB disconnect, device number 101
[  695.697225][T16510] tipc: Invalid UDP bearer configuration
[  695.697287][T16510] tipc: Enabling of bearer <udp:syz0> rejected, failed to enable media
[  695.718756][T16506] usb 1-1: Couldn't submit interrupt_out_urb -19
[  695.912742][    T8] usb 4-1: new high-speed USB device number 67 using dummy_hcd
[  696.117547][    T8] usb 4-1: Using ep0 maxpacket: 8
[  696.136541][    T8] usb 4-1: config 0 has no interfaces?
[  696.146112][    T8] usb 4-1: New USB device found, idVendor=0525, idProduct=a4a1, bcdDevice= 0.40
[  696.163163][    T8] usb 4-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  696.175095][    T8] usb 4-1: Product: syz
[  696.179788][    T8] usb 4-1: Manufacturer: syz
[  696.187062][    T8] usb 4-1: SerialNumber: syz
[  696.196029][    T8] usb 4-1: config 0 descriptor??
[  696.637129][    T8] IPVS: starting estimator thread 0...
[  696.657116][T16528] net_ratelimit: 13 callbacks suppressed
[  696.657133][T16528] IPVS: wrr: SCTP 127.0.0.1:0 - no destination available
[  696.726011][T16528] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog
[  696.738951][T16534] netlink: 16 bytes leftover after parsing attributes in process `syz.0.2049'.
[  696.783923][T16533] IPVS: using max 33 ests per chain, 79200 per kthread
[  696.794113][T16535] input: syz1 as /devices/virtual/input/input53
[  696.935593][   T47] usb 4-1: USB disconnect, device number 67
[  696.953976][    T8] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog
[  697.351700][T16551] netlink: 'syz.0.2052': attribute type 10 has an invalid length.
[  697.474376][T16551] team0: Port device netdevsim0 added
[  697.522726][ T1072] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog
[  697.531537][   T47] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog
[  697.554049][    T8] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog
[  697.722704][T16557] macsec1: entered promiscuous mode
[  697.752737][T16557] macvlan0: entered promiscuous mode
[  697.783235][    T9] usb 2-1: new high-speed USB device number 86 using dummy_hcd
[  697.807585][T16557] macvlan0: left promiscuous mode
[  698.005200][    T9] usb 2-1: config 0 interface 0 has no altsetting 0
[  698.050356][    T9] usb 2-1: New USB device found, idVendor=046d, idProduct=0a0e, bcdDevice=94.75
[  698.065991][    T9] usb 2-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  698.093408][    T9] usb 2-1: config 0 descriptor??
[  698.147137][T16565] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog
[  698.155831][    C1] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog
[  698.201382][T16567] xt_CT: You must specify a L4 protocol and not use inversions on it
[  698.583403][T16576] netlink: 24 bytes leftover after parsing attributes in process `syz.0.2059'.
[  698.640893][  T940] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog
[  698.731318][    T9] video4linux radio32: keene_cmd_set failed (-71)
[  698.739719][    T9] radio-keene 2-1:0.0: V4L2 device registered as radio32
[  698.760100][    T9] usb 2-1: USB disconnect, device number 86
[  698.831377][ T5288] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog
[  699.001829][T16581] netlink: 4 bytes leftover after parsing attributes in process `syz.3.2061'.
[  699.592150][T16599] netlink: 16 bytes leftover after parsing attributes in process `syz.2.2063'.
[  699.614206][T16603] xt_CT: You must specify a L4 protocol and not use inversions on it
[  699.730369][T16599] dvmrp0: entered allmulticast mode
[  700.178514][T16619] vlan1: entered promiscuous mode
[  700.188012][T16618] vlan1: left promiscuous mode
[  701.452438][  T940] usb 1-1: new high-speed USB device number 102 using dummy_hcd
[  701.674198][  T940] usb 1-1: config 0 interface 0 has no altsetting 0
[  701.702808][  T940] usb 1-1: New USB device found, idVendor=046d, idProduct=0a0e, bcdDevice=94.75
[  701.722384][  T940] usb 1-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  701.734473][  T940] usb 1-1: config 0 descriptor??
[  701.754302][    T9] net_ratelimit: 18 callbacks suppressed
[  701.754322][    T9] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog
[  702.007075][ T1130] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog
[  702.016233][    C0] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog
[  702.065578][T16665] xt_CT: You must specify a L4 protocol and not use inversions on it
[  702.152370][    C1] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog
[  702.403047][  T940] video4linux radio32: keene_cmd_set failed (-71)
[  702.428445][  T940] radio-keene 1-1:0.0: V4L2 device registered as radio32
[  702.447360][  T940] usb 1-1: USB disconnect, device number 102
[  702.637602][   T47] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog
[  702.792579][    T9] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog
[  703.192652][    C1] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog
[  703.913902][   T30] INFO: task syz.3.1529:14082 blocked for more than 143 seconds.
[  703.940036][    T9] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog
[  703.951928][   T30]       Not tainted 6.11.0-rc6-syzkaller #0
[  703.986093][   T30] "echo 0 > /proc/sys/kernel/hung_task_timeout_secs" disables this message.
