last executing test programs:

10m58.13011795s ago: executing program 3 (id=2624):
socketpair$unix(0x1, 0x3, 0x0, &(0x7f0000000080)={<r0=>0xffffffffffffffff, <r1=>0xffffffffffffffff})
connect$unix(r0, &(0x7f000057eff8)=@abs, 0x6e)
sendmmsg$unix(r1, &(0x7f00000bd000), 0x318, 0x0)
recvmmsg(r0, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
madvise(&(0x7f0000000000/0x4000)=nil, 0x0, 0x12)
syz_genetlink_get_family_id$ethtool(0x0, 0xffffffffffffffff)
sched_setattr(0x0, &(0x7f0000000280)={0x38, 0x5, 0x8, 0x8001, 0x0, 0x9, 0x0, 0xfffffe0000000001, 0xfa11, 0xffffffff}, 0x0)
madvise(&(0x7f0000a93000/0x4000)=nil, 0x4000, 0xe)
mremap(&(0x7f0000a96000/0x1000)=nil, 0x1000, 0x800000, 0x3, &(0x7f0000130000/0x800000)=nil)
prctl$PR_SET_IO_FLUSHER(0x43, 0x1)
prctl$PR_SET_IO_FLUSHER(0x43, 0x0)
r2 = creat(&(0x7f0000000100)='./file0\x00', 0xecf86c37d5304994)
write$binfmt_script(r2, &(0x7f00000002c0)={'#! ', './file0', [], 0xa, "1f410e2852ad52cb07410969e814977e4f2c4a80522094786c8673fb61cf8b86bd030000005a3c7c04055f1f70e4064d46b2bb9e5100d446bb6afb2c0fc07b58f4a9c1006a0b6c05639e23ec12979ff9b48ca61e6dec58682449c75d86eb4337b8d343ed9c18927289d3d788fa281a5742690ff5a505cfff34fc1503afbfd2d44b50e4ca119f67b2890064d83a34eae5f4e64ae0c7c124730f21dcbc2d36ade1464efc381735512e000bc2b08cd6d659d3cfb1f79688235dd8"}, 0xc4)
bpf$PROG_LOAD(0x5, &(0x7f00000017c0)={0x1, 0xe, &(0x7f0000000380)=ANY=[@ANYBLOB="b700000012edfffebfa30000000000000703000028feffff7a0af0fff8ffffff61a4f0ff000000003e040000000000005d000000000000000704000012da0aff2500000017ffffffae040000000000007b0a00fe000000006e04000000000000c6000000000000009500000000000000023bc065b7a379d17cf9333379fc9e84af69912435f1b6a693002e7f3be3619184a0b139d8d4209c8ef1e50b91f32050e436fe275daf51efd601b6482a0800000098efd2a102ee010400006e7a1de4a21f379dbf01de00b1b564fef3bef70548aed0d600c095199fe3ff3128e599b0eaebbdbd7359a48f5b0afc532ef58de3c1b7646cb7798b3e6440c2fbdb00a3e35208b0bbf12cd8dff095edc710e4000000000000009fbe4b61a615c6c57a2b649dc74a1a610643b08d9ec21ead2ed51b104d4d91af25b8123deda8a3658d42ecbf28bf6d8e8afcb913466aaa7f6df70252e79166d8582755a314d31a76e42f2460d0b11008e59a5923906f88b53987ad1714e72ba7a54f0800000000000000d5f728d236619074d6ebdf098bc908f50ae728a40f9411fe7226a4040b96e37c4f46010400000000c3da29faf75ddd1aa96960bca97af133824b881cc1f62c0f8f8f0e8d76b86f9c45636614786f5a2cb77230a874640dcbe0b20bb77c022d4cab080078fce8c5c81b7037181fc2f18f781aaa6e2957d7e39cc1baddcb7ec6667e699f24e41697ee7ea23e4b29a8b6cc9a1f5a7b3caae05f13792292cb949b3aab06b1e042ff2164d80c605532b18ab1c156b97e5889685a96949e4cb40df77b8bb84b0e733a63784ccc214d930cbb7e090df9a2867b3acec439c163fc8706869ada11390d4dbcf840fa68e7d7071b53ac29df826f8ae6d6e18c1eacf5bf870768d5217e9bb5a05d9e224e67f1231bd236ed200073824d93c4e1a0f50a74bb4850486727d970acc546087acbf30f2f8165b47ba56dfadd14b306e98931485747292c6fe6e188750cf4f87cce2aa7d67c7133a9f05954cde298a35ea6d715ba80aee63300000000000000000000000000000000000040000000000000000386000000b854adb4f8080064e8407c6bdb37114c80fbaa4a0ec5aaf4b0ac6f2128668279eb6fc144344e2d461c9a1be8fa0061ea9d55ee4716bea8e1cebf9ed39325ab4c5530dd6ee9fffc00000000000000d7c5af73c683625aaad5eda5004a76c9f8975ed4c5e4eb3e77e9885f69754932609f19e2f615a01cb6d17fbf5cb539403cb0572534f054d5514ad8264f7b029b2bdf2ca4958a62a6e744f9a4c1e646e1dd2ca19583f0f8b0dc53debd7d44f334e6ed7445a9580f970e483b307c4b3c018bc194b23d37e6a2e52d8288e5aab6fec586d52386e8c07a88c88e8faec5f1b16b2014f6952ce7d6be12c6bdb9651ca6fc907061be311d1354e6295698594a73136237bee068d3819400e43544830a3f74b7942f22336953978a5b2032da4238cc61162c04c1297395b73e18c9387615a2bc87d9e2445f3d323d3fac347926a4bac694c55fe9d145906d410f58f1951405d10504efe402cae085afef5dbd617e87ddbd239e4a50d7eb8e327fb5db12cbd6a9efe8e671c4f251cafffe3400a670d14b9b3cd8d86e492997a0168c022ef3536bd1dc731f4f9f8cb6c3857fb8aaaa95024f8da775f72950212b84fc6133ae14d1429cd4905dabb52e43af7e65acf97b4951fa1e967d16a5ed642efc855a4a46b85cd079934ad3188276efae9387eaa232697526e24b5d4fded86c3811ccd00520150b16000080122965558074956da5e4c3bbefcb64aa8be4456ed2caf0f467b6bbf3aa4371f5e76ab3f60afea80bb066aafb7517f787b090f419a20278a3c779e03afd9a6af6fd518e5dce030f88ec5a5cb7601a161da0f80893220800c523040d13e1f1300c2c6555bce60d95dd3288e53435713f03add23f14c8db5555c62de4f626483632a2ab547f88dd6efec73a0271a19ca3aa860aa4dcaeeb9bd91a0cb429efae2a5fcc08b3a572969bbe917d1767e38ba49e3e57fafea83e495a6a1d1a4ebf83434986091dd66ffe3ffed0c39552a312e2db596d9c827e02f6fc13c8ddbb50bfd7dd8aa2f35f259fc83e007fe79d2d25e30830b92fca00a292dd3b856faa4b7e66e1b64505f65900839df71a97d4d07d37f7ecf8ed9a22da26ae674bba16c204f6b2f8f74fc56b7126d7c11ece6e88ec41192aaee75415c58d264a2b6adae02c821b62428902aad499825ab85a348638384cd12e61dbde5c47056f0a20b4e2a2328d5db5cfe56557a129e6be231acf5f57995c60d9fca5f63a0dfd18054717120bda466d04774b53208ad8b022719ca77a4e0a66b4708f791d849a5e2aaa0074a9560ede2600df5a5c41392fe9460080fcb1e65233fb8dbeec4c86dbcf6a0673e38d2d3615e5bfbde44afe0fa7564231fff7e7f1f3ad68492dd2ccb1decb15b5d7d3e37e8b7d28921c4b9280979521173f322df408d9818b6cc400098abb869921911480a876fbba698801937e8b4264eb6f5137bdaa075f1488d22230592a79000000000000000000000000000000000000000000110000000000000000000000000000000000000000000000000000000000000000002f316aa0886c174b73decb46c1c85edf50d8fcbac5ff76b365611666da86a8e65b308706bd7c000000000000003f7cd4d5cb9076b81b7741ec03877afb5237ea1694addebc14c3ae49f88c462ea2050acf2d9a97d3be29a5614d1eba2c98cf0236401e02d7c445e50f76419ab4f78f67a09e63dd4faa2e7b59399f055f2fa278783f26d0a52aefb0a5ef0b41e14a6fe6b8306206670b84894e901a523fcbadfeff535f2514bc834e876810d9a6a78e70a9e22860c36a724770b4185de44db6bf21fef32a8d5b36d9014f38fee012365f963b2a85e7d8075c333475b9f0284405e3127dde7e41285fbe0bdd370c06c6a41744c3d24eab511317f97b7b4a1c2ec33fedc46e9bf0fa640eebd3d58f0ebdb7cb8ccffd6d6ab7e0e843591d2618e2d2cdc7081c8fafffe9c3500800000087de4ee7aac6478d99de7dd82bef044a6d33c789d566c90c46ad581aa22f910547a77d55e26bf19f1d4661550b177ef53933a305e69b8a95119dcf5bda599d625054776151b2cd1fcde238bdc527594a6c17aa9728af24e2bb7a3830e7092b01b119ea4e7e7f0e21527d622cc29c9f0c8720195368f8374337ab4d130619d93c5ef37e7ddd0b2da147e6e513455b88753452de959a6cbfa1ffbc7ad5d8c3b48017fd31dcf72f337b639253f44cb27a12174bc4c191e21015d0c431a71906eb9c6a14c8a060459ef26787ce3d1cbfd5cc459f0048b5d06f6cbd3e9b34c89f3fb2f951ae81d7fcc8bc0000000000000000000000000000000000000000009231feef3117197c796369f776c8b2ea3970f358107945d9e74e9bdfa58e68b65a9201bc4b73b431df5aa29f363917f90e3fa1eaf553db1c761dd9b634a9c4d7c21d24fe6d953ed9438cad0f8dfe03e5e2f73019352f1fb682a5a6ebbf24ebc49e3d7058e696eb3f4b642f36c9006c0067e24a64aa8c53dd824a4ee271e35ed90000800847683c08bfda74a143c855030ae004ac797c575c202d8091eb77565212548ead770d680000000000"], &(0x7f00000001c0)='GPL\x00'}, 0x48)
write$FUSE_NOTIFY_STORE(r2, &(0x7f0000000040)=ANY=[@ANYBLOB], 0x28)
close(r2)
execve(&(0x7f0000000000)='./file0\x00', 0x0, 0x0)
madvise(&(0x7f0000000000/0x600000)=nil, 0x600002, 0x9)
r3 = bpf$MAP_CREATE(0x0, &(0x7f0000000dc0)=ANY=[@ANYBLOB="1e05efd30e000000100000000200000000030000", @ANYRES32=r2, @ANYBLOB="0100"/20, @ANYRES32=r2, @ANYRES32=r2, @ANYBLOB="0200000004000000020000000b00"/28], 0x50)
bpf$MAP_UPDATE_BATCH(0x1a, &(0x7f0000000300)={0xffffffffffffffff, 0x0, &(0x7f00000000c0), &(0x7f0000000240), 0x800, r3}, 0x38)
mkdirat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000000)='./cgroup/syz0\x00', 0x1ff)
syz_genetlink_get_family_id$nl80211(&(0x7f00000000c0), r2)
munmap(&(0x7f00003aa000/0xe000)=nil, 0xe000)
r4 = openat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000000), 0x200002, 0x0)
recvmmsg$unix(0xffffffffffffffff, &(0x7f0000003940)=[{{&(0x7f0000000e40), 0x6e, &(0x7f0000000240)=[{&(0x7f0000000ec0)=""/98, 0x62}, {&(0x7f0000000f40)=""/154, 0x9a}], 0x2}}, {{&(0x7f0000001000)=@abs, 0x6e, &(0x7f00000011c0)=[{&(0x7f0000001080)=""/35, 0x23}, {&(0x7f00000010c0)=""/27, 0x1b}, {&(0x7f0000001100)=""/33, 0x21}, {&(0x7f0000001140)=""/105, 0x69}], 0x4}}, {{&(0x7f0000001200), 0x6e, &(0x7f00000019c0)=[{&(0x7f0000001280)=""/184, 0xb8}, {&(0x7f0000001340)=""/93, 0x5d}, {&(0x7f00000013c0)=""/24, 0x18}, {&(0x7f0000001400)=""/76, 0x4c}, {&(0x7f0000001480)=""/4, 0x4}, {&(0x7f00000014c0)=""/219, 0xdb}, {&(0x7f00000015c0)=""/208, 0xd0}, {&(0x7f00000016c0)=""/247, 0xf7}, {&(0x7f0000001880)=""/1, 0x1}, {&(0x7f00000018c0)=""/218, 0xda}], 0xa, &(0x7f0000001a40)=[@rights={{0x14, 0x1, 0x1, [0xffffffffffffffff, 0xffffffffffffffff]}}], 0x14}}, {{0x0, 0x0, &(0x7f0000002140)=[{&(0x7f0000001a80)=""/117, 0x75}, {&(0x7f0000001b00)=""/183, 0xb7}, {&(0x7f0000001bc0)=""/75, 0x4b}, {&(0x7f0000001c40)=""/75, 0x4b}, {&(0x7f0000001cc0)=""/250, 0xfa}, {&(0x7f0000001dc0)=""/19, 0x13}, {&(0x7f0000001e00)=""/69, 0x45}, {&(0x7f0000001e80)=""/253, 0xfd}, {&(0x7f0000001f80)=""/146, 0x92}, {&(0x7f0000002040)=""/198, 0xc6}], 0xa, &(0x7f00000021c0)=[@cred={{0x18}}, @rights={{0x18, 0x1, 0x1, [0xffffffffffffffff, 0xffffffffffffffff, 0xffffffffffffffff]}}, @rights={{0x24, 0x1, 0x1, [0xffffffffffffffff, 0xffffffffffffffff, 0xffffffffffffffff, 0xffffffffffffffff, 0xffffffffffffffff, 0xffffffffffffffff]}}, @rights={{0x34, 0x1, 0x1, [0xffffffffffffffff, 0xffffffffffffffff, 0xffffffffffffffff, 0xffffffffffffffff, 0xffffffffffffffff, 0xffffffffffffffff, 0xffffffffffffffff, 0xffffffffffffffff, 0xffffffffffffffff, 0xffffffffffffffff]}}, @rights={{0x18, 0x1, 0x1, [0xffffffffffffffff, 0xffffffffffffffff, 0xffffffffffffffff]}}], 0xa0}}, {{&(0x7f0000002280)=@abs, 0x6e, &(0x7f0000002480)=[{&(0x7f0000002300)=""/210, 0xd2}, {&(0x7f0000002400)=""/119, 0x77}], 0x2}}], 0x5, 0x10000, &(0x7f0000003a40))
r5 = openat$cgroup_ro(r4, &(0x7f0000000040)='cgroup.freeze\x00', 0x275a, 0x0)
write$cgroup_int(r5, &(0x7f0000000200)=0x1, 0x12)
write$cgroup_pid(r5, &(0x7f0000000140), 0x12)
syz_usb_connect(0x2, 0x2d, &(0x7f0000000000)=ANY=[@ANYBLOB="120100007e3dc410cd0621013ddd0102030109021b00010009400009048500"], 0x0)

10m54.010088713s ago: executing program 3 (id=2631):
pipe2(&(0x7f0000000040), 0x0)
openat$kvm(0x0, &(0x7f00000000c0), 0x800, 0x0)
r0 = syz_open_dev$tty1(0xc, 0x4, 0x2)
r1 = dup(r0)
ioctl$TCSETSW2(r1, 0x402c542c, &(0x7f0000000040)={0x1, 0x6, 0x1, 0x7f, 0xdf, "faace8761b2fdf0df5c2ff0656b0f378122d1b", 0x9, 0x3})
socket$kcm(0x10, 0x6, 0x0)
madvise(&(0x7f0000000000/0x800000)=nil, 0x800000, 0xe)
socketpair$unix(0x1, 0x3, 0x0, &(0x7f0000000080)={<r2=>0xffffffffffffffff, <r3=>0xffffffffffffffff})
connect$unix(r2, &(0x7f00000002c0)=@file={0x0, './file0\x00'}, 0x6e)
sendmmsg$unix(r3, &(0x7f00000bd000), 0x318, 0x0)
recvmmsg(r2, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
r4 = syz_open_procfs(0x0, &(0x7f0000000000)='ns\x00')
prctl$PR_SET_NAME(0x4, 0x0)
fstat(r4, &(0x7f0000000340))
sched_setattr(0x0, &(0x7f0000000280)={0x38, 0x5, 0x8, 0x1, 0x4, 0x9, 0xffffffffffffffff, 0x6, 0xfa11, 0x2c7}, 0x0)
madvise(&(0x7f0000a93000/0x4000)=nil, 0x4000, 0x80000000e)
r5 = syz_open_dev$video(&(0x7f0000000000), 0x101, 0xab02)
ioctl$VIDIOC_S_INPUT(r5, 0xc0045627, &(0x7f0000000180)=0x1)
ioctl$VIDIOC_S_CROP(r5, 0x4014563c, &(0x7f0000000040)={0x9, {0xf8001004, 0x9, 0x6, 0x80b}})
write$UHID_INPUT(r1, &(0x7f0000002080)={0xc, {"a2e3ad21ed0d52f91b5d390987f70e06d038e7ff7fc6e5539b3247298b089b070d356e090890e0878f0e1ac6e7049b334a959bfc9a240d2567f3988f7ef319520100ffe8d178708c523c921b1b9b31070d075d0936cd3b78130daa61d8e809ea882f5802b77f07227227b7ba67e0e78657a6f5c2a874e62a9ccdc0d31a0c9f318c0da1993bd160e233df4a62179c6f30e065cd5b91cd0ae193973735b36d5b1b63dd1c00305d3f46635eb056d5b1dda98e2d749be7bd1df1fb3b231fdcdb5075a9aaa1b469c3090000000000000075271b286329d169934288fd789aa37d6e98b224fd44b65b31334ffc55cc82cd3ac32ecdb08ced6f9081b4dd0d8b38f3cd4498be0800000000000000f6b76383709d8f5c55432a909fda039aec54a1236e80f6a8abadea7662496bddbb42be6bfb2f17959d1f416e56c71b1931870262f5e801119242ca026bfc821e7e7daf2451138e645bb80c617669314e2fbe70de98ec76a9e40dad47f36fd9f7d0d42a4b5f1185ccdcf16ff46295d8a0fa17713c5802630933a9a34af674f3f39fe23491237c08822dec110911e893d0a8c4f677747abc360934b82910ff85bfd995083bba2987a67399eac427d145d546a40b9f6ff14ac488ec130fb3850a27af9544ae15a7e454dea05918b41243513f000000000000000a3621c56cea8d20fa911a0c41db6efcffac64f17679141d54b34bbc9963ac4f4bb3309603f1d4ab966203861b5b15a841f2b575a8bd0d78248ebe4d9a80002695104f674c2431dca141fae269cab70e9a66f3c3a9a63e9639e1f59c0ec126c6b5d74b078a5e15c31634e5ae098ce9ee70771aaa18119a867e1088334975e9f73483b6a62fa678ca14ffd9f9db2a7869d85864056526f889af43a6056080572286522449df466c632b3570243f989cce3803f465e41e610c20d80421d653a5520000008213b704c7fb082ff27590678ef9f190bae97909507041d860420c5664b27921b14dc1db8892fd32d0ad7bc946813591ad8deff4b05f60cea0da7710ac0000000000008000bea37ce0d0d4aa202f928f28381aab144a5d429a04a6a2b8247068ae949ed06e288e810bac9c76600025e19c907f8ea2e2010000008271a1f5f8528f227e79c1389dbdfffe492f21579d2c15b8c70cdb1c332d86d87341432750861ec2bc3451edca194b221cfec4603d276bbaa1dfa6d4fb8a48a76eafc9a9a0270e4c10d64cd5a62427264f2377fe763c43470833ac96c45f357cbbaba8f1b1fdcc7cbb61a7cdb9744ed7f9129aede2be21ccfdc4e9134f8684b3a4f354da9a795e96334e207dff70f1988037b2ed3aaf575c0b88d8f146684078416d59fdee5325928974d12dad99dac44c3f0008047096a44002bebc2420aed92fa9b6578b4779415d97b9a6d6d5495c198045651cf4778efa5ea5677747430af4162b987b80c3e001cd34e5c92f76cc4c24eeb8bc4e9ac2aed9e53803ed0ca4ae3a9737d214060005ea6f1783e287b3bee96e3a726eafe2fdfaa78d1f48c13b64df07847754b8400daaa69bf5c8f4350aeae9ca1207e78283cd0b20ceb360c7e658828163e2d25c4aa348561f927e88f63aa70e73a5e69b3df3495903f06572e1e007fa55a2999f596d067312f5779e8dbfdcf3427138f3d444d2639a10477f9bec4b0bbb6e3c04be68981f392203dd0ee3ef478e16dacfc5e3e03cf7ab8e3902f1b0ff034ef655b253ca509383815b1b6fc6522d4e4fdc11a48cf42d48604675fde2b94cf00500a2690891abf8ab9c015073014d9e08d4338b8780bdecd436cf0541359bafffa45237f104b96210403b2de9efed496f42355bc7872c827467cfa5c4e72730d56bd068ed211cf847535edecb7b373f78b095b68441a34cb51682a8ae4d24ad0465f3927f889b813076038e79a7962fb385a882e8020f06c4c2ba1dd5cac7c18876da865d258734dd73583df292892448039ef799cf0630becdcce04579b5561dc825ab829827945e020c1f67ee615feb6243378e0610060f02cca4e91b2f001edb3d78fb4b55668dda93aec92a5de203717aa49c2d284acfabe262fccfcbb2b75a2183c46eb65ca8104e1b4da7fbb77ab2fc043aead87c32ab875ee7c2e7b7019c982cd3b43eaeb1a5fb135c0c7dcee8fe6516a328032f88c042891824659e9e94265c803b35ee5f83a2b210520106b8a358b50ab7a1fa89af9c251fe5294b3d1802d5676d95f160ec97b1ad94872cb2044642c37b4a6cc6c04effc1672db7e4b68d787d9a7a508ae54b3cd7369dde50e8c77d95a3d361c040babb171607caac2a3559ad4f75465f49c0d0ae3716db6e00cb11db4a5fade2a57c10238e204a67737c3b42aae501b20f7694a00f16e2d0174035a2c22656dc29880acebdbe8ddbd75c2f998d8ac2dfad2ba3a504767b6b45a45957f24d758ed024b3849c11d412a2a03b4047497022d9c30e23ef4df5c89644f48bb536f7945b59d7beddff754413d135273ea8e75f22f216c6b9990ae71806f2c00b4025c48b75c0f73cdb9a7b8fa367b50028067e7f16f4dd569d462f4f19eacdb3ed70eeebb4483f8fd777d443e8b40426db6fe29068c0ca3d2414442e8f3a154704b0e51bc664a137b26be719f4f7c9a5678a674dfc95df80b9ce375dd649c8c704e509bd88c8e63d8c7dd67071115c8982ba46af4d6adcc9f68a75b9397b035153faf46366e7205dd8d6f37525c1a0e94610dd94323f6c15d085197149bfd6655548cfd9c5409711937f79abb1a124f1210465483cd3b2d78378cfb85ed82e7da0f6eb6d279f2ae455925d0f6f1ba571eba281f2a654fb39ddff3b484439ff158e7c5419e037f3e3ad038f2211f1033195563c7f93cd54b9094f226e783271e1e5a2a2c10712eab625d64931cd4ffe6738d97b9b5ef828ee9fb059fc01af0e79c1e14b1d25988c69a399567c1d93768f7971d31488b8658a20878b7c1dd7ba02fc42939dde3d4a3339a65d507dc59c51097b40517705da56e9ebf0afa53282bf86dbb58c548069ff6eb95aade7cc66d7bbef724779ca1f731b3346ff177050373d79ff7b3e7f9bc0c1b4b266a8878b90baaa039d3e3b63979ac3df6e6f4859afd50238c7547a39b60810938044ae185d2ba3e00a4e73676864ae090d81eaee5ee6cf1d0ab378dd4dd891e937c2ea5410e0513005000000000000003911fab964c271550027697b52160687461602f88df165d884b36ec2b6c25a2f33c715687e9d4afb96d6861aca47da73d6f3144345f48843dd014e5c5ad8fe995754bd9cf32fce1e24919c4b2082fb0a30b9deae84bed4b28045634073c9c58c89d9e99c81769177c6d594f88a4facfd4c735a20307c737afae5136651b1b9bd522d60399473296b831dbd933d93994ba3064279b10ea0c5833f41f157ea2302993dbe433b1aa3a3766d5439020484f4113c4c859465c3b415c3432f81db8719539d5bf3f2aaaea1cc43a6c5cbe59758bfee2916580dac4b008e595f437491d87abed02cefcd9db53d94d02dae17b118e5d6787463183b4b87c1050000002f7809959bc048850613d17ca51055f2f416a44fe180d2d50c312cca7cb14a2bdc331f57a9817139a206fc76957227ffff2de20a4b8e3737fbb42913777c06376f799eba367e21f94ca598705f5dcb767d6f0900d6b0f6095e53c4c4234d0c1fbe434f6ab8f43c0013ee93b83946ee7759e89d7bdd1a32d7b311711b757fe43c06d21a35810d8fe98b27faea8aa12bc8716eefc5c97c45ac33eeec964c5214bc3a9359bdea1cccab94f15e36319cb34ebcacedb82c2ed3de5a8a8f0011e8f74e82d7f96093530e76692839d7961939adfdeeeaff19d11efcafb6d546fef271e89d6cc2389e81ff58cefcce3fbf4625a7e7de40e42e07b34449e15e065cc7348663a52190202c7af288a4510de03dab19d26285eda89156d50dd385a60333ba5bbf5d77cd7007ad1519ad5470de3dd6d6080cafccf8a97406bb6b68a1f0c4549820a73c880f475f00000000000000000000b7807fb33b72685ec37a2d3f766413a60459516246e5a1d998a2017aef0948a68cf255315ab80dd349e891aef595dc4d470e8ac32a308e15fc37d06aeac289c0523f483e1ff7408c6087f1ab652f2ef91d4f2b01987b0f46da034e5c3f745a7ee8101a3934c54e24b48ec0275e2d0687dc746b0827cbf652f406c6b95f2722e58c05f752ce2126596e1cd7655b904801784c416b22f73d324678e2724f43f1fe687c7e8a60c28b82b6528341b648cdd56fed7cdcbb1575912d5ecd36dea3bca0b7427d53588a0f9455e8f8d2ab2242729251ae033a9e02210e62df0546a74b333a1c48f95fd54acb5741259e8c5488efeee327415cc19451432c6f14c27693102a3cd84857cd6586fc5ca9a93eb0145fac0662ff86107f998a8ef7df8aa14046c55b03d3d47f88a8d60f7774a2ee08758897fb411a94b3c2fc5d5f0db42c0456ec015f08e5247d33ae2d35603ff8454c16f8342856935125102bb784ed7148b6ce431b63ee356b0c785f2f47b90e29389f22fc5b59a70efaea2bd40195af4486220d664130bfc43c10ec23ea6283994a7dde4dcb61fea6b651fb1d62458d0741a12830052fcc460db043afe525629b40d7cee458e4cb5e930ed624806c43a006e39336d07c2b8081c128ad2706f48261f7899484c297a1a6613bc18f5a38d442768af38041efe03d152ef95ff569e76db2391f4509d7f339d92fdb4a89364949da398000000000000000d80a4fe654578376e599aff3565b1d531f30912b9945030b81ea9935fd46edb44a78f615255490a4b621501f2a9e4d24624c4dac9274118c67584f5d374755534d7f68f679c4ff516a9c861a0e7e65868fcb2bf1cb9aea4e05df72279fdb0d2b9e935c5af3cf474bed79dfc248c1f5aea4b8b32c5d295e57079d0fe662a46b7f71cd47744db86c50b704c971d90295c7b2c7439a2d78ccfa79b5fc2bff6bbf840262bf89394b3e0691953264d2700c838fa2c7b3425260f59554e502dcea39cb313b0000000000004ca7c12f45858d6284ca6270d6b2f0e58fded8a7b4a302a97bc641df07720ba2b26bbfcc807ca0abb1b44322269c21c5ec68cb068ea88067d905ea917bb03eefdaebdeabf2d0dce80997c915c8949de992587c2cb5fe36d7d3e5db21b094b8b77940b5f07722e47a08d367e5f84c96ec664b72934b99b3109af65d77e86abd6859cddf4bbae1f0930462df15fddbc48562ea3511a8065ef028cf12f14dcf6ea4cd8d884836174faf1aa609e5f1ee1162dfa13bdc1fa7cfaadba85c72e9758f031755d0be53f8d2a1dfb1c68cc164b0a0780d971a96ea2c4d4ca0398c2235980a9307b3d5bd3b01faffd0a5dbed2881a9700af561ac8c7e36bb2fc4c40e9cf96f06817fb903729a7db6ff957697c9ede7885d94ffb0969be0daf60af93109eb24ee72e4363f51af62af6fb2a6df3bec89822a7a0b678058fa3fef86faec216eb6992162f8dcbf719c148cd2f9c55f4901203a9a8a2c3e90f3943dbc10360a1a49700d1dfbf66d69f6fbaf506c8bcce8bb0d872a02238926407a4eddd5d0fc5a752f9000", 0x1000}}, 0x1006)
r6 = socket$nl_generic(0x10, 0x3, 0x10)
r7 = syz_genetlink_get_family_id$nl80211(&(0x7f0000000280), 0xffffffffffffffff)
ioctl$sock_SIOCGIFINDEX_80211(r6, 0x8933, 0x0)
sendmsg$NL80211_CMD_TRIGGER_SCAN(r6, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000000e40)={&(0x7f0000000240)={0x24, r7, 0x1, 0x70bd2a, 0x25dfdbfd, {{}, {@val={0x8}, @void}}, [@NL80211_ATTR_SCAN_FLAGS={0x8, 0x9e, 0x41a}]}, 0x24}, 0x1, 0x0, 0x0, 0x805}, 0x40084)

10m52.532378857s ago: executing program 3 (id=2634):
openat$kvm(0xffffffffffffff9c, &(0x7f0000000000), 0x800, 0x0)
socketpair$unix(0x1, 0x3, 0x0, &(0x7f0000000080)={<r0=>0xffffffffffffffff, <r1=>0xffffffffffffffff})
connect$unix(r0, &(0x7f000057eff8)=@abs, 0x6e)
sendmmsg$unix(r1, &(0x7f00000bd000), 0x318, 0x0)
recvmmsg(r0, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
personality(0x0)
sched_setattr(0x0, &(0x7f0000000280)={0x38, 0x5, 0x8, 0x8001, 0x0, 0x9, 0x0, 0xfffffe0000000001, 0xfa11, 0xffffffff}, 0x0)
r2 = creat(0x0, 0x122)
r3 = openat$ppp(0xffffffffffffff9c, &(0x7f0000000100), 0x161842, 0x0)
ioctl$PPPIOCNEWUNIT(r3, 0xc004743e, &(0x7f0000000040))
ioctl$PPPIOCSACTIVE(r3, 0x40047459, &(0x7f0000000080)={0xfffffffffffffe43, 0x0})
ppoll(&(0x7f00000000c0)=[{r3, 0x8040}, {r3}], 0x2, 0x0, 0x0, 0x0)
write$ppp(r3, &(0x7f0000000200)="bc72", 0x2)
mmap$binder(&(0x7f0000ffd000/0x2000)=nil, 0x2000, 0x1, 0x11, r2, 0x40)
ioctl$BINDER_WRITE_READ(0xffffffffffffffff, 0xc0306201, 0x0)
r4 = socket$nl_generic(0x10, 0x3, 0x10)
syz_genetlink_get_family_id$batadv(0x0, 0xffffffffffffffff)
ioctl$ifreq_SIOCGIFINDEX_batadv_mesh(r4, 0x8933, &(0x7f0000000440))
r5 = socket$inet_tcp(0x2, 0x1, 0x0)
bind$inet(r5, &(0x7f0000000040)={0x2, 0x4e21, @local}, 0x47)
setsockopt$inet_tcp_int(r5, 0x6, 0x210000000013, &(0x7f00000000c0)=0x100000001, 0x4)
setsockopt$inet_tcp_TCP_REPAIR_QUEUE(r5, 0x6, 0x14, &(0x7f0000000140)=0x2, 0x4)
connect$inet(r5, &(0x7f0000000180)={0x2, 0x4e21, @local}, 0x10)
setsockopt$inet_tcp_TCP_REPAIR_OPTIONS(r5, 0x6, 0x16, &(0x7f0000000340)=[@sack_perm, @window={0x3, 0x6, 0x7}, @mss={0x2, 0x7}, @window={0x3, 0x0, 0x4}, @window={0x3, 0x8, 0x6}, @timestamp, @window={0x3, 0xfffe}, @sack_perm], 0x200000000000005e)
setsockopt$inet_tcp_TCP_REPAIR(r5, 0x6, 0x13, &(0x7f00000001c0), 0x4)
sendto$inet(r5, &(0x7f0000000100)="fd0a0fc6dd4887c6048236609465f2e31c82c5f6be73b435a314bd11a3ccedb8ec4c8219ed81f552d8a12b9b15cdca91b058fbff98d619438ad5aaebb6ed6b54", 0xfffffffffffffe4f, 0x404c813, 0x0, 0x0)
socket$key(0xf, 0x3, 0x2)

10m50.961124919s ago: executing program 3 (id=2637):
r0 = openat$fuse(0xffffffffffffff9c, &(0x7f00000000c0), 0x2, 0x0)
syz_mount_image$fuse(&(0x7f0000000040), &(0x7f0000000000)='./file0\x00', 0x0, &(0x7f0000000180)={{'fd', 0x3d, r0}, 0x2c, {'rootmode', 0x3d, 0x4000}}, 0x0, 0x0, 0x0)
mount$fuse(0x0, &(0x7f0000000000)='./file0\x00', 0x0, 0x100000, 0x0)
unshare(0x26020480)
r1 = openat$sw_sync(0xffffffffffffff9c, &(0x7f0000000080), 0x0, 0x0)
r2 = openat$sw_sync(0xffffffffffffff9c, &(0x7f0000000ac0), 0x0, 0x0)
ioctl$SW_SYNC_IOC_CREATE_FENCE(r2, 0xc0285700, &(0x7f0000000040)={0x4, "abacd211119ca94c63377526aeb5ab2c7b9ca5fa07558139ede6dc06270ee042", <r3=>0xffffffffffffffff})
ioctl$SW_SYNC_IOC_CREATE_FENCE(r1, 0xc0285700, &(0x7f0000000100)={0x8, "b546baa5cc590d3033de259c2996817bb959ebab028deda501009bdeffafde25", <r4=>0xffffffffffffffff})
socket(0x10, 0x3, 0x0)
ioctl$SYNC_IOC_MERGE(r3, 0xc0303e03, &(0x7f00000001c0)={"0080bced01eb0100000000000000000700000000000000c900", r4})
ioctl$SW_SYNC_IOC_INC(r1, 0x40045701, &(0x7f0000000e00)=0x400)
ioctl$SW_SYNC_IOC_INC(r2, 0x40045701, &(0x7f0000000000)=0x4)
ppoll(&(0x7f00000000c0)=[{}, {}], 0x20000000000000dc, 0x0, 0x0, 0x0)
mount$fuse(0x0, &(0x7f0000000140)='./file0\x00', 0x0, 0x80000, 0x0)
r5 = open_tree(0xffffffffffffff9c, &(0x7f0000000640)='\x00', 0x89901)
r6 = openat$full(0xffffff9c, &(0x7f0000000080), 0x6c0, 0x0)
sendmsg$IPSET_CMD_ADD(r6, &(0x7f00000002c0)={&(0x7f0000000200)={0x10, 0x0, 0x0, 0x10000000}, 0xc, &(0x7f0000000280)={&(0x7f0000000240)={0x38, 0x9, 0x6, 0x201, 0x0, 0x0, {0x2, 0x0, 0x5}, [@IPSET_ATTR_LINENO={0x8, 0x9, 0x1, 0x0, 0x100}, @IPSET_ATTR_DATA={0x1c, 0x7, 0x0, 0x1, [@IPSET_ATTR_PORT_TO={0x6, 0x5, 0x1, 0x0, 0x4e23}, @IPSET_ATTR_LINENO={0x8, 0x9, 0x1, 0x0, 0x6}, @IPSET_ATTR_CIDR2={0x5, 0x15, 0x7}]}]}, 0x38}, 0x1, 0x0, 0x0, 0x8000}, 0x8000)
move_mount(r5, &(0x7f0000000140)='.\x00', 0xffffffffffffff9c, &(0x7f0000000300)='./file0\x00', 0x0)
mount$fuse(0x0, &(0x7f0000000100)='./file0\x00', 0x0, 0x280449c, 0x0)
r7 = open_tree(0xffffffffffffff9c, &(0x7f0000000640)='\x00', 0x89901)
move_mount(r7, &(0x7f0000000140)='.\x00', 0xffffffffffffff9c, &(0x7f0000000300)='./file0\x00', 0x0)

10m49.990858487s ago: executing program 3 (id=2639):
r0 = socket$inet_sctp(0x2, 0x5, 0x84)
prctl$PR_SET_NO_NEW_PRIVS(0x26, 0x1)
landlock_restrict_self(0xffffffffffffffff, 0x4)
r1 = socket$inet_sctp(0x2, 0x1, 0x84)
sendto$inet(r1, &(0x7f0000000780)='^', 0x1, 0x0, &(0x7f0000004ff0)={0x2, 0x0, @rand_addr=0xfffffffffffffffe}, 0x10)
listen(r1, 0xda90)
ioctl$sock_inet_SIOCSIFFLAGS(0xffffffffffffffff, 0x8914, 0x0)
socketpair$unix(0x1, 0x3, 0x0, &(0x7f00000000c0)={<r2=>0xffffffffffffffff, <r3=>0xffffffffffffffff})
connect$unix(r2, &(0x7f000057eff8)=@abs, 0x6e)
sendmmsg$unix(r3, &(0x7f00000bd000), 0x318, 0x0)
recvmmsg(r2, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
r4 = socket$nl_netfilter(0x10, 0x3, 0xc)
sendmsg$NFT_BATCH(r4, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000200)={&(0x7f00000003c0)=ANY=[@ANYBLOB="140000001000010000000000000000000000000a28000000000a0101000000005e1affd50200000009"], 0x7c}, 0x1, 0x0, 0x0, 0x20040051}, 0x0)
syz_emit_ethernet(0x16, &(0x7f0000000940)={@broadcast, @local, @void, {@llc={0x8864, {@snap={0xab, 0xaa, '\x00', "fd27a7", 0xf8}}}}}, 0x0)
getsockopt$EBT_SO_GET_INIT_ENTRIES(r0, 0x0, 0x83, &(0x7f0000000240)={'filter\x00', 0x0, 0x3, 0x0, [0x7fff, 0x1, 0x4, 0x5, 0xa, 0x6], 0x1, &(0x7f0000000080)=[{}], 0x0}, &(0x7f00000002c0)=0x50)
sched_setattr(0x0, &(0x7f0000000000)={0x38, 0x0, 0x4, 0x8001, 0x0, 0x3, 0x200000000002, 0x7, 0x8, 0x5}, 0x0)
setitimer(0x2, 0x0, 0x0)
close_range(0xffffffffffffffff, 0xffffffffffffffff, 0x0)
socket$nl_netfilter(0x10, 0x3, 0xc)
r5 = socket$nl_generic(0x10, 0x3, 0x10)
bpf$MAP_DELETE_BATCH(0x1b, &(0x7f00000001c0)={0x0, 0x0, 0x0, &(0x7f0000000500)="94ee65c3489d47f746cbb94e0f261b29fb59684baac18c", 0x8}, 0x38)
ioctl$sock_SIOCGIFINDEX(r5, 0x8933, 0x0)
bind$packet(0xffffffffffffffff, &(0x7f0000000180)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @remote}, 0x14)
setsockopt$packet_int(0xffffffffffffffff, 0x107, 0xf, &(0x7f0000000200)=0xe9, 0x4)
sendmsg$netlink(0xffffffffffffffff, &(0x7f0000002ac0)={0x0, 0x0, &(0x7f0000000300)=[{&(0x7f00000004c0)=ANY=[@ANYBLOB="02017d298cdc18000e3580009f0001140000002f0600ac141414e0000001808a89723a0b72e41082b1a3d206"], 0xdd12}], 0x1}, 0x0)
r6 = accept4(r1, 0x0, 0x0, 0x0)
getsockopt$inet_sctp6_SCTP_PEER_ADDR_THLDS(r6, 0x84, 0x1f, &(0x7f00000008c0)={0x0, @in6={{0xa, 0x4e20, 0x6, @empty, 0x404}}, 0x3, 0x9}, &(0x7f0000000980)=0x88)

