last executing test programs:

10m35.316571583s ago: executing program 0 (id=132):
r0 = socket$inet_udp(0x2, 0x2, 0x0)
bind$inet(r0, &(0x7f0000000040)={0x2, 0x4e20, @empty}, 0x10)
syz_emit_ethernet(0x32, &(0x7f0000000340)={@local, @broadcast, @void, {@ipv4={0x800, @udp={{0x5, 0x4, 0x0, 0x0, 0x24, 0x0, 0x0, 0x0, 0x11, 0x0, @empty, @empty}, {0x4e21, 0x4e20, 0x10, 0x0, @gue={{0x2, 0x1, 0x2, 0x7f, 0x100}}}}}}}, 0x0)
syz_emit_ethernet(0x2e, &(0x7f0000000080)={@empty, @empty, @void, {@ipv4={0x800, @udp={{0x5, 0x4, 0x0, 0x0, 0x20, 0x68, 0x0, 0x0, 0x11, 0x0, @empty, @empty}, {0xffff, 0x4e20, 0xc, 0x0, @gue={{0x1, 0x1, 0x0, 0x6, 0x0, @void}}}}}}}, 0x0)
r1 = socket$inet6(0xa, 0x2, 0x0)
bind$inet6(r1, &(0x7f0000000480)={0xa, 0x4e20, 0x0, @mcast1, 0x2}, 0x1c)
r2 = socket$inet6(0xa, 0x2, 0x0)
setsockopt$sock_int(r2, 0x1, 0xf, &(0x7f0000000000)=0x6, 0xa)
bind$inet6(r2, &(0x7f0000f67fe4)={0xa, 0x4e20, 0x0, @ipv4={'\x00', '\xff\xff', @multicast2}}, 0x1c)
r3 = socket$inet6(0xa, 0x2, 0x0)
bind$inet6(r3, &(0x7f0000000040)={0xa, 0x4e20, 0x0, @ipv4={'\x00', '\xff\xff', @broadcast}}, 0x1c)
r4 = socket$inet6(0xa, 0x2, 0x0)
setsockopt$sock_int(r4, 0x1, 0xf, &(0x7f0000000000)=0x6, 0xa)
bind$inet6(r4, &(0x7f0000f67fe4)={0xa, 0x4e20, 0x0, @ipv4={'\x00', '\xff\xff', @multicast2}}, 0x1c)
r5 = socket$inet6(0xa, 0x2, 0x0)
setsockopt$sock_int(r5, 0x1, 0xf, &(0x7f0000000000)=0x6, 0xa)
bind$inet6(r5, &(0x7f0000f67fe4)={0xa, 0x4e20, 0x0, @ipv4={'\x00', '\xff\xff', @multicast2}}, 0x1c)
r6 = socket$inet6(0xa, 0x2, 0x0)
bind$inet6(r6, &(0x7f0000f67fe4)={0xa, 0x4e20, 0x0, @ipv4={'\x00', '\xff\xff', @local}}, 0x1c)
r7 = socket$inet6(0xa, 0x2, 0x0)
setsockopt$sock_int(r7, 0x1, 0xf, &(0x7f0000000000)=0x6, 0xa)
bind$inet6(r7, &(0x7f0000000080)={0xa, 0x4e20, 0x0, @ipv4={'\x00', '\xff\xff', @multicast2}}, 0x1c)
r8 = socket$inet6(0xa, 0x2, 0x0)
setsockopt$sock_int(r8, 0x1, 0xf, &(0x7f0000000000)=0x6, 0xa)
bind$inet6(r8, &(0x7f0000f67fe4)={0xa, 0x4e20, 0x0, @ipv4={'\x00', '\xff\xff', @multicast2}}, 0x1c)
r9 = socket$inet6(0xa, 0x2, 0x0)
setsockopt$sock_int(r9, 0x1, 0xf, &(0x7f0000000000)=0x6, 0xa)
bind$inet6(r9, &(0x7f0000f67fe4)={0xa, 0x4e20, 0x0, @ipv4={'\x00', '\xff\xff', @multicast2}}, 0x1c)
r10 = socket$inet6(0xa, 0x2, 0x0)
setsockopt$sock_int(r10, 0x1, 0xf, &(0x7f0000000000)=0x6, 0xa)

10m35.153313523s ago: executing program 0 (id=134):
r0 = socket$xdp(0x2c, 0x3, 0x0)
r1 = syz_open_procfs(0x0, &(0x7f0000006340)='net/ptype\x00')
pread64(r1, &(0x7f0000000000)=""/17, 0x11, 0x3)
openat$vga_arbiter(0xffffffffffffff9c, &(0x7f00000000c0), 0x802, 0x0)
r2 = syz_io_uring_setup(0x3aec, &(0x7f0000000240)={0x0, 0x0, 0x10100}, &(0x7f0000000000)=<r3=>0x0, &(0x7f0000000100)=<r4=>0x0)
syz_io_uring_submit(r3, r4, &(0x7f00000009c0)=@IORING_OP_WRITE={0x17, 0x0, 0x0, @fd_index=0x3, 0x0, 0x0, 0xffffff86})
io_uring_enter(r2, 0x7a98, 0x0, 0x0, 0x0, 0x0)
r5 = bpf$PROG_LOAD(0x5, &(0x7f00000001c0)={0x3, 0xc, &(0x7f00000005c0)=ANY=[@ANYBLOB="1800000000000000000000000000000085000000610000001801000020786c2500000000002020207b1af8ff00000000bfa100000000000007010000f8ffffffb702000008000000b7030000110b000885000000060000009500040000000000"], &(0x7f0000000500)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0xd, '\x00', 0x0, @sched_cls=0x37, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
syz_emit_ethernet(0x86, &(0x7f0000000000)={@multicast, @empty, @void, {@ipv4={0x800, @udp={{0x5, 0x4, 0x0, 0x0, 0x78, 0x0, 0x0, 0x0, 0x11, 0x0, @empty, @empty}, {0x0, 0x1b59, 0x64, 0x0, @wg=@response={0x2, 0x0, 0x0, "0000000108653904030405ffffff09c56a3000", "9384bbeb3018ad591b661fe808b21b77", {"694c875dfb1be5d2a0057a62022a1564", "a329d3a13bd5b6cc6a9471314a1d8c69"}}}}}}}, 0x0)
bpf$BPF_PROG_TEST_RUN(0xa, &(0x7f00000003c0)={r5, 0x0, 0xcc0, 0x0, &(0x7f0000000000)="c1188e19b95d02ff4284860186dd", 0x0, 0x6, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x50)
setsockopt$XDP_UMEM_REG(r0, 0x11b, 0x4, &(0x7f0000000080)={&(0x7f0000000000)=""/97, 0x1000000, 0x1000, 0x5, 0x1}, 0x20)
unshare(0x28000600)
setsockopt$XDP_UMEM_REG(r0, 0x11b, 0x4, &(0x7f0000000140)={0x0, 0x1229000, 0x800, 0x5, 0x2}, 0x20)
openat$drirender128(0xffffffffffffff9c, &(0x7f0000000180), 0x12a000, 0x0)

10m33.250555936s ago: executing program 0 (id=144):
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000080)=0x8)
r0 = openat$tun(0xffffffffffffff9c, &(0x7f0000000000), 0x48241, 0x0)
ioctl$TUNSETIFF(r0, 0x400454ca, 0x0)
ioctl$SIOCSIFHWADDR(0xffffffffffffffff, 0x8914, &(0x7f0000000180)={'syzkaller1\x00', @link_local})
write$tun(r0, &(0x7f00000001c0)=ANY=[], 0x3e)
r1 = getpid()
sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2)
sched_setscheduler(r1, 0x2, &(0x7f0000000200)=0x7)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={<r2=>0xffffffffffffffff, <r3=>0xffffffffffffffff})
connect$unix(r2, &(0x7f000057eff8)=@abs, 0x6e)
sendmmsg$unix(r3, &(0x7f0000000000), 0x651, 0x0)
recvmmsg(r2, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
r4 = bpf$MAP_CREATE(0x0, 0x0, 0x48)
r5 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, &(0x7f0000000ac0)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32=r4, @ANYBLOB="0000000000000000b708000002001e007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b7040000000000008500000001"], &(0x7f0000000700)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000440)={0x13, 0x13, &(0x7f0000000080)=@framed={{0x18, 0x8, 0x0, 0x0, 0xffd0}, [@func={0x85, 0x0, 0x1, 0x0, 0x6}, @map_fd={0x18, 0x0, 0x0}, @generic={0x66, 0x8}, @initr0, @exit, @alu={0x6, 0x0, 0x3, 0xa, 0x0, 0x2}, @printk={@x, {}, {}, {}, {}, {0x5, 0x0, 0xb, 0xa}}]}, &(0x7f0000000000)='GPL\x00', 0x2, 0xff99, &(0x7f0000000340)=""/222, 0x0, 0x8}, 0x78)
bpf$PROG_LOAD(0x5, &(0x7f000000e000)={0xd, 0x4, &(0x7f0000000040)=@framed={{0xffffffb4, 0x0, 0x0, 0x0, 0x0, 0x61, 0x14, 0x20}, [@ldst={0x5}]}, &(0x7f0000003ff6)='GPL\x00', 0x5, 0xfd90, &(0x7f000000cf3d)=""/195, 0x0, 0x0, '\x00', 0x0, @sock_ops}, 0x48)
bpf$PROG_LOAD_XDP(0x5, &(0x7f0000000700)={0x17, 0x4, &(0x7f0000000240)=ANY=[@ANYRESHEX=r5, @ANYRES32=r1], &(0x7f0000000040)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x13}, 0x94)
socketpair(0x18, 0x0, 0x2, 0x0)

10m32.12827803s ago: executing program 0 (id=146):
r0 = syz_open_procfs(0x0, &(0x7f0000000540)='mounts\x00')
r1 = epoll_create1(0x80000)
epoll_ctl$EPOLL_CTL_ADD(r1, 0x1, r0, &(0x7f0000000040)={0xc0002009})
mkdirat(0xffffffffffffff9c, &(0x7f0000000040)='./file0\x00', 0x1c0)
mount$tmpfs(0x0, &(0x7f0000000080)='./file0\x00', &(0x7f00000000c0), 0x0, 0x0)
syz_open_dev$sg(&(0x7f00000060c0), 0x0, 0x8002)
openat$dlm_control(0xffffffffffffff9c, &(0x7f0000000000), 0xad82, 0x0)
r2 = syz_io_uring_setup(0x416f, &(0x7f0000000780)={0x0, 0xfffffffd, 0x10100, 0x200, 0x1}, &(0x7f0000000100)=<r3=>0x0, &(0x7f00000000c0)=<r4=>0x0)
syz_io_uring_submit(r3, r4, &(0x7f0000000180)=@IORING_OP_READV=@pass_iovec={0x1, 0x0, 0x0, @fd_index=0x4, 0x0, &(0x7f00000004c0)=[{&(0x7f0000000000)=""/4, 0x4}], 0x27})
io_uring_enter(r2, 0x567, 0x1000a387, 0x0, 0x0, 0x0)
mount$fuse(0x0, &(0x7f0000000000)='./file0\x00', 0x0, 0x104000, 0x0)
mount$9p_unix(&(0x7f0000000000)='./file0\x00', &(0x7f0000000040)='./file0\x00', 0x0, 0x12d7498, 0x0)
mount$bind(&(0x7f0000000040)='.\x00', &(0x7f0000000080)='./file0\x00', 0x0, 0x2a05004, 0x0)

10m31.457023224s ago: executing program 0 (id=149):
socket$nl_route(0x10, 0x3, 0x0)
syz_open_procfs(0x0, 0x0)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x20008b}, 0x0)
r0 = fanotify_init(0x0, 0x0)
r1 = open$dir(&(0x7f0000000000)='.\x00', 0x0, 0x0)
fanotify_mark(r0, 0x641, 0x48001018, r1, 0x0)
mkdir(&(0x7f0000000180)='./file0\x00', 0x0)
utime(&(0x7f0000000000)='./file0\x00', 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000640)=0x3)
r2 = socket$nl_crypto(0x10, 0x3, 0x15)
sendmsg$netlink(r2, &(0x7f0000000880)={0x0, 0x0, &(0x7f0000000840)=[{&(0x7f0000000300)=ANY=[@ANYBLOB], 0x10}], 0x1, 0x0, 0x0, 0x4000}, 0x0)
sched_setaffinity(0x0, 0x8, &(0x7f0000000580)=0x2)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
r3 = syz_open_dev$MSR(&(0x7f00000001c0), 0x0, 0x0)
r4 = syz_init_net_socket$bt_sco(0x1f, 0x5, 0x2)
sendmsg$DEVLINK_CMD_TRAP_POLICER_GET(r4, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000080)={0x0}, 0x1, 0x0, 0x0, 0x20000840}, 0x81)
read$msr(r3, &(0x7f0000001a40)=""/102392, 0x18ff8)
socket$nl_xfrm(0x10, 0x3, 0x6)
r5 = socket$nl_xfrm(0x10, 0x3, 0x6)
sendmsg$nl_xfrm(r5, &(0x7f0000000180)={0x0, 0x0, &(0x7f00000001c0)={&(0x7f0000000000)=ANY=[@ANYBLOB="b8000000190001000000000000000000e00000020000000000000000000000000000000000000000000000000000000100000000100002000a00200000000000", @ANYRES32=0x0, @ANYRES32=0x0], 0xb8}, 0x1, 0x0, 0x0, 0x404c830}, 0x0)
r6 = socket$nl_xfrm(0x10, 0x3, 0x6)
sendmsg$nl_xfrm(r6, &(0x7f0000000180)={0x0, 0x0, &(0x7f00000001c0)={&(0x7f0000000000)=ANY=[@ANYBLOB="b800000015"], 0xb8}}, 0x0)
openat$kvm(0xffffffffffffff9c, &(0x7f0000000140), 0x0, 0x0)
r7 = openat$nullb(0xffffffffffffff9c, &(0x7f0000000080), 0x4000000004002, 0x0)
r8 = openat$ptmx(0xffffffffffffff9c, &(0x7f0000000040), 0x8800, 0x0)
ioctl$TIOCSETD(r8, 0x5423, &(0x7f0000000000)=0x14)
ioctl$TIOCSETD(r8, 0x5423, &(0x7f0000000180)=0xe)
ioctl$TIOCVHANGUP(r8, 0x5437, 0x0)
r9 = dup(r7)
ioctl$AUTOFS_DEV_IOCTL_OPENMOUNT(r9, 0xc0189374, &(0x7f0000000000)={{0x1, 0x1, 0x18, 0xffffffffffffffff, {0x1}}, './file0\x00'})

10m30.408878064s ago: executing program 0 (id=154):
bpf$PROG_LOAD(0x5, &(0x7f0000000140)={0x1, 0x4, &(0x7f0000000480)=ANY=[], &(0x7f0000000780)='GPL\x00', 0x0, 0x0, 0x0, 0x41100, 0x28, '\x00', 0x0, @fallback=0x21, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
r0 = syz_usb_connect$hid(0x6, 0x36, &(0x7f0000000080)=ANY=[@ANYBLOB="260150010203010902240001013fd00909f3ff04020301060100000020"], 0x0)
mkdir(&(0x7f0000000000)='./file0\x00', 0x0)
mkdirat(0xffffffffffffff9c, &(0x7f0000000340)='./file1\x00', 0x0)
mkdir(&(0x7f00000004c0)='./bus\x00', 0x92)
bpf$MAP_UPDATE_BATCH(0x1a, &(0x7f0000000400)={0x0, 0x0, 0x0, 0x0, 0x5}, 0x38)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000080)=0x8)
r1 = getpid()
sched_setscheduler(r1, 0x2, &(0x7f0000000200)=0x7)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={<r2=>0xffffffffffffffff, <r3=>0xffffffffffffffff})
connect$unix(r2, &(0x7f000057eff8)=@abs, 0x6e)
sendmmsg$unix(r3, &(0x7f0000000000), 0x651, 0x0)
recvmmsg(r2, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000300)={0x11, 0x5, &(0x7f00000002c0)=ANY=[@ANYBLOB="18050000000000fe000000004b64ffec850000007d000000040000000700000095"], &(0x7f0000000080)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x2}, 0x80)
r4 = socket$rds(0x15, 0x5, 0x0)
bind$rds(r4, &(0x7f0000000080)={0x2, 0x0, @loopback}, 0x10)
sendmsg$rds(r4, &(0x7f0000000100)={&(0x7f0000000040)={0x2, 0x0, @local}, 0x10, 0x0, 0x0, &(0x7f0000000400)=[@mask_cswp={0x58, 0x114, 0x9, {{0xe, 0x7}, &(0x7f0000000140)=0x6, 0x0, 0x6, 0x2, 0x7ff, 0x4, 0x22, 0xfffffffffffffffa}}], 0x58, 0x8004}, 0x0) (fail_nth: 1)
mount$overlay(0x0, &(0x7f00000000c0)='./bus\x00', &(0x7f0000000080), 0x0, &(0x7f0000000400)={[{@workdir={'workdir', 0x3d, './bus'}}, {@lowerdir={'lowerdir', 0x3d, './file0'}}, {@upperdir={'upperdir', 0x3d, './file1'}}]})
chdir(&(0x7f0000000140)='./bus\x00')
r5 = openat$dir(0xffffffffffffff9c, &(0x7f0000000040)='./file0\x00', 0x140, 0x83)
readahead(r5, 0x7fffffff, 0x10000)
syz_emit_vhci(&(0x7f0000000040)=ANY=[@ANYBLOB="043ef50d", @ANYRESOCT=r0], 0xf8)
bpf$PROG_LOAD(0x5, &(0x7f00000003c0)={0xd, 0x4, &(0x7f0000000480)=ANY=[@ANYBLOB="180000000000000000000000000000006118b8000000000095"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback=0x2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
pipe2$9p(&(0x7f0000000140), 0x0)
mprotect(&(0x7f0000000000/0x3000)=nil, 0x3000, 0x1)
bpf$PROG_LOAD_XDP(0x5, &(0x7f0000000140)={0x6, 0x0, 0x0, 0x0, 0x5, 0x0, 0x0, 0x0, 0x8}, 0x3b)

10m29.226091183s ago: executing program 32 (id=154):
bpf$PROG_LOAD(0x5, &(0x7f0000000140)={0x1, 0x4, &(0x7f0000000480)=ANY=[], &(0x7f0000000780)='GPL\x00', 0x0, 0x0, 0x0, 0x41100, 0x28, '\x00', 0x0, @fallback=0x21, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
r0 = syz_usb_connect$hid(0x6, 0x36, &(0x7f0000000080)=ANY=[@ANYBLOB="260150010203010902240001013fd00909f3ff04020301060100000020"], 0x0)
mkdir(&(0x7f0000000000)='./file0\x00', 0x0)
mkdirat(0xffffffffffffff9c, &(0x7f0000000340)='./file1\x00', 0x0)
mkdir(&(0x7f00000004c0)='./bus\x00', 0x92)
bpf$MAP_UPDATE_BATCH(0x1a, &(0x7f0000000400)={0x0, 0x0, 0x0, 0x0, 0x5}, 0x38)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000080)=0x8)
r1 = getpid()
sched_setscheduler(r1, 0x2, &(0x7f0000000200)=0x7)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={<r2=>0xffffffffffffffff, <r3=>0xffffffffffffffff})
connect$unix(r2, &(0x7f000057eff8)=@abs, 0x6e)
sendmmsg$unix(r3, &(0x7f0000000000), 0x651, 0x0)
recvmmsg(r2, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000300)={0x11, 0x5, &(0x7f00000002c0)=ANY=[@ANYBLOB="18050000000000fe000000004b64ffec850000007d000000040000000700000095"], &(0x7f0000000080)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x2}, 0x80)
r4 = socket$rds(0x15, 0x5, 0x0)
bind$rds(r4, &(0x7f0000000080)={0x2, 0x0, @loopback}, 0x10)
sendmsg$rds(r4, &(0x7f0000000100)={&(0x7f0000000040)={0x2, 0x0, @local}, 0x10, 0x0, 0x0, &(0x7f0000000400)=[@mask_cswp={0x58, 0x114, 0x9, {{0xe, 0x7}, &(0x7f0000000140)=0x6, 0x0, 0x6, 0x2, 0x7ff, 0x4, 0x22, 0xfffffffffffffffa}}], 0x58, 0x8004}, 0x0) (fail_nth: 1)
mount$overlay(0x0, &(0x7f00000000c0)='./bus\x00', &(0x7f0000000080), 0x0, &(0x7f0000000400)={[{@workdir={'workdir', 0x3d, './bus'}}, {@lowerdir={'lowerdir', 0x3d, './file0'}}, {@upperdir={'upperdir', 0x3d, './file1'}}]})
chdir(&(0x7f0000000140)='./bus\x00')
r5 = openat$dir(0xffffffffffffff9c, &(0x7f0000000040)='./file0\x00', 0x140, 0x83)
readahead(r5, 0x7fffffff, 0x10000)
syz_emit_vhci(&(0x7f0000000040)=ANY=[@ANYBLOB="043ef50d", @ANYRESOCT=r0], 0xf8)
bpf$PROG_LOAD(0x5, &(0x7f00000003c0)={0xd, 0x4, &(0x7f0000000480)=ANY=[@ANYBLOB="180000000000000000000000000000006118b8000000000095"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback=0x2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
pipe2$9p(&(0x7f0000000140), 0x0)
mprotect(&(0x7f0000000000/0x3000)=nil, 0x3000, 0x1)
bpf$PROG_LOAD_XDP(0x5, &(0x7f0000000140)={0x6, 0x0, 0x0, 0x0, 0x5, 0x0, 0x0, 0x0, 0x8}, 0x3b)

1m11.088008377s ago: executing program 5 (id=1877):
close_range(0xffffffffffffffff, 0xffffffffffffffff, 0x2)
prlimit64(0x0, 0xe, &(0x7f00000007c0)={0x8, 0x88}, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000080)=0x8)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
openat$sequencer(0xffffffffffffff9c, &(0x7f0000000300), 0x0, 0x0)
r0 = syz_open_dev$sndmidi(&(0x7f00000004c0), 0x2, 0x141102)
pipe2(&(0x7f0000000040)={0xffffffffffffffff, <r1=>0xffffffffffffffff}, 0x0)
vmsplice(r1, &(0x7f00000013c0)=[{&(0x7f0000000080)='4', 0x1}, {&(0x7f0000000100)="a7", 0x1}, {&(0x7f0000000880)="9f3846581b1b5159fa75b369536aed7fc089b18592fd1bd099864f1ed35c7046e78c84f4cf0e59594f6dac655efbe84343ff8c186af752f7691c612987b6c089fc2ac412de8edab1f67d0300a1acf9ef331f2b436ff4322adcde8648bcd1e193eb1cb83b0ff2de12d2", 0x69}, {&(0x7f0000000300)}], 0x4, 0x0)
ioctl$sock_SIOCINQ(r1, 0x541b, &(0x7f0000000240))
ioctl$SNAPSHOT_S2RAM(r1, 0x330b)
r2 = socket$key(0xf, 0x3, 0x2)
sendmsg$key(r2, &(0x7f0000000100)={0x3, 0x0, &(0x7f0000000080)={&(0x7f0000000000)=ANY=[@ANYBLOB="0203f30216000000000000000000000002001b0008000000e900000000000000030006000000000002000000000000000000000000000000010001"], 0xb0}, 0x1, 0x7}, 0x0)
writev(r0, &(0x7f0000000840)=[{&(0x7f00000002c0)="94", 0xf000}, {0x0}], 0x2)
r3 = shmget$private(0x0, 0x2000, 0x1000, &(0x7f0000665000/0x2000)=nil)
shmat(r3, &(0x7f0000000000/0x4000)=nil, 0xffffffffffffcfff)
r4 = socket$nl_route(0x10, 0x3, 0x0)
sendmsg$nl_route_sched(r4, &(0x7f0000000300)={0x0, 0x0, &(0x7f00000002c0)={&(0x7f00000007c0)=@newtaction={0x7c, 0x30, 0x871a15abc695fb3d, 0x0, 0x0, {}, [{0x68, 0x1, [@m_tunnel_key={0x64, 0x1, 0x0, 0x0, {{0xf}, {0x34, 0x2, 0x0, 0x1, [@TCA_TUNNEL_KEY_PARMS={0x1c, 0x2, {{}, 0x1}}, @TCA_TUNNEL_KEY_ENC_IPV6_SRC={0x14, 0xb, @loopback={0x40000000c000000}}]}, {0x4}, {0xc}, {0xc}}}]}]}, 0x7c}}, 0x0)

1m9.795596949s ago: executing program 5 (id=1880):
syz_usb_connect(0x0, 0x2d, &(0x7f0000000140)={{0x12, 0x1, 0x0, 0x41, 0x3f, 0x5f, 0x20, 0x61d, 0xc150, 0xce6f, 0x1, 0x2, 0x3, 0x1, [{{0x9, 0x2, 0x1b, 0x1, 0x0, 0x0, 0x10, 0x0, [{{0x9, 0x4, 0x33, 0x0, 0x1, 0x18, 0x70, 0xfd, 0x0, [], [{{0x9, 0x5, 0x82, 0x2, 0x200, 0x0, 0x4}}]}}]}}]}}, 0x0)
r0 = openat$userio(0xffffffffffffff9c, &(0x7f0000000000), 0x2002, 0x0)
write$USERIO_CMD_SET_PORT_TYPE(r0, &(0x7f0000000040)={0x1, 0x6}, 0x2)
write$USERIO_CMD_REGISTER(r0, &(0x7f0000000100), 0x2)
socket$nl_generic(0x10, 0x3, 0x10)
syz_genetlink_get_family_id$l2tp(&(0x7f0000000140), 0xffffffffffffffff)
socket$inet_udp(0x2, 0x2, 0x0)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x9, 0x20000008b}, 0x0)
sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x7)
r1 = bpf$PROG_LOAD(0x5, &(0x7f0000000080)={0x11, 0x8, &(0x7f0000003900)=ANY=[@ANYBLOB="620af8ff0c200021bfa100000000000007010000f8ffffffb702000003000000bd120000000000008500000006000000b70000000000000095000000000000003faf4f1e7f2aa3d9b18ed81c0c869b51ec6c0af4e0e4a9446c7670568982b4e020f698393aa0f3881f9c24aa56f15199fad0093c59d66b5ece9f36c70d0f13905ea23c22624c9f87f9793f50bb546040677b0c5077da80fb982c1e9400e693146cea484a415b76966118b64f751a0f241b07080008002d75593a286cecc93e64c227c95aa0b784625704f07a72c234664c0af9360a1f7a5e6b607130c89f18c0c1089d8b853289e01aa27ae8b09e00e79ab20b0b8e1148f49faf2ad0000000000000006fa03c6468972089b302d7bf6023cdcedb5e0125ebbc08dee510cb2364149215108333719acd97cfa107d40224edc5465a932b77e74e802a0d42bc6099ad2300000080006ef6c1ff0900000000000010c63a949e8b7955394ffa82b8e942c89112f4ab87b1bfeda7be586602d985430cea0162ab3fcf4591c926abfb0767192302000000b0eea24492a660583eecb42cbcd3de3a83209da17a0faf60fd6ad9b97aa5fa68480366c9c6fd6fa5043aa3926b81e3b59c95c25a573dc2edcaea2b1a52496dfcaf99431412fd134a996382a1a04d5bb924cfe5f3185418d605ffff9c4d2ec7c32f2095e63c80aff9fa740b5b7632f32030916f89c6dad7603f2ba2a790d62d6faec2fed44da4928b30142ba11de6c5d50b83bae613402216b5054d1e7c13b1355d6f4a8245ffa4997da9c77af4c0eb97fca585ec6bf5af51d564beb6d952aab9c70764b0a8a7583c90b3433b809bdb9fbd48bc873495cbff8a326eea31ae4e0f7505ebf6c9d13330ca005ace1a84521f14518c9b476fccbd6c712016219848624b87cec2dbe98223a0eb4fa39f6b5c02e6d6d90756ff57902a8f57000000009700cf0b4b8bc2294133000000000000000000030000000000000000000000000010008bc0d9559711e6e8861c46495ba585a4b2d02edc3e28dd271c896249ed85b980680b00002b435ac15fc0288d9b2a169cdcacc413038dafb7a2c8cb482bac0ac502d9ba96ffffff7f0000100000000000007d5ad897ef3b7cda42013d53046da21b40216e14ba2d6ad5656bfff17addaedab25b30002abbba7fa725f38400be7c1f001b2cd317902f19e385be9e48dccff729433282830689da6b53b263339863297771429d120000003341bf4abacac95900fca0493cf29b33dcc9ffffffffffffffd39fec2271ff01589646efd1cf870cd7bb2366fde41f94290c2a5ff870ce41fd3467decb05cfd9fcb32c8ed1dbd9d10a64c1083d5e71b5565b1768ee58969c41595229df17bcad70fb4021428ce970275d13b78100788f11f76161d46ea3abe0fa4d30dc94ef241875f3b4ce0232fcea69c271d7fa29822aea68a660e717a04becff0f719197724f4fce1093b62d7e8c7123d8ec571be54c72d978cf906df0042e36acd37d7f9e119f2c06f815312e0cfe222a06f56dd022c074eb8a322fb0bf47c0a8d154b405c37feaf3dd95f6ef2ae582786105c7df8be5877050c91301bb997316dbf17866fb84d4173731efe895ff2e1c5560926e90109b598502d3e959efc71f665c4d75cf2458e3546c1c776da64fb5abee0acfd235f2f4632c9062ece84c99a061887a20639b41c8c12ee86c50804042b3fb5aac518a75f9e7d7101d5e186c489b3a06fb99e0aa7f23a054de2f4d92d6bd72ee2c9fdc75aaaf1e3e483b4ad05573af40326993947d9a631bcbf3583784acbda216550d7aec6b79e30cbd128f54c2d3335457acf37331766e472391e358c3b377327ac9ecc34f24c9ae153ec60ac0694dc55bff9f5f45f90400000000000000d6b2c5ea1393fdf24285bf16b99c9cc0ad1857216f1a985f369191ae954febb3df464bfe0f7f3ee9afe7befb89d2777399f5874c553aeb3729cffe86e66964ae09bb6d163118e4cbe024fd4500f8ff0700000000cc9d8046c216c1f895778cb25122a2a9f9b444aeadea2a40da8daccf080842a486721737390cbf3a74cb2003016f1514216bdf57d2a40d40b51ab63e96ec8485b3b8a8c9ae3d14f93100c2e0893862eef552fcde2981f48c482bde8a168c3f5db2fea6f26e4a4304e50c349f4f9ecee27defc93871c5f99b355b72d538ba4958ea8e4aa37094191e10096e7e60fc3541a2c905a1a95e9571bf38ae1981c4238ecaee6f75cd0a6881bd1517a8250ddc8674152f94e3a409e2a3bce109b60000000000000000d6d5210d7503000000a87a27602b81f76386f1535bef1497f92186086e29c6bc5a1fad6ec9a31137abf9a404abde7750898b1bd627e873f8703be8672d70d1ab57075228a9f46ed9bd1f08fb8191bbab2dc51de3a61f0868afc4294859323e6c257a45319f18101288d139bd3da20fed05a8fe64680b0a3fc22dd70400000000946912d6c98cd1a9fbe1e7d58c08acaf30235b918a31d2eca55f74a23641f61f2d5b308cf0d031b0c7f0ced69993e9960ff5f76015e6009556237badf4e7965bbe2777e808fcba821aa8e8c5c39609ff854352cb4900000000000000000000000000c1fee30a3f7a85d1b29e58c77685efc0ceb1c8e5729c66418d169fc03aa188546b3ad2a182068e1e3a0e2505bc7f41019645466a53f1c96e0d4b3bc19faa5449209b083dbd334b47f067bbab40743b2a42010082008df75cf43f8ecc8d3726602111b40e761fd21081920382f14d12ca3c3431ee97471c7868dcda7eaa69eb7f7f80572fdd11bb1d0d1280fbc22bf73468788df51710d7d31c632fc5ed1762eb0b428ee751c47d8e894f745a868404a0bf35f0121008b722b1eaa6aedfa1bf2e7ccb2d61d5d76331945ecefa26b8471d42645288d7226bbd9ccd628ab84875f2c50ba891cea592b0430a537a395dc73bda367bf12cb7d81691a5fe8c47be395656a297e9df0e71f96756ea5cce7daac4be290159f6bcd75f0dda9de5532e71ae9e48b0ed0254a83100000000f6fbb869604d51a36a54c832e45b2569dc0d90b075225fde44c4e0973171ad47d6b0fdf9743af932cd6db49a47613808bad959710300000000000000832d0a45fa4242e24c7e800003c9e8095e02985f28e678f66422436f949e2ab8f162d7e3f855e378f4a1f40b0c6fb2d4b205a800b6d713acebc5b014e61a543a5a194f9ac18d76b5440e3b1a569e7397f6cafa86966d7ba19e720413267a6ccea9c439671d2c680f2753ca184eeeb843450368acb4383a01d25eb3d1e23e0f2645d1cdfa9fa410632f95a5f622f851c66ee7e30393cd7a4d67ff2a49c4f93c0984b5c2d4523497e4d64f95f08493564a1df87111c9bf3194fef97dcecc467ace45feeb685c5870d05f88a0f463db88d377442e1349acaf766218b54a9d624778e1c4e064c98e494198276eb2df7766411bef0ebb5000000000006065d635b0b7a00ee767221d8af9753387e0cd8d718f54a29df6eba3bd4c440e6e2172e3fcc01b8babb757b5c59217b80d0db3ba582814a604e4ef7a803e9ca7c85b35c9b93a9e0885e238b44ae1c2e64cce3b27083b8246829e64056000302bffff15405bd5f2eba20000000000000000000000000000000000009a9823fd8fbc5aa16509945ed032b48ea12d8e0588dc52702e4084913a06d468d0928bad76d697e1f85ab030e788d38788ee5b5428d4a971cc97db9fd231088e570735ce129e7e77fc2777692664a1488fd8d6dff4dad618fd54f529d4555c6507009ee69dd1bc55258789b24052137e9637f3efbab71720f88c3c44b3b7486f979e8a3174b531f573fe0e5239c000be2733c49546f6e8a9175ec6f14dbf72cac91643b2fd99c29eca28a3c2e60d5e5b8795fae16a7c3ea57e728eca35eaf0155a39f97580e079175426c088a0208040982a0000000000000000000000000051ceaaf0159fe61f2eade7603d0a7a56fb09cd119ac06adb6597155ae47846892bb423c024d8cbe9240b71ec6dc2124d3a19e2d714b273d95d1d3aa737cb04a33615ff2a730e51067d5d675d7122361c37c61a43b5afd865b60d4cae891b73220f17d25985a7f76834995e53a93a1c7b9eef267df691ca983a0b15bda7f6c5c1ca7aa50261a3089a1ebf0734c9b07e8951ff023263ad5aed8cfb49b49e128c697724c057d22c5df5aef27ce3db11d5ad5527d149d076e1a87e2df27c0cb8a67ad026bf953e88f10447e125c2c0f1aebee1f3390a9e3ddad4e2a6e0f6e4569fdefa19e870e04acf9493b963f98e23cfc665e4f465fa3f801e1957c399e45f61d3459b1c606204368bb931345af2823c487d2fd99db6ea6e008e7ffa06ca861551189d155bd077a79fe2c7e961352e56824f727d21d41eae78bfec4a2d7a7edbc8ef958c5ea599f7c25bf71c2340558aa12fdd24a88aaad5921aee7dae6a2f3009d9cb43ab4898d0f0aa565431b6abe585d75db04d1c9ba0b9de4ae8b0d3132bc6810cc9a693979f55174a72e1df9fdef35bc470f9e6e591982757f45c52c645d891bf63bb21fb66926ebe1a8525611fc3e8bb8795c36dc2a86b5ab46ff33cc74f61751b2dae92676db85c8d0c721b7ea4544bf51c95c86fcac1f434d09d1ee4928aafe23de66fed972e0dddfb33f64e48701b049239e7f552d816441d11c4c2647c014462344359198d97c4b6e9ed31ca18987b64de079b2bed641e8a92f13ca70844c65cb423d01950b0ebf44bd28e09c05d9ae5dd689fb880fb18d042219f5ac60c3a03b085abf3e8e3efc842a8d328733461f04c99607061c65ed14c61322a5ac2d371a95b8ad867ec92d13a4fa4ae033a09673866cd77f4bcdaaa05207166b19a8758d8855400d8c6a7242dc207251e8797eca24ea4f487663e60f2f5e1f1424958fd148f846830e88a42d93e1fe9c0b4a4a268921738938aa9f3cb3811ac87c54c8ebc8bcfb4613cc3a997ff1579edbd4ade8020e3ad001b072b1a751b588ac4639f35a58e00a50c0270608c7a7f10132b1c25b9ea81232fbef665f6212f875b2a0000000000000000000000000000cf7b6c4ba9bec153d6834bfef080df374703a8ff56a63ec1fe5f2e05a79e3cace7283dd68d41e94420c325fe4dae144fde5ec25a87d625cab20753a77b323fa3783c8b675859b9012647885a242adfee2fe812ecbe5191e0a15142f7349e7627cc39d724e2e34e7a24154f26ae3125b36d0504965295d0453902ac7079b11a3a1e655e482331e3dc35b2e7e4e3ea99064fe5b9c8ae0ca3e5fd653f3286a99d81ce4eba765c38d097391ad4babac38ce5b4344e24a361cd54e5"], &(0x7f0000000380)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x8, &(0x7f0000000000), 0x8, 0x10, &(0x7f0000000000), 0x10}, 0x2e)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000180)={&(0x7f0000000540)='rcu_utilization\x00', r1}, 0x10)
r2 = getpid()
sched_setscheduler(r2, 0x2, &(0x7f0000000200)=0x6)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x0, 0x0)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={<r3=>0xffffffffffffffff, <r4=>0xffffffffffffffff})
connect$unix(r3, &(0x7f000057eff8)=@file={0x0, './file0\x00'}, 0x6e)
sendmmsg$unix(r4, &(0x7f0000000000), 0x651, 0x0)
recvmmsg(0xffffffffffffffff, &(0x7f0000000300), 0x0, 0x2, 0x0)
socketpair$unix(0x1, 0x5, 0x0, 0x0)
syz_emit_ethernet(0x2a, &(0x7f00000015c0)={@broadcast, @empty, @void, {@ipv4={0x800, @udp={{0x5, 0x4, 0x0, 0x0, 0x1c, 0x0, 0x0, 0x0, 0x11, 0x0, @private=0xa010100, @initdev={0xac, 0x1e, 0x0, 0x0}}, {0x4, 0x4e20, 0x8}}}}}, 0x0)
write$USERIO_CMD_SEND_INTERRUPT(r0, &(0x7f0000000140)={0x2, 0x63}, 0x2)

1m5.395845064s ago: executing program 5 (id=1890):
r0 = socket$nl_generic(0x10, 0x3, 0x10)
syz_open_procfs(0x0, 0x0)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0)
sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
syz_io_uring_setup(0x10d, 0x0, &(0x7f0000000340), &(0x7f0000000280))
r1 = syz_open_dev$MSR(&(0x7f00000001c0), 0x0, 0x0)
read$msr(r1, &(0x7f0000019680)=""/102392, 0x18ff8)
sendmsg$nl_generic(r0, &(0x7f0000000140)={0x0, 0x0, &(0x7f0000001ac0)={&(0x7f0000000000)={0x1c, 0x2d, 0x1, 0x70bd26, 0x25dfdbfc, {0x4}, [@typed={0x8, 0x9, 0x0, 0x0, @binary="38eac21a"}]}, 0x1c}}, 0x20000000)
openat$vmci(0xffffffffffffff9c, &(0x7f0000000040), 0x2, 0x0)
r2 = socket(0x10, 0x3, 0x0)
setsockopt$SO_ATTACH_FILTER(r2, 0x1, 0x1a, &(0x7f0000000000)={0x3, &(0x7f0000000080)=[{0x20, 0xf, 0xff, 0xfffff038}, {0x20, 0x1f, 0xf6, 0xfffff010}, {0x6, 0x80}]}, 0x10)

