last executing test programs:

8m21.468264038s ago: executing program 1 (id=1429):
prlimit64(0x0, 0xe, &(0x7f0000000000)={0x8, 0x100008b}, 0x0)
r0 = getpgrp(0x0)
sched_setaffinity(r0, 0x8, &(0x7f0000000100)=0x5)
sched_setscheduler(0x0, 0x1, &(0x7f0000000300)=0x7)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
r1 = getpid()
sched_setscheduler(r1, 0x2, 0x0)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0)
r2 = syz_clone(0x8000, 0x0, 0xfffffffffffffe7e, 0x0, 0x0, 0x0)
prctl$PR_SCHED_CORE(0x3e, 0x1, r2, 0x1, 0x0)
r3 = syz_open_dev$MSR(&(0x7f00000001c0), 0x0, 0x0)
read$msr(r3, &(0x7f0000032680)=""/102392, 0x18ff8)
getsockopt$sock_cred(0xffffffffffffffff, 0x1, 0x11, 0x0, &(0x7f0000cab000))
r4 = openat$vhost_vsock(0xffffffffffffff9c, &(0x7f0000000100), 0x2, 0x0)
ioctl$VHOST_SET_OWNER(r4, 0xaf01, 0x0)
ioctl$VHOST_SET_VRING_ADDR(r4, 0x4028af11, &(0x7f0000000300)={0x1, 0x0, 0x0, &(0x7f0000001600)=""/78, 0x0})
ioctl$VHOST_SET_MEM_TABLE(r4, 0x4008af03, &(0x7f0000001680))
ioctl$VHOST_SET_VRING_ERR(r4, 0x4008af22, &(0x7f00000001c0))
ioctl$VHOST_SET_VRING_KICK(r4, 0x4008af20, &(0x7f0000000040))

8m19.587939017s ago: executing program 1 (id=1433):
r0 = getpgrp(0x0)
sched_setaffinity(r0, 0x8, &(0x7f0000000040)=0x5)
sched_setscheduler(0x0, 0x1, &(0x7f0000000300)=0x7)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
r1 = getpid()
sched_setscheduler(r1, 0x2, &(0x7f0000000000)=0x3)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0)
r2 = syz_clone(0x8000, 0x0, 0xfffffffffffffe7e, 0x0, 0x0, 0x0)
prctl$PR_SCHED_CORE(0x3e, 0x1, r2, 0x1, 0x0)
r3 = syz_open_dev$MSR(&(0x7f00000001c0), 0x0, 0x0)
read$msr(r3, &(0x7f0000032680)=""/102392, 0x18ff8)
r4 = bpf$MAP_CREATE_CONST_STR(0x0, &(0x7f0000000480)={0x2, 0x4, 0x8, 0x1, 0x80, 0x0, 0x4000000}, 0x50)
r5 = bpf$MAP_CREATE_RINGBUF(0x0, &(0x7f0000000340)={0x1b, 0x0, 0x0, 0x40000, 0x0, r4, 0xfff}, 0x50)
bpf$PROG_LOAD(0x5, &(0x7f0000000040)={0x15, 0x1c, &(0x7f0000000100)=@ringbuf={{0x18, 0x8, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0xbda}, {{0x18, 0x1, 0x1, 0x0, r5}, {}, {0x7, 0x0, 0xb, 0x6}, {0x85, 0x0, 0x0, 0x5}}, {{0x5, 0x0, 0x3}}, [@snprintf={{0x7, 0x0, 0xb, 0x2}, {0x3, 0x3, 0x3, 0xa, 0x9}, {0x5, 0x0, 0xb, 0x9, 0x0, 0x0, 0x2}, {0x3, 0x3, 0x3, 0xa, 0xa}, {0x6, 0x1, 0xa, 0x9, 0x8}, {0x7, 0x0, 0x0, 0x8}, {0x7, 0x1, 0xb, 0x4, 0x8}, {}, {0x7, 0x0, 0xc}, {0x18, 0x6, 0x2, 0x0, r4}, {}, {0x46, 0x8, 0xfff0, 0x76}}], {{0x7, 0x1, 0xb, 0x8}, {0x6, 0x0, 0x5, 0x8}, {0x85, 0x0, 0x0, 0x7}}}, &(0x7f0000000980)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @sk_reuseport=0x28, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)

8m13.081070572s ago: executing program 1 (id=1439):
r0 = openat$kvm(0xffffffffffffff9c, 0x0, 0x0, 0x0)
r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0)
r2 = socket(0x10, 0x3, 0x0)
sendmsg$nl_generic(r2, &(0x7f0000000040)={0x0, 0x0, &(0x7f0000000080)={&(0x7f00000003c0)=ANY=[@ANYBLOB="280000005200010004000000000000001c00000014", @ANYRES16=r2], 0x28}}, 0x0)
sendmsg$IPSET_CMD_GET_BYINDEX(0xffffffffffffffff, &(0x7f0000000040)={0x0, 0x0, &(0x7f0000001500)={&(0x7f0000000100)={0x14, 0xf, 0x6, 0x101, 0x0, 0x0, {0xa, 0x0, 0x5}}, 0x14}, 0x1, 0x0, 0x0, 0x8004}, 0x20000000)
sendmsg$inet(0xffffffffffffffff, &(0x7f0000001640)={0x0, 0x0, 0x0, 0x0, &(0x7f0000001140)=ANY=[], 0x48}, 0x0)
ioctl$KVM_SET_USER_MEMORY_REGION(r1, 0x4020ae46, &(0x7f0000000400)={0x0, 0x0, 0x0, 0x20002000, &(0x7f0000000000/0x2000)=nil})
openat$kvm(0xffffffffffffff9c, &(0x7f0000000440), 0x0, 0x0)
r3 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0)
syz_kvm_setup_cpu$x86(r1, r0, &(0x7f00008c4000/0x18000)=nil, &(0x7f0000000100)=[@text32={0x20, &(0x7f0000000000)="9a01000000f800b8d58800000f23d00f21f8351000000d0f23f864640f79ea66baf80cb8c85f5480ef66bafc0cecc4c2adac17b9550200000f320f2860c7c4e11751df0f2e2d00000080b9800000c00f3235008000000f30", 0x58}], 0x1, 0x4a, 0x0, 0x0)
ioctl$KVM_SET_GUEST_DEBUG_x86(r3, 0x4048ae9b, &(0x7f0000000080)={0x170003, 0x0, {[0xffffffffffffffff, 0x1f8, 0x2, 0xffffffffefffff15, 0x3, 0x2, 0x1, 0x4]}})
ioctl$KVM_RUN(r3, 0xae80, 0x0)

8m12.751637853s ago: executing program 1 (id=1441):
prlimit64(0x0, 0xe, &(0x7f0000000000)={0x8, 0x100008b}, 0x0)
r0 = getpgrp(0x0)
sched_setaffinity(r0, 0x8, &(0x7f0000000100)=0x5)
sched_setscheduler(0x0, 0x1, &(0x7f0000000300)=0x7)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
r1 = getpid()
sched_setscheduler(r1, 0x2, 0x0)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0)
r2 = syz_clone(0x8000, 0x0, 0xfffffffffffffe7e, 0x0, 0x0, 0x0)
prctl$PR_SCHED_CORE(0x3e, 0x1, r2, 0x1, 0x0)
r3 = syz_open_dev$MSR(&(0x7f00000001c0), 0x0, 0x0)
read$msr(r3, &(0x7f0000032680)=""/102392, 0x18ff8)
getsockopt$sock_cred(0xffffffffffffffff, 0x1, 0x11, 0x0, &(0x7f0000cab000))
r4 = openat$vhost_vsock(0xffffffffffffff9c, &(0x7f0000000100), 0x2, 0x0)
ioctl$VHOST_SET_OWNER(r4, 0xaf01, 0x0)
ioctl$VHOST_SET_VRING_ADDR(r4, 0x4028af11, &(0x7f0000000300)={0x1, 0x0, 0x0, &(0x7f0000001600)=""/78, 0x0})
ioctl$VHOST_SET_MEM_TABLE(r4, 0x4008af03, &(0x7f0000001680))
ioctl$VHOST_SET_VRING_ERR(r4, 0x4008af22, &(0x7f00000001c0))
ioctl$VHOST_SET_VRING_KICK(r4, 0x4008af20, &(0x7f0000000040))

8m8.239826465s ago: executing program 1 (id=1447):
prlimit64(0x0, 0xe, &(0x7f0000000000)={0x8, 0x100008b}, 0x0)
r0 = getpgrp(0x0)
sched_setaffinity(r0, 0x0, 0x0)
sched_setscheduler(0x0, 0x1, &(0x7f0000000300)=0x7)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
r1 = getpid()
sched_setscheduler(r1, 0x2, &(0x7f0000000000)=0x3)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0)
r2 = syz_clone(0x8000, 0x0, 0xfffffffffffffe7e, 0x0, 0x0, 0x0)
prctl$PR_SCHED_CORE(0x3e, 0x1, r2, 0x1, 0x0)
r3 = syz_open_dev$MSR(&(0x7f00000001c0), 0x0, 0x0)
read$msr(r3, &(0x7f0000032680)=""/102392, 0x18ff8)
r4 = bpf$MAP_CREATE_CONST_STR(0x0, &(0x7f0000000480)={0x2, 0x4, 0x8, 0x1, 0x80, 0x0, 0x4000000}, 0x50)
r5 = bpf$MAP_CREATE_RINGBUF(0x0, &(0x7f0000000340)={0x1b, 0x0, 0x0, 0x40000, 0x0, r4, 0xfff}, 0x50)
bpf$PROG_LOAD(0x5, &(0x7f0000000040)={0x15, 0x1c, &(0x7f0000000100)=@ringbuf={{0x18, 0x8, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0xbda}, {{0x18, 0x1, 0x1, 0x0, r5}, {}, {0x7, 0x0, 0xb, 0x6}, {0x85, 0x0, 0x0, 0x5}}, {{0x5, 0x0, 0x3}}, [@snprintf={{0x7, 0x0, 0xb, 0x2}, {0x3, 0x3, 0x3, 0xa, 0x9}, {0x5, 0x0, 0xb, 0x9, 0x0, 0x0, 0x2}, {0x3, 0x3, 0x3, 0xa, 0xa}, {0x6, 0x1, 0xa, 0x9, 0x8}, {0x7, 0x0, 0x0, 0x8}, {0x7, 0x1, 0xb, 0x4, 0x8}, {}, {0x7, 0x0, 0xc}, {0x18, 0x6, 0x2, 0x0, r4}, {}, {0x46, 0x8, 0xfff0, 0x76}}], {{0x7, 0x1, 0xb, 0x8}, {0x6, 0x0, 0x5, 0x8}, {0x85, 0x0, 0x0, 0x7}}}, &(0x7f0000000980)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @sk_reuseport=0x28, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)

8m5.119458603s ago: executing program 1 (id=1449):
r0 = openat$vhost_vsock(0xffffffffffffff9c, &(0x7f0000000100), 0x2, 0x0)
ioctl$VHOST_SET_OWNER(r0, 0xaf01, 0x0)
ioctl$VHOST_SET_VRING_ADDR(r0, 0x4028af11, &(0x7f0000000300)={0x1, 0x0, 0x0, &(0x7f0000002700)=""/79, 0x0, 0x60000})
ioctl$VHOST_SET_MEM_TABLE(r0, 0x4008af03, 0x0)
r1 = eventfd2(0x1, 0x1)
ioctl$VHOST_SET_VRING_ERR(r0, 0x4008af22, &(0x7f00000001c0)={0x0, r1})
ioctl$VHOST_SET_VRING_ADDR(r0, 0x4028af11, &(0x7f0000000280)={0x0, 0x0, 0x0, &(0x7f0000000400)=""/201, 0x0, 0xffff1000})
ioctl$VHOST_VSOCK_SET_RUNNING(r0, 0x4004af61, &(0x7f00000000c0)=0x1)
ioctl$VHOST_VSOCK_SET_GUEST_CID(r0, 0x4008af60, &(0x7f0000000140)={@my=0x1})
r2 = socket$vsock_stream(0x28, 0x1, 0x0)
connect$vsock_stream(r2, &(0x7f0000000200)={0x28, 0x0, 0x0, @my=0x1}, 0x10)

7m49.060873209s ago: executing program 32 (id=1449):
r0 = openat$vhost_vsock(0xffffffffffffff9c, &(0x7f0000000100), 0x2, 0x0)
ioctl$VHOST_SET_OWNER(r0, 0xaf01, 0x0)
ioctl$VHOST_SET_VRING_ADDR(r0, 0x4028af11, &(0x7f0000000300)={0x1, 0x0, 0x0, &(0x7f0000002700)=""/79, 0x0, 0x60000})
ioctl$VHOST_SET_MEM_TABLE(r0, 0x4008af03, 0x0)
r1 = eventfd2(0x1, 0x1)
ioctl$VHOST_SET_VRING_ERR(r0, 0x4008af22, &(0x7f00000001c0)={0x0, r1})
ioctl$VHOST_SET_VRING_ADDR(r0, 0x4028af11, &(0x7f0000000280)={0x0, 0x0, 0x0, &(0x7f0000000400)=""/201, 0x0, 0xffff1000})
ioctl$VHOST_VSOCK_SET_RUNNING(r0, 0x4004af61, &(0x7f00000000c0)=0x1)
ioctl$VHOST_VSOCK_SET_GUEST_CID(r0, 0x4008af60, &(0x7f0000000140)={@my=0x1})
r2 = socket$vsock_stream(0x28, 0x1, 0x0)
connect$vsock_stream(r2, &(0x7f0000000200)={0x28, 0x0, 0x0, @my=0x1}, 0x10)

7m22.337562581s ago: executing program 3 (id=1500):
getsockopt$MRT(0xffffffffffffffff, 0x0, 0xd1, 0x0, 0x0)
ioctl$AUTOFS_DEV_IOCTL_TIMEOUT(0xffffffffffffffff, 0xc018937a, 0x0)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
prlimit64(0x0, 0xe, &(0x7f0000000380)={0x8, 0x100008b}, 0x0)
sched_setscheduler(0x0, 0x1, &(0x7f0000000200)=0x5)
openat$sequencer(0xffffffffffffff9c, &(0x7f0000000300), 0x80200, 0x0)
r0 = syz_open_dev$sndmidi(&(0x7f00000004c0), 0x2, 0x141102)
writev(r0, &(0x7f0000000840)=[{&(0x7f00000002c0)="94", 0xf000}, {0x0}], 0x2)
r1 = socket(0x840000000002, 0x3, 0x100)
connect$inet(r1, &(0x7f0000000080)={0x2, 0x0, @local}, 0x10)
sendmmsg$inet(r1, &(0x7f0000005240)=[{{0x0, 0x0, 0x0}, 0xfffffdef}], 0x4000095, 0x0)
ioctl$sock_inet_SIOCSARP(0xffffffffffffffff, 0x8955, 0x0)

7m19.177129181s ago: executing program 3 (id=1501):
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000080)=0x8)
sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2)
r0 = getpid()
sched_setscheduler(r0, 0x1, &(0x7f0000000100)=0x5)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000001480)={<r1=>0xffffffffffffffff, <r2=>0xffffffffffffffff})
connect$unix(r1, &(0x7f00000004c0)=@file={0x0, './file0\x00'}, 0x6e)
sendmmsg$unix(r2, &(0x7f00000bd000), 0x318, 0x0)
recvmmsg(r1, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
clock_gettime(0x2, &(0x7f0000000040))
sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2)
bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000200)={0xd, 0x4, 0x0, &(0x7f0000000080)='syzkaller\x00'}, 0x94)
socket$netlink(0x10, 0x3, 0x0)
sendmsg$NL80211_CMD_NEW_KEY(0xffffffffffffffff, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000180)={&(0x7f0000000000)={0x1c, 0x0, 0x0, 0xfffffffd, 0x25dfdbff, {{}, {@val={0x8}, @void}}}, 0x1c}, 0x1, 0x0, 0x0, 0x8090}, 0x0)
r3 = openat$tun(0xffffffffffffff9c, &(0x7f0000000280), 0x42000, 0x0)
close(r3)
openat$ppp(0xffffffffffffff9c, &(0x7f0000000080), 0x0, 0x0)
getsockopt$inet6_tcp_int(0xffffffffffffffff, 0x6, 0x1e, 0x0, &(0x7f0000000300))
r4 = openat$vmci(0xffffffffffffff9c, &(0x7f0000000740), 0x2, 0x0)
ioctl$IOCTL_VMCI_VERSION2(r4, 0x7a7, &(0x7f0000000100)=0x80000)
ioctl$IOCTL_VMCI_INIT_CONTEXT(r4, 0x7a0, &(0x7f0000000140)={@host})
ioctl$IOCTL_VMCI_QUEUEPAIR_ALLOC(r4, 0x7a8, &(0x7f00000001c0)={{@host}, @host, 0x0, 0x6, 0x244c, 0xffffffffffffffff, 0x101, 0x0, 0xfffffffc})
ioctl$IOCTL_VMCI_VERSION2(r4, 0x7a7, &(0x7f00000000c0)=0xb0000)
ioctl$IOCTL_VMCI_QUEUEPAIR_SETVA(r4, 0x7a4, &(0x7f0000000000)={{@host}, 0x200000000000, 0x0, 0x0, 0xfffffffc})

7m17.510223063s ago: executing program 3 (id=1503):
r0 = syz_init_net_socket$802154_dgram(0x24, 0x2, 0x0)
r1 = socket$nl_netfilter(0x10, 0x3, 0xc)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x30, 0x8b}, 0x0)
sched_setscheduler(0x0, 0x1, &(0x7f0000000300)=0x7)
r2 = getpgrp(0x0)
sched_setaffinity(r2, 0x8, &(0x7f0000000040)=0x10000005)
prctl$PR_SCHED_CORE(0x3e, 0x1, r2, 0x2, 0x0)
r3 = getpid()
sched_setscheduler(r3, 0x2, &(0x7f0000000000)=0x3)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0)
r4 = syz_clone(0x8000, 0x0, 0xfffffffffffffe7e, 0x0, 0x0, 0x0)
prctl$PR_SCHED_CORE(0x3e, 0x1, r4, 0x1, 0x0)
r5 = syz_open_dev$MSR(&(0x7f00000001c0), 0x0, 0x0)
read$msr(r5, &(0x7f0000019680)=""/102392, 0x18ff8)
socket$inet_udp(0x2, 0x2, 0x0)
r6 = socket$alg(0x26, 0x5, 0x0)
bind$alg(r6, &(0x7f0000000000)={0x26, 'hash\x00', 0x0, 0x0, 'sha512\x00'}, 0x58)
r7 = accept4(r6, 0x0, 0x0, 0x800)
sendmmsg$alg(r7, &(0x7f0000000640)=[{0x0, 0x0, &(0x7f0000000380)=[{&(0x7f0000000140)="b57523cb1a2c90d8acad2e2d98dfc9ea7a5843c3b63b683ced2b3266175599b779617e66e6b3e15c042be90635a2d36160bbf9a2edcacc0bbe015b84150a1928de94397894ff36aa430fc2a0814ba634308d6d0837250dfd1eca5383f9d151449743b1a0c4ffc51242a229c5d6d06f147a61d797ea7ffeda95", 0x79}, {&(0x7f0000000300)='l3', 0x2}], 0x2}], 0x1, 0x0)
sendmsg$NFT_BATCH(r1, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000000040)={&(0x7f0000000600)=ANY=[@ANYBLOB="140000001000010000000000000000000000000a58000000060a0b040000000000000000020000000900010073797a30000000000900020073797a32000000002c0004802800018008000100666962001c000280080001400000000c080002400000000108000340"], 0x80}, 0x1, 0x0, 0x0, 0x4}, 0x8800)
connect$802154_dgram(r0, &(0x7f0000000000)={0x24, @long={0x3, 0x0, {0xaaaaaaaaaaaa0202}}}, 0xd)
r8 = syz_init_net_socket$nl_generic(0x10, 0x3, 0x10)
r9 = syz_genetlink_get_family_id$netlbl_cipso(&(0x7f0000000480), r8)
sendmsg$NLBL_CIPSOV4_C_ADD(r8, &(0x7f0000000000)={0x0, 0x0, &(0x7f00000000c0)={&(0x7f0000000340)=ANY=[@ANYBLOB='\\\x00\x00\x00', @ANYRES16=r9, @ANYBLOB="0702000000000000000001000000040008803400048005000300010000000e0003000100000005000300010000000500030000000000050003000000000005000300070000000800010003000000080002"], 0x5c}}, 0x0)
clock_gettime(0x1, &(0x7f0000000000))
syz_clone(0x100, &(0x7f0000000040)="72339a8cbcd434e4864ab5aee0c34e820416c76405c6316445d14b6145c6b607b1901983eb4f27c27059fa535101593d2742c8a0f246a812aa6d1b9605f7398c6b3352f3a3833d08e34f4b58397bb89047daef74c406c4519dc8b880f4ed9e2c1c7e4a4b70e86a812d6bee98258d833e26271710f56306c67d3648f2cad66e28bcb6e6c0882923ea589dbf23fca39d781beeb767f9f8bcd95d7d12b2b3ef0432c80772d1e8617cb8b4757714843b12a13090885e659a58ef252d65e2c36a6e23c717e0d154864a6e1de79fea34b5c90148a48b7f24ffdd98045a19a7449fd0f263559baa08786fdf0503b154d5a8e33d2e46b8b89c7effa1d6d0182a4c0d5e59de51d5fec389fb73c18b382bef815e2a94fbce62d83f58400ccbdab1ad8ba8f1997962d9bd06acdbea24d1af25f3b1ffa2f7549265158eb8a714e7f640b48eed03d40028259144eb3a9b4771f58ad5d016b1cfb952f17bd19f2bca7b5f208ef4e9de6a62a34050f0f418a26b7a6cc324f73e22c513ef5fb20651c6434e6db4084a8c7b3ac0aae3b6cc00aaa36443621cc22e69c2256620b0150fcdffb338bdd4c6ebb50de96607612cc367dab83b4af625e4df971102abc24303801026db9f68011d8ff7d86d02675e7c134cfea71bacb3724dd85a88abeb8c24ce85e95a51f4740995720e18c778d99b3b41f6d25efaf33672aa4f986e24cc15cfe8775bda3690d2d6ddbc560da17bff31fe2dcb20c8e34598d3131e4a53ed21da0030eeadeb702f98ec7a627734be49b83e8498e89fc809fe2c3f08808dcbe46cc96511eecc9324852e49a3a651a43f2a3b1fa617c08d12f9b84dd08e7743fb9c0629b5134703b03d8b8e87d5011b55d9ab3eada2930bb0437028d4a596c13f7ae832307475b410c10e153ab1cf0c00a41844a7aadc4b132d6e8069bc8e23e896b09b9ecfce4f14220d46626f04ff6067067b6cc805aeb6607913aeb8a52ae4435cc7566867756f2f507f7c83d82d329ca69da919c58f192d845ade347f9da66fdd236ccfd7639932d5017e7204884b47ca2886d36ce32b708e6acbf224f5ec4eef31fa04260266075b0ccb502299432a532489fc0ac719303c77144533cee0e1f4699cefe8dfc416ed595d8c673b8c0b0fb6faf0f590fcafbcec58fa7c8ed7f1fcdd548a4bf563b406a4afe886907d394172494f1c124cdd21ac49447c22bc6977497d00f6126311bc4149434f027c278b8887e0a842d21316cae6c7e2cdf5068736e69f3b0c6e8a0077d4b090ba92ee9fdbe330166d09a32623a4f259e4f3f7e5ccd295aeb04c3c5200c554f7296a5a8b3a706ee5801ecd75fec1330e2fc9dbc7260961b1e3191803b9639eacbecd50bdc98b7a5fa598354340df2f8a2af475ea1352b164520b53ee2e3e9501804749d42086899206cd5c573c222e8713564bfb03e55b9a5898385af5722d1ee75dc6062a7cf1290be2fd195db78d94261a54502ec3f1fe27561009a97a7ca3b0e12ddf9b8548a35a2d9c71750549188b0911f56a07ee64ff256ebdd4b3d1d417ca19e7cf3b4e7e82680e039f12d3b49c5f65b09d4c80dfeee9299978baeac07b53bb97436946e43cab3624db8c9d3170dd7d5879367250d8dbbe8e78421b862b85338a201e8667450a9ac908f7627b74275c54b1c9b0c33bf238edc9c9f697980e2f168ce49322c0aa0489238e3d97f2c67183414eb77296bdaa5cfdd3c34e6309741a74c99d6c62268a41d85ef960eb38b583ee3d012f7066a64b7ef2af3b8bce0cba92be2ffd787f79d457ebcdb8e916f7e472f054d8a629daa2baab262de87b5cc767cceb0950b8114c08ae1857032bb98e5c93e367993a327d95e18fbbc6c2c0f2fa4889811755da6ae8defa194920bf504c6b5cac3d8d039ef0e70ad264d3d3397b3d74d19070b4d989c7d7c6c065b94ae1d36250e489c31aceef356cf8c6b28939995647f81f25a1aebdeeb9a15d482533335226a85298908267f3d8bd7ced3352692c034d8797aae673beaa5e1c8211deab6a7bcafa113e79f07ef2f9ae69ce9d00e5c3101814e4360e461854018678948cdaa685d26746d367de40141951f90b21f6fa44a9d47542c4b691446a91ab001305aadaed27011688efb4f3dad890661f546e39148dc9ef714b932f82b3d98c276cdf49b4d27a9aabe2f72343a23255e1d5d4f7749ed864edba56f7c44283d0c87ecf2368bccbafa75ad72553e9821ad7f388ffcf7d735cc46bbab03badd445acaddb8c6b4309a97ddf7a6193f4e0d6d5fd637999e53fc01f6f1e28afced71fd6d7cd6ac9caaa4cb6e6bf23876be4c6d2fd6d32e2a220d15c835b864d17e14d2b977e9d0828cf1b2a619e9bce3de4aa7cd6ac5344c40e96cb7f7fe2ce71573b40ce2b28bb456c5eb747d5747704514c2d29ece3d9fdb1504ca51a515e5e071a1de0d4ad3ab28c9f21cfc26b0f99c9e2db711651bcf642d270984f1d9172cb2f7e71cfd502374cb85e4be11777f4b1c9867b4bb575b72ff9780463dc4f2e8a5917e38f6071015793e508e4a25e993fbd20492d894e3ef509d743d4bd94c7e3800d536b92a2d09bac283b1e606bdeb74d6e35e0f6ada9942aa908460fdad6d7c01b0663efa61afb660c00f688bcf53f9374a9255b063f9af47635c990597867d02baea48c533c9febe74c579a847636a30ae027867c15d358640de9ebdd16c777a93996a7655f380261184a1e473f1129d6acafd3787311ae1643abbe5a1f8a4f0728133a56e3b4f5a09de452b608ed94b0125e9cdd95ce33367e083b2dc1e525ae7e0e76a7f3cca086b99ee004e898a07165d8f3d3db604a8dda701fb334cdfd34011969ea4c78a9c54955cc0ac4c4345c81be576dad1ec07608a9fe9988d35d34024645c6b33020776afd11461ecb8b3fdaf3a875563766d9fe5ce528d72ecc97c6cffff194115ce71758ee0e8ed304770797146618136062b97f88f116dfcb521810cd1daebf1d195efb21e86a3df6158a40777c700a6db29f2f793c958267ff54f3d92e80d946d76d580d338bcd48a6ffa5192a2ca08ca63e441cdc0847ff21d903904347c47bb23b323dd460309e6b32396525d9bcfd6d1bc885cb1c84bdd7b2391a17821c8e8d90a53fb33af5604d6aa2ac2096a3d365bec593218d27c36c7d7c276787e28519f5a290a61288b8221bb1f019c8c52924e140ebf8e635c438ef03e11ca3f78aab2c753f5d97df49d3e1545e2df8e24329452b243d6200050387aa7a9dd90bd5074c7c2002ebd5008620e61f4277047dc591bc5c704d39e96b13872d5a01f658359b696c7ff2ba093dae188bf5336682f43735e961d9be517647dd9a4cb3d071ab44d0f77da3e066469ecd85854da737217d3b4b4f72c454d9a5eab179d403f07596418e127c53a2b12cdd41172489b18aac2aedd4160cda9b119248e9c6d9c9c8c59eaffa9456b53401cfb03ad7726e83f94b0d14ab214ca5ce21e080213fc9fd64a4857b0baff867fc0e3f5ab17792c45621feb71a0b210ef2f6f5e9c0828b20bd584a0a573032a39404f83c3adf469303e080a66e8a32f2b9c3175051ca26416e00882a09100c70e7c27b552d510dce57ebcf5ee8e7e672e71cab41e2ee83e10d98e12d2af6b017612387106c0d41541087aae2e811837f94978d130f188a376472c14508eeaa4e44065a09bb4c8432a6bb1da04cefef0a571702d86edc2ccc4a0340ae250e1ad3359e4a476a73467954436a80500014688ce39438b56d1ea21f8e81691bfe032fcd4d6008b03addeed17b6a664049eb69812bcfd5298071c8e29b387ba71b84e23326f960fd263b82484d90c6da5fa8ce44cfed5ffaf58ccd7e1a347751a236d6e5469d508b8ef1682ddde01afe73ae4c5ad53cc034f84e001c6354898563b120b40b2122894d28c965d935535256510ca624474001b69282c540b5e0d70df5642b1ee9f00d4e37420af4cca4afc7e7beaa02dafe71bbde9e73969e0a5448355014943d41e5b65342a7a1b96e54ee622e93898a0ef2f12737f6a12ebd6aa0339f3085b055d8383d6c784f6aa77bcc269a512522fd0146f7b0a8e518b48095c3d15fb645fbbbb20671f86e41a2ae2a11a27db03b2452407b93f6754556555187354eab260c3c3333b05f7bffcfa3056916b7faa861fe097078583dfb5d214a8799810c21023cac75a8fdcbfc1239f991cbc0cd72ac306fd280533fcb33a740a5479bc9553a0632160908ca6aa73ca67cdbc197bf72547b0487aabbef5d6ea124db2a9ced604ae583fa2a09386b9660fec2b3fcf5e8fb5215ed6814d4c9a9088b53dc575e1fb270398bced354600123b2c4850c9f0b30d64c9ce68f70d753a82fe3ccea5c8b75047f35bf724eb915755728470a7dfdc370d7119af2ac119f8792f7338cc6c5ed39842a1877479d479c92ec6347d50220ff7aab6c007a73b8873d0e5dcd7a504f0f154f9b7844009c6608aaee0af828ea3e931409da9b6c995f4173c604c0a83294948c1ba0572d67d9d01ccddcbf3524c76a972220c108bd4e54ad1d120464ad823c163375de474d1054deb084e58fdf6878c0ac3d79212053ccc76a0b15dd2077e927c3bdbf1b34bba9312b2f020aa725d435988a3386a540d64929219f70ac316ad603152230a6590aa506f97116e1bbad66956384e0861a4332e9ac5cf20f36d55d3bf8dbae2952d6d023c9b658143f3eb8a6024ba50338f9980a235c2a99213e7979c7aa6e4a01f589b909aa9184c3049c9914fbd31cc6960b33692c074aec3a3cead045fe67f093391b7accc77b80bc4a6acd571faa3d01be0b4c38e251574184a038a4293b9f46e81137cbec0b2ead89e63a829849d1b71c3f2b4bdddf3e803bb5c349f05afc8ed5fd5113b29959cb8b2d495ec2ce9b7900a17d31976e6233e2e78cc83cd4e4e8a5d2401005aaa532e4fc4c295edd10e2b395f680a141e5da712feddf284c32f64977a62f681d9c0adf9c0814156dbbf1f8dd513c3f3edbd633b1975ad78b0e568d44d1839d791da9c314fe72437a2df28cb228fcadc25764ab329176bed918e503005c598d62e1b7289d062c82efce99729a7803bd8a2a48478211aa874c8013ba2fca95b1a69ea9e935692418106fdd2026a66af47608bd2fa6d27f92331b8949082951275960d9a251be9aef06f34370907a997f38b50c8a1dbf2e59425d0186caab5768b99df327141010f7d16a8312d26dc340f08b636dfb34f3980ea0f9fe26bc280f4eb64f1b2d61d4e878ecf3c162c31601ec1d84e30275e7a55f6188dc4877805196e80da0e2610080c412f345734d905f14bff5ce5c404dc6c5e5bbd0be8d1e6ae0d5f9e34bcb5978888da5bc4e374e62fcb2282580f4367bef3dd7bed59c876006a873f854729f1725dfbb749f49363120b533dd38f246bf54cf0ca31198b7db163b1810e8acb39612a5df500e153979044b097ae65d22603e9900c4a29c83abe35f60e1d1b6974fc722c93ddcce3a41e21174acff5799cb711b14e41a97bd4cb0246e53932bb206ac774e72f6651c605e2fbe159b2d6dc341ddc3663947d2adbe766db28d686531923cf50ca927d6f189f8176defbe7f5bf9c7f43d1c7cfe4704f528fd81f707105fa4ac2d6752c373fb89f339ec73603cd80c260e3c2e8b9281a868eeb05a9492e360209429805ad1a9d76cadd9878a3b200afa047d3f399c8dc248db09dfd896977c01fafb0a6bfda86010afa794bcb4741663a20d61eae7bbc83d556fdeb70517683e793c0634f6c23a8b5a851caf74fc0e858eb4af", 0x1000, &(0x7f0000001040), &(0x7f0000001080), &(0x7f00000010c0)="2f29625123d03683a2999139f9c0f0ac47fec8d4ffc908ef56f63e7e57150f2ba683fa728f1c3092de16dedbc186b99212792b8d225d1eaf0e0e5f6cb35f8cd488ab719b14f864a7c70c164580a314cfa0e409e98b1f927a4ecf4ff27e4215575c1cc7af5d91db4f5edf3c045dd807bdf0c337f0b1b1a5f724d63ed97d8f32e14dd614d78fcad7e71ae48671754fc225cecf01893b2ce8eeb456")

7m14.476874979s ago: executing program 3 (id=1506):
syz_open_dev$video(&(0x7f0000000080), 0x8, 0x101000)
dup(0xffffffffffffffff)
io_uring_setup(0xbbc, &(0x7f0000000280)={0x0, 0x0, 0x2, 0x0, 0x345})
syz_open_dev$video(&(0x7f0000000000), 0x7fff, 0x40800)
write$RDMA_USER_CM_CMD_CREATE_ID(0xffffffffffffffff, &(0x7f0000000100)={0x0, 0x18, 0xfa00, {0x0, &(0x7f00000000c0), 0x111, 0x8}}, 0x20)
r0 = openat$rdma_cm(0xffffffffffffff9c, &(0x7f0000000940), 0x2, 0x0)
r1 = socket$unix(0x1, 0x2, 0x0)
ppoll(&(0x7f0000000300)=[{r1, 0x4236}], 0x1, 0x0, 0x0, 0x0)
write$RDMA_USER_CM_CMD_CREATE_ID(0xffffffffffffffff, &(0x7f0000000040)={0x0, 0x18, 0xfa00, {0x8000001, &(0x7f0000000300), 0x2, 0x1}}, 0x20)
writev(r0, &(0x7f0000000040)=[{&(0x7f0000000100), 0x86}], 0x2)

7m12.356271106s ago: executing program 3 (id=1510):
socket(0xa, 0x5, 0x0)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000180)=0x4)
sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
r0 = syz_open_dev$MSR(&(0x7f0000000040), 0x0, 0x0)
read$msr(r0, &(0x7f0000000300)=""/102400, 0x19000)
syz_open_dev$vbi(&(0x7f0000000100), 0x0, 0x2)
sendmsg$NFT_BATCH(0xffffffffffffffff, &(0x7f000000c2c0)={0x0, 0x0, &(0x7f0000000200)={&(0x7f00000000c0)=ANY=[], 0x7c}}, 0x0)
bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x0, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="180000000000000000000000000000008500000022000000180100002020705200000000002020207b0ae8ff00000000bfa100000000000007010000f8ffffffb70200"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback=0x2b, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3}, 0x94)
close(0x3)
bpf$PROG_LOAD(0x5, 0x0, 0x0)
bind$rds(0xffffffffffffffff, &(0x7f0000000040)={0x2, 0x4e21, @local}, 0x10)
sendmsg$rds(0xffffffffffffffff, 0x0, 0x0)
setsockopt$RDS_CANCEL_SENT_TO(0xffffffffffffffff, 0x114, 0x1, &(0x7f0000000100)={0x2, 0x0, @initdev={0xac, 0x1e, 0x0, 0x0}}, 0x10)
mmap(&(0x7f0000000000/0xe7e000)=nil, 0xe7e000, 0xfffffffffffffffe, 0x4031, 0xffffffffffffffff, 0x0)
r1 = userfaultfd(0x80001)
ioctl$UFFDIO_API(r1, 0xc018aa3f, &(0x7f0000000000))
ioctl$UFFDIO_REGISTER(r1, 0xc020aa00, &(0x7f0000000140)={{&(0x7f00000e2000/0xc00000)=nil, 0xc00000}, 0x4})
ioctl$UFFDIO_COPY(r1, 0xc028aa03, &(0x7f0000000080)={&(0x7f00006c6000/0x400000)=nil, &(0x7f000018b000/0x3000)=nil, 0x400000, 0x0, 0x6040000})

