last executing test programs:

8m25.490764957s ago: executing program 1 (id=2539):
r0 = openat$snapshot(0xffffff9c, 0x0, 0x133c80, 0x0)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
prlimit64(0x0, 0xe, &(0x7f0000000000)={0x5, 0x1000086}, 0x0)
mkdirat(0xffffffffffffff9c, &(0x7f0000002040)='./file0\x00', 0x0)
mkdirat(0xffffffffffffff9c, &(0x7f0000000340)='./file0\x00', 0x0)
mkdir(&(0x7f0000000300)='./bus\x00', 0x0)
mount$overlay(0x0, &(0x7f00000000c0)='./bus\x00', &(0x7f0000000080), 0x0, &(0x7f0000000340)={[{@workdir={'workdir', 0x3d, './bus'}}, {@lowerdir={'lowerdir', 0x3d, './file0'}}, {@upperdir={'upperdir', 0x3d, './file1'}}]})
chdir(&(0x7f00000003c0)='./bus\x00')
mknod$loop(&(0x7f0000000140)='./file0\x00', 0xfff, 0x0)
r1 = openat(0xffffffffffffff9c, &(0x7f0000000300)='./file0\x00', 0x24c01, 0x0)
r2 = socket(0x10, 0x803, 0x0)
sendmsg$FOU_CMD_ADD(r2, &(0x7f0000000200)={0x0, 0x0, &(0x7f00000001c0)={0x0, 0x14}, 0x1, 0x0, 0x0, 0x20008000}, 0x4000)
getsockname$packet(r2, &(0x7f0000000740)={0x11, 0x0, <r3=>0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000900)=0x14)
sendmsg$nl_route(0xffffffffffffffff, &(0x7f0000000140)={0x0, 0x0, &(0x7f0000000040)={&(0x7f0000000440)=ANY=[@ANYBLOB="7f60000010", @ANYBLOB="0000000014110000180012800b000100697036746e6c00000800028004001300"], 0x38}}, 0x0)
sendmsg$nl_route(0xffffffffffffffff, &(0x7f0000000280)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000580)=ANY=[@ANYBLOB="38000000100001040000a1d79d3f0000000000", @ANYRES32=r3, @ANYBLOB="000100008e840400180012800b000100697036746e6c00000800028004001300"], 0x38}, 0x1, 0x0, 0x0, 0x40001}, 0x20004090)
io_setup(0x202, &(0x7f0000000200)=<r4=>0x0)
io_submit(r4, 0x0, &(0x7f0000000cc0)=[&(0x7f0000000380)={0x0, 0x0, 0x0, 0x6, 0x5, r1, &(0x7f0000000500)="0acdd4acaa09538c2a6522cc83d1309c1d8f40ff993ec9b902e5b14333481d725b3608c014064afca7d3cc2224dba93462e5af91769b8ee2519a7ebf7348e7722542bceaa8aa43152731fc7bbb76ed993310f920f56573a66532e34fea2e59d59d3f6b5f5ef9ecc2", 0x0, 0x9, 0x0, 0x1}, &(0x7f0000000480)={0x0, 0x0, 0x0, 0x1, 0x8, r0, &(0x7f00000005c0)="5ae1fc3a01580e7ef7cbb1b97212abfc1387354c086480d6572fc3b885b82c281428edb829ce6f8616d018dbd52317727d687385603cb4f3ca90f7c368a7180ce26c94d05514088bdb222fa26c55992277b81ffb1b4f556837272c38367016f05402d5ea55b365e7fb3e54181e776f5c64be9fabb7382e03b6e2899c6fbb41f3efb6006d1d02ae86c178e8cb2470dd36aba9d1a585d33be1a5a4eaefd605ef8a88ee6319cc003b116f3ef15828bb9e2bab92d10870f16afd2fcf27bb092ad565156da3d63dd0411067e274ac9fb3", 0x0, 0x1, 0x0, 0x1, r1}, &(0x7f0000000780)={0x0, 0x0, 0x0, 0x3, 0x3, 0xffffffffffffffff, &(0x7f00000006c0)="6d013ac0f794b31e9724d13353101165ad72c0460b4d0e47677c2e9a025b74cf65d4ce5ea23f60952cbf9b16993cbfb31952f4a64b6dbd3617e3aa928a7651c794c94da484f61d08a98cc4b3ed4a25266ace69b840946c2db47d6bbb648546f9de31c0f29abcc3915e31d054", 0x0, 0xffffffff, 0x0, 0x3, r1}, &(0x7f0000000800)={0x0, 0x0, 0x0, 0x5, 0x9, r1, &(0x7f00000007c0), 0x0, 0x0, 0x0, 0x0, r1}, &(0x7f0000000880)={0x0, 0x0, 0x0, 0x2, 0x6, r1, &(0x7f0000000840)="7baf2c60841ff071ed36fe634dbe9264b41f0f", 0x0, 0x0, 0x0, 0x3, r1}, &(0x7f00000008c0)={0x0, 0x0, 0x0, 0x3, 0x5, r0, &(0x7f0000000940)="48ddc19366a8cc0e42e770a8ee2a5f9507103cea21414cffdaa71213534817369da5a62529b9260722ced1cf85ae95e4e689c737b7f2ab9156cbfed72f46536d026e9c5f56faa06500487d8baae1722792e6b7cc1c2f03a5e8", 0x0, 0x0, 0x0, 0x3, r1}, &(0x7f0000000a80)={0x0, 0x0, 0x0, 0x0, 0x0, r1, &(0x7f00000009c0)="3abb5d10eb42660a418fa364a827b43774dc5f1d45fda9a352d0d65621c07672b2493d4a60fcdc98e7670f015054a66e16e2997661276e618f2dd53c8898dc671bee6fe3625e85b26fd6959d492eca059597ab4c28a75d4cefb74f937db96785f683970a02ca9ce65602d8d4e645324c2025e375d5131b93063f79bd4ef3b151983e640386930feff82bd176c8de1c19a3390a93bbe547d7fa31dc8d7861074b4d596032a5289646", 0x0, 0x1, 0x0, 0x1}, &(0x7f0000000b40)={0x0, 0x0, 0x0, 0x0, 0x0, r2, &(0x7f0000000ac0)="035ecdcd8d4b5bbbf3f2cf1f63d6ecd896bbb2e68cffd223773a146843f148b4e1fbd3563a77635362201d0de64b208ec360b975a9390e01ab3e677af826847e25be5ae2980af395726d8bc00aafd074fb6be69a24faa6b6937b5bd602fd4e4701be513678", 0x0, 0x840, 0x0, 0x6cd1df316495b545, r1}, &(0x7f0000000c80)={0x0, 0x0, 0x0, 0x0, 0x3, r1, &(0x7f0000000b80)="4f35ee24243da0d119fb5720e63b7fe59bf22808bec3833f868de4cdcc3e9f684a559fc3a33c1d9566fcadf8bc85ad82c39e4bff56339fdf6ecd7779e4f1770b7c9dc2297b80f1e3aa24b8c3404298708fa403430b581c22335f73f974133ec4fe10918d9c4133249d67f4c5c8000e3434b6f259080569f38a9776ec45b97eb12aa1af2fba7c89950df1892c62945b97a515331b1f3e7efeebea03c91c2aa57949a1f33a6f65c01a8466aa683b21002a8a1913c89e3c161f66f3a60ce3aba7aa60013907e0f96f020ad0a0cd0a", 0x0, 0x1, 0x0, 0x1}])
sched_setscheduler(0x0, 0x2, &(0x7f0000000180)=0x5)
sched_setaffinity(0x0, 0x0, 0x0)
r5 = syz_open_dev$MSR(&(0x7f00000000c0), 0x0, 0x0)
read$msr(r5, &(0x7f0000019680)=""/102392, 0x18ff8)
r6 = socket$can_j1939(0x1d, 0x2, 0x7)
getsockopt$SO_J1939_ERRQUEUE(r6, 0x6b, 0x4, &(0x7f0000000180), &(0x7f00000001c0)=0x4)
socket$inet6_tcp(0xa, 0x1, 0x0)
r7 = openat$rdma_cm(0xffffffffffffff9c, &(0x7f00000004c0), 0x2, 0x0)
write$RDMA_USER_CM_CMD_CREATE_ID(r7, &(0x7f00000000c0)={0x0, 0x18, 0xfa00, {0x4, &(0x7f0000000040)={<r8=>0xffffffffffffffff}, 0x2, 0x6}}, 0x20)
write$RDMA_USER_CM_CMD_SET_OPTION(r7, &(0x7f00000002c0)={0xe, 0x18, 0xfa00, @id_resuseaddr={&(0x7f0000000280)=0x1, r8, 0x0, 0x1, 0x4}}, 0x20)
ioctl$SNDRV_CTL_IOCTL_PCM_PREFER_SUBDEVICE(0xffffffffffffffff, 0x40045532, &(0x7f0000000400)=0x4)
write$RDMA_USER_CM_CMD_LISTEN(r7, &(0x7f0000000300)={0x7, 0x8, 0xfa00, {r8, 0x1000}}, 0x10)
write$RDMA_USER_CM_CMD_MIGRATE_ID(r1, &(0x7f0000000100)={0x12, 0x10, 0xfa00, {&(0x7f0000000240), r8, r1}}, 0x18)

8m24.696775833s ago: executing program 1 (id=2541):
ioctl$VIDIOC_QUERYMENU(0xffffffffffffffff, 0xc02c5625, &(0x7f0000000180)={0x8000, 0xc5fb, @value=0x3})
memfd_create(&(0x7f0000000000)='\xf3e\t\x9f\x918\xc0y\x01c\x1fnux\x00sV\ad\xb0l \xfd\xd7\x8e\x7f\x89\xb8\xc5;~\x04\x03~K\xfbP\x84=\xfa\x81\f\x1et\x10\x0e\xcf^9\xbe\\', 0x0)
r0 = openat$tun(0xffffffffffffff9c, &(0x7f0000000240), 0x0, 0x0)
socketpair$unix(0x1, 0x3, 0x0, &(0x7f0000000080)={<r1=>0xffffffffffffffff, <r2=>0xffffffffffffffff})
connect$unix(r1, &(0x7f000057eff8)=@abs, 0x6e)
sendmmsg$unix(r2, &(0x7f00000bd000), 0x318, 0x0)
recvmmsg(r1, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
sendmsg(r2, &(0x7f0000000180)={0x0, 0x0, 0x0}, 0x0)
sched_setattr(0x0, &(0x7f0000000100)={0x38, 0x5, 0x0, 0x0, 0x0, 0xb49, 0x9, 0x8, 0x0, 0x3}, 0x0)
sendto$inet6(0xffffffffffffffff, &(0x7f0000000040)='T', 0x1, 0x8910, 0x0, 0x0)
r3 = socket$inet(0x2, 0x3, 0x2)
setsockopt$inet_mreqsrc(r3, 0x0, 0x27, &(0x7f0000000280)={@private=0xa010103, @local, @remote}, 0xc)
r4 = socket$nl_generic(0x10, 0x3, 0x10)
sendmsg$L2TP_CMD_TUNNEL_CREATE(r4, &(0x7f0000000240)={0x0, 0x0, &(0x7f0000000380)={&(0x7f0000000040)=ANY=[@ANYBLOB='X\x00\x00\x00', @ANYRES16, @ANYBLOB="1709000000000000000001000000050007000000000008000900fffffffe060002000000000008000a000100000008001800ac1414aa08001900e0"], 0x58}}, 0x0)
r5 = socket$key(0xf, 0x3, 0x2)
sendmsg$key(r5, 0x0, 0xc00c)
ioctl$TUNSETIFF(r0, 0x400454ca, &(0x7f0000000040)={'syzkaller0\x00', 0x7101})
r6 = syz_open_dev$vbi(&(0x7f0000000000), 0x0, 0x2)
ioctl$VIDIOC_S_INPUT(r6, 0xc0045627, &(0x7f00000000c0)=0x3)
openat$vimc0(0xffffffffffffff9c, &(0x7f0000000140), 0x2, 0x0)
ioctl$VIDIOC_SUBDEV_QUERY_DV_TIMINGS(r6, 0x80845663, &(0x7f00000002c0))
ioctl$F2FS_IOC_RELEASE_VOLATILE_WRITE(r5, 0xf504, 0x0)
syz_open_dev$media(&(0x7f00000006c0), 0x4007, 0x0)
ioctl$BTRFS_IOC_INO_LOOKUP_USER(0xffffffffffffffff, 0x7c81, 0x0)
socket$kcm(0x2, 0x5, 0x84)
membarrier(0x10, 0x0)
r7 = socket$alg(0x26, 0x5, 0x0)
syz_clone(0x5288fbd8d4bddb5e, 0x0, 0x0, 0x0, 0x0, 0x0)
bind$alg(r7, &(0x7f0000000000)={0x26, 'skcipher\x00', 0x0, 0x0, 'cbc-twofish-3way\x00'}, 0x58)

8m21.336706019s ago: executing program 1 (id=2548):
r0 = openat$ptmx(0xffffffffffffff9c, &(0x7f00000000c0), 0x121301, 0x0)
write$binfmt_aout(0xffffffffffffffff, &(0x7f0000000180)=ANY=[@ANYRESHEX, @ANYRES16, @ANYRES64=r0, @ANYRES16=0x0, @ANYRES16=r0, @ANYRES32], 0xff2e)
socket$inet_mptcp(0x2, 0x1, 0x106)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000640)=0x2)
sched_setaffinity(0x0, 0x8, &(0x7f0000000280)=0x2)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x1, 0x0)
r1 = syz_open_dev$MSR(&(0x7f00000001c0), 0x0, 0x0)
read$msr(r1, &(0x7f0000019680)=""/102392, 0x18ff8)
r2 = socket$inet6(0xa, 0x2, 0x0)
r3 = socket$nl_generic(0x10, 0x3, 0x10)
r4 = openat$comedi(0xffffffffffffff9c, &(0x7f0000000080)='/dev/comedi3\x00', 0x400, 0x0)
ioctl$COMEDI_DEVCONFIG(r4, 0x40946400, 0x0)
ioctl$COMEDI_DEVCONFIG(r4, 0x40946400, &(0x7f00000000c0)={'adq12b\x00', [0x4f27, 0x2, 0x10000, 0x4, 0xe, 0x0, 0x3, 0x7, 0xa, 0x1, 0x8001, 0x4, 0xff6b, 0x801, 0xfffffffe, 0xb4c, 0x0, 0x2, 0x3, 0x40000003, 0x89, 0xcaa7, 0x201ff, 0x20001e58, 0xb, 0xe6b, 0x3c, 0x8, 0x65c, 0x0, 0xfffffff8]})
r5 = socket$nl_route(0x10, 0x3, 0x0)
sendmsg$nl_route(0xffffffffffffffff, &(0x7f0000000580)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000100)=ANY=[@ANYBLOB="4000000010004b0400000000000000007a000000", @ANYRES32=0x0, @ANYBLOB="0000000000000000200012800b0001006272696467650000100002800c0021"], 0x40}, 0x1, 0x0, 0x0, 0x34041043}, 0x0)
sendmsg$nl_route(r5, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000080)={&(0x7f0000000100)=ANY=[@ANYBLOB="500000001000010425bbe5ad600027842cf52300", @ANYRES32=0x0, @ANYBLOB="0000000000008000280012800a00010076786c616e00"], 0x50}}, 0x4008840)
syz_genetlink_get_family_id$ipvs(&(0x7f0000000f40), r3)
sendmmsg(r2, &(0x7f00000092c0), 0x4ff, 0x0)
listen(0xffffffffffffffff, 0x5)
ioctl$SNDRV_TIMER_IOCTL_SELECT(0xffffffffffffffff, 0x40345410, 0x0)
sendmsg$nl_route_sched(0xffffffffffffffff, &(0x7f00000007c0)={0x0, 0x0, 0x0}, 0x0)
r6 = socket$inet6_sctp(0xa, 0x1, 0x84)
setsockopt(r6, 0x84, 0x81, &(0x7f0000000280)="1a00000002000000", 0x8)
setsockopt$inet_sctp6_SCTP_AUTH_KEY(r6, 0x84, 0x17, &(0x7f0000000a40)={0x0, 0x10, 0x2, "8c13"}, 0xa)
setsockopt$inet_sctp_SCTP_SOCKOPT_BINDX_ADD(r6, 0x84, 0x64, &(0x7f0000000040)=[@in6={0xa, 0x4e23, 0x401, @loopback}], 0x1c)
openat$ubi_ctrl(0xffffffffffffff9c, &(0x7f0000000040), 0x521281, 0x0)

8m20.418572301s ago: executing program 1 (id=2551):
socket$nl_generic(0x10, 0x3, 0x10)
landlock_create_ruleset(&(0x7f0000000500)={0x21c1, 0x3, 0x3}, 0x18, 0x0)
r0 = socket$nl_xfrm(0x10, 0x3, 0x6)
mknod$loop(&(0x7f0000000140)='./file0\x00', 0xfff, 0x1)
sendmsg$nl_route(0xffffffffffffffff, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000000500)={&(0x7f0000000040)=@newlink={0x3c, 0x10, 0x439, 0x0, 0x0, {0x0, 0x0, 0x0, 0x0, 0x9801}, [@IFLA_LINKINFO={0x1c, 0x12, 0x0, 0x1, @ipvlan={{0xb}, {0xc, 0x2, 0x0, 0x1, [@IFLA_IPVLAN_MODE={0x6, 0x1, 0x3}]}}}]}, 0x3c}, 0x1, 0x0, 0x0, 0x80}, 0x8000)
r1 = openat$fuse(0xffffffffffffff9c, &(0x7f00000001c0), 0x42, 0x0)
mount$fuse(0x0, &(0x7f00000020c0)='./file0\x00', &(0x7f0000002100), 0x0, &(0x7f0000002140)=ANY=[@ANYBLOB='fd=', @ANYRESHEX=r1, @ANYBLOB=',rootmode=000000000100000,user_id=', @ANYRESDEC=0x0, @ANYBLOB=',group_id=', @ANYRESDEC=0x0])
read$FUSE(r1, &(0x7f0000006300)={0x2020, 0x0, <r2=>0x0}, 0x2020)
write$FUSE_INIT(r1, &(0x7f0000000040)={0x50, 0x0, r2, {0x7, 0x1f, 0x20000000, 0x4041}}, 0x50)
r3 = socket$inet6_sctp(0xa, 0x1, 0x84)
setsockopt$inet_sctp6_SCTP_EVENTS(r3, 0x84, 0x24, 0x0, 0x0)
syz_fuse_handle_req(r1, &(0x7f00000021c0)="0000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000300000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000e00000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000800000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000dc4e00000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000400000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000ba045abcd5dfc67d00000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000081000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000230000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000050000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000a0000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000090000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000dc000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000008000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000209bfd66eea210560000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000020000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000003dc150f4000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000400000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000030000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000f50000000000000000000000000000000000000000000000000000000000000000000000000000000000c6d90000000000001354c4b6000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000f8000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000001a00", 0x2000, &(0x7f00000062c0)={0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, &(0x7f0000000300)={0x20}, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0})
r4 = openat(0xffffffffffffff9c, &(0x7f000000c380)='./file0\x00', 0x80101, 0x0)
r5 = syz_open_dev$loop(&(0x7f0000000000), 0x4, 0x2080)
ioctl$LOOP_SET_FD(r5, 0x4c00, r4)
ioctl$LOOP_SET_FD(r5, 0x4c00, r5)
dup2(r4, r1)
r6 = socket$inet6(0xa, 0x80002, 0x0)
bpf$PROG_LOAD(0x5, &(0x7f000000e000)={0x1, 0x0, 0x0, &(0x7f0000003ff6)='GPL\x00', 0x5, 0xc3, &(0x7f000000cf3d)=""/195, 0x41000, 0x0, '\x00', 0x0, @fallback=0x2d, 0xffffffffffffffff, 0x8, &(0x7f0000000000), 0x8}, 0x94)
setsockopt$SO_ATTACH_FILTER(r6, 0x1, 0x33, 0x0, 0x0)
bpf$MAP_CREATE(0x0, 0x0, 0x0)
bpf$MAP_UPDATE_BATCH(0x1a, 0x0, 0x0)
write$dsp(0xffffffffffffffff, 0x0, 0x0)
ioctl$UI_GET_SYSNAME(r4, 0x8040552c, &(0x7f0000000180))
ioctl$SNDCTL_DSP_SUBDIVIDE(0xffffffffffffffff, 0xc0045009, &(0x7f0000000100)=0xfffffff7)
sendmsg$nl_xfrm(r0, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000080)={&(0x7f0000000040)=@getspdinfo={0x14, 0x25, 0x1, 0x70bd26, 0x25dfdbfc}, 0x14}, 0x1, 0x0, 0x0, 0x4000000}, 0x4000000)
r7 = openat$rfkill(0xffffffffffffff9c, &(0x7f0000000040), 0x801, 0x0)
write$rfkill(r7, &(0x7f0000000080)={0x0, 0x1, 0x3, 0x3, 0xfd}, 0x8)
write$rfkill(r7, &(0x7f0000000340)={0x6, 0x0, 0x3, 0x0, 0x1}, 0x8)
ioctl$SYNC_IOC_FILE_INFO(r4, 0xc0383e04, &(0x7f0000000200)={""/32, 0x0, 0x0, 0x7, 0x0, &(0x7f0000000540)=[{}, {}, {}, {}, {}, {}, {}]})

8m20.131314034s ago: executing program 1 (id=2552):
r0 = socket$nl_generic(0x10, 0x3, 0x10)
r1 = socket$nl_generic(0x10, 0x3, 0x10)
r2 = syz_genetlink_get_family_id$nl80211(&(0x7f00000001c0), 0xffffffffffffffff)
ioctl$sock_SIOCGIFINDEX_80211(r0, 0x8933, &(0x7f0000000040)={'wlan0\x00', <r3=>0x0})
sendmsg$NL80211_CMD_CONTROL_PORT_FRAME(r1, &(0x7f00000006c0)={0x0, 0x0, &(0x7f0000000080)={&(0x7f000009e680)=ANY=[@ANYBLOB="84000000", @ANYRES16=r2, @ANYBLOB="010000000000000000", @ANYRES32=r3, @ANYBLOB="0a0006000802110000010000060066008e880000520033"], 0x84}, 0x1, 0x0, 0x0, 0x4000}, 0x0)

8m19.3644391s ago: executing program 1 (id=2555):
socketpair$unix(0x1, 0x3, 0x0, &(0x7f0000000080)={<r0=>0xffffffffffffffff, <r1=>0xffffffffffffffff})
connect$unix(r0, &(0x7f000057eff8)=@abs, 0x6e)
sendmmsg$unix(r1, &(0x7f00000bd000), 0x318, 0x0)
recvmmsg(r0, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
sched_setattr(0x0, 0x0, 0x0)
openat$6lowpan_control(0xffffffffffffff9c, &(0x7f0000000180), 0x2, 0x0)
madvise(&(0x7f0000a93000/0x4000)=nil, 0x4000, 0x80000000e)
mlock(&(0x7f0000000000/0x800000)=nil, 0x800000)
sendmsg(r0, 0x0, 0x400c040)
mremap(&(0x7f000054e000/0x1000)=nil, 0x1000, 0x3000, 0x3, &(0x7f0000530000/0x3000)=nil)
ioctl$TCSETS(0xffffffffffffffff, 0x40045431, 0x0)
r2 = gettid()
r3 = syz_open_procfs(0x0, &(0x7f0000000240)='clear_refs\x00')
writev(r3, &(0x7f0000000100)=[{&(0x7f0000000000)='4', 0x1}], 0x1)
mbind(&(0x7f0000001000/0x800000)=nil, 0x800000, 0x1, 0x0, 0x7, 0x2)
syz_clone(0x91, 0x0, 0x0, 0x0, 0x0, 0x0)
tkill(r2, 0x16)
move_pages(r2, 0x1, &(0x7f0000000240)=[&(0x7f000062e000/0x3000)=nil], 0x0, 0x0, 0x2)
syz_kvm_setup_cpu$x86(0xffffffffffffffff, 0xffffffffffffffff, &(0x7f0000036000/0x18000)=nil, 0x0, 0x0, 0x49, 0x0, 0x0)
syz_init_net_socket$nfc_llcp(0x27, 0x1, 0x1)
bpf$PROG_LOAD(0x5, &(0x7f00000002c0)={0x17, 0xc, 0x0, 0x0, 0x0, 0x0, 0x0, 0x41000, 0x6c, '\x00', 0x0, @fallback=0x1c, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0}, 0x94)
r4 = syz_open_dev$dri(&(0x7f0000000080), 0x1, 0x0)
ioctl$DRM_IOCTL_SET_CLIENT_CAP(r4, 0x4010640d, &(0x7f0000000000)={0x3, 0x2})
r5 = syz_open_dev$dri(&(0x7f0000000000), 0x1f, 0x0)
ioctl$DRM_IOCTL_MODE_GETRESOURCES(r5, 0xc04064a0, &(0x7f0000000200)={0x0, &(0x7f0000000140)=[<r6=>0x0], 0x0, 0x0, 0x0, 0x1})
ioctl$DRM_IOCTL_MODE_OBJ_GETPROPERTIES(r5, 0xc02064b9, &(0x7f0000000280)={&(0x7f0000000400)=[0x0, 0x0], &(0x7f0000000280), 0x2, r6})

8m19.162619086s ago: executing program 32 (id=2555):
socketpair$unix(0x1, 0x3, 0x0, &(0x7f0000000080)={<r0=>0xffffffffffffffff, <r1=>0xffffffffffffffff})
connect$unix(r0, &(0x7f000057eff8)=@abs, 0x6e)
sendmmsg$unix(r1, &(0x7f00000bd000), 0x318, 0x0)
recvmmsg(r0, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
sched_setattr(0x0, 0x0, 0x0)
openat$6lowpan_control(0xffffffffffffff9c, &(0x7f0000000180), 0x2, 0x0)
madvise(&(0x7f0000a93000/0x4000)=nil, 0x4000, 0x80000000e)
mlock(&(0x7f0000000000/0x800000)=nil, 0x800000)
sendmsg(r0, 0x0, 0x400c040)
mremap(&(0x7f000054e000/0x1000)=nil, 0x1000, 0x3000, 0x3, &(0x7f0000530000/0x3000)=nil)
ioctl$TCSETS(0xffffffffffffffff, 0x40045431, 0x0)
r2 = gettid()
r3 = syz_open_procfs(0x0, &(0x7f0000000240)='clear_refs\x00')
writev(r3, &(0x7f0000000100)=[{&(0x7f0000000000)='4', 0x1}], 0x1)
mbind(&(0x7f0000001000/0x800000)=nil, 0x800000, 0x1, 0x0, 0x7, 0x2)
syz_clone(0x91, 0x0, 0x0, 0x0, 0x0, 0x0)
tkill(r2, 0x16)
move_pages(r2, 0x1, &(0x7f0000000240)=[&(0x7f000062e000/0x3000)=nil], 0x0, 0x0, 0x2)
syz_kvm_setup_cpu$x86(0xffffffffffffffff, 0xffffffffffffffff, &(0x7f0000036000/0x18000)=nil, 0x0, 0x0, 0x49, 0x0, 0x0)
syz_init_net_socket$nfc_llcp(0x27, 0x1, 0x1)
bpf$PROG_LOAD(0x5, &(0x7f00000002c0)={0x17, 0xc, 0x0, 0x0, 0x0, 0x0, 0x0, 0x41000, 0x6c, '\x00', 0x0, @fallback=0x1c, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0}, 0x94)
r4 = syz_open_dev$dri(&(0x7f0000000080), 0x1, 0x0)
ioctl$DRM_IOCTL_SET_CLIENT_CAP(r4, 0x4010640d, &(0x7f0000000000)={0x3, 0x2})
r5 = syz_open_dev$dri(&(0x7f0000000000), 0x1f, 0x0)
ioctl$DRM_IOCTL_MODE_GETRESOURCES(r5, 0xc04064a0, &(0x7f0000000200)={0x0, &(0x7f0000000140)=[<r6=>0x0], 0x0, 0x0, 0x0, 0x1})
ioctl$DRM_IOCTL_MODE_OBJ_GETPROPERTIES(r5, 0xc02064b9, &(0x7f0000000280)={&(0x7f0000000400)=[0x0, 0x0], &(0x7f0000000280), 0x2, r6})

3m39.001795812s ago: executing program 3 (id=3280):
openat$kvm(0xffffffffffffff9c, 0x0, 0x0, 0x0)
socketpair$unix(0x1, 0x3, 0x0, &(0x7f0000000080)={<r0=>0xffffffffffffffff, <r1=>0xffffffffffffffff})
connect$unix(r0, &(0x7f000057eff8)=@abs={0x0, 0x0, 0x4e20}, 0x6e)
sendmmsg$unix(r1, &(0x7f00000bd000), 0x318, 0x0)
recvmmsg(r0, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
write$RDMA_USER_CM_CMD_CREATE_ID(r1, 0x0, 0x0)
sched_setattr(0x0, &(0x7f0000000100)={0x38, 0x5, 0x0, 0x1, 0x0, 0x0, 0x0, 0xfffffffffffffffe, 0xfffffffc}, 0x0)
r2 = openat$tun(0xffffff9c, &(0x7f0000000040), 0x0, 0x0)
ioctl$TUNSETIFF(r2, 0x400454ca, &(0x7f0000002280)={'pim6reg0\x00', 0x2102})
ioctl$TUNSETQUEUE(r2, 0x400454d9, &(0x7f0000000080)={'pimreg1\x00', 0x400})
ioctl$TUNATTACHFILTER(r2, 0x401054d5, &(0x7f0000000000)={0x0, 0x0})
ioctl$TUNSETQUEUE(r2, 0x400454d9, &(0x7f00000000c0)={'dvmrp1\x00', 0x600})
r3 = socket$netlink(0x10, 0x3, 0xa)
r4 = dup(r3)
r5 = open(&(0x7f0000000040)='./file1\x00', 0x1850c2, 0x14c)
ftruncate(r5, 0x200004)
bpf$MAP_CREATE(0x0, &(0x7f00000000c0)=ANY=[], 0x48)
openat$kvm(0xffffffffffffff9c, &(0x7f0000000100), 0x400, 0x0)
ioctl$KVM_CREATE_IRQCHIP(0xffffffffffffffff, 0xae60)
sendfile(r4, r5, 0x0, 0x80001d00c0d1)
openat$proc_mixer(0xffffffffffffff9c, 0x0, 0x262103, 0x0)
syz_usb_connect$cdc_ncm(0x3, 0xb9, &(0x7f0000000000)=ANY=[@ANYBLOB="12010000020000082505a1a44000010203010902a700020100d0000904000001020d0000052406000105240000000d240f0100000000000000008006241a030002052401007f05241c", @ANYRESHEX], 0x0)

3m34.754540679s ago: executing program 3 (id=3293):
r0 = openat$tun(0xffffffffffffff9c, &(0x7f0000000240), 0x0, 0x0)
ioctl$TUNSETIFF(r0, 0x400454ca, &(0x7f0000000040)={'syzkaller0\x00', 0x7101})
r1 = socket(0x400000000010, 0x3, 0x0)
r2 = socket$unix(0x1, 0x1, 0x0)
ioctl$sock_SIOCGIFINDEX(r2, 0x8933, &(0x7f0000000100)={'syzkaller0\x00', <r3=>0x0})
sendmsg$nl_route_sched(r1, &(0x7f00000012c0)={0x0, 0x0, &(0x7f0000000080)={&(0x7f00000005c0)=@newqdisc={0x38, 0x24, 0x4ee4e6a52ff56541, 0x70bd2a, 0xffffffff, {0x0, 0x0, 0x0, r3, {0x0, 0xfff1}, {0xffff, 0xffff}}, [@qdisc_kind_options=@q_multiq={{0xb}, {0x8}}]}, 0x38}}, 0x0)
ioctl$sock_ipv4_tunnel_SIOCADDTUNNEL(r1, 0x89f1, &(0x7f00000000c0)={'ip_vti0\x00', &(0x7f00000002c0)={'tunl0\x00', <r4=>r3, 0x1, 0x10, 0xff, 0x9, {{0x2e, 0x4, 0x3, 0x24, 0xb8, 0x66, 0x0, 0x5, 0x2f, 0x0, @dev={0xac, 0x14, 0x14, 0x15}, @rand_addr=0x64010102, {[@end, @timestamp={0x44, 0x1c, 0x65, 0x0, 0x8, [0xfb, 0x200, 0x697, 0x3, 0x2, 0x10]}, @rr={0x7, 0x1f, 0x89, [@dev={0xac, 0x14, 0x14, 0x22}, @rand_addr=0x64010100, @private=0xa010100, @loopback, @empty, @multicast2, @initdev={0xac, 0x1e, 0x0, 0x0}]}, @ra={0x94, 0x4}, @generic={0x2, 0x9, "684965e8069939"}, @generic={0x89, 0xd, "fa3d14b20da73201747acd"}, @rr={0x7, 0xf, 0xfc, [@broadcast, @initdev={0xac, 0x1e, 0x0, 0x0}, @private=0xa010101]}, @timestamp_prespec={0x44, 0x3c, 0xe6, 0x3, 0xa, [{@broadcast, 0x3}, {@rand_addr=0x64010101, 0x9a8}, {@broadcast, 0x8}, {@multicast1}, {@empty, 0x2}, {@broadcast}, {@dev={0xac, 0x14, 0x14, 0x1a}, 0x6}]}, @end]}}}}})
sendmsg$nl_route_sched(r1, &(0x7f0000000140)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000180)=@gettfilter={0x44, 0x2e, 0x10, 0x71bd2c, 0x25dfdbfd, {0x0, 0x0, 0x0, r4, {0x4, 0x10}, {0xc, 0xfff2}, {0xfff2, 0x2}}, [{0x8, 0xb, 0xa20b}, {0x8, 0xb, 0x1a6}, {0x8, 0xb, 0x416}, {0xfffffffffffffec0, 0xb, 0x5}]}, 0x44}}, 0x0)

3m34.556692308s ago: executing program 3 (id=3294):
r0 = syz_open_dev$vivid(&(0x7f0000000080), 0x1, 0x2)
writev(r0, &(0x7f0000000500)=[{&(0x7f00000000c0)="810e874e8dd79f42bfa6287d3e58e15b585cb30149c8b456332da16862f3341381c69427d0e21d6de581f7b4e8a227b150adaed34202ba57e024c1086d5ffb8e1fcc18fd7c0ae50f0324b73057fe531a7092f2b96f1f73a2111e250b774b96b453a60203274284e4d6cc85e4943a69c26cdee28d5f8a853d577f6a914d82532284af5fb78214c38c6d0e80af923551a248d9d02f41122fd6046b88e1dbebab3aec741e4e61535da83e0f53757393b0bae5120ef07deedfc1bbb21021d0f5882c051f36aa16137699d070e2bef30ac67a55f1c182c6ac0a7086444ce7ffc3f67ba4d8432b3acb592fafc09cf8e241563a1c", 0xf1}, {&(0x7f0000000340)="5e8b2f9c3df0366531ba4334a8363ee8b48b1a5318cff985f52ed5448a317930ba5e4eb66bff9cd7cff3561e9b9256b6060f95196c4223d570795901794e1c3f7b0830b381215504a3333555391639cc79e73092b80230b361f6d8f11549ca230cd2cb02812b18eb7ac1efa6ff61091d2a8533026022745a665012155d867f9391f3207d57247f4044628fdeab31808d5cdb9eed70e9bfe3685dae225ce70f83348894f42b257db7b987f41cd4ecbce0dbe25c349b10205f39647ce1361b13ac3281a49c1551117478fe2d09dec62f66f249dff1a73d80b487ede690728cab39b2a50fd0f603853472f9", 0xea}, {&(0x7f00000001c0)="1357611ad6f8fff6b55afde2763ad0dc50a6d5fbfc65d07c462c7e0c5ba93354ea2511cec1b6dad16fadc099ccc34772e9d2c9dc32f3", 0x36}, {&(0x7f0000000240)="245828f98cdb962ed91e83", 0xb}, {&(0x7f0000000280)="e679b388eaf88b21d2c604a1fc3b18e348dac91c77b84581a4e4bbd6511c", 0x1e}, {&(0x7f0000000440)="aabcb6cf8d91213312547ea3ba4346bf2e255c994ee759ff9d9757faab158ba8a9a957435c1c4703b26252e6dedb672f018ad64d9a6394dbf2ad5076af6006ff4fd967e36b14df8b5905c39017337f1231f12d4264ecceee75e48b8d1a979719e355d5b60da164afc6a62cff4f846e52c01c98abcf18d088381e3aeeb6657a699b36a5afe2c19ae8c0538ef07886367111cfcd", 0x93}], 0x6)
timer_create(0x0, &(0x7f0000000200)={0x0, 0x21, 0x2, @tid=0xffffffffffffffff}, &(0x7f0000000300)=<r1=>0x0)
fcntl$lock(0xffffffffffffffff, 0x6, &(0x7f0000000040)={0x0, 0x0, 0x60d3, 0x5})
mprotect(&(0x7f0000000000/0xf000)=nil, 0xf000, 0x1)
timer_settime(r1, 0x1, &(0x7f0000000040)={{}, {0x0, 0x989680}}, 0x0)
mmap(&(0x7f0000000000/0xa000)=nil, 0xa000, 0xd3283d0368e269b3, 0x8031, 0xffffffffffffffff, 0x0)
r2 = socket$vsock_stream(0x28, 0x1, 0x0)
connect$vsock_stream(r2, &(0x7f0000000000)={0x28, 0x0, 0x0, @local}, 0x10)

3m33.652694792s ago: executing program 3 (id=3299):
socketpair$unix(0x1, 0x3, 0x0, &(0x7f0000000080)={<r0=>0xffffffffffffffff, <r1=>0xffffffffffffffff})
connect$unix(r0, &(0x7f000057eff8)=@abs, 0x6e)
sendmmsg$unix(r1, &(0x7f00000bd000), 0x318, 0x0)
recvmmsg(r0, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
sendmsg(r1, &(0x7f0000000180)={0x0, 0x0, 0x0}, 0x0)
sched_setattr(0x0, &(0x7f0000000100)={0x38, 0x5, 0x0, 0x0, 0x0, 0xb4b, 0x9, 0x8, 0x0, 0x400003}, 0x0)
r2 = add_key(&(0x7f0000000000)='cifs.idmap\x00', &(0x7f0000000040)={'syz', 0x3}, 0x0, 0x0, 0xfffffffffffffffd)
r3 = syz_open_procfs(0x0, &(0x7f0000000400)='attr\x00')
process_vm_writev(0x0, &(0x7f0000001c80), 0x0, 0x0, 0x0, 0x0)
pread64(r3, &(0x7f0000000180)=""/43, 0xfd8a, 0x3c)
ioctl$vim2m_VIDIOC_S_FMT(r3, 0xc0d05605, &(0x7f0000000300)={0x0, @sliced={0x4, [0x0, 0x4, 0x2, 0x7, 0x0, 0x1, 0x4, 0x5, 0x8, 0x9, 0x1, 0x665, 0x4e, 0x200, 0x2f6, 0xfc01, 0x5, 0x9, 0x8, 0x643, 0x5, 0x1, 0x298b, 0x7, 0x7, 0x8010, 0x8, 0x639, 0x3, 0xfffd, 0x87b8, 0xb, 0x8, 0x2, 0xa, 0x2, 0x8001, 0x7c, 0xc, 0x4, 0x8001, 0xb, 0x1ff, 0x0, 0x7, 0x8, 0x948, 0xc], 0x8b}})
syz_open_dev$vbi(&(0x7f0000000140), 0x3, 0x2)
r4 = socket$nl_netfilter(0x10, 0x3, 0xc)
sendmsg$NFT_BATCH(r4, &(0x7f000000c2c0)={0x0, 0x0, &(0x7f0000000200)={&(0x7f0000000340)=ANY=[@ANYBLOB="140000001000010000000000000000000000000a28000000000a0101000000005e1affd5020000000900010073797a300000000008000240000000032c000000030a01030000e6ff000000000200000009000100"], 0x7c}}, 0x0)
sendmsg$NFT_BATCH(r4, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000040)={&(0x7f00000005c0)={{0x14}, [@NFT_MSG_NEWRULE={0x78, 0x6, 0xa, 0x40b, 0x0, 0x0, {0x2, 0x0, 0xfffe}, [@NFTA_RULE_EXPRESSIONS={0x4c, 0x4, 0x0, 0x1, [{0x28, 0x1, 0x0, 0x1, @fib={{0x8}, @val={0x1c, 0x2, 0x0, 0x1, [@NFTA_FIB_FLAGS={0x8, 0x3, 0x1, 0x0, 0x6}, @NFTA_FIB_RESULT={0x8, 0x2, 0x1, 0x0, 0x2}, @NFTA_FIB_DREG={0x8, 0x1, 0x1, 0x0, 0x9}]}}}, {0x20, 0x1, 0x0, 0x1, @ct={{0x7}, @val={0x14, 0x2, 0x0, 0x1, [@NFTA_CT_KEY={0x8, 0x2, 0x1, 0x0, 0x11}, @NFTA_CT_SREG={0x8, 0x4, 0x1, 0x0, 0xc}]}}}]}, @NFTA_RULE_TABLE={0x9, 0x1, 'syz0\x00'}, @NFTA_RULE_CHAIN={0x9, 0x2, 'syz2\x00'}]}], {0x14, 0x11, 0x1, 0x0, 0x0, {0x5}}}, 0xa0}}, 0x0)
keyctl$read(0x20, r2, 0x0, 0x0)
r5 = add_key$keyring(&(0x7f0000000280), &(0x7f00000002c0)={'syz', 0x0}, 0x0, 0x0, r2)
keyctl$setperm(0x5, r5, 0x52b242d)
request_key(&(0x7f00000001c0)='keyring\x00', 0x0, 0x0, r5)
r6 = socket$nl_generic(0x10, 0x3, 0x10)
r7 = syz_genetlink_get_family_id$ethtool(&(0x7f0000000540), 0xffffffffffffffff)
r8 = socket$igmp(0x2, 0x3, 0x2)
fgetxattr(r8, &(0x7f0000000000)=@random={'security.', '\x00'}, &(0x7f0000000040)=""/1, 0x1)
sendmsg$ETHTOOL_MSG_STRSET_GET(r6, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000080)={&(0x7f0000000240)=ANY=[@ANYBLOB="18000000", @ANYRES16=r7, @ANYBLOB="010000000000fcdbdf25010051c08e76693aa2127e2b000004000180"], 0x18}}, 0x2000c050)
syz_usb_connect(0x0, 0x3e, 0x0, 0x0)
r9 = socket$inet6_tcp(0xa, 0x1, 0x0)
setsockopt$inet6_tcp_int(r9, 0x6, 0x13, &(0x7f0000000100)=0x100000001, 0x4)
setsockopt$inet6_tcp_TCP_ULP(r9, 0x6, 0x1f, &(0x7f0000000140), 0x4)