10m49.590940422s ago: executing program 3 (id=2640):
socket$nl_route(0x10, 0x3, 0x0)
r0 = socket$inet(0x2, 0x4000000000000001, 0x0)
bind$inet(r0, &(0x7f0000000200)={0x2, 0x4e23, @multicast1}, 0x10)
r1 = socket$inet6_tcp(0xa, 0x1, 0x0)
setsockopt$inet6_tcp_int(r1, 0x6, 0x13, &(0x7f0000000040)=0x100000001, 0x76dc)
r2 = openat$ttyS3(0xffffffffffffff9c, &(0x7f00000003c0), 0x123e00, 0x0)
ioctl$TCSBRKP(r2, 0x5425, 0x0)
openat$rfkill(0xffffffffffffff9c, &(0x7f0000000040), 0x801, 0x0)
socketpair$unix(0x1, 0x3, 0x0, &(0x7f0000000080)={<r3=>0xffffffffffffffff, <r4=>0xffffffffffffffff})
connect$unix(r3, &(0x7f000057eff8)=@abs, 0x6e)
sendmmsg$unix(r4, &(0x7f00000bd000), 0x318, 0x0)
recvmmsg(r3, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
ioctl$UI_GET_SYSNAME(0xffffffffffffffff, 0x8040552c, &(0x7f0000000240))
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
sched_setattr(0x0, &(0x7f0000000280)={0x38, 0x5, 0x20, 0x8001, 0xffffffff, 0x7, 0x82bc, 0xfffffe0000000000, 0xfa11, 0xffffffff}, 0x0)
ioctl$TUNSETIFF(0xffffffffffffffff, 0x400454ca, &(0x7f0000000200)={'rose0\x00', 0x112})
socket$netlink(0x10, 0x3, 0x0)
r5 = syz_open_procfs(0x0, &(0x7f0000000180)='net/unix\x00')
ioctl$BINDER_SET_CONTEXT_MGR_EXT(r5, 0x4018620d, &(0x7f00000000c0)={0x73622a85, 0x1000})
r6 = socket$netlink(0x10, 0x3, 0x0)
r7 = openat$tun(0xffffffffffffff9c, &(0x7f0000000100), 0x0, 0x0)
ioctl$TUNSETIFF(r7, 0x400454ca, &(0x7f0000000040)={'syzkaller0\x00', 0x2})
r8 = socket$unix(0x1, 0x1, 0x0)
r9 = socket$nl_route(0x10, 0x3, 0x0)
sched_setscheduler(0x0, 0x2, 0x0)
ioctl$sock_SIOCGIFINDEX(r8, 0x8933, &(0x7f0000000100)={'syzkaller0\x00', <r10=>0x0})
sendmsg$nl_route_sched(r9, &(0x7f0000000000)={0x0, 0x0, &(0x7f00000001c0)={&(0x7f0000000440)=@newqdisc={0x4c, 0x24, 0x4ee4e6a52ff56541, 0x0, 0x8000000, {0x0, 0x0, 0x0, r10, {0x0, 0xb}, {0xffff, 0xffff}, {0xfff2}}, [@qdisc_kind_options=@q_netem={{0xa}, {0x1c, 0x2, {{0x10100, 0x7, 0x6361, 0x5, 0xfffffffd, 0x6}}}}]}, 0x4c}, 0x1, 0x0, 0x0, 0x20000001}, 0x0)
sendmsg$nl_route_sched(r9, &(0x7f0000000200)={0x0, 0x0, &(0x7f0000000180)={&(0x7f0000000300)=@newqdisc={0x44, 0x24, 0x4ee4e6a52ff56541, 0x70bd2c, 0x80000, {0x0, 0x0, 0x0, r10, {0x0, 0x11}, {0xffe6, 0xb}, {0xfff2, 0xc}}, [@qdisc_kind_options=@q_gred={{0x9}, {0x14, 0x2, [@TCA_GRED_DPS={0x10, 0x3, {0x10, 0x7, 0x1, 0x7}}]}}]}, 0x44}, 0x1, 0x0, 0x0, 0x2000c0e1}, 0x4000804)
sendmsg$nl_route(r6, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000540)={&(0x7f0000008c80)=ANY=[@ANYBLOB="2c00000026000506"], 0x2c}, 0x1, 0xd00}, 0x800)
recvmmsg(r6, &(0x7f0000007700), 0x318, 0xfc0, 0x0)

10m49.210313121s ago: executing program 32 (id=2640):
socket$nl_route(0x10, 0x3, 0x0)
r0 = socket$inet(0x2, 0x4000000000000001, 0x0)
bind$inet(r0, &(0x7f0000000200)={0x2, 0x4e23, @multicast1}, 0x10)
r1 = socket$inet6_tcp(0xa, 0x1, 0x0)
setsockopt$inet6_tcp_int(r1, 0x6, 0x13, &(0x7f0000000040)=0x100000001, 0x76dc)
r2 = openat$ttyS3(0xffffffffffffff9c, &(0x7f00000003c0), 0x123e00, 0x0)
ioctl$TCSBRKP(r2, 0x5425, 0x0)
openat$rfkill(0xffffffffffffff9c, &(0x7f0000000040), 0x801, 0x0)
socketpair$unix(0x1, 0x3, 0x0, &(0x7f0000000080)={<r3=>0xffffffffffffffff, <r4=>0xffffffffffffffff})
connect$unix(r3, &(0x7f000057eff8)=@abs, 0x6e)
sendmmsg$unix(r4, &(0x7f00000bd000), 0x318, 0x0)
recvmmsg(r3, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
ioctl$UI_GET_SYSNAME(0xffffffffffffffff, 0x8040552c, &(0x7f0000000240))
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
sched_setattr(0x0, &(0x7f0000000280)={0x38, 0x5, 0x20, 0x8001, 0xffffffff, 0x7, 0x82bc, 0xfffffe0000000000, 0xfa11, 0xffffffff}, 0x0)
ioctl$TUNSETIFF(0xffffffffffffffff, 0x400454ca, &(0x7f0000000200)={'rose0\x00', 0x112})
socket$netlink(0x10, 0x3, 0x0)
r5 = syz_open_procfs(0x0, &(0x7f0000000180)='net/unix\x00')
ioctl$BINDER_SET_CONTEXT_MGR_EXT(r5, 0x4018620d, &(0x7f00000000c0)={0x73622a85, 0x1000})
r6 = socket$netlink(0x10, 0x3, 0x0)
r7 = openat$tun(0xffffffffffffff9c, &(0x7f0000000100), 0x0, 0x0)
ioctl$TUNSETIFF(r7, 0x400454ca, &(0x7f0000000040)={'syzkaller0\x00', 0x2})
r8 = socket$unix(0x1, 0x1, 0x0)
r9 = socket$nl_route(0x10, 0x3, 0x0)
sched_setscheduler(0x0, 0x2, 0x0)
ioctl$sock_SIOCGIFINDEX(r8, 0x8933, &(0x7f0000000100)={'syzkaller0\x00', <r10=>0x0})
sendmsg$nl_route_sched(r9, &(0x7f0000000000)={0x0, 0x0, &(0x7f00000001c0)={&(0x7f0000000440)=@newqdisc={0x4c, 0x24, 0x4ee4e6a52ff56541, 0x0, 0x8000000, {0x0, 0x0, 0x0, r10, {0x0, 0xb}, {0xffff, 0xffff}, {0xfff2}}, [@qdisc_kind_options=@q_netem={{0xa}, {0x1c, 0x2, {{0x10100, 0x7, 0x6361, 0x5, 0xfffffffd, 0x6}}}}]}, 0x4c}, 0x1, 0x0, 0x0, 0x20000001}, 0x0)
sendmsg$nl_route_sched(r9, &(0x7f0000000200)={0x0, 0x0, &(0x7f0000000180)={&(0x7f0000000300)=@newqdisc={0x44, 0x24, 0x4ee4e6a52ff56541, 0x70bd2c, 0x80000, {0x0, 0x0, 0x0, r10, {0x0, 0x11}, {0xffe6, 0xb}, {0xfff2, 0xc}}, [@qdisc_kind_options=@q_gred={{0x9}, {0x14, 0x2, [@TCA_GRED_DPS={0x10, 0x3, {0x10, 0x7, 0x1, 0x7}}]}}]}, 0x44}, 0x1, 0x0, 0x0, 0x2000c0e1}, 0x4000804)
sendmsg$nl_route(r6, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000540)={&(0x7f0000008c80)=ANY=[@ANYBLOB="2c00000026000506"], 0x2c}, 0x1, 0xd00}, 0x800)
recvmmsg(r6, &(0x7f0000007700), 0x318, 0xfc0, 0x0)

8.73513695s ago: executing program 5 (id=5619):
pipe2(&(0x7f0000000000)={0xffffffffffffffff, <r0=>0xffffffffffffffff}, 0x0)
socketpair$unix(0x1, 0x3, 0x0, &(0x7f0000000080)={<r1=>0xffffffffffffffff, <r2=>0xffffffffffffffff})
connect$unix(r1, &(0x7f000057eff8)=@abs, 0x6e)
sendmmsg$unix(r2, &(0x7f00000bd000), 0x318, 0x0)
recvmmsg(r1, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
syz_open_dev$radio(0x0, 0xffffffffffffffff, 0x2)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
sched_setattr(0x0, &(0x7f0000000280)={0x38, 0x5, 0x8, 0x8001, 0x0, 0x9, 0x0, 0xfffffe0000000001, 0xfa11, 0xffffffff}, 0x0)
setxattr$system_posix_acl(&(0x7f0000002a00)='.\x00', &(0x7f0000000040)='system.posix_acl_default\x00', &(0x7f0000000a80)={{}, {0x1, 0x7}}, 0x24, 0x2)
syz_mount_image$fuse(0x0, &(0x7f0000001540)='./file0\x00', 0x50000, 0x0, 0x1, 0x0, 0x0)
r3 = syz_usb_connect(0x0, 0x24, &(0x7f0000000040)=ANY=[@ANYBLOB="1201000003005740ed0b0011c3ec000000010902120001000000000904"], 0x0)
syz_usb_control_io(r3, 0x0, &(0x7f00000010c0)={0x84, &(0x7f00000000c0)=ANY=[@ANYBLOB="00000100000008"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0})
syz_usb_control_io$printer(r3, 0x0, 0x0)
syz_usb_control_io$uac1(r3, 0x0, &(0x7f0000000540)={0x24, &(0x7f0000000200)=ANY=[@ANYBLOB="200549000000ed7fa240610d12a37ea7e85ef781875f247abef3501c4f6927ebb9f1f81049bc46b6ab45ad5e7d1273b47f0c21de729bc1f272ba3e94700b5f1c2dab6375c458de"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0})
setxattr$system_posix_acl(&(0x7f0000002fc0)='./file0\x00', &(0x7f0000003000)='system.posix_acl_default\x00', &(0x7f0000003180)={{}, {0x1, 0x3}, [], {0x4, 0x7}, [], {}, {0x20, 0x2}}, 0x24, 0x0)
rmdir(&(0x7f0000000000)='./file0\x00')
r4 = openat$ttyS3(0xffffffffffffff9c, &(0x7f0000000200), 0x48000, 0x0)
ioctl$TIOCMGET(r4, 0x5415, 0x0)
connect$tipc(0xffffffffffffffff, 0x0, 0x0)
keyctl$search(0xa, 0x0, &(0x7f00000000c0)='asymmetric\x00', &(0x7f0000000200)={'syz', 0x3}, 0x0)
r5 = openat$snapshot(0xffffffffffffff9c, &(0x7f0000000000), 0x181001, 0x0)
setsockopt$MRT6_ADD_MIF(0xffffffffffffffff, 0x29, 0xca, &(0x7f00000000c0)={0x0, 0x1, 0x7, 0x0, 0xffffffff}, 0xc)
setsockopt$MRT6_DEL_MIF(0xffffffffffffffff, 0x29, 0xcb, &(0x7f0000000540), 0xc)
ioctl$SNAPSHOT_UNFREEZE(r5, 0x3302)
ioctl$VFAT_IOCTL_READDIR_SHORT(r5, 0x82307202, 0x0)
openat$kvm(0xffffffffffffff9c, 0x0, 0x2, 0x0)
ioctl$DRM_IOCTL_GET_CLIENT(0xffffffffffffffff, 0xc0286405, &(0x7f0000000080)={0x0, 0x9, {0xffffffffffffffff}, {0xffffffffffffffff}, 0xbd, 0x6})
close_range(r0, 0xffffffffffffffff, 0x0)

8.548731827s ago: executing program 0 (id=5620):
r0 = socket$nl_generic(0x10, 0x3, 0x10)
r1 = syz_genetlink_get_family_id$nl80211(&(0x7f0000000080), 0xffffffffffffffff)
ioctl$sock_SIOCGIFINDEX_80211(r0, 0x8933, &(0x7f00000000c0)={'wlan0\x00', <r2=>0x0})
sendmsg$NL80211_CMD_SET_INTERFACE(r0, &(0x7f0000000100)={0x0, 0x0, &(0x7f0000000340)={&(0x7f0000000180)={0x24, r1, 0x5, 0x0, 0x0, {{}, {@val={0x8, 0x3, r2}, @void}}, [@NL80211_ATTR_IFTYPE={0x8, 0x5, 0x9}]}, 0x24}}, 0x0)
sendmsg$NL80211_CMD_START_AP(r0, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000200)={&(0x7f0000000540)={0x88, r1, 0x5, 0x70bd26, 0x0, {{}, {@val={0x8, 0x3, r2}, @void}}, [@beacon=[@NL80211_ATTR_BEACON_HEAD={0x4c, 0xe, {{{}, {}, @broadcast, @device_a, @from_mac}, 0x0, @default, 0x1, @void, @void, @void, @void, @void, @void, @void, @void, @void, @val={0x2d, 0x1a, {0x1, 0x1, 0x7, 0x0, {0xa600000000000000, 0x2, 0x0, 0x3fe, 0x0, 0x0, 0x0, 0x1}, 0x0, 0x9, 0x3}}, @val={0x72, 0x6}, @void, @void}}], @chandef_params=[@NL80211_ATTR_WIPHY_FREQ={0x8}, @NL80211_ATTR_WIPHY_CHANNEL_TYPE={0x8, 0x27, 0x1}], @NL80211_ATTR_BEACON_INTERVAL={0x8}, @NL80211_ATTR_DTIM_PERIOD={0x8}]}, 0x88}}, 0x20000014)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f00000003c0)={<r3=>0xffffffffffffffff})
bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, 0x0, 0x0)
r4 = syz_genetlink_get_family_id$nl80211(&(0x7f0000000f80), 0xffffffffffffffff)
ioctl$sock_SIOCGIFINDEX_80211(r3, 0x8933, &(0x7f0000000300)={'wlan0\x00', <r5=>0x0})
sendmsg$NL80211_CMD_NEW_STATION(0xffffffffffffffff, &(0x7f0000001080)={0x0, 0x0, &(0x7f0000001040)={&(0x7f0000000280)=ANY=[@ANYBLOB='D\x00', @ANYRES16=r4, @ANYRES32=r5, @ANYBLOB="040013000a0006000802110000010000060010008005000006001200000000000500"], 0x44}, 0x1, 0x0, 0x0, 0xc0}, 0x0)

8.349601525s ago: executing program 0 (id=5621):
syz_genetlink_get_family_id$nl80211(&(0x7f0000000140), 0xffffffffffffffff)
r0 = socket$inet6_tcp(0xa, 0x1, 0x0)
bind$inet6(r0, &(0x7f00000000c0)={0xa, 0x4e22, 0x9, @ipv4={'\x00', '\xff\xff', @dev={0xac, 0x14, 0x14, 0x3c}}, 0x6}, 0x1c)
openat$drirender128(0xffffff9c, 0x0, 0xa06, 0x0)
r1 = socket$inet6_sctp(0xa, 0x5, 0x84)
getsockopt$inet_sctp6_SCTP_SOCKOPT_CONNECTX3(r1, 0x84, 0x6f, &(0x7f0000000000)={0x0, 0x1c, &(0x7f00000004c0)=[@in6={0xa, 0x4e24, 0x20b, @loopback, 0x7fff}]}, &(0x7f0000000440)=0x10)
r2 = socket(0x2, 0x80805, 0x0)
openat$nvme_fabrics(0xffffff9c, &(0x7f0000000000), 0x40, 0x0)
getsockopt$inet_sctp_SCTP_GET_ASSOC_ID_LIST(r2, 0x84, 0x1d, &(0x7f0000000000)={0x1, [<r3=>0x0]}, &(0x7f0000000040)=0x8)
getsockopt$inet_sctp6_SCTP_PEER_ADDR_THLDS(r2, 0x84, 0x1f, &(0x7f0000000300)={r3, @in6={{0xa, 0x4e22, 0xc, @empty, 0x1}}, 0x6, 0x3}, &(0x7f0000000180)=0x90)
connect$inet6(r0, &(0x7f0000000080)={0xa, 0x4e22, 0x7, @ipv4={'\x00', '\xff\xff', @empty}, 0x4c}, 0x1c)
setsockopt$SO_BINDTODEVICE(r0, 0x1, 0x19, 0x0, 0x0)
socketpair$unix(0x1, 0x5, 0x0, &(0x7f0000000240)={0xffffffffffffffff, <r4=>0xffffffffffffffff})
ioctl$sock_SIOCETHTOOL(r4, 0x8946, &(0x7f0000000080)={'netdevsim0\x00', &(0x7f00000002c0)=@ethtool_sfeatures={0x3b, 0x2, [{0xfe, 0x80000000}, {0xfffffff9}]}})
r5 = fsopen(&(0x7f0000000100)='ceph\x00', 0x0)
fsconfig$FSCONFIG_SET_STRING(r5, 0x1, 0x0, 0x0, 0xfeffffff00000000)
r6 = accept4(0xffffffffffffffff, 0x0, 0x0, 0x0)
sendmmsg$alg(r6, 0x0, 0x0, 0x0)
recvmmsg$unix(r6, 0x0, 0x0, 0x42, 0x0)
r7 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0)
r8 = ioctl$KVM_CREATE_VM(r7, 0xae01, 0x0)
ioctl$KVM_SET_CLOCK(r8, 0x4030ae7b, 0x0)
syz_usb_connect_ath9k(0x3, 0x5a, &(0x7f0000000c80)={{0x12, 0x1, 0x200, 0xff, 0xff, 0xff, 0x40, 0xcf3, 0x9271, 0x108, 0x1, 0x2, 0x3, 0x1, [{{0x9, 0x2, 0x48}}]}}, 0x0)
r9 = fcntl$dupfd(r0, 0x0, r0)
sendmmsg$inet(r9, &(0x7f0000000200)=[{{0x0, 0x0, &(0x7f0000000140)=[{&(0x7f0000000340)="e8ef791d3d44d20806ac37", 0xb}, {0x0}], 0x2}}], 0x1, 0x80)
r10 = socket$nl_generic(0x10, 0x3, 0x10)
ioctl$sock_SIOCGIFINDEX_80211(r10, 0x8933, &(0x7f0000000000)={'wlan0\x00'})
socket(0x10, 0x3, 0x0)
socketpair$unix(0x1, 0x5, 0x0, &(0x7f00000008c0))
socket$kcm(0x11, 0x3, 0x0)

7.620667445s ago: executing program 4 (id=5624):
r0 = syz_io_uring_setup(0x88f, &(0x7f0000000140)={0x0, 0xaee2, 0x80, 0x2, 0x1f9}, &(0x7f0000000000)=<r1=>0x0, &(0x7f0000000300)=<r2=>0x0)
ioctl$vim2m_VIDIOC_G_FMT(0xffffffffffffffff, 0xc0cc5604, &(0x7f0000000140)={0x3, @win={{0x5d1, 0x2, 0x9, 0xf9}, 0x4, 0x8, 0x0, 0x4, 0x0, 0x40}})
syz_genetlink_get_family_id$batadv(&(0x7f0000000100), 0xffffffffffffffff)
syz_memcpy_off$IO_URING_METADATA_GENERIC(r1, 0x4, &(0x7f0000000080)=0xfffffffc, 0x0, 0x4)
syz_io_uring_submit(r1, r2, &(0x7f00000002c0)=@IORING_OP_OPENAT={0x12, 0x0, 0x0, r0, 0x0, 0x0, 0x64, 0x183000, 0x12345})
openat$sndseq(0xffffffffffffff9c, &(0x7f0000000040), 0x42002)
io_uring_enter(r0, 0x47f6, 0x0, 0x0, 0x0, 0x0)
ioctl$sock_SIOCGIFINDEX(0xffffffffffffffff, 0x8933, &(0x7f0000000100)={'syzkaller0\x00', <r3=>0x0})
sendmsg$nl_route_sched(0xffffffffffffffff, &(0x7f00000012c0)={0x0, 0x0, &(0x7f0000000080)={&(0x7f00000005c0)=@newqdisc={0x38, 0x24, 0x4ee4e6a52ff56541, 0x70bd2d, 0xffffffff, {0x0, 0x0, 0x0, r3, {0x0, 0xfff1}, {0xffff, 0xffff}, {0x1, 0xf}}, [@qdisc_kind_options=@q_multiq={{0xb}, {0x8, 0x2, {0x28}}}]}, 0x38}}, 0x0)
sendmsg$nl_route_sched(0xffffffffffffffff, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000440)={&(0x7f0000000a80)=@newtfilter={0x480, 0x2c, 0xd27, 0x70bd25, 0x8000, {0x0, 0x0, 0x0, r3, {0x0, 0x7}, {}, {0xffff, 0x8}}, [@filter_kind_options=@f_basic={{0xa}, {0x450, 0x2, [@TCA_BASIC_POLICE={0x44c, 0x4, [@TCA_POLICE_TBF={0x3c, 0x1, {0x3, 0x8, 0x9, 0x8, 0x0, {0x9, 0x2, 0x2, 0x7, 0x8000, 0x2}, {0x8, 0x2, 0x7, 0xf0, 0x1}, 0x0, 0x3, 0xfffffff9}}, @TCA_POLICE_RATE={0x404, 0x2, [0x4, 0x8, 0x3, 0x9, 0x4, 0x4, 0x4, 0x2, 0x0, 0x7, 0x16a, 0x6, 0x4, 0x5, 0x7fffffff, 0x6, 0x7b1, 0xb5, 0x3, 0x5, 0x0, 0x1, 0x7, 0x3, 0xe, 0xfff, 0x19, 0x3, 0xf8a3, 0xff, 0x3, 0x8, 0x2c1, 0x8, 0x6, 0xb, 0x639, 0x7, 0x3ff, 0x200, 0x8, 0xe, 0x3, 0xd65, 0x4, 0x2c, 0xb, 0xc10, 0xfb, 0x2, 0xc, 0xff, 0xffff, 0x4, 0x7ff, 0x3, 0x1, 0x8, 0x2, 0xc, 0x3ff, 0xfff, 0xef, 0x662, 0xfff, 0x8, 0x8, 0x1, 0x7ff, 0x77, 0xd0dc, 0x1, 0x10, 0x3, 0x7, 0x2, 0x5, 0x80000000, 0x0, 0xfffffffb, 0x80000000, 0x57d, 0x5, 0x8, 0x1, 0x8, 0x4, 0x6, 0x1, 0x6, 0x3, 0x0, 0xae, 0x7, 0x8001, 0xe, 0xfffffffe, 0x7, 0x3, 0x8, 0x1, 0x8, 0x7fffffff, 0x6, 0x10001, 0x3, 0x10000, 0x0, 0x8, 0x846, 0x1ff, 0x9, 0x3ff, 0xfffffffa, 0x5, 0x400, 0xaa9, 0x81, 0x8001, 0x3, 0x2c18, 0x8, 0x9, 0x9, 0x0, 0x600, 0x4, 0x80000001, 0x800, 0x100, 0x7, 0x2, 0x32, 0x6, 0x7, 0x2, 0x7, 0x8, 0x4, 0x2, 0x40000000, 0x7f, 0x7, 0x4, 0x7, 0x2, 0x5, 0x5d41, 0x1, 0x4, 0x0, 0xb, 0x7, 0x200, 0x10001, 0x9, 0x401, 0x6, 0x1, 0x3, 0x8, 0x8, 0x8, 0x9, 0x0, 0x9, 0x4, 0xc, 0x800, 0x6, 0x8, 0x32e, 0x5, 0x5, 0x2, 0x40, 0x52, 0xfff, 0x6, 0x2, 0x0, 0x7, 0x9, 0x2, 0x1, 0x9, 0x0, 0x80000001, 0x8, 0x0, 0x1, 0x9, 0x1, 0x1576, 0x8001, 0x7, 0x5, 0x1, 0xcdd6, 0x0, 0x74, 0x8000, 0x80000001, 0x6, 0x5b, 0x7, 0x5, 0xccb9, 0x9b, 0xffff8bf5, 0x7, 0x0, 0x8001, 0x9, 0x5, 0x0, 0x4, 0x8, 0x29, 0x665, 0x8, 0x9, 0x7, 0x6, 0x5c, 0x80, 0xffffffff, 0x4, 0xa000, 0x3, 0x7e8, 0x86f070e5, 0x401, 0x6, 0x4, 0x10, 0x3, 0x3, 0x6, 0x5, 0x5, 0x5, 0x1000, 0xd0, 0x5, 0x10, 0x1e70, 0x4, 0xdbc, 0x1, 0x80000000, 0x8000, 0xff, 0x4, 0xcca, 0x827]}, @TCA_POLICE_AVRATE={0x8, 0x4, 0x6}]}]}}]}, 0x480}, 0x1, 0x0, 0x0, 0x2000c0c1}, 0x800)
r4 = openat$procfs(0xffffffffffffff9c, &(0x7f0000000000)='/proc/asound/seq/clients\x00', 0x0, 0x0)
preadv(r4, &(0x7f0000004ec0)=[{&(0x7f0000004bc0)=""/68, 0x44}], 0x1, 0x8000, 0x0)

6.206897973s ago: executing program 0 (id=5626):
syz_genetlink_get_family_id$ethtool(0x0, 0xffffffffffffffff)
ioctl$SIOCSIFMTU(0xffffffffffffffff, 0x541b, 0x0)
socketpair$unix(0x1, 0x3, 0x0, &(0x7f0000000080)={<r0=>0xffffffffffffffff, <r1=>0xffffffffffffffff})
connect$unix(r0, &(0x7f000057eff8)=@abs, 0x6e)
sendmmsg$unix(r1, &(0x7f00000bd000), 0x318, 0x0)
recvmmsg(r0, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
sched_setattr(0x0, &(0x7f0000000280)={0x38, 0x5, 0x8, 0x8001, 0x0, 0x9, 0x0, 0xfffffe0000000001, 0xfa11, 0xffffffff}, 0x0)
madvise(&(0x7f0000a93000/0x4000)=nil, 0x4000, 0x80000000e)
mremap(&(0x7f0000a96000/0x1000)=nil, 0x1000, 0x800000, 0x3, &(0x7f0000130000/0x800000)=nil)
mremap(&(0x7f000054e000/0x1000)=nil, 0x1000, 0x3000, 0x3, &(0x7f000022c000/0x3000)=nil)
r2 = bpf$BPF_BTF_LOAD(0x12, 0x0, 0x0)
bpf$PROG_LOAD(0x5, &(0x7f0000000500)={0x3, 0x0, 0x0, 0x0, 0x3, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback=0x15, r2, 0x8, 0x0, 0xff9e, 0x10, 0x0, 0x0, 0x0, 0xffffffffffffffff, 0xfffffffffffffedb, 0x0, 0x0, 0x10, 0x4}, 0x94)
r3 = syz_open_procfs(0xffffffffffffffff, &(0x7f0000000440)='loginuid\x00')
pwritev(r3, &(0x7f0000000500)=[{&(0x7f0000000000)='0', 0x1}], 0x1, 0x0, 0x0)
write$FUSE_NOTIFY_RETRIEVE(r3, &(0x7f00000000c0)={0x30, 0x5, 0x0, {0x0, 0x0, 0x4, 0x7}}, 0x30)
r4 = syz_open_dev$dri(&(0x7f0000000000), 0x1f, 0x0)
ioctl$DRM_IOCTL_MODE_GETRESOURCES(r4, 0xc04064a0, &(0x7f0000000400)={0x0, &(0x7f0000000140)=[<r5=>0x0], &(0x7f0000000180)=[<r6=>0x0], 0x0, 0x0, 0x1, 0x1})
ioctl$DRM_IOCTL_MODE_SETCRTC(r4, 0xc06864a2, &(0x7f00000002c0)={0x0, 0x0, r5, 0x0, 0x80, 0x5, 0x9, 0x0, {0x9, 0x1000, 0x101c, 0x10, 0x4, 0x401, 0x100, 0xa, 0x0, 0x52, 0x43, 0x7e9, 0x401, 0x9aa5, "cb630dab3a0338057401a192419598961f50dc45c87d55a52a28b8f01c0e0e7a"}})
ioctl$DRM_IOCTL_MODE_CREATE_LEASE(r4, 0xc01864c6, &(0x7f00000003c0)={&(0x7f0000000280)=[r5, r6], 0x2})
r7 = syz_open_dev$dri(&(0x7f0000000000), 0x1, 0x0)
ioctl$DRM_IOCTL_MODE_GETRESOURCES(r7, 0xc04064a0, &(0x7f0000000380)={0x0, 0x0, &(0x7f0000000340), 0x0, 0x0, 0x0, 0x0, 0x3b})
ioctl$DRM_IOCTL_MODE_GETCONNECTOR(r7, 0xc05064a7, &(0x7f0000000280)={&(0x7f00000059c0)=[0x0], &(0x7f0000007d40)=[{}, {}, {}, {}, {}], &(0x7f00000000c0), &(0x7f00000000c0)=[0x0, 0x0, 0x0, 0x0], 0x3c3c3c3c3c3c49c, 0x0, 0x1})
ioctl$DRM_IOCTL_MODE_GETCRTC(0xffffffffffffffff, 0xc06864a1, &(0x7f0000000100)={&(0x7f0000000240)=[0x0, 0x0, 0x0, 0x0, 0x0], 0x5, 0x0, <r8=>0x0})
ioctl$DRM_IOCTL_MODE_SETCRTC(r3, 0xc06864a2, &(0x7f00000001c0)={&(0x7f0000000000)=[r6, 0x0], 0x2, 0x0, r8, 0x400, 0x1, 0x8000, 0x8000, {0x7fffffff, 0x5, 0xf3f0, 0x8000, 0x6000, 0xf018, 0x4, 0x14, 0x7, 0x400, 0x7, 0x7, 0x0, 0x4, "728fd5d156974217828d30845c18b8c821b120eaf975e463126e6df895484e3a"}})
r9 = syz_open_procfs(0x0, &(0x7f0000000040)='maps\x00')
ioctl$KVM_SET_USER_MEMORY_REGION(r9, 0xc0686611, &(0x7f0000000180)={0x67, 0x0, 0x3f, 0x2000, &(0x7f0000ffe000/0x2000)=nil})
r10 = syz_open_procfs(0xffffffffffffffff, &(0x7f0000000200)='sched\x00')
prctl$PR_SET_SECCOMP(0x16, 0x1, 0x0)
write$P9_RAUTH(r10, 0x0, 0x0)

6.206353065s ago: executing program 4 (id=5627):
r0 = openat$binderfs(0xffffffffffffff9c, &(0x7f00000000c0)='./binderfs/binder0\x00', 0x0, 0x0)
ioctl$BINDER_SET_CONTEXT_MGR_EXT(r0, 0x4018620d, &(0x7f0000000480)={0x73622a85, 0x0, 0x2})
r1 = openat$binderfs(0xffffffffffffff9c, &(0x7f0000000200)='./binderfs/binder0\x00', 0x0, 0x0)
ioctl$BINDER_WRITE_READ(r1, 0xc0306201, 0x0)
r2 = dup3(r1, r0, 0x0)
ioctl$BINDER_WRITE_READ(r2, 0xc0306201, &(0x7f00000002c0)={0x8, 0x0, &(0x7f0000000180)=[@decrefs], 0x0, 0x0, 0x0})

