last executing test programs:

21m23.816860009s ago: executing program 32 (id=625):
sched_setattr(0x0, &(0x7f0000000100)={0x38, 0x5, 0x0, 0x1, 0x0, 0x0, 0x4ee59ce4, 0xfffffffffffffffe, 0xfffffffc}, 0x0)
r0 = fsopen(&(0x7f00000001c0)='ramfs\x00', 0x0)
fsconfig$FSCONFIG_CMD_CREATE(r0, 0x6, 0x0, 0x0, 0x0)
r1 = fsmount(r0, 0x1, 0x0)
fchdir(r1)
r2 = open(&(0x7f0000000040)='./file1\x00', 0x80242, 0x0)
sendfile(r2, r2, 0x0, 0x7f03)

21m11.527305441s ago: executing program 33 (id=719):
r0 = socket$inet_sctp(0x2, 0x1, 0x84)
r1 = openat$vhost_vsock(0xffffffffffffff9c, &(0x7f0000000400), 0x2, 0x0)
ioctl$VHOST_VSOCK_SET_GUEST_CID(r1, 0x4008af60, &(0x7f00000002c0)={@my=0x0})
r2 = socket$vsock_stream(0x28, 0x1, 0x0)
connect$vsock_stream(r2, &(0x7f0000000340)={0x28, 0x0, 0x2710, @my=0x0}, 0x10)
close_range(r0, 0xffffffffffffffff, 0x0)
syz_usb_connect(0x5, 0x36, 0x0, 0x0)

20m55.47589593s ago: executing program 34 (id=830):
r0 = syz_usb_connect(0x0, 0x24, &(0x7f0000000040)=ANY=[@ANYBLOB="120100005938d74010973077339600000001090212000100001e000904"], 0x0)
syz_usb_control_io(r0, 0x0, &(0x7f0000000800)={0x84, &(0x7f0000000780)=ANY=[@ANYBLOB="020082"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0})
syz_usb_control_io$cdc_ncm(r0, 0x0, 0x0)
syz_usb_control_io$cdc_ncm(r0, 0x0, 0x0)
syz_usb_control_io$cdc_ncm(r0, 0x0, 0x0)
syz_usb_control_io$hid(r0, 0x0, &(0x7f0000000ac0)={0x18, &(0x7f00000008c0)={0x40, 0x10, 0x2, "d0d2"}, 0x0, 0x0, 0x0, 0x0})
syz_usb_control_io(r0, 0x0, 0x0)

20m38.63034599s ago: executing program 35 (id=950):
r0 = syz_open_dev$sndctrl(&(0x7f0000001440), 0x0, 0x801)
ioctl$SNDRV_CTL_IOCTL_PCM_PREFER_SUBDEVICE(r0, 0x40045532, &(0x7f0000000100))
r1 = openat$audio(0xffffffffffffff9c, &(0x7f00000000c0), 0x88602, 0x0)
ioctl$SNDCTL_DSP_GETODELAY(r1, 0x80045017, 0x0)
r2 = syz_open_dev$sndpcmp(&(0x7f0000001200), 0x0, 0xa2c65)
ioctl$SNDRV_PCM_IOCTL_DRAIN(r2, 0x4144, 0x0)
ioctl$SNDCTL_DSP_GETOPTR(r1, 0x800c5012, 0xffffffffffffffff)

20m6.354765901s ago: executing program 36 (id=1201):
r0 = openat$vhost_vsock(0xffffffffffffff9c, &(0x7f0000000240), 0x2, 0x0)
ioctl$VHOST_SET_VRING_BASE(r0, 0xaf01, 0x0)
ioctl$VHOST_SET_VRING_ADDR(r0, 0x4028af11, &(0x7f0000000140)={0x0, 0x0, 0x0, &(0x7f0000000180)=""/53, 0x0})
ioctl$VHOST_SET_MEM_TABLE(r0, 0x4008af03, &(0x7f0000000980))
ioctl$VHOST_SET_VRING_ADDR(r0, 0x4028af11, &(0x7f0000000280)={0x1, 0x0, 0x0, &(0x7f00000000c0)=""/87, 0x0})
ioctl$VHOST_VSOCK_SET_RUNNING(r0, 0x4004af61, &(0x7f0000000000)=0x1)
ioctl$VHOST_SET_MEM_TABLE(r0, 0x4008af03, &(0x7f00000003c0)={0x2, 0x0, [{0x0, 0x60, &(0x7f00000001c0)=""/96}, {0x0, 0xffffffffffffff34, &(0x7f0000000300)=""/192}]})

19m30.213097424s ago: executing program 37 (id=1467):
openat$kvm(0xffffffffffffff9c, 0x0, 0x0, 0x0)
r0 = socket$nl_generic(0x10, 0x3, 0x10)
r1 = syz_genetlink_get_family_id$nl80211(&(0x7f0000000440), 0xffffffffffffffff)
r2 = socket(0x11, 0xa, 0x0)
ioctl$sock_SIOCGIFINDEX_80211(r2, 0x8933, &(0x7f0000000100)={'wlan0\x00', <r3=>0x0})
sendmsg$nl_route(0xffffffffffffffff, &(0x7f0000000280)={0x0, 0x0, &(0x7f0000000140)={&(0x7f0000000180)=@newlink={0x3c, 0x10, 0x403, 0x0, 0x25dfdbfe, {0x0, 0x0, 0x74, 0x0, 0x800}, [@IFLA_LINKINFO={0x1c, 0x12, 0x0, 0x1, @bridge={{0xb}, {0xc, 0x2, 0x0, 0x1, [@IFLA_BR_MCAST_MLD_VERSION={0x5, 0x2c, 0x9}]}}}]}, 0x3c}, 0x1, 0x0, 0x0, 0x800}, 0x0)
sendmsg$NL80211_CMD_SET_WIPHY_NETNS(r0, &(0x7f0000000340)={0x0, 0x0, &(0x7f0000000300)={&(0x7f0000000180)=ANY=[@ANYBLOB='H\x00\x00\x00', @ANYRES16=r1, @ANYBLOB="77ba00000000000000001f000000080001000000000008000300", @ANYRES32=r3], 0x48}}, 0x0)

19m13.722880483s ago: executing program 38 (id=1565):
r0 = seccomp$SECCOMP_SET_MODE_FILTER_LISTENER(0x1, 0x6, &(0x7f0000000400)={0x1, &(0x7f0000000200)=[{0x6, 0x0, 0x2, 0x7fffffff}]})
r1 = openat$dma_heap(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0)
ioctl$DMA_HEAP_IOCTL_ALLOC(r1, 0xc0184800, &(0x7f0000000100)={0x4, <r2=>r0})
r3 = syz_open_dev$dri(&(0x7f0000000040), 0x1ff, 0x80000)
ioctl$DRM_IOCTL_PRIME_FD_TO_HANDLE(r3, 0xc00c642e, &(0x7f00000000c0)={<r4=>0x0, 0x0, r2})
mprotect(&(0x7f0000000000/0x2000)=nil, 0x2000, 0x1)
ioctl$DRM_IOCTL_GEM_FLINK(r3, 0xc008640a, &(0x7f00000001c0)={r4})

18m58.25264552s ago: executing program 39 (id=1646):
sendmsg$nl_route(0xffffffffffffffff, 0x0, 0x8000002)
ioctl$sock_SIOCGIFINDEX_80211(0xffffffffffffffff, 0x8933, 0x0)
syz_open_procfs(0x0, 0x0)
r0 = syz_usb_connect(0x0, 0x24, &(0x7f00000001c0)=ANY=[@ANYBLOB="120100009dea7840b418fbff7bdc01020301090212000100000000090401"], 0x0)
syz_usb_control_io$cdc_ecm(r0, 0x0, &(0x7f00000008c0)={0x1c, &(0x7f0000000100)=ANY=[@ANYBLOB="00000100000001"], 0x0, 0x0})
r1 = syz_open_dev$I2C(&(0x7f0000000000), 0x1, 0x402)
writev(r1, &(0x7f0000000040)=[{0x0}, {&(0x7f0000000380)="90", 0x1}], 0x2)

18m46.254985133s ago: executing program 40 (id=1728):
socket$inet6_sctp(0xa, 0x1, 0x84)
r0 = socket$inet_tcp(0x2, 0x1, 0x0)
bind$inet(r0, &(0x7f0000000080)={0x2, 0x4e21, @broadcast}, 0x10)
connect$inet(r0, &(0x7f0000000180)={0x2, 0x4e21, @local}, 0x10)
sendto$inet(r0, &(0x7f0000000000), 0xffffffffffffff94, 0x0, 0x0, 0x11)
setsockopt$sock_int(r0, 0x1, 0x12, &(0x7f0000000000)=0xffff2652, 0x4)
pselect6(0x40, &(0x7f0000000100)={0x0, 0x4, 0x0, 0x1, 0x0, 0xffffffffffffffff}, 0x0, &(0x7f0000000240)={0x1f, 0x1, 0xfffffffffffffffd, 0x0, 0xfffffffffffffffc}, 0x0, 0x0)

18m27.528999172s ago: executing program 41 (id=1851):
r0 = openat$sndseq(0xffffff9c, &(0x7f0000000180), 0x40)
ioctl$SNDRV_SEQ_IOCTL_CREATE_PORT(r0, 0xc0a45320, &(0x7f00000000c0)={{0x80, 0x4}, 'port1\x00', 0x786520dbf34c80fe, 0x20a03, 0x20000004, 0x0, 0x0, 0x4, 0x400, 0x0, 0x7, 0x2})
r1 = syz_io_uring_setup(0x890, &(0x7f0000000140)={0x0, 0x4aee2, 0x1000, 0x1, 0xbfdffffc}, &(0x7f00000000c0)=<r2=>0x0, &(0x7f0000000040)=<r3=>0x0)
syz_memcpy_off$IO_URING_METADATA_GENERIC(r2, 0x4, &(0x7f0000000080)=0xfffffffc, 0x0, 0x4)
syz_io_uring_submit(r2, r3, &(0x7f00000002c0)=@IORING_OP_POLL_ADD={0x6, 0x0, 0x0, @fd_index=0x3, 0x0, 0x0, 0x0, {0x85c3}})
io_uring_enter(r1, 0x7323, 0x700, 0x5, 0x0, 0x0)
openat$sequencer2(0xffffff9c, &(0x7f0000000040), 0x123482, 0x0)

16m2.82201137s ago: executing program 42 (id=2833):
r0 = socket$inet6_sctp(0xa, 0x1, 0x84)
bind$inet6(r0, &(0x7f0000000280)={0xa, 0x4e23, 0x0, @loopback}, 0x1c)
sendto$inet6(r0, &(0x7f00000002c0)="9e", 0x1, 0x41, &(0x7f0000000200)={0xa, 0x4e23, 0x10003, @loopback, 0x7}, 0x1c)
setsockopt$inet_sctp6_SCTP_DEFAULT_PRINFO(r0, 0x84, 0x72, &(0x7f0000000300)={0x0, 0x200002, 0x30}, 0xc)
sendto$inet6(r0, &(0x7f00000008c0)='\v', 0x1, 0x24004c90, 0x0, 0x0)
writev(r0, &(0x7f0000000100)=[{&(0x7f0000000480)="f0", 0x1}], 0x1)
setsockopt$inet_sctp6_SCTP_DEFAULT_PRINFO(r0, 0x84, 0x72, &(0x7f0000000140)={0x0, 0x0, 0x10}, 0xc)
writev(r0, &(0x7f00000003c0)=[{&(0x7f0000000340)=',', 0x34000}], 0x1)

14m49.037871974s ago: executing program 43 (id=3284):
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, 0x0, 0x0)
r0 = socket$inet_mptcp(0x2, 0x1, 0x106)
sendmmsg(r0, &(0x7f0000002840)=[{{0x0, 0x0, 0x0}}], 0x1, 0x20044000)
sendmsg$inet(r0, &(0x7f00000003c0)={&(0x7f0000000080)={0x2, 0xa, @local}, 0x10, 0x0}, 0x20000084)
connect$inet(r0, &(0x7f0000000000)={0x2, 0x4e22, @empty}, 0x10)
r1 = socket$nl_generic(0x10, 0x3, 0x10)
r2 = syz_genetlink_get_family_id$mptcp(&(0x7f0000000740), 0xffffffffffffffff)
sendmsg$MPTCP_PM_CMD_FLUSH_ADDRS(r1, &(0x7f0000000200)={0x0, 0x0, &(0x7f0000000180)={&(0x7f0000000400)={0x14, r2, 0x1, 0x70bd2c, 0x25dfdbff}, 0x14}, 0x1, 0x0, 0x0, 0x2000c810}, 0x800)

12m52.792821218s ago: executing program 44 (id=3858):
openat$fuse(0xffffffffffffff9c, &(0x7f0000002080), 0x2, 0x0)
syz_open_dev$loop(&(0x7f0000000480), 0xd76, 0x181400)
r0 = syz_io_uring_setup(0x315b, &(0x7f0000000200)={0x0, 0xcfca, 0x1040, 0x0, 0x1000001, 0x0, 0x0}, 0x0, 0x0)
r1 = syz_io_uring_setup(0x10d1, &(0x7f0000000480)={0x0, 0x7734, 0x80, 0x0, 0x34d, 0x0, r0}, &(0x7f00000000c0)=<r2=>0x0, &(0x7f0000000080)=<r3=>0x0)
syz_memcpy_off$IO_URING_METADATA_GENERIC(r2, 0x4, &(0x7f0000000180)=0xfffffffc, 0x0, 0x4)
setsockopt$SO_ATTACH_FILTER(0xffffffffffffffff, 0x1, 0x1a, &(0x7f0000000300)={0x1, &(0x7f0000000200)=[{0x2e, 0x0, 0x0, 0x4}]}, 0x10)
mprotect(&(0x7f0000000000/0x800000)=nil, 0x800000, 0x5)
syz_io_uring_submit(r2, r3, &(0x7f0000000200)=@IORING_OP_POLL_REMOVE={0x7, 0x15523ea56aa22b9a, 0x0, 0x0, 0x0, 0x12345})
io_uring_enter(r1, 0x47bc, 0x0, 0x0, 0x0, 0x0)

12m5.074445653s ago: executing program 45 (id=4088):
syz_emit_vhci(&(0x7f0000001780)=@HCI_EVENT_PKT={0x4, @hci_ev_encrypt_change={{0x8, 0x4}, {0x0, 0xc8, 0x2}}}, 0x7)
r0 = openat$binderfs(0xffffffffffffff9c, 0x0, 0x0, 0x0)
ioctl$VHOST_SET_VRING_BASE(0xffffffffffffffff, 0xaf01, 0x0)
bpf$MAP_CREATE(0x0, 0x0, 0x48)
bpf$PROG_LOAD(0x5, 0x0, 0x0)
bpf$PROG_LOAD(0x5, 0x0, 0x0)
bpf$BPF_PROG_TEST_RUN(0xa, 0x0, 0x0)
ioctl$VHOST_SET_MEM_TABLE(0xffffffffffffffff, 0x4008af03, 0x0)
close_range(r0, 0xffffffffffffffff, 0x0)

7m49.483392159s ago: executing program 0 (id=5216):
r0 = openat$binderfs(0xffffffffffffff9c, &(0x7f0000000380)='./binderfs/binder0\x00', 0x0, 0x0)
r1 = openat$binderfs(0xffffffffffffff9c, &(0x7f0000000200)='./binderfs/binder0\x00', 0x0, 0x0)
ioctl$TUNSETIFF(0xffffffffffffffff, 0x400454ca, 0x0)
ioctl$TUNSETNOCSUM(0xffffffffffffffff, 0x400454c8, 0x0)
ioctl$BINDER_WRITE_READ(r1, 0xc0306201, 0x0)
r2 = dup3(r1, r0, 0x0)
r3 = gettid()
timer_create(0x0, &(0x7f0000533fa0)={0x0, 0x21, 0x800000000004, @tid=r3}, &(0x7f0000bbdffc))
timer_settime(0x0, 0x0, &(0x7f0000000280)={{0x0, 0x989680}, {0x0, 0x989680}}, 0x0)
ioctl$BINDER_WRITE_READ(r2, 0xc0306201, &(0x7f0000000280)={0x0, 0x0, 0x0, 0x2, 0x0, &(0x7f0000000400)="5ed1"})

7m49.303163546s ago: executing program 0 (id=5219):
r0 = openat$tun(0xffffffffffffff9c, &(0x7f0000000240), 0x0, 0x0)
ioctl$TUNSETIFF(r0, 0x400454ca, &(0x7f0000000040)={'syzkaller0\x00', 0x7101})
r1 = socket(0x400000000010, 0x3, 0x0)
r2 = socket$unix(0x1, 0x5, 0x0)
ioctl$sock_SIOCGIFINDEX(r2, 0x8933, &(0x7f0000000100)={'syzkaller0\x00', <r3=>0x0})
sendmsg$nl_route_sched(r1, &(0x7f00000012c0)={0x0, 0x0, &(0x7f0000000080)={&(0x7f00000001c0)=@newqdisc={0x2c, 0x24, 0x4ee4e6a52ff56541, 0x70bd2a, 0xffffffff, {0x0, 0x0, 0x0, r3, {0x0, 0xfff1}, {0xffff, 0xffff}, {0x0, 0xf}}, [@qdisc_kind_options=@q_qfg={0x8}]}, 0x2c}}, 0x0)
r4 = socket$nl_route(0x10, 0x3, 0x0)
r5 = socket$unix(0x1, 0x1, 0x0)
ioctl$sock_SIOCGIFINDEX(r5, 0x8933, &(0x7f0000000100)={'syzkaller0\x00', <r6=>0x0})
sendmsg$nl_route_sched(r4, &(0x7f0000001200)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000001300)=@newqdisc={0x38, 0x28, 0x4ee4e6a52ff56541, 0x70bd28, 0xfffffdfc, {0x0, 0x0, 0x0, r6, {0xfff1}, {0xffff, 0xffff}, {0xffff, 0x3}}, [@TCA_RATE={0x6, 0x5, {0xe}}, @qdisc_kind_options=@q_tbf={{0x8}, {0x4}}]}, 0x38}, 0x1, 0x0, 0x0, 0x40058}, 0x4000080)

7m48.456261495s ago: executing program 0 (id=5221):
r0 = openat$tun(0xffffffffffffff9c, &(0x7f0000000240), 0x0, 0x0)
ioctl$TUNSETIFF(r0, 0x400454ca, &(0x7f0000000040)={'syzkaller0\x00', 0x7101})
r1 = openat$tun(0xffffffffffffff9c, &(0x7f00000002c0), 0x20ac02, 0x0)
close(r1)
socket$netlink(0x10, 0x3, 0x0)
ioctl$SIOCSIFHWADDR(r1, 0x8914, &(0x7f00000000c0)={'syzkaller0\x00', @broadcast})
r2 = socket$unix(0x1, 0x1, 0x0)
ioctl$sock_SIOCGIFINDEX(r2, 0x8933, &(0x7f0000000100)={'syzkaller0\x00', <r3=>0x0})
r4 = socket$netlink(0x10, 0x3, 0x0)
sendmsg$nl_route_sched(r4, &(0x7f0000000280)={0x0, 0x0, &(0x7f0000000140)={&(0x7f00000001c0)=@gettclass={0x24, 0x2a, 0x129, 0x0, 0xfffffffd, {0x0, 0x0, 0x0, r3, {0x1, 0xd}, {0x0, 0x2}, {0x8, 0xfff1}}}, 0x24}}, 0x40004)

7m48.018301677s ago: executing program 0 (id=5222):
mkdir(&(0x7f00000002c0)='./file0\x00', 0x2)
r0 = open_tree(0xffffffffffffff9c, &(0x7f0000000480)='./file0\x00', 0x80101)
move_mount(r0, &(0x7f0000000140)='.\x00', 0xffffffffffffff9c, &(0x7f0000000180)='./file0\x00', 0x10)
chroot(&(0x7f0000000780)='./file0\x00')
r1 = open_tree(0xffffffffffffff9c, &(0x7f0000000040)='.\x00', 0x89901)
move_mount(r1, &(0x7f0000000140)='.\x00', 0xffffffffffffff9c, &(0x7f0000000180)='./file0\x00', 0x0)
chroot(&(0x7f0000000300)='./file0/../file0/../file0/../file0\x00')
r2 = open_tree(0xffffffffffffff9c, &(0x7f0000000640)='\x00', 0x89901)
move_mount(r2, &(0x7f0000000140)='.\x00', 0xffffffffffffff9c, &(0x7f0000000300)='./file0\x00', 0x0)
pivot_root(&(0x7f00000000c0)='./file0/../file0/../file0/../file0\x00', &(0x7f0000000080)='./file0/../file0/../file0/../file0/file0\x00')

7m47.822338521s ago: executing program 0 (id=5225):
r0 = socket$inet6_sctp(0xa, 0x1, 0x84)
r1 = socket$inet6_sctp(0xa, 0x5, 0x84)
bind$inet6(r1, &(0x7f00000002c0)={0xa, 0x4e23, 0x0, @loopback}, 0x1c)
listen(r1, 0x4)
setsockopt$inet_sctp6_SCTP_ENABLE_STREAM_RESET(r1, 0x84, 0x76, &(0x7f0000000140)={0x0, 0x5}, 0x8)
setsockopt$inet_sctp6_SCTP_RECONFIG_SUPPORTED(r1, 0x84, 0x75, &(0x7f0000000000)={0x0, 0x4}, 0x8)
setsockopt$inet_sctp6_SCTP_ENABLE_STREAM_RESET(r0, 0x84, 0x76, &(0x7f0000444ff8)={0x0, 0x7}, 0x8)
setsockopt$inet_sctp6_SCTP_RECONFIG_SUPPORTED(r0, 0x84, 0x75, &(0x7f0000000000)={0x0, 0xca}, 0x8)
sendmmsg$inet6(r0, &(0x7f0000003c40)=[{{&(0x7f0000000080)={0xa, 0x4e23, 0x0, @loopback}, 0x1c, &(0x7f0000000240)=[{&(0x7f0000000140)='j', 0x1}], 0x1}}], 0x1, 0x0)
setsockopt$inet_sctp6_SCTP_RESET_STREAMS(r0, 0x84, 0x77, &(0x7f00000003c0)=ANY=[@ANYRES32=0x0, @ANYBLOB="ad"], 0x8)

7m47.365078011s ago: executing program 0 (id=5227):
r0 = syz_open_dev$sndmidi(&(0x7f0000000040), 0x2, 0x141101)
r1 = dup(r0)
write$6lowpan_enable(r1, &(0x7f0000000000)='0', 0xfffffd2c)
r2 = syz_io_uring_setup(0x239, &(0x7f00000002c0)={0x0, 0x4533, 0x10100, 0x1000, 0x3e1}, &(0x7f0000000180)=<r3=>0x0, &(0x7f0000000340)=<r4=>0x0)
syz_io_uring_submit(r3, r4, &(0x7f0000000040)=@IORING_OP_POLL_ADD={0x6, 0x2, 0x0, @fd_index=0x4, 0x0, 0x0, 0x0, {}, 0x1})
io_uring_enter(r2, 0x2ded, 0x4000, 0x0, 0x0, 0x51)
r5 = syz_open_dev$sndctrl(&(0x7f0000001440), 0x0, 0x0)
ioctl$SNDRV_CTL_IOCTL_PCM_PREFER_SUBDEVICE(r5, 0x40045532, &(0x7f0000000000)=0x7)
syz_open_dev$sndpcmp(&(0x7f0000000b00), 0x0, 0x0)
syz_open_dev$sndpcmp(&(0x7f0000000440), 0x0, 0x0)

7m46.45735373s ago: executing program 46 (id=5227):
r0 = syz_open_dev$sndmidi(&(0x7f0000000040), 0x2, 0x141101)
r1 = dup(r0)
write$6lowpan_enable(r1, &(0x7f0000000000)='0', 0xfffffd2c)
r2 = syz_io_uring_setup(0x239, &(0x7f00000002c0)={0x0, 0x4533, 0x10100, 0x1000, 0x3e1}, &(0x7f0000000180)=<r3=>0x0, &(0x7f0000000340)=<r4=>0x0)
syz_io_uring_submit(r3, r4, &(0x7f0000000040)=@IORING_OP_POLL_ADD={0x6, 0x2, 0x0, @fd_index=0x4, 0x0, 0x0, 0x0, {}, 0x1})
io_uring_enter(r2, 0x2ded, 0x4000, 0x0, 0x0, 0x51)
r5 = syz_open_dev$sndctrl(&(0x7f0000001440), 0x0, 0x0)
ioctl$SNDRV_CTL_IOCTL_PCM_PREFER_SUBDEVICE(r5, 0x40045532, &(0x7f0000000000)=0x7)
syz_open_dev$sndpcmp(&(0x7f0000000b00), 0x0, 0x0)
syz_open_dev$sndpcmp(&(0x7f0000000440), 0x0, 0x0)

5m15.966296291s ago: executing program 8 (id=5792):
ioctl$KVM_CLEAR_DIRTY_LOG(0xffffffffffffffff, 0xc018aec0, &(0x7f0000000580)={0x0, 0x2c0, 0x0, &(0x7f0000000180)=[0x6bd1a312, 0x2ec66, 0x3, 0x8, 0x7, 0x800000000000008, 0x0, 0x1, 0x10000, 0x100, 0x9004, 0x40000000000000, 0x3, 0x5, 0x5, 0x49, 0x3ff, 0x2, 0x0, 0xb, 0x8000000008, 0x7, 0x1c1, 0x1000000003, 0x2, 0x2, 0x6, 0x7, 0xa40, 0xffffffff, 0xffffffff00000000, 0x0, 0x9, 0x7, 0x23b, 0x3, 0x2, 0x888f, 0x8, 0x8, 0x6, 0x6, 0x3, 0xa3de, 0x20000000006, 0x8, 0x5c3e, 0x400, 0x1, 0x5, 0xfffffffffffffffa, 0x1, 0xe, 0x400000007, 0x4, 0x100000000, 0x200000000000101, 0x5, 0x9, 0x0, 0x3, 0x7, 0x40000005, 0xfffffffeffffffff, 0xa, 0x800000000000d, 0x9, 0xe8, 0x80000000, 0xfffffffffffffc00, 0x2, 0x7, 0x2, 0xcdc, 0x7, 0x2, 0x3, 0x2, 0x5, 0xfff, 0x9, 0x4, 0x6, 0xc, 0x0, 0x4, 0xfff, 0xffffffffffffff81, 0x9, 0xff, 0x5, 0xff8, 0x5, 0x400000000008061d, 0x6, 0x8, 0xf6, 0x7, 0x6, 0x200, 0x7, 0xe53e, 0x2c, 0x2, 0x2293332f, 0x6, 0x5, 0x40000000000, 0xd, 0x2, 0x5, 0x2, 0x2, 0x7, 0xdfd7, 0xfffd, 0x10, 0x8, 0x8, 0x1, 0x53e0f0fe, 0xeb4, 0x3, 0xfffffffffffffffe, 0xb692, 0x3ffc00000, 0x8, 0x3]})
ioctl$KVM_CAP_X86_GUEST_MODE(0xffffffffffffffff, 0x4068aea3, &(0x7f0000000240))
r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000200), 0x0, 0x0)
r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0)
ioctl$KVM_CREATE_IRQCHIP(r1, 0xae60)
ioctl$KVM_CREATE_PIT2(r1, 0x4040ae77, &(0x7f0000000040))
ioctl$KVM_SET_REGS(0xffffffffffffffff, 0x4090ae82, &(0x7f0000000000)={[0x35, 0x7, 0x2, 0x180, 0x4, 0x10, 0xf1, 0x50, 0x7fffffffffffe, 0x5, 0x0, 0x9, 0x0, 0x6, 0x0, 0xbdb], 0xffff1001, 0x120182})
r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0)
ioctl$KVM_SET_USER_MEMORY_REGION(r1, 0x4020ae46, &(0x7f0000000180)={0x0, 0x0, 0x0, 0x2000, &(0x7f0000000000/0x2000)=nil})
ioctl$KVM_SET_REGS(r2, 0x4090ae82, &(0x7f00000003c0)={[0x60000000002, 0x1000000000, 0x0, 0x43, 0x2000001, 0x0, 0x2004cb, 0x0, 0x1000000, 0x68ff, 0x5, 0x9, 0x3], 0xeeee8000, 0x202})
ioctl$KVM_RUN(r2, 0xae80, 0x0)

5m15.446781911s ago: executing program 8 (id=5796):
socketpair$unix(0x1, 0x3, 0x0, &(0x7f0000000080)={<r0=>0xffffffffffffffff, <r1=>0xffffffffffffffff})
connect$unix(r0, &(0x7f0000000180)=@abs, 0x6e)
sendmmsg$unix(r1, &(0x7f00000bd000), 0x318, 0x0)
recvmmsg(r0, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
mlock(&(0x7f0000000000/0x800000)=nil, 0x800000)
r2 = socket$alg(0x26, 0x5, 0x0)
bind$alg(r2, &(0x7f0000000480)={0x26, 'hash\x00', 0x0, 0x0, 'nhpoly1305-sse2\x00'}, 0x58)
setsockopt$ALG_SET_KEY(r2, 0x117, 0x1, &(0x7f0000000000)="8a", 0x440)
r3 = accept4(r2, 0x0, 0x0, 0x0)
sendmmsg$alg(r3, &(0x7f0000004140)=[{0x0, 0x0, &(0x7f0000000600)=[{&(0x7f00000001c0)="14", 0x1}, {&(0x7f0000000280)="3b942cdf3dbb4d708446209c8a7a9893c711167b6aee1ac4a8cc59d92a394f460b20f21b9add9e84d2dba9e6df8034c449e64138a4aea2a8df6d35031bd3263f", 0x7fffefff}], 0x2}], 0x1, 0x0)

5m13.396056852s ago: executing program 8 (id=5801):
r0 = openat(0xffffffffffffff9c, &(0x7f000000c380)='./file0\x00', 0x40, 0x0)
r1 = openat$fuse(0xffffffffffffff9c, &(0x7f0000002080), 0x42, 0x0)
mount$fuse(0x0, &(0x7f00000020c0)='./file0\x00', &(0x7f0000002100), 0x0, &(0x7f0000002140)=ANY=[@ANYBLOB='fd=', @ANYRESHEX=r1, @ANYBLOB=',rootmode=00000000000000000100000,user_id=', @ANYRESDEC=0x0, @ANYBLOB=',group_id=', @ANYRESDEC=0x0])
read$FUSE(r1, &(0x7f00000021c0)={0x2020, 0x0, <r2=>0x0, 0x0, <r3=>0x0}, 0x2020)
write$FUSE_INIT(r1, &(0x7f0000000040)={0x50, 0x0, r2, {0x7, 0x1f, 0x0, 0x490420, 0x2}}, 0x50)
syz_fuse_handle_req(r1, &(0x7f000000e3c0)="000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000002000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000080000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000dc4e00000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000400000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000ba045abcd5dfc67d000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000230000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000050000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000a0000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000d838aae8c05dd22d0000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000008000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000209bfd66eea210560000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000020000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000040000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000001354c4b600", 0x2000, &(0x7f00000062c0)={0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, &(0x7f00000001c0)={0x20}, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0})
syz_fuse_handle_req(r1, &(0x7f0000004200)="a28096c80abf3543ecde7564abff5085d2227ebcb0f164ae92706ad0b083a3f469a3efd15b4921e9c3063b98b3082068e7c31950dde842eac55df0f991453cad62a6956b0b6f7b8cf49b506a3060fe1127eca99663ade8efa89ee189acb5f3b92f6bc4c46621c803eed0d0bb5f32384870ed08f89d4f74445762fb99715e083c4c92a8878ba19ffacc30d0f2da64f971cd40563163adc15670ecf25cd3ad96138967c4b53ad9d04b5193ab5fb674aa0030a9d703d1baf810ce897f969121f142161919e583c275671b999e7f363891dfdfdf3556d01b86ee29eca8fccbfeaf1771395148706cc6e6be7ce29fc9ffef061b5420950c1a525bf75ad06edec51538d1c5bbc77da72dc90fd9998936fffdda2427e5a68966c7e2208f76304680182ec73007e482f034195712af922db2726195d997708734db9e7825a864be00b2a4f800881fc0363f5e618398454f35b148b4ccb88d418269fac868a8ba4a2d5b4f06a1ac01b5ad158b842e05adca22c7372585bf4ce95560b6c1e021a3ed2ff7bd3b6b3c7734c3b66d7e4c460096312082f89b16baa6e73814aa60925780cd92cd65087e260ec046fc363264366a9df2c849c0644911303946adad544521ceb469a3e193ecc9a7876403fac461a4a70d6193b2451189a5c5120b3535e9edf619108af7f517b58abd3fa7fb1ab832213430d2e6901076fba9c9e1acc6c6f48ff0e419bbc45589745a176f52a7407ad5e3dd49acb31b47862806f47077dda04905e45a80a12cbcd4d2dd9fe66c2d1f99394fed8ec60961cd2dc7115a96ece432fac86d51bebb08b95f447a83792fe80291fca7b298c9043ef2c26f0f7e42798d3f54c84b94c24c76c555d83ecc53b99bb22d71845e5cf21a5ba7fbeffeb6306e1730db14561b950a3f24bcfd78d4ab0d97de8054bb1a6077ae7cca6e45d846d3df82298d07212922742cb0facac3b77edfbab90e9ee2d4f7b0ee9b17bb11ec5e5721340d84cb6bd93428167e69b47759172557acda313c3decdfc6fe9336bfade459f43b39d0f2289f9142db280f4ee668e650e12858c577e12e2b9a57ee66c834be97979bcbe94747fa5d8d0b7d3a9f8f218df1bf960f828429a1efe838616b18faf6629236ddbded43a093efae163228e5c38fd7714743c2fcca47e3382bcfb1ab893fd7377527b4ec43f3fa60ebd338161d8de7cad65b15579e4af258f5fe3a63c2637a15703207029b0899b5427767647baef11e291358e6e54f6f13d3d2ca7a5e7969e04d2733b3b9ab822c69a3cfac097384de5071a9b74a656136d55eb190df08747b509fd610ff62b4950ef71c934fe21a48a4931d3d9458b415f112cee65c660f5490e982341da1c58634b3967ca6f3596d20cc90f508382156e36f16539093240ef5f2aa6a2c0dff2a67df30dcf50bf6e0b82a3d49f2d532a8dde1b3ceefcf0837190b74186090d1c18b59917d7efce1adfb238ef4a7b1d22c4cef09320221de883e97e6882466508de06fcdabad3b741bdca2cff879d57ddda52f42b3dcb8a78cfc05826af7e4ff155960ff8491194f4d321ef195990abaeeefdcb852d1e1e3703f317385a9458b6c2dd9db830f757ec29c9939fc7313e639fe485bc1e41ddaaef3fbf1f7cc527c8fad0d21b8082482caad7bee440e5097665f636c3dfec82f8c98afb6243bc3944939675a594277d278ba4361461f7da52e224e4ce5dee4a467bf6ae9f67b61ac6eb0a440406abac2016eec907e241c57f5f44be47290fd0fef785ff04df3810ccd637b4d97a84bae8486a36f75d872e645fe46625969fc2d1f032c56ed44bd98ea27bd9b6ddc8eb2dc2ec9f90f2f1ca1bd20e37ac58b03c84c872f4ba47310654986641460dfdd531ac62a76ad87b89c103ac5c9c2e7e70c66447b3412d4a1e5cbc30e16939505116c04de33ae054ed366de8d1f971c2de439957a194e22a488f58d7efd46439177f3f3c45a1475927eecd846d3d2e6a2ab5c7f8addd99062c2fc6b272d1f51bb8f22f1b6f8bb3faf8aa85e5eb9abf7df5cf8f26267323808b0833a987989cbe59205e7ad06556e2d1b8a4873ca1cbcbc8d43abc145fd4eb832e7a58ab2c793d003ce7b1850ce45eb7480417a1e9eb9d39a1028a2a04a2aa649c098c4f8eee514db5f6021173bb254b8e22b150b2ca01dc7ff235db46ed78d07f43d1adab13b8445d1b32069eb45f9d389fcf5a3f7d3ebe243c5b1fe17b1f5a3d571b65f21b9e471e818172554dc956749b99cb7a5f303ec480d7194a2ba86e204f06aa1becdddc8c49082c527e7064ac2ad77dc05639d3d2a7778f6943ed6105ebf6f0b9e94fddbe05c236ec000f4d1d4e496b10068211ab68ada4c7f7ac61f5f5ba5f1810d5bbe87ff4f8356af0d3f682baedb0ad8f8488b277421f0a03fc5e3095ee34bc4472d8f17e3f7013cf2f79f5ff3ea4b6bae56d1365a33b09bfa9a496323f7da923b7e29dce4beb81035f13130004c96e56d7ef6ca6c101d20c27a218e623227c33c9e488b17e7ae9ac20da8240501f7b614a1730f164553fe479ef149866e4ea47296814284a3d3eb7cbb294289ffb996e0eb053b9c16e54cf267832e3d360eb196ed51305630223309ea97215628f01ec9d3ea48096418d5e962cac5063460f0a18772ec7ce66d14a1cce14b52c40bbbfafccbf1e76f09e57ff0718048e5b993157a6cf4718826b1e09430413a3596a15c4a620fa8c8e1d1663e5739f9f790ddbb3be0e00187d43717d659242467d8681ac10303346157f894d9037641417010e9654c6a5b22263e73a5a37128f50078a980c30930321aa5c5e7851d5d392ddce3a14a96916fa8421ae6728f37f5de7c3e98feb4babd4e1bd2315d595e209d52748f70adc2284fcdaa6ad880470d2a071f3490aaf3491fb64b4547419e8eccdc491a8921156cb4811ad1e66514a32b0b31b641438881f28c1e6461b4f451938999af671e8c6a5cd0c072a9fe4cdbefe24ca616f3d0a15ac97cca835b1a440e04fa28340c6044176c8ecc8ee0d033d47db8a0aacfa0eabdfa1c9509fc2604008f01cbafeb5bd2b503b809ed672340b9a576593f1ef388391b54b605e7a15bef7b1345627a34fca57738b0f8f4f19eea93c903495274a4425a1a1cc6c4c6e335b631df5185c95b485e4257867b5347a40e4e14dcc560f061fd4fd265137dc68afd548adde778f1330f769acb1ccf5da14ff6992c24e210ea6e6179421881b803393bc6974e37106c5b5b3b5d0b3469f8969bffb7e4ceb2c98e928e74366492d27235ae4c74a2f48511aeeaa53a2beafa7a331b50e454c507af1b63350a5cef35668a5b9325014192277e509561008b3601088f79d42eaa8b1e4ae2000b31749e2b8094312ddb7f3c1cd625ef885c11fa22a66e374b52b3425e0b8016154e1fd8471339e32e7373d63ab646d893fbe09ae07b06074c01401ea76b3c382a9d32f24f93c789964e16bc4206ecd75c10917ab84ffd8d6cdf4cd28fd90375ff28518f8c1a3befc538e1b9e427fb671988d29f2fb2fcd039f4d341c84eb4d7cf600ddaba88bb094e4d87a1419180149f491368e648b69985b05ac39a4ecdd3c5135f3a5c8ad7792dacb6470144bb9e67805a211efb3ec9ccaf8e0901345fb19e4da579e1fbe86a1207f4f13c3436009c2c640b7cf3f8b77ca7bd994bf93308027359c6dd1b7db1e153fc0821968ef36c003b6c73fe890f4de24f5c6458dbaaf3819edeaa91783c3cfc7e773689236248195c7bbd60113f2476fa3687621d668d1728ee433d2f8f4db707345d30f1e52ab87a2a0afd547c6bb06500f59f17facde48f693490e22494b75d11df1a143b85068d143ef6a9bb5937a9df380c8948f1a01e9675e18409edb0f6b9605b68e34632fcce472dc50b90b0f6dcd57931f78e1e8861a0fb62e72b0baad6f9d23c1cfb0f19b25013c8d9fcd786a2f6f79768b5fb398f7b2baa31ce8156d1fc4a46c1c463fdf30360d42aeed2ef11611d0b7f654bb51052fd4dc39328f8ec4c58bbda05e6f1b3c8f6d8adca0268f2410e9a4a7d63b6616006d0e02f6edacc10e5c54fd85f15a8bd7648a293f23d6a699bd9a675250475a73a96d7475e4fabb89fb5e7de5d7a3479aa485c0befc60d0ac4fd5ac6dbecceb06cad86e219fc0ce4720758917811a3215f8d13e413bfb64fc065fc421aede0b56691797dac428c7e463479fa591b9072c309b7533e427c5cc11a1f6cf9a5b995d328d796d874c5b55dfc12a5039b413ce319cf5ba1f355c4e0717d32650b43e18010f37f048731931c52c4f36eb969dda702afe96c2a5241350a67ba2d026946189c5e281293c9a8e2cff3784776f1de78b917101b54e5ab00c045ea15f28a0e3f509962cf8bd3385d85250737eae5c34ece86b86669c13b00308a3b13c0ac3c83ff26fb52a4aa83c1233a9490cb9ca917a056908931751bddb88a62379a713395f0764e4a393faf253a4026d0472270e6036287d56850df1751543484d65b3062155b6300e0024241c59a862ae769c1a9232a2d9fb24705177a09cceb3eefbf9f106f67e01be14cdeb4d2fc7d8661df3e75de5ccd09a7e559f028fb9837c621ea0045b4d1b679067f246339c974631aa7134d4e910efb28d3c48929cef1df7e6c73668762d55086b6c59c36ac90154135fd7ca4e4047dd0aa161fa982d8edf9c0cb9666477e096c55718f6e4742415fefd4f696d1f1ccd6322bc19496ddebd36282a7c707d5b44113e30678e6e33ab7d34be04a59ac614d6a54134490998be02636fa91633d6294781c2b9a54c611c0045cfcfe81f49aa21b29d835cd2047c854486fd8e65a2ebf629f7ced602b9dd107bfde483e5c9b5cbba4a08cdce09920bda9978b7fc2b4a89bf1573a26389e52090fdf5dccf22111dc8c42fd3c8c477092895398086cc22cca665269e193fc650742a361a44b857d258429f701f22e9b7615bc3dab78c1479a41cf8575cdb17169470b347adfc03e03daea3e269725cfc72df5664b9df36d2f2b55013b71133e0b80577a47182511ebb308b6248d457bd2af7b28e77182c305241178c4124ab102771fd5a8c3dacb8775de881301d71587c76bcf0a97a72ad244d0c42fd71aceec32dd48bb5c9a95b391166c832ac5bac8c7cae4d18b3f7d9f2e4782fdf97732e3d51f67bbb57f989ee0d7589dbd0c2a5c63840e914b9d7d720fa120acbffebf816b588b2ccc052e7fa78992e0ea39dd21a122add41195f8e2e1acd777c1a4e8ef4362fef441feb4d9252c6bfbd2742152300a32027776e3341620d3c8d9365e10e81adcca7d87a0e555c98a0353c692557d90ee9be3fbaab766abf93e2462149fd99c92a5fc58d899ee75535cd1fe1386c5ab0b157c2102039d6015258f59cef3f15b951893a30ae839f740402a30b34e7be73796286403c5beb0853d856d83f1b00b48328f56dcb32e1faab08a3435b1482bf18b21c95aefeaafa7fd761c7f28d416fcde06bf7aee5c6e9eb50e55874253ba3f1d0ce2505b4fc7c3fc996bfbb8446bafe84f5bea94bfd7ca5aeaf237fe793b66e5c521d4092e4e1f9bde1dfcfe53fa55005d21cfa833a338fd9792614129336060e10d1911862070761aa20c2902eb7c5a355eff4cf6253d7102a2ca1fead4c53b57d576d104c081310d92797e4e2e8c269d19910d0d4cedf30fa28ba680c00137f83de940624229b6a125ce5233c6cf4a3640b74f58f288dad8451fbe37641c5559a5f3caf1299c8bfb230723652278fe378efd8e459b9da26cffeb58468a6301dbc06d713ba2d8d43d9038f5f2dc8b831ba58a88eeb5b1786b21e398aeeeb7c1f3d6f01d82b3947862fb9e7cbd7da5d04c5fcd34da28d53e2246e3ac1e3a619ad174efa6435eaa0fc94d610799ce0158421dce046306eb5042143daa336d52206b12610ea6389cdda49bf5af1d4ee42ac090a94ae7b7612073f3a5c36a2205eda887f41478f7d20f18667f941f71eebcfa76c1ab28f2a49a3bd56bd3f4e6bd079ab3fe2d94782236e83585a03e52907abaef7456a95d5d3f3d37efdc035dbfd7c41b8ba0af2df8adf1cf24f7ff0beccd3d26bc91caf42314ef7e466f74e19ae0df2e2298fc2f694a7ec134632035585d530e7e19f65c256f001d75382d9825ef741bc213af186377d9ca10d3722354e1897ca5c23ac6a52c9ad0e6b686e1776f7ec65df033e8f4d5db80c1bc354093b319cb70df93d610667675816328c99322f14e636b95f04e6497f139d508b453f53ddb5c289d849fd5407c9bdcefd1642abd46e28cb4e94371bdc606eeb67c9fe17747c68f2d50e82711da4d3edb0eda06f41b7f93fa8fb4d83cf21c79da67000bac2275508217ade1659fa8d24e5f8efb9f4bd21073ebef3d06368eb03fa3cf0d638448bd055ed20d292033ffdba538559c8ff9a2a5c8f83b5c393643d6585d1df994c3be43e72b8f3f53114d2a5f6bcedb573842b23b6a3eb7fca8495bf03bd03fde7b19bd39a16cec49e01f38e671af33cae082d9788e3202799bc466babec2080528d0609c0b731964719093735b4c1e73bd0705637c47516922197c552baeaf3516b5e3bbc2cd1afa3ef8215196ed580d9561092f620b897e98e786a0c7cbb0eedda8063292ba6482497f5f6bb62fb5ab4c97cb7658dc6579718eb97b547fcf47ced1426561af93a15fb4dc6d3d93b868644943c2c94b23b0570bbb81df2666c24f5abccfcdd71e209f3bb43c01d17f9bc8b9af2c26762fc6a741a150b7d1186e4f35175f3c315243e1c11e92c43a1fc492eef5a13c77a81fcf514ebfd0f8e645dae15a07e86b2f01fda065db4505a5eea83cb616f744f6bee731be191c65449c02603556d5a51422cf9c2f19f8d6843e0c1091e0708aa271e91f71c8602b9fa72189e036b7cb6af1569f21269283de94a6d7fe5849fd433d5b719c80419873db0587fc29786cc598d896fb16360bddd2ce12e54d05418f4f5e5f2d7aafe9fcd6268cbe2e9e6329ffb6c67fab8f3ce673028cc06aaa6b857556bba3b44d3fab5b6e875e70a2f3ad4b2ff76f31ead3462d3801ba373b3c2f545e94f57021575e2947f81f53283fc0a5137fd44fa3d074c92de54a0a3465c858f5a7ef08313faddbc3663e4e0167f3cba39612057a7518fbfb031f5ad0f9f75831973ebd733b82e554bf3fdec84e51f65dab6028c6c51366d9d4700fdf255e4c7bd70766e7f2281b3f2a5363f85ce49f9135904d14bcb117ad754c2594dcdca2d30e40ff265b5accfb116f64ed99aad570c4c5a91efdbb984ac651d8721405a0342cf77f448c17a152eabf29e88950558a86d0074e1cefab1eb7c366682f686ee1338737e675ea58eb8b4c86b9f28a6f6e96459f29e3b4dc59ff044c61a0dcc5c31d803e6e98420e446229ccdec3d0f705e92ffe016bb3696373eadab7f35ccf65ab4d9be09a085ce21bbd7c0555376e4d7fe68b5e7a64f48b5127825fb2be598d991f9c1a54bf52713417dcc599e812d85513a537e6eafa738edc972b67e065595d11678449bce6cd3d69800a649b560d0e057c502ca3e72e97820829ecfea801192c3f4e2c8763c095a43ee6fe45fe8730130937668df1d4ee577ada28238be03286481f2d2a004cc4d48856e71fbd64f1a0043a4520ecbbf1b3abdc96b87a27be8495a20542967aa4cd3a44a11502419a083d84e97abfde0901b66dde48388649a0ed6d93b9f20c530e990c7c52370a114d800d6ab3f6687d6bbc105b63738fe05fa6cac98ad6663936bb18cb923264e44312c24c2ce8e642bb73c921012b68a26a70977446b8f15f9d62467d8b356560c183a6bd6cd76ec868c3bd94a595cd7bf996755a508a814980c5e588b275200c45afd900c8c2de329ec2484b0e3ecd7b0960e5e3425881d1ff7f8bd8b20f5cc98ffc3acb77f5e88775a4bd3ab9f9eb027e27d3af55ebdf4eebab48ea911128d668d00fc3f5b5480aa0d9a4af563ba577384448e5425157133d59e1cef3c722f33700bd372825046b1fa5824e405154a3af1440bc2b75acfbd07cf92e8c162587e74b5ab66b1c6aeab3ad5fa3ee91da4900ef30ad04baea326df912517dd96e1696b4a91faa66675978a375e81f25464a1073dc6737af08d7e25956bb31d438548a7da38662d49db812a8cf1d6cc65f5c63879fd9ee7fd2a66ca3fc1a768cb239aab88c87206470b4c60592afeb6d69ed97a8f990155862ba4e22b64804142c131a23792937aa8a8696e165c24d7692a04bb4471b0f0d2507fe7c8618421428fc7a0acc984ca5cc6bacb772e8a717bbaa646f9643275910a6037afaf5a80678d18edda138a4e13d06d04a5d06431eab48738225cf1567e960e765728dc12e91b91c6f2b33dfb6e033aa68c1c2334d24335abc4a7a1df5636dec29091da54d5f5a1fff41e4a35a0c2f04f968f7d78e2f51c73577e2192bb20f289aaba5a175c2ed533855bd9ed9a842ad482136dd5e0cf45eb5e2d31ff62a3be1cf8a94a58316e74f4ab9fc54f3a0bb83beef0f355993bdea2c83e61cdc796bf2564ae51fae616799e8711998cd88d35cd9824452fdd65226174b46792cb87f4dd282e4e6f67eb66da413ad877ed6ce775f7e19bc93f48bb9e5ec04009de3c042aeacf7f4b25ad6b30e017303f64fe07ac79e8744aab6926d117f13513d0469cef335fe1d0d787c2d0b2c031a9521786ac10e9f8b768271680337f2c3262abdccb5d3107c632bf1f74c83ee91f49988222fb080cc8faa9b1a02526d8b6087e0b2354173d29016b3309587c16f057dd812aa63c3169150de81f3af97d082a8f8da4ce4f909ff649821d7f96d97613552e8cc4902e046ecfa329b1d980ff5ece69b8f1615fdff5244f41cec0af924624ae1641ecae5fa26c5fb9006e57100ee71377ced7c255ae17a0845e2ee0287c62c1852f93877f9f86157ca9675d383fff5cd6f2b001ec0136c07cf37f5ace1853122c2baa1092d418e2a490c4a5c8f56b828ce1bafeef4e77f095d6b4ed99d56f66812cb19be540ebe5d52e7eff2d69cbb8477e11514f7e3604bf9999f78c2f1ca6f60a2216b87fa0f25269c425b7d50709b200912b3b7899c95e12d6e9c4dacc19e327721860e0477a53e6793fbb7fb9704a848f395f48c24a6e79b9e1358cc3497251de88b8d3a7b22c6d8af1a7fab81530d9f0cc98f62debb222b54780d89794238532717b447d71b46a60ed481c21db85b590b31720009695ecffd4ef029964e5d5149622233ac013e960a005c924f73ea82c318455546c53d74aa3f7e2ff26aa074c40a55aba8b08027fc19b596eec6c4f89bae39e74b9aad88344f7cc5ad3eefa5095f2ab47222e9a357ecd71c6700ac576025201490d9e446603dfd4bda7617dd500981b2d2ab8c43882a5208494cb3f8ebc720bca8a7cf6c80bd7aaaf89507bb3412ea490a78973f12cc30413e9df1458917ea3d68b438d424c1314bc8d01939c5a5a842438281e62d0c800dee704b2a6cd3e1e4b885a6b26b894a98765fa3308c9e4b87f93625faecdb17c29a27cd243bf6030a67874ec9f2443cf8154261ac2a834c01cbe1f314ee7aa3ca552e1648cf8b42a63f249e3538026e09e44d69dc259adb0d1a0cbccb5a5dd5d0dccc90d023da79d5634188ff060f7e35a5f9d7ad99546824d63975d4452de876093f4e997dc46eedcd80a9eebf5e4f077fbb10c7d9e19a3419e7b845972a3b62613c5404a209b16fa88e0ff49d7b4f21fecc1f773c5b4be61021e0cab8602c6e8257649303aaeafcbb178e7a460ff07f219c46eb6fe5bf8113723e454003bd707767c107daf4255751daaf8decf35262640058924eb6587868b2c08230b317e97396ebc928ba8d274ca0eed0bfcb637676003c64e8c1e1a0420b6c96a44226061ced41b8448382abd2f3d0c472afcde231fbc9ee90c2f1132f8e2391246f95ad93354c7460e20de996ad0f61b13b27646887a637cede90b94b7d8c3130f0fe060e8d955c711a2710b302a75bdeb32a0a6802ea795cb114f5f82a1a381a86bbff88b299e47728b746dff964c94c52b661b9429376b1320b46081426b7c340206dc0da151bf84be2a49e78b6b5938753d2b1be8d9e67c43c5d70e72519f5f90d0500e84ee38f82b191ac4d968b0a37901fd923cb289d585693ac3c3f8a94fca6df45e694e199a9cd0b1bc1fa7394bcc96aae670dca6605a998793b7e067ac410ba631057b8b76fcbe9524df820c02efef1608b743cd2aa6d60d3d8e476fa12d3acc329f8272b087d89471177ed531fec1f9c24a975ca2fcd8c246a33e291a3f00b7f234052067a0059c86762475256bb5e7dac6f121a0925506b18933c6e314915d4b3b2130aafc2483ef22ff8bb7b887565b1bd22fabca22037d8fc9437f675c5313526266f60bb7c7c47f30c7d567ed142ea5ec367c4298328d20e5344f01c0c90cf8a6302f4d84b6ba7495fba314a05ba29b63bb6d458fdb05a4411136958309f418fb178e19aa09ff9e62b29732fb2986c96e738f7a688cb2122dbb8f2ad9a5f28bc49ec0c462413552afee8e403259b55ad6dc334dde7f2d306929dd01f2aa6036cafd41874522689301b81c9e50e86828894140356db0a3317b081ed9d8148c41e77e6bda6287762532b86eb91f5480915680deb8a91fb8656b7f0109064865d2b846af0861f67d3f720d6e306540cd7b68f095ef3690b88ea93fb6a402ff5697597cda83171f159e85307d1a8c01611189bd4eb4f0453ab88d43ae181a562a76902a67c687514079d6f4304d9a7c0fa24b6e86074ea0a9fd8187c120312078f5ebfa674adc0303734bf8f6b5585943706594192ad24c9f7d9794fb83758924f862855ddd50bff58b522c43d73c03289baec628cd693cab93101b1e473b76532510e10f03e86812fea6f2d6f5467dcf29e6d7cf8524f383a0ded3f0951c3ffb171a6b8a6d97b5fa8899a19f1a3d0e934a1d4741076e4394ba225158f697bf7d5651717c6950229a0be22e8120d76a414edbcd03d505264b7ede8272ccbd6dbdcebaf11daf6a652f6f9eb74ba7a3ecc942892891388005ae5d971e4e79d696564906dffd44845b704a9abc2fa5ba1bb69a548423a08044ad6d0e365db7e6bea0f3844a452759716cb98dcf326001ec90c1c343174098cdf47ea2e13341058ca014d2a30e9ba3c526de72a6e387181bf76a278c9cbc518d8c374a3f1d9802a39464a100903dbec16f8f095f5d82d9d09507281e4f7fe0ce4fbeced193902a5f658af2a4c1d0952dabdc6ae5830b6b5a2c3f5b8d33a73665990822e5f4a7ce5366755a1615543bdf78299c71e890e0bedb6ec277b10a389d6a3ba9c037221421279e51ab50fb115de2076cc99444202e88ebd9d0fbe4e60234b7b761495ac6c9e615ddac8176164a88fb6d6cc2b52672c8949afe3efc1e87a598896bc93e421423844fcaafe65af898a015b3bcaf623ebeef9a57155af5278ceb52b995f7ca466d9e18b05e86380679e0257cff6d0c6750078462f2ee4701d6d8289ed848b877cf5918625b7937060d667c11119881c30809056892352c6c53c01e395af6866ea350e6f21fa3db772c1177c759999973b51e11ffc5908", 0x2000, &(0x7f0000000c80)={0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, &(0x7f0000000540)={0x78, 0x0, 0xb, {0x0, 0x0, 0x0, {0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x8000, 0x0, 0x0, r3, 0x3, 0x7fff}}}, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0})
r4 = openat(0xffffffffffffff9c, &(0x7f0000000000)='./file0\x00', 0x20c01, 0x0)
io_setup(0x2, &(0x7f0000000200)=<r5=>0x0)
io_submit(r5, 0x140b, &(0x7f0000000700)=[&(0x7f0000000440)={0x18, 0x7000000, 0x4, 0x1, 0x0, r4, &(0x7f0000000180)='\x00', 0xfdfe}])
dup3(r0, r1, 0x6700000000000000)