3m29.982180941s ago: executing program 3 (id=3311):
socket$nl_generic(0x10, 0x3, 0x10)
r0 = openat$sw_sync_info(0xffffffffffffff9c, &(0x7f00000002c0), 0x0, 0x0)
r1 = syz_open_dev$dri(&(0x7f0000000000), 0x1ff, 0x0)
ioctl$DRM_IOCTL_MODE_GETRESOURCES(r1, 0xc04064a0, 0x0)
ioctl$DRM_IOCTL_WAIT_VBLANK(r1, 0xc018643a, &(0x7f0000000240)={0x1, 0x101})
r2 = socket$nl_route(0x10, 0x3, 0x0)
ioctl$sock_SIOCGIFINDEX(r2, 0x8933, &(0x7f00000001c0)={'bridge0\x00', <r3=>0x0})
sendmsg$nl_route(r2, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000040)={&(0x7f0000000240)=ANY=[@ANYBLOB="3800000055002f03020000000000000007000000", @ANYRES32=r3, @ANYBLOB="200001"], 0x38}}, 0x40840)
socket$inet_smc(0x2b, 0x1, 0x0)
r4 = openat$kvm(0xffffffffffffff9c, 0x0, 0x0, 0x0)
sendmsg$SOCK_DIAG_BY_FAMILY(r0, &(0x7f0000000280)={0x0, 0x0, &(0x7f0000000180)={&(0x7f0000000140)={0x1c, 0x14, 0x20, 0x70bd2d, 0x25dfdbff, {0x3, 0x8}, [@INET_DIAG_REQ_BYTECODE={0x4}, @INET_DIAG_REQ_BYTECODE={0x4}]}, 0x1c}, 0x1, 0x0, 0x0, 0x80}, 0x48849)
ioctl$KVM_CREATE_VM(r4, 0xae01, 0x0)
r5 = syz_usb_connect(0x0, 0x24, &(0x7f0000000000)=ANY=[@ANYBLOB="1201000075f84c1071042703a461000000010902120001000000000904"], 0x0)
syz_usb_control_io$uac1(r5, 0x0, 0x0)
syz_usb_control_io$hid(r5, 0x0, &(0x7f00000003c0)={0x2c, &(0x7f00000009c0)=ANY=[], 0x0, 0x0, 0x0, 0x0})
syz_usb_control_io(r5, 0x0, 0x0)
syz_usb_control_io$cdc_ncm(r5, 0x0, &(0x7f00000004c0)={0x44, &(0x7f00000014c0)=ANY=[@ANYBLOB="00000100000011"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0})
syz_usb_control_io$uac1(r5, 0x0, 0x0)

3m26.316436783s ago: executing program 3 (id=3319):
creat(&(0x7f0000000000)='./file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa\x00', 0x182)
syz_open_procfs(0x0, &(0x7f0000000240)='mountinfo\x00')
r0 = getpid()
mknodat$loop(0xffffffffffffff9c, &(0x7f0000000140)='./file0\x00', 0x1000, 0x1)
r1 = epoll_create1(0x80000)
r2 = openat(0xffffffffffffff9c, &(0x7f0000000240)='./file0\x00', 0x40042, 0x1)
mount$9p_fd(0x0, &(0x7f0000000440)='./file0\x00', &(0x7f0000000480), 0x84, &(0x7f00000001c0)={'trans=fd,', {'rfdno', 0x3d, r2}, 0x2c, {'wfdno', 0x3d, r1}})
syz_pidfd_open(r0, 0x0)
close_range(0xffffffffffffffff, 0xffffffffffffffff, 0x2)
pselect6(0x40, &(0x7f0000000080)={0x0, 0x3, 0x0, 0x0, 0x8000, 0x0, 0x0, 0x7}, &(0x7f00000000c0)={0x1f, 0x0, 0x8, 0x5, 0xfffffffffffffff8, 0x0, 0x4000000000}, 0x0, 0x0, 0x0)
pipe2$9p(&(0x7f00000001c0)={<r3=>0xffffffffffffffff, <r4=>0xffffffffffffffff}, 0x0)
write$P9_RVERSION(r4, &(0x7f0000000080)=ANY=[@ANYBLOB="1500000065ffff0180000008003950323030302e4c"], 0x15)
r5 = dup(r4)
syz_open_dev$vbi(&(0x7f0000000000), 0x2, 0x2)
r6 = syz_open_procfs(0x0, &(0x7f0000000000)='fd/3\x00')
close(0x3)
mount$9p_fd(0x0, &(0x7f0000000100)='.\x00', &(0x7f0000000040), 0x0, &(0x7f0000000140)={'trans=fd,', {'rfdno', 0x3d, r6}, 0x2c, {'wfdno', 0x3d, r6}})
ioctl$VIDIOC_S_CTRL(r6, 0xc008561c, &(0x7f0000000080)={0xf0f041})
write$FUSE_BMAP(r5, &(0x7f0000000100)={0x18}, 0x18)
mount$9p_fd(0x0, &(0x7f0000000500)='./file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa\x00', &(0x7f00000003c0), 0x14, &(0x7f00000002c0)={'trans=fd,', {'rfdno', 0x3d, r3}, 0x2c, {'wfdno', 0x3d, r5}, 0x2c, {[{@noxattr}]}})

3m10.587817666s ago: executing program 33 (id=3319):
creat(&(0x7f0000000000)='./file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa\x00', 0x182)
syz_open_procfs(0x0, &(0x7f0000000240)='mountinfo\x00')
r0 = getpid()
mknodat$loop(0xffffffffffffff9c, &(0x7f0000000140)='./file0\x00', 0x1000, 0x1)
r1 = epoll_create1(0x80000)
r2 = openat(0xffffffffffffff9c, &(0x7f0000000240)='./file0\x00', 0x40042, 0x1)
mount$9p_fd(0x0, &(0x7f0000000440)='./file0\x00', &(0x7f0000000480), 0x84, &(0x7f00000001c0)={'trans=fd,', {'rfdno', 0x3d, r2}, 0x2c, {'wfdno', 0x3d, r1}})
syz_pidfd_open(r0, 0x0)
close_range(0xffffffffffffffff, 0xffffffffffffffff, 0x2)
pselect6(0x40, &(0x7f0000000080)={0x0, 0x3, 0x0, 0x0, 0x8000, 0x0, 0x0, 0x7}, &(0x7f00000000c0)={0x1f, 0x0, 0x8, 0x5, 0xfffffffffffffff8, 0x0, 0x4000000000}, 0x0, 0x0, 0x0)
pipe2$9p(&(0x7f00000001c0)={<r3=>0xffffffffffffffff, <r4=>0xffffffffffffffff}, 0x0)
write$P9_RVERSION(r4, &(0x7f0000000080)=ANY=[@ANYBLOB="1500000065ffff0180000008003950323030302e4c"], 0x15)
r5 = dup(r4)
syz_open_dev$vbi(&(0x7f0000000000), 0x2, 0x2)
r6 = syz_open_procfs(0x0, &(0x7f0000000000)='fd/3\x00')
close(0x3)
mount$9p_fd(0x0, &(0x7f0000000100)='.\x00', &(0x7f0000000040), 0x0, &(0x7f0000000140)={'trans=fd,', {'rfdno', 0x3d, r6}, 0x2c, {'wfdno', 0x3d, r6}})
ioctl$VIDIOC_S_CTRL(r6, 0xc008561c, &(0x7f0000000080)={0xf0f041})
write$FUSE_BMAP(r5, &(0x7f0000000100)={0x18}, 0x18)
mount$9p_fd(0x0, &(0x7f0000000500)='./file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa\x00', &(0x7f00000003c0), 0x14, &(0x7f00000002c0)={'trans=fd,', {'rfdno', 0x3d, r3}, 0x2c, {'wfdno', 0x3d, r5}, 0x2c, {[{@noxattr}]}})

2m33.489541558s ago: executing program 0 (id=3471):
socket(0x2a, 0x2, 0x0)
syz_open_dev$evdev(&(0x7f00000000c0), 0x0, 0x822b01)
openat$vga_arbiter(0xffffffffffffff9c, &(0x7f0000000000), 0x1e8301, 0x0)
socket$packet(0x11, 0x2, 0x300)
socket$nl_generic(0x10, 0x3, 0x10)
socketpair$unix(0x1, 0x2, 0x0, 0x0)
close_range(0xffffffffffffffff, 0xffffffffffffffff, 0x2)
r0 = socket$nl_generic(0x10, 0x3, 0x10)
sendmsg$nl_generic(r0, &(0x7f0000000180)={0x0, 0x0, &(0x7f0000000140)={&(0x7f0000000040)={0x14, 0x15, 0x301, 0x0, 0x0, {0x1}}, 0x14}}, 0x0)
read(r0, &(0x7f0000000080)=""/186, 0xba)
r1 = socket$nl_generic(0x10, 0x3, 0x10)
sendmsg$nl_generic(r1, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000180)={&(0x7f0000000100)=ANY=[@ANYBLOB="2000000044000701fcffff7c00000c0004"], 0x20}, 0x1, 0x0, 0x0, 0x488c0}, 0xc000)

2m33.003086962s ago: executing program 0 (id=3473):
socketpair$unix(0x1, 0x3, 0x0, &(0x7f0000000080)={<r0=>0xffffffffffffffff, <r1=>0xffffffffffffffff})
connect$unix(r0, &(0x7f000057eff8)=@abs, 0x6e)
sendmmsg$unix(r1, &(0x7f00000bd000), 0x318, 0x0)
recvmmsg(r0, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
sched_setattr(0x0, &(0x7f0000000280)={0x38, 0x5, 0x8, 0x8001, 0x0, 0x9, 0x0, 0xfffffe0000000001, 0xfa11, 0xffffffff}, 0x0)
connect$inet6(0xffffffffffffffff, 0x0, 0x0)
syz_emit_vhci(0x0, 0x7)
bpf$PROG_LOAD_XDP(0x5, &(0x7f00000003c0)={0x7, 0x0, 0x0, 0x0, 0x4}, 0x94)
openat$sndseq(0xffffffffffffff9c, &(0x7f0000000340), 0x0)
r2 = openat$tun(0xffffffffffffff9c, &(0x7f0000000240), 0x0, 0x0)
ioctl$TUNSETIFF(r2, 0x400454ca, &(0x7f0000000040)={'syzkaller0\x00', 0x7101})
r3 = socket(0x400000000010, 0x3, 0x0)
ioctl$sock_SIOCGIFINDEX(0xffffffffffffffff, 0x8933, &(0x7f0000000100)={'syzkaller0\x00', <r4=>0x0})
sendmsg$nl_route_sched(r3, &(0x7f00000012c0)={0x0, 0x0, &(0x7f0000000080)={&(0x7f00000005c0)=@newqdisc={0x38, 0x24, 0x4ee4e6a52ff56541, 0x70bd2d, 0x25dfdbfd, {0x0, 0x0, 0x0, r4, {0x0, 0xfff1}, {0xffff, 0xffff}, {0x1, 0xf}}, [@qdisc_kind_options=@q_multiq={{0xb}, {0x8, 0x2, {0x28}}}]}, 0x38}, 0x1, 0x0, 0x0, 0x40000}, 0x0)
r5 = openat$procfs(0xffffffffffffff9c, 0x0, 0x0, 0x0)
read$FUSE(r5, &(0x7f0000001d00)={0x2020}, 0x2020)
r6 = socket$can_raw(0x1d, 0x3, 0x1)
setsockopt$SO_TIMESTAMPING(r6, 0x1, 0x41, &(0x7f00000000c0)=0x47ca, 0x4)
ioctl$ifreq_SIOCGIFINDEX_vcan(r6, 0x8933, &(0x7f0000000040)={'vxcan0\x00', <r7=>0x0})
setsockopt$CAN_RAW_FD_FRAMES(r6, 0x65, 0x5, &(0x7f0000000180)=0x1, 0x4)
sendmsg$can_raw(r6, &(0x7f0000000340)={&(0x7f0000000080)={0x1d, r7}, 0x10, &(0x7f0000000000)={&(0x7f00000001c0)=@canfd={{}, 0x2e, 0x0, 0x0, 0x0, "4e4e488e419039dda425818c34de45852abd1372621b404219373c9a72cdb611ef256a70bf66c39d7082f2809cbc3da9bb3c86e0c5e53cff15d561c53fe9ae3a"}, 0x48}}, 0x1)

2m29.19246902s ago: executing program 0 (id=3487):
openat$vnet(0xffffffffffffff9c, &(0x7f0000000080), 0x2, 0x0)
r0 = openat$binderfs(0xffffffffffffff9c, &(0x7f0000000300)='./binderfs/binder0\x00', 0x0, 0x0)
ioctl$BINDER_SET_CONTEXT_MGR_EXT(r0, 0x4018620d, &(0x7f0000000100)={0x73622a85, 0x0, 0x2})
r1 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000240)={0x11, 0x4, &(0x7f0000000040)=ANY=[@ANYBLOB="18010000000000000000000000000000850000006d00000095"], &(0x7f0000000100)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x8, '\x00', 0x0, 0x2}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000080)={&(0x7f0000000000)='sched_switch\x00', r1}, 0x18)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x88}, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000180)=0x7)
r2 = getpid()
sched_setscheduler(r2, 0x2, &(0x7f0000000200)=0x7)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbee2, 0x8031, 0xffffffffffffffff, 0x0)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={<r3=>0xffffffffffffffff, <r4=>0xffffffffffffffff})
connect$unix(r3, &(0x7f000057eff8)=@abs, 0x6e)
sendmmsg$unix(r4, &(0x7f0000000000), 0x651, 0x0)
recvmmsg(r3, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000000)=0x6)
setresgid(0x0, 0xee01, 0xffffffffffffffff)
mkdirat(0xffffffffffffff9c, 0x0, 0x0)
mount$tmpfs(0x0, &(0x7f0000000000)='./file1\x00', &(0x7f0000000080), 0x8000, &(0x7f00000024c0)=ANY=[@ANYBLOB='quota'])
r5 = socket$nl_generic(0x10, 0x3, 0x10)
sendmsg$nl_generic(r5, &(0x7f0000000140)={0x0, 0x5, &(0x7f0000001ac0)={&(0x7f0000001b00)={0x18, 0x2d, 0x1, 0x70bd26, 0x25dfdbfc, {0x4, 0x0, 0x300}, [@nested={0x4, 0xe}]}, 0x18}, 0x1, 0x0, 0x0, 0x4000d}, 0x20000000)

2m28.175068805s ago: executing program 0 (id=3488):
r0 = socket$inet6_mptcp(0xa, 0x1, 0x106)
ioctl$sock_inet6_SIOCDELRT(r0, 0x890c, &(0x7f0000000140)={@private1={0xfc, 0x1, '\x00', 0x1}, @rand_addr=' \x01\x00', @mcast2, 0x8, 0x3c80, 0x85, 0x400, 0x3, 0x60})
socketpair$unix(0x1, 0x3, 0x0, &(0x7f0000000080)={<r1=>0xffffffffffffffff, <r2=>0xffffffffffffffff})
connect$unix(r1, &(0x7f000057eff8)=@abs, 0x6e)
sendmmsg$unix(r2, &(0x7f00000bd000), 0x318, 0x0)
recvmmsg(r1, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
sendmsg(r2, &(0x7f0000000180)={0x0, 0x0, 0x0}, 0x0)
sched_setattr(0x0, &(0x7f0000000100)={0x38, 0x5, 0x0, 0x9, 0x0, 0xfffffffffffffffd, 0x400009, 0x8, 0xa}, 0x0)
syz_open_dev$media(0x0, 0x80000006, 0xd81a40)
socket$netlink(0x10, 0x3, 0x0)
r3 = socket$inet6_tcp(0xa, 0x1, 0x0)
setsockopt$inet6_tcp_TCP_MD5SIG(r3, 0x6, 0xe, &(0x7f0000000300)={@in6={{0xa, 0x4e24, 0x202, @private2={0xfc, 0x2, '\x00', 0xff}, 0x4ac2d78a}}, 0x0, 0x0, 0x34, 0x0, "ee8b0e650926a96ecc136e7fb980e989db9e8bf9b93129488f651a8de213eb94cd46e19d9c65a018444a131f4da58ae36556dd38ea6c029607462029add09240005c6776267517308a3d40aa1c788df6"}, 0xd8)
recvmmsg(0xffffffffffffffff, &(0x7f0000006940)=[{{0x0, 0x0, &(0x7f0000000500)=[{&(0x7f00000003c0)=""/6, 0x6}], 0x1}, 0x3}], 0x1, 0x2, 0x0)
socketpair$tipc(0x1e, 0x1, 0x0, &(0x7f0000000080)={<r4=>0xffffffffffffffff, <r5=>0xffffffffffffffff})
sched_setaffinity(0x0, 0x0, 0x0)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x1, 0x0)
r6 = syz_open_dev$MSR(&(0x7f00000001c0), 0x0, 0x0)
read$msr(r6, &(0x7f0000019680)=""/102392, 0x18ff8)
setsockopt$packet_rx_ring(0xffffffffffffffff, 0x107, 0x5, 0x0, 0x0)
r7 = socket$igmp(0x2, 0x3, 0x2)
setsockopt$MRT_INIT(r7, 0x0, 0xc8, &(0x7f0000003d40), 0x4)
openat$sequencer(0xffffffffffffff9c, 0x0, 0x0, 0x0)
setsockopt$MRT_ADD_VIF(r7, 0x0, 0xca, &(0x7f0000003d80)={0x1, 0x0, 0x0, 0x0, @vifc_lcl_addr=@local, @dev}, 0x10)
syz_emit_ethernet(0x66, &(0x7f0000000340)={@multicast, @link_local, @void, {@ipv4={0x800, @gre={{0x5, 0x4, 0x0, 0x0, 0x58, 0x0, 0x0, 0x0, 0x2f, 0x0, @private=0xe0, @multicast1=0xe000c800}, {{0x0, 0x0, 0x1, 0x0, 0xb, 0x0, 0x0, 0x4, 0x6558}, {0x0, 0x0, 0x0, 0x0, 0x11}, {}, {0x8, 0x88be, 0x0, {{}, 0xfffff788}}}}}}}, 0x0)
r8 = socket$igmp(0x2, 0x3, 0x2)
setsockopt$MRT_FLUSH(r8, 0x0, 0xd4, &(0x7f0000000040)=0x9, 0x4)
sendmmsg$sock(r4, &(0x7f00000044c0), 0x4000000000001c0, 0x0)
recvfrom(r5, &(0x7f00000000c0)=""/57, 0x39, 0x60, 0x0, 0x0)

2m26.778286167s ago: executing program 0 (id=3492):
openat$ptmx(0xffffffffffffff9c, 0x0, 0x121301, 0x0)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000640)=0x2)
sched_setaffinity(0x0, 0x8, &(0x7f0000000280)=0x2)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x1, 0x0)
r0 = syz_open_dev$MSR(&(0x7f00000001c0), 0x0, 0x0)
read$msr(r0, &(0x7f0000019680)=""/102392, 0x18ff8)
r1 = socket$nl_generic(0x10, 0x3, 0x10)
r2 = openat$comedi(0xffffffffffffff9c, &(0x7f0000000080)='/dev/comedi3\x00', 0x400, 0x0)
ioctl$COMEDI_DEVCONFIG(r2, 0x40946400, &(0x7f00000000c0)={'adq12b\x00', [0x4f27, 0x2, 0x10000, 0x4, 0xe, 0x0, 0x3, 0x7, 0xa, 0x1, 0x8001, 0x4, 0xff6b, 0x801, 0xfffffffe, 0xb4c, 0x0, 0x2, 0x3, 0x40000003, 0x89, 0xcaa7, 0x201ff, 0x20001e58, 0xb, 0xe6b, 0x3c, 0x8, 0x65c, 0x0, 0xfffffff8]})
sendmsg$nl_route(0xffffffffffffffff, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000080)={0x0, 0x50}}, 0x4008840)
syz_genetlink_get_family_id$ipvs(&(0x7f0000000f40), r1)
sendmsg$IPVS_CMD_NEW_SERVICE(r1, &(0x7f0000001100)={0x0, 0x0, &(0x7f00000010c0)={0x0}, 0x1, 0x0, 0x0, 0x20004084}, 0x20008800)
sendmmsg(0xffffffffffffffff, &(0x7f00000092c0), 0x4ff, 0x0)
listen(0xffffffffffffffff, 0x5)
ioctl$SNDRV_TIMER_IOCTL_SELECT(0xffffffffffffffff, 0x40345410, 0x0)
sendmsg$nl_route_sched(0xffffffffffffffff, &(0x7f00000007c0)={0x0, 0x0, 0x0}, 0x0)
r3 = socket$inet6_sctp(0xa, 0x1, 0x84)
setsockopt(r3, 0x84, 0x81, &(0x7f0000000280)="1a00000002000000", 0x8)
setsockopt$inet_sctp_SCTP_SOCKOPT_BINDX_ADD(r3, 0x84, 0x64, &(0x7f0000000040)=[@in6={0xa, 0x4e23, 0x401, @loopback}], 0x1c)
openat$ubi_ctrl(0xffffffffffffff9c, &(0x7f0000000040), 0x521281, 0x0)

2m26.244646934s ago: executing program 0 (id=3495):
r0 = syz_open_dev$usbfs(&(0x7f00000000c0), 0x204, 0x2)
r1 = syz_io_uring_setup(0x5b97, &(0x7f0000000000)={0x0, 0x8ee7, 0x400, 0x0, 0x124}, &(0x7f0000000080), &(0x7f0000000100))
io_uring_register$IORING_REGISTER_SYNC_CANCEL(r1, 0x18, &(0x7f0000000140)={0x7, r0, 0x20, {0xe, 0x100000001}, 0x4}, 0x1)
mmap(&(0x7f0000000000/0x400000)=nil, 0x400000, 0x1000002, 0x11012, r0, 0x0)
openat$selinux_load(0xffffffffffffff9c, 0x0, 0x2, 0x0)
r2 = openat$selinux_policy(0xffffff9c, &(0x7f0000001040), 0x0, 0x0)
r3 = socket$nl_route(0x10, 0x3, 0x0)
getsockopt$IP_SET_OP_GET_FNAME(r3, 0x1, 0x53, 0x0, 0x0)
r4 = socket$inet_udplite(0x2, 0x2, 0x88)
ioctl$sock_SIOCGIFINDEX(r4, 0x8933, &(0x7f0000000340)={'bridge0\x00', <r5=>0x0})
r6 = socket(0x10, 0x80002, 0x0)
sendmsg$nl_route(r6, &(0x7f0000000000)={0x0, 0x10, &(0x7f0000000080)={&(0x7f0000000100)=ANY=[@ANYBLOB="440000001300290a000000000000000007000000", @ANYRES32=r5, @ANYBLOB="00000000000000001c001a800800028008000200080000003e120000080002001040e5"], 0x44}}, 0x0)
sendmsg$nl_route_sched(r3, &(0x7f0000000200)={0x0, 0x0, &(0x7f00000001c0)={&(0x7f0000000180)=@getchain={0x24, 0x11, 0x1, 0x2000000, 0x0, {0x0, 0x0, 0x0, r5, {}, {}, {0xfff3}}}, 0x24}}, 0x0)
r7 = socket(0x10, 0x3, 0x4)
sendmsg$nl_route(r7, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000300)={&(0x7f0000000000)=@ipv6_newaddr={0x18, 0x14, 0x9535393fea6295b5, 0x0, 0x0, {0xa, 0x20}}, 0x18}, 0x1, 0x0, 0x0, 0x810}, 0x0)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0x100000a, 0x12, r2, 0x0)
syz_open_dev$usbfs(&(0x7f00000000c0), 0x204, 0x2) (async)
syz_io_uring_setup(0x5b97, &(0x7f0000000000)={0x0, 0x8ee7, 0x400, 0x0, 0x124}, &(0x7f0000000080), &(0x7f0000000100)) (async)
io_uring_register$IORING_REGISTER_SYNC_CANCEL(r1, 0x18, &(0x7f0000000140)={0x7, r0, 0x20, {0xe, 0x100000001}, 0x4}, 0x1) (async)
mmap(&(0x7f0000000000/0x400000)=nil, 0x400000, 0x1000002, 0x11012, r0, 0x0) (async)
openat$selinux_load(0xffffffffffffff9c, 0x0, 0x2, 0x0) (async)
openat$selinux_policy(0xffffff9c, &(0x7f0000001040), 0x0, 0x0) (async)
socket$nl_route(0x10, 0x3, 0x0) (async)
getsockopt$IP_SET_OP_GET_FNAME(r3, 0x1, 0x53, 0x0, 0x0) (async)
socket$inet_udplite(0x2, 0x2, 0x88) (async)
ioctl$sock_SIOCGIFINDEX(r4, 0x8933, &(0x7f0000000340)={'bridge0\x00'}) (async)
socket(0x10, 0x80002, 0x0) (async)
sendmsg$nl_route(r6, &(0x7f0000000000)={0x0, 0x10, &(0x7f0000000080)={&(0x7f0000000100)=ANY=[@ANYBLOB="440000001300290a000000000000000007000000", @ANYRES32=r5, @ANYBLOB="00000000000000001c001a800800028008000200080000003e120000080002001040e5"], 0x44}}, 0x0) (async)
sendmsg$nl_route_sched(r3, &(0x7f0000000200)={0x0, 0x0, &(0x7f00000001c0)={&(0x7f0000000180)=@getchain={0x24, 0x11, 0x1, 0x2000000, 0x0, {0x0, 0x0, 0x0, r5, {}, {}, {0xfff3}}}, 0x24}}, 0x0) (async)
socket(0x10, 0x3, 0x4) (async)
sendmsg$nl_route(r7, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000300)={&(0x7f0000000000)=@ipv6_newaddr={0x18, 0x14, 0x9535393fea6295b5, 0x0, 0x0, {0xa, 0x20}}, 0x18}, 0x1, 0x0, 0x0, 0x810}, 0x0) (async)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0x100000a, 0x12, r2, 0x0) (async)

2m11.208961176s ago: executing program 34 (id=3495):
r0 = syz_open_dev$usbfs(&(0x7f00000000c0), 0x204, 0x2)
r1 = syz_io_uring_setup(0x5b97, &(0x7f0000000000)={0x0, 0x8ee7, 0x400, 0x0, 0x124}, &(0x7f0000000080), &(0x7f0000000100))
io_uring_register$IORING_REGISTER_SYNC_CANCEL(r1, 0x18, &(0x7f0000000140)={0x7, r0, 0x20, {0xe, 0x100000001}, 0x4}, 0x1)
mmap(&(0x7f0000000000/0x400000)=nil, 0x400000, 0x1000002, 0x11012, r0, 0x0)
openat$selinux_load(0xffffffffffffff9c, 0x0, 0x2, 0x0)
r2 = openat$selinux_policy(0xffffff9c, &(0x7f0000001040), 0x0, 0x0)
r3 = socket$nl_route(0x10, 0x3, 0x0)
getsockopt$IP_SET_OP_GET_FNAME(r3, 0x1, 0x53, 0x0, 0x0)
r4 = socket$inet_udplite(0x2, 0x2, 0x88)
ioctl$sock_SIOCGIFINDEX(r4, 0x8933, &(0x7f0000000340)={'bridge0\x00', <r5=>0x0})
r6 = socket(0x10, 0x80002, 0x0)
sendmsg$nl_route(r6, &(0x7f0000000000)={0x0, 0x10, &(0x7f0000000080)={&(0x7f0000000100)=ANY=[@ANYBLOB="440000001300290a000000000000000007000000", @ANYRES32=r5, @ANYBLOB="00000000000000001c001a800800028008000200080000003e120000080002001040e5"], 0x44}}, 0x0)
sendmsg$nl_route_sched(r3, &(0x7f0000000200)={0x0, 0x0, &(0x7f00000001c0)={&(0x7f0000000180)=@getchain={0x24, 0x11, 0x1, 0x2000000, 0x0, {0x0, 0x0, 0x0, r5, {}, {}, {0xfff3}}}, 0x24}}, 0x0)
r7 = socket(0x10, 0x3, 0x4)
sendmsg$nl_route(r7, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000300)={&(0x7f0000000000)=@ipv6_newaddr={0x18, 0x14, 0x9535393fea6295b5, 0x0, 0x0, {0xa, 0x20}}, 0x18}, 0x1, 0x0, 0x0, 0x810}, 0x0)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0x100000a, 0x12, r2, 0x0)
syz_open_dev$usbfs(&(0x7f00000000c0), 0x204, 0x2) (async)
syz_io_uring_setup(0x5b97, &(0x7f0000000000)={0x0, 0x8ee7, 0x400, 0x0, 0x124}, &(0x7f0000000080), &(0x7f0000000100)) (async)
io_uring_register$IORING_REGISTER_SYNC_CANCEL(r1, 0x18, &(0x7f0000000140)={0x7, r0, 0x20, {0xe, 0x100000001}, 0x4}, 0x1) (async)
mmap(&(0x7f0000000000/0x400000)=nil, 0x400000, 0x1000002, 0x11012, r0, 0x0) (async)
openat$selinux_load(0xffffffffffffff9c, 0x0, 0x2, 0x0) (async)
openat$selinux_policy(0xffffff9c, &(0x7f0000001040), 0x0, 0x0) (async)
socket$nl_route(0x10, 0x3, 0x0) (async)
getsockopt$IP_SET_OP_GET_FNAME(r3, 0x1, 0x53, 0x0, 0x0) (async)
socket$inet_udplite(0x2, 0x2, 0x88) (async)
ioctl$sock_SIOCGIFINDEX(r4, 0x8933, &(0x7f0000000340)={'bridge0\x00'}) (async)
socket(0x10, 0x80002, 0x0) (async)
sendmsg$nl_route(r6, &(0x7f0000000000)={0x0, 0x10, &(0x7f0000000080)={&(0x7f0000000100)=ANY=[@ANYBLOB="440000001300290a000000000000000007000000", @ANYRES32=r5, @ANYBLOB="00000000000000001c001a800800028008000200080000003e120000080002001040e5"], 0x44}}, 0x0) (async)
sendmsg$nl_route_sched(r3, &(0x7f0000000200)={0x0, 0x0, &(0x7f00000001c0)={&(0x7f0000000180)=@getchain={0x24, 0x11, 0x1, 0x2000000, 0x0, {0x0, 0x0, 0x0, r5, {}, {}, {0xfff3}}}, 0x24}}, 0x0) (async)
socket(0x10, 0x3, 0x4) (async)
sendmsg$nl_route(r7, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000300)={&(0x7f0000000000)=@ipv6_newaddr={0x18, 0x14, 0x9535393fea6295b5, 0x0, 0x0, {0xa, 0x20}}, 0x18}, 0x1, 0x0, 0x0, 0x810}, 0x0) (async)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0x100000a, 0x12, r2, 0x0) (async)

15.230860423s ago: executing program 5 (id=3810):
socketpair$unix(0x1, 0x3, 0x0, &(0x7f0000000080)={<r0=>0xffffffffffffffff, <r1=>0xffffffffffffffff})
connect$unix(r0, &(0x7f000057eff8)=@abs, 0x6e)
sendmmsg$unix(r1, &(0x7f00000bd000), 0x318, 0x0)
recvmmsg(r0, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
sendmsg(r1, &(0x7f0000000180)={0x0, 0x0, 0x0}, 0x0)
sched_setattr(0x0, &(0x7f0000000100)={0x38, 0x5, 0x0, 0x0, 0x0, 0xb4b, 0x9, 0x8, 0x0, 0x400003}, 0x0)
r2 = add_key(&(0x7f0000000000)='cifs.idmap\x00', &(0x7f0000000040)={'syz', 0x3}, 0x0, 0x0, 0xfffffffffffffffd)
r3 = syz_open_procfs(0x0, &(0x7f0000000400)='attr\x00')
process_vm_writev(0x0, &(0x7f0000001c80), 0x0, 0x0, 0x0, 0x0)
pread64(r3, &(0x7f0000000180)=""/43, 0xfd8a, 0x3c)
ioctl$vim2m_VIDIOC_S_FMT(r3, 0xc0d05605, &(0x7f0000000300)={0x0, @sliced={0x4, [0x0, 0x4, 0x2, 0x7, 0x0, 0x1, 0x4, 0x5, 0x8, 0x9, 0x1, 0x665, 0x4e, 0x200, 0x2f6, 0xfc01, 0x5, 0x9, 0x8, 0x643, 0x5, 0x1, 0x298b, 0x7, 0x7, 0x8010, 0x8, 0x639, 0x3, 0xfffd, 0x87b8, 0xb, 0x8, 0x2, 0xa, 0x2, 0x8001, 0x7c, 0xc, 0x4, 0x8001, 0xb, 0x1ff, 0x0, 0x7, 0x8, 0x948, 0xc], 0x8b}})
syz_open_dev$vbi(&(0x7f0000000140), 0x3, 0x2)
r4 = socket$nl_netfilter(0x10, 0x3, 0xc)
sendmsg$NFT_BATCH(r4, &(0x7f000000c2c0)={0x0, 0x0, &(0x7f0000000200)={&(0x7f0000000340)=ANY=[@ANYBLOB="140000001000010000000000000000000000000a28000000000a0101000000005e1affd5020000000900010073797a300000000008000240000000032c000000030a01030000e6ff00000000020000000900010073797a30000000000900030073797a320000000014000000110001"], 0x7c}}, 0x0)
sendmsg$NFT_BATCH(r4, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000040)={0x0}}, 0x0)
keyctl$read(0x20, r2, 0x0, 0x0)
r5 = add_key$keyring(&(0x7f0000000280), &(0x7f00000002c0)={'syz', 0x0}, 0x0, 0x0, r2)
keyctl$setperm(0x5, r5, 0x52b242d)
request_key(&(0x7f00000001c0)='keyring\x00', 0x0, 0x0, r5)
r6 = socket$nl_generic(0x10, 0x3, 0x10)
r7 = syz_genetlink_get_family_id$ethtool(&(0x7f0000000540), 0xffffffffffffffff)
r8 = socket$igmp(0x2, 0x3, 0x2)
fgetxattr(r8, &(0x7f0000000000)=@random={'security.', '\x00'}, &(0x7f0000000040)=""/1, 0x1)
sendmsg$ETHTOOL_MSG_STRSET_GET(r6, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000080)={&(0x7f0000000240)=ANY=[@ANYBLOB="18000000", @ANYRES16=r7, @ANYBLOB="010000000000fcdbdf25010051c08e76693aa2127e2b000004000180"], 0x18}}, 0x2000c050)
syz_usb_connect(0x0, 0x3e, 0x0, 0x0)
r9 = socket$inet6_tcp(0xa, 0x1, 0x0)
setsockopt$inet6_tcp_int(r9, 0x6, 0x13, &(0x7f0000000100)=0x100000001, 0x4)
setsockopt$inet6_tcp_TCP_ULP(r9, 0x6, 0x1f, &(0x7f0000000140), 0x4)

12.201665265s ago: executing program 6 (id=3814):
openat$ptmx(0xffffffffffffff9c, 0x0, 0x121301, 0x0)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000640)=0x2)
sched_setaffinity(0x0, 0x8, &(0x7f0000000280)=0x2)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x1, 0x0)
r0 = syz_open_dev$MSR(&(0x7f00000001c0), 0x0, 0x0)
read$msr(r0, &(0x7f0000019680)=""/102392, 0x18ff8)
r1 = socket$nl_generic(0x10, 0x3, 0x10)
r2 = openat$comedi(0xffffffffffffff9c, &(0x7f0000000080)='/dev/comedi3\x00', 0x400, 0x0)
ioctl$COMEDI_DEVCONFIG(r2, 0x40946400, &(0x7f00000000c0)={'adq12b\x00', [0x4f27, 0x2, 0x10000, 0x4, 0xe, 0x0, 0x3, 0x7, 0xa, 0x1, 0x8001, 0x4, 0xff6b, 0x801, 0xfffffffe, 0xb4c, 0x0, 0x2, 0x3, 0x40000003, 0x89, 0xcaa7, 0x201ff, 0x20001e58, 0xb, 0xe6b, 0x3c, 0x8, 0x65c, 0x0, 0xfffffff8]})
sendmsg$nl_route(0xffffffffffffffff, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000080)={0x0, 0x50}}, 0x4008840)
r3 = syz_genetlink_get_family_id$ipvs(&(0x7f0000000f40), r1)
sendmsg$IPVS_CMD_NEW_SERVICE(r1, &(0x7f0000001100)={0x0, 0x0, &(0x7f00000010c0)={&(0x7f00000001c0)={0x54, r3, 0x1, 0x70bd67, 0x25dfdbfb, {}, [@IPVS_CMD_ATTR_SERVICE={0x40, 0x1, 0x0, 0x1, [@IPVS_SVC_ATTR_AF={0x6, 0x1, 0xa}, @IPVS_SVC_ATTR_FLAGS={0xc, 0x7, {0x2e, 0x5}}, @IPVS_SVC_ATTR_NETMASK={0x8, 0x9, 0x39}, @IPVS_SVC_ATTR_PROTOCOL={0x6, 0x2, 0x11}, @IPVS_SVC_ATTR_PE_NAME={0x8}, @IPVS_SVC_ATTR_TIMEOUT={0x8}, @IPVS_SVC_ATTR_FWMARK={0x8, 0x5, 0x4}]}]}, 0x54}, 0x1, 0x0, 0x0, 0x20004084}, 0x20008800)
sendmmsg(0xffffffffffffffff, &(0x7f00000092c0), 0x4ff, 0x0)
listen(0xffffffffffffffff, 0x5)
ioctl$SNDRV_TIMER_IOCTL_SELECT(0xffffffffffffffff, 0x40345410, 0x0)
sendmsg$nl_route_sched(0xffffffffffffffff, &(0x7f00000007c0)={0x0, 0x0, 0x0}, 0x0)
r4 = socket$inet6_sctp(0xa, 0x1, 0x84)
setsockopt(r4, 0x84, 0x81, &(0x7f0000000280)="1a00000002000000", 0x8)
setsockopt$inet_sctp_SCTP_SOCKOPT_BINDX_ADD(r4, 0x84, 0x64, &(0x7f0000000040)=[@in6={0xa, 0x4e23, 0x401, @loopback}], 0x1c)
openat$ubi_ctrl(0xffffffffffffff9c, &(0x7f0000000040), 0x521281, 0x0)

