last executing test programs:

6m9.881231473s ago: executing program 3 (id=646):
socket$nl_route(0x10, 0x3, 0x0)
r0 = syz_open_dev$loop(0x0, 0x6, 0x81)
ioctl$BLKSECDISCARD(r0, 0x127d, &(0x7f0000000300)=0x380000000000000)
openat$rdma_cm(0xffffffffffffff9c, 0x0, 0x2, 0x0)
r1 = io_uring_setup(0x598, &(0x7f0000000300)={0x0, 0x77ae, 0x400, 0x8000002, 0x3d7})
r2 = syz_open_dev$vbi(&(0x7f0000000000), 0x1, 0x2)
ioctl$VHOST_VDPA_GET_DEVICE_ID(0xffffffffffffffff, 0x8004af70, 0x0)
syz_genetlink_get_family_id$nl80211(0x0, 0xffffffffffffffff)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0)
sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x7)
r3 = getpid()
sched_setscheduler(r3, 0x2, &(0x7f0000000200)=0x4)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeef, 0x8031, 0xffffffffffffffff, 0x0)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={<r4=>0xffffffffffffffff, <r5=>0xffffffffffffffff})
connect$unix(r4, &(0x7f000057eff8)=@file={0x0, './file0\x00'}, 0x6e)
sendmmsg$unix(r5, &(0x7f0000000000), 0x400000000000041, 0x0)
sched_setaffinity(r3, 0x0, 0x0)
recvmmsg(r4, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
socket$nl_generic(0x10, 0x3, 0x10)
ioctl$VIDIOC_CREATE_BUFS(r2, 0xc100565c, &(0x7f00000013c0)={0x200, 0x2, 0x2, {0x5, @vbi={0xb5, 0x0, 0x3, 0x20363159, [0x0, 0x8000000], [0x8200, 0x1]}}, 0x4})
sendmsg$nl_route(0xffffffffffffffff, &(0x7f0000000680)={0x0, 0x0, &(0x7f0000000240)={&(0x7f00000000c0)=ANY=[], 0x20}, 0x1, 0x0, 0x0, 0x20000824}, 0x20004000)
ioctl$VIDIOC_QBUF(r2, 0xc058565d, &(0x7f0000000200)=@fd={0x0, 0x5, 0x0, 0x10, 0x0, {}, {0x0, 0x0, 0x0, 0x0, 0x0, 0x0, "001500"}, 0x0, 0x2, {}, 0x58603})
process_vm_writev(r3, &(0x7f0000000000), 0x0, 0x0, 0x0, 0x0)
close_range(r1, 0xffffffffffffffff, 0x0)

6m7.663731841s ago: executing program 3 (id=648):
socket$l2tp(0x2, 0x2, 0x73)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
socket$inet_udp(0x2, 0x2, 0x0)
syz_emit_ethernet(0x66, &(0x7f00000002c0)=ANY=[@ANYBLOB="aaaaaaaaaaaaaaaaaaaaaa020000000000000000000000000000ff020000d916427e0000000000000001020090780000000060b300000000110000000000000d000000000000000000000020438ba0b217000000000000000000ffffe00000010000000000000000000000002cf7f7433d6f12a1ed1b6d3b5f32e904d5964285e5091cfe79fb5ac4fd0273b1156530a37d3cb8d0a3f007c36ab71e99881729662e0f68a28fc0b888c64d66fd94e60018e3716fbcb60472d96b8174d25690b5cf5f9424ea42d392dbea06da1fe339910096394648b31ca6aaf1caa200"/229], 0x0)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0)
sched_setaffinity(0x0, 0x8, &(0x7f0000000280)=0x2)
connect$unix(0xffffffffffffffff, &(0x7f000057eff8)=@abs, 0x6e)
r0 = openat$vga_arbiter(0xffffffffffffff9c, 0x0, 0x1c0002, 0x0)
write$vga_arbiter(r0, 0x0, 0x0)
sendmmsg$unix(0xffffffffffffffff, &(0x7f00000bd000), 0x318, 0x0)
recvmmsg(0xffffffffffffffff, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
ioctl$TIOCSETD(0xffffffffffffffff, 0x5423, &(0x7f0000000040)=0x1b)
writev(0xffffffffffffffff, 0x0, 0x0)
ptrace(0x10, 0x1)
bind$alg(0xffffffffffffffff, 0x0, 0x0)
setsockopt$ALG_SET_KEY(0xffffffffffffffff, 0x117, 0x1, &(0x7f0000c18000), 0x0)
r1 = syz_open_dev$dri(&(0x7f0000000000), 0x0, 0x0)
ioctl$DRM_IOCTL_MODE_CREATE_DUMB(r1, 0xc02064b2, &(0x7f0000000040)={0x5, 0x6576, 0x9})
mmap(&(0x7f0000001000/0x4000)=nil, 0x4000, 0x4, 0x11, r1, 0x100000000)
move_pages(0x0, 0x20a0, &(0x7f0000000040), &(0x7f0000001180), &(0x7f0000000000), 0x0)
r2 = socket$key(0xf, 0x3, 0x2)
sendmsg$key(r2, &(0x7f0000000180)={0x0, 0x0, &(0x7f0000000140)={&(0x7f0000000280)=ANY=[@ANYBLOB="0206fc030100002000"], 0x20}}, 0x0)
socket$kcm(0x2, 0x5, 0x73)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)

6m3.199832992s ago: executing program 3 (id=660):
syz_open_dev$video(&(0x7f0000000040), 0x9, 0x0)
r0 = syz_open_procfs(0x0, &(0x7f0000000000)='fd/3\x00')
socket$inet_udplite(0x2, 0x2, 0x88)
socket(0x10, 0x80002, 0x0)
socket$xdp(0x2c, 0x3, 0x0)
r1 = syz_open_dev$sndmidi(&(0x7f0000000100), 0x2, 0x141121)
dup(r1)
pselect6(0x40, &(0x7f00000001c0)={0x0, 0x0, 0x3, 0xfffffffffffffffd, 0xfffffffffffffffc, 0x4, 0xffffffffffffffff}, 0x0, &(0x7f00000002c0)={0x3ff, 0x2, 0x3, 0x9, 0x0, 0x0, 0x7fffffff}, 0x0, 0x0)
ioctl$VIDIOC_S_CTRL(r0, 0xc008561c, &(0x7f0000000080)={0xf0f041})

6m1.370293723s ago: executing program 3 (id=665):
mkdirat(0xffffffffffffff9c, &(0x7f0000000040)='./file0\x00', 0x0)
mount$bind(&(0x7f0000000380)='./file0\x00', &(0x7f0000000200)='./file0\x00', 0x0, 0x2125099, 0x0)
mount$bind(0x0, &(0x7f00000005c0)='./file0\x00', 0x0, 0x100000, 0x0)
r0 = open_tree(0xffffffffffffff9c, &(0x7f0000000640)='\x00', 0x89901)
move_mount(r0, &(0x7f0000000140)='.\x00', 0xffffffffffffff9c, &(0x7f0000000180)='./file0\x00', 0x0)
mount$bind(&(0x7f00000003c0)='./file0\x00', &(0x7f0000000440)='./file0/file0\x00', 0x0, 0x12f451, 0x0)
mount$bind(&(0x7f00000000c0)='./file0/file0/file0\x00', &(0x7f0000000080)='./file0/file0/file0\x00', 0x0, 0x80700a, 0x0)
umount2(&(0x7f0000000280)='./file0/file0/file0\x00', 0xa)

5m59.265203443s ago: executing program 3 (id=667):
prlimit64(0x0, 0xe, &(0x7f0000000040)={0x8, 0x8b}, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000080)=0x8)
r0 = getpid()
sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2)
sched_setscheduler(r0, 0x2, &(0x7f0000000200)=0x7)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={<r1=>0xffffffffffffffff, <r2=>0xffffffffffffffff})
connect$unix(r1, &(0x7f000057eff8), 0x6e)
sendmmsg$unix(r2, &(0x7f0000000000), 0x651, 0x0)
recvmmsg(r1, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
bpf$MAP_CREATE(0x0, &(0x7f00000009c0)=ANY=[@ANYBLOB="0a00000004000000fd0f0000"], 0x48)
bpf$PROG_LOAD(0x5, 0x0, 0x0)
sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2)
bpf$MAP_CREATE(0x100000000000000, 0x0, 0x50)
r3 = inotify_init()
inotify_add_watch(r3, &(0x7f0000000000)='.\x00', 0x1400037e)
mkdir(&(0x7f0000000540)='./file0\x00', 0x108)
mkdir(&(0x7f0000000040)='./file1\x00', 0x0)
mkdir(&(0x7f0000000240)='./file0\x00', 0x0)
pipe(&(0x7f0000000380)={0xffffffffffffffff, <r4=>0xffffffffffffffff})
setsockopt$inet_tcp_int(0xffffffffffffffff, 0x6, 0x10000000013, &(0x7f0000000180)=0x1, 0x4)
setsockopt$inet_tcp_int(0xffffffffffffffff, 0x6, 0x14, &(0x7f00000000c0)=0x100000001, 0x4)
connect$inet(0xffffffffffffffff, &(0x7f0000000300)={0x2, 0x0, @remote}, 0x10)
sendto$inet(0xffffffffffffffff, &(0x7f0000000200)="e1", 0xfea8, 0x0, 0x0, 0x0)
splice(0xffffffffffffffff, 0x0, r4, 0x0, 0xfea8, 0xa)

5m58.349273381s ago: executing program 3 (id=670):
socket$nl_netfilter(0x10, 0x3, 0xc)
syz_genetlink_get_family_id$ethtool(0x0, 0xffffffffffffffff)
r0 = socket(0x2a, 0x2, 0x0)
ioctl$SIOCSIFMTU(r0, 0x541b, 0x0)
socketpair$unix(0x1, 0x3, 0x0, &(0x7f0000000080)={<r1=>0xffffffffffffffff, <r2=>0xffffffffffffffff})
connect$unix(r1, &(0x7f000057eff8)=@abs, 0x6e)
sendmmsg$unix(r2, &(0x7f00000bd000), 0x318, 0x0)
recvmmsg(r1, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
sched_setattr(0x0, &(0x7f0000000280)={0x38, 0x5, 0x8, 0x8001, 0x0, 0x9, 0x0, 0xfffffe0000000001, 0xfa11, 0xffffffff}, 0x0)
r3 = socket$nl_route(0x10, 0x3, 0x0)
sendmsg$nl_route_sched(r3, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000200)={&(0x7f0000000340)=@newtaction={0x94, 0x30, 0xffff, 0x70bd29, 0x0, {0x0, 0x0, 0x1300}, [{0x80, 0x1, [@m_mirred={0x30, 0x1, 0x0, 0x0, {{0xb}, {0x4}, {0x4}, {0xc}, {0xc}}}, @m_csum={0x4c, 0x2, 0x0, 0x0, {{0x9}, {0x20, 0x2, 0x0, 0x1, [@TCA_CSUM_PARMS={0x1c, 0x1, {{0x6, 0x7ab, 0x4, 0x6, 0x2}, 0x1d}}]}, {0x4}, {0xc}, {0xc}}}]}]}, 0x94}}, 0x24008844)
madvise(&(0x7f0000a93000/0x4000)=nil, 0x4000, 0x80000000e)
mremap(&(0x7f0000a96000/0x1000)=nil, 0x1000, 0x800000, 0x3, &(0x7f0000130000/0x800000)=nil)
mlock(&(0x7f0000000000/0x800000)=nil, 0x800000)
mremap(&(0x7f000054e000/0x1000)=nil, 0x1000, 0x3000, 0x3, &(0x7f000022c000/0x3000)=nil)
r4 = bpf$BPF_BTF_LOAD(0x12, 0x0, 0x0)
mmap(&(0x7f0000000000/0xff5000)=nil, 0xff5000, 0x1000002, 0x200000005c831, 0xffffffffffffffff, 0x0)
bpf$PROG_LOAD(0x5, &(0x7f0000000500)={0x3, 0x0, 0x0, 0x0, 0x3, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback=0x15, r4, 0x8, 0x0, 0xff9e, 0x10, 0x0, 0x0, 0x0, 0xffffffffffffffff, 0xfffffffffffffedb, 0x0, 0x0, 0x10, 0x4}, 0x94)
remap_file_pages(&(0x7f0000800000/0x800000)=nil, 0x800000, 0x0, 0x0, 0x0)
bpf$PROG_LOAD(0x5, &(0x7f00000054c0)={0x4, 0x16, &(0x7f0000000180)=ANY=[@ANYBLOB="611230000000000061134c0000000000bf2000000000000015000200071b1750bd030100000000009500000000000000bc26080000000000bf67000000000000070300000fff0700670200000300000016060a000ee600f0bf050000000000000f650000000000006507f4ff02000000070700004c0040001f75000000000000bf54000000000000070500000300f9ffad430100000000009500000000000000050000000000000095000000000000004d9bd591d568253e9988431ec068e3a82983d58719d72183f2cb7f43dd55788be820b236dcb695dbfd737cbf719506d2d6b05fe7030586"], &(0x7f0000000100)='GPL\x00'}, 0x48)
r5 = openat(0xffffffffffffff9c, &(0x7f0000000200)='./cgroup\x00', 0x0, 0x0)
ioctl$TIOCGSID(0xffffffffffffffff, 0x5429, &(0x7f0000000040))
getdents64(r5, &(0x7f0000001f00)=""/4093, 0xffd)
socket$netlink(0x10, 0x3, 0x0)
socket$inet_sctp(0x2, 0x1, 0x84)

5m57.415290613s ago: executing program 32 (id=670):
socket$nl_netfilter(0x10, 0x3, 0xc)
syz_genetlink_get_family_id$ethtool(0x0, 0xffffffffffffffff)
r0 = socket(0x2a, 0x2, 0x0)
ioctl$SIOCSIFMTU(r0, 0x541b, 0x0)
socketpair$unix(0x1, 0x3, 0x0, &(0x7f0000000080)={<r1=>0xffffffffffffffff, <r2=>0xffffffffffffffff})
connect$unix(r1, &(0x7f000057eff8)=@abs, 0x6e)
sendmmsg$unix(r2, &(0x7f00000bd000), 0x318, 0x0)
recvmmsg(r1, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
sched_setattr(0x0, &(0x7f0000000280)={0x38, 0x5, 0x8, 0x8001, 0x0, 0x9, 0x0, 0xfffffe0000000001, 0xfa11, 0xffffffff}, 0x0)
r3 = socket$nl_route(0x10, 0x3, 0x0)
sendmsg$nl_route_sched(r3, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000200)={&(0x7f0000000340)=@newtaction={0x94, 0x30, 0xffff, 0x70bd29, 0x0, {0x0, 0x0, 0x1300}, [{0x80, 0x1, [@m_mirred={0x30, 0x1, 0x0, 0x0, {{0xb}, {0x4}, {0x4}, {0xc}, {0xc}}}, @m_csum={0x4c, 0x2, 0x0, 0x0, {{0x9}, {0x20, 0x2, 0x0, 0x1, [@TCA_CSUM_PARMS={0x1c, 0x1, {{0x6, 0x7ab, 0x4, 0x6, 0x2}, 0x1d}}]}, {0x4}, {0xc}, {0xc}}}]}]}, 0x94}}, 0x24008844)
madvise(&(0x7f0000a93000/0x4000)=nil, 0x4000, 0x80000000e)
mremap(&(0x7f0000a96000/0x1000)=nil, 0x1000, 0x800000, 0x3, &(0x7f0000130000/0x800000)=nil)
mlock(&(0x7f0000000000/0x800000)=nil, 0x800000)
mremap(&(0x7f000054e000/0x1000)=nil, 0x1000, 0x3000, 0x3, &(0x7f000022c000/0x3000)=nil)
r4 = bpf$BPF_BTF_LOAD(0x12, 0x0, 0x0)
mmap(&(0x7f0000000000/0xff5000)=nil, 0xff5000, 0x1000002, 0x200000005c831, 0xffffffffffffffff, 0x0)
bpf$PROG_LOAD(0x5, &(0x7f0000000500)={0x3, 0x0, 0x0, 0x0, 0x3, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback=0x15, r4, 0x8, 0x0, 0xff9e, 0x10, 0x0, 0x0, 0x0, 0xffffffffffffffff, 0xfffffffffffffedb, 0x0, 0x0, 0x10, 0x4}, 0x94)
remap_file_pages(&(0x7f0000800000/0x800000)=nil, 0x800000, 0x0, 0x0, 0x0)
bpf$PROG_LOAD(0x5, &(0x7f00000054c0)={0x4, 0x16, &(0x7f0000000180)=ANY=[@ANYBLOB="611230000000000061134c0000000000bf2000000000000015000200071b1750bd030100000000009500000000000000bc26080000000000bf67000000000000070300000fff0700670200000300000016060a000ee600f0bf050000000000000f650000000000006507f4ff02000000070700004c0040001f75000000000000bf54000000000000070500000300f9ffad430100000000009500000000000000050000000000000095000000000000004d9bd591d568253e9988431ec068e3a82983d58719d72183f2cb7f43dd55788be820b236dcb695dbfd737cbf719506d2d6b05fe7030586"], &(0x7f0000000100)='GPL\x00'}, 0x48)
r5 = openat(0xffffffffffffff9c, &(0x7f0000000200)='./cgroup\x00', 0x0, 0x0)
ioctl$TIOCGSID(0xffffffffffffffff, 0x5429, &(0x7f0000000040))
getdents64(r5, &(0x7f0000001f00)=""/4093, 0xffd)
socket$netlink(0x10, 0x3, 0x0)
socket$inet_sctp(0x2, 0x1, 0x84)

1m22.927055365s ago: executing program 0 (id=1324):
bpf$PROG_LOAD(0x5, 0x0, 0x0)
socketpair$unix(0x1, 0x2, 0x0, 0x0)
writev(0xffffffffffffffff, 0x0, 0x0)
prlimit64(0x0, 0xe, 0x0, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f00000001c0)=0x8)
r0 = getpid()
sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2)
sched_setscheduler(r0, 0x2, &(0x7f0000000200)=0x7)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x6770c000)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000100)={<r1=>0xffffffffffffffff, <r2=>0xffffffffffffffff})
connect$unix(r1, &(0x7f000057eff8)=@abs, 0x6e)
sendmmsg$unix(r2, &(0x7f0000000000), 0x651, 0x0)
recvmmsg(r1, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
alarm(0x100000000)

1m18.347539861s ago: executing program 5 (id=1335):
r0 = openat$procfs(0xffffffffffffff9c, 0x0, 0x0, 0x0)
ioctl$SNDCTL_SEQ_THRESHOLD(r0, 0x4004510d, 0x0)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x20000008b}, 0x0)
sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x7)
r1 = getpid()
sched_setscheduler(r1, 0x1, &(0x7f0000000200)=0x7)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={<r2=>0xffffffffffffffff, <r3=>0xffffffffffffffff})
connect$unix(r2, &(0x7f0000000180)=@abs, 0x6e)
sendmmsg$unix(r3, &(0x7f00000bd000), 0x318, 0x0)
recvmmsg(r2, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000200)=0x4)
r4 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000200)={0x18, 0xb, &(0x7f0000000380)=ANY=[@ANYBLOB="18000000000000000000000000000000180100002020000000000000000000007b1af8ff00000000bfa100000000000007010000f8ffffffb702000008000000b703000000000000850000000600000095"], &(0x7f0000000100)='GPL\x00', 0x0, 0x0, 0x0, 0x41100, 0x0, '\x00', 0x0, 0x2}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000540)={&(0x7f0000000300)='rcu_utilization\x00', r4}, 0x10)
r5 = socket(0x11, 0x3, 0x0)
r6 = socket$nl_generic(0x10, 0x3, 0x10)
ioctl$sock_SIOCGIFINDEX(r6, 0x8933, &(0x7f00000005c0)={'gre0\x00', <r7=>0x0})
bind$packet(r5, &(0x7f0000000180)={0x11, 0x0, r7, 0x1, 0x0, 0x6, @dev}, 0x14)
setsockopt$packet_int(r5, 0x107, 0xf, &(0x7f0000000240)=0xe9, 0x4)
sendmsg$netlink(r5, &(0x7f0000002ac0)={0x0, 0x0, &(0x7f0000000000)=[{&(0x7f0000000280)=ANY=[@ANYBLOB="02011400012918000e3580009f0001140000002f0600ac141430e0000003808a8972bd0b72e41082b1a3d206"], 0xdd12}], 0x1}, 0x10)
sendmsg$nl_route(0xffffffffffffffff, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000000140)={&(0x7f00000000c0)=ANY=[@ANYBLOB="200000001000010400000000", @ANYRES32=0x0, @ANYBLOB="0000000001"], 0x20}}, 0x4000040)
r8 = syz_clone(0x0, 0x0, 0x0, 0x0, 0x0, 0x0)
sendto$packet(0xffffffffffffffff, &(0x7f00000000c0)="0e030e00c4e8120006001e0089", 0xd, 0x28000000, 0x0, 0x0)
ptrace(0x10, r8)
ptrace$setregs(0xd, r8, 0x0, &(0x7f00000003c0)="18607651149d7b10b4024fbbdc08899b8f589df2dbb5d7a8d1b36cfab675cb3976ee8100e2878c9cfa178cac130eb046eda93df39ed4b41924dc225ad4028dd63defb87d698be5c749450b350a789dcfc6b2d6a696b5026d1e52f19274566d1da0f353dd65e330ebf71c5e823f2753c5fd76724828ef31b353e71805205c3dceb44cc4c7b3664e29fb")
ptrace$getregset(0x4205, r8, 0x200, &(0x7f0000000080)={&(0x7f00000000c0)=""/112, 0x70})
bpf$MAP_CREATE(0x0, &(0x7f0000000640)=ANY=[@ANYBLOB="17000000000000"], 0x48)

