last executing test programs:

11m24.223588555s ago: executing program 3 (id=627):
socket$nl_route(0x10, 0x3, 0x0)
socketpair$unix(0x1, 0x3, 0x0, &(0x7f0000000080)={<r0=>0xffffffffffffffff, <r1=>0xffffffffffffffff})
connect$unix(r0, &(0x7f000057eff8)=@abs, 0x6e)
sendmmsg$unix(r1, &(0x7f00000bd000), 0x318, 0x0)
recvmmsg(r0, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
mknodat(0xffffffffffffff9c, &(0x7f00000000c0)='./file2\x00', 0x81c0, 0x0)
execveat(0xffffffffffffff9c, &(0x7f0000000280)='./file2\x00', 0x0, 0x0, 0x0)
sendmmsg$inet6(0xffffffffffffffff, &(0x7f0000006680)=[{{&(0x7f0000000000)={0xa, 0x4e20, 0x6, @rand_addr=' \x01\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x02', 0xc7}, 0x1c, &(0x7f00000003c0)=[{&(0x7f0000000040)="13c6", 0x2}], 0x1}}, {{&(0x7f0000000480)={0xa, 0x4e20, 0x2, @ipv4={'\x00', '\xff\xff', @multicast1}, 0x9c}, 0x1c, &(0x7f00000007c0)=[{&(0x7f00000004c0)}, {&(0x7f00000005c0)="63659fbf67ada579e90ad963fe7ce0a62fb57bb30cb8168afc6c442ec534e72f633a103e5e39c809bbea456d704bcdf9d1c5256dba8741e98aea0968", 0x3c}, {0x0}, {&(0x7f0000001000)="5bbc4b78d9d5c7b8e2b44fbe8e209d84fc794ddf194258bcd4d37ffa69457d74fad1a897029ae6a25eb00301c10ac5c56ec26db77e8568e843b9b932a2e6f4f7d4be16b644f525351193df8a33bf28fe7fe664a456d65012aca232468207390b2a05f2b9f44bfa96f8420cca66536f2a0548723cc134cdfa8c5ecfacda1f16fae61defad4cebe405d68ffc3db1acbb29bd7d3319a3df682660f5c0e012bcd0caedf171db99a7af53296f15588f63d690e60f246f77cd69926c886bdff066f744f64278a16309c9af71dfad0e99d1b0feaefddf9892981df8fec7017e1d6ee147525103416fcc4412bf17fe030835bc46c47a9d180a931b573f49af686c6ae67d28d3698da249573d07a1a6cb9caf91b64691df4318794521153e627e9958b461812acdef202fb64176bb18446d628caf6311da5b96c2c8fe47bc16a9e1bf60e19123963758badfa6111b4d99be8e323fc9267bc5b2e0e51a2ed82c726b1e1cb283fb015efb38f41c3de4162c4a5f75b6471afa52437da992b95a5dc108e29f59d73d766c80132fe15ae21903aba1af2625d7e56132aeee0ca34f4216f2d9c8813843659ba0dcd9b30133b3c843b51b332f8cb0d8893f20985d02d314d57009054562c331288e5866feb1b73014d8965a7e0681d7db2c13849ab74deff824bbb9661ea91c768b9a4943070d2d1349bea622c5cc9a5770d4bbf10e720b90be41a79360c0d04f93982c4ec4671973d670335714b2a5f4bf0e81080f364301579e6a3e03b597f9f09895722c20270d21043e1adbb32168a9665c67878622ad345689058746e191596408787e46826a2176710af1894188c30d292a992b08fe8acc8efb159e559a7a98c8ce7d97ba9209a3192cd1db1ba153f4c9efbcdf7f71c8d46f88f0b1fded291f0742bc5b1fcbcda80d1b44f5f5f1e9fb729b1415bceaa09883e53b8d2a5758e4ffa082da76d51ad848689ce7bb72f1ef8656347a36d07dc045382146a52483d519db6acc3967459a0e4db79e8466f689e4c5cd5d92502ad27c786db3cec3bf32ea1496f4fe9bb34e793799374dfcdfb2fb3f04e720e9e313ac9794", 0x302}], 0x4}}, {{&(0x7f0000000200)={0xa, 0x4e22, 0xa, @dev={0xfe, 0x80, '\x00', 0x24}, 0xab8}, 0x1c, &(0x7f0000000b80)=[{&(0x7f00000006c0)="ed4d928de1ad94c9796ef8d9141643bb104c20bd93b0c1558f7a2fde05584aad78b6dee38b9fc462d5c4ba90f038b732af44bf1e80f7c3c7b347b59a680c085d96db543378fe44db214f09eb4a9b8a75eb7f43d7f428d65f3bcfa39fbf7238f367b5e54901004638ef4abd38d09b04278b4cbe225cfa3654e422f495571dde1963425ead2efb56082ccbb5ac7c70fc25187f67e17f", 0x95}, {&(0x7f00000008c0)="55616e647e14f923c0e66e0b20c22a00e02e5b1b7691f8f041e2ea9069a659f9b39cadad8b6d4b5789831325255f4eb3191add843bf88d21da10ae5ac5a2ac233462f470c2a38c66a46bd29863182ddfdeac2ab5d0bf9564bb237f0091278f40354e443640921a7e60d6390d1f76eda2f7bc0e721c28a162d4b43f1ed98117bfa5a8b82d38d6643cfc", 0x89}, {&(0x7f0000000a40)="6c1ace6f0c25cc6f7f47a9db088a19d75082a31db8fbd1f8e833c822d08c663dbdbf249f24e1427bb37a77fd4e27c1d2b39abcaaec09dcf9cb4e572dfb72363d4c694278ecd164e88f8d3d93083a50bd1f3d2652792c6f85c5c5cac81c71eb3b7df52701d4ddd7fe1a223a76f19f6737db00d6737e04bb0318fd492eabf90cb3cf5f890b62e3a620e67689b4", 0x8c}, {&(0x7f0000003040)="bde8ff6f3c7cfaf158fb69f12b2de96d040d893e5b48dfdf028c3badaab0ca592f5440344f622f7f781fe087b40f4931144bc4320f654ae1b4a38047633518e4e2f10f0e09677a1b2fcaed0dbed2f21caf6a41d93ab549e61ddc5ce3a0fc1734bc5fbe7cf87a0cdb906c3241bcda488978400b2280d15146d3e03620dbf8c287ef069ea27234adeed001dba5bfc4db058366921f6af169bede12cbb1dd37941c5c8a1a1b668689ca2008cbf9ebef0bc3f666e6407eb206d864c9", 0xba}, {&(0x7f0000003140)="30314dd1ea518d038b284e6b03d2f5ed80a6d0162a7d7a92cabd257d467f74cad913db6ac3ca26bcaa677b453bc8d0b54615ca9cf9b6aae7e7f13eeb3f7b0a9636e334d42e131637808c8cd5e1e8cd8abb1397d109d91422d5cc1fa2166c5edf93b4caeedfff0e8f6fe75bb3b039688d9796cd2aaccc57a430746694e4198aff8d25980708ddd1111ac7734b05371dd69be5bc7ccbf7be8b2fb2eab5434062be6e5e000158f8e92ca593869ec80772194e2b57e0e1bb8b052bbb831fcff81319867af2cbc7019f81bb54f6cf6ea6e42c1c6a1e1dab963fee12f4d0b2722bba7cfd50f104576403a12250e5e382f875059efdf3fbbfcde3c1108921b770526e0f3fcafc0a46b51521eacf63621f9a2661188fba5934cdf7adea02b1034597e2c05825ee1a754e37f9a908b86389452a458d701ec43824d8f01f0fb63fbff163faf5059a59041f0c541e357ad831a72c643c7f7823f3cd20298cc7ce775cc348b130d15ce5ef812d3f4f62d1bc2c50dcca6104c4f767ef1e08c05d9a9f6f3f5a1e0980766af70f785055fad9d1f1208acb863e1f4829cf9bb9108a04f045f78f193f8d10e96638fccc156e0d33942242eff91c08b1cbb1273e6ddae3e9ce487f92fad5df662913d0d6ca5ecae86ab0adb699cdde28e3abe39090ca5d5e4a8ad6af192a29f00fc746aa2fec2f86fc594996d9e1f0ee1c8b20635f9e485ff05e89e137dfbacd44494523cd3309f208b6254e4660a5f4cdcea41cc08d42980f0e6b273cbd4e7f3439505e3f096ca36c0376f58b090326af91abc214c56f3eed53663311875b0dd0fb1b3ed6608e694697552c208ccd4bb322f1df6f51aa1cf2dff05d968a51627580d1ac51db33d14a52b1c95701e787636914f7fd75e0183ba01ab5de3d6e87c18eacc9703ba2d56840f4a033d41d6f21a1f75f4194e5194dfcb7c1aebb124e5c3f061b459d5fe5d813814b2cd65e1ac37b5bd298351124a0f301d6a3c40ae8b1da419625c88d932236d51728c8ff8c3381b7014b30f2ae02f4b03adc31d5e706b4bdfe580415639567607294d6a7f4e8ce53765c1aa272c65f18b7f4dae249e605b8c6f7e63d11666278d70c8ec09b89cf4e71df5052d8eb1bcfabc9382b6df56c4f5f70b65db13ff43a87925bdbf9167428635310bcdfce278074467d0e5a8ab333cd12f9a8f1376359053004831adbb3bd2cc7f817febbb4a795f61c961300c844dcaed2b4c9b7184009ec51e385306d2dbbae03df78692c120aee461b5cd59a63be00b5d9695e66e5a826fc02a7ac9a7ecbd9277b61c7cb3aeaa6cd2d228e2ef61695bc6c16c07a61f34027df051b7d6993e31414bca920c4b11c89bc4e9cf1baaa356af13d747cbd63da68bc71d8d0e301f4bf68fdd27c55de989e32f79cabd20cfb2402e4cf8dc03778fb7afeb6a16ece885cf45b5a2581a0ffa5bf0d2de59a69e46a4e3794094e11d3fd8cadfb0d4425a1dacf0b59e5f573adecf5e9ae59a619cfa939bd8998d26879a7610f19d8fcdf29ce15a73b16a354b1bb4ceac15c1e584f8296b93917be5a55366b2ae5ab17936c5a589850c04490e4ead1c76420d78a5fd0ea1fb5e103edf69c1063e1a5e5056af16bc3d822407cc63bd017bf81cb6dc51ba64c7ce0229e14f16ccbee815d788370f3c7bdc499f730820ad2a2c7d8552b6790c1f91df75b767419e044800d65683fd85ef5b1d7f77d918a5485ec29ba6e16e55e0e5bea1bb2041020b7b0e9b72015832ddd8f329ba049ef7dff8499533d9695d03dc61d88b3b50e5398930b14a0e13e4fe0864e6ef28b49d63dbcbcb36be842cd6edc71ad775dbf838888b7339ef58eee2a96e0f2d6dde53d883ca469ee2e6df1422ffd1d3bad79286b655af14ac2583cb239d3ae9a4e8f67c4d7d655e43f32aa0f9c88382a58af34b914d27b72f1f45d1851cfb235378051309e720e79aa6cbefbc997511fa5865a96b391b6dbb2a9d63b848dcd26210a05d0310555bbc7a2abb812aad2d8a135e68ce7e41e7d82fa7573fd54681b224cf67e224f6f712b622a2a16cac9fbb39de58660f3a04d43664b75a1b3ee780d8819a9885dbc381c098f7736bac3486116bac1b3a8d8be4e8f4f8b2165d861ce60e6ba1b6ee96dfa7ee193c3385998a3f09c187e50727ab9f85d9c78b0c456e0d79c828faaa0d00df8ffc9417a8e96d1906553a64f9fc780a5ecee328d8d3733ab5b744333ed9e9032036be7f9bb5a924fbe0d6b3e9829572b406e970e95bc6ea415d43d7256164ca627ca72704ca9154d450832a65fb1d99a8cd0903d87ddea66dd1a547db7e5c02889676663a3b0c1e57b5e74c313e949b6c5a4f03c443e148f35b43dcc6160", 0x689}, {&(0x7f0000004140)="c825e6307753c61f8de6eff27e8845c3b67c9cc42f0796f5d2ee505f280f6e188fdf866479d3762b48c63dca68687c205c8f60cb94947339251e576f7da14510c62b9b7b0c12c1e3100086f4613ad4b0f039841bb1a4d8176736d8164f86f22b461dbefe2c5f2b9498357fbc5082e458177b9be0a5458bb2103f6635426721473164c7f95a1706c878c2112f1b8ab7c7fef0f5771225573033d91af3f7d92533208eaec466c1c7b03ae57738334a0d8d10b3932f3964d164c9348b3f2b8c48b8d3e329a13e14e6512058ddbca3fcfe68e2e6d15ce139ad36a3ab5a9cf613b6e6c7ebf2b53168f1cdddf2492b18fba12ee023fb7b5d754acbb3c706d4b3ef226f3559f7ef5e47a7cb8ebefa6c27dc3d5403218b1b05d261b5d30139f15e72860b88d945f6fc2da69eec72f0fb4644da7b24e371e95965bbfba45693a243652e5f7e8e3b27bb9cd7831f15ea293cfc4f1472da6c862517428115279a049d742fcc21cd8f78ccb74257d9983952d7cec88fb4bca934088c8de17efa95441a4849523202beb0b5c325e2aa432f5321f312d67bb3f007b6b44ff60a684f19abefb3fc3ab26f3103e3caee48ac7b201e5a114b138e6b18628eb5cb65498906ce50edccc8634d050f8b98ecbc63c917748b4413f20a9e47e032e67ad76765c20c49098c9b0f53b5f09b4386417cd5fd34f192059a858a6812405446245cba7b0d6cfac62ea51901d6df9e11778bef1b2caaf4defc1009ab5da93f1de4a47caa6ca60d718d28a00c4dbce66546dd42c15c73cbb100d2c5966411b2fdc45405f640761102cdc60655af92ddf14f062f8e8e2305b9e8e251f9b40ffe9c206d070ef7911b1839590be4d9eb36d0670519188ce337e649be91be7f63ad15462af8626145e7586f3a2123087fb7d6a7bbc5fead9669a6e292ce524428fc4a0001b3adf56703d902162efd19779760f7915cb0547fa0a435bece20d5dbfb312421c3caa711865769d18d98778d224d00e406da89b2a905486443f24b9b3da92c22980b7e96d27678b904f85ee7fb5f3de997814cc310077c918665da47cc765f5c70cdd65a25b294494af029daf08f2b9b95edc61bfa0b79c1d55266a743684503cb1aa87462c7c226b147bf44fb6075c1611fa66b0eef585e858146faf38910a07939d5125a939df387f6ff55de8ff00d801ef1e1a5f225c84164cbfa5e90b956dae37eb0923b13e0d1b0405bda8d5a1ada2fea35e51f39c47411b73ba10ad1a0f6778a13eebfbf8eb58eec26029a8736253ea63bc00b3be0237b88c47a5c2c3a5d0864dcf5e8351eba8aef1bab1b60eb2bf0a9447b76b46f9d54155cf8ac879296fa25834cc171c4379ad81833d5ca5d739a996fa13a1413069624056fa04896282022d205db070614f8b6707de8ed5b76bafe916d4e2969c1baacaede05c78d03437000bf4bb9ecc28949a5351423db7c8f28e7a63841ff61ac7fdea556d9b5a1633eb3e7c26ec7c7e5defe9400cb0f1a3fa6ec8854d2606d927aa6bed3c7db836d69b0f8aafeac13751d89803506e69dae2a6717f518285b9936549c02ecab898d8aeca8d3973fca18436a0bd51ca871078d728f8f4b1c8c2f598078bf32d7c546d5f7a77248d9d1c2cd9da0e7e8146152eb56c5ef928425199f9e24c6ef8d2c65b5b83d8ed24136d30d66b6ca625cc9ec2c6995decb87176e99eeb8cc8967f92281c55db5cfbf54763f4c2d60b1a0aa23dd5c69957f0383b7fd862d79ffc2c0d4df80c8107535370e16dcdc165c0e94d5b68b78e76ed5595921b2bb7ee9a0086b22026a6f655867db32440ed597243e57c310a4f50a870c976545d75a35e6a623a0af3f0f0acf98d93aa22ca63adf8f2a15e7b82f26b1ba12801ca8c022631a98d57963010ed759cc797506fcbc5f5cd0317ab7743b8512eebde900e09176b47408501aab3e6319847327e3c89e81994fa884f722956c9230bf87d251d8e7c3197cf03a51b6fd634c7354e0ee8094f76cb2e4e7ffd0cd5b18bcc027b188624d366545e963e2197a246f7e2e15d46fac1e475aaa635714a602cd6bf770203d3f489cbfa4a8bf9c3757ca747c13e66496e45767e597", 0x5d0}], 0x6, &(0x7f0000005140)=ANY=[@ANYBLOB="180000002000000029000000370000009d00000000000000b00000000000000029000000370000004ad90000000000000103000000050200070102000001020000087a0de6d08198e5a34815e07da3bde8c959c3f949c3cd4013a66fa49e105411ffd0cef4ca749e3b20e193aaf9cc5d8a4a6e5bfe31dc0227bc6d52056211b39c44a7dac9be0fb7fa9bcbb0dcec56ab676328e223e9845d4ce30248f65df02b5bdc3c03adcf24be379be86c357e6224e7adc54e0bfa8a2b36e325089705020000c2040000000500"], 0xc8}}, {{&(0x7f00000002c0)={0xa, 0x4e21, 0x7, @empty, 0x2}, 0x1c, &(0x7f00000009c0), 0x0, &(0x7f0000000c00)=ANY=[@ANYBLOB="d0000000000000002900000036000000041600000000000008762958e3397c1c2e46c6d1c258577349b24bab2d3f50f3f9fabaf2da514afc2bf75a76fe085c76047635bd295cdc1d736c654499db36617e9e2575a4a0f9836894af2ef7a06ca611363e767b29b80a259a20abfc8e22361fb96159c0abe0b7db0934235e6890bc58dfcc7ebba8ab8da199d54a51623fc3c2040000000cc2040000d0500730000000030a02ff7f0000000000000000000000000000000007000000000000000800000000000000e20b000000000000000038000000000000002900000004000000ac03000000000000010700000000000000000100c91020010000000000000000000000000000000014000000000000002900000043000000020000000000000038c6bb27fe5d9448e3d60509563ac04b45a95ebb7ddb12263d9760e3310967f691bfbfb3a27dca1e6f23aad57329c83c4bec4b0f784429a3b289"], 0x120}}], 0x4, 0x44)
socketpair$unix(0x1, 0x5, 0x0, &(0x7f00000001c0)={<r2=>0xffffffffffffffff, <r3=>0xffffffffffffffff})
setsockopt$SO_ATTACH_FILTER(r3, 0x1, 0x1a, &(0x7f0000000000)={0x0, &(0x7f00000000c0)}, 0x10)
sendmmsg(r2, 0x0, 0x0, 0x0)
symlink(0x0, 0x0)
symlink(&(0x7f0000000080)='.\x00', 0x0)
r4 = syz_usb_connect(0x0, 0x24, 0x0, 0x0)
syz_usb_control_io$hid(r4, 0x0, &(0x7f0000000400)={0x2c, &(0x7f00000000c0)=ANY=[], 0x0, 0x0, 0x0, 0x0})
syz_usb_control_io$cdc_ncm(r4, 0x0, 0x0)
syz_usb_control_io(r4, 0x0, &(0x7f0000000800)={0x84, &(0x7f0000000280)={0x0, 0x0, 0x1, "12"}, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0})
rename(&(0x7f0000000580)='./file1\x00', &(0x7f0000005240)='./file0/file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa/file0\x00')
sched_setattr(0x0, &(0x7f0000000180)={0x38, 0x5, 0x21, 0x9, 0x1ff, 0x4, 0x4, 0xfffffffffffffffe, 0x4, 0xfffffffc}, 0x0)
madvise(&(0x7f0000000000/0x800000)=nil, 0x800000, 0xe)
r5 = userfaultfd(0x801)
mlock(&(0x7f0000000000/0x800000)=nil, 0x800000)
ioctl$UFFDIO_API(r5, 0xc018aa3f, &(0x7f00000000c0))
ioctl$UFFDIO_REGISTER(r5, 0xc020aa00, &(0x7f0000000000)={{&(0x7f0000400000/0xc00000)=nil, 0xc00000}, 0x3})
ioctl$UFFDIO_WRITEPROTECT(r5, 0xc018aa06, &(0x7f0000000140)={{&(0x7f0000400000/0xc00000)=nil, 0xc00000}, 0x1})
mremap(&(0x7f0000000000/0x9000)=nil, 0x600600, 0x200000, 0x3, &(0x7f0000a00000/0x600000)=nil)

11m21.065012367s ago: executing program 3 (id=640):
prlimit64(0x0, 0xe, &(0x7f0000000600)={0x9, 0x20000008b}, 0x0)
sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x7)
r0 = bpf$PROG_LOAD(0x5, &(0x7f0000000080)={0x11, 0x8, &(0x7f0000003900)=ANY=[@ANYBLOB="620af8ff0c200021bfa100000000000007010000f8ffffffb702000003000000bd120000000000008500000006000000b70000000000000095000000000000003faf4f1e7f2aa3d9b18ed81c0c869b51ec6c0af4e0e4a9446c7670568982b4e020f698393aa0f3881f9c24aa56f15199fad0093c59d66b5ece9f36c70d0f13905ea23c22624c9f87f9793f50bb546040677b0c5077da80fb982c1e9400e693146cea484a415b76966118b64f751a0f241b07080008002d75593a286cecc93e64c227c95aa0b784625704f07a72c234664c0af9360a1f7a5e6b607130c89f18c0c1089d8b853289e01aa27ae8b09e00e79ab20b0b8e1148f49faf2ad0000000000000006fa03c6468972089b302d7bf6023cdcedb5e0125ebbc08dee510cb2364149215108333719acd97cfa107d40224edc5465a932b77e74e802a0d42bc6099ad2300000080006ef6c1ff0900000000000010c63a949e8b7955394ffa82b8e942c89112f4ab87b1bfeda7be586602d985430cea0162ab3fcf4591c926abfb0767192302000000b0eea24492a660583eecb42cbcd3de3a83209da17a0faf60fd6ad9b97aa5fa68480366c9c6fd6fa5043aa3926b81e3b59c95c25a573dc2edcaea2b1a52496dfcaf99431412fd134a996382a1a04d5bb924cfe5f3185418d605ffff9c4d2ec7c32f2095e63c80aff9fa740b5b7632f32030916f89c6dad7603f2ba2a790d62d6faec2fed44da4928b30142ba11de6c5d50b83bae613402216b5054d1e7c13b1355d6f4a8245ffa4997da9c77af4c0eb97fca585ec6bf5af51d564beb6d952aab9c70764b0a8a7583c90b3433b809bdb9fbd48bc873495cbff8a326eea31ae4e0f7505ebf6c9d13330ca005ace1a84521f14518c9b476fccbd6c712016219848624b87cec2dbe98223a0eb4fa39f6b5c02e6d6d90756ff57902a8f57000000009700cf0b4b8bc2294133000000000000000000030000000000000000000000000010008bc0d9559711e6e8861c46495ba585a4b2d02edc3e28dd271c896249ed85b980680b00002b435ac15fc0288d9b2a169cdcacc413038dafb7a2c8cb482bac0ac502d9ba96ffffff7f0000100000000000007d5ad897ef3b7cda42013d53046da21b40216e14ba2d6ad5656bfff17addaedab25b30002abbba7fa725f38400be7c1f001b2cd317902f19e385be9e48dccff729433282830689da6b53b263339863297771429d120000003341bf4abacac95900fca0493cf29b33dcc9ffffffffffffffd39fec2271ff01589646efd1cf870cd7bb2366fde41f94290c2a5ff870ce41fd3467decb05cfd9fcb32c8ed1dbd9d10a64c1083d5e71b5565b1768ee58969c41595229df17bcad70fb4021428ce970275d13b78100788f11f76161d46ea3abe0fa4d30dc94ef241875f3b4ce0232fcea69c271d7fa29822aea68a660e717a04becff0f719197724f4fce1093b62d7e8c7123d8ec571be54c72d978cf906df0042e36acd37d7f9e119f2c06f815312e0cfe222a06f56dd022c074eb8a322fb0bf47c0a8d154b405c37feaf3dd95f6ef2ae582786105c7df8be5877050c91301bb997316dbf17866fb84d4173731efe895ff2e1c5560926e90109b598502d3e959efc71f665c4d75cf2458e3546c1c776da64fb5abee0acfd235f2f4632c9062ece84c99a061887a20639b41c8c12ee86c50804042b3fb5aac518a75f9e7d7101d5e186c489b3a06fb99e0aa7f23a054de2f4d92d6bd72ee2c9fdc75aaaf1e3e483b4ad05573af40326993947d9a631bcbf3583784acbda216550d7aec6b79e30cbd128f54c2d3335457acf37331766e472391e358c3b377327ac9ecc34f24c9ae153ec60ac0694dc55bff9f5f45f90400000000000000d6b2c5ea1393fdf24285bf16b99c9cc0ad1857216f1a985f369191ae954febb3df464bfe0f7f3ee9afe7befb89d2777399f5874c553aeb3729cffe86e66964ae09bb6d163118e4cbe024fd4500f8ff0700000000cc9d8046c216c1f895778cb25122a2a9f9b444aeadea2a40da8daccf080842a486721737390cbf3a74cb2003016f1514216bdf57d2a40d40b51ab63e96ec8485b3b8a8c9ae3d14f93100c2e0893862eef552fcde2981f48c482bde8a168c3f5db2fea6f26e4a4304e50c349f4f9ecee27defc93871c5f99b355b72d538ba4958ea8e4aa37094191e10096e7e60fc3541a2c905a1a95e9571bf38ae1981c4238ecaee6f75cd0a6881bd1517a8250ddc8674152f94e3a409e2a3bce109b60000000000000000d6d5210d7503000000a87a27602b81f76386f1535bef1497f92186086e29c6bc5a1fad6ec9a31137abf9a404abde7750898b1bd627e873f8703be8672d70d1ab57075228a9f46ed9bd1f08fb8191bbab2dc51de3a61f0868afc4294859323e6c257a45319f18101288d139bd3da20fed05a8fe64680b0a3fc22dd70400000000946912d6c98cd1a9fbe1e7d58c08acaf30235b918a31d2eca55f74a23641f61f2d5b308cf0d031b0c7f0ced69993e9960ff5f76015e6009556237badf4e7965bbe2777e808fcba821aa8e8c5c39609ff854352cb4900000000000000000000000000c1fee30a3f7a85d1b29e58c77685efc0ceb1c8e5729c66418d169fc03aa188546b3ad2a182068e1e3a0e2505bc7f41019645466a53f1c96e0d4b3bc19faa5449209b083dbd334b47f067bbab40743b2a42010082008df75cf43f8ecc8d3726602111b40e761fd21081920382f14d12ca3c3431ee97471c7868dcda7eaa69eb7f7f80572fdd11bb1d0d1280fbc22bf73468788df51710d7d31c632fc5ed1762eb0b428ee751c47d8e894f745a868404a0bf35f0121008b722b1eaa6aedfa1bf2e7ccb2d61d5d76331945ecefa26b8471d42645288d7226bbd9ccd628ab84875f2c50ba891cea592b0430a537a395dc73bda367bf12cb7d81691a5fe8c47be395656a297e9df0e71f96756ea5cce7daac4be290159f6bcd75f0dda9de5532e71ae9e48b0ed0254a83100000000f6fbb869604d51a36a54c832e45b2569dc0d90b075225fde44c4e0973171ad47d6b0fdf9743af932cd6db49a47613808bad959710300000000000000832d0a45fa4242e24c7e800003c9e8095e02985f28e678f66422436f949e2ab8f162d7e3f855e378f4a1f40b0c6fb2d4b205a800b6d713acebc5b014e61a543a5a194f9ac18d76b5440e3b1a569e7397f6cafa86966d7ba19e720413267a6ccea9c439671d2c680f2753ca184eeeb843450368acb4383a01d25eb3d1e23e0f2645d1cdfa9fa410632f95a5f622f851c66ee7e30393cd7a4d67ff2a49c4f93c0984b5c2d4523497e4d64f95f08493564a1df87111c9bf3194fef97dcecc467ace45feeb685c5870d05f88a0f463db88d377442e1349acaf766218b54a9d624778e1c4e064c98e494198276eb2df7766411bef0ebb5000000000006065d635b0b7a00ee767221d8af9753387e0cd8d718f54a29df6eba3bd4c440e6e2172e3fcc01b8babb757b5c59217b80d0db3ba582814a604e4ef7a803e9ca7c85b35c9b93a9e0885e238b44ae1c2e64cce3b27083b8246829e64056000302bffff15405bd5f2eba20000000000000000000000000000000000009a9823fd8fbc5aa16509945ed032b48ea12d8e0588dc52702e4084913a06d468d0928bad76d697e1f85ab030e788d38788ee5b5428d4a971cc97db9fd231088e570735ce129e7e77fc2777692664a1488fd8d6dff4dad618fd54f529d4555c6507009ee69dd1bc55258789b24052137e9637f3efbab71720f88c3c44b3b7486f979e8a3174b531f573fe0e5239c000be2733c49546f6e8a9175ec6f14dbf72cac91643b2fd99c29eca28a3c2e60d5e5b8795fae16a7c3ea57e728eca35eaf0155a39f97580e079175426c088a0208040982a0000000000000000000000000051ceaaf0159fe61f2eade7603d0a7a56fb09cd119ac06adb6597155ae47846892bb423c024d8cbe9240b71ec6dc2124d3a19e2d714b273d95d1d3aa737cb04a33615ff2a730e51067d5d675d7122361c37c61a43b5afd865b60d4cae891b73220f17d25985a7f76834995e53a93a1c7b9eef267df691ca983a0b15bda7f6c5c1ca7aa50261a3089a1ebf0734c9b07e8951ff023263ad5aed8cfb49b49e128c697724c057d22c5df5aef27ce3db11d5ad5527d149d076e1a87e2df27c0cb8a67ad026bf953e88f10447e125c2c0f1aebee1f3390a9e3ddad4e2a6e0f6e4569fdefa19e870e04acf9493b963f98e23cfc665e4f465fa3f801e1957c399e45f61d3459b1c606204368bb931345af2823c487d2fd99db6ea6e008e7ffa06ca861551189d155bd077a79fe2c7e961352e56824f727d21d41eae78bfec4a2d7a7edbc8ef958c5ea599f7c25bf71c2340558aa12fdd24a88aaad5921aee7dae6a2f3009d9cb43ab4898d0f0aa565431b6abe585d75db04d1c9ba0b9de4ae8b0d3132bc6810cc9a693979f55174a72e1df9fdef35bc470f9e6e591982757f45c52c645d891bf63bb21fb66926ebe1a8525611fc3e8bb8795c36dc2a86b5ab46ff33cc74f61751b2dae92676db85c8d0c721b7ea4544bf51c95c86fcac1f434d09d1ee4928aafe23de66fed972e0dddfb33f64e48701b049239e7f552d816441d11c4c2647c014462344359198d97c4b6e9ed31ca18987b64de079b2bed641e8a92f13ca70844c65cb423d01950b0ebf44bd28e09c05d9ae5dd689fb880fb18d042219f5ac60c3a03b085abf3e8e3efc842a8d328733461f04c99607061c65ed14c61322a5ac2d371a95b8ad867ec92d13a4fa4ae033a09673866cd77f4bcdaaa05207166b19a8758d8855400d8c6a7242dc207251e8797eca24ea4f487663e60f2f5e1f1424958fd148f846830e88a42d93e1fe9c0b4a4a268921738938aa9f3cb3811ac87c54c8ebc8bcfb4613cc3a997ff1579edbd4ade8020e3ad001b072b1a751b588ac4639f35a58e00a50c0270608c7a7f10132b1c25b9ea81232fbef665f6212f875b2a0000000000000000000000000000cf7b6c4ba9bec153d6834bfef080df374703a8ff56a63ec1fe5f2e05a79e3cace7283dd68d41e94420c325fe4dae144fde5ec25a87d625cab20753a77b323fa3783c8b675859b9012647885a242adfee2fe812ecbe5191e0a15142f7349e7627cc39d724e2e34e7a24154f26ae3125b36d0504965295d0453902ac7079b11a3a1e655e482331e3dc35b2e7e4e3ea99064fe5b9c8ae0ca3e5fd653f3286a99d81ce4eba765c38d097391ad4babac38ce5b4344e24a361"], &(0x7f0000000380)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x8, &(0x7f0000000000), 0x8, 0x10, &(0x7f0000000000), 0x10}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000180)={&(0x7f0000000540)='rcu_utilization\x00', r0}, 0x10)
r1 = getpid()
sched_setscheduler(r1, 0x2, &(0x7f0000000200)=0x6)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x0, 0x0)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0)
socketpair$unix(0x1, 0x2, 0x0, 0x0)
connect$unix(0xffffffffffffffff, &(0x7f000057eff8)=@abs={0x0, 0x0, 0x4e24}, 0x6e)
sendmmsg$unix(0xffffffffffffffff, &(0x7f0000000000), 0x651, 0x0)
recvmmsg(0xffffffffffffffff, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
openat$sysfs(0xffffffffffffff9c, &(0x7f0000000000)='/sys/power/pm_wakeup_irq', 0x0, 0xb)
r2 = socket$inet_udplite(0x2, 0x2, 0x88)
setsockopt$inet_group_source_req(r2, 0x0, 0x2e, &(0x7f0000000080)={0x9, {{0x2, 0x0, @multicast2}}, {{0x2, 0x0, @broadcast}}}, 0x108)
setsockopt$inet_MCAST_MSFILTER(r2, 0x0, 0x30, &(0x7f0000000800)=ANY=[@ANYBLOB="090000000000000002000000e0000002000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000400000002000000ac1e000100000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000002000000ffffffff00000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000006e000000000000000000000000000000000000000000000000000000000000000000020000007f00000100000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000002"], 0x290)

11m20.779279549s ago: executing program 3 (id=641):
socket$pppl2tp(0x18, 0x1, 0x1)
syz_io_uring_setup(0x9e, 0x0, 0x0, 0x0)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0xffffffffffffffb3}, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000180)=0x1)
ioctl$VIDIOC_S_INPUT(0xffffffffffffffff, 0xc0045627, 0x0)
sched_setaffinity(0x0, 0x8, &(0x7f0000000240)=0x400000bce)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
r0 = bpf$PROG_LOAD(0x5, 0x0, 0x0)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000bc0)={&(0x7f0000000a80)='kfree\x00', r0}, 0x10)
r1 = socket$nl_generic(0x10, 0x3, 0x10)
r2 = syz_genetlink_get_family_id$ethtool(&(0x7f0000000000), r1)
ioctl$ifreq_SIOCGIFINDEX_wireguard(r1, 0x8933, &(0x7f0000000580)={'wg1\x00', <r3=>0x0})
sendmsg$ETHTOOL_MSG_LINKINFO_SET(r1, &(0x7f0000000700)={0x0, 0x0, &(0x7f00000006c0)={&(0x7f0000000240)=ANY=[@ANYBLOB='4\x00\x00\x00', @ANYRES16=r2, @ANYBLOB="0100e8ffffff00000000100000002000018008000100", @ANYRES32=r3, @ANYBLOB="14000200776731"], 0x34}}, 0x0)
r4 = syz_open_dev$MSR(&(0x7f00000001c0), 0x0, 0x0)
read$msr(r4, &(0x7f0000002000)=""/102400, 0x19000)
syz_init_net_socket$ax25(0x3, 0x5, 0xcf)
r5 = syz_open_procfs(0x0, &(0x7f0000000080)='fdinfo/3\x00')
read$qrtrtun(r5, &(0x7f00000004c0)=""/57, 0x39)
ioctl$sock_SIOCGIFINDEX(0xffffffffffffffff, 0x8933, 0x0)
write$RDMA_USER_CM_CMD_CREATE_ID(0xffffffffffffffff, 0x0, 0x0)
r6 = openat$sysfs(0xffffffffffffff9c, &(0x7f0000000080)='/sys/power/disk', 0x129a82, 0x0)
sendfile(r6, r6, 0x0, 0x8)
r7 = syz_open_dev$tty1(0xc, 0x4, 0x1)
ioctl$TIOCL_SETSEL(r7, 0x541c, &(0x7f0000001900)={0x2, {0xc, 0x117, 0x5, 0x101, 0x100}})
write$RDMA_USER_CM_CMD_RESOLVE_IP(0xffffffffffffffff, &(0x7f0000000280)={0x3, 0x40, 0xfa00, {{0xa, 0x4e23, 0x7fe, @empty, 0x1}, {0xa, 0x4e20, 0x1ff, @dev={0xfe, 0x80, '\x00', 0x1d}, 0x2}, 0xffffffffffffffff, 0xb}}, 0x48)
bpf$MAP_CREATE(0x0, &(0x7f0000000500)=ANY=[@ANYBLOB="1e0000000000000004000000ff"], 0x48)
ftruncate(0xffffffffffffffff, 0x10000)
r8 = socket$inet6(0xa, 0x80002, 0x0)
setsockopt$inet6_mreq(r8, 0x88, 0x1b, &(0x7f0000000100)={@remote}, 0x14)