59.499444504s ago: executing program 1 (id=1915):
r0 = syz_open_dev$sndctrl(&(0x7f0000000100), 0x0, 0x0)
ioctl$SNDRV_CTL_IOCTL_SUBSCRIBE_EVENTS(r0, 0xc0045516, &(0x7f0000000040)=0x2) (async)
r1 = openat$nullb(0xffffffffffffff9c, &(0x7f0000000200), 0x4000000004002, 0x0)
r2 = dup(r1)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb, 0x13, r2, 0x2000) (async)
ioctl$TUNSETIFF(0xffffffffffffffff, 0x400454ca, &(0x7f0000000000)={'bridge_slave_0\x00', 0x401}) (async)
r3 = socket$nl_generic(0x10, 0x3, 0x10)
r4 = syz_genetlink_get_family_id$ethtool(&(0x7f0000000100), 0xffffffffffffffff)
sendmsg$ETHTOOL_MSG_EEE_GET(r3, &(0x7f00000004c0)={0x0, 0x0, &(0x7f0000000480)={&(0x7f00000008c0)={0x2c, r4, 0x1, 0x70bd25, 0x25dfdbfb, {}, [@HEADER={0x18, 0x1, 0x0, 0x1, [@ETHTOOL_A_HEADER_DEV_NAME={0x14, 0x2, 'dummy0\x00'}]}]}, 0x2c}, 0x1, 0x0, 0x0, 0x20000090}, 0x80) (async)
r5 = openat$kvm(0xffffff9c, &(0x7f0000000100), 0x0, 0x0)
r6 = ioctl$KVM_CREATE_VM(r5, 0xae01, 0x0)
r7 = ioctl$KVM_CREATE_VCPU(r6, 0xae41, 0x0)
ioctl$KVM_SET_CPUID2(r7, 0x4008ae90, &(0x7f0000000240)=ANY=[@ANYBLOB="fe"]) (async)
syz_usb_connect$uac1(0x2, 0xa6, &(0x7f0000000000)=ANY=[@ANYBLOB="12010000000000106b1d01010000000003010902940003010040000904000000010100000a2401000000020102132406000006000000281ab0ab2c90619b3400000000000000000000092403000000000000092405009917211cfd0924030500000004000724050401"], 0x0) (async)
ioctl$KVM_GET_CPUID2(r7, 0xc008ae91, &(0x7f0000000000)) (async)
poll(&(0x7f0000000000)=[{r0, 0x202}], 0x1, 0xa0)

58.256020746s ago: executing program 1 (id=1921):
r0 = openat$vimc1(0xffffffffffffff9c, &(0x7f0000000000), 0x2, 0x0)
r1 = getpgid(0xffffffffffffffff)
fcntl$lock(r0, 0x24, &(0x7f0000000040)={0x1, 0xd9b8aee65e78b3bd, 0x7, 0x3, r1})
ioctl$SECCOMP_IOCTL_NOTIF_RECV(0xffffffffffffffff, 0xc0502100, &(0x7f0000000080)={0x0, <r2=>0x0})
setpgid(r2, r1)
socket$nl_route(0x10, 0x3, 0x0)
r3 = socket$inet6_udp(0xa, 0x2, 0x0)
pread64(r3, &(0x7f0000000100)=""/4096, 0x1000, 0x4)
ioctl$KVM_SET_DEVICE_ATTR_vm(0xffffffffffffffff, 0x4018aee1, &(0x7f0000001140)=@attr_arm64={0x0, 0x0, 0x0, &(0x7f0000001100)={0x6, 0x5a}})
r4 = getpgid(r2)
sched_setaffinity(r4, 0x8, &(0x7f0000001180)=0x9)
socketpair$tipc(0x1e, 0xf07041c874954c76, 0x0, &(0x7f00000011c0))
r5 = semget(0x1, 0x0, 0x0)
semctl$SEM_STAT_ANY(r5, 0x2, 0x14, &(0x7f0000001200)=""/160)
syz_open_dev$video(&(0x7f00000012c0), 0x8, 0x131081)
syz_open_dev$sndmidi(&(0x7f0000001300), 0x6, 0x40040)
semctl$IPC_STAT(r5, 0x0, 0x2, &(0x7f0000001340)=""/96)
ioctl$DRM_IOCTL_MODE_GETRESOURCES(0xffffffffffffffff, 0xc04064a0, &(0x7f00000014c0)={&(0x7f00000013c0)=[0x0, 0x0, 0x0, 0x0, 0x0], &(0x7f0000001400)=[0x0, 0x0, 0x0, 0x0, 0x0, 0x0], &(0x7f0000001440)=[0x0, <r6=>0x0, 0x0, 0x0], &(0x7f0000001480)=[0x0, 0x0], 0x5, 0x6, 0x4, 0x2})
ioctl$DRM_IOCTL_MODE_CREATE_LEASE(0xffffffffffffffff, 0xc01864c6, &(0x7f0000001540)={&(0x7f0000001500)=[r6], 0x1, 0x80800, 0x0, <r7=>0xffffffffffffffff})
setsockopt$inet6_IPV6_FLOWLABEL_MGR(r7, 0x29, 0x20, &(0x7f0000001580)={@empty, 0x8, 0x2, 0x0, 0x3, 0x9, 0xd}, 0x20)
r8 = accept$unix(r7, 0x0, &(0x7f00000015c0))
connect$unix(r8, &(0x7f0000001600)=@file={0x1, './file0\x00'}, 0x6e)
pselect6(0x40, &(0x7f0000001680)={0x80, 0x0, 0xf, 0x8000000000000001, 0xa, 0x7, 0x3ff, 0x69}, &(0x7f00000016c0)={0x3, 0x9, 0x7, 0xae1, 0x4, 0x0, 0xffffffff, 0xfffffffffffffffb}, &(0x7f0000001700)={0x6, 0x6, 0x81, 0x2, 0x7, 0x3ff, 0xd, 0x2}, &(0x7f0000001740), &(0x7f00000017c0)={&(0x7f0000001780)={[0x1]}, 0x8})
bpf$BPF_GET_MAP_INFO(0xf, &(0x7f0000001880)={r7, 0x58, &(0x7f0000001800)={0x0, 0x0, 0x0, 0x0, 0x0, 0x0, ""/16, <r9=>0x0}}, 0x10)
r10 = bpf$MAP_CREATE(0x0, &(0x7f00000018c0)=@base={0x11, 0x89, 0xf6, 0x9, 0x20004, r3, 0x2, '\x00', r9, r7, 0x0, 0x5, 0x4}, 0x50)
sched_setscheduler(r4, 0x6, &(0x7f0000001940)=0x2)
ioctl$SNDRV_SEQ_IOCTL_CREATE_QUEUE(r10, 0xc08c5332, &(0x7f0000001980)={0xfff, 0x4, 0x1, 'queue1\x00', 0x4})
semctl$IPC_RMID(r5, 0x0, 0x0)
semctl$SETVAL(r5, 0x1, 0x10, &(0x7f0000001a40)=0x1)
setsockopt$inet_sctp6_SCTP_PEER_ADDR_PARAMS(r7, 0x84, 0x9, &(0x7f0000001a80)={0x0, @in6={{0xa, 0x4e24, 0x4, @rand_addr=' \x01\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x01', 0x9}}, 0x0, 0xe7, 0x62c8000, 0x491a, 0x30, 0x7, 0x2}, 0x9c)

58.105508936s ago: executing program 5 (id=1923):
sched_setscheduler(0x0, 0x2, &(0x7f0000000280)=0x2)
sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
r0 = syz_open_dev$MSR(&(0x7f00000001c0), 0x0, 0x0)
read$msr(r0, &(0x7f0000019680)=""/102392, 0x18ff8)
setitimer(0x0, 0x0, &(0x7f0000000200))
r1 = syz_open_dev$vbi(&(0x7f0000000240), 0x2, 0x2)
ioctl$BTRFS_IOC_GET_DEV_STATS(r1, 0xc4089434, 0x0)
r2 = socket$inet6_tcp(0xa, 0x1, 0x0)
r3 = socket$nl_xfrm(0x10, 0x3, 0x6)
sendmsg$nl_xfrm(r3, &(0x7f0000000480)={0x0, 0x0, &(0x7f0000001f40)={&(0x7f00000004c0)=@updpolicy={0xfc, 0x19, 0x1, 0x70bd2b, 0x4, {{@in6=@loopback, @in=@rand_addr=0x64010102, 0x0, 0x0, 0x0, 0x0, 0xa, 0x0, 0x0, 0x0, 0x0, 0xffffffffffffffff}, {0x0, 0xc, 0x0, 0x200000, 0x20000000, 0xffffffffffffffff}, {0x0, 0xa00, 0x407ffffffffffe, 0x820000000000002}, 0x0, 0x0, 0x1}, [@tmpl={0x44, 0x5, [{{@in=@empty, 0x0, 0x3c}, 0x2, @in=@multicast1, 0x6, 0x4, 0x3}]}]}, 0xfc}, 0x1, 0x0, 0x0, 0x1}, 0x0)
sendto$inet6(r2, 0x0, 0x0, 0x20000045, &(0x7f00000001c0)={0xa, 0x2, 0x398, @empty}, 0x1c)
syz_clone(0x4220000, &(0x7f0000000640)="b70f018bb42dacad7d61ee4be76ebbca5557da0e92e3a46582aafff2a8a6c35f2806bd7e2938fafbc42da9546b85901d8e962661d2891e81e587f7c5f2e010a715903e1f833b7a2b45dc33c2714fea81b89f9b861e63b428f1def0d672f79eb1fe8e749c7b6d43626142", 0x6a, &(0x7f00000000c0), &(0x7f0000000100), &(0x7f0000000780)="e004000000bdf486ced3001ca3f9f64854cb678327ae5ae4bc624e15bf7a9fbeb5789d7cbb067c970fa1206231101ed9b7dfbd96ff6ed053d6d9b0247a8308000000d5dd6b6004802e406c97d60b8e50af7fc271c33e6fb1b5adda0b0ef284ac51b26989803514e81dd066b2b831f7d858139bc4d3013a0a1b71a1f995078cb60e4427e70ebb38ed1b596d94a241beb70cfb4861e72c7f8ea1e058167abeeff3f76300ba68afa022f287acf01a7f486e3f2fd67150b290c26cb45dfd9ae82e2a4407fd06f2c99892292a712186ba1c615c8d4f3357b83a42a8de84457b9e582e3d06eb5e0fc6336ba6725d0c7ae75ee2d06c26bc73e3ff20ad13a70c0dab9c50a8d2fc04c4b14eb7355c6d515f391cc1e48d6e12b48ef00f0dae1f5c6c9b5367adf0521b9c159545c7e675db8fb0c1294609b95cb668d5f767336aab8c3ce5b84ad29a291e3a6260b380ed09")
ioctl$VIDIOC_SUBSCRIBE_EVENT(r1, 0x4020565a, &(0x7f0000000040)={0x1, 0x7f})
r4 = socket$nl_netfilter(0x10, 0x3, 0xc)
sendmsg$IPCTNL_MSG_CT_NEW(r4, &(0x7f0000000300)={0x0, 0xff97, &(0x7f0000000000)={&(0x7f00000006c0)=ANY=[@ANYBLOB="88000000000101040000000000000000020000002c00018014000180080001007f00000108000200e00000020c000280050001000000000006000340000300002400028014000180080001000000000008000200ac1414bb0c000280050001000000000008000740000000001c000f8008000140000000000800034000000000080002"], 0x88}}, 0x0)

58.040222252s ago: executing program 1 (id=1924):
r0 = socket$inet(0x2, 0x2, 0x1)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x5, 0x8b}, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000180)=0x1)
sched_setaffinity(0x0, 0x0, 0x0)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
r1 = syz_open_dev$MSR(&(0x7f00000001c0), 0x0, 0x0)
read$msr(r1, &(0x7f0000002000)=""/102400, 0x19000)
ioctl$TUNSETIFF(0xffffffffffffffff, 0x400454ca, &(0x7f0000000000)={'syzkaller1\x00', 0xc201})
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, 0x0, 0x0)
shutdown(r0, 0x0)
recvmmsg(r0, &(0x7f00000066c0), 0xa0d, 0x0, 0x0) (fail_nth: 5)

57.882400573s ago: executing program 1 (id=1925):
r0 = openat$tun(0xffffffffffffff9c, &(0x7f0000000240), 0x0, 0x0)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000080)=0x8)
r1 = getpid()
sched_setscheduler(r1, 0x2, &(0x7f0000000200)=0x7)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={<r2=>0xffffffffffffffff, <r3=>0xffffffffffffffff})
connect$unix(r2, &(0x7f000057eff8)=@abs, 0x6e)
sendmmsg$unix(r3, &(0x7f0000000000), 0x651, 0x0)
recvmmsg(r2, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
r4 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000240), 0x28801, 0x0)
r5 = ioctl$KVM_CREATE_VM(r4, 0xae01, 0x0)
close(r5)
socket$nl_xfrm(0x10, 0x3, 0x6)
r6 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, &(0x7f0000000180)=ANY=[@ANYBLOB="1800000000000000000000000000000018010000", @ANYRES32], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback=0x38, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
r7 = openat$vicodec0(0xffffffffffffff9c, &(0x7f0000000100), 0x2, 0x0)
ioctl$VIDIOC_ENUMAUDOUT(r7, 0xc0345642, &(0x7f0000000140)={0x8, "6416ac8cdac02b48f71fbb94ad76b0f728ea6b8a673cea9837200f1593ffec73", 0x2, 0x1})
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000300)={&(0x7f0000000000)='kfree\x00', r6}, 0x18)
r8 = socket$nl_generic(0x10, 0x3, 0x10)
r9 = syz_genetlink_get_family_id$ethtool(&(0x7f00000000c0), 0xffffffffffffffff)
ioctl$sock_SIOCGIFINDEX(r8, 0x8933, &(0x7f0000000100)={'bridge0\x00', <r10=>0x0})
sendmsg$ETHTOOL_MSG_DEBUG_SET(r8, &(0x7f0000000280)={0x0, 0x0, &(0x7f0000000040)={&(0x7f0000000140)=ANY=[@ANYBLOB='8\x00\x00\x00', @ANYRES16=r9, @ANYBLOB="010000000000fedbdf25080000001800028014000380100001800400030008000100050000000c00018008000100", @ANYRES32=r10], 0x38}, 0x1, 0x0, 0x0, 0x4000814}, 0x0)
ioctl$KVM_SET_MEMORY_ATTRIBUTES(r5, 0x4020aed2, &(0x7f0000000040)={0x0, 0x399000, 0x8})
ioctl$vim2m_VIDIOC_S_FMT(0xffffffffffffffff, 0xc0d05605, &(0x7f00000000c0)={0x1, @pix_mp={0x0, 0x0, 0x34324142, 0x0, 0x0, [{}, {}, {}, {0x4}, {}, {0x6}, {0x0, 0x1}]}})
r11 = syz_init_net_socket$nl_generic(0x10, 0x3, 0x10)
r12 = syz_genetlink_get_family_id$nfc(&(0x7f0000000200), r11)
sendmsg$NFC_CMD_DEACTIVATE_TARGET(r11, &(0x7f0000000240)={0x0, 0x0, &(0x7f0000000100)={&(0x7f00000000c0)={0x14, r12, 0x1, 0x70bd28, 0x25dfdbff}, 0x14}, 0x1, 0x0, 0x0, 0x800}, 0x48800)
ioctl$KVM_SET_MEMORY_ATTRIBUTES(r5, 0x4020aed2, &(0x7f0000000080)={0x1000, 0x100000, 0x8})
ioctl$KVM_GET_VCPU_EVENTS(r3, 0x8040ae9f, &(0x7f0000000000))
ioctl$TUNSETIFF(r0, 0x400454ca, &(0x7f0000000040)={'syzkaller0\x00', 0x7101})

56.887514636s ago: executing program 1 (id=1926):
syz_usb_connect(0x0, 0x24, &(0x7f0000000280)=ANY=[@ANYBLOB="1201000049784c403a09232614b2010203010902120001000000000904650000de75f5009ef1457870922e160c8f1a18727032852f4126a0dc531bb923f813a5d98ae9a45ffe5861b69e47ade9953b158cc635d62c07d0e234384f2d4d8c6341e9756d3191389f046485c44f3536941474a2f96eaa65dd92d5d0ce24352cea47431c06edbce44278a871448f492c7c210a75c5ec8e0ef5b1d31478b05500af79fbd5c8e8e4a699c75c2f57c792eac51c817c8fc705edc47a8ebc722d4f49bbebdf7da73f07e21ede782721adcde6caf2675632ef883621171a149a2fbf8bf47b97bf124061a66d0ebff2b9195b7af0fa1b9a6dfd4f40c8796c4d5faa7a45cbf79b5222b203247b6763452190e5b9062fa542e80b7c7ecfd5ad5e527d1a5ef59a241bd7d45c141066a12863947e5547907562589479c829adee6bdadfd03606b647001d7e5bb1519e69d5c251fef1d04431ebb0962b7b143b87361246c7aaf8754f68f5a2a7a729dc9a53aa98513062fb5d2a60"], 0x0)
r0 = openat$dir(0xffffffffffffff9c, &(0x7f0000000040)='./file0\x00', 0x80, 0x121)
openat(r0, &(0x7f0000000080)='./file0\x00', 0x80, 0x140)
syz_clone(0x0, &(0x7f0000000140)="f5644dafc9073a7600309eec4e2da24956130b9ba8e7ad0baf06bcbea58c9d2d161fffba54cde1c3cd7ba082680622489492dc8fabc6ccb9bc22fb66c1bbe428c08f65bb1b4f88e5e8985558e0bace336b592ac4500ffddbbc6a72c46332aa79189aa2518ff2b0141cc6", 0x6a, &(0x7f00000001c0), &(0x7f0000000200), &(0x7f0000000240)="9a65bf478745bafafb80d06e2a536a8b42e709286ac862fb45806f389ba9e4e54b97d866b25670586be66474f8dac335f8ae56bb93118df6f9")
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0x100000e, 0x20c44fb6edc09a38, 0xffffffffffffffff, 0x0)
r1 = socket$alg(0x26, 0x5, 0x0)
bind$alg(r1, &(0x7f0000000000)={0x26, 'hash\x00', 0x0, 0x0, 'sha512\x00'}, 0x58)
r2 = accept4(r1, 0x0, 0x0, 0x800)
sendmmsg$alg(r2, &(0x7f0000000640)=[{0x0, 0x0, &(0x7f0000000380)=[{&(0x7f0000000140)="b57523cb1a2c90d8acad2e2d98dfc9ea7a5843c3b63b683ced2b3266175599b779617e66e6b3e15c042be90635a2d36160bbf9a2edcacc0bbe015b84150a1928de94397894ff36aa430fc2a0814ba634308d6d0837250dfd1eca5383f9d151449743b1a0c4ffc51242a229c5d6d06f147a61d797ea7ffeda95b76f5623", 0x7d}, {&(0x7f00000001c0)="66f7", 0x3}, {&(0x7f0000000300)='l3', 0x7fffef80}], 0x3}], 0x1, 0x0)
r3 = syz_init_net_socket$bt_l2cap(0x1f, 0x2, 0x0)
setsockopt$bt_BT_SECURITY(r3, 0x112, 0x4, 0x0, 0x0)
r4 = fsopen(&(0x7f0000000100)='configfs\x00', 0x1)
fsconfig$FSCONFIG_CMD_CREATE(r4, 0x6, 0x0, 0x0, 0x0)
r5 = fsmount(r4, 0x1, 0x4)
fchdir(r5)
getsockopt$llc_int(r5, 0x10c, 0x8, &(0x7f00000000c0), &(0x7f0000000400)=0x4)
r6 = syz_open_dev$usbfs(&(0x7f0000000100), 0x77, 0x101301)
ioctl$USBDEVFS_CONTROL(r6, 0xc0105500, &(0x7f0000000000)={0x0, 0xb, 0x110, 0x2, 0x0, 0x10001, 0x0})

53.420169516s ago: executing program 3 (id=1935):
r0 = socket$nl_netfilter(0x10, 0x3, 0xc)
sendmsg$NFT_BATCH(r0, &(0x7f000000c2c0)={0x0, 0x0, &(0x7f0000000200)={&(0x7f0000000340)=ANY=[@ANYBLOB="140000001000010000000000000000000000000a28000000000a0101000000005e1affd5020000000900010073797a300000000008000240000000032c000000030a01030000e6ff00000000020000000900010073797a30000000000900030073797a320000000014000000110001"], 0x7c}}, 0x0)
sendmsg$NFT_BATCH(r0, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000000040)={&(0x7f0000000980)=ANY=[@ANYBLOB="140000001000010000000000000030000000000a70000000060a0b0400000000000000000200000044000480400001800a0001006d6174636800000030000280080002400000000118000300d67a8527f76ec11542b6fcd728b981a405106c720a0001006f776e65720000000900010073797a30000000000900020073797a32"], 0x98}, 0x1, 0x0, 0x0, 0x8000}, 0x4048010)

52.184265927s ago: executing program 3 (id=1939):
sendmsg$NFT_BATCH(0xffffffffffffffff, &(0x7f0000009b40)={0x0, 0x0, &(0x7f0000009b00)={&(0x7f0000000180)=ANY=[@ANYBLOB="140000"], 0x7c}, 0x1, 0x0, 0x0, 0x4000850}, 0x40)
r0 = socket$nl_generic(0x10, 0x3, 0x10)
r1 = syz_genetlink_get_family_id$ethtool(&(0x7f0000000000), 0xffffffffffffffff)
sendmsg$ETHTOOL_MSG_LINKMODES_SET(r0, &(0x7f0000000480)={0x0, 0x0, &(0x7f00000001c0)={&(0x7f0000000140)=ANY=[@ANYBLOB='D\x00\x00\x00', @ANYRES16=r1, @ANYBLOB="0100000000000000000005000000180001801400020073797a5f74756e00000008000000000018000380140003801000018004000300080001"], 0x44}}, 0x20008000)
sendmsg$ETHTOOL_MSG_LINKMODES_SET(r0, &(0x7f0000000240)={0x0, 0x0, &(0x7f00000001c0)={&(0x7f0000000280)=ANY=[@ANYBLOB='D\x00\x00\x00', @ANYRES16=r1, @ANYBLOB="0700000000000000000005000000180003800800040000000000080002000900000004000100180001800000020800797a5f74756e000000000000140000fffda53faf0f22d16391f1224c173a7564bc6d143bd32d1dcd4c2f400b00000000000000f2573f9b3e99dc0ac22d0b627696789d4aa02722f521fb679c9a2a42e5ce0fb34334464d65dcf606ce12d8388fb90c2a4eb1e0cf7cf37f4c9ea1d0fd1977e4efbcf6100c2872ac889dd44d438cae8ee39b05aa21c63d8fbb7df5b679807f10a2d02f6d7b24ea7a0e48e1cd52f4ff98e896566d3f7a92fb5bae32f9f96805610f17"], 0x44}}, 0x0)

51.643098708s ago: executing program 3 (id=1940):
socket$kcm(0x29, 0x2, 0x0)
syz_open_dev$dri(0x0, 0x8, 0x2c2080)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000000)=0x3)
sched_setaffinity(0x0, 0x8, &(0x7f0000000280)=0x2)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
syz_open_dev$MSR(&(0x7f00000001c0), 0x0, 0x0)
setresuid(0xee01, 0x0, 0x0)
r0 = socket$inet6_tcp(0xa, 0x1, 0x0)
close(r0)
r1 = socket$inet6_mptcp(0xa, 0x1, 0x106)
bind$inet6(r0, &(0x7f0000000040)={0xa, 0x4e22, 0x0, @ipv4={'\x00', '\xff\xff', @empty}, 0xf}, 0x1c)
listen(r1, 0x0)
r2 = socket$inet_mptcp(0x2, 0x1, 0x106)
connect$inet(r2, &(0x7f0000000140)={0x2, 0x4e22, @loopback}, 0x10)
socket$nl_generic(0x10, 0x3, 0x10)
timer_create(0x8, 0x0, &(0x7f0000000000)=<r3=>0x0)
timer_settime(0x0, 0x0, &(0x7f000006b000)={{0x0, 0x8}, {0x0, 0x9}}, 0x0)
timer_settime(r3, 0x0, &(0x7f0000000040), &(0x7f0000000080))
getsockopt$inet6_IPV6_FLOWLABEL_MGR(0xffffffffffffffff, 0x29, 0x20, 0x0, 0x0)
r4 = socket$nl_generic(0x10, 0x3, 0x10)
r5 = syz_genetlink_get_family_id$mptcp(&(0x7f0000000000), 0xffffffffffffffff)
sendmsg$MPTCP_PM_CMD_ADD_ADDR(r4, &(0x7f0000000400)={0x0, 0x1fff, &(0x7f00000003c0)={&(0x7f0000000300)={0x30, r5, 0x1, 0x0, 0x0, {}, [@MPTCP_PM_ATTR_ADDR={0x1c, 0x1, 0x0, 0x1, [@MPTCP_PM_ADDR_ATTR_FAMILY={0x6, 0x1, 0x2}, @MPTCP_PM_ADDR_ATTR_ADDR4={0x8, 0x3, @multicast1=0xac1414aa}, @MPTCP_PM_ADDR_ATTR_FLAGS={0x8, 0x6, 0x1}]}]}, 0x30}}, 0x0)

51.052309036s ago: executing program 1 (id=1943):
r0 = socket$tipc(0x1e, 0x2, 0x0)
setsockopt$TIPC_GROUP_JOIN(r0, 0x10f, 0x87, &(0x7f0000000300)={0x40, 0x2, 0x3, 0x3}, 0xfffffffffffffeea)
r1 = socket$nl_xfrm(0x10, 0x3, 0x6)
fallocate(0xffffffffffffffff, 0x0, 0x0, 0x1000f4)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000180)=0x4)
sched_setaffinity(0x0, 0x8, &(0x7f0000000680)=0x2)
r2 = creat(0x0, 0xecf86c37d53049cc)
write$binfmt_script(r2, 0x0, 0x0)
write$FUSE_NOTIFY_STORE(r2, 0x0, 0x28)
execve(0x0, 0x0, 0x0)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
r3 = syz_open_dev$MSR(&(0x7f00000001c0), 0x0, 0x0)
recvmsg$unix(0xffffffffffffffff, &(0x7f0000000300), 0x120)
read$msr(r3, &(0x7f0000019680)=""/102392, 0x18ff8)
socket$nl_route(0x10, 0x3, 0x0)
r4 = socket$rds(0x15, 0x5, 0x0)
sendmsg$rds(r4, 0x0, 0x0)
socket$kcm(0x10, 0x2, 0x0)
r5 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, 0x0, 0x0)
bpf$BPF_PROG_ATTACH(0x8, &(0x7f0000000200)={@cgroup, 0xffffffffffffffff, 0x23, 0x1a, 0xffffffffffffffff, @void, @value=r5}, 0x20)
mount(&(0x7f0000000100)=@md0, &(0x7f0000000040)='.\x00', &(0x7f0000000000)='virtiofs\x00', 0x5, 0x0)
open(&(0x7f0000000000)='./bus\x00', 0x60142, 0x10)
r6 = openat$dir(0xffffffffffffff9c, &(0x7f0000000280)='.\x00', 0x8000, 0x1f7)
r7 = fanotify_init(0x200, 0x0)
fanotify_mark(r7, 0x201, 0x4800003e, r6, 0x0)
open(0x0, 0x101000, 0x0)
sendmsg$nl_xfrm(r1, &(0x7f0000000300)={0x0, 0x0, &(0x7f00000002c0)={&(0x7f0000000800)=ANY=[@ANYBLOB="4401000010000100000000000000000000000000000000000000000000400000ac1414bb000000000000000000000000000000004e2300000000000016000000", @ANYRES32=0x0, @ANYRES32=0x0, @ANYBLOB="fc000000000000000000000000000001000004d46c0000000a0101010000000000000000000000000000000000000000000000000000000000000000000000000100000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000020001000000000000000000480003006465666c617465000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000c000f000600000000000000"], 0x144}}, 0x0)
socket$tipc(0x1e, 0x2, 0x0)

51.046285748s ago: executing program 5 (id=1944):
r0 = socket$inet(0x2, 0x4000000000000001, 0x0)
setsockopt$inet_tcp_int(r0, 0x6, 0x80000000000002, &(0x7f00000004c0)=0x79, 0x4)
bind$inet(r0, &(0x7f0000000080)={0x2, 0x4e23, @local}, 0x10)
setsockopt$SO_ATTACH_FILTER(r0, 0x1, 0x1a, &(0x7f0000000140)={0x1, &(0x7f0000000280)=[{0x6, 0x0, 0x0, 0xe4}]}, 0x10)
prlimit64(0x0, 0xe, &(0x7f00000007c0)={0x8, 0x88}, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000080)=0x8)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
openat$sequencer(0xffffffffffffff9c, &(0x7f0000000300), 0x0, 0x0)
r1 = syz_open_dev$sndmidi(&(0x7f00000004c0), 0x2, 0x141102)
writev(r1, &(0x7f0000000840)=[{&(0x7f00000002c0)="94", 0xf000}, {0x0}], 0x2)
userfaultfd(0x0)
ioctl$KVM_CREATE_VM(0xffffffffffffffff, 0xae01, 0x0)
syz_open_dev$cec(&(0x7f0000000000), 0x0, 0x20c0)
socket$key(0xf, 0x3, 0x2)
ioctl$KVM_RUN(0xffffffffffffffff, 0xae80, 0x0)
sendto$inet(r0, 0x0, 0x0, 0x200007fd, &(0x7f0000e68000)={0x2, 0x4e23, @local}, 0x10)
sendmmsg$inet(r0, &(0x7f0000000e80)=[{{0x0, 0x0, &(0x7f0000000240)=[{&(0x7f00000006c0)="0d18687da3e7f33aed145cf8ff2d1e5a18c0d5f9856f4824f41040f6987d0b531da10713ed151bc4867681f28e033aef683334d03864ed30590dd4ea64a20ecbbc1346c9f42510d91eec0632885b7da95ca85f4b1435c5c1e993a85257df5f19bdfc5e038a16e6a8aef907e347081fdb93cee93217e11f19cde423e6138bd1b79ee615527ccaf8049959ac6e32af46d777ccb8c26ca925f69590df13a81aee3213e80ba5cacf1f930b3cc49093d11594ef13325790b55efbdc2dd99ed1", 0xbd}, {&(0x7f00000002c0)="9c812b37fa6bd3963cbc009f0a922658be630ec6041ed353d314e58721edf306c382ac611fe34479cb9e2585745ff3c61da74b060400000000000000178176dc533f123b66d04d51fb7421cdc9fed78e3e1c18fb67c1f75e", 0x58}, {&(0x7f0000000180)="3f82090ccda4f8ce11f43ea8b51b08afd200c6075794cdd2e0021e30a0f6267447162a2085457cf687e74d142e85e9c4ac6e", 0x32}], 0x3}}, {{0x0, 0x0, &(0x7f0000000bc0)=[{&(0x7f0000000c40)="5c5eafd3ae55a73702d6befaee97f47f4be65587e1fca708cee084691e4587d887a5eaab43ac5edc4886496910cd7a153cd84b93208c7b1a625b3ea990092389b19dab4f61e30ee60a4d7e51ffc9a5accbe20844356dd0ce192542d5e58d80657b3b5fb7a3d393", 0x67}, {&(0x7f0000000800)="104b0b7073fbd7f77a847bdbfdf6da474f700bf113b18d16d8380f42e296b49f1326c7d0d97be798e205654b8a885df6ee57ec7b690491c55ca484b54170549c7a72b8a579005ffcb0b309dae34571b17126534a763ca881f12d750072abc05a7cb8f0e32fc3ec3ed14c3322630ae8e710fb68299cbb5accee8813185c77248ddec7b5688599f1bfccbec448bc6ce5c139c2095da22c9d7edf7bfa1392c76ab0dddf4db130420df295ea16aa3e841d50dc813025315eea3990c2de68e835c4fec57e2dd70f47b58472c2f915de1a58a32d021d9a26", 0xd5}, {&(0x7f0000000900)="5c3eb8799e8565193cf737e01055d298a4193e91d6dd89384d12d1da97e7e88852e279071ca7a9b536c7911d618feb48b66f1e17e130b7c2f27b77e2053065d05a00ae7bd353283ee3dcaf244ff26600e520af5091696d833f34518e53327718e7e3298de86f15e6a778f6008b96661a10be65c0a44b21b4c8724f61f6ca10d927a31e0c9f", 0x85}, {&(0x7f0000000500)="4c56c5661eb2897219a486044736a64f1a175ba083d2b3ef32bff4a0", 0x1c}, {&(0x7f00000009c0)="8e6487afea5aec79e9dd3278cbb24985e6724be49d1ae08bb9913a5a6d6d6c26d88eb3edece901ad9bfd123a88c27d6e6ea618a42a970bcac49fc3bf5b87b58ba3d1a7dc24d12855a6c54a36b5089658d9482bd0a9a1b9b0d4de13e864e592216f04f31decfaa9", 0x67}, {&(0x7f0000000a40)="71918a5d581601244a3d864d7c74a12529e10637660163c939c6e23c3e3bc3bcfc79d3e47b9d80fc8fc812a2ae2adf778cf426ff4d090e8ad2d1144acb5a392c984f3190aafff8b0f1c5852274bab67df6ce8641ebef383c1503c3c19e1e8b133206cc193d38b8ebf8f76678b320950e8741221069da77cd76e5ff56fce3f0eee2b1922024929b3128ed46411f05a167211c3adf5dea2ab84c4e8c7a20cd114dcc56307f6e4e44cc4d82bcc898edb1c125d4", 0xb2}, {&(0x7f0000000340)="2876a27ebfc4f1fc0466f3a791274633de5b2c6716219bebc16803453419b80818d51c9d56c0039d1bc7a796e12dd80936102f29a4819c4d4c6fda582cd913925b1395531530b9fcaa87e3", 0x4b}], 0x7}}], 0x2, 0x0)
mlockall(0x2)
r2 = shmget$private(0x0, 0x400000, 0x8, &(0x7f000000e000/0x400000)=nil)
shmat(r2, &(0x7f0000ffd000/0x1000)=nil, 0x7000)

50.858952566s ago: executing program 3 (id=1945):
socket$kcm(0x29, 0x2, 0x0)
syz_open_dev$dri(0x0, 0x8, 0x2c2080)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000000)=0x3)
sched_setaffinity(0x0, 0x8, &(0x7f0000000280)=0x2)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
syz_open_dev$MSR(&(0x7f00000001c0), 0x0, 0x0)
setresuid(0xee01, 0x0, 0x0)
r0 = socket$inet6_tcp(0xa, 0x1, 0x0)
close(r0)
r1 = socket$inet6_mptcp(0xa, 0x1, 0x106)
bind$inet6(r0, &(0x7f0000000040)={0xa, 0x4e22, 0x0, @ipv4={'\x00', '\xff\xff', @empty}, 0xf}, 0x1c)
listen(r1, 0x0)
r2 = socket$inet_mptcp(0x2, 0x1, 0x106)
connect$inet(r2, &(0x7f0000000140)={0x2, 0x4e22, @loopback}, 0x10)
socket$nl_generic(0x10, 0x3, 0x10)
timer_create(0x8, 0x0, &(0x7f0000000000)=<r3=>0x0)
timer_settime(0x0, 0x0, &(0x7f000006b000)={{0x0, 0x8}, {0x0, 0x9}}, 0x0)
timer_settime(r3, 0x0, &(0x7f0000000040), &(0x7f0000000080))
getsockopt$inet6_IPV6_FLOWLABEL_MGR(0xffffffffffffffff, 0x29, 0x20, 0x0, 0x0)
r4 = socket$nl_generic(0x10, 0x3, 0x10)
r5 = syz_genetlink_get_family_id$mptcp(&(0x7f0000000000), 0xffffffffffffffff)
sendmsg$MPTCP_PM_CMD_ADD_ADDR(r4, &(0x7f0000000400)={0x0, 0x0, &(0x7f00000003c0)={&(0x7f0000000300)={0x30, r5, 0x1, 0x0, 0x0, {}, [@MPTCP_PM_ATTR_ADDR={0x1c, 0x1, 0x0, 0x1, [@MPTCP_PM_ADDR_ATTR_FAMILY={0x6, 0x1, 0x2}, @MPTCP_PM_ADDR_ATTR_ADDR4={0x8, 0x3, @multicast1=0xac1414aa}, @MPTCP_PM_ADDR_ATTR_FLAGS={0x8, 0x6, 0x1}]}]}, 0x30}}, 0x0) (fail_nth: 5)

47.936269031s ago: executing program 3 (id=1947):
r0 = openat$iommufd(0xffffffffffffff9c, &(0x7f0000000080), 0x0, 0x0)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0)
sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x7)
r1 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f00000004c0)={0x11, 0x4, &(0x7f00000002c0)=ANY=[@ANYBLOB="18010000000000000000000000000000850000006d00000095"], &(0x7f0000000100)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x2}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000080)={&(0x7f0000000000)='sched_switch\x00', r1}, 0x10)
r2 = getpid()
sched_setscheduler(r2, 0x2, &(0x7f0000000200)=0x7)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={<r3=>0xffffffffffffffff, <r4=>0xffffffffffffffff})
connect$unix(r3, &(0x7f000057eff8)=@abs, 0x6e)
sendmmsg$unix(r4, &(0x7f0000000000), 0x651, 0x0)
recvmmsg(r3, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000000)=0x6)
sendmsg$nl_generic(0xffffffffffffffff, 0x0, 0x20000000)
ptrace$ARCH_SHSTK_ENABLE(0x1e, r2, 0x0, 0x5001)
socket$kcm(0x10, 0x2, 0x0)
ioctl$TCFLSH(0xffffffffffffffff, 0x400455c8, 0x2)
bind$bt_hci(0xffffffffffffffff, 0x0, 0x0)
syz_open_procfs(0xffffffffffffffff, &(0x7f0000000000)='status\x00')
r5 = socket$inet6_sctp(0xa, 0x801, 0x84)
connect$inet6(r5, &(0x7f0000000100)={0xa, 0x0, 0x0, @private1, 0x200000}, 0x1c)
sendto$inet6(r5, &(0x7f00000001c0)='O', 0x1, 0x80, &(0x7f0000000280)={0xa, 0x0, 0x0, @private2}, 0x1c)
shutdown(r5, 0x1)
getsockopt$inet_sctp6_SCTP_PEER_AUTH_CHUNKS(r5, 0x84, 0x1a, &(0x7f0000000000), &(0x7f0000000140)=0x8)
ioctl$IOMMU_IOAS_ALLOC(r0, 0x3b81, &(0x7f00000000c0)={0xc, 0x0, <r6=>0x0})
ioctl$IOMMU_IOAS_MAP(r0, 0x3b85, &(0x7f0000000200)={0x28, 0x3, r6, 0x0, &(0x7f00000001c0)="cd", 0x1, 0x7})
ioctl$IOMMU_IOAS_MAP(r0, 0x3b85, &(0x7f0000000440)={0x28, 0x7, r6, 0x0, &(0x7f0000000000)="b7", 0x1, 0x815})
ioctl$IOMMU_IOAS_UNMAP(r0, 0x3b86, &(0x7f0000000180)={0x18, r6, 0xc2, 0xffffffff})

45.291223234s ago: executing program 5 (id=1949):
r0 = socket$nl_generic(0x10, 0x3, 0x10)
syz_open_procfs(0x0, 0x0)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0)
sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
syz_io_uring_setup(0x10d, &(0x7f0000000140)={0x0, 0x10c4, 0x0, 0x0, 0x180000}, 0x0, &(0x7f0000000280))
r1 = syz_open_dev$MSR(&(0x7f00000001c0), 0x0, 0x0)
read$msr(r1, &(0x7f0000019680)=""/102392, 0x18ff8)
sendmsg$nl_generic(r0, &(0x7f0000000140)={0x0, 0x0, &(0x7f0000001ac0)={&(0x7f0000000000)={0x1c, 0x2d, 0x1, 0x70bd26, 0x25dfdbfc, {0x4}, [@typed={0x8, 0x9, 0x0, 0x0, @binary="38eac21a"}]}, 0x1c}}, 0x20000000)
openat$vmci(0xffffffffffffff9c, &(0x7f0000000040), 0x2, 0x0)
r2 = socket(0x10, 0x3, 0x0)
setsockopt$SO_ATTACH_FILTER(r2, 0x1, 0x1a, &(0x7f0000000000)={0x3, &(0x7f0000000080)=[{0x20, 0xf, 0xff, 0xfffff038}, {0x20, 0x1f, 0xf6, 0xfffff010}, {0x6, 0x80}]}, 0x10)