7m9.67215048s ago: executing program 3 (id=1516):
socket(0xa, 0x5, 0x0)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000180)=0x4)
sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
r0 = syz_open_dev$MSR(&(0x7f0000000040), 0x0, 0x0)
read$msr(r0, &(0x7f0000000300)=""/102400, 0x19000)
sendmsg$NFT_BATCH(0xffffffffffffffff, &(0x7f000000c2c0)={0x0, 0x0, &(0x7f0000000200)={&(0x7f00000000c0)=ANY=[], 0x7c}}, 0x0)
bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x0, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="180000000000000000000000000000008500000022000000180100002020705200000000002020207b0ae8ff00000000bfa100000000000007010000f8ffffffb70200"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback=0x2b, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3}, 0x94)
close(0x3)
bpf$PROG_LOAD(0x5, 0x0, 0x0)
r1 = socket$rds(0x15, 0x5, 0x0)
bind$rds(r1, &(0x7f0000000040)={0x2, 0x4e21, @local}, 0x10)
setsockopt$RDS_CANCEL_SENT_TO(r1, 0x114, 0x1, &(0x7f0000000100)={0x2, 0x0, @initdev={0xac, 0x1e, 0x0, 0x0}}, 0x10)
mmap(&(0x7f0000000000/0xe7e000)=nil, 0xe7e000, 0xfffffffffffffffe, 0x4031, 0xffffffffffffffff, 0x0)
r2 = userfaultfd(0x80001)
ioctl$UFFDIO_COPY(r2, 0xc028aa03, &(0x7f0000000080)={&(0x7f00006c6000/0x400000)=nil, &(0x7f000018b000/0x3000)=nil, 0x400000, 0x0, 0x6040000})

6m54.321728364s ago: executing program 33 (id=1516):
socket(0xa, 0x5, 0x0)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000180)=0x4)
sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
r0 = syz_open_dev$MSR(&(0x7f0000000040), 0x0, 0x0)
read$msr(r0, &(0x7f0000000300)=""/102400, 0x19000)
sendmsg$NFT_BATCH(0xffffffffffffffff, &(0x7f000000c2c0)={0x0, 0x0, &(0x7f0000000200)={&(0x7f00000000c0)=ANY=[], 0x7c}}, 0x0)
bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x0, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="180000000000000000000000000000008500000022000000180100002020705200000000002020207b0ae8ff00000000bfa100000000000007010000f8ffffffb70200"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback=0x2b, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3}, 0x94)
close(0x3)
bpf$PROG_LOAD(0x5, 0x0, 0x0)
r1 = socket$rds(0x15, 0x5, 0x0)
bind$rds(r1, &(0x7f0000000040)={0x2, 0x4e21, @local}, 0x10)
setsockopt$RDS_CANCEL_SENT_TO(r1, 0x114, 0x1, &(0x7f0000000100)={0x2, 0x0, @initdev={0xac, 0x1e, 0x0, 0x0}}, 0x10)
mmap(&(0x7f0000000000/0xe7e000)=nil, 0xe7e000, 0xfffffffffffffffe, 0x4031, 0xffffffffffffffff, 0x0)
r2 = userfaultfd(0x80001)
ioctl$UFFDIO_COPY(r2, 0xc028aa03, &(0x7f0000000080)={&(0x7f00006c6000/0x400000)=nil, &(0x7f000018b000/0x3000)=nil, 0x400000, 0x0, 0x6040000})

6m25.90141516s ago: executing program 0 (id=1580):
socket(0xa, 0x5, 0x0)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000180)=0x4)
sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
r0 = syz_open_dev$MSR(&(0x7f0000000040), 0x0, 0x0)
read$msr(r0, &(0x7f0000000300)=""/102400, 0x19000)
close(0x3)
bpf$PROG_LOAD(0x5, 0x0, 0x0)
bind$rds(0xffffffffffffffff, &(0x7f0000000040)={0x2, 0x4e21, @local}, 0x10)
sendmsg$rds(0xffffffffffffffff, 0x0, 0x0)
setsockopt$RDS_CANCEL_SENT_TO(0xffffffffffffffff, 0x114, 0x1, &(0x7f0000000100)={0x2, 0x0, @initdev={0xac, 0x1e, 0x0, 0x0}}, 0x10)
mmap(&(0x7f0000000000/0xe7e000)=nil, 0xe7e000, 0xfffffffffffffffe, 0x4031, 0xffffffffffffffff, 0x0)
r1 = userfaultfd(0x80001)
ioctl$UFFDIO_API(r1, 0xc018aa3f, &(0x7f0000000000))
ioctl$UFFDIO_REGISTER(r1, 0xc020aa00, &(0x7f0000000140)={{&(0x7f00000e2000/0xc00000)=nil, 0xc00000}, 0x4})
ioctl$UFFDIO_COPY(r1, 0xc028aa03, &(0x7f0000000080)={&(0x7f00006c6000/0x400000)=nil, &(0x7f000018b000/0x3000)=nil, 0x400000, 0x0, 0x6040000})

6m24.744274886s ago: executing program 0 (id=1581):
socket(0xa, 0x5, 0x0)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000180)=0x4)
sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2)
r0 = syz_open_dev$MSR(&(0x7f0000000040), 0x0, 0x0)
read$msr(r0, &(0x7f0000000300)=""/102400, 0x19000)
syz_open_dev$vbi(&(0x7f0000000100), 0x0, 0x2)
close(0x3)
mmap(&(0x7f0000000000/0xe7e000)=nil, 0xe7e000, 0xfffffffffffffffe, 0x4031, 0xffffffffffffffff, 0x0)
r1 = userfaultfd(0x80001)
ioctl$UFFDIO_API(r1, 0xc018aa3f, &(0x7f0000000000))
ioctl$UFFDIO_REGISTER(r1, 0xc020aa00, &(0x7f0000000140)={{&(0x7f00000e2000/0xc00000)=nil, 0xc00000}, 0x4})
ioctl$UFFDIO_COPY(r1, 0xc028aa03, &(0x7f0000000080)={&(0x7f00006c6000/0x400000)=nil, &(0x7f000018b000/0x3000)=nil, 0x400000, 0x0, 0x6040000})

6m23.476169457s ago: executing program 0 (id=1582):
socket$nl_route(0x10, 0x3, 0x0)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0)
sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x7)
r0 = getpid()
sched_setscheduler(r0, 0x2, &(0x7f0000000200)=0x4)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
r1 = socket$alg(0x26, 0x5, 0x0)
bind$alg(r1, &(0x7f0000000000)={0x26, 'hash\x00', 0x0, 0x0, 'rmd160-generic\x00'}, 0x58)
r2 = accept4(r1, 0x0, 0x0, 0x0)
sched_setaffinity(0x0, 0x8, &(0x7f0000000080)=0x8000000002)
r3 = syz_open_dev$MSR(&(0x7f0000000400), 0x0, 0x0)
read$msr(r3, &(0x7f000001aa40)=""/102392, 0x18ff8)
recvmmsg$unix(r2, &(0x7f00000053c0)=[{{0x0, 0x0, 0x0}}, {{0x0, 0x0, 0x0}}], 0xa32, 0x60, 0x0)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeef, 0x8031, 0xffffffffffffffff, 0x0)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={<r4=>0xffffffffffffffff, <r5=>0xffffffffffffffff})
r6 = socket$inet6_tcp(0xa, 0x1, 0x0)
getsockopt$sock_int(r6, 0x1, 0x2a, 0x0, &(0x7f0000000000))
connect$unix(r4, &(0x7f000057eff8)=@file={0x0, './file0\x00'}, 0x6e)
sendmmsg$unix(r5, &(0x7f0000000000), 0x400000000000041, 0x0)
recvmmsg(r4, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
sendmsg$nl_netfilter(0xffffffffffffffff, 0x0, 0x55fdb4595c3d8036)
openat$ptmx(0xffffffffffffff9c, &(0x7f0000000100), 0x8200, 0x0)
mq_open(&(0x7f0000000180)='.\\\x00', 0x2, 0x40, 0x0)
r7 = bpf$MAP_CREATE(0x0, &(0x7f0000000400)=@base={0x14, 0x4, 0x4, 0x22}, 0x50)
setsockopt$sock_int(0xffffffffffffffff, 0x1, 0xf, 0x0, 0x0)
keyctl$setperm(0x5, 0x0, 0x1000001)
r8 = socket$inet_icmp(0x2, 0x2, 0x1)
bind$inet(r8, &(0x7f0000000200)={0x2, 0x4e24, @rand_addr=0x64010100}, 0x10)
bpf$MAP_UPDATE_ELEM(0x2, &(0x7f0000000500)={r7, &(0x7f00000001c0), &(0x7f00000004c0)=@udp}, 0x20)

6m20.459125731s ago: executing program 0 (id=1584):
r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000140), 0x0, 0x0)
r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0)
r2 = socket(0x10, 0x3, 0x0)
sendmsg$nl_generic(r2, &(0x7f0000000040)={0x0, 0x0, &(0x7f0000000080)={&(0x7f00000003c0)=ANY=[@ANYRES16=r2], 0x28}}, 0x0)
sendmsg$IPSET_CMD_GET_BYINDEX(0xffffffffffffffff, &(0x7f0000000040)={0x0, 0x0, &(0x7f0000001500)={&(0x7f0000000100)={0x14, 0xf, 0x6, 0x101, 0x0, 0x0, {0xa, 0x0, 0x5}}, 0x14}, 0x1, 0x0, 0x0, 0x8004}, 0x20000000)
sendmsg$inet(0xffffffffffffffff, &(0x7f0000001640)={0x0, 0x0, 0x0, 0x0, &(0x7f0000001140)=ANY=[], 0x48}, 0x0)
ioctl$KVM_SET_USER_MEMORY_REGION(r1, 0x4020ae46, &(0x7f0000000400)={0x0, 0x0, 0x0, 0x20002000, &(0x7f0000000000/0x2000)=nil})
openat$kvm(0xffffffffffffff9c, &(0x7f0000000440), 0x0, 0x0)
r3 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0)
syz_kvm_setup_cpu$x86(r1, r0, &(0x7f00008c4000/0x18000)=nil, &(0x7f0000000100)=[@text32={0x20, &(0x7f0000000000)="9a01000000f800b8d58800000f23d00f21f8351000000d0f23f864640f79ea66baf80cb8c85f5480ef66bafc0cecc4c2adac17b9550200000f320f2860c7c4e11751df0f2e2d00000080b9800000c00f3235008000000f30", 0x58}], 0x1, 0x4a, 0x0, 0x0)
ioctl$KVM_SET_GUEST_DEBUG_x86(r3, 0x4048ae9b, &(0x7f0000000080)={0x170003, 0x0, {[0xffffffffffffffff, 0x1f8, 0x2, 0xffffffffefffff15, 0x3, 0x2, 0x1, 0x4]}})
ioctl$KVM_RUN(r3, 0xae80, 0x0)

6m19.780055403s ago: executing program 0 (id=1585):
keyctl$dh_compute(0x17, 0x0, 0x0, 0x0, 0x0)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x20008b}, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000640)=0x3)
sched_setaffinity(0x0, 0x0, 0x0)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
r0 = syz_open_dev$MSR(&(0x7f00000001c0), 0x0, 0x0)
read$msr(r0, 0x0, 0x0)
mbind(&(0x7f0000bdb000/0x3000)=nil, 0x3000, 0x1, &(0x7f0000000080)=0x103e, 0x5, 0x0)
readv(0xffffffffffffffff, &(0x7f0000000000)=[{0x0}], 0x1)
bpf$PROG_LOAD(0x5, 0x0, 0x0)
r1 = syz_init_net_socket$llc(0x1a, 0x1, 0x0)
connect$llc(r1, &(0x7f0000000180)={0x1a, 0x0, 0x0, 0x8, 0x0, 0x0, @multicast}, 0x10)

6m19.618357188s ago: executing program 0 (id=1586):
syz_init_net_socket$bt_hci(0x1f, 0x3, 0x1)
r0 = getpgrp(0x0)
sched_setaffinity(r0, 0x8, &(0x7f0000000040)=0x5)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
prlimit64(0x0, 0xe, &(0x7f0000000100)={0x8, 0x80000100008a}, 0x0)
sched_setscheduler(0x0, 0x1, &(0x7f0000000300)=0x7)
r1 = getpid()
sched_setscheduler(r1, 0x2, &(0x7f0000000000)=0x3)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0)
r2 = syz_clone(0x8000, 0x0, 0xfffffffffffffe7e, 0x0, 0x0, 0x0)
prctl$PR_SCHED_CORE(0x3e, 0x1, r2, 0x1, 0x0)
r3 = syz_open_dev$MSR(&(0x7f00000001c0), 0x0, 0x0)
sendmsg$AUDIT_TTY_SET(0xffffffffffffffff, &(0x7f0000000440)={&(0x7f0000000140)={0x10, 0x0, 0x0, 0x20}, 0xc, &(0x7f00000002c0)={&(0x7f0000000240)={0x18, 0x3f9, 0x401, 0x70bd2a, 0x25dfdbfd, {0x0, 0x1}, ["", "", ""]}, 0x18}, 0x1, 0x0, 0x0, 0x40000}, 0x10)
read$msr(r3, &(0x7f0000019680)=""/102392, 0x18ff8)
futex_waitv(&(0x7f0000002280)=[{0x7, &(0x7f0000000480), 0x2}, {0x480000000, &(0x7f00000004c0)=0x3, 0x2}, {0x6, &(0x7f0000000500)=0x9, 0x2}, {0xfffffffffffffffa, &(0x7f0000000540)=0xfff, 0x2}, {0x4fa740e5, &(0x7f0000000580)=0xee8, 0x2}, {0x7, &(0x7f00000005c0)=0x5, 0x82}, {0xffffffffffffffff, &(0x7f0000000600)=0x3, 0x82}, {0x2, &(0x7f0000000640), 0x2}, {0x9, &(0x7f0000000680)=0x1, 0x82}, {0x8c0, &(0x7f00000006c0)=0x101, 0x2}, {0xffffffff, &(0x7f0000000700)=0x8, 0x82}, {0x8, &(0x7f0000000740)=0xfffffffffffffff8, 0x2}, {0x3, &(0x7f0000000780)=0x401, 0x2}, {0x4, &(0x7f00000007c0)=0x7, 0x82}, {0x0, &(0x7f0000000800)=0x1, 0x82}, {0x6, &(0x7f0000000840)=0x6, 0x82}, {0x0, &(0x7f0000000880)=0x3, 0x82}, {0xec, &(0x7f00000008c0)=0x3, 0x82}, {0x500, &(0x7f0000000900), 0x82}, {0x6a, 0x0, 0x2}, {0x3, &(0x7f0000000980)=0xd, 0x2}, {0xffffffffffffffcc, &(0x7f00000009c0)=0x2, 0x82}, {0x6, &(0x7f0000000a00), 0x82}, {0x71a, &(0x7f0000002e00)=0x8, 0x2}, {0x2, &(0x7f0000000a80)=0x8, 0x82}, {0x8000000000000000, &(0x7f0000000ac0)=0x10000, 0x82}, {0x1, &(0x7f0000000b00)=0x5, 0x2}, {0x8, &(0x7f0000000b40)=0x10000, 0x2}, {0x9, &(0x7f0000000b80)=0x7, 0x82}, {0x8, &(0x7f0000000bc0)=0x8, 0x2}, {0x4, &(0x7f0000000c00)=0x694, 0x82}, {0x100000001, &(0x7f0000000c40)=0x70, 0x82}, {0x9, &(0x7f0000000c80)=0x5, 0x2}, {0x100000000, &(0x7f0000000cc0)=0x30000000000000, 0x82}, {0x5, &(0x7f0000000d00)=0x6bbd}, {0xff, &(0x7f0000000d40)=0x3, 0x2}, {0x3ff, &(0x7f0000000d80)=0xd, 0x82}, {0x1, &(0x7f0000000dc0)=0xfff, 0x82}, {0x5, &(0x7f0000000e00)=0x5, 0x80}, {0x8, &(0x7f0000000e40)=0x8, 0x82}, {0x80, &(0x7f0000000e80)=0x1, 0x82}, {0x800, &(0x7f0000000ec0)=0xc4be, 0x82}, {0x6f72, &(0x7f0000000f00)=0x6, 0x2}, {0x88, &(0x7f0000000f40)=0x6, 0x2}, {0xffffffff00000001, &(0x7f0000000f80)=0xffffffff, 0x82}, {0x28, &(0x7f0000000fc0)=0x8, 0x82}, {0xc00, &(0x7f0000001000)=0x3ff, 0x82}, {0x0, &(0x7f0000001040)=0xf, 0x82}, {0xd, &(0x7f0000001080)=0x9, 0x2}, {0x8001, &(0x7f00000010c0)=0x9, 0x82}, {0x1, &(0x7f0000001100)=0xbe, 0x82}, {0x10000, &(0x7f0000001140)=0xa9, 0x2}, {0x0, &(0x7f0000001180)=0x200, 0x2}, {0x1, &(0x7f00000011c0)=0xec7, 0x82}, {0x8, &(0x7f0000001200)=0x100000001, 0x2}, {0xfffffffffffffff7, &(0x7f0000001240)=0xfffffffffffff323, 0x82}, {0x2, &(0x7f0000001280)=0xa544, 0x2}, {0x7f, &(0x7f00000012c0), 0x2}, {0xffffffffffffffff, &(0x7f0000001300)=0x1, 0x82}, {0x3, &(0x7f0000001340)=0x3, 0x82}, {0x1, &(0x7f0000001380), 0x82}, {0x5, &(0x7f00000013c0)=0xfffffffffffffffc, 0x82}, {0x2, &(0x7f0000001400)=0x4, 0x82}, {0x10, &(0x7f0000001440)=0xed9, 0x82}, {0x3, &(0x7f0000001480)=0x5, 0x2}, {0x3, &(0x7f00000014c0)=0x8, 0x82}, {0xa, &(0x7f0000001500)=0xf11, 0x2}, {0x7fffffffffffffff, &(0x7f0000001540)=0x8, 0x2}, {0x466, &(0x7f0000001580)=0x2, 0x2}, {0xc563f26, &(0x7f00000015c0)=0x7, 0x2}, {0x3, &(0x7f0000001600)=0xff, 0x82}, {0xffffffffffffffff, &(0x7f0000001640)=0x4, 0x82}, {0x8, &(0x7f0000001680)=0x7fffffffffffffff, 0x2}, {0x7f, &(0x7f00000016c0)=0xc09, 0x82}, {0x8, &(0x7f0000001700)=0x9, 0x2}, {0x6, &(0x7f0000001740)=0x56, 0x82}, {0x10001, &(0x7f0000001780)=0x10, 0x2}, {0x9eb, &(0x7f00000017c0)=0x7, 0x82}, {0x800, &(0x7f0000001800)=0x7, 0x82}, {0xfffffffffffffffd, &(0x7f0000001840)=0x4, 0x82}, {0x0, &(0x7f0000001880)=0xf0, 0x82}, {0x7, &(0x7f00000018c0)=0x1, 0x2}, {0xa8d, &(0x7f0000001900)=0x5, 0x82}, {0xdd72, &(0x7f0000001940)=0x8000000000000001, 0x2}, {0x0, &(0x7f0000001980)=0x1, 0x2}, {0x8, &(0x7f00000019c0)=0xee0c, 0x82}, {0x2, &(0x7f0000001a00)=0x9, 0x2}, {0x4, &(0x7f0000001a40)=0x1ff, 0x2}, {0x1, &(0x7f0000001a80)=0x4, 0x2}, {0x7, &(0x7f0000001ac0)=0x8000, 0x82}, {0x2, &(0x7f0000001b00)=0x4fc9, 0x82}, {0xb1c7, &(0x7f0000001b40)=0x7f, 0x82}, {0x4, &(0x7f0000001b80)=0x1ff, 0x82}, {0xf2, &(0x7f0000001bc0)=0x7, 0x82}, {0xfffffffffffff000, &(0x7f0000001c00)=0x66ee, 0x82}, {0x8, &(0x7f0000001c40)=0x8, 0x82}, {0x9, &(0x7f0000001c80)=0xfffffffffffffffb, 0x2}, {0x481, &(0x7f0000001cc0)=0x4, 0x2}, {0x1ff, &(0x7f0000001d00)=0xb4a, 0x2}, {0x6, &(0x7f0000001d40)=0xbb5, 0x2}, {0x9, &(0x7f0000001d80)=0x5, 0x2}, {0x2, &(0x7f0000001dc0)=0x4, 0x82}, {0x1, &(0x7f0000001e00)=0x7, 0x2}, {0x240000000000000, &(0x7f0000001e40)=0x1ff, 0x82}, {0x6, &(0x7f0000001e80)=0x400, 0x82}, {0x0, &(0x7f0000001ec0)=0x111, 0x80}, {0x0, &(0x7f0000001f00)=0x8, 0x82}, {0x5d, 0x0, 0x2}, {0xfffffffffffffff8, &(0x7f0000001f80)=0xfffffffffffffc01, 0x82}, {0x3, &(0x7f0000001fc0)=0x2, 0x2}, {0x8000000000000001, &(0x7f0000002000)=0x200, 0x2}, {0x2, &(0x7f0000002040)=0x415, 0x2}, {0x9, &(0x7f0000002080)=0xff, 0x2}, {0x3, &(0x7f00000020c0)=0x7fffffff, 0x2}, {0x8, &(0x7f0000002140)=0x3, 0x2}, {0x7f, &(0x7f0000002180)=0x13f, 0x82}, {0x400, &(0x7f0000002200)=0x9, 0x2}, {0xba, 0x0, 0x82}], 0x76, 0x0, &(0x7f0000002dc0)={0x77359400}, 0x0)
fcntl$dupfd(0xffffffffffffffff, 0x0, 0xffffffffffffffff)
bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, 0x0, 0x0)
r4 = socket$nl_route(0x10, 0x3, 0x0)
sendmsg$nl_route(r4, &(0x7f0000000100)={0x0, 0x0, &(0x7f00000000c0)={&(0x7f0000000340)=ANY=[@ANYBLOB="1c0000006800e978000000000000da0008000000000000000400040014454df6019d3ed358f9ba77ae1e92ad0dc88d47370d6fbb9a0d773a719cc76f9f2fdbf7a64adfcabc09d09c98d1495d01128dbfa2db68742281dbc8a33ba6701d9b62b6cf1e6a5ceac7c3faa025e0eee5a075ea29aaf86ad8b0e8aacb0f2a4ba34488530e9bcc47d6100d1982e0bfe88fde426469d78d7dc4b7d36c1787f199ef4b6c6d44f48a1ca432c1adec8ac9482d2e7003ede585fa7090eddc50552348c6bac51d8f00fbc80580bfeedf91df5c7f8063b910086491d656bb9ec2c53a01dc60ec"], 0x1c}}, 0x0)
sendmsg$nl_route(0xffffffffffffffff, &(0x7f0000000100)={0x0, 0x0, &(0x7f00000000c0)={&(0x7f0000000000)=@ipv6_newnexthop={0x24, 0x68, 0x309, 0x0, 0x0, {}, [@NHA_BLACKHOLE={0x4}, @NHA_ID={0x8, 0x1, 0x1}]}, 0x24}}, 0x0)
r5 = socket$nl_route(0x10, 0x3, 0x0)
ioctl$sock_SIOCGIFINDEX(r5, 0x8933, &(0x7f0000000040)={'bridge0\x00', <r6=>0x0})
sendmsg$nl_route(r5, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000280)={&(0x7f0000000300)=@setlink={0x2c, 0x13, 0x1, 0x70bd29, 0x25dfdbf8, {0x0, 0x0, 0x0, r6, 0x3007, 0xc485}, [@IFLA_ADDRESS={0xa, 0x1, @dev={'\xaa\xaa\xaa\xaa\xaa', 0x1b}}]}, 0x2c}, 0x1, 0x0, 0x0, 0x20000000}, 0x8804)

6m3.838402055s ago: executing program 34 (id=1586):
syz_init_net_socket$bt_hci(0x1f, 0x3, 0x1)
r0 = getpgrp(0x0)
sched_setaffinity(r0, 0x8, &(0x7f0000000040)=0x5)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
prlimit64(0x0, 0xe, &(0x7f0000000100)={0x8, 0x80000100008a}, 0x0)
sched_setscheduler(0x0, 0x1, &(0x7f0000000300)=0x7)
r1 = getpid()
sched_setscheduler(r1, 0x2, &(0x7f0000000000)=0x3)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0)
r2 = syz_clone(0x8000, 0x0, 0xfffffffffffffe7e, 0x0, 0x0, 0x0)
prctl$PR_SCHED_CORE(0x3e, 0x1, r2, 0x1, 0x0)
r3 = syz_open_dev$MSR(&(0x7f00000001c0), 0x0, 0x0)
sendmsg$AUDIT_TTY_SET(0xffffffffffffffff, &(0x7f0000000440)={&(0x7f0000000140)={0x10, 0x0, 0x0, 0x20}, 0xc, &(0x7f00000002c0)={&(0x7f0000000240)={0x18, 0x3f9, 0x401, 0x70bd2a, 0x25dfdbfd, {0x0, 0x1}, ["", "", ""]}, 0x18}, 0x1, 0x0, 0x0, 0x40000}, 0x10)
read$msr(r3, &(0x7f0000019680)=""/102392, 0x18ff8)
futex_waitv(&(0x7f0000002280)=[{0x7, &(0x7f0000000480), 0x2}, {0x480000000, &(0x7f00000004c0)=0x3, 0x2}, {0x6, &(0x7f0000000500)=0x9, 0x2}, {0xfffffffffffffffa, &(0x7f0000000540)=0xfff, 0x2}, {0x4fa740e5, &(0x7f0000000580)=0xee8, 0x2}, {0x7, &(0x7f00000005c0)=0x5, 0x82}, {0xffffffffffffffff, &(0x7f0000000600)=0x3, 0x82}, {0x2, &(0x7f0000000640), 0x2}, {0x9, &(0x7f0000000680)=0x1, 0x82}, {0x8c0, &(0x7f00000006c0)=0x101, 0x2}, {0xffffffff, &(0x7f0000000700)=0x8, 0x82}, {0x8, &(0x7f0000000740)=0xfffffffffffffff8, 0x2}, {0x3, &(0x7f0000000780)=0x401, 0x2}, {0x4, &(0x7f00000007c0)=0x7, 0x82}, {0x0, &(0x7f0000000800)=0x1, 0x82}, {0x6, &(0x7f0000000840)=0x6, 0x82}, {0x0, &(0x7f0000000880)=0x3, 0x82}, {0xec, &(0x7f00000008c0)=0x3, 0x82}, {0x500, &(0x7f0000000900), 0x82}, {0x6a, 0x0, 0x2}, {0x3, &(0x7f0000000980)=0xd, 0x2}, {0xffffffffffffffcc, &(0x7f00000009c0)=0x2, 0x82}, {0x6, &(0x7f0000000a00), 0x82}, {0x71a, &(0x7f0000002e00)=0x8, 0x2}, {0x2, &(0x7f0000000a80)=0x8, 0x82}, {0x8000000000000000, &(0x7f0000000ac0)=0x10000, 0x82}, {0x1, &(0x7f0000000b00)=0x5, 0x2}, {0x8, &(0x7f0000000b40)=0x10000, 0x2}, {0x9, &(0x7f0000000b80)=0x7, 0x82}, {0x8, &(0x7f0000000bc0)=0x8, 0x2}, {0x4, &(0x7f0000000c00)=0x694, 0x82}, {0x100000001, &(0x7f0000000c40)=0x70, 0x82}, {0x9, &(0x7f0000000c80)=0x5, 0x2}, {0x100000000, &(0x7f0000000cc0)=0x30000000000000, 0x82}, {0x5, &(0x7f0000000d00)=0x6bbd}, {0xff, &(0x7f0000000d40)=0x3, 0x2}, {0x3ff, &(0x7f0000000d80)=0xd, 0x82}, {0x1, &(0x7f0000000dc0)=0xfff, 0x82}, {0x5, &(0x7f0000000e00)=0x5, 0x80}, {0x8, &(0x7f0000000e40)=0x8, 0x82}, {0x80, &(0x7f0000000e80)=0x1, 0x82}, {0x800, &(0x7f0000000ec0)=0xc4be, 0x82}, {0x6f72, &(0x7f0000000f00)=0x6, 0x2}, {0x88, &(0x7f0000000f40)=0x6, 0x2}, {0xffffffff00000001, &(0x7f0000000f80)=0xffffffff, 0x82}, {0x28, &(0x7f0000000fc0)=0x8, 0x82}, {0xc00, &(0x7f0000001000)=0x3ff, 0x82}, {0x0, &(0x7f0000001040)=0xf, 0x82}, {0xd, &(0x7f0000001080)=0x9, 0x2}, {0x8001, &(0x7f00000010c0)=0x9, 0x82}, {0x1, &(0x7f0000001100)=0xbe, 0x82}, {0x10000, &(0x7f0000001140)=0xa9, 0x2}, {0x0, &(0x7f0000001180)=0x200, 0x2}, {0x1, &(0x7f00000011c0)=0xec7, 0x82}, {0x8, &(0x7f0000001200)=0x100000001, 0x2}, {0xfffffffffffffff7, &(0x7f0000001240)=0xfffffffffffff323, 0x82}, {0x2, &(0x7f0000001280)=0xa544, 0x2}, {0x7f, &(0x7f00000012c0), 0x2}, {0xffffffffffffffff, &(0x7f0000001300)=0x1, 0x82}, {0x3, &(0x7f0000001340)=0x3, 0x82}, {0x1, &(0x7f0000001380), 0x82}, {0x5, &(0x7f00000013c0)=0xfffffffffffffffc, 0x82}, {0x2, &(0x7f0000001400)=0x4, 0x82}, {0x10, &(0x7f0000001440)=0xed9, 0x82}, {0x3, &(0x7f0000001480)=0x5, 0x2}, {0x3, &(0x7f00000014c0)=0x8, 0x82}, {0xa, &(0x7f0000001500)=0xf11, 0x2}, {0x7fffffffffffffff, &(0x7f0000001540)=0x8, 0x2}, {0x466, &(0x7f0000001580)=0x2, 0x2}, {0xc563f26, &(0x7f00000015c0)=0x7, 0x2}, {0x3, &(0x7f0000001600)=0xff, 0x82}, {0xffffffffffffffff, &(0x7f0000001640)=0x4, 0x82}, {0x8, &(0x7f0000001680)=0x7fffffffffffffff, 0x2}, {0x7f, &(0x7f00000016c0)=0xc09, 0x82}, {0x8, &(0x7f0000001700)=0x9, 0x2}, {0x6, &(0x7f0000001740)=0x56, 0x82}, {0x10001, &(0x7f0000001780)=0x10, 0x2}, {0x9eb, &(0x7f00000017c0)=0x7, 0x82}, {0x800, &(0x7f0000001800)=0x7, 0x82}, {0xfffffffffffffffd, &(0x7f0000001840)=0x4, 0x82}, {0x0, &(0x7f0000001880)=0xf0, 0x82}, {0x7, &(0x7f00000018c0)=0x1, 0x2}, {0xa8d, &(0x7f0000001900)=0x5, 0x82}, {0xdd72, &(0x7f0000001940)=0x8000000000000001, 0x2}, {0x0, &(0x7f0000001980)=0x1, 0x2}, {0x8, &(0x7f00000019c0)=0xee0c, 0x82}, {0x2, &(0x7f0000001a00)=0x9, 0x2}, {0x4, &(0x7f0000001a40)=0x1ff, 0x2}, {0x1, &(0x7f0000001a80)=0x4, 0x2}, {0x7, &(0x7f0000001ac0)=0x8000, 0x82}, {0x2, &(0x7f0000001b00)=0x4fc9, 0x82}, {0xb1c7, &(0x7f0000001b40)=0x7f, 0x82}, {0x4, &(0x7f0000001b80)=0x1ff, 0x82}, {0xf2, &(0x7f0000001bc0)=0x7, 0x82}, {0xfffffffffffff000, &(0x7f0000001c00)=0x66ee, 0x82}, {0x8, &(0x7f0000001c40)=0x8, 0x82}, {0x9, &(0x7f0000001c80)=0xfffffffffffffffb, 0x2}, {0x481, &(0x7f0000001cc0)=0x4, 0x2}, {0x1ff, &(0x7f0000001d00)=0xb4a, 0x2}, {0x6, &(0x7f0000001d40)=0xbb5, 0x2}, {0x9, &(0x7f0000001d80)=0x5, 0x2}, {0x2, &(0x7f0000001dc0)=0x4, 0x82}, {0x1, &(0x7f0000001e00)=0x7, 0x2}, {0x240000000000000, &(0x7f0000001e40)=0x1ff, 0x82}, {0x6, &(0x7f0000001e80)=0x400, 0x82}, {0x0, &(0x7f0000001ec0)=0x111, 0x80}, {0x0, &(0x7f0000001f00)=0x8, 0x82}, {0x5d, 0x0, 0x2}, {0xfffffffffffffff8, &(0x7f0000001f80)=0xfffffffffffffc01, 0x82}, {0x3, &(0x7f0000001fc0)=0x2, 0x2}, {0x8000000000000001, &(0x7f0000002000)=0x200, 0x2}, {0x2, &(0x7f0000002040)=0x415, 0x2}, {0x9, &(0x7f0000002080)=0xff, 0x2}, {0x3, &(0x7f00000020c0)=0x7fffffff, 0x2}, {0x8, &(0x7f0000002140)=0x3, 0x2}, {0x7f, &(0x7f0000002180)=0x13f, 0x82}, {0x400, &(0x7f0000002200)=0x9, 0x2}, {0xba, 0x0, 0x82}], 0x76, 0x0, &(0x7f0000002dc0)={0x77359400}, 0x0)
fcntl$dupfd(0xffffffffffffffff, 0x0, 0xffffffffffffffff)
bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, 0x0, 0x0)
r4 = socket$nl_route(0x10, 0x3, 0x0)
sendmsg$nl_route(r4, &(0x7f0000000100)={0x0, 0x0, &(0x7f00000000c0)={&(0x7f0000000340)=ANY=[@ANYBLOB="1c0000006800e978000000000000da0008000000000000000400040014454df6019d3ed358f9ba77ae1e92ad0dc88d47370d6fbb9a0d773a719cc76f9f2fdbf7a64adfcabc09d09c98d1495d01128dbfa2db68742281dbc8a33ba6701d9b62b6cf1e6a5ceac7c3faa025e0eee5a075ea29aaf86ad8b0e8aacb0f2a4ba34488530e9bcc47d6100d1982e0bfe88fde426469d78d7dc4b7d36c1787f199ef4b6c6d44f48a1ca432c1adec8ac9482d2e7003ede585fa7090eddc50552348c6bac51d8f00fbc80580bfeedf91df5c7f8063b910086491d656bb9ec2c53a01dc60ec"], 0x1c}}, 0x0)
sendmsg$nl_route(0xffffffffffffffff, &(0x7f0000000100)={0x0, 0x0, &(0x7f00000000c0)={&(0x7f0000000000)=@ipv6_newnexthop={0x24, 0x68, 0x309, 0x0, 0x0, {}, [@NHA_BLACKHOLE={0x4}, @NHA_ID={0x8, 0x1, 0x1}]}, 0x24}}, 0x0)
r5 = socket$nl_route(0x10, 0x3, 0x0)
ioctl$sock_SIOCGIFINDEX(r5, 0x8933, &(0x7f0000000040)={'bridge0\x00', <r6=>0x0})
sendmsg$nl_route(r5, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000280)={&(0x7f0000000300)=@setlink={0x2c, 0x13, 0x1, 0x70bd29, 0x25dfdbf8, {0x0, 0x0, 0x0, r6, 0x3007, 0xc485}, [@IFLA_ADDRESS={0xa, 0x1, @dev={'\xaa\xaa\xaa\xaa\xaa', 0x1b}}]}, 0x2c}, 0x1, 0x0, 0x0, 0x20000000}, 0x8804)

