last executing test programs:

12m22.149707s ago: executing program 32 (id=1337):
r0 = socket$inet_udp(0x2, 0x2, 0x0)
bind$inet(r0, &(0x7f0000001a00)={0x2, 0x4e30, @dev={0xac, 0x14, 0x14, 0x42}}, 0x10)
connect$inet(r0, &(0x7f0000000040)={0x2, 0x4e24, @multicast1}, 0x10)
setsockopt$inet_udp_int(r0, 0x11, 0x67, &(0x7f0000000080)=0x6, 0x4)
sendto$inet(r0, 0x0, 0x0, 0x4000080, 0x0, 0x0)

10m24.942037204s ago: executing program 33 (id=2236):
r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0)
r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0)
r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0)
syz_kvm_setup_cpu$x86(0xffffffffffffffff, r2, &(0x7f0000000000/0x18000)=nil, &(0x7f0000000040)=[@text64={0x40, 0x0}], 0x1, 0x11, 0x0, 0x0)
r3 = syz_open_procfs(0x0, &(0x7f0000002040)='net/tcp\x00')
read$FUSE(r3, &(0x7f0000000000)={0x2020}, 0x96)
syz_kvm_setup_cpu$x86(r1, 0xffffffffffffffff, &(0x7f0000000000/0x18000)=nil, &(0x7f0000000200)=[@text64={0x40, &(0x7f0000000080)="f047189e0a880000460f01cac48239dea3050000000f20c035000000800f22c00f01c366baf80cb88c76518aef66bafc0c66ed64363e26f30f090f01dc0f0748b8b3330000000000000f23c00f21f835010000000f23f8", 0x57}], 0x1, 0x0, 0x0, 0x0)
ioctl$KVM_RUN(r2, 0xae80, 0x0)

10m22.024219959s ago: executing program 1 (id=2350):
r0 = socket$nl_route(0x10, 0x3, 0x0)
r1 = socket(0x10, 0x803, 0x8)
sendmsg$IPVS_CMD_SET_INFO(r1, &(0x7f0000000b00)={0x0, 0x0, &(0x7f0000000ac0)={0x0, 0x2d}, 0x1, 0x0, 0x0, 0x8801}, 0x8000)
r2 = socket$netlink(0x10, 0x3, 0x0)
r3 = socket(0x10, 0x803, 0x0)
getsockname$packet(r1, &(0x7f0000000600)={0x11, 0x0, <r4=>0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000180)=0x14)
sendmsg$nl_route(r2, &(0x7f0000000040)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000640)=ANY=[@ANYBLOB="3c0000001000850600000000ff6122314a000800", @ANYRES32=r4, @ANYBLOB="00001000252155b21c0012000c000100626f6e64000000000c0002000800010001"], 0x3c}}, 0x40000)
ioctl$sock_SIOCGIFINDEX(r3, 0x8933, &(0x7f00000000c0)={'macvlan1\x00', <r5=>0x0})
sendmsg$nl_route(r0, &(0x7f0000000240)={0x0, 0x0, &(0x7f0000000100)={&(0x7f0000000440)=@newlink={0x44, 0x10, 0x401, 0xfffffffc, 0x25dfdbfb, {0x0, 0x0, 0x0, 0x0, 0x1503, 0x4}, [@IFLA_LINKINFO={0x14, 0x12, 0x0, 0x1, @ipvlan={{0xb}, {0x4}}}, @IFLA_LINK={0x8, 0x5, r5}, @IFLA_MASTER={0x8, 0xa, r4}]}, 0x44}, 0x1, 0x0, 0x0, 0x4001}, 0x0)

10m21.267339824s ago: executing program 1 (id=2357):
r0 = socket$inet(0xa, 0x801, 0x84)
mkdirat(0xffffffffffffff9c, &(0x7f0000002040)='./file0\x00', 0x0)
mkdir(&(0x7f0000000100)='./file1\x00', 0x13b)
mkdir(&(0x7f0000000040)='./bus\x00', 0x34)
mount$overlay(0x0, &(0x7f00000000c0)='./bus\x00', &(0x7f0000000080), 0x0, &(0x7f0000000380)={[{@upperdir={'upperdir', 0x3d, './file1'}}, {@lowerdir={'lowerdir', 0x3d, './file0'}}, {@workdir={'workdir', 0x3d, './bus'}}]})
chdir(&(0x7f0000000140)='./bus\x00')
close_range(r0, r0, 0x0)
r1 = openat(0xffffffffffffff9c, &(0x7f0000000080)='./file1\x00', 0x101142, 0xeaff)
ioctl$FICLONERANGE(r1, 0x4020940d, &(0x7f00000001c0)={{r0}, 0x8, 0xa1ffffffffffffff, 0x1})

10m20.934049908s ago: executing program 1 (id=2360):
r0 = syz_io_uring_setup(0x10d, &(0x7f0000000380)={0x0, 0x0, 0x80, 0x0, 0x4000}, &(0x7f0000000340)=<r1=>0x0, &(0x7f0000000280)=<r2=>0x0)
syz_memcpy_off$IO_URING_METADATA_GENERIC(r1, 0x4, &(0x7f0000000440)=0xfffffffc, 0x0, 0x4)
syz_io_uring_submit(r1, r2, &(0x7f00000002c0)=@IORING_OP_SHUTDOWN={0x22, 0x9})
io_uring_enter(r0, 0x3516, 0x0, 0x0, 0x0, 0x0)
timer_create(0x0, 0x0, 0x0)
syz_fuse_handle_req(0xffffffffffffffff, &(0x7f0000000000)="d2c113c29ca1f0329c09333c4e57bb838cfea716579dab7d1cbdce058b04b86cd2573f5a46ec9ad1bb3c276903ebcad8758f3bdb0ea994c5ea01d7771c5b21040018c812e3b3d2c92d14193a28633e7a06c3239d8e97c69f11a821f535082d74ee0c1925c46bfba566d8c9647889a9dde67089b24871471415a695730085f81a0b7c8dc2eae85ccd015b85d7d1fecd2528f2a8369ee0315327ba0d506a583c716ea4fa23575566c8cf1a2a844691717179b82f10998b7d540188e57e864820665ab70db2d483c4fdcb115ea6bbd4a888f9d383f6fea063635b69686590f540c638a77fe8e8cb266cf72667e61871faf1d1810c749c30c5a7b61609d81114f7aa0355967a7513f659d021338ddb687b0f7372386170902b612c56f58dc73a1ccecb389ccd39f926ee91220a5c053dc277919ed4e32b63da14781cb46227a71388f2aeb37e8971d4a554824bb05f7e6861a916c94204feae48f115680a40b7b2da6ec3af295979016cb78ee53d347a2a8de81c26d0468db8b59df449513e109f26ccdff64403180deba17211813b69ef3f0c42f498a6f3d05a4e7f47f99a8b9ff6bb375fcd1cf444a794a7c2a274f2786c8c220b1f80f2d0c1f311960b37357e31198a44f1e25aaa320f6daad7a42c0367de29a2d0d5567098dfc4ac2b0393a7accfaed79afeec5c9d526503e8fbbd3d1f6365c698775999e5109bada3ec51a9d4b884631086bcfa4fe99135a7c482d9e3d2cbd0a58a42f8cd737a812c21185d909bab234d412bd450da975be70eac2a8db479f7030ff5f41817cd798d59a2db9d8d829765459531044ba3bfa6fc89d046c75e707133e5211fd05d20f63d4f493b23bcd966e3f4314a512451b761fb3b3ed815da07c604f71d2a86937142ede6fce427766dbde15f74f2c45d4c3c08e815b507bb05ee97ddf7ed79ea2ddd5c6ef057d455d84c79bdfd6e68ba6f5cd806a6b9dfd5ed65e394554fb59df7aba2676779a547cf8a7c97379abc760e94e01264a2a23c8c63296ec0d9a4e0aa5c9c470fe46beb8db8322372f3649b7d2ad0b8d09e77e4757a2f40835860b56d41382fabc35d891deedd2168ff3b20f3345ec3238ce795fd9b0311fbd7cf10bbefe4e9349bdf7ea5294f3fc3ded1203c01c9a057641ea122eea48e30b942fdebdc4e7263353361dfcf3562eb3f7eb491fe5394ac1e9af734950b3de71b557bd1baf334d39c5dd9e6842a3ef24004eafc5eb85fbdad5c1e49f60f565da146b119f27ec9077774e21300edf2883f34e299ae0465779ab80ba2d097f5d791a72785f35090dbc369864476c33d3279382a49ac45be1706211659d6fac1ae12d772fa270eb3746a69082e67664f4be335f2d172d52f5083a0768e5d4332352be40eb41e3406de4498e740a470141032ea251c144cdb5352d8049281898c72f13a5d3509c9c77308fe45016abfd7d42b1a022a60b9a5bbcece7c0a10bf9f157995465729b38fdcadd0d977574636206982a6b4e8f24bc75e3eb054fb9ae81e878afd24cfa9756f053bb89f0e4a42e195bd2af8a91a6dd5c9fbccd938681a7387ed22a0e3a8284d3182aa7ef1905a267850fc405494d7079f6d0364287cf7b16dc2310b15bc49fb68d1a96075cb5f30f4fc2ec0c51d0b7e806e78f108f4060a55b8c23b3c89a2f2fa321d5138019c417a504d230ec496583933daba2998e20d8f9a2e6798f681e1d4df88fa4e084513d3648ed4f6624d8b894470cf325e837ad177a634bf58d21378fa0d3370bcb724fa88314bbd0749bbe6ff9dd5d7826701891c180278833c3327a8b1500c3e86fbdaacaaba0e0f708052ddecaae4fe142689c812aeccc7211f61159e0787a8f639d1f0a4db373c17317fea5d3ca1c6060fc44a2d02502f0230334acb69861f0cdb82220827f5887a14e7eab133ce4ecd9a414b2a6b31d8c631325319bbb65ad01aaea7e157fea6cbb434c67f4582028c32f5890ceb243dc972e61e122cb36840d5838dff32d4b613ae1909f3970404fb1973f1e80b0e388141b2e24d47276be045880a4ac18fd136c08cf266b35c75e9b796f6210817439833b613195fe4688b22127a978d20f8b32e3df3297e09a565e659857d8052bf69c5006c5870bd25e6c3aeb411553924d06ccb849cdeca659448cb220d259b4ee20d256d44149814b5e13ab365c448369a43553e01874acded99d24da7d1c9c283dae95b0b5311344af85c7c9a8483fb18a5bfd7a4fb4bbade211edfa4c30f3d1b5bc9672a02adb5d638faea66424e2c82540937dc4cf21392fe16e05811f1bcfb83132deb1cf2a522f9b543758b25d6949400af5d2a7a566f4ab0f5fe0b0a8e8379850e3ed78cb823f5b59b3df4de700427b197720ec69b86c76080b2cfdc4a2619e9d2a901e247e591d79dea91257c0d4a3c7ebb86af42de6833aaaa2d69b71e684236705744b79c62079236759def4a37a0b97742dcdc1af8e54385ad496af31cffe7539e4a69d65ae28845439e5e3eea34785e6065c32f3c7b71ef4edfdb16ca9ee9d5d4e066a60f9919461ce932a61c4100276dad7a22447c681bfebac9186f23dd38509090e0c0fd60219d33174d0d1f5a2b3eb194ae1c7003b159dd560e909fcd0b14b803ded8a94f2a61ca59f9015a673c018515b7605512ecdec58b60aafcba88e88b790e6dabc09a6721613d4e60ffd8d01b07ccacc1c7f2415347f5f5aa9eb7e5d27090403a55d0364721bf0363e34bdf9d92c8e83fe39e8d23e0a038717c00f82dd27709ea69a7a857575f0e039b067750b0e226dd01091b6aecae409d563a72e0805c8c101401a9d4356c532ec27cf25ad0ea92eb137e5bb367623155b3e62baa1cb29d86e4765a635d180d26f37f58a24683494cca93547b1f9ff0cc81c085cc4509b746c5327f1f169ca3bd059d324ac91e3c05bb225e5f81655d2f5b5f0cd6389d35be14f63cf76ef856634c5c42f5f6763a457be1745d9ddc4e7a77cbe86398585dd18159eb7dadc2da143cabd5794c4caafab774c5b0ad661f6f9e7bd5163af6f214bbd6351560cfb5e9fe42d3b67912e0bb52926429a43c27aa6c52e904660029285c4b763d6becb5cd4e9a029fb092ae20df18e073627d896a8de5f89474cbc2d2a525edbaa635a9704ec9f30bc0d18dea437a986553da723befb7f91d73a9976a528d2ff2ff80aef0fb80b4c84fca0d810e1f0c3857aef2616c9908aa7dc6a02e28085ccbb88e13c8c8c1acc631e4121e39b453a5897602dfcff5629f88d75ae7375cb9d08969dc6e870870c7aaad3c62f1f39c363d7edfda2d5ce1e9e62b25cf3b31bf4da9b90616a79d3be8f031837844c13fa6ea8af83db6eaa6abcb5158c38abe7fd39b8710c7d8d830ac93d5d3cec1d038c7947861c4ea118b3c205be5c441d35ef856c9a81f970c2850397e735a2fb991fe2dd0f293224ed263963a1041dcefc67b77b25b82d6ab047eb282702ddab528cc4bfb8c82d86352057e893bfd4b41e3396d64d7f1a78f6a0d4cd420d4bf84eb791a513163f837556c1a2e7c4e84ab9bfaa3a23a7114bfd301ea1f6b5e5c94e076e8f42a4da7e05224589005625245672ef85a11d6ac4b379b72660583ccb62b3d6cf00090c9c0ef7f3e3bce7bc6e10baa0498799de647451281afb45cf053c7a57eca0732a8f9e9f02437be51649bc7d1a391aca1561fb6b2d47817394e97e426afda0fb9fdd248579b8eb768ef9e249dbef8b0ebbd0e8dec2f149e2356df3a9f728b5392875ea476b54a1c990040ef4e63373566611c5b555b5d60a0e69f32e05db3f9047ea3e261ee6e3d87516bb0fff783333eef6444c8d9d17f8b23514d6358c62cd34dbf0e9dd60f54f286c533d68f2610c82eaedd9e512884f37211f190a08cd3766c7ca6a5043ee9dbabf5994c48d03a2fa5ccedce7ffbe9cee1e9d54036ca4ca7c4fdc339011448c7aad3d14b639dc179e7a97f03b606b0e47a32b8c9ab82c59fbba5e0ab663538aba9ba71d27216614f59bdccb050cc2512f65f465e8476d36855df64b8bb181907e91f45c6262dba02b35dc238bb32b9cc7070d31f7f95f2193b5fca347874a64041ab629cb5c3a3d77ba999793badacf01c4244ae13c0d77fe01fae16c489fcd58010afc3084ffadb9bf7264f23f1ad0e8d9d762dcc431163c343054181812c9cd1a6ecdc9964caa0a2ba8cd29271e6824891129b89efc1ea2996100f1932940a49a324e8eb688d05ac7d6ba273aade15c2be8cc74ef1eafad9b9ebfdfa36edc5c6d109485a48ac6a8395ccdf23779919953cf3c61c3a635c7e782f84098f3cc6bea7644cf3924c2352c97c76bc7141227dd29f1d47ef209adc3aaefd8cf204fb265e6b262e83736c2f26b22d80870af83095338c23a47a5a86af2ae7decd1aaabd925ae900bfe8e82728e14fd82677769bc9962dbb507a61e206821ac9c0940b12d79ecb7a916b9f6573fa3d9a7ef773f66de8cf8db6536d986a29d7b50a2973d228ec48468c5ebec6253130c578e5ec2848b62e8e1082a3d584e84b86e24211a9546e1abf79e568827af5d9ba98ba7b33b5cd9cb7a81dc873ea11276049d9d6206d2ed0933ada7ef9b6823f24b756ebea834297743ffb146350f320ec9044df55b20df0ff84584c16350f465b5ad7d364f9b166fb534c2a0e65f6bb4d61feeb84463ceb4a4f7853c0c2410955881a60170b0bbc131f6699e2616752851063c7e8b0a82e4357b84e48bad8002610e5770c17ee0cb301f9dfe8d5cbb66c6962b5edcae17b5c5dd42026737ea9e2c79bfb9392d290b44d66ade6eb62e26321ee214a6d15facb7cca610b6209392179a50f3dcba1494d3f302745461f6172d329a12d68405be5ee05ad2a641a7aa3da1d1fd3198671bf1af5b39e2bdeed49df80cf0c6e0edc5c4812350097bda47d3fafb3827d73eeb0b29320c74dae6d4d61d8fc269652835f5a7f98710c644dd50d3af618651b41916bbabb9ea7cc46c8208dd7fb99474be66e1a970c899f17129a9ed17ccce0d93411e71b8f1c7790c787f7a97a50d54acbc6f4eee49a38882c34e3477c97e1c6da0b39a1e9d0d25a3cea9364033bf4f625a02412174d03dafd642526867578f71f2e52920833b8d23713d5ac48165f49545f6c7c75b5b4ef2e0682f8f2e191fdb6c0ba529856f887391f8d5aa3f7dfc5230170b97662611e53a4436bf4e98a5ceaeb16a79bb95f962b2675cb6da9f1cfcdc1ab604ef7749fe87ccb5a3660f463ff5f488b5c544cf847be84dab22d038730a7021cdc7f7ab714c1561c98a39cc92cd6aaf53c82b28665114ac18b2149ee7f1b52f894c28a49eb45d4cf6a0e65df39b3c717039ae41958fe810c1e05ad62ceef2980e0cfd891bfae0db61fb1c8d65b6812ef1bf5d426f955ab4826eae69f531979699685f5312882032a5f47ed8cf2e98e67d9f6c299d2060a04b4aa677500b48a33586b10f71293d57de846d2683621b588630a6ef06a41437bd99366787b787a68c71779132d0ee73aa5f97d5b9ca18a7ae26b7002512df1073e2eccdb4d2f137a15d9604e10547fa465aeb4f2e5899b531adeb5e72fb76c2c1c9d18ceb4a23a5f6174ba86a7119d82e35cb5a5d1c6a093351aaee0094b32b92417dc50c1d3806fffdafd2ec0e3ba176d84bdb7d59755e9083e61ded802e2a089ae9d6746f738b55845bcd4ff0a21888c2c6b972db043973fb323fd1c15e70137aa6a4bce3f60f27c1d1488f3751e5425a5776c7cc3a3c8acbfbd2171407e1a242e8e241e6e9e1287d8995265a8092ec59ad99652e63a41b744f34392017f29c1b1ca4ce7728200743d4497a70cfd2369d0ecf9e0ba6f28da25b2d918a06ad1173091b8d750b8c2120321818a0912bf47b96c9a8962930a843ea8419b24b8618b7b43482291906e151bf39d3634756d9e1ff5a6e787d1fc4be7349c38a3b882e059a5da930a9cb2a01eb8b24b54def2a2949538fc063542921947f1997dbee59842a50a043d431649ea0adde68c43259ab51592107b2618c5f761364d4d3d5d0f4d4ae1b94650cb4b695db5831c6dd789140b87525d9ed46fb8dce8fa75d68f317dfc3858d810928fb3530b7ae8701d622b0e69ab16cbbd46c8165c467850d081292da8147fe07f472776d1e2c75c17bdc0f8bafbc964da953a5efe64af69944f0f8858b2a4dece04428ede8967d0e93827910400af8a859b59579d9628191b291732bae90a3b50f8b2b7728725568a83e006ed21e940d4b7e7291ad6365138aa2d59c0b303cc298f7a70d0c39e4f17a878083631b1f96a65d7b4c5a4403929180694f55b71ba29685bdf472f0e21a1c8b3c2dbfc4892ffbc0f0f23f38ed0b785080c11b0766ffc5a0c2c750080b764df159e42ac8eb82681baec5b0ad7948153679162c223f63bf22545718accf2a30bc4402f6b54996baa00508c6def488975a2e2bf2a8dbcff49293e83f998f8baebe722cdfef96c46ac3d945d56ada194353f7cd03d2b86cb9844f7d63f008fbe553fe0023f6968e8bea9054ed3c567e5c55b283fb2337fbd20510e5e098537f5c1baa6b509f63b1e812840aaf470690894a2725f4460a106a3b0e14b12b47c3fc1a083ae7e8cd2e710b5d428b2063f7bb91105255cc0fcc8ac51398ec3df6416d283c4aba6ed44846e82be02d242c710c973c5f0a9b3b16da8a96f5cd2a164a3fa040075b0cb99944f1b34f7e79ae039d15a6c992cb40aa403de90992c064e1771f2a396734480f43b024dc799b8e242df235dc0d33cfdce41755722907f4533a1480d78e99320412326c27e15434fd3fdb19ed33a07063a8a62b39ce14be2ea1e0adadec65fcf4f19901bd801b87e90fc91f1270b420fb530b71b7aea9ad23c4a4ad28d4b63444bc2fa7b44247d5e9f0ca0209a489035b4521b5e886a419df1f9d0e27b9c5007ee75fd3909d4e0156973bdf2ff8d1a88cad1d534ba93648ecb34a30b1e760f1ee8cfb90c27c36385fd68ee48982e5f0c190e8786b7ef0e1dfd3cb1cc00efc19a92020b509d3e2c74b4265bdc765085bc49c6fc61476aa22cff375a78c59f33394cc6ff460584ebbd8dba2cbfe97feb1c9147068dbc1d3e25631ad8478d826d88c28b2cf967d07d3ff845cbb25699406d106eabd31066e9cf8abbe7598f71cca663a6f63bfb63caa95d3a363e69e9a3bc889d026df28c37e41786bf8c9a1ccc06c3499986a72bb10367f32b1b8a55365c2a5b46061b58b81c5da69ad39db6c468906f1c1225527f1b26a3dbad94b1419f3671086b061117206a634cd08beee1fcdfb4a3a7cc78b3cb1293dc900d0859505018b38033a1cc9a0051968af1f8fa60350865328b6834f9c30bb1734949fcdab62cc6904b285322da3d49f188019648cac314d65a7c57f4e25864f17e346e7ebbe411695a237622356ecc10e66c8ba33e7106a756b8d3abc1a1aababc26413adcfda74a59b9002a7e2e3edb3e7551d32c461c2e40c25cb9de751ffda44d7f353513c5bbbc473594127c09775844dec5dc922caea5532dfa98fe80d80243233a4f0c15520d9dc76da3623aabef3582380ca4d2f9558d6c71b672f259b94f26710aa1d933b3ad79c8755a96c18fcfd62a972ca80ea0d33afbfc80045ba7dab492aa06c73ea3a598b2bc6eb1549627d183c25c3486814960eb1e1b02200a92f51b8642683f88185a9ee91c6dbb576dd8a869e1338b81ec205d979242bd963308af90ec23e01d253a70440edd3ebfac8e489db0a70bb5c887f22e7a5de33918374a9ae5229d419b1948eeb23bdf8dce3c5df3b81d1a3e3b38e095f261cb9e00f5567413a5c13abb469fdf64adc830cc442a099609cf0ebd3ffe936d77d6099d816be2b4cdd31e4fdf5af5904120ec65e81138416462f9e9bbe9ba6d5980c7de01288bd9f4741848802c32f3774678367c70014e531ad7f95b5527d022232ada51148012328f1693b2d08b8eba80dc26d8e9fc369b410331ed720e410ded5bd03ce69942ffb97489a2c5b6e4da93cc73811738a141c3a16d4ff6edf2ad1b3d3ae45a21c5ca2613b92e7871dea89d3cd699b86520c80f6a391cc2911538f8108dc90203b0e74ee43a087e033265e0745a9c991facff49339c40601420bb72ef014bc4b9a51cad1dcde9f1567b4ae9d11b1416ff3d8dee15f4672bdbca4348e7e71f8d75a73851bc0ad539312b7d52c498602a5eda4630296fb40aaa90d8f6122da7fb56d02755f861df193bdc5effd8a0e54c2ef78a284f7543c2b25a81bf545be3a3f549aabe86700bf058877e3fec53813f9992814a2cebf341cedcad346dba70596da899add4d723d98366ab60997cae7e5b9d417252734d9145ab8c5ece5b5b0efdc2f2578838c500ee17b866323a951979c6f1a50da2833bc437bcddd6efaed0244df44e6069daf359289d9c50c073f0fef4be1fb3802be5ea643761ed6347a35a3f537cbde402911c28d7c7c7e6b8612facbe87221f3505ff078d0dbb28ec469fe6eba2efcb4efdcfc5745299c0850e21ee2c9ef77db8070d589c547cc7379b58677d16077093514849869ab5bf8f896fa933ba3edc676dcb73e91386cc48f01782ba635564e0f91988cf98a3a17544abfedcdc1d80540e9499bf98180feb80325194cbc369be3275ed390f8e91b8d75b1364e9fabe50a1e3b9531c3fe1aaf6523e54bb05738bd3a67ca5de01b2e479ef7678a86b13d6b747fb3cb5fe1be8913228705fc232ce422186cb79c3b66c944f6124eb414322806d47978044336221f26d3a09ed8dceb52e3c7e3413535faf1f7868cb47bbbf02c37b4cc877a1d5f4023083d5b36650b673a4e51387c64d44daf58057adaa5610d22a15329804cd51a42f663311c4e5ece9d99b5a813c4025e8e0a98c0f3ec13cf07de0b18d7e1ba7d3eb143f5825f62ae5b5f6d92b167f9dbb2177e84f23322566814296277fc2933956f818f5475b6aa031545e6e2265679d16cbedff96c4f419d5fabe99ee652feac8acf9a90771ab8ade8291b42d25ebbdc03faac02b9599fdb83621f6ae1e2e7f946520f3cff881cd600c17b4a00c08d0996f7d2bb97d35647f72b80ba8ad3b4a16cb71094b2d1193a5fa1456e4671788bc51c0d506f4809ca34620d4a75a62ddfa20ab5c4d347a08eb8784d4c572fcb473b766f5e1ce9d92db70ebee83accd58b8253da36b9542686edce545261f309144a3d64900f796620003b36ee3d44a06cc4d088f73aa45288b90476d2e1e461795d473d59500aa23a6b7724a2f0d6473dc2f0af6ea311a648e193072016e199b920bc8c0830ae18f1c17e33d73badadc0f9d34cd52b54f4d3d480a7ddfe0f140f8de1a382a4c5a722d3e0f875b69054d88b8bab94e9394ba8d28937f1ffd871d1666a377620e7f032633fe58ebc87e533bd6461b537cdde38352ece085378dd7b24fa3fd5a3dc3f5b77492e4fc91238a8bfcc4e20bb396bd3317155981ec593926f2e9f15e5ac1aa533e122441649a681d88142a93386a6ed6b2d5b18d7fb57541e31a69acee17345b08c6667ebbc53a082fbcd980b4751937ba729dd2fd9b43d06091517922dd3ea524db002db7525902a465081843191d2d7ac76adb7724ac2bb88e4cb2f3188dbf0cd47acf5011b4519ec100a44b2ee6a1dacac5aade2cdcdca777c6b5edf596b05691d247f671491f68bf2e113a7e8674309ea98ab794d05c664ade246288796270e10f4a308420a62bf0df1d1636330e88bf4cc78051e5f715c8f97b8a83119b3fb5129ac6d0733256bec96d8cf435fa005e14d88884a0ca24266a4e78e25e2519796ba31971e4d0cb44ea58c5ddf54a15e3b449642e395679fc5ba600cc6bb7f2b004bfb0d621e51f9cf16309e4a02ce4f23f4a2d225aa8c84840bf2d3522a5f7a983cfbbfe4adb62d6ea622ebb784072bc6673878c5eaa865a7657b619f48cf0c51a4b0d47b20f426adc7f8ab68238b97abf68443f0eaac3796bfd99e0bc644e4f6fc43e551eccd615db802dfb031444e09aedcb04846bb894a2cf42dd0a578dc94d727736e502194ae25bf8556373969cb7f27788b6edf5b2bf25a79c7f89289f827ed4be611d65f6bd89698b130aaadd0f2d914819f41a0185dfc73adcea80d2ee592bf32d15010cb32a95ef112bccb2b780b461637ffa1641d34e1b114cdd3dd1ceb365933efef1781f9ec620a73097594c945969c2ea036e36b2380b33599c3e1d4eb2b7f210324aee3bba5a944b71cf0246ceed878897fe00e30d0bd32b3dde08c8805e30efe39cbc9d11b97491d82fbb5d93b1997e5f3128252472ecd256b9f79611175b6f686629ee744d0ba2494607a4476ea5f934c936403509c14bddbc2403ad5d97bfed0da36707b66f39ffdcee7ab39602e740c1ca9761570cdbab5f56b2060db428921457445b15c4c92b9c4b0ebb0746936bc3053836fa884e97c96e44d18a5a52feca033ec4caf950927bf9a281ea1aacb2a8b1a1f74b20de25ad5f3e459ab8b61ba5d00eaedcb6b5467dcd8608cfd48cc8c1a01f2c9f68bc9ef9adf2fd81cb3e28277c52d58f42ea87c8896383c2fa88dd15dba7172990893fe28ad1b50095b2ca20856de64693f3a663be6e34a9ccbb09add5724c5599495d0c95d2b900444651048bf418070b324016678d694b82565931159ffc37d3eefd7b482c41637cdd69b8f7051b6e88cf87a01d26d0689057ca0f66f65a2c3fbca608f7dec52d8e41ea98d21be162eeb38b27e9465d5525e0ffac3bd989adae19bdcf98edc48ff9d9d2a2f0850fa2cac8421ee6e211b1930f9fe9cb7138e8058ae476aa93c0ca49b170eb4ebbbb6fb4020d000eae537b4dd4bdfc63e3fb281848c057b94fc14dc12f8833d5ada50c8f0178137964c3b1524c59eae7ae19066a8003b9f4036b0be91f6f24baf6839f360473907135a8eb777dfe4dcf18d15fb8e16d069c48c5a128f046667f66bb22d36e986c73d2ebaa1a9638a9e8c049d0c766e2008fb19c4aabd96e3443c48377214b01dec0f73538fa5a882553a60664e549030fc9cc21a74a73cf79cfdbbfa3676a474910a295044d804b9f6a30104fc8250da4efcfddc379c3a1b84a2050ee78b18ba84ec5cb4db62540ea7be026b48d2b9294f06aa48e44087dbc494d92fe3e8648792c2b9f5d0d580afac814f8fc74208239b5f8fa6c20fc75c9d73fbe448a4fd1eb1af10165c37e7aa72c83c47dbb92bf3203bc0bea3b3ae261636b9a6b621725aed16de5c33502f152ca3704b1e83a60cfc5807177d9e561b12f43c3ded0951c4ec7af0ab29f55e3745df0f10bedcdcee2d443c0023d7547018c94e2cbb04a5c67a81d33df4dda99f80777b1db00f91bf8abb96ca360353c08b8979d00860ee3af86988171d6739a0f546f64ec34c045afd1be790176228204782836484f6d118d734c8e1b302788aa20e704502da74cd11bc5a22bb717a1d10d5176a4426e88cc132479aa7e8370772b9776ea38d5bd217b08c50f94072acbdf93e732e6ce41f92159b626e59e39925b458465ec3b0191a56d8e1c3a76110200e38380ccfcc1a05f85608bc3ea0bdbbf326bfe003158c8c9e01e90a7ae164cc20de5b23146baa9786111", 0x2000, 0x0)
r3 = openat$sequencer(0xffffffffffffff9c, &(0x7f0000000040), 0x60042, 0x0)
write$binfmt_elf64(r3, &(0x7f0000000100)=ANY=[@ANYBLOB="7f454c460e02fab7ff7f00000000000002"], 0x78)
ioctl$SNDCTL_SEQ_SYNC(r3, 0x5101)

10m20.76274807s ago: executing program 1 (id=2361):
r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000240), 0x101000, 0x0)
openat$tun(0xffffffffffffff9c, &(0x7f0000000100), 0x400, 0x0)
r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0)
ioctl$KVM_CREATE_IRQCHIP(r1, 0xae60)
r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0)
ioctl$KVM_SET_USER_MEMORY_REGION(r1, 0x4020ae46, &(0x7f00000000c0)={0x1fd, 0x0, 0x0, 0x2000, &(0x7f0000000000/0x2000)=nil})
bpf$PROG_LOAD_XDP(0x5, &(0x7f0000000540)={0x3, 0x4, 0x0, 0x0, 0x0, 0x0, 0x0, 0x40f00, 0x0, '\x00', 0x0, 0xf}, 0x94)
ioctl$KVM_SET_REGS(r2, 0x4090ae82, &(0x7f0000000000)={[0x6e, 0x0, 0x0, 0x20, 0x13, 0x7, 0x106c, 0x5, 0x8000000000000, 0x80000004000080, 0x0, 0x6, 0x0, 0x4, 0x0, 0x8001], 0xeeee0000, 0x3c4210})
ioctl$KVM_RUN(r2, 0xae80, 0x0)

10m20.658816813s ago: executing program 1 (id=2362):
bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, 0x0, 0x0)
prctl$PR_SET_SECCOMP(0x16, 0x2, &(0x7f0000000180)={0x1, &(0x7f0000000040)=[{0x200000000006, 0x0, 0x0, 0x7ffc0002}]})
rseq(&(0x7f00000004c0), 0x20, 0x0, 0x0)
syz_clone(0x0, 0x0, 0x0, 0x0, 0x0, 0x0)
bpf$PROG_LOAD(0x5, 0x0, 0x0)
inotify_init()
finit_module(0xffffffffffffffff, 0x0, 0x7)
cachestat(0xffffffffffffffff, 0x0, &(0x7f0000000340), 0x0)
syz_io_uring_setup(0x49d, 0x0, 0x0, 0x0)

10m20.326954141s ago: executing program 1 (id=2363):
r0 = socket$netlink(0x10, 0x3, 0x10)
bind$netlink(r0, &(0x7f0000514ff4)={0x10, 0x0, 0x0, 0x2ffffffff}, 0xc)
r1 = socket$netlink(0x10, 0x3, 0x10)
r2 = getpid()
r3 = socket$nl_generic(0x10, 0x3, 0x10)
r4 = syz_genetlink_get_family_id$devlink(&(0x7f0000000140), 0xffffffffffffffff)
sendmsg$DEVLINK_CMD_RELOAD(r3, &(0x7f0000000100)={0x0, 0x0, &(0x7f00000000c0)={&(0x7f0000000080)={0x3c, r4, 0x1, 0x70bd27, 0x25dfdbfb, {}, [{@nsim={{0xe}, {0xf, 0x2, {'netdevsim', 0x0}}}, @DEVLINK_ATTR_NETNS_PID={0x8, 0x8b, r2}}]}, 0x3c}, 0x1, 0x0, 0x0, 0x4040010}, 0x30)
bind$netlink(r1, &(0x7f0000514ff4)={0x10, 0x0, 0x0, 0x2ffffffff}, 0xc)
setsockopt$sock_int(r1, 0x1, 0x8, &(0x7f0000000000), 0x4)

10m11.682091627s ago: executing program 34 (id=2316):
mknod$loop(&(0x7f0000000140)='./file0\x00', 0xfff, 0x1)
r0 = openat$fuse(0xffffffffffffff9c, &(0x7f00000001c0), 0x42, 0x0)
mount$fuse(0x0, &(0x7f00000020c0)='./file0\x00', &(0x7f0000002100), 0x80, &(0x7f0000002140)=ANY=[@ANYBLOB='fd=', @ANYRESHEX=r0, @ANYBLOB=',rootmode=000000000100000,user_id=', @ANYRESDEC=0x0, @ANYBLOB=',group_id=', @ANYRESDEC=0x0])
read$FUSE(r0, &(0x7f0000006300)={0x2020, 0x0, <r1=>0x0}, 0x2020)
write$FUSE_INIT(r0, &(0x7f0000000040)={0x50, 0x0, r1, {0x7, 0x1f, 0x0, 0x34014c40, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10}}, 0x50)
syz_fuse_handle_req(r0, &(0x7f00000021c0)="0000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000e00000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000800000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000060000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000dc4e00000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000400000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000ba045abcd5dfc67d00000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000081000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000230000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000050000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000a0000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000090000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000dc000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000008000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000209bfd66eea210560000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000020000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000003dc150f400000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000040000000000000000001d000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000030000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000f50000000000000000000000000000000000000000000000000000000000000000000000000000000000c6d90000000000001354c4b6000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000f8000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000001a00", 0x2000, &(0x7f00000062c0)={0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, &(0x7f0000000300)={0x20, 0x0, 0x0, {0x0, 0x1a}}, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0})
r2 = openat(0xffffffffffffff9c, &(0x7f0000000280)='./file0\x00', 0x80101, 0x101)
dup2(r2, r0)
fallocate(r0, 0x40, 0x886, 0x3)