5m12.643203204s ago: executing program 8 (id=5804):
renameat2(0xffffffffffffff9c, &(0x7f0000000040)='./file0\x00', 0xffffffffffffff9c, &(0x7f0000000100)='./bus\x00', 0x2)
mknod$loop(&(0x7f0000000140)='./file0\x00', 0x2, 0x1)
r0 = openat$fuse(0xffffffffffffff9c, &(0x7f00000001c0), 0x42, 0x0)
mount$fuse(0x0, &(0x7f00000020c0)='./file0\x00', &(0x7f0000002100), 0x0, &(0x7f0000002140)=ANY=[@ANYBLOB='fd=', @ANYRESHEX=r0, @ANYBLOB=',rootmode=000000000100000,user_id=', @ANYRESDEC=0x0, @ANYBLOB=',group_id=', @ANYRESDEC=0x0])
read$FUSE(r0, &(0x7f0000006300)={0x2020, 0x0, <r1=>0x0}, 0x2020)
write$FUSE_INIT(r0, &(0x7f0000000040)={0x50, 0x0, r1, {0x7, 0x1f, 0x20000000, 0x4041}}, 0x50)
syz_fuse_handle_req(r0, &(0x7f00000021c0)="0000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000300000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000e00000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000800000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000dc4e00000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000400000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000ba045abcd5dfc67d00000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000081000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000230000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000050000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000a0000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000090000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000dc000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000008000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000209bfd66eea210560000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000020000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000003dc150f4000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000400000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000030000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000f50000000000000000000000000000000000000000000000000000000000000000000000000000000000c6d90000000000001354c4b6000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000f8000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000001a00", 0x2000, &(0x7f00000062c0)={0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, &(0x7f0000000300)={0x20}, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0})
r2 = openat(0xffffffffffffff9c, &(0x7f000000c380)='./file0\x00', 0x80101, 0x0)
r3 = syz_open_dev$loop(&(0x7f0000000000), 0x9, 0x2641)
ioctl$LOOP_SET_FD(r3, 0x4c00, r2)
dup2(r2, r0)

5m11.932572223s ago: executing program 8 (id=5807):
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
r0 = syz_open_dev$sndmidi(&(0x7f0000000040), 0x2, 0x141101)
r1 = dup(r0)
write$6lowpan_enable(r1, &(0x7f0000000000)='0', 0xfffffd2c)
r2 = syz_io_uring_setup(0x23b, &(0x7f0000000380)={0x0, 0xce0a, 0x10100, 0x3, 0x370, 0x0, r1}, &(0x7f0000000180)=<r3=>0x0, &(0x7f00000001c0)=<r4=>0x0)
syz_io_uring_submit(r3, r4, &(0x7f0000000040)=@IORING_OP_POLL_ADD={0x6, 0x2, 0x0, @fd_index=0x4, 0x0, 0x0, 0x0, {}, 0x1})
io_uring_enter(r2, 0x708, 0x41e3, 0x0, 0x0, 0x0)
io_setup(0x8, &(0x7f0000000680)=<r5=>0x0)
quotactl$Q_SYNC(0xffffffff80000102, 0x0, 0x0, 0x0)
ioctl$BLKTRACESETUP(r1, 0xc0401273, &(0x7f0000000100)={'\x00', 0x5, 0xd2, 0x6, 0x3ff, 0x81, 0xffffffffffffffff})
io_pgetevents(r5, 0x2, 0x2, &(0x7f00000000c0)=[{}, {}], &(0x7f0000000700)={0x77359400}, 0x0)

5m11.35625328s ago: executing program 8 (id=5811):
ioctl$ifreq_SIOCGIFINDEX_team(0xffffffffffffffff, 0x8933, &(0x7f0000000600))
r0 = openat$kvm(0xffffffffffffff9c, &(0x7f00000004c0), 0x2044, 0x0)
r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0)
ioctl$KVM_SET_USER_MEMORY_REGION(r1, 0x4020ae46, &(0x7f0000000400)={0x0, 0x0, 0x0, 0x20002000, &(0x7f0000000000/0x2000)=nil})
sendmmsg$inet6(0xffffffffffffffff, &(0x7f0000002680)=[{{0x0, 0x0, &(0x7f0000000300)=[{&(0x7f0000000040)}], 0x1}}], 0x1, 0x0)
r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0)
syz_usb_control_io$hid(0xffffffffffffffff, &(0x7f00000001c0)={0x14, 0x0, 0x0, &(0x7f0000000180)=ANY=[@ANYBLOB="00220700d27307d3c1166b7f7f06592d7a"], 0x0}, 0x0)
ioctl$KVM_RUN(r2, 0xae80, 0x0)
ioctl$KVM_RUN(r2, 0xae80, 0x0)
r3 = syz_open_dev$sg(&(0x7f00000060c0), 0x0, 0x8002)
ioctl$SCSI_IOCTL_GET_PCI(r3, 0x5393, &(0x7f0000000000))

5m10.268816846s ago: executing program 47 (id=5811):
ioctl$ifreq_SIOCGIFINDEX_team(0xffffffffffffffff, 0x8933, &(0x7f0000000600))
r0 = openat$kvm(0xffffffffffffff9c, &(0x7f00000004c0), 0x2044, 0x0)
r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0)
ioctl$KVM_SET_USER_MEMORY_REGION(r1, 0x4020ae46, &(0x7f0000000400)={0x0, 0x0, 0x0, 0x20002000, &(0x7f0000000000/0x2000)=nil})
sendmmsg$inet6(0xffffffffffffffff, &(0x7f0000002680)=[{{0x0, 0x0, &(0x7f0000000300)=[{&(0x7f0000000040)}], 0x1}}], 0x1, 0x0)
r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0)
syz_usb_control_io$hid(0xffffffffffffffff, &(0x7f00000001c0)={0x14, 0x0, 0x0, &(0x7f0000000180)=ANY=[@ANYBLOB="00220700d27307d3c1166b7f7f06592d7a"], 0x0}, 0x0)
ioctl$KVM_RUN(r2, 0xae80, 0x0)
ioctl$KVM_RUN(r2, 0xae80, 0x0)
r3 = syz_open_dev$sg(&(0x7f00000060c0), 0x0, 0x8002)
ioctl$SCSI_IOCTL_GET_PCI(r3, 0x5393, &(0x7f0000000000))

5m5.30347618s ago: executing program 2 (id=5827):
bpf$BPF_LINK_CREATE_XDP(0x1c, &(0x7f0000000480)={0xffffffffffffffff, 0x0, 0x25, 0x2, @val=@uprobe_multi={0x0, 0x0, 0x0, 0x6, 0x0, 0x1}}, 0x40)
r0 = openat$vhost_vsock(0xffffffffffffff9c, &(0x7f0000000180), 0x2, 0x0)
ioctl$VHOST_SET_VRING_BASE(r0, 0xaf01, 0x0)
r1 = eventfd(0xffffffff)
ioctl$VHOST_SET_LOG_FD(r0, 0x4004af07, &(0x7f0000000240)=r1)
ioctl$VHOST_SET_VRING_KICK(r0, 0x4008af20, &(0x7f0000000040)={0x1, r1})
ioctl$VHOST_SET_VRING_ADDR(r0, 0x4028af11, &(0x7f0000000140)={0x0, 0x0, 0x0, &(0x7f0000000500)=""/67, 0x0})
ioctl$VHOST_SET_VRING_ADDR(r0, 0x4028af11, &(0x7f0000000280)={0x1, 0x1, &(0x7f0000000380)=""/247, &(0x7f00000000c0)=""/87, &(0x7f0000000480)=""/74})
ioctl$VHOST_SET_MEM_TABLE(r0, 0x4008af03, &(0x7f0000000680)={0x1, 0x0, [{0x0, 0xfffffeac, &(0x7f00000001c0)=""/115}]})
ioctl$VHOST_VSOCK_SET_RUNNING(r0, 0x4004af61, &(0x7f0000000000)=0x1)
bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000300)={0x11, 0x0, 0x0, 0x0, 0x39383ddd, 0x0, 0x0, 0x0, 0x1, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0xe}, 0x94)

5m4.395960821s ago: executing program 2 (id=5833):
socketpair$unix(0x1, 0x3, 0x0, &(0x7f0000000080)={<r0=>0xffffffffffffffff, <r1=>0xffffffffffffffff})
connect$unix(r0, &(0x7f000057eff8)=@abs, 0x6e)
sendmmsg$unix(r1, &(0x7f00000bd000), 0x318, 0x0)
recvmmsg(r0, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
ioctl$USBDEVFS_CONTROL(0xffffffffffffffff, 0xc0105500, 0x0)
r2 = socket$inet_udp(0x2, 0x2, 0x0)
bind$inet(r2, &(0x7f0000000100)={0x2, 0x0, @dev={0xac, 0x14, 0x14, 0x17}}, 0x10)
setsockopt$sock_int(r2, 0x1, 0x6, &(0x7f0000000000)=0x4, 0x4)
connect$inet(r2, &(0x7f0000000280)={0x2, 0x0, @broadcast}, 0x10)
sendmmsg$inet(r2, &(0x7f0000004d00)=[{{0x0, 0x6000, 0x0, 0x0, 0x0, 0x0, 0x30000}}], 0x300, 0xf1c)

5m2.988264384s ago: executing program 2 (id=5835):
socket$nl_netfilter(0x10, 0x3, 0xc)
pipe(&(0x7f0000000100))
socketpair$unix(0x1, 0x3, 0x0, &(0x7f0000000080)={<r0=>0xffffffffffffffff, <r1=>0xffffffffffffffff})
connect$unix(r0, &(0x7f000057eff8)=@abs, 0x6e)
sendmmsg$unix(r1, &(0x7f00000bd000), 0x318, 0x0)
recvmmsg(r0, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
r2 = syz_io_uring_setup(0xbdc, &(0x7f0000000640)={0x0, 0xec25, 0x400, 0x1, 0x40000333}, &(0x7f00000006c0)=<r3=>0x0, &(0x7f0000000240)=<r4=>0x0)
syz_memcpy_off$IO_URING_METADATA_GENERIC(r3, 0x4, &(0x7f0000000180)=0xfffffffc, 0x0, 0x4)
syz_io_uring_submit(r3, r4, &(0x7f0000000200)=@IORING_OP_READV=@pass_iovec={0x1, 0x0, 0x0, @fd_index=0x4, 0x0, 0x0})
io_uring_enter(r2, 0x847ba, 0x79c, 0xe, 0x0, 0x0)

5m1.461216911s ago: executing program 2 (id=5839):
mknod$loop(&(0x7f0000000140)='./file0\x00', 0xfff, 0x1)
r0 = openat$fuse(0xffffffffffffff9c, &(0x7f00000001c0), 0x42, 0x0)
mount$fuse(0x0, &(0x7f00000020c0)='./file0\x00', &(0x7f0000002100), 0x0, &(0x7f0000002140)=ANY=[@ANYBLOB='fd=', @ANYRESHEX=r0, @ANYBLOB=',rootmode=000000000100000,user_id=', @ANYRESDEC=0x0, @ANYBLOB=',group_id=', @ANYRESDEC=0x0])
read$FUSE(r0, &(0x7f0000006300)={0x2020, 0x0, <r1=>0x0}, 0x2020)
write$FUSE_INIT(r0, &(0x7f0000000040)={0x50, 0x0, r1, {0x7, 0x1f, 0x20000000, 0x4041}}, 0x50)
syz_fuse_handle_req(r0, &(0x7f00000021c0)="0000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000300000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000e00000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000800000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000dc4e00000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000400000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000ba045abcd5dfc67d00000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000081000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000230000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000050000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000a0000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000090000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000dc000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000008000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000209bfd66eea210560000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000020000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000003dc150f4000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000400000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000030000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000f50000000000000000000000000000000000000000000000000000000000000000000000000000000000c6d90000000000001354c4b6000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000f8000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000001a00", 0x2000, &(0x7f00000062c0)={0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, &(0x7f0000000300)={0x20}, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0})
r2 = openat(0xffffffffffffff9c, &(0x7f000000c380)='./file0\x00', 0x80101, 0x0)
r3 = syz_open_dev$loop(&(0x7f0000000000), 0x4, 0x2080)
ioctl$LOOP_SET_FD(r3, 0x4c00, r2)
ioctl$LOOP_SET_FD(r3, 0x4c00, r3)
dup2(r2, r0)

5m1.10409926s ago: executing program 2 (id=5842):
r0 = openat$ptmx(0xffffffffffffff9c, &(0x7f00000000c0), 0x2000, 0x0)
ioctl$TIOCSPTLCK(r0, 0x40045431, &(0x7f0000000000))
socketpair$unix(0x1, 0x3, 0x0, &(0x7f0000000080)={<r1=>0xffffffffffffffff, <r2=>0xffffffffffffffff})
connect$unix(r1, &(0x7f0000000300)=@abs, 0x6e)
sendmmsg$unix(r2, &(0x7f00000bd000), 0x318, 0x0)
recvmmsg(r1, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
sched_setattr(0x0, &(0x7f0000000100)={0x38, 0x5, 0x0, 0x0, 0x0, 0xb4c, 0x9, 0x6, 0x0, 0x3}, 0x0)
socket$nl_netfilter(0x10, 0x3, 0xc)
r3 = openat$vimc1(0xffffff9c, &(0x7f0000000000), 0x2, 0x0)
ioctl$VIDIOC_S_EXT_CTRLS(r3, 0xc0185648, &(0x7f00000001c0)={0x87b0000, 0x400, 0x7d, 0xffffffffffffffff, 0x0, &(0x7f0000000180)={0xafb55f22487b7594, 0x7, '\x00', @value64=0x7f}})

5m0.221505962s ago: executing program 2 (id=5845):
r0 = gettid()
timer_create(0x0, &(0x7f0000533fa0)={0x0, 0x21, 0x800000000004, @tid=r0}, &(0x7f0000bbdffc)=<r1=>0x0)
r2 = socket$netlink(0x10, 0x3, 0x10)
bind$netlink(r2, &(0x7f0000514ff4)={0x10, 0x0, 0x0, 0x2ffffffff}, 0xc)
setsockopt$sock_int(r2, 0x1, 0x8, &(0x7f0000000200), 0x4)
r3 = socket$nl_generic(0x10, 0x3, 0x10)
sendmsg$TIPC_NL_NET_GET(r3, &(0x7f00000004c0)={&(0x7f0000000400)={0x10, 0x0, 0x0, 0x200}, 0xc, &(0x7f0000000480)={&(0x7f0000000440)=ANY=[], 0x14}, 0x1, 0x0, 0x0, 0x4000000}, 0x4040004)
r4 = socket$nl_generic(0x10, 0x3, 0x10)
sendmsg$NL80211_CMD_ADD_NAN_FUNCTION(r4, &(0x7f0000000600)={&(0x7f0000000080)={0x10, 0x0, 0x0, 0x2000}, 0xc, &(0x7f00000005c0)={&(0x7f0000000140)=ANY=[], 0x14}, 0x1, 0x0, 0x0, 0x4004000}, 0x4c08c)
mq_notify(0xffffffffffffffff, &(0x7f0000000000)={0x110c230000, 0x3, 0x2})
timer_settime(r1, 0x0, &(0x7f0000000280)={{0x0, 0x989680}, {0x0, 0x989680}}, 0x0)

4m59.816802223s ago: executing program 48 (id=5845):
r0 = gettid()
timer_create(0x0, &(0x7f0000533fa0)={0x0, 0x21, 0x800000000004, @tid=r0}, &(0x7f0000bbdffc)=<r1=>0x0)
r2 = socket$netlink(0x10, 0x3, 0x10)
bind$netlink(r2, &(0x7f0000514ff4)={0x10, 0x0, 0x0, 0x2ffffffff}, 0xc)
setsockopt$sock_int(r2, 0x1, 0x8, &(0x7f0000000200), 0x4)
r3 = socket$nl_generic(0x10, 0x3, 0x10)
sendmsg$TIPC_NL_NET_GET(r3, &(0x7f00000004c0)={&(0x7f0000000400)={0x10, 0x0, 0x0, 0x200}, 0xc, &(0x7f0000000480)={&(0x7f0000000440)=ANY=[], 0x14}, 0x1, 0x0, 0x0, 0x4000000}, 0x4040004)
r4 = socket$nl_generic(0x10, 0x3, 0x10)
sendmsg$NL80211_CMD_ADD_NAN_FUNCTION(r4, &(0x7f0000000600)={&(0x7f0000000080)={0x10, 0x0, 0x0, 0x2000}, 0xc, &(0x7f00000005c0)={&(0x7f0000000140)=ANY=[], 0x14}, 0x1, 0x0, 0x0, 0x4004000}, 0x4c08c)
mq_notify(0xffffffffffffffff, &(0x7f0000000000)={0x110c230000, 0x3, 0x2})
timer_settime(r1, 0x0, &(0x7f0000000280)={{0x0, 0x989680}, {0x0, 0x989680}}, 0x0)

4m28.728382614s ago: executing program 6 (id=5944):
socketpair$unix(0x1, 0x3, 0x0, &(0x7f0000000080)={<r0=>0xffffffffffffffff, <r1=>0xffffffffffffffff})
connect$unix(r0, &(0x7f0000000300)=@abs, 0x6e)
sendmmsg$unix(r1, &(0x7f00000bd000), 0x318, 0x0)
r2 = socket$xdp(0x2c, 0x3, 0x0)
ioctl$sock_SIOCGIFINDEX(0xffffffffffffffff, 0x8933, &(0x7f0000000000)={'lo\x00'})
recvmmsg(r0, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
r3 = syz_io_uring_setup(0x835, &(0x7f00000000c0)={0x0, 0x679a, 0x400, 0x2000006, 0x3ce}, &(0x7f0000000040)=<r4=>0x0, &(0x7f0000000140)=<r5=>0x0)
syz_memcpy_off$IO_URING_METADATA_GENERIC(r4, 0x4, &(0x7f0000000080)=0xfffffffc, 0x0, 0x4)
syz_io_uring_submit(r4, r5, &(0x7f00000002c0)=@IORING_OP_SEND={0x1a, 0x0, 0x0, r2, 0x0, 0x0, 0x0, 0x2400c0c7, 0x1})
io_uring_enter(r3, 0x3516, 0x0, 0x0, 0x0, 0x0)

4m26.622588038s ago: executing program 6 (id=5949):
r0 = socket$inet6(0xa, 0x80002, 0x0)
r1 = socket$packet(0x11, 0x3, 0x300)
setsockopt$packet_fanout(r1, 0x107, 0x12, &(0x7f00000000c0)={0x3, 0x1000}, 0x4)
syz_emit_ethernet(0xfcf0, &(0x7f0000000340)=ANY=[], 0x0)
r2 = socket$inet_udp(0x2, 0x2, 0x0)
bind$inet(r2, &(0x7f0000000040)={0x2, 0x4e27, @local}, 0x37)
sendto$inet(r2, 0x0, 0x0, 0xc806, &(0x7f0000000180)={0x2, 0x4e21, @multicast1}, 0x10)
sendto$inet(r2, &(0x7f0000000100)='J', 0xfdbe, 0x4004084, 0x0, 0x11000a00)
syz_genetlink_get_family_id$nl80211(0x0, 0xffffffffffffffff)
sendmsg$NL80211_CMD_VENDOR(0xffffffffffffffff, 0x0, 0x0)
sendmmsg$inet6(r0, &(0x7f00000002c0)=[{{&(0x7f0000000000)={0xa, 0x4e21, 0x0, @mcast2}, 0x1c, 0x0}}], 0x1, 0x4004000)

4m26.181290157s ago: executing program 6 (id=5951):
r0 = socket$nl_generic(0x10, 0x3, 0x10)
r1 = syz_genetlink_get_family_id$nl80211(&(0x7f0000000080), 0xffffffffffffffff)
ioctl$sock_SIOCGIFINDEX_80211(r0, 0x8933, &(0x7f00000000c0)={'wlan1\x00', <r2=>0x0})
sendmsg$NL80211_CMD_SET_INTERFACE(r0, &(0x7f0000000100)={0x0, 0x0, &(0x7f0000000140)={&(0x7f0000000180)={0x1c, r1, 0x5, 0x0, 0x0, {{}, {@val={0x8, 0x3, r2}, @void}}}, 0x1c}, 0x1, 0x0, 0x0, 0x4048884}, 0x0)
r3 = socket$nl_generic(0x10, 0x3, 0x10)
r4 = syz_genetlink_get_family_id$nl80211(&(0x7f0000000f80), 0xffffffffffffffff)
ioctl$sock_SIOCGIFINDEX_80211(r3, 0x8933, &(0x7f0000000180)={'wlan0\x00', <r5=>0x0})
sendmsg$NL80211_CMD_NEW_STATION(r3, &(0x7f0000001080)={0x0, 0x0, &(0x7f0000000280)={&(0x7f0000000200)={0x3c, r4, 0xb97534d5fe9704cf, 0x3, 0xfffffffc, {{0x12}, {@val={0x8, 0x3, r5}, @void}}, [@NL80211_ATTR_MAC={0xa, 0x6, @device_b}, @NL80211_ATTR_STA_FLAGS2={0xc, 0x43, {0xffff, 0x7fff}}, @NL80211_ATTR_STA_LISTEN_INTERVAL={0x6, 0x12, 0xffff}]}, 0x3c}}, 0x4084)
sendmsg$NL80211_CMD_ASSOCIATE(r0, &(0x7f0000000300)={&(0x7f0000000000)={0x10, 0x0, 0x0, 0x20000}, 0xc, 0x0}, 0x4014)
r6 = socket$nl_route(0x10, 0x3, 0x0)
sendmsg$nl_route(r6, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000180)={&(0x7f0000000100)=@ipv6_newaddrlabel={0x38, 0x48, 0x1, 0x70bd2a, 0x25dfdbfe, {0xa, 0x0, 0x20, 0x0, 0x0, 0xc2}, [@IFAL_ADDRESS={0x14, 0x1, @remote}, @IFAL_LABEL={0x8, 0x2, 0x4}]}, 0x38}, 0x1, 0x0, 0x0, 0x2404a0c5}, 0x80)
sendmsg$NL80211_CMD_CONNECT(r0, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000200)={0x0}}, 0x0)

4m25.806804447s ago: executing program 6 (id=5954):
r0 = openat$fuse(0xffffffffffffff9c, &(0x7f00000000c0), 0x2, 0x0)
syz_mount_image$fuse(&(0x7f0000000040), &(0x7f0000000000)='./file0\x00', 0x0, &(0x7f0000002280)={{'fd', 0x3d, r0}, 0x2c, {'rootmode', 0x3d, 0x4000}}, 0x0, 0x0, 0x0)
r1 = open_tree(0xffffffffffffff9c, &(0x7f0000000640)='\x00', 0x89901)
move_mount(r1, &(0x7f0000000140)='.\x00', 0xffffffffffffff9c, &(0x7f0000000180)='./file0\x00', 0x0)
r2 = open_tree(0xffffffffffffff9c, &(0x7f0000000640)='\x00', 0x89901)
move_mount(r2, &(0x7f0000000140)='.\x00', 0xffffffffffffff9c, &(0x7f0000000180)='./file0\x00', 0x0)
r3 = openat$fuse(0xffffffffffffff9c, &(0x7f00000000c0), 0x2, 0x0)
syz_mount_image$fuse(&(0x7f0000000040), &(0x7f0000000000)='./file0\x00', 0x0, &(0x7f0000000100)={{'fd', 0x3d, r3}, 0x2c, {'rootmode', 0x3d, 0x4000}}, 0x0, 0x0, 0x0)
r4 = open_tree(0xffffffffffffff9c, &(0x7f0000000640)='\x00', 0x9801)
move_mount(r4, &(0x7f0000000140)='.\x00', 0xffffffffffffff9c, &(0x7f0000000180)='./file0\x00', 0x0)
mount$fuseblk(0x0, &(0x7f0000000000)='./file0\x00', 0x0, 0x24000, 0x0)

4m24.65283775s ago: executing program 6 (id=5956):
r0 = openat$binderfs(0xffffffffffffff9c, &(0x7f0000000380)='./binderfs/binder0\x00', 0x802, 0x0)
ioctl$BINDER_SET_CONTEXT_MGR_EXT(r0, 0x4018620d, &(0x7f00000000c0)={0x73622a85, 0x110b, 0x8000000000002})
r1 = openat$binderfs(0xffffffffffffff9c, &(0x7f0000000200)='./binderfs/binder0\x00', 0x0, 0x0)
ioctl$BINDER_WRITE_READ(r1, 0xc0306201, &(0x7f0000000080)={0x8, 0x0, &(0x7f0000000400)=[@increfs], 0x0, 0x0, 0x0})
r2 = dup3(r1, r0, 0x0)
r3 = openat$binderfs(0xffffffffffffff9c, &(0x7f0000000000)='./binderfs/binder0\x00', 0x802, 0x0)
mmap$binder(&(0x7f0000ffd000/0x3000)=nil, 0x3000, 0x1, 0x11, r3, 0x0)
ioctl$BINDER_SET_CONTEXT_MGR_EXT(r3, 0x4018620d, &(0x7f0000000040)={0x73622a85, 0x10a})
ioctl$BINDER_WRITE_READ(r2, 0xc0306201, &(0x7f00000003c0)={0x8, 0x0, &(0x7f0000000340)=[@acquire], 0x0, 0x0, 0x0})
ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000001040)={0x4c, 0x0, &(0x7f0000000ec0)=[@transaction_sg={0x40486311, {0x1, 0x0, 0x0, 0x0, 0x41, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x1000}], 0x0, 0x0, 0x0})
ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f00000001c0)={0x90, 0x0, &(0x7f0000000500)=[@transaction_sg={0x40486311, {0x1, 0x0, 0x0, 0x0, 0x11, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x400}, @transaction={0x40406300, {0x0, 0x0, 0x0, 0x0, 0x12, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}}], 0x0, 0x0, 0x0})
ioctl$BINDER_WRITE_READ(r2, 0xc0306201, &(0x7f0000000c00)={0x0, 0x0, 0x0, 0x54, 0x0, &(0x7f0000000100)="648678210790aef789014d2950e053689eccf789ca22d52f003429a35ee198865ddbc79fdf08b2803880dca70ebfbb08514bb5107c999f3c3ec9cdd8bfa6d977863f4278649f9b9433d8879fd6c523b4817ff160"})

4m23.856389787s ago: executing program 6 (id=5958):
r0 = socket$kcm(0x11, 0x3, 0x0)
r1 = openat$tun(0xffffffffffffff9c, &(0x7f0000000240), 0x0, 0x0)
ioctl$TUNSETIFF(r1, 0x400454ca, &(0x7f0000000180)={'syzkaller0\x00', 0x7101})
r2 = openat$tun(0xffffffffffffff9c, &(0x7f0000000400), 0x0, 0x0)
close(r2)
socket$nl_generic(0x10, 0x3, 0x10)
ioctl$SIOCSIFHWADDR(r2, 0x8914, &(0x7f0000002280)={'syzkaller0\x00', @multicast})
r3 = socket$unix(0x1, 0x1, 0x0)
ioctl$sock_SIOCGIFINDEX(r3, 0x8933, &(0x7f0000000100)={'syzkaller0\x00', <r4=>0x0})
setsockopt$sock_attach_bpf(r0, 0x107, 0xf, &(0x7f0000000600), 0x56)
sendmsg$kcm(r0, &(0x7f00000000c0)={&(0x7f0000000580)=@xdp={0x2c, 0x0, r4, 0x3e}, 0x80, &(0x7f0000000080)=[{0x0}, {&(0x7f0000000440)="63f805d7649496db729598", 0xb}], 0x2}, 0x0)

4m22.945987094s ago: executing program 49 (id=5958):
r0 = socket$kcm(0x11, 0x3, 0x0)
r1 = openat$tun(0xffffffffffffff9c, &(0x7f0000000240), 0x0, 0x0)
ioctl$TUNSETIFF(r1, 0x400454ca, &(0x7f0000000180)={'syzkaller0\x00', 0x7101})
r2 = openat$tun(0xffffffffffffff9c, &(0x7f0000000400), 0x0, 0x0)
close(r2)
socket$nl_generic(0x10, 0x3, 0x10)
ioctl$SIOCSIFHWADDR(r2, 0x8914, &(0x7f0000002280)={'syzkaller0\x00', @multicast})
r3 = socket$unix(0x1, 0x1, 0x0)
ioctl$sock_SIOCGIFINDEX(r3, 0x8933, &(0x7f0000000100)={'syzkaller0\x00', <r4=>0x0})
setsockopt$sock_attach_bpf(r0, 0x107, 0xf, &(0x7f0000000600), 0x56)
sendmsg$kcm(r0, &(0x7f00000000c0)={&(0x7f0000000580)=@xdp={0x2c, 0x0, r4, 0x3e}, 0x80, &(0x7f0000000080)=[{0x0}, {&(0x7f0000000440)="63f805d7649496db729598", 0xb}], 0x2}, 0x0)

2m14.366658472s ago: executing program 4 (id=6331):
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000240)={<r0=>0xffffffffffffffff, <r1=>0xffffffffffffffff})
connect$unix(r0, &(0x7f000057eff8)=@abs, 0x6e)
sendmmsg$unix(r1, &(0x7f00000bd000), 0x40000000000021b, 0x0)
recvmmsg(r0, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
mmap$IORING_OFF_SQ_RING(&(0x7f0000400000/0xc00000)=nil, 0xc00000, 0xb, 0x59032, 0xffffffffffffffff, 0x0)
r2 = userfaultfd(0x801)
mmap$xdp(&(0x7f0000800000/0x800000)=nil, 0x800000, 0x0, 0xa031, 0xffffffffffffffff, 0x0)
ioctl$UFFDIO_API(r2, 0xc018aa3f, &(0x7f00000000c0))
ioctl$UFFDIO_REGISTER(r2, 0xc020aa00, &(0x7f0000000040)={{&(0x7f0000400000/0xc00000)=nil, 0xc00000}, 0x4})
creat(0x0, 0x122)
ioctl$UFFDIO_COPY(r2, 0xc028aa03, &(0x7f0000000100)={&(0x7f0000800000/0x800000)=nil, &(0x7f0000339000/0x1000)=nil, 0x800000})

2m11.975094937s ago: executing program 4 (id=6335):
mkdirat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000000)='./cgroup.cpu/syz0\x00', 0x1ff)
ioctl$KVM_SET_MSRS(0xffffffffffffffff, 0xc008ae88, &(0x7f0000000000)=ANY=[@ANYBLOB="01090000000000000f478e"])
r0 = openat$kvm(0xffffff9c, &(0x7f00000000c0), 0x800, 0x0)
r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0)
r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x2)
ioctl$KVM_SET_USER_MEMORY_REGION(r1, 0x4020ae46, &(0x7f0000000080)={0x0, 0x0, 0x0, 0x2000, &(0x7f0000000000/0x2000)=nil})
ioctl$KVM_SET_REGS(r2, 0x4090ae82, &(0x7f0000000200)={[0x2, 0x9, 0xfffffffffffffff9, 0x0, 0x10000, 0x0, 0x4002004c4, 0x1000, 0x0, 0x0, 0x0, 0x5, 0x0, 0x9, 0x0, 0x7], 0xeeee8000, 0x2113c0})
syz_genetlink_get_family_id$tipc2(&(0x7f0000000100), 0xffffffffffffffff)
sendmsg$TIPC_NL_KEY_SET(0xffffffffffffffff, &(0x7f0000000180)={&(0x7f0000000040)={0x10, 0x0, 0x0, 0x1}, 0xc, 0x0, 0x1, 0x0, 0x0, 0xd0}, 0x4008845)
ioctl$KVM_RUN(r2, 0xae80, 0x0)
sendmsg$nl_generic(0xffffffffffffffff, &(0x7f0000000080)={0x0, 0x0, &(0x7f00000000c0)={&(0x7f0000000300)={0x14, 0x42, 0xb, 0x70ad23, 0x25dfdbfe, {0x5}}, 0x14}, 0x1, 0x0, 0x0, 0x20000014}, 0x40094)
ioctl$KVM_RUN(r2, 0xae80, 0x0)