11m19.842906592s ago: executing program 3 (id=645):
r0 = syz_init_net_socket$nl_generic(0x10, 0x3, 0x10)
r1 = openat$adsp1(0xffffffffffffff9c, 0x0, 0x200, 0x0)
ioctl$SNDCTL_DSP_SETFRAGMENT(r1, 0xc004500a, 0x0)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0xa, 0x8b}, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000080)=0x8)
r2 = getpid()
sched_setscheduler(r2, 0x1, &(0x7f0000000200)=0x7)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={<r3=>0xffffffffffffffff, <r4=>0xffffffffffffffff})
connect$unix(r3, &(0x7f000057eff8)=@abs, 0x6e)
sendmmsg$unix(r4, &(0x7f0000000000), 0x651, 0x0)
recvmmsg(r3, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
r5 = socket$nl_audit(0x10, 0x3, 0x9)
ioctl$sock_SIOCGSKNS(r5, 0x894c, 0x0)
r6 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xb, 0x0, &(0x7f0000000040)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000540)={&(0x7f0000000140)='sched_switch\x00', r6}, 0x10)
sendmsg$nl_route(0xffffffffffffffff, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000180)={&(0x7f0000000200)=ANY=[], 0xa0}}, 0x0)
r7 = socket(0x10, 0x3, 0x0)
sendmsg$nl_route(r7, &(0x7f0000000040)={0x0, 0x0, &(0x7f0000000080)={&(0x7f00000000c0)=ANY=[@ANYBLOB], 0x24}, 0x1, 0x0, 0x0, 0x4}, 0x0)
sendmmsg(r7, &(0x7f0000000000), 0x4000000000001f2, 0x0)
syz_emit_vhci(&(0x7f00000002c0)=ANY=[@ANYBLOB="043e060c"], 0x9)
r8 = syz_init_net_socket$nl_generic(0x10, 0x3, 0x10)
r9 = syz_genetlink_get_family_id$nfc(&(0x7f0000001740), r0)
sendmsg$NFC_CMD_VENDOR(r8, &(0x7f0000002a00)={0x0, 0x0, &(0x7f00000029c0)={&(0x7f0000000340)=ANY=[@ANYBLOB=',\x00\x00\x00', @ANYRES16=r9, @ANYBLOB="01002abd6960fddbdf251d03000008001d0042ffffe208001e008c0f00000800010085"], 0x2c}, 0x1, 0x0, 0x0, 0x90}, 0x2400c800)
openat$smackfs_access(0xffffffffffffff9c, &(0x7f0000000040)='/sys/fs/smackfs/access2\x00', 0x2, 0x0)
mkdirat(0xffffffffffffff9c, &(0x7f0000000280)='./file0\x00', 0x0)
mount$bind(&(0x7f0000000000)='.\x00', &(0x7f0000000200)='./file0/../file0\x00', 0x0, 0x101091, 0x0)
mount$bind(0x0, &(0x7f00000005c0)='./file0\x00', 0x0, 0x100000, 0x0)
mount$bind(&(0x7f0000000440)='./file0\x00', &(0x7f00000000c0)='./file0/file0\x00', 0x0, 0x8b101a, 0x0)
syz_open_procfs(0x0, &(0x7f0000000240)='mountinfo\x00')

11m18.47239575s ago: executing program 3 (id=648):
socket$pppl2tp(0x18, 0x1, 0x1)
connect$inet6(0xffffffffffffffff, 0x0, 0x0)
socketpair$unix(0x1, 0x3, 0x0, &(0x7f0000000080)={<r0=>0xffffffffffffffff, <r1=>0xffffffffffffffff})
r2 = semget$private(0x0, 0x5, 0x0)
semop(r2, 0x0, 0x0)
connect$unix(r0, &(0x7f000057eff8)=@abs, 0x6e)
sendmmsg$unix(r1, &(0x7f00000bd000), 0x318, 0x0)
recvmmsg(r0, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
sched_setattr(0x0, &(0x7f0000000100)={0x38, 0x5, 0x0, 0x0, 0x0, 0x0, 0xf, 0x9}, 0x0)
openat$kvm(0xffffffffffffff9c, 0x0, 0x0, 0x0)
socket$inet_smc(0x2b, 0x1, 0x0)
syz_usb_connect(0x0, 0x5f, &(0x7f0000000000)=ANY=[@ANYBLOB="12010000b1f203401e0903003bd7010203010902"], 0x0)
openat$vicodec0(0xffffffffffffff9c, 0x0, 0x2, 0x0)
r3 = syz_open_dev$tty1(0xc, 0x4, 0x1)
ioctl$KDFONTOP_GET(r3, 0x4b72, &(0x7f0000000100)={0x1, 0x1, 0xa, 0x20, 0x1cb, &(0x7f0000000480)})

11m17.36623924s ago: executing program 3 (id=652):
ioctl$UFFDIO_API(0xffffffffffffffff, 0xc018aa3f, &(0x7f0000000140))
getpid()
r0 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000380)={0x11, 0x4, &(0x7f00000002c0)=ANY=[@ANYBLOB="1801000000000000000000000000ea04850000005000000095"], &(0x7f0000000100)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x2}, 0x80)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000140)={&(0x7f0000000040)='sched_switch\x00', r0}, 0x10)
mkdirat$cgroup_root(0xffffffffffffff9c, 0x0, 0x1ff)
r1 = openat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000000), 0x200002, 0x0)
r2 = openat$cgroup_freezer_state(r1, &(0x7f0000000140), 0x2, 0x0)
setsockopt$IP6T_SO_SET_REPLACE(0xffffffffffffffff, 0x29, 0x40, &(0x7f0000000880)=@filter={'filter\x00', 0xe, 0x4, 0x4f8, 0xffffffff, 0x330, 0x330, 0x330, 0xffffffff, 0xffffffff, 0x428, 0x428, 0x428, 0xffffffff, 0x4, &(0x7f0000000180), {[{{@ipv6={@mcast1, @dev={0xfe, 0x80, '\x00', 0x26}, [0xff000000, 0xff, 0xffffffff, 0xffffff00], [0xffffff00, 0xffffff00, 0xffffff00, 0xff000000], 'vcan0\x00', 'pimreg1\x00', {0xff}, {0xff}, 0x3c, 0x4, 0x6, 0x30}, 0x0, 0xd0, 0xf8, 0x0, {}, [@common=@mh={{0x28}, {"b8e4"}}]}, @REJECT={0x28, 'REJECT\x00', 0x0, {0x2}}}, {{@ipv6={@remote, @private2, [0xffffff00, 0x0, 0x0, 0xff000000], [0x0, 0xffffff00, 0xff, 0xff], 'wlan0\x00', 'dvmrp0\x00', {}, {0xff}, 0x2c, 0x1, 0x6, 0x50}, 0x0, 0x210, 0x238, 0x0, {}, [@common=@rt={{0x138}, {0xfffffffa, [0x4, 0x4], 0x81, 0x10, 0x7, [@remote, @loopback, @rand_addr=' \x01\x00', @remote, @private2={0xfc, 0x2, '\x00', 0x1}, @empty, @private2={0xfc, 0x2, '\x00', 0x1}, @mcast1, @remote, @local, @local, @mcast1, @local, @ipv4={'\x00', '\xff\xff', @rand_addr=0x64010100}, @loopback, @loopback]}}, @common=@frag={{0x30}, {[0x8, 0xc221], 0x9, 0x16}}]}, @common=@inet=@SET1={0x28, 'SET\x00', 0x1, {{0xffffffffffffffff, 0x5, 0x6}, {0xffffffffffffffff, 0x1, 0x4}}}}, {{@uncond, 0x0, 0xd0, 0xf8, 0x0, {}, [@common=@ipv6header={{0x28}, {0x8, 0x20}}]}, @REJECT={0x28, 'REJECT\x00', 0x0, {0x1}}}], {{'\x00', 0x0, 0xa8, 0xd0}, {0x28}}}}, 0x558)
sendfile(r2, r2, 0x0, 0x9)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
prlimit64(0x0, 0xe, &(0x7f0000000380)={0x8, 0x100008b}, 0x0)
sched_setscheduler(0x0, 0x1, &(0x7f0000000000)=0x7)
bpf$MAP_CREATE_RINGBUF(0x0, &(0x7f0000000580)=ANY=[], 0x50)
openat$sequencer(0xffffffffffffff9c, &(0x7f0000000280), 0x0, 0x0)
writev(0xffffffffffffffff, &(0x7f0000000840)=[{&(0x7f00000002c0)="94", 0xf000}, {0x0}], 0x2)
r3 = socket$inet6(0xa, 0x1, 0x8010000000000084)
r4 = openat$cgroup_devices(0xffffffffffffffff, 0x0, 0x2, 0x0)
write$cgroup_devices(r4, &(0x7f0000000140)=ANY=[@ANYBLOB], 0xa)
bind$inet6(r3, &(0x7f00000000c0)={0xa, 0x4e21, 0x0, @empty}, 0x1c)
connect$inet6(r3, &(0x7f0000000000)={0xa, 0x4e21, 0x0, @ipv4={'\x00', '\xff\xff', @dev={0xac, 0x14, 0x14, 0x14}}}, 0x1c)
r5 = openat$vim2m(0xffffffffffffff9c, &(0x7f0000000000), 0x2, 0x0)
ioctl$vim2m_VIDIOC_REQBUFS(r5, 0xc0145608, &(0x7f0000000100)={0x3, 0x2, 0x1})
r6 = dup(r5)
mmap(&(0x7f0000fed000/0x12000)=nil, 0x12000, 0x2, 0x11, r6, 0x0)
ioctl$vim2m_VIDIOC_REQBUFS(r5, 0xc0585609, &(0x7f0000000080)={0x0, 0x2, 0x0, 0x0, 0x3})
setsockopt$inet_sctp6_SCTP_PEER_ADDR_PARAMS(r3, 0x84, 0x9, &(0x7f0000000300)={0x0, @in6={{0xa, 0x0, 0x0, @empty}}, 0x0, 0x0, 0x317, 0x1, 0x34, 0x9}, 0x9c)
syslog(0x4, 0x0, 0x0)

11m16.638345461s ago: executing program 32 (id=652):
ioctl$UFFDIO_API(0xffffffffffffffff, 0xc018aa3f, &(0x7f0000000140))
getpid()
r0 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000380)={0x11, 0x4, &(0x7f00000002c0)=ANY=[@ANYBLOB="1801000000000000000000000000ea04850000005000000095"], &(0x7f0000000100)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x2}, 0x80)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000140)={&(0x7f0000000040)='sched_switch\x00', r0}, 0x10)
mkdirat$cgroup_root(0xffffffffffffff9c, 0x0, 0x1ff)
r1 = openat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000000), 0x200002, 0x0)
r2 = openat$cgroup_freezer_state(r1, &(0x7f0000000140), 0x2, 0x0)
setsockopt$IP6T_SO_SET_REPLACE(0xffffffffffffffff, 0x29, 0x40, &(0x7f0000000880)=@filter={'filter\x00', 0xe, 0x4, 0x4f8, 0xffffffff, 0x330, 0x330, 0x330, 0xffffffff, 0xffffffff, 0x428, 0x428, 0x428, 0xffffffff, 0x4, &(0x7f0000000180), {[{{@ipv6={@mcast1, @dev={0xfe, 0x80, '\x00', 0x26}, [0xff000000, 0xff, 0xffffffff, 0xffffff00], [0xffffff00, 0xffffff00, 0xffffff00, 0xff000000], 'vcan0\x00', 'pimreg1\x00', {0xff}, {0xff}, 0x3c, 0x4, 0x6, 0x30}, 0x0, 0xd0, 0xf8, 0x0, {}, [@common=@mh={{0x28}, {"b8e4"}}]}, @REJECT={0x28, 'REJECT\x00', 0x0, {0x2}}}, {{@ipv6={@remote, @private2, [0xffffff00, 0x0, 0x0, 0xff000000], [0x0, 0xffffff00, 0xff, 0xff], 'wlan0\x00', 'dvmrp0\x00', {}, {0xff}, 0x2c, 0x1, 0x6, 0x50}, 0x0, 0x210, 0x238, 0x0, {}, [@common=@rt={{0x138}, {0xfffffffa, [0x4, 0x4], 0x81, 0x10, 0x7, [@remote, @loopback, @rand_addr=' \x01\x00', @remote, @private2={0xfc, 0x2, '\x00', 0x1}, @empty, @private2={0xfc, 0x2, '\x00', 0x1}, @mcast1, @remote, @local, @local, @mcast1, @local, @ipv4={'\x00', '\xff\xff', @rand_addr=0x64010100}, @loopback, @loopback]}}, @common=@frag={{0x30}, {[0x8, 0xc221], 0x9, 0x16}}]}, @common=@inet=@SET1={0x28, 'SET\x00', 0x1, {{0xffffffffffffffff, 0x5, 0x6}, {0xffffffffffffffff, 0x1, 0x4}}}}, {{@uncond, 0x0, 0xd0, 0xf8, 0x0, {}, [@common=@ipv6header={{0x28}, {0x8, 0x20}}]}, @REJECT={0x28, 'REJECT\x00', 0x0, {0x1}}}], {{'\x00', 0x0, 0xa8, 0xd0}, {0x28}}}}, 0x558)
sendfile(r2, r2, 0x0, 0x9)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
prlimit64(0x0, 0xe, &(0x7f0000000380)={0x8, 0x100008b}, 0x0)
sched_setscheduler(0x0, 0x1, &(0x7f0000000000)=0x7)
bpf$MAP_CREATE_RINGBUF(0x0, &(0x7f0000000580)=ANY=[], 0x50)
openat$sequencer(0xffffffffffffff9c, &(0x7f0000000280), 0x0, 0x0)
writev(0xffffffffffffffff, &(0x7f0000000840)=[{&(0x7f00000002c0)="94", 0xf000}, {0x0}], 0x2)
r3 = socket$inet6(0xa, 0x1, 0x8010000000000084)
r4 = openat$cgroup_devices(0xffffffffffffffff, 0x0, 0x2, 0x0)
write$cgroup_devices(r4, &(0x7f0000000140)=ANY=[@ANYBLOB], 0xa)
bind$inet6(r3, &(0x7f00000000c0)={0xa, 0x4e21, 0x0, @empty}, 0x1c)
connect$inet6(r3, &(0x7f0000000000)={0xa, 0x4e21, 0x0, @ipv4={'\x00', '\xff\xff', @dev={0xac, 0x14, 0x14, 0x14}}}, 0x1c)
r5 = openat$vim2m(0xffffffffffffff9c, &(0x7f0000000000), 0x2, 0x0)
ioctl$vim2m_VIDIOC_REQBUFS(r5, 0xc0145608, &(0x7f0000000100)={0x3, 0x2, 0x1})
r6 = dup(r5)
mmap(&(0x7f0000fed000/0x12000)=nil, 0x12000, 0x2, 0x11, r6, 0x0)
ioctl$vim2m_VIDIOC_REQBUFS(r5, 0xc0585609, &(0x7f0000000080)={0x0, 0x2, 0x0, 0x0, 0x3})
setsockopt$inet_sctp6_SCTP_PEER_ADDR_PARAMS(r3, 0x84, 0x9, &(0x7f0000000300)={0x0, @in6={{0xa, 0x0, 0x0, @empty}}, 0x0, 0x0, 0x317, 0x1, 0x34, 0x9}, 0x9c)
syslog(0x4, 0x0, 0x0)

5m50.944153094s ago: executing program 4 (id=1466):
sendmsg$nl_route(0xffffffffffffffff, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000000100)={&(0x7f0000000000)=ANY=[@ANYBLOB="1c0008001800030002"], 0x1c}, 0x1, 0x0, 0x0, 0x20040040}, 0x6080)
bpf$MAP_CREATE(0x0, &(0x7f0000000000)=ANY=[@ANYBLOB="1400000007"], 0x50)
r0 = socket$nl_audit(0x10, 0x3, 0x9)
sendmsg$AUDIT_SET_FEATURE(r0, &(0x7f0000003800)={0x0, 0x0, &(0x7f00000037c0)={&(0x7f0000003780)={0x20, 0x3fa, 0x0, 0x70bd28, 0x25dfdbfc, {0x1, 0x1, 0x1, 0x1}}, 0x20}, 0x1, 0x0, 0x0, 0x20000104}, 0x80)
sendmsg(0xffffffffffffffff, 0x0, 0x0)
r1 = bpf$BPF_PROG_WITH_BTFID_LOAD(0x5, &(0x7f0000000280)=@bpf_lsm={0x6, 0x3, &(0x7f00000003c0)=ANY=[@ANYBLOB="18000000003f000000000000000000f195"], &(0x7f0000000140)='GPL\x00'}, 0x90)
bpf$BPF_PROG_TEST_RUN(0x1c, &(0x7f0000000240)={r1, 0x26, 0x25, 0x4, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x40)
r2 = socket$pppl2tp(0x18, 0x1, 0x1)
ioctl$SIOCSIFMTU(r2, 0x8922, &(0x7f00000008c0)={'team0\x00', 0xe761})
r3 = syz_init_net_socket$bt_hci(0x1f, 0x3, 0x1)
bind$bt_hci(r3, &(0x7f0000000040)={0x1f, 0xffff, 0x3}, 0x6)
socket(0x10, 0x3, 0x0)
sendmsg$nl_route(0xffffffffffffffff, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000080)={&(0x7f0000000100)=ANY=[@ANYBLOB="500000001000010425bbe5ad600027842cf52300", @ANYRES32=0x0, @ANYBLOB="0000000000008000280012800a00010076786c"], 0x50}}, 0x4000000)
write$binfmt_misc(r3, &(0x7f0000000000), 0xd)

5m49.713023457s ago: executing program 4 (id=1471):
ioctl$UFFDIO_API(0xffffffffffffffff, 0xc018aa3f, &(0x7f0000000140))
getpid()
r0 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000380)={0x11, 0x4, &(0x7f00000002c0)=ANY=[@ANYBLOB="1801000000000000000000000000ea04850000005000000095"], &(0x7f0000000100)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x2}, 0x80)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000140)={&(0x7f0000000040)='sched_switch\x00', r0}, 0x10)
mkdirat$cgroup_root(0xffffffffffffff9c, 0x0, 0x1ff)
r1 = openat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000000), 0x200002, 0x0)
r2 = openat$cgroup_freezer_state(r1, &(0x7f0000000140), 0x2, 0x0)
setsockopt$IP6T_SO_SET_REPLACE(0xffffffffffffffff, 0x29, 0x40, &(0x7f0000000880)=@filter={'filter\x00', 0xe, 0x4, 0x4f8, 0xffffffff, 0x330, 0x330, 0x330, 0xffffffff, 0xffffffff, 0x428, 0x428, 0x428, 0xffffffff, 0x4, &(0x7f0000000180), {[{{@ipv6={@mcast1, @dev={0xfe, 0x80, '\x00', 0x26}, [0xff000000, 0xff, 0xffffffff, 0xffffff00], [0xffffff00, 0xffffff00, 0xffffff00, 0xff000000], 'vcan0\x00', 'pimreg1\x00', {0xff}, {0xff}, 0x3c, 0x4, 0x6, 0x30}, 0x0, 0xd0, 0xf8, 0x0, {}, [@common=@mh={{0x28}, {"b8e4"}}]}, @REJECT={0x28, 'REJECT\x00', 0x0, {0x2}}}, {{@ipv6={@remote, @private2, [0xffffff00, 0x0, 0x0, 0xff000000], [0x0, 0xffffff00, 0xff, 0xff], 'wlan0\x00', 'dvmrp0\x00', {}, {0xff}, 0x2c, 0x1, 0x6, 0x50}, 0x0, 0x210, 0x238, 0x0, {}, [@common=@rt={{0x138}, {0xfffffffa, [0x4, 0x4], 0x81, 0x10, 0x7, [@remote, @loopback, @rand_addr=' \x01\x00', @remote, @private2={0xfc, 0x2, '\x00', 0x1}, @empty, @private2={0xfc, 0x2, '\x00', 0x1}, @mcast1, @remote, @local, @local, @mcast1, @local, @ipv4={'\x00', '\xff\xff', @rand_addr=0x64010100}, @loopback, @loopback]}}, @common=@frag={{0x30}, {[0x8, 0xc221], 0x9, 0x16}}]}, @common=@inet=@SET1={0x28, 'SET\x00', 0x1, {{0xffffffffffffffff, 0x5, 0x6}, {0xffffffffffffffff, 0x1, 0x4}}}}, {{@uncond, 0x0, 0xd0, 0xf8, 0x0, {}, [@common=@ipv6header={{0x28}, {0x8, 0x20}}]}, @REJECT={0x28, 'REJECT\x00', 0x0, {0x1}}}], {{'\x00', 0x0, 0xa8, 0xd0}, {0x28}}}}, 0x558)
sendfile(r2, r2, 0x0, 0x9)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
prlimit64(0x0, 0xe, &(0x7f0000000380)={0x8, 0x100008b}, 0x0)
sched_setscheduler(0x0, 0x1, &(0x7f0000000000)=0x7)
bpf$MAP_CREATE_RINGBUF(0x0, &(0x7f0000000580)=ANY=[], 0x50)
openat$sequencer(0xffffffffffffff9c, &(0x7f0000000280), 0x0, 0x0)
openat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000200)='./cgroup.net/syz0\x00', 0x200002, 0x0)
writev(0xffffffffffffffff, &(0x7f0000000840)=[{&(0x7f00000002c0)="94", 0xf000}, {0x0}], 0x2)
r3 = socket$inet6(0xa, 0x1, 0x8010000000000084)
write$cgroup_devices(0xffffffffffffffff, &(0x7f0000000140)=ANY=[@ANYBLOB], 0xa)
bind$inet6(r3, &(0x7f00000000c0)={0xa, 0x4e21, 0x0, @empty}, 0x1c)
connect$inet6(r3, &(0x7f0000000000)={0xa, 0x4e21, 0x0, @ipv4={'\x00', '\xff\xff', @dev={0xac, 0x14, 0x14, 0x14}}}, 0x1c)
r4 = openat$vim2m(0xffffffffffffff9c, &(0x7f0000000000), 0x2, 0x0)
r5 = dup(r4)
mmap(&(0x7f0000fed000/0x12000)=nil, 0x12000, 0x2, 0x11, r5, 0x0)
ioctl$vim2m_VIDIOC_REQBUFS(r4, 0xc0585609, &(0x7f0000000080)={0x0, 0x2, 0x0, 0x0, 0x3})
setsockopt$inet_sctp6_SCTP_PEER_ADDR_PARAMS(r3, 0x84, 0x9, &(0x7f0000000300)={0x0, @in6={{0xa, 0x0, 0x0, @empty}}, 0x0, 0x0, 0x317, 0x1, 0x34, 0x9}, 0x9c)
socket$xdp(0x2c, 0x3, 0x0)

5m48.221631968s ago: executing program 4 (id=1474):
sendmsg$NFT_BATCH(0xffffffffffffffff, &(0x7f000000c2c0)={0x0, 0x0, &(0x7f0000000200)={0x0, 0x7c}}, 0x0)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0)
sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x7)
r0 = getpid()
sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2)
sched_setscheduler(r0, 0x2, &(0x7f0000000200)=0x4)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeef, 0x8031, 0xffffffffffffffff, 0x0)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={<r1=>0xffffffffffffffff, <r2=>0xffffffffffffffff})
connect$unix(r1, &(0x7f000057eff8)=@file={0x0, './file0\x00'}, 0x6e)
sendmmsg$unix(r2, &(0x7f0000000000), 0x400000000000041, 0x0)
sched_setaffinity(r0, 0x8, &(0x7f0000000240)=0x2)
recvmmsg(r1, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
r3 = socket$inet_smc(0x2b, 0x1, 0x0)
socket$netlink(0x10, 0x3, 0x14)
connect$inet(r3, &(0x7f0000001980)={0x2, 0x1, @loopback}, 0x10)
socket$inet_smc(0x2b, 0x1, 0x0)
setsockopt$IP6T_SO_SET_REPLACE(0xffffffffffffffff, 0x29, 0x40, &(0x7f0000000b00)=@raw={'raw\x00', 0x8, 0x3, 0x270, 0xd0, 0xffffffff, 0xffffffff, 0xd0, 0xffffffff, 0x1a0, 0xffffffff, 0xffffffff, 0x1a0, 0xffffffff, 0x3, 0x0, {[{{@ipv6={@private0, @mcast2, [], [], 'veth0_macvtap\x00', 'dvmrp1\x00'}, 0x0, 0xa8, 0xd0}, @common=@unspec=@NFQUEUE0={0x28}}, {{@ipv6={@remote, @ipv4={'\x00', '\xff\xff', @dev}, [], [], 'wg1\x00', 'pimreg\x00', {}, {}, 0x1}, 0x0, 0xa8, 0xd0}, @common=@unspec=@STANDARD={0x28}}], {{'\x00', 0x0, 0xa8, 0xd0}, {0x28, '\x00', 0x7}}}}, 0x2d0)
bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x3, 0xc, &(0x7f00000003c0)=ANY=[@ANYBLOB="1800000000000000000000000000000085000000610000001801000020646c2500000000002020207b1af8ff00000000bfa100000000000007010000f8ffffffb702000008000000b703000000000000850000001700000095"], &(0x7f0000000200)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @sched_cls=0x2f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
openat$uinput(0xffffffffffffff9c, &(0x7f0000000000), 0x2, 0x0)
ioctl$SW_SYNC_IOC_CREATE_FENCE(0xffffffffffffffff, 0xc0285700, &(0x7f0000000f40)={0x8, "b546baa5cc590d3033de259c2996817bb959ebab028deda525e19bdeffafde25"})
r4 = openat$ptmx(0xffffffffffffff9c, &(0x7f0000000040), 0x41, 0x0)
getsockopt$sock_cred(0xffffffffffffffff, 0x1, 0x11, &(0x7f0000000000), &(0x7f0000000040)=0xc)
syz_open_pts(r4, 0x20000)

5m47.001726423s ago: executing program 4 (id=1476):
r0 = socket$packet(0x11, 0x2, 0x300)
pipe2$9p(&(0x7f00000005c0)={0xffffffffffffffff, <r1=>0xffffffffffffffff}, 0x800)
r2 = syz_open_procfs$userns(0x0, &(0x7f0000000b80))
splice(r2, &(0x7f0000000bc0)=0x10000, r1, 0x0, 0x3, 0x4)
r3 = syz_open_dev$MSR(&(0x7f00000001c0), 0x0, 0x0)
ioctl$PPPIOCSACTIVE(r3, 0xc02063a1, 0x0)
ioctl$sock_SIOCGIFINDEX(r0, 0x8933, &(0x7f0000000080)={'bridge_slave_0\x00', <r4=>0x0})
socket$nl_route(0x10, 0x3, 0x0)
sendto$inet6(0xffffffffffffffff, 0x0, 0x0, 0x0, &(0x7f0000000300)={0xa, 0x4e20, 0x0, @mcast1}, 0x1c)
r5 = socket$kcm(0x10, 0x2, 0x0)
sendmsg$inet(r5, &(0x7f0000000080)={0x0, 0x74, &(0x7f0000000100)=[{&(0x7f00000001c0)="5c00000012006bab9a3fe3d86e17aa0a046b876c1d0048007ea60864160af36504001a0038001d001931a0e69ee517d34460bc06000000a705251e6182949a3651f60a84c9f4d4938037e70e4509c5bb", 0x33fe0}], 0x1, 0x0, 0x0, 0x1f00c00e}, 0x0)
recvmsg$kcm(r5, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000004140)=[{&(0x7f0000000240)=""/212, 0xd4}], 0x1}, 0x0)
ioctl$SNDCTL_DSP_SETFMT(0xffffffffffffffff, 0xc0045005, &(0x7f0000000300)=0x10)
r6 = socket$nl_xfrm(0x10, 0x3, 0x6)
sendmsg$nl_xfrm(r6, &(0x7f0000000840)={0x0, 0x0, &(0x7f0000000680)={&(0x7f00000001c0)=ANY=[@ANYBLOB], 0x34c}}, 0x44)
bpf$PROG_LOAD(0x5, &(0x7f0000000180)={0x12, 0x4, &(0x7f0000000000)=ANY=[@ANYRES64=r1], &(0x7f00000000c0)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', r4, @cgroup_sock_addr=0x1d, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
r7 = socket$kcm(0x10, 0x2, 0x10)
sendmsg$kcm(r7, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000480)=[{&(0x7f0000000000)="1400000010003507d25a806f8c6394f90324fc60", 0x14}], 0x1}, 0x0)
recvmmsg(r7, 0x0, 0x0, 0x42, 0x0)

5m46.587228512s ago: executing program 4 (id=1479):
r0 = socket$nl_generic(0x10, 0x3, 0x10)
r1 = syz_genetlink_get_family_id$nl80211(&(0x7f0000000040), 0xffffffffffffffff)
ioctl$sock_SIOCGIFINDEX_80211(r0, 0x8933, &(0x7f0000000080)={'wlan0\x00', <r2=>0x0})
r3 = socket$nl_netfilter(0x10, 0x3, 0xc)
sendmsg$NFULNL_MSG_CONFIG(r3, &(0x7f0000000240)={0x0, 0x0, &(0x7f0000000140)={&(0x7f0000000100)={0x1c, 0x1, 0x4, 0x801, 0x0, 0x0, {0x7, 0x0, 0x7}, [@NFULA_CFG_CMD={0x5, 0x1, 0x4}]}, 0x1c}, 0x1, 0x0, 0x0, 0x20008844}, 0x40004000)
sendmsg$NL80211_CMD_JOIN_MESH(r0, &(0x7f0000000180)={0x0, 0x0, &(0x7f0000000300)={&(0x7f00000013c0)=ANY=[@ANYBLOB='L\x00\x00\x00', @ANYRES16=r1, @ANYBLOB="050000000200000000004400000008000300", @ANYRES32=r2, @ANYBLOB="2400238006000a000500000006000100b00000000600190003"], 0x4c}}, 0x0)
sendmsg$NL80211_CMD_DEL_KEY(0xffffffffffffffff, &(0x7f00000004c0)={&(0x7f0000000400)={0x10, 0x0, 0x0, 0x2000000}, 0xc, &(0x7f0000000480)={&(0x7f0000000440)={0x14, r1, 0x200, 0x70bd29, 0x25dfdbfb, {{}, {@void, @void}}}, 0x14}, 0x1, 0x0, 0x0, 0x2000c000}, 0x24000000)
bpf$MAP_CREATE(0x0, &(0x7f0000001e80)=ANY=[@ANYBLOB="0b000000080000000c000000ffffffff01"], 0x48)
syz_io_uring_setup(0x9e, &(0x7f0000000000)={0x0, 0xec25, 0x0, 0x2, 0x40000334}, &(0x7f0000000240)=<r4=>0x0, &(0x7f0000000280)=<r5=>0x0)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x5, 0x8b}, 0x0)
sched_setscheduler(0x0, 0x1, &(0x7f0000000100)=0x2)
sched_setaffinity(0x0, 0x8, &(0x7f0000000200)=0x400000bce)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
r6 = syz_open_dev$MSR(&(0x7f00000001c0), 0x0, 0x0)
read$msr(r6, &(0x7f0000002000)=""/102400, 0x19000)
syz_memcpy_off$IO_URING_METADATA_GENERIC(r4, 0x4, &(0x7f0000000180)=0xfffffffc, 0x0, 0x4)
syz_io_uring_submit(r4, r5, &(0x7f0000000200)=@IORING_OP_READV=@pass_iovec={0x1, 0x0, 0x6007, @fd_index=0x4, 0x0, &(0x7f00000002c0)})
r7 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000600)={0x11, 0x3, &(0x7f0000000200)=@framed, &(0x7f00000003c0)='GPL\x00'}, 0x90)
openat$dsp(0xffffffffffffff9c, &(0x7f0000000040), 0x140, 0x0)
r8 = syz_open_procfs(0x0, &(0x7f00000006c0)='net/route\x00')
r9 = epoll_create(0x10001)
mount$9p_fd(0x0, &(0x7f00000000c0)='.\x00', &(0x7f0000000040), 0x0, &(0x7f0000000300)={'trans=fd,', {'rfdno', 0x3d, r8}, 0x2c, {'wfdno', 0x3d, r9}})
ioctl$SNDCTL_DSP_SETFMT(r8, 0xc0045005, &(0x7f0000001180)=0x2000001)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000000)={&(0x7f0000000140)='contention_end\x00', r7}, 0x10)
r10 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000500)={0x18, 0x3, &(0x7f0000001980)=ANY=[@ANYBLOB="1800000000000000000000000000000095"], &(0x7f00000000c0)='GPL\x00'}, 0x94)
r11 = bpf$MAP_CREATE_TAIL_CALL(0x0, &(0x7f0000000740)={0x3, 0x4, 0x4, 0xa, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0}, 0x48)
mmap$IORING_OFF_SQ_RING(&(0x7f0000ffa000/0x4000)=nil, 0x4000, 0x1000001, 0x1010, r8, 0x0)
bpf$MAP_UPDATE_ELEM_TAIL_CALL(0x2, &(0x7f00000003c0)={{r11, <r12=>0xffffffffffffffff}, &(0x7f00000001c0), &(0x7f0000000380)=r10}, 0x20)
bpf$PROG_LOAD(0x5, &(0x7f00000002c0)={0x3, 0x10, &(0x7f0000000000)=@framed={{0x18, 0x8}, [@tail_call={{0x18, 0x2, 0x1, 0x0, r12}, {}, {}, {0x7, 0x0, 0xb, 0x7}}, @printk]}, &(0x7f0000000080)='GPL\x00', 0x0, 0x0, 0x0, 0x40f00, 0x0, '\x00', 0x0, @sched_cls, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)

5m44.040070824s ago: executing program 4 (id=1482):
r0 = socket$alg(0x26, 0x5, 0x0)
r1 = syz_open_dev$tty1(0xc, 0x4, 0x3)
bind$alg(r0, &(0x7f00000001c0)={0x26, 'aead\x00', 0x0, 0x0, 'gcm(aes)\x00'}, 0x4c)
setsockopt$ALG_SET_KEY(r0, 0x117, 0x1, &(0x7f0000000300)="c99b57381801238c09d05c164a534308", 0x10)
ioctl$TIOCGPGRP(r1, 0x540f, &(0x7f0000000000)=<r2=>0x0)
prctl$PR_SCHED_CORE(0x3e, 0x1, r2, 0x2, &(0x7f0000000040))
r3 = accept4(r0, 0x0, 0x0, 0x0)
recvmmsg(r3, &(0x7f0000004c00)=[{{0x0, 0x0, &(0x7f0000000240)}, 0x2ca998c3}], 0x4000032, 0x40000021, 0x0)
recvmsg$can_raw(r3, &(0x7f00000002c0)={0x0, 0x0, 0x0}, 0x1)

5m28.751549655s ago: executing program 33 (id=1482):
r0 = socket$alg(0x26, 0x5, 0x0)
r1 = syz_open_dev$tty1(0xc, 0x4, 0x3)
bind$alg(r0, &(0x7f00000001c0)={0x26, 'aead\x00', 0x0, 0x0, 'gcm(aes)\x00'}, 0x4c)
setsockopt$ALG_SET_KEY(r0, 0x117, 0x1, &(0x7f0000000300)="c99b57381801238c09d05c164a534308", 0x10)
ioctl$TIOCGPGRP(r1, 0x540f, &(0x7f0000000000)=<r2=>0x0)
prctl$PR_SCHED_CORE(0x3e, 0x1, r2, 0x2, &(0x7f0000000040))
r3 = accept4(r0, 0x0, 0x0, 0x0)
recvmmsg(r3, &(0x7f0000004c00)=[{{0x0, 0x0, &(0x7f0000000240)}, 0x2ca998c3}], 0x4000032, 0x40000021, 0x0)
recvmsg$can_raw(r3, &(0x7f00000002c0)={0x0, 0x0, 0x0}, 0x1)

3m5.619367774s ago: executing program 5 (id=948):
r0 = openat$ttyS3(0xffffffffffffff9c, &(0x7f0000001840), 0x2982, 0x0)
openat$binderfs(0xffffffffffffff9c, &(0x7f0000000380)='./binderfs/binder0\x00', 0x802, 0x0)
prlimit64(0x0, 0xe, &(0x7f0000000380)={0x8, 0x100008b}, 0x0)
sched_setscheduler(0x0, 0x1, &(0x7f0000000200)=0x5)
openat$sequencer(0xffffffffffffff9c, &(0x7f0000000300), 0x80200, 0x0)
r1 = syz_open_dev$sndmidi(&(0x7f00000004c0), 0x2, 0x141102)
writev(r1, &(0x7f0000000840)=[{&(0x7f00000002c0)="94", 0xf000}, {0x0}], 0x2)
r2 = bpf$MAP_CREATE(0x0, &(0x7f0000000000)=ANY=[@ANYBLOB="070000000400000020000000010000000000", @ANYRES32, @ANYBLOB='\x00'/20, @ANYRES32=0x0, @ANYRES32, @ANYBLOB='\x00\x00\x00\x00\x00\x00\x00'], 0x50)
bpf$BPF_GET_MAP_INFO(0x3, &(0x7f00000006c0)={r2, 0x58, &(0x7f0000000100)}, 0x87)
bind$inet(0xffffffffffffffff, &(0x7f00000001c0)={0x2, 0x0, @local}, 0x10)
bpf$MAP_CREATE(0x0, &(0x7f0000000400)=@base={0xe, 0x4, 0x4, 0x3}, 0x50)
r3 = bpf$MAP_CREATE_CONST_STR(0x0, &(0x7f0000000680)=ANY=[@ANYBLOB="02000000040000f9080000000100000080000000", @ANYRES32=0x0, @ANYBLOB='\x00'/20, @ANYRES32=0x0, @ANYRES32=0x0, @ANYBLOB='\x00'/28], 0x50)
r4 = syz_open_dev$tty1(0xc, 0x4, 0x1)
write$UHID_INPUT(r4, 0x0, 0x0)
bpf$PROG_LOAD(0x5, 0x0, 0x0)
r5 = syz_genetlink_get_family_id$nbd(&(0x7f0000000040), 0xffffffffffffffff)
sendmsg$NBD_CMD_CONNECT(0xffffffffffffffff, &(0x7f0000001ac0)={0x0, 0x0, &(0x7f0000000280)={&(0x7f0000000a40)={0x3c, r5, 0x1, 0x70bd28, 0x25dfdbf7, {}, [@NBD_ATTR_SOCKETS={0x1c, 0x7, 0x0, 0x1, [{0xc, 0x1, 0x0, 0x1, {0x8, 0x1, r3}}, {0xc, 0x1, 0x0, 0x1, {0x8}}]}, @NBD_ATTR_SIZE_BYTES={0xc, 0x2, 0x3}]}, 0x3c}, 0x1, 0x0, 0x0, 0x20004000}, 0x0)
setsockopt$inet_tcp_int(0xffffffffffffffff, 0x6, 0x18, 0x0, 0x0)
socket(0x10, 0x80003, 0x0)
mmap$xdp(&(0x7f0000800000/0x800000)=nil, 0x800000, 0x3000004, 0x42031, 0xffffffffffffffff, 0x0)
mremap(&(0x7f00007b2000/0x4000)=nil, 0x4000, 0x3000, 0x3, &(0x7f0000968000/0x3000)=nil)
r6 = syz_open_procfs(0x0, &(0x7f0000000240)='net/dev_mcast\x00')
pread64(r6, &(0x7f0000019080)=""/102352, 0x18fd0, 0x3)
r7 = openat$procfs(0xffffffffffffff9c, &(0x7f00000001c0)='/proc/timer_list\x00', 0x0, 0x0)
sendfile(r0, r7, 0x0, 0x20000023896)