[  703.988317][T16698] vhci_hcd vhci_hcd.0: pdev(3) rhport(0) sockfd(4)
[  704.001320][T16698] vhci_hcd vhci_hcd.0: devid(0) speed(1) speed_str(low-speed)
[  704.012291][T16698] vhci_hcd vhci_hcd.0: Device attached
[  704.039260][   T30] task:syz.3.1529      state:D stack:25488 pid:14082 tgid:14082 ppid:13412  flags:0x20004004
[  704.106578][   T30] Call Trace:
[  704.116867][   T30]  <TASK>
[  704.132941][   T30]  __schedule+0x1800/0x4a60
[  704.154372][   T30]  ? __pfx___schedule+0x10/0x10
[  704.178058][   T30]  ? __pfx_lock_release+0x10/0x10
[  704.191543][   T30]  ? __mutex_trylock_common+0x92/0x2e0
[  704.216305][   T30]  ? schedule+0x90/0x320
[  704.232671][    C1] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog
[  704.252339][   T30]  schedule+0x14b/0x320
[  704.261831][   T30]  schedule_preempt_disabled+0x13/0x30
[  704.271832][   T30]  __mutex_lock+0x6a4/0xd70
[  704.282359][ T5285] usb 15-1: new low-speed USB device number 3 using vhci_hcd
[  704.292403][   T30]  ? __mutex_lock+0x527/0xd70
[  704.307650][   T30]  ? vhost_vsock_dev_release+0x1e8/0x410
[  704.325544][   T30]  ? __pfx___mutex_lock+0x10/0x10
[  704.341010][   T30]  ? __local_bh_enable_ip+0x168/0x200
[  704.362710][   T30]  ? __pfx___local_bh_enable_ip+0x10/0x10
[  704.368513][   T30]  ? vhost_vsock_dev_release+0x18b/0x410
[  704.375155][   T30]  ? do_raw_spin_unlock+0x13c/0x8b0
[  704.386187][   T30]  vhost_vsock_dev_release+0x1e8/0x410
[  704.397662][   T30]  ? evm_file_release+0x140/0x1d0
[  704.408812][   T30]  ? __pfx_vhost_vsock_dev_release+0x10/0x10
[  704.425071][   T30]  __fput+0x24a/0x8a0
[  704.431752][   T30]  task_work_run+0x24f/0x310
[  704.438648][   T30]  ? __pfx_task_work_run+0x10/0x10
[  704.450738][   T30]  ? syscall_exit_to_user_mode+0xa3/0x370
[  704.456704][   T30]  syscall_exit_to_user_mode+0x168/0x370
[  704.462370][ T8369] usb 4-1: new high-speed USB device number 68 using dummy_hcd
[  704.470464][   T30]  __do_fast_syscall_32+0xc4/0x110
[  704.476137][   T30]  ? exc_page_fault+0x590/0x8c0
[  704.481423][   T30]  do_fast_syscall_32+0x34/0x80
[  704.486571][   T30]  entry_SYSENTER_compat_after_hwframe+0x84/0x8e
[  704.493521][   T30] RIP: 0023:0xf7f30579
[  704.498028][   T30] RSP: 002b:00000000f751fb2c EFLAGS: 00000206 ORIG_RAX: 00000000000001b4
[  704.506975][   T30] RAX: 0000000000000000 RBX: 0000000000000003 RCX: 000000000000001e
[  704.515475][   T30] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000000000000
[  704.525644][   T30] RBP: 0000000000000002 R08: 0000000000000000 R09: 0000000000000000
[  704.533808][   T30] R10: 0000000000000000 R11: 0000000000000206 R12: 0000000000000000
[  704.541860][   T30] R13: 0000000000000000 R14: 0000000000000000 R15: 0000000000000000
[  704.551056][   T30]  </TASK>
[  704.555451][ T1130] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog
[  704.564167][   T30] INFO: task syz.3.1529:14083 blocked for more than 144 seconds.
[  704.576646][   T30]       Not tainted 6.11.0-rc6-syzkaller #0
[  704.582867][   T30] "echo 0 > /proc/sys/kernel/hung_task_timeout_secs" disables this message.
[  704.591574][   T30] task:syz.3.1529      state:D stack:22480 pid:14083 tgid:14082 ppid:13412  flags:0x20004006
[  704.601995][   T30] Call Trace:
[  704.605466][   T30]  <TASK>
[  704.608440][   T30]  __schedule+0x1800/0x4a60
[  704.617866][   T30]  ? __pfx___schedule+0x10/0x10
[  704.623631][   T30]  ? __pfx_lock_release+0x10/0x10
[  704.629137][   T30]  ? lockdep_hardirqs_on_prepare+0x43d/0x780
[  704.642329][   T30]  ? __pfx_lockdep_hardirqs_on_prepare+0x10/0x10
[  704.649204][   T30]  ? _raw_spin_lock_irq+0xdf/0x120
[  704.662366][   T30]  ? schedule+0x90/0x320
[  704.666673][   T30]  schedule+0x14b/0x320
[  704.670853][   T30]  ? down_read+0x6a5/0xa40
[  704.675880][   T30]  schedule_preempt_disabled+0x13/0x30
[  704.679677][ T8369] usb 4-1: New USB device found, idVendor=1c40, idProduct=0534, bcdDevice=6d.cc
[  704.681394][   T30]  down_read+0x705/0xa40
[  704.695431][   T30]  ? __pfx_down_read+0x10/0x10
[  704.700261][   T30]  page_cache_ra_unbounded+0xf7/0x7f0
[  704.705771][   T30]  ? page_cache_async_ra+0x6f7/0xb50
[  704.711141][   T30]  filemap_fault+0x78d/0x1760
[  704.716096][   T30]  ? __pfx_filemap_fault+0x10/0x10
[  704.719700][ T8369] usb 4-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  704.721226][   T30]  ? pte_offset_map_nolock+0x137/0x1f0
[  704.734959][   T30]  __do_fault+0x135/0x460
[  704.739316][   T30]  handle_pte_fault+0x321f/0x6fc0
[  704.747230][   T30]  ? handle_pte_fault+0x2207/0x6fc0
[  704.754529][   T30]  ? validate_chain+0x11e/0x5900
[  704.759988][   T30]  ? mark_lock+0x9a/0x350
[  704.764828][   T30]  ? percpu_ref_get_many+0x19/0x140
[  704.768016][ T8369] usb 4-1: Product: syz
[  704.770460][   T30]  ? mark_lock+0x9a/0x350
[  704.779192][   T30]  ? __pfx_handle_pte_fault+0x10/0x10
[  704.784483][ T8369] usb 4-1: Manufacturer: syz
[  704.785050][   T30]  ? __lock_acquire+0x137a/0x2040
[  704.793490][ T8369] usb 4-1: SerialNumber: syz
[  704.794887][   T30]  ? mt_find+0x226/0x850
[  704.803672][   T30]  ? __pfx_lock_release+0x10/0x10
[  704.808747][   T30]  handle_mm_fault+0x1109/0x1bc0
[  704.813928][   T30]  ? __pfx_handle_mm_fault+0x10/0x10
[  704.819287][   T30]  ? lock_mm_and_find_vma+0x9c/0x2f0
[  704.824460][ T8369] usb 4-1: config 0 descriptor??