1m16.813995939s ago: executing program 5 (id=1337):
bpf$MAP_CREATE(0x0, 0x0, 0x48)
r0 = openat$binderfs(0xffffffffffffff9c, &(0x7f00000000c0)='./binderfs/binder1\x00', 0x1802, 0x0)
openat(0xffffffffffffff9c, &(0x7f000000c380)='./file0\x00', 0x40, 0x1)
r1 = openat$fuse(0xffffffffffffff9c, &(0x7f00000000c0), 0x42, 0x0)
mount$fuse(0x0, &(0x7f00000020c0)='./file0\x00', &(0x7f0000000100), 0x0, &(0x7f0000002140)=ANY=[@ANYBLOB='fd=', @ANYRESHEX=r1, @ANYBLOB=',rootmode=00000000000000000100000,user_id=', @ANYRESDEC=0x0, @ANYBLOB=',group_id=', @ANYRESDEC=0x0])
read$FUSE(r1, &(0x7f00000021c0)={0x2020, 0x0, <r2=>0x0}, 0x2020)
write$FUSE_INIT(r1, &(0x7f0000000040)={0x50, 0x0, r2, {0x7, 0x1f, 0x0, 0x10400}}, 0x50)
syz_fuse_handle_req(r1, &(0x7f0000008380)="000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000002000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000080000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000dc4e00000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000400000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000ba045abcd5dfc67d000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000230000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000050000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000a000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000008000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000209bfd66eea210560000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000020000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000040000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000001354c4b600", 0x2000, 0x0)
syz_fuse_handle_req(r1, &(0x7f0000004200)="a28096c80abf3543ecde7564abff5085d2227ebcb0f164ae92706ad0b083a3f469a3efd15b4921e9c3063b98b3082068e7c31950dde842eac55df0f991453cad62a6956b0b6f7b8cf49b506a3060fe1127eca99663ade8efa89ee189acb5f3b92f6bc4c46621c803eed0d0bb5f32384870ed08f89d4f74445762fb99715e083c4c92a8878be19ffacc30d0f2da64f971cd40563163adc15670ecf25cd3ad96138967c4b53ad9d04b5193ab5fb674aa0030a9d703d1baf810ce897f969121f142161919e583c275671b999e7f363891dfdfdf3556d01b86ee29eca8fccbfeaf1771395148706cc6e6be7ce29fc9ffef061b5420950c1a525bf75ad06edec51538d1c5bbc77da72dc90fd9998936fffdda2427e5a68966c7e2208f76304680182ec73007e482f034195712af922db2726195d997708734db9e7825a864be00b2a4f800881fc0363f5e618398454f35b148b4ccb88d418269fac868a8ba4a2d5b4f06a1ac01b5ad158b842e05adca22c7372585bf4ce95560b6c1e021a3ed2ff7bd3b6b3c7734c3b66d7e4c460096312082f89b16baa6e73814aa60925780cd92cd65087e260ec046fc363264366a9df2c849c0644911303946adad544521ceb469a3e193ecc9a7876403fac461a4a70d6193b2451189a5c5120b3535e9edf619108af7f517b58abd3fa7fb1ab832213430d2e6901076fba9c9e1acc6c6f48ff0e419bbc45589745a176f52a7407ad5e3dd49acb31b47862806f47077dda04905e45a80a12cbcd4d2dd9fe66c2d1f99394fed8ec60961cd2dc7115a96ece432fac86d51bebb08b95f447a83792fe80291fca7b298c9043ef2c26f0f7e42798d3f54c84b94c24c76c555d83ccc53b99bb22d71845e5cf21a5ba7fbeffeb6306e1730db14561b950a3f24bcfd78d4ab0d97de8054bb1a6077ae7cca6e45d846d3df82298d07212922742cb0facac3b77edfbab90e9ee2d4f7b0ee9b17bb11ec5e5721340d84cb6bd93428167e69b47759172557acda313c3decdfc6fe9336bfade459f43b39d0f2289f9142db280f4ee668e650e12858c577e12e2b9a57ee66c834be97979bcbe94747fa5d8d0b7d3a9f8f218df1bf960f828429a1efe838616b18faf6629236ddbded43a093efae163228e5c38fd7714743c2fcca47e3382bcfb1ab893fd7377527b4ec43f3fa60ebd338161d8de7cad65b15579e4af258f5fe3a63c2637a15703207029b0899b5427767647baef11e291358e6e54f6f13d3d2ca7a5e7969e04d2733b3b9ab822c69a3cfac097384de5071a9b74a656136d55eb190df08747b509fd610ff62b4950ef71c934fe21a48a4931d3d9458b415f112cee65c660f5490e982341da1c58634b3967ca6f3596d20cc90f508382156e36f16539093240ef5f2aa6a2c0dff2a67df30dcf50bf6e0b82a3d49f2d532a8dde1b3ceefcf0837190b74186090d1c18b59917d7efce1adfb238ef4a7b1d22c4cef09320221de883e97e6882466508de06fcdabad3b741bdca2cff879d57ddda52f42b3dcb8a78cfc05826af7e4ff155960ff8491194f4d321ef195990abaeeefdcb852d1e1e3703f317385a9458b6c2dd9db830f757ec29c9939fc7313e639fe485bc1e41ddaaef3fbf1f7cc527c8fad0d21b8082482caad7bee440e5097665f636c3dfec82f8c98afb6243bc3944939675a594277d278ba4361461f7da52e224e4ce5dee4a467bf6ae9f67b61ac6eb0a440406abac2016eec907e241c57f5f44be47290fd0fef785ff04df3810ccd637b4d97a84bae8486a36f75d872e645fe46625969fc2d1f032c56ed44bd98ea27bd9b6ddc8eb2dc2ec9f90f2f1ca1bd20e37ac58b03c84c872f4ba47310654986641460dfdd531ac62a76ad87b89c103ac5c9c2e7e70c66447b3412d4a1e5cbc30e16939505116c04de33ae054ed366de8d1f971c2de439957a194e22a488f58d7efd46439177f3f3c45a1475927eecd846d3d2e6a2ab5c7f8addd99062c2fc6b272d1f51bb8f22f1b6f8bb3faf8aa85e5eb9abf7df5cf8f26267323808b0833a987989cbe59205e7ad06556e2d1b8a4873ca1cbcbc8d43abc145fd4eb832e7a58ab2c793d003ce7b1850ce45eb7480417a1e9eb9d39a1028a2a04a2aa649c098c4f8eee514db5f6021173bb254b8e22b150b2ca01dc7ff235db46ed78d07f43d1adab13b8445d1b32069eb45f9d389fcf5a3f7d3ebe243c5b1fe17b1f5a3d571b65f21b9e471e818172554dc956749b99cb7a5f303ec480d7194a2ba86e204f06aa1becdddc8c49082c527e7064ac2ad77dc05639d3d2a7778f6943ed6105ebf6f0b9e94fddbe05c236ec000f4d1d4e496b10068211ab68ada4c7f7ac61f5f5ba5f1810d5bbe87ff4f8356af0d3f682baedb0ad8f8488b277421f0a03fc5e3095ee34bc4472d8f17e3f7013cf2f79f5ff3ea4b6bae56d1365a33b09bfa9a496323f7da923b7e29dce4beb81035f13130004c96e56d7ef6ca6c101d20c27a218e623227c33c9e488b17e7ae9ac20da8240501f7b614a1730f164553fe479ef149866e4ea47296814284a3d3eb7cbb294289ffb996e0eb053b9c16e54cf267832e3d360eb196ed51305630223309ea97215628f01ec9d3ea48096418d5e962cac5063460f0a18772ec7ce66d14a1cce14b52c40bbbfafccbf1e76f09e57ff0718048e5b993157a6cf4718826b1e09430413a3596a15c4a620fa8c8e1d1663e5739f9f790ddbb3be0e00187d43717d659242467d8681ac10303346157f894d9037641417010e9654c6a5b22263e73a5a37128f50078a980c30930321aa5c5e7851d5d392ddce3a14a96916fa8421ae6728f37f5de7c3e98feb4babd4e1bd2315d595e209d52748f70adc2284fcdaa6ad880470d2a071f3490aaf3491fb64b4547419e8eccdc491a8921156cb4811ad1e66514a32b0b31b641438881f28c1e6461b4f451938999af671e8c6a5cd0c072a9fe4cdbefe24ca616f3d0a15ac97cca835b1a440e04fa28340c6044176c8ecc8ee0d033d47db8a0aacfa0eabdfa1c9509fc2604008f01cbafeb5bd2b503b809ed672340b9a576593f1ef388391b54b605e7a15bef7b1345627a34fca57738b0f8f4f19eea93c903495274a4425a1a1cc6c4c6e335b631df5185c95b485e4257867b5347a40e4e14dcc560f061fd4fd265137dc68afd548adde778f1330f769acb1ccf5da14ff6992c24e210ea6e6179421881b803393bc6974e37106c5b5b3b5d0b3469f8969bffb7e4ceb2c98e928e74366492d27235ae4c74a2f48511aeeaa53a2beafa7a331b50e454c507af1b63350a5cef35668a5b9325014192277e509561008b3601088f79d42eaa8b1e4ae2000b31749e2b8094312ddb7f3c1cd625ef885c11fa22a66e374b52b3425e0b8016154e1fd8471339e32e7373d63ab646d893fbe09ae07b06074c01401ea76b3c382a9d32f24f93c789964e16bc4206ecd75c10917ab84ffd8d6cdf4cd28fd90375ff28518f8c1a3befc538e1b9e427fb671988d29f2fb2fcd039f4d341c84eb4d7cf600ddaba88bb094e4d87a1419180149f491368e648b69985b05ac39a4ecdd3c5135f3a5c8ad7792dacb6470144bb9e67805a211efb3ec9ccaf8e0901345fb19e4da579e1fbe86a1207f4f13c3436009c2c640b7cf3f8b77ca7bd994bf93308027359c6dd1b7db1e153fc0821968ef36c003b6c73fe890f4de24f5c6458dbaaf3819edeaa91783c3cfc7e773689236248195c7bbd60113f2476fa3687621d668d1728ee433d2f8f4db707345d30f1e52ab87a2a0afd547c6b3f0000f59f17facde48f693490e22494b75d11df1a143b85068d143ef6a9bb5937a9df380c8948f1a01e9675e18409edb0f6b9605b68e34632fcce472dc50b90b0f6dcd57931f78e1e8861a0fb62e72b0baad6f9d23c1cfb0f19b25013c8d9fcd786a2f6f79768b5fb398f7b2baa31ce8156d1fc4a46c1c463fdf30360d42aeed2ef11611d0b7f654bb51052fd4dc39328f8ec4c58bbda05e6f1b3c8f6d8adca0268f2410e9a4a7d63b6616006d0e02f6edacc10e5c54fd85f15a8bd7648a293f23d6a699bd9a675250475a73a96d7475e4fabb89fb5e7de5d7a3479aa485c0befc60d0ac4fd5ac6dbecceb06cad86e219fc0ce4720758917811a3215f8d13e413bfb64fc065fc421aede0b56691797dac428c7e463479fa591b9072c309b7533e427c5cc11a1f6cf9a5b995d328d796d874c5b55dfc12a5039b413ce319cf5ba1f355c4e0717d32650b43e18010f37f048731931c52c4f36eb969dda702afe96c2a5241350a67ba2d026946189c5e281293c9a8e2cff3784753f1de78b917101b54e5ab00c045ea15f28a0e3f509962cf8bd3385d85250737eae5c34ece86b86669c13b00308a3b13c0ac3c83ff26fb52a4aa83c1233a9490cb9ca917a056908931751bddb88a62379a713395f0764e4a393faf253a4026d0472270e6036287d56850df1751543484d65b3062155b6300e0024241c59a862ae769c1a9232a2d9fb24705177a09cceb3eefbf9f106f67e01be14cdeb4d2fc7d8661df3e75de5ccd09a7e559f028fb9837c621ea0045b4d1b679067f246339c974631aa7134d4e910efb28d3c48929cef1df7e6c73668762d55086b6c59c36ac90154135fd7ca4e4047dd0aa161fa982d8edf9c0cb9666477e096c55718f6e4742415fefd4f696d1f1ccd6322bc19496ddebd36282a7c707d5b44113e30678e6e33ab7d34be04a59ac614d6a54134490998be02636fa91633d6294781c2b9a54c611c0045cfcfe81f49aa21b29d835cd2047c854486fd8e65a2ebf629f7ced602b9dd107bfde483e5c9b5cbba4a08cdce09920bda9978b7fc2b4a89bf1573a26389e52090fdf5dccf22111dc8c42fd3c8c477092895398086cc22cca665269e193fc650742a361a44b857d258429f701f22e9b7615bc3dab78c1479a41cf8575cdb17169470b347adfc03e03daea3e269725cfc72df5664b9df36d2f2b55013b71133e0b80577a47182511ebb308b6248d457bd2af7b28e77182c305241178c4124ab102771fd5a8c3dacb8775de881301d71587c76bcf0a97a72ad244d0c42fd71aceec32dd48bb5c9a95b391166c832ac5bac8c7cae4d18b3f7d9f2e4782fdf97732e3d51f67bbb57f989ee0d7589dbd0c2a5c63840e914b9d7d720fa120acbffebf816b588b2ccc052e7fa78992e0ea39dd21a122add41195f8e2e1acd777c1a4e8ef4362fef441feb4d9252c6bfbd2742152300a32027776e3341620d3c8d9365e10e81adcca7d87a0e555c98a0353c692557d90ee9be3fbaab766abf93e2462149fd99c92a5fc58d899ee75535cd1fe1386c5ab0b157c2102039d6015258f59cef3f15b951893a30ae839f740402a30b34e7be73796286403c5beb0853d856d83f1b00b48328f56dcb32e1faab08a3435b1482bf18b21c95aefeaafa7fd761c7f28d416fcde06bf7aee5c6e9eb50e55874253ba3f1d0ce2505b4fc7c3fc996bfbb8446bafe84f5bea94bfd7ca5aeaf237fe793b66e5c521d4092e4e1f9bde1dfcfe53fa55005d21cfa833a338fd9792614129336060e10d1911862070761aa20c2902eb7c5a355eff4cf6253d7102a2ca1fead4c53b57d576d104c081310d92797e4e2e8c269d19910d0d4cedf30fa28ba680c00137f83de940624229b6a125ce5233c6cf4a3640b74f58f288dad8451fbe37641c5559a5f3caf1299c8bfb230723652278fe378efd8e459b9da26cffeb58468a6301dbc06d713ba2d8d43d9038f5f2dc8b831ba58a88eeb5b1786b21e398aeeeb7c1f3d6f01d82b3947862fb9e7cbd7da5d04c5fcd34da28d53e2246e3ac1e3a619ad174efa6435eaa0fc94d610799ce0158421dce046306eb5042143daa336d52206b12610ea6389cdda49bf5af1d4ee42ac090a94ae7b7612073f3a5c36a2205eda887f41478f7d20f18667f941f71eebcfa76c1ab28f2a49a3bd56bd3f4e6bd079ab3fe2d94782236e83585a03e52907abaef7456a95d5d3f3d37efdc035dbfd7c41b8ba0af2df8adf1cf24f7ff0beccd3d26bc91caf42314ef7e466f74e19ae0df2e2298fc2f694a7ec134632035585d530e7e19f65c256f001d75382d9825ef741bc213af186377d9ca10d3722354e1897ca5c23ac6a52c9ad0e6b686e1776f7ec65df033e8f4d5db80c1bc354093b319cb70df93d610667675816328c99322f14e636b95f04e6497f139d508b453f53ddb5c289d849fd5407c9bdcefd1642abd46e28cb4e94371bdc606eeb67c9fe17747c68f2d50e82711da4d3edb0eda06f41b7f93fa8fb4d83cf21c79da67000bac2275508217ade1659fa8d24e5f8efb9f4bd21073ebef3d06368eb03fa3cf0d638448bd055ed20d292033ffdba538559c8ff9a2a5c8f83b5c393643d6585d1df994c3be43e72b8f3f53114d2a5f6bcedb573842b23b6a3eb7fca8495bf03bd03fde7b19bd39a16cec49e01f38e671af33cae082d9788e3202799bc466babec2080528d0609c0b731964719093735b4c1e73bd0705637c47516922197c552baeaf3516b5e3bbc2cd1afa3ef8215196ed580d9561092f620b897e98e786a0c7cbb0eedda8063292ba6482497f5f6bb62fb5ab4c97cb7658dc6579718eb97b547fcf47ced1426561af93a15fb4dc6d3d93b868644943c2c94b23b0570bbb81df2666c24f5abccfcdd71e209f3bb43c01d17f9bc8b9af2c26762fc6a741a150b7d1186e4f35175f3c315243e1c11e92c43a1fc492eef5a13c77a81fcf514ebfd0f8e645dae15a07e86b2f01fda065db4505a5eea83cb616f744f6bee731be191c65449c02603556d5a51422cf9c2f19f8d6843e0c1091e0708aa271e91f71c8602b9fa72189e036b7cb6af1569f21269283de94a6d7fe5849fd433d5b719c80419873db0587fc29786cc598d896fb16360bddd2ce12e54d05418f4f5e5f2d7aafe9fcd6268cbe2e9e6329ffb6c67fab8f3ce673028cc06aaa6b857556bba3b44d3fab5b6e875e70a2f3ad4b2ff76f31ead3462d3801ba373b3c2f545e94f57021575e2947f81f53283fc0a5137fd44fa3d074c92de54a0a3465c858f5a7ef08313faddbc3663e4e0167f3cba39612057a7518fbfb031f5ad0f9f75831973ebd733b82e554bf3fdec84e51f65dab6028c6c51366d9d4700fdf255e4c7bd70766e7f2281b3f2a5363f85ce49f9135904d14bcb117ad754c2594dcdca2d30e40ff265b5accfb116f64ed99aad570c4c5a91efdbb984ac651d8721405a0342cf77f448c17a152eabf29e88950558a86d0074e1cefab1eb7c366682f686ee1338737e675ea58eb8b4c86b9f28a6f6e96459f29e3b4dc59ff044c61a0dcc5c31d803e6e98420e446229ccdec3d0f705e92ffe016bb3696373eadab7f35ccf65ab4d9be09a085ce21bbd7c0555376e4d7fe68b5e7a64f48b5127825fb2be598d991f9c1a54bf52713417dcc599e812d85513a537e6eafa738edc972b67e065595d11678449bce6cd3d69800a649b560d0e057c502ca3e72e97820829ecfea801192c3f4e2c8763c095a43ee6fe45fe8730130937668df1d4ee577ada28238be03286481f2d2a004cc4d48856e71fbd64f1a0043a4520ecbbf1b3abdc96b87a27be8495a20542967aa4cd3a44a11502419a083d84e97abfde0901b66dde48388649a0ed6d93b9f20c530e990c7c52370a114d800d6ab3f6687d6bbc105b63738fe05fa6cac98ad6663936bb18cb923264e44312c24c2ce8e642bb73c921012b68a26a70977446b8f15f9d62467d8b356560c183a6bd6cd76ec868c3bd94a595cd7bf996755a508a814980c5e588b275200c45afd900c8c2de329ec2484b0e3ecd7b0960e5e3425881d1ff7f8bd8b20f5cc98ffc3acb77f5e88775a4bd3ab9f9eb027e27d3af55ebdf4eebab48ea911128d668d00fc3f5b5480aa0d9a4af563ba577384448e5425157133d59e1cef3c722f33700bd372825046b1fa5824e405154a3af1440bc2b75acfbd07cf92e8c162587e74b5ab66b1c6aeab3ad5fa3ee91da4900ef30ad04baea326df912517dd96e1696b4a91faa66675978a375e81f25464a1073dc6737af08d7e25956bb31d438548a7da38662d49db812a8cf1d6cc65f5c63879fd9ee7fd2a66ca3fc1a748cb239aab88c87206470b4c60592afeb6d69ed97a8f990155862ba4e22b64804142c131a23792937aa8a8696e165c24d7692a04bb4471b0f0d2507fe7c8618421428fc7a0acc984ca5cc6bacb772e8a717bbaa646f9643275910a6037afaf5a80678d18edda138a4e13d06d04a5d06431eab48738225cf1567e960e765728dc12e91b91c6f2b33dfb6e033aa68c1c2334d24335abc4a7a1df5636dec29091da54d5f5a1fff41e4a35a0c2f04f968f7d78e2f51c73577e2192bb20f289aaba5a175c2ed533855bd9ed9a842ad482136dd5e0cf45eb5e2d31ff62a3be1cf8a94a58316e74f4ab9fc54f3a0bb83beef0f355993bdea2c83e61cdc796bf2564ae51fae616799e8711998cd88d35cd9824452fdd65226174b46792cb87f4dd282e4e6f67eb66da413ad877ed6ce775f7e19bc93f48bb9e5ec04009de3c042aeacf7f4b25ad6b30e017303f64fe07ac79e8744aab6926d117f13513d0469cef335fe1d0d787c2d0b2c031a9521786ac10e9f8b768271680337f2c3262abdccb5d3107c632bf1f74c83ee91f49988222fb080cc8faa9b1a02526d8b6087e0b2354173d29016b3309587c16f057dd812aa63c3169150de81f3af97d082a8f8da4ce4f909ff649821d7f96d97613552e8cc4902e046ecfa329b1d980ff5ece69b8f1615fdff5244f41cec0af924624ae1641ecae5fa26c5fb9006e57100ee71377ced7c255ae17a0845e2ee0287c62c1852f93877f9f86157ca9675d383fff5cd6f2b001ec0136c07cf37f5ace1853122c2baa1092d418e2a490c4a5c8f56b828ce1bafeef4e77f095d6b4ed99d56f66812cb19be540ebe5d52e7eff2d69cbb8477e11514f7e3604bf9999f78c2f1ca6f60a2216b87fa0f25269c425b7d50709b200912b3b7899c95e12d6e9c4dacc19e327721860e0477a53e6793fbb7fb9704a848f395f48c24a6e79b9e1358cc3497251de88b8d3a7b22c6d8af1a7fab81530d9f0cc98f62debb222b54780d89794238532717b447d71b46a60ed481c21db85b590b31720009695ecffd4ef029964e5d5149622233ac013e960a005c924f73ea82c318455546c53d74aa3f7e2ff26aa074c40a55aba8b08027fc19b596eec6c4f89bae39e74b9aad88344f7cc5ad3eefa5095f2ab47222e9a357ecd71c6700ac576025201490d9e446603dfd4bda7617dd500981b2d2ab8c43882a5208494cb3f8ebc720bca8a7cf6c80bd7aaaf89507bb3412ea490a78973f12cc30413e9df1458917ea3d68b438d424c1314bc8d01939c5a5a842438281e62d0c800dee704b2a6cd3e1e4b885a6b26b894a98765fa3308c9e4b87f93625faecdb17c29a27cd243bf6030a67874ec9f2443cf8154261ac2a834c01cbe1f314ee7aa3ca552e1648cf8b42a63f249e3538026e09e44d69dc259adb0d1a0cbccb5a5dd5d0dccc90d023da79d5634188ff060f7e35a5f9d7ad99546824d63975d4452de876093f4e997dc46eedcd80a9eebf5e4f077fbb10c7d9e19a3419e7b845972a3b62613c5404a209b16fa88e0ff49d7b4f21fecc1f773c5b4be61021e0cab8602c6e8257649303aaeafcbb178e7a460ff07f219c46eb6fe5bf8113723e454003bd707767c107daf4255751daaf8decf35262640058924eb6587868b2c08230b317e97396ebc928ba8d274ca0eed0bfcb637676003c64e8c1e1a0420b6c96a44226061ced41b8448382abd2f3d0c472afcde231fbc9ee90c2f1132f8e2391246f95ad93354c7460e20de996ad0f61b13b27646887a637cede90b94b7d8c3130f0fe060e8d955c711a2700b302a75bdeb32a0a6802ea795cb114f5f82a1a381a86bbff88b299e47728b746dff964c94c52b661b9429376b1320b46081426b7c340206dc0da151bf84be2a49e78b6b5938753d2b1be8d9e67c43c5d70e72519f5f90d9f95e84ee38f82b191ac4d968b0a37901fd923cb289d585693ac3c3f8a94fca6df45e694e199a9cd0b1bc1fa7394bcc96aae670dca6605a998793b7e067ac410ba631057b8b76fcbe9524df820c02efef1608b743cd2aa6d60d3d8e476fa12d3acc329f8272b087d89471177ed531fec1f9c24a975ca2fcd8c246a33e291a3f00b7f234052067a0059c86762475256bb5e7dac6f121a0925506b18933c6e314915d4b3b2130aafc2483ef22ff8bb7b887565b1bd22fabca22037d8fc9437f675c5313526266f60bb7c7c47f30c7d567ed142ea5ec367c4298328d20e5344f01c0c90cf8a6302f4d84b6ba7495fba314a05ba29b63bb6d458fdb05a4411136958309f418fb178e19aa09ff9e62b29732fb2986c96e738f7a688cb2122dbb8f2ad9a5f28bc49ec0c462413552afee8e403259b55ad6dc334dde7f2d306929dd01f2aa6036cafd41874522689301b81c9e50e86828894140356db0a3317b081ed9d8148c41e77e6bda6287762532b86eb91f5480915680deb8a91fb8656b7f0109064865d2b846af0861f67d3f720d6e306540cd7b68f095ef3690b88ea93fb6a402ff5697597cda83171f159e85307d1a8c01611189bd4eb4f0453ab88d43ae181a562a76902a67c687514079d6f4304d9a7c0fa24b6e86074ea0a9fd8187c120312078f5ebfa674adc0303734bf8f6b5585943706594192ad24c9f7d9794fb83758924f862855ddd50bff58b522c43d73c03289baec628cd693cab93101b1e473b76532510e10f03e86812fea6f2d6f5467dcf29e6d7cf8524f383a0ded3f0951c3ffb171a6b8a6d97b5fa8899a19f1a3d0e934a1d4741076e4394ba225158f697bf7d5651717c6950229a0be22e8120d76a414edbcd03d505264b7ede8272ccbd6dbdcebaf11daf6a652f6f9eb74ba7a3ecc942892891388005ae5d971e4e79d696564906dffd44845b704a9abc2fa5ba1bb69a548423a08044ad6d0e365db7e6bea0f3844a452759716cb98dcf326001ec90c1c343174098cdf47ea2e13341058ca014d2a30e9ba3c526de72a6e387181bf76a278c9cbc518d8c374a3f1d9802a39464a100903dbec16f8f095f5d82d9d09507281e4f7fe0ce4fbeced193902a5f658af2a4c1d0952dabdc6ae5830b6b5a2c3f5b8d33a73665990822e5f4a7ce5366755a1615543bdf78299c71e890e0bedb6ec277b10a389d6a3ba9c037221421279e51ab50fb115de2076cc99444202e88ebd9d0fbe4e60234b7b761495ac6c9e615ddac8176164a88fb6d6cc2b52672c8949afe3efc1e87a598896bc93e421423844fcaafe65af898a015b3bcaf623ebeef9a57155af5278ceb52b995f7ca466d9e18b05e86380679e0257cff6d0c6750078462f2ee4701d6d8289ed848b877cf5918625b7937060d667c11119881c30809056892352c6c53c01e395af6866ea350e6f21fa3db772c1177c759999973b51e11ffc5908", 0x2000, &(0x7f0000000240)={0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, &(0x7f0000000540)={0x78, 0x0, 0x0, {0x0, 0x0, 0x0, {0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x200000, 0x8000}}}, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0})
r3 = openat(0xffffffffffffff9c, &(0x7f0000000180)='./file0\x00', 0x101001, 0x0)
writev(r3, &(0x7f0000000000)=[{&(0x7f0000000cc0)="e1", 0x56000}], 0x1)
umount2(&(0x7f0000000380)='./file0\x00', 0x1)
close_range(r0, 0xffffffffffffffff, 0x0)

1m16.259412183s ago: executing program 5 (id=1339):
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x9}, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000080)=0x8)
r0 = getpid()
sched_setscheduler(r0, 0x2, &(0x7f0000000200)=0x7)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={<r1=>0xffffffffffffffff, <r2=>0xffffffffffffffff})
connect$unix(r1, &(0x7f000057eff8)=@abs, 0x6e)
sendmmsg$unix(r2, &(0x7f0000000000), 0x651, 0x0)
recvmmsg(r1, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
r3 = bpf$MAP_CREATE(0x0, &(0x7f00000009c0)=ANY=[@ANYBLOB="0a00000004000000fd0f000007", @ANYBLOB, @ANYRES32=0x0], 0x48)
r4 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32=r3, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b704000000000000850000000100000095"], &(0x7f0000000900)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000200)={&(0x7f0000000180)='sched_switch\x00', r4}, 0x10)
r5 = socket$nl_route(0x10, 0x3, 0x0)
sendmsg$nl_route_sched(r5, &(0x7f0000000300)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000001640)=@newtaction={0xb4, 0x30, 0x1, 0x2, 0x25dfdbfc, {}, [{0xa0, 0x1, [@m_police={0x30, 0x1, 0x0, 0x0, {{0xb}, {0x4, 0x2, 0x0, 0x1, [[]]}, {0x4}, {0xc}, {0xc}}}, @m_police={0x6c, 0x2, 0x0, 0x0, {{0xb}, {0x40, 0x2, 0x0, 0x1, [[@TCA_POLICE_TBF={0x3c, 0x1, {0x1, 0x0, 0x401, 0x1, 0x0, {0x0, 0x0, 0x0, 0x401}}}]]}, {0x4}, {0xc}, {0xc}}}]}]}, 0xb4}, 0x1, 0x0, 0x0, 0x8010}, 0x2000000)

1m16.223457827s ago: executing program 0 (id=1340):
r0 = bpf$MAP_CREATE_CONST_STR(0x0, &(0x7f0000000240)=ANY=[@ANYBLOB="02000000040000000800000001"], 0x48)
bpf$PROG_LOAD(0x5, &(0x7f0000000840)={0xc, 0x1c, &(0x7f0000000d80)=ANY=[@ANYBLOB="18080000e9ff0000000000000000000018110000", @ANYRES32=r0, @ANYBLOB="0000000000000000b702000014000000b70300002bb91a008500000008000000bc0900000000000045080100002000009500000000000000b7020000000000007b9af8ff00000000b5090000000000007baaf0ff00000000bf2700000000000007080000fffdffffbfa400000000000007040000f0ffffffc40200000800000018220000", @ANYRES32=r0, @ANYBLOB="0000000000000000b7050000080000004608efff76000000bf9800000000000056090000000000008500000000020800b700000000000000"], &(0x7f0000000000)='syzkaller\x00', 0x0, 0x0, 0x0, 0x40f00, 0x0, '\x00', 0x0, @fallback, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)

1m15.177287919s ago: executing program 0 (id=1341):
madvise(&(0x7f0000000000/0x800000)=nil, 0x800000, 0xe)
r0 = bpf$MAP_CREATE(0x0, &(0x7f0000001fc0)=ANY=[@ANYBLOB="19000000040000000800000008"], 0x48)
bpf$PROG_LOAD(0x5, &(0x7f00000006c0)={0x11, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="180000000000000000000000000001b518110000", @ANYRES32=r0, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b70400000000000085"], 0x0, 0x0, 0x0, 0x0, 0x40f00, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
r1 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback=0x20, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f00000002c0)={&(0x7f0000000000)='tlb_flush\x00', r1}, 0x10)
mlock(&(0x7f0000000000/0x800000)=nil, 0x800000)
munlockall()
madvise(&(0x7f0000000000/0x600000)=nil, 0x600002, 0x8)
madvise(&(0x7f00003ff000/0x2000)=nil, 0x2000, 0xa)
madvise(&(0x7f0000000000/0x600000)=nil, 0x600000, 0x15)

1m14.820010338s ago: executing program 5 (id=1343):
prlimit64(0x0, 0xe, &(0x7f00000007c0)={0x8, 0x88}, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000080)=0x8)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
openat$sequencer(0xffffffffffffff9c, &(0x7f0000000300), 0x0, 0x0)
r0 = syz_open_dev$sndmidi(&(0x7f00000004c0), 0x2, 0x141102)
writev(r0, &(0x7f0000000840)=[{&(0x7f00000002c0)="94", 0xf000}, {0x0}], 0x2)
r1 = syz_clone(0x2080, 0x0, 0x0, 0x0, 0x0, 0x0)
getpriority(0x1, r1)
r2 = socket$netlink(0x10, 0x3, 0x0)
r3 = socket(0x10, 0x803, 0x0)
sendmsg$IPVS_CMD_SET_INFO(r3, &(0x7f0000000b00)={0x0, 0x0, &(0x7f0000000ac0)={0x0, 0x14}}, 0x0)
getsockname$packet(r3, &(0x7f0000000100)={0x11, 0x0, <r4=>0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000200)=0x14)
sendmsg$nl_route(r2, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000380)=ANY=[@ANYBLOB="3c0000001000850600"/20, @ANYRES32=r4, @ANYBLOB="01000000000000001c0012000c000100626f6e64000000000c0002000800010006"], 0x3c}}, 0x0)
sendmsg$nl_route(r2, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000300)={&(0x7f0000000140)=@newlink={0x3c, 0x10, 0xffffff1f, 0x0, 0x1, {}, [@IFLA_LINKINFO={0x14, 0x12, 0x0, 0x1, @veth={{0x9}, {0x4, 0x2, 0x0, 0x1, @void}}}, @IFLA_MASTER={0x8, 0xa, r4}]}, 0x3c}, 0x1, 0x0, 0x0, 0x40000}, 0x0)
syz_genetlink_get_family_id$nl80211(&(0x7f0000000080), 0xffffffffffffffff)
socket$inet6_udplite(0xa, 0x2, 0x88)
socket$nl_generic(0x10, 0x3, 0x10)
r5 = syz_open_dev$media(&(0x7f0000000380), 0x0, 0x0)
r6 = syz_open_dev$media(&(0x7f0000000380), 0x0, 0x0)
ioctl$MEDIA_IOC_ENUM_LINKS(r6, 0xc0287c02, &(0x7f0000000100)={0x80000000, 0x0, &(0x7f0000000200)=[{}, {{}, {<r7=>0x80000000}}]})
ioctl$MEDIA_IOC_ENUM_ENTITIES(r5, 0xc1007c01, &(0x7f0000000500)={r7})

1m13.595567949s ago: executing program 0 (id=1344):
writev(0xffffffffffffffff, &(0x7f00000001c0)=[{&(0x7f0000000000)="480000001500190a20ffff7fffffff5602113e850e1de097", 0x18}], 0x1)
r0 = socket$inet6(0x10, 0x3, 0x0)
sendmsg$nl_route(0xffffffffffffffff, &(0x7f0000000140)={0x0, 0x0, &(0x7f0000000100)={&(0x7f0000000000)=ANY=[@ANYBLOB="2c00000019000100000000000000000002180000"], 0x2c}}, 0x0)
sendto$inet6(r0, 0x0, 0x0, 0x800, 0x0, 0x0)

1m13.035976974s ago: executing program 0 (id=1345):
r0 = socket(0x2a, 0x2, 0x0)
getsockname$packet(r0, &(0x7f0000000200)={0x11, 0x0, <r1=>0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000001480)=0x14)
sendmsg$nl_route_sched(0xffffffffffffffff, &(0x7f00000002c0)={0x0, 0x0, &(0x7f0000000280)={&(0x7f0000001000)=@newqdisc={0x24, 0x24, 0xf0b, 0x0, 0x0, {0x0, 0x0, 0x0, r1, {}, {0xffff, 0xffff}, {0x0, 0xfff1}}}, 0x24}}, 0x0)
sendmsg$IPCTNL_MSG_CT_NEW(0xffffffffffffffff, &(0x7f0000000300)={0x0, 0x0, 0x0}, 0x0)
sendmsg$nl_route_sched(0xffffffffffffffff, &(0x7f0000000340)={0x0, 0x0, &(0x7f00000000c0)={&(0x7f0000001500)=@newtfilter={0x7c, 0x2c, 0x605, 0x70bd2a, 0x0, {0x0, 0x0, 0x0, r1, {0x0, 0xffe0}, {}, {0x5, 0x2}}, [@filter_kind_options=@f_cgroup={{0xb}, {0x4c, 0x2, [@TCA_CGROUP_ACT={0x48, 0x1, [@m_ct={0x44, 0x1, 0x0, 0x0, {{0x7}, {0x1c, 0x2, 0x0, 0x1, [@TCA_CT_PARMS={0x18, 0x1, {0x10, 0x7ff, 0x6, 0x1, 0xff}}]}, {0x4}, {0xc, 0x7, {0x0, 0x1}}, {0xc, 0x8, {0x0, 0x2}}}}]}]}}]}, 0x7c}}, 0x20004084)
r2 = socket$netlink(0x10, 0x3, 0x0)
sendmmsg(r2, &(0x7f00000002c0), 0x40000000000009f, 0x0)

1m12.772948766s ago: executing program 0 (id=1347):
prlimit64(0x0, 0xe, &(0x7f0000000040)={0x8, 0x8b}, 0x0)
sched_setscheduler(0x0, 0x2, 0x0)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={<r0=>0xffffffffffffffff, <r1=>0xffffffffffffffff})
connect$unix(r0, &(0x7f000057eff8), 0x6e)
sendmmsg$unix(r1, &(0x7f0000000000), 0x651, 0x0)
recvmmsg(r0, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
pipe(&(0x7f0000000380)={0xffffffffffffffff, <r2=>0xffffffffffffffff})
r3 = socket$inet_tcp(0x2, 0x1, 0x0)
setsockopt$inet_tcp_int(r3, 0x6, 0x10000000013, &(0x7f0000000180)=0x1, 0x4)
setsockopt$inet_tcp_int(r3, 0x6, 0x14, &(0x7f00000000c0)=0x100000001, 0x4)
connect$inet(r3, &(0x7f0000000300)={0x2, 0x0, @remote}, 0x10)
sendto$inet(r3, &(0x7f0000000200)="e1", 0xfea8, 0x0, 0x0, 0x0)
splice(r3, 0x0, r2, 0x0, 0xfea8, 0xa)

1m12.699641669s ago: executing program 5 (id=1348):
r0 = openat$procfs(0xffffffffffffff9c, 0x0, 0x0, 0x0)
ioctl$SNDCTL_SEQ_THRESHOLD(r0, 0x4004510d, 0x0)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x20000008b}, 0x0)
sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x7)
r1 = getpid()
sched_setscheduler(r1, 0x1, &(0x7f0000000200)=0x7)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={<r2=>0xffffffffffffffff, <r3=>0xffffffffffffffff})
connect$unix(r2, &(0x7f0000000180)=@abs, 0x6e)
sendmmsg$unix(r3, &(0x7f00000bd000), 0x318, 0x0)
recvmmsg(r2, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000200)=0x4)
r4 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000200)={0x18, 0xb, &(0x7f0000000380)=ANY=[@ANYBLOB="18000000000000000000000000000000180100002020000000000000000000007b1af8ff00000000bfa100000000000007010000f8ffffffb702000008000000b703000000000000850000000600000095"], &(0x7f0000000100)='GPL\x00', 0x0, 0x0, 0x0, 0x41100, 0x0, '\x00', 0x0, 0x2}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000540)={&(0x7f0000000300)='rcu_utilization\x00', r4}, 0x10)
r5 = socket(0x11, 0x3, 0x0)
r6 = socket$nl_generic(0x10, 0x3, 0x10)
ioctl$sock_SIOCGIFINDEX(r6, 0x8933, &(0x7f00000005c0)={'gre0\x00', <r7=>0x0})
bind$packet(r5, &(0x7f0000000180)={0x11, 0x0, r7, 0x1, 0x0, 0x6, @dev}, 0x14)
setsockopt$packet_int(r5, 0x107, 0xf, &(0x7f0000000240)=0xe9, 0x4)
sendmsg$netlink(r5, &(0x7f0000002ac0)={0x0, 0x0, &(0x7f0000000000)=[{&(0x7f0000000280)=ANY=[@ANYBLOB="02011400012918000e3580009f0001140000002f0600ac141430e0000003808a8972bd0b72e41082b1a3d206"], 0xdd12}], 0x1}, 0x10)
sendmsg$nl_route(0xffffffffffffffff, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000000140)={&(0x7f00000000c0)=ANY=[@ANYBLOB="200000001000010400000000", @ANYRES32=0x0, @ANYBLOB="0000000001"], 0x20}}, 0x4000040)
r8 = syz_clone(0x0, 0x0, 0x0, 0x0, 0x0, 0x0)
sendto$packet(0xffffffffffffffff, &(0x7f00000000c0)="0e030e00c4e8120006001e0089", 0xd, 0x28000000, 0x0, 0x0)
ptrace(0x10, r8)
ptrace$setregs(0xd, r8, 0x0, &(0x7f00000003c0)="18607651149d7b10b4024fbbdc08899b8f589df2dbb5d7a8d1b36cfab675cb3976ee8100e2878c9cfa178cac130eb046eda93df39ed4b41924dc225ad4028dd63defb87d698be5c749450b350a789dcfc6b2d6a696b5026d1e52f19274566d1da0f353dd65e330ebf71c5e823f2753c5fd76724828ef31b353e71805205c3dceb44cc4c7b3664e29fb")
bpf$MAP_CREATE(0x0, &(0x7f0000000640)=ANY=[@ANYBLOB="17000000000000"], 0x48)

1m11.685388292s ago: executing program 5 (id=1350):
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
socketpair$unix(0x1, 0x3, 0x0, &(0x7f0000000080)={<r0=>0xffffffffffffffff, <r1=>0xffffffffffffffff})
connect$unix(r0, &(0x7f000057eff8)=@file={0x0, './file0\x00'}, 0x6e)
prctl$PR_SET_SYSCALL_USER_DISPATCH_OFF(0x3b, 0x0)
sendmmsg$unix(r1, &(0x7f00000bd000), 0x318, 0x0)
recvmmsg(r0, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
r2 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000100), 0x100480, 0x0)
r3 = ioctl$KVM_CREATE_VM(r2, 0xae01, 0x0)
write(0xffffffffffffffff, &(0x7f0000000000), 0x0)
ioctl$KVM_SET_USER_MEMORY_REGION(r3, 0x4020ae46, &(0x7f0000000400)={0x0, 0x0, 0x0, 0x20002000, &(0x7f0000000000/0x2000)=nil})
fcntl$lock(0xffffffffffffffff, 0x25, &(0x7f0000000140)={0x2, 0x2, 0xc, 0x5})
r4 = ioctl$KVM_CREATE_VCPU(r3, 0xae41, 0x0)
ioctl$KVM_SET_GUEST_DEBUG(r4, 0x4048ae9b, &(0x7f0000000300)={0x4376ea830d4d549b, 0x0, [0x8000000000000001, 0x8, 0x0, 0x3, 0x10001, 0x64, 0x5, 0x10007ffffe]})
ioctl$KVM_RUN(r4, 0xae80, 0x0)

51.783420402s ago: executing program 33 (id=1347):
prlimit64(0x0, 0xe, &(0x7f0000000040)={0x8, 0x8b}, 0x0)
sched_setscheduler(0x0, 0x2, 0x0)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={<r0=>0xffffffffffffffff, <r1=>0xffffffffffffffff})
connect$unix(r0, &(0x7f000057eff8), 0x6e)
sendmmsg$unix(r1, &(0x7f0000000000), 0x651, 0x0)
recvmmsg(r0, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
pipe(&(0x7f0000000380)={0xffffffffffffffff, <r2=>0xffffffffffffffff})
r3 = socket$inet_tcp(0x2, 0x1, 0x0)
setsockopt$inet_tcp_int(r3, 0x6, 0x10000000013, &(0x7f0000000180)=0x1, 0x4)
setsockopt$inet_tcp_int(r3, 0x6, 0x14, &(0x7f00000000c0)=0x100000001, 0x4)
connect$inet(r3, &(0x7f0000000300)={0x2, 0x0, @remote}, 0x10)
sendto$inet(r3, &(0x7f0000000200)="e1", 0xfea8, 0x0, 0x0, 0x0)
splice(r3, 0x0, r2, 0x0, 0xfea8, 0xa)

50.908564501s ago: executing program 34 (id=1350):
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
socketpair$unix(0x1, 0x3, 0x0, &(0x7f0000000080)={<r0=>0xffffffffffffffff, <r1=>0xffffffffffffffff})
connect$unix(r0, &(0x7f000057eff8)=@file={0x0, './file0\x00'}, 0x6e)
prctl$PR_SET_SYSCALL_USER_DISPATCH_OFF(0x3b, 0x0)
sendmmsg$unix(r1, &(0x7f00000bd000), 0x318, 0x0)
recvmmsg(r0, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
r2 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000100), 0x100480, 0x0)
r3 = ioctl$KVM_CREATE_VM(r2, 0xae01, 0x0)
write(0xffffffffffffffff, &(0x7f0000000000), 0x0)
ioctl$KVM_SET_USER_MEMORY_REGION(r3, 0x4020ae46, &(0x7f0000000400)={0x0, 0x0, 0x0, 0x20002000, &(0x7f0000000000/0x2000)=nil})
fcntl$lock(0xffffffffffffffff, 0x25, &(0x7f0000000140)={0x2, 0x2, 0xc, 0x5})
r4 = ioctl$KVM_CREATE_VCPU(r3, 0xae41, 0x0)
ioctl$KVM_SET_GUEST_DEBUG(r4, 0x4048ae9b, &(0x7f0000000300)={0x4376ea830d4d549b, 0x0, [0x8000000000000001, 0x8, 0x0, 0x3, 0x10001, 0x64, 0x5, 0x10007ffffe]})
ioctl$KVM_RUN(r4, 0xae80, 0x0)