11.669022434s ago: executing program 6 (id=3816):
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000100)={<r0=>0xffffffffffffffff, <r1=>0xffffffffffffffff})
connect$unix(r0, &(0x7f000057eff8)=@abs, 0x6e)
sendmmsg$unix(r1, &(0x7f00000bd000), 0x318, 0x0)
recvmmsg(r0, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
syz_genetlink_get_family_id$ethtool(0x0, 0xffffffffffffffff)
sched_setattr(0x0, &(0x7f0000000280)={0x38, 0x5, 0x8, 0x8001, 0x0, 0x9, 0x0, 0xfffffdffffffffff, 0xfa11, 0xffffffff}, 0x0)
mmap(&(0x7f0000000000/0xff5000)=nil, 0xff5000, 0x1000002, 0x200000005c831, 0xffffffffffffffff, 0x0)
r2 = syz_open_dev$swradio(&(0x7f0000000080), 0x0, 0x2)
r3 = dup(r2)
read$FUSE(r3, &(0x7f0000005540)={0x2020}, 0x2020)
ioctl$VIDIOC_S_CTRL(r3, 0xc008561c, &(0x7f0000000000)={0xf0f046})
bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x0, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b704000000000000850000000100000095"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90)
r4 = syz_init_net_socket$bt_sco(0x1f, 0x5, 0x2)
bind$bt_sco(r4, &(0x7f0000000180)={0x1f, @none}, 0x8)
setsockopt$bt_BT_VOICE(r4, 0x112, 0x13, 0x0, 0x0)
r5 = bpf$MAP_CREATE(0x0, &(0x7f0000000180)=ANY=[@ANYBLOB="0b00000005000000000400000900000001"], 0x48)
bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000800000000000000000000018110000", @ANYRES32=r5], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90)
r6 = socket$inet6_tcp(0xa, 0x1, 0x0)
ioctl$sock_SIOCETHTOOL(r6, 0x89f0, &(0x7f0000001440)={'bridge0\x00', &(0x7f0000000100)=@ethtool_ringparam={0x7, 0x0, 0x2, 0x0, 0xfffffff8, 0x900}})
bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90)
sendmsg(0xffffffffffffffff, &(0x7f0000000000)={0x0, 0x0, 0x0, 0x0, &(0x7f00000000c0)=ANY=[@ANYBLOB="e8000000000000000b210000ff3f7c081e0f315b91fcaec7bf495d5c618332756cbb1bb9ce6d12b9d976d1f33aca41e50a3342bcd67c311f7885a05c3fcf2ae21f1498ec481e7ca2c3ca4c7b3bf94448f62e111e5a79929b9182cc977ba6ae766ce37bdaac6da997fbc15f0c79f42155b99a280667b51fdc7902d7be5ef41f953fedb32aceeada13250626957e2013d5b12cc916541ccbeb0d4060a4dd89664eaba2f6b4ede0c9e3dc1c9446d9284ebe0e46eee7bc145ff0a2779c025553298812978ea53a8c60f254f23344a80a0aac7b141787bad6b0ba090000005f2f3158f0d200000000000070000000000000000701000040000000afbb30c2946e41ef3167d1f6ed47aa1f52bad114a89dbed741f74a23cd8d915e2dcc74a4932646b90f90a9d3956d5cadb642ac79fcb0aae3654482188263abd27e9d57cc28032453dc75f333e1f367ab38b7e7719805a454e79802d07ec60c00b000000000000000"], 0x208}, 0x0)
socketpair(0x1, 0x5, 0x0, &(0x7f0000000240)={<r7=>0xffffffffffffffff, <r8=>0xffffffffffffffff})
sendmsg(r7, &(0x7f0000000300)={0x0, 0x0, 0x0, 0x0, &(0x7f00000000c0)=ANY=[], 0x208}, 0x0)
fgetxattr(0xffffffffffffffff, &(0x7f0000000380)=ANY=[@ANYBLOB="627472732e7d232b0011032f62d4405b1e3fe24c8f87f779a1702f8dc6e966b220ce08eca8f377f501ed16ffa1ef10191c3452fdbc37dcfeff5c3052d03c11ca04c08ebdcdc976d137a19fb512658c4f2d5ed754ed92e7cedc895ec7b6a8719cc65c13d3b2520386380d"], &(0x7f0000000340)=""/42, 0x2a)
close_range(0xffffffffffffffff, 0xffffffffffffffff, 0x2)
recvmmsg(r8, &(0x7f0000001dc0)=[{{0x0, 0x0, 0x0, 0x0, &(0x7f0000000400)=""/188, 0xbc, 0xdf0e}}], 0x1800, 0x2002, 0x0)

11.30926942s ago: executing program 4 (id=3817):
r0 = socket$inet_smc(0x2b, 0x1, 0x0)
bind$inet6(0xffffffffffffffff, &(0x7f0000000140)={0xa, 0x4e22}, 0x1c)
socketpair$unix(0x1, 0x3, 0x0, &(0x7f0000000080)={<r1=>0xffffffffffffffff, <r2=>0xffffffffffffffff})
connect$unix(r1, &(0x7f000057eff8)=@abs, 0x6e)
sendmmsg$unix(r2, &(0x7f00000bd000), 0x318, 0x0)
recvmmsg(r1, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
r3 = socket$nl_netfilter(0x10, 0x3, 0xc)
sched_setattr(0x0, &(0x7f0000000280)={0x38, 0x3, 0x48, 0x28001, 0xfffffffa, 0xfffffffffffffe01, 0x0, 0xfffffe0000000001, 0x1fa11, 0x8}, 0x0)
mlock(&(0x7f0000000000/0x800000)=nil, 0x800000)
mremap(&(0x7f000054e000/0x1000)=nil, 0x1000, 0x3000, 0x3, &(0x7f000022c000/0x3000)=nil)
bpf$BPF_BTF_LOAD(0x12, 0x0, 0x0)
r4 = socket$nl_route(0x10, 0x3, 0x0)
sendmsg$nl_route(r4, 0x0, 0x0)
timer_create(0x2, 0x0, &(0x7f0000000540)=<r5=>0x0)
timer_gettime(r5, &(0x7f00000005c0))
timer_settime(r5, 0x1, &(0x7f00000000c0)={{0x0, 0x3938700}, {0x0, 0x3938700}}, &(0x7f0000000180))
r6 = openat$kvm(0xffffffffffffff9c, 0x0, 0x0, 0x0)
r7 = ioctl$KVM_CREATE_VM(r6, 0xae01, 0x0)
r8 = ioctl$KVM_CREATE_VCPU(r7, 0xae41, 0x0)
sendmsg$nl_route_sched(0xffffffffffffffff, &(0x7f00000002c0)={0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x20004015}, 0x2404c8c0)
r9 = socket$inet6_tcp(0xa, 0x1, 0x0)
sendmsg$nl_route(0xffffffffffffffff, &(0x7f0000000100)={0x0, 0x0, &(0x7f0000000280)={&(0x7f0000000300)=ANY=[@ANYBLOB="4c0000001800010800000000000000850a600000000000000500000014000500200100000000000000000300000000001c00090008000000", @ANYRES32=r9], 0x4c}}, 0x0)
r10 = socket$netlink(0x10, 0x3, 0x0)
sendmmsg(r10, &(0x7f00000002c0), 0x40000000000009f, 0x0)
listen(0xffffffffffffffff, 0x0)
syz_emit_ethernet(0x4a, &(0x7f00000001c0)=ANY=[@ANYBLOB="aaaaaaaaaaaaaa8d17ce35d840e0aaaaaaaabb86dd600a843500140601128100000000000000000000000000bbfe8000000000000000000000000000aa00000000", @ANYRES32=0x41424344, @ANYRES32=0x41424344, @ANYBLOB="5002000090780000"], 0x0)
syz_emit_ethernet(0x4a, &(0x7f0000000440)=ANY=[@ANYBLOB="aaaaaaaaaaaa7f000000000086dd60ff00f500140600fe8000000000000a00000000000000bb65fb7c423563e76600000000000000aa07fe4e22", @ANYRES32=0x41424344, @ANYRES32=0x41424344, @ANYBLOB="50c2000090780005", @ANYRESOCT=r8, @ANYRES64, @ANYRESDEC=r3, @ANYRESHEX], 0x0)
setsockopt$IP_VS_SO_SET_ADD(r0, 0x0, 0x482, &(0x7f0000000000)={0x6, @local, 0x0, 0x0, 'lblcr\x00', 0x10, 0x8, 0x11}, 0x2c)
setsockopt$IP_VS_SO_SET_ADD(r0, 0x0, 0x483, &(0x7f0000000000)={0x6, @local, 0x0, 0x0, 'none\x00', 0x3a, 0xfffffffd, 0x7f}, 0x2c)

11.138326832s ago: executing program 5 (id=3818):
prlimit64(0x0, 0xe, &(0x7f0000000240)={0x8, 0x248}, 0x0)
sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x7)
r0 = getpid()
sched_setscheduler(r0, 0x2, &(0x7f0000000200)=0x6)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0xffffe000)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f00000001c0)={<r1=>0xffffffffffffffff, <r2=>0xffffffffffffffff})
connect$unix(r1, &(0x7f00000004c0)=@abs={0x0, 0x0, 0x4e21}, 0x6e)
sendmmsg$unix(r2, &(0x7f0000000000), 0x651, 0x0)
recvmmsg(r1, &(0x7f00000000c0), 0x3fffffffffffeda, 0x2, 0x0)
bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0x3, &(0x7f00000002c0)=@framed, &(0x7f0000000040)='GPL\x00', 0x40000000, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, 0x0, 0x0)
r3 = socket$nl_route(0x10, 0x3, 0x0)
sendmsg$nl_route(r3, &(0x7f0000000140)={0x0, 0x0, &(0x7f0000000080)={&(0x7f0000000000)=@newlink={0x34, 0x10, 0x801, 0x0, 0x0, {}, [@IFLA_XDP={0xc, 0x2b, 0x0, 0x1, [@IFLA_XDP_FD={0x8}]}, @IFLA_GROUP={0x8}]}, 0x34}}, 0x0)

9.745718324s ago: executing program 5 (id=3819):
r0 = socket$alg(0x26, 0x5, 0x0)
r1 = socket$inet_udp(0x2, 0x2, 0x0)
sendmmsg$unix(r1, &(0x7f00000029c0)=[{{&(0x7f0000000600)=@file={0x0, './file0\x00'}, 0x6e, 0x0, 0x0, &(0x7f0000000c00)=[@cred={{0x1c, 0x1, 0x24}}], 0x20, 0x24000010}}], 0x1, 0x0)
bind$alg(r0, &(0x7f0000000000)={0x26, 'hash\x00', 0x0, 0x0, 'ghash-generic\x00'}, 0x58)
setsockopt$ALG_SET_KEY(r0, 0x117, 0x1, &(0x7f0000000440)='\x00'/16, 0x10)
r2 = openat$tun(0xffffffffffffff9c, &(0x7f0000000000), 0x40241, 0x0)
ioctl$TUNSETIFF(r2, 0x400454ca, &(0x7f0000000200)={'syzkaller1\x00', 0xc201})
r3 = socket$kcm(0x2, 0x3, 0x2)
ioctl$SIOCSIFHWADDR(r3, 0x8914, &(0x7f0000000040)={'syzkaller1\x00', @broadcast})
r4 = accept4(r0, 0x0, 0x0, 0x80000)
accept4(r4, 0x0, 0x0, 0x0)
r5 = syz_usb_connect$hid(0x0, 0x36, &(0x7f0000000340)=ANY=[@ANYBLOB="12013f00000000407f04ffff000000000001090224000100000000090400001503000000092140000001220f000905", @ANYRES64], 0x0)
syz_usb_control_io(r5, 0x0, 0x0)
fanotify_init(0x4, 0x6ebfcc473c604fb8)
syz_usb_control_io(r5, &(0x7f0000000780)={0x2c, &(0x7f0000000140)=ANY=[@ANYBLOB="00000f00000009003d140f3c369197d09647190890"], 0x0, 0x0, 0x0, 0x0}, 0x0)
syz_usb_connect(0x3, 0x7f, &(0x7f0000000080)=ANY=[@ANYBLOB="12010000044d6b2099042510f69c00000001"], 0x0)
syz_open_dev$hiddev(&(0x7f0000000100), 0x0, 0x0)
r6 = socket$nl_route(0x10, 0x3, 0x0)
sendmsg$nl_route(r6, &(0x7f0000001140)={0x0, 0x0, &(0x7f0000001100)={&(0x7f00000010c0)=@ipv4_delrule={0x24, 0x21, 0x1, 0x70bd2c, 0x25dfdbfc, {0x2, 0x0, 0x14, 0x2, 0x0, 0x0, 0x0, 0x1, 0x8}, [@FRA_SRC={0x8, 0x2, @private=0xa010102}]}, 0x24}, 0x1, 0x0, 0x0, 0x20000000}, 0x8000)
r7 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000040), 0x20040, 0x0)
r8 = ioctl$KVM_CREATE_VM(r7, 0xae01, 0x0)
ioctl$KVM_SET_USER_MEMORY_REGION(r8, 0x4020ae46, &(0x7f0000000400)={0x0, 0x0, 0x0, 0x20002000, &(0x7f0000000000/0x2000)=nil})
r9 = ioctl$KVM_CREATE_VCPU(r8, 0xae41, 0x0)
syz_kvm_setup_cpu$x86(0xffffffffffffffff, r9, &(0x7f0000000000/0x18000)=nil, &(0x7f0000000140)=[@text64={0x40, &(0x7f0000000640)="430fc73f0f2390b9800000c00f3235010000000f300f20d835080000000f22d8c4e18173f53866baf80cb83879e487ef66bafc0cec66b88e008ec02d1aa80000460f1c460041ae", 0x47}], 0x1, 0x74, 0x0, 0x0)
write(0xffffffffffffffff, &(0x7f0000000040)='3', 0x1)
ioctl$KVM_RUN(r9, 0xae80, 0x0)

9.17702434s ago: executing program 7 (id=3821):
socket$inet6_mptcp(0xa, 0x1, 0x106)
sendmsg$NL80211_CMD_NEW_STATION(0xffffffffffffffff, &(0x7f0000000200)={0x0, 0x0, &(0x7f0000000040)={&(0x7f0000000000)=ANY=[@ANYBLOB="04000226", @ANYRES16=0x0, @ANYBLOB="00000000000000000004e800000008000317"], 0x1c}}, 0x0)
socket$nl_generic(0x10, 0x3, 0x10)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, 0x0, 0x0)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x88}, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000200)=0x4)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x2000000)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={<r0=>0xffffffffffffffff, <r1=>0xffffffffffffffff})
connect$unix(r0, &(0x7f000057eff8)=@abs, 0x6e)
sendmmsg$unix(r1, &(0x7f00000bd000), 0x318, 0x0)
recvmmsg(r0, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
r2 = socket$nl_route(0x10, 0x3, 0x0)
ioctl$sock_SIOCETHTOOL(r2, 0x8946, &(0x7f0000000040)={'veth1\x00', &(0x7f0000000000)=@ethtool_wolinfo={0x5, 0xab, 0x8, "ea4a05f19df6"}})

8.089515117s ago: executing program 4 (id=3822):
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000100)={<r0=>0xffffffffffffffff, <r1=>0xffffffffffffffff})
connect$unix(r0, &(0x7f000057eff8)=@abs, 0x6e)
sendmmsg$unix(r1, &(0x7f00000bd000), 0x318, 0x0)
recvmmsg(r0, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
syz_genetlink_get_family_id$ethtool(0x0, 0xffffffffffffffff)
sched_setattr(0x0, &(0x7f0000000280)={0x38, 0x5, 0x8, 0x8001, 0x0, 0x9, 0x0, 0xfffffdffffffffff, 0xfa11, 0xffffffff}, 0x0)
mmap(&(0x7f0000000000/0xff5000)=nil, 0xff5000, 0x1000002, 0x200000005c831, 0xffffffffffffffff, 0x0)
r2 = syz_open_dev$swradio(&(0x7f0000000080), 0x0, 0x2)
r3 = dup(r2)
read$FUSE(r3, &(0x7f0000005540)={0x2020}, 0x2020)
ioctl$VIDIOC_S_CTRL(r3, 0xc008561c, &(0x7f0000000000)={0xf0f046})
bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x0, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b704000000000000850000000100000095"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90)
r4 = syz_init_net_socket$bt_sco(0x1f, 0x5, 0x2)
bind$bt_sco(r4, &(0x7f0000000180)={0x1f, @none}, 0x8)
setsockopt$bt_BT_VOICE(r4, 0x112, 0x13, 0x0, 0x0)
r5 = bpf$MAP_CREATE(0x0, &(0x7f0000000180)=ANY=[@ANYBLOB="0b00000005000000000400000900000001"], 0x48)
bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000800000000000000000000018110000", @ANYRES32=r5], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90)
r6 = socket$inet6_tcp(0xa, 0x1, 0x0)
ioctl$sock_SIOCETHTOOL(r6, 0x89f0, &(0x7f0000001440)={'bridge0\x00', &(0x7f0000000100)=@ethtool_ringparam={0x7, 0x0, 0x2, 0x0, 0xfffffff8, 0x900}})
bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90)
sendmsg(0xffffffffffffffff, &(0x7f0000000000)={0x0, 0x0, 0x0, 0x0, &(0x7f00000000c0)=ANY=[@ANYBLOB="e8000000000000000b210000ff3f7c081e0f315b91fcaec7bf495d5c618332756cbb1bb9ce6d12b9d976d1f33aca41e50a3342bcd67c311f7885a05c3fcf2ae21f1498ec481e7ca2c3ca4c7b3bf94448f62e111e5a79929b9182cc977ba6ae766ce37bdaac6da997fbc15f0c79f42155b99a280667b51fdc7902d7be5ef41f953fedb32aceeada13250626957e2013d5b12cc916541ccbeb0d4060a4dd89664eaba2f6b4ede0c9e3dc1c9446d9284ebe0e46eee7bc145ff0a2779c025553298812978ea53a8c60f254f23344a80a0aac7b141787bad6b0ba090000005f2f3158f0d200000000000070000000000000000701000040000000afbb30c2946e41ef3167d1f6ed47aa1f52bad114a89dbed741f74a23cd8d915e2dcc74a4932646b90f90a9d3956d5cadb642ac79fcb0aae3654482188263abd27e9d57cc28032453dc75f333e1f367ab38b7e7719805a454e79802d07ec60c00b000000000000000"], 0x208}, 0x0)
socketpair(0x1, 0x5, 0x0, &(0x7f0000000240)={<r7=>0xffffffffffffffff, <r8=>0xffffffffffffffff})
sendmsg(r7, &(0x7f0000000300)={0x0, 0x0, 0x0, 0x0, &(0x7f00000000c0)=ANY=[], 0x208}, 0x0)
fgetxattr(0xffffffffffffffff, &(0x7f0000000380)=ANY=[@ANYBLOB="627472732e7d232b0011032f62d4405b1e3fe24c8f87f779a1702f8dc6e966b220ce08eca8f377f501ed16ffa1ef10191c3452fdbc37dcfeff5c3052d03c11ca04c08ebdcdc976d137a19fb512658c4f2d5ed754ed92e7cedc895ec7b6a8719cc65c13d3b2520386380d"], &(0x7f0000000340)=""/42, 0x2a)
close_range(0xffffffffffffffff, 0xffffffffffffffff, 0x2)
recvmmsg(r8, &(0x7f0000001dc0)=[{{0x0, 0x0, 0x0, 0x0, &(0x7f0000000400)=""/188, 0xbc, 0xdf0e}}], 0x1800, 0x2002, 0x0)

7.934162498s ago: executing program 2 (id=3823):
openat$vnet(0xffffffffffffff9c, &(0x7f0000000080), 0x2, 0x0)
r0 = openat$binderfs(0xffffffffffffff9c, &(0x7f0000000300)='./binderfs/binder0\x00', 0x0, 0x0)
ioctl$BINDER_SET_CONTEXT_MGR_EXT(r0, 0x4018620d, &(0x7f0000000100)={0x73622a85, 0x0, 0x2})
r1 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000240)={0x11, 0x4, &(0x7f0000000040)=ANY=[@ANYBLOB="18010000000000000000000000000000850000006d00000095"], &(0x7f0000000100)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x8, '\x00', 0x0, 0x2}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000080)={&(0x7f0000000000)='sched_switch\x00', r1}, 0x18)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x88}, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000180)=0x7)
r2 = getpid()
sched_setscheduler(r2, 0x2, &(0x7f0000000200)=0x7)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={<r3=>0xffffffffffffffff, <r4=>0xffffffffffffffff})
connect$unix(r3, &(0x7f000057eff8)=@abs, 0x6e)
sendmmsg$unix(r4, &(0x7f0000000000), 0x651, 0x0)
recvmmsg(r3, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000000)=0x6)
mount$tmpfs(0x0, &(0x7f0000000000)='./file1\x00', &(0x7f0000000080), 0x8000, &(0x7f00000024c0)=ANY=[@ANYBLOB='quota'])
openat(0xffffffffffffff9c, &(0x7f0000004d00)='./file1\x00', 0x250942, 0x1cd)
r5 = socket$nl_generic(0x10, 0x3, 0x10)
sendmsg$nl_generic(r5, &(0x7f0000000140)={0x0, 0x5, &(0x7f0000001ac0)={&(0x7f0000001b00)={0x18, 0x2d, 0x1, 0x70bd26, 0x25dfdbfc, {0x4, 0x0, 0x300}, [@nested={0x4, 0xe}]}, 0x18}, 0x1, 0x0, 0x0, 0x4000d}, 0x20000000)

7.446842092s ago: executing program 6 (id=3824):
socket$nl_generic(0x10, 0x3, 0x10)
openat$sw_sync_info(0xffffffffffffff9c, &(0x7f00000002c0), 0x0, 0x0)
r0 = syz_open_dev$dri(&(0x7f0000000000), 0x1ff, 0x0)
ioctl$DRM_IOCTL_WAIT_VBLANK(r0, 0xc018643a, &(0x7f0000000240)={0x1, 0x101})
socket$nl_route(0x10, 0x3, 0x0)
socket$inet_smc(0x2b, 0x1, 0x0)
ioctl$KVM_CREATE_VM(0xffffffffffffffff, 0xae01, 0x0)
r1 = syz_usb_connect(0x0, 0x24, &(0x7f0000000000)=ANY=[@ANYBLOB="1201000075f84c1071042703a461000000010902120001000000000904"], 0x0)
syz_usb_control_io$hid(r1, 0x0, &(0x7f00000003c0)={0x2c, &(0x7f00000009c0)=ANY=[], 0x0, 0x0, 0x0, 0x0})
syz_usb_control_io(r1, 0x0, 0x0)

7.046975785s ago: executing program 2 (id=3825):
r0 = socket$inet_smc(0x2b, 0x1, 0x0)
bind$inet6(0xffffffffffffffff, &(0x7f0000000140)={0xa, 0x4e22}, 0x1c)
socketpair$unix(0x1, 0x3, 0x0, &(0x7f0000000080)={<r1=>0xffffffffffffffff, <r2=>0xffffffffffffffff})
connect$unix(r1, &(0x7f000057eff8)=@abs, 0x6e)
sendmmsg$unix(r2, &(0x7f00000bd000), 0x318, 0x0)
recvmmsg(r1, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
r3 = socket$nl_netfilter(0x10, 0x3, 0xc)
sched_setattr(0x0, &(0x7f0000000280)={0x38, 0x3, 0x48, 0x28001, 0xfffffffa, 0xfffffffffffffe01, 0x0, 0xfffffe0000000001, 0x1fa11, 0x8}, 0x0)
mlock(&(0x7f0000000000/0x800000)=nil, 0x800000)
mremap(&(0x7f000054e000/0x1000)=nil, 0x1000, 0x3000, 0x3, &(0x7f000022c000/0x3000)=nil)
bpf$BPF_BTF_LOAD(0x12, 0x0, 0x0)
r4 = socket$nl_route(0x10, 0x3, 0x0)
sendmsg$nl_route(r4, 0x0, 0x0)
timer_create(0x2, 0x0, &(0x7f0000000540)=<r5=>0x0)
timer_gettime(r5, &(0x7f00000005c0))
timer_settime(r5, 0x1, &(0x7f00000000c0)={{0x0, 0x3938700}, {0x0, 0x3938700}}, &(0x7f0000000180))
r6 = openat$kvm(0xffffffffffffff9c, 0x0, 0x0, 0x0)
r7 = ioctl$KVM_CREATE_VM(r6, 0xae01, 0x0)
r8 = ioctl$KVM_CREATE_VCPU(r7, 0xae41, 0x0)
sendmsg$nl_route_sched(0xffffffffffffffff, &(0x7f00000002c0)={0x0, 0x0, &(0x7f0000000280)={0x0}, 0x1, 0x0, 0x0, 0x20004015}, 0x2404c8c0)
socket$inet6_tcp(0xa, 0x1, 0x0)
sendmsg$nl_route(0xffffffffffffffff, 0x0, 0x0)
r9 = socket$netlink(0x10, 0x3, 0x0)
sendmmsg(r9, &(0x7f00000002c0), 0x40000000000009f, 0x0)
listen(0xffffffffffffffff, 0x0)
syz_emit_ethernet(0x4a, &(0x7f00000001c0)=ANY=[@ANYBLOB="aaaaaaaaaaaaaa8d17ce35d840e0aaaaaaaabb86dd600a843500140601128100000000000000000000000000bbfe8000000000000000000000000000aa00000000", @ANYRES32=0x41424344, @ANYRES32=0x41424344, @ANYBLOB="5002000090780000"], 0x0)
syz_emit_ethernet(0x4a, &(0x7f0000000440)=ANY=[@ANYBLOB="aaaaaaaaaaaa7f000000000086dd60ff00f500140600fe8000000000000a00000000000000bb65fb7c423563e76600000000000000aa07fe4e22", @ANYRES32=0x41424344, @ANYRES32=0x41424344, @ANYBLOB="50c2000090780005", @ANYRESOCT=r8, @ANYRES64, @ANYRESDEC=r3, @ANYRESHEX], 0x0)
setsockopt$IP_VS_SO_SET_ADD(r0, 0x0, 0x482, &(0x7f0000000000)={0x6, @local, 0x0, 0x0, 'lblcr\x00', 0x10, 0x8, 0x11}, 0x2c)
setsockopt$IP_VS_SO_SET_ADD(r0, 0x0, 0x483, &(0x7f0000000000)={0x6, @local, 0x0, 0x0, 'none\x00', 0x3a, 0xfffffffd, 0x7f}, 0x2c)

6.972344189s ago: executing program 7 (id=3826):
bpf$PROG_LOAD(0x5, &(0x7f0000000240)={0x1, 0x3, &(0x7f0000000040)=@framed={{0xffffffb7, 0x5, 0x0, 0x0, 0x0, 0x61, 0x10, 0x73}}, &(0x7f00000002c0)='GPL\x00', 0x5, 0xbc, &(0x7f0000000300)=""/188, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x8, &(0x7f0000000000), 0x8, 0x10, &(0x7f0000000080), 0x10}, 0x94)
r0 = socket$inet6_udplite(0xa, 0x2, 0x88)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0)
sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x7)
r1 = getpid()
syz_open_dev$usbfs(&(0x7f00000001c0), 0x8, 0x80)
sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2)
bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x16, 0xc, 0x0, &(0x7f0000000200)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback=0x4, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
bpf$BPF_PROG_TEST_RUN(0xa, 0x0, 0x0)
sched_setscheduler(r1, 0x2, &(0x7f0000000200)=0x4)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeef, 0x8031, 0xffffffffffffffff, 0x0)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={<r2=>0xffffffffffffffff, <r3=>0xffffffffffffffff})
connect$unix(r2, &(0x7f000057eff8)=@file={0x0, './file0\x00'}, 0x6e)
sendmmsg$unix(r3, &(0x7f0000000000), 0x400000000000041, 0x0)
recvmmsg(r2, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
r4 = fsopen(&(0x7f0000000440)='ubifs\x00', 0x0)
fsconfig$FSCONFIG_SET_STRING(r4, 0x1, &(0x7f0000000b40)='source', &(0x7f0000000040)='c:::\x00', 0x0)
fsconfig$FSCONFIG_CMD_CREATE(r4, 0x6, 0x0, 0x0, 0x0)
utimensat(0xffffffffffffff9c, &(0x7f00000003c0)='.\x00', 0x0, 0x0)
r5 = syz_open_dev$tty1(0xc, 0x4, 0x1)
ioctl$VT_RESIZEX(r5, 0x560a, &(0x7f00000006c0)={0x4, 0x0, 0x0, 0x0, 0x132, 0x3})
mount(0x0, &(0x7f0000000100)='.\x00', &(0x7f0000002280)='vxfs\x00', 0x1000080, 0x0)
ioctl$sock_SIOCETHTOOL(r0, 0x89f1, &(0x7f0000000400)={'ip6gre0\x00', &(0x7f0000000700)=@ethtool_per_queue_op={0x4b, 0xf, [0x2000f68f, 0x8, 0x9, 0x10001ff, 0x8, 0x4, 0xe97, 0x4, 0x6, 0xecbf, 0xff, 0x101, 0x7, 0x203, 0x3d, 0x5e, 0x1000, 0x1, 0xf557, 0x2, 0x5, 0x9b5, 0xce, 0x2, 0x3, 0xe52f, 0xaa8, 0x80000000, 0x1, 0xe9c4, 0xcd8, 0x6c, 0x6, 0x67a, 0xd, 0x7, 0x81, 0x6, 0x6, 0x3da, 0x3, 0xfffffffc, 0xfd2, 0x6, 0x8, 0x800, 0xfffff801, 0x2b, 0xa, 0x0, 0x6, 0x3, 0x5, 0x0, 0x6, 0x8, 0x23, 0xff, 0x3, 0x10, 0x3, 0xffffffff, 0x6, 0x6000004, 0xd1, 0xf, 0x4, 0xa, 0x0, 0x3ff, 0x80000000, 0x8000, 0x3, 0x5, 0x2, 0x0, 0xdb4bf975, 0x9, 0xd, 0x4, 0x2, 0x0, 0xd, 0x6, 0x3, 0x0, 0x10, 0x1, 0xfffffffc, 0x9, 0x7ff, 0x7, 0x2, 0xbde, 0x37, 0xb, 0x4, 0x1, 0x9, 0x6, 0x7fff, 0x1, 0x704, 0x33e4, 0x401, 0x5, 0x7fff, 0x8, 0x100, 0x3, 0xfffffffd, 0x2, 0x6, 0x8, 0x9, 0x7, 0x200, 0x9, 0xe, 0x81, 0x0, 0x4, 0x5, 0x5, 0x8, 0x3, 0x1, 0xfffffffa], "354d52859e67242784b2d116258cd674e6f7a8a6a4121e789c83baf4c3a50a398640a4dc2fc81b58dbb571267492b55e6c08c88024448cb2ef70a24171f84c9efbacb6b98c218e44bd5e54b7fcfbb9df68a48f2a788ee358d193c551deed"}})
socket$nl_route(0x10, 0x3, 0x0)
socket$nl_generic(0x10, 0x3, 0x10)
socket$qrtr(0x2a, 0x2, 0x0)
bpf$PROG_LOAD(0x5, &(0x7f0000000480)={0xa, 0x8, &(0x7f00000003c0)=ANY=[@ANYBLOB="18020000000000000000000000000000850000008700000018110000", @ANYRES32, @ANYBLOB="0000000000000000b702000000000000850000008600000095"], &(0x7f0000000400)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback=0x24, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)

6.592993198s ago: executing program 4 (id=3827):
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000100)={<r0=>0xffffffffffffffff, <r1=>0xffffffffffffffff})
connect$unix(r0, &(0x7f000057eff8)=@abs, 0x6e)
sendmmsg$unix(r1, &(0x7f00000bd000), 0x318, 0x0)
recvmmsg(r0, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
syz_genetlink_get_family_id$ethtool(0x0, 0xffffffffffffffff)
sched_setattr(0x0, &(0x7f0000000280)={0x38, 0x5, 0x8, 0x8001, 0x0, 0x9, 0x0, 0xfffffdffffffffff, 0xfa11, 0xffffffff}, 0x0)
mmap(&(0x7f0000000000/0xff5000)=nil, 0xff5000, 0x1000002, 0x200000005c831, 0xffffffffffffffff, 0x0)
r2 = syz_open_dev$swradio(&(0x7f0000000080), 0x0, 0x2)
r3 = dup(r2)
read$FUSE(r3, &(0x7f0000005540)={0x2020}, 0x2020)
ioctl$VIDIOC_S_CTRL(r3, 0xc008561c, &(0x7f0000000000)={0xf0f046})
bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x0, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b704000000000000850000000100000095"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90)
r4 = syz_init_net_socket$bt_sco(0x1f, 0x5, 0x2)
bind$bt_sco(r4, &(0x7f0000000180)={0x1f, @none}, 0x8)
setsockopt$bt_BT_VOICE(r4, 0x112, 0x13, 0x0, 0x0)
r5 = bpf$MAP_CREATE(0x0, &(0x7f0000000180)=ANY=[@ANYBLOB="0b00000005000000000400000900000001"], 0x48)
bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000800000000000000000000018110000", @ANYRES32=r5], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90)
r6 = socket$inet6_tcp(0xa, 0x1, 0x0)
ioctl$sock_SIOCETHTOOL(r6, 0x89f0, &(0x7f0000001440)={'bridge0\x00', &(0x7f0000000100)=@ethtool_ringparam={0x7, 0x0, 0x2, 0x0, 0xfffffff8, 0x900}})
r7 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90)
r8 = bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000080)={&(0x7f0000000040)='sched_switch\x00', r7}, 0x10)
socketpair(0x1, 0x5, 0x0, &(0x7f0000000240)={<r9=>0xffffffffffffffff, <r10=>0xffffffffffffffff})
sendmsg(r9, &(0x7f0000000300)={0x0, 0x0, 0x0, 0x0, &(0x7f00000000c0)=ANY=[], 0x208}, 0x0)
fgetxattr(r8, &(0x7f0000000380)=ANY=[@ANYBLOB="627472732e7d232b0011032f62d4405b1e3fe24c8f87f779a1702f8dc6e966b220ce08eca8f377f501ed16ffa1ef10191c3452fdbc37dcfeff5c3052d03c11ca04c08ebdcdc976d137a19fb512658c4f2d5ed754ed92e7cedc895ec7b6a8719cc65c13d3b2520386380d"], &(0x7f0000000340)=""/42, 0x2a)
close_range(0xffffffffffffffff, 0xffffffffffffffff, 0x2)
recvmmsg(r10, &(0x7f0000001dc0)=[{{0x0, 0x0, 0x0, 0x0, &(0x7f0000000400)=""/188, 0xbc, 0xdf0e}}], 0x1800, 0x2002, 0x0)

5.70289055s ago: executing program 7 (id=3828):
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0)
r0 = syz_open_dev$ptys(0xc, 0x3, 0x0)
ioctl$TCSETAF(r0, 0x5408, &(0x7f0000002100)={0x3, 0x0, 0x9, 0x1, 0x14, "888da7a91c04792a"})
sendmmsg$inet6(0xffffffffffffffff, &(0x7f0000000ac0)=[{{&(0x7f0000000180)={0xa, 0x0, 0x0, @empty}, 0x1c, 0x0}}], 0x17fd147c801ae9ab, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000640)=0x2)
sched_setaffinity(0x0, 0x8, &(0x7f0000000280)=0x2)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
r1 = syz_open_dev$MSR(&(0x7f00000001c0), 0x0, 0x0)
read$msr(r1, &(0x7f0000019680)=""/102392, 0x18ff8)
syz_open_dev$sndmidi(&(0x7f0000002140), 0x3ff, 0x100100)
syz_init_net_socket$802154_dgram(0x24, 0x2, 0x0)
openat$selinux_avc_cache_stats(0xffffffffffffff9c, 0x0, 0x0, 0x0)
r2 = openat$procfs(0xffffffffffffff9c, &(0x7f0000000040)='/proc/diskstats\x00', 0x0, 0x0)
read$FUSE(r2, &(0x7f00000000c0)={0x2020}, 0x2020)

5.632793772s ago: executing program 5 (id=3829):
socketpair$unix(0x1, 0x3, 0x0, &(0x7f0000000080)={<r0=>0xffffffffffffffff, <r1=>0xffffffffffffffff})
connect$unix(r0, &(0x7f000057eff8)=@abs, 0x6e)
sendmmsg$unix(r1, &(0x7f00000bd000), 0x318, 0x0)
recvmmsg(r0, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
openat$6lowpan_control(0xffffffffffffff9c, 0x0, 0x2, 0x0)
mlock(&(0x7f0000000000/0x800000)=nil, 0x800000)
sendmsg(r0, 0x0, 0x400c040)
mremap(&(0x7f000054e000/0x1000)=nil, 0x1000, 0x3000, 0x3, &(0x7f0000530000/0x3000)=nil)
r2 = gettid()
r3 = syz_open_procfs(0x0, 0x0)
writev(r3, &(0x7f0000000100)=[{&(0x7f0000000000)='4', 0x1}], 0x1)
mbind(&(0x7f0000001000/0x800000)=nil, 0x800000, 0x1, 0x0, 0x7, 0x2)
move_pages(r2, 0x1, &(0x7f0000000240)=[&(0x7f000062e000/0x3000)=nil], 0x0, 0x0, 0x2)
r4 = syz_init_net_socket$nfc_llcp(0x27, 0x1, 0x1)
bpf$PROG_LOAD(0x5, &(0x7f00000002c0)={0x17, 0xc, 0x0, 0x0, 0x0, 0x0, 0x0, 0x41000, 0x6c, '\x00', 0x0, @fallback=0x1c, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0}, 0x94)
r5 = syz_open_dev$dri(&(0x7f0000000080), 0x1, 0x0)
ioctl$DRM_IOCTL_MODE_GETRESOURCES(0xffffffffffffffff, 0xc04064a0, &(0x7f0000000200)={0x0, &(0x7f0000000140)=[<r6=>0x0], 0x0, 0x0, 0x0, 0x1})
ioctl$DRM_IOCTL_MODE_ATOMIC(r5, 0xc03864bc, &(0x7f0000000040)={0x0, 0x1, &(0x7f0000000380)=[r6], &(0x7f00000003c0)=[0x7], &(0x7f0000000300)=[0x0], &(0x7f0000000180)=[0x31], 0x0, 0xff})
setsockopt$nfc_llcp_NFC_LLCP_MIUX(r4, 0x118, 0x1, &(0x7f0000000080)=0x10003a4, 0x4)

5.271673959s ago: executing program 2 (id=3830):
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000100)={<r0=>0xffffffffffffffff, <r1=>0xffffffffffffffff})
connect$unix(r0, &(0x7f000057eff8)=@abs, 0x6e)
sendmmsg$unix(r1, &(0x7f00000bd000), 0x318, 0x0)
recvmmsg(r0, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
syz_genetlink_get_family_id$ethtool(0x0, 0xffffffffffffffff)
sched_setattr(0x0, &(0x7f0000000280)={0x38, 0x5, 0x8, 0x8001, 0x0, 0x9, 0x0, 0xfffffdffffffffff, 0xfa11, 0xffffffff}, 0x0)
mmap(&(0x7f0000000000/0xff5000)=nil, 0xff5000, 0x1000002, 0x200000005c831, 0xffffffffffffffff, 0x0)
r2 = syz_open_dev$swradio(&(0x7f0000000080), 0x0, 0x2)
r3 = dup(r2)
read$FUSE(r3, &(0x7f0000005540)={0x2020}, 0x2020)
ioctl$VIDIOC_S_CTRL(r3, 0xc008561c, &(0x7f0000000000)={0xf0f046})
bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x0, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b704000000000000850000000100000095"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90)
r4 = syz_init_net_socket$bt_sco(0x1f, 0x5, 0x2)
bind$bt_sco(r4, &(0x7f0000000180)={0x1f, @none}, 0x8)
setsockopt$bt_BT_VOICE(r4, 0x112, 0x13, 0x0, 0x0)
r5 = bpf$MAP_CREATE(0x0, &(0x7f0000000180)=ANY=[@ANYBLOB="0b00000005000000000400000900000001"], 0x48)
bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000800000000000000000000018110000", @ANYRES32=r5], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90)
r6 = socket$inet6_tcp(0xa, 0x1, 0x0)
ioctl$sock_SIOCETHTOOL(r6, 0x89f0, &(0x7f0000001440)={'bridge0\x00', &(0x7f0000000100)=@ethtool_ringparam={0x7, 0x0, 0x2, 0x0, 0xfffffff8, 0x900}})
bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90)
sendmsg(0xffffffffffffffff, &(0x7f0000000000)={0x0, 0x0, 0x0, 0x0, &(0x7f00000000c0)=ANY=[@ANYBLOB="e8000000000000000b210000ff3f7c081e0f315b91fcaec7bf495d5c618332756cbb1bb9ce6d12b9d976d1f33aca41e50a3342bcd67c311f7885a05c3fcf2ae21f1498ec481e7ca2c3ca4c7b3bf94448f62e111e5a79929b9182cc977ba6ae766ce37bdaac6da997fbc15f0c79f42155b99a280667b51fdc7902d7be5ef41f953fedb32aceeada13250626957e2013d5b12cc916541ccbeb0d4060a4dd89664eaba2f6b4ede0c9e3dc1c9446d9284ebe0e46eee7bc145ff0a2779c025553298812978ea53a8c60f254f23344a80a0aac7b141787bad6b0ba090000005f2f3158f0d200000000000070000000000000000701000040000000afbb30c2946e41ef3167d1f6ed47aa1f52bad114a89dbed741f74a23cd8d915e2dcc74a4932646b90f90a9d3956d5cadb642ac79fcb0aae3654482188263abd27e9d57cc28032453dc75f333e1f367ab38b7e7719805a454e79802d07ec60c00b000000000000000"], 0x208}, 0x0)
socketpair(0x1, 0x5, 0x0, &(0x7f0000000240)={<r7=>0xffffffffffffffff, <r8=>0xffffffffffffffff})
sendmsg(r7, &(0x7f0000000300)={0x0, 0x0, 0x0, 0x0, &(0x7f00000000c0)=ANY=[], 0x208}, 0x0)
fgetxattr(0xffffffffffffffff, &(0x7f0000000380)=ANY=[@ANYBLOB="627472732e7d232b0011032f62d4405b1e3fe24c8f87f779a1702f8dc6e966b220ce08eca8f377f501ed16ffa1ef10191c3452fdbc37dcfeff5c3052d03c11ca04c08ebdcdc976d137a19fb512658c4f2d5ed754ed92e7cedc895ec7b6a8719cc65c13d3b2520386380d"], &(0x7f0000000340)=""/42, 0x2a)
close_range(0xffffffffffffffff, 0xffffffffffffffff, 0x2)
recvmmsg(r8, &(0x7f0000001dc0)=[{{0x0, 0x0, 0x0, 0x0, &(0x7f0000000400)=""/188, 0xbc, 0xdf0e}}], 0x1800, 0x2002, 0x0)