2m44.971879144s ago: executing program 1 (id=1858):
r0 = syz_open_dev$video(&(0x7f0000000000), 0x75, 0x0)
r1 = openat$tun(0xffffffffffffff9c, 0x0, 0x0, 0x0)
ioctl$TUNSETIFF(r1, 0x400454ca, &(0x7f0000000040)={'syzkaller0\x00', 0x7101})
r2 = socket(0x400000000010, 0x3, 0x0)
socket$unix(0x1, 0x5, 0x0)
sendto$inet6(0xffffffffffffffff, 0x0, 0x0, 0x6d91fb6102d8d9cc, 0x0, 0x0)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x5, 0x8b}, 0x0)
sched_setscheduler(0x0, 0x1, &(0x7f0000000100)=0x2)
sched_setaffinity(0x0, 0x8, &(0x7f0000000200)=0x400000bce)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
r3 = syz_open_dev$MSR(&(0x7f00000001c0), 0x0, 0x0)
read$msr(r3, &(0x7f0000002000)=""/102400, 0x19000)
creat(0x0, 0x0)
sendto$inet6(0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0)
sendmsg$nl_route_sched(r2, &(0x7f00000012c0)={0x0, 0x0, &(0x7f0000000080)={&(0x7f00000005c0)=@newqdisc={0x38, 0x24, 0x4ee4e6a52ff56541, 0x70bd2d, 0x25dfdbfd, {0x0, 0x0, 0x0, 0x0, {0x0, 0xfff1}, {0xffff, 0xffff}, {0x1, 0xf}}, [@qdisc_kind_options=@q_multiq={{0xb}, {0x8, 0x2, {0x28}}}]}, 0x38}}, 0x0)
mknod$loop(&(0x7f0000000140)='./file0\x00', 0xfff, 0x0)
mount$tmpfs(0x0, &(0x7f0000000080)='./file0\x00', &(0x7f00000000c0), 0x800400, &(0x7f0000000100)={[{@usrquota}, {@usrquota_block_hardlimit={'usrquota_block_hardlimit', 0x3d, [0x38]}}]})
cachestat(r0, &(0x7f00000000c0)={0x0, 0xffffffffffffff1c}, 0x0, 0x0)
r4 = openat$nullb(0xffffffffffffff9c, &(0x7f0000000100), 0x1c7902, 0x0)
ioprio_set$uid(0x3, 0x0, 0x0)
sendfile(r4, r4, 0x0, 0x7fffffffffffffff)

2m42.680629961s ago: executing program 1 (id=1865):
r0 = syz_open_dev$vim2m(&(0x7f0000000000), 0x7c34, 0x2)
ioctl$vim2m_VIDIOC_S_FMT(r0, 0xc0d05605, &(0x7f0000000140)={0x1, @pix={0x7f, 0x4000000, 0x38416761, 0x2, 0x0, 0x4, 0xa, 0x9, 0x1, 0x3, 0x1, 0xc0b4c4325ad1a7ca}})
r1 = socket$nl_route(0x10, 0x3, 0x0)
r2 = socket(0x200000000000011, 0x2, 0x0)
ioctl$sock_SIOCGIFINDEX(r2, 0x8933, &(0x7f0000000000)={'bridge0\x00', <r3=>0x0})
sendmsg$nl_route(r1, &(0x7f0000000280)={0x0, 0x0, &(0x7f0000000140)={&(0x7f0000000600)=ANY=[@ANYBLOB="4c00000010000304000000000000000000007400", @ANYRES32=r3, @ANYBLOB="f3ffffff031201002c0012800b00010062726964676500001c0002800800050001000000060027000000000005002d00000000003a5bfc2d0ba731dfbed45b63f9b533dcf0ffad15981631502bf44b78a4a9d5e4b123c8faace8"], 0x4c}, 0x1, 0x0, 0x0, 0x800}, 0x0)
r4 = openat$ptp0(0xffffffffffffff9c, &(0x7f0000000000), 0x2, 0x0)
ioctl$PTP_EXTTS_REQUEST2(r4, 0x40103d0b, &(0x7f00000000c0)={0x3, 0x300})
ioctl$TCSETSW2(0xffffffffffffffff, 0x402c542c, &(0x7f0000000000)={0x7, 0x400, 0x2008000, 0x5, 0x2, "8a8eab67a6a300000005885059cf0a7aea2d6a", 0x46c8, 0x2})
sendmsg$NFT_BATCH(0xffffffffffffffff, &(0x7f0000000000)={0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x24040800}, 0x0)
mprotect(&(0x7f0000000000/0x800000)=nil, 0x800000, 0xc)
r5 = socket$inet6(0xa, 0x1, 0x0)
setsockopt$SO_ATTACH_FILTER(r5, 0x1, 0x50, &(0x7f0000000000)={0x0, 0x0}, 0x10)
ioctl$AUTOFS_DEV_IOCTL_OPENMOUNT(0xffffffffffffffff, 0xc0189374, &(0x7f0000000040)={{0x1, 0x1, 0x18, r0, {0x3c}}, './file0\x00'})
r6 = openat$hwrng(0xffffffffffffff9c, &(0x7f00000002c0), 0x221000, 0x0)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000240)={&(0x7f00000000c0)='file_check_and_advance_wb_err\x00', r6, 0x0, 0x2}, 0x18)
read$FUSE(r6, &(0x7f0000002c80)={0x2020}, 0xfffffdb2)
ioctl$DRM_IOCTL_RES_CTX(r6, 0xc0106426, &(0x7f0000000100)={0x2, &(0x7f0000000080)=[{}, {}]})

2m41.682952946s ago: executing program 1 (id=1867):
r0 = syz_init_net_socket$ax25(0x3, 0x2, 0x7)
ioctl$SIOCAX25GETINFOOLD(r0, 0x89e9, &(0x7f0000000040))
r1 = syz_open_procfs(0x0, &(0x7f0000000000)='stat\x00')
mount$9p_fd(0x0, &(0x7f0000000100)='.\x00', &(0x7f0000000040), 0x0, &(0x7f0000000880)=ANY=[@ANYBLOB='trans=fd,rfdno=', @ANYRESHEX=r1, @ANYBLOB=',wfdno=', @ANYRESHEX=r1])
r2 = syz_io_uring_setup(0x2e3b, &(0x7f0000000240)={0x0, 0x69e5, 0x10000, 0x0, 0x166, 0x0, r1}, &(0x7f00000003c0)=<r3=>0x0, &(0x7f0000001040)=<r4=>0x0)
syz_io_uring_submit(r3, r4, &(0x7f0000000180)=@IORING_OP_READV=@pass_iovec={0x1, 0x0, 0x0, @fd=r1, 0x0, &(0x7f0000000340)=[{&(0x7f0000000200)=""/9, 0x9}], 0x1})
io_uring_enter(r2, 0x567, 0xa1ff, 0x0, 0x0, 0x0)
ioctl$BTRFS_IOC_GET_DEV_STATS(r0, 0xc4089434, &(0x7f0000000080)={0x0, 0x4, 0x0, [0x8001, 0x2, 0xdd8, 0x3, 0x40], [0x78b, 0x2, 0x8f3, 0x4, 0x7, 0x6, 0x3b31f9d6, 0x6, 0x7, 0x7, 0xf, 0x7ff, 0x2, 0xffe, 0x100000000, 0x8000000000000000, 0x10000, 0x4, 0x1, 0x3, 0xfffffffffffffff9, 0x6, 0x0, 0x200, 0x1, 0x4, 0x6, 0xc, 0x9, 0x5, 0x8, 0xc1d, 0xc1, 0x1, 0x7ff, 0x3, 0x5, 0x1000, 0xe379, 0x1, 0x7, 0x5, 0x2, 0x7, 0xfffffffffffffff7, 0x906, 0x1, 0x6, 0x3, 0x3, 0x5, 0x0, 0x100, 0x10, 0x2, 0xd88, 0x2, 0x2, 0x3, 0xa, 0x888d, 0x7, 0xffffffff93aa4ebc, 0x7, 0x7a7f, 0x6, 0x2, 0xfffffffffffff98f, 0xdc51, 0x2, 0x1, 0x7c, 0x0, 0x5dae, 0xffff, 0xe, 0xd, 0x100, 0x0, 0x2, 0x5, 0x3, 0x1e9, 0x10, 0x8cd5, 0xfffffffffffffffa, 0x4, 0xffffffff, 0x7, 0x80000001, 0x100000000, 0x3, 0x6, 0x5, 0x6, 0x400, 0x1ff, 0x1, 0x9, 0x8, 0x1, 0xc, 0x4, 0x9, 0x0, 0x8, 0xf4f, 0x6b, 0x3, 0x3, 0x6, 0x0, 0x7, 0x1, 0x3, 0x81, 0x8527, 0x39b1, 0x7, 0x7, 0x7]})
openat$misdntimer(0xffffffffffffff9c, &(0x7f0000001440), 0x0, 0x0)
syz_open_procfs(0x0, &(0x7f0000000280)='fd/3\x00')
epoll_create1(0x0)
r5 = socket$inet_tcp(0x2, 0x1, 0x0)
ioctl$sock_inet_SIOCSIFADDR(r5, 0x8916, &(0x7f0000000180)={'lo\x00', {0x2, 0x4e21, @empty=0x7f000000}})

2m41.481446773s ago: executing program 1 (id=1868):
r0 = socket$nl_netfilter(0x10, 0x3, 0xc)
sendmsg$IPSET_CMD_SWAP(r0, &(0x7f0000003600)={0x0, 0x0, &(0x7f00000035c0)={&(0x7f0000003540)={0x34, 0x6, 0x6, 0x101, 0x0, 0x0, {0x0, 0x0, 0x5}, [@IPSET_ATTR_PROTOCOL={0x5}, @IPSET_ATTR_SETNAME={0x9, 0x2, 'syz0\x00'}, @IPSET_ATTR_SETNAME2={0x9, 0x3, 'syz2\x00'}]}, 0x34}, 0x1, 0x0, 0x0, 0x20004000}, 0x400c050) (fail_nth: 9)

2m40.894010286s ago: executing program 1 (id=1871):
socket$alg(0x26, 0x5, 0x0)
prlimit64(0x0, 0xb, &(0x7f00000000c0)={0x90a, 0x88}, 0x0)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
sched_setscheduler(0x0, 0x1, &(0x7f0000000000)=0x7)
openat$sequencer(0xffffffffffffff9c, &(0x7f00000001c0), 0x80280, 0x0)
r0 = syz_open_dev$sndmidi(&(0x7f00000004c0), 0x2, 0x141102)
writev(r0, &(0x7f0000000840)=[{&(0x7f00000002c0)="94", 0xf000}, {0x0}], 0x2)
r1 = openat$sequencer(0xffffffffffffff9c, &(0x7f0000000300), 0x0, 0x0)
sendmsg$NL80211_CMD_SET_TX_BITRATE_MASK(0xffffffffffffffff, &(0x7f00000003c0)={&(0x7f0000000340)={0x10, 0x0, 0x0, 0x1000}, 0xc, &(0x7f0000000380)={&(0x7f0000000880)=ANY=[@ANYBLOB='\\\n\x00\x00', @ANYRES16=0x0, @ANYBLOB="290b2cbd70007ddbdf253900000008000300", @ANYRES32=0x0, @ANYBLOB="0c0099005000000052000000a0025a8018000080140005000000ffff07007f0000000700020000008000008014000500030010009809f7ffd50580d4db940800140005000700090000000400800005006f2aff074a0002004e5748110b4f493c431d15416807512c451d10384925172317323f304b1a552c361834421434411e411a13171a414956015243260a0d2d57265605002c0a0f1a2f4e2508042600000500040000000000740003801e000100480b0503480c481218601b3f0b0403601886066c0503192f6018000014000500db050700050068fe000009000900080014000300000002000500f7fffde701004d040900140005000100070005000500000105000002368c14000300060001005b047f00000001000100fbff8400018014000300010009000f000a000080090009000c00140005000001ff0301000100b8c50600010001001400050008000d000300527d09000300060090001b0001000405040c4812000b366c012401240b033602010403120c0014000500070008000400080001f002000700020014000500afb80300000000800180000009000600340000801400030008000f00050000e0000007000700030014000300000004000100070001bd02008d9edb0705000400010000004400028014000500900002000200060002000a00020001041600010004120c240248240c6006120360300106000c0000140003000100030001000200050024060700210050000380050007000000000005000600020000001500010005090b0b04030b0405012401000c30021b0000000500070000000000140005000900ff000002060081000300472500800500040000000000440001801400030008000200050002000400f9ff04000800140003006000080063a105000400020008000a000500060002000000050007000000000005000700000000001c025a807c0003801400030002000400fbff00010200240202008d071400030005000400610008009500090007000800050004000000000014000500ff03a4ff000403000400400002006e000a0001000404091600600000050006000000000005000700000000000e0002005012145341423f4e3b4e00000500060001000000f40000800500070002000000140003000300ff010200be46ff7f01000100743e050007000200000014000300010007000400000009000300ffff09001d0001006e1b1b121803126c1a0202024824061b046c36021b241605150000002000010003050302040c6c1b1b010624180301041609030216600c3630181201140003000200e4f3ff0f050009000000010004001b00010008366c0c810000180160301b0160601b0004060b090960004000020042491e4941414e380a26275508403529570d412003152b4b310f29125716321b4836322b525018292f1008112618273c074d343f404f4a19050a134605000700010000004c0002800500070001000000140005006d8e050003000c00030000000100fdff100002004728303208310b00372b52491b000100486c05140b0104480c0c6012480c0009481209090304030050000180050004000200000005000600010000000500070001000000160001001203000530020b0c1812011b090b0b186c180000050006000200000014000100060624080c0430300b120930016018120c000180050006000100000024015a802c0000800d000100240924486a04244e020000000500060002000000050007000000000005000700010000007000038014000300050007000a00080003005fa803000a0031000200461d32060c194115074e0535110c292726105639442f44143d090e3c1b182f0e3a2941230400434f0e2c2d222100000005000400010000000500060002000000140003000500030002000600000005000200080084000180050001001200000040000200404641233a313439212d0f2d28401a243b1e374a2e2652452b44434140563b540f0c4756882d121d0b4236301e0552293007100c52453c391a0912163600020040442f113b410d4e131848371d542f3927224c34410e2c0f451e34541f1a0e011d542a010c091d49333e48063f18050321490000ac015a80900003800500060001000000050007000100000005000400010000001f000200302d0820391e1c1a16032b0e36303d38184817f13c104c0a3c052b003e000200435637035250320d171c1a131c35210b18480735480315072b4c4740073d4f2917301f3d544048502e404d4e1110400b44020a371a164b060b24000014000500060003000000010000c0020001007600400002801f0001006c050106160d0b0001480536486012096c1b0318181b481b00600900050004000000000014000300ad0009000800060002000900350b7f0044000080140005000100018008009909080000040e00080014000300240c00021d0005000900080002000500050007000000000005000600010000000500040002000000040000809000008014000300810002000800050004000700ffff030013000200393719413a1f3934570052083a10340014000500008003000400c9050900f8ff0100a2001400030046a509000500510bfdff050003009900140003000700900806000700040001000400ff031400050085000200050005000080000002000300140003000500000005000900050000f80500fdff24005a80200002800500040001000000140005008100060005000100040008000600000058005a8020000380140003003e080300fdffacd7020008001000080005000700020000001c00018005000600020000000500040000000000050004000000000018000380140005000000bf0d02000700000004001000ff7f04005a8028025a809800028014000500090081000500020002002b4fff010200500002002a1838200904213543483849025015543b481949140420522c243b2250491b19093c4034301952010d52254914231110111d563901490d3852530a0604532e2a550c4d4b093d2939230f1e44140003000004020008000500010003000000e1000500040002000000140003000500ff010900010031b7040057005e0b90000280050004000200000040000200380c331e11315050242609093a353f2054384d4427413e3000313718275742563a21283f51394d1d262d0e4f1523315200514f254050544a18002b0143000200482a0f430b38144614554e35320529431b17401610522b2a4e5019103f38402505304f1e2b11240b4b0107460816424900174411001c07183150032a29262f000c00008005000700000000001c0000800500040001000000050004000000000005000600020000000c00038005000400000000003400008005000600020000001400030004000400bae8040062000500040003001400050003000900310708000200080088000a009400008005000600020000002d0002003926340c293e233907503323014405253a0841444f3f3f360e4c000b240a2120414b2e2748304e57570000002300020033520b03184a4f34470b144130350f0512381119443151491854050225192d000500060000000000050004000100000005000700000000001b00010048040318362405121b600436000209042409986c1b065000"], 0xa5c}, 0x1, 0x0, 0x0, 0x1}, 0x4080)
r2 = socket$inet6_sctp(0xa, 0x1, 0x84)
setsockopt$inet_sctp6_SCTP_PEER_ADDR_PARAMS(r2, 0x84, 0x9, &(0x7f0000000200)={0x0, @in6={{0xa, 0x0, 0x0, @empty}}, 0x0, 0x0, 0x0, 0x0, 0x8a}, 0x9c)
setresuid(0xee01, 0xee00, 0x0)
bind$inet6(r2, &(0x7f00004b8fe4)={0xa, 0x4e23, 0x0, @loopback}, 0x1c)
sendto$inet6(r2, &(0x7f0000847fff)='X', 0x34000, 0x0, &(0x7f000005ffe4)={0xa, 0x4e23, 0x0, @loopback}, 0x1c)
shutdown(r2, 0x2)
dup3(r1, r2, 0x0)
syz_io_uring_setup(0x117, &(0x7f0000000100)={0x0, 0x0, 0x0, 0x0, 0x3a6}, 0x0, 0x0)
syz_memcpy_off$IO_URING_METADATA_GENERIC(0x0, 0x4, &(0x7f0000000180)=0xfffffffc, 0x0, 0x4)
openat$sequencer(0xffffffffffffff9c, &(0x7f0000000300), 0x80200, 0x0)
ioctl$sock_SIOCGIFINDEX(0xffffffffffffffff, 0x8933, 0x0)
r3 = syz_open_dev$sndmidi(&(0x7f00000004c0), 0x2, 0x141102)
writev(r3, &(0x7f0000000840), 0x0)
r4 = syz_init_net_socket$bt_sco(0x1f, 0x5, 0x2)
sendmmsg$inet6(0xffffffffffffffff, 0x0, 0x0, 0x48800)
shutdown(r4, 0x0)
pipe2(&(0x7f0000000200)={0x0, 0x0}, 0x0)
r5 = socket$inet6_sctp(0xa, 0x801, 0x84)
sendmmsg$inet6(r5, &(0x7f0000000780)=[{{&(0x7f0000000000)={0xa, 0x4e21, 0x1, @local, 0x1}, 0x1c, &(0x7f0000001780)=[{&(0x7f0000000040)="a4", 0x1}], 0x1}}], 0x1, 0x0)
shutdown(r5, 0x1)
setsockopt(r5, 0xa4, 0x83, &(0x7f0000000080)="1a00fcff010000e10a8123179a5e9a13f1c288eec8ddd500", 0xfffffffffffffdfd)

2m39.866039769s ago: executing program 1 (id=1874):
mknod(&(0x7f00000048c0)='./file0\x00', 0x0, 0x0)
r0 = openat$fuse(0xffffffffffffff9c, &(0x7f0000000140), 0x42, 0x0)
mount$fuse(0x0, &(0x7f00000020c0)='./file0\x00', &(0x7f0000000100), 0x0, &(0x7f0000000300)=ANY=[@ANYBLOB='fd=', @ANYRESDEC=r0, @ANYBLOB=',rootmode=00000000000000000100000,user_id=', @ANYRESDEC=0x0, @ANYBLOB=',group_id=', @ANYRESDEC=0x0])
read$FUSE(r0, &(0x7f00000021c0)={0x2020, 0x0, <r1=>0x0}, 0x2020)
write$FUSE_INIT(r0, &(0x7f0000000280)={0x50, 0x0, r1, {0x7, 0x1f}}, 0x50)
syz_fuse_handle_req(r0, &(0x7f0000008380)="0000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000020000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000002000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000080000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000dc4e00000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000400000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000ba045abcd5dfc67d000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000230000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000050000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000a0000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000008df76a250000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000010000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000008000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000040000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000209bfd66eea21056000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000002000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000004000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000131a5d9400000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000002000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000300000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000001354c4b600", 0x2000, &(0x7f0000000200)={0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, &(0x7f00000001c0)={0x20}, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0})
r2 = openat(0xffffffffffffff9c, &(0x7f0000000180)='./file0\x00', 0x101001, 0x0)
fallocate(r2, 0x20, 0x9, 0x7)
syz_usb_connect(0x5, 0x59, &(0x7f0000000080)=ANY=[@ANYBLOB="12010000ec13b2106c04e814280b0102030109024700010000000009046900000e010000182402010202"], 0x0)

2m32.725292327s ago: executing program 5 (id=948):
r0 = openat$ttyS3(0xffffffffffffff9c, &(0x7f0000001840), 0x2982, 0x0)
openat$binderfs(0xffffffffffffff9c, &(0x7f0000000380)='./binderfs/binder0\x00', 0x802, 0x0)
prlimit64(0x0, 0xe, &(0x7f0000000380)={0x8, 0x100008b}, 0x0)
sched_setscheduler(0x0, 0x1, &(0x7f0000000200)=0x5)
openat$sequencer(0xffffffffffffff9c, &(0x7f0000000300), 0x80200, 0x0)
r1 = syz_open_dev$sndmidi(&(0x7f00000004c0), 0x2, 0x141102)
writev(r1, &(0x7f0000000840)=[{&(0x7f00000002c0)="94", 0xf000}, {0x0}], 0x2)
r2 = bpf$MAP_CREATE(0x0, &(0x7f0000000000)=ANY=[@ANYBLOB="070000000400000020000000010000000000", @ANYRES32, @ANYBLOB='\x00'/20, @ANYRES32=0x0, @ANYRES32, @ANYBLOB='\x00\x00\x00\x00\x00\x00\x00'], 0x50)
bpf$BPF_GET_MAP_INFO(0x3, &(0x7f00000006c0)={r2, 0x58, &(0x7f0000000100)}, 0x87)
bind$inet(0xffffffffffffffff, &(0x7f00000001c0)={0x2, 0x0, @local}, 0x10)
bpf$MAP_CREATE(0x0, &(0x7f0000000400)=@base={0xe, 0x4, 0x4, 0x3}, 0x50)
r3 = bpf$MAP_CREATE_CONST_STR(0x0, &(0x7f0000000680)=ANY=[@ANYBLOB="02000000040000f9080000000100000080000000", @ANYRES32=0x0, @ANYBLOB='\x00'/20, @ANYRES32=0x0, @ANYRES32=0x0, @ANYBLOB='\x00'/28], 0x50)
r4 = syz_open_dev$tty1(0xc, 0x4, 0x1)
write$UHID_INPUT(r4, 0x0, 0x0)
bpf$PROG_LOAD(0x5, 0x0, 0x0)
r5 = syz_genetlink_get_family_id$nbd(&(0x7f0000000040), 0xffffffffffffffff)
sendmsg$NBD_CMD_CONNECT(0xffffffffffffffff, &(0x7f0000001ac0)={0x0, 0x0, &(0x7f0000000280)={&(0x7f0000000a40)={0x3c, r5, 0x1, 0x70bd28, 0x25dfdbf7, {}, [@NBD_ATTR_SOCKETS={0x1c, 0x7, 0x0, 0x1, [{0xc, 0x1, 0x0, 0x1, {0x8, 0x1, r3}}, {0xc, 0x1, 0x0, 0x1, {0x8}}]}, @NBD_ATTR_SIZE_BYTES={0xc, 0x2, 0x3}]}, 0x3c}, 0x1, 0x0, 0x0, 0x20004000}, 0x0)
setsockopt$inet_tcp_int(0xffffffffffffffff, 0x6, 0x18, 0x0, 0x0)
socket(0x10, 0x80003, 0x0)
mmap$xdp(&(0x7f0000800000/0x800000)=nil, 0x800000, 0x3000004, 0x42031, 0xffffffffffffffff, 0x0)
mremap(&(0x7f00007b2000/0x4000)=nil, 0x4000, 0x3000, 0x3, &(0x7f0000968000/0x3000)=nil)
r6 = syz_open_procfs(0x0, &(0x7f0000000240)='net/dev_mcast\x00')
pread64(r6, &(0x7f0000019080)=""/102352, 0x18fd0, 0x3)
r7 = openat$procfs(0xffffffffffffff9c, &(0x7f00000001c0)='/proc/timer_list\x00', 0x0, 0x0)
sendfile(r0, r7, 0x0, 0x20000023896)

2m24.820942978s ago: executing program 34 (id=1874):
mknod(&(0x7f00000048c0)='./file0\x00', 0x0, 0x0)
r0 = openat$fuse(0xffffffffffffff9c, &(0x7f0000000140), 0x42, 0x0)
mount$fuse(0x0, &(0x7f00000020c0)='./file0\x00', &(0x7f0000000100), 0x0, &(0x7f0000000300)=ANY=[@ANYBLOB='fd=', @ANYRESDEC=r0, @ANYBLOB=',rootmode=00000000000000000100000,user_id=', @ANYRESDEC=0x0, @ANYBLOB=',group_id=', @ANYRESDEC=0x0])
read$FUSE(r0, &(0x7f00000021c0)={0x2020, 0x0, <r1=>0x0}, 0x2020)
write$FUSE_INIT(r0, &(0x7f0000000280)={0x50, 0x0, r1, {0x7, 0x1f}}, 0x50)
syz_fuse_handle_req(r0, &(0x7f0000008380)="0000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000020000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000002000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000080000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000dc4e00000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000400000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000ba045abcd5dfc67d000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000230000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000050000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000a0000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000008df76a250000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000010000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000008000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000040000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000209bfd66eea21056000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000002000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000004000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000131a5d9400000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000002000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000300000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000001354c4b600", 0x2000, &(0x7f0000000200)={0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, &(0x7f00000001c0)={0x20}, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0})
r2 = openat(0xffffffffffffff9c, &(0x7f0000000180)='./file0\x00', 0x101001, 0x0)
fallocate(r2, 0x20, 0x9, 0x7)
syz_usb_connect(0x5, 0x59, &(0x7f0000000080)=ANY=[@ANYBLOB="12010000ec13b2106c04e814280b0102030109024700010000000009046900000e010000182402010202"], 0x0)

2m4.26535671s ago: executing program 5 (id=948):
r0 = openat$ttyS3(0xffffffffffffff9c, &(0x7f0000001840), 0x2982, 0x0)
openat$binderfs(0xffffffffffffff9c, &(0x7f0000000380)='./binderfs/binder0\x00', 0x802, 0x0)
prlimit64(0x0, 0xe, &(0x7f0000000380)={0x8, 0x100008b}, 0x0)
sched_setscheduler(0x0, 0x1, &(0x7f0000000200)=0x5)
openat$sequencer(0xffffffffffffff9c, &(0x7f0000000300), 0x80200, 0x0)
r1 = syz_open_dev$sndmidi(&(0x7f00000004c0), 0x2, 0x141102)
writev(r1, &(0x7f0000000840)=[{&(0x7f00000002c0)="94", 0xf000}, {0x0}], 0x2)
r2 = bpf$MAP_CREATE(0x0, &(0x7f0000000000)=ANY=[@ANYBLOB="070000000400000020000000010000000000", @ANYRES32, @ANYBLOB='\x00'/20, @ANYRES32=0x0, @ANYRES32, @ANYBLOB='\x00\x00\x00\x00\x00\x00\x00'], 0x50)
bpf$BPF_GET_MAP_INFO(0x3, &(0x7f00000006c0)={r2, 0x58, &(0x7f0000000100)}, 0x87)
bind$inet(0xffffffffffffffff, &(0x7f00000001c0)={0x2, 0x0, @local}, 0x10)
bpf$MAP_CREATE(0x0, &(0x7f0000000400)=@base={0xe, 0x4, 0x4, 0x3}, 0x50)
r3 = bpf$MAP_CREATE_CONST_STR(0x0, &(0x7f0000000680)=ANY=[@ANYBLOB="02000000040000f9080000000100000080000000", @ANYRES32=0x0, @ANYBLOB='\x00'/20, @ANYRES32=0x0, @ANYRES32=0x0, @ANYBLOB='\x00'/28], 0x50)
r4 = syz_open_dev$tty1(0xc, 0x4, 0x1)
write$UHID_INPUT(r4, 0x0, 0x0)
bpf$PROG_LOAD(0x5, 0x0, 0x0)
r5 = syz_genetlink_get_family_id$nbd(&(0x7f0000000040), 0xffffffffffffffff)
sendmsg$NBD_CMD_CONNECT(0xffffffffffffffff, &(0x7f0000001ac0)={0x0, 0x0, &(0x7f0000000280)={&(0x7f0000000a40)={0x3c, r5, 0x1, 0x70bd28, 0x25dfdbf7, {}, [@NBD_ATTR_SOCKETS={0x1c, 0x7, 0x0, 0x1, [{0xc, 0x1, 0x0, 0x1, {0x8, 0x1, r3}}, {0xc, 0x1, 0x0, 0x1, {0x8}}]}, @NBD_ATTR_SIZE_BYTES={0xc, 0x2, 0x3}]}, 0x3c}, 0x1, 0x0, 0x0, 0x20004000}, 0x0)
setsockopt$inet_tcp_int(0xffffffffffffffff, 0x6, 0x18, 0x0, 0x0)
socket(0x10, 0x80003, 0x0)
mmap$xdp(&(0x7f0000800000/0x800000)=nil, 0x800000, 0x3000004, 0x42031, 0xffffffffffffffff, 0x0)
mremap(&(0x7f00007b2000/0x4000)=nil, 0x4000, 0x3000, 0x3, &(0x7f0000968000/0x3000)=nil)
r6 = syz_open_procfs(0x0, &(0x7f0000000240)='net/dev_mcast\x00')
pread64(r6, &(0x7f0000019080)=""/102352, 0x18fd0, 0x3)
r7 = openat$procfs(0xffffffffffffff9c, &(0x7f00000001c0)='/proc/timer_list\x00', 0x0, 0x0)
sendfile(r0, r7, 0x0, 0x20000023896)

1m26.057501585s ago: executing program 5 (id=948):
r0 = openat$ttyS3(0xffffffffffffff9c, &(0x7f0000001840), 0x2982, 0x0)
openat$binderfs(0xffffffffffffff9c, &(0x7f0000000380)='./binderfs/binder0\x00', 0x802, 0x0)
prlimit64(0x0, 0xe, &(0x7f0000000380)={0x8, 0x100008b}, 0x0)
sched_setscheduler(0x0, 0x1, &(0x7f0000000200)=0x5)
openat$sequencer(0xffffffffffffff9c, &(0x7f0000000300), 0x80200, 0x0)
r1 = syz_open_dev$sndmidi(&(0x7f00000004c0), 0x2, 0x141102)
writev(r1, &(0x7f0000000840)=[{&(0x7f00000002c0)="94", 0xf000}, {0x0}], 0x2)
r2 = bpf$MAP_CREATE(0x0, &(0x7f0000000000)=ANY=[@ANYBLOB="070000000400000020000000010000000000", @ANYRES32, @ANYBLOB='\x00'/20, @ANYRES32=0x0, @ANYRES32, @ANYBLOB='\x00\x00\x00\x00\x00\x00\x00'], 0x50)
bpf$BPF_GET_MAP_INFO(0x3, &(0x7f00000006c0)={r2, 0x58, &(0x7f0000000100)}, 0x87)
bind$inet(0xffffffffffffffff, &(0x7f00000001c0)={0x2, 0x0, @local}, 0x10)
bpf$MAP_CREATE(0x0, &(0x7f0000000400)=@base={0xe, 0x4, 0x4, 0x3}, 0x50)
r3 = bpf$MAP_CREATE_CONST_STR(0x0, &(0x7f0000000680)=ANY=[@ANYBLOB="02000000040000f9080000000100000080000000", @ANYRES32=0x0, @ANYBLOB='\x00'/20, @ANYRES32=0x0, @ANYRES32=0x0, @ANYBLOB='\x00'/28], 0x50)
r4 = syz_open_dev$tty1(0xc, 0x4, 0x1)
write$UHID_INPUT(r4, 0x0, 0x0)
bpf$PROG_LOAD(0x5, 0x0, 0x0)
r5 = syz_genetlink_get_family_id$nbd(&(0x7f0000000040), 0xffffffffffffffff)
sendmsg$NBD_CMD_CONNECT(0xffffffffffffffff, &(0x7f0000001ac0)={0x0, 0x0, &(0x7f0000000280)={&(0x7f0000000a40)={0x3c, r5, 0x1, 0x70bd28, 0x25dfdbf7, {}, [@NBD_ATTR_SOCKETS={0x1c, 0x7, 0x0, 0x1, [{0xc, 0x1, 0x0, 0x1, {0x8, 0x1, r3}}, {0xc, 0x1, 0x0, 0x1, {0x8}}]}, @NBD_ATTR_SIZE_BYTES={0xc, 0x2, 0x3}]}, 0x3c}, 0x1, 0x0, 0x0, 0x20004000}, 0x0)
setsockopt$inet_tcp_int(0xffffffffffffffff, 0x6, 0x18, 0x0, 0x0)
socket(0x10, 0x80003, 0x0)
mmap$xdp(&(0x7f0000800000/0x800000)=nil, 0x800000, 0x3000004, 0x42031, 0xffffffffffffffff, 0x0)
mremap(&(0x7f00007b2000/0x4000)=nil, 0x4000, 0x3000, 0x3, &(0x7f0000968000/0x3000)=nil)
r6 = syz_open_procfs(0x0, &(0x7f0000000240)='net/dev_mcast\x00')
pread64(r6, &(0x7f0000019080)=""/102352, 0x18fd0, 0x3)
r7 = openat$procfs(0xffffffffffffff9c, &(0x7f00000001c0)='/proc/timer_list\x00', 0x0, 0x0)
sendfile(r0, r7, 0x0, 0x20000023896)

43.41008534s ago: executing program 5 (id=948):
r0 = openat$ttyS3(0xffffffffffffff9c, &(0x7f0000001840), 0x2982, 0x0)
openat$binderfs(0xffffffffffffff9c, &(0x7f0000000380)='./binderfs/binder0\x00', 0x802, 0x0)
prlimit64(0x0, 0xe, &(0x7f0000000380)={0x8, 0x100008b}, 0x0)
sched_setscheduler(0x0, 0x1, &(0x7f0000000200)=0x5)
openat$sequencer(0xffffffffffffff9c, &(0x7f0000000300), 0x80200, 0x0)
r1 = syz_open_dev$sndmidi(&(0x7f00000004c0), 0x2, 0x141102)
writev(r1, &(0x7f0000000840)=[{&(0x7f00000002c0)="94", 0xf000}, {0x0}], 0x2)
r2 = bpf$MAP_CREATE(0x0, &(0x7f0000000000)=ANY=[@ANYBLOB="070000000400000020000000010000000000", @ANYRES32, @ANYBLOB='\x00'/20, @ANYRES32=0x0, @ANYRES32, @ANYBLOB='\x00\x00\x00\x00\x00\x00\x00'], 0x50)
bpf$BPF_GET_MAP_INFO(0x3, &(0x7f00000006c0)={r2, 0x58, &(0x7f0000000100)}, 0x87)
bind$inet(0xffffffffffffffff, &(0x7f00000001c0)={0x2, 0x0, @local}, 0x10)
bpf$MAP_CREATE(0x0, &(0x7f0000000400)=@base={0xe, 0x4, 0x4, 0x3}, 0x50)
r3 = bpf$MAP_CREATE_CONST_STR(0x0, &(0x7f0000000680)=ANY=[@ANYBLOB="02000000040000f9080000000100000080000000", @ANYRES32=0x0, @ANYBLOB='\x00'/20, @ANYRES32=0x0, @ANYRES32=0x0, @ANYBLOB='\x00'/28], 0x50)
r4 = syz_open_dev$tty1(0xc, 0x4, 0x1)
write$UHID_INPUT(r4, 0x0, 0x0)
bpf$PROG_LOAD(0x5, 0x0, 0x0)
r5 = syz_genetlink_get_family_id$nbd(&(0x7f0000000040), 0xffffffffffffffff)
sendmsg$NBD_CMD_CONNECT(0xffffffffffffffff, &(0x7f0000001ac0)={0x0, 0x0, &(0x7f0000000280)={&(0x7f0000000a40)={0x3c, r5, 0x1, 0x70bd28, 0x25dfdbf7, {}, [@NBD_ATTR_SOCKETS={0x1c, 0x7, 0x0, 0x1, [{0xc, 0x1, 0x0, 0x1, {0x8, 0x1, r3}}, {0xc, 0x1, 0x0, 0x1, {0x8}}]}, @NBD_ATTR_SIZE_BYTES={0xc, 0x2, 0x3}]}, 0x3c}, 0x1, 0x0, 0x0, 0x20004000}, 0x0)
setsockopt$inet_tcp_int(0xffffffffffffffff, 0x6, 0x18, 0x0, 0x0)
socket(0x10, 0x80003, 0x0)
mmap$xdp(&(0x7f0000800000/0x800000)=nil, 0x800000, 0x3000004, 0x42031, 0xffffffffffffffff, 0x0)
mremap(&(0x7f00007b2000/0x4000)=nil, 0x4000, 0x3000, 0x3, &(0x7f0000968000/0x3000)=nil)
r6 = syz_open_procfs(0x0, &(0x7f0000000240)='net/dev_mcast\x00')
pread64(r6, &(0x7f0000019080)=""/102352, 0x18fd0, 0x3)
r7 = openat$procfs(0xffffffffffffff9c, &(0x7f00000001c0)='/proc/timer_list\x00', 0x0, 0x0)
sendfile(r0, r7, 0x0, 0x20000023896)