9.534870801s ago: executing program 1 (id=1436):
r0 = socket$kcm(0x10, 0x2, 0x10)
sendmsg$kcm(r0, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000480)=[{&(0x7f0000000000)="1400000010003507d25a806f8c6394f90324fc60", 0x14}], 0x1}, 0x0)
recvmsg$kcm(r0, &(0x7f0000000380)={0x0, 0x0, &(0x7f0000000080)=[{&(0x7f0000000500)=""/4096, 0x1000}], 0x1}, 0x0)
r1 = socket$kcm(0x10, 0x3, 0x10)
sendmsg$kcm(r1, &(0x7f0000000000)={0x0, 0xffffff0a, &(0x7f0000000080)=[{&(0x7f0000000040)="c018030031000b12d25a80648c2594f90124fc60100c084002200600053582c137153e370248078000f01700d1bd", 0x33fe0}], 0x1}, 0x0)

7.300538987s ago: executing program 1 (id=1438):
r0 = openat$tun(0xffffffffffffff9c, &(0x7f0000000100), 0x0, 0x0)
ioctl$TUNSETIFF(r0, 0x400454ca, &(0x7f0000000040)={'syzkaller0\x00', 0x2})
r1 = openat$tun(0xffffffffffffff9c, &(0x7f0000000400), 0x701203, 0x0)
close(r1)
r2 = socket$nl_generic(0x10, 0x3, 0x10)
r3 = syz_genetlink_get_family_id$tipc(&(0x7f00000000c0), r2)
sendmsg$TIPC_CMD_ENABLE_BEARER(r2, &(0x7f00000002c0)={0x0, 0x0, &(0x7f0000000280)={&(0x7f0000000680)=ANY=[@ANYBLOB='8\x00\x00\x00', @ANYRES16=r3, @ANYBLOB="010000000d0000000000010000000000000001410000001c001700000000000000006574683a73797a6b616c6c657230"], 0x38}}, 0x0)
ioctl$SIOCSIFHWADDR(r1, 0x8914, &(0x7f0000002280)={'syzkaller0\x00', @multicast})
r4 = openat$tun(0xffffffffffffff9c, &(0x7f0000000080), 0x100, 0x0)
close(r4)
r5 = socket$unix(0x1, 0x1, 0x0)
r6 = socket$nl_route(0x10, 0x3, 0x0)
ioctl$sock_SIOCGIFINDEX(r5, 0x8933, &(0x7f0000000100)={'syzkaller0\x00', <r7=>0x0})
sendmsg$nl_route_sched(r6, &(0x7f0000000000)={0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x20000001}, 0x0)
sendmsg$nl_route_sched(r6, &(0x7f0000000200)={0x0, 0x0, &(0x7f0000000140)={&(0x7f00000005c0)=@newqdisc={0x38, 0x24, 0x4ee4e6a52ff56541, 0x70b923, 0x80000, {0x0, 0x0, 0x0, r7, {}, {0xffe0, 0xb}, {0x2, 0xb}}, [@qdisc_kind_options=@q_fq={{0x7}, {0xc, 0x2, [@TCA_FQ_PLIMIT={0x8}]}}]}, 0x38}, 0x1, 0x0, 0x0, 0x2000c061}, 0x4008000)
ioctl$SIOCSIFHWADDR(r4, 0x8922, &(0x7f0000002280)={'syzkaller0\x00', @random="2b0100004ec6"})

5.23853176s ago: executing program 1 (id=1443):
r0 = socket$l2tp6(0xa, 0x2, 0x73)
setsockopt$sock_int(r0, 0x1, 0x29, &(0x7f00000001c0)=0x5, 0x4)
bind$l2tp6(r0, &(0x7f0000000000)={0xa, 0x0, 0x0, @empty}, 0x20)
syz_emit_ethernet(0x8e, &(0x7f0000000300)=ANY=[@ANYBLOB="aaaaaaaaaaaa1acd1f78800d86dd608a37f200587300fe8000000000000000000000000000bbfe8000", @ANYRES8], 0x0)
prlimit64(0x0, 0xe, &(0x7f0000000000)={0x8, 0x88}, 0x0)
ioperm(0x80, 0x4, 0x4)
syslog(0x4, 0x0, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000180)=0x1)
r1 = syz_open_dev$MSR(&(0x7f00000001c0), 0x0, 0x0)
read$msr(r1, &(0x7f0000019680)=""/102392, 0x18ff8)
r2 = socket(0x2000000000000021, 0x2, 0x10000000000002)
sendmsg$nl_generic(r2, &(0x7f0000000080)={0x0, 0x0, &(0x7f00000000c0)={0x0}, 0x1, 0x0, 0x0, 0x20040000}, 0x20044800)
connect$rxrpc(r2, &(0x7f0000000280)=@in4={0x21, 0x0, 0x2, 0x10, {0x2, 0x4e24, @broadcast}}, 0x24)

4.280665371s ago: executing program 2 (id=1445):
r0 = socket$inet6(0xa, 0x2, 0x0)
connect$inet6(r0, &(0x7f00000002c0)={0xa, 0x4e24}, 0x1c)
sendmmsg(r0, &(0x7f00000092c0), 0x4ff, 0x97ff)

3.773401358s ago: executing program 4 (id=1446):
r0 = fsopen(&(0x7f00000001c0)='ramfs\x00', 0x0)
fsconfig$FSCONFIG_CMD_CREATE(r0, 0x6, 0x0, 0x0, 0x0)
fsmount(r0, 0x0, 0x0)
open_tree(0xffffffffffffff9c, &(0x7f0000000640)='\x00', 0x81901)

3.645989501s ago: executing program 2 (id=1447):
bpf$PROG_LOAD(0x5, &(0x7f00000054c0)={0x16, 0x16, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @flow_dissector}, 0x94)
r0 = syz_genetlink_get_family_id$nl80211(&(0x7f0000000040), 0xffffffffffffffff)
r1 = socket$nl_generic(0x10, 0x3, 0x10)
r2 = socket$nl_generic(0x10, 0x3, 0x10)
ioctl$sock_SIOCGIFINDEX_80211(r2, 0x8933, &(0x7f0000000380)={'wlan0\x00', <r3=>0x0})
sendmsg$NL80211_CMD_SET_MAC_ACL(r1, &(0x7f0000000840)={0x0, 0x0, &(0x7f0000000800)={&(0x7f00000001c0)=ANY=[@ANYBLOB="1c000000", @ANYRES16=r0, @ANYBLOB="010025bd7000fddbdf255d00000008000300", @ANYRES32=r3], 0x1c}, 0x1, 0x0, 0x0, 0x40}, 0x10)

3.269766281s ago: executing program 4 (id=1448):
r0 = socket$nl_generic(0x10, 0x3, 0x10)
r1 = socket$nl_generic(0x10, 0x3, 0x10)
r2 = syz_genetlink_get_family_id$nl80211(&(0x7f0000000080), r1)
ioctl$sock_SIOCGIFINDEX_80211(r1, 0x8933, &(0x7f00000000c0)={'wlan0\x00', <r3=>0x0})
sendmsg$NL80211_CMD_DEL_PMKSA(r0, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000180)={&(0x7f0000000240)=ANY=[@ANYBLOB='D\x00\x00\x00', @ANYRES16=r2, @ANYBLOB="01002bbd7000fbdbdf253500000008000300", @ANYRES32=r3, @ANYBLOB="0600fd00ff0100000a00340002c30202020200001400fe61828a30"], 0x44}, 0x1, 0x0, 0x0, 0x94}, 0x10)

3.021351541s ago: executing program 2 (id=1449):
sendmsg$key(0xffffffffffffffff, 0x0, 0x0)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x88}, 0x0)
sched_setscheduler(0x0, 0x1, &(0x7f0000000240)=0x7)
r0 = getpid()
sched_setscheduler(r0, 0x2, &(0x7f0000000200)=0x7)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={<r1=>0xffffffffffffffff, <r2=>0xffffffffffffffff})
connect$unix(r1, &(0x7f000057eff8)=@abs, 0x6e)
sendmmsg$unix(r2, 0x0, 0x0, 0x0)
recvmmsg(r1, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000000)=0x6)
r3 = socket$unix(0x1, 0x2, 0x0)
bind$unix(r3, &(0x7f0000000100)=@file={0x1, '\xe9\x1fq\x89Y\x1e\x923aK\x00'}, 0x6e)
r4 = socket$unix(0x1, 0x2, 0x0)
connect$unix(r4, &(0x7f0000000180)=@file={0x1, '\xe9\x1fq\x89Y\x1e\x923aK\x00'}, 0x6e)
writev(r4, &(0x7f0000000240)=[{&(0x7f0000000000)="f1", 0x1}], 0x1)
setsockopt$SO_TIMESTAMP(r3, 0x1, 0x23, &(0x7f0000000080)=0x6, 0x26)
setsockopt$SO_TIMESTAMPING(r3, 0x1, 0x41, &(0x7f00000000c0)=0x3f9, 0x4)
recvmmsg(r3, &(0x7f0000000300), 0x40000000000049e, 0x1000000000fe, 0x0)

2.511784504s ago: executing program 1 (id=1450):
r0 = socket$nl_route(0x10, 0x3, 0x0)
r1 = socket$packet(0x11, 0x2, 0x300)
ioctl$sock_SIOCGIFINDEX(r1, 0x8933, &(0x7f0000000080)={'veth1_to_hsr\x00', <r2=>0x0})
sendmsg$nl_route_sched(r0, &(0x7f0000000200)={0x0, 0x0, &(0x7f0000000240)={&(0x7f0000004c00)=@newtfilter={0x24, 0x11, 0xd27, 0x0, 0x0, {0x0, 0x0, 0x74, r2}}, 0x4d}, 0x1, 0xf0ffffffffffff}, 0x0)

2.433069366s ago: executing program 4 (id=1451):
sendmsg$nl_route_sched(0xffffffffffffffff, &(0x7f00000007c0)={0x0, 0x0, &(0x7f0000000480)={&(0x7f00000025c0)=@delchain={0x5f4, 0x65, 0x20, 0x70bd27, 0x25dfdbfc, {0x0, 0x0, 0x0, 0x0, {0xe, 0x2}, {0x0, 0xe}, {0x6, 0xb}}, [@filter_kind_options=@f_flow={{0x9}, {0x5c4, 0x2, [@TCA_FLOW_MODE={0x8, 0x2, 0x8065738cbab9bcb1}, @TCA_FLOW_EMATCHES={0x174, 0xb, 0x0, 0x1, [@TCA_EMATCH_TREE_LIST={0x124, 0x2, 0x0, 0x1, [@TCF_EM_CONTAINER={0x68, 0x2, 0x0, 0x0, {{0x4, 0x0, 0x7}, "645809825d93df900fa8fae387fbed6313a639f20b0238ccdd4da9fde2f0be34e659ba729925eff5ebd76dec200e0c6b209649b549944fb335b53ad7e5b0f72af98dbb05ee1778a3e952122289a807cd7b48f87fa52a56b8fa"}}, @TCF_EM_NBYTE={0x14, 0x3, 0x0, 0x0, {{0x7, 0x2, 0x4}, {0x4, 0x1, 0x6, "eb"}}}, @TCF_EM_CONTAINER={0x18, 0x3, 0x0, 0x0, {{0x4, 0x0, 0xb}, "d0fa3d16cd50d147ba"}}, @TCF_EM_META={0x8c, 0x2, 0x0, 0x0, {{0xbe0, 0x4, 0x7}, [@TCA_EM_META_HDR={0xc, 0x1, {{0x2, 0x9, 0x2}, {0x1000, 0x3, 0x1}}}, @TCA_EM_META_LVALUE={0x4}, @TCA_EM_META_HDR={0xc, 0x1, {{0x2, 0x7, 0x1}, {0x7, 0x97, 0x2}}}, @TCA_EM_META_RVALUE={0x31, 0x3, [@TCF_META_TYPE_INT=0x3, @TCF_META_TYPE_INT, @TCF_META_TYPE_INT=0x1, @TCF_META_TYPE_INT=0x5, @TCF_META_TYPE_VAR="230fb355f7156343", @TCF_META_TYPE_INT=0x2, @TCF_META_TYPE_VAR="c3f4be5ef3de514e", @TCF_META_TYPE_VAR="b78850fcae", @TCF_META_TYPE_INT=0x3]}, @TCA_EM_META_RVALUE={0x15, 0x3, [@TCF_META_TYPE_VAR="bd5577acf3", @TCF_META_TYPE_INT=0xa, @TCF_META_TYPE_INT=0x1, @TCF_META_TYPE_INT=0xa]}, @TCA_EM_META_RVALUE={0x15, 0x3, [@TCF_META_TYPE_VAR="7e181233dc49", @TCF_META_TYPE_INT=0x9, @TCF_META_TYPE_INT=0x2, @TCF_META_TYPE_VAR="80e1d0"]}]}}]}, @TCA_EMATCH_TREE_LIST={0x44, 0x2, 0x0, 0x1, [@TCF_EM_IPSET={0x10, 0x2, 0x0, 0x0, {{0xffd3, 0x8, 0x8}, {0x3, 0x6}}}, @TCF_EM_U32={0x1c, 0x1, 0x0, 0x0, {{0xf0a, 0x3, 0x6c0}, {0x5, 0x0, 0x3, 0x7ff}}}, @TCF_EM_CANID={0x14, 0x3, 0x0, 0x0, {{0xf, 0x7, 0x7f}, {{0x4, 0x1, 0x0, 0x1}, {0x1, 0x1}}}}]}, @TCA_EMATCH_TREE_HDR={0x8, 0x1, {0x1}}]}, @TCA_FLOW_XOR={0x8, 0x7, 0xffffff7b}, @TCA_FLOW_PERTURB={0x8}, @TCA_FLOW_DIVISOR={0x8, 0x8, 0x7fff}, @TCA_FLOW_MODE={0x8, 0x2, 0x1}, @TCA_FLOW_ACT={0x424, 0x9, 0x0, 0x1, [@m_gact={0x140, 0x1, 0x0, 0x0, {{0x9}, {0x28, 0x2, 0x0, 0x1, [@TCA_GACT_PROB={0xc, 0x3, {0x1, 0x9d, 0x1}}, @TCA_GACT_PROB={0xc, 0x3, {0x2ca8b8d7ec1784b0, 0x2680, 0xffffffffffffffff}}, @TCA_GACT_PROB={0xc, 0x3, {0x1, 0x1abe}}]}, {0xed, 0x6, "f2984ea5ae0b0909ca5198b5e56548da1af4efe458d68e8346a5ad6fa8d75b3efbcec03667694b23e57efb5dea177c9fec912eda500f92ad241d4a3e1eb9b05c2461a1e89e99a22f43eb3b64257b78512c9df802c3ea23ede5e978e8db3be47630f9b48cdfcee2130369da2ce7473e6324d4fc0342cb38a9e544eb6f4e0148acb294b877f68eb4b6b13e38196c311c9ebb06d7a5ee9ead5689128fa35472611715963d35fb43d3014ff74e144932866ca97f5c001aab6053dd7ce7d38a407074614c2a21063cc49a687085d3ab9d042fcc913d8377863381be46ad8fade1f71945e9d5053fd5d1123d"}, {0xc, 0x7, {0x0, 0x1}}, {0xc, 0x8, {0x1, 0x1}}}}, @m_ct={0xac, 0x1b, 0x0, 0x0, {{0x7}, {0x24, 0x2, 0x0, 0x1, [@TCA_CT_MARK={0x8, 0x5, 0xffff}, @TCA_CT_NAT_PORT_MAX={0x6, 0xe, 0x4e20}, @TCA_CT_NAT_IPV4_MAX={0x8, 0xa, @rand_addr=0x64010101}, @TCA_CT_NAT_IPV4_MIN={0x8, 0x9, @dev={0xac, 0x14, 0x14, 0x30}}]}, {0x63, 0x6, "effbbfbb9975b98b391b34602a99202c04f8aff0f475c3649e7f9024793790e685860edfb7d78570905ca6acc9165a1fb42c399f209c0f00a8f4866f081cd17e904ddc3210cc30ec49b70f2b1fb3ead1fe143d5356ac58b602d03fa75b270e"}, {0xc, 0x7, {0x1}}, {0xc, 0x8, {0x0, 0x3}}}}, @m_skbmod={0x108, 0x1f, 0x0, 0x0, {{0xb}, {0x4}, {0xd9, 0x6, "364a95306a0125f7c7762d651b8604a6d91ec4567f627089ed8d3453859a3d2c79d3d70f085dca8af621c4a5da976ca910f38151f1a68c0e0730e7273e6af4eab8e2ea5df8cb0f6ab249f7561ea8c0dd3e562e5e6a1db3a546a7f7c5f1d0ae94557d9f43b53f0c2e3edaf804191d2d3a1cbdae068d8e342ed2d4e751b25b639e2536238fb6a4824a50b9c6bb62944110874faeed2eb2a6db4dfa6ff7d67302260dd8c80e3c4c3a3a11f1d204106eec615119eaaa73bd0bb3e2d774039d9c7e0d445019a712cc0c16707a7b8505b7c94133ceccee82"}, {0xc, 0x7, {0x1}}, {0xc, 0x8, {0x3, 0x3}}}}, @m_tunnel_key={0x40, 0x3, 0x0, 0x0, {{0xf}, {0x4}, {0xd, 0x6, "6c73dc20ec0f1f62d7"}, {0xc}, {0xc, 0x8, {0x0, 0x3}}}}, @m_xt={0xec, 0xe, 0x0, 0x0, {{0x7}, {0x4}, {0xc1, 0x6, "2a0caebad864038ff40a5d287f3088600ceb92031a440f806744f2c29cd762b34d1c3e200652a37a380abee23790e6050e067b4335afeb4ae4a0dfe9fa72cc1df85464324a30272ee56c17d0913025ba5b385f50249552b3d0baa66c6ffc89df47949c8e52874be2547d84a88eaf65c1a57f44be2ac8409dc80a1286dc54b446bceacb288bceeb018feed674cd3991cf602a4e1e2de9b27bb4036b0ac3e4a6048cdd4ebfc8b92c63ac0f4245eecd529108a46a7eaf202777861df68712"}, {0xc}, {0xc, 0x8, {0x3}}}}]}]}}]}, 0x5f4}, 0x1, 0x0, 0x0, 0x80}, 0x20000080)
r0 = socket(0x10, 0x803, 0x0)
sendto(r0, &(0x7f0000000740)="120000001200e7ef007b00000000000000a1", 0x12, 0x0, 0x0, 0x0)
recvmmsg(r0, &(0x7f00000037c0)=[{{&(0x7f00000004c0)=@ethernet={0x0, @random}, 0xfdf4, &(0x7f0000000380)=[{&(0x7f0000000140)=""/100, 0x365}, {&(0x7f0000000280)=""/85, 0x7c}, {&(0x7f0000000fc0)=""/4096, 0x197}, {&(0x7f0000000400)=""/106, 0x645}, {&(0x7f0000000980)=""/73, 0x1b}, {&(0x7f0000000200)=""/77, 0x14}, {&(0x7f00000007c0)=""/154, 0x21}, {&(0x7f00000001c0)=""/17, 0x1d8}], 0x21, &(0x7f0000000600)=""/191, 0xffffffffffffff2f, 0xa1}}], 0x4000000000003b4, 0x2040000, &(0x7f0000003700)={0x77359400})

1.905554993s ago: executing program 2 (id=1452):
socket$inet_udp(0x2, 0x2, 0x0)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000200)=0x1)
sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
sendmsg$nl_route_sched(0xffffffffffffffff, 0x0, 0x800)
socket$inet_sctp(0x2, 0x5, 0x84)
r0 = openat$nullb(0xffffffffffffff9c, &(0x7f0000000040), 0x84242, 0x0)
r1 = syz_open_dev$loop(&(0x7f0000000080), 0x47ffffa, 0x122c42)
ioctl$LOOP_CONFIGURE(r1, 0x4c0a, &(0x7f0000001ac0)={r0, 0x4000, {0x0, 0x0, 0x0, 0x2ead, 0x7fff, 0x0, 0x0, 0x0, 0x4, "339f020bbe82b398000000000000000000000d0ec0c1b4e9b1c4369d03740250ceaac594b1b3d741dd17c1c50d38ef2a565ef1e83323691c58d66500", "a9103939c787a16c1ca43f80026d1a8554fe581b59ded130e04d528539f3d3289737f0374c72a964a02447a75df8a69ea917deb7ba193b3e7772fd29f35239d2", "24431a1e77a68e174ff10000000000000010e200"}})
mmap(&(0x7f0000000000/0x3000)=nil, 0x3000, 0x5, 0x12, r1, 0x0)
process_madvise(0xffffffffffffffff, &(0x7f0000000200)=[{0x0}], 0x1, 0x13, 0x0)

1.623777519s ago: executing program 4 (id=1453):
r0 = socket$inet(0x2, 0x4000000000000001, 0x0)
setsockopt$inet_tcp_int(r0, 0x6, 0x80000000000002, &(0x7f00000004c0)=0x79, 0x4)
bind$inet(r0, &(0x7f0000000080)={0x2, 0x4e23, @local}, 0x10)
setsockopt$SO_ATTACH_FILTER(r0, 0x1, 0x1a, &(0x7f0000000140)={0x1, &(0x7f0000000280)=[{0x6, 0x0, 0x1, 0xe4}]}, 0x10)
sendto$inet(r0, 0x0, 0x0, 0x200007fd, &(0x7f0000e68000)={0x2, 0x4e23, @local}, 0x10)
setsockopt$inet_tcp_TCP_CONGESTION(r0, 0x6, 0xd, &(0x7f0000000100)='bbr\x00', 0x4)
sendmmsg$inet(r0, &(0x7f0000004b80)=[{{0x0, 0x0, &(0x7f00000000c0)=[{&(0x7f0000001400)="1c2789bd018bf77308ae7ed990e4b63b8cf1cf4ae822f1f84abd5420339c722aa7f6d87f5926c484455c67b7a9259ac3f36154b6526320d83fe72e5f5370550de0307d8ad13d192e7d5c14f8b2367b1db7dbe02629646be253b07a1245dce1a721576750f3f574ce4ac91827528289acb0089c83a39827b4d9f231ad23f382e2f3d86880015b84a6d3740029d6ffbbf61ae415dc51a6ebd3010000000000008067a9e4abdbbe90455d28993254ab9fa2c5d561ee0000000000000000000ce572ae0de0745310890497fd77693dff252cd2d3ca44d653adb996df2d4657df02890a35dc7dca300162746af9f2e03e2ea4cb0ac9689db83d6b0b923ddd63724bc8de54e76d67a16ccf6a6e80b55db62db33092f95ece822b728612a43ec79780fd217a580abcf20011c47885ddbdd82efd3dd8f815fbc7db3c6b21a513d73d6712b4c7e9cfe8306a5c437497faebe77341dfccae85bc3fa01495122bf258f187dd16efc46576c22ea95c3459cce2701b80daca08e96ca64db0f6cc9157ce80cde9771b31d17b114685b8be741c53388460f90e3372dfc9cf4f9b096810e29a7e90f904188506", 0x1a5}, {&(0x7f0000000680)="509930ab01f637fc52a17809d6a885447981feb0a194810dd7decdefe3fb3afbc98524e2c0eb605f33ccc21295deb47f14bb9c9e755e1910a66f6d41ae310a12eb930bb1545b1ca32bd06bc66fbb88dc366920cc3868fdc1eeb01a8c7e7f45261703a417bca1aa291a34d0e20400000000000000548504dfaa8dd5c209", 0x7d}], 0x2}}, {{0x0, 0x0, &(0x7f0000004080)=[{&(0x7f0000001180)="52348bf9812fc081678b5760a4c4967393fd8939aaf12a894c5424df616c4eea14fbac2dad114a75c405d89fafa5715b56abba4bbceca456d8225e3f6eb57a03287e74c7bd74e40e3fda3150f92d181e7c82cb2f8ea0416fc4c0f111161cdb9a52911925644e25f871d02f403c83214f830f93b30b874e75cab53f1ed7871f21c0d654a47fab0637868517d7e8d9915e99b4dc2dcafdcb2ef2a012ec95418a544c32181fb969e01318e00a12fd1b2a0eb57bcf7de086e320f2d4be4e1453010be849", 0xc2}], 0x1}}], 0x2, 0x40090)

1.623054193s ago: executing program 1 (id=1454):
sendmsg$kcm(0xffffffffffffffff, 0x0, 0x0)
r0 = bpf$MAP_CREATE(0x0, &(0x7f0000000800)=ANY=[@ANYBLOB="0fe0bfe97e6efb00000004000000040000001200", @ANYRES32, @ANYBLOB='\x00'/20, @ANYRES32=0x0, @ANYRES32, @ANYBLOB='\x00'/28], 0x50)
r1 = bpf$PROG_LOAD_XDP(0x5, &(0x7f0000000880)={0xe, 0x4, &(0x7f0000001ec0)=ANY=[@ANYBLOB="4b82d87080100100080000008a8e9162350a0414cca3ee642700a17d83f0df0ff60a966e071b3726d5ba9689bcd66fbc00f8b51e5d53b852f8f7f6679bb12d0eebeb2598c6653662819ff737afb29e959fd0c213535fed6d987d00ca722884086e427cda82cea7fa6f7fcf9cd614b36cfb2913b80a76ccf1b257f3a0c42e468e9fe3a4096c1a77028701e3070ab0c84fa56aec360f1d6991f21a26fa00"/172, @ANYRES16=0x0, @ANYRES32=0x0, @ANYBLOB="88d8ceb51cb85815cd1e5ea1e704a310774580669f4725c06b56847eb77095edca29d5382e6ba2dad69173651ad467a4f9c0ddcc1e39a0abbe891ef3186dbd3d675b09ef996175b92866daad40edbf5e17eb9098746c0f9c4744b87aff2b549d6f356bab0d7ebad54aed49f4", @ANYRES8=r0, @ANYRES8=r0], &(0x7f0000000000)='syzkaller\x00', 0x0, 0x0, 0x0, 0x40f00}, 0x94)
bpf$BPF_PROG_DETACH(0x8, &(0x7f0000000080)={@map=r0, r1, 0x5}, 0x10)
bpf$MAP_UPDATE_ELEM_TAIL_CALL(0x2, &(0x7f0000001e00)={{r0}, &(0x7f0000001e40), &(0x7f0000000700)}, 0xfffffffffffffd5d)
r2 = getpid()
openat$tun(0xffffffffffffff9c, &(0x7f0000000300), 0x110400, 0x0)
r3 = socket$kcm(0x2, 0x1, 0x84)
setsockopt$sock_attach_bpf(r3, 0x84, 0x84, &(0x7f0000000000), 0x90)
sendmsg$inet(r3, &(0x7f0000000e40)={&(0x7f0000000280)={0x2, 0x4e23, @remote}, 0x10, &(0x7f0000000600)=[{&(0x7f0000000400)="d4", 0x1}], 0x1}, 0x40)
socketpair$unix(0x1, 0x1, 0x0, &(0x7f0000002d40)={<r4=>0xffffffffffffffff, <r5=>0xffffffffffffffff})
r6 = gettid()
sendmsg$unix(r5, &(0x7f0000000600)={0x0, 0x0, &(0x7f0000000500)=[{&(0x7f0000000640)='Q', 0x1}], 0x1, &(0x7f0000001040)=ANY=[@ANYBLOB="1c000000000000000100000002000000", @ANYRES32=r6, @ANYRES32=0xee01, @ANYRES32=0x0, @ANYBLOB="0000000030000000000000000100000001000000", @ANYRES32=r5, @ANYRES32=r4, @ANYRES32=r4, @ANYRES32=r5, @ANYRES32=r4, @ANYRES32=r5, @ANYRES32=r4, @ANYRES32=r5, @ANYBLOB="1c000000000000000100000402000000", @ANYRES32, @ANYRES32=0xee01, @ANYRES32=0x0, @ANYBLOB="0000000014000000000000000100000001000000", @ANYRES32=r4, @ANYBLOB="e5ffff6e18"], 0xa0}, 0x4004881)
r7 = syz_clone(0x211200, &(0x7f00000003c0)="01020fccf118bdf0546b36c1b5421d5f35c371eb969e2b505a3bc8e48fc6d08a9509ff4d6d276382edcbe484894dce741456f5a8a394e4eedcf1b8954226fa27b6d7df528f91649fd8091454fa564ebeac5c406efff0a36fba412491e464c68d9d7f1cb4af9378d42fbcf3b166ee1bb04b32de863a9a905fba248cb95ee29b69175136cea2f7954ae74b50057dc19b304b249881f7e036abf333387e12855bbb81756d9ad02de7ec9b86f4a4339124aafb53b6fe437f0d0b570358", 0xbb, &(0x7f0000000340), &(0x7f0000000480), &(0x7f00000004c0)="1d749864c743489a3cd3e8a5c029f4fcb0453c97015d9b7925c4792f0b5373caf8f57c9713873cf7b27ef499babd2ae80fff76c1b7d307233347289888a7")
r8 = openat$cgroup_type(0xffffffffffffffff, &(0x7f0000000500), 0x2, 0x0)
socketpair$tipc(0x1e, 0x5, 0x0, &(0x7f0000000540)={0xffffffffffffffff, <r9=>0xffffffffffffffff})
r10 = openat$cgroup_ro(0xffffffffffffffff, &(0x7f0000000580)='blkio.throttle.io_serviced_recursive\x00', 0x0, 0x0)
r11 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000780)={0x18, 0xf, &(0x7f00000005c0)=@ringbuf={{0x18, 0x0, 0x0, 0x0, 0xb, 0x0, 0x0, 0x0, 0x1f5}, {{0x18, 0x1, 0x1, 0x0, 0x1}}, {}, [], {{}, {0x7, 0x0, 0xb, 0x2, 0x0, 0x0, 0x1}, {0x85, 0x0, 0x0, 0x84}}}, &(0x7f0000000640)='GPL\x00', 0x4, 0x0, 0x0, 0x41000, 0x8, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x8, &(0x7f0000000680)={0x7, 0x1}, 0x8, 0x10, &(0x7f00000006c0)={0x1, 0x5, 0x900, 0x80000000}, 0x10, 0x0, 0x0, 0x0, &(0x7f0000000700)=[0x1, 0x1, 0x1], 0x0, 0x10, 0x6d3}, 0x94)
r12 = openat$cgroup(0xffffffffffffffff, &(0x7f0000000840)='syz1\x00', 0x200002, 0x0)
r13 = bpf$PROG_LOAD_XDP(0x5, &(0x7f0000001a40)={0x6, 0x10, &(0x7f0000001d40)=ANY=[@ANYBLOB="180000000a8000ddffffffff0200000018110000badd3982b34c7125fd04cc753132055991d67da4dc99121f0b964f1405f2a20a3503a468bc000000000000", @ANYRES32=0x1, @ANYBLOB="0000000000000000b702000014000000b7030000000000008500000083000000bf0900000000000055090100000000009500000000000000097e080000000080bf91000000000000b7020000030000008500000084000000b7000000000000009500000000000000"], &(0x7f0000001d00)='syzkaller\x00', 0xfffffffa, 0x1000, &(0x7f0000000940)=""/4096, 0x41100, 0x77, '\x00', 0x0, 0x25, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, &(0x7f0000001940)={0x1, 0x4, 0x1, 0x39bf597d}, 0x62, 0x0, 0x0, 0xa, 0x0, &(0x7f0000001980)=[{0x0, 0x4, 0xb, 0xc}, {0x3, 0x5, 0x4, 0x1}, {0x5, 0x3, 0x10000010, 0x6}, {0x5, 0x1, 0x9, 0x3}, {0x4, 0x5, 0x1, 0x6}, {0x2, 0x1, 0xf, 0x1}, {0x0, 0x8000002, 0x0, 0x6}, {0x5, 0x1, 0x6, 0x2}, {0x3, 0x1, 0x6, 0x2}, {0xfffffffd, 0x5, 0x6, 0x8}], 0x10, 0xe88}, 0x94)
bpf$MAP_UPDATE_CONST_STR(0x2, 0x0, 0x0)
r14 = socket$kcm(0x10, 0x2, 0x0)
sendmsg$kcm(r14, &(0x7f0000000080)={0x0, 0xd, &(0x7f0000000180)=[{&(0x7f0000000000)="2e00000010008188040f80ec59acbc0413a1f848120000005e0c0000000000000e000a001400000002800000121f", 0x82}], 0x1}, 0x0)
socketpair$unix(0x1, 0x1, 0x0, &(0x7f0000000000)={0xffffffffffffffff, <r15=>0xffffffffffffffff})
setsockopt$sock_attach_bpf(r15, 0x1, 0x1a, &(0x7f0000000300), 0x10)
sendmsg$unix(0xffffffffffffffff, &(0x7f0000001cc0)={&(0x7f0000000180)=@abs={0x0, 0x0, 0x4e20}, 0x6e, &(0x7f00000002c0)=[{&(0x7f0000000200)="d74fe84ca4b1bb69f76686dd636cbd5ab0388e8a4fec80771ef5284fce7d7b974f3d7124d46dc66f", 0x28}, {&(0x7f0000000240)="51e26823340767c8747c1c57bc960856edce2569291ee639d4f1c792d90aa424e720e703152e081d599c541c0ad31f12d3dbde58cf4795d47142668e23cd735f48e745d85fa9cfef0270782f0814", 0x4e}], 0x2, &(0x7f0000001bc0)=[@cred={{0x1c, 0x1, 0x2, {r2, 0xee00}}}, @rights={{0x10}}, @cred={{0x1c, 0x1, 0x2, {r6, 0xee00, 0xffffffffffffffff}}}, @cred={{0x1c, 0x1, 0x2, {r7, 0xee00, 0xffffffffffffffff}}}, @rights={{0x1c, 0x1, 0x1, [r8, r9, r10]}}, @rights={{0x2c, 0x1, 0x1, [r11, r12, r13, 0xffffffffffffffff, 0xffffffffffffffff, r14, r15]}}], 0xc0, 0x40}, 0x0)
bpf$MAP_LOOKUP_BATCH(0x18, &(0x7f0000000380)={&(0x7f0000000040)="b64b6779e728a585fc6d831c9c111ee3bf867c7fa20663508d961b5b0bc1d4eded804b84c8ee0b5e7b55af44aa8bf4a16c4d4aaf896a13f650a3b4f737945a9a179a6ceb93adadb8dd841258d0f04b02868cd415ab9bc48b055a8b3f92b143cb16138c216513a045af2101e7e3c507bedee404330f1171812cdaeed17a0e89dd4863a4e6808ca6b7046c38f33b9a0417e1c8fae7a9e1b4c8161b02", 0x0, 0x0, 0x0}, 0x38)