[  704.824665][   T30]  exc_page_fault+0x2b9/0x8c0
[  704.834475][   T30]  asm_exc_page_fault+0x26/0x30
[  704.839782][   T30] RIP: 0010:fault_in_readable+0x165/0x2b0
[  704.846042][   T30] Code: b4 ff 4c 8d b3 ff 0f 00 00 48 89 d8 4d 01 e6 49 81 e6 00 f0 ff ff 49 39 c6 72 6b e8 75 e0 b4 ff 4c 39 f3 74 6e 4c 89 64 24 10 <44> 8a 23 43 0f b6 04 2f 84 c0 75 18 44 88 64 24 40 48 81 c3 00 10
[  704.851926][ T8369] i2c-tiny-usb 4-1:0.0: version 6d.cc found at bus 004 address 068
[  704.869966][   T30] RSP: 0000:ffffc900040cf820 EFLAGS: 00050287
[  704.881158][   T30] RAX: ffffffff81deabbb RBX: 0000000020540000 RCX: 0000000000040000
[  704.889767][   T30] RDX: ffffc9000af76000 RSI: 000000000003ffff RDI: 0000000000040000
[  704.898349][   T30] RBP: ffffc900040cf8d8 R08: ffffffff81deab58 R09: ffffffff84b00219
[  704.906869][   T30] R10: 0000000000000002 R11: ffff8880207d3c00 R12: 0000000000001000
[  704.915446][   T30] R13: dffffc0000000000 R14: 0000000020541000 R15: 1ffff92000819f0c
[  704.924066][   T30]  ? fault_in_iov_iter_readable+0x49/0x280
[  704.929947][   T30]  ? fault_in_readable+0xf8/0x2b0
[  704.935091][   T30]  ? fault_in_readable+0x15b/0x2b0
[  704.940251][   T30]  ? __pfx_fault_in_readable+0x10/0x10
[  704.946320][   T30]  ? I_BDEV+0xd/0x20
[  704.950639][   T30]  fault_in_iov_iter_readable+0x229/0x280
[  704.958827][   T30]  iomap_file_buffered_write+0x5e9/0xdc0
[  704.965085][   T30]  ? __pfx_iomap_file_buffered_write+0x10/0x10
[  704.971722][   T30]  ? blkdev_direct_write+0x67/0x140
[  704.980148][   T30]  blkdev_write_iter+0x47c/0x5d0
[  704.985691][   T30]  vfs_write+0xa72/0xc90
[  704.990345][   T30]  ? __pfx_blkdev_write_iter+0x10/0x10
[  704.996008][   T30]  ? __pfx_vfs_write+0x10/0x10
[  705.000833][   T30]  ksys_write+0x1a0/0x2c0
[  705.005382][   T30]  ? __pfx_ksys_write+0x10/0x10
[  705.010311][   T30]  ? syscall_enter_from_user_mode_prepare+0x7f/0xe0
[  705.017411][   T30]  ? lockdep_hardirqs_on+0x99/0x150
[  705.023199][   T30]  __do_fast_syscall_32+0xb4/0x110
[  705.028758][   T30]  ? exc_page_fault+0x590/0x8c0
[  705.034836][   T30]  do_fast_syscall_32+0x34/0x80
[  705.040167][   T30]  entry_SYSENTER_compat_after_hwframe+0x84/0x8e
[  705.047103][   T30] RIP: 0023:0xf7f30579
[  705.051579][   T30] RSP: 002b:00000000f56d656c EFLAGS: 00000206 ORIG_RAX: 0000000000000004
[  705.061189][   T30] RAX: ffffffffffffffda RBX: 0000000000000007 RCX: 0000000020000140
[  705.069388][   T30] RDX: 00000000fffffee8 RSI: 0000000000000000 RDI: 0000000000000000
[  705.077995][   T30] RBP: 0000000000000000 R08: 0000000000000000 R09: 0000000000000000
[  705.088935][   T30] R10: 0000000000000000 R11: 0000000000000206 R12: 0000000000000000
[  705.097067][   T30] R13: 0000000000000000 R14: 0000000000000000 R15: 0000000000000000
[  705.105289][   T30]  </TASK>
[  705.108419][   T30] INFO: task vhost-14083:14087 blocked for more than 144 seconds.
[  705.122018][   T30]       Not tainted 6.11.0-rc6-syzkaller #0
[  705.128150][   T30] "echo 0 > /proc/sys/kernel/hung_task_timeout_secs" disables this message.