5.4469767s ago: executing program 5 (id=5630):
socketpair$unix(0x1, 0x3, 0x0, &(0x7f0000000080)={<r0=>0xffffffffffffffff, <r1=>0xffffffffffffffff})
connect$unix(r0, &(0x7f000057eff8)=@abs, 0x6e)
sendmmsg$unix(r1, &(0x7f00000bd000), 0x318, 0x0)
recvmmsg(r0, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
madvise(&(0x7f0000000000/0x4000)=nil, 0x0, 0x12)
syz_genetlink_get_family_id$ethtool(0x0, 0xffffffffffffffff)
sched_setattr(0x0, &(0x7f0000000280)={0x38, 0x5, 0x8, 0x8001, 0x0, 0x9, 0x0, 0xfffffe0000000001, 0xfa11, 0xffffffff}, 0x0)
madvise(&(0x7f0000a93000/0x4000)=nil, 0x4000, 0xe)
mremap(&(0x7f0000a96000/0x1000)=nil, 0x1000, 0x800000, 0x3, &(0x7f0000130000/0x800000)=nil)
prctl$PR_SET_IO_FLUSHER(0x43, 0x1)
prctl$PR_SET_IO_FLUSHER(0x43, 0x0)
r2 = creat(&(0x7f0000000100)='./file0\x00', 0xecf86c37d5304994)
write$binfmt_script(r2, &(0x7f00000002c0)={'#! ', './file0', [], 0xa, "1f410e2852ad52cb07410969e814977e4f2c4a80522094786c8673fb61cf8b86bd030000005a3c7c04055f1f70e4064d46b2bb9e5100d446bb6afb2c0fc07b58f4a9c1006a0b6c05639e23ec12979ff9b48ca61e6dec58682449c75d86eb4337b8d343ed9c18927289d3d788fa281a5742690ff5a505cfff34fc1503afbfd2d44b50e4ca119f67b2890064d83a34eae5f4e64ae0c7c124730f21dcbc2d36ade1464efc381735512e000bc2b08cd6d659d3cfb1f79688235dd8"}, 0xc4)
bpf$PROG_LOAD(0x5, &(0x7f00000017c0)={0x1, 0xe, &(0x7f0000000380)=ANY=[@ANYBLOB="b700000012edfffebfa30000000000000703000028feffff7a0af0fff8ffffff61a4f0ff000000003e040000000000005d000000000000000704000012da0aff2500000017ffffffae040000000000007b0a00fe000000006e04000000000000c6000000000000009500000000000000023bc065b7a379d17cf9333379fc9e84af69912435f1b6a693002e7f3be3619184a0b139d8d4209c8ef1e50b91f32050e436fe275daf51efd601b6482a0800000098efd2a102ee010400006e7a1de4a21f379dbf01de00b1b564fef3bef70548aed0d600c095199fe3ff3128e599b0eaebbdbd7359a48f5b0afc532ef58de3c1b7646cb7798b3e6440c2fbdb00a3e35208b0bbf12cd8dff095edc710e4000000000000009fbe4b61a615c6c57a2b649dc74a1a610643b08d9ec21ead2ed51b104d4d91af25b8123deda8a3658d42ecbf28bf6d8e8afcb913466aaa7f6df70252e79166d8582755a314d31a76e42f2460d0b11008e59a5923906f88b53987ad1714e72ba7a54f0800000000000000d5f728d236619074d6ebdf098bc908f50ae728a40f9411fe7226a4040b96e37c4f46010400000000c3da29faf75ddd1aa96960bca97af133824b881cc1f62c0f8f8f0e8d76b86f9c45636614786f5a2cb77230a874640dcbe0b20bb77c022d4cab080078fce8c5c81b7037181fc2f18f781aaa6e2957d7e39cc1baddcb7ec6667e699f24e41697ee7ea23e4b29a8b6cc9a1f5a7b3caae05f13792292cb949b3aab06b1e042ff2164d80c605532b18ab1c156b97e5889685a96949e4cb40df77b8bb84b0e733a63784ccc214d930cbb7e090df9a2867b3acec439c163fc8706869ada11390d4dbcf840fa68e7d7071b53ac29df826f8ae6d6e18c1eacf5bf870768d5217e9bb5a05d9e224e67f1231bd236ed200073824d93c4e1a0f50a74bb4850486727d970acc546087acbf30f2f8165b47ba56dfadd14b306e98931485747292c6fe6e188750cf4f87cce2aa7d67c7133a9f05954cde298a35ea6d715ba80aee63300000000000000000000000000000000000040000000000000000386000000b854adb4f8080064e8407c6bdb37114c80fbaa4a0ec5aaf4b0ac6f2128668279eb6fc144344e2d461c9a1be8fa0061ea9d55ee4716bea8e1cebf9ed39325ab4c5530dd6ee9fffc00000000000000d7c5af73c683625aaad5eda5004a76c9f8975ed4c5e4eb3e77e9885f69754932609f19e2f615a01cb6d17fbf5cb539403cb0572534f054d5514ad8264f7b029b2bdf2ca4958a62a6e744f9a4c1e646e1dd2ca19583f0f8b0dc53debd7d44f334e6ed7445a9580f970e483b307c4b3c018bc194b23d37e6a2e52d8288e5aab6fec586d52386e8c07a88c88e8faec5f1b16b2014f6952ce7d6be12c6bdb9651ca6fc907061be311d1354e6295698594a73136237bee068d3819400e43544830a3f74b7942f22336953978a5b2032da4238cc61162c04c1297395b73e18c9387615a2bc87d9e2445f3d323d3fac347926a4bac694c55fe9d145906d410f58f1951405d10504efe402cae085afef5dbd617e87ddbd239e4a50d7eb8e327fb5db12cbd6a9efe8e671c4f251cafffe3400a670d14b9b3cd8d86e492997a0168c022ef3536bd1dc731f4f9f8cb6c3857fb8aaaa95024f8da775f72950212b84fc6133ae14d1429cd4905dabb52e43af7e65acf97b4951fa1e967d16a5ed642efc855a4a46b85cd079934ad3188276efae9387eaa232697526e24b5d4fded86c3811ccd00520150b16000080122965558074956da5e4c3bbefcb64aa8be4456ed2caf0f467b6bbf3aa4371f5e76ab3f60afea80bb066aafb7517f787b090f419a20278a3c779e03afd9a6af6fd518e5dce030f88ec5a5cb7601a161da0f80893220800c523040d13e1f1300c2c6555bce60d95dd3288e53435713f03add23f14c8db5555c62de4f626483632a2ab547f88dd6efec73a0271a19ca3aa860aa4dcaeeb9bd91a0cb429efae2a5fcc08b3a572969bbe917d1767e38ba49e3e57fafea83e495a6a1d1a4ebf83434986091dd66ffe3ffed0c39552a312e2db596d9c827e02f6fc13c8ddbb50bfd7dd8aa2f35f259fc83e007fe79d2d25e30830b92fca00a292dd3b856faa4b7e66e1b64505f65900839df71a97d4d07d37f7ecf8ed9a22da26ae674bba16c204f6b2f8f74fc56b7126d7c11ece6e88ec41192aaee75415c58d264a2b6adae02c821b62428902aad499825ab85a348638384cd12e61dbde5c47056f0a20b4e2a2328d5db5cfe56557a129e6be231acf5f57995c60d9fca5f63a0dfd18054717120bda466d04774b53208ad8b022719ca77a4e0a66b4708f791d849a5e2aaa0074a9560ede2600df5a5c41392fe9460080fcb1e65233fb8dbeec4c86dbcf6a0673e38d2d3615e5bfbde44afe0fa7564231fff7e7f1f3ad68492dd2ccb1decb15b5d7d3e37e8b7d28921c4b9280979521173f322df408d9818b6cc400098abb869921911480a876fbba698801937e8b4264eb6f5137bdaa075f1488d22230592a79000000000000000000000000000000000000000000110000000000000000000000000000000000000000000000000000000000000000002f316aa0886c174b73decb46c1c85edf50d8fcbac5ff76b365611666da86a8e65b308706bd7c000000000000003f7cd4d5cb9076b81b7741ec03877afb5237ea1694addebc14c3ae49f88c462ea2050acf2d9a97d3be29a5614d1eba2c98cf0236401e02d7c445e50f76419ab4f78f67a09e63dd4faa2e7b59399f055f2fa278783f26d0a52aefb0a5ef0b41e14a6fe6b8306206670b84894e901a523fcbadfeff535f2514bc834e876810d9a6a78e70a9e22860c36a724770b4185de44db6bf21fef32a8d5b36d9014f38fee012365f963b2a85e7d8075c333475b9f0284405e3127dde7e41285fbe0bdd370c06c6a41744c3d24eab511317f97b7b4a1c2ec33fedc46e9bf0fa640eebd3d58f0ebdb7cb8ccffd6d6ab7e0e843591d2618e2d2cdc7081c8fafffe9c3500800000087de4ee7aac6478d99de7dd82bef044a6d33c789d566c90c46ad581aa22f910547a77d55e26bf19f1d4661550b177ef53933a305e69b8a95119dcf5bda599d625054776151b2cd1fcde238bdc527594a6c17aa9728af24e2bb7a3830e7092b01b119ea4e7e7f0e21527d622cc29c9f0c8720195368f8374337ab4d130619d93c5ef37e7ddd0b2da147e6e513455b88753452de959a6cbfa1ffbc7ad5d8c3b48017fd31dcf72f337b639253f44cb27a12174bc4c191e21015d0c431a71906eb9c6a14c8a060459ef26787ce3d1cbfd5cc459f0048b5d06f6cbd3e9b34c89f3fb2f951ae81d7fcc8bc0000000000000000000000000000000000000000009231feef3117197c796369f776c8b2ea3970f358107945d9e74e9bdfa58e68b65a9201bc4b73b431df5aa29f363917f90e3fa1eaf553db1c761dd9b634a9c4d7c21d24fe6d953ed9438cad0f8dfe03e5e2f73019352f1fb682a5a6ebbf24ebc49e3d7058e696eb3f4b642f36c9006c0067e24a64aa8c53dd824a4ee271e35ed90000800847683c08bfda74a143c855030ae004ac797c575c202d8091eb77565212548ead770d680000000000"], &(0x7f00000001c0)='GPL\x00'}, 0x48)
write$FUSE_NOTIFY_STORE(r2, &(0x7f0000000040)=ANY=[@ANYBLOB], 0x28)
close(r2)
execve(&(0x7f0000000000)='./file0\x00', 0x0, 0x0)
madvise(&(0x7f0000000000/0x600000)=nil, 0x600002, 0x9)
r3 = bpf$MAP_CREATE(0x0, &(0x7f0000000dc0)=ANY=[@ANYBLOB="1e05efd30e000000100000000200000000030000", @ANYRES32=r2, @ANYBLOB="0100"/20, @ANYRES32=r2, @ANYRES32=r2, @ANYBLOB="0200000004000000020000000b00"/28], 0x50)
bpf$MAP_UPDATE_BATCH(0x1a, &(0x7f0000000300)={0xffffffffffffffff, 0x0, &(0x7f00000000c0), &(0x7f0000000240), 0x800, r3}, 0x38)
mkdirat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000000)='./cgroup/syz0\x00', 0x1ff)
syz_genetlink_get_family_id$nl80211(&(0x7f00000000c0), r2)
munmap(&(0x7f00003aa000/0xe000)=nil, 0xe000)
r4 = openat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000000), 0x200002, 0x0)
recvmmsg$unix(0xffffffffffffffff, &(0x7f0000003940)=[{{&(0x7f0000000e40), 0x6e, &(0x7f0000000240)=[{&(0x7f0000000ec0)=""/98, 0x62}, {&(0x7f0000000f40)=""/154, 0x9a}], 0x2}}, {{0x0, 0x0, &(0x7f00000011c0)=[{&(0x7f0000001080)=""/35, 0x23}, {&(0x7f00000010c0)=""/27, 0x1b}, {&(0x7f0000001100)=""/33, 0x21}, {&(0x7f0000001140)=""/105, 0x69}], 0x4}}, {{&(0x7f0000001200), 0x6e, &(0x7f00000019c0)=[{&(0x7f0000001280)=""/184, 0xb8}, {&(0x7f0000001340)=""/93, 0x5d}, {&(0x7f00000013c0)=""/24, 0x18}, {&(0x7f0000001400)=""/76, 0x4c}, {&(0x7f0000001480)=""/4, 0x4}, {&(0x7f00000014c0)=""/219, 0xdb}, {&(0x7f00000015c0)=""/208, 0xd0}, {&(0x7f00000016c0)=""/247, 0xf7}, {&(0x7f0000001880)=""/1, 0x1}, {&(0x7f00000018c0)=""/218, 0xda}], 0xa, &(0x7f0000001a40)=[@rights={{0x14, 0x1, 0x1, [0xffffffffffffffff, 0xffffffffffffffff]}}], 0x14}}, {{0x0, 0x0, &(0x7f0000002140)=[{&(0x7f0000001a80)=""/117, 0x75}, {&(0x7f0000001b00)=""/183, 0xb7}, {&(0x7f0000001bc0)=""/75, 0x4b}, {&(0x7f0000001c40)=""/75, 0x4b}, {&(0x7f0000001cc0)=""/250, 0xfa}, {&(0x7f0000001dc0)=""/19, 0x13}, {&(0x7f0000001e00)=""/69, 0x45}, {&(0x7f0000001e80)=""/253, 0xfd}, {&(0x7f0000001f80)=""/146, 0x92}, {&(0x7f0000002040)=""/198, 0xc6}], 0xa, &(0x7f00000021c0)=[@cred={{0x18}}, @rights={{0x18, 0x1, 0x1, [0xffffffffffffffff, 0xffffffffffffffff, 0xffffffffffffffff]}}, @rights={{0x24, 0x1, 0x1, [0xffffffffffffffff, 0xffffffffffffffff, 0xffffffffffffffff, 0xffffffffffffffff, 0xffffffffffffffff, 0xffffffffffffffff]}}, @rights={{0x34, 0x1, 0x1, [0xffffffffffffffff, 0xffffffffffffffff, 0xffffffffffffffff, 0xffffffffffffffff, 0xffffffffffffffff, 0xffffffffffffffff, 0xffffffffffffffff, 0xffffffffffffffff, 0xffffffffffffffff, 0xffffffffffffffff]}}, @cred={{0x18}}, @rights={{0x18, 0x1, 0x1, [0xffffffffffffffff, 0xffffffffffffffff, 0xffffffffffffffff]}}], 0xb8}}, {{&(0x7f0000002280)=@abs, 0x6e, &(0x7f0000002480)=[{&(0x7f0000002300)=""/210, 0xd2}, {&(0x7f0000002400)=""/119, 0x77}], 0x2}}], 0x5, 0x10000, &(0x7f0000003a40))
r5 = openat$cgroup_ro(r4, &(0x7f0000000040)='cgroup.freeze\x00', 0x275a, 0x0)
write$cgroup_int(r5, &(0x7f0000000200)=0x1, 0x12)
write$cgroup_pid(r5, &(0x7f0000000140), 0x12)
syz_usb_connect(0x2, 0x2d, &(0x7f0000000000)=ANY=[@ANYBLOB="120100007e3dc410cd0621013ddd0102030109021b00010009400009048500"], 0x0)

5.407728071s ago: executing program 4 (id=5631):
r0 = socket$nl_generic(0x10, 0x3, 0x10)
r1 = syz_genetlink_get_family_id$nl80211(&(0x7f0000000080), 0xffffffffffffffff)
ioctl$sock_SIOCGIFINDEX_80211(r0, 0x8933, &(0x7f00000000c0)={'wlan0\x00', <r2=>0x0})
sendmsg$NL80211_CMD_SET_INTERFACE(r0, &(0x7f0000000100)={0x0, 0x0, &(0x7f0000000340)={&(0x7f0000000180)={0x24, r1, 0x5, 0x0, 0x0, {{}, {@val={0x8, 0x3, r2}, @void}}, [@NL80211_ATTR_IFTYPE={0x8, 0x5, 0x9}]}, 0x24}}, 0x0)
sendmsg$NL80211_CMD_START_AP(r0, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000200)={&(0x7f0000000540)={0x88, r1, 0x5, 0x70bd26, 0x0, {{}, {@val={0x8, 0x3, r2}, @void}}, [@beacon=[@NL80211_ATTR_BEACON_HEAD={0x4c, 0xe, {{{}, {}, @broadcast, @device_a, @from_mac}, 0x0, @default, 0x1, @void, @void, @void, @void, @void, @void, @void, @void, @void, @val={0x2d, 0x1a, {0x1, 0x1, 0x7, 0x0, {0xa600000000000000, 0x2, 0x0, 0x3fe, 0x0, 0x0, 0x0, 0x1}, 0x0, 0x9, 0x3}}, @val={0x72, 0x6}, @void, @void}}], @chandef_params=[@NL80211_ATTR_WIPHY_FREQ={0x8}, @NL80211_ATTR_WIPHY_CHANNEL_TYPE={0x8, 0x27, 0x1}], @NL80211_ATTR_BEACON_INTERVAL={0x8}, @NL80211_ATTR_DTIM_PERIOD={0x8}]}, 0x88}}, 0x20000014)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f00000003c0)={<r3=>0xffffffffffffffff})
bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, 0x0, 0x0)
r4 = syz_genetlink_get_family_id$nl80211(&(0x7f0000000f80), 0xffffffffffffffff)
ioctl$sock_SIOCGIFINDEX_80211(r3, 0x8933, &(0x7f0000000300)={'wlan0\x00', <r5=>0x0})
sendmsg$NL80211_CMD_NEW_STATION(0xffffffffffffffff, &(0x7f0000001080)={0x0, 0x0, &(0x7f0000001040)={&(0x7f0000000280)=ANY=[@ANYBLOB='D\x00', @ANYRES16=r4, @ANYRES32=r5, @ANYBLOB="040013000a0006000802110000010000060010008005000006001200000000000500"], 0x44}, 0x1, 0x0, 0x0, 0xc0}, 0x0)

4.72951651s ago: executing program 0 (id=5633):
r0 = socket$inet(0x2, 0x4000000000000001, 0x0)
r1 = socket$nl_generic(0x10, 0x3, 0x10)
r2 = syz_open_dev$vim2m(&(0x7f0000000040), 0x7f, 0x2)
ioctl$vim2m_VIDIOC_S_CTRL(r2, 0xc008561c, &(0x7f0000000000)={0xf0f01f})
r3 = syz_genetlink_get_family_id$nl80211(&(0x7f0000000680), r1)
ioctl$sock_SIOCGIFINDEX_80211(r1, 0x8933, &(0x7f0000000080)={'wlan0\x00', <r4=>0x0})
r5 = syz_open_dev$I2C(&(0x7f0000000480), 0x0, 0x0)
ioctl$I2C_RDWR(r5, 0x707, &(0x7f0000000180)={&(0x7f0000000000)=[{0x0, 0xc610, 0x0, 0x0}], 0x1})
openat$tun(0xffffffffffffff9c, &(0x7f0000000140), 0x40043, 0x0)
socketpair$unix(0x1, 0x3, 0x0, &(0x7f0000000080)={<r6=>0xffffffffffffffff, <r7=>0xffffffffffffffff})
connect$unix(r6, &(0x7f0000000300)=@abs, 0x6e)
sendmmsg$unix(r7, &(0x7f00000bd000), 0x318, 0x0)
recvmmsg(r6, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
sched_setattr(0x0, &(0x7f0000000100)={0x38, 0x5, 0x0, 0x0, 0x0, 0x7fffffffffffffff, 0x9, 0x8, 0x0, 0x3}, 0x0)
r8 = landlock_create_ruleset(&(0x7f0000000040)={0x4, 0x1, 0x1}, 0x18, 0x0)
r9 = socket$nl_route(0x10, 0x3, 0x0)
sendmsg$nl_route(r9, &(0x7f0000000000)={0x0, 0x0, &(0x7f00000000c0)={&(0x7f0000000100)=@newlink={0x38, 0x10, 0xffffffffffffffff, 0x70bd27, 0x25dfdbfb, {0x0, 0x0, 0x0, 0x0, 0x37c13, 0x51a23}, [@IFLA_LINKINFO={0x18, 0x12, 0x0, 0x1, @ip6gretap={{0xe}, {0x4}}}]}, 0x38}, 0x1, 0x0, 0x0, 0x1}, 0x0)
landlock_restrict_self(r8, 0x0)
mknod(&(0x7f0000000040)='./file0\x00', 0xc000, 0x8)
r10 = openat$fuse(0xffffffffffffff9c, &(0x7f0000002080), 0x42, 0x0)
mount$fuse(0x0, &(0x7f00000020c0)='./file0\x00', &(0x7f0000002100), 0x0, &(0x7f0000002140)=ANY=[@ANYBLOB='fd=', @ANYRESHEX=r10, @ANYBLOB=',rootmode=00000000000000000100000,user_id=', @ANYRESDEC=0x0, @ANYBLOB=',group_id=', @ANYRESDEC=0x0])
openat(0xffffffffffffff9c, 0x0, 0xc5001, 0x104)
renameat2(0xffffffffffffff9c, &(0x7f0000000080)='./file0\x00', 0xffffffffffffff9c, &(0x7f00000000c0)='./file0\x00', 0x2)
sendmsg$NL80211_CMD_TRIGGER_SCAN(r1, &(0x7f0000000140)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000180)=ANY=[@ANYBLOB='L\x00\x00\x00', @ANYRES16=r3, @ANYBLOB="010000000000000000002100000008000300", @ANYRES32=r4, @ANYBLOB="30002d800a"], 0x4c}}, 0x0)
setsockopt$inet_tcp_int(r0, 0x6, 0x80000000000002, &(0x7f00000004c0)=0x79, 0x4)
r11 = syz_usb_connect(0x0, 0x24, &(0x7f00000000c0)={{0x12, 0x1, 0x0, 0xcf, 0x8b, 0xed, 0x20, 0xfd9, 0x25, 0x2940, 0x0, 0x0, 0x0, 0x1, [{{0x9, 0x2, 0x12, 0x1, 0x0, 0x0, 0x0, 0x0, [{{0x9, 0x4, 0x0, 0x0, 0x0, 0xca, 0xfb, 0x1a}}]}}]}}, 0x0)
syz_usb_control_io$uac1(r11, 0x0, &(0x7f0000000580)={0x44, &(0x7f0000000700)={0x20, 0x11, 0x1, "ce"}, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0})

4.286019156s ago: executing program 4 (id=5634):
r0 = openat$vmci(0xffffffffffffff9c, &(0x7f0000000740), 0x2, 0x0)
ioctl$IOCTL_VMCI_INIT_CONTEXT(r0, 0x7a0, &(0x7f00000002c0)={@host})
r1 = syz_open_dev$dri(&(0x7f0000000000), 0x0, 0x0)
ioctl$DRM_IOCTL_MODE_CREATE_DUMB(r1, 0xc02064b2, &(0x7f0000000040)={0x1, 0x6576, 0x9})
ioctl$DRM_IOCTL_MODE_CREATE_DUMB(r1, 0xc02064b2, &(0x7f00000000c0)={0x3ff, 0x803, 0x101})
close_range(r1, 0xffffffffffffffff, 0x0)
bpf$BPF_MAP_CONST_STR_FREEZE(0x16, &(0x7f0000000080)={0x1, <r2=>0xffffffffffffffff}, 0x4)
ioctl$AUTOFS_DEV_IOCTL_CATATONIC(0xffffffffffffffff, 0xc0189379, &(0x7f0000000100)={{0x1, 0x1, 0x18, <r3=>r1}, './file0\x00'})
bpf$MAP_CREATE(0x0, &(0x7f0000000200)=@bloom_filter={0x1e, 0x5, 0x5, 0xf1e4, 0x1408, r2, 0xfffffff6, '\x00', 0x0, r3, 0x5, 0x4, 0x2, 0x9}, 0x50)
r4 = socket$unix(0x1, 0x5, 0x0)
r5 = socket$unix(0x1, 0x5, 0x0)
bind$unix(r5, &(0x7f0000000180)=@abs={0x1, 0x0, 0x4e20}, 0x6e)
listen(r5, 0x8)
ioctl$int_in(r5, 0x5452, &(0x7f0000000000)=0x9)
ppoll(&(0x7f0000000280)=[{r5, 0x3206}, {r4, 0xa}], 0x2, 0x0, 0x0, 0x0)
ioctl$IOCTL_VMCI_VERSION2(r0, 0x7a7, &(0x7f00000000c0)=0xb0000)
socket$nl_route(0x10, 0x3, 0x0)
r6 = syz_open_dev$vbi(&(0x7f0000000000), 0x1, 0x2)
ioctl$VIDIOC_QBUF(r6, 0xc058565d, &(0x7f00000002c0)=@multiplanar_mmap={0x7, 0x5, 0x4, 0x289bd4a939f3150a, 0x5, {0x0, 0xea60}, {0x2, 0x8, 0x2e, 0xd, 0x6, 0x2, "51dddb69"}, 0x3, 0x1, {0x0}})
ioctl$IOCTL_VMCI_QUEUEPAIR_SETVA(r0, 0x7a4, &(0x7f0000000180)={{@host}, 0xfffffffffffffffc, 0x800000000000002, 0x1000000, 0x8})

3.435735967s ago: executing program 4 (id=5637):
r0 = syz_open_dev$video(&(0x7f0000000000), 0x75, 0x100)
ioctl$VIDIOC_ENUM_FRAMEINTERVALS(r0, 0xc034564b, &(0x7f0000000140)={0xd5c, 0x59565955, 0x280, 0x168, 0x0, @discrete={0x4, 0x5}})

3.343929812s ago: executing program 2 (id=5639):
r0 = socket$packet(0x11, 0x3, 0x300)
ioctl$sock_SIOCGIFINDEX(r0, 0x8933, &(0x7f0000000080)={'veth0\x00', <r1=>0x0})
setsockopt$packet_int(r0, 0x107, 0x14, &(0x7f0000000180)=0x19ca, 0x4)
setsockopt$packet_int(r0, 0x107, 0xf, &(0x7f0000000000)=0xf3f, 0x4)
sendto$packet(r0, &(0x7f00000000c0), 0x0, 0x0, &(0x7f0000000540)={0xc9, 0x0, r1, 0x1, 0x0, 0x6, @multicast}, 0x14)

3.156364213s ago: executing program 4 (id=5640):
socketpair$unix(0x1, 0x3, 0x0, &(0x7f0000000080)={<r0=>0xffffffffffffffff, <r1=>0xffffffffffffffff})
connect$unix(r0, &(0x7f0000000300)=@abs, 0x6e)
sendmmsg$unix(r1, &(0x7f00000bd000), 0x318, 0x0)
recvmmsg(r0, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
write(0xffffffffffffffff, 0x0, 0x0)
r2 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0)
ioctl$KVM_CREATE_VM(r2, 0xae01, 0x0)
syz_usb_connect(0x3, 0x36, &(0x7f0000000000)={{0x12, 0x1, 0x0, 0x0, 0x14, 0x5f, 0x40, 0x45e, 0x84bd, 0x89be, 0x1, 0x2, 0x3, 0x1, [{{0x9, 0x2, 0x24, 0x1, 0x0, 0x0, 0x0, 0x0, [{{0x9, 0x4, 0xed, 0x0, 0x2, 0xff, 0x5d, 0x81, 0x0, [], [{{0x9, 0x5, 0x3, 0x3, 0x0, 0x0, 0x5}}, {{0x9, 0x5, 0x8a, 0x3}}]}}]}}]}}, 0x0)
r3 = socket$packet(0x11, 0x3, 0x300)
setsockopt$packet_tx_ring(r3, 0x107, 0xd, &(0x7f0000000380)=@req3={0x10000, 0x100000001, 0x10000, 0x1}, 0x1c)
sendfile(0xffffffffffffffff, 0xffffffffffffffff, &(0x7f0000000040)=0x3, 0xac5)
syz_clone3(&(0x7f0000000900)={0x23800000, &(0x7f0000000040)=<r4=>0xffffffffffffffff, 0x0, 0x0, {0x27}, 0x0, 0x0, 0x0, 0x0}, 0x58)
io_setup(0x8, &(0x7f0000000600)=<r5=>0x0)
io_submit(r5, 0x1, &(0x7f0000001300)=[&(0x7f00000000c0)={0x0, 0x0, 0x0, 0x5, 0x6, r4, 0x0}])
r6 = getpid()
process_vm_readv(r6, &(0x7f0000008400)=[{&(0x7f0000000300)=""/54, 0x7ffff000}, {&(0x7f0000006180)=""/152, 0x98}], 0x2, &(0x7f0000008640)=[{&(0x7f0000008480)=""/95, 0x7ffff000}], 0x286, 0x0)

3.154413417s ago: executing program 2 (id=5650):
r0 = socket$packet(0x11, 0x3, 0x300)
ioctl$sock_SIOCGIFINDEX(r0, 0x8933, &(0x7f0000000080)={'veth0\x00', <r1=>0x0})
setsockopt$packet_int(r0, 0x107, 0x14, &(0x7f0000000180)=0x19ca, 0x4)
setsockopt$packet_int(r0, 0x107, 0xf, &(0x7f0000000000)=0xf3f, 0x4)
sendto$packet(r0, &(0x7f00000000c0)="3f03fe7feee8140006001e0089e9aaa911d7c2290f0086dd1327c9167c643c4a1b788061", 0x24, 0x0, &(0x7f0000000540)={0xc9, 0x0, r1, 0x1, 0x0, 0x6, @multicast}, 0x14)

3.111911305s ago: executing program 1 (id=5641):
r0 = openat$binderfs(0xffffffffffffff9c, &(0x7f00000000c0)='./binderfs/binder0\x00', 0x0, 0x0)
ioctl$BINDER_SET_CONTEXT_MGR_EXT(r0, 0x4018620d, &(0x7f0000000480)={0x73622a85, 0x0, 0x2})
r1 = openat$binderfs(0xffffffffffffff9c, &(0x7f0000000200)='./binderfs/binder0\x00', 0x0, 0x0)
ioctl$BINDER_WRITE_READ(r1, 0xc0306201, 0x0)
r2 = dup3(r1, r0, 0x0)
ioctl$BINDER_WRITE_READ(r2, 0xc0306201, &(0x7f00000002c0)={0x8, 0x0, &(0x7f0000000180)=[@decrefs], 0x0, 0x0, 0x0})

3.047459841s ago: executing program 2 (id=5642):
socket(0x10, 0x3, 0x0)
io_uring_setup(0x47a0, &(0x7f0000000100)={0x0, 0x0, 0x80})
socket$inet_udp(0x2, 0x2, 0x0)
r0 = syz_io_uring_setup(0x50fb, &(0x7f00000002c0)={0x0, 0x7d4d, 0x200, 0x0, 0xa}, &(0x7f00000003c0), &(0x7f0000000440))
mmap$IORING_OFF_SQ_RING(&(0x7f00005d2000/0x4000)=nil, 0x4000, 0x1, 0x50, r0, 0x0)
socket(0xa, 0x3, 0x3a)
socketpair$unix(0x1, 0x3, 0x0, &(0x7f0000000080)={<r1=>0xffffffffffffffff})
connect$unix(r1, &(0x7f000057eff8)=@abs, 0x6e)
recvmmsg(0xffffffffffffffff, &(0x7f000000cec0)=[{{0x0, 0x0, &(0x7f0000003e00)=[{&(0x7f0000004200)=""/4096, 0x1000}], 0x1}}, {{0x0, 0x0, &(0x7f0000004140)=[{&(0x7f0000006200)=""/4096, 0x1000}], 0x1}}], 0x2, 0x0, 0x0)
r2 = socket$inet6(0xa, 0x80002, 0x0)
connect$inet6(r2, &(0x7f0000000000)={0xa, 0x4e22, 0x0, @ipv4={'\x00', '\xff\xff', @local}}, 0x1c)
sendmmsg$inet6(r2, &(0x7f0000003cc0)=[{{0x0, 0x0, &(0x7f0000003980), 0x171}}], 0x400000000000172, 0x4000000)

2.897917871s ago: executing program 2 (id=5643):
pipe2(&(0x7f0000000000)={0xffffffffffffffff, <r0=>0xffffffffffffffff}, 0x0)
socketpair$unix(0x1, 0x3, 0x0, &(0x7f0000000080)={<r1=>0xffffffffffffffff, <r2=>0xffffffffffffffff})
connect$unix(r1, &(0x7f000057eff8)=@abs, 0x6e)
sendmmsg$unix(r2, &(0x7f00000bd000), 0x318, 0x0)
recvmmsg(r1, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
syz_open_dev$radio(0x0, 0xffffffffffffffff, 0x2)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
sched_setattr(0x0, &(0x7f0000000280)={0x38, 0x5, 0x8, 0x8001, 0x0, 0x9, 0x0, 0xfffffe0000000001, 0xfa11, 0xffffffff}, 0x0)
setxattr$system_posix_acl(&(0x7f0000002a00)='.\x00', &(0x7f0000000040)='system.posix_acl_default\x00', &(0x7f0000000a80)={{}, {0x1, 0x7}}, 0x24, 0x2)
syz_mount_image$fuse(0x0, &(0x7f0000001540)='./file0\x00', 0x50000, 0x0, 0x1, 0x0, 0x0)
r3 = syz_usb_connect(0x0, 0x24, &(0x7f0000000040)=ANY=[@ANYBLOB="1201000003005740ed0b0011c3ec000000010902120001000000000904"], 0x0)
syz_usb_control_io(r3, 0x0, &(0x7f00000010c0)={0x84, &(0x7f00000000c0)=ANY=[@ANYBLOB="00000100000008"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0})
syz_usb_control_io$printer(r3, 0x0, 0x0)
syz_usb_control_io$uac1(r3, 0x0, &(0x7f0000000540)={0x24, &(0x7f0000000200)=ANY=[@ANYBLOB="200549000000ed7fa240610d12a37ea7e85ef781875f247abef3501c4f6927ebb9f1f81049bc46b6ab45ad5e7d1273b47f0c21de729bc1f272ba3e94700b5f1c2dab6375c458de"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0})
setxattr$system_posix_acl(&(0x7f0000002fc0)='./file0\x00', &(0x7f0000003000)='system.posix_acl_default\x00', &(0x7f0000003180)={{}, {0x1, 0x3}, [], {0x4, 0x7}, [], {}, {0x20, 0x2}}, 0x24, 0x0)
rmdir(&(0x7f0000000000)='./file0\x00')
r4 = openat$ttyS3(0xffffffffffffff9c, &(0x7f0000000200), 0x48000, 0x0)
ioctl$TIOCMGET(r4, 0x5415, 0x0)
connect$tipc(0xffffffffffffffff, 0x0, 0x0)
r5 = openat$snapshot(0xffffffffffffff9c, &(0x7f0000000000), 0x181001, 0x0)
r6 = socket(0xa, 0x3, 0x3a)
setsockopt$MRT6_ADD_MIF(r6, 0x29, 0xca, &(0x7f00000000c0)={0x0, 0x1, 0x7, 0x0, 0xffffffff}, 0xc)
setsockopt$MRT6_DEL_MIF(r6, 0x29, 0xcb, &(0x7f0000000540), 0xc)
ioctl$SNAPSHOT_UNFREEZE(r5, 0x3302)
ioctl$VFAT_IOCTL_READDIR_SHORT(r5, 0x82307202, 0x0)
openat$kvm(0xffffffffffffff9c, 0x0, 0x2, 0x0)
ioctl$DRM_IOCTL_GET_CLIENT(0xffffffffffffffff, 0xc0286405, &(0x7f0000000080)={0x0, 0x9, {0xffffffffffffffff}, {0xffffffffffffffff}, 0xbd, 0x6})
close_range(r0, 0xffffffffffffffff, 0x0)

2.484173398s ago: executing program 1 (id=5644):
r0 = socket$nl_generic(0x10, 0x3, 0x10)
r1 = syz_genetlink_get_family_id$nl80211(&(0x7f0000000080), 0xffffffffffffffff)
ioctl$sock_SIOCGIFINDEX_80211(r0, 0x8933, &(0x7f00000000c0)={'wlan0\x00', <r2=>0x0})
sendmsg$NL80211_CMD_SET_INTERFACE(r0, &(0x7f0000000100)={0x0, 0x0, &(0x7f0000000340)={&(0x7f0000000180)={0x24, r1, 0x5, 0x0, 0x0, {{}, {@val={0x8, 0x3, r2}, @void}}, [@NL80211_ATTR_IFTYPE={0x8, 0x5, 0x9}]}, 0x24}}, 0x0)
sendmsg$NL80211_CMD_START_AP(r0, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000200)={&(0x7f0000000540)={0x88, r1, 0x5, 0x70bd26, 0x0, {{}, {@val={0x8, 0x3, r2}, @void}}, [@beacon=[@NL80211_ATTR_BEACON_HEAD={0x4c, 0xe, {{{}, {}, @broadcast, @device_a, @from_mac}, 0x0, @default, 0x1, @void, @void, @void, @void, @void, @void, @void, @void, @void, @val={0x2d, 0x1a, {0x1, 0x1, 0x7, 0x0, {0xa600000000000000, 0x2, 0x0, 0x3fe, 0x0, 0x0, 0x0, 0x1}, 0x0, 0x9, 0x3}}, @val={0x72, 0x6}, @void, @void}}], @chandef_params=[@NL80211_ATTR_WIPHY_FREQ={0x8}, @NL80211_ATTR_WIPHY_CHANNEL_TYPE={0x8, 0x27, 0x1}], @NL80211_ATTR_BEACON_INTERVAL={0x8}, @NL80211_ATTR_DTIM_PERIOD={0x8}]}, 0x88}}, 0x20000014)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f00000003c0)={<r3=>0xffffffffffffffff})
bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, 0x0, 0x0)
r4 = syz_genetlink_get_family_id$nl80211(&(0x7f0000000f80), 0xffffffffffffffff)
ioctl$sock_SIOCGIFINDEX_80211(r3, 0x8933, &(0x7f0000000300)={'wlan0\x00', <r5=>0x0})
sendmsg$NL80211_CMD_NEW_STATION(0xffffffffffffffff, &(0x7f0000001080)={0x0, 0x0, &(0x7f0000001040)={&(0x7f0000000280)=ANY=[@ANYBLOB='D\x00', @ANYRES16=r4, @ANYRES32=r5, @ANYBLOB="040013000a0006000802110000010000060010008005000006001200000000000500"], 0x44}, 0x1, 0x0, 0x0, 0xc0}, 0x0)

2.053893064s ago: executing program 1 (id=5645):
socketpair$unix(0x1, 0x3, 0x0, &(0x7f0000000200)={<r0=>0xffffffffffffffff, <r1=>0xffffffffffffffff})
connect$unix(r0, &(0x7f000057eff8)=@file={0x0, './file0\x00'}, 0x6e)
sendmmsg$unix(r1, &(0x7f00000bd000), 0x318, 0x0)
recvmmsg(r0, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
sched_setattr(0x0, &(0x7f0000000280)={0x38, 0x3, 0x8, 0x8001, 0x0, 0x800000000000b, 0x8000000000000000, 0x5, 0xfa11, 0x7ff}, 0x0)
syz_genetlink_get_family_id$nl80211(&(0x7f0000000300), 0xffffffffffffffff)
r2 = socket$inet6(0xa, 0x800000000000002, 0x0)
ioctl$VIDIOC_G_STD(0xffffffffffffffff, 0x80085617, 0x0)
r3 = syz_open_dev$vim2m(&(0x7f0000000140), 0x20008478, 0x2)
ioctl$vim2m_VIDIOC_S_CTRL(r3, 0xc008561c, &(0x7f0000000040)={0x20f0f002, 0x2})
r4 = syz_io_uring_complete(0x0)
syz_open_dev$usbfs(&(0x7f0000000100), 0x76, 0x101301)
bpf$BPF_PROG_DETACH(0x9, &(0x7f0000000380)=ANY=[@ANYRES32=r0, @ANYRES32, @ANYBLOB='\x00\x00\x00\x00\x00 \x00\x00\x00\x00\x00\x00', @ANYRES32=r4, @ANYBLOB="19679bc16d32de9cc3fda55fb2bb740349af25e17833d7051db537f5d02d012ac0b4fa918cddfc3ac1273d44da708ca18025b4d9ea2f59ce922fbaa064e78465f85f42c46a4194aada57aa2043f875704c3603377977ea6b2eaa8418000000000000000000", @ANYRES64=0x0, @ANYRESOCT=r2], 0x20)
r5 = socket$inet(0x2, 0x1, 0x0)
setsockopt$inet_mreqn(r5, 0x0, 0x0, &(0x7f0000000000)={@multicast1, @remote}, 0xc)
sendmsg$NL80211_CMD_SET_WIPHY_NETNS(r4, &(0x7f0000000600)={&(0x7f00000002c0)={0x10, 0x0, 0x0, 0x1010104}, 0xc, &(0x7f00000005c0)={&(0x7f0000000640)=ANY=[@ANYBLOB='H\x00\x00\x00', @ANYBLOB="2002000000307dc06a86", @ANYRESDEC, @ANYRES8, @ANYRES16=r3, @ANYBLOB="08000300", @ANYRES32, @ANYBLOB], 0x48}, 0x1, 0x0, 0x0, 0x1}, 0x4040)
mkdirat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000000)='./cgroup.cpu/syz0\x00', 0x1ff)
socket(0x10, 0x803, 0x0)
socket$nl_generic(0x10, 0x3, 0x10)
connect$unix(0xffffffffffffffff, &(0x7f0000000300)=@abs, 0x6e)
socketpair$tipc(0x1e, 0x2, 0x0, &(0x7f00000000c0))
openat$snapshot(0xffffff9c, &(0x7f00000019c0), 0x0, 0x0)

1.645703975s ago: executing program 5 (id=5646):
r0 = openat$tun(0xffffffffffffff9c, &(0x7f0000000240), 0x0, 0x0)
ioctl$TUNSETIFF(r0, 0x400454ca, &(0x7f0000000040)={'syzkaller0\x00', 0x7101})
r1 = socket(0x400000000010, 0x3, 0x0)
r2 = socket$unix(0x1, 0x5, 0x0)
ioctl$sock_SIOCGIFINDEX(r2, 0x8933, &(0x7f0000000100)={'syzkaller0\x00', <r3=>0x0})
sendmsg$nl_route_sched(r1, &(0x7f00000012c0)={0x0, 0x0, &(0x7f0000000080)={&(0x7f0000000180)=@newqdisc={0x38, 0x24, 0x4ee4e6a52ff56541, 0x70bd2a, 0x25dfdbfd, {0x0, 0x0, 0x0, r3, {0x0, 0xfff1}, {0xffff, 0xffff}, {0x0, 0x7}}, [@qdisc_kind_options=@q_multiq={{0xb}, {0x8, 0x2, {0x2, 0x4}}}]}, 0x38}}, 0x0)
r4 = socket$unix(0x1, 0x1, 0x0)
r5 = socket$kcm(0x11, 0x3, 0x0)
r6 = openat$tun(0xffffffffffffff9c, &(0x7f0000000400), 0x0, 0x0)
close(r6)
socket$unix(0x1, 0x1, 0x0)
ioctl$SIOCSIFHWADDR(r6, 0x8914, &(0x7f0000002280)={'syzkaller0\x00', @multicast})
ioctl$sock_SIOCGIFINDEX(r4, 0x8933, &(0x7f0000000100)={'syzkaller0\x00', <r7=>0x0})
r8 = socket(0x400000000010, 0x3, 0x0)
r9 = socket$unix(0x1, 0x1, 0x0)
ioctl$sock_SIOCGIFINDEX(r9, 0x8933, &(0x7f0000000100)={'syzkaller0\x00', <r10=>0x0})
sendmsg$nl_route_sched(r8, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000300)={&(0x7f0000000500)=@newtfilter={0x88, 0x2c, 0xd3f, 0x30bd29, 0x25dfdbfd, {0x0, 0x0, 0x0, r10, {0xb, 0xfff3}, {}, {0x8, 0x300}}, [@filter_kind_options=@f_basic={{0xa}, {0x58, 0x2, [@TCA_BASIC_ACT={0x54, 0x3, [@m_connmark={0x50, 0x1, 0x0, 0x0, {{0xd}, {0x20, 0x2, 0x0, 0x1, [@TCA_CONNMARK_PARMS={0x1c, 0x1, {{0x8, 0xffff4f21, 0x1, 0x0, 0x4}, 0x6}}]}, {0x4}, {0xc, 0x7, {0x1, 0x1}}, {0xc, 0x8, {0x1, 0x3}}}}]}]}}]}, 0x88}, 0x1, 0x0, 0x0, 0x10}, 0x0)
setsockopt$sock_attach_bpf(r5, 0x107, 0xf, &(0x7f0000000600), 0x56)
sendmsg$kcm(r5, &(0x7f0000000280)={&(0x7f0000000380)=@xdp={0x2c, 0x0, r7, 0x3e}, 0x80, &(0x7f00000001c0)=[{&(0x7f0000000180)="27030200000214000e00002fb96dffff1144ee163cddcb00"/38, 0x26}, {&(0x7f00000004c0)="f058fe7d", 0x4}], 0x2}, 0x5)