2m10.870872003s ago: executing program 4 (id=6339):
sendmsg$nl_xfrm(0xffffffffffffffff, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000080)={0x0}, 0x1, 0x0, 0x0, 0x40085}, 0x0)
socket$nl_route(0x10, 0x3, 0x0)
r0 = seccomp$SECCOMP_SET_MODE_FILTER_LISTENER(0x1, 0x0, &(0x7f0000000000)={0x0, 0x0})
pipe(&(0x7f00000002c0)={<r1=>0xffffffffffffffff})
splice(r1, 0x0, r0, 0x0, 0x6, 0x0)
openat$sndseq(0xffffffffffffff9c, 0x0, 0x0)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
timer_create(0x0, &(0x7f0000000200)={0x0, 0x21, 0x2, @tid=0xffffffffffffffff}, &(0x7f0000000300)=<r2=>0x0)
fcntl$lock(0xffffffffffffffff, 0x25, &(0x7f0000000040)={0x0, 0x0, 0x60d3, 0x5})
mprotect(&(0x7f0000000000/0xf000)=nil, 0xf000, 0x1)
timer_settime(r2, 0x1, &(0x7f0000000040)={{}, {0x0, 0x989680}}, 0x0)
pipe2(&(0x7f00000003c0), 0x4000)
shmat(0x0, &(0x7f0000000000/0x4000)=nil, 0xbbdccba4532b703b)

2m10.437769769s ago: executing program 4 (id=6343):
mkdirat(0xffffffffffffff9c, &(0x7f00000000c0)='./file0\x00', 0x1e)
r0 = open_tree(0xffffffffffffff9c, &(0x7f0000000000)='./file0\x00', 0x89901)
r1 = openat$fuse(0xffffffffffffff9c, &(0x7f00000000c0), 0x2, 0x0)
syz_mount_image$fuse(&(0x7f0000000040), &(0x7f0000000000)='./file0\x00', 0x0, &(0x7f0000000100)={{'fd', 0x3d, r1}, 0x2c, {'rootmode', 0x3d, 0x4000}}, 0x0, 0x0, 0x0)
mount$fuse(0x0, &(0x7f0000000000)='./file0\x00', 0x0, 0x100000, 0x0)
unshare(0x26020480)
syz_mount_image$fuse(&(0x7f0000000040), &(0x7f0000000000)='./file0\x00', 0x80000, &(0x7f0000000240)=ANY=[], 0x0, 0x0, 0x0)
r2 = open_tree(0xffffffffffffff9c, &(0x7f0000000000)='./file0\x00', 0x89901)
move_mount(r2, &(0x7f0000000140)='.\x00', 0xffffffffffffff9c, &(0x7f0000000180)='./file0\x00', 0x0)
r3 = open_tree(0xffffffffffffff9c, &(0x7f0000000640)='\x00', 0x89901)
move_mount(r3, &(0x7f0000000140)='.\x00', 0xffffffffffffff9c, &(0x7f0000000300)='./file0\x00', 0x0)
move_mount(r0, &(0x7f0000000140)='.\x00', 0xffffffffffffff9c, &(0x7f0000000180)='./file0\x00', 0x0)

2m9.066175509s ago: executing program 4 (id=6346):
socketpair$unix(0x1, 0x3, 0x0, &(0x7f0000000080)={<r0=>0xffffffffffffffff, <r1=>0xffffffffffffffff})
connect$unix(r0, &(0x7f000057eff8)=@abs, 0x6e)
sendmmsg$unix(r1, &(0x7f00000bd000), 0x318, 0x0)
recvmmsg(r0, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
r2 = syz_io_uring_setup(0x489, &(0x7f0000000600)={0x0, 0x3f73, 0x10, 0x0, 0x1a}, &(0x7f00000005c0)=<r3=>0x0, &(0x7f0000000240)=<r4=>0x0)
sendmsg$TIPC_NL_NET_GET(0xffffffffffffffff, 0x0, 0x8004)
io_uring_register$IORING_REGISTER_PBUF_RING(r2, 0x16, &(0x7f0000000040)={&(0x7f0000001000)={[{0x0, 0xffffffffffffff3a, 0x3, 0xf4}]}, 0x1, 0x1}, 0x1)
syz_memcpy_off$IO_URING_METADATA_GENERIC(r3, 0x4, &(0x7f0000000080)=0xfffffffc, 0x0, 0x4)
r5 = socket$inet_mptcp(0x2, 0x1, 0x106)
syz_io_uring_submit(r3, r4, &(0x7f00000002c0)=@IORING_OP_RECV=@use_registered_buffer={0x1b, 0x20, 0x10, r5, 0x0, 0x0, 0x0, 0x262, 0x0, {0x1}})
io_uring_enter(r2, 0x3516, 0xf400, 0x0, 0x0, 0x0)

2m8.18439907s ago: executing program 4 (id=6350):
r0 = openat$binderfs(0xffffffffffffff9c, &(0x7f00000000c0)='./binderfs/binder0\x00', 0x0, 0x0)
ioctl$BINDER_SET_CONTEXT_MGR_EXT(r0, 0x4018620d, &(0x7f0000000100))
r1 = openat$binderfs(0xffffffffffffff9c, &(0x7f0000000140)='./binderfs/binder0\x00', 0x0, 0x0)
ioctl$BINDER_WRITE_READ(r1, 0xc0306201, &(0x7f0000000080)={0x8, 0x0, &(0x7f0000000400)=[@increfs], 0x0, 0x0, 0x0})
r2 = dup3(r1, r0, 0x0)
r3 = openat$binderfs(0xffffffffffffff9c, &(0x7f0000000040)='./binderfs/binder0\x00', 0x0, 0x0)
mmap$binder(&(0x7f0000ffd000/0x3000)=nil, 0x3000, 0x1, 0x11, r3, 0x0)
ioctl$BINDER_SET_CONTEXT_MGR_EXT(r3, 0x4018620d, &(0x7f0000004a80)={0x73622a85, 0x100, 0x1})
ioctl$BINDER_WRITE_READ(r2, 0xc0306201, &(0x7f00000004c0)={0x8, 0x0, &(0x7f0000000000)=[@acquire], 0x0, 0x0, 0x0})
ioctl$BINDER_WRITE_READ(r2, 0xc0306201, &(0x7f00000001c0)={0x4c, 0x0, &(0x7f0000000fc0)=[@transaction_sg={0x40486311, {0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x48, 0x18, &(0x7f0000000300)={@flat=@weak_binder={0x77622a85, 0x100a, 0x8000000000}, @flat=@weak_binder={0x77622a85, 0x1100, 0x3}}, &(0x7f0000000200)={0x0, 0x18, 0x30}}}], 0x0, 0x0, 0x0})
mmap$binder(&(0x7f0000ffe000/0x2000)=nil, 0x2000, 0x1, 0x11, r0, 0x10000000000)
ppoll(&(0x7f0000000a80)=[{r1, 0xd222}], 0x1, 0x0, 0x0, 0x0)
ioctl$BINDER_WRITE_READ(r3, 0xc0306201, &(0x7f0000004a40)={0x44, 0x0, &(0x7f00000049c0)=[@transaction={0x40406300, {0x3, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}}], 0x0, 0x0, 0x0})

2m7.431216348s ago: executing program 50 (id=6350):
r0 = openat$binderfs(0xffffffffffffff9c, &(0x7f00000000c0)='./binderfs/binder0\x00', 0x0, 0x0)
ioctl$BINDER_SET_CONTEXT_MGR_EXT(r0, 0x4018620d, &(0x7f0000000100))
r1 = openat$binderfs(0xffffffffffffff9c, &(0x7f0000000140)='./binderfs/binder0\x00', 0x0, 0x0)
ioctl$BINDER_WRITE_READ(r1, 0xc0306201, &(0x7f0000000080)={0x8, 0x0, &(0x7f0000000400)=[@increfs], 0x0, 0x0, 0x0})
r2 = dup3(r1, r0, 0x0)
r3 = openat$binderfs(0xffffffffffffff9c, &(0x7f0000000040)='./binderfs/binder0\x00', 0x0, 0x0)
mmap$binder(&(0x7f0000ffd000/0x3000)=nil, 0x3000, 0x1, 0x11, r3, 0x0)
ioctl$BINDER_SET_CONTEXT_MGR_EXT(r3, 0x4018620d, &(0x7f0000004a80)={0x73622a85, 0x100, 0x1})
ioctl$BINDER_WRITE_READ(r2, 0xc0306201, &(0x7f00000004c0)={0x8, 0x0, &(0x7f0000000000)=[@acquire], 0x0, 0x0, 0x0})
ioctl$BINDER_WRITE_READ(r2, 0xc0306201, &(0x7f00000001c0)={0x4c, 0x0, &(0x7f0000000fc0)=[@transaction_sg={0x40486311, {0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x48, 0x18, &(0x7f0000000300)={@flat=@weak_binder={0x77622a85, 0x100a, 0x8000000000}, @flat=@weak_binder={0x77622a85, 0x1100, 0x3}}, &(0x7f0000000200)={0x0, 0x18, 0x30}}}], 0x0, 0x0, 0x0})
mmap$binder(&(0x7f0000ffe000/0x2000)=nil, 0x2000, 0x1, 0x11, r0, 0x10000000000)
ppoll(&(0x7f0000000a80)=[{r1, 0xd222}], 0x1, 0x0, 0x0, 0x0)
ioctl$BINDER_WRITE_READ(r3, 0xc0306201, &(0x7f0000004a40)={0x44, 0x0, &(0x7f00000049c0)=[@transaction={0x40406300, {0x3, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}}], 0x0, 0x0, 0x0})

16.014069399s ago: executing program 1 (id=6665):
socketpair$unix(0x1, 0x3, 0x0, &(0x7f0000000080)={<r0=>0xffffffffffffffff, <r1=>0xffffffffffffffff})
connect$unix(r0, &(0x7f000057eff8)=@abs, 0x6e)
r2 = socket$netlink(0x10, 0x3, 0xc)
sendmsg$IPCTNL_MSG_EXP_GET(r2, &(0x7f0000000440)={0x0, 0x0, &(0x7f0000000400)={&(0x7f0000000240)={0x2c, 0x1, 0x2, 0x801, 0x0, 0x0, {0xa, 0x0, 0x9}, [@CTA_EXPECT_MASTER={0x18, 0x1, 0x0, 0x1, [@CTA_TUPLE_IP={0x14, 0x1, 0x0, 0x1, @ipv4={{0x8, 0x1, @remote}, {0x8, 0x2, @loopback}}}]}]}, 0x2c}, 0x1, 0x0, 0x0, 0x10}, 0x0)
sendmmsg$unix(r1, &(0x7f00000bd000), 0x318, 0x0)
recvmmsg(r0, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
sched_setattr(0x0, &(0x7f0000000280)={0x38, 0x5, 0x8, 0x8000, 0x0, 0x9, 0x0, 0x9493, 0xfa11, 0xffffffdf}, 0x0)
r3 = socket$nl_route(0x10, 0x3, 0x0)
sendmsg$nl_route(r3, 0x0, 0x8040)
ioctl$VIDIOC_S_FMT(0xffffffffffffffff, 0xc0d05605, 0x0)
munmap(&(0x7f000008b000/0x1000)=nil, 0x1000)
openat$binderfs(0xffffffffffffff9c, &(0x7f0000000380)='./binderfs/binder0\x00', 0x0, 0x0)
sendmsg$nl_netfilter(r2, &(0x7f00000001c0)={&(0x7f0000000000), 0xc, &(0x7f0000000040)={&(0x7f0000000100)=ANY=[@ANYBLOB="800000000101010d2bbd7000ffdbdf250700000548002f8004006a80040001802e00d100c741650230cea682986887be67ea977c4c9e929bace7c42a0e4aabfe6b6e421f82e9478e65535315ca2a00000c004000e7090000000000002200108008009200", @ANYRES32=r3, @ANYBLOB="04002200a823000000007f1df4376d716979"], 0x80}, 0x1, 0x0, 0x0, 0x8000}, 0x10)

14.881693332s ago: executing program 1 (id=6667):
socket$inet_mptcp(0x2, 0x1, 0x106)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0)
getpid()
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeef, 0x8031, 0xffffffffffffffff, 0x0)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={<r0=>0xffffffffffffffff, <r1=>0xffffffffffffffff})
connect$unix(r0, &(0x7f000057eff8)=@file={0x0, './file1\x00'}, 0x6e)
sendmmsg$unix(r1, &(0x7f0000000000), 0x400000000000041, 0x0)
recvmmsg(r0, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
writev(0xffffffffffffffff, &(0x7f0000000300)=[{0x0}], 0x1)
r2 = socket$netlink(0x10, 0x3, 0x0)
writev(r2, &(0x7f00000003c0)=[{&(0x7f0000000180)="390000001300034700bb65e1c3e4ffff01000000010000005600000025000000190004000400000007fd17e5ffff0800040000000000000000", 0x39}], 0x1)
writev(r2, &(0x7f0000000300)=[{&(0x7f0000000040)="390000001300034700bb5be1c3e4feff06000000010000004500000025000000190004000400ad000d00000000000006040000000000f93132", 0x39}], 0x1)

12.651430399s ago: executing program 9 (id=6671):
socketpair$unix(0x1, 0x3, 0x0, &(0x7f0000000080)={<r0=>0xffffffffffffffff, <r1=>0xffffffffffffffff})
connect$unix(r0, &(0x7f000057eff8)=@abs, 0x6e)
sendmmsg$unix(r1, &(0x7f00000bd000), 0x318, 0x0)
recvmmsg(r0, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
sendmsg(r1, 0x0, 0x0)
r2 = socket$unix(0x1, 0x2, 0x0)
bind$unix(r2, &(0x7f0000000100)=@file={0x1, '\xe9\x1fq\x89Y\x1e\x923aK\x00'}, 0x6e)
r3 = socket$unix(0x1, 0x2, 0x0)
connect$unix(r3, &(0x7f0000000180)=@file={0x1, '\xe9\x1fq\x89Y\x1e\x923aK\x00'}, 0x6e)
writev(r3, &(0x7f0000000240)=[{&(0x7f0000000000)="f1", 0x1}], 0x1)
setsockopt$SO_TIMESTAMP(r2, 0x1, 0x1d, &(0x7f0000000080)=0x6, 0x4)
setsockopt$SO_TIMESTAMPING(r2, 0x1, 0x41, 0x0, 0x0)
recvmmsg(r2, &(0x7f0000000300), 0x40000000000049e, 0x1000000000fe, 0x0)

10.319663562s ago: executing program 9 (id=6676):
r0 = socket$inet6(0xa, 0x3, 0x87)
setsockopt$inet6_IPV6_XFRM_POLICY(r0, 0x29, 0x23, &(0x7f0000000300)={{{@in=@initdev={0xac, 0x1e, 0x0, 0x0}, @in=@multicast2, 0x0, 0x2, 0x4e21, 0x0, 0xa}, {0x0, 0x0, 0x8000000}, {}, 0x0, 0x0, 0x1}, {{@in=@multicast2, 0x2000000, 0x33}, 0x0, @in6=@ipv4={'\x00', '\xff\xff', @broadcast}, 0x0, 0x0, 0x3, 0x3}}, 0xe8)
r1 = socket$nl_xfrm(0x10, 0x3, 0x6)
bind$netlink(r1, &(0x7f0000000000)={0x10, 0x0, 0x0, 0x10000000000041}, 0xc)
connect$inet6(r0, &(0x7f00000000c0), 0x1c)
r2 = syz_usb_connect$hid(0x2, 0x36, &(0x7f0000000240)={{0x12, 0x1, 0x0, 0x0, 0x0, 0x0, 0x40, 0x4f3, 0x755, 0x0, 0x0, 0x0, 0x0, 0x1, [{{0x9, 0x2, 0x24, 0x1, 0x0, 0x0, 0x40, 0xb1, [{{0x9, 0x4, 0x0, 0x0, 0x1, 0x3, 0x0, 0x1, 0x0, {0x9, 0x21, 0x101, 0x0, 0x1, {0x22, 0x5}}, {{{0x9, 0x5, 0x81, 0x3, 0x3ff, 0xc}}}}}]}}]}}, 0x0)
bpf$PROG_LOAD(0x5, &(0x7f0000000240)={0x3, 0x5, &(0x7f0000000300)=@framed={{0x18, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4}, [@call={0x85, 0x0, 0x0, 0x97}, @call={0x85, 0x0, 0x0, 0x23}]}, &(0x7f0000000200)='GPL\x00', 0x0, 0x0, 0x0, 0x41000, 0x1, '\x00', 0x0, @sched_cls, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
bpf$BPF_PROG_TEST_RUN(0xa, 0x0, 0x0)
syz_usb_control_io(r2, 0x0, 0x0)
syz_usb_control_io(r2, &(0x7f0000000000)={0x2c, &(0x7f0000000040)={0x20, 0x12, 0x7, {0xffffffffffffff17, 0x1, "00f4000000"}}, 0x0, 0x0, 0x0, 0x0}, 0x0)
mprotect(&(0x7f0000ffb000/0x2000)=nil, 0x2000, 0xa)
r3 = syz_open_dev$hidraw(&(0x7f0000000080), 0x0, 0x400)
ioctl$HIDIOCGRDESC(r3, 0x90044802, &(0x7f0000000280))
syz_usb_disconnect(r2)

10.306135201s ago: executing program 1 (id=6678):
syz_usb_connect(0x5, 0x24, &(0x7f0000001280)={{0x12, 0x1, 0x300, 0x0, 0x1f, 0x66, 0x8, 0x58f, 0x6610, 0x4805, 0x1, 0x2, 0x3, 0x1, [{{0x9, 0x2, 0x12, 0x1, 0x4, 0x95, 0x70, 0x81, [{{0x9, 0x4, 0x0, 0x81, 0x0, 0xff, 0xff, 0xff, 0x2}}]}}]}}, &(0x7f0000001700)={0xffffffa0, 0x0, 0x0, 0x0, 0x23})
r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000440), 0x141800, 0x0)
r1 = syz_open_procfs(0xffffffffffffffff, &(0x7f0000000880)='ns\x00')
fchdir(r1)
r2 = openat$sysfs(0xffffffffffffff9c, &(0x7f0000000080)='/sys/power/resume', 0x149a82, 0x0)
write$cgroup_int(r2, &(0x7f0000000040)=0x1c9, 0x12)
r3 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0)
ioctl$KVM_CAP_SPLIT_IRQCHIP(r3, 0x4068aea3, &(0x7f0000000040)={0x79, 0x0, 0x5})
r4 = eventfd2(0x0, 0x1)
r5 = syz_genetlink_get_family_id$nl80211(&(0x7f0000000140), r1)
sendmsg$NL80211_CMD_PROBE_MESH_LINK(r2, &(0x7f0000000200)={&(0x7f0000000100)={0x10, 0x0, 0x0, 0x2000000}, 0xc, &(0x7f0000000180)={&(0x7f0000000480)={0x334, r5, 0x100, 0x70bd29, 0x25dfdbfd, {{}, {@void, @val={0xc, 0x99, {0x200, 0x31}}}}, [@NL80211_ATTR_MAC={0xa}, @NL80211_ATTR_MAC={0xa, 0x6, @device_b}, @NL80211_ATTR_FRAME={0x2fc, 0x33, @data_frame={@msdu=@type00={{0x0, 0x2, 0x0, 0x0, 0x0, 0x1, 0x1, 0x0, 0x1, 0x0, 0x1}, {}, @device_a, @device_a, @from_mac=@device_b, {0x7, 0x9}, "", @void, @value=@ver_80211n={0x0, 0x4, 0x1, 0x0, 0x0, 0x0, 0x1}}, @random="494979e9c64157363afdcda970816d84279e9a7eb9fe3dcdf9a54c6feabf3bb3837b3d5aed017f488e8fe58cebe219d0e042ef1920c3b23463915e319657f352c2bc66b4ac8e511b83d9b09a0e12713da904800a7b3b4213b15ef39db9d018e83e23e9a44d727c125ffe5d71f25cfb9ac39a61c4066a70fa74750eb14bcbb91aa40655155bc51fe9265a20b11fd867f669512d35d1c258c7e43db87b1c0941ea1ae2e4fad02cd03403d06d3bf4fed30a87646307789f682ffe529ecb332dc5687d2d5720fc399eb33cb38ae954cb43a5b0c1e795168ca85d8c2010b3b7c6fa4c9f67047c04e5db67c5a08abddb259fd2c4535a21292814170466b01feef37d47a6feee4b36d187d236013f8d904bb12a3451715cba3411162bf9343ae708bf6aeb1f9a0742fd89e9b3f8f1f30762db4d3d9624221f9fdf46d777ce254b693697726819d0ad596a09d0284f9cfc6a5d054dda4b4c691f36ea5b7da089dc298033f8fd7427feae7d540d8bdde85dd8d13b4a77fa3bbe3288527794c38a8705810057a66d47eb8060a03f033b88f1c940fe96e9d16825ea59ef03f15f93ed8ae3691f18c66188f15480c2336d38d92708d4107c7e55a75b31f470229aa5dc6ea68ebde2c39296edee4f3c381eec4fc04d669a21ad3a9e68e5a8b26a428dd7edce45c7f37da88b92bdb23fc36f76e98b223e152bad0aee1d8286baa3926bb0e12852535aa1cc0a5fd6fb4b6fa17738e47c68320cb7d42d71fb8eebc78bfd8af04ed41d7153aa4c4b1d01ec1b8be245c420b06cda35e2c230453855bf8024cec0cb343199e7cc938ddd7d0ab9ced50db7e86cfea724ebc4abb13bef002e8ace73f2a64ec6c3128dc15571e82826110b4aaea7d2927b2d263b7b77fa59fbc7a7998c54b788d1e83c3e7a16e15d21af6da1d5614246c08d0a9db5c4329d34d2e0e41c02bbfc9d7df67606ddc8b48b6ea65fc78c6ea023419dca0506dfb5d02708f20f47f8f921ccc8236d91f3ce938c02d70869291ea7cafd07e763c54bea6a"}}]}, 0x334}, 0x1, 0x0, 0x0, 0x40}, 0x44)
ioctl$KVM_IRQFD(r3, 0x4020ae76, &(0x7f0000000000)={r4})
bpf$PROG_LOAD(0x5, &(0x7f00000017c0)={0x1, 0xe, &(0x7f0000000cc0)=ANY=[@ANYBLOB="b700000012edfffebfa30000000000000703000028feffff620af0fff8ffffff61a4f0ff000000001d040000000000007f000000000000005504000001ed0a002500000017ff2000dd40000000000000730a00fe000000007704000000000000e5000000000000009500000000000000023bc065b7a379d17cf9333379fc9e84af69912435f1b6a693002e7f3be361917adef6ee1c8a2b4f8ef1e50b91f32050e436fe275daf51efd601b6482a0800000098efefb202ee010400006e7a1de4a21f379dbf01de00b1b564fef3bef70548aed0d600c095199fe3ff3128e599b0eaebbdbd7359a48f5b0afc646cb7798b3e6440c2fbdb00a3e35208b0bbf12cd8dff0c710e4000000000000009fbe4b61a615c6c57a2b649dc74a1a610643b08d9ec21ead2ed51b104d4d91af25b8123deda8a3658d42ecbf1dbf6d8e8afcb913466aaa7f6df70252e79166d858fcd0e06dd31a76e42f2460d0b11008e59a5923906f88b53987ad1714e72ba7a54f0800d9b3a69b37caa964e4b7000000000000d5f728d236619074d6ebdf098bc908f50ae728a40f9411fe7226a4040bef29b66e3858d051c096e37c4f46010400000000c3da29faf75ddd1aa96960bca97af13382cb881cc1f62c0f8f8f0e8d76b86f9c45636614786f5a2cb77230a874640dcbe0b20bb77c022d4cab080078fce8c5c81b7037181fc2f18f781aaa6e2957d7e39cc1baddcb7ec6667e699f24e41697ee7ea23e4b29a8b6cc9a1f5a7b3caae05f13792292cb949b3aab06b1e042ff2164d80c605532b18ab1c156b97e5889685a96949e4cb40df77b8bb84b0e733a63784ccc214d930cbb7e090df9a2867b3acec439c163fcd7071b53ac29df826f8ae6d6e18c1eacf5bf870768d5217e9bb5a05d9e22ce67f1231bd236486727d970acc546087acbf30f2f8165b47ba56dfadd14b306e98931485747292c6fe6e188750cf4f87cce2aa7d67c7133a9f05954cde298a35ea6d715ba80aee63300000000000000000000000000000000000040000000000000000386000000b854adb4f8080064e8407c6bdb37114c80fbaa4a0ec5aaf4b0ac6f2128668279eb6fc144344e2d461c9a1be8fa0061ea9d55ee4716bea8e1cebf9ed39325a904514d8e90131bfc00000000000000d7c5af73c683625aaad5eda5004a76c9f8975ed4c5e4eb3e77e9885769754932609f19e2f615a01cb6d17fbf5cb539403cb0572534f054d5514ad8269b2bdf2ca4958a62a6e744f9a4c1e646e1dd2ca19583f0f8b0dc53debd7d44f334e6ed7445a9580f970e483b307c4b3c018bc194b23d37e6a2e52d8288e5aab6fec586d52386e8c07a88c88e8faec5f1b16b2014f6952ce7d6be12c6bdb9651ca6fc907061be311d1354e6295698594a73136237bee068d3819400e43544830a3f74b7942f22336953978a5b2032da4238cc61162c04c1297395b73e18c9387615a2bc87d9e2445f3d323d3fac347932a4bac694c55fe9d145906d410f58f1951405d10504efe402cae085afef5dbd617e87ddbd23834a50d7eb8e327fb5db12cbd6a9efe8e671c4f251fe3bf440cabdfe3400a670d14b9b3cd8d86e492997a0168c022ef3536bd1dc731f4f9f8cb6c3857fb8aaaa95024f8da775f72950212b84fc6133ae14d1429cd4905dabb52e43af7e65acf97b4951fa1e967d16a5ed642efc855a4a46b85cd079934ad3188276efae9387eaa2c910fb8de24b5d4fded86c3811ccd00520150b16000080122965558074956da5e4c3bbefcb64aa8be4456ed2caf0f49e4dcc1b7af0b51b9cafeda067b6bbf3aa4371f5e76ab3f60afea80bb066aafb7517f787b090f419a20278a3c779e03afd9a6af6fd518e5dce030f88ec5a5cb7601a161da0f8089322d84ac523040d13e1f1300c2c6555bce60d95dd3288e53435713f03add23f14c8db5555c62de4f626483632a2ab547f88dd6efec73a0271a19ca3aa860aa4dcaeeb9bd91a0cb429efae2a5fcc08b3a572969bbe91c921ac1476027772c87d1767e38ba49e3e57fafea83e495a6a1d1a4ebf83434986091dd66ffe3ffed0c39552a312e2db596d9c828c02f6fc13c8ddbb50bfd7dd8aa2f35f259fc83e007f00a292dd3b856faa4b7e66e1b64505f65900839df71a97d4d05d37f7ecf8ed9a22da26ae674bba16c204f6b2f8f74fc56b7126d7c11ece6e88ec41192aaee75415c58d264a2b6adae02c821b62428902aad499825ab85a348638384cd12e61dbde5c47056f0a20b4e2a2328d5db5cfe56557a129e6be231acf5f57995c60d9fca5f63a0dfd18054717120bda466d04774b530500d8b022719ca77a4e0a66b4708f791d849a5e2aaa0074a9560ede2600df5a5c41392fe9460080fcb1e65233fb8dbeec4c86dbcf6a0673e38d2d3615e5bfbde44afe0fa7564231fff7e7f1f3ad68492dd2ccb1decb15b5d7d3e37e8b7d28921c4b9280979521173f322df408d9818b6cc400098abb860600911480a876fbba698801937e8b4264eb6f5137bd9b075f1488d22230592a79000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000002f316aa0886c174b73decb46c1c85edf50d8fcbac5ff76b365611666da86a8e65b30e55ac1275e938706bd7c000000000000003f7cd4d5cb9076b81b7741ec03877afb5237ea1694addebc14c3ae49f88c462aa2050acf2d9a97d3be29a5614d1eba2c98cf0236401e02d7c445e50f76419ab4f78f67a09e63dd4faa2e7b59399f055f2fa278783fefb0a5ef0b41e14a6fe6ba306206670b84894e901a523fcbadfeff0492df6b53002514bc834e876810d9a6a78e70a9e22860c36a724770b4185de44db6bf21fef32a8d5b36d9014f38fee012365f963b2a85e7d8075c333475b9f0284405e3127dde7e41285fbe0bdd37220e316f2297743dd4731614a50c16c6a41744c3d24eab511317f97b7b4a1c2ec33fedc46e9bf0fa640eebd3d58f0ebdb7cb8ccffd6d6ab7e0e843591d2618e2d2cdc7081c8fafffe9c350a5c554a387de4ee7aac6478d99de7dd82bef044a6d33c789d566c90c46ad581aa250bc93b233a2291b5b10eebc49b6882f910547a77d55e26bf19f1d4661550b177ef53933a305e69b8a95119dcf5bda599d625054776151b2cd1fcde238bdc527594a6c17aa9728af7a3830e7092b01b119ea4e7e7f0e21527d622cc29c9f0c8720195368f8a9d3374337ab4d130619d93c5ef37e7ddd0b2da147e6e513455b88753446de959a6cbfa1ffbc7ad5d8c3b48017fd31dcf72f337b639253f44cb27a12174bc4c191e21015d0c431a71906eb9c6a14c8a060459ef26787ce3d1cbfd5cc459f0048b5d06f6cbd3e9b34c89f3fb2f951ae81d7fcc8bc0000000000000000000000000000000000010000009231feef3117197c7963c2ba910969f776c8b2ea3970f358107945d9e74e9bdfa58e68b65a9201bc4b73b431df5aa29f363917f90e3fa1eaf553db1c761dd9b634a9c4d7c21d24fe6d953ed9438cad0f8dfe03e5e2f73019352f1fb682a5a6ebbf24ebc49e3d7058e696eb3f4b642f36c9006c0067e24a64aa8c53dd824a4ee271e35ed9eed636338f1835fc957729d63dc1bfc7b772cbe536c2d3aff27c22f9a2f876512616a5bdaf22a16e19d1b5f52abb40b433983d0cf50234de659c1a397ce901000000caae1bcfdce33dae6adc260321702f239c25ab181390e7dc8c1e5b1cf3b4fef1cd5c44a89b5e5d8314e02f4673ded90bce9a4025b0232eec970f7aa17f175a14e8dc8de9bac0006b98a8283eee5665f3aede28228e0468db"], &(0x7f00000001c0)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x8, &(0x7f0000000000), 0x0, 0x10, &(0x7f0000000000), 0x1e}, 0x48)

10.272560588s ago: executing program 3 (id=6679):
socketpair$unix(0x1, 0x3, 0x0, &(0x7f0000000080)={<r0=>0xffffffffffffffff, <r1=>0xffffffffffffffff})
connect$unix(r0, &(0x7f0000000300)=@abs, 0x6e)
sendmmsg$unix(r1, &(0x7f00000bd000), 0x318, 0x0)
recvmmsg(r0, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
sendmsg(r1, &(0x7f0000000180)={0x0, 0x39, 0x0}, 0x0)
sigaltstack(&(0x7f0000000480)={&(0x7f0000004000)=""/4126, 0x80000001, 0x101e}, 0x0)
r2 = gettid()
timer_create(0x0, &(0x7f0000000080)={0x0, 0x21, 0x800000000004, @tid=r2}, &(0x7f0000bbdffc)=<r3=>0x0)
ioctl$TUNGETDEVNETNS(0xffffffffffffffff, 0xff05, 0x0)
timer_settime(0x0, 0x0, &(0x7f0000000240)={{0x0, 0x8}, {0x0, 0x9}}, 0x0)
timer_settime(r3, 0x1, &(0x7f0000000100)={{}, {0x0, 0x989680}}, 0x0)
sendmsg$NFT_BATCH(0xffffffffffffffff, 0x0, 0x0)

8.97293375s ago: executing program 7 (id=6682):
socketpair$unix(0x1, 0x3, 0x0, &(0x7f0000000080)={<r0=>0xffffffffffffffff, <r1=>0xffffffffffffffff})
connect$unix(r0, &(0x7f0000000300)=@abs, 0x6e)
sendmmsg$unix(r1, &(0x7f00000bd000), 0x318, 0x0)
recvmmsg(r0, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
io_setup(0x20, 0x0)
close_range(0xffffffffffffffff, 0xffffffffffffffff, 0x2)
r2 = socket$alg(0x26, 0x5, 0x0)
bind$alg(r2, &(0x7f0000000180)={0x26, 'rng\x00', 0x0, 0x0, 'stdrng\x00'}, 0x58)
r3 = syz_io_uring_setup(0x10f, &(0x7f00000000c0)={0x0, 0x211a, 0x0, 0x4, 0x306}, &(0x7f0000000340)=<r4=>0x0, &(0x7f0000000280)=<r5=>0x0)
syz_memcpy_off$IO_URING_METADATA_GENERIC(r4, 0x4, &(0x7f0000000040)=0xffefffdc, 0x0, 0x4)
syz_io_uring_submit(r4, r5, &(0x7f00000002c0)=@IORING_OP_ACCEPT={0xd, 0x0, 0x1, r2, 0x0})
io_uring_enter(r3, 0x3516, 0xc2de, 0x8, 0x0, 0x0)

8.17853526s ago: executing program 5 (id=6683):
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
mknodat(0xffffffffffffff9c, &(0x7f0000000140)='./file4\x00', 0x11c0, 0x80000)
openat2$dir(0xffffffffffffff9c, &(0x7f00000001c0)='./file4\x00', &(0x7f0000000380)={0x40440, 0x15c, 0x12}, 0x18)
bpf$BPF_LINK_CREATE_XDP(0x1c, &(0x7f0000000480)={0xffffffffffffffff, 0x0, 0x25, 0x2, @val=@uprobe_multi={0x0, 0x0, 0x0, 0x6, 0x0, 0x1}}, 0x40)
r0 = openat$vhost_vsock(0xffffffffffffff9c, &(0x7f00000015c0), 0x2, 0x0)
ioctl$VHOST_SET_VRING_BASE(r0, 0xaf01, 0x0)
r1 = eventfd(0xc)
ioctl$VHOST_SET_LOG_FD(r0, 0x4004af07, &(0x7f0000000240)=r1)
ioctl$VHOST_SET_VRING_KICK(r0, 0x4008af20, &(0x7f0000000040)={0x1, r1})
ioctl$VHOST_SET_VRING_ADDR(r0, 0x4028af11, &(0x7f0000000140)={0x0, 0x0, 0x0, &(0x7f0000000500)=""/67, 0x0})
ioctl$VHOST_SET_VRING_ADDR(r0, 0x4028af11, &(0x7f0000000280)={0x1, 0x1, &(0x7f0000000380)=""/247, &(0x7f00000000c0)=""/87, &(0x7f0000000480)=""/74})
ioctl$VHOST_SET_MEM_TABLE(r0, 0x4008af03, &(0x7f0000000e40)={0x3, 0x0, [{0x0, 0xf3, &(0x7f00000008c0)=""/243}, {0xdddd0000, 0x8e, &(0x7f0000000580)=""/142}, {0xffff1000, 0x1000, &(0x7f0000004200)=""/4096}]})
ioctl$VHOST_SET_VRING_ERR(r0, 0x4008af22, &(0x7f00000002c0)={0x1, r1})
ioctl$VHOST_VSOCK_SET_RUNNING(r0, 0x4004af61, &(0x7f0000000000)=0x1)

8.160502973s ago: executing program 3 (id=6684):
madvise(&(0x7f0000ffb000/0x4000)=nil, 0x4000, 0x65)
socketpair$unix(0x1, 0x3, 0x0, &(0x7f0000000080)={<r0=>0xffffffffffffffff, <r1=>0xffffffffffffffff})
connect$unix(r0, &(0x7f000057eff8)=@abs, 0x6e)
sendmmsg$unix(r1, &(0x7f00000bd000), 0x318, 0x0)
recvmmsg(r0, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
sendmsg(r1, &(0x7f0000000180)={0x0, 0x0, 0x0}, 0x0)
r2 = gettid()
timer_create(0x7, &(0x7f0000533fa0)={0x0, 0x21, 0x800000000004, @tid=r2}, &(0x7f0000bbdffc))
timer_settime(0x0, 0x0, &(0x7f0000000280)={{0x0, 0x989680}, {0x0, 0x989680}}, 0x0)
r3 = socket$inet(0x2, 0x2, 0x0)
setsockopt$sock_int(r3, 0x1, 0x2e, &(0x7f0000000180)=0x7b, 0x4)
shutdown(r3, 0x0)
recvmmsg(r3, &(0x7f00000066c0), 0xa0d, 0x0, 0x0)

7.46868055s ago: executing program 7 (id=6685):
r0 = socket$nl_netfilter(0x10, 0x3, 0xc)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000080)={<r1=>0xffffffffffffffff, <r2=>0xffffffffffffffff})
connect$unix(r1, &(0x7f000057eff8)=@abs, 0x6e)
sendmmsg$unix(r2, &(0x7f00000bd000), 0x318, 0x0)
recvmmsg(r1, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
sched_setattr(0x0, &(0x7f0000000300)={0x38, 0x0, 0x8, 0x8001, 0x0, 0x9, 0x2, 0xfffffe0000000001, 0xfa11, 0xffffffff}, 0x0)
write$USERIO_CMD_SEND_INTERRUPT(0xffffffffffffffff, 0x0, 0x0)
write$cgroup_int(0xffffffffffffffff, 0x0, 0x0)
setsockopt$packet_tx_ring(0xffffffffffffffff, 0x107, 0x5, 0x0, 0x0)
socket$inet_udp(0x2, 0x2, 0x0)
sendmsg$NFT_BATCH(r0, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000080)={&(0x7f0000000240)=ANY=[@ANYBLOB="140000001000010000000000000000000500000a28000000000a030000000000000000000a00000708000240000000020900010073797a31000000002c000000030a010100000000000000000a0000070900010073797a31000000000900030073797a320000000014000000110001"], 0x7c}, 0x1, 0x0, 0x0, 0x4000}, 0x0)
sendmsg$NFT_BATCH(r0, &(0x7f0000009b40)={0x0, 0x0, &(0x7f0000009b00)={&(0x7f0000000100)=ANY=[@ANYBLOB="140000001000010000000000000000000500000a5c000000090a010400000000000000000a0000040900010073797a310000000008000540000000020900020073797a310000000008000a40fffffffc200011800e000100636f6e6e6c696d69740000000c00028008000140fffff27414000000110001"], 0x84}, 0x1, 0x0, 0x0, 0x40008d0}, 0x40)
sendmsg$NFT_BATCH(r0, &(0x7f0000000200)={0x0, 0x0, &(0x7f0000009b00)={&(0x7f00000002c0)={{0x14, 0x10, 0x1, 0x0, 0x0, {0x5}}, [@NFT_MSG_NEWSETELEM={0x40, 0xc, 0xa, 0x401, 0x0, 0x0, {0xa, 0x0, 0x6}, [@NFTA_SET_ELEM_LIST_SET={0x9, 0x2, 'syz1\x00'}, @NFTA_SET_ELEM_LIST_TABLE={0x9, 0x1, 'syz1\x00'}, @NFTA_SET_ELEM_LIST_ELEMENTS={0x14, 0x3, 0x0, 0x1, [{0x10, 0x0, 0x0, 0x1, [@NFTA_SET_ELEM_KEY={0xc, 0x1, 0x0, 0x1, [@NFTA_DATA_VALUE={0x6, 0x1, "d65b"}]}]}]}]}], {0x14, 0x11, 0x1, 0x0, 0x0, {0x7}}}, 0x68}, 0x1, 0x0, 0x0, 0x24000840}, 0x40)

7.357757046s ago: executing program 9 (id=6686):
socket$netlink(0x10, 0x3, 0x0)
r0 = socket$nl_generic(0x10, 0x3, 0x10)
r1 = syz_genetlink_get_family_id$mptcp(&(0x7f0000000000), 0xffffffffffffffff)
sendmsg$MPTCP_PM_CMD_ADD_ADDR(r0, &(0x7f0000000400)={0x0, 0x0, &(0x7f00000003c0)={&(0x7f0000000300)={0x38, r1, 0x1, 0x0, 0x0, {}, [@MPTCP_PM_ATTR_ADDR={0x24, 0x1, 0x0, 0x1, [@MPTCP_PM_ADDR_ATTR_PORT={0x6, 0x5, 0x4e23}, @MPTCP_PM_ADDR_ATTR_FAMILY={0x6, 0x1, 0x2}, @MPTCP_PM_ADDR_ATTR_ADDR4={0x8, 0x3, @multicast1=0xac1414aa}, @MPTCP_PM_ADDR_ATTR_FLAGS={0x8, 0x6, 0x1}]}]}, 0x38}}, 0x0)
r2 = socket$inet6_tcp(0xa, 0x1, 0x0)
close(r2)
r3 = socket$inet6_mptcp(0xa, 0x1, 0x106)
bind$inet6(r2, &(0x7f0000000080)={0xa, 0x4e22, 0x0, @empty}, 0x1c)
listen(r3, 0x0)
r4 = socket$inet_mptcp(0x2, 0x1, 0x106)
connect$inet(r4, &(0x7f0000000000)={0x2, 0x4e22, @local}, 0x10)
r5 = socket$nl_generic(0x10, 0x3, 0x10)
r6 = syz_genetlink_get_family_id$mptcp(&(0x7f0000000000), 0xffffffffffffffff)
sendmsg$MPTCP_PM_CMD_ADD_ADDR(r5, &(0x7f0000000400)={0x0, 0x0, &(0x7f00000003c0)={&(0x7f0000000300)={0x30, r6, 0x1, 0x0, 0x0, {}, [@MPTCP_PM_ATTR_ADDR={0x1c, 0x1, 0x0, 0x1, [@MPTCP_PM_ADDR_ATTR_FAMILY={0x6, 0x1, 0x2}, @MPTCP_PM_ADDR_ATTR_ADDR4={0x8, 0x3, @multicast1=0xac1414aa}, @MPTCP_PM_ADDR_ATTR_FLAGS={0x8, 0x6, 0x3}]}]}, 0x30}}, 0x0)

7.109727863s ago: executing program 5 (id=6687):
r0 = openat$kvm(0xffffffffffffff9c, 0x0, 0x40, 0x0)
r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0)
ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0)
r2 = socket$nl_route(0x10, 0x3, 0x0)
r3 = socket$nl_route(0x10, 0x3, 0x0)
ioctl$ifreq_SIOCGIFINDEX_batadv_hard(r3, 0x8933, &(0x7f0000000040)={'batadv_slave_1\x00', <r4=>0x0})
prlimit64(0x0, 0xe, &(0x7f0000000140)={0xa, 0x88}, 0x0)
getpid()
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={0xffffffffffffffff, <r5=>0xffffffffffffffff})
sendmmsg$unix(r5, &(0x7f0000000000), 0x651, 0x0)
bpf$MAP_CREATE(0x0, &(0x7f00000009c0)=ANY=[@ANYBLOB="0e000000040000000800000008"], 0x48)
bpf$PROG_LOAD(0x5, &(0x7f0000000300)={0xa, 0xc, &(0x7f0000000440)=ANY=[], 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, '\x00', 0x0, @fallback=0x15, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
bpf$PROG_LOAD(0x5, 0x0, 0x0)
sendmsg$nl_route(r2, &(0x7f0000000140)={0x0, 0x0, &(0x7f00000000c0)={&(0x7f00000002c0)=ANY=[@ANYBLOB="280000001400090a0000000000000000021f4800", @ANYRES32=r4, @ANYBLOB="08000200e4d4c21e080008004c06"], 0x28}, 0x1, 0x0, 0x0, 0x20008000}, 0x0)