43.001265379s ago: executing program 2 (id=1950):
r0 = openat$dsp1(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0)
ioctl$VIDIOC_QUERYMENU(0xffffffffffffffff, 0xc040564a, &(0x7f0000000140)={0x1, 0x1, @value=0x1012})
ioctl$SNDCTL_DSP_SETFRAGMENT(r0, 0xc004500a, &(0x7f0000000080)=0x80000003)
r1 = dup2(r0, r0)
r2 = socket$alg(0x26, 0x5, 0x0)
bind$alg(r2, &(0x7f0000000100)={0x26, 'hash\x00', 0x0, 0x0, 'blake2b-256\x00'}, 0x2d)
accept4$alg(r2, 0x0, 0x0, 0x0)
read$FUSE(r1, &(0x7f00000063c0)={0x2020}, 0x2020)
syz_fuse_handle_req(r1, &(0x7f0000000280)="0d1c409c14b8ddbbe2423ac75d732f3d0e9cd37b375b9673cb39c6b35cbb85c4ba83de9d23bbcdd53a9f0d7c92b66f6d872096b32f4bdac32a6136c86365cfd42c3b0a25fac76123b6d700d3ba70cc138bc435d3b1fcee2545c3a421119087bddbbfd0418488219343819cf0a6780d54166d2769a719b207136357ff3f505fc1d6144239ba630b15e7f8aeef7be5cb8c9e738faec0d1ab79d34b994e098323b94d32926bc3b0fd88c13cc781a0fc3da7c4d83fbaf3288fabe01685a3422570fa4cba7e840bd0a01e995c91c5aba51ca15461dc1916bde9e70c66f3aae48475e95aea1f8e6c6f10104d64f767b7f9b7909f5caa5fd61ec7bc7392bfb7fe4f1d1d0528601a87f9248693f31a0f2ea07a0f33e670bad3ba0c648266195c6d9a76cd973a9da6016d1f5e0d49122f64da8933cfcf6a970d11767279a9e8e37a30a007e6ea473e146069e72894fcd378e17d4fa761999c128492a0321c3153edf7b28d0cddd78758f5192a924fbe2e8c594cf35aeffc635b14903d134fc5f7857218f99266c64be16e5f4ad76a8b5f6d39ca2451afcdcb0cf42322a5166becc90621f99f28e42bb2cb610039c45e54cc4bb8e8210e612a3f1ac93366b7bd77410af8b4b3eb03085354c9f8d12cc62da82eff96a006dab656c10e1bf210124b0ed6841158ec70981a399ba7c406f3014bf77553be6197d79dc1d31ac4c598bdbd007578d50f00ce85810e0759e91505549c70005a5f923aba20d8e05d0b764680b9ea259c8fa71f1ee36b71da662b825019c07aade7db363662103887079dea43ca30c32e4f0d9ff043720541633157a3ff1dc055ac1db5b25765b7ef2e338c104db28b6be7fdae54f04075e26ce38ec71d35c029df580ee3ef68e46359031aea121d0776398d1f1e28e9cbdc20cb58adf5dfa01a2819f697bb3189ac0d32eec43c0ef75f5bd4c7926d18daf9a6e9265c961aadbed4fb9627a1f0a6c3dde66fe5530993a7f150e5b361ad0db403a864ef4f5e0f21db55aa22055bdc5b282b057d07efd6abe23f941a62d6f613a1ff8d31da632284e89a3069c6b26ef35e55fc846fb1c28651cc5a879a4994568c4639b9fba8395014c9f4f6152cee1ddf8d582bc496bcbad8e39e0a5a3e713deed021eb9d5b3f8679a8bddc08ca77d7cd101006c5021b65cc7648a646735d9d7f6e54e4fb5bcf1fd9aee4beb700e597011a2fa6c01d22e9b6c7a5afd7def8ab0a3e612d8a5ce571dba2d0696155c3dbfcc851293eebccfac6855a7b024d762e768867f57446ecd6e1d09a31959a6374c50445884dfcc68a62662e5701a25a1da8e0abd0428bb558f9f7e74c250d4af62afad71e0f23268a955c548b41cc83f6810c72c832476383a355abfa449fc05c7afa2ed70849f175e826361882503246e688983f472c418578ae4c893d847c0c7f8ec99352d3024a69134dfccbc6ec3351b321483c57d2d1e77c0c7551cdaf4c14038844b1b05c25541d1d48bf0dfd1ae40c35872a5b37c2958e3a60187531814f3adff870aeb42cf611c3f777b08f7dcacf5c087b19c17dfca413097a603823363c2c55597330de20a73465ccbe5acfad066fcb17c177827cf081c588b73c042150bf1a18aff97518fbc1b4d5d22f29077e186ae9b998b4d6fdbcbc8c3bd57dcc61cc322537743ce480c1dea39adcc6a51da745a60e5272a7181986bcb992895035f0f882cdf79c56a84cd88c9bf0b7dab9c1f453cf4c05e2a33f43f4252fdcf99cf785e639bd9d11c374d4e3107ce128d2a823b6a8631a8fdebdf14a0bfc3f79d44cd54d3e8b9c5a3f41b9a1187e23f5a5eb5fadff92d746ff3befec7189ca19c1987551d0fec321cc306d235f82b3f479f3d7a3c1d2377afe3f22a49c682646e9893d7700061a0229a99d360f89d281dc6bb95b92329cc7277b89a9e6a3edd3c753cbb93e9f1249572bae520fb7c46970f527fd93c445a8159d4992badc395c05313462d37c4f651afbdb04f9f42ad4433c5c765735731ed6d8c97e4ca9fd3a1885de6c051e652a1ea40230e9d854ec2145c78ef5574deac83e78df8932dde1d5c46862c9f808394dc7f064b5649cc7b2627a55683ed33f2712ad2d4f77ec7f2be200e01fca138b3d1f42916a54a66561916bcbd3109f6eacf5096e478442e56e5af61f7c32c681bd35bf94a429a52024a48f6002978594418b66c6eb0fa91dccc4fa83d48927349b8a7cbb70670bd78b8acbbcb554a219cdc6740de4bbfcad2250fc219436ba5db017c172d6e24eaedf29d169b8867fc84eb2e721b31b08604a6fbd8d5edd9bb0152346509619f4a0f41090228b10868f56cd7d7c025cccc8f2b4a7d85ab91862c65d5d578fd5c046928c5c8f999611dea07a1451357b4365b33bac0a2a842b84e2cd4f790dca74cc962000f72d821b093e271e63680c0e9019769f3abed377f51f2e0a373958dfe351a1db29da4b74f9ba1250a8a0b985ed86cd7a2a4ede57ce00dbe77f5c797e6b9896ccb978d3a01047f9ac7d66e820073193b6a3400ff41f2f8a98a44a0d2a608db3000571efdade9a44f278272e7ada101d275c589fed2ee0191801b7a2ea62dec117c9cfd96ccb73de7fa2eb4d60a7ce1170047a5266668da1aa8489c6e4ce564607a485afc6991ba262cd6f155c23fbb47610f555e0be090854ffa0d610ae4baa1dbd1f36249beb0510b8d96132b6396a6261214f3153bfc4f0dcfeb55046bcca5868aa913316a2e802f9bfb51caacfd0045d96b3983b883db123da07fc20d06c973e3dc74c53006c77361cfa9d3b2062da3f9740cc7335ec792d1b2c767e86417433fe047c8d9368c0c51373b5e5158503afa52ab08ef49616499ccb8dc829e343d25fc1fc2ea6c95933295ab397f07703d1d8defebeb44a2a9556bbd5414cf921abfa8df9bc5ea76922d728ef0024f516c9fd7a2927a68ba9a7dcc4f52c3d8b72909b2bde14408e476778a3221644dfa13794e365a9ebb670eaf691b3c2393adc441519c1125b960ff109ccab52294c6584d74b3084cfda3707f7153681c88a1578a77be9224a70ce400f4af3dd72452df147476abf2668c1801fe538be40042717b6c468fe1a33d1d597fb637396b8ebed9f64eee42e645bd8dc0e63fbd3a139bce3157ce7ed6f5f643ee26847908efaf61cd977627647bc0e4f119b924bb185664f1dcf2240b2697c89e8f569332d19ceec176642ebf0bf509bd3b9477272159d45b708510908e74cc5e0304104d5ed6e578b46dffcf64367fe9d274ab8f16f3154f3e83ce6d3ae92a2644ceeb8ec33e07f728319eb69dfa37bb70b40a1001ff0157173e33af633496062b17cfab8b5c06ef2fadfef280da4e1f70fbbac10981a0b35f3ada39733d7d31798e455f0dd1c530939f09df43b5aff342c39052a51d773b22acbc8c1525f3572ef469eefe66d1895a9ca3c637286e3f9acd29e890ffccbb313dd9da50aacce808d06d0b109a16a1c2bf69fc4b85b9b7cc9b9ba9e5d709c65fd0a879032caee38315eb049b12f11c4d485ef426fff3a4f91b4f1ad4c192c4074636787ff966f82c8d4fcad13a7b581718ee7318f6731da2eb1338c95c35f1f2e082bedea7f05b87d891876cfab51ddf2908ebb2bc153c20001ae9c142b35a3de474b732c5f629bd948ac9230067120671d296001cabe19e3d2302c1f32e4fcff1681ab2ef216309c21c6a5afc51ac500687a5140d015ee2bda5f3d8a15826a21a0a9495b36fe958fff32afe270f809f3a8f8cd2d8992a859e5de779bd8aa4dc6979807171282ef34502f1bf34f529cdad15671692f232a9f2dd2107f8198f7a9ea5883cbeb2a060ff1b13fc1a4df315dff940e8f013e8142c640acf51ebb2b2f878dafb6c12747cef3061f2235bccceacce4bf9829df24b9f9e9c5c259aafbe61ff6be827e492e2c03fa1e9f936196ff9acb28081f7ca74109d823c5c96b1e808bc2b8072763954ec5691f7935284e045c6d86c5c68d69b4502a5132b3c1cdc5e000ed1f6aa4bc0a9090a8923004ac05558e08827c71fd2e24f931f880244143a8d092dc8bb2b48317ff49fa0b494b3fea0741fbcac6cf780f93db42f47d23170a70619d06b0462f2fb04dabe2a0c94a1d97ecb159d426df47f0a1e13764e045d97ba75fd0eede9711d112581b4a2e66b10077aa92c98e30d6504f0c08c0c68015c88abbc991d5a799e588d1ee7492d699126627ace339c1bb024a59ccd9d3df0197c8e56219d76698b61ec94927f41ccc7bc80ab6f65380d31d58f796e7e697b28e371ecd9ccf6b58e9cf32daee54c5228268446677f600ca8d091b6a4774749d40d6d4d6a009ae12bae1c530e6961420507a13a2a32c4f0863c790159a26588bed9f50b4ffbfc8649adc8144779653b4226fed5ab93570fb3edcc1be70780f6ddc8d9ef1ff39d22bd20cd8ae0195d02ada60fa0d65e065b7a3950d5a2b77546ad8f1c1018344589085638793d26fb4a5c59c23f1c9b148ddcbc478e1867e109590c44c14f5ad6e8cda21a75358cbfe6f397c711eead2b1c73df1453d184a44e85c2f6ac0c266b0f67b001426cec02efb66085bd1b8bcaf06d6709d545895337fe36e9d26417238f36be5ba51d5cd7cd7cec452780b72bc441052f67496ed8bb4d393db8da52aa3b0ef10a74a33c2b7ee24f76642f83bfc3e686951cbd1983f1ea54d536f6c86e8b20a4eaefb9ca57308abcfd81357e3d0eebeb0ff805c151ea1d0063c3bea7120562886fc4ce284f33d4a85c830d8b9b9b1295c352c3f5db54973a5ed3788e5396a1add7022546f13db95e4ad1a994142aa4f98d644cd822192e3e1875da3b4a6cfd61cca36a82fd4c1f09db84f6b379483e2b81749609750b493e406c8add341d8855ef47d8e8cd49e9d1340be1223d268bed3a2cc949b74cf01160723d26de9b11138fd8e8957354c2a58fa30903b7544d2bdf49249e5ca9f5d030f0c17e7ec605482523d1da3b3ca6c94c8724c20b929954c1c1f321ba7f77e2e954056a2838e57696e40a2fc9f8c2b7e25a41cd500f4fffb196810b3d77f79dfc1f7179fd4e2c63957c65da8325185cdfa37a82d42ebfc631a87ce7ba60ad09132f1eabe7b870c88fa277578e19a6adabd328e6b453dae201ce4327a378174695264ff4411a3815c362480058038b1b70b652e89b0c7743548b897c80c53b16aba4d244753fd8c14c8bcdbe2a2710df7842a8af2bd0a966632655c01bbc2604151b80e349b2f5f63fc8fdfb34c7223803fc0fd1dcf7fb5471c65f59ef9b02c3c0440f7e44fa4759782a46165c64e2ffc246d0438248c461e932806ddc20d3eeb597d74e9cbfba85951c601fd8b903c80f5d8bd5fc5b824cd63d9bc2d38438eb8a8bd1fbbad944b3ca074eb318ae074ef4d7f12076ac1809ca6868be7e5fcbb953ee70bcccb7cf51422e8293faf3e88d4b179b4c7a6ab53638eb05c902715c023f33ba9e121aed0b7b5f0544b5275cf22093e64a7038cda03fc9014002cb52d4568625d321b344e566b50a7e9695c79daab4aa0fc82790cd32708bdc0242686052677eb163cba152231e45d0ad1b8238a7d1230f43612ae8b9525d1f98372774a326e9baa48e69093b215ea503e054729722a71c7e6c58b958f3cec95fdbf1811b7c8a53787e95d266a70d408798e94d9579e813a8e9e3d4bdb4f2682f7aa30b659c722aa07faa911543c57db9fb3abf73ac5b4096cadb4bfa2b25e51b11e754348a2abff384a16194af26590ccd657cf76bae1f1246b67ee0834105f008cf77b1320ecfcb87bfa7d2b2fdec1330f54b6c6cf2280119e39e9a66ccef3df0c4297e1c861a027fa2ea5a1ab530f5b94a98895405c620bb6faecd7e80bfb42d1a4646360e0e8355af548439f8db48d583352ea84385e271b3067bf7b047e69e23c3bd2c3ea74df48b3649985b0ef12a9f3803ccfa52e01381d30a9005f0415a149557b67d0ac7c439ba8b20a9eb293ee4d357cc1d9e1e7f707ad77e58f22d2b26f9a8e726e826b6722c2b910416dcdaf772476e55256fefb1fa5de0139e15c2bf84e267be5d5381bb30607b731c8f305a1b4e1e4bae0b59e61dc77b13d129dfff4fdaf48f95038cc11b14e8266aac4d59fb40346c07a7fee92327e40905e40f8135b0f6e9e31969902e9926a99d7ae30891be917581189ff998ea5310da0cf72faae333ab8ee7cb9f78bb0a8695a841b8d37709e2826594cc8927f5dd98c53ea4c5246b5fc09f756f29b61c21996dcb6c0f1e476674aa9b6f69ccfcf8672b048ee723af55104da1c2f5250e8bbb3bdf2b7edb4878a902032ab4115f516d804d2cde7bce6b0c6dcd1f0d321fe4bb279e4c45294df0fd33956469839c70bcb68c033b597daf3f515354e72fd1ecff87e4b8d1ae52e6ef0fc773a49ca76d0659454b59e9c62fc8e10131e50893c0c0a997fb5766157701ce8e6a6482bd8b0b53a6b4fd4227d8e02c6453114f161017b18e52867282010df15c361a0ed3b17636adce6567ca97d4864dc15fca353490aecd5d26af991a92dcfd3e4dd38b8ed9181dee7e2e20cc2600c3211eecafd0dac537a693573e843259c30789a3d0ef91b78f95ed5da1c9e61716f651284e4eea663aab9c30d28a620745e44fbcf71221a23d332d411d17220c5a43321cbae90ba8104ffb4415d7563a21406d6be1fdc9abfff8998b51628b28b4ed84ded6804726cae5b62281949bb7cd7bec7bb2dfa8d831d4928b274c7452d2e9f8a37c67c98239b121d3acf381a10469d0dee019d38dbba865fdecfa34e39b0dcd4cf7a66e30f87d4f26d4190fdc62d44c850e94121ace3d531de3204ed5f838f5953c98b44a387a0cc95fc5e76facdf3a9f98183d32d887fb7d997a37b4737861bb12ea8e412e1015d3cceff7b448381f3fedd35a535e524f9e6df67e14882d9ec956a81e1972392c8c79cec77fe6d0f88a00710aaab4878187d6c387cf1ade1c61ca3b9bef117ad621c9a971d4f04a2e45314422f9f7606c932ab593db97747d7666948d04aacee1ceb6ae2fb205f32d953d94e5f2c7cb332eefa4bf11c999fb67e287960b64c36fa37de3c81fe53e057abc6f5575cb900a117242340126f721f8ad4c3d744440f2d9e1abf71fb24ca6f5abd392ce1110d4d138cd312373f99eef5a9b55a2a92a73be76860c380e5f2f1c9e5526ab5dc6f91d81d086dcfb70165c69b9bba0670366910ed053d43a61bc8215e95f304d73d38a689f174ac4940f1c7c87a011fbaa364e54887a0f38281509282943c38c77f9dbf385d0f8f62d30b300ae7ce24eb5b855057fc4fc8efcb05c4451fbc4de6f8b545559fb2bd2f8200eaa2822990d4afa0398e4c4d40534ece023306239bd86e2a0b9ae2fbfa640046379c1e2f0471e0005bdbd929119e54808f53fbc9ae318fd128aecaee2e314efcd76085a1da95b1261a321fe8229434dcc57844f15914221116d53faef06466643b996d5802167c0dcabe44979e576b4290aceee7aa771820fe113b85162e45961dea78ba31e0c54faa89ef75263d15580dd144745ab42b5d510f1beb115832df59ce57be19113f97aa21d984448e7fbc92c1291fd84f98e9ddd832336be330528e9df7b88f17f47708dfa401ba49562ef3650155bca61a81348896c151d05651caf865a3c40dbaecde5036233dd42a23f5712c93b2fa1c3ab754445bd258491fcf508ac344eeb38db1a4cb9980b1d97b826d76b0b10f8b8937dd0a9385c66ffffdab1819049c35aaf90b15267f7c58ff236c425414286bc7dfc3bd22abea8aeaeb113592ed41fa566d1426c85c3db9ef04e70b31ea52ae2f9352ae1195035b517f7e36350906773fabaef38fb29348b9797ec90cce08e0afb923fcfe0fe62ed2abd97d39949993048ae10c5be54808986f6c4aa437e413b449f57b0b0fc6f393808631fac191af623b8e90193ef2b0dda64f26b4771ab256bccd61ebf4b7ad099156986d64e77d37039d4a2e5836528a10c8c9d9ca9c640804dbf2db4154384cd8a8c02ce863e102ea944c17a643c120361d631b7f349f920ae6bd06db3e3af1bf902c3204e8632d27bd928701ee206a7d64448f9a81265a17a31878e3c1a2a044fc6f956b557471d1bf7dfe160716028191e851e18439f4e3561aa589528889090a3b673f70aebc1edb12861277f04f300acd8278e5f640ac0dc7e4f8df3ea39186119b0599f3e7bedfa0ee65e4d25d8586a2d10e773182d98ea9eef3b3d9805697adce7daf083b8a934c0d9c6467be25a6a22b6b246abcb355d03b8c3345dff9f40e253ae80a2de668dd9da044a2b90bc5788b0fe3a2c6387b3c817ea456eb7713a728caf4287d15006500435ff93eb6803e42e57c087c483e23605d9dcd6f758883fbb990eb0f91f351191956ac451e1c1d1ae113c03311057f5e70d8231bef8edb7c2cbecc4ab3e46b02945afbcdb2e8b005819dd141055af1fd6a3240af08751cd3a78ff92e39bba4d3c23aef960646512b3b86d6a8fa6880cfce6d58e1fbe734ac5f9b7018451a7a5879b3767dfb359eee615bab65116237e5de5b96bf9fbacd11702c73a8e478a64895d15ac0110737c3ab91222bc4c87326b5d5e3cf089da0a76d43222a8eeeb5286a4cb2fced98ebc2f6e876e8ff48b6f8f8264e52cf5b38906d657bd8d0d91e2d7846224ac60526f878e8189d80957a73a0fb95223842fb819286234d742c0aee14c75ed069411f7631aaa3e2a011fe75e67131a51733b9d2dc7981935d559a08a965363cdbc02dbadfcc4435040cff61df0cea2dcc5017deab9076fcc1a11ebe5020b6c96a16425397df15881815cf60b942648c234a5614ecffd4d5de50884934bdbd5177d24ee76f0c97fd0a2b97e527fa86c73ec672398f1d88c03d467f2712908d8fff5e02b4e1fe2d7bff02205597b3a5360e2767a3d7c488d222a3ea39d3fec61423e349689297868a4bfcf08a0938729fbc819ca2181f03f4ea42c7892dccd76560f1ef812ba7380681a8943e7bf2d6bb0729002a33a4a595c411cec870e8757e5d9cddb17563a627e598bd170cb6eab4d0d8a02c926bd0d67d2084df5873591ba8da1309f9c309fcdb1e1afea2ed48b467170f9d2539e62e75ed1e9ad94e2f574bba5e25f7473534e82e91263cef442f31e9e568a3eafa2b9de2a99fa681c6f6f245db26c24d56ae77fe239c63a70c2edd113f0d48bf5c2a887e1512bfb2801a0c628d3b91f57b1d1401b0e5e6012d32dafacd08775b1b28f15c44b03cd340a4e45be0534c4f5099c5bda5ef0035ab7d1ddbdb2e73ad49e15f6a04b5b09280581ebe2ce940a8058e2d14a0556c14adce8a40b6f0f78cc6bf46f0d0b2c4f9ce79e60eadd828eec8fd5c6b1196f685add24c959d4f1c9cbf7d21fb010df2f26fd1f1a5186186de0ab6f7fbf7ac2406a815382aad4edde90c8aa08ce053e86777fcbb089b4cbeb596949ff04739b53c4262b84881814c1cee97eb9147854b54ea354d53d906869c21e5772be517c127a0feb3844acb8b721f060e065b096d5f390b3557e25d50bb887ac018564a9b3ca3fe38eec76dace59bcadb81ed3764c177766ffc8770b7eca1fd3c87f3fc84f157974dc6356ab41388d973ae0a5a4a1d3d08f207b4add5bb902034f0be23bd27010cf5fb3a8ce4c34b123be47bf50fb6ff1593602e720d893561f72fcabdf7141ea4a274d319e9157ee4deb55dd412296525a1d82726fc8e8ad1ebddd6f7ac4ac10d3f59473cf5b0ae0644db9224268415ad314e4a7f4e4a17be80425198c097287ef95948ef260eb02d59e235caabeb1bcbf8829240e5637358879016ea8b5b06337d58aab36bc1a981d7667974068ca1a353a8caad2885236f407fcfc277210ff15f4d7d0caa2b31e5f745f455ff36a5fd9a9036c02f319a049ecb1d67c057130ae3d68374c82191059b44f8aebdf4574cd84cf7c031b6e177e8f5808f25ac76df8d7f9aada99e1a16ea5b22cc4bb349a352aceb2cb1ea47710704d446498f4d6ff2d8705797cfe62e03de9064a5831df451d021fcd93a71c3105f81df9d1ce5dc27d26d77326ab4bedf0c428a70772f2b0630b0640f643292e68e9b44d53f5c401f6ee09f8217b77b2d308e13cbedefa56920ad948b464a74c3e9ca9259d10132880d7dbd2c972c772985f7022a41ef473c254289982b9cde41f937a1de59b9a50caf728accac23ba485842dae35ad4ed412a31d2a134bf05ede9fc70fab45fee38f1f7e749e803446b418cc1b5e7f2019777ae03eab5e129e1eef2195ca84cde2848df14a93bbc3a917f1e06ce3753cf127f2241295fb630f6e27eadeaff570f955ace44dd204dcc082f7bcbe310e2c33267852049cb839142d072e3f3ebb1fc289c78769fd0f05578630e42a5829b82c6d535c012204aa74659282ba0498156e2183ecee174054d45fd97e5a0159255d8af432563d367f045d209c67cc70f7cf13b9a6578983ea640f0e8e66113484f48d41cb65b1338eb6cec534b3acdf9e5a1a3ac9157d75986583edfda4958e79593b6808b4762f823a6f442ee1749e592bc103f2b9e16107b939ece49cb447e5a7d34d66f18567d0e981f4fef25a467144689662783503a03e1800d22f40f61903d8270453161a68386bdd94d59dd66eb5ae067d4129be23a0b17b89d0478734460bb88c5771d9444caa769aa62d56bd128bc328e03d2e18d966f5784398ca2aab86007f7ca00908d4bd7f2f3ecf3024110b073304c7bb17bd73725721a99e94c8d5e5da7a839d58f2196cace99b98d7f584a49fee2a426e6ec3f08e520f7965aa2dad97084c2ebed43c58dbc9116f420d4735decc47dea514b689f5479c56b6128dd684c4fbf0945aa15363276af833b27b82cb48541413bc9fc51f9ce57c14bb6c39f86cbc99b69e5d91e7cf72f340f67012eb2f5fb21d830e97eb3664674ecc36c754f90d1a8f6092fe3a48827849ec95ed35887cfd2ab3f26331bdc154ad034f31ef26ecec5feedac1367f4f642e99ebb409ddd5dd8d0087ebf048e4924a2119c69ff00af79233443b897f7bd1d80f4d34555719bd8dd9c0d824d0437c2adfc598fd4c2c2d8cf7693e05238987bdb9bb04751dfcd44fbced899a7dadef499b9bfb45ee52ea59369c950821a667712946c7207e36473660f3f9c9906ed889ffe7a8c735e98d41cc96aecf3e577072cb4711eb690d28ff41dbe9070cd73da26875994a7b8480f2d21bd4b92402bc293fea154071c401581a9b858dcb4113149105d793fd4d0e98894f228f24250ada364f49180fbd116e0677cbfbe928a840dbfab2791865cec67ab39affa7b76c266285ed2ede7ce77e9e6f21545b8d177cc73e5142e6bbfbb3e9793716de8d6faeb74e18475cac7541e3ccd875cc0dc8bd5a01e468700d5817fc44b6dd64d74dbe0b351c80815102a0dc2038c83dc75189bb4ca425eabeeaa70fcebfda8f16c4b083762811325fdc6b94f84b6d4629929b85d0cf678b28651cab8a825f28440ca4e7a2193c6f9c769b0aa226754fa8eabd7cd1d31ea2478a83e0d79eaff6f72bfb05c31098f4640256b8c21ef25808821c08cbc68e8b6205fdbcb10b17d63cfb5ead7fb8ae1", 0x2000, &(0x7f0000002cc0)={0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}) (fail_nth: 2)
syz_usb_connect(0x1, 0x2d, 0x0, 0x0)

42.19486357s ago: executing program 3 (id=1951):
r0 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000200)={0x18, 0x4, &(0x7f00000002c0)=ANY=[@ANYBLOB="18010000000000000000000000000000850000006d00000095"], &(0x7f0000000100)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x2}, 0x80)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000080)={&(0x7f0000000000)='sched_switch\x00', r0}, 0x18)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x88}, 0x0)
sched_setscheduler(0x0, 0x1, &(0x7f0000000240)=0x7)
r1 = getpid()
sched_setscheduler(r1, 0x2, &(0x7f0000000200)=0x7)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={<r2=>0xffffffffffffffff, <r3=>0xffffffffffffffff})
connect$unix(r2, &(0x7f000057eff8)=@file={0x0, './file0\x00'}, 0x6e)
sendmmsg$unix(r3, &(0x7f0000000000), 0x651, 0x0)
recvmmsg(r2, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
prctl$PR_GET_FPEXC(0xb, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000000)=0x6)
r4 = openat$fb0(0xffffffffffffff9c, &(0x7f00000000c0), 0x12b900, 0x0)
r5 = socket(0x11, 0x2, 0x0)
ioctl$FBIOBLANK(r4, 0x4611, 0x0)
syz_open_dev$media(&(0x7f00000006c0), 0x2c29, 0x28004)
ioctl$BTRFS_IOC_INO_LOOKUP_USER(0xffffffffffffffff, 0x7c80, 0x0)
r6 = socket$tipc(0x1e, 0x2, 0x0)
setsockopt$TIPC_GROUP_JOIN(r6, 0x10f, 0x87, &(0x7f0000000000)={0x2042, 0xfffffffd}, 0x10)
ioctl$ifreq_SIOCGIFINDEX_wireguard(r5, 0x8933, &(0x7f0000000300)={'wg0\x00', <r7=>0x0})
setsockopt$MRT_ADD_VIF(r5, 0x0, 0xca, &(0x7f0000000340)={0x0, 0x1, 0x7, 0x8, @vifc_lcl_ifindex=r7, @multicast1}, 0x10)

37.052158485s ago: executing program 2 (id=1953):
openat$uinput(0xffffffffffffff9c, &(0x7f0000000080), 0x2, 0x0)
openat$binderfs(0xffffffffffffff9c, &(0x7f0000000300)='./binderfs/binder0\x00', 0x2, 0x0)
syz_io_uring_setup(0x1d85, &(0x7f00000003c0)={0x0, 0x3ebf, 0x20, 0x1, 0xb8}, &(0x7f0000000040), &(0x7f0000000140))
r0 = syz_open_procfs(0x0, &(0x7f0000000000)='fd/3\x00')
r1 = socket$unix(0x1, 0x1, 0x0)
bind$unix(r1, &(0x7f0000003000)=@file={0x1, '\xe9\x1fq\x89Y\x1e\x923aK\x00'}, 0x6e)
mkdirat(r0, &(0x7f0000000240)='./file1\x00', 0x0)
mkdirat(0xffffffffffffff9c, &(0x7f0000002040)='./file0\x00', 0x0)
mkdir(&(0x7f0000000280)='./file1\x00', 0x20)
mount$bind(&(0x7f00000002c0)='.\x00', &(0x7f0000000200)='./file0/../file0\x00', 0x0, 0x101091, 0x0)
mount$overlay(0x0, &(0x7f00000000c0)='./bus\x00', &(0x7f0000000080), 0x0, &(0x7f0000000100)={[{@workdir={'workdir', 0x3d, './file1'}}, {@lowerdir={'lowerdir', 0x3d, './file0'}}, {@upperdir={'upperdir', 0x3d, './file1'}}]})
chdir(&(0x7f00000001c0)='./bus\x00')
bpf$PROG_LOAD(0x5, 0x0, 0x0)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0)
sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x7)
r2 = getpid()
sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2)
sched_setscheduler(r2, 0x2, &(0x7f0000000200)=0x6)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={<r3=>0xffffffffffffffff, <r4=>0xffffffffffffffff})
mprotect(&(0x7f00003b1000/0x1000)=nil, 0x1000, 0x4)
connect$unix(r3, &(0x7f000057eff8)=@abs, 0x6e)
sendmmsg$unix(r4, &(0x7f0000000000), 0x651, 0x0)
recvmmsg(r3, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000540)={0x0}, 0x18)
r5 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000300)={0x18, 0x5, &(0x7f0000000180)=ANY=[@ANYBLOB="18050000000000fe000000004b64ffec850000007d00000004000000070000"], &(0x7f0000000080)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x2, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x1000000}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000540)={&(0x7f0000000080)='sched_switch\x00', r5}, 0xc)
openat$tun(0xffffffffffffff9c, &(0x7f0000000040), 0x402000, 0x0)
r6 = socket$inet6(0xa, 0x1, 0x0)
setsockopt$IP6T_SO_SET_REPLACE(r6, 0x29, 0x40, &(0x7f0000001c00)=@raw={'raw\x00', 0x3c1, 0x3, 0x360, 0x1c0, 0x12, 0x60d, 0x1c0, 0x202, 0x290, 0x2e8, 0x2e8, 0x290, 0x2c0, 0x4, 0x0, {[{{@ipv6={@private0, @mcast2, [], [], 'veth1_to_bond\x00', 'geneve1\x00'}, 0x0, 0x190, 0x1c0, 0x0, {}, [@common=@unspec=@string={{0xc0}, {0x0, 0x0, 'bm\x00', "000000000000000617ae5119b5135c2aee68d23a465cd431e1ecef50c3234e082555f67222476147864fa03182f5cf11d8c348cbd06dc8de1dcbde7d4e252c3394fed47bf78c70f607b0178fa5ea335019ac07a602061c96baebc989f1f34a214e6726401fe4b124e0f7323a587d2a1fcf07000000eca0a7b66c60c527bac2b5", 0x2, 0x2}}, @common=@inet=@socket2={{0x28}}]}, @common=@unspec=@CONNMARK={0x30}}, {{@uncond, 0x0, 0xa8, 0xd0}, @common=@unspec=@NFQUEUE3={0x28}}], {{'\x00', 0x0, 0xa8, 0xd0}, {0x28}}}}, 0x3c0)

26.542626273s ago: executing program 33 (id=1943):
r0 = socket$tipc(0x1e, 0x2, 0x0)
setsockopt$TIPC_GROUP_JOIN(r0, 0x10f, 0x87, &(0x7f0000000300)={0x40, 0x2, 0x3, 0x3}, 0xfffffffffffffeea)
r1 = socket$nl_xfrm(0x10, 0x3, 0x6)
fallocate(0xffffffffffffffff, 0x0, 0x0, 0x1000f4)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000180)=0x4)
sched_setaffinity(0x0, 0x8, &(0x7f0000000680)=0x2)
r2 = creat(0x0, 0xecf86c37d53049cc)
write$binfmt_script(r2, 0x0, 0x0)
write$FUSE_NOTIFY_STORE(r2, 0x0, 0x28)
execve(0x0, 0x0, 0x0)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
r3 = syz_open_dev$MSR(&(0x7f00000001c0), 0x0, 0x0)
recvmsg$unix(0xffffffffffffffff, &(0x7f0000000300), 0x120)
read$msr(r3, &(0x7f0000019680)=""/102392, 0x18ff8)
socket$nl_route(0x10, 0x3, 0x0)
r4 = socket$rds(0x15, 0x5, 0x0)
sendmsg$rds(r4, 0x0, 0x0)
socket$kcm(0x10, 0x2, 0x0)
r5 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, 0x0, 0x0)
bpf$BPF_PROG_ATTACH(0x8, &(0x7f0000000200)={@cgroup, 0xffffffffffffffff, 0x23, 0x1a, 0xffffffffffffffff, @void, @value=r5}, 0x20)
mount(&(0x7f0000000100)=@md0, &(0x7f0000000040)='.\x00', &(0x7f0000000000)='virtiofs\x00', 0x5, 0x0)
open(&(0x7f0000000000)='./bus\x00', 0x60142, 0x10)
r6 = openat$dir(0xffffffffffffff9c, &(0x7f0000000280)='.\x00', 0x8000, 0x1f7)
r7 = fanotify_init(0x200, 0x0)
fanotify_mark(r7, 0x201, 0x4800003e, r6, 0x0)
open(0x0, 0x101000, 0x0)
sendmsg$nl_xfrm(r1, &(0x7f0000000300)={0x0, 0x0, &(0x7f00000002c0)={&(0x7f0000000800)=ANY=[@ANYBLOB="4401000010000100000000000000000000000000000000000000000000400000ac1414bb000000000000000000000000000000004e2300000000000016000000", @ANYRES32=0x0, @ANYRES32=0x0, @ANYBLOB="fc000000000000000000000000000001000004d46c0000000a0101010000000000000000000000000000000000000000000000000000000000000000000000000100000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000020001000000000000000000480003006465666c617465000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000c000f000600000000000000"], 0x144}}, 0x0)
socket$tipc(0x1e, 0x2, 0x0)

26.347193939s ago: executing program 34 (id=1949):
r0 = socket$nl_generic(0x10, 0x3, 0x10)
syz_open_procfs(0x0, 0x0)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0)
sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
syz_io_uring_setup(0x10d, &(0x7f0000000140)={0x0, 0x10c4, 0x0, 0x0, 0x180000}, 0x0, &(0x7f0000000280))
r1 = syz_open_dev$MSR(&(0x7f00000001c0), 0x0, 0x0)
read$msr(r1, &(0x7f0000019680)=""/102392, 0x18ff8)
sendmsg$nl_generic(r0, &(0x7f0000000140)={0x0, 0x0, &(0x7f0000001ac0)={&(0x7f0000000000)={0x1c, 0x2d, 0x1, 0x70bd26, 0x25dfdbfc, {0x4}, [@typed={0x8, 0x9, 0x0, 0x0, @binary="38eac21a"}]}, 0x1c}}, 0x20000000)
openat$vmci(0xffffffffffffff9c, &(0x7f0000000040), 0x2, 0x0)
r2 = socket(0x10, 0x3, 0x0)
setsockopt$SO_ATTACH_FILTER(r2, 0x1, 0x1a, &(0x7f0000000000)={0x3, &(0x7f0000000080)=[{0x20, 0xf, 0xff, 0xfffff038}, {0x20, 0x1f, 0xf6, 0xfffff010}, {0x6, 0x80}]}, 0x10)

26.335313163s ago: executing program 2 (id=1956):
r0 = ioctl$KVM_CREATE_VM(0xffffffffffffffff, 0xae01, 0x0)
bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, 0x0, 0x0)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x88}, 0x0)
sched_setscheduler(0x0, 0x1, &(0x7f0000000240)=0x7)
r1 = getpid()
sched_setscheduler(r1, 0x2, &(0x7f0000000200)=0x7)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={<r2=>0xffffffffffffffff, <r3=>0xffffffffffffffff})
connect$unix(r2, &(0x7f000057eff8)=@file={0x0, './file0\x00'}, 0x6e)
sendmmsg$unix(r3, &(0x7f0000000000), 0x651, 0x0)
recvmmsg(r2, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000000)=0x6)
r4 = bpf$MAP_CREATE_CONST_STR(0x0, 0x0, 0x48)
bpf$BPF_MAP_CONST_STR_FREEZE(0x16, &(0x7f00000003c0)={r4, <r5=>0xffffffffffffffff}, 0x4)
r6 = bpf$PROG_LOAD(0x5, &(0x7f0000000200)={0x1f, 0x1d, &(0x7f0000000700)=@framed={{0x18, 0x0, 0x0, 0x0, 0x6}, [@snprintf={{}, {}, {0x7, 0x0, 0xb, 0x8, 0x0, 0x0, 0x3}, {}, {}, {}, {}, {}, {}, {0x18, 0x3, 0x2, 0x0, r5}}, @snprintf={{}, {0x3, 0x3, 0x6, 0xa, 0xa, 0xfff8, 0xf1}, {0x5}, {}, {}, {}, {}, {}, {}, {0x18, 0x3, 0x2, 0x0, r4}, {}, {0x85, 0x0, 0x0, 0x6a}}]}, &(0x7f0000000600)='GPL\x00', 0x0, 0x0, 0x0, 0x41100, 0x10, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4000}, 0x94)
bpf$PROG_BIND_MAP(0xa, &(0x7f0000000000)={r6}, 0xc)
r7 = socket$nl_generic(0x10, 0x3, 0x10)
r8 = syz_genetlink_get_family_id$devlink(&(0x7f0000008280), r7)
sendmsg$DEVLINK_CMD_SB_POOL_GET(r7, &(0x7f00000084c0)={0x0, 0x0, &(0x7f0000008480)={&(0x7f00000082c0)={0x44, r8, 0x1, 0x70bd26, 0x25dfdbfd, {}, [{@nsim={{0xe}, {0xf, 0x2, {'netdevsim', 0x0}}}, {0xfffffffffffffe51, 0xb, 0x8001}, {0x6, 0x11, 0x40}}]}, 0x44}, 0x1, 0x0, 0x0, 0x24000084}, 0x40080)
r9 = socket(0x28, 0x5, 0x0)
bind$vsock_stream(r9, &(0x7f0000000040)={0x28, 0x0, 0x0, @local}, 0x10)
listen(r9, 0x0)
r10 = socket(0x28, 0x5, 0x0)
connect$vsock_stream(r10, &(0x7f0000000080), 0x10)
recvmsg$can_bcm(r10, &(0x7f0000000200)={0x0, 0x0, &(0x7f0000001500)=[{&(0x7f0000000280)=""/4096, 0x1000}], 0x1}, 0x20000100)
shutdown(r10, 0x0)
read$FUSE(0xffffffffffffffff, &(0x7f0000002900)={0x2020}, 0x2020)
ioctl$KVM_CREATE_VCPU(r0, 0xae41, 0x1)

26.233172003s ago: executing program 35 (id=1951):
r0 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000200)={0x18, 0x4, &(0x7f00000002c0)=ANY=[@ANYBLOB="18010000000000000000000000000000850000006d00000095"], &(0x7f0000000100)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x2}, 0x80)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000080)={&(0x7f0000000000)='sched_switch\x00', r0}, 0x18)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x88}, 0x0)
sched_setscheduler(0x0, 0x1, &(0x7f0000000240)=0x7)
r1 = getpid()
sched_setscheduler(r1, 0x2, &(0x7f0000000200)=0x7)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={<r2=>0xffffffffffffffff, <r3=>0xffffffffffffffff})
connect$unix(r2, &(0x7f000057eff8)=@file={0x0, './file0\x00'}, 0x6e)
sendmmsg$unix(r3, &(0x7f0000000000), 0x651, 0x0)
recvmmsg(r2, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
prctl$PR_GET_FPEXC(0xb, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000000)=0x6)
r4 = openat$fb0(0xffffffffffffff9c, &(0x7f00000000c0), 0x12b900, 0x0)
r5 = socket(0x11, 0x2, 0x0)
ioctl$FBIOBLANK(r4, 0x4611, 0x0)
syz_open_dev$media(&(0x7f00000006c0), 0x2c29, 0x28004)
ioctl$BTRFS_IOC_INO_LOOKUP_USER(0xffffffffffffffff, 0x7c80, 0x0)
r6 = socket$tipc(0x1e, 0x2, 0x0)
setsockopt$TIPC_GROUP_JOIN(r6, 0x10f, 0x87, &(0x7f0000000000)={0x2042, 0xfffffffd}, 0x10)
ioctl$ifreq_SIOCGIFINDEX_wireguard(r5, 0x8933, &(0x7f0000000300)={'wg0\x00', <r7=>0x0})
setsockopt$MRT_ADD_VIF(r5, 0x0, 0xca, &(0x7f0000000340)={0x0, 0x1, 0x7, 0x8, @vifc_lcl_ifindex=r7, @multicast1}, 0x10)