1.199194711s ago: executing program 0 (id=5647):
capset(&(0x7f0000000100)={0x20071026}, &(0x7f0000000140)={0x0, 0x0, 0x0, 0x81, 0xfffffffb})
fchmodat(0xffffffffffffff9c, &(0x7f0000000300)='.\x00', 0xffffff70)
r0 = socket$unix(0x1, 0x1, 0x0)
r1 = openat2(0xffffffffffffffff, &(0x7f0000000040)='\xe9\x1fq\x89Y\x1e\x923aK\x00', &(0x7f0000000080)={0x202, 0x101, 0x3}, 0x18)
syz_genetlink_get_family_id$nl80211(&(0x7f0000000000), r1)
bind$unix(r0, &(0x7f0000003000)=@file={0x1, '\xe9\x1fq\x89Y\x1e\x923aK\x00'}, 0x6e)
r2 = socket(0x25, 0x2, 0x4)
r3 = socket$nl_generic(0x10, 0x3, 0x10)
r4 = syz_genetlink_get_family_id$devlink(&(0x7f00000001c0), r3)
bpf$BPF_GET_PROG_INFO(0xf, &(0x7f0000000380)={0xffffffffffffffff, 0xe0, &(0x7f0000000280)={0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, ""/16, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x71, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xf0, 0x8, 0x0, 0x0}}, 0x10)
r5 = openat$tun(0xffffff9c, &(0x7f0000000040), 0x0, 0x0)
ioctl$TUNSETIFF(r5, 0x400454ca, &(0x7f0000002280)={'pim6reg0\x00', 0x2102})
ioctl$TUNSETQUEUE(r5, 0x400454d9, &(0x7f0000000080)={'pim6reg1\x00', 0x400})
ioctl$TUNSETTXFILTER(r5, 0x401054d5, &(0x7f0000000380)=ANY=[@ANYBLOB="4504"])
r6 = openat$tun(0xffffff9c, &(0x7f0000000040), 0x0, 0x0)
ioctl$TUNSETIFF(r6, 0x400454ca, &(0x7f0000002280)={'pim6reg0\x00', 0x2102})
sendmsg$DEVLINK_CMD_RATE_SET(r3, &(0x7f00000005c0)={0x0, 0x0, &(0x7f0000000580)={&(0x7f0000000780)={0x44, r4, 0x1, 0x0, 0x0, {0x2a}, [@DEVLINK_ATTR_PORT_INDEX={0x8, 0x58, 0x2}, @handle=@nsim={{0xe}, {0xf, 0x2, {'netdevsim', 0x0}}}, @DEVLINK_ATTR_PORT_INDEX={0x8, 0x3, 0x2}]}, 0x44}, 0x1, 0x0, 0x0, 0x4001}, 0x0)
r7 = getpid()
syz_pidfd_open(r7, 0x0)
sendmsg$DEVLINK_CMD_RELOAD(r2, &(0x7f0000000240)={&(0x7f00000000c0)={0x10, 0x0, 0x0, 0x10}, 0xc, &(0x7f0000000200)={&(0x7f0000000180)={0x64, r4, 0x200, 0x70bd28, 0x25dfdbfb, {}, [{@nsim={{0xe}, {0xf, 0x2, {'netdevsim', 0x0}}}, @DEVLINK_ATTR_NETNS_PID={0x8, 0x8b, r7}}, {@nsim={{0xe}, {0xf, 0x2, {'netdevsim', 0x0}}}, @DEVLINK_ATTR_NETNS_FD={0x8, 0x8a, r1}}]}, 0x64}, 0x1, 0x0, 0x0, 0x4000000}, 0x10)

659.207172ms ago: executing program 0 (id=5648):
syz_usb_connect(0x3, 0x24, &(0x7f0000000dc0)={{0x12, 0x1, 0x0, 0xdb, 0x16, 0x89, 0x20, 0x2040, 0xd900, 0xa92c, 0x1, 0x2, 0x3, 0x1, [{{0x9, 0x2, 0x12, 0x1, 0x0, 0x0, 0x0, 0x0, [{{0x9, 0x4, 0x4c, 0x0, 0x0, 0xb2, 0x50, 0xcf}}]}}]}}, 0x0)
r0 = syz_open_dev$I2C(&(0x7f0000000040), 0x1, 0x2003)
ioctl$I2C_RDWR(r0, 0x707, &(0x7f0000000a40)={&(0x7f0000000800)=[{0x1900, 0x800, 0x0, 0x0}], 0x1})

654.262117ms ago: executing program 5 (id=5649):
r0 = socket$nl_generic(0x10, 0x3, 0x10)
r1 = socket$nl_netfilter(0x10, 0x3, 0xc)
sendmsg$IPCTNL_MSG_CT_DELETE(r1, &(0x7f0000000180)={0x0, 0x0, &(0x7f0000000140)={&(0x7f0000000280)={0x24, 0x2, 0x1, 0x301, 0x0, 0x0, {0x5, 0x0, 0x5}, [@CTA_MARK_MASK={0x8, 0x15, 0x1, 0x0, 0x3}, @CTA_TUPLE_REPLY={0x4}, @CTA_FILTER={0x4}]}, 0x24}, 0x1, 0x0, 0x0, 0x80}, 0x4814)
sendmsg$nl_generic(r0, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000180)={&(0x7f00000001c0)={0x30, 0x40, 0x107, 0x70bd2b, 0x0, {0x4, 0x7c}, [@nested={0x4, 0x1c2}, @nested={0xc, 0x1, 0x0, 0x1, [@typed={0x6, 0x6, 0x0, 0x0, @str='\x84;'}]}, @nested={0xc, 0x2, 0x0, 0x1, [@typed={0x8, 0x4, 0x0, 0x0, @pid}]}]}, 0x30}, 0x1, 0x0, 0x0, 0x4048011}, 0xc000)
socket$packet(0x11, 0x3, 0x300)
sendmmsg$alg(0xffffffffffffffff, &(0x7f0000000380)=[{0x0, 0x0, &(0x7f0000000540)=[{&(0x7f0000004180)="4c6070cdc3f22a0967", 0x9}], 0x1, 0x0, 0x0, 0x814}], 0x1, 0x4040054)
ioctl$TUNSETIFF(0xffffffffffffffff, 0x400454ca, &(0x7f0000000040)={'syzkaller0\x00', 0xca02})
r2 = socket$netlink(0x10, 0x3, 0x0)
preadv(0xffffffffffffffff, &(0x7f0000000340)=[{&(0x7f0000000280)=""/162}, {&(0x7f0000000000)=""/33}, {&(0x7f0000000140)=""/44, 0x4}], 0x4e, 0x300, 0x8000)
ioctl$SIOCSIFHWADDR(r2, 0x8914, &(0x7f0000002280)={'syzkaller0\x00', @link_local={0x1, 0x80, 0xc2, 0x0, 0x0, 0x2}})
socket$packet(0x11, 0x3, 0x300)
r3 = syz_open_dev$I2C(&(0x7f0000000d80), 0x0, 0x0)
ioctl$I2C_SMBUS(r3, 0x720, &(0x7f0000000380)={0x1, 0x0, 0x6, &(0x7f0000000340)={0xff, "bd12e80000000000000000001900000000000000000000a884dfcc00"}})
r4 = syz_open_procfs(0x0, &(0x7f00000000c0)='net/ptype\x00')
r5 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000040), 0x0, 0x0)
r6 = ioctl$KVM_CREATE_VM(r5, 0xae01, 0x0)
ioctl$KVM_SET_IRQCHIP(r6, 0x4048aec9, &(0x7f0000000740)={0x2, 0x0, @ioapic={0xd000, 0x101, 0xf7c, 0x3, 0x0, [{0x98, 0x27, 0x81, '\x00', 0x7f}, {0x1, 0xc, 0x81, '\x00', 0xf5}, {0xe9, 0x4, 0x7, '\x00', 0x1}, {0x6, 0x8, 0x3, '\x00', 0x8f}, {0xff, 0x7c, 0xb3, '\x00', 0x7}, {0xf, 0x2, 0x8, '\x00', 0xaa}, {0x7f, 0x8, 0x1, '\x00', 0x8}, {0x20, 0x6, 0x2, '\x00', 0x67}, {0x4, 0x7, 0x91, '\x00', 0x8}, {0x8, 0x2, 0x43, '\x00', 0x80}, {0xfc, 0x2, 0x4, '\x00', 0x3}, {0x2, 0x5, 0x3, '\x00', 0x8}, {0x4, 0x4, 0xa, '\x00', 0xa6}, {0x8, 0x0, 0x8, '\x00', 0x9}, {0x4, 0x4e, 0x9}, {0xe0, 0x5e, 0x4, '\x00', 0x3}, {0x5, 0x5, 0x7, '\x00', 0x5}, {0x0, 0x3, 0x3, '\x00', 0xff}, {0x7, 0x0, 0xf, '\x00', 0x3}, {0x4, 0x6, 0xb, '\x00', 0x3}, {0x7e, 0x5, 0x7, '\x00', 0x4}, {0x7, 0x40, 0x9, '\x00', 0x10}, {0x2, 0x8, 0x1, '\x00', 0x7}, {0x2, 0x7f, 0x92, '\x00', 0x8}]}})
r7 = openat$nullb(0xffffffffffffff9c, &(0x7f0000000040), 0x4000, 0x0)
r8 = dup(r7)
mmap(&(0x7f0000097000/0x1000)=nil, 0x1000, 0x4, 0x28011, r8, 0x0)
openat$cgroup_ro(r8, &(0x7f0000000080)='cgroup.stat\x00', 0x0, 0x0)
ioctl$KVM_CAP_VM_MOVE_ENC_CONTEXT_FROM(r6, 0x4068aea3, &(0x7f0000000000)={0xce, 0x0, r4})
preadv(r4, &(0x7f00000001c0)=[{&(0x7f0000000500)=""/212, 0xd4}], 0x1, 0x33, 0x0)

484.99578ms ago: executing program 5 (id=5651):
syz_open_dev$video4linux(&(0x7f0000000080), 0x0, 0x0)
r0 = socket$nl_netfilter(0x10, 0x3, 0xc)
r1 = socket$nl_xfrm(0x10, 0x3, 0x6)
sendmsg$nl_xfrm(r1, &(0x7f0000000540)={0x0, 0x0, &(0x7f0000000340)={&(0x7f0000001900)=ANY=[@ANYBLOB="7802000016000100000000000000000000000000000000000000000000000000ac1414bb0000000000000000000000004e200000000000000000a00000000000", @ANYRES32=0x0, @ANYRES32, @ANYBLOB="fe8000000000000000000000000000aa0000000033000000ff02000000000000000000000000000100000000000000000100000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000002000000000000000000000000000000000000000000000000000000000000000000000000000000000000000a0000000000000000000000050000000500000028001a00fc020000000000000000000000000001e00000010000000000000000000000000a0000fffb0002006563622861657329000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000098050000fc047849e965c278229b8fadf86fe6afe1fb7bcacdb9a614c622b17a36367e8780c26508e5121152a2e25b0cc176e37d989b6e501f95a361a2499229b77827b304622dc4fc4bad2cd496edcc3aebbd74b465b457cf5abcf10524e90a7fe795043e564b75eb7bda6015d5e38ff6a85bda2ea70ea53ff4fd4cf285aca48cd8616dc559abfda2ae8188e681ade9f1ed951bce919f5e9c040d433fc94f681575291d53a8bcf787f78d7902a22f95a21b78cc8c7b600008001800400000000c001c00", @ANYRES32=0x0, @ANYBLOB='\x00\x00\x00\x00$\x00\t'], 0x278}}, 0x0)
close(r0)
socket$nl_netfilter(0x10, 0x3, 0xc)
r2 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000240), 0x0, 0x0)
sendmsg$IPSET_CMD_CREATE(0xffffffffffffffff, &(0x7f0000000040)={0x0, 0x0, &(0x7f0000000080)={&(0x7f0000000140)=ANY=[@ANYBLOB="4c0000000206050000000000000000000000000005000400000000000900020073797a3200000000140007800500150000000000080012400000000000000500020006000500010006000000"], 0x4c}}, 0x0)
r3 = ioctl$KVM_CREATE_VM(r2, 0xae01, 0x0)
ioctl$KVM_CREATE_IRQCHIP(r3, 0xae60)
mprotect(&(0x7f0000000000/0x1000)=nil, 0x1000, 0x4)
ioctl$KVM_IRQ_LINE(r3, 0x4008ae61, &(0x7f0000000180)={0x9, 0xffffffff})

419.31329ms ago: executing program 1 (id=5652):
seccomp$SECCOMP_SET_MODE_FILTER_LISTENER(0x1, 0x0, &(0x7f00000000c0)={0x1, &(0x7f0000000080)=[{0x6, 0x0, 0x0, 0x7fff0000}]}) (async)
capset(&(0x7f0000a31000)={0x20071026}, &(0x7f0000000040))
bpf$PROG_LOAD(0x5, &(0x7f0000000240)={0x1, 0x4, &(0x7f0000000040)=@framed={{0xffffffb7, 0x5, 0x0, 0x0, 0x0, 0x79, 0x10, 0xbd}, [@ldst={0x5, 0x3, 0x0, 0xa}]}, &(0x7f00000002c0)='GPL\x00', 0x5, 0xfd90, &(0x7f0000000300)=""/188, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x8, &(0x7f0000000000), 0x1f3, 0x10, &(0x7f0000000080), 0xfffffffffffffc79}, 0x2a) (async)
r0 = fanotify_init(0x200, 0x0) (async)
r1 = open$dir(&(0x7f0000000000)='./file0\x00', 0x141440, 0x34)
fanotify_mark(r0, 0x1, 0x8001020, r1, 0x0)

339.355053ms ago: executing program 5 (id=5653):
pipe2(&(0x7f0000000000)={0xffffffffffffffff, <r0=>0xffffffffffffffff}, 0x0)
socketpair$unix(0x1, 0x3, 0x0, &(0x7f0000000080)={<r1=>0xffffffffffffffff, <r2=>0xffffffffffffffff})
connect$unix(r1, &(0x7f000057eff8)=@abs, 0x6e)
sendmmsg$unix(r2, &(0x7f00000bd000), 0x318, 0x0)
recvmmsg(r1, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
syz_open_dev$radio(0x0, 0xffffffffffffffff, 0x2)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
sched_setattr(0x0, &(0x7f0000000280)={0x38, 0x5, 0x8, 0x8001, 0x0, 0x9, 0x0, 0xfffffe0000000001, 0xfa11, 0xffffffff}, 0x0)
setxattr$system_posix_acl(&(0x7f0000002a00)='.\x00', &(0x7f0000000040)='system.posix_acl_default\x00', &(0x7f0000000a80)={{}, {0x1, 0x7}}, 0x24, 0x2)
syz_mount_image$fuse(0x0, &(0x7f0000001540)='./file0\x00', 0x50000, 0x0, 0x1, 0x0, 0x0)
r3 = syz_usb_connect(0x0, 0x24, &(0x7f0000000040)=ANY=[@ANYBLOB="1201000003005740ed0b0011c3ec000000010902120001000000000904"], 0x0)
syz_usb_control_io(r3, 0x0, &(0x7f00000010c0)={0x84, &(0x7f00000000c0)=ANY=[@ANYBLOB="00000100000008"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0})
syz_usb_control_io$printer(r3, 0x0, 0x0)
syz_usb_control_io$uac1(r3, 0x0, &(0x7f0000000540)={0x24, &(0x7f0000000200)=ANY=[@ANYBLOB="200549000000ed7fa240610d12a37ea7e85ef781875f247abef3501c4f6927ebb9f1f81049bc46b6ab45ad5e7d1273b47f0c21de729bc1f272ba3e94700b5f1c2dab6375c458de"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0})
setxattr$system_posix_acl(&(0x7f0000002fc0)='./file0\x00', &(0x7f0000003000)='system.posix_acl_default\x00', &(0x7f0000003180)={{}, {0x1, 0x3}, [], {0x4, 0x7}, [], {}, {0x20, 0x2}}, 0x24, 0x0)
rmdir(&(0x7f0000000000)='./file0\x00')
r4 = openat$ttyS3(0xffffffffffffff9c, &(0x7f0000000200), 0x48000, 0x0)
ioctl$TIOCMGET(r4, 0x5415, 0x0)
connect$tipc(0xffffffffffffffff, 0x0, 0x0)
keyctl$search(0xa, 0x0, &(0x7f00000000c0)='asymmetric\x00', &(0x7f0000000200)={'syz', 0x3}, 0x0)
r5 = openat$snapshot(0xffffffffffffff9c, &(0x7f0000000000), 0x181001, 0x0)
setsockopt$MRT6_ADD_MIF(0xffffffffffffffff, 0x29, 0xca, &(0x7f00000000c0)={0x0, 0x1, 0x7, 0x0, 0xffffffff}, 0xc)
setsockopt$MRT6_DEL_MIF(0xffffffffffffffff, 0x29, 0xcb, &(0x7f0000000540), 0xc)
ioctl$SNAPSHOT_UNFREEZE(r5, 0x3302)
ioctl$VFAT_IOCTL_READDIR_SHORT(r5, 0x82307202, 0x0)
openat$kvm(0xffffffffffffff9c, 0x0, 0x2, 0x0)
ioctl$DRM_IOCTL_GET_CLIENT(0xffffffffffffffff, 0xc0286405, &(0x7f0000000080)={0x0, 0x9, {0xffffffffffffffff}, {0xffffffffffffffff}, 0xbd, 0x6})
close_range(r0, 0xffffffffffffffff, 0x0)

255.737679ms ago: executing program 1 (id=5654):
r0 = socket$packet(0x11, 0x3, 0x300)
ioctl$sock_SIOCGIFINDEX(r0, 0x8933, &(0x7f0000000080)={'veth0\x00', <r1=>0x0})
setsockopt$packet_int(r0, 0x107, 0x14, &(0x7f0000000180)=0x19ca, 0x4)
setsockopt$packet_int(r0, 0x107, 0xf, &(0x7f0000000000)=0xf3f, 0x4)
sendto$packet(r0, &(0x7f00000000c0)="3f03fe7feee8140006001e0089e9aaa911d7c2290f0086dd1327c9167c643c4a1b788061", 0x24, 0x0, &(0x7f0000000540)={0xc9, 0x0, r1, 0x1, 0x0, 0x6, @multicast}, 0x14)

147.952893ms ago: executing program 2 (id=5655):
r0 = openat$binderfs(0xffffffffffffff9c, &(0x7f00000000c0)='./binderfs/binder0\x00', 0x0, 0x0)
ioctl$BINDER_SET_CONTEXT_MGR_EXT(r0, 0x4018620d, &(0x7f0000000480)={0x73622a85, 0x0, 0x2})
r1 = openat$binderfs(0xffffffffffffff9c, &(0x7f0000000200)='./binderfs/binder0\x00', 0x0, 0x0)
ioctl$BINDER_WRITE_READ(r1, 0xc0306201, &(0x7f0000000080)={0x0, 0x0, 0x0, 0x0, 0x0, 0x0})
r2 = dup3(r1, r0, 0x0)
ioctl$BINDER_WRITE_READ(r2, 0xc0306201, &(0x7f00000002c0)={0x8, 0x0, &(0x7f0000000180)=[@decrefs], 0x0, 0x0, 0x0})

94.821934ms ago: executing program 1 (id=5656):
r0 = socket(0xa, 0x3, 0x3a)
ioctl$sock_SIOCGIFINDEX(r0, 0x8933, &(0x7f0000000240)={'macvlan0\x00', <r1=>0x0})
r2 = socket$nl_route(0x10, 0x3, 0x0)
r3 = openat$vmci(0xffffffffffffff9c, &(0x7f0000000040), 0x2, 0x0)
ioctl$IOCTL_VMCI_VERSION2(r3, 0x7a7, &(0x7f0000000000)=0x10000)
ioctl$IOCTL_VMCI_INIT_CONTEXT(r3, 0x7a0, &(0x7f0000000100)={@local})
ioctl$IOCTL_VMCI_CTX_SET_CPT_STATE(r3, 0x7b2, &(0x7f0000000180)={&(0x7f0000000680)=[0x100000, 0x8, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xfffffffe, 0x0, 0x0, 0xfffffffd, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4, 0x0, 0x6, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x6, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xd5, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xd, 0x0, 0x0, 0x0, 0x0, 0x0, 0x9, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xc5a, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1000000, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xfffffffc, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x6, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xfffffffc, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1000, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x9, 0x0, 0x0, 0x5, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x40, 0x0, 0x0, 0x0, 0x8000000, 0x0, 0x3ff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x800, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xfffffffd, 0x0, 0x0, 0x0, 0x100003, 0x4, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xfffffffe, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xfffffffb, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2, 0x200000, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4, 0x0, 0x3, 0x0, 0x0, 0x0, 0xfffffffe, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xfffffffe, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1ff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x934a, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xfffffffd, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xfffffffc, 0x4], 0x1, 0x400})
ioctl$IOCTL_VMCI_CTX_GET_CPT_STATE(r3, 0x7b1, &(0x7f0000000080)={&(0x7f00000016c0)=[0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x20000, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xfffffffe, 0x0, 0x0, 0x0, 0x2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1000, 0x0, 0x0, 0x3, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x282, 0x0, 0x0, 0x4, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x20, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x800, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3, 0x0, 0x0, 0x2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xfffffffd, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1000, 0x0, 0x0, 0x0, 0x0, 0x0, 0xfffffffc, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xfcb, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3, 0x0, 0x0, 0x0, 0x0, 0x0, 0x8, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x400000, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x40000, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x6, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x573, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xfffffff8, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x8000000, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xffffffff, 0x0, 0x8e, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1000, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x72c, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xfffffffd, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x8, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xfffdfffc, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4, 0x2, 0x0, 0x1, 0x0, 0x0, 0x0, 0x21, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x9, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xfffffffe, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xfffffffd, 0x92, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x6, 0x0, 0x0, 0x3, 0x0, 0x0, 0x0, 0x0, 0x0, 0xa, 0x0, 0x0, 0x1], 0x1, 0x400})
sendmsg$nl_route(r2, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000140)={&(0x7f0000000bc0)=ANY=[@ANYBLOB="2000000011000100"/20, @ANYRES32=r1], 0x20}, 0x1, 0x0, 0x0, 0x24008050}, 0x20008000)

0s ago: executing program 2 (id=5657):
socketpair$unix(0x1, 0x3, 0x0, &(0x7f0000000080)={<r0=>0xffffffffffffffff, <r1=>0xffffffffffffffff})
connect$unix(r0, &(0x7f000057eff8)=@abs, 0x6e)
sendmmsg$unix(r1, &(0x7f00000bd000), 0x318, 0x0)
recvmmsg(r0, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
madvise(&(0x7f0000000000/0x4000)=nil, 0x0, 0x12)
syz_genetlink_get_family_id$ethtool(0x0, 0xffffffffffffffff)
sched_setattr(0x0, &(0x7f0000000280)={0x38, 0x5, 0x8, 0x8001, 0x0, 0x9, 0x0, 0xfffffe0000000001, 0xfa11, 0xffffffff}, 0x0)
madvise(&(0x7f0000a93000/0x4000)=nil, 0x4000, 0xe)
mremap(&(0x7f0000a96000/0x1000)=nil, 0x1000, 0x800000, 0x3, &(0x7f0000130000/0x800000)=nil)
prctl$PR_SET_IO_FLUSHER(0x43, 0x1)
prctl$PR_SET_IO_FLUSHER(0x43, 0x0)
r2 = creat(&(0x7f0000000100)='./file0\x00', 0xecf86c37d5304994)
write$binfmt_script(r2, &(0x7f00000002c0)={'#! ', './file0', [], 0xa, "1f410e2852ad52cb07410969e814977e4f2c4a80522094786c8673fb61cf8b86bd030000005a3c7c04055f1f70e4064d46b2bb9e5100d446bb6afb2c0fc07b58f4a9c1006a0b6c05639e23ec12979ff9b48ca61e6dec58682449c75d86eb4337b8d343ed9c18927289d3d788fa281a5742690ff5a505cfff34fc1503afbfd2d44b50e4ca119f67b2890064d83a34eae5f4e64ae0c7c124730f21dcbc2d36ade1464efc381735512e000bc2b08cd6d659d3cfb1f79688235dd8"}, 0xc4)
bpf$PROG_LOAD(0x5, &(0x7f00000017c0)={0x1, 0xe, &(0x7f0000000380)=ANY=[@ANYBLOB="b700000012edfffebfa30000000000000703000028feffff7a0af0fff8ffffff61a4f0ff000000003e040000000000005d000000000000000704000012da0aff2500000017ffffffae040000000000007b0a00fe000000006e04000000000000c6000000000000009500000000000000023bc065b7a379d17cf9333379fc9e84af69912435f1b6a693002e7f3be3619184a0b139d8d4209c8ef1e50b91f32050e436fe275daf51efd601b6482a0800000098efd2a102ee010400006e7a1de4a21f379dbf01de00b1b564fef3bef70548aed0d600c095199fe3ff3128e599b0eaebbdbd7359a48f5b0afc532ef58de3c1b7646cb7798b3e6440c2fbdb00a3e35208b0bbf12cd8dff095edc710e4000000000000009fbe4b61a615c6c57a2b649dc74a1a610643b08d9ec21ead2ed51b104d4d91af25b8123deda8a3658d42ecbf28bf6d8e8afcb913466aaa7f6df70252e79166d8582755a314d31a76e42f2460d0b11008e59a5923906f88b53987ad1714e72ba7a54f0800000000000000d5f728d236619074d6ebdf098bc908f50ae728a40f9411fe7226a4040b96e37c4f46010400000000c3da29faf75ddd1aa96960bca97af133824b881cc1f62c0f8f8f0e8d76b86f9c45636614786f5a2cb77230a874640dcbe0b20bb77c022d4cab080078fce8c5c81b7037181fc2f18f781aaa6e2957d7e39cc1baddcb7ec6667e699f24e41697ee7ea23e4b29a8b6cc9a1f5a7b3caae05f13792292cb949b3aab06b1e042ff2164d80c605532b18ab1c156b97e5889685a96949e4cb40df77b8bb84b0e733a63784ccc214d930cbb7e090df9a2867b3acec439c163fc8706869ada11390d4dbcf840fa68e7d7071b53ac29df826f8ae6d6e18c1eacf5bf870768d5217e9bb5a05d9e224e67f1231bd236ed200073824d93c4e1a0f50a74bb4850486727d970acc546087acbf30f2f8165b47ba56dfadd14b306e98931485747292c6fe6e188750cf4f87cce2aa7d67c7133a9f05954cde298a35ea6d715ba80aee63300000000000000000000000000000000000040000000000000000386000000b854adb4f8080064e8407c6bdb37114c80fbaa4a0ec5aaf4b0ac6f2128668279eb6fc144344e2d461c9a1be8fa0061ea9d55ee4716bea8e1cebf9ed39325ab4c5530dd6ee9fffc00000000000000d7c5af73c683625aaad5eda5004a76c9f8975ed4c5e4eb3e77e9885f69754932609f19e2f615a01cb6d17fbf5cb539403cb0572534f054d5514ad8264f7b029b2bdf2ca4958a62a6e744f9a4c1e646e1dd2ca19583f0f8b0dc53debd7d44f334e6ed7445a9580f970e483b307c4b3c018bc194b23d37e6a2e52d8288e5aab6fec586d52386e8c07a88c88e8faec5f1b16b2014f6952ce7d6be12c6bdb9651ca6fc907061be311d1354e6295698594a73136237bee068d3819400e43544830a3f74b7942f22336953978a5b2032da4238cc61162c04c1297395b73e18c9387615a2bc87d9e2445f3d323d3fac347926a4bac694c55fe9d145906d410f58f1951405d10504efe402cae085afef5dbd617e87ddbd239e4a50d7eb8e327fb5db12cbd6a9efe8e671c4f251cafffe3400a670d14b9b3cd8d86e492997a0168c022ef3536bd1dc731f4f9f8cb6c3857fb8aaaa95024f8da775f72950212b84fc6133ae14d1429cd4905dabb52e43af7e65acf97b4951fa1e967d16a5ed642efc855a4a46b85cd079934ad3188276efae9387eaa232697526e24b5d4fded86c3811ccd00520150b16000080122965558074956da5e4c3bbefcb64aa8be4456ed2caf0f467b6bbf3aa4371f5e76ab3f60afea80bb066aafb7517f787b090f419a20278a3c779e03afd9a6af6fd518e5dce030f88ec5a5cb7601a161da0f80893220800c523040d13e1f1300c2c6555bce60d95dd3288e53435713f03add23f14c8db5555c62de4f626483632a2ab547f88dd6efec73a0271a19ca3aa860aa4dcaeeb9bd91a0cb429efae2a5fcc08b3a572969bbe917d1767e38ba49e3e57fafea83e495a6a1d1a4ebf83434986091dd66ffe3ffed0c39552a312e2db596d9c827e02f6fc13c8ddbb50bfd7dd8aa2f35f259fc83e007fe79d2d25e30830b92fca00a292dd3b856faa4b7e66e1b64505f65900839df71a97d4d07d37f7ecf8ed9a22da26ae674bba16c204f6b2f8f74fc56b7126d7c11ece6e88ec41192aaee75415c58d264a2b6adae02c821b62428902aad499825ab85a348638384cd12e61dbde5c47056f0a20b4e2a2328d5db5cfe56557a129e6be231acf5f57995c60d9fca5f63a0dfd18054717120bda466d04774b53208ad8b022719ca77a4e0a66b4708f791d849a5e2aaa0074a9560ede2600df5a5c41392fe9460080fcb1e65233fb8dbeec4c86dbcf6a0673e38d2d3615e5bfbde44afe0fa7564231fff7e7f1f3ad68492dd2ccb1decb15b5d7d3e37e8b7d28921c4b9280979521173f322df408d9818b6cc400098abb869921911480a876fbba698801937e8b4264eb6f5137bdaa075f1488d22230592a79000000000000000000000000000000000000000000110000000000000000000000000000000000000000000000000000000000000000002f316aa0886c174b73decb46c1c85edf50d8fcbac5ff76b365611666da86a8e65b308706bd7c000000000000003f7cd4d5cb9076b81b7741ec03877afb5237ea1694addebc14c3ae49f88c462ea2050acf2d9a97d3be29a5614d1eba2c98cf0236401e02d7c445e50f76419ab4f78f67a09e63dd4faa2e7b59399f055f2fa278783f26d0a52aefb0a5ef0b41e14a6fe6b8306206670b84894e901a523fcbadfeff535f2514bc834e876810d9a6a78e70a9e22860c36a724770b4185de44db6bf21fef32a8d5b36d9014f38fee012365f963b2a85e7d8075c333475b9f0284405e3127dde7e41285fbe0bdd370c06c6a41744c3d24eab511317f97b7b4a1c2ec33fedc46e9bf0fa640eebd3d58f0ebdb7cb8ccffd6d6ab7e0e843591d2618e2d2cdc7081c8fafffe9c3500800000087de4ee7aac6478d99de7dd82bef044a6d33c789d566c90c46ad581aa22f910547a77d55e26bf19f1d4661550b177ef53933a305e69b8a95119dcf5bda599d625054776151b2cd1fcde238bdc527594a6c17aa9728af24e2bb7a3830e7092b01b119ea4e7e7f0e21527d622cc29c9f0c8720195368f8374337ab4d130619d93c5ef37e7ddd0b2da147e6e513455b88753452de959a6cbfa1ffbc7ad5d8c3b48017fd31dcf72f337b639253f44cb27a12174bc4c191e21015d0c431a71906eb9c6a14c8a060459ef26787ce3d1cbfd5cc459f0048b5d06f6cbd3e9b34c89f3fb2f951ae81d7fcc8bc0000000000000000000000000000000000000000009231feef3117197c796369f776c8b2ea3970f358107945d9e74e9bdfa58e68b65a9201bc4b73b431df5aa29f363917f90e3fa1eaf553db1c761dd9b634a9c4d7c21d24fe6d953ed9438cad0f8dfe03e5e2f73019352f1fb682a5a6ebbf24ebc49e3d7058e696eb3f4b642f36c9006c0067e24a64aa8c53dd824a4ee271e35ed90000800847683c08bfda74a143c855030ae004ac797c575c202d8091eb77565212548ead770d680000000000"], &(0x7f00000001c0)='GPL\x00'}, 0x48)
write$FUSE_NOTIFY_STORE(r2, &(0x7f0000000040)=ANY=[@ANYBLOB], 0x28)
close(r2)
execve(&(0x7f0000000000)='./file0\x00', 0x0, 0x0)
madvise(&(0x7f0000000000/0x600000)=nil, 0x600002, 0x9)
r3 = bpf$MAP_CREATE(0x0, &(0x7f0000000dc0)=ANY=[@ANYBLOB="1e05efd30e000000100000000200000000030000", @ANYRES32=r2, @ANYBLOB="0100"/20, @ANYRES32=r2, @ANYRES32=r2, @ANYBLOB="0200000004000000020000000b00"/28], 0x50)
bpf$MAP_UPDATE_BATCH(0x1a, &(0x7f0000000300)={0xffffffffffffffff, 0x0, &(0x7f00000000c0), &(0x7f0000000240), 0x800, r3}, 0x38)
mkdirat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000000)='./cgroup/syz0\x00', 0x1ff)
syz_genetlink_get_family_id$nl80211(&(0x7f00000000c0), r2)
munmap(&(0x7f00003aa000/0xe000)=nil, 0xe000)
r4 = openat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000000), 0x200002, 0x0)
recvmmsg$unix(0xffffffffffffffff, &(0x7f0000003940)=[{{&(0x7f0000000e40), 0x6e, &(0x7f0000000240)=[{&(0x7f0000000ec0)=""/98, 0x62}, {&(0x7f0000000f40)=""/154, 0x9a}], 0x2}}, {{0x0, 0x0, &(0x7f00000011c0)=[{&(0x7f0000001080)=""/35, 0x23}, {&(0x7f00000010c0)=""/27, 0x1b}, {&(0x7f0000001100)=""/33, 0x21}, {&(0x7f0000001140)=""/105, 0x69}], 0x4}}, {{&(0x7f0000001200), 0x6e, &(0x7f00000019c0)=[{&(0x7f0000001280)=""/184, 0xb8}, {&(0x7f0000001340)=""/93, 0x5d}, {&(0x7f00000013c0)=""/24, 0x18}, {&(0x7f0000001400)=""/76, 0x4c}, {&(0x7f0000001480)=""/4, 0x4}, {&(0x7f00000014c0)=""/219, 0xdb}, {&(0x7f00000015c0)=""/208, 0xd0}, {&(0x7f00000016c0)=""/247, 0xf7}, {&(0x7f0000001880)=""/1, 0x1}, {&(0x7f00000018c0)=""/218, 0xda}], 0xa, &(0x7f0000001a40)=[@rights={{0x14, 0x1, 0x1, [0xffffffffffffffff, 0xffffffffffffffff]}}], 0x14}}, {{0x0, 0x0, &(0x7f0000002140)=[{&(0x7f0000001a80)=""/117, 0x75}, {&(0x7f0000001b00)=""/183, 0xb7}, {&(0x7f0000001bc0)=""/75, 0x4b}, {&(0x7f0000001c40)=""/75, 0x4b}, {&(0x7f0000001cc0)=""/250, 0xfa}, {&(0x7f0000001dc0)=""/19, 0x13}, {&(0x7f0000001e00)=""/69, 0x45}, {&(0x7f0000001e80)=""/253, 0xfd}, {&(0x7f0000001f80)=""/146, 0x92}, {&(0x7f0000002040)=""/198, 0xc6}], 0xa, &(0x7f00000021c0)=[@cred={{0x18}}, @rights={{0x18, 0x1, 0x1, [0xffffffffffffffff, 0xffffffffffffffff, 0xffffffffffffffff]}}, @rights={{0x24, 0x1, 0x1, [0xffffffffffffffff, 0xffffffffffffffff, 0xffffffffffffffff, 0xffffffffffffffff, 0xffffffffffffffff, 0xffffffffffffffff]}}, @rights={{0x34, 0x1, 0x1, [0xffffffffffffffff, 0xffffffffffffffff, 0xffffffffffffffff, 0xffffffffffffffff, 0xffffffffffffffff, 0xffffffffffffffff, 0xffffffffffffffff, 0xffffffffffffffff, 0xffffffffffffffff, 0xffffffffffffffff]}}, @cred={{0x18}}, @rights={{0x18, 0x1, 0x1, [0xffffffffffffffff, 0xffffffffffffffff, 0xffffffffffffffff]}}], 0xb8}}, {{&(0x7f0000002280)=@abs, 0x6e, &(0x7f0000002480)=[{&(0x7f0000002300)=""/210, 0xd2}, {&(0x7f0000002400)=""/119, 0x77}], 0x2}}], 0x5, 0x10000, &(0x7f0000003a40))
r5 = openat$cgroup_ro(r4, &(0x7f0000000040)='cgroup.freeze\x00', 0x275a, 0x0)
write$cgroup_int(r5, &(0x7f0000000200)=0x1, 0x12)
write$cgroup_pid(r5, &(0x7f0000000140), 0x12)
syz_usb_connect(0x2, 0x2d, &(0x7f0000000000)=ANY=[@ANYBLOB="120100007e3dc410cd0621013ddd0102030109021b00010009400009048500"], 0x0)

kernel console output (not intermixed with test programs):