1.453220837s ago: executing program 2 (id=1455):
r0 = socket$inet6(0xa, 0x2, 0x0)
connect$inet6(r0, &(0x7f00000002c0)={0xa, 0x4e24}, 0x1c)
sendmmsg(r0, &(0x7f00000092c0), 0x4ff, 0x97ff)

1.315843983s ago: executing program 4 (id=1456):
prlimit64(0x0, 0xe, &(0x7f00000007c0)={0x8, 0x88}, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000080)=0x8)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
openat$sequencer(0xffffffffffffff9c, &(0x7f0000000300), 0x0, 0x0)
r0 = syz_open_dev$sndmidi(&(0x7f00000004c0), 0x2, 0x141102)
writev(r0, &(0x7f0000000840)=[{&(0x7f00000002c0)="94", 0xf000}, {0x0}], 0x2)
r1 = syz_clone(0x2080, 0x0, 0x0, 0x0, 0x0, 0x0)
getpriority(0x1, r1)
r2 = socket$netlink(0x10, 0x3, 0x0)
r3 = socket(0x10, 0x803, 0x0)
sendmsg$IPVS_CMD_SET_INFO(r3, &(0x7f0000000b00)={0x0, 0x0, &(0x7f0000000ac0)={0x0, 0x14}}, 0x0)
sendmsg$nl_route(r2, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000380)=ANY=[@ANYBLOB="3c0000001000850600"/20, @ANYRES32=<r4=>0xffffffffffffffff, @ANYBLOB="01000000000000001c0012000c000100626f6e64000000000c0002000800010006"], 0x3c}}, 0x0)
syz_genetlink_get_family_id$nl80211(&(0x7f0000000080), 0xffffffffffffffff)
socket$inet6_udplite(0xa, 0x2, 0x88)
sendmsg$NL80211_CMD_REMAIN_ON_CHANNEL(0xffffffffffffffff, &(0x7f0000000200)={0x0, 0x0, &(0x7f00000001c0)={&(0x7f00000032c0)=ANY=[@ANYRESHEX, @ANYBLOB="0100000000000000000002000000080003", @ANYRESDEC=r4, @ANYBLOB="0c009900f400000017000000080026007f1700000800270001"], 0x40}, 0x1, 0x0, 0x0, 0xd37697ff280d3c0e}, 0x0)
r5 = syz_open_dev$media(&(0x7f0000000380), 0x0, 0x0)
r6 = syz_open_dev$media(&(0x7f0000000380), 0x0, 0x0)
ioctl$MEDIA_IOC_ENUM_LINKS(r6, 0xc0287c02, &(0x7f0000000100)={0x80000000, 0x0, &(0x7f0000000200)=[{}, {{}, {<r7=>0x80000000}}]})
ioctl$MEDIA_IOC_ENUM_ENTITIES(r5, 0xc1007c01, &(0x7f0000000500)={r7})

532.698862ms ago: executing program 2 (id=1457):
r0 = syz_init_net_socket$bt_hidp(0x1f, 0x3, 0x6)
sendmsg$inet(r0, &(0x7f0000000300)={0x0, 0x0, &(0x7f0000002700)=[{&(0x7f0000000080)="40ba", 0x2}], 0x1}, 0x400c0)
r1 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f00000001c0)='memory.events\x00', 0x275a, 0x0)
write$cgroup_subtree(r1, &(0x7f0000000080)=ANY=[], 0x10448)
mmap(&(0x7f0000000000/0x3000)=nil, 0x3000, 0x2000001, 0x12, r1, 0x0)
ioctl$sock_bt_hidp_HIDPGETCONNLIST(r0, 0x800448d2, &(0x7f0000000000)={0x0, 0x0})

190.821614ms ago: executing program 1 (id=1458):
syz_init_net_socket$nl_generic(0x10, 0x3, 0x10)
syz_genetlink_get_family_id$nl802154(&(0x7f0000000200), 0xffffffffffffffff)
gettid()
r0 = syz_init_net_socket$nl_generic(0x10, 0x3, 0x10)
r1 = syz_genetlink_get_family_id$nbd(&(0x7f0000000040), 0xffffffffffffffff)
socketpair$nbd(0x1, 0x1, 0x0, &(0x7f0000000000)={<r2=>0xffffffffffffffff})
sendmsg$NBD_CMD_CONNECT(r0, &(0x7f0000001ac0)={0x0, 0x0, &(0x7f0000001a80)={&(0x7f0000000300)={0x3c, r1, 0x1, 0xfffffffe, 0x0, {}, [@NBD_ATTR_SOCKETS={0x10, 0x7, 0x0, 0x1, [{0xc, 0x1, 0x0, 0x1, {0x8, 0x1, r2}}]}, @NBD_ATTR_SERVER_FLAGS={0xc, 0x5, 0xfb2e77a8993c191f}, @NBD_ATTR_SIZE_BYTES={0xc, 0x2, 0xffff}]}, 0x3c}}, 0x20000000)

0s ago: executing program 4 (id=1459):
ioctl$TIOCSTI(0xffffffffffffffff, 0x5412, 0x0)
mount(0x0, 0x0, 0x0, 0x189, 0x0)
r0 = syz_usb_connect(0x2, 0x3f, &(0x7f00000007c0)=ANY=[@ANYBLOB="11010000733336088dee1adb23610000000109022d0001100000000904000003fe03010009cd8d1f000200000009050502000000001009058b1e20"], 0x0)
syz_usb_control_io(r0, 0x0, 0x0)
syz_usb_control_io$hid(r0, 0x0, 0x0)
openat$cgroup_ro(0xffffffffffffff9c, &(0x7f00000001c0)='cgroup.controllers\x00', 0x275a, 0x0)
ioctl$FS_IOC_GETVERSION(0xffffffffffffffff, 0xc0105b08, 0x0)

kernel console output (not intermixed with test programs):