22.607480324s ago: executing program 4 (id=1961):
r0 = openat$iommufd(0xffffffffffffff9c, &(0x7f0000000080), 0x0, 0x0)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0)
sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x7)
r1 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f00000004c0)={0x11, 0x4, &(0x7f00000002c0)=ANY=[@ANYBLOB="18010000000000000000000000000000850000006d00000095"], &(0x7f0000000100)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x2}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000080)={&(0x7f0000000000)='sched_switch\x00', r1}, 0x10)
r2 = getpid()
sched_setscheduler(r2, 0x2, &(0x7f0000000200)=0x7)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={<r3=>0xffffffffffffffff, <r4=>0xffffffffffffffff})
connect$unix(r3, &(0x7f000057eff8)=@abs, 0x6e)
sendmmsg$unix(r4, &(0x7f0000000000), 0x651, 0x0)
recvmmsg(r3, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000000)=0x6)
sendmsg$nl_generic(0xffffffffffffffff, 0x0, 0x20000000)
ptrace$ARCH_SHSTK_ENABLE(0x1e, r2, 0x0, 0x5001)
socket$kcm(0x10, 0x2, 0x0)
ioctl$TCFLSH(0xffffffffffffffff, 0x400455c8, 0x2)
bind$bt_hci(0xffffffffffffffff, 0x0, 0x0)
syz_open_procfs(0xffffffffffffffff, &(0x7f0000000000)='status\x00')
r5 = socket$inet6_sctp(0xa, 0x801, 0x84)
connect$inet6(r5, &(0x7f0000000100)={0xa, 0x0, 0x0, @private1, 0x200000}, 0x1c)
sendto$inet6(r5, &(0x7f00000001c0)='O', 0x1, 0x80, &(0x7f0000000280)={0xa, 0x0, 0x0, @private2}, 0x1c)
shutdown(r5, 0x1)
getsockopt$inet_sctp6_SCTP_PEER_AUTH_CHUNKS(r5, 0x84, 0x1a, &(0x7f0000000000), &(0x7f0000000140)=0x8)
ioctl$IOMMU_IOAS_ALLOC(r0, 0x3b81, &(0x7f00000000c0)={0xc, 0x0, <r6=>0x0})
ioctl$IOMMU_IOAS_MAP(r0, 0x3b85, &(0x7f0000000200)={0x28, 0x3, r6, 0x0, &(0x7f00000001c0)="cd", 0x1, 0x7})
ioctl$IOMMU_IOAS_MAP(r0, 0x3b85, &(0x7f0000000440)={0x28, 0x7, r6, 0x0, &(0x7f0000000000)="b7", 0x1, 0x815})
ioctl$IOMMU_IOAS_UNMAP(r0, 0x3b86, &(0x7f0000000180)={0x18, r6, 0xc2, 0xffffffff})

21.44955067s ago: executing program 4 (id=1962):
syz_usb_connect(0x0, 0x2d, &(0x7f0000000140)={{0x12, 0x1, 0x0, 0x41, 0x3f, 0x5f, 0x20, 0x61d, 0xc150, 0xce6f, 0x1, 0x2, 0x3, 0x1, [{{0x9, 0x2, 0x1b, 0x1, 0x0, 0x0, 0x10, 0x0, [{{0x9, 0x4, 0x33, 0x0, 0x1, 0x18, 0x70, 0xfd, 0x0, [], [{{0x9, 0x5, 0x82, 0x2, 0x200, 0x0, 0x4}}]}}]}}]}}, 0x0)
r0 = openat$userio(0xffffffffffffff9c, &(0x7f0000000000), 0x2002, 0x0)
write$USERIO_CMD_SET_PORT_TYPE(r0, &(0x7f0000000040)={0x1, 0x6}, 0x2)
write$USERIO_CMD_REGISTER(r0, &(0x7f0000000100), 0x2)
socket$nl_generic(0x10, 0x3, 0x10)
syz_genetlink_get_family_id$l2tp(&(0x7f0000000140), 0xffffffffffffffff)
socket$inet_udp(0x2, 0x2, 0x0)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x9, 0x20000008b}, 0x0)
sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x7)
r1 = bpf$PROG_LOAD(0x5, &(0x7f0000000080)={0x11, 0x8, &(0x7f0000003900)=ANY=[@ANYBLOB="620af8ff0c200021bfa100000000000007010000f8ffffffb702000003000000bd120000000000008500000006000000b70000000000000095000000000000003faf4f1e7f2aa3d9b18ed81c0c869b51ec6c0af4e0e4a9446c7670568982b4e020f698393aa0f3881f9c24aa56f15199fad0093c59d66b5ece9f36c70d0f13905ea23c22624c9f87f9793f50bb546040677b0c5077da80fb982c1e9400e693146cea484a415b76966118b64f751a0f241b07080008002d75593a286cecc93e64c227c95aa0b784625704f07a72c234664c0af9360a1f7a5e6b607130c89f18c0c1089d8b853289e01aa27ae8b09e00e79ab20b0b8e1148f49faf2ad0000000000000006fa03c6468972089b302d7bf6023cdcedb5e0125ebbc08dee510cb2364149215108333719acd97cfa107d40224edc5465a932b77e74e802a0d42bc6099ad2300000080006ef6c1ff0900000000000010c63a949e8b7955394ffa82b8e942c89112f4ab87b1bfeda7be586602d985430cea0162ab3fcf4591c926abfb0767192302000000b0eea24492a660583eecb42cbcd3de3a83209da17a0faf60fd6ad9b97aa5fa68480366c9c6fd6fa5043aa3926b81e3b59c95c25a573dc2edcaea2b1a52496dfcaf99431412fd134a996382a1a04d5bb924cfe5f3185418d605ffff9c4d2ec7c32f2095e63c80aff9fa740b5b7632f32030916f89c6dad7603f2ba2a790d62d6faec2fed44da4928b30142ba11de6c5d50b83bae613402216b5054d1e7c13b1355d6f4a8245ffa4997da9c77af4c0eb97fca585ec6bf5af51d564beb6d952aab9c70764b0a8a7583c90b3433b809bdb9fbd48bc873495cbff8a326eea31ae4e0f7505ebf6c9d13330ca005ace1a84521f14518c9b476fccbd6c712016219848624b87cec2dbe98223a0eb4fa39f6b5c02e6d6d90756ff57902a8f57000000009700cf0b4b8bc2294133000000000000000000030000000000000000000000000010008bc0d9559711e6e8861c46495ba585a4b2d02edc3e28dd271c896249ed85b980680b00002b435ac15fc0288d9b2a169cdcacc413038dafb7a2c8cb482bac0ac502d9ba96ffffff7f0000100000000000007d5ad897ef3b7cda42013d53046da21b40216e14ba2d6ad5656bfff17addaedab25b30002abbba7fa725f38400be7c1f001b2cd317902f19e385be9e48dccff729433282830689da6b53b263339863297771429d120000003341bf4abacac95900fca0493cf29b33dcc9ffffffffffffffd39fec2271ff01589646efd1cf870cd7bb2366fde41f94290c2a5ff870ce41fd3467decb05cfd9fcb32c8ed1dbd9d10a64c1083d5e71b5565b1768ee58969c41595229df17bcad70fb4021428ce970275d13b78100788f11f76161d46ea3abe0fa4d30dc94ef241875f3b4ce0232fcea69c271d7fa29822aea68a660e717a04becff0f719197724f4fce1093b62d7e8c7123d8ec571be54c72d978cf906df0042e36acd37d7f9e119f2c06f815312e0cfe222a06f56dd022c074eb8a322fb0bf47c0a8d154b405c37feaf3dd95f6ef2ae582786105c7df8be5877050c91301bb997316dbf17866fb84d4173731efe895ff2e1c5560926e90109b598502d3e959efc71f665c4d75cf2458e3546c1c776da64fb5abee0acfd235f2f4632c9062ece84c99a061887a20639b41c8c12ee86c50804042b3fb5aac518a75f9e7d7101d5e186c489b3a06fb99e0aa7f23a054de2f4d92d6bd72ee2c9fdc75aaaf1e3e483b4ad05573af40326993947d9a631bcbf3583784acbda216550d7aec6b79e30cbd128f54c2d3335457acf37331766e472391e358c3b377327ac9ecc34f24c9ae153ec60ac0694dc55bff9f5f45f90400000000000000d6b2c5ea1393fdf24285bf16b99c9cc0ad1857216f1a985f369191ae954febb3df464bfe0f7f3ee9afe7befb89d2777399f5874c553aeb3729cffe86e66964ae09bb6d163118e4cbe024fd4500f8ff0700000000cc9d8046c216c1f895778cb25122a2a9f9b444aeadea2a40da8daccf080842a486721737390cbf3a74cb2003016f1514216bdf57d2a40d40b51ab63e96ec8485b3b8a8c9ae3d14f93100c2e0893862eef552fcde2981f48c482bde8a168c3f5db2fea6f26e4a4304e50c349f4f9ecee27defc93871c5f99b355b72d538ba4958ea8e4aa37094191e10096e7e60fc3541a2c905a1a95e9571bf38ae1981c4238ecaee6f75cd0a6881bd1517a8250ddc8674152f94e3a409e2a3bce109b60000000000000000d6d5210d7503000000a87a27602b81f76386f1535bef1497f92186086e29c6bc5a1fad6ec9a31137abf9a404abde7750898b1bd627e873f8703be8672d70d1ab57075228a9f46ed9bd1f08fb8191bbab2dc51de3a61f0868afc4294859323e6c257a45319f18101288d139bd3da20fed05a8fe64680b0a3fc22dd70400000000946912d6c98cd1a9fbe1e7d58c08acaf30235b918a31d2eca55f74a23641f61f2d5b308cf0d031b0c7f0ced69993e9960ff5f76015e6009556237badf4e7965bbe2777e808fcba821aa8e8c5c39609ff854352cb4900000000000000000000000000c1fee30a3f7a85d1b29e58c77685efc0ceb1c8e5729c66418d169fc03aa188546b3ad2a182068e1e3a0e2505bc7f41019645466a53f1c96e0d4b3bc19faa5449209b083dbd334b47f067bbab40743b2a42010082008df75cf43f8ecc8d3726602111b40e761fd21081920382f14d12ca3c3431ee97471c7868dcda7eaa69eb7f7f80572fdd11bb1d0d1280fbc22bf73468788df51710d7d31c632fc5ed1762eb0b428ee751c47d8e894f745a868404a0bf35f0121008b722b1eaa6aedfa1bf2e7ccb2d61d5d76331945ecefa26b8471d42645288d7226bbd9ccd628ab84875f2c50ba891cea592b0430a537a395dc73bda367bf12cb7d81691a5fe8c47be395656a297e9df0e71f96756ea5cce7daac4be290159f6bcd75f0dda9de5532e71ae9e48b0ed0254a83100000000f6fbb869604d51a36a54c832e45b2569dc0d90b075225fde44c4e0973171ad47d6b0fdf9743af932cd6db49a47613808bad959710300000000000000832d0a45fa4242e24c7e800003c9e8095e02985f28e678f66422436f949e2ab8f162d7e3f855e378f4a1f40b0c6fb2d4b205a800b6d713acebc5b014e61a543a5a194f9ac18d76b5440e3b1a569e7397f6cafa86966d7ba19e720413267a6ccea9c439671d2c680f2753ca184eeeb843450368acb4383a01d25eb3d1e23e0f2645d1cdfa9fa410632f95a5f622f851c66ee7e30393cd7a4d67ff2a49c4f93c0984b5c2d4523497e4d64f95f08493564a1df87111c9bf3194fef97dcecc467ace45feeb685c5870d05f88a0f463db88d377442e1349acaf766218b54a9d624778e1c4e064c98e494198276eb2df7766411bef0ebb5000000000006065d635b0b7a00ee767221d8af9753387e0cd8d718f54a29df6eba3bd4c440e6e2172e3fcc01b8babb757b5c59217b80d0db3ba582814a604e4ef7a803e9ca7c85b35c9b93a9e0885e238b44ae1c2e64cce3b27083b8246829e64056000302bffff15405bd5f2eba20000000000000000000000000000000000009a9823fd8fbc5aa16509945ed032b48ea12d8e0588dc52702e4084913a06d468d0928bad76d697e1f85ab030e788d38788ee5b5428d4a971cc97db9fd231088e570735ce129e7e77fc2777692664a1488fd8d6dff4dad618fd54f529d4555c6507009ee69dd1bc55258789b24052137e9637f3efbab71720f88c3c44b3b7486f979e8a3174b531f573fe0e5239c000be2733c49546f6e8a9175ec6f14dbf72cac91643b2fd99c29eca28a3c2e60d5e5b8795fae16a7c3ea57e728eca35eaf0155a39f97580e079175426c088a0208040982a0000000000000000000000000051ceaaf0159fe61f2eade7603d0a7a56fb09cd119ac06adb6597155ae47846892bb423c024d8cbe9240b71ec6dc2124d3a19e2d714b273d95d1d3aa737cb04a33615ff2a730e51067d5d675d7122361c37c61a43b5afd865b60d4cae891b73220f17d25985a7f76834995e53a93a1c7b9eef267df691ca983a0b15bda7f6c5c1ca7aa50261a3089a1ebf0734c9b07e8951ff023263ad5aed8cfb49b49e128c697724c057d22c5df5aef27ce3db11d5ad5527d149d076e1a87e2df27c0cb8a67ad026bf953e88f10447e125c2c0f1aebee1f3390a9e3ddad4e2a6e0f6e4569fdefa19e870e04acf9493b963f98e23cfc665e4f465fa3f801e1957c399e45f61d3459b1c606204368bb931345af2823c487d2fd99db6ea6e008e7ffa06ca861551189d155bd077a79fe2c7e961352e56824f727d21d41eae78bfec4a2d7a7edbc8ef958c5ea599f7c25bf71c2340558aa12fdd24a88aaad5921aee7dae6a2f3009d9cb43ab4898d0f0aa565431b6abe585d75db04d1c9ba0b9de4ae8b0d3132bc6810cc9a693979f55174a72e1df9fdef35bc470f9e6e591982757f45c52c645d891bf63bb21fb66926ebe1a8525611fc3e8bb8795c36dc2a86b5ab46ff33cc74f61751b2dae92676db85c8d0c721b7ea4544bf51c95c86fcac1f434d09d1ee4928aafe23de66fed972e0dddfb33f64e48701b049239e7f552d816441d11c4c2647c014462344359198d97c4b6e9ed31ca18987b64de079b2bed641e8a92f13ca70844c65cb423d01950b0ebf44bd28e09c05d9ae5dd689fb880fb18d042219f5ac60c3a03b085abf3e8e3efc842a8d328733461f04c99607061c65ed14c61322a5ac2d371a95b8ad867ec92d13a4fa4ae033a09673866cd77f4bcdaaa05207166b19a8758d8855400d8c6a7242dc207251e8797eca24ea4f487663e60f2f5e1f1424958fd148f846830e88a42d93e1fe9c0b4a4a268921738938aa9f3cb3811ac87c54c8ebc8bcfb4613cc3a997ff1579edbd4ade8020e3ad001b072b1a751b588ac4639f35a58e00a50c0270608c7a7f10132b1c25b9ea81232fbef665f6212f875b2a0000000000000000000000000000cf7b6c4ba9bec153d6834bfef080df374703a8ff56a63ec1fe5f2e05a79e3cace7283dd68d41e94420c325fe4dae144fde5ec25a87d625cab20753a77b323fa3783c8b675859b9012647885a242adfee2fe812ecbe5191e0a15142f7349e7627cc39d724e2e34e7a24154f26ae3125b36d0504965295d0453902ac7079b11a3a1e655e482331e3dc35b2e7e4e3ea99064fe5b9c8ae0ca3e5fd653f3286a99d81ce4eba765c38d097391ad4babac38ce5b4344e24a361cd54e5"], &(0x7f0000000380)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x8, &(0x7f0000000000), 0x8, 0x10, &(0x7f0000000000), 0x10}, 0x2e)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000180)={&(0x7f0000000540)='rcu_utilization\x00', r1}, 0x10)
r2 = getpid()
sched_setscheduler(r2, 0x2, &(0x7f0000000200)=0x6)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x0, 0x0)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={<r3=>0xffffffffffffffff, <r4=>0xffffffffffffffff})
connect$unix(r3, &(0x7f000057eff8)=@file={0x0, './file0\x00'}, 0x6e)
sendmmsg$unix(r4, &(0x7f0000000000), 0x651, 0x0)
socketpair$unix(0x1, 0x5, 0x0, 0x0)
syz_emit_ethernet(0x2a, &(0x7f00000015c0)={@broadcast, @empty, @void, {@ipv4={0x800, @udp={{0x5, 0x4, 0x0, 0x0, 0x1c, 0x0, 0x0, 0x0, 0x11, 0x0, @private=0xa010100, @initdev={0xac, 0x1e, 0x0, 0x0}}, {0x4, 0x4e20, 0x8}}}}}, 0x0)
write$USERIO_CMD_SEND_INTERRUPT(r0, &(0x7f0000000140)={0x2, 0x63}, 0x2)

17.96605914s ago: executing program 4 (id=1963):
r0 = socket(0x2a, 0x2, 0x0)
getsockname$packet(r0, &(0x7f0000000080)={0x11, 0x0, <r1=>0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000001480)=0x14)
sendmsg$IPSET_CMD_CREATE(0xffffffffffffffff, &(0x7f00000002c0)={0x0, 0x0, &(0x7f00000000c0)={&(0x7f0000000400)=ANY=[], 0x64}, 0x1, 0x0, 0x0, 0x20000010}, 0x0)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000100)={&(0x7f00000001c0)='mmap_lock_acquire_returned\x00'}, 0x10)
r2 = socket$inet(0x2, 0x2, 0x1)
shutdown(r2, 0x0)
ioctl$SIOCX25SCAUSEDIAG(0xffffffffffffffff, 0x89ec, 0xfffffffffffffffd)
sendmsg$IPCTNL_MSG_CT_NEW(0xffffffffffffffff, 0x0, 0x29a83a768e447add)
sendmsg$nl_route_sched(0xffffffffffffffff, &(0x7f0000000040)={0x0, 0x0, &(0x7f00000000c0)={&(0x7f00000003c0)=@newtfilter={0x44, 0x2c, 0xd27, 0x70bd2d, 0x20000000, {0x0, 0x0, 0x0, r1, {0x5, 0x2}, {}, {0x5, 0xffe0}}, [@filter_kind_options=@f_flower={{0xb}, {0x14, 0x2, [@TCA_FLOWER_CLASSID={0x8, 0x1, {0x0, 0x1}}, @TCA_FLOWER_FLAGS={0x8, 0x16, 0x2}]}}]}, 0x44}, 0x1, 0x0, 0x0, 0x8000}, 0x0)
r3 = socket$netlink(0x10, 0x3, 0x0)
sendmmsg(r3, &(0x7f00000002c0), 0x40000000000009f, 0x10000000)

17.832924438s ago: executing program 4 (id=1964):
syz_open_procfs$pagemap(0x0, &(0x7f0000000140))
symlinkat(&(0x7f0000000180)='./file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa\x00', 0xffffffffffffff9c, 0x0)
socket$nl_generic(0x10, 0x3, 0x10)
socket(0x10, 0x2, 0x0)
r0 = openat$fuse(0xffffffffffffff9c, &(0x7f0000000000), 0x42, 0x0)
syz_usb_connect$uac1(0x3, 0xdc, &(0x7f00000001c0)=ANY=[@ANYBLOB="12010000000000106b1d01014000010203010902ca0003010070000904000000010100000a24010800000201020d24060000030800000000000000240803960c03112d9cd2ce0c240208000103000000ff000924060506020100000924030003030005490c240206", @ANYRES8=0x0, @ANYRES16=r0], 0x0)
r1 = openat$vcs(0xffffffffffffff9c, &(0x7f0000000040), 0xc8000, 0x0)
ioctl$VIDIOC_S_OUTPUT(r1, 0xc004562f, &(0x7f0000000080)=0x7e73)

17.460224719s ago: executing program 2 (id=1965):
r0 = syz_open_dev$MSR(&(0x7f0000000000), 0xffffffffffffffff, 0x0)
r1 = syz_open_dev$sndpcmc(&(0x7f0000000040), 0xf7bd, 0x400)
ioctl$SNDRV_PCM_IOCTL_STATUS_EXT32(r1, 0xc06c4124, &(0x7f0000000080)={0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4}) (async)
r2 = syz_init_net_socket$bt_l2cap(0x1f, 0x3, 0x0) (async)
r3 = syz_open_dev$dri(&(0x7f0000000100), 0x9, 0x480000) (async)
setrlimit(0xe, &(0x7f0000000140)={0xba, 0x1})
ioctl$sock_FIOGETOWN(r2, 0x8903, &(0x7f0000000180)=<r4=>0x0)
ioctl$sock_FIOGETOWN(r2, 0x8903, &(0x7f00000001c0)=<r5=>0x0)
tgkill(r4, r5, 0x39) (async)
set_mempolicy(0x3, &(0x7f0000000200)=0x22b, 0xffffffffffffd90a)
r6 = bpf$MAP_CREATE_RINGBUF(0x0, &(0x7f0000000240)={0x1b, 0x0, 0x0, 0x0, 0x0, 0x1, 0x5, '\x00', 0x0, 0xffffffffffffffff, 0x2, 0x0, 0x1}, 0x50) (async)
ioctl$AUTOFS_DEV_IOCTL_FAIL(0xffffffffffffffff, 0xc0189377, &(0x7f00000002c0)={{0x1, 0x1, 0x18, <r7=>r3, {0x5, 0x6e5dadd}}, './file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa\x00'}) (async)
r8 = bpf$BPF_BTF_LOAD(0x12, &(0x7f0000001600)={&(0x7f00000014c0)={{0xeb9f, 0x1, 0x0, 0x18, 0x0, 0x3c, 0x3c, 0x4, [@restrict={0x7, 0x0, 0x0, 0xb, 0x4}, @union={0x1, 0x3, 0x0, 0x5, 0x0, 0x8, [{0x3, 0x2, 0x7}, {0x3, 0x1, 0x5}, {0xa, 0x5, 0x1}]}]}, {0x0, [0x2e, 0x30]}}, &(0x7f0000001540)=""/183, 0x58, 0xb7, 0x0, 0x4}, 0x28)
bpf$BPF_BTF_GET_NEXT_ID(0x17, &(0x7f0000001680)={0x2, <r9=>0x0}, 0x8) (async)
r10 = bpf$BPF_PROG_GET_FD_BY_ID(0xd, &(0x7f00000016c0), 0x4)
r11 = bpf$PROG_LOAD(0x5, &(0x7f0000001780)={0x11, 0x11, &(0x7f0000001300)=@ringbuf={{0x18, 0x0, 0x0, 0x0, 0x7, 0x0, 0x0, 0x0, 0x7}, {{0x18, 0x1, 0x1, 0x0, r6}}, {}, [@map_fd={0x18, 0x0, 0x1, 0x0, r7}], {{}, {0x7, 0x0, 0xb, 0x2, 0x0, 0x0, 0x1}}}, &(0x7f00000013c0)='GPL\x00', 0x8a4, 0xae, &(0x7f0000001400)=""/174, 0x41000, 0x0, '\x00', 0x0, @fallback=0x7, r8, 0x8, 0x0, 0x0, 0x10, &(0x7f0000001640)={0x3, 0xe, 0x4, 0x6}, 0x10, r9, r10, 0x4, &(0x7f0000001700)=[0xffffffffffffffff], &(0x7f0000001740)=[{0x3, 0x1, 0x10}, {0x5, 0x5, 0x3, 0x2}, {0x1, 0x3, 0x1, 0x7}, {0x4, 0x5, 0x1, 0xa}], 0x10, 0x9}, 0x94)
socket$nl_generic(0x10, 0x3, 0x10) (async)
fgetxattr(r11, &(0x7f0000001840)=@known='system.posix_acl_default\x00', &(0x7f0000001880)=""/186, 0xba) (async)
prlimit64(r5, 0x6, &(0x7f0000001940)={0x0, 0x4}, &(0x7f0000001980)) (async)
bpf$BPF_BTF_GET_NEXT_ID(0x17, &(0x7f00000019c0)={0x5}, 0x8)
openat$binderfs(0xffffffffffffff9c, &(0x7f0000001a00)='./binderfs/custom1\x00', 0x0, 0x0) (async)
read$msr(r0, &(0x7f0000001a40)=""/109, 0x6d) (async)
mbind(&(0x7f0000ffa000/0x4000)=nil, 0x4000, 0x18000, &(0x7f0000001ac0)=0x90, 0x7, 0x2) (async)
syz_open_dev$sndmidi(&(0x7f0000001b00), 0x4, 0x400203)
ioctl$BTRFS_IOC_START_SYNC(r7, 0x80089418, &(0x7f0000001b40)=<r12=>0x0)
ioctl$BTRFS_IOC_SUBVOL_CREATE_V2(r8, 0x50009418, &(0x7f0000001b80)={{r2}, r12, 0x6, @unused=[0x6, 0x1, 0x5a], @subvolid=0xe}) (async)
ioctl$PIO_UNIMAP(r7, 0x4b67, &(0x7f0000002bc0)={0x6, &(0x7f0000002b80)=[{0xe3d, 0xff}, {0xe, 0x1}, {0x7, 0x8}, {0x0, 0x3}, {0xc42, 0x2d}, {0xffff, 0x7}]}) (async)
ioctl$DRM_IOCTL_MODE_GETPLANERESOURCES(r3, 0xc01064b5, &(0x7f0000002c40)={&(0x7f0000002c00)=[0x0, 0x0], 0x2}) (async)
r13 = dup3(r6, r6, 0x80000)
write$UHID_CREATE2(r13, &(0x7f0000002c80)={0xb, {'syz0\x00', 'syz1\x00', 'syz0\x00', 0xd2, 0x9, 0x0, 0x8, 0x4d8, 0x2, "a0aefea801178723500c9601f763a465deb37e56a978e0228d0e431048edb8eabb6f1f48a566bebf8b51037e2e0434099556627c1deb31e9a680ba308bccf2728ffc1419bd85240342cc9f4d700fca3b994067135dc238e7c692c88c372daccd3f7a2e91fb1f57739d132103f537324207c6f67a32127f0cfd360b1a84110ae97dba4ec694f21c861758078851eecb715d14229272e7da13bacd6bdc0e17a74cc0a7f5326b21368c62103fa66cf3be8b6c33f36451972096e45c30a20b037eefa493f4f28aacc4c91ef1aa43097bc2697629"}}, 0x1ea)

17.340223166s ago: executing program 2 (id=1966):
socket(0x1, 0x2, 0x0)
bpf$MAP_CREATE(0x0, &(0x7f0000000200)=ANY=[@ANYBLOB="0f000000040000000400000012"], 0x48)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000180)=0x2)
sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
r0 = syz_open_dev$MSR(&(0x7f00000001c0), 0x0, 0x0)
read$msr(r0, &(0x7f0000019680)=""/102392, 0x18ff8)
r1 = socket$tipc(0x1e, 0x5, 0x0)
bind$tipc(r1, &(0x7f0000000340)=@nameseq={0x1e, 0x1, 0x3, {0x43}}, 0x10)
r2 = getpid()
getpriority(0x2, r2)

17.182658658s ago: executing program 2 (id=1967):
syz_open_dev$dri(0x0, 0x1, 0x0)
write$RDMA_USER_CM_CMD_CREATE_ID(0xffffffffffffffff, 0x0, 0x0)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000080)=0x8)
r0 = getpid()
sched_setscheduler(r0, 0x2, &(0x7f0000000200)=0x7)
ioctl$SIOCSIFHWADDR(0xffffffffffffffff, 0x8924, 0x0)
ioctl$vim2m_VIDIOC_REQBUFS(0xffffffffffffffff, 0xc0145608, &(0x7f0000000540)={0xffffeffe, 0x1, 0x2})
ioctl$vim2m_VIDIOC_REQBUFS(0xffffffffffffffff, 0xc0145608, &(0x7f0000000000)={0x1f, 0x1, 0x4})
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={<r1=>0xffffffffffffffff, <r2=>0xffffffffffffffff})
connect$unix(r1, &(0x7f000057eff8)=@abs, 0x6e)
sendmmsg$unix(r2, &(0x7f0000000000), 0x651, 0x0)
recvmmsg(r1, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
bpf$MAP_CREATE(0x0, &(0x7f0000000300)=ANY=[@ANYRES64=r0, @ANYRES64, @ANYRESHEX, @ANYRESHEX, @ANYRESOCT=r1, @ANYRESHEX, @ANYRESDEC=r1, @ANYRESHEX], 0x48)
r3 = openat$sysctl(0xffffffffffffff9c, &(0x7f0000000140)='/proc/self/clear_refs\x00', 0x1, 0x0)
write$sysctl(r3, &(0x7f0000000180)='4\x00', 0x2)

16.212865947s ago: executing program 4 (id=1968):
r0 = socket$alg(0x26, 0x5, 0x0)
bind$alg(r0, &(0x7f00000004c0)={0x26, 'rng\x00', 0x0, 0x0, 'drbg_pr_sha256\x00'}, 0x58)
setsockopt$ALG_SET_KEY(r0, 0x117, 0x1, 0x0, 0x0)
r1 = accept4(r0, 0x0, 0x0, 0x800)
recvmsg(r1, &(0x7f00000005c0)={0x0, 0x0, &(0x7f00000001c0)=[{0x0}, {&(0x7f0000000200)=""/83, 0x53}], 0x2}, 0x0)

15.991645494s ago: executing program 4 (id=1969):
r0 = syz_open_dev$video4linux(&(0x7f0000000cc0), 0x407fffffff, 0x8a840)
madvise(&(0x7f0000000000/0x3000)=nil, 0x7fffffffffffffff, 0xc)
ioctl$VIDIOC_SUBDEV_S_SELECTION(r0, 0xc040563e, &(0x7f0000000040)={0x1, 0x0, 0x2, 0x6, {0x7, 0x4, 0x9, 0xfffffff8}})
r1 = socket$nl_netfilter(0x10, 0x3, 0xc)
sendmsg$NFT_BATCH(r1, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000000040)={&(0x7f00000004c0)={{0x14}, [@NFT_MSG_NEWTABLE={0x20, 0x0, 0xa, 0x301, 0x0, 0x0, {0x1}, [@NFTA_TABLE_NAME={0x9, 0x1, 'syz1\x00'}]}, @NFT_MSG_DELCHAIN={0x38, 0x5, 0xa, 0x201, 0x0, 0x0, {0x1, 0x0, 0xa}, [@NFTA_CHAIN_HANDLE={0xc, 0x2, 0x1, 0x0, 0x1}, @NFTA_CHAIN_TABLE={0x9, 0x1, 'syz1\x00'}, @NFTA_CHAIN_HOOK={0xc, 0x4, 0x0, 0x1, [@NFTA_HOOK_PRIORITY={0x8, 0x2, 0x1, 0x0, 0x4a030753}]}]}], {0x14}}, 0x80}}, 0x0)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000080)={&(0x7f0000000000)='sched_switch\x00'}, 0x10)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x88}, 0x0)
sched_setscheduler(0x0, 0x1, &(0x7f0000000240)=0x7)
r2 = getpid()
sched_setscheduler(r2, 0x2, &(0x7f0000000200)=0x7)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={<r3=>0xffffffffffffffff, <r4=>0xffffffffffffffff})
connect$unix(r3, &(0x7f000057eff8)=@abs, 0x6e)
sendmmsg$unix(r4, &(0x7f0000000000), 0x651, 0x0)
recvmmsg(r3, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000000)=0x6)
bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000140)={0x1e, 0x4, &(0x7f0000000000)=@framed={{0x18, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xfffffffc}, [@ldst={0x1, 0x2, 0x3, 0x2, 0x1, 0x14}]}, &(0x7f0000000040)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x24}, 0x94)
r5 = socket$nl_xfrm(0x10, 0x3, 0x6)
sendmsg$nl_xfrm(r5, &(0x7f0000000300)={0x0, 0x0, &(0x7f00000003c0)={&(0x7f0000000540)=ANY=[@ANYBLOB="400100001000010000000000000000000a010102000000000000100000000000ac1414bb00000000000000000000000000000a00002016000000000000000000", @ANYRES32=0x0, @ANYRES32=0x0, @ANYBLOB="00000000000000000000000000000001000004d26c000000ac1414aa000000000000000000000000000000000000000003000000000000000000000000000000010000000000000000000000000000000000000000000000000001000400000000000000000000000000000000000000feffffffffffffff0000000000000000000000000000000000000000000000000000000000000000000000000a0001002000000000000000480003006c7a6a6800000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000080016"], 0x140}}, 0x0)
r6 = socket(0x2, 0x80805, 0x0)
setsockopt$inet_sctp6_SCTP_DEFAULT_SEND_PARAM(r6, 0x84, 0xa, &(0x7f0000000200), 0x20)
r7 = socket$inet(0x2, 0x2, 0x0)
setsockopt$inet_mreqn(r7, 0x0, 0x23, &(0x7f0000000100)={@multicast2, @loopback}, 0xc)
bpf$PROG_LOAD(0x5, &(0x7f00000004c0)={0x11, 0xc, &(0x7f0000000000)=ANY=[@ANYBLOB="1800"/13], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback=0x18, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
sched_setscheduler(0x0, 0x2, 0x0)
timer_create(0x0, 0x0, 0x0)
syz_kvm_setup_cpu$x86(0xffffffffffffffff, 0xffffffffffffffff, &(0x7f0000fe7000/0x18000)=nil, &(0x7f00000004c0)=[@text32={0x20, 0x0}], 0x1, 0x0, 0x0, 0x0)
openat$kvm(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0)
r8 = ioctl$KVM_CREATE_VM(0xffffffffffffffff, 0xae01, 0x0)
ioctl$KVM_CREATE_IRQCHIP(r8, 0xae60)

2.025723903s ago: executing program 36 (id=1967):
syz_open_dev$dri(0x0, 0x1, 0x0)
write$RDMA_USER_CM_CMD_CREATE_ID(0xffffffffffffffff, 0x0, 0x0)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000080)=0x8)
r0 = getpid()
sched_setscheduler(r0, 0x2, &(0x7f0000000200)=0x7)
ioctl$SIOCSIFHWADDR(0xffffffffffffffff, 0x8924, 0x0)
ioctl$vim2m_VIDIOC_REQBUFS(0xffffffffffffffff, 0xc0145608, &(0x7f0000000540)={0xffffeffe, 0x1, 0x2})
ioctl$vim2m_VIDIOC_REQBUFS(0xffffffffffffffff, 0xc0145608, &(0x7f0000000000)={0x1f, 0x1, 0x4})
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={<r1=>0xffffffffffffffff, <r2=>0xffffffffffffffff})
connect$unix(r1, &(0x7f000057eff8)=@abs, 0x6e)
sendmmsg$unix(r2, &(0x7f0000000000), 0x651, 0x0)
recvmmsg(r1, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
bpf$MAP_CREATE(0x0, &(0x7f0000000300)=ANY=[@ANYRES64=r0, @ANYRES64, @ANYRESHEX, @ANYRESHEX, @ANYRESOCT=r1, @ANYRESHEX, @ANYRESDEC=r1, @ANYRESHEX], 0x48)
r3 = openat$sysctl(0xffffffffffffff9c, &(0x7f0000000140)='/proc/self/clear_refs\x00', 0x1, 0x0)
write$sysctl(r3, &(0x7f0000000180)='4\x00', 0x2)

0s ago: executing program 37 (id=1969):
r0 = syz_open_dev$video4linux(&(0x7f0000000cc0), 0x407fffffff, 0x8a840)
madvise(&(0x7f0000000000/0x3000)=nil, 0x7fffffffffffffff, 0xc)
ioctl$VIDIOC_SUBDEV_S_SELECTION(r0, 0xc040563e, &(0x7f0000000040)={0x1, 0x0, 0x2, 0x6, {0x7, 0x4, 0x9, 0xfffffff8}})
r1 = socket$nl_netfilter(0x10, 0x3, 0xc)
sendmsg$NFT_BATCH(r1, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000000040)={&(0x7f00000004c0)={{0x14}, [@NFT_MSG_NEWTABLE={0x20, 0x0, 0xa, 0x301, 0x0, 0x0, {0x1}, [@NFTA_TABLE_NAME={0x9, 0x1, 'syz1\x00'}]}, @NFT_MSG_DELCHAIN={0x38, 0x5, 0xa, 0x201, 0x0, 0x0, {0x1, 0x0, 0xa}, [@NFTA_CHAIN_HANDLE={0xc, 0x2, 0x1, 0x0, 0x1}, @NFTA_CHAIN_TABLE={0x9, 0x1, 'syz1\x00'}, @NFTA_CHAIN_HOOK={0xc, 0x4, 0x0, 0x1, [@NFTA_HOOK_PRIORITY={0x8, 0x2, 0x1, 0x0, 0x4a030753}]}]}], {0x14}}, 0x80}}, 0x0)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000080)={&(0x7f0000000000)='sched_switch\x00'}, 0x10)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x88}, 0x0)
sched_setscheduler(0x0, 0x1, &(0x7f0000000240)=0x7)
r2 = getpid()
sched_setscheduler(r2, 0x2, &(0x7f0000000200)=0x7)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={<r3=>0xffffffffffffffff, <r4=>0xffffffffffffffff})
connect$unix(r3, &(0x7f000057eff8)=@abs, 0x6e)
sendmmsg$unix(r4, &(0x7f0000000000), 0x651, 0x0)
recvmmsg(r3, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000000)=0x6)
bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000140)={0x1e, 0x4, &(0x7f0000000000)=@framed={{0x18, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xfffffffc}, [@ldst={0x1, 0x2, 0x3, 0x2, 0x1, 0x14}]}, &(0x7f0000000040)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x24}, 0x94)
r5 = socket$nl_xfrm(0x10, 0x3, 0x6)
sendmsg$nl_xfrm(r5, &(0x7f0000000300)={0x0, 0x0, &(0x7f00000003c0)={&(0x7f0000000540)=ANY=[@ANYBLOB="400100001000010000000000000000000a010102000000000000100000000000ac1414bb00000000000000000000000000000a00002016000000000000000000", @ANYRES32=0x0, @ANYRES32=0x0, @ANYBLOB="00000000000000000000000000000001000004d26c000000ac1414aa000000000000000000000000000000000000000003000000000000000000000000000000010000000000000000000000000000000000000000000000000001000400000000000000000000000000000000000000feffffffffffffff0000000000000000000000000000000000000000000000000000000000000000000000000a0001002000000000000000480003006c7a6a6800000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000080016"], 0x140}}, 0x0)
r6 = socket(0x2, 0x80805, 0x0)
setsockopt$inet_sctp6_SCTP_DEFAULT_SEND_PARAM(r6, 0x84, 0xa, &(0x7f0000000200), 0x20)
r7 = socket$inet(0x2, 0x2, 0x0)
setsockopt$inet_mreqn(r7, 0x0, 0x23, &(0x7f0000000100)={@multicast2, @loopback}, 0xc)
bpf$PROG_LOAD(0x5, &(0x7f00000004c0)={0x11, 0xc, &(0x7f0000000000)=ANY=[@ANYBLOB="1800"/13], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback=0x18, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
sched_setscheduler(0x0, 0x2, 0x0)
timer_create(0x0, 0x0, 0x0)
syz_kvm_setup_cpu$x86(0xffffffffffffffff, 0xffffffffffffffff, &(0x7f0000fe7000/0x18000)=nil, &(0x7f00000004c0)=[@text32={0x20, 0x0}], 0x1, 0x0, 0x0, 0x0)
openat$kvm(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0)
r8 = ioctl$KVM_CREATE_VM(0xffffffffffffffff, 0xae01, 0x0)
ioctl$KVM_CREATE_IRQCHIP(r8, 0xae60)

kernel console output (not intermixed with test programs):