[  705.137996][   T30] task:vhost-14083     state:D stack:23096 pid:14087 tgid:14082 ppid:13412  flags:0x20004006
[  705.148791][   T30] Call Trace:
[  705.152099][   T30]  <TASK>
[  705.155591][   T30]  __schedule+0x1800/0x4a60
[  705.160601][   T30]  ? __pfx___schedule+0x10/0x10
[  705.166679][   T30]  ? __pfx_lock_release+0x10/0x10
[  705.172163][   T30]  ? schedule+0x90/0x320
[  705.176566][   T30]  schedule+0x14b/0x320
[  705.181179][   T30]  ? down_read+0x6a5/0xa40
[  705.186170][   T30]  schedule_preempt_disabled+0x13/0x30
[  705.191668][   T30]  down_read+0x705/0xa40
[  705.200376][   T30]  ? __lock_acquire+0x137a/0x2040
[  705.205573][   T30]  ? __pfx_down_read+0x10/0x10
[  705.210413][   T30]  ? do_sync_mmap_readahead+0x6a0/0x970
[  705.216127][   T30]  page_cache_ra_unbounded+0xf7/0x7f0
[  705.221533][   T30]  ? __pfx___up_read+0x10/0x10
[  705.226507][   T30]  do_sync_mmap_readahead+0x49c/0x970
[  705.231925][   T30]  ? __pfx_do_sync_mmap_readahead+0x10/0x10
[  705.238404][   T30]  ? count_memcg_event_mm+0x90/0x420
[  705.244333][   T30]  ? __filemap_get_folio+0x984/0xc10
[  705.249674][   T30]  filemap_fault+0x828/0x1760
[  705.254930][   T30]  ? __pfx_filemap_fault+0x10/0x10
[  705.260128][   T30]  ? handle_pte_fault+0x2207/0x6fc0
[  705.266947][   T30]  ? __pfx_lock_release+0x10/0x10
[  705.272646][   T30]  ? pte_offset_map_nolock+0x137/0x1f0
[  705.278648][   T30]  __do_fault+0x135/0x460
[  705.283582][   T30]  handle_pte_fault+0x321f/0x6fc0
[  705.289052][   T30]  ? handle_pte_fault+0x2207/0x6fc0
[  705.294454][   T30]  ? validate_chain+0x11e/0x5900
[  705.299423][   T30]  ? __pfx___up_read+0x10/0x10
[  705.307273][   T30]  ? mark_lock+0x9a/0x350
[  705.311964][   T30]  ? __pfx_handle_pte_fault+0x10/0x10
[  705.317713][   T30]  ? __lock_acquire+0x137a/0x2040
[  705.322990][   T30]  ? mt_find+0x226/0x850
[  705.327689][   T30]  ? __pfx_lock_release+0x10/0x10
[  705.333247][   T30]  handle_mm_fault+0x1109/0x1bc0
[  705.338641][   T30]  ? __pfx_handle_mm_fault+0x10/0x10
[  705.344522][   T30]  ? __pfx_lockdep_hardirqs_on_prepare+0x10/0x10
[  705.351323][   T30]  ? lock_mm_and_find_vma+0x9c/0x2f0
[  705.356895][   T30]  exc_page_fault+0x2b9/0x8c0
[  705.361657][   T30]  asm_exc_page_fault+0x26/0x30
[  705.368310][   T30] RIP: 0010:__get_user_nocheck_2+0xa/0x20
[  705.374536][   T30] Code: 01 ca c3 cc cc cc cc 66 0f 1f 84 00 00 00 00 00 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 f3 0f 1e fa 0f 01 cb 0f ae e8 <0f> b7 10 31 c0 0f 01 ca c3 cc cc cc cc 66 0f 1f 84 00 00 00 00 00
[  705.394158][    C0] vkms_vblank_simulate: vblank timer overrun
[  705.400884][   T30] RSP: 0018:ffffc900037d7b58 EFLAGS: 00050206
[  705.407057][   T30] RAX: 0000000020000482 RBX: ffff88802af64ca8 RCX: dffffc0000000000
[  705.417911][   T30] RDX: ffffc90014bdd000 RSI: 00000000000000de RDI: 00000000000000df
[  705.426050][   T30] RBP: ffffc900037d7b60 R08: ffffffff8906c362 R09: 1ffffffff283c932
[  705.434305][   T30] R10: dffffc0000000000 R11: fffffbfff283c933 R12: dffffc0000000000
[  705.442363][   T30] R13: dffffc0000000000 R14: ffff88802af64bf8 R15: ffff88802af64bf8
[  705.450407][   T30]  ? vhost_enable_notify+0xc2/0x5d0
[  705.455813][   T30]  vhost_get_avail_idx+0xd5/0x410
[  705.460910][   T30]  vhost_enable_notify+0x315/0x5d0
[  705.466520][   T30]  vhost_vsock_handle_tx_kick+0x2cf/0xe20
[  705.473963][   T30]  ? __pfx_vhost_vsock_handle_tx_kick+0x10/0x10
[  705.480700][   T30]  ? kcov_remote_start+0x4b9/0x7d0
[  705.486357][   T30]  ? lockdep_hardirqs_on+0x99/0x150
[  705.492025][   T30]  ? kcov_remote_start+0x97/0x7d0
[  705.497633][   T30]  vhost_run_work_list+0x145/0x1c0
[  705.503272][   T30]  ? __pfx_vhost_run_work_list+0x10/0x10
[  705.509366][   T30]  vhost_task_fn+0x267/0x3f0
[  705.514296][   T30]  ? __pfx_vhost_task_fn+0x10/0x10