19.096654015s ago: executing program 4 (id=2262):
r0 = socket(0x10, 0x2, 0x0)
setsockopt$inet_sctp6_SCTP_PEER_ADDR_THLDS(r0, 0x84, 0x1f, 0x0, 0x0)
setsockopt$netlink_NETLINK_TX_RING(r0, 0x10e, 0xc, &(0x7f0000000040)={0x6}, 0x10)
syz_genetlink_get_family_id$ethtool(0x0, 0xffffffffffffffff)
sendmsg$ETHTOOL_MSG_WOL_SET(r0, 0x0, 0x0)
socket$nl_route(0x10, 0x3, 0x0)
socket$inet(0x2, 0x3, 0x33)
socket$unix(0x1, 0x5, 0x0)
socket(0x10, 0x3, 0x0)
socket$inet6_sctp(0xa, 0x801, 0x84)
socket$l2tp6(0xa, 0x2, 0x73)
bpf$PROG_LOAD(0x5, &(0x7f00000054c0)={0x10, 0x16, &(0x7f0000000180)=ANY=[@ANYBLOB="61123000000000006113100000000000bf200000000000001600020038e873a23d030100000000009500000000000000bc26000000000000bf67000000000000070200000fff07006702000003000000360600000ee600f0bf050000000000000f650000000000006507f4ff02000000070700004c0040001f75000000000000bf54000000000000070500000300f9ffad430100000000009500000000000000050000000000000095000000000000004d9bd591d568253e9988431ec068e3a83683d58719d72183f2cb7f43dd55788be820b236dcb695dbfd737cbf5fe7030586"], &(0x7f0000000100)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @sk_msg}, 0x48)
socket$nl_audit(0x10, 0x3, 0x9)
socket$can_bcm(0x1d, 0x2, 0x2)
syz_init_net_socket$bt_l2cap(0x1f, 0x1, 0x0)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000280))
r1 = bpf$MAP_CREATE_CONST_STR(0x0, &(0x7f0000000140)={0x2, 0x4, 0x8, 0x1, 0x80, 0x0, 0x0, '\x00', 0x0, 0x0}, 0x50)
r2 = gettid()
r3 = socket(0x10, 0x803, 0x0)
syz_init_net_socket$bt_hci(0x1f, 0x3, 0x5)
sendmsg$nl_route(r3, &(0x7f0000000280)={0x0, 0x0, &(0x7f0000000000)={&(0x7f00000001c0)=ANY=[@ANYBLOB="4400000010000304f9fff2ffbedbdf2500007400", @ANYRES32=r1, @ANYBLOB="089805000750050008001300", @ANYRES32=r2, @ANYBLOB="08002c0005000000140003"], 0x44}, 0x1, 0x0, 0x0, 0x44882}, 0x4040010)

18.036003838s ago: executing program 4 (id=2266):
r0 = socket$nl_generic(0x10, 0x3, 0x10)
r1 = syz_genetlink_get_family_id$mptcp(&(0x7f0000000040), 0xffffffffffffffff)
pipe2(&(0x7f00000000c0)={0xffffffffffffffff, <r2=>0xffffffffffffffff}, 0x80000)
fcntl$setpipe(r2, 0x407, 0x0)
r3 = userfaultfd(0x801)
ioctl$UFFDIO_API(r3, 0xc018aa3f, &(0x7f0000000140)={0xaa, 0x298})
prlimit64(0x0, 0xe, 0x0, 0x0)
sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
r4 = syz_open_dev$MSR(&(0x7f00000001c0), 0x0, 0x0)
read$msr(r4, &(0x7f0000019680)=""/102392, 0x18ff8)
socket$inet_tcp(0x2, 0x1, 0x0)
write$cgroup_freezer_state(0xffffffffffffffff, 0x0, 0x0)
bpf$PROG_LOAD(0x5, &(0x7f0000000600)={0x15, 0x3, &(0x7f0000000440)=@framed={{0x18, 0x0, 0x0, 0x0, 0xfffffffd, 0x0, 0x0, 0x0, 0x5707}}, 0x0, 0x0, 0x0, 0x0, 0x1e00, 0x0, '\x00', 0x0, @sk_reuseport=0x28, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0xffffffff}, 0x94)
io_setup(0x2, &(0x7f0000000000))
io_setup(0x4, 0x0)
ioctl$UFFDIO_REGISTER(r3, 0xc020aa00, &(0x7f0000000080)={{&(0x7f00000e2000/0xc00000)=nil, 0xc00000}, 0x2})
ioctl$UFFDIO_COPY(r3, 0xc028aa03, &(0x7f0000000040)={&(0x7f00002b9000/0x400000)=nil, &(0x7f00005cf000/0x4000)=nil, 0x400000, 0x2, 0x2})
sendmsg$IPCTNL_MSG_EXP_GET_STATS_CPU(r2, 0x0, 0x800)
write$FUSE_INIT(r2, &(0x7f0000000340)={0x50, 0xfffffffffffffff5, 0x0, {0x7, 0x28, 0x2, 0xffffffff82048008, 0x0, 0x40, 0x8, 0x0, 0x0, 0x0, 0x104, 0x8}}, 0x50)
vmsplice(r2, &(0x7f0000000140)=[{&(0x7f0000000100)="eb", 0x20000101}], 0x1, 0x0)
fcntl$setpipe(r2, 0x407, 0x2000000)
ioctl$sock_inet_udp_SIOCINQ(r2, 0x541b, 0x0)
ioctl$sock_inet_udp_SIOCINQ(r2, 0x541b, &(0x7f00000001c0))
ioctl$USBDEVFS_IOCTL(r2, 0xc0105512, &(0x7f0000000040)=@usbdevfs_connect={0xd481})
sendmsg$MPTCP_PM_CMD_DEL_ADDR(r0, &(0x7f0000000140)={0x0, 0x0, &(0x7f0000000100)={&(0x7f0000000240)={0x14, r1, 0x7}, 0x14}}, 0x0)

15.232268715s ago: executing program 6 (id=2273):
syz_init_net_socket$nl_generic(0x10, 0x3, 0x10)
openat(0xffffffffffffff9c, &(0x7f0000000400)='./file1\x00', 0x143142, 0x120)
socket$phonet(0x23, 0x2, 0x1)
openat$binderfs(0xffffffffffffff9c, 0x0, 0x0, 0x0)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x1, 0x0)
prlimit64(0x0, 0xe, &(0x7f0000000380)={0x8, 0x100008b}, 0x0)
sched_setscheduler(0x0, 0x1, &(0x7f0000000200)=0x5)
openat$sequencer(0xffffffffffffff9c, &(0x7f0000000300), 0x80200, 0x0)
r0 = syz_open_dev$sndmidi(&(0x7f00000004c0), 0x2, 0x141102)
writev(r0, &(0x7f0000000840)=[{&(0x7f00000002c0)="94", 0xf000}, {0x0}], 0x2)
r1 = socket$key(0xf, 0x3, 0x2)
sendmsg$key(r1, &(0x7f0000000140)={0x40000000, 0x0, &(0x7f0000000040)={&(0x7f0000000240)=ANY=[], 0x10}}, 0x0)
bind$inet(0xffffffffffffffff, 0x0, 0x0)
r2 = socket$nl_route(0x10, 0x3, 0x0)
ioctl$NILFS_IOCTL_GET_SUINFO(r2, 0x80186e84, 0x0)
r3 = socket$nl_generic(0x10, 0x3, 0x10)
r4 = syz_genetlink_get_family_id$ethtool(&(0x7f0000000040), 0xffffffffffffffff)
sendmsg$ETHTOOL_MSG_DEBUG_SET(r3, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000080)={&(0x7f0000000140)=ANY=[@ANYBLOB=',\x00\x00\x00', @ANYRES16=r4], 0x2c}, 0x1, 0x0, 0x0, 0x20000054}, 0x40)
connect$inet(0xffffffffffffffff, 0x0, 0x0)
r5 = syz_init_net_socket$nl_generic(0x10, 0x3, 0x10)
sendmsg$NLBL_MGMT_C_PROTOCOLS(r5, &(0x7f0000000080)={0x0, 0x0, 0x0}, 0x0)
add_key(&(0x7f0000000080)='dns_resolver\x00', 0x0, &(0x7f0000000100)="26c2", 0xfffff, 0xffffffffffffffff)
ioctl$VHOST_SET_FEATURES(0xffffffffffffffff, 0x4008af00, 0x0)
r6 = userfaultfd(0x80801)
ioctl$UFFDIO_API(r6, 0xc018aa3f, &(0x7f0000000080)={0xaa, 0x79})
ioctl$UFFDIO_REGISTER(r6, 0xc020aa00, &(0x7f0000000040)={{&(0x7f00000e2000/0xc00000)=nil, 0xc00000}, 0x1})
madvise(&(0x7f00000ee000/0x2000)=nil, 0x2000, 0x8)
setsockopt$bt_l2cap_L2CAP_LM(0xffffffffffffffff, 0x6, 0x3, &(0x7f0000000000)=0x28, 0x4)

12.476216771s ago: executing program 2 (id=2276):
syz_init_net_socket$nl_generic(0x10, 0x3, 0x10)
r0 = openat(0xffffffffffffff9c, &(0x7f0000000380)='./cgroup.cpu/cgroup.procs\x00', 0x0, 0x0)
openat$sequencer2(0xffffffffffffff9c, &(0x7f0000000080), 0x0, 0x0)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
connect$unix(0xffffffffffffffff, &(0x7f00000000c0)=@abs={0x1, 0x0, 0x4e22}, 0x6e)
ioctl$BTRFS_IOC_BALANCE_PROGRESS(0xffffffffffffffff, 0x84009422, &(0x7f0000002800)={0x0, 0x0, {0x0, @struct}, {0x0, @struct}, {0x0, @struct, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @struct}})
ioctl$BTRFS_IOC_BALANCE_V2(0xffffffffffffffff, 0xc4009420, 0x0)
sched_setscheduler(0x0, 0x1, &(0x7f0000000000)=0x7)
r1 = syz_open_dev$sndmidi(&(0x7f0000000040), 0x2, 0x4a102)
writev(r1, &(0x7f0000000840)=[{&(0x7f00000002c0)="94", 0xf000}, {0x0}], 0x2)
bind$inet6(0xffffffffffffffff, &(0x7f0000000040)={0xa, 0x4e22, 0x0, @empty, 0x7}, 0x1c)
listen(0xffffffffffffffff, 0xfffffffc)
prctl$PR_SET_SYSCALL_USER_DISPATCH_ON(0x3b, 0x1, 0x3, 0x2, &(0x7f0000006680))
shmat(0x0, &(0x7f0000001000/0x3000)=nil, 0xc000)
r2 = syz_open_procfs(0x0, &(0x7f0000000000)='fd\x00')
fcntl$notify(r2, 0x402, 0x80000014)
r3 = openat$sndseq(0xffffffffffffff9c, &(0x7f0000000080), 0x28101)
ioctl$AUTOFS_DEV_IOCTL_TIMEOUT(r0, 0xc018937a, &(0x7f0000002640)={{0x1, 0x1, 0x18, 0xffffffffffffffff, {0x8}}, './cgroup.cpu/cgroup.procs\x00'})
ioctl$SNDRV_SEQ_IOCTL_QUERY_NEXT_CLIENT(r3, 0xc0bc5351, &(0x7f00000000c0)={0x1c, 0x1, 'client1\x00', 0x100000000, "c541e12dfbe471c9", "2df8e76a1ee147923397f2e86368ef29c0d68b94502a7a9fcc1405eea0b21367", 0xd3, 0x4})

12.469953651s ago: executing program 6 (id=2277):
r0 = socket$nl_xfrm(0x10, 0x3, 0x6)
r1 = socket$key(0xf, 0x3, 0x2)
sendmsg$key(r1, &(0x7f0000000000)={0x40000000, 0x0, &(0x7f0000000040)={&(0x7f0000000240)=ANY=[@ANYBLOB="0207000902"], 0x10}}, 0x0)
r2 = socket$inet_udp(0x2, 0x2, 0x0)
bind$inet(r2, &(0x7f00000001c0)={0x2, 0x0, @local}, 0x16)
connect$inet(r2, &(0x7f0000000480)={0x2, 0x0, @multicast2}, 0x10)
bind$inet(0xffffffffffffffff, 0x0, 0x0)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x5, 0x8b}, 0x0)
sched_setscheduler(0x0, 0x1, &(0x7f0000000100)=0x2)
sched_setaffinity(0x0, 0x8, &(0x7f0000000200)=0x400000bce)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
r3 = syz_open_dev$MSR(&(0x7f00000001c0), 0x0, 0x0)
read$msr(r3, &(0x7f0000002000)=""/102384, 0x18ff0)
ioctl$sock_SIOCETHTOOL(0xffffffffffffffff, 0x8946, &(0x7f0000000cc0)={'wlan1\x00', &(0x7f0000000100)=@ethtool_rxnfc={0x30, 0xd, 0x1ff, {0x7, @sctp_ip6_spec={@remote, @initdev={0xfe, 0x88, '\x00', 0x0, 0x0}, 0x4e21, 0x4e23, 0xd}, {0x0, @broadcast, 0xf, 0x5e}, @ah_ip6_spec={@initdev={0xfe, 0x88, '\x00', 0x1, 0x0}, @ipv4={'\x00', '\xff\xff', @loopback}, 0xa, 0x9}, {0x0, @local, 0x5e9, 0x101, [0x2, 0x1]}, 0xd908, 0x4009}}})
setsockopt$inet_IP_XFRM_POLICY(r2, 0x0, 0x11, &(0x7f00000002c0)={{{@in6=@dev, @in=@private=0xa010102, 0x0, 0x0, 0xffff, 0x0, 0x2, 0x0, 0x0, 0x0, 0x0, 0xee01}, {0x0, 0x0, 0x1}, {}, 0x0, 0x0, 0x1}, {{@in=@rand_addr=0x64010102, 0x0, 0x33}, 0x0, @in6=@loopback, 0x0, 0x3, 0x0, 0xb7, 0x0, 0x8000000}}, 0xe8)
sendmmsg(r2, &(0x7f0000007fc0), 0x800001d, 0x0)
fsconfig$FSCONFIG_CMD_CREATE(0xffffffffffffffff, 0x6, 0x0, 0x0, 0x0)
r4 = syz_init_net_socket$nl_generic(0x10, 0x3, 0x10)
r5 = syz_open_dev$usbfs(&(0x7f0000000340), 0x76, 0x903f01)
ioctl$USBDEVFS_RESET(r5, 0x5514)
sendmsg$NLBL_CIPSOV4_C_ADD(r4, &(0x7f0000000780)={0x0, 0x0, &(0x7f0000000440)={0x0, 0x214}, 0x1, 0x0, 0x0, 0x1}, 0x48084)
sendmsg$nl_xfrm(r0, &(0x7f0000000d00)={0x0, 0x0, &(0x7f0000000cc0)={&(0x7f00000009c0)=ANY=[@ANYBLOB="04010000100021040000000000000000fe880000000000000000000000000001e000000200"/63, @ANYRES32=0x0, @ANYRES32=0x0], 0x104}}, 0x0)

11.616771008s ago: executing program 5 (id=2279):
r0 = socket$pppl2tp(0x18, 0x1, 0x1)
r1 = socket$inet6_udp(0xa, 0x2, 0x0)
connect$pppl2tp(r0, &(0x7f0000000740)=@pppol2tpv3={0x18, 0x1, {0x3, r1, {0x2, 0x4e23, @broadcast}, 0x2, 0x0, 0x4}}, 0x26)
r2 = syz_genetlink_get_family_id$l2tp(&(0x7f00000005c0), 0xffffffffffffffff)
r3 = socket$nl_generic(0x10, 0x3, 0x10)
sendmsg$L2TP_CMD_SESSION_DELETE(r3, &(0x7f0000000140)={0x0, 0x0, &(0x7f0000000200)={&(0x7f0000000300)={0x34, r2, 0x1, 0x1070bd0c, 0x4, {0x5}, [@L2TP_ATTR_CONN_ID={0x8, 0x9, 0x2}, @L2TP_ATTR_PEER_SESSION_ID={0x8, 0xc, 0x2a8}, @L2TP_ATTR_SESSION_ID={0x8}, @L2TP_ATTR_PW_TYPE={0x6}]}, 0x34}, 0x1, 0x0, 0x0, 0x40811}, 0x20)

11.120222454s ago: executing program 2 (id=2280):
r0 = syz_init_net_socket$nl_generic(0x10, 0x3, 0x10)
r1 = syz_init_net_socket$nl_generic(0x10, 0x3, 0x10)
r2 = syz_genetlink_get_family_id$netlbl_unlabel(&(0x7f00000002c0), r1)
sendmsg$NLBL_UNLABEL_C_STATICREMOVE(r0, &(0x7f00000003c0)={0x0, 0x0, &(0x7f0000000380)={&(0x7f0000000000)=ANY=[@ANYBLOB='L\x00\x00\x00', @ANYRES16=r2, @ANYBLOB="01002bbd7100ffdbdf2504"], 0x4c}, 0x1, 0x0, 0x0, 0x4000040}, 0x40800)

11.057336545s ago: executing program 6 (id=2281):
syz_init_net_socket$nl_generic(0x10, 0x3, 0x10)
openat(0xffffffffffffff9c, &(0x7f0000000400)='./file1\x00', 0x143142, 0x120)
socket$phonet(0x23, 0x2, 0x1)
openat$binderfs(0xffffffffffffff9c, 0x0, 0x0, 0x0)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x1, 0x0)
prlimit64(0x0, 0xe, &(0x7f0000000380)={0x8, 0x100008b}, 0x0)
sched_setscheduler(0x0, 0x1, &(0x7f0000000200)=0x5)
openat$sequencer(0xffffffffffffff9c, &(0x7f0000000300), 0x80200, 0x0)
r0 = syz_open_dev$sndmidi(&(0x7f00000004c0), 0x2, 0x141102)
writev(r0, &(0x7f0000000840)=[{&(0x7f00000002c0)="94", 0xf000}, {0x0}], 0x2)
r1 = socket$key(0xf, 0x3, 0x2)
sendmsg$key(r1, &(0x7f0000000140)={0x40000000, 0x0, &(0x7f0000000040)={&(0x7f0000000240)=ANY=[], 0x10}}, 0x0)
bind$inet(0xffffffffffffffff, 0x0, 0x0)
r2 = socket$nl_route(0x10, 0x3, 0x0)
ioctl$NILFS_IOCTL_GET_SUINFO(r2, 0x80186e84, 0x0)
r3 = socket$nl_generic(0x10, 0x3, 0x10)
r4 = syz_genetlink_get_family_id$ethtool(&(0x7f0000000040), 0xffffffffffffffff)
sendmsg$ETHTOOL_MSG_DEBUG_SET(r3, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000080)={&(0x7f0000000140)=ANY=[@ANYBLOB=',\x00\x00\x00', @ANYRES16=r4], 0x2c}, 0x1, 0x0, 0x0, 0x20000054}, 0x40)
connect$inet(0xffffffffffffffff, 0x0, 0x0)
r5 = syz_init_net_socket$nl_generic(0x10, 0x3, 0x10)
sendmsg$NLBL_MGMT_C_PROTOCOLS(r5, &(0x7f0000000080)={0x0, 0x0, 0x0}, 0x0)
add_key(&(0x7f0000000080)='dns_resolver\x00', 0x0, &(0x7f0000000100)="26c2", 0xfffff, 0xffffffffffffffff)
ioctl$VHOST_SET_FEATURES(0xffffffffffffffff, 0x4008af00, 0x0)
r6 = userfaultfd(0x80801)
ioctl$UFFDIO_API(r6, 0xc018aa3f, &(0x7f0000000080)={0xaa, 0x79})
ioctl$UFFDIO_REGISTER(r6, 0xc020aa00, &(0x7f0000000040)={{&(0x7f00000e2000/0xc00000)=nil, 0xc00000}, 0x1})
madvise(&(0x7f00000ee000/0x2000)=nil, 0x2000, 0x8)
setsockopt$bt_l2cap_L2CAP_LM(0xffffffffffffffff, 0x6, 0x3, &(0x7f0000000000)=0x28, 0x4)

10.947237089s ago: executing program 5 (id=2282):
socket$inet6(0xa, 0x80003, 0x6)
r0 = openat$sndtimer(0xffffffffffffff9c, &(0x7f00000006c0), 0x1a0001)
ioctl$SNDRV_TIMER_IOCTL_SELECT(r0, 0x40345410, &(0x7f0000000300)={{0x0, 0x2, 0x3}})
r1 = openat$sndseq(0xffffffffffffff9c, &(0x7f0000000600), 0x183c81)
ioctl$SNDRV_SEQ_IOCTL_CREATE_QUEUE(r1, 0xc08c5332, &(0x7f0000000340)={0x750, 0x0, 0x0, 'queue0\x00', 0x5})
sched_setscheduler(0x0, 0x2, &(0x7f0000000080)=0x8)
sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2)
sched_setscheduler(0x0, 0x1, &(0x7f0000000100)=0x5)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000001480)={<r2=>0xffffffffffffffff, <r3=>0xffffffffffffffff})
connect$unix(r2, &(0x7f00000004c0)=@file={0x0, './file0\x00'}, 0x6e)
sendmmsg$unix(r3, &(0x7f00000bd000), 0x318, 0x0)
recvmmsg(r2, 0x0, 0x0, 0x2, 0x0)
sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2)
socket$inet(0x2, 0x2, 0x1)
syz_open_dev$tty1(0xc, 0x4, 0x1)
close_range(0xffffffffffffffff, 0xffffffffffffffff, 0x2)
syz_emit_ethernet(0x52, &(0x7f00000003c0)={@broadcast, @link_local, @val={@val={0x88a8, 0x4, 0x0, 0x1}, {0x8100, 0x0, 0x1, 0x2}}, {@ipv6={0x86dd, @tcp={0xa, 0x6, "eba828", 0x14, 0x6, 0xff, @private2, @initdev={0xfe, 0x88, '\x00', 0x1, 0x0}, {[], {{0x4e20, 0x4e24, 0x41424344, 0x41424344, 0x1, 0x0, 0x5, 0x1, 0x0, 0x0, 0x7}}}}}}}, 0x0)
ioctl$SNDRV_SEQ_IOCTL_SET_QUEUE_TIMER(r1, 0x40605346, &(0x7f0000000280)={0x0, 0x0, {0x3}})
ioctl$SNDRV_TIMER_IOCTL_START(r0, 0x54a0)

9.332993329s ago: executing program 2 (id=2283):
r0 = socket$inet6_sctp(0xa, 0x1, 0x84)
setsockopt$inet_sctp6_SCTP_SOCKOPT_BINDX_ADD(0xffffffffffffffff, 0x84, 0x64, &(0x7f0000000480)=[@in6={0xa, 0x4e24, 0x6, @loopback, 0x3}, @in6={0xa, 0x4e23, 0x7ff, @private0={0xfc, 0x0, '\x00', 0x1}, 0x1}, @in={0x2, 0x4e24, @private=0xa010101}], 0x48)
sendmsg$inet6(r0, &(0x7f0000000800)={&(0x7f0000000080)={0xa, 0x4e24, 0xb, @loopback, 0x4}, 0x1c, &(0x7f0000000380)=[{&(0x7f00000000c0)="88", 0x1}], 0x1}, 0x48043)
r1 = dup(r0)
setsockopt$SO_BINDTODEVICE(r1, 0x1, 0x19, &(0x7f0000000000)='ip6gretap0\x00', 0x10)
setsockopt$inet_sctp_SCTP_PEER_ADDR_PARAMS(0xffffffffffffffff, 0x84, 0x9, &(0x7f0000000200)={0x0, @in={{0x2, 0x4e20, @multicast1}}, 0x7, 0x0, 0xf06, 0x3, 0x0, 0x80, 0xd}, 0x9c)
setsockopt$inet_sctp_SCTP_PEER_ADDR_PARAMS(r1, 0x84, 0x9, 0x0, 0x0)
r2 = socket(0x2, 0x80805, 0x0)
sendmmsg$inet(r2, &(0x7f00000003c0)=[{{&(0x7f0000000100)={0x2, 0x4e22, @private=0xa010102}, 0x10, &(0x7f0000002400)=[{&(0x7f0000000140)='j', 0x1}], 0x1}}], 0x1, 0x200400c8)
getsockopt$inet_sctp_SCTP_MAX_BURST(r2, 0x84, 0xc, &(0x7f0000000040)=@assoc_value={<r3=>0x0}, &(0x7f0000000000)=0x8)
setsockopt$inet_sctp6_SCTP_STREAM_SCHEDULER(r2, 0x84, 0x7b, &(0x7f0000000080)={r3, 0x3}, 0x8)
setsockopt$inet_sctp6_SCTP_RTOINFO(0xffffffffffffffff, 0x84, 0x0, &(0x7f0000000300)={r3, 0x1, 0x1, 0x6}, 0x10)
madvise(&(0x7f0000bdc000/0x4000)=nil, 0x86ac726dff2f4713, 0xa)
syz_usb_connect$cdc_ncm(0x0, 0x72, &(0x7f0000000280)=ANY=[@ANYBLOB="1201000002000040257d15a44000010400010902600042010000000904000001", @ANYBLOB="f7", @ANYRESDEC], 0x0)
r4 = socket$xdp(0x2c, 0x3, 0x0)
setsockopt$XDP_UMEM_REG(r4, 0x11b, 0x4, &(0x7f00000000c0)={&(0x7f0000000000), 0x200000, 0x1000}, 0x20)
socketpair$unix(0x1, 0x1, 0x0, &(0x7f0000000080)={<r5=>0xffffffffffffffff})
ioctl$sock_SIOCGIFINDEX(r5, 0x8933, &(0x7f0000000000)={'sit0\x00', <r6=>0x0})
setsockopt$XDP_UMEM_COMPLETION_RING(r4, 0x11b, 0x6, &(0x7f0000000180)=0x20, 0x4)
setsockopt$XDP_UMEM_FILL_RING(r4, 0x11b, 0x5, &(0x7f0000000140)=0x4000, 0x4)
bind$xdp(r4, &(0x7f0000000100)={0x2c, 0x0, r6, 0x0, r4}, 0x10)
mmap$xdp(&(0x7f0000ffe000/0x2000)=nil, 0x2000, 0x5, 0x12, r4, 0x180000000)
syz_usb_connect(0x0, 0x24, 0x0, 0x0)
r7 = syz_usb_connect(0x0, 0x36, &(0x7f0000000680)=ANY=[@ANYBLOB="12010000f2303920422c021240850102030109022400010000100009040c0202c17f0c00090502020002020000090582"], 0x0)
syz_usb_control_io$lan78xx(r7, 0x0, 0x0)
syz_usb_control_io$rtl8150(r7, 0x0, &(0x7f0000000400)={0x2c, &(0x7f0000000000)=ANY=[@ANYBLOB="2013040000"], 0x0, 0x0, 0x0, 0x0})
r8 = syz_open_dev$vim2m(&(0x7f00000002c0), 0x2000000f5, 0x2)
ioctl$vim2m_VIDIOC_S_CTRL(r8, 0xc008561c, &(0x7f0000000340)={0xf0f03f, 0x6e})

7.590491443s ago: executing program 5 (id=2284):
r0 = openat$ptmx(0xffffffffffffff9c, 0x0, 0x121301, 0x0)
ioctl$TIOCSETD(r0, 0x5423, &(0x7f0000000040)=0xd)
prctl$PR_SET_SYSCALL_USER_DISPATCH_ON(0x3b, 0x1, 0x3, 0x6, &(0x7f0000006680))
r1 = openat$comedi(0xffffffffffffff9c, &(0x7f0000000280)='/dev/comedi4\x00', 0x200, 0x0)
ioctl$COMEDI_INSN(r1, 0x8028640c, &(0x7f0000000040)={0xc000003, 0xf, &(0x7f0000000080)=[0x0, 0x8, 0x5, 0x4, 0x4, 0xffffdffc, 0x809, 0x40000003, 0x42, 0x7, 0xfffffffa, 0x8, 0x6, 0x0, 0x1], 0x1, 0x20000001})
socket$inet6_tcp(0xa, 0x1, 0x0)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
socketpair$unix(0x1, 0x3, 0x0, &(0x7f0000000080)={<r2=>0xffffffffffffffff, <r3=>0xffffffffffffffff})
connect$unix(r2, &(0x7f00000002c0)=@file={0x0, './file0\x00'}, 0x6e)
sendmmsg$unix(r3, &(0x7f00000bd000), 0x318, 0x0)
recvmmsg(r2, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
sched_setattr(0x0, &(0x7f0000000040)={0x38, 0x5, 0x9, 0x6, 0x0, 0xb49, 0x9, 0x8, 0x2, 0x3}, 0x0)
r4 = fsopen(&(0x7f0000000040)='afs\x00', 0x0)
fsconfig$FSCONFIG_SET_STRING(r4, 0x1, &(0x7f00000001c0)='source', &(0x7f0000000100)='%\xff:2\x82|\x9a\xe0\xadA\xde\xd5\x03\x00\x00\x00\xb7\xe5\xee:\xb5\x0e\xec\xe5\xdc\xe5\x8d?\x16BE\x8b\xe8)\xa9H\x99\x10\x02q\xf7\xd3\xc5*\x15\xdf_\xb2_`\x92|\x7f\xff9\xf7o$e&1\xfd\xea\xb0\xb0', 0x0)
fsetxattr(r2, &(0x7f0000000200)=@known='user.incfs.id\x00', &(0x7f0000000280)='+.%+\x00', 0x5, 0x2)
ioctl$UFFDIO_API(0xffffffffffffffff, 0xc018aa3f, &(0x7f00000000c0))
ioctl$UFFDIO_REGISTER(0xffffffffffffffff, 0xc020aa00, &(0x7f0000000080)={{&(0x7f00000e2000/0xc00000)=nil, 0xc00000}, 0x2})
r5 = openat$dsp1(0xffffffffffffff9c, &(0x7f0000000000), 0x20080, 0x0)
openat$adsp1(0xffffffffffffff9c, &(0x7f0000000240), 0x0, 0x0)
ioctl$SNDCTL_DSP_CHANNELS(r5, 0xc0045006, &(0x7f0000000180)=0x6f)
r6 = dup2(r5, r5)
prlimit64(0xffffffffffffffff, 0x0, 0x0, 0x0)
ioctl$SNDCTL_DSP_SPEED(r6, 0xc0045002, &(0x7f00000001c0)=0x2)
read$FUSE(r6, &(0x7f0000002780)={0x2020}, 0x2020)
r7 = socket$kcm(0x10, 0x2, 0x0)
sendmsg$kcm(r7, &(0x7f0000000100)={0x0, 0x0, &(0x7f0000000700)=[{&(0x7f0000000000)="2e00000010008188e6b62aa73772cc9f1ba1f848430000005e140602000000000e000a00100000000280", 0x2a}, {&(0x7f0000000400)="6a6f8e5e", 0x4}], 0x2}, 0x0)
sendmsg$kcm(r7, &(0x7f0000000600)={0x0, 0x0, &(0x7f0000000380)=[{&(0x7f0000000000)="2e00000010008188e6b62aa73772cc9f1ba1f848430000005e140602240000000e000a000f000000028000001294", 0x2e}], 0x1}, 0x0)
ioctl$COMEDI_INSN(0xffffffffffffffff, 0x8028640c, &(0x7f0000000000)={0x8000001, 0x0, 0x0, 0x0, 0xe})
mkdirat(0xffffffffffffff9c, &(0x7f0000000200)='./file0\x00', 0x80)

7.587968564s ago: executing program 4 (id=2285):
syz_init_net_socket$nl_generic(0x10, 0x3, 0x10)
openat(0xffffffffffffff9c, &(0x7f0000000400)='./file1\x00', 0x143142, 0x120)
socket$phonet(0x23, 0x2, 0x1)
openat$binderfs(0xffffffffffffff9c, 0x0, 0x0, 0x0)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x1, 0x0)
prlimit64(0x0, 0xe, &(0x7f0000000380)={0x8, 0x100008b}, 0x0)
sched_setscheduler(0x0, 0x1, &(0x7f0000000200)=0x5)
openat$sequencer(0xffffffffffffff9c, &(0x7f0000000300), 0x80200, 0x0)
r0 = syz_open_dev$sndmidi(&(0x7f00000004c0), 0x2, 0x141102)
writev(r0, &(0x7f0000000840)=[{&(0x7f00000002c0)="94", 0xf000}, {0x0}], 0x2)
r1 = socket$key(0xf, 0x3, 0x2)
sendmsg$key(r1, &(0x7f0000000140)={0x40000000, 0x0, &(0x7f0000000040)={&(0x7f0000000240)=ANY=[], 0x10}}, 0x0)
bind$inet(0xffffffffffffffff, 0x0, 0x0)
r2 = socket$nl_route(0x10, 0x3, 0x0)
ioctl$NILFS_IOCTL_GET_SUINFO(r2, 0x80186e84, 0x0)
r3 = socket$nl_generic(0x10, 0x3, 0x10)
r4 = syz_genetlink_get_family_id$ethtool(&(0x7f0000000040), 0xffffffffffffffff)
sendmsg$ETHTOOL_MSG_DEBUG_SET(r3, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000080)={&(0x7f0000000140)=ANY=[@ANYBLOB=',\x00\x00\x00', @ANYRES16=r4], 0x2c}, 0x1, 0x0, 0x0, 0x20000054}, 0x40)
connect$inet(0xffffffffffffffff, 0x0, 0x0)
r5 = syz_init_net_socket$nl_generic(0x10, 0x3, 0x10)
sendmsg$NLBL_MGMT_C_PROTOCOLS(r5, &(0x7f0000000080)={0x0, 0x0, 0x0}, 0x0)
add_key(&(0x7f0000000080)='dns_resolver\x00', 0x0, &(0x7f0000000100)="26c2", 0xfffff, 0xffffffffffffffff)
ioctl$VHOST_SET_FEATURES(0xffffffffffffffff, 0x4008af00, 0x0)
r6 = userfaultfd(0x80801)
ioctl$UFFDIO_API(r6, 0xc018aa3f, &(0x7f0000000080)={0xaa, 0x79})
ioctl$UFFDIO_REGISTER(r6, 0xc020aa00, &(0x7f0000000040)={{&(0x7f00000e2000/0xc00000)=nil, 0xc00000}, 0x1})
madvise(&(0x7f00000ee000/0x2000)=nil, 0x2000, 0x8)
setsockopt$bt_l2cap_L2CAP_LM(0xffffffffffffffff, 0x6, 0x3, &(0x7f0000000000)=0x28, 0x4)

7.39621584s ago: executing program 6 (id=2286):
r0 = syz_open_dev$vim2m(&(0x7f0000000000), 0x8, 0x2)
ioctl$vim2m_VIDIOC_REQBUFS(r0, 0xc0145608, &(0x7f00000000c0)={0x1, 0x2, 0x1})
mmap(&(0x7f0000000000/0x2000)=nil, 0x2000, 0x2, 0x11, r0, 0x0)

5.054476722s ago: executing program 4 (id=2287):
r0 = seccomp$SECCOMP_SET_MODE_FILTER_LISTENER(0x1, 0x0, &(0x7f0000000400)={0x1, &(0x7f0000000380)=[{0x6, 0x0, 0x0, 0x7fffffff}]})
r1 = openat$dma_heap(0xffffffffffffff9c, &(0x7f0000000000), 0x103001, 0x0)
prctl$PR_SET_VMA(0x53564d41, 0x0, &(0x7f0000ffa000/0x2000)=nil, 0x2000, 0x0)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8}, 0x0)
sched_setscheduler(0x0, 0x1, &(0x7f0000000300)=0x7)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x1, 0x0)
sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x400000bce)
r2 = syz_open_dev$MSR(&(0x7f00000001c0), 0x0, 0x0)
read$msr(r2, &(0x7f0000019680)=""/102392, 0x18ff8)
ioctl$DMA_HEAP_IOCTL_ALLOC(r1, 0xc0184800, &(0x7f0000000100)={0xffff800000000000, r0})