10m5.170591993s ago: executing program 35 (id=2363):
r0 = socket$netlink(0x10, 0x3, 0x10)
bind$netlink(r0, &(0x7f0000514ff4)={0x10, 0x0, 0x0, 0x2ffffffff}, 0xc)
r1 = socket$netlink(0x10, 0x3, 0x10)
r2 = getpid()
r3 = socket$nl_generic(0x10, 0x3, 0x10)
r4 = syz_genetlink_get_family_id$devlink(&(0x7f0000000140), 0xffffffffffffffff)
sendmsg$DEVLINK_CMD_RELOAD(r3, &(0x7f0000000100)={0x0, 0x0, &(0x7f00000000c0)={&(0x7f0000000080)={0x3c, r4, 0x1, 0x70bd27, 0x25dfdbfb, {}, [{@nsim={{0xe}, {0xf, 0x2, {'netdevsim', 0x0}}}, @DEVLINK_ATTR_NETNS_PID={0x8, 0x8b, r2}}]}, 0x3c}, 0x1, 0x0, 0x0, 0x4040010}, 0x30)
bind$netlink(r1, &(0x7f0000514ff4)={0x10, 0x0, 0x0, 0x2ffffffff}, 0xc)
setsockopt$sock_int(r1, 0x1, 0x8, &(0x7f0000000000), 0x4)

6m56.490178527s ago: executing program 4 (id=2677):
socketpair$unix(0x1, 0x3, 0x0, &(0x7f0000000080)={<r0=>0xffffffffffffffff, <r1=>0xffffffffffffffff})
connect$unix(r0, &(0x7f000057eff8)=@abs, 0x6e)
sendmmsg$unix(r1, &(0x7f00000bd000), 0x318, 0x0)
recvmmsg(r0, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
r2 = socket$inet6(0xa, 0x3, 0xff)
r3 = socket$key(0xf, 0x3, 0x2)
sendmsg$key(r3, 0x0, 0x0)
syz_io_uring_setup(0x1e1e, 0x0, 0x0, 0x0)
connect$inet6(r2, &(0x7f0000000480)={0xa, 0xfffe, 0x3, @mcast1, 0x5}, 0x1c)
r4 = dup2(r2, r2)
r5 = socket(0x29, 0x1, 0x1)
r6 = socket$inet6_udp(0xa, 0x2, 0x0)
setsockopt$inet6_IPV6_FLOWLABEL_MGR(r6, 0x29, 0x20, &(0x7f0000000180)={@loopback, 0x8000000, 0x0, 0xff, 0x1}, 0x20)
futex(0x0, 0x5, 0x2, &(0x7f0000000100)={0x0, 0x3938700}, &(0x7f0000000140)=0x2, 0x1)
r7 = socket(0x2b, 0x1, 0x1)
bind$inet6(r7, &(0x7f0000000000)={0xa, 0x4e22, 0x0, @mcast1, 0xb}, 0x1c)
setsockopt$inet6_IPV6_FLOWLABEL_MGR(r5, 0x29, 0x20, &(0x7f0000000180)={@mcast1, 0x8000000, 0x0, 0xff, 0x0, 0x4}, 0x20)
sendmmsg$unix(r4, &(0x7f0000008380), 0x400000000000174, 0x4008890)
r8 = seccomp$SECCOMP_SET_MODE_FILTER_LISTENER(0x1, 0x0, 0x0)
openat$rfkill(0xffffffffffffff9c, &(0x7f0000000040), 0x801, 0x0)
close_range(r8, 0xffffffffffffffff, 0x0)

6m52.258649633s ago: executing program 4 (id=2682):
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000080)={0x0, 0xffffffffffffffff, 0x0, 0xffffffffffffffff}, 0x18)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0xa, 0x88}, 0x0)
sched_setscheduler(0x0, 0x1, &(0x7f0000000240)=0x7)
r0 = getpid()
sched_setscheduler(r0, 0x2, &(0x7f0000000200)=0x7)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={<r1=>0xffffffffffffffff, <r2=>0xffffffffffffffff})
connect$unix(r1, &(0x7f000057eff8)=@abs, 0x6e)
sendmmsg$unix(r2, &(0x7f0000000000), 0x651, 0x0)
recvmmsg(r1, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000000)=0x6)
socket$igmp(0x2, 0x3, 0x2)
r3 = socket$inet6_tcp(0xa, 0x1, 0x0)
bind$inet6(r3, &(0x7f0000000080)={0xa, 0x2, 0x200, @loopback, 0x6}, 0x1c)
setsockopt$inet6_tcp_int(r3, 0x6, 0x2000000000000022, &(0x7f0000000200)=0x1, 0x4)
sendto$inet6(r3, &(0x7f0000000300)="a6", 0x1, 0x20000045, &(0x7f0000000140)={0xa, 0x2, 0xffff, @loopback, 0x3}, 0x1c)

6m51.964660346s ago: executing program 5 (id=2683):
socketpair$unix(0x1, 0x3, 0x0, &(0x7f0000000080)={<r0=>0xffffffffffffffff, <r1=>0xffffffffffffffff})
connect$unix(r0, &(0x7f000057eff8)=@abs, 0x6e)
sendmmsg$unix(r1, &(0x7f000001b480)=[{{&(0x7f000001b080)=@abs={0x0, 0x0, 0x4e24}, 0x6e, &(0x7f000001b000)=[{&(0x7f000001b100)="b07006929d9be36dd3cb95455a4175b09d99e701c1972978cca0a85e8647b3d0720a28e631b71396a64f120e8ecf7276b16f9bb1d3b7a86458aa9fff72ea13d68f42cc30d441fe7bc06d18e6a8fc5741d39cbb4d80f1306cce68959eca594173a66efbde24dc8e847427a642ed1baf6d63dd45d278f124e3fa7c6d57fd5da47d388020e0495d3e62dccb685721a6eb0b5dc291be2c0b842cf591e4e9af84d5109369d2ae47fefd6a76fbd7c555949dddec4e76b83bb6a9f5d18c8e4299cf0ef0d39d67969e6f7b082bd617452fdfd78f5ca2d22726bada07dded6cd501dd533af4b7f1b3d192cfc0d05844427c6d4afb4d372012432b", 0xf6}], 0x1, &(0x7f000001b440)=[@cred={{0x1c}}, @cred={{0x1c, 0x1, 0x2, {0x0, 0x0, 0xffffffffffffffff}}}], 0x40, 0x64048084}}], 0x1, 0x0)
statx(0xffffffffffffffff, &(0x7f0000000000)='./file0\x00', 0x100, 0x80, &(0x7f00000000c0))
r2 = syz_init_net_socket$nfc_llcp(0x27, 0x2, 0x1)
r3 = openat$nci(0xffffffffffffff9c, &(0x7f0000000440), 0x2, 0x0)
ioctl$sock_SIOCGIFINDEX(0xffffffffffffffff, 0x8933, 0x0)
syz_io_uring_setup(0x6be5, 0x0, 0x0, 0x0)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x5, 0x8b}, 0x0)
sched_setscheduler(0x0, 0x1, &(0x7f0000000100)=0x2)
sched_setaffinity(0x0, 0x8, &(0x7f0000000200)=0x400000bce)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
r4 = syz_open_dev$MSR(&(0x7f00000001c0), 0x0, 0x0)
read$msr(r4, &(0x7f0000002000)=""/102400, 0x19000)
read$FUSE(0xffffffffffffffff, &(0x7f0000000040)={0x2020}, 0x2020)
ioctl$sock_SIOCGIFINDEX(0xffffffffffffffff, 0x8933, &(0x7f0000000000)={'veth0_to_team\x00'})
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000200)={&(0x7f00000004c0)='contention_begin\x00'}, 0x10)
r5 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000080)='blkio.bfq.io_service_bytes\x00', 0x26e1, 0x0)
close(r5)
ioctl$SNDCTL_SEQ_GETOUTCOUNT(0xffffffffffffffff, 0x80045104, &(0x7f0000000080))
r6 = syz_init_net_socket$ax25(0x3, 0x2, 0x1)
ioctl$SIOCAX25ADDUID(r6, 0x89e1, &(0x7f0000000080)={0x3, @remote={0xcc, 0xcc, 0xcc, 0xcc, 0xcc, 0xcc, 0x1}})
socketpair$unix(0x1, 0x5, 0x0, &(0x7f000001b200))
ioctl$SIOCSIFHWADDR(0xffffffffffffffff, 0x8b14, &(0x7f0000000000)={'wlan1\x00'})
msgrcv(0x0, 0x0, 0x0, 0x3, 0x3000)
socket$nl_netfilter(0x10, 0x3, 0xc)
bind$nfc_llcp(r2, &(0x7f0000001040)={0x27, 0x0, 0xffffffffffffffff, 0x5, 0x0, 0x0, "d92984bd1c8f4c226af5160e961711a077609475b78411e88509de050000000000f2170e45967c183585cd720000000000000000000200090000001900", 0x32}, 0x60)
close(r3)

6m51.737266427s ago: executing program 5 (id=2684):
r0 = socket$nl_xfrm(0x10, 0x3, 0x6)
sendmsg$nl_xfrm(r0, &(0x7f0000000300)={0x0, 0x0, &(0x7f00000002c0)={&(0x7f00000043c0)=@getae={0x40, 0x1f, 0x721, 0x70bd2c, 0x25dfdbfc, {{@in6=@initdev={0xfe, 0x88, '\x00', 0x0, 0x0}, 0x4d2, 0x6d78f0fb64676408, 0x3c}, @in6=@empty, 0x8, 0x3506}}, 0x40}}, 0x0)

6m50.842196607s ago: executing program 4 (id=2685):
r0 = socket(0x28, 0x5, 0x0)
setsockopt$sock_linger(r0, 0x1, 0xd, &(0x7f0000000140)={0x1, 0x9}, 0x8)

6m50.83823818s ago: executing program 5 (id=2686):
r0 = openat$fuse(0xffffffffffffff9c, &(0x7f0000000040), 0x2, 0x0)
preadv2(r0, &(0x7f0000003700)=[{&(0x7f0000002100)=""/216, 0xd8}], 0x1, 0x200, 0x7, 0x0)

6m50.775609352s ago: executing program 4 (id=2687):
syz_usb_connect(0x3, 0x24, &(0x7f00000001c0)={{0x12, 0x1, 0x300, 0xba, 0x7d, 0x66, 0x10, 0x3fd, 0xebbe, 0xb519, 0x1, 0x2, 0x3, 0x1, [{{0x9, 0x2, 0x12, 0x1, 0xdf, 0x56, 0x20, 0xa, [{{0x9, 0x4, 0xa, 0x9d, 0x0, 0xec, 0x30, 0x29, 0x1}}]}}]}}, &(0x7f0000000d00)={0x0, 0x0, 0x0, 0x0})

6m50.765382485s ago: executing program 5 (id=2688):
syz_init_net_socket$bt_l2cap(0x1f, 0x1, 0x3)
socket$nl_generic(0x10, 0x3, 0x10)
syz_genetlink_get_family_id$nl80211(&(0x7f0000000080), 0xffffffffffffffff)
r0 = socket$inet6_tcp(0xa, 0x1, 0x0)
setsockopt$inet6_tcp_int(r0, 0x6, 0x13, 0x0, 0x0)
mmap(&(0x7f0000000000/0xfbe000)=nil, 0xfbe000, 0x3000001, 0x31, 0xffffffffffffffff, 0x0)
remap_file_pages(&(0x7f00002ec000/0x200000)=nil, 0x200000, 0x0, 0x1, 0x0)
mmap(&(0x7f0000000000/0xfbe000)=nil, 0xfbe000, 0x2, 0x31, 0xffffffffffffffff, 0x0)
bpf$PROG_LOAD(0x5, 0x0, 0x0)
syz_open_dev$radio(&(0x7f0000000000), 0x0, 0x2)
arch_prctl$ARCH_MAP_VDSO_64(0x2003, 0x380000000000000)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
prlimit64(0x0, 0xe, &(0x7f0000000380)={0x8, 0x100008b}, 0x0)
sched_setscheduler(0x0, 0x1, &(0x7f0000000000)=0x7)
openat$sequencer(0xffffffffffffff9c, &(0x7f0000000300), 0x80200, 0x0)
r1 = syz_open_dev$sndmidi(&(0x7f00000004c0), 0x2, 0x141102)
writev(r1, &(0x7f0000000840)=[{&(0x7f00000002c0)="94", 0xf000}, {0x0}], 0x2)
r2 = syz_io_uring_setup(0x8d2, &(0x7f00000000c0)={0x0, 0x0, 0x3010, 0x1, 0x39d}, &(0x7f0000000040)=<r3=>0x0, &(0x7f0000000080)=<r4=>0x0)
syz_memcpy_off$IO_URING_METADATA_GENERIC(r3, 0x4, &(0x7f0000000180)=0xfffffffc, 0x0, 0x4)
r5 = socket$nl_generic(0x10, 0x3, 0x10)
sendmsg$nl_generic(r5, &(0x7f0000000040)={0x0, 0x0, &(0x7f0000000140)={&(0x7f0000000180)={0x14, 0x39, 0x301, 0x70bd29, 0xfffffffc, {0x9}}, 0x14}, 0x1, 0x0, 0x0, 0x24004097}, 0x0)
syz_io_uring_submit(r3, r4, &(0x7f0000000200)=@IORING_OP_WRITEV={0x2, 0x0, 0x0, @fd_index=0x4, 0x0, 0x0})
io_uring_enter(r2, 0x47ba, 0x3e80, 0x0, 0x0, 0x0)
sendmsg$ETHTOOL_MSG_COALESCE_SET(0xffffffffffffffff, 0x0, 0x0)
r6 = syz_init_net_socket$bt_l2cap(0x1f, 0x3, 0x3)
ioctl$FS_IOC_GETFSLABEL(r6, 0x400452c8, &(0x7f0000000100))

6m50.429737062s ago: executing program 5 (id=2689):
socketpair$unix(0x1, 0x3, 0x0, &(0x7f0000000080)={<r0=>0xffffffffffffffff, <r1=>0xffffffffffffffff})
connect$unix(r0, &(0x7f000057eff8)=@abs, 0x6e)
sendmmsg$unix(r1, &(0x7f00000bd000), 0x318, 0x0)
recvmmsg(r0, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
syz_genetlink_get_family_id$ethtool(0x0, 0xffffffffffffffff)
sched_setattr(0x0, &(0x7f00000000c0)={0x38, 0x5, 0x8, 0x8001, 0x0, 0x4, 0x3, 0xfffffe0000000001, 0xfa11, 0xffffffff}, 0x0)
sendmsg$nl_generic(0xffffffffffffffff, &(0x7f0000000040)={0x0, 0x0, 0x0}, 0x8004)
r2 = openat$sequencer2(0xffffffffffffff9c, &(0x7f0000000200), 0x400, 0x0)
ioctl$SNDCTL_SEQ_TESTMIDI(r2, 0x40045108, &(0x7f0000000280)=0x8000)
r3 = openat$vcsa(0xffffffffffffff9c, 0x0, 0x842, 0x0)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f00000001c0))
r4 = socket$nl_generic(0x10, 0x3, 0x10)
sendmsg$nl_generic(r4, 0x0, 0x4000)
ioctl$TIOCMSET(0xffffffffffffffff, 0x5418, 0x0)
openat$ttyS3(0xffffff9c, 0x0, 0x20040, 0x0)
write$RDMA_USER_CM_CMD_RESOLVE_IP(0xffffffffffffffff, &(0x7f0000000480)={0x3, 0x40, 0xfa00, {{0xa, 0xfffc, 0x0, @dev={0xfe, 0x80, '\x00', 0x11}, 0x5}, {0xa, 0x0, 0x0, @loopback}}}, 0x48)
socket$can_bcm(0x1d, 0x2, 0x2)
sendmsg$nl_route_sched(0xffffffffffffffff, &(0x7f0000000180)={0x0, 0x0, &(0x7f00000001c0)={0x0}, 0x1, 0x0, 0x0, 0x8041}, 0x40044)
syz_open_dev$dri(0x0, 0x1, 0x0)
ioctl$PPPIOCSPASS(r3, 0x40107447, 0x0)
r5 = openat$nullb(0xffffffffffffff9c, &(0x7f0000000100), 0x1c3902, 0x0)
sendfile(r5, r5, 0x0, 0x200000)
ioprio_set$uid(0x3, 0x0, 0x0)
open_by_handle_at(0xffffffffffffffff, &(0x7f0000000000)=@xfs_parent={0x1c, 0x82, {0x6, 0xf22651b, 0xa70, 0x1}}, 0x101040)

6m49.198348542s ago: executing program 4 (id=2690):
r0 = openat$sndseq(0xffffffffffffff9c, &(0x7f0000000000), 0x40140)
ioctl$SNDRV_SEQ_IOCTL_QUERY_NEXT_CLIENT(r0, 0xc0bc5351, &(0x7f00000001c0)={0x99d, 0x0, 'client0\x00', 0x4, "0c87b3e87f1122e7", "336ac9b0a7d990059dde7ca7edb851114777c70cb57782e6d17cf49668c7462d", 0x400, 0x1})

6m49.084796943s ago: executing program 4 (id=2691):
r0 = socket$netlink(0x10, 0x3, 0x0)
sendmsg$nl_route(r0, &(0x7f0000000140)={0x0, 0x0, &(0x7f0000000100)={&(0x7f0000000200)=@newlink={0x4c, 0x10, 0x503, 0x0, 0x0, {0x0, 0x0, 0x0, 0x0, 0x0, 0x20802}, [@IFLA_LINKINFO={0x2c, 0x12, 0x0, 0x1, @bond={{0x9}, {0x1c, 0x2, 0x0, 0x1, [@IFLA_BOND_MODE={0x5, 0x1, 0x5}, @IFLA_BOND_PRIMARY_RESELECT={0x5, 0xc, 0x2}, @IFLA_BOND_PRIMARY={0x8}]}}}]}, 0x4c}}, 0x0)

6m48.811851271s ago: executing program 5 (id=2692):
r0 = syz_usb_connect(0x0, 0x0, 0x0, 0x0)
syz_usb_control_io(r0, 0x0, 0x0)
socketpair$unix(0x1, 0x3, 0x0, &(0x7f0000000080)={<r1=>0xffffffffffffffff, <r2=>0xffffffffffffffff})
connect$unix(r1, &(0x7f000057eff8)=@abs={0x0, 0x0, 0x4e24}, 0x6e)
sendmmsg$unix(r2, &(0x7f00000bd000), 0x318, 0x0)
recvmmsg(r1, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
sched_setattr(0x0, &(0x7f0000000280)={0x38, 0x5, 0x8, 0x8001, 0x0, 0x9, 0x0, 0x6, 0xfa11, 0xffffffff}, 0x0)
r3 = socket$inet6(0xa, 0x3, 0x1)
connect$inet6(r3, &(0x7f00000000c0)={0xa, 0x0, 0x0, @loopback}, 0x1c)
setsockopt$inet6_IPV6_XFRM_POLICY(r3, 0x29, 0x23, &(0x7f0000000340)={{{@in6=@loopback, @in6=@ipv4={'\x00', '\xff\xff', @initdev={0xac, 0x1e, 0x1, 0x0}}, 0x4e23, 0xfffc, 0x4e23, 0x3, 0xa, 0x80, 0x30}, {0x100000000, 0x2, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff, 0x6, 0x8, 0x800000000001}, {0x9, 0xfffffffffffffffe, 0x0, 0x9}, 0xd6, 0x0, 0x1, 0x0, 0x0, 0x1}, {{@in6=@private1={0xfc, 0x1, '\x00', 0x1}, 0x210000, 0x33}, 0x0, @in6=@private2={0xfc, 0x2, '\x00', 0x1}, 0x0, 0x0, 0x0, 0x7, 0x0, 0x0, 0xfffffffb}}, 0xe8)
sendmmsg(r3, &(0x7f0000000480), 0x2e9, 0xffe0)
r4 = ioctl$KVM_CREATE_VM(0xffffffffffffffff, 0xae01, 0x0)
r5 = eventfd(0x1)
ioctl$KVM_IOEVENTFD(r4, 0x4040ae79, &(0x7f00000002c0)={0x0, 0x0, 0x4, r5, 0xb})
r6 = ioctl$KVM_CREATE_VCPU(0xffffffffffffffff, 0xae41, 0x1)
openat$kvm(0xffffffffffffff9c, 0x0, 0x8400, 0x0)
fsconfig$FSCONFIG_SET_PATH(0xffffffffffffffff, 0x3, &(0x7f0000000080)='/pro\x0e/bus/inpu\f\x00\x00\x00\x00\x00\x00\x00rs\x00', 0x0, 0xffffffffffffffff)
ioctl$KVM_SET_USER_MEMORY_REGION(r4, 0x4020ae46, &(0x7f0000000180)={0x0, 0x0, 0x0, 0x2000, &(0x7f0000000000/0x2000)=nil})
syz_kvm_setup_cpu$x86(0xffffffffffffffff, r6, &(0x7f0000003000/0x18000)=nil, &(0x7f0000000300)=[@text32={0x20, 0x0}], 0x1, 0x0, 0x0, 0x0)
timer_create(0x2, 0x0, 0x0)
ioctl$KVM_RUN(r6, 0xae80, 0x0)
socket$nl_netfilter(0x10, 0x3, 0xc)
r7 = socket$netlink(0x10, 0x3, 0x0)
socketpair$unix(0x1, 0x5, 0x0, &(0x7f00000000c0)={0xffffffffffffffff, <r8=>0xffffffffffffffff})
r9 = dup(r8)
getsockname$packet(r9, &(0x7f00000000c0)={0x11, 0x0, <r10=>0x0, 0x1, 0x0, 0x6, @random}, &(0x7f0000000140)=0x14)
sendmsg$nl_route(r7, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000000040)={&(0x7f0000000500)=@newlink={0x154, 0x10, 0x801, 0x0, 0x0, {0x0, 0x0, 0x0, r10, 0xb}, [@IFLA_AF_SPEC={0x134, 0x1a, 0x0, 0x1, [@AF_INET6={0x18, 0xa, 0x0, 0x1, [@IFLA_INET6_TOKEN={0x14, 0x7, @local}]}, @AF_INET={0x30, 0x2, 0x0, 0x1, {0x2c, 0x1, 0x0, 0x1, [{0x8}, {0x8}, {0x8}, {0x8}, {0x8}]}}, @AF_INET={0x18, 0x2, 0x0, 0x1, {0x14, 0x1, 0x0, 0x1, [{0x8, 0xd}, {0x8, 0x0, 0x0, 0x0, 0x38}]}}, @AF_INET6={0x2c, 0xa, 0x0, 0x1, [@IFLA_INET6_TOKEN={0x14, 0x7, @mcast2}, @IFLA_INET6_TOKEN={0x14, 0x7, @dev}]}, @AF_INET={0x28, 0x2, 0x0, 0x1, {0x24, 0x1, 0x0, 0x1, [{0x8}, {0x8}, {0x8}, {0x8}]}}, @AF_MPLS={0x4}, @AF_INET6={0x74, 0xa, 0x0, 0x1, [@IFLA_INET6_ADDR_GEN_MODE={0x5}, @IFLA_INET6_ADDR_GEN_MODE={0x5}, @IFLA_INET6_TOKEN={0x14, 0x7, @dev}, @IFLA_INET6_TOKEN={0x14, 0x7, @mcast2}, @IFLA_INET6_TOKEN={0x14, 0x7, @rand_addr=' \x01\x00'}, @IFLA_INET6_TOKEN={0x14, 0x7, @dev}, @IFLA_INET6_ADDR_GEN_MODE={0x5}, @IFLA_INET6_ADDR_GEN_MODE={0x5}]}, @AF_MPLS={0x4}]}]}, 0x154}}, 0x0)

6m33.878741287s ago: executing program 36 (id=2691):
r0 = socket$netlink(0x10, 0x3, 0x0)
sendmsg$nl_route(r0, &(0x7f0000000140)={0x0, 0x0, &(0x7f0000000100)={&(0x7f0000000200)=@newlink={0x4c, 0x10, 0x503, 0x0, 0x0, {0x0, 0x0, 0x0, 0x0, 0x0, 0x20802}, [@IFLA_LINKINFO={0x2c, 0x12, 0x0, 0x1, @bond={{0x9}, {0x1c, 0x2, 0x0, 0x1, [@IFLA_BOND_MODE={0x5, 0x1, 0x5}, @IFLA_BOND_PRIMARY_RESELECT={0x5, 0xc, 0x2}, @IFLA_BOND_PRIMARY={0x8}]}}}]}, 0x4c}}, 0x0)

6m32.916279068s ago: executing program 37 (id=2692):
r0 = syz_usb_connect(0x0, 0x0, 0x0, 0x0)
syz_usb_control_io(r0, 0x0, 0x0)
socketpair$unix(0x1, 0x3, 0x0, &(0x7f0000000080)={<r1=>0xffffffffffffffff, <r2=>0xffffffffffffffff})
connect$unix(r1, &(0x7f000057eff8)=@abs={0x0, 0x0, 0x4e24}, 0x6e)
sendmmsg$unix(r2, &(0x7f00000bd000), 0x318, 0x0)
recvmmsg(r1, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
sched_setattr(0x0, &(0x7f0000000280)={0x38, 0x5, 0x8, 0x8001, 0x0, 0x9, 0x0, 0x6, 0xfa11, 0xffffffff}, 0x0)
r3 = socket$inet6(0xa, 0x3, 0x1)
connect$inet6(r3, &(0x7f00000000c0)={0xa, 0x0, 0x0, @loopback}, 0x1c)
setsockopt$inet6_IPV6_XFRM_POLICY(r3, 0x29, 0x23, &(0x7f0000000340)={{{@in6=@loopback, @in6=@ipv4={'\x00', '\xff\xff', @initdev={0xac, 0x1e, 0x1, 0x0}}, 0x4e23, 0xfffc, 0x4e23, 0x3, 0xa, 0x80, 0x30}, {0x100000000, 0x2, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff, 0x6, 0x8, 0x800000000001}, {0x9, 0xfffffffffffffffe, 0x0, 0x9}, 0xd6, 0x0, 0x1, 0x0, 0x0, 0x1}, {{@in6=@private1={0xfc, 0x1, '\x00', 0x1}, 0x210000, 0x33}, 0x0, @in6=@private2={0xfc, 0x2, '\x00', 0x1}, 0x0, 0x0, 0x0, 0x7, 0x0, 0x0, 0xfffffffb}}, 0xe8)
sendmmsg(r3, &(0x7f0000000480), 0x2e9, 0xffe0)
r4 = ioctl$KVM_CREATE_VM(0xffffffffffffffff, 0xae01, 0x0)
r5 = eventfd(0x1)
ioctl$KVM_IOEVENTFD(r4, 0x4040ae79, &(0x7f00000002c0)={0x0, 0x0, 0x4, r5, 0xb})
r6 = ioctl$KVM_CREATE_VCPU(0xffffffffffffffff, 0xae41, 0x1)
openat$kvm(0xffffffffffffff9c, 0x0, 0x8400, 0x0)
fsconfig$FSCONFIG_SET_PATH(0xffffffffffffffff, 0x3, &(0x7f0000000080)='/pro\x0e/bus/inpu\f\x00\x00\x00\x00\x00\x00\x00rs\x00', 0x0, 0xffffffffffffffff)
ioctl$KVM_SET_USER_MEMORY_REGION(r4, 0x4020ae46, &(0x7f0000000180)={0x0, 0x0, 0x0, 0x2000, &(0x7f0000000000/0x2000)=nil})
syz_kvm_setup_cpu$x86(0xffffffffffffffff, r6, &(0x7f0000003000/0x18000)=nil, &(0x7f0000000300)=[@text32={0x20, 0x0}], 0x1, 0x0, 0x0, 0x0)
timer_create(0x2, 0x0, 0x0)
ioctl$KVM_RUN(r6, 0xae80, 0x0)
socket$nl_netfilter(0x10, 0x3, 0xc)
r7 = socket$netlink(0x10, 0x3, 0x0)
socketpair$unix(0x1, 0x5, 0x0, &(0x7f00000000c0)={0xffffffffffffffff, <r8=>0xffffffffffffffff})
r9 = dup(r8)
getsockname$packet(r9, &(0x7f00000000c0)={0x11, 0x0, <r10=>0x0, 0x1, 0x0, 0x6, @random}, &(0x7f0000000140)=0x14)
sendmsg$nl_route(r7, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000000040)={&(0x7f0000000500)=@newlink={0x154, 0x10, 0x801, 0x0, 0x0, {0x0, 0x0, 0x0, r10, 0xb}, [@IFLA_AF_SPEC={0x134, 0x1a, 0x0, 0x1, [@AF_INET6={0x18, 0xa, 0x0, 0x1, [@IFLA_INET6_TOKEN={0x14, 0x7, @local}]}, @AF_INET={0x30, 0x2, 0x0, 0x1, {0x2c, 0x1, 0x0, 0x1, [{0x8}, {0x8}, {0x8}, {0x8}, {0x8}]}}, @AF_INET={0x18, 0x2, 0x0, 0x1, {0x14, 0x1, 0x0, 0x1, [{0x8, 0xd}, {0x8, 0x0, 0x0, 0x0, 0x38}]}}, @AF_INET6={0x2c, 0xa, 0x0, 0x1, [@IFLA_INET6_TOKEN={0x14, 0x7, @mcast2}, @IFLA_INET6_TOKEN={0x14, 0x7, @dev}]}, @AF_INET={0x28, 0x2, 0x0, 0x1, {0x24, 0x1, 0x0, 0x1, [{0x8}, {0x8}, {0x8}, {0x8}]}}, @AF_MPLS={0x4}, @AF_INET6={0x74, 0xa, 0x0, 0x1, [@IFLA_INET6_ADDR_GEN_MODE={0x5}, @IFLA_INET6_ADDR_GEN_MODE={0x5}, @IFLA_INET6_TOKEN={0x14, 0x7, @dev}, @IFLA_INET6_TOKEN={0x14, 0x7, @mcast2}, @IFLA_INET6_TOKEN={0x14, 0x7, @rand_addr=' \x01\x00'}, @IFLA_INET6_TOKEN={0x14, 0x7, @dev}, @IFLA_INET6_ADDR_GEN_MODE={0x5}, @IFLA_INET6_ADDR_GEN_MODE={0x5}]}, @AF_MPLS={0x4}]}]}, 0x154}}, 0x0)

4m18.179309266s ago: executing program 2 (id=3252):
r0 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f00000000c0)='cpuset.effective_mems\x00', 0x275a, 0x0)
fcntl$lock(r0, 0x6, &(0x7f0000000140)={0x1, 0x1, 0x0, 0x8000000000000})
fcntl$lock(r0, 0x7, &(0x7f0000000100)={0x0, 0x1, 0x2, 0xc1b0})
fcntl$lock(r0, 0x7, &(0x7f0000000180)={0x1, 0x2, 0x2, 0xdc0})

4m18.031047879s ago: executing program 2 (id=3254):
socket$inet6_icmp_raw(0xa, 0x3, 0x3a)
r0 = socket$netlink(0x10, 0x3, 0x4)
writev(r0, &(0x7f0000000300)=[{&(0x7f0000000000)="580000001400192340834b80040d8c560aff820fffff5bab003a0000002058000b4824ca945f6400940f6a0325010ebc000000000000008000f0fffeffe809005300fff5dd00000010000100040c100000000000224e0000", 0x58}], 0x1)
syz_genetlink_get_family_id$tipc2(&(0x7f000000b500), r0)

4m17.863295679s ago: executing program 2 (id=3258):
r0 = socket(0x10, 0x3, 0x6)
r1 = socket(0x10, 0x3, 0x0)
ioctl$ifreq_SIOCGIFINDEX_team(r0, 0x8933, &(0x7f0000000040)={'team0\x00', <r2=>0x0})
sendmsg$nl_route_sched(r1, &(0x7f0000000200)={0x0, 0x0, &(0x7f0000000000)={&(0x7f00000004c0)=@newqdisc={0x90, 0x24, 0xf0b, 0x20, 0x0, {0x0, 0x0, 0x0, r2, {}, {0xffff, 0xffff}}, [@qdisc_kind_options=@q_mqprio={{0xb}, {0x60, 0x2, {{0x2, [0x0, 0x0, 0x1], 0x0, [0x4, 0x2, 0xfffe, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3dc], [0x0, 0x4]}, [@TCA_MQPRIO_SHAPER={0x2, 0x2, 0x1}]}}}]}, 0x90}}, 0x20000000)

4m17.617877359s ago: executing program 2 (id=3262):
r0 = syz_open_procfs(0x0, &(0x7f0000000540)='mounts\x00')
r1 = epoll_create1(0x80000)
epoll_ctl$EPOLL_CTL_ADD(r1, 0x1, r0, &(0x7f0000000040)={0xc0002009})
epoll_pwait(r1, &(0x7f0000000540)=[{}], 0x1, 0x404000a, 0x0, 0x0)

4m17.379909794s ago: executing program 2 (id=3266):
r0 = openat$tun(0xffffffffffffff9c, &(0x7f0000000000), 0xc0100, 0x0)
ioctl$TUNSETIFF(r0, 0x400454ca, &(0x7f0000000200)={'\x00', 0x2})
ioctl$TUNSETDEBUG(r0, 0x400454c9, 0xffffffffffffffff)
ioctl$TUNSETPERSIST(r0, 0x400454ce, 0x0)

4m16.926210124s ago: executing program 2 (id=3274):
r0 = socket$nl_netfilter(0x10, 0x3, 0xc)
sendmsg$IPSET_CMD_CREATE(r0, &(0x7f0000000040)={0x0, 0x0, &(0x7f0000001140)={&(0x7f00000007c0)=ANY=[@ANYBLOB="5800000002060108000000bca3000000000000400500010006000000050005000200000005000400000000000900020073797a31000000000c000780080012400000000211000300686173683a69702c6d61726b"], 0x58}}, 0x0)
r1 = socket$nl_netfilter(0x10, 0x3, 0xc)
sendmsg$IPSET_CMD_ADD(r1, &(0x7f00000003c0)={0x0, 0x0, &(0x7f0000000080)={&(0x7f0000000180)=ANY=[@ANYBLOB="480000000906010200000000000000000200ffff200007800c00018008000140a2fd4ebc08000a400000000205000300020000000900020073797a31000000000500010007"], 0x48}, 0x1, 0x0, 0x0, 0x800}, 0x40c0080)

4m1.569829117s ago: executing program 38 (id=3274):
r0 = socket$nl_netfilter(0x10, 0x3, 0xc)
sendmsg$IPSET_CMD_CREATE(r0, &(0x7f0000000040)={0x0, 0x0, &(0x7f0000001140)={&(0x7f00000007c0)=ANY=[@ANYBLOB="5800000002060108000000bca3000000000000400500010006000000050005000200000005000400000000000900020073797a31000000000c000780080012400000000211000300686173683a69702c6d61726b"], 0x58}}, 0x0)
r1 = socket$nl_netfilter(0x10, 0x3, 0xc)
sendmsg$IPSET_CMD_ADD(r1, &(0x7f00000003c0)={0x0, 0x0, &(0x7f0000000080)={&(0x7f0000000180)=ANY=[@ANYBLOB="480000000906010200000000000000000200ffff200007800c00018008000140a2fd4ebc08000a400000000205000300020000000900020073797a31000000000500010007"], 0x48}, 0x1, 0x0, 0x0, 0x800}, 0x40c0080)