_files+0x3a0/0x420
[ 1560.984119][T24244]  __sys_sendmsg+0x183/0x260
[ 1560.984140][T24244]  ? __pfx___sys_sendmsg+0x10/0x10
[ 1560.984171][T24244]  ? __pfx_ksys_write+0x10/0x10
[ 1560.984201][T24244]  __do_fast_syscall_32+0x1d2/0x540
[ 1560.984219][T24244]  ? lockdep_hardirqs_on+0x7a/0x110
[ 1560.984233][T24244]  ? do_fast_syscall_32+0x33/0x70
[ 1560.984249][T24244]  ? asm_int80_emulation+0x1a/0x20
[ 1560.984263][T24244]  ? do_int80_emulation+0x20e/0x400
[ 1560.984284][T24244]  do_fast_syscall_32+0x33/0x70
[ 1560.984302][T24244]  entry_SYSENTER_compat_after_hwframe+0x84/0x8e
[ 1560.984320][T24244] RIP: 0023:0xf7f63539
[ 1560.984336][T24244] Code: 03 74 b4 01 10 07 03 74 b0 01 10 08 03 74 d8 01 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 51 52 55 89 e5 0f 34 cd 80 <5d> 5a 59 c3 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90
[ 1560.984351][T24244] RSP: 002b:00000000f542650c EFLAGS: 00000206 ORIG_RAX: 0000000000000172
[ 1560.984369][T24244] RAX: ffffffffffffffda RBX: 0000000000000004 RCX: 0000000080000240
[ 1560.984381][T24244] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000000000000
[ 1560.984391][T24244] RBP: 0000000000000000 R08: 0000000000000000 R09: 0000000000000000
[ 1560.984401][T24244] R10: 0000000000000000 R11: 0000000000000206 R12: 0000000000000000
[ 1560.984412][T24244] R13: 0000000000000000 R14: 0000000000000000 R15: 0000000000000000
[ 1560.984439][T24244]  </TASK>
[ 1561.672659][ T5894] cp210x 6-1:0.0: failed to get vendor val 0x000e size 3: -32
[ 1561.691768][ T5894] usb 6-1: cp210x converter now attached to ttyUSB0
[ 1561.846624][T24248] Bluetooth: hci1: Opcode 0x0c1a failed: -4
[ 1561.852756][T24248] Bluetooth: hci3: Opcode 0x0c1a failed: -4
[ 1561.858968][T24248] Bluetooth: hci2: Opcode 0x0c1a failed: -4
[ 1561.865097][T24248] Bluetooth: hci4: Opcode 0x0c1a failed: -4
[ 1562.028549][T24233] random: crng reseeded on system resumption
[ 1562.101265][T24233] pim6reg: entered allmulticast mode
[ 1562.118056][T24233] pim6reg: left allmulticast mode
[ 1562.184580][ T5894] usb 6-1: USB disconnect, device number 95
[ 1562.206532][ T5894] cp210x ttyUSB0: cp210x converter now disconnected from ttyUSB0
[ 1562.266800][T24265] netlink: 88 bytes leftover after parsing attributes in process `syz.0.5272'.
[ 1562.299403][ T5894] cp210x 6-1:0.0: device disconnected
[ 1562.344062][T10807] usb 3-1: new low-speed USB device number 69 using dummy_hcd
[ 1562.411357][T24265] netlink: 'syz.0.5272': attribute type 21 has an invalid length.
[ 1562.419681][T24265] netlink: 128 bytes leftover after parsing attributes in process `syz.0.5272'.
[ 1562.429961][T24265] netlink: 'syz.0.5272': attribute type 4 has an invalid length.
[ 1562.440206][T24265] netlink: 3 bytes leftover after parsing attributes in process `syz.0.5272'.
[ 1562.527156][T10807] usb 3-1: config index 0 descriptor too short (expected 6427, got 27)
[ 1562.537242][T10807] usb 3-1: config 0 has an invalid interface number: 21 but max is 0
[ 1562.553884][T10807] usb 3-1: config 0 has no interface number 0
[ 1562.560661][T10807] usb 3-1: config 0 interface 21 altsetting 0 endpoint 0x82 is Bulk; changing to Interrupt
[ 1562.571847][T10807] usb 3-1: config 0 interface 21 altsetting 0 endpoint 0x82 has invalid wMaxPacketSize 0
[ 1562.582497][T10807] usb 3-1: New USB device found, idVendor=06cd, idProduct=0202, bcdDevice=92.d4
[ 1562.594560][T10807] usb 3-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[ 1562.731384][T10807] usb 3-1: config 0 descriptor??
[ 1563.342358][T24278] binder: BINDER_SET_CONTEXT_MGR already set
[ 1563.348596][T24278] binder: 24277:24278 ioctl 4018620d 80000480 returned -16
[ 1563.412417][T24281] netlink: 16 bytes leftover after parsing attributes in process `syz.5.5281'.
[ 1563.519625][T24285] syzkaller0: entered promiscuous mode
[ 1563.526371][T24285] syzkaller0: entered allmulticast mode
[ 1563.576618][T10807] input: USB Keyspan Remote 06cd:0202 as /devices/platform/dummy_hcd.2/usb3/3-1/3-1:0.21/input/input50
[ 1563.613276][T10807] input: failed to attach handler kbd to device input50, error: -5
[ 1563.658225][T24287] netlink: 88 bytes leftover after parsing attributes in process `syz.1.5280'.
[ 1563.664007][ T5827] Bluetooth: hci1: command 0x0406 tx timeout
[ 1563.789233][T24291] netlink: 'syz.1.5280': attribute type 21 has an invalid length.
[ 1563.929414][T24291] netlink: 128 bytes leftover after parsing attributes in process `syz.1.5280'.
[ 1563.939719][  T983] usb 3-1: USB disconnect, device number 69
[ 1563.975182][ T5827] Bluetooth: hci4: command 0x040f tx timeout
[ 1563.981483][T16386] Bluetooth: hci2: command 0x0406 tx timeout
[ 1563.988112][T16386] Bluetooth: hci3: command 0x0c1a tx timeout
[ 1564.156907][T24291] netlink: 'syz.1.5280': attribute type 4 has an invalid length.
[ 1564.167092][T24291] netlink: 3 bytes leftover after parsing attributes in process `syz.1.5280'.
[ 1564.633738][T24292] Bluetooth: hci1: Opcode 0x0c1a failed: -4
[ 1564.694675][T24292] Bluetooth: hci3: Opcode 0x0c1a failed: -4
[ 1564.786896][T24301] fuse: Bad value for 'fd'
[ 1564.792258][T24292] Bluetooth: hci2: Opcode 0x0c1a failed: -4
[ 1564.821253][T24292] Bluetooth: hci4: Opcode 0x0c1a failed: -4
[ 1564.875985][T24304] openvswitch: netlink: Flow actions may not be safe on all matching packets.
[ 1565.065187][T24310] netlink: 8 bytes leftover after parsing attributes in process `syz.0.5289'.
[ 1565.084080][  T983] usb 6-1: new full-speed USB device number 96 using dummy_hcd
[ 1565.117589][T24310] macvlan2: entered promiscuous mode
[ 1565.122928][T24310] macvlan2: entered allmulticast mode
[ 1565.179964][T24310] mac80211_hwsim hwsim118 wlan0: entered allmulticast mode
[ 1565.338699][  T983] usb 6-1: config 0 has an invalid interface number: 133 but max is 0
[ 1565.357607][  T983] usb 6-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config
[ 1565.427030][  T983] usb 6-1: config 0 has no interface number 0
[ 1565.478035][T16384] usb 3-1: new high-speed USB device number 70 using dummy_hcd
[ 1565.514866][T24322] syzkaller0: entered promiscuous mode
[ 1565.521905][T24322] syzkaller0: entered allmulticast mode
[ 1565.751179][  T983] usb 6-1: New USB device found, idVendor=06cd, idProduct=0121, bcdDevice=dd.3d
[ 1565.781810][  T983] usb 6-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[ 1565.864594][  T983] usb 6-1: Product: syz
[ 1565.868806][  T983] usb 6-1: Manufacturer: syz
[ 1565.873400][  T983] usb 6-1: SerialNumber: syz
[ 1565.929353][  T983] usb 6-1: config 0 descriptor??
[ 1565.935531][T24329] netlink: 20 bytes leftover after parsing attributes in process `syz.2.5296'.
[ 1565.963171][T24329] netlink: 4 bytes leftover after parsing attributes in process `syz.2.5296'.
[ 1566.054126][ T5144] Bluetooth: hci1: command 0x0406 tx timeout
[ 1566.354237][T10807] usb 1-1: new high-speed USB device number 25 using dummy_hcd
[ 1566.517694][T10807] usb 1-1: New USB device found, idVendor=0bed, idProduct=1100, bcdDevice=ec.c3
[ 1566.527815][T10807] usb 1-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[ 1566.540417][T10807] usb 1-1: config 0 descriptor??
[ 1566.563484][T10807] cp210x 1-1:0.0: cp210x converter detected
[ 1566.798173][ T5144] Bluetooth: hci3: command 0x0c1a tx timeout
[ 1566.854141][ T5144] Bluetooth: hci4: command 0x040f tx timeout
[ 1566.860213][ T5144] Bluetooth: hci2: command 0x0406 tx timeout
[ 1567.031700][T10807] cp210x 1-1:0.0: failed to get vendor val 0x000e size 3: -32
[ 1567.057800][T10807] usb 1-1: cp210x converter now attached to ttyUSB0
[ 1567.263396][T24333] random: crng reseeded on system resumption
[ 1567.318082][T24333] pim6reg: entered allmulticast mode
[ 1567.329389][T24333] pim6reg: left allmulticast mode
[ 1567.523533][T10807] usb 1-1: USB disconnect, device number 25
[ 1567.544322][T10807] cp210x ttyUSB0: cp210x converter now disconnected from ttyUSB0
[ 1567.608748][T10807] cp210x 1-1:0.0: device disconnected
[ 1567.978086][  T983] keyspan 6-1:0.133: Keyspan 1 port adapter converter detected
[ 1567.986271][  T983] keyspan 6-1:0.133: found no endpoint descriptor for endpoint 82
[ 1568.087060][  T983] keyspan 6-1:0.133: found no endpoint descriptor for endpoint 81
[ 1568.115446][  T983] keyspan 6-1:0.133: found no endpoint descriptor for endpoint 1
[ 1568.146412][  T983] keyspan 6-1:0.133: found no endpoint descriptor for endpoint 2
[ 1568.183027][T24361] syzkaller0: entered promiscuous mode
[ 1568.189771][T24361] syzkaller0: entered allmulticast mode
[ 1568.190481][  T983] usb 6-1: Keyspan 1 port adapter converter now attached to ttyUSB0
[ 1568.238402][  T983] usb 6-1: USB disconnect, device number 96
[ 1568.286931][  T983] keyspan_1 ttyUSB0: Keyspan 1 port adapter converter now disconnected from ttyUSB0
[ 1568.339902][  T983] keyspan 6-1:0.133: device disconnected
[ 1568.704074][  T983] usb 6-1: new full-speed USB device number 97 using dummy_hcd
[ 1568.865964][  T983] usb 6-1: config 0 has an invalid interface number: 53 but max is 0
[ 1568.874184][ T5909] usb 3-1: new high-speed USB device number 71 using dummy_hcd
[ 1568.975765][  T983] usb 6-1: config 0 has no interface number 0
[ 1569.014303][  T983] usb 6-1: New USB device found, idVendor=10d2, idProduct=7186, bcdDevice=23.a0
[ 1569.024630][  T983] usb 6-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[ 1569.032680][  T983] usb 6-1: Product: syz
[ 1569.037396][  T983] usb 6-1: Manufacturer: syz
[ 1569.042006][  T983] usb 6-1: SerialNumber: syz
[ 1569.078976][  T983] usb 6-1: config 0 descriptor??
[ 1569.147050][ T5909] usb 3-1: New USB device found, idVendor=0bed, idProduct=1100, bcdDevice=ec.c3
[ 1569.156294][ T5909] usb 3-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[ 1569.166695][ T5909] usb 3-1: config 0 descriptor??
[ 1569.175932][ T5909] cp210x 3-1:0.0: cp210x converter detected
[ 1569.297721][T24359] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy
[ 1569.307659][T24359] misc raw-gadget: fail, usb_gadget_register_driver returned -16
[ 1569.322927][  T983] usblcd 6-1:0.53: USBLCD model not supported.
[ 1569.332835][  T983] usb 6-1: USB disconnect, device number 97
[ 1569.699654][ T5909] cp210x 3-1:0.0: failed to get vendor val 0x000e size 3: -32
[ 1569.715858][ T5909] usb 3-1: cp210x converter now attached to ttyUSB0
[ 1569.921638][T24364] random: crng reseeded on system resumption
[ 1569.959119][T24364] pim6reg: entered allmulticast mode
[ 1569.988413][T24364] pim6reg: left allmulticast mode
[ 1570.014218][ T5894] usb 2-1: new high-speed USB device number 111 using dummy_hcd
[ 1570.053735][T10807] usb 3-1: USB disconnect, device number 71
[ 1570.073371][T10807] cp210x ttyUSB0: cp210x converter now disconnected from ttyUSB0
[ 1570.090849][T10807] cp210x 3-1:0.0: device disconnected
[ 1570.188587][ T5894] usb 2-1: Using ep0 maxpacket: 8
[ 1570.209571][ T5894] usb 2-1: config index 0 descriptor too short (expected 301, got 45)
[ 1570.219803][ T5894] usb 2-1: config 16 interface 0 altsetting 0 endpoint 0x5 has invalid wMaxPacketSize 0
[ 1570.233584][ T5894] usb 2-1: config 16 interface 0 altsetting 0 bulk endpoint 0x5 has invalid maxpacket 0
[ 1570.258383][ T5894] usb 2-1: config 16 interface 0 altsetting 0 endpoint 0x8B has invalid maxpacket 61728, setting to 1024
[ 1570.282474][ T5894] usb 2-1: config 16 interface 0 altsetting 0 bulk endpoint 0x8B has invalid maxpacket 1024
[ 1570.315000][ T5894] usb 2-1: config 16 interface 0 altsetting 0 has 2 endpoint descriptors, different from the interface descriptor's value: 3
[ 1570.340053][ T5894] usb 2-1: New USB device found, idVendor=ee8d, idProduct=db1e, bcdDevice=61.23
[ 1570.400107][ T5894] usb 2-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[ 1570.703652][T10807] usb 1-1: new full-speed USB device number 26 using dummy_hcd
[ 1570.905136][T10807] usb 1-1: config 0 has an invalid interface number: 133 but max is 0
[ 1570.915808][T10807] usb 1-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config
[ 1570.926462][T10807] usb 1-1: config 0 has no interface number 0
[ 1570.951107][T10807] usb 1-1: New USB device found, idVendor=06cd, idProduct=0121, bcdDevice=dd.3d
[ 1570.964952][T10807] usb 1-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[ 1570.973170][T10807] usb 1-1: Product: syz
[ 1570.977918][T10807] usb 1-1: Manufacturer: syz
[ 1570.982839][T10807] usb 1-1: SerialNumber: syz
[ 1571.299568][T10807] usb 1-1: config 0 descriptor??
[ 1572.056303][T24407] Bluetooth: hci1: Opcode 0x0c1a failed: -4
[ 1572.078823][T24407] Bluetooth: hci3: Opcode 0x0c1a failed: -4
[ 1572.108378][T24407] Bluetooth: hci2: Opcode 0x0c1a failed: -4
[ 1572.122674][T24407] Bluetooth: hci4: Opcode 0x0c1a failed: -4
[ 1572.630187][T24410] __nla_validate_parse: 2 callbacks suppressed
[ 1572.630204][T24410] netlink: 20 bytes leftover after parsing attributes in process `syz.5.5319'.
[ 1573.154822][  T983] usb 3-1: new full-speed USB device number 72 using dummy_hcd
[ 1573.183481][T24293] Bluetooth: hci5: unexpected cc 0x0c03 length: 249 > 1
[ 1573.214366][T24293] Bluetooth: hci5: unexpected cc 0x1003 length: 249 > 9
[ 1573.225214][T24293] Bluetooth: hci5: unexpected cc 0x1001 length: 249 > 9
[ 1573.248416][T24293] Bluetooth: hci5: unexpected cc 0x0c23 length: 249 > 4
[ 1573.314361][T24293] Bluetooth: hci5: unexpected cc 0x0c38 length: 249 > 2
[ 1573.342337][ T5894] usb 2-1: usb_control_msg returned -71
[ 1573.348446][ T5894] usbtmc 2-1:16.0: can't read capabilities
[ 1573.385779][  T983] usb 3-1: config 0 has an invalid interface number: 133 but max is 0
[ 1573.397218][  T983] usb 3-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config
[ 1573.416643][ T5894] usb 2-1: USB disconnect, device number 111
[ 1573.494773][ T5144] Bluetooth: hci1: command 0x0406 tx timeout
[ 1573.505936][  T983] usb 3-1: config 0 has no interface number 0
[ 1573.546070][T10807] keyspan 1-1:0.133: Keyspan 1 port adapter converter detected
[ 1573.563102][T10807] keyspan 1-1:0.133: found no endpoint descriptor for endpoint 82
[ 1573.593031][  T983] usb 3-1: New USB device found, idVendor=06cd, idProduct=0121, bcdDevice=dd.3d
[ 1573.615218][T10807] keyspan 1-1:0.133: found no endpoint descriptor for endpoint 81
[ 1573.623142][T10807] keyspan 1-1:0.133: found no endpoint descriptor for endpoint 1
[ 1573.630979][  T983] usb 3-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[ 1573.631167][T10807] keyspan 1-1:0.133: found no endpoint descriptor for endpoint 2
[ 1573.661720][  T983] usb 3-1: Product: syz
[ 1573.675015][  T983] usb 3-1: Manufacturer: syz
[ 1573.689232][T10807] usb 1-1: Keyspan 1 port adapter converter now attached to ttyUSB0
[ 1573.702367][  T983] usb 3-1: SerialNumber: syz
[ 1573.735295][  T983] usb 3-1: config 0 descriptor??
[ 1573.741678][T10807] usb 1-1: USB disconnect, device number 26
[ 1573.755399][T10807] keyspan_1 ttyUSB0: Keyspan 1 port adapter converter now disconnected from ttyUSB0
[ 1573.785769][T10807] keyspan 1-1:0.133: device disconnected
[ 1574.137414][ T5144] Bluetooth: hci4: command 0x040f tx timeout
[ 1574.143590][T24293] Bluetooth: hci2: command 0x0406 tx timeout
[ 1574.148560][ T5827] Bluetooth: hci3: command 0x0c1a tx timeout
[ 1574.337863][T24417] chnl_net:caif_netlink_parms(): no params data found
[ 1574.364059][ T5909] usb 1-1: new high-speed USB device number 27 using dummy_hcd
[ 1574.565675][ T5909] usb 1-1: New USB device found, idVendor=0bed, idProduct=1100, bcdDevice=ec.c3
[ 1574.614978][ T5909] usb 1-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[ 1574.664964][ T5909] usb 1-1: config 0 descriptor??
[ 1574.678896][ T5909] cp210x 1-1:0.0: cp210x converter detected
[ 1574.720406][T24417] bridge0: port 1(bridge_slave_0) entered blocking state
[ 1574.736347][T24417] bridge0: port 1(bridge_slave_0) entered disabled state
[ 1574.751464][T24417] bridge_slave_0: entered allmulticast mode
[ 1574.768153][T24417] bridge_slave_0: entered promiscuous mode
[ 1574.788409][T24417] bridge0: port 2(bridge_slave_1) entered blocking state
[ 1574.802865][T24417] bridge0: port 2(bridge_slave_1) entered disabled state
[ 1574.827031][T24417] bridge_slave_1: entered allmulticast mode
[ 1574.842778][T24417] bridge_slave_1: entered promiscuous mode
[ 1574.909972][T24417] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link
[ 1574.939012][T24417] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link
[ 1575.009842][T24417] team0: Port device team_slave_0 added
[ 1575.025596][T24417] team0: Port device team_slave_1 added
[ 1575.100282][ T5909] cp210x 1-1:0.0: failed to get vendor val 0x000e size 3: -32
[ 1575.100842][T24417] batman_adv: batadv0: Adding interface: batadv_slave_0
[ 1575.120711][ T5909] usb 1-1: cp210x converter now attached to ttyUSB0
[ 1575.141184][T24417] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1532 would solve the problem.
[ 1575.174624][T24417] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active
[ 1575.191328][T24417] batman_adv: batadv0: Adding interface: batadv_slave_1
[ 1575.198880][T24417] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1532 would solve the problem.
[ 1575.229425][T24417] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active
[ 1575.367701][T24424] random: crng reseeded on system resumption
[ 1575.425550][T24417] hsr_slave_0: entered promiscuous mode
[ 1575.433919][T24417] hsr_slave_1: entered promiscuous mode
[ 1575.451551][T24417] debugfs: 'hsr0' already exists in 'hsr'
[ 1575.457657][T24417] Cannot create hsr debugfs directory
[ 1575.476930][T24424] pim6reg: entered allmulticast mode
[ 1575.492261][T24424] pim6reg: left allmulticast mode
[ 1575.507162][ T5827] Bluetooth: hci5: command tx timeout
[ 1575.519209][T24450] FAULT_INJECTION: forcing a failure.
[ 1575.519209][T24450] name failslab, interval 1, probability 0, space 0, times 0
[ 1575.531897][T24450] CPU: 1 UID: 0 PID: 24450 Comm: syz.1.5328 Tainted: G             L      syzkaller #0 PREEMPT(full) 
[ 1575.531926][T24450] Tainted: [L]=SOFTLOCKUP
[ 1575.531934][T24450] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/13/2026
[ 1575.531945][T24450] Call Trace:
[ 1575.531955][T24450]  <TASK>
[ 1575.531963][T24450]  dump_stack_lvl+0xe8/0x150
[ 1575.531988][T24450]  should_fail_ex+0x412/0x560
[ 1575.532004][T24450]  should_failslab+0xa8/0x100
[ 1575.532016][T24450]  kmem_cache_alloc_noprof+0x87/0x6e0
[ 1575.532033][T24450]  ? skb_clone+0x212/0x3a0
[ 1575.532055][T24450]  skb_clone+0x212/0x3a0
[ 1575.532076][T24450]  ? raw_local_deliver+0xa77/0xf40
[ 1575.532099][T24450]  raw_local_deliver+0xa8a/0xf40
[ 1575.532134][T24450]  ? raw_local_deliver+0x30a/0xf40
[ 1575.532144][T24450]  ? __pfx_raw_local_deliver+0x10/0x10
[ 1575.532156][T24450]  ? ip_local_deliver_finish+0x2ae/0x6f0
[ 1575.532177][T24450]  ? nf_nat_ipv4_local_in+0x223/0x720
[ 1575.532198][T24450]  ip_protocol_deliver_rcu+0x46/0x440
[ 1575.532223][T24450]  ? ip_local_deliver_finish+0x2ae/0x6f0
[ 1575.532248][T24450]  ip_local_deliver_finish+0x3bb/0x6f0
[ 1575.532279][T24450]  NF_HOOK+0x336/0x3c0
[ 1575.532295][T24450]  ? __pfx_ip_local_deliver_finish+0x10/0x10
[ 1575.532310][T24450]  ? NF_HOOK+0x9e/0x3c0
[ 1575.532323][T24450]  ? __pfx_NF_HOOK+0x10/0x10
[ 1575.532336][T24450]  ? ip_rcv_finish_core+0x10e9/0x1c00
[ 1575.532360][T24450]  ? __pfx_ip_local_deliver_finish+0x10/0x10
[ 1575.532385][T24450]  ? skb_dst+0x4f/0xd0
[ 1575.532402][T24450]  ? ip_local_deliver+0x12a/0x1b0
[ 1575.532432][T24450]  NF_HOOK+0x336/0x3c0
[ 1575.532447][T24450]  ? __pfx_ip_rcv_finish+0x10/0x10
[ 1575.532456][T24450]  ? NF_HOOK+0x9e/0x3c0
[ 1575.532470][T24450]  ? __pfx_NF_HOOK+0x10/0x10
[ 1575.532485][T24450]  ? __pfx_ip_rcv_finish+0x10/0x10
[ 1575.532507][T24450]  ? netif_receive_skb+0x102/0xbb0
[ 1575.532525][T24450]  ? __pfx_ip_rcv+0x10/0x10
[ 1575.532546][T24450]  netif_receive_skb+0x45b/0xbb0
[ 1575.532570][T24450]  ? __pfx_netif_receive_skb+0x10/0x10
[ 1575.532585][T24450]  ? tun_rx_batched+0x185/0x790
[ 1575.532596][T24450]  tun_rx_batched+0x1de/0x790
[ 1575.532609][T24450]  ? __pfx_tun_rx_batched+0x10/0x10
[ 1575.532619][T24450]  ? tun_get_user+0x2669/0x3dd0
[ 1575.532630][T24450]  ? tun_get_user+0x2669/0x3dd0
[ 1575.532647][T24450]  ? tun_get_user+0x2354/0x3dd0
[ 1575.532663][T24450]  ? __local_bh_enable_ip+0xd0/0x130
[ 1575.532684][T24450]  ? tun_get_user+0x2669/0x3dd0
[ 1575.532701][T24450]  tun_get_user+0x2a78/0x3dd0
[ 1575.532731][T24450]  ? aa_file_perm+0x440/0x1630
[ 1575.532744][T24450]  ? __pfx_tun_get_user+0x10/0x10
[ 1575.532756][T24450]  ? __lock_acquire+0x6b5/0x2cf0
[ 1575.532777][T24450]  ? ref_tracker_alloc+0x363/0x4d0
[ 1575.532797][T24450]  ? __pfx_ref_tracker_alloc+0x10/0x10
[ 1575.532820][T24450]  ? tun_get+0x1c/0x2f0
[ 1575.532839][T24450]  ? tun_get+0x1c/0x2f0
[ 1575.532862][T24450]  ? tun_get+0x1c/0x2f0
[ 1575.532876][T24450]  ? tun_get+0x1c/0x2f0
[ 1575.532888][T24450]  tun_chr_write_iter+0x113/0x200
[ 1575.532899][T24450]  vfs_write+0x61d/0xb90
[ 1575.532918][T24450]  ? __pfx_vfs_write+0x10/0x10
[ 1575.532942][T24450]  ? __fget_files+0x2a/0x420
[ 1575.532970][T24450]  ksys_write+0x150/0x270
[ 1575.532995][T24450]  ? __pfx_ksys_write+0x10/0x10
[ 1575.533021][T24450]  ? asm_int80_emulation+0x1a/0x20
[ 1575.533034][T24450]  ? asm_int80_emulation+0x1a/0x20
[ 1575.533044][T24450]  do_int80_emulation+0x111/0x400
[ 1575.533056][T24450]  ? clear_bhb_loop+0x60/0xb0
[ 1575.533065][T24450]  ? clear_bhb_loop+0x60/0xb0
[ 1575.533077][T24450]  asm_int80_emulation+0x1a/0x20
[ 1575.533087][T24450] RIP: 0023:0xf710572b
[ 1575.533104][T24450] Code: 57 56 53 8b 44 24 14 f6 00 08 75 23 8b 44 24 18 8b 5c 24 1c 8b 4c 24 20 8b 54 24 24 8b 74 24 28 8b 7c 24 2c 8b 6c 24 30 cd 80 <5b> 5e 5f 5d c3 5b 5e 5f 5d e9 f7 a1 ff ff 66 90 66 90 66 90 90 53
[ 1575.533119][T24450] RSP: 002b:00000000f53c644c EFLAGS: 00000246 ORIG_RAX: 0000000000000004
[ 1575.533138][T24450] RAX: ffffffffffffffda RBX: 00000000000000c8 RCX: 0000000080000280
[ 1575.533151][T24450] RDX: 00000000000000be RSI: 0000000000000000 RDI: 0000000000000000
[ 1575.533162][T24450] RBP: 0000000000000000 R08: 0000000000000000 R09: 0000000000000000
[ 1575.533177][T24450] R10: 0000000000000000 R11: 0000000000000206 R12: 0000000000000000
[ 1575.533183][T24450] R13: 0000000000000000 R14: 0000000000000000 R15: 0000000000000000
[ 1575.533198][T24450]  </TASK>
[ 1576.014326][  T983] keyspan 3-1:0.133: Keyspan 1 port adapter converter detected
[ 1576.022109][  T983] keyspan 3-1:0.133: found no endpoint descriptor for endpoint 82
[ 1576.092486][  T983] keyspan 3-1:0.133: found no endpoint descriptor for endpoint 81
[ 1576.106857][  T983] keyspan 3-1:0.133: found no endpoint descriptor for endpoint 1
[ 1576.125354][  T983] keyspan 3-1:0.133: found no endpoint descriptor for endpoint 2
[ 1576.144336][ T5901] usb 1-1: USB disconnect, device number 27
[ 1576.208089][ T5901] cp210x ttyUSB0: cp210x converter now disconnected from ttyUSB0
[ 1576.228764][ T5901] cp210x 1-1:0.0: device disconnected
[ 1576.274575][  T983] usb 3-1: Keyspan 1 port adapter converter now attached to ttyUSB1
[ 1576.287215][T24455] kernel profiling enabled (shift: 6)
[ 1576.340608][  T983] usb 3-1: USB disconnect, device number 72
[ 1576.379891][  T983] keyspan_1 ttyUSB1: Keyspan 1 port adapter converter now disconnected from ttyUSB1
[ 1576.426635][  T983] keyspan 3-1:0.133: device disconnected
[ 1576.644336][T24417] netdevsim netdevsim5 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[ 1576.732160][T24417] netdevsim netdevsim5 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[ 1576.870553][T24417] netdevsim netdevsim5 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[ 1576.996952][T24417] bond0: (slave netdevsim0): Releasing backup interface
[ 1577.027556][T24417] netdevsim netdevsim5 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[ 1577.153286][T24417] netdevsim netdevsim5 netdevsim0: renamed from eth0
[ 1577.162116][T24474] binder: BINDER_SET_CONTEXT_MGR already set
[ 1577.170962][T24417] netdevsim netdevsim5 netdevsim1: renamed from eth1
[ 1577.185192][T24417] netdevsim netdevsim5 netdevsim2: renamed from eth2
[ 1577.191984][T24474] binder: 24473:24474 ioctl 4018620d 80000480 returned -16
[ 1577.202844][T24417] netdevsim netdevsim5 netdevsim3: renamed from eth3
[ 1577.287183][T24481] netlink: 16 bytes leftover after parsing attributes in process `syz.1.5335'.
[ 1577.453386][T24417] 8021q: adding VLAN 0 to HW filter on device bond0
[ 1577.477488][T24417] 8021q: adding VLAN 0 to HW filter on device team0
[ 1577.490451][T21440] bridge0: port 1(bridge_slave_0) entered blocking state
[ 1577.497620][T21440] bridge0: port 1(bridge_slave_0) entered forwarding state
[ 1577.582130][ T5827] Bluetooth: hci5: command tx timeout
[ 1577.623828][   T49] bridge0: port 2(bridge_slave_1) entered blocking state
[ 1577.631186][   T49] bridge0: port 2(bridge_slave_1) entered forwarding state
[ 1577.695060][T24491] ipip0: entered promiscuous mode
[ 1577.700212][T24491] ipip0: entered allmulticast mode
[ 1577.736919][T24491] netlink: 40 bytes leftover after parsing attributes in process `syz.0.5338'.
[ 1577.788827][T24491] netlink: 4 bytes leftover after parsing attributes in process `syz.0.5338'.
[ 1577.803683][T24491] netlink: 4 bytes leftover after parsing attributes in process `syz.0.5338'.
[ 1577.877954][T24417] 8021q: adding VLAN 0 to HW filter on device batadv0
[ 1577.963282][T24417] veth0_vlan: entered promiscuous mode
[ 1577.995149][T24493] syz.2.5339 (24493): /proc/24492/oom_adj is deprecated, please use /proc/24492/oom_score_adj instead.
[ 1578.030843][T24417] veth1_vlan: entered promiscuous mode
[ 1578.136719][T24417] veth0_macvtap: entered promiscuous mode
[ 1578.149658][T24417] veth1_macvtap: entered promiscuous mode
[ 1578.235150][T24417] batman_adv: batadv0: Interface activated: batadv_slave_0
[ 1578.262377][T24417] batman_adv: batadv0: Interface activated: batadv_slave_1
[ 1578.500863][   T13] netdevsim netdevsim5 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0
[ 1578.510816][   T13] netdevsim netdevsim5 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0
[ 1578.535053][   T13] netdevsim netdevsim5 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0
[ 1578.561812][   T13] netdevsim netdevsim5 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0
[ 1578.727676][T21440] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[ 1578.750562][T21440] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50
[ 1578.843650][   T13] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[ 1578.861715][   T13] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50
[ 1579.310880][T24513] kvm: pic: non byte read
[ 1579.316163][T24513] kvm: pic: non byte read
[ 1579.655567][ T5827] Bluetooth: hci5: command tx timeout
[ 1580.065776][T24522] netlink: 16 bytes leftover after parsing attributes in process `syz.0.5350'.
[ 1580.261365][T24530] FAULT_INJECTION: forcing a failure.
[ 1580.261365][T24530] name failslab, interval 1, probability 0, space 0, times 0
[ 1580.283601][T24530] CPU: 0 UID: 0 PID: 24530 Comm: syz.0.5354 Tainted: G             L      syzkaller #0 PREEMPT(full) 
[ 1580.283630][T24530] Tainted: [L]=SOFTLOCKUP
[ 1580.283638][T24530] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/13/2026
[ 1580.283649][T24530] Call Trace:
[ 1580.283656][T24530]  <TASK>
[ 1580.283664][T24530]  dump_stack_lvl+0xe8/0x150
[ 1580.283692][T24530]  should_fail_ex+0x412/0x560
[ 1580.283716][T24530]  should_failslab+0xa8/0x100
[ 1580.283746][T24530]  kmem_cache_alloc_noprof+0x87/0x6e0
[ 1580.283769][T24530]  ? __netlink_lookup+0xc6/0x8b0
[ 1580.283789][T24530]  ? skb_clone+0x212/0x3a0
[ 1580.283815][T24530]  skb_clone+0x212/0x3a0
[ 1580.283840][T24530]  __netlink_deliver_tap+0x404/0x850
[ 1580.283869][T24530]  ? netlink_deliver_tap+0x2e/0x1b0
[ 1580.283889][T24530]  netlink_deliver_tap+0x19c/0x1b0
[ 1580.283909][T24530]  netlink_unicast+0x7e3/0x9b0
[ 1580.283943][T24530]  ? __pfx_netlink_unicast+0x10/0x10
[ 1580.283963][T24530]  ? __alloc_skb+0x193/0x390
[ 1580.283980][T24530]  ? netlink_sendmsg+0x650/0xb40
[ 1580.283995][T24530]  ? skb_put+0x11b/0x210
[ 1580.284014][T24530]  netlink_sendmsg+0x813/0xb40
[ 1580.284038][T24530]  ? __pfx_netlink_sendmsg+0x10/0x10
[ 1580.284058][T24530]  ? aa_sock_msg_perm+0xf1/0x1b0
[ 1580.284079][T24530]  ? bpf_lsm_socket_sendmsg+0x9/0x20
[ 1580.284097][T24530]  ? __pfx_netlink_sendmsg+0x10/0x10
[ 1580.284113][T24530]  ____sys_sendmsg+0xa68/0xad0
[ 1580.284143][T24530]  ? __pfx_____sys_sendmsg+0x10/0x10
[ 1580.284169][T24530]  ? kstrtoull+0x12f/0x1d0
[ 1580.284196][T24530]  ___sys_sendmsg+0x2a5/0x360
[ 1580.284216][T24530]  ? __lock_acquire+0x6b5/0x2cf0
[ 1580.284242][T24530]  ? __pfx____sys_sendmsg+0x10/0x10
[ 1580.284265][T24530]  ? get_pid_task+0x20/0x1f0
[ 1580.284284][T24530]  ? get_pid_task+0x20/0x1f0
[ 1580.284300][T24530]  ? get_pid_task+0x20/0x1f0
[ 1580.284344][T24530]  ? __fget_files+0x2a/0x420
[ 1580.284361][T24530]  ? __fget_files+0x3a0/0x420
[ 1580.284389][T24530]  __sys_sendmsg+0x183/0x260
[ 1580.284412][T24530]  ? __pfx___sys_sendmsg+0x10/0x10
[ 1580.284445][T24530]  ? __pfx_ksys_write+0x10/0x10
[ 1580.284476][T24530]  __do_fast_syscall_32+0x1d2/0x540
[ 1580.284495][T24530]  ? lockdep_hardirqs_on+0x7a/0x110
[ 1580.284511][T24530]  ? do_fast_syscall_32+0x33/0x70
[ 1580.284528][T24530]  ? asm_int80_emulation+0x1a/0x20
[ 1580.284544][T24530]  ? do_int80_emulation+0x20e/0x400
[ 1580.284566][T24530]  do_fast_syscall_32+0x33/0x70
[ 1580.284585][T24530]  entry_SYSENTER_compat_after_hwframe+0x84/0x8e
[ 1580.284604][T24530] RIP: 0023:0xf7f63539
[ 1580.284620][T24530] Code: 03 74 b4 01 10 07 03 74 b0 01 10 08 03 74 d8 01 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 51 52 55 89 e5 0f 34 cd 80 <5d> 5a 59 c3 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90
[ 1580.284634][T24530] RSP: 002b:00000000f542650c EFLAGS: 00000206 ORIG_RAX: 0000000000000172
[ 1580.284654][T24530] RAX: ffffffffffffffda RBX: 0000000000000003 RCX: 00000000800000c0
[ 1580.284667][T24530] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000000000000
[ 1580.284676][T24530] RBP: 0000000000000000 R08: 0000000000000000 R09: 0000000000000000
[ 1580.284687][T24530] R10: 0000000000000000 R11: 0000000000000206 R12: 0000000000000000
[ 1580.284698][T24530] R13: 0000000000000000 R14: 0000000000000000 R15: 0000000000000000
[ 1580.284725][T24530]  </TASK>
[ 1580.605658][T24530] netlink: 68 bytes leftover after parsing attributes in process `syz.0.5354'.
[ 1580.771801][T24538] ipip0: entered promiscuous mode
[ 1580.777427][T24538] ipip0: entered allmulticast mode
[ 1580.842492][T24539] netlink: 76 bytes leftover after parsing attributes in process `syz.0.5355'.
[ 1580.963250][T24534] netlink: 40 bytes leftover after parsing attributes in process `syz.5.5353'.
[ 1580.976328][T24534] netlink: 4 bytes leftover after parsing attributes in process `syz.5.5353'.
[ 1581.001781][T24534] netlink: 4 bytes leftover after parsing attributes in process `syz.5.5353'.
[ 1581.736125][ T5827] Bluetooth: hci5: command tx timeout
[ 1581.909480][T24560] fuse: Bad value for 'fd'
[ 1582.772262][T24550] Bluetooth: hci3: Opcode 0x0c1a failed: -4
[ 1582.778851][T24550] Bluetooth: hci2: Opcode 0x0c1a failed: -4
[ 1582.833552][T24550] Bluetooth: hci4: Opcode 0x0c1a failed: -4
[ 1582.844294][T24568] netlink: 76 bytes leftover after parsing attributes in process `syz.5.5364'.
[ 1582.863595][T24568] FAULT_INJECTION: forcing a failure.
[ 1582.863595][T24568] name failslab, interval 1, probability 0, space 0, times 0
[ 1582.886891][T24568] CPU: 1 UID: 0 PID: 24568 Comm: syz.5.5364 Tainted: G             L      syzkaller #0 PREEMPT(full) 
[ 1582.886910][T24568] Tainted: [L]=SOFTLOCKUP
[ 1582.886914][T24568] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/13/2026
[ 1582.886921][T24568] Call Trace:
[ 1582.886926][T24568]  <TASK>
[ 1582.886931][T24568]  dump_stack_lvl+0xe8/0x150
[ 1582.886949][T24568]  should_fail_ex+0x412/0x560
[ 1582.886964][T24568]  should_failslab+0xa8/0x100
[ 1582.886977][T24568]  kmem_cache_alloc_node_noprof+0x8b/0x6f0
[ 1582.886993][T24568]  ? __alloc_skb+0x193/0x390
[ 1582.887005][T24568]  ? __alloc_skb+0x1d7/0x390
[ 1582.887015][T24568]  ? __local_bh_enable_ip+0xd0/0x130
[ 1582.887025][T24568]  ? __alloc_skb+0x193/0x390
[ 1582.887036][T24568]  __alloc_skb+0x1d7/0x390
[ 1582.887050][T24568]  netlink_ack+0x146/0xa50
[ 1582.887060][T24568]  ? __pfx_rtnetlink_rcv_msg+0x10/0x10