4.973291245s ago: executing program 2 (id=2288):
r0 = socket$inet_tcp(0x2, 0x1, 0x0)
bind$inet(r0, &(0x7f00000000c0)={0x2, 0x4e21, @broadcast}, 0x10)
connect$inet(r0, &(0x7f0000000180)={0x2, 0x4e21, @dev={0xac, 0x14, 0x14, 0x1b}}, 0x10)
sendto$inet(r0, &(0x7f0000000000), 0xffffffffffffff94, 0x0, 0x0, 0x0)
ioctl$VIDIOC_G_PARM(0xffffffffffffffff, 0xc0cc5615, 0x0)
setsockopt$SO_ATTACH_FILTER(r0, 0x1, 0x1a, &(0x7f0000000140)={0x1, &(0x7f0000000100)=[{0x6, 0x7, 0xfd, 0xcdb9}]}, 0x10)
setsockopt$inet_tcp_TCP_CONGESTION(r0, 0x6, 0xd, &(0x7f00000001c0)='bbr', 0x3)
recvfrom$inet(r0, &(0x7f0000000080)=""/8, 0xfffffffffffffd0b, 0x720, 0x0, 0xfffffffffffffd25)

3.732237114s ago: executing program 4 (id=2289):
r0 = socket$nl_rdma(0x10, 0x3, 0x14)
sendmsg$RDMA_NLDEV_CMD_NEWLINK(r0, &(0x7f0000000540)={&(0x7f0000000380)={0x10, 0x0, 0x0, 0x80}, 0xc, &(0x7f0000000500)={&(0x7f00000003c0)={0xd8, 0x1403, 0x1, 0x70bd2c, 0x25dfdbfd, "", [{{0x9, 0x2, 'syz0\x00'}, {0x8, 0x41, 'siw\x00'}, {0x14, 0x33, 'veth1_to_bond\x00'}}, {{0x9, 0x2, 'syz1\x00'}, {0x8, 0x41, 'siw\x00'}, {0x14, 0x33, 'tunl0\x00'}}, {{0x9, 0x2, 'syz1\x00'}, {0x8, 0x41, 'siw\x00'}, {0x14, 0x33, 'veth1_to_batadv\x00'}}, {{0x9, 0x2, 'syz1\x00'}, {0x8, 0x41, 'rxe\x00'}, {0x14, 0x33, 'pim6reg\x00'}}, {{0x9, 0x2, 'syz1\x00'}, {0x8, 0x41, 'siw\x00'}, {0x14, 0x33, 'virt_wifi0\x00'}}]}, 0xd8}, 0x1, 0x0, 0x0, 0x40c0}, 0x80)

3.574400078s ago: executing program 4 (id=2290):
mkdirat$cgroup_root(0xffffffffffffff9c, 0x0, 0x1ff)
r0 = syz_usb_connect(0x0, 0x2d, &(0x7f0000000100)=ANY=[@ANYBLOB="12010000d5e9bd40eb030200c0ba050000010902115c01000000000904000001b504b100090581"], 0x0)
syz_usb_control_io$rtl8150(r0, 0x0, &(0x7f0000000480)={0x2c, &(0x7f0000000780)=ANY=[], 0x0, 0x0, 0x0, 0x0})
syz_usb_control_io(r0, 0x0, &(0x7f0000000880)={0x84, &(0x7f00000011c0)=ANY=[], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0})

3.385997545s ago: executing program 2 (id=2291):
prlimit64(0x0, 0xe, &(0x7f0000000380)={0x8, 0x100008b}, 0x0)
ioctl$KDGKBLED(0xffffffffffffffff, 0x4b64, &(0x7f00000006c0))
r0 = syz_open_dev$dri(&(0x7f0000000000), 0x0, 0x0)
ioctl$DRM_IOCTL_MODE_GETRESOURCES(0xffffffffffffffff, 0xc04064a0, 0x0)
socket$nl_netfilter(0x10, 0x3, 0xc)
socket$nl_xfrm(0x10, 0x3, 0x6)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x80000008b}, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000080)=0x8)
sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2)
r1 = getpid()
sched_setscheduler(r1, 0x1, &(0x7f0000000100)=0x5)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000001480)={<r2=>0xffffffffffffffff, <r3=>0xffffffffffffffff})
connect$unix(r2, &(0x7f00000004c0)=@file={0x0, './file0\x00'}, 0x6e)
sendmmsg$unix(r3, &(0x7f00000bd000), 0x318, 0x0)
recvmmsg(r2, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2)
futex(0x0, 0x85, 0x0, 0x0, 0x0, 0xb0090199)
epoll_create(0x7)
keyctl$clear(0x3, 0xfffffffffffffffd)
keyctl$set_reqkey_keyring(0xe, 0x3)
request_key(0x0, 0x0, 0x0, 0x0)
r4 = socket$nl_route(0x10, 0x3, 0x0)
sendmsg$nl_route(r4, &(0x7f0000000280)={0x0, 0x0, &(0x7f0000000240)={&(0x7f0000000080)=@ipv6_getaddrlabel={0x1c, 0x4a, 0x1ed2cf06cb562215, 0x202, 0xfffdfffc, {0xa, 0x0, 0x0, 0x0, 0x0, 0x2}}, 0x1c}, 0x1, 0x0, 0x0, 0xc0014}, 0x0)
ioctl$DRM_IOCTL_MODE_GETENCODER(r0, 0xc01464a6, &(0x7f0000000040))
ioctl$vim2m_VIDIOC_EXPBUF(0xffffffffffffffff, 0xc0405610, 0x0)
syz_open_dev$dri(&(0x7f00000008c0), 0xd21, 0x0)
ioctl$DRM_IOCTL_MODE_GETFB2(0xffffffffffffffff, 0xc06864ce, &(0x7f00000004c0)={0x0, 0x0, 0x4, 0x0, 0x2, [], [0x3, 0x0, 0x1, 0x48], [0x0, 0x0, 0xd369, 0x800], [0xfffffffffffffffd]})

2.24033368s ago: executing program 2 (id=2292):
r0 = syz_usb_connect(0x0, 0x36, &(0x7f0000000080)=ANY=[@ANYBLOB="120100001964d408861a92e03f530102030109022400010200100309041f0202e917f300090502020002020000090582020002"], 0x0)
syz_usb_control_io$uac3(r0, 0x0, 0x0)
syz_usb_control_io$uac3(r0, 0x0, &(0x7f0000000400)={0x44, &(0x7f00000005c0)=ANY=[@ANYBLOB="000e02"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0})

2.24005691s ago: executing program 5 (id=2293):
r0 = socket$nl_generic(0x10, 0x3, 0x10)
r1 = socket$nl_netfilter(0x10, 0x3, 0xc)
r2 = syz_genetlink_get_family_id$nl80211(&(0x7f0000000100), r0)
ioctl$sock_SIOCGIFINDEX_80211(r1, 0x8933, &(0x7f0000000140)={'wlan0\x00', <r3=>0x0})
sendmsg$NL80211_CMD_GET_KEY(r0, &(0x7f00000002c0)={0x0, 0x0, &(0x7f0000000280)={&(0x7f00000001c0)={0x1c, r2, 0x1, 0x70bd25, 0x25dfdbfe, {{}, {@val={0x8, 0x3, r3}, @void}}}, 0x1c}, 0x1, 0x0, 0x0, 0x4000}, 0x40)

2.219783331s ago: executing program 6 (id=2294):
syz_init_net_socket$nl_generic(0x10, 0x3, 0x10)
openat(0xffffffffffffff9c, &(0x7f0000000400)='./file1\x00', 0x143142, 0x120)
socket$phonet(0x23, 0x2, 0x1)
openat$binderfs(0xffffffffffffff9c, 0x0, 0x0, 0x0)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x1, 0x0)
prlimit64(0x0, 0xe, &(0x7f0000000380)={0x8, 0x100008b}, 0x0)
sched_setscheduler(0x0, 0x1, &(0x7f0000000200)=0x5)
openat$sequencer(0xffffffffffffff9c, &(0x7f0000000300), 0x80200, 0x0)
r0 = syz_open_dev$sndmidi(&(0x7f00000004c0), 0x2, 0x141102)
writev(r0, &(0x7f0000000840)=[{&(0x7f00000002c0)="94", 0xf000}, {0x0}], 0x2)
r1 = socket$key(0xf, 0x3, 0x2)
sendmsg$key(r1, &(0x7f0000000140)={0x40000000, 0x0, &(0x7f0000000040)={&(0x7f0000000240)=ANY=[], 0x10}}, 0x0)
bind$inet(0xffffffffffffffff, 0x0, 0x0)
r2 = socket$nl_route(0x10, 0x3, 0x0)
ioctl$NILFS_IOCTL_GET_SUINFO(r2, 0x80186e84, 0x0)
r3 = socket$nl_generic(0x10, 0x3, 0x10)
r4 = syz_genetlink_get_family_id$ethtool(&(0x7f0000000040), 0xffffffffffffffff)
sendmsg$ETHTOOL_MSG_DEBUG_SET(r3, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000080)={&(0x7f0000000140)=ANY=[@ANYBLOB=',\x00\x00\x00', @ANYRES16=r4], 0x2c}, 0x1, 0x0, 0x0, 0x20000054}, 0x40)
connect$inet(0xffffffffffffffff, 0x0, 0x0)
r5 = syz_init_net_socket$nl_generic(0x10, 0x3, 0x10)
sendmsg$NLBL_MGMT_C_PROTOCOLS(r5, &(0x7f0000000080)={0x0, 0x0, 0x0}, 0x0)
add_key(&(0x7f0000000080)='dns_resolver\x00', 0x0, &(0x7f0000000100)="26c2", 0xfffff, 0xffffffffffffffff)
ioctl$VHOST_SET_FEATURES(0xffffffffffffffff, 0x4008af00, 0x0)
r6 = userfaultfd(0x80801)
ioctl$UFFDIO_API(r6, 0xc018aa3f, &(0x7f0000000080)={0xaa, 0x79})
ioctl$UFFDIO_REGISTER(r6, 0xc020aa00, &(0x7f0000000040)={{&(0x7f00000e2000/0xc00000)=nil, 0xc00000}, 0x1})
madvise(&(0x7f00000ee000/0x2000)=nil, 0x2000, 0x8)
setsockopt$bt_l2cap_L2CAP_LM(0xffffffffffffffff, 0x6, 0x3, &(0x7f0000000000)=0x28, 0x4)

2.182356712s ago: executing program 5 (id=2295):
syz_init_net_socket$nl_generic(0x10, 0x3, 0x10)
openat(0xffffffffffffff9c, &(0x7f0000000400)='./file1\x00', 0x143142, 0x120)
socket$phonet(0x23, 0x2, 0x1)
openat$binderfs(0xffffffffffffff9c, 0x0, 0x0, 0x0)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x1, 0x0)
prlimit64(0x0, 0xe, &(0x7f0000000380)={0x8, 0x100008b}, 0x0)
sched_setscheduler(0x0, 0x1, &(0x7f0000000200)=0x5)
openat$sequencer(0xffffffffffffff9c, &(0x7f0000000300), 0x80200, 0x0)
r0 = syz_open_dev$sndmidi(&(0x7f00000004c0), 0x2, 0x141102)
writev(r0, &(0x7f0000000840)=[{&(0x7f00000002c0)="94", 0xf000}, {0x0}], 0x2)
r1 = socket$key(0xf, 0x3, 0x2)
sendmsg$key(r1, &(0x7f0000000140)={0x40000000, 0x0, &(0x7f0000000040)={&(0x7f0000000240)=ANY=[], 0x10}}, 0x0)
bind$inet(0xffffffffffffffff, 0x0, 0x0)
r2 = socket$nl_route(0x10, 0x3, 0x0)
ioctl$NILFS_IOCTL_GET_SUINFO(r2, 0x80186e84, 0x0)
r3 = socket$nl_generic(0x10, 0x3, 0x10)
r4 = syz_genetlink_get_family_id$ethtool(&(0x7f0000000040), 0xffffffffffffffff)
sendmsg$ETHTOOL_MSG_DEBUG_SET(r3, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000080)={&(0x7f0000000140)=ANY=[@ANYBLOB=',\x00\x00\x00', @ANYRES16=r4], 0x2c}, 0x1, 0x0, 0x0, 0x20000054}, 0x40)
connect$inet(0xffffffffffffffff, 0x0, 0x0)
r5 = syz_init_net_socket$nl_generic(0x10, 0x3, 0x10)
sendmsg$NLBL_MGMT_C_PROTOCOLS(r5, &(0x7f0000000080)={0x0, 0x0, 0x0}, 0x0)
add_key(&(0x7f0000000080)='dns_resolver\x00', 0x0, &(0x7f0000000100)="26c2", 0xfffff, 0xffffffffffffffff)
ioctl$VHOST_SET_FEATURES(0xffffffffffffffff, 0x4008af00, 0x0)
r6 = userfaultfd(0x80801)
ioctl$UFFDIO_API(r6, 0xc018aa3f, &(0x7f0000000080)={0xaa, 0x79})
ioctl$UFFDIO_REGISTER(r6, 0xc020aa00, &(0x7f0000000040)={{&(0x7f00000e2000/0xc00000)=nil, 0xc00000}, 0x1})
madvise(&(0x7f00000ee000/0x2000)=nil, 0x2000, 0x8)
setsockopt$bt_l2cap_L2CAP_LM(0xffffffffffffffff, 0x6, 0x3, &(0x7f0000000000)=0x28, 0x4)

208.211164ms ago: executing program 6 (id=2296):
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000240)=0x7)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x1b5ca000)
r0 = syz_clone(0x8000, 0x0, 0xfffffffffffffe7e, 0x0, 0x0, 0x0)
prctl$PR_SCHED_CORE(0x3e, 0x1, r0, 0x1, 0x0)
r1 = syz_open_dev$MSR(&(0x7f00000001c0), 0x0, 0x0)
read$msr(r1, &(0x7f0000019680)=""/102392, 0x18ff8)
r2 = seccomp$SECCOMP_SET_MODE_FILTER_LISTENER(0x1, 0x0, &(0x7f0000000000)={0x1, &(0x7f0000000100)=[{0x6, 0x72, 0x0, 0x7fff0000}]})
close_range(r2, 0xffffffffffffffff, 0x0)
bpf$MAP_CREATE_CONST_STR(0x0, &(0x7f0000000080)={0x2, 0x4, 0x8, 0x1, 0x80, 0x0, 0x40000}, 0x50)
bpf$BPF_GET_PROG_INFO(0xf, 0xfffffffffffffffe, 0x0)

0s ago: executing program 5 (id=2297):
r0 = openat$adsp1(0xffffffffffffff9c, &(0x7f0000000080), 0x0, 0x0)
r1 = openat$fuse(0xffffffffffffff9c, 0x0, 0x42, 0x0)
mount$fuse(0x0, 0x0, 0x0, 0x0, 0x0)
r2 = syz_open_dev$dri(&(0x7f0000000280), 0x1, 0x0)
ioctl$DRM_IOCTL_MODE_GETPROPERTY(r2, 0xc04064aa, 0x0)
socket$kcm(0x10, 0x2, 0x0)
r3 = socket$phonet_pipe(0x23, 0x5, 0x2)
connect$phonet_pipe(r3, 0x0, 0x0)
r4 = fcntl$dupfd(r3, 0x0, r3)
accept4(r4, 0x0, 0x0, 0x80000)
syz_fuse_handle_req(r1, 0x0, 0x0, &(0x7f00000000c0)={0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0})
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000640)=0x2)
ioctl$KVM_SET_VCPU_EVENTS(0xffffffffffffffff, 0x4400ae8f, 0x0)
r5 = openat$kvm(0xffffff9c, &(0x7f0000000180), 0xe8200, 0x0)
r6 = ioctl$KVM_CREATE_VM(r5, 0xae01, 0x0)
r7 = ioctl$KVM_CREATE_VCPU(r6, 0xae41, 0x0)
ioctl$KVM_SET_USER_MEMORY_REGION(r6, 0x4020ae46, 0x0)
ioctl$KVM_CAP_HYPERV_VP_INDEX(r6, 0x4068aea3, &(0x7f0000000000))
ioctl$KVM_RUN(r7, 0xae80, 0x0)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
r8 = syz_open_dev$MSR(&(0x7f00000001c0), 0x0, 0x0)
read$msr(r8, &(0x7f0000019680)=""/102392, 0x18ff8)
syz_open_dev$sg(&(0x7f0000000000), 0xffff0000, 0x4802)
dup3(r1, r0, 0x6700000000000000)
close_range(r0, 0xffffffffffffffff, 0x0)

kernel console output (not intermixed with test programs):