7.09098427s ago: executing program 1 (id=6688):
r0 = socket$inet_smc(0x2b, 0x1, 0x0)
ioctl$sock_SIOCETHTOOL(r0, 0x8946, &(0x7f0000000100)={'netdevsim0\x00', &(0x7f0000000000)=@ethtool_ringparam={0x33, 0x0, 0x802e2e, 0x0, 0x0, 0x0, 0x0, 0x0, 0x401}})
r1 = openat$rfkill(0xffffffffffffff9c, &(0x7f0000000180), 0x20801, 0x0)
write$rfkill(r1, &(0x7f0000000100)={0x0, 0x2, 0x3, 0x1}, 0x8)
r2 = add_key(&(0x7f00000002c0)='keyring\x00', &(0x7f0000000300)={'syz', 0x0}, 0x0, 0x0, 0xfffffffffffffffe)
add_key$user(&(0x7f00000001c0), &(0x7f0000000080)={'syz', 0x3}, &(0x7f0000000100)="d8", 0x1, r2)
keyctl$KEYCTL_RESTRICT_KEYRING(0x1d, r2, &(0x7f00000000c0)='asymmetric\x00', &(0x7f0000000480))
request_key(&(0x7f0000000400)='user\x00', &(0x7f0000000440)={'syz', 0x3}, 0x0, r2)
openat$snapshot(0xffffffffffffff9c, &(0x7f00000002c0), 0x40040, 0x0)
prctl$PR_SET_SYSCALL_USER_DISPATCH_ON(0x3b, 0x1, 0x0, 0x0, &(0x7f0000006680))
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0x2, 0x8031, 0xffffffffffffffff, 0x0)
madvise(&(0x7f0000000000/0x600000)=nil, 0x600000, 0x4)
readv(0xffffffffffffffff, 0x0, 0x0)

6.921107863s ago: executing program 5 (id=6689):
socket$inet_mptcp(0x2, 0x1, 0x106)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0)
getpid()
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeef, 0x8031, 0xffffffffffffffff, 0x0)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={<r0=>0xffffffffffffffff, <r1=>0xffffffffffffffff})
connect$unix(r0, &(0x7f000057eff8)=@file={0x0, './file1\x00'}, 0x6e)
sendmmsg$unix(r1, &(0x7f0000000000), 0x400000000000041, 0x0)
recvmmsg(r0, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
writev(0xffffffffffffffff, &(0x7f0000000300)=[{0x0}], 0x1)
r2 = socket$netlink(0x10, 0x3, 0x0)
writev(r2, &(0x7f00000003c0)=[{&(0x7f0000000180)="390000001300034700bb65e1c3e4ffff01000000010000005600000025000000190004000400000007fd17e5ffff0800040000000000000000", 0x39}], 0x1)
writev(r2, &(0x7f0000000300)=[{&(0x7f0000000040)="390000001300034700bb5be1c3e4feff06000000010000004500000025000000190004000400ad000d00000000000006040000000000f93132", 0x39}], 0x1)

6.204984449s ago: executing program 9 (id=6690):
socketpair$unix(0x1, 0x2, 0x0, &(0x7f00000001c0)={<r0=>0xffffffffffffffff, <r1=>0xffffffffffffffff})
connect$unix(r0, &(0x7f000057eff8)=@abs, 0x6e)
sendmmsg$unix(r1, &(0x7f00000bd000), 0x318, 0x0)
recvmmsg(r0, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
sendmsg(r1, &(0x7f0000000180)={0x0, 0x0, 0x0}, 0x0)
sched_setattr(0x0, &(0x7f0000000100)={0x38, 0x5, 0x0, 0x0, 0x0, 0xb49, 0x9, 0x8, 0x0, 0x3}, 0x0)
r2 = socket$can_j1939(0x1d, 0x2, 0x7)
ioctl$ifreq_SIOCGIFINDEX_vcan(0xffffffffffffffff, 0x8933, 0x0)
connect$can_j1939(r2, 0x0, 0x0)
syz_usb_connect$uac1(0x0, 0xac, 0x0, 0x0)
r3 = syz_open_dev$video(&(0x7f0000000b40), 0x7, 0x28000)
preadv(r3, &(0x7f0000001200)=[{&(0x7f0000000c00)=""/113, 0x71}], 0x1, 0x4, 0xb)
ioctl$VIDIOC_LOG_STATUS(r3, 0x5646, 0x0)

5.416381042s ago: executing program 3 (id=6691):
r0 = socket(0x1e, 0x4, 0x0)
ioctl$DRM_IOCTL_MODE_CREATE_LEASE(0xffffffffffffffff, 0xc01864c6, 0x0)
close(0x3)
r1 = openat$audio(0xffffffffffffff9c, &(0x7f0000000040), 0x0, 0x0)
ioctl$SNDCTL_DSP_SETFRAGMENT(r1, 0xc004500a, &(0x7f0000000100))
ioctl$SNDCTL_DSP_CHANNELS(r1, 0xc0045006, 0x0)
openat$uinput(0xffffffffffffff9c, 0x0, 0x802, 0x0)
ioctl$UI_DEV_SETUP(0xffffffffffffffff, 0x5501, 0x0)
read$dsp(r1, &(0x7f00000011c0)=""/4117, 0x200021d5)
r2 = dup(r0)
r3 = syz_io_uring_setup(0x10e, &(0x7f0000001480)={0x0, 0x4008d2dc, 0x400, 0xfffffffd, 0xd6, 0x0, r2}, &(0x7f0000000200)=<r4=>0x0, &(0x7f0000000000)=<r5=>0x0)
syz_memcpy_off$IO_URING_METADATA_GENERIC(r4, 0x4, &(0x7f0000000080)=0xfffffffc, 0x0, 0x4)
syz_io_uring_submit(r4, r5, &(0x7f00000002c0)=@IORING_OP_ACCEPT={0xd, 0x40, 0x5, r2, 0x0, 0x0, 0x0, 0x80000})
io_uring_enter(r3, 0x47f5, 0x0, 0x0, 0x0, 0x0)

5.378602031s ago: executing program 7 (id=6692):
openat$rfkill(0xffffffffffffff9c, &(0x7f0000000400), 0x0, 0x0)
r0 = socket$packet(0x11, 0x3, 0x300)
ioctl$sock_SIOCGIFINDEX(r0, 0x8933, &(0x7f0000000000)={'syz_tun\x00', <r1=>0x0})
socket$packet(0x11, 0x3, 0x300)
socket$nl_generic(0x10, 0x3, 0x10)
bind$packet(r0, &(0x7f0000000300)={0x11, 0x0, r1, 0x1, 0x0, 0x6, @remote}, 0x14)
r2 = syz_open_procfs(0x0, &(0x7f00000000c0)='net/ptype\x00')
openat$ttyS3(0xffffffffffffff9c, &(0x7f0000000040), 0x0, 0x0)
socket$nl_route(0x10, 0x3, 0x0)
r3 = socket$packet(0x11, 0x3, 0x300)
socketpair(0x1, 0x20000000000001, 0x0, &(0x7f0000000100)={0xffffffffffffffff, <r4=>0xffffffffffffffff})
getsockname$packet(r4, &(0x7f0000000100)={0x11, 0x0, <r5=>0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000140)=0x14)
bind$packet(r3, &(0x7f0000000280)={0x11, 0x0, r5, 0x1, 0xf, 0x6, @multicast}, 0x14)
preadv(r2, &(0x7f0000000180)=[{&(0x7f0000000600)=""/222, 0xde}], 0x1, 0x1a, 0x0)

4.332959648s ago: executing program 3 (id=6693):
socketpair$unix(0x1, 0x3, 0x0, 0x0)
connect$unix(0xffffffffffffffff, 0x0, 0x0)
r0 = syz_usb_connect(0x5, 0x46, &(0x7f0000000780)=ANY=[@ANYBLOB="12010000e75fcc08c0070515c5b8010203010902340001000080000904ba00038e4ee2000905000000041a06010905010300021007c109050c04400006030f07059acbf5"], 0x0)
syz_usb_control_io$printer(r0, &(0x7f00000003c0)={0x14, 0x0, &(0x7f00000002c0)={0x0, 0x3, 0x2, @string={0x2}}}, 0x0)
syz_open_dev$char_usb(0xc, 0xb4, 0x0)
r1 = openat$vhost_vsock(0xffffffffffffff9c, &(0x7f00000015c0), 0x2, 0x0)
r2 = socket$kcm(0x10, 0x2, 0x4)
sendmsg$kcm(r2, 0x0, 0x20000000)
ioctl$VHOST_SET_VRING_BASE(r1, 0xaf01, 0x0)
setsockopt$MRT6_ADD_MIF(0xffffffffffffffff, 0x29, 0xca, 0x0, 0x59)
syz_open_dev$usbfs(0x0, 0x204, 0x2)
socket(0x14, 0x80000, 0x9)
socket$rxrpc(0x21, 0x2, 0xa)

3.963120594s ago: executing program 7 (id=6694):
getdents(0xffffffffffffffff, 0x0, 0x0)
socket$nl_route(0x10, 0x3, 0x0)
r0 = openat$fb0(0xffffffffffffff9c, 0x0, 0x0, 0x0)
read(r0, 0x0, 0x0)
r1 = syz_open_dev$sndctrl(&(0x7f0000000300), 0x1, 0x0)
ioctl$SNDRV_CTL_IOCTL_ELEM_READ(r1, 0xc2c45512, &(0x7f0000000340)={{0x7}, 0x0, [0x0, 0x0, 0x0, 0x0, 0x0, 0x100000, 0x0, 0x4000000, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4, 0x0, 0x0, 0x6, 0x0, 0x1000000, 0x0, 0x0, 0x400000, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x6, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x9, 0x0, 0x0, 0x0, 0xc13, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xfffffffd, 0x0, 0x0, 0x0, 0x0, 0xffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x9, 0x0, 0x0, 0x6, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2000]})
r2 = openat$apparmor_thread_current(0xffffff9c, &(0x7f0000000000), 0x2, 0x0)
r3 = socket$nl_generic(0x10, 0x3, 0x10)
r4 = syz_genetlink_get_family_id$l2tp(&(0x7f0000000680), r3)
sendmsg$L2TP_CMD_TUNNEL_CREATE(r3, &(0x7f0000000240)={0x0, 0x0, &(0x7f0000000380)={&(0x7f0000000000)=ANY=[@ANYBLOB='X\x00\x00\x00', @ANYRES16=r4, @ANYBLOB="170900000000000000000100000005000700000000000800090000000000060002000000000008000a000000000008001800ac1414aa08001900ffffffff14001b00fe"], 0x58}, 0x1, 0x0, 0x0, 0x44000}, 0x0)
ppoll(&(0x7f0000000080)=[{r2, 0x2020}, {r3, 0x1000}], 0x2, &(0x7f00000000c0), &(0x7f0000000100)={[0x6bd9, 0x3be6dd5]}, 0x8)
socket$nl_generic(0x10, 0x3, 0x10)
syz_usb_connect$uac1(0x0, 0x94, &(0x7f0000000480)=ANY=[@ANYBLOB="12010000000000106b1d01014000010203010902820003010000000904000000010100000a24010000000201020c24020000000000000000000904010000010200000904010101010200000724010000000009050109000000000007250101000000090402000001020000090402010101ff0f0009240202000000000007240100000110090582"], 0x0)

3.632380088s ago: executing program 5 (id=6695):
r0 = openat$tun(0xffffffffffffff9c, &(0x7f0000000000), 0x40241, 0x0)
syz_usb_connect(0x3, 0x24, &(0x7f00000003c0)={{0x12, 0x1, 0x300, 0x13, 0xdc, 0xa5, 0x40, 0x7ca, 0x1867, 0xa9e7, 0x1, 0x2, 0x3, 0x1, [{{0x9, 0x2, 0x12, 0x1, 0x5, 0x10, 0xe0, 0x84, [{{0x9, 0x4, 0x1b, 0x9, 0x0, 0x15, 0x82, 0x69, 0x3}}]}}]}}, &(0x7f0000000d40)={0x0, 0x0, 0x0, 0x0})
ioctl$TUNSETIFF(r0, 0x400454ca, &(0x7f0000000200)={'syzkaller1\x00', 0xc201})
r1 = syz_open_dev$sndmidi(&(0x7f0000000040), 0x2, 0x141101)
r2 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0)
r3 = ioctl$KVM_CREATE_VM(r2, 0xae01, 0x0)
prlimit64(0x0, 0x7, &(0x7f0000000140), 0x0)
ioctl$KVM_CREATE_DEVICE(r3, 0xc00caee0, &(0x7f0000000100)={0x4})
r4 = epoll_create1(0x0)
epoll_pwait2(r4, &(0x7f00000003c0)=[{}], 0x1, 0x0, 0x0, 0x0)
epoll_ctl$EPOLL_CTL_ADD(r4, 0x1, r1, &(0x7f0000000100)={0x20000014})
r5 = socket$kcm(0x2, 0xa, 0x2)
ioctl$SIOCSIFHWADDR(r5, 0x8914, &(0x7f0000000180)={'syzkaller1\x00', @link_local})
socket$nl_netfilter(0x10, 0x3, 0xc)

3.539813809s ago: executing program 1 (id=6696):
openat(0xffffffffffffff9c, 0x0, 0x42, 0x0)
bpf$MAP_CREATE(0x0, 0x0, 0x50)
bpf$PROG_LOAD(0x5, 0x0, 0x0)
r0 = bpf$MAP_CREATE(0x0, &(0x7f00000002c0)=ANY=[@ANYBLOB="0b00000007000000010001000900000001"], 0x48)
bpf$MAP_GET_NEXT_KEY(0x2, &(0x7f0000000080)={r0, &(0x7f0000000080), &(0x7f0000000300)=""/180}, 0x20)
bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x5, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32=r0, @ANYBLOB="0000000000000000b70800000d0000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b704000000000000850000000100000095"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback=0x2b, 0xffffffffffffffff, 0x0, 0x0, 0xfffffffffffffe97, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
r1 = bpf$PROG_LOAD(0x5, &(0x7f00000007c0)={0x11, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000880)='GPL\x00', 0x0, 0x0, 0x0, 0x41100, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f00000001c0)={&(0x7f0000000080)='kfree\x00', r1}, 0x10)
openat$sndtimer(0xffffffffffffff9c, &(0x7f0000000000), 0x0)
r2 = socket$nl_xfrm(0x10, 0x3, 0x6)
sendmsg$nl_xfrm(r2, &(0x7f0000000340)={0x0, 0x0, &(0x7f0000000300)={&(0x7f0000000140)=@allocspi={0xf8, 0x16, 0x1, 0x0, 0x0, {{{@in=@private=0xa010100, @in6=@ipv4={'\x00', '\xff\xff', @empty}, 0x0, 0x0, 0x0, 0x0, 0x0, 0x80, 0xa0}, {@in6=@ipv4={'\x00', '\xff\xff', @dev={0xac, 0x14, 0x14, 0x20}}, 0x0, 0x33}, @in6=@empty, {0x0, 0x0, 0x0, 0x0, 0xffffffffffffffff, 0xfffffffffffffff1, 0x3}, {0x0, 0x0, 0x2, 0xfffffffffffffffe}, {0x0, 0x0, 0x796}, 0x0, 0x0, 0x0, 0x0, 0x0, 0xe55286f1921f74be}, 0x0, 0x1a0b1}}, 0xf8}}, 0x0)
openat(0xffffffffffffff9c, 0x0, 0x0, 0x0)
r3 = socket$nl_xfrm(0x10, 0x3, 0x6)
sendmsg$nl_xfrm(r3, &(0x7f0000000040)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000080)=ANY=[@ANYBLOB="20010000120013070000000000000000e0000001000000000000000000000000fc00"/64, @ANYRES32=0x0, @ANYRES32=0x0, @ANYBLOB="fc020000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000072c42572f64a264410b000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000fbc18c8582fc7800000000000000000000000050019000000000028001a"], 0x120}}, 0x0)

3.317371097s ago: executing program 1 (id=6697):
socket$nl_generic(0x10, 0x3, 0x10)
socket$nl_generic(0x10, 0x3, 0x10)
syz_open_dev$vbi(&(0x7f0000000000), 0x0, 0x2)
syz_open_dev$vbi(&(0x7f0000000000), 0x0, 0x2)
ppoll(0x0, 0x0, 0x0, 0x0, 0x0)
r0 = syz_usb_connect$hid(0x0, 0x36, &(0x7f0000000040)={{0x12, 0x1, 0x0, 0x0, 0x0, 0x0, 0x20, 0x403, 0x6030, 0x0, 0x0, 0x0, 0x0, 0x1, [{{0x9, 0x2, 0x24, 0x1, 0x0, 0x0, 0x0, 0x0, [{{0x9, 0x4, 0x0, 0x0, 0x1, 0x3, 0x0, 0x0, 0x0, {0x9, 0x21, 0x0, 0x0, 0x1, {0x22, 0x2}}}}]}}]}}, 0x0)
syz_usb_control_io(r0, 0x0, 0x0)
syz_usb_control_io$hid(r0, &(0x7f0000000000)={0x24, 0x0, 0x0, &(0x7f0000000140)={0x0, 0x22, 0x2, {[@main=@item_012={0x1, 0x0, 0x7, "a4"}]}}, 0x0}, 0x0)
syz_usb_control_io(r0, 0x0, &(0x7f0000000940)={0x84, &(0x7f00000004c0)={0x0, 0x14, 0xd, "5e6424818327b2369deca65eb2"}, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0})
syz_usb_control_io(r0, 0x0, &(0x7f0000000880)={0x84, &(0x7f00000003c0)=ANY=[@ANYBLOB='\x00\x00M'], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0})
syz_usb_control_io$hid(r0, 0x0, 0x0)
syz_usb_control_io(r0, 0x0, &(0x7f0000000b00)={0x84, &(0x7f0000000600)=ANY=[@ANYBLOB="200e06"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0})
r1 = syz_open_dev$I2C(&(0x7f0000000000), 0x1, 0x402)
ioctl$I2C_RDWR(r1, 0x707, &(0x7f0000000200)={&(0x7f0000000240)=[{0x3137, 0x1800, 0x0, 0x0}], 0x1})

2.978428431s ago: executing program 9 (id=6698):
socket$nl_netfilter(0x10, 0x3, 0xc)
openat$mice(0xffffffffffffff9c, &(0x7f0000000000), 0x200080)
bpf$MAP_CREATE(0x0, &(0x7f0000000080)=ANY=[@ANYBLOB="010000000300000005"], 0x50)
syz_emit_ethernet(0x46, &(0x7f0000000000)=ANY=[@ANYBLOB="aaaaaaaaaaaaffffffffffff86dd6016000000102b00fc0100000000000000e2ff0000000000fe8000000000000000000400"], 0x0)
connect$l2tp6(0xffffffffffffffff, &(0x7f0000000000)={0xa, 0x0, 0x0, @remote, 0xa}, 0x20)
r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000200), 0x40000, 0x0)
r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0)
ioctl$KVM_SET_USER_MEMORY_REGION(r1, 0x4020ae46, &(0x7f0000000400)={0x0, 0x0, 0x0, 0x20002000, &(0x7f0000000000/0x2000)=nil})
r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0)
writev(0xffffffffffffffff, &(0x7f0000000180)=[{&(0x7f0000000080)='v', 0x34000}], 0x1)
ioctl$KVM_RUN(r2, 0xae80, 0x0)
syz_kvm_setup_cpu$x86(0xffffffffffffffff, 0xffffffffffffffff, &(0x7f0000fe8000/0x18000)=nil, &(0x7f0000000140)=[@text32={0x20, &(0x7f0000000180)="66b80e010f00d0b0060f21a20f01c40f009b2700000066b80c008ee00f3235008000000f30b80e0000000f23d80f21f835800000a00f23f8c9b9490300000f60b932c00a00b9730200000f32328fe858b660002fb90d090000b800680000ba000000000f30", 0x65}], 0x1, 0x0, 0x0, 0x0)
socketpair$nbd(0x1, 0x1, 0x0, &(0x7f0000000140))
ioctl$KVM_RUN(r2, 0xae80, 0x0)

2.74807378s ago: executing program 9 (id=6699):
socketpair$unix(0x1, 0x3, 0x0, &(0x7f0000000080)={<r0=>0xffffffffffffffff, <r1=>0xffffffffffffffff})
connect$unix(r0, &(0x7f000057eff8)=@abs, 0x6e)
sendmmsg$unix(r1, &(0x7f00000bd000), 0x318, 0x0)
recvmmsg(r0, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
r2 = socket$inet(0x2, 0x4000000000000001, 0x0)
setsockopt$inet_tcp_int(r2, 0x6, 0x80000000000002, 0x0, 0x0)
r3 = syz_io_uring_setup(0x497, &(0x7f0000000180)={0x0, 0x4885, 0x100, 0x4, 0x1d}, &(0x7f0000000340)=<r4=>0x0, &(0x7f0000000600)=<r5=>0x0)
io_uring_register$IORING_REGISTER_PBUF_RING(r3, 0x16, &(0x7f0000000040)={&(0x7f0000001000)={[{0x0, 0x6, 0x3, 0xf4}]}, 0x1, 0x1}, 0x1)
syz_memcpy_off$IO_URING_METADATA_GENERIC(r4, 0x4, &(0x7f0000000080)=0xfffffffc, 0x0, 0x4)
r6 = socket$inet_mptcp(0x2, 0x1, 0x106)
syz_io_uring_submit(r4, r5, &(0x7f00000002c0)=@IORING_OP_RECV=@use_registered_buffer={0x1b, 0x20, 0x10, r6, 0x0, 0x0, 0x0, 0x12321, 0x1, {0x1}})
io_uring_enter(r3, 0x3516, 0x3000000, 0x0, 0x0, 0x0)

1.608082216s ago: executing program 3 (id=6700):
socket$inet6_mptcp(0xa, 0x1, 0x106)
epoll_create(0xff9)
socketpair$unix(0x1, 0x3, 0x0, &(0x7f0000000080)={<r0=>0xffffffffffffffff, <r1=>0xffffffffffffffff})
connect$unix(r0, &(0x7f0000000300)=@abs={0x0, 0x0, 0x4e23}, 0x6e)
sendmmsg$unix(r1, &(0x7f00000bd000), 0x318, 0x0)
recvmmsg(r0, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
r2 = syz_io_uring_setup(0x88d, &(0x7f00000005c0)={0x0, 0x1423, 0x0, 0x2, 0xbfdffffc}, &(0x7f0000000200)=<r3=>0x0, &(0x7f0000000280)=<r4=>0x0)
syz_memcpy_off$IO_URING_METADATA_GENERIC(r3, 0x4, &(0x7f0000000080)=0xfffffffc, 0x0, 0x4)
r5 = gettid()
timer_create(0x0, &(0x7f0000533fa0)={0x0, 0x21, 0x800000000004, @tid=r5}, &(0x7f0000bbdffc))
timer_settime(0x0, 0x0, &(0x7f0000000080)={{0x0, 0x989680}, {0x0, 0x989680}}, 0x0)
syz_io_uring_submit(r3, r4, &(0x7f00000002c0)=@IORING_OP_POLL_ADD={0x6, 0x11, 0x0, @fd, 0x0, 0x0, 0x0, {0x40}})
io_uring_enter(r2, 0x75fa, 0xe475, 0x0, 0x0, 0x0)

874.044733ms ago: executing program 5 (id=6701):
setsockopt$ALG_SET_KEY(0xffffffffffffffff, 0x117, 0x1, &(0x7f00000001c0)="0094", 0x2)
getsockopt$sock_buf(0xffffffffffffffff, 0x1, 0x1b, &(0x7f0000000540)=""/240, &(0x7f0000000280)=0xf0)
sendmsg$NL80211_CMD_NEW_STATION(0xffffffffffffffff, &(0x7f0000000200)={0x0, 0x0, &(0x7f0000001040)={&(0x7f0000000380)=ANY=[@ANYRES16, @ANYRES16=0x0, @ANYRES16, @ANYRES32=0x0, @ANYBLOB="b70a8bf57a55324f2cc1197a04546c"], 0x1c}, 0x1, 0x0, 0x0, 0x8090}, 0x4000004)
r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000a40), 0x40400, 0x0)
bpf$PROG_LOAD(0x5, &(0x7f0000000100)={0x17, 0x3, &(0x7f00000001c0)=ANY=[], 0x0, 0x0, 0x0, 0x0, 0x0, 0x1c, '\x00', 0x0, @cgroup_sysctl=0x12, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
r1 = openat$procfs(0xffffffffffffff9c, &(0x7f00000000c0)='/proc/partitions\x00', 0x0, 0x0)
r2 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0)
ioctl$KVM_SET_USER_MEMORY_REGION(r2, 0x4020ae46, &(0x7f0000000400)={0x0, 0x0, 0x0, 0x20002000, &(0x7f0000000000/0x2000)=nil})
r3 = ioctl$KVM_CREATE_VCPU(r2, 0xae41, 0x0)
ioctl$KVM_SET_GUEST_DEBUG(r3, 0x4048ae9b, &(0x7f0000000300)={0x70001, 0x0, [0x40000000000, 0x7, 0x6, 0x6, 0xfffffffffffffffc, 0xffff, 0x29]})
bind$inet6(r1, &(0x7f0000000240)={0xa, 0x4e22, 0x5, @rand_addr=' \x01\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x01', 0x8}, 0x1c)
ioctl$DRM_IOCTL_MODE_ADDFB(0xffffffffffffffff, 0xc01c64ae, &(0x7f00000002c0)={0x0, 0x9, 0x8b, 0x1, 0x1, 0x8})
syz_kvm_setup_cpu$x86(r2, 0xffffffffffffffff, &(0x7f0000fe8000/0x18000)=nil, &(0x7f0000000080)=[@textreal={0x8, &(0x7f0000000000)="f20f1c0166b864912c870f23c80f21f866350c0080000f23f80f01fc0f20e06635000010000f22e00f20c06635000000400f22c00f1c9700000f01c566b9a001000066b80400000066ba000000000f30c0dbb6660f3adf932700de", 0x54}], 0x1555555555555457, 0x0, 0x0, 0x0)
ioctl$KVM_RUN(r3, 0xae80, 0x0)

511.275459ms ago: executing program 7 (id=6702):
ptrace$PTRACE_SECCOMP_GET_FILTER(0x420c, 0x0, 0x7, &(0x7f0000002600)=""/4096)
openat$kvm(0xffffffffffffff9c, 0x0, 0x0, 0x0)
socket$nl_route(0x10, 0x3, 0x0)
syz_open_dev$tty1(0xc, 0x4, 0x4)
r0 = fsopen(&(0x7f00000000c0)='sysfs\x00', 0x1)
fsconfig$FSCONFIG_CMD_CREATE(r0, 0x6, 0x0, 0x0, 0x0)
r1 = fsmount(r0, 0x0, 0x1)
fchdir(r1)
prctl$PR_SET_SECCOMP(0x16, 0x2, 0x0)
capset(&(0x7f0000000100)={0x20071026}, 0x0)
socket$inet_udp(0x2, 0x2, 0x0)
bpf$BPF_PROG_WITH_BTFID_LOAD(0x5, &(0x7f0000000740)=@bpf_ext={0x1c, 0x1c, &(0x7f00000004c0)=ANY=[@ANYBLOB, @ANYRES32=r1, @ANYBLOB="0000000000000000b702000014000000b7030000000000008500000083000000bf090000000000005509010000000000950000", @ANYRES32=r1, @ANYBLOB="00000000070000000018010000786c6c2900000000002020207b1af8ff00000000bfa100000000000007010000f8ffffffb702000008000000b7030000020000008500000006000000bf9100000000edffb7020000010000008500000085000000b700"], &(0x7f0000000040)='GPL\x00', 0x1, 0x0, 0x0, 0x41100, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, &(0x7f0000000440)={0x3, 0x9, 0x9, 0x6}, 0x10, 0x2d9c1, 0xffffffffffffffff, 0x0, &(0x7f0000000680)=[r1, r1, r1, r1, 0xffffffffffffffff], &(0x7f00000006c0), 0x10, 0x2}, 0x94)
creat(&(0x7f0000000100)='./file0\x00', 0xd931d3864d39dcca)
mkdirat(0xffffffffffffff9c, &(0x7f0000002040)='./file0\x00', 0x0)

208.204881ms ago: executing program 7 (id=6703):
socket$nl_generic(0x10, 0x3, 0x10)
ioctl$KVM_SET_REGS(0xffffffffffffffff, 0x4090ae82, &(0x7f00000000c0)={[0x0, 0x400000000, 0x0, 0x7, 0x0, 0x0, 0x0, 0x1, 0x4, 0x3, 0x0, 0x0, 0x7, 0x6], 0x0, 0x2e1090})
openat$kvm(0x0, &(0x7f0000000080), 0x2382, 0x0)
ioctl$KVM_CAP_SPLIT_IRQCHIP(0xffffffffffffffff, 0x4068aea3, &(0x7f00000000c0)={0x79, 0x0, 0x119})
syz_emit_ethernet(0x46, &(0x7f0000000000)=ANY=[@ANYBLOB="aaaaaaaaaaaaffffffffffff86dd6016000000102b00fc0100000000000000e2ff0000000000fe8000000000000000000400000000aa"], 0x0)
connect$l2tp6(0xffffffffffffffff, &(0x7f0000000000)={0xa, 0x0, 0x0, @private1, 0xa}, 0x20)
r0 = openat$kvm(0xffffffffffffff9c, &(0x7f00000004c0), 0x0, 0x0)
r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0)
ioctl$KVM_SET_USER_MEMORY_REGION(r1, 0x4020ae46, &(0x7f0000000400)={0x0, 0x0, 0x0, 0x20002000, &(0x7f0000000000/0x2000)=nil})
r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0)
ioctl$KVM_RUN(r2, 0xae80, 0x0)
syz_kvm_setup_cpu$x86(0xffffffffffffffff, 0xffffffffffffffff, &(0x7f0000fe8000/0x18000)=nil, &(0x7f0000000140)=[@text32={0x20, &(0x7f0000000180)="66b80e010f00d0b0060f21a20f01c40f009b2700000066b80c008ee00f3235008000000f30b80e0000000f23d80f21f835800000a00f23f8c9b9490300000f60b932c00a00b9730200000f32328fe858b660002fb90d090000b800680000ba000000000f30", 0x65}], 0x1, 0x0, 0x0, 0x0)
socketpair$nbd(0x1, 0x1, 0x0, &(0x7f0000000140))
ioctl$KVM_RUN(r2, 0xae80, 0x0)

109.86258ms ago: executing program 5 (id=6704):
close(0xffffffffffffffff)
r0 = socket$inet(0x2, 0x4000000000000001, 0x0)
bind$inet(r0, &(0x7f0000000080)={0x2, 0x4e23, @local}, 0x10)
setsockopt$inet_tcp_TCP_CONGESTION(r0, 0x6, 0xd, &(0x7f0000000400)='dctcp\x00', 0x6)
sendto$inet(r0, 0x0, 0x0, 0x200007fd, &(0x7f0000e68000)={0x2, 0x4e23, @local}, 0x10)
setsockopt$inet_tcp_TCP_CONGESTION(r0, 0x6, 0xd, &(0x7f0000000100)='bbr\x00', 0x4)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, 0x0, 0x0)
bind$inet6(0xffffffffffffffff, 0x0, 0x0)
setsockopt$inet6_udp_int(0xffffffffffffffff, 0x11, 0xb, 0x0, 0x0)
r1 = socket$nl_route(0x10, 0x3, 0x0)
sendmsg$nl_route(r1, &(0x7f0000000200)={0x0, 0x0, &(0x7f0000000180)={&(0x7f0000000000)=@newlink={0x28, 0x10, 0x1, 0x70bd25, 0x25dfdbfd, {0x0, 0x0, 0x0, 0x0, 0x40938, 0x3}, [@IFLA_GROUP={0x8}]}, 0x28}, 0x1, 0x0, 0x0, 0x40801}, 0x4000000)
r2 = seccomp$SECCOMP_SET_MODE_FILTER_LISTENER(0x1, 0x0, &(0x7f00000000c0)={0x1, &(0x7f0000000100)=[{0x6, 0x0, 0x0, 0x7fff0006}]})
close_range(r2, 0xffffffffffffffff, 0x0)

0s ago: executing program 3 (id=6705):
r0 = syz_open_dev$evdev(&(0x7f0000000000), 0x2, 0x68000)
fcntl$setstatus(r0, 0x4, 0x2000)
openat$procfs(0xffffffffffffff9c, 0x0, 0x0, 0x0)
r1 = openat(0xffffffffffffff9c, 0x0, 0x427c2, 0x19e)
write$binfmt_script(r1, &(0x7f0000000040), 0x4)
sched_setscheduler(0x0, 0x1, 0x0)
r2 = getpid()
sched_setaffinity(0x0, 0x0, 0x0)
sched_setscheduler(r2, 0x2, 0x0)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200))
ioctl$KVM_SET_IRQCHIP(0xffffffffffffffff, 0x4020aeb2, 0x0)
r3 = syz_open_dev$evdev(&(0x7f00000000c0), 0x2, 0x862b01)
ioctl$EVIOCSFF(r3, 0x40304580, &(0x7f0000000b40)={0x56, 0x0, 0x8, {0x80c, 0x1}, {0x45, 0x400}, @rumble={0xdc, 0x8}})
write$char_usb(r3, &(0x7f0000000040)="e2", 0x2250)

kernel console output (not intermixed with test programs):