 tx timeout
[  131.893089][ T5156] Bluetooth: hci4: command 0x0405 tx timeout
[  132.657019][   T30] audit: type=1326 audit(1755579687.488:11): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=6294 comm="syz.1.97" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f418f78ebe9 code=0x7ffc0000
[  132.828474][   T30] audit: type=1326 audit(1755579687.488:12): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=6294 comm="syz.1.97" exe="/root/syz-executor" sig=0 arch=c000003e syscall=157 compat=0 ip=0x7f418f78ebe9 code=0x7ffc0000
[  132.863205][   T30] audit: type=1326 audit(1755579687.488:13): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=6294 comm="syz.1.97" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f418f78ebe9 code=0x7ffc0000
[  132.930970][ T5156] Bluetooth: hci1: command 0x0c1a tx timeout
[  132.937378][   T51] Bluetooth: hci2: command 0x0c1a tx timeout
[  132.943547][ T5838] Bluetooth: hci0: command 0x0c1a tx timeout
[  133.220320][ T1301] ieee802154 phy0 wpan0: encryption failed: -22
[  133.238929][ T1301] ieee802154 phy1 wpan1: encryption failed: -22
[  133.738686][ T6311] kvm: vcpu 0: requested lapic timer restore with starting count register 0x390=4262885938 (68206175008 ns) > initial count (38369542160 ns). Using initial count to start timer.
[  133.825882][ T5156] Bluetooth: hci3: command 0x0c1a tx timeout
[  133.980787][ T5156] Bluetooth: hci4: command 0x0405 tx timeout
[  135.101022][ T5156] Bluetooth: hci1: command 0x0c1a tx timeout
[  135.108242][ T5838] Bluetooth: hci0: command 0x0c1a tx timeout
[  135.114692][   T51] Bluetooth: hci2: command 0x0c1a tx timeout
[  135.890874][   T51] Bluetooth: hci3: command 0x0c1a tx timeout
[  136.050742][   T51] Bluetooth: hci4: command 0x0405 tx timeout
[  138.536416][ T6341] Bluetooth: hci0: Opcode 0x0c1a failed: -4
[  138.548173][ T6341] Bluetooth: hci1: Opcode 0x0c1a failed: -4
[  138.560096][ T6341] Bluetooth: hci2: Opcode 0x0c1a failed: -4
[  138.581693][ T6341] Bluetooth: hci3: Opcode 0x0c1a failed: -4
[  138.608900][ T6341] Bluetooth: hci4: Opcode 0x0c1a failed: -4
[  139.822508][   T51] Bluetooth: hci0: command 0x0c1a tx timeout
[  140.686509][   T51] Bluetooth: hci3: command 0x0c1a tx timeout
[  140.693676][ T5838] Bluetooth: hci2: command 0x0c1a tx timeout
[  140.699829][ T5838] Bluetooth: hci1: command 0x0c1a tx timeout
[  140.705920][ T5156] Bluetooth: hci4: command 0x0405 tx timeout
[  141.770273][ T6394] ptrace attach of "./syz-executor exec"[5848] was attempted by "./syz-executor exec"[6394]
[  143.171123][ T6418] netlink: 4 bytes leftover after parsing attributes in process `syz.1.132'.
[  143.791427][ T6420] mmap: syz.0.131 (6420) uses deprecated remap_file_pages() syscall. See Documentation/mm/remap_file_pages.rst.
[  144.081477][ T6424] "syz.1.133" (6424) uses obsolete ecb(arc4) skcipher
[  144.920922][ T5911] usb 3-1: new full-speed USB device number 2 using dummy_hcd
[  145.151398][ T5911] usb 3-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config
[  145.289497][ T5911] usb 3-1: config 0 has 0 interfaces, different from the descriptor's value: 9
[  145.410147][ T5911] usb 3-1: New USB device found, idVendor=0b48, idProduct=3007, bcdDevice=4f.64
[  146.120702][ T5911] usb 3-1: New USB device strings: Mfr=1, Product=2, SerialNumber=11
[  146.129395][ T5911] usb 3-1: Product: syz
[  146.293669][ T5911] usb 3-1: Manufacturer: syz
[  146.346210][ T5911] usb 3-1: SerialNumber: syz
[  146.389839][ T6454] netlink: 'syz.3.143': attribute type 21 has an invalid length.
[  146.447401][ T5911] usb 3-1: config 0 descriptor??
[  146.593518][ T5950] usb 5-1: new high-speed USB device number 2 using dummy_hcd
[  146.851090][ T5950] usb 5-1: Using ep0 maxpacket: 16
[  146.879422][ T5950] usb 5-1: config 0 interface 0 altsetting 0 endpoint 0x4 has invalid wMaxPacketSize 0
[  146.906223][ T5950] usb 5-1: config 0 interface 0 altsetting 0 bulk endpoint 0x4 has invalid maxpacket 0
[  146.935835][ T5950] usb 5-1: config 0 interface 0 altsetting 0 bulk endpoint 0x81 has invalid maxpacket 1023
[  146.990218][ T5950] usb 5-1: New USB device found, idVendor=04d8, idProduct=0a30, bcdDevice=ce.47
[  147.005452][ T5950] usb 5-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  147.036814][ T5950] usb 5-1: Product: syz
[  147.064681][ T5950] usb 5-1: Manufacturer: syz
[  147.108327][ T5950] usb 5-1: SerialNumber: syz
[  147.189772][ T5950] usb 5-1: config 0 descriptor??
[  147.247390][ T6466] raw-gadget.1 gadget.4: fail, usb_ep_enable returned -22
[  147.287030][ T5950] mcba_usb 5-1:0.0 can0: failed tx_urb -90
[  147.302480][ T5950] mcba_usb 5-1:0.0 can0: Failed to send cmd (169)
[  147.314851][ T5950] mcba_usb 5-1:0.0 can0: failed tx_urb -90
[  147.322042][ T5950] mcba_usb 5-1:0.0 can0: Failed to send cmd (169)
[  147.328565][ T5950] mcba_usb 5-1:0.0: Microchip CAN BUS Analyzer connected
[  147.517721][ T6466] netlink: 'syz.4.146': attribute type 5 has an invalid length.
[  147.598295][ T6466] ip6erspan0: entered promiscuous mode
[  147.621469][ T6477] bridge0: port 3(macsec0) entered blocking state
[  147.630855][ T6477] bridge0: port 3(macsec0) entered disabled state
[  147.658959][ T6477] macsec0: entered allmulticast mode
[  147.666204][ T6477] veth1_macvtap: entered allmulticast mode
[  147.685318][ T6477] macsec0: entered promiscuous mode
[  147.697567][ T6477] bridge0: port 3(macsec0) entered blocking state
[  147.705032][ T6477] bridge0: port 3(macsec0) entered forwarding state
[  148.509495][ T5911] usb 3-1: USB disconnect, device number 2
[  150.731149][ T5911] usb 5-1: USB disconnect, device number 2
[  150.740151][ T5911] mcba_usb 5-1:0.0 can0: device disconnected
[  150.991426][ T6513] tipc: Started in network mode
[  150.997869][ T6513] tipc: Node identity 52c224f858c6, cluster identity 4711
[  151.069770][ T6513] tipc: Enabled bearer <eth:syzkaller0>, priority 0
[  151.172078][ T6513] tipc: Resetting bearer <eth:syzkaller0>
[  151.457970][ T6512] tipc: Disabling bearer <eth:syzkaller0>
[  154.246882][ T6559] netlink: 212408 bytes leftover after parsing attributes in process `syz.0.164'.
[  154.256892][ T6559] netlink: zone id is out of range
[  154.262432][ T6559] netlink: get zone limit has 8 unknown bytes
[  154.655760][ T6566] bond0: (slave lo): enslaved VLAN challenged slave. Adding VLANs will be blocked as long as it is part of bond.
[  154.701845][ T6566] bond0: (slave lo): Error: Device can not be enslaved while up
[  154.908005][ T6566] snd_aloop snd_aloop.0: control 2:1883:2954:syz1:64272 is already present
[  155.047454][ T6566] netlink: 8 bytes leftover after parsing attributes in process `syz.2.167'.
[  156.211070][    C0] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog
[  156.218207][ T5950] usb 5-1: new high-speed USB device number 3 using dummy_hcd
[  156.680106][ T5950] usb 5-1: no configurations
[  156.720900][ T5950] usb 5-1: can't read configurations, error -22
[  156.935928][ T5950] usb 5-1: new high-speed USB device number 4 using dummy_hcd
[  157.302134][ T5950] usb 5-1: no configurations
[  157.447871][ T5950] usb 5-1: can't read configurations, error -22
[  157.508571][ T5950] usb usb5-port1: attempt power cycle
[  157.931627][ T5950] usb 5-1: new high-speed USB device number 5 using dummy_hcd
[  158.031951][ T5950] usb 5-1: no configurations
[  158.037907][ T5950] usb 5-1: can't read configurations, error -22
[  158.191685][ T5950] usb 5-1: new high-speed USB device number 6 using dummy_hcd
[  158.850751][ T5950] usb 5-1: device descriptor read/8, error -71
[  159.025446][ T5950] usb usb5-port1: unable to enumerate USB device
[  160.477907][ T6630] netlink: 4 bytes leftover after parsing attributes in process `syz.4.186'.
[  162.235650][ T6643] syz.2.191 uses obsolete (PF_INET,SOCK_PACKET)
[  162.307044][ T6644] netlink: 'syz.1.190': attribute type 3 has an invalid length.
[  162.315091][ T6644] netlink: 199836 bytes leftover after parsing attributes in process `syz.1.190'.
[  166.959273][   T30] audit: type=1326 audit(1755579721.808:14): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=6687 comm="syz.0.207" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f5e8bf8ebe9 code=0x7ffc0000
[  167.120975][   T30] audit: type=1326 audit(1755579721.808:15): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=6687 comm="syz.0.207" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f5e8bf8ebe9 code=0x7ffc0000
[  167.260749][   T30] audit: type=1326 audit(1755579721.838:16): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=6687 comm="syz.0.207" exe="/root/syz-executor" sig=0 arch=c000003e syscall=157 compat=0 ip=0x7f5e8bf8ebe9 code=0x7ffc0000
[  167.430921][   T30] audit: type=1326 audit(1755579721.838:17): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=6687 comm="syz.0.207" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f5e8bf8ebe9 code=0x7ffc0000
[  167.560756][   T30] audit: type=1326 audit(1755579721.838:18): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=6687 comm="syz.0.207" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f5e8bf8ebe9 code=0x7ffc0000
[  168.553212][ T6707] vimc link validate: Scaler:src:640x480 (0x33424752, 8, 0, 0, 0) RGB/YUV Capture:snk:640x480 (0x33424752, 8, 0, 0, 0)
[  169.499096][ T6722] ptrace attach of "./syz-executor exec"[5841] was attempted by "./syz-executor exec"[6722]
[  170.214246][ T6730] comedi comedi3: 8255: I/O port conflict (0x40404f26,4)
[  170.222138][ T6730] comedi comedi3: 8255: I/O port conflict (0x5,4)
[  170.229095][ T6730] comedi comedi3: 8255: I/O port conflict (0x2,4)
[  170.236296][ T6730] comedi comedi3: 8255: I/O port conflict (0xc,4)
[  170.243125][ T6730] comedi comedi3: 8255: I/O port conflict (0x9,4)
[  170.256320][ T6730] comedi comedi3: 8255: I/O port conflict (0x5c95239c,4)
[  170.263831][ T6730] comedi comedi3: 8255: I/O port conflict (0x5,4)
[  170.270576][ T6730] comedi comedi3: 8255: I/O port conflict (0x3bf,4)
[  170.278176][ T6730] comedi comedi3: 8255: I/O port conflict (0x1,4)
[  170.285432][ T6730] comedi comedi3: 8255: I/O port conflict (0x20000001,4)
[  170.293273][ T6730] comedi comedi3: 8255: I/O port conflict (0x9,4)
[  170.300414][ T6730] comedi comedi3: 8255: I/O port conflict (0x6,4)
[  170.307637][ T6730] comedi comedi3: 8255: I/O port conflict (0x400,4)
[  170.314962][ T6730] comedi comedi3: 8255: I/O port conflict (0x6,4)
[  173.492843][ T6756] snd_dummy snd_dummy.0: control 0:0:0:syz0:0 is already present
[  174.175509][ T6778] netlink: 'syz.0.232': attribute type 15 has an invalid length.
[  174.184227][ T6778] netlink: 24 bytes leftover after parsing attributes in process `syz.0.232'.
[  175.631586][   T30] audit: type=1326 audit(1755579730.488:19): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=6785 comm="syz.1.234" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f418f78ebe9 code=0x7ffc0000
[  175.801000][   T30] audit: type=1326 audit(1755579730.508:20): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=6785 comm="syz.1.234" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f418f78ebe9 code=0x7ffc0000
[  175.934775][   T30] audit: type=1326 audit(1755579730.508:21): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=6785 comm="syz.1.234" exe="/root/syz-executor" sig=0 arch=c000003e syscall=157 compat=0 ip=0x7f418f78ebe9 code=0x7ffc0000
[  176.820988][   T30] audit: type=1326 audit(1755579730.508:22): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=6785 comm="syz.1.234" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f418f78ebe9 code=0x7ffc0000
[  177.030127][   T30] audit: type=1326 audit(1755579730.508:23): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=6785 comm="syz.1.234" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f418f78ebe9 code=0x7ffc0000
[  178.441235][ T5950] usb 5-1: new high-speed USB device number 7 using dummy_hcd
[  178.810718][ T5950] usb 5-1: device descriptor read/64, error -71
[  179.141113][ T5949] usb 4-1: new full-speed USB device number 4 using dummy_hcd
[  180.063726][ T5950] usb 5-1: new high-speed USB device number 8 using dummy_hcd
[  180.155887][ T5949] usb 4-1: config 0 interface 0 altsetting 4 endpoint 0x81 has an invalid bInterval 0, changing to 10
[  180.170445][ T6792] syz.1.235 (6792): drop_caches: 2
[  180.220916][ T5949] usb 4-1: config 0 interface 0 altsetting 4 endpoint 0x81 has invalid wMaxPacketSize 0
[  180.275120][ T5949] usb 4-1: config 0 interface 0 has no altsetting 0
[  180.284275][ T5950] usb 5-1: device descriptor read/64, error -71
[  180.298000][ T5949] usb 4-1: New USB device found, idVendor=28de, idProduct=1102, bcdDevice= 0.00
[  180.327970][ T5949] usb 4-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  180.362172][ T5949] usb 4-1: config 0 descriptor??
[  180.401275][ T5950] usb usb5-port1: attempt power cycle
[  180.615225][ T6803] syz.4.239 (6803) used greatest stack depth: 18568 bytes left
[  180.677131][   T30] audit: type=1326 audit(1755579735.528:24): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=6818 comm="syz.1.245" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f418f78ebe9 code=0x7ffc0000
[  180.715000][   T30] audit: type=1326 audit(1755579735.558:25): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=6818 comm="syz.1.245" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f418f78ebe9 code=0x7ffc0000
[  180.736536][    C1] vkms_vblank_simulate: vblank timer overrun
[  180.798903][ T6821] UDPLite: UDP-Lite is deprecated and scheduled to be removed in 2025, please contact the netdev mailing list
[  180.833237][ T5949] hid-steam 0003:28DE:1102.0001: unknown main item tag 0x1
[  180.863403][ T5949] hid-steam 0003:28DE:1102.0001: item fetching failed at offset 4/5
[  180.872073][   T30] audit: type=1326 audit(1755579735.558:26): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=6818 comm="syz.1.245" exe="/root/syz-executor" sig=0 arch=c000003e syscall=157 compat=0 ip=0x7f418f78ebe9 code=0x7ffc0000
[  180.911857][ T5949] hid-steam 0003:28DE:1102.0001: steam_probe:parse of hid interface failed
[  181.068954][ T5949] hid-steam 0003:28DE:1102.0001: probe with driver hid-steam failed with error -22
[  181.151650][ T5949] usb 4-1: USB disconnect, device number 4
[  181.307384][   T30] audit: type=1326 audit(1755579735.558:27): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=6818 comm="syz.1.245" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f418f78ebe9 code=0x7ffc0000
[  181.349002][   T30] audit: type=1326 audit(1755579735.558:28): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=6818 comm="syz.1.245" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f418f78ebe9 code=0x7ffc0000
[  188.041210][ T6894] capability: warning: `syz.1.268' uses deprecated v2 capabilities in a way that may be insecure
[  189.325311][   T30] audit: type=1326 audit(1755579744.168:29): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=6917 comm="syz.4.274" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f1a5a78ebe9 code=0x7ffc0000
[  189.389141][   T30] audit: type=1326 audit(1755579744.168:30): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=6917 comm="syz.4.274" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f1a5a78ebe9 code=0x7ffc0000
[  189.536259][   T30] audit: type=1326 audit(1755579744.168:31): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=6917 comm="syz.4.274" exe="/root/syz-executor" sig=0 arch=c000003e syscall=157 compat=0 ip=0x7f1a5a78ebe9 code=0x7ffc0000
[  189.558300][   T30] audit: type=1326 audit(1755579744.168:32): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=6917 comm="syz.4.274" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f1a5a78ebe9 code=0x7ffc0000
[  189.927670][ T6916] syz.3.272 (6916) used greatest stack depth: 15448 bytes left
[  189.968395][ T6929] netlink: 24 bytes leftover after parsing attributes in process `syz.1.277'.
[  190.625574][ T5838] Bluetooth: hci4: command 0x0405 tx timeout
[  190.690900][ T6901] Bluetooth: hci0: Opcode 0x0c1a failed: -110
[  190.697266][   T51] Bluetooth: hci0: command 0x0c1a tx timeout
[  192.874561][ T6901] Bluetooth: hci1: Opcode 0x0c1a failed: -4
[  192.893249][ T6901] Bluetooth: hci2: Opcode 0x0c1a failed: -4
[  192.902912][ T6901] Bluetooth: hci3: Opcode 0x0c1a failed: -4
[  192.909163][ T6901] Bluetooth: hci4: Opcode 0x0c1a failed: -4
[  193.120692][   T51] Bluetooth: hci1: command 0x0c1a tx timeout
[  194.391010][   T30] audit: type=1326 audit(1755579749.228:33): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=6972 comm="syz.1.286" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f418f78ebe9 code=0x7ffc0000
[  194.455364][   T30] audit: type=1326 audit(1755579749.228:34): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=6972 comm="syz.1.286" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f418f78ebe9 code=0x7ffc0000
[  194.591089][   T30] audit: type=1326 audit(1755579749.238:35): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=6972 comm="syz.1.286" exe="/root/syz-executor" sig=0 arch=c000003e syscall=157 compat=0 ip=0x7f418f78ebe9 code=0x7ffc0000
[  194.696222][ T1301] ieee802154 phy0 wpan0: encryption failed: -22
[  194.703183][ T1301] ieee802154 phy1 wpan1: encryption failed: -22
[  194.888186][   T30] audit: type=1326 audit(1755579749.238:36): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=6972 comm="syz.1.286" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f418f78ebe9 code=0x7ffc0000
[  194.950586][   T51] Bluetooth: hci4: command 0x0405 tx timeout
[  194.950689][ T5838] Bluetooth: hci3: command 0x0c1a tx timeout
[  194.956725][   T51] Bluetooth: hci2: command 0x0c1a tx timeout
[  196.031091][   T30] audit: type=1326 audit(1755579749.238:37): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=6972 comm="syz.1.286" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f418f78ebe9 code=0x7ffc0000
[  198.533611][ T7006] netlink: 12 bytes leftover after parsing attributes in process `syz.1.295'.
[  200.390841][ T5846] usb 3-1: new high-speed USB device number 3 using dummy_hcd
[  200.530881][ T5846] usb 3-1: device descriptor read/64, error -71
[  200.610164][ T7035] ptrace attach of "./syz-executor exec"[5848] was attempted by "./syz-executor exec"[7035]
[  200.811299][ T5846] usb 3-1: new high-speed USB device number 4 using dummy_hcd
[  200.970756][ T5846] usb 3-1: device descriptor read/64, error -71
[  201.081227][ T5846] usb usb3-port1: attempt power cycle
[  201.420765][ T5846] usb 3-1: new high-speed USB device number 5 using dummy_hcd
[  201.472879][ T5846] usb 3-1: device descriptor read/8, error -71
[  201.772898][ T5846] usb 3-1: new high-speed USB device number 6 using dummy_hcd
[  201.824132][ T5846] usb 3-1: device descriptor read/8, error -71
[  201.982371][ T5846] usb usb3-port1: unable to enumerate USB device
[  207.431632][ T5846] usb 3-1: new high-speed USB device number 7 using dummy_hcd
[  207.564326][ T7097] netlink: 'syz.1.322': attribute type 5 has an invalid length.
[  207.673465][ T5846] usb 3-1: Using ep0 maxpacket: 8
[  207.707769][ T5846] usb 3-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config
[  207.746642][ T5846] usb 3-1: New USB device found, idVendor=046d, idProduct=0892, bcdDevice=6d.2a
[  207.821408][ T5846] usb 3-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  207.976295][ T5846] usb 3-1: config 0 descriptor??
[  208.038611][ T5846] gspca_main: vc032x-2.14.0 probing 046d:0892
[  209.112606][ T5846] gspca_vc032x: reg_r err -71
[  209.121870][ T5846] vc032x 3-1:0.0: probe with driver vc032x failed with error -71
[  209.153193][ T5846] usb 3-1: USB disconnect, device number 7
[  211.090908][ T5949] usb 1-1: new high-speed USB device number 5 using dummy_hcd
[  211.460818][ T5949] usb 1-1: device descriptor read/64, error -71
[  214.268505][ T7180] syzkaller0: entered promiscuous mode
[  214.300888][ T7180] syzkaller0: entered allmulticast mode
[  214.755551][ T7191] kvm: vcpu 2: requested lapic timer restore with starting count register 0x390=1812281087 (231971979136 ns) > initial count (200000 ns). Using initial count to start timer.
[  215.091442][    C0] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog
[  217.893176][ T7224] syzkaller0: entered promiscuous mode
[  217.901417][ T7224] syzkaller0: entered allmulticast mode
[  221.816872][ T7261] netlink: 'syz.0.373': attribute type 3 has an invalid length.
[  221.824773][ T7261] netlink: 199836 bytes leftover after parsing attributes in process `syz.0.373'.
[  225.285729][   T30] audit: type=1326 audit(1755579779.948:38): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=7282 comm="syz.2.384" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f55d898ebe9 code=0x7ffc0000
[  225.881300][ T7288] fuse: Bad value for 'fd'
[  225.886587][   T30] audit: type=1326 audit(1755579780.028:39): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=7282 comm="syz.2.384" exe="/root/syz-executor" sig=0 arch=c000003e syscall=135 compat=0 ip=0x7f55d898ebe9 code=0x7ffc0000
[  225.908513][   T30] audit: type=1326 audit(1755579780.038:40): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=7282 comm="syz.2.384" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f55d898ebe9 code=0x7ffc0000
[  225.936351][   T30] audit: type=1326 audit(1755579780.598:41): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=7282 comm="syz.2.384" exe="/root/syz-executor" sig=0 arch=c000003e syscall=314 compat=0 ip=0x7f55d898ebe9 code=0x7ffc0000
[  225.959664][   T30] audit: type=1326 audit(1755579780.648:42): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=7282 comm="syz.2.384" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f55d898ebe9 code=0x7ffc0000
[  226.187432][   T30] audit: type=1326 audit(1755579780.648:43): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=7282 comm="syz.2.384" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f55d898ebe9 code=0x7ffc0000
[  226.225867][   T30] audit: type=1326 audit(1755579780.888:44): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=7282 comm="syz.2.384" exe="/root/syz-executor" sig=0 arch=c000003e syscall=190 compat=0 ip=0x7f55d898ebe9 code=0x7ffc0000
[  226.319341][   T30] audit: type=1326 audit(1755579780.888:45): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=7282 comm="syz.2.384" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f55d898ebe9 code=0x7ffc0000
[  226.493948][   T30] audit: type=1326 audit(1755579780.888:46): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=7282 comm="syz.2.384" exe="/root/syz-executor" sig=0 arch=c000003e syscall=28 compat=0 ip=0x7f55d898ebe9 code=0x7ffc0000
[  226.528008][ T7298] netlink: 12 bytes leftover after parsing attributes in process `syz.0.385'.
[  227.445662][   T30] audit: type=1326 audit(1755579780.888:47): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=7282 comm="syz.2.384" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f55d898ebe9 code=0x7ffc0000
[  231.452721][ T7331] kvm: vcpu 0: requested lapic timer restore with starting count register 0x390=4262885938 (68206175008 ns) > initial count (38369542160 ns). Using initial count to start timer.
[  233.965210][   T30] kauditd_printk_skb: 25 callbacks suppressed
[  233.965226][   T30] audit: type=1326 audit(1755579788.818:73): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=7354 comm="syz.2.404" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f55d898ebe9 code=0x7ffc0000
[  234.054498][   T30] audit: type=1326 audit(1755579788.818:74): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=7354 comm="syz.2.404" exe="/root/syz-executor" sig=0 arch=c000003e syscall=135 compat=0 ip=0x7f55d898ebe9 code=0x7ffc0000
[  234.102295][   T30] audit: type=1326 audit(1755579788.818:75): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=7354 comm="syz.2.404" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f55d898ebe9 code=0x7ffc0000
[  234.215929][   T30] audit: type=1326 audit(1755579788.818:76): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=7354 comm="syz.2.404" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f55d898ebe9 code=0x7ffc0000
[  234.372131][   T30] audit: type=1326 audit(1755579788.818:77): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=7354 comm="syz.2.404" exe="/root/syz-executor" sig=0 arch=c000003e syscall=314 compat=0 ip=0x7f55d898ebe9 code=0x7ffc0000
[  234.504226][   T30] audit: type=1326 audit(1755579788.818:78): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=7354 comm="syz.2.404" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f55d898ebe9 code=0x7ffc0000
[  234.640081][   T30] audit: type=1326 audit(1755579788.818:79): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=7354 comm="syz.2.404" exe="/root/syz-executor" sig=0 arch=c000003e syscall=1 compat=0 ip=0x7f55d898ebe9 code=0x7ffc0000
[  234.840468][   T30] audit: type=1326 audit(1755579788.818:80): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=7354 comm="syz.2.404" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f55d898ebe9 code=0x7ffc0000
[  236.240909][   T30] audit: type=1326 audit(1755579788.818:81): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=7354 comm="syz.2.404" exe="/root/syz-executor" sig=0 arch=c000003e syscall=190 compat=0 ip=0x7f55d898ebe9 code=0x7ffc0000
[  236.270790][   T30] audit: type=1326 audit(1755579788.818:82): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=7354 comm="syz.2.404" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f55d898ebe9 code=0x7ffc0000
[  239.686085][ T7401] syzkaller0: entered promiscuous mode
[  239.691708][ T7401] syzkaller0: entered allmulticast mode
[  242.121971][ T5956] usb 1-1: new high-speed USB device number 7 using dummy_hcd
[  242.570493][ T7427] kvm: vcpu 0: requested lapic timer restore with starting count register 0x390=4262885938 (68206175008 ns) > initial count (38369542160 ns). Using initial count to start timer.
[  243.762770][ T5956] usb 1-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7
[  243.823493][ T5956] usb 1-1: New USB device found, idVendor=0926, idProduct=3333, bcdDevice= 0.40
[  243.911889][ T5956] usb 1-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  244.005011][ T5956] usb 1-1: config 0 descriptor??
[  244.692528][ T5956] usbhid 1-1:0.0: can't add hid device: -71
[  244.716593][ T5956] usbhid 1-1:0.0: probe with driver usbhid failed with error -71
[  244.765115][ T5956] usb 1-1: USB disconnect, device number 7
[  245.620706][ T5956] usb 1-1: new high-speed USB device number 8 using dummy_hcd
[  246.574197][ T7452] serio: Serial port ptm0
[  247.801037][  T976] usb 2-1: new high-speed USB device number 2 using dummy_hcd
[  247.972545][  T976] usb 2-1: config 0 interface 0 altsetting 0 has an endpoint descriptor with address 0xFF, changing to 0x8F
[  248.025609][  T976] usb 2-1: config 0 interface 0 altsetting 0 endpoint 0x8F has an invalid bInterval 0, changing to 7
[  248.076284][  T976] usb 2-1: config 0 interface 0 altsetting 0 endpoint 0x8F has invalid wMaxPacketSize 0
[  248.106819][  T976] usb 2-1: config 0 interface 0 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 21
[  248.148253][  T976] usb 2-1: New USB device found, idVendor=047f, idProduct=ffff, bcdDevice= 0.00
[  248.187920][  T976] usb 2-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  248.221616][  T976] usb 2-1: config 0 descriptor??
[  248.760734][  T976] plantronics 0003:047F:FFFF.0002: hiddev0,hidraw0: USB HID v0.40 Device [HID 047f:ffff] on usb-dummy_hcd.1-1/input0
[  249.125830][ T5950] usb 2-1: USB disconnect, device number 2
[  249.181889][ T7483] fido_id[7483]: Failed to open report descriptor at '/sys/devices/platform/dummy_hcd.1/usb2/2-1/report_descriptor': No such file or directory
[  249.887737][ T7487] netlink: 'syz.2.438': attribute type 3 has an invalid length.
[  249.895851][ T7487] netlink: 199836 bytes leftover after parsing attributes in process `syz.2.438'.
[  250.234966][ T7488] kvm: vcpu 0: requested lapic timer restore with starting count register 0x390=4262885938 (68206175008 ns) > initial count (38369542160 ns). Using initial count to start timer.
[  256.064711][ T1301] ieee802154 phy0 wpan0: encryption failed: -22
[  256.071403][ T1301] ieee802154 phy1 wpan1: encryption failed: -22
[  268.186557][ T7658] syzkaller0: entered promiscuous mode
[  268.689120][ T7658] syzkaller0: entered allmulticast mode
[  268.730911][ T5889] usb 3-1: new full-speed USB device number 8 using dummy_hcd
[  268.832019][ T7661] kvm: vcpu 2: requested lapic timer restore with starting count register 0x390=1812281087 (231971979136 ns) > initial count (200000 ns). Using initial count to start timer.
[  268.888819][ T5889] usb 3-1: config 7 has an invalid interface number: 101 but max is 0
[  268.911022][ T5889] usb 3-1: config 7 has no interface number 0
[  268.932690][ T5889] usb 3-1: New USB device found, idVendor=0fd9, idProduct=002c, bcdDevice= 6.6b
[  268.942964][ T5889] usb 3-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  269.004842][ T5889] usb 3-1: Product: syz
[  269.020550][ T5889] usb 3-1: Manufacturer: syz
[  269.055823][ T5889] usb 3-1: SerialNumber: syz
[  269.287494][ T5889] as10x_usb: device has been detected
[  269.293961][ T5889] dvbdev: DVB: registering new adapter (Elgato EyeTV DTT Deluxe)
[  269.329326][ T5889] usb 3-1: DVB: registering adapter 1 frontend 0 (Elgato EyeTV DTT Deluxe)...
[  269.358782][ T5889] as10x_usb: error during firmware upload part1
[  269.434893][ T5889] Registered device Elgato EyeTV DTT Deluxe
[  269.475081][ T5889] usb 3-1: USB disconnect, device number 8
[  270.077622][ T5889] Unregistered device Elgato EyeTV DTT Deluxe
[  270.091629][ T5889] as10x_usb: device has been disconnected
[  270.104342][ T7028] udevd[7028]: setting mode of /dev/aton2-0 to 020600 failed: No such file or directory
[  270.151085][ T7028] udevd[7028]: setting owner of /dev/aton2-0 to uid=0, gid=0 failed: No such file or directory
[  272.106763][   T30] kauditd_printk_skb: 27 callbacks suppressed
[  272.106779][   T30] audit: type=1326 audit(1755579826.948:110): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=7686 comm="syz.4.502" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f1a5a78ebe9 code=0x7ffc0000
[  272.287526][   T30] audit: type=1326 audit(1755579826.948:111): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=7686 comm="syz.4.502" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f1a5a78ebe9 code=0x7ffc0000
[  272.352503][   T30] audit: type=1326 audit(1755579826.948:112): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=7686 comm="syz.4.502" exe="/root/syz-executor" sig=0 arch=c000003e syscall=135 compat=0 ip=0x7f1a5a78ebe9 code=0x7ffc0000
[  272.437623][   T30] audit: type=1326 audit(1755579826.948:113): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=7686 comm="syz.4.502" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f1a5a78ebe9 code=0x7ffc0000
[  272.553679][   T30] audit: type=1326 audit(1755579826.948:114): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=7686 comm="syz.4.502" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f1a5a78ebe9 code=0x7ffc0000
[  273.511082][   T30] audit: type=1326 audit(1755579826.948:115): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=7686 comm="syz.4.502" exe="/root/syz-executor" sig=0 arch=c000003e syscall=314 compat=0 ip=0x7f1a5a78ebe9 code=0x7ffc0000
[  273.693908][   T30] audit: type=1326 audit(1755579826.948:116): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=7686 comm="syz.4.502" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f1a5a78ebe9 code=0x7ffc0000
[  273.859553][ T7710] kvm: vcpu 2: requested lapic timer restore with starting count register 0x390=1812281087 (231971979136 ns) > initial count (200000 ns). Using initial count to start timer.
[  273.903160][   T30] audit: type=1326 audit(1755579826.948:117): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=7686 comm="syz.4.502" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f1a5a78ebe9 code=0x7ffc0000
[  274.168587][   T30] audit: type=1326 audit(1755579826.948:118): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=7686 comm="syz.4.502" exe="/root/syz-executor" sig=0 arch=c000003e syscall=1 compat=0 ip=0x7f1a5a78ebe9 code=0x7ffc0000
[  274.270697][ T5956] usb 1-1: new high-speed USB device number 9 using dummy_hcd
[  274.291949][   T30] audit: type=1326 audit(1755579826.948:119): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=7686 comm="syz.4.502" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f1a5a78ebe9 code=0x7ffc0000
[  274.471547][ T5956] usb 1-1: Using ep0 maxpacket: 32
[  274.507639][ T5956] usb 1-1: config 0 has an invalid interface number: 89 but max is 0
[  274.517258][ T5956] usb 1-1: config 0 has no interface number 0
[  274.672133][ T5956] usb 1-1: config 0 interface 89 has no altsetting 0
[  274.720849][ T5956] usb 1-1: New USB device found, idVendor=0ccd, idProduct=10af, bcdDevice=38.4e
[  274.730107][ T5956] usb 1-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  275.694371][ T5956] usb 1-1: Product: syz
[  275.700687][ T5956] usb 1-1: Manufacturer: syz
[  275.720809][ T5956] usb 1-1: SerialNumber: syz
[  275.773353][ T5956] usb 1-1: config 0 descriptor??
[  275.823514][ T5956] em28xx 1-1:0.89: New device syz syz @ 480 Mbps (0ccd:10af, interface 89, class 89)
[  275.838585][ T7726] ucma_write: process 342 (syz.2.511) changed security contexts after opening file descriptor, this is not allowed.
[  275.867829][ T5956] em28xx 1-1:0.89: Video interface 89 found: bulk
[  276.444110][ T5956] em28xx 1-1:0.89: unknown em28xx chip ID (0)
[  278.951527][   T30] kauditd_printk_skb: 19 callbacks suppressed
[  278.951548][   T30] audit: type=1800 audit(1755579833.468:139): pid=7751 uid=0 auid=4294967295 ses=4294967295 subj=_ op=collect_data cause=failed comm="syz.2.516" name="SYSV00000000" dev="tmpfs" ino=0 res=0 errno=0
[  280.776642][ T5956] em28xx 1-1:0.89: reading from i2c device at 0xa0 failed (error=-5)
[  280.791198][ T5956] em28xx 1-1:0.89: board has no eeprom
[  280.984444][ T5956] em28xx 1-1:0.89: Identified as Terratec Grabby (card=67)
[  280.999942][ T5956] em28xx 1-1:0.89: analog set to bulk mode.
[  281.006761][ T5846] em28xx 1-1:0.89: Registering V4L2 extension
[  281.107699][ T5956] usb 1-1: USB disconnect, device number 9
[  281.148279][ T5956] em28xx 1-1:0.89: Disconnecting em28xx
[  281.272706][ T5846] em28xx 1-1:0.89: Config register raw data: 0xffffffed
[  281.740780][ T5846] em28xx 1-1:0.89: AC97 chip type couldn't be determined
[  281.748283][ T5846] em28xx 1-1:0.89: No AC97 audio processor
[  281.795854][ T5846] usb 1-1: Decoder not found
[  281.800536][ T5846] em28xx 1-1:0.89: failed to create media graph
[  281.813370][ T5846] em28xx 1-1:0.89: V4L2 device video103 deregistered
[  281.828589][ T5846] em28xx 1-1:0.89: Registering snapshot button...
[  281.840091][ T5846] input: em28xx snapshot button as /devices/platform/dummy_hcd.0/usb1/1-1/1-1:0.89/input/input7
[  281.857813][ T5846] em28xx 1-1:0.89: Remote control support is not available for this card.
[  281.867282][ T5956] em28xx 1-1:0.89: Closing input extension
[  281.879801][ T5956] em28xx 1-1:0.89: Deregistering snapshot button
[  282.117551][ T5956] em28xx 1-1:0.89: Freeing device
[  283.470844][ T5889] usb 5-1: new full-speed USB device number 10 using dummy_hcd
[  283.738357][ T5889] usb 5-1: unable to get BOS descriptor or descriptor too short
[  283.747302][ T5889] usb 5-1: not running at top speed; connect to a high speed hub
[  283.759324][ T5889] usb 5-1: config 1 has an invalid interface number: 130 but max is 0
[  283.768459][ T5889] usb 5-1: config 1 has no interface number 0
[  283.777400][ T5889] usb 5-1: config 1 interface 130 altsetting 3 endpoint 0x1 has invalid maxpacket 512, setting to 64
[  283.810035][ T5889] usb 5-1: config 1 interface 130 has no altsetting 0
[  283.874992][ T5889] usb 5-1: New USB device found, idVendor=1044, idProduct=7001, bcdDevice=84.ac