323][ T8595] usb 1-1: can't set config #220, error -71
[  958.771601][ T8595] usb 1-1: USB disconnect, device number 23
[  962.581566][T11590] syz.0.1446 (11590): /proc/11590/oom_adj is deprecated, please use /proc/11590/oom_score_adj instead.
[  965.598241][T11512] usb 4-1: new high-speed USB device number 18 using dummy_hcd
[  965.817181][T11512] usb 4-1: config 220 has an invalid interface number: 76 but max is 2
[  965.841630][T11512] usb 4-1: config 220 has an invalid descriptor of length 0, skipping remainder of the config
[  965.857121][T11512] usb 4-1: config 220 has 2 interfaces, different from the descriptor's value: 3
[  965.873991][T11512] usb 4-1: config 220 has no interface number 1
[  965.884712][T11512] usb 4-1: config 220 interface 0 has no altsetting 0
[  965.897385][T11512] usb 4-1: config 220 interface 76 has no altsetting 0
[  965.929734][T11512] usb 4-1: New USB device found, idVendor=8086, idProduct=0b07, bcdDevice=6c.b9
[  965.941671][T11512] usb 4-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  965.956988][T11512] usb 4-1: Product: syz
[  965.966053][T11512] usb 4-1: Manufacturer: syz
[  965.974816][T11512] usb 4-1: SerialNumber: syz
[  966.714807][T11512] usb 4-1: Found UVC 7.01 device syz (8086:0b07)
[  966.748267][T11512] usb 4-1: No valid video chain found.
[  966.788857][T11512] usb 4-1: USB disconnect, device number 18
[  972.595621][T11619] syzkaller0: entered promiscuous mode
[  972.618376][T11619] syzkaller0: entered allmulticast mode
[  976.008680][   T43] usb 1-1: new high-speed USB device number 24 using dummy_hcd
[  977.772253][   T43] usb 1-1: config 220 has an invalid interface number: 76 but max is 2
[  977.787661][   T43] usb 1-1: config 220 has an invalid descriptor of length 0, skipping remainder of the config
[  977.813315][   T43] usb 1-1: config 220 has 2 interfaces, different from the descriptor's value: 3
[  977.845380][   T43] usb 1-1: config 220 has no interface number 1
[  977.997170][   T43] usb 1-1: config 220 interface 0 has no altsetting 0
[  978.006008][   T43] usb 1-1: config 220 interface 76 has no altsetting 0
[  978.018522][   T43] usb 1-1: New USB device found, idVendor=8086, idProduct=0b07, bcdDevice=6c.b9
[  978.036423][   T43] usb 1-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  978.050820][   T43] usb 1-1: Product: syz
[  978.056115][   T43] usb 1-1: Manufacturer: syz
[  978.061698][   T43] usb 1-1: SerialNumber: syz
[  978.935936][   T43] usb 1-1: can't set config #220, error -71
[  978.978718][   T43] usb 1-1: USB disconnect, device number 24
[  980.000833][T11660] netlink: 'syz.0.1465': attribute type 5 has an invalid length.
[  980.680952][T11667] loop3: detected capacity change from 0 to 32768
[  980.728205][T11667] gfs2: fsid=syz:syz: Trying to join cluster "lock_nolock", "syz:syz"
[  980.738521][T11667] gfs2: fsid=syz:syz: Now mounting FS (format 1801)...
[  980.771268][T11667] gfs2: fsid=syz:syz.0: journal 0 mapped with 5 extents in 0ms
[  980.802393][   T43] gfs2: fsid=syz:syz.0: jid=0, already locked for use
[  980.827285][   T43] gfs2: fsid=syz:syz.0: jid=0: Looking at journal...
[  981.346578][   T43] gfs2: fsid=syz:syz.0: jid=0: Journal head lookup took 519ms
[  981.363888][   T43] gfs2: fsid=syz:syz.0: jid=0: Done
[  981.376898][T11667] gfs2: fsid=syz:syz.0: first mount done, others may mount
[  981.631662][T11667] gfs2: fsid=syz:syz.0: found 1 quota changes
[  982.441700][ T5770] gfs2: fsid=syz:syz.0: fatal: filesystem consistency error
[  982.441700][ T5770]   inode = 11 2339
[  982.441700][ T5770]   function = gfs2_dinode_in, file = fs/gfs2/glops.c, line = 421
[  982.459083][T11676] 9pnet_virtio: no channels available for device 127.0.0.1
[  982.528266][ T5770] gfs2: fsid=syz:syz.0: G:  s:EX n:2/923 f:qobnN t:EX d:EX/0 a:0 v:0 r:3 m:20 p:1
[  982.558419][ T5770] gfs2: fsid=syz:syz.0:  H: s:EX f:H e:0 p:5770 [syz-executor] gfs2_quota_sync+0x411/0x5a0
[  982.603246][ T5770] gfs2: fsid=syz:syz.0:  I: n:11/2339 t:0 f:0x00 d:0x00000000 s:0 p:0
[  982.683471][ T5770] gfs2: fsid=syz:syz.0: about to withdraw this file system
[  982.758999][ T5770] gfs2: fsid=syz:syz.0: Journal recovery skipped for jid 0 until next mount.
[  982.804834][ T5770] gfs2: fsid=syz:syz.0: Glock dequeues delayed: 0
[  982.858379][ T5770] gfs2: fsid=syz:syz.0: File system withdrawn
[  982.881562][ T5770] CPU: 1 PID: 5770 Comm: syz-executor Not tainted syzkaller #0
[  982.891892][ T5770] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 04/18/2026
[  982.908020][ T5770] Call Trace:
[  982.914332][ T5770]  <TASK>
[  982.917682][ T5770]  dump_stack_lvl+0x18c/0x250
[  982.925731][ T5770]  ? kobject_uevent_env+0x363/0x8b0
[  982.932686][ T5770]  ? show_regs_print_info+0x20/0x20
[  982.939240][ T5770]  ? load_image+0x420/0x420
[  982.946093][ T5770]  ? kobject_uevent_env+0x363/0x8b0
[  982.952980][ T5770]  gfs2_withdraw+0xb24/0x13d0
[  982.958547][ T5770]  ? gfs2_lm+0x240/0x240
[  982.963503][ T5770]  ? queue_delayed_work_on+0x114/0x200
[  982.970260][ T5770]  ? gfs2_consist_inode_i+0xf5/0x110
[  982.979056][ T5770]  gfs2_inode_refresh+0xc50/0x1160
[  982.987136][ T5770]  ? gfs2_inode_metasync+0xf0/0xf0
[  982.994588][ T5770]  ? gfs2_glock_nq+0xd4f/0x1420
[  983.001234][ T5770]  gfs2_instantiate+0x162/0x220
[  983.007796][ T5770]  gfs2_glock_wait+0x1d4/0x2a0
[  983.014017][ T5770]  do_sync+0x4c6/0xe50
[  983.019015][ T5770]  ? gfs2_quota_sync+0x411/0x5a0
[  983.027004][ T5770]  ? bh_get+0x760/0x760
[  983.031547][ T5770]  ? __lock_acquire+0x7d40/0x7d40
[  983.039855][ T5770]  ? do_raw_spin_lock+0x11f/0x2c0
[  983.046827][ T5770]  ? gfs2_quota_sync+0x411/0x5a0
[  983.053489][ T5770]  ? do_raw_spin_unlock+0x121/0x230
[  983.059665][ T5770]  gfs2_quota_sync+0x411/0x5a0
[  983.066226][ T5770]  gfs2_sync_fs+0x4c/0xb0
[  983.070807][ T5770]  sync_filesystem+0xea/0x220
[  983.077096][ T5770]  generic_shutdown_super+0x6f/0x2b0
[  983.083746][ T5770]  kill_block_super+0x44/0x90
[  983.088904][ T5770]  deactivate_locked_super+0x97/0x100
[  983.095408][ T5770]  cleanup_mnt+0x43b/0x4d0
[  983.100805][ T5770]  task_work_run+0x1d4/0x260
[  983.106357][ T5770]  ? task_work_cancel+0x220/0x220
[  983.114541][ T5770]  ? exit_to_user_mode_loop+0x3b/0x110
[  983.120936][ T5770]  exit_to_user_mode_loop+0xe6/0x110
[  983.127210][ T5770]  exit_to_user_mode_prepare+0xee/0x180
[  983.133835][ T5770]  syscall_exit_to_user_mode+0x1a/0x50
[  983.141866][ T5770]  do_syscall_64+0x61/0xb0
[  983.148855][ T5770]  ? clear_bhb_loop+0x40/0x90
[  983.157260][ T5770]  ? clear_bhb_loop+0x40/0x90
[  983.163473][ T5770]  entry_SYSCALL_64_after_hwframe+0x68/0xd2
[  983.170867][ T5770] RIP: 0033:0x7f44fbd9e097
[  983.176526][ T5770] Code: a2 c7 05 5c 06 25 00 00 00 00 00 eb 96 e8 e1 12 00 00 90 31 f6 e9 09 00 00 00 66 0f 1f 84 00 00 00 00 00 b8 a6 00 00 00 0f 05 <48> 3d 00 f0 ff ff 77 01 c3 48 c7 c2 e8 ff ff ff f7 d8 64 89 02 b8
[  983.203783][ T5770] RSP: 002b:00007ffed30f1618 EFLAGS: 00000246 ORIG_RAX: 00000000000000a6
[  983.214730][ T5770] RAX: 0000000000000000 RBX: 00007f44fbe321ca RCX: 00007f44fbd9e097
[  983.226540][ T5770] RDX: 0000000000000000 RSI: 0000000000000009 RDI: 00007ffed30f16d0
[  983.236434][ T5770] RBP: 00007ffed30f16d0 R08: 00007ffed30f26d0 R09: 00000000ffffffff
[  983.245919][ T5770] R10: 0000000000000000 R11: 0000000000000246 R12: 00007ffed30f2760
[  983.257331][ T5770] R13: 00007f44fbe321ca R14: 00000000000efc4b R15: 00007ffed30f27a0
[  983.268481][ T5770]  </TASK>
[  984.537844][T11685] Bluetooth: hci4: unexpected cc 0x0c03 length: 249 > 1
[  984.554049][T11685] Bluetooth: hci4: unexpected cc 0x1003 length: 249 > 9
[  984.564389][T11685] Bluetooth: hci4: unexpected cc 0x1001 length: 249 > 9
[  984.575627][T11685] Bluetooth: hci4: unexpected cc 0x0c23 length: 249 > 4
[  984.588217][T11685] Bluetooth: hci4: unexpected cc 0x0c25 length: 249 > 3
[  984.597946][T11685] Bluetooth: hci4: unexpected cc 0x0c38 length: 249 > 2
[  986.638276][   T52] Bluetooth: hci4: command tx timeout
[  988.238476][ T5854] usb 3-1: new high-speed USB device number 18 using dummy_hcd
[  988.403354][ T3445] netdevsim netdevsim1 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  988.438672][ T5854] usb 3-1: config 220 has an invalid interface number: 76 but max is 2
[  988.466289][ T5854] usb 3-1: config 220 has an invalid descriptor of length 0, skipping remainder of the config
[  988.506418][ T5854] usb 3-1: config 220 has 2 interfaces, different from the descriptor's value: 3
[  988.536435][ T5854] usb 3-1: config 220 has no interface number 1
[  988.567401][ T5854] usb 3-1: config 220 interface 0 has no altsetting 0
[  988.588537][ T5854] usb 3-1: config 220 interface 76 has no altsetting 0
[  988.625550][ T3445] netdevsim netdevsim1 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  988.627350][ T5854] usb 3-1: New USB device found, idVendor=8086, idProduct=0b07, bcdDevice=6c.b9
[  988.673868][ T5854] usb 3-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  988.688994][ T5854] usb 3-1: Product: syz
[  988.694717][ T5854] usb 3-1: Manufacturer: syz
[  988.706807][T11682] chnl_net:caif_netlink_parms(): no params data found
[  988.725793][   T52] Bluetooth: hci4: command tx timeout
[  988.750237][ T5854] usb 3-1: SerialNumber: syz
[  988.921281][ T3445] netdevsim netdevsim1 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  989.057962][ T3445] netdevsim netdevsim1 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  989.083288][ T5854] usb 3-1: Found UVC 7.01 device syz (8086:0b07)
[  989.108174][ T5854] usb 3-1: No valid video chain found.
[  989.147880][ T5854] usb 3-1: USB disconnect, device number 18
[  989.884070][T11682] bridge0: port 1(bridge_slave_0) entered blocking state
[  989.898389][T11682] bridge0: port 1(bridge_slave_0) entered disabled state
[  989.907555][T11682] bridge_slave_0: entered allmulticast mode
[  989.951868][T11682] bridge_slave_0: entered promiscuous mode
[  989.972655][T11682] bridge0: port 2(bridge_slave_1) entered blocking state
[  990.018496][T11682] bridge0: port 2(bridge_slave_1) entered disabled state
[  990.027577][T11682] bridge_slave_1: entered allmulticast mode
[  990.124589][T11682] bridge_slave_1: entered promiscuous mode
[  990.534205][T11682] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link
[  990.619767][T11682] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link
[  990.759024][T11713] loop2: detected capacity change from 0 to 32768
[  990.799986][T11713] gfs2: fsid=syz:syz: Trying to join cluster "lock_nolock", "syz:syz"
[  990.811878][T11713] gfs2: fsid=syz:syz: Now mounting FS (format 1801)...
[  990.826747][   T52] Bluetooth: hci4: command tx timeout
[  990.873677][T11713] gfs2: fsid=syz:syz.0: journal 0 mapped with 5 extents in 0ms
[  990.893007][ T1214] gfs2: fsid=syz:syz.0: jid=0, already locked for use
[  990.919026][ T1214] gfs2: fsid=syz:syz.0: jid=0: Looking at journal...
[  990.932913][T11682] team0: Port device team_slave_0 added
[  991.137937][T11682] team0: Port device team_slave_1 added
[  991.377127][ T1214] gfs2: fsid=syz:syz.0: jid=0: Journal head lookup took 458ms
[  991.575459][ T1214] gfs2: fsid=syz:syz.0: jid=0: Done
[  991.981418][T11713] gfs2: fsid=syz:syz.0: first mount done, others may mount
[  992.172974][T11682] batman_adv: batadv0: Adding interface: batadv_slave_0
[  992.182227][T11682] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[  992.249122][T11682] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active
[  992.301329][T11682] batman_adv: batadv0: Adding interface: batadv_slave_1
[  992.387356][T11682] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[  992.391955][T11713] gfs2: fsid=syz:syz.0: found 1 quota changes
[  992.612540][T11682] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active
[  992.677638][ T3445] tipc: Left network mode
[  992.972663][T11682] hsr_slave_0: entered promiscuous mode
[  992.988685][   T52] Bluetooth: hci4: command tx timeout
[  993.126327][T11682] hsr_slave_1: entered promiscuous mode
[  993.203310][ T1291] ieee802154 phy0 wpan0: encryption failed: -22
[  993.212029][T11682] debugfs: Directory 'hsr0' with parent 'hsr' already present!
[  993.226504][ T1291] ieee802154 phy1 wpan1: encryption failed: -22
[  993.274459][T11682] Cannot create hsr debugfs directory
[  993.364636][ T5767] gfs2: fsid=syz:syz.0: fatal: filesystem consistency error
[  993.364636][ T5767]   inode = 11 2339
[  993.364636][ T5767]   function = gfs2_dinode_in, file = fs/gfs2/glops.c, line = 421
[  993.395359][ T5767] gfs2: fsid=syz:syz.0: G:  s:EX n:2/923 f:qobnN t:EX d:EX/0 a:0 v:0 r:3 m:20 p:1
[  993.412255][ T5767] gfs2: fsid=syz:syz.0:  H: s:EX f:H e:0 p:5767 [syz-executor] gfs2_quota_sync+0x411/0x5a0
[  993.425123][ T5767] gfs2: fsid=syz:syz.0:  I: n:11/2339 t:0 f:0x00 d:0x00000000 s:0 p:0
[  993.445525][ T5767] gfs2: fsid=syz:syz.0: about to withdraw this file system
[  993.463278][ T5767] gfs2: fsid=syz:syz.0: Journal recovery skipped for jid 0 until next mount.
[  993.481595][ T5767] gfs2: fsid=syz:syz.0: Glock dequeues delayed: 0
[  993.494033][ T5767] gfs2: fsid=syz:syz.0: File system withdrawn
[  993.510847][ T5767] CPU: 1 PID: 5767 Comm: syz-executor Not tainted syzkaller #0
[  993.520649][ T5767] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 04/18/2026
[  993.533517][ T5767] Call Trace:
[  993.538946][ T5767]  <TASK>
[  993.542082][ T5767]  dump_stack_lvl+0x18c/0x250
[  993.547529][ T5767]  ? kobject_uevent_env+0x363/0x8b0
[  993.553063][ T5767]  ? show_regs_print_info+0x20/0x20
[  993.560131][ T5767]  ? load_image+0x420/0x420
[  993.570494][ T5767]  ? kobject_uevent_env+0x363/0x8b0
[  993.578974][ T5767]  gfs2_withdraw+0xb24/0x13d0
[  993.584667][ T5767]  ? gfs2_lm+0x240/0x240
[  993.589460][ T5767]  ? queue_delayed_work_on+0x114/0x200
[  993.596020][ T5767]  ? gfs2_consist_inode_i+0xf5/0x110
[  993.602887][ T5767]  gfs2_inode_refresh+0xc50/0x1160
[  993.610049][ T5767]  ? gfs2_inode_metasync+0xf0/0xf0
[  993.616484][ T5767]  ? gfs2_glock_nq+0xd4f/0x1420
[  993.622999][ T5767]  gfs2_instantiate+0x162/0x220
[  993.628881][ T5767]  gfs2_glock_wait+0x1d4/0x2a0
[  993.635439][ T5767]  do_sync+0x4c6/0xe50
[  993.640532][ T5767]  ? gfs2_quota_sync+0x411/0x5a0
[  993.646746][ T5767]  ? bh_get+0x760/0x760
[  993.654178][ T5767]  ? __lock_acquire+0x7d40/0x7d40
[  993.661705][ T5767]  ? do_raw_spin_lock+0x11f/0x2c0
[  993.667903][ T5767]  ? gfs2_quota_sync+0x411/0x5a0
[  993.673289][ T5767]  ? do_raw_spin_unlock+0x121/0x230
[  993.678805][ T5767]  gfs2_quota_sync+0x411/0x5a0
[  993.684968][ T5767]  gfs2_sync_fs+0x4c/0xb0
[  993.692742][ T5767]  sync_filesystem+0xea/0x220
[  993.700858][ T5767]  generic_shutdown_super+0x6f/0x2b0
[  993.708759][ T5767]  kill_block_super+0x44/0x90
[  993.715241][ T5767]  deactivate_locked_super+0x97/0x100
[  993.722320][ T5767]  cleanup_mnt+0x43b/0x4d0
[  993.729819][ T5767]  task_work_run+0x1d4/0x260
[  993.737648][ T5767]  ? task_work_cancel+0x220/0x220
[  993.745328][ T5767]  ? exit_to_user_mode_loop+0x3b/0x110
[  993.751546][ T5767]  exit_to_user_mode_loop+0xe6/0x110
[  993.757486][ T5767]  exit_to_user_mode_prepare+0xee/0x180
[  993.763339][ T5767]  syscall_exit_to_user_mode+0x1a/0x50
[  993.772623][ T5767]  do_syscall_64+0x61/0xb0
[  993.778253][ T5767]  ? clear_bhb_loop+0x40/0x90
[  993.784230][ T5767]  ? clear_bhb_loop+0x40/0x90
[  993.790771][ T5767]  entry_SYSCALL_64_after_hwframe+0x68/0xd2
[  993.797328][ T5767] RIP: 0033:0x7f1c0219e097
[  993.802145][ T5767] Code: a2 c7 05 5c 06 25 00 00 00 00 00 eb 96 e8 e1 12 00 00 90 31 f6 e9 09 00 00 00 66 0f 1f 84 00 00 00 00 00 b8 a6 00 00 00 0f 05 <48> 3d 00 f0 ff ff 77 01 c3 48 c7 c2 e8 ff ff ff f7 d8 64 89 02 b8
[  993.824445][ T5767] RSP: 002b:00007fffc6e8c298 EFLAGS: 00000246 ORIG_RAX: 00000000000000a6
[  993.834894][ T5767] RAX: 0000000000000000 RBX: 00007f1c022321ca RCX: 00007f1c0219e097
[  993.844651][ T5767] RDX: 0000000000000000 RSI: 0000000000000009 RDI: 00007fffc6e8c350
[  993.854596][ T5767] RBP: 00007fffc6e8c350 R08: 00007fffc6e8d350 R09: 00000000ffffffff
[  993.865093][ T5767] R10: 0000000000000000 R11: 0000000000000246 R12: 00007fffc6e8d3e0
[  993.874203][ T5767] R13: 00007f1c022321ca R14: 00000000000f2684 R15: 00007fffc6e8d420
[  993.884561][ T5767]  </TASK>
[  994.253042][T11743] 9pnet_virtio: no channels available for device 127.0.0.1
[ 1000.089661][T11776] loop3: detected capacity change from 0 to 32768
[ 1000.111394][T11776] gfs2: fsid=syz:syz: Trying to join cluster "lock_nolock", "syz:syz"
[ 1000.121060][T11776] gfs2: fsid=syz:syz: Now mounting FS (format 1801)...
[ 1000.153710][T11776] gfs2: fsid=syz:syz.0: journal 0 mapped with 5 extents in 0ms
[ 1000.172388][ T5854] gfs2: fsid=syz:syz.0: jid=0, already locked for use
[ 1000.446865][T11682] netdevsim netdevsim4 netdevsim0: renamed from eth0
[ 1000.755165][ T5854] gfs2: fsid=syz:syz.0: jid=0: Looking at journal...
[ 1000.790706][T11682] netdevsim netdevsim4 netdevsim1: renamed from eth1
[ 1000.819916][ T5854] gfs2: fsid=syz:syz.0: jid=0: Journal head lookup took 64ms
[ 1000.834975][ T5854] gfs2: fsid=syz:syz.0: jid=0: Done
[ 1000.846062][T11776] gfs2: fsid=syz:syz.0: first mount done, others may mount
[ 1001.006936][T11682] netdevsim netdevsim4 netdevsim2: renamed from eth2
[ 1001.158202][T11776] gfs2: fsid=syz:syz.0: found 1 quota changes
[ 1001.336605][T11682] netdevsim netdevsim4 netdevsim3: renamed from eth3
[ 1001.940222][ T5770] gfs2: fsid=syz:syz.0: fatal: filesystem consistency error
[ 1001.940222][ T5770]   inode = 11 2339
[ 1001.940222][ T5770]   function = gfs2_dinode_in, file = fs/gfs2/glops.c, line = 421
[ 1002.000199][ T5770] gfs2: fsid=syz:syz.0: G:  s:EX n:2/923 f:qobnN t:EX d:EX/0 a:0 v:0 r:3 m:20 p:1
[ 1002.048308][ T5770] gfs2: fsid=syz:syz.0:  H: s:EX f:H e:0 p:5770 [syz-executor] gfs2_quota_sync+0x411/0x5a0
[ 1002.077306][ T5770] gfs2: fsid=syz:syz.0:  I: n:11/2339 t:0 f:0x00 d:0x00000000 s:0 p:0
[ 1002.138605][ T5770] gfs2: fsid=syz:syz.0: about to withdraw this file system
[ 1003.321551][ T5770] gfs2: fsid=syz:syz.0: Journal recovery skipped for jid 0 until next mount.
[ 1003.333275][ T5770] gfs2: fsid=syz:syz.0: Glock dequeues delayed: 0
[ 1003.357292][ T5770] gfs2: fsid=syz:syz.0: File system withdrawn
[ 1003.385757][ T5770] CPU: 1 PID: 5770 Comm: syz-executor Not tainted syzkaller #0
[ 1003.398821][ T5770] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 04/18/2026
[ 1003.411913][ T5770] Call Trace:
[ 1003.416639][ T5770]  <TASK>
[ 1003.422601][ T5770]  dump_stack_lvl+0x18c/0x250
[ 1003.427417][ T5770]  ? kobject_uevent_env+0x363/0x8b0
[ 1003.436915][ T5770]  ? show_regs_print_info+0x20/0x20
[ 1003.443505][ T5770]  ? load_image+0x420/0x420
[ 1003.449862][ T5770]  ? kobject_uevent_env+0x363/0x8b0
[ 1003.455662][ T5770]  gfs2_withdraw+0xb24/0x13d0
[ 1003.461176][ T5770]  ? gfs2_lm+0x240/0x240
[ 1003.466071][ T5770]  ? queue_delayed_work_on+0x114/0x200
[ 1003.472488][ T5770]  ? gfs2_consist_inode_i+0xf5/0x110
[ 1003.479912][ T5770]  gfs2_inode_refresh+0xc50/0x1160
[ 1003.486014][ T5770]  ? gfs2_inode_metasync+0xf0/0xf0
[ 1003.491968][ T5770]  ? gfs2_glock_nq+0xd4f/0x1420
[ 1003.498866][ T5770]  gfs2_instantiate+0x162/0x220
[ 1003.504705][ T5770]  gfs2_glock_wait+0x1d4/0x2a0
[ 1003.510540][ T5770]  do_sync+0x4c6/0xe50
[ 1003.516081][ T5770]  ? gfs2_quota_sync+0x411/0x5a0
[ 1003.523156][ T5770]  ? bh_get+0x760/0x760
[ 1003.528585][ T5770]  ? __lock_acquire+0x7d40/0x7d40
[ 1003.535307][ T5770]  ? do_raw_spin_lock+0x11f/0x2c0
[ 1003.541573][ T5770]  ? gfs2_quota_sync+0x411/0x5a0
[ 1003.548665][ T5770]  ? do_raw_spin_unlock+0x121/0x230
[ 1003.555260][ T5770]  gfs2_quota_sync+0x411/0x5a0
[ 1003.561215][ T5770]  gfs2_sync_fs+0x4c/0xb0
[ 1003.565859][ T5770]  sync_filesystem+0xea/0x220
[ 1003.570938][ T5770]  generic_shutdown_super+0x6f/0x2b0
[ 1003.577454][ T5770]  kill_block_super+0x44/0x90
[ 1003.583084][ T5770]  deactivate_locked_super+0x97/0x100
[ 1003.589363][ T5770]  cleanup_mnt+0x43b/0x4d0
[ 1003.594969][ T5770]  task_work_run+0x1d4/0x260
[ 1003.600497][ T5770]  ? task_work_cancel+0x220/0x220
[ 1003.605874][ T5770]  ? exit_to_user_mode_loop+0x3b/0x110
[ 1003.612895][ T5770]  exit_to_user_mode_loop+0xe6/0x110
[ 1003.620198][ T5770]  exit_to_user_mode_prepare+0xee/0x180
[ 1003.627908][ T5770]  syscall_exit_to_user_mode+0x1a/0x50
[ 1003.635508][ T5770]  do_syscall_64+0x61/0xb0
[ 1003.640271][ T5770]  ? clear_bhb_loop+0x40/0x90
[ 1003.645370][ T5770]  ? clear_bhb_loop+0x40/0x90
[ 1003.653960][ T5770]  entry_SYSCALL_64_after_hwframe+0x68/0xd2
[ 1003.662192][ T5770] RIP: 0033:0x7f44fbd9e097
[ 1003.669277][ T5770] Code: a2 c7 05 5c 06 25 00 00 00 00 00 eb 96 e8 e1 12 00 00 90 31 f6 e9 09 00 00 00 66 0f 1f 84 00 00 00 00 00 b8 a6 00 00 00 0f 05 <48> 3d 00 f0 ff ff 77 01 c3 48 c7 c2 e8 ff ff ff f7 d8 64 89 02 b8
[ 1003.691981][ T5770] RSP: 002b:00007ffed30f1618 EFLAGS: 00000246 ORIG_RAX: 00000000000000a6
[ 1003.701308][ T5770] RAX: 0000000000000000 RBX: 00007f44fbe321ca RCX: 00007f44fbd9e097
[ 1003.711661][ T5770] RDX: 0000000000000000 RSI: 0000000000000009 RDI: 00007ffed30f16d0
[ 1003.726264][ T5770] RBP: 00007ffed30f16d0 R08: 00007ffed30f26d0 R09: 00000000ffffffff
[ 1003.736972][ T5770] R10: 0000000000000000 R11: 0000000000000246 R12: 00007ffed30f2760
[ 1003.746603][ T5770] R13: 00007f44fbe321ca R14: 00000000000f487e R15: 00007ffed30f27a0
[ 1003.758489][ T5770]  </TASK>
[ 1004.326488][ T3445] hsr_slave_0: left promiscuous mode
[ 1004.416743][ T3445] hsr_slave_1: left promiscuous mode
[ 1004.541414][ T3445] batman_adv: batadv0: Interface deactivated: batadv_slave_0
[ 1004.559250][ T3445] batman_adv: batadv0: Removing interface: batadv_slave_0
[ 1004.628228][ T3445] batman_adv: batadv0: Interface deactivated: batadv_slave_1
[ 1004.669303][ T3445] batman_adv: batadv0: Removing interface: batadv_slave_1
[ 1005.111079][ T3445] bridge_slave_1: left allmulticast mode
[ 1005.200330][ T3445] bridge_slave_1: left promiscuous mode
[ 1005.231413][ T3445] bridge0: port 2(bridge_slave_1) entered disabled state
[ 1005.281199][ T3445] bridge_slave_0: left allmulticast mode
[ 1005.292706][ T3445] bridge_slave_0: left promiscuous mode
[ 1005.344094][ T3445] bridge0: port 1(bridge_slave_0) entered disabled state
[ 1005.473543][ T3445] veth1_macvtap: left promiscuous mode
[ 1005.486071][ T3445] veth0_macvtap: left promiscuous mode
[ 1005.494752][ T3445] veth1_vlan: left promiscuous mode
[ 1005.500157][T11822] fuse: Bad value for 'fd'
[ 1005.502099][ T3445] veth0_vlan: left promiscuous mode
[ 1006.721664][T11827] usb 4-1: new high-speed USB device number 19 using dummy_hcd
[ 1006.772103][T11829] loop2: detected capacity change from 0 to 32768
[ 1006.810512][T11829] gfs2: fsid=syz:syz: Trying to join cluster "lock_nolock", "syz:syz"
[ 1006.823650][T11829] gfs2: fsid=syz:syz: Now mounting FS (format 1801)...
[ 1006.863685][T11829] gfs2: fsid=syz:syz.0: journal 0 mapped with 5 extents in 0ms
[ 1006.875550][   T27] gfs2: fsid=syz:syz.0: jid=0, already locked for use
[ 1006.886596][   T27] gfs2: fsid=syz:syz.0: jid=0: Looking at journal...
[ 1006.935865][T11827] usb 4-1: config 220 has an invalid interface number: 76 but max is 2
[ 1006.949127][   T27] gfs2: fsid=syz:syz.0: jid=0: Journal head lookup took 62ms
[ 1006.950712][T11827] usb 4-1: config 220 has an invalid descriptor of length 0, skipping remainder of the config
[ 1006.974317][   T27] gfs2: fsid=syz:syz.0: jid=0: Done
[ 1006.974399][T11829] gfs2: fsid=syz:syz.0: first mount done, others may mount
[ 1007.004312][T11827] usb 4-1: config 220 has 2 interfaces, different from the descriptor's value: 3
[ 1007.056832][T11827] usb 4-1: config 220 has no interface number 1
[ 1007.096099][T11827] usb 4-1: config 220 interface 0 has no altsetting 0
[ 1007.113565][T11827] usb 4-1: config 220 interface 76 has no altsetting 0
[ 1007.126544][T11827] usb 4-1: New USB device found, idVendor=8086, idProduct=0b07, bcdDevice=6c.b9
[ 1007.146579][T11827] usb 4-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[ 1007.158538][T11827] usb 4-1: Product: syz
[ 1007.164166][T11827] usb 4-1: Manufacturer: syz
[ 1007.177303][T11827] usb 4-1: SerialNumber: syz
[ 1007.231116][T11829] gfs2: fsid=syz:syz.0: found 1 quota changes
[ 1007.439047][T11827] usb 4-1: Found UVC 7.01 device syz (8086:0b07)
[ 1007.510171][T11827] usb 4-1: No valid video chain found.
[ 1007.576143][T11827] usb 4-1: USB disconnect, device number 19
[ 1008.192835][ T5767] gfs2: fsid=syz:syz.0: fatal: filesystem consistency error
[ 1008.192835][ T5767]   inode = 11 2339
[ 1008.192835][ T5767]   function = gfs2_dinode_in, file = fs/gfs2/glops.c, line = 421
[ 1008.228371][ T5767] gfs2: fsid=syz:syz.0: G:  s:EX n:2/923 f:qobnN t:EX d:EX/0 a:0 v:0 r:3 m:20 p:1
[ 1008.268446][ T5767] gfs2: fsid=syz:syz.0:  H: s:EX f:H e:0 p:5767 [syz-executor] gfs2_quota_sync+0x411/0x5a0
[ 1008.285663][ T5767] gfs2: fsid=syz:syz.0:  I: n:11/2339 t:0 f:0x00 d:0x00000000 s:0 p:0
[ 1008.430018][ T5767] gfs2: fsid=syz:syz.0: about to withdraw this file system
[ 1008.571772][ T5767] gfs2: fsid=syz:syz.0: Journal recovery skipped for jid 0 until next mount.
[ 1008.775407][ T5767] gfs2: fsid=syz:syz.0: Glock dequeues delayed: 0
[ 1008.862229][ T5767] gfs2: fsid=syz:syz.0: File system withdrawn
[ 1008.903486][ T5767] CPU: 0 PID: 5767 Comm: syz-executor Not tainted syzkaller #0
[ 1008.912395][ T5767] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 04/18/2026
[ 1008.925902][ T5767] Call Trace:
[ 1008.929507][ T5767]  <TASK>
[ 1008.933138][ T5767]  dump_stack_lvl+0x18c/0x250
[ 1008.939275][ T5767]  ? kobject_uevent_env+0x363/0x8b0
[ 1008.945056][ T5767]  ? show_regs_print_info+0x20/0x20
[ 1008.950886][ T5767]  ? load_image+0x420/0x420
[ 1008.956070][ T5767]  ? kobject_uevent_env+0x363/0x8b0
[ 1008.961711][ T5767]  gfs2_withdraw+0xb24/0x13d0
[ 1008.967903][ T5767]  ? gfs2_lm+0x240/0x240
[ 1008.973905][ T5767]  ? gfs2_consist_inode_i+0xf5/0x110
[ 1008.979639][ T5767]  gfs2_inode_refresh+0xc50/0x1160
[ 1008.985708][ T5767]  ? gfs2_inode_metasync+0xf0/0xf0
[ 1008.991247][ T5767]  ? gfs2_glock_nq+0xd4f/0x1420
[ 1008.997745][ T5767]  gfs2_instantiate+0x162/0x220
[ 1009.003276][ T5767]  gfs2_glock_wait+0x1d4/0x2a0
[ 1009.010767][ T5767]  do_sync+0x4c6/0xe50
[ 1009.015700][ T5767]  ? gfs2_quota_sync+0x411/0x5a0
[ 1009.021369][ T5767]  ? bh_get+0x760/0x760
[ 1009.026120][ T5767]  ? __lock_acquire+0x7d40/0x7d40
[ 1009.033222][ T5767]  ? do_raw_spin_lock+0x11f/0x2c0
[ 1009.039636][ T5767]  ? gfs2_quota_sync+0x411/0x5a0
[ 1009.045698][ T5767]  ? do_raw_spin_unlock+0x121/0x230
[ 1009.051477][ T5767]  gfs2_quota_sync+0x411/0x5a0
[ 1009.058408][ T5767]  gfs2_sync_fs+0x4c/0xb0
[ 1009.063128][ T5767]  sync_filesystem+0xea/0x220
[ 1009.069516][ T5767]  generic_shutdown_super+0x6f/0x2b0
[ 1009.075655][ T5767]  kill_block_super+0x44/0x90
[ 1009.081095][ T5767]  deactivate_locked_super+0x97/0x100
[ 1009.087094][ T5767]  cleanup_mnt+0x43b/0x4d0
[ 1009.092245][ T5767]  task_work_run+0x1d4/0x260
[ 1009.097601][ T5767]  ? task_work_cancel+0x220/0x220
[ 1009.105584][ T5767]  ? exit_to_user_mode_loop+0x3b/0x110
[ 1009.111932][ T5767]  exit_to_user_mode_loop+0xe6/0x110
[ 1009.118595][ T5767]  exit_to_user_mode_prepare+0xee/0x180
[ 1009.125366][ T5767]  syscall_exit_to_user_mode+0x1a/0x50
[ 1009.132562][ T5767]  do_syscall_64+0x61/0xb0
[ 1009.138426][ T5767]  ? clear_bhb_loop+0x40/0x90
[ 1009.145594][ T5767]  ? clear_bhb_loop+0x40/0x90
[ 1009.151966][ T5767]  entry_SYSCALL_64_after_hwframe+0x68/0xd2
[ 1009.159004][ T5767] RIP: 0033:0x7f1c0219e097
[ 1009.165821][ T5767] Code: a2 c7 05 5c 06 25 00 00 00 00 00 eb 96 e8 e1 12 00 00 90 31 f6 e9 09 00 00 00 66 0f 1f 84 00 00 00 00 00 b8 a6 00 00 00 0f 05 <48> 3d 00 f0 ff ff 77 01 c3 48 c7 c2 e8 ff ff ff f7 d8 64 89 02 b8
[ 1009.191657][ T5767] RSP: 002b:00007fffc6e8c298 EFLAGS: 00000246 ORIG_RAX: 00000000000000a6
[ 1009.203110][ T5767] RAX: 0000000000000000 RBX: 00007f1c022321ca RCX: 00007f1c0219e097
[ 1009.212425][ T5767] RDX: 0000000000000000 RSI: 0000000000000009 RDI: 00007fffc6e8c350
[ 1009.223598][ T5767] RBP: 00007fffc6e8c350 R08: 00007fffc6e8d350 R09: 00000000ffffffff
[ 1009.235986][ T5767] R10: 0000000000000000 R11: 0000000000000246 R12: 00007fffc6e8d3e0
[ 1009.246519][ T5767] R13: 00007f1c022321ca R14: 00000000000f60a4 R15: 00007fffc6e8d420
[ 1009.257162][ T5767]  </TASK>
[ 1011.434315][ T3445] team0 (unregistering): Port device team_slave_1 removed
[ 1011.505559][ T3445] team0 (unregistering): Port device team_slave_0 removed
[ 1011.582256][ T3445] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface
[ 1011.780637][ T3445] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface
[ 1012.764225][ T3445] bond0 (unregistering): Released all slaves
[ 1012.874309][T11806] netlink: 'syz.0.1492': attribute type 5 has an invalid length.
[ 1012.901979][T11682] 8021q: adding VLAN 0 to HW filter on device bond0
[ 1013.146398][T11682] 8021q: adding VLAN 0 to HW filter on device team0
[ 1013.192998][ T2914] bridge0: port 1(bridge_slave_0) entered blocking state
[ 1013.201479][ T2914] bridge0: port 1(bridge_slave_0) entered forwarding state
[ 1014.895176][ T2998] bridge0: port 2(bridge_slave_1) entered blocking state
[ 1014.904627][ T2998] bridge0: port 2(bridge_slave_1) entered forwarding state
[ 1015.505645][T11682] hsr0: Slave A (hsr_slave_0) is not up; please bring it up to get a fully working HSR network
[ 1015.550462][T11682] hsr0: Slave B (hsr_slave_1) is not up; please bring it up to get a fully working HSR network
[ 1015.721701][T11866] netlink: 'syz.3.1503': attribute type 3 has an invalid length.
[ 1016.113181][T11883] fuse: Bad value for 'fd'
[ 1016.701769][T11897] vcan0: tx drop: invalid sa for name 0x0000000000000001
[ 1018.106219][T11682] 8021q: adding VLAN 0 to HW filter on device batadv0
[ 1019.598909][ T5854] usb 3-1: new high-speed USB device number 19 using dummy_hcd
[ 1019.882637][ T5854] usb 3-1: config 220 has an invalid interface number: 76 but max is 2
[ 1019.954981][ T5854] usb 3-1: config 220 has an invalid descriptor of length 0, skipping remainder of the config
[ 1020.010882][ T5854] usb 3-1: config 220 has no interface number 2
[ 1020.041505][ T5854] usb 3-1: too many endpoints for config 220 interface 1 altsetting 5: 255, using maximum allowed: 30
[ 1020.224543][ T5854] usb 3-1: config 220 interface 1 altsetting 5 has 0 endpoint descriptors, different from the interface descriptor's value: 255
[ 1020.512028][ T5854] usb 3-1: config 220 interface 0 has no altsetting 0
[ 1020.665872][ T5854] usb 3-1: config 220 interface 76 has no altsetting 0
[ 1020.758731][ T5854] usb 3-1: config 220 interface 1 has no altsetting 0
[ 1020.758946][T11682] veth0_vlan: entered promiscuous mode
[ 1020.775472][ T5854] usb 3-1: New USB device found, idVendor=8086, idProduct=0b07, bcdDevice=6c.b9
[ 1020.823026][ T5854] usb 3-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[ 1020.846983][T11682] veth1_vlan: entered promiscuous mode
[ 1020.862095][T11935] fuse: Bad value for 'fd'
[ 1020.869770][ T5854] usb 3-1: Product: syz
[ 1020.875767][ T5854] usb 3-1: Manufacturer: syz
[ 1020.934906][ T5854] usb 3-1: SerialNumber: syz
[ 1021.010092][T11682] veth0_macvtap: entered promiscuous mode
[ 1021.074680][T11682] veth1_macvtap: entered promiscuous mode
[ 1021.162349][T11682] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0
[ 1021.189214][ T5854] usb 3-1: Found UVC 7.01 device syz (8086:0b07)
[ 1021.222742][T11682] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[ 1021.228158][ T5854] usb 3-1: No valid video chain found.
[ 1021.271799][T11682] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0
[ 1021.302955][ T5854] usb 3-1: USB disconnect, device number 19
[ 1021.363497][T11682] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[ 1021.442549][T11682] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0
[ 1021.519505][T11682] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[ 1022.039215][T11682] batman_adv: batadv0: Interface activated: batadv_slave_0
[ 1022.104084][T11682] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1
[ 1022.131780][T11682] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[ 1022.192238][T11682] batman_adv: batadv0: Interface activated: batadv_slave_1
[ 1022.294536][T11682] netdevsim netdevsim4 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0
[ 1022.372194][T11682] netdevsim netdevsim4 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0
[ 1024.049087][T11682] netdevsim netdevsim4 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0
[ 1024.106659][T11682] netdevsim netdevsim4 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0
[ 1024.504077][   T50] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[ 1024.531594][   T50] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50
[ 1024.553726][ T3445] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[ 1024.752718][ T3445] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50
[ 1029.168616][ T5855] usb 5-1: new high-speed USB device number 2 using dummy_hcd
[ 1029.360910][ T5855] usb 5-1: config 220 has an invalid interface number: 76 but max is 2
[ 1029.390658][ T5855] usb 5-1: config 220 has an invalid descriptor of length 0, skipping remainder of the config
[ 1029.444793][ T5855] usb 5-1: config 220 has no interface number 2
[ 1029.489693][ T5855] usb 5-1: too many endpoints for config 220 interface 1 altsetting 5: 255, using maximum allowed: 30
[ 1029.519684][ T5855] usb 5-1: config 220 interface 1 altsetting 5 has 0 endpoint descriptors, different from the interface descriptor's value: 255
[ 1029.554470][ T5855] usb 5-1: config 220 interface 0 has no altsetting 0
[ 1029.568642][ T5855] usb 5-1: config 220 interface 76 has no altsetting 0