[ T8144] netdevsim netdevsim9 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0
[ 1166.456275][T23866] usb 6-1: config 0 has no interface number 0
[ 1166.463247][ T8144] netdevsim netdevsim9 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0
[ 1166.474921][T23866] usb 6-1: New USB device found, idVendor=0424, idProduct=9901, bcdDevice=c2.57
[ 1166.487629][T23866] usb 6-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[ 1166.496623][T23866] usb 6-1: Product: syz
[ 1166.502482][ T8144] netdevsim netdevsim9 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0
[ 1166.511865][T23866] usb 6-1: Manufacturer: syz
[ 1166.519754][T23866] usb 6-1: SerialNumber: syz
[ 1166.528492][T23866] usb 6-1: config 0 descriptor??
[ 1166.529539][ T8144] netdevsim netdevsim9 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0
[ 1166.554992][T23866] smsc95xx v2.0.0
[ 1167.062197][   T12] net_ratelimit: 6 callbacks suppressed
[ 1167.062219][   T12] bond0: (slave ip6gretap1): failed to get link speed/duplex
[ 1167.168904][T23866] smsc95xx 6-1:0.67 (unnamed net_device) (uninitialized): Failed to read reg index 0x00000030: -32
[ 1167.223177][T23866] smsc95xx 6-1:0.67 (unnamed net_device) (uninitialized): Error reading E2P_CMD
[ 1167.528107][T22322] bond0: (slave ip6gretap1): failed to get link speed/duplex
[ 1167.566767][ T8144] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[ 1167.624632][ T8144] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50
[ 1167.668210][   T13] bond0: (slave ip6gretap1): failed to get link speed/duplex
[ 1167.926567][   T12] bond0: (slave ip6gretap1): failed to get link speed/duplex
[ 1167.973952][   T12] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[ 1168.011277][   T12] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50
[ 1168.058315][T22317] bond0: (slave ip6gretap1): failed to get link speed/duplex
[ 1168.259020][T10628] bond0: (slave ip6gretap1): failed to get link speed/duplex
[ 1168.407476][   T36] bond0: (slave ip6gretap1): failed to get link speed/duplex
[ 1168.530646][T22317] bond0: (slave ip6gretap1): failed to get link speed/duplex
[ 1168.966585][ T5926] usb 10-1: new high-speed USB device number 36 using dummy_hcd
[ 1169.039386][T23866] smsc95xx 6-1:0.67 (unnamed net_device) (uninitialized): Failed to read reg index 0x00000038: -71
[ 1169.058773][T23866] smsc95xx 6-1:0.67: probe with driver smsc95xx failed with error -71
[ 1169.089856][T23866] usb 6-1: USB disconnect, device number 71
[ 1169.097441][T10628] bond0: (slave ip6gretap1): failed to get link speed/duplex
[ 1169.221801][ T5926] usb 10-1: New USB device found, idVendor=0424, idProduct=7850, bcdDevice= 0.00
[ 1169.234347][T10628] bond0: (slave ip6gretap1): failed to get link speed/duplex
[ 1169.252581][ T5926] usb 10-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[ 1169.275320][ T5926] usb 10-1: Product: syz
[ 1169.420192][ T5926] usb 10-1: Manufacturer: syz
[ 1169.450599][ T5926] usb 10-1: SerialNumber: syz
[ 1169.975785][T26269] netlink: 'syz.5.5915': attribute type 10 has an invalid length.
[ 1170.028208][T26269] 
: (slave wlan1): Enslaving as an active interface with an up link
[ 1171.325809][T26295] kvm_intel: set kvm_intel.dump_invalid_vmcs=1 to dump internal KVM state.
[ 1171.977623][ T5926] lan78xx 10-1:1.0 (unnamed net_device) (uninitialized): Registers INIT FAILED....
[ 1171.997150][ T5926] lan78xx 10-1:1.0 (unnamed net_device) (uninitialized): Bind routine FAILED
[ 1172.098192][ T5926] lan78xx 10-1:1.0: probe with driver lan78xx failed with error -71
[ 1172.128303][T22317] net_ratelimit: 20 callbacks suppressed
[ 1172.128324][T22317] bond0: (slave ip6gretap1): failed to get link speed/duplex
[ 1172.189510][ T5926] usb 10-1: USB disconnect, device number 36
[ 1172.360017][T26310] vlan3: entered allmulticast mode
[ 1172.366304][T26310] bond0: entered allmulticast mode
[ 1172.467487][T26310] bond_slave_0: entered allmulticast mode
[ 1172.486626][T26310] bond_slave_1: entered allmulticast mode
[ 1172.516528][T26310] bridge0: entered allmulticast mode
[ 1172.527348][   T13] bond0: (slave ip6gretap1): failed to get link speed/duplex
[ 1172.677173][   T13] bond0: (slave ip6gretap1): failed to get link speed/duplex
[ 1172.686555][ T5926] usb 6-1: new high-speed USB device number 72 using dummy_hcd
[ 1172.836691][ T2140] bond0: (slave ip6gretap1): failed to get link speed/duplex
[ 1172.945701][ T5926] usb 6-1: config 0 has an invalid interface number: 160 but max is 0
[ 1172.957098][ T2140] bond0: (slave ip6gretap1): failed to get link speed/duplex
[ 1172.964440][ T5926] usb 6-1: config 0 has no interface number 0
[ 1173.028168][ T5926] usb 6-1: New USB device found, idVendor=05ac, idProduct=8501, bcdDevice=9e.4e
[ 1173.056568][ T5926] usb 6-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[ 1173.064609][ T5926] usb 6-1: Product: syz
[ 1173.076716][   T13] bond0: (slave ip6gretap1): failed to get link speed/duplex
[ 1173.249564][ T2140] bond0: (slave ip6gretap1): failed to get link speed/duplex
[ 1173.257868][ T5926] usb 6-1: Manufacturer: syz
[ 1173.262502][ T5926] usb 6-1: SerialNumber: syz
[ 1173.303468][ T5926] usb 6-1: config 0 descriptor??
[ 1173.333306][ T5926] usb 6-1: Found UVC 0.00 device syz (05ac:8501)
[ 1173.346961][ T5926] usb 6-1: No valid video chain found.
[ 1173.406699][   T13] bond0: (slave ip6gretap1): failed to get link speed/duplex
[ 1173.554884][   T12] bond0: (slave ip6gretap1): failed to get link speed/duplex
[ 1173.573021][   T10] usb 6-1: USB disconnect, device number 72
[ 1173.729608][T10628] bond0: (slave ip6gretap1): failed to get link speed/duplex
[ 1174.786424][T17815] usb 6-1: new high-speed USB device number 73 using dummy_hcd
[ 1175.656863][T17815] usb 6-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7
[ 1175.681609][T17815] usb 6-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0
[ 1175.742485][T17815] usb 6-1: config 0 interface 0 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 21
[ 1175.756887][T17815] usb 6-1: New USB device found, idVendor=047f, idProduct=ffff, bcdDevice= 0.00
[ 1175.765993][T17815] usb 6-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[ 1175.789977][T17815] usb 6-1: config 0 descriptor??
[ 1176.256082][T17815] plantronics 0003:047F:FFFF.0045: hiddev0,hidraw0: USB HID v0.40 Device [HID 047f:ffff] on usb-dummy_hcd.5-1/input0
[ 1177.182646][T10628] net_ratelimit: 19 callbacks suppressed
[ 1177.182671][T10628] bond0: (slave ip6gretap1): failed to get link speed/duplex
[ 1177.350050][T10628] bond0: (slave ip6gretap1): failed to get link speed/duplex
[ 1177.361021][ T1301] ieee802154 phy0 wpan0: encryption failed: -22
[ 1177.361088][ T1301] ieee802154 phy1 wpan1: encryption failed: -22
[ 1177.645923][T22322] bond0: (slave ip6gretap1): failed to get link speed/duplex
[ 1177.826605][T22322] bond0: (slave ip6gretap1): failed to get link speed/duplex
[ 1177.951216][ T8144] bond0: (slave ip6gretap1): failed to get link speed/duplex
[ 1178.106458][T22322] bond0: (slave ip6gretap1): failed to get link speed/duplex
[ 1178.298141][   T12] bond0: (slave ip6gretap1): failed to get link speed/duplex
[ 1178.448036][T23866] usb 6-1: USB disconnect, device number 73
[ 1178.478367][ T8144] bond0: (slave ip6gretap1): failed to get link speed/duplex
[ 1178.596944][T22322] bond0: (slave ip6gretap1): failed to get link speed/duplex
[ 1178.748764][T22322] bond0: (slave ip6gretap1): failed to get link speed/duplex
[ 1179.446486][T23866] usb 6-1: new high-speed USB device number 74 using dummy_hcd
[ 1179.719449][T23866] usb 6-1: config 0 interface 0 altsetting 0 endpoint 0x3 has an invalid bInterval 0, changing to 7
[ 1179.740883][T23866] usb 6-1: config 0 interface 0 altsetting 0 endpoint 0x3 has invalid wMaxPacketSize 0
[ 1179.847414][T23866] usb 6-1: config 0 interface 0 altsetting 0 endpoint 0x8A has an invalid bInterval 0, changing to 7
[ 1179.899570][T23866] usb 6-1: New USB device found, idVendor=0a07, idProduct=00d0, bcdDevice=10.13
[ 1179.935142][T23866] usb 6-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[ 1179.963213][T23866] usb 6-1: Product: syz
[ 1180.006235][T23866] usb 6-1: Manufacturer: syz
[ 1180.016410][T23866] usb 6-1: SerialNumber: syz
[ 1180.042656][T23866] usb 6-1: config 0 descriptor??
[ 1180.330564][T23866] adutux 6-1:0.0: ADU208 4242424 now attached to /dev/usb/adutux0
[ 1180.626658][   T10] usb 6-1: USB disconnect, device number 74
[ 1182.204088][T22317] net_ratelimit: 22 callbacks suppressed
[ 1182.204111][T22317] bond0: (slave ip6gretap1): failed to get link speed/duplex
[ 1182.366536][   T12] bond0: (slave ip6gretap1): failed to get link speed/duplex
[ 1182.431870][ T5871] Bluetooth: hci0: unexpected cc 0x0c03 length: 249 > 1
[ 1182.454026][ T5871] Bluetooth: hci0: unexpected cc 0x1003 length: 249 > 9
[ 1182.462225][ T5871] Bluetooth: hci0: unexpected cc 0x1001 length: 249 > 9
[ 1182.477308][T10628] bond0: (slave ip6gretap1): failed to get link speed/duplex
[ 1182.485261][ T5871] Bluetooth: hci0: unexpected cc 0x0c23 length: 249 > 4
[ 1182.509607][ T5871] Bluetooth: hci0: unexpected cc 0x0c38 length: 249 > 2
[ 1182.787350][   T12] bond0: (slave ip6gretap1): failed to get link speed/duplex
[ 1182.896848][   T10] usb 10-1: new high-speed USB device number 37 using dummy_hcd
[ 1182.926610][ T2140] bond0: (slave ip6gretap1): failed to get link speed/duplex
[ 1182.988820][T26489] chnl_net:caif_netlink_parms(): no params data found
[ 1183.077113][   T10] usb 10-1: Using ep0 maxpacket: 16
[ 1183.095120][   T10] usb 10-1: New USB device found, idVendor=05d1, idProduct=2001, bcdDevice= 9.00
[ 1183.114523][   T10] usb 10-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[ 1183.130130][   T10] usb 10-1: Product: syz
[ 1183.143486][   T10] usb 10-1: Manufacturer: syz
[ 1183.160099][   T10] usb 10-1: SerialNumber: syz
[ 1183.182727][   T10] usb 10-1: config 0 descriptor??
[ 1183.205097][   T10] ftdi_sio 10-1:0.0: FTDI USB Serial Device converter detected
[ 1183.254005][   T10] usb 10-1: Detected FT232H
[ 1183.322537][T26489] bridge0: port 1(bridge_slave_0) entered blocking state
[ 1183.343577][T26489] bridge0: port 1(bridge_slave_0) entered disabled state
[ 1183.366706][T26489] bridge_slave_0: entered allmulticast mode
[ 1183.397948][T26489] bridge_slave_0: entered promiscuous mode
[ 1183.410791][   T10] ftdi_sio ttyUSB0: Unable to read latency timer: -32
[ 1183.412229][T26489] bridge0: port 2(bridge_slave_1) entered blocking state
[ 1183.446599][T26489] bridge0: port 2(bridge_slave_1) entered disabled state
[ 1183.456069][T26489] bridge_slave_1: entered allmulticast mode
[ 1183.464773][T26489] bridge_slave_1: entered promiscuous mode
[ 1183.608517][T26489] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link
[ 1183.641676][T26489] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link
[ 1183.752316][T26489] team0: Port device team_slave_0 added
[ 1183.778071][T22317] bond0: (slave ip6gretap1): failed to get link speed/duplex
[ 1183.790724][T26489] team0: Port device team_slave_1 added
[ 1183.855345][T26489] batman_adv: batadv0: Adding interface: batadv_slave_0
[ 1183.862533][T26489] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[ 1183.903268][   T10] usb 10-1: FTDI USB Serial Device converter now attached to ttyUSB0
[ 1183.912095][T26489] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active
[ 1183.938357][T26489] batman_adv: batadv0: Adding interface: batadv_slave_1
[ 1183.962484][T26489] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[ 1184.000678][T26489] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active
[ 1184.046813][   T12] bond0: (slave ip6gretap1): failed to get link speed/duplex
[ 1184.097867][T23866] usb 10-1: USB disconnect, device number 37
[ 1184.121733][T23866] ftdi_sio ttyUSB0: FTDI USB Serial Device converter now disconnected from ttyUSB0
[ 1184.154522][T23866] ftdi_sio 10-1:0.0: device disconnected
[ 1184.185313][T26489] hsr_slave_0: entered promiscuous mode
[ 1184.197568][T26489] hsr_slave_1: entered promiscuous mode
[ 1184.204019][T26489] debugfs: 'hsr0' already exists in 'hsr'
[ 1184.210245][T26489] Cannot create hsr debugfs directory
[ 1184.539088][ T8144] bond0: (slave ip6gretap1): failed to get link speed/duplex
[ 1184.556808][T23616] Bluetooth: hci0: command tx timeout
[ 1184.658090][T22317] bond0: (slave ip6gretap1): failed to get link speed/duplex
[ 1184.867199][   T12] bond0: (slave ip6gretap1): failed to get link speed/duplex
[ 1185.729764][T26489] netdevsim netdevsim3 netdevsim0: renamed from eth0
[ 1185.756020][T26489] netdevsim netdevsim3 netdevsim1: renamed from eth1
[ 1185.766477][ T5948] usb 6-1: new high-speed USB device number 75 using dummy_hcd
[ 1185.832832][T26489] netdevsim netdevsim3 netdevsim2: renamed from eth2
[ 1185.930299][T26489] netdevsim netdevsim3 netdevsim3: renamed from eth3
[ 1186.245778][ T5948] usb 6-1: New USB device found, idVendor=0cf3, idProduct=9271, bcdDevice= 1.08
[ 1186.277018][ T5948] usb 6-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[ 1186.306774][ T5948] usb 6-1: Product: syz
[ 1186.463754][ T5948] usb 6-1: Manufacturer: syz
[ 1186.581127][ T5948] usb 6-1: SerialNumber: syz
[ 1186.651489][T23616] Bluetooth: hci0: command tx timeout
[ 1186.793906][ T5948] usb 6-1: ath9k_htc: Firmware ath9k_htc/htc_9271-1.4.0.fw requested
[ 1186.962229][T24704] usb 6-1: ath9k_htc: Transferred FW: ath9k_htc/htc_9271-1.4.0.fw, size: 51008
[ 1187.326572][T22322] net_ratelimit: 6 callbacks suppressed
[ 1187.326595][T22322] bond0: (slave ip6gretap1): failed to get link speed/duplex
[ 1187.549469][T26489] 8021q: adding VLAN 0 to HW filter on device bond0
[ 1187.577463][T22322] bond0: (slave ip6gretap1): failed to get link speed/duplex
[ 1187.725171][T23866] usb 6-1: USB disconnect, device number 75
[ 1187.790198][T26489] 8021q: adding VLAN 0 to HW filter on device team0
[ 1187.848160][   T12] bridge0: port 1(bridge_slave_0) entered blocking state
[ 1187.855392][   T12] bridge0: port 1(bridge_slave_0) entered forwarding state
[ 1187.940214][T22317] bridge0: port 2(bridge_slave_1) entered blocking state
[ 1187.947483][T22317] bridge0: port 2(bridge_slave_1) entered forwarding state
[ 1188.415155][T26489] 8021q: adding VLAN 0 to HW filter on device batadv0
[ 1188.422489][T24704] usb 6-1: Service connection timeout for: 256
[ 1188.441871][T24704] ath9k_htc 6-1:1.0: ath9k_htc: Unable to initialize HTC services
[ 1188.467749][T24704] ath9k_htc: Failed to initialize the device
[ 1188.508297][T23866] usb 6-1: ath9k_htc: USB layer deinitialized
[ 1188.537058][   T12] bond0: (slave ip6gretap1): failed to get link speed/duplex
[ 1188.716667][T23616] Bluetooth: hci0: command tx timeout
[ 1188.736729][ T2140] bond0: (slave ip6gretap1): failed to get link speed/duplex
[ 1189.376788][ T5926] usb 6-1: new high-speed USB device number 76 using dummy_hcd
[ 1189.427675][T26489] veth0_vlan: entered promiscuous mode
[ 1189.537162][T10628] bond0: (slave ip6gretap1): failed to get link speed/duplex
[ 1189.626465][ T5926] usb 6-1: Using ep0 maxpacket: 8
[ 1189.674952][ T8144] bond0: (slave ip6gretap1): failed to get link speed/duplex
[ 1189.688734][ T5926] usb 6-1: config 0 has no interfaces?
[ 1189.698987][ T5926] usb 6-1: config 0 has no interfaces?
[ 1189.719238][ T5926] usb 6-1: config 0 has no interfaces?
[ 1189.736950][T26489] veth1_vlan: entered promiscuous mode
[ 1189.789443][ T5926] usb 6-1: New USB device found, idVendor=0a07, idProduct=0064, bcdDevice=40.6e
[ 1189.826498][ T5926] usb 6-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[ 1189.862590][T22317] bond0: (slave ip6gretap1): failed to get link speed/duplex
[ 1189.872420][ T5926] usb 6-1: Product: syz
[ 1189.886902][ T5926] usb 6-1: Manufacturer: syz
[ 1189.921013][ T5926] usb 6-1: SerialNumber: syz
[ 1189.938939][T26489] veth0_macvtap: entered promiscuous mode
[ 1189.987376][ T5926] usb 6-1: config 0 descriptor??
[ 1190.018329][   T30] audit: type=1326 audit(1757273756.269:349): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=26609 comm="syz.9.5982" exe="/root/syz-executor" sig=31 arch=40000003 syscall=240 compat=1 ip=0xf7f83539 code=0x0
[ 1190.019953][T26489] veth1_macvtap: entered promiscuous mode
[ 1190.160075][T26489] batman_adv: batadv0: Interface activated: batadv_slave_0
[ 1190.270033][T26489] batman_adv: batadv0: Interface activated: batadv_slave_1
[ 1190.336140][ T8144] bond0: (slave ip6gretap1): failed to get link speed/duplex
[ 1190.385337][T10628] netdevsim netdevsim3 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0
[ 1190.394500][T10628] netdevsim netdevsim3 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0
[ 1190.436085][T10628] netdevsim netdevsim3 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0
[ 1190.473268][T10628] netdevsim netdevsim3 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0
[ 1190.607528][ T2140] bond0: (slave ip6gretap1): failed to get link speed/duplex
[ 1190.736498][   T36] bond0: (slave ip6gretap1): failed to get link speed/duplex
[ 1190.807420][T23616] Bluetooth: hci0: command tx timeout
[ 1190.927641][T10628] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[ 1190.959536][T17798] usb 6-1: USB disconnect, device number 76
[ 1190.999313][T10628] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50
[ 1191.097191][   T12] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[ 1191.136791][   T12] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50
[ 1192.400120][   T12] net_ratelimit: 11 callbacks suppressed
[ 1192.400141][   T12] bond0: (slave ip6gretap1): failed to get link speed/duplex
[ 1193.010113][   T36] bond0: (slave ip6gretap1): failed to get link speed/duplex
[ 1193.146859][   T36] bond0: (slave ip6gretap1): failed to get link speed/duplex
[ 1193.381526][   T12] bond0: (slave ip6gretap1): failed to get link speed/duplex
[ 1193.522539][T22317] bond0: (slave ip6gretap1): failed to get link speed/duplex
[ 1193.678877][T22317] bond0: (slave ip6gretap1): failed to get link speed/duplex
[ 1193.776531][T26677] binder: BINDER_SET_CONTEXT_MGR already set
[ 1193.810866][T26677] binder: 26676:26677 ioctl 4018620d 800002c0 returned -16
[ 1193.850187][ T2140] bond0: (slave ip6gretap1): failed to get link speed/duplex
[ 1194.020000][T22317] bond0: (slave ip6gretap1): failed to get link speed/duplex
[ 1194.218818][   T12] bond0: (slave ip6gretap1): failed to get link speed/duplex
[ 1194.421734][   T12] bond0: (slave ip6gretap1): failed to get link speed/duplex
[ 1194.758298][T26685] kvm_intel: set kvm_intel.dump_invalid_vmcs=1 to dump internal KVM state.
[ 1197.418157][   T36] net_ratelimit: 21 callbacks suppressed
[ 1197.418175][   T36] bond0: (slave ip6gretap1): failed to get link speed/duplex
[ 1197.646564][ T2140] bond0: (slave ip6gretap1): failed to get link speed/duplex
[ 1197.780011][T22317] bond0: (slave ip6gretap1): failed to get link speed/duplex
[ 1197.916985][ T8144] bond0: (slave ip6gretap1): failed to get link speed/duplex
[ 1198.051446][ T8144] bond0: (slave ip6gretap1): failed to get link speed/duplex
[ 1198.197406][ T8144] bond0: (slave ip6gretap1): failed to get link speed/duplex
[ 1198.468865][T22317] bond0: (slave ip6gretap1): failed to get link speed/duplex
[ 1198.865017][ T8144] bond0: (slave ip6gretap1): failed to get link speed/duplex
[ 1198.997780][ T2140] bond0: (slave ip6gretap1): failed to get link speed/duplex
[ 1199.029682][T26753] pci 0000:00:05.0: vgaarb: VGA decodes changed: olddecodes=io+mem,decodes=none:owns=io+mem
[ 1199.314887][   T12] bond0: (slave ip6gretap1): failed to get link speed/duplex
[ 1199.526528][T24645] usb 6-1: new high-speed USB device number 77 using dummy_hcd
[ 1199.759898][T24645] usb 6-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config
[ 1199.846410][T24645] usb 6-1: config 0 has 0 interfaces, different from the descriptor's value: 1
[ 1199.855438][T24645] usb 6-1: New USB device found, idVendor=28bd, idProduct=0042, bcdDevice= 0.00
[ 1199.984840][T24645] usb 6-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[ 1200.175098][T24645] usb 6-1: config 0 descriptor??
[ 1200.398830][T24645] usb 6-1: string descriptor 0 read error: -71
[ 1200.471846][T24645] usb 6-1: USB disconnect, device number 77
[ 1202.450338][T26788] binder_alloc: 26787: pid 26787 spamming oneway? 1 buffers allocated for a total size of 4096
[ 1202.532870][T22317] net_ratelimit: 23 callbacks suppressed
[ 1202.532887][T22317] bond0: (slave ip6gretap1): failed to get link speed/duplex
[ 1202.707325][ T2140] bond0: (slave ip6gretap1): failed to get link speed/duplex
[ 1202.896233][ T2140] bond0: (slave ip6gretap1): failed to get link speed/duplex
[ 1203.093139][   T13] bond0: (slave ip6gretap1): failed to get link speed/duplex
[ 1203.270199][T22317] bond0: (slave ip6gretap1): failed to get link speed/duplex
[ 1203.455694][ T8144] bond0: (slave ip6gretap1): failed to get link speed/duplex
[ 1203.606516][  T194] bond0: (slave ip6gretap1): failed to get link speed/duplex
[ 1203.726530][ T8144] bond0: (slave ip6gretap1): failed to get link speed/duplex
[ 1203.939968][  T194] bond0: (slave ip6gretap1): failed to get link speed/duplex
[ 1204.088679][ T8144] bond0: (slave ip6gretap1): failed to get link speed/duplex
[ 1204.945419][T26834] loop6: detected capacity change from 0 to 63
[ 1204.965324][T26834] buffer_io_error: 1258 callbacks suppressed
[ 1204.965348][T26834] Buffer I/O error on dev loop6, logical block 0, async page read
[ 1205.000474][T26834] Buffer I/O error on dev loop6, logical block 0, async page read
[ 1205.208070][T26834] Buffer I/O error on dev loop6, logical block 0, async page read
[ 1205.234183][T26833] netlink: 4 bytes leftover after parsing attributes in process `syz.5.6029'.
[ 1205.329123][T26833] netlink: 4 bytes leftover after parsing attributes in process `syz.5.6029'.
[ 1205.401728][T26839] netlink: 4 bytes leftover after parsing attributes in process `syz.5.6029'.
[ 1205.439660][ T6013] Buffer I/O error on dev loop6, logical block 0, async page read
[ 1205.489060][ T6013] Buffer I/O error on dev loop6, logical block 0, async page read
[ 1205.542976][ T6013] Buffer I/O error on dev loop6, logical block 0, async page read
[ 1205.577641][T26834] Buffer I/O error on dev loop6, logical block 0, async page read
[ 1205.736810][T26834] Buffer I/O error on dev loop6, logical block 0, async page read
[ 1205.819012][ T6013] Buffer I/O error on dev loop6, logical block 0, async page read
[ 1205.852934][ T6013] Buffer I/O error on dev loop6, logical block 0, async page read
[ 1207.853118][ T8144] net_ratelimit: 20 callbacks suppressed
[ 1207.853136][ T8144] bond0: (slave ip6gretap1): failed to get link speed/duplex
[ 1208.026818][T22317] bond0: (slave ip6gretap1): failed to get link speed/duplex
[ 1208.216620][T22317] bond0: (slave ip6gretap1): failed to get link speed/duplex
[ 1208.368452][T10628] bond0: (slave ip6gretap1): failed to get link speed/duplex
[ 1209.133565][ T8144] bond0: (slave ip6gretap1): failed to get link speed/duplex
[ 1209.377645][  T194] bond0: (slave ip6gretap1): failed to get link speed/duplex
[ 1209.619361][T22322] bond0: (slave ip6gretap1): failed to get link speed/duplex
[ 1209.797003][T10628] bond0: (slave ip6gretap1): failed to get link speed/duplex
[ 1209.927345][T10628] bond0: (slave ip6gretap1): failed to get link speed/duplex
[ 1210.009328][T23866] usb 6-1: new high-speed USB device number 78 using dummy_hcd
[ 1210.092419][   T13] bond0: (slave ip6gretap1): failed to get link speed/duplex
[ 1210.662828][T23866] usb 6-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7
[ 1210.673993][T23866] usb 6-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0
[ 1210.690495][T23866] usb 6-1: New USB device found, idVendor=1532, idProduct=010e, bcdDevice= 0.00
[ 1210.713953][T23866] usb 6-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[ 1210.734784][T23866] usb 6-1: config 0 descriptor??
[ 1210.917002][T26910] bridge0: port 2(bridge_slave_1) entered disabled state
[ 1210.924304][T26910] bridge0: port 1(bridge_slave_0) entered disabled state
[ 1211.753592][T26910] batman_adv: batadv0: Interface deactivated: batadv_slave_0
[ 1211.771071][T26924] netlink: 64 bytes leftover after parsing attributes in process `syz.7.6047'.
[ 1211.781710][T26924] netlink: 60 bytes leftover after parsing attributes in process `syz.7.6047'.
[ 1211.800853][T26910] batman_adv: batadv0: Interface deactivated: batadv_slave_1
[ 1211.811401][T26924] unsupported nlmsg_type 40
[ 1211.875602][T23866] razer 0003:1532:010E.0046: hidraw0: USB HID v0.00 Device [HID 1532:010e] on usb-dummy_hcd.5-1/input0
[ 1212.102549][ T5948] usb 6-1: USB disconnect, device number 78
[ 1212.336013][T26923] syz_tun: entered allmulticast mode
[ 1212.343150][   T12] netdevsim netdevsim4 netdevsim0: unset [1, 0] type 2 family 0 port 6081 - 0
[ 1212.368487][   T12] netdevsim netdevsim4 netdevsim1: unset [1, 0] type 2 family 0 port 6081 - 0
[ 1212.420829][   T12] netdevsim netdevsim4 netdevsim2: unset [1, 0] type 2 family 0 port 6081 - 0
[ 1212.462638][   T12] netdevsim netdevsim4 netdevsim3: unset [1, 0] type 2 family 0 port 6081 - 0
[ 1212.535035][T26942] netlink: 4 bytes leftover after parsing attributes in process `syz.4.6050'.
[ 1212.576069][T26942] netlink: 4 bytes leftover after parsing attributes in process `syz.4.6050'.
[ 1212.594458][T26942] netlink: 4 bytes leftover after parsing attributes in process `syz.4.6050'.
[ 1213.006419][ T8144] net_ratelimit: 2 callbacks suppressed
[ 1213.006437][ T8144] bond0: (slave ip6gretap1): failed to get link speed/duplex
[ 1213.158489][ T8144] bond0: (slave ip6gretap1): failed to get link speed/duplex
[ 1213.186442][ T5926] usb 10-1: new high-speed USB device number 38 using dummy_hcd
[ 1213.895076][ T5926] usb 10-1: config 1 has too many interfaces: 66, using maximum allowed: 32
[ 1213.914144][ T5926] usb 10-1: config 1 has an invalid descriptor of length 55, skipping remainder of the config
[ 1213.942230][ T5926] usb 10-1: config 1 has 1 interface, different from the descriptor's value: 66
[ 1213.954143][ T5926] usb 10-1: config 1 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 55, changing to 9
[ 1213.988740][ T5926] usb 10-1: config 1 interface 0 altsetting 0 endpoint 0x81 has invalid maxpacket 8496, setting to 1024
[ 1214.020813][  T194] bond0: (slave ip6gretap1): failed to get link speed/duplex
[ 1214.026446][ T5926] usb 10-1: New USB device found, idVendor=7d25, idProduct=a415, bcdDevice= 0.40
[ 1214.046353][ T5926] usb 10-1: New USB device strings: Mfr=1, Product=4, SerialNumber=0
[ 1214.150009][ T5926] usb 10-1: Product: syz
[ 1214.200544][ T5926] usb 10-1: Manufacturer: syz
[ 1214.206788][  T194] bond0: (slave ip6gretap1): failed to get link speed/duplex
[ 1214.230796][ T5926] cdc_wdm 10-1:1.0: skipping garbage
[ 1214.238190][ T5926] cdc_wdm 10-1:1.0: skipping garbage
[ 1214.247251][ T5926] cdc_wdm 10-1:1.0: cdc-wdm0: USB WDM device
[ 1214.253285][ T5926] cdc_wdm 10-1:1.0: Unknown control protocol
[ 1214.316790][  T194] bond0: (slave ip6gretap1): failed to get link speed/duplex
[ 1214.450664][T22317] bond0: (slave ip6gretap1): failed to get link speed/duplex
[ 1214.563608][    C1] wdm_int_callback: 9019 callbacks suppressed
[ 1214.563635][    C1] cdc_wdm 10-1:1.0: nonzero urb status received: -71
[ 1214.564126][T24645] usb 10-1: USB disconnect, device number 38
[ 1214.569748][    C1] wdm_int_callback: 9019 callbacks suppressed
[ 1214.569769][    C1] cdc_wdm 10-1:1.0: wdm_int_callback - 0 bytes
[ 1214.569789][    C1] cdc_wdm 10-1:1.0: wdm_int_callback - usb_submit_urb failed with result -19
[ 1214.575853][T26956] cdc_wdm 10-1:1.0: Tx URB error: -19
[ 1214.577078][T22317] bond0: (slave ip6gretap1): failed to get link speed/duplex
[ 1214.786615][   T12] bond0: (slave ip6gretap1): failed to get link speed/duplex
[ 1214.907897][T22317] bond0: (slave ip6gretap1): failed to get link speed/duplex
[ 1215.016584][ T8144] bond0: (slave ip6gretap1): failed to get link speed/duplex
[ 1215.191065][T26988] bridge10: entered allmulticast mode
[ 1215.428691][T26996] netlink: 24 bytes leftover after parsing attributes in process `syz.5.6060'.
[ 1215.673107][T26959] syz.3.6055: vmalloc error: size 6291456, failed to allocated page array size 12288, mode:0x400dc2(GFP_KERNEL_ACCOUNT|__GFP_HIGHMEM|__GFP_ZERO), nodemask=(null),cpuset=/,mems_allowed=0-1
[ 1215.839776][T26959] CPU: 1 UID: 0 PID: 26959 Comm: syz.3.6055 Not tainted syzkaller #0 PREEMPT(full) 
[ 1215.839810][T26959] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 07/12/2025
[ 1215.839832][T26959] Call Trace:
[ 1215.839843][T26959]  <TASK>
[ 1215.839853][T26959]  dump_stack_lvl+0x189/0x250
[ 1215.839892][T26959]  ? __pfx_dump_stack_lvl+0x10/0x10
[ 1215.839919][T26959]  ? __pfx__printk+0x10/0x10
[ 1215.839961][T26959]  ? cpuset_print_current_mems_allowed+0x1f/0x360
[ 1215.839989][T26959]  ? cpuset_print_current_mems_allowed+0x1f/0x360
[ 1215.840018][T26959]  ? cpuset_print_current_mems_allowed+0x2ee/0x360
[ 1215.840048][T26959]  warn_alloc+0x214/0x310
[ 1215.840089][T26959]  ? __pfx_warn_alloc+0x10/0x10
[ 1215.840134][T26959]  ? __get_vm_area_node+0x28f/0x300
[ 1215.840166][T26959]  ? hash_netport4_resize+0x235/0x1b60
[ 1215.840207][T26959]  __vmalloc_node_range_noprof+0x67e/0x12f0
[ 1215.840273][T26959]  ? __pfx___vmalloc_node_range_noprof+0x10/0x10
[ 1215.840314][T26959]  ? rcu_is_watching+0x15/0xb0
[ 1215.840338][T26959]  ? hash_netport4_resize+0x235/0x1b60
[ 1215.840365][T26959]  ? hash_netport4_resize+0x235/0x1b60
[ 1215.840390][T26959]  __kvmalloc_node_noprof+0x3b8/0x5f0
[ 1215.840423][T26959]  ? hash_netport4_resize+0x235/0x1b60
[ 1215.840460][T26959]  hash_netport4_resize+0x235/0x1b60
[ 1215.840487][T26959]  ? hash_netport4_uadt+0xc97/0xf30
[ 1215.840521][T26959]  ? __pfx_hash_netport4_add+0x10/0x10
[ 1215.840548][T26959]  ? __pfx_hash_netport4_uadt+0x10/0x10
[ 1215.840586][T26959]  ? __pfx___local_bh_enable_ip+0x10/0x10
[ 1215.840622][T26959]  call_ad+0x44e/0xb00
[ 1215.840666][T26959]  ? __pfx_call_ad+0x10/0x10
[ 1215.840715][T26959]  ? __nla_parse+0x40/0x60
[ 1215.840743][T26959]  ip_set_ad+0x791/0x930
[ 1215.840786][T26959]  ? __pfx_ip_set_ad+0x10/0x10
[ 1215.840860][T26959]  nfnetlink_rcv_msg+0xb4a/0x1130
[ 1215.840891][T26959]  ? nfnetlink_rcv_msg+0x20d/0x1130
[ 1215.840933][T26959]  ? __pfx_nfnetlink_rcv_msg+0x10/0x10
[ 1215.840957][T26959]  ? kasan_save_free_info+0x46/0x50
[ 1215.841015][T26959]  netlink_rcv_skb+0x205/0x470
[ 1215.841034][T26959]  ? __pfx_nfnetlink_rcv_msg+0x10/0x10
[ 1215.841061][T26959]  ? __pfx_netlink_rcv_skb+0x10/0x10
[ 1215.841088][T26959]  ? bpf_lsm_capable+0x9/0x20
[ 1215.841111][T26959]  ? security_capable+0x7e/0x2e0
[ 1215.841145][T26959]  nfnetlink_rcv+0x26a/0x2520
[ 1215.841173][T26959]  ? __dev_queue_xmit+0x1d79/0x3b50
[ 1215.841222][T26959]  ? __dev_queue_xmit+0x27b/0x3b50
[ 1215.841254][T26959]  ? __pfx_nfnetlink_rcv+0x10/0x10
[ 1215.841278][T26959]  ? __pfx___dev_queue_xmit+0x10/0x10
[ 1215.841311][T26959]  ? ref_tracker_free+0x63a/0x7d0
[ 1215.841327][T26959]  ? __asan_memcpy+0x40/0x70
[ 1215.841346][T26959]  ? __pfx_ref_tracker_free+0x10/0x10
[ 1215.841374][T26959]  ? skb_clone+0x246/0x3a0
[ 1215.841399][T26959]  ? __netlink_deliver_tap+0x807/0x850
[ 1215.841416][T26959]  ? netlink_deliver_tap+0x2e/0x1b0
[ 1215.841438][T26959]  ? netlink_deliver_tap+0x2e/0x1b0
[ 1215.841463][T26959]  netlink_unicast+0x82c/0x9e0
[ 1215.841499][T26959]  ? __pfx_netlink_unicast+0x10/0x10
[ 1215.841526][T26959]  ? netlink_sendmsg+0x642/0xb30
[ 1215.841542][T26959]  ? skb_put+0x11b/0x210
[ 1215.841564][T26959]  netlink_sendmsg+0x805/0xb30
[ 1215.841589][T26959]  ? __pfx_netlink_sendmsg+0x10/0x10
[ 1215.841609][T26959]  ? __import_iovec+0x5d4/0x7f0
[ 1215.841629][T26959]  ? aa_sock_msg_perm+0xf1/0x1d0
[ 1215.841647][T26959]  ? bpf_lsm_socket_sendmsg+0x9/0x20
[ 1215.841665][T26959]  ? __pfx_netlink_sendmsg+0x10/0x10
[ 1215.841683][T26959]  __sock_sendmsg+0x21c/0x270
[ 1215.841711][T26959]  ____sys_sendmsg+0x505/0x830
[ 1215.841737][T26959]  ? __pfx_____sys_sendmsg+0x10/0x10
[ 1215.841764][T26959]  ? __pfx_futex_wake_mark+0x10/0x10
[ 1215.841794][T26959]  ___sys_sendmsg+0x21f/0x2a0
[ 1215.841816][T26959]  ? __pfx____sys_sendmsg+0x10/0x10
[ 1215.841866][T26959]  ? __fget_files+0x2a/0x420
[ 1215.841879][T26959]  ? __fget_files+0x3a0/0x420
[ 1215.841904][T26959]  __sys_sendmsg+0x164/0x220
[ 1215.841926][T26959]  ? __pfx___sys_sendmsg+0x10/0x10
[ 1215.841960][T26959]  ? lockdep_hardirqs_on+0x9c/0x150
[ 1215.841979][T26959]  __do_fast_syscall_32+0xb6/0x2b0
[ 1215.841998][T26959]  ? lockdep_hardirqs_on+0x9c/0x150
[ 1215.842018][T26959]  do_fast_syscall_32+0x34/0x80
[ 1215.842036][T26959]  entry_SYSENTER_compat_after_hwframe+0x84/0x8e
[ 1215.842062][T26959] RIP: 0023:0xf705e539
[ 1215.842084][T26959] Code: 03 74 b4 01 10 07 03 74 b0 01 10 08 03 74 d8 01 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 51 52 55 89 e5 0f 34 cd 80 <5d> 5a 59 c3 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90
[ 1215.842100][T26959] RSP: 002b:00000000f544e55c EFLAGS: 00000206 ORIG_RAX: 0000000000000172
[ 1215.842118][T26959] RAX: ffffffffffffffda RBX: 0000000000000005 RCX: 00000000800002c0
[ 1215.842130][T26959] RDX: 0000000000000080 RSI: 0000000000000000 RDI: 0000000000000000
[ 1215.842141][T26959] RBP: 0000000000000000 R08: 0000000000000000 R09: 0000000000000000
[ 1215.842150][T26959] R10: 0000000000000000 R11: 0000000000000206 R12: 0000000000000000
[ 1215.842160][T26959] R13: 0000000000000000 R14: 0000000000000000 R15: 0000000000000000
[ 1215.842184][T26959]  </TASK>
[ 1216.343103][T26959] Mem-Info:
[ 1216.346438][T26959] active_anon:8425 inactive_anon:0 isolated_anon:0
[ 1216.346438][T26959]  active_file:12873 inactive_file:40342 isolated_file:0
[ 1216.346438][T26959]  unevictable:768 dirty:281 writeback:0
[ 1216.346438][T26959]  slab_reclaimable:8029 slab_unreclaimable:111380
[ 1216.346438][T26959]  mapped:35722 shmem:1373 pagetables:1879
[ 1216.346438][T26959]  sec_pagetables:0 bounce:0
[ 1216.346438][T26959]  kernel_misc_reclaimable:0
[ 1216.346438][T26959]  free:1286338 free_pcp:17521 free_cma:0
[ 1216.391865][T26959] Node 0 active_anon:33700kB inactive_anon:0kB active_file:51460kB inactive_file:161164kB unevictable:1536kB isolated(anon):0kB isolated(file):0kB mapped:142856kB dirty:1124kB writeback:0kB shmem:3956kB shmem_thp:0kB shmem_pmdmapped:0kB anon_thp:0kB kernel_stack:14204kB pagetables:7328kB sec_pagetables:0kB all_unreclaimable? no Balloon:0kB
[ 1216.424786][T26959] Node 1 active_anon:0kB inactive_anon:0kB active_file:32kB inactive_file:204kB unevictable:1536kB isolated(anon):0kB isolated(file):0kB mapped:32kB dirty:0kB writeback:0kB shmem:1536kB shmem_thp:0kB shmem_pmdmapped:0kB anon_thp:0kB kernel_stack:48kB pagetables:188kB sec_pagetables:0kB all_unreclaimable? no Balloon:0kB
[ 1216.456201][T26959] Node 0 DMA free:15360kB boost:0kB min:204kB low:252kB high:300kB reserved_highatomic:0KB free_highatomic:0KB active_anon:0kB inactive_anon:0kB active_file:0kB inactive_file:0kB unevictable:0kB writepending:0kB present:15992kB managed:15360kB mlocked:0kB bounce:0kB free_pcp:0kB local_pcp:0kB free_cma:0kB
[ 1216.485910][T26959] lowmem_reserve[]: 0 2497 2499 2499 2499
[ 1216.492183][T26959] Node 0 DMA32 free:1253096kB boost:0kB min:34248kB low:42808kB high:51368kB reserved_highatomic:0KB free_highatomic:0KB active_anon:33752kB inactive_anon:0kB active_file:51460kB inactive_file:159588kB unevictable:1536kB writepending:1124kB present:3129332kB managed:2557428kB mlocked:0kB bounce:0kB free_pcp:36508kB local_pcp:17640kB free_cma:0kB
[ 1216.525344][T26959] lowmem_reserve[]: 0 0 1 1 1
[ 1216.530773][T26959] Node 0 Normal free:12kB boost:0kB min:20kB low:24kB high:28kB reserved_highatomic:0KB free_highatomic:0KB active_anon:48kB inactive_anon:0kB active_file:0kB inactive_file:1576kB unevictable:0kB writepending:0kB present:1048580kB managed:1644kB mlocked:0kB bounce:0kB free_pcp:8kB local_pcp:8kB free_cma:0kB
[ 1216.559952][T26959] lowmem_reserve[]: 0 0 0 0 0
[ 1216.564803][T26959] Node 1 Normal free:3876884kB boost:0kB min:55632kB low:69540kB high:83448kB reserved_highatomic:0KB free_highatomic:0KB active_anon:0kB inactive_anon:0kB active_file:32kB inactive_file:204kB unevictable:1536kB writepending:0kB present:4194300kB managed:4111100kB mlocked:0kB bounce:0kB free_pcp:33744kB local_pcp:9056kB free_cma:0kB
[ 1216.596260][T26959] lowmem_reserve[]: 0 0 0 0 0
[ 1216.601781][T26959] Node 0 DMA: 0*4kB 0*8kB 0*16kB 0*32kB 0*64kB 0*128kB 0*256kB 0*512kB 1*1024kB (U) 1*2048kB (M) 3*4096kB (M) = 15360kB
[ 1216.615187][T26959] Node 0 DMA32: 1468*4kB (UME) 591*8kB (UME) 336*16kB (UME) 254*32kB (UME) 149*64kB (UME) 135*128kB (UME) 112*256kB (UME) 44*512kB (UME) 20*1024kB (UME) 2*2048kB (ME) 275*4096kB (UM) = 1253096kB
[ 1216.634866][T26959] Node 0 Normal: 1*4kB (M) 1*8kB (M) 0*16kB 0*32kB 0*64kB 0*128kB 0*256kB 0*512kB 0*1024kB 0*2048kB 0*4096kB = 12kB
[ 1216.647506][T26959] Node 1 Normal: 217*4kB (UM) 58*8kB (UME) 56*16kB (UME) 171*32kB (UE) 66*64kB (UME) 9*128kB (UME) 3*256kB (UM) 5*512kB (UME) 4*1024kB (UME) 3*2048kB (ME) 940*4096kB (UM) = 3876884kB
[ 1216.666030][T26959] Node 0 hugepages_total=0 hugepages_free=0 hugepages_surp=0 hugepages_size=1048576kB
[ 1216.675693][T26959] Node 0 hugepages_total=3 hugepages_free=3 hugepages_surp=0 hugepages_size=2048kB
[ 1216.685085][T26959] Node 1 hugepages_total=0 hugepages_free=0 hugepages_surp=0 hugepages_size=1048576kB
[ 1216.694714][T26959] Node 1 hugepages_total=1 hugepages_free=1 hugepages_surp=0 hugepages_size=2048kB
[ 1216.704491][T26959] 54584 total pagecache pages
[ 1216.709618][T26959] 0 pages in swap cache
[ 1216.713818][T26959] Free swap  = 124996kB
[ 1216.718072][T26959] Total swap = 124996kB
[ 1216.722267][T26959] 2097051 pages RAM
[ 1216.726103][T26959] 0 pages HighMem/MovableOnly
[ 1216.730851][T26959] 425668 pages reserved
[ 1216.735052][T26959] 0 pages cma reserved
[ 1218.082231][T22317] net_ratelimit: 15 callbacks suppressed
[ 1218.082254][T22317] bond0: (slave ip6gretap1): failed to get link speed/duplex
[ 1218.208261][T22317] bond0: (slave ip6gretap1): failed to get link speed/duplex
[ 1218.405437][ T2140] bond0: (slave ip6gretap1): failed to get link speed/duplex
[ 1218.580139][  T194] bond0: (slave ip6gretap1): failed to get link speed/duplex
[ 1218.754523][ T8144] bond0: (slave ip6gretap1): failed to get link speed/duplex
[ 1218.979608][  T194] bond0: (slave ip6gretap1): failed to get link speed/duplex
[ 1219.131221][  T194] bond0: (slave ip6gretap1): failed to get link speed/duplex
[ 1219.445707][T22317] bond0: (slave ip6gretap1): failed to get link speed/duplex
[ 1219.481350][T27042] netlink: 8 bytes leftover after parsing attributes in process `syz.3.6070'.
[ 1219.519908][T27042] netlink: 8 bytes leftover after parsing attributes in process `syz.3.6070'.
[ 1219.582445][T27042] netlink: 8 bytes leftover after parsing attributes in process `syz.3.6070'.
[ 1219.607214][   T12] bond0: (slave ip6gretap1): failed to get link speed/duplex
[ 1219.878601][T10628] bond0: (slave ip6gretap1): failed to get link speed/duplex
[ 1223.091214][T27114] loop6: detected capacity change from 0 to 63
[ 1223.107644][  T194] net_ratelimit: 21 callbacks suppressed