[  705.519444][   T30]  ? __pfx_vhost_task_fn+0x10/0x10
[  705.527273][   T30]  ? lockdep_hardirqs_on_prepare+0x43d/0x780
[  705.533464][   T30]  ? __pfx_lockdep_hardirqs_on_prepare+0x10/0x10
[  705.539832][   T30]  ? __pfx_vhost_task_fn+0x10/0x10
[  705.545128][   T30]  ? __pfx_vhost_task_fn+0x10/0x10
[  705.550272][   T30]  ? _raw_spin_unlock_irq+0x23/0x50
[  705.555726][   T30]  ? lockdep_hardirqs_on+0x99/0x150
[  705.561000][   T30]  ? __pfx_vhost_task_fn+0x10/0x10
[  705.566656][   T30]  ret_from_fork+0x4b/0x80
[  705.571243][   T30]  ? __pfx_vhost_task_fn+0x10/0x10
[  705.578021][   T30]  ret_from_fork_asm+0x1a/0x30
[  705.583339][   T30]  </TASK>
[  705.586881][   T30] 
[  705.586881][   T30] Showing all locks held in the system:
[  705.597303][   T30] 1 lock held by khungtaskd/30:
[  705.602395][   T30]  #0: ffffffff8e938320 (rcu_read_lock){....}-{1:2}, at: debug_show_all_locks+0x55/0x2a0
[  705.613355][   T30] 5 locks held by kworker/u8:4/977:
[  705.618765][   T30] 3 locks held by kworker/u8:9/1130:
[  705.631227][   T30] 2 locks held by getty/4984:
[  705.638417][   T30]  #0: ffff8880353510a0 (&tty->ldisc_sem){++++}-{0:0}, at: tty_ldisc_ref_wait+0x25/0x70
[  705.648370][   T30]  #1: ffffc9000312b2f0 (&ldata->atomic_read_lock){+.+.}-{3:3}, at: n_tty_read+0x6ac/0x1e00
[  705.659055][   T30] 1 lock held by syz-executor/5217:
[  705.664618][   T30] 3 locks held by kworker/1:3/5230:
[  705.671165][   T30]  #0: ffff8880b883e9d8 (&rq->__lock){-.-.}-{2:2}, at: raw_spin_rq_lock_nested+0xb0/0x140
[  705.684292][   T30]  #1: ffff8880b8928948 (&per_cpu_ptr(group->pcpu, cpu)->seq){-.-.}-{0:0}, at: psi_task_switch+0x3a7/0x770
[  705.696088][   T30]  #2: ffff88805f8f0da0 (&r->consumer_lock#2){+.+.}-{2:2}, at: wg_packet_encrypt_worker+0x12a6/0x1610
[  705.707332][   T30] 5 locks held by kworker/1:4/5285:
[  705.712736][   T30]  #0: ffff8880226fcd48 ((wq_completion)usb_hub_wq){+.+.}-{0:0}, at: process_scheduled_works+0x90a/0x1830
[  705.724473][   T30]  #1: ffffc90003e5fd00 ((work_completion)(&hub->events)){+.+.}-{0:0}, at: process_scheduled_works+0x945/0x1830
[  705.739087][   T30]  #2: ffff88802a2c9190 (&dev->mutex){....}-{3:3}, at: hub_event+0x1fe/0x5150
[  705.751042][   T30]  #3: ffff88802a2cc518 (&port_dev->status_lock){+.+.}-{3:3}, at: hub_event+0x25b9/0x5150
[  705.761278][   T30]  #4: ffff88802938d268 (hcd->address0_mutex){+.+.}-{3:3}, at: hub_event+0x25f7/0x5150
[  705.771151][   T30] 5 locks held by kworker/1:7/8369:
[  705.776472][   T30]  #0: ffff8880226fcd48 ((wq_completion)usb_hub_wq){+.+.}-{0:0}, at: process_scheduled_works+0x90a/0x1830
[  705.789602][   T30]  #1: ffffc90003837d00 ((work_completion)(&hub->events)){+.+.}-{0:0}, at: process_scheduled_works+0x945/0x1830
[  705.802141][   T30]  #2: ffff8880299e0190 (&dev->mutex){....}-{3:3}, at: hub_event+0x1fe/0x5150
[  705.811695][   T30]  #3: ffff88807cbe8190 (&dev->mutex){....}-{3:3}, at: __device_attach+0x8e/0x520
[  705.821462][   T30]  #4: ffff888021ec4160 (&dev->mutex){....}-{3:3}, at: __device_attach+0x8e/0x520
[  705.831300][   T30] 4 locks held by udevd/9848:
[  705.837472][   T30]  #0: ffff88806a7bde80 (&p->lock){+.+.}-{3:3}, at: seq_read_iter+0xb7/0xd60
[  705.846894][   T30]  #1: ffff88805978a488 (&of->mutex#2){+.+.}-{3:3}, at: kernfs_seq_start+0x53/0x3b0
[  705.859674][   T30]  #2: ffff888022fe24b8 (kn->active#18){++++}-{0:0}, at: kernfs_seq_start+0x72/0x3b0
[  705.869349][   T30]  #3: ffff88807cbe8190 (&dev->mutex){....}-{3:3}, at: manufacturer_show+0x26/0xa0
[  705.880000][   T30] 2 locks held by syz.3.1529/14082:
[  705.885320][   T30]  #0: ffff88802af60070 (&dev->mutex#4){+.+.}-{3:3}, at: vhost_vsock_dev_release+0x199/0x410
[  705.896093][   T30]  #1: ffff88802af64c70 (&vq->mutex){+.+.}-{3:3}, at: vhost_vsock_dev_release+0x1e8/0x410
[  705.906604][   T30] 1 lock held by syz.3.1529/14083:
[  705.912356][   T30]  #0: ffff888023097c40 (mapping.invalidate_lock#2){++++}-{3:3}, at: page_cache_ra_unbounded+0xf7/0x7f0
[  705.924063][   T30] 2 locks held by vhost-14083/14087:
[  705.929800][   T30]  #0: ffff88802af64c70 (&vq->mutex){+.+.}-{3:3}, at: vhost_vsock_handle_tx_kick+0x129/0xe20
[  705.940551][   T30]  #1: ffff888023097c40 (mapping.invalidate_lock#2){++++}-{3:3}, at: page_cache_ra_unbounded+0xf7/0x7f0
[  705.952401][   T30] 4 locks held by syz.4.1531/14099:
[  705.958057][   T30] 1 lock held by syz-executor/14557:
[  705.966121][   T30]  #0: ffffffff8e93d5c0 (rcu_state.barrier_mutex){+.+.}-{3:3}, at: rcu_barrier+0x4c/0x530
[  705.976261][   T30] 1 lock held by syz.3.1672/14681:
[  705.982660][   T30]  #0: ffff888023097c40 (mapping.invalidate_lock#2){++++}-{3:3}, at: blkdev_fallocate+0x1fc/0x530
[  705.994757][   T30] 2 locks held by syz.1.2083/16678:
[  706.000366][   T30]  #0: ffffffff8fc8bd48 (rtnl_mutex){+.+.}-{3:3}, at: tun_chr_close+0x3e/0x1b0
[  706.010002][   T30]  #1: ffffffff8e93d6f8 (rcu_state.exp_mutex){+.+.}-{3:3}, at: synchronize_rcu_expedited+0x381/0x830
[  706.021454][   T30] 1 lock held by syz.3.2090/16697:
[  706.026667][   T30]  #0: ffffffff8fc8bd48 (rtnl_mutex){+.+.}-{3:3}, at: tun_chr_close+0x3e/0x1b0
[  706.036332][   T30] 
[  706.039133][   T30] =============================================
[  706.039133][   T30] 
[  706.047679][   T30] NMI backtrace for cpu 0
[  706.052026][   T30] CPU: 0 UID: 0 PID: 30 Comm: khungtaskd Not tainted 6.11.0-rc6-syzkaller #0
[  706.060796][   T30] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 08/06/2024
[  706.070852][   T30] Call Trace:
[  706.074128][   T30]  <TASK>
[  706.077053][   T30]  dump_stack_lvl+0x241/0x360
[  706.081746][   T30]  ? __pfx_dump_stack_lvl+0x10/0x10
[  706.086941][   T30]  ? __pfx__printk+0x10/0x10
[  706.091526][   T30]  ? vprintk_emit+0x667/0x7c0
[  706.096194][   T30]  ? __pfx_vprintk_emit+0x10/0x10
[  706.101218][   T30]  nmi_cpu_backtrace+0x49c/0x4d0
[  706.106161][   T30]  ? __pfx_nmi_cpu_backtrace+0x10/0x10
[  706.111618][   T30]  ? _printk+0xd5/0x120
[  706.115764][   T30]  ? __pfx__printk+0x10/0x10
[  706.120343][   T30]  ? __wake_up_klogd+0xcc/0x110
[  706.125188][   T30]  ? __pfx__printk+0x10/0x10
[  706.129767][   T30]  ? __rcu_read_unlock+0xa1/0x110
[  706.134782][   T30]  ? __pfx_nmi_raise_cpu_backtrace+0x10/0x10
[  706.140755][   T30]  nmi_trigger_cpumask_backtrace+0x198/0x320
[  706.146736][   T30]  watchdog+0xff4/0x1040
[  706.151088][   T30]  ? watchdog+0x1ea/0x1040
[  706.155526][   T30]  ? __pfx_watchdog+0x10/0x10
[  706.160213][   T30]  kthread+0x2f0/0x390
[  706.164288][   T30]  ? __pfx_watchdog+0x10/0x10
[  706.168967][   T30]  ? __pfx_kthread+0x10/0x10
[  706.173552][   T30]  ret_from_fork+0x4b/0x80
[  706.177962][   T30]  ? __pfx_kthread+0x10/0x10
[  706.182549][   T30]  ret_from_fork_asm+0x1a/0x30
[  706.187333][   T30]  </TASK>
[  706.190424][    C0] vkms_vblank_simulate: vblank timer overrun
[  706.197681][   T30] Sending NMI from CPU 0 to CPUs 1:
[  706.203500][    C1] NMI backtrace for cpu 1
[  706.203517][    C1] CPU: 1 UID: 0 PID: 5230 Comm: kworker/1:3 Not tainted 6.11.0-rc6-syzkaller #0
[  706.203537][    C1] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 08/06/2024
[  706.203547][    C1] Workqueue: events nsim_dev_trap_report_work
[  706.203570][    C1] RIP: 0010:__sanitizer_cov_trace_pc+0x0/0x70
[  706.203593][    C1] Code: 89 fb e8 23 00 00 00 48 8b 3d dc 76 96 0c 48 89 de 5b e9 83 9d 5b 00 0f 1f 00 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 <f3> 0f 1e fa 48 8b 04 24 65 48 8b 0c 25 00 d7 03 00 65 8b 15 c0 4a
[  706.203607][    C1] RSP: 0018:ffffc90000a18760 EFLAGS: 00000202
[  706.203620][    C1] RAX: ffffffff902818b0 RBX: ffffffff902818b4 RCX: ffff88802bec5a00
[  706.203633][    C1] RDX: 0000000000000100 RSI: ffffffff8135ca5a RDI: ffffffff8135ca89