1m11.907480079s ago: executing program 7 (id=5213):
bpf$PROG_LOAD(0x5, &(0x7f0000000180)={0x11, 0xf, &(0x7f0000000340)=ANY=[@ANYRES32, @ANYBLOB="0000000000000000b702000014000800b703000000000000850000008300"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0)
r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0)
pwritev(0xffffffffffffffff, &(0x7f0000000480)=[{0x0}, {0x0}, {0x0}, {0x0}, {&(0x7f0000000680)}], 0x5, 0x4, 0x5)
ioctl$KVM_CREATE_IRQCHIP(r1, 0xae60)
r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0)
syz_kvm_setup_cpu$x86(0xffffffffffffffff, r2, &(0x7f0000fe8000/0x18000)=nil, &(0x7f0000000100)=[@text64={0x40, &(0x7f0000000200)="f7790066baa00066b86b4266ef66ba420066b8e20066ef0f29902cbb0000c4e2b1ba8c88d9000000666666440f38826b410f7842280f07b8010000000f01d9c4033921820f47a753fd", 0x49}], 0x1, 0x43, 0x0, 0x0)
sendmsg$netlink(0xffffffffffffffff, &(0x7f0000002dc0)={0x0, 0x0, &(0x7f0000002d00)=[{&(0x7f0000000400)={0x64, 0x3c, 0x1, 0x70bd2a, 0x25dfdbfe, "", [@typed={0x14, 0x9e, 0x0, 0x0, @ipv6=@mcast1}, @nested={0x3e, 0x18, 0x0, 0x1, [@typed={0x8, 0x10a7, 0x0, 0x0, @u32}, @generic="7f95ef8e7b21620430343227c49290dc0a3ce7c8b8caecd18d384720b21db28301acbdb487dd5e03f9d8b6406a6de911d97c"]}]}, 0x64}], 0x1, 0x0, 0x0, 0x4000}, 0x0)
ioctl$KVM_SET_VCPU_EVENTS(r2, 0x4400ae8f, &(0x7f0000000140)=@x86={0x40, 0x1, 0xc, 0x0, 0x0, 0x0, 0x10, 0x0, 0x0, 0x80, 0x9, 0x0, 0x0, 0x0, 0xfffffff8, 0x0, 0xff, 0xff})
ioctl$KVM_RUN(r2, 0xae80, 0x0)

1m11.449232908s ago: executing program 7 (id=5219):
creat(0x0, 0x0)
socket$qrtr(0x2a, 0x2, 0x0)
socketpair$unix(0x1, 0x3, 0x0, &(0x7f0000000080)={<r0=>0xffffffffffffffff, <r1=>0xffffffffffffffff})
connect$unix(r0, &(0x7f000057eff8)=@abs, 0x6e)
sendmmsg$unix(r1, &(0x7f00000bd000), 0x318, 0x0)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
r2 = syz_io_uring_setup(0xbd9, &(0x7f0000000640)={0x0, 0xe826, 0x800, 0x1, 0x3c3}, &(0x7f0000000dc0)=<r3=>0x0, &(0x7f0000000000)=<r4=>0x0)
syz_memcpy_off$IO_URING_METADATA_GENERIC(r3, 0x4, &(0x7f0000000180)=0xfffffffc, 0x0, 0x4)
syz_io_uring_submit(r3, r4, &(0x7f0000000200)=@IORING_OP_READV=@pass_iovec={0x1, 0x0, 0x0, @fd_index=0x4, 0x0, &(0x7f0000000600)=[{&(0x7f0000001800)=""/216, 0xd8}], 0x1})
io_uring_enter(r2, 0x847ba, 0x0, 0xe, 0x0, 0x0)

1m10.292677805s ago: executing program 7 (id=5227):
r0 = socket$xdp(0x2c, 0x3, 0x0)
setsockopt$XDP_UMEM_REG(r0, 0x11b, 0x4, &(0x7f00000000c0)={&(0x7f0000000000)=""/69, 0x328000, 0x1000}, 0x1c)
setsockopt$XDP_UMEM_COMPLETION_RING(r0, 0x11b, 0x6, &(0x7f0000000080)=0x1, 0x4)
r1 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000300)={0x11, 0x5, &(0x7f00000002c0)=ANY=[@ANYBLOB="1805000000000000000000004b64ffec850000007d000000850000000700000095"], &(0x7f0000000080)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x2}, 0x80)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000540)={0x0, r1}, 0x18)
r2 = socket$inet6_udplite(0xa, 0x2, 0x88)
setsockopt$XDP_UMEM_FILL_RING(r0, 0x11b, 0x5, &(0x7f0000000340)=0x8000, 0x4)
ioctl$ifreq_SIOCGIFINDEX_batadv_hard(r2, 0x8933, &(0x7f0000000200)={'batadv_slave_1\x00', <r3=>0x0})
setsockopt$XDP_TX_RING(r0, 0x11b, 0x3, &(0x7f0000001780)=0x100000, 0x4)
bind$xdp(r0, &(0x7f0000000100)={0x2c, 0x0, r3}, 0x10)
setsockopt$XDP_UMEM_REG(r0, 0x11b, 0x4, &(0x7f0000000280)={0x0, 0x200000, 0x1800, 0x7, 0x1}, 0x20)

1m8.750201654s ago: executing program 7 (id=5235):
mknod$loop(&(0x7f0000000140)='./file0\x00', 0xfff, 0x1)
r0 = openat$fuse(0xffffffffffffff9c, &(0x7f00000001c0), 0x42, 0x0)
mount$fuse(0x0, &(0x7f00000020c0)='./file0\x00', &(0x7f0000002100), 0x0, &(0x7f0000002140)=ANY=[@ANYBLOB='fd=', @ANYRESHEX=r0, @ANYBLOB=',rootmode=000000000100000,user_id=', @ANYRESDEC=0x0, @ANYBLOB=',group_id=', @ANYRESDEC=0x0])
read$FUSE(r0, &(0x7f0000006300)={0x2020, 0x0, <r1=>0x0}, 0x2020)
write$FUSE_INIT(r0, &(0x7f0000000040)={0x50, 0x0, r1, {0x7, 0x1f, 0x20000000, 0x4041}}, 0x50)
syz_fuse_handle_req(r0, &(0x7f00000021c0)="0000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000300000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000e00000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000800000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000dc4e00000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000400000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000ba045abcd5dfc67d00000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000081000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000230000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000050000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000a0000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000090000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000dc000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000008000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000209bfd66eea210560000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000020000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000003dc150f4000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000400000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000030000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000f50000000000000000000000000000000000000000000000000000000000000000000000000000000000c6d90000000000001354c4b6000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000f8000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000001a00", 0x2000, &(0x7f00000062c0)={0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, &(0x7f0000000300)={0x20}, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0})
r2 = openat(0xffffffffffffff9c, &(0x7f000000c380)='./file0\x00', 0x80101, 0x0)
r3 = syz_open_dev$loop(&(0x7f0000000000), 0x4, 0x2080)
ioctl$LOOP_SET_FD(r3, 0x4c00, r2)
ioctl$LOOP_SET_FD(r3, 0x4c00, r3)
dup2(r2, r0)

1m8.413178025s ago: executing program 7 (id=5240):
r0 = bpf$MAP_CREATE(0x0, &(0x7f0000000640)=ANY=[@ANYBLOB="16000000000000000400000001"], 0x48)
bpf$PROG_LOAD_XDP(0x5, &(0x7f0000000b40)={0x3, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32=r0, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000000000000b704000000000000850000005700000095"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x9}, 0x94)
bpf$PROG_LOAD_XDP(0x5, &(0x7f0000000a40)={0x3, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000008000000000000000000018110000", @ANYRES32=r0, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b7040000000000008500000058"], 0x0}, 0x90)
r1 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000000)={&(0x7f0000000100)='kmem_cache_free\x00', r1}, 0x10)
r2 = socket(0x11, 0x3, 0x0)
r3 = socket$nl_generic(0x10, 0x3, 0x10)
ioctl$sock_SIOCGIFINDEX(r3, 0x8933, &(0x7f00000005c0)={'gre0\x00', <r4=>0x0})
bind$packet(r2, &(0x7f00000001c0)={0x11, 0x0, r4, 0x1, 0x0, 0x6, @dev={'\xaa\xaa\xaa\xaa\xaa', 0x2e}}, 0x14)
setsockopt$packet_int(r2, 0x107, 0xf, &(0x7f0000000240)=0xe9, 0x4)
sendmsg$netlink(r2, &(0x7f0000002ac0)={0x0, 0x0, &(0x7f0000000000)=[{&(0x7f0000000600)=ANY=[@ANYBLOB="020114"], 0xdd12}], 0x1, 0x0, 0x0, 0x4000007}, 0x4000)

1m5.976601559s ago: executing program 7 (id=5269):
creat(&(0x7f00000002c0)='./file0\x00', 0x0)
r0 = open$dir(&(0x7f0000000080)='./file0\x00', 0x0, 0x0)
r1 = creat(&(0x7f00000002c0)='./file0\x00', 0x0)
r2 = open$dir(&(0x7f0000000080)='./file0\x00', 0xc402, 0x0)
mmap$xdp(&(0x7f0000ffc000/0x4000)=nil, 0x4000, 0x0, 0x12, r2, 0x0)
r3 = bpf$PROG_LOAD(0x5, &(0x7f0000003bc0)={0x2, 0x4, &(0x7f0000000200)=ANY=[@ANYBLOB="180000000300000000000000fe020010850000000700000095"], &(0x7f0000000000)='GPL\x00', 0x0, 0x0, 0x0, 0x100, 0x70, '\x00', 0x0, @fallback=0x30, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x100000}, 0x94)
write$P9_RVERSION(r1, &(0x7f0000000c40)=ANY=[], 0x13)
bpf$BPF_LINK_CREATE_XDP(0x1c, &(0x7f00000003c0)={r3, 0x0, 0x30, 0x0, @val=@uprobe_multi={&(0x7f0000000280)='./file0\x00', &(0x7f0000000300)=[0x5], 0x0, 0x0, 0x1, 0x1}}, 0x3c)
creat(&(0x7f0000000040)='./file0\x00', 0x120)
mmap$xdp(&(0x7f0000ffd000/0x1000)=nil, 0x1000, 0x2000006, 0x12, r0, 0x80000000000000)

1m5.617014525s ago: executing program 39 (id=5269):
creat(&(0x7f00000002c0)='./file0\x00', 0x0)
r0 = open$dir(&(0x7f0000000080)='./file0\x00', 0x0, 0x0)
r1 = creat(&(0x7f00000002c0)='./file0\x00', 0x0)
r2 = open$dir(&(0x7f0000000080)='./file0\x00', 0xc402, 0x0)
mmap$xdp(&(0x7f0000ffc000/0x4000)=nil, 0x4000, 0x0, 0x12, r2, 0x0)
r3 = bpf$PROG_LOAD(0x5, &(0x7f0000003bc0)={0x2, 0x4, &(0x7f0000000200)=ANY=[@ANYBLOB="180000000300000000000000fe020010850000000700000095"], &(0x7f0000000000)='GPL\x00', 0x0, 0x0, 0x0, 0x100, 0x70, '\x00', 0x0, @fallback=0x30, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x100000}, 0x94)
write$P9_RVERSION(r1, &(0x7f0000000c40)=ANY=[], 0x13)
bpf$BPF_LINK_CREATE_XDP(0x1c, &(0x7f00000003c0)={r3, 0x0, 0x30, 0x0, @val=@uprobe_multi={&(0x7f0000000280)='./file0\x00', &(0x7f0000000300)=[0x5], 0x0, 0x0, 0x1, 0x1}}, 0x3c)
creat(&(0x7f0000000040)='./file0\x00', 0x120)
mmap$xdp(&(0x7f0000ffd000/0x1000)=nil, 0x1000, 0x2000006, 0x12, r0, 0x80000000000000)

49.25026315s ago: executing program 3 (id=5372):
bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, 0x0, 0x0)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0xa, 0x88}, 0x0)
sched_setscheduler(0x0, 0x1, &(0x7f0000000240)=0x7)
r0 = getpid()
sched_setscheduler(r0, 0x2, &(0x7f0000000200)=0x7)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={<r1=>0xffffffffffffffff, <r2=>0xffffffffffffffff})
connect$unix(r1, &(0x7f0000000340)=@abs={0x0, 0x0, 0x4e24}, 0x6e)
sendmmsg$unix(r2, &(0x7f0000000000), 0x651, 0x0)
recvmmsg(r1, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000000)=0x6)
r3 = openat$iommufd(0xffffffffffffff9c, &(0x7f0000000080), 0x20000, 0x0)
ioctl$IOMMU_IOAS_MAP$PAGES(r3, 0x3b85, &(0x7f0000000040)={0x28, 0x4, 0x0, 0x0, &(0x7f0000ff8000/0x1000)=nil, 0x1000})

47.474110191s ago: executing program 3 (id=5375):
r0 = syz_usb_connect(0x0, 0x1cb, &(0x7f0000000000)=ANY=[@ANYBLOB="12010000122f0d4071040403dfe4000000010902b901010000003f0904"], 0x0)
syz_usb_control_io(r0, 0x0, 0x0)
syz_usb_control_io$cdc_ncm(r0, 0x0, 0x0)
syz_usb_control_io$uac1(r0, 0x0, 0x0)
syz_usb_control_io$sierra_net(r0, 0x0, 0x0)
syz_usb_control_io$uac1(r0, 0x0, 0x0)
syz_usb_control_io$cdc_ecm(r0, 0x0, 0x0)
syz_usb_control_io$cdc_ncm(r0, 0x0, 0x0)
syz_usb_control_io$rtl8150(r0, 0x0, 0x0)
syz_usb_control_io$sierra_net(r0, 0x0, 0x0)
syz_usb_control_io$cdc_ecm(r0, 0x0, 0x0)
syz_usb_control_io$hid(r0, 0x0, 0x0)
syz_usb_control_io$lan78xx(r0, 0x0, &(0x7f0000000400)={0x34, &(0x7f0000000200)={0x40, 0xc}, 0x0, 0x0, 0x0, 0x0, 0x0})

40.913978408s ago: executing program 3 (id=5395):
bpf$PROG_LOAD(0x5, &(0x7f0000000680)={0x11, 0xc, &(0x7f0000000480)=ANY=[], &(0x7f0000001480)='GPL\x00', 0x0, 0x0, 0x0, 0x41000, 0x0, '\x00', 0x0, @fallback=0x2b, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
sendmsg$nl_route_sched(0xffffffffffffffff, &(0x7f0000000300)={0x0, 0x0, &(0x7f00000002c0)={0x0}}, 0x0)
r0 = socket$kcm(0x21, 0x2, 0x2)
r1 = syz_init_net_socket$bt_hci(0x1f, 0x3, 0x1)
bind$bt_hci(r1, &(0x7f0000000080)={0x1f, 0xffff, 0x3}, 0x6)
write(0xffffffffffffffff, 0x0, 0x0)
write(r1, &(0x7f0000000000)="0a000000010001", 0x7)
ioctl$sock_SIOCGIFINDEX(0xffffffffffffffff, 0x8933, 0x0)
bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000140)={0x9, 0x0, 0x0, &(0x7f00000000c0)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0xd}, 0x94)
ioctl$sock_SIOCGIFINDEX_80211(r0, 0x8933, &(0x7f0000000040)={'wlan1\x00'})
r2 = syz_init_net_socket$bt_hci(0x1f, 0x3, 0x1)
bpf$PROG_LOAD(0x5, &(0x7f0000001440)={0x1e, 0x3, &(0x7f0000000140)=ANY=[@ANYBLOB="85000000c4000000040000000000000095"], &(0x7f0000000000)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @sk_lookup=0x24, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xd1}, 0x94)
ioctl$HCIINQUIRY(r2, 0x400448ca, 0x0)

39.186259222s ago: executing program 3 (id=5408):
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x100}, 0x0)
sched_setscheduler(0x0, 0x1, &(0x7f0000000240)=0x7)
r0 = getpid()
sched_setscheduler(r0, 0x2, &(0x7f0000000200)=0x7)
fanotify_mark(0xffffffffffffffff, 0x1, 0x18, 0xffffffffffffffff, 0x0)
openat(0xffffffffffffff9c, &(0x7f0000000440)='./file1\x00', 0x42, 0x0)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={<r1=>0xffffffffffffffff, <r2=>0xffffffffffffffff})
connect$unix(r1, &(0x7f000057eff8)=@abs={0x0, 0x0, 0x4e22}, 0x6e)
sendmmsg$unix(r2, &(0x7f0000000000), 0x651, 0x0)
recvmmsg(r1, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000000)=0x6)
r3 = socket$nl_netfilter(0x10, 0x3, 0xc)
sendmsg$NFNL_MSG_ACCT_NEW(r3, &(0x7f0000000100)={0x0, 0x0, &(0x7f00000000c0)={&(0x7f0000000500)={0x34, 0x0, 0x7, 0x201, 0x0, 0x0, {0x0, 0x0, 0x1}, [@NFACCT_NAME={0x9, 0x1, 'syz1\x00'}, @NFACCT_QUOTA={0xc, 0x6, 0x1, 0x0, 0x1}, @NFACCT_FLAGS={0x8, 0x5, 0x1, 0x0, 0x2}]}, 0x34}, 0x1, 0x0, 0x0, 0x440c1}, 0x10)

37.95087922s ago: executing program 3 (id=5409):
r0 = socket$nl_generic(0x10, 0x3, 0x10)
socket$nl_generic(0x10, 0x3, 0x10)
r1 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000380)={0x11, 0x4, &(0x7f00000002c0)=ANY=[@ANYBLOB="1801000000000000000000000000ea04850000005000000095"], &(0x7f0000000100)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x2}, 0x80)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000140)={&(0x7f0000000040)='sched_switch\x00', r1}, 0x10)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x61, 0x8e}, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000080)=0x8)
r2 = getpid()
sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2)
sched_setscheduler(r2, 0x2, &(0x7f0000000200)=0x7)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={<r3=>0xffffffffffffffff, <r4=>0xffffffffffffffff})
connect$unix(r3, &(0x7f000057eff8)=@file={0x0, './file0\x00'}, 0x6e)
sendmmsg$unix(r4, &(0x7f0000000000), 0x651, 0x0)
recvmmsg(r3, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
getresuid(0x0, 0x0, 0x0)
add_key$keyring(&(0x7f0000000080), &(0x7f00000000c0)={'syz', 0x3}, 0x0, 0x0, 0xfffffffffffffffe)
keyctl$KEYCTL_PKEY_DECRYPT(0x1a, 0x0, 0x0, &(0x7f0000000500)="b9b9c86368a0c3e2ab51d5853e5ffe", &(0x7f00000000c0)=""/48)
r5 = openat$binderfs(0xffffffffffffff9c, 0x0, 0x0, 0x0)
sendmsg$NL80211_CMD_REQ_SET_REG(r0, &(0x7f0000000300)={&(0x7f0000000180)={0x10, 0x0, 0x0, 0x1}, 0xc, 0x0, 0x1, 0x0, 0x0, 0x40040}, 0x20000000)
bpf$MAP_CREATE_TAIL_CALL(0x0, 0x0, 0x50)
ioctl$BINDER_WRITE_READ(r5, 0xc0306201, &(0x7f0000000340)={0x0, 0x0, &(0x7f0000000580), 0x0, 0x0, 0x0})
bpf$PROG_LOAD(0x5, &(0x7f00000054c0)={0xe, 0x16, &(0x7f0000001900)=ANY=[], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @sk_skb}, 0x94)
ioctl$BINDER_THREAD_EXIT(r5, 0x40046208, 0x0)

36.422144863s ago: executing program 3 (id=5418):
socketpair$unix(0x1, 0x3, 0x0, &(0x7f0000000080)={<r0=>0xffffffffffffffff, <r1=>0xffffffffffffffff})
connect$unix(r0, &(0x7f000057eff8)=@abs, 0x6e)
sendmmsg$unix(r1, &(0x7f00000bd000), 0x318, 0x0)
recvmmsg(r0, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
ioctl$ifreq_SIOCGIFINDEX_batadv_hard(0xffffffffffffffff, 0x8933, &(0x7f0000000140)={'batadv_slave_1\x00'})
setsockopt$SO_TIMESTAMPING(r0, 0x1, 0x25, &(0x7f0000000040)=0x80, 0x4)
syz_io_uring_setup(0x1104, 0x0, 0x0, 0x0)
mmap(&(0x7f0000000000/0xe7e000)=nil, 0xe7e000, 0xfffffffffffffffe, 0x4031, 0xffffffffffffffff, 0x0)
r2 = userfaultfd(0x80001)
ioctl$UFFDIO_API(r2, 0xc018aa3f, &(0x7f00000000c0))
ioctl$UFFDIO_REGISTER(r2, 0xc020aa00, &(0x7f0000000140)={{&(0x7f00000e2000/0xc00000)=nil, 0xc00000}, 0x1})
ioctl$UFFDIO_REGISTER(r2, 0xc020aa04, &(0x7f0000000000)={{&(0x7f00000e2000/0xc00000)=nil, 0xc00000}, 0x0, 0x2})

20.493110755s ago: executing program 40 (id=5418):
socketpair$unix(0x1, 0x3, 0x0, &(0x7f0000000080)={<r0=>0xffffffffffffffff, <r1=>0xffffffffffffffff})
connect$unix(r0, &(0x7f000057eff8)=@abs, 0x6e)
sendmmsg$unix(r1, &(0x7f00000bd000), 0x318, 0x0)
recvmmsg(r0, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
ioctl$ifreq_SIOCGIFINDEX_batadv_hard(0xffffffffffffffff, 0x8933, &(0x7f0000000140)={'batadv_slave_1\x00'})
setsockopt$SO_TIMESTAMPING(r0, 0x1, 0x25, &(0x7f0000000040)=0x80, 0x4)
syz_io_uring_setup(0x1104, 0x0, 0x0, 0x0)
mmap(&(0x7f0000000000/0xe7e000)=nil, 0xe7e000, 0xfffffffffffffffe, 0x4031, 0xffffffffffffffff, 0x0)
r2 = userfaultfd(0x80001)
ioctl$UFFDIO_API(r2, 0xc018aa3f, &(0x7f00000000c0))
ioctl$UFFDIO_REGISTER(r2, 0xc020aa00, &(0x7f0000000140)={{&(0x7f00000e2000/0xc00000)=nil, 0xc00000}, 0x1})
ioctl$UFFDIO_REGISTER(r2, 0xc020aa04, &(0x7f0000000000)={{&(0x7f00000e2000/0xc00000)=nil, 0xc00000}, 0x0, 0x2})

11.471200874s ago: executing program 8 (id=5493):
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, 0x0, 0x0)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x88}, 0x0)
sched_setscheduler(0x0, 0x1, &(0x7f0000000240)=0x7)
r0 = getpid()
sched_setscheduler(r0, 0x2, &(0x7f0000000200)=0x7)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={<r1=>0xffffffffffffffff, <r2=>0xffffffffffffffff})
connect$unix(r1, &(0x7f000057eff8)=@abs, 0x6e)
sendmmsg$unix(r2, &(0x7f0000000000), 0x651, 0x0)
recvmmsg(r1, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000000)=0x6)
r3 = openat$iommufd(0xffffffffffffff9c, &(0x7f0000000640), 0x101300, 0x0)
ioctl$IOMMU_IOAS_ALLOC(r3, 0x3b81, 0x0)
ioctl$IOMMU_TEST_OP_MOCK_DOMAIN(r3, 0x3ba0, &(0x7f0000000000)={0x48})

9.676336083s ago: executing program 8 (id=5495):
writev(0xffffffffffffffff, 0x0, 0x0)
socketpair$unix(0x1, 0x3, 0x0, &(0x7f0000000080)={<r0=>0xffffffffffffffff, <r1=>0xffffffffffffffff})
connect$unix(r0, &(0x7f000057eff8)=@abs, 0x6e)
sendmmsg$unix(r1, &(0x7f00000bd000), 0x318, 0x0)
recvmmsg(r0, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
socketpair$unix(0x1, 0x3, 0x0, &(0x7f0000000080))
ioctl$SNDRV_CTL_IOCTL_PCM_PREFER_SUBDEVICE(0xffffffffffffffff, 0x40045532, 0x0)
openat$audio(0xffffffffffffff9c, 0x0, 0x40000000040201, 0x0)
r2 = syz_io_uring_setup(0x49b, &(0x7f0000000400)={0x0, 0xcc90, 0x100, 0x3, 0x288}, &(0x7f0000000340)=<r3=>0x0, &(0x7f0000000280)=<r4=>0x0)
syz_memcpy_off$IO_URING_METADATA_GENERIC(r3, 0x4, &(0x7f0000000080)=0xfffffffc, 0x0, 0x4)
syz_io_uring_submit(r3, r4, &(0x7f00000002c0)=@IORING_OP_WRITE={0x17, 0x0, 0x4004, @fd, 0xb, 0x0, 0x0, 0x4, 0x1})
io_uring_enter(r2, 0x3d8e, 0x618, 0xa1, 0x0, 0x0)

9.590159805s ago: executing program 6 (id=5496):
r0 = socket$nl_xfrm(0x10, 0x3, 0x6)
sendmsg$nl_xfrm(r0, &(0x7f0000000240)={0x0, 0x0, &(0x7f00000000c0)={&(0x7f00000004c0)=ANY=[@ANYBLOB="6c0100001700010029bd70000000000000000000000000000000ffffac1e00012000000000000000e0000002000000000000000000000000fe800000000000000000000000000000200100000000000000000000000000020000000000000000000000000000003c4533e7574a21ba18666b55514c7a0ca8f78c9b6a48005869bf06f260535d7733406cd5d2e1bc5c6fc04239c7b8ab072c69ed7ac512512fa8b158d88b51161f7d28b1b68f13045e1f2b7c2db4ec8441ad1d0d000000000000003f2207806d11a707f3de9c7189a8d419f046a555af8fc39896d575da2cd1076362024f2592bd02c8d96fd15690ad4c7dce1020fcd027", @ANYRES32=0x0, @ANYRESHEX=r0, @ANYBLOB="ac1414aa000000000000000000000000200100000000000000000000000000010000961b5e7bb95f0e5933d3e74d3fa9", @ANYRES32=0x0, @ANYRES32=0x0, @ANYRES32, @ANYRESDEC=r0, @ANYRES64=r0], 0x16c}}, 0x20000040)
r1 = openat$nullb(0xffffffffffffff9c, &(0x7f0000000040), 0x84042, 0x0)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x5, 0x8b}, 0x0)
sched_setscheduler(0x0, 0x1, &(0x7f0000000100)=0x2)
r2 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000040)='memory.events\x00', 0x275a, 0x0)
preadv2(r2, &(0x7f0000000000)=[{&(0x7f0000000380)=""/258, 0x102}], 0x1, 0x0, 0x5, 0x29)
openat$kvm(0xffffffffffffff9c, 0x0, 0x161642, 0x0)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0xa, 0x8b}, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000080)=0x8)
r3 = getpid()
sched_setaffinity(0x0, 0x8, &(0x7f0000000380)=0x2)
sched_setscheduler(r3, 0x2, &(0x7f0000000200)=0x7)
bpf$PROG_LOAD(0x5, 0x0, 0x0)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={<r4=>0xffffffffffffffff, <r5=>0xffffffffffffffff})
connect$unix(r4, &(0x7f000057eff8)=@abs, 0x6e)
sendmmsg$unix(r5, &(0x7f0000000000), 0x651, 0x0)
recvmmsg(r4, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000001d40)={&(0x7f00000009c0)='sched_switch\x00'}, 0x10)
bpf$BPF_TASK_FD_QUERY(0x14, 0x0, 0x0)
r6 = bpf$MAP_CREATE(0x0, &(0x7f0000000200)=ANY=[@ANYBLOB="0100000005000000090000008b0000"], 0x48)
bpf$MAP_LOOKUP_BATCH(0x19, &(0x7f0000000800)={0x0, 0x0, &(0x7f0000000680), 0x0, 0x2000006c, r6}, 0x38)
r7 = syz_open_dev$loop(&(0x7f0000000080), 0x47ffffd, 0x0)
ioctl$LOOP_CONFIGURE(r7, 0x4c0a, &(0x7f0000001ac0)={r1, 0x0, {0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3, 0x1c, "ff9f020bbe82b398b1c4369d03740250ceaac594b1b3d741dd17c1ac0d38ef2a565ef1e8336300", "a9103939c787a16c1ca43f80026d1f3c4da06963dd89d130e04d528539f3d3289737f0374c72a964a02447a75df8a69ea917deb7ba193b7e7772fd29f35239d2", "24431a1e77a68e174f000000000000000010e200", [0xfffffffffffffffe]}})
creat(&(0x7f0000000080)='./bus\x00', 0x14f)

7.825282109s ago: executing program 0 (id=5500):
r0 = socket$inet(0xa, 0x801, 0x84)
listen(r0, 0xfffffffd)
r1 = socket$inet(0xa, 0x801, 0x84)
listen(r1, 0xfffffffd)

7.522059933s ago: executing program 0 (id=5501):
r0 = socket$netlink(0x10, 0x3, 0x4)
syz_genetlink_get_family_id$nl80211(&(0x7f0000000300), r0)
writev(r0, &(0x7f0000000000)=[{&(0x7f0000000140)="480000001400190d09004beafd0d8c560a84476080ffe00600000000590000a2bc5603ca00000f7f89000000200000000101ff0000000309ff5bffff00c7e5ed5e00000000000000", 0x40b}], 0x1)

7.354298072s ago: executing program 6 (id=5502):
socket$inet6(0xa, 0x80002, 0x0)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, 0x0, 0x0)
bpf$MAP_CREATE_RINGBUF(0x0, &(0x7f00000009c0)=ANY=[@ANYBLOB="1b0000000000000000000000000004"], 0x48)
bpf$PROG_LOAD(0x5, &(0x7f0000000b00)={0x11, 0xf, &(0x7f0000000340)=ANY=[@ANYBLOB], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
ioprio_set$pid(0x1, 0x0, 0x6007)
r0 = openat$sysfs(0xffffffffffffff9c, &(0x7f0000000400)='/sys/power/resume', 0x149a82, 0x0)
r1 = socket$nl_xfrm(0x10, 0x3, 0x6)
prctl$PR_SET_SECCOMP(0x4e, 0x1, 0x0)
sendmsg$nl_xfrm(r1, 0x0, 0x0)
socket$kcm(0xa, 0x5, 0x0)
r2 = openat$nci(0xffffffffffffff9c, &(0x7f0000000b00), 0x2, 0x0)
r3 = syz_init_net_socket$802154_dgram(0x24, 0x2, 0x0)
ioctl$IOCTL_GET_NCIDEV_IDX(r2, 0x0, &(0x7f0000009440)=<r4=>0x0)
bind$nfc_llcp(r3, &(0x7f0000009480)={0x27, r4, 0x0, 0x5, 0x1, 0x6, "be8e19b6a865e7ab561f559d74a73485c8abd655427185f01fb9571ca0d8f47c1e1a12c085d196fd2eb6853571e830e500", 0x31}, 0x60)
sendmsg$kcm(r0, 0x0, 0x80c9)
write$cgroup_int(r0, &(0x7f0000000040)=0x1f00, 0x12)

6.989747211s ago: executing program 0 (id=5504):
creat(0x0, 0x0)
sendmsg$nl_route_sched(0xffffffffffffffff, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000000040)={&(0x7f00000000c0)=@newtaction={0xa4, 0x30, 0x1, 0x0, 0x0, {}, [{0x90, 0x1, [@m_ct={0x44, 0x2, 0x0, 0x0, {{0x7}, {0x1c, 0x2, 0x0, 0x1, [@TCA_CT_PARMS={0x18, 0x1, {0x9d, 0x11e41e7a, 0x20000000, 0x0, 0xf}}]}, {0x4}, {0xc, 0x7, {0x0, 0x1}}, {0xc, 0x8, {0x0, 0x1}}}}, @m_ife={0x48, 0x1, 0x0, 0x0, {{0x8}, {0x20, 0x2, 0x0, 0x1, [@TCA_IFE_PARMS={0x1c}]}, {0x4}, {0xc}, {0xc}}}]}]}, 0xa4}, 0x1, 0x0, 0x0, 0x804}, 0x0)
sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x7)
r0 = getpid()
sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2)
open$dir(&(0x7f0000000200)='./file0\x00', 0x1e9240, 0x180)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeef, 0x8031, 0xffffffffffffffff, 0x0)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={<r1=>0xffffffffffffffff, <r2=>0xffffffffffffffff})
connect$unix(r1, &(0x7f000057eff8)=@file={0x0, './file0\x00'}, 0x6e)
sendmmsg$unix(r2, 0x0, 0x0, 0x0)
sched_setaffinity(r0, 0x8, &(0x7f0000000240)=0x2)
recvmmsg(r1, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
r3 = socket$inet6(0xa, 0x802, 0x0)
setsockopt$inet6_buf(r3, 0x29, 0x39, &(0x7f0000000040)="ff02040000ffffffffffffffff1f2be82db1af0000000000", 0x18)
connect$inet6(r3, &(0x7f00000000c0)={0xa, 0x0, 0x0, @loopback, 0x3}, 0x31)
sendmmsg$inet6(r3, &(0x7f0000002940), 0x40000000000017d, 0x811)

6.693800024s ago: executing program 6 (id=5506):
r0 = socket(0x840000000002, 0x3, 0xfa)
connect$inet(r0, &(0x7f0000000140)={0x2, 0x0, @remote}, 0x10)
sendmmsg$inet(r0, &(0x7f0000005240), 0x4000095, 0x0)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
r1 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f00000006c0)={0x18, 0xb, &(0x7f0000000640)=ANY=[@ANYBLOB="18000000000000000000000000000000180100002020000000000000000000007b1af8ff00000000bfa100000000000007010000f8ffffffb702000008000000b703000000000000850000000600000095"], &(0x7f00000004c0)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x2}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000200)={&(0x7f00000002c0)='contention_begin\x00', r1, 0x0, 0xd}, 0x18)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8d}, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000540)=0x4)
openat$sequencer(0xffffffffffffff9c, &(0x7f0000000300), 0x900, 0x0)
r2 = syz_open_dev$sndmidi(&(0x7f00000004c0), 0x2, 0x141102)
writev(r2, &(0x7f0000000840)=[{&(0x7f00000002c0)="94", 0xf000}, {0x0}], 0x2)
recvmmsg(0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0)
r3 = socket$key(0xf, 0x3, 0x2)
sendmsg$key(r3, &(0x7f0000000180)={0x0, 0x0, &(0x7f0000000040)={&(0x7f0000000580)=ANY=[@ANYBLOB="000000000000000000000029f4908cef59a64fcaccbb5ea70b58990aae588ffc01bf4e1317d7a917462882fb22d613c7b46510b2e93dce06c791525e8b032dc3d415233c053f36e44924505b3f01bb2b46a66a3e3ba4764fb7aedd6c06f139852d43119aac3ea2"], 0x10}}, 0x0)
setsockopt$inet_int(r0, 0x0, 0x1, 0x0, 0x0)
unshare(0x22020400)

5.228145477s ago: executing program 6 (id=5508):
bpf$MAP_CREATE(0x0, 0x0, 0x48)
bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback=0x2c, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, 0x0, 0x0)
r0 = socket$inet6_udplite(0xa, 0x2, 0x88)
r1 = gettid()
timer_create(0x0, &(0x7f0000533fa0)={0x0, 0x21, 0x800000000004, @tid=r1}, &(0x7f0000bbdffc))
timer_settime(0x0, 0x0, &(0x7f0000000280)={{0x0, 0x989680}, {0x0, 0x989680}}, 0x0)
pipe2(&(0x7f0000000040)={<r2=>0xffffffffffffffff, <r3=>0xffffffffffffffff}, 0x0)
splice(r0, 0x0, r3, 0x0, 0xf, 0x8)
pipe2$9p(&(0x7f0000000180)={<r4=>0xffffffffffffffff, <r5=>0xffffffffffffffff}, 0x0)
tee(r2, r5, 0x4e, 0x0)
write$binfmt_script(r5, &(0x7f0000000800)={'#! ', './file0'}, 0xb)
tee(r4, r3, 0x9, 0x8)

4.882383599s ago: executing program 0 (id=5511):
r0 = openat$ptmx(0xffffffffffffff9c, &(0x7f0000000180), 0x482, 0x0)
ioctl$TCSETS(r0, 0x5402, &(0x7f00000000c0)={0xfffffffc, 0x60000000, 0x8, 0xfffffffc, 0x7f, "c98f1c2b00"})
write$binfmt_aout(r0, &(0x7f0000000400)=ANY=[], 0xff2e)
ioctl$TCSETS(r0, 0x40045431, &(0x7f0000000040)={0x0, 0x5, 0x0, 0x0, 0x83, "0001000000e867784907ffff00000000000800"})
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
prlimit64(0x0, 0xe, &(0x7f0000000000)={0x8, 0x100008b}, 0x0)
sched_setaffinity(0x0, 0x8, &(0x7f0000000180)=0x1400200bce)
sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x1)
r1 = syz_open_dev$MSR(&(0x7f0000000200), 0x0, 0x0)
read$msr(r1, &(0x7f0000002700)=""/102392, 0x18ff8)
sendfile(0xffffffffffffffff, 0xffffffffffffffff, 0x0, 0x4)
r2 = syz_open_pts(r0, 0x0)
socket$inet_sctp(0x2, 0x1, 0x84)
r3 = dup3(r2, r0, 0x0)
read$FUSE(r3, &(0x7f0000003f80)={0x2020}, 0x2020)