 T8632] netlink: 'syz.1.659': attribute type 63 has an invalid length.
[  293.099603][  T121] usb 6-1: string descriptor 0 read error: -71
[  293.255196][  T121] usb 6-1: USB disconnect, device number 19
[  293.446428][ T8640] input: syz1 as /devices/virtual/input/input6
[  294.550078][   T30] audit: type=1800 audit(1752615469.424:80): pid=8652 uid=0 auid=4294967295 ses=4294967295 subj=_ op=collect_data cause=failed comm="syz.1.664" name="SYSV00000000" dev="tmpfs" ino=4 res=0 errno=0
[  296.229449][ T8655] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium
[  296.856193][   T10] usb 6-1: new full-speed USB device number 20 using dummy_hcd
[  297.052478][   T10] usb 6-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config
[  297.194831][   T10] usb 6-1: config 0 has 0 interfaces, different from the descriptor's value: 1
[  297.583275][   T10] usb 6-1: New USB device found, idVendor=046a, idProduct=0023, bcdDevice= 0.00
[  297.639775][   T10] usb 6-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  297.687616][   T10] usb 6-1: config 0 descriptor??
[  298.324088][ T8702] netlink: 15 bytes leftover after parsing attributes in process `syz.2.673'.
[  298.829351][ T5853] Bluetooth: hci1: command 0x0406 tx timeout
[  300.710600][   T10] usb 6-1: string descriptor 0 read error: -71
[  300.792214][   T10] usb 6-1: USB disconnect, device number 20
[  304.701074][ T8756] overlayfs: option "workdir=./bus" is useless in a non-upper mount, ignore
[  304.759542][ T8756] overlayfs: option "index=on" is useless in a non-upper mount, ignore
[  304.768059][ T8756] overlayfs: missing 'lowerdir'
[  305.069668][ T8765] netlink: 'syz.5.691': attribute type 9 has an invalid length.
[  305.088333][ T8765] netlink: 212160 bytes leftover after parsing attributes in process `syz.5.691'.
[  305.378930][   T48] usb 5-1: new full-speed USB device number 19 using dummy_hcd
[  306.514575][   T48] usb 5-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config
[  306.559378][   T48] usb 5-1: config 0 has 0 interfaces, different from the descriptor's value: 1
[  306.578580][ T8774] syzkaller0: entered promiscuous mode
[  306.601769][ T8774] syzkaller0: entered allmulticast mode
[  306.607486][   T48] usb 5-1: New USB device found, idVendor=046a, idProduct=0023, bcdDevice= 0.00
[  306.624986][   T48] usb 5-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  306.960150][   T48] usb 5-1: config 0 descriptor??
[  308.488552][   T48] usb 5-1: string descriptor 0 read error: -71
[  309.372644][   T48] usb 5-1: USB disconnect, device number 19
[  309.632293][ T8801] netlink: 36 bytes leftover after parsing attributes in process `syz.3.699'.
[  311.250544][ T8822] netlink: 68 bytes leftover after parsing attributes in process `syz.1.702'.
[  314.329532][ T5899] usb 5-1: new full-speed USB device number 20 using dummy_hcd
[  314.421015][ T8845] netlink: 104 bytes leftover after parsing attributes in process `syz.5.710'.
[  314.521179][ T5899] usb 5-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config
[  314.539759][ T5899] usb 5-1: config 0 has 0 interfaces, different from the descriptor's value: 1
[  314.703456][ T5899] usb 5-1: New USB device found, idVendor=046a, idProduct=0023, bcdDevice= 0.00
[  314.739898][ T5899] usb 5-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  315.250391][ T5899] usb 5-1: config 0 descriptor??
[  315.262506][ T5899] usb 5-1: can't set config #0, error -71
[  315.284689][ T5899] usb 5-1: USB disconnect, device number 20
[  315.751367][ T8869] hfsplus: unable to find HFS+ superblock
[  316.293119][ T8865] netdevsim netdevsim2 netdevsim0: set [0, 0] type 1 family 0 port 8472 - 0
[  316.303996][ T8865] netdevsim netdevsim2 netdevsim1: set [0, 0] type 1 family 0 port 8472 - 0
[  316.313718][ T8865] netdevsim netdevsim2 netdevsim2: set [0, 0] type 1 family 0 port 8472 - 0
[  316.322531][ T8865] netdevsim netdevsim2 netdevsim3: set [0, 0] type 1 family 0 port 8472 - 0
[  317.232592][ T1301] ieee802154 phy0 wpan0: encryption failed: -22
[  317.450013][   T10] usb 6-1: new high-speed USB device number 21 using dummy_hcd
[  318.021630][   T10] usb 6-1: config 1 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7
[  318.037504][   T10] usb 6-1: config 1 interface 1 altsetting 1 bulk endpoint 0x82 has invalid maxpacket 1024
[  318.078603][   T10] usb 6-1: New USB device found, idVendor=0525, idProduct=a4a1, bcdDevice= 0.40
[  318.115748][   T10] usb 6-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  318.142727][   T10] usb 6-1: Product: syz
[  318.151212][   T10] usb 6-1: Manufacturer: syz
[  318.164636][   T10] usb 6-1: SerialNumber: syz
[  318.189034][   T10] cdc_mbim 6-1:1.0: skipping garbage
[  318.821979][ T8893] raw-gadget.0 gadget.5: fail, usb_ep_enable returned -22
[  320.341721][   T10] cdc_mbim 6-1:1.0: bind() failure
[  320.529814][   T10] cdc_ncm 6-1:1.1: probe with driver cdc_ncm failed with error -71
[  320.596951][   T10] cdc_mbim 6-1:1.1: probe with driver cdc_mbim failed with error -71
[  320.610358][   T10] usbtest 6-1:1.1: probe with driver usbtest failed with error -71
[  320.634585][   T10] usb 6-1: USB disconnect, device number 21
[  320.971062][   T30] audit: type=1800 audit(1752615495.824:81): pid=8918 uid=0 auid=4294967295 ses=4294967295 subj=_ op=collect_data cause=failed comm="syz.5.728" name="SYSV00000000" dev="tmpfs" ino=0 res=0 errno=0
[  322.902462][ T8920] netlink: 15 bytes leftover after parsing attributes in process `syz.4.729'.
[  326.037025][   T30] audit: type=1800 audit(1752615500.894:82): pid=8969 uid=0 auid=4294967295 ses=4294967295 subj=_ op=collect_data cause=failed comm="syz.1.741" name="SYSV00000000" dev="tmpfs" ino=0 res=0 errno=0
[  328.799382][   T48] usb 2-1: new full-speed USB device number 9 using dummy_hcd
[  328.962320][   T48] usb 2-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config
[  329.054897][   T48] usb 2-1: config 0 has 0 interfaces, different from the descriptor's value: 1
[  329.225111][   T48] usb 2-1: New USB device found, idVendor=046a, idProduct=0023, bcdDevice= 0.00
[  329.339223][   T48] usb 2-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  329.363402][   T48] usb 2-1: config 0 descriptor??
[  330.233777][ T8985] FAULT_INJECTION: forcing a failure.
[  330.233777][ T8985] name failslab, interval 1, probability 0, space 0, times 0
[  330.249600][ T8985] CPU: 0 UID: 0 PID: 8985 Comm: syz.3.747 Not tainted 6.16.0-rc6-syzkaller-00002-g155a3c003e55 #0 PREEMPT(full) 
[  330.249629][ T8985] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025
[  330.249651][ T8985] Call Trace:
[  330.249660][ T8985]  <TASK>
[  330.249668][ T8985]  dump_stack_lvl+0x189/0x250
[  330.249693][ T8985]  ? __pfx____ratelimit+0x10/0x10
[  330.249718][ T8985]  ? __pfx_dump_stack_lvl+0x10/0x10
[  330.249737][ T8985]  ? __pfx__printk+0x10/0x10
[  330.249765][ T8985]  ? __pfx___might_resched+0x10/0x10
[  330.249789][ T8985]  should_fail_ex+0x414/0x560
[  330.249818][ T8985]  should_failslab+0xa8/0x100
[  330.249845][ T8985]  kmem_cache_alloc_node_noprof+0x76/0x3c0
[  330.249869][ T8985]  ? __alloc_skb+0x112/0x2d0
[  330.249893][ T8985]  __alloc_skb+0x112/0x2d0
[  330.249916][ T8985]  mac80211_hwsim_del_radio+0xad/0x460
[  330.249942][ T8985]  ? __pfx_mac80211_hwsim_del_radio+0x10/0x10
[  330.249975][ T8985]  hwsim_del_radio_nl+0x54e/0x5a0
[  330.250003][ T8985]  genl_family_rcv_msg_doit+0x215/0x300
[  330.250034][ T8985]  ? __pfx_genl_family_rcv_msg_doit+0x10/0x10
[  330.250073][ T8985]  ? bpf_lsm_capable+0x9/0x20
[  330.250090][ T8985]  ? security_capable+0x7e/0x2e0
[  330.250116][ T8985]  genl_rcv_msg+0x60e/0x790
[  330.250147][ T8985]  ? __pfx_genl_rcv_msg+0x10/0x10
[  330.250169][ T8985]  ? __pfx_hwsim_del_radio_nl+0x10/0x10
[  330.250204][ T8985]  netlink_rcv_skb+0x208/0x470
[  330.250226][ T8985]  ? __pfx_genl_rcv_msg+0x10/0x10
[  330.250250][ T8985]  ? __pfx_netlink_rcv_skb+0x10/0x10
[  330.250287][ T8985]  ? down_read+0x1ad/0x2e0
[  330.250307][ T8985]  genl_rcv+0x28/0x40
[  330.250327][ T8985]  netlink_unicast+0x75c/0x8e0
[  330.250362][ T8985]  netlink_sendmsg+0x805/0xb30
[  330.250398][ T8985]  ? __pfx_netlink_sendmsg+0x10/0x10
[  330.250427][ T8985]  ? bpf_lsm_socket_sendmsg+0x9/0x20
[  330.250449][ T8985]  ? __pfx_netlink_sendmsg+0x10/0x10
[  330.250470][ T8985]  __sock_sendmsg+0x219/0x270
[  330.250498][ T8985]  ____sys_sendmsg+0x505/0x830
[  330.250526][ T8985]  ? __pfx_____sys_sendmsg+0x10/0x10
[  330.250557][ T8985]  ? import_iovec+0x74/0xa0
[  330.250580][ T8985]  ___sys_sendmsg+0x21f/0x2a0
[  330.250604][ T8985]  ? __pfx____sys_sendmsg+0x10/0x10
[  330.250662][ T8985]  ? __fget_files+0x2a/0x420
[  330.250678][ T8985]  ? __fget_files+0x3a0/0x420
[  330.250705][ T8985]  __x64_sys_sendmsg+0x19b/0x260
[  330.250729][ T8985]  ? __pfx___x64_sys_sendmsg+0x10/0x10
[  330.250762][ T8985]  ? __pfx_ksys_write+0x10/0x10
[  330.250781][ T8985]  ? rcu_is_watching+0x15/0xb0
[  330.250805][ T8985]  ? do_syscall_64+0xbe/0x3b0
[  330.250826][ T8985]  do_syscall_64+0xfa/0x3b0
[  330.250844][ T8985]  ? entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  330.250860][ T8985]  ? asm_sysvec_apic_timer_interrupt+0x1a/0x20
[  330.250876][ T8985]  ? clear_bhb_loop+0x60/0xb0
[  330.250897][ T8985]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  330.250914][ T8985] RIP: 0033:0x7f950058e929
[  330.250930][ T8985] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[  330.250944][ T8985] RSP: 002b:00007f9501478038 EFLAGS: 00000246 ORIG_RAX: 000000000000002e
[  330.250963][ T8985] RAX: ffffffffffffffda RBX: 00007f95007b5fa0 RCX: 00007f950058e929
[  330.250976][ T8985] RDX: 0000000020000086 RSI: 0000200000000100 RDI: 0000000000000009
[  330.250987][ T8985] RBP: 00007f9501478090 R08: 0000000000000000 R09: 0000000000000000
[  330.250998][ T8985] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[  330.251008][ T8985] R13: 0000000000000000 R14: 00007f95007b5fa0 R15: 00007ffd95658418
[  330.251039][ T8985]  </TASK>
[  331.149483][ T5953] usb 6-1: new high-speed USB device number 22 using dummy_hcd
[  331.227868][   T48] usb 2-1: string descriptor 0 read error: -71
[  331.447838][ T9018] autofs: Unknown parameter '’Óô‡šÍÈ¢Ñ?³ôEú绣A¿ã�sñw™�Ó妵µÞ$‡g(`ËbÃÆÃ~³NsO‘rÀqOsÓÅ塇èˆu½†¸ã'
[  331.483629][ T9018] block device autoloading is deprecated and will be removed.
[  331.512624][   T48] usb 2-1: USB disconnect, device number 9
[  331.529671][ T5953] usb 6-1: config 1 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7
[  331.543282][ T5953] usb 6-1: config 1 interface 1 altsetting 1 bulk endpoint 0x82 has invalid maxpacket 1024
[  331.572088][ T5953] usb 6-1: New USB device found, idVendor=0525, idProduct=a4a1, bcdDevice= 0.40
[  331.612383][ T5953] usb 6-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  331.637798][ T5953] usb 6-1: Product: syz
[  331.712489][   T30] audit: type=1800 audit(1752615506.584:83): pid=9022 uid=0 auid=4294967295 ses=4294967295 subj=_ op=collect_data cause=failed comm="syz.1.755" name="SYSV00000000" dev="tmpfs" ino=5 res=0 errno=0
[  331.748613][ T5953] usb 6-1: Manufacturer: syz
[  331.766329][ T5953] usb 6-1: SerialNumber: syz
[  331.907755][ T5953] cdc_mbim 6-1:1.0: skipping garbage
[  332.489344][ T9037] raw-gadget.1 gadget.5: fail, usb_ep_enable returned -22
[  333.109684][   T10] usb 5-1: new full-speed USB device number 21 using dummy_hcd
[  333.692278][ T5900] usb 2-1: new full-speed USB device number 10 using dummy_hcd
[  333.792410][   T10] usb 5-1: config index 0 descriptor too short (expected 156, got 27)
[  333.813705][   T10] usb 5-1: too many endpoints for config 0 interface 0 altsetting 191: 144, using maximum allowed: 30
[  333.843839][ T9052] vcan0: tx drop: invalid sa for name 0x0000000000000003
[  333.844282][   T10] usb 5-1: config 0 interface 0 altsetting 191 endpoint 0x87 has an invalid bInterval 0, changing to 10
[  333.894397][ T5900] usb 2-1: config index 0 descriptor too short (expected 156, got 27)
[  333.923525][ T5900] usb 2-1: too many endpoints for config 0 interface 0 altsetting 191: 144, using maximum allowed: 30
[  333.942640][   T10] usb 5-1: config 0 interface 0 altsetting 191 endpoint 0x87 has invalid maxpacket 255, setting to 64
[  334.001355][   T10] usb 5-1: config 0 interface 0 altsetting 191 has 1 endpoint descriptor, different from the interface descriptor's value: 144
[  334.005774][ T5953] cdc_mbim 6-1:1.0: bind() failure
[  334.034973][ T5953] cdc_ncm 6-1:1.1: probe with driver cdc_ncm failed with error -71
[  334.041040][ T5900] usb 2-1: config 0 interface 0 altsetting 191 endpoint 0x87 has an invalid bInterval 0, changing to 10
[  334.043861][ T5953] cdc_mbim 6-1:1.1: probe with driver cdc_mbim failed with error -71
[  334.113320][ T5900] usb 2-1: config 0 interface 0 altsetting 191 endpoint 0x87 has invalid maxpacket 255, setting to 64
[  334.131718][   T10] usb 5-1: config 0 interface 0 has no altsetting 0
[  334.144509][ T5953] usbtest 6-1:1.1: probe with driver usbtest failed with error -71
[  334.162699][   T10] usb 5-1: New USB device found, idVendor=0f11, idProduct=1021, bcdDevice=86.66
[  334.178423][ T5900] usb 2-1: config 0 interface 0 altsetting 191 has 1 endpoint descriptor, different from the interface descriptor's value: 144
[  334.189542][ T5953] usb 6-1: USB disconnect, device number 22
[  334.192608][   T10] usb 5-1: New USB device strings: Mfr=85, Product=120, SerialNumber=172
[  334.223058][ T5900] usb 2-1: config 0 interface 0 has no altsetting 0
[  334.239665][   T10] usb 5-1: Product: syz
[  334.246783][   T10] usb 5-1: Manufacturer: syz
[  334.270557][ T5900] usb 2-1: New USB device found, idVendor=0f11, idProduct=1021, bcdDevice=86.66
[  334.288354][   T10] usb 5-1: SerialNumber: syz
[  334.298427][ T5900] usb 2-1: New USB device strings: Mfr=85, Product=120, SerialNumber=172
[  334.332871][   T10] usb 5-1: config 0 descriptor??
[  334.344626][ T5900] usb 2-1: Product: syz
[  334.352277][ T9041] raw-gadget.0 gadget.4: fail, usb_ep_enable returned -22
[  334.364952][ T5900] usb 2-1: Manufacturer: syz
[  334.373762][   T10] ldusb 5-1:0.0: Interrupt out endpoint not found (using control endpoint instead)
[  334.395295][ T5900] usb 2-1: SerialNumber: syz
[  334.427348][ T5900] usb 2-1: config 0 descriptor??
[  334.433241][   T10] ldusb 5-1:0.0: LD USB Device #0 now attached to major 180 minor 0
[  334.451181][ T9045] raw-gadget.2 gadget.1: fail, usb_ep_enable returned -22
[  334.464006][ T5900] ldusb 2-1:0.0: Interrupt out endpoint not found (using control endpoint instead)
[  334.481833][ T5900] ldusb 2-1:0.0: LD USB Device #1 now attached to major 180 minor 1
[  334.626569][ T9041] netlink: 212376 bytes leftover after parsing attributes in process `syz.4.758'.
[  334.645324][ T5900] usb 5-1: USB disconnect, device number 21
[  334.657063][ T5900] ldusb 5-1:0.0: LD USB Device #0 now disconnected
[  334.680270][ T9045] netlink: 212376 bytes leftover after parsing attributes in process `syz.1.760'.
[  334.691639][   T10] usb 2-1: USB disconnect, device number 10
[  334.703719][   T10] ldusb 2-1:0.0: LD USB Device #1 now disconnected
[  335.010940][   T30] audit: type=1800 audit(1752615509.884:84): pid=9081 uid=0 auid=4294967295 ses=4294967295 subj=_ op=collect_data cause=failed comm="syz.5.767" name="SYSV00000000" dev="tmpfs" ino=4 res=0 errno=0
[  335.069625][ T5900] usb 4-1: new full-speed USB device number 16 using dummy_hcd
[  335.244902][ T5900] usb 4-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config
[  335.281596][ T5900] usb 4-1: config 0 has 0 interfaces, different from the descriptor's value: 1
[  335.499744][ T5900] usb 4-1: New USB device found, idVendor=046a, idProduct=0023, bcdDevice= 0.00
[  335.525609][ T5953] usb 6-1: new high-speed USB device number 23 using dummy_hcd
[  335.538064][ T5900] usb 4-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  336.331752][ T9085] sp0: Synchronizing with TNC
[  336.521039][ T5900] usb 4-1: config 0 descriptor??
[  336.839112][ T9094] binder: 9089:9094 ioctl 4018620d 0 returned -22
[  336.859528][ T5953] usb 6-1: Using ep0 maxpacket: 32
[  336.878828][ T5953] usb 6-1: config index 0 descriptor too short (expected 156, got 27)
[  337.040627][ T9086] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium
[  337.107954][ T5953] usb 6-1: too many endpoints for config 0 interface 0 altsetting 191: 144, using maximum allowed: 30
[  337.119386][ T5953] usb 6-1: config 0 interface 0 altsetting 191 endpoint 0x87 has an invalid bInterval 0, changing to 7
[  337.130587][ T5953] usb 6-1: config 0 interface 0 altsetting 191 has 1 endpoint descriptor, different from the interface descriptor's value: 144
[  337.143860][ T5953] usb 6-1: config 0 interface 0 has no altsetting 0
[  337.383018][ T5953] usb 6-1: New USB device found, idVendor=0f11, idProduct=1021, bcdDevice=86.66
[  337.397952][ T5953] usb 6-1: New USB device strings: Mfr=85, Product=120, SerialNumber=172
[  337.406579][ T5900] usb 4-1: string descriptor 0 read error: -71
[  337.423875][ T5953] usb 6-1: Product: syz
[  337.425109][ T5900] usb 4-1: USB disconnect, device number 16
[  337.428070][ T5953] usb 6-1: Manufacturer: syz
[  337.428086][ T5953] usb 6-1: SerialNumber: syz
[  337.595444][ T5953] usb 6-1: config 0 descriptor??
[  338.539367][ T5953] ldusb 6-1:0.0: Interrupt out endpoint not found (using control endpoint instead)
[  338.570374][ T5953] ldusb 6-1:0.0: LD USB Device #0 now attached to major 180 minor 0
[  338.775766][ T5953] usb 6-1: USB disconnect, device number 23
[  338.803663][ T5953] ldusb 6-1:0.0: LD USB Device #0 now disconnected
[  340.967511][ T5892] usb 4-1: new full-speed USB device number 17 using dummy_hcd
[  341.144247][ T5892] usb 4-1: config index 0 descriptor too short (expected 156, got 27)
[  341.187100][ T5892] usb 4-1: too many endpoints for config 0 interface 0 altsetting 191: 144, using maximum allowed: 30
[  341.244663][ T5892] usb 4-1: config 0 interface 0 altsetting 191 endpoint 0x87 has an invalid bInterval 0, changing to 10
[  341.343018][ T5892] usb 4-1: config 0 interface 0 altsetting 191 endpoint 0x87 has invalid maxpacket 255, setting to 64
[  341.399271][ T5892] usb 4-1: config 0 interface 0 altsetting 191 has 1 endpoint descriptor, different from the interface descriptor's value: 144
[  341.459659][ T5892] usb 4-1: config 0 interface 0 has no altsetting 0
[  341.595163][ T5892] usb 4-1: New USB device found, idVendor=0f11, idProduct=1021, bcdDevice=86.66
[  341.610833][ T9150] netlink: 24 bytes leftover after parsing attributes in process `syz.5.786'.
[  341.714316][   T30] audit: type=1326 audit(1752615516.334:85): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=9151 comm="syz.2.787" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fd46f78e929 code=0x7ffc0000
[  341.756579][ T5892] usb 4-1: New USB device strings: Mfr=85, Product=120, SerialNumber=172
[  342.138227][ T9159] netlink: 212408 bytes leftover after parsing attributes in process `syz.2.787'.
[  342.149586][ T5892] usb 4-1: Product: syz
[  342.153796][ T5892] usb 4-1: Manufacturer: syz
[  342.158410][ T5892] usb 4-1: SerialNumber: syz
[  342.199734][   T30] audit: type=1326 audit(1752615516.504:86): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=9151 comm="syz.2.787" exe="/root/syz-executor" sig=0 arch=c000003e syscall=257 compat=0 ip=0x7fd46f78d290 code=0x7ffc0000
[  342.263235][ T5892] usb 4-1: config 0 descriptor??
[  342.281957][ T9131] raw-gadget.0 gadget.3: fail, usb_ep_enable returned -22
[  342.306796][   T30] audit: type=1326 audit(1752615516.504:87): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=9151 comm="syz.2.787" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fd46f78e929 code=0x7ffc0000
[  342.328145][    C0] vkms_vblank_simulate: vblank timer overrun
[  342.347863][ T5892] ldusb 4-1:0.0: Interrupt out endpoint not found (using control endpoint instead)
[  342.431836][ T5892] ldusb 4-1:0.0: LD USB Device #0 now attached to major 180 minor 0
[  342.598966][   T30] audit: type=1326 audit(1752615516.504:88): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=9151 comm="syz.2.787" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fd46f78e929 code=0x7ffc0000
[  342.762122][   T30] audit: type=1326 audit(1752615516.504:89): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=9151 comm="syz.2.787" exe="/root/syz-executor" sig=0 arch=c000003e syscall=49 compat=0 ip=0x7fd46f78e929 code=0x7ffc0000
[  342.785447][ T9165] netlink: 212376 bytes leftover after parsing attributes in process `syz.3.781'.
[  342.801635][    C1] ldusb 4-1:0.0: usb_submit_urb failed (-1)
[  342.810186][ T5950] usb 4-1: USB disconnect, device number 17
[  342.866854][ T5950] ldusb 4-1:0.0: LD USB Device #0 now disconnected
[  342.940180][   T30] audit: type=1326 audit(1752615516.504:90): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=9151 comm="syz.2.787" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fd46f78e929 code=0x7ffc0000
[  343.516857][   T30] audit: type=1326 audit(1752615516.504:91): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=9151 comm="syz.2.787" exe="/root/syz-executor" sig=0 arch=c000003e syscall=51 compat=0 ip=0x7fd46f78e929 code=0x7ffc0000
[  343.540790][   T30] audit: type=1326 audit(1752615516.504:92): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=9151 comm="syz.2.787" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fd46f78e929 code=0x7ffc0000
[  343.948625][   T30] audit: type=1326 audit(1752615516.504:93): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=9151 comm="syz.2.787" exe="/root/syz-executor" sig=0 arch=c000003e syscall=307 compat=0 ip=0x7fd46f78e929 code=0x7ffc0000
[  345.148548][ T9188] netlink: 'syz.2.796': attribute type 3 has an invalid length.
[  345.160861][ T9188] netlink: 'syz.2.796': attribute type 3 has an invalid length.
[  345.280169][ T9188] veth2: entered allmulticast mode
[  345.465174][   T30] audit: type=1800 audit(1752615520.324:94): pid=9196 uid=0 auid=4294967295 ses=4294967295 subj=_ op=collect_data cause=failed comm="syz.5.798" name="SYSV00000000" dev="tmpfs" ino=5 res=0 errno=0
[  347.669701][ T5900] usb 2-1: new high-speed USB device number 11 using dummy_hcd
[  347.776362][ T9236] hfsplus: unable to find HFS+ superblock
[  347.959937][ T5953] usb 4-1: new high-speed USB device number 18 using dummy_hcd
[  348.320544][ T9238] iommufd_mock iommufd_mock0: Adding to iommu group 0
[  348.361481][ T5900] usb 2-1: config 1 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7
[  348.373326][ T5900] usb 2-1: config 1 interface 1 altsetting 1 bulk endpoint 0x82 has invalid maxpacket 1024
[  348.407285][ T5900] usb 2-1: New USB device found, idVendor=0525, idProduct=a4a1, bcdDevice= 0.40
[  348.417047][   T30] audit: type=1800 audit(1752615523.264:95): pid=9240 uid=0 auid=4294967295 ses=4294967295 subj=_ op=collect_data cause=failed comm="syz.2.816" name="SYSV00000000" dev="tmpfs" ino=0 res=0 errno=0
[  348.441997][ T5900] usb 2-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  348.526699][ T5900] usb 2-1: Product: syz
[  348.532803][ T5900] usb 2-1: Manufacturer: syz
[  348.541453][ T5900] usb 2-1: SerialNumber: syz
[  348.557331][ T5900] cdc_mbim 2-1:1.0: skipping garbage
[  348.641375][ T5953] usb 4-1: config 1 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7
[  348.741794][ T5953] usb 4-1: config 1 interface 1 altsetting 1 bulk endpoint 0x82 has invalid maxpacket 1024
[  348.757877][ T5953] usb 4-1: New USB device found, idVendor=0525, idProduct=a4a1, bcdDevice= 0.40
[  348.767503][ T5953] usb 4-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  348.928213][ T5953] usb 4-1: Product: syz
[  348.934594][ T5953] usb 4-1: Manufacturer: syz
[  348.941958][ T5953] usb 4-1: SerialNumber: syz
[  349.750504][ T5953] cdc_mbim 4-1:1.0: skipping garbage
[  349.800249][ T9245] raw-gadget.0 gadget.1: fail, usb_ep_enable returned -22
[  350.932686][ T9256] raw-gadget.1 gadget.3: fail, usb_ep_enable returned -22
[  351.419033][ T5900] cdc_mbim 2-1:1.0: bind() failure
[  351.437590][ T5900] cdc_ncm 2-1:1.1: probe with driver cdc_ncm failed with error -71
[  351.465335][ T5900] cdc_mbim 2-1:1.1: probe with driver cdc_mbim failed with error -71
[  351.522846][ T5900] usbtest 2-1:1.1: probe with driver usbtest failed with error -71
[  351.627036][ T5900] usb 2-1: USB disconnect, device number 11
[  352.573132][ T5953] cdc_mbim 4-1:1.0: bind() failure
[  352.599544][ T5953] cdc_ncm 4-1:1.1: probe with driver cdc_ncm failed with error -71
[  352.652079][ T5953] cdc_mbim 4-1:1.1: probe with driver cdc_mbim failed with error -71
[  352.718803][ T5953] usbtest 4-1:1.1: probe with driver usbtest failed with error -71
[  352.795922][ T5953] usb 4-1: USB disconnect, device number 18
[  353.759664][ T9278] netlink: 256 bytes leftover after parsing attributes in process `syz.3.824'.
[  353.768650][ T9278] netlink: 72 bytes leftover after parsing attributes in process `syz.3.824'.
[  354.617764][   T30] audit: type=1800 audit(1752615529.484:96): pid=9288 uid=0 auid=4294967295 ses=4294967295 subj=_ op=collect_data cause=failed comm="syz.4.827" name="SYSV00000000" dev="tmpfs" ino=1 res=0 errno=0
[  356.559636][ T5900] usb 2-1: new high-speed USB device number 12 using dummy_hcd
[  357.070093][ T5900] usb 2-1: config 1 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7
[  357.102084][ T5900] usb 2-1: config 1 interface 1 altsetting 1 bulk endpoint 0x82 has invalid maxpacket 1024
[  357.128407][ T9309] netlink: 24 bytes leftover after parsing attributes in process `syz.4.834'.
[  357.141831][ T5900] usb 2-1: New USB device found, idVendor=0525, idProduct=a4a1, bcdDevice= 0.40
[  357.160307][ T5900] usb 2-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  357.168350][ T5900] usb 2-1: Product: syz
[  357.177001][ T5900] usb 2-1: Manufacturer: syz
[  357.196856][ T5900] usb 2-1: SerialNumber: syz
[  357.247372][ T5900] cdc_mbim 2-1:1.0: skipping garbage
[  357.830129][ T9323] raw-gadget.0 gadget.1: fail, usb_ep_enable returned -22
[  358.291687][ T9325] xt_socket: unknown flags 0x8
[  358.931092][ T9331] tipc: New replicast peer: 255.255.255.255
[  358.937533][ T9331] tipc: Enabled bearer <udp:syz2>, priority 10
[  359.391170][ T5900] cdc_mbim 2-1:1.0: bind() failure
[  359.433563][ T5900] cdc_ncm 2-1:1.1: probe with driver cdc_ncm failed with error -71
[  359.478641][ T5900] cdc_mbim 2-1:1.1: probe with driver cdc_mbim failed with error -71
[  359.528774][ T5900] usbtest 2-1:1.1: probe with driver usbtest failed with error -71
[  359.580146][ T5900] usb 2-1: USB disconnect, device number 12
[  359.610210][ T5950] usb 5-1: new full-speed USB device number 22 using dummy_hcd
[  359.872750][ T5950] usb 5-1: config index 0 descriptor too short (expected 156, got 27)
[  359.885259][ T5950] usb 5-1: too many endpoints for config 0 interface 0 altsetting 191: 144, using maximum allowed: 30
[  359.896848][ T5950] usb 5-1: config 0 interface 0 altsetting 191 endpoint 0x87 has an invalid bInterval 0, changing to 10
[  359.915312][ T5950] usb 5-1: config 0 interface 0 altsetting 191 endpoint 0x87 has invalid maxpacket 255, setting to 64
[  359.973442][ T5950] usb 5-1: config 0 interface 0 altsetting 191 has 1 endpoint descriptor, different from the interface descriptor's value: 144
[  360.037313][ T5950] usb 5-1: config 0 interface 0 has no altsetting 0
[  360.069722][   T30] audit: type=1800 audit(1752615534.904:97): pid=9350 uid=0 auid=4294967295 ses=4294967295 subj=_ op=collect_data cause=failed comm="syz.1.847" name="SYSV00000000" dev="tmpfs" ino=6 res=0 errno=0
[  360.114018][ T5950] usb 5-1: New USB device found, idVendor=0f11, idProduct=1021, bcdDevice=86.66
[  361.229816][ T5950] usb 5-1: New USB device strings: Mfr=85, Product=120, SerialNumber=172
[  361.238299][ T5950] usb 5-1: Product: syz
[  361.300072][ T5950] usb 5-1: Manufacturer: syz
[  361.304725][ T5950] usb 5-1: SerialNumber: syz
[  361.361401][ T5950] usb 5-1: config 0 descriptor??
[  361.368076][ T9343] raw-gadget.1 gadget.4: fail, usb_ep_enable returned -22
[  361.398246][ T5950] ldusb 5-1:0.0: Interrupt out endpoint not found (using control endpoint instead)
[  361.446558][ T5950] ldusb 5-1:0.0: LD USB Device #0 now attached to major 180 minor 0
[  361.886282][ T9343] netlink: 212408 bytes leftover after parsing attributes in process `syz.4.845'.
[  362.016620][ T5950] usb 5-1: USB disconnect, device number 22
[  362.047216][ T5950] ldusb 5-1:0.0: LD USB Device #0 now disconnected
[  362.136324][ T9373] tipc: Started in network mode
[  362.143544][ T9373] tipc: Node identity ac14140f, cluster identity 4711
[  362.153824][ T9373] tipc: New replicast peer: 255.255.255.255
[  362.314173][ T9373] tipc: Enabled bearer <udp:syz2>, priority 10
[  364.003020][   T24] tipc: Node number set to 2886997007
[  364.567711][ T5900] IPVS: starting estimator thread 0...
[  364.682826][ T9380] IPVS: using max 25 ests per chain, 60000 per kthread
[  366.784499][ T9402] sock: sock_timestamping_bind_phc: sock not bind to device
[  367.549961][   T10] usb 5-1: new high-speed USB device number 23 using dummy_hcd
[  367.722234][  T121] usb 6-1: new full-speed USB device number 24 using dummy_hcd
[  368.588248][  T121] usb 6-1: config index 0 descriptor too short (expected 156, got 27)
[  368.610362][   T10] usb 5-1: Using ep0 maxpacket: 32
[  368.649094][   T10] usb 5-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7
[  368.679568][   T10] usb 5-1: config 0 interface 0 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 5
[  368.684894][  T121] usb 6-1: too many endpoints for config 0 interface 0 altsetting 191: 144, using maximum allowed: 30
[  368.703631][   T10] usb 5-1: New USB device found, idVendor=0955, idProduct=7214, bcdDevice= 0.00
[  368.703660][   T10] usb 5-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  368.706291][   T10] usb 5-1: config 0 descriptor??
[  368.868277][ T9426] netlink: 8 bytes leftover after parsing attributes in process `syz.1.871'.
[  368.878249][  T121] usb 6-1: config 0 interface 0 altsetting 191 endpoint 0x87 has an invalid bInterval 0, changing to 10
[  368.952677][  T121] usb 6-1: config 0 interface 0 altsetting 191 endpoint 0x87 has invalid maxpacket 255, setting to 64
[  369.009671][ T9428] tipc: Enabling of bearer <udp:syz2> rejected, already enabled
[  369.047053][  T121] usb 6-1: config 0 interface 0 altsetting 191 has 1 endpoint descriptor, different from the interface descriptor's value: 144
[  369.141501][  T121] usb 6-1: config 0 interface 0 has no altsetting 0
[  369.210924][  T121] usb 6-1: New USB device found, idVendor=0f11, idProduct=1021, bcdDevice=86.66
[  369.728938][  T121] usb 6-1: New USB device strings: Mfr=85, Product=120, SerialNumber=172
[  369.751932][  T121] usb 6-1: Product: syz
[  369.753818][   T10] usbhid 5-1:0.0: can't add hid device: -71
[  369.756118][  T121] usb 6-1: Manufacturer: syz
[  369.766656][  T121] usb 6-1: SerialNumber: syz
[  369.774146][  T121] usb 6-1: config 0 descriptor??
[  369.932939][   T10] usbhid 5-1:0.0: probe with driver usbhid failed with error -71
[  369.991595][ T9418] raw-gadget.1 gadget.5: fail, usb_ep_enable returned -22
[  370.035324][   T10] usb 5-1: USB disconnect, device number 23
[  370.189969][  T121] ldusb 6-1:0.0: Interrupt out endpoint not found (using control endpoint instead)
[  370.427458][  T121] ldusb 6-1:0.0: LD USB Device #0 now attached to major 180 minor 0
[  370.500121][   T10] usb 6-1: USB disconnect, device number 24
[  370.518125][   T10] ldusb 6-1:0.0: LD USB Device #0 now disconnected
[  371.121709][ T9464] netlink: 200 bytes leftover after parsing attributes in process `syz.4.882'.
[  375.083800][ T9488] netlink: 108 bytes leftover after parsing attributes in process `syz.2.888'.
[  375.284414][ T5900] usb 4-1: new full-speed USB device number 19 using dummy_hcd
[  375.585038][ T5900] usb 4-1: config index 0 descriptor too short (expected 156, got 27)
[  375.610776][ T5900] usb 4-1: too many endpoints for config 0 interface 0 altsetting 191: 144, using maximum allowed: 30
[  375.638132][ T5900] usb 4-1: config 0 interface 0 altsetting 191 endpoint 0x87 has an invalid bInterval 0, changing to 10
[  375.721099][ T5900] usb 4-1: config 0 interface 0 altsetting 191 endpoint 0x87 has invalid maxpacket 255, setting to 64
[  375.755181][ T5900] usb 4-1: config 0 interface 0 altsetting 191 has 1 endpoint descriptor, different from the interface descriptor's value: 144
[  375.793238][ T5900] usb 4-1: config 0 interface 0 has no altsetting 0
[  375.812565][ T5900] usb 4-1: New USB device found, idVendor=0f11, idProduct=1021, bcdDevice=86.66
[  375.837271][ T5900] usb 4-1: New USB device strings: Mfr=85, Product=120, SerialNumber=172
[  375.858196][ T5900] usb 4-1: Product: syz
[  375.870625][ T5900] usb 4-1: Manufacturer: syz
[  375.877792][ T5900] usb 4-1: SerialNumber: syz
[  375.902091][ T5900] usb 4-1: config 0 descriptor??
[  375.918244][ T9487] raw-gadget.0 gadget.3: fail, usb_ep_enable returned -22
[  375.934074][ T5900] ldusb 4-1:0.0: Interrupt out endpoint not found (using control endpoint instead)
[  376.019775][ T5950] usb 6-1: new full-speed USB device number 25 using dummy_hcd
[  376.050025][ T5900] ldusb 4-1:0.0: LD USB Device #0 now attached to major 180 minor 0
[  376.136706][ T9487] netlink: 212408 bytes leftover after parsing attributes in process `syz.3.889'.
[  376.222382][ T5900] usb 4-1: USB disconnect, device number 19
[  376.240442][ T5900] ldusb 4-1:0.0: LD USB Device #0 now disconnected
[  376.306187][ T5950] usb 6-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config
[  376.368454][ T5950] usb 6-1: config 0 has 0 interfaces, different from the descriptor's value: 1
[  376.556754][ T5950] usb 6-1: New USB device found, idVendor=046a, idProduct=0023, bcdDevice= 0.00
[  376.706411][ T5950] usb 6-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  377.040123][ T5950] usb 6-1: config 0 descriptor??
[  377.349270][ T5953] usb 2-1: new high-speed USB device number 13 using dummy_hcd
[  377.666862][ T5953] usb 2-1: config 1 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7
[  377.693234][ T5953] usb 2-1: config 1 interface 1 altsetting 1 bulk endpoint 0x82 has invalid maxpacket 1024
[  377.749698][ T5953] usb 2-1: New USB device found, idVendor=0525, idProduct=a4a1, bcdDevice= 0.40
[  377.749728][ T5953] usb 2-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  377.749747][ T5953] usb 2-1: Product: syz
[  377.749761][ T5953] usb 2-1: Manufacturer: syz
[  377.749775][ T5953] usb 2-1: SerialNumber: syz
[  377.770891][ T5953] cdc_mbim 2-1:1.0: skipping garbage
[  378.712137][ T1301] ieee802154 phy0 wpan0: encryption failed: -22
[  378.799418][ T9526] raw-gadget.0 gadget.1: fail, usb_ep_enable returned -22