[ 1582.887071][T24568]  ? ref_tracker_free+0x693/0x840
[ 1582.887082][T24568]  ? __copy_skb_header+0xa3/0x4a0
[ 1582.887096][T24568]  ? __pfx_ref_tracker_free+0x10/0x10
[ 1582.887113][T24568]  netlink_rcv_skb+0x2b6/0x4b0
[ 1582.887124][T24568]  ? __pfx_rtnetlink_rcv_msg+0x10/0x10
[ 1582.887136][T24568]  ? __pfx_netlink_rcv_skb+0x10/0x10
[ 1582.887151][T24568]  ? netlink_deliver_tap+0x2e/0x1b0
[ 1582.887164][T24568]  netlink_unicast+0x80f/0x9b0
[ 1582.887184][T24568]  ? __pfx_netlink_unicast+0x10/0x10
[ 1582.887197][T24568]  ? __alloc_skb+0x193/0x390
[ 1582.887208][T24568]  ? netlink_sendmsg+0x650/0xb40
[ 1582.887218][T24568]  ? skb_put+0x11b/0x210
[ 1582.887231][T24568]  netlink_sendmsg+0x813/0xb40
[ 1582.887245][T24568]  ? __pfx_netlink_sendmsg+0x10/0x10
[ 1582.887257][T24568]  ? aa_sock_msg_perm+0xf1/0x1b0
[ 1582.887270][T24568]  ? bpf_lsm_socket_sendmsg+0x9/0x20
[ 1582.887282][T24568]  ? __pfx_netlink_sendmsg+0x10/0x10
[ 1582.887291][T24568]  ____sys_sendmsg+0xa68/0xad0
[ 1582.887308][T24568]  ? __pfx_____sys_sendmsg+0x10/0x10
[ 1582.887323][T24568]  ? kstrtoull+0x12f/0x1d0
[ 1582.887338][T24568]  ___sys_sendmsg+0x2a5/0x360
[ 1582.887351][T24568]  ? __lock_acquire+0x6b5/0x2cf0
[ 1582.887367][T24568]  ? __pfx____sys_sendmsg+0x10/0x10
[ 1582.887380][T24568]  ? get_pid_task+0x20/0x1f0
[ 1582.887391][T24568]  ? get_pid_task+0x20/0x1f0
[ 1582.887400][T24568]  ? get_pid_task+0x20/0x1f0
[ 1582.887422][T24568]  ? __fget_files+0x2a/0x420
[ 1582.887433][T24568]  ? __fget_files+0x3a0/0x420
[ 1582.887448][T24568]  __sys_sendmsg+0x183/0x260
[ 1582.887461][T24568]  ? __pfx___sys_sendmsg+0x10/0x10
[ 1582.887480][T24568]  ? __pfx_ksys_write+0x10/0x10
[ 1582.887504][T24568]  __do_fast_syscall_32+0x1d2/0x540
[ 1582.887516][T24568]  ? lockdep_hardirqs_on+0x7a/0x110
[ 1582.887526][T24568]  ? do_fast_syscall_32+0x33/0x70
[ 1582.887536][T24568]  ? asm_int80_emulation+0x1a/0x20
[ 1582.887545][T24568]  ? do_int80_emulation+0x20e/0x400
[ 1582.887557][T24568]  do_fast_syscall_32+0x33/0x70
[ 1582.887568][T24568]  entry_SYSENTER_compat_after_hwframe+0x84/0x8e
[ 1582.887580][T24568] RIP: 0023:0xf7f67539
[ 1582.887590][T24568] Code: 03 74 b4 01 10 07 03 74 b0 01 10 08 03 74 d8 01 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 51 52 55 89 e5 0f 34 cd 80 <5d> 5a 59 c3 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90
[ 1582.887598][T24568] RSP: 002b:00000000f540550c EFLAGS: 00000206 ORIG_RAX: 0000000000000172
[ 1582.887610][T24568] RAX: ffffffffffffffda RBX: 0000000000000004 RCX: 0000000080000000
[ 1582.887617][T24568] RDX: 0000000020004804 RSI: 0000000000000000 RDI: 0000000000000000
[ 1582.887624][T24568] RBP: 0000000000000000 R08: 0000000000000000 R09: 0000000000000000
[ 1582.887629][T24568] R10: 0000000000000000 R11: 0000000000000206 R12: 0000000000000000
[ 1582.887635][T24568] R13: 0000000000000000 R14: 0000000000000000 R15: 0000000000000000
[ 1582.887649][T24568]  </TASK>
[ 1583.247977][T24550] Bluetooth: hci5: Opcode 0x0c1a failed: -4
[ 1583.293649][T24550] Bluetooth: hci5: Opcode 0x0406 failed: -4
[ 1583.362575][T24550] Bluetooth: hci5: Opcode 0x0406 failed: -4
[ 1583.539365][T24575] netlink: 68 bytes leftover after parsing attributes in process `syz.0.5367'.
[ 1583.634036][ T5901] usb 3-1: new high-speed USB device number 73 using dummy_hcd
[ 1583.785518][ T5901] usb 3-1: New USB device found, idVendor=0bed, idProduct=1100, bcdDevice=ec.c3
[ 1583.794955][ T5901] usb 3-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[ 1583.804085][  T983] usb 6-1: new full-speed USB device number 98 using dummy_hcd
[ 1583.814039][ T5827] Bluetooth: hci3: command 0x0c1a tx timeout
[ 1583.820329][ T5901] usb 3-1: config 0 descriptor??
[ 1583.830999][ T5901] cp210x 3-1:0.0: cp210x converter detected
[ 1583.985719][  T983] usb 6-1: config 0 has an invalid interface number: 53 but max is 0
[ 1583.994218][  T983] usb 6-1: config 0 has no interface number 0
[ 1584.002688][  T983] usb 6-1: New USB device found, idVendor=10d2, idProduct=7186, bcdDevice=23.a0
[ 1584.012093][  T983] usb 6-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[ 1584.020186][  T983] usb 6-1: Product: syz
[ 1584.024550][  T983] usb 6-1: Manufacturer: syz
[ 1584.035648][  T983] usb 6-1: SerialNumber: syz
[ 1584.052553][  T983] usb 6-1: config 0 descriptor??
[ 1584.266194][T24572] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy
[ 1584.275145][T24572] misc raw-gadget: fail, usb_gadget_register_driver returned -16
[ 1584.286193][  T983] usblcd 6-1:0.53: USBLCD model not supported.
[ 1584.297876][  T983] usb 6-1: USB disconnect, device number 98
[ 1584.312531][ T5901] cp210x 3-1:0.0: failed to get vendor val 0x000e size 3: -32
[ 1584.337879][ T5901] usb 3-1: cp210x converter now attached to ttyUSB0
[ 1584.399718][T24577] netlink: 104 bytes leftover after parsing attributes in process `syz.0.5368'.
[ 1584.409882][T24577] netlink: 104 bytes leftover after parsing attributes in process `syz.0.5368'.
[ 1584.549879][T24553] random: crng reseeded on system resumption
[ 1584.567749][T24553] pim6reg: entered allmulticast mode
[ 1584.578024][T24553] pim6reg: left allmulticast mode
[ 1584.632977][ T5912] usb 3-1: USB disconnect, device number 73
[ 1584.640760][ T5912] cp210x ttyUSB0: cp210x converter now disconnected from ttyUSB0
[ 1584.669053][ T5912] cp210x 3-1:0.0: device disconnected
[ 1584.854311][ T5827] Bluetooth: hci4: command 0x040f tx timeout
[ 1584.854525][T24293] Bluetooth: hci2: command 0x0406 tx timeout
[ 1585.134297][T24591] ipip0: entered promiscuous mode
[ 1585.139603][T24591] ipip0: entered allmulticast mode
[ 1585.170583][T24591] netlink: 40 bytes leftover after parsing attributes in process `syz.1.5371'.
[ 1585.183808][T24591] netlink: 4 bytes leftover after parsing attributes in process `syz.1.5371'.
[ 1585.197977][T24591] netlink: 4 bytes leftover after parsing attributes in process `syz.1.5371'.
[ 1585.254179][T24293] Bluetooth: hci5: command 0x0c1a tx timeout
[ 1585.357291][T24594] openvswitch: netlink: Flow actions may not be safe on all matching packets.
[ 1585.549890][   T30] kauditd_printk_skb: 33 callbacks suppressed
[ 1585.549907][   T30] audit: type=1326 audit(1769623039.046:706): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=24597 comm="syz.2.5376" exe="/root/syz-executor" sig=0 arch=40000003 syscall=240 compat=1 ip=0xf73ed539 code=0x7ffc0000
[ 1585.592051][   T30] audit: type=1326 audit(1769623039.076:707): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=24597 comm="syz.2.5376" exe="/root/syz-executor" sig=0 arch=40000003 syscall=240 compat=1 ip=0xf73ed539 code=0x7ffc0000
[ 1585.618611][   T30] audit: type=1326 audit(1769623039.076:708): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=24597 comm="syz.2.5376" exe="/root/syz-executor" sig=0 arch=40000003 syscall=351 compat=1 ip=0xf73ed539 code=0x7ffc0000
[ 1585.645212][   T30] audit: type=1326 audit(1769623039.076:709): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=24597 comm="syz.2.5376" exe="/root/syz-executor" sig=0 arch=40000003 syscall=240 compat=1 ip=0xf73ed539 code=0x7ffc0000
[ 1585.671874][   T30] audit: type=1326 audit(1769623039.076:710): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=24597 comm="syz.2.5376" exe="/root/syz-executor" sig=0 arch=40000003 syscall=240 compat=1 ip=0xf73ed539 code=0x7ffc0000
[ 1585.701105][   T30] audit: type=1326 audit(1769623039.086:711): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=24597 comm="syz.2.5376" exe="/root/syz-executor" sig=0 arch=40000003 syscall=3 compat=1 ip=0xf73ed539 code=0x7ffc0000
[ 1585.728930][   T30] audit: type=1326 audit(1769623039.086:712): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=24597 comm="syz.2.5376" exe="/root/syz-executor" sig=0 arch=40000003 syscall=240 compat=1 ip=0xf73ed539 code=0x7ffc0000
[ 1585.755364][   T30] audit: type=1326 audit(1769623039.086:713): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=24597 comm="syz.2.5376" exe="/root/syz-executor" sig=0 arch=40000003 syscall=351 compat=1 ip=0xf73ed539 code=0x7ffc0000
[ 1585.783433][   T30] audit: type=1326 audit(1769623039.086:714): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=24597 comm="syz.2.5376" exe="/root/syz-executor" sig=0 arch=40000003 syscall=240 compat=1 ip=0xf73ed539 code=0x7ffc0000
[ 1585.813445][   T30] audit: type=1326 audit(1769623039.086:715): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=24597 comm="syz.2.5376" exe="/root/syz-executor" sig=0 arch=40000003 syscall=8 compat=1 ip=0xf73ed539 code=0x7ffc0000
[ 1586.134145][ T5901] usb 6-1: new high-speed USB device number 99 using dummy_hcd
[ 1586.289264][ T5901] usb 6-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7
[ 1586.312440][ T5901] usb 6-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0
[ 1586.329667][ T5901] usb 6-1: New USB device found, idVendor=256c, idProduct=006d, bcdDevice= 0.00
[ 1586.338957][ T5901] usb 6-1: New USB device strings: Mfr=2, Product=0, SerialNumber=0
[ 1586.347078][ T5901] usb 6-1: Manufacturer: syz
[ 1586.355369][ T5901] usb 6-1: config 0 descriptor??
[ 1586.543847][T24617] netlink: 4 bytes leftover after parsing attributes in process `syz.0.5380'.
[ 1586.781480][ T5909] usb 3-1: new full-speed USB device number 74 using dummy_hcd
[ 1586.975894][ T5909] usb 3-1: config 0 has an invalid interface number: 53 but max is 0
[ 1586.994630][ T5909] usb 3-1: config 0 has no interface number 0
[ 1587.062291][T24603] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy
[ 1587.074914][T24603] misc raw-gadget: fail, usb_gadget_register_driver returned -16
[ 1587.092906][ T5909] usb 3-1: New USB device found, idVendor=10d2, idProduct=7186, bcdDevice=23.a0
[ 1587.110913][ T5909] usb 3-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[ 1587.137847][ T5909] usb 3-1: Product: syz
[ 1587.143830][ T5909] usb 3-1: Manufacturer: syz
[ 1587.152608][ T5909] usb 3-1: SerialNumber: syz
[ 1587.175191][ T5909] usb 3-1: config 0 descriptor??
[ 1587.229764][ T5901] uclogic 0003:256C:006D.001D: failed retrieving Huion firmware version: -71
[ 1587.244404][ T5901] uclogic 0003:256C:006D.001D: failed probing parameters: -71
[ 1587.270160][ T5901] uclogic 0003:256C:006D.001D: probe with driver uclogic failed with error -71
[ 1587.281822][ T5901] usb 6-1: USB disconnect, device number 99
[ 1587.335857][T24293] Bluetooth: hci5: command 0x0c1a tx timeout
[ 1587.388183][T24615] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy
[ 1587.396950][T24615] misc raw-gadget: fail, usb_gadget_register_driver returned -16
[ 1587.409865][ T5909] usblcd 3-1:0.53: USBLCD model not supported.
[ 1587.450507][ T5909] usb 3-1: USB disconnect, device number 74
[ 1587.615496][T24625] kvm: pic: non byte read
[ 1587.621785][T24625] kvm: pic: non byte read
[ 1587.841130][T24630] netlink: 380 bytes leftover after parsing attributes in process `syz.5.5385'.
[ 1587.990077][T24632] openvswitch: netlink: Flow actions may not be safe on all matching packets.
[ 1588.291481][ T5827] Bluetooth: hci1: unexpected cc 0x0c03 length: 249 > 1
[ 1588.322566][ T5827] Bluetooth: hci1: unexpected cc 0x1003 length: 249 > 9
[ 1588.331986][ T5827] Bluetooth: hci1: unexpected cc 0x1001 length: 249 > 9
[ 1588.342941][ T5827] Bluetooth: hci1: unexpected cc 0x0c23 length: 249 > 4
[ 1588.352779][ T5827] Bluetooth: hci1: unexpected cc 0x0c38 length: 249 > 2
[ 1588.499977][T16558] syz_tun (unregistering): left allmulticast mode
[ 1588.744159][ T5909] usb 6-1: new high-speed USB device number 100 using dummy_hcd
[ 1589.000492][T24639] chnl_net:caif_netlink_parms(): no params data found
[ 1589.222471][ T5909] usb 6-1: New USB device found, idVendor=0bed, idProduct=1100, bcdDevice=ec.c3
[ 1589.229067][T24639] bridge0: port 1(bridge_slave_0) entered blocking state
[ 1589.238730][ T5909] usb 6-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[ 1589.248698][ T5909] usb 6-1: config 0 descriptor??
[ 1589.278656][T24639] bridge0: port 1(bridge_slave_0) entered disabled state
[ 1589.308434][T24639] bridge_slave_0: entered allmulticast mode
[ 1589.327081][T24639] bridge_slave_0: entered promiscuous mode
[ 1589.352337][T24639] bridge0: port 2(bridge_slave_1) entered blocking state
[ 1589.382243][T24639] bridge0: port 2(bridge_slave_1) entered disabled state
[ 1589.402016][T24639] bridge_slave_1: entered allmulticast mode
[ 1589.411995][ T5909] cp210x 6-1:0.0: cp210x converter detected
[ 1589.418029][ T5827] Bluetooth: hci5: command 0x0c1a tx timeout
[ 1589.443323][T24639] bridge_slave_1: entered promiscuous mode
[ 1589.569434][T24639] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link
[ 1589.606767][T24639] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link
[ 1589.746083][T24639] team0: Port device team_slave_0 added
[ 1589.777555][T24639] team0: Port device team_slave_1 added
[ 1589.825178][ T5909] cp210x 6-1:0.0: failed to get vendor val 0x000e size 3: -32
[ 1589.843459][ T5909] usb 6-1: cp210x converter now attached to ttyUSB0
[ 1589.869490][T24639] batman_adv: batadv0: Adding interface: batadv_slave_0
[ 1589.879893][T24639] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1532 would solve the problem.
[ 1589.917068][T24639] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active
[ 1589.941723][T24639] batman_adv: batadv0: Adding interface: batadv_slave_1
[ 1589.949564][T24639] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1532 would solve the problem.
[ 1589.991069][T24639] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active
[ 1590.051264][T24641] random: crng reseeded on system resumption
[ 1590.090392][T24658] binder: BINDER_SET_CONTEXT_MGR already set
[ 1590.104171][T24658] binder: 24657:24658 ioctl 4018620d 80000480 returned -16
[ 1590.149443][T24641] pim6reg: entered allmulticast mode
[ 1590.195138][T24639] hsr_slave_0: entered promiscuous mode
[ 1590.201243][ T5909] usb 6-1: USB disconnect, device number 100
[ 1590.210900][T24639] hsr_slave_1: entered promiscuous mode
[ 1590.218748][ T5909] cp210x ttyUSB0: cp210x converter now disconnected from ttyUSB0
[ 1590.227504][T24639] debugfs: 'hsr0' already exists in 'hsr'
[ 1590.238993][ T5909] cp210x 6-1:0.0: device disconnected
[ 1590.245168][T24639] Cannot create hsr debugfs directory
[ 1590.454656][ T5827] Bluetooth: hci1: command tx timeout
[ 1590.539039][T24639] netdevsim netdevsim2 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[ 1590.661606][T24639] netdevsim netdevsim2 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[ 1590.769078][T24673] openvswitch: netlink: Flow actions may not be safe on all matching packets.
[ 1590.778872][T24639] netdevsim netdevsim2 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[ 1590.971867][T24639] netdevsim netdevsim2 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[ 1590.986354][T24676] openvswitch: netlink: Actions may not be safe on all matching packets
[ 1591.214839][T24639] netdevsim netdevsim2 netdevsim0: renamed from eth0
[ 1591.228930][T24639] netdevsim netdevsim2 netdevsim1: renamed from eth1
[ 1591.240299][T24639] netdevsim netdevsim2 netdevsim2: renamed from eth2
[ 1591.252111][T24639] netdevsim netdevsim2 netdevsim3: renamed from eth3
[ 1591.262154][T24683] netlink: 8 bytes leftover after parsing attributes in process `syz.5.5402'.
[ 1591.281744][T24683] macvlan2: entered promiscuous mode
[ 1591.287447][T24683] macvlan2: entered allmulticast mode
[ 1591.295806][T24683] mac80211_hwsim hwsim120 wlan0: entered allmulticast mode
[ 1591.436806][T24639] 8021q: adding VLAN 0 to HW filter on device bond0
[ 1591.461856][T24639] 8021q: adding VLAN 0 to HW filter on device team0
[ 1591.472899][ T4894] bridge0: port 1(bridge_slave_0) entered blocking state
[ 1591.480091][ T4894] bridge0: port 1(bridge_slave_0) entered forwarding state
[ 1591.497617][T21440] bridge0: port 2(bridge_slave_1) entered blocking state
[ 1591.504745][T21440] bridge0: port 2(bridge_slave_1) entered forwarding state
[ 1591.733124][T24669] Bluetooth: hci3: Opcode 0x0c1a failed: -4
[ 1591.739708][T24669] Bluetooth: hci2: Opcode 0x0c1a failed: -4
[ 1591.746705][T24669] Bluetooth: hci4: Opcode 0x0c1a failed: -4
[ 1591.752779][T24669] Bluetooth: hci5: Opcode 0x0c1a failed: -4
[ 1591.773807][T24669] Bluetooth: hci1: Opcode 0x0c1a failed: -4
[ 1591.795226][T24669] Bluetooth: hci1: Opcode 0x0406 failed: -4
[ 1592.040821][T24639] 8021q: adding VLAN 0 to HW filter on device batadv0
[ 1592.077802][T24669] Bluetooth: hci1: Opcode 0x0406 failed: -4
[ 1592.094745][T24639] veth0_vlan: entered promiscuous mode
[ 1592.108951][T24639] veth1_vlan: entered promiscuous mode
[ 1592.208517][T24639] veth0_macvtap: entered promiscuous mode
[ 1592.222016][T24639] veth1_macvtap: entered promiscuous mode
[ 1592.245481][T24639] batman_adv: batadv0: Interface activated: batadv_slave_0
[ 1592.276533][T24639] batman_adv: batadv0: Interface activated: batadv_slave_1
[ 1592.293174][ T4894] netdevsim netdevsim2 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0
[ 1592.302433][ T4894] netdevsim netdevsim2 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0
[ 1592.317389][ T4894] netdevsim netdevsim2 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0
[ 1592.335604][ T4894] netdevsim netdevsim2 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0
[ 1592.502485][   T13] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[ 1592.518862][   T13] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50
[ 1592.553667][ T6321] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[ 1592.573760][ T6321] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50
[ 1592.614362][T15834] usb 6-1: new high-speed USB device number 101 using dummy_hcd
[ 1592.705674][T24293] Bluetooth: hci3: command 0x0c1a tx timeout
[ 1592.788786][T15834] usb 6-1: Using ep0 maxpacket: 32
[ 1592.811556][T15834] usb 6-1: New USB device found, idVendor=0fd9, idProduct=0025, bcdDevice=29.40
[ 1592.937269][T15834] usb 6-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[ 1593.173588][T15834] usb 6-1: config 0 descriptor??
[ 1593.356306][ T5901] usb 1-1: new full-speed USB device number 28 using dummy_hcd
[ 1593.405718][T16384] usb 3-1: new high-speed USB device number 75 using dummy_hcd
[ 1593.435317][T15834] dvb-usb: found a 'Elgato EyeTV Sat' in warm state.
[ 1593.483678][T15834] dvb-usb: will pass the complete MPEG2 transport stream to the software demuxer.
[ 1593.518183][T15834] dvbdev: DVB: registering new adapter (Elgato EyeTV Sat)
[ 1593.565030][T15834] usb 6-1: media controller created
[ 1593.576863][T15834] dvbdev: dvb_create_media_entity: media entity 'dvb-demux' registered.
[ 1593.759416][ T5901] usb 1-1: config 0 has an invalid interface number: 133 but max is 0
[ 1593.787124][ T5901] usb 1-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config
[ 1593.824082][T24293] Bluetooth: hci5: command 0x0c1a tx timeout
[ 1593.824468][ T5827] Bluetooth: hci4: command 0x040f tx timeout
[ 1593.830336][ T5144] Bluetooth: hci2: command 0x0406 tx timeout
[ 1593.842272][T24293] Bluetooth: hci1: command 0x040f tx timeout
[ 1593.846722][ T5901] usb 1-1: config 0 has no interface number 0
[ 1593.857242][T16384] usb 3-1: New USB device found, idVendor=0bed, idProduct=1100, bcdDevice=ec.c3
[ 1593.875983][T16384] usb 3-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[ 1593.893189][ T5901] usb 1-1: New USB device found, idVendor=06cd, idProduct=0121, bcdDevice=dd.3d
[ 1594.001146][ T5901] usb 1-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[ 1594.012444][T16384] usb 3-1: config 0 descriptor??
[ 1594.063021][T16384] cp210x 3-1:0.0: cp210x converter detected
[ 1594.087652][ T5901] usb 1-1: Product: syz
[ 1594.108579][ T5901] usb 1-1: Manufacturer: syz
[ 1594.152730][ T5901] usb 1-1: SerialNumber: syz
[ 1594.188569][ T5901] usb 1-1: config 0 descriptor??
[ 1594.506265][T16384] cp210x 3-1:0.0: failed to get vendor val 0x000e size 3: -32
[ 1594.587194][T16384] usb 3-1: cp210x converter now attached to ttyUSB0
[ 1594.661666][T15834] az6027: usb out operation failed. (-71)
[ 1594.680553][T15834] az6027: usb out operation failed. (-71)
[ 1594.728646][T15834] stb0899_attach: Driver disabled by Kconfig
[ 1594.754008][T15834] az6027: no front-end attached
[ 1594.754008][T15834] 
[ 1594.774359][T15834] az6027: usb out operation failed. (-71)
[ 1594.782837][T15834] dvb-usb: no frontend was attached by 'Elgato EyeTV Sat'
[ 1594.892531][T15834] input: IR-receiver inside an USB DVB receiver as /devices/platform/dummy_hcd.5/usb6/6-1/input/input51
[ 1594.919122][T15834] dvb-usb: schedule remote query interval to 400 msecs.
[ 1594.943763][T15834] dvb-usb: Elgato EyeTV Sat successfully initialized and connected.
[ 1594.982477][T15834] usb 6-1: USB disconnect, device number 101
[ 1594.999919][T24724] netlink: 8 bytes leftover after parsing attributes in process `syz.1.5412'.
[ 1595.139768][T15834] dvb-usb: Elgato EyeTV Sat successfully deinitialized and disconnected.
[ 1595.175407][T24715] random: crng reseeded on system resumption
[ 1595.208306][T24715] pim6reg: entered allmulticast mode
[ 1595.225176][T24715] pim6reg: left allmulticast mode
[ 1595.310176][T24730] binder: BINDER_SET_CONTEXT_MGR already set
[ 1595.317313][T24730] binder: 24728:24730 ioctl 4018620d 80000480 returned -16
[ 1595.333253][T16384] usb 3-1: USB disconnect, device number 75
[ 1595.343332][T16384] cp210x ttyUSB0: cp210x converter now disconnected from ttyUSB0
[ 1595.379038][T16384] cp210x 3-1:0.0: device disconnected
[ 1595.495187][T15834] usb 6-1: new high-speed USB device number 102 using dummy_hcd
[ 1595.522413][T24734] netlink: 104 bytes leftover after parsing attributes in process `syz.1.5416'.
[ 1595.555558][T24734] netlink: 104 bytes leftover after parsing attributes in process `syz.1.5416'.
[ 1595.654050][T15834] usb 6-1: Using ep0 maxpacket: 32
[ 1595.661233][T15834] usb 6-1: config 0 has an invalid interface number: 169 but max is 0
[ 1595.671345][T15834] usb 6-1: config 0 has no interface number 0
[ 1595.680202][T15834] usb 6-1: config 0 interface 169 has no altsetting 0
[ 1595.693574][T15834] usb 6-1: New USB device found, idVendor=0499, idProduct=500c, bcdDevice=33.49
[ 1595.703530][T15834] usb 6-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[ 1595.716384][T15834] usb 6-1: Product: syz
[ 1595.721793][T15834] usb 6-1: Manufacturer: syz
[ 1595.727883][T15834] usb 6-1: SerialNumber: syz
[ 1595.740029][T15834] usb 6-1: config 0 descriptor??
[ 1595.751585][T15834] usb 6-1: Quirk or no altset; falling back to MIDI 1.0
[ 1595.894433][T24293] Bluetooth: hci1: command 0x040f tx timeout
[ 1595.959827][ T5909] usb 6-1: USB disconnect, device number 102
[ 1596.055811][ T5901] keyspan 1-1:0.133: Keyspan 1 port adapter converter detected
[ 1596.068547][ T5901] keyspan 1-1:0.133: found no endpoint descriptor for endpoint 82
[ 1596.079368][ T5901] keyspan 1-1:0.133: found no endpoint descriptor for endpoint 81
[ 1596.088039][ T5901] keyspan 1-1:0.133: found no endpoint descriptor for endpoint 1
[ 1596.096421][ T5901] keyspan 1-1:0.133: found no endpoint descriptor for endpoint 2
[ 1596.108288][ T5901] usb 1-1: Keyspan 1 port adapter converter now attached to ttyUSB0
[ 1596.126546][ T5901] usb 1-1: USB disconnect, device number 28
[ 1596.151684][ T5901] keyspan_1 ttyUSB0: Keyspan 1 port adapter converter now disconnected from ttyUSB0
[ 1596.163481][ T5901] keyspan 1-1:0.133: device disconnected
[ 1596.887662][T24755] netlink: 8 bytes leftover after parsing attributes in process `syz.2.5424'.
[ 1596.900513][T24757] FAULT_INJECTION: forcing a failure.
[ 1596.900513][T24757] name failslab, interval 1, probability 0, space 0, times 0
[ 1596.914213][T24757] CPU: 0 UID: 0 PID: 24757 Comm: syz.5.5425 Tainted: G             L      syzkaller #0 PREEMPT(full) 
[ 1596.914236][T24757] Tainted: [L]=SOFTLOCKUP
[ 1596.914239][T24757] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/13/2026
[ 1596.914246][T24757] Call Trace:
[ 1596.914251][T24757]  <TASK>
[ 1596.914256][T24757]  dump_stack_lvl+0xe8/0x150
[ 1596.914274][T24757]  should_fail_ex+0x412/0x560
[ 1596.914289][T24757]  should_failslab+0xa8/0x100
[ 1596.914302][T24757]  __kmalloc_cache_noprof+0x83/0x6e0
[ 1596.914313][T24757]  ? xfrm_policy_alloc+0x78/0x2b0
[ 1596.914330][T24757]  xfrm_policy_alloc+0x78/0x2b0
[ 1596.914345][T24757]  pfkey_spdadd+0x310/0x1a90
[ 1596.914358][T24757]  ? lockdep_hardirqs_on+0x7a/0x110
[ 1596.914370][T24757]  ? __pfx_pfkey_spdadd+0x10/0x10
[ 1596.914379][T24757]  ? pfkey_broadcast+0x3c2/0x3e0
[ 1596.914400][T24757]  pfkey_sendmsg+0xc56/0x1120
[ 1596.914417][T24757]  ? __pfx_pfkey_sendmsg+0x10/0x10
[ 1596.914436][T24757]  ? __import_iovec+0x5d4/0x7e0
[ 1596.914458][T24757]  ? aa_sock_msg_perm+0xf1/0x1b0
[ 1596.914471][T24757]  ? bpf_lsm_socket_sendmsg+0x9/0x20
[ 1596.914484][T24757]  ? __pfx_pfkey_sendmsg+0x10/0x10
[ 1596.914492][T24757]  ____sys_sendmsg+0xa68/0xad0
[ 1596.914511][T24757]  ? __pfx_____sys_sendmsg+0x10/0x10
[ 1596.914526][T24757]  ? kstrtoull+0x12f/0x1d0
[ 1596.914541][T24757]  ___sys_sendmsg+0x2a5/0x360
[ 1596.914554][T24757]  ? __lock_acquire+0x6b5/0x2cf0
[ 1596.914570][T24757]  ? __pfx____sys_sendmsg+0x10/0x10
[ 1596.914584][T24757]  ? get_pid_task+0x20/0x1f0
[ 1596.914595][T24757]  ? get_pid_task+0x20/0x1f0
[ 1596.914604][T24757]  ? get_pid_task+0x20/0x1f0
[ 1596.914627][T24757]  ? __fget_files+0x2a/0x420
[ 1596.914637][T24757]  ? __fget_files+0x3a0/0x420
[ 1596.914653][T24757]  __sys_sendmsg+0x183/0x260
[ 1596.914666][T24757]  ? __pfx___sys_sendmsg+0x10/0x10
[ 1596.914685][T24757]  ? __pfx_ksys_write+0x10/0x10
[ 1596.914703][T24757]  __do_fast_syscall_32+0x1d2/0x540
[ 1596.914714][T24757]  ? lockdep_hardirqs_on+0x7a/0x110
[ 1596.914723][T24757]  ? do_fast_syscall_32+0x33/0x70
[ 1596.914733][T24757]  ? asm_int80_emulation+0x1a/0x20
[ 1596.914742][T24757]  ? do_int80_emulation+0x20e/0x400
[ 1596.914754][T24757]  do_fast_syscall_32+0x33/0x70
[ 1596.914765][T24757]  entry_SYSENTER_compat_after_hwframe+0x84/0x8e
[ 1596.914777][T24757] RIP: 0023:0xf7f67539
[ 1596.914787][T24757] Code: 03 74 b4 01 10 07 03 74 b0 01 10 08 03 74 d8 01 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 51 52 55 89 e5 0f 34 cd 80 <5d> 5a 59 c3 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90
[ 1596.914794][T24757] RSP: 002b:00000000f542650c EFLAGS: 00000206 ORIG_RAX: 0000000000000172
[ 1596.914810][T24757] RAX: ffffffffffffffda RBX: 0000000000000003 RCX: 0000000080000180
[ 1596.914817][T24757] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000000000000
[ 1596.914823][T24757] RBP: 0000000000000000 R08: 0000000000000000 R09: 0000000000000000
[ 1596.914829][T24757] R10: 0000000000000000 R11: 0000000000000206 R12: 0000000000000000
[ 1596.914834][T24757] R13: 0000000000000000 R14: 0000000000000000 R15: 0000000000000000
[ 1596.914849][T24757]  </TASK>
[ 1596.946472][T24755] macvlan2: entered promiscuous mode
[ 1597.134035][ T5901] usb 2-1: new high-speed USB device number 112 using dummy_hcd
[ 1597.236122][T24755] macvlan2: entered allmulticast mode
[ 1597.263464][T24755] mac80211_hwsim hwsim122 wlan0: entered allmulticast mode
[ 1597.435589][ T5901] usb 2-1: Using ep0 maxpacket: 32
[ 1597.459364][ T5901] usb 2-1: config 0 has an invalid interface number: 67 but max is 0
[ 1597.471995][ T5901] usb 2-1: config 0 has no interface number 0
[ 1597.488195][ T5901] usb 2-1: New USB device found, idVendor=0424, idProduct=9901, bcdDevice=c2.57
[ 1597.500561][ T5901] usb 2-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[ 1597.511992][ T5901] usb 2-1: Product: syz
[ 1597.519180][ T5901] usb 2-1: Manufacturer: syz
[ 1597.524816][ T5901] usb 2-1: SerialNumber: syz
[ 1597.537802][ T5901] usb 2-1: config 0 descriptor??
[ 1597.552051][ T5901] smsc95xx v2.0.0
[ 1597.593388][T24771] input: syz1 as /devices/virtual/input/input52
[ 1597.974298][T24293] Bluetooth: hci1: command 0x040f tx timeout
[ 1598.018483][T24752] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy
[ 1598.029602][ T5901] smsc95xx 2-1:0.67 (unnamed net_device) (uninitialized): Failed to read reg index 0x00000030: -32
[ 1598.052019][  T983] usb 3-1: new full-speed USB device number 76 using dummy_hcd
[ 1598.081763][ T5901] smsc95xx 2-1:0.67 (unnamed net_device) (uninitialized): Error reading E2P_CMD
[ 1598.144633][T24752] misc raw-gadget: fail, usb_gadget_register_driver returned -16
[ 1598.252827][  T983] usb 3-1: config 0 has an invalid interface number: 133 but max is 0
[ 1598.262876][  T983] usb 3-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config
[ 1598.273878][  T983] usb 3-1: config 0 has no interface number 0
[ 1598.319807][  T983] usb 3-1: New USB device found, idVendor=06cd, idProduct=0121, bcdDevice=dd.3d
[ 1598.329090][  T983] usb 3-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[ 1598.338437][  T983] usb 3-1: Product: syz
[ 1598.347760][  T983] usb 3-1: Manufacturer: syz
[ 1598.365414][  T983] usb 3-1: SerialNumber: syz
[ 1598.381716][  T983] usb 3-1: config 0 descriptor??
[ 1598.429961][T24780] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy
[ 1598.441506][T24780] misc raw-gadget: fail, usb_gadget_register_driver returned -16
[ 1599.791137][ T5901] smsc95xx 2-1:0.67 (unnamed net_device) (uninitialized): Failed to write reg index 0x00000014: -71
[ 1599.809357][ T5901] smsc95xx 2-1:0.67: probe with driver smsc95xx failed with error -71
[ 1599.830243][ T5901] usb 2-1: USB disconnect, device number 112
[ 1599.991120][T15834] usb 1-1: new high-speed USB device number 29 using dummy_hcd
[ 1600.075230][T24293] Bluetooth: hci1: command 0x040f tx timeout
[ 1600.166443][T15834] usb 1-1: New USB device found, idVendor=0bed, idProduct=1100, bcdDevice=ec.c3
[ 1600.175956][T15834] usb 1-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[ 1600.193302][T15834] usb 1-1: config 0 descriptor??
[ 1600.204919][T15834] cp210x 1-1:0.0: cp210x converter detected
[ 1600.630308][  T983] keyspan 3-1:0.133: Keyspan 1 port adapter converter detected
[ 1600.640349][  T983] keyspan 3-1:0.133: found no endpoint descriptor for endpoint 82
[ 1600.665056][  T983] keyspan 3-1:0.133: found no endpoint descriptor for endpoint 81
[ 1600.679689][  T983] keyspan 3-1:0.133: found no endpoint descriptor for endpoint 1
[ 1600.691187][  T983] keyspan 3-1:0.133: found no endpoint descriptor for endpoint 2
[ 1600.716440][T15834] cp210x 1-1:0.0: failed to get vendor val 0x000e size 3: -32
[ 1600.741008][  T983] usb 3-1: Keyspan 1 port adapter converter now attached to ttyUSB0
[ 1600.747918][T15834] usb 1-1: cp210x converter now attached to ttyUSB1
[ 1600.785823][  T983] usb 3-1: USB disconnect, device number 76
[ 1600.862408][  T983] keyspan_1 ttyUSB0: Keyspan 1 port adapter converter now disconnected from ttyUSB0
[ 1600.883909][  T983] keyspan 3-1:0.133: device disconnected
[ 1600.952816][T24792] random: crng reseeded on system resumption
[ 1600.987582][T24792] pim6reg: entered allmulticast mode
[ 1601.027577][T24792] pim6reg: left allmulticast mode
[ 1601.095932][T15834] usb 1-1: USB disconnect, device number 29
[ 1601.123438][T15834] cp210x ttyUSB1: cp210x converter now disconnected from ttyUSB1
[ 1601.154386][T15834] cp210x 1-1:0.0: device disconnected
[ 1601.355288][T24812] netlink: 4 bytes leftover after parsing attributes in process `syz.2.5442'.
[ 1601.694058][  T983] usb 2-1: new high-speed USB device number 113 using dummy_hcd
[ 1601.903618][  T983] usb 2-1: New USB device found, idVendor=0bed, idProduct=1100, bcdDevice=ec.c3
[ 1601.912967][  T983] usb 2-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[ 1601.923497][  T983] usb 2-1: config 0 descriptor??
[ 1601.943184][  T983] cp210x 2-1:0.0: cp210x converter detected
[ 1602.234493][T24293] Bluetooth: hci1: command 0x040f tx timeout
[ 1602.384243][ T5909] usb 1-1: new full-speed USB device number 30 using dummy_hcd
[ 1602.539092][ T5909] usb 1-1: config 0 has an invalid interface number: 53 but max is 0
[ 1602.547711][ T5909] usb 1-1: config 0 has no interface number 0
[ 1602.573041][ T5909] usb 1-1: New USB device found, idVendor=10d2, idProduct=7186, bcdDevice=23.a0
[ 1602.591687][T24823] netlink: 88 bytes leftover after parsing attributes in process `syz.5.5445'.
[ 1602.614748][ T5909] usb 1-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[ 1602.622760][ T5909] usb 1-1: Product: syz
[ 1602.630234][ T5909] usb 1-1: Manufacturer: syz
[ 1602.634917][ T5909] usb 1-1: SerialNumber: syz