5.071097603s ago: executing program 7 (id=3831):
r0 = socket$inet_tcp(0x2, 0x1, 0x0)
setsockopt$inet_tcp_int(r0, 0x6, 0x210000000013, &(0x7f00000000c0)=0x100000001, 0x4)
r1 = socket$inet(0x2, 0x3, 0x4)
r2 = socket$kcm(0x11, 0x20000000000000a, 0x300)
r3 = openat$tun(0xffffffffffffff9c, &(0x7f0000000240), 0x0, 0x0)
ioctl$TUNSETIFF(r3, 0x400454ca, &(0x7f0000000040)={'syzkaller0\x00', 0x7101})
r4 = socket(0x400000000010, 0x3, 0x0)
r5 = socket$unix(0x1, 0x5, 0x0)
ioctl$sock_SIOCGIFINDEX(r5, 0x8933, &(0x7f0000000100)={'syzkaller0\x00'})
sendmsg$nl_route_sched(r4, 0x0, 0x0)
bind$inet6(r4, &(0x7f0000000280)={0xa, 0x4e24, 0x56c0, @dev={0xfe, 0x80, '\x00', 0x35}, 0x5}, 0x1c)
setsockopt$sock_attach_bpf(r2, 0x1, 0x28, &(0x7f0000000000), 0x4)
recvmsg(r2, &(0x7f00000002c0)={0x0, 0x0, 0x0}, 0x0)
setsockopt$inet_opts(r1, 0x0, 0x4, &(0x7f0000000000)="8907040400", 0x5)
setsockopt$SO_BINDTODEVICE(r1, 0x1, 0x19, &(0x7f00000000c0)='ip6_vti0\x00', 0x10)
connect$inet(r1, &(0x7f0000000080)={0x2, 0x4e20, @private=0xa010100}, 0x10)
syz_open_dev$dri(&(0x7f0000000140), 0x1, 0x931ec631ea68ce3b)
r6 = syz_clone(0x0, 0x0, 0x0, 0x0, 0x0, 0x0)
r7 = syz_open_dev$usbmon(0x0, 0x2, 0x800)
ioctl$MON_IOCX_GET(r7, 0x400c9206, 0x0)
ptrace(0x10, r6)
r8 = syz_io_uring_setup(0xd2, &(0x7f0000000440)={0x0, 0x4003, 0x800, 0x203, 0x21d}, &(0x7f0000000040)=<r9=>0x0, &(0x7f0000000080)=<r10=>0x0)
syz_memcpy_off$IO_URING_METADATA_GENERIC(r9, 0x4, &(0x7f0000000180)=0xfffffffc, 0x0, 0x4)
syz_io_uring_submit(r9, r10, &(0x7f0000000200)=@IORING_OP_WRITEV={0x2, 0x0, 0x0, @fd_index=0x4, 0x0, 0x0})
io_uring_enter(r8, 0x47ba, 0x0, 0x0, 0x0, 0x0)
wait4(0x0, 0x0, 0x0, 0x0)
socket$nl_generic(0x10, 0x3, 0x10)

4.589072569s ago: executing program 7 (id=3832):
socketpair$unix(0x1, 0x3, 0x0, &(0x7f0000000080)={<r0=>0xffffffffffffffff, <r1=>0xffffffffffffffff})
connect$unix(r0, &(0x7f000057eff8)=@abs, 0x6e)
sendmmsg$unix(r1, &(0x7f00000bd000), 0x318, 0x0)
recvmmsg(r0, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
sendmsg(r1, &(0x7f0000000180)={0x0, 0x0, 0x0}, 0x0)
sched_setattr(0x0, &(0x7f0000000100)={0x38, 0x5, 0x0, 0x0, 0x0, 0xb4b, 0x9, 0x8, 0x0, 0x400003}, 0x0)
r2 = add_key(&(0x7f0000000000)='cifs.idmap\x00', &(0x7f0000000040)={'syz', 0x3}, 0x0, 0x0, 0xfffffffffffffffd)
r3 = syz_open_procfs(0x0, &(0x7f0000000400)='attr\x00')
process_vm_writev(0x0, &(0x7f0000001c80), 0x0, 0x0, 0x0, 0x0)
pread64(r3, 0x0, 0x0, 0x3c)
ioctl$vim2m_VIDIOC_S_FMT(r3, 0xc0d05605, &(0x7f0000000300)={0x0, @sliced={0x4, [0x0, 0x4, 0x2, 0x7, 0x0, 0x1, 0x4, 0x5, 0x8, 0x9, 0x1, 0x665, 0x4e, 0x200, 0x2f6, 0xfc01, 0x5, 0x9, 0x8, 0x643, 0x5, 0x1, 0x298b, 0x7, 0x7, 0x8010, 0x8, 0x639, 0x3, 0xfffd, 0x87b8, 0xb, 0x8, 0x2, 0xa, 0x2, 0x8001, 0x7c, 0xc, 0x4, 0x8001, 0xb, 0x1ff, 0x0, 0x7, 0x8, 0x948, 0xc], 0x8b}})
syz_open_dev$vbi(&(0x7f0000000140), 0x3, 0x2)
r4 = socket$nl_netfilter(0x10, 0x3, 0xc)
sendmsg$NFT_BATCH(r4, &(0x7f000000c2c0)={0x0, 0x0, &(0x7f0000000200)={&(0x7f0000000340)=ANY=[@ANYBLOB="140000001000010000000000000000000000000a28000000000a0101000000005e1affd5020000000900010073797a300000000008000240000000032c000000030a01030000e6ff00000000020000000900010073797a30000000000900030073797a320000000014000000110001"], 0x7c}}, 0x0)
sendmsg$NFT_BATCH(r4, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000040)={&(0x7f00000005c0)={{0x14}, [@NFT_MSG_NEWRULE={0x78, 0x6, 0xa, 0x40b, 0x0, 0x0, {0x2, 0x0, 0xfffe}, [@NFTA_RULE_EXPRESSIONS={0x4c, 0x4, 0x0, 0x1, [{0x28, 0x1, 0x0, 0x1, @fib={{0x8}, @val={0x1c, 0x2, 0x0, 0x1, [@NFTA_FIB_FLAGS={0x8, 0x3, 0x1, 0x0, 0x6}, @NFTA_FIB_RESULT={0x8, 0x2, 0x1, 0x0, 0x2}, @NFTA_FIB_DREG={0x8, 0x1, 0x1, 0x0, 0x9}]}}}, {0x20, 0x1, 0x0, 0x1, @ct={{0x7}, @val={0x14, 0x2, 0x0, 0x1, [@NFTA_CT_KEY={0x8, 0x2, 0x1, 0x0, 0x11}, @NFTA_CT_SREG={0x8, 0x4, 0x1, 0x0, 0xc}]}}}]}, @NFTA_RULE_TABLE={0x9, 0x1, 'syz0\x00'}, @NFTA_RULE_CHAIN={0x9, 0x2, 'syz2\x00'}]}], {0x14, 0x11, 0x1, 0x0, 0x0, {0x5}}}, 0xa0}}, 0x0)
keyctl$read(0x20, r2, 0x0, 0x0)
r5 = add_key$keyring(&(0x7f0000000280), &(0x7f00000002c0)={'syz', 0x0}, 0x0, 0x0, r2)
keyctl$setperm(0x5, r5, 0x52b242d)
request_key(&(0x7f00000001c0)='keyring\x00', 0x0, 0x0, r5)
socket$nl_generic(0x10, 0x3, 0x10)
syz_genetlink_get_family_id$ethtool(&(0x7f0000000540), 0xffffffffffffffff)
r6 = socket$igmp(0x2, 0x3, 0x2)
fgetxattr(r6, &(0x7f0000000000)=@random={'security.', '\x00'}, &(0x7f0000000040)=""/1, 0x1)
syz_usb_connect(0x0, 0x3e, 0x0, 0x0)
r7 = socket$inet6_tcp(0xa, 0x1, 0x0)
setsockopt$inet6_tcp_int(r7, 0x6, 0x13, &(0x7f0000000100)=0x100000001, 0x4)
setsockopt$inet6_tcp_TCP_ULP(r7, 0x6, 0x1f, &(0x7f0000000140), 0x4)

4.048546222s ago: executing program 6 (id=3833):
socket$nl_route(0x10, 0x3, 0x0)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
connect$bt_l2cap(0xffffffffffffffff, &(0x7f00000000c0)={0x1f, 0x8, @none, 0x3ff}, 0xe)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000280)=0x4)
sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
r0 = syz_open_dev$MSR(&(0x7f00000001c0), 0x0, 0x0)
read$msr(r0, &(0x7f0000032680)=""/102392, 0x18ff8)
r1 = socket$inet(0x10, 0x3, 0x0)
ioctl$sock_SIOCGIFINDEX(r1, 0x8933, &(0x7f0000000300)={'bond0\x00', <r2=>0x0})
sendmsg$nl_route_sched(0xffffffffffffffff, &(0x7f00000007c0)={0x0, 0x0, &(0x7f0000000780)={&(0x7f00000000c0)=@newqdisc={0x8c, 0x24, 0xf0b, 0x70bd2b, 0x0, {0x0, 0x0, 0x12, r2, {}, {0xffff, 0xffff}, {0x2, 0xe}}, [@qdisc_kind_options=@q_taprio={{0xb}, {0x5c, 0x2, [@TCA_TAPRIO_ATTR_PRIOMAP={0x56, 0x1, {0x2, [0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1], 0x0, [0x5, 0x4, 0x2, 0x0, 0x8, 0x0, 0x9, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xffff, 0x3], [0x0, 0x8, 0x0, 0x0, 0x5]}}]}}]}, 0x8c}, 0x1, 0x0, 0x0, 0x20000040}, 0x0)
openat$dsp(0xffffffffffffff9c, &(0x7f00000003c0), 0x101a02, 0x0)
syz_usb_ep_write(0xffffffffffffffff, 0x81, 0x0, 0x0)
r3 = openat$iommufd(0xffffffffffffff9c, 0x0, 0x80, 0x0)
ioctl$IOMMU_IOAS_ALLOC(r3, 0x3b81, &(0x7f0000000040)={0xc, 0x0, <r4=>0x0})
r5 = socket$inet_tcp(0x2, 0x1, 0x0)
getsockopt$inet_tcp_TCP_REPAIR_WINDOW(r5, 0x6, 0x2e, 0x0, &(0x7f00000001c0))
fsmount(0xffffffffffffffff, 0x1, 0x80)
ioctl$IOMMU_TEST_OP_MOCK_DOMAIN(r3, 0x3ba0, &(0x7f0000000100)={0x48, 0x2, r4})
ioctl$IOMMU_IOAS_MAP$PAGES(r3, 0x3b85, &(0x7f0000000180)={0x28, 0x0, r4, 0x0, &(0x7f0000ffa000/0x3000)=nil, 0x3000, 0x100000000})
setsockopt$IP_VS_SO_SET_ADD(0xffffffffffffffff, 0x0, 0x482, &(0x7f0000000000)={0x84, @remote, 0x0, 0x0, 'wlc\x00', 0x37, 0xfffffffe, 0x7f}, 0x2c)
socket(0x2, 0x80805, 0x0)
r6 = openat$nci(0xffffffffffffff9c, &(0x7f0000000080), 0x2, 0x0)
r7 = syz_init_net_socket$nl_generic(0x10, 0x3, 0x10)
r8 = syz_genetlink_get_family_id$nfc(&(0x7f0000000100), r7)
ioctl$IOCTL_GET_NCIDEV_IDX(r6, 0x0, &(0x7f00000000c0)=<r9=>0x0)
sendmsg$NFC_CMD_DEV_UP(r7, &(0x7f0000000140)={0x0, 0x0, &(0x7f0000000180)={&(0x7f0000000740)=ANY=[@ANYBLOB="1c000000", @ANYRES16=r8, @ANYBLOB="010026bd70003c0200000200000008000100", @ANYRES32=r9], 0x1c}}, 0x0)
write$nci(r6, &(0x7f00000003c0)=ANY=[@ANYBLOB="000000770000000000c400"], 0xb)

3.979436467s ago: executing program 2 (id=3834):
socket$nl_rdma(0x10, 0x3, 0x14)
r0 = socket$inet6_mptcp(0xa, 0x1, 0x106)
ioctl$sock_inet6_SIOCDELRT(r0, 0x890c, &(0x7f0000000140)={@private1={0xfc, 0x1, '\x00', 0x1}, @rand_addr=' \x01\x00', @mcast2, 0x8, 0x3c80, 0x85, 0x400, 0x3, 0x60})
socketpair$unix(0x1, 0x3, 0x0, &(0x7f0000000080)={<r1=>0xffffffffffffffff, <r2=>0xffffffffffffffff})
connect$unix(r1, &(0x7f000057eff8)=@abs, 0x6e)
sendmmsg$unix(r2, &(0x7f00000bd000), 0x318, 0x0)
recvmmsg(r1, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
sendmsg(r2, 0x0, 0x0)
sched_setattr(0x0, &(0x7f0000000100)={0x38, 0x5, 0x0, 0x9, 0x0, 0xfffffffffffffffd, 0x400009, 0x8, 0xa}, 0x0)
syz_open_dev$media(0x0, 0x80000006, 0xd81a40)
socket$netlink(0x10, 0x3, 0x0)
r3 = socket$inet6_tcp(0xa, 0x1, 0x0)
setsockopt$inet6_tcp_TCP_MD5SIG(r3, 0x6, 0xe, &(0x7f0000000300)={@in6={{0xa, 0x4e24, 0x202, @private2={0xfc, 0x2, '\x00', 0xff}, 0x4ac2d78a}}, 0x0, 0x0, 0x34, 0x0, "ee8b0e650926a96ecc136e7fb980e989db9e8bf9b93129488f651a8de213eb94cd46e19d9c65a018444a131f4da58ae36556dd38ea6c029607462029add09240005c6776267517308a3d40aa1c788df6"}, 0xd8)
recvmmsg(0xffffffffffffffff, &(0x7f0000006940)=[{{0x0, 0x0, &(0x7f0000000500)=[{&(0x7f00000003c0)=""/6, 0x6}], 0x1}, 0x3}], 0x1, 0x2, 0x0)
socketpair$tipc(0x1e, 0x1, 0x0, &(0x7f0000000080)={<r4=>0xffffffffffffffff, <r5=>0xffffffffffffffff})
sched_setaffinity(0x0, 0x0, 0x0)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x1, 0x0)
r6 = syz_open_dev$MSR(&(0x7f00000001c0), 0x0, 0x0)
read$msr(r6, &(0x7f0000019680)=""/102392, 0x18ff8)
setsockopt$packet_rx_ring(0xffffffffffffffff, 0x107, 0x5, 0x0, 0x0)
r7 = socket$igmp(0x2, 0x3, 0x2)
setsockopt$MRT_INIT(r7, 0x0, 0xc8, &(0x7f0000003d40), 0x4)
openat$sequencer(0xffffffffffffff9c, 0x0, 0x0, 0x0)
setsockopt$MRT_ADD_VIF(r7, 0x0, 0xca, &(0x7f0000003d80)={0x1, 0x0, 0x0, 0x0, @vifc_lcl_addr=@local, @dev}, 0x10)
syz_emit_ethernet(0x66, &(0x7f0000000340)={@multicast, @link_local, @void, {@ipv4={0x800, @gre={{0x5, 0x4, 0x0, 0x0, 0x58, 0x0, 0x0, 0x0, 0x2f, 0x0, @private=0xe0, @multicast1=0xe000c800}, {{0x0, 0x0, 0x1, 0x0, 0xb, 0x0, 0x0, 0x4, 0x6558}, {0x0, 0x0, 0x0, 0x0, 0x11}, {}, {0x8, 0x88be, 0x0, {{}, 0xfffff788}}}}}}}, 0x0)
r8 = socket$igmp(0x2, 0x3, 0x2)
setsockopt$MRT_FLUSH(r8, 0x0, 0xd4, &(0x7f0000000040)=0x9, 0x4)
sendmmsg$sock(r4, &(0x7f00000044c0), 0x4000000000001c0, 0x0)
recvfrom(r5, &(0x7f00000000c0)=""/57, 0x39, 0x60, 0x0, 0x0)

3.460019093s ago: executing program 4 (id=3835):
r0 = socket$netlink(0x10, 0x3, 0x0)
socket$inet_tcp(0x2, 0x1, 0x0)
r1 = socket$can_bcm(0x1d, 0x2, 0x2)
connect$can_bcm(r1, 0x0, 0x0)
bpf$PROG_LOAD(0x5, 0x0, 0x0)
bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000200)={0x18, 0x4, &(0x7f00000009c0)=ANY=[], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x2}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, 0x0, 0x0)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x88}, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000240)=0x7)
r2 = getpid()
sched_setscheduler(r2, 0x2, &(0x7f0000000200)=0x7)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={<r3=>0xffffffffffffffff, <r4=>0xffffffffffffffff})
connect$unix(r3, &(0x7f000057eff8)=@abs, 0x6e)
sendmmsg$unix(r4, &(0x7f0000000000), 0x651, 0x0)
recvmmsg(r3, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000000)=0x6)
r5 = landlock_create_ruleset(&(0x7f0000000040)={0xc015, 0x3}, 0x18, 0x0)
landlock_add_rule$LANDLOCK_RULE_NET_PORT(r5, 0x2, 0x0, 0x0)
landlock_add_rule$LANDLOCK_RULE_NET_PORT(r5, 0x2, &(0x7f00000000c0)={0x1, 0x2}, 0x0)
sendmsg$DEVLINK_CMD_RATE_GET(0xffffffffffffffff, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000080)={0x0, 0x44}, 0x1, 0x0, 0x0, 0x4040811}, 0x20042840)
r6 = socket(0x10, 0x80002, 0x0)
ioctl$sock_SIOCGIFINDEX_80211(r6, 0x8b24, &(0x7f0000000000)={'wlan0\x00'})
r7 = openat$fuse(0xffffffffffffff9c, &(0x7f0000002080), 0x42, 0x0)
ioctl$FUSE_DEV_IOC_BACKING_CLOSE(r7, 0x4004e502, 0x0)
sendmsg$nl_route(r0, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000040)={&(0x7f0000000200)=@dellinkprop={0x34, 0x6c, 0x2ec9b2c728e3c67, 0x70bd24, 0x25dfdbff, {0x0, 0x0, 0x0, 0x0, 0x48198, 0x800}, [@IFLA_IFNAME={0x14, 0x3, 'caif0\x00'}]}, 0x34}, 0x1, 0x0, 0x0, 0x8000}, 0x0)

3.337581721s ago: executing program 5 (id=3836):
openat$vnet(0xffffffffffffff9c, &(0x7f0000000080), 0x2, 0x0)
r0 = openat$binderfs(0xffffffffffffff9c, &(0x7f0000000300)='./binderfs/binder0\x00', 0x0, 0x0)
ioctl$BINDER_SET_CONTEXT_MGR_EXT(r0, 0x4018620d, &(0x7f0000000100)={0x73622a85, 0x0, 0x2})
r1 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000240)={0x11, 0x4, &(0x7f0000000040)=ANY=[@ANYBLOB="18010000000000000000000000000000850000006d00000095"], &(0x7f0000000100)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x8, '\x00', 0x0, 0x2}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000080)={&(0x7f0000000000)='sched_switch\x00', r1}, 0x18)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x88}, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000180)=0x7)
r2 = getpid()
sched_setscheduler(r2, 0x2, &(0x7f0000000200)=0x7)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={<r3=>0xffffffffffffffff, <r4=>0xffffffffffffffff})
connect$unix(r3, &(0x7f000057eff8)=@abs, 0x6e)
sendmmsg$unix(r4, &(0x7f0000000000), 0x651, 0x0)
recvmmsg(r3, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000000)=0x6)
mount$tmpfs(0x0, &(0x7f0000000000)='./file1\x00', &(0x7f0000000080), 0x8000, &(0x7f00000024c0)=ANY=[@ANYBLOB='quota'])
openat(0xffffffffffffff9c, &(0x7f0000004d00)='./file1\x00', 0x250942, 0x1cd)
r5 = socket$nl_generic(0x10, 0x3, 0x10)
sendmsg$nl_generic(r5, &(0x7f0000000140)={0x0, 0x5, &(0x7f0000001ac0)={&(0x7f0000001b00)={0x18, 0x2d, 0x1, 0x70bd26, 0x25dfdbfc, {0x4, 0x0, 0x300}, [@nested={0x4, 0xe}]}, 0x18}, 0x1, 0x0, 0x0, 0x4000d}, 0x20000000)

2.500636574s ago: executing program 4 (id=3837):
syz_kvm_setup_cpu$x86(0xffffffffffffffff, 0xffffffffffffffff, &(0x7f0000fe8000/0x18000)=nil, &(0x7f0000000080)=[@textreal={0x8, &(0x7f0000000000)="f20f1c0166b864912c870f23c80f21f866350c0080000f23f80f01fc0f20e06635000010000f22e00f20c06635000000400f22c00f1c9700000f01c566b9a001000066b80400000066ba000000000f30c0dbb6660f3adf932700de", 0x54}], 0x1555555555555457, 0x0, 0x0, 0x0)
sendto$inet6(0xffffffffffffffff, 0x0, 0x0, 0x20000010, &(0x7f0000000000)={0xa, 0x4e21, 0x5, @private1={0xfc, 0x1, '\x00', 0x1}, 0x9}, 0x1c)
r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000140), 0x408000, 0x0)
r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0)
ioctl$KVM_SET_USER_MEMORY_REGION(r1, 0x4020ae46, &(0x7f0000000400)={0x0, 0x0, 0x0, 0x20002000, &(0x7f0000000000/0x2000)=nil})
r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0)
ioctl$KVM_RUN(r2, 0xae80, 0x0)
mkdirat$cgroup_root(0xffffffffffffff9c, 0x0, 0x1ff)
r3 = openat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000000), 0x200002, 0x0)
r4 = openat$cgroup_procs(r3, &(0x7f0000000200)='tasks\x00', 0x2, 0x0)
write$cgroup_pid(r4, &(0x7f00000001c0), 0x12)
r5 = openat$cgroup_freezer_state(r3, &(0x7f0000000080), 0x2, 0x0)
syz_clone(0x8000, 0x0, 0x0, 0x0, 0x0, 0x0)
r6 = openat$vmci(0xffffffffffffff9c, &(0x7f0000000740), 0x2, 0x0)
ioctl$IOCTL_VMCI_VERSION2(0xffffffffffffffff, 0x7a7, &(0x7f0000000240)=0xb0000)
ioctl$IOCTL_VMCI_INIT_CONTEXT(r6, 0x7a0, &(0x7f0000000000)={@my=0x0})
ioctl$IOCTL_VMCI_NOTIFY_RESOURCE(r6, 0x7a5, &(0x7f0000000180)={{@my=0x0}, 0x0, 0x1})
ioctl$IOCTL_VMCI_NOTIFICATIONS_RECEIVE(0xffffffffffffffff, 0x7a6, &(0x7f0000000040)={0x400000000004, 0x1, 0x1a0, 0xfffffffffffffffd})
write$cgroup_freezer_state(r5, &(0x7f00000000c0)='THAWED\x00', 0x7)
socket$inet_sctp(0x2, 0x5, 0x84)
r7 = openat$ptmx(0xffffffffffffff9c, &(0x7f00000000c0), 0x8140, 0x0)
r8 = syz_open_dev$evdev(&(0x7f00000000c0), 0x2, 0x822b01)
ioctl$EVIOCSMASK(r8, 0x40104593, &(0x7f0000000180)={0x2, 0x0, 0x0})
ioctl$TCSETS(r7, 0x40045431, &(0x7f00000002c0)={0x0, 0xfffff2f1, 0x2006, 0xfffffffe, 0x90, "ff00f70000000000000000000100"})
r9 = syz_open_pts(r7, 0x4c0a00)
timer_create(0x0, &(0x7f0000533fa0)={0x0, 0x21, 0x800000000004}, 0x0)
timer_settime(0x0, 0x0, &(0x7f0000000280)={{0x0, 0x3938700}, {0x0, 0x3938700}}, 0x0)
ppoll(0x0, 0x0, 0x0, 0x0, 0x0)
syz_emit_ethernet(0x5e, &(0x7f0000000240)=ANY=[], 0x0)
write(r9, &(0x7f0000000000)="d5", 0xfffffedf)

2.354019383s ago: executing program 6 (id=3838):
mprotect(&(0x7f0000000000/0xf000)=nil, 0xf000, 0x1)
r0 = syz_init_net_socket$netrom(0x6, 0x5, 0x0)
socket$packet(0x11, 0x3, 0x300)
r1 = socket$kcm(0x2, 0xa, 0x2)
r2 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000180)={0x18, 0x5, &(0x7f0000000280)=ANY=[@ANYBLOB="1801000021000000000000003b810000850000006d000000850000000700000095"], &(0x7f0000000040)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x2}, 0x80)
r3 = bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000100)={&(0x7f0000000000)='ext4_es_lookup_extent_enter\x00', r2}, 0x18)
bpf$OBJ_PIN_PROG(0x6, &(0x7f00000000c0)=@generic={0x0, r3}, 0x18)
ioctl$sock_SIOCETHTOOL(r1, 0x8946, &(0x7f0000000080)={'netdevsim0\x00', &(0x7f0000000000)=@ethtool_sfeatures={0x33}})
setresgid(0xee00, 0xee01, 0x0)
mount(0x0, &(0x7f0000000080)='.\x00', &(0x7f0000000180)='tmpfs\x00', 0x2800408, 0x0)
r4 = syz_open_procfs(0x0, &(0x7f0000000700)='mounts\x00')
read$FUSE(r4, &(0x7f0000003800)={0x2020}, 0x2020)
getsockopt$netrom_NETROM_N2(r0, 0x103, 0x3, 0x0, &(0x7f0000000300))

2.323707464s ago: executing program 5 (id=3839):
prlimit64(0x0, 0xe, 0x0, 0x0)
sendmsg$ETHTOOL_MSG_FEATURES_SET(0xffffffffffffffff, 0x0, 0x0)
quotactl_fd$Q_SETQUOTA(0xffffffffffffffff, 0xffffffff80000802, 0x0, &(0x7f0000000040)={0x3ff, 0x9, 0x2, 0x1, 0x5, 0x6, 0x2, 0x1000, 0x8})
sched_setscheduler(0x0, 0x2, &(0x7f0000000640)=0x2)
sched_setaffinity(0x0, 0x8, &(0x7f0000000280)=0x2)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
r0 = syz_open_dev$MSR(&(0x7f00000001c0), 0x0, 0x0)
read$msr(r0, &(0x7f0000019680)=""/102392, 0x18ff8)
syz_open_dev$sndmidi(&(0x7f0000002140), 0x3ff, 0x100100)
r1 = openat$procfs(0xffffffffffffff9c, &(0x7f0000000040)='/proc/diskstats\x00', 0x0, 0x0)
read$FUSE(r1, &(0x7f00000000c0)={0x2020}, 0x2020)

1.688603807s ago: executing program 6 (id=3840):
r0 = socket$inet_smc(0x2b, 0x1, 0x0)
bind$inet6(0xffffffffffffffff, &(0x7f0000000140)={0xa, 0x4e22}, 0x1c)
socketpair$unix(0x1, 0x3, 0x0, &(0x7f0000000080)={<r1=>0xffffffffffffffff, <r2=>0xffffffffffffffff})
connect$unix(r1, &(0x7f000057eff8)=@abs, 0x6e)
sendmmsg$unix(r2, &(0x7f00000bd000), 0x318, 0x0)
recvmmsg(r1, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
r3 = socket$nl_netfilter(0x10, 0x3, 0xc)
sched_setattr(0x0, &(0x7f0000000280)={0x38, 0x3, 0x48, 0x28001, 0xfffffffa, 0xfffffffffffffe01, 0x0, 0xfffffe0000000001, 0x1fa11, 0x8}, 0x0)
mlock(&(0x7f0000000000/0x800000)=nil, 0x800000)
mremap(&(0x7f000054e000/0x1000)=nil, 0x1000, 0x3000, 0x3, &(0x7f000022c000/0x3000)=nil)
bpf$BPF_BTF_LOAD(0x12, 0x0, 0x0)
r4 = socket$nl_route(0x10, 0x3, 0x0)
sendmsg$nl_route(r4, 0x0, 0x0)
timer_create(0x2, 0x0, &(0x7f0000000540)=<r5=>0x0)
timer_gettime(r5, &(0x7f00000005c0))
timer_settime(r5, 0x1, &(0x7f00000000c0)={{0x0, 0x3938700}, {0x0, 0x3938700}}, &(0x7f0000000180))
r6 = openat$kvm(0xffffffffffffff9c, 0x0, 0x0, 0x0)
r7 = ioctl$KVM_CREATE_VM(r6, 0xae01, 0x0)
r8 = ioctl$KVM_CREATE_VCPU(r7, 0xae41, 0x0)
sendmsg$nl_route_sched(0xffffffffffffffff, &(0x7f00000002c0)={0x0, 0x0, &(0x7f0000000280)={0x0}, 0x1, 0x0, 0x0, 0x20004015}, 0x2404c8c0)
socket$inet6_tcp(0xa, 0x1, 0x0)
sendmsg$nl_route(0xffffffffffffffff, &(0x7f0000000100)={0x0, 0x0, 0x0}, 0x0)
r9 = socket$netlink(0x10, 0x3, 0x0)
sendmmsg(r9, &(0x7f00000002c0), 0x40000000000009f, 0x0)
listen(0xffffffffffffffff, 0x0)
syz_emit_ethernet(0x4a, &(0x7f00000001c0)=ANY=[@ANYBLOB="aaaaaaaaaaaaaa8d17ce35d840e0aaaaaaaabb86dd600a843500140601128100000000000000000000000000bbfe8000000000000000000000000000aa00000000", @ANYRES32=0x41424344, @ANYRES32=0x41424344, @ANYBLOB="5002000090780000"], 0x0)
syz_emit_ethernet(0x4a, &(0x7f0000000440)=ANY=[@ANYBLOB="aaaaaaaaaaaa7f000000000086dd60ff00f500140600fe8000000000000a00000000000000bb65fb7c423563e76600000000000000aa07fe4e22", @ANYRES32=0x41424344, @ANYRES32=0x41424344, @ANYBLOB="50c2000090780005", @ANYRESOCT=r8, @ANYRES64, @ANYRESDEC=r3, @ANYRESHEX], 0x0)
setsockopt$IP_VS_SO_SET_ADD(r0, 0x0, 0x482, &(0x7f0000000000)={0x6, @local, 0x0, 0x0, 'lblcr\x00', 0x10, 0x8, 0x11}, 0x2c)
setsockopt$IP_VS_SO_SET_ADD(r0, 0x0, 0x483, &(0x7f0000000000)={0x6, @local, 0x0, 0x0, 'none\x00', 0x3a, 0xfffffffd, 0x7f}, 0x2c)

1.434722789s ago: executing program 4 (id=3841):
openat$kvm(0xffffffffffffff9c, 0x0, 0x0, 0x0)
socketpair$unix(0x1, 0x3, 0x0, &(0x7f0000000080)={<r0=>0xffffffffffffffff, <r1=>0xffffffffffffffff})
connect$unix(r0, &(0x7f000057eff8)=@abs={0x0, 0x0, 0x4e20}, 0x6e)
sendmmsg$unix(r1, &(0x7f00000bd000), 0x318, 0x0)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
write$RDMA_USER_CM_CMD_CREATE_ID(r1, 0x0, 0x0)
r2 = openat$tun(0xffffff9c, &(0x7f0000000040), 0x0, 0x0)
ioctl$TUNSETIFF(r2, 0x400454ca, &(0x7f0000002280)={'pim6reg0\x00', 0x2102})
ioctl$TUNATTACHFILTER(r2, 0x401054d5, &(0x7f0000000000)={0x0, 0x0})
ioctl$TUNSETQUEUE(r2, 0x400454d9, &(0x7f00000000c0)={'dvmrp1\x00', 0x600})
r3 = socket$netlink(0x10, 0x3, 0xa)
r4 = dup(r3)
r5 = open(&(0x7f0000000040)='./file1\x00', 0x1850c2, 0x14c)
ftruncate(r5, 0x200004)
r6 = ioctl$KVM_CREATE_VM(0xffffffffffffffff, 0xae01, 0x0)
ioctl$KVM_CREATE_IRQCHIP(r6, 0xae60)
sendfile(r4, r5, 0x0, 0x80001d00c0d1)

1.003902784s ago: executing program 2 (id=3842):
socket$can_raw(0x1d, 0x3, 0x1)
r0 = openat$sndtimer(0xffffffffffffff9c, &(0x7f0000000000), 0x0)
ioctl$SNDRV_TIMER_IOCTL_TREAD_OLD(r0, 0x40045402, 0x0)
socket$netlink(0x10, 0x3, 0x0)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000080)=0x8)
r1 = getpid()
sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2)
sched_setscheduler(r1, 0x2, &(0x7f0000000200)=0x7)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000380)={<r2=>0xffffffffffffffff, <r3=>0xffffffffffffffff})
connect$unix(r2, &(0x7f000057eff8)=@file={0x0, './file0\x00'}, 0x6e)
sendmmsg$unix(r3, &(0x7f0000000000), 0x651, 0x0)
recvmmsg(r2, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
r4 = bpf$MAP_CREATE(0x0, &(0x7f00000009c0)=ANY=[@ANYBLOB="04000000040000000400000005"], 0x48)
bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32=r4, @ANYBLOB], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0}, 0x94)
bpf$PROG_LOAD(0x5, 0x0, 0x0)
socket(0x2000000000000021, 0x2, 0x10000000000002)
ioctl$SNDRV_TIMER_IOCTL_SELECT(r0, 0x40345410, &(0x7f00000083c0)={{0x1}})
ioctl$SNDRV_TIMER_IOCTL_PARAMS(r0, 0x40505412, &(0x7f00000000c0)={0x7, 0x9dc5, 0x80, 0x0, 0xf})

832.201201ms ago: executing program 7 (id=3843):
socket$nl_generic(0x10, 0x3, 0x10)
openat$sw_sync_info(0xffffffffffffff9c, &(0x7f00000002c0), 0x0, 0x0)
ioctl$DRM_IOCTL_MODE_GETRESOURCES(0xffffffffffffffff, 0xc04064a0, 0x0)
ioctl$DRM_IOCTL_WAIT_VBLANK(0xffffffffffffffff, 0xc018643a, &(0x7f0000000240)={0x1, 0x101})
socket$nl_route(0x10, 0x3, 0x0)
socket$inet_smc(0x2b, 0x1, 0x0)
ioctl$KVM_CREATE_VM(0xffffffffffffffff, 0xae01, 0x0)
r0 = syz_usb_connect(0x0, 0x24, &(0x7f0000000000)=ANY=[@ANYBLOB="1201000075f84c1071042703a461000000010902120001000000000904"], 0x0)
syz_usb_control_io$hid(r0, 0x0, &(0x7f00000003c0)={0x2c, &(0x7f00000009c0)=ANY=[], 0x0, 0x0, 0x0, 0x0})
syz_usb_control_io(r0, 0x0, 0x0)

0s ago: executing program 2 (id=3844):
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000100)={<r0=>0xffffffffffffffff, <r1=>0xffffffffffffffff})
connect$unix(r0, &(0x7f000057eff8)=@abs, 0x6e)
sendmmsg$unix(r1, &(0x7f00000bd000), 0x318, 0x0)
recvmmsg(r0, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
syz_genetlink_get_family_id$ethtool(0x0, 0xffffffffffffffff)
sched_setattr(0x0, &(0x7f0000000280)={0x38, 0x5, 0x8, 0x8001, 0x0, 0x9, 0x0, 0xfffffdffffffffff, 0xfa11, 0xffffffff}, 0x0)
mmap(&(0x7f0000000000/0xff5000)=nil, 0xff5000, 0x1000002, 0x200000005c831, 0xffffffffffffffff, 0x0)
r2 = syz_open_dev$swradio(&(0x7f0000000080), 0x0, 0x2)
r3 = dup(r2)
read$FUSE(r3, &(0x7f0000005540)={0x2020}, 0x2020)
ioctl$VIDIOC_S_CTRL(r3, 0xc008561c, &(0x7f0000000000)={0xf0f046})
bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x0, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b704000000000000850000000100000095"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90)
r4 = syz_init_net_socket$bt_sco(0x1f, 0x5, 0x2)
bind$bt_sco(r4, &(0x7f0000000180)={0x1f, @none}, 0x8)
setsockopt$bt_BT_VOICE(r4, 0x112, 0x13, 0x0, 0x0)
r5 = bpf$MAP_CREATE(0x0, &(0x7f0000000180)=ANY=[@ANYBLOB="0b00000005000000000400000900000001"], 0x48)
bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000800000000000000000000018110000", @ANYRES32=r5], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90)
r6 = socket$inet6_tcp(0xa, 0x1, 0x0)
ioctl$sock_SIOCETHTOOL(r6, 0x89f0, &(0x7f0000001440)={'bridge0\x00', &(0x7f0000000100)=@ethtool_ringparam={0x7, 0x0, 0x2, 0x0, 0xfffffff8, 0x900}})
bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90)
sendmsg(0xffffffffffffffff, &(0x7f0000000000)={0x0, 0x0, 0x0, 0x0, &(0x7f00000000c0)=ANY=[@ANYBLOB="e8000000000000000b210000ff3f7c081e0f315b91fcaec7bf495d5c618332756cbb1bb9ce6d12b9d976d1f33aca41e50a3342bcd67c311f7885a05c3fcf2ae21f1498ec481e7ca2c3ca4c7b3bf94448f62e111e5a79929b9182cc977ba6ae766ce37bdaac6da997fbc15f0c79f42155b99a280667b51fdc7902d7be5ef41f953fedb32aceeada13250626957e2013d5b12cc916541ccbeb0d4060a4dd89664eaba2f6b4ede0c9e3dc1c9446d9284ebe0e46eee7bc145ff0a2779c025553298812978ea53a8c60f254f23344a80a0aac7b141787bad6b0ba090000005f2f3158f0d200000000000070000000000000000701000040000000afbb30c2946e41ef3167d1f6ed47aa1f52bad114a89dbed741f74a23cd8d915e2dcc74a4932646b90f90a9d3956d5cadb642ac79fcb0aae3654482188263abd27e9d57cc28032453dc75f333e1f367ab38b7e7719805a454e79802d07ec60c00b000000000000000"], 0x208}, 0x0)
socketpair(0x1, 0x5, 0x0, &(0x7f0000000240)={<r7=>0xffffffffffffffff, <r8=>0xffffffffffffffff})
sendmsg(r7, &(0x7f0000000300)={0x0, 0x0, 0x0, 0x0, &(0x7f00000000c0)=ANY=[], 0x208}, 0x0)
fgetxattr(0xffffffffffffffff, &(0x7f0000000380)=ANY=[@ANYBLOB="627472732e7d232b0011032f62d4405b1e3fe24c8f87f779a1702f8dc6e966b220ce08eca8f377f501ed16ffa1ef10191c3452fdbc37dcfeff5c3052d03c11ca04c08ebdcdc976d137a19fb512658c4f2d5ed754ed92e7cedc895ec7b6a8719cc65c13d3b2520386380d"], &(0x7f0000000340)=""/42, 0x2a)
close_range(0xffffffffffffffff, 0xffffffffffffffff, 0x2)
recvmmsg(r8, &(0x7f0000001dc0)=[{{0x0, 0x0, 0x0, 0x0, &(0x7f0000000400)=""/188, 0xbc, 0xdf0e}}], 0x1800, 0x2002, 0x0)

kernel console output (not intermixed with test programs):