[  706.203645][    C1] RBP: ffffffff8135ca89 R08: ffffffff81412c60 R09: ffffc90000a18930
[  706.203657][    C1] R10: 0000000000000003 R11: ffffffff817f2f00 R12: ffffffff902818b0
[  706.203670][    C1] R13: ffffffff902818b4 R14: ffffffff8135ca5a R15: ffffffff902818b0
[  706.203682][    C1] FS:  0000000000000000(0000) GS:ffff8880b8900000(0000) knlGS:0000000000000000
[  706.203697][    C1] CS:  0010 DS: 0000 ES: 0000 CR0: 0000000080050033
[  706.203708][    C1] CR2: 000000005853699c CR3: 0000000030372000 CR4: 00000000003526f0
[  706.203723][    C1] DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000
[  706.203733][    C1] DR3: 000000000000000e DR6: 00000000ffff0ff0 DR7: 0000000000000400
[  706.203744][    C1] Call Trace:
[  706.203750][    C1]  <NMI>
[  706.203758][    C1]  ? nmi_cpu_backtrace+0x3c2/0x4d0
[  706.203778][    C1]  ? __pfx_lock_acquire+0x10/0x10
[  706.203800][    C1]  ? __pfx_nmi_cpu_backtrace+0x10/0x10
[  706.203818][    C1]  ? nmi_handle+0x2a/0x5a0
[  706.203841][    C1]  ? nmi_cpu_backtrace_handler+0xc/0x20
[  706.203860][    C1]  ? nmi_handle+0x14f/0x5a0
[  706.203875][    C1]  ? nmi_handle+0x2a/0x5a0
[  706.203891][    C1]  ? __pfx___sanitizer_cov_trace_pc+0x10/0x10
[  706.203910][    C1]  ? default_do_nmi+0x63/0x160
[  706.203930][    C1]  ? exc_nmi+0x123/0x1f0
[  706.203947][    C1]  ? end_repeat_nmi+0xf/0x53
[  706.203966][    C1]  ? ret_from_fork+0x4a/0x80
[  706.203985][    C1]  ? ret_from_fork+0x79/0x80
[  706.204004][    C1]  ? __pfx_stack_trace_consume_entry+0x10/0x10
[  706.204023][    C1]  ? unwind_next_frame+0x510/0x2a00
[  706.204044][    C1]  ? ret_from_fork+0x4a/0x80
[  706.204062][    C1]  ? ret_from_fork+0x79/0x80
[  706.204080][    C1]  ? __pfx___sanitizer_cov_trace_pc+0x10/0x10
[  706.204105][    C1]  ? __pfx___sanitizer_cov_trace_pc+0x10/0x10
[  706.204126][    C1]  ? __pfx___sanitizer_cov_trace_pc+0x10/0x10
[  706.204145][    C1]  </NMI>
[  706.204151][    C1]  <IRQ>
[  706.204156][    C1]  unwind_next_frame+0x54e/0x2a00
[  706.204178][    C1]  ? ret_from_fork+0x4a/0x80
[  706.204199][    C1]  ? ret_from_fork+0x4b/0x80
[  706.204217][    C1]  ? ret_from_fork+0x4b/0x80
[  706.204236][    C1]  ? __kernel_text_address+0xd/0x40
[  706.204251][    C1]  ? ret_from_fork+0x4b/0x80
[  706.204269][    C1]  ? __pfx_stack_trace_consume_entry+0x10/0x10
[  706.204288][    C1]  arch_stack_walk+0x151/0x1b0
[  706.204307][    C1]  ? ret_from_fork+0x4b/0x80
[  706.204329][    C1]  stack_trace_save+0x118/0x1d0
[  706.204348][    C1]  ? __pfx_stack_trace_save+0x10/0x10
[  706.204368][    C1]  ? mark_lock+0x9a/0x350
[  706.204389][    C1]  ? rcu_core+0xa86/0x1830
[  706.204409][    C1]  kasan_save_track+0x3f/0x80
[  706.204427][    C1]  ? kasan_save_track+0x3f/0x80
[  706.204444][    C1]  ? kasan_save_free_info+0x40/0x50
[  706.204461][    C1]  ? poison_slab_object+0xe0/0x150
[  706.204479][    C1]  ? __kasan_slab_free+0x37/0x60
[  706.204496][    C1]  ? kmem_cache_free+0x145/0x350
[  706.204511][    C1]  ? rcu_core+0xafd/0x1830
[  706.204529][    C1]  ? handle_softirqs+0x2c4/0x970
[  706.204546][    C1]  ? do_softirq+0x11b/0x1e0
[  706.204563][    C1]  ? __local_bh_enable_ip+0x1bb/0x200
[  706.204580][    C1]  ? nsim_dev_trap_report_work+0x75d/0xaa0
[  706.204595][    C1]  ? process_scheduled_works+0xa2c/0x1830
[  706.204614][    C1]  ? worker_thread+0x86d/0xd10
[  706.204631][    C1]  ? kthread+0x2f0/0x390
[  706.204649][    C1]  ? ret_from_fork+0x4b/0x80
[  706.204686][    C1]  ? __pfx_debug_object_deactivate+0x10/0x10
[  706.204703][    C1]  ? rcu_core+0xafd/0x1830
[  706.204720][    C1]  kasan_save_free_info+0x40/0x50
[  706.204736][    C1]  poison_slab_object+0xe0/0x150
[  706.204755][    C1]  ? rcu_core+0xafd/0x1830
[  706.204772][    C1]  __kasan_slab_free+0x37/0x60
[  706.204791][    C1]  kmem_cache_free+0x145/0x350