[ 1602.663734][  T983] cp210x 2-1:0.0: failed to get vendor val 0x000e size 3: -32
[ 1602.679540][ T5909] usb 1-1: config 0 descriptor??
[ 1602.790027][  T983] usb 2-1: cp210x converter now attached to ttyUSB0
[ 1602.797924][T24826] netlink: 'syz.5.5445': attribute type 21 has an invalid length.
[ 1602.805918][T24826] netlink: 128 bytes leftover after parsing attributes in process `syz.5.5445'.
[ 1602.815189][T24826] netlink: 'syz.5.5445': attribute type 4 has an invalid length.
[ 1602.822995][T24826] netlink: 3 bytes leftover after parsing attributes in process `syz.5.5445'.
[ 1602.890497][T24817] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy
[ 1602.900711][T24817] misc raw-gadget: fail, usb_gadget_register_driver returned -16
[ 1602.994642][ T5909] usblcd 1-1:0.53: USBLCD model not supported.
[ 1603.009738][ T5909] usb 1-1: USB disconnect, device number 30
[ 1603.508906][  T983] usb 3-1: new high-speed USB device number 77 using dummy_hcd
[ 1603.564873][T24814] random: crng reseeded on system resumption
[ 1603.745439][  T983] usb 3-1: Using ep0 maxpacket: 32
[ 1603.812114][  T983] usb 3-1: New USB device found, idVendor=0fd9, idProduct=0025, bcdDevice=29.40
[ 1603.834046][  T983] usb 3-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[ 1603.837046][T24832] pim6reg: entered allmulticast mode
[ 1603.845065][T16384] usb 2-1: USB disconnect, device number 113
[ 1603.853864][  T983] usb 3-1: config 0 descriptor??
[ 1603.882353][T16384] cp210x ttyUSB0: cp210x converter now disconnected from ttyUSB0
[ 1603.934077][T16384] cp210x 2-1:0.0: device disconnected
[ 1604.083109][  T983] dvb-usb: found a 'Elgato EyeTV Sat' in warm state.
[ 1604.121555][  T983] dvb-usb: will pass the complete MPEG2 transport stream to the software demuxer.
[ 1604.176769][  T983] dvbdev: DVB: registering new adapter (Elgato EyeTV Sat)
[ 1604.198832][  T983] usb 3-1: media controller created
[ 1604.224806][T24844] netlink: 8 bytes leftover after parsing attributes in process `syz.5.5453'.
[ 1604.251951][T24846] netlink: 8 bytes leftover after parsing attributes in process `syz.0.5454'.
[ 1604.332073][  T983] dvbdev: dvb_create_media_entity: media entity 'dvb-demux' registered.
[ 1604.489496][T24852] netlink: 380 bytes leftover after parsing attributes in process `syz.4.5455'.
[ 1605.573748][T24859] Bluetooth: hci3: Opcode 0x0c1a failed: -4
[ 1605.580533][T24859] Bluetooth: hci2: Opcode 0x0c1a failed: -4
[ 1605.587156][T24859] Bluetooth: hci4: Opcode 0x0c1a failed: -4
[ 1605.597488][T24859] Bluetooth: hci5: Opcode 0x0c1a failed: -4
[ 1605.616856][T24859] Bluetooth: hci1: Opcode 0x0c1a failed: -4
[ 1606.582820][  T983] az6027: usb out operation failed. (-71)
[ 1606.594531][  T983] az6027: usb out operation failed. (-71)
[ 1606.601203][  T983] stb0899_attach: Driver disabled by Kconfig
[ 1606.607531][  T983] az6027: no front-end attached
[ 1606.607531][  T983] 
[ 1606.620005][  T983] az6027: usb out operation failed. (-71)
[ 1606.642214][  T983] dvb-usb: no frontend was attached by 'Elgato EyeTV Sat'
[ 1606.680082][  T983] input: IR-receiver inside an USB DVB receiver as /devices/platform/dummy_hcd.2/usb3/3-1/input/input53
[ 1606.729796][  T983] dvb-usb: schedule remote query interval to 400 msecs.
[ 1606.749808][  T983] dvb-usb: Elgato EyeTV Sat successfully initialized and connected.
[ 1606.786810][  T983] usb 3-1: USB disconnect, device number 77
[ 1606.874593][T24717] Bluetooth: hci3: command 0x0c1a tx timeout
[ 1606.875075][T24865] syzkaller0: entered promiscuous mode
[ 1606.937727][ T5912] usb 1-1: new full-speed USB device number 31 using dummy_hcd
[ 1607.148650][ T5912] usb 1-1: config 0 has an invalid interface number: 133 but max is 0
[ 1607.161438][T24865] syzkaller0: entered allmulticast mode
[ 1607.167163][ T5912] usb 1-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config
[ 1607.191826][ T5912] usb 1-1: config 0 has no interface number 0
[ 1607.209179][  T983] dvb-usb: Elgato EyeTV Sat successfully deinitialized and disconnected.
[ 1607.220457][ T5912] usb 1-1: New USB device found, idVendor=06cd, idProduct=0121, bcdDevice=dd.3d
[ 1607.229848][ T5912] usb 1-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[ 1607.238396][ T5912] usb 1-1: Product: syz
[ 1607.244246][ T5912] usb 1-1: Manufacturer: syz
[ 1607.260527][ T5912] usb 1-1: SerialNumber: syz
[ 1607.276645][ T5912] usb 1-1: config 0 descriptor??
[ 1607.551801][T24885] netlink: 8 bytes leftover after parsing attributes in process `syz.2.5468'.
[ 1607.565195][T24883] A link change request failed with some changes committed already. Interface bridge0 may have been left with an inconsistent configuration, please check.
[ 1607.590148][ T1300] ieee802154 phy0 wpan0: encryption failed: -22
[ 1607.596903][ T1300] ieee802154 phy1 wpan1: encryption failed: -22
[ 1607.658123][T24717] Bluetooth: hci1: command 0x040f tx timeout
[ 1607.658165][T24293] Bluetooth: hci5: command 0x0c1a tx timeout
[ 1607.664340][ T5144] Bluetooth: hci4: command 0x040f tx timeout
[ 1607.670202][T16386] Bluetooth: hci2: command 0x0406 tx timeout
[ 1608.010169][T24896] FAULT_INJECTION: forcing a failure.
[ 1608.010169][T24896] name failslab, interval 1, probability 0, space 0, times 0
[ 1608.058099][T24896] CPU: 1 UID: 0 PID: 24896 Comm: syz.5.5472 Tainted: G             L      syzkaller #0 PREEMPT(full) 
[ 1608.058128][T24896] Tainted: [L]=SOFTLOCKUP
[ 1608.058135][T24896] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/13/2026
[ 1608.058145][T24896] Call Trace:
[ 1608.058153][T24896]  <TASK>
[ 1608.058164][T24896]  dump_stack_lvl+0xe8/0x150
[ 1608.058191][T24896]  should_fail_ex+0x412/0x560
[ 1608.058218][T24896]  should_failslab+0xa8/0x100
[ 1608.058239][T24896]  __kmalloc_cache_noprof+0x83/0x6e0
[ 1608.058258][T24896]  ? snd_pcm_oss_change_params_locked+0x175/0x3e00
[ 1608.058285][T24896]  snd_pcm_oss_change_params_locked+0x175/0x3e00
[ 1608.058313][T24896]  ? preempt_schedule_common+0x82/0xd0
[ 1608.058332][T24896]  ? preempt_schedule_thunk+0x16/0x30
[ 1608.058362][T24896]  ? __mutex_lock+0x32d/0x1300
[ 1608.058387][T24896]  ? aa_file_perm+0x12d/0x1630
[ 1608.058412][T24896]  ? __pfx_snd_pcm_oss_change_params_locked+0x10/0x10
[ 1608.058431][T24896]  ? aa_file_perm+0x440/0x1630
[ 1608.058449][T24896]  ? finish_task_switch+0x23c/0x920
[ 1608.058473][T24896]  ? __pfx___mutex_lock+0x10/0x10
[ 1608.058505][T24896]  ? __pfx_aa_file_perm+0x10/0x10
[ 1608.058524][T24896]  ? irqentry_exit+0x59c/0x620
[ 1608.058547][T24896]  snd_pcm_oss_read+0x270/0x8e0
[ 1608.058581][T24896]  loop_rw_iter+0x425/0x660
[ 1608.058614][T24896]  __io_read+0x134b/0x1520
[ 1608.058650][T24896]  ? __pfx___io_read+0x10/0x10
[ 1608.058677][T24896]  io_read+0x4a/0x1c0
[ 1608.058700][T24896]  __io_issue_sqe+0x180/0x4b0
[ 1608.058725][T24896]  ? io_file_get_normal+0xe9/0x2d0
[ 1608.058750][T24896]  io_issue_sqe+0x165/0x1060
[ 1608.058783][T24896]  io_submit_sqes+0xbf3/0x2130
[ 1608.058838][T24896]  __se_sys_io_uring_enter+0x2f7/0x2c30
[ 1608.058868][T24896]  ? __pfx___schedule+0x10/0x10
[ 1608.058900][T24896]  ? __pfx___se_sys_io_uring_enter+0x10/0x10
[ 1608.058924][T24896]  ? lockdep_hardirqs_on+0x7a/0x110
[ 1608.058941][T24896]  ? irqentry_exit+0x59c/0x620
[ 1608.058958][T24896]  ? rcu_is_watching+0x15/0xb0
[ 1608.058990][T24896]  ? ksys_write+0x23a/0x270
[ 1608.059015][T24896]  ? fput+0xa0/0xd0
[ 1608.059041][T24896]  ? rcu_is_watching+0x15/0xb0
[ 1608.059059][T24896]  ? __ia32_sys_io_uring_enter+0x21/0xf0
[ 1608.059087][T24896]  __do_fast_syscall_32+0x1d2/0x540
[ 1608.059106][T24896]  ? lockdep_hardirqs_on+0x7a/0x110
[ 1608.059123][T24896]  ? do_fast_syscall_32+0x33/0x70
[ 1608.059139][T24896]  ? asm_int80_emulation+0x1a/0x20
[ 1608.059155][T24896]  ? do_int80_emulation+0x20e/0x400
[ 1608.059176][T24896]  do_fast_syscall_32+0x33/0x70
[ 1608.059195][T24896]  entry_SYSENTER_compat_after_hwframe+0x84/0x8e
[ 1608.059216][T24896] RIP: 0023:0xf7f67539
[ 1608.059232][T24896] Code: 03 74 b4 01 10 07 03 74 b0 01 10 08 03 74 d8 01 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 51 52 55 89 e5 0f 34 cd 80 <5d> 5a 59 c3 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90
[ 1608.059246][T24896] RSP: 002b:00000000f542650c EFLAGS: 00000206 ORIG_RAX: 00000000000001aa
[ 1608.059266][T24896] RAX: ffffffffffffffda RBX: 0000000000000004 RCX: 00000000000048e9
[ 1608.059278][T24896] RDX: 0000000000000000 RSI: 0000000000000002 RDI: 0000000000000000
[ 1608.059289][T24896] RBP: 0000000000000000 R08: 0000000000000000 R09: 0000000000000000
[ 1608.059305][T24896] R10: 0000000000000000 R11: 0000000000000206 R12: 0000000000000000
[ 1608.059317][T24896] R13: 0000000000000000 R14: 0000000000000000 R15: 0000000000000000
[ 1608.059345][T24896]  </TASK>
[ 1608.740902][T15834] usb 3-1: new high-speed USB device number 78 using dummy_hcd
[ 1608.821638][T24906] netlink: 88 bytes leftover after parsing attributes in process `syz.1.5473'.
[ 1609.010827][T15834] usb 3-1: New USB device found, idVendor=0bed, idProduct=1100, bcdDevice=ec.c3
[ 1609.022447][T15834] usb 3-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[ 1609.045164][T15834] usb 3-1: config 0 descriptor??
[ 1609.052290][T15834] cp210x 3-1:0.0: cp210x converter detected
[ 1609.102629][T24908] netlink: 'syz.1.5473': attribute type 21 has an invalid length.
[ 1609.148046][T24908] netlink: 128 bytes leftover after parsing attributes in process `syz.1.5473'.
[ 1609.172418][T24912] netlink: 8 bytes leftover after parsing attributes in process `syz.5.5476'.
[ 1609.190902][T24908] netlink: 'syz.1.5473': attribute type 4 has an invalid length.
[ 1609.254335][T24908] netlink: 3 bytes leftover after parsing attributes in process `syz.1.5473'.
[ 1609.486244][T24915] netlink: 380 bytes leftover after parsing attributes in process `syz.5.5477'.
[ 1609.522464][T24903] Bluetooth: hci3: Opcode 0x0c1a failed: -4
[ 1609.604469][T24903] Bluetooth: hci2: Opcode 0x0c1a failed: -4
[ 1609.641311][ T5912] keyspan 1-1:0.133: Keyspan 1 port adapter converter detected
[ 1609.652294][T24903] Bluetooth: hci4: Opcode 0x0c1a failed: -4
[ 1609.808352][ T5912] keyspan 1-1:0.133: found no endpoint descriptor for endpoint 82
[ 1609.826146][ T5912] keyspan 1-1:0.133: found no endpoint descriptor for endpoint 81
[ 1609.849780][ T5912] keyspan 1-1:0.133: found no endpoint descriptor for endpoint 1
[ 1609.861474][T24903] Bluetooth: hci5: Opcode 0x0c1a failed: -4
[ 1609.868211][ T5912] keyspan 1-1:0.133: found no endpoint descriptor for endpoint 2
[ 1609.876898][T24903] Bluetooth: hci1: Opcode 0x0c1a failed: -4
[ 1609.885041][T15834] cp210x 3-1:0.0: failed to get vendor val 0x000e size 3: -32
[ 1609.954872][T15834] usb 3-1: cp210x converter now attached to ttyUSB1
[ 1609.972265][ T5912] usb 1-1: Keyspan 1 port adapter converter now attached to ttyUSB0
[ 1610.005112][ T5912] usb 1-1: USB disconnect, device number 31
[ 1610.027059][ T5912] keyspan_1 ttyUSB0: Keyspan 1 port adapter converter now disconnected from ttyUSB0
[ 1610.038523][T24923] netlink: 8 bytes leftover after parsing attributes in process `syz.5.5479'.
[ 1610.056687][ T5912] keyspan 1-1:0.133: device disconnected
[ 1610.132927][T24925] syzkaller0: entered promiscuous mode
[ 1610.153723][T24925] syzkaller0: entered allmulticast mode
[ 1610.163566][T24892] random: crng reseeded on system resumption
[ 1610.220567][T24892] pim6reg: entered allmulticast mode
[ 1610.229721][T24929] netlink: 380 bytes leftover after parsing attributes in process `syz.1.5480'.
[ 1610.246242][ T5912] usb 3-1: USB disconnect, device number 78
[ 1610.256914][ T5912] cp210x ttyUSB1: cp210x converter now disconnected from ttyUSB1
[ 1610.271498][ T5912] cp210x 3-1:0.0: device disconnected
[ 1610.786193][T24943] FAULT_INJECTION: forcing a failure.
[ 1610.786193][T24943] name fail_usercopy, interval 1, probability 0, space 0, times 0
[ 1610.810166][T24943] CPU: 1 UID: 0 PID: 24943 Comm: syz.5.5487 Tainted: G             L      syzkaller #0 PREEMPT(full) 
[ 1610.810197][T24943] Tainted: [L]=SOFTLOCKUP
[ 1610.810203][T24943] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/13/2026
[ 1610.810211][T24943] Call Trace:
[ 1610.810216][T24943]  <TASK>
[ 1610.810221][T24943]  dump_stack_lvl+0xe8/0x150
[ 1610.810240][T24943]  should_fail_ex+0x412/0x560
[ 1610.810255][T24943]  _copy_from_iter+0x1d3/0x1670
[ 1610.810272][T24943]  ? trace_kmem_cache_alloc+0x1f/0xb0
[ 1610.810289][T24943]  ? __pfx__copy_from_iter+0x10/0x10
[ 1610.810302][T24943]  ? __build_skb_around+0x22d/0x3c0
[ 1610.810315][T24943]  ? __alloc_skb+0x193/0x390
[ 1610.810326][T24943]  ? netlink_sendmsg+0x650/0xb40
[ 1610.810337][T24943]  ? skb_put+0x11b/0x210
[ 1610.810350][T24943]  netlink_sendmsg+0x6c0/0xb40
[ 1610.810365][T24943]  ? __pfx_netlink_sendmsg+0x10/0x10
[ 1610.810377][T24943]  ? aa_sock_msg_perm+0xf1/0x1b0
[ 1610.810397][T24943]  ? bpf_lsm_socket_sendmsg+0x9/0x20
[ 1610.810409][T24943]  ? __pfx_netlink_sendmsg+0x10/0x10
[ 1610.810419][T24943]  ____sys_sendmsg+0xa68/0xad0
[ 1610.810437][T24943]  ? __pfx_____sys_sendmsg+0x10/0x10
[ 1610.810452][T24943]  ? kstrtoull+0x12f/0x1d0
[ 1610.810466][T24943]  ___sys_sendmsg+0x2a5/0x360
[ 1610.810479][T24943]  ? __lock_acquire+0x6b5/0x2cf0
[ 1610.810500][T24943]  ? __pfx____sys_sendmsg+0x10/0x10
[ 1610.810514][T24943]  ? get_pid_task+0x20/0x1f0
[ 1610.810525][T24943]  ? get_pid_task+0x20/0x1f0
[ 1610.810534][T24943]  ? get_pid_task+0x20/0x1f0
[ 1610.810557][T24943]  ? __fget_files+0x2a/0x420
[ 1610.810567][T24943]  ? __fget_files+0x3a0/0x420
[ 1610.810582][T24943]  __sys_sendmsg+0x183/0x260
[ 1610.810596][T24943]  ? __pfx___sys_sendmsg+0x10/0x10
[ 1610.810614][T24943]  ? __pfx_ksys_write+0x10/0x10
[ 1610.810632][T24943]  __do_fast_syscall_32+0x1d2/0x540
[ 1610.810657][T24943]  ? lockdep_hardirqs_on+0x7a/0x110
[ 1610.810666][T24943]  ? do_fast_syscall_32+0x33/0x70
[ 1610.810677][T24943]  ? asm_int80_emulation+0x1a/0x20
[ 1610.810686][T24943]  ? do_int80_emulation+0x20e/0x400
[ 1610.810698][T24943]  do_fast_syscall_32+0x33/0x70
[ 1610.810709][T24943]  entry_SYSENTER_compat_after_hwframe+0x84/0x8e
[ 1610.810721][T24943] RIP: 0023:0xf7f67539
[ 1610.810731][T24943] Code: 03 74 b4 01 10 07 03 74 b0 01 10 08 03 74 d8 01 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 51 52 55 89 e5 0f 34 cd 80 <5d> 5a 59 c3 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90
[ 1610.810738][T24943] RSP: 002b:00000000f542650c EFLAGS: 00000206 ORIG_RAX: 0000000000000172
[ 1610.810752][T24943] RAX: ffffffffffffffda RBX: 0000000000000003 RCX: 0000000080000100
[ 1610.810763][T24943] RDX: 0000000000040010 RSI: 0000000000000000 RDI: 0000000000000000
[ 1610.810774][T24943] RBP: 0000000000000000 R08: 0000000000000000 R09: 0000000000000000
[ 1610.810783][T24943] R10: 0000000000000000 R11: 0000000000000206 R12: 0000000000000000
[ 1610.810794][T24943] R13: 0000000000000000 R14: 0000000000000000 R15: 0000000000000000
[ 1610.810825][T24943]  </TASK>
[ 1611.494404][T16386] Bluetooth: hci3: command 0x0c1a tx timeout
[ 1611.667797][T16386] Bluetooth: hci4: command 0x040f tx timeout
[ 1611.677031][   T30] kauditd_printk_skb: 18 callbacks suppressed
[ 1611.677046][   T30] audit: type=1804 audit(1769623065.176:734): pid=24956 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=invalid_pcr cause=open_writers comm="syz.2.5490" name="/newroot/16/bus" dev="tmpfs" ino=102 res=1 errno=0
[ 1611.677052][T16386] Bluetooth: hci2: command 0x0406 tx timeout
[ 1611.824389][T16384] usb 1-1: new full-speed USB device number 32 using dummy_hcd
[ 1611.824455][T24959] netlink: 56 bytes leftover after parsing attributes in process `syz.5.5491'.
[ 1611.846459][T24955] netlink: 380 bytes leftover after parsing attributes in process `syz.1.5489'.
[ 1611.925989][T24293] Bluetooth: hci5: command 0x0c1a tx timeout
[ 1611.974412][T24293] Bluetooth: hci1: command 0x040f tx timeout
[ 1612.024206][  T983] usb 3-1: new high-speed USB device number 79 using dummy_hcd
[ 1612.060675][T16384] usb 1-1: config 0 has an invalid interface number: 133 but max is 0
[ 1612.070413][T16384] usb 1-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config
[ 1612.312914][T16384] usb 1-1: config 0 has no interface number 0
[ 1612.711744][  T983] usb 3-1: Using ep0 maxpacket: 32
[ 1612.839877][  T983] usb 3-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config
[ 1612.870822][  T983] usb 3-1: New USB device found, idVendor=d5ff, idProduct=0066, bcdDevice=d8.b0
[ 1612.885103][  T983] usb 3-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[ 1612.914838][T16384] usb 1-1: New USB device found, idVendor=06cd, idProduct=0121, bcdDevice=dd.3d
[ 1612.928107][  T983] usb 3-1: config 0 descriptor??
[ 1612.933191][T16384] usb 1-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[ 1612.947960][  T983] usb 3-1: bad CDC descriptors
[ 1612.966849][T16384] usb 1-1: Product: syz
[ 1612.971051][T16384] usb 1-1: Manufacturer: syz
[ 1612.978314][T16384] usb 1-1: SerialNumber: syz
[ 1612.990568][T16384] usb 1-1: config 0 descriptor??
[ 1613.049627][T24963] syzkaller0: entered promiscuous mode
[ 1613.055469][T24963] syzkaller0: entered allmulticast mode
[ 1614.716490][T16384] keyspan 1-1:0.133: Keyspan 1 port adapter converter detected
[ 1614.731179][T16384] keyspan 1-1:0.133: found no endpoint descriptor for endpoint 82
[ 1614.745737][T16384] keyspan 1-1:0.133: found no endpoint descriptor for endpoint 81
[ 1614.780882][T16384] keyspan 1-1:0.133: found no endpoint descriptor for endpoint 1
[ 1614.811922][T16384] keyspan 1-1:0.133: found no endpoint descriptor for endpoint 2
[ 1614.849527][T16384] usb 1-1: Keyspan 1 port adapter converter now attached to ttyUSB0
[ 1614.916932][T16384] usb 1-1: USB disconnect, device number 32
[ 1614.945828][T16384] keyspan_1 ttyUSB0: Keyspan 1 port adapter converter now disconnected from ttyUSB0
[ 1614.957855][T16384] keyspan 1-1:0.133: device disconnected
[ 1615.356400][T24989] FAULT_INJECTION: forcing a failure.
[ 1615.356400][T24989] name failslab, interval 1, probability 0, space 0, times 0
[ 1615.371925][T24989] CPU: 1 UID: 0 PID: 24989 Comm: syz.5.5501 Tainted: G             L      syzkaller #0 PREEMPT(full) 
[ 1615.371944][T24989] Tainted: [L]=SOFTLOCKUP
[ 1615.371948][T24989] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/13/2026
[ 1615.371955][T24989] Call Trace:
[ 1615.371960][T24989]  <TASK>
[ 1615.371964][T24989]  dump_stack_lvl+0xe8/0x150
[ 1615.371982][T24989]  should_fail_ex+0x412/0x560
[ 1615.371997][T24989]  should_failslab+0xa8/0x100
[ 1615.372010][T24989]  __kmalloc_cache_noprof+0x83/0x6e0
[ 1615.372021][T24989]  ? __io_uring_add_tctx_node+0x148/0x4f0
[ 1615.372039][T24989]  __io_uring_add_tctx_node+0x148/0x4f0
[ 1615.372055][T24989]  ? __pfx___io_uring_add_tctx_node+0x10/0x10
[ 1615.372068][T24989]  ? __fget_files+0x2a/0x420
[ 1615.372081][T24989]  ? __fget_files+0x2a/0x420
[ 1615.372093][T24989]  __io_uring_add_tctx_node_from_submit+0x90/0x120
[ 1615.372109][T24989]  __se_sys_io_uring_enter+0x263b/0x2c30
[ 1615.372135][T24989]  ? ksys_write+0x1e6/0x270
[ 1615.372149][T24989]  ? __pfx___se_sys_io_uring_enter+0x10/0x10
[ 1615.372165][T24989]  ? __mutex_unlock_slowpath+0x1bd/0x7d0
[ 1615.372180][T24989]  ? __pfx___mutex_unlock_slowpath+0x10/0x10
[ 1615.372192][T24989]  ? __fget_files+0x3a0/0x420
[ 1615.372206][T24989]  ? fput+0xa0/0xd0
[ 1615.372217][T24989]  ? ksys_write+0x242/0x270
[ 1615.372232][T24989]  ? __pfx_ksys_write+0x10/0x10
[ 1615.372247][T24989]  ? __ia32_sys_io_uring_enter+0x21/0xf0
[ 1615.372264][T24989]  __do_fast_syscall_32+0x1d2/0x540
[ 1615.372275][T24989]  ? lockdep_hardirqs_on+0x7a/0x110
[ 1615.372284][T24989]  ? do_fast_syscall_32+0x33/0x70
[ 1615.372294][T24989]  ? asm_int80_emulation+0x1a/0x20
[ 1615.372303][T24989]  ? do_int80_emulation+0x20e/0x400
[ 1615.372315][T24989]  do_fast_syscall_32+0x33/0x70
[ 1615.372326][T24989]  entry_SYSENTER_compat_after_hwframe+0x84/0x8e
[ 1615.372338][T24989] RIP: 0023:0xf7f67539
[ 1615.372348][T24989] Code: 03 74 b4 01 10 07 03 74 b0 01 10 08 03 74 d8 01 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 51 52 55 89 e5 0f 34 cd 80 <5d> 5a 59 c3 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90
[ 1615.372356][T24989] RSP: 002b:00000000f540550c EFLAGS: 00000206 ORIG_RAX: 00000000000001aa
[ 1615.372368][T24989] RAX: ffffffffffffffda RBX: 0000000000000006 RCX: 0000000000003516
[ 1615.372375][T24989] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000000000000
[ 1615.372380][T24989] RBP: 0000000000000000 R08: 0000000000000000 R09: 0000000000000000
[ 1615.372386][T24989] R10: 0000000000000000 R11: 0000000000000206 R12: 0000000000000000
[ 1615.372392][T24989] R13: 0000000000000000 R14: 0000000000000000 R15: 0000000000000000
[ 1615.372405][T24989]  </TASK>
[ 1615.717852][T24994] netlink: 380 bytes leftover after parsing attributes in process `syz.0.5504'.
[ 1615.926759][T24997] syzkaller0: entered promiscuous mode
[ 1615.932241][T24997] syzkaller0: entered allmulticast mode
[ 1615.944913][T16384] usb 3-1: USB disconnect, device number 79
[ 1616.028643][T15834] usb 2-1: new full-speed USB device number 114 using dummy_hcd
[ 1616.067477][T25000] openvswitch: netlink: Actions may not be safe on all matching packets
[ 1616.227281][T15834] usb 2-1: config 0 has an invalid interface number: 133 but max is 0
[ 1616.238507][T15834] usb 2-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config
[ 1616.324362][T15834] usb 2-1: config 0 has no interface number 0
[ 1616.372697][T15834] usb 2-1: New USB device found, idVendor=06cd, idProduct=0121, bcdDevice=dd.3d
[ 1616.404017][T15834] usb 2-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[ 1616.461580][T15834] usb 2-1: Product: syz
[ 1616.469918][T15834] usb 2-1: Manufacturer: syz
[ 1616.477820][T15834] usb 2-1: SerialNumber: syz
[ 1616.484790][T15834] usb 2-1: config 0 descriptor??
[ 1616.554324][T16384] usb 1-1: new high-speed USB device number 33 using dummy_hcd
[ 1616.797129][T16384] usb 1-1: New USB device found, idVendor=0bed, idProduct=1100, bcdDevice=ec.c3
[ 1616.852904][T16384] usb 1-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[ 1616.909041][T16384] usb 1-1: config 0 descriptor??
[ 1616.956144][T16384] cp210x 1-1:0.0: cp210x converter detected
[ 1617.393900][T16384] cp210x 1-1:0.0: failed to get vendor val 0x000e size 3: -32
[ 1617.443322][T16384] usb 1-1: cp210x converter now attached to ttyUSB0
[ 1617.542998][T25016] Bluetooth: hci3: Opcode 0x0c1a failed: -4
[ 1617.567075][T25016] Bluetooth: hci2: Opcode 0x0c1a failed: -4
[ 1617.573583][T25016] Bluetooth: hci4: Opcode 0x0c1a failed: -4
[ 1617.579858][T25016] Bluetooth: hci5: Opcode 0x0c1a failed: -4
[ 1617.586123][T25016] Bluetooth: hci1: Opcode 0x0c1a failed: -4
[ 1617.783127][T16384] usb 1-1: USB disconnect, device number 33
[ 1617.798040][T16384] cp210x ttyUSB0: cp210x converter now disconnected from ttyUSB0
[ 1617.844801][T16384] cp210x 1-1:0.0: device disconnected
[ 1618.173640][T24907] usb 6-1: new full-speed USB device number 103 using dummy_hcd
[ 1618.408434][T24907] usb 6-1: config 0 has an invalid interface number: 133 but max is 0
[ 1618.424181][T24907] usb 6-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config
[ 1618.495629][T24907] usb 6-1: config 0 has no interface number 0
[ 1618.584944][T24907] usb 6-1: New USB device found, idVendor=06cd, idProduct=0121, bcdDevice=dd.3d
[ 1618.594150][T24907] usb 6-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[ 1618.632041][T24907] usb 6-1: Product: syz
[ 1618.644441][T24907] usb 6-1: Manufacturer: syz
[ 1618.691331][T24907] usb 6-1: SerialNumber: syz
[ 1618.768914][T24907] usb 6-1: config 0 descriptor??
[ 1618.854054][T16386] Bluetooth: hci3: command 0x0c1a tx timeout
[ 1618.913899][T15834] keyspan 2-1:0.133: Keyspan 1 port adapter converter detected
[ 1618.924389][T15834] keyspan 2-1:0.133: found no endpoint descriptor for endpoint 82
[ 1618.982414][T15834] keyspan 2-1:0.133: found no endpoint descriptor for endpoint 81
[ 1619.016189][T15834] keyspan 2-1:0.133: found no endpoint descriptor for endpoint 1
[ 1619.041660][T15834] keyspan 2-1:0.133: found no endpoint descriptor for endpoint 2
[ 1619.065771][T15834] usb 2-1: Keyspan 1 port adapter converter now attached to ttyUSB0
[ 1619.088615][T25023] netlink: 20 bytes leftover after parsing attributes in process `syz.2.5514'.
[ 1619.184382][T15834] usb 2-1: USB disconnect, device number 114
[ 1619.233576][T15834] keyspan_1 ttyUSB0: Keyspan 1 port adapter converter now disconnected from ttyUSB0
[ 1619.258584][T15834] keyspan 2-1:0.133: device disconnected
[ 1619.451308][T25032] ªªªªªª: renamed from vlan0 (while UP)
[ 1619.540177][T25036] netlink: 380 bytes leftover after parsing attributes in process `syz.4.5518'.
[ 1619.557108][T25038] syzkaller0: entered promiscuous mode
[ 1619.566140][T25038] syzkaller0: entered allmulticast mode
[ 1619.584350][T16386] Bluetooth: hci2: command 0x0406 tx timeout
[ 1619.745539][T24293] Bluetooth: hci5: command 0x0c1a tx timeout
[ 1619.748822][ T5144] Bluetooth: hci4: command 0x040f tx timeout
[ 1619.751591][T16386] Bluetooth: hci1: command 0x040f tx timeout
[ 1619.816914][T25044] openvswitch: netlink: Actions may not be safe on all matching packets
[ 1620.502629][T25039] Bluetooth: hci3: Opcode 0x0c1a failed: -4
[ 1620.508944][T25039] Bluetooth: hci2: Opcode 0x0c1a failed: -4
[ 1620.517247][T25039] Bluetooth: hci4: Opcode 0x0c1a failed: -4
[ 1620.571932][T24907] keyspan 6-1:0.133: Keyspan 1 port adapter converter detected
[ 1620.602174][T25054] openvswitch: netlink: Actions may not be safe on all matching packets
[ 1620.610884][T24907] keyspan 6-1:0.133: found no endpoint descriptor for endpoint 82
[ 1620.621258][T24907] keyspan 6-1:0.133: found no endpoint descriptor for endpoint 81
[ 1620.632120][T24907] keyspan 6-1:0.133: found no endpoint descriptor for endpoint 1
[ 1620.651696][T25039] Bluetooth: hci5: Opcode 0x0c1a failed: -4
[ 1620.659046][T24907] keyspan 6-1:0.133: found no endpoint descriptor for endpoint 2
[ 1620.724494][T24907] usb 6-1: Keyspan 1 port adapter converter now attached to ttyUSB0
[ 1620.746789][T24907] usb 6-1: USB disconnect, device number 103
[ 1620.782728][T24907] keyspan_1 ttyUSB0: Keyspan 1 port adapter converter now disconnected from ttyUSB0
[ 1620.798057][T24907] keyspan 6-1:0.133: device disconnected
[ 1620.967415][T25039] Bluetooth: hci1: Opcode 0x0c1a failed: -4
[ 1621.264138][T24907] usb 1-1: new high-speed USB device number 34 using dummy_hcd
[ 1621.737937][T16386] Bluetooth: hci3: command 0x0c1a tx timeout
[ 1621.773882][T15834] usb 6-1: new high-speed USB device number 104 using dummy_hcd
[ 1621.799263][T25067] netlink: 20 bytes leftover after parsing attributes in process `syz.1.5528'.
[ 1621.959565][T24907] usb 1-1: New USB device found, idVendor=0bed, idProduct=1100, bcdDevice=ec.c3
[ 1622.071219][T25077] netlink: 52 bytes leftover after parsing attributes in process `syz.1.5530'.
[ 1622.082596][T25077] netlink: 180 bytes leftover after parsing attributes in process `syz.1.5530'.
[ 1622.102727][T15834] usb 6-1: New USB device found, idVendor=0bed, idProduct=1100, bcdDevice=ec.c3
[ 1622.117272][T24907] usb 1-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[ 1622.126331][T15834] usb 6-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[ 1622.159695][T24907] usb 1-1: config 0 descriptor??
[ 1622.175345][T24907] cp210x 1-1:0.0: cp210x converter detected
[ 1622.246973][T15834] usb 6-1: config 0 descriptor??
[ 1622.262431][T15834] cp210x 6-1:0.0: cp210x converter detected
[ 1622.545282][T16386] Bluetooth: hci4: command 0x040f tx timeout
[ 1622.551425][T24293] Bluetooth: hci2: command 0x0406 tx timeout
[ 1622.696954][T16386] Bluetooth: hci5: command 0x0c1a tx timeout
[ 1622.697044][T24907] cp210x 1-1:0.0: failed to get vendor val 0x000e size 3: -32
[ 1622.749992][T25078] Bluetooth: hci3: Opcode 0x0c1a failed: -4
[ 1622.769960][T25078] Bluetooth: hci2: Opcode 0x0c1a failed: -4
[ 1622.777034][T24907] usb 1-1: cp210x converter now attached to ttyUSB0
[ 1622.784734][T15834] cp210x 6-1:0.0: failed to get vendor val 0x000e size 3: -32
[ 1622.805042][T15834] usb 6-1: cp210x converter now attached to ttyUSB1
[ 1622.828594][T25078] Bluetooth: hci4: Opcode 0x0c1a failed: -4
[ 1622.847975][T25078] Bluetooth: hci5: Opcode 0x0c1a failed: -4
[ 1622.863519][T25078] Bluetooth: hci1: Opcode 0x0c1a failed: -4
[ 1622.989112][T15834] usb 1-1: USB disconnect, device number 34
[ 1622.997705][T15834] cp210x ttyUSB0: cp210x converter now disconnected from ttyUSB0
[ 1623.045273][T25062] pim6reg: left allmulticast mode
[ 1623.114623][T24907] usb 6-1: USB disconnect, device number 104
[ 1623.138897][T24907] cp210x ttyUSB1: cp210x converter now disconnected from ttyUSB1
[ 1623.196786][T15834] cp210x 1-1:0.0: device disconnected
[ 1623.218957][T24907] cp210x 6-1:0.0: device disconnected
[ 1623.580444][T25091] openvswitch: netlink: Actions may not be safe on all matching packets
[ 1623.719629][T25097] netlink: 380 bytes leftover after parsing attributes in process `syz.0.5537'.
[ 1623.934045][T15834] usb 2-1: new high-speed USB device number 115 using dummy_hcd
[ 1624.106290][T15834] usb 2-1: config 220 has an invalid interface number: 76 but max is 2
[ 1624.124074][T15834] usb 2-1: config 220 contains an unexpected descriptor of type 0x2, skipping
[ 1624.141307][T15834] usb 2-1: config 220 has an invalid descriptor of length 0, skipping remainder of the config
[ 1624.164346][T15834] usb 2-1: config 220 has no interface number 2
[ 1624.170985][T15834] usb 2-1: config 220 interface 1 altsetting 5 has 0 endpoint descriptors, different from the interface descriptor's value: 12
[ 1624.186156][T15834] usb 2-1: config 220 interface 0 has no altsetting 0
[ 1624.194931][ T5912] usb 3-1: new high-speed USB device number 80 using dummy_hcd
[ 1624.197901][T25109] netlink: 104 bytes leftover after parsing attributes in process `syz.5.5543'.
[ 1624.202639][T15834] usb 2-1: config 220 interface 76 has no altsetting 0
[ 1624.218796][T10476] usb 1-1: new high-speed USB device number 35 using dummy_hcd
[ 1624.235847][T25109] netlink: 104 bytes leftover after parsing attributes in process `syz.5.5543'.
[ 1624.245478][T15834] usb 2-1: config 220 interface 1 has no altsetting 0
[ 1624.256060][T15834] usb 2-1: New USB device found, idVendor=8086, idProduct=0b07, bcdDevice=6c.b9
[ 1624.275218][T15834] usb 2-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[ 1624.286304][T15834] usb 2-1: Product: syz
[ 1624.290491][T15834] usb 2-1: Manufacturer: syz
[ 1624.302011][T15834] usb 2-1: SerialNumber: syz
[ 1624.374082][T16386] Bluetooth: hci3: command 0x0c1a tx timeout
[ 1624.385488][T10476] usb 1-1: config index 0 descriptor too short (expected 65476, got 16)
[ 1624.395226][ T5912] usb 3-1: New USB device found, idVendor=0cf3, idProduct=9271, bcdDevice= 1.08
[ 1624.395232][T10476] usb 1-1: config 1 has an invalid descriptor of length 9, skipping remainder of the config
[ 1624.395256][ T5912] usb 3-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[ 1624.405601][T10476] usb 1-1: config 1 has 0 interfaces, different from the descriptor's value: 1
[ 1624.415511][ T5912] usb 3-1: Product: syz
[ 1624.435455][T10476] usb 1-1: New USB device found, idVendor=0424, idProduct=7850, bcdDevice= 0.00
[ 1624.467405][T10476] usb 1-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[ 1624.476448][T10476] usb 1-1: Product: syz
[ 1624.480812][T10476] usb 1-1: Manufacturer: syz
[ 1624.488518][T10476] usb 1-1: SerialNumber: syz
[ 1624.500147][ T5912] usb 3-1: Manufacturer: syz
[ 1624.507304][ T5912] usb 3-1: SerialNumber: syz
[ 1624.520213][T15834] usb 2-1: selecting invalid altsetting 0
[ 1624.532631][T15834] uvcvideo 2-1:220.0: Found UVC 7.01 device syz (8086:0b07)
[ 1624.550484][ T5912] usb 3-1: ath9k_htc: Firmware ath9k_htc/htc_9271-1.4.0.fw requested
[ 1624.561648][T15834] uvcvideo 2-1:220.0: No valid video chain found.
[ 1624.593233][T15834] usb 2-1: selecting invalid altsetting 0
[ 1624.602704][T15834] usbtest 2-1:220.1: probe with driver usbtest failed with error -22
[ 1624.616459][T15834] usb 2-1: USB disconnect, device number 115
[ 1624.648534][T24907] usb 3-1: ath9k_htc: Transferred FW: ath9k_htc/htc_9271-1.4.0.fw, size: 51008
[ 1624.854442][T16386] Bluetooth: hci5: command 0x0c1a tx timeout
[ 1624.854995][T24293] Bluetooth: hci4: command 0x040f tx timeout