14.851216153s ago: executing program 5 (id=948):
r0 = openat$ttyS3(0xffffffffffffff9c, &(0x7f0000001840), 0x2982, 0x0)
openat$binderfs(0xffffffffffffff9c, &(0x7f0000000380)='./binderfs/binder0\x00', 0x802, 0x0)
prlimit64(0x0, 0xe, &(0x7f0000000380)={0x8, 0x100008b}, 0x0)
sched_setscheduler(0x0, 0x1, &(0x7f0000000200)=0x5)
openat$sequencer(0xffffffffffffff9c, &(0x7f0000000300), 0x80200, 0x0)
r1 = syz_open_dev$sndmidi(&(0x7f00000004c0), 0x2, 0x141102)
writev(r1, &(0x7f0000000840)=[{&(0x7f00000002c0)="94", 0xf000}, {0x0}], 0x2)
r2 = bpf$MAP_CREATE(0x0, &(0x7f0000000000)=ANY=[@ANYBLOB="070000000400000020000000010000000000", @ANYRES32, @ANYBLOB='\x00'/20, @ANYRES32=0x0, @ANYRES32, @ANYBLOB='\x00\x00\x00\x00\x00\x00\x00'], 0x50)
bpf$BPF_GET_MAP_INFO(0x3, &(0x7f00000006c0)={r2, 0x58, &(0x7f0000000100)}, 0x87)
bind$inet(0xffffffffffffffff, &(0x7f00000001c0)={0x2, 0x0, @local}, 0x10)
bpf$MAP_CREATE(0x0, &(0x7f0000000400)=@base={0xe, 0x4, 0x4, 0x3}, 0x50)
r3 = bpf$MAP_CREATE_CONST_STR(0x0, &(0x7f0000000680)=ANY=[@ANYBLOB="02000000040000f9080000000100000080000000", @ANYRES32=0x0, @ANYBLOB='\x00'/20, @ANYRES32=0x0, @ANYRES32=0x0, @ANYBLOB='\x00'/28], 0x50)
r4 = syz_open_dev$tty1(0xc, 0x4, 0x1)
write$UHID_INPUT(r4, 0x0, 0x0)
bpf$PROG_LOAD(0x5, 0x0, 0x0)
r5 = syz_genetlink_get_family_id$nbd(&(0x7f0000000040), 0xffffffffffffffff)
sendmsg$NBD_CMD_CONNECT(0xffffffffffffffff, &(0x7f0000001ac0)={0x0, 0x0, &(0x7f0000000280)={&(0x7f0000000a40)={0x3c, r5, 0x1, 0x70bd28, 0x25dfdbf7, {}, [@NBD_ATTR_SOCKETS={0x1c, 0x7, 0x0, 0x1, [{0xc, 0x1, 0x0, 0x1, {0x8, 0x1, r3}}, {0xc, 0x1, 0x0, 0x1, {0x8}}]}, @NBD_ATTR_SIZE_BYTES={0xc, 0x2, 0x3}]}, 0x3c}, 0x1, 0x0, 0x0, 0x20004000}, 0x0)
setsockopt$inet_tcp_int(0xffffffffffffffff, 0x6, 0x18, 0x0, 0x0)
socket(0x10, 0x80003, 0x0)
mmap$xdp(&(0x7f0000800000/0x800000)=nil, 0x800000, 0x3000004, 0x42031, 0xffffffffffffffff, 0x0)
mremap(&(0x7f00007b2000/0x4000)=nil, 0x4000, 0x3000, 0x3, &(0x7f0000968000/0x3000)=nil)
r6 = syz_open_procfs(0x0, &(0x7f0000000240)='net/dev_mcast\x00')
pread64(r6, &(0x7f0000019080)=""/102352, 0x18fd0, 0x3)
r7 = openat$procfs(0xffffffffffffff9c, &(0x7f00000001c0)='/proc/timer_list\x00', 0x0, 0x0)
sendfile(r0, r7, 0x0, 0x20000023896)

1.961435782s ago: executing program 6 (id=2181):
r0 = socket$key(0xf, 0x3, 0x2)
sendmsg$key(r0, &(0x7f0000000000)={0x0, 0x3, &(0x7f0000000080)={&(0x7f0000000200)={0x2, 0x3, 0x0, 0x9, 0xc, 0x0, 0x0, 0x0, [@sadb_address={0x5, 0x6, 0x32, 0x0, 0xe, @in6={0xa, 0x4e21, 0x4, @rand_addr=' \x01\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x01', 0x81}}, @sadb_sa={0x2, 0x1, 0x0, 0x0, 0x0, 0x0, 0x2, 0x20000003}, @sadb_address={0x3, 0x5, 0x6c, 0x0, 0x0, @in={0x2, 0x4e24, @private=0xa010100}}]}, 0x60}}, 0x4000)

1.937340069s ago: executing program 2 (id=2182):
r0 = socket$inet6_udplite(0xa, 0x2, 0x88)
setsockopt$inet6_udp_int(r0, 0x11, 0xa, &(0x7f0000000180), 0x4)

1.936577404s ago: executing program 0 (id=2183):
r0 = openat$binderfs(0xffffffffffffff9c, &(0x7f00000000c0)='./binderfs/binder1\x00', 0x1002, 0x0)
r1 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0)
r2 = ioctl$KVM_CREATE_VM(r1, 0xae01, 0x0)
ioctl$KVM_CREATE_IRQCHIP(r2, 0xae60)
r3 = ioctl$KVM_CREATE_VCPU(r2, 0xae41, 0x2)
ioctl$KVM_SET_USER_MEMORY_REGION(r2, 0x4020ae46, &(0x7f0000000580)={0x4, 0x0, 0x0, 0x1000, &(0x7f0000456000/0x1000)=nil})
ioctl$KVM_SET_MSRS(r3, 0x4008ae89, &(0x7f0000000040)=ANY=[@ANYBLOB="0100000000080000024d564b000000eccd"])
ioctl$KVM_SET_REGS(0xffffffffffffffff, 0x4090ae82, 0x0)
close_range(r0, 0xffffffffffffffff, 0x0)

1.72201129s ago: executing program 2 (id=2184):
r0 = socket$vsock_stream(0x28, 0x1, 0x0)
bind$vsock_stream(r0, &(0x7f0000000440), 0x10)
listen(r0, 0x0)
r1 = socket$vsock_stream(0x28, 0x1, 0x0)
connect$vsock_stream(r1, &(0x7f0000000100)={0x28, 0x0, 0x0, @local}, 0x10)
writev(r1, &(0x7f00000002c0)=[{&(0x7f0000000080)='?', 0x1}], 0x1)
r2 = accept4$unix(r0, 0x0, 0x0, 0x0)
recvmsg(r2, &(0x7f0000000280)={0x0, 0x0, &(0x7f0000000240)=[{&(0x7f0000000480)=""/68, 0x44}], 0x1}, 0x0)

1.68185483s ago: executing program 6 (id=2185):
bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000300)={0x11, 0x5, &(0x7f00000002c0)=ANY=[@ANYBLOB="1805000000000000000000004b64ffec"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x2}, 0x94)
r0 = bpf$MAP_CREATE_CONST_STR(0x0, &(0x7f0000000000)=ANY=[@ANYBLOB="0200000004000000080000000100000080"], 0x50)
bpf$MAP_UPDATE_CONST_STR(0x2, &(0x7f00000001c0)={{r0, <r1=>0xffffffffffffffff}, &(0x7f0000000500), &(0x7f0000000180)='%+9llu \x00'}, 0x20)
bpf$BPF_MAP_CONST_STR_FREEZE(0x16, &(0x7f0000000280)={r1}, 0x4)
r2 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x3, 0x11, &(0x7f00000003c0)=ANY=[@ANYBLOB="180000000000000000000000000400008500000061000000b7080000000000007b8af8ff00000000b7080000000000007b8af0ff00000000bfa100000000000007010000f8ffffffbfa400000000000007040000f0ffffffb70200000800000018230000", @ANYRES32=r0, @ANYBLOB="0000000000000000b70500000800000085000000a500000095"], &(0x7f0000000200)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @sched_cls, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
bpf$BPF_PROG_TEST_RUN(0xa, &(0x7f0000000480)={r2, 0x18000000000002a0, 0xe80, 0x0, &(0x7f00000002c0)="b9ff03076003008cb89e08f086dd", 0x0, 0xfe6, 0x60000000, 0x0, 0x0, 0x0, 0x0}, 0x50)

1.635054871s ago: executing program 2 (id=2186):
bpf$BPF_PROG_WITH_BTFID_LOAD(0x5, &(0x7f0000000300)=@bpf_lsm={0x12, 0x5, &(0x7f0000000080)=ANY=[@ANYBLOB="b60a0000000000006b110e0000000000180000000000000000000000000000009500001f1dd8a100985b03"], &(0x7f0000000000)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0xf}, 0x80)

1.474686258s ago: executing program 0 (id=2188):
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000000)={<r0=>0xffffffffffffffff, <r1=>0xffffffffffffffff})
close(r0)
socketpair$unix(0x1, 0x3, 0x0, &(0x7f0000000200)={0xffffffffffffffff, <r2=>0xffffffffffffffff})
sendmsg$unix(r0, &(0x7f0000000440)={0x0, 0x0, 0x0, 0x0, &(0x7f0000000400)=ANY=[@ANYBLOB="14000000000000000100000001000000", @ANYRES32=r2], 0x18}, 0x0)
close(r1)

1.441533549s ago: executing program 2 (id=2189):
bpf$PROG_LOAD(0x5, &(0x7f00000054c0)={0x8, 0x16, &(0x7f0000001600)=ANY=[@ANYBLOB="61128c000000000061134c0000000000bf200000000000002600020007ffffffbd0310000000000095002000000000006916000000000000bf6700000000000004070000b964b01a4607feff00200000540700000ee61e00bf150000000000000f5700000000000065070000d23700002c030000000000001f75000000000000bf54000000000000070000000400f9ffad430100000000007c000000000000000500000000000000950000000000000032ed3c5be95e5db67754bb12dc8c4ed68ecf264e0f84f9f17d3c30e3c7bdd2d17f2f175455000078af6d71d79a5e12814cb1d8a5d4601d295c45a6a0b9bdb7dd390700000500000000f18c30907d7bee45a0100000fe9de56c9d05000000c6c60bef0d742a81762bab8395fa64810b5b40d893ea8fe0185473d51b546cac3f1d5af65727546e7c955ccefa1f6ab689ffffff7f63ede202fa4e0a2127b8b83c71a51445dc8dfd13ff15f852a39e5b2ab7bcb8f512036a5ba6d04ae76002d4519af619e3cca4d69e0dee5eb106774a8f3e6916fcecc8158f0200000000c8fb735fd552bdc268694aeb0743e326c819b6cf5c8ac86f8a297dff0445a13d0045fb3cda30a673a6037ed8c85f21ec2c081bdce431e56723888fb126a19bc1172b84b3ebe174aba210d739a018f9bbec63222d20cecac4d03723f1c921b5bbf7949632cacfdd32b3a6aa57f1ad2e99e0e67a993716dbf580469f0f53acbb400001e3738270b315d362ed834f2af97787f696649a462e7e090000000000000045eac1f2014f720e83b7838e3eede14308d582685e1becd6f35154bcb4000000000000000000000000000000bc3af2b170ad3e2b26539cebca8f4ddc211bc3ccf0bd9d42ca019dd5d022cf74686e9fbe2562979eaed840a7afaab43176e65ec1118d46d1e827f3472f4445d353887a5ad103649afa1769080584f800031e03a651bb04000000ab04871bc47287cd31cc43ea0ffb567b4040c1458d0320ce7d0000413a0000000000000000005f37983f84e98a523d80bd56a57fa82b82f639601ae899a559944cb9a62a29ab028acfc1cb26a0f6a5480a55d624a0c544ba0dc828c22fe30000aa391598000000437d57fcf8295f63a70837f5cd4e5e77964522dc7ca3aa3476b7f2d851d27fd4de6eabb43e0799dc8d9fb7dc6c523ffbd74a6a40e4acb1ac872ade9d1f2ab779b8dbe843aeeda0426c767c00327b8c95b2bb6ddb55117669d9598c0f3598073f3a921c76beceff7e4fbf909a2cabf5b8ea5011db9020823b83abe54346c7af0a99fa077ffe7000feb9e44023a1749eb1d0d572b77d6e0d0fcd74031c8ef2629f5ecff4626746d6abe98a255e92c3c4f79bfcd0d91741380000cfeb73dec68ed56b5d3dfdf0cb8b71ad79000000000000000000000000000000dd434a25e95d0ec29d3adaccf89d0888031ecdfdb4dfbe444673be099ece7e4009c76c7108ef0a7e59fd6d906fbc3c9b412e0478cfee4485f423c63f49db43833c92eeeb647cebd4d7a93a17bcbb6bae5ff876375d4fe39cc2d292691672cc18ca372104ceb83a35ecedd97fc191d8f64d2b1d60c6d12911aada66c26aa4802c3514c3d92ec905000000b13f4a2575fbe943a6c40000000000000000000000000000028026b80c3899543223a6079ee96198b9a326db3be3a48af415ca28ca68c502550044ed8e29af8d763ef9b1f31befcad2ce5394601c7cdc233bff7f0000000000009fb3ad650f77e339768924dfdbeead13b88371154d743544a6091ec93e0d3fd5b4dc42911c1ba322fd4d6fbf19e617d51f964727bfd5cc5ba15370f6e1141d2271eded0b15e4316a1e4623272beb249a0928c417720be14c898f397411c88a7bcf3df46ab3efe7cd5e160c2afd3cc945f75011a102d952c7ad17a58d9be691c334ea35bae71e76e160cc2260bd028162917807ce89e11b5f261052ee0dde18efa1d802af2b7bcf6f8af41933cea0d0343261bccf64ca1c81045153eafbefdb91fbdff9ee3307d4a1837963b2dc2a3698d90e7915b098f19392e792adaea86052f4e948184001b6494e906925a092483adc7e9c8f7a29d226763c100aecae7f00619c36bceb9fb6dd7e55487d8485e498fdfc377fd3d266d21d46ab2f6b2ce22cd0aebba9b0ffbfe8ec3143c3734967c90b16d6bf0f40c8a323f9235dc99698bd0b800067a901a79daada03cc77e74feb98b1586946b452764ff917a8ecc10e529c5bea49cad70e22df522c2803b6ef65df70223c6e22c3433e322d8dbd6e9b040065a9d6b3d5ae276cffe935d559bea88e1aa36b4e6c19e78457904297e77370e013b705a96548d47c609a93c45f4d1382b39c05dcc07d5b49ad75ddb3ce5b5b9416e03995da04647aa5e6fc1a6f5d663380967ccef9de49a90ced031335e3219ebd9d06c257a50497ec523f5ff7361261ccfe239d603364a42e2e815c068fcbb9792b673827fe7018a988fbce55bb74cdb327ced4b77b8743fb3cb72cc280b9f62e4f92f46a19600b802cba88b7d0a938d9e0e6cfe5d66b874c9a0c6c04b96360d6f499d004179e5b6025c0e1050faec7ecd9de190a975db2f8c06a551236278c4766d7e22e3b85168c9851de6266c791252f919b4f8b257b5a786734e5142e4666c67aef5b7b2f88c6640995434aa8636993089c73f196c54ae829ad4307132655b075ae534fa7f1ea9a17e62357b0bd2bd1d62d34bfc1364640250136729ba4f763ff25c33e8acc806611792add8254e705fefd2a44d5b15e3b36f6b75c97c9c04c511d8cf9e24c61c8284a913a381cb1a5628878040000000000000017b68afd95d4abf7920de9ebe1c89661f4adc3d83d72b1b778e30c2bf2efbbcd054cf51f4205ebf9a98a0d9f18135cb1d8d567c3436fa697b72c3b0200000000000079c0b3339debc78352b2e65299223d7ef2bd540e78167b3ac92a4c4f826f6d0e5c4ebf4f7a70c03e2f5ddbebf168586360c3663531eb5995d228f011a10ffc8b17d716b0c528dab6d0c4fe2ee402348104bc5d4012babedee898c6d3e1017be2e9bc759d3ab4d615f5000000000000000000000000000000000000000000007fff0000000000e693e314adf7dc9f517d04f1c6ca367d30d31d3647c6059db6e1e9529eb1623ef99e2d9ac2ab4872f8e784b07a31110bef6d000000a6f9e89e6d50ee06ce716f94da60f1f22d9669560d296287c13c92070000ee7553eb2df17839542fa88d09f000e88a90cf4406b9000000000000000000000000f441d6a6f516c235c6f5863e7f454ee0e16b9aa2593eb31fa3836703e7765aaeb77a8770e518efaa6d3dd85e03b3b133eb749057cea9af75a0e6f633532f2891b8e263cb6eecea691842827bc7c8c0130187081c8d320642389f5f0c42dba0ff68e84d7b130906f17f6aa075a257310f2d92cb1d1e16468949f5675262ee318e735930b01d8f586e34537bcff7d6196f494cdcf3a712078d745db0f5687a78ee6d000b3d171a0f08299b52d207f32e9da311ca090000003a42732808515eec574f892622c5be497fc3d9ca122d7c18b9e54637812c8debc61f0e42d838e44a819b74bce1a56108bb0fde97a02475920532309c55b2c9ae9f281391ec5cc72a5e94cca1cbf1ff01000000000000bdb537a0c52bd45a9f966c25616cec30c3ea3246cb8e6aac7cf273638e6656a3e4ccadc348f0172028c99cc5f6d5c6d09ed65aa54549e73c28b7c8ad06ad3c5e3c27eec0eff1a6c84f1189919eefcee807fc081e004ffb7d3104af00ac92f1080211c4bee74381a0e31021918f27863fdbafb50f70857d52a1f7df51935a80b1980a4778d35f183ea517f55a98095305701ab3f3ae43f06e91bc7d85e3800b46926944fba9805a985e63e53a62232fcd3f01dbe1728f300e247a7ebe344f9749818ff3961b2a42664ccd680a90bbb6ab400e286acc8f9febef64594777f848ed1cf980a3da2f0f7745760a05887d0c28060d613dd6539d392fc21fee0b5131609664b821d7a994e6c5965a4fa1ec1790c54e54586907dcc5e8bac16e79da9c2444420900000000000000f888a94365b99b72796fca1b922fc9aefaf1546c17cbb1d2d2fd12cb1a49cad501a3ca218c595b667b634606c57987ebfb0783a4948e4561d5cda158fe74453ff4a837beeedba483842c57d6005b544b4f80003386edfd3d4a88a667bd41eefe0d808abed08a29e6bc370a80cc0366fb4080bfbaaa946fd47ab662c794846e403950bbc3a48bb276cbb08a8eab145c06221ef172238e3d50ad18aea9a2cec97d3c2d0569caabe2bffe02506bc9cb7294c5d020536dd5e7a6351642112df3b55d0215aaec7e45598995e79699e47567e353e68b03f82be860b188554b734e1192f9c1a867b815ef52cdc3307c0cc9be05a40fde69c350e59f11f1d26a4d04d8c8b2c4a4d23ec931d14bc7807db773a614b670acf46f83f7c65a0f8d43c5f64705f0d27c46d4b686e867e9b0be76a7978a8f962bb5a070df97f2bf7612115cfe5ebdc7ad0bc5a5f3ace25347d0e5c347279d55aa67a967380000000000000000000000000000000000000000000000ed0942d980c754c6c69ef65c375ad018824f78b260d5f51bc3feba504408a8c8141d84f3f417603b5081680f346ff0ffbe4ae19e936511966965ce268b6345a0001c0f26a32e0a999fc869292e939dcf89b9bfd794f9c12d41959a00688cca43015a9eec58f647796adea520cd2abeb0b55c22949d10e5a05fee4543fdc1e02554a55b5fef2427a6e5708edc38fac53c2f961945a3f83cdf01979939b49bc6b1aef8c733401bbe473de8d64efbe0d123739f387d1c0d9e74f2175c174ada1678c7db79492e8dd0f34e2ccf419cf7f14ffa408b50a52685b36aed14aa22ad928191d5a2697646edc52a1c0c5d720ae690add2b34aed161f51cc1cb424f76098e1e1921e5a405f9d298a8461f2da30e47b7c6ed7c95c84c745f58723e4cddffae3b53b5b947f9435e589f9ae55b30ecd3837b2de5df31976870823da8058c2538c04e397f3d0ef90c11c74da984fa558697ecb57224ce8fa6f79aadbd7dbf3678e74d790bc2ee72769a3ada1dd504f8e4133ce1effd446bc9a2f139e65cc4bd83912af3122352506c7c2191b3705116b2f4fc20d4e93882bdd6ccea97f3a08d3565b0000000000000000000000000000d35fb97c2d7a9374294dcec3da3df9a13c4fc63b00426682534d894caee0b963a3"], &(0x7f0000000100)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x8, &(0x7f0000000000), 0xfffffffffffffe50, 0x10, 0x0, 0xfffffd92}, 0x48)

1.246201239s ago: executing program 6 (id=2190):
r0 = openat$binderfs(0xffffffffffffff9c, &(0x7f00000000c0)='./binderfs/binder1\x00', 0x1802, 0x0)
r1 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000040), 0x60303, 0x0)
r2 = ioctl$KVM_CREATE_VM(r1, 0xae01, 0x0)
ioctl$KVM_CREATE_IRQCHIP(r2, 0xae60)
r3 = ioctl$KVM_CREATE_VCPU(r2, 0xae41, 0x0)
ioctl$KVM_RUN(r3, 0xae80, 0x0)
close_range(r0, 0xffffffffffffffff, 0x0)

1.246041999s ago: executing program 2 (id=2191):
r0 = bpf$PROG_LOAD(0x5, &(0x7f0000000180)={0x6, 0x4, &(0x7f00000005c0)=ANY=[@ANYBLOB="180200001b00000000000000b296ffff850000004100000095000000000000003af1f53778422dccc1c3e37f5ed9fef666387df316ddb9043b838619eb042c080f5e94778ec365075dd75aaaa969f99760a84a18cb0534ba5f8ac821babe107f0000004c5b4692af9eac983e8f8ff0d856912643dddc1a5d2b904a5b066005b2342eccfad67243af92826de6e0e7ae1025806b557b7c98c031a61dd9f91b1c71b45c29d26439c985eada750cd965386f77507967e91c4bf2a0ba65dff8e0a5e157cc5a2de8d299aab70173400172662f9ebc25c745c36f25f9072228199f555b0ba0b00f6079253f1882c40a7fc1493ddf3e52e868afd415ab88ce95b49d260b278b7027618d5d427a7f88ddd4722758a7ab5d671189e024cdb7fe4e6dcca5688697210e46c07db9be01f08621fb0a9f5cc7410000000000000000000000050627bfa95e012f8301e626271774bae07b34f91ac38153e4935d23502cbf49db4a704807248c6a1dba55ba7e91bea995b487e7ba0ae18bab48be69bf45eca6b1a8c9014532c8e36eeca7e071cd09d401800000b22d34b5600a9394e1822cb3953e70cfee"], &(0x7f00000000c0)='GPL\x00', 0x4, 0x1000, &(0x7f000062b000)=""/4096, 0x0, 0x0, '\x00', 0x0, @xdp}, 0x70)
bpf$ENABLE_STATS(0x20, 0x0, 0x0)
bpf$BPF_PROG_TEST_RUN(0xa, &(0x7f0000000040)={r0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2}, 0x50)

1.158491379s ago: executing program 7 (id=2192):
bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000300)={0x18, 0x5, &(0x7f00000000c0)=ANY=[@ANYBLOB="180000000000000000000000ff000000850000000e000000c5"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x2}, 0x94)
bpf$MAP_CREATE(0x0, &(0x7f00000000c0)=ANY=[], 0x48)

1.14700829s ago: executing program 0 (id=2193):
bpf$MAP_CREATE(0x0, &(0x7f0000000180)=ANY=[@ANYBLOB="0b00000008000000010001000900000001000000"], 0x48)
socketpair(0x1, 0x1, 0x0, 0x0)
bpf$BPF_BTF_LOAD(0x12, &(0x7f0000000200)={&(0x7f0000000000)=ANY=[@ANYBLOB="9feb01001800000000000000240000002400000002000000000000000000000400800003000000000000000400000000fcff00000000000d0200003de55c"], 0xffffffffffffffff, 0x3e, 0xb1, 0x2}, 0x20)
bpf$PROG_LOAD(0x5, &(0x7f00000004c0)={0x1f, 0x4, 0x0, &(0x7f0000000100)='syzkaller\x00', 0x0, 0x0, 0x0, 0x41100, 0x10, '\x00', 0x0, @fallback, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
bpf$MAP_CREATE(0x0, 0x0, 0x48)
r0 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x6, 0x13, &(0x7f0000000340)=ANY=[@ANYBLOB="18000000000000000000000000000000180100002020702500000000002020207b1af8ff00000000bfa100000000000007010000f8ffffffb702000008000000b7030000020200828500000070000000180100002020732500000000002020207b1af8ff00000000bfa100000000000007010000f8ffffffb702000008000000b703000000000000850000001700000095"], &(0x7f0000000200)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @xdp, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90)
bpf$BPF_PROG_TEST_RUN(0xa, &(0x7f0000000240)={r0, 0xfca804a0, 0x0, 0x62, 0x0, 0x0, 0x8001, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x50)

970.070644ms ago: executing program 2 (id=2194):
creat(&(0x7f0000000000)='./file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa\x00', 0x182)
timer_create(0x0, &(0x7f0000000240)={0x0, 0x21}, &(0x7f0000bbdffc))
timer_settime(0x0, 0x0, &(0x7f000006b000)={{0x0, 0x8}, {0x0, 0x9}}, 0x0)
pipe2$9p(&(0x7f00000001c0)={<r0=>0xffffffffffffffff, <r1=>0xffffffffffffffff}, 0x0)
mount$9p_fd(0x0, &(0x7f0000000200)='./file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa\x00', &(0x7f0000004500), 0x0, &(0x7f0000000300)={'trans=fd,', {'rfdno', 0x3d, r0}, 0x2c, {'wfdno', 0x3d, r1}})

969.933928ms ago: executing program 7 (id=2195):
bpf$PROG_LOAD(0x5, &(0x7f000000e000)={0x3, 0x4, &(0x7f0000000040)=ANY=[@ANYBLOB="b40500000000000061100800000000006b019800000000009500000000000000"], &(0x7f0000003ff6)='GPL\x00', 0x5, 0xfd90, &(0x7f000000cf3d)=""/195, 0x0, 0x0, '\x00', 0x0, @sched_cls, 0xffffffffffffffff, 0x8, &(0x7f0000000000), 0x0, 0x10, &(0x7f0000000000), 0xf7}, 0x48)

904.012737ms ago: executing program 0 (id=2196):
r0 = bpf$BPF_PROG_WITH_BTFID_LOAD(0x5, &(0x7f0000000280)=@bpf_lsm={0x6, 0x3, &(0x7f00000003c0)=ANY=[@ANYBLOB="18000000003f000000000000000000f195"], &(0x7f0000000140)='GPL\x00'}, 0x80)
bpf$BPF_PROG_TEST_RUN(0x1c, &(0x7f0000000240)={r0, 0x8, 0x25, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x40)
r1 = bpf$BPF_PROG_WITH_BTFID_LOAD(0x5, &(0x7f0000000280)=@bpf_lsm={0x6, 0x3, &(0x7f00000003c0)=ANY=[@ANYBLOB="18000000003f000000000000000000f195"], &(0x7f0000000140)='GPL\x00'}, 0x27)
bpf$BPF_PROG_TEST_RUN(0x1c, &(0x7f0000000240)={r1, 0x8, 0x25, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x40)

760.626032ms ago: executing program 7 (id=2197):
r0 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x1f, 0xc, &(0x7f0000000180)=ANY=[@ANYBLOB="1800000000000000000000000000000085000000a8000000180100002020692500000000002020207b1af8ff00000000bfa100000000000007010000f8ffffffb702000008000000b703000000000000850000000e00000095"], &(0x7f0000000600)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x10, '\x00', 0x0, @fallback, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
bpf$BPF_PROG_TEST_RUN(0xa, &(0x7f0000000500)={r0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x50)
bpf$PROG_LOAD(0x5, &(0x7f0000000100)={0x1f, 0x4, &(0x7f0000000cc0)=ANY=[@ANYBLOB="1800000000000000000000000000000085000000a8000000950000000000000072975d5224e57527a8db06ba0fa36c34170234118f4e31046fcd4fc8022614f1a3a7c888ceb114365a178a7906090abe93e927b12d1ce635854534bc043d5c3b305ca5a38e7fdfab22c90f21b65ea1e0cd7afce3e4098599a2265e1700f4915db3189884b5ec7e949783b22495bcc17929a9aa31b0250afb7ccf5d97a34fb9aaf655fd7afb033b9ca4ded45038d5348d922ac3500b475d43a5b97329de8b4bfe5744a8fa14080a46f5b57a15bd2af549ee63ac47ded93dd4bba64a7996e33c1356d3a3aa74c7899c9ebdfaecaa776216eae3605f9cecca1d8d234b66a262aa61791c0975702f2c4b8ac87da75808af0ec3bd4b9ddce694944c967cb2005a827f4c76a45e4960a2bad516960af6ee5a80145e1ecf3e739269f13c73b0d55fe2521d8834ae5a17f22b0a2178c03cefb15808db4d3997d693a3c6a14f8d742147cbb2fc49eb3deb9953d611cd83493697fcd391afdaed3e6a8a469153c6e866da74f785370b69f6596dcb41694fe802eaf0735a936a0501c83ec63ee5807eb67a9b4f284bf6635a4593f15f43339f"], &(0x7f00000001c0)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x1a, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x80)
bpf$ENABLE_STATS(0x20, 0x0, 0x0)
bpf$BPF_PROG_TEST_RUN(0xa, 0x0, 0x0)

650.438834ms ago: executing program 6 (id=2198):
bpf$ENABLE_STATS(0x20, 0x0, 0x0)
bpf$BPF_PROG_TEST_RUN(0xa, &(0x7f00000004c0)={0xffffffffffffffff, 0x18000000000002a0, 0x4f, 0x0, &(0x7f00000002c0)="d2ff03076003008cb89e08f086dd", 0x0, 0xd5b1, 0x60000000, 0x0, 0x0, 0x0, 0x0}, 0x50)
r0 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x3, 0x4, &(0x7f0000000000)=@framed={{}, [@call={0x85, 0x0, 0x0, 0x61}]}, &(0x7f0000000200)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @sched_cls, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
bpf$BPF_PROG_TEST_RUN(0xa, &(0x7f0000000240)={r0, 0x0, 0x14, 0xe40, &(0x7f00000002c0)='\x00\x00\x00\x00\x00\x00\x00\x00', &(0x7f0000000300)=""/8, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x4c)

530.104894ms ago: executing program 7 (id=2199):
bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000800)={0x1f, 0x2, &(0x7f0000000200)=@raw=[@call={0x85, 0x0, 0x0, 0xe}, @exit], &(0x7f0000000180)='syzkaller\x00', 0x2, 0xe9, &(0x7f0000000240)=""/233, 0x0, 0x11}, 0x80)
mkdirat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000000)='./cgroup.cpu/syz0\x00', 0x1ff)
r0 = openat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000000), 0x200002, 0x0)
r1 = openat$cgroup_int(r0, &(0x7f0000000100)='cpuset.cpus\x00', 0x2, 0x0)
write$cgroup_subtree(r1, &(0x7f0000000240)=ANY=[@ANYBLOB='1\r1'], 0x31)

529.954554ms ago: executing program 0 (id=2200):
r0 = bpf$ITER_CREATE(0xb, &(0x7f0000000100), 0x0)
close(r0)
bpf$MAP_CREATE(0x0, &(0x7f00000009c0)=ANY=[@ANYBLOB="10000000040000000800000008"], 0x48)
socketpair$unix(0x1, 0x5, 0x0, &(0x7f0000000100)={<r1=>0xffffffffffffffff, <r2=>0xffffffffffffffff})
sendmsg$inet(r2, &(0x7f00000000c0)={0x0, 0x0, 0x0, 0x0, &(0x7f0000001d80)=ANY=[@ANYBLOB="28010000000000000100000001"], 0x128}, 0x0)
recvmsg$unix(r1, &(0x7f0000000000)={0x0, 0x0, 0x0, 0x0, &(0x7f0000000580), 0x100}, 0x0)

323.568777ms ago: executing program 6 (id=2201):
bpf$PROG_LOAD(0x5, &(0x7f0000000680)={0x0, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="18090000000000000000000000000000850000006d0000001801000020696c2500000000002020207b1af8ff00000000bfa100000000000007"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f00000023c0)={0x0, 0x4, &(0x7f0000000480)=@framed={{0x18, 0x2, 0x0, 0x0, 0x2000}, [@call={0x85, 0x0, 0x0, 0x75}]}, 0x0}, 0x90)
r0 = bpf$PROG_LOAD(0x5, &(0x7f0000000200)={0x18, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f00000001c0)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000500)={&(0x7f0000000080)='task_rename\x00', r0}, 0x10)
mkdir(&(0x7f0000000000)='./cgroup/../file0\x00', 0x0)
r1 = openat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000000), 0x200002, 0x0)
r2 = openat$cgroup_pressure(r1, &(0x7f0000001000)='cpu.pressure\x00', 0x2, 0x0)
write$cgroup_pressure(r2, &(0x7f0000000080)={'some', 0x20, 0x2000000005, 0x20, 0x10000000fffff}, 0x2f)

283.94805ms ago: executing program 7 (id=2202):
bpf$PROG_LOAD_XDP(0x5, &(0x7f0000000240)={0x3, 0x4, &(0x7f0000000180)=ANY=[@ANYBLOB="18020000a1f70000000000000000000085000000270000009500000000000000"], &(0x7f0000000000)='GPL\x00'}, 0x80)

146.042952ms ago: executing program 0 (id=2203):
bpf$MAP_CREATE(0x0, &(0x7f00000009c0)=@base={0x10, 0x4, 0x8, 0x8, 0x0, 0xffffffffffffffff, 0x0, '\x00', 0x0, 0xffffffffffffffff, 0x0, 0xfffffffc}, 0x50)

2.127307ms ago: executing program 6 (id=2204):
socketpair$unix(0x1, 0x5, 0x0, &(0x7f0000000000)={<r0=>0xffffffffffffffff, <r1=>0xffffffffffffffff})
bpf$BPF_PROG_TEST_RUN(0xa, 0x0, 0x0)
getpid()
sendmsg$unix(r0, &(0x7f0000000040)={0x0, 0x0, 0x0}, 0x0)
setsockopt$sock_attach_bpf(r1, 0x1, 0x22, &(0x7f00000018c0), 0x4)
recvmsg(r1, &(0x7f00000003c0)={0x0, 0x0, 0x0, 0x0, &(0x7f0000002d00)=""/78, 0x4e}, 0x0)