[  283.902655][ T5889] usb 5-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  284.004205][ T5889] usb 5-1: Product: syz
[  284.017056][ T5889] usb 5-1: Manufacturer: syz
[  284.030629][ T5889] usb 5-1: SerialNumber: syz
[  284.056653][ T7785] raw-gadget.0 gadget.4: fail, usb_ep_enable returned -22
[  284.428664][ T5889] dvb-usb: found a 'Gigabyte U7000' in cold state, will try to load a firmware
[  285.621597][ T5950] hid-generic 0000:0000:0000.0003: unknown main item tag 0x0
[  285.643002][ T5950] hid-generic 0000:0000:0000.0003: hidraw0: <UNKNOWN> HID v0.00 Device [syz1] on syz0
[  285.672679][ T5889] dvb-usb: downloading firmware from file 'dvb-usb-dib0700-1.20.fw'
[  285.697973][ T5889] dib0700: firmware download failed at 7 with -71
[  285.763002][ T5889] usb 5-1: USB disconnect, device number 10
[  285.953867][ T7805] snd_dummy snd_dummy.0: control 0:0:0:syz0:0 is already present
[  286.195971][ T7800] fido_id[7800]: Failed to open report descriptor at '/sys/devices/virtual/misc/uhid/report_descriptor': No such file or directory
[  286.719205][ T7807] block device autoloading is deprecated and will be removed.
[  286.900928][ T5889] usb 2-1: new high-speed USB device number 3 using dummy_hcd
[  286.935707][ T7816] delete_channel: no stack
[  287.090729][ T5889] usb 2-1: Using ep0 maxpacket: 16
[  287.106360][ T5889] usb 2-1: New USB device found, idVendor=17ef, idProduct=721e, bcdDevice=de.06
[  287.116045][ T5889] usb 2-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  287.136908][ T5889] usb 2-1: Product: syz
[  287.143928][ T5889] usb 2-1: Manufacturer: syz
[  287.149054][ T5889] usb 2-1: SerialNumber: syz
[  287.180320][ T5889] r8152-cfgselector 2-1: Unknown version 0x0000
[  287.192763][ T5889] r8152-cfgselector 2-1: config 0 descriptor??
[  287.201279][  T976] usb 1-1: new high-speed USB device number 10 using dummy_hcd
[  287.212253][ T7822] tipc: Enabling of bearer <eth:syzkall> rejected, failed to enable media
[  287.262191][ T7822] syzkaller0: entered promiscuous mode
[  287.267751][ T7822] syzkaller0: entered allmulticast mode
[  287.381673][  T976] usb 1-1: config index 0 descriptor too short (expected 23569, got 27)
[  287.407058][  T976] usb 1-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0
[  287.426199][ T2155] usb 5-1: new high-speed USB device number 11 using dummy_hcd
[  287.695862][  T976] usb 1-1: New USB device found, idVendor=03eb, idProduct=0002, bcdDevice=ba.c0
[  287.748689][  T976] usb 1-1: New USB device strings: Mfr=5, Product=0, SerialNumber=0
[  288.129683][ T7828] =======================================================
[  288.129683][ T7828] WARNING: The mand mount option has been deprecated and
[  288.129683][ T7828]          and is ignored by this kernel. Remove the mand
[  288.129683][ T7828]          option from the mount to silence this warning.
[  288.129683][ T7828] =======================================================
[  288.774935][  T976] usb 1-1: Manufacturer: syz
[  288.982488][ T2155] usb 5-1: New USB device found, idVendor=1a86, idProduct=7522, bcdDevice=35.36
[  289.038899][ T2155] usb 5-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  289.070752][  T976] usb 1-1: config 0 descriptor??
[  289.100474][ T2155] usb 5-1: Product: syz
[  289.113601][ T2155] usb 5-1: Manufacturer: syz
[  289.138264][ T2155] usb 5-1: SerialNumber: syz
[  289.238910][  T976] rc_core: IR keymap rc-hauppauge not found
[  289.249001][ T2155] usb 5-1: config 0 descriptor??
[  289.255665][  T976] Registered IR keymap rc-empty
[  289.277934][ T2155] ch341 5-1:0.0: ch341-uart converter detected
[  289.278107][  T976] rc rc0: IgorPlug-USB IR Receiver as /devices/platform/dummy_hcd.0/usb1/1-1/1-1:0.0/rc/rc0
[  289.368252][  T976] input: IgorPlug-USB IR Receiver as /devices/platform/dummy_hcd.0/usb1/1-1/1-1:0.0/rc/rc0/input8
[  289.419629][ T7835] syzkaller0: entered promiscuous mode
[  289.425996][ T7835] syzkaller0: entered allmulticast mode
[  289.665027][    C0] igorplugusb 1-1:0.0: receive overflow, at least 26 lost
[  289.897895][ T2155] usb 5-1: failed to send control message: -71
[  289.912972][  T976] usb 1-1: USB disconnect, device number 10
[  290.076201][ T2155] ch341-uart ttyUSB0: probe with driver ch341-uart failed with error -71
[  290.096954][ T2155] usb 5-1: USB disconnect, device number 11
[  290.109249][ T2155] ch341 5-1:0.0: device disconnected
[  290.115889][ T5889] r8152-cfgselector 2-1: Unknown version 0x0000
[  290.151385][ T5889] r8152-cfgselector 2-1: bad CDC descriptors
[  290.264430][ T5889] r8152-cfgselector 2-1: USB disconnect, device number 3
[  290.395809][ T7844] iommufd_mock iommufd_mock0: Adding to iommu group 0
[  291.110705][ T2155] usb 4-1: new high-speed USB device number 5 using dummy_hcd
[  291.370699][ T2155] usb 4-1: Using ep0 maxpacket: 32
[  291.387528][ T2155] usb 4-1: config 0 has an invalid interface number: 89 but max is 0
[  291.399460][ T2155] usb 4-1: config 0 has no interface number 0
[  291.428271][ T2155] usb 4-1: config 0 interface 89 has no altsetting 0
[  291.552537][ T2155] usb 4-1: New USB device found, idVendor=0ccd, idProduct=10af, bcdDevice=38.4e
[  291.670400][ T2155] usb 4-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  291.770497][ T2155] usb 4-1: Product: syz
[  291.781042][ T2155] usb 4-1: Manufacturer: syz
[  291.797882][ T2155] usb 4-1: SerialNumber: syz
[  291.844575][ T2155] usb 4-1: config 0 descriptor??
[  291.886594][ T2155] em28xx 4-1:0.89: New device syz syz @ 480 Mbps (0ccd:10af, interface 89, class 89)
[  291.950360][ T2155] em28xx 4-1:0.89: Video interface 89 found: bulk
[  292.152912][ T2155] em28xx 4-1:0.89: unknown em28xx chip ID (0)
[  292.280759][ T2155] em28xx 4-1:0.89: reading from i2c device at 0xa0 failed (error=-5)
[  292.320712][ T2155] em28xx 4-1:0.89: board has no eeprom
[  292.424105][ T2155] em28xx 4-1:0.89: Identified as Terratec Grabby (card=67)
[  292.473813][ T2155] em28xx 4-1:0.89: analog set to bulk mode.
[  292.479811][ T5846] em28xx 4-1:0.89: Registering V4L2 extension
[  292.593752][ T2155] usb 4-1: USB disconnect, device number 5
[  292.663742][ T2155] em28xx 4-1:0.89: Disconnecting em28xx
[  292.830805][ T5846] em28xx 4-1:0.89: Config register raw data: 0xffffffed
[  292.860698][ T5846] em28xx 4-1:0.89: AC97 chip type couldn't be determined
[  292.898546][ T5846] em28xx 4-1:0.89: No AC97 audio processor
[  292.971102][ T5846] usb 4-1: Decoder not found
[  292.979386][ T5846] em28xx 4-1:0.89: failed to create media graph
[  292.986547][ T5846] em28xx 4-1:0.89: V4L2 device video103 deregistered
[  293.002401][ T5846] em28xx 4-1:0.89: Registering snapshot button...
[  293.015204][ T5846] input: em28xx snapshot button as /devices/platform/dummy_hcd.3/usb4/4-1/4-1:0.89/input/input9
[  293.139804][ T5846] em28xx 4-1:0.89: Remote control support is not available for this card.
[  293.185753][ T2155] em28xx 4-1:0.89: Closing input extension
[  293.195670][ T2155] em28xx 4-1:0.89: Deregistering snapshot button
[  293.357155][ T2155] em28xx 4-1:0.89: Freeing device
[  294.310991][ T7882] fuse: Unknown parameter 'user_i00000000000000000000'
[  294.462189][   T51] Bluetooth: hci2: Unknown advertising packet type: 0x7f
[  294.462292][   T51] Bluetooth: hci2: Unknown advertising packet type: 0x72
[  294.470358][   T51] Bluetooth: hci2: Malformed LE Event: 0x0d
[  294.528411][ T7886] netlink: 4 bytes leftover after parsing attributes in process `syz.1.558'.
[  297.276617][ T7898] sctp: [Deprecated]: syz.0.562 (pid 7898) Use of int in max_burst socket option deprecated.
[  297.276617][ T7898] Use struct sctp_assoc_value instead
[  298.179980][ T7910] tipc: Enabling of bearer <eth:syzkall> rejected, failed to enable media
[  298.227378][ T7909] syzkaller0: entered promiscuous mode
[  298.483836][ T7917] sd 0:0:1:0: device reset
[  298.610806][ T7909] syzkaller0: entered allmulticast mode
[  300.552455][ T7934] netlink: 12 bytes leftover after parsing attributes in process `syz.3.573'.
[  302.899543][ T7962] netlink: 4 bytes leftover after parsing attributes in process `syz.0.580'.
[  302.933385][ T7959] syz_tun: entered allmulticast mode
[  303.040361][ T7962] syz_tun (unregistering): left allmulticast mode
[  309.667461][ T5846] usb 3-1: new high-speed USB device number 9 using dummy_hcd
[  310.311269][ T5846] usb 3-1: Using ep0 maxpacket: 32
[  310.324114][ T5846] usb 3-1: config 0 has an invalid interface number: 89 but max is 0
[  310.364405][ T5846] usb 3-1: config 0 has no interface number 0
[  310.390665][ T5846] usb 3-1: config 0 interface 89 has no altsetting 0
[  310.421420][ T5846] usb 3-1: New USB device found, idVendor=0ccd, idProduct=10af, bcdDevice=38.4e
[  310.465828][ T5846] usb 3-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  310.498577][ T5846] usb 3-1: Product: syz
[  310.507945][ T5846] usb 3-1: Manufacturer: syz
[  310.518985][ T5846] usb 3-1: SerialNumber: syz
[  310.572844][ T5846] usb 3-1: config 0 descriptor??
[  310.622061][ T5846] em28xx 3-1:0.89: New device syz syz @ 480 Mbps (0ccd:10af, interface 89, class 89)
[  310.658151][ T5846] em28xx 3-1:0.89: Video interface 89 found: bulk
[  310.891126][ T5846] em28xx 3-1:0.89: unknown em28xx chip ID (0)
[  311.490996][ T5840] Bluetooth: hci3: unexpected event for opcode 0x2006
[  311.531212][ T5846] em28xx 3-1:0.89: reading from i2c device at 0xa0 failed (error=-5)
[  311.539675][ T5846] em28xx 3-1:0.89: board has no eeprom
[  311.626995][ T5846] em28xx 3-1:0.89: Identified as Terratec Grabby (card=67)
[  311.634683][ T5846] em28xx 3-1:0.89: analog set to bulk mode.
[  311.644938][ T5956] em28xx 3-1:0.89: Registering V4L2 extension
[  311.666732][ T5846] usb 3-1: USB disconnect, device number 9
[  311.702438][ T5846] em28xx 3-1:0.89: Disconnecting em28xx
[  311.833375][ T5956] em28xx 3-1:0.89: Config register raw data: 0xffffffed
[  311.870662][ T5956] em28xx 3-1:0.89: AC97 chip type couldn't be determined
[  311.920655][ T5956] em28xx 3-1:0.89: No AC97 audio processor
[  312.544062][   T51] Bluetooth: hci5: Opcode 0x1003 failed: -110
[  312.881767][ T5956] usb 3-1: Decoder not found
[  312.886459][ T5956] em28xx 3-1:0.89: failed to create media graph
[  312.896541][ T5956] em28xx 3-1:0.89: V4L2 device video103 deregistered
[  312.905318][ T5956] em28xx 3-1:0.89: Registering snapshot button...
[  312.913702][ T5956] input: em28xx snapshot button as /devices/platform/dummy_hcd.2/usb3/3-1/3-1:0.89/input/input10
[  312.927187][ T5956] em28xx 3-1:0.89: Remote control support is not available for this card.
[  312.935942][ T5846] em28xx 3-1:0.89: Closing input extension
[  312.941921][ T5846] em28xx 3-1:0.89: Deregistering snapshot button
[  313.002073][ T5846] em28xx 3-1:0.89: Freeing device
[  317.521097][ T1301] ieee802154 phy0 wpan0: encryption failed: -22
[  317.530443][ T1301] ieee802154 phy1 wpan1: encryption failed: -22
[  318.396270][ T8083] netlink: 28 bytes leftover after parsing attributes in process `syz.1.616'.
[  318.620388][ T8075] netlink: 'syz.2.614': attribute type 21 has an invalid length.
[  318.670853][ T5950] usb 2-1: new high-speed USB device number 4 using dummy_hcd
[  318.681610][ T8089] netlink: 4388 bytes leftover after parsing attributes in process `syz.0.618'.
[  318.944416][ T8091] netlink: 12 bytes leftover after parsing attributes in process `syz.4.617'.
[  319.020959][ T5950] usb 2-1: Using ep0 maxpacket: 32
[  319.088454][ T5950] usb 2-1: config 0 has an invalid interface number: 184 but max is 0
[  319.140792][ T5950] usb 2-1: config 0 has no interface number 0
[  319.486130][ T5950] usb 2-1: config 0 interface 184 has no altsetting 0
[  319.625497][ T5950] usb 2-1: New USB device found, idVendor=0424, idProduct=7500, bcdDevice=69.ee
[  319.635756][ T5950] usb 2-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  319.647276][ T5950] usb 2-1: Product: syz
[  319.714142][ T5950] usb 2-1: Manufacturer: syz
[  319.719377][ T5950] usb 2-1: SerialNumber: syz
[  319.807867][ T5950] usb 2-1: config 0 descriptor??
[  319.891718][ T5950] smsc75xx v1.0.0
[  319.920815][ T5950] smsc75xx 2-1:0.184 (unnamed net_device) (uninitialized): usbnet_get_endpoints failed: -22
[  319.961036][ T5950] smsc75xx 2-1:0.184: probe with driver smsc75xx failed with error -22
[  322.384532][ T5889] usb 2-1: USB disconnect, device number 4
[  327.710191][ T8163] syzkaller0: entered promiscuous mode
[  327.716022][ T8163] syzkaller0: entered allmulticast mode
[  327.813792][ T8167] netlink: 28 bytes leftover after parsing attributes in process `syz.0.639'.
[  328.160920][ T2155] usb 1-1: new high-speed USB device number 11 using dummy_hcd
[  328.374133][ T2155] usb 1-1: Using ep0 maxpacket: 32
[  328.636650][ T2155] usb 1-1: config 0 has an invalid interface number: 184 but max is 0
[  328.670705][ T2155] usb 1-1: config 0 has no interface number 0
[  328.716943][ T2155] usb 1-1: config 0 interface 184 has no altsetting 0
[  329.618887][ T2155] usb 1-1: New USB device found, idVendor=0424, idProduct=7500, bcdDevice=69.ee
[  329.768130][ T2155] usb 1-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  329.776440][ T2155] usb 1-1: Product: syz
[  329.780760][ T2155] usb 1-1: Manufacturer: syz
[  329.786478][ T2155] usb 1-1: SerialNumber: syz
[  329.794498][ T2155] usb 1-1: config 0 descriptor??
[  330.767353][ T2155] smsc75xx v1.0.0
[  330.772103][ T2155] smsc75xx 1-1:0.184 (unnamed net_device) (uninitialized): usbnet_get_endpoints failed: -22
[  330.830968][ T2155] smsc75xx 1-1:0.184: probe with driver smsc75xx failed with error -22
[  331.165472][ T8193] use of bytesused == 0 is deprecated and will be removed in the future,
[  331.174367][ T8193] use the actual size instead.
[  333.438347][ T8197] ptrace attach of "./syz-executor exec"[5845] was attempted by "./syz-executor exec"[8197]
[  333.900739][  T976] usb 1-1: USB disconnect, device number 11
[  337.768013][ T8242] vivid-000: disconnect
[  337.973004][    C0] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog
[  338.001659][ T8236] vivid-000: reconnect
[  341.940459][ T1161] netdevsim netdevsim3 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  342.143998][ T1161] netdevsim netdevsim3 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  342.272862][ T1161] netdevsim netdevsim3 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  342.841513][ T8273] UDPLite6: UDP-Lite is deprecated and scheduled to be removed in 2025, please contact the netdev mailing list
[  342.944054][ T1161] netdevsim netdevsim3 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  344.730333][ T1161] bridge_slave_1: left allmulticast mode
[  345.032638][ T1161] bridge_slave_1: left promiscuous mode
[  345.039664][ T1161] bridge0: port 2(bridge_slave_1) entered disabled state
[  345.208094][ T1161] bridge_slave_0: left allmulticast mode
[  345.228678][ T1161] bridge_slave_0: left promiscuous mode
[  345.748408][ T1161] bridge0: port 1(bridge_slave_0) entered disabled state
[  345.779292][ T8303] netlink: 4388 bytes leftover after parsing attributes in process `syz.0.681'.
[  345.902615][   T51] Bluetooth: hci3: unexpected cc 0x0c03 length: 249 > 1
[  345.912160][   T51] Bluetooth: hci3: unexpected cc 0x1003 length: 249 > 9
[  345.937235][   T51] Bluetooth: hci3: unexpected cc 0x1001 length: 249 > 9
[  345.952348][   T51] Bluetooth: hci3: unexpected cc 0x0c23 length: 249 > 4
[  345.966398][   T51] Bluetooth: hci3: unexpected cc 0x0c38 length: 249 > 2
[  346.887269][ T8313] netlink: 'syz.4.684': attribute type 21 has an invalid length.
[  347.633711][ T1161] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface
[  347.669128][ T1161] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface
[  347.695191][ T1161] bond0 (unregistering): Released all slaves
[  348.050712][ T5840] Bluetooth: hci3: command tx timeout
[  353.299440][ T5840] Bluetooth: hci3: command tx timeout
[  354.618801][ T8348] kvm: vcpu 2: requested lapic timer restore with starting count register 0x390=1812281087 (231971979136 ns) > initial count (200000 ns). Using initial count to start timer.
[  355.330945][ T5840] Bluetooth: hci3: command tx timeout
[  355.844749][ T8369] netlink: 4388 bytes leftover after parsing attributes in process `syz.1.694'.
[  356.015935][ T1161] hsr_slave_0: left promiscuous mode
[  356.057976][ T1161] hsr_slave_1: left promiscuous mode
[  356.081745][ T1161] batman_adv: batadv0: Interface deactivated: batadv_slave_0
[  356.120305][ T1161] batman_adv: batadv0: Removing interface: batadv_slave_0
[  356.197621][ T1161] batman_adv: batadv0: Interface deactivated: batadv_slave_1
[  356.239324][ T1161] batman_adv: batadv0: Removing interface: batadv_slave_1
[  356.402805][ T1161] veth1_macvtap: left promiscuous mode
[  356.433775][ T1161] veth0_macvtap: left promiscuous mode
[  356.446708][ T1161] veth1_vlan: left promiscuous mode
[  356.457510][ T1161] veth0_vlan: left promiscuous mode
[  357.410651][ T5840] Bluetooth: hci3: command tx timeout
[  360.004441][ T8409] overlayfs: option "workdir=./bus" is useless in a non-upper mount, ignore
[  360.013857][ T8409] overlayfs: at least 2 lowerdir are needed while upperdir nonexistent
[  361.433567][ T8426] netlink: 4388 bytes leftover after parsing attributes in process `syz.2.712'.
[  361.964807][ T8431] netlink: 'syz.1.713': attribute type 3 has an invalid length.
[  361.972813][ T8431] netlink: 199836 bytes leftover after parsing attributes in process `syz.1.713'.
[  364.076426][ T1161] team0 (unregistering): Port device team_slave_1 removed
[  365.241259][ T1161] team0 (unregistering): Port device team_slave_0 removed
[  369.123887][ T8485] netlink: 4388 bytes leftover after parsing attributes in process `syz.1.726'.
[  369.366498][ T8306] chnl_net:caif_netlink_parms(): no params data found
[  371.124135][ T8306] bridge0: port 1(bridge_slave_0) entered blocking state
[  371.210474][ T8306] bridge0: port 1(bridge_slave_0) entered disabled state
[  371.854026][ T8306] bridge_slave_0: entered allmulticast mode
[  371.874031][ T8306] bridge_slave_0: entered promiscuous mode
[  371.910349][ T8306] bridge0: port 2(bridge_slave_1) entered blocking state
[  371.951013][ T8306] bridge0: port 2(bridge_slave_1) entered disabled state
[  371.958429][ T8306] bridge_slave_1: entered allmulticast mode
[  372.001482][ T8306] bridge_slave_1: entered promiscuous mode
[  372.205009][ T8527] netlink: 'syz.1.736': attribute type 3 has an invalid length.
[  372.212934][ T8527] netlink: 199836 bytes leftover after parsing attributes in process `syz.1.736'.
[  372.477823][ T2155] hid-generic 0000:0000:0000.0004: unknown main item tag 0x0
[  372.525614][ T2155] hid-generic 0000:0000:0000.0004: hidraw0: <UNKNOWN> HID v0.00 Device [syz1] on syz0
[  373.674747][ T8306] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link
[  373.804368][ T8306] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link
[  374.201733][ T8306] team0: Port device team_slave_0 added
[  374.226517][ T8547] netlink: 'syz.1.739': attribute type 21 has an invalid length.
[  374.992198][ T8306] team0: Port device team_slave_1 added
[  375.105667][ T8306] batman_adv: batadv0: Adding interface: batadv_slave_0
[  375.114905][ T8306] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[  375.155239][ T8306] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active
[  375.179224][ T8306] batman_adv: batadv0: Adding interface: batadv_slave_1
[  375.230758][ T8306] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[  375.418630][ T8306] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active
[  375.511260][ T8559] vivid-000: disconnect
[  375.555518][ T8557] vivid-000: reconnect
[  375.729171][ T8306] hsr_slave_0: entered promiscuous mode
[  375.745850][ T8306] hsr_slave_1: entered promiscuous mode
[  375.763908][ T8306] debugfs: Directory 'hsr0' with parent 'hsr' already present!
[  375.810768][ T8306] Cannot create hsr debugfs directory
[  377.326337][ T8582] sd 0:0:1:0: device reset
[  379.361813][ T1301] ieee802154 phy0 wpan0: encryption failed: -22
[  379.368372][ T1301] ieee802154 phy1 wpan1: encryption failed: -22
[  379.709658][ T8306] netdevsim netdevsim5 netdevsim0: renamed from eth0
[  379.726108][ T8306] netdevsim netdevsim5 netdevsim1: renamed from eth1
[  379.767005][ T8306] netdevsim netdevsim5 netdevsim2: renamed from eth2
[  380.383693][ T8306] netdevsim netdevsim5 netdevsim3: renamed from eth3
[  381.425805][  T976] hid-generic 0000:0000:0000.0005: unknown main item tag 0x0
[  382.732088][  T976] hid-generic 0000:0000:0000.0005: hidraw0: <UNKNOWN> HID v0.00 Device [syz1] on syz0
[  383.342374][ T8639] netlink: 'syz.1.756': attribute type 21 has an invalid length.
[  383.389112][ T8306] 8021q: adding VLAN 0 to HW filter on device bond0
[  383.564503][ T8306] 8021q: adding VLAN 0 to HW filter on device team0
[  383.966033][ T7607] bridge0: port 1(bridge_slave_0) entered blocking state
[  383.973471][ T7607] bridge0: port 1(bridge_slave_0) entered forwarding state
[  384.050612][ T1155] bridge0: port 2(bridge_slave_1) entered blocking state
[  384.057992][ T1155] bridge0: port 2(bridge_slave_1) entered forwarding state
[  384.463488][ T8306] hsr0: Slave B (hsr_slave_1) is not up; please bring it up to get a fully working HSR network
[  384.975717][ T8663] trusted_key: syz.4.760 sent an empty control message without MSG_MORE.
[  386.133874][ T8306] 8021q: adding VLAN 0 to HW filter on device batadv0
[  388.105394][ T8306] veth0_vlan: entered promiscuous mode
[  388.160415][ T8306] veth1_vlan: entered promiscuous mode
[  388.404405][ T8306] veth0_macvtap: entered promiscuous mode
[  388.452553][ T8306] veth1_macvtap: entered promiscuous mode
[  388.554830][ T8306] batman_adv: batadv0: Interface activated: batadv_slave_0
[  388.642766][ T8306] batman_adv: batadv0: Interface activated: batadv_slave_1
[  388.698260][ T8306] netdevsim netdevsim5 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0
[  388.746075][ T8306] netdevsim netdevsim5 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0
[  388.756821][ T8306] netdevsim netdevsim5 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0
[  388.773193][ T8306] netdevsim netdevsim5 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0
[  389.663735][   T36] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[  389.749573][   T36] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50
[  390.021872][ T7607] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[  390.773792][ T7607] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50
[  391.162130][ T8739] netlink: 4388 bytes leftover after parsing attributes in process `syz.4.772'.
[  392.213809][ T8756] sp0: Synchronizing with TNC
[  392.443403][ T8750] iommufd_mock iommufd_mock0: Adding to iommu group 0
[  393.574517][ T8771] overlayfs: failed to resolve './file0': -2
[  393.971077][ T8768] bridge0: port 2(bridge_slave_1) entered disabled state
[  393.980021][ T8768] bridge0: port 1(bridge_slave_0) entered disabled state
[  394.637347][ T8788] netlink: 12 bytes leftover after parsing attributes in process `syz.1.782'.
[  394.982593][ T8790] netlink: 87 bytes leftover after parsing attributes in process `syz.4.783'.
[  396.150849][ T8768] batman_adv: batadv0: Interface deactivated: batadv_slave_0
[  396.325975][ T8768] batman_adv: batadv0: Interface deactivated: batadv_slave_1
[  397.799703][ T8768] netdevsim netdevsim5 netdevsim0: unset [1, 0] type 2 family 0 port 6081 - 0
[  397.810064][ T8768] netdevsim netdevsim5 netdevsim1: unset [1, 0] type 2 family 0 port 6081 - 0
[  397.820233][ T8768] netdevsim netdevsim5 netdevsim2: unset [1, 0] type 2 family 0 port 6081 - 0
[  397.830633][ T8768] netdevsim netdevsim5 netdevsim3: unset [1, 0] type 2 family 0 port 6081 - 0
[  399.229460][ T2155] hid-generic 0000:0000:0000.0006: unknown main item tag 0x0
[  399.526170][ T2155] hid-generic 0000:0000:0000.0006: hidraw0: <UNKNOWN> HID v0.00 Device [syz1] on syz0
[  400.474721][ T8831] fido_id[8831]: Failed to open report descriptor at '/sys/devices/virtual/misc/uhid/report_descriptor': No such file or directory
[  401.533512][ T8837] overlayfs: failed to resolve './file0': -2
[  404.799532][ T8879] netlink: 4388 bytes leftover after parsing attributes in process `syz.0.802'.
[  405.201203][ T8861] Bluetooth: hci0: Opcode 0x0c1a failed: -4
[  405.216459][ T8861] Bluetooth: hci1: Opcode 0x0c1a failed: -4
[  405.235837][ T8861] Bluetooth: hci2: Opcode 0x0c1a failed: -4
[  405.315469][ T8861] Bluetooth: hci4: Opcode 0x0c1a failed: -4
[  405.325550][ T8861] Bluetooth: hci3: Opcode 0x0c1a failed: -4
[  405.449843][ T8861] Bluetooth: hci3: Opcode 0x0406 failed: -4
[  405.468970][ T8861] Bluetooth: hci3: Opcode 0x0406 failed: -4
[  407.331373][ T5840] Bluetooth: hci2: command 0x0c1a tx timeout
[  407.339722][ T5840] Bluetooth: hci1: command 0x0c1a tx timeout
[  407.346073][ T5156] Bluetooth: hci0: command 0x0c1a tx timeout
[  407.550959][ T5156] Bluetooth: hci3: command 0x0405 tx timeout
[  407.557161][ T5840] Bluetooth: hci4: command 0x0405 tx timeout
[  408.144881][ T8918] overlayfs: failed to resolve './file0': -2
[  409.326837][ T8929] ptrace attach of "./syz-executor exec"[5848] was attempted by "./syz-executor exec"[8929]
[  409.592601][ T5156] Bluetooth: hci3: command 0x0405 tx timeout
[  410.047776][ T8940] tipc: Started in network mode
[  410.070680][ T8940] tipc: Node identity 2a1451baa94f, cluster identity 4711
[  410.095301][ T8940] tipc: Enabled bearer <eth:syzkaller0>, priority 0
[  410.138895][ T8940] tipc: Resetting bearer <eth:syzkaller0>
[  410.193429][ T8938] tipc: Disabling bearer <eth:syzkaller0>
[  411.668060][ T8963] Bluetooth: hci0: Opcode 0x0c1a failed: -4
[  411.679179][ T8963] Bluetooth: hci1: Opcode 0x0c1a failed: -4
[  411.687742][ T8963] Bluetooth: hci2: Opcode 0x0c1a failed: -4
[  411.700379][ T8963] Bluetooth: hci4: Opcode 0x0c1a failed: -4
[  411.710658][ T5840] Bluetooth: hci3: command 0x0405 tx timeout
[  411.744723][ T8963] Bluetooth: hci3: Opcode 0x0c1a failed: -4
[  412.316281][ T8972] netlink: 12 bytes leftover after parsing attributes in process `syz.1.818'.
[  413.583237][ T5156] Bluetooth: hci0: command 0x0c1a tx timeout
[  414.064988][ T5156] Bluetooth: hci1: command 0x0c1a tx timeout
[  414.065005][ T5838] Bluetooth: hci4: command 0x0405 tx timeout
[  414.071087][ T5840] Bluetooth: hci2: command 0x0c1a tx timeout
[  414.071144][ T5840] Bluetooth: hci3: command 0x0405 tx timeout
[  414.144460][ T8986] netlink: 87 bytes leftover after parsing attributes in process `syz.5.823'.
[  414.478035][ T8998] netlink: 4388 bytes leftover after parsing attributes in process `syz.4.826'.
[  414.526904][ T8997] tipc: Started in network mode
[  414.588970][ T8997] tipc: Node identity 02922bd3861, cluster identity 4711
[  414.612853][ T8997] tipc: Enabled bearer <eth:syzkaller0>, priority 0
[  414.637260][ T8997] tipc: Resetting bearer <eth:syzkaller0>
[  414.677640][ T8995] tipc: Disabling bearer <eth:syzkaller0>
[  417.184602][ T9033] vivid-000: disconnect
[  417.189804][ T9032] vivid-000: reconnect
[  417.381568][ T9036] netlink: 'syz.5.835': attribute type 10 has an invalid length.
[  417.468488][ T9036] 8021q: adding VLAN 0 to HW filter on device batadv0
[  417.580924][ T9036] bond0: (slave batadv0): Enslaving as an active interface with an up link
[  417.814383][ T8988] Bluetooth: hci5: Opcode 0x1003 failed: -110
[  418.209507][ T9047] tipc: Enabled bearer <eth:syzkaller0>, priority 0
[  418.241073][ T9047] tipc: Resetting bearer <eth:syzkaller0>
[  418.319120][   T30] audit: type=1326 audit(1755579973.138:140): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=9044 comm="syz.2.839" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f55d898ebe9 code=0x7ffc0000
[  418.362791][ T9046] tipc: Disabling bearer <eth:syzkaller0>
[  418.370304][   T30] audit: type=1326 audit(1755579973.138:141): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=9044 comm="syz.2.839" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f55d898ebe9 code=0x7ffc0000
[  418.447988][   T30] audit: type=1326 audit(1755579973.138:142): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=9044 comm="syz.2.839" exe="/root/syz-executor" sig=0 arch=c000003e syscall=135 compat=0 ip=0x7f55d898ebe9 code=0x7ffc0000
[  418.571724][   T30] audit: type=1326 audit(1755579973.138:143): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=9044 comm="syz.2.839" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f55d898ebe9 code=0x7ffc0000
[  418.593229][    C1] vkms_vblank_simulate: vblank timer overrun
[  418.639710][   T30] audit: type=1326 audit(1755579973.138:144): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=9044 comm="syz.2.839" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f55d898ebe9 code=0x7ffc0000
[  418.661297][    C1] vkms_vblank_simulate: vblank timer overrun
[  418.906142][   T30] audit: type=1326 audit(1755579973.138:145): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=9044 comm="syz.2.839" exe="/root/syz-executor" sig=0 arch=c000003e syscall=314 compat=0 ip=0x7f55d898ebe9 code=0x7ffc0000
[  418.927826][    C1] vkms_vblank_simulate: vblank timer overrun
[  418.970703][   T30] audit: type=1326 audit(1755579973.138:146): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=9044 comm="syz.2.839" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f55d898ebe9 code=0x7ffc0000
[  418.992309][    C1] vkms_vblank_simulate: vblank timer overrun
[  419.010650][   T30] audit: type=1326 audit(1755579973.138:147): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=9044 comm="syz.2.839" exe="/root/syz-executor" sig=0 arch=c000003e syscall=41 compat=0 ip=0x7f55d898ebe9 code=0x7ffc0000
[  419.037802][   T30] audit: type=1326 audit(1755579973.138:148): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=9044 comm="syz.2.839" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f55d898ebe9 code=0x7ffc0000
[  419.059412][    C1] vkms_vblank_simulate: vblank timer overrun
[  419.286152][   T30] audit: type=1326 audit(1755579973.138:149): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=9044 comm="syz.2.839" exe="/root/syz-executor" sig=0 arch=c000003e syscall=51 compat=0 ip=0x7f55d898ebe9 code=0x7ffc0000
[  419.307849][    C1] vkms_vblank_simulate: vblank timer overrun
[  421.420614][ T9077] tipc: Enabling of bearer <eth:syzkaller> rejected, failed to enable media
[  421.471711][ T9077] syzkaller0: entered promiscuous mode
[  421.477291][ T9077] syzkaller0: entered allmulticast mode
[  428.015025][ T9165] syzkaller0: entered allmulticast mode
[  428.039265][ T9165] syzkaller0: entered promiscuous mode
[  428.532109][ T9164] syzkaller0: left promiscuous mode
[  428.551834][ T9164] syzkaller0: left allmulticast mode
[  428.704284][ T9173] netlink: 87 bytes leftover after parsing attributes in process `syz.0.866'.
[  432.071350][ T9215] loop4: detected capacity change from 0 to 524255232
[  432.444502][ T9216] loop4: detected capacity change from 524255232 to 524287956
[  432.943411][ T9226] fuse: Invalid rootmode
[  433.248418][ T9230] netlink: 'syz.4.880': attribute type 3 has an invalid length.
[  433.256489][ T9230] netlink: 199836 bytes leftover after parsing attributes in process `syz.4.880'.
[  435.237304][ T9264] netlink: 4388 bytes leftover after parsing attributes in process `syz.1.886'.
[  440.377364][ T1301] ieee802154 phy0 wpan0: encryption failed: -22
[  440.390643][ T1301] ieee802154 phy1 wpan1: encryption failed: -22
[  443.112371][ T9356] netlink: 4388 bytes leftover after parsing attributes in process `syz.4.908'.
[  445.940733][ T5950] usb 6-1: new high-speed USB device number 2 using dummy_hcd
[  446.080740][ T5950] usb 6-1: device descriptor read/64, error -71
[  447.010994][ T5950] usb 6-1: new high-speed USB device number 3 using dummy_hcd
[  447.321288][ T5950] usb 6-1: device descriptor read/64, error -71
[  447.433379][ T5950] usb usb6-port1: attempt power cycle
[  447.844633][ T5950] usb 6-1: new high-speed USB device number 4 using dummy_hcd
[  447.875985][ T5950] usb 6-1: device descriptor read/8, error -71
[  448.141165][ T5950] usb 6-1: new high-speed USB device number 5 using dummy_hcd
[  448.570853][ T5950] usb 6-1: device not accepting address 5, error -71
[  448.578080][ T5950] usb usb6-port1: unable to enumerate USB device
[  451.903498][ T9449] netlink: 'syz.5.928': attribute type 3 has an invalid length.
[  451.911379][ T9449] netlink: 199836 bytes leftover after parsing attributes in process `syz.5.928'.
[  453.741410][ T5950] usb 6-1: new high-speed USB device number 6 using dummy_hcd
[  453.910773][ T5950] usb 6-1: device descriptor read/64, error -71
[  454.200400][ T5950] usb 6-1: new high-speed USB device number 7 using dummy_hcd
[  454.430735][ T5950] usb 6-1: device descriptor read/64, error -71
[  454.541316][ T5950] usb usb6-port1: attempt power cycle
[  454.890620][ T5950] usb 6-1: new high-speed USB device number 8 using dummy_hcd
[  454.914583][ T5950] usb 6-1: device descriptor read/8, error -71
[  455.924659][ T9483] iommufd_mock iommufd_mock0: Adding to iommu group 0
[  457.170920][   T51] Bluetooth: hci5: Opcode 0x1003 failed: -110
[  458.139823][ T9507] netlink: 'syz.0.941': attribute type 3 has an invalid length.
[  458.147775][ T9507] netlink: 199836 bytes leftover after parsing attributes in process `syz.0.941'.
[  460.438093][ T9537] loop4: detected capacity change from 0 to 524255232
[  461.226048][ T9536] loop4: detected capacity change from 524255232 to 524287956
[  462.265474][ T5950] usb 3-1: new high-speed USB device number 10 using dummy_hcd
[  462.571234][ T5950] usb 3-1: device descriptor read/64, error -71
[  463.285582][ T5950] usb 3-1: new high-speed USB device number 11 using dummy_hcd
[  463.427734][ T9556] netlink: 'syz.4.953': attribute type 3 has an invalid length.
[  463.435621][ T9556] netlink: 199836 bytes leftover after parsing attributes in process `syz.4.953'.
[  463.540602][ T5950] usb 3-1: device descriptor read/64, error -71
[  463.671158][ T5950] usb usb3-port1: attempt power cycle
[  464.021163][ T5950] usb 3-1: new high-speed USB device number 12 using dummy_hcd
[  464.161495][ T5950] usb 3-1: device descriptor read/8, error -71
[  464.370002][ T9571] netlink: 'syz.2.957': attribute type 1 has an invalid length.
[  466.913522][ T9560] batman_adv: batadv0: Interface deactivated: batadv_slave_0
[  466.968015][ T9560] batman_adv: batadv0: Interface deactivated: batadv_slave_1
[  467.858044][ T9594] iommufd_mock iommufd_mock0: Adding to iommu group 0
[  468.234257][ T9560] netdevsim netdevsim1 netdevsim0: unset [1, 0] type 2 family 0 port 6081 - 0
[  468.258728][ T9560] netdevsim netdevsim1 netdevsim1: unset [1, 0] type 2 family 0 port 6081 - 0
[  468.269213][ T9560] netdevsim netdevsim1 netdevsim2: unset [1, 0] type 2 family 0 port 6081 - 0
[  468.281397][ T9560] netdevsim netdevsim1 netdevsim3: unset [1, 0] type 2 family 0 port 6081 - 0
[  468.483325][ T9571] workqueue: Failed to create a rescuer kthread for wq "bond1": -EINTR
[  469.411084][ T9597] hid-generic 0000:0000:0000.0007: unknown main item tag 0x0
[  469.586610][ T9597] hid-generic 0000:0000:0000.0007: hidraw0: <UNKNOWN> HID v0.00 Device [syz1] on syz0
[  470.489710][ T9596] usb 5-1: new high-speed USB device number 12 using dummy_hcd
[  470.914968][ T9596] usb 5-1: device descriptor read/64, error -71
[  471.190591][ T9596] usb 5-1: new high-speed USB device number 13 using dummy_hcd
[  471.420748][ T9596] usb 5-1: device descriptor read/64, error -71
[  471.585626][ T9596] usb usb5-port1: attempt power cycle
[  471.931124][ T9596] usb 5-1: new high-speed USB device number 14 using dummy_hcd
[  471.982845][ T9596] usb 5-1: device descriptor read/8, error -71
[  472.230791][ T9596] usb 5-1: new high-speed USB device number 15 using dummy_hcd
[  472.272665][ T9596] usb 5-1: device descriptor read/8, error -71
[  472.428777][ T9596] usb usb5-port1: unable to enumerate USB device
[  472.533275][ T9632] sd 0:0:1:0: device reset