T18438] Bluetooth: hci4: command 0x0c1a tx timeout
[ 1128.540415][ T5857] Bluetooth: hci2: command 0x0c1a tx timeout
[ 1128.545080][T18438] Bluetooth: hci0: command 0x0c1a tx timeout
[ 1128.550514][ T5857] Bluetooth: hci5: command 0x0c1a tx timeout
[ 1128.784851][ T5907] plantronics 0003:047F:FFFF.0014: reserved main item tag 0xd
[ 1128.829593][ T5907] plantronics 0003:047F:FFFF.0014: hiddev0,hidraw0: USB HID v0.40 Device [HID 047f:ffff] on usb-dummy_hcd.2-1/input0
[ 1129.086701][T19524] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy
[ 1129.095825][T19524] misc raw-gadget: fail, usb_gadget_register_driver returned -16
[ 1129.292162][   T30] audit: type=1400 audit(1757118559.652:544): avc:  denied  { attach_queue } for  pid=19550 comm="syz.0.3153" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=tun_socket permissive=1
[ 1129.403941][T19559] netlink: 8 bytes leftover after parsing attributes in process `syz.3.3154'.
[ 1129.413063][T19559] netlink: 24 bytes leftover after parsing attributes in process `syz.3.3154'.
[ 1129.795840][T17160] usb 3-1: USB disconnect, device number 56
[ 1130.606148][T19580] netlink: 8 bytes leftover after parsing attributes in process `syz.3.3159'.
[ 1131.253854][T19590] blktrace: Concurrent blktraces are not allowed on loop0
[ 1131.717701][T19586] syzkaller1: entered promiscuous mode
[ 1131.771268][T19586] syzkaller1: entered allmulticast mode
[ 1132.036882][T17160] usb 4-1: new high-speed USB device number 63 using dummy_hcd
[ 1132.445327][T17160] usb 4-1: config 0 interface 0 altsetting 0 has an endpoint descriptor with address 0xFF, changing to 0x8F
[ 1132.464490][T17160] usb 4-1: config 0 interface 0 altsetting 0 endpoint 0x8F has an invalid bInterval 255, changing to 11
[ 1132.489949][T17160] usb 4-1: config 0 interface 0 altsetting 0 endpoint 0x8F has invalid maxpacket 59391, setting to 1024
[ 1132.535389][T17160] usb 4-1: config 0 interface 0 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 21
[ 1132.584047][T19606] qnx6: unable to read the first superblock
[ 1132.591336][T17160] usb 4-1: New USB device found, idVendor=047f, idProduct=ffff, bcdDevice= 0.00
[ 1132.603079][T17160] usb 4-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[ 1132.661753][T19606] lo speed is unknown, defaulting to 1000
[ 1132.668598][T17160] usb 4-1: config 0 descriptor??
[ 1132.738033][T19606] lo speed is unknown, defaulting to 1000
[ 1132.738204][T19593] raw-gadget.0 gadget.3: fail, usb_ep_enable returned -22
[ 1132.764432][T19606] lo speed is unknown, defaulting to 1000
[ 1133.057563][T19611] futex_wake_op: syz.5.3165 tries to shift op by 144; fix this program
[ 1133.283191][T19614] netlink: 8 bytes leftover after parsing attributes in process `syz.4.3167'.
[ 1133.403331][T19606] infiniband syz0: RDMA CMA: cma_listen_on_dev, error -98
[ 1133.445788][T17160] plantronics 0003:047F:FFFF.0015: reserved main item tag 0xd
[ 1133.740545][T19586] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy
[ 1133.755904][T19586] misc raw-gadget: fail, usb_gadget_register_driver returned -16
[ 1133.881446][T19620] netlink: 4 bytes leftover after parsing attributes in process `syz.2.3169'.
[ 1133.948743][T19606] lo speed is unknown, defaulting to 1000
[ 1133.967034][T17160] plantronics 0003:047F:FFFF.0015: hiddev0,hidraw0: USB HID v0.40 Device [HID 047f:ffff] on usb-dummy_hcd.3-1/input0
[ 1134.001810][T19606] lo speed is unknown, defaulting to 1000
[ 1134.020791][T19606] lo speed is unknown, defaulting to 1000
[ 1134.043653][T19606] lo speed is unknown, defaulting to 1000
[ 1134.062915][T19606] lo speed is unknown, defaulting to 1000
[ 1134.146700][ T5956] usb 3-1: new high-speed USB device number 57 using dummy_hcd
[ 1134.150886][T17160] usb 4-1: USB disconnect, device number 63
[ 1134.326747][ T5956] usb 3-1: Using ep0 maxpacket: 16
[ 1134.341351][ T5956] usb 3-1: config 0 interface 0 altsetting 0 has an endpoint descriptor with address 0xD7, changing to 0x87
[ 1134.364058][T19621] fido_id[19621]: Failed to open report descriptor at '/sys/devices/platform/dummy_hcd.3/usb4/report_descriptor': No such file or directory
[ 1134.382704][ T5956] usb 3-1: config 0 interface 0 altsetting 0 endpoint 0x87 has an invalid bInterval 0, changing to 7
[ 1134.424842][ T5956] usb 3-1: config 0 interface 0 altsetting 0 endpoint 0x87 has invalid wMaxPacketSize 0
[ 1134.494460][ T5956] usb 3-1: New USB device found, idVendor=05ac, idProduct=9226, bcdDevice=b2.89
[ 1134.513948][ T5956] usb 3-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[ 1134.531970][ T5956] usb 3-1: Product: syz
[ 1134.541457][ T5956] usb 3-1: Manufacturer: syz
[ 1134.624655][T19628] netlink: 8 bytes leftover after parsing attributes in process `syz.3.3171'.
[ 1134.832667][ T5956] usb 3-1: SerialNumber: syz
[ 1134.862931][ T5956] usb 3-1: config 0 descriptor??
[ 1134.881952][ T5956] appledisplay 3-1:0.0: Submitting URB failed
[ 1134.922603][ T5956] appledisplay 3-1:0.0: probe with driver appledisplay failed with error -5
[ 1135.240516][T19630] erofs (device nbd2): cannot find valid erofs superblock
[ 1135.649095][ T5956] usb 3-1: USB disconnect, device number 57
[ 1135.895932][T19642] netlink: 4 bytes leftover after parsing attributes in process `syz.3.3175'.
[ 1136.170617][ T5956] usb 4-1: new high-speed USB device number 64 using dummy_hcd
[ 1136.906242][ T5956] usb 4-1: Using ep0 maxpacket: 16
[ 1136.985666][T19643] Bluetooth: hci3: Opcode 0x0c1a failed: -4
[ 1136.994915][T19643] Bluetooth: hci5: Opcode 0x0c1a failed: -4
[ 1137.006351][T19643] Bluetooth: hci0: Opcode 0x0c1a failed: -4
[ 1137.012670][T19643] Bluetooth: hci2: Opcode 0x0c1a failed: -4
[ 1137.036769][ T5956] usb 4-1: config 0 interface 0 altsetting 0 has an endpoint descriptor with address 0xD7, changing to 0x87
[ 1137.061611][T19643] Bluetooth: hci4: Opcode 0x0c1a failed: -4
[ 1137.067568][ T5956] usb 4-1: config 0 interface 0 altsetting 0 endpoint 0x87 has an invalid bInterval 0, changing to 7
[ 1137.602923][ T5956] usb 4-1: New USB device found, idVendor=05ac, idProduct=9226, bcdDevice=b2.89
[ 1137.731190][ T5956] usb 4-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[ 1137.749750][ T5956] usb 4-1: Product: syz
[ 1137.754996][ T5956] usb 4-1: Manufacturer: syz
[ 1137.760049][ T5956] usb 4-1: SerialNumber: syz
[ 1137.769389][ T5956] usb 4-1: config 0 descriptor??
[ 1137.983825][ T5956] appledisplay 4-1:0.0: Error while getting initial brightness: -32
[ 1138.091192][T19674] erofs (device nbd3): cannot find valid erofs superblock
[ 1138.116820][   T44] usb 3-1: new full-speed USB device number 58 using dummy_hcd
[ 1138.173606][ T5956] appledisplay 4-1:0.0: probe with driver appledisplay failed with error -32
[ 1138.278765][ T5956] usb 4-1: USB disconnect, device number 64
[ 1138.338024][   T44] usb 3-1: config 1 has an invalid interface number: 128 but max is 1
[ 1138.351141][   T44] usb 3-1: config 1 has an invalid descriptor of length 0, skipping remainder of the config
[ 1138.361687][   T44] usb 3-1: config 1 has 1 interface, different from the descriptor's value: 2
[ 1138.386764][   T44] usb 3-1: config 1 has no interface number 0
[ 1138.407201][   T44] usb 3-1: config 1 interface 128 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 10
[ 1138.457702][   T44] usb 3-1: config 1 interface 128 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0
[ 1138.519833][   T44] usb 3-1: New USB device found, idVendor=0525, idProduct=a4a1, bcdDevice= 0.40
[ 1138.536031][   T44] usb 3-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[ 1138.562357][   T44] usb 3-1: Product: syz
[ 1138.575572][   T44] usb 3-1: Manufacturer: syz
[ 1138.586394][   T44] usb 3-1: SerialNumber: syz
[ 1138.618902][   T44] cdc_wdm 3-1:1.128: skipping garbage
[ 1138.638032][   T44] cdc_wdm 3-1:1.128: cdc-wdm0: USB WDM device
[ 1138.663084][   T44] cdc_wdm 3-1:1.128: Unknown control protocol
[ 1138.828656][   T44] usb 3-1: USB disconnect, device number 58
[ 1139.065945][T19686] iommufd_mock iommufd_mock0: Adding to iommu group 0
[ 1139.076752][T13798] Bluetooth: hci2: command 0x0c1a tx timeout
[ 1139.076864][ T5857] Bluetooth: hci0: command 0x0c1a tx timeout
[ 1139.088976][T19549] Bluetooth: hci4: command 0x0c1a tx timeout
[ 1139.095125][T19549] Bluetooth: hci5: command 0x0c1a tx timeout
[ 1139.098681][ T5857] Bluetooth: hci3: command 0x041b tx timeout
[ 1142.223494][T19723] netlink: 4 bytes leftover after parsing attributes in process `syz.5.3193'.
[ 1142.508460][ T5956] usb 6-1: new high-speed USB device number 26 using dummy_hcd
[ 1142.737379][ T5956] usb 6-1: Using ep0 maxpacket: 16
[ 1142.772395][ T5956] usb 6-1: config 0 interface 0 altsetting 0 has an endpoint descriptor with address 0xD7, changing to 0x87
[ 1142.826017][ T5956] usb 6-1: config 0 interface 0 altsetting 0 endpoint 0x87 has an invalid bInterval 0, changing to 7
[ 1142.855579][ T5956] usb 6-1: New USB device found, idVendor=05ac, idProduct=9226, bcdDevice=b2.89
[ 1142.882939][ T5956] usb 6-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[ 1143.176313][ T5956] usb 6-1: Product: syz
[ 1143.181879][ T5956] usb 6-1: Manufacturer: syz
[ 1143.186461][ T5956] usb 6-1: SerialNumber: syz
[ 1143.192988][ T5956] usb 6-1: config 0 descriptor??
[ 1143.614479][ T5956] appledisplay 6-1:0.0: Error while getting initial brightness: -110
[ 1143.630098][ T5956] appledisplay 6-1:0.0: probe with driver appledisplay failed with error -110
[ 1143.725409][T19736] erofs (device nbd5): cannot find valid erofs superblock
[ 1143.946866][ T5956] usb 6-1: USB disconnect, device number 26
[ 1145.060331][T19744] Bluetooth: hci3: Opcode 0x0c1a failed: -4
[ 1145.071307][T19744] Bluetooth: hci5: Opcode 0x0c1a failed: -4
[ 1145.082735][T19744] Bluetooth: hci0: Opcode 0x0c1a failed: -4
[ 1145.091615][T19744] Bluetooth: hci2: Opcode 0x0c1a failed: -4
[ 1145.102612][T19744] Bluetooth: hci4: Opcode 0x0c1a failed: -4
[ 1145.327805][T19748] iommufd_mock iommufd_mock0: Adding to iommu group 0
[ 1145.897129][T19760] blktrace: Concurrent blktraces are not allowed on loop0
[ 1146.713500][T19763] syz_tun: entered allmulticast mode
[ 1147.083735][T19754] syz_tun: left allmulticast mode
[ 1147.178143][T18438] Bluetooth: hci4: command 0x0c1a tx timeout
[ 1147.184310][T19687] Bluetooth: hci2: command 0x0c1a tx timeout
[ 1147.190457][T19687] Bluetooth: hci0: command 0x0c1a tx timeout
[ 1147.196516][T19687] Bluetooth: hci5: command 0x0c1a tx timeout
[ 1147.198601][ T5857] Bluetooth: hci3: command 0x041b tx timeout
[ 1147.608714][   T92] usb 6-1: new high-speed USB device number 27 using dummy_hcd
[ 1147.706678][T17160] usb 3-1: new high-speed USB device number 59 using dummy_hcd
[ 1147.786749][   T92] usb 6-1: Using ep0 maxpacket: 16
[ 1147.807830][   T92] usb 6-1: config 1 contains an unexpected descriptor of type 0x1, skipping
[ 1148.284011][   T92] usb 6-1: config 1 has an invalid descriptor of length 1, skipping remainder of the config
[ 1148.294913][   T92] usb 6-1: config 1 has 1 interface, different from the descriptor's value: 3
[ 1148.306137][   T92] usb 6-1: New USB device found, idVendor=1d6b, idProduct=0101, bcdDevice= 0.40
[ 1148.327630][   T92] usb 6-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[ 1148.336714][   T92] usb 6-1: Product: syz
[ 1148.340880][   T92] usb 6-1: Manufacturer: syz
[ 1148.345537][   T92] usb 6-1: SerialNumber: syz
[ 1148.426788][T17160] usb 3-1: Using ep0 maxpacket: 16
[ 1148.433297][T17160] usb 3-1: config 1 has an invalid descriptor of length 0, skipping remainder of the config
[ 1148.446471][T17160] usb 3-1: config 1 has 1 interface, different from the descriptor's value: 3
[ 1148.458585][T17160] usb 3-1: New USB device found, idVendor=1d6b, idProduct=0101, bcdDevice= 0.40
[ 1148.467677][T17160] usb 3-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[ 1148.476491][T17160] usb 3-1: Product: syz
[ 1148.486710][T17160] usb 3-1: Manufacturer: syz
[ 1148.491364][T17160] usb 3-1: SerialNumber: syz
[ 1148.571214][   T92] usb 6-1: 0:2 : does not exist
[ 1148.598325][   T92] usb 6-1: USB disconnect, device number 27
[ 1148.722972][T17160] usb 3-1: 0:2 : does not exist
[ 1148.735705][T17160] usb 3-1: USB disconnect, device number 59
[ 1149.711931][T19798] netlink: 8 bytes leftover after parsing attributes in process `syz.2.3209'.
[ 1149.721176][T19798] netlink: 24 bytes leftover after parsing attributes in process `syz.2.3209'.
[ 1150.215999][T19804] blktrace: Concurrent blktraces are not allowed on loop8
[ 1152.097160][   T92] usb 5-1: new high-speed USB device number 75 using dummy_hcd
[ 1152.269644][   T92] usb 5-1: config 27 has an invalid descriptor of length 0, skipping remainder of the config
[ 1152.280038][   T92] usb 5-1: config 27 has 0 interfaces, different from the descriptor's value: 1
[ 1152.290456][   T92] usb 5-1: New USB device found, idVendor=0582, idProduct=0014, bcdDevice=bb.9d
[ 1152.312763][   T92] usb 5-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[ 1153.036128][T19824] overlayfs: failed to resolve './bus': -2
[ 1153.992259][T19845] syzkaller1: entered promiscuous mode
[ 1154.002707][T19845] syzkaller1: entered allmulticast mode
[ 1154.267008][   T92] usb 3-1: new high-speed USB device number 60 using dummy_hcd
[ 1154.443623][   T92] usb 3-1: config 0 interface 0 altsetting 0 has an endpoint descriptor with address 0xFF, changing to 0x8F
[ 1154.478315][   T92] usb 3-1: config 0 interface 0 altsetting 0 endpoint 0x8F has an invalid bInterval 255, changing to 11
[ 1154.566691][   T92] usb 3-1: config 0 interface 0 altsetting 0 endpoint 0x8F has invalid maxpacket 59391, setting to 1024
[ 1154.604525][   T92] usb 3-1: config 0 interface 0 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 21
[ 1154.648584][   T92] usb 3-1: New USB device found, idVendor=047f, idProduct=ffff, bcdDevice= 0.00
[ 1154.675612][   T92] usb 3-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[ 1154.741492][   T92] usb 3-1: config 0 descriptor??
[ 1154.750707][T16138] usb 5-1: USB disconnect, device number 75
[ 1154.757729][T19845] raw-gadget.2 gadget.2: fail, usb_ep_enable returned -22
[ 1155.205657][T19857] IPv6: RTM_NEWROUTE with no NLM_F_CREATE or NLM_F_REPLACE
[ 1155.212969][T19857] IPv6: NLM_F_CREATE should be set when creating new route
[ 1155.420170][   T92] plantronics 0003:047F:FFFF.0016: reserved main item tag 0xd
[ 1155.430016][T19845] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy
[ 1155.448931][T19845] misc raw-gadget: fail, usb_gadget_register_driver returned -16
[ 1155.486967][   T92] plantronics 0003:047F:FFFF.0016: hiddev0,hidraw0: USB HID v0.40 Device [HID 047f:ffff] on usb-dummy_hcd.2-1/input0
[ 1155.923882][T19863] iommufd_mock iommufd_mock0: Adding to iommu group 0
[ 1156.118354][T19359] usb 3-1: USB disconnect, device number 60
[ 1156.818214][T19359] usb 4-1: new full-speed USB device number 65 using dummy_hcd
[ 1157.416406][T19891] qnx6: unable to read the first superblock
[ 1157.652151][T19359] usb 4-1: config 1 has an invalid interface number: 128 but max is 1
[ 1157.661240][T19359] usb 4-1: config 1 has an invalid descriptor of length 0, skipping remainder of the config
[ 1157.736521][T19893] blktrace: Concurrent blktraces are not allowed on loop0
[ 1158.400970][T19359] usb 4-1: config 1 has 1 interface, different from the descriptor's value: 2
[ 1158.411149][T19359] usb 4-1: config 1 has no interface number 0
[ 1158.417496][T19359] usb 4-1: config 1 interface 128 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 10
[ 1158.428784][T19359] usb 4-1: config 1 interface 128 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0
[ 1158.446060][T19359] usb 4-1: New USB device found, idVendor=0525, idProduct=a4a1, bcdDevice= 0.40
[ 1158.455776][T19359] usb 4-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[ 1158.610619][T19359] usb 4-1: Product: syz
[ 1158.752509][T19359] usb 4-1: Manufacturer: syz
[ 1158.757363][T19359] usb 4-1: SerialNumber: syz
[ 1158.766464][T19359] cdc_wdm 4-1:1.128: skipping garbage
[ 1158.808418][T19359] cdc_wdm 4-1:1.128: cdc-wdm0: USB WDM device
[ 1158.836777][T19900] netlink: 8 bytes leftover after parsing attributes in process `syz.2.3237'.
[ 1159.145161][T19359] cdc_wdm 4-1:1.128: Unknown control protocol
[ 1159.202590][T19359] usb 4-1: USB disconnect, device number 65
[ 1160.126888][ T5927] usb 5-1: new full-speed USB device number 76 using dummy_hcd
[ 1160.552547][T19917] blktrace: Concurrent blktraces are not allowed on loop10
[ 1160.686672][T19359] usb 3-1: new high-speed USB device number 61 using dummy_hcd
[ 1160.709415][ T5927] usb 5-1: config 1 has an invalid interface number: 128 but max is 1
[ 1160.725086][ T5927] usb 5-1: config 1 has an invalid descriptor of length 0, skipping remainder of the config
[ 1160.735462][ T5927] usb 5-1: config 1 has 1 interface, different from the descriptor's value: 2
[ 1160.752388][ T5927] usb 5-1: config 1 has no interface number 0
[ 1160.789949][ T5927] usb 5-1: config 1 interface 128 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 10
[ 1160.811038][ T5927] usb 5-1: config 1 interface 128 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0
[ 1160.831061][ T5927] usb 5-1: New USB device found, idVendor=0525, idProduct=a4a1, bcdDevice= 0.40
[ 1160.841175][ T5927] usb 5-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[ 1160.851198][T19359] usb 3-1: Using ep0 maxpacket: 8
[ 1160.852038][T19923] netlink: 8 bytes leftover after parsing attributes in process `syz.5.3245'.
[ 1160.866400][T19923] netlink: 24 bytes leftover after parsing attributes in process `syz.5.3245'.
[ 1160.880123][ T5927] usb 5-1: Product: syz
[ 1160.884361][ T5927] usb 5-1: Manufacturer: syz
[ 1160.887039][T19359] usb 3-1: New USB device found, idVendor=1a0a, idProduct=0101, bcdDevice=1b.21
[ 1160.889322][ T5927] usb 5-1: SerialNumber: syz
[ 1161.044443][T19359] usb 3-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[ 1161.067441][ T5927] cdc_wdm 5-1:1.128: skipping garbage
[ 1161.073497][T19359] usb 3-1: Product: syz
[ 1161.089777][T19359] usb 3-1: Manufacturer: syz
[ 1161.100599][T19359] usb 3-1: SerialNumber: syz
[ 1161.105804][ T5927] cdc_wdm 5-1:1.128: cdc-wdm0: USB WDM device
[ 1161.117441][ T5927] cdc_wdm 5-1:1.128: Unknown control protocol
[ 1161.138837][T19359] usb 3-1: config 0 descriptor??
[ 1161.174807][T19359] usb_ehset_test 3-1:0.0: probe with driver usb_ehset_test failed with error -32
[ 1161.310219][ T5927] usb 5-1: USB disconnect, device number 76
[ 1161.372790][T19359] usb 3-1: USB disconnect, device number 61
[ 1162.219248][T19359] usb 6-1: new full-speed USB device number 28 using dummy_hcd
[ 1162.246988][T16138] usb 3-1: new high-speed USB device number 62 using dummy_hcd
[ 1162.406704][T16138] usb 3-1: Using ep0 maxpacket: 16
[ 1162.416299][T16138] usb 3-1: config 1 contains an unexpected descriptor of type 0x1, skipping
[ 1162.429060][T16138] usb 3-1: config 1 has an invalid descriptor of length 1, skipping remainder of the config
[ 1162.440769][T16138] usb 3-1: config 1 has 1 interface, different from the descriptor's value: 3
[ 1162.454983][T16138] usb 3-1: New USB device found, idVendor=1d6b, idProduct=0101, bcdDevice= 0.40
[ 1162.471988][T16138] usb 3-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[ 1162.489600][T16138] usb 3-1: Product: syz
[ 1162.493993][T16138] usb 3-1: Manufacturer: syz
[ 1162.499192][T16138] usb 3-1: SerialNumber: syz
[ 1162.518113][T19359] usb 6-1: config 1 has an invalid interface number: 128 but max is 1
[ 1162.526319][T19359] usb 6-1: config 1 has an invalid descriptor of length 0, skipping remainder of the config
[ 1162.540116][T19948] qnx6: unable to read the first superblock
[ 1162.552576][T19359] usb 6-1: config 1 has 1 interface, different from the descriptor's value: 2
[ 1163.544752][T16138] usb 3-1: 0:2 : does not exist
[ 1163.598507][T19359] usb 6-1: config 1 has no interface number 0
[ 1163.614162][T16138] usb 3-1: USB disconnect, device number 62
[ 1163.614202][T19359] usb 6-1: config 1 interface 128 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 10
[ 1163.673339][T19359] usb 6-1: config 1 interface 128 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0
[ 1163.703912][ T5863] udevd[5863]: error opening ATTR{/sys/devices/platform/dummy_hcd.2/usb3/3-1/3-1:1.0/sound/card3/controlC3/../uevent} for writing: No such file or directory
[ 1163.750434][T19359] usb 6-1: New USB device found, idVendor=0525, idProduct=a4a1, bcdDevice= 0.40
[ 1163.760375][T19359] usb 6-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[ 1163.801208][T19359] usb 6-1: Product: syz
[ 1163.823257][T19359] usb 6-1: Manufacturer: syz
[ 1163.837942][T19359] usb 6-1: SerialNumber: syz
[ 1163.862436][T19359] cdc_wdm 6-1:1.128: skipping garbage
[ 1163.885182][T19359] cdc_wdm 6-1:1.128: cdc-wdm0: USB WDM device
[ 1163.907416][T19359] cdc_wdm 6-1:1.128: Unknown control protocol
[ 1164.158053][   T92] usb 6-1: USB disconnect, device number 28
[ 1164.296720][T19359] usb 5-1: new high-speed USB device number 77 using dummy_hcd
[ 1164.401664][T19965] netlink: 4 bytes leftover after parsing attributes in process `syz.2.3258'.
[ 1164.516865][T19359] usb 5-1: Using ep0 maxpacket: 16
[ 1164.607793][T19359] usb 5-1: config 1 contains an unexpected descriptor of type 0x1, skipping
[ 1164.670995][T19359] usb 5-1: config 1 has an invalid descriptor of length 1, skipping remainder of the config
[ 1164.722266][T19359] usb 5-1: config 1 has 1 interface, different from the descriptor's value: 3
[ 1165.309541][T19359] usb 5-1: New USB device found, idVendor=1d6b, idProduct=0101, bcdDevice= 0.40
[ 1165.320636][T19359] usb 5-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[ 1165.339276][T19359] usb 5-1: Product: syz
[ 1165.350971][T19359] usb 5-1: Manufacturer: syz
[ 1165.369234][T19359] usb 5-1: SerialNumber: syz
[ 1165.626894][T19359] usb 5-1: 0:2 : does not exist
[ 1165.683234][T19359] usb 5-1: USB disconnect, device number 77
[ 1165.746972][   T92] usb 6-1: new high-speed USB device number 29 using dummy_hcd
[ 1166.026098][   T92] usb 6-1: config 27 has an invalid descriptor of length 0, skipping remainder of the config
[ 1166.049709][T19979] IPv6: RTM_NEWROUTE with no NLM_F_CREATE or NLM_F_REPLACE
[ 1166.056994][T19979] IPv6: NLM_F_CREATE should be set when creating new route
[ 1166.076663][   T92] usb 6-1: config 27 has 0 interfaces, different from the descriptor's value: 1
[ 1166.264730][T19983] syz_tun: entered allmulticast mode
[ 1166.366693][   T92] usb 6-1: New USB device found, idVendor=0582, idProduct=0014, bcdDevice=bb.9d
[ 1166.375894][   T92] usb 6-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[ 1166.519547][T19975] syz_tun: left allmulticast mode
[ 1166.937106][T19990] netlink: 8 bytes leftover after parsing attributes in process `syz.4.3264'.
[ 1166.946077][T19990] netlink: 24 bytes leftover after parsing attributes in process `syz.4.3264'.
[ 1167.161501][T19991] overlayfs: failed to resolve './bus': -2
[ 1168.604360][ T5927] usb 6-1: USB disconnect, device number 29
[ 1168.971654][T20034] IPv6: RTM_NEWROUTE with no NLM_F_CREATE or NLM_F_REPLACE
[ 1171.526708][   T24] usb 4-1: new high-speed USB device number 66 using dummy_hcd
[ 1171.808345][   T24] usb 4-1: Using ep0 maxpacket: 8
[ 1171.891494][   T24] usb 4-1: config 1 has an invalid descriptor of length 0, skipping remainder of the config
[ 1171.907371][   T24] usb 4-1: config 1 has 1 interface, different from the descriptor's value: 2
[ 1171.924701][   T24] usb 4-1: config 1 interface 0 altsetting 0 has 0 endpoint descriptors, different from the interface descriptor's value: 1
[ 1172.070829][T20076] iommufd_mock iommufd_mock0: Adding to iommu group 0
[ 1172.614298][   T24] usb 4-1: New USB device found, idVendor=0525, idProduct=a4a1, bcdDevice= 0.40
[ 1172.623580][   T24] usb 4-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[ 1172.631659][   T24] usb 4-1: Product: syz
[ 1172.863231][   T24] usb 4-1: Manufacturer: syz
[ 1172.961178][   T24] usb 4-1: SerialNumber: syz
[ 1173.010913][   T24] cdc_ncm 4-1:1.0: skipping garbage
[ 1173.016399][   T24] cdc_ncm 4-1:1.0: CDC Union missing and no IAD found
[ 1173.023396][   T24] cdc_ncm 4-1:1.0: bind() failure
[ 1173.432140][   T92] usb 3-1: new high-speed USB device number 63 using dummy_hcd
[ 1173.919490][   T92] usb 3-1: Using ep0 maxpacket: 8
[ 1174.059653][   T92] usb 3-1: New USB device found, idVendor=0ccd, idProduct=0039, bcdDevice=90.7b
[ 1174.068825][   T92] usb 3-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[ 1174.140240][   T92] pvrusb2: Hardware description: Terratec Grabster AV400
[ 1174.185448][   T92] pvrusb2: **********
[ 1174.198269][   T92] pvrusb2: ***WARNING*** Support for this device (Terratec Grabster AV400) is experimental.
[ 1174.242618][   T92] pvrusb2: Important functionality might not be entirely working.
[ 1174.266838][   T92] pvrusb2: Please consider contacting the driver author to help with further stabilization of the driver.
[ 1174.326875][   T92] pvrusb2: **********
[ 1174.342057][ T2338] pvrusb2: Invalid write control endpoint
[ 1174.506303][ T2338] pvrusb2: Invalid write control endpoint
[ 1174.528887][ T2338] pvrusb2: ***WARNING*** Detected a wedged cx25840 chip; the device will not work.
[ 1174.574534][   T92] usb 4-1: USB disconnect, device number 66
[ 1174.588947][ T2338] pvrusb2: ***WARNING*** Try power cycling the pvrusb2 device.
[ 1174.589682][T20084] sp0: Synchronizing with TNC
[ 1174.599840][ T2338] pvrusb2: ***WARNING*** Disabling further access to the device to prevent other foul-ups.
[ 1174.623471][ T2338] pvrusb2: Device being rendered inoperable
[ 1174.631202][T20095] loop7: detected capacity change from 0 to 16384
[ 1174.640347][ T2338] cx25840 9-0044: Unable to detect h/w, assuming cx23887
[ 1174.650631][ T2338] cx25840 9-0044: cx23887 A/V decoder found @ 0x88 (pvrusb2_d)
[ 1174.711956][T20099] netlink: 28 bytes leftover after parsing attributes in process `syz.5.3292'.
[ 1174.727170][T20096] loop7: detected capacity change from 16384 to 16383
[ 1174.789312][ T2338] pvrusb2: Attached sub-driver cx25840
[ 1174.799174][T20099] netlink: 16 bytes leftover after parsing attributes in process `syz.5.3292'.
[ 1174.878172][T20083] [U] è
[ 1174.881894][ T2338] pvrusb2: ***WARNING*** pvrusb2 device hardware appears to be jammed and I can't clear it.
[ 1175.063372][ T2338] pvrusb2: You might need to power cycle the pvrusb2 device in order to recover.
[ 1175.164309][T20108] netlink: 8 bytes leftover after parsing attributes in process `syz.0.3295'.
[ 1175.225997][   T92] usb 3-1: USB disconnect, device number 63
[ 1175.415489][T20109] overlayfs: missing 'lowerdir'
[ 1176.921621][ T1300] ieee802154 phy0 wpan0: encryption failed: -22
[ 1176.928046][ T1300] ieee802154 phy1 wpan1: encryption failed: -22
[ 1177.613566][T20134] netlink: 12 bytes leftover after parsing attributes in process `syz.3.3299'.
[ 1177.803465][T20137] netlink: 4 bytes leftover after parsing attributes in process `syz.5.3302'.
[ 1177.876885][T17160] usb 3-1: new high-speed USB device number 64 using dummy_hcd
[ 1177.907575][T20134] netlink: 4 bytes leftover after parsing attributes in process `syz.3.3299'.
[ 1177.973762][T20151] iommufd_mock iommufd_mock0: Adding to iommu group 0
[ 1178.092069][T17160] usb 3-1: config 27 has an invalid descriptor of length 0, skipping remainder of the config
[ 1178.102790][T17160] usb 3-1: config 27 has 0 interfaces, different from the descriptor's value: 1
[ 1178.112573][T17160] usb 3-1: New USB device found, idVendor=0582, idProduct=0014, bcdDevice=bb.9d
[ 1178.206835][T17160] usb 3-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[ 1178.602536][T20143] overlayfs: failed to resolve './file0': -2
[ 1179.156425][T20162] netlink: 8 bytes leftover after parsing attributes in process `syz.0.3308'.
[ 1179.879871][   T92] usb 4-1: new high-speed USB device number 67 using dummy_hcd
[ 1180.185453][T20175] netlink: 4 bytes leftover after parsing attributes in process `syz.4.3312'.
[ 1180.198395][   T92] usb 4-1: Using ep0 maxpacket: 16
[ 1180.235841][   T92] usb 4-1: New USB device found, idVendor=0471, idProduct=0327, bcdDevice=61.a4
[ 1180.284354][   T92] usb 4-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[ 1180.337535][   T92] usb 4-1: config 0 descriptor??
[ 1180.353662][   T92] gspca_main: sonixj-2.14.0 probing 0471:0327
[ 1180.695850][T17160] usb 3-1: USB disconnect, device number 64
[ 1180.877301][T20188] netlink: 8 bytes leftover after parsing attributes in process `syz.2.3316'.
[ 1180.886369][T20188] netlink: 24 bytes leftover after parsing attributes in process `syz.2.3316'.
[ 1181.436786][T17160] usb 6-1: new high-speed USB device number 30 using dummy_hcd
[ 1181.626768][T17160] usb 6-1: Using ep0 maxpacket: 8
[ 1181.642049][T17160] usb 6-1: config 1 has an invalid descriptor of length 0, skipping remainder of the config
[ 1181.658533][T17160] usb 6-1: config 1 has 1 interface, different from the descriptor's value: 2
[ 1181.671898][T17160] usb 6-1: config 1 interface 0 altsetting 0 has 0 endpoint descriptors, different from the interface descriptor's value: 1
[ 1181.707339][T17160] usb 6-1: New USB device found, idVendor=0525, idProduct=a4a1, bcdDevice= 0.40
[ 1181.718152][T17160] usb 6-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[ 1181.742658][T17160] usb 6-1: Product: syz
[ 1181.753911][T17160] usb 6-1: Manufacturer: syz
[ 1181.772894][T17160] usb 6-1: SerialNumber: syz
[ 1181.836239][T17160] cdc_ncm 6-1:1.0: skipping garbage
[ 1181.852463][T17160] cdc_ncm 6-1:1.0: CDC Union missing and no IAD found
[ 1181.879498][T17160] cdc_ncm 6-1:1.0: bind() failure
[ 1182.026771][   T92] gspca_sonixj: reg_w1 err -110
[ 1182.049413][   T92] sonixj 4-1:0.0: probe with driver sonixj failed with error -110
[ 1182.354822][   T30] audit: type=1326 audit(1757118612.862:545): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=20190 comm="syz.2.3317" exe="/root/syz-executor" sig=9 arch=c000003e syscall=231 compat=0 ip=0x7f5b5bf8ebe9 code=0x0
[ 1182.598585][   T92] usb 4-1: USB disconnect, device number 67
[ 1183.152549][   T30] audit: type=1400 audit(1757118613.662:546): avc:  denied  { mounton } for  pid=20196 comm="syz.3.3319" path="/51/file0" dev="tmpfs" ino=288 scontext=root:sysadm_r:sysadm_t tcontext=root:object_r:user_tmpfs_t tclass=fifo_file permissive=1
[ 1183.175547][    C0] vkms_vblank_simulate: vblank timer overrun
[ 1183.225222][T20200] syzkaller1: entered promiscuous mode
[ 1183.231527][T20200] syzkaller1: entered allmulticast mode
[ 1183.487491][   T92] usb 3-1: new high-speed USB device number 65 using dummy_hcd
[ 1183.631566][T17160] usb 6-1: USB disconnect, device number 30
[ 1183.648271][   T92] usb 3-1: config 0 interface 0 altsetting 0 has an endpoint descriptor with address 0xFF, changing to 0x8F
[ 1183.661162][   T92] usb 3-1: config 0 interface 0 altsetting 0 endpoint 0x8F has an invalid bInterval 255, changing to 11
[ 1183.672409][   T92] usb 3-1: config 0 interface 0 altsetting 0 endpoint 0x8F has invalid maxpacket 59391, setting to 1024
[ 1183.685881][   T92] usb 3-1: config 0 interface 0 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 21
[ 1183.700124][   T92] usb 3-1: New USB device found, idVendor=047f, idProduct=ffff, bcdDevice= 0.00
[ 1183.709399][   T92] usb 3-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[ 1183.738493][   T92] usb 3-1: config 0 descriptor??
[ 1183.747279][T20200] raw-gadget.1 gadget.2: fail, usb_ep_enable returned -22
[ 1184.394914][   T92] plantronics 0003:047F:FFFF.0017: reserved main item tag 0xd
[ 1184.720426][T20200] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy
[ 1184.732191][T20200] misc raw-gadget: fail, usb_gadget_register_driver returned -16
[ 1184.794734][   T92] plantronics 0003:047F:FFFF.0017: hiddev0,hidraw0: USB HID v0.40 Device [HID 047f:ffff] on usb-dummy_hcd.2-1/input0
[ 1184.826860][T17160] usb 6-1: new high-speed USB device number 31 using dummy_hcd
[ 1184.865280][   T92] usb 3-1: USB disconnect, device number 65
[ 1184.997504][T17160] usb 6-1: Using ep0 maxpacket: 16
[ 1185.004703][T17160] usb 6-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config
[ 1185.016345][T17160] usb 6-1: config 0 interface 0 altsetting 0 has 0 endpoint descriptors, different from the interface descriptor's value: 3
[ 1185.036310][T17160] usb 6-1: New USB device found, idVendor=0955, idProduct=7214, bcdDevice=ed.00
[ 1185.046347][T17160] usb 6-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[ 1185.103417][T17160] usb 6-1: config 0 descriptor??
[ 1185.224623][T17160] usbhid 6-1:0.0: couldn't find an input interrupt endpoint
[ 1185.464243][   T30] audit: type=1400 audit(1757118615.972:547): avc:  denied  { write } for  pid=20229 comm="syz.4.3328" name="usbmon2" dev="devtmpfs" ino=722 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:usbmon_device_t tclass=chr_file permissive=1
[ 1185.487648][    C0] vkms_vblank_simulate: vblank timer overrun
[ 1187.476384][   T92] usb 6-1: USB disconnect, device number 31
[ 1187.586355][T20252] fuse: Bad value for 'fd'
[ 1187.595408][T20252] netlink: 12 bytes leftover after parsing attributes in process `syz.5.3332'.
[ 1187.639171][ T5857] Bluetooth: hci3: command 0x041b tx timeout
[ 1187.645348][T20226] Bluetooth: hci3: Opcode 0x0c1a failed: -110
[ 1189.103837][T20226] Bluetooth: hci5: Opcode 0x0c1a failed: -4
[ 1189.110963][T20226] Bluetooth: hci0: Opcode 0x0c1a failed: -4
[ 1189.117706][T20226] Bluetooth: hci2: Opcode 0x0c1a failed: -4
[ 1189.123714][T20226] Bluetooth: hci4: Opcode 0x0c1a failed: -4
[ 1189.243521][T20256] FAULT_INJECTION: forcing a failure.
[ 1189.243521][T20256] name failslab, interval 1, probability 0, space 0, times 0
[ 1189.260065][T20256] CPU: 1 UID: 0 PID: 20256 Comm: syz.0.3334 Not tainted syzkaller #0 PREEMPT(full) 
[ 1189.260096][T20256] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 07/12/2025
[ 1189.260108][T20256] Call Trace:
[ 1189.260114][T20256]  <TASK>
[ 1189.260121][T20256]  dump_stack_lvl+0x16c/0x1f0
[ 1189.260151][T20256]  should_fail_ex+0x512/0x640
[ 1189.260173][T20256]  ? kmem_cache_alloc_node_noprof+0x5e/0x3b0
[ 1189.260196][T20256]  should_failslab+0xc2/0x120
[ 1189.260218][T20256]  kmem_cache_alloc_node_noprof+0x71/0x3b0
[ 1189.260237][T20256]  ? __alloc_skb+0x2b2/0x380
[ 1189.260262][T20256]  __alloc_skb+0x2b2/0x380
[ 1189.260282][T20256]  ? __pfx___alloc_skb+0x10/0x10
[ 1189.260305][T20256]  ? __pfx_netlink_autobind.isra.0+0x10/0x10
[ 1189.260335][T20256]  netlink_alloc_large_skb+0x69/0x130
[ 1189.260361][T20256]  netlink_sendmsg+0x6a1/0xdd0
[ 1189.260388][T20256]  ? __pfx_netlink_sendmsg+0x10/0x10
[ 1189.260422][T20256]  ____sys_sendmsg+0xa98/0xc70
[ 1189.260451][T20256]  ? copy_msghdr_from_user+0x10a/0x160
[ 1189.260472][T20256]  ? __pfx_____sys_sendmsg+0x10/0x10
[ 1189.260510][T20256]  ___sys_sendmsg+0x134/0x1d0
[ 1189.260535][T20256]  ? __pfx____sys_sendmsg+0x10/0x10
[ 1189.260584][T20256]  __sys_sendmsg+0x16d/0x220
[ 1189.260605][T20256]  ? __pfx___sys_sendmsg+0x10/0x10
[ 1189.260638][T20256]  do_syscall_64+0xcd/0x4c0
[ 1189.260661][T20256]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[ 1189.260680][T20256] RIP: 0033:0x7fade238ebe9