4.801748544s ago: executing program 9 (id=5512):
r0 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000200)={0x18, 0x4, &(0x7f00000002c0)=ANY=[@ANYBLOB], &(0x7f0000000100)='GPL\x00', 0x0, 0x0, 0x0, 0x41000, 0x0, '\x00', 0x0, 0x2}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000080)={&(0x7f0000000000)='sched_switch\x00', r0, 0x0, 0xffffffffffffffff}, 0x18)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0xa, 0x88}, 0x0)
sched_setscheduler(0x0, 0x1, &(0x7f0000000240)=0x7)
r1 = getpid()
sched_setscheduler(r1, 0x2, &(0x7f0000000200)=0x7)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={<r2=>0xffffffffffffffff, <r3=>0xffffffffffffffff})
connect$unix(r2, &(0x7f0000000340)=@abs={0x0, 0x0, 0x4e24}, 0x6e)
sendmmsg$unix(r3, &(0x7f0000000000), 0x651, 0x0)
recvmmsg(r2, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000000)=0x6)
r4 = openat$iommufd(0xffffffffffffff9c, &(0x7f0000000080), 0x20000, 0x0)
ioctl$IOMMU_IOAS_ALLOC(r4, 0x3b81, &(0x7f0000000000)={0xc, 0x0, <r5=>0x0})
ioctl$IOMMU_IOAS_MAP$PAGES(r4, 0x3b85, &(0x7f0000000040)={0x28, 0x4, r5, 0x0, &(0x7f0000ff8000/0x1000)=nil, 0x1000})
ioctl$IOMMU_TEST_OP_MOCK_DOMAIN_FLAGS(r4, 0x3ba0, &(0x7f0000000180)={0x48, 0x2, r5})

4.029472829s ago: executing program 8 (id=5513):
bpf$MAP_CREATE(0x0, &(0x7f00000009c0)=ANY=[@ANYBLOB="04000000040000000400000005"], 0x48)
getsockopt$inet_sctp6_SCTP_SOCKOPT_CONNECTX3(0xffffffffffffffff, 0x84, 0x6f, 0x0, 0x0)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0xa, 0x8b}, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000600)=0x8)
r0 = getpid()
sched_setscheduler(r0, 0x2, &(0x7f0000000200)=0x7)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={<r1=>0xffffffffffffffff, <r2=>0xffffffffffffffff})
connect$unix(r1, &(0x7f0000000180)=@abs, 0x6e)
sendmmsg$unix(r2, &(0x7f0000000000), 0x651, 0x0)
recvmmsg(r1, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
bpf$PROG_LOAD(0x5, 0x0, 0x0)
r3 = socket$nl_generic(0x10, 0x3, 0x10)
r4 = syz_genetlink_get_family_id$nl80211(&(0x7f0000000380), r3)
sendmsg$NL80211_CMD_REMAIN_ON_CHANNEL(r3, &(0x7f0000000480)={0x0, 0x0, &(0x7f0000000140)={&(0x7f00000002c0)={0x14, r4, 0x9c3fa077fa966179, 0x0, 0x0, {{0x7e}, {@void, @void}}}, 0x14}}, 0x4000054)

3.902332443s ago: executing program 9 (id=5514):
socket(0x10, 0x803, 0x0)
r0 = socket$nl_route(0x10, 0x3, 0x0)
r1 = socket$inet6_udplite(0xa, 0x2, 0x88)
setsockopt$XDP_TX_RING(0xffffffffffffffff, 0x11b, 0x3, &(0x7f0000000140)=0x4000, 0x4)
ioctl$ifreq_SIOCGIFINDEX_batadv_hard(r1, 0x8933, &(0x7f0000000280)={'batadv_slave_1\x00', <r2=>0x0})
r3 = socket$xdp(0x2c, 0x3, 0x0)
setsockopt$XDP_UMEM_REG(r3, 0x11b, 0x4, &(0x7f00000000c0)={&(0x7f0000000000)=""/74, 0x328000, 0x1000, 0x0, 0x1}, 0x20)
setsockopt$XDP_UMEM_COMPLETION_RING(r3, 0x11b, 0x6, &(0x7f0000000080)=0x1, 0x4)
r4 = socket$inet6_udplite(0xa, 0x2, 0x88)
setsockopt$XDP_RX_RING(r3, 0x11b, 0x2, &(0x7f0000001980)=0x100, 0x4)
ioctl$ifreq_SIOCGIFINDEX_batadv_hard(r4, 0x8933, &(0x7f0000000580)={'batadv_slave_1\x00', <r5=>0x0})
setsockopt$XDP_UMEM_FILL_RING(r3, 0x11b, 0x5, &(0x7f0000000300)=0x1, 0x4)
bind$xdp(r3, &(0x7f0000000100)={0x2c, 0x8, r5}, 0x10)
sendmsg$nl_route_sched(r0, &(0x7f0000000040)={0x0, 0x0, &(0x7f0000000200)={&(0x7f0000000000)=@getchain={0x24, 0x11, 0x43d, 0x70bd2d, 0x0, {0x0, 0x0, 0x0, r2, {0xe}, {}, {0x7}}}, 0x24}}, 0x0)

3.892581092s ago: executing program 6 (id=5515):
r0 = openat$ptmx(0xffffffffffffff9c, &(0x7f00000000c0), 0x2000, 0x0)
prlimit64(0x0, 0xe, 0x0, 0x0)
sched_setscheduler(0x0, 0x1, &(0x7f0000000300)=0x7)
r1 = getpid()
sched_setscheduler(r1, 0x2, 0x0)
syz_clone(0x8000, 0x0, 0xfffffffffffffe7e, 0x0, 0x0, 0x0)
sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x400000bce)
r2 = syz_open_dev$MSR(&(0x7f00000001c0), 0x0, 0x0)
read$msr(r2, &(0x7f0000019680)=""/102392, 0x18ff8)
socket$nl_generic(0x10, 0x3, 0x10)
syz_genetlink_get_family_id$ethtool(&(0x7f0000000080), 0xffffffffffffffff)
ioctl$TIOCSPTLCK(r0, 0x40045431, &(0x7f0000000000))
ioctl$TCSETAF(r0, 0x5408, &(0x7f0000004140)={0x9, 0xffff, 0xfff8, 0x8, 0x11, "414d2276ba0cc02b"})
r3 = ioctl$TIOCGPTPEER(r0, 0x5441, 0x9)
write(r3, &(0x7f0000002780)="a788b9a48d1de6603c475fe3cfa8a27d7c8425073f756d1cefddc08a6dd4c4c0a5323f8f93d65682bc4974397001a396624e1bd23560952dee5736311e3d06e60f168e59f8a3125595ff42643b55d9addf2ea3fa011611a8c539558baf2581e9a8b722f2108f58cb3d552779ea51ba9462992a9156243c50c162d06280d116e26d280aacfb494b66c66bb4df665381440690afc4854f4a19db6357a3e57802de79c221ae7c5171faa19b3dc84934b452b1c81e98bf2eaeedca4e6cce792c6e01c592688acaefe150f0ffd163d3d54d4318b5df03be5916dd0fc3cbb297cc1cda81fbc3cc8c552216b48289eb4065a84e76d035c469ed7f879f1d522715f615d3d9b4e7b270b25837894d7609819a02fd202762975b2bf49910e57aea28e3632353f29711d460d5e85c5881f265e2372722654532bfb30b7ee54d40cafe09c96e65a6304a570ea8069fa0649f1bd6cbe5b2d8e42fa0ab835b4eae46e983df2fefa0b5e5bec1594ba024b6acef03fc561a86959e3b928c552b39845621b549746ea4157b0d4b72855c0d7f7578474c456a888a7b60a6e73a57bbccc733319619c140728332ae5d4c3a2c949741dd9950774fddd896ad9ca2d190176537eccee02958a68c4eb26384721bf0f3902387902a0e1fc7ce3d1b92291a1da43f29ac9ccccc5224909627819dae861ad9a80bb145e161851017f6967c4d6786df994c99cfd14eeec8a906f919196bf4fe42ba78c1e7c9559a32104562180e23b6bd02556d324d210c05d4c11b375b9a496f245670f1390341c533ed70b927ac87b14dded63dec46c80949c44b344e897deda9c96485a6fdcbfb6a81fa1f06548b62d6e4726d6c7c724c865cac73c6bd24332f763b7ee4411ac4c7bdfb4dc5243111e80e1275adbec7732259dfd7bdbfe8b16ee19f73b444b094b64d33558116e37404b83ccf56fd3002880b44f9f0e46d8549bf061274812047665f83f82f71d0e8260668e026b7914f89a66342c38337e372efb345d4eb5273613a69fd5318cbc21788825895cffd0a93aaf0a25c7c17aadfe0415d00062aff52abea2b080310026189f137188a2fcf134e9f4b98f0e7adf657f3c368853a6d2ab1bb3e534f54208913613561e971f78c0b466d231251e0661bb2d1df030e31168bfed86bb5059096e74aa1f24213edec5a9c55a773b1b0b588d0646887759f73037da3196c596d7d54a10a47950fd52665d4059acf03d89d41201ca51d98baf9f549b09f0bd891850917d294ffd7a6fcfbefdf6192f7e3e51c67f45fb578bcd0ebc8447ded0a40bf17e73f1419e3cb6a8232e52d6646831f87148b7d9de7b4e1b7fae5afd5a22edf95602ac820712343bd79098dcdac62747c32a2657dd94799fe1407573f918355f84cc1c44a6499c0a7a5f188cf7971a952e03e245c022ea1ac6b3115dfaec5072c1a6ef298470899a2223908e099bd9f045a824f7ec21b9ef478f7f1253e99117bc90fb35b155ef4badcc95d1a1e913c1b3d7b5305289ba328d813bf47a2e808e8b96058faddb63dc7d0e039f1c51c872d6497097822ac3a86296ea3963c5bb6aea2ead05d85b859ecc4646c6f078b7ec3b6b9186b4ccdd87bd30653bcdc09ad5f5c5778406708de50653be9a34d9dc57279d1fa418788f4dbd22dcca75a012ca9689c42e93265669a504deb7bb906aa4012074668a546a24ff49f51aad8920a2c48b7390fb479d93e646eac6cfad65d55d1de0f0a3a35ea00b9c6ceb1febe4b838ea74f2444fba078d5d2c740f00064f56b000575de1be6f4fd26086b437d2ae622373b555f8a3ae5a65b158265f8840d3e8ef012e0ae671c9b51abd9c8c0c407e5813ae0ce4bc101363b7b2908b189c4c09efb06cf77985eb82fe229dd3619bf74d24a5010bb4594cb358fd6f182c94a45ba6782f92f6227f3d9e449f327a578647c21384836fbd9d1c25e8b4433b2aa720a6f0acbb069142a18b4c18f909fdff818a28a62d8d91ee8f618a49d42255f303c5b86727e93dd28d0f1ee33e3840f146b130d2e74e291307aa07d581089fc0ed123b788a668e33d69ba44e9375a4c4b5a9c563dcbac76548f6f558376d42a48eed5d2c9ae6e23ee037984fe7fdf752765dee6b03731dae01a59c694e4dbb378ee5cc7e115e768bd53c0d280b0174c357f19e941499d19d92b8c4eef63053e72a0d52309404235cb5531b8b1448de43807af6135236be025281e583b3d3cf7aa4afe1327674ad6098e7a0dac5ea9d58685e960a0901e3d5040fe5c9b8788fafd982f4d7fb168b1c5e1143d9bf9aee4b83852ae8b93", 0x665)

3.861220219s ago: executing program 0 (id=5516):
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x88}, 0x0)
sched_setscheduler(0x0, 0x1, &(0x7f0000000240)=0x7)
r0 = getpid()
sched_setscheduler(r0, 0x2, &(0x7f0000000200)=0x7)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={<r1=>0xffffffffffffffff, <r2=>0xffffffffffffffff})
connect$unix(r1, &(0x7f000057eff8)=@file={0x0, './file0\x00'}, 0x6e)
sendmmsg$unix(r2, &(0x7f0000000000), 0x651, 0x0)
recvmmsg(r1, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000000)=0x6)
ioprio_set$pid(0x3, 0x0, 0x0)
r3 = syz_io_uring_setup(0x9e, &(0x7f0000000640)={0x0, 0xec25, 0x0, 0x0, 0x40000333}, &(0x7f00000006c0)=<r4=>0x0, &(0x7f00000001c0)=<r5=>0x0)
syz_memcpy_off$IO_URING_METADATA_GENERIC(r4, 0x4, &(0x7f0000000180)=0xfffffffc, 0x0, 0x4)
syz_io_uring_submit(r4, r5, &(0x7f0000000200)=@IORING_OP_READV=@pass_iovec={0x1, 0x0, 0x0, @fd, 0x6, 0x0})
io_uring_enter(r3, 0x847ba, 0x0, 0xe, 0x0, 0x0)

2.473904848s ago: executing program 9 (id=5517):
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
r0 = gettid()
socketpair$unix(0x1, 0x1, 0x0, &(0x7f0000000040)={<r1=>0xffffffffffffffff, <r2=>0xffffffffffffffff})
r3 = socket$alg(0x26, 0x5, 0x0)
bind$alg(r3, &(0x7f0000000140)={0x26, 'skcipher\x00', 0x0, 0x0, 'cbc(blowfish)\x00'}, 0x58)
r4 = accept4(r3, 0x0, 0x0, 0x0)
setsockopt$ALG_SET_KEY(r3, 0x117, 0x1, &(0x7f00000001c0)="00940a37", 0x4)
sendto$unix(r4, &(0x7f0000000440)="36d9a32e92c131d730b1abaedb51eb66fd2d5b1f7eda4f0e859fdaf294bad70673813533d8bf1c6a77b65a7afdc01b29e73571071a68d5def5d7df839810da130b9348f4d9d407eb478d5bfb298c552a498271af70914e14ba9476fd2a0e47984c25ea20afab3064a748add27a7149e9c4705475bda2ecec9ec30214f28c5e16fd3f50f604f20232c534409e52bff64fc6ca0f5e254083aec2794b7216e002e87caf3d0fa7d04ff9e3b03e81595a04979594ff6ea888bf13de8e8f74c6178e31e47593732ae1a501ad3641d423195a788efdb643f50a8c8b9794a62f7b8dfa0fa7da9d391b92ce2a7f9fe0f9d584a3775f", 0x703d59595f6742a8, 0x800, 0x0, 0x0)
recvfrom(r4, &(0x7f00000030c0)=""/4117, 0xffffffffffffffbf, 0x1, 0x0, 0xffffffffffffffb5)
ioctl$int_in(r1, 0x5452, &(0x7f0000000180)=0x2)
fcntl$setsig(r1, 0xa, 0x12)
ppoll(&(0x7f0000000140)=[{r2, 0x8002}], 0x1, 0x0, 0x0, 0x0)
dup2(r1, r2)
r5 = getpgid(r0)
fcntl$setown(r1, 0x8, r5)
tkill(r0, 0x13)

1.551755587s ago: executing program 0 (id=5518):
fsopen(0x0, 0x1)
prlimit64(0x0, 0xe, &(0x7f0000000380)={0x8, 0x100008b}, 0x0)
bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000200)={0x18, 0x4, 0x0, &(0x7f0000000100)='GPL\x00', 0x0, 0x0, 0x0, 0x41000, 0x0, '\x00', 0x0, 0x2}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, 0x0, 0x0)
prlimit64(0x0, 0xe, 0x0, 0x0)
sched_setscheduler(0x0, 0x1, &(0x7f0000000240)=0x7)
r0 = getpid()
sched_setscheduler(r0, 0x2, &(0x7f0000000200)=0x7)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f07ebbeeb, 0x8031, 0xffffffffffffffff, 0xc36e5000)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={<r1=>0xffffffffffffffff, <r2=>0xffffffffffffffff})
connect$unix(r1, &(0x7f000057eff8)=@abs, 0x6e)
sendmmsg$unix(r2, &(0x7f0000000000), 0x651, 0x0)
recvmmsg(r1, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000000)=0x6)
r3 = socket$nl_netfilter(0x10, 0x3, 0xc)
sendmsg$IPSET_CMD_CREATE(r3, &(0x7f0000000100)={0x0, 0x0, &(0x7f00000000c0)={&(0x7f0000000240)=ANY=[@ANYBLOB="600000000206030300000000000000000000000005000100070000000900020073797a3100000000140007800500150003000000080012400000000013000300686173683a6e65742c696661636500000500050002000000050004"], 0x60}}, 0x0)

1.547705755s ago: executing program 8 (id=5519):
r0 = bpf$PROG_LOAD(0x5, &(0x7f0000000180)={0x0, 0xc, &(0x7f0000000440)=@framed={{}, [@ringbuf_output={{}, {0x7, 0x0, 0xb, 0x8, 0x0, 0x0, 0x8}, {}, {}, {}, {}, {}, {0x85, 0x0, 0x0, 0x3}}]}, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
r1 = bpf$MAP_CREATE(0x0, &(0x7f0000000180)=ANY=[@ANYBLOB="0b00000007000000010005000900000001"], 0x48)
sendmsg$tipc(0xffffffffffffffff, &(0x7f0000000240)={&(0x7f0000000080)=@name={0x1e, 0x2, 0x0, {{0x41}}}, 0x10, 0x0}, 0x0)
bpf$MAP_GET_NEXT_KEY(0x2, &(0x7f0000000080)={r1, &(0x7f0000000080), &(0x7f0000000200)=""/166}, 0x20)
bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x0, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32=r1], 0x0, 0x2, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback=0x7, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, r0, 0x0, 0x0, 0x0, 0x0}, 0x94)
r2 = bpf$PROG_LOAD(0x5, &(0x7f0000000280)={0x18, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback=0x38, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000540)={&(0x7f0000000140)='sched_switch\x00', r2}, 0x10)
r3 = openat$sndtimer(0xffffffffffffff9c, &(0x7f0000000000), 0x0)
ioctl$SNDRV_TIMER_IOCTL_SELECT(r3, 0x40345410, &(0x7f0000000340)={{0x1, 0x3}})
ioctl$SNDRV_TIMER_IOCTL_START(r3, 0x54a0)
readv(r3, &(0x7f0000000200)=[{&(0x7f0000003140)=""/4096, 0x8}], 0x2)
bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, 0x0, 0x0)
move_mount(0xffffffffffffffff, 0x0, 0xffffffffffffff9c, 0x0, 0x0)
close(0xffffffffffffffff)

1.398388103s ago: executing program 9 (id=5520):
sendmsg$nl_xfrm(0xffffffffffffffff, &(0x7f0000000240)={0x0, 0x0, 0x0}, 0x20000040)
sched_setscheduler(0x0, 0x1, 0x0)
ioctl$vim2m_VIDIOC_EXPBUF(0xffffffffffffffff, 0xc0405610, 0x0)
preadv2(0xffffffffffffffff, 0x0, 0x0, 0x5, 0x200000, 0x29)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0xa, 0x8b}, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000080)=0x8)
r0 = getpid()
sched_setscheduler(r0, 0x2, &(0x7f0000000200)=0x7)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={<r1=>0xffffffffffffffff, <r2=>0xffffffffffffffff})
connect$unix(r1, &(0x7f000057eff8)=@abs, 0x6e)
sendmmsg$unix(r2, &(0x7f0000000000), 0x651, 0x0)
recvmmsg(r1, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
semop(0x0, &(0x7f00000002c0)=[{0x0, 0x9b6a}], 0x1)
semop(0x0, &(0x7f0000000200), 0x53)
syz_open_procfs(0x0, &(0x7f00000001c0)='oom_score_adj\x00')

1.193217408s ago: executing program 9 (id=5521):
r0 = socket$inet6_icmp_raw(0xa, 0x3, 0x3a)
sendmsg$inet6(r0, 0x0, 0x4004000)
madvise(&(0x7f0000000000/0x800000)=nil, 0x800000, 0xe)
connect$unix(0xffffffffffffffff, &(0x7f000057eff8)=@file={0x0, './file0\x00'}, 0x6e)
madvise(&(0x7f0000000000/0x600000)=nil, 0x600000, 0x8)
lseek(0xffffffffffffffff, 0x2000, 0x0)
r1 = syz_open_dev$sndmidi(&(0x7f0000000040), 0x2, 0x141101)
r2 = dup(r1)
write$6lowpan_enable(r2, &(0x7f0000000000)='0', 0xfffffd2c)
r3 = syz_io_uring_setup(0xe1a, &(0x7f0000000240)={0x0, 0xf803, 0x10100, 0x0, 0x229, 0x0, r2}, &(0x7f0000000100)=<r4=>0x0, &(0x7f00000001c0)=<r5=>0x0)
syz_io_uring_submit(r4, r5, &(0x7f0000000040)=@IORING_OP_POLL_ADD={0x6, 0x2, 0x0, @fd=r1, 0x0, 0x0, 0x0, {}, 0x1})
io_uring_enter(r3, 0x2ded, 0x4004, 0x0, 0x0, 0x0)
r6 = openat$sndseq(0xffffffffffffff9c, &(0x7f0000000700), 0x0)
read(r6, &(0x7f0000000200)=""/202, 0xca)

1.182714414s ago: executing program 8 (id=5522):
socket$nl_generic(0x10, 0x3, 0x10)
syz_genetlink_get_family_id$gtp(0x0, 0xffffffffffffffff)
socket$inet(0x2, 0x1, 0x0)
socket$inet6_sctp(0xa, 0x1, 0x84)
socket$unix(0x1, 0x5, 0x0)
socket$nl_audit(0x10, 0x3, 0x9)
socket(0x10, 0x3, 0x0)
socket$unix(0x1, 0x2, 0x0)
r0 = openat$rdma_cm(0xffffffffffffff9c, &(0x7f0000001400), 0x2, 0x0)
r1 = socket$unix(0x1, 0x2, 0x0)
ppoll(&(0x7f0000000300)=[{r1, 0x4236}], 0x1, 0x0, 0x0, 0x0)
write$RDMA_USER_CM_CMD_CREATE_ID(r0, &(0x7f00000000c0)={0x0, 0x18, 0xfa00, {0x3, &(0x7f0000000080)={<r2=>0xffffffffffffffff}, 0x13f}}, 0x20)
write$RDMA_USER_CM_CMD_CREATE_ID(0xffffffffffffffff, &(0x7f0000000040)={0x0, 0x18, 0xfa00, {0x0, &(0x7f0000000300), 0x106, 0x8}}, 0x20)
write$RDMA_USER_CM_CMD_RESOLVE_IP(0xffffffffffffffff, &(0x7f0000000100)={0x3, 0x40, 0xfa00, {{0xa, 0xfffb, 0x2, @empty, 0xa098}, {0xa, 0x4e21, 0x8000009, @mcast1}, r2, 0x4040099d}}, 0x48)
writev(r0, &(0x7f0000000040)=[{&(0x7f0000000100), 0x86}], 0x2)

433.105705ms ago: executing program 6 (id=5523):
bpf$TOKEN_CREATE(0x24, 0x0, 0x0)
r0 = bpf$BPF_BTF_LOAD(0x12, 0x0, 0x0)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000280)=0x8)
r1 = getpid()
sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2)
sched_setscheduler(r1, 0x2, &(0x7f0000000180)=0x7)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0xf9060000)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={<r2=>0xffffffffffffffff, <r3=>0xffffffffffffffff})
connect$unix(r2, &(0x7f00000004c0)=@abs={0x0, 0x0, 0x4e24}, 0x6e)
sendmmsg$unix(r3, &(0x7f0000000000), 0x651, 0x0)
recvmmsg(r2, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
bpf$PROG_LOAD_XDP(0x5, 0x0, 0x0)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, 0x0, 0x0)
bind$inet(0xffffffffffffffff, &(0x7f0000000280)={0x2, 0x4e21, @multicast1}, 0x10)
bpf$BPF_GET_MAP_INFO(0xf, &(0x7f0000000340)={r0, 0x0, 0x0}, 0x10)
bpf$BPF_PROG_WITH_BTFID_LOAD(0x5, &(0x7f0000000300)=@bpf_lsm={0xd, 0x5, &(0x7f0000000040)=@framed={{0x65, 0xa, 0x0, 0x0, 0x0, 0x61, 0x11, 0xa4}, [@initr0]}, &(0x7f0000000000)='GPL\x00'}, 0x80)

185.113µs ago: executing program 8 (id=5524):
r0 = socket$nl_generic(0x10, 0x3, 0x10)
prlimit64(0x0, 0xe, &(0x7f0000000600)={0x9, 0x20000008b}, 0x0)
sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x7)
r1 = getpid()
sched_setscheduler(r1, 0x2, &(0x7f0000000200)=0x6)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000140)={<r2=>0xffffffffffffffff, <r3=>0xffffffffffffffff})
connect$unix(r2, &(0x7f000057eff8)=@abs={0x0, 0x0, 0x4e22}, 0x6e)
sendmmsg$unix(r3, &(0x7f0000000000), 0x651, 0x0)
recvmmsg(r2, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
socket$alg(0x26, 0x5, 0x0)
r4 = socket$nl_sock_diag(0x10, 0x3, 0x4)
sendmsg$TCPDIAG_GETSOCK(r4, &(0x7f0000001380)={0x0, 0x0, &(0x7f0000001340)={&(0x7f0000000140)={0x4c, 0x14, 0x101, 0x70bd25, 0x25dfdbfd, {0x1, 0xf, 0x8, 0x7, {0x4e24, 0x4e22, [0x3, 0x31, 0xffffff01, 0xc3], [0x6, 0x0, 0x40000000, 0x7], 0x0, [0xde, 0x7fffffff]}, 0x2, 0x3}}, 0x4c}, 0x1, 0x0, 0x0, 0x24048084}, 0x40000)
r5 = syz_genetlink_get_family_id$batadv(&(0x7f00000000c0), r0)
sendmsg$BATADV_CMD_SET_MESH(r0, &(0x7f0000000200)={&(0x7f0000000080)={0x10, 0x0, 0x0, 0x4000000}, 0xc, &(0x7f0000000140)={&(0x7f0000000100)={0x28, r5, 0x200, 0x70bd29, 0x25dfdbff, {}, [@BATADV_ATTR_ORIG_ADDRESS={0xa, 0x9, @local}, @BATADV_ATTR_FRAGMENTATION_ENABLED={0x5}]}, 0x28}, 0x1, 0x0, 0x0, 0x40020}, 0x0)
sendmsg$nl_generic(r0, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000180)={&(0x7f00000001c0)={0x30, 0x3f, 0x107, 0x0, 0x0, {0x1, 0x7c}, [@nested={0x4, 0xfc}, @nested={0xc, 0x1, 0x0, 0x1, [@typed={0x6, 0x6, 0x0, 0x0, @str='\x80\n'}]}, @nested={0x4, 0x2}, @typed={0x8, 0x7, 0x0, 0x0, @u32=0x8}]}, 0x30}, 0x1, 0x0, 0x0, 0xc000}, 0x4040)
openat$ocfs2_control(0xffffffffffffff9c, &(0x7f0000000040), 0x610000, 0x0)

0s ago: executing program 9 (id=5525):
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0)
sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x7)
r0 = getpid()
sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2)
sched_setscheduler(r0, 0x2, &(0x7f0000000200)=0x6)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={<r1=>0xffffffffffffffff, <r2=>0xffffffffffffffff})
connect$unix(r1, &(0x7f000057eff8)=@abs, 0x6e)
sendmmsg$unix(r2, &(0x7f0000000000), 0x651, 0x0)
recvmmsg(r1, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
socket$netlink(0x10, 0x3, 0x0)
r3 = socket$inet6_sctp(0xa, 0x5, 0x84)
setsockopt$inet_sctp6_SCTP_PEER_ADDR_PARAMS(r3, 0x84, 0x9, &(0x7f0000000580)={0x0, @in={{0x2, 0x0, @empty}}, 0x0, 0x0, 0x3fc, 0x0, 0x32}, 0x9c)
setsockopt$inet_sctp6_SCTP_PEER_ADDR_PARAMS(r3, 0x84, 0x9, &(0x7f0000000000)={0x0, @in6={{0xa, 0x0, 0x0, @empty}}, 0x0, 0x800, 0x0, 0x0, 0x8a}, 0x9c)
bind$inet6(r3, &(0x7f00004b8fe4)={0xa, 0x4e23, 0x0, @loopback}, 0x1c)
sendto$inet6(r3, &(0x7f0000847fff)='X', 0x34000, 0x0, &(0x7f000005ffe4)={0xa, 0x4e23, 0x0, @loopback}, 0x1c)
setsockopt$inet_sctp6_SCTP_PEER_ADDR_PARAMS(r3, 0x84, 0x9, &(0x7f0000000a00)={0x0, @in6={{0xa, 0x4e23, 0x0, @loopback}}, 0x100, 0x0, 0x0, 0x0, 0x54}, 0x9c)

kernel console output (not intermixed with test programs):