0s ago: executing program 7 (id=2205):
bpf$PROG_LOAD(0x5, &(0x7f000000e000)={0xa, 0x4, &(0x7f0000000040)=ANY=[@ANYBLOB="b40000000000000071116d000000000016000000000000009500740000000000"], &(0x7f0000003ff6)='GPL\x00', 0x2, 0xc3, &(0x7f000000cf3d)=""/195, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x39}, 0x4d)

kernel console output (not intermixed with test programs):

ttributes in process `syz.1.1850'.
[  876.782591][T13411] ims_pcu 1-1:0.0: Zero length descriptor
[  876.809102][T13411] ims_pcu 1-1:0.0: probe with driver ims_pcu failed with error -22
[  876.895466][T13919] bridge0: port 1(bridge_slave_0) entered blocking state
[  876.928513][T13919] bridge0: port 1(bridge_slave_0) entered disabled state
[  876.950198][T13919] bridge_slave_0: entered allmulticast mode
[  876.973033][T13919] bridge_slave_0: entered promiscuous mode
[  877.007405][T13919] bridge0: port 2(bridge_slave_1) entered blocking state
[  877.309742][T13919] bridge0: port 2(bridge_slave_1) entered disabled state
[  877.495269][T13919] bridge_slave_1: entered allmulticast mode
[  877.522819][T13919] bridge_slave_1: entered promiscuous mode
[  877.539936][ T5906] usb 7-1: new high-speed USB device number 7 using dummy_hcd
[  877.573574][ T9401] usb 1-1: USB disconnect, device number 85
[  877.785816][T13360] usb 3-1: new high-speed USB device number 62 using dummy_hcd
[  877.924450][T14038] overlayfs: failed to resolve './file1': -2
[  878.147307][ T5906] usb 7-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config
[  878.161130][T13360] usb 3-1: Using ep0 maxpacket: 32
[  878.207356][T13360] usb 3-1: config 0 has an invalid interface number: 85 but max is 0
[  878.207845][T13919] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link
[  878.215551][T13360] usb 3-1: config 0 has no interface number 0
[  878.215601][T13360] usb 3-1: config 0 interface 85 altsetting 7 endpoint 0x82 has an invalid bInterval 0, changing to 7
[  878.270789][ T5906] usb 7-1: New USB device found, idVendor=04d8, idProduct=0083, bcdDevice=83.9c
[  878.280658][ T5906] usb 7-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  878.290548][ T5906] usb 7-1: Product: syz
[  878.294772][ T5906] usb 7-1: Manufacturer: syz
[  878.301015][T13360] usb 3-1: config 0 interface 85 has no altsetting 0
[  878.308110][ T5906] usb 7-1: SerialNumber: syz
[  878.329903][T13360] usb 3-1: New USB device found, idVendor=05ac, idProduct=0219, bcdDevice=f0.72
[  878.365049][ T5906] usb 7-1: config 0 descriptor??
[  878.372559][T13919] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link
[  878.401378][T13360] usb 3-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  878.432437][T13360] usb 3-1: Product: syz
[  878.464630][T13360] usb 3-1: Manufacturer: syz
[  878.473078][T13360] usb 3-1: SerialNumber: syz
[  878.524307][T13360] usb 3-1: config 0 descriptor??
[  878.904369][T13919] team0: Port device team_slave_0 added
[  879.656124][T13360] appletouch 3-1:0.85: Failed to read mode from device.
[  879.664202][T13360] appletouch 3-1:0.85: probe with driver appletouch failed with error -5
[  879.683368][T13919] team0: Port device team_slave_1 added
[  879.733295][T13360] usb 3-1: USB disconnect, device number 62
[  879.763293][T14052] iommufd_mock iommufd_mock0: Adding to iommu group 0
[  879.812064][T14052] iommufd_mock iommufd_mock1: Adding to iommu group 1
[  879.837543][  T978] usb 7-1: USB disconnect, device number 7
[  880.038238][T13919] batman_adv: batadv0: Adding interface: batadv_slave_0
[  880.198537][T13919] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[  880.224861][    C0] vkms_vblank_simulate: vblank timer overrun
[  880.231809][T13919] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active
[  880.559797][T13919] batman_adv: batadv0: Adding interface: batadv_slave_1
[  880.605799][T13919] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[  880.637885][T13919] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active
[  881.478914][T14076] ptrace attach of "./syz-executor exec"[5849] was attempted by "./syz-executor exec"[14076]
[  881.512581][T13258] wlan1: No active IBSS STAs - trying to scan for other IBSS networks with same SSID (merge)
[  881.600774][T13411] usb 7-1: new high-speed USB device number 8 using dummy_hcd
[  881.603271][T13919] hsr_slave_0: entered promiscuous mode
[  881.928724][T13919] hsr_slave_1: entered promiscuous mode
[  881.935334][T13919] debugfs: Directory 'hsr0' with parent 'hsr' already present!
[  881.977843][T13919] Cannot create hsr debugfs directory
[  882.020213][T13411] usb 7-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config
[  882.068728][T13411] usb 7-1: New USB device found, idVendor=04d8, idProduct=0083, bcdDevice=83.9c
[  882.081023][T13411] usb 7-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  882.093927][T13411] usb 7-1: Product: syz
[  882.141511][T13411] usb 7-1: Manufacturer: syz
[  882.166633][T13411] usb 7-1: SerialNumber: syz
[  882.201769][T13411] usb 7-1: config 0 descriptor??
[  882.243990][T13411] ims_pcu 7-1:0.0: Missing CDC union descriptor
[  882.264024][T13411] ims_pcu 7-1:0.0: probe with driver ims_pcu failed with error -22
[  882.574234][T14087] bridge0: entered allmulticast mode
[  882.696261][   T24] usb 1-1: new high-speed USB device number 86 using dummy_hcd
[  882.976625][   T24] usb 1-1: Using ep0 maxpacket: 32
[  883.248856][   T24] usb 1-1: config 0 has an invalid interface number: 219 but max is 0
[  883.280908][   T24] usb 1-1: config 0 has no interface number 0
[  883.287921][T13411] usb 7-1: USB disconnect, device number 8
[  883.324231][   T24] usb 1-1: config 0 interface 219 altsetting 0 has an invalid descriptor for endpoint zero, skipping
[  883.349981][   T24] usb 1-1: config 0 interface 219 altsetting 0 has an endpoint descriptor with address 0xDB, changing to 0x8B
[  883.378680][   T24] usb 1-1: config 0 interface 219 altsetting 0 endpoint 0x8B has invalid maxpacket 28739, setting to 1024
[  883.415866][   T24] usb 1-1: config 0 interface 219 altsetting 0 bulk endpoint 0x8B has invalid maxpacket 1024
[  883.436683][   T24] usb 1-1: config 0 interface 219 altsetting 0 bulk endpoint 0xB has invalid maxpacket 1023
[  883.476320][   T24] usb 1-1: config 0 interface 219 altsetting 0 has 3 endpoint descriptors, different from the interface descriptor's value: 2
[  883.512814][   T24] usb 1-1: New USB device found, idVendor=108c, idProduct=0169, bcdDevice=75.b9
[  883.538684][   T24] usb 1-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  883.564433][   T24] usb 1-1: Product: syz
[  883.581925][   T24] usb 1-1: Manufacturer: syz
[  883.592952][T14102] FAULT_INJECTION: forcing a failure.
[  883.592952][T14102] name fail_usercopy, interval 1, probability 0, space 0, times 0
[  883.607318][   T24] usb 1-1: SerialNumber: syz
[  883.631395][   T24] usb 1-1: config 0 descriptor??
[  883.644498][T14082] raw-gadget.1 gadget.0: fail, usb_ep_enable returned -22
[  883.665376][T14082] raw-gadget.1 gadget.0: fail, usb_ep_enable returned -22
[  883.696835][T14102] CPU: 1 UID: 0 PID: 14102 Comm: syz.1.1868 Not tainted 6.16.0-rc5-syzkaller-00053-g8c2e52ebbe88 #0 PREEMPT(full) 
[  883.696866][T14102] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025
[  883.696884][T14102] Call Trace:
[  883.696894][T14102]  <TASK>
[  883.696905][T14102]  dump_stack_lvl+0x189/0x250
[  883.696935][T14102]  ? __pfx____ratelimit+0x10/0x10
[  883.696967][T14102]  ? __pfx_dump_stack_lvl+0x10/0x10
[  883.696992][T14102]  ? __pfx__printk+0x10/0x10
[  883.697034][T14102]  should_fail_ex+0x414/0x560
[  883.697070][T14102]  _copy_to_user+0x31/0xb0
[  883.697098][T14102]  simple_read_from_buffer+0xe1/0x170
[  883.697136][T14102]  proc_fail_nth_read+0x1df/0x250
[  883.697163][T14102]  ? __pfx_proc_fail_nth_read+0x10/0x10
[  883.697188][T14102]  ? rw_verify_area+0x258/0x650
[  883.697215][T14102]  ? __pfx_proc_fail_nth_read+0x10/0x10
[  883.697239][T14102]  vfs_read+0x200/0x980
[  883.697274][T14102]  ? __pfx___mutex_lock+0x10/0x10
[  883.697295][T14102]  ? __pfx_vfs_read+0x10/0x10
[  883.697326][T14102]  ? __fget_files+0x2a/0x420
[  883.697351][T14102]  ? __fget_files+0x3a0/0x420
[  883.697369][T14102]  ? __fget_files+0x2a/0x420
[  883.697405][T14102]  ksys_read+0x145/0x250
[  883.697437][T14102]  ? __pfx_ksys_read+0x10/0x10
[  883.697462][T14102]  ? rcu_is_watching+0x15/0xb0
[  883.697492][T14102]  ? do_syscall_64+0xbe/0x3b0
[  883.697517][T14102]  do_syscall_64+0xfa/0x3b0
[  883.697535][T14102]  ? lockdep_hardirqs_on+0x9c/0x150
[  883.697567][T14102]  ? entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  883.697588][T14102]  ? clear_bhb_loop+0x60/0xb0
[  883.697616][T14102]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  883.697637][T14102] RIP: 0033:0x7fb7af58d33c
[  883.697655][T14102] Code: ec 28 48 89 54 24 18 48 89 74 24 10 89 7c 24 08 e8 99 93 02 00 48 8b 54 24 18 48 8b 74 24 10 41 89 c0 8b 7c 24 08 31 c0 0f 05 <48> 3d 00 f0 ff ff 77 34 44 89 c7 48 89 44 24 08 e8 ef 93 02 00 48
[  883.697674][T14102] RSP: 002b:00007fb7b0472030 EFLAGS: 00000246 ORIG_RAX: 0000000000000000
[  883.697697][T14102] RAX: ffffffffffffffda RBX: 00007fb7af7b5fa0 RCX: 00007fb7af58d33c
[  883.697713][T14102] RDX: 000000000000000f RSI: 00007fb7b04720a0 RDI: 0000000000000004
[  883.697725][T14102] RBP: 00007fb7b0472090 R08: 0000000000000000 R09: 0000000000000000
[  883.697739][T14102] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[  883.697752][T14102] R13: 0000000000000000 R14: 00007fb7af7b5fa0 R15: 00007ffe28e40348
[  883.697786][T14102]  </TASK>
[  884.038015][   T24] etas_es58x 1-1:0.219: Starting syz syz (Serial Number syz)
[  884.184549][   T24] etas_es58x 1-1:0.219: could not parse product info: '424242424242'
[  884.519680][   T24] usb 1-1: USB disconnect, device number 86
[  884.525828][T13411] usb 7-1: new high-speed USB device number 9 using dummy_hcd
[  884.637905][   T24] etas_es58x 1-1:0.219: Disconnecting syz syz
[  884.685958][T13411] usb 7-1: Using ep0 maxpacket: 16
[  884.716685][T13411] usb 7-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7
[  884.747548][T13411] usb 7-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0
[  884.769742][T13411] usb 7-1: config 0 interface 0 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 3
[  884.787868][T13411] usb 7-1: New USB device found, idVendor=0955, idProduct=7214, bcdDevice=ed.00
[  884.799502][T13411] usb 7-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  884.823779][T13411] usb 7-1: config 0 descriptor??
[  885.127110][T13360] usb 3-1: new high-speed USB device number 63 using dummy_hcd
[  885.155279][T13919] netdevsim netdevsim5 netdevsim0: renamed from eth0
[  885.167772][T13919] netdevsim netdevsim5 netdevsim1: renamed from eth1
[  885.200766][T13919] netdevsim netdevsim5 netdevsim2: renamed from eth2
[  885.222321][T13919] netdevsim netdevsim5 netdevsim3: renamed from eth3
[  885.285471][T13411] shield 0003:0955:7214.000D: item fetching failed at offset 4/5
[  885.307851][T13360] usb 3-1: Using ep0 maxpacket: 16
[  885.315376][T13411] shield 0003:0955:7214.000D: Parse failed
[  885.329588][T13360] usb 3-1: config 0 interface 0 altsetting 0 has an endpoint descriptor with address 0xF3, changing to 0x83
[  885.334968][T13411] shield 0003:0955:7214.000D: probe with driver shield failed with error -22
[  885.370865][T13360] usb 3-1: config 0 interface 0 altsetting 0 endpoint 0x83 has an invalid bInterval 0, changing to 7
[  885.421989][T13360] usb 3-1: New USB device found, idVendor=2040, idProduct=0264, bcdDevice=4e.d1
[  885.436083][ T5915] usb 2-1: new high-speed USB device number 96 using dummy_hcd
[  885.451236][T13919] 8021q: adding VLAN 0 to HW filter on device bond0
[  885.459217][T13360] usb 3-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  885.478382][T13360] usb 3-1: Product: syz
[  885.487957][T13360] usb 3-1: Manufacturer: syz
[  885.492641][T13360] usb 3-1: SerialNumber: syz
[  885.513284][T13360] usb 3-1: config 0 descriptor??
[  885.533320][T13919] 8021q: adding VLAN 0 to HW filter on device team0
[  885.549925][T14114] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy
[  885.561057][T13360] em28xx 3-1:0.0: New device syz syz @ 480 Mbps (2040:0264, interface 0, class 0)
[  885.567649][T14114] misc raw-gadget: fail, usb_gadget_register_driver returned -16
[  885.598427][ T6050] bridge0: port 1(bridge_slave_0) entered blocking state
[  885.604318][T13360] em28xx 3-1:0.0: Audio interface 0 found (Vendor Class)
[  885.605836][ T6050] bridge0: port 1(bridge_slave_0) entered forwarding state
[  885.622645][T14141] mkiss: ax0: crc mode is auto.
[  885.635880][ T5915] usb 2-1: Using ep0 maxpacket: 16
[  885.650394][ T6051] bridge0: port 2(bridge_slave_1) entered blocking state
[  885.657641][ T6051] bridge0: port 2(bridge_slave_1) entered forwarding state
[  885.669099][ T5915] usb 2-1: config 0 has an invalid interface number: 105 but max is 0
[  885.690918][ T5915] usb 2-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config
[  885.706226][ T5915] usb 2-1: config 0 has no interface number 0
[  885.720846][ T5915] usb 2-1: New USB device found, idVendor=046c, idProduct=14e8, bcdDevice= b.28
[  885.731007][ T5915] usb 2-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  885.739920][ T5915] usb 2-1: Product: syz
[  885.744315][ T5915] usb 2-1: Manufacturer: syz
[  885.749931][ T5915] usb 2-1: SerialNumber: syz
[  885.764438][ T5915] usb 2-1: config 0 descriptor??
[  885.796925][ T5915] usb 2-1: Found UVC 0.00 device syz (046c:14e8)
[  885.805117][ T5915] usb 2-1: No valid video chain found.
[  886.040769][T14149] netlink: 'syz.6.1870': attribute type 2 has an invalid length.
[  886.043153][T14150] ptrace attach of "./syz-executor exec"[5849] was attempted by "./syz-executor exec"[14150]
[  886.055365][T14149] netlink: 244 bytes leftover after parsing attributes in process `syz.6.1870'.
[  886.211539][T13360] em28xx 3-1:0.0: unknown em28xx chip ID (0)
[  886.307837][T13360] em28xx 3-1:0.0: Config register raw data: 0xfffffffb
[  887.116630][T13360] em28xx 3-1:0.0: Unknown AC97 audio processor detected!
[  887.820094][T13919] 8021q: adding VLAN 0 to HW filter on device batadv0
[  887.864643][T13411] usb 7-1: USB disconnect, device number 9
[  888.130533][T14173] netlink: 24 bytes leftover after parsing attributes in process `syz.6.1878'.
[  888.186078][T13360] em28xx 3-1:0.0: couldn't setup AC97 register 2
[  888.192944][T13360] em28xx 3-1:0.0: couldn't setup AC97 register 4
[  888.205630][T13360] em28xx 3-1:0.0: couldn't setup AC97 register 6
[  888.356379][T13360] em28xx 3-1:0.0: couldn't setup AC97 register 54
[  888.403825][T13360] em28xx 3-1:0.0: couldn't setup AC97 register 56
[  888.794210][T13360] usb 3-1: USB disconnect, device number 63
[  889.313141][T13919] veth0_vlan: entered promiscuous mode
[  889.332512][T13919] veth1_vlan: entered promiscuous mode
[  889.388409][T13919] veth0_macvtap: entered promiscuous mode
[  889.395862][T13360] usb 3-1: new high-speed USB device number 64 using dummy_hcd
[  889.409030][T13919] veth1_macvtap: entered promiscuous mode
[  889.676492][T13360] usb 3-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config
[  889.814433][T13360] usb 3-1: New USB device found, idVendor=04d8, idProduct=0083, bcdDevice=83.9c
[  889.858548][T13360] usb 3-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  889.869338][ T9813] usb 7-1: new high-speed USB device number 10 using dummy_hcd
[  889.911070][T13360] usb 3-1: Product: syz
[  890.090549][T13360] usb 3-1: Manufacturer: syz
[  890.093203][T13919] batman_adv: batadv0: Interface activated: batadv_slave_0
[  890.095221][T13360] usb 3-1: SerialNumber: syz
[  890.120875][T13919] batman_adv: batadv0: Interface activated: batadv_slave_1
[  890.130487][T13360] usb 3-1: config 0 descriptor??
[  890.142783][T13919] netdevsim netdevsim5 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0
[  890.155140][T13919] netdevsim netdevsim5 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0
[  890.167770][T13360] ims_pcu 3-1:0.0: Missing CDC union descriptor
[  890.174130][T13360] ims_pcu 3-1:0.0: probe with driver ims_pcu failed with error -22
[  890.193807][ T9813] usb 7-1: config 0 interface 0 altsetting 0 endpoint 0x82 has invalid wMaxPacketSize 0
[  890.204225][T13919] netdevsim netdevsim5 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0
[  890.224260][ T9813] usb 7-1: New USB device found, idVendor=0cf3, idProduct=9374, bcdDevice=bc.3b
[  890.254254][T13919] netdevsim netdevsim5 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0
[  890.275004][ T9813] usb 7-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  890.320912][ T9813] usb 7-1: config 0 descriptor??
[  891.045701][ T6051] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[  891.071632][ T6051] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50
[  891.128042][T13411] usb 3-1: USB disconnect, device number 64
[  891.208243][  T771] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[  891.252650][  T771] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50
[  891.258262][ T9813] ath6kl: Failed to read usb control message: -71
[  891.291894][ T9813] ath6kl: Unable to read the bmi data from the device: -71
[  891.336967][ T9813] ath6kl: Unable to recv target info: -71
[  891.357293][ T9813] ath6kl: Failed to init ath6kl core: -71
[  891.386738][ T9813] ath6kl_usb 7-1:0.0: probe with driver ath6kl_usb failed with error -71
[  891.442416][T14213] ptrace attach of "./syz-executor exec"[5849] was attempted by "./syz-executor exec"[14213]
[  891.923397][ T9813] usb 7-1: USB disconnect, device number 10
[  893.372840][  T771] netdevsim netdevsim5 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  894.204417][  T771] netdevsim netdevsim5 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  894.348011][  T771] netdevsim netdevsim5 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  894.434900][  T771] netdevsim netdevsim5 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  894.672449][  T771] bridge_slave_1: left allmulticast mode
[  894.679550][  T771] bridge_slave_1: left promiscuous mode
[  894.687258][  T771] bridge0: port 2(bridge_slave_1) entered disabled state
[  894.700008][  T771] bridge_slave_0: left allmulticast mode
[  894.706221][  T771] bridge_slave_0: left promiscuous mode
[  894.712060][  T771] bridge0: port 1(bridge_slave_0) entered disabled state
[  895.119462][  T771] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface
[  895.132103][  T771] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface
[  895.144611][  T771] bond0 (unregistering): Released all slaves
[  895.473774][  T771] hsr_slave_0: left promiscuous mode
[  895.487188][  T771] hsr_slave_1: left promiscuous mode
[  895.493342][  T771] batman_adv: batadv0: Interface deactivated: batadv_slave_0
[  895.502441][  T771] batman_adv: batadv0: Removing interface: batadv_slave_0
[  895.513492][  T771] batman_adv: batadv0: Interface deactivated: batadv_slave_1
[  895.521290][  T771] batman_adv: batadv0: Removing interface: batadv_slave_1
[  895.560490][  T771] veth1_macvtap: left promiscuous mode
[  895.580118][  T771] veth0_macvtap: left promiscuous mode
[  895.597791][  T771] veth1_vlan: left promiscuous mode
[  895.603225][  T771] veth0_vlan: left promiscuous mode
[  895.687011][T14262] netlink: 4 bytes leftover after parsing attributes in process `syz.2.1889'.
[  895.781598][T14264] netlink: 28 bytes leftover after parsing attributes in process `syz.2.1889'.
[  895.895971][T13411] usb 7-1: new high-speed USB device number 11 using dummy_hcd
[  896.075957][T13411] usb 7-1: Using ep0 maxpacket: 16
[  896.092030][T13411] usb 7-1: config 0 interface 0 altsetting 0 has an endpoint descriptor with address 0xF3, changing to 0x83
[  896.129605][T13411] usb 7-1: config 0 interface 0 altsetting 0 endpoint 0x83 has an invalid bInterval 0, changing to 7
[  896.197144][T13411] usb 7-1: New USB device found, idVendor=2040, idProduct=0264, bcdDevice=4e.d1
[  896.217288][T13411] usb 7-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  896.225351][T13411] usb 7-1: Product: syz
[  896.243272][T13411] usb 7-1: Manufacturer: syz
[  896.256080][T13411] usb 7-1: SerialNumber: syz
[  896.271397][T13411] usb 7-1: config 0 descriptor??
[  896.284474][T13642] Bluetooth: hci0: unexpected cc 0x0c03 length: 249 > 1
[  896.290195][T13411] em28xx 7-1:0.0: New device syz syz @ 480 Mbps (2040:0264, interface 0, class 0)
[  896.321737][T13642] Bluetooth: hci0: unexpected cc 0x1003 length: 249 > 9
[  896.335087][T13411] em28xx 7-1:0.0: Audio interface 0 found (Vendor Class)
[  896.342845][T13642] Bluetooth: hci0: unexpected cc 0x1001 length: 249 > 9
[  896.370684][   T30] kauditd_printk_skb: 59 callbacks suppressed
[  896.370703][   T30] audit: type=1326 audit(1752168575.704:196): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=14257 comm="syz.0.1888" exe="/root/syz-executor" sig=31 arch=c000003e syscall=202 compat=0 ip=0x7f571f58e929 code=0x0
[  896.405111][T13642] Bluetooth: hci0: unexpected cc 0x0c23 length: 249 > 4
[  896.414508][T13642] Bluetooth: hci0: unexpected cc 0x0c38 length: 249 > 2
[  896.924574][T13411] em28xx 7-1:0.0: unknown em28xx chip ID (0)
[  896.933139][T13411] em28xx 7-1:0.0: Config register raw data: 0xfffffffb
[  897.004084][  T771] team0 (unregistering): Port device team_slave_1 removed
[  897.083145][  T771] team0 (unregistering): Port device team_slave_0 removed
[  897.308115][T14280] ptrace attach of "./syz-executor exec"[5849] was attempted by "./syz-executor exec"[14280]
[  897.596383][T13411] em28xx 7-1:0.0: Unknown AC97 audio processor detected!
[  898.208635][  T978] usb 1-1: new high-speed USB device number 87 using dummy_hcd
[  898.390600][  T978] usb 1-1: Using ep0 maxpacket: 16
[  898.413915][  T978] usb 1-1: config 0 has an invalid interface number: 132 but max is 0
[  898.443671][  T978] usb 1-1: config 0 has no interface number 0
[  898.463280][  T978] usb 1-1: New USB device found, idVendor=05ac, idProduct=0291, bcdDevice=43.25
[  898.483803][  T978] usb 1-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  898.495826][T13642] Bluetooth: hci0: command tx timeout
[  898.530958][  T978] usb 1-1: Product: syz
[  898.571893][  T978] usb 1-1: Manufacturer: syz
[  898.578231][  T978] usb 1-1: SerialNumber: syz
[  898.608116][T14286] trusted_key: encrypted_key: keylen parameter is missing
[  898.731143][  T978] usb 1-1: config 0 descriptor??
[  898.797687][T13411] em28xx 7-1:0.0: couldn't setup AC97 register 2
[  899.081892][  T978] hub 1-1:0.132: bad descriptor, ignoring hub
[  899.092341][  T978] hub 1-1:0.132: probe with driver hub failed with error -5
[  899.156598][T13411] em28xx 7-1:0.0: couldn't setup AC97 register 4
[  899.173545][  T978] input: bcm5974 as /devices/platform/dummy_hcd.0/usb1/1-1/1-1:0.132/input/input17
[  899.215961][T13411] em28xx 7-1:0.0: couldn't setup AC97 register 6
[  899.243357][T13411] em28xx 7-1:0.0: couldn't setup AC97 register 54
[  899.282053][T13411] em28xx 7-1:0.0: couldn't setup AC97 register 56
[  899.298016][  T978] usb 1-1: USB disconnect, device number 87
[  899.814503][T13411] usb 7-1: USB disconnect, device number 11
[  900.095488][T14270] chnl_net:caif_netlink_parms(): no params data found
[  900.145806][   T24] usb 3-1: new high-speed USB device number 65 using dummy_hcd
[  900.318660][T14270] bridge0: port 1(bridge_slave_0) entered blocking state
[  900.331414][T14270] bridge0: port 1(bridge_slave_0) entered disabled state
[  900.341595][T14270] bridge_slave_0: entered allmulticast mode
[  900.354354][   T24] usb 3-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config
[  900.356623][T14270] bridge_slave_0: entered promiscuous mode
[  900.382521][   T24] usb 3-1: New USB device found, idVendor=04d8, idProduct=0083, bcdDevice=83.9c
[  900.405767][   T24] usb 3-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  900.413700][T14270] bridge0: port 2(bridge_slave_1) entered blocking state
[  900.425723][   T24] usb 3-1: Product: syz
[  900.427790][T14270] bridge0: port 2(bridge_slave_1) entered disabled state
[  900.429930][   T24] usb 3-1: Manufacturer: syz
[  900.440942][T14270] bridge_slave_1: entered allmulticast mode
[  900.445833][   T24] usb 3-1: SerialNumber: syz
[  900.453558][T14270] bridge_slave_1: entered promiscuous mode
[  900.465973][  T978] usb 1-1: new high-speed USB device number 88 using dummy_hcd
[  900.474746][   T24] usb 3-1: config 0 descriptor??
[  900.499842][   T24] ims_pcu 3-1:0.0: Missing CDC union descriptor
[  900.515841][   T24] ims_pcu 3-1:0.0: probe with driver ims_pcu failed with error -22
[  900.575951][T13642] Bluetooth: hci0: command tx timeout
[  900.597330][T14270] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link
[  900.619326][T14270] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link
[  900.647555][ T9813] usb 7-1: new high-speed USB device number 12 using dummy_hcd
[  900.654082][ T5156] Bluetooth: hci1: unexpected cc 0x0c03 length: 249 > 1
[  900.661223][  T978] usb 1-1: New USB device found, idVendor=9710, idProduct=7730, bcdDevice=96.33
[  900.675386][ T5156] Bluetooth: hci1: unexpected cc 0x1003 length: 249 > 9
[  900.676637][  T978] usb 1-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  900.691133][ T5156] Bluetooth: hci1: unexpected cc 0x1001 length: 249 > 9
[  900.715407][ T5156] Bluetooth: hci1: unexpected cc 0x0c23 length: 249 > 4
[  900.733390][ T5156] Bluetooth: hci1: unexpected cc 0x0c38 length: 249 > 2
[  900.740352][  T978] usb 1-1: config 0 descriptor??
[  900.995743][ T9813] usb 7-1: config 0 interface 0 altsetting 0 endpoint 0x82 has invalid wMaxPacketSize 0
[  901.115902][ T9813] usb 7-1: New USB device found, idVendor=0cf3, idProduct=9374, bcdDevice=bc.3b
[  901.146258][ T9813] usb 7-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  901.258319][ T9813] usb 7-1: config 0 descriptor??
[  901.353106][ T5906] usb 3-1: USB disconnect, device number 65
[  901.384732][T14270] team0: Port device team_slave_0 added
[  901.402665][T14270] team0: Port device team_slave_1 added
[  901.463923][T14270] batman_adv: batadv0: Adding interface: batadv_slave_0
[  901.474436][T14270] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[  901.500408][    C0] vkms_vblank_simulate: vblank timer overrun
[  901.508276][T14270] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active
[  901.533571][T14270] batman_adv: batadv0: Adding interface: batadv_slave_1
[  901.541164][T14270] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[  901.567062][    C0] vkms_vblank_simulate: vblank timer overrun
[  901.575234][T14270] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active
[  901.695249][T14270] hsr_slave_0: entered promiscuous mode
[  901.703796][T14270] hsr_slave_1: entered promiscuous mode
[  901.710632][T14270] debugfs: Directory 'hsr0' with parent 'hsr' already present!
[  901.718812][T14270] Cannot create hsr debugfs directory
[  901.726184][T14302] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy
[  901.735097][T14302] misc raw-gadget: fail, usb_gadget_register_driver returned -16
[  901.949932][ T9813] ath6kl: Failed to read usb control message: -71
[  901.967522][ T9813] ath6kl: Unable to read the bmi data from the device: -71
[  901.977892][ T9813] ath6kl: Unable to recv target info: -71
[  901.988035][ T9813] ath6kl: Failed to init ath6kl core: -71
[  901.994437][ T9813] ath6kl_usb 7-1:0.0: probe with driver ath6kl_usb failed with error -71
[  902.225381][ T9813] usb 7-1: USB disconnect, device number 12
[  902.715867][T13642] Bluetooth: hci0: command tx timeout
[  903.152146][T13642] Bluetooth: hci1: command tx timeout
[  904.735983][T13642] Bluetooth: hci0: command tx timeout
[  905.146377][T14309] chnl_net:caif_netlink_parms(): no params data found
[  905.225978][T13642] Bluetooth: hci1: command tx timeout
[  905.389735][   T30] audit: type=1326 audit(1752168584.584:197): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=14325 comm="syz.2.1901" exe="/root/syz-executor" sig=31 arch=c000003e syscall=202 compat=0 ip=0x7f44f318e929 code=0x0
[  906.037241][  T978] usb 1-1: Cannot set autoneg
[  906.042249][  T978] MOSCHIP usb-ethernet driver 1-1:0.0: probe with driver MOSCHIP usb-ethernet driver failed with error -71
[  906.094546][  T978] usb 1-1: USB disconnect, device number 88
[  906.162915][T14337] netlink: 4 bytes leftover after parsing attributes in process `syz.6.1904'.
[  906.217579][T14337] netlink: 8 bytes leftover after parsing attributes in process `syz.6.1904'.
[  906.364093][T14309] bridge0: port 1(bridge_slave_0) entered blocking state
[  906.374604][T14309] bridge0: port 1(bridge_slave_0) entered disabled state
[  906.391530][T14309] bridge_slave_0: entered allmulticast mode
[  906.398035][   T24] usb 3-1: new high-speed USB device number 66 using dummy_hcd
[  906.412161][T14309] bridge_slave_0: entered promiscuous mode
[  906.437855][T14309] bridge0: port 2(bridge_slave_1) entered blocking state
[  906.445228][T14309] bridge0: port 2(bridge_slave_1) entered disabled state
[  906.454277][T14309] bridge_slave_1: entered allmulticast mode
[  906.463127][T14309] bridge_slave_1: entered promiscuous mode
[  906.684030][T14309] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link
[  906.718106][T14309] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link
[  906.746900][   T24] usb 3-1: Using ep0 maxpacket: 16
[  906.755129][   T24] usb 3-1: config 0 interface 0 altsetting 0 has an endpoint descriptor with address 0xF3, changing to 0x83
[  906.790611][   T24] usb 3-1: config 0 interface 0 altsetting 0 endpoint 0x83 has an invalid bInterval 0, changing to 7
[  906.811331][   T24] usb 3-1: New USB device found, idVendor=2040, idProduct=0264, bcdDevice=4e.d1
[  906.824291][   T24] usb 3-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  907.018679][T14345] block device autoloading is deprecated and will be removed.
[  907.465206][T13642] Bluetooth: hci1: command tx timeout
[  907.544530][   T24] usb 3-1: Product: syz
[  907.553327][   T24] usb 3-1: Manufacturer: syz
[  907.559065][   T24] usb 3-1: SerialNumber: syz
[  907.568123][   T24] usb 3-1: config 0 descriptor??
[  907.581545][   T24] em28xx 3-1:0.0: New device syz syz @ 480 Mbps (2040:0264, interface 0, class 0)
[  907.706327][   T24] em28xx 3-1:0.0: Audio interface 0 found (Vendor Class)
[  908.076454][T14309] team0: Port device team_slave_0 added
[  908.340099][   T24] em28xx 3-1:0.0: unknown em28xx chip ID (0)
[  908.416472][   T24] em28xx 3-1:0.0: Config register raw data: 0xfffffffb
[  908.627860][T14309] team0: Port device team_slave_1 added
[  908.984138][T14357] overlayfs: option "workdir=./bus" is useless in a non-upper mount, ignore
[  908.991408][T14309] batman_adv: batadv0: Adding interface: batadv_slave_0
[  908.997917][T14357] overlayfs: at least 2 lowerdir are needed while upperdir nonexistent
[  909.026574][T14309] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[  909.062510][T14309] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active
[  909.099751][   T24] em28xx 3-1:0.0: Unknown AC97 audio processor detected!
[  909.101862][T14309] batman_adv: batadv0: Adding interface: batadv_slave_1
[  909.250437][T14309] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[  909.325534][   T24] em28xx 3-1:0.0: couldn't setup AC97 register 2
[  909.395253][   T24] em28xx 3-1:0.0: couldn't setup AC97 register 4
[  909.492210][   T24] em28xx 3-1:0.0: couldn't setup AC97 register 6
[  909.558319][T13642] Bluetooth: hci1: command tx timeout
[  909.564243][T14309] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active
[  909.598186][   T24] em28xx 3-1:0.0: couldn't setup AC97 register 54
[  909.617104][   T24] em28xx 3-1:0.0: couldn't setup AC97 register 56
[  909.646371][   T24] usb 3-1: USB disconnect, device number 66
[  909.661785][T14270] netdevsim netdevsim5 netdevsim0: renamed from eth0
[  909.736815][T14270] netdevsim netdevsim5 netdevsim1: renamed from eth1
[  909.764168][T14270] netdevsim netdevsim5 netdevsim2: renamed from eth2
[  909.932774][T14270] netdevsim netdevsim5 netdevsim3: renamed from eth3
[  910.172270][T14309] hsr_slave_0: entered promiscuous mode
[  910.194166][T14309] hsr_slave_1: entered promiscuous mode
[  910.201585][T14309] debugfs: Directory 'hsr0' with parent 'hsr' already present!
[  910.301635][T14368] Bluetooth: MGMT ver 1.23
[  910.383428][T14309] Cannot create hsr debugfs directory
[  910.851132][T14385] netlink: 4 bytes leftover after parsing attributes in process `syz.2.1915'.
[  910.943028][T14385] netlink: 8 bytes leftover after parsing attributes in process `syz.2.1915'.
[  912.350361][T14270] 8021q: adding VLAN 0 to HW filter on device bond0
[  912.360538][T14309] netdevsim netdevsim7 netdevsim0: renamed from eth0
[  912.402087][T14309] netdevsim netdevsim7 netdevsim1: renamed from eth1
[  912.424516][ T5156] Bluetooth: hci0: command 0x0c1a tx timeout
[  912.428604][T13642] Bluetooth: hci0: Opcode 0x0c1a failed: -110
[  912.465058][T14270] 8021q: adding VLAN 0 to HW filter on device team0
[  912.485071][T14309] netdevsim netdevsim7 netdevsim2: renamed from eth2
[  912.599584][T14401] overlayfs: option "workdir=./bus" is useless in a non-upper mount, ignore
[  912.606969][ T6122] bridge0: port 1(bridge_slave_0) entered blocking state
[  912.615590][ T6122] bridge0: port 1(bridge_slave_0) entered forwarding state
[  912.863416][T14402] overlayfs: option "workdir=./file1" is useless in a non-upper mount, ignore
[  912.875974][T14402] overlayfs: at least 2 lowerdir are needed while upperdir nonexistent
[  912.909724][T14401] overlayfs: at least 2 lowerdir are needed while upperdir nonexistent
[  912.947934][T14309] netdevsim netdevsim7 netdevsim3: renamed from eth3
[  912.948986][ T6191] wlan1: No active IBSS STAs - trying to scan for other IBSS networks with same SSID (merge)
[  913.113932][ T3490] bridge0: port 2(bridge_slave_1) entered blocking state
[  913.121177][ T3490] bridge0: port 2(bridge_slave_1) entered forwarding state
[  913.162268][T14403] netlink: 'syz.0.1918': attribute type 2 has an invalid length.
[  913.492004][T14416] netlink: 20 bytes leftover after parsing attributes in process `syz.6.1921'.
[  913.639212][T13411] usb 3-1: new high-speed USB device number 67 using dummy_hcd