[ 1189.260697][T20256] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[ 1189.260715][T20256] RSP: 002b:00007fade3142038 EFLAGS: 00000246 ORIG_RAX: 000000000000002e
[ 1189.260733][T20256] RAX: ffffffffffffffda RBX: 00007fade25c5fa0 RCX: 00007fade238ebe9
[ 1189.260746][T20256] RDX: 0000000024000000 RSI: 00002000000001c0 RDI: 0000000000000004
[ 1189.260758][T20256] RBP: 00007fade3142090 R08: 0000000000000000 R09: 0000000000000000
[ 1189.260768][T20256] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[ 1189.260779][T20256] R13: 00007fade25c6038 R14: 00007fade25c5fa0 R15: 00007fffc4fbc668
[ 1189.260803][T20256]  </TASK>
[ 1189.376688][ T5907] usb 5-1: new full-speed USB device number 78 using dummy_hcd
[ 1189.638259][ T5907] usb 5-1: config 1 has an invalid interface number: 128 but max is 1
[ 1189.676491][ T5907] usb 5-1: config 1 has an invalid descriptor of length 0, skipping remainder of the config
[ 1189.686811][T16138] usb 6-1: new high-speed USB device number 32 using dummy_hcd
[ 1189.719363][ T5857] Bluetooth: hci5: command 0x0c1a tx timeout
[ 1189.728284][ T5907] usb 5-1: config 1 has 1 interface, different from the descriptor's value: 2
[ 1189.737877][T20263] iommufd_mock iommufd_mock0: Adding to iommu group 0
[ 1189.746938][ T5907] usb 5-1: config 1 has no interface number 0
[ 1189.753674][ T5907] usb 5-1: config 1 interface 128 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 10
[ 1189.770625][ T5907] usb 5-1: config 1 interface 128 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0
[ 1189.786546][ T5907] usb 5-1: New USB device found, idVendor=0525, idProduct=a4a1, bcdDevice= 0.40
[ 1189.802344][ T5907] usb 5-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[ 1189.810714][ T5907] usb 5-1: Product: syz
[ 1189.814963][ T5907] usb 5-1: Manufacturer: syz
[ 1189.819685][ T5907] usb 5-1: SerialNumber: syz
[ 1189.828936][ T5907] cdc_wdm 5-1:1.128: skipping garbage
[ 1189.856715][T16138] usb 6-1: Using ep0 maxpacket: 32
[ 1189.889835][ T5907] cdc_wdm 5-1:1.128: cdc-wdm0: USB WDM device
[ 1189.908501][T16138] usb 6-1: config 3 has an invalid interface number: 75 but max is 3
[ 1189.917261][ T5907] cdc_wdm 5-1:1.128: Unknown control protocol
[ 1189.923421][T16138] usb 6-1: config 3 has an invalid interface number: 30 but max is 3
[ 1189.934708][T16138] usb 6-1: config 3 contains an unexpected descriptor of type 0x2, skipping
[ 1189.936084][ T5907] usb 5-1: USB disconnect, device number 78
[ 1189.951746][T16138] usb 6-1: config 3 contains an unexpected descriptor of type 0x1, skipping
[ 1189.964431][T16138] usb 6-1: config 3 has an invalid interface number: 231 but max is 3
[ 1189.975264][T16138] usb 6-1: config 3 contains an unexpected descriptor of type 0x1, skipping
[ 1190.004046][T16138] usb 6-1: config 3 contains an unexpected descriptor of type 0x1, skipping
[ 1190.013798][T16138] usb 6-1: config 3 has an invalid interface number: 164 but max is 3
[ 1190.023942][T16138] usb 6-1: config 3 contains an unexpected descriptor of type 0x2, skipping
[ 1190.032959][T16138] usb 6-1: config 3 has an invalid interface number: 110 but max is 3
[ 1190.058072][T16138] usb 6-1: config 3 has 5 interfaces, different from the descriptor's value: 4
[ 1190.099061][T16138] usb 6-1: config 3 has no interface number 0
[ 1190.223645][T16138] usb 6-1: config 3 has no interface number 1
[ 1190.231611][T16138] usb 6-1: config 3 has no interface number 2
[ 1190.239234][T16138] usb 6-1: config 3 has no interface number 3
[ 1190.245836][T16138] usb 6-1: config 3 has no interface number 4
[ 1190.253356][T16138] usb 6-1: config 3 interface 75 altsetting 254 has 2 endpoint descriptors, different from the interface descriptor's value: 12
[ 1190.834650][T16138] usb 6-1: config 3 interface 30 altsetting 74 has a duplicate endpoint with address 0x8, skipping
[ 1190.856759][T16138] usb 6-1: config 3 interface 30 altsetting 74 has an invalid descriptor for endpoint zero, skipping
[ 1190.945244][T16138] usb 6-1: config 3 interface 30 altsetting 74 has a duplicate endpoint with address 0x6, skipping
[ 1190.957308][T16138] usb 6-1: config 3 interface 30 altsetting 74 has a duplicate endpoint with address 0x9, skipping
[ 1190.983457][T16138] usb 6-1: config 3 interface 30 altsetting 74 endpoint 0x2 has an invalid bInterval 249, changing to 11
[ 1191.010896][T16138] usb 6-1: config 3 interface 30 altsetting 74 has a duplicate endpoint with address 0x8, skipping
[ 1191.046311][T16138] usb 6-1: config 3 interface 30 altsetting 74 has a duplicate endpoint with address 0x8, skipping
[ 1191.060218][T16138] usb 6-1: config 3 interface 30 altsetting 74 has 10 endpoint descriptors, different from the interface descriptor's value: 9
[ 1191.100717][T16138] usb 6-1: config 3 interface 231 altsetting 240 has a duplicate endpoint with address 0x6, skipping
[ 1191.126614][T16138] usb 6-1: config 3 interface 231 altsetting 240 has a duplicate endpoint with address 0x7, skipping
[ 1191.140383][T20278] syzkaller1: entered promiscuous mode
[ 1191.198272][ T5857] Bluetooth: hci0: command 0x0c1a tx timeout
[ 1191.204288][T19687] Bluetooth: hci4: command 0x0c1a tx timeout
[ 1191.210282][T13798] Bluetooth: hci2: command 0x0c1a tx timeout
[ 1191.224174][T16138] usb 6-1: config 3 interface 231 altsetting 240 endpoint 0xB has invalid maxpacket 1032, setting to 64
[ 1191.246749][T20278] syzkaller1: entered allmulticast mode
[ 1191.257877][T16138] usb 6-1: config 3 interface 231 altsetting 240 has a duplicate endpoint with address 0x6, skipping
[ 1191.296074][T16138] usb 6-1: config 3 interface 231 altsetting 240 has a duplicate endpoint with address 0x7, skipping
[ 1191.319386][T16138] usb 6-1: config 3 interface 231 altsetting 240 endpoint 0x5 has invalid maxpacket 487, setting to 64
[ 1191.331115][T16138] usb 6-1: config 3 interface 231 altsetting 240 has a duplicate endpoint with address 0x9, skipping
[ 1191.344933][T16138] usb 6-1: config 3 interface 231 altsetting 240 endpoint 0x3 has invalid maxpacket 1024, setting to 64
[ 1191.357517][T16138] usb 6-1: config 3 interface 231 altsetting 240 has a duplicate endpoint with address 0x8, skipping
[ 1191.368533][T16138] usb 6-1: config 3 interface 231 altsetting 240 has a duplicate endpoint with address 0xD, skipping
[ 1191.380853][T16138] usb 6-1: config 3 interface 231 altsetting 240 has a duplicate endpoint with address 0x9, skipping
[ 1191.395186][T16138] usb 6-1: config 3 interface 164 altsetting 9 has an invalid descriptor for endpoint zero, skipping
[ 1191.406715][T16138] usb 6-1: config 3 interface 164 altsetting 9 has a duplicate endpoint with address 0xE, skipping
[ 1191.421647][T16138] usb 6-1: config 3 interface 164 altsetting 9 has a duplicate endpoint with address 0x5, skipping
[ 1191.436349][T16138] usb 6-1: config 3 interface 164 altsetting 9 has an invalid descriptor for endpoint zero, skipping
[ 1191.448750][T16138] usb 6-1: config 3 interface 164 altsetting 9 has a duplicate endpoint with address 0x6, skipping
[ 1191.461589][T16138] usb 6-1: config 3 interface 164 altsetting 9 has a duplicate endpoint with address 0x5, skipping
[ 1191.475016][T16138] usb 6-1: config 3 interface 164 altsetting 9 has an invalid descriptor for endpoint zero, skipping
[ 1191.487734][T16138] usb 6-1: config 3 interface 164 altsetting 9 has a duplicate endpoint with address 0x9, skipping
[ 1191.498704][T16138] usb 6-1: config 3 interface 110 altsetting 9 has a duplicate endpoint with address 0xD, skipping
[ 1191.509614][T16138] usb 6-1: config 3 interface 110 altsetting 9 has an invalid descriptor for endpoint zero, skipping
[ 1191.520810][T16138] usb 6-1: config 3 interface 110 altsetting 9 has a duplicate endpoint with address 0xE, skipping
[ 1191.531613][T16138] usb 6-1: config 3 interface 110 altsetting 9 has a duplicate endpoint with address 0xB, skipping
[ 1191.542386][T16138] usb 6-1: config 3 interface 75 has no altsetting 0
[ 1191.549148][T16138] usb 6-1: config 3 interface 30 has no altsetting 0
[ 1191.555921][T16138] usb 6-1: config 3 interface 231 has no altsetting 0
[ 1191.564994][T16138] usb 6-1: config 3 interface 164 has no altsetting 0
[ 1191.571852][T16138] usb 6-1: config 3 interface 110 has no altsetting 0
[ 1191.595549][T16138] usb 6-1: New USB device found, idVendor=1645, idProduct=8093, bcdDevice=95.c9
[ 1191.605009][T16138] usb 6-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[ 1191.610890][   T92] usb 3-1: new high-speed USB device number 66 using dummy_hcd
[ 1191.616286][T16138] usb 6-1: Product: 䶡ꢠᗂ겺촬鲎簫�脋峇粋鴮疚㻘錅ᙡ秌䘢ﳢ戅儌셛貫韷��ҋ풎芣る�뛀놟�⑅맵킘잽黺쟻믒뜛꒓�ⅰ䄉࠷Ὂ๙홮㾑�觢墓泣䓓⧘ᄧ歊�芠ᔧ汅�ꀹᚉ墉瓛起ট㪑ꔨ�뼷ﮋ娵쎱滺䮨밶৮餥頊䚀럹쇞ꕦ񫜾रᬠ懪맀侻ﾙ乆糃�椘㼧ᤨ豢
[ 1191.654213][T16138] usb 6-1: Manufacturer: ã �
[ 1191.659674][T16138] usb 6-1: SerialNumber: �
[ 1191.796432][   T92] usb 3-1: config 0 interface 0 altsetting 0 has an endpoint descriptor with address 0xFF, changing to 0x8F
[ 1191.808238][   T92] usb 3-1: config 0 interface 0 altsetting 0 endpoint 0x8F has an invalid bInterval 255, changing to 11
[ 1191.874853][T16138] keyspan_pda 6-1:3.75: Keyspan PDA - (prerenumeration) converter detected
[ 1191.895217][   T92] usb 3-1: config 0 interface 0 altsetting 0 endpoint 0x8F has invalid maxpacket 59391, setting to 1024
[ 1191.911202][   T92] usb 3-1: config 0 interface 0 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 21
[ 1191.924341][   T92] usb 3-1: New USB device found, idVendor=047f, idProduct=ffff, bcdDevice= 0.00
[ 1191.933626][   T92] usb 3-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[ 1191.941789][T16138] usb 6-1: ezusb_set_reset-1 failed: -71
[ 1191.999339][T16138] usb 6-1: Direct firmware load for keyspan_pda/xircom_pgs.fw failed with error -2
[ 1192.020217][T16138] usb 6-1: Falling back to sysfs fallback for: keyspan_pda/xircom_pgs.fw
[ 1192.022702][   T92] usb 3-1: config 0 descriptor??
[ 1192.031997][   T30] audit: type=1400 audit(1757118622.532:548): avc:  denied  { firmware_load } for  pid=16138 comm="kworker/0:1" scontext=system_u:system_r:kernel_t tcontext=system_u:system_r:kernel_t tclass=system permissive=1
[ 1192.089323][T20278] raw-gadget.0 gadget.2: fail, usb_ep_enable returned -22
[ 1192.523119][   T92] plantronics 0003:047F:FFFF.0018: reserved main item tag 0xd
[ 1192.543960][   T92] plantronics 0003:047F:FFFF.0018: hiddev0,hidraw0: USB HID v0.40 Device [HID 047f:ffff] on usb-dummy_hcd.2-1/input0
[ 1192.720335][   T30] audit: type=1400 audit(1757118623.212:549): avc:  denied  { setattr } for  pid=20294 comm="syz.5.3344" name="card1" dev="devtmpfs" ino=628 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:dri_device_t tclass=chr_file permissive=1
[ 1194.126679][T20289] Bluetooth: hci3: Opcode 0x0c1a failed: -110
[ 1194.126832][ T5857] Bluetooth: hci3: command 0x041b tx timeout
[ 1194.599654][T20289] Bluetooth: hci5: Opcode 0x0c1a failed: -4
[ 1194.606369][T20289] Bluetooth: hci0: Opcode 0x0c1a failed: -4
[ 1194.612536][T20289] Bluetooth: hci2: Opcode 0x0c1a failed: -4
[ 1194.620690][T20289] Bluetooth: hci4: Opcode 0x0c1a failed: -4
[ 1194.717386][ T5927] usb 3-1: USB disconnect, device number 66
[ 1194.890240][T20310] netlink: 16 bytes leftover after parsing attributes in process `syz.4.3347'.
[ 1196.204305][ T5857] Bluetooth: hci5: command 0x0c1a tx timeout
[ 1196.354670][T20328] netlink: 16 bytes leftover after parsing attributes in process `syz.2.3351'.
[ 1196.797535][ T5857] Bluetooth: hci4: command 0x0c1a tx timeout
[ 1196.812289][T19687] Bluetooth: hci0: command 0x0c1a tx timeout
[ 1196.818421][T19687] Bluetooth: hci2: command 0x0c1a tx timeout
[ 1196.978147][T20344] netlink: 8 bytes leftover after parsing attributes in process `syz.4.3353'.
[ 1196.987203][T20344] netlink: 24 bytes leftover after parsing attributes in process `syz.4.3353'.
[ 1197.166815][T17160] usb 3-1: new high-speed USB device number 67 using dummy_hcd
[ 1197.316866][T17160] usb 3-1: Using ep0 maxpacket: 16
[ 1197.324153][T17160] usb 3-1: config 0 interface 0 altsetting 0 has 0 endpoint descriptors, different from the interface descriptor's value: 3
[ 1197.345936][T17160] usb 3-1: New USB device found, idVendor=0955, idProduct=7214, bcdDevice=ed.00
[ 1197.374852][T17160] usb 3-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[ 1197.421739][T17160] usb 3-1: config 0 descriptor??
[ 1197.440116][T17160] usbhid 3-1:0.0: couldn't find an input interrupt endpoint
[ 1197.820338][T20352] netlink: 'syz.4.3357': attribute type 29 has an invalid length.
[ 1197.829657][T20352] netlink: 'syz.4.3357': attribute type 3 has an invalid length.
[ 1197.979736][T20349] Bluetooth: hci3: Opcode 0x0c1a failed: -4
[ 1197.988433][T20349] Bluetooth: hci5: Opcode 0x0c1a failed: -4
[ 1197.995491][T20349] Bluetooth: hci0: Opcode 0x0c1a failed: -4
[ 1198.003523][T20349] Bluetooth: hci2: Opcode 0x0c1a failed: -4
[ 1198.011006][T20349] Bluetooth: hci4: Opcode 0x0c1a failed: -4
[ 1198.017755][T20352] netlink: 76 bytes leftover after parsing attributes in process `syz.4.3357'.
[ 1198.082961][T20356] syzkaller1: entered promiscuous mode
[ 1198.095339][T20356] syzkaller1: entered allmulticast mode
[ 1198.756679][   T24] usb 5-1: new high-speed USB device number 79 using dummy_hcd
[ 1198.952037][   T30] audit: type=1400 audit(1757118629.462:550): avc:  denied  { module_load } for  pid=20365 comm="syz.0.3362" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=system permissive=1
[ 1198.979776][   T24] usb 5-1: config 0 interface 0 altsetting 0 has an endpoint descriptor with address 0xFF, changing to 0x8F
[ 1198.994624][T20366] Invalid ELF header type: 2 != 1
[ 1199.011014][   T24] usb 5-1: config 0 interface 0 altsetting 0 endpoint 0x8F has an invalid bInterval 255, changing to 11
[ 1199.022277][   T30] audit: type=1400 audit(1757118629.522:551): avc:  denied  { ioctl } for  pid=20365 comm="syz.0.3362" path="/dev/usbmon7" dev="devtmpfs" ino=737 ioctlcmd=0x9206 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:usbmon_device_t tclass=chr_file permissive=1
[ 1199.052506][   T24] usb 5-1: config 0 interface 0 altsetting 0 endpoint 0x8F has invalid maxpacket 59391, setting to 1024
[ 1199.065507][   T24] usb 5-1: config 0 interface 0 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 21
[ 1199.084019][   T24] usb 5-1: New USB device found, idVendor=047f, idProduct=ffff, bcdDevice= 0.00
[ 1199.094866][   T24] usb 5-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[ 1199.111684][   T24] usb 5-1: config 0 descriptor??
[ 1199.132412][T20356] raw-gadget.1 gadget.4: fail, usb_ep_enable returned -22
[ 1199.322270][ T5857] Bluetooth: hci1: unexpected cc 0x0c03 length: 249 > 1
[ 1199.333419][ T5857] Bluetooth: hci1: unexpected cc 0x1003 length: 249 > 9
[ 1199.343312][ T5857] Bluetooth: hci1: unexpected cc 0x1001 length: 249 > 9
[ 1199.351231][ T5857] Bluetooth: hci1: unexpected cc 0x0c23 length: 249 > 4
[ 1199.360077][ T5857] Bluetooth: hci1: unexpected cc 0x0c38 length: 249 > 2
[ 1199.416448][T20368] lo speed is unknown, defaulting to 1000
[ 1199.555343][   T24] plantronics 0003:047F:FFFF.0019: reserved main item tag 0xd
[ 1199.645385][   T24] plantronics 0003:047F:FFFF.0019: hiddev0,hidraw0: USB HID v0.40 Device [HID 047f:ffff] on usb-dummy_hcd.4-1/input0
[ 1199.765532][T20356] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy
[ 1199.787172][T20356] misc raw-gadget: fail, usb_gadget_register_driver returned -16
[ 1199.800262][T18438] Bluetooth: hci3: command 0x041b tx timeout
[ 1199.829040][T20368] chnl_net:caif_netlink_parms(): no params data found
[ 1199.920080][   T24] usb 5-1: USB disconnect, device number 79
[ 1199.964469][T17160] usb 3-1: USB disconnect, device number 67
[ 1199.997561][T20368] bridge0: port 1(bridge_slave_0) entered blocking state
[ 1200.012923][T20368] bridge0: port 1(bridge_slave_0) entered disabled state
[ 1200.029842][T20368] bridge_slave_0: entered allmulticast mode
[ 1200.036720][T18438] Bluetooth: hci4: command 0x0c1a tx timeout
[ 1200.036765][ T5857] Bluetooth: hci2: command 0x0c1a tx timeout
[ 1200.042764][T19687] Bluetooth: hci0: command 0x0c1a tx timeout
[ 1200.049144][ T5857] Bluetooth: hci5: command 0x0c1a tx timeout
[ 1200.061114][T20368] bridge_slave_0: entered promiscuous mode
[ 1200.069015][T20368] bridge0: port 2(bridge_slave_1) entered blocking state
[ 1200.076203][T20368] bridge0: port 2(bridge_slave_1) entered disabled state
[ 1200.083777][T20368] bridge_slave_1: entered allmulticast mode
[ 1200.091150][T20368] bridge_slave_1: entered promiscuous mode
[ 1200.118115][T20368] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link
[ 1200.129571][T20368] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link
[ 1200.154353][T20368] team0: Port device team_slave_0 added
[ 1200.162760][T20368] team0: Port device team_slave_1 added
[ 1200.182049][T20368] batman_adv: batadv0: Adding interface: batadv_slave_0
[ 1200.189767][T20368] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[ 1200.215925][T20368] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active
[ 1200.230948][T20368] batman_adv: batadv0: Adding interface: batadv_slave_1
[ 1200.237971][T20368] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[ 1200.264161][T20368] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active
[ 1200.301062][T20368] hsr_slave_0: entered promiscuous mode
[ 1200.307283][T20368] hsr_slave_1: entered promiscuous mode
[ 1200.313184][T20368] debugfs: 'hsr0' already exists in 'hsr'
[ 1200.319186][T20368] Cannot create hsr debugfs directory
[ 1200.360908][T17160] usb 3-1: new high-speed USB device number 68 using dummy_hcd
[ 1200.447390][T20368] netdevsim netdevsim6 netdevsim0: renamed from eth0
[ 1200.456754][T20368] netdevsim netdevsim6 netdevsim1: renamed from eth1
[ 1200.468561][T20368] netdevsim netdevsim6 netdevsim2: renamed from eth2
[ 1200.477983][T20368] netdevsim netdevsim6 netdevsim3: renamed from eth3
[ 1200.501342][T20368] bridge0: port 2(bridge_slave_1) entered blocking state
[ 1200.508442][T20368] bridge0: port 2(bridge_slave_1) entered forwarding state
[ 1200.516841][T20368] bridge0: port 1(bridge_slave_0) entered blocking state
[ 1200.523906][T20368] bridge0: port 1(bridge_slave_0) entered forwarding state
[ 1200.531372][T17160] usb 3-1: Using ep0 maxpacket: 16
[ 1200.543628][T17160] usb 3-1: config 1 has an invalid descriptor of length 150, skipping remainder of the config
[ 1200.554207][T17160] usb 3-1: config 1 has 1 interface, different from the descriptor's value: 3
[ 1200.574479][   T36] bridge0: port 1(bridge_slave_0) entered disabled state
[ 1200.585898][T17160] usb 3-1: New USB device found, idVendor=1d6b, idProduct=0101, bcdDevice= 0.40
[ 1200.598882][T17160] usb 3-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[ 1200.607409][T17160] usb 3-1: Product: syz
[ 1200.611678][T17160] usb 3-1: Manufacturer: syz
[ 1200.612204][   T36] bridge0: port 2(bridge_slave_1) entered disabled state
[ 1200.616267][T17160] usb 3-1: SerialNumber: syz
[ 1200.655164][T20387] overlayfs: missing 'lowerdir'
[ 1200.976781][T17160] usb 3-1: 0:2 : does not exist
[ 1201.004203][T17160] usb 3-1: USB disconnect, device number 68
[ 1201.091151][T20368] 8021q: adding VLAN 0 to HW filter on device bond0
[ 1201.122672][ T6227] udevd[6227]: error opening ATTR{/sys/devices/platform/dummy_hcd.2/usb3/3-1/3-1:1.0/sound/card3/controlC3/../uevent} for writing: No such file or directory
[ 1201.177849][T20368] 8021q: adding VLAN 0 to HW filter on device team0
[ 1201.212991][ T6630] bridge0: port 1(bridge_slave_0) entered blocking state
[ 1201.220169][ T6630] bridge0: port 1(bridge_slave_0) entered forwarding state
[ 1201.261349][   T36] bridge0: port 2(bridge_slave_1) entered blocking state
[ 1201.268497][   T36] bridge0: port 2(bridge_slave_1) entered forwarding state
[ 1201.324169][T20368] hsr0: Slave B (hsr_slave_1) is not up; please bring it up to get a fully working HSR network
[ 1201.477944][ T5857] Bluetooth: hci1: command tx timeout
[ 1201.536221][T20368] 8021q: adding VLAN 0 to HW filter on device batadv0
[ 1201.814618][T20397] qnx6: unable to read the first superblock
[ 1201.935828][T20407] syz_tun: entered allmulticast mode
[ 1202.104987][T20404] syz_tun: left allmulticast mode
[ 1202.211221][T20368] veth0_vlan: entered promiscuous mode
[ 1202.244162][T20368] veth1_vlan: entered promiscuous mode
[ 1202.331367][T20368] veth0_macvtap: entered promiscuous mode
[ 1202.352345][T20368] veth1_macvtap: entered promiscuous mode
[ 1203.029502][T20422] syz_tun: entered allmulticast mode
[ 1203.072679][T20368] batman_adv: batadv0: Interface activated: batadv_slave_0
[ 1203.130828][T20368] batman_adv: batadv0: Interface activated: batadv_slave_1
[ 1203.210626][T20411] syz_tun: left allmulticast mode
[ 1203.582561][ T5857] Bluetooth: hci1: command tx timeout
[ 1203.623593][   T36] netdevsim netdevsim6 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0
[ 1203.632726][   T36] netdevsim netdevsim6 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0
[ 1203.756531][   T36] netdevsim netdevsim6 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0
[ 1203.851598][   T36] netdevsim netdevsim6 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0
[ 1203.862629][   T12] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[ 1203.878087][   T12] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50
[ 1203.919711][ T6630] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[ 1203.930907][ T6630] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50
[ 1204.326830][T19359] usb 5-1: new high-speed USB device number 80 using dummy_hcd
[ 1204.476698][T19359] usb 5-1: Using ep0 maxpacket: 16
[ 1204.518887][T19359] usb 5-1: config 0 interface 0 altsetting 0 has 0 endpoint descriptors, different from the interface descriptor's value: 3
[ 1204.563888][T19359] usb 5-1: New USB device found, idVendor=0955, idProduct=7214, bcdDevice=ed.00
[ 1204.576319][T20443] overlayfs: missing 'lowerdir'
[ 1204.585987][T19359] usb 5-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[ 1204.673574][T19359] usb 5-1: config 0 descriptor??
[ 1204.756786][T20447] netlink: 'syz.0.3376': attribute type 1 has an invalid length.
[ 1204.764777][T20447] netlink: 396 bytes leftover after parsing attributes in process `syz.0.3376'.
[ 1204.767596][T19359] usbhid 5-1:0.0: couldn't find an input interrupt endpoint
[ 1205.662584][ T5857] Bluetooth: hci1: command tx timeout
[ 1206.851549][T20468] iommufd_mock iommufd_mock0: Adding to iommu group 0
[ 1206.923673][ T5927] usb 3-1: new high-speed USB device number 69 using dummy_hcd
[ 1207.091251][ T5907] usb 5-1: USB disconnect, device number 80
[ 1207.097396][ T5927] usb 3-1: Using ep0 maxpacket: 16
[ 1207.105148][ T5927] usb 3-1: New USB device found, idVendor=0471, idProduct=0327, bcdDevice=61.a4
[ 1207.114797][ T5927] usb 3-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[ 1207.154500][ T5927] usb 3-1: config 0 descriptor??
[ 1207.179519][ T5927] gspca_main: sonixj-2.14.0 probing 0471:0327
[ 1207.648544][ T5927] gspca_sonixj: reg_r err -32
[ 1207.653395][ T5927] sonixj 3-1:0.0: probe with driver sonixj failed with error -32
[ 1207.716656][ T5857] Bluetooth: hci1: command tx timeout
[ 1208.255105][ T5956] libceph: connect (1)[c::]:6789 error -101
[ 1208.261277][ T5956] libceph: mon0 (1)[c::]:6789 connect error
[ 1208.290011][T20485] ceph: No mds server is up or the cluster is laggy
[ 1208.619655][T20495] qnx6: unable to read the first superblock
[ 1208.699479][T20498] overlayfs: missing 'lowerdir'
[ 1209.612854][T17160] usb 3-1: USB disconnect, device number 69
[ 1210.485718][T20515] UBIFS error (pid: 20515): cannot open "c:::", error -22
[ 1211.456644][T20526] netlink: 8 bytes leftover after parsing attributes in process `syz.0.3395'.
[ 1211.502410][T20527] netlink: 8 bytes leftover after parsing attributes in process `syz.4.3396'.
[ 1213.166758][T20551] Bluetooth: hci3: Opcode 0x0c1a failed: -4
[ 1213.182906][T20551] Bluetooth: hci5: Opcode 0x0c1a failed: -4
[ 1213.191535][T20551] Bluetooth: hci0: Opcode 0x0c1a failed: -4
[ 1213.202515][T20551] Bluetooth: hci2: Opcode 0x0c1a failed: -4
[ 1213.209707][T20551] Bluetooth: hci4: Opcode 0x0c1a failed: -4
[ 1213.215875][T20551] Bluetooth: hci1: Opcode 0x0c1a failed: -4
[ 1213.223242][T20551] Bluetooth: hci1: Opcode 0x0406 failed: -4
[ 1213.288114][T20551] Bluetooth: hci1: Opcode 0x0406 failed: -4
[ 1213.325165][T20557] IPv6: RTM_NEWROUTE with no NLM_F_CREATE or NLM_F_REPLACE
[ 1213.332415][T20557] IPv6: NLM_F_CREATE should be set when creating new route
[ 1213.446800][   T24] IPVS: starting estimator thread 0...
[ 1214.395339][T20559] IPVS: using max 74 ests per chain, 177600 per kthread
[ 1215.359633][ T5857] Bluetooth: hci3: command 0x041b tx timeout
[ 1215.388181][ T5857] Bluetooth: hci5: command 0x0c1a tx timeout
[ 1215.394407][ T5857] Bluetooth: hci1: command 0x0c1a tx timeout
[ 1215.400586][ T5857] Bluetooth: hci4: command 0x0c1a tx timeout
[ 1215.406638][T19687] Bluetooth: hci2: command 0x0c1a tx timeout
[ 1215.412660][ T5857] Bluetooth: hci0: command 0x0c1a tx timeout
[ 1216.754801][T20588] syzkaller1: entered promiscuous mode
[ 1216.793595][T20588] syzkaller1: entered allmulticast mode
[ 1217.477894][T18438] Bluetooth: hci1: command 0x0c1a tx timeout
[ 1218.923372][T20614] overlayfs: missing 'lowerdir'
[ 1219.559082][T18438] Bluetooth: hci1: command 0x0c1a tx timeout
[ 1219.728898][T20621] netlink: 4 bytes leftover after parsing attributes in process `syz.4.3421'.
[ 1219.772387][T20621] batman_adv: batadv0: Interface deactivated: batadv_slave_0
[ 1219.789949][T20621] batman_adv: batadv0: Removing interface: batadv_slave_0
[ 1219.803104][T20621] batman_adv: batadv0: Interface deactivated: batadv_slave_1
[ 1219.812255][T20621] batman_adv: batadv0: Removing interface: batadv_slave_1
[ 1219.986792][T17160] usb 7-1: new high-speed USB device number 2 using dummy_hcd
[ 1220.091348][T20631] Bluetooth: hci3: Opcode 0x0c1a failed: -4
[ 1220.115572][T20631] Bluetooth: hci5: Opcode 0x0c1a failed: -4
[ 1220.125745][T20631] Bluetooth: hci0: Opcode 0x0c1a failed: -4
[ 1220.136081][T20631] Bluetooth: hci2: Opcode 0x0c1a failed: -4
[ 1220.143559][T20631] Bluetooth: hci4: Opcode 0x0c1a failed: -4
[ 1220.150290][T20631] Bluetooth: hci1: Opcode 0x0c1a failed: -4
[ 1220.262315][T17160] usb 7-1: Using ep0 maxpacket: 8
[ 1220.292268][   T30] audit: type=1400 audit(1757118650.802:552): avc:  denied  { write } for  pid=20637 comm="syz.2.3426" scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:unlabeled_t tclass=socket permissive=1
[ 1220.325889][T17160] usb 7-1: New USB device found, idVendor=0ccd, idProduct=0039, bcdDevice=90.7b
[ 1220.338239][T17160] usb 7-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[ 1220.351955][   T30] audit: type=1400 audit(1757118650.832:553): avc:  denied  { read } for  pid=20637 comm="syz.2.3426" scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:unlabeled_t tclass=socket permissive=1
[ 1220.476366][T17160] pvrusb2: Hardware description: Terratec Grabster AV400
[ 1220.487338][T17160] pvrusb2: **********
[ 1220.524104][T17160] pvrusb2: ***WARNING*** Support for this device (Terratec Grabster AV400) is experimental.
[ 1220.549819][T17160] pvrusb2: Important functionality might not be entirely working.
[ 1220.558058][T17160] pvrusb2: Please consider contacting the driver author to help with further stabilization of the driver.
[ 1220.570621][T17160] pvrusb2: **********
[ 1220.691443][ T2338] pvrusb2: Invalid write control endpoint
[ 1220.835886][ T2338] pvrusb2: Invalid write control endpoint
[ 1220.862151][ T2338] pvrusb2: ***WARNING*** Detected a wedged cx25840 chip; the device will not work.
[ 1220.874034][ T2338] pvrusb2: ***WARNING*** Try power cycling the pvrusb2 device.
[ 1220.883799][ T2338] pvrusb2: ***WARNING*** Disabling further access to the device to prevent other foul-ups.
[ 1221.217228][T20628] sp0: Synchronizing with TNC
[ 1221.221252][ T2338] pvrusb2: Device being rendered inoperable
[ 1221.466774][ T2338] cx25840 9-0044: Unable to detect h/w, assuming cx23887
[ 1221.504218][ T2338] cx25840 9-0044: cx23887 A/V decoder found @ 0x88 (pvrusb2_d)
[ 1221.597274][ T2338] pvrusb2: Attached sub-driver cx25840
[ 1221.754523][ T2338] pvrusb2: ***WARNING*** pvrusb2 device hardware appears to be jammed and I can't clear it.
[ 1221.784592][T20627] [U] è
[ 1221.837605][ T5927] usb 3-1: new full-speed USB device number 70 using dummy_hcd
[ 1221.940611][ T2338] pvrusb2: You might need to power cycle the pvrusb2 device in order to recover.
[ 1221.953574][ T5956] usb 7-1: USB disconnect, device number 2
[ 1222.011906][ T5927] usb 3-1: config 1 has an invalid interface number: 128 but max is 1
[ 1222.020401][ T5927] usb 3-1: config 1 has an invalid descriptor of length 0, skipping remainder of the config
[ 1222.036838][ T5857] Bluetooth: hci3: command 0x041b tx timeout
[ 1222.446873][ T5927] usb 3-1: config 1 has 1 interface, different from the descriptor's value: 2
[ 1222.448629][ T5857] Bluetooth: hci1: command 0x0c1a tx timeout
[ 1222.455876][ T5927] usb 3-1: config 1 has no interface number 0
[ 1222.461830][ T5857] Bluetooth: hci4: command 0x0c1a tx timeout
[ 1222.473984][ T5857] Bluetooth: hci2: command 0x0c1a tx timeout
[ 1222.479989][ T5857] Bluetooth: hci0: command 0x0c1a tx timeout
[ 1222.485950][ T5857] Bluetooth: hci5: command 0x0c1a tx timeout
[ 1222.527692][ T5927] usb 3-1: config 1 interface 128 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 10
[ 1222.872218][ T5927] usb 3-1: config 1 interface 128 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0
[ 1222.969372][ T5927] usb 3-1: New USB device found, idVendor=0525, idProduct=a4a1, bcdDevice= 0.40
[ 1223.002545][ T5927] usb 3-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[ 1223.195666][ T5927] usb 3-1: Product: syz
[ 1223.301430][T20675] syzkaller1: entered promiscuous mode
[ 1223.424026][T20675] syzkaller1: entered allmulticast mode
[ 1223.856728][   T24] usb 5-1: new high-speed USB device number 81 using dummy_hcd
[ 1224.112658][ T5927] usb 3-1: Manufacturer: syz
[ 1224.153296][ T5927] usb 3-1: SerialNumber: syz
[ 1224.200056][ T5927] cdc_wdm 3-1:1.128: skipping garbage
[ 1224.586023][   T24] usb 5-1: config 0 interface 0 altsetting 0 has an endpoint descriptor with address 0xFF, changing to 0x8F
[ 1224.637152][ T5927] cdc_wdm 3-1:1.128: cdc-wdm0: USB WDM device
[ 1224.643679][ T5927] cdc_wdm 3-1:1.128: Unknown control protocol
[ 1224.658375][   T24] usb 5-1: config 0 interface 0 altsetting 0 endpoint 0x8F has an invalid bInterval 255, changing to 11
[ 1224.693246][   T24] usb 5-1: config 0 interface 0 altsetting 0 endpoint 0x8F has invalid maxpacket 59391, setting to 1024
[ 1224.694096][ T5927] usb 3-1: USB disconnect, device number 70
[ 1224.808313][T20692] netlink: 8 bytes leftover after parsing attributes in process `syz.5.3440'.
[ 1224.815261][   T24] usb 5-1: config 0 interface 0 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 21
[ 1225.070018][   T24] usb 5-1: New USB device found, idVendor=047f, idProduct=ffff, bcdDevice= 0.00
[ 1225.090842][   T24] usb 5-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[ 1225.126340][   T24] usb 5-1: config 0 descriptor??
[ 1225.133161][T20675] raw-gadget.1 gadget.4: fail, usb_ep_enable returned -22
[ 1225.705426][T20675] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy
[ 1225.732031][T20675] misc raw-gadget: fail, usb_gadget_register_driver returned -16
[ 1226.380833][   T24] usbhid 5-1:0.0: can't add hid device: -71
[ 1226.400223][   T24] usbhid 5-1:0.0: probe with driver usbhid failed with error -71
[ 1226.446995][   T24] usb 5-1: USB disconnect, device number 81
[ 1226.463461][T20705] input: syz1 as /devices/virtual/input/input35
[ 1227.300108][   T30] audit: type=1400 audit(1757118657.812:554): avc:  denied  { append } for  pid=20714 comm="syz.6.3446" name="fb0" dev="devtmpfs" ino=629 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:framebuf_device_t tclass=chr_file permissive=1
[ 1227.573558][T20715] Bluetooth: hci3: Opcode 0x0c1a failed: -4
[ 1227.613029][T20715] Bluetooth: hci5: Opcode 0x0c1a failed: -4
[ 1227.623787][T20715] Bluetooth: hci0: Opcode 0x0c1a failed: -4
[ 1227.634427][T20715] Bluetooth: hci2: Opcode 0x0c1a failed: -4
[ 1227.699676][T20715] Bluetooth: hci4: Opcode 0x0c1a failed: -4
[ 1227.771100][T20727] netlink: 8 bytes leftover after parsing attributes in process `syz.4.3448'.
[ 1227.780268][T20727] netlink: 24 bytes leftover after parsing attributes in process `syz.4.3448'.
[ 1228.004195][T20715] Bluetooth: hci1: Opcode 0x0c1a failed: -4
[ 1228.286792][   T24] usb 7-1: new high-speed USB device number 3 using dummy_hcd
[ 1228.406879][T19359] usb 5-1: new full-speed USB device number 82 using dummy_hcd
[ 1228.457501][   T24] usb 7-1: Using ep0 maxpacket: 8
[ 1228.475319][   T24] usb 7-1: New USB device found, idVendor=0ccd, idProduct=0039, bcdDevice=90.7b
[ 1228.492881][   T24] usb 7-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[ 1228.532203][   T24] pvrusb2: Hardware description: Terratec Grabster AV400
[ 1228.540896][   T24] pvrusb2: **********
[ 1228.545487][   T24] pvrusb2: ***WARNING*** Support for this device (Terratec Grabster AV400) is experimental.
[ 1228.561965][   T24] pvrusb2: Important functionality might not be entirely working.
[ 1228.572878][   T24] pvrusb2: Please consider contacting the driver author to help with further stabilization of the driver.
[ 1228.584894][   T24] pvrusb2: **********
[ 1228.591588][T19359] usb 5-1: config 1 has an invalid interface number: 128 but max is 1
[ 1228.604892][T19359] usb 5-1: config 1 has an invalid descriptor of length 0, skipping remainder of the config
[ 1228.616737][T19359] usb 5-1: config 1 has 1 interface, different from the descriptor's value: 2
[ 1228.629092][T19359] usb 5-1: config 1 has no interface number 0
[ 1228.635980][T19359] usb 5-1: config 1 interface 128 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 10
[ 1228.649061][T19359] usb 5-1: config 1 interface 128 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0
[ 1228.663054][T19359] usb 5-1: New USB device found, idVendor=0525, idProduct=a4a1, bcdDevice= 0.40
[ 1228.675666][T19359] usb 5-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[ 1228.686581][T19359] usb 5-1: Product: syz
[ 1228.695713][T19359] usb 5-1: Manufacturer: syz
[ 1228.724976][T19359] usb 5-1: SerialNumber: syz
[ 1228.733188][ T2338] pvrusb2: Invalid write control endpoint
[ 1228.759335][T19359] cdc_wdm 5-1:1.128: skipping garbage
[ 1228.783290][T19359] cdc_wdm 5-1:1.128: cdc-wdm0: USB WDM device
[ 1228.800237][T19359] cdc_wdm 5-1:1.128: Unknown control protocol
[ 1228.962800][T19359] usb 5-1: USB disconnect, device number 82
[ 1228.975086][T20724] sp0: Synchronizing with TNC
[ 1229.541916][ T2338] pvrusb2: Invalid write control endpoint
[ 1229.588957][T20723] [U] è
[ 1229.608371][ T2338] pvrusb2: ***WARNING*** Detected a wedged cx25840 chip; the device will not work.
[ 1229.636839][T18438] Bluetooth: hci0: command 0x0c1a tx timeout
[ 1229.636915][ T5857] Bluetooth: hci5: command 0x0c1a tx timeout
[ 1229.642976][T19687] Bluetooth: hci3: command 0x041b tx timeout