[  474.135470][ T9639] bridge0: port 2(bridge_slave_1) entered disabled state
[  474.143652][ T9639] bridge0: port 1(bridge_slave_0) entered disabled state
[  474.952364][ T9639] batman_adv: batadv0: Interface deactivated: batadv_slave_0
[  475.058565][ T9639] batman_adv: batadv0: Interface deactivated: batadv_slave_1
[  475.491450][ T9595] usb 1-1: new high-speed USB device number 12 using dummy_hcd
[  475.583489][ T9639] netdevsim netdevsim2 netdevsim0: unset [1, 0] type 2 family 0 port 6081 - 0
[  475.595707][ T9639] netdevsim netdevsim2 netdevsim1: unset [1, 0] type 2 family 0 port 6081 - 0
[  475.607059][ T9639] netdevsim netdevsim2 netdevsim2: unset [1, 0] type 2 family 0 port 6081 - 0
[  475.616389][ T9639] netdevsim netdevsim2 netdevsim3: unset [1, 0] type 2 family 0 port 6081 - 0
[  475.802083][ T9595] usb 1-1: Using ep0 maxpacket: 32
[  476.048400][ T1155] Bluetooth: hci5: Frame reassembly failed (-84)
[  476.383592][ T9595] usb 1-1: config 0 has an invalid interface number: 184 but max is 0
[  476.420780][ T9595] usb 1-1: config 0 has no interface number 0
[  476.428010][ T9595] usb 1-1: config 0 interface 184 has no altsetting 0
[  476.503301][ T9595] usb 1-1: New USB device found, idVendor=0424, idProduct=7500, bcdDevice=69.ee
[  476.530657][ T9595] usb 1-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  476.549190][ T9595] usb 1-1: Product: syz
[  476.553857][ T9595] usb 1-1: Manufacturer: syz
[  476.558514][ T9595] usb 1-1: SerialNumber: syz
[  476.594827][ T9595] usb 1-1: config 0 descriptor??
[  476.604739][ T9595] smsc75xx v1.0.0
[  476.611989][ T9595] smsc75xx 1-1:0.184 (unnamed net_device) (uninitialized): usbnet_get_endpoints failed: -22
[  476.640890][ T9595] smsc75xx 1-1:0.184: probe with driver smsc75xx failed with error -22
[  476.654774][ T9660] netlink: 28 bytes leftover after parsing attributes in process `syz.0.981'.
[  476.807543][ T9595] usb 1-1: USB disconnect, device number 12
[  477.970754][   T51] Bluetooth: hci5: command 0x1003 tx timeout
[  477.978125][ T8988] Bluetooth: hci5: Opcode 0x1003 failed: -110
[  479.944300][ T9703] sg_write: data in/out 124/1 bytes for SCSI command 0x1c-- guessing data in;
[  479.944300][ T9703]    program syz.4.994 not setting count and/or reply_len properly
[  482.929491][ T9716] netlink: 28 bytes leftover after parsing attributes in process `syz.1.997'.
[  483.320668][ T9596] usb 2-1: new high-speed USB device number 5 using dummy_hcd
[  483.514377][ T9596] usb 2-1: Using ep0 maxpacket: 32
[  483.964848][ T9596] usb 2-1: config 0 has an invalid interface number: 184 but max is 0
[  484.006833][ T9596] usb 2-1: config 0 has no interface number 0
[  484.019679][ T9596] usb 2-1: config 0 interface 184 has no altsetting 0
[  484.032552][ T9596] usb 2-1: New USB device found, idVendor=0424, idProduct=7500, bcdDevice=69.ee
[  484.047531][ T9596] usb 2-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  484.226391][ T9596] usb 2-1: Product: syz
[  485.033710][ T9596] usb 2-1: Manufacturer: syz
[  485.038602][ T9596] usb 2-1: SerialNumber: syz
[  485.051318][ T9596] usb 2-1: config 0 descriptor??
[  485.067050][ T9596] usb 2-1: can't set config #0, error -71
[  485.083501][ T9596] usb 2-1: USB disconnect, device number 5
[  490.277312][ T9772] netlink: 28 bytes leftover after parsing attributes in process `syz.5.1015'.
[  491.265685][ T9564] usb 5-1: new full-speed USB device number 16 using dummy_hcd
[  491.273643][  T976] usb 6-1: new high-speed USB device number 10 using dummy_hcd
[  491.541932][ T9596] usb 1-1: new high-speed USB device number 13 using dummy_hcd
[  491.560642][  T976] usb 6-1: Using ep0 maxpacket: 32
[  491.567987][ T9564] usb 5-1: config 0 has an invalid interface number: 11 but max is 0
[  491.577468][ T9564] usb 5-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config
[  491.594176][ T9564] usb 5-1: config 0 has no interface number 0
[  491.603402][  T976] usb 6-1: config 0 has an invalid interface number: 184 but max is 0
[  491.663261][  T976] usb 6-1: config 0 has no interface number 0
[  491.669657][  T976] usb 6-1: config 0 interface 184 has no altsetting 0
[  491.678675][ T9564] usb 5-1: config 0 interface 11 altsetting 253 endpoint 0x87 has invalid maxpacket 8456, setting to 64
[  491.700903][ T9596] usb 1-1: device descriptor read/64, error -71
[  491.805625][ T9564] usb 5-1: config 0 interface 11 altsetting 253 has 1 endpoint descriptor, different from the interface descriptor's value: 2
[  491.875745][ T9564] usb 5-1: config 0 interface 11 has no altsetting 0
[  491.899086][  T976] usb 6-1: New USB device found, idVendor=0424, idProduct=7500, bcdDevice=69.ee
[  491.910581][ T9564] usb 5-1: New USB device found, idVendor=06cd, idProduct=010f, bcdDevice=d5.1b
[  491.919716][  T976] usb 6-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  491.940833][  T976] usb 6-1: Product: syz
[  491.948489][ T9564] usb 5-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  491.960917][  T976] usb 6-1: Manufacturer: syz
[  491.972566][  T976] usb 6-1: SerialNumber: syz
[  491.978878][ T9564] usb 5-1: config 0 descriptor??
[  491.989399][ T9564] keyspan 5-1:0.11: Keyspan 2 port adapter converter detected
[  492.000359][  T976] usb 6-1: config 0 descriptor??
[  492.000633][ T9596] usb 1-1: new high-speed USB device number 14 using dummy_hcd
[  492.029965][  T976] smsc75xx v1.0.0
[  492.036930][ T9564] keyspan 5-1:0.11: found no endpoint descriptor for endpoint 7
[  492.050568][  T976] smsc75xx 6-1:0.184 (unnamed net_device) (uninitialized): usbnet_get_endpoints failed: -22
[  492.066853][ T9564] keyspan 5-1:0.11: found no endpoint descriptor for endpoint 81
[  492.097466][  T976] smsc75xx 6-1:0.184: probe with driver smsc75xx failed with error -22
[  492.115848][ T9564] keyspan 5-1:0.11: found no endpoint descriptor for endpoint 82
[  492.146335][ T9564] keyspan 5-1:0.11: found no endpoint descriptor for endpoint 1
[  492.160708][ T9564] keyspan 5-1:0.11: found no endpoint descriptor for endpoint 2
[  492.180865][ T9596] usb 1-1: device descriptor read/64, error -71
[  492.199631][ T9564] keyspan 5-1:0.11: found no endpoint descriptor for endpoint 85
[  492.218701][ T9564] keyspan 5-1:0.11: found no endpoint descriptor for endpoint 5
[  492.240907][ T9595] usb 6-1: USB disconnect, device number 10
[  492.258318][ T9564] usb 5-1: Keyspan 2 port adapter converter now attached to ttyUSB0
[  492.321322][ T9596] usb usb1-port1: attempt power cycle
[  492.323379][ T9564] keyspan 5-1:0.11: found no endpoint descriptor for endpoint 83
[  492.345495][ T9564] keyspan 5-1:0.11: found no endpoint descriptor for endpoint 84
[  492.355682][ T9564] keyspan 5-1:0.11: found no endpoint descriptor for endpoint 3
[  492.369877][ T9564] keyspan 5-1:0.11: found no endpoint descriptor for endpoint 4
[  492.398715][ T9564] keyspan 5-1:0.11: found no endpoint descriptor for endpoint 86
[  492.408486][ T9564] keyspan 5-1:0.11: found no endpoint descriptor for endpoint 6
[  492.430371][ T9564] usb 5-1: Keyspan 2 port adapter converter now attached to ttyUSB1
[  492.459404][ T9564] usb 5-1: USB disconnect, device number 16
[  492.536003][ T9564] keyspan_2 ttyUSB0: Keyspan 2 port adapter converter now disconnected from ttyUSB0
[  492.568368][ T9564] keyspan_2 ttyUSB1: Keyspan 2 port adapter converter now disconnected from ttyUSB1
[  492.596917][ T9564] keyspan 5-1:0.11: device disconnected
[  492.671001][ T9596] usb 1-1: new high-speed USB device number 15 using dummy_hcd
[  492.721542][ T9596] usb 1-1: device descriptor read/8, error -71
[  493.049565][ T9596] usb 1-1: new high-speed USB device number 16 using dummy_hcd
[  494.370891][ T9596] usb 1-1: device not accepting address 16, error -71
[  494.454098][   T24] usb 5-1: new high-speed USB device number 17 using dummy_hcd
[  495.614434][ T9596] usb usb1-port1: unable to enumerate USB device
[  495.791066][   T24] usb 5-1: Using ep0 maxpacket: 32
[  495.798144][   T24] usb 5-1: config 0 has an invalid interface number: 242 but max is 0
[  495.806887][   T24] usb 5-1: config 0 has no interface number 0
[  495.834649][   T24] usb 5-1: New USB device found, idVendor=0547, idProduct=2720, bcdDevice=eb.4e
[  495.850944][   T24] usb 5-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  495.920574][   T24] usb 5-1: Product: syz
[  495.953786][   T24] usb 5-1: Manufacturer: syz
[  495.968260][   T24] usb 5-1: SerialNumber: syz
[  495.993103][   T24] usb 5-1: config 0 descriptor??
[  496.164658][   T24] cdc_subset 5-1:0.242: probe with driver cdc_subset failed with error -71
[  496.298361][   T24] usb 5-1: USB disconnect, device number 17
[  496.892301][ T9844] netlink: 28 bytes leftover after parsing attributes in process `syz.2.1037'.
[  497.173234][ T9846] netlink: 'syz.4.1036': attribute type 3 has an invalid length.
[  497.181196][ T9846] netlink: 199836 bytes leftover after parsing attributes in process `syz.4.1036'.
[  497.824347][ T9564] usb 3-1: new high-speed USB device number 14 using dummy_hcd
[  498.061298][ T9564] usb 3-1: Using ep0 maxpacket: 32
[  498.927562][ T9564] usb 3-1: config 0 has an invalid interface number: 184 but max is 0
[  498.960982][ T9564] usb 3-1: config 0 has no interface number 0
[  498.967328][ T9564] usb 3-1: config 0 interface 184 has no altsetting 0
[  499.220416][ T9564] usb 3-1: New USB device found, idVendor=0424, idProduct=7500, bcdDevice=69.ee
[  499.270592][ T9564] usb 3-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  499.278709][ T9564] usb 3-1: Product: syz
[  499.320753][ T9564] usb 3-1: Manufacturer: syz
[  499.338157][ T9564] usb 3-1: SerialNumber: syz
[  499.361419][ T9564] usb 3-1: config 0 descriptor??
[  499.672758][ T9564] smsc75xx v1.0.0
[  499.677428][ T9564] smsc75xx 3-1:0.184 (unnamed net_device) (uninitialized): usbnet_get_endpoints failed: -22
[  499.698044][ T9564] smsc75xx 3-1:0.184: probe with driver smsc75xx failed with error -22
[  500.299234][   T24] usb 3-1: USB disconnect, device number 14
[  501.078239][ T9879] program syz.4.1046 is using a deprecated SCSI ioctl, please convert it to SG_IO
[  501.151326][ T9879] loop6: detected capacity change from 0 to 63
[  501.232677][ T9879] Buffer I/O error on dev loop6, logical block 0, async page read
[  501.241984][ T9879] Buffer I/O error on dev loop6, logical block 1, async page read
[  501.251127][ T9879] Buffer I/O error on dev loop6, logical block 2, async page read
[  501.259870][ T9879] Buffer I/O error on dev loop6, logical block 3, async page read
[  501.271891][ T9879] Buffer I/O error on dev loop6, logical block 0, async page read
[  501.283018][ T9879] Buffer I/O error on dev loop6, logical block 1, async page read
[  501.292116][ T9879] Buffer I/O error on dev loop6, logical block 2, async page read
[  501.301010][ T9879] Buffer I/O error on dev loop6, logical block 3, async page read
[  501.584135][ T9733] Buffer I/O error on dev loop6, logical block 0, async page read
[  501.822006][ T1301] ieee802154 phy0 wpan0: encryption failed: -22
[  501.829038][ T1301] ieee802154 phy1 wpan1: encryption failed: -22
[  501.883381][ T9733] Buffer I/O error on dev loop6, logical block 0, async page read
[  503.224384][  T976] usb 2-1: new high-speed USB device number 6 using dummy_hcd
[  503.486334][  T976] usb 2-1: config 1 interface 0 altsetting 0 endpoint 0x1 has invalid wMaxPacketSize 0
[  503.517038][  T976] usb 2-1: config 1 interface 0 altsetting 0 bulk endpoint 0x1 has invalid maxpacket 0
[  503.537728][  T976] usb 2-1: config 1 interface 0 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 2
[  503.727948][  T976] usb 2-1: New USB device found, idVendor=0525, idProduct=a4a8, bcdDevice= 0.41
[  503.781038][  T976] usb 2-1: New USB device strings: Mfr=1, Product=2, SerialNumber=11
[  503.789535][  T976] usb 2-1: Product: syz
[  503.796235][  T976] usb 2-1: Manufacturer: syz
[  503.806015][  T976] usb 2-1: SerialNumber: syz
[  504.355556][ T9909] netlink: 28 bytes leftover after parsing attributes in process `syz.0.1055'.
[  504.493379][  T976] usblp 2-1:1.0: usblp0: USB Unidirectional printer dev 6 if 0 alt 0 proto 1 vid 0x0525 pid 0xA4A8
[  504.685807][  T976] usb 2-1: USB disconnect, device number 6
[  504.698661][  T976] usblp0: removed
[  504.702925][ T9588] usb 1-1: new high-speed USB device number 17 using dummy_hcd
[  504.891232][ T9588] usb 1-1: Using ep0 maxpacket: 32
[  504.935750][ T9588] usb 1-1: config 0 has an invalid interface number: 184 but max is 0
[  504.944135][ T9588] usb 1-1: config 0 has no interface number 0
[  504.951293][ T9588] usb 1-1: config 0 interface 184 has no altsetting 0
[  504.975261][ T9588] usb 1-1: New USB device found, idVendor=0424, idProduct=7500, bcdDevice=69.ee
[  504.990385][ T9588] usb 1-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  505.008877][ T9588] usb 1-1: Product: syz
[  505.028410][ T9588] usb 1-1: Manufacturer: syz
[  505.038593][ T9588] usb 1-1: SerialNumber: syz
[  505.069842][ T9588] usb 1-1: config 0 descriptor??
[  505.095269][ T9588] smsc75xx v1.0.0
[  505.099504][ T9588] smsc75xx 1-1:0.184 (unnamed net_device) (uninitialized): usbnet_get_endpoints failed: -22
[  505.113113][ T9588] smsc75xx 1-1:0.184: probe with driver smsc75xx failed with error -22
[  507.544922][ T5920] usb 1-1: USB disconnect, device number 17
[  510.248292][ T9955] netlink: 4 bytes leftover after parsing attributes in process `syz.1.1069'.
[  510.514184][ T9957] loop6: detected capacity change from 0 to 524287999
[  513.007824][ T9977] netlink: 28 bytes leftover after parsing attributes in process `syz.4.1076'.
[  513.314271][ T9975] netlink: 12 bytes leftover after parsing attributes in process `syz.2.1075'.
[  513.650771][ T9588] usb 5-1: new high-speed USB device number 18 using dummy_hcd
[  514.830741][ T9588] usb 5-1: Using ep0 maxpacket: 32
[  515.026369][ T9588] usb 5-1: config 0 has an invalid interface number: 184 but max is 0
[  515.120197][ T9588] usb 5-1: config 0 has no interface number 0
[  515.152221][ T9588] usb 5-1: config 0 interface 184 has no altsetting 0
[  515.205202][ T9588] usb 5-1: New USB device found, idVendor=0424, idProduct=7500, bcdDevice=69.ee
[  515.216837][ T9588] usb 5-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  515.269758][ T9588] usb 5-1: Product: syz
[  515.279425][ T9588] usb 5-1: Manufacturer: syz
[  515.297538][ T9588] usb 5-1: SerialNumber: syz
[  515.354389][ T9588] usb 5-1: config 0 descriptor??
[  515.431222][ T9588] smsc75xx v1.0.0
[  515.446896][ T9588] smsc75xx 5-1:0.184 (unnamed net_device) (uninitialized): usbnet_get_endpoints failed: -22
[  515.573433][ T9588] smsc75xx 5-1:0.184: probe with driver smsc75xx failed with error -22
[  517.598599][ T9595] usb 5-1: USB disconnect, device number 18
[  520.025095][T10040] netlink: 'syz.5.1093': attribute type 3 has an invalid length.
[  520.033104][T10040] netlink: 199836 bytes leftover after parsing attributes in process `syz.5.1093'.
[  520.081935][ T9596] usb 5-1: new full-speed USB device number 19 using dummy_hcd
[  520.437814][ T9596] usb 5-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 10
[  520.470291][ T9596] usb 5-1: New USB device found, idVendor=1a34, idProduct=f705, bcdDevice= 0.00
[  520.879084][ T9596] usb 5-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  520.903173][ T9596] usb 5-1: config 0 descriptor??
[  521.423924][ T9596] acrux 0003:1A34:F705.0008: item fetching failed at offset 3/7
[  521.618384][ T9596] acrux 0003:1A34:F705.0008: parse failed
[  521.660439][ T9596] acrux 0003:1A34:F705.0008: probe with driver acrux failed with error -22
[  522.614318][  T976] usb 5-1: USB disconnect, device number 19
[  522.633922][T10062] netlink: 28 bytes leftover after parsing attributes in process `syz.1.1099'.
[  523.000827][ T5920] usb 2-1: new high-speed USB device number 7 using dummy_hcd
[  523.570956][  T976] usb 1-1: new high-speed USB device number 18 using dummy_hcd
[  523.664488][ T5920] usb 2-1: Using ep0 maxpacket: 32
[  523.984375][ T5920] usb 2-1: config 0 has an invalid interface number: 184 but max is 0
[  524.025154][ T5920] usb 2-1: config 0 has no interface number 0
[  524.054058][ T5920] usb 2-1: config 0 interface 184 has no altsetting 0
[  524.075369][T10073] tipc: Started in network mode
[  524.092729][T10073] tipc: Node identity 8adee6eb9519, cluster identity 4711
[  524.132665][ T5920] usb 2-1: New USB device found, idVendor=0424, idProduct=7500, bcdDevice=69.ee
[  524.143342][T10073] tipc: Enabled bearer <eth:syzkaller0>, priority 0
[  524.144467][  T976] usb 1-1: too many configurations: 9, using maximum allowed: 8
[  524.163801][ T5920] usb 2-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  524.171906][T10073] syzkaller0: entered promiscuous mode
[  524.171932][T10073] syzkaller0: entered allmulticast mode
[  524.189343][ T5920] usb 2-1: Product: syz
[  524.191460][  T976] usb 1-1: config 0 has 1 interface, different from the descriptor's value: 9
[  524.209789][  T976] usb 1-1: config 0 interface 0 altsetting 2 endpoint 0x8D has an invalid bInterval 0, changing to 7
[  524.225434][T10071] tipc: Resetting bearer <eth:syzkaller0>
[  524.231227][ T5920] usb 2-1: Manufacturer: syz
[  524.236731][ T5920] usb 2-1: SerialNumber: syz
[  524.243406][  T976] usb 1-1: config 0 interface 0 has no altsetting 0
[  524.254367][ T5920] usb 2-1: config 0 descriptor??
[  524.266221][ T5920] smsc75xx v1.0.0
[  524.270061][ T5920] smsc75xx 2-1:0.184 (unnamed net_device) (uninitialized): usbnet_get_endpoints failed: -22
[  524.281435][  T976] usb 1-1: config 0 has 1 interface, different from the descriptor's value: 9
[  524.294254][ T5920] smsc75xx 2-1:0.184: probe with driver smsc75xx failed with error -22
[  524.307079][  T976] usb 1-1: config 0 interface 0 altsetting 2 endpoint 0x8D has an invalid bInterval 0, changing to 7
[  524.325859][  T976] usb 1-1: config 0 interface 0 has no altsetting 0
[  524.335872][  T976] usb 1-1: config 0 has 1 interface, different from the descriptor's value: 9
[  524.344979][T10071] tipc: Disabling bearer <eth:syzkaller0>
[  524.365499][  T976] usb 1-1: config 0 interface 0 altsetting 2 endpoint 0x8D has an invalid bInterval 0, changing to 7
[  524.378008][  T976] usb 1-1: config 0 interface 0 has no altsetting 0
[  524.389475][  T976] usb 1-1: config 0 has 1 interface, different from the descriptor's value: 9
[  524.407945][  T976] usb 1-1: config 0 interface 0 altsetting 2 endpoint 0x8D has an invalid bInterval 0, changing to 7
[  524.425740][  T976] usb 1-1: config 0 interface 0 has no altsetting 0
[  524.988112][  T976] usb 1-1: config 0 has 1 interface, different from the descriptor's value: 9
[  525.199678][  T976] usb 1-1: config 0 interface 0 altsetting 2 endpoint 0x8D has an invalid bInterval 0, changing to 7
[  525.529592][  T976] usb 1-1: config 0 interface 0 has no altsetting 0
[  525.538946][  T976] usb 1-1: config 0 has 1 interface, different from the descriptor's value: 9
[  525.554594][  T976] usb 1-1: config 0 interface 0 altsetting 2 endpoint 0x8D has an invalid bInterval 0, changing to 7
[  525.580776][  T976] usb 1-1: config 0 interface 0 has no altsetting 0
[  525.599838][  T976] usb 1-1: config 0 has 1 interface, different from the descriptor's value: 9
[  525.610080][  T976] usb 1-1: config 0 interface 0 altsetting 2 endpoint 0x8D has an invalid bInterval 0, changing to 7
[  525.617744][T10090] overlayfs: missing 'lowerdir'
[  525.644678][ T9595] usb 2-1: USB disconnect, device number 7
[  525.715792][  T976] usb 1-1: config 0 interface 0 has no altsetting 0
[  525.724436][  T976] usb 1-1: config 0 has 1 interface, different from the descriptor's value: 9
[  525.734118][  T976] usb 1-1: config 0 interface 0 altsetting 2 endpoint 0x8D has an invalid bInterval 0, changing to 7
[  525.746268][  T976] usb 1-1: config 0 interface 0 has no altsetting 0
[  525.789174][  T976] usb 1-1: string descriptor 0 read error: -71
[  525.796395][  T976] usb 1-1: New USB device found, idVendor=0c45, idProduct=1010, bcdDevice=49.8e
[  525.817089][  T976] usb 1-1: New USB device strings: Mfr=41, Product=64, SerialNumber=168
[  525.832560][  T976] usb 1-1: config 0 descriptor??
[  525.839164][  T976] usb 1-1: can't set config #0, error -71
[  525.851883][  T976] usb 1-1: USB disconnect, device number 18
[  526.440960][  T976] usb 1-1: new high-speed USB device number 19 using dummy_hcd
[  526.665626][  T976] usb 1-1: config 1 interface 0 altsetting 0 endpoint 0x1 has invalid wMaxPacketSize 0
[  526.678939][  T976] usb 1-1: config 1 interface 0 altsetting 0 bulk endpoint 0x1 has invalid maxpacket 0
[  526.723084][  T976] usb 1-1: config 1 interface 0 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 2
[  526.766618][  T976] usb 1-1: New USB device found, idVendor=0525, idProduct=a4a8, bcdDevice= 0.41
[  526.790733][  T976] usb 1-1: New USB device strings: Mfr=1, Product=2, SerialNumber=11
[  526.849830][  T976] usb 1-1: Product: syz
[  526.867424][  T976] usb 1-1: Manufacturer: syz
[  526.872987][  T976] usb 1-1: SerialNumber: syz
[  527.685709][  T976] usblp 1-1:1.0: usblp0: USB Unidirectional printer dev 19 if 0 alt 0 proto 1 vid 0x0525 pid 0xA4A8
[  527.903331][  T976] usb 1-1: USB disconnect, device number 19
[  527.932892][  T976] usblp0: removed
[  529.054311][T10132] netlink: 4 bytes leftover after parsing attributes in process `syz.5.1119'.
[  529.296241][T10132] batman_adv: batadv0: Removing interface: batadv_slave_1
[  529.931513][T10144] Bluetooth: MGMT ver 1.23
[  530.380771][  T976] usb 5-1: new high-speed USB device number 20 using dummy_hcd
[  530.684455][ T7696] Bluetooth: hci5: Frame reassembly failed (-84)
[  530.820899][  T976] usb 5-1: Using ep0 maxpacket: 32
[  530.850237][  T976] usb 5-1: config 0 has an invalid interface number: 184 but max is 0
[  530.876786][  T976] usb 5-1: config 0 has no interface number 0
[  530.893831][  T976] usb 5-1: config 0 interface 184 has no altsetting 0
[  530.910829][  T976] usb 5-1: New USB device found, idVendor=0424, idProduct=7500, bcdDevice=69.ee
[  530.932573][  T976] usb 5-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  530.971228][  T976] usb 5-1: Product: syz
[  530.975568][  T976] usb 5-1: Manufacturer: syz
[  530.980206][  T976] usb 5-1: SerialNumber: syz
[  531.015054][  T976] usb 5-1: config 0 descriptor??
[  531.041574][  T976] smsc75xx v1.0.0
[  531.045296][  T976] smsc75xx 5-1:0.184 (unnamed net_device) (uninitialized): usbnet_get_endpoints failed: -22
[  531.081050][  T976] smsc75xx 5-1:0.184: probe with driver smsc75xx failed with error -22
[  531.285043][  T976] usb 5-1: USB disconnect, device number 20
[  532.920982][   T51] Bluetooth: hci5: command 0x1003 tx timeout
[  532.927403][ T8988] Bluetooth: hci5: Opcode 0x1003 failed: -110
[  534.518115][T10204] netlink: 28 bytes leftover after parsing attributes in process `syz.4.1147'.
[  534.792146][ T9588] usb 5-1: new high-speed USB device number 21 using dummy_hcd
[  534.970711][ T9588] usb 5-1: Using ep0 maxpacket: 32
[  535.007110][ T9588] usb 5-1: config 0 has an invalid interface number: 184 but max is 0
[  535.022703][ T9588] usb 5-1: config 0 has no interface number 0
[  535.052140][ T9588] usb 5-1: config 0 interface 184 has no altsetting 0
[  535.093581][ T9588] usb 5-1: New USB device found, idVendor=0424, idProduct=7500, bcdDevice=69.ee
[  535.250930][ T9588] usb 5-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  535.657687][ T9588] usb 5-1: Product: syz
[  535.670784][ T9588] usb 5-1: Manufacturer: syz
[  535.675634][ T9588] usb 5-1: SerialNumber: syz
[  535.732618][ T9588] usb 5-1: config 0 descriptor??
[  535.757929][ T9588] smsc75xx v1.0.0
[  535.764473][ T9588] smsc75xx 5-1:0.184 (unnamed net_device) (uninitialized): usbnet_get_endpoints failed: -22
[  535.811034][ T9588] smsc75xx 5-1:0.184: probe with driver smsc75xx failed with error -22
[  536.003765][ T9588] usb 5-1: USB disconnect, device number 21
[  536.142027][T10216] Invalid source name
[  536.169601][T10216] UBIFS error (pid: 10216): cannot open "./file0", error -22
[  538.545025][T10235] tipc: Enabled bearer <eth:syzkaller0>, priority 0
[  538.611484][T10241] syzkaller0: entered promiscuous mode
[  538.639132][T10241] syzkaller0: entered allmulticast mode
[  538.843691][T10241] tipc: Resetting bearer <eth:syzkaller0>
[  538.926384][T10234] tipc: Resetting bearer <eth:syzkaller0>
[  539.007241][T10234] tipc: Disabling bearer <eth:syzkaller0>
[  541.443202][T10265] netlink: 28 bytes leftover after parsing attributes in process `syz.1.1167'.
[  542.070813][  T976] usb 2-1: new high-speed USB device number 8 using dummy_hcd
[  542.411031][  T976] usb 2-1: Using ep0 maxpacket: 32
[  543.704038][T10283] tipc: Enabling of bearer <eth:syzkaller0> rejected, failed to enable media
[  544.696521][ T9595] usb 3-1: new high-speed USB device number 15 using dummy_hcd
[  544.890704][ T9595] usb 3-1: device descriptor read/64, error -71
[  545.150723][ T9595] usb 3-1: new high-speed USB device number 16 using dummy_hcd
[  545.229736][  T976] usb 2-1: unable to read config index 0 descriptor/start: -71
[  545.246224][  T976] usb 2-1: can't read configurations, error -71
[  545.355542][ T9595] usb 3-1: device descriptor read/64, error -71
[  545.482285][ T9595] usb usb3-port1: attempt power cycle
[  546.125601][ T9595] usb 3-1: new high-speed USB device number 17 using dummy_hcd
[  546.151054][ T9564] usb 6-1: new high-speed USB device number 11 using dummy_hcd
[  546.162399][ T9595] usb 3-1: device descriptor read/8, error -71
[  546.324182][ T9564] usb 6-1: config 1 interface 0 altsetting 0 endpoint 0x1 has invalid wMaxPacketSize 0
[  546.350802][ T9564] usb 6-1: config 1 interface 0 altsetting 0 bulk endpoint 0x1 has invalid maxpacket 0
[  546.379190][ T9564] usb 6-1: config 1 interface 0 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 2
[  546.415411][ T9564] usb 6-1: New USB device found, idVendor=0525, idProduct=a4a8, bcdDevice= 0.41
[  546.433517][ T9564] usb 6-1: New USB device strings: Mfr=1, Product=2, SerialNumber=11
[  546.453553][ T9564] usb 6-1: Product: syz
[  546.467094][ T9564] usb 6-1: Manufacturer: syz
[  546.480849][ T9595] usb 3-1: new high-speed USB device number 18 using dummy_hcd
[  546.480854][ T9564] usb 6-1: SerialNumber: syz
[  546.512166][ T9595] usb 3-1: device descriptor read/8, error -71
[  546.651396][ T9595] usb usb3-port1: unable to enumerate USB device
[  546.872712][ T9564] usblp 6-1:1.0: usblp0: USB Unidirectional printer dev 11 if 0 alt 0 proto 1 vid 0x0525 pid 0xA4A8
[  546.895268][ T9564] usb 6-1: USB disconnect, device number 11
[  546.944163][ T9564] usblp0: removed
[  547.105725][T10319] tipc: Enabled bearer <eth:syzkaller0>, priority 0
[  547.115018][T10319] syzkaller0: entered promiscuous mode
[  547.140236][T10319] syzkaller0: entered allmulticast mode
[  547.187416][T10319] tipc: Resetting bearer <eth:syzkaller0>
[  547.236988][T10318] tipc: Resetting bearer <eth:syzkaller0>
[  548.166027][T10318] tipc: Disabling bearer <eth:syzkaller0>
[  548.463740][ T5920] tipc: Node number set to 533194475
[  549.000139][ T9596] usb 6-1: new high-speed USB device number 12 using dummy_hcd
[  549.296868][ T9596] usb 6-1: too many configurations: 9, using maximum allowed: 8
[  549.388070][ T9596] usb 6-1: config 0 has 1 interface, different from the descriptor's value: 9
[  549.399823][ T9596] usb 6-1: config 0 interface 0 altsetting 2 endpoint 0x8D has an invalid bInterval 0, changing to 7
[  549.423017][ T9596] usb 6-1: config 0 interface 0 has no altsetting 0
[  549.639941][ T9596] usb 6-1: config 0 has 1 interface, different from the descriptor's value: 9
[  549.694249][ T9596] usb 6-1: config 0 interface 0 altsetting 2 endpoint 0x8D has an invalid bInterval 0, changing to 7
[  549.705400][ T9596] usb 6-1: config 0 interface 0 has no altsetting 0
[  549.957229][ T9596] usb 6-1: config 0 has 1 interface, different from the descriptor's value: 9
[  549.995594][ T9596] usb 6-1: config 0 interface 0 altsetting 2 endpoint 0x8D has an invalid bInterval 0, changing to 7
[  550.081852][ T9596] usb 6-1: config 0 interface 0 has no altsetting 0
[  550.134187][ T9596] usb 6-1: config 0 has 1 interface, different from the descriptor's value: 9
[  550.168601][ T9596] usb 6-1: config 0 interface 0 altsetting 2 endpoint 0x8D has an invalid bInterval 0, changing to 7
[  550.177793][T10345] vivid-000: disconnect
[  550.213622][ T9596] usb 6-1: config 0 interface 0 has no altsetting 0
[  550.518420][ T9596] usb 6-1: config 0 has 1 interface, different from the descriptor's value: 9
[  550.534622][ T9596] usb 6-1: config 0 interface 0 altsetting 2 endpoint 0x8D has an invalid bInterval 0, changing to 7
[  550.684913][ T9596] usb 6-1: config 0 interface 0 has no altsetting 0
[  550.938662][ T9596] usb 6-1: config 0 has 1 interface, different from the descriptor's value: 9
[  550.939737][T10342] vivid-000: reconnect
[  550.948517][ T9596] usb 6-1: config 0 interface 0 altsetting 2 endpoint 0x8D has an invalid bInterval 0, changing to 7
[  551.130147][ T9596] usb 6-1: config 0 interface 0 has no altsetting 0
[  551.395825][ T9596] usb 6-1: config 0 has 1 interface, different from the descriptor's value: 9
[  551.411658][ T9596] usb 6-1: config 0 interface 0 altsetting 2 endpoint 0x8D has an invalid bInterval 0, changing to 7
[  551.558262][ T9596] usb 6-1: config 0 interface 0 has no altsetting 0
[  551.647910][ T9596] usb 6-1: config 0 has 1 interface, different from the descriptor's value: 9
[  551.658178][ T9596] usb 6-1: config 0 interface 0 altsetting 2 endpoint 0x8D has an invalid bInterval 0, changing to 7
[  551.670234][ T9596] usb 6-1: config 0 interface 0 has no altsetting 0
[  551.869819][ T9596] usb 6-1: New USB device found, idVendor=0c45, idProduct=1010, bcdDevice=49.8e
[  551.922207][ T9596] usb 6-1: New USB device strings: Mfr=41, Product=64, SerialNumber=168
[  551.960665][ T9596] usb 6-1: Product: syz
[  551.965007][ T9596] usb 6-1: Manufacturer: syz
[  551.990842][   T24] usb 2-1: new high-speed USB device number 10 using dummy_hcd
[  552.015490][ T9596] usb 6-1: SerialNumber: syz
[  552.554689][T10358] netlink: 'syz.4.1194': attribute type 3 has an invalid length.
[  552.562654][T10358] netlink: 199836 bytes leftover after parsing attributes in process `syz.4.1194'.
[  552.580638][ T9596] usb 6-1: config 0 descriptor??
[  552.586815][ T9596] usb 6-1: can't set config #0, error -71
[  552.596987][ T9596] usb 6-1: USB disconnect, device number 12
[  552.630888][   T24] usb 2-1: device descriptor read/64, error -71
[  552.741296][T10362] sd 0:0:1:0: device reset
[  553.160735][   T24] usb 2-1: new high-speed USB device number 11 using dummy_hcd
[  553.752783][   T24] usb 2-1: device descriptor read/64, error -71
[  553.884625][   T24] usb usb2-port1: attempt power cycle
[  555.446592][T10388] netlink: 87 bytes leftover after parsing attributes in process `syz.1.1203'.
[  555.531559][T10387] netlink: 12 bytes leftover after parsing attributes in process `syz.2.1199'.
[  556.903910][T10400] vivid-000: disconnect
[  557.160985][  T976] usb 2-1: new high-speed USB device number 13 using dummy_hcd
[  557.323365][  T976] usb 2-1: config 1 interface 0 altsetting 0 endpoint 0x1 has invalid wMaxPacketSize 0
[  557.363505][  T976] usb 2-1: config 1 interface 0 altsetting 0 bulk endpoint 0x1 has invalid maxpacket 0
[  557.484006][  T976] usb 2-1: config 1 interface 0 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 2
[  557.570067][  T976] usb 2-1: New USB device found, idVendor=0525, idProduct=a4a8, bcdDevice= 0.41
[  557.747191][T10397] vivid-000: reconnect
[  557.788175][  T976] usb 2-1: New USB device strings: Mfr=1, Product=2, SerialNumber=11
[  557.887104][  T976] usb 2-1: Product: syz
[  557.907879][  T976] usb 2-1: Manufacturer: syz
[  557.940340][  T976] usb 2-1: SerialNumber: syz
[  558.189633][  T976] usblp 2-1:1.0: usblp0: USB Unidirectional printer dev 13 if 0 alt 0 proto 1 vid 0x0525 pid 0xA4A8
[  558.231852][  T976] usb 2-1: USB disconnect, device number 13
[  558.354000][  T976] usblp0: removed
[  558.849421][T10418] Bluetooth: hci0: Opcode 0x0c1a failed: -4
[  558.868676][T10418] Bluetooth: hci1: Opcode 0x0c1a failed: -4
[  558.890306][T10418] Bluetooth: hci2: Opcode 0x0c1a failed: -4
[  558.924857][T10418] Bluetooth: hci4: Opcode 0x0c1a failed: -4
[  558.942545][T10418] Bluetooth: hci3: Opcode 0x0c1a failed: -4
[  559.651507][ T7696] Bluetooth: hci5: Frame reassembly failed (-84)
[  560.599219][T10436] overlayfs: missing 'lowerdir'
[  560.742514][   T51] Bluetooth: hci0: command 0x0c1a tx timeout
[  560.943056][   T51] Bluetooth: hci2: command 0x0c1a tx timeout
[  560.949441][   T51] Bluetooth: hci1: command 0x0c1a tx timeout
[  561.025558][   T51] Bluetooth: hci3: command 0x0405 tx timeout
[  561.025714][ T5840] Bluetooth: hci4: command 0x0405 tx timeout
[  561.581102][ T8988] Bluetooth: hci5: Opcode 0x1003 failed: -110
[  563.255991][ T1301] ieee802154 phy0 wpan0: encryption failed: -22
[  563.262844][ T1301] ieee802154 phy1 wpan1: encryption failed: -22
[  563.633270][T10462] ptrace attach of "./syz-executor exec"[5841] was attempted by "./syz-executor exec"[10462]
[  566.050877][  T976] usb 6-1: new high-speed USB device number 13 using dummy_hcd
[  566.120054][T10482] overlayfs: missing 'lowerdir'
[  566.234318][  T976] usb 6-1: device descriptor read/64, error -71
[  566.550679][  T976] usb 6-1: new high-speed USB device number 14 using dummy_hcd
[  566.770899][  T976] usb 6-1: device descriptor read/64, error -71
[  566.884438][  T976] usb usb6-port1: attempt power cycle
[  567.231151][  T976] usb 6-1: new high-speed USB device number 15 using dummy_hcd
[  567.280890][  T976] usb 6-1: device descriptor read/8, error -71
[  567.537402][  T976] usb 6-1: new high-speed USB device number 16 using dummy_hcd
[  567.601470][  T976] usb 6-1: device descriptor read/8, error -71
[  567.753531][  T976] usb usb6-port1: unable to enumerate USB device
[  574.380918][   T24] usb 2-1: new high-speed USB device number 14 using dummy_hcd
[  574.639096][   T24] usb 2-1: device descriptor read/64, error -71
[  574.920693][   T24] usb 2-1: new high-speed USB device number 15 using dummy_hcd
[  575.081043][   T24] usb 2-1: device descriptor read/64, error -71
[  575.214909][   T24] usb usb2-port1: attempt power cycle
[  575.810662][   T24] usb 2-1: new high-speed USB device number 16 using dummy_hcd
[  575.843477][   T24] usb 2-1: device descriptor read/8, error -71
[  576.142259][   T24] usb 2-1: new high-speed USB device number 17 using dummy_hcd
[  576.191482][   T24] usb 2-1: device descriptor read/8, error -71
[  576.331726][   T24] usb usb2-port1: unable to enumerate USB device
[  580.428340][T10574] netlink: 'syz.2.1256': attribute type 3 has an invalid length.
[  580.436559][T10574] netlink: 199836 bytes leftover after parsing attributes in process `syz.2.1256'.
[  586.984920][T10628] netlink: 'syz.5.1269': attribute type 3 has an invalid length.
[  586.992977][T10628] netlink: 199836 bytes leftover after parsing attributes in process `syz.5.1269'.
[  596.210833][ T9597] usb 5-1: new high-speed USB device number 22 using dummy_hcd
[  598.892010][ T9597] usb 5-1: config 1 interface 0 altsetting 0 endpoint 0x1 has invalid wMaxPacketSize 0
[  598.953243][ T9597] usb 5-1: config 1 interface 0 altsetting 0 bulk endpoint 0x1 has invalid maxpacket 0
[  598.980822][ T9597] usb 5-1: config 1 interface 0 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 2
[  599.075918][ T9597] usb 5-1: string descriptor 0 read error: -71
[  599.077035][T10692] tipc: Enabled bearer <eth:syzkaller0>, priority 0
[  599.097331][ T9597] usb 5-1: New USB device found, idVendor=0525, idProduct=a4a8, bcdDevice= 0.41
[  599.130896][ T9597] usb 5-1: New USB device strings: Mfr=1, Product=2, SerialNumber=11
[  599.132837][T10692] syzkaller0: entered promiscuous mode
[  599.181975][T10692] syzkaller0: entered allmulticast mode