etdevsim1: set [1, 0] type 2 family 0 port 6081 - 0
[  639.396026][ T3626] netdevsim netdevsim7 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0
[  639.396736][ T3626] netdevsim netdevsim7 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0
[  640.993747][T12953] 8021q: adding VLAN 0 to HW filter on device batadv0
[  641.031745][ T3500] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[  641.031769][ T3500] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50
[  641.318691][ T3500] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[  641.318714][ T3500] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50
[  642.557388][T12953] veth0_vlan: entered promiscuous mode
[  642.604414][T12953] veth1_vlan: entered promiscuous mode
[  644.117893][T12953] veth0_macvtap: entered promiscuous mode
[  644.159467][T12953] veth1_macvtap: entered promiscuous mode
[  644.204578][T13099] usb usb8: Requested nonsensical USBDEVFS_URB_ZERO_PACKET.
[  644.402889][T12953] batman_adv: batadv0: Interface activated: batadv_slave_0
[  644.445998][T12953] batman_adv: batadv0: Interface activated: batadv_slave_1
[  644.513668][  T154] netdevsim netdevsim8 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0
[  644.536676][  T154] netdevsim netdevsim8 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0
[  644.546625][  T154] netdevsim netdevsim8 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0
[  644.551801][T12140] netdevsim netdevsim8 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0
[  646.770239][T12140] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[  646.770259][T12140] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50
[  647.215697][T12140] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[  647.215721][T12140] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50
[  649.944880][T13186] netlink: 'syz.8.2756': attribute type 4 has an invalid length.
[  649.944907][T13186] netlink: 3657 bytes leftover after parsing attributes in process `syz.8.2756'.
[  650.029977][T13188] netlink: 68 bytes leftover after parsing attributes in process `syz.9.2757'.
[  650.321095][T13189] loop9: detected capacity change from 0 to 524288000
[  651.800400][T13208] netlink: 68 bytes leftover after parsing attributes in process `syz.8.2764'.
[  652.255755][T13212] loop9: detected capacity change from 0 to 524288000
[  653.178320][T13051] usb 3-1: new high-speed USB device number 12 using dummy_hcd
[  654.553417][T13226] block device autoloading is deprecated and will be removed.
[  655.590934][T13051] usb 3-1: device descriptor read/all, error -71
[  656.297016][T12036] usb 9-1: new high-speed USB device number 2 using dummy_hcd
[  656.457045][T12036] usb 9-1: Using ep0 maxpacket: 8
[  656.467195][T12036] usb 9-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0
[  656.467248][T12036] usb 9-1: New USB device found, idVendor=056a, idProduct=00b8, bcdDevice= 0.00
[  656.467335][T12036] usb 9-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  656.603991][T12036] usb 9-1: config 0 descriptor??
[  658.551666][T12036] usb 9-1: USB disconnect, device number 2
[  659.326052][ T3500] wlan1: No active IBSS STAs - trying to scan for other IBSS networks with same SSID (merge)
[  659.686433][T13273] netlink: 28 bytes leftover after parsing attributes in process `syz.8.2787'.
[  659.998507][T13279] netlink: 76 bytes leftover after parsing attributes in process `syz.8.2790'.
[  660.248816][T13279] mac80211_hwsim hwsim33 wlan1: entered allmulticast mode
[  660.280705][T13279] netlink: 52 bytes leftover after parsing attributes in process `syz.8.2790'.
[  661.546972][T12708] Bluetooth: hci1: command tx timeout
[  662.501661][    C0] vkms_vblank_simulate: vblank timer overrun
[  663.491524][T13050] usb 9-1: new high-speed USB device number 3 using dummy_hcd
[  663.545757][    C0] vkms_vblank_simulate: vblank timer overrun
[  663.721802][T13050] usb 9-1: Using ep0 maxpacket: 16
[  663.727939][T13050] usb 9-1: config 0 interface 0 altsetting 8 endpoint 0x81 has an invalid bInterval 0, changing to 7
[  663.727974][T13050] usb 9-1: config 0 interface 0 has no altsetting 0
[  663.728011][T13050] usb 9-1: New USB device found, idVendor=5543, idProduct=0005, bcdDevice= 0.00
[  663.728035][T13050] usb 9-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  663.766280][T13050] usb 9-1: config 0 descriptor??
[  664.226418][T13050] uclogic 0003:5543:0005.001E: item fetching failed at offset 2/5
[  664.235452][T13050] uclogic 0003:5543:0005.001E: parse failed
[  664.235571][T13050] uclogic 0003:5543:0005.001E: probe with driver uclogic failed with error -22
[  664.453320][T13050] usb 9-1: USB disconnect, device number 3
[  665.579844][    C0] vkms_vblank_simulate: vblank timer overrun
[  665.861569][T13376] xt_socket: unknown flags 0x40
[  666.222597][    C0] vkms_vblank_simulate: vblank timer overrun
[  666.442493][T12036] usb 9-1: new full-speed USB device number 4 using dummy_hcd
[  666.788353][    C0] vkms_vblank_simulate: vblank timer overrun
[  667.126488][    C0] vkms_vblank_simulate: vblank timer overrun
[  667.140323][T12036] usb 9-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0
[  667.140372][T12036] usb 9-1: New USB device found, idVendor=056a, idProduct=00c6, bcdDevice= 0.00
[  667.140396][T12036] usb 9-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  667.194038][T12036] usb 9-1: config 0 descriptor??
[  668.181484][T13400] mac80211_hwsim hwsim26 wlan0: entered promiscuous mode
[  668.207249][T13400] A link change request failed with some changes committed already. Interface wlan0 may have been left with an inconsistent configuration, please check.
[  668.226446][T12036] wacom 0003:056A:00C6.001F: unknown main item tag 0x0
[  668.247441][T12036] wacom 0003:056A:00C6.001F: hidraw0: USB HID v0.00 Device [HID 056a:00c6] on usb-dummy_hcd.8-1/input0
[  668.426524][T13004] usb 9-1: USB disconnect, device number 4
[  668.440792][T13411] netlink: 8 bytes leftover after parsing attributes in process `syz.6.2847'.
[  668.440816][T13411] netlink: 24 bytes leftover after parsing attributes in process `syz.6.2847'.
[  669.556996][T12036] usb 3-1: new full-speed USB device number 14 using dummy_hcd
[  669.733451][T12036] usb 3-1: config 0 interface 0 altsetting 0 endpoint 0xD has an invalid bInterval 0, changing to 10
[  669.733489][T12036] usb 3-1: config 0 interface 0 altsetting 0 endpoint 0xD has invalid wMaxPacketSize 0
[  669.795391][T12036] usb 3-1: New USB device found, idVendor=4752, idProduct=0011, bcdDevice=32.4f
[  669.795423][T12036] usb 3-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  669.795445][T12036] usb 3-1: Product: syz
[  669.795460][T12036] usb 3-1: Manufacturer: syz
[  669.795476][T12036] usb 3-1: SerialNumber: syz
[  669.856185][T12036] usb 3-1: config 0 descriptor??
[  669.871844][T12036] hub 3-1:0.0: bad descriptor, ignoring hub
[  669.871888][T12036] hub 3-1:0.0: probe with driver hub failed with error -5
[  669.901939][T12036] usb 3-1: Quirk or no altset; falling back to MIDI 1.0
[  670.171466][T12036] snd-usb-audio 3-1:0.0: probe with driver snd-usb-audio failed with error -12
[  670.211065][T12036] usb 3-1: USB disconnect, device number 14
[  670.486979][T13004] usb 10-1: new high-speed USB device number 3 using dummy_hcd
[  670.665371][T13004] usb 10-1: New USB device found, idVendor=0572, idProduct=cb01, bcdDevice=26.65
[  670.665404][T13004] usb 10-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  670.665426][T13004] usb 10-1: Product: syz
[  670.665442][T13004] usb 10-1: Manufacturer: syz
[  670.665458][T13004] usb 10-1: SerialNumber: syz
[  670.705768][T13004] usb 10-1: config 0 descriptor??
[  670.995588][T13468] gretap0: entered promiscuous mode
[  670.995894][T13468] vlan2: entered promiscuous mode
[  671.558501][T13004] usb 10-1: ignoring: probably an ADSL modem
[  671.856120][T13004] cxacru 10-1:0.0: usbatm_usb_probe: bind failed: -19!
[  671.924769][T13004] usb 10-1: USB disconnect, device number 3
[  673.175763][T13488] netlink: 148 bytes leftover after parsing attributes in process `syz.2.2879'.
[  673.175829][T13488] netlink: 40 bytes leftover after parsing attributes in process `syz.2.2879'.
[  674.730637][T13508] netlink: 60 bytes leftover after parsing attributes in process `syz.6.2885'.
[  674.731131][T13505] netlink: 60 bytes leftover after parsing attributes in process `syz.6.2885'.
[  675.467628][T13532] netlink: 8 bytes leftover after parsing attributes in process `syz.6.2898'.
[  675.711642][T13547] netlink: 8 bytes leftover after parsing attributes in process `syz.8.2905'.
[  675.712895][T13547] veth0_to_bond: entered allmulticast mode
[  675.759147][T13547] netlink: 8 bytes leftover after parsing attributes in process `syz.8.2905'.
[  676.027601][T13563] No buffer was provided with the request
[  676.262753][T13572] openvswitch: netlink: Flow actions may not be safe on all matching packets.
[  676.891399][T12708] Bluetooth: hci0: link tx timeout
[  676.891734][T12708] Bluetooth: hci0: killing stalled connection 11:aa:aa:aa:aa:aa
[  677.191200][T13004] usb 10-1: new full-speed USB device number 4 using dummy_hcd
[  677.349763][T13004] usb 10-1: config 0 interface 0 altsetting 4 endpoint 0x81 has an invalid bInterval 0, changing to 10
[  677.349802][T13004] usb 10-1: config 0 interface 0 altsetting 4 endpoint 0x81 has invalid maxpacket 1023, setting to 64
[  677.349832][T13004] usb 10-1: config 0 interface 0 has no altsetting 0
[  677.349868][T13004] usb 10-1: New USB device found, idVendor=10c4, idProduct=8acf, bcdDevice= 0.00
[  677.349893][T13004] usb 10-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  677.409278][T13004] usb 10-1: config 0 descriptor??
[  677.411052][T13592] raw-gadget.0 gadget.9: fail, usb_ep_enable returned -22
[  677.944418][T13004] hid-u2fzero 0003:10C4:8ACF.0020: hidraw0: USB HID v0.00 Device [HID 10c4:8acf] on usb-dummy_hcd.9-1/input0
[  677.966567][T13004] hid-u2fzero 0003:10C4:8ACF.0020: U2F Zero LED initialised
[  677.978402][T13004] hid-u2fzero 0003:10C4:8ACF.0020: U2F Zero RNG initialised
[  678.263371][T11004] usb 10-1: USB disconnect, device number 4
[  679.426745][   T61] Bluetooth: hci0: command 0x0406 tx timeout
[  680.244777][   T49] usb 9-1: new high-speed USB device number 5 using dummy_hcd
[  680.528514][   T49] usb 9-1: Using ep0 maxpacket: 8
[  680.646041][   T49] usb 9-1: config 0 interface 0 altsetting 2 endpoint 0x2 has invalid maxpacket 19910, setting to 64
[  680.646077][   T49] usb 9-1: config 0 interface 0 has no altsetting 0
[  680.667682][   T49] usb 9-1: New USB device found, idVendor=0e41, idProduct=4142, bcdDevice=d4.6e
[  680.667704][   T49] usb 9-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  680.667718][   T49] usb 9-1: Product: syz
[  680.667729][   T49] usb 9-1: Manufacturer: syz
[  680.667740][   T49] usb 9-1: SerialNumber: syz
[  680.681444][   T49] usb 9-1: config 0 descriptor??
[  680.686007][T12708] Bluetooth: hci1: unexpected Set CIG Parameters response data
[  680.732774][   T49] snd_usb_toneport 9-1:0.0: Line 6 TonePort UX2 found
[  680.922094][   T49] snd_usb_toneport 9-1:0.0: Line 6 TonePort UX2 now disconnected
[  680.936557][   T49] snd_usb_toneport 9-1:0.0: probe with driver snd_usb_toneport failed with error -22
[  681.601445][ T5886] usb 9-1: USB disconnect, device number 5
[  683.255844][T13673] A link change request failed with some changes committed already. Interface team0 may have been left with an inconsistent configuration, please check.
[  684.054850][T13678] bond1: (slave dummy0): Device is not bonding slave
[  684.054875][T13678] bond1: option active_slave: invalid value (dummy0)
[  684.356982][T13050] usb 9-1: new high-speed USB device number 6 using dummy_hcd
[  684.392444][T13678] bond1 (unregistering): Released all slaves
[  684.505947][T13693] netlink: 68 bytes leftover after parsing attributes in process `syz.9.2967'.
[  684.517036][T13050] usb 9-1: Using ep0 maxpacket: 32
[  684.519850][T13050] usb 9-1: New USB device found, idVendor=055f, idProduct=d001, bcdDevice=88.92
[  684.519879][T13050] usb 9-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  684.568538][T13050] gspca_main: nw80x-2.14.0 probing 055f:d001
[  684.802936][T12708] Bluetooth: hci1: Controller not accepting commands anymore: ncmd = 0
[  684.803144][T12708] Bluetooth: hci1: Injecting HCI hardware error event
[  684.806681][T12708] Bluetooth: hci1: hardware error 0x00
[  685.217351][T13695] loop9: detected capacity change from 0 to 524288000
[  685.702340][T13695] Dev loop9: unable to read RDB block 8
[  685.702526][T13695]  loop9: unable to read partition table
[  685.702779][T13695] loop_reread_partitions: partition scan of loop9 (��������6�tPΪŔ���A���8�*V^��3c) failed (rc=-5)
[  685.919565][T13050] gspca_nw80x: reg_r err -110
[  685.919669][T13050] nw80x 9-1:3.0: probe with driver nw80x failed with error -110
[  687.808670][ T5888] usb 9-1: USB disconnect, device number 6
[  688.187960][T12708] Bluetooth: hci1: Opcode 0x0c03 failed: -110
[  688.402122][T13727] netlink: 40 bytes leftover after parsing attributes in process `syz.6.2979'.
[  690.318681][ T3489] wlan1: No active IBSS STAs - trying to scan for other IBSS networks with same SSID (merge)
[  691.242073][ T1320] ieee802154 phy0 wpan0: encryption failed: -22
[  691.242151][ T1320] ieee802154 phy1 wpan1: encryption failed: -22
[  693.437592][   T38] audit: type=1326 audit(2000000017.910:366): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=13767 comm="syz.8.2995" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f81216aefc9 code=0x7fc00000
[  694.950267][T13829] macvtap1: entered allmulticast mode
[  694.950293][T13829] veth0_macvtap: entered allmulticast mode
[  695.128267][T13833] netlink: 8 bytes leftover after parsing attributes in process `syz.7.3020'.
[  695.128297][T13833] netlink: 8 bytes leftover after parsing attributes in process `syz.7.3020'.
[  695.417178][T13841] netlink: 16 bytes leftover after parsing attributes in process `syz.7.3023'.
[  696.000546][T13859] af_packet: tpacket_rcv: packet too big, clamped from 108 to 4294967272. macoff=96
[  696.307386][T13012] usb 10-1: new high-speed USB device number 5 using dummy_hcd
[  696.456949][T13012] usb 10-1: Using ep0 maxpacket: 8
[  696.459603][T13012] usb 10-1: New USB device found, idVendor=0ccd, idProduct=0039, bcdDevice=90.7b
[  696.459633][T13012] usb 10-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  696.515154][T13012] pvrusb2: Hardware description: Terratec Grabster AV400
[  696.515179][T13012] pvrusb2: **********
[  696.515187][T13012] pvrusb2: ***WARNING*** Support for this device (Terratec Grabster AV400) is experimental.
[  696.515200][T13012] pvrusb2: Important functionality might not be entirely working.
[  696.515210][T13012] pvrusb2: Please consider contacting the driver author to help with further stabilization of the driver.
[  696.515222][T13012] pvrusb2: **********
[  696.713174][ T2364] pvrusb2: Invalid write control endpoint
[  696.818354][   T49] usb 7-1: new high-speed USB device number 2 using dummy_hcd
[  696.959989][T13864] pvrusb2: Invalid write control endpoint
[  696.960837][ T2364] pvrusb2: Invalid write control endpoint
[  696.960851][ T2364] pvrusb2: ***WARNING*** Detected a wedged cx25840 chip; the device will not work.
[  696.960863][ T2364] pvrusb2: ***WARNING*** Try power cycling the pvrusb2 device.
[  696.960871][ T2364] pvrusb2: ***WARNING*** Disabling further access to the device to prevent other foul-ups.
[  696.960889][ T2364] pvrusb2: Device being rendered inoperable
[  696.965579][T13012] usb 10-1: USB disconnect, device number 5
[  697.006930][   T49] usb 7-1: config 1 has an invalid descriptor of length 0, skipping remainder of the config
[  697.006964][   T49] usb 7-1: config 1 has 1 interface, different from the descriptor's value: 3
[  697.010449][   T49] usb 7-1: New USB device found, idVendor=08b7, idProduct=0000, bcdDevice= 0.00
[  697.010490][   T49] usb 7-1: New USB device strings: Mfr=0, Product=0, SerialNumber=3
[  697.010513][   T49] usb 7-1: SerialNumber: syz
[  697.030044][ T2364] cx25840 1-0044: Unable to detect h/w, assuming cx23887
[  697.030193][ T2364] cx25840 1-0044: cx23887 A/V decoder found @ 0x88 (pvrusb2_a)
[  697.116768][ T2364] pvrusb2: Attached sub-driver cx25840
[  697.116786][ T2364] pvrusb2: ***WARNING*** pvrusb2 device hardware appears to be jammed and I can't clear it.
[  697.124195][ T2364] pvrusb2: You might need to power cycle the pvrusb2 device in order to recover.
[  697.349818][   T49] usb 7-1: 0:2 : does not exist
[  697.435208][   T49] usb 7-1: USB disconnect, device number 2
[  697.537460][T13889] input: Bluetooth HID Boot Protocol Device as /devices/virtual/bluetooth/hci0/hci0:200/input43
[  697.853321][T13902] netlink: 8 bytes leftover after parsing attributes in process `syz.8.3051'.
[  698.461657][T13929] Bluetooth: MGMT ver 1.23
[  699.297136][T11004] usb 7-1: new high-speed USB device number 3 using dummy_hcd
[  699.456978][T11004] usb 7-1: Using ep0 maxpacket: 32
[  699.459549][T11004] usb 7-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7
[  699.459582][T11004] usb 7-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0
[  699.459623][T11004] usb 7-1: New USB device found, idVendor=0e8f, idProduct=0012, bcdDevice= 0.00
[  699.459648][T11004] usb 7-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  699.474983][T11004] usb 7-1: config 0 descriptor??
[  699.915059][T11004] greenasia 0003:0E8F:0012.0021: unknown main item tag 0x2
[  699.948918][T11004] greenasia 0003:0E8F:0012.0021: hidraw0: USB HID v0.00 Device [HID 0e8f:0012] on usb-dummy_hcd.6-1/input0
[  699.948956][T11004] greenasia 0003:0E8F:0012.0021: no inputs found
[  700.124364][ T5886] usb 7-1: USB disconnect, device number 3
[  700.245891][T13976] Bluetooth: hci0: invalid length 39, exp 2 for type 29
[  700.287034][T11004] usb 10-1: new high-speed USB device number 6 using dummy_hcd
[  700.443847][T11004] usb 10-1: Using ep0 maxpacket: 32
[  700.446229][T11004] usb 10-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config
[  700.446289][T11004] usb 10-1: config 0 interface 0 altsetting 16 endpoint 0x81 has an invalid bInterval 0, changing to 7
[  700.446318][T11004] usb 10-1: config 0 interface 0 altsetting 16 endpoint 0x81 has invalid wMaxPacketSize 0
[  700.446342][T11004] usb 10-1: config 0 interface 0 altsetting 16 has 1 endpoint descriptor, different from the interface descriptor's value: 5
[  700.446370][T11004] usb 10-1: config 0 interface 0 has no altsetting 0
[  700.446406][T11004] usb 10-1: New USB device found, idVendor=044f, idProduct=b65d, bcdDevice= 0.00
[  700.446429][T11004] usb 10-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  700.461027][T11004] usb 10-1: config 0 descriptor??
[  700.516954][   T61] Bluetooth: hci0: command 0x0406 tx timeout
[  700.536986][T12708] Bluetooth: hci0: Opcode 0x0c1a failed: -110
[  701.561308][T11004] hid-thrustmaster 0003:044F:B65D.0022: unknown main item tag 0x0
[  701.561349][T11004] hid-thrustmaster 0003:044F:B65D.0022: unknown main item tag 0x0
[  701.561380][T11004] hid-thrustmaster 0003:044F:B65D.0022: unknown main item tag 0x0
[  701.561410][T11004] hid-thrustmaster 0003:044F:B65D.0022: unknown main item tag 0x0
[  701.561439][T11004] hid-thrustmaster 0003:044F:B65D.0022: unknown main item tag 0x0
[  701.697415][T11004] hid-thrustmaster 0003:044F:B65D.0022: hidraw0: USB HID v0.00 Device [HID 044f:b65d] on usb-dummy_hcd.9-1/input0
[  701.697855][T11004] hid-thrustmaster 0003:044F:B65D.0022: Wrong number of endpoints?
[  701.728081][    C0] hid-thrustmaster 0003:044F:B65D.0022: Unknown packet type 0x0, unable to proceed further with wheel init
[  701.942822][ T5886] usb 10-1: USB disconnect, device number 6
[  702.335599][T13997] trusted_key: encrypted_key: keyword 'upd' not recognized
[  702.807383][   T49] usb 9-1: new high-speed USB device number 7 using dummy_hcd
[  703.827002][   T49] usb 9-1: Using ep0 maxpacket: 16
[  703.829492][   T49] usb 9-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config
[  703.829556][   T49] usb 9-1: config 0 interface 0 altsetting 0 endpoint 0x82 has an invalid bInterval 0, changing to 7
[  703.829587][   T49] usb 9-1: config 0 interface 0 altsetting 0 endpoint 0x2 has invalid wMaxPacketSize 0
[  703.829609][   T49] usb 9-1: config 0 interface 0 altsetting 0 bulk endpoint 0x2 has invalid maxpacket 0
[  703.829633][   T49] usb 9-1: config 0 interface 0 altsetting 0 has 2 endpoint descriptors, different from the interface descriptor's value: 3
[  703.835921][   T49] usb 9-1: New USB device found, idVendor=2040, idProduct=b138, bcdDevice= 1.42
[  703.835951][   T49] usb 9-1: New USB device strings: Mfr=4, Product=0, SerialNumber=0
[  703.835973][   T49] usb 9-1: Manufacturer: syz
[  703.939290][   T49] usb 9-1: config 0 descriptor??
[  704.636985][   T49] rc_core: IR keymap rc-hauppauge not found
[  704.637008][   T49] Registered IR keymap rc-empty
[  704.637202][   T49] mceusb 9-1:0.0: Error: mce write submit urb error = -90
[  704.954620][   T49] mceusb 9-1:0.0: Error: mce write submit urb error = -90
[  704.968680][   T49] rc rc0: Conexant Hybrid TV (cx231xx) MCE IR no TX as /devices/platform/dummy_hcd.8/usb9/9-1/9-1:0.0/rc/rc0
[  704.971781][   T49] input: Conexant Hybrid TV (cx231xx) MCE IR no TX as /devices/platform/dummy_hcd.8/usb9/9-1/9-1:0.0/rc/rc0/input44
[  705.024585][   T49] mceusb 9-1:0.0: Error: mce write submit urb error = -90
[  705.039166][   T49] mceusb 9-1:0.0: Error: mce write submit urb error = -90
[  705.048037][T14034] program syz.7.3104 is using a deprecated SCSI ioctl, please convert it to SG_IO
[  705.057428][   T49] mceusb 9-1:0.0: Error: mce write submit urb error = -90
[  705.089286][   T49] mceusb 9-1:0.0: Error: mce write submit urb error = -90
[  705.107082][   T49] mceusb 9-1:0.0: Error: mce write submit urb error = -90
[  705.128942][   T49] mceusb 9-1:0.0: Error: mce write submit urb error = -90
[  705.148027][   T49] mceusb 9-1:0.0: Error: mce write submit urb error = -90
[  705.167223][   T49] mceusb 9-1:0.0: Error: mce write submit urb error = -90
[  705.187404][   T49] mceusb 9-1:0.0: Error: mce write submit urb error = -90
[  705.207239][   T49] mceusb 9-1:0.0: Error: mce write submit urb error = -90
[  705.257641][   T49] mceusb 9-1:0.0: Registered 424242424242 with mce emulator interface version 1
[  705.257669][   T49] mceusb 9-1:0.0: 2 tx ports (0x0 cabled) and 2 rx sensors (0x0 active)
[  705.327679][   T49] usb 9-1: USB disconnect, device number 7
[  705.772433][T14044] netlink: 16 bytes leftover after parsing attributes in process `syz.7.3108'.
[  705.773555][T14044] netlink: 16 bytes leftover after parsing attributes in process `syz.7.3108'.
[  707.886972][   T49] usb 9-1: new high-speed USB device number 8 using dummy_hcd
[  708.036985][T13004] usb 3-1: new high-speed USB device number 15 using dummy_hcd
[  708.066948][   T49] usb 9-1: Using ep0 maxpacket: 16
[  708.069613][   T49] usb 9-1: config 0 has no interfaces?
[  708.075796][   T49] usb 9-1: New USB device found, idVendor=0d8c, idProduct=000e, bcdDevice=8e.8f
[  708.075826][   T49] usb 9-1: New USB device strings: Mfr=0, Product=24, SerialNumber=3
[  708.075846][   T49] usb 9-1: Product: syz
[  708.075861][   T49] usb 9-1: SerialNumber: syz
[  708.129232][   T49] usb 9-1: config 0 descriptor??
[  708.239184][T13004] usb 3-1: New USB device found, idVendor=0bed, idProduct=1100, bcdDevice=ec.c3
[  708.239218][T13004] usb 3-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  708.273404][T13004] usb 3-1: config 0 descriptor??
[  708.324722][T13004] cp210x 3-1:0.0: cp210x converter detected
[  708.397138][T11004] usb 9-1: USB disconnect, device number 8
[  708.735460][T13004] cp210x 3-1:0.0: failed to get vendor val 0x000e size 3: -32
[  708.776302][T13004] usb 3-1: cp210x converter now attached to ttyUSB0
[  708.950806][ T5888] usb 3-1: USB disconnect, device number 15
[  708.965221][ T5888] cp210x ttyUSB0: cp210x converter now disconnected from ttyUSB0
[  709.087468][ T5888] cp210x 3-1:0.0: device disconnected
[  712.148533][T14129] netlink: 44 bytes leftover after parsing attributes in process `syz.7.3141'.
[  712.478843][T11004] usb 10-1: new high-speed USB device number 7 using dummy_hcd
[  712.677872][T11004] usb 10-1: Using ep0 maxpacket: 8
[  713.080323][T11004] usb 10-1: config index 0 descriptor too short (expected 301, got 45)
[  713.080392][T11004] usb 10-1: config 16 interface 0 altsetting 0 endpoint 0x5 has invalid wMaxPacketSize 0
[  713.080418][T11004] usb 10-1: config 16 interface 0 altsetting 0 bulk endpoint 0x5 has invalid maxpacket 0
[  713.080444][T11004] usb 10-1: config 16 interface 0 altsetting 0 bulk endpoint 0x8B has invalid maxpacket 32
[  713.080470][T11004] usb 10-1: config 16 interface 0 altsetting 0 has 2 endpoint descriptors, different from the interface descriptor's value: 3
[  713.080514][T11004] usb 10-1: New USB device found, idVendor=ee8d, idProduct=db1e, bcdDevice=61.23
[  713.080539][T11004] usb 10-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  713.319663][T11004] usb 10-1: GET_CAPABILITIES returned 0
[  713.319723][T11004] usbtmc 10-1:16.0: can't read capabilities
[  713.754303][ T5888] usb 10-1: USB disconnect, device number 7
[  713.876948][T14123] Bluetooth: hci2: command 0x0406 tx timeout
[  713.876988][T14123] Bluetooth: hci3: command 0x0406 tx timeout
[  714.042452][   T38] audit: type=1326 audit(2000000038.540:367): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=14164 comm="syz.7.3152" exe="/root/syz-executor" sig=9 arch=c000003e syscall=231 compat=0 ip=0x7fdeb431efc9 code=0x0
[  714.141937][T14170] netlink: 16 bytes leftover after parsing attributes in process `syz.6.3154'.
[  714.480776][T14183] netlink: 16 bytes leftover after parsing attributes in process `syz.9.3160'.
[  715.687840][T14207] skbuff: bad partial csum: csum=65506/2 headroom=162 headlen=65526
[  716.295372][    C1] vkms_vblank_simulate: vblank timer overrun
[  716.550819][T14224] mac80211_hwsim hwsim28 wlan0: entered promiscuous mode
[  716.551062][T14224] macvtap1: entered allmulticast mode
[  716.551078][T14224] mac80211_hwsim hwsim28 wlan0: entered allmulticast mode
[  716.759653][T14224] mac80211_hwsim hwsim28 wlan0: left allmulticast mode
[  716.764169][T14224] mac80211_hwsim hwsim28 wlan0: left promiscuous mode
[  717.426956][ T5888] usb 7-1: new full-speed USB device number 4 using dummy_hcd
[  717.579435][ T5888] usb 7-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid maxpacket 1023, setting to 64
[  717.579488][ T5888] usb 7-1: New USB device found, idVendor=04f3, idProduct=0755, bcdDevice= 0.00
[  717.579513][ T5888] usb 7-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  717.618736][ T5888] usb 7-1: config 0 descriptor??
[  717.620259][T14238] raw-gadget.1 gadget.6: fail, usb_ep_enable returned -22
[  717.731135][T14245] bridge0: port 2(bridge_slave_1) entered disabled state
[  717.739253][T14245] bridge0: port 1(bridge_slave_0) entered disabled state
[  718.110822][ T5888] elan 0003:04F3:0755.0023: hidraw0: USB HID v1.01 Device [HID 04f3:0755] on usb-dummy_hcd.6-1/input0
[  718.296226][ T5888] usb 7-1: USB disconnect, device number 4
[  718.429282][T14245] batman_adv: batadv0: Interface deactivated: batadv_slave_0
[  718.451033][T14245] batman_adv: batadv0: Interface deactivated: batadv_slave_1
[  719.590859][ T3489] netdevsim netdevsim9 netdevsim0: unset [1, 0] type 2 family 0 port 6081 - 0
[  719.646978][ T3489] netdevsim netdevsim9 netdevsim1: unset [1, 0] type 2 family 0 port 6081 - 0
[  719.657295][ T3489] netdevsim netdevsim9 netdevsim2: unset [1, 0] type 2 family 0 port 6081 - 0
[  719.666957][ T3489] netdevsim netdevsim9 netdevsim3: unset [1, 0] type 2 family 0 port 6081 - 0
[  719.844698][T14283] iommufd_mock iommufd_mock0: Adding to iommu group 0
[  719.855414][T14279] netlink: 68 bytes leftover after parsing attributes in process `syz.6.3204'.
[  719.937149][T14286] input: syz1 as /devices/virtual/input/input45
[  720.138002][    C1] vkms_vblank_simulate: vblank timer overrun
[  720.251454][T14297] loop9: detected capacity change from 0 to 524288000
[  720.604162][T14304] openvswitch: netlink: Message has 4 unknown bytes.
[  720.880065][    C1] vkms_vblank_simulate: vblank timer overrun
[  721.197324][T12036] usb 7-1: new high-speed USB device number 5 using dummy_hcd
[  721.381171][T12036] usb 7-1: unable to get BOS descriptor or descriptor too short
[  721.382563][T12036] usb 7-1: config 6 has an invalid interface number: 200 but max is 0
[  721.382589][T12036] usb 7-1: config 6 has no interface number 0
[  721.382640][T12036] usb 7-1: config 6 interface 200 altsetting 8 endpoint 0x1 has an invalid bInterval 0, changing to 7
[  721.382669][T12036] usb 7-1: config 6 interface 200 has no altsetting 0
[  721.386163][T12036] usb 7-1: string descriptor 0 read error: -22
[  721.386325][T12036] usb 7-1: New USB device found, idVendor=05d8, idProduct=810c, bcdDevice=18.5f
[  721.386351][T12036] usb 7-1: New USB device strings: Mfr=9, Product=2, SerialNumber=3
[  721.464661][T12036] dvb-usb: found a 'Artec T14 - USB2.0 DVB-T' in warm state.
[  721.716245][T12036] dvb-usb: will pass the complete MPEG2 transport stream to the software demuxer.
[  721.720836][T12036] dvbdev: DVB: registering new adapter (Artec T14 - USB2.0 DVB-T)
[  721.720907][T12036] usb 7-1: media controller created
[  721.823977][T14335] netlink: 68 bytes leftover after parsing attributes in process `syz.8.3226'.
[  722.132746][    C1] vkms_vblank_simulate: vblank timer overrun
[  722.177275][T12036] dvbdev: dvb_create_media_entity: media entity 'dvb-demux' registered.
[  722.244428][T14342] loop9: detected capacity change from 0 to 524288000
[  722.876291][    C1] vkms_vblank_simulate: vblank timer overrun
[  722.967038][T12036] dvb-usb: bulk message failed: -71 (6/0)
[  722.976010][T12036] dvb-usb: bulk message failed: -71 (6/0)
[  722.976145][T12036] dvb-usb: no frontend was attached by 'Artec T14 - USB2.0 DVB-T'
[  722.980802][T12036] input: IR-receiver inside an USB DVB receiver as /devices/platform/dummy_hcd.6/usb7/7-1/input/input46
[  722.993025][T12036] dvb-usb: schedule remote query interval to 150 msecs.
[  722.993052][T12036] dvb-usb: Artec T14 - USB2.0 DVB-T successfully initialized and connected.
[  723.020421][T12036] usb 7-1: USB disconnect, device number 5
[  723.290989][ T3489] wlan1: No active IBSS STAs - trying to scan for other IBSS networks with same SSID (merge)
[  723.334011][    C1] vkms_vblank_simulate: vblank timer overrun
[  723.496479][    C1] vkms_vblank_simulate: vblank timer overrun
[  724.041650][    C1] vkms_vblank_simulate: vblank timer overrun
[  724.278961][T14366] loop7: detected capacity change from 0 to 7
[  724.279822][T14366] buffer_io_error: 54 callbacks suppressed
[  724.279838][T14366] Buffer I/O error on dev loop7, logical block 0, async page read
[  724.279965][T14366] Buffer I/O error on dev loop7, logical block 0, async page read
[  724.280103][T14366] Buffer I/O error on dev loop7, logical block 0, async page read
[  724.280221][T14366] Buffer I/O error on dev loop7, logical block 0, async page read
[  724.280360][T14366] Buffer I/O error on dev loop7, logical block 0, async page read
[  724.280496][T14366] Buffer I/O error on dev loop7, logical block 0, async page read
[  724.280610][T14366] Buffer I/O error on dev loop7, logical block 0, async page read
[  724.280690][T14366] ldm_validate_partition_table(): Disk read failed.
[  724.280771][T14366] Buffer I/O error on dev loop7, logical block 0, async page read
[  724.280887][T14366] Buffer I/O error on dev loop7, logical block 0, async page read
[  724.281002][T14366] Buffer I/O error on dev loop7, logical block 0, async page read
[  724.281185][T14366] Dev loop7: unable to read RDB block 0
[  724.281500][T14366]  loop7: unable to read partition table
[  724.281764][T14366] loop7: partition table beyond EOD, truncated
[  724.281784][T14366] loop_reread_partitions: partition scan of loop7 (���������S�j̖�P=ý?�}X���	���%��`��ր����5) failed (rc=-5)
[  724.359564][    C1] vkms_vblank_simulate: vblank timer overrun
[  724.835431][    C1] vkms_vblank_simulate: vblank timer overrun
[  724.850516][T12036] dvb-usb: Artec T14 - USB2.0 DVB-T successfully deinitialized and disconnected.
[  725.756038][    C1] vkms_vblank_simulate: vblank timer overrun
[  726.000075][T14400] netlink: 4 bytes leftover after parsing attributes in process `syz.6.3250'.
[  726.302694][T14413] netlink: 8 bytes leftover after parsing attributes in process `syz.2.3258'.
[  726.820046][T14430] tap0: tun_chr_ioctl cmd 1074025678
[  726.820071][T14430] tap0: group set to 0
[  729.813946][T14510] program syz.7.3303 is using a deprecated SCSI ioctl, please convert it to SG_IO
[  729.841929][T14513] vxcan0: tx address claim with dest, not broadcast
[  730.289710][    C1] vkms_vblank_simulate: vblank timer overrun
[  730.438116][    C1] vkms_vblank_simulate: vblank timer overrun
[  731.004864][    C1] vkms_vblank_simulate: vblank timer overrun
[  731.326547][    C1] vkms_vblank_simulate: vblank timer overrun
[  732.307054][T13012] usb 7-1: new high-speed USB device number 6 using dummy_hcd
[  732.476959][T13012] usb 7-1: Using ep0 maxpacket: 32
[  732.482151][T13012] usb 7-1: New USB device found, idVendor=1964, idProduct=0001, bcdDevice=d4.15
[  732.482182][T13012] usb 7-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  732.482204][T13012] usb 7-1: Product: syz
[  732.482220][T13012] usb 7-1: Manufacturer: syz
[  732.482236][T13012] usb 7-1: SerialNumber: syz
[  732.489295][T13012] usb 7-1: config 0 descriptor??
[  732.773077][T13012] RobotFuzz Open Source InterFace, OSIF 7-1:0.0: version d4.15 found at bus 007 address 006