[ 1229.701461][ T2338] pvrusb2: ***WARNING*** Try power cycling the pvrusb2 device.
[ 1229.710181][ T2338] pvrusb2: ***WARNING*** Disabling further access to the device to prevent other foul-ups.
[ 1229.720560][T18438] Bluetooth: hci4: command 0x0c1a tx timeout
[ 1229.726533][T18438] Bluetooth: hci2: command 0x0c1a tx timeout
[ 1229.737119][ T2338] pvrusb2: Device being rendered inoperable
[ 1229.744912][ T2338] cx25840 9-0044: Unable to detect h/w, assuming cx23887
[ 1229.752093][ T2338] cx25840 9-0044: cx23887 A/V decoder found @ 0x88 (pvrusb2_d)
[ 1229.760612][ T2338] pvrusb2: Attached sub-driver cx25840
[ 1229.766072][ T2338] pvrusb2: ***WARNING*** pvrusb2 device hardware appears to be jammed and I can't clear it.
[ 1229.811597][ T2338] pvrusb2: You might need to power cycle the pvrusb2 device in order to recover.
[ 1229.843547][ T5907] usb 7-1: USB disconnect, device number 3
[ 1229.998436][T20743] netlink: 8 bytes leftover after parsing attributes in process `syz.2.3453'.
[ 1230.037765][T18438] Bluetooth: hci1: command 0x0c1a tx timeout
[ 1230.348876][T20749] qnx6: unable to read the first superblock
[ 1230.377308][T20749] siw: device registration error -23
[ 1230.385675][T20749] futex_wake_op: syz.0.3455 tries to shift op by 144; fix this program
[ 1232.180871][T20767] netlink: 8 bytes leftover after parsing attributes in process `syz.6.3459'.
[ 1232.190121][T20767] netlink: 24 bytes leftover after parsing attributes in process `syz.6.3459'.
[ 1233.372831][T20776] iommufd_mock iommufd_mock0: Adding to iommu group 0
[ 1234.826741][ T5907] usb 3-1: new high-speed USB device number 71 using dummy_hcd
[ 1235.006819][ T5907] usb 3-1: Using ep0 maxpacket: 8
[ 1235.024782][ T5907] usb 3-1: New USB device found, idVendor=0ccd, idProduct=0039, bcdDevice=90.7b
[ 1235.051279][ T5907] usb 3-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[ 1235.079460][ T5907] pvrusb2: Hardware description: Terratec Grabster AV400
[ 1235.149880][ T5907] pvrusb2: **********
[ 1235.160976][ T5907] pvrusb2: ***WARNING*** Support for this device (Terratec Grabster AV400) is experimental.
[ 1235.247801][T20805] syz_tun: entered allmulticast mode
[ 1235.873905][T20798] syz_tun: left allmulticast mode
[ 1235.894463][T20807] sp0: Synchronizing with TNC
[ 1236.000590][ T5907] pvrusb2: Important functionality might not be entirely working.
[ 1236.362310][T20812] netlink: 4 bytes leftover after parsing attributes in process `syz.0.3471'.
[ 1236.401310][ T5907] pvrusb2: Please consider contacting the driver author to help with further stabilization of the driver.
[ 1236.426933][ T5907] pvrusb2: **********
[ 1236.453233][ T2338] pvrusb2: Invalid write control endpoint
[ 1236.616529][ T2338] pvrusb2: Invalid write control endpoint
[ 1236.688507][T20820] netlink: 8 bytes leftover after parsing attributes in process `syz.6.3472'.
[ 1236.697564][T20820] netlink: 24 bytes leftover after parsing attributes in process `syz.6.3472'.
[ 1236.910284][T20792] [U] è
[ 1236.954317][ T2338] pvrusb2: ***WARNING*** Detected a wedged cx25840 chip; the device will not work.
[ 1237.041849][ T5956] usb 3-1: USB disconnect, device number 71
[ 1237.061562][ T2338] pvrusb2: ***WARNING*** Try power cycling the pvrusb2 device.
[ 1237.085925][ T2338] pvrusb2: ***WARNING*** Disabling further access to the device to prevent other foul-ups.
[ 1237.181795][   T30] audit: type=1400 audit(1757118667.612:555): avc:  denied  { getopt } for  pid=20823 comm="syz.5.3475" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=vsock_socket permissive=1
[ 1237.539043][ T2338] pvrusb2: Device being rendered inoperable
[ 1237.545026][ T2338] cx25840 9-0044: Unable to detect h/w, assuming cx23887
[ 1237.603976][ T2338] cx25840 9-0044: cx23887 A/V decoder found @ 0x88 (pvrusb2_d)
[ 1237.635017][ T2338] pvrusb2: Attached sub-driver cx25840
[ 1237.776748][ T2338] pvrusb2: ***WARNING*** pvrusb2 device hardware appears to be jammed and I can't clear it.
[ 1238.255100][ T2338] pvrusb2: You might need to power cycle the pvrusb2 device in order to recover.
[ 1238.374063][ T1300] ieee802154 phy0 wpan0: encryption failed: -22
[ 1238.384361][ T1300] ieee802154 phy1 wpan1: encryption failed: -22
[ 1240.207478][   T30] audit: type=1400 audit(1757118670.722:556): avc:  denied  { create } for  pid=20854 comm="syz.2.3484" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=user_namespace permissive=1
[ 1240.432332][   T30] audit: type=1400 audit(1757118670.932:557): avc:  denied  { sys_admin } for  pid=20854 comm="syz.2.3484" capability=21  scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=cap_userns permissive=1
[ 1242.144900][T20896] netlink: 4 bytes leftover after parsing attributes in process `syz.5.3489'.
[ 1244.626077][T20941] netlink: 4 bytes leftover after parsing attributes in process `syz.0.3495'.
[ 1244.813547][T20941] bridge_slave_1: left allmulticast mode
[ 1244.831375][T20941] bridge_slave_1: left promiscuous mode
[ 1245.009013][T20941] bridge0: port 2(bridge_slave_1) entered disabled state
[ 1245.071520][T20941] bridge_slave_0: left allmulticast mode
[ 1245.096847][T20941] bridge_slave_0: left promiscuous mode
[ 1245.136283][T20941] bridge0: port 1(bridge_slave_0) entered disabled state
[ 1246.939361][T20975] netlink: 40 bytes leftover after parsing attributes in process `syz.2.3503'.
[ 1246.991094][   T30] audit: type=1400 audit(1757118677.482:558): avc:  denied  { create } for  pid=20978 comm="syz.5.3504" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=x25_socket permissive=1
[ 1247.059673][   T30] audit: type=1400 audit(1757118677.482:559): avc:  denied  { getopt } for  pid=20978 comm="syz.5.3504" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=x25_socket permissive=1
[ 1249.302623][ T5927] usb 7-1: new high-speed USB device number 4 using dummy_hcd
[ 1249.533859][T21018] UBIFS error (pid: 21018): cannot open "c:::", error -22
[ 1250.006642][ T5927] usb 7-1: Using ep0 maxpacket: 8
[ 1250.060229][ T5927] usb 7-1: config 1 has an invalid descriptor of length 0, skipping remainder of the config
[ 1250.070679][ T5927] usb 7-1: config 1 has 1 interface, different from the descriptor's value: 2
[ 1250.079630][ T5927] usb 7-1: config 1 interface 0 altsetting 0 has 0 endpoint descriptors, different from the interface descriptor's value: 1
[ 1250.232701][T21020] netlink: 4 bytes leftover after parsing attributes in process `syz.4.3513'.
[ 1250.263066][ T5927] usb 7-1: New USB device found, idVendor=0525, idProduct=a4a1, bcdDevice= 0.40
[ 1250.278362][ T5927] usb 7-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[ 1250.292376][ T5927] usb 7-1: Product: syz
[ 1250.307106][ T5927] usb 7-1: Manufacturer: syz
[ 1250.316636][ T5927] usb 7-1: SerialNumber: syz
[ 1250.335364][ T5927] cdc_ncm 7-1:1.0: skipping garbage
[ 1250.343537][ T5927] cdc_ncm 7-1:1.0: CDC Union missing and no IAD found
[ 1250.356731][ T5927] cdc_ncm 7-1:1.0: bind() failure
[ 1250.516120][   T44] usb 5-1: new high-speed USB device number 83 using dummy_hcd
[ 1250.876740][   T44] usb 5-1: Using ep0 maxpacket: 16
[ 1250.886729][   T44] usb 5-1: config 0 interface 0 altsetting 0 has an endpoint descriptor with address 0xD7, changing to 0x87
[ 1250.914440][   T44] usb 5-1: config 0 interface 0 altsetting 0 endpoint 0x87 has an invalid bInterval 0, changing to 7
[ 1250.947757][   T30] audit: type=1400 audit(1757118681.452:560): avc:  denied  { setattr } for  pid=21021 comm="syz.2.3514" name="uinput" dev="devtmpfs" ino=920 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:event_device_t tclass=chr_file permissive=1
[ 1250.975641][   T44] usb 5-1: New USB device found, idVendor=05ac, idProduct=9226, bcdDevice=b2.89
[ 1251.040016][   T44] usb 5-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[ 1251.054060][   T44] usb 5-1: Product: syz
[ 1251.060322][   T44] usb 5-1: Manufacturer: syz
[ 1251.068499][   T44] usb 5-1: SerialNumber: syz
[ 1251.095606][   T44] usb 5-1: config 0 descriptor??
[ 1251.315352][   T44] appledisplay 5-1:0.0: Error while getting initial brightness: -90
[ 1251.331839][   T44] appledisplay 5-1:0.0: probe with driver appledisplay failed with error -90
[ 1251.572866][T21035] erofs (device nbd4): cannot find valid erofs superblock
[ 1251.615038][T21037] netlink: 40 bytes leftover after parsing attributes in process `syz.5.3517'.
[ 1251.838507][   T44] usb 5-1: USB disconnect, device number 83
[ 1251.867124][ T5907] usb 3-1: new high-speed USB device number 72 using dummy_hcd
[ 1252.432827][   T24] usb 7-1: USB disconnect, device number 4
[ 1252.506772][ T5907] usb 3-1: Using ep0 maxpacket: 16
[ 1252.625115][ T5907] usb 3-1: New USB device found, idVendor=0471, idProduct=0327, bcdDevice=61.a4
[ 1252.656763][ T5907] usb 3-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[ 1252.677649][ T5907] usb 3-1: config 0 descriptor??
[ 1252.705525][ T5907] gspca_main: sonixj-2.14.0 probing 0471:0327
[ 1253.373247][ T5907] gspca_sonixj: reg_w1 err -110
[ 1253.378245][ T5907] sonixj 3-1:0.0: probe with driver sonixj failed with error -110
[ 1253.447197][T21052] blktrace: Concurrent blktraces are not allowed on loop8
[ 1253.720582][T16138] usb 6-1: ezusb_ihex_firmware_download - request "keyspan_pda/xircom_pgs.fw" failed
[ 1253.937762][T21062] syz_tun: entered allmulticast mode
[ 1254.221100][T16138] usb 6-1: failed to load firmware "keyspan_pda/xircom_pgs.fw"
[ 1254.235620][T16138] keyspan_pda 6-1:3.75: probe with driver keyspan_pda failed with error -2
[ 1254.260181][T16138] keyspan_pda 6-1:3.30: Keyspan PDA - (prerenumeration) converter detected
[ 1254.272404][T16138] usb 6-1: ezusb_set_reset-1 failed: -71
[ 1254.279305][T16138] usb 6-1: Direct firmware load for keyspan_pda/xircom_pgs.fw failed with error -2
[ 1254.295068][T16138] usb 6-1: Falling back to sysfs fallback for: keyspan_pda/xircom_pgs.fw
[ 1254.563822][T21054] syz_tun: left allmulticast mode
[ 1254.610020][   T24] usb 3-1: USB disconnect, device number 72
[ 1258.055854][T21094] IPv6: RTM_NEWROUTE with no NLM_F_CREATE or NLM_F_REPLACE
[ 1258.155568][T21098] overlayfs: missing 'lowerdir'
[ 1258.787930][T19687] Bluetooth: hci6: unexpected cc 0x0c03 length: 249 > 1
[ 1258.799045][T19687] Bluetooth: hci6: unexpected cc 0x1003 length: 249 > 9
[ 1258.808423][T19687] Bluetooth: hci6: unexpected cc 0x1001 length: 249 > 9
[ 1258.818420][T19687] Bluetooth: hci6: unexpected cc 0x0c23 length: 249 > 4
[ 1258.837744][T19687] Bluetooth: hci6: unexpected cc 0x0c38 length: 249 > 2
[ 1258.866321][T21108] lo speed is unknown, defaulting to 1000
[ 1259.205758][T21108] chnl_net:caif_netlink_parms(): no params data found
[ 1259.344757][   T30] audit: type=1400 audit(1757118689.852:561): avc:  denied  { connect } for  pid=21111 comm="syz.4.3535" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=ax25_socket permissive=1
[ 1259.396980][T21108] bridge0: port 1(bridge_slave_0) entered blocking state
[ 1259.413111][T21108] bridge0: port 1(bridge_slave_0) entered disabled state
[ 1259.426144][T21108] bridge_slave_0: entered allmulticast mode
[ 1259.446779][ T5907] usb 3-1: new high-speed USB device number 73 using dummy_hcd
[ 1259.478970][T21108] bridge_slave_0: entered promiscuous mode
[ 1259.531032][T21108] bridge0: port 2(bridge_slave_1) entered blocking state
[ 1259.554302][T21108] bridge0: port 2(bridge_slave_1) entered disabled state
[ 1259.606014][T21108] bridge_slave_1: entered allmulticast mode
[ 1259.626752][ T5907] usb 3-1: Using ep0 maxpacket: 16
[ 1259.636712][ T5907] usb 3-1: config 1 contains an unexpected descriptor of type 0x1, skipping
[ 1259.663068][T21108] bridge_slave_1: entered promiscuous mode
[ 1259.669575][ T5907] usb 3-1: config 1 has an invalid descriptor of length 1, skipping remainder of the config
[ 1259.687943][ T5907] usb 3-1: config 1 has 1 interface, different from the descriptor's value: 3
[ 1259.701553][ T5907] usb 3-1: New USB device found, idVendor=1d6b, idProduct=0101, bcdDevice= 0.40
[ 1259.712843][ T5907] usb 3-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[ 1259.721030][ T5907] usb 3-1: Product: syz
[ 1259.725193][ T5907] usb 3-1: Manufacturer: syz
[ 1259.729881][ T5907] usb 3-1: SerialNumber: syz
[ 1259.737093][   T44] usb 7-1: new high-speed USB device number 5 using dummy_hcd
[ 1259.750956][T21108] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link
[ 1259.763005][T21108] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link
[ 1259.794965][T21108] team0: Port device team_slave_0 added
[ 1259.802659][T21108] team0: Port device team_slave_1 added
[ 1259.845229][T21108] batman_adv: batadv0: Adding interface: batadv_slave_0
[ 1259.852425][T21108] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[ 1259.879257][T21108] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active
[ 1259.892953][T21108] batman_adv: batadv0: Adding interface: batadv_slave_1
[ 1259.900754][T21108] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[ 1259.906630][   T44] usb 7-1: Using ep0 maxpacket: 16
[ 1259.926979][T21108] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active
[ 1259.960709][ T5907] usb 3-1: 0:2 : does not exist
[ 1259.972240][   T44] usb 7-1: New USB device found, idVendor=0471, idProduct=0327, bcdDevice=61.a4
[ 1259.993063][   T44] usb 7-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[ 1260.007627][ T5907] usb 3-1: USB disconnect, device number 73
[ 1260.033075][   T44] usb 7-1: config 0 descriptor??
[ 1260.041362][ T6227] udevd[6227]: error opening ATTR{/sys/devices/platform/dummy_hcd.2/usb3/3-1/3-1:1.0/sound/card3/controlC3/../uevent} for writing: No such file or directory
[ 1260.066223][   T44] gspca_main: sonixj-2.14.0 probing 0471:0327
[ 1260.085976][T21108] hsr_slave_0: entered promiscuous mode
[ 1260.102154][T21108] hsr_slave_1: entered promiscuous mode
[ 1260.120910][T21108] debugfs: 'hsr0' already exists in 'hsr'
[ 1260.128951][T21108] Cannot create hsr debugfs directory
[ 1260.325075][T21108] netdevsim netdevsim7 netdevsim0: renamed from eth0
[ 1260.336423][T21108] netdevsim netdevsim7 netdevsim1: renamed from eth1
[ 1260.346706][T21108] netdevsim netdevsim7 netdevsim2: renamed from eth2
[ 1260.357180][T21108] netdevsim netdevsim7 netdevsim3: renamed from eth3
[ 1260.415812][T21135] blktrace: Concurrent blktraces are not allowed on loop8
[ 1260.460575][T21108] 8021q: adding VLAN 0 to HW filter on device bond0
[ 1260.500476][   T44] gspca_sonixj: reg_r err -32
[ 1260.505647][   T44] sonixj 7-1:0.0: probe with driver sonixj failed with error -32
[ 1260.534885][T21108] 8021q: adding VLAN 0 to HW filter on device team0
[ 1260.662262][T21108] hsr0: Slave A (hsr_slave_0) is not up; please bring it up to get a fully working HSR network
[ 1260.695586][T21108] hsr0: Slave B (hsr_slave_1) is not up; please bring it up to get a fully working HSR network
[ 1260.715391][   T12] bridge0: port 1(bridge_slave_0) entered blocking state
[ 1260.722568][   T12] bridge0: port 1(bridge_slave_0) entered forwarding state
[ 1260.739362][   T12] bridge0: port 2(bridge_slave_1) entered blocking state
[ 1260.746570][   T12] bridge0: port 2(bridge_slave_1) entered forwarding state
[ 1260.918307][T19687] Bluetooth: hci6: command tx timeout
[ 1261.409383][T21108] 8021q: adding VLAN 0 to HW filter on device batadv0
[ 1261.669991][T21108] veth0_vlan: entered promiscuous mode
[ 1262.096681][   T44] usb 3-1: new high-speed USB device number 74 using dummy_hcd
[ 1262.139507][T21108] veth1_vlan: entered promiscuous mode
[ 1262.193439][T11466] usb 7-1: USB disconnect, device number 5
[ 1262.216808][T21108] veth0_macvtap: entered promiscuous mode
[ 1262.243870][T21108] veth1_macvtap: entered promiscuous mode
[ 1262.267056][   T44] usb 3-1: Using ep0 maxpacket: 16
[ 1262.280367][   T44] usb 3-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7
[ 1262.300602][T21108] batman_adv: batadv0: Interface activated: batadv_slave_0
[ 1262.308441][   T44] usb 3-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0
[ 1262.398054][   T44] usb 3-1: config 0 interface 0 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 3
[ 1262.433722][T21108] batman_adv: batadv0: Interface activated: batadv_slave_1
[ 1262.472008][   T44] usb 3-1: New USB device found, idVendor=0955, idProduct=7214, bcdDevice=ed.00
[ 1262.540486][   T44] usb 3-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[ 1262.543100][T21168] syzkaller1: entered promiscuous mode
[ 1262.555960][T21168] syzkaller1: entered allmulticast mode
[ 1262.557588][   T44] usb 3-1: config 0 descriptor??
[ 1262.587971][   T12] netdevsim netdevsim7 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0
[ 1262.615671][   T12] netdevsim netdevsim7 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0
[ 1262.679217][   T59] netdevsim netdevsim7 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0
[ 1262.944756][   T59] netdevsim netdevsim7 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0
[ 1262.986899][T11466] usb 5-1: new high-speed USB device number 84 using dummy_hcd
[ 1263.057373][T19687] Bluetooth: hci6: command tx timeout
[ 1263.158864][T11466] usb 5-1: config 0 interface 0 altsetting 0 has an endpoint descriptor with address 0xFF, changing to 0x8F
[ 1263.194044][T11466] usb 5-1: config 0 interface 0 altsetting 0 endpoint 0x8F has an invalid bInterval 255, changing to 11
[ 1263.214648][T11466] usb 5-1: config 0 interface 0 altsetting 0 endpoint 0x8F has invalid maxpacket 59391, setting to 1024
[ 1263.217625][   T44] usbhid 3-1:0.0: can't add hid device: -71
[ 1263.241494][   T44] usbhid 3-1:0.0: probe with driver usbhid failed with error -71
[ 1263.244197][T11466] usb 5-1: config 0 interface 0 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 21
[ 1263.264837][T11466] usb 5-1: New USB device found, idVendor=047f, idProduct=ffff, bcdDevice= 0.00
[ 1263.282994][ T7422] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[ 1263.299748][   T44] usb 3-1: USB disconnect, device number 74
[ 1263.300576][ T7422] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50
[ 1263.313698][T11466] usb 5-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[ 1263.384915][T11466] usb 5-1: config 0 descriptor??
[ 1263.398880][T21168] raw-gadget.0 gadget.4: fail, usb_ep_enable returned -22
[ 1263.428060][ T9429] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[ 1263.461829][ T9429] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50
[ 1263.815355][T11466] plantronics 0003:047F:FFFF.001A: reserved main item tag 0xd
[ 1264.073532][T21168] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy
[ 1264.261681][T11466] plantronics 0003:047F:FFFF.001A: hiddev0,hidraw0: USB HID v0.40 Device [HID 047f:ffff] on usb-dummy_hcd.4-1/input0
[ 1264.289526][T21168] misc raw-gadget: fail, usb_gadget_register_driver returned -16
[ 1264.385903][T21183] netlink: 12 bytes leftover after parsing attributes in process `syz.2.3546'.
[ 1264.616867][T11466] usb 7-1: new high-speed USB device number 6 using dummy_hcd
[ 1264.637960][   T24] usb 5-1: USB disconnect, device number 84
[ 1264.777135][T11466] usb 7-1: Using ep0 maxpacket: 8
[ 1264.805192][T11466] usb 7-1: New USB device found, idVendor=0ccd, idProduct=0039, bcdDevice=90.7b
[ 1265.062637][T11466] usb 7-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[ 1265.076737][T19687] Bluetooth: hci6: command tx timeout
[ 1265.140237][T11466] pvrusb2: Hardware description: Terratec Grabster AV400
[ 1265.149618][T11466] pvrusb2: **********
[ 1265.155226][T11466] pvrusb2: ***WARNING*** Support for this device (Terratec Grabster AV400) is experimental.
[ 1265.165680][T11466] pvrusb2: Important functionality might not be entirely working.
[ 1265.188896][T11466] pvrusb2: Please consider contacting the driver author to help with further stabilization of the driver.
[ 1265.213578][T11466] pvrusb2: **********
[ 1265.335227][ T2338] pvrusb2: Invalid write control endpoint
[ 1265.749521][T21181] sp0: Synchronizing with TNC
[ 1265.786836][T21192] Bluetooth: hci3: Opcode 0x0c1a failed: -4
[ 1265.793550][T21192] Bluetooth: hci5: Opcode 0x0c1a failed: -4
[ 1265.858759][ T2338] pvrusb2: Invalid write control endpoint
[ 1265.864569][ T2338] pvrusb2: ***WARNING*** Detected a wedged cx25840 chip; the device will not work.
[ 1265.879101][T21192] Bluetooth: hci0: Opcode 0x0c1a failed: -4
[ 1265.885103][ T2338] pvrusb2: ***WARNING*** Try power cycling the pvrusb2 device.
[ 1265.894966][ T2338] pvrusb2: ***WARNING*** Disabling further access to the device to prevent other foul-ups.
[ 1265.905402][T21192] Bluetooth: hci2: Opcode 0x0c1a failed: -4
[ 1265.912552][ T2338] pvrusb2: Device being rendered inoperable
[ 1265.923027][ T2338] cx25840 9-0044: Unable to detect h/w, assuming cx23887
[ 1265.934582][T21192] Bluetooth: hci4: Opcode 0x0c1a failed: -4
[ 1265.943057][ T2338] cx25840 9-0044: cx23887 A/V decoder found @ 0x88 (pvrusb2_d)
[ 1265.951395][T21192] Bluetooth: hci1: Opcode 0x0c1a failed: -4
[ 1265.959581][ T2338] pvrusb2: Attached sub-driver cx25840
[ 1265.968091][ T2338] pvrusb2: ***WARNING*** pvrusb2 device hardware appears to be jammed and I can't clear it.
[ 1265.980666][T21192] Bluetooth: hci6: Opcode 0x0c1a failed: -4
[ 1265.989316][T21180] [U] è
[ 1265.992665][T21192] Bluetooth: hci6: Opcode 0x0406 failed: -4
[ 1266.001590][ T2338] pvrusb2: You might need to power cycle the pvrusb2 device in order to recover.
[ 1266.034525][T21192] Bluetooth: hci6: Opcode 0x0406 failed: -4
[ 1266.058419][ T5927] usb 7-1: USB disconnect, device number 6
[ 1266.286670][   T24] usb 3-1: new high-speed USB device number 75 using dummy_hcd
[ 1266.437513][   T24] usb 3-1: Using ep0 maxpacket: 8
[ 1266.445251][   T24] usb 3-1: New USB device found, idVendor=0ccd, idProduct=0039, bcdDevice=90.7b
[ 1266.454698][   T24] usb 3-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[ 1266.488961][   T24] pvrusb2: Hardware description: Terratec Grabster AV400
[ 1266.505059][   T24] pvrusb2: **********
[ 1266.551783][   T24] pvrusb2: ***WARNING*** Support for this device (Terratec Grabster AV400) is experimental.
[ 1266.724268][   T24] pvrusb2: Important functionality might not be entirely working.
[ 1266.917914][T21214] iommufd_mock iommufd_mock0: Adding to iommu group 0
[ 1267.070776][T21196] sp0: Synchronizing with TNC
[ 1267.075807][   T24] pvrusb2: Please consider contacting the driver author to help with further stabilization of the driver.
[ 1267.186643][   T24] pvrusb2: **********
[ 1267.248462][ T2338] pvrusb2: Invalid write control endpoint
[ 1267.416777][T19687] Bluetooth: hci3: command 0x041b tx timeout
[ 1267.559845][ T2338] pvrusb2: Invalid write control endpoint
[ 1267.625103][ T2338] pvrusb2: ***WARNING*** Detected a wedged cx25840 chip; the device will not work.
[ 1267.696656][ T2338] pvrusb2: ***WARNING*** Try power cycling the pvrusb2 device.
[ 1267.704335][ T2338] pvrusb2: ***WARNING*** Disabling further access to the device to prevent other foul-ups.
[ 1267.707210][T21194] [U] è
[ 1267.717110][ T2338] pvrusb2: Device being rendered inoperable
[ 1267.723129][ T2338] cx25840 9-0044: Unable to detect h/w, assuming cx23887
[ 1267.739547][ T2338] cx25840 9-0044: cx23887 A/V decoder found @ 0x88 (pvrusb2_d)
[ 1267.764914][ T2338] pvrusb2: Attached sub-driver cx25840
[ 1267.795617][ T2338] pvrusb2: ***WARNING*** pvrusb2 device hardware appears to be jammed and I can't clear it.
[ 1267.826048][ T2338] pvrusb2: You might need to power cycle the pvrusb2 device in order to recover.
[ 1267.848746][ T5907] usb 3-1: USB disconnect, device number 75
[ 1267.876724][T19687] Bluetooth: hci5: command 0x0c1a tx timeout
[ 1267.956708][T19687] Bluetooth: hci1: command 0x0c1a tx timeout
[ 1267.962758][T19687] Bluetooth: hci4: command 0x0c1a tx timeout
[ 1267.968913][T18438] Bluetooth: hci2: command 0x0c1a tx timeout
[ 1267.968951][ T5857] Bluetooth: hci0: command 0x0c1a tx timeout
[ 1268.036644][ T5857] Bluetooth: hci6: command 0x0c1a tx timeout
[ 1268.325105][T21228] overlayfs: missing 'lowerdir'
[ 1269.472603][T21241] UBIFS error (pid: 21241): cannot open "c:::", error -22
[ 1270.116752][ T5857] Bluetooth: hci6: command 0x0c1a tx timeout
[ 1272.196670][ T5857] Bluetooth: hci6: command 0x0c1a tx timeout
[ 1272.449258][T21265] UBIFS error (pid: 21265): cannot open "c:::", error -22
[ 1272.470797][   T44] usb 7-1: new high-speed USB device number 7 using dummy_hcd
[ 1272.746952][   T44] usb 7-1: Using ep0 maxpacket: 8
[ 1272.871552][   T44] usb 7-1: New USB device found, idVendor=0ccd, idProduct=0039, bcdDevice=90.7b
[ 1272.897761][   T44] usb 7-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[ 1272.960213][   T44] pvrusb2: Hardware description: Terratec Grabster AV400
[ 1272.998262][   T44] pvrusb2: **********
[ 1273.085079][   T44] pvrusb2: ***WARNING*** Support for this device (Terratec Grabster AV400) is experimental.
[ 1273.104638][   T44] pvrusb2: Important functionality might not be entirely working.
[ 1273.113107][   T44] pvrusb2: Please consider contacting the driver author to help with further stabilization of the driver.
[ 1273.130666][   T44] pvrusb2: **********
[ 1273.153733][ T2338] pvrusb2: Invalid write control endpoint
[ 1273.274840][ T2338] pvrusb2: Invalid write control endpoint
[ 1273.311509][ T2338] pvrusb2: ***WARNING*** Detected a wedged cx25840 chip; the device will not work.
[ 1273.368307][T21258] sp0: Synchronizing with TNC
[ 1273.478862][T21257] [U] è
[ 1274.149854][ T2338] pvrusb2: ***WARNING*** Try power cycling the pvrusb2 device.
[ 1274.186754][ T2338] pvrusb2: ***WARNING*** Disabling further access to the device to prevent other foul-ups.
[ 1274.226264][ T2338] pvrusb2: Device being rendered inoperable
[ 1274.236211][   T44] usb 7-1: USB disconnect, device number 7
[ 1274.281243][ T2338] cx25840 9-0044: Unable to detect h/w, assuming cx23887
[ 1274.289248][ T2338] cx25840 9-0044: cx23887 A/V decoder found @ 0x88 (pvrusb2_d)
[ 1274.302561][ T2338] pvrusb2: Attached sub-driver cx25840
[ 1274.353880][ T2338] pvrusb2: ***WARNING*** pvrusb2 device hardware appears to be jammed and I can't clear it.
[ 1274.467757][ T2338] pvrusb2: You might need to power cycle the pvrusb2 device in order to recover.
[ 1274.589840][T21292] hfsplus: Unknown parameter 'barrierm'
[ 1274.650903][T21292] netlink: 28 bytes leftover after parsing attributes in process `syz.2.3573'.
[ 1274.660047][T21292] netlink: 32 bytes leftover after parsing attributes in process `syz.2.3573'.
[ 1274.736894][T21291] dlm: no local IP address has been set
[ 1274.743901][T21291] dlm: cannot start dlm midcomms -107
[ 1275.003481][T21298] overlayfs: missing 'lowerdir'
[ 1276.424051][T21309] iommufd_mock iommufd_mock0: Adding to iommu group 0
[ 1276.836798][   T44] usb 7-1: new high-speed USB device number 8 using dummy_hcd
[ 1277.248026][   T44] usb 7-1: Using ep0 maxpacket: 16
[ 1277.264641][   T44] usb 7-1: config 1 has an invalid descriptor of length 150, skipping remainder of the config
[ 1277.276435][   T44] usb 7-1: config 1 has 1 interface, different from the descriptor's value: 3
[ 1277.471519][   T44] usb 7-1: New USB device found, idVendor=1d6b, idProduct=0101, bcdDevice= 0.40
[ 1277.486949][   T44] usb 7-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[ 1277.591253][   T44] usb 7-1: Product: syz
[ 1277.595813][   T44] usb 7-1: Manufacturer: syz
[ 1277.601552][   T44] usb 7-1: SerialNumber: syz
[ 1277.733600][T21331] UBIFS error (pid: 21331): cannot open "c:::", error -22
[ 1278.119753][   T44] usb 7-1: 0:2 : does not exist
[ 1278.159023][   T44] usb 7-1: USB disconnect, device number 8
[ 1279.696836][T10916] usb 7-1: new high-speed USB device number 9 using dummy_hcd
[ 1279.886730][T10916] usb 7-1: Using ep0 maxpacket: 8
[ 1279.912965][T10916] usb 7-1: New USB device found, idVendor=0ccd, idProduct=0039, bcdDevice=90.7b
[ 1279.922826][T10916] usb 7-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[ 1279.965406][T10916] pvrusb2: Hardware description: Terratec Grabster AV400
[ 1279.996421][T10916] pvrusb2: **********
[ 1280.027999][T10916] pvrusb2: ***WARNING*** Support for this device (Terratec Grabster AV400) is experimental.
[ 1280.059676][T10916] pvrusb2: Important functionality might not be entirely working.
[ 1280.093077][T10916] pvrusb2: Please consider contacting the driver author to help with further stabilization of the driver.
[ 1280.130825][T10916] pvrusb2: **********
[ 1280.289168][ T2338] pvrusb2: Invalid write control endpoint
[ 1280.804941][T21347] sp0: Synchronizing with TNC
[ 1280.810310][ T2338] pvrusb2: Invalid write control endpoint
[ 1280.847414][ T2338] pvrusb2: ***WARNING*** Detected a wedged cx25840 chip; the device will not work.
[ 1280.869454][ T2338] pvrusb2: ***WARNING*** Try power cycling the pvrusb2 device.
[ 1280.896152][ T2338] pvrusb2: ***WARNING*** Disabling further access to the device to prevent other foul-ups.
[ 1280.907118][ T2338] pvrusb2: Device being rendered inoperable
[ 1280.934997][ T2338] cx25840 9-0044: Unable to detect h/w, assuming cx23887
[ 1280.942994][T21345] [U] è
[ 1280.947487][ T2338] cx25840 9-0044: cx23887 A/V decoder found @ 0x88 (pvrusb2_d)
[ 1280.960127][ T2338] pvrusb2: Attached sub-driver cx25840
[ 1280.966112][ T2338] pvrusb2: ***WARNING*** pvrusb2 device hardware appears to be jammed and I can't clear it.
[ 1280.976350][ T2338] pvrusb2: You might need to power cycle the pvrusb2 device in order to recover.
[ 1281.215795][T21367] blktrace: Concurrent blktraces are not allowed on loop8
[ 1281.618460][T19359] usb 7-1: USB disconnect, device number 9
[ 1281.715376][T21372] overlayfs: conflicting options: userxattr,metacopy=on
[ 1281.929092][   T30] audit: type=1400 audit(1757118712.322:562): avc:  denied  { mounton } for  pid=21370 comm="syz.7.3590" path="/" dev="tmpfs" ino=50 scontext=root:sysadm_r:sysadm_t tcontext=root:object_r:user_tmpfs_t tclass=lnk_file permissive=1
[ 1282.322440][T21389] blktrace: Concurrent blktraces are not allowed on loop10
[ 1282.974676][ T5927] usb 5-1: new high-speed USB device number 85 using dummy_hcd
[ 1283.167014][ T5927] usb 5-1: Using ep0 maxpacket: 16
[ 1283.982414][T21404] qnx6: unable to read the first superblock
[ 1284.351321][ T5927] usb 5-1: New USB device found, idVendor=0471, idProduct=0327, bcdDevice=61.a4
[ 1284.498957][ T5927] usb 5-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[ 1284.635190][ T5927] usb 5-1: config 0 descriptor??
[ 1284.646073][ T5927] gspca_main: sonixj-2.14.0 probing 0471:0327
[ 1285.806831][ T5927] gspca_sonixj: reg_w1 err -110
[ 1285.830805][ T5927] sonixj 5-1:0.0: probe with driver sonixj failed with error -110
[ 1287.394213][T19359] usb 5-1: USB disconnect, device number 85
[ 1287.839324][T21436] blktrace: Concurrent blktraces are not allowed on loop8
[ 1292.039620][T11466] lo speed is unknown, defaulting to 1000
[ 1292.656641][ T5927] usb 5-1: new high-speed USB device number 86 using dummy_hcd
[ 1293.208227][ T5927] usb 5-1: Using ep0 maxpacket: 8
[ 1293.645028][T21483] qnx6: unable to read the first superblock
[ 1293.661407][T21483] futex_wake_op: syz.5.3617 tries to shift op by 144; fix this program
[ 1294.682382][T21492] UBIFS error (pid: 21492): cannot open "c:::", error -22
[ 1295.459400][T21494] blktrace: Concurrent blktraces are not allowed on loop12
[ 1296.889537][ T5927] usb 5-1: device descriptor read/all, error -71
[ 1299.348663][T21533] overlayfs: conflicting options: userxattr,metacopy=on
[ 1299.749458][T21539] qnx6: unable to read the first superblock
[ 1299.776566][T21539] futex_wake_op: syz.5.3631 tries to shift op by 144; fix this program
[ 1299.786626][T21172] usb 8-1: new high-speed USB device number 2 using dummy_hcd
[ 1299.800369][ T1300] ieee802154 phy0 wpan0: encryption failed: -22
[ 1299.814560][ T1300] ieee802154 phy1 wpan1: encryption failed: -22
[ 1300.553398][T21172] usb 8-1: Using ep0 maxpacket: 8
[ 1302.826331][T21172] usb 8-1: device descriptor read/all, error -71
[ 1304.013431][T19359] usb 3-1: new high-speed USB device number 76 using dummy_hcd
[ 1304.556420][T21172] usb 8-1: new high-speed USB device number 4 using dummy_hcd
[ 1304.777752][T19359] usb 3-1: Using ep0 maxpacket: 8
[ 1304.912134][T19359] usb 3-1: config 1 has an invalid descriptor of length 0, skipping remainder of the config
[ 1305.010087][T21172] usb 8-1: config 27 has an invalid descriptor of length 0, skipping remainder of the config
[ 1305.036941][T21172] usb 8-1: config 27 has 0 interfaces, different from the descriptor's value: 1
[ 1305.041552][T19359] usb 3-1: config 1 has 1 interface, different from the descriptor's value: 2
[ 1305.109390][T19359] usb 3-1: config 1 interface 0 altsetting 0 has 0 endpoint descriptors, different from the interface descriptor's value: 1
[ 1305.125636][T21172] usb 8-1: New USB device found, idVendor=0582, idProduct=0014, bcdDevice=bb.9d
[ 1305.184416][T19359] usb 3-1: New USB device found, idVendor=0525, idProduct=a4a1, bcdDevice= 0.40
[ 1305.218237][T19359] usb 3-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[ 1305.272595][T19359] usb 3-1: Product: syz
[ 1305.331584][T19359] usb 3-1: Manufacturer: syz
[ 1305.366142][T19359] usb 3-1: SerialNumber: syz
[ 1305.499148][T19359] cdc_ncm 3-1:1.0: skipping garbage
[ 1305.504484][T19359] cdc_ncm 3-1:1.0: CDC Union missing and no IAD found
[ 1305.605847][T21589] qnx6: unable to read the first superblock
[ 1305.634377][T21589] siw: device registration error -23
[ 1305.642954][T21589] futex_wake_op: syz.6.3643 tries to shift op by 144; fix this program
[ 1305.971954][T21172] usb 8-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[ 1306.111072][T19359] cdc_ncm 3-1:1.0: bind() failure
[ 1306.319055][T21575] overlay: Unknown parameter 'mask'
[ 1307.380489][T19359] usb 3-1: USB disconnect, device number 76
[ 1307.409013][T21595] overlayfs: missing 'lowerdir'
[ 1307.520230][T21597] overlayfs: missing 'lowerdir'
[ 1307.837677][   T24] usb 8-1: USB disconnect, device number 4
[ 1311.833350][T21643] UBIFS error (pid: 21643): cannot open "c:::", error -22
[ 1312.726426][T21651] overlayfs: missing 'lowerdir'
[ 1312.826875][T19359] usb 8-1: new high-speed USB device number 5 using dummy_hcd
[ 1313.076781][T19359] usb 8-1: Using ep0 maxpacket: 8
[ 1313.117041][T19359] usb 8-1: config 1 has an invalid descriptor of length 0, skipping remainder of the config
[ 1313.153838][T19359] usb 8-1: config 1 has 1 interface, different from the descriptor's value: 2
[ 1313.456271][T21660] UBIFS error (pid: 21660): cannot open "c:::", error -22
[ 1314.061560][T19359] usb 8-1: config 1 interface 0 altsetting 0 has 0 endpoint descriptors, different from the interface descriptor's value: 1
[ 1314.303688][T21664] UBIFS error (pid: 21664): cannot open "c:::", error -22
[ 1315.004641][T21667] overlayfs: missing 'lowerdir'
[ 1315.634693][T16138] usb 6-1: ezusb_ihex_firmware_download - request "keyspan_pda/xircom_pgs.fw" failed
[ 1315.992464][T16138] usb 6-1: failed to load firmware "keyspan_pda/xircom_pgs.fw"
[ 1316.186742][T16138] keyspan_pda 6-1:3.30: probe with driver keyspan_pda failed with error -2
[ 1316.684177][T21680] netlink: 4 bytes leftover after parsing attributes in process `syz.4.3667'.
[ 1316.725267][T16138] keyspan_pda 6-1:3.231: Keyspan PDA - (prerenumeration) converter detected