[  599.191561][ T9597] usb 5-1: can't set config #1, error -71
[  599.249547][ T9597] usb 5-1: USB disconnect, device number 22
[  599.299941][T10698] tipc: Resetting bearer <eth:syzkaller0>
[  599.343271][T10690] tipc: Resetting bearer <eth:syzkaller0>
[  599.363349][  T976] usb 3-1: new full-speed USB device number 19 using dummy_hcd
[  599.430346][T10690] tipc: Disabling bearer <eth:syzkaller0>
[  599.608542][  T976] usb 3-1: config 16 interface 0 altsetting 0 endpoint 0x5 has invalid wMaxPacketSize 0
[  599.648436][  T976] usb 3-1: config 16 interface 0 altsetting 0 has 2 endpoint descriptors, different from the interface descriptor's value: 3
[  599.667113][  T976] usb 3-1: New USB device found, idVendor=ee8d, idProduct=db1a, bcdDevice=61.23
[  599.697614][  T976] usb 3-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  601.205936][  T976] usb 3-1: usb_control_msg returned -32
[  603.158446][T10720] Bluetooth: hci0: Opcode 0x0c1a failed: -4
[  603.255896][ T8988] Bluetooth: hci0: command 0x0c1a tx timeout
[  603.297075][  T976] usbtmc 3-1:16.0: can't read capabilities
[  603.312427][T10720] Bluetooth: hci1: Opcode 0x0c1a failed: -4
[  603.323463][  T976] usb 3-1: USB disconnect, device number 19
[  603.381088][T10720] Bluetooth: hci2: Opcode 0x0c1a failed: -4
[  603.387229][T10720] Bluetooth: hci4: Opcode 0x0c1a failed: -4
[  603.566319][T10720] Bluetooth: hci3: Opcode 0x0c1a failed: -4
[  604.465132][  T976] usb 1-1: new high-speed USB device number 20 using dummy_hcd
[  604.644164][  T976] usb 1-1: config 1 interface 0 altsetting 0 endpoint 0x1 has invalid wMaxPacketSize 0
[  604.660985][  T976] usb 1-1: config 1 interface 0 altsetting 0 bulk endpoint 0x1 has invalid maxpacket 0
[  604.686959][  T976] usb 1-1: config 1 interface 0 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 2
[  604.748289][  T976] usb 1-1: New USB device found, idVendor=0525, idProduct=a4a8, bcdDevice= 0.41
[  604.774553][  T976] usb 1-1: New USB device strings: Mfr=1, Product=2, SerialNumber=11
[  604.807701][  T976] usb 1-1: Product: syz
[  604.825438][  T976] usb 1-1: Manufacturer: syz
[  604.842847][  T976] usb 1-1: SerialNumber: syz
[  605.089742][  T976] usblp 1-1:1.0: usblp0: USB Unidirectional printer dev 20 if 0 alt 0 proto 1 vid 0x0525 pid 0xA4A8
[  605.307562][  T976] usb 1-1: USB disconnect, device number 20
[  605.330886][ T5840] Bluetooth: hci1: command 0x0c1a tx timeout
[  605.339000][  T976] usblp0: removed
[  605.410984][ T5840] Bluetooth: hci4: command 0x0405 tx timeout
[  605.417536][ T5840] Bluetooth: hci2: command 0x0c1a tx timeout
[  605.570784][ T5840] Bluetooth: hci3: command 0x0405 tx timeout
[  612.170602][ T9595] usb 1-1: new high-speed USB device number 21 using dummy_hcd
[  612.550830][ T9595] usb 1-1: device descriptor read/64, error -71
[  612.800840][ T9595] usb 1-1: new high-speed USB device number 22 using dummy_hcd
[  612.971003][ T9595] usb 1-1: device descriptor read/64, error -71
[  613.081778][ T9595] usb usb1-port1: attempt power cycle
[  613.453558][ T9595] usb 1-1: new high-speed USB device number 23 using dummy_hcd
[  613.615177][ T9595] usb 1-1: device descriptor read/8, error -71
[  613.860950][ T9595] usb 1-1: new high-speed USB device number 24 using dummy_hcd
[  614.282782][ T9595] usb 1-1: device descriptor read/8, error -71
[  614.412375][ T9595] usb usb1-port1: unable to enumerate USB device
[  622.617930][ T9564] usb 2-1: new high-speed USB device number 18 using dummy_hcd
[  622.776341][ T9564] usb 2-1: device descriptor read/64, error -71
[  623.130784][ T9564] usb 2-1: new high-speed USB device number 19 using dummy_hcd
[  623.271455][ T9564] usb 2-1: device descriptor read/64, error -71
[  623.414242][ T9564] usb usb2-port1: attempt power cycle
[  623.770657][ T9564] usb 2-1: new high-speed USB device number 20 using dummy_hcd
[  623.842785][ T9564] usb 2-1: device descriptor read/8, error -71
[  624.632792][ T9564] usb 2-1: new high-speed USB device number 21 using dummy_hcd
[  624.697382][ T1301] ieee802154 phy0 wpan0: encryption failed: -22
[  624.718243][ T1301] ieee802154 phy1 wpan1: encryption failed: -22
[  624.871352][ T9564] usb 2-1: device not accepting address 21, error -71
[  624.904698][ T9564] usb usb2-port1: unable to enumerate USB device
[  625.380733][T10895] netlink: 'syz.5.1343': attribute type 1 has an invalid length.
[  626.131785][T10895] workqueue: Failed to create a rescuer kthread for wq "bond1": -EINTR
[  629.600709][   T24] usb 5-1: new high-speed USB device number 23 using dummy_hcd
[  630.141555][   T24] usb 5-1: device descriptor read/64, error -71
[  630.277852][ T5840] Bluetooth: hci2: Unknown advertising packet type: 0x7f
[  630.277894][ T5840] Bluetooth: hci2: Unknown advertising packet type: 0x72
[  630.382772][T10940] netlink: 4 bytes leftover after parsing attributes in process `syz.1.1354'.
[  631.853222][   T24] usb 5-1: new high-speed USB device number 24 using dummy_hcd
[  634.261589][ T5840] Bluetooth: hci2: Malformed LE Event: 0x0d
[  651.288791][ T8988] Bluetooth: hci1: unexpected cc 0x0c03 length: 249 > 1
[  651.312836][ T8988] Bluetooth: hci1: unexpected cc 0x1003 length: 249 > 9
[  651.326315][ T8988] Bluetooth: hci1: unexpected cc 0x1001 length: 249 > 9
[  651.338745][ T8988] Bluetooth: hci1: unexpected cc 0x0c23 length: 249 > 4
[  651.348983][ T8988] Bluetooth: hci1: unexpected cc 0x0c38 length: 249 > 2
[  651.382395][ T5156] Bluetooth: hci3: unexpected cc 0x0c03 length: 249 > 1
[  651.392942][ T5156] Bluetooth: hci3: unexpected cc 0x1003 length: 249 > 9
[  651.411863][ T5156] Bluetooth: hci3: unexpected cc 0x1001 length: 249 > 9
[  651.423518][ T5156] Bluetooth: hci3: unexpected cc 0x0c23 length: 249 > 4
[  651.431619][ T5156] Bluetooth: hci3: unexpected cc 0x0c38 length: 249 > 2
[  652.982581][ T7607] bridge_slave_1: left allmulticast mode
[  652.988445][ T7607] bridge_slave_1: left promiscuous mode
[  653.025366][ T7607] bridge0: port 2(bridge_slave_1) entered disabled state
[  653.063754][ T7607] bridge_slave_0: left allmulticast mode
[  653.083545][ T7607] bridge_slave_0: left promiscuous mode
[  653.090126][ T7607] bridge0: port 1(bridge_slave_0) entered disabled state
[  653.502133][ T8988] Bluetooth: hci3: command tx timeout
[  653.508285][ T8988] Bluetooth: hci1: command tx timeout
[  655.570777][ T5156] Bluetooth: hci1: command tx timeout
[  655.577482][ T8988] Bluetooth: hci3: command tx timeout
[  656.284215][ T7607] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface
[  656.672196][ T7607] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface
[  656.684632][ T7607] bond0 (unregistering): (slave batadv0): Releasing backup interface
[  656.874448][ T7607] bond0 (unregistering): Released all slaves
[  657.394472][ T7607] tipc: Left network mode
[  657.650845][ T5156] Bluetooth: hci1: command tx timeout
[  657.656566][ T8988] Bluetooth: hci3: command tx timeout
[  658.109405][T10980] chnl_net:caif_netlink_parms(): no params data found
[  659.098395][ T7607] hsr_slave_0: left promiscuous mode
[  659.109481][ T7607] hsr_slave_1: left promiscuous mode
[  659.202275][ T7607] batman_adv: batadv0: Removing interface: batadv_slave_0
[  659.730726][ T5156] Bluetooth: hci1: command tx timeout
[  659.736256][ T5156] Bluetooth: hci3: command tx timeout
[  660.340123][T11059] ptrace attach of "./syz-executor exec"[5841] was attempted by "./syz-executor exec"[11059]
[  663.110129][ T7607] team0 (unregistering): Port device team_slave_1 removed
[  663.396987][ T7607] team0 (unregistering): Port device team_slave_0 removed
[  671.985577][T10978] chnl_net:caif_netlink_parms(): no params data found
[  672.639487][T10980] bridge0: port 1(bridge_slave_0) entered blocking state
[  672.661052][T10980] bridge0: port 1(bridge_slave_0) entered disabled state
[  672.689435][T10980] bridge_slave_0: entered allmulticast mode
[  672.740247][T10980] bridge_slave_0: entered promiscuous mode
[  672.773747][T10980] bridge0: port 2(bridge_slave_1) entered blocking state
[  673.143878][T10980] bridge0: port 2(bridge_slave_1) entered disabled state
[  673.153325][T10980] bridge_slave_1: entered allmulticast mode
[  673.166596][T10980] bridge_slave_1: entered promiscuous mode
[  675.988573][T10980] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link
[  676.382635][T10980] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link
[  676.642169][T10978] bridge0: port 1(bridge_slave_0) entered blocking state
[  676.661991][T10978] bridge0: port 1(bridge_slave_0) entered disabled state
[  676.678507][T10978] bridge_slave_0: entered allmulticast mode
[  676.746618][T10978] bridge_slave_0: entered promiscuous mode
[  676.943131][T10978] bridge0: port 2(bridge_slave_1) entered blocking state
[  676.951818][T10978] bridge0: port 2(bridge_slave_1) entered disabled state
[  676.976031][T10978] bridge_slave_1: entered allmulticast mode
[  677.010777][T10978] bridge_slave_1: entered promiscuous mode
[  677.298334][T10980] team0: Port device team_slave_0 added
[  677.507835][T11190] netlink: 4 bytes leftover after parsing attributes in process `syz.2.1408'.
[  677.733713][T10980] team0: Port device team_slave_1 added
[  679.026927][T10980] batman_adv: batadv0: Adding interface: batadv_slave_0
[  679.422505][ T7696] Bluetooth: hci5: Frame reassembly failed (-84)
[  679.423658][T10980] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[  679.458202][T10980] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active
[  679.475481][T10978] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link
[  679.489130][T10980] batman_adv: batadv0: Adding interface: batadv_slave_1
[  679.499070][T10980] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[  679.526057][T10980] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active
[  679.610963][T10978] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link
[  679.848522][T10978] team0: Port device team_slave_0 added
[  680.005215][T10978] team0: Port device team_slave_1 added
[  680.323154][ T7607] netdevsim netdevsim0 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  680.438515][T10980] hsr_slave_0: entered promiscuous mode
[  680.465116][T10980] hsr_slave_1: entered promiscuous mode
[  680.476266][T10980] debugfs: Directory 'hsr0' with parent 'hsr' already present!
[  680.485987][T10980] Cannot create hsr debugfs directory
[  680.494241][T10978] batman_adv: batadv0: Adding interface: batadv_slave_0
[  680.521158][T10978] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[  680.641610][T10978] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active
[  680.953785][ T7607] netdevsim netdevsim0 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  681.031830][T10978] batman_adv: batadv0: Adding interface: batadv_slave_1
[  681.062789][T10978] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[  681.098236][T10978] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active
[  681.275690][ T7607] netdevsim netdevsim0 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  681.490759][ T8988] Bluetooth: hci5: command 0x1003 tx timeout
[  681.490975][ T5156] Bluetooth: hci5: Opcode 0x1003 failed: -110
[  681.710372][ T7607] netdevsim netdevsim0 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  681.986258][T11232] erofs (device nbd4): cannot find valid erofs superblock
[  682.544319][T10978] hsr_slave_0: entered promiscuous mode
[  682.580025][T10978] hsr_slave_1: entered promiscuous mode
[  682.617855][T10978] debugfs: Directory 'hsr0' with parent 'hsr' already present!
[  682.646005][T10978] Cannot create hsr debugfs directory
[  683.106311][T11243] netlink: 12 bytes leftover after parsing attributes in process `syz.1.1425'.
[  684.425021][T11266] tipc: Enabled bearer <eth:syzkaller0>, priority 0
[  684.525098][T11264] syzkaller0: entered promiscuous mode
[  684.635691][T11264] syzkaller0: entered allmulticast mode
[  684.711830][ T7607] bridge_slave_1: left allmulticast mode
[  684.785599][ T7607] bridge_slave_1: left promiscuous mode
[  684.793904][ T7607] bridge0: port 2(bridge_slave_1) entered disabled state
[  684.848708][ T7607] bridge_slave_0: left allmulticast mode
[  684.889277][ T7607] bridge_slave_0: left promiscuous mode
[  684.904651][ T7607] bridge0: port 1(bridge_slave_0) entered disabled state
[  685.541991][ T9595] tipc: Node number set to 168043768
[  686.172016][ T1301] ieee802154 phy0 wpan0: encryption failed: -22
[  686.178421][ T1301] ieee802154 phy1 wpan1: encryption failed: -22
[  686.695712][ T8988] Bluetooth: hci3: command 0x0405 tx timeout
[  687.105907][ T7607] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface
[  687.138335][ T7607] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface
[  687.162863][ T7607] bond0 (unregistering): Released all slaves
[  687.247642][T11264] tipc: Resetting bearer <eth:syzkaller0>
[  687.648610][ T7607] tipc: Left network mode
[  687.694950][T10980] netdevsim netdevsim7 netdevsim0: renamed from eth0
[  687.984712][T10980] netdevsim netdevsim7 netdevsim1: renamed from eth1
[  688.107201][T10980] netdevsim netdevsim7 netdevsim2: renamed from eth2
[  688.119632][T10980] netdevsim netdevsim7 netdevsim3: renamed from eth3
[  688.277152][ T7607] hsr_slave_0: left promiscuous mode
[  688.287822][ T7607] hsr_slave_1: left promiscuous mode
[  688.296115][ T7607] batman_adv: batadv0: Interface deactivated: batadv_slave_0
[  688.306740][ T7607] batman_adv: batadv0: Removing interface: batadv_slave_0
[  688.318982][ T7607] batman_adv: batadv0: Interface deactivated: batadv_slave_1
[  688.328548][ T7607] batman_adv: batadv0: Removing interface: batadv_slave_1
[  688.355786][ T7607] veth1_macvtap: left promiscuous mode
[  688.364157][T11272] Bluetooth: hci0: Opcode 0x0c1a failed: -4
[  688.370317][ T7607] veth0_macvtap: left promiscuous mode
[  688.377366][ T7607] veth1_vlan: left promiscuous mode
[  688.383888][T11272] Bluetooth: hci2: Opcode 0x0c1a failed: -4
[  688.391985][T11272] Bluetooth: hci4: Opcode 0x0c1a failed: -4
[  688.398231][ T7607] veth0_vlan: left promiscuous mode
[  688.412802][T11272] Bluetooth: hci1: Opcode 0x0c1a failed: -4
[  688.425223][T11272] Bluetooth: hci1: Opcode 0x0406 failed: -4
[  688.440217][T11272] Bluetooth: hci1: Opcode 0x0406 failed: -4
[  688.469606][T11272] Bluetooth: hci3: Opcode 0x0c1a failed: -4
[  688.479579][T11272] Bluetooth: hci3: Opcode 0x0406 failed: -4
[  688.505962][T11272] Bluetooth: hci3: Opcode 0x0406 failed: -4
[  689.580382][ T5156] Bluetooth: hci0: command 0x0c1a tx timeout
[  690.273075][T11312] loop6: detected capacity change from 0 to 63
[  690.297892][T11312] buffer_io_error: 3 callbacks suppressed
[  690.297916][T11312] Buffer I/O error on dev loop6, logical block 0, async page read
[  690.312542][T11312] Buffer I/O error on dev loop6, logical block 1, async page read
[  690.321079][T11312] Buffer I/O error on dev loop6, logical block 2, async page read
[  690.329383][T11312] Buffer I/O error on dev loop6, logical block 3, async page read
[  690.339090][T11312] Buffer I/O error on dev loop6, logical block 0, async page read
[  690.348022][T11312] Buffer I/O error on dev loop6, logical block 1, async page read
[  690.356591][T11312] Buffer I/O error on dev loop6, logical block 2, async page read
[  690.365101][T11312] Buffer I/O error on dev loop6, logical block 3, async page read
[  690.375193][T11205] Buffer I/O error on dev loop6, logical block 0, async page read
[  690.451583][ T5156] Bluetooth: hci1: command 0x0c1a tx timeout
[  690.452775][ T8988] Bluetooth: hci4: command 0x0405 tx timeout
[  690.458037][ T5156] Bluetooth: hci2: command 0x0c1a tx timeout
[  690.562728][ T5156] Bluetooth: hci3: command 0x0405 tx timeout
[  690.743145][T11205] Buffer I/O error on dev loop6, logical block 1, async page read
[  692.274019][T11314] netlink: 'syz.1.1436': attribute type 8 has an invalid length.
[  692.327069][T11314] netlink: 198000 bytes leftover after parsing attributes in process `syz.1.1436'.
[  692.543994][ T5156] Bluetooth: hci1: command 0x0c1a tx timeout
[  692.771483][ T5156] Bluetooth: hci3: command 0x0405 tx timeout
[  692.898130][ T7607] team0 (unregistering): Port device team_slave_1 removed
[  693.044724][ T7607] team0 (unregistering): Port device team_slave_0 removed
[  694.149695][T11321] tipc: Enabling of bearer <eth:syzkaller0> rejected, already enabled
[  694.170353][T10978] netdevsim netdevsim6 netdevsim0: renamed from eth0
[  694.268383][T10978] netdevsim netdevsim6 netdevsim1: renamed from eth1
[  694.409430][T10978] netdevsim netdevsim6 netdevsim2: renamed from eth2
[  694.474055][T11336] netlink: 64 bytes leftover after parsing attributes in process `syz.4.1441'.
[  694.549822][T10978] netdevsim netdevsim6 netdevsim3: renamed from eth3
[  694.614075][ T5156] Bluetooth: hci1: command 0x0c1a tx timeout
[  694.853089][ T5156] Bluetooth: hci3: command 0x0405 tx timeout
[  695.057642][T11351] netlink: 8 bytes leftover after parsing attributes in process `syz.4.1444'.
[  695.317355][T11351] batadv_slave_0: entered promiscuous mode
[  695.433072][T11351] batadv_slave_1: entered promiscuous mode
[  695.501888][T11351] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0
[  695.563209][T11351] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  696.497537][T10980] 8021q: adding VLAN 0 to HW filter on device bond0
[  696.612523][T10978] 8021q: adding VLAN 0 to HW filter on device bond0
[  696.835730][T10980] 8021q: adding VLAN 0 to HW filter on device team0
[  697.258423][T10978] 8021q: adding VLAN 0 to HW filter on device team0
[  697.268783][   T36] bridge0: port 1(bridge_slave_0) entered blocking state
[  697.276246][   T36] bridge0: port 1(bridge_slave_0) entered forwarding state
[  697.378317][ T1161] bridge0: port 1(bridge_slave_0) entered blocking state
[  697.386278][ T1161] bridge0: port 1(bridge_slave_0) entered forwarding state
[  697.398566][T11370] netlink: 4 bytes leftover after parsing attributes in process `syz.1.1450'.
[  697.846420][T11370] hsr_slave_1 (unregistering): left promiscuous mode
[  697.938288][ T6377] bridge0: port 2(bridge_slave_1) entered blocking state
[  697.946130][ T6377] bridge0: port 2(bridge_slave_1) entered forwarding state
[  698.012475][   T13] bridge0: port 2(bridge_slave_1) entered blocking state
[  698.019698][   T13] bridge0: port 2(bridge_slave_1) entered forwarding state
[  698.068805][T11378] loop6: detected capacity change from 0 to 63
[  698.082279][T11378] buffer_io_error: 18 callbacks suppressed
[  698.082300][T11378] Buffer I/O error on dev loop6, logical block 0, async page read
[  698.096548][T11378] Buffer I/O error on dev loop6, logical block 1, async page read
[  698.104741][T11378] Buffer I/O error on dev loop6, logical block 2, async page read
[  698.113187][T11378] Buffer I/O error on dev loop6, logical block 3, async page read
[  698.122140][T11378] Buffer I/O error on dev loop6, logical block 0, async page read
[  698.131047][T11378] Buffer I/O error on dev loop6, logical block 1, async page read
[  698.138953][T11378] Buffer I/O error on dev loop6, logical block 2, async page read
[  698.147226][T11378] Buffer I/O error on dev loop6, logical block 3, async page read
[  698.206614][T11205] Buffer I/O error on dev loop6, logical block 0, async page read
[  698.257535][T11205] Buffer I/O error on dev loop6, logical block 0, async page read
[  698.472410][T11382] netlink: 'syz.1.1454': attribute type 10 has an invalid length.
[  698.629870][T10980] hsr0: Slave B (hsr_slave_1) is not up; please bring it up to get a fully working HSR network
[  698.888388][T11391] netlink: 'syz.4.1456': attribute type 1 has an invalid length.
[  699.787457][T11398] 
[  699.789963][T11398] ======================================================
[  699.797201][T11398] WARNING: possible circular locking dependency detected
[  699.804266][T11398] 6.16.0-syzkaller #0 Not tainted
[  699.809359][T11398] ------------------------------------------------------
[  699.816510][T11398] syz.1.1458/11398 is trying to acquire lock:
[  699.822732][T11398] ffff888025680988 (&set->update_nr_hwq_lock){++++}-{4:4}, at: blk_mq_update_nr_hw_queues+0x3b/0x14c0
[  699.833766][T11398] 
[  699.833766][T11398] but task is already holding lock:
[  699.841498][T11398] ffff888025680a30 (&nbd->config_lock){+.+.}-{4:4}, at: nbd_genl_connect+0x93e/0x18f0
[  699.851180][T11398] 
[  699.851180][T11398] which lock already depends on the new lock.
[  699.851180][T11398] 
[  699.861706][T11398] 
[  699.861706][T11398] the existing dependency chain (in reverse order) is:
[  699.870985][T11398] 
[  699.870985][T11398] -> #2 (&nbd->config_lock){+.+.}-{4:4}:
[  699.878922][T11398]        lock_acquire+0x120/0x360
[  699.883965][T11398]        __mutex_lock+0x182/0xe80
[  699.889013][T11398]        refcount_dec_and_mutex_lock+0x30/0xa0
[  699.895277][T11398]        nbd_config_put+0x2c/0x790
[  699.900492][T11398]        nbd_release+0xfe/0x140
[  699.905362][T11398]        bdev_release+0x533/0x650
[  699.910495][T11398]        blkdev_release+0x15/0x20
[  699.915542][T11398]        __fput+0x449/0xa70
[  699.920161][T11398]        fput_close_sync+0x119/0x200
[  699.925457][T11398]        __x64_sys_close+0x7f/0x110
[  699.930676][T11398]        do_syscall_64+0xfa/0x3b0
[  699.936143][T11398]        entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  699.942573][T11398] 
[  699.942573][T11398] -> #1 (&disk->open_mutex){+.+.}-{4:4}:
[  699.950414][T11398]        lock_acquire+0x120/0x360
[  699.955456][T11398]        __mutex_lock+0x182/0xe80
[  699.960495][T11398]        __del_gendisk+0x129/0x9e0
[  699.965636][T11398]        del_gendisk+0xe8/0x160
[  699.970519][T11398]        loop_remove+0x42/0xc0
[  699.975325][T11398]        loop_control_ioctl+0x4ac/0x5a0
[  699.980883][T11398]        __se_sys_ioctl+0xfc/0x170
[  699.986019][T11398]        do_syscall_64+0xfa/0x3b0
[  699.991072][T11398]        entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  699.997702][T11398] 
[  699.997702][T11398] -> #0 (&set->update_nr_hwq_lock){++++}-{4:4}:
[  700.006141][T11398]        validate_chain+0xb9b/0x2140
[  700.011441][T11398]        __lock_acquire+0xab9/0xd20
[  700.016818][T11398]        lock_acquire+0x120/0x360
[  700.021958][T11398]        down_write+0x96/0x1f0
[  700.026754][T11398]        blk_mq_update_nr_hw_queues+0x3b/0x14c0
[  700.033034][T11398]        nbd_start_device+0x16c/0xac0
[  700.038440][T11398]        nbd_genl_connect+0x135b/0x18f0
[  700.044000][T11398]        genl_family_rcv_msg_doit+0x215/0x300
[  700.050077][T11398]        genl_rcv_msg+0x60e/0x790
[  700.055206][T11398]        netlink_rcv_skb+0x205/0x470
[  700.060534][T11398]        genl_rcv+0x28/0x40
[  700.065096][T11398]        netlink_unicast+0x75c/0x8e0
[  700.070508][T11398]        netlink_sendmsg+0x805/0xb30
[  700.075829][T11398]        __sock_sendmsg+0x21c/0x270
[  700.081214][T11398]        ____sys_sendmsg+0x505/0x830
[  700.086513][T11398]        ___sys_sendmsg+0x21f/0x2a0
[  700.091735][T11398]        __x64_sys_sendmsg+0x19b/0x260
[  700.097206][T11398]        do_syscall_64+0xfa/0x3b0
[  700.102236][T11398]        entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  700.108749][T11398] 
[  700.108749][T11398] other info that might help us debug this:
[  700.108749][T11398] 
[  700.118986][T11398] Chain exists of:
[  700.118986][T11398]   &set->update_nr_hwq_lock --> &disk->open_mutex --> &nbd->config_lock
[  700.118986][T11398] 
[  700.133367][T11398]  Possible unsafe locking scenario:
[  700.133367][T11398] 
[  700.140823][T11398]        CPU0                    CPU1
[  700.146193][T11398]        ----                    ----
[  700.151573][T11398]   lock(&nbd->config_lock);
[  700.156199][T11398]                                lock(&disk->open_mutex);
[  700.163341][T11398]                                lock(&nbd->config_lock);
[  700.170546][T11398]   lock(&set->update_nr_hwq_lock);
[  700.175890][T11398] 
[  700.175890][T11398]  *** DEADLOCK ***
[  700.175890][T11398] 
[  700.184359][T11398] 3 locks held by syz.1.1458/11398:
[  700.189578][T11398]  #0: ffffffff8f5701f0 (cb_lock){++++}-{4:4}, at: genl_rcv+0x19/0x40
[  700.197797][T11398]  #1: ffffffff8f570008 (genl_mutex){+.+.}-{4:4}, at: genl_rcv_msg+0x10d/0x790
[  700.206955][T11398]  #2: ffff888025680a30 (&nbd->config_lock){+.+.}-{4:4}, at: nbd_genl_connect+0x93e/0x18f0
[  700.217162][T11398] 
[  700.217162][T11398] stack backtrace:
[  700.223274][T11398] CPU: 1 UID: 0 PID: 11398 Comm: syz.1.1458 Not tainted 6.16.0-syzkaller #0 PREEMPT(full) 
[  700.223295][T11398] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 07/12/2025
[  700.223305][T11398] Call Trace:
[  700.223311][T11398]  <TASK>
[  700.223318][T11398]  dump_stack_lvl+0x189/0x250
[  700.223340][T11398]  ? __pfx_dump_stack_lvl+0x10/0x10
[  700.223357][T11398]  ? __pfx__printk+0x10/0x10
[  700.223378][T11398]  ? print_lock_name+0xde/0x100
[  700.223398][T11398]  print_circular_bug+0x2ee/0x310
[  700.223418][T11398]  check_noncircular+0x134/0x160
[  700.223438][T11398]  validate_chain+0xb9b/0x2140
[  700.223463][T11398]  __lock_acquire+0xab9/0xd20
[  700.223480][T11398]  ? blk_mq_update_nr_hw_queues+0x3b/0x14c0
[  700.223501][T11398]  lock_acquire+0x120/0x360
[  700.223514][T11398]  ? blk_mq_update_nr_hw_queues+0x3b/0x14c0
[  700.223537][T11398]  ? kernfs_add_one+0xf0/0x520
[  700.223558][T11398]  down_write+0x96/0x1f0
[  700.223576][T11398]  ? blk_mq_update_nr_hw_queues+0x3b/0x14c0
[  700.223597][T11398]  ? __pfx_down_write+0x10/0x10
[  700.223615][T11398]  ? kernfs_add_one+0xf0/0x520
[  700.223635][T11398]  blk_mq_update_nr_hw_queues+0x3b/0x14c0
[  700.223666][T11398]  ? sysfs_add_file_mode_ns+0x238/0x300
[  700.223681][T11398]  ? sysfs_add_file_mode_ns+0x259/0x300
[  700.223699][T11398]  nbd_start_device+0x16c/0xac0
[  700.223720][T11398]  ? __nla_parse+0x40/0x60
[  700.223739][T11398]  ? device_create_file+0xf4/0x1c0
[  700.223761][T11398]  nbd_genl_connect+0x135b/0x18f0
[  700.223783][T11398]  ? __pfx_nbd_genl_connect+0x10/0x10
[  700.223805][T11398]  ? __nla_parse+0x40/0x60
[  700.223824][T11398]  ? genl_family_rcv_msg_attrs_parse+0x1c9/0x2a0
[  700.223844][T11398]  genl_family_rcv_msg_doit+0x215/0x300
[  700.223864][T11398]  ? __pfx_genl_family_rcv_msg_doit+0x10/0x10
[  700.223888][T11398]  genl_rcv_msg+0x60e/0x790
[  700.223906][T11398]  ? __pfx_genl_rcv_msg+0x10/0x10
[  700.223922][T11398]  ? __pfx_nbd_genl_connect+0x10/0x10
[  700.223945][T11398]  netlink_rcv_skb+0x205/0x470
[  700.223965][T11398]  ? __pfx_genl_rcv_msg+0x10/0x10
[  700.223981][T11398]  ? __pfx_netlink_rcv_skb+0x10/0x10
[  700.224007][T11398]  ? down_read+0x1ad/0x2e0
[  700.224026][T11398]  genl_rcv+0x28/0x40
[  700.224040][T11398]  netlink_unicast+0x75c/0x8e0
[  700.224063][T11398]  netlink_sendmsg+0x805/0xb30
[  700.224087][T11398]  ? __pfx_netlink_sendmsg+0x10/0x10
[  700.224111][T11398]  ? bpf_lsm_socket_sendmsg+0x9/0x20
[  700.224127][T11398]  ? __pfx_netlink_sendmsg+0x10/0x10
[  700.224148][T11398]  __sock_sendmsg+0x21c/0x270
[  700.224167][T11398]  ____sys_sendmsg+0x505/0x830
[  700.224192][T11398]  ? __pfx_____sys_sendmsg+0x10/0x10
[  700.224218][T11398]  ? import_iovec+0x74/0xa0
[  700.224240][T11398]  ___sys_sendmsg+0x21f/0x2a0
[  700.224263][T11398]  ? __pfx____sys_sendmsg+0x10/0x10
[  700.224298][T11398]  ? __fget_files+0x2a/0x420
[  700.224315][T11398]  ? __fget_files+0x3a0/0x420
[  700.224335][T11398]  __x64_sys_sendmsg+0x19b/0x260
[  700.224359][T11398]  ? __pfx___x64_sys_sendmsg+0x10/0x10
[  700.224385][T11398]  ? rcu_is_watching+0x15/0xb0
[  700.224404][T11398]  ? do_syscall_64+0xbe/0x3b0
[  700.224422][T11398]  do_syscall_64+0xfa/0x3b0
[  700.224438][T11398]  ? lockdep_hardirqs_on+0x9c/0x150
[  700.224454][T11398]  ? entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  700.224470][T11398]  ? clear_bhb_loop+0x60/0xb0
[  700.224486][T11398]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  700.224501][T11398] RIP: 0033:0x7f418f78ebe9
[  700.224516][T11398] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[  700.224530][T11398] RSP: 002b:00007f419058a038 EFLAGS: 00000246 ORIG_RAX: 000000000000002e
[  700.224548][T11398] RAX: ffffffffffffffda RBX: 00007f418f9b5fa0 RCX: 00007f418f78ebe9
[  700.224560][T11398] RDX: 0000000020000000 RSI: 0000200000001ac0 RDI: 0000000000000005
[  700.224570][T11398] RBP: 00007f418f811e19 R08: 0000000000000000 R09: 0000000000000000
[  700.224580][T11398] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000
[  700.224590][T11398] R13: 00007f418f9b6038 R14: 00007f418f9b5fa0 R15: 00007ffdcc8d6858
[  700.224607][T11398]  </TASK>
SYZFAIL: failed to recv rpc
fd=3 want=4 recv=0 n=0 (errno 9: Bad file descriptor)
[  700.806017][ T5156] block nbd0: Receive control failed (result -32)
[  700.872787][T11403] netlink: 12 bytes leftover after parsing attributes in process `syz.2.1460'.
[  700.935390][T11398] nbd0: detected capacity change from 0 to 127
[  700.964064][T11205] block nbd0: Dead connection, failed to find a fallback
[  700.991577][T11205] block nbd0: shutting down sockets
[  700.996876][T11205] I/O error, dev nbd0, sector 0 op 0x0:(READ) flags 0x0 phys_seg 1 prio class 0
[  701.010630][   T24] usb 5-1: new full-speed USB device number 25 using dummy_hcd
[  701.102381][T11205] I/O error, dev nbd0, sector 2 op 0x0:(READ) flags 0x0 phys_seg 1 prio class 0
[  701.161871][T11205] I/O error, dev nbd0, sector 4 op 0x0:(READ) flags 0x0 phys_seg 1 prio class 0
[  701.200577][T11205] I/O error, dev nbd0, sector 6 op 0x0:(READ) flags 0x0 phys_seg 1 prio class 0
[  701.209936][T11205] I/O error, dev nbd0, sector 0 op 0x0:(READ) flags 0x0 phys_seg 1 prio class 0
[  701.311901][T11205] I/O error, dev nbd0, sector 2 op 0x0:(READ) flags 0x0 phys_seg 1 prio class 0
[  701.350938][T11205] I/O error, dev nbd0, sector 4 op 0x0:(READ) flags 0x0 phys_seg 1 prio class 0
[  701.391830][T11205] I/O error, dev nbd0, sector 6 op 0x0:(READ) flags 0x0 phys_seg 1 prio class 0
[  701.420719][T11205] I/O error, dev nbd0, sector 0 op 0x0:(READ) flags 0x0 phys_seg 1 prio class 0
[  701.460655][T11205] I/O error, dev nbd0, sector 2 op 0x0:(READ) flags 0x0 phys_seg 1 prio class 0
[  701.504543][T11205] ldm_validate_partition_table(): Disk read failed.
[  701.551940][T11205] Dev nbd0: unable to read RDB block 0
[  701.559197][T11205]  nbd0: unable to read partition table
[  701.660054][T11205] ldm_validate_partition_table(): Disk read failed.
[  701.680247][T11205] Dev nbd0: unable to read RDB block 0
[  701.687810][T11205]  nbd0: unable to read partition table
[  702.112203][ T7607] bridge_slave_1: left allmulticast mode
[  702.117940][ T7607] bridge_slave_1: left promiscuous mode
[  702.140684][ T7607] bridge0: port 2(bridge_slave_1) entered disabled state
[  702.153525][ T7607] bridge_slave_0: left allmulticast mode
[  702.159239][ T7607] bridge_slave_0: left promiscuous mode
[  702.165807][ T7607] bridge0: port 1(bridge_slave_0) entered disabled state
[  702.282571][ T7607] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface
[  702.294616][ T7607] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface
[  702.306382][ T7607] bond0 (unregistering): Released all slaves
[  702.367827][ T7607] hsr_slave_0: left promiscuous mode
[  702.377014][ T7607] hsr_slave_1: left promiscuous mode
[  702.383990][ T7607] batman_adv: batadv0: Removing interface: batadv_slave_0
[  702.394462][ T7607] batman_adv: batadv0: Removing interface: batadv_slave_1
[  702.511163][ T7607] team0 (unregistering): Port device team_slave_1 removed
[  702.542418][ T7607] team0 (unregistering): Port device team_slave_0 removed
[  703.368201][ T7607] netdevsim netdevsim4 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  703.416856][ T7607] netdevsim netdevsim4 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  703.456356][ T7607] netdevsim netdevsim4 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  703.515521][ T7607] netdevsim netdevsim4 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  703.647871][ T7607] bridge_slave_1: left allmulticast mode
[  703.654190][ T7607] bridge_slave_1: left promiscuous mode
[  703.659935][ T7607] bridge0: port 2(bridge_slave_1) entered disabled state
[  703.669709][ T7607] bridge_slave_0: left allmulticast mode
[  703.675546][ T7607] bridge_slave_0: left promiscuous mode
[  703.681715][ T7607] bridge0: port 1(bridge_slave_0) entered disabled state
[  703.690721][ T7607] bridge_slave_1: left allmulticast mode
[  703.696390][ T7607] bridge_slave_1: left promiscuous mode
[  703.702801][ T7607] bridge0: port 2(bridge_slave_1) entered disabled state
[  703.711224][ T7607] bridge_slave_0: left allmulticast mode
[  703.716892][ T7607] bridge_slave_0: left promiscuous mode
[  703.722757][ T7607] bridge0: port 1(bridge_slave_0) entered disabled state
[  703.733288][ T7607] macsec0: left allmulticast mode
[  703.738685][ T7607] veth1_macvtap: left allmulticast mode
[  703.744721][ T7607] macsec0: left promiscuous mode
[  703.749890][ T7607] bridge0: port 3(macsec0) entered disabled state
[  703.758023][ T7607] bridge_slave_1: left allmulticast mode
[  703.764384][ T7607] bridge_slave_1: left promiscuous mode
[  703.770224][ T7607] bridge0: port 2(bridge_slave_1) entered disabled state
[  703.779715][ T7607] bridge_slave_0: left allmulticast mode
[  703.785712][ T7607] bridge_slave_0: left promiscuous mode
[  703.791656][ T7607] bridge0: port 1(bridge_slave_0) entered disabled state
[  703.910594][ T7607] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface
[  703.921784][ T7607] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface
[  703.931868][ T7607] bond0 (unregistering): Released all slaves
[  704.251823][ T7607] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface
[  704.261943][ T7607] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface
[  704.271302][ T7607] bond0 (unregistering): Released all slaves
[  704.405662][ T7607] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface
[  704.415854][ T7607] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface
[  704.426202][ T7607] bond0 (unregistering): Released all slaves
[  704.528720][ T7607] tipc: Left network mode
[  704.864085][ T7607] hsr_slave_0: left promiscuous mode
[  704.870208][ T7607] hsr_slave_1: left promiscuous mode
[  704.876540][ T7607] batman_adv: batadv0: Removing interface: batadv_slave_0
[  704.884775][ T7607] batman_adv: batadv0: Removing interface: batadv_slave_1
[  704.898650][ T7607] hsr_slave_0: left promiscuous mode
[  704.905154][ T7607] hsr_slave_1: left promiscuous mode
[  704.911363][ T7607] batman_adv: batadv0: Removing interface: batadv_slave_0
[  704.919142][ T7607] batman_adv: batadv0: Removing interface: batadv_slave_1
[  704.927302][ T7607] batadv_slave_0: left promiscuous mode
[  704.933993][ T7607] batadv_slave_1: left promiscuous mode
[  704.944298][ T7607] hsr_slave_0: left promiscuous mode
[  704.950202][ T7607] hsr_slave_1: left promiscuous mode
[  704.956959][ T7607] batman_adv: batadv0: Interface deactivated: batadv_slave_0
[  704.964933][ T7607] batman_adv: batadv0: Removing interface: batadv_slave_0
[  704.973057][ T7607] batman_adv: batadv0: Interface deactivated: batadv_slave_1
[  704.981258][ T7607] batman_adv: batadv0: Removing interface: batadv_slave_1
[  705.001183][ T7607] veth1_macvtap: left promiscuous mode
[  705.006732][ T7607] veth0_macvtap: left promiscuous mode
[  705.012790][ T7607] veth1_vlan: left promiscuous mode
[  705.018144][ T7607] veth0_vlan: left promiscuous mode
[  705.268535][ T7607] team0 (unregistering): Port device team_slave_1 removed
[  705.296348][ T7607] team0 (unregistering): Port device team_slave_0 removed
[  705.685445][ T7607] team0 (unregistering): Port device team_slave_1 removed
[  705.729082][ T7607] team0 (unregistering): Port device team_slave_0 removed
[  706.214673][ T7607] team0 (unregistering): Port device team_slave_1 removed
[  706.227385][ T7607] team0 (unregistering): Port device team_slave_0 removed