[  732.986097][   T49] usb 7-1: USB disconnect, device number 6
[  733.655363][    C1] vkms_vblank_simulate: vblank timer overrun
[  733.869540][    C1] vkms_vblank_simulate: vblank timer overrun
[  734.410349][    C1] vkms_vblank_simulate: vblank timer overrun
[  734.502850][    C1] vkms_vblank_simulate: vblank timer overrun
[  735.026986][T13012] usb 9-1: new high-speed USB device number 9 using dummy_hcd
[  735.230021][T13012] usb 9-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 255, changing to 11
[  735.230082][T13012] usb 9-1: New USB device found, idVendor=046d, idProduct=c626, bcdDevice= 0.00
[  735.230109][T13012] usb 9-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  735.248669][T13012] usb 9-1: config 0 descriptor??
[  735.697720][T13012] logitech 0003:046D:C626.0024: nested delimiters
[  735.697742][T13012] logitech 0003:046D:C626.0024: item 0 4 2 10 parsing failed
[  735.698608][T13012] logitech 0003:046D:C626.0024: parse failed
[  735.698719][T13012] logitech 0003:046D:C626.0024: probe with driver logitech failed with error -22
[  735.938848][T13012] usb 9-1: USB disconnect, device number 9
[  736.246417][    C1] vkms_vblank_simulate: vblank timer overrun
[  736.306580][T14622] tipc: Failed to obtain node identity
[  736.306610][T14622] tipc: Enabling of bearer <ib:caif0> rejected, failed to enable media
[  737.196006][    C1] vkms_vblank_simulate: vblank timer overrun
[  737.973041][    C1] vkms_vblank_simulate: vblank timer overrun
[  738.397177][    C1] vkms_vblank_simulate: vblank timer overrun
[  738.555056][    C1] vkms_vblank_simulate: vblank timer overrun
[  738.650680][T14652] netlink: 4 bytes leftover after parsing attributes in process `syz.6.3366'.
[  738.887728][T14660] input: syz1 as /devices/virtual/input/input47
[  740.027218][   T61] Bluetooth: hci4: command 0x0406 tx timeout
[  740.245069][    C1] vkms_vblank_simulate: vblank timer overrun
[  740.389931][    C1] vkms_vblank_simulate: vblank timer overrun
[  740.937107][    C1] vkms_vblank_simulate: vblank timer overrun
[  741.296420][    C1] vkms_vblank_simulate: vblank timer overrun
[  741.901590][    C1] vkms_vblank_simulate: vblank timer overrun
[  742.876729][    C1] vkms_vblank_simulate: vblank timer overrun
[  743.022894][    C1] vkms_vblank_simulate: vblank timer overrun
[  743.548855][    C1] vkms_vblank_simulate: vblank timer overrun
[  743.926309][    C1] vkms_vblank_simulate: vblank timer overrun
[  744.260016][   T61] Bluetooth: hci5: unexpected cc 0x0c03 length: 249 > 1
[  744.279782][   T61] Bluetooth: hci5: unexpected cc 0x1003 length: 249 > 9
[  744.285733][   T61] Bluetooth: hci5: unexpected cc 0x1001 length: 249 > 9
[  744.289839][   T61] Bluetooth: hci5: unexpected cc 0x0c23 length: 249 > 4
[  744.290707][   T61] Bluetooth: hci5: unexpected cc 0x0c38 length: 249 > 2
[  744.307032][    C1] vkms_vblank_simulate: vblank timer overrun
[  744.961663][    C1] vkms_vblank_simulate: vblank timer overrun
[  745.265148][    C1] vkms_vblank_simulate: vblank timer overrun
[  745.422980][T14751] netdevsim netdevsim8 netdevsim0: entered promiscuous mode
[  745.536617][T14755] netlink: 8 bytes leftover after parsing attributes in process `syz.7.3411'.
[  745.551402][T14447] Set syz1 is full, maxelem 65536 reached
[  746.027821][    C1] vkms_vblank_simulate: vblank timer overrun
[  746.164674][    C1] vkms_vblank_simulate: vblank timer overrun
[  746.750843][    C1] vkms_vblank_simulate: vblank timer overrun
[  746.954985][T14741] chnl_net:caif_netlink_parms(): no params data found
[  747.023403][T12708] Bluetooth: hci5: command tx timeout
[  747.644471][    C1] vkms_vblank_simulate: vblank timer overrun
[  748.417733][    C1] vkms_vblank_simulate: vblank timer overrun
[  748.575510][    C1] vkms_vblank_simulate: vblank timer overrun
[  748.686249][    C1] vkms_vblank_simulate: vblank timer overrun
[  749.035222][    C1] vkms_vblank_simulate: vblank timer overrun
[  749.067024][T12708] Bluetooth: hci5: command tx timeout
[  749.176594][    C1] vkms_vblank_simulate: vblank timer overrun
[  749.743553][    C1] vkms_vblank_simulate: vblank timer overrun
[  750.045339][    C1] vkms_vblank_simulate: vblank timer overrun
[  751.035365][    C1] vkms_vblank_simulate: vblank timer overrun
[  751.156951][T12708] Bluetooth: hci5: command tx timeout
[  751.242262][T14741] bridge0: port 1(bridge_slave_0) entered blocking state
[  751.242487][T14741] bridge0: port 1(bridge_slave_0) entered disabled state
[  751.242776][T14741] bridge_slave_0: entered allmulticast mode
[  751.278672][T14741] bridge_slave_0: entered promiscuous mode
[  751.293049][T14741] bridge0: port 2(bridge_slave_1) entered blocking state
[  751.293188][T14741] bridge0: port 2(bridge_slave_1) entered disabled state
[  751.293461][T14741] bridge_slave_1: entered allmulticast mode
[  751.296576][T14741] bridge_slave_1: entered promiscuous mode
[  751.753360][T14875] overlayfs: upperdir is in-use as upperdir/workdir of another mount, accessing files from both mounts will result in undefined behavior.
[  751.753408][T14875] overlayfs: workdir is in-use as upperdir/workdir of another mount, accessing files from both mounts will result in undefined behavior.
[  751.800141][T14875] overlayfs: "xino" feature enabled using 2 upper inode bits.
[  751.943567][T14856] syzkaller1: entered promiscuous mode
[  751.943595][T14856] syzkaller1: entered allmulticast mode
[  751.965981][T14741] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link
[  752.110404][    C1] vkms_vblank_simulate: vblank timer overrun
[  752.438540][T14903] netlink: 16 bytes leftover after parsing attributes in process `syz.8.3471'.
[  752.475221][    C1] vkms_vblank_simulate: vblank timer overrun
[  752.476122][T14903] netlink: 16 bytes leftover after parsing attributes in process `syz.8.3471'.
[  752.606571][   T58] netdevsim netdevsim2 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  752.674956][ T1320] ieee802154 phy0 wpan0: encryption failed: -22
[  752.675062][ T1320] ieee802154 phy1 wpan1: encryption failed: -22
[  752.736227][T14741] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link
[  753.227258][T12708] Bluetooth: hci5: command tx timeout
[  753.403483][    C1] vkms_vblank_simulate: vblank timer overrun
[  753.552382][    C1] vkms_vblank_simulate: vblank timer overrun
[  754.098264][    C1] vkms_vblank_simulate: vblank timer overrun
[  754.493564][    C1] vkms_vblank_simulate: vblank timer overrun
[  754.801521][   T58] netdevsim netdevsim2 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  754.895692][T14741] team0: Port device team_slave_0 added
[  754.935436][T14741] team0: Port device team_slave_1 added
[  755.234313][    C1] vkms_vblank_simulate: vblank timer overrun
[  755.312833][   T58] netdevsim netdevsim2 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  755.608416][T14741] batman_adv: batadv0: Adding interface: batadv_slave_0
[  755.608435][T14741] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1532 would solve the problem.
[  755.608462][T14741] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active
[  755.693347][T14984] netlink: 4 bytes leftover after parsing attributes in process `syz.8.3508'.
[  755.693377][T14984] netlink: 4 bytes leftover after parsing attributes in process `syz.8.3508'.
[  755.693392][T14984] netlink: 58 bytes leftover after parsing attributes in process `syz.8.3508'.
[  755.853551][    C1] vkms_vblank_simulate: vblank timer overrun
[  755.896141][   T58] netdevsim netdevsim2 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  755.951791][T14741] batman_adv: batadv0: Adding interface: batadv_slave_1
[  755.951810][T14741] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1532 would solve the problem.
[  755.951840][T14741] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active
[  755.974327][T12140] wlan1: No active IBSS STAs - trying to scan for other IBSS networks with same SSID (merge)
[  756.406482][T14741] hsr_slave_0: entered promiscuous mode
[  756.414408][T14741] hsr_slave_1: entered promiscuous mode
[  756.415537][T14741] debugfs: 'hsr0' already exists in 'hsr'
[  756.415563][T14741] Cannot create hsr debugfs directory
[  756.819719][    C1] vkms_vblank_simulate: vblank timer overrun
[  756.910529][    C1] vkms_vblank_simulate: vblank timer overrun
[  756.967559][T15021] loop9: detected capacity change from 0 to 524288000
[  756.991038][    C1] vkms_vblank_simulate: vblank timer overrun
[  757.153124][    C1] vkms_vblank_simulate: vblank timer overrun
[  757.596157][    C1] vkms_vblank_simulate: vblank timer overrun
[  757.610481][T15021] Dev loop9: unable to read RDB block 8
[  757.610666][T15021]  loop9: unable to read partition table
[  757.610918][T15021] loop_reread_partitions: partition scan of loop9 (��������6�tPΪŔ���A���8�*V^��3c) failed (rc=-5)
[  757.875030][    C1] vkms_vblank_simulate: vblank timer overrun
[  759.830308][    C1] vkms_vblank_simulate: vblank timer overrun
[  759.857205][   T58] bridge_slave_1: left allmulticast mode
[  759.857244][   T58] bridge_slave_1: left promiscuous mode
[  759.857522][   T58] bridge0: port 2(bridge_slave_1) entered disabled state
[  759.955579][   T58] bridge_slave_0: left allmulticast mode
[  759.955611][   T58] bridge_slave_0: left promiscuous mode
[  759.955947][   T58] bridge0: port 1(bridge_slave_0) entered disabled state
[  760.472213][T15083] loop8: detected capacity change from 0 to 8
[  760.488828][T15083] Dev loop8: unable to read RDB block 8
[  760.488885][T15083]  loop8: unable to read partition table
[  760.489148][T15083] loop8: partition table beyond EOD, truncated
[  760.489168][T15083] loop_reread_partitions: partition scan of loop8 (�被x�^>��� ) failed (rc=-5)
[  760.613184][    C1] vkms_vblank_simulate: vblank timer overrun
[  760.793329][    C1] vkms_vblank_simulate: vblank timer overrun
[  763.031844][    C1] vkms_vblank_simulate: vblank timer overrun
[  763.653660][    C1] vkms_vblank_simulate: vblank timer overrun
[  763.726435][    C1] vkms_vblank_simulate: vblank timer overrun
[  763.814929][    C1] vkms_vblank_simulate: vblank timer overrun
[  764.369893][    C1] vkms_vblank_simulate: vblank timer overrun
[  764.691747][    C1] vkms_vblank_simulate: vblank timer overrun
[  764.897431][    C1] vkms_vblank_simulate: vblank timer overrun
[  765.023069][    C1] vkms_vblank_simulate: vblank timer overrun
[  765.163572][   T58] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface
[  765.257684][   T58] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface
[  765.320705][   T58] bond0 (unregistering): Released all slaves
[  765.592159][T15213] syz.7.3611 (15213) used greatest stack depth: 16088 bytes left
[  766.048416][    C1] vkms_vblank_simulate: vblank timer overrun
[  766.321453][    C1] vkms_vblank_simulate: vblank timer overrun
[  766.760541][    C1] vkms_vblank_simulate: vblank timer overrun
[  767.076906][    C1] vkms_vblank_simulate: vblank timer overrun
[  767.662640][    C1] vkms_vblank_simulate: vblank timer overrun
[  768.386362][    C1] vkms_vblank_simulate: vblank timer overrun
[  768.543311][    C1] vkms_vblank_simulate: vblank timer overrun
[  769.061115][    C1] vkms_vblank_simulate: vblank timer overrun
[  769.276969][T13050] usb 9-1: new high-speed USB device number 10 using dummy_hcd
[  769.396762][    C1] vkms_vblank_simulate: vblank timer overrun
[  769.492721][T13050] usb 9-1: config 0 interface 0 altsetting 0 bulk endpoint 0x6 has invalid maxpacket 1023
[  769.492757][T13050] usb 9-1: config 0 interface 0 altsetting 0 has an endpoint descriptor with address 0xBA, changing to 0x8A
[  769.492784][T13050] usb 9-1: config 0 interface 0 altsetting 0 bulk endpoint 0x8A has invalid maxpacket 121
[  769.547929][T13050] usb 9-1: New USB device found, idVendor=2294, idProduct=425b, bcdDevice=a2.10
[  769.547963][T13050] usb 9-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  769.547985][T13050] usb 9-1: Product: syz
[  769.548001][T13050] usb 9-1: Manufacturer: syz
[  769.548016][T13050] usb 9-1: SerialNumber: syz
[  769.596690][T13050] usb 9-1: config 0 descriptor??
[  769.603549][T15265] raw-gadget.0 gadget.8: fail, usb_ep_enable returned -22
[  769.603755][T15265] raw-gadget.0 gadget.8: fail, usb_ep_enable returned -22
[  769.606251][T13050] usb 9-1: ucan: probing device on interface #0
[  769.821942][    C1] vkms_vblank_simulate: vblank timer overrun
[  769.939543][T13012] usb 7-1: new high-speed USB device number 7 using dummy_hcd
[  770.033278][T13050] usb 9-1: ucan: device reported invalid device info
[  770.033303][T13050] usb 9-1: ucan: probe failed; try to update the device firmware
[  770.096008][T13012] usb 7-1: New USB device found, idVendor=055f, idProduct=c230, bcdDevice=b6.a4
[  770.096041][T13012] usb 7-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  770.096063][T13012] usb 7-1: Product: syz
[  770.096078][T13012] usb 7-1: Manufacturer: syz
[  770.096094][T13012] usb 7-1: SerialNumber: syz
[  770.143670][T13012] usb 7-1: config 0 descriptor??
[  770.161668][T13012] gspca_main: sunplus-2.14.0 probing 055f:c230
[  770.214069][    C1] vkms_vblank_simulate: vblank timer overrun
[  770.266258][T11004] usb 9-1: USB disconnect, device number 10
[  770.580272][    C1] vkms_vblank_simulate: vblank timer overrun
[  770.758414][    C1] vkms_vblank_simulate: vblank timer overrun
[  771.243579][    C1] vkms_vblank_simulate: vblank timer overrun
[  771.611683][T13012] gspca_sunplus: reg_r err -110
[  771.611789][T13012] sunplus 7-1:0.0: probe with driver sunplus failed with error -110
[  771.657323][    C1] vkms_vblank_simulate: vblank timer overrun
[  772.177086][    C1] vkms_vblank_simulate: vblank timer overrun
[  772.327698][    C1] vkms_vblank_simulate: vblank timer overrun
[  772.567548][   T58] hsr_slave_0: left promiscuous mode
[  772.611872][   T58] hsr_slave_1: left promiscuous mode
[  772.613054][   T58] batman_adv: batadv0: Interface deactivated: batadv_slave_0
[  772.613082][   T58] batman_adv: batadv0: Removing interface: batadv_slave_0
[  772.674313][   T58] batman_adv: batadv0: Interface deactivated: batadv_slave_1
[  772.674345][   T58] batman_adv: batadv0: Removing interface: batadv_slave_1
[  772.941562][   T58] veth1_macvtap: left promiscuous mode
[  772.941679][   T58] veth0_macvtap: left promiscuous mode
[  772.941950][   T58] veth1_vlan: left promiscuous mode
[  772.942255][   T58] veth0_vlan: left promiscuous mode
[  773.061121][T13050] usb 7-1: USB disconnect, device number 7
[  773.174938][T15341] netlink: 8 bytes leftover after parsing attributes in process `syz.6.3666'.
[  773.174983][T15341] netlink: 8 bytes leftover after parsing attributes in process `syz.6.3666'.
[  773.577221][    C1] vkms_vblank_simulate: vblank timer overrun
[  773.709118][    C1] vkms_vblank_simulate: vblank timer overrun
[  774.076336][    C1] vkms_vblank_simulate: vblank timer overrun
[  774.164272][    C1] vkms_vblank_simulate: vblank timer overrun
[  774.291077][    C1] vkms_vblank_simulate: vblank timer overrun
[  774.523527][    C1] vkms_vblank_simulate: vblank timer overrun
[  774.662432][    C1] vkms_vblank_simulate: vblank timer overrun
[  775.281629][    C1] vkms_vblank_simulate: vblank timer overrun
[  775.427443][    C1] vkms_vblank_simulate: vblank timer overrun
[  775.626501][    C1] vkms_vblank_simulate: vblank timer overrun
[  775.910045][    C1] vkms_vblank_simulate: vblank timer overrun
[  776.064228][    C1] vkms_vblank_simulate: vblank timer overrun
[  776.531990][    C1] vkms_vblank_simulate: vblank timer overrun
[  776.656858][    C1] vkms_vblank_simulate: vblank timer overrun
[  776.658297][T11004] usb 7-1: new high-speed USB device number 8 using dummy_hcd
[  776.739188][    C1] vkms_vblank_simulate: vblank timer overrun
[  776.811212][    C1] vkms_vblank_simulate: vblank timer overrun
[  776.851322][T11004] usb 7-1: Using ep0 maxpacket: 32
[  776.854055][T11004] usb 7-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7
[  776.854089][T11004] usb 7-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid maxpacket 1032, setting to 1024
[  776.854136][T11004] usb 7-1: New USB device found, idVendor=046d, idProduct=c293, bcdDevice= 0.00
[  776.854161][T11004] usb 7-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  776.860560][T11004] usb 7-1: config 0 descriptor??
[  776.861841][T15432] raw-gadget.0 gadget.6: fail, usb_ep_enable returned -22
[  777.075686][    C1] vkms_vblank_simulate: vblank timer overrun
[  777.301660][T11004] logitech 0003:046D:C293.0025: unknown main item tag 0x0
[  777.301762][T11004] logitech 0003:046D:C293.0025: reserved main item tag 0xd
[  777.301790][T11004] logitech 0003:046D:C293.0025: unknown global tag 0xd
[  777.301807][T11004] logitech 0003:046D:C293.0025: item 0 0 1 13 parsing failed
[  777.302722][T11004] logitech 0003:046D:C293.0025: parse failed
[  777.302839][T11004] logitech 0003:046D:C293.0025: probe with driver logitech failed with error -22
[  777.458014][    C1] vkms_vblank_simulate: vblank timer overrun
[  777.512692][T12036] usb 7-1: USB disconnect, device number 8
[  777.539179][   T58] team0 (unregistering): Port device team_slave_1 removed
[  777.646471][    C1] vkms_vblank_simulate: vblank timer overrun
[  777.715405][    C1] vkms_vblank_simulate: vblank timer overrun
[  777.857748][   T58] team0 (unregistering): Port device team_slave_0 removed
[  777.897492][    C1] vkms_vblank_simulate: vblank timer overrun
[  777.968350][    C1] vkms_vblank_simulate: vblank timer overrun
[  778.042007][    C1] vkms_vblank_simulate: vblank timer overrun
[  778.097630][    C1] vkms_vblank_simulate: vblank timer overrun
[  778.324326][    C1] vkms_vblank_simulate: vblank timer overrun
[  779.052611][    C1] vkms_vblank_simulate: vblank timer overrun
[  779.137253][    C1] vkms_vblank_simulate: vblank timer overrun
[  779.213491][    C1] vkms_vblank_simulate: vblank timer overrun
[  779.279689][    C1] vkms_vblank_simulate: vblank timer overrun
[  779.361122][    C1] vkms_vblank_simulate: vblank timer overrun
[  779.415982][    C1] vkms_vblank_simulate: vblank timer overrun
[  779.475181][    C1] vkms_vblank_simulate: vblank timer overrun
[  779.605770][    C1] vkms_vblank_simulate: vblank timer overrun
[  779.734027][    C1] vkms_vblank_simulate: vblank timer overrun
[  779.890439][    C1] vkms_vblank_simulate: vblank timer overrun
[  779.953489][    C1] vkms_vblank_simulate: vblank timer overrun
[  780.047543][    C1] vkms_vblank_simulate: vblank timer overrun
[  780.117207][    C1] vkms_vblank_simulate: vblank timer overrun
[  780.181078][    C1] vkms_vblank_simulate: vblank timer overrun
[  780.308038][    C1] vkms_vblank_simulate: vblank timer overrun
[  780.412343][    C1] vkms_vblank_simulate: vblank timer overrun
[  780.539189][    C1] vkms_vblank_simulate: vblank timer overrun
[  780.691370][    C1] vkms_vblank_simulate: vblank timer overrun
[  780.764182][    C1] vkms_vblank_simulate: vblank timer overrun
[  780.831632][    C1] vkms_vblank_simulate: vblank timer overrun
[  780.902886][    C1] vkms_vblank_simulate: vblank timer overrun
[  780.970563][    C1] vkms_vblank_simulate: vblank timer overrun
[  781.039495][    C1] vkms_vblank_simulate: vblank timer overrun
[  781.916128][T14741] netdevsim netdevsim3 netdevsim0: renamed from eth0
[  781.959208][T14741] netdevsim netdevsim3 netdevsim1: renamed from eth1
[  781.989506][    C1] vkms_vblank_simulate: vblank timer overrun
[  782.089224][T14741] netdevsim netdevsim3 netdevsim2: renamed from eth2
[  782.165884][    C1] vkms_vblank_simulate: vblank timer overrun
[  782.197494][T14741] netdevsim netdevsim3 netdevsim3: renamed from eth3
[  782.553484][    C1] vkms_vblank_simulate: vblank timer overrun
[  782.637485][    C1] vkms_vblank_simulate: vblank timer overrun
[  782.757112][T15624] loop9: detected capacity change from 0 to 524288000
[  782.783140][    C1] vkms_vblank_simulate: vblank timer overrun
[  782.947195][    C1] vkms_vblank_simulate: vblank timer overrun
[  783.013534][    C1] vkms_vblank_simulate: vblank timer overrun
[  783.260149][    C1] vkms_vblank_simulate: vblank timer overrun
[  783.291958][T15624] Dev loop9: unable to read RDB block 8
[  783.292158][T15624]  loop9: unable to read partition table
[  783.292416][T15624] loop_reread_partitions: partition scan of loop9 (��������6�tPΪŔ���A���8�*V^��3c) failed (rc=-5)
[  783.575223][    C1] vkms_vblank_simulate: vblank timer overrun
[  783.979010][    C1] vkms_vblank_simulate: vblank timer overrun
[  784.076705][T14741] 8021q: adding VLAN 0 to HW filter on device bond0
[  784.325614][    C1] vkms_vblank_simulate: vblank timer overrun
[  784.345728][T14741] 8021q: adding VLAN 0 to HW filter on device team0
[  784.394195][ T3175] bridge0: port 1(bridge_slave_0) entered blocking state
[  784.401096][ T3175] bridge0: port 1(bridge_slave_0) entered forwarding state
[  784.511910][ T3175] bridge0: port 2(bridge_slave_1) entered blocking state
[  784.512071][ T3175] bridge0: port 2(bridge_slave_1) entered forwarding state
[  784.962532][T15661] Bluetooth: hci0: service_discovery: expected 4 bytes, got 7 bytes
[  785.001655][T15657] netlink: 14528 bytes leftover after parsing attributes in process `syz.8.3813'.
[  785.080570][T15663] binder: 15662:15663 ioctl c0306201 2000000003c0 returned -22
[  785.263485][T15673] netlink: 'syz.7.3822': attribute type 1 has an invalid length.
[  785.411977][T15679] netlink: 'syz.6.3824': attribute type 4 has an invalid length.
[  785.412001][T15679] netlink: 14345 bytes leftover after parsing attributes in process `syz.6.3824'.
[  785.737445][    C1] vkms_vblank_simulate: vblank timer overrun
[  786.749945][    C1] vkms_vblank_simulate: vblank timer overrun
[  787.196703][    C1] vkms_vblank_simulate: vblank timer overrun
[  787.343716][T15708] hsr_slave_0: hsr_addr_subst_dest: Unknown node
[  787.343928][T15708] hsr_slave_1: hsr_addr_subst_dest: Unknown node
[  787.359905][T15708] hsr_slave_0: hsr_addr_subst_dest: Unknown node
[  787.359998][T15708] hsr_slave_1: hsr_addr_subst_dest: Unknown node
[  787.384466][T15708] hsr_slave_0: hsr_addr_subst_dest: Unknown node
[  787.384562][T15708] hsr_slave_1: hsr_addr_subst_dest: Unknown node
[  787.384898][T15708] hsr_slave_0: hsr_addr_subst_dest: Unknown node
[  787.384977][T15708] hsr_slave_1: hsr_addr_subst_dest: Unknown node
[  787.385257][T15708] hsr_slave_0: hsr_addr_subst_dest: Unknown node
[  787.385336][T15708] hsr_slave_1: hsr_addr_subst_dest: Unknown node
[  787.526340][T14741] 8021q: adding VLAN 0 to HW filter on device batadv0
[  787.793957][T14741] veth0_vlan: entered promiscuous mode
[  787.828755][T14741] veth1_vlan: entered promiscuous mode
[  787.949173][T13004] usb 9-1: new full-speed USB device number 11 using dummy_hcd
[  787.950973][    C1] vkms_vblank_simulate: vblank timer overrun
[  788.185350][T14741] veth0_macvtap: entered promiscuous mode
[  788.377496][T15729] loop9: detected capacity change from 0 to 524288000
[  788.406851][    C1] vkms_vblank_simulate: vblank timer overrun
[  788.580224][    C1] vkms_vblank_simulate: vblank timer overrun
[  788.611123][    C1] vkms_vblank_simulate: vblank timer overrun
[  788.858936][    C1] vkms_vblank_simulate: vblank timer overrun
[  788.954717][    C1] vkms_vblank_simulate: vblank timer overrun
[  788.960746][T13004] usb 9-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config
[  788.960815][T13004] usb 9-1: config 0 interface 0 altsetting 0 endpoint 0x82 has an invalid bInterval 0, changing to 10
[  788.960849][T13004] usb 9-1: config 0 interface 0 altsetting 0 endpoint 0x2 has invalid wMaxPacketSize 0
[  788.960875][T13004] usb 9-1: config 0 interface 0 altsetting 0 has 2 endpoint descriptors, different from the interface descriptor's value: 5
[  788.963221][T13004] usb 9-1: New USB device found, idVendor=2040, idProduct=b138, bcdDevice= 1.42
[  788.963254][T13004] usb 9-1: New USB device strings: Mfr=4, Product=0, SerialNumber=0
[  788.963278][T13004] usb 9-1: Manufacturer: syz
[  788.971933][T13004] usb 9-1: config 0 descriptor??
[  789.038667][T15729] Dev loop9: unable to read RDB block 8
[  789.038853][T15729]  loop9: unable to read partition table
[  789.039126][T15729] loop_reread_partitions: partition scan of loop9 (��������6�tPΪŔ���A���8�*V^��3c) failed (rc=-5)
[  789.051275][ T3489] wlan1: No active IBSS STAs - trying to scan for other IBSS networks with same SSID (merge)
[  789.284208][    C1] vkms_vblank_simulate: vblank timer overrun
[  789.444519][    C1] vkms_vblank_simulate: vblank timer overrun
[  789.991567][    C1] vkms_vblank_simulate: vblank timer overrun
[  790.099368][T14741] veth1_macvtap: entered promiscuous mode
[  790.141838][T14741] batman_adv: batadv0: Interface activated: batadv_slave_0
[  790.160969][T14741] batman_adv: batadv0: Interface activated: batadv_slave_1
[  790.182014][ T3500] netdevsim netdevsim3 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0
[  790.182472][ T3500] netdevsim netdevsim3 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0
[  790.182514][ T3500] netdevsim netdevsim3 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0
[  790.182553][ T3500] netdevsim netdevsim3 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0
[  790.457670][T13004] rc_core: IR keymap rc-hauppauge not found
[  790.457690][T13004] Registered IR keymap rc-empty
[  790.457830][T13004] mceusb 9-1:0.0: Error: mce write submit urb error = -90
[  790.475539][T15741] bridge1: entered promiscuous mode
[  790.475570][T15741] bridge1: entered allmulticast mode
[  790.477135][T13004] mceusb 9-1:0.0: Error: mce write submit urb error = -90
[  790.488092][T15741] team0: Port device bridge1 added
[  790.496698][T15742] bridge0: port 3(team0) entered blocking state
[  790.498884][T13004] rc rc0: Conexant Hybrid TV (cx231xx) MCE IR no TX as /devices/platform/dummy_hcd.8/usb9/9-1/9-1:0.0/rc/rc0
[  790.524765][T13004] input: Conexant Hybrid TV (cx231xx) MCE IR no TX as /devices/platform/dummy_hcd.8/usb9/9-1/9-1:0.0/rc/rc0/input48
[  790.541382][T15742] bridge0: port 3(team0) entered disabled state
[  790.542404][T15742] team0: entered allmulticast mode
[  790.542427][T15742] team_slave_0: entered allmulticast mode
[  790.542583][T15742] team_slave_1: entered allmulticast mode
[  790.554797][T13004] mceusb 9-1:0.0: Error: mce write submit urb error = -90
[  790.569325][T13004] mceusb 9-1:0.0: Error: mce write submit urb error = -90
[  790.617631][T15742] team0: entered promiscuous mode
[  790.617657][T15742] team_slave_0: entered promiscuous mode
[  790.620921][T15742] team_slave_1: entered promiscuous mode
[  790.642412][T13004] mceusb 9-1:0.0: Error: mce write submit urb error = -90
[  790.660793][T13004] mceusb 9-1:0.0: Error: mce write submit urb error = -90
[  790.677095][T13004] mceusb 9-1:0.0: Error: mce write submit urb error = -90
[  790.689449][T15742] bridge0: port 3(team0) entered blocking state
[  790.689654][T15742] bridge0: port 3(team0) entered forwarding state
[  790.698504][T13004] mceusb 9-1:0.0: Error: mce write submit urb error = -90
[  790.716964][T13004] mceusb 9-1:0.0: Error: mce write submit urb error = -90
[  790.736978][T13004] mceusb 9-1:0.0: Error: mce write submit urb error = -90
[  790.757053][T13004] mceusb 9-1:0.0: Error: mce write submit urb error = -90
[  790.777095][T13004] mceusb 9-1:0.0: Error: mce write submit urb error = -90
[  790.796957][T13004] mceusb 9-1:0.0: Error: mce write submit urb error = -90
[  790.885759][T13004] mceusb 9-1:0.0: Registered 424242424242 with mce emulator interface version 1
[  790.885787][T13004] mceusb 9-1:0.0: 2 tx ports (0x0 cabled) and 2 rx sensors (0x0 active)
[  790.911884][T13004] usb 9-1: USB disconnect, device number 11
[  790.959910][ T3175] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[  790.959932][ T3175] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50
[  791.159149][   T37] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[  791.159171][   T37] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50
[  792.420458][T15801] netlink: 'syz.8.3872': attribute type 10 has an invalid length.
[  792.498177][T15801] bond0: (slave bond_slave_0): Releasing backup interface
[  793.027161][    C1] vkms_vblank_simulate: vblank timer overrun
[  794.405036][    C1] vkms_vblank_simulate: vblank timer overrun
[  794.719261][T15880] syzkaller1: entered promiscuous mode
[  794.719289][T15880] syzkaller1: entered allmulticast mode
[  795.669231][   T38] audit: type=1326 audit(2000000120.170:368): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=15927 comm="syz.7.3931" exe="/root/syz-executor" sig=31 arch=c000003e syscall=202 compat=0 ip=0x7fdeb431efc9 code=0x0
[  796.902688][T15973] netlink: 8 bytes leftover after parsing attributes in process `syz.7.3951'.
[  797.273259][T15983] netlink: 'syz.3.3956': attribute type 29 has an invalid length.
[  797.304570][T15983] netlink: 'syz.3.3956': attribute type 29 has an invalid length.
[  799.040709][   T49] IPVS: starting estimator thread 0...
[  799.061306][T16043] net_ratelimit: 68 callbacks suppressed
[  799.061330][T16043] IPVS: wrr: SCTP 172.20.20.187:0 - no destination available
[  799.147112][T16044] IPVS: using max 8 ests per chain, 19200 per kthread
[  799.515891][    C1] vkms_vblank_simulate: vblank timer overrun
[  799.547153][   T61] Bluetooth: hci3: command 0x1003 tx timeout
[  799.547487][T12708] Bluetooth: hci3: Opcode 0x1003 failed: -110
[  799.613686][    C1] vkms_vblank_simulate: vblank timer overrun
[  799.747244][T13004] hid-generic 0000:0000:0000.0026: unknown main item tag 0x0
[  799.788618][    C1] vkms_vblank_simulate: vblank timer overrun
[  799.888188][T13004] hid-generic 0000:0000:0000.0026: hidraw0: <UNKNOWN> HID v0.00 Device [syz1] on syz0
[  800.362006][T16086] netlink: 64 bytes leftover after parsing attributes in process `syz.7.4003'.
[  800.439427][T13004] IPVS: starting estimator thread 0...
[  800.450651][T16088] IPVS: sh: UDP 224.0.0.2:0 - no destination available
[  800.537172][T16091] IPVS: using max 7 ests per chain, 16800 per kthread
[  800.733492][    C1] vkms_vblank_simulate: vblank timer overrun
[  801.018685][T16114] sch_tbf: burst 4394 is lower than device lo mtu (65550) !
[  801.188858][    C1] vkms_vblank_simulate: vblank timer overrun
[  802.108237][    C1] vkms_vblank_simulate: vblank timer overrun
[  802.152469][T16129] netlink: 48 bytes leftover after parsing attributes in process `syz.6.4022'.
[  802.767106][T13051] usb 4-1: new high-speed USB device number 14 using dummy_hcd
[  802.919614][T13051] usb 4-1: too many endpoints for config 0 interface 0 altsetting 0: 196, using maximum allowed: 30
[  802.919663][T13051] usb 4-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7
[  802.919692][T13051] usb 4-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0
[  802.919715][T13051] usb 4-1: config 0 interface 0 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 196
[  802.919759][T13051] usb 4-1: New USB device found, idVendor=04d9, idProduct=a055, bcdDevice= 0.00
[  802.919783][T13051] usb 4-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  803.000532][T13051] usb 4-1: config 0 descriptor??
[  803.298314][T16179] netlink: 96 bytes leftover after parsing attributes in process `syz.7.4046'.
[  803.423432][T13051] holtek_kbd 0003:04D9:A055.0027: item fetching failed at offset 0/1
[  803.435673][T13051] holtek_kbd 0003:04D9:A055.0027: probe with driver holtek_kbd failed with error -22
[  803.622247][T16151] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy
[  803.622693][T16151] misc raw-gadget: fail, usb_gadget_register_driver returned -16
[  803.645785][   T49] usb 4-1: USB disconnect, device number 14
[  803.664722][T16193] netlink: 68 bytes leftover after parsing attributes in process `syz.6.4052'.
[  803.951144][    C1] vkms_vblank_simulate: vblank timer overrun
[  804.143371][T16202] loop9: detected capacity change from 0 to 524288000
[  804.335156][    C1] vkms_vblank_simulate: vblank timer overrun
[  804.439171][    C1] vkms_vblank_simulate: vblank timer overrun
[  804.630071][    C1] vkms_vblank_simulate: vblank timer overrun
[  804.725706][T16202] Dev loop9: unable to read RDB block 8
[  804.725905][T16202]  loop9: unable to read partition table
[  804.726176][T16202] loop_reread_partitions: partition scan of loop9 (��������6�tPΪŔ���A���8�*V^��3c) failed (rc=-5)
[  804.915605][    C1] vkms_vblank_simulate: vblank timer overrun
[  805.493695][T16227] netlink: 8 bytes leftover after parsing attributes in process `syz.7.4066'.
[  806.282974][   T38] audit: type=1326 audit(2000000130.780:369): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=16242 comm="syz.3.4074" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7ff2cce4efc9 code=0x7ffc0000
[  806.283187][   T38] audit: type=1326 audit(2000000130.780:370): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=16242 comm="syz.3.4074" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7ff2cce4efc9 code=0x7ffc0000
[  806.283610][   T38] audit: type=1326 audit(2000000130.780:371): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=16242 comm="syz.3.4074" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7ff2cce4efc9 code=0x7ffc0000
[  806.341782][   T38] audit: type=1326 audit(2000000130.840:372): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=16242 comm="syz.3.4074" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7ff2cce4efc9 code=0x7ffc0000
[  806.344971][   T38] audit: type=1326 audit(2000000130.840:373): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=16242 comm="syz.3.4074" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7ff2cce4efc9 code=0x7ffc0000
[  807.296915][ T5888] usb 7-1: new high-speed USB device number 9 using dummy_hcd