[  378.998916][ T5950] usb 6-1: string descriptor 0 read error: -71
[  379.004186][ T5950] usb 6-1: USB disconnect, device number 25
[  380.322084][ T5953] cdc_mbim 2-1:1.0: bind() failure
[  380.379197][ T5953] cdc_ncm 2-1:1.1: probe with driver cdc_ncm failed with error -71
[  380.457470][ T5953] cdc_mbim 2-1:1.1: probe with driver cdc_mbim failed with error -71
[  380.652344][ T5953] usbtest 2-1:1.1: probe with driver usbtest failed with error -71
[  381.288700][ T5953] usb 2-1: USB disconnect, device number 13
[  382.030368][ T5928] Bluetooth: Error in BCSP hdr checksum
[  382.205178][ T9560] 9pnet_fd: Insufficient options for proto=fd
[  382.620666][ T9074] Bluetooth: Error in BCSP hdr checksum
[  382.675103][ T9074] Bluetooth: Error in BCSP hdr checksum
[  382.932282][ T6388] Bluetooth: Error in BCSP hdr checksum
[  383.194257][ T6388] Bluetooth: Error in BCSP hdr checksum
[  384.110057][ T5853] Bluetooth: hci5: command 0x1003 tx timeout
[  384.116440][ T5852] Bluetooth: hci5: Opcode 0x1003 failed: -110
[  384.400780][   T30] audit: type=1326 audit(1752615559.254:98): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=9572 comm="syz.2.914" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fd46f78e929 code=0x7fc00000
[  384.422088][    C0] vkms_vblank_simulate: vblank timer overrun
[  384.518423][   T30] audit: type=1326 audit(1752615559.254:99): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=9572 comm="syz.2.914" exe="/root/syz-executor" sig=0 arch=c000003e syscall=257 compat=0 ip=0x7fd46f78e929 code=0x7fc00000
[  384.539775][    C0] vkms_vblank_simulate: vblank timer overrun
[  384.583934][   T30] audit: type=1326 audit(1752615559.254:100): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=9572 comm="syz.2.914" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fd46f78e929 code=0x7fc00000
[  384.605338][    C0] vkms_vblank_simulate: vblank timer overrun
[  384.769267][   T30] audit: type=1326 audit(1752615559.254:101): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=9572 comm="syz.2.914" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fd46f78e929 code=0x7fc00000
[  384.820115][   T30] audit: type=1326 audit(1752615559.254:102): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=9572 comm="syz.2.914" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fd46f78e929 code=0x7fc00000
[  384.899251][   T30] audit: type=1326 audit(1752615559.254:103): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=9572 comm="syz.2.914" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fd46f78e929 code=0x7fc00000
[  385.837309][ T9598] netlink: 24 bytes leftover after parsing attributes in process `syz.4.923'.
[  392.929649][ T5900] usb 6-1: new high-speed USB device number 26 using dummy_hcd
[  393.131681][ T5900] usb 6-1: config 1 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7
[  393.189653][ T5949] usb 5-1: new high-speed USB device number 24 using dummy_hcd
[  393.208302][ T5900] usb 6-1: config 1 interface 1 altsetting 1 bulk endpoint 0x82 has invalid maxpacket 1024
[  393.295858][ T5900] usb 6-1: New USB device found, idVendor=0525, idProduct=a4a1, bcdDevice= 0.40
[  393.321114][ T5900] usb 6-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  393.343922][ T5900] usb 6-1: Product: syz
[  393.353498][ T5900] usb 6-1: Manufacturer: syz
[  393.362454][ T5900] usb 6-1: SerialNumber: syz
[  393.414477][ T5900] cdc_mbim 6-1:1.0: skipping garbage
[  393.424454][ T5949] usb 5-1: config 1 has an invalid descriptor of length 0, skipping remainder of the config
[  393.450918][ T5949] usb 5-1: config 1 has 1 interface, different from the descriptor's value: 2
[  393.487443][ T5949] usb 5-1: config 1 interface 0 altsetting 0 has 0 endpoint descriptors, different from the interface descriptor's value: 1
[  393.535462][ T5949] usb 5-1: New USB device found, idVendor=0525, idProduct=a4a1, bcdDevice= 0.40
[  393.556311][ T5949] usb 5-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  393.582913][ T5949] usb 5-1: Product: syz
[  393.596239][ T5949] usb 5-1: Manufacturer: syz
[  393.859727][ T5949] usb 5-1: SerialNumber: syz
[  393.884654][ T5949] cdc_ncm 5-1:1.0: skipping garbage
[  393.890499][ T5949] cdc_ncm 5-1:1.0: CDC Union missing and no IAD found
[  393.897339][ T5949] cdc_ncm 5-1:1.0: bind() failure
[  394.124884][ T9701] raw-gadget.0 gadget.5: fail, usb_ep_enable returned -22
[  394.522866][ T5949] usb 5-1: USB disconnect, device number 24
[  395.746631][ T5900] cdc_mbim 6-1:1.0: bind() failure
[  395.766118][ T5900] cdc_ncm 6-1:1.1: probe with driver cdc_ncm failed with error -71
[  395.789723][ T5900] cdc_mbim 6-1:1.1: probe with driver cdc_mbim failed with error -71
[  395.814739][ T5900] usbtest 6-1:1.1: probe with driver usbtest failed with error -71
[  395.860177][ T5900] usb 6-1: USB disconnect, device number 26
[  396.326280][ T9728] FAULT_INJECTION: forcing a failure.
[  396.326280][ T9728] name fail_usercopy, interval 1, probability 0, space 0, times 0
[  396.341123][ T9728] CPU: 1 UID: 0 PID: 9728 Comm: syz.4.946 Not tainted 6.16.0-rc6-syzkaller-00002-g155a3c003e55 #0 PREEMPT(full) 
[  396.341139][ T9728] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025
[  396.341148][ T9728] Call Trace:
[  396.341156][ T9728]  <TASK>
[  396.341160][ T9728]  dump_stack_lvl+0x189/0x250
[  396.341177][ T9728]  ? __pfx____ratelimit+0x10/0x10
[  396.341192][ T9728]  ? __pfx_dump_stack_lvl+0x10/0x10
[  396.341203][ T9728]  ? __pfx__printk+0x10/0x10
[  396.341214][ T9728]  ? __might_fault+0xb0/0x130
[  396.341234][ T9728]  should_fail_ex+0x414/0x560
[  396.341250][ T9728]  _copy_from_user+0x2d/0xb0
[  396.341262][ T9728]  __sys_bpf+0x1ed/0x860
[  396.341277][ T9728]  ? __pfx___sys_bpf+0x10/0x10
[  396.341296][ T9728]  ? ksys_write+0x22a/0x250
[  396.341310][ T9728]  ? __pfx_ksys_write+0x10/0x10
[  396.341321][ T9728]  ? rcu_is_watching+0x15/0xb0
[  396.341335][ T9728]  __x64_sys_bpf+0x7c/0x90
[  396.341348][ T9728]  do_syscall_64+0xfa/0x3b0
[  396.341357][ T9728]  ? lockdep_hardirqs_on+0x9c/0x150
[  396.341370][ T9728]  ? entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  396.341379][ T9728]  ? clear_bhb_loop+0x60/0xb0
[  396.341390][ T9728]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  396.341400][ T9728] RIP: 0033:0x7f8441f8e929
[  396.341409][ T9728] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[  396.341417][ T9728] RSP: 002b:00007f8442d6b038 EFLAGS: 00000246 ORIG_RAX: 0000000000000141
[  396.341429][ T9728] RAX: ffffffffffffffda RBX: 00007f84421b6080 RCX: 00007f8441f8e929
[  396.341436][ T9728] RDX: 0000000000000048 RSI: 00002000000017c0 RDI: 0000000000000005
[  396.341442][ T9728] RBP: 00007f8442d6b090 R08: 0000000000000000 R09: 0000000000000000
[  396.341448][ T9728] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[  396.341454][ T9728] R13: 0000000000000000 R14: 00007f84421b6080 R15: 00007ffdef6bdcd8
[  396.341469][ T9728]  </TASK>
[  396.531696][    C1] vkms_vblank_simulate: vblank timer overrun
[  402.639243][  T121] usb 5-1: new high-speed USB device number 25 using dummy_hcd
[  403.310194][  T121] usb 5-1: config 1 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7
[  403.321461][  T121] usb 5-1: config 1 interface 1 altsetting 1 bulk endpoint 0x82 has invalid maxpacket 1024
[  403.454550][  T121] usb 5-1: New USB device found, idVendor=0525, idProduct=a4a1, bcdDevice= 0.40
[  403.469438][  T121] usb 5-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  403.477461][  T121] usb 5-1: Product: syz
[  403.489251][  T121] usb 5-1: Manufacturer: syz
[  403.493877][  T121] usb 5-1: SerialNumber: syz
[  403.724638][   T30] audit: type=1800 audit(1752615578.564:104): pid=9781 uid=0 auid=4294967295 ses=4294967295 subj=_ op=collect_data cause=failed comm="syz.5.962" name="/" dev="9p" ino=4611686018427387906 res=0 errno=0
[  403.781221][  T121] cdc_mbim 5-1:1.0: skipping garbage
[  404.460771][ T9787] raw-gadget.0 gadget.4: fail, usb_ep_enable returned -22
[  405.347161][ T9795] batman_adv: batadv0: Interface deactivated: batadv_slave_0
[  405.392803][ T9795] batadv_slave_0: entered promiscuous mode
[  405.439644][ T9795] batadv_slave_0: entered allmulticast mode
[  405.496695][ T9795] batman_adv: batadv0: Removing interface: batadv_slave_0
[  405.618486][ T9798] fuse: Unknown parameter '…roup_id'
[  405.755095][ T9795] net_ratelimit: 172 callbacks suppressed
[  405.755113][ T9795] A link change request failed with some changes committed already. Interface batadv_slave_0 may have been left with an inconsistent configuration, please check.
[  406.030928][  T121] cdc_mbim 5-1:1.0: bind() failure
[  406.049254][  T121] cdc_ncm 5-1:1.1: probe with driver cdc_ncm failed with error -71
[  406.061989][  T121] cdc_mbim 5-1:1.1: probe with driver cdc_mbim failed with error -71
[  406.079522][  T121] usbtest 5-1:1.1: probe with driver usbtest failed with error -71
[  406.123051][  T121] usb 5-1: USB disconnect, device number 25
[  406.444830][ T9812] hfsplus: unable to find HFS+ superblock
[  410.239207][ T5892] usb 2-1: new high-speed USB device number 14 using dummy_hcd
[  410.450339][ T5892] usb 2-1: config 1 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7
[  410.679932][ T5892] usb 2-1: config 1 interface 1 altsetting 1 bulk endpoint 0x82 has invalid maxpacket 1024
[  410.711800][ T5892] usb 2-1: New USB device found, idVendor=0525, idProduct=a4a1, bcdDevice= 0.40
[  410.721324][ T5892] usb 2-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  410.739238][ T5892] usb 2-1: Product: syz
[  410.743456][ T5892] usb 2-1: Manufacturer: syz
[  410.748069][ T5892] usb 2-1: SerialNumber: syz
[  410.759798][ T5892] cdc_mbim 2-1:1.0: skipping garbage
[  411.327056][ T9861] raw-gadget.0 gadget.1: fail, usb_ep_enable returned -22
[  412.159899][ T9867] netlink: 4 bytes leftover after parsing attributes in process `syz.3.986'.
[  413.098403][ T5892] cdc_mbim 2-1:1.0: bind() failure
[  413.112878][ T5892] cdc_ncm 2-1:1.1: probe with driver cdc_ncm failed with error -71
[  413.134335][ T5892] cdc_mbim 2-1:1.1: probe with driver cdc_mbim failed with error -71
[  413.152510][ T5892] usbtest 2-1:1.1: probe with driver usbtest failed with error -71
[  413.209896][ T5892] usb 2-1: USB disconnect, device number 14
[  413.552395][   T30] audit: type=1800 audit(1752615588.424:105): pid=9882 uid=0 auid=4294967295 ses=4294967295 subj=_ op=collect_data cause=failed comm="syz.1.990" name="SYSV00000000" dev="tmpfs" ino=7 res=0 errno=0
[  417.822819][ T9904] Cannot find set identified by id 0 to match
[  418.178292][ T9912] netlink: 24 bytes leftover after parsing attributes in process `syz.3.1002'.
[  420.990347][ T5892] usb 2-1: new high-speed USB device number 15 using dummy_hcd
[  421.000133][ T9935] netlink: 8 bytes leftover after parsing attributes in process `syz.4.1008'.
[  421.239523][ T5892] usb 2-1: Using ep0 maxpacket: 8
[  421.281454][ T5892] usb 2-1: config 0 interface 0 altsetting 0 has an invalid descriptor for endpoint zero, skipping
[  421.297847][ T5892] usb 2-1: config 0 interface 0 altsetting 0 has an endpoint descriptor with address 0x93, changing to 0x83
[  421.402109][ T5892] usb 2-1: config 0 interface 0 altsetting 0 endpoint 0x83 has an invalid bInterval 0, changing to 7
[  421.402129][ T5892] usb 2-1: config 0 interface 0 altsetting 0 has 2 endpoint descriptors, different from the interface descriptor's value: 1
[  421.404302][ T5892] usb 2-1: New USB device found, idVendor=15c2, idProduct=003b, bcdDevice=66.3e
[  421.404319][ T5892] usb 2-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  421.404330][ T5892] usb 2-1: Product: syz
[  421.404337][ T5892] usb 2-1: Manufacturer: syz
[  421.404345][ T5892] usb 2-1: SerialNumber: syz
[  421.406646][ T5892] usb 2-1: config 0 descriptor??
[  421.430498][ T5892] input: iMON Panel, Knob and Mouse(15c2:003b) as /devices/platform/dummy_hcd.1/usb2/2-1/2-1:0.0/input/input7
[  422.829684][ T9952] vhci_hcd vhci_hcd.0: pdev(1) rhport(0) sockfd(5)
[  422.829728][ T9952] vhci_hcd vhci_hcd.0: devid(0) speed(5) speed_str(super-speed)
[  422.829878][ T9952] vhci_hcd vhci_hcd.0: Device attached
[  423.099699][   T10] usb 36-1: SetAddress Request (6) to port 0
[  423.099788][   T10] usb 36-1: new SuperSpeed USB device number 6 using vhci_hcd
[  424.051310][   T30] audit: type=1800 audit(1752615598.874:106): pid=9967 uid=0 auid=4294967295 ses=4294967295 subj=_ op=collect_data cause=failed comm="syz.4.1017" name="SYSV00000000" dev="tmpfs" ino=2 res=0 errno=0
[  424.896208][ T9953] vhci_hcd: connection reset by peer
[  424.896642][ T9074] vhci_hcd: stop threads
[  424.896659][ T9074] vhci_hcd: release socket
[  424.897706][ T9074] vhci_hcd: disconnect device
[  425.002977][ T5892] imon:send_packet: packet tx failed (-71)
[  425.017192][ T9969] trusted_key: encrypted_key: insufficient parameters specified
[  425.019600][ T5892] imon 2-1:0.0: panel buttons/knobs setup failed
[  425.112220][ T5892] rc_core: IR keymap rc-imon-pad not found
[  425.112239][ T5892] Registered IR keymap rc-empty
[  425.112428][ T5892] imon 2-1:0.0: Looks like you're trying to use an IR protocol this device does not support
[  425.112445][ T5892] imon 2-1:0.0: Unsupported IR protocol specified, overriding to iMON IR protocol
[  425.117513][ T5892] imon:send_packet: packet tx failed (-71)
[  425.131573][ T5892] imon 2-1:0.0: remote input dev register failed
[  425.132017][ T5892] imon 2-1:0.0: imon_init_intf0: rc device setup failed
[  425.620990][ T5892] imon 2-1:0.0: unable to initialize intf0, err 0
[  425.627462][ T5892] imon:imon_probe: failed to initialize context!
[  425.634684][ T5892] imon 2-1:0.0: unable to register, err -19
[  425.801119][ T5892] usb 2-1: USB disconnect, device number 15
[  427.277699][ T5892] usb 4-1: new high-speed USB device number 20 using dummy_hcd
[  427.430670][T10004] libceph: resolve '.
[  427.430670][T10004] #)|.زf͹Ç�²a×ïÅ2sˆoÖw¿úÕ?£'Ê%Ð�KAq‰f»�CÖê¨Âz¿e­Sb3L)Hyúo¤¶ÿÿÿÿÿÿÿ÷ǤÜYšM�¤¨ìó¤h‡E$
[  427.430670][T10004] ' (ret=-3): failed
[  427.633738][ T5892] usb 4-1: New USB device found, idVendor=0eb1, idProduct=7007, bcdDevice= 2.10
[  427.633769][ T5892] usb 4-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  427.633787][ T5892] usb 4-1: Product: syz
[  427.633802][ T5892] usb 4-1: Manufacturer: syz
[  427.633815][ T5892] usb 4-1: SerialNumber: syz
[  427.636858][ T5892] usb 4-1: config 0 descriptor??
[  427.660646][ T5892] go7007 4-1:0.0: probe with driver go7007 failed with error -12
[  427.847891][ T5892] usb 4-1: USB disconnect, device number 20
[  428.289249][   T10] usb 36-1: device descriptor read/8, error -110
[  428.940590][   T10] usb usb36-port1: attempt power cycle
[  429.405771][T10040] hfsplus: unable to find HFS+ superblock
[  429.761515][T10042] hfsplus: unable to find HFS+ superblock
[  430.210997][   T10] usb usb36-port1: unable to enumerate USB device
[  430.656873][   T77] Bluetooth: Error in BCSP hdr checksum
[  430.844219][T10052] binder: 10050:10052 unknown command 0
[  430.859782][T10052] binder: 10050:10052 ioctl c0306201 200000000080 returned -22
[  430.891289][T10052] netlink: 4 bytes leftover after parsing attributes in process `syz.1.1043'.
[  432.419736][ T5853] Bluetooth: hci5: command 0x1003 tx timeout
[  432.424040][ T5852] Bluetooth: hci5: Opcode 0x1003 failed: -110
[  433.149485][T10080] hfsplus: unable to find HFS+ superblock
[  436.136044][   T30] audit: type=1800 audit(1752615611.004:107): pid=10128 uid=0 auid=4294967295 ses=4294967295 subj=_ op=collect_data cause=failed comm="syz.5.1070" name="SYSV00000000" dev="tmpfs" ino=8 res=0 errno=0
[  436.219802][   T48] usb 5-1: new high-speed USB device number 26 using dummy_hcd
[  436.434180][   T48] usb 5-1: config 0 has an invalid interface number: 156 but max is 0
[  436.542443][   T48] usb 5-1: config 0 has no interface number 0
[  436.590368][   T48] usb 5-1: New USB device found, idVendor=abcd, idProduct=cdee, bcdDevice= 5.b9
[  436.698164][   T48] usb 5-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  436.867224][   T48] usb 5-1: config 0 descriptor??
[  437.004597][   T48] gspca_main: spca561-2.14.0 probing abcd:cdee
[  437.513724][T10142] netlink: 'syz.5.1076': attribute type 1 has an invalid length.
[  437.543125][T10142] netlink: 228 bytes leftover after parsing attributes in process `syz.5.1076'.
[  437.599620][   T48] spca561 5-1:0.156: probe with driver spca561 failed with error -22
[  437.620343][   T48] usb 5-1: Quirk or no altset; falling back to MIDI 1.0
[  437.659332][   T48] usb 5-1: MIDIStreaming interface descriptor not found
[  437.847087][   T48] usb 5-1: USB disconnect, device number 26
[  438.063778][ T5852] Bluetooth: hci5: Opcode 0x1003 failed: -110
[  438.615307][T10160] netlink: 12 bytes leftover after parsing attributes in process `syz.4.1080'.
[  440.337558][ T1301] ieee802154 phy0 wpan0: encryption failed: -22
[  440.828098][T10172] hfsplus: unable to find HFS+ superblock
[  440.839678][   T48] usb 6-1: new full-speed USB device number 27 using dummy_hcd
[  441.517176][   T48] usb 6-1: unable to get BOS descriptor or descriptor too short
[  441.540052][   T30] audit: type=1800 audit(1752615616.404:108): pid=10175 uid=0 auid=4294967295 ses=4294967295 subj=_ op=collect_data cause=failed comm="syz.3.1084" name="SYSV00000000" dev="tmpfs" ino=8 res=0 errno=0
[  441.598667][   T48] usb 6-1: not running at top speed; connect to a high speed hub
[  441.662114][   T48] usb 6-1: config 1 interface 0 has no altsetting 0
[  441.721971][   T48] usb 6-1: New USB device found, idVendor=05ac, idProduct=024e, bcdDevice= 0.40
[  441.796715][   T48] usb 6-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  441.854396][   T48] usb 6-1: Product: syz
[  441.882479][   T48] usb 6-1: Manufacturer: syz
[  441.908352][   T48] usb 6-1: SerialNumber: syz
[  442.608352][   T48] input: bcm5974 as /devices/platform/dummy_hcd.5/usb6/6-1/6-1:1.0/input/input10
[  442.632162][ T5188] bcm5974 6-1:1.0: could not read from device
[  443.263471][ T5188] bcm5974 6-1:1.0: could not read from device
[  443.727072][ T5188] bcm5974 6-1:1.0: could not read from device
[  443.730008][   T48] usb 6-1: USB disconnect, device number 27
[  444.625936][ T5960] bcm5974 6-1:1.0: could not read from device
[  445.390510][T10211] netlink: 24 bytes leftover after parsing attributes in process `syz.1.1095'.
[  446.096380][T10224] hfsplus: unable to find HFS+ superblock
[  446.598928][   T10] usb 2-1: new full-speed USB device number 16 using dummy_hcd
[  446.772554][   T10] usb 2-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config
[  446.795947][   T10] usb 2-1: config 0 has 0 interfaces, different from the descriptor's value: 1
[  446.816203][   T10] usb 2-1: New USB device found, idVendor=046a, idProduct=0023, bcdDevice= 0.00
[  446.826956][   T10] usb 2-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  446.867560][   T10] usb 2-1: config 0 descriptor??
[  448.591383][   T10] usb 2-1: string descriptor 0 read error: -71
[  448.606077][   T10] usb 2-1: USB disconnect, device number 16
[  449.190464][ T5899] usb 6-1: new high-speed USB device number 28 using dummy_hcd
[  449.472806][ T5899] usb 6-1: Using ep0 maxpacket: 8
[  449.663639][ T5899] usb 6-1: config 1 has 2 interfaces, different from the descriptor's value: 3
[  449.789602][ T5899] usb 6-1: config 1 has no interface number 1
[  449.796347][ T5899] usb 6-1: config 1 interface 2 altsetting 1 endpoint 0x82 has an invalid bInterval 0, changing to 7
[  449.859749][   T10] usb 5-1: new full-speed USB device number 27 using dummy_hcd
[  449.875254][ T5899] usb 6-1: New USB device found, idVendor=1d6b, idProduct=0101, bcdDevice= 0.40
[  449.889633][ T5899] usb 6-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  449.907864][ T5899] usb 6-1: Product: syz
[  449.922731][ T5899] usb 6-1: Manufacturer: syz
[  449.938462][ T5899] usb 6-1: SerialNumber: syz
[  450.027239][   T10] usb 5-1: config 0 has an invalid interface number: 151 but max is 0
[  450.055456][   T10] usb 5-1: config 0 has no interface number 0
[  450.069738][   T24] usb 4-1: new high-speed USB device number 21 using dummy_hcd
[  450.099749][   T10] usb 5-1: config 0 interface 151 altsetting 0 has an endpoint descriptor with address 0xFF, changing to 0x8F
[  450.171415][ T5899] usb 6-1: 2:1 : format type 0 is detected, processed as PCM
[  450.186079][   T10] usb 5-1: config 0 interface 151 altsetting 0 endpoint 0x8F has invalid maxpacket 65535, setting to 64
[  450.214975][ T5899] usb 6-1: 2:1 : sample bitwidth 243 in over sample bytes 3
[  450.228560][ T5899] usb 6-1: 2:1 : invalid channels 0
[  450.239322][   T24] usb 4-1: Using ep0 maxpacket: 32
[  450.241142][   T10] usb 5-1: New USB device found, idVendor=0499, idProduct=6bb7, bcdDevice=68.2f
[  450.267232][   T24] usb 4-1: config 0 interface 0 altsetting 0 has an endpoint descriptor with address 0xFF, changing to 0x8F
[  450.270325][   T10] usb 5-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  450.300312][ T5899] usb 6-1: USB disconnect, device number 28
[  450.317513][   T24] usb 4-1: config 0 interface 0 altsetting 0 endpoint 0x8F has an invalid bInterval 97, changing to 10
[  450.349803][   T10] usb 5-1: Product: syz
[  450.349971][   T24] usb 4-1: config 0 interface 0 altsetting 0 endpoint 0x8F has invalid maxpacket 24929, setting to 1024
[  450.365290][   T24] usb 4-1: New USB device found, idVendor=046d, idProduct=c314, bcdDevice= 0.40
[  450.366054][   T10] usb 5-1: Manufacturer: syz
[  450.397400][   T24] usb 4-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  450.428721][   T10] usb 5-1: SerialNumber: syz
[  450.432409][ T5885] udevd[5885]: error opening ATTR{/sys/devices/platform/dummy_hcd.5/usb6/6-1/6-1:1.0/sound/card3/controlC3/../uevent} for writing: No such file or directory
[  450.461481][   T24] usb 4-1: config 0 descriptor??
[  450.475508][   T10] usb 5-1: config 0 descriptor??
[  450.481794][   T24] hub 4-1:0.0: USB hub found
[  450.487660][T10263] raw-gadget.1 gadget.4: fail, usb_ep_enable returned -22
[  450.504468][T10275] netlink: 8 bytes leftover after parsing attributes in process `syz.1.1118'.
[  451.007194][   T24] hub 4-1:0.0: 2 ports detected
[  452.710157][   T10] usb 5-1: USB disconnect, device number 27
[  452.796243][   T24] usb 4-1: USB disconnect, device number 21
[  452.835366][ T5885] udevd[5885]: error opening ATTR{/sys/devices/platform/dummy_hcd.4/usb5/5-1/5-1:0.151/sound/card3/controlC3/../uevent} for writing: No such file or directory
[  453.153638][ T5892] usb 6-1: new high-speed USB device number 29 using dummy_hcd
[  453.435600][ T5892] usb 6-1: Using ep0 maxpacket: 16
[  453.585044][ T5892] usb 6-1: config 0 has an invalid interface number: 79 but max is 0
[  453.614224][ T5892] usb 6-1: config 0 has no interface number 0
[  453.629644][ T5949] usb 2-1: new full-speed USB device number 17 using dummy_hcd
[  453.637793][ T5892] usb 6-1: New USB device found, idVendor=10fd, idProduct=0513, bcdDevice=b6.d6
[  453.667552][ T5892] usb 6-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  453.714876][ T5892] usb 6-1: Product: syz
[  453.747299][ T5892] usb 6-1: Manufacturer: syz
[  453.761963][ T5892] usb 6-1: SerialNumber: syz
[  453.785336][ T5949] usb 2-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config
[  453.817293][ T5949] usb 2-1: config 0 has 0 interfaces, different from the descriptor's value: 1
[  453.827983][ T5892] usb 6-1: config 0 descriptor??
[  453.889910][ T5949] usb 2-1: New USB device found, idVendor=046a, idProduct=0023, bcdDevice= 0.00
[  453.922855][ T5949] usb 2-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  453.960092][ T5949] usb 2-1: config 0 descriptor??
[  454.095937][ T5899] usb 6-1: USB disconnect, device number 29
[  456.522754][ T5892] usb 4-1: new high-speed USB device number 22 using dummy_hcd
[  456.631048][ T5949] usb 2-1: string descriptor 0 read error: -71
[  456.638972][ T5949] usb 2-1: USB disconnect, device number 17
[  457.371707][ T5892] usb 4-1: device not accepting address 22, error -71
[  457.417346][T10333] netlink: 8 bytes leftover after parsing attributes in process `syz.5.1134'.
[  460.133825][T10365] syzkaller0: entered promiscuous mode
[  460.167200][T10365] syzkaller0: entered allmulticast mode
[  461.239899][ T5900] usb 2-1: new full-speed USB device number 18 using dummy_hcd
[  461.749844][ T5900] usb 2-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config
[  461.777088][T10380] netlink: 8 bytes leftover after parsing attributes in process `syz.2.1148'.
[  461.805688][ T5900] usb 2-1: config 0 has 0 interfaces, different from the descriptor's value: 1
[  461.824823][ T5900] usb 2-1: New USB device found, idVendor=046a, idProduct=0023, bcdDevice= 0.00
[  461.849715][ T5900] usb 2-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  461.888861][ T5900] usb 2-1: config 0 descriptor??
[  462.742889][   T24] usb 4-1: new high-speed USB device number 24 using dummy_hcd
[  463.777339][   T24] usb 4-1: config 1 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7
[  463.806802][   T24] usb 4-1: config 1 interface 1 altsetting 1 bulk endpoint 0x82 has invalid maxpacket 1024
[  463.823739][   T24] usb 4-1: New USB device found, idVendor=0525, idProduct=a4a1, bcdDevice= 0.40
[  463.834256][   T24] usb 4-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  463.846444][   T24] usb 4-1: Product: syz
[  463.850796][   T24] usb 4-1: Manufacturer: syz
[  463.857439][   T24] usb 4-1: SerialNumber: syz
[  463.898376][   T24] cdc_mbim 4-1:1.0: skipping garbage
[  465.034422][ T5900] usb 2-1: string descriptor 0 read error: -71
[  465.049862][ T5900] usb 2-1: USB disconnect, device number 18
[  465.262688][   T30] audit: type=1800 audit(1752615640.124:109): pid=10410 uid=0 auid=4294967295 ses=4294967295 subj=_ op=collect_data cause=failed comm="syz.2.1156" name="SYSV00000000" dev="tmpfs" ino=2 res=0 errno=0
[  465.413729][   T30] audit: type=1800 audit(1752615640.284:110): pid=10413 uid=0 auid=4294967295 ses=4294967295 subj=_ op=collect_data cause=failed(directio) comm="syz.2.1158" name="nullb0" dev="tmpfs" ino=936 res=0 errno=0
[  466.592380][T10418] Invalid source name
[  466.596411][T10418] UBIFS error (pid: 10418): cannot open "./file0", error -22
[  466.607461][   T24] cdc_mbim 4-1:1.0: bind() failure
[  466.638512][   T24] cdc_ncm 4-1:1.1: CDC Union missing and no IAD found
[  466.645470][   T24] cdc_ncm 4-1:1.1: bind() failure
[  466.771816][   T24] usb 4-1: USB disconnect, device number 24
[  466.805247][T10424] Bluetooth: MGMT ver 1.23
[  467.088227][T10430] overlayfs: failed to clone upperpath
[  467.429550][   T24] usb 4-1: new high-speed USB device number 25 using dummy_hcd
[  467.511054][T10436] netlink: 24 bytes leftover after parsing attributes in process `syz.4.1165'.
[  467.628760][   T24] usb 4-1: config 0 interface 0 altsetting 0 endpoint 0x3 has invalid wMaxPacketSize 0
[  467.669939][   T24] usb 4-1: config 0 interface 0 altsetting 0 endpoint 0x8A has an invalid bInterval 0, changing to 7
[  467.725215][   T24] usb 4-1: config 0 interface 0 altsetting 0 endpoint 0x8A has invalid wMaxPacketSize 0
[  467.766340][   T24] usb 4-1: New USB device found, idVendor=1949, idProduct=85a5, bcdDevice=a3.3a
[  467.790876][   T24] usb 4-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  467.826902][   T30] audit: type=1800 audit(1752615642.674:111): pid=10442 uid=0 auid=4294967295 ses=4294967295 subj=_ op=collect_data cause=failed comm="syz.5.1168" name="SYSV00000000" dev="tmpfs" ino=10 res=0 errno=0
[  467.873585][   T24] usb 4-1: Product: syz
[  467.878704][   T24] usb 4-1: Manufacturer: syz
[  467.894588][   T24] usb 4-1: SerialNumber: syz
[  467.954064][   T24] usb 4-1: config 0 descriptor??
[  470.191426][ T5892] usb 4-1: USB disconnect, device number 25
[  470.249641][ T5950] usb 6-1: new high-speed USB device number 30 using dummy_hcd
[  470.552713][ T5950] usb 6-1: config 1 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7
[  470.564452][ T5950] usb 6-1: config 1 interface 1 altsetting 1 bulk endpoint 0x82 has invalid maxpacket 1024
[  470.589835][ T5950] usb 6-1: New USB device found, idVendor=0525, idProduct=a4a1, bcdDevice= 0.40
[  470.603214][ T5950] usb 6-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  470.645415][ T5950] usb 6-1: Product: syz
[  470.651206][ T5950] usb 6-1: Manufacturer: syz
[  470.656498][ T5950] usb 6-1: SerialNumber: syz
[  470.681931][ T5950] cdc_mbim 6-1:1.0: skipping garbage
[  472.128222][T10472] netlink: 24 bytes leftover after parsing attributes in process `syz.3.1176'.
[  473.196735][ T5950] cdc_mbim 6-1:1.0: bind() failure
[  473.220460][ T5950] cdc_ncm 6-1:1.1: CDC Union missing and no IAD found
[  473.233494][ T5950] cdc_ncm 6-1:1.1: bind() failure
[  473.558316][T10484] loop2: detected capacity change from 0 to 7
[  473.617440][   T30] audit: type=1800 audit(1752615648.464:112): pid=10487 uid=0 auid=4294967295 ses=4294967295 subj=_ op=collect_data cause=failed comm="syz.4.1179" name="SYSV00000000" dev="tmpfs" ino=3 res=0 errno=0
[  474.217173][ T5950] usb 6-1: USB disconnect, device number 30
[  474.269793][ T5960] Dev loop2: unable to read RDB block 7
[  474.313110][ T5960]  loop2: unable to read partition table
[  474.332955][ T5960] loop2: partition table beyond EOD, truncated
[  474.617780][T10502] evm: overlay not supported
[  475.529306][ T5900] usb 4-1: new high-speed USB device number 26 using dummy_hcd
[  476.022659][ T5900] usb 4-1: config 1 has an invalid descriptor of length 0, skipping remainder of the config
[  476.044004][T10520] bridge: RTM_NEWNEIGH bridge0 with NTF_USE is not supported
[  476.069914][ T5900] usb 4-1: config 1 has 1 interface, different from the descriptor's value: 3
[  476.096521][ T5900] usb 4-1: New USB device found, idVendor=08b7, idProduct=0000, bcdDevice= 0.00
[  476.106843][ T5900] usb 4-1: New USB device strings: Mfr=0, Product=0, SerialNumber=3
[  476.153614][ T5900] usb 4-1: SerialNumber: syz
[  476.553808][T10532] netlink: 'syz.4.1197': attribute type 5 has an invalid length.
[  476.676708][ T5900] usb 4-1: 0:2 : does not exist
[  476.697012][ T5900] usb 4-1: unit 5 not found!
[  476.698323][   T30] audit: type=1800 audit(1752615651.564:113): pid=10535 uid=0 auid=4294967295 ses=4294967295 subj=_ op=collect_data cause=failed comm="syz.2.1196" name="SYSV00000000" dev="tmpfs" ino=3 res=0 errno=0
[  477.057259][ T5900] usb 4-1: USB disconnect, device number 26
[  477.097824][T10538] netlink: 104 bytes leftover after parsing attributes in process `syz.1.1198'.
[  477.285975][T10542] netlink: 'syz.1.1198': attribute type 5 has an invalid length.
[  477.685406][T10541] netlink: 4 bytes leftover after parsing attributes in process `syz.2.1199'.
[  478.653633][T10556] FAULT_INJECTION: forcing a failure.
[  478.653633][T10556] name failslab, interval 1, probability 0, space 0, times 0
[  478.670842][T10556] CPU: 1 UID: 0 PID: 10556 Comm: syz.4.1203 Not tainted 6.16.0-rc6-syzkaller-00002-g155a3c003e55 #0 PREEMPT(full) 
[  478.670867][T10556] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025
[  478.670877][T10556] Call Trace:
[  478.670884][T10556]  <TASK>
[  478.670893][T10556]  dump_stack_lvl+0x189/0x250
[  478.670918][T10556]  ? __pfx____ratelimit+0x10/0x10
[  478.670943][T10556]  ? __pfx_dump_stack_lvl+0x10/0x10
[  478.670961][T10556]  ? __pfx__printk+0x10/0x10
[  478.670989][T10556]  ? __pfx___might_resched+0x10/0x10
[  478.671007][T10556]  ? fs_reclaim_acquire+0x7d/0x100
[  478.671030][T10556]  should_fail_ex+0x414/0x560
[  478.671057][T10556]  should_failslab+0xa8/0x100
[  478.671082][T10556]  __kmalloc_noprof+0xcb/0x4f0
[  478.671103][T10556]  ? __cgroup_bpf_run_filter_setsockopt+0x224/0xc70
[  478.671131][T10556]  __cgroup_bpf_run_filter_setsockopt+0x224/0xc70
[  478.671158][T10556]  ? vfs_write+0x8d8/0xa90
[  478.671184][T10556]  ? __pfx___cgroup_bpf_run_filter_setsockopt+0x10/0x10
[  478.671233][T10556]  do_sock_setsockopt+0x37a/0x3e0
[  478.671259][T10556]  ? __pfx_do_sock_setsockopt+0x10/0x10
[  478.671284][T10556]  ? __fget_files+0x2a/0x420
[  478.671308][T10556]  __x64_sys_setsockopt+0x18b/0x220
[  478.671334][T10556]  do_syscall_64+0xfa/0x3b0
[  478.671349][T10556]  ? lockdep_hardirqs_on+0x9c/0x150
[  478.671369][T10556]  ? entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  478.671385][T10556]  ? clear_bhb_loop+0x60/0xb0
[  478.671404][T10556]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  478.671421][T10556] RIP: 0033:0x7f8441f8e929
[  478.671436][T10556] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[  478.671447][T10556] RSP: 002b:00007f8442d8c038 EFLAGS: 00000246 ORIG_RAX: 0000000000000036
[  478.671464][T10556] RAX: ffffffffffffffda RBX: 00007f84421b5fa0 RCX: 00007f8441f8e929
[  478.671476][T10556] RDX: 0000000000000030 RSI: 0000000000000029 RDI: 0000000000000006
[  478.671485][T10556] RBP: 00007f8442d8c090 R08: 0000000000000090 R09: 0000000000000000
[  478.671497][T10556] R10: 0000200000000100 R11: 0000000000000246 R12: 0000000000000001
[  478.671507][T10556] R13: 0000000000000000 R14: 00007f84421b5fa0 R15: 00007ffdef6bdcd8
[  478.671535][T10556]  </TASK>
[  480.118568][ T5892] usb 5-1: new high-speed USB device number 28 using dummy_hcd
[  480.392943][ T5892] usb 5-1: Using ep0 maxpacket: 32
[  480.420353][ T5892] usb 5-1: too many configurations: 9, using maximum allowed: 8
[  480.472300][ T5892] usb 5-1: unable to read config index 0 descriptor/start: -61
[  480.509563][ T5892] usb 5-1: can't read configurations, error -61
[  480.740651][   T30] audit: type=1800 audit(1752615655.604:114): pid=10577 uid=0 auid=4294967295 ses=4294967295 subj=_ op=collect_data cause=failed comm="syz.5.1209" name="SYSV00000000" dev="tmpfs" ino=11 res=0 errno=0
[  480.809298][ T5892] usb 5-1: new high-speed USB device number 29 using dummy_hcd
[  483.699449][ T5892] usb usb5-port1: attempt power cycle
[  485.565197][T10619] FAULT_INJECTION: forcing a failure.
[  485.565197][T10619] name failslab, interval 1, probability 0, space 0, times 0
[  485.608218][ T5892] usb 5-1: new full-speed USB device number 30 using dummy_hcd
[  485.641009][T10619] CPU: 0 UID: 0 PID: 10619 Comm: syz.3.1223 Not tainted 6.16.0-rc6-syzkaller-00002-g155a3c003e55 #0 PREEMPT(full) 
[  485.641036][T10619] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025
[  485.641046][T10619] Call Trace:
[  485.641054][T10619]  <TASK>
[  485.641062][T10619]  dump_stack_lvl+0x189/0x250
[  485.641086][T10619]  ? __pfx____ratelimit+0x10/0x10
[  485.641110][T10619]  ? __pfx_dump_stack_lvl+0x10/0x10
[  485.641128][T10619]  ? __pfx__printk+0x10/0x10
[  485.641154][T10619]  ? __pfx___might_resched+0x10/0x10
[  485.641176][T10619]  should_fail_ex+0x414/0x560