[  913.673218][T14309] 8021q: adding VLAN 0 to HW filter on device bond0
[  913.760073][T14309] 8021q: adding VLAN 0 to HW filter on device team0
[  913.825025][ T6051] bridge0: port 1(bridge_slave_0) entered blocking state
[  913.832320][ T6051] bridge0: port 1(bridge_slave_0) entered forwarding state
[  913.860191][T13411] usb 3-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config
[  913.909730][ T6051] bridge0: port 2(bridge_slave_1) entered blocking state
[  913.916958][ T6051] bridge0: port 2(bridge_slave_1) entered forwarding state
[  913.940398][T13411] usb 3-1: New USB device found, idVendor=04d8, idProduct=0083, bcdDevice=83.9c
[  914.024138][T13411] usb 3-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  914.051086][T14270] 8021q: adding VLAN 0 to HW filter on device batadv0
[  914.138691][T13411] usb 3-1: Product: syz
[  914.142934][T13411] usb 3-1: Manufacturer: syz
[  914.193315][T13411] usb 3-1: SerialNumber: syz
[  914.224594][T13411] usb 3-1: config 0 descriptor??
[  914.273177][T13411] ims_pcu 3-1:0.0: Missing CDC union descriptor
[  914.304546][T13411] ims_pcu 3-1:0.0: probe with driver ims_pcu failed with error -22
[  915.494596][ T9813] usb 3-1: USB disconnect, device number 67
[  915.502705][T14441] netlink: 4 bytes leftover after parsing attributes in process `syz.6.1926'.
[  915.533329][T14441] netlink: 8 bytes leftover after parsing attributes in process `syz.6.1926'.
[  915.774869][T14309] 8021q: adding VLAN 0 to HW filter on device batadv0
[  916.024520][T14270] veth0_vlan: entered promiscuous mode
[  916.040144][T14270] veth1_vlan: entered promiscuous mode
[  916.065814][   T24] usb 7-1: new high-speed USB device number 13 using dummy_hcd
[  916.214023][T14270] veth0_macvtap: entered promiscuous mode
[  916.305821][   T24] usb 7-1: New USB device found, idVendor=8086, idProduct=0110, bcdDevice=bf.ad
[  916.309027][T14270] veth1_macvtap: entered promiscuous mode
[  916.340471][T14270] batman_adv: batadv0: Interface activated: batadv_slave_0
[  916.353606][T14270] batman_adv: batadv0: Interface activated: batadv_slave_1
[  916.362571][   T24] usb 7-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  916.393449][T14270] netdevsim netdevsim5 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0
[  916.413623][T14270] netdevsim netdevsim5 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0
[  916.433852][   T24] usb 7-1: config 0 descriptor??
[  916.435744][T14270] netdevsim netdevsim5 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0
[  916.451315][T14465] netlink: 24 bytes leftover after parsing attributes in process `syz.2.1930'.
[  916.480655][   T24] gspca_main: spca508-2.14.0 probing 8086:0110
[  916.486039][T14270] netdevsim netdevsim5 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0
[  916.669711][   T24] gspca_spca508: reg_read err -32
[  916.683650][   T24] gspca_spca508: reg_read err -32
[  916.798759][   T13] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[  916.815994][   T13] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50
[  916.966293][T14473] netlink: 24 bytes leftover after parsing attributes in process `syz.0.1931'.
[  917.206904][   T24] gspca_spca508: reg_read err -110
[  917.221070][   T24] gspca_spca508: reg_read err -32
[  917.237004][   T24] gspca_spca508: reg write: error -32
[  917.318494][   T24] spca508 7-1:0.0: probe with driver spca508 failed with error -32
[  918.453868][ T6050] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[  918.525123][ T6050] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50
[  918.567627][T14309] veth0_vlan: entered promiscuous mode
[  918.754124][T14309] veth1_vlan: entered promiscuous mode
[  918.830820][T14309] veth0_macvtap: entered promiscuous mode
[  918.842286][T14309] veth1_macvtap: entered promiscuous mode
[  918.965380][T14309] batman_adv: batadv0: Interface activated: batadv_slave_0
[  919.406528][T14309] batman_adv: batadv0: Interface activated: batadv_slave_1
[  919.760540][T13411] usb 7-1: USB disconnect, device number 13
[  919.898354][T14309] netdevsim netdevsim7 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0
[  920.216650][T14309] netdevsim netdevsim7 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0
[  920.462531][T14309] netdevsim netdevsim7 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0
[  920.495814][T14309] netdevsim netdevsim7 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0
[  920.676085][T13411] usb 3-1: new high-speed USB device number 68 using dummy_hcd
[  920.875877][T13411] usb 3-1: Using ep0 maxpacket: 8
[  920.921136][T13411] usb 3-1: New USB device found, idVendor=1660, idProduct=0932, bcdDevice=80.ea
[  920.975907][T13411] usb 3-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  921.006072][T13411] usb 3-1: Product: syz
[  921.010453][T13411] usb 3-1: Manufacturer: syz
[  921.078446][T13411] usb 3-1: SerialNumber: syz
[  921.167809][T13411] usb 3-1: config 0 descriptor??
[  921.204080][T13411] dvb-usb: found a 'Medion MD95700 (MDUSBTV-HYBRID)' in warm state.
[  921.281170][T13411] usb 3-1: setting power ON
[  921.298453][T13411] dvb-usb: bulk message failed: -22 (2/0)
[  921.342286][T13411] dvb-usb: will pass the complete MPEG2 transport stream to the software demuxer.
[  921.396057][T14503] dvb-usb: bulk message failed: -22 (3/0)
[  921.406976][T13411] dvbdev: DVB: registering new adapter (Medion MD95700 (MDUSBTV-HYBRID))
[  921.444075][T13411] usb 3-1: media controller created
[  921.510079][ T3577] netdevsim netdevsim5 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  921.567581][T13411] dvbdev: dvb_create_media_entity: media entity 'dvb-demux' registered.
[  921.732540][T13411] usb 3-1: selecting invalid altsetting 6
[  921.783697][T13411] usb 3-1: digital interface selection failed (-22)
[  921.799528][T13411] dvb-usb: no frontend was attached by 'Medion MD95700 (MDUSBTV-HYBRID)'
[  921.809162][T13411] usb 3-1: setting power OFF
[  921.816205][T13411] dvb-usb: bulk message failed: -22 (2/0)
[  921.831313][T13411] dvb-usb: Medion MD95700 (MDUSBTV-HYBRID) successfully initialized and connected.
[  921.850652][ T3577] netdevsim netdevsim5 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  921.861806][T13411] (NULL device *): no alternate interface
[  921.985354][ T3577] netdevsim netdevsim5 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  922.032031][   T64] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[  922.051000][   T64] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50
[  922.078953][ T3577] netdevsim netdevsim5 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  922.158195][   T64] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[  922.179057][   T64] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50
[  922.352347][ T3577] bridge_slave_1: left allmulticast mode
[  922.366155][ T3577] bridge_slave_1: left promiscuous mode
[  922.372095][ T3577] bridge0: port 2(bridge_slave_1) entered disabled state
[  922.404370][ T3577] bridge_slave_0: left allmulticast mode
[  922.415471][ T3577] bridge_slave_0: left promiscuous mode
[  922.434275][ T3577] bridge0: port 1(bridge_slave_0) entered disabled state
[  922.820522][T13411] dvb-usb: Medion MD95700 (MDUSBTV-HYBRID) successfully deinitialized and disconnected.
[  922.849639][T13411] usb 3-1: USB disconnect, device number 68
[  923.008780][ T3577] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface
[  923.021344][ T3577] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface
[  923.031848][ T3577] bond0 (unregistering): Released all slaves
[  923.344248][T14555] FAULT_INJECTION: forcing a failure.
[  923.344248][T14555] name failslab, interval 1, probability 0, space 0, times 0
[  923.386089][T14555] CPU: 1 UID: 0 PID: 14555 Comm: syz.2.1941 Not tainted 6.16.0-rc5-syzkaller-00053-g8c2e52ebbe88 #0 PREEMPT(full) 
[  923.386120][T14555] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025
[  923.386133][T14555] Call Trace:
[  923.386143][T14555]  <TASK>
[  923.386152][T14555]  dump_stack_lvl+0x189/0x250
[  923.386181][T14555]  ? __pfx____ratelimit+0x10/0x10
[  923.386213][T14555]  ? __pfx_dump_stack_lvl+0x10/0x10
[  923.386237][T14555]  ? __pfx__printk+0x10/0x10
[  923.386271][T14555]  ? __pfx___might_resched+0x10/0x10
[  923.386300][T14555]  should_fail_ex+0x414/0x560
[  923.386337][T14555]  should_failslab+0xa8/0x100
[  923.386371][T14555]  kmem_cache_alloc_node_noprof+0x76/0x3c0
[  923.386402][T14555]  ? __alloc_skb+0x112/0x2d0
[  923.386431][T14555]  __alloc_skb+0x112/0x2d0
[  923.386459][T14555]  netlink_sendmsg+0x5c6/0xb30
[  923.386496][T14555]  ? __pfx_netlink_sendmsg+0x10/0x10
[  923.386530][T14555]  ? bpf_lsm_socket_sendmsg+0x9/0x20
[  923.386560][T14555]  ? __pfx_netlink_sendmsg+0x10/0x10
[  923.386586][T14555]  __sock_sendmsg+0x219/0x270
[  923.386621][T14555]  ____sys_sendmsg+0x505/0x830
[  923.386654][T14555]  ? __pfx_____sys_sendmsg+0x10/0x10
[  923.386692][T14555]  ? import_iovec+0x74/0xa0
[  923.386720][T14555]  ___sys_sendmsg+0x21f/0x2a0
[  923.386750][T14555]  ? __pfx____sys_sendmsg+0x10/0x10
[  923.386826][T14555]  ? __fget_files+0x2a/0x420
[  923.386844][T14555]  ? __fget_files+0x3a0/0x420
[  923.386876][T14555]  __x64_sys_sendmsg+0x19b/0x260
[  923.386906][T14555]  ? __pfx___x64_sys_sendmsg+0x10/0x10
[  923.386944][T14555]  ? __pfx_ksys_write+0x10/0x10
[  923.386970][T14555]  ? rcu_is_watching+0x15/0xb0
[  923.386999][T14555]  ? do_syscall_64+0xbe/0x3b0
[  923.387024][T14555]  do_syscall_64+0xfa/0x3b0
[  923.387042][T14555]  ? lockdep_hardirqs_on+0x9c/0x150
[  923.387073][T14555]  ? entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  923.387093][T14555]  ? clear_bhb_loop+0x60/0xb0
[  923.387119][T14555]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  923.387139][T14555] RIP: 0033:0x7f44f318e929
[  923.387158][T14555] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[  923.387176][T14555] RSP: 002b:00007f44f3f73038 EFLAGS: 00000246 ORIG_RAX: 000000000000002e
[  923.387200][T14555] RAX: ffffffffffffffda RBX: 00007f44f33b5fa0 RCX: 00007f44f318e929
[  923.387216][T14555] RDX: 0000000000000800 RSI: 0000200000001180 RDI: 0000000000000004
[  923.387229][T14555] RBP: 00007f44f3f73090 R08: 0000000000000000 R09: 0000000000000000
[  923.387243][T14555] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[  923.387256][T14555] R13: 0000000000000000 R14: 00007f44f33b5fa0 R15: 00007ffc1dfa2178
[  923.387290][T14555]  </TASK>
[  924.856786][ T5156] Bluetooth: hci0: unexpected cc 0x0c03 length: 249 > 1
[  924.875990][ T5156] Bluetooth: hci0: unexpected cc 0x1003 length: 249 > 9
[  924.886457][ T5156] Bluetooth: hci0: unexpected cc 0x1001 length: 249 > 9
[  924.921668][ T5156] Bluetooth: hci0: unexpected cc 0x0c23 length: 249 > 4
[  924.946223][ T5156] Bluetooth: hci0: unexpected cc 0x0c38 length: 249 > 2
[  925.013173][ T3577] hsr_slave_0: left promiscuous mode
[  925.036071][ T3577] hsr_slave_1: left promiscuous mode
[  925.042053][ T3577] batman_adv: batadv0: Interface deactivated: batadv_slave_0
[  925.060855][T14585] netlink: 20 bytes leftover after parsing attributes in process `syz.0.1945'.
[  925.074476][ T3577] batman_adv: batadv0: Removing interface: batadv_slave_0
[  925.099132][ T3577] batman_adv: batadv0: Interface deactivated: batadv_slave_1
[  925.116363][ T3577] batman_adv: batadv0: Removing interface: batadv_slave_1
[  925.171888][ T3577] veth1_macvtap: left promiscuous mode
[  925.179030][ T3577] veth0_macvtap: left promiscuous mode
[  925.184845][ T3577] veth1_vlan: left promiscuous mode
[  925.197906][ T3577] veth0_vlan: left promiscuous mode
[  925.445825][  T978] usb 3-1: new high-speed USB device number 69 using dummy_hcd
[  925.621337][  T978] usb 3-1: config 0 interface 0 altsetting 0 endpoint 0x82 has invalid wMaxPacketSize 0
[  925.642817][  T978] usb 3-1: New USB device found, idVendor=0cf3, idProduct=9374, bcdDevice=bc.3b
[  925.652416][  T978] usb 3-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  925.666315][  T978] usb 3-1: config 0 descriptor??
[  926.054867][ T3577] team0 (unregistering): Port device team_slave_1 removed
[  926.087809][T14582] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy
[  926.099928][T14582] misc raw-gadget: fail, usb_gadget_register_driver returned -16
[  926.133029][ T3577] team0 (unregistering): Port device team_slave_0 removed
[  926.341991][  T978] ath6kl: Failed to read usb control message: -71
[  926.385980][  T978] ath6kl: Unable to read the bmi data from the device: -71
[  926.398061][  T978] ath6kl: Unable to recv target info: -71
[  926.414304][  T978] ath6kl: Failed to init ath6kl core: -71
[  926.423606][  T978] ath6kl_usb 3-1:0.0: probe with driver ath6kl_usb failed with error -71
[  926.448715][  T978] usb 3-1: USB disconnect, device number 69
[  927.064651][ T5156] Bluetooth: hci0: command tx timeout
[  927.898071][T14599] pim6reg: entered allmulticast mode
[  927.904066][T14601] pim6reg: left allmulticast mode
[  928.296238][ T9401] usb 8-1: new full-speed USB device number 2 using dummy_hcd
[  928.737503][ T9401] usb 8-1: config 0 has an invalid interface number: 107 but max is 0
[  928.768424][ T9401] usb 8-1: config 0 has no interface number 0
[  928.811107][ T9401] usb 8-1: config 0 interface 107 altsetting 0 endpoint 0x88 has an invalid bInterval 0, changing to 10
[  928.892468][ T9401] usb 8-1: config 0 interface 107 altsetting 0 endpoint 0x88 has invalid wMaxPacketSize 0
[  928.991170][ T9401] usb 8-1: New USB device found, idVendor=06cd, idProduct=0131, bcdDevice=16.60
[  929.039590][ T9401] usb 8-1: New USB device strings: Mfr=175, Product=2, SerialNumber=3
[  929.086905][T14617] FAULT_INJECTION: forcing a failure.
[  929.086905][T14617] name failslab, interval 1, probability 0, space 0, times 0
[  929.105075][ T9401] usb 8-1: Product: syz
[  929.115016][ T9401] usb 8-1: Manufacturer: syz
[  929.121024][T14617] CPU: 0 UID: 0 PID: 14617 Comm: syz.2.1950 Not tainted 6.16.0-rc5-syzkaller-00053-g8c2e52ebbe88 #0 PREEMPT(full) 
[  929.121051][T14617] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025
[  929.121063][T14617] Call Trace:
[  929.121072][T14617]  <TASK>
[  929.121082][T14617]  dump_stack_lvl+0x189/0x250
[  929.121109][T14617]  ? __pfx____ratelimit+0x10/0x10
[  929.121143][T14617]  ? __pfx_dump_stack_lvl+0x10/0x10
[  929.121167][T14617]  ? __pfx__printk+0x10/0x10
[  929.121201][T14617]  ? __pfx___might_resched+0x10/0x10
[  929.121231][T14617]  should_fail_ex+0x414/0x560
[  929.121268][T14617]  should_failslab+0xa8/0x100
[  929.121302][T14617]  kmem_cache_alloc_node_noprof+0x76/0x3c0
[  929.121334][T14617]  ? __alloc_skb+0x112/0x2d0
[  929.121363][T14617]  __alloc_skb+0x112/0x2d0
[  929.121392][T14617]  netlink_sendmsg+0x5c6/0xb30
[  929.121440][T14617]  ? __pfx_netlink_sendmsg+0x10/0x10
[  929.121476][T14617]  ? bpf_lsm_socket_sendmsg+0x9/0x20
[  929.121507][T14617]  ? __pfx_netlink_sendmsg+0x10/0x10
[  929.121533][T14617]  __sock_sendmsg+0x219/0x270
[  929.121569][T14617]  ____sys_sendmsg+0x505/0x830
[  929.121603][T14617]  ? __pfx_____sys_sendmsg+0x10/0x10
[  929.121641][T14617]  ? import_iovec+0x74/0xa0
[  929.121669][T14617]  ___sys_sendmsg+0x21f/0x2a0
[  929.121700][T14617]  ? __pfx____sys_sendmsg+0x10/0x10
[  929.121768][T14617]  ? __fget_files+0x2a/0x420
[  929.121788][T14617]  ? __fget_files+0x3a0/0x420
[  929.121819][T14617]  __x64_sys_sendmsg+0x19b/0x260
[  929.121850][T14617]  ? __pfx___x64_sys_sendmsg+0x10/0x10
[  929.121889][T14617]  ? __pfx_ksys_write+0x10/0x10
[  929.121916][T14617]  ? rcu_is_watching+0x15/0xb0
[  929.121945][T14617]  ? do_syscall_64+0xbe/0x3b0
[  929.121970][T14617]  do_syscall_64+0xfa/0x3b0
[  929.121988][T14617]  ? lockdep_hardirqs_on+0x9c/0x150
[  929.122019][T14617]  ? entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  929.122040][T14617]  ? clear_bhb_loop+0x60/0xb0
[  929.122066][T14617]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  929.122087][T14617] RIP: 0033:0x7f44f318e929
[  929.122106][T14617] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[  929.122125][T14617] RSP: 002b:00007f44f3f73038 EFLAGS: 00000246 ORIG_RAX: 000000000000002e
[  929.122147][T14617] RAX: ffffffffffffffda RBX: 00007f44f33b5fa0 RCX: 00007f44f318e929
[  929.122163][T14617] RDX: 0000000004000050 RSI: 0000200000000000 RDI: 0000000000000004
[  929.122177][T14617] RBP: 00007f44f3f73090 R08: 0000000000000000 R09: 0000000000000000
[  929.122190][T14617] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[  929.122202][T14617] R13: 0000000000000000 R14: 00007f44f33b5fa0 R15: 00007ffc1dfa2178
[  929.122235][T14617]  </TASK>
[  929.141128][ T9401] usb 8-1: SerialNumber: syz
[  929.241080][ T5156] Bluetooth: hci0: command tx timeout
[  929.569100][ T9401] usb 8-1: config 0 descriptor??
[  929.588173][ T9401] keyspan 8-1:0.107: Keyspan 4 port adapter converter detected
[  929.613007][ T9401] keyspan 8-1:0.107: found no endpoint descriptor for endpoint 81
[  929.633892][ T9401] keyspan 8-1:0.107: found no endpoint descriptor for endpoint 1
[  929.691549][T14600] JFS: discard option not supported on device
[  929.728010][T14600] Mount JFS Failure: -22
[  929.737150][ T9401] usb 8-1: Keyspan 4 port adapter converter now attached to ttyUSB0
[  929.771163][T14600] jfs_mount failed w/return code = -22
[  929.997590][ T9401] keyspan 8-1:0.107: found no endpoint descriptor for endpoint 2
[  930.038216][ T9401] usb 8-1: Keyspan 4 port adapter converter now attached to ttyUSB1
[  930.531994][ T9401] keyspan 8-1:0.107: found no endpoint descriptor for endpoint 4
[  930.721361][ T9401] usb 8-1: Keyspan 4 port adapter converter now attached to ttyUSB2
[  930.739471][T14578] chnl_net:caif_netlink_parms(): no params data found
[  930.763465][ T9401] keyspan 8-1:0.107: found no endpoint descriptor for endpoint 6
[  930.785031][ T9401] usb 8-1: Keyspan 4 port adapter converter now attached to ttyUSB3
[  931.296290][ T5156] Bluetooth: hci0: command tx timeout
[  931.416718][T14578] bridge0: port 1(bridge_slave_0) entered blocking state
[  931.436135][T14578] bridge0: port 1(bridge_slave_0) entered disabled state
[  931.445916][T14578] bridge_slave_0: entered allmulticast mode
[  931.574338][T14578] bridge_slave_0: entered promiscuous mode
[  931.575892][ T9401] usb 7-1: new high-speed USB device number 14 using dummy_hcd
[  931.585515][T14578] bridge0: port 2(bridge_slave_1) entered blocking state
[  931.671266][ T1300] ieee802154 phy0 wpan0: encryption failed: -22
[  931.698459][ T1300] ieee802154 phy1 wpan1: encryption failed: -22
[  931.709368][T14578] bridge0: port 2(bridge_slave_1) entered disabled state
[  932.097670][T14578] bridge_slave_1: entered allmulticast mode
[  932.128960][T14578] bridge_slave_1: entered promiscuous mode
[  932.475855][ T9401] usb 7-1: Using ep0 maxpacket: 8
[  933.187186][ T9401] usb 7-1: New USB device found, idVendor=1660, idProduct=0932, bcdDevice=80.ea
[  933.196419][ T9401] usb 7-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  933.204887][ T9401] usb 7-1: Product: syz
[  933.209243][ T9401] usb 7-1: Manufacturer: syz
[  933.213880][ T9401] usb 7-1: SerialNumber: syz
[  933.277025][   T24] usb 8-1: USB disconnect, device number 2
[  933.290562][   T24] keyspan_4 ttyUSB0: Keyspan 4 port adapter converter now disconnected from ttyUSB0
[  933.301266][ T9401] usb 7-1: config 0 descriptor??
[  933.321529][ T9401] dvb-usb: found a 'Medion MD95700 (MDUSBTV-HYBRID)' in warm state.
[  933.351992][ T9401] usb 7-1: setting power ON
[  933.361172][ T9401] dvb-usb: bulk message failed: -22 (2/0)
[  933.380531][ T5156] Bluetooth: hci0: command tx timeout
[  933.388864][   T24] keyspan_4 ttyUSB1: Keyspan 4 port adapter converter now disconnected from ttyUSB1
[  933.417105][ T9401] dvb-usb: will pass the complete MPEG2 transport stream to the software demuxer.
[  933.613007][ T9401] dvbdev: DVB: registering new adapter (Medion MD95700 (MDUSBTV-HYBRID))
[  933.621981][ T9401] usb 7-1: media controller created
[  933.647532][ T9401] dvbdev: dvb_create_media_entity: media entity 'dvb-demux' registered.
[  933.657608][   T24] keyspan_4 ttyUSB2: Keyspan 4 port adapter converter now disconnected from ttyUSB2
[  933.666302][T14642] dvb-usb: bulk message failed: -22 (3/0)
[  933.746078][   T24] keyspan_4 ttyUSB3: Keyspan 4 port adapter converter now disconnected from ttyUSB3
[  934.464305][ T9401] usb 7-1: selecting invalid altsetting 6
[  934.470678][   T24] keyspan 8-1:0.107: device disconnected
[  934.477359][ T9401] usb 7-1: digital interface selection failed (-22)
[  934.494982][ T9401] dvb-usb: no frontend was attached by 'Medion MD95700 (MDUSBTV-HYBRID)'
[  934.507529][ T9401] usb 7-1: setting power OFF
[  934.532057][ T9401] dvb-usb: bulk message failed: -22 (2/0)
[  934.538068][ T9401] dvb-usb: Medion MD95700 (MDUSBTV-HYBRID) successfully initialized and connected.
[  934.548974][ T9401] (NULL device *): no alternate interface
[  934.555447][T14578] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link
[  936.045910][   T24] usb 1-1: new high-speed USB device number 89 using dummy_hcd
[  936.091851][T14668] team0 (unregistering): Port device team_slave_0 removed
[  936.129082][T14668] team0 (unregistering): Port device team_slave_1 removed
[  936.220067][T14578] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link
[  936.236322][   T24] usb 1-1: Using ep0 maxpacket: 16
[  936.243843][   T24] usb 1-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7
[  936.261611][   T24] usb 1-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0
[  936.285743][   T24] usb 1-1: config 0 interface 0 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 3
[  936.330630][   T24] usb 1-1: New USB device found, idVendor=0955, idProduct=7214, bcdDevice=ed.00
[  936.365777][   T24] usb 1-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  936.501348][T14578] team0: Port device team_slave_0 added
[  936.532597][ T9401] dvb-usb: Medion MD95700 (MDUSBTV-HYBRID) successfully deinitialized and disconnected.
[  936.545309][   T24] usb 1-1: config 0 descriptor??
[  936.583308][ T9401] usb 7-1: USB disconnect, device number 14
[  936.627683][T14578] team0: Port device team_slave_1 added
[  937.520870][   T24] shield 0003:0955:7214.000E: unknown main item tag 0x0
[  937.542490][T14701] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy
[  937.674589][   T24] shield 0003:0955:7214.000E: unknown main item tag 0x0
[  937.682582][T14701] misc raw-gadget: fail, usb_gadget_register_driver returned -16
[  937.686435][   T24] shield 0003:0955:7214.000E: unknown main item tag 0x0
[  937.712151][T14578] batman_adv: batadv0: Adding interface: batadv_slave_0
[  937.753227][   T24] shield 0003:0955:7214.000E: unknown main item tag 0x0
[  937.761537][T14578] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[  937.805807][   T24] shield 0003:0955:7214.000E: unknown main item tag 0x0
[  937.866022][   T24] input: HID 0955:7214 Haptics as /devices/virtual/input/input18
[  937.916441][T14578] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active
[  938.006133][T14578] batman_adv: batadv0: Adding interface: batadv_slave_1
[  938.013162][T14578] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[  938.053127][   T24] shield 0003:0955:7214.000E: Registered Thunderstrike controller
[  938.066931][   T24] shield 0003:0955:7214.000E: : USB HID v0.00 Device [HID 0955:7214] on usb-dummy_hcd.0-1/input0
[  938.081381][T14578] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active
[  938.123117][T14708] netlink: 'syz.0.1958': attribute type 2 has an invalid length.
[  938.225918][T14708] netlink: 244 bytes leftover after parsing attributes in process `syz.0.1958'.
[  938.255858][ T5906] usb 7-1: new full-speed USB device number 15 using dummy_hcd
[  938.427921][ T5906] usb 7-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config
[  939.096026][ T5906] usb 7-1: config 0 interface 0 altsetting 0 endpoint 0x82 has an invalid bInterval 0, changing to 10
[  939.120357][  T978] usb 1-1: USB disconnect, device number 89
[  939.135981][T13411] shield 0003:0955:7214.000E: Failed to output Thunderstrike HOSTCMD request HID report due to -EPROTO
[  939.146029][ T5906] usb 7-1: config 0 interface 0 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 5
[  939.254786][T13411] shield 0003:0955:7214.000E: Failed to output Thunderstrike HOSTCMD request HID report due to -ENODEV
[  939.278598][ T5906] usb 7-1: New USB device found, idVendor=2040, idProduct=b138, bcdDevice= 1.42
[  939.326124][ T5906] usb 7-1: New USB device strings: Mfr=4, Product=0, SerialNumber=0
[  939.338009][ T5906] usb 7-1: Manufacturer: syz
[  939.347416][ T5906] usb 7-1: config 0 descriptor??
[  939.450693][T14578] hsr_slave_0: entered promiscuous mode
[  939.484957][T14578] hsr_slave_1: entered promiscuous mode
[  939.493602][T14578] debugfs: Directory 'hsr0' with parent 'hsr' already present!
[  939.506721][T14578] Cannot create hsr debugfs directory
[  940.469572][  T978] usb 1-1: new high-speed USB device number 90 using dummy_hcd
[  940.770031][  T978] usb 1-1: Using ep0 maxpacket: 16
[  940.854154][  T978] usb 1-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7
[  940.885716][  T978] usb 1-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0
[  940.918105][  T978] usb 1-1: config 0 interface 0 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 3
[  940.963868][  T978] usb 1-1: New USB device found, idVendor=0955, idProduct=7214, bcdDevice=ed.00
[  940.974126][  T978] usb 1-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  940.995373][  T978] usb 1-1: config 0 descriptor??
[  941.433086][  T978] shield 0003:0955:7214.000F: unknown main item tag 0x0
[  941.461387][T14748] netlink: 12 bytes leftover after parsing attributes in process `syz.7.1968'.
[  941.479009][T14748] netlink: 8 bytes leftover after parsing attributes in process `syz.7.1968'.
[  941.513891][  T978] shield 0003:0955:7214.000F: unknown main item tag 0x0
[  941.544525][  T978] shield 0003:0955:7214.000F: unknown main item tag 0x0
[  941.578096][  T978] shield 0003:0955:7214.000F: unknown main item tag 0x0
[  941.590611][T13411] usb 7-1: USB disconnect, device number 15
[  941.599153][  T978] shield 0003:0955:7214.000F: unknown main item tag 0x0
[  942.218410][T14751] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy
[  942.223468][  T978] input: HID 0955:7214 Haptics as /devices/virtual/input/input19
[  942.266354][T14751] misc raw-gadget: fail, usb_gadget_register_driver returned -16
[  942.383316][  T978] shield 0003:0955:7214.000F: Registered Thunderstrike controller
[  942.448733][  T978] shield 0003:0955:7214.000F: : USB HID v0.00 Device [HID 0955:7214] on usb-dummy_hcd.0-1/input0
[  942.644754][T14756] netlink: 'syz.0.1964': attribute type 2 has an invalid length.
[  942.679922][T14756] netlink: 244 bytes leftover after parsing attributes in process `syz.0.1964'.
[  942.744356][T14578] netdevsim netdevsim5 netdevsim0: renamed from eth0
[  942.784137][T14578] netdevsim netdevsim5 netdevsim1: renamed from eth1
[  942.830715][ T5906] shield 0003:0955:7214.000F: Failed to output Thunderstrike HOSTCMD request HID report due to -EPROTO
[  942.831176][T13411] usb 1-1: USB disconnect, device number 90
[  942.859644][T14578] netdevsim netdevsim5 netdevsim2: renamed from eth2
[  942.903059][ T5906] shield 0003:0955:7214.000F: Failed to output Thunderstrike HOSTCMD request HID report due to -ENODEV
[  942.933056][T14578] netdevsim netdevsim5 netdevsim3: renamed from eth3
[  943.115941][   T24] usb 8-1: new high-speed USB device number 3 using dummy_hcd
[  943.276210][   T24] usb 8-1: Using ep0 maxpacket: 8
[  943.312812][   T24] usb 8-1: New USB device found, idVendor=1660, idProduct=0932, bcdDevice=80.ea
[  943.330997][   T24] usb 8-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  943.364395][   T24] usb 8-1: Product: syz
[  943.378932][   T24] usb 8-1: Manufacturer: syz
[  943.383621][   T24] usb 8-1: SerialNumber: syz
[  943.432871][T14578] 8021q: adding VLAN 0 to HW filter on device bond0
[  943.447444][   T24] usb 8-1: config 0 descriptor??
[  943.488243][   T24] dvb-usb: found a 'Medion MD95700 (MDUSBTV-HYBRID)' in warm state.
[  943.524447][   T24] usb 8-1: setting power ON
[  943.532331][T14578] 8021q: adding VLAN 0 to HW filter on device team0
[  943.544225][   T24] dvb-usb: bulk message failed: -22 (2/0)
[  943.574986][   T24] dvb-usb: will pass the complete MPEG2 transport stream to the software demuxer.
[  943.599366][ T6191] bridge0: port 1(bridge_slave_0) entered blocking state
[  943.604095][T14775] netlink: 24 bytes leftover after parsing attributes in process `syz.2.1971'.
[  943.606585][ T6191] bridge0: port 1(bridge_slave_0) entered forwarding state
[  943.608639][   T24] dvbdev: DVB: registering new adapter (Medion MD95700 (MDUSBTV-HYBRID))
[  943.635073][ T6191] bridge0: port 2(bridge_slave_1) entered blocking state
[  943.642351][ T6191] bridge0: port 2(bridge_slave_1) entered forwarding state
[  943.661976][T14762] dvb-usb: bulk message failed: -22 (4/0)
[  943.672855][T14762] cxusb: i2c read failed
[  943.722485][   T24] usb 8-1: media controller created
[  943.803558][   T24] dvbdev: dvb_create_media_entity: media entity 'dvb-demux' registered.
[  943.878868][   T24] usb 8-1: selecting invalid altsetting 6
[  943.884693][   T24] usb 8-1: digital interface selection failed (-22)
[  943.896548][   T24] dvb-usb: no frontend was attached by 'Medion MD95700 (MDUSBTV-HYBRID)'
[  943.933018][   T24] usb 8-1: setting power OFF
[  943.942406][   T24] dvb-usb: bulk message failed: -22 (2/0)
[  943.944390][T14783] delete_channel: no stack
[  943.979658][   T24] dvb-usb: Medion MD95700 (MDUSBTV-HYBRID) successfully initialized and connected.
[  943.994704][   T24] (NULL device *): no alternate interface
[  944.072451][ T3577] wlan1: No active IBSS STAs - trying to scan for other IBSS networks with same SSID (merge)
[  944.956346][T14782] delete_channel: no stack
[  945.071166][T14787] delete_channel: no stack
[  945.660023][T14762] team0 (unregistering): Port device team_slave_0 removed
[  946.018065][T14762] team0 (unregistering): Port device team_slave_1 removed
[  946.141905][T14786] delete_channel: no stack
[  946.310999][   T24] dvb-usb: Medion MD95700 (MDUSBTV-HYBRID) successfully deinitialized and disconnected.
[  946.387689][   T24] usb 8-1: USB disconnect, device number 3
[  946.547271][ T5906] usb 1-1: new high-speed USB device number 91 using dummy_hcd
[  946.885750][ T5906] usb 1-1: Using ep0 maxpacket: 16
[  946.898537][ T5906] usb 1-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7
[  947.674000][ T5906] usb 1-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0
[  947.705973][ T5906] usb 1-1: config 0 interface 0 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 3
[  948.296972][  T978] usb 8-1: new high-speed USB device number 4 using dummy_hcd
[  948.585846][ T5906] usb 1-1: New USB device found, idVendor=0955, idProduct=7214, bcdDevice=ed.00
[  948.595060][ T5906] usb 1-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  948.755859][  T978] usb 8-1: Using ep0 maxpacket: 32
[  948.831774][ T5906] usb 1-1: config 0 descriptor??
[  948.861454][  T978] usb 8-1: config 1 has an invalid descriptor of length 0, skipping remainder of the config
[  948.894582][  T978] usb 8-1: config 1 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7
[  948.936735][  T978] usb 8-1: config 1 interface 0 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 22
[  948.992773][  T978] usb 8-1: New USB device found, idVendor=0525, idProduct=a4a1, bcdDevice= 0.40
[  949.011182][T14814] netlink: 12 bytes leftover after parsing attributes in process `syz.2.1978'.
[  949.025701][  T978] usb 8-1: New USB device strings: Mfr=0, Product=0, SerialNumber=1
[  949.055618][  T978] usb 8-1: SerialNumber: syz
[  949.076182][  T978] cdc_acm 8-1:1.0: Control and data interfaces are not separated!
[  949.094101][  T978] cdc_acm 8-1:1.0: This needs exactly 3 endpoints
[  949.190430][T14815] 9pnet_fd: Insufficient options for proto=fd
[  949.294838][  T978] cdc_acm 8-1:1.0: probe with driver cdc_acm failed with error -22
[  949.320917][ T5906] shield 0003:0955:7214.0010: unknown main item tag 0x0
[  949.670326][ T5906] shield 0003:0955:7214.0010: unknown main item tag 0x0
[  949.723272][ T5906] shield 0003:0955:7214.0010: unknown main item tag 0x0
[  949.758577][ T5906] shield 0003:0955:7214.0010: unknown main item tag 0x0
[  949.790438][ T5906] shield 0003:0955:7214.0010: unknown main item tag 0x0
[  949.838320][ T5906] input: HID 0955:7214 Haptics as /devices/virtual/input/input20
[  949.895501][T14578] 8021q: adding VLAN 0 to HW filter on device batadv0
[  949.910083][T14818] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy
[  949.981490][T14818] misc raw-gadget: fail, usb_gadget_register_driver returned -16
[  950.022235][ T5906] shield 0003:0955:7214.0010: Registered Thunderstrike controller
[  950.127076][ T5906] shield 0003:0955:7214.0010: : USB HID v0.00 Device [HID 0955:7214] on usb-dummy_hcd.0-1/input0
[  950.423683][ T9813] usb 8-1: USB disconnect, device number 4
[  950.540753][T14827] netlink: 'syz.0.1975': attribute type 2 has an invalid length.
[  950.740472][T14827] netlink: 244 bytes leftover after parsing attributes in process `syz.0.1975'.
[  951.095966][T14832] usb usb8: usbfs: process 14832 (syz.2.1980) did not claim interface 0 before use
[  951.684874][T13411] usb 1-1: USB disconnect, device number 91
[  951.689913][T13360] shield 0003:0955:7214.0010: Failed to output Thunderstrike HOSTCMD request HID report due to -EPROTO
[  951.823312][T13360] shield 0003:0955:7214.0010: Failed to output Thunderstrike HOSTCMD request HID report due to -ENODEV
[  955.138743][T14578] veth0_vlan: entered promiscuous mode
[  955.171139][T14578] veth1_vlan: entered promiscuous mode
[  956.384101][T14578] veth0_macvtap: entered promiscuous mode
[  956.435898][T13360] usb 3-1: new high-speed USB device number 70 using dummy_hcd
[  956.489156][T14578] veth1_macvtap: entered promiscuous mode
[  956.618860][T14578] batman_adv: batadv0: Interface activated: batadv_slave_0
[  956.665766][T13360] usb 3-1: Using ep0 maxpacket: 8
[  956.718377][T14874] netlink: 12 bytes leftover after parsing attributes in process `syz.6.1989'.