[  807.456941][ T5888] usb 7-1: Using ep0 maxpacket: 16
[  807.459697][ T5888] usb 7-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7
[  807.459732][ T5888] usb 7-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0
[  807.459773][ T5888] usb 7-1: New USB device found, idVendor=04d8, idProduct=00dd, bcdDevice= 0.00
[  807.459799][ T5888] usb 7-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  807.466439][ T5888] usb 7-1: config 0 descriptor??
[  807.914843][ T5888] mcp2221 0003:04D8:00DD.0028: unknown main item tag 0x0
[  807.914885][ T5888] mcp2221 0003:04D8:00DD.0028: unknown main item tag 0x0
[  807.914914][ T5888] mcp2221 0003:04D8:00DD.0028: unknown main item tag 0x0
[  807.914942][ T5888] mcp2221 0003:04D8:00DD.0028: unknown main item tag 0x0
[  807.914971][ T5888] mcp2221 0003:04D8:00DD.0028: unknown main item tag 0x0
[  807.916030][ T5888] mcp2221 0003:04D8:00DD.0028: USB HID v0.05 Device [HID 04d8:00dd] on usb-dummy_hcd.6-1/input0
[  808.263678][ T5888] usb 7-1: USB disconnect, device number 9
[  808.310812][T16282] input: syz0 as /devices/virtual/input/input49
[  808.372043][T16284] sock: sock_set_timeout: `syz.3.4093' (pid 16284) tries to set negative timeout
[  808.882818][    C1] vkms_vblank_simulate: vblank timer overrun
[  809.052886][    C1] vkms_vblank_simulate: vblank timer overrun
[  809.550151][    C1] vkms_vblank_simulate: vblank timer overrun
[  809.903302][    C1] vkms_vblank_simulate: vblank timer overrun
[  810.048515][T16306] block nbd3: Unsupported socket: should be TCP or UNIX.
[  810.465237][    C1] vkms_vblank_simulate: vblank timer overrun
[  811.052682][    C1] vkms_vblank_simulate: vblank timer overrun
[  811.289783][    C1] vkms_vblank_simulate: vblank timer overrun
[  812.115829][    C1] vkms_vblank_simulate: vblank timer overrun
[  812.333076][    C1] vkms_vblank_simulate: vblank timer overrun
[  813.104730][    C1] vkms_vblank_simulate: vblank timer overrun
[  814.111847][ T1320] ieee802154 phy0 wpan0: encryption failed: -22
[  814.115128][ T1320] ieee802154 phy1 wpan1: encryption failed: -22
[  814.226876][   T49] usb 4-1: new high-speed USB device number 15 using dummy_hcd
[  814.389327][   T49] usb 4-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7
[  814.389362][   T49] usb 4-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0
[  814.389387][   T49] usb 4-1: config 0 interface 0 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 21
[  814.389431][   T49] usb 4-1: New USB device found, idVendor=047f, idProduct=ffff, bcdDevice= 0.00
[  814.389455][   T49] usb 4-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  814.453020][   T49] usb 4-1: config 0 descriptor??
[  814.955802][   T49] plantronics 0003:047F:FFFF.0029: hiddev0,hidraw0: USB HID v0.40 Device [HID 047f:ffff] on usb-dummy_hcd.3-1/input0
[  815.178875][T16458] netlink: 68 bytes leftover after parsing attributes in process `syz.8.4165'.
[  815.457753][    C1] vkms_vblank_simulate: vblank timer overrun
[  815.617856][T16470] loop9: detected capacity change from 0 to 524288000
[  815.633397][    C1] vkms_vblank_simulate: vblank timer overrun
[  815.823463][    C1] vkms_vblank_simulate: vblank timer overrun
[  816.184836][T16470]  loop9: unable to read partition table
[  816.185109][T16470] loop_reread_partitions: partition scan of loop9 (��������6�tPΪŔ���A���8�*V^��3c) failed (rc=-5)
[  816.185860][    C1] vkms_vblank_simulate: vblank timer overrun
[  816.640900][T13051] hid-generic 0000:0003:0001.002A: unknown main item tag 0x0
[  816.640939][T13051] hid-generic 0000:0003:0001.002A: unknown main item tag 0x0
[  816.663593][T13051] hid-generic 0000:0003:0001.002A: hidraw1: <UNKNOWN> HID v0.03 Device [syz0] on syz1
[  817.130853][T12036] usb 4-1: USB disconnect, device number 15
[  817.673600][T16519] pim6reg1: entered promiscuous mode
[  817.673629][T16519] pim6reg1: entered allmulticast mode
[  817.850207][    C1] vkms_vblank_simulate: vblank timer overrun
[  817.902447][T16529] netlink: 68 bytes leftover after parsing attributes in process `syz.6.4197'.
[  818.194731][    C1] vkms_vblank_simulate: vblank timer overrun
[  818.197028][   T49] usb 4-1: new high-speed USB device number 16 using dummy_hcd
[  818.402915][T16532] loop9: detected capacity change from 0 to 524288000
[  818.413932][    C1] vkms_vblank_simulate: vblank timer overrun
[  818.596686][    C1] vkms_vblank_simulate: vblank timer overrun
[  818.915870][    C1] vkms_vblank_simulate: vblank timer overrun
[  818.930984][T16532] Dev loop9: unable to read RDB block 8
[  818.931163][T16532]  loop9: unable to read partition table
[  818.931431][T16532] loop_reread_partitions: partition scan of loop9 (��������6�tPΪŔ���A���8�*V^��3c) failed (rc=-5)
[  819.219672][    C1] vkms_vblank_simulate: vblank timer overrun
[  819.241344][   T49] usb 4-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7
[  819.241378][   T49] usb 4-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0
[  819.241402][   T49] usb 4-1: config 0 interface 0 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 21
[  819.241447][   T49] usb 4-1: New USB device found, idVendor=047f, idProduct=ffff, bcdDevice= 0.00
[  819.241472][   T49] usb 4-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  819.304655][   T49] usb 4-1: config 0 descriptor??
[  819.724016][T16520] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy
[  819.724493][T16520] misc raw-gadget: fail, usb_gadget_register_driver returned -16
[  819.795865][   T49] plantronics 0003:047F:FFFF.002B: hiddev0,hidraw0: USB HID v0.40 Device [HID 047f:ffff] on usb-dummy_hcd.3-1/input0
[  819.845707][T16554] iommufd_mock iommufd_mock0: Adding to iommu group 0
[  820.012382][T13012] usb 4-1: USB disconnect, device number 16
[  820.054910][T16560] hsr0: entered allmulticast mode
[  820.054935][T16560] hsr_slave_0: entered allmulticast mode
[  820.054958][T16560] hsr_slave_1: entered allmulticast mode
[  820.111131][T16560] hsr_slave_0: left promiscuous mode
[  820.154488][T16560] hsr_slave_1: left promiscuous mode
[  820.380907][T16560] hsr0 (unregistering): left allmulticast mode
[  820.511973][ T1477] kworker/u8:7 (1477) used greatest stack depth: 12280 bytes left
[  821.328307][ T3626] wlan1: No active IBSS STAs - trying to scan for other IBSS networks with same SSID (merge)
[  821.853908][T16632] bridge1: entered allmulticast mode
[  822.439560][    C1] vkms_vblank_simulate: vblank timer overrun
[  823.139511][    C1] vkms_vblank_simulate: vblank timer overrun
[  823.377897][T16659] netlink: 12 bytes leftover after parsing attributes in process `syz.3.4256'.
[  823.929469][ T5888] usb 4-1: new high-speed USB device number 17 using dummy_hcd
[  824.111448][    C1] vkms_vblank_simulate: vblank timer overrun
[  824.127396][ T5888] usb 4-1: Using ep0 maxpacket: 32
[  824.142171][ T5888] usb 4-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7
[  824.142204][ T5888] usb 4-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0
[  824.142247][ T5888] usb 4-1: New USB device found, idVendor=046d, idProduct=c31c, bcdDevice= 0.40
[  824.142272][ T5888] usb 4-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  824.160239][ T5888] usb 4-1: config 0 descriptor??
[  824.173631][ T5888] hub 4-1:0.0: USB hub found
[  824.396500][ T5888] hub 4-1:0.0: 1 port detected
[  825.148246][    C1] vkms_vblank_simulate: vblank timer overrun
[  825.152162][ T5888] hub 4-1:0.0: activate --> -90
[  826.097162][    C1] vkms_vblank_simulate: vblank timer overrun
[  826.119427][   T49] usb 4-1: USB disconnect, device number 17
[  827.359334][   T49] usb 4-1: new high-speed USB device number 18 using dummy_hcd
[  827.509597][   T49] usb 4-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7
[  827.509631][   T49] usb 4-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0
[  827.514290][   T49] usb 4-1: New USB device found, idVendor=256c, idProduct=006d, bcdDevice= 0.00
[  827.514323][   T49] usb 4-1: New USB device strings: Mfr=2, Product=0, SerialNumber=0
[  827.514345][   T49] usb 4-1: Manufacturer: syz
[  827.532000][   T49] usb 4-1: config 0 descriptor??
[  827.689169][T16773] netlink: 12 bytes leftover after parsing attributes in process `syz.7.4305'.
[  828.802576][   T49] uclogic 0003:256C:006D.002C: v1 frame probing failed: -71
[  828.802681][   T49] uclogic 0003:256C:006D.002C: failed probing parameters: -71
[  828.802797][   T49] uclogic 0003:256C:006D.002C: probe with driver uclogic failed with error -71
[  828.811054][   T49] usb 4-1: USB disconnect, device number 18
[  829.131373][T16821] kvm_intel: kvm [16819]: vcpu0, guest rIP: 0xfff0 Unhandled WRMSR(0x1d9) = 0x11
[  829.765622][ T3500] nci: nci_ntf_packet: unsupported ntf opcode 0xf13
[  830.307155][T13051] usb 4-1: new full-speed USB device number 19 using dummy_hcd
[  830.870100][T13051] usb 4-1: New USB device found, idVendor=0bed, idProduct=1100, bcdDevice=ec.c3
[  830.870164][T13051] usb 4-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  831.090365][T13051] usb 4-1: config 0 descriptor??
[  831.094804][T13051] cp210x 4-1:0.0: cp210x converter detected
[  831.196623][    C1] vkms_vblank_simulate: vblank timer overrun
[  831.254678][    C1] vkms_vblank_simulate: vblank timer overrun
[  831.374490][    C1] vkms_vblank_simulate: vblank timer overrun
[  831.506121][T13051] usb 4-1: cp210x converter now attached to ttyUSB0
[  831.679453][    C1] vkms_vblank_simulate: vblank timer overrun
[  831.720399][T13051] usb 4-1: USB disconnect, device number 19
[  832.318304][T13051] cp210x ttyUSB0: cp210x converter now disconnected from ttyUSB0
[  832.437255][T13051] cp210x 4-1:0.0: device disconnected
[  832.567057][    C1] vkms_vblank_simulate: vblank timer overrun
[  833.829455][    C1] vkms_vblank_simulate: vblank timer overrun
[  833.834331][T12036] usb 7-1: new high-speed USB device number 10 using dummy_hcd
[  833.997334][T12036] usb 7-1: New USB device found, idVendor=1a86, idProduct=7522, bcdDevice=35.36
[  833.997367][T12036] usb 7-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  833.997388][T12036] usb 7-1: Product: syz
[  833.997403][T12036] usb 7-1: Manufacturer: syz
[  833.997419][T12036] usb 7-1: SerialNumber: syz
[  834.018648][T12036] usb 7-1: config 0 descriptor??
[  834.041026][T12036] ch341 7-1:0.0: ch341-uart converter detected
[  835.990653][    C1] vkms_vblank_simulate: vblank timer overrun
[  835.995023][T12036] usb 7-1: failed to send control message: -110
[  835.995083][T12036] ch341-uart ttyUSB0: probe with driver ch341-uart failed with error -110
[  836.063450][T13004] usb 7-1: USB disconnect, device number 10
[  836.066315][T13004] ch341 7-1:0.0: device disconnected
[  836.329153][T16958] netlink: 68 bytes leftover after parsing attributes in process `syz.7.4384'.
[  836.935354][T16986] batadv_slave_1: entered promiscuous mode
[  836.936261][T16983] batadv_slave_1: left promiscuous mode
[  837.373028][T17003] netlink: 12 bytes leftover after parsing attributes in process `syz.8.4407'.
[  837.534825][T17006] ALSA: seq fatal error: cannot create timer (-16)
[  837.612181][T17018] netlink: 28 bytes leftover after parsing attributes in process `syz.6.4414'.
[  837.612211][T17018] netlink: 28 bytes leftover after parsing attributes in process `syz.6.4414'.
[  837.614415][T17018] netlink: 28 bytes leftover after parsing attributes in process `syz.6.4414'.
[  837.614442][T17018] netlink: 28 bytes leftover after parsing attributes in process `syz.6.4414'.
[  837.977980][    C1] vkms_vblank_simulate: vblank timer overrun
[  838.937724][    C1] vkms_vblank_simulate: vblank timer overrun
[  839.304386][T17051] netlink: 52 bytes leftover after parsing attributes in process `syz.3.4424'.
[  839.407697][    C1] vkms_vblank_simulate: vblank timer overrun
[  840.237399][    C1] vkms_vblank_simulate: vblank timer overrun
[  840.661810][T17075] loop9: detected capacity change from 0 to 524288000
[  840.781852][    C1] vkms_vblank_simulate: vblank timer overrun
[  840.982027][    C1] vkms_vblank_simulate: vblank timer overrun
[  841.148954][    C1] vkms_vblank_simulate: vblank timer overrun
[  841.740097][T13051] usb 7-1: new high-speed USB device number 11 using dummy_hcd
[  841.986308][T13051] usb 7-1: Using ep0 maxpacket: 8
[  842.225216][    C1] vkms_vblank_simulate: vblank timer overrun
[  842.456944][T13051] usb 7-1: config 0 has an invalid interface number: 55 but max is 0
[  842.456972][T13051] usb 7-1: config 0 has no interface number 0
[  842.457024][T13051] usb 7-1: config 0 interface 55 altsetting 0 has an invalid descriptor for endpoint zero, skipping
[  842.457048][T13051] usb 7-1: config 0 interface 55 altsetting 0 has an endpoint descriptor with address 0xAB, changing to 0x8B
[  842.457074][T13051] usb 7-1: config 0 interface 55 altsetting 0 endpoint 0x8B has an invalid bInterval 0, changing to 7
[  842.457101][T13051] usb 7-1: config 0 interface 55 altsetting 0 has 3 endpoint descriptors, different from the interface descriptor's value: 2
[  842.457148][T13051] usb 7-1: New USB device found, idVendor=0f11, idProduct=1080, bcdDevice=fc.6a
[  842.457173][T13051] usb 7-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  842.486301][T13051] usb 7-1: config 0 descriptor??
[  842.517254][T13051] ldusb 7-1:0.55: LD USB Device #0 now attached to major 180 minor 0
[  842.722114][T13051] usb 7-1: USB disconnect, device number 11
[  842.728576][T13051] ldusb 7-1:0.55: LD USB Device #0 now disconnected
[  843.317751][T17134] netlink: 'syz.7.4461': attribute type 22 has an invalid length.
[  843.317776][T17134] netlink: 168 bytes leftover after parsing attributes in process `syz.7.4461'.
[  845.490996][    C1] vkms_vblank_simulate: vblank timer overrun
[  845.635184][    C1] vkms_vblank_simulate: vblank timer overrun
[  846.150752][    C1] vkms_vblank_simulate: vblank timer overrun
[  846.506183][    C1] vkms_vblank_simulate: vblank timer overrun
[  846.634948][T17208] uprobe: syz.8.4494:17208 failed to unregister, leaking uprobe
[  846.649755][T17214] netlink: 'syz.7.4495': attribute type 1 has an invalid length.
[  846.711040][T17214] 8021q: adding VLAN 0 to HW filter on device bond1
[  846.714382][T17218] netlink: 4 bytes leftover after parsing attributes in process `syz.7.4495'.
[  848.144456][    C1] vkms_vblank_simulate: vblank timer overrun
[  848.228819][    C1] vkms_vblank_simulate: vblank timer overrun
[  848.332630][    C1] vkms_vblank_simulate: vblank timer overrun
[  848.384244][T17218] bond1 (unregistering): Released all slaves
[  849.276915][T12036] usb 7-1: new high-speed USB device number 12 using dummy_hcd
[  849.444516][T12036] usb 7-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7
[  849.444569][T12036] usb 7-1: New USB device found, idVendor=0926, idProduct=3333, bcdDevice= 0.40
[  849.444594][T12036] usb 7-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  849.538239][T12036] usb 7-1: config 0 descriptor??
[  849.756663][T12036] usbhid 7-1:0.0: can't add hid device: -71
[  849.762974][T12036] usbhid 7-1:0.0: probe with driver usbhid failed with error -71
[  849.775729][T12036] usb 7-1: USB disconnect, device number 12
[  850.226872][T12036] usb 7-1: new high-speed USB device number 13 using dummy_hcd
[  850.377965][T12036] usb 7-1: Using ep0 maxpacket: 32
[  850.380583][T12036] usb 7-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7
[  850.380633][T12036] usb 7-1: New USB device found, idVendor=0f11, idProduct=1021, bcdDevice= 0.40
[  850.380658][T12036] usb 7-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  850.436961][T12036] usb 7-1: config 0 descriptor??
[  850.459692][T12036] ldusb 7-1:0.0: Interrupt out endpoint not found (using control endpoint instead)
[  850.478850][T12036] ldusb 7-1:0.0: LD USB Device #0 now attached to major 180 minor 0
[  850.860921][ T5888] usb 7-1: USB disconnect, device number 13
[  850.874444][ T5888] ldusb 7-1:0.0: LD USB Device #0 now disconnected
[  851.177702][T17344] overlayfs: upper fs does not support RENAME_WHITEOUT.
[  851.177740][T17344] overlayfs: failed to set xattr on upper
[  851.177750][T17344] overlayfs: ...falling back to redirect_dir=nofollow.
[  851.177760][T17344] overlayfs: ...falling back to metacopy=off.
[  851.177768][T17344] overlayfs: ...falling back to index=off.
[  851.177776][T17344] overlayfs: ...falling back to uuid=null.
[  852.166910][T11004] usb 7-1: new high-speed USB device number 14 using dummy_hcd
[  852.319506][T11004] usb 7-1: config 1 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7
[  852.323276][T11004] usb 7-1: New USB device found, idVendor=0525, idProduct=a4a1, bcdDevice= 0.40
[  852.323305][T11004] usb 7-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  852.323327][T11004] usb 7-1: Product: syz
[  852.323343][T11004] usb 7-1: Manufacturer: syz
[  852.323358][T11004] usb 7-1: SerialNumber: syz
[  853.382237][T11004] cdc_ncm 7-1:1.0: MAC-Address: 42:42:42:42:42:42
[  853.382276][T11004] cdc_ncm 7-1:1.0: dwNtbInMaxSize=16 is too small. Using 2048
[  853.382295][T11004] cdc_ncm 7-1:1.0: setting rx_max = 2048
[  853.621381][    C1] vkms_vblank_simulate: vblank timer overrun
[  853.646630][ T3626] wlan1: No active IBSS STAs - trying to scan for other IBSS networks with same SSID (merge)
[  853.785384][T11004] cdc_ncm 7-1:1.0: setting tx_max = 88
[  853.827941][T11004] cdc_ncm 7-1:1.0 usb0: register 'cdc_ncm' at usb-dummy_hcd.6-1, CDC NCM (NO ZLP), 42:42:42:42:42:42
[  853.897319][T11004] usb 7-1: USB disconnect, device number 14
[  853.902691][T11004] cdc_ncm 7-1:1.0 usb0: unregister 'cdc_ncm' usb-dummy_hcd.6-1, CDC NCM (NO ZLP)
[  853.980465][T17438] veth0: entered promiscuous mode
[  854.019846][T17438] netlink: 4 bytes leftover after parsing attributes in process `syz.8.4597'.
[  854.105172][    C1] vkms_vblank_simulate: vblank timer overrun
[  854.311196][    C1] vxcan0: j1939_tp_rxtimer: 0xffff88805c9a4800: rx timeout, send abort
[  854.315487][    C1] vxcan0: j1939_xtp_rx_abort_one: 0xffff88805c9a4800: 0x0f001: (3) A timeout occurred and this is the connection abort to close the session.
[  854.897269][    C1] vkms_vblank_simulate: vblank timer overrun
[  855.151770][T11004] hid-generic 0000:0000:0000.002D: unknown main item tag 0x0
[  855.168316][T11004] hid-generic 0000:0000:0000.002D: hidraw0: <UNKNOWN> HID v0.00 Device [syz1] on syz0
[  855.417961][    C1] vkms_vblank_simulate: vblank timer overrun
[  855.591032][    C1] vkms_vblank_simulate: vblank timer overrun
[  855.735736][    C1] vkms_vblank_simulate: vblank timer overrun
[  856.216823][    C1] vkms_vblank_simulate: vblank timer overrun
[  858.185620][    C1] vkms_vblank_simulate: vblank timer overrun
[  859.109077][    C1] vkms_vblank_simulate: vblank timer overrun
[  859.804008][    C1] vkms_vblank_simulate: vblank timer overrun
[  860.156962][ T5888] usb 9-1: new high-speed USB device number 12 using dummy_hcd
[  860.546853][    C1] vkms_vblank_simulate: vblank timer overrun
[  860.573355][ T5888] usb 9-1: config 0 interface 0 altsetting 251 endpoint 0x9 has invalid wMaxPacketSize 0
[  860.573386][ T5888] usb 9-1: config 0 interface 0 has no altsetting 0
[  860.576393][ T5888] usb 9-1: New USB device found, idVendor=045e, idProduct=0283, bcdDevice=99.0b
[  860.576420][ T5888] usb 9-1: New USB device strings: Mfr=1, Product=228, SerialNumber=2
[  860.576442][ T5888] usb 9-1: Product: syz
[  860.576457][ T5888] usb 9-1: Manufacturer: syz
[  860.576472][ T5888] usb 9-1: SerialNumber: syz
[  860.762602][    C1] vkms_vblank_simulate: vblank timer overrun
[  860.787227][    C1] vkms_vblank_simulate: vblank timer overrun
[  861.051670][ T5888] usb 9-1: config 0 descriptor??
[  861.432977][    C1] vkms_vblank_simulate: vblank timer overrun
[  861.464820][ T5888] usb 9-1: selecting invalid altsetting 0
[  861.834315][ T5888] usb 9-1: USB disconnect, device number 12
[  862.975935][T17697] veth0_vlan: entered allmulticast mode
[  863.086551][T17697] veth0_vlan: left promiscuous mode
[  863.096478][T17697] veth0_vlan: entered promiscuous mode
[  863.454935][T17720] kvm_intel: set kvm_intel.dump_invalid_vmcs=1 to dump internal KVM state.
[  863.630071][T17734] overlayfs: workdir is in-use as upperdir/workdir of another mount, mount with '-o index=off' to override exclusive upperdir protection.
[  863.650752][    C1] vkms_vblank_simulate: vblank timer overrun
[  863.852855][T17738] loop9: detected capacity change from 0 to 524288000
[  864.336862][    C1] vkms_vblank_simulate: vblank timer overrun
[  864.859007][    C1] vkms_vblank_simulate: vblank timer overrun
[  865.094074][    C1] vkms_vblank_simulate: vblank timer overrun
[  865.677992][    C1] vkms_vblank_simulate: vblank timer overrun
[  867.394119][T12708] Bluetooth: hci5: command 0x0406 tx timeout
[  867.954830][T17825] fanotify: failed to encode fid (type=0, len=0, err=-2)
[  868.306925][T12036] usb 9-1: new high-speed USB device number 13 using dummy_hcd
[  868.466904][T12036] usb 9-1: Using ep0 maxpacket: 32
[  868.469744][T12036] usb 9-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7
[  868.469774][T12036] usb 9-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0
[  868.469815][T12036] usb 9-1: New USB device found, idVendor=0403, idProduct=6030, bcdDevice= 0.00
[  868.469839][T12036] usb 9-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  868.475425][T12036] usb 9-1: config 0 descriptor??
[  868.961899][T12036] ft260 0003:0403:6030.002E: unknown main item tag 0x7
[  869.156597][T12036] ft260 0003:0403:6030.002E: chip code: 6424 8183
[  869.358536][T12036] ft260 0003:0403:6030.002E: USB HID v0.00 Device [HID 0403:6030] on usb-dummy_hcd.8-1/input0
[  869.562365][T12036] ft260 0003:0403:6030.002E: failed to retrieve status: -32, no wakeup
[  869.786134][T12036] ft260 0003:0403:6030.002E: failed to reset I2C controller: -71
[  869.882884][T12036] usb 9-1: USB disconnect, device number 13
[  871.025385][    C1] vkms_vblank_simulate: vblank timer overrun
[  872.268241][T17949] random: crng reseeded on system resumption
[  872.520517][   T61] Bluetooth: hci5: Malformed MSFT vendor event: 0x02
[  872.920237][    C1] vkms_vblank_simulate: vblank timer overrun
[  873.675092][    C1] vkms_vblank_simulate: vblank timer overrun
[  874.535035][    C1] vkms_vblank_simulate: vblank timer overrun
[  874.641176][    C1] vkms_vblank_simulate: vblank timer overrun
[  875.010331][T18013] loop6: detected capacity change from 0 to 7
[  875.051028][T18013] Dev loop6: unable to read RDB block 7
[  875.051080][T18013]  loop6: unable to read partition table
[  875.051337][T18013] loop6: partition table beyond EOD, truncated
[  875.051359][T18013] loop_reread_partitions: partition scan of loop6 (�被x������ ) failed (rc=-5)
[  875.286179][T18017] sch_tbf: burst 274 is lower than device lo mtu (65550) !
[  875.397289][    C1] vkms_vblank_simulate: vblank timer overrun
[  875.433922][    C1] vkms_vblank_simulate: vblank timer overrun
[  875.562987][ T1320] ieee802154 phy0 wpan0: encryption failed: -22
[  875.563066][ T1320] ieee802154 phy1 wpan1: encryption failed: -22
[  876.719978][    C1] vkms_vblank_simulate: vblank timer overrun
[  879.724000][T18124] binder: 18122:18124 ioctl 40046205 0 returned -22
[  879.847954][T18117] syz.8.4885 (18117): drop_caches: 2
[  884.980811][   T70] wlan1: No active IBSS STAs - trying to scan for other IBSS networks with same SSID (merge)
[  885.151199][T18238] fanotify: failed to encode fid (type=0, len=0, err=-2)
[  885.323290][T18238] fanotify: failed to encode fid (type=0, len=0, err=-2)
[  885.323384][T18238] fanotify: failed to encode fid (type=0, len=0, err=-2)
[  885.323449][T18238] fanotify: failed to encode fid (type=0, len=0, err=-2)
[  885.323513][T18238] fanotify: failed to encode fid (type=0, len=0, err=-2)
[  885.323670][T18238] fanotify: failed to encode fid (type=0, len=0, err=-2)
[  885.323733][T18238] fanotify: failed to encode fid (type=0, len=0, err=-2)
[  885.323801][T18238] fanotify: failed to encode fid (type=0, len=0, err=-2)
[  885.378420][T18238] fanotify: failed to encode fid (type=0, len=0, err=-2)
[  885.378506][T18238] fanotify: failed to encode fid (type=0, len=0, err=-2)
[  885.937014][T13012] usb 9-1: new high-speed USB device number 14 using dummy_hcd
[  886.134004][T13012] usb 9-1: Using ep0 maxpacket: 32
[  886.143981][T13012] usb 9-1: New USB device found, idVendor=0fd9, idProduct=0021, bcdDevice=29.40
[  886.144013][T13012] usb 9-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  886.201976][T13012] usb 9-1: config 0 descriptor??
[  886.430141][T13012] dvb-usb: found a 'Elgato EyeTV DTT' in warm state.
[  886.446041][T13012] dvb-usb: will pass the complete MPEG2 transport stream to the software demuxer.
[  886.457309][T13012] dvbdev: DVB: registering new adapter (Elgato EyeTV DTT)
[  886.457366][T13012] usb 9-1: media controller created
[  886.548553][T13012] dvbdev: dvb_create_media_entity: media entity 'dvb-demux' registered.
[  886.549036][   T38] audit: type=1326 audit(2000000211.050:374): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=18271 comm="syz.7.4952" exe="/root/syz-executor" sig=31 arch=c000003e syscall=202 compat=0 ip=0x7fdeb431efc9 code=0x0
[  887.017023][T13012] DVB: Unable to find symbol dib7000p_attach()
[  887.017040][T13012] dvb-usb: no frontend was attached by 'Elgato EyeTV DTT'
[  887.246853][T13012] rc_core: IR keymap rc-dib0700-rc5 not found
[  887.246877][T13012] Registered IR keymap rc-empty
[  887.247181][T13012] dvb-usb: could not initialize remote control.
[  887.247191][T13012] dvb-usb: Elgato EyeTV DTT successfully initialized and connected.
[  887.290682][T13012] usb 9-1: USB disconnect, device number 14
[  887.293332][T18286] overlayfs: fs on './file0' does not support file handles, falling back to index=off,nfs_export=off.
[  887.408897][T13012] dvb-usb: Elgato EyeTV DTT successfully deinitialized and disconnected.
[  888.848604][T18343] netlink: 24 bytes leftover after parsing attributes in process `syz.7.4982'.
[  889.045057][T18353] kvm_intel: set kvm_intel.dump_invalid_vmcs=1 to dump internal KVM state.
[  890.423726][T18385] netlink: 12 bytes leftover after parsing attributes in process `syz.3.4996'.
[  890.604818][T18385] macvlan2: entered promiscuous mode
[  890.604848][T18385] macvlan2: entered allmulticast mode
[  890.606265][T18385] bond1: (slave macvlan2): Opening slave failed
[  892.636967][ T5888] usb 9-1: new high-speed USB device number 15 using dummy_hcd
[  892.792925][ T5888] usb 9-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7
[  892.792960][ T5888] usb 9-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0
[  892.793002][ T5888] usb 9-1: New USB device found, idVendor=10c4, idProduct=ea90, bcdDevice= 0.00
[  892.793025][ T5888] usb 9-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  892.819060][ T5888] usb 9-1: config 0 descriptor??
[  893.260190][ T5888] cp2112 0003:10C4:EA90.002F: unknown main item tag 0x0
[  893.264606][ T5888] cp2112 0003:10C4:EA90.002F: hidraw0: USB HID v0.00 Device [HID 10c4:ea90] on usb-dummy_hcd.8-1/input0
[  893.450919][ T5888] cp2112 0003:10C4:EA90.002F: Part Number: 0x82 Device Version: 0xFE
[  894.026877][T12708] Bluetooth: hci5: command 0x0406 tx timeout
[  894.272873][ T5888] usb 9-1: USB disconnect, device number 15
[  895.913880][T18562] netlink: 'syz.8.5073': attribute type 17 has an invalid length.
[  895.913904][T18562] netlink: 148 bytes leftover after parsing attributes in process `syz.8.5073'.
[  897.174071][T18596] bond0: Error: Cannot enslave bond to itself.
[  899.497958][    C1] vkms_vblank_simulate: vblank timer overrun
[  902.231209][T18711] netlink: 68 bytes leftover after parsing attributes in process `syz.6.5137'.
[  902.453757][    C1] vkms_vblank_simulate: vblank timer overrun
[  902.608084][T18715] loop9: detected capacity change from 0 to 524288000
[  902.873074][    C1] vkms_vblank_simulate: vblank timer overrun
[  903.235606][    C1] vkms_vblank_simulate: vblank timer overrun
[  903.702318][T18727] input: syz1 as /devices/virtual/input/input51
[  904.069950][T18737] input: syz1 as /devices/virtual/input/input52
[  904.107053][T13051] usb 9-1: new high-speed USB device number 16 using dummy_hcd
[  904.316929][T13051] usb 9-1: Using ep0 maxpacket: 8
[  904.325545][T13051] usb 9-1: New USB device found, idVendor=0ccd, idProduct=00b3, bcdDevice=2e.04
[  904.325600][T13051] usb 9-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  904.325626][T13051] usb 9-1: Product: syz
[  904.325648][T13051] usb 9-1: Manufacturer: syz
[  904.325670][T13051] usb 9-1: SerialNumber: syz
[  904.379645][T13051] usb 9-1: config 0 descriptor??
[  904.647352][T13051] usb 9-1: dvb_usb_v2: found a 'TerraTec NOXON DAB Stick' in warm state
[  905.054407][T13051] dvb_usb_rtl28xxu 9-1:0.0: probe with driver dvb_usb_rtl28xxu failed with error -71
[  905.058560][T13051] usb 9-1: USB disconnect, device number 16
[  906.176842][ T5886] usb 9-1: new high-speed USB device number 17 using dummy_hcd
[  906.349153][ T5886] usb 9-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config
[  906.352039][ T5886] usb 9-1: New USB device found, idVendor=05ab, idProduct=0301, bcdDevice= 1.00
[  906.352068][ T5886] usb 9-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  906.352090][ T5886] usb 9-1: Product: syz
[  906.352104][ T5886] usb 9-1: Manufacturer: syz
[  906.352119][ T5886] usb 9-1: SerialNumber: syz
[  906.402675][ T5886] usb 9-1: config 0 descriptor??
[  906.449972][ T5886] ums-isd200 9-1:0.0: USB Mass Storage device detected
[  907.102808][    C1] vkms_vblank_simulate: vblank timer overrun
[  907.536542][ T5886] usb 9-1: USB disconnect, device number 17
[  908.578644][    C1] vkms_vblank_simulate: vblank timer overrun
[  909.881684][   T38] audit: type=1326 audit(2000000234.380:375): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=18833 comm="syz.3.5186" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7ff2cce4efc9 code=0x7ffc0000
[  909.888738][   T38] audit: type=1326 audit(2000000234.380:376): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=18833 comm="syz.3.5186" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7ff2cce4efc9 code=0x7ffc0000
[  909.893815][   T38] audit: type=1326 audit(2000000234.390:377): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=18833 comm="syz.3.5186" exe="/root/syz-executor" sig=0 arch=c000003e syscall=293 compat=0 ip=0x7ff2cce4efc9 code=0x7ffc0000
[  909.894442][   T38] audit: type=1326 audit(2000000234.390:378): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=18833 comm="syz.3.5186" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7ff2cce4efc9 code=0x7ffc0000
[  909.895327][   T38] audit: type=1326 audit(2000000234.390:379): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=18833 comm="syz.3.5186" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7ff2cce4efc9 code=0x7ffc0000
[  909.895711][   T38] audit: type=1326 audit(2000000234.390:380): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=18833 comm="syz.3.5186" exe="/root/syz-executor" sig=0 arch=c000003e syscall=293 compat=0 ip=0x7ff2cce4efc9 code=0x7ffc0000
[  909.896272][   T38] audit: type=1326 audit(2000000234.390:381): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=18833 comm="syz.3.5186" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7ff2cce4efc9 code=0x7ffc0000
[  909.898951][   T38] audit: type=1326 audit(2000000234.400:382): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=18833 comm="syz.3.5186" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7ff2cce4efc9 code=0x7ffc0000
[  909.899319][   T38] audit: type=1326 audit(2000000234.400:383): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=18833 comm="syz.3.5186" exe="/root/syz-executor" sig=0 arch=c000003e syscall=1 compat=0 ip=0x7ff2cce4da7f code=0x7ffc0000
[  909.899884][   T38] audit: type=1326 audit(2000000234.400:384): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=18833 comm="syz.3.5186" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7ff2cce4efc9 code=0x7ffc0000
[  909.911056][T18828] kvm: requested 7542 ns i8254 timer period limited to 200000 ns
[  910.570118][T18842] netlink: 4 bytes leftover after parsing attributes in process `syz.7.5189'.
[  910.571050][T18842] batman_adv: batadv0: Interface deactivated: batadv_slave_1
[  910.704372][    C1] vkms_vblank_simulate: vblank timer overrun
[  911.122991][    C1] vkms_vblank_simulate: vblank timer overrun
[  911.239482][T18842] batman_adv: batadv0: Removing interface: batadv_slave_1
[  911.342207][    C1] vkms_vblank_simulate: vblank timer overrun
[  912.494990][    C1] vkms_vblank_simulate: vblank timer overrun
[  913.184011][    C1] vkms_vblank_simulate: vblank timer overrun
[  913.695481][    C1] vkms_vblank_simulate: vblank timer overrun
[  914.649160][    C1] vkms_vblank_simulate: vblank timer overrun
[  916.114328][   T58] wlan1: No active IBSS STAs - trying to scan for other IBSS networks with same SSID (merge)
[  917.430168][    C1] vkms_vblank_simulate: vblank timer overrun
[  917.530108][   T38] kauditd_printk_skb: 12 callbacks suppressed
[  917.530127][   T38] audit: type=1326 audit(2000000242.030:397): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=19011 comm="syz.3.5261" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7ff2cce4efc9 code=0x7ffc0000
[  917.530905][   T38] audit: type=1326 audit(2000000242.030:398): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=19011 comm="syz.3.5261" exe="/root/syz-executor" sig=0 arch=c000003e syscall=13 compat=0 ip=0x7ff2cce4efc9 code=0x7ffc0000
[  917.530952][   T38] audit: type=1326 audit(2000000242.030:399): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=19011 comm="syz.3.5261" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7ff2cce4efc9 code=0x7ffc0000