[  485.641204][T10619]  should_failslab+0xa8/0x100
[  485.641229][T10619]  kmem_cache_alloc_node_noprof+0x76/0x3c0
[  485.641252][T10619]  ? __alloc_skb+0x112/0x2d0
[  485.641276][T10619]  __alloc_skb+0x112/0x2d0
[  485.641297][T10619]  netlink_sendmsg+0x5c6/0xb30
[  485.641326][T10619]  ? __pfx_netlink_sendmsg+0x10/0x10
[  485.641361][T10619]  ? bpf_lsm_socket_sendmsg+0x9/0x20
[  485.641383][T10619]  ? __pfx_netlink_sendmsg+0x10/0x10
[  485.641403][T10619]  __sock_sendmsg+0x219/0x270
[  485.641430][T10619]  ____sys_sendmsg+0x505/0x830
[  485.641456][T10619]  ? __pfx_____sys_sendmsg+0x10/0x10
[  485.641485][T10619]  ? import_iovec+0x74/0xa0
[  485.641508][T10619]  ___sys_sendmsg+0x21f/0x2a0
[  485.641532][T10619]  ? __pfx____sys_sendmsg+0x10/0x10
[  485.641586][T10619]  ? __fget_files+0x2a/0x420
[  485.641601][T10619]  ? __fget_files+0x3a0/0x420
[  485.641626][T10619]  __x64_sys_sendmsg+0x19b/0x260
[  485.641650][T10619]  ? __pfx___x64_sys_sendmsg+0x10/0x10
[  485.641680][T10619]  ? __pfx_ksys_write+0x10/0x10
[  485.641700][T10619]  ? rcu_is_watching+0x15/0xb0
[  485.641722][T10619]  ? do_syscall_64+0xbe/0x3b0
[  485.641743][T10619]  do_syscall_64+0xfa/0x3b0
[  485.641758][T10619]  ? lockdep_hardirqs_on+0x9c/0x150
[  485.641780][T10619]  ? entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  485.641796][T10619]  ? clear_bhb_loop+0x60/0xb0
[  485.641817][T10619]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  485.641821][ T5892] usb 5-1: config 0 has an invalid interface number: 93 but max is 0
[  485.641833][T10619] RIP: 0033:0x7f950058e929
[  485.641849][T10619] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[  485.641861][T10619] RSP: 002b:00007f9501478038 EFLAGS: 00000246 ORIG_RAX: 000000000000002e
[  485.641876][T10619] RAX: ffffffffffffffda RBX: 00007f95007b5fa0 RCX: 00007f950058e929
[  485.641887][T10619] RDX: 0000000000000000 RSI: 00002000000002c0 RDI: 0000000000000003
[  485.641897][T10619] RBP: 00007f9501478090 R08: 0000000000000000 R09: 0000000000000000
[  485.641907][T10619] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[  485.641917][T10619] R13: 0000000000000000 R14: 00007f95007b5fa0 R15: 00007ffd95658418
[  485.641945][T10619]  </TASK>
[  486.038730][ T5892] usb 5-1: config 0 has no interface number 0
[  486.051822][ T5892] usb 5-1: New USB device found, idVendor=10b8, idProduct=1bb4, bcdDevice=34.65
[  486.064167][ T5892] usb 5-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  486.073336][ T5892] usb 5-1: Product: syz
[  486.077594][ T5892] usb 5-1: Manufacturer: syz
[  486.082305][ T5892] usb 5-1: SerialNumber: syz
[  486.100859][ T5892] usb 5-1: config 0 descriptor??
[  486.329500][   T48] usb 4-1: new full-speed USB device number 27 using dummy_hcd
[  486.502492][   T48] usb 4-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config
[  486.532581][   T48] usb 4-1: config 0 has 0 interfaces, different from the descriptor's value: 1
[  486.558798][   T48] usb 4-1: New USB device found, idVendor=046a, idProduct=0023, bcdDevice= 0.00
[  486.579348][   T48] usb 4-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  486.614659][   T48] usb 4-1: config 0 descriptor??
[  487.372644][ T5892] dvb-usb: found a 'DiBcom TFE7090PVR reference design' in cold state, will try to load a firmware
[  487.520606][ T5892] dvb-usb: downloading firmware from file 'dvb-usb-dib0700-1.20.fw'
[  487.528742][ T5892] dib0700: firmware download failed at 7 with -22
[  487.604394][ T5892] usb 5-1: USB disconnect, device number 30
[  487.737113][T10663] overlayfs: conflicting options: nfs_export=on,metacopy=on
[  491.932485][   T48] usb 4-1: string descriptor 0 read error: -32
[  493.387112][T10684] fuse: Bad value for 'fd'
[  495.042827][T10694] MTD: Couldn't look up './file1': -15
[  495.639653][ T5892] usb 4-1: USB disconnect, device number 27
[  495.836610][T10709] Bluetooth: Invalid byte 02 after esc byte
[  496.958334][T10717] netlink: 8 bytes leftover after parsing attributes in process `syz.3.1252'.
[  497.393773][ T5900] usb 2-1: new high-speed USB device number 19 using dummy_hcd
[  497.731240][ T5900] usb 2-1: config 1 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7
[  497.759800][ T5900] usb 2-1: config 1 interface 1 altsetting 1 bulk endpoint 0x82 has invalid maxpacket 1024
[  497.791198][ T5900] usb 2-1: New USB device found, idVendor=0525, idProduct=a4a1, bcdDevice= 0.40
[  497.814570][ T5900] usb 2-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  497.839570][ T5900] usb 2-1: Product: syz
[  497.843786][ T5900] usb 2-1: Manufacturer: syz
[  497.854496][ T5900] usb 2-1: SerialNumber: syz
[  497.859988][ T5852] Bluetooth: hci5: command 0x1003 tx timeout
[  497.866395][ T5853] Bluetooth: hci5: Opcode 0x1003 failed: -110
[  497.918292][ T5900] cdc_mbim 2-1:1.0: skipping garbage
[  499.599630][T10744] syzkaller0: entered promiscuous mode
[  499.611085][T10744] syzkaller0: entered allmulticast mode
[  500.141149][ T5900] cdc_mbim 2-1:1.0: bind() failure
[  500.380747][ T5900] cdc_ncm 2-1:1.1: CDC Union missing and no IAD found
[  500.401811][ T5900] cdc_ncm 2-1:1.1: bind() failure
[  500.499509][ T5900] usb 2-1: USB disconnect, device number 19
[  501.992225][ T1301] ieee802154 phy0 wpan0: encryption failed: -22
[  502.736236][T10768] netlink: 8 bytes leftover after parsing attributes in process `syz.2.1265'.
[  502.862785][ T9073] Bluetooth: Error in BCSP hdr checksum
[  502.926796][T10780] 9pnet_fd: Insufficient options for proto=fd
[  503.034317][T10778] Bluetooth: Invalid byte 02 after esc byte
[  504.464370][T10793] bridge_slave_0: left allmulticast mode
[  504.499922][T10793] bridge0: port 1(bridge_slave_0) entered disabled state
[  504.919318][ T5852] Bluetooth: hci5: command 0x1003 tx timeout
[  504.921444][ T5853] Bluetooth: hci5: Opcode 0x1003 failed: -110
[  507.194821][T10814] syzkaller0: entered promiscuous mode
[  507.287085][T10814] syzkaller0: entered allmulticast mode
[  509.899594][ T5900] usb 4-1: new high-speed USB device number 28 using dummy_hcd
[  510.069683][ T5900] usb 4-1: Using ep0 maxpacket: 32
[  510.087022][ T5900] usb 4-1: config 0 interface 0 altsetting 2 endpoint 0x82 has invalid wMaxPacketSize 0
[  510.178798][ T5900] usb 4-1: config 0 interface 0 altsetting 2 bulk endpoint 0x82 has invalid maxpacket 0
[  510.213553][ T5900] usb 4-1: config 0 interface 0 has no altsetting 0
[  510.275830][ T5900] usb 4-1: New USB device found, idVendor=16d0, idProduct=10b8, bcdDevice=de.8e
[  510.331879][ T5900] usb 4-1: New USB device strings: Mfr=229, Product=1, SerialNumber=3
[  510.378758][ T5900] usb 4-1: Product: syz
[  510.386730][ T5900] usb 4-1: Manufacturer: syz
[  510.462376][ T5900] usb 4-1: SerialNumber: syz
[  510.719608][ T5900] usb 4-1: config 0 descriptor??
[  510.979765][ T5853] Bluetooth: hci5: Opcode 0x1003 failed: -110
[  510.980075][T10827] Bluetooth: hci5: command 0x1003 tx timeout
[  511.297667][ T5900] gs_usb 4-1:0.0: Configuring for 1 interfaces
[  511.559546][ T5950] usb 6-1: new high-speed USB device number 31 using dummy_hcd
[  511.982744][ T5900] gs_usb 4-1:0.0: Couldn't register candev for channel 0 (-EINVAL)
[  513.950813][ T5900] gs_usb 4-1:0.0: probe with driver gs_usb failed with error -22
[  513.979224][ T5900] usb 4-1: USB disconnect, device number 28
[  513.993590][ T5950] usb 6-1: Using ep0 maxpacket: 16
[  514.035061][ T5950] usb 6-1: config 0 interface 0 has no altsetting 0
[  514.056889][ T5950] usb 6-1: New USB device found, idVendor=056a, idProduct=0331, bcdDevice= 0.00
[  514.094931][T10869] IPVS: set_ctl: invalid protocol: 135 127.0.0.1:20000
[  514.120981][ T5950] usb 6-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  514.299817][ T5950] usb 6-1: config 0 descriptor??
[  514.329549][ T5950] usb 6-1: can't set config #0, error -71
[  514.910138][ T5950] usb 6-1: USB disconnect, device number 31
[  515.446343][T10881] netlink: 8 bytes leftover after parsing attributes in process `syz.4.1301'.
[  517.103014][T10885] netlink: 8 bytes leftover after parsing attributes in process `syz.3.1303'.
[  519.150485][ T5950] usb 5-1: new full-speed USB device number 31 using dummy_hcd
[  520.401501][ T5950] usb 5-1: config 0 interface 0 altsetting 0 endpoint 0x6 has invalid maxpacket 1023, setting to 64
[  520.436533][ T5950] usb 5-1: config 0 interface 0 altsetting 0 has an endpoint descriptor with address 0xBA, changing to 0x8A
[  520.449387][ T5950] usb 5-1: config 0 interface 0 altsetting 0 endpoint 0x8A has invalid maxpacket 121, setting to 64
[  520.465602][ T5950] usb 5-1: New USB device found, idVendor=2294, idProduct=425b, bcdDevice=a2.10
[  520.481767][ T5950] usb 5-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  520.501114][ T5950] usb 5-1: Product: syz
[  520.505322][ T5950] usb 5-1: Manufacturer: syz
[  520.510782][ T5950] usb 5-1: SerialNumber: syz
[  520.530233][ T5950] usb 5-1: config 0 descriptor??
[  520.536203][T10916] raw-gadget.0 gadget.4: fail, usb_ep_enable returned -22
[  520.639691][T10916] raw-gadget.0 gadget.4: fail, usb_ep_enable returned -22
[  520.757796][ T5950] usb 5-1: ucan: probing device on interface #0
[  521.778502][ T5950] usb 5-1: ucan: device reported invalid device info
[  521.785724][ T5950] usb 5-1: ucan: probe failed; try to update the device firmware
[  522.066913][T10952] ipt_REJECT: ECHOREPLY no longer supported.
[  522.415401][T10957] netlink: 36 bytes leftover after parsing attributes in process `syz.1.1322'.
[  522.453662][T10957] netlink: 36 bytes leftover after parsing attributes in process `syz.1.1322'.
[  524.180223][ T5900] usb 5-1: USB disconnect, device number 31
[  526.516694][T11004] netlink: 120 bytes leftover after parsing attributes in process `syz.2.1334'.
[  526.553666][T11004] netlink: 12 bytes leftover after parsing attributes in process `syz.2.1334'.
[  526.594821][T11004] netlink: 20 bytes leftover after parsing attributes in process `syz.2.1334'.
[  526.604066][T11007] xt_CT: You must specify a L4 protocol and not use inversions on it
[  527.771979][T11025] netlink: 'syz.1.1336': attribute type 1 has an invalid length.
[  527.781455][T11025] netlink: 'syz.1.1336': attribute type 1 has an invalid length.
[  527.825072][T11025] dlm: plock device version mismatch: kernel (1.2.0), user (1.3.65538)
[  529.188138][T11037] netlink: 36 bytes leftover after parsing attributes in process `syz.2.1339'.
[  529.197969][ T5914] usb 2-1: new high-speed USB device number 20 using dummy_hcd
[  529.270086][T11037] netlink: 16 bytes leftover after parsing attributes in process `syz.2.1339'.
[  529.312327][T11037] netlink: 36 bytes leftover after parsing attributes in process `syz.2.1339'.
[  529.360023][T11037] netlink: 36 bytes leftover after parsing attributes in process `syz.2.1339'.
[  529.389228][ T5914] usb 2-1: Using ep0 maxpacket: 16
[  529.400674][ T5914] usb 2-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config
[  529.434508][ T5914] usb 2-1: New USB device found, idVendor=0d46, idProduct=0081, bcdDevice=19.82
[  529.444235][ T5914] usb 2-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  529.456886][ T5914] usb 2-1: Product: syz
[  529.475792][ T5914] usb 2-1: Manufacturer: syz
[  529.499251][ T5914] usb 2-1: SerialNumber: syz
[  529.523299][ T5914] usb 2-1: config 0 descriptor??
[  529.545453][ T5914] kobil_sct 2-1:0.0: required endpoints missing
[  529.649627][ T5949] usb 4-1: new high-speed USB device number 29 using dummy_hcd
[  529.836418][ T5949] usb 4-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7
[  529.875976][ T5949] usb 4-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0
[  529.993200][ T5949] usb 4-1: New USB device found, idVendor=5543, idProduct=0522, bcdDevice= 0.00
[  530.047392][ T5949] usb 4-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  530.087029][ T5949] usb 4-1: config 0 descriptor??
[  531.096323][ T5949] uclogic 0003:5543:0522.0005: item fetching failed at offset 10/11
[  531.120324][ T5949] uclogic 0003:5543:0522.0005: parse failed
[  531.126360][ T5949] uclogic 0003:5543:0522.0005: probe with driver uclogic failed with error -22
[  531.291733][T11069] netlink: 8 bytes leftover after parsing attributes in process `syz.2.1346'.
[  531.899840][  T121] usb 2-1: USB disconnect, device number 20
[  532.455128][ T5900] usb 4-1: USB disconnect, device number 29
[  532.517364][  T121] usb 2-1: new high-speed USB device number 21 using dummy_hcd
[  532.570677][ T5949] usb 5-1: new high-speed USB device number 32 using dummy_hcd
[  532.646079][T11081] netlink: 40 bytes leftover after parsing attributes in process `+}[@'.
[  532.691571][T11081] bridge0: port 2(bridge_slave_1) entered disabled state
[  532.719228][  T121] usb 2-1: Using ep0 maxpacket: 16
[  532.730943][ T5949] usb 5-1: device descriptor read/64, error -71
[  532.732456][  T121] usb 2-1: New USB device found, idVendor=0403, idProduct=fa78, bcdDevice= 0.03
[  532.771814][  T121] usb 2-1: New USB device strings: Mfr=0, Product=0, SerialNumber=3
[  532.789859][  T121] usb 2-1: SerialNumber: syz
[  532.840242][  T121] usb 2-1: config 0 descriptor??
[  533.385138][ T5949] usb 5-1: new high-speed USB device number 33 using dummy_hcd
[  533.468184][   T30] audit: type=1326 audit(1752615715.314:115): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=11089 comm="syz.1.1351" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f945b98e929 code=0x7ffc0000
[  533.641957][ T5949] usb 5-1: device descriptor read/64, error -71
[  533.697646][   T30] audit: type=1326 audit(1752615715.314:116): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=11089 comm="syz.1.1351" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f945b98e929 code=0x7ffc0000
[  533.771510][ T5949] usb usb5-port1: attempt power cycle
[  533.866112][   T30] audit: type=1326 audit(1752615715.314:117): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=11089 comm="syz.1.1351" exe="/root/syz-executor" sig=0 arch=c000003e syscall=37 compat=0 ip=0x7f945b98e929 code=0x7ffc0000
[  534.077527][   T30] audit: type=1326 audit(1752615715.314:118): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=11089 comm="syz.1.1351" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f945b98e929 code=0x7ffc0000
[  534.100410][   T30] audit: type=1326 audit(1752615715.314:119): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=11089 comm="syz.1.1351" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f945b98e929 code=0x7ffc0000
[  534.122977][   T30] audit: type=1326 audit(1752615715.314:120): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=11089 comm="syz.1.1351" exe="/root/syz-executor" sig=0 arch=c000003e syscall=157 compat=0 ip=0x7f945b98e929 code=0x7ffc0000
[  534.146460][ T5949] usb 5-1: new high-speed USB device number 34 using dummy_hcd
[  534.154547][ T5950] usb 6-1: new high-speed USB device number 32 using dummy_hcd
[  534.385237][   T30] audit: type=1326 audit(1752615715.314:121): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=11089 comm="syz.1.1351" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f945b98e929 code=0x7ffc0000
[  534.409662][ T5949] usb 5-1: device descriptor read/8, error -71
[  534.417542][   T30] audit: type=1326 audit(1752615715.314:122): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=11089 comm="syz.1.1351" exe="/root/syz-executor" sig=0 arch=c000003e syscall=321 compat=0 ip=0x7f945b98e929 code=0x7ffc0000
[  534.450921][   T30] audit: type=1326 audit(1752615715.314:123): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=11089 comm="syz.1.1351" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f945b98e929 code=0x7ffc0000
[  534.475816][  T121] ftdi_sio 2-1:0.0: FTDI USB Serial Device converter detected
[  534.502420][   T30] audit: type=1326 audit(1752615715.314:124): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=11089 comm="syz.1.1351" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f945b98e929 code=0x7ffc0000
[  534.544434][  T121] usb 2-1: Detected SIO
[  534.550091][ T5950] usb 6-1: config 1 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7
[  534.559046][  T121] usb 2-1: FTDI USB Serial Device converter now attached to ttyUSB0
[  534.569656][ T5950] usb 6-1: config 1 interface 1 altsetting 1 bulk endpoint 0x82 has invalid maxpacket 1024
[  534.584980][  T121] usb 2-1: USB disconnect, device number 21
[  534.596868][ T5950] usb 6-1: New USB device found, idVendor=0525, idProduct=a4a1, bcdDevice= 0.40
[  534.621916][  T121] ftdi_sio ttyUSB0: FTDI USB Serial Device converter now disconnected from ttyUSB0
[  534.630290][ T5950] usb 6-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  534.649818][ T5949] usb 5-1: new high-speed USB device number 35 using dummy_hcd
[  534.670982][ T5950] usb 6-1: Product: syz
[  534.676000][ T5950] usb 6-1: Manufacturer: syz
[  534.687610][ T5950] usb 6-1: SerialNumber: syz
[  534.694007][ T5949] usb 5-1: device descriptor read/8, error -71
[  534.813031][ T5949] usb usb5-port1: unable to enumerate USB device
[  534.851860][ T5950] cdc_mbim 6-1:1.0: skipping garbage
[  534.858813][  T121] ftdi_sio 2-1:0.0: device disconnected
[  536.154531][T11125] sock: sock_timestamping_bind_phc: sock not bind to device
[  537.015129][ T5950] cdc_mbim 6-1:1.0: bind() failure
[  537.022940][ T5950] cdc_ncm 6-1:1.1: CDC Union missing and no IAD found
[  537.069687][ T5950] cdc_ncm 6-1:1.1: bind() failure
[  537.168294][ T5950] usb 6-1: USB disconnect, device number 32
[  537.551869][T11145] 9pnet_fd: Insufficient options for proto=fd
[  537.917543][T11152] netlink: 28 bytes leftover after parsing attributes in process `syz.1.1371'.
[  537.928854][T11152] netlink: 28 bytes leftover after parsing attributes in process `syz.1.1371'.
[  537.961392][T11156] tipc: Enabled bearer <eth:syzkaller0>, priority 0
[  538.003849][T11156] tipc: Resetting bearer <eth:syzkaller0>
[  538.031431][T11155] tipc: Disabling bearer <eth:syzkaller0>
[  539.106585][T11173] netlink: 24 bytes leftover after parsing attributes in process `syz.5.1380'.
[  542.314665][T11195] bond_slave_1: entered promiscuous mode
[  542.321839][T11195] netlink: 4 bytes leftover after parsing attributes in process `syz.4.1384'.
[  542.844995][T11195] bond0: (slave bond_slave_1): Releasing backup interface
[  542.959719][T11199] tipc: Enabled bearer <eth:syzkaller0>, priority 0
[  543.103731][T11202] tipc: Resetting bearer <eth:syzkaller0>
[  543.174765][T11207] bond_slave_1: entered promiscuous mode
[  543.183787][T11207] netlink: 4 bytes leftover after parsing attributes in process `syz.5.1387'.
[  543.336539][T11207] bond0: (slave bond_slave_1): Releasing backup interface
[  543.352639][T11207] bond_slave_1 (unregistering): left promiscuous mode
[  543.566626][T11198] tipc: Disabling bearer <eth:syzkaller0>
[  544.743734][T11228] fuse: Bad value for 'fd'
[  545.173204][T11245] netlink: 8 bytes leftover after parsing attributes in process `syz.4.1401'.
[  548.498992][T11276] netlink: 24 bytes leftover after parsing attributes in process `syz.3.1408'.
[  550.702577][T11300] IPVS: Scheduler module ip_vs_sip not found
[  552.122091][T11328] netlink: 420 bytes leftover after parsing attributes in process `syz.3.1425'.
[  552.179521][T11328] netlink: 104 bytes leftover after parsing attributes in process `syz.3.1425'.
[  554.995926][ T5949] usb 6-1: new full-speed USB device number 33 using dummy_hcd
[  555.004263][ T5900] usb 4-1: new high-speed USB device number 30 using dummy_hcd
[  555.169853][ T5900] usb 4-1: Using ep0 maxpacket: 32
[  555.608554][ T5949] usb 6-1: config 54 has an invalid interface number: 154 but max is 0
[  555.621811][ T5900] usb 4-1: config 0 has an invalid interface number: 51 but max is 0
[  555.644003][ T5949] usb 6-1: config 54 has no interface number 0
[  555.650989][ T5900] usb 4-1: config 0 has no interface number 0
[  555.657211][ T5949] usb 6-1: config 54 interface 154 altsetting 0 endpoint 0x2 has invalid maxpacket 47325, setting to 64
[  555.690000][ T5900] usb 4-1: New USB device found, idVendor=061d, idProduct=c150, bcdDevice=ce.6f
[  555.712797][ T5900] usb 4-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  555.819626][ T5900] usb 4-1: Product: syz
[  555.823874][ T5900] usb 4-1: Manufacturer: syz
[  555.828797][ T5900] usb 4-1: SerialNumber: syz
[  555.862117][ T5900] usb 4-1: config 0 descriptor??
[  555.870403][ T5949] usb 6-1: New USB device found, idVendor=13b1, idProduct=0042, bcdDevice= 0.ec
[  555.894465][ T5900] quatech2 4-1:0.51: Quatech 2nd gen USB to Serial Driver converter detected
[  555.909556][ T5949] usb 6-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  555.918951][ T5949] usb 6-1: Product: syz
[  555.928483][ T5949] usb 6-1: Manufacturer: syz
[  555.938448][ T5949] usb 6-1: SerialNumber: syz
[  556.438508][ T5949] usb 6-1: Warning: ath10k USB support is incomplete, don't expect anything to work!
[  556.461042][ T5949] usb 6-1: USB disconnect, device number 33
[  557.540961][ T5900] usb 4-1: qt2_attach - failed to power on unit: -71
[  557.548375][ T5900] quatech2 4-1:0.51: probe with driver quatech2 failed with error -71
[  557.705183][ T5900] usb 4-1: USB disconnect, device number 30
[  557.791036][   T30] kauditd_printk_skb: 15 callbacks suppressed
[  557.791060][   T30] audit: type=1800 audit(1752615739.664:140): pid=11370 uid=0 auid=4294967295 ses=4294967295 subj=_ op=collect_data cause=failed comm="syz.1.1437" name="SYSV00000000" dev="tmpfs" ino=10 res=0 errno=0
[  558.535819][T11374] netlink: 4 bytes leftover after parsing attributes in process `syz.4.1440'.
[  558.707449][T11382] netlink: 4 bytes leftover after parsing attributes in process `syz.4.1440'.
[  558.730986][T11384] fuse: Unknown parameter '0x0000000000000003'
[  558.904919][T11394] x_tables: ip6_tables: eui64 match: used from hooks OUTPUT, but only valid from PREROUTING/INPUT/FORWARD
[  559.675327][T11407] netlink: 4 bytes leftover after parsing attributes in process `syz.1.1448'.
[  560.749934][T11416] netlink: 24 bytes leftover after parsing attributes in process `syz.2.1450'.
[  560.938327][T11424] netlink: 'syz.4.1446': attribute type 1 has an invalid length.
[  560.946667][T11424] netlink: 172 bytes leftover after parsing attributes in process `syz.4.1446'.
[  561.803360][T11432] netlink: 420 bytes leftover after parsing attributes in process `syz.3.1456'.
[  561.814362][T11432] netlink: 104 bytes leftover after parsing attributes in process `syz.3.1456'.
[  563.110543][ T1301] ieee802154 phy0 wpan0: encryption failed: -22
[  564.681552][T11461] netlink: 24 bytes leftover after parsing attributes in process `syz.1.1464'.
[  565.880278][T11475] netlink: 104 bytes leftover after parsing attributes in process `syz.1.1469'.
[  568.032882][T11490] netlink: 12 bytes leftover after parsing attributes in process `syz.3.1474'.
[  568.146832][T11490] netlink: 12 bytes leftover after parsing attributes in process `syz.3.1474'.
[  568.224101][T11504] netlink: 4 bytes leftover after parsing attributes in process `syz.2.1477'.
[  568.345704][T11509] netlink: 24 bytes leftover after parsing attributes in process `syz.4.1479'.
[  568.439756][   T10] usb 4-1: new high-speed USB device number 31 using dummy_hcd
[  568.530131][T11490] netlink: 12 bytes leftover after parsing attributes in process `syz.3.1474'.
[  568.620590][   T10] usb 4-1: Using ep0 maxpacket: 16
[  568.638654][   T10] usb 4-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config
[  568.678005][   T10] usb 4-1: config 0 has 0 interfaces, different from the descriptor's value: 1
[  568.739120][   T10] usb 4-1: New USB device found, idVendor=04d8, idProduct=0a30, bcdDevice= 6.8a
[  568.878387][   T10] usb 4-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  569.014002][   T10] usb 4-1: Product: syz
[  569.108024][   T10] usb 4-1: Manufacturer: syz
[  569.215560][   T10] usb 4-1: SerialNumber: syz
[  569.233380][T11520] netlink: 104 bytes leftover after parsing attributes in process `syz.5.1482'.
[  569.243278][   T10] usb 4-1: config 0 descriptor??
[  569.477403][T11526] sock: sock_timestamping_bind_phc: sock not bind to device
[  569.535699][   T10] usb 4-1: USB disconnect, device number 31
[  571.297977][T11544] bridge0: port 2(bridge_slave_1) entered disabled state
[  571.441842][T11544] netlink: 32 bytes leftover after parsing attributes in process `syz.1.1489'.
[  571.521886][T11544] netlink: 32 bytes leftover after parsing attributes in process `syz.1.1489'.
[  571.567987][T11549] netlink: 16 bytes leftover after parsing attributes in process `syz.5.1490'.
[  571.611714][T11549] FAULT_INJECTION: forcing a failure.
[  571.611714][T11549] name failslab, interval 1, probability 0, space 0, times 0
[  571.658732][T11549] CPU: 0 UID: 0 PID: 11549 Comm: syz.5.1490 Not tainted 6.16.0-rc6-syzkaller-00002-g155a3c003e55 #0 PREEMPT(full) 
[  571.658750][T11549] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025
[  571.658757][T11549] Call Trace:
[  571.658761][T11549]  <TASK>
[  571.658767][T11549]  dump_stack_lvl+0x189/0x250
[  571.658784][T11549]  ? __pfx____ratelimit+0x10/0x10
[  571.658799][T11549]  ? __pfx_dump_stack_lvl+0x10/0x10
[  571.658809][T11549]  ? __pfx__printk+0x10/0x10
[  571.658824][T11549]  ? __pfx___might_resched+0x10/0x10
[  571.658838][T11549]  should_fail_ex+0x414/0x560
[  571.658854][T11549]  should_failslab+0xa8/0x100
[  571.658870][T11549]  kmem_cache_alloc_node_noprof+0x76/0x3c0
[  571.658884][T11549]  ? __alloc_skb+0x112/0x2d0
[  571.658898][T11549]  __alloc_skb+0x112/0x2d0
[  571.658913][T11549]  netlink_sendmsg+0x5c6/0xb30
[  571.658930][T11549]  ? __pfx_netlink_sendmsg+0x10/0x10
[  571.658945][T11549]  ? bpf_lsm_socket_sendmsg+0x9/0x20
[  571.658958][T11549]  ? __pfx_netlink_sendmsg+0x10/0x10
[  571.658969][T11549]  __sock_sendmsg+0x219/0x270
[  571.658985][T11549]  __sys_sendto+0x3bd/0x520
[  571.658997][T11549]  ? __pfx___sys_sendto+0x10/0x10
[  571.659006][T11549]  ? __mutex_unlock_slowpath+0x1cd/0x700
[  571.659023][T11549]  ? __fget_files+0x3a0/0x420
[  571.659042][T11549]  ? ksys_write+0x22a/0x250
[  571.659063][T11549]  ? __pfx_ksys_write+0x10/0x10
[  571.659078][T11549]  ? rcu_is_watching+0x15/0xb0
[  571.659099][T11549]  __x64_sys_sendto+0xde/0x100
[  571.659118][T11549]  do_syscall_64+0xfa/0x3b0
[  571.659132][T11549]  ? lockdep_hardirqs_on+0x9c/0x150
[  571.659152][T11549]  ? entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  571.659169][T11549]  ? clear_bhb_loop+0x60/0xb0
[  571.659189][T11549]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  571.659205][T11549] RIP: 0033:0x7f57b93907bc
[  571.659219][T11549] Code: 2a 5f 02 00 44 8b 4c 24 2c 4c 8b 44 24 20 89 c5 44 8b 54 24 28 48 8b 54 24 18 b8 2c 00 00 00 48 8b 74 24 10 8b 7c 24 08 0f 05 <48> 3d 00 f0 ff ff 77 34 89 ef 48 89 44 24 08 e8 70 5f 02 00 48 8b
[  571.659233][T11549] RSP: 002b:00007f57ba147ec0 EFLAGS: 00000293 ORIG_RAX: 000000000000002c
[  571.659251][T11549] RAX: ffffffffffffffda RBX: 00007f57ba147fc0 RCX: 00007f57b93907bc
[  571.659264][T11549] RDX: 0000000000000024 RSI: 00007f57ba148010 RDI: 0000000000000004
[  571.659274][T11549] RBP: 0000000000000000 R08: 00007f57ba147f14 R09: 000000000000000c
[  571.659285][T11549] R10: 0000000000000000 R11: 0000000000000293 R12: 0000000000000004
[  571.659294][T11549] R13: 00007f57ba147f68 R14: 00007f57ba148010 R15: 0000000000000000
[  571.659322][T11549]  </TASK>
[  571.901642][    C0] vkms_vblank_simulate: vblank timer overrun
[  572.337276][T11565] netlink: 104 bytes leftover after parsing attributes in process `syz.3.1497'.
[  572.778855][T11557] IPVS: Scheduler module ip_vs_sip not found
[  574.877399][T11612] netlink: 104 bytes leftover after parsing attributes in process `syz.2.1510'.
[  576.594994][T11627] netlink: 'syz.4.1514': attribute type 4 has an invalid length.
[  576.687231][T11627] netlink: 'syz.4.1514': attribute type 2 has an invalid length.
[  580.516367][ T5914] usb 5-1: new high-speed USB device number 36 using dummy_hcd
[  580.649220][ T5914] usb 5-1: device descriptor read/64, error -71
[  581.399433][ T5914] usb 5-1: new high-speed USB device number 37 using dummy_hcd
[  581.559610][ T5914] usb 5-1: device descriptor read/64, error -71
[  581.722944][ T5914] usb usb5-port1: attempt power cycle
[  584.325734][ T5914] usb 5-1: new high-speed USB device number 38 using dummy_hcd
[  584.402574][T11707] netlink: 8 bytes leftover after parsing attributes in process `syz.4.1532'.
[  584.702718][T11715] netlink: 'syz.5.1534': attribute type 29 has an invalid length.
[  584.726806][ T5914] usb 5-1: device not accepting address 38, error -71
[  585.848287][T11727] hfsplus: unable to find HFS+ superblock
[  588.179206][   T24] usb 6-1: new low-speed USB device number 34 using dummy_hcd
[  588.205295][T11766] netlink: 104 bytes leftover after parsing attributes in process `syz.4.1547'.
[  588.314145][T11769] tipc: Enabling of bearer <eth:syzkaller0> rejected, failed to enable media
[  588.349279][   T24] usb 6-1: device descriptor read/64, error -71
[  588.507082][T11775] netlink: 104 bytes leftover after parsing attributes in process `syz.4.1550'.
[  588.781731][   T24] usb 6-1: new low-speed USB device number 35 using dummy_hcd
[  589.373418][   T24] usb 6-1: device descriptor read/64, error -71
[  589.562146][   T24] usb usb6-port1: attempt power cycle
[  589.659636][ T5900] usb 5-1: new full-speed USB device number 40 using dummy_hcd
[  589.889349][ T5900] usb 5-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config
[  590.089825][ T5900] usb 5-1: config 0 has 0 interfaces, different from the descriptor's value: 1
[  590.241759][ T5900] usb 5-1: New USB device found, idVendor=046a, idProduct=0023, bcdDevice= 0.00
[  590.367502][ T5900] usb 5-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  590.399153][   T24] usb 6-1: new low-speed USB device number 36 using dummy_hcd
[  590.423000][   T24] usb 6-1: device descriptor read/8, error -71
[  590.667738][ T5900] usb 5-1: config 0 descriptor??
[  590.979841][   T24] usb 6-1: new low-speed USB device number 37 using dummy_hcd
[  591.474262][   T24] usb 6-1: device not accepting address 37, error -71
[  591.499445][   T24] usb usb6-port1: unable to enumerate USB device
[  591.843225][T11806] netlink: 104 bytes leftover after parsing attributes in process `syz.1.1561'.
[  591.854300][   T30] audit: type=1804 audit(1752615773.724:141): pid=11805 uid=0 auid=4294967295 ses=4294967295 subj=_ op=invalid_pcr cause=open_writers comm="syz.5.1560" name=6D656D66643A6C32AA2AAAAAAB49F9BF83667CC38615ACBBEDBF25D8EE2917AA0FAA6C5296E621D76B026FFF5345 dev="hugetlbfs" ino=33390 res=1 errno=0
[  592.063408][T11811] tipc: Enabled bearer <eth:syzkaller0>, priority 0
[  592.082753][T11811] syzkaller0: entered promiscuous mode
[  592.088289][T11811] syzkaller0: entered allmulticast mode
[  592.161144][T11811] tipc: Resetting bearer <eth:syzkaller0>
[  592.203244][T11810] tipc: Resetting bearer <eth:syzkaller0>
[  592.741441][T10827] Bluetooth: hci5: command 0x1003 tx timeout
[  592.750065][ T5853] Bluetooth: hci5: Opcode 0x1003 failed: -110
[  592.831553][T11810] tipc: Disabling bearer <eth:syzkaller0>
[  594.465769][T11822] IPVS: Scheduler module ip_vs_sip not found
[  595.359676][T11842] netlink: 104 bytes leftover after parsing attributes in process `syz.1.1572'.
[  595.703526][ T5900] usb 5-1: string descriptor 0 read error: -32
[  595.843008][   T24] usb 5-1: USB disconnect, device number 40
[  599.084385][T11892] netlink: 104 bytes leftover after parsing attributes in process `syz.2.1586'.
[  599.647212][   T48] usb 6-1: new full-speed USB device number 38 using dummy_hcd
[  599.916364][   T48] usb 6-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config
[  600.003610][   T48] usb 6-1: config 0 has 0 interfaces, different from the descriptor's value: 1
[  600.126630][   T48] usb 6-1: New USB device found, idVendor=046a, idProduct=0023, bcdDevice= 0.00
[  600.417338][   T48] usb 6-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  600.545563][   T48] usb 6-1: config 0 descriptor??
[  601.497268][T11919] netlink: 8 bytes leftover after parsing attributes in process `syz.4.1594'.
[  602.393534][   T48] usb 6-1: string descriptor 0 read error: -71
[  603.409423][   T48] usb 6-1: USB disconnect, device number 38
[  608.402741][T11977] netlink: 8 bytes leftover after parsing attributes in process `syz.5.1612'.
[  610.459015][T11995] team0: No ports can be present during mode change
[  611.472157][ T5853] Bluetooth: hci5: Opcode 0x1003 failed: -110
[  613.830955][T12030] openvswitch: netlink: IP tunnel dst address not specified
[  614.093024][ T5914] usb 6-1: new high-speed USB device number 39 using dummy_hcd
[  614.399710][ T5914] usb 6-1: device descriptor read/64, error -71
[  615.312605][ T5914] usb 6-1: new high-speed USB device number 40 using dummy_hcd
[  615.492889][ T5914] usb 6-1: device descriptor read/64, error -71
[  615.655784][ T5914] usb usb6-port1: attempt power cycle
[  616.062455][ T5914] usb 6-1: new high-speed USB device number 41 using dummy_hcd
[  616.125265][ T5914] usb 6-1: device descriptor read/8, error -71
[  616.604645][T12074] netlink: 24 bytes leftover after parsing attributes in process `syz.1.1642'.
[  616.980342][ T5914] usb 6-1: new high-speed USB device number 42 using dummy_hcd
[  617.067282][T12078] netlink: 24 bytes leftover after parsing attributes in process `syz.1.1643'.
[  617.214154][ T5914] usb 6-1: device not accepting address 42, error -71
[  617.249340][ T5914] usb usb6-port1: unable to enumerate USB device
[  617.408396][T12091] netlink: 104 bytes leftover after parsing attributes in process `syz.1.1649'.
[  618.337498][T12107] netlink: 24 bytes leftover after parsing attributes in process `syz.2.1654'.
[  618.372891][T12108] fuse: Unknown parameter '0x00000000000000000x0000000000000004'
[  620.479147][T12140] netlink: 24 bytes leftover after parsing attributes in process `syz.4.1667'.
[  620.787655][T12144] 9pnet_fd: Insufficient options for proto=fd
[  621.864424][T12171] netlink: 4116 bytes leftover after parsing attributes in process `syz.5.1674'.
[  621.942639][T12171] openvswitch: netlink: Flow key attr not present in new flow.
[  624.423575][ T1301] ieee802154 phy0 wpan0: encryption failed: -22
[  624.878912][T12213] netlink: 16 bytes leftover after parsing attributes in process `syz.2.1685'.
[  625.262611][T12219] netlink: 148 bytes leftover after parsing attributes in process `syz.3.1689'.
[  625.273529][T12219] netlink: 4 bytes leftover after parsing attributes in process `syz.3.1689'.
[  625.985578][T12228] netlink: 212376 bytes leftover after parsing attributes in process `syz.3.1693'.
[  627.139854][T10827] Bluetooth: hci5: command 0x1003 tx timeout
[  627.146318][ T5853] Bluetooth: hci5: Opcode 0x1003 failed: -110