[  956.748876][T13360] usb 3-1: New USB device found, idVendor=1660, idProduct=0932, bcdDevice=80.ea
[  956.762433][T14578] batman_adv: batadv0: Interface activated: batadv_slave_1
[  956.772819][T13360] usb 3-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  956.797020][T13360] usb 3-1: Product: syz
[  956.801263][T13360] usb 3-1: Manufacturer: syz
[  956.820718][T14874] netlink: 8 bytes leftover after parsing attributes in process `syz.6.1989'.
[  956.833606][T14578] netdevsim netdevsim5 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0
[  956.853424][T13360] usb 3-1: SerialNumber: syz
[  956.875843][T14578] netdevsim netdevsim5 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0
[  956.891835][T13360] usb 3-1: config 0 descriptor??
[  956.912356][T14578] netdevsim netdevsim5 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0
[  956.921431][T14578] netdevsim netdevsim5 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0
[  956.955383][T13360] dvb-usb: found a 'Medion MD95700 (MDUSBTV-HYBRID)' in warm state.
[  957.002251][T13360] usb 3-1: setting power ON
[  957.298870][T13360] dvb-usb: bulk message failed: -22 (2/0)
[  957.616968][T13360] dvb-usb: will pass the complete MPEG2 transport stream to the software demuxer.
[  957.659214][T13360] dvbdev: DVB: registering new adapter (Medion MD95700 (MDUSBTV-HYBRID))
[  957.762049][T13360] usb 3-1: media controller created
[  957.815146][   T64] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[  957.830749][   T64] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50
[  957.918119][T13360] dvbdev: dvb_create_media_entity: media entity 'dvb-demux' registered.
[  957.924127][   T64] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[  958.000458][   T64] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50
[  958.005899][   T24] usb 1-1: new high-speed USB device number 92 using dummy_hcd
[  958.034036][T13360] usb 3-1: selecting invalid altsetting 6
[  958.050457][T13360] usb 3-1: digital interface selection failed (-22)
[  958.068759][T13360] dvb-usb: no frontend was attached by 'Medion MD95700 (MDUSBTV-HYBRID)'
[  958.111229][T13360] usb 3-1: setting power OFF
[  958.143309][T13360] dvb-usb: bulk message failed: -22 (2/0)
[  958.164527][T13360] dvb-usb: Medion MD95700 (MDUSBTV-HYBRID) successfully initialized and connected.
[  958.194784][T13360] (NULL device *): no alternate interface
[  958.215765][   T24] usb 1-1: Using ep0 maxpacket: 16
[  958.254404][   T24] usb 1-1: config 0 interface 0 altsetting 0 has an endpoint descriptor with address 0xF3, changing to 0x83
[  958.298760][   T24] usb 1-1: config 0 interface 0 altsetting 0 endpoint 0x83 has an invalid bInterval 0, changing to 7
[  958.324947][   T24] usb 1-1: New USB device found, idVendor=2040, idProduct=0264, bcdDevice=4e.d1
[  958.345017][T13360] dvb-usb: Medion MD95700 (MDUSBTV-HYBRID) successfully deinitialized and disconnected.
[  958.373346][   T24] usb 1-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  958.401120][ T5951] usb 8-1: new high-speed USB device number 5 using dummy_hcd
[  958.432563][   T24] usb 1-1: Product: syz
[  958.495068][   T24] usb 1-1: Manufacturer: syz
[  958.570129][   T24] usb 1-1: SerialNumber: syz
[  958.636570][ T5951] usb 8-1: Using ep0 maxpacket: 16
[  958.726179][ T5951] usb 8-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7
[  958.792078][   T24] usb 1-1: config 0 descriptor??
[  958.916588][ T5951] usb 8-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0
[  959.035463][   T24] em28xx 1-1:0.0: New device syz syz @ 480 Mbps (2040:0264, interface 0, class 0)
[  959.045020][ T5951] usb 8-1: config 0 interface 0 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 3
[  959.068798][   T24] em28xx 1-1:0.0: Audio interface 0 found (Vendor Class)
[  959.088910][ T5951] usb 8-1: New USB device found, idVendor=0955, idProduct=7214, bcdDevice=ed.00
[  959.119242][ T5951] usb 8-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  959.135181][T13411] usb 3-1: USB disconnect, device number 70
[  959.169444][ T5951] usb 8-1: config 0 descriptor??
[  959.339688][   T12] netdevsim netdevsim5 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  959.520583][   T12] netdevsim netdevsim5 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  959.594949][   T24] em28xx 1-1:0.0: unknown em28xx chip ID (0)
[  959.611522][   T24] em28xx 1-1:0.0: Config register raw data: 0xfffffffb
[  959.623483][   T12] netdevsim netdevsim5 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  959.625155][ T5951] shield 0003:0955:7214.0011: unknown main item tag 0x0
[  959.652048][ T5951] shield 0003:0955:7214.0011: unknown main item tag 0x0
[  959.659331][ T5951] shield 0003:0955:7214.0011: unknown main item tag 0x0
[  959.666823][ T5951] shield 0003:0955:7214.0011: unknown main item tag 0x0
[  959.673919][ T5951] shield 0003:0955:7214.0011: unknown main item tag 0x0
[  959.692723][ T5951] input: HID 0955:7214 Haptics as /devices/virtual/input/input21
[  959.773542][ T5951] shield 0003:0955:7214.0011: Registered Thunderstrike controller
[  959.779409][   T12] netdevsim netdevsim5 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  959.803516][ T5951] shield 0003:0955:7214.0011: : USB HID v0.00 Device [HID 0955:7214] on usb-dummy_hcd.7-1/input0
[  960.051072][   T12] bridge_slave_1: left allmulticast mode
[  960.060777][   T12] bridge_slave_1: left promiscuous mode
[  960.067660][   T12] bridge0: port 2(bridge_slave_1) entered disabled state
[  960.087420][T14892] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy
[  960.100710][   T12] bridge_slave_0: left allmulticast mode
[  960.106684][T14892] misc raw-gadget: fail, usb_gadget_register_driver returned -16
[  960.109515][   T12] bridge_slave_0: left promiscuous mode
[  960.121315][   T12] bridge0: port 1(bridge_slave_0) entered disabled state
[  960.264646][   T24] em28xx 1-1:0.0: Unknown AC97 audio processor detected!
[  960.339430][T14892] netlink: 'syz.7.1994': attribute type 2 has an invalid length.
[  960.354863][T14892] netlink: 244 bytes leftover after parsing attributes in process `syz.7.1994'.
[  960.375097][ T5915] usb 8-1: USB disconnect, device number 5
[  960.387151][   T44] shield 0003:0955:7214.0011: Failed to output Thunderstrike HOSTCMD request HID report due to -EPROTO
[  960.422771][   T44] shield 0003:0955:7214.0011: Failed to output Thunderstrike HOSTCMD request HID report due to -ENODEV
[  960.517010][   T24] em28xx 1-1:0.0: couldn't setup AC97 register 2
[  960.530226][   T24] em28xx 1-1:0.0: couldn't setup AC97 register 4
[  960.545253][   T24] em28xx 1-1:0.0: couldn't setup AC97 register 6
[  960.568450][   T24] em28xx 1-1:0.0: couldn't setup AC97 register 54
[  960.575442][   T24] em28xx 1-1:0.0: couldn't setup AC97 register 56
[  960.608450][   T24] usb 1-1: USB disconnect, device number 92
[  961.182660][T14938] netlink: 20 bytes leftover after parsing attributes in process `syz.0.1999'.
[  962.117844][   T12] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface
[  962.145833][  T978] usb 3-1: new high-speed USB device number 71 using dummy_hcd
[  962.165449][   T12] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface
[  962.213141][   T12] bond0 (unregistering): Released all slaves
[  962.339189][  T978] usb 3-1: config 0 interface 0 altsetting 0 endpoint 0x82 has invalid wMaxPacketSize 0
[  962.403346][  T978] usb 3-1: New USB device found, idVendor=0cf3, idProduct=9374, bcdDevice=bc.3b
[  962.484575][  T978] usb 3-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  962.504935][T13642] Bluetooth: hci0: unexpected cc 0x0c03 length: 249 > 1
[  962.533167][  T978] usb 3-1: config 0 descriptor??
[  962.554809][T13642] Bluetooth: hci0: unexpected cc 0x1003 length: 249 > 9
[  962.563694][T13642] Bluetooth: hci0: unexpected cc 0x1001 length: 249 > 9
[  962.575268][T13642] Bluetooth: hci0: unexpected cc 0x0c23 length: 249 > 4
[  962.590275][T13642] Bluetooth: hci0: unexpected cc 0x0c38 length: 249 > 2
[  963.369812][T14932] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy
[  963.428602][T14932] misc raw-gadget: fail, usb_gadget_register_driver returned -16
[  963.619298][T14960] ptrace attach of "./syz-executor exec"[5849] was attempted by "./syz-executor exec"[14960]
[  964.032317][  T978] ath6kl: Failed to read usb control message: -71
[  964.040279][  T978] ath6kl: Unable to read the bmi data from the device: -71
[  964.065458][  T978] ath6kl: Unable to recv target info: -71
[  964.101455][  T978] ath6kl: Failed to init ath6kl core: -71
[  964.122356][  T978] ath6kl_usb 3-1:0.0: probe with driver ath6kl_usb failed with error -71
[  964.191890][  T978] usb 3-1: USB disconnect, device number 71
[  964.286939][T14970] ptrace attach of "./syz-executor exec"[12205] was attempted by "./syz-executor exec"[14970]
[  964.657755][ T5156] Bluetooth: hci0: command tx timeout
[  965.161631][   T12] hsr_slave_0: left promiscuous mode
[  965.181244][   T12] hsr_slave_1: left promiscuous mode
[  965.190893][   T12] batman_adv: batadv0: Interface deactivated: batadv_slave_0
[  965.609601][T14986] overlayfs: failed to resolve './file0': -2
[  965.713752][   T12] batman_adv: batadv0: Removing interface: batadv_slave_0
[  966.156254][   T12] batman_adv: batadv0: Interface deactivated: batadv_slave_1
[  966.173188][   T12] batman_adv: batadv0: Removing interface: batadv_slave_1
[  966.180799][   T24] usb 1-1: new high-speed USB device number 93 using dummy_hcd
[  966.217335][   T12] veth1_macvtap: left promiscuous mode
[  966.223368][   T12] veth0_macvtap: left promiscuous mode
[  966.231887][   T12] veth1_vlan: left promiscuous mode
[  966.234250][T14989] delete_channel: no stack
[  966.242505][   T12] veth0_vlan: left promiscuous mode
[  967.022665][T14988] delete_channel: no stack
[  967.084478][ T5156] Bluetooth: hci0: command tx timeout
[  967.090963][   T24] usb 1-1: Using ep0 maxpacket: 8
[  967.202776][   T24] usb 1-1: New USB device found, idVendor=1660, idProduct=0932, bcdDevice=80.ea
[  967.524178][   T24] usb 1-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  967.595022][   T24] usb 1-1: Product: syz
[  967.606385][   T24] usb 1-1: Manufacturer: syz
[  967.620437][   T24] usb 1-1: SerialNumber: syz
[  967.658577][   T24] usb 1-1: config 0 descriptor??
[  967.707571][   T24] usb 1-1: can't set config #0, error -71
[  967.749304][   T24] usb 1-1: USB disconnect, device number 93
[  968.601268][   T12] team0 (unregistering): Port device team_slave_1 removed
[  968.787718][   T12] team0 (unregistering): Port device team_slave_0 removed
[  969.135973][ T5156] Bluetooth: hci0: command tx timeout
[  969.204888][T15008] delete_channel: no stack
[  970.201456][T15007] delete_channel: no stack
[  971.245399][ T5156] Bluetooth: hci0: command tx timeout
[  972.081639][T15025] netlink: 24 bytes leftover after parsing attributes in process `syz.6.2018'.
[  972.256590][T15030] configfs: Unknown parameter 'acl'
[  972.695925][   T24] usb 3-1: new high-speed USB device number 72 using dummy_hcd
[  972.942258][   T24] usb 3-1: config 1 has an invalid descriptor of length 0, skipping remainder of the config
[  973.260842][   T24] usb 3-1: config 1 interface 0 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 0
[  973.401960][   T24] usb 3-1: New USB device found, idVendor=0525, idProduct=a4a1, bcdDevice= 0.40
[  973.433681][   T24] usb 3-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  973.477110][T15040] delete_channel: no stack
[  973.512399][   T24] usb 3-1: Product: syz
[  974.191539][T14948] chnl_net:caif_netlink_parms(): no params data found
[  974.427420][T15039] delete_channel: no stack
[  974.457455][   T24] usb 3-1: Manufacturer: syz
[  974.462220][   T24] usb 3-1: SerialNumber: syz
[  974.486185][   T24] cdc_ether 3-1:1.0: skipping garbage
[  974.491840][   T24] usb 3-1: bad CDC descriptors
[  975.385974][   T12] wlan1: No active IBSS STAs - trying to scan for other IBSS networks with same SSID (merge)
[  975.446724][ T5906] usb 1-1: new high-speed USB device number 94 using dummy_hcd
[  975.593992][T14948] bridge0: port 1(bridge_slave_0) entered blocking state
[  975.627909][T14948] bridge0: port 1(bridge_slave_0) entered disabled state
[  975.655610][T14948] bridge_slave_0: entered allmulticast mode
[  975.669255][ T5906] usb 1-1: config 0 interface 0 altsetting 0 endpoint 0x9 has invalid wMaxPacketSize 0
[  975.700355][T14948] bridge_slave_0: entered promiscuous mode
[  975.725725][ T5906] usb 1-1: config 0 interface 0 altsetting 0 endpoint 0xA has invalid wMaxPacketSize 0
[  975.747505][T14948] bridge0: port 2(bridge_slave_1) entered blocking state
[  975.754723][T14948] bridge0: port 2(bridge_slave_1) entered disabled state
[  975.845164][ T5951] usb 3-1: USB disconnect, device number 72
[  975.879959][ T5906] usb 1-1: New USB device found, idVendor=045e, idProduct=0283, bcdDevice=99.0b
[  975.912605][T14948] bridge_slave_1: entered allmulticast mode
[  975.919850][ T5906] usb 1-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  975.929618][ T5906] usb 1-1: Product: syz
[  975.933847][ T5906] usb 1-1: Manufacturer: syz
[  975.939925][T14948] bridge_slave_1: entered promiscuous mode
[  975.948880][ T5906] usb 1-1: SerialNumber: syz
[  976.047555][ T5906] usb 1-1: config 0 descriptor??
[  976.164622][ T5906] usb 1-1: 0:0 : invalid sync pipe. bmAttributes 00, bLength 9, bSynchAddress aa
[  976.177640][T15074] delete_channel: no stack
[  980.073567][T15074] delete_channel: no stack
[  980.834625][T14948] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link
[  980.878661][T14948] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link
[  980.938296][ T5906] usb 1-1: USB disconnect, device number 94
[  981.205766][   T30] audit: type=1326 audit(1752168660.534:198): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=15081 comm="syz.6.2033" exe="/root/syz-executor" sig=31 arch=c000003e syscall=202 compat=0 ip=0x7f3dd1d8e929 code=0x0
[  981.943191][ T6043] udevd[6043]: error opening ATTR{/sys/devices/platform/dummy_hcd.0/usb1/1-1/1-1:0.0/sound/card3/controlC3/../uevent} for writing: No such file or directory
[  982.620938][T14948] team0: Port device team_slave_0 added
[  982.637201][T14948] team0: Port device team_slave_1 added
[  982.715792][ T5906] usb 1-1: new high-speed USB device number 95 using dummy_hcd
[  983.605722][ T5906] usb 1-1: Using ep0 maxpacket: 8
[  983.641924][ T5906] usb 1-1: New USB device found, idVendor=1660, idProduct=0932, bcdDevice=80.ea
[  983.660409][T14948] batman_adv: batadv0: Adding interface: batadv_slave_0
[  983.669381][T14948] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[  983.685856][ T5906] usb 1-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  983.739963][ T5906] usb 1-1: Product: syz
[  983.744223][ T5906] usb 1-1: Manufacturer: syz
[  983.748749][T14948] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active
[  983.759221][ T5906] usb 1-1: SerialNumber: syz
[  983.766033][ T5951] usb 7-1: new high-speed USB device number 16 using dummy_hcd
[  983.800067][ T5906] usb 1-1: config 0 descriptor??
[  983.808364][T14948] batman_adv: batadv0: Adding interface: batadv_slave_1
[  983.818524][T14948] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[  983.846741][T14948] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active
[  983.857619][ T5906] dvb-usb: found a 'Medion MD95700 (MDUSBTV-HYBRID)' in warm state.
[  983.857676][ T5906] usb 1-1: setting power ON
[  983.857696][ T5906] dvb-usb: bulk message failed: -22 (2/0)
[  983.871600][ T5906] dvb-usb: will pass the complete MPEG2 transport stream to the software demuxer.
[  983.918614][ T5906] dvbdev: DVB: registering new adapter (Medion MD95700 (MDUSBTV-HYBRID))
[  983.952682][ T5906] usb 1-1: media controller created
[  983.969371][ T5951] usb 7-1: config 0 interface 0 altsetting 0 endpoint 0x9 has invalid wMaxPacketSize 0
[  983.981051][T15115] netlink: 12 bytes leftover after parsing attributes in process `syz.2.2039'.
[  983.998796][ T5951] usb 7-1: config 0 interface 0 altsetting 0 endpoint 0xA has invalid wMaxPacketSize 0
[  984.041911][ T5951] usb 7-1: New USB device found, idVendor=045e, idProduct=0283, bcdDevice=99.0b
[  984.051954][   T24] usb 8-1: new high-speed USB device number 6 using dummy_hcd
[  984.062660][T14948] hsr_slave_0: entered promiscuous mode
[  984.077913][T14948] hsr_slave_1: entered promiscuous mode
[  984.083219][ T5906] dvbdev: dvb_create_media_entity: media entity 'dvb-demux' registered.
[  984.087141][ T5951] usb 7-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  984.121450][T14948] debugfs: Directory 'hsr0' with parent 'hsr' already present!
[  984.144521][T14948] Cannot create hsr debugfs directory
[  984.165448][ T5951] usb 7-1: Product: syz
[  984.174298][ T5951] usb 7-1: Manufacturer: syz
[  984.189630][ T5951] usb 7-1: SerialNumber: syz
[  984.232580][ T5951] usb 7-1: config 0 descriptor??
[  984.241949][   T24] usb 8-1: config 220 has too many interfaces: 184, using maximum allowed: 32
[  984.252736][ T5906] usb 1-1: selecting invalid altsetting 6
[  984.274133][ T5906] usb 1-1: digital interface selection failed (-22)
[  984.285109][ T5951] usb 7-1: 0:0 : invalid sync pipe. bmAttributes 00, bLength 9, bSynchAddress aa
[  984.294583][   T24] usb 8-1: config 220 has 1 interface, different from the descriptor's value: 184
[  984.315382][ T5906] dvb-usb: no frontend was attached by 'Medion MD95700 (MDUSBTV-HYBRID)'
[  984.315433][   T24] usb 8-1: New USB device found, idVendor=0c45, idProduct=8008, bcdDevice=e1.85
[  984.344222][ T5906] usb 1-1: setting power OFF
[  984.368749][ T5906] dvb-usb: bulk message failed: -22 (2/0)
[  984.368974][   T24] usb 8-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  984.386582][T15121] netlink: 24 bytes leftover after parsing attributes in process `syz.0.2040'.
[  984.409475][ T5906] dvb-usb: Medion MD95700 (MDUSBTV-HYBRID) successfully initialized and connected.
[  984.438195][ T5906] (NULL device *): no alternate interface
[  984.513042][   T24] gspca_main: sn9c2028-2.14.0 probing 0c45:8008
[  984.556025][T15121] configfs: Unknown parameter 'acl'
[  984.562918][ T5951] usb 7-1: USB disconnect, device number 16
[  984.812316][ T5906] dvb-usb: Medion MD95700 (MDUSBTV-HYBRID) successfully deinitialized and disconnected.
[  984.908914][ T5906] usb 1-1: USB disconnect, device number 95
[  985.105814][   T24] gspca_sn9c2028: read1 error -110
[  985.119181][   T24] gspca_sn9c2028: read1 error -32
[  985.129794][   T24] gspca_sn9c2028: read1 error -32
[  985.154794][   T24] sn9c2028 8-1:220.0: probe with driver sn9c2028 failed with error -32
[  986.148243][T15137] delete_channel: no stack
[  986.978794][T15136] delete_channel: no stack
[  988.522575][   T24] usb 8-1: USB disconnect, device number 6
[  990.740422][T15176] delete_channel: no stack
[  991.607256][T15175] delete_channel: no stack
[  993.117027][ T1300] ieee802154 phy0 wpan0: encryption failed: -22
[  993.124405][ T1300] ieee802154 phy1 wpan1: encryption failed: -22
[  993.541142][ T5951] usb 7-1: new high-speed USB device number 17 using dummy_hcd
[  993.761767][T15195] 9pnet_fd: Insufficient options for proto=fd
[  993.975339][ T5951] usb 7-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config
[  994.009075][ T5951] usb 7-1: New USB device found, idVendor=04d8, idProduct=0083, bcdDevice=83.9c
[  994.032340][ T5951] usb 7-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  994.432176][ T5951] usb 7-1: Product: syz
[  994.511910][ T5951] usb 7-1: Manufacturer: syz
[  994.893944][ T5951] usb 7-1: SerialNumber: syz
[  994.913355][ T5951] usb 7-1: config 0 descriptor??
[  994.929211][ T5951] usb 7-1: can't set config #0, error -71
[  994.947047][ T5951] usb 7-1: USB disconnect, device number 17
[  995.437512][T15209] netlink: 8 bytes leftover after parsing attributes in process `syz.7.2057'.
[  996.324911][T14948] netdevsim netdevsim5 netdevsim0: renamed from eth0
[  996.361213][T14948] netdevsim netdevsim5 netdevsim1: renamed from eth1
[  996.446059][T14948] netdevsim netdevsim5 netdevsim2: renamed from eth2
[  996.583996][T14948] netdevsim netdevsim5 netdevsim3: renamed from eth3
[  996.656068][  T978] usb 8-1: new high-speed USB device number 7 using dummy_hcd
[  996.685832][T14313] usb 3-1: new high-speed USB device number 73 using dummy_hcd
[  996.776215][ T5951] usb 7-1: new full-speed USB device number 18 using dummy_hcd
[  996.840183][  T978] usb 8-1: config 220 has too many interfaces: 184, using maximum allowed: 32
[  996.849258][T14948] 8021q: adding VLAN 0 to HW filter on device bond0
[  996.864008][T14313] usb 3-1: Using ep0 maxpacket: 16
[  996.869837][  T978] usb 8-1: config 220 has 1 interface, different from the descriptor's value: 184
[  996.880780][T14313] usb 3-1: config 0 interface 0 altsetting 0 has an endpoint descriptor with address 0xF3, changing to 0x83
[  996.898247][T14948] 8021q: adding VLAN 0 to HW filter on device team0
[  996.913054][  T978] usb 8-1: New USB device found, idVendor=0c45, idProduct=8008, bcdDevice=e1.85
[  996.922743][T14313] usb 3-1: config 0 interface 0 altsetting 0 endpoint 0x83 has an invalid bInterval 0, changing to 7
[  996.962235][ T5951] usb 7-1: New USB device found, idVendor=056e, idProduct=4010, bcdDevice=20.1c
[  996.962627][  T978] usb 8-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  997.008498][ T6122] bridge0: port 1(bridge_slave_0) entered blocking state
[  997.015833][ T6122] bridge0: port 1(bridge_slave_0) entered forwarding state
[  997.018579][T14313] usb 3-1: New USB device found, idVendor=2040, idProduct=0264, bcdDevice=4e.d1
[  997.032218][ T5951] usb 7-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  997.107524][ T5951] usb 7-1: config 0 descriptor??
[  997.191924][ T6122] bridge0: port 2(bridge_slave_1) entered blocking state
[  997.199228][ T6122] bridge0: port 2(bridge_slave_1) entered forwarding state
[  997.204857][T14313] usb 3-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  997.356626][T14313] usb 3-1: Product: syz
[  997.607082][  T978] gspca_main: sn9c2028-2.14.0 probing 0c45:8008
[  997.618092][T14313] usb 3-1: Manufacturer: syz
[  997.622763][T14313] usb 3-1: SerialNumber: syz
[  997.638784][T15243] bond0: option ad_user_port_key: mode dependency failed, not supported in mode balance-rr(0)
[  997.669169][  T978] gspca_sn9c2028: read1 error -71
[  997.691595][T14313] usb 3-1: config 0 descriptor??
[  997.696970][  T978] gspca_sn9c2028: read1 error -71
[  997.707904][  T978] gspca_sn9c2028: read1 error -71
[  997.713080][  T978] sn9c2028 8-1:220.0: probe with driver sn9c2028 failed with error -71
[  997.730716][T14313] em28xx 3-1:0.0: New device syz syz @ 480 Mbps (2040:0264, interface 0, class 0)
[  997.759004][T14313] em28xx 3-1:0.0: Audio interface 0 found (Vendor Class)
[  997.776048][  T978] usb 8-1: USB disconnect, device number 7
[  997.857091][ T5951] pegasus 7-1:0.0: probe with driver pegasus failed with error -71
[  997.885191][ T5951] usb 7-1: USB disconnect, device number 18
[  998.062436][T15253] netlink: 4 bytes leftover after parsing attributes in process `syz.6.2064'.
[  998.351197][T14313] em28xx 3-1:0.0: unknown em28xx chip ID (0)
[  998.357468][  T978] usb 1-1: new high-speed USB device number 96 using dummy_hcd
[  998.366550][T14313] em28xx 3-1:0.0: Config register raw data: 0x3b
[  998.373739][T14313] em28xx 3-1:0.0: I2S Audio (3 sample rate(s))
[  998.381779][T14313] em28xx 3-1:0.0: No AC97 audio processor
[  998.528522][  T978] usb 1-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config
[  998.543596][T14948] 8021q: adding VLAN 0 to HW filter on device batadv0
[  998.562054][  T978] usb 1-1: New USB device found, idVendor=04d8, idProduct=0083, bcdDevice=83.9c
[  998.589970][  T978] usb 1-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  998.598784][  T978] usb 1-1: Product: syz
[  998.603003][  T978] usb 1-1: Manufacturer: syz
[  998.608046][  T978] usb 1-1: SerialNumber: syz
[  998.637015][  T978] usb 1-1: config 0 descriptor??
[  998.687455][  T978] ims_pcu 1-1:0.0: Missing CDC union descriptor
[  998.701411][  T978] ims_pcu 1-1:0.0: probe with driver ims_pcu failed with error -22
[  999.717881][   T44] usb 1-1: USB disconnect, device number 96
[ 1000.083926][T14948] veth0_vlan: entered promiscuous mode
[ 1000.113405][T14948] veth1_vlan: entered promiscuous mode
[ 1000.241967][T14948] veth0_macvtap: entered promiscuous mode
[ 1000.269725][T14948] veth1_macvtap: entered promiscuous mode
[ 1000.351878][T14948] batman_adv: batadv0: Interface activated: batadv_slave_0
[ 1000.383923][T14948] batman_adv: batadv0: Interface activated: batadv_slave_1
[ 1000.411970][T14948] netdevsim netdevsim5 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0
[ 1000.417587][T15294] netlink: 24 bytes leftover after parsing attributes in process `syz.6.2068'.
[ 1000.441869][T14948] netdevsim netdevsim5 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0
[ 1000.454229][T14948] netdevsim netdevsim5 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0
[ 1000.463825][T14948] netdevsim netdevsim5 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0
[ 1000.489929][T15294] vxcan3: entered promiscuous mode
[ 1000.608642][ T6122] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[ 1000.631647][ T6122] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50
[ 1000.712467][ T6122] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[ 1000.735562][ T6122] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50
[ 1001.411781][  T978] usb 3-1: USB disconnect, device number 73
[ 1001.810831][ T6050] netdevsim netdevsim5 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[ 1002.003242][ T6050] netdevsim netdevsim5 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[ 1002.219817][ T6050] netdevsim netdevsim5 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[ 1002.341169][ T6050] netdevsim netdevsim5 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[ 1002.683540][ T6050] bridge_slave_1: left allmulticast mode
[ 1002.694405][ T6050] bridge_slave_1: left promiscuous mode
[ 1002.702145][ T6050] bridge0: port 2(bridge_slave_1) entered disabled state
[ 1002.717639][ T6050] bridge_slave_0: left allmulticast mode
[ 1002.723342][ T6050] bridge_slave_0: left promiscuous mode
[ 1002.733692][ T6050] bridge0: port 1(bridge_slave_0) entered disabled state
[ 1003.247681][ T6050] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface
[ 1003.261586][ T6050] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface
[ 1003.273385][ T6050] bond0 (unregistering): Released all slaves
[ 1003.619401][ T6050] hsr_slave_0: left promiscuous mode
[ 1003.630597][ T6050] hsr_slave_1: left promiscuous mode
[ 1003.639550][ T6050] batman_adv: batadv0: Interface deactivated: batadv_slave_0
[ 1003.653287][ T6050] batman_adv: batadv0: Removing interface: batadv_slave_0
[ 1003.661647][ T6050] batman_adv: batadv0: Interface deactivated: batadv_slave_1
[ 1003.680786][ T6050] batman_adv: batadv0: Removing interface: batadv_slave_1
[ 1003.720852][ T6050] veth1_macvtap: left promiscuous mode
[ 1003.726586][ T6050] veth0_macvtap: left promiscuous mode
[ 1003.732281][ T6050] veth1_vlan: left promiscuous mode
[ 1003.742775][ T6050] veth0_vlan: left promiscuous mode
[ 1004.464786][T15350] FAULT_INJECTION: forcing a failure.
[ 1004.464786][T15350] name failslab, interval 1, probability 0, space 0, times 0
[ 1004.722659][T15350] CPU: 1 UID: 0 PID: 15350 Comm: syz.6.2079 Not tainted 6.16.0-rc5-syzkaller-00053-g8c2e52ebbe88 #0 PREEMPT(full) 
[ 1004.722694][T15350] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025
[ 1004.722709][T15350] Call Trace:
[ 1004.722720][T15350]  <TASK>
[ 1004.722730][T15350]  dump_stack_lvl+0x189/0x250
[ 1004.722762][T15350]  ? __pfx____ratelimit+0x10/0x10
[ 1004.722797][T15350]  ? __pfx_dump_stack_lvl+0x10/0x10
[ 1004.722823][T15350]  ? __pfx__printk+0x10/0x10
[ 1004.722865][T15350]  ? __pfx___might_resched+0x10/0x10
[ 1004.722897][T15350]  ? fs_reclaim_acquire+0x7d/0x100
[ 1004.722926][T15350]  should_fail_ex+0x414/0x560
[ 1004.722964][T15350]  should_failslab+0xa8/0x100
[ 1004.723004][T15350]  __kmalloc_cache_noprof+0x70/0x3d0
[ 1004.723035][T15350]  ? sctp_datamsg_from_user+0x88/0xef0
[ 1004.723062][T15350]  sctp_datamsg_from_user+0x88/0xef0
[ 1004.723085][T15350]  ? __sk_mem_raise_allocated+0xaa9/0x1240
[ 1004.723128][T15350]  ? __sk_mem_schedule+0x7f/0xf0
[ 1004.723162][T15350]  ? __genradix_ptr+0x1e1/0x220
[ 1004.723192][T15350]  sctp_sendmsg_to_asoc+0x1003/0x1810
[ 1004.723228][T15350]  ? __lock_acquire+0xab9/0xd20
[ 1004.723267][T15350]  ? __pfx_sctp_sendmsg_to_asoc+0x10/0x10
[ 1004.723296][T15350]  ? __local_bh_enable_ip+0x12d/0x1c0
[ 1004.723320][T15350]  ? __pfx___local_bh_enable_ip+0x10/0x10
[ 1004.723346][T15350]  ? sctp_sendmsg_check_sflags+0x18d/0x2e0
[ 1004.723381][T15350]  sctp_sendmsg+0x1941/0x2810
[ 1004.723419][T15350]  ? __pfx_smack_socket_sendmsg+0x10/0x10
[ 1004.723442][T15350]  ? __pfx_sctp_sendmsg+0x10/0x10
[ 1004.723466][T15350]  ? rcu_is_watching+0x15/0xb0
[ 1004.723491][T15350]  ? trace_irq_disable+0x37/0x110
[ 1004.723521][T15350]  ? preempt_schedule_irq+0xde/0x150
[ 1004.723557][T15350]  ? __pfx_preempt_schedule_irq+0x10/0x10
[ 1004.723606][T15350]  ? sock_rps_record_flow+0x19/0x410
[ 1004.723634][T15350]  ? inet_sendmsg+0x2f4/0x370
[ 1004.723653][T15350]  ? bpf_lsm_socket_sendmsg+0x9/0x20
[ 1004.723690][T15350]  __sock_sendmsg+0x19c/0x270
[ 1004.723729][T15350]  ____sys_sendmsg+0x52d/0x830
[ 1004.723769][T15350]  ? __pfx_____sys_sendmsg+0x10/0x10
[ 1004.723809][T15350]  ? import_iovec+0x74/0xa0
[ 1004.723840][T15350]  ___sys_sendmsg+0x21f/0x2a0
[ 1004.723871][T15350]  ? __pfx____sys_sendmsg+0x10/0x10
[ 1004.723957][T15350]  ? __fget_files+0x2a/0x420
[ 1004.723978][T15350]  ? __fget_files+0x3a0/0x420
[ 1004.724012][T15350]  __sys_sendmmsg+0x227/0x430
[ 1004.724047][T15350]  ? __pfx___sys_sendmmsg+0x10/0x10
[ 1004.724073][T15350]  ? __mutex_unlock_slowpath+0x1cd/0x700
[ 1004.724126][T15350]  ? ksys_write+0x22a/0x250
[ 1004.724159][T15350]  ? __pfx_ksys_write+0x10/0x10
[ 1004.724198][T15350]  __x64_sys_sendmmsg+0xa0/0xc0
[ 1004.724230][T15350]  do_syscall_64+0xfa/0x3b0
[ 1004.724250][T15350]  ? lockdep_hardirqs_on+0x9c/0x150
[ 1004.724287][T15350]  ? entry_SYSCALL_64_after_hwframe+0x77/0x7f
[ 1004.724310][T15350]  ? clear_bhb_loop+0x60/0xb0
[ 1004.724337][T15350]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[ 1004.724359][T15350] RIP: 0033:0x7f3dd1d8e929
[ 1004.724380][T15350] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[ 1004.724399][T15350] RSP: 002b:00007f3dd2caa038 EFLAGS: 00000246 ORIG_RAX: 0000000000000133
[ 1004.724423][T15350] RAX: ffffffffffffffda RBX: 00007f3dd1fb5fa0 RCX: 00007f3dd1d8e929
[ 1004.724444][T15350] RDX: 0000000000000001 RSI: 0000200000004900 RDI: 0000000000000003
[ 1004.724458][T15350] RBP: 00007f3dd2caa090 R08: 0000000000000000 R09: 0000000000000000
[ 1004.724473][T15350] R10: 0000000004048884 R11: 0000000000000246 R12: 0000000000000001
[ 1004.724487][T15350] R13: 0000000000000000 R14: 00007f3dd1fb5fa0 R15: 00007ffdf6bff838
[ 1004.724522][T15350]  </TASK>
[ 1005.681473][T15360] ptrace attach of "./syz-executor exec"[5849] was attempted by "./syz-executor exec"[15360]
[ 1006.734941][T13642] Bluetooth: hci0: unexpected cc 0x0c03 length: 249 > 1
[ 1006.746624][T13642] Bluetooth: hci0: unexpected cc 0x1003 length: 249 > 9
[ 1006.755142][T13642] Bluetooth: hci0: unexpected cc 0x1001 length: 249 > 9
[ 1006.763588][T13642] Bluetooth: hci0: unexpected cc 0x0c23 length: 249 > 4
[ 1006.772865][T13642] Bluetooth: hci0: unexpected cc 0x0c38 length: 249 > 2
[ 1007.428756][ T6050] team0 (unregistering): Port device team_slave_1 removed
[ 1007.510094][ T6050] team0 (unregistering): Port device team_slave_0 removed
[ 1008.816236][T13642] Bluetooth: hci0: command tx timeout
[ 1008.978394][T15401] ptrace attach of "./syz-executor exec"[6964] was attempted by "./syz-executor exec"[15401]
[ 1009.390207][T15404] capability: warning: `syz.7.2093' uses deprecated v2 capabilities in a way that may be insecure
[ 1009.673313][T15370] chnl_net:caif_netlink_parms(): no params data found
[ 1009.768613][T15409] overlayfs: option "workdir=./bus" is useless in a non-upper mount, ignore
[ 1009.784967][T15409] overlayfs: at least 2 lowerdir are needed while upperdir nonexistent
[ 1010.265931][T14313] usb 8-1: new high-speed USB device number 8 using dummy_hcd
[ 1010.334745][T15370] bridge0: port 1(bridge_slave_0) entered blocking state
[ 1010.381279][T15370] bridge0: port 1(bridge_slave_0) entered disabled state
[ 1010.413556][T15370] bridge_slave_0: entered allmulticast mode
[ 1010.440563][ T6191] wlan1: No active IBSS STAs - trying to scan for other IBSS networks with same SSID (merge)
[ 1010.450956][T14313] usb 8-1: config 0 interface 0 altsetting 0 endpoint 0x82 has invalid wMaxPacketSize 0
[ 1010.473390][T15370] bridge_slave_0: entered promiscuous mode
[ 1010.479411][T14313] usb 8-1: New USB device found, idVendor=0cf3, idProduct=9374, bcdDevice=bc.3b
[ 1010.479443][T14313] usb 8-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[ 1010.500547][T14313] usb 8-1: config 0 descriptor??
[ 1010.589296][T15428] FAULT_INJECTION: forcing a failure.
[ 1010.589296][T15428] name fail_usercopy, interval 1, probability 0, space 0, times 0
[ 1010.600973][T15370] bridge0: port 2(bridge_slave_1) entered blocking state
[ 1010.604194][T15428] CPU: 0 UID: 0 PID: 15428 Comm: syz.2.2097 Not tainted 6.16.0-rc5-syzkaller-00053-g8c2e52ebbe88 #0 PREEMPT(full) 
[ 1010.604228][T15428] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025
[ 1010.604250][T15428] Call Trace:
[ 1010.604260][T15428]  <TASK>
[ 1010.604271][T15428]  dump_stack_lvl+0x189/0x250
[ 1010.604306][T15428]  ? __pfx____ratelimit+0x10/0x10
[ 1010.604343][T15428]  ? __pfx_dump_stack_lvl+0x10/0x10
[ 1010.604370][T15428]  ? __pfx__printk+0x10/0x10
[ 1010.604417][T15428]  should_fail_ex+0x414/0x560
[ 1010.604460][T15428]  _copy_to_user+0x31/0xb0
[ 1010.604489][T15428]  netlink_getsockopt+0x385/0x5b0
[ 1010.604525][T15428]  ? __pfx_netlink_getsockopt+0x10/0x10
[ 1010.604568][T15428]  do_sock_getsockopt+0x35d/0x650
[ 1010.604603][T15428]  ? __pfx_do_sock_getsockopt+0x10/0x10
[ 1010.604631][T15428]  ? do_syscall_64+0x40/0x3b0
[ 1010.604652][T15428]  ? __fget_files+0x3a0/0x420