[  917.530995][   T38] audit: type=1326 audit(2000000242.030:400): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=19011 comm="syz.3.5261" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7ff2cce4efc9 code=0x7ffc0000
[  917.531324][   T38] audit: type=1326 audit(2000000242.030:401): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=19011 comm="syz.3.5261" exe="/root/syz-executor" sig=0 arch=c000003e syscall=7 compat=0 ip=0x7ff2cce4efc9 code=0x7ffc0000
[  917.647840][   T38] audit: type=1326 audit(2000000242.150:402): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=19011 comm="syz.3.5261" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7ff2cce4efc9 code=0x7ffc0000
[  917.658884][   T38] audit: type=1326 audit(2000000242.150:403): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=19011 comm="syz.3.5261" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7ff2cce4efc9 code=0x7ffc0000
[  917.852698][    C1] vkms_vblank_simulate: vblank timer overrun
[  918.035795][T19022] netlink: 'syz.6.5266': attribute type 1 has an invalid length.
[  918.131860][T19022] 8021q: adding VLAN 0 to HW filter on device bond1
[  918.988309][   T61] Bluetooth: hci3: unexpected cc 0x0c03 length: 249 > 1
[  919.030737][   T61] Bluetooth: hci3: unexpected cc 0x1003 length: 249 > 9
[  919.033035][   T61] Bluetooth: hci3: unexpected cc 0x1001 length: 249 > 9
[  919.034872][   T61] Bluetooth: hci3: unexpected cc 0x0c23 length: 249 > 4
[  919.035707][   T61] Bluetooth: hci3: unexpected cc 0x0c38 length: 249 > 2
[  919.211183][T19057] netlink: 36 bytes leftover after parsing attributes in process `syz.8.5278'.
[  919.211201][T19057] netlink: 16 bytes leftover after parsing attributes in process `syz.8.5278'.
[  919.211215][T19057] netlink: 36 bytes leftover after parsing attributes in process `syz.8.5278'.
[  919.211251][T19057] netlink: 36 bytes leftover after parsing attributes in process `syz.8.5278'.
[  919.950435][T19049] chnl_net:caif_netlink_parms(): no params data found
[  920.707044][T11004] usb 9-1: new high-speed USB device number 18 using dummy_hcd
[  920.859707][T11004] usb 9-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7
[  920.859733][T11004] usb 9-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0
[  920.861397][T11004] usb 9-1: New USB device found, idVendor=256c, idProduct=006d, bcdDevice= 0.00
[  920.861418][T11004] usb 9-1: New USB device strings: Mfr=2, Product=0, SerialNumber=0
[  920.861432][T11004] usb 9-1: Manufacturer: syz
[  920.888739][T11004] usb 9-1: config 0 descriptor??
[  921.146907][T12708] Bluetooth: hci3: command tx timeout
[  921.210060][T19049] bridge0: port 1(bridge_slave_0) entered blocking state
[  921.210233][T19049] bridge0: port 1(bridge_slave_0) entered disabled state
[  921.210538][T19049] bridge_slave_0: entered allmulticast mode
[  921.218102][T19049] bridge_slave_0: entered promiscuous mode
[  921.266215][T19049] bridge0: port 2(bridge_slave_1) entered blocking state
[  921.266697][T19049] bridge0: port 2(bridge_slave_1) entered disabled state
[  921.268195][T19049] bridge_slave_1: entered allmulticast mode
[  921.289112][T19049] bridge_slave_1: entered promiscuous mode
[  922.025778][T19049] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link
[  922.078400][T19049] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link
[  922.750666][T11004] uclogic 0003:256C:006D.0030: failed retrieving string descriptor #100: -71
[  922.750713][T11004] uclogic 0003:256C:006D.0030: failed retrieving pen parameters: -71
[  922.750726][T11004] uclogic 0003:256C:006D.0030: failed probing pen v1 parameters: -71
[  922.750763][T11004] uclogic 0003:256C:006D.0030: failed probing parameters: -71
[  922.750842][T11004] uclogic 0003:256C:006D.0030: probe with driver uclogic failed with error -71
[  922.804985][T11004] usb 9-1: USB disconnect, device number 18
[  923.062375][T19049] team0: Port device team_slave_0 added
[  923.080850][T19049] team0: Port device team_slave_1 added
[  923.226924][T12708] Bluetooth: hci3: command tx timeout
[  923.472248][    C1] vkms_vblank_simulate: vblank timer overrun
[  923.674317][T19115] netdevsim netdevsim6 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  924.009702][T19049] batman_adv: batadv0: Adding interface: batadv_slave_0
[  924.009722][T19049] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1532 would solve the problem.
[  924.009751][T19049] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active
[  924.264969][    C1] vkms_vblank_simulate: vblank timer overrun
[  924.685495][    C1] vkms_vblank_simulate: vblank timer overrun
[  924.827787][T19115] netdevsim netdevsim6 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  924.898022][T19049] batman_adv: batadv0: Adding interface: batadv_slave_1
[  924.898041][T19049] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1532 would solve the problem.
[  924.898070][T19049] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active
[  925.367692][T12708] Bluetooth: hci3: command tx timeout
[  925.400625][    C1] vkms_vblank_simulate: vblank timer overrun
[  925.617298][    C1] vkms_vblank_simulate: vblank timer overrun
[  925.663144][T19115] netdevsim netdevsim6 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  925.985389][    C1] vkms_vblank_simulate: vblank timer overrun
[  926.163218][T19115] netdevsim netdevsim6 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  926.242812][T19049] hsr_slave_0: entered promiscuous mode
[  926.244407][T19049] hsr_slave_1: entered promiscuous mode
[  926.245545][T19049] debugfs: 'hsr0' already exists in 'hsr'
[  926.245572][T19049] Cannot create hsr debugfs directory
[  926.983903][T19200] netlink: 48 bytes leftover after parsing attributes in process `syz.8.5336'.
[  927.388637][T12708] Bluetooth: hci3: command tx timeout
[  927.391858][   T68] netdevsim netdevsim6 eth0: set [1, 0] type 2 family 0 port 6081 - 0
[  927.563170][   T58] netdevsim netdevsim6 eth1: set [1, 0] type 2 family 0 port 6081 - 0
[  927.705625][   T13] netdevsim netdevsim6 eth2: set [1, 0] type 2 family 0 port 6081 - 0
[  927.837224][   T13] netdevsim netdevsim6 eth3: set [1, 0] type 2 family 0 port 6081 - 0
[  928.352272][    C1] vkms_vblank_simulate: vblank timer overrun
[  929.313560][    C1] vkms_vblank_simulate: vblank timer overrun
[  929.957801][ T5886] usb 4-1: new high-speed USB device number 20 using dummy_hcd
[  930.127339][ T5886] usb 4-1: Using ep0 maxpacket: 16
[  930.130353][ T5886] usb 4-1: config 0 interface 0 altsetting 0 has an endpoint descriptor with address 0xF3, changing to 0x83
[  930.130389][ T5886] usb 4-1: config 0 interface 0 altsetting 0 endpoint 0x83 has an invalid bInterval 0, changing to 7
[  930.173857][ T5886] usb 4-1: New USB device found, idVendor=2040, idProduct=0264, bcdDevice=4e.d1
[  930.173890][ T5886] usb 4-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  930.173910][ T5886] usb 4-1: Product: syz
[  930.173926][ T5886] usb 4-1: Manufacturer: syz
[  930.173941][ T5886] usb 4-1: SerialNumber: syz
[  930.218493][ T5886] usb 4-1: config 0 descriptor??
[  930.241438][ T5886] em28xx 4-1:0.0: New device syz syz @ 480 Mbps (2040:0264, interface 0, class 0)
[  930.241476][ T5886] em28xx 4-1:0.0: Audio interface 0 found (Vendor Class)
[  931.111678][ T5886] em28xx 4-1:0.0: unknown em28xx chip ID (0)
[  931.112865][ T5886] em28xx 4-1:0.0: Config register raw data: 0xfffffffb
[  931.538072][T19257] Bluetooth: hci0: invalid length 0, exp 2 for type 0
[  931.871566][T19049] netdevsim netdevsim0 netdevsim0: renamed from eth0
[  932.323222][ T5886] em28xx 4-1:0.0: Unknown AC97 audio processor detected!
[  932.675395][ T5886] em28xx 4-1:0.0: couldn't setup AC97 register 2
[  932.683404][ T5886] em28xx 4-1:0.0: couldn't setup AC97 register 4
[  932.683931][ T5886] em28xx 4-1:0.0: couldn't setup AC97 register 6
[  932.770128][T19049] netdevsim netdevsim0 netdevsim1: renamed from eth1
[  932.771350][ T5886] em28xx 4-1:0.0: couldn't setup AC97 register 54
[  932.771993][ T5886] em28xx 4-1:0.0: couldn't setup AC97 register 56
[  933.357450][    C1] vkms_vblank_simulate: vblank timer overrun
[  933.361071][ T5886] usb 4-1: USB disconnect, device number 20
[  933.394023][T19049] netdevsim netdevsim0 netdevsim2: renamed from eth2
[  933.660331][    C1] vkms_vblank_simulate: vblank timer overrun
[  934.032845][    C1] vkms_vblank_simulate: vblank timer overrun
[  934.076481][T19049] netdevsim netdevsim0 netdevsim3: renamed from eth3
[  934.129011][    C0] vcan0: j1939_tp_rxtimer: 0xffff888034e00800: rx timeout, send abort
[  934.414259][    C1] vkms_vblank_simulate: vblank timer overrun
[  934.675253][    C0] vcan0: j1939_tp_rxtimer: 0xffff888034e00800: abort rx timeout. Force session deactivation
[  934.700095][    C1] vkms_vblank_simulate: vblank timer overrun
[  934.934590][    C1] vkms_vblank_simulate: vblank timer overrun
[  935.757191][    C1] vkms_vblank_simulate: vblank timer overrun
[  936.559390][    C1] vkms_vblank_simulate: vblank timer overrun
[  937.004824][ T1320] ieee802154 phy0 wpan0: encryption failed: -22
[  937.004921][ T1320] ieee802154 phy1 wpan1: encryption failed: -22
[  937.627317][ T5886] usb 4-1: new high-speed USB device number 21 using dummy_hcd
[  938.578969][    C1] vkms_vblank_simulate: vblank timer overrun
[  938.620145][T19049] 8021q: adding VLAN 0 to HW filter on device bond0
[  938.795042][    C1] vkms_vblank_simulate: vblank timer overrun
[  938.798156][ T5886] usb 4-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config
[  938.798217][ T5886] usb 4-1: New USB device found, idVendor=0471, idProduct=0304, bcdDevice=e4.df
[  938.798239][ T5886] usb 4-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  938.838350][ T5886] usb 4-1: config 0 descriptor??
[  938.844939][ T5886] pwc: Askey VC010 type 2 USB webcam detected.
[  938.903354][T19049] 8021q: adding VLAN 0 to HW filter on device team0
[  938.947651][ T3535] bridge0: port 1(bridge_slave_0) entered blocking state
[  938.949472][ T3535] bridge0: port 1(bridge_slave_0) entered forwarding state
[  939.023504][   T70] bridge0: port 2(bridge_slave_1) entered blocking state
[  939.023814][   T70] bridge0: port 2(bridge_slave_1) entered forwarding state
[  939.346469][    C1] vkms_vblank_simulate: vblank timer overrun
[  939.517401][    C1] vkms_vblank_simulate: vblank timer overrun
[  940.044493][    C1] vkms_vblank_simulate: vblank timer overrun
[  940.352736][    C1] vkms_vblank_simulate: vblank timer overrun
[  940.354199][ T5886] pwc: recv_control_msg error -32 req 02 val 2b00
[  940.361952][ T5886] pwc: recv_control_msg error -32 req 02 val 2700
[  940.564761][    C1] vkms_vblank_simulate: vblank timer overrun
[  940.574748][ T5886] pwc: recv_control_msg error -32 req 02 val 2c00
[  940.575792][ T5886] pwc: recv_control_msg error -32 req 04 val 1000
[  940.576509][ T5886] pwc: recv_control_msg error -32 req 04 val 1300
[  940.653781][ T5886] pwc: recv_control_msg error -32 req 04 val 1400
[  941.222522][ T5886] pwc: recv_control_msg error -32 req 02 val 2000
[  941.247615][ T5886] pwc: recv_control_msg error -32 req 02 val 2100
[  941.411515][ T5886] pwc: recv_control_msg error -32 req 04 val 1500
[  941.413500][ T5886] pwc: recv_control_msg error -32 req 02 val 2500
[  941.751883][    C1] vkms_vblank_simulate: vblank timer overrun
[  941.765800][ T5886] pwc: recv_control_msg error -71 req 02 val 2600
[  941.766290][ T5886] pwc: recv_control_msg error -71 req 02 val 2900
[  941.779915][ T5886] pwc: recv_control_msg error -71 req 02 val 2800
[  941.780765][ T5886] pwc: recv_control_msg error -71 req 04 val 1100
[  941.784618][ T5886] pwc: recv_control_msg error -71 req 04 val 1200
[  941.817297][ T5886] pwc: Registered as video103.
[  941.836934][ T5886] input: PWC snapshot button as /devices/platform/dummy_hcd.3/usb4/4-1/input/input53
[  942.627310][    C1] vkms_vblank_simulate: vblank timer overrun
[  942.685078][ T5886] usb 4-1: USB disconnect, device number 21
[  942.802167][T19049] 8021q: adding VLAN 0 to HW filter on device batadv0
[  943.174822][T19049] veth0_vlan: entered promiscuous mode
[  943.240147][T19049] veth1_vlan: entered promiscuous mode
[  944.259584][T19049] veth0_macvtap: entered promiscuous mode
[  944.316226][T19049] veth1_macvtap: entered promiscuous mode
[  944.648856][T19049] batman_adv: batadv0: Interface activated: batadv_slave_0
[  944.669825][T19049] batman_adv: batadv0: Interface activated: batadv_slave_1
[  944.714660][ T3626] netdevsim netdevsim0 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0
[  944.716039][ T3626] netdevsim netdevsim0 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0
[  944.716086][ T3626] netdevsim netdevsim0 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0
[  944.716126][ T3626] netdevsim netdevsim0 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0
[  945.077469][    C1] vkms_vblank_simulate: vblank timer overrun
[  946.010947][    C1] vkms_vblank_simulate: vblank timer overrun
[  946.157033][ T5886] usb 7-1: new high-speed USB device number 15 using dummy_hcd
[  946.346859][ T5886] usb 7-1: Using ep0 maxpacket: 16
[  946.355504][ T5886] usb 7-1: config 0 interface 0 altsetting 0 has an endpoint descriptor with address 0xF3, changing to 0x83
[  946.355546][ T5886] usb 7-1: config 0 interface 0 altsetting 0 endpoint 0x83 has an invalid bInterval 0, changing to 7
[  946.390363][ T5886] usb 7-1: New USB device found, idVendor=2040, idProduct=0264, bcdDevice=4e.d1
[  946.390394][ T5886] usb 7-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  946.390414][ T5886] usb 7-1: Product: syz
[  946.390430][ T5886] usb 7-1: Manufacturer: syz
[  946.390445][ T5886] usb 7-1: SerialNumber: syz
[  946.692873][    C1] vkms_vblank_simulate: vblank timer overrun
[  946.723111][ T5886] usb 7-1: config 0 descriptor??
[  946.736315][ T5886] em28xx 7-1:0.0: New device syz syz @ 480 Mbps (2040:0264, interface 0, class 0)
[  946.736357][ T5886] em28xx 7-1:0.0: Audio interface 0 found (Vendor Class)
[  946.833824][    C1] vkms_vblank_simulate: vblank timer overrun
[  947.158421][    C1] vkms_vblank_simulate: vblank timer overrun
[  947.287760][    C1] vkms_vblank_simulate: vblank timer overrun
[  947.292334][T18366] wlan1: No active IBSS STAs - trying to scan for other IBSS networks with same SSID (merge)
[  947.814987][ T5886] em28xx 7-1:0.0: unknown em28xx chip ID (0)
[  947.816034][ T5886] em28xx 7-1:0.0: Config register raw data: 0xfffffffb
[  948.026140][   T70] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[  948.026162][   T70] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50
[  948.401184][ T3535] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[  948.401317][ T3535] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50
[  948.454833][ T5886] em28xx 7-1:0.0: Unknown AC97 audio processor detected!
[  948.666041][ T5886] em28xx 7-1:0.0: couldn't setup AC97 register 2
[  948.672953][ T5886] em28xx 7-1:0.0: couldn't setup AC97 register 4
[  948.673446][ T5886] em28xx 7-1:0.0: couldn't setup AC97 register 6
[  948.676051][ T5886] em28xx 7-1:0.0: couldn't setup AC97 register 54
[  948.678334][ T5886] em28xx 7-1:0.0: couldn't setup AC97 register 56
[  948.707035][ T5886] usb 7-1: USB disconnect, device number 15
[  951.368285][   T38] audit: type=1326 audit(2000000275.870:404): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=19435 comm="syz.8.5426" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f81216aefc9 code=0x7ffc0000
[  951.370238][    C1] vkms_vblank_simulate: vblank timer overrun
[  952.004489][   T38] audit: type=1326 audit(2000000275.870:405): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=19435 comm="syz.8.5426" exe="/root/syz-executor" sig=0 arch=c000003e syscall=268 compat=0 ip=0x7f81216aefc9 code=0x7ffc0000
[  952.004560][   T38] audit: type=1326 audit(2000000275.910:406): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=19435 comm="syz.8.5426" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f81216aefc9 code=0x7ffc0000
[  952.004612][   T38] audit: type=1326 audit(2000000275.910:407): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=19435 comm="syz.8.5426" exe="/root/syz-executor" sig=0 arch=c000003e syscall=321 compat=0 ip=0x7f81216aefc9 code=0x7ffc0000
[  952.004660][   T38] audit: type=1326 audit(2000000275.910:408): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=19435 comm="syz.8.5426" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f81216aefc9 code=0x7ffc0000
[  952.004708][   T38] audit: type=1326 audit(2000000275.920:409): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=19435 comm="syz.8.5426" exe="/root/syz-executor" sig=0 arch=c000003e syscall=257 compat=0 ip=0x7f81216ad810 code=0x7ffc0000
[  952.004757][   T38] audit: type=1326 audit(2000000275.930:410): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=19435 comm="syz.8.5426" exe="/root/syz-executor" sig=0 arch=c000003e syscall=308 compat=0 ip=0x7f81216b07f7 code=0x7ffc0000
[  952.004806][   T38] audit: type=1326 audit(2000000275.930:411): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=19435 comm="syz.8.5426" exe="/root/syz-executor" sig=0 arch=c000003e syscall=41 compat=0 ip=0x7f81216aefc9 code=0x7ffc0000
[  952.004854][   T38] audit: type=1326 audit(2000000275.940:412): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=19435 comm="syz.8.5426" exe="/root/syz-executor" sig=0 arch=c000003e syscall=308 compat=0 ip=0x7f81216b07f7 code=0x7ffc0000
[  952.004903][   T38] audit: type=1326 audit(2000000275.950:413): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=19435 comm="syz.8.5426" exe="/root/syz-executor" sig=0 arch=c000003e syscall=3 compat=0 ip=0x7f81216adc2a code=0x7ffc0000
[  952.024722][    C1] vkms_vblank_simulate: vblank timer overrun
[  952.183579][T19445] input: syz0 as /devices/virtual/input/input54
[  952.404965][    C1] vkms_vblank_simulate: vblank timer overrun
[  953.494919][    C1] vkms_vblank_simulate: vblank timer overrun
[  954.180261][    C1] vkms_vblank_simulate: vblank timer overrun
[  954.326426][    C1] vkms_vblank_simulate: vblank timer overrun
[  954.604763][    C1] vkms_vblank_simulate: vblank timer overrun
[  954.991257][    C1] vkms_vblank_simulate: vblank timer overrun
[  955.532131][T19490] dlm: no locking on control device
[  955.721270][    C1] vkms_vblank_simulate: vblank timer overrun
[  956.128109][    C1] vkms_vblank_simulate: vblank timer overrun
[  956.408074][    C1] vkms_vblank_simulate: vblank timer overrun
[  957.532241][    C1] vkms_vblank_simulate: vblank timer overrun
[  958.119346][    C1] vkms_vblank_simulate: vblank timer overrun
[  958.153854][    C1] vkms_vblank_simulate: vblank timer overrun
[  958.423554][    C1] vkms_vblank_simulate: vblank timer overrun
[  958.821640][    C1] vkms_vblank_simulate: vblank timer overrun
[  959.108600][T19516] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium
[  960.123039][    C1] vkms_vblank_simulate: vblank timer overrun
[  961.128830][    C1] vkms_vblank_simulate: vblank timer overrun
[  961.825063][    C1] vkms_vblank_simulate: vblank timer overrun
[  962.018170][T19542] netlink: 'syz.0.5461': attribute type 1 has an invalid length.
[  962.018193][T19542] netlink: 'syz.0.5461': attribute type 2 has an invalid length.
[  962.018209][T19542] netlink: 'syz.0.5461': attribute type 3 has an invalid length.
[  962.018225][T19542] netlink: 'syz.0.5461': attribute type 5 has an invalid length.
[  962.018239][T19542] netlink: 'syz.0.5461': attribute type 6 has an invalid length.
[  962.018253][T19542] netlink: 'syz.0.5461': attribute type 7 has an invalid length.
[  962.018268][T19542] netlink: 9 bytes leftover after parsing attributes in process `syz.0.5461'.
[  962.018283][T19542] netlink: 130080 bytes leftover after parsing attributes in process `syz.0.5461'.
[  962.018300][T19542] netlink: 'syz.0.5461': attribute type 1 has an invalid length.
[  962.018313][T19542] netlink: 'syz.0.5461': attribute type 2 has an invalid length.
[  962.018325][T19542] netlink: 'syz.0.5461': attribute type 3 has an invalid length.
[  962.018340][T19542] netlink: 'syz.0.5461': attribute type 5 has an invalid length.
[  962.018357][T19542] netlink: 9 bytes leftover after parsing attributes in process `syz.0.5461'.
[  963.354164][    C1] vkms_vblank_simulate: vblank timer overrun
[  964.047135][T13051] usb 7-1: new high-speed USB device number 16 using dummy_hcd
[  964.186868][T12708] Bluetooth: hci3: command tx timeout
[  964.250785][T13051] usb 7-1: Using ep0 maxpacket: 32
[  964.280847][T13051] usb 7-1: config 0 has an invalid interface number: 1 but max is 0
[  964.280876][T13051] usb 7-1: config 0 has no interface number 0
[  964.378535][T13051] usb 7-1: New USB device found, idVendor=8086, idProduct=9500, bcdDevice=2c.d8
[  964.378567][T13051] usb 7-1: New USB device strings: Mfr=193, Product=2, SerialNumber=3
[  964.378588][T13051] usb 7-1: Product: syz
[  964.378603][T13051] usb 7-1: Manufacturer: syz
[  964.378618][T13051] usb 7-1: SerialNumber: syz
[  964.501359][T13051] usb 7-1: config 0 descriptor??
[  964.593500][T13051] usb 7-1: dvb_usb_v2: found a 'Intel CE9500 reference design' in warm state
[  964.593544][T13051] usb 7-1: selecting invalid altsetting 1
[  964.593561][T13051] usb 7-1: dvb_usb_ce6230: usb_set_interface() failed=-22
[  964.789486][T13051] usb 7-1: dvb_usb_v2: will pass the complete MPEG2 transport stream to the software demuxer
[  964.789829][T13051] dvbdev: DVB: registering new adapter (Intel CE9500 reference design)
[  964.789867][T13051] usb 7-1: media controller created
[  965.121463][T13051] dvbdev: dvb_create_media_entity: media entity 'dvb-demux' registered.
[  965.229749][   T61] Bluetooth: hci4: unexpected cc 0x0c03 length: 249 > 1
[  965.267332][   T61] Bluetooth: hci4: unexpected cc 0x1003 length: 249 > 9
[  965.269270][   T61] Bluetooth: hci4: unexpected cc 0x1001 length: 249 > 9
[  965.270648][   T61] Bluetooth: hci4: unexpected cc 0x0c23 length: 249 > 4
[  965.271579][   T61] Bluetooth: hci4: unexpected cc 0x0c38 length: 249 > 2
[  965.345538][T13051] usb 7-1: dvb_usb_ce6230: usb_control_msg() failed=-32
[  965.345597][T13051] zl10353_read_register: readreg error (reg=127, ret==-32)
[  965.346112][T13051] usb 7-1: dvb_usb_ce6230: usb_set_interface() failed=-71
[  965.677137][T13051] usb 7-1: USB disconnect, device number 16
[  966.840895][T19588] chnl_net:caif_netlink_parms(): no params data found
[  967.398467][   T61] Bluetooth: hci4: command tx timeout
[  967.964229][    C1] vkms_vblank_simulate: vblank timer overrun
[  967.981732][T19623] netlink: 68 bytes leftover after parsing attributes in process `syz.0.5481'.
[  969.728095][T19629] loop9: detected capacity change from 0 to 524288000
[  970.092401][T19629] Dev loop9: unable to read RDB block 8
[  970.094291][T19629]  loop9: unable to read partition table
[  970.094560][T19629] loop_reread_partitions: partition scan of loop9 (��������6�tPΪŔ���A���8�*V^��3c) failed (rc=-5)
[  970.110796][    C1] vkms_vblank_simulate: vblank timer overrun
[  970.167352][   T61] Bluetooth: hci4: command tx timeout
[  970.724283][    C1] vkms_vblank_simulate: vblank timer overrun
[  971.070546][    C1] vkms_vblank_simulate: vblank timer overrun
[  971.304009][    C1] vkms_vblank_simulate: vblank timer overrun
[  971.443717][    C1] vkms_vblank_simulate: vblank timer overrun
[  972.134656][    C1] vkms_vblank_simulate: vblank timer overrun
[  972.181698][T19628] net veth1_virt_wifi ������: renamed from virt_wifi0
[  972.233274][   T61] Bluetooth: hci4: command tx timeout
[  972.434620][    C1] vkms_vblank_simulate: vblank timer overrun
[  972.888430][    C1] vkms_vblank_simulate: vblank timer overrun
[  973.524328][T19661] iommufd_mock iommufd_mock0: Adding to iommu group 0
[  974.502096][T19671] netlink: 68 bytes leftover after parsing attributes in process `syz.6.5496'.
[  974.525235][   T61] Bluetooth: hci4: command tx timeout
[  976.147459][T19678] loop9: detected capacity change from 0 to 524288000
[  976.230575][    C1] vkms_vblank_simulate: vblank timer overrun
[  976.261133][    C1] vkms_vblank_simulate: vblank timer overrun
[  976.438808][    C1] vkms_vblank_simulate: vblank timer overrun
[  976.522679][T19678] Dev loop9: unable to read RDB block 8
[  976.522877][T19678]  loop9: unable to read partition table
[  976.523068][T19678] loop_reread_partitions: partition scan of loop9 (��������6�tPΪŔ���A���8�*V^��3c) failed (rc=-5)
[  976.674723][    C1] vkms_vblank_simulate: vblank timer overrun
[  977.247219][    C1] vkms_vblank_simulate: vblank timer overrun
[  977.352942][T19588] bridge0: port 1(bridge_slave_0) entered blocking state
[  977.353037][T19588] bridge0: port 1(bridge_slave_0) entered disabled state
[  977.353270][T19588] bridge_slave_0: entered allmulticast mode
[  977.382954][T19588] bridge_slave_0: entered promiscuous mode
[  977.418564][T19588] bridge0: port 2(bridge_slave_1) entered blocking state
[  977.422491][T19588] bridge0: port 2(bridge_slave_1) entered disabled state
[  977.422726][T19588] bridge_slave_1: entered allmulticast mode
[  977.474653][T19588] bridge_slave_1: entered promiscuous mode
[  978.606445][T12140] wlan1: No active IBSS STAs - trying to scan for other IBSS networks with same SSID (merge)
[  978.956415][    C1] vkms_vblank_simulate: vblank timer overrun
[  979.899219][  T154] netdevsim netdevsim3 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  980.518348][    C1] vkms_vblank_simulate: vblank timer overrun
[  980.763093][    C1] vkms_vblank_simulate: vblank timer overrun
[  980.810246][    C1] vkms_vblank_simulate: vblank timer overrun
[  982.082430][    C1] vkms_vblank_simulate: vblank timer overrun
[  982.189888][    C1] vkms_vblank_simulate: vblank timer overrun
[  982.313566][T19732] faux_driver regulatory: loading /lib/firmware/regulatory.db failed with error -12
[  982.313615][T19732] faux_driver regulatory: Direct firmware load for regulatory.db failed with error -12
[  982.313638][T19732] faux_driver regulatory: Falling back to sysfs fallback for: regulatory.db
[  982.416115][    C1] vkms_vblank_simulate: vblank timer overrun
[  982.506754][   T38] kauditd_printk_skb: 2 callbacks suppressed
[  982.506775][   T38] audit: type=1800 audit(2000000306.810:416): pid=19732 uid=0 auid=4294967295 ses=4294967295 subj=_ op=collect_data cause=failed comm="syz.8.5513" name="regulatory.db" dev="sda1" ino=448 res=0 errno=0
[  982.915923][    C1] vkms_vblank_simulate: vblank timer overrun
[  984.155544][    C1] ------------[ cut here ]------------
[  984.155563][    C1] refcount_t: addition on 0; use-after-free.
[  984.156292][    C1] WARNING: CPU: 1 PID: 29 at lib/refcount.c:25 refcount_warn_saturate+0xfa/0x1d0
[  984.156570][    C1] Modules linked in:
[  984.156594][    C1] CPU: 1 UID: 0 PID: 29 Comm: ktimers/1 Not tainted syzkaller #0 PREEMPT_{RT,(full)} 
[  984.156621][    C1] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/02/2025
[  984.156637][    C1] RIP: 0010:refcount_warn_saturate+0xfa/0x1d0
[  984.156665][    C1] Code: 00 00 e8 59 f5 3d fd 5b 41 5e e9 81 67 49 06 cc e8 4b f5 3d fd c6 05 b2 a7 60 0a 01 90 48 c7 c7 20 a5 3e 8b e8 b7 3d 02 fd 90 <0f> 0b 90 90 eb d7 e8 2b f5 3d fd c6 05 93 a7 60 0a 01 90 48 c7 c7
[  984.156741][    C1] RSP: 0018:ffffc90000a3f830 EFLAGS: 00010246
[  984.156764][    C1] RAX: 2459699af607de00 RBX: 0000000000000002 RCX: ffff88801c699e00
[  984.156783][    C1] RDX: 0000000000000100 RSI: 0000000000000000 RDI: 0000000000000100
[  984.156798][    C1] RBP: 0000000000000000 R08: 0000000000000000 R09: 0000000000000100
[  984.156813][    C1] R10: dffffc0000000000 R11: ffffed101712487b R12: 1ffff92000147f18
[  984.156833][    C1] R13: ffff888060a81358 R14: ffff888060a80f80 R15: dffffc0000000000
[  984.156852][    C1] FS:  0000000000000000(0000) GS:ffff888126cc6000(0000) knlGS:0000000000000000
[  984.156873][    C1] CS:  0010 DS: 0000 ES: 0000 CR0: 0000000080050033
[  984.156891][    C1] CR2: 00007faac621c470 CR3: 000000003978a000 CR4: 00000000003526f0
[  984.156912][    C1] Call Trace:
[  984.156922][    C1]  <TASK>
[  984.156934][    C1]  mptcp_schedule_work+0x164/0x1a0
[  984.157071][    C1]  mptcp_tout_timer+0x21/0xa0
[  984.157111][    C1]  call_timer_fn+0x17e/0x5f0
[  984.157173][    C1]  ? __pfx_mptcp_tout_timer+0x10/0x10
[  984.157210][    C1]  ? call_timer_fn+0xbe/0x5f0
[  984.157236][    C1]  ? __pfx_call_timer_fn+0x10/0x10
[  984.157274][    C1]  ? _raw_spin_unlock_irq+0x23/0x50
[  984.157390][    C1]  ? lockdep_hardirqs_on+0x9c/0x150
[  984.157455][    C1]  ? __pfx_mptcp_tout_timer+0x10/0x10
[  984.157494][    C1]  __run_timer_base+0x648/0x970
[  984.157553][    C1]  ? __pfx___run_timer_base+0x10/0x10
[  984.157603][    C1]  ? run_timer_softirq+0xd/0x180
[  984.157635][    C1]  run_timer_softirq+0xb7/0x180
[  984.157658][    C1]  handle_softirqs+0x22f/0x710
[  984.157731][    C1]  ? __pfx_handle_softirqs+0x10/0x10
[  984.157785][    C1]  run_ktimerd+0xcf/0x190
[  984.157810][    C1]  ? __pfx_run_ktimerd+0x10/0x10
[  984.157834][    C1]  ? schedule+0x91/0x360
[  984.157877][    C1]  ? smpboot_thread_fn+0x4d/0xa60
[  984.157900][    C1]  smpboot_thread_fn+0x542/0xa60
[  984.157925][    C1]  ? smpboot_thread_fn+0x4d/0xa60
[  984.157960][    C1]  kthread+0x711/0x8a0
[  984.157993][    C1]  ? __pfx_smpboot_thread_fn+0x10/0x10
[  984.158016][    C1]  ? __pfx_kthread+0x10/0x10
[  984.158042][    C1]  ? rt_spin_unlock+0x150/0x200
[  984.158079][    C1]  ? rt_spin_unlock+0x161/0x200
[  984.158108][    C1]  ? __pfx_kthread+0x10/0x10
[  984.158139][    C1]  ret_from_fork+0x4bc/0x870
[  984.158196][    C1]  ? __pfx_ret_from_fork+0x10/0x10
[  984.158245][    C1]  ? __switch_to_asm+0x39/0x70
[  984.158297][    C1]  ? __switch_to_asm+0x33/0x70
[  984.158329][    C1]  ? __pfx_kthread+0x10/0x10
[  984.158361][    C1]  ret_from_fork_asm+0x1a/0x30
[  984.158422][    C1]  </TASK>
[  984.158444][    C1] Kernel panic - not syncing: kernel: panic_on_warn set ...
[  984.158463][    C1] CPU: 1 UID: 0 PID: 29 Comm: ktimers/1 Not tainted syzkaller #0 PREEMPT_{RT,(full)} 
[  984.158493][    C1] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/02/2025
[  984.158508][    C1] Call Trace:
[  984.158517][    C1]  <TASK>
[  984.158527][    C1]  dump_stack_lvl+0x99/0x250
[  984.158558][    C1]  ? __asan_memcpy+0x40/0x70
[  984.158620][    C1]  ? __pfx_dump_stack_lvl+0x10/0x10
[  984.158650][    C1]  ? __pfx__printk+0x10/0x10
[  984.158697][    C1]  vpanic+0x237/0x6d0
[  984.158731][    C1]  ? __pfx_vpanic+0x10/0x10
[  984.158768][    C1]  panic+0xb9/0xc0
[  984.158791][    C1]  ? __pfx_panic+0x10/0x10
[  984.158833][    C1]  __warn+0x31b/0x4b0
[  984.158855][    C1]  ? refcount_warn_saturate+0xfa/0x1d0
[  984.158884][    C1]  ? refcount_warn_saturate+0xfa/0x1d0
[  984.158910][    C1]  report_bug+0x2be/0x4f0
[  984.158990][    C1]  ? refcount_warn_saturate+0xfa/0x1d0
[  984.159017][    C1]  ? refcount_warn_saturate+0xfa/0x1d0
[  984.159043][    C1]  ? refcount_warn_saturate+0xfc/0x1d0
[  984.159068][    C1]  handle_bug+0x84/0x160
[  984.159096][    C1]  exc_invalid_op+0x1a/0x50
[  984.159122][    C1]  asm_exc_invalid_op+0x1a/0x20
[  984.159161][    C1] RIP: 0010:refcount_warn_saturate+0xfa/0x1d0
[  984.159188][    C1] Code: 00 00 e8 59 f5 3d fd 5b 41 5e e9 81 67 49 06 cc e8 4b f5 3d fd c6 05 b2 a7 60 0a 01 90 48 c7 c7 20 a5 3e 8b e8 b7 3d 02 fd 90 <0f> 0b 90 90 eb d7 e8 2b f5 3d fd c6 05 93 a7 60 0a 01 90 48 c7 c7
[  984.159210][    C1] RSP: 0018:ffffc90000a3f830 EFLAGS: 00010246
[  984.159232][    C1] RAX: 2459699af607de00 RBX: 0000000000000002 RCX: ffff88801c699e00
[  984.159250][    C1] RDX: 0000000000000100 RSI: 0000000000000000 RDI: 0000000000000100
[  984.159267][    C1] RBP: 0000000000000000 R08: 0000000000000000 R09: 0000000000000100
[  984.159281][    C1] R10: dffffc0000000000 R11: ffffed101712487b R12: 1ffff92000147f18
[  984.159300][    C1] R13: ffff888060a81358 R14: ffff888060a80f80 R15: dffffc0000000000
[  984.159343][    C1]  mptcp_schedule_work+0x164/0x1a0
[  984.159377][    C1]  mptcp_tout_timer+0x21/0xa0
[  984.159422][    C1]  call_timer_fn+0x17e/0x5f0
[  984.159447][    C1]  ? __pfx_mptcp_tout_timer+0x10/0x10
[  984.159483][    C1]  ? call_timer_fn+0xbe/0x5f0
[  984.159509][    C1]  ? __pfx_call_timer_fn+0x10/0x10
[  984.159546][    C1]  ? _raw_spin_unlock_irq+0x23/0x50
[  984.159585][    C1]  ? lockdep_hardirqs_on+0x9c/0x150
[  984.159621][    C1]  ? __pfx_mptcp_tout_timer+0x10/0x10
[  984.159660][    C1]  __run_timer_base+0x648/0x970
[  984.159716][    C1]  ? __pfx___run_timer_base+0x10/0x10
[  984.159762][    C1]  ? run_timer_softirq+0xd/0x180
[  984.159794][    C1]  run_timer_softirq+0xb7/0x180
[  984.159818][    C1]  handle_softirqs+0x22f/0x710
[  984.159868][    C1]  ? __pfx_handle_softirqs+0x10/0x10
[  984.159920][    C1]  run_ktimerd+0xcf/0x190
[  984.159946][    C1]  ? __pfx_run_ktimerd+0x10/0x10
[  984.159969][    C1]  ? schedule+0x91/0x360
[  984.160014][    C1]  ? smpboot_thread_fn+0x4d/0xa60
[  984.160036][    C1]  smpboot_thread_fn+0x542/0xa60
[  984.160061][    C1]  ? smpboot_thread_fn+0x4d/0xa60
[  984.160095][    C1]  kthread+0x711/0x8a0
[  984.160128][    C1]  ? __pfx_smpboot_thread_fn+0x10/0x10
[  984.160151][    C1]  ? __pfx_kthread+0x10/0x10
[  984.160177][    C1]  ? rt_spin_unlock+0x150/0x200
[  984.160214][    C1]  ? rt_spin_unlock+0x161/0x200
[  984.160243][    C1]  ? __pfx_kthread+0x10/0x10
[  984.160275][    C1]  ret_from_fork+0x4bc/0x870
[  984.160316][    C1]  ? __pfx_ret_from_fork+0x10/0x10
[  984.160363][    C1]  ? __switch_to_asm+0x39/0x70
[  984.160403][    C1]  ? __switch_to_asm+0x33/0x70
[  984.160434][    C1]  ? __pfx_kthread+0x10/0x10
[  984.160466][    C1]  ret_from_fork_asm+0x1a/0x30
[  984.160521][    C1]  </TASK>
[  984.160856][    C1] Kernel Offset: disabled