[  706.204808][    C1]  ? rcu_core+0xa86/0x1830
[  706.204825][    C1]  ? __pfx_inode_free_by_rcu+0x10/0x10
[  706.204843][    C1]  rcu_core+0xafd/0x1830
[  706.204861][    C1]  ? ttwu_do_activate+0x200/0x7e0
[  706.204888][    C1]  ? __pfx_rcu_core+0x10/0x10
[  706.204908][    C1]  ? kvm_sched_clock_read+0x11/0x20
[  706.204927][    C1]  ? sched_clock+0x4a/0x70
[  706.204945][    C1]  ? mark_lock+0x9a/0x350
[  706.204966][    C1]  ? lockdep_hardirqs_on_prepare+0x43d/0x780
[  706.204987][    C1]  ? __pfx_lockdep_hardirqs_on_prepare+0x10/0x10
[  706.205011][    C1]  handle_softirqs+0x2c4/0x970
[  706.205031][    C1]  ? do_softirq+0x11b/0x1e0
[  706.205051][    C1]  ? __pfx_handle_softirqs+0x10/0x10
[  706.205074][    C1]  do_softirq+0x11b/0x1e0
[  706.205091][    C1]  </IRQ>
[  706.205100][    C1]  <TASK>
[  706.205107][    C1]  ? __pfx_do_softirq+0x10/0x10
[  706.205125][    C1]  ? __pfx_lockdep_softirqs_on+0x10/0x10
[  706.205146][    C1]  ? rcu_is_watching+0x15/0xb0
[  706.205168][    C1]  __local_bh_enable_ip+0x1bb/0x200
[  706.205187][    C1]  ? nsim_dev_trap_report_work+0x75d/0xaa0
[  706.205203][    C1]  ? __pfx___local_bh_enable_ip+0x10/0x10
[  706.205221][    C1]  ? do_raw_spin_unlock+0x13c/0x8b0
[  706.205239][    C1]  ? nsim_dev_trap_report_work+0x6a7/0xaa0
[  706.205258][    C1]  nsim_dev_trap_report_work+0x75d/0xaa0
[  706.205282][    C1]  ? process_scheduled_works+0x945/0x1830
[  706.205300][    C1]  process_scheduled_works+0xa2c/0x1830
[  706.205337][    C1]  ? __pfx_process_scheduled_works+0x10/0x10
[  706.205360][    C1]  ? assign_work+0x364/0x3d0
[  706.205381][    C1]  worker_thread+0x86d/0xd10
[  706.205403][    C1]  ? _raw_spin_unlock_irqrestore+0xdd/0x140
[  706.205427][    C1]  ? __kthread_parkme+0x169/0x1d0
[  706.205448][    C1]  ? __pfx_worker_thread+0x10/0x10
[  706.205466][    C1]  kthread+0x2f0/0x390
[  706.205486][    C1]  ? __pfx_worker_thread+0x10/0x10
[  706.205503][    C1]  ? __pfx_kthread+0x10/0x10
[  706.205523][    C1]  ret_from_fork+0x4b/0x80
[  706.205541][    C1]  ? __pfx_kthread+0x10/0x10
[  706.205561][    C1]  ret_from_fork_asm+0x1a/0x30
[  706.205589][    C1]  </TASK>
[  706.262249][   T30] Kernel panic - not syncing: hung_task: blocked tasks
[  706.262270][   T30] CPU: 0 UID: 0 PID: 30 Comm: khungtaskd Not tainted 6.11.0-rc6-syzkaller #0
[  706.262293][   T30] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 08/06/2024
[  706.262304][   T30] Call Trace:
[  706.262312][   T30]  <TASK>
[  706.262321][   T30]  dump_stack_lvl+0x241/0x360
[  706.262348][   T30]  ? __pfx_dump_stack_lvl+0x10/0x10
[  706.262366][   T30]  ? __pfx__printk+0x10/0x10
[  706.262382][   T30]  ? lockdep_hardirqs_on_prepare+0x43d/0x780
[  706.262412][   T30]  ? vscnprintf+0x5d/0x90
[  706.262434][   T30]  panic+0x349/0x860
[  706.262452][   T30]  ? nmi_trigger_cpumask_backtrace+0x244/0x320
[  706.262475][   T30]  ? __pfx_panic+0x10/0x10
[  706.262496][   T30]  ? tick_nohz_tick_stopped+0x82/0xb0
[  706.262516][   T30]  ? __irq_work_queue_local+0x137/0x410
[  706.262539][   T30]  ? preempt_schedule_thunk+0x1a/0x30
[  706.262559][   T30]  ? nmi_trigger_cpumask_backtrace+0x244/0x320
[  706.262579][   T30]  ? nmi_trigger_cpumask_backtrace+0x2d4/0x320
[  706.262602][   T30]  ? nmi_trigger_cpumask_backtrace+0x2d9/0x320
[  706.262626][   T30]  watchdog+0x1033/0x1040
[  706.262650][   T30]  ? watchdog+0x1ea/0x1040
[  706.262677][   T30]  ? __pfx_watchdog+0x10/0x10
[  706.262699][   T30]  kthread+0x2f0/0x390
[  706.262722][   T30]  ? __pfx_watchdog+0x10/0x10
[  706.262743][   T30]  ? __pfx_kthread+0x10/0x10
[  706.262767][   T30]  ret_from_fork+0x4b/0x80
[  706.262789][   T30]  ? __pfx_kthread+0x10/0x10
[  706.262812][   T30]  ret_from_fork_asm+0x1a/0x30
[  706.262851][   T30]  </TASK>
[  706.267671][   T30] Kernel Offset: disabled
[  706.984842][   T30] Rebooting in 86400 seconds..