[ 1029.581431][ T5855] usb 5-1: config 220 interface 1 has no altsetting 0
[ 1029.600293][ T5855] usb 5-1: New USB device found, idVendor=8086, idProduct=0b07, bcdDevice=6c.b9
[ 1029.620866][ T5855] usb 5-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[ 1029.644482][ T5855] usb 5-1: Product: syz
[ 1029.651243][ T5855] usb 5-1: Manufacturer: syz
[ 1029.657611][ T5855] usb 5-1: SerialNumber: syz
[ 1029.882995][T12025] netlink: 8 bytes leftover after parsing attributes in process `syz.2.1529'.
[ 1030.378745][ T5855] usb 5-1: Found UVC 7.01 device syz (8086:0b07)
[ 1030.408491][ T5855] usb 5-1: No valid video chain found.
[ 1030.470901][ T5855] usb 5-1: USB disconnect, device number 2
[ 1030.570294][T12028] 9pnet_virtio: no channels available for device 127.0.0.1
[ 1035.601329][T12065] netlink: 'syz.2.1538': attribute type 5 has an invalid length.
[ 1036.465950][T12071] program syz.4.1539 is using a deprecated SCSI ioctl, please convert it to SG_IO
[ 1040.389014][T11685] Bluetooth: hci3: unexpected cc 0x0c03 length: 249 > 1
[ 1040.431185][T11685] Bluetooth: hci3: unexpected cc 0x1003 length: 249 > 9
[ 1040.448786][T11685] Bluetooth: hci3: unexpected cc 0x1001 length: 249 > 9
[ 1040.461659][T11685] Bluetooth: hci3: unexpected cc 0x0c23 length: 249 > 4
[ 1040.492108][T11685] Bluetooth: hci3: unexpected cc 0x0c25 length: 249 > 3
[ 1040.509433][T11685] Bluetooth: hci3: unexpected cc 0x0c38 length: 249 > 2
[ 1041.446080][T12090] chnl_net:caif_netlink_parms(): no params data found
[ 1042.562853][T12129] netlink: 'syz.0.1550': attribute type 3 has an invalid length.
[ 1043.257749][   T52] Bluetooth: hci3: command tx timeout
[ 1044.507338][T12137] bridge0: adding interface bridge0 with same address as a received packet (addr:aa:aa:aa:aa:aa:1b, vlan:0)
[ 1044.991280][T12090] bridge0: port 1(bridge_slave_0) entered blocking state
[ 1045.028260][T12090] bridge0: port 1(bridge_slave_0) entered disabled state
[ 1045.059061][T12090] bridge_slave_0: entered allmulticast mode
[ 1045.090920][T12090] bridge_slave_0: entered promiscuous mode
[ 1045.727904][   T52] Bluetooth: hci3: command tx timeout
[ 1046.328851][    C1] bridge0: received packet on bridge_slave_0 with own address as source address (addr:aa:aa:aa:aa:aa:1b, vlan:0)
[ 1046.737264][ T3445] netdevsim netdevsim3 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[ 1046.897652][T12090] bridge0: port 2(bridge_slave_1) entered blocking state
[ 1046.945719][T12090] bridge0: port 2(bridge_slave_1) entered disabled state
[ 1046.977813][T12090] bridge_slave_1: entered allmulticast mode
[ 1047.017772][T12090] bridge_slave_1: entered promiscuous mode
[ 1047.173764][ T3445] netdevsim netdevsim3 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[ 1047.458419][T12090] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link
[ 1047.476401][T12090] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link
[ 1047.758351][   T52] Bluetooth: hci3: command tx timeout
[ 1048.384957][ T3445] netdevsim netdevsim3 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[ 1048.685132][ T3445] netdevsim netdevsim3 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[ 1048.793880][T12090] team0: Port device team_slave_0 added
[ 1049.152472][T12090] team0: Port device team_slave_1 added
[ 1049.841366][   T52] Bluetooth: hci3: command tx timeout
[ 1049.999729][T12090] batman_adv: batadv0: Adding interface: batadv_slave_0
[ 1050.108378][T12090] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[ 1050.203213][T12090] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active
[ 1050.287139][T12090] batman_adv: batadv0: Adding interface: batadv_slave_1
[ 1050.358226][T12090] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[ 1050.640404][T12181] program syz.0.1562 is using a deprecated SCSI ioctl, please convert it to SG_IO
[ 1051.506259][T12090] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active
[ 1052.642497][T12090] hsr_slave_0: entered promiscuous mode
[ 1052.727751][T12090] hsr_slave_1: entered promiscuous mode
[ 1052.767256][T12090] debugfs: Directory 'hsr0' with parent 'hsr' already present!
[ 1052.788194][T12090] Cannot create hsr debugfs directory
[ 1054.643521][ T1291] ieee802154 phy0 wpan0: encryption failed: -22
[ 1054.666417][ T1291] ieee802154 phy1 wpan1: encryption failed: -22
[ 1057.223678][ T3445] tipc: Left network mode
[ 1060.013627][T12241] netlink: 'syz.0.1574': attribute type 3 has an invalid length.
[ 1061.287128][T12090] netdevsim netdevsim5 netdevsim0: renamed from eth0
[ 1061.609997][T12090] netdevsim netdevsim5 netdevsim1: renamed from eth1
[ 1061.884932][T12090] netdevsim netdevsim5 netdevsim2: renamed from eth2
[ 1062.009845][T12090] netdevsim netdevsim5 netdevsim3: renamed from eth3
[ 1065.595866][T12090] 8021q: adding VLAN 0 to HW filter on device bond0
[ 1065.943041][T12090] 8021q: adding VLAN 0 to HW filter on device team0
[ 1069.326037][ T2914] bridge0: port 1(bridge_slave_0) entered blocking state
[ 1069.336778][ T2914] bridge0: port 1(bridge_slave_0) entered forwarding state
[ 1070.090633][ T2914] bridge0: port 2(bridge_slave_1) entered blocking state
[ 1070.098327][ T2914] bridge0: port 2(bridge_slave_1) entered forwarding state
[ 1070.402852][T12090] hsr0: Slave A (hsr_slave_0) is not up; please bring it up to get a fully working HSR network
[ 1070.464194][T12090] hsr0: Slave B (hsr_slave_1) is not up; please bring it up to get a fully working HSR network
[ 1071.024296][ T3445] hsr_slave_0: left promiscuous mode
[ 1072.528312][ T3445] hsr_slave_1: left promiscuous mode
[ 1072.638467][ T3445] batman_adv: batadv0: Interface deactivated: batadv_slave_0
[ 1072.673200][ T3445] batman_adv: batadv0: Removing interface: batadv_slave_0
[ 1072.701106][ T3445] batman_adv: batadv0: Removing interface: batadv_slave_1
[ 1072.771171][ T3445] bridge_slave_1: left allmulticast mode
[ 1072.795345][ T3445] bridge_slave_1: left promiscuous mode
[ 1072.813824][ T3445] bridge0: port 2(bridge_slave_1) entered disabled state
[ 1072.828307][ T3445] bridge_slave_0: left allmulticast mode
[ 1072.835664][ T3445] bridge_slave_0: left promiscuous mode
[ 1072.844595][ T3445] bridge0: port 1(bridge_slave_0) entered disabled state
[ 1072.885972][ T3445] veth1_macvtap: left promiscuous mode
[ 1072.906454][ T3445] veth0_macvtap: left promiscuous mode
[ 1072.919115][ T3445] veth1_vlan: left promiscuous mode
[ 1072.924620][ T3445] veth0_vlan: left promiscuous mode
[ 1081.528338][    C1] bridge0: received packet on bridge_slave_0 with own address as source address (addr:aa:aa:aa:aa:aa:1b, vlan:0)
[ 1084.360746][ T3445] team0 (unregistering): Port device team_slave_1 removed
[ 1084.534731][ T3445] team0 (unregistering): Port device team_slave_0 removed
[ 1084.837391][ T3445] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface
[ 1084.985052][ T3445] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface
[ 1086.109994][T12381] netlink: 4 bytes leftover after parsing attributes in process `syz.2.1600'.
[ 1087.428388][ T5855] usb 5-1: new high-speed USB device number 3 using dummy_hcd
[ 1087.818338][ T5855] usb 5-1: Using ep0 maxpacket: 8
[ 1087.849439][ T5855] usb 5-1: config 179 has an invalid interface number: 65 but max is 0
[ 1087.879943][ T5855] usb 5-1: config 179 has no interface number 0
[ 1087.941088][ T5855] usb 5-1: config 179 interface 65 altsetting 0 endpoint 0xF has an invalid bInterval 0, changing to 7
[ 1088.036342][ T5855] usb 5-1: config 179 interface 65 altsetting 0 endpoint 0xF has invalid maxpacket 1025, setting to 1024
[ 1088.060501][ T5855] usb 5-1: config 179 interface 65 altsetting 0 endpoint 0x83 has an invalid bInterval 0, changing to 7
[ 1088.104289][ T5855] usb 5-1: config 179 interface 65 altsetting 0 endpoint 0x83 has invalid maxpacket 41728, setting to 1024
[ 1088.827142][T12393] netlink: 'syz.2.1604': attribute type 3 has an invalid length.
[ 1089.721276][ T5855] usb 5-1: config 179 interface 65 altsetting 0 has 2 endpoint descriptors, different from the interface descriptor's value: 23
[ 1089.738451][ T5855] usb 5-1: New USB device found, idVendor=12ab, idProduct=90a3, bcdDevice=1e.eb
[ 1089.749823][ T5855] usb 5-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[ 1089.766658][T12386] raw-gadget.0 gadget.4: fail, usb_ep_enable returned -22
[ 1089.855383][T11685] Bluetooth: hci1: unexpected cc 0x0c03 length: 249 > 1
[ 1089.872122][T11685] Bluetooth: hci1: unexpected cc 0x1003 length: 249 > 9
[ 1089.901383][T11685] Bluetooth: hci1: unexpected cc 0x1001 length: 249 > 9
[ 1089.927872][T11685] Bluetooth: hci1: unexpected cc 0x0c23 length: 249 > 4
[ 1089.943984][ T3445] bond0 (unregistering): Released all slaves
[ 1089.953029][T11685] Bluetooth: hci1: unexpected cc 0x0c25 length: 249 > 3
[ 1089.964030][T11685] Bluetooth: hci1: unexpected cc 0x0c38 length: 249 > 2
[ 1090.033618][    C0] xpad 5-1:179.65: xpad_irq_in - usb_submit_urb failed with result -19
[ 1090.045244][    C0] xpad 5-1:179.65: xpad_irq_out - usb_submit_urb failed with result -19
[ 1090.062144][ T5855] usb 5-1: USB disconnect, device number 3
[ 1092.078561][T11685] Bluetooth: hci1: command tx timeout
[ 1092.333789][T12090] 8021q: adding VLAN 0 to HW filter on device batadv0
[ 1093.614663][T12395] chnl_net:caif_netlink_parms(): no params data found
[ 1095.480828][T11685] Bluetooth: hci1: command tx timeout
[ 1095.603335][T12395] bridge0: port 1(bridge_slave_0) entered blocking state
[ 1095.628663][T12395] bridge0: port 1(bridge_slave_0) entered disabled state
[ 1095.648669][T12395] bridge_slave_0: entered allmulticast mode
[ 1095.657770][T12395] bridge_slave_0: entered promiscuous mode
[ 1095.668219][   T43] usb 5-1: new high-speed USB device number 4 using dummy_hcd
[ 1095.711581][T12395] bridge0: port 2(bridge_slave_1) entered blocking state
[ 1095.728330][T12395] bridge0: port 2(bridge_slave_1) entered disabled state
[ 1095.748336][T12395] bridge_slave_1: entered allmulticast mode
[ 1095.756322][T12395] bridge_slave_1: entered promiscuous mode
[ 1095.876894][ T3445] netdevsim netdevsim0 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[ 1095.878720][   T43] usb 5-1: Using ep0 maxpacket: 8
[ 1095.902536][   T43] usb 5-1: config 179 has an invalid interface number: 65 but max is 0
[ 1095.914553][   T43] usb 5-1: config 179 has no interface number 0
[ 1095.948747][   T43] usb 5-1: config 179 interface 65 altsetting 0 endpoint 0xF has an invalid bInterval 0, changing to 7
[ 1095.988368][   T43] usb 5-1: config 179 interface 65 altsetting 0 endpoint 0xF has invalid maxpacket 1025, setting to 1024
[ 1096.021156][T12395] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link
[ 1096.045498][   T43] usb 5-1: config 179 interface 65 altsetting 0 endpoint 0x83 has an invalid bInterval 0, changing to 7
[ 1096.082611][T12395] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link
[ 1096.110474][   T43] usb 5-1: config 179 interface 65 altsetting 0 endpoint 0x83 has invalid maxpacket 41728, setting to 1024
[ 1096.154965][   T43] usb 5-1: config 179 interface 65 altsetting 0 has 2 endpoint descriptors, different from the interface descriptor's value: 23
[ 1096.177787][ T3445] netdevsim netdevsim0 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[ 1096.183102][   T43] usb 5-1: New USB device found, idVendor=12ab, idProduct=90a3, bcdDevice=1e.eb
[ 1096.203913][   T43] usb 5-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[ 1096.236963][T12434] raw-gadget.0 gadget.4: fail, usb_ep_enable returned -22
[ 1096.431786][ T3445] netdevsim netdevsim0 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[ 1096.499789][T12395] team0: Port device team_slave_0 added
[ 1096.644506][ T3445] netdevsim netdevsim0 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[ 1096.725830][T12395] team0: Port device team_slave_1 added
[ 1096.771714][ T5815] usb 5-1: USB disconnect, device number 4
[ 1096.778231][    C1] xpad 5-1:179.65: xpad_irq_in - usb_submit_urb failed with result -19
[ 1096.787555][    C1] xpad 5-1:179.65: xpad_irq_out - usb_submit_urb failed with result -19
[ 1096.991131][T12395] batman_adv: batadv0: Adding interface: batadv_slave_0
[ 1097.037850][T12395] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[ 1097.129635][T12395] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active
[ 1097.292086][T12395] batman_adv: batadv0: Adding interface: batadv_slave_1
[ 1097.321577][T12395] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[ 1097.453556][T12395] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active
[ 1097.518267][T11685] Bluetooth: hci1: command tx timeout
[ 1097.802260][T12395] hsr_slave_0: entered promiscuous mode
[ 1097.849270][T12395] hsr_slave_1: entered promiscuous mode
[ 1097.866495][   T52] Bluetooth: hci0: unexpected cc 0x0c03 length: 249 > 1
[ 1097.896901][   T52] Bluetooth: hci0: unexpected cc 0x1003 length: 249 > 9
[ 1097.909685][T12395] debugfs: Directory 'hsr0' with parent 'hsr' already present!
[ 1097.918699][   T52] Bluetooth: hci0: unexpected cc 0x1001 length: 249 > 9
[ 1097.928537][   T52] Bluetooth: hci0: unexpected cc 0x0c23 length: 249 > 4
[ 1097.941279][T12395] Cannot create hsr debugfs directory
[ 1097.952025][   T52] Bluetooth: hci0: unexpected cc 0x0c25 length: 249 > 3
[ 1097.960663][   T52] Bluetooth: hci0: unexpected cc 0x0c38 length: 249 > 2
[ 1098.243586][ T3445] tipc: Left network mode
[ 1098.418979][T12475] fuse: Bad value for 'rootmode'
[ 1100.897056][   T52] Bluetooth: hci1: command tx timeout
[ 1100.897108][T11685] Bluetooth: hci0: command tx timeout
[ 1101.833535][T12489] netlink: 'syz.4.1617': attribute type 5 has an invalid length.
[ 1103.482020][T11685] Bluetooth: hci0: command tx timeout
[ 1103.757374][T12465] chnl_net:caif_netlink_parms(): no params data found
[ 1104.118334][T12395] netdevsim netdevsim6 netdevsim0: renamed from eth0
[ 1104.149710][T12395] netdevsim netdevsim6 netdevsim1: renamed from eth1
[ 1104.508568][T12395] netdevsim netdevsim6 netdevsim2: renamed from eth2
[ 1104.525026][T12395] netdevsim netdevsim6 netdevsim3: renamed from eth3
[ 1105.107381][ T3445] hsr_slave_0: left promiscuous mode
[ 1105.132733][ T3445] hsr_slave_1: left promiscuous mode
[ 1105.147190][ T3445] batman_adv: batadv0: Interface deactivated: batadv_slave_0
[ 1105.176829][ T3445] batman_adv: batadv0: Removing interface: batadv_slave_0
[ 1105.199946][ T3445] batman_adv: batadv0: Removing interface: batadv_slave_1
[ 1105.217329][ T3445] bridge_slave_1: left allmulticast mode
[ 1105.236616][ T3445] bridge_slave_1: left promiscuous mode
[ 1105.275703][ T3445] bridge0: port 2(bridge_slave_1) entered disabled state
[ 1105.875869][T11685] Bluetooth: hci0: command tx timeout
[ 1105.912562][ T3445] bridge_slave_0: left allmulticast mode
[ 1106.629212][ T3445] bridge_slave_0: left promiscuous mode
[ 1106.648787][ T3445] bridge0: port 1(bridge_slave_0) entered disabled state
[ 1108.026685][T12521] Bluetooth: hci0: command tx timeout
[ 1108.026752][ T5784] Bluetooth: hci4: command 0x0406 tx timeout
[ 1108.153316][ T3445] veth1_macvtap: left promiscuous mode
[ 1108.162454][ T3445] veth0_macvtap: left promiscuous mode
[ 1108.176835][ T3445] veth1_vlan: left promiscuous mode
[ 1108.193809][ T3445] veth0_vlan: left promiscuous mode
[ 1108.409112][ T1214] usb 3-1: new high-speed USB device number 20 using dummy_hcd
[ 1108.608323][ T1214] usb 3-1: Using ep0 maxpacket: 8
[ 1108.626769][ T1214] usb 3-1: config 179 has an invalid interface number: 65 but max is 0
[ 1108.639028][ T1214] usb 3-1: config 179 has no interface number 0
[ 1108.646397][ T1214] usb 3-1: config 179 interface 65 altsetting 0 endpoint 0xF has an invalid bInterval 0, changing to 7
[ 1108.724935][ T1214] usb 3-1: config 179 interface 65 altsetting 0 endpoint 0xF has invalid maxpacket 1025, setting to 1024
[ 1108.839760][ T1214] usb 3-1: config 179 interface 65 altsetting 0 endpoint 0x83 has an invalid bInterval 0, changing to 7
[ 1108.865221][ T1214] usb 3-1: config 179 interface 65 altsetting 0 endpoint 0x83 has invalid maxpacket 41728, setting to 1024
[ 1109.105037][ T1214] usb 3-1: config 179 interface 65 altsetting 0 has 2 endpoint descriptors, different from the interface descriptor's value: 23
[ 1109.184433][ T1214] usb 3-1: New USB device found, idVendor=12ab, idProduct=90a3, bcdDevice=1e.eb
[ 1109.231067][ T1214] usb 3-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[ 1109.251855][T12527] raw-gadget.0 gadget.2: fail, usb_ep_enable returned -22
[ 1111.362093][ T5772] usb 3-1: USB disconnect, device number 20
[ 1111.362093][    C0] xpad 3-1:179.65: xpad_irq_in - usb_submit_urb failed with result -19
[ 1111.362137][    C0] xpad 3-1:179.65: xpad_irq_out - usb_submit_urb failed with result -19
[ 1111.475829][T12538] 9pnet_virtio: no channels available for device 127.0.0.1
[ 1115.232046][ T3445] team0 (unregistering): Port device team_slave_1 removed
[ 1115.570023][ T3445] team0 (unregistering): Port device team_slave_0 removed
[ 1115.670569][ T3445] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface
[ 1115.752014][ T3445] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface
[ 1116.093375][ T1291] ieee802154 phy0 wpan0: encryption failed: -22
[ 1116.101921][ T1291] ieee802154 phy1 wpan1: encryption failed: -22
[ 1117.782991][ T3445] bond0 (unregistering): Released all slaves
[ 1118.449201][T12465] bridge0: port 1(bridge_slave_0) entered blocking state
[ 1118.510549][T12465] bridge0: port 1(bridge_slave_0) entered disabled state
[ 1118.546574][T12465] bridge_slave_0: entered allmulticast mode
[ 1118.576218][T12465] bridge_slave_0: entered promiscuous mode
[ 1118.606096][T12465] bridge0: port 2(bridge_slave_1) entered blocking state
[ 1118.656613][T12465] bridge0: port 2(bridge_slave_1) entered disabled state
[ 1118.690049][T12465] bridge_slave_1: entered allmulticast mode
[ 1118.717304][T12465] bridge_slave_1: entered promiscuous mode
[ 1118.727856][T12549] netlink: 104 bytes leftover after parsing attributes in process `syz.4.1628'.
[ 1119.355423][T12465] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link
[ 1119.450953][T12465] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link
[ 1119.761652][T12465] team0: Port device team_slave_0 added
[ 1119.842774][T12465] team0: Port device team_slave_1 added
[ 1120.241745][T12465] batman_adv: batadv0: Adding interface: batadv_slave_0
[ 1120.258341][T12465] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[ 1120.305992][T12465] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active
[ 1120.397038][T12465] batman_adv: batadv0: Adding interface: batadv_slave_1
[ 1120.427745][T12465] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[ 1120.517698][T12465] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active
[ 1120.636644][T12395] 8021q: adding VLAN 0 to HW filter on device bond0
[ 1121.372274][T12395] 8021q: adding VLAN 0 to HW filter on device team0
[ 1122.409050][T12465] hsr_slave_0: entered promiscuous mode
[ 1122.445992][T12465] hsr_slave_1: entered promiscuous mode
[ 1122.523066][ T2914] bridge0: port 1(bridge_slave_0) entered blocking state
[ 1122.531648][ T2914] bridge0: port 1(bridge_slave_0) entered forwarding state
[ 1123.537327][ T2948] bridge0: port 2(bridge_slave_1) entered blocking state
[ 1123.545600][ T2948] bridge0: port 2(bridge_slave_1) entered forwarding state
[ 1123.973137][T12395] hsr0: Slave B (hsr_slave_1) is not up; please bring it up to get a fully working HSR network
[ 1124.063474][T12605] netlink: 104 bytes leftover after parsing attributes in process `syz.4.1640'.
[ 1125.391305][T12618] tipc: Started in network mode
[ 1125.396850][T12618] tipc: Node identity 1ad69292aed, cluster identity 4711
[ 1125.450108][T12618] tipc: Enabled bearer <eth:syzkaller0>, priority 0
[ 1125.481634][T12619] syzkaller0: entered promiscuous mode
[ 1125.487903][T12619] syzkaller0: entered allmulticast mode
[ 1125.676600][T12618] tipc: Resetting bearer <eth:syzkaller0>
[ 1125.737206][T12616] tipc: Resetting bearer <eth:syzkaller0>
[ 1125.766324][T12616] tipc: Disabling bearer <eth:syzkaller0>
[ 1125.817866][T12395] 8021q: adding VLAN 0 to HW filter on device batadv0
[ 1127.022268][T12639] netlink: 104 bytes leftover after parsing attributes in process `syz.2.1643'.
[ 1127.807909][T12465] netdevsim netdevsim5 netdevsim0: renamed from eth0
[ 1127.875156][T12465] netdevsim netdevsim5 netdevsim1: renamed from eth1
[ 1127.964908][T12465] netdevsim netdevsim5 netdevsim2: renamed from eth2
[ 1128.020516][T12465] netdevsim netdevsim5 netdevsim3: renamed from eth3
[ 1128.265426][T12651] 9pnet_virtio: no channels available for device 127.0.0.1
[ 1128.692063][ T3445] hsr_slave_0: left promiscuous mode
[ 1128.712925][ T3445] hsr_slave_1: left promiscuous mode
[ 1128.723678][ T3445] batman_adv: batadv0: Removing interface: batadv_slave_0
[ 1128.737688][ T3445] batman_adv: batadv0: Removing interface: batadv_slave_1
[ 1128.756576][ T3445] bridge_slave_1: left allmulticast mode
[ 1128.788769][ T3445] bridge_slave_1: left promiscuous mode
[ 1128.795031][ T3445] bridge0: port 2(bridge_slave_1) entered disabled state
[ 1128.822162][ T3445] bridge_slave_0: left allmulticast mode
[ 1128.828381][ T3445] bridge_slave_0: left promiscuous mode
[ 1128.836526][ T3445] bridge0: port 1(bridge_slave_0) entered disabled state
[ 1129.469562][ T3445] team0 (unregistering): Port device team_slave_1 removed
[ 1129.548748][ T3445] team0 (unregistering): Port device team_slave_0 removed
[ 1129.613586][ T3445] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface
[ 1129.683522][ T3445] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface
[ 1130.437167][ T3445] bond0 (unregistering): Released all slaves
[ 1131.002497][T12666] tipc: Enabled bearer <eth:syzkaller0>, priority 0
[ 1131.014081][T12666] syzkaller0: entered promiscuous mode
[ 1131.028404][T12666] syzkaller0: entered allmulticast mode
[ 1131.090275][T12666] tipc: Resetting bearer <eth:syzkaller0>
[ 1131.124034][T12665] tipc: Resetting bearer <eth:syzkaller0>
[ 1131.202981][T12665] tipc: Disabling bearer <eth:syzkaller0>
[ 1131.317528][T12465] 8021q: adding VLAN 0 to HW filter on device bond0
[ 1131.423737][T12465] 8021q: adding VLAN 0 to HW filter on device team0
[ 1131.452059][T12395] veth0_vlan: entered promiscuous mode
[ 1131.464475][T12674] netlink: 104 bytes leftover after parsing attributes in process `syz.4.1650'.
[ 1131.492327][ T7728] bridge0: port 1(bridge_slave_0) entered blocking state
[ 1131.500436][ T7728] bridge0: port 1(bridge_slave_0) entered forwarding state
[ 1131.547263][   T12] bridge0: port 2(bridge_slave_1) entered blocking state
[ 1131.556039][   T12] bridge0: port 2(bridge_slave_1) entered forwarding state
[ 1131.796852][T12395] veth1_vlan: entered promiscuous mode
[ 1132.494564][T12395] veth0_macvtap: entered promiscuous mode
[ 1132.542175][T12684] 9pnet_virtio: no channels available for device 127.0.0.1
[ 1132.587514][T12395] veth1_macvtap: entered promiscuous mode
[ 1134.186933][T12395] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0
[ 1134.228804][T12395] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[ 1134.268980][T12395] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0
[ 1134.294630][T12395] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[ 1134.340654][T12395] batman_adv: batadv0: Interface activated: batadv_slave_0
[ 1134.374152][T12395] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1
[ 1134.408222][T12395] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[ 1134.428146][T12395] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1
[ 1134.458128][T12395] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[ 1134.490113][T12395] batman_adv: batadv0: Interface activated: batadv_slave_1
[ 1134.573755][T12395] netdevsim netdevsim6 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0
[ 1134.610138][T12395] netdevsim netdevsim6 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0
[ 1134.638136][T12395] netdevsim netdevsim6 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0
[ 1134.661914][T12395] netdevsim netdevsim6 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0
[ 1134.877325][T12465] 8021q: adding VLAN 0 to HW filter on device batadv0
[ 1134.970855][ T2948] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[ 1135.004721][ T2948] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50
[ 1135.081033][ T2948] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[ 1135.127236][ T2948] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50
[ 1136.041689][T12465] veth0_vlan: entered promiscuous mode
[ 1136.240775][T12465] veth1_vlan: entered promiscuous mode
[ 1136.300099][T12723] tipc: Started in network mode
[ 1136.324272][T12723] tipc: Node identity 16c2bb6b2ef9, cluster identity 4711
[ 1136.344652][T12723] tipc: Enabled bearer <eth:syzkaller0>, priority 0
[ 1137.846305][T12727] syzkaller0: entered promiscuous mode
[ 1137.877867][T12727] syzkaller0: entered allmulticast mode
[ 1137.944580][T12723] tipc: Resetting bearer <eth:syzkaller0>
[ 1137.979402][ T5813] tipc: Node number set to 943438699
[ 1137.998815][T12722] tipc: Resetting bearer <eth:syzkaller0>
[ 1138.104174][T12722] tipc: Disabling bearer <eth:syzkaller0>
[ 1138.391697][T12465] veth0_macvtap: entered promiscuous mode
[ 1139.150679][T12741] 9pnet_virtio: no channels available for device 127.0.0.1
[ 1139.153935][T12465] veth1_macvtap: entered promiscuous mode
[ 1139.281231][T12465] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0
[ 1139.328535][T12465] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[ 1140.793896][T12465] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0
[ 1140.838165][T12465] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[ 1140.886789][T12465] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0
[ 1140.928682][T12465] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[ 1140.975165][T12465] batman_adv: batadv0: Interface activated: batadv_slave_0
[ 1141.042896][T12465] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1
[ 1141.077552][T12465] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[ 1141.099944][T12465] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1
[ 1141.128548][T12465] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[ 1141.153192][T12465] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1
[ 1141.187144][T12465] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[ 1141.223523][T12465] batman_adv: batadv0: Interface activated: batadv_slave_1
[ 1141.245674][T12465] netdevsim netdevsim5 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0
[ 1141.288254][T12465] netdevsim netdevsim5 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0
[ 1141.303171][T12465] netdevsim netdevsim5 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0
[ 1141.315482][T12465] netdevsim netdevsim5 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0
[ 1144.097734][   T50] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[ 1144.125862][   T50] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50
[ 1144.249060][   T50] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[ 1144.288163][   T50] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50
[ 1145.015972][ T5858] usb 6-1: new high-speed USB device number 2 using dummy_hcd
[ 1145.134537][T12792] netlink: 104 bytes leftover after parsing attributes in process `syz.6.1667'.
[ 1145.242307][ T5858] usb 6-1: config 220 has an invalid interface number: 76 but max is 2
[ 1145.268326][ T5858] usb 6-1: config 220 has an invalid descriptor of length 0, skipping remainder of the config
[ 1145.283333][ T5858] usb 6-1: config 220 has no interface number 2
[ 1145.313971][ T5858] usb 6-1: config 220 interface 1 altsetting 5 has 0 endpoint descriptors, different from the interface descriptor's value: 12
[ 1145.433546][ T5858] usb 6-1: config 220 interface 0 has no altsetting 0
[ 1145.443176][ T5858] usb 6-1: config 220 interface 76 has no altsetting 0
[ 1145.454219][ T5858] usb 6-1: config 220 interface 1 has no altsetting 0
[ 1145.467075][ T5858] usb 6-1: New USB device found, idVendor=8086, idProduct=0b07, bcdDevice=6c.b9
[ 1145.490469][ T5858] usb 6-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[ 1145.529476][ T5858] usb 6-1: Product: syz
[ 1145.534321][ T5858] usb 6-1: Manufacturer: syz
[ 1145.577363][ T5858] usb 6-1: SerialNumber: syz
[ 1145.951046][ T5858] usb 6-1: Found UVC 7.01 device syz (8086:0b07)
[ 1145.988518][ T5858] usb 6-1: No valid video chain found.
[ 1146.067421][ T5858] usb 6-1: USB disconnect, device number 2
[ 1148.365909][T12817] netlink: 'syz.6.1670': attribute type 5 has an invalid length.
[ 1153.841543][ T1214] usb 3-1: new high-speed USB device number 21 using dummy_hcd
[ 1154.389172][ T1214] usb 3-1: config 220 has an invalid interface number: 76 but max is 2
[ 1154.579928][ T1214] usb 3-1: config 220 has an invalid descriptor of length 0, skipping remainder of the config
[ 1156.034665][ T1214] usb 3-1: config 220 has no interface number 2
[ 1156.042701][ T1214] usb 3-1: config 220 interface 1 altsetting 5 has 0 endpoint descriptors, different from the interface descriptor's value: 12
[ 1156.060058][ T1214] usb 3-1: config 220 interface 0 has no altsetting 0
[ 1156.079511][ T1214] usb 3-1: config 220 interface 76 has no altsetting 0
[ 1156.088930][ T1214] usb 3-1: config 220 interface 1 has no altsetting 0
[ 1156.268247][ T1214] usb 3-1: string descriptor 0 read error: -71
[ 1156.295492][ T1214] usb 3-1: New USB device found, idVendor=8086, idProduct=0b07, bcdDevice=6c.b9
[ 1156.368375][ T1214] usb 3-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[ 1156.462958][ T1214] usb 3-1: can't set config #220, error -71
[ 1156.499972][ T1214] usb 3-1: USB disconnect, device number 21
[ 1157.039793][    C1] bridge0: received packet on bridge_slave_0 with own address as source address (addr:aa:aa:aa:aa:aa:1b, vlan:0)
[ 1159.136830][T12905] md: array md2 already initialised!
[ 1159.609385][T12922] netlink: 20 bytes leftover after parsing attributes in process `syz.5.1690'.
[ 1160.278323][ T5815] usb 5-1: new high-speed USB device number 5 using dummy_hcd
[ 1161.720501][ T5815] usb 5-1: config 220 has an invalid interface number: 76 but max is 2
[ 1161.848691][ T5815] usb 5-1: config 220 has an invalid descriptor of length 0, skipping remainder of the config
[ 1162.121001][ T5815] usb 5-1: config 220 has no interface number 2
[ 1162.159827][    C1] bridge0: received packet on bridge_slave_0 with own address as source address (addr:aa:aa:aa:aa:aa:1b, vlan:0)
[ 1162.583238][ T5815] usb 5-1: config 220 interface 1 altsetting 5 has 0 endpoint descriptors, different from the interface descriptor's value: 12
[ 1162.601593][ T5815] usb 5-1: config 220 interface 0 has no altsetting 0
[ 1162.608835][ T5815] usb 5-1: config 220 interface 76 has no altsetting 0
[ 1162.619241][ T5815] usb 5-1: config 220 interface 1 has no altsetting 0
[ 1163.487237][ T5815] usb 5-1: New USB device found, idVendor=8086, idProduct=0b07, bcdDevice=6c.b9
[ 1163.530637][ T5815] usb 5-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[ 1163.541512][ T5815] usb 5-1: Product: syz
[ 1163.547321][ T5815] usb 5-1: Manufacturer: syz
[ 1163.553910][ T5815] usb 5-1: SerialNumber: syz
[ 1163.600796][ T5815] usb 5-1: can't set config #220, error -71
[ 1163.610167][ T5815] usb 5-1: USB disconnect, device number 5
[ 1163.761666][T12958] tipc: Started in network mode
[ 1163.808327][T12958] tipc: Node identity 3ad91fd1001, cluster identity 4711
[ 1163.854857][T12958] tipc: Enabled bearer <eth:syzkaller0>, priority 0
[ 1164.051334][T12958] tipc: Resetting bearer <eth:syzkaller0>
[ 1164.124726][T12960] syzkaller0: entered promiscuous mode
[ 1164.206547][T12960] syzkaller0: entered allmulticast mode
[ 1164.313070][T12957] tipc: Resetting bearer <eth:syzkaller0>
[ 1164.590190][T12957] tipc: Disabling bearer <eth:syzkaller0>
[ 1165.938402][   T43] usb 5-1: new high-speed USB device number 6 using dummy_hcd
[ 1166.144584][   T43] usb 5-1: config 0 interface 0 altsetting 0 endpoint 0x7 has invalid wMaxPacketSize 0
[ 1166.183202][   T43] usb 5-1: config 0 interface 0 altsetting 0 bulk endpoint 0x7 has invalid maxpacket 0
[ 1166.216484][   T43] usb 5-1: config 0 interface 0 altsetting 0 endpoint 0x89 has invalid wMaxPacketSize 0
[ 1166.236945][T12994] netlink: 20 bytes leftover after parsing attributes in process `syz.6.1703'.
[ 1166.302648][   T43] usb 5-1: config 0 interface 0 altsetting 0 bulk endpoint 0x89 has invalid maxpacket 0
[ 1166.343508][   T43] usb 5-1: New USB device found, idVendor=2040, idProduct=4900, bcdDevice=4d.8b
[ 1166.382352][   T43] usb 5-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[ 1166.436016][   T43] usb 5-1: config 0 descriptor??
[ 1166.689833][   T43] hdpvr 5-1:0.0: firmware version 0x8 dated 5
[ 1168.401804][   T43] hdpvr 5-1:0.0: device init failed
[ 1168.407358][   T43] hdpvr: probe of 5-1:0.0 failed with error -12
[ 1168.475395][   T43] usb 5-1: USB disconnect, device number 6
[ 1168.866560][T13012] netlink: 64 bytes leftover after parsing attributes in process `syz.2.1712'.
[ 1170.240250][T11827] usb 5-1: new high-speed USB device number 7 using dummy_hcd
[ 1171.908927][T11827] usb 5-1: config 0 interface 0 altsetting 0 endpoint 0x7 has invalid wMaxPacketSize 0
[ 1171.928551][T11827] usb 5-1: config 0 interface 0 altsetting 0 bulk endpoint 0x7 has invalid maxpacket 0
[ 1171.953191][T11827] usb 5-1: config 0 interface 0 altsetting 0 endpoint 0x89 has invalid wMaxPacketSize 0
[ 1171.965232][T11827] usb 5-1: config 0 interface 0 altsetting 0 bulk endpoint 0x89 has invalid maxpacket 0
[ 1171.979241][T11827] usb 5-1: New USB device found, idVendor=2040, idProduct=4900, bcdDevice=4d.8b