[ 1223.107660][  T194] bond0: (slave ip6gretap1): failed to get link speed/duplex
[ 1223.837740][T27114] buffer_io_error: 836 callbacks suppressed
[ 1223.837764][T27114] Buffer I/O error on dev loop6, logical block 0, async page read
[ 1224.069796][T13941] Buffer I/O error on dev loop6, logical block 0, async page read
[ 1224.100197][T13941] Buffer I/O error on dev loop6, logical block 0, async page read
[ 1224.151924][T13941] Buffer I/O error on dev loop6, logical block 0, async page read
[ 1224.197796][T13941] Buffer I/O error on dev loop6, logical block 0, async page read
[ 1224.216971][   T36] bond0: (slave ip6gretap1): failed to get link speed/duplex
[ 1224.226835][T27114] Buffer I/O error on dev loop6, logical block 0, async page read
[ 1224.257151][T13941] Buffer I/O error on dev loop6, logical block 0, async page read
[ 1224.341086][T27114] Buffer I/O error on dev loop6, logical block 0, async page read
[ 1224.358458][T27121] Freezing with imperfect legacy cgroup freezer. See cgroup.freeze of cgroup v2
[ 1224.378184][T10628] bond0: (slave ip6gretap1): failed to get link speed/duplex
[ 1224.410721][T27114] Buffer I/O error on dev loop6, logical block 0, async page read
[ 1224.447550][T27114] Buffer I/O error on dev loop6, logical block 0, async page read
[ 1224.611563][  T194] bond0: (slave ip6gretap1): failed to get link speed/duplex
[ 1224.760939][   T13] bond0: (slave ip6gretap1): failed to get link speed/duplex
[ 1224.876536][   T13] bond0: (slave ip6gretap1): failed to get link speed/duplex
[ 1225.035328][ T8144] bond0: (slave ip6gretap1): failed to get link speed/duplex
[ 1225.186706][   T13] bond0: (slave ip6gretap1): failed to get link speed/duplex
[ 1225.336428][   T36] bond0: (slave ip6gretap1): failed to get link speed/duplex
[ 1226.155460][   T13] bond0: (slave ip6gretap1): failed to get link speed/duplex
[ 1228.167790][  T194] net_ratelimit: 9 callbacks suppressed
[ 1228.167811][  T194] bond0: (slave ip6gretap1): failed to get link speed/duplex
[ 1228.410880][  T194] bond0: (slave ip6gretap1): failed to get link speed/duplex
[ 1228.589447][T10628] bond0: (slave ip6gretap1): failed to get link speed/duplex
[ 1228.968978][T22317] bond0: (slave ip6gretap1): failed to get link speed/duplex
[ 1229.126582][  T194] bond0: (slave ip6gretap1): failed to get link speed/duplex
[ 1229.236409][  T194] bond0: (slave ip6gretap1): failed to get link speed/duplex
[ 1229.383547][  T194] bond0: (slave ip6gretap1): failed to get link speed/duplex
[ 1229.536443][   T12] bond0: (slave ip6gretap1): failed to get link speed/duplex
[ 1229.680631][  T194] bond0: (slave ip6gretap1): failed to get link speed/duplex
[ 1229.898307][  T194] bond0: (slave ip6gretap1): failed to get link speed/duplex
[ 1232.967641][T27225] loop6: detected capacity change from 0 to 63
[ 1233.029742][ T6013] buffer_io_error: 849 callbacks suppressed
[ 1233.029763][ T6013] Buffer I/O error on dev loop6, logical block 0, async page read
[ 1233.116458][ T6013] Buffer I/O error on dev loop6, logical block 0, async page read
[ 1233.125095][T27225] Buffer I/O error on dev loop6, logical block 0, async page read
[ 1233.133755][T27225] Buffer I/O error on dev loop6, logical block 0, async page read
[ 1233.142513][T27225] Buffer I/O error on dev loop6, logical block 0, async page read
[ 1233.151106][T27225] Buffer I/O error on dev loop6, logical block 0, async page read
[ 1233.159746][T27225] Buffer I/O error on dev loop6, logical block 0, async page read
[ 1233.168846][T27225] Buffer I/O error on dev loop6, logical block 0, async page read
[ 1233.177480][T27225] Buffer I/O error on dev loop6, logical block 0, async page read
[ 1233.186065][T27225] Buffer I/O error on dev loop6, logical block 0, async page read
[ 1233.347092][   T36] net_ratelimit: 18 callbacks suppressed
[ 1233.347113][   T36] bond0: (slave ip6gretap1): failed to get link speed/duplex
[ 1233.550935][T22317] bond0: (slave ip6gretap1): failed to get link speed/duplex
[ 1233.727354][   T13] bond0: (slave ip6gretap1): failed to get link speed/duplex
[ 1233.876558][   T36] bond0: (slave ip6gretap1): failed to get link speed/duplex
[ 1234.056657][   T13] bond0: (slave ip6gretap1): failed to get link speed/duplex
[ 1234.218601][T22317] bond0: (slave ip6gretap1): failed to get link speed/duplex
[ 1234.332330][T27244] binder: transaction release 378 bad handle 1, ret = -22
[ 1234.357019][   T13] bond0: (slave ip6gretap1): failed to get link speed/duplex
[ 1234.526537][   T13] bond0: (slave ip6gretap1): failed to get link speed/duplex
[ 1235.168677][T22317] bond0: (slave ip6gretap1): failed to get link speed/duplex
[ 1235.276687][ T8144] bond0: (slave ip6gretap1): failed to get link speed/duplex
[ 1235.573233][T27260] binder_alloc: 27259: binder_alloc_buf size -624 failed, no address space
[ 1235.626625][T27260] binder_alloc: allocated: 16 (num: 2 largest: 8), free: 8176 (num: 1 largest: 8176)
[ 1236.426229][T27272] netlink: 4 bytes leftover after parsing attributes in process `syz.4.6118'.
[ 1236.515581][T17815] usb 6-1: new high-speed USB device number 79 using dummy_hcd
[ 1236.686490][T17815] usb 6-1: Using ep0 maxpacket: 16
[ 1236.694098][T17815] usb 6-1: config 0 has an invalid interface number: 255 but max is 0
[ 1236.770826][T17815] usb 6-1: config 0 has no interface number 0
[ 1236.803289][T17815] usb 6-1: config 0 interface 255 altsetting 0 bulk endpoint 0x4 has invalid maxpacket 16
[ 1236.852598][T17815] usb 6-1: config 0 interface 255 altsetting 0 endpoint 0x82 has invalid maxpacket 4672, setting to 1024
[ 1236.944682][T17815] usb 6-1: config 0 interface 255 altsetting 0 bulk endpoint 0x82 has invalid maxpacket 1024
[ 1237.034884][T17815] usb 6-1: New USB device found, idVendor=2001, idProduct=1a02, bcdDevice=bb.ee
[ 1237.103287][T17815] usb 6-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[ 1237.144604][T17815] usb 6-1: Product: syz
[ 1237.156626][T17815] usb 6-1: Manufacturer: syz
[ 1237.161283][T17815] usb 6-1: SerialNumber: syz
[ 1237.227659][T17815] usb 6-1: config 0 descriptor??
[ 1237.255463][T27269] raw-gadget.0 gadget.5: fail, usb_ep_enable returned -22
[ 1237.291587][T27269] raw-gadget.0 gadget.5: fail, usb_ep_enable returned -22
[ 1237.476530][T24645] usb 10-1: new high-speed USB device number 39 using dummy_hcd
[ 1237.582358][T27269] raw-gadget.0 gadget.5: fail, usb_ep_enable returned -22
[ 1237.641612][T27269] raw-gadget.0 gadget.5: fail, usb_ep_enable returned -22
[ 1237.734351][T24645] usb 10-1: Using ep0 maxpacket: 32
[ 1237.763362][T24645] usb 10-1: New USB device found, idVendor=05a9, idProduct=1550, bcdDevice=e4.bb
[ 1237.802036][T24645] usb 10-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[ 1237.842088][T24645] usb 10-1: Product: syz
[ 1237.885659][T24645] usb 10-1: Manufacturer: syz
[ 1237.890913][T17815] asix 6-1:0.255 (unnamed net_device) (uninitialized): Failed to read reg index 0x0000: -71
[ 1237.903314][T24645] usb 10-1: SerialNumber: syz
[ 1237.931293][T24645] usb 10-1: config 0 descriptor??
[ 1237.956077][T24645] gspca_main: ov534_9-2.14.0 probing 05a9:1550
[ 1237.960565][T17815] asix 6-1:0.255: probe with driver asix failed with error -71
[ 1238.014309][T17815] usb 6-1: USB disconnect, device number 79
[ 1238.306871][   T10] usb 4-1: new high-speed USB device number 39 using dummy_hcd
[ 1238.367748][   T13] net_ratelimit: 22 callbacks suppressed
[ 1238.367790][   T13] bond0: (slave ip6gretap1): failed to get link speed/duplex
[ 1238.468766][   T10] usb 4-1: config 1 has too many interfaces: 66, using maximum allowed: 32
[ 1238.496615][   T10] usb 4-1: config 1 has an invalid descriptor of length 55, skipping remainder of the config
[ 1238.517786][T22317] bond0: (slave ip6gretap1): failed to get link speed/duplex
[ 1238.546068][   T10] usb 4-1: config 1 has 1 interface, different from the descriptor's value: 66
[ 1238.572804][   T10] usb 4-1: config 1 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 55, changing to 9
[ 1238.606478][   T10] usb 4-1: config 1 interface 0 altsetting 0 endpoint 0x81 has invalid maxpacket 8496, setting to 1024
[ 1238.637627][   T10] usb 4-1: New USB device found, idVendor=7d25, idProduct=a415, bcdDevice= 0.40
[ 1238.647089][   T10] usb 4-1: New USB device strings: Mfr=1, Product=4, SerialNumber=0
[ 1238.658013][T22317] bond0: (slave ip6gretap1): failed to get link speed/duplex
[ 1238.816009][   T10] usb 4-1: Product: syz
[ 1238.822032][ T1301] ieee802154 phy0 wpan0: encryption failed: -22
[ 1238.829029][ T1301] ieee802154 phy1 wpan1: encryption failed: -22
[ 1238.831957][   T10] usb 4-1: Manufacturer: syz
[ 1238.843359][T22317] bond0: (slave ip6gretap1): failed to get link speed/duplex
[ 1238.875174][   T10] cdc_wdm 4-1:1.0: skipping garbage
[ 1238.887455][   T10] cdc_wdm 4-1:1.0: skipping garbage
[ 1238.912281][   T10] cdc_wdm 4-1:1.0: cdc-wdm0: USB WDM device
[ 1238.928699][   T10] cdc_wdm 4-1:1.0: Unknown control protocol
[ 1238.978590][   T12] bond0: (slave ip6gretap1): failed to get link speed/duplex
[ 1239.126653][T22317] bond0: (slave ip6gretap1): failed to get link speed/duplex
[ 1239.255596][    C1] cdc_wdm 4-1:1.0: nonzero urb status received: -71
[ 1239.262349][    C1] cdc_wdm 4-1:1.0: wdm_int_callback - 0 bytes
[ 1239.270438][    C1] cdc_wdm 4-1:1.0: nonzero urb status received: -71
[ 1239.277071][    C1] cdc_wdm 4-1:1.0: wdm_int_callback - 0 bytes
[ 1239.284715][    C1] cdc_wdm 4-1:1.0: nonzero urb status received: -71
[ 1239.291343][    C1] cdc_wdm 4-1:1.0: wdm_int_callback - 0 bytes
[ 1239.298002][    C1] cdc_wdm 4-1:1.0: nonzero urb status received: -71
[ 1239.304645][    C1] cdc_wdm 4-1:1.0: wdm_int_callback - 0 bytes
[ 1239.306928][T22317] bond0: (slave ip6gretap1): failed to get link speed/duplex
[ 1239.311360][T17815] usb 4-1: USB disconnect, device number 39
[ 1239.318228][    C1] cdc_wdm 4-1:1.0: nonzero urb status received: -71
[ 1239.318252][    C1] cdc_wdm 4-1:1.0: wdm_int_callback - 0 bytes
[ 1239.318269][    C1] cdc_wdm 4-1:1.0: wdm_int_callback - usb_submit_urb failed with result -19
[ 1239.651173][ T8144] bond0: (slave ip6gretap1): failed to get link speed/duplex
[ 1239.766517][   T36] bond0: (slave ip6gretap1): failed to get link speed/duplex
[ 1239.917893][ T8144] bond0: (slave ip6gretap1): failed to get link speed/duplex
[ 1240.020794][T24645] gspca_ov534_9: sccb_read failed 1
[ 1240.499966][T24645] gspca_ov534_9: reg_r err -71
[ 1240.676569][T24645] gspca_ov534_9: Unknown sensor 0000
[ 1240.676684][T24645] ov534_9 10-1:0.0: probe with driver ov534_9 failed with error -22
[ 1240.734158][T24645] usb 10-1: USB disconnect, device number 39
[ 1242.126976][   T30] audit: type=1326 audit(1757273808.399:350): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=27364 comm="syz.7.6147" exe="/root/syz-executor" sig=0 arch=40000003 syscall=240 compat=1 ip=0xf7f74539 code=0x7ffc0000
[ 1242.184428][   T30] audit: type=1326 audit(1757273808.399:351): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=27364 comm="syz.7.6147" exe="/root/syz-executor" sig=0 arch=40000003 syscall=240 compat=1 ip=0xf7f74539 code=0x7ffc0000
[ 1242.252836][   T30] audit: type=1326 audit(1757273808.409:352): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=27364 comm="syz.7.6147" exe="/root/syz-executor" sig=0 arch=40000003 syscall=357 compat=1 ip=0xf7f74539 code=0x7ffc0000
[ 1242.291512][   T30] audit: type=1326 audit(1757273808.409:353): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=27364 comm="syz.7.6147" exe="/root/syz-executor" sig=0 arch=40000003 syscall=240 compat=1 ip=0xf7f74539 code=0x7ffc0000
[ 1242.327776][   T30] audit: type=1326 audit(1757273808.409:354): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=27364 comm="syz.7.6147" exe="/root/syz-executor" sig=0 arch=40000003 syscall=240 compat=1 ip=0xf7f74539 code=0x7ffc0000
[ 1242.372248][   T30] audit: type=1326 audit(1757273808.409:355): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=27364 comm="syz.7.6147" exe="/root/syz-executor" sig=0 arch=40000003 syscall=361 compat=1 ip=0xf7f74539 code=0x7ffc0000
[ 1242.430190][   T30] audit: type=1326 audit(1757273808.409:356): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=27364 comm="syz.7.6147" exe="/root/syz-executor" sig=0 arch=40000003 syscall=240 compat=1 ip=0xf7f74539 code=0x7ffc0000
[ 1242.465405][T27365] netlink: 180 bytes leftover after parsing attributes in process `syz.7.6147'.
[ 1242.501635][   T30] audit: type=1326 audit(1757273808.409:357): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=27364 comm="syz.7.6147" exe="/root/syz-executor" sig=0 arch=40000003 syscall=240 compat=1 ip=0xf7f74539 code=0x7ffc0000
[ 1242.507055][T27368] netlink: 180 bytes leftover after parsing attributes in process `syz.7.6147'.
[ 1242.599106][T27372] netlink: 180 bytes leftover after parsing attributes in process `syz.7.6147'.
[ 1242.644595][   T30] audit: type=1326 audit(1757273808.409:358): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=27364 comm="syz.7.6147" exe="/root/syz-executor" sig=0 arch=40000003 syscall=359 compat=1 ip=0xf7f74539 code=0x7ffc0000
[ 1242.688992][   T30] audit: type=1326 audit(1757273808.409:359): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=27364 comm="syz.7.6147" exe="/root/syz-executor" sig=0 arch=40000003 syscall=240 compat=1 ip=0xf7f74539 code=0x7ffc0000
[ 1243.374340][T27399] kvm_intel: set kvm_intel.dump_invalid_vmcs=1 to dump internal KVM state.
[ 1243.537316][T27401] kvm: vcpu 0: requested lapic timer restore with starting count register 0x390=680 (1360 ns) > initial count (1048 ns). Using initial count to start timer.
[ 1244.706634][T17815] usb 10-1: new high-speed USB device number 40 using dummy_hcd
[ 1244.725221][    C1] sd 0:0:1:0: [sda] tag#2312 FAILED Result: hostbyte=DID_ERROR driverbyte=DRIVER_OK cmd_age=0s
[ 1244.735764][    C1] sd 0:0:1:0: [sda] tag#2312 CDB: Write(6) 0a 00 00 00 00 00 00 00 fc 01 00 00
[ 1244.896414][T17815] usb 10-1: Using ep0 maxpacket: 16
[ 1244.906051][T17815] usb 10-1: config 1 contains an unexpected descriptor of type 0x2, skipping
[ 1244.915749][T17815] usb 10-1: config 1 has an invalid descriptor of length 0, skipping remainder of the config
[ 1244.947329][T17815] usb 10-1: config 1 has 1 interface, different from the descriptor's value: 3
[ 1244.980664][T17815] usb 10-1: New USB device found, idVendor=1d6b, idProduct=0101, bcdDevice= 0.40
[ 1244.999730][T17815] usb 10-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[ 1245.016719][T17815] usb 10-1: Product: syz
[ 1245.021128][T17815] usb 10-1: Manufacturer: syz
[ 1245.025872][T17815] usb 10-1: SerialNumber: syz
[ 1245.491607][T17815] usb 10-1: 0:2 : does not exist
[ 1246.608614][T17815] usb 10-1: 1:0: failed to get current value for ch 0 (-22)
[ 1246.697782][T17815] usb 10-1: USB disconnect, device number 40
[ 1247.121806][T27467] vlan4: entered promiscuous mode
[ 1247.140798][T27467] bridge0: entered promiscuous mode
[ 1249.663640][T27524] netlink: 72 bytes leftover after parsing attributes in process `syz.9.6171'.
[ 1249.686536][T27524] netlink: 72 bytes leftover after parsing attributes in process `syz.9.6171'.
[ 1250.083257][   T10] usb 6-1: new high-speed USB device number 80 using dummy_hcd
[ 1250.256488][   T10] usb 6-1: Using ep0 maxpacket: 32
[ 1250.265172][   T10] usb 6-1: config 0 has an invalid interface number: 184 but max is 0
[ 1250.289219][   T10] usb 6-1: config 0 has no interface number 0
[ 1250.317432][   T10] usb 6-1: config 0 interface 184 has no altsetting 0
[ 1250.336804][   T10] usb 6-1: New USB device found, idVendor=0424, idProduct=7500, bcdDevice=69.ee
[ 1250.367322][   T10] usb 6-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[ 1250.381046][   T10] usb 6-1: Product: syz
[ 1250.409851][   T10] usb 6-1: Manufacturer: syz
[ 1250.415131][   T10] usb 6-1: SerialNumber: syz
[ 1250.449885][   T10] usb 6-1: config 0 descriptor??
[ 1250.465130][   T10] smsc75xx v1.0.0
[ 1250.520905][T27547] netlink: 60 bytes leftover after parsing attributes in process `syz.4.6177'.
[ 1251.269040][   T10] smsc75xx 6-1:0.184 (unnamed net_device) (uninitialized): Failed to read reg index 0x00000040: -32
[ 1251.306142][   T10] smsc75xx 6-1:0.184 (unnamed net_device) (uninitialized): Error reading E2P_CMD
[ 1253.186617][   T10] smsc75xx 6-1:0.184 (unnamed net_device) (uninitialized): Failed to write reg index 0x0000011c: -71
[ 1253.207639][   T10] smsc75xx 6-1:0.184 (unnamed net_device) (uninitialized): Failed to write RX_ADDRL: -71
[ 1253.235368][   T10] smsc75xx 6-1:0.184 (unnamed net_device) (uninitialized): Failed to set mac address
[ 1253.274303][   T10] smsc75xx 6-1:0.184 (unnamed net_device) (uninitialized): smsc75xx_reset error -71
[ 1253.312470][   T10] smsc75xx 6-1:0.184: probe with driver smsc75xx failed with error -71
[ 1253.374898][   T10] usb 6-1: USB disconnect, device number 80
[ 1255.356604][   T10] usb 6-1: new high-speed USB device number 81 using dummy_hcd
[ 1255.651965][   T10] usb 6-1: config 27 has an invalid descriptor of length 0, skipping remainder of the config
[ 1255.696469][   T10] usb 6-1: config 27 interface 0 altsetting 0 has 0 endpoint descriptors, different from the interface descriptor's value: 2
[ 1255.920136][   T10] usb 6-1: New USB device found, idVendor=0582, idProduct=0014, bcdDevice=bb.9d
[ 1256.116484][   T10] usb 6-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[ 1256.299190][   T10] usb 6-1: Quirk or no altset; falling back to MIDI 1.0
[ 1256.536427][T17815] usb 10-1: new high-speed USB device number 41 using dummy_hcd
[ 1256.727743][ T5926] usb 4-1: new high-speed USB device number 40 using dummy_hcd
[ 1256.813585][T17815] usb 10-1: New USB device found, idVendor=0424, idProduct=7850, bcdDevice= 0.00
[ 1256.825152][T17815] usb 10-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[ 1256.855563][T27642] syz_tun: entered allmulticast mode
[ 1256.875831][T17815] usb 10-1: Product: syz
[ 1256.917443][T27642] netlink: 4 bytes leftover after parsing attributes in process `syz.4.6194'.
[ 1256.929139][   T10] snd-usb-audio 6-1:27.0: probe with driver snd-usb-audio failed with error -2
[ 1256.933408][ T5926] usb 4-1: Using ep0 maxpacket: 16
[ 1256.944469][T17815] usb 10-1: Manufacturer: syz
[ 1256.964784][T17815] usb 10-1: SerialNumber: syz
[ 1257.028739][ T5926] usb 4-1: New USB device found, idVendor=0471, idProduct=0327, bcdDevice=61.a4
[ 1257.094666][ T5926] usb 4-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[ 1257.356783][T27642] syz_tun (unregistering): left allmulticast mode
[ 1257.364740][ T5926] usb 4-1: config 0 descriptor??
[ 1257.385440][ T5926] gspca_main: sonixj-2.14.0 probing 0471:0327
[ 1259.155890][T17798] usb 6-1: USB disconnect, device number 81
[ 1259.682125][T17815] net_ratelimit: 12 callbacks suppressed
[ 1259.682147][T17815] lan78xx 10-1:1.0 (unnamed net_device) (uninitialized): Failed to read register index 0x00001000. ret = -EPROTO
[ 1259.761872][T17815] lan78xx 10-1:1.0 (unnamed net_device) (uninitialized): Failed to write register index 0x0000011c. ret = -EPROTO
[ 1259.793894][T17815] lan78xx 10-1:1.0 (unnamed net_device) (uninitialized): Registers INIT FAILED....
[ 1259.824645][T17815] lan78xx 10-1:1.0 (unnamed net_device) (uninitialized): Bind routine FAILED
[ 1259.856266][T17815] lan78xx 10-1:1.0: probe with driver lan78xx failed with error -71
[ 1259.956583][ T5926] gspca_sonixj: i2c_w8 err -71
[ 1259.961464][ T5926] sonixj 4-1:0.0: probe with driver sonixj failed with error -71
[ 1260.126104][T17815] usb 10-1: USB disconnect, device number 41
[ 1260.157300][ T5926] usb 4-1: USB disconnect, device number 40
[ 1261.368042][T23616] Bluetooth: hci4: command 0x0406 tx timeout
[ 1262.869654][T27714] netlink: 4 bytes leftover after parsing attributes in process `syz.9.6206'.
[ 1264.795510][   T30] kauditd_printk_skb: 4 callbacks suppressed
[ 1264.795530][   T30] audit: type=1804 audit(1757273831.069:364): pid=27730 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=invalid_pcr cause=open_writers comm="syz.9.6209" name="bus" dev="ramfs" ino=151015 res=1 errno=0
[ 1264.946900][   T30] audit: type=1804 audit(1757273831.109:365): pid=27730 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=invalid_pcr cause=ToMToU comm="syz.9.6209" name="bus" dev="ramfs" ino=151015 res=1 errno=0
[ 1265.135970][T27737] netlink: 'syz.7.6211': attribute type 4 has an invalid length.
[ 1266.762002][T27747] bridge0: port 2(bridge_slave_1) entered disabled state
[ 1266.769861][T27747] bridge0: port 1(bridge_slave_0) entered disabled state
[ 1268.258947][T27747] batman_adv: batadv0: Interface deactivated: batadv_slave_0
[ 1268.301898][T27747] batman_adv: batadv0: Interface deactivated: batadv_slave_1
[ 1268.831972][   T36] netdevsim netdevsim9 netdevsim0: unset [1, 0] type 2 family 0 port 6081 - 0
[ 1268.854045][   T36] netdevsim netdevsim9 netdevsim1: unset [1, 0] type 2 family 0 port 6081 - 0
[ 1268.906019][   T36] netdevsim netdevsim9 netdevsim2: unset [1, 0] type 2 family 0 port 6081 - 0
[ 1268.956398][ T2140] netdevsim netdevsim9 netdevsim3: unset [1, 0] type 2 family 0 port 6081 - 0
[ 1269.785937][ T2140] netdevsim netdevsim6 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[ 1270.361217][ T2140] netdevsim netdevsim6 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[ 1270.564359][ T5926] usb 10-1: new high-speed USB device number 42 using dummy_hcd
[ 1270.669205][ T2140] netdevsim netdevsim6 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[ 1270.746437][ T5926] usb 10-1: Using ep0 maxpacket: 32
[ 1270.769637][ T5926] usb 10-1: New USB device found, idVendor=174f, idProduct=6a31, bcdDevice=26.3f
[ 1270.799246][ T5926] usb 10-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[ 1270.825407][ T5926] usb 10-1: Product: syz
[ 1270.857990][ T5926] usb 10-1: Manufacturer: syz
[ 1270.885371][ T5926] usb 10-1: SerialNumber: syz
[ 1270.893466][ T2140] netdevsim netdevsim6 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[ 1270.907564][ T5926] usb 10-1: config 0 descriptor??
[ 1270.943952][ T5926] gspca_main: stk1135-2.14.0 probing 174f:6a31
[ 1271.602456][T23616] Bluetooth: hci1: command 0x0406 tx timeout
[ 1271.992883][ T2140] bridge_slave_1: left allmulticast mode
[ 1272.006005][ T2140] bridge_slave_1: left promiscuous mode
[ 1272.021324][ T2140] bridge0: port 2(bridge_slave_1) entered disabled state
[ 1272.034550][ T2140] bridge_slave_0: left allmulticast mode
[ 1272.041569][ T2140] bridge_slave_0: left promiscuous mode
[ 1272.052754][ T2140] bridge0: port 1(bridge_slave_0) entered disabled state
[ 1273.443071][ T5926] gspca_stk1135: reg_w 0x300 err -71
[ 1273.453173][ T5926] gspca_stk1135: serial bus timeout: status=0x00
[ 1273.470340][ T5926] gspca_stk1135: Sensor write failed
[ 1273.491561][ T5926] gspca_stk1135: serial bus timeout: status=0x00
[ 1273.529472][ T5926] gspca_stk1135: Sensor write failed
[ 1273.546354][ T5926] gspca_stk1135: serial bus timeout: status=0x00
[ 1273.559119][ T5926] gspca_stk1135: Sensor read failed
[ 1273.659439][ T5926] gspca_stk1135: serial bus timeout: status=0x00
[ 1273.665993][ T5926] gspca_stk1135: Sensor read failed
[ 1273.672284][ T5926] gspca_stk1135: Detected sensor type unknown (0x0)
[ 1273.679088][ T5926] gspca_stk1135: serial bus timeout: status=0x00
[ 1273.685454][ T5926] gspca_stk1135: Sensor read failed
[ 1273.690775][ T5926] gspca_stk1135: serial bus timeout: status=0x00
[ 1273.697202][ T5926] gspca_stk1135: Sensor read failed
[ 1273.702508][ T5926] gspca_stk1135: serial bus timeout: status=0x00
[ 1273.714946][ T5926] gspca_stk1135: Sensor write failed
[ 1273.751888][ T5926] gspca_stk1135: serial bus timeout: status=0x00
[ 1273.758713][ T5926] gspca_stk1135: Sensor write failed
[ 1273.764136][ T5926] stk1135 10-1:0.0: probe with driver stk1135 failed with error -71
[ 1273.778314][ T5926] usb 10-1: USB disconnect, device number 42
[ 1276.293544][ T2140] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface
[ 1276.345325][ T2140] bond0 (unregistering): Released all slaves
[ 1276.450301][T27898] bridge0: port 3(vxlan0) entered blocking state
[ 1276.537040][T27898] bridge0: port 3(vxlan0) entered disabled state
[ 1276.543786][T27898] vxlan0: entered allmulticast mode
[ 1277.117796][T27898] vxlan0: entered promiscuous mode
[ 1277.398393][T27903] netlink: 60 bytes leftover after parsing attributes in process `syz.9.6245'.
[ 1277.589367][T27907] netlink: 48 bytes leftover after parsing attributes in process `syz.4.6246'.
[ 1277.701561][T27908] netlink: 4 bytes leftover after parsing attributes in process `syz.4.6246'.
[ 1277.983252][T27914] fuse: Bad value for 'fd'
[ 1279.671131][ T2140] hsr_slave_0: left promiscuous mode
[ 1280.482532][ T2140] hsr_slave_1: left promiscuous mode
[ 1280.488576][ T2140] batman_adv: batadv0: Interface deactivated: batadv_slave_0
[ 1280.551286][ T2140] batman_adv: batadv0: Removing interface: batadv_slave_0
[ 1280.627127][ T2140] batman_adv: batadv0: Interface deactivated: batadv_slave_1
[ 1280.691129][ T2140] batman_adv: batadv0: Removing interface: batadv_slave_1
[ 1281.931085][ T2140] veth1_macvtap: left promiscuous mode
[ 1281.986417][ T2140] veth0_macvtap: left promiscuous mode
[ 1282.009418][ T2140] veth1_vlan: left promiscuous mode
[ 1282.018485][T27953] netlink: 'syz.9.6255': attribute type 10 has an invalid length.
[ 1282.049474][ T2140] veth0_vlan: left promiscuous mode
[ 1283.468367][T27969] netlink: 4 bytes leftover after parsing attributes in process `syz.3.6261'.
[ 1285.322141][ T2140] team0 (unregistering): Port device team_slave_1 removed
[ 1285.555230][ T2140] team0 (unregistering): Port device team_slave_0 removed
[ 1286.360645][T23866] hid-generic 0000:0000:0000.0047: unknown main item tag 0x0
[ 1286.498237][T23866] hid-generic 0000:0000:0000.0047: hidraw0: <UNKNOWN> HID v0.00 Device [syz1] on syz0
[ 1287.966437][T28004] netlink: 4 bytes leftover after parsing attributes in process `syz.4.6271'.
[ 1287.978820][T28004] netlink: 4 bytes leftover after parsing attributes in process `syz.4.6271'.
[ 1288.006736][T28004] netlink: 4 bytes leftover after parsing attributes in process `syz.4.6271'.
[ 1288.018038][T28004] netlink: 4 bytes leftover after parsing attributes in process `syz.4.6271'.
[ 1288.108891][T27953] 8021q: adding VLAN 0 to HW filter on device team0
[ 1288.124734][T27953] bond0: (slave team0): Enslaving as an active interface with an up link
[ 1288.156242][T27969] batman_adv: batadv0: Interface deactivated: batadv_slave_0
[ 1288.166255][T27969] batman_adv: batadv0: Removing interface: batadv_slave_0
[ 1288.190686][T27969] batman_adv: batadv0: Interface deactivated: batadv_slave_1
[ 1288.235151][T27969] batman_adv: batadv0: Removing interface: batadv_slave_1
[ 1292.334349][T28055] syz_tun (unregistering): left allmulticast mode
[ 1293.730030][T28080] binder_alloc: 28078: pid 28078 spamming oneway? 1 buffers allocated for a total size of 4096
[ 1300.371067][ T1301] ieee802154 phy0 wpan0: encryption failed: -22
[ 1300.403687][ T1301] ieee802154 phy1 wpan1: encryption failed: -22
[ 1304.745987][T28221] openvswitch: netlink: Flow actions may not be safe on all matching packets.
[ 1305.782804][   T30] audit: type=1804 audit(1757273871.659:366): pid=28227 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=invalid_pcr cause=ToMToU comm="syz.7.6317" name="/newroot/83/file1" dev="fuse" ino=1 res=1 errno=0
[ 1306.256384][   T10] usb 6-1: new high-speed USB device number 82 using dummy_hcd
[ 1306.749699][   T10] usb 6-1: New USB device found, idVendor=0bda, idProduct=8153, bcdDevice=e2.3d
[ 1306.781578][   T10] usb 6-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[ 1306.794279][   T10] usb 6-1: Product: syz
[ 1306.815813][   T10] usb 6-1: Manufacturer: syz
[ 1306.835960][   T10] usb 6-1: SerialNumber: syz
[ 1306.865818][   T10] r8152-cfgselector 6-1: Unknown version 0x0000
[ 1306.882538][   T10] r8152-cfgselector 6-1: config 0 descriptor??
[ 1307.102613][   T10] r8152-cfgselector 6-1: Unknown version 0x0000
[ 1307.298534][   T10] r8152-cfgselector 6-1: bad CDC descriptors
[ 1307.437938][T28233] Bluetooth: hci0: command 0x0406 tx timeout
[ 1308.686799][T17798] r8152-cfgselector 6-1: USB disconnect, device number 82
[ 1310.116722][T17798] usb 10-1: new high-speed USB device number 43 using dummy_hcd
[ 1310.296784][T17798] usb 10-1: Using ep0 maxpacket: 8
[ 1310.308488][T17798] usb 10-1: config 0 has an invalid interface number: 55 but max is 0
[ 1310.321939][T17798] usb 10-1: config 0 has no interface number 0
[ 1310.337105][T17798] usb 10-1: config 0 interface 55 altsetting 0 has an invalid descriptor for endpoint zero, skipping
[ 1310.381094][T17798] usb 10-1: config 0 interface 55 altsetting 0 has an endpoint descriptor with address 0xAB, changing to 0x8B
[ 1310.405667][T17798] usb 10-1: config 0 interface 55 altsetting 0 endpoint 0x8B has an invalid bInterval 0, changing to 7
[ 1310.633319][T17798] usb 10-1: config 0 interface 55 altsetting 0 has 3 endpoint descriptors, different from the interface descriptor's value: 2
[ 1311.305597][T17798] usb 10-1: New USB device found, idVendor=0f11, idProduct=1080, bcdDevice=fc.6a
[ 1311.326345][T17798] usb 10-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[ 1311.337508][T17798] usb 10-1: config 0 descriptor??
[ 1311.402269][T17798] ldusb 10-1:0.55: LD USB Device #0 now attached to major 180 minor 0
[ 1311.932456][T16950] usb 10-1: USB disconnect, device number 43
[ 1311.949576][T16950] ldusb 10-1:0.55: LD USB Device #0 now disconnected
[ 1313.713068][T28341] xt_policy: neither incoming nor outgoing policy selected
[ 1317.178910][T28388] sctp: [Deprecated]: syz.5.6352 (pid 28388) Use of int in max_burst socket option.
[ 1317.178910][T28388] Use struct sctp_assoc_value instead
[ 1318.827013][T28233] Bluetooth: hci3: unexpected cc 0x0c03 length: 249 > 1
[ 1318.856731][T28233] Bluetooth: hci3: unexpected cc 0x1003 length: 249 > 9
[ 1318.865933][T28233] Bluetooth: hci3: unexpected cc 0x1001 length: 249 > 9
[ 1318.875353][T28233] Bluetooth: hci3: unexpected cc 0x0c23 length: 249 > 4
[ 1318.884983][T28233] Bluetooth: hci3: unexpected cc 0x0c38 length: 249 > 2
[ 1319.108501][T10628] vxlan0: left allmulticast mode
[ 1319.126892][T10628] vxlan0: left promiscuous mode
[ 1319.142682][T10628] bridge0: port 3(vxlan0) entered disabled state
[ 1319.209090][T10628] bridge_slave_1: left allmulticast mode
[ 1319.240450][T10628] bridge_slave_1: left promiscuous mode
[ 1319.267572][T10628] bridge0: port 2(bridge_slave_1) entered disabled state
[ 1319.368261][T10628] bridge_slave_0: left promiscuous mode
[ 1319.384417][T10628] bridge0: port 1(bridge_slave_0) entered disabled state
[ 1319.426518][   T10] usb 10-1: new high-speed USB device number 44 using dummy_hcd
[ 1319.614301][   T10] usb 10-1: New USB device found, idVendor=046d, idProduct=0870, bcdDevice=61.47
[ 1319.652585][   T10] usb 10-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[ 1319.700984][   T10] usb 10-1: config 0 descriptor??
[ 1319.744989][   T10] gspca_main: STV06xx-2.14.0 probing 046d:0870
[ 1319.764012][T28419] binder: 28414:28419 unknown command 0
[ 1319.793390][T28419] binder: 28414:28419 ioctl c0306201 80000080 returned -22
[ 1319.846605][T28419] binder: 28414:28419 ioctl c0306201 80000300 returned -11
[ 1320.968138][T28233] Bluetooth: hci3: command tx timeout
[ 1322.165757][T10628] bond4 (unregistering): (slave gretap1): Releasing active interface
[ 1322.388341][T17796] usb 10-1: USB disconnect, device number 44
[ 1322.700142][T10628] bond0 (unregistering): (slave bridge0): Releasing backup interface
[ 1322.718116][T10628] bridge0 (unregistering): left allmulticast mode
[ 1323.036583][T28233] Bluetooth: hci3: command tx timeout
[ 1323.481506][T28452] netlink: 4 bytes leftover after parsing attributes in process `syz.9.6365'.
[ 1324.384091][T10628] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface
[ 1324.400886][T10628] bond_slave_0: left allmulticast mode
[ 1324.417244][T10628] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface
[ 1324.458165][T10628] bond_slave_1: left allmulticast mode
[ 1324.469816][T10628] bond0 (unregistering): Released all slaves
[ 1324.886559][T10628] bond1 (unregistering): (slave bond2): Releasing backup interface
[ 1324.895237][T10628] bond2 (unregistering): left promiscuous mode
[ 1324.901657][T10628] bond2 (unregistering): left allmulticast mode
[ 1324.911091][T10628] bond1 (unregistering): Released all slaves
[ 1325.116441][T28233] Bluetooth: hci3: command tx timeout
[ 1325.974096][T10628] bond2 (unregistering): Released all slaves
[ 1326.017413][T10628] bond3 (unregistering): Released all slaves
[ 1326.224748][T10628] bond4 (unregistering): Released all slaves
[ 1326.250471][T28432] warn_alloc: 1 callbacks suppressed
[ 1326.250488][T28432] syz.5.6361: vmalloc error: size 6291456, failed to allocated page array size 12288, mode:0xdc2(GFP_KERNEL|__GFP_HIGHMEM|__GFP_ZERO), nodemask=(null),cpuset=/,mems_allowed=0-1
[ 1326.317877][T28432] CPU: 0 UID: 0 PID: 28432 Comm: syz.5.6361 Not tainted syzkaller #0 PREEMPT(full) 
[ 1326.317909][T28432] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 07/12/2025
[ 1326.317922][T28432] Call Trace:
[ 1326.317930][T28432]  <TASK>
[ 1326.317938][T28432]  dump_stack_lvl+0x189/0x250
[ 1326.317964][T28432]  ? __pfx_dump_stack_lvl+0x10/0x10
[ 1326.317983][T28432]  ? __pfx__printk+0x10/0x10
[ 1326.318006][T28432]  ? cpuset_print_current_mems_allowed+0x1f/0x360
[ 1326.318025][T28432]  ? cpuset_print_current_mems_allowed+0x1f/0x360
[ 1326.318044][T28432]  ? cpuset_print_current_mems_allowed+0x2ee/0x360
[ 1326.318065][T28432]  warn_alloc+0x214/0x310
[ 1326.318092][T28432]  ? __pfx_warn_alloc+0x10/0x10
[ 1326.318122][T28432]  ? __get_vm_area_node+0x28f/0x300
[ 1326.318144][T28432]  ? fq_pie_init+0x430/0x840
[ 1326.318169][T28432]  __vmalloc_node_range_noprof+0x67e/0x12f0
[ 1326.318214][T28432]  ? __pfx___vmalloc_node_range_noprof+0x10/0x10
[ 1326.318241][T28432]  ? rcu_is_watching+0x15/0xb0
[ 1326.318258][T28432]  ? fq_pie_init+0x430/0x840
[ 1326.318279][T28432]  ? fq_pie_init+0x430/0x840
[ 1326.318299][T28432]  __kvmalloc_node_noprof+0x3b8/0x5f0
[ 1326.318321][T28432]  ? fq_pie_init+0x430/0x840
[ 1326.318342][T28432]  ? tcf_block_get+0x67/0xa0
[ 1326.318356][T28432]  ? __pfx_tcf_chain_head_change_dflt+0x10/0x10
[ 1326.318375][T28432]  fq_pie_init+0x430/0x840
[ 1326.318399][T28432]  ? __pfx_fq_pie_init+0x10/0x10
[ 1326.318421][T28432]  qdisc_create+0x7ac/0xea0
[ 1326.318468][T28432]  tc_modify_qdisc+0x1538/0x20e0
[ 1326.318502][T28432]  ? __pfx_tc_modify_qdisc+0x10/0x10
[ 1326.318547][T28432]  ? __pfx_tc_modify_qdisc+0x10/0x10
[ 1326.318568][T28432]  rtnetlink_rcv_msg+0x77c/0xb70
[ 1326.318584][T28432]  ? __lock_acquire+0xab9/0xd20
[ 1326.318607][T28432]  ? rtnetlink_rcv_msg+0x1ab/0xb70
[ 1326.318622][T28432]  ? __pfx_rtnetlink_rcv_msg+0x10/0x10
[ 1326.318651][T28432]  netlink_rcv_skb+0x205/0x470
[ 1326.318665][T28432]  ? __lock_acquire+0xab9/0xd20
[ 1326.318690][T28432]  ? __pfx_rtnetlink_rcv_msg+0x10/0x10
[ 1326.318709][T28432]  ? __pfx_netlink_rcv_skb+0x10/0x10
[ 1326.318732][T28432]  ? netlink_deliver_tap+0x2e/0x1b0
[ 1326.318754][T28432]  netlink_unicast+0x82c/0x9e0
[ 1326.318786][T28432]  ? __pfx_netlink_unicast+0x10/0x10
[ 1326.318820][T28432]  ? netlink_sendmsg+0x642/0xb30
[ 1326.318840][T28432]  ? skb_put+0x11b/0x210
[ 1326.318868][T28432]  netlink_sendmsg+0x805/0xb30
[ 1326.318901][T28432]  ? __pfx_netlink_sendmsg+0x10/0x10
[ 1326.318926][T28432]  ? __import_iovec+0x5d4/0x7f0
[ 1326.318945][T28432]  ? aa_sock_msg_perm+0xf1/0x1d0
[ 1326.318962][T28432]  ? bpf_lsm_socket_sendmsg+0x9/0x20
[ 1326.318979][T28432]  ? __pfx_netlink_sendmsg+0x10/0x10
[ 1326.318996][T28432]  __sock_sendmsg+0x21c/0x270
[ 1326.319022][T28432]  ____sys_sendmsg+0x505/0x830
[ 1326.319046][T28432]  ? __pfx_____sys_sendmsg+0x10/0x10
[ 1326.319078][T28432]  ___sys_sendmsg+0x21f/0x2a0
[ 1326.319099][T28432]  ? __pfx____sys_sendmsg+0x10/0x10
[ 1326.319118][T28432]  ? cgroup_freezing+0x29a/0x350
[ 1326.319162][T28432]  ? __fget_files+0x2a/0x420
[ 1326.319176][T28432]  ? __fget_files+0x3a0/0x420
[ 1326.319197][T28432]  __sys_sendmsg+0x164/0x220
[ 1326.319217][T28432]  ? __pfx___sys_sendmsg+0x10/0x10
[ 1326.319248][T28432]  ? lockdep_hardirqs_on+0x9c/0x150
[ 1326.319266][T28432]  __do_fast_syscall_32+0xb6/0x2b0
[ 1326.319284][T28432]  ? asm_int80_emulation+0x1a/0x20
[ 1326.319299][T28432]  ? do_int80_emulation+0x1f3/0x390
[ 1326.319319][T28432]  do_fast_syscall_32+0x34/0x80
[ 1326.319336][T28432]  entry_SYSENTER_compat_after_hwframe+0x84/0x8e
[ 1326.319354][T28432] RIP: 0023:0xf707e539
[ 1326.319369][T28432] Code: 03 74 b4 01 10 07 03 74 b0 01 10 08 03 74 d8 01 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 51 52 55 89 e5 0f 34 cd 80 <5d> 5a 59 c3 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90
[ 1326.319382][T28432] RSP: 002b:00000000f546e55c EFLAGS: 00000206 ORIG_RAX: 0000000000000172
[ 1326.319398][T28432] RAX: ffffffffffffffda RBX: 0000000000000003 RCX: 0000000080000300
[ 1326.319410][T28432] RDX: 000000002000400c RSI: 0000000000000000 RDI: 0000000000000000
[ 1326.319420][T28432] RBP: 0000000000000000 R08: 0000000000000000 R09: 0000000000000000
[ 1326.319437][T28432] R10: 0000000000000000 R11: 0000000000000206 R12: 0000000000000000
[ 1326.319446][T28432] R13: 0000000000000000 R14: 0000000000000000 R15: 0000000000000000
[ 1326.319468][T28432]  </TASK>
[ 1326.428996][T28432] Mem-Info:
[ 1326.762475][T28432] active_anon:11185 inactive_anon:0 isolated_anon:0
[ 1326.762475][T28432]  active_file:12873 inactive_file:40387 isolated_file:0
[ 1326.762475][T28432]  unevictable:768 dirty:267 writeback:0
[ 1326.762475][T28432]  slab_reclaimable:7145 slab_unreclaimable:110311
[ 1326.762475][T28432]  mapped:41652 shmem:4250 pagetables:1873
[ 1326.762475][T28432]  sec_pagetables:0 bounce:0
[ 1326.762475][T28432]  kernel_misc_reclaimable:0
[ 1326.762475][T28432]  free:1287195 free_pcp:14413 free_cma:0
[ 1326.828596][T28432] Node 0 active_anon:44740kB inactive_anon:0kB active_file:51460kB inactive_file:161344kB unevictable:1536kB isolated(anon):0kB isolated(file):0kB mapped:166576kB dirty:1064kB writeback:0kB shmem:15464kB shmem_thp:0kB shmem_pmdmapped:0kB anon_thp:0kB kernel_stack:13644kB pagetables:7304kB sec_pagetables:0kB all_unreclaimable? no Balloon:0kB
[ 1327.062695][T28432] Node 1 active_anon:0kB inactive_anon:0kB active_file:32kB inactive_file:204kB unevictable:1536kB isolated(anon):0kB isolated(file):0kB mapped:32kB dirty:4kB writeback:0kB shmem:1536kB shmem_thp:0kB shmem_pmdmapped:0kB anon_thp:0kB kernel_stack:48kB pagetables:188kB sec_pagetables:0kB all_unreclaimable? no Balloon:0kB
[ 1327.112384][T28432] Node 0 DMA free:15360kB boost:0kB min:204kB low:252kB high:300kB reserved_highatomic:0KB free_highatomic:0KB active_anon:0kB inactive_anon:0kB active_file:0kB inactive_file:0kB unevictable:0kB writepending:0kB present:15992kB managed:15360kB mlocked:0kB bounce:0kB free_pcp:0kB local_pcp:0kB free_cma:0kB
[ 1327.196579][T28233] Bluetooth: hci3: command tx timeout
[ 1327.298439][T28432] lowmem_reserve[]: 0 2497 2499 2499 2499