[  627.315718][T12251] tipc: Enabling of bearer <eth:syzkaller0> rejected, failed to enable media
[  627.447900][T12258] dvmrp1: tun_chr_ioctl cmd 1074025677
[  627.456265][T12258] dvmrp1: linktype set to 776
[  627.504664][T12254] trusted_key: encrypted_key: insufficient parameters specified
[  628.126220][T12276] netlink: 104 bytes leftover after parsing attributes in process `syz.5.1703'.
[  628.324674][T12278] netlink: 16 bytes leftover after parsing attributes in process `syz.4.1705'.
[  629.447559][T12291] delete_channel: no stack
[  630.098939][T12307] netlink: 'syz.2.1711': attribute type 27 has an invalid length.
[  630.226643][T12316] tipc: Enabling of bearer <eth:syzkaller0> rejected, failed to enable media
[  630.986072][T12330] netlink: 24 bytes leftover after parsing attributes in process `syz.2.1717'.
[  631.415846][T12335] netlink: 16 bytes leftover after parsing attributes in process `syz.4.1718'.
[  632.579608][ T1216] usb 5-1: new high-speed USB device number 41 using dummy_hcd
[  632.818870][ T1216] usb 5-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config
[  633.399860][ T1216] usb 5-1: New USB device found, idVendor=04d8, idProduct=0083, bcdDevice=83.9c
[  633.417122][ T1216] usb 5-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  633.853528][ T1216] usb 5-1: Product: syz
[  633.853550][ T1216] usb 5-1: Manufacturer: syz
[  633.853563][ T1216] usb 5-1: SerialNumber: syz
[  633.861148][ T1216] usb 5-1: config 0 descriptor??
[  633.866730][ T1216] ims_pcu 5-1:0.0: Missing CDC union descriptor
[  633.866784][ T1216] ims_pcu 5-1:0.0: probe with driver ims_pcu failed with error -22
[  634.122857][ T5949] usb 5-1: USB disconnect, device number 41
[  634.305634][T12363] netlink: 'syz.2.1730': attribute type 27 has an invalid length.
[  634.306274][T12364] overlayfs: failed to clone lowerpath
[  635.922559][T12377] netlink: 16 bytes leftover after parsing attributes in process `syz.5.1732'.
[  636.075495][T12382] netlink: 'syz.1.1734': attribute type 10 has an invalid length.
[  636.085204][T12382] netlink: 40 bytes leftover after parsing attributes in process `syz.1.1734'.
[  636.174191][T12382] team0: Port device geneve0 added
[  637.733924][ T5853] Bluetooth: hci4: Malformed HCI Event: 0x22
[  638.577689][T12410] fuse: Bad value for 'user_id'
[  638.583557][T12410] fuse: Bad value for 'user_id'
[  638.710601][T12403] delete_channel: no stack
[  639.164024][T12429] netlink: 16 bytes leftover after parsing attributes in process `syz.2.1746'.
[  640.199504][   T30] audit: type=1800 audit(1752615827.068:142): pid=12440 uid=0 auid=4294967295 ses=4294967295 subj=_ op=collect_data cause=failed(directio) comm="syz.1.1753" name="nullb0" dev="tmpfs" ino=1516 res=0 errno=0
[  640.240483][T12444] tipc: Enabling of bearer <eth:syzkaller0> rejected, failed to enable media
[  642.295048][ T5853] Bluetooth: hci5: Opcode 0x1003 failed: -110
[  642.959437][T12493] netlink: 16 bytes leftover after parsing attributes in process `syz.3.1760'.
[  644.150586][   T24] usb 4-1: new high-speed USB device number 32 using dummy_hcd
[  644.979895][   T24] usb 4-1: Using ep0 maxpacket: 16
[  644.997462][T12505] delete_channel: no stack
[  645.348677][   T24] usb 4-1: unable to get BOS descriptor or descriptor too short
[  645.357918][   T24] usb 4-1: config 108 has an invalid interface number: 14 but max is 0
[  645.369517][   T24] usb 4-1: config 108 has no interface number 0
[  645.375835][   T24] usb 4-1: config 108 interface 14 altsetting 6 endpoint 0x5 has invalid maxpacket 512, setting to 64
[  645.389246][   T24] usb 4-1: config 108 interface 14 has no altsetting 0
[  645.800705][   T24] usb 4-1: New USB device found, idVendor=06cd, idProduct=0202, bcdDevice=d8.65
[  645.809883][   T24] usb 4-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  645.820140][   T24] usb 4-1: Product: syz
[  645.824365][   T24] usb 4-1: Manufacturer: syz
[  645.828983][   T24] usb 4-1: SerialNumber: syz
[  646.896733][T12546] netlink: 16 bytes leftover after parsing attributes in process `syz.4.1776'.
[  647.272383][   T24] usb 4-1: USB disconnect, device number 32
[  647.402599][T12552] netlink: 212376 bytes leftover after parsing attributes in process `syz.2.1778'.
[  648.108062][T12563] netlink: 4 bytes leftover after parsing attributes in process `syz.3.1779'.
[  649.044748][T12563] team0: Port device team_slave_0 removed
[  650.239302][   T24] usb 6-1: new high-speed USB device number 43 using dummy_hcd
[  650.439754][ T5892] usb 5-1: new high-speed USB device number 42 using dummy_hcd
[  650.463827][   T24] usb 6-1: New USB device found, idVendor=0cf3, idProduct=9271, bcdDevice= 1.08
[  650.486006][   T24] usb 6-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  650.496193][   T24] usb 6-1: Product: syz
[  650.502137][   T24] usb 6-1: Manufacturer: syz
[  650.507059][   T24] usb 6-1: SerialNumber: syz
[  650.521573][   T24] usb 6-1: ath9k_htc: Firmware ath9k_htc/htc_9271-1.4.0.fw requested
[  650.579717][ T5892] usb 5-1: device descriptor read/64, error -71
[  650.600882][ T5914] usb 6-1: ath9k_htc: Transferred FW: ath9k_htc/htc_9271-1.4.0.fw, size: 51008
[  650.704708][T12603] netlink: 'syz.2.1793': attribute type 39 has an invalid length.
[  650.818192][    C1] usb 6-1: ath: unknown panic pattern!
[  650.824488][ T5892] usb 5-1: new high-speed USB device number 43 using dummy_hcd
[  650.959156][ T5892] usb 5-1: device descriptor read/64, error -71
[  651.079761][ T5892] usb usb5-port1: attempt power cycle
[  651.087777][ T5949] usb 6-1: USB disconnect, device number 43
[  651.460677][ T5892] usb 5-1: new high-speed USB device number 44 using dummy_hcd
[  651.704864][ T5914] ath9k_htc 6-1:1.0: ath9k_htc: Target is unresponsive
[  651.830786][   T24] usb 4-1: new high-speed USB device number 33 using dummy_hcd
[  651.929201][ T5892] usb 5-1: device descriptor read/8, error -71
[  651.941066][ T5914] ath9k_htc: Failed to initialize the device
[  651.979921][ T5949] usb 6-1: ath9k_htc: USB layer deinitialized
[  652.209397][   T24] usb 4-1: Using ep0 maxpacket: 32
[  652.255048][   T24] usb 4-1: config 0 has an invalid interface number: 51 but max is 0
[  652.265134][   T24] usb 4-1: config 0 has no interface number 0
[  652.280679][   T24] usb 4-1: New USB device found, idVendor=061d, idProduct=c150, bcdDevice=ce.6f
[  652.291032][   T24] usb 4-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  652.309614][ T5892] usb 5-1: new high-speed USB device number 45 using dummy_hcd
[  652.328786][   T24] usb 4-1: Product: syz
[  652.334077][   T24] usb 4-1: Manufacturer: syz
[  652.341707][ T5892] usb 5-1: device descriptor read/8, error -71
[  652.353479][   T24] usb 4-1: SerialNumber: syz
[  652.372710][   T24] usb 4-1: config 0 descriptor??
[  652.385668][   T24] quatech2 4-1:0.51: Quatech 2nd gen USB to Serial Driver converter detected
[  652.450703][ T5892] usb usb5-port1: unable to enumerate USB device
[  654.459554][   T24] usb 4-1: qt2_attach - failed to power on unit: -71
[  654.499994][   T24] quatech2 4-1:0.51: probe with driver quatech2 failed with error -71
[  654.582104][   T24] usb 4-1: USB disconnect, device number 33
[  655.908939][T12677] netlink: 24 bytes leftover after parsing attributes in process `syz.2.1816'.
[  657.905698][T12697] netlink: 4 bytes leftover after parsing attributes in process `syz.1.1820'.
[  658.787665][ T5900] usb 4-1: new high-speed USB device number 34 using dummy_hcd
[  659.144240][ T5900] usb 4-1: Using ep0 maxpacket: 32
[  659.231896][ T5900] usb 4-1: config 0 has an invalid interface number: 51 but max is 0
[  659.249656][ T5900] usb 4-1: config 0 has no interface number 0
[  659.424878][ T5900] usb 4-1: New USB device found, idVendor=061d, idProduct=c150, bcdDevice=ce.6f
[  659.439655][ T5900] usb 4-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  659.447889][ T5900] usb 4-1: Product: syz
[  659.453765][ T5900] usb 4-1: Manufacturer: syz
[  659.458537][ T5900] usb 4-1: SerialNumber: syz
[  659.547869][ T5900] usb 4-1: config 0 descriptor??
[  659.585922][ T5900] quatech2 4-1:0.51: Quatech 2nd gen USB to Serial Driver converter detected
[  659.828406][ T1216] usb 5-1: new high-speed USB device number 46 using dummy_hcd
[  660.758490][ T1216] usb 5-1: config 0 interface 0 altsetting 0 has an endpoint descriptor with address 0xFF, changing to 0x8F
[  660.802894][ T1216] usb 5-1: config 0 interface 0 altsetting 0 endpoint 0x8F has an invalid bInterval 0, changing to 7
[  660.821679][ T1216] usb 5-1: config 0 interface 0 altsetting 0 endpoint 0x8F has invalid wMaxPacketSize 0
[  660.838311][ T1216] usb 5-1: config 0 interface 0 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 21
[  660.866357][ T1216] usb 5-1: New USB device found, idVendor=047f, idProduct=ffff, bcdDevice= 0.00
[  660.880617][ T1216] usb 5-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  660.913868][ T1216] usb 5-1: config 0 descriptor??
[  661.372875][ T1216] plantronics 0003:047F:FFFF.0006: unknown main item tag 0x0
[  661.518327][ T1216] plantronics 0003:047F:FFFF.0006: unknown main item tag 0x0
[  661.631343][ T5900] usb 4-1: qt2_attach - failed to power on unit: -71
[  662.237652][ T5900] quatech2 4-1:0.51: probe with driver quatech2 failed with error -71
[  662.249709][ T1216] plantronics 0003:047F:FFFF.0006: unknown main item tag 0x0
[  662.840496][ T5900] usb 4-1: USB disconnect, device number 34
[  662.849520][ T1216] plantronics 0003:047F:FFFF.0006: unknown main item tag 0x0
[  662.856972][ T1216] plantronics 0003:047F:FFFF.0006: unknown main item tag 0x0
[  664.379750][ T1216] plantronics 0003:047F:FFFF.0006: unknown main item tag 0x0
[  664.541166][ T1216] plantronics 0003:047F:FFFF.0006: hiddev0,hidraw0: USB HID v0.40 Device [HID 047f:ffff] on usb-dummy_hcd.4-1/input0
[  664.603005][ T1216] usb 5-1: USB disconnect, device number 46
[  664.717863][T12754] netlink: 104 bytes leftover after parsing attributes in process `syz.4.1837'.
[  664.824675][T12751] fido_id[12751]: Failed to open report descriptor at '/sys/devices/platform/dummy_hcd.4/usb5/report_descriptor': No such file or directory
[  667.789690][T12784] tipc: Enabled bearer <eth:syzkaller0>, priority 0
[  667.836476][T12784] syzkaller0: entered promiscuous mode
[  667.853118][T12784] syzkaller0: entered allmulticast mode
[  667.884844][T12790] netlink: 104 bytes leftover after parsing attributes in process `syz.3.1847'.
[  667.951454][T12784] tipc: Resetting bearer <eth:syzkaller0>
[  667.982340][T12783] tipc: Resetting bearer <eth:syzkaller0>
[  668.054359][T12783] tipc: Disabling bearer <eth:syzkaller0>
[  668.839271][T12806] netlink: 28 bytes leftover after parsing attributes in process `syz.4.1851'.
[  673.100285][T12848] netlink: 'syz.2.1863': attribute type 1 has an invalid length.
[  673.219226][  T121] usb 6-1: new high-speed USB device number 44 using dummy_hcd
[  674.004822][  T121] usb 6-1: Using ep0 maxpacket: 32
[  674.021906][  T121] usb 6-1: config 0 has an invalid interface number: 51 but max is 0
[  674.039383][  T121] usb 6-1: config 0 has no interface number 0
[  674.057798][  T121] usb 6-1: New USB device found, idVendor=061d, idProduct=c150, bcdDevice=ce.6f
[  674.077296][  T121] usb 6-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  674.109105][  T121] usb 6-1: Product: syz
[  674.158559][  T121] usb 6-1: Manufacturer: syz
[  674.178356][  T121] usb 6-1: SerialNumber: syz
[  674.215660][  T121] usb 6-1: config 0 descriptor??
[  674.252320][  T121] quatech2 6-1:0.51: Quatech 2nd gen USB to Serial Driver converter detected
[  676.026845][  T121] usb 6-1: qt2_attach - failed to power on unit: -71
[  676.049556][  T121] quatech2 6-1:0.51: probe with driver quatech2 failed with error -71
[  676.141343][  T121] usb 6-1: USB disconnect, device number 44
[  680.892329][T12898] netlink: 8 bytes leftover after parsing attributes in process `syz.4.1876'.
[  682.939620][ T5900] usb 6-1: new high-speed USB device number 45 using dummy_hcd
[  683.119632][ T5900] usb 6-1: Using ep0 maxpacket: 32
[  683.415382][ T5900] usb 6-1: config 0 has an invalid interface number: 51 but max is 0
[  683.424085][ T5900] usb 6-1: config 0 has no interface number 0
[  683.438341][ T5900] usb 6-1: New USB device found, idVendor=061d, idProduct=c150, bcdDevice=ce.6f
[  683.458077][ T5900] usb 6-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  683.476191][ T5900] usb 6-1: Product: syz
[  683.480933][ T5900] usb 6-1: Manufacturer: syz
[  683.485670][ T5900] usb 6-1: SerialNumber: syz
[  683.504828][ T5900] usb 6-1: config 0 descriptor??
[  683.514964][ T5900] quatech2 6-1:0.51: Quatech 2nd gen USB to Serial Driver converter detected
[  683.669859][T12914] fuse: Bad value for 'fd'
[  684.265018][T12924] netlink: 40 bytes leftover after parsing attributes in process `syz.1.1884'.
[  684.304842][T12922] syzkaller0: entered promiscuous mode
[  684.334024][T12922] syzkaller0: entered allmulticast mode
[  685.214355][ T5900] usb 6-1: qt2_attach - failed to power on unit: -71
[  685.339636][ T5900] quatech2 6-1:0.51: probe with driver quatech2 failed with error -71
[  685.369970][T12939] netlink: 8 bytes leftover after parsing attributes in process `syz.3.1889'.
[  685.395251][ T5900] usb 6-1: USB disconnect, device number 45
[  685.861761][ T1301] ieee802154 phy0 wpan0: encryption failed: -22
[  687.024458][T12957] bridge_slave_0: entered allmulticast mode
[  689.051145][T13001] netlink: 8 bytes leftover after parsing attributes in process `syz.4.1908'.
[  690.922814][T13018] netlink: 16 bytes leftover after parsing attributes in process `syz.1.1912'.
[  691.002104][T13020] netlink: 16 bytes leftover after parsing attributes in process `syz.1.1912'.
[  692.368578][T13041] sch_tbf: burst 32855 is lower than device lo mtu (65550) !
[  692.600391][T13049] tipc: Enabling of bearer <eth:syzkaller0> rejected, failed to enable media
[  694.758359][ T1216] usb 5-1: new high-speed USB device number 47 using dummy_hcd
[  694.900417][T13078] netlink: 12 bytes leftover after parsing attributes in process `syz.2.1929'.
[  694.989505][ T1216] usb 5-1: Using ep0 maxpacket: 32
[  695.002950][ T1216] usb 5-1: config 0 has an invalid interface number: 51 but max is 0
[  695.012117][ T1216] usb 5-1: config 0 has no interface number 0
[  695.034253][ T1216] usb 5-1: New USB device found, idVendor=061d, idProduct=c150, bcdDevice=ce.6f
[  695.051823][ T1216] usb 5-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  695.078783][ T1216] usb 5-1: Product: syz
[  695.094411][ T1216] usb 5-1: Manufacturer: syz
[  695.109102][ T1216] usb 5-1: SerialNumber: syz
[  695.138461][ T1216] usb 5-1: config 0 descriptor??
[  695.191182][ T1216] quatech2 5-1:0.51: Quatech 2nd gen USB to Serial Driver converter detected
[  697.169767][ T1216] usb 5-1: qt2_attach - failed to power on unit: -71
[  697.176616][ T1216] quatech2 5-1:0.51: probe with driver quatech2 failed with error -71
[  697.246927][ T1216] usb 5-1: USB disconnect, device number 47
[  698.580028][T13116] netlink: 20 bytes leftover after parsing attributes in process `syz.3.1939'.
[  706.377440][T13154] virtio-fs: tag </dev/md0> not found
[  707.405925][ T1216] usb 5-1: new high-speed USB device number 48 using dummy_hcd
[  707.669559][ T1216] usb 5-1: Using ep0 maxpacket: 32
[  708.121063][ T1216] usb 5-1: config 0 has an invalid interface number: 51 but max is 0
[  708.201608][ T1216] usb 5-1: config 0 has no interface number 0
[  713.342166][ T1216] usb 5-1: New USB device found, idVendor=061d, idProduct=c150, bcdDevice=ce.6f
[  713.441096][ T1216] usb 5-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  713.512630][ T1216] usb 5-1: config 0 descriptor??
[  713.586243][ T1216] usb 5-1: can't set config #0, error -71
[  713.628161][ T1216] usb 5-1: USB disconnect, device number 48
[  715.118662][    T0] sched: DL replenish lagged too much
[  724.987114][T13178] netlink: 16 bytes leftover after parsing attributes in process `syz.2.1956'.
[  728.171892][ T5853] Bluetooth: hci5: unexpected cc 0x0c03 length: 249 > 1
[  728.184972][ T5853] Bluetooth: hci5: unexpected cc 0x1003 length: 249 > 9
[  728.194646][ T5853] Bluetooth: hci5: unexpected cc 0x1001 length: 249 > 9
[  728.203964][ T5853] Bluetooth: hci5: unexpected cc 0x0c23 length: 249 > 4
[  728.213560][ T5853] Bluetooth: hci5: unexpected cc 0x0c38 length: 249 > 2
[  729.258526][T10827] Bluetooth: hci6: unexpected cc 0x0c03 length: 249 > 1
[  729.270754][T10827] Bluetooth: hci6: unexpected cc 0x1003 length: 249 > 9
[  729.287205][T10827] Bluetooth: hci6: unexpected cc 0x1001 length: 249 > 9
[  729.300935][T10827] Bluetooth: hci6: unexpected cc 0x0c23 length: 249 > 4
[  729.312492][T10827] Bluetooth: hci6: unexpected cc 0x0c38 length: 249 > 2
[  729.570591][ T5853] Bluetooth: hci7: unexpected cc 0x0c03 length: 249 > 1
[  729.588768][ T5853] Bluetooth: hci7: unexpected cc 0x1003 length: 249 > 9
[  729.605149][ T5853] Bluetooth: hci7: unexpected cc 0x1001 length: 249 > 9
[  729.614797][ T5853] Bluetooth: hci7: unexpected cc 0x0c23 length: 249 > 4
[  729.624490][ T5853] Bluetooth: hci7: unexpected cc 0x0c38 length: 249 > 2
[  729.659622][   T10] usb 5-1: new high-speed USB device number 49 using dummy_hcd
[  729.839827][   T10] usb 5-1: Using ep0 maxpacket: 32
[  729.863276][   T10] usb 5-1: config 0 has an invalid interface number: 51 but max is 0
[  729.882221][   T10] usb 5-1: config 0 has no interface number 0
[  729.927924][   T10] usb 5-1: New USB device found, idVendor=061d, idProduct=c150, bcdDevice=ce.6f
[  729.963897][   T10] usb 5-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  729.989713][   T10] usb 5-1: Product: syz
[  730.003726][   T10] usb 5-1: Manufacturer: syz
[  730.038292][   T10] usb 5-1: SerialNumber: syz
[  730.064868][   T10] usb 5-1: config 0 descriptor??
[  730.108661][   T10] quatech2 5-1:0.51: Quatech 2nd gen USB to Serial Driver converter detected
[  730.259959][ T5853] Bluetooth: hci5: command tx timeout
[  731.133673][T13192] chnl_net:caif_netlink_parms(): no params data found
[  731.379597][ T5853] Bluetooth: hci6: command tx timeout
[  731.702829][ T5853] Bluetooth: hci7: command tx timeout
[  732.339980][ T5853] Bluetooth: hci5: command tx timeout
[  732.538244][   T10] usb 5-1: qt2_attach - failed to power on unit: -71
[  732.556937][   T10] quatech2 5-1:0.51: probe with driver quatech2 failed with error -71
[  732.609874][   T10] usb 5-1: USB disconnect, device number 49
[  733.159681][   T10] usb 5-1: new high-speed USB device number 50 using dummy_hcd
[  733.429125][   T10] usb 5-1: Using ep0 maxpacket: 16
[  733.454594][   T10] usb 5-1: config 1 has an invalid descriptor of length 97, skipping remainder of the config
[  733.468043][ T5853] Bluetooth: hci6: command tx timeout
[  733.487678][   T10] usb 5-1: config 1 has 1 interface, different from the descriptor's value: 3
[  733.508422][   T10] usb 5-1: New USB device found, idVendor=1d6b, idProduct=0101, bcdDevice= 0.40
[  733.518560][   T10] usb 5-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  733.535761][   T10] usb 5-1: Product: syz
[  733.554997][   T10] usb 5-1: Manufacturer: syz
[  733.565945][   T10] usb 5-1: SerialNumber: syz
[  733.779746][ T5853] Bluetooth: hci7: command tx timeout
[  733.811029][   T10] usb 5-1: 0:2 : does not exist
[  733.834281][   T10] usb 5-1: 5:0: failed to get current value for ch 0 (-22)
[  733.880860][   T10] usb 5-1: USB disconnect, device number 50
[  733.963087][T13193] udevd[13193]: error opening ATTR{/sys/devices/platform/dummy_hcd.4/usb5/5-1/5-1:1.0/sound/card3/controlC3/../uevent} for writing: No such file or directory
[  734.420113][ T5853] Bluetooth: hci5: command tx timeout
[  735.541356][ T5853] Bluetooth: hci6: command tx timeout
[  735.859686][ T5853] Bluetooth: hci7: command tx timeout
[  736.501376][ T5853] Bluetooth: hci5: command tx timeout
[  737.620161][ T5853] Bluetooth: hci6: command tx timeout
[  737.941349][ T5853] Bluetooth: hci7: command tx timeout
[  747.326133][ T1301] ieee802154 phy0 wpan0: encryption failed: -22
[  749.320758][T10827] Bluetooth: hci8: unexpected cc 0x0c03 length: 249 > 1
[  749.336178][T10827] Bluetooth: hci8: unexpected cc 0x1003 length: 249 > 9
[  749.348345][T10827] Bluetooth: hci8: unexpected cc 0x1001 length: 249 > 9
[  749.357851][T10827] Bluetooth: hci8: unexpected cc 0x0c23 length: 249 > 4
[  749.366968][T10827] Bluetooth: hci8: unexpected cc 0x0c38 length: 249 > 2
[  751.177968][ T5853] Bluetooth: hci9: unexpected cc 0x0c03 length: 249 > 1
[  751.200053][ T5853] Bluetooth: hci9: unexpected cc 0x1003 length: 249 > 9
[  751.211335][ T5853] Bluetooth: hci9: unexpected cc 0x1001 length: 249 > 9
[  751.222888][ T5853] Bluetooth: hci9: unexpected cc 0x0c23 length: 249 > 4
[  751.236655][ T5853] Bluetooth: hci9: unexpected cc 0x0c38 length: 249 > 2
[  751.459942][ T5853] Bluetooth: hci8: command tx timeout
[  753.299854][ T5853] Bluetooth: hci9: command tx timeout
[  753.541235][ T5853] Bluetooth: hci8: command tx timeout
[  755.383610][ T5853] Bluetooth: hci9: command tx timeout
[  755.619648][ T5853] Bluetooth: hci8: command tx timeout
[  757.459780][ T5853] Bluetooth: hci9: command tx timeout
[  757.699720][ T5853] Bluetooth: hci8: command tx timeout
[  759.548461][ T5853] Bluetooth: hci9: command tx timeout
[  786.120517][T10827] Bluetooth: hci10: unexpected cc 0x0c03 length: 249 > 1
[  786.133121][T10827] Bluetooth: hci10: unexpected cc 0x1003 length: 249 > 9
[  786.167345][T10827] Bluetooth: hci10: unexpected cc 0x1001 length: 249 > 9
[  786.182053][T10827] Bluetooth: hci10: unexpected cc 0x0c23 length: 249 > 4
[  786.193673][T10827] Bluetooth: hci10: unexpected cc 0x0c38 length: 249 > 2
[  786.322662][ T5853] Bluetooth: hci11: unexpected cc 0x0c03 length: 249 > 1
[  786.334013][ T5853] Bluetooth: hci11: unexpected cc 0x1003 length: 249 > 9
[  786.345256][ T5853] Bluetooth: hci11: unexpected cc 0x1001 length: 249 > 9
[  786.374826][ T5853] Bluetooth: hci11: unexpected cc 0x0c23 length: 249 > 4
[  786.388455][ T5853] Bluetooth: hci11: unexpected cc 0x0c38 length: 249 > 2
[  786.506715][ T5853] Bluetooth: hci12: unexpected cc 0x0c03 length: 249 > 1
[  786.518182][ T5853] Bluetooth: hci12: unexpected cc 0x1003 length: 249 > 9
[  786.528232][ T5853] Bluetooth: hci12: unexpected cc 0x1001 length: 249 > 9
[  786.538714][ T5853] Bluetooth: hci12: unexpected cc 0x0c23 length: 249 > 4
[  786.547965][ T5853] Bluetooth: hci12: unexpected cc 0x0c38 length: 249 > 2
[  788.260583][T10827] Bluetooth: hci10: command tx timeout
[  788.499790][T10827] Bluetooth: hci11: command tx timeout
[  788.660281][T10827] Bluetooth: hci12: command tx timeout
[  790.342882][T10827] Bluetooth: hci10: command tx timeout
[  790.579848][T10827] Bluetooth: hci11: command tx timeout
[  790.739998][T10827] Bluetooth: hci12: command tx timeout
[  792.423745][T10827] Bluetooth: hci10: command tx timeout
[  792.660121][T10827] Bluetooth: hci11: command tx timeout
[  792.820422][T10827] Bluetooth: hci12: command tx timeout
[  794.500295][T10827] Bluetooth: hci10: command tx timeout
[  794.740893][T10827] Bluetooth: hci11: command tx timeout
[  794.899672][T10827] Bluetooth: hci12: command tx timeout
[  808.746980][ T1301] ieee802154 phy0 wpan0: encryption failed: -22
[  810.190910][ T5853] Bluetooth: hci13: unexpected cc 0x0c03 length: 249 > 1
[  810.203969][ T5853] Bluetooth: hci13: unexpected cc 0x1003 length: 249 > 9
[  810.214678][ T5853] Bluetooth: hci13: unexpected cc 0x1001 length: 249 > 9
[  810.227855][ T5853] Bluetooth: hci13: unexpected cc 0x0c23 length: 249 > 4
[  810.242346][ T5853] Bluetooth: hci13: unexpected cc 0x0c38 length: 249 > 2
[  811.676271][ T5853] Bluetooth: hci14: unexpected cc 0x0c03 length: 249 > 1
[  811.698844][ T5853] Bluetooth: hci14: unexpected cc 0x1003 length: 249 > 9
[  811.715089][ T5853] Bluetooth: hci14: unexpected cc 0x1001 length: 249 > 9
[  811.724863][ T5853] Bluetooth: hci14: unexpected cc 0x0c23 length: 249 > 4
[  811.735114][ T5853] Bluetooth: hci14: unexpected cc 0x0c38 length: 249 > 2
[  812.340100][ T5853] Bluetooth: hci13: command tx timeout
[  813.783015][ T5853] Bluetooth: hci14: command tx timeout
[  814.419873][ T5853] Bluetooth: hci13: command tx timeout
[  815.859771][ T5853] Bluetooth: hci14: command tx timeout
[  816.500942][ T5853] Bluetooth: hci13: command tx timeout
[  817.941009][ T5853] Bluetooth: hci14: command tx timeout
[  818.585275][ T5853] Bluetooth: hci13: command tx timeout
[  820.019910][ T5853] Bluetooth: hci14: command tx timeout
[  831.948977][    C1] rcu: INFO: rcu_preempt detected stalls on CPUs/tasks:
[  831.956061][    C1] rcu: 	Tasks blocked on level-0 rcu_node (CPUs 0-1): P10631
[  831.964422][    C1] rcu: 	(detected by 1, t=10503 jiffies, g=48985, q=641814 ncpus=2)
[  831.973474][    C1] task:syz.5.1218      state:R  running task     stack:24456 pid:10631 tgid:10631 ppid:6482   task_flags:0x40044c flags:0x0000400c
[  831.988923][    C1] Call Trace:
[  831.992505][    C1]  <IRQ>
[  831.995484][    C1]  sched_show_task+0x49d/0x630
[  832.000460][    C1]  ? __pfx_sched_show_task+0x10/0x10
[  832.007742][    C1]  ? rcu_dump_cpu_stacks+0x79/0x4e0
[  832.016200][    C1]  ? wq_watchdog_touch+0xef/0x180
[  832.022141][    C1]  print_other_cpu_stall+0xfa6/0x1370
[  832.027877][    C1]  ? __asan_memcpy+0x40/0x70
[  832.032675][    C1]  ? __pfx_print_other_cpu_stall+0x10/0x10
[  832.040360][    C1]  rcu_sched_clock_irq+0x9d1/0x1090
[  832.045687][    C1]  ? __pfx_rcu_sched_clock_irq+0x10/0x10
[  832.051367][    C1]  update_process_times+0x23c/0x2f0
[  832.056634][    C1]  tick_nohz_handler+0x39a/0x520
[  832.062842][    C1]  ? __pfx_tick_nohz_handler+0x10/0x10
[  832.068742][    C1]  __hrtimer_run_queues+0x4e0/0xc60
[  832.075564][    C1]  ? __pfx___hrtimer_run_queues+0x10/0x10
[  832.082180][    C1]  ? ktime_get_update_offsets_now+0x3ab/0x3d0
[  832.089325][    C1]  hrtimer_interrupt+0x45b/0xaa0
[  832.094736][    C1]  __sysvec_apic_timer_interrupt+0x108/0x410
[  832.100814][    C1]  sysvec_apic_timer_interrupt+0x52/0xc0
[  832.107238][    C1]  asm_sysvec_apic_timer_interrupt+0x1a/0x20
[  832.114190][    C1] RIP: 0010:__sanitizer_cov_trace_pc+0x11/0x70
[  832.120440][    C1] Code: 5b e9 53 8e 56 00 cc cc cc 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 f3 0f 1e fa 48 8b 04 24 65 48 8b 0c 25 08 10 9d 92 <65> 8b 15 c8 dd dc 10 81 e2 00 01 ff 00 74 11 81 fa 00 01 00 00 75
[  832.144772][    C1] RSP: 0018:ffffc90000a07d50 EFLAGS: 00000246
[  832.152270][    C1] RAX: ffffffff8474134c RBX: ffffc90000a07f34 RCX: ffff888031070000
[  832.161046][    C1] RDX: 0000000000000100 RSI: 0000000000000000 RDI: 0000000000000000
[  832.169642][    C1] RBP: 0000000000000000 R08: ffff888031070000 R09: 0000000000000002
[  832.179891][    C1] R10: 000000000000002f R11: 0000000000000100 R12: ffff8880675b7000
[  832.190937][    C1] R13: ffff8880675b6640 R14: ffff8880675b6640 R15: 1ffff92000140fb8
[  832.200081][    C1]  ? security_xfrm_decode_session+0x6c/0x2c0
[  832.207652][    C1]  security_xfrm_decode_session+0x6c/0x2c0
[  832.216194][    C1]  __xfrm_decode_session+0x712/0xb80
[  832.224882][    C1]  ? __pfx_ip_route_output_key_hash+0x10/0x10
[  832.232311][    C1]  ? __pfx___xfrm_decode_session+0x10/0x10
[  832.239846][    C1]  ? ip_route_output_flow+0xe6/0x150
[  832.245697][    C1]  ip_route_me_harder+0x91c/0xfe0
[  832.252861][    C1]  ? __pfx_ip_route_me_harder+0x10/0x10
[  832.259009][    C1]  synproxy_send_tcp+0x359/0x6c0
[  832.266902][    C1]  synproxy_send_client_synack+0x8bb/0xe20
[  832.276273][    C1]  ? __pfx_synproxy_send_client_synack+0x10/0x10
[  832.283860][    C1]  ? nft_symhash_reduce+0x4c8/0x560
[  832.289620][    C1]  ? synproxy_pernet+0x45/0x270
[  832.295042][    C1]  nft_synproxy_eval_v4+0x36e/0x560
[  832.301055][    C1]  ? __pfx_nft_synproxy_eval_v4+0x10/0x10
[  832.310808][    C1]  ? nf_ip_checksum+0x13c/0x510
[  832.317698][    C1]  nft_synproxy_do_eval+0x345/0x570
[  832.323310][    C1]  ? __pfx_nft_synproxy_do_eval+0x10/0x10
[  832.330599][    C1]  ? __queue_work+0x103/0xfe0
[  832.336064][    C1]  ? __queue_work+0xc80/0xfe0
[  832.341836][    C1]  nft_do_chain+0x40c/0x1920
[  832.347143][    C1]  ? __pfx__raw_spin_unlock_irqrestore+0x10/0x10
[  832.354515][    C1]  ? __pfx_nft_do_chain+0x10/0x10
[  832.361231][    C1]  ? __pfx_nf_nat_inet_fn+0x10/0x10
[  832.367363][    C1]  nft_do_chain_inet+0x25d/0x340
[  832.374687][    C1]  ? __pfx_nft_do_chain_inet+0x10/0x10
[  832.381411][    C1]  ? ipt_do_table+0x2a3/0x1630
[  832.388254][    C1]  ? nf_nat_ipv4_local_in+0x223/0x720
[  832.396137][    C1]  ? __pfx_nft_do_chain_inet+0x10/0x10
[  832.403341][    C1]  nf_hook_slow+0xc2/0x220
[  832.410403][    C1]  NF_HOOK+0x206/0x3a0
[  832.416141][    C1]  ? __pfx_ip_local_deliver_finish+0x10/0x10
[  832.424369][    C1]  ? NF_HOOK+0x9a/0x3a0
[  832.431635][    C1]  ? __pfx_NF_HOOK+0x10/0x10
[  832.438964][    C1]  ? ip_rcv_finish_core+0xda3/0x1c00
[  832.446702][    C1]  ? __pfx_ip_local_deliver_finish+0x10/0x10
[  832.454826][    C1]  ? skb_dst+0x4f/0xd0
[  832.459472][    C1]  ? ip_local_deliver+0x12a/0x1b0
[  832.464554][    C1]  NF_HOOK+0x30c/0x3a0
[  832.469076][    C1]  ? __pfx_ip_rcv_finish+0x10/0x10
[  832.475175][    C1]  ? NF_HOOK+0x9a/0x3a0
[  832.480186][    C1]  ? __pfx_NF_HOOK+0x10/0x10
[  832.485762][    C1]  ? ip_rcv_core+0x7f7/0xd00
[  832.491081][    C1]  ? __pfx_ip_rcv_finish+0x10/0x10
[  832.496464][    C1]  ? __pfx_ip_rcv+0x10/0x10
[  832.501439][    C1]  __netif_receive_skb+0x143/0x380
[  832.508510][    C1]  ? process_backlog+0x2d5/0x14f0
[  832.514698][    C1]  process_backlog+0x60e/0x14f0
[  832.522469][    C1]  ? __pfx_process_backlog+0x10/0x10
[  832.529955][    C1]  ? do_raw_spin_lock+0x121/0x290
[  832.536031][    C1]  __napi_poll+0xc4/0x480
[  832.540676][    C1]  ? net_rx_action+0x46d/0xe30
[  832.547489][    C1]  net_rx_action+0x707/0xe30
[  832.553100][    C1]  ? __pfx_net_rx_action+0x10/0x10
[  832.559460][    C1]  handle_softirqs+0x283/0x870
[  832.565240][    C1]  ? __irq_exit_rcu+0xca/0x1f0
[  832.570599][    C1]  ? __pfx_handle_softirqs+0x10/0x10
[  832.577205][    C1]  ? irq_work_single+0x1ac/0x240
[  832.583207][    C1]  ? irqtime_account_irq+0xb6/0x1c0
[  832.588698][    C1]  __irq_exit_rcu+0xca/0x1f0
[  832.593607][    C1]  ? __pfx___irq_exit_rcu+0x10/0x10
[  832.599314][    C1]  ? rcu_is_watching+0x15/0xb0
[  832.604535][    C1]  irq_exit_rcu+0x9/0x30
[  832.610649][    C1]  sysvec_irq_work+0xa3/0xc0
[  832.617302][    C1]  </IRQ>
[  832.621397][    C1]  <TASK>
[  832.624707][    C1]  asm_sysvec_irq_work+0x1a/0x20
[  832.631236][    C1] RIP: 0010:finish_task_switch+0x26b/0x950
[  832.637899][    C1] Code: 0f 84 3c 01 00 00 48 85 db 0f 85 63 01 00 00 e9 27 05 00 00 4c 8b 75 d0 4c 89 e7 e8 ef ca d8 09 e8 3a c4 35 00 fb 4c 8b 65 c0 <49> 8d bc 24 18 16 00 00 48 89 f8 48 c1 e8 03 42 0f b6 04 28 84 c0
[  832.662675][    C1] RSP: 0018:ffffc90003d3eff8 EFLAGS: 00000282
[  832.671727][    C1] RAX: 8f8cc37ce539bd00 RBX: 0000000000000000 RCX: 8f8cc37ce539bd00
[  832.685501][    C1] RDX: 0000000000000007 RSI: ffffffff8d98544c RDI: ffffffff8be1ca00
[  832.695447][    C1] RBP: ffffc90003d3f050 R08: ffffffff8fa0cbf7 R09: 1ffffffff1f4197e
[  832.704491][    C1] R10: dffffc0000000000 R11: fffffbfff1f4197f R12: ffff888031070000
[  832.715405][    C1] R13: dffffc0000000000 R14: ffff88802ad33c00 R15: ffff8880b873a9d8
[  832.727448][    C1]  ? finish_task_switch+0x266/0x950
[  832.733718][    C1]  __schedule+0x16aa/0x4cb0
[  832.740721][    C1]  ? preempt_schedule_common+0x83/0xd0
[  832.748603][    C1]  ? __pfx___schedule+0x10/0x10
[  832.753831][    C1]  ? __lock_acquire+0xab9/0xd20
[  832.759192][    C1]  ? preempt_schedule+0xae/0xc0
[  832.765392][    C1]  preempt_schedule_common+0x83/0xd0
[  832.771243][    C1]  preempt_schedule+0xae/0xc0
[  832.776469][    C1]  ? __pfx_preempt_schedule+0x10/0x10
[  832.783690][    C1]  ? __folio_rmap_sanity_checks+0x30d/0x700
[  832.792652][    C1]  preempt_schedule_thunk+0x16/0x30
[  832.798419][    C1]  _raw_spin_unlock+0x3f/0x50
[  832.804215][    C1]  unmap_page_range+0x3842/0x41c0
[  832.812008][    C1]  ? __pfx_unmap_page_range+0x10/0x10
[  832.817618][    C1]  ? unmap_vmas+0x144/0x580
[  832.823134][    C1]  unmap_vmas+0x399/0x580
[  832.831585][    C1]  ? __pfx_unmap_vmas+0x10/0x10
[  832.837749][    C1]  exit_mmap+0x248/0xb50
[  832.844610][    C1]  ? uprobe_clear_state+0x20f/0x290
[  832.850956][    C1]  ? __pfx_exit_mmap+0x10/0x10
[  832.855908][    C1]  ? __mutex_unlock_slowpath+0x1cd/0x700
[  832.862081][    C1]  ? __pfx_exit_aio+0x10/0x10
[  832.866791][    C1]  ? uprobe_clear_state+0x274/0x290
[  832.873233][    C1]  ? mm_update_next_owner+0xa7/0x870
[  832.880470][    C1]  __mmput+0x118/0x410
[  832.884796][    C1]  exit_mm+0x1da/0x2c0
[  832.889700][    C1]  ? __pfx_exit_mm+0x10/0x10
[  832.895641][    C1]  ? hrtimer_try_to_cancel+0x3d9/0x420
[  832.902335][    C1]  ? rcu_is_watching+0x15/0xb0
[  832.909004][    C1]  do_exit+0x648/0x22e0
[  832.914090][    C1]  ? __pfx_do_raw_spin_lock+0x10/0x10
[  832.923166][    C1]  ? do_raw_spin_lock+0x121/0x290
[  832.929101][    C1]  ? __pfx_do_exit+0x10/0x10
[  832.934061][    C1]  do_group_exit+0x21c/0x2d0
[  832.940513][    C1]  ? lockdep_hardirqs_on+0x9c/0x150
[  832.946923][    C1]  get_signal+0x125e/0x1310
[  832.951724][    C1]  arch_do_signal_or_restart+0x9a/0x750
[  832.957405][    C1]  ? __pfx_get_timespec64+0x10/0x10
[  832.962905][    C1]  ? __pfx_arch_do_signal_or_restart+0x10/0x10
[  832.969293][    C1]  ? exit_to_user_mode_loop+0x40/0x110
[  832.977019][    C1]  exit_to_user_mode_loop+0x75/0x110
[  832.983111][    C1]  do_syscall_64+0x2bd/0x3b0
[  832.987919][    C1]  ? lockdep_hardirqs_on+0x9c/0x150
[  832.993230][    C1]  ? entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  832.999833][    C1]  ? clear_bhb_loop+0x60/0xb0
[  833.010265][    C1]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  833.017080][    C1] RIP: 0033:0x7f57b93c11e5
[  833.021805][    C1] Code: Unable to access opcode bytes at 0x7f57b93c11bb.
[  833.030368][    C1] RSP: 002b:00007f57ba127f80 EFLAGS: 00000293 ORIG_RAX: 00000000000000e6
[  833.041033][    C1] RAX: fffffffffffffdfc RBX: 00007f57b95b6080 RCX: 00007f57b93c11e5
[  833.051053][    C1] RDX: 00007f57ba127fc0 RSI: 0000000000000000 RDI: 0000000000000000
[  833.060229][    C1] RBP: 00007f57b9410b39 R08: 0000000000000000 R09: 0000000000000000
[  833.069270][    C1] R10: 0000000000000000 R11: 0000000000000293 R12: 0000000000000000
[  833.080518][    C1] R13: 0000000000000000 R14: 00007f57b95b6080 R15: 00007ffc161f01a8
[  833.088764][    C1]  </TASK>
SYZFAIL: failed to recv rpc
fd=3 want=4 recv=0 n=0 (errno 9: Bad file descriptor)