[ 1172.038172][T11827] usb 5-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[ 1172.076869][T11827] usb 5-1: config 0 descriptor??
[ 1172.149186][T13048] netlink: 20 bytes leftover after parsing attributes in process `syz.6.1719'.
[ 1172.178766][T13050] netlink: 104 bytes leftover after parsing attributes in process `syz.2.1720'.
[ 1172.722080][T11827] hdpvr 5-1:0.0: firmware version 0x8 dated 5
[ 1173.350111][T11827] hdpvr 5-1:0.0: device init failed
[ 1173.356059][T11827] hdpvr: probe of 5-1:0.0 failed with error -12
[ 1173.418919][T11827] usb 5-1: USB disconnect, device number 7
[ 1175.237560][T13073] netlink: 104 bytes leftover after parsing attributes in process `syz.4.1725'.
[ 1178.948802][ T1291] ieee802154 phy0 wpan0: encryption failed: -22
[ 1178.957649][ T1291] ieee802154 phy1 wpan1: encryption failed: -22
[ 1180.952610][T13111] netlink: 'syz.6.1723': attribute type 3 has an invalid length.
[ 1184.264113][T13136] netlink: 64 bytes leftover after parsing attributes in process `syz.4.1735'.
[ 1184.565232][T13148] loop7: detected capacity change from 0 to 7
[ 1184.608827][T13148] Dev loop7: unable to read RDB block 7
[ 1184.623848][T13148]  loop7: unable to read partition table
[ 1184.636703][T13148] loop7: partition table beyond EOD, truncated
[ 1186.108181][T13148] loop_reread_partitions: partition scan of loop7 (úùƒå¡™‰ü�¾CêjÌ–ã¢P=ý?ã}X‹ºÐ	œëÜ%õ«`ÉæÖ€ù…ˆ{í©Ö�˜Èµ4FLQkÝŠ) failed (rc=-5)
[ 1186.200811][ T5141] Dev loop7: unable to read RDB block 7
[ 1186.238402][ T5141]  loop7: unable to read partition table
[ 1186.256083][ T5141] loop7: partition table beyond EOD, truncated
[ 1189.059167][T13174] netlink: 104 bytes leftover after parsing attributes in process `syz.6.1743'.
[ 1190.828104][T13185] netlink: 'syz.6.1745': attribute type 5 has an invalid length.
[ 1194.429853][T13202] loop7: detected capacity change from 0 to 7
[ 1194.482117][T13202] Dev loop7: unable to read RDB block 7
[ 1194.508637][T13202]  loop7: unable to read partition table
[ 1194.565174][T13202] loop7: partition table beyond EOD, truncated
[ 1194.607713][T13202] loop_reread_partitions: partition scan of loop7 (úùƒå¡™‰ü�¾CêjÌ–ã¢P=ý?ã}X‹ºÐ	œëÜ%õ«`ÉæÖ€ù…ˆ{í©Ö�˜Èµ4FLQkÝŠ) failed (rc=-5)
[ 1196.045108][T13230] UBIFS error (pid: 13230): cannot open "(null)", error -22
[ 1196.977972][T13237] bridge0: adding interface bridge0 with same address as a received packet (addr:aa:aa:aa:aa:aa:1b, vlan:0)
[ 1197.839581][T13225] syz.6.1753: attempt to access beyond end of device
[ 1197.839581][T13225] nbd6: rw=4096, sector=128, nr_sectors = 8 limit=0
[ 1197.854218][T13225] gfs2: error 10 reading superblock
[ 1198.281814][ T1214] usb 5-1: new high-speed USB device number 8 using dummy_hcd
[ 1198.346103][T13244] netlink: 'syz.2.1747': attribute type 3 has an invalid length.
[ 1198.987475][ T1214] usb 5-1: config 0 interface 0 altsetting 0 endpoint 0x7 has invalid wMaxPacketSize 0
[ 1199.171787][ T1214] usb 5-1: config 0 interface 0 altsetting 0 bulk endpoint 0x7 has invalid maxpacket 0
[ 1199.698321][ T1214] usb 5-1: config 0 interface 0 altsetting 0 endpoint 0x89 has invalid wMaxPacketSize 0
[ 1199.728135][ T1214] usb 5-1: config 0 interface 0 altsetting 0 bulk endpoint 0x89 has invalid maxpacket 0
[ 1199.771326][ T1214] usb 5-1: New USB device found, idVendor=2040, idProduct=4900, bcdDevice=4d.8b
[ 1199.827228][ T1214] usb 5-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[ 1199.885948][ T1214] usb 5-1: config 0 descriptor??
[ 1199.907048][ T1214] usb 5-1: can't set config #0, error -71
[ 1199.968588][ T1214] usb 5-1: USB disconnect, device number 8
[ 1200.618902][T13260] netlink: 'syz.6.1759': attribute type 3 has an invalid length.
[ 1201.749086][T13267] tipc: Enabled bearer <eth:syzkaller0>, priority 0
[ 1201.768757][T13267] syzkaller0: entered promiscuous mode
[ 1201.775261][T13267] syzkaller0: entered allmulticast mode
[ 1201.957811][T13266] tipc: Resetting bearer <eth:syzkaller0>
[ 1201.968352][ T5813] usb 5-1: new high-speed USB device number 9 using dummy_hcd
[ 1202.141372][T13266] tipc: Disabling bearer <eth:syzkaller0>
[ 1202.213868][ T5813] usb 5-1: config 0 interface 0 altsetting 0 endpoint 0x7 has invalid wMaxPacketSize 0
[ 1202.236258][ T5813] usb 5-1: config 0 interface 0 altsetting 0 bulk endpoint 0x7 has invalid maxpacket 0
[ 1202.280357][ T5813] usb 5-1: config 0 interface 0 altsetting 0 endpoint 0x89 has invalid wMaxPacketSize 0
[ 1202.318263][ T5813] usb 5-1: config 0 interface 0 altsetting 0 bulk endpoint 0x89 has invalid maxpacket 0
[ 1202.361492][ T5813] usb 5-1: New USB device found, idVendor=2040, idProduct=4900, bcdDevice=4d.8b
[ 1202.388500][ T5813] usb 5-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[ 1202.439510][ T5813] usb 5-1: config 0 descriptor??
[ 1202.690940][ T5813] hdpvr 5-1:0.0: firmware version 0x8 dated 5
[ 1203.592215][ T5813] hdpvr 5-1:0.0: device init failed
[ 1203.645073][ T5813] hdpvr: probe of 5-1:0.0 failed with error -12
[ 1203.797899][ T5813] usb 5-1: USB disconnect, device number 9
[ 1205.767214][T13305] UBIFS error (pid: 13305): cannot open "(null)", error -22
[ 1206.524450][T13303] syz.6.1761: attempt to access beyond end of device
[ 1206.524450][T13303] nbd6: rw=4096, sector=128, nr_sectors = 8 limit=0
[ 1206.551639][T13303] gfs2: error 10 reading superblock
[ 1207.958747][T13323] tipc: Enabled bearer <eth:syzkaller0>, priority 0
[ 1207.986373][T13323] syzkaller0: entered promiscuous mode
[ 1208.000724][T13323] syzkaller0: entered allmulticast mode
[ 1208.155583][T13329] fuse: Unknown parameter 'grou00000000000000000000'
[ 1208.182596][T13322] tipc: Resetting bearer <eth:syzkaller0>
[ 1209.311856][T13322] tipc: Disabling bearer <eth:syzkaller0>
[ 1214.484631][T13363] netlink: 104 bytes leftover after parsing attributes in process `syz.6.1779'.
[ 1215.304082][T13383] fuse: Unknown parameter 'grou00000000000000000000'
[ 1216.145524][T13395] netlink: 'syz.4.1776': attribute type 3 has an invalid length.
[ 1216.860805][   T52] Bluetooth: hci1: command 0x0406 tx timeout
[ 1219.495211][T13410] netlink: 104 bytes leftover after parsing attributes in process `syz.5.1789'.
[ 1221.450954][ T5784] Bluetooth: hci0: command 0x0406 tx timeout
[ 1221.666325][ T5855] usb 3-1: new full-speed USB device number 22 using dummy_hcd
[ 1221.871381][ T5855] usb 3-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config
[ 1224.027352][ T5855] usb 3-1: config 0 has 1 interface, different from the descriptor's value: 2
[ 1225.588350][ T5855] usb 3-1: New USB device found, idVendor=05d8, idProduct=810a, bcdDevice=92.b8
[ 1225.597950][ T5855] usb 3-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[ 1225.627712][ T5855] usb 3-1: config 0 descriptor??
[ 1225.633584][    C0] raw-gadget.0 gadget.2: ignoring, device is not running
[ 1225.641087][ T5855] usb 3-1: can't set config #0, error -32
[ 1225.648572][ T5855] usb 3-1: USB disconnect, device number 22
[ 1227.119467][T13462] UBIFS error (pid: 13462): cannot open "(null)", error -22
[ 1227.220412][T13462] syz.5.1796: attempt to access beyond end of device
[ 1227.220412][T13462] nbd5: rw=4096, sector=128, nr_sectors = 8 limit=0
[ 1227.335716][T13462] gfs2: error 10 reading superblock
[ 1227.380987][T13450] tipc: Enabled bearer <eth:syzkaller0>, priority 0
[ 1227.421667][T13450] syzkaller0: entered promiscuous mode
[ 1227.427252][T13450] syzkaller0: entered allmulticast mode
[ 1227.456161][T13447] tipc: Resetting bearer <eth:syzkaller0>
[ 1227.492971][T13447] tipc: Disabling bearer <eth:syzkaller0>
[ 1234.275151][T13536] netlink: 8 bytes leftover after parsing attributes in process `syz.5.1811'.
[ 1235.490593][T13550] 9pnet_virtio: no channels available for device 127.0.0.1
[ 1238.248679][T13568] netlink: 'syz.6.1817': attribute type 5 has an invalid length.
[ 1238.603361][T13584] vcan0: tx drop: invalid sa for name 0x0000000000000001
[ 1239.674214][ T1291] ieee802154 phy0 wpan0: encryption failed: -22
[ 1239.682531][ T1291] ieee802154 phy1 wpan1: encryption failed: -22
[ 1240.547126][T13590] UBIFS error (pid: 13590): cannot open "(null)", error -22
[ 1240.737649][T13590] syz.6.1821: attempt to access beyond end of device
[ 1240.737649][T13590] nbd6: rw=4096, sector=128, nr_sectors = 8 limit=0
[ 1240.760856][T13590] gfs2: error 10 reading superblock
[ 1241.086884][T13596] UBIFS error (pid: 13596): cannot open "(null)", error -22
[ 1241.155490][T13596] syz.4.1823: attempt to access beyond end of device
[ 1241.155490][T13596] nbd4: rw=4096, sector=128, nr_sectors = 8 limit=0
[ 1241.178607][T13596] gfs2: error 10 reading superblock
[ 1242.921721][T13614] UBIFS error (pid: 13614): cannot open "(null)", error -22
[ 1243.295647][T13617] syz.4.1826: attempt to access beyond end of device
[ 1243.295647][T13617] nbd4: rw=4096, sector=128, nr_sectors = 8 limit=0
[ 1243.321823][T13617] gfs2: error 10 reading superblock
[ 1243.508646][T13621] fuse: Unknown parameter 'group_i00000000000000000000'
[ 1243.928319][T13626] UBIFS error (pid: 13626): cannot open "(null)", error -22
[ 1244.267030][T13623] syz.2.1828: attempt to access beyond end of device
[ 1244.267030][T13623] nbd2: rw=4096, sector=128, nr_sectors = 8 limit=0
[ 1244.288112][T13623] gfs2: error 10 reading superblock
[ 1244.549397][T11512] usb 5-1: new high-speed USB device number 10 using dummy_hcd
[ 1244.748377][T11512] usb 5-1: Using ep0 maxpacket: 8
[ 1244.773617][T11512] usb 5-1: config 179 has an invalid interface number: 65 but max is 0
[ 1244.782224][T11512] usb 5-1: config 179 has an invalid descriptor of length 0, skipping remainder of the config
[ 1244.792956][T11512] usb 5-1: config 179 has no interface number 0
[ 1244.799802][T11512] usb 5-1: config 179 interface 65 altsetting 0 endpoint 0xF has an invalid bInterval 0, changing to 7
[ 1244.811204][T11512] usb 5-1: config 179 interface 65 altsetting 0 endpoint 0xF has invalid maxpacket 1025, setting to 1024
[ 1245.046742][T11512] usb 5-1: config 179 interface 65 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 23
[ 1245.064077][T11512] usb 5-1: New USB device found, idVendor=12ab, idProduct=90a3, bcdDevice=1e.eb
[ 1245.076178][T11512] usb 5-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[ 1245.157424][T13629] raw-gadget.0 gadget.4: fail, usb_ep_enable returned -22
[ 1248.168545][   T43] usb 5-1: USB disconnect, device number 10
[ 1251.979749][T13683] netlink: 'syz.6.1839': attribute type 5 has an invalid length.
[ 1252.343663][T13689] fuse: Unknown parameter 'group_id00000000000000000000'
[ 1256.598914][T13723] fuse: Unknown parameter 'group_id00000000000000000000'
[ 1259.444114][    C0] bridge0: received packet on bridge_slave_0 with own address as source address (addr:aa:aa:aa:aa:aa:1b, vlan:0)
[ 1259.462053][T13761] netlink: 8 bytes leftover after parsing attributes in process `syz.4.1855'.
[ 1260.348228][ T5813] usb 5-1: new full-speed USB device number 11 using dummy_hcd
[ 1260.545569][ T5813] usb 5-1: New USB device found, idVendor=09c0, idProduct=0203, bcdDevice=d3.43
[ 1260.557772][ T5813] usb 5-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[ 1260.592222][ T5813] usb 5-1: config 0 descriptor??
[ 1260.617944][ T5813] dvb-usb: found a 'Genpix SkyWalker-1 DVB-S receiver' in warm state.
[ 1260.825572][ T5813] gp8psk: usb in 128 operation failed.
[ 1261.042620][ T5813] gp8psk: FW Version = 0.00.0 (0x0)  Build 2000/00/00
[ 1261.254794][ T5813] gp8psk: usb in 149 operation failed.
[ 1261.269036][ T5813] gp8psk: failed to get FPGA version
[ 1261.286266][ T5813] gp8psk: usb in 138 operation failed.
[ 1261.322277][ T5813] dvb-usb: This USB2.0 device cannot be run on a USB1.1 port. (it lacks a hardware PID filter)
[ 1261.348210][ T5813] dvb-usb: Genpix SkyWalker-1 DVB-S receiver error while loading driver (-19)
[ 1261.407705][ T5813] usb 5-1: USB disconnect, device number 11
[ 1261.689065][T13781] fuse: Unknown parameter 'group_id00000000000000000000'
[ 1262.419941][T13783] netlink: 'syz.2.1854': attribute type 3 has an invalid length.
[ 1263.429091][T13796] 9pnet_virtio: no channels available for device 127.0.0.1
[ 1269.523957][T13843] fuse: Bad value for 'user_id'
[ 1269.625208][T13841] UBIFS error (pid: 13841): cannot open "(null)", error -22
[ 1269.633930][T13841] syz.6.1870: attempt to access beyond end of device
[ 1269.633930][T13841] nbd6: rw=4096, sector=128, nr_sectors = 8 limit=0
[ 1269.654606][T13841] gfs2: error 10 reading superblock
[ 1269.964865][T13856] 9pnet_virtio: no channels available for device 127.0.0.1
[ 1271.590550][T13871] bridge0: adding interface bridge0 with same address as a received packet (addr:aa:aa:aa:aa:aa:1b, vlan:0)
[ 1272.926792][T13874] md: could not open device unknown-block(0,0).
[ 1272.968464][T13874] md: error, md_import_device() returned -6
[ 1273.307637][T13888] netlink: 8 bytes leftover after parsing attributes in process `syz.2.1876'.
[ 1278.602607][T13925] netlink: 64 bytes leftover after parsing attributes in process `syz.5.1883'.
[ 1279.075183][T13935] netlink: 8 bytes leftover after parsing attributes in process `syz.4.1885'.
[ 1286.589120][T13980] UBIFS error (pid: 13980): cannot open "(null)", error -22
[ 1286.660821][T13980] syz.4.1892: attempt to access beyond end of device
[ 1286.660821][T13980] nbd4: rw=4096, sector=128, nr_sectors = 8 limit=0
[ 1286.687170][T13980] gfs2: error 10 reading superblock
[ 1292.867948][T14026] program syz.5.1903 is using a deprecated SCSI ioctl, please convert it to SG_IO
[ 1295.337931][T14036] netlink: 'syz.5.1904': attribute type 3 has an invalid length.
[ 1297.106875][T14052] vcan0: tx drop: invalid sa for name 0x0000000000000001
[ 1298.437612][T14061] netlink: 40 bytes leftover after parsing attributes in process `syz.5.1905'.
[ 1298.989567][T14065] UBIFS error (pid: 14065): cannot open "(null)", error -22
[ 1299.235685][T14065] syz.4.1908: attempt to access beyond end of device
[ 1299.235685][T14065] nbd4: rw=4096, sector=128, nr_sectors = 8 limit=0
[ 1299.263616][T14065] gfs2: error 10 reading superblock
[ 1299.562444][T14070] netlink: 20 bytes leftover after parsing attributes in process `syz.5.1909'.
[ 1299.859820][T14079] UBIFS error (pid: 14079): cannot open "(null)", error -22
[ 1300.157545][T14079] syz.4.1910: attempt to access beyond end of device
[ 1300.157545][T14079] nbd4: rw=4096, sector=128, nr_sectors = 8 limit=0
[ 1300.185287][T14079] gfs2: error 10 reading superblock
[ 1300.402700][ T1291] ieee802154 phy0 wpan0: encryption failed: -22
[ 1300.409410][ T1291] ieee802154 phy1 wpan1: encryption failed: -22
[ 1303.371403][T14107] vcan0: tx drop: invalid sa for name 0x0000000000000001
[ 1304.937368][T14115] netlink: 40 bytes leftover after parsing attributes in process `syz.2.1917'.
[ 1305.232810][T14121] UBIFS error (pid: 14121): cannot open "(null)", error -22
[ 1305.369314][T14121] syz.5.1918: attempt to access beyond end of device
[ 1305.369314][T14121] nbd5: rw=4096, sector=128, nr_sectors = 8 limit=0
[ 1305.393413][T14121] gfs2: error 10 reading superblock
[ 1305.519279][    C1] bridge0: received packet on bridge_slave_0 with own address as source address (addr:aa:aa:aa:aa:aa:1b, vlan:0)
[ 1306.170744][T14129] UBIFS error (pid: 14129): cannot open "(null)", error -22
[ 1306.186739][T14129] syz.2.1919: attempt to access beyond end of device
[ 1306.186739][T14129] nbd2: rw=4096, sector=128, nr_sectors = 8 limit=0
[ 1306.349811][T14129] gfs2: error 10 reading superblock
[ 1306.379249][T14130] netlink: 20 bytes leftover after parsing attributes in process `syz.5.1920'.
[ 1309.369325][T14172] netlink: 8 bytes leftover after parsing attributes in process `syz.5.1926'.
[ 1309.770238][T14173] UBIFS error (pid: 14173): cannot open "(null)", error -22
[ 1309.777261][T14173] syz.6.1927: attempt to access beyond end of device
[ 1309.777261][T14173] nbd6: rw=4096, sector=128, nr_sectors = 8 limit=0
[ 1309.800985][T14173] gfs2: error 10 reading superblock
[ 1311.962327][T14204] netlink: 20 bytes leftover after parsing attributes in process `syz.6.1931'.
[ 1315.680675][T14226] No such timeout policy "syz0"
[ 1317.895423][T14254] netlink: 104 bytes leftover after parsing attributes in process `syz.2.1941'.
[ 1323.709632][   T28] audit: type=1804 audit(1780781122.965:16): pid=14305 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=invalid_pcr cause=ToMToU comm="syz.6.1948" name="/newroot/73/bus/bus" dev="overlay" ino=422 res=1 errno=0
[ 1326.441387][T14323] ecryptfs_parse_options: eCryptfs: unrecognized option [³]
[ 1326.450852][T14323] ecryptfs_parse_options: eCryptfs: unrecognized option [z\)]
[ 1326.458991][T14323] ecryptfs_parse_options: You must supply at least one valid auth tok signature as a mount parameter; see the eCryptfs README
[ 1326.474378][T14323] Error parsing options; rc = [-22]
[ 1327.531216][T14330] netlink: 20 bytes leftover after parsing attributes in process `syz.2.1954'.
[ 1328.241124][T14340] netlink: 8 bytes leftover after parsing attributes in process `syz.2.1958'.
[ 1334.105798][T14368] netlink: 20 bytes leftover after parsing attributes in process `syz.5.1966'.
[ 1334.626041][T14373] No such timeout policy "syz0"
[ 1337.376279][T14390] binder: 14388:14390 unknown command 0
[ 1337.382775][T14390] binder: 14388:14390 ioctl c0306201 2000000001c0 returned -22
[ 1339.265197][T14398] UBIFS error (pid: 14398): cannot open "(null)", error -22
[ 1339.271067][T14398] syz.5.1974: attempt to access beyond end of device
[ 1339.271067][T14398] nbd5: rw=4096, sector=128, nr_sectors = 8 limit=0
[ 1339.308918][T14398] gfs2: error 10 reading superblock
[ 1339.526325][T14404] UBIFS error (pid: 14404): cannot open "(null)", error -22
[ 1340.063940][T14406] netlink: 20 bytes leftover after parsing attributes in process `syz.6.1977'.
[ 1345.359177][ T5772] usb 6-1: new high-speed USB device number 3 using dummy_hcd
[ 1345.538224][ T5772] usb 6-1: Using ep0 maxpacket: 8
[ 1345.546069][ T5772] usb 6-1: config 1 has an invalid descriptor of length 0, skipping remainder of the config
[ 1345.558169][ T5772] usb 6-1: config 1 has 1 interface, different from the descriptor's value: 3
[ 1345.570196][ T5772] usb 6-1: config 1 has no interface number 0
[ 1345.576394][ T5772] usb 6-1: config 1 interface 1 altsetting 1 endpoint 0x1 has an invalid bInterval 0, changing to 7
[ 1345.642832][ T5772] usb 6-1: New USB device found, idVendor=0582, idProduct=0025, bcdDevice= 0.40
[ 1345.672533][ T5772] usb 6-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[ 1345.690821][ T5772] usb 6-1: Product: syz
[ 1345.695126][ T5772] usb 6-1: Manufacturer: syz
[ 1345.718209][ T5772] usb 6-1: SerialNumber: syz
[ 1347.672111][T14448] syz.2.1985: attempt to access beyond end of device
[ 1347.672111][T14448] nbd2: rw=4096, sector=128, nr_sectors = 8 limit=0
[ 1347.688718][T14448] gfs2: error 10 reading superblock
[ 1347.796039][T11965] usb 6-1: USB disconnect, device number 3
[ 1348.193801][T14453] md: array md2 already initialised!
[ 1348.254329][T14456] netlink: 20 bytes leftover after parsing attributes in process `syz.4.1988'.
[ 1348.699595][T14461] No such timeout policy "syz0"
[ 1349.286234][T14466] md: array md2 already initialised!
[ 1350.549080][T14469] fuse: Bad value for 'rootmode'
[ 1350.669619][T14466] md: could not open device unknown-block(0,0).
[ 1350.698941][T14466] md: error, md_import_device() returned -6
[ 1353.737435][T14494] program syz.6.2001 is using a deprecated SCSI ioctl, please convert it to SG_IO
[ 1357.393732][T14527] netlink: 56 bytes leftover after parsing attributes in process `syz.6.2012'.
[ 1357.403181][T14527] netlink: 12 bytes leftover after parsing attributes in process `syz.6.2012'.
[ 1357.413294][T14527] netlink: 31 bytes leftover after parsing attributes in process `syz.6.2012'.
[ 1357.505949][T14527] netlink: 'syz.6.2012': attribute type 2 has an invalid length.
[ 1357.573557][T14527] netlink: 31 bytes leftover after parsing attributes in process `syz.6.2012'.
[ 1358.203710][ T5813] usb 7-1: new high-speed USB device number 2 using dummy_hcd
[ 1358.302719][T14531] binder: 14528:14531 unknown command 1074553619
[ 1358.310101][T14531] binder: 14528:14531 ioctl c0306201 200000000040 returned -22
[ 1358.398733][ T5813] usb 7-1: Using ep0 maxpacket: 16
[ 1358.443073][ T5813] usb 7-1: New USB device found, idVendor=14f7, idProduct=0500, bcdDevice=44.85
[ 1358.460091][ T5813] usb 7-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[ 1358.471040][ T5813] usb 7-1: Product: syz
[ 1358.475437][ T5813] usb 7-1: Manufacturer: syz
[ 1358.483118][ T5813] usb 7-1: SerialNumber: syz
[ 1358.537226][ T5813] usb 7-1: config 0 descriptor??
[ 1358.575427][ T5813] usb 7-1: selecting invalid altsetting 1
[ 1358.681065][ T5813] technisat-usb2: could not set alternate setting to 0
[ 1359.244698][ T5813] dvb-usb: found a 'Technisat SkyStar USB HD (DVB-S/S2)' in cold state, will try to load a firmware
[ 1359.279161][ T5813] usb 7-1: Direct firmware load for dvb-usb-SkyStar_USB_HD_FW_v17_63.HEX.fw failed with error -2
[ 1359.290444][ T5813] usb 7-1: Falling back to sysfs fallback for: dvb-usb-SkyStar_USB_HD_FW_v17_63.HEX.fw
[ 1359.575842][   T52] Bluetooth: hci0: unexpected event for opcode 0x203d
[ 1360.241962][T14570] kvm: requested 4190 ns i8254 timer period limited to 200000 ns
[ 1360.310171][T14570] kvm: pic: level sensitive irq not supported
[ 1360.316004][T14570] kvm: pic: non byte read
[ 1360.338659][T14570] kvm: pic: level sensitive irq not supported
[ 1360.338729][T14570] kvm: pic: non byte read
[ 1360.388538][T14570] kvm: pic: level sensitive irq not supported
[ 1360.388663][T14570] kvm: pic: non byte read
[ 1360.404320][T14570] kvm: pic: level sensitive irq not supported
[ 1360.404671][T14570] kvm: pic: non byte read
[ 1360.424113][T14570] kvm: pic: level sensitive irq not supported
[ 1360.424269][T14570] kvm: pic: non byte read
[ 1361.492702][T14584] netlink: 24 bytes leftover after parsing attributes in process `syz.4.2026'.
[ 1361.845014][ T1291] ieee802154 phy0 wpan0: encryption failed: -22
[ 1361.856021][ T1291] ieee802154 phy1 wpan1: encryption failed: -22
[ 1362.719922][ T5815] usb 5-1: new high-speed USB device number 12 using dummy_hcd
[ 1363.184084][ T5815] usb 5-1: config 0 has no interfaces?
[ 1363.210640][ T5815] usb 5-1: New USB device found, idVendor=06cd, idProduct=010f, bcdDevice=d5.1b
[ 1363.248641][ T5815] usb 5-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[ 1363.278661][T14605] sctp: [Deprecated]: syz.5.2034 (pid 14605) Use of struct sctp_assoc_value in delayed_ack socket option.
[ 1363.278661][T14605] Use struct sctp_sack_info instead
[ 1363.286810][T14610] syz.2.2035 (14610) used greatest stack depth: 17384 bytes left
[ 1363.309865][ T5815] usb 5-1: config 0 descriptor??
[ 1363.376829][T14619] batman_adv: batadv0: Interface deactivated: batadv_slave_0
[ 1363.384968][T14619] batman_adv: batadv0: Removing interface: batadv_slave_0
[ 1363.397703][T14619] batman_adv: batadv0: Interface deactivated: batadv_slave_1
[ 1363.415648][T14619] batman_adv: batadv0: Removing interface: batadv_slave_1
[ 1363.534892][   T43] usb 5-1: USB disconnect, device number 12
[ 1363.728804][ T5858] usb 3-1: new high-speed USB device number 23 using dummy_hcd
[ 1363.938180][ T5858] usb 3-1: Using ep0 maxpacket: 32
[ 1363.972176][ T5858] usb 3-1: config 0 interface 0 altsetting 2 endpoint 0x82 has invalid wMaxPacketSize 0
[ 1364.013049][ T5858] usb 3-1: config 0 interface 0 altsetting 2 bulk endpoint 0x82 has invalid maxpacket 0
[ 1364.038272][ T5858] usb 3-1: config 0 interface 0 has no altsetting 0
[ 1364.088289][ T5858] usb 3-1: New USB device found, idVendor=16d0, idProduct=10b8, bcdDevice=de.8e
[ 1364.097936][ T5858] usb 3-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[ 1364.110278][ T5858] usb 3-1: Product: syz
[ 1364.114960][ T5858] usb 3-1: Manufacturer: syz
[ 1364.121446][ T5858] usb 3-1: SerialNumber: syz
[ 1364.132387][ T5858] usb 3-1: config 0 descriptor??
[ 1366.095987][ T5858] gs_usb 3-1:0.0: Couldn't send data format (err=-110)
[ 1366.124932][ T5858] gs_usb: probe of 3-1:0.0 failed with error -110
[ 1366.135843][T14634] netlink: 'syz.5.2042': attribute type 5 has an invalid length.
[ 1366.959414][    C1] bridge0: received packet on bridge_slave_0 with own address as source address (addr:aa:aa:aa:aa:aa:1b, vlan:0)
[ 1367.183027][ T5815] usb 3-1: USB disconnect, device number 23
[ 1369.402825][T14667] NILFS (nullb0): couldn't find nilfs on the device
[ 1369.922384][   T52] Bluetooth: hci2: unexpected event 0x2f length: 509 > 260
[ 1370.265066][T14681] netlink: 'syz.2.2059': attribute type 2 has an invalid length.
[ 1370.331308][T14681] netlink: 4 bytes leftover after parsing attributes in process `syz.2.2059'.
[ 1371.405195][T14703] hub 8-0:1.0: USB hub found
[ 1371.413719][T14703] hub 8-0:1.0: 1 port detected
[ 1372.787540][T14709] ptrace attach of "ci2-linux-6-6-kasan/syz-executor exec"[5767] was attempted by "                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                            
[ 1373.627270][T14715] vhci_hcd vhci_hcd.0: pdev(5) rhport(0) sockfd(3)
[ 1373.724787][T14715] vhci_hcd vhci_hcd.0: devid(0) speed(1) speed_str(low-speed)
[ 1373.732365][    C0] vkms_vblank_simulate: vblank timer overrun
[ 1373.752321][ T1214] usb 5-1: new full-speed USB device number 13 using dummy_hcd
[ 1373.791521][T14715] vhci_hcd vhci_hcd.0: Device attached
[ 1373.831676][T14716] vhci_hcd: connection closed
[ 1373.845957][ T2998] vhci_hcd: stop threads
[ 1373.858259][ T2998] vhci_hcd: release socket
[ 1373.863127][ T2998] vhci_hcd: disconnect device
[ 1374.008238][T14725] netlink: 'syz.6.2073': attribute type 4 has an invalid length.
[ 1374.131392][ T1214] usb 5-1: New USB device found, idVendor=04b8, idProduct=0202, bcdDevice= 0.40
[ 1374.158535][ T1214] usb 5-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[ 1374.508244][ T1214] usb 5-1: Product: syz
[ 1374.516374][ T1214] usb 5-1: Manufacturer: syz
[ 1374.524717][ T1214] usb 5-1: SerialNumber: syz
[ 1374.986910][ T1214] usblp 5-1:1.0: usblp0: USB Unidirectional printer dev 13 if 0 alt 0 proto 1 vid 0x04B8 pid 0x0202
[ 1377.646879][T11965] usb 5-1: USB disconnect, device number 13
[ 1377.654364][T11965] usblp0: removed
[ 1377.768253][ T1214] usb 3-1: new high-speed USB device number 24 using dummy_hcd
[ 1377.992758][ T1214] usb 3-1: New USB device found, idVendor=0bda, idProduct=8150, bcdDevice= 0.00
[ 1378.013019][ T1214] usb 3-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[ 1378.028903][ T1214] usb 3-1: Product: syz
[ 1378.036946][ T1214] usb 3-1: Manufacturer: syz
[ 1378.041862][T14766] netlink: 52 bytes leftover after parsing attributes in process `syz.4.2085'.
[ 1378.058924][ T1214] usb 3-1: SerialNumber: syz
[ 1378.104500][T14766] netlink: 24 bytes leftover after parsing attributes in process `syz.4.2085'.
[ 1378.125576][T14766] netlink: 12 bytes leftover after parsing attributes in process `syz.4.2085'.
[ 1378.417056][ T1214] rtl8150 3-1:1.0: couldn't reset the device
[ 1378.436962][ T1214] rtl8150: probe of 3-1:1.0 failed with error -5
[ 1378.464165][ T1214] usb 3-1: USB disconnect, device number 24
[ 1378.465992][T14770] netlink: 'syz.4.2086': attribute type 7 has an invalid length.
[ 1378.996786][T14778] netlink: 4 bytes leftover after parsing attributes in process `syz.4.2089'.
[ 1379.438381][T11512] usb 3-1: new high-speed USB device number 25 using dummy_hcd
[ 1379.628413][T11512] usb 3-1: Using ep0 maxpacket: 8
[ 1379.636572][T11512] usb 3-1: config index 0 descriptor too short (expected 74, got 45)
[ 1379.648333][T11512] usb 3-1: config 16 interface 0 altsetting 0 endpoint 0x5 has invalid maxpacket 1536, setting to 1024
[ 1379.688186][T11512] usb 3-1: config 16 interface 0 altsetting 0 bulk endpoint 0x5 has invalid maxpacket 1024
[ 1379.706435][T11512] usb 3-1: config 16 interface 0 altsetting 0 endpoint 0x8B has invalid maxpacket 30768, setting to 1024
[ 1379.758331][T11512] usb 3-1: config 16 interface 0 altsetting 0 bulk endpoint 0x8B has invalid maxpacket 1024
[ 1379.785604][T11512] usb 3-1: config 16 interface 0 altsetting 0 has 2 endpoint descriptors, different from the interface descriptor's value: 3
[ 1379.821653][T11512] usb 3-1: New USB device found, idVendor=ee8d, idProduct=db1a, bcdDevice=61.23
[ 1379.848250][T11512] usb 3-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[ 1380.088279][T11512] usb 3-1: usb_control_msg returned -32
[ 1380.093943][T11512] usbtmc 3-1:16.0: can't read capabilities
[ 1380.451047][    C1] usbtmc 3-1:16.0: usbtmc_write_bulk_cb - nonzero write bulk status received: -71
[ 1380.474180][T14798] usbtmc 3-1:16.0: Unable to send data, error -71
[ 1380.503188][T14798] usbtmc 3-1:16.0: usb_control_msg returned -32
[ 1380.530604][ T5815] usb 3-1: USB disconnect, device number 25
[ 1380.594521][T14801] netlink: 12 bytes leftover after parsing attributes in process `syz.6.2098'.
[ 1382.328198][    C0] bridge0: received packet on bridge_slave_0 with own address as source address (addr:aa:aa:aa:aa:aa:1b, vlan:0)
[ 1382.698802][T11512] usb 5-1: new high-speed USB device number 14 using dummy_hcd
[ 1382.898564][T11512] usb 5-1: Using ep0 maxpacket: 8
[ 1382.919379][T11512] usb 5-1: unable to get BOS descriptor or descriptor too short
[ 1382.938805][T11512] usb 5-1: config index 0 descriptor too short (expected 57, got 27)
[ 1382.946935][T11512] usb 5-1: config 4 has an invalid descriptor of length 0, skipping remainder of the config
[ 1382.980881][T11512] usb 5-1: New USB device found, idVendor=0a12, idProduct=5d10, bcdDevice=70.0b
[ 1382.998333][T11512] usb 5-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[ 1383.006416][T11512] usb 5-1: Product: syz
[ 1383.028167][T11512] usb 5-1: Manufacturer: syz
[ 1383.032826][T11512] usb 5-1: SerialNumber: syz
[ 1383.275295][T11965] usb 5-1: USB disconnect, device number 14
[ 1384.412665][T14840] netlink: 52 bytes leftover after parsing attributes in process `syz.2.2107'.
[ 1385.822937][T14857] tipc: Enabled bearer <eth:syzkaller0>, priority 0
[ 1386.530514][T14856] tipc: Disabling bearer <eth:syzkaller0>
[ 1387.225791][T14880] iwpm_register_pid: Unable to send a nlmsg (client = 2)
[ 1387.238525][T14880] infiniband syz1: RDMA CMA: cma_listen_on_dev, error -98
[ 1388.297609][T14890] syzkaller0: entered promiscuous mode
[ 1388.310585][T14890] syzkaller0: entered allmulticast mode
[ 1388.585372][T14899] random: crng reseeded on system resumption
[ 1396.407733][T14968] xfrm0: entered allmulticast mode
[ 1397.467116][   T52] Bluetooth: hci0: ISO packet too small
[ 1397.635731][T14990] Option 'D' to dns_resolver key: bad/missing value
[ 1400.885928][T15021] tipc: Enabling of bearer <udp:syz2> rejected, failed to enable media
[ 1401.027925][T15025] netlink: 'syz.6.2163': attribute type 11 has an invalid length.
[ 1402.414428][T15050] netlink: set zone limit has 8 unknown bytes
[ 1402.638721][ T5784] Bluetooth: hci0: command 0x0406 tx timeout
[ 1403.056484][T15058] sd 0:0:1:0: PR command failed: 1026
[ 1403.098236][T15058] sd 0:0:1:0: Sense Key : Illegal Request [current] 
[ 1403.105794][T15058] sd 0:0:1:0: Add. Sense: Invalid command operation code
[ 1403.762121][T15067] fuse: Bad value for 'fd'
[ 1404.967891][T15073] Bluetooth: MGMT ver 1.22
[ 1405.339371][T15091] v: renamed from macvlan0 (while UP)
[ 1405.539688][T15098] Option 'D' to dns_resolver key: bad/missing value
[ 1406.720956][    C0] bridge0: received packet on bridge_slave_0 with own address as source address (addr:aa:aa:aa:aa:aa:1b, vlan:0)
[ 1407.024076][    C0] bridge0: received packet on bridge_slave_0 with own address as source address (addr:aa:aa:aa:aa:aa:1b, vlan:0)
[ 1408.169349][T15129] random: crng reseeded on system resumption
[ 1409.186434][T15133] netlink: 8 bytes leftover after parsing attributes in process `syz.6.2195'.
[ 1409.366902][T15139] capability: warning: `syz.5.2199' uses 32-bit capabilities (legacy support in use)
[ 1409.397368][T15138] Option 'D' to dns_resolver key: bad/missing value
[ 1410.233193][ T2934] netdevsim netdevsim2 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[ 1410.277936][T15145] Bluetooth: hci2: unexpected cc 0x0c03 length: 249 > 1
[ 1410.294884][T15145] Bluetooth: hci2: unexpected cc 0x1003 length: 249 > 9
[ 1410.304161][T15145] Bluetooth: hci2: unexpected cc 0x1001 length: 249 > 9
[ 1410.369904][T15145] Bluetooth: hci2: unexpected cc 0x0c23 length: 249 > 4
[ 1410.390293][T15145] Bluetooth: hci2: unexpected cc 0x0c25 length: 249 > 3
[ 1410.410037][T15145] Bluetooth: hci2: unexpected cc 0x0c38 length: 249 > 2
[ 1410.822507][T15148] netlink: 12 bytes leftover after parsing attributes in process `syz.4.2200'.
[ 1410.949452][ T2934] netdevsim netdevsim2 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[ 1411.076362][ T2934] netdevsim netdevsim2 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[ 1411.164920][ T2934] netdevsim netdevsim2 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[ 1411.322944][T15165] Option 'D' to dns_resolver key: bad/missing value
[ 1412.911194][T15149] Bluetooth: hci2: command tx timeout
[ 1412.946130][T15141] chnl_net:caif_netlink_parms(): no params data found
[ 1413.164607][T15141] bridge0: port 1(bridge_slave_0) entered blocking state
[ 1413.175345][T15141] bridge0: port 1(bridge_slave_0) entered disabled state
[ 1413.182605][T15141] bridge_slave_0: entered allmulticast mode
[ 1413.190917][T15141] bridge_slave_0: entered promiscuous mode
[ 1413.199983][T15141] bridge0: port 2(bridge_slave_1) entered blocking state
[ 1413.207353][T15141] bridge0: port 2(bridge_slave_1) entered disabled state
[ 1413.215658][T15141] bridge_slave_1: entered allmulticast mode
[ 1413.222716][T15141] bridge_slave_1: entered promiscuous mode
[ 1413.476514][T15141] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link