[ 1327.304251][T28432] Node 0 DMA32 free:1247828kB boost:0kB min:34248kB low:42808kB high:51368kB reserved_highatomic:0KB free_highatomic:0KB active_anon:44656kB inactive_anon:0kB active_file:51460kB inactive_file:159768kB unevictable:1536kB writepending:1072kB present:3129332kB managed:2557428kB mlocked:0kB bounce:0kB free_pcp:30144kB local_pcp:16328kB free_cma:0kB
[ 1327.366712][T28432] lowmem_reserve[]: 0 0 1 1 1
[ 1327.371499][T28432] Node 0 Normal free:12kB boost:0kB min:20kB low:24kB high:28kB reserved_highatomic:0KB free_highatomic:0KB active_anon:48kB inactive_anon:0kB active_file:0kB inactive_file:1576kB unevictable:0kB writepending:4kB present:1048580kB managed:1644kB mlocked:0kB bounce:0kB free_pcp:8kB local_pcp:0kB free_cma:0kB
[ 1327.405943][T28432] lowmem_reserve[]: 0 0 0 0 0
[ 1327.412623][T28432] Node 1 Normal free:3885704kB boost:0kB min:55632kB low:69540kB high:83448kB reserved_highatomic:0KB free_highatomic:0KB active_anon:0kB inactive_anon:0kB active_file:32kB inactive_file:204kB unevictable:1536kB writepending:4kB present:4194300kB managed:4111100kB mlocked:0kB bounce:0kB free_pcp:26972kB local_pcp:17916kB free_cma:0kB
[ 1327.444386][T28432] lowmem_reserve[]: 0 0 0 0 0
[ 1327.454326][T28432] Node 0 DMA: 0*4kB 0*8kB 0*16kB 0*32kB 0*64kB 0*128kB 0*256kB 0*512kB 1*1024kB (U) 1*2048kB (M) 3*4096kB (M) = 15360kB
[ 1327.468645][T28432] Node 0 DMA32: 561*4kB (UME) 418*8kB (UME) 814*16kB (UME) 471*32kB (UME) 166*64kB (UME) 149*128kB (UME) 117*256kB (UME) 46*512kB (UME) 18*1024kB (UME) 3*2048kB (UME) 270*4096kB (UM) = 1247380kB
[ 1327.488172][T28432] Node 0 Normal: 1*4kB (M) 1*8kB (M) 0*16kB 0*32kB 0*64kB 0*128kB 0*256kB 0*512kB 0*1024kB 0*2048kB 0*4096kB = 12kB
[ 1327.502831][T28432] Node 1 Normal: 220*4kB (UM) 57*8kB (UME) 53*16kB (UME) 264*32kB (UE) 100*64kB (UME) 18*128kB (UME) 7*256kB (UM) 6*512kB (UME) 5*1024kB (UME) 3*2048kB (ME) 940*4096kB (UM) = 3885704kB
[ 1327.523043][T28432] Node 0 hugepages_total=0 hugepages_free=0 hugepages_surp=0 hugepages_size=1048576kB
[ 1327.542236][T28432] Node 0 hugepages_total=4 hugepages_free=4 hugepages_surp=0 hugepages_size=2048kB
[ 1327.552915][T28432] Node 1 hugepages_total=0 hugepages_free=0 hugepages_surp=0 hugepages_size=1048576kB
[ 1327.565338][T28432] Node 1 hugepages_total=0 hugepages_free=0 hugepages_surp=0 hugepages_size=2048kB
[ 1327.577162][T28432] 57506 total pagecache pages
[ 1327.582188][T28432] 0 pages in swap cache
[ 1327.586838][T28432] Free swap  = 124996kB
[ 1327.591085][T28432] Total swap = 124996kB
[ 1327.595366][T28432] 2097051 pages RAM
[ 1327.602159][T28432] 0 pages HighMem/MovableOnly
[ 1327.608132][T28432] 425668 pages reserved
[ 1327.613008][T28432] 0 pages cma reserved
[ 1327.902722][T10628] tipc: Left network mode
[ 1329.388907][T28487] netlink: 'syz.5.6373': attribute type 1 has an invalid length.
[ 1329.434945][T10628] hsr_slave_0: left promiscuous mode
[ 1329.444660][T10628] hsr_slave_1: left promiscuous mode
[ 1329.465631][T10628] batman_adv: batadv0: Removing interface: batadv_slave_0
[ 1329.513030][T10628] batman_adv: batadv0: Removing interface: batadv_slave_1
[ 1331.456244][T10628] team0 (unregistering): Port device team_slave_1 removed
[ 1331.522638][T10628] team0 (unregistering): Port device team_slave_0 removed
[ 1332.501927][T28487] workqueue: Failed to create a rescuer kthread for wq "bond4": -EINTR
[ 1332.602515][T28494] gretap2: entered promiscuous mode
[ 1332.850933][T28409] chnl_net:caif_netlink_parms(): no params data found
[ 1332.974717][T28528] sch_tbf: burst 19872 is lower than device lo mtu (65550) !
[ 1333.378828][T28537] tipc: Failed to remove unknown binding: 66,1,1/0:1790628236/1790628238
[ 1333.387400][T28537] tipc: Failed to remove unknown binding: 66,1,1/0:1790628236/1790628238
[ 1334.280164][T28409] bridge0: port 1(bridge_slave_0) entered blocking state
[ 1334.320938][T28409] bridge0: port 1(bridge_slave_0) entered disabled state
[ 1334.347731][T28409] bridge_slave_0: entered allmulticast mode
[ 1334.404290][T28409] bridge_slave_0: entered promiscuous mode
[ 1334.445257][T28409] bridge0: port 2(bridge_slave_1) entered blocking state
[ 1334.456482][T28409] bridge0: port 2(bridge_slave_1) entered disabled state
[ 1334.466797][T28409] bridge_slave_1: entered allmulticast mode
[ 1334.475868][T28409] bridge_slave_1: entered promiscuous mode
[ 1335.712612][T28409] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link
[ 1335.797558][T28409] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link
[ 1336.254962][T28409] team0: Port device team_slave_0 added
[ 1336.515666][T28409] team0: Port device team_slave_1 added
[ 1337.308874][T28409] batman_adv: batadv0: Adding interface: batadv_slave_0
[ 1337.315868][T28409] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[ 1337.531641][T28409] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active
[ 1337.608918][T28409] batman_adv: batadv0: Adding interface: batadv_slave_1
[ 1337.627150][T28409] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[ 1337.743362][T28409] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active
[ 1338.282834][T28409] hsr_slave_0: entered promiscuous mode
[ 1338.341402][T28409] hsr_slave_1: entered promiscuous mode
[ 1338.375600][T28409] debugfs: 'hsr0' already exists in 'hsr'
[ 1338.390669][T28409] Cannot create hsr debugfs directory
[ 1339.775073][T28621] binder_alloc: 28620: binder_alloc_buf, no vma
[ 1343.114737][T28563] syz.3.6385 (28563): drop_caches: 1
[ 1344.204747][T28409] netdevsim netdevsim1 netdevsim0: renamed from eth0
[ 1344.321590][T28409] netdevsim netdevsim1 netdevsim1: renamed from eth1
[ 1344.335419][T28409] netdevsim netdevsim1 netdevsim2: renamed from eth2
[ 1344.470894][T28409] netdevsim netdevsim1 netdevsim3: renamed from eth3
[ 1345.497471][T28409] 8021q: adding VLAN 0 to HW filter on device bond0
[ 1345.601135][T28409] 8021q: adding VLAN 0 to HW filter on device team0
[ 1345.892346][   T12] bridge0: port 1(bridge_slave_0) entered blocking state
[ 1345.899610][   T12] bridge0: port 1(bridge_slave_0) entered forwarding state
[ 1346.011479][   T36] bridge0: port 2(bridge_slave_1) entered blocking state
[ 1346.018710][   T36] bridge0: port 2(bridge_slave_1) entered forwarding state
[ 1346.549129][T28409] hsr0: Slave A (hsr_slave_0) is not up; please bring it up to get a fully working HSR network
[ 1346.656310][T28409] hsr0: Slave B (hsr_slave_1) is not up; please bring it up to get a fully working HSR network
[ 1346.913713][T28409] 8021q: adding VLAN 0 to HW filter on device batadv0
[ 1347.354040][T28409] veth0_vlan: entered promiscuous mode
[ 1347.410680][T28409] veth1_vlan: entered promiscuous mode
[ 1347.556230][T28409] veth0_macvtap: entered promiscuous mode
[ 1347.583382][T28409] veth1_macvtap: entered promiscuous mode
[ 1347.621098][T28409] batman_adv: batadv0: Interface activated: batadv_slave_0
[ 1347.634101][T28409] batman_adv: batadv0: Interface activated: batadv_slave_1
[ 1347.681579][  T194] netdevsim netdevsim1 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0
[ 1347.708907][   T12] netdevsim netdevsim1 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0
[ 1347.726781][   T12] netdevsim netdevsim1 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0
[ 1347.735540][   T12] netdevsim netdevsim1 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0
[ 1347.852889][   T12] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[ 1347.878645][   T12] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50
[ 1347.930214][T10628] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[ 1347.943503][T10628] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50
[ 1350.174226][T28785] binder_alloc: 28782: pid 28782 spamming oneway? 1 buffers allocated for a total size of 4096
[ 1350.338134][T28785] binder_alloc: 28782: pid 28782 spamming oneway? 2 buffers allocated for a total size of 5120
[ 1350.363632][   T30] audit: type=1804 audit(1757273916.639:367): pid=28784 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=invalid_pcr cause=ToMToU comm="syz.3.6425" name="/newroot/82/file1" dev="fuse" ino=1 res=1 errno=0
[ 1350.721983][T28797] netlink: 'syz.5.6427': attribute type 1 has an invalid length.
[ 1350.754373][T28797] netlink: 168864 bytes leftover after parsing attributes in process `syz.5.6427'.
[ 1350.905770][T28806] vlan2: entered promiscuous mode
[ 1350.911392][T28806] vlan2: entered allmulticast mode
[ 1350.927147][T28806] hsr_slave_1: entered allmulticast mode
[ 1350.986575][T17796] usb 4-1: new high-speed USB device number 41 using dummy_hcd
[ 1351.182906][T17796] usb 4-1: config 0 has no interfaces?
[ 1351.190312][T17796] usb 4-1: New USB device found, idVendor=0471, idProduct=0304, bcdDevice=e4.df
[ 1351.231929][T17796] usb 4-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[ 1351.289675][T17796] usb 4-1: config 0 descriptor??
[ 1351.727990][T28799] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy
[ 1351.777000][T28799] misc raw-gadget: fail, usb_gadget_register_driver returned -16
[ 1351.857512][T17796] usb 4-1: USB disconnect, device number 41
[ 1352.456528][T17796] usb 4-1: new high-speed USB device number 42 using dummy_hcd
[ 1352.684118][T17796] usb 4-1: Using ep0 maxpacket: 16
[ 1352.699830][T17796] usb 4-1: config 1 has an invalid descriptor of length 0, skipping remainder of the config
[ 1352.754418][T17796] usb 4-1: config 1 has 1 interface, different from the descriptor's value: 3
[ 1352.821027][T17796] usb 4-1: New USB device found, idVendor=1d6b, idProduct=0101, bcdDevice= 1.40
[ 1352.831659][T17796] usb 4-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[ 1352.886235][T17796] usb 4-1: Product: syz
[ 1352.923375][T17796] usb 4-1: Manufacturer: syz
[ 1352.976749][T17796] usb 4-1: SerialNumber: syz
[ 1353.493315][T17796] usb 4-1: 0:2 : does not exist
[ 1353.749563][T17796] usb 4-1: 5:0: failed to get current value for ch 0 (-22)
[ 1353.815143][T17796] usb 4-1: 5:0: cannot get min/max values for control 4 (id 5)
[ 1354.071654][T17796] usb 4-1: USB disconnect, device number 42
[ 1354.263476][ T6013] udevd[6013]: error opening ATTR{/sys/devices/platform/dummy_hcd.3/usb4/4-1/4-1:1.0/sound/card3/controlC3/../uevent} for writing: No such file or directory
[ 1355.117863][T28857] tipc: Failed to remove unknown binding: 66,1,1/0:1740276670/1740276672
[ 1355.126426][T28857] tipc: Failed to remove unknown binding: 66,1,1/0:1740276670/1740276672
[ 1356.419016][T28869] syz.1.6443 (28869): drop_caches: 1
[ 1356.535665][T28869] syz.1.6443 (28869): drop_caches: 1
[ 1357.020936][T28883] 8021q: adding VLAN 0 to HW filter on device macvlan2
[ 1360.216089][T28926] netlink: 12 bytes leftover after parsing attributes in process `syz.1.6457'.
[ 1360.225242][T28926] tipc: Started in network mode
[ 1360.238503][T28926] tipc: Node identity d461b532, cluster identity 4711
[ 1360.258530][T28926] tipc: Node number set to 3563173170
[ 1360.299488][T28929] netlink: 'syz.7.6449': attribute type 4 has an invalid length.
[ 1360.310378][T28929] netlink: 'syz.7.6449': attribute type 4 has an invalid length.
[ 1360.568111][T28931] netlink: 4 bytes leftover after parsing attributes in process `syz.9.6458'.
[ 1360.741487][T28931] netlink: 4 bytes leftover after parsing attributes in process `syz.9.6458'.
[ 1360.757654][   T30] audit: type=1804 audit(1757273927.039:368): pid=28933 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=invalid_pcr cause=ToMToU comm="syz.1.6459" name="/newroot/11/file1" dev="fuse" ino=1 res=1 errno=0
[ 1361.466966][T28948] syz.5.6461 (28948): drop_caches: 1
[ 1361.610258][T28948] syz.5.6461 (28948): drop_caches: 1
[ 1361.686341][ T1301] ieee802154 phy0 wpan0: encryption failed: -22
[ 1361.692653][ T1301] ieee802154 phy1 wpan1: encryption failed: -22
[ 1363.236626][T16950] usb 4-1: new high-speed USB device number 43 using dummy_hcd
[ 1363.415195][T16950] usb 4-1: Using ep0 maxpacket: 32
[ 1363.433708][T16950] usb 4-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7
[ 1363.461390][T16950] usb 4-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0
[ 1363.526089][T16950] usb 4-1: New USB device found, idVendor=1e7d, idProduct=2d5a, bcdDevice= 0.00
[ 1363.564049][T16950] usb 4-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[ 1363.613896][T16950] usb 4-1: config 0 descriptor??
[ 1364.137380][ T5948] usb 10-1: new high-speed USB device number 45 using dummy_hcd
[ 1364.209964][T16950] savu 0003:1E7D:2D5A.0048: unknown main item tag 0x0
[ 1364.266153][T16950] savu 0003:1E7D:2D5A.0048: unknown main item tag 0x0
[ 1364.300024][T16950] savu 0003:1E7D:2D5A.0048: unknown main item tag 0x0
[ 1364.336337][T16950] savu 0003:1E7D:2D5A.0048: unknown main item tag 0x0
[ 1364.356816][T16950] savu 0003:1E7D:2D5A.0048: unknown main item tag 0x0
[ 1364.365225][T16950] savu 0003:1E7D:2D5A.0048: unknown main item tag 0x0
[ 1364.372195][T16950] savu 0003:1E7D:2D5A.0048: unknown main item tag 0x0
[ 1364.382330][T16950] savu 0003:1E7D:2D5A.0048: unknown main item tag 0x0
[ 1364.432598][ T5948] usb 10-1: config 0 has no interfaces?
[ 1364.438463][ T5948] usb 10-1: New USB device found, idVendor=06cd, idProduct=0135, bcdDevice=a8.a4
[ 1364.459439][T16950] savu 0003:1E7D:2D5A.0048: hidraw0: USB HID v0.00 Device [HID 1e7d:2d5a] on usb-dummy_hcd.3-1/input0
[ 1364.492226][ T5948] usb 10-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[ 1364.574697][ T5948] usb 10-1: config 0 descriptor??
[ 1365.038551][ T5948] usb 10-1: USB disconnect, device number 45
[ 1365.127925][T17796] usb 4-1: USB disconnect, device number 43
[ 1365.332407][   T30] audit: type=1326 audit(1757273931.599:369): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=28986 comm="syz.7.6468" exe="/root/syz-executor" sig=31 arch=40000003 syscall=240 compat=1 ip=0xf7f74539 code=0x0
[ 1365.494010][   T30] audit: type=1326 audit(1757273931.769:370): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=28986 comm="syz.7.6468" exe="/root/syz-executor" sig=9 arch=40000003 syscall=252 compat=1 ip=0xf7f74539 code=0x0
[ 1366.549668][T28233] Bluetooth: hci4: unexpected event for opcode 0x1003
[ 1367.713350][T29044] syz.7.6479 (29044): drop_caches: 1
[ 1367.896351][T16950] usb 10-1: new high-speed USB device number 46 using dummy_hcd
[ 1368.132026][T16950] usb 10-1: config 0 has no interfaces?
[ 1368.141696][T16950] usb 10-1: New USB device found, idVendor=0471, idProduct=0304, bcdDevice=e4.df
[ 1368.222260][T16950] usb 10-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[ 1368.295173][T29044] syz.7.6479 (29044): drop_caches: 1
[ 1368.543305][T16950] usb 10-1: config 0 descriptor??
[ 1368.780265][T29042] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy
[ 1368.824845][T29042] misc raw-gadget: fail, usb_gadget_register_driver returned -16
[ 1368.861622][T16950] usb 10-1: USB disconnect, device number 46
[ 1368.993196][T29061] program syz.1.6480 is using a deprecated SCSI ioctl, please convert it to SG_IO
[ 1369.003385][T29061] sd 0:0:1:0: ioctl_internal_command: ILLEGAL REQUEST asc=0x20 ascq=0x0
[ 1369.834562][T16950] usb 10-1: new high-speed USB device number 47 using dummy_hcd
[ 1369.986758][T16950] usb 10-1: Using ep0 maxpacket: 16
[ 1370.020663][T16950] usb 10-1: config 1 has an invalid descriptor of length 1, skipping remainder of the config
[ 1370.115385][T16950] usb 10-1: config 1 has 1 interface, different from the descriptor's value: 3
[ 1370.179574][T16950] usb 10-1: New USB device found, idVendor=1d6b, idProduct=0101, bcdDevice= 1.40
[ 1370.229615][T16950] usb 10-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[ 1370.260033][T16950] usb 10-1: Product: syz
[ 1370.264364][T16950] usb 10-1: Manufacturer: syz
[ 1370.297724][T16950] usb 10-1: SerialNumber: syz
[ 1370.569618][T28233] Bluetooth: hci4: Controller not accepting commands anymore: ncmd = 0
[ 1370.578880][T28233] Bluetooth: hci4: Injecting HCI hardware error event
[ 1370.579373][T16950] usb 10-1: 0:2 : does not exist
[ 1370.591356][T28233] Bluetooth: hci4: hardware error 0x00
[ 1370.698067][T16950] usb 10-1: 5:0: failed to get current value for ch 0 (-22)
[ 1370.741945][T16950] usb 10-1: 5:0: cannot get min/max values for control 3 (id 5)
[ 1370.763865][T16950] usb 10-1: 5:0: cannot get min/max values for control 4 (id 5)
[ 1370.804824][T16950] usb 10-1: 5:0: cannot get min/max values for control 3 (id 5)
[ 1370.920042][T16950] usb 10-1: USB disconnect, device number 47
[ 1371.285083][ T6013] udevd[6013]: error opening ATTR{/sys/devices/platform/dummy_hcd.9/usb10/10-1/10-1:1.0/sound/card3/controlC3/../uevent} for writing: No such file or directory
[ 1371.429674][T29097] netlink: 'syz.9.6490': attribute type 1 has an invalid length.
[ 1371.780465][T29100] bond1: (slave bridge1): making interface the new active one
[ 1371.790638][T29100] bond1: (slave bridge1): Enslaving as an active interface with an up link
[ 1372.095069][T29097] netlink: 28 bytes leftover after parsing attributes in process `syz.9.6490'.
[ 1372.157859][T29097] 8021q: adding VLAN 0 to HW filter on device bond1
[ 1372.626360][   T30] audit: type=1804 audit(1757273938.899:371): pid=29105 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=invalid_pcr cause=ToMToU comm="syz.9.6491" name="/newroot/116/file1" dev="fuse" ino=1 res=1 errno=0
[ 1372.718329][T28233] Bluetooth: hci4: Opcode 0x0c03 failed: -110
[ 1373.326629][T24645] usb 10-1: new high-speed USB device number 48 using dummy_hcd
[ 1373.602308][T24645] usb 10-1: New USB device found, idVendor=16ca, idProduct=1502, bcdDevice=a9.25
[ 1373.685917][T24645] usb 10-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[ 1373.743221][T24645] usb 10-1: Product: syz
[ 1373.767524][T24645] usb 10-1: Manufacturer: syz
[ 1373.775763][T24645] usb 10-1: SerialNumber: syz
[ 1373.851013][T29124] netlink: 44 bytes leftover after parsing attributes in process `syz.1.6494'.
[ 1373.873152][T24645] usb 10-1: config 0 descriptor??
[ 1373.961471][T29122] netlink: 44 bytes leftover after parsing attributes in process `syz.1.6494'.
[ 1374.816500][T17798] usb 10-1: USB disconnect, device number 48
[ 1375.636831][T29149] netlink: 4 bytes leftover after parsing attributes in process `syz.9.6500'.
[ 1375.667079][T29149] netlink: 4 bytes leftover after parsing attributes in process `syz.9.6500'.
[ 1376.026865][T29154] netlink: 4 bytes leftover after parsing attributes in process `syz.9.6500'.
[ 1376.068787][T29149] netlink: 4 bytes leftover after parsing attributes in process `syz.9.6500'.
[ 1376.313972][T29160] netlink: 4 bytes leftover after parsing attributes in process `syz.5.6505'.
[ 1376.367850][T29160] netlink: 277 bytes leftover after parsing attributes in process `syz.5.6505'.
[ 1376.427359][T29160] netlink: 277 bytes leftover after parsing attributes in process `syz.5.6505'.
[ 1376.493304][T29160] futex_wake_op: syz.5.6505 tries to shift op by -1; fix this program
[ 1376.506735][T16950] usb 4-1: new high-speed USB device number 44 using dummy_hcd
[ 1376.812092][T16950] usb 4-1: New USB device found, idVendor=0424, idProduct=7850, bcdDevice= 0.00
[ 1376.855864][T16950] usb 4-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[ 1376.902610][T16950] usb 4-1: Product: syz
[ 1376.940520][T16950] usb 4-1: Manufacturer: syz
[ 1376.966015][T16950] usb 4-1: SerialNumber: syz
[ 1378.700555][T16950] lan78xx 4-1:1.0 (unnamed net_device) (uninitialized): Failed to read register index 0x00000010. ret = -EPIPE
[ 1379.599264][T17796] usb 6-1: new high-speed USB device number 83 using dummy_hcd
[ 1379.721462][T16950] lan78xx 4-1:1.0 (unnamed net_device) (uninitialized): Failed to read register index 0x00001030. ret = -EPROTO
[ 1379.743635][T16950] lan78xx 4-1:1.0 (unnamed net_device) (uninitialized): Failed to write register index 0x0000011c. ret = -EPROTO
[ 1379.765962][T16950] lan78xx 4-1:1.0 (unnamed net_device) (uninitialized): Registers INIT FAILED....
[ 1379.779262][T16950] lan78xx 4-1:1.0 (unnamed net_device) (uninitialized): Bind routine FAILED
[ 1379.796741][T17796] usb 6-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7
[ 1379.823752][T17796] usb 6-1: New USB device found, idVendor=5543, idProduct=0003, bcdDevice= 0.00
[ 1379.843229][T17796] usb 6-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[ 1379.856131][T17796] usb 6-1: config 0 descriptor??
[ 1379.887636][T16950] lan78xx 4-1:1.0: probe with driver lan78xx failed with error -71
[ 1379.971179][T16950] usb 4-1: USB disconnect, device number 44
[ 1381.548093][T17796] uclogic 0003:5543:0003.0049: unknown main item tag 0x0
[ 1381.570857][T29221] __nla_validate_parse: 3 callbacks suppressed
[ 1381.570879][T29221] netlink: 8 bytes leftover after parsing attributes in process `syz.3.6517'.
[ 1381.623780][T17796] uclogic 0003:5543:0003.0049: unknown main item tag 0x0
[ 1381.639879][T17796] uclogic 0003:5543:0003.0049: unknown main item tag 0x0
[ 1381.678564][T17796] uclogic 0003:5543:0003.0049: unknown main item tag 0x0
[ 1381.707976][T29221] netlink: 8 bytes leftover after parsing attributes in process `syz.3.6517'.
[ 1381.946694][T17796] uclogic 0003:5543:0003.0049: unknown main item tag 0x0
[ 1381.981004][T17796] uclogic 0003:5543:0003.0049: hidraw0: USB HID v0.00 Device [HID 5543:0003] on usb-dummy_hcd.5-1/input0
[ 1382.072964][T17796] usb 6-1: USB disconnect, device number 83
[ 1382.613446][T29231] fido_id[29231]: Failed to open report descriptor at '/sys/devices/platform/dummy_hcd.5/usb6/report_descriptor': No such file or directory
[ 1382.739645][   T30] audit: type=1800 audit(1757273949.019:372): pid=29249 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed comm="syz.3.6531" name="SYSV00000000" dev="hugetlbfs" ino=0 res=0 errno=0
[ 1382.780852][T29245] kvm: pic: level sensitive irq not supported
[ 1382.781246][T29245] kvm: pic: single mode not supported
[ 1382.824644][T29245] kvm: pic: level sensitive irq not supported
[ 1382.860736][T29245] kvm: pic: single mode not supported
[ 1382.881774][T29245] kvm: pic: single mode not supported
[ 1382.909954][T29245] kvm: pic: single mode not supported
[ 1382.929520][T29245] kvm: pic: level sensitive irq not supported
[ 1382.945775][T29245] kvm: pic: single mode not supported
[ 1382.972458][T29245] kvm: pic: level sensitive irq not supported
[ 1383.009468][T29245] kvm: pic: single mode not supported
[ 1383.015677][T29245] kvm: pic: level sensitive irq not supported
[ 1383.061658][T29245] kvm: pic: single mode not supported
[ 1383.117022][T29245] kvm: pic: single mode not supported
[ 1383.123027][T29245] kvm: pic: level sensitive irq not supported
[ 1383.186623][T29245] kvm: pic: level sensitive irq not supported
[ 1383.193056][T29245] kvm: pic: level sensitive irq not supported
[ 1383.272015][T29245] kvm: pic: single mode not supported
[ 1383.278549][T29245] kvm: pic: level sensitive irq not supported
[ 1383.310879][T29245] kvm: pic: single mode not supported
[ 1383.317309][T29245] kvm: pic: level sensitive irq not supported
[ 1385.181054][T29282] loop8: detected capacity change from 0 to 16384
[ 1385.446646][T29283] loop8: detected capacity change from 16384 to 0
[ 1385.484169][    C1] I/O error, dev loop8, sector 1024 op 0x0:(READ) flags 0x80700 phys_seg 32 prio class 2
[ 1387.895174][T29327] netlink: 'syz.5.6536': attribute type 1 has an invalid length.
[ 1388.226923][T16950] usb 10-1: new high-speed USB device number 49 using dummy_hcd
[ 1388.437325][T16950] usb 10-1: New USB device found, idVendor=0424, idProduct=7850, bcdDevice= 0.00
[ 1388.479808][T29333] bond4: (slave bridge11): making interface the new active one
[ 1388.506838][T16950] usb 10-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[ 1388.552304][T16950] usb 10-1: Product: syz
[ 1388.566498][T16950] usb 10-1: Manufacturer: syz
[ 1388.576730][T29333] bond4: (slave bridge11): Enslaving as an active interface with an up link
[ 1388.585592][T16950] usb 10-1: SerialNumber: syz
[ 1388.719759][T29327] netlink: 28 bytes leftover after parsing attributes in process `syz.5.6536'.
[ 1390.127802][T16950] lan78xx 10-1:1.0 (unnamed net_device) (uninitialized): Failed to read register index 0x00000010. ret = -EPIPE
[ 1390.322775][T16950] lan78xx 10-1:1.0 (unnamed net_device) (uninitialized): Failed to read register index 0x00001000. ret = -EPIPE
[ 1391.187152][T16950] lan78xx 10-1:1.0 (unnamed net_device) (uninitialized): Failed to read register index 0x00000000. ret = -EPROTO
[ 1391.201216][T16950] lan78xx 10-1:1.0 (unnamed net_device) (uninitialized): Registers INIT FAILED....
[ 1391.247415][T16950] lan78xx 10-1:1.0 (unnamed net_device) (uninitialized): Bind routine FAILED
[ 1391.331952][T16950] lan78xx 10-1:1.0: probe with driver lan78xx failed with error -71
[ 1392.078052][T16950] usb 10-1: USB disconnect, device number 49
[ 1393.342986][T29385] bridge1: entered allmulticast mode
[ 1398.806761][T29458] batadv_slave_1: entered allmulticast mode
[ 1398.837593][T29457] batadv_slave_1: left allmulticast mode
[ 1399.652483][T29470] kvm: pic: non byte read
[ 1399.657058][T29470] kvm: pic: non byte read
[ 1399.662073][T29470] kvm: pic: non byte read
[ 1399.679989][T29470] kvm: pic: non byte read
[ 1399.979951][T29470] kvm: pic: non byte read
[ 1399.995180][T29470] kvm: pic: non byte read
[ 1400.001538][T29470] kvm: pic: non byte read
[ 1400.020002][T29470] kvm: pic: non byte read
[ 1401.029228][T28821] usb 10-1: new high-speed USB device number 50 using dummy_hcd
[ 1401.261078][T28821] usb 10-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config
[ 1401.309438][T28821] usb 10-1: New USB device found, idVendor=0471, idProduct=0304, bcdDevice=e4.df
[ 1401.329758][T28821] usb 10-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[ 1401.354987][T28821] usb 10-1: config 0 descriptor??
[ 1401.380045][T28821] pwc: Askey VC010 type 2 USB webcam detected.
[ 1401.846489][T28821] pwc: recv_control_msg error -32 req 02 val 2b00
[ 1401.861826][T28821] pwc: recv_control_msg error -32 req 02 val 2700
[ 1401.923179][T28821] pwc: recv_control_msg error -32 req 02 val 2c00
[ 1401.942651][T28821] pwc: recv_control_msg error -32 req 04 val 1000
[ 1401.966379][T28821] pwc: recv_control_msg error -32 req 04 val 1300
[ 1402.116451][T28821] pwc: recv_control_msg error -32 req 04 val 1400
[ 1402.167029][T28821] pwc: recv_control_msg error -32 req 02 val 2000
[ 1402.198273][T28821] pwc: recv_control_msg error -32 req 02 val 2100
[ 1402.259220][T28821] pwc: recv_control_msg error -32 req 04 val 1500
[ 1402.316511][T28821] pwc: recv_control_msg error -32 req 02 val 2500
[ 1402.598935][T28821] pwc: recv_control_msg error -71 req 02 val 2600
[ 1402.615505][T28821] pwc: recv_control_msg error -71 req 02 val 2900
[ 1402.627572][T28821] pwc: recv_control_msg error -71 req 02 val 2800
[ 1402.664606][T28821] pwc: recv_control_msg error -71 req 04 val 1100
[ 1402.717302][T28821] pwc: recv_control_msg error -71 req 04 val 1200
[ 1402.868780][T28821] pwc: Registered as video103.
[ 1402.887861][T28821] input: PWC snapshot button as /devices/platform/dummy_hcd.9/usb10/10-1/input/input72
[ 1403.090884][T29523] pim6reg: entered allmulticast mode
[ 1403.096593][T28821] usb 10-1: USB disconnect, device number 50
[ 1403.159802][T29523] netlink: 'syz.5.6575': attribute type 10 has an invalid length.
[ 1403.258501][T29523] team0: Failed to send port change of device netdevsim0 via netlink (err -105)
[ 1403.358725][T29523] team0: Failed to send options change via netlink (err -105)
[ 1403.445000][T29523] team0: Port device netdevsim0 added
[ 1405.345074][T29556] futex_wake_op: syz.9.6585 tries to shift op by -1; fix this program
[ 1405.678027][T17798] usb 10-1: new high-speed USB device number 51 using dummy_hcd
[ 1406.081938][T17798] usb 10-1: config 0 interface 0 altsetting 0 has an endpoint descriptor with address 0xA4, changing to 0x84
[ 1406.297403][T17798] usb 10-1: config 0 interface 0 altsetting 0 endpoint 0x84 has an invalid bInterval 0, changing to 7
[ 1406.329717][T17798] usb 10-1: New USB device found, idVendor=0cf3, idProduct=9374, bcdDevice=bc.3b
[ 1406.340841][T17798] usb 10-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[ 1406.451854][T17798] usb 10-1: config 0 descriptor??
[ 1407.450774][T17798] ath6kl: Failed to submit usb control message: -71
[ 1407.498757][T17798] ath6kl: unable to send the bmi data to the device: -71
[ 1407.572125][T17798] ath6kl: Unable to send get target info: -71
[ 1407.627816][T17798] ath6kl: Failed to init ath6kl core: -71
[ 1407.645785][T17798] ath6kl_usb 10-1:0.0: probe with driver ath6kl_usb failed with error -71
[ 1407.732883][T17798] usb 10-1: USB disconnect, device number 51
[ 1412.426320][    T9] usb 4-1: new high-speed USB device number 45 using dummy_hcd
[ 1412.576506][    T9] usb 4-1: Using ep0 maxpacket: 8
[ 1412.596400][    T9] usb 4-1: config 0 has an invalid interface number: 1 but max is 0
[ 1412.604767][    T9] usb 4-1: config 0 has no interface number 0
[ 1412.615821][    T9] usb 4-1: config 0 interface 1 altsetting 0 endpoint 0x82 has an invalid bInterval 0, changing to 7
[ 1412.630810][    T9] usb 4-1: New USB device found, idVendor=07c0, idProduct=1512, bcdDevice=30.22
[ 1412.642799][    T9] usb 4-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[ 1412.659074][    T9] usb 4-1: config 0 descriptor??
[ 1412.696613][    T9] iowarrior 4-1:0.1: IOWarrior product=0x1512, serial= interface=1 now attached to iowarrior0
[ 1413.012351][T29651] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy
[ 1413.070492][T29651] misc raw-gadget: fail, usb_gadget_register_driver returned -16
[ 1413.194540][    T9] usb 4-1: USB disconnect, device number 45
[ 1413.200744][    C0] iowarrior 4-1:0.1: iowarrior_callback - usb_submit_urb failed with result -19
[ 1414.776424][T17815] usb 4-1: new high-speed USB device number 46 using dummy_hcd
[ 1414.986367][T17815] usb 4-1: Using ep0 maxpacket: 16
[ 1415.585083][T17815] usb 4-1: config 1 has an invalid descriptor of length 0, skipping remainder of the config
[ 1415.615639][T17815] usb 4-1: config 1 has 1 interface, different from the descriptor's value: 3
[ 1415.669353][T29691] kvm: vcpu 0: requested lapic timer restore with starting count register 0x390=1812281087 (231971979136 ns) > initial count (200000 ns). Using initial count to start timer.
[ 1415.777419][T17815] usb 4-1: New USB device found, idVendor=1d6b, idProduct=0101, bcdDevice= 0.40
[ 1415.804177][T17815] usb 4-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[ 1415.817748][T17815] usb 4-1: Product: syz
[ 1415.822028][T17815] usb 4-1: Manufacturer: syz
[ 1415.832255][T17815] usb 4-1: SerialNumber: syz
[ 1416.391279][T29698] netlink: zone id is out of range
[ 1416.400102][T29698] netlink: zone id is out of range
[ 1416.405669][T29698] netlink: zone id is out of range
[ 1416.422680][T29698] netlink: zone id is out of range
[ 1416.461318][T29697] netlink: del zone limit has 4 unknown bytes
[ 1416.583241][T29698] netlink: zone id is out of range
[ 1416.615694][T29698] netlink: zone id is out of range
[ 1416.681689][T29698] netlink: zone id is out of range
[ 1416.740281][T29698] netlink: zone id is out of range
[ 1416.786618][T29698] netlink: zone id is out of range
[ 1417.392560][T29702] futex_wake_op: syz.7.6622 tries to shift op by -1; fix this program
[ 1417.989135][T17815] usb 4-1: cannot find UAC_HEADER
[ 1418.045063][T29719] netlink: 20 bytes leftover after parsing attributes in process `syz.5.6627'.
[ 1418.066508][T17815] snd-usb-audio 4-1:1.0: probe with driver snd-usb-audio failed with error -22
[ 1418.098354][ T6013] udevd[6013]: error opening ATTR{/sys/devices/platform/dummy_hcd.3/usb4/4-1/4-1:1.0/sound/card3/controlC3/../uevent} for writing: No such file or directory
[ 1418.114863][T17815] usb 4-1: USB disconnect, device number 46
[ 1418.455836][T29726] tipc: Failed to remove unknown binding: 66,1,1/3563173170:164523848/164523850
[ 1419.092341][T29741] netlink: 60 bytes leftover after parsing attributes in process `syz.3.6635'.
[ 1421.140645][   T30] audit: type=1326 audit(1757273987.419:373): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=29772 comm="syz.3.6642" exe="/root/syz-executor" sig=9 arch=40000003 syscall=252 compat=1 ip=0xf705e539 code=0x0
[ 1421.426519][ T5948] usb 4-1: new full-speed USB device number 47 using dummy_hcd
[ 1421.470173][T16950] usb 10-1: new high-speed USB device number 52 using dummy_hcd
[ 1421.639130][ T5948] usb 4-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid maxpacket 1023, setting to 64
[ 1421.676952][ T5948] usb 4-1: New USB device found, idVendor=04f3, idProduct=0755, bcdDevice= 0.00
[ 1421.701595][ T5948] usb 4-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[ 1421.736301][T16950] usb 10-1: Using ep0 maxpacket: 8
[ 1421.759906][T16950] usb 10-1: New USB device found, idVendor=0c45, idProduct=613a, bcdDevice=c4.6d
[ 1421.777439][T28821] usb 2-1: new high-speed USB device number 16 using dummy_hcd
[ 1421.808133][ T5948] usb 4-1: config 0 descriptor??
[ 1421.815480][T16950] usb 10-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[ 1421.832993][T29775] raw-gadget.0 gadget.3: fail, usb_ep_enable returned -22
[ 1421.880512][T16950] usb 10-1: Product: syz
[ 1421.906525][T16950] usb 10-1: Manufacturer: syz
[ 1421.923135][T16950] usb 10-1: SerialNumber: syz
[ 1421.939380][T28821] usb 2-1: Using ep0 maxpacket: 8
[ 1421.950888][T28821] usb 2-1: New USB device found, idVendor=0ccd, idProduct=00b3, bcdDevice=2d.ea
[ 1421.964845][T28821] usb 2-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[ 1421.975226][T16950] usb 10-1: config 0 descriptor??
[ 1421.985458][T28821] usb 2-1: Product: syz
[ 1422.004016][T16950] gspca_main: sonixj-2.14.0 probing 0c45:613a
[ 1422.011916][T28821] usb 2-1: Manufacturer: syz
[ 1422.061646][T28821] usb 2-1: SerialNumber: syz
[ 1422.085909][T28821] usb 2-1: config 0 descriptor??
[ 1422.352761][T28821] usb 2-1: dvb_usb_v2: found a 'TerraTec NOXON DAB Stick' in warm state
[ 1422.363986][ T5948] elan 0003:04F3:0755.004A: hidraw0: USB HID v1.01 Device [HID 04f3:0755] on usb-dummy_hcd.3-1/input0
[ 1422.583930][ T5948] usb 4-1: USB disconnect, device number 47
[ 1422.773412][T29796] fido_id[29796]: Failed to open report descriptor at '/sys/devices/platform/dummy_hcd.3/usb4/report_descriptor': No such file or directory
[ 1423.126827][ T1301] ieee802154 phy0 wpan0: encryption failed: -22
[ 1423.133222][ T1301] ieee802154 phy1 wpan1: encryption failed: -22
[ 1423.610725][T29813] netlink: 8 bytes leftover after parsing attributes in process `syz.5.6648'.
[ 1423.627159][T29813] netlink: 8 bytes leftover after parsing attributes in process `syz.5.6648'.
[ 1423.636696][T29813] netlink: 8 bytes leftover after parsing attributes in process `syz.5.6648'.
[ 1423.647991][T29813] netlink: 8 bytes leftover after parsing attributes in process `syz.5.6648'.
[ 1423.657746][T29813] netlink: 8 bytes leftover after parsing attributes in process `syz.5.6648'.
[ 1423.788294][T28821] dvb_usb_rtl28xxu 2-1:0.0: probe with driver dvb_usb_rtl28xxu failed with error -71
[ 1423.822399][T28821] usb 2-1: USB disconnect, device number 16
[ 1424.624101][T16950] gspca_sonixj: reg_w1 err -71
[ 1424.668377][T16950] sonixj 10-1:0.0: probe with driver sonixj failed with error -71
[ 1424.694811][T16950] usb 10-1: USB disconnect, device number 52
[ 1425.560618][T29853] binder: BINDER_SET_CONTEXT_MGR already set
[ 1425.621759][T29853] binder: 29852:29853 ioctl 4018620d 80000040 returned -16
[ 1425.906586][T16950] usb 10-1: new high-speed USB device number 53 using dummy_hcd
[ 1426.079303][T16950] usb 10-1: config 27 has an invalid descriptor of length 0, skipping remainder of the config
[ 1426.096294][T16950] usb 10-1: config 27 interface 0 altsetting 0 has 0 endpoint descriptors, different from the interface descriptor's value: 2
[ 1426.410050][T16950] usb 10-1: New USB device found, idVendor=0582, idProduct=0014, bcdDevice=bb.9d
[ 1426.435501][T16950] usb 10-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[ 1426.566227][T16950] usb 10-1: Quirk or no altset; falling back to MIDI 1.0
[ 1426.643119][T16950] snd-usb-audio 10-1:27.0: probe with driver snd-usb-audio failed with error -2
[ 1427.228093][T29869] kvm: kvm [29868]: vcpu0, guest rIP: 0x1a3 Unhandled WRMSR(0xc2) = 0x8000
[ 1427.667206][T16950] usb 10-1: USB disconnect, device number 53
[ 1427.920884][   T30] audit: type=1326 audit(1757273994.199:374): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=29872 comm="syz.7.6660" exe="/root/syz-executor" sig=31 arch=40000003 syscall=240 compat=1 ip=0xf7f74539 code=0x0
[ 1428.246423][T28821] usb 4-1: new high-speed USB device number 48 using dummy_hcd
[ 1428.377251][T29885] bridge1: entered allmulticast mode
[ 1428.456463][T28821] usb 4-1: Using ep0 maxpacket: 8
[ 1428.469974][T28821] usb 4-1: New USB device found, idVendor=1557, idProduct=7720, bcdDevice=b7.eb
[ 1428.496506][T28821] usb 4-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[ 1428.513206][T28821] usb 4-1: config 0 descriptor??
[ 1428.729700][T28821] asix 4-1:0.0 (unnamed net_device) (uninitialized): invalid hw address, using random
[ 1429.046347][T17798] usb 10-1: new high-speed USB device number 54 using dummy_hcd
[ 1429.293161][T17798] usb 10-1: config 1 has an invalid descriptor of length 0, skipping remainder of the config
[ 1429.389791][T17798] usb 10-1: config 1 has 1 interface, different from the descriptor's value: 3
[ 1429.541247][T17798] usb 10-1: New USB device found, idVendor=08b7, idProduct=0000, bcdDevice= 0.00
[ 1429.556286][T17798] usb 10-1: New USB device strings: Mfr=0, Product=0, SerialNumber=3
[ 1429.590561][T17798] usb 10-1: SerialNumber: syz
[ 1429.853308][T17798] usb 10-1: 0:2 : does not exist
[ 1429.864447][T17798] usb 10-1: unit 255 not found!
[ 1430.039039][T17798] usb 10-1: 5:0: cannot get min/max values for control 1 (id 5)
[ 1430.099630][T17798] usb 10-1: 5:0: cannot get min/max values for control 2 (id 5)
[ 1430.138470][T17798] usb 10-1: 5:0: cannot get min/max values for control 5 (id 5)
[ 1430.192775][T17798] usb 10-1: 5:0: cannot get min/max values for control 6 (id 5)
[ 1430.208823][T17798] usb 10-1: 5:0: cannot get min/max values for control 12 (id 5)
[ 1430.253407][T17798] usb 10-1: USB disconnect, device number 54
[ 1430.412027][ T6013] udevd[6013]: error opening ATTR{/sys/devices/platform/dummy_hcd.9/usb10/10-1/10-1:1.0/sound/card3/controlC3/../uevent} for writing: No such file or directory
[ 1431.388205][T29903] netlink: 'syz.1.6667': attribute type 4 has an invalid length.
[ 1431.464701][T28821] asix 4-1:0.0 (unnamed net_device) (uninitialized): Failed to write reg index 0x0000: -71
[ 1431.646743][T29927] netlink: 'syz.1.6667': attribute type 4 has an invalid length.
[ 1431.736480][T28821] asix 4-1:0.0 (unnamed net_device) (uninitialized): Failed to write Medium Mode mode to 0x0306: ffffffb9
[ 1431.766765][T28821] asix 4-1:0.0: probe with driver asix failed with error -71
[ 1431.924023][T28821] usb 4-1: USB disconnect, device number 48
[ 1432.457166][    T9] usb 6-1: new full-speed USB device number 84 using dummy_hcd
[ 1432.772804][    T9] usb 6-1: config 0 has an invalid interface number: 128 but max is 0
[ 1432.831695][    T9] usb 6-1: config 0 has no interface number 0
[ 1433.016942][    T9] usb 6-1: New USB device found, idVendor=20b7, idProduct=1540, bcdDevice=b7.5a