[ 1010.604675][T15428]  ? __fget_files+0x2a/0x420
[ 1010.604706][T15428]  __x64_sys_getsockopt+0x1a5/0x250
[ 1010.604733][T15428]  ? do_syscall_64+0x40/0x3b0
[ 1010.604758][T15428]  ? do_syscall_64+0x40/0x3b0
[ 1010.604791][T15428]  do_syscall_64+0xfa/0x3b0
[ 1010.604813][T15428]  ? lockdep_hardirqs_on+0x9c/0x150
[ 1010.604847][T15428]  ? entry_SYSCALL_64_after_hwframe+0x77/0x7f
[ 1010.604871][T15428]  ? clear_bhb_loop+0x60/0xb0
[ 1010.604901][T15428]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[ 1010.604925][T15428] RIP: 0033:0x7f44f318e929
[ 1010.604946][T15428] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[ 1010.604965][T15428] RSP: 002b:00007f44f3f73038 EFLAGS: 00000246 ORIG_RAX: 0000000000000037
[ 1010.604992][T15428] RAX: ffffffffffffffda RBX: 00007f44f33b5fa0 RCX: 00007f44f318e929
[ 1010.605010][T15428] RDX: 0000000000000005 RSI: 000000000000010e RDI: 0000000000000003
[ 1010.605025][T15428] RBP: 00007f44f3f73090 R08: 0000200000000100 R09: 0000000000000000
[ 1010.605042][T15428] R10: 0000200000000040 R11: 0000000000000246 R12: 0000000000000001
[ 1010.605056][T15428] R13: 0000000000000000 R14: 00007f44f33b5fa0 R15: 00007ffc1dfa2178
[ 1010.605094][T15428]  </TASK>
[ 1010.917939][T13642] Bluetooth: hci0: command tx timeout
[ 1010.924410][T15370] bridge0: port 2(bridge_slave_1) entered disabled state
[ 1010.933149][T15370] bridge_slave_1: entered allmulticast mode
[ 1010.939723][T15411] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy
[ 1010.964202][T15370] bridge_slave_1: entered promiscuous mode
[ 1011.034125][T15411] misc raw-gadget: fail, usb_gadget_register_driver returned -16
[ 1011.629632][T15370] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link
[ 1011.652328][T14313] ath6kl: Failed to read usb control message: -71
[ 1011.664601][T14313] ath6kl: Unable to read the bmi data from the device: -71
[ 1011.672427][T14313] ath6kl: Unable to recv target info: -71
[ 1011.696006][T14313] ath6kl: Failed to init ath6kl core: -71
[ 1011.736380][T14313] ath6kl_usb 8-1:0.0: probe with driver ath6kl_usb failed with error -71
[ 1011.761018][T15370] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link
[ 1011.833379][T14313] usb 8-1: USB disconnect, device number 8
[ 1012.417347][T15370] team0: Port device team_slave_0 added
[ 1012.539218][T15370] team0: Port device team_slave_1 added
[ 1012.543017][T15440] binder: 15439:15440 ioctl c00c620f 200000000040 returned -22
[ 1012.785402][   T30] audit: type=1326 audit(1752168692.114:199): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=15445 comm="syz.2.2103" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f44f318e929 code=0x7ffc0000
[ 1012.809139][T15370] batman_adv: batadv0: Adding interface: batadv_slave_0
[ 1012.864888][T15370] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[ 1012.894547][   T30] audit: type=1326 audit(1752168692.114:200): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=15445 comm="syz.2.2103" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f44f318e929 code=0x7ffc0000
[ 1012.916148][    C1] vkms_vblank_simulate: vblank timer overrun
[ 1012.946116][   T30] audit: type=1326 audit(1752168692.114:201): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=15445 comm="syz.2.2103" exe="/root/syz-executor" sig=0 arch=c000003e syscall=186 compat=0 ip=0x7f44f318e929 code=0x7ffc0000
[ 1012.967742][    C1] vkms_vblank_simulate: vblank timer overrun
[ 1012.974717][   T30] audit: type=1326 audit(1752168692.114:202): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=15445 comm="syz.2.2103" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f44f318e929 code=0x7ffc0000
[ 1012.996832][    C1] vkms_vblank_simulate: vblank timer overrun
[ 1013.004253][T13642] Bluetooth: hci0: command tx timeout
[ 1013.010202][   T30] audit: type=1326 audit(1752168692.114:203): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=15445 comm="syz.2.2103" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f44f318e929 code=0x7ffc0000
[ 1013.031824][    C1] vkms_vblank_simulate: vblank timer overrun
[ 1013.038336][   T30] audit: type=1326 audit(1752168692.114:204): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=15445 comm="syz.2.2103" exe="/root/syz-executor" sig=0 arch=c000003e syscall=128 compat=0 ip=0x7f44f318e929 code=0x7ffc0000
[ 1013.060556][   T30] audit: type=1326 audit(1752168692.284:205): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=15445 comm="syz.2.2103" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f44f318e929 code=0x7ffc0000
[ 1013.075785][T15370] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active
[ 1013.082164][    C1] vkms_vblank_simulate: vblank timer overrun
[ 1013.082491][   T30] audit: type=1326 audit(1752168692.284:206): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=15445 comm="syz.2.2103" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f44f318e929 code=0x7ffc0000
[ 1013.203040][T15370] batman_adv: batadv0: Adding interface: batadv_slave_1
[ 1013.241391][T15370] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[ 1013.356034][T15370] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active
[ 1013.861356][T15370] hsr_slave_0: entered promiscuous mode
[ 1013.886891][T15370] hsr_slave_1: entered promiscuous mode
[ 1013.927437][T15370] debugfs: Directory 'hsr0' with parent 'hsr' already present!
[ 1014.055735][T15370] Cannot create hsr debugfs directory
[ 1014.063734][T14313] usb 3-1: new high-speed USB device number 74 using dummy_hcd
[ 1014.275675][T14313] usb 3-1: Using ep0 maxpacket: 8
[ 1014.287416][T14313] usb 3-1: New USB device found, idVendor=1660, idProduct=0932, bcdDevice=80.ea
[ 1014.302507][T14313] usb 3-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[ 1014.423480][T14313] usb 3-1: Product: syz
[ 1014.651574][T14313] usb 3-1: Manufacturer: syz
[ 1014.855897][T14313] usb 3-1: SerialNumber: syz
[ 1014.891659][T14313] usb 3-1: config 0 descriptor??
[ 1014.916848][T14313] dvb-usb: found a 'Medion MD95700 (MDUSBTV-HYBRID)' in warm state.
[ 1014.965720][T14313] usb 3-1: setting power ON
[ 1014.978608][T14313] dvb-usb: bulk message failed: -22 (2/0)
[ 1015.026271][T14313] dvb-usb: will pass the complete MPEG2 transport stream to the software demuxer.
[ 1015.055886][T13642] Bluetooth: hci0: command tx timeout
[ 1015.103145][T14313] dvbdev: DVB: registering new adapter (Medion MD95700 (MDUSBTV-HYBRID))
[ 1015.116698][T15452] dvb-usb: bulk message failed: -22 (4/0)
[ 1015.189465][T14313] usb 3-1: media controller created
[ 1015.294842][T14313] dvbdev: dvb_create_media_entity: media entity 'dvb-demux' registered.
[ 1015.388423][T14313] usb 3-1: selecting invalid altsetting 6
[ 1015.406085][T14313] usb 3-1: digital interface selection failed (-22)
[ 1015.439930][T14313] dvb-usb: no frontend was attached by 'Medion MD95700 (MDUSBTV-HYBRID)'
[ 1015.622488][T14313] usb 3-1: setting power OFF
[ 1015.635708][T14313] dvb-usb: bulk message failed: -22 (2/0)
[ 1015.641539][T14313] dvb-usb: Medion MD95700 (MDUSBTV-HYBRID) successfully initialized and connected.
[ 1015.666236][T14313] (NULL device *): no alternate interface
[ 1016.026567][T15485] netlink: 4 bytes leftover after parsing attributes in process `syz.6.2109'.
[ 1016.077490][T15487] netlink: 12 bytes leftover after parsing attributes in process `syz.6.2109'.
[ 1016.477740][T15492] binder: 15491:15492 ioctl c00c620f 200000000040 returned -22
[ 1016.747418][ T5906] usb 7-1: new full-speed USB device number 19 using dummy_hcd
[ 1016.884345][T14313] dvb-usb: Medion MD95700 (MDUSBTV-HYBRID) successfully deinitialized and disconnected.
[ 1016.922614][T14313] usb 3-1: USB disconnect, device number 74
[ 1016.932328][ T5906] usb 7-1: config 8 has an invalid interface number: 177 but max is 0
[ 1016.935850][ T5951] usb 8-1: new full-speed USB device number 9 using dummy_hcd
[ 1016.955735][ T5906] usb 7-1: config 8 has no interface number 0
[ 1016.979226][ T5906] usb 7-1: config 8 interface 177 altsetting 9 endpoint 0x8 has invalid maxpacket 1023, setting to 64
[ 1017.098759][ T5906] usb 7-1: config 8 interface 177 has no altsetting 0
[ 1017.175961][ T5906] usb 7-1: New USB device found, idVendor=04d8, idProduct=fd08, bcdDevice=59.b1
[ 1017.179437][ T5951] usb 8-1: config 8 has an invalid interface number: 177 but max is 0
[ 1017.262415][ T5906] usb 7-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[ 1017.360996][ T5951] usb 8-1: config 8 has no interface number 0
[ 1017.454221][ T5951] usb 8-1: config 8 interface 177 altsetting 9 endpoint 0x8 has invalid maxpacket 1023, setting to 64
[ 1017.537894][ T5951] usb 8-1: config 8 interface 177 has no altsetting 0
[ 1017.609993][ T5951] usb 8-1: New USB device found, idVendor=04d8, idProduct=fd08, bcdDevice=59.b1
[ 1017.616871][T15493] raw-gadget.1 gadget.6: fail, usb_ep_enable returned -22
[ 1017.678553][ T5951] usb 8-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[ 1017.757212][T15497] raw-gadget.3 gadget.7: fail, usb_ep_enable returned -22
[ 1017.870934][ T5906] usb 7-1: string descriptor 0 read error: -71
[ 1018.111704][ T5951] usb 8-1: string descriptor 0 read error: -71
[ 1018.133149][    C0] ir_toy 7-1:8.177: out urb status: -71
[ 1018.222138][T15517] overlayfs: failed to resolve './file0': -2
[ 1018.242300][    C1] ir_toy 8-1:8.177: out urb status: -71
[ 1018.870944][ T5951] ir_toy 8-1:8.177: could not write reset command: -110
[ 1018.901688][ T5951] ir_toy 8-1:8.177: probe with driver ir_toy failed with error -110
[ 1018.935561][ T5951] usb 8-1: USB disconnect, device number 9
[ 1018.999326][ T5906] ir_toy 7-1:8.177: could not write reset command: -110
[ 1019.024374][ T5906] ir_toy 7-1:8.177: probe with driver ir_toy failed with error -110
[ 1019.050401][ T5906] usb 7-1: USB disconnect, device number 19
[ 1019.327114][T15370] netdevsim netdevsim5 netdevsim0: renamed from eth0
[ 1019.363901][T15524] netlink: 12 bytes leftover after parsing attributes in process `syz.0.2118'.
[ 1019.555149][T15533] 9pnet_fd: Insufficient options for proto=fd
[ 1019.579345][T15370] netdevsim netdevsim5 netdevsim1: renamed from eth1
[ 1019.614358][T15370] netdevsim netdevsim5 netdevsim2: renamed from eth2
[ 1019.738597][T15370] netdevsim netdevsim5 netdevsim3: renamed from eth3
[ 1019.876749][T15535] block device autoloading is deprecated and will be removed.
[ 1020.252597][ T5906] usb 3-1: new high-speed USB device number 75 using dummy_hcd
[ 1020.434832][ T5906] usb 3-1: Using ep0 maxpacket: 16
[ 1020.453788][ T5906] usb 3-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7
[ 1020.518797][ T5906] usb 3-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0
[ 1020.574701][ T5906] usb 3-1: config 0 interface 0 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 3
[ 1020.613325][ T5906] usb 3-1: New USB device found, idVendor=0955, idProduct=7214, bcdDevice=ed.00
[ 1020.633257][ T5906] usb 3-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[ 1020.682206][ T5906] usb 3-1: config 0 descriptor??
[ 1020.946273][T15556] comedi comedi3: dt2801: I/O port conflict (0x1,2)
[ 1020.969538][T15370] 8021q: adding VLAN 0 to HW filter on device bond0
[ 1021.035506][T15370] 8021q: adding VLAN 0 to HW filter on device team0
[ 1021.040771][T15556] comedi comedi0: comedi_test: 236 microvolt, 100000 microsecond waveform attached
[ 1021.078516][   T12] bridge0: port 1(bridge_slave_0) entered blocking state
[ 1021.085841][   T12] bridge0: port 1(bridge_slave_0) entered forwarding state
[ 1021.099525][ T5906] shield 0003:0955:7214.0012: unknown main item tag 0x0
[ 1021.108615][ T5906] shield 0003:0955:7214.0012: unknown main item tag 0x0
[ 1021.128180][ T5906] shield 0003:0955:7214.0012: unknown main item tag 0x0
[ 1021.152725][ T5906] shield 0003:0955:7214.0012: unknown main item tag 0x0
[ 1021.180866][ T5906] shield 0003:0955:7214.0012: unknown main item tag 0x0
[ 1021.194315][ T6191] bridge0: port 2(bridge_slave_1) entered blocking state
[ 1021.201560][ T6191] bridge0: port 2(bridge_slave_1) entered forwarding state
[ 1021.236280][ T5906] input: HID 0955:7214 Haptics as /devices/virtual/input/input24
[ 1021.359940][ T5906] shield 0003:0955:7214.0012: Registered Thunderstrike controller
[ 1021.371094][T15370] hsr0: Slave B (hsr_slave_1) is not up; please bring it up to get a fully working HSR network
[ 1021.386446][ T5890] usb 1-1: new full-speed USB device number 97 using dummy_hcd
[ 1021.394326][ T5906] shield 0003:0955:7214.0012: : USB HID v0.00 Device [HID 0955:7214] on usb-dummy_hcd.2-1/input0
[ 1021.456134][T15562] netlink: 8 bytes leftover after parsing attributes in process `syz.7.2125'.
[ 1021.476074][T15562] macvlan2: entered promiscuous mode
[ 1021.481466][T15562] macvlan2: entered allmulticast mode
[ 1021.489057][T15562] erspan0: entered allmulticast mode
[ 1021.542400][T15562] virtio-fs: tag </dev/md0> not found
[ 1021.572249][ T5890] usb 1-1: config index 0 descriptor too short (expected 156, got 27)
[ 1021.591508][ T5890] usb 1-1: too many endpoints for config 0 interface 0 altsetting 191: 144, using maximum allowed: 30
[ 1021.624943][ T5890] usb 1-1: config 0 interface 0 altsetting 191 endpoint 0x87 has an invalid bInterval 0, changing to 10
[ 1021.649298][ T5890] usb 1-1: config 0 interface 0 altsetting 191 endpoint 0x87 has invalid maxpacket 255, setting to 64
[ 1021.663752][T15565] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy
[ 1021.674643][ T5890] usb 1-1: config 0 interface 0 altsetting 191 has 1 endpoint descriptor, different from the interface descriptor's value: 144
[ 1021.694150][T15565] misc raw-gadget: fail, usb_gadget_register_driver returned -16
[ 1021.730982][ T5890] usb 1-1: config 0 interface 0 has no altsetting 0
[ 1021.772658][ T5890] usb 1-1: New USB device found, idVendor=0f11, idProduct=1021, bcdDevice=86.66
[ 1021.819237][ T5890] usb 1-1: New USB device strings: Mfr=85, Product=120, SerialNumber=172
[ 1021.844923][ T5890] usb 1-1: Product: syz
[ 1021.921596][ T5890] usb 1-1: Manufacturer: syz
[ 1021.956123][ T5890] usb 1-1: SerialNumber: syz
[ 1022.088024][T15529] netlink: 'syz.2.2120': attribute type 2 has an invalid length.
[ 1022.093549][ T5890] usb 1-1: config 0 descriptor??
[ 1022.185844][T15529] netlink: 244 bytes leftover after parsing attributes in process `syz.2.2120'.
[ 1022.247045][T15557] raw-gadget.1 gadget.0: fail, usb_ep_enable returned -22
[ 1022.487268][  T978] shield 0003:0955:7214.0012: Failed to output Thunderstrike HOSTCMD request HID report due to -EPROTO
[ 1022.495292][ T5890] ldusb 1-1:0.0: Interrupt out endpoint not found (using control endpoint instead)
[ 1022.526796][T13360] usb 3-1: USB disconnect, device number 75
[ 1022.535048][  T978] shield 0003:0955:7214.0012: Failed to output Thunderstrike HOSTCMD request HID report due to -ENODEV
[ 1022.609637][ T5890] ldusb 1-1:0.0: LD USB Device #0 now attached to major 180 minor 0
[ 1022.851261][ T5890] usb 1-1: USB disconnect, device number 97
[ 1022.851328][    C1] ldusb 1-1:0.0: usb_submit_urb failed (-19)
[ 1022.885188][T15370] 8021q: adding VLAN 0 to HW filter on device batadv0
[ 1023.034988][ T5890] ldusb 1-1:0.0: LD USB Device #0 now disconnected
[ 1023.139157][T15582] usb usb8: usbfs: process 15582 (syz.7.2127) did not claim interface 0 before use
[ 1024.571288][T15598] netlink: 12 bytes leftover after parsing attributes in process `syz.2.2131'.
[ 1024.689538][   T30] audit: type=1326 audit(1752168704.004:207): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=15583 comm="syz.6.2128" exe="/root/syz-executor" sig=31 arch=c000003e syscall=202 compat=0 ip=0x7f3dd1d8e929 code=0x0
[ 1025.319607][T15590] overlayfs: failed to resolve './file1': -2
[ 1026.042640][ T5156] Bluetooth: hci1: command 0x0406 tx timeout
[ 1026.285846][  T978] usb 7-1: new high-speed USB device number 20 using dummy_hcd
[ 1026.325061][T15370] veth0_vlan: entered promiscuous mode
[ 1026.351964][T15370] veth1_vlan: entered promiscuous mode
[ 1026.446739][  T978] usb 7-1: device descriptor read/64, error -71
[ 1026.458573][T15370] veth0_macvtap: entered promiscuous mode
[ 1026.503888][T15370] veth1_macvtap: entered promiscuous mode
[ 1026.577102][T15370] batman_adv: batadv0: Interface activated: batadv_slave_0
[ 1026.631339][T15370] batman_adv: batadv0: Interface activated: batadv_slave_1
[ 1026.670616][T15370] netdevsim netdevsim5 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0
[ 1026.698137][T15370] netdevsim netdevsim5 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0
[ 1026.713477][T15370] netdevsim netdevsim5 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0
[ 1026.724214][T15370] netdevsim netdevsim5 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0
[ 1026.737684][  T978] usb 7-1: new high-speed USB device number 21 using dummy_hcd
[ 1026.971582][  T978] usb 7-1: device descriptor read/64, error -71
[ 1027.385062][  T978] usb usb7-port1: attempt power cycle
[ 1027.553974][ T6050] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[ 1027.605075][ T6050] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50
[ 1027.858819][  T978] usb 7-1: new high-speed USB device number 22 using dummy_hcd
[ 1028.696210][   T64] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[ 1028.789035][  T978] usb 7-1: device descriptor read/8, error -71
[ 1028.800313][   T64] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50
[ 1028.987304][ T5906] usb 3-1: new high-speed USB device number 76 using dummy_hcd
[ 1029.191698][ T5906] usb 3-1: config 0 interface 0 has no altsetting 0
[ 1029.271186][ T5906] usb 3-1: New USB device found, idVendor=045e, idProduct=00f9, bcdDevice= 0.00
[ 1029.333910][ T5906] usb 3-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[ 1030.134349][ T5906] usb 3-1: config 0 descriptor??
[ 1031.301365][ T6050] netdevsim netdevsim5 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[ 1031.499158][ T6050] netdevsim netdevsim5 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[ 1031.875238][ T5906] microsoft 0003:045E:00F9.0013: hidraw0: USB HID v0.02 Device [HID 045e:00f9] on usb-dummy_hcd.2-1/input0
[ 1031.906000][ T5906] microsoft 0003:045E:00F9.0013: no inputs found
[ 1031.918098][ T5906] microsoft 0003:045E:00F9.0013: could not initialize ff, continuing anyway
[ 1031.987176][ T6050] netdevsim netdevsim5 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[ 1032.089425][T15643] overlayfs: failed to resolve './file1': -2
[ 1032.199203][ T6050] netdevsim netdevsim5 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[ 1032.378306][   T24] usb 3-1: USB disconnect, device number 76
[ 1032.587032][ T6050] bridge_slave_1: left allmulticast mode
[ 1032.601349][ T6050] bridge_slave_1: left promiscuous mode
[ 1032.613382][ T6050] bridge0: port 2(bridge_slave_1) entered disabled state
[ 1032.629612][ T6050] bridge_slave_0: left allmulticast mode
[ 1032.635480][ T6050] bridge_slave_0: left promiscuous mode
[ 1032.653669][ T6050] bridge0: port 1(bridge_slave_0) entered disabled state
[ 1033.507982][T15689] netlink: 12 bytes leftover after parsing attributes in process `syz.7.2143'.
[ 1033.508479][   T30] audit: type=1326 audit(1752168712.844:208): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=15682 comm="syz.0.2142" exe="/root/syz-executor" sig=31 arch=c000003e syscall=202 compat=0 ip=0x7f571f58e929 code=0x0
[ 1034.198436][T15695] netlink: 256 bytes leftover after parsing attributes in process `syz.0.2142'.
[ 1034.644292][ T6050] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface
[ 1034.725259][ T6050] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface
[ 1034.790198][ T6050] bond0 (unregistering): Released all slaves
[ 1035.188591][T15708] delete_channel: no stack
[ 1037.861535][ T5156] Bluetooth: hci0: unexpected cc 0x0c03 length: 249 > 1
[ 1037.871891][ T5156] Bluetooth: hci0: unexpected cc 0x1003 length: 249 > 9
[ 1037.903527][ T5156] Bluetooth: hci0: unexpected cc 0x1001 length: 249 > 9
[ 1037.932954][ T5156] Bluetooth: hci0: unexpected cc 0x0c23 length: 249 > 4
[ 1037.948801][ T5156] Bluetooth: hci0: unexpected cc 0x0c38 length: 249 > 2
[ 1038.170252][T15700] delete_channel: no stack
[ 1038.900781][T15733] overlayfs: failed to resolve './file0': -2
[ 1040.100675][T13642] Bluetooth: hci0: command tx timeout
[ 1040.436702][ T6050] hsr_slave_0: left promiscuous mode
[ 1040.454382][ T6050] hsr_slave_1: left promiscuous mode
[ 1040.472281][ T6050] batman_adv: batadv0: Interface deactivated: batadv_slave_0
[ 1040.494792][ T6050] batman_adv: batadv0: Removing interface: batadv_slave_0
[ 1040.536767][ T6050] batman_adv: batadv0: Interface deactivated: batadv_slave_1
[ 1040.563562][ T6050] batman_adv: batadv0: Removing interface: batadv_slave_1
[ 1040.702735][ T6050] veth1_macvtap: left promiscuous mode
[ 1040.720258][ T6050] veth0_macvtap: left promiscuous mode
[ 1040.737471][ T6050] veth1_vlan: left promiscuous mode
[ 1040.761230][ T6050] veth0_vlan: left promiscuous mode
[ 1041.762388][   T49] wlan1: No active IBSS STAs - trying to scan for other IBSS networks with same SSID (merge)
[ 1042.151231][ T6050] team0 (unregistering): Port device team_slave_1 removed
[ 1042.178729][T13642] Bluetooth: hci0: command tx timeout
[ 1042.225447][ T6050] team0 (unregistering): Port device team_slave_0 removed
[ 1042.858271][T15774] tipc: Started in network mode
[ 1042.865416][T15774] tipc: Node identity 2, cluster identity 2
[ 1042.871661][T15774] tipc: Node number set to 2
[ 1042.877094][T15774] tipc: Cannot configure node identity twice
[ 1043.615531][T15712] chnl_net:caif_netlink_parms(): no params data found
[ 1044.247699][T15712] bridge0: port 1(bridge_slave_0) entered blocking state
[ 1044.258111][T13642] Bluetooth: hci0: command tx timeout
[ 1044.300054][T15712] bridge0: port 1(bridge_slave_0) entered disabled state
[ 1044.359245][T15712] bridge_slave_0: entered allmulticast mode
[ 1044.393433][T15712] bridge_slave_0: entered promiscuous mode
[ 1044.423873][T15712] bridge0: port 2(bridge_slave_1) entered blocking state
[ 1044.455987][T15712] bridge0: port 2(bridge_slave_1) entered disabled state
[ 1044.463318][T15712] bridge_slave_1: entered allmulticast mode
[ 1044.491673][T15712] bridge_slave_1: entered promiscuous mode
[ 1044.762206][T15712] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link
[ 1044.852578][T15712] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link
[ 1044.905305][   T31] INFO: task syz.1.1874:14124 blocked for more than 143 seconds.
[ 1044.915693][   T31]       Not tainted 6.16.0-rc5-syzkaller-00053-g8c2e52ebbe88 #0
[ 1044.923428][   T31] "echo 0 > /proc/sys/kernel/hung_task_timeout_secs" disables this message.
SYZFAIL: failed to recv rpc
fd=3 want=4 recv=0 n=0 (errno 9: Bad file descriptor)
[ 1044.959714][   T31] task:syz.1.1874      state:D stack:25096 pid:14124 tgid:14124 ppid:5842   task_flags:0x400040 flags:0x00004006
[ 1045.002729][   T31] Call Trace:
[ 1045.029748][   T31]  <TASK>
[ 1045.032783][   T31]  __schedule+0x16a2/0x4cb0
[ 1045.055763][   T31]  ? do_raw_spin_lock+0x121/0x290
[ 1045.060901][   T31]  ? schedule+0x165/0x360
[ 1045.120421][   T31]  ? __lock_acquire+0xab9/0xd20
[ 1045.141474][   T31]  ? __pfx___schedule+0x10/0x10
[ 1045.184911][   T31]  ? schedule+0x91/0x360
[ 1045.200959][   T31]  schedule+0x165/0x360
[ 1045.211811][   T31]  __fuse_simple_request+0xf15/0x18d0
[ 1045.235685][   T31]  ? __pfx___fuse_simple_request+0x10/0x10
[ 1045.262929][   T31]  ? __pfx_autoremove_wake_function+0x10/0x10
[ 1045.302407][   T31]  ? __pfx_autoremove_wake_function+0x10/0x10
[ 1045.420915][   T31]  fuse_flush+0x5d4/0x800
[ 1045.425468][   T31]  ? __pfx_locks_remove_posix+0x10/0x10
[ 1045.431956][   T31]  ? __pfx_fuse_flush+0x10/0x10
[ 1045.437229][   T31]  ? __pfx_fuse_flush+0x10/0x10
[ 1045.442300][   T31]  filp_flush+0xba/0x190
[ 1045.447848][   T31]  filp_close+0x1d/0x40
[ 1045.452080][   T31]  __se_sys_close_range+0x359/0x650
[ 1045.458245][   T31]  ? __pfx___se_sys_close_range+0x10/0x10
[ 1045.464095][   T31]  ? rcu_is_watching+0x15/0xb0
[ 1045.469738][   T31]  ? do_syscall_64+0xbe/0x3b0
[ 1045.474920][   T31]  do_syscall_64+0xfa/0x3b0
[ 1045.480017][   T31]  ? entry_SYSCALL_64_after_hwframe+0x77/0x7f
[ 1045.493922][   T31]  ? asm_sysvec_reschedule_ipi+0x1a/0x20
[ 1045.500628][   T31]  ? clear_bhb_loop+0x60/0xb0
[ 1045.505383][   T31]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[ 1045.515701][   T31] RIP: 0033:0x7fb7af58e929
[ 1045.520909][   T31] RSP: 002b:00007ffe28e404a8 EFLAGS: 00000246 ORIG_RAX: 00000000000001b4
[ 1045.545676][   T31] RAX: ffffffffffffffda RBX: 00000000000d8140 RCX: 00007fb7af58e929
[ 1045.554703][   T31] RDX: 0000000000000000 RSI: 000000000000001e RDI: 0000000000000003
[ 1045.576369][   T31] RBP: 00007fb7af7b7ba0 R08: 0000000000000001 R09: 0000000928e4079f
[ 1045.584460][   T31] R10: 00007fb7af400000 R11: 0000000000000246 R12: 00007fb7af7b5fac
[ 1045.592963][   T31] R13: 00007fb7af7b5fa0 R14: ffffffffffffffff R15: 00007ffe28e405c0
[ 1045.601987][   T31]  </TASK>
[ 1045.605261][   T31] 
[ 1045.605261][   T31] Showing all locks held in the system:
[ 1045.670177][   T31] 1 lock held by khungtaskd/31:
[ 1045.675128][   T31]  #0: ffffffff8e13f160 (rcu_read_lock){....}-{1:3}, at: debug_show_all_locks+0x2e/0x180
[ 1045.735930][   T31] 2 locks held by kworker/1:1/44:
[ 1045.741049][   T31]  #0: ffff88801a480d48 ((wq_completion)events){+.+.}-{0:0}, at: process_scheduled_works+0x9b4/0x17b0
[ 1045.785742][   T31]  #1: ffffc90000b47bc0 (free_ipc_work){+.+.}-{0:0}, at: process_scheduled_works+0x9ef/0x17b0
[ 1045.825719][   T31] 4 locks held by kworker/u8:4/64:
[ 1045.830931][   T31]  #0: ffff88801a489148 ((wq_completion)events_unbound){+.+.}-{0:0}, at: process_scheduled_works+0x9b4/0x17b0
[ 1045.901440][   T31]  #1: ffffc9000213fbc0 ((linkwatch_work).work){+.+.}-{0:0}, at: process_scheduled_works+0x9ef/0x17b0
[ 1045.935770][   T31]  #2: ffffffff8f50b548 (rtnl_mutex){+.+.}-{4:4}, at: linkwatch_event+0xe/0x60
[ 1045.944874][   T31]  #3: ffffffff8e144c78 (rcu_state.exp_mutex){+.+.}-{4:4}, at: synchronize_rcu_expedited+0x3b9/0x730
[ 1045.995734][   T31] 3 locks held by kworker/u8:5/771:
[ 1046.001007][   T31]  #0: ffff888144af5948 ((wq_completion)iou_exit){+.+.}-{0:0}, at: process_scheduled_works+0x9b4/0x17b0
[ 1046.055990][   T31]  #1: ffffc90003807bc0 ((work_completion)(&ctx->exit_work)){+.+.}-{0:0}, at: process_scheduled_works+0x9ef/0x17b0
[ 1046.095766][   T31]  #2: ffffffff8e144c78 (rcu_state.exp_mutex){+.+.}-{4:4}, at: synchronize_rcu_expedited+0x3b9/0x730
[ 1046.123980][   T31] 2 locks held by getty/5599:
[ 1046.145788][   T31]  #0: ffff8880331780a0 (&tty->ldisc_sem){++++}-{0:0}, at: tty_ldisc_ref_wait+0x25/0x70
[ 1046.175761][   T31]  #1: ffffc9000333b2f0 (&ldata->atomic_read_lock){+.+.}-{4:4}, at: n_tty_read+0x43e/0x1400
[ 1046.206058][   T31] 1 lock held by syz.2.2194/15852:
[ 1046.223725][   T31] 1 lock held by cmp/15892:
[ 1046.245704][   T31] 
[ 1046.248104][   T31] =============================================
[ 1046.248104][   T31] 
[ 1046.285741][   T31] NMI backtrace for cpu 0
[ 1046.285764][   T31] CPU: 0 UID: 0 PID: 31 Comm: khungtaskd Not tainted 6.16.0-rc5-syzkaller-00053-g8c2e52ebbe88 #0 PREEMPT(full) 
[ 1046.285790][   T31] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025
[ 1046.285804][   T31] Call Trace:
[ 1046.285812][   T31]  <TASK>
[ 1046.285820][   T31]  dump_stack_lvl+0x189/0x250
[ 1046.285848][   T31]  ? __wake_up_klogd+0xd9/0x110
[ 1046.285879][   T31]  ? __pfx_dump_stack_lvl+0x10/0x10
[ 1046.285902][   T31]  ? __pfx__printk+0x10/0x10
[ 1046.285943][   T31]  nmi_cpu_backtrace+0x39e/0x3d0
[ 1046.285975][   T31]  ? __pfx_nmi_cpu_backtrace+0x10/0x10
[ 1046.285999][   T31]  ? _printk+0xcf/0x120
[ 1046.286031][   T31]  ? __pfx__printk+0x10/0x10
[ 1046.286061][   T31]  ? __pfx_nmi_raise_cpu_backtrace+0x10/0x10
[ 1046.286096][   T31]  nmi_trigger_cpumask_backtrace+0x17a/0x300
[ 1046.286127][   T31]  watchdog+0xfee/0x1030
[ 1046.286161][   T31]  ? watchdog+0x1de/0x1030
[ 1046.286201][   T31]  kthread+0x711/0x8a0
[ 1046.286233][   T31]  ? __pfx_watchdog+0x10/0x10
[ 1046.286263][   T31]  ? __pfx_kthread+0x10/0x10
[ 1046.286293][   T31]  ? _raw_spin_unlock_irq+0x23/0x50
[ 1046.286323][   T31]  ? lockdep_hardirqs_on+0x9c/0x150
[ 1046.286351][   T31]  ? __pfx_kthread+0x10/0x10
[ 1046.286379][   T31]  ret_from_fork+0x3f9/0x770
[ 1046.286411][   T31]  ? __pfx_ret_from_fork+0x10/0x10
[ 1046.286439][   T31]  ? __switch_to_asm+0x39/0x70
[ 1046.286464][   T31]  ? __switch_to_asm+0x33/0x70
[ 1046.286488][   T31]  ? __pfx_kthread+0x10/0x10
[ 1046.286516][   T31]  ret_from_fork_asm+0x1a/0x30
[ 1046.286560][   T31]  </TASK>
[ 1046.286569][   T31] Sending NMI from CPU 0 to CPUs 1:
[ 1046.347353][T13642] Bluetooth: hci0: command tx timeout
[ 1046.349596][    C1] NMI backtrace for cpu 1
[ 1046.349612][    C1] CPU: 1 UID: 0 PID: 13642 Comm: kworker/u9:2 Not tainted 6.16.0-rc5-syzkaller-00053-g8c2e52ebbe88 #0 PREEMPT(full) 
[ 1046.349634][    C1] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025
[ 1046.349646][    C1] Workqueue: hci0 hci_cmd_timeout
[ 1046.349689][    C1] RIP: 0010:io_serial_out+0x7c/0xc0
[ 1046.349715][    C1] Code: c2 7f fc 44 89 f9 d3 e5 49 83 c6 40 4c 89 f0 48 c1 e8 03 42 80 3c 20 00 74 08 4c 89 f7 e8 8c 1a e1 fc 41 03 2e 89 d8 89 ea ee <5b> 41 5c 41 5e 41 5f 5d e9 97 6f 2a 06 cc 44 89 f9 80 e1 07 38 c1
[ 1046.349730][    C1] RSP: 0018:ffffc9000b52f310 EFLAGS: 00000002
[ 1046.349746][    C1] RAX: 000000000000005b RBX: 000000000000005b RCX: 0000000000000000
[ 1046.349757][    C1] RDX: 00000000000003f8 RSI: 0000000000000000 RDI: 0000000000000020
[ 1046.349768][    C1] RBP: 00000000000003f8 R08: ffff888024d70237 R09: 1ffff110049ae046
[ 1046.349781][    C1] R10: dffffc0000000000 R11: ffffffff85406240 R12: dffffc0000000000
[ 1046.349795][    C1] R13: ffffffff99ac5881 R14: ffffffff99dca4a0 R15: 0000000000000000
[ 1046.349808][    C1] FS:  0000000000000000(0000) GS:ffff888125d4f000(0000) knlGS:0000000000000000
[ 1046.349823][    C1] CS:  0010 DS: 0000 ES: 0000 CR0: 0000000080050033
[ 1046.349835][    C1] CR2: 00007fd5815fb6b0 CR3: 0000000032c1a000 CR4: 00000000003526f0
[ 1046.349851][    C1] Call Trace:
[ 1046.349858][    C1]  <TASK>
[ 1046.349869][    C1]  serial8250_console_write+0x140d/0x1ba0
[ 1046.349899][    C1]  ? __lock_acquire+0xab9/0xd20
[ 1046.349916][    C1]  ? __pfx_serial8250_console_write+0x10/0x10
[ 1046.349940][    C1]  ? console_flush_all+0x13a/0xc40
[ 1046.349964][    C1]  ? console_flush_all+0x13a/0xc40
[ 1046.349990][    C1]  ? do_raw_spin_unlock+0x122/0x240
[ 1046.350012][    C1]  ? console_flush_all+0x13a/0xc40
[ 1046.350033][    C1]  ? console_flush_all+0x13a/0xc40
[ 1046.350057][    C1]  console_flush_all+0x728/0xc40
[ 1046.350082][    C1]  ? console_flush_all+0x13a/0xc40
[ 1046.350108][    C1]  ? __pfx_console_flush_all+0x10/0x10
[ 1046.350137][    C1]  ? is_printk_cpu_sync_owner+0x32/0x40
[ 1046.350165][    C1]  console_unlock+0xc4/0x270
[ 1046.350187][    C1]  ? __pfx_console_unlock+0x10/0x10
[ 1046.350209][    C1]  ? vprintk_emit+0x444/0x7a0
[ 1046.350228][    C1]  ? vprintk_emit+0x444/0x7a0
[ 1046.350249][    C1]  vprintk_emit+0x5b7/0x7a0
[ 1046.350267][    C1]  ? vprintk_emit+0x444/0x7a0
[ 1046.350288][    C1]  ? __pfx_vprintk_emit+0x10/0x10
[ 1046.350312][    C1]  ? kvm_sched_clock_read+0x11/0x20
[ 1046.350339][    C1]  ? sched_clock_cpu+0x74/0x430
[ 1046.350361][    C1]  _printk+0xcf/0x120
[ 1046.350386][    C1]  ? __pfx__printk+0x10/0x10
[ 1046.350408][    C1]  ? do_raw_spin_lock+0x121/0x290
[ 1046.350430][    C1]  ? look_up_lock_class+0x74/0x170
[ 1046.350460][    C1]  bt_err+0x10b/0x160
[ 1046.350476][    C1]  ? __lock_acquire+0xab9/0xd20
[ 1046.350494][    C1]  ? __pfx_bt_err+0x10/0x10
[ 1046.350518][    C1]  hci_cmd_timeout+0xff/0x1e0
[ 1046.350544][    C1]  ? process_scheduled_works+0x9ef/0x17b0
[ 1046.350563][    C1]  process_scheduled_works+0xade/0x17b0
[ 1046.350599][    C1]  ? __pfx_process_scheduled_works+0x10/0x10
[ 1046.350627][    C1]  worker_thread+0x8a0/0xda0
[ 1046.350648][    C1]  ? __pfx__raw_spin_unlock_irqrestore+0x10/0x10
[ 1046.350683][    C1]  ? __kthread_parkme+0x7b/0x200
[ 1046.350709][    C1]  kthread+0x711/0x8a0
[ 1046.350734][    C1]  ? __pfx_worker_thread+0x10/0x10
[ 1046.350753][    C1]  ? __pfx_kthread+0x10/0x10
[ 1046.350776][    C1]  ? _raw_spin_unlock_irq+0x23/0x50
[ 1046.350800][    C1]  ? lockdep_hardirqs_on+0x9c/0x150
[ 1046.350823][    C1]  ? __pfx_kthread+0x10/0x10
[ 1046.350846][    C1]  ret_from_fork+0x3f9/0x770
[ 1046.350865][    C1]  ? __pfx_ret_from_fork+0x10/0x10
[ 1046.350885][    C1]  ? __switch_to_asm+0x39/0x70
[ 1046.350907][    C1]  ? __switch_to_asm+0x33/0x70
[ 1046.350927][    C1]  ? __pfx_kthread+0x10/0x10
[ 1046.350950][    C1]  ret_from_fork_asm+0x1a/0x30
[ 1046.350980][    C1]  </TASK>
[ 1046.605803][   T31] Kernel panic - not syncing: hung_task: blocked tasks
[ 1046.605838][   T31] CPU: 0 UID: 0 PID: 31 Comm: khungtaskd Not tainted 6.16.0-rc5-syzkaller-00053-g8c2e52ebbe88 #0 PREEMPT(full) 
[ 1046.605868][   T31] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025
[ 1046.605886][   T31] Call Trace:
[ 1046.605897][   T31]  <TASK>
[ 1046.605909][   T31]  dump_stack_lvl+0x99/0x250
[ 1046.605945][   T31]  ? __asan_memcpy+0x40/0x70
[ 1046.605976][   T31]  ? __pfx_dump_stack_lvl+0x10/0x10
[ 1046.606004][   T31]  ? __pfx__printk+0x10/0x10
[ 1046.606052][   T31]  panic+0x2db/0x790
[ 1046.606088][   T31]  ? __pfx_panic+0x10/0x10
[ 1046.606114][   T31]  ? nmi_backtrace_stall_check+0x433/0x440
[ 1046.606150][   T31]  ? preempt_schedule_thunk+0x16/0x30
[ 1046.606188][   T31]  ? nmi_trigger_cpumask_backtrace+0x2b6/0x300
[ 1046.606231][   T31]  watchdog+0x102d/0x1030
[ 1046.606269][   T31]  ? watchdog+0x1de/0x1030
[ 1046.606316][   T31]  kthread+0x711/0x8a0
[ 1046.606361][   T31]  ? __pfx_watchdog+0x10/0x10
[ 1046.606396][   T31]  ? __pfx_kthread+0x10/0x10
[ 1046.606431][   T31]  ? _raw_spin_unlock_irq+0x23/0x50
[ 1046.606465][   T31]  ? lockdep_hardirqs_on+0x9c/0x150
[ 1046.606498][   T31]  ? __pfx_kthread+0x10/0x10
[ 1046.606533][   T31]  ret_from_fork+0x3f9/0x770
[ 1046.606562][   T31]  ? __pfx_ret_from_fork+0x10/0x10
[ 1046.606593][   T31]  ? __switch_to_asm+0x39/0x70
[ 1046.606623][   T31]  ? __switch_to_asm+0x33/0x70
[ 1046.606651][   T31]  ? __pfx_kthread+0x10/0x10
[ 1046.606684][   T31]  ret_from_fork_asm+0x1a/0x30
[ 1046.606735][   T31]  </TASK>
[ 1046.609560][   T31] Kernel Offset: disabled