[ 1316.931377][T16138] usb 6-1: ezusb_set_reset-1 failed: -71
[ 1316.967678][T16138] usb 6-1: Direct firmware load for keyspan_pda/xircom_pgs.fw failed with error -2
[ 1317.393416][T16138] usb 6-1: Falling back to sysfs fallback for: keyspan_pda/xircom_pgs.fw
[ 1317.436891][ T5907] usb 5-1: new high-speed USB device number 88 using dummy_hcd
[ 1317.473454][T19359] usb 8-1: string descriptor 0 read error: -71
[ 1317.592654][T19359] usb 8-1: New USB device found, idVendor=0525, idProduct=a4a1, bcdDevice= 0.40
[ 1317.623183][T19359] usb 8-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[ 1318.146658][ T5907] usb 5-1: Using ep0 maxpacket: 16
[ 1318.161424][ T5907] usb 5-1: config 0 interface 0 altsetting 0 has an endpoint descriptor with address 0xD7, changing to 0x87
[ 1318.175915][ T5907] usb 5-1: config 0 interface 0 altsetting 0 endpoint 0x87 has an invalid bInterval 0, changing to 7
[ 1318.190361][ T5907] usb 5-1: New USB device found, idVendor=05ac, idProduct=9226, bcdDevice=b2.89
[ 1318.199820][T19359] usb 8-1: can't set config #1, error -71
[ 1318.223368][T19359] usb 8-1: USB disconnect, device number 5
[ 1318.238964][ T5907] usb 5-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[ 1318.266711][   T30] audit: type=1400 audit(1757118748.762:563): avc:  denied  { relabelfrom } for  pid=21692 comm="syz.5.3670" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=tun_socket permissive=1
[ 1318.296644][ T5907] usb 5-1: Product: syz
[ 1318.300873][ T5907] usb 5-1: Manufacturer: syz
[ 1318.305476][ T5907] usb 5-1: SerialNumber: syz
[ 1318.452816][T21696] netlink: 4 bytes leftover after parsing attributes in process `syz.7.3671'.
[ 1318.468005][ T5907] usb 5-1: config 0 descriptor??
[ 1318.473190][   T30] audit: type=1400 audit(1757118748.762:564): avc:  denied  { relabelto } for  pid=21692 comm="syz.5.3670" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=tun_socket permissive=1
[ 1318.698082][ T5907] appledisplay 5-1:0.0: Error while getting initial brightness: -90
[ 1318.732824][ T5907] appledisplay 5-1:0.0: probe with driver appledisplay failed with error -90
[ 1318.746944][   T44] usb 8-1: new high-speed USB device number 6 using dummy_hcd
[ 1319.187281][T19359] usb 7-1: new high-speed USB device number 10 using dummy_hcd
[ 1319.307904][   T44] usb 8-1: Using ep0 maxpacket: 16
[ 1319.331444][   T44] usb 8-1: config 0 interface 0 altsetting 0 has an endpoint descriptor with address 0xD7, changing to 0x87
[ 1319.407256][T21708] erofs (device nbd4): cannot find valid erofs superblock
[ 1319.426664][T19359] usb 7-1: Using ep0 maxpacket: 8
[ 1319.438006][   T44] usb 8-1: config 0 interface 0 altsetting 0 endpoint 0x87 has an invalid bInterval 0, changing to 7
[ 1319.455659][T19359] usb 7-1: New USB device found, idVendor=0ccd, idProduct=0039, bcdDevice=90.7b
[ 1319.472865][T19359] usb 7-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[ 1319.488577][   T44] usb 8-1: New USB device found, idVendor=05ac, idProduct=9226, bcdDevice=b2.89
[ 1319.505487][   T44] usb 8-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[ 1319.515661][T19359] pvrusb2: Hardware description: Terratec Grabster AV400
[ 1319.528241][T19359] pvrusb2: **********
[ 1319.532314][   T44] usb 8-1: Product: syz
[ 1319.562402][T19359] pvrusb2: ***WARNING*** Support for this device (Terratec Grabster AV400) is experimental.
[ 1319.570308][ T5907] usb 5-1: USB disconnect, device number 88
[ 1319.586721][   T44] usb 8-1: Manufacturer: syz
[ 1319.591355][   T44] usb 8-1: SerialNumber: syz
[ 1319.608438][T19359] pvrusb2: Important functionality might not be entirely working.
[ 1319.618669][   T44] usb 8-1: config 0 descriptor??
[ 1319.628461][T19359] pvrusb2: Please consider contacting the driver author to help with further stabilization of the driver.
[ 1319.662004][T19359] pvrusb2: **********
[ 1319.716115][ T2338] pvrusb2: Invalid write control endpoint
[ 1319.805426][T21172] usb 3-1: new high-speed USB device number 77 using dummy_hcd
[ 1319.850621][   T44] appledisplay 8-1:0.0: Error while getting initial brightness: -90
[ 1319.861037][ T2338] pvrusb2: Invalid write control endpoint
[ 1319.867142][ T2338] pvrusb2: ***WARNING*** Detected a wedged cx25840 chip; the device will not work.
[ 1319.878014][ T2338] pvrusb2: ***WARNING*** Try power cycling the pvrusb2 device.
[ 1319.886401][   T44] appledisplay 8-1:0.0: probe with driver appledisplay failed with error -90
[ 1319.899842][ T2338] pvrusb2: ***WARNING*** Disabling further access to the device to prevent other foul-ups.
[ 1319.913010][ T2338] pvrusb2: Device being rendered inoperable
[ 1319.952034][T19359] usb 7-1: USB disconnect, device number 10
[ 1319.960261][ T2338] cx25840 9-0044: Unable to detect h/w, assuming cx23887
[ 1319.967404][ T2338] cx25840 9-0044: cx23887 A/V decoder found @ 0x88 (pvrusb2_d)
[ 1319.979730][ T2338] pvrusb2: Attached sub-driver cx25840
[ 1319.985533][ T2338] pvrusb2: ***WARNING*** pvrusb2 device hardware appears to be jammed and I can't clear it.
[ 1319.997117][T21172] usb 3-1: Using ep0 maxpacket: 16
[ 1320.005192][ T2338] pvrusb2: You might need to power cycle the pvrusb2 device in order to recover.
[ 1320.020985][T21172] usb 3-1: config 1 has an invalid descriptor of length 0, skipping remainder of the config
[ 1320.031306][T21172] usb 3-1: config 1 has 1 interface, different from the descriptor's value: 3
[ 1320.058322][T21172] usb 3-1: Duplicate descriptor for config 1 interface 0 altsetting 0, skipping
[ 1320.091228][T21172] usb 3-1: New USB device found, idVendor=1d6b, idProduct=0101, bcdDevice= 0.40
[ 1320.106154][T21715] erofs (device nbd7): cannot find valid erofs superblock
[ 1320.244848][T21172] usb 3-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[ 1320.253246][T21172] usb 3-1: Product: syz
[ 1320.260132][T21172] usb 3-1: Manufacturer: syz
[ 1320.264994][T21172] usb 3-1: SerialNumber: syz
[ 1320.343336][T21717] UBIFS error (pid: 21717): cannot open "c:::", error -22
[ 1320.743400][   T44] usb 8-1: USB disconnect, device number 6
[ 1320.769336][T21172] usb 3-1: 0:2 : does not exist
[ 1320.837321][T21172] usb 3-1: USB disconnect, device number 77
[ 1322.906669][T21172] usb 5-1: new high-speed USB device number 89 using dummy_hcd
[ 1323.144092][T21738] UBIFS error (pid: 21738): cannot open "c:::", error -22
[ 1323.466619][T21172] usb 5-1: Using ep0 maxpacket: 8
[ 1323.515869][T21172] usb 5-1: New USB device found, idVendor=0ccd, idProduct=0039, bcdDevice=90.7b
[ 1323.557295][T21172] usb 5-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[ 1324.228360][T21172] pvrusb2: Hardware description: Terratec Grabster AV400
[ 1324.235477][T21172] pvrusb2: **********
[ 1324.250854][T21172] pvrusb2: ***WARNING*** Support for this device (Terratec Grabster AV400) is experimental.
[ 1324.319989][T21172] pvrusb2: Important functionality might not be entirely working.
[ 1324.387477][T21172] pvrusb2: Please consider contacting the driver author to help with further stabilization of the driver.
[ 1324.532210][T21172] pvrusb2: **********
[ 1324.540846][ T2338] pvrusb2: Invalid write control endpoint
[ 1324.542773][T21172] usb 5-1: USB disconnect, device number 89
[ 1325.431874][ T2338] pvrusb2: Invalid write control endpoint
[ 1325.494498][T10916] usb 8-1: new high-speed USB device number 7 using dummy_hcd
[ 1325.574029][ T2338] pvrusb2: ***WARNING*** Detected a wedged cx25840 chip; the device will not work.
[ 1325.606677][ T2338] pvrusb2: ***WARNING*** Try power cycling the pvrusb2 device.
[ 1325.622578][ T2338] pvrusb2: ***WARNING*** Disabling further access to the device to prevent other foul-ups.
[ 1325.688324][ T2338] pvrusb2: Device being rendered inoperable
[ 1325.723804][T10916] usb 8-1: Using ep0 maxpacket: 8
[ 1325.740664][ T2338] cx25840 9-0044: Unable to detect h/w, assuming cx23887
[ 1325.769843][T10916] usb 8-1: config 1 has an invalid descriptor of length 0, skipping remainder of the config
[ 1325.787996][ T2338] cx25840 9-0044: cx23887 A/V decoder found @ 0x88 (pvrusb2_d)
[ 1325.988125][ T2338] pvrusb2: Attached sub-driver cx25840
[ 1325.999811][ T2338] pvrusb2: ***WARNING*** pvrusb2 device hardware appears to be jammed and I can't clear it.
[ 1326.010131][ T2338] pvrusb2: You might need to power cycle the pvrusb2 device in order to recover.
[ 1326.030516][T10916] usb 8-1: config 1 has 1 interface, different from the descriptor's value: 2
[ 1326.081685][T10916] usb 8-1: config 1 interface 0 altsetting 0 has 0 endpoint descriptors, different from the interface descriptor's value: 1
[ 1327.587405][T21781] UBIFS error (pid: 21781): cannot open "c:::", error -22
[ 1327.898039][T21788] overlayfs: conflicting options: userxattr,metacopy=on
[ 1328.158572][T21791] UBIFS error (pid: 21791): cannot open "c:::", error -22
[ 1329.100262][T21172] usb 5-1: new high-speed USB device number 90 using dummy_hcd
[ 1329.125858][T10916] usb 8-1: string descriptor 0 read error: -71
[ 1329.145695][T10916] usb 8-1: New USB device found, idVendor=0525, idProduct=a4a1, bcdDevice= 0.40
[ 1329.156833][T10916] usb 8-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[ 1329.169847][T10916] usb 8-1: can't set config #1, error -71
[ 1329.184887][T10916] usb 8-1: USB disconnect, device number 7
[ 1330.162499][T21803] UBIFS error (pid: 21803): cannot open "c:::", error -22
[ 1331.617390][T21172] usb 5-1: Using ep0 maxpacket: 8
[ 1331.653189][T21172] usb 5-1: New USB device found, idVendor=0ccd, idProduct=0039, bcdDevice=90.7b
[ 1331.662693][T21172] usb 5-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[ 1331.915408][T21817] qnx6: unable to read the first superblock
[ 1332.343891][T21172] usb 5-1: can't set config #252, error -71
[ 1332.389190][T21172] usb 5-1: USB disconnect, device number 90
[ 1332.612363][T21821] UBIFS error (pid: 21821): cannot open "c:::", error -22
[ 1334.927576][T21848] qnx6: unable to read the first superblock
[ 1338.459471][T21877] qnx6: unable to read the first superblock
[ 1338.920575][T21876] syz_tun: entered allmulticast mode
[ 1338.963664][T21879] overlayfs: missing 'lowerdir'
[ 1339.185096][T21867] syz_tun: left allmulticast mode
[ 1340.390018][T21894] IPv6: RTM_NEWROUTE with no NLM_F_CREATE or NLM_F_REPLACE
[ 1340.397355][T21894] IPv6: NLM_F_CREATE should be set when creating new route
[ 1340.762198][ T5907] IPVS: starting estimator thread 0...
[ 1340.890166][T21899] IPVS: using max 39 ests per chain, 93600 per kthread
[ 1342.503119][T21923] syzkaller1: entered promiscuous mode
[ 1342.509380][T21923] syzkaller1: entered allmulticast mode
[ 1342.766604][ T5907] usb 7-1: new high-speed USB device number 11 using dummy_hcd
[ 1342.938592][ T5907] usb 7-1: config 0 interface 0 altsetting 0 has an endpoint descriptor with address 0xFF, changing to 0x8F
[ 1343.049905][T21932] qnx6: unable to read the first superblock
[ 1343.079419][T21932] futex_wake_op: syz.5.3727 tries to shift op by 144; fix this program
[ 1343.427331][ T5907] usb 7-1: config 0 interface 0 altsetting 0 endpoint 0x8F has an invalid bInterval 255, changing to 11
[ 1343.469212][ T5907] usb 7-1: config 0 interface 0 altsetting 0 endpoint 0x8F has invalid maxpacket 59391, setting to 1024
[ 1343.483179][ T5907] usb 7-1: config 0 interface 0 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 21
[ 1343.508232][ T5907] usb 7-1: New USB device found, idVendor=047f, idProduct=ffff, bcdDevice= 0.00
[ 1343.522241][ T5907] usb 7-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[ 1343.539908][ T5907] usb 7-1: config 0 descriptor??
[ 1343.552133][T21923] raw-gadget.0 gadget.6: fail, usb_ep_enable returned -22
[ 1344.054246][ T5907] plantronics 0003:047F:FFFF.001B: reserved main item tag 0xd
[ 1344.126412][T21943] UBIFS error (pid: 21943): cannot open "c:::", error -22
[ 1344.520482][ T5907] plantronics 0003:047F:FFFF.001B: hiddev0,hidraw0: USB HID v0.40 Device [HID 047f:ffff] on usb-dummy_hcd.6-1/input0
[ 1344.541148][T21923] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy
[ 1344.573821][T21923] misc raw-gadget: fail, usb_gadget_register_driver returned -16
[ 1345.125002][ T5907] usb 7-1: USB disconnect, device number 11
[ 1346.539150][T21970] syz_tun: entered allmulticast mode
[ 1346.828844][T21974] iommufd_mock iommufd_mock0: Adding to iommu group 0
[ 1347.413946][T21956] syz_tun: left allmulticast mode
[ 1347.897177][T19359] usb 7-1: new high-speed USB device number 12 using dummy_hcd
[ 1348.450510][T22001] UBIFS error (pid: 22001): cannot open "c:::", error -22
[ 1348.858162][T19359] usb 7-1: config 27 has an invalid descriptor of length 0, skipping remainder of the config
[ 1348.945536][T19359] usb 7-1: config 27 has 0 interfaces, different from the descriptor's value: 1
[ 1348.968324][T19359] usb 7-1: New USB device found, idVendor=0582, idProduct=0014, bcdDevice=bb.9d
[ 1349.026609][T19359] usb 7-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[ 1349.490565][T22009] qnx6: unable to read the first superblock
[ 1349.518740][T22009] siw: device registration error -23
[ 1349.527857][T22009] futex_wake_op: syz.2.3743 tries to shift op by 144; fix this program
[ 1349.879892][T21985] overlayfs: failed to resolve './bus': -2
[ 1349.965586][T22011] netlink: 48 bytes leftover after parsing attributes in process `syz.7.3745'.
[ 1351.949943][T22031] blktrace: Concurrent blktraces are not allowed on loop8
[ 1352.699609][T22038] iommufd_mock iommufd_mock0: Adding to iommu group 0
[ 1353.758165][   T92] usb 7-1: USB disconnect, device number 12
[ 1353.933151][T22047] Bluetooth: hci3: Opcode 0x0c1a failed: -4
[ 1353.939412][T22047] Bluetooth: hci5: Opcode 0x0c1a failed: -4
[ 1353.954409][T22054] syz_tun: entered allmulticast mode
[ 1354.134461][T22047] Bluetooth: hci0: Opcode 0x0c1a failed: -4
[ 1354.208695][T22047] Bluetooth: hci2: Opcode 0x0c1a failed: -4
[ 1354.255279][T22047] Bluetooth: hci4: Opcode 0x0c1a failed: -4
[ 1354.475330][T22066] UBIFS error (pid: 22066): cannot open "c:::", error -22
[ 1354.927922][T22047] Bluetooth: hci1: Opcode 0x0c1a failed: -4
[ 1354.980138][T22047] Bluetooth: hci6: Opcode 0x0c1a failed: -4
[ 1355.582013][T22049] syz_tun: left allmulticast mode
[ 1355.956848][ T5857] Bluetooth: hci5: command 0x0c1a tx timeout
[ 1355.975315][ T5857] Bluetooth: hci3: command 0x041b tx timeout
[ 1356.196726][ T5857] Bluetooth: hci0: command 0x0c1a tx timeout
[ 1356.694708][T13798] Bluetooth: hci2: command 0x0c1a tx timeout
[ 1356.701229][ T5857] Bluetooth: hci4: command 0x0c1a tx timeout
[ 1357.049312][ T5857] Bluetooth: hci6: command 0x0c1a tx timeout
[ 1357.055438][ T5857] Bluetooth: hci1: command 0x0c1a tx timeout
[ 1358.692957][T22110] blktrace: Concurrent blktraces are not allowed on loop10
[ 1359.216603][   T44] usb 5-1: new high-speed USB device number 91 using dummy_hcd
[ 1359.367040][   T44] usb 5-1: Using ep0 maxpacket: 8
[ 1359.398035][   T44] usb 5-1: New USB device found, idVendor=0ccd, idProduct=0039, bcdDevice=90.7b
[ 1359.440667][   T44] usb 5-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[ 1359.472291][   T44] pvrusb2: Hardware description: Terratec Grabster AV400
[ 1359.506599][   T44] pvrusb2: **********
[ 1359.510635][   T44] pvrusb2: ***WARNING*** Support for this device (Terratec Grabster AV400) is experimental.
[ 1359.545998][   T44] pvrusb2: Important functionality might not be entirely working.
[ 1359.555976][   T44] pvrusb2: Please consider contacting the driver author to help with further stabilization of the driver.
[ 1359.575546][   T44] pvrusb2: **********
[ 1359.814266][ T2338] pvrusb2: Invalid write control endpoint
[ 1360.500434][ T2338] pvrusb2: Invalid write control endpoint
[ 1360.578252][ T2338] pvrusb2: ***WARNING*** Detected a wedged cx25840 chip; the device will not work.
[ 1360.616748][ T2338] pvrusb2: ***WARNING*** Try power cycling the pvrusb2 device.
[ 1360.665030][ T2338] pvrusb2: ***WARNING*** Disabling further access to the device to prevent other foul-ups.
[ 1360.678155][T11466] usb 5-1: USB disconnect, device number 91
[ 1360.726550][ T2338] pvrusb2: Device being rendered inoperable
[ 1360.799157][ T2338] cx25840 9-0044: Unable to detect h/w, assuming cx23887
[ 1360.815115][ T2338] cx25840 9-0044: cx23887 A/V decoder found @ 0x88 (pvrusb2_d)
[ 1360.829800][ T2338] pvrusb2: Attached sub-driver cx25840
[ 1360.836749][ T2338] pvrusb2: ***WARNING*** pvrusb2 device hardware appears to be jammed and I can't clear it.
[ 1360.848120][ T2338] pvrusb2: You might need to power cycle the pvrusb2 device in order to recover.
[ 1361.240669][ T1300] ieee802154 phy0 wpan0: encryption failed: -22
[ 1361.247261][ T1300] ieee802154 phy1 wpan1: encryption failed: -22
[ 1361.835154][T22152] netlink: 8 bytes leftover after parsing attributes in process `syz.6.3779'.
[ 1361.844412][T22152] netlink: 36 bytes leftover after parsing attributes in process `syz.6.3779'.
[ 1362.629247][T22160] iommufd_mock iommufd_mock0: Adding to iommu group 0
[ 1364.115524][T22177] UBIFS error (pid: 22177): cannot open "c:::", error -22
[ 1365.910163][T22191] overlayfs: missing 'lowerdir'
[ 1366.646426][T22201] syzkaller1: entered promiscuous mode
[ 1366.723659][T22201] syzkaller1: entered allmulticast mode
[ 1366.816602][   T44] usb 8-1: new high-speed USB device number 8 using dummy_hcd
[ 1366.976738][   T44] usb 8-1: Using ep0 maxpacket: 16
[ 1366.987350][   T44] usb 8-1: New USB device found, idVendor=0471, idProduct=0327, bcdDevice=61.a4
[ 1367.008972][   T44] usb 8-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[ 1367.257353][   T44] usb 8-1: config 0 descriptor??
[ 1367.288449][   T44] gspca_main: sonixj-2.14.0 probing 0471:0327
[ 1367.722360][   T44] gspca_sonixj: reg_r err -32
[ 1367.727427][   T44] sonixj 8-1:0.0: probe with driver sonixj failed with error -32
[ 1368.527233][T22227] netlink: 48 bytes leftover after parsing attributes in process `syz.2.3797'.
[ 1369.256703][ T5907] usb 3-1: new high-speed USB device number 78 using dummy_hcd
[ 1369.426857][ T5907] usb 3-1: Using ep0 maxpacket: 16
[ 1369.444032][ T5907] usb 3-1: New USB device found, idVendor=0471, idProduct=0327, bcdDevice=61.a4
[ 1369.470183][ T5907] usb 3-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[ 1369.479616][T11466] usb 8-1: USB disconnect, device number 8
[ 1369.509334][ T5907] usb 3-1: config 0 descriptor??
[ 1369.535626][ T5907] gspca_main: sonixj-2.14.0 probing 0471:0327
[ 1370.135374][ T5907] gspca_sonixj: reg_r err -32
[ 1370.141689][ T5907] sonixj 3-1:0.0: probe with driver sonixj failed with error -32
[ 1372.032863][   T44] usb 3-1: USB disconnect, device number 78
[ 1372.109844][T22256] netlink: 8 bytes leftover after parsing attributes in process `syz.7.3804'.
[ 1372.122144][T22256] netlink: 36 bytes leftover after parsing attributes in process `syz.7.3804'.
[ 1373.577005][T22271] qnx6: unable to read the first superblock
[ 1374.885792][T22265] netlink: 4 bytes leftover after parsing attributes in process `syz.6.3806'.
[ 1375.245637][T22286] netlink: 4 bytes leftover after parsing attributes in process `syz.5.3810'.
[ 1375.399809][   T24] usb 5-1: new high-speed USB device number 92 using dummy_hcd
[ 1375.428332][T10916] IPVS: starting estimator thread 0...
[ 1375.576615][   T24] usb 5-1: Using ep0 maxpacket: 16
[ 1375.583364][   T24] usb 5-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7
[ 1375.595534][T22290] IPVS: using max 74 ests per chain, 177600 per kthread
[ 1375.614872][   T24] usb 5-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0
[ 1375.645257][   T24] usb 5-1: config 0 interface 0 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 3
[ 1375.682785][   T24] usb 5-1: New USB device found, idVendor=0955, idProduct=7214, bcdDevice=ed.00
[ 1375.713660][   T24] usb 5-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[ 1375.757692][   T24] usb 5-1: config 0 descriptor??
[ 1376.230331][   T24] shield 0003:0955:7214.001C: unknown main item tag 0x0
[ 1376.237497][   T24] shield 0003:0955:7214.001C: unknown main item tag 0x0
[ 1376.244570][   T24] shield 0003:0955:7214.001C: unknown main item tag 0x0
[ 1376.854347][   T24] shield 0003:0955:7214.001C: unknown main item tag 0x0
[ 1376.990827][   T24] shield 0003:0955:7214.001C: unknown main item tag 0x0
[ 1377.015877][   T24] input: HID 0955:7214 Haptics as /devices/virtual/input/input39
[ 1377.063638][   T24] shield 0003:0955:7214.001C: Registered Thunderstrike controller
[ 1377.089329][   T24] shield 0003:0955:7214.001C: : USB HID v0.00 Device [HID 0955:7214] on usb-dummy_hcd.4-1/input0
[ 1377.187290][T10916] shield 0003:0955:7214.001C: Failed to output Thunderstrike HOSTCMD request HID report due to -EPROTO
[ 1377.202357][   T24] usb 5-1: USB disconnect, device number 92
[ 1377.218255][T10916] shield 0003:0955:7214.001C: Failed to output Thunderstrike HOSTCMD request HID report due to -ENODEV
[ 1377.315684][T10916] shield 0003:0955:7214.001C: Failed to output Thunderstrike HOSTCMD request HID report due to -ENODEV
[ 1377.639063][T10916] shield 0003:0955:7214.001C: Failed to output Thunderstrike HOSTCMD request HID report due to -ENODEV
[ 1377.945076][T22302] iommufd_mock iommufd_mock0: Adding to iommu group 0
[ 1380.257541][T22322] syzkaller1: entered promiscuous mode
[ 1380.265775][T22322] syzkaller1: entered allmulticast mode
[ 1380.906701][T22328] UBIFS error (pid: 22328): cannot open "c:::", error -22
[ 1381.794948][T16138] usb 6-1: ezusb_ihex_firmware_download - request "keyspan_pda/xircom_pgs.fw" failed
[ 1382.006342][T16138] usb 6-1: failed to load firmware "keyspan_pda/xircom_pgs.fw"
[ 1382.024715][T16138] keyspan_pda 6-1:3.231: probe with driver keyspan_pda failed with error -2
[ 1382.040227][T16138] keyspan_pda 6-1:3.164: Keyspan PDA - (prerenumeration) converter detected
[ 1382.051335][T16138] usb 6-1: ezusb_set_reset-1 failed: -71
[ 1382.058040][T16138] usb 6-1: Direct firmware load for keyspan_pda/xircom_pgs.fw failed with error -2
[ 1382.121827][T16138] usb 6-1: Falling back to sysfs fallback for: keyspan_pda/xircom_pgs.fw
[ 1382.506724][T11466] usb 7-1: new high-speed USB device number 13 using dummy_hcd
[ 1382.986676][T11466] usb 7-1: Using ep0 maxpacket: 16
[ 1382.994812][T11466] usb 7-1: New USB device found, idVendor=0471, idProduct=0327, bcdDevice=61.a4
[ 1383.004249][T11466] usb 7-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[ 1383.072186][T22353] UBIFS error (pid: 22353): cannot open "c:::", error -22
[ 1383.494539][T11466] usb 7-1: config 0 descriptor??
[ 1383.540745][T11466] gspca_main: sonixj-2.14.0 probing 0471:0327
[ 1383.966698][T11466] gspca_sonixj: reg_r err -32
[ 1384.153501][T11466] sonixj 7-1:0.0: probe with driver sonixj failed with error -32
[ 1385.202306][T21172] usb 7-1: USB disconnect, device number 13
[ 1386.072688][T22395] syz_tun: entered allmulticast mode
[ 1387.340691][   T30] audit: type=1400 audit(1757118817.842:565): avc:  denied  { getopt } for  pid=22407 comm="syz.6.3838" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=netrom_socket permissive=1
[ 1387.466612][T22384] syz_tun: left allmulticast mode
[ 1389.430237][   T31] INFO: task syz.0.3495:20930 blocked for more than 143 seconds.
[ 1389.438132][   T31]       Not tainted syzkaller #0
[ 1389.443066][   T31] "echo 0 > /proc/sys/kernel/hung_task_timeout_secs" disables this message.
[ 1389.460871][   T31] task:syz.0.3495      state:D stack:28312 pid:20930 tgid:20928 ppid:18435  task_flags:0x400040 flags:0x00004004
[ 1389.473046][   T31] Call Trace:
[ 1389.476335][   T31]  <TASK>
[ 1389.479693][   T31]  __schedule+0x1190/0x5de0
[ 1389.484269][   T31]  ? __lock_acquire+0x62e/0x1ce0
[ 1389.490361][T21172] usb 8-1: new high-speed USB device number 9 using dummy_hcd
[ 1389.506582][   T31]  ? __pfx___schedule+0x10/0x10
[ 1389.517468][   T31]  ? find_held_lock+0x2b/0x80
[ 1389.522904][   T31]  ? schedule+0x2d7/0x3a0
[ 1389.527365][   T31]  ? usbdev_open+0x1b6/0x8b0
[ 1389.531974][   T31]  schedule+0xe7/0x3a0
[ 1389.536326][   T31]  schedule_preempt_disabled+0x13/0x30
[ 1389.542907][   T31]  __mutex_lock+0x81b/0x1060
[ 1389.548295][   T31]  ? klist_put+0xc7/0x1b0
[ 1389.552678][   T31]  ? usbdev_open+0x1b6/0x8b0
[ 1389.577091][   T31]  ? __pfx___mutex_lock+0x10/0x10
[ 1389.607873][   T31]  ? kobject_put+0xab/0x5a0
[ 1389.625234][   T31]  ? __pfx_device_match_devt+0x10/0x10
[ 1389.786808][   T31]  ? __pfx_bus_find_device+0x10/0x10
[ 1389.792664][   T31]  ? usbdev_open+0x1b6/0x8b0
[ 1389.797752][   T31]  usbdev_open+0x1b6/0x8b0
[ 1389.802597][   T31]  ? do_raw_spin_lock+0x12c/0x2b0
[ 1389.815252][T21172] usb 8-1: Using ep0 maxpacket: 16
[ 1389.864184][T21172] usb 8-1: New USB device found, idVendor=0471, idProduct=0327, bcdDevice=61.a4
[ 1389.900386][T21172] usb 8-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[ 1389.921423][   T31]  ? __pfx_usbdev_open+0x10/0x10
[ 1389.927221][T21172] usb 8-1: config 0 descriptor??
[ 1389.939668][   T31]  ? chrdev_open+0x58c/0x6a0
[ 1389.948181][   T31]  ? __pfx_usbdev_open+0x10/0x10
[ 1389.954850][T21172] gspca_main: sonixj-2.14.0 probing 0471:0327
[ 1389.966708][   T31]  chrdev_open+0x231/0x6a0
[ 1389.973056][   T31]  ? __pfx_chrdev_open+0x10/0x10
[ 1389.983025][   T31]  ? fsnotify_open_perm_and_set_mode+0x17c/0xa60
[ 1389.991572][   T31]  do_dentry_open+0x982/0x1530
[ 1390.002745][   T31]  ? __pfx_chrdev_open+0x10/0x10
[ 1390.012116][   T31]  vfs_open+0x82/0x3f0
[ 1390.022169][   T31]  path_openat+0x1de4/0x2cb0
[ 1390.032206][   T31]  ? __pfx_path_openat+0x10/0x10
[ 1390.057941][   T31]  do_filp_open+0x20b/0x470
[ 1390.072280][   T31]  ? __pfx_do_filp_open+0x10/0x10
[ 1390.078096][   T31]  ? alloc_fd+0x471/0x7d0
[ 1390.082638][   T31]  do_sys_openat2+0x11b/0x1d0
[ 1390.087540][   T31]  ? __pfx_do_sys_openat2+0x10/0x10
[ 1390.093060][   T31]  ? find_held_lock+0x2b/0x80
[ 1390.097930][   T31]  ? handle_mm_fault+0x2ab/0xd10
[ 1390.103465][   T31]  __x64_sys_openat+0x174/0x210
[ 1390.108681][   T31]  ? __pfx___x64_sys_openat+0x10/0x10
[ 1390.114793][   T31]  ? do_user_addr_fault+0x843/0x1370
[ 1390.123462][   T31]  do_syscall_64+0xcd/0x4c0
[ 1390.128418][   T31]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[ 1390.134667][   T31] RIP: 0033:0x7fade238d550
[ 1390.140495][   T31] RSP: 002b:00007fade3141b70 EFLAGS: 00000293 ORIG_RAX: 0000000000000101
[ 1390.149332][   T31] RAX: ffffffffffffffda RBX: 0000000000000002 RCX: 00007fade238d550
[ 1390.157665][   T31] RDX: 0000000000000002 RSI: 00007fade3141c10 RDI: 00000000ffffff9c
[ 1390.166892][   T31] RBP: 00007fade3141c10 R08: 0000000000000000 R09: 0000000000000000
[ 1390.175441][   T31] R10: 0000000000000000 R11: 0000000000000293 R12: cccccccccccccccd
[ 1390.183738][   T31] R13: 00007fade25c6038 R14: 00007fade25c5fa0 R15: 00007fffc4fbc668
[ 1390.192221][   T31]  </TASK>
[ 1390.195551][   T31] 
[ 1390.195551][   T31] Showing all locks held in the system:
[ 1390.203943][   T31] 1 lock held by ksoftirqd/1/23:
[ 1390.211922][   T31] 1 lock held by khungtaskd/31:
[ 1390.217245][   T31]  #0: ffffffff8e5c1260 (rcu_read_lock){....}-{1:3}, at: debug_show_all_locks+0x36/0x1c0
[ 1390.230419][   T31] 2 locks held by getty/5602:
[ 1390.235574][   T31]  #0: ffff8880362a70a0 (&tty->ldisc_sem){++++}-{0:0}, at: tty_ldisc_ref_wait+0x24/0x80
[ 1390.275060][   T31]  #1: ffffc9000332b2f0 (&ldata->atomic_read_lock){+.+.}-{4:4}, at: n_tty_read+0x41b/0x14f0
[ 1390.285857][   T31] 4 locks held by udevd/5863:
[ 1390.290673][   T31]  #0: ffff888063f3b418 (&p->lock){+.+.}-{4:4}, at: seq_read_iter+0xe1/0x12c0
[ 1390.299751][   T31]  #1: ffff888054e58c88 (&of->mutex#2){+.+.}-{4:4}, at: kernfs_seq_start+0x4d/0x240
[ 1390.309212][   T31]  #2: ffff888073756b48 (kn->active#19){++++}-{0:0}, at: kernfs_seq_start+0x71/0x240
[ 1390.318923][   T31]  #3: ffff888057a62198 (&dev->mutex){....}-{4:4}, at: manufacturer_show+0x26/0xa0
[ 1390.328288][   T31] 2 locks held by kworker/u8:9/6630:
[ 1390.333595][   T31]  #0: ffff8880b843a318 (&rq->__lock){-.-.}-{2:2}, at: raw_spin_rq_lock_nested+0x7e/0x130
[ 1390.344252][   T31]  #1: ffff8880b8524088 (psi_seq){-.-.}-{0:0}, at: __schedule+0x1861/0x5de0
[ 1390.353549][   T31] 6 locks held by kworker/0:1/16138:
[ 1390.359092][   T31]  #0: ffff888143a83d48 ((wq_completion)usb_hub_wq){+.+.}-{0:0}, at: process_one_work+0x12a2/0x1b70
[ 1390.392913][T21172] gspca_sonixj: reg_r err -32
[ 1390.395093][   T31]  #1: 
[ 1390.397855][T21172] sonixj 8-1:0.0: probe with driver sonixj failed with error -32
[ 1390.405110][T21172] usb 8-1: USB disconnect, device number 9
[ 1390.413516][   T31] ffffc9001af7fd10 ((work_completion)(&hub->events)){+.+.}-{0:0}, at: process_one_work+0x929/0x1b70
[ 1390.425559][   T31]  #2: ffff888029d2f198 (&dev->mutex){....}-{4:4}, at: hub_event+0x1c0/0x4fe0
[ 1390.436699][   T31]  #3: ffff888057a62198 (&dev->mutex){....}-{4:4}, at: __device_attach+0x7e/0x4b0
[ 1390.448986][   T31]  #4: ffff888024e03160 (&dev->mutex){....}-{4:4}, at: __device_attach+0x7e/0x4b0
[ 1390.458331][   T31]  #5: ffffffff8e475390 (umhelper_sem){++++}-{4:4}, at: usermodehelper_read_trylock+0xa9/0x250
[ 1390.469004][   T31] 1 lock held by syz.0.3495/20930:
[ 1390.474116][   T31]  #0: ffff888029d2f198 (&dev->mutex){....}-{4:4}, at: usbdev_open+0x1b6/0x8b0
[ 1390.483156][   T31] 3 locks held by kworker/0:3/21172:
[ 1390.488529][   T31]  #0: ffff888143a83d48 ((wq_completion)usb_hub_wq){+.+.}-{0:0}, at: process_one_work+0x12a2/0x1b70
[ 1390.499394][   T31]  #1: ffffc9000c267d10 ((work_completion)(&hub->events)){+.+.}-{0:0}, at: process_one_work+0x929/0x1b70
[ 1390.510660][   T31]  #2: ffff8881447cf198 (&dev->mutex){....}-{4:4}, at: hub_event+0x1c0/0x4fe0
[ 1390.521201][   T31] 
[ 1390.523538][   T31] =============================================
[ 1390.523538][   T31] 
[ 1390.531971][   T31] NMI backtrace for cpu 1
[ 1390.531988][   T31] CPU: 1 UID: 0 PID: 31 Comm: khungtaskd Not tainted syzkaller #0 PREEMPT(full) 
[ 1390.532003][   T31] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 07/12/2025
[ 1390.532010][   T31] Call Trace:
[ 1390.532014][   T31]  <TASK>
[ 1390.532020][   T31]  dump_stack_lvl+0x116/0x1f0
[ 1390.532038][   T31]  nmi_cpu_backtrace+0x27b/0x390
[ 1390.532056][   T31]  ? __pfx_nmi_raise_cpu_backtrace+0x10/0x10
[ 1390.532076][   T31]  nmi_trigger_cpumask_backtrace+0x29c/0x300
[ 1390.532095][   T31]  watchdog+0xf0e/0x1260
[ 1390.532110][   T31]  ? __pfx_watchdog+0x10/0x10
[ 1390.532121][   T31]  ? lockdep_hardirqs_on+0x7c/0x110
[ 1390.532135][   T31]  ? __kthread_parkme+0x19e/0x250
[ 1390.532153][   T31]  ? __pfx_watchdog+0x10/0x10
[ 1390.532171][   T31]  kthread+0x3c2/0x780
[ 1390.532182][   T31]  ? __pfx_kthread+0x10/0x10
[ 1390.532194][   T31]  ? rcu_is_watching+0x12/0xc0
[ 1390.532208][   T31]  ? __pfx_kthread+0x10/0x10
[ 1390.532219][   T31]  ret_from_fork+0x5d4/0x6f0
[ 1390.532229][   T31]  ? __pfx_kthread+0x10/0x10
[ 1390.532240][   T31]  ret_from_fork_asm+0x1a/0x30
[ 1390.532260][   T31]  </TASK>
[ 1390.532264][   T31] Sending NMI from CPU 1 to CPUs 0:
[ 1390.649393][    C0] NMI backtrace for cpu 0
[ 1390.649410][    C0] CPU: 0 UID: 0 PID: 20122 Comm: kworker/u8:1 Not tainted syzkaller #0 PREEMPT(full) 
[ 1390.649427][    C0] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 07/12/2025
[ 1390.649437][    C0] Workqueue: bat_events batadv_nc_worker
[ 1390.649458][    C0] RIP: 0010:__lock_acquire+0x543/0x1ce0
[ 1390.649480][    C0] Code: 00 00 90 e8 8f b4 48 03 85 c0 74 0e 8b 3d a5 ea 13 0f 85 ff 0f 84 06 0f 00 00 90 31 c0 e9 ca 01 00 00 c7 44 24 34 01 00 00 00 <49> 89 0c 24 41 8b 85 e8 0a 00 00 85 c0 74 16 48 8d 04 80 0f b6 44
[ 1390.649493][    C0] RSP: 0018:ffffc9000ff7f9e0 EFLAGS: 00000002
[ 1390.649504][    C0] RAX: 0000000000000002 RBX: ffff888073805370 RCX: e1f8d4b2b6d88669
[ 1390.649513][    C0] RDX: 0000000000000000 RSI: ffff8880738053c0 RDI: ffff888073804880
[ 1390.649521][    C0] RBP: 0000000000000000 R08: 0000000000000000 R09: 0000000000000000
[ 1390.649530][    C0] R10: 0000000000000050 R11: 0000000000000001 R12: ffff8880738053c0
[ 1390.649538][    C0] R13: ffff888073804880 R14: 0000000000000002 R15: 0000000000000001
[ 1390.649547][    C0] FS:  0000000000000000(0000) GS:ffff8881246b6000(0000) knlGS:0000000000000000
[ 1390.649562][    C0] CS:  0010 DS: 0000 ES: 0000 CR0: 0000000080050033
[ 1390.649571][    C0] CR2: 000000110c3e8187 CR3: 0000000042827000 CR4: 00000000003526f0
[ 1390.649580][    C0] Call Trace:
[ 1390.649585][    C0]  <TASK>
[ 1390.649594][    C0]  ? update_curr+0x71/0x550
[ 1390.649608][    C0]  ? enqueue_task+0x20e/0x4e0
[ 1390.649627][    C0]  lock_acquire+0x179/0x350
[ 1390.649646][    C0]  ? batadv_nc_worker+0x159/0x1030
[ 1390.649659][    C0]  ? batadv_nc_worker+0x895/0x1030
[ 1390.649674][    C0]  batadv_nc_worker+0x16a/0x1030
[ 1390.649687][    C0]  ? batadv_nc_worker+0x159/0x1030
[ 1390.649700][    C0]  ? try_to_wake_up+0x160/0x1870
[ 1390.649716][    C0]  ? __pfx_batadv_nc_worker+0x10/0x10
[ 1390.649732][    C0]  ? rcu_is_watching+0x12/0xc0
[ 1390.649749][    C0]  process_one_work+0x9cc/0x1b70
[ 1390.649767][    C0]  ? __pfx_process_one_work+0x10/0x10
[ 1390.649784][    C0]  ? assign_work+0x1a0/0x250
[ 1390.649797][    C0]  worker_thread+0x6c8/0xf10
[ 1390.649813][    C0]  ? __kthread_parkme+0x19e/0x250
[ 1390.649832][    C0]  ? __pfx_worker_thread+0x10/0x10
[ 1390.649846][    C0]  kthread+0x3c2/0x780
[ 1390.649859][    C0]  ? __pfx_kthread+0x10/0x10
[ 1390.649872][    C0]  ? rcu_is_watching+0x12/0xc0
[ 1390.649892][    C0]  ? __pfx_kthread+0x10/0x10
[ 1390.649906][    C0]  ret_from_fork+0x5d4/0x6f0
[ 1390.649919][    C0]  ? __pfx_kthread+0x10/0x10
[ 1390.649931][    C0]  ret_from_fork_asm+0x1a/0x30
[ 1390.649952][    C0]  </TASK>
[ 1390.651041][   T31] Kernel panic - not syncing: hung_task: blocked tasks
[ 1390.900562][   T31] CPU: 1 UID: 0 PID: 31 Comm: khungtaskd Not tainted syzkaller #0 PREEMPT(full) 
[ 1390.909657][   T31] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 07/12/2025
[ 1390.919706][   T31] Call Trace:
[ 1390.922984][   T31]  <TASK>
[ 1390.925901][   T31]  dump_stack_lvl+0x3d/0x1f0
[ 1390.930483][   T31]  vpanic+0x6e8/0x7a0
[ 1390.934457][   T31]  ? __pfx_vpanic+0x10/0x10
[ 1390.938950][   T31]  ? __pfx___irq_work_queue_local+0x10/0x10
[ 1390.944830][   T31]  panic+0xca/0xd0
[ 1390.948540][   T31]  ? __pfx_panic+0x10/0x10
[ 1390.952943][   T31]  ? preempt_schedule_thunk+0x16/0x30
[ 1390.958308][   T31]  ? nmi_trigger_cpumask_backtrace+0x1b1/0x300
[ 1390.964459][   T31]  ? watchdog+0xd78/0x1260
[ 1390.968876][   T31]  ? watchdog+0xd6b/0x1260
[ 1390.973319][   T31]  watchdog+0xd89/0x1260
[ 1390.977570][   T31]  ? __pfx_watchdog+0x10/0x10
[ 1390.982252][   T31]  ? lockdep_hardirqs_on+0x7c/0x110
[ 1390.987441][   T31]  ? __kthread_parkme+0x19e/0x250
[ 1390.992464][   T31]  ? __pfx_watchdog+0x10/0x10
[ 1390.997136][   T31]  kthread+0x3c2/0x780
[ 1391.001188][   T31]  ? __pfx_kthread+0x10/0x10
[ 1391.005761][   T31]  ? rcu_is_watching+0x12/0xc0
[ 1391.010511][   T31]  ? __pfx_kthread+0x10/0x10
[ 1391.015086][   T31]  ret_from_fork+0x5d4/0x6f0
[ 1391.019659][   T31]  ? __pfx_kthread+0x10/0x10
[ 1391.024234][   T31]  ret_from_fork_asm+0x1a/0x30
[ 1391.028998][   T31]  </TASK>
[ 1391.032232][   T31] Kernel Offset: disabled
[ 1391.036533][   T31] Rebooting in 86400 seconds..