[ 1433.032117][    T9] usb 6-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[ 1433.084481][    T9] usb 6-1: Product: syz
[ 1433.108952][    T9] usb 6-1: Manufacturer: syz
[ 1433.146393][    T9] usb 6-1: SerialNumber: syz
[ 1433.169074][    T9] usb 6-1: config 0 descriptor??
[ 1433.631911][    T9] usb 6-1: Firmware: major: 84, minor: 103, hardware type: UNKNOWN (73)
[ 1433.842018][    T9] usb 6-1: Read permanent extended address 52:39:35:8d:79:3e:bf:c5 from device
[ 1433.853698][    T9] usb 6-1: atusb_probe: initialization failed, error = -524
[ 1433.861844][    T9] atusb 6-1:0.128: probe with driver atusb failed with error -524
[ 1434.057756][T16950] usb 6-1: USB disconnect, device number 84
[ 1434.550433][T16950] usb 2-1: new high-speed USB device number 17 using dummy_hcd
[ 1434.616332][T17796] usb 10-1: new full-speed USB device number 55 using dummy_hcd
[ 1434.760935][T16950] usb 2-1: Using ep0 maxpacket: 8
[ 1434.779227][T29957] tipc: Started in network mode
[ 1434.784267][T29957] tipc: Node identity 080211000001, cluster identity 4711
[ 1434.793765][T29957] tipc: Enabled bearer <eth:syzkaller0>, priority 0
[ 1434.808806][T17796] usb 10-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid maxpacket 1023, setting to 64
[ 1434.821524][T17796] usb 10-1: New USB device found, idVendor=04f3, idProduct=0755, bcdDevice= 0.00
[ 1434.835033][T29958] mac80211_hwsim hwsim29 syzkaller0: entered promiscuous mode
[ 1434.842898][T17796] usb 10-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[ 1434.853066][T29958] mac80211_hwsim hwsim29 syzkaller0: entered allmulticast mode
[ 1434.856017][T16950] usb 2-1: unable to get BOS descriptor or descriptor too short
[ 1434.865246][T17796] usb 10-1: config 0 descriptor??
[ 1434.891080][T16950] usb 2-1: config 4 interface 0 has no altsetting 0
[ 1434.896804][T29957] tipc: Resetting bearer <eth:syzkaller0>
[ 1434.915890][T29950] raw-gadget.1 gadget.9: fail, usb_ep_enable returned -22
[ 1434.947938][T16950] usb 2-1: string descriptor 0 read error: -22
[ 1435.061206][T16950] usb 2-1: New USB device found, idVendor=058f, idProduct=6610, bcdDevice=48.05
[ 1435.112023][T16950] usb 2-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[ 1435.435912][T29962] kvm: pic: non byte read
[ 1435.446981][T29962] kvm: pic: non byte read
[ 1435.452618][T29962] kvm: pic: non byte read
[ 1435.490548][T16950] usb 2-1: dvb_usb_v2: found a 'Sigmatek DVB-110' in warm state
[ 1435.499589][T29962] kvm: pic: non byte read
[ 1435.542346][T29962] kvm: pic: non byte read
[ 1435.553465][T16950] usb 2-1: dvb_usb_v2: will pass the complete MPEG2 transport stream to the software demuxer
[ 1435.569134][T29962] kvm: pic: non byte read
[ 1435.583237][T29962] kvm: pic: non byte read
[ 1435.607287][T29962] kvm: pic: non byte read
[ 1435.610216][T16950] dvbdev: DVB: registering new adapter (Sigmatek DVB-110)
[ 1435.617468][T29962] kvm: pic: non byte read
[ 1435.627618][T17796] elan 0003:04F3:0755.004B: hidraw0: USB HID v1.01 Device [HID 04f3:0755] on usb-dummy_hcd.9-1/input0
[ 1435.633575][T16950] usb 2-1: media controller created
[ 1435.665340][T29962] kvm: pic: non byte read
[ 1435.754938][T16950] dvbdev: dvb_create_media_entity: media entity 'dvb-demux' registered.
[ 1435.841589][T29946] block device autoloading is deprecated and will be removed.
[ 1436.078449][T17796] tipc: Node number set to 134418688
[ 1436.080982][ T5948] usb 10-1: USB disconnect, device number 55
[ 1436.261380][T16950] zl10353_read_register: readreg error (reg=127, ret==0)
[ 1436.471942][T16950] usb 2-1: USB disconnect, device number 17
[ 1437.549377][T29989] netdevsim netdevsim1: Direct firmware load for ..€ failed with error -2
[ 1437.595264][T29989] netdevsim netdevsim1: Falling back to sysfs fallback for: ..€
[ 1438.769020][T30001] vivid-000: =================  START STATUS  =================
[ 1438.779727][T30001] vivid-000: Test Pattern: 75% Colorbar
[ 1438.788357][T30001] vivid-000: Fill Percentage of Frame: 100
[ 1438.795416][T30001] vivid-000: Horizontal Movement: Move Left
[ 1438.802093][T30001] vivid-000: Vertical Movement: No Movement
[ 1438.809352][T30001] vivid-000: OSD Text Mode: All
[ 1438.815355][T30001] vivid-000: Show Border: false
[ 1438.823535][T30001] vivid-000: Show Square: false
[ 1438.832362][T30001] vivid-000: Sensor Flipped Horizontally: false
[ 1438.840725][T30001] vivid-000: Sensor Flipped Vertically: false
[ 1438.848689][T30001] vivid-000: Insert SAV Code in Image: false
[ 1438.856273][T30001] vivid-000: Insert EAV Code in Image: false
[ 1438.863897][T30001] vivid-000: Insert Video Guard Band: false
[ 1438.871440][T30001] vivid-000: Reduced Framerate: false
[ 1438.877901][T30001] vivid-000: HDMI 000-0 Is Connected To: Test Pattern Generator
[ 1438.886277][T30001] vivid-000: S-Video 000-0 Is Connected To: Test Pattern Generator
[ 1438.895902][T30001] vivid-000: Enable Capture Cropping: true grabbed
[ 1438.904568][T30001] vivid-000: Enable Capture Composing: true grabbed
[ 1438.912802][T30001] vivid-000: Enable Capture Scaler: true grabbed
[ 1438.922702][T30001] vivid-000: Timestamp Source: Start of Exposure
[ 1438.929936][T30001] vivid-000: Colorspace: SMPTE 170M
[ 1438.937587][T30001] vivid-000: Transfer Function: Default
[ 1438.945126][T30001] vivid-000: Y'CbCr Encoding: Default
[ 1438.952280][T30001] vivid-000: HSV Encoding: Hue 0-179
[ 1438.959346][T30001] vivid-000: Quantization: Default
[ 1438.966235][T30001] vivid-000: Apply Alpha To Red Only: false
[ 1438.973829][T30001] vivid-000: Standard Aspect Ratio: 4x3
[ 1438.981041][T30001] vivid-000: DV Timings Signal Mode: Current DV Timings inactive
[ 1438.990979][T30001] vivid-000: DV Timings: 640x480p59 inactive
[ 1438.999566][T30001] vivid-000: DV Timings Aspect Ratio: Source Width x Height
[ 1439.021651][T30001] vivid-000: Maximum EDID Blocks: 2
[ 1439.028536][T30001] vivid-000: Limited RGB Range (16-235): false
[ 1439.037433][T30001] vivid-000: Rx RGB Quantization Range: Automatic
[ 1439.057865][T30001] vivid-000: Power Present: 0x00000001
[ 1439.068785][T30001] tpg source WxH: 720x576 (Y'CbCr)
[ 1439.074178][T30001] tpg field: 4
[ 1439.093202][T30001] tpg crop: (64,0)/256x576
[ 1439.110371][T30001] tpg compose: (0,0)/720x576
[ 1439.268094][T30001] tpg colorspace: 1
[ 1439.403402][T30001] tpg transfer function: 0/0
[ 1439.417298][T30011] netlink: 'syz.5.6689': attribute type 4 has an invalid length.
[ 1439.480759][T30011] netlink: 'syz.5.6689': attribute type 4 has an invalid length.
[ 1439.696344][T30001] tpg Y'CbCr encoding: 0/0
[ 1439.706425][T30001] tpg quantization: 0/0
[ 1439.713086][T30001] tpg RGB range: 0/2
[ 1439.717314][T30001] vivid-000: ==================  END STATUS  ==================
[ 1439.735531][T29990] Bluetooth: hci2: Opcode 0x0c1a failed: -110
[ 1439.816371][T28233] Bluetooth: hci2: command 0x0c1a tx timeout
[ 1439.836378][T28233] Bluetooth: hci1: command 0x0406 tx timeout
[ 1439.842650][T29993] Bluetooth: hci1: Opcode 0x0c1a failed: -110
[ 1439.857906][T29990] Bluetooth: hci2: Error when powering off device on rfkill (-110)
[ 1440.242662][T29993] Bluetooth: hci1: Opcode 0x0406 failed: -4
[ 1440.288328][T29993] Bluetooth: hci0: Opcode 0x0c1a failed: -4
[ 1440.295633][T29993] Bluetooth: hci0: Opcode 0x0406 failed: -4
[ 1440.310279][T29990] Bluetooth: hci1: Opcode 0x0c1a failed: -4
[ 1440.320398][T29990] Bluetooth: hci1: Error when powering off device on rfkill (-4)
[ 1440.350790][T29993] Bluetooth: hci3: Opcode 0x0c1a failed: -4
[ 1440.361613][T29990] Bluetooth: hci0: Opcode 0x0c1a failed: -4
[ 1440.371351][T29990] Bluetooth: hci0: Error when powering off device on rfkill (-4)
[ 1440.411267][T29993] Bluetooth: hci3: Opcode 0x0406 failed: -4
[ 1440.421107][T29993] Bluetooth: hci3: Opcode 0x0406 failed: -4
[ 1440.447689][T29990] Bluetooth: hci3: Opcode 0x0c1a failed: -4
[ 1440.456439][T29990] Bluetooth: hci3: Error when powering off device on rfkill (-4)
[ 1440.594091][T30016] netlink: 'syz.7.6694': attribute type 27 has an invalid length.
[ 1440.706465][T17796] usb 4-1: new high-speed USB device number 49 using dummy_hcd
[ 1440.866738][T17796] usb 4-1: Using ep0 maxpacket: 8
[ 1440.890911][T17796] usb 4-1: config 0 has an invalid interface number: 186 but max is 0
[ 1440.908527][T17796] usb 4-1: config 0 has no interface number 0
[ 1440.922988][T17796] usb 4-1: config 0 interface 186 altsetting 0 has an invalid descriptor for endpoint zero, skipping
[ 1440.947340][T17796] usb 4-1: config 0 interface 186 altsetting 0 has an endpoint descriptor with address 0x9A, changing to 0x8A
[ 1440.966948][T17796] usb 4-1: config 0 interface 186 altsetting 0 endpoint 0x8A has an invalid bInterval 0, changing to 7
[ 1440.990318][T17796] usb 4-1: config 0 interface 186 altsetting 0 has 4 endpoint descriptors, different from the interface descriptor's value: 3
[ 1441.014994][T17796] usb 4-1: New USB device found, idVendor=07c0, idProduct=1505, bcdDevice=b8.c5
[ 1441.018230][T30021] netlink: 4 bytes leftover after parsing attributes in process `syz.1.6696'.
[ 1441.029667][T17796] usb 4-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[ 1441.041757][T30021] netlink: 8 bytes leftover after parsing attributes in process `syz.1.6696'.
[ 1441.066714][T17796] usb 4-1: Product: syz
[ 1441.071045][T17796] usb 4-1: Manufacturer: syz
[ 1441.109890][T17796] usb 4-1: SerialNumber: syz
[ 1441.125836][T17796] usb 4-1: config 0 descriptor??
[ 1441.216471][T17798] usb 6-1: new high-speed USB device number 85 using dummy_hcd
[ 1441.346119][T17796] iowarrior 4-1:0.186: IOWarrior product=0x1505, serial= interface=186 now attached to iowarrior0
[ 1441.378431][T17798] usb 6-1: unable to get BOS descriptor or descriptor too short
[ 1441.387586][T17798] usb 6-1: config 5 has an invalid interface number: 27 but max is 0
[ 1441.396907][T17798] usb 6-1: config 5 has no interface number 0
[ 1441.403093][T17798] usb 6-1: config 5 interface 27 has no altsetting 0
[ 1441.482693][T17798] usb 6-1: New USB device found, idVendor=07ca, idProduct=1867, bcdDevice=a9.e7
[ 1441.492397][T17798] usb 6-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[ 1441.501785][T17798] usb 6-1: Product: syz
[ 1441.506094][T17798] usb 6-1: Manufacturer: syz
[ 1441.511393][T17798] usb 6-1: SerialNumber: syz
[ 1441.526411][T28821] usb 2-1: new high-speed USB device number 18 using dummy_hcd
[ 1441.622206][    C1] iowarrior 4-1:0.186: iowarrior_callback - usb_submit_urb failed with result -1
[ 1441.638894][    T9] usb 4-1: USB disconnect, device number 49
[ 1441.687500][T28821] usb 2-1: Using ep0 maxpacket: 32
[ 1441.722932][T28821] usb 2-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7
[ 1441.740430][T28821] usb 2-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0
[ 1441.752045][T28821] usb 2-1: New USB device found, idVendor=0403, idProduct=6030, bcdDevice= 0.00
[ 1441.768388][T28821] usb 2-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[ 1441.780581][T28821] usb 2-1: config 0 descriptor??
[ 1441.836983][T17798] usb 6-1: USB disconnect, device number 85
[ 1442.790353][T28821] ft260 0003:0403:6030.004C: unknown main item tag 0x7
[ 1442.982837][T28821] ft260 0003:0403:6030.004C: chip code: 6424 8183
[ 1443.425953][T28821] ft260 0003:0403:6030.004C: USB HID v0.00 Device [HID 0403:6030] on usb-dummy_hcd.1-1/input0
[ 1443.626809][T28821] ft260 0003:0403:6030.004C: failed to retrieve status: -32, no wakeup
[ 1444.217328][T28821] usb 2-1: reset high-speed USB device number 18 using dummy_hcd
[ 1444.567978][T30062] tipc: Resetting bearer <eth:syzkaller0>
[ 1444.671234][T30066] 
[ 1444.673696][T30066] =====================================================
[ 1444.680648][T30066] WARNING: SOFTIRQ-safe -> SOFTIRQ-unsafe lock order detected
[ 1444.688146][T30066] syzkaller #0 Not tainted
[ 1444.692559][T30066] -----------------------------------------------------
[ 1444.699610][T30066] syz.3.6705/30066 [HC0[0]:SC0[0]:HE0:SE1] is trying to acquire:
[ 1444.707331][T30066] ffff888076bf8d38 (&new->fa_lock){...-}-{3:3}, at: kill_fasync+0x199/0x4d0
[ 1444.716044][T30066] 
[ 1444.716044][T30066] and this task is already holding:
[ 1444.723407][T30066] ffff888029888028 (&client->buffer_lock){....}-{3:3}, at: evdev_pass_values+0xb9/0xbd0
[ 1444.733155][T30066] which would create a new lock dependency:
[ 1444.739040][T30066]  (&client->buffer_lock){....}-{3:3} -> (&new->fa_lock){...-}-{3:3}
[ 1444.747143][T30066] 
[ 1444.747143][T30066] but this new dependency connects a SOFTIRQ-irq-safe lock:
[ 1444.756588][T30066]  (&dev->event_lock#2){..-.}-{3:3}
[ 1444.756620][T30066] 
[ 1444.756620][T30066] ... which became SOFTIRQ-irq-safe at:
[ 1444.769499][T30066]   lock_acquire+0x120/0x360
[ 1444.774128][T30066]   _raw_spin_lock_irqsave+0xa7/0xf0
[ 1444.779461][T30066]   input_event+0x76/0xe0
[ 1444.783811][T30066]   atp_complete_geyser_3_4+0x11f2/0x1e80
[ 1444.789552][T30066]   __usb_hcd_giveback_urb+0x376/0x540
[ 1444.795024][T30066]   dummy_timer+0x862/0x4550
[ 1444.799644][T30066]   __hrtimer_run_queues+0x529/0xc60
[ 1444.804943][T30066]   hrtimer_run_softirq+0x187/0x2b0
[ 1444.810174][T30066]   handle_softirqs+0x283/0x870
[ 1444.815033][T30066]   __irq_exit_rcu+0xca/0x1f0
[ 1444.819716][T30066]   irq_exit_rcu+0x9/0x30
[ 1444.824048][T30066]   sysvec_apic_timer_interrupt+0xa6/0xc0
[ 1444.829783][T30066]   asm_sysvec_apic_timer_interrupt+0x1a/0x20
[ 1444.835857][T30066]   _raw_spin_unlock_irqrestore+0xa8/0x110
[ 1444.841677][T30066]   dummy_urb_enqueue+0x58a/0x780
[ 1444.846744][T30066]   usb_hcd_submit_urb+0x322/0x1aa0
[ 1444.851964][T30066]   atp_open+0x63/0xc0
[ 1444.856041][T30066]   input_open_device+0x1d0/0x390
[ 1444.861074][T30066]   mousedev_open_device+0xcc/0x150
[ 1444.866296][T30066]   mousedev_open+0x2ef/0x4a0
[ 1444.870995][T30066]   chrdev_open+0x4cc/0x5e0
[ 1444.875524][T30066]   do_dentry_open+0x953/0x13f0
[ 1444.880387][T30066]   vfs_open+0x3b/0x340
[ 1444.884567][T30066]   path_openat+0x2ee5/0x3830
[ 1444.889252][T30066]   do_filp_open+0x1fa/0x410
[ 1444.893850][T30066]   do_sys_openat2+0x121/0x1c0
[ 1444.898631][T30066]   __x64_sys_openat+0x138/0x170
[ 1444.903599][T30066]   do_syscall_64+0xfa/0x3b0
[ 1444.908196][T30066]   entry_SYSCALL_64_after_hwframe+0x77/0x7f
[ 1444.914196][T30066] 
[ 1444.914196][T30066] to a SOFTIRQ-irq-unsafe lock:
[ 1444.921229][T30066]  (tasklist_lock){.+.+}-{3:3}
[ 1444.921262][T30066] 
[ 1444.921262][T30066] ... which became SOFTIRQ-irq-unsafe at:
[ 1444.933895][T30066] ...
[ 1444.933905][T30066]   lock_acquire+0x120/0x360
[ 1444.941186][T30066]   _raw_read_lock+0x36/0x50
[ 1444.945887][T30066]   __do_wait+0xde/0x740
[ 1444.950165][T30066]   do_wait+0x1f8/0x520
[ 1444.954338][T30066]   kernel_wait+0xab/0x170
[ 1444.958762][T30066]   call_usermodehelper_exec_work+0xbe/0x230
[ 1444.964843][T30066]   process_scheduled_works+0xae1/0x17b0
[ 1444.970489][T30066]   worker_thread+0x8a0/0xda0
[ 1444.975181][T30066]   kthread+0x70e/0x8a0
[ 1444.979341][T30066]   ret_from_fork+0x3fc/0x770
[ 1444.984018][T30066]   ret_from_fork_asm+0x1a/0x30
[ 1444.988875][T30066] 
[ 1444.988875][T30066] other info that might help us debug this:
[ 1444.988875][T30066] 
[ 1444.999109][T30066] Chain exists of:
[ 1444.999109][T30066]   &dev->event_lock#2 --> &client->buffer_lock --> tasklist_lock
[ 1444.999109][T30066] 
[ 1445.012722][T30066]  Possible interrupt unsafe locking scenario:
[ 1445.012722][T30066] 
[ 1445.021051][T30066]        CPU0                    CPU1
[ 1445.026424][T30066]        ----                    ----
[ 1445.031790][T30066]   lock(tasklist_lock);
[ 1445.036043][T30066]                                local_irq_disable();
[ 1445.042792][T30066]                                lock(&dev->event_lock#2);
[ 1445.050089][T30066]                                lock(&client->buffer_lock);
[ 1445.057487][T30066]   <Interrupt>
[ 1445.060948][T30066]     lock(&dev->event_lock#2);
[ 1445.065823][T30066] 
[ 1445.065823][T30066]  *** DEADLOCK ***
[ 1445.065823][T30066] 
[ 1445.073969][T30066] 7 locks held by syz.3.6705/30066:
[ 1445.079166][T30066]  #0: ffff8880296f7118 (&evdev->mutex){+.+.}-{4:4}, at: evdev_write+0x1a1/0x480
[ 1445.088323][T30066]  #1: ffff88802967f230 (&dev->event_lock#2){..-.}-{3:3}, at: input_inject_event+0xa5/0x340
[ 1445.098441][T30066]  #2: ffffffff8e139f20 (rcu_read_lock){....}-{1:3}, at: input_inject_event+0xb6/0x340
[ 1445.108144][T30066]  #3: ffffffff8e139f20 (rcu_read_lock){....}-{1:3}, at: input_pass_values+0x8d/0x890
[ 1445.117745][T30066]  #4: ffffffff8e139f20 (rcu_read_lock){....}-{1:3}, at: evdev_events+0x79/0x340
[ 1445.126883][T30066]  #5: ffff888029888028 (&client->buffer_lock){....}-{3:3}, at: evdev_pass_values+0xb9/0xbd0
[ 1445.137075][T30066]  #6: ffffffff8e139f20 (rcu_read_lock){....}-{1:3}, at: kill_fasync+0x53/0x4d0
[ 1445.146144][T30066] 
[ 1445.146144][T30066] the dependencies between SOFTIRQ-irq-safe lock and the holding lock:
[ 1445.156545][T30066]  -> (&dev->event_lock#2){..-.}-{3:3} {
[ 1445.162214][T30066]     IN-SOFTIRQ-W at:
[ 1445.166287][T30066]                       lock_acquire+0x120/0x360
[ 1445.172655][T30066]                       _raw_spin_lock_irqsave+0xa7/0xf0
[ 1445.179717][T30066]                       input_event+0x76/0xe0
[ 1445.185803][T30066]                       atp_complete_geyser_3_4+0x11f2/0x1e80
[ 1445.193275][T30066]                       __usb_hcd_giveback_urb+0x376/0x540
[ 1445.200475][T30066]                       dummy_timer+0x862/0x4550
[ 1445.206806][T30066]                       __hrtimer_run_queues+0x529/0xc60
[ 1445.213829][T30066]                       hrtimer_run_softirq+0x187/0x2b0
[ 1445.220769][T30066]                       handle_softirqs+0x283/0x870
[ 1445.227358][T30066]                       __irq_exit_rcu+0xca/0x1f0
[ 1445.233765][T30066]                       irq_exit_rcu+0x9/0x30
[ 1445.239833][T30066]                       sysvec_apic_timer_interrupt+0xa6/0xc0
[ 1445.247309][T30066]                       asm_sysvec_apic_timer_interrupt+0x1a/0x20
[ 1445.255114][T30066]                       _raw_spin_unlock_irqrestore+0xa8/0x110
[ 1445.262667][T30066]                       dummy_urb_enqueue+0x58a/0x780
[ 1445.269473][T30066]                       usb_hcd_submit_urb+0x322/0x1aa0
[ 1445.276410][T30066]                       atp_open+0x63/0xc0
[ 1445.282226][T30066]                       input_open_device+0x1d0/0x390
[ 1445.288999][T30066]                       mousedev_open_device+0xcc/0x150
[ 1445.295953][T30066]                       mousedev_open+0x2ef/0x4a0
[ 1445.302367][T30066]                       chrdev_open+0x4cc/0x5e0
[ 1445.308635][T30066]                       do_dentry_open+0x953/0x13f0
[ 1445.315226][T30066]                       vfs_open+0x3b/0x340
[ 1445.321113][T30066]                       path_openat+0x2ee5/0x3830
[ 1445.327534][T30066]                       do_filp_open+0x1fa/0x410
[ 1445.333872][T30066]                       do_sys_openat2+0x121/0x1c0
[ 1445.340377][T30066]                       __x64_sys_openat+0x138/0x170
[ 1445.347077][T30066]                       do_syscall_64+0xfa/0x3b0
[ 1445.353410][T30066]                       entry_SYSCALL_64_after_hwframe+0x77/0x7f
[ 1445.361129][T30066]     INITIAL USE at:
[ 1445.365128][T30066]                      lock_acquire+0x120/0x360
[ 1445.371399][T30066]                      _raw_spin_lock_irqsave+0xa7/0xf0
[ 1445.378342][T30066]                      input_inject_event+0xa5/0x340
[ 1445.385016][T30066]                      kbd_led_trigger_activate+0xbc/0x100
[ 1445.392212][T30066]                      led_trigger_set+0x52a/0x950
[ 1445.398718][T30066]                      led_trigger_set_default+0x260/0x2a0
[ 1445.405920][T30066]                      led_classdev_register_ext+0x73d/0x930
[ 1445.413287][T30066]                      input_leds_connect+0x517/0x790
[ 1445.420057][T30066]                      input_register_device+0xcfd/0x1140
[ 1445.427178][T30066]                      atkbd_connect+0x72e/0xa00
[ 1445.433507][T30066]                      serio_driver_probe+0x82/0xd0
[ 1445.440106][T30066]                      really_probe+0x26d/0x9e0
[ 1445.446354][T30066]                      __driver_probe_device+0x18c/0x2f0
[ 1445.453380][T30066]                      driver_probe_device+0x4f/0x430
[ 1445.460173][T30066]                      __driver_attach+0x452/0x700
[ 1445.466676][T30066]                      bus_for_each_dev+0x233/0x2b0
[ 1445.473259][T30066]                      serio_handle_event+0x1f9/0x8d0
[ 1445.480029][T30066]                      process_scheduled_works+0xae1/0x17b0
[ 1445.487314][T30066]                      worker_thread+0x8a0/0xda0
[ 1445.493653][T30066]                      kthread+0x70e/0x8a0
[ 1445.499489][T30066]                      ret_from_fork+0x3fc/0x770
[ 1445.505835][T30066]                      ret_from_fork_asm+0x1a/0x30
[ 1445.512345][T30066]   }
[ 1445.514936][T30066]   ... key      at: [<ffffffff99e30fa0>] input_allocate_device.__key.5+0x0/0x20
[ 1445.524056][T30066] -> (&client->buffer_lock){....}-{3:3} {
[ 1445.529799][T30066]    INITIAL USE at:
[ 1445.533710][T30066]                    lock_acquire+0x120/0x360
[ 1445.539809][T30066]                    _raw_spin_lock+0x2e/0x40
[ 1445.545881][T30066]                    evdev_pass_values+0xb9/0xbd0
[ 1445.552300][T30066]                    evdev_events+0x1e6/0x340
[ 1445.558374][T30066]                    input_pass_values+0x288/0x890
[ 1445.564877][T30066]                    input_event_dispose+0x330/0x6b0
[ 1445.571561][T30066]                    input_inject_event+0x1dd/0x340
[ 1445.578159][T30066]                    evdev_write+0x2fc/0x480
[ 1445.584142][T30066]                    vfs_write+0x27b/0xb30
[ 1445.589963][T30066]                    ksys_write+0x145/0x250
[ 1445.596295][T30066]                    __do_fast_syscall_32+0xb6/0x2b0
[ 1445.602987][T30066]                    do_fast_syscall_32+0x34/0x80
[ 1445.609418][T30066]                    entry_SYSENTER_compat_after_hwframe+0x84/0x8e
[ 1445.617320][T30066]  }
[ 1445.619828][T30066]  ... key      at: [<ffffffff99e31240>] evdev_open.__key.25+0x0/0x20
[ 1445.627995][T30066]  ... acquired at:
[ 1445.631812][T30066]    lock_acquire+0x120/0x360
[ 1445.636516][T30066]    _raw_spin_lock+0x2e/0x40
[ 1445.641217][T30066]    evdev_pass_values+0xb9/0xbd0
[ 1445.646255][T30066]    evdev_events+0x1e6/0x340
[ 1445.650933][T30066]    input_pass_values+0x288/0x890
[ 1445.656044][T30066]    input_event_dispose+0x330/0x6b0
[ 1445.661329][T30066]    input_inject_event+0x1dd/0x340
[ 1445.666541][T30066]    evdev_write+0x2fc/0x480
[ 1445.671145][T30066]    vfs_write+0x27b/0xb30
[ 1445.675571][T30066]    ksys_write+0x145/0x250
[ 1445.680082][T30066]    __do_fast_syscall_32+0xb6/0x2b0
[ 1445.685377][T30066]    do_fast_syscall_32+0x34/0x80
[ 1445.690402][T30066]    entry_SYSENTER_compat_after_hwframe+0x84/0x8e
[ 1445.696911][T30066] 
[ 1445.699233][T30066] 
[ 1445.699233][T30066] the dependencies between the lock to be acquired
[ 1445.699244][T30066]  and SOFTIRQ-irq-unsafe lock:
[ 1445.712752][T30066]   -> (tasklist_lock){.+.+}-{3:3} {
[ 1445.718057][T30066]      HARDIRQ-ON-R at:
[ 1445.722208][T30066]                         lock_acquire+0x120/0x360
[ 1445.728717][T30066]                         _raw_read_lock+0x36/0x50
[ 1445.735235][T30066]                         __do_wait+0xde/0x740
[ 1445.741406][T30066]                         do_wait+0x1f8/0x520
[ 1445.747478][T30066]                         kernel_wait+0xab/0x170
[ 1445.753837][T30066]                         call_usermodehelper_exec_work+0xbe/0x230
[ 1445.761759][T30066]                         process_scheduled_works+0xae1/0x17b0
[ 1445.769308][T30066]                         worker_thread+0x8a0/0xda0
[ 1445.775910][T30066]                         kthread+0x70e/0x8a0
[ 1445.781987][T30066]                         ret_from_fork+0x3fc/0x770
[ 1445.788581][T30066]                         ret_from_fork_asm+0x1a/0x30
[ 1445.795436][T30066]      SOFTIRQ-ON-R at:
[ 1445.799701][T30066]                         lock_acquire+0x120/0x360
[ 1445.806209][T30066]                         _raw_read_lock+0x36/0x50
[ 1445.812729][T30066]                         __do_wait+0xde/0x740
[ 1445.818907][T30066]                         do_wait+0x1f8/0x520
[ 1445.824977][T30066]                         kernel_wait+0xab/0x170
[ 1445.831310][T30066]                         call_usermodehelper_exec_work+0xbe/0x230
[ 1445.839222][T30066]                         process_scheduled_works+0xae1/0x17b0
[ 1445.846768][T30066]                         worker_thread+0x8a0/0xda0
[ 1445.853380][T30066]                         kthread+0x70e/0x8a0
[ 1445.859466][T30066]                         ret_from_fork+0x3fc/0x770
[ 1445.866058][T30066]                         ret_from_fork_asm+0x1a/0x30
[ 1445.872826][T30066]      INITIAL USE at:
[ 1445.876903][T30066]                        lock_acquire+0x120/0x360
[ 1445.883323][T30066]                        _raw_write_lock_irq+0xa2/0xf0
[ 1445.890174][T30066]                        copy_process+0x224f/0x3c00
[ 1445.896762][T30066]                        kernel_clone+0x21e/0x840
[ 1445.903173][T30066]                        user_mode_thread+0xdd/0x140
[ 1445.909847][T30066]                        rest_init+0x23/0x300
[ 1445.915918][T30066]                        start_kernel+0x3a9/0x410
[ 1445.922343][T30066]                        x86_64_start_reservations+0x24/0x30
[ 1445.929730][T30066]                        x86_64_start_kernel+0x143/0x1c0
[ 1445.936768][T30066]                        common_startup_64+0x13e/0x147
[ 1445.943626][T30066]      INITIAL READ USE at:
[ 1445.948130][T30066]                             lock_acquire+0x120/0x360
[ 1445.954992][T30066]                             _raw_read_lock+0x36/0x50
[ 1445.961855][T30066]                             __do_wait+0xde/0x740
[ 1445.968372][T30066]                             do_wait+0x1f8/0x520
[ 1445.974799][T30066]                             kernel_wait+0xab/0x170
[ 1445.981495][T30066]                             call_usermodehelper_exec_work+0xbe/0x230
[ 1445.989746][T30066]                             process_scheduled_works+0xae1/0x17b0
[ 1445.997636][T30066]                             worker_thread+0x8a0/0xda0
[ 1446.004580][T30066]                             kthread+0x70e/0x8a0
[ 1446.011008][T30066]                             ret_from_fork+0x3fc/0x770
[ 1446.017949][T30066]                             ret_from_fork_asm+0x1a/0x30
[ 1446.025066][T30066]    }
[ 1446.027750][T30066]    ... key      at: [<ffffffff8de0c058>] tasklist_lock+0x18/0x40
[ 1446.035728][T30066]    ... acquired at:
[ 1446.039703][T30066]    lock_acquire+0x120/0x360
[ 1446.044412][T30066]    _raw_read_lock+0x36/0x50
[ 1446.049101][T30066]    send_sigurg+0x12b/0x420
[ 1446.053714][T30066]    sk_send_sigurg+0x6c/0x2e0
[ 1446.058502][T30066]    queue_oob+0x420/0x4f0
[ 1446.062924][T30066]    unix_stream_sendmsg+0xc3f/0xdf0
[ 1446.068210][T30066]    __sock_sendmsg+0x21c/0x270
[ 1446.073080][T30066]    ____sys_sendmsg+0x505/0x830
[ 1446.078024][T30066]    ___sys_sendmsg+0x21f/0x2a0
[ 1446.082879][T30066]    __sys_sendmsg+0x164/0x220
[ 1446.087647][T30066]    __do_fast_syscall_32+0xb6/0x2b0
[ 1446.092936][T30066]    do_fast_syscall_32+0x34/0x80
[ 1446.097960][T30066]    entry_SYSENTER_compat_after_hwframe+0x84/0x8e
[ 1446.104463][T30066] 
[ 1446.106791][T30066]  -> (&f_owner->lock){....}-{3:3} {
[ 1446.112111][T30066]     INITIAL USE at:
[ 1446.116086][T30066]                      lock_acquire+0x120/0x360
[ 1446.122334][T30066]                      _raw_write_lock_irq+0xa2/0xf0
[ 1446.129011][T30066]                      __f_setown+0x67/0x370
[ 1446.135001][T30066]                      fcntl_dirnotify+0x3fa/0x6a0
[ 1446.141503][T30066]                      do_fcntl+0x6d0/0x1910
[ 1446.147512][T30066]                      do_compat_fcntl64+0x477/0x720
[ 1446.154186][T30066]                      __do_fast_syscall_32+0xb6/0x2b0
[ 1446.161034][T30066]                      do_fast_syscall_32+0x34/0x80
[ 1446.167625][T30066]                      entry_SYSENTER_compat_after_hwframe+0x84/0x8e
[ 1446.175701][T30066]     INITIAL READ USE at:
[ 1446.180147][T30066]                           lock_acquire+0x120/0x360
[ 1446.186837][T30066]                           _raw_read_lock_irqsave+0xaf/0x100
[ 1446.194757][T30066]                           send_sigio+0x38/0x370
[ 1446.201175][T30066]                           dnotify_handle_event+0x169/0x440
[ 1446.208550][T30066]                           fsnotify+0x1814/0x1a80
[ 1446.215060][T30066]                           path_openat+0x171e/0x3830
[ 1446.221841][T30066]                           do_filp_open+0x1fa/0x410
[ 1446.228533][T30066]                           do_sys_openat2+0x121/0x1c0
[ 1446.235383][T30066]                           __ia32_compat_sys_open+0x117/0x140
[ 1446.242926][T30066]                           __do_fast_syscall_32+0xb6/0x2b0
[ 1446.250212][T30066]                           do_fast_syscall_32+0x34/0x80
[ 1446.257234][T30066]                           entry_SYSENTER_compat_after_hwframe+0x84/0x8e
[ 1446.265738][T30066]   }
[ 1446.268326][T30066]   ... key      at: [<ffffffff99b31fa0>] file_f_owner_allocate.__key+0x0/0x20
[ 1446.277270][T30066]   ... acquired at:
[ 1446.281165][T30066]    lock_acquire+0x120/0x360
[ 1446.285870][T30066]    _raw_read_lock_irqsave+0xaf/0x100
[ 1446.291361][T30066]    send_sigio+0x38/0x370
[ 1446.295780][T30066]    kill_fasync+0x24d/0x4d0
[ 1446.300382][T30066]    lease_break_callback+0x26/0x30
[ 1446.305621][T30066]    __break_lease+0x6a2/0x1620
[ 1446.310478][T30066]    do_dentry_open+0x8b7/0x13f0
[ 1446.315415][T30066]    vfs_open+0x3b/0x340
[ 1446.319669][T30066]    path_openat+0x2ee5/0x3830
[ 1446.324435][T30066]    do_filp_open+0x1fa/0x410
[ 1446.329117][T30066]    do_sys_openat2+0x121/0x1c0
[ 1446.333966][T30066]    __ia32_compat_sys_openat+0x131/0x160
[ 1446.339689][T30066]    __do_fast_syscall_32+0xb6/0x2b0
[ 1446.344987][T30066]    do_fast_syscall_32+0x34/0x80
[ 1446.350017][T30066]    entry_SYSENTER_compat_after_hwframe+0x84/0x8e
[ 1446.356519][T30066] 
[ 1446.358842][T30066] -> (&new->fa_lock){...-}-{3:3} {
[ 1446.363965][T30066]    IN-SOFTIRQ-R at:
[ 1446.367937][T30066]                     lock_acquire+0x120/0x360
[ 1446.374093][T30066]                     _raw_read_lock_irqsave+0xaf/0x100
[ 1446.381059][T30066]                     kill_fasync+0x199/0x4d0
[ 1446.387131][T30066]                     sock_wake_async+0x137/0x160
[ 1446.393626][T30066]                     sock_def_readable+0x3bb/0x550
[ 1446.400221][T30066]                     tcp_child_process+0x4d9/0xa60
[ 1446.406821][T30066]                     tcp_v6_rcv+0x1fb8/0x2c30
[ 1446.412982][T30066]                     ip6_protocol_deliver_rcu+0xcb0/0x15c0
[ 1446.420265][T30066]                     ip6_input_finish+0x191/0x370
[ 1446.426777][T30066]                     NF_HOOK+0x30c/0x3a0
[ 1446.432530][T30066]                     ip6_input+0x16a/0x270
[ 1446.438441][T30066]                     NF_HOOK+0x30c/0x3a0
[ 1446.444163][T30066]                     __netif_receive_skb+0xd3/0x380
[ 1446.450864][T30066]                     process_backlog+0x60e/0x14f0
[ 1446.457554][T30066]                     __napi_poll+0xc4/0x360
[ 1446.463629][T30066]                     net_rx_action+0x707/0xe30
[ 1446.469863][T30066]                     handle_softirqs+0x283/0x870
[ 1446.476272][T30066]                     do_softirq+0xec/0x180
[ 1446.482157][T30066]                     __local_bh_enable_ip+0x17d/0x1c0
[ 1446.489002][T30066]                     __dev_queue_xmit+0x1d79/0x3b50
[ 1446.495682][T30066]                     ip6_finish_output2+0x11bc/0x16a0
[ 1446.502557][T30066]                     ip6_xmit+0x107a/0x1840
[ 1446.508549][T30066]                     inet6_csk_xmit+0x473/0x720
[ 1446.514875][T30066]                     __tcp_transmit_skb+0x1db8/0x3680
[ 1446.521729][T30066]                     tcp_write_xmit+0x1862/0x67f0
[ 1446.528240][T30066]                     __tcp_push_pending_frames+0x97/0x360
[ 1446.535437][T30066]                     __tcp_close+0x50c/0xe10
[ 1446.541507][T30066]                     tcp_close+0x28/0x110
[ 1446.547317][T30066]                     inet_release+0x141/0x190
[ 1446.553470][T30066]                     sock_close+0xc0/0x240
[ 1446.559367][T30066]                     __fput+0x449/0xa70
[ 1446.565007][T30066]                     task_work_run+0x1d1/0x260
[ 1446.571251][T30066]                     exit_to_user_mode_loop+0xec/0x110
[ 1446.578194][T30066]                     __do_fast_syscall_32+0x1f4/0x2b0
[ 1446.585046][T30066]                     do_fast_syscall_32+0x34/0x80
[ 1446.591552][T30066]                     entry_SYSENTER_compat_after_hwframe+0x84/0x8e
[ 1446.599541][T30066]    INITIAL USE at:
[ 1446.603438][T30066]                    lock_acquire+0x120/0x360
[ 1446.609515][T30066]                    _raw_write_lock_irq+0xa2/0xf0
[ 1446.616020][T30066]                    fasync_remove_entry+0xf1/0x1c0
[ 1446.622625][T30066]                    sock_fasync+0x85/0xf0
[ 1446.628431][T30066]                    __fput+0x8a2/0xa70
[ 1446.633985][T30066]                    task_work_run+0x1d1/0x260
[ 1446.640137][T30066]                    exit_to_user_mode_loop+0xec/0x110
[ 1446.647012][T30066]                    __do_fast_syscall_32+0x1f4/0x2b0
[ 1446.653792][T30066]                    do_fast_syscall_32+0x34/0x80
[ 1446.660226][T30066]                    entry_SYSENTER_compat_after_hwframe+0x84/0x8e
[ 1446.668120][T30066]    INITIAL READ USE at:
[ 1446.672467][T30066]                         lock_acquire+0x120/0x360
[ 1446.678978][T30066]                         _raw_read_lock_irqsave+0xaf/0x100
[ 1446.686264][T30066]                         kill_fasync+0x199/0x4d0
[ 1446.692679][T30066]                         sock_wake_async+0x137/0x160
[ 1446.699471][T30066]                         sk_wake_async+0x184/0x280
[ 1446.706060][T30066]                         mptcp_destroy_common+0x152/0x320
[ 1446.713287][T30066]                         mptcp_disconnect+0x23d/0x700
[ 1446.720195][T30066]                         inet_shutdown+0x1c4/0x390
[ 1446.726795][T30066]                         __ia32_sys_shutdown+0x13c/0x1a0
[ 1446.733908][T30066]                         __do_fast_syscall_32+0xb6/0x2b0
[ 1446.741018][T30066]                         do_fast_syscall_32+0x34/0x80
[ 1446.747883][T30066]                         entry_SYSENTER_compat_after_hwframe+0x84/0x8e
[ 1446.756217][T30066]  }
[ 1446.758724][T30066]  ... key      at: [<ffffffff99b31fc0>] fasync_insert_entry.__key+0x0/0x20
[ 1446.767419][T30066]  ... acquired at:
[ 1446.771229][T30066]    lock_acquire+0x120/0x360
[ 1446.776038][T30066]    _raw_read_lock_irqsave+0xaf/0x100
[ 1446.781515][T30066]    kill_fasync+0x199/0x4d0
[ 1446.786136][T30066]    evdev_pass_values+0x627/0xbd0
[ 1446.791269][T30066]    evdev_events+0x1e6/0x340
[ 1446.795964][T30066]    input_pass_values+0x288/0x890
[ 1446.801082][T30066]    input_event_dispose+0x330/0x6b0
[ 1446.806389][T30066]    input_inject_event+0x1dd/0x340
[ 1446.811589][T30066]    evdev_write+0x2fc/0x480
[ 1446.816177][T30066]    vfs_write+0x27b/0xb30
[ 1446.820596][T30066]    ksys_write+0x145/0x250
[ 1446.825120][T30066]    __do_fast_syscall_32+0xb6/0x2b0
[ 1446.830501][T30066]    do_fast_syscall_32+0x34/0x80
[ 1446.835556][T30066]    entry_SYSENTER_compat_after_hwframe+0x84/0x8e
[ 1446.842060][T30066] 
[ 1446.844381][T30066] 
[ 1446.844381][T30066] stack backtrace:
[ 1446.850271][T30066] CPU: 1 UID: 0 PID: 30066 Comm: syz.3.6705 Not tainted syzkaller #0 PREEMPT(full) 
[ 1446.850292][T30066] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 07/12/2025
[ 1446.850303][T30066] Call Trace:
[ 1446.850312][T30066]  <TASK>
[ 1446.850321][T30066]  dump_stack_lvl+0x189/0x250
[ 1446.850344][T30066]  ? __pfx_dump_stack_lvl+0x10/0x10
[ 1446.850363][T30066]  ? __pfx__printk+0x10/0x10
[ 1446.850391][T30066]  validate_chain+0x1f05/0x2140
[ 1446.850419][T30066]  __lock_acquire+0xab9/0xd20
[ 1446.850446][T30066]  ? kill_fasync+0x199/0x4d0
[ 1446.850464][T30066]  lock_acquire+0x120/0x360
[ 1446.850488][T30066]  ? kill_fasync+0x199/0x4d0
[ 1446.850511][T30066]  _raw_read_lock_irqsave+0xaf/0x100
[ 1446.850540][T30066]  ? kill_fasync+0x199/0x4d0
[ 1446.850557][T30066]  ? __pfx__raw_read_lock_irqsave+0x10/0x10
[ 1446.850583][T30066]  ? do_raw_spin_lock+0x121/0x290
[ 1446.850606][T30066]  kill_fasync+0x199/0x4d0
[ 1446.850624][T30066]  ? kill_fasync+0x53/0x4d0
[ 1446.850643][T30066]  evdev_pass_values+0x627/0xbd0
[ 1446.850664][T30066]  ? evdev_pass_values+0x641/0xbd0
[ 1446.850683][T30066]  evdev_events+0x1e6/0x340
[ 1446.850699][T30066]  ? evdev_events+0x79/0x340
[ 1446.850715][T30066]  ? input_pass_values+0x8d/0x890
[ 1446.850729][T30066]  input_pass_values+0x288/0x890
[ 1446.850748][T30066]  ? input_handle_event+0x70c/0xf30
[ 1446.850771][T30066]  input_event_dispose+0x330/0x6b0
[ 1446.850801][T30066]  input_inject_event+0x1dd/0x340
[ 1446.850824][T30066]  ? input_inject_event+0xb6/0x340
[ 1446.850847][T30066]  evdev_write+0x2fc/0x480
[ 1446.850863][T30066]  ? futex_private_hash_put+0x245/0x280
[ 1446.850885][T30066]  ? __pfx_evdev_write+0x10/0x10
[ 1446.850902][T30066]  ? bpf_lsm_file_permission+0x9/0x20
[ 1446.850923][T30066]  ? security_file_permission+0x75/0x290
[ 1446.850947][T30066]  ? rw_verify_area+0x255/0x4d0
[ 1446.850967][T30066]  ? __lock_acquire+0xab9/0xd20
[ 1446.850990][T30066]  ? __pfx_evdev_write+0x10/0x10
[ 1446.851007][T30066]  vfs_write+0x27b/0xb30
[ 1446.851032][T30066]  ? __pfx_vfs_write+0x10/0x10
[ 1446.851054][T30066]  ? __fget_files+0x2a/0x420
[ 1446.851070][T30066]  ? __fget_files+0x2a/0x420
[ 1446.851083][T30066]  ? __fget_files+0x3a0/0x420
[ 1446.851096][T30066]  ? __fget_files+0x2a/0x420
[ 1446.851113][T30066]  ksys_write+0x145/0x250
[ 1446.851136][T30066]  ? __pfx_ksys_write+0x10/0x10
[ 1446.851159][T30066]  ? lockdep_hardirqs_on+0x9c/0x150
[ 1446.851177][T30066]  __do_fast_syscall_32+0xb6/0x2b0
[ 1446.851198][T30066]  do_fast_syscall_32+0x34/0x80
[ 1446.851217][T30066]  entry_SYSENTER_compat_after_hwframe+0x84/0x8e
[ 1446.851238][T30066] RIP: 0023:0xf705e539
[ 1446.851265][T30066] Code: 03 74 b4 01 10 07 03 74 b0 01 10 08 03 74 d8 01 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 51 52 55 89 e5 0f 34 cd 80 <5d> 5a 59 c3 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90
[ 1446.851281][T30066] RSP: 002b:00000000f544e55c EFLAGS: 00000206 ORIG_RAX: 0000000000000004
[ 1446.851298][T30066] RAX: ffffffffffffffda RBX: 0000000000000006 RCX: 0000000080000040
[ 1446.851309][T30066] RDX: 0000000000002250 RSI: 0000000000000000 RDI: 0000000000000000
[ 1446.851320][T30066] RBP: 0000000000000000 R08: 0000000000000000 R09: 0000000000000000
[ 1446.851330][T30066] R10: 0000000000000000 R11: 0000000000000206 R12: 0000000000000000
[ 1446.851339][T30066] R13: 0000000000000000 R14: 0000000000000000 R15: 0000000000000000
[ 1446.851355][T30066]  </TASK>
[ 1448.107735][T17815] usb 2-1: USB disconnect, device number 18