[ 1413.559904][T15141] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link
[ 1413.656536][T15141] team0: Port device team_slave_0 added
[ 1413.698704][T15141] team0: Port device team_slave_1 added
[ 1413.724759][ T2934] tipc: Left network mode
[ 1413.783142][T15189] Illegal XDP return value 102 on prog  (id 126) dev syz_tun, expect packet loss!
[ 1413.789098][T15141] batman_adv: batadv0: Adding interface: batadv_slave_0
[ 1413.805380][T15141] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[ 1413.837755][T15141] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active
[ 1413.926327][T15141] batman_adv: batadv0: Adding interface: batadv_slave_1
[ 1413.935875][T15141] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[ 1413.966984][T15141] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active
[ 1414.126507][T15141] hsr_slave_0: entered promiscuous mode
[ 1414.141685][T15141] hsr_slave_1: entered promiscuous mode
[ 1414.152379][T15141] debugfs: Directory 'hsr0' with parent 'hsr' already present!
[ 1414.160205][T15141] Cannot create hsr debugfs directory
[ 1414.373354][T11512] usb 5-1: new high-speed USB device number 15 using dummy_hcd
[ 1414.596655][T11512] usb 5-1: Using ep0 maxpacket: 8
[ 1414.627994][T11512] usb 5-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config
[ 1414.640150][T11512] usb 5-1: config 0 interface 0 altsetting 0 has an invalid endpoint with address 0xBE, skipping
[ 1414.663277][T11512] usb 5-1: config 0 interface 0 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 3
[ 1414.681189][T11512] usb 5-1: New USB device found, idVendor=10c5, idProduct=819a, bcdDevice=e4.46
[ 1414.693303][T11512] usb 5-1: New USB device strings: Mfr=1, Product=2, SerialNumber=35
[ 1414.718183][T11512] usb 5-1: Product: syz
[ 1414.738672][T11512] usb 5-1: Manufacturer: syz
[ 1414.748325][T11512] usb 5-1: SerialNumber: syz
[ 1414.761326][T11512] usb 5-1: config 0 descriptor??
[ 1414.772645][T11512] radio-si470x 5-1:0.0: could not find interrupt in endpoint
[ 1414.780932][T11512] radio-si470x: probe of 5-1:0.0 failed with error -5
[ 1414.800621][T11512] usbhid 5-1:0.0: couldn't find an input interrupt endpoint
[ 1414.932640][   T28] audit: type=1326 audit(1780781213.991:17): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=15219 comm="syz.6.2223" exe="/root/ci2-linux-6-6-kasan/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fb5a0b9ce59 code=0x7ffc0000
[ 1414.961925][   T28] audit: type=1326 audit(1780781213.991:18): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=15219 comm="syz.6.2223" exe="/root/ci2-linux-6-6-kasan/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fb5a0b9ce59 code=0x7ffc0000
[ 1414.992914][   T28] audit: type=1326 audit(1780781213.991:19): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=15219 comm="syz.6.2223" exe="/root/ci2-linux-6-6-kasan/syz-executor" sig=0 arch=c000003e syscall=36 compat=0 ip=0x7fb5a0b9ce59 code=0x7ffc0000
[ 1415.023561][   T28] audit: type=1326 audit(1780781213.991:20): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=15219 comm="syz.6.2223" exe="/root/ci2-linux-6-6-kasan/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fb5a0b9ce59 code=0x7ffc0000
[ 1415.049966][   T28] audit: type=1326 audit(1780781213.991:21): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=15219 comm="syz.6.2223" exe="/root/ci2-linux-6-6-kasan/syz-executor" sig=0 arch=c000003e syscall=16 compat=0 ip=0x7fb5a0b9ce59 code=0x7ffc0000
[ 1415.076155][   T28] audit: type=1326 audit(1780781214.010:22): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=15219 comm="syz.6.2223" exe="/root/ci2-linux-6-6-kasan/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fb5a0b9ce59 code=0x7ffc0000
[ 1415.101449][T15149] Bluetooth: hci2: command tx timeout
[ 1415.110511][   T28] audit: type=1326 audit(1780781214.010:23): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=15219 comm="syz.6.2223" exe="/root/ci2-linux-6-6-kasan/syz-executor" sig=0 arch=c000003e syscall=16 compat=0 ip=0x7fb5a0b9caeb code=0x7ffc0000
[ 1415.135512][   T28] audit: type=1326 audit(1780781214.010:24): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=15219 comm="syz.6.2223" exe="/root/ci2-linux-6-6-kasan/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fb5a0b9ce59 code=0x7ffc0000
[ 1415.160953][   T28] audit: type=1326 audit(1780781214.010:25): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=15219 comm="syz.6.2223" exe="/root/ci2-linux-6-6-kasan/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fb5a0b9ce59 code=0x7ffc0000
[ 1415.185658][   T28] audit: type=1326 audit(1780781214.010:26): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=15219 comm="syz.6.2223" exe="/root/ci2-linux-6-6-kasan/syz-executor" sig=0 arch=c000003e syscall=41 compat=0 ip=0x7fb5a0b9ce59 code=0x7ffc0000
[ 1415.474311][ T2934] hsr_slave_0: left promiscuous mode
[ 1415.480883][ T2934] hsr_slave_1: left promiscuous mode
[ 1415.494364][ T2934] batman_adv: batadv0: Interface deactivated: batadv_slave_0
[ 1415.502045][ T2934] batman_adv: batadv0: Removing interface: batadv_slave_0
[ 1415.518734][ T2934] batman_adv: batadv0: Interface deactivated: batadv_slave_1
[ 1415.526630][ T2934] batman_adv: batadv0: Removing interface: batadv_slave_1
[ 1415.537569][ T2934] bridge_slave_1: left allmulticast mode
[ 1415.543774][ T2934] bridge_slave_1: left promiscuous mode
[ 1415.549573][ T2934] bridge0: port 2(bridge_slave_1) entered disabled state
[ 1415.577925][ T2934] bridge_slave_0: left allmulticast mode
[ 1415.588973][ T2934] bridge_slave_0: left promiscuous mode
[ 1415.596522][ T2934] bridge0: port 1(bridge_slave_0) entered disabled state
[ 1415.656348][ T2934] veth1_macvtap: left promiscuous mode
[ 1415.663863][ T2934] veth0_macvtap: left promiscuous mode
[ 1415.672465][ T2934] veth1_vlan: left promiscuous mode
[ 1415.677930][ T2934] veth0_vlan: left promiscuous mode
[ 1417.301117][ T5815] usb 5-1: USB disconnect, device number 15
[ 1417.310588][T15149] Bluetooth: hci2: command tx timeout
[ 1418.183948][ T2934] team0 (unregistering): Port device team_slave_1 removed
[ 1418.289732][ T2934] team0 (unregistering): Port device team_slave_0 removed
[ 1418.433368][ T2934] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface
[ 1418.565556][ T2934] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface
[ 1419.541358][T15149] Bluetooth: hci2: command tx timeout
[ 1419.780152][ T2934] bond0 (unregistering): Released all slaves
[ 1420.554322][T15231] netlink: 28 bytes leftover after parsing attributes in process `syz.6.2224'.
[ 1420.584217][T15231] netlink: 28 bytes leftover after parsing attributes in process `syz.6.2224'.
[ 1420.594482][T15271] mmap: syz.5.2235 (15271) uses deprecated remap_file_pages() syscall. See Documentation/mm/remap_file_pages.rst.
[ 1420.860159][T15141] netdevsim netdevsim2 netdevsim0: renamed from eth0
[ 1420.913151][T15276] Option 'D' to dns_resolver key: bad/missing value
[ 1421.264461][T15141] netdevsim netdevsim2 netdevsim1: renamed from eth1
[ 1422.738825][T15141] netdevsim netdevsim2 netdevsim2: renamed from eth2
[ 1422.790025][T15141] netdevsim netdevsim2 netdevsim3: renamed from eth3
[ 1423.148210][T15141] 8021q: adding VLAN 0 to HW filter on device bond0
[ 1423.199458][T15291] netlink: 208 bytes leftover after parsing attributes in process `syz.6.2241'.
[ 1423.221957][T15141] 8021q: adding VLAN 0 to HW filter on device team0
[ 1423.277543][ T2998] bridge0: port 1(bridge_slave_0) entered blocking state
[ 1423.284759][ T2998] bridge0: port 1(bridge_slave_0) entered forwarding state
[ 1423.358393][ T2998] bridge0: port 2(bridge_slave_1) entered blocking state
[ 1423.365585][ T2998] bridge0: port 2(bridge_slave_1) entered forwarding state
[ 1424.042854][T15141] 8021q: adding VLAN 0 to HW filter on device batadv0
[ 1424.118766][ T1291] ieee802154 phy0 wpan0: encryption failed: -22
[ 1424.135652][ T1291] ieee802154 phy1 wpan1: encryption failed: -22
[ 1424.159023][ T5813] dvb-usb: did not find the firmware file 'dvb-usb-SkyStar_USB_HD_FW_v17_63.HEX.fw' (status -110). You can use <kernel_dir>/scripts/get_dvb_firmware to get the firmware
[ 1424.185864][ T5813] usb 7-1: USB disconnect, device number 2
[ 1424.242349][T15141] veth0_vlan: entered promiscuous mode
[ 1424.261797][T15141] veth1_vlan: entered promiscuous mode
[ 1424.334736][T15141] veth0_macvtap: entered promiscuous mode
[ 1424.366711][T15141] veth1_macvtap: entered promiscuous mode
[ 1424.447142][T15141] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0
[ 1424.481819][T15141] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[ 1424.503286][T15141] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0
[ 1424.557430][T15141] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[ 1424.594805][T15141] batman_adv: batadv0: Interface activated: batadv_slave_0
[ 1424.666164][T15141] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1
[ 1424.695277][T15141] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[ 1424.725353][T15141] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1
[ 1424.747364][T15141] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[ 1424.781967][T15141] batman_adv: batadv0: Interface activated: batadv_slave_1
[ 1424.792461][T15289] syz.6.2241 (15289): drop_caches: 2
[ 1424.839448][T15141] netdevsim netdevsim2 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0
[ 1424.878407][T15141] netdevsim netdevsim2 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0
[ 1424.910395][T15141] netdevsim netdevsim2 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0
[ 1424.960510][T15311] Option 'D' to dns_resolver key: bad/missing value
[ 1424.969578][T15141] netdevsim netdevsim2 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0
[ 1425.208110][ T2998] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[ 1425.238003][ T2998] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50
[ 1425.334693][T11267] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[ 1425.364264][T11267] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50
[ 1425.496627][T15286] syz.6.2241 (15286): drop_caches: 2
[ 1425.871788][T11965] usb 5-1: new high-speed USB device number 16 using dummy_hcd
[ 1425.895789][T15322] tmpfs: Bad value for 'mpol'
[ 1426.082680][T11965] usb 5-1: Using ep0 maxpacket: 16
[ 1426.110848][T11965] usb 5-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config
[ 1426.140673][T11965] usb 5-1: config 0 interface 0 altsetting 0 endpoint 0x82 has an invalid bInterval 0, changing to 7
[ 1427.542188][T11965] usb 5-1: config 0 interface 0 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 3
[ 1427.587712][T11965] usb 5-1: New USB device found, idVendor=2040, idProduct=b138, bcdDevice= 1.42
[ 1427.596836][T11965] usb 5-1: New USB device strings: Mfr=4, Product=0, SerialNumber=0
[ 1427.671515][T11965] usb 5-1: Manufacturer: syz
[ 1427.683558][T11965] usb 5-1: config 0 descriptor??
[ 1430.574720][ T5772] usb 7-1: new high-speed USB device number 3 using dummy_hcd
[ 1430.791247][ T5772] usb 7-1: Using ep0 maxpacket: 16
[ 1430.823023][ T5772] usb 7-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7
[ 1430.867483][ T5772] usb 7-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0
[ 1430.899494][ T5772] usb 7-1: New USB device found, idVendor=1e7d, idProduct=2db4, bcdDevice= 0.00
[ 1430.940428][ T5772] usb 7-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[ 1430.985113][ T5772] usb 7-1: config 0 descriptor??
[ 1431.214972][T15353] Option 'D' to dns_resolver key: bad/missing value
[ 1431.470565][ T5772] konepure 0003:1E7D:2DB4.0005: unknown main item tag 0x0
[ 1431.511042][ T5772] konepure 0003:1E7D:2DB4.0005: unknown main item tag 0x0
[ 1431.533127][ T5772] konepure 0003:1E7D:2DB4.0005: unknown main item tag 0x0
[ 1431.558920][ T5772] konepure 0003:1E7D:2DB4.0005: unknown main item tag 0x0
[ 1431.581844][ T1214] usb 5-1: USB disconnect, device number 16
[ 1431.588496][ T5772] konepure 0003:1E7D:2DB4.0005: hidraw0: USB HID v0.00 Device [HID 1e7d:2db4] on usb-dummy_hcd.6-1/input0
[ 1432.044559][T15345] A link change request failed with some changes committed already. Interface caif0 may have been left with an inconsistent configuration, please check.
[ 1432.191324][ T1214] usb 7-1: USB disconnect, device number 3
[ 1433.038812][T15378] Option 'D' to dns_resolver key: bad/missing value
[ 1435.353441][T15390] netlink: 'syz.2.2271': attribute type 10 has an invalid length.
[ 1435.901548][T15390] 8021q: adding VLAN 0 to HW filter on device team0
[ 1435.911550][T15390] bond0: (slave team0): Enslaving as an active interface with an up link
[ 1436.172293][T15395] Option 'D' to dns_resolver key: bad/missing value
[ 1438.826074][T15413] netlink: 28 bytes leftover after parsing attributes in process `syz.5.2278'.
[ 1439.066707][T15404] netlink: 20 bytes leftover after parsing attributes in process `syz.6.2277'.
[ 1439.860108][T15480] netlink: 56 bytes leftover after parsing attributes in process `syz.2.2280'.
[ 1439.967806][T15484] Option 'D' to dns_resolver key: bad/missing value
[ 1442.315458][T11965] usb 3-1: new high-speed USB device number 26 using dummy_hcd
[ 1442.569955][T11965] usb 3-1: config 1 has too many interfaces: 66, using maximum allowed: 32
[ 1442.622042][T11965] usb 3-1: config 1 has an invalid descriptor of length 0, skipping remainder of the config
[ 1442.679367][T11965] usb 3-1: config 1 has 1 interface, different from the descriptor's value: 66
[ 1442.731916][T11965] usb 3-1: config 1 interface 0 altsetting 0 has 0 endpoint descriptors, different from the interface descriptor's value: 1
[ 1442.805828][T11965] usb 3-1: New USB device found, idVendor=7d25, idProduct=a415, bcdDevice= 0.40
[ 1442.834538][T11965] usb 3-1: New USB device strings: Mfr=1, Product=4, SerialNumber=0
[ 1442.872041][T11965] usb 3-1: Product: syz
[ 1442.877436][T11965] usb 3-1: Manufacturer: syz
[ 1443.249406][T15502] Option 'D' to dns_resolver key: bad/missing value
[ 1445.491785][T15506] netlink: 'syz.5.2284': attribute type 10 has an invalid length.
[ 1445.543630][T11965] usb 3-1: USB disconnect, device number 26
[ 1445.563559][T15506] team0: Port device netdevsim0 added
[ 1445.570581][T15508] netlink: 'syz.5.2284': attribute type 10 has an invalid length.
[ 1446.158935][T15508] team0: Port device netdevsim0 removed
[ 1446.167567][T15501] syz.6.2286: vmalloc error: size 141557760, failed to allocated page array size 276480, mode:0xdc2(GFP_KERNEL|__GFP_HIGHMEM|__GFP_ZERO), nodemask=(null),cpuset=syz6,mems_allowed=0-1
[ 1446.172795][T15508] bond0: (slave netdevsim0): Enslaving as an active interface with an up link
[ 1446.203626][T15501] CPU: 0 PID: 15501 Comm: syz.6.2286 Not tainted syzkaller #0
[ 1446.211131][T15501] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 04/18/2026
[ 1446.221190][T15501] Call Trace:
[ 1446.224542][T15501]  <TASK>
[ 1446.227570][T15501]  dump_stack_lvl+0x18c/0x250
[ 1446.232468][T15501]  ? show_regs_print_info+0x20/0x20
[ 1446.237752][T15501]  ? load_image+0x420/0x420
[ 1446.242273][T15501]  ? __rcu_read_unlock+0x7c/0xd0
[ 1446.247248][T15501]  ? cpuset_print_current_mems_allowed+0x1f/0x360
[ 1446.253712][T15501]  ? cpuset_print_current_mems_allowed+0x2e7/0x360
[ 1446.260266][T15501]  warn_alloc+0x246/0x340
[ 1446.264697][T15501]  ? zone_watermark_ok_safe+0x230/0x230
[ 1446.270295][T15501]  ? _raw_spin_unlock+0x28/0x40
[ 1446.275308][T15501]  ? __vb2_queue_alloc+0x794/0x1410
[ 1446.280599][T15501]  __vmalloc_node_range+0x662/0x1330
[ 1446.285894][T15501]  ? free_vm_area+0x50/0x50
[ 1446.290402][T15501]  vmalloc_user+0x74/0x80
[ 1446.294725][T15501]  ? vb2_vmalloc_alloc+0xef/0x330
[ 1446.299759][T15501]  vb2_vmalloc_alloc+0xef/0x330
[ 1446.304635][T15501]  ? __copy_timestamp+0x1f0/0x1f0
[ 1446.309697][T15501]  __vb2_queue_alloc+0x794/0x1410
[ 1446.314781][T15501]  vb2_core_reqbufs+0xa74/0x1180
[ 1446.319753][T15501]  ? lock_chain_count+0x20/0x20
[ 1446.324618][T15501]  ? vb2_verify_memory_type+0x570/0x570
[ 1446.330159][T15501]  ? lockdep_hardirqs_on+0x98/0x150
[ 1446.335351][T15501]  ? vb2_verify_memory_type+0x1fc/0x570
[ 1446.340903][T15501]  vb2_ioctl_reqbufs+0x47a/0x7b0
[ 1446.345854][T15501]  __video_do_ioctl+0xc5e/0xd70
[ 1446.350749][T15501]  ? video_ioctl2+0x30/0x30
[ 1446.355255][T15501]  ? __might_fault+0xc6/0x120
[ 1446.359956][T15501]  ? __might_fault+0xaa/0x120
[ 1446.364623][T15501]  video_usercopy+0x89f/0x1380
[ 1446.369377][T15501]  ? video_ioctl2+0x30/0x30
[ 1446.373864][T15501]  ? v4l_printk_ioctl+0x160/0x160
[ 1446.378885][T15501]  v4l2_ioctl+0x18a/0x1e0
[ 1446.383200][T15501]  ? v4l2_poll+0x2b0/0x2b0
[ 1446.387618][T15501]  __se_sys_ioctl+0xfd/0x170
[ 1446.392236][T15501]  do_syscall_64+0x55/0xb0
[ 1446.396639][T15501]  ? clear_bhb_loop+0x40/0x90
[ 1446.401382][T15501]  ? clear_bhb_loop+0x40/0x90
[ 1446.406041][T15501]  entry_SYSCALL_64_after_hwframe+0x68/0xd2
[ 1446.411984][T15501] RIP: 0033:0x7fb5a0b9ce59
[ 1446.416433][T15501] Code: ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 e8 ff ff ff f7 d8 64 89 01 48
[ 1446.436082][T15501] RSP: 002b:00007fb5a1a20028 EFLAGS: 00000246 ORIG_RAX: 0000000000000010
[ 1446.444567][T15501] RAX: ffffffffffffffda RBX: 00007fb5a0e15fa0 RCX: 00007fb5a0b9ce59
[ 1446.452527][T15501] RDX: 00002000000000c0 RSI: 00000000c0145608 RDI: 0000000000000003
[ 1446.460508][T15501] RBP: 00007fb5a0c32d6f R08: 0000000000000000 R09: 0000000000000000
[ 1446.468479][T15501] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000
[ 1446.476471][T15501] R13: 00007fb5a0e16038 R14: 00007fb5a0e15fa0 R15: 00007fff40039388
[ 1446.484450][T15501]  </TASK>
[ 1446.507279][T15501] Mem-Info:
[ 1446.510417][T15501] active_anon:24757 inactive_anon:0 isolated_anon:0
[ 1446.510417][T15501]  active_file:18957 inactive_file:40511 isolated_file:0
[ 1446.510417][T15501]  unevictable:768 dirty:161 writeback:0
[ 1446.510417][T15501]  slab_reclaimable:11211 slab_unreclaimable:92234
[ 1446.510417][T15501]  mapped:26969 shmem:18361 pagetables:940
[ 1446.510417][T15501]  sec_pagetables:0 bounce:0
[ 1446.510417][T15501]  kernel_misc_reclaimable:0
[ 1446.510417][T15501]  free:1287077 free_pcp:13743 free_cma:0
[ 1446.653079][T15501] Node 0 active_anon:99860kB inactive_anon:0kB active_file:75592kB inactive_file:161844kB unevictable:1536kB isolated(anon):0kB isolated(file):0kB mapped:107628kB dirty:652kB writeback:0kB shmem:71900kB shmem_thp:0kB shmem_pmdmapped:0kB anon_thp:0kB writeback_tmp:0kB kernel_stack:11728kB pagetables:3760kB sec_pagetables:0kB all_unreclaimable? no
[ 1446.773082][T15501] Node 1 active_anon:0kB inactive_anon:0kB active_file:236kB inactive_file:200kB unevictable:1536kB isolated(anon):0kB isolated(file):0kB mapped:192kB dirty:0kB writeback:0kB shmem:1536kB shmem_thp:0kB shmem_pmdmapped:0kB anon_thp:0kB writeback_tmp:0kB kernel_stack:16kB pagetables:0kB sec_pagetables:0kB all_unreclaimable? no
[ 1446.828334][T15501] Node 0 DMA free:15360kB boost:0kB min:204kB low:252kB high:300kB reserved_highatomic:0KB active_anon:0kB inactive_anon:0kB active_file:0kB inactive_file:0kB unevictable:0kB writepending:0kB present:15992kB managed:15360kB mlocked:0kB bounce:0kB free_pcp:0kB local_pcp:0kB free_cma:0kB
[ 1446.857405][T15501] lowmem_reserve[]: 0 2521 2522 2522 2522
[ 1446.863436][T15517] siw: device registration error -23
[ 1446.884606][T15501] Node 0 DMA32 free:1342600kB boost:0kB min:34644kB low:43304kB high:51964kB reserved_highatomic:0KB active_anon:100524kB inactive_anon:0kB active_file:75592kB inactive_file:161020kB unevictable:1536kB writepending:652kB present:3129332kB managed:2586928kB mlocked:0kB bounce:0kB free_pcp:29096kB local_pcp:11964kB free_cma:0kB
[ 1446.941993][T15501] lowmem_reserve[]: 0 0 0 0 0
[ 1446.946795][T15501] Node 0 Normal free:0kB boost:0kB min:8kB low:8kB high:8kB reserved_highatomic:0KB active_anon:36kB inactive_anon:0kB active_file:0kB inactive_file:824kB unevictable:0kB writepending:0kB present:1048576kB managed:872kB mlocked:0kB bounce:0kB free_pcp:12kB local_pcp:12kB free_cma:0kB
[ 1446.995510][T15501] lowmem_reserve[]: 0 0 0 0 0
[ 1447.009343][T15501] Node 1 Normal free:3888492kB boost:0kB min:55244kB low:69052kB high:82860kB reserved_highatomic:0KB active_anon:0kB inactive_anon:0kB active_file:236kB inactive_file:200kB unevictable:1536kB writepending:0kB present:4194304kB managed:4117312kB mlocked:0kB bounce:0kB free_pcp:23456kB local_pcp:11648kB free_cma:0kB
[ 1447.093490][T15501] lowmem_reserve[]: 0 0 0 0 0
[ 1447.098418][T15501] Node 0 DMA: 0*4kB 0*8kB 0*16kB 0*32kB 0*64kB 0*128kB 0*256kB 0*512kB 1*1024kB (U) 1*2048kB (M) 3*4096kB (M) = 15360kB
[ 1447.151032][T15501] Node 0 DMA32: 232*4kB (M) 137*8kB (M) 312*16kB (UM) 418*32kB (UME) 240*64kB (UM) 297*128kB (UM) 136*256kB (UME) 72*512kB (UME) 42*1024kB (UME) 31*2048kB (UME) 266*4096kB (UM) = 1341480kB
[ 1447.201405][T15501] Node 0 Normal: 0*4kB 0*8kB 0*16kB 0*32kB 0*64kB 0*128kB 0*256kB 0*512kB 0*1024kB 0*2048kB 0*4096kB = 0kB
[ 1447.215351][T15501] Node 1 Normal: 221*4kB (UME) 55*8kB (UME) 44*16kB (UME) 216*32kB (UME) 62*64kB (UME) 8*128kB (UME) 1*256kB (U) 3*512kB (ME) 2*1024kB (UM) 2*2048kB (ME) 944*4096kB (M) = 3888492kB
[ 1447.240474][T15501] Node 0 hugepages_total=0 hugepages_free=0 hugepages_surp=0 hugepages_size=1048576kB
[ 1447.252008][T15501] Node 0 hugepages_total=2 hugepages_free=2 hugepages_surp=0 hugepages_size=2048kB
[ 1447.261914][T15501] Node 1 hugepages_total=0 hugepages_free=0 hugepages_surp=0 hugepages_size=1048576kB
[ 1447.272342][T15501] Node 1 hugepages_total=2 hugepages_free=2 hugepages_surp=0 hugepages_size=2048kB
[ 1447.281828][ T5815] usb 5-1: new high-speed USB device number 17 using dummy_hcd
[ 1447.291530][T15501] 77811 total pagecache pages
[ 1447.297615][T15501] 0 pages in swap cache
[ 1447.303756][T15501] Free swap  = 124716kB
[ 1447.308677][T15501] Total swap = 124996kB
[ 1447.312928][T15501] 2097051 pages RAM
[ 1447.319436][T15501] 0 pages HighMem/MovableOnly
[ 1447.324222][T15501] 416933 pages reserved
[ 1447.339816][T15501] 0 pages cma reserved
[ 1447.515703][T15524] futex_wake_op: syz.2.2291 tries to shift op by 144; fix this program
[ 1448.171907][ T5815] usb 5-1: config index 0 descriptor too short (expected 23569, got 27)
[ 1448.217658][ T5815] usb 5-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0
[ 1448.252117][ T5815] usb 5-1: New USB device found, idVendor=03eb, idProduct=0002, bcdDevice=ba.c0
[ 1448.261248][ T5815] usb 5-1: New USB device strings: Mfr=5, Product=0, SerialNumber=0
[ 1448.316214][ T5815] usb 5-1: Manufacturer: syz
[ 1448.323634][ T5815] usb 5-1: config 0 descriptor??
[ 1448.472385][T15534] Option 'D' to dns_resolver key: bad/missing value
[ 1448.597948][ T5858] usb 3-1: new high-speed USB device number 27 using dummy_hcd
[ 1449.962495][ T5858] usb 3-1: Using ep0 maxpacket: 8
[ 1450.145416][ T5858] usb 3-1: config 2 has an invalid interface number: 31 but max is 0
[ 1450.153735][ T5858] usb 3-1: config 2 has no interface number 0
[ 1450.161594][ T5858] usb 3-1: config 2 interface 31 has no altsetting 0
[ 1450.172253][T15533] Option 'D' to dns_resolver key: bad/missing value
[ 1450.181866][ T5858] usb 3-1: New USB device found, idVendor=1a86, idProduct=e092, bcdDevice=53.3f
[ 1450.191124][ T5858] usb 3-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[ 1450.199191][ T5858] usb 3-1: Product: syz
[ 1450.206209][ T5858] usb 3-1: Manufacturer: syz
[ 1450.211507][ T5858] usb 3-1: SerialNumber: syz
[ 1450.298173][ T5815] rc_core: IR keymap rc-hauppauge not found
[ 1450.304164][ T5815] Registered IR keymap rc-empty
[ 1450.315325][ T5815] rc rc0: IgorPlug-USB IR Receiver as /devices/platform/dummy_hcd.4/usb5/5-1/5-1:0.0/rc/rc0
[ 1450.329893][ T5815] input: IgorPlug-USB IR Receiver as /devices/platform/dummy_hcd.4/usb5/5-1/5-1:0.0/rc/rc0/input10
[ 1450.521436][ T5815] ------------[ cut here ]------------
[ 1450.527060][ T5815] usb 5-1: BOGUS control dir, pipe 80001180 doesn't match bRequestType 68
[ 1450.536502][ T5815] WARNING: CPU: 0 PID: 5815 at drivers/usb/core/urb.c:413 usb_submit_urb+0x10ac/0x17d0
[ 1450.546251][ T5815] Modules linked in:
[ 1450.550781][ T5815] CPU: 0 PID: 5815 Comm: kworker/0:4 Not tainted syzkaller #0
[ 1450.558351][ T5815] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 04/18/2026
[ 1450.569297][ T5815] Workqueue: usb_hub_wq hub_event
[ 1450.574695][ T5815] RIP: 0010:usb_submit_urb+0x10ac/0x17d0
[ 1450.580796][ T5815] Code: df 0f b6 44 05 00 84 c0 0f 85 29 06 00 00 45 0f b6 45 00 48 c7 c7 c0 7a 6b 8b 48 8b 74 24 20 4c 89 fa 44 89 f1 e8 54 66 ed fa <0f> 0b 49 bc 00 00 00 00 00 fc ff df e9 96 f4 ff ff 89 e9 80 e1 07
[ 1450.600640][ T5815] RSP: 0018:ffffc9000490ee00 EFLAGS: 00010246
[ 1450.606762][ T5815] RAX: 2828457ad095b500 RBX: ffff88805e52d900 RCX: 0000000000100000
[ 1450.615287][ T5815] RDX: ffffc90018cac000 RSI: 000000000007a407 RDI: 000000000007a408
[ 1450.623356][ T5815] RBP: 1ffff11005d8a248 R08: ffff8880b8e28c53 R09: 1ffff110171c518a
[ 1450.631388][ T5815] R10: dffffc0000000000 R11: ffffed10171c518b R12: dffffc0000000000
[ 1450.639445][ T5815] R13: ffff88802ec51240 R14: 0000000080001180 R15: ffff888025e5c140
[ 1450.647912][ T5815] FS:  0000000000000000(0000) GS:ffff8880b8e00000(0000) knlGS:0000000000000000
[ 1450.656919][ T5815] CS:  0010 DS: 0000 ES: 0000 CR0: 0000000080050033
[ 1450.663542][ T5815] CR2: 00007fb5a19feff0 CR3: 0000000068962000 CR4: 00000000003506f0
[ 1450.672410][ T5815] DR0: ffffffffffffffff DR1: 00000000000001f8 DR2: 0000000000000002
[ 1450.680973][ T5815] DR3: ffffffffefffff15 DR6: 00000000ffff0ff0 DR7: 0000000000000400
[ 1450.689014][ T5815] Call Trace:
[ 1450.692324][ T5815]  <TASK>
[ 1450.695272][ T5815]  igorplugusb_probe+0x812/0xc60
[ 1450.700388][ T5815]  usb_probe_interface+0x5c9/0xb20
[ 1450.705540][ T5815]  ? usb_register_driver+0x3d0/0x3d0
[ 1450.711120][ T5815]  really_probe+0x25b/0xb20
[ 1450.715682][ T5815]  ? pm_runtime_barrier+0x14b/0x1c0
[ 1450.720942][ T5815]  __driver_probe_device+0x1ef/0x390
[ 1450.726230][ T5815]  driver_probe_device+0x4f/0x420
[ 1450.731271][ T5815]  __device_attach_driver+0x2ca/0x510
[ 1450.736810][ T5815]  bus_for_each_drv+0x252/0x2e0
[ 1450.741665][ T5815]  ? coredump_store+0x90/0x90
[ 1450.746627][ T5815]  ? bus_find_device+0x300/0x300
[ 1450.751590][ T5815]  __device_attach+0x2c2/0x420
[ 1450.756410][ T5815]  ? device_attach+0x20/0x20
[ 1450.760996][ T5815]  ? __kmem_cache_free+0xba/0x1e0
[ 1450.766092][ T5815]  ? do_raw_spin_unlock+0x121/0x230
[ 1450.771346][ T5815]  bus_probe_device+0x180/0x260
[ 1450.776474][ T5815]  device_add+0x88e/0xc50
[ 1450.780811][ T5815]  usb_set_configuration+0x1a79/0x20c0
[ 1450.787002][ T5815]  usb_generic_driver_probe+0x8d/0x150
[ 1450.792569][ T5815]  usb_probe_device+0x13d/0x270
[ 1450.797451][ T5815]  ? usb_register_device_driver+0x230/0x230
[ 1450.803353][ T5815]  really_probe+0x25b/0xb20
[ 1450.808158][ T5815]  ? pm_runtime_barrier+0x14b/0x1c0
[ 1450.813359][ T5815]  __driver_probe_device+0x1ef/0x390
[ 1450.818697][ T5815]  driver_probe_device+0x4f/0x420
[ 1450.823767][ T5815]  __device_attach_driver+0x2ca/0x510
[ 1450.829182][ T5815]  bus_for_each_drv+0x252/0x2e0
[ 1450.834373][ T5815]  ? coredump_store+0x90/0x90
[ 1450.839053][ T5815]  ? bus_find_device+0x300/0x300
[ 1450.846266][ T5815]  __device_attach+0x2c2/0x420
[ 1450.851124][ T5815]  ? device_attach+0x20/0x20
[ 1450.855715][ T5815]  ? __kmem_cache_free+0xba/0x1e0
[ 1450.860762][ T5815]  ? do_raw_spin_unlock+0x121/0x230
[ 1450.866005][ T5815]  bus_probe_device+0x180/0x260
[ 1450.870850][ T5815]  device_add+0x88e/0xc50
[ 1450.875452][ T5815]  usb_new_device+0xa3c/0x1660
[ 1450.880238][ T5815]  ? usb_disconnect+0x8a0/0x8a0
[ 1450.885158][ T5815]  ? _raw_spin_unlock_irq+0x23/0x50
[ 1450.890351][ T5815]  ? lockdep_hardirqs_on+0x98/0x150
[ 1450.896091][ T5815]  hub_event+0x29bf/0x49f0
[ 1450.900534][ T5815]  ? hub_post_resume+0x120/0x120
[ 1450.906155][ T5815]  ? read_lock_is_recursive+0x20/0x20
[ 1450.911572][ T5815]  ? _raw_spin_unlock_irq+0x23/0x50
[ 1450.916906][ T5815]  ? process_scheduled_works+0x96f/0x15d0
[ 1450.922702][ T5815]  ? process_scheduled_works+0x96f/0x15d0
[ 1450.928529][ T5815]  process_scheduled_works+0xa5d/0x15d0
[ 1450.934185][ T5815]  ? worker_attach_to_pool+0x380/0x380
[ 1450.940225][ T5815]  ? assign_work+0x3d2/0x5d0
[ 1450.944857][ T5815]  worker_thread+0xa55/0xfc0
[ 1450.949583][ T5815]  kthread+0x2fa/0x390
[ 1450.953718][ T5815]  ? pr_cont_work+0x560/0x560
[ 1450.958407][ T5815]  ? kthread_blkcg+0xd0/0xd0
[ 1450.963094][ T5815]  ret_from_fork+0x48/0x80
[ 1450.967567][ T5815]  ? kthread_blkcg+0xd0/0xd0
[ 1450.972758][ T5815]  ret_from_fork_asm+0x11/0x20
[ 1450.977611][ T5815]  </TASK>
[ 1450.980713][ T5815] Kernel panic - not syncing: kernel: panic_on_warn set ...
[ 1450.987993][ T5815] CPU: 0 PID: 5815 Comm: kworker/0:4 Not tainted syzkaller #0
[ 1450.995454][ T5815] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 04/18/2026
[ 1451.005513][ T5815] Workqueue: usb_hub_wq hub_event
[ 1451.010554][ T5815] Call Trace:
[ 1451.013841][ T5815]  <TASK>
[ 1451.016777][ T5815]  dump_stack_lvl+0x18c/0x250
[ 1451.021483][ T5815]  ? show_regs_print_info+0x20/0x20
[ 1451.026684][ T5815]  ? load_image+0x420/0x420
[ 1451.031189][ T5815]  panic+0x2dc/0x730
[ 1451.035143][ T5815]  ? bpf_jit_dump+0xd0/0xd0
[ 1451.039665][ T5815]  ? ret_from_fork_asm+0x11/0x20
[ 1451.044622][ T5815]  __warn+0x2e0/0x470
[ 1451.048631][ T5815]  ? usb_submit_urb+0x10ac/0x17d0
[ 1451.053680][ T5815]  ? usb_submit_urb+0x10ac/0x17d0
[ 1451.058727][ T5815]  report_bug+0x2be/0x4f0
[ 1451.063121][ T5815]  ? usb_submit_urb+0x10ac/0x17d0
[ 1451.068165][ T5815]  ? usb_submit_urb+0x10ac/0x17d0
[ 1451.073198][ T5815]  ? usb_submit_urb+0x10ae/0x17d0
[ 1451.078234][ T5815]  handle_bug+0xcf/0x120
[ 1451.082493][ T5815]  exc_invalid_op+0x1a/0x50
[ 1451.087009][ T5815]  asm_exc_invalid_op+0x1a/0x20
[ 1451.091882][ T5815] RIP: 0010:usb_submit_urb+0x10ac/0x17d0
[ 1451.097575][ T5815] Code: df 0f b6 44 05 00 84 c0 0f 85 29 06 00 00 45 0f b6 45 00 48 c7 c7 c0 7a 6b 8b 48 8b 74 24 20 4c 89 fa 44 89 f1 e8 54 66 ed fa <0f> 0b 49 bc 00 00 00 00 00 fc ff df e9 96 f4 ff ff 89 e9 80 e1 07
[ 1451.117224][ T5815] RSP: 0018:ffffc9000490ee00 EFLAGS: 00010246
[ 1451.123303][ T5815] RAX: 2828457ad095b500 RBX: ffff88805e52d900 RCX: 0000000000100000
[ 1451.131281][ T5815] RDX: ffffc90018cac000 RSI: 000000000007a407 RDI: 000000000007a408
[ 1451.139251][ T5815] RBP: 1ffff11005d8a248 R08: ffff8880b8e28c53 R09: 1ffff110171c518a
[ 1451.147217][ T5815] R10: dffffc0000000000 R11: ffffed10171c518b R12: dffffc0000000000
[ 1451.155188][ T5815] R13: ffff88802ec51240 R14: 0000000080001180 R15: ffff888025e5c140
[ 1451.163197][ T5815]  igorplugusb_probe+0x812/0xc60
[ 1451.168156][ T5815]  usb_probe_interface+0x5c9/0xb20
[ 1451.173284][ T5815]  ? usb_register_driver+0x3d0/0x3d0
[ 1451.178563][ T5815]  really_probe+0x25b/0xb20
[ 1451.183064][ T5815]  ? pm_runtime_barrier+0x14b/0x1c0
[ 1451.188261][ T5815]  __driver_probe_device+0x1ef/0x390
[ 1451.193548][ T5815]  driver_probe_device+0x4f/0x420
[ 1451.198585][ T5815]  __device_attach_driver+0x2ca/0x510
[ 1451.203960][ T5815]  bus_for_each_drv+0x252/0x2e0
[ 1451.208814][ T5815]  ? coredump_store+0x90/0x90
[ 1451.213498][ T5815]  ? bus_find_device+0x300/0x300
[ 1451.218454][ T5815]  __device_attach+0x2c2/0x420
[ 1451.223226][ T5815]  ? device_attach+0x20/0x20
[ 1451.227816][ T5815]  ? __kmem_cache_free+0xba/0x1e0
[ 1451.232853][ T5815]  ? do_raw_spin_unlock+0x121/0x230
[ 1451.238071][ T5815]  bus_probe_device+0x180/0x260
[ 1451.242924][ T5815]  device_add+0x88e/0xc50
[ 1451.247260][ T5815]  usb_set_configuration+0x1a79/0x20c0
[ 1451.252750][ T5815]  usb_generic_driver_probe+0x8d/0x150
[ 1451.258209][ T5815]  usb_probe_device+0x13d/0x270
[ 1451.263058][ T5815]  ? usb_register_device_driver+0x230/0x230
[ 1451.268948][ T5815]  really_probe+0x25b/0xb20
[ 1451.273450][ T5815]  ? pm_runtime_barrier+0x14b/0x1c0
[ 1451.278656][ T5815]  __driver_probe_device+0x1ef/0x390
[ 1451.283935][ T5815]  driver_probe_device+0x4f/0x420
[ 1451.288963][ T5815]  __device_attach_driver+0x2ca/0x510
[ 1451.294354][ T5815]  bus_for_each_drv+0x252/0x2e0
[ 1451.299221][ T5815]  ? coredump_store+0x90/0x90
[ 1451.303898][ T5815]  ? bus_find_device+0x300/0x300
[ 1451.308850][ T5815]  __device_attach+0x2c2/0x420
[ 1451.313618][ T5815]  ? device_attach+0x20/0x20
[ 1451.318210][ T5815]  ? __kmem_cache_free+0xba/0x1e0
[ 1451.323333][ T5815]  ? do_raw_spin_unlock+0x121/0x230
[ 1451.328535][ T5815]  bus_probe_device+0x180/0x260
[ 1451.333392][ T5815]  device_add+0x88e/0xc50
[ 1451.337744][ T5815]  usb_new_device+0xa3c/0x1660
[ 1451.342516][ T5815]  ? usb_disconnect+0x8a0/0x8a0
[ 1451.347366][ T5815]  ? _raw_spin_unlock_irq+0x23/0x50
[ 1451.352565][ T5815]  ? lockdep_hardirqs_on+0x98/0x150
[ 1451.357787][ T5815]  hub_event+0x29bf/0x49f0
[ 1451.362247][ T5815]  ? hub_post_resume+0x120/0x120
[ 1451.367183][ T5815]  ? read_lock_is_recursive+0x20/0x20
[ 1451.372557][ T5815]  ? _raw_spin_unlock_irq+0x23/0x50
[ 1451.377781][ T5815]  ? process_scheduled_works+0x96f/0x15d0
[ 1451.383499][ T5815]  ? process_scheduled_works+0x96f/0x15d0
[ 1451.389331][ T5815]  process_scheduled_works+0xa5d/0x15d0
[ 1451.394924][ T5815]  ? worker_attach_to_pool+0x380/0x380
[ 1451.400407][ T5815]  ? assign_work+0x3d2/0x5d0
[ 1451.405001][ T5815]  worker_thread+0xa55/0xfc0
[ 1451.409641][ T5815]  kthread+0x2fa/0x390
[ 1451.413709][ T5815]  ? pr_cont_work+0x560/0x560
[ 1451.418402][ T5815]  ? kthread_blkcg+0xd0/0xd0
[ 1451.423025][ T5815]  ret_from_fork+0x48/0x80
[ 1451.427458][ T5815]  ? kthread_blkcg+0xd0/0xd0
[ 1451.432058][ T5815]  ret_from_fork_asm+0x11/0x20
[ 1451.436841][ T5815]  </TASK>
[ 1451.439993][ T5815] Kernel Offset: disabled
[ 1451.444381][ T5815] Rebooting in 86400 seconds..