[ 1624.860603][ T5144] Bluetooth: hci2: command 0x0406 tx timeout
[ 1624.934171][ T5144] Bluetooth: hci1: command 0x040f tx timeout
[ 1625.109848][T25101] netlink: 16 bytes leftover after parsing attributes in process `syz.2.5539'.
[ 1625.121497][T10476] usb 3-1: USB disconnect, device number 80
[ 1625.734084][T24907] ath9k_htc 3-1:1.0: ath9k_htc: Target is unresponsive
[ 1625.768329][T24907] ath9k_htc: Failed to initialize the device
[ 1625.792484][T10476] usb 3-1: ath9k_htc: USB layer deinitialized
[ 1626.059559][T25119] Bluetooth: hci3: Opcode 0x0c1a failed: -4
[ 1626.084874][T25119] Bluetooth: hci2: Opcode 0x0c1a failed: -4
[ 1626.091204][T25119] Bluetooth: hci4: Opcode 0x0c1a failed: -4
[ 1626.099770][T25119] Bluetooth: hci5: Opcode 0x0c1a failed: -4
[ 1626.106134][T25119] Bluetooth: hci1: Opcode 0x0c1a failed: -4
[ 1626.340961][T25138] netlink: 380 bytes leftover after parsing attributes in process `syz.5.5549'.
[ 1626.421975][T25140] openvswitch: netlink: Actions may not be safe on all matching packets
[ 1626.932009][T16384] usb 1-1: USB disconnect, device number 35
[ 1627.010731][T25153] netlink: 20 bytes leftover after parsing attributes in process `syz.0.5554'.
[ 1627.050440][T25155] openvswitch: netlink: Message has 8 unknown bytes.
[ 1627.081084][T25155] openvswitch: netlink: Flow actions may not be safe on all matching packets.
[ 1627.094914][T10476] usb 6-1: new high-speed USB device number 105 using dummy_hcd
[ 1627.274614][T10476] usb 6-1: Using ep0 maxpacket: 32
[ 1627.327424][T10476] usb 6-1: New USB device found, idVendor=0fd9, idProduct=0025, bcdDevice=29.40
[ 1627.336887][T10476] usb 6-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[ 1627.362446][T10476] usb 6-1: config 0 descriptor??
[ 1627.433821][T16386] Bluetooth: hci3: command 0x0c1a tx timeout
[ 1627.714352][T10476] dvb-usb: found a 'Elgato EyeTV Sat' in warm state.
[ 1627.752486][T10476] dvb-usb: will pass the complete MPEG2 transport stream to the software demuxer.
[ 1627.779223][T10476] dvbdev: DVB: registering new adapter (Elgato EyeTV Sat)
[ 1627.786524][T10476] usb 6-1: media controller created
[ 1627.798336][T10476] dvbdev: dvb_create_media_entity: media entity 'dvb-demux' registered.
[ 1628.162439][T16386] Bluetooth: hci1: command 0x040f tx timeout
[ 1628.178875][T16386] Bluetooth: hci5: command 0x0c1a tx timeout
[ 1628.185572][T16386] Bluetooth: hci4: command 0x040f tx timeout
[ 1628.192793][T16386] Bluetooth: hci2: command 0x0406 tx timeout
[ 1628.280160][T25169] fuse: Bad value for 'fd'
[ 1628.331300][T25164] Bluetooth: hci3: Opcode 0x0c1a failed: -4
[ 1628.338156][T25164] Bluetooth: hci2: Opcode 0x0c1a failed: -4
[ 1628.344618][T25164] Bluetooth: hci4: Opcode 0x0c1a failed: -4
[ 1628.358959][T25164] Bluetooth: hci5: Opcode 0x0c1a failed: -4
[ 1628.371737][T25164] Bluetooth: hci1: Opcode 0x0c1a failed: -4
[ 1628.694536][T24907] usb 3-1: new high-speed USB device number 81 using dummy_hcd
[ 1628.910438][T24907] usb 3-1: New USB device found, idVendor=0bed, idProduct=1100, bcdDevice=ec.c3
[ 1628.921040][T24907] usb 3-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[ 1628.945273][T24907] usb 3-1: config 0 descriptor??
[ 1628.967799][T24907] cp210x 3-1:0.0: cp210x converter detected
[ 1629.150002][T25177] netlink: 380 bytes leftover after parsing attributes in process `syz.1.5560'.
[ 1629.528071][T24907] cp210x 3-1:0.0: failed to get vendor val 0x000e size 3: -32
[ 1629.558379][T24907] usb 3-1: cp210x converter now attached to ttyUSB0
[ 1629.674085][T16384] usb 1-1: new full-speed USB device number 36 using dummy_hcd
[ 1629.745887][T16386] Bluetooth: hci3: command 0x0c1a tx timeout
[ 1629.760340][T25166] random: crng reseeded on system resumption
[ 1629.779028][T25166] pim6reg: left allmulticast mode
[ 1629.895129][T10476] az6027: usb out operation failed. (-110)
[ 1629.902500][T10476] az6027: usb out operation failed. (-32)
[ 1629.921711][T16384] usb 1-1: config 0 has an invalid interface number: 133 but max is 0
[ 1629.967213][T16384] usb 1-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config
[ 1629.977588][T10476] stb0899_attach: Driver disabled by Kconfig
[ 1629.984813][T10476] az6027: no front-end attached
[ 1629.984813][T10476] 
[ 1629.991924][T16384] usb 1-1: config 0 has no interface number 0
[ 1630.001559][T10476] az6027: usb out operation failed. (-32)
[ 1630.021970][ T5909] usb 3-1: USB disconnect, device number 81
[ 1630.032659][T16384] usb 1-1: New USB device found, idVendor=06cd, idProduct=0121, bcdDevice=dd.3d
[ 1630.045600][ T5909] cp210x ttyUSB0: cp210x converter now disconnected from ttyUSB0
[ 1630.057004][T16384] usb 1-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[ 1630.075276][ T5909] cp210x 3-1:0.0: device disconnected
[ 1630.080766][T10476] dvb-usb: no frontend was attached by 'Elgato EyeTV Sat'
[ 1630.099065][T16384] usb 1-1: Product: syz
[ 1630.121946][T16384] usb 1-1: Manufacturer: syz
[ 1630.129064][T10476] input: IR-receiver inside an USB DVB receiver as /devices/platform/dummy_hcd.5/usb6/6-1/input/input54
[ 1630.143634][T16384] usb 1-1: SerialNumber: syz
[ 1630.173657][T16384] usb 1-1: config 0 descriptor??
[ 1630.182884][T10476] dvb-usb: schedule remote query interval to 400 msecs.
[ 1630.234733][T10476] dvb-usb: Elgato EyeTV Sat successfully initialized and connected.
[ 1630.322020][T25184] netlink: 104 bytes leftover after parsing attributes in process `syz.1.5562'.
[ 1630.343469][T25184] netlink: 104 bytes leftover after parsing attributes in process `syz.1.5562'.
[ 1630.376611][T16386] Bluetooth: hci4: command 0x040f tx timeout
[ 1630.382789][ T5144] Bluetooth: hci2: command 0x0406 tx timeout
[ 1630.454235][T16386] Bluetooth: hci1: command 0x040f tx timeout
[ 1630.474914][ T5144] Bluetooth: hci5: command 0x0c1a tx timeout
[ 1630.491077][T10476] usb 6-1: USB disconnect, device number 105
[ 1630.606985][T10476] dvb-usb: Elgato EyeTV Sat successfully deinitialized and disconnected.
[ 1630.657841][T25188] openvswitch: netlink: Actions may not be safe on all matching packets
[ 1631.215203][   T30] audit: type=1326 audit(1769623084.696:735): auid=0 uid=0 gid=0 ses=1 subj=unconfined pid=25193 comm="syz.4.5566" exe="/root/syz-executor" sig=9 arch=40000003 syscall=252 compat=1 ip=0xf7fb4539 code=0x0
[ 1631.347823][T25201] openvswitch: netlink: Missing valid actions attribute.
[ 1631.376712][T25201] openvswitch: netlink: Flow actions may not be safe on all matching packets.
[ 1631.648918][T25205] kvm_intel: set kvm_intel.dump_invalid_vmcs=1 to dump internal KVM state.
[ 1631.815977][T25212] netlink: 380 bytes leftover after parsing attributes in process `syz.5.5573'.
[ 1632.154552][T16384] keyspan 1-1:0.133: Keyspan 1 port adapter converter detected
[ 1632.171448][T16384] keyspan 1-1:0.133: found no endpoint descriptor for endpoint 82
[ 1632.226937][   T30] audit: type=1804 audit(1769623085.696:736): pid=25218 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=invalid_pcr cause=open_writers comm="syz.5.5575" name="/newroot/72/bus" dev="tmpfs" ino=388 res=1 errno=0
[ 1632.228790][T16384] keyspan 1-1:0.133: found no endpoint descriptor for endpoint 81
[ 1632.286584][T16384] keyspan 1-1:0.133: found no endpoint descriptor for endpoint 1
[ 1632.304257][T16384] keyspan 1-1:0.133: found no endpoint descriptor for endpoint 2
[ 1632.318053][T16384] usb 1-1: Keyspan 1 port adapter converter now attached to ttyUSB0
[ 1632.350266][T16384] usb 1-1: USB disconnect, device number 36
[ 1632.363206][T16384] keyspan_1 ttyUSB0: Keyspan 1 port adapter converter now disconnected from ttyUSB0
[ 1632.380826][T16384] keyspan 1-1:0.133: device disconnected
[ 1633.094271][T16384] usb 1-1: new high-speed USB device number 37 using dummy_hcd
[ 1633.347781][T16384] usb 1-1: config 0 has an invalid interface number: 142 but max is 1
[ 1633.364038][T16384] usb 1-1: config 0 has no interface number 0
[ 1633.371941][T16384] usb 1-1: config 0 interface 1 has no altsetting 0
[ 1633.388456][T16384] usb 1-1: New USB device found, idVendor=1df7, idProduct=2500, bcdDevice= 0.5e
[ 1633.404032][T16384] usb 1-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[ 1633.422199][T16384] usb 1-1: Product: syz
[ 1633.434053][T16384] usb 1-1: Manufacturer: syz
[ 1633.438698][T16384] usb 1-1: SerialNumber: syz
[ 1633.469447][T16384] usb 1-1: config 0 descriptor??
[ 1633.480962][T25230] netlink: 56 bytes leftover after parsing attributes in process `syz.2.5580'.
[ 1633.955071][T25220] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy
[ 1633.964398][T25220] misc raw-gadget: fail, usb_gadget_register_driver returned -16
[ 1633.985819][T25220] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy
[ 1634.011333][T25220] misc raw-gadget: fail, usb_gadget_register_driver returned -16
[ 1634.151028][ T5912] usb 3-1: new high-speed USB device number 82 using dummy_hcd
[ 1634.166488][T25245] netlink: 36 bytes leftover after parsing attributes in process `syz.4.5584'.
[ 1634.279285][T16384] msi2500 1-1:0.1: Registered as swradio24
[ 1634.288407][T16384] msi2500 1-1:0.1: SDR API is still slightly experimental and functionality changes may follow
[ 1634.353242][ T5912] usb 3-1: New USB device found, idVendor=0bed, idProduct=1100, bcdDevice=ec.c3
[ 1634.410311][ T5912] usb 3-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[ 1634.425126][T15834] usb 2-1: new high-speed USB device number 116 using dummy_hcd
[ 1634.475647][ T5912] usb 3-1: config 0 descriptor??
[ 1634.479267][T16384] videodev: could not get a free minor
[ 1634.488538][ T5912] cp210x 3-1:0.0: cp210x converter detected
[ 1634.536816][T16384] msi2500 1-1:0.142: Failed to register as video device (-23)
[ 1634.568772][T25250] netlink: 380 bytes leftover after parsing attributes in process `syz.4.5585'.
[ 1634.584723][T16384] msi2500 1-1:0.142: probe with driver msi2500 failed with error -23
[ 1634.665501][T16384] usb 1-1: USB disconnect, device number 37
[ 1634.717941][T15834] usb 2-1: New USB device found, idVendor=0bed, idProduct=1100, bcdDevice=ec.c3
[ 1634.734585][T15834] usb 2-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[ 1634.800529][T15834] usb 2-1: config 0 descriptor??
[ 1634.889720][T15834] cp210x 2-1:0.0: cp210x converter detected
[ 1635.033129][ T5912] cp210x 3-1:0.0: failed to get vendor val 0x000e size 3: -32
[ 1635.138183][ T5912] usb 3-1: cp210x converter now attached to ttyUSB0
[ 1635.355343][T25240] random: crng reseeded on system resumption
[ 1635.394652][T16384] usb 1-1: new full-speed USB device number 38 using dummy_hcd
[ 1635.405610][T15834] cp210x 2-1:0.0: failed to get vendor val 0x000e size 3: -32
[ 1635.579121][T15834] usb 2-1: cp210x converter now attached to ttyUSB1
[ 1635.592900][ T5912] usb 3-1: USB disconnect, device number 82
[ 1635.618336][ T5912] cp210x ttyUSB0: cp210x converter now disconnected from ttyUSB0
[ 1635.640618][T16384] usb 1-1: config 0 has an invalid interface number: 133 but max is 0
[ 1635.640802][ T5912] cp210x 3-1:0.0: device disconnected
[ 1635.718338][T16384] usb 1-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config
[ 1635.749430][T16384] usb 1-1: config 0 has no interface number 0
[ 1635.788951][T25242] random: crng reseeded on system resumption
[ 1635.811004][T25242] pim6reg: left allmulticast mode
[ 1635.991124][T16384] usb 1-1: New USB device found, idVendor=06cd, idProduct=0121, bcdDevice=dd.3d
[ 1636.033785][T16384] usb 1-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[ 1636.059446][T16384] usb 1-1: Product: syz
[ 1636.095496][T16384] usb 1-1: Manufacturer: syz
[ 1636.104793][T16384] usb 1-1: SerialNumber: syz
[ 1636.133705][T16384] usb 1-1: config 0 descriptor??
[ 1636.383804][ T5909] usb 2-1: USB disconnect, device number 116
[ 1636.431960][T25265] netlink: 104 bytes leftover after parsing attributes in process `syz.5.5588'.
[ 1636.458600][T25265] netlink: 104 bytes leftover after parsing attributes in process `syz.5.5588'.
[ 1636.555297][ T5909] cp210x ttyUSB1: cp210x converter now disconnected from ttyUSB1
[ 1636.573760][ T5909] cp210x 2-1:0.0: device disconnected
[ 1636.847938][T25262] syzkaller0: entered promiscuous mode
[ 1636.870427][T25262] syzkaller0: entered allmulticast mode
[ 1637.594104][T10476] usb 3-1: new high-speed USB device number 83 using dummy_hcd
[ 1637.755798][T10476] usb 3-1: config 0 has an invalid interface number: 238 but max is 0
[ 1637.764801][T10476] usb 3-1: config 0 has no interface number 0
[ 1637.771243][T10476] usb 3-1: config 0 interface 238 altsetting 0 endpoint 0x4 has invalid wMaxPacketSize 0
[ 1637.782564][T10476] usb 3-1: config 0 interface 238 altsetting 0 bulk endpoint 0x4 has invalid maxpacket 0
[ 1637.793670][T10476] usb 3-1: config 0 interface 238 altsetting 0 endpoint 0x88 has invalid wMaxPacketSize 0
[ 1637.806920][T10476] usb 3-1: config 0 interface 238 altsetting 0 bulk endpoint 0x88 has invalid maxpacket 0
[ 1637.821196][T10476] usb 3-1: New USB device found, idVendor=3923, idProduct=718a, bcdDevice=76.6a
[ 1637.830599][T10476] usb 3-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[ 1637.838761][T10476] usb 3-1: Product: syz
[ 1637.842995][T10476] usb 3-1: Manufacturer: syz
[ 1637.851793][T10476] usb 3-1: SerialNumber: syz
[ 1637.875660][T10476] usb 3-1: config 0 descriptor??
[ 1637.907451][T10476] ni6501 3-1:0.238: driver 'ni6501' failed to auto-configure device.
[ 1638.099182][T25274] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy
[ 1638.110181][T25274] misc raw-gadget: fail, usb_gadget_register_driver returned -16
[ 1638.130710][T25271] netlink: 'syz.2.5589': attribute type 1 has an invalid length.
[ 1638.130716][T25274] netlink: 'syz.2.5589': attribute type 1 has an invalid length.
[ 1638.612969][T16384] keyspan 1-1:0.133: Keyspan 1 port adapter converter detected
[ 1638.625504][T16384] keyspan 1-1:0.133: found no endpoint descriptor for endpoint 82
[ 1638.641224][T16384] keyspan 1-1:0.133: found no endpoint descriptor for endpoint 81
[ 1638.660597][T16384] keyspan 1-1:0.133: found no endpoint descriptor for endpoint 1
[ 1638.668908][T16384] keyspan 1-1:0.133: found no endpoint descriptor for endpoint 2
[ 1638.686425][T16384] usb 1-1: Keyspan 1 port adapter converter now attached to ttyUSB0
[ 1638.712243][T16384] usb 1-1: USB disconnect, device number 38
[ 1638.740618][T16384] keyspan_1 ttyUSB0: Keyspan 1 port adapter converter now disconnected from ttyUSB0
[ 1638.752822][T16384] keyspan 1-1:0.133: device disconnected
[ 1639.865892][T25273] netlink: 20 bytes leftover after parsing attributes in process `syz.5.5590'.
[ 1639.884344][T15834] usb 3-1: USB disconnect, device number 83
[ 1639.981423][T25288] Bluetooth: hci3: Opcode 0x0c1a failed: -4
[ 1639.991917][T25288] Bluetooth: hci2: Opcode 0x0c1a failed: -4
[ 1640.064163][T25288] Bluetooth: hci4: Opcode 0x0c1a failed: -4
[ 1640.164748][T25288] Bluetooth: hci5: Opcode 0x0c1a failed: -4
[ 1640.202482][T25288] Bluetooth: hci1: Opcode 0x0c1a failed: -4
[ 1640.211811][T25303] netlink: 56 bytes leftover after parsing attributes in process `syz.1.5599'.
[ 1640.554398][ T5912] usb 3-1: new high-speed USB device number 84 using dummy_hcd
[ 1640.826239][ T5912] usb 3-1: New USB device found, idVendor=0bed, idProduct=1100, bcdDevice=ec.c3
[ 1640.838276][ T5912] usb 3-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[ 1640.853118][ T5912] usb 3-1: config 0 descriptor??
[ 1640.861240][ T5912] cp210x 3-1:0.0: cp210x converter detected
[ 1641.293206][ T5912] cp210x 3-1:0.0: failed to get vendor val 0x000e size 3: -32
[ 1641.310840][ T5912] usb 3-1: cp210x converter now attached to ttyUSB0
[ 1641.536914][T25294] random: crng reseeded on system resumption
[ 1641.659858][ T5912] usb 3-1: USB disconnect, device number 84
[ 1641.689194][ T5912] cp210x ttyUSB0: cp210x converter now disconnected from ttyUSB0
[ 1641.741056][ T5912] cp210x 3-1:0.0: device disconnected
[ 1642.015046][T10807] usb 1-1: new full-speed USB device number 39 using dummy_hcd
[ 1642.123623][ T5144] Bluetooth: hci2: command 0x0406 tx timeout
[ 1642.123682][T16386] Bluetooth: hci3: command 0x0c1a tx timeout
[ 1642.138013][ T5144] Bluetooth: hci4: command 0x040f tx timeout
[ 1642.214229][T16386] Bluetooth: hci1: command 0x040f tx timeout
[ 1642.220604][ T5144] Bluetooth: hci5: command 0x0c1a tx timeout
[ 1642.477980][T10807] usb 1-1: config 0 has an invalid interface number: 133 but max is 0
[ 1642.486302][T10807] usb 1-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config
[ 1642.522267][T10807] usb 1-1: config 0 has no interface number 0
[ 1642.569313][T10807] usb 1-1: New USB device found, idVendor=06cd, idProduct=0121, bcdDevice=dd.3d
[ 1642.604711][T10807] usb 1-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[ 1642.625093][T10807] usb 1-1: Product: syz
[ 1642.629275][T10807] usb 1-1: Manufacturer: syz
[ 1642.688675][T10807] usb 1-1: SerialNumber: syz
[ 1642.697729][T10807] usb 1-1: config 0 descriptor??
[ 1643.484328][T25330] syzkaller0: entered promiscuous mode
[ 1643.489945][T25330] syzkaller0: entered allmulticast mode
[ 1643.814246][T25339] netlink: 56 bytes leftover after parsing attributes in process `syz.4.5610'.
[ 1643.909426][T25343] binder: BINDER_SET_CONTEXT_MGR already set
[ 1644.084253][T25343] binder: 25341:25343 ioctl 4018620d 80000480 returned -16
[ 1644.156720][T25348] binder: 25341:25348 ioctl c0306201 0 returned -14
[ 1644.376644][T25340] trusted_key: syz.5.5611 sent an empty control message without MSG_MORE.
[ 1644.468839][ T5909] usb 3-1: new high-speed USB device number 85 using dummy_hcd
[ 1644.636945][ T5909] usb 3-1: config 0 has an invalid interface number: 237 but max is 0
[ 1644.659876][ T5909] usb 3-1: config 0 has no interface number 0
[ 1644.689251][ T5909] usb 3-1: config 0 interface 237 altsetting 0 endpoint 0x3 has an invalid bInterval 0, changing to 7
[ 1644.720663][ T5909] usb 3-1: config 0 interface 237 altsetting 0 endpoint 0x3 has invalid wMaxPacketSize 0
[ 1644.751419][ T5909] usb 3-1: config 0 interface 237 altsetting 0 endpoint 0x8A has an invalid bInterval 0, changing to 7
[ 1644.771718][T25359] syzkaller0: entered promiscuous mode
[ 1644.778999][ T5909] usb 3-1: config 0 interface 237 altsetting 0 endpoint 0x8A has invalid wMaxPacketSize 0
[ 1644.805447][ T5909] usb 3-1: New USB device found, idVendor=045e, idProduct=84bd, bcdDevice=89.be
[ 1644.820903][ T5909] usb 3-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[ 1644.837516][ T5909] usb 3-1: Product: syz
[ 1644.843340][ T5909] usb 3-1: Manufacturer: syz
[ 1644.849151][ T5909] usb 3-1: SerialNumber: syz
[ 1644.870042][ T5909] usb 3-1: config 0 descriptor??
[ 1644.881497][ T5909] xpad 3-1:0.237: probe with driver xpad failed with error -5
[ 1645.028482][T10807] keyspan 1-1:0.133: Keyspan 1 port adapter converter detected
[ 1645.164279][T10807] keyspan 1-1:0.133: found no endpoint descriptor for endpoint 82
[ 1645.259058][T10807] keyspan 1-1:0.133: found no endpoint descriptor for endpoint 81
[ 1645.269056][T10807] keyspan 1-1:0.133: found no endpoint descriptor for endpoint 1
[ 1645.287028][T10807] keyspan 1-1:0.133: found no endpoint descriptor for endpoint 2
[ 1645.315002][T10807] usb 1-1: Keyspan 1 port adapter converter now attached to ttyUSB0
[ 1645.347151][T10807] usb 1-1: USB disconnect, device number 39
[ 1645.465379][ T5912] usb 6-1: new high-speed USB device number 106 using dummy_hcd
[ 1645.669286][T10807] keyspan_1 ttyUSB0: Keyspan 1 port adapter converter now disconnected from ttyUSB0
[ 1645.691074][T10807] keyspan 1-1:0.133: device disconnected
[ 1645.800512][T21440] netdevsim netdevsim0 netdevsim0: unset [1, 0] type 2 family 0 port 6081 - 0
[ 1645.847079][ T5912] usb 6-1: New USB device found, idVendor=0bed, idProduct=1100, bcdDevice=ec.c3
[ 1645.869868][ T5912] usb 6-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[ 1645.907055][ T5912] usb 6-1: config 0 descriptor??
[ 1645.923850][T25373] netlink: 'syz.4.5623': attribute type 1 has an invalid length.
[ 1645.936490][T25375] netlink: 20 bytes leftover after parsing attributes in process `syz.1.5622'.
[ 1646.047057][ T5912] cp210x 6-1:0.0: cp210x converter detected
[ 1646.174091][T10807] usb 1-1: new high-speed USB device number 40 using dummy_hcd
[ 1646.406605][T10807] usb 1-1: New USB device found, idVendor=0cf3, idProduct=9271, bcdDevice= 1.08
[ 1646.423197][T10807] usb 1-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[ 1646.442688][T10807] usb 1-1: Product: syz
[ 1646.452097][T10807] usb 1-1: Manufacturer: syz
[ 1646.456841][ T5912] cp210x 6-1:0.0: failed to get vendor val 0x000e size 3: -32
[ 1646.467325][T10807] usb 1-1: SerialNumber: syz
[ 1646.512753][ T5912] usb 6-1: cp210x converter now attached to ttyUSB0
[ 1646.566736][T10807] usb 1-1: ath9k_htc: Firmware ath9k_htc/htc_9271-1.4.0.fw requested
[ 1646.574066][ T5909] usb 2-1: new high-speed USB device number 117 using dummy_hcd
[ 1646.582388][ T5912] usb 1-1: ath9k_htc: Transferred FW: ath9k_htc/htc_9271-1.4.0.fw, size: 51008
[ 1646.740415][T25366] random: crng reseeded on system resumption
[ 1646.792381][T16384] usb 6-1: USB disconnect, device number 106
[ 1646.803685][T16384] cp210x ttyUSB0: cp210x converter now disconnected from ttyUSB0
[ 1646.818489][T16384] cp210x 6-1:0.0: device disconnected
[ 1646.874853][T10807] usb 1-1: USB disconnect, device number 40
[ 1646.934982][ T5909] usb 2-1: New USB device found, idVendor=0bed, idProduct=1100, bcdDevice=ec.c3
[ 1646.945534][ T5909] usb 2-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[ 1646.979805][ T5909] usb 2-1: config 0 descriptor??
[ 1646.990857][ T5909] cp210x 2-1:0.0: cp210x converter detected
[ 1647.503529][ T5909] cp210x 2-1:0.0: failed to get vendor val 0x000e size 3: -32
[ 1647.538465][ T5909] usb 2-1: cp210x converter now attached to ttyUSB0
[ 1647.632775][T25386] binder: BINDER_SET_CONTEXT_MGR already set
[ 1647.654036][ T5912] ath9k_htc 1-1:1.0: ath9k_htc: Target is unresponsive
[ 1647.708094][ T5912] ath9k_htc: Failed to initialize the device
[ 1647.722093][T25386] binder: 25385:25386 ioctl 4018620d 80000480 returned -16
[ 1647.729022][ T5909] usb 3-1: USB disconnect, device number 85
[ 1647.736230][T10807] usb 1-1: ath9k_htc: USB layer deinitialized
[ 1647.804798][   T30] audit: type=1326 audit(1769623101.306:737): auid=0 uid=0 gid=0 ses=2 subj=unconfined pid=25383 comm="syz.0.5626" exe="/root/syz-executor" sig=9 arch=40000003 syscall=252 compat=1 ip=0xf7f63539 code=0x0
[ 1647.965682][T25391] binder: 25385:25391 ioctl c0306201 0 returned -14
[ 1648.038317][T25381] random: crng reseeded on system resumption
[ 1648.051899][ T5912] usb 2-1: USB disconnect, device number 117
[ 1648.074964][ T5912] cp210x ttyUSB0: cp210x converter now disconnected from ttyUSB0
[ 1648.362366][T25396] FAULT_INJECTION: forcing a failure.
[ 1648.362366][T25396] name failslab, interval 1, probability 0, space 0, times 0
[ 1648.377170][T25396] CPU: 0 UID: 0 PID: 25396 Comm: syz.2.5629 Tainted: G             L      syzkaller #0 PREEMPT(full) 
[ 1648.377200][T25396] Tainted: [L]=SOFTLOCKUP
[ 1648.377207][T25396] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/13/2026
[ 1648.377218][T25396] Call Trace:
[ 1648.377225][T25396]  <TASK>
[ 1648.377233][T25396]  dump_stack_lvl+0xe8/0x150
[ 1648.377260][T25396]  should_fail_ex+0x412/0x560
[ 1648.377285][T25396]  should_failslab+0xa8/0x100
[ 1648.377306][T25396]  kmem_cache_alloc_noprof+0x87/0x6e0
[ 1648.377328][T25396]  ? apparmor_capable+0x137/0x1a0
[ 1648.377354][T25396]  ? skb_clone+0x212/0x3a0
[ 1648.377379][T25396]  skb_clone+0x212/0x3a0
[ 1648.377399][T25396]  ? nfnetlink_rcv+0x4b0/0x27b0
[ 1648.377424][T25396]  nfnetlink_rcv+0x4e2/0x27b0
[ 1648.377464][T25396]  ? lockdep_hardirqs_on+0x7a/0x110
[ 1648.377481][T25396]  ? __dev_queue_xmit+0x274/0x3850
[ 1648.377506][T25396]  ? __local_bh_enable_ip+0xd0/0x130
[ 1648.377522][T25396]  ? __dev_queue_xmit+0x1e6c/0x3850
[ 1648.377542][T25396]  ? __sys_sendmsg+0x183/0x260
[ 1648.377571][T25396]  ? __dev_queue_xmit+0x274/0x3850
[ 1648.377595][T25396]  ? __pfx_nfnetlink_rcv+0x10/0x10
[ 1648.377628][T25396]  ? ref_tracker_free+0x693/0x840
[ 1648.377646][T25396]  ? __copy_skb_header+0xa3/0x4a0
[ 1648.377666][T25396]  ? __pfx_ref_tracker_free+0x10/0x10
[ 1648.377699][T25396]  ? skb_clone+0x246/0x3a0
[ 1648.377723][T25396]  ? __netlink_deliver_tap+0x807/0x850
[ 1648.377741][T25396]  ? netlink_deliver_tap+0x2e/0x1b0
[ 1648.377774][T25396]  netlink_unicast+0x80f/0x9b0
[ 1648.377805][T25396]  ? __pfx_netlink_unicast+0x10/0x10
[ 1648.377826][T25396]  ? __alloc_skb+0x193/0x390
[ 1648.377845][T25396]  ? netlink_sendmsg+0x650/0xb40
[ 1648.377861][T25396]  ? skb_put+0x11b/0x210
[ 1648.377883][T25396]  netlink_sendmsg+0x813/0xb40
[ 1648.377909][T25396]  ? __pfx_netlink_sendmsg+0x10/0x10
[ 1648.377931][T25396]  ? aa_sock_msg_perm+0xf1/0x1b0
[ 1648.377952][T25396]  ? bpf_lsm_socket_sendmsg+0x9/0x20
[ 1648.377971][T25396]  ? __pfx_netlink_sendmsg+0x10/0x10
[ 1648.377988][T25396]  ____sys_sendmsg+0xa68/0xad0
[ 1648.378017][T25396]  ? __pfx_____sys_sendmsg+0x10/0x10
[ 1648.378042][T25396]  ? kstrtoull+0x12f/0x1d0
[ 1648.378068][T25396]  ___sys_sendmsg+0x2a5/0x360
[ 1648.378088][T25396]  ? __lock_acquire+0x6b5/0x2cf0
[ 1648.378113][T25396]  ? __pfx____sys_sendmsg+0x10/0x10
[ 1648.378137][T25396]  ? get_pid_task+0x20/0x1f0
[ 1648.378156][T25396]  ? get_pid_task+0x20/0x1f0
[ 1648.378172][T25396]  ? get_pid_task+0x20/0x1f0
[ 1648.378212][T25396]  ? __fget_files+0x2a/0x420
[ 1648.378230][T25396]  ? __fget_files+0x3a0/0x420
[ 1648.378256][T25396]  __sys_sendmsg+0x183/0x260
[ 1648.378280][T25396]  ? __pfx___sys_sendmsg+0x10/0x10
[ 1648.378310][T25396]  ? __pfx_ksys_write+0x10/0x10
[ 1648.378340][T25396]  __do_fast_syscall_32+0x1d2/0x540
[ 1648.378358][T25396]  ? lockdep_hardirqs_on+0x7a/0x110
[ 1648.378374][T25396]  ? do_fast_syscall_32+0x33/0x70
[ 1648.378391][T25396]  ? asm_int80_emulation+0x1a/0x20
[ 1648.378407][T25396]  ? do_int80_emulation+0x20e/0x400
[ 1648.378429][T25396]  do_fast_syscall_32+0x33/0x70
[ 1648.378452][T25396]  entry_SYSENTER_compat_after_hwframe+0x84/0x8e
[ 1648.378471][T25396] RIP: 0023:0xf740d539
[ 1648.378487][T25396] Code: 03 74 b4 01 10 07 03 74 b0 01 10 08 03 74 d8 01 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 51 52 55 89 e5 0f 34 cd 80 <5d> 5a 59 c3 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90
[ 1648.378501][T25396] RSP: 002b:00000000f541550c EFLAGS: 00000206 ORIG_RAX: 0000000000000172
[ 1648.378520][T25396] RAX: ffffffffffffffda RBX: 0000000000000003 RCX: 00000000800000c0
[ 1648.378533][T25396] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000000000000
[ 1648.378544][T25396] RBP: 0000000000000000 R08: 0000000000000000 R09: 0000000000000000
[ 1648.378554][T25396] R10: 0000000000000000 R11: 0000000000000206 R12: 0000000000000000
[ 1648.378565][T25396] R13: 0000000000000000 R14: 0000000000000000 R15: 0000000000000000
[ 1648.378592][T25396]  </TASK>
[ 1648.890639][ T5912] cp210x 2-1:0.0: device disconnected
[ 1649.224116][T25401] netlink: 104 bytes leftover after parsing attributes in process `syz.2.5632'.
[ 1649.233386][T25401] netlink: 104 bytes leftover after parsing attributes in process `syz.2.5632'.
[ 1649.544050][ T5894] usb 6-1: new full-speed USB device number 107 using dummy_hcd
[ 1649.746052][ T5894] usb 6-1: config 0 has an invalid interface number: 133 but max is 0
[ 1649.766579][ T5894] usb 6-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config
[ 1649.802148][ T5894] usb 6-1: config 0 has no interface number 0
[ 1649.890494][ T5894] usb 6-1: New USB device found, idVendor=06cd, idProduct=0121, bcdDevice=dd.3d
[ 1649.950990][ T5894] usb 6-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[ 1649.974250][ T5894] usb 6-1: Product: syz
[ 1649.997951][ T5894] usb 6-1: Manufacturer: syz
[ 1650.008833][ T5894] usb 6-1: SerialNumber: syz
[ 1650.032274][ T5894] usb 6-1: config 0 descriptor??
[ 1650.088183][T25412] faux_driver vgem: [drm] Unknown color mode 9; guessing buffer size.
[ 1650.100815][T25414] syzkaller0: entered promiscuous mode
[ 1650.106438][T25414] syzkaller0: entered allmulticast mode
[ 1650.228232][T25416] openvswitch: netlink: Actions may not be safe on all matching packets
[ 1650.832034][T25431] binder: BINDER_SET_CONTEXT_MGR already set
[ 1650.877605][T25431] binder: 25428:25431 ioctl 4018620d 80000480 returned -16
[ 1651.036720][T25431] binder: 25428:25431 ioctl c0306201 0 returned -14
[ 1651.244067][T24907] usb 3-1: new high-speed USB device number 86 using dummy_hcd
[ 1651.426454][T24907] usb 3-1: New USB device found, idVendor=0bed, idProduct=1100, bcdDevice=ec.c3
[ 1651.443405][T24907] usb 3-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[ 1651.466192][T24907] usb 3-1: config 0 descriptor??
[ 1651.477059][T24907] cp210x 3-1:0.0: cp210x converter detected
[ 1651.917821][T24907] cp210x 3-1:0.0: failed to get vendor val 0x000e size 3: -32
[ 1651.967350][T24907] usb 3-1: cp210x converter now attached to ttyUSB0
[ 1652.089431][ T5894] keyspan 6-1:0.133: Keyspan 1 port adapter converter detected
[ 1652.100582][ T5894] keyspan 6-1:0.133: found no endpoint descriptor for endpoint 82
[ 1652.128528][ T5894] keyspan 6-1:0.133: found no endpoint descriptor for endpoint 81
[ 1652.168826][ T5894] keyspan 6-1:0.133: found no endpoint descriptor for endpoint 1
[ 1652.182605][ T5894] keyspan 6-1:0.133: found no endpoint descriptor for endpoint 2
[ 1652.243343][ T5894] usb 6-1: Keyspan 1 port adapter converter now attached to ttyUSB1
[ 1652.278550][ T5894] usb 6-1: USB disconnect, device number 107
[ 1652.297146][ T5894] keyspan_1 ttyUSB1: Keyspan 1 port adapter converter now disconnected from ttyUSB1
[ 1652.324156][T25436] pim6reg: entered allmulticast mode
[ 1652.343805][ T5894] keyspan 6-1:0.133: device disconnected
[ 1652.355025][T25436] pim6reg: left allmulticast mode
[ 1652.439974][ T5909] usb 3-1: USB disconnect, device number 86
[ 1652.459478][ T5909] cp210x ttyUSB0: cp210x converter now disconnected from ttyUSB0
[ 1652.541010][ T5909] cp210x 3-1:0.0: device disconnected
[ 1652.783811][T25443] Bluetooth: hci3: Opcode 0x0c1a failed: -4
[ 1652.795937][T25443] Bluetooth: hci2: Opcode 0x0c1a failed: -4
[ 1652.802025][T25443] Bluetooth: hci4: Opcode 0x0c1a failed: -4
[ 1652.829407][T25443] Bluetooth: hci5: Opcode 0x0c1a failed: -4
[ 1652.981677][T25443] Bluetooth: hci1: Opcode 0x0c1a failed: -4
[ 1653.102477][T25457] openvswitch: netlink: Actions may not be safe on all matching packets
[ 1653.248878][T25459] netlink: 380 bytes leftover after parsing attributes in process `syz.5.5651'.
[ 1653.287487][ T5894] usb 1-1: new high-speed USB device number 41 using dummy_hcd
[ 1653.454044][ T5894] usb 1-1: Using ep0 maxpacket: 32
[ 1653.480453][ T5894] usb 1-1: config 0 has an invalid interface number: 76 but max is 0
[ 1653.493338][ T5894] usb 1-1: config 0 has no interface number 0
[ 1653.502175][ T5894] usb 1-1: New USB device found, idVendor=2040, idProduct=d900, bcdDevice=a9.2c
[ 1653.512043][ T5894] usb 1-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[ 1653.589626][ T5894] usb 1-1: Product: syz
[ 1653.593894][ T5894] usb 1-1: Manufacturer: syz
[ 1653.615592][ T5894] usb 1-1: SerialNumber: syz
[ 1653.622903][ T5894] usb 1-1: config 0 descriptor??
[ 1653.638420][ T5894] dvb-usb: found a 'Hauppauge MAX S2 or WinTV NOVA HD USB2.0' in warm state.
[ 1653.651386][ T5894] dw2102: su3000_power_ctrl: 1, initialized 0
[ 1653.664025][ T5894] dvb-usb: bulk message failed: -22 (2/0)
[ 1653.694263][ T5894] dvb-usb: will pass the complete MPEG2 transport stream to the software demuxer.
[ 1653.723742][ T5894] dvbdev: DVB: registering new adapter (Hauppauge MAX S2 or WinTV NOVA HD USB2.0)
[ 1653.748260][ T5894] usb 1-1: media controller created
[ 1653.753538][ T5894] dvb-usb: bulk message failed: -22 (6/0)
[ 1653.774130][T10807] usb 6-1: new high-speed USB device number 108 using dummy_hcd
[ 1653.800284][ T5894] dw2102: i2c transfer failed.
[ 1653.811313][ T5894] dvb-usb: bulk message failed: -22 (6/0)
[ 1653.829178][ T5894] dw2102: i2c transfer failed.
[ 1653.839933][ T5894] dvb-usb: bulk message failed: -22 (6/0)
[ 1653.864453][ T5894] dw2102: i2c transfer failed.
[ 1653.885311][T25455] Oops: general protection fault, probably for non-canonical address 0xdffffc0000000002: 0000 [#1] SMP KASAN PTI
[ 1653.897234][T25455] KASAN: null-ptr-deref in range [0x0000000000000010-0x0000000000000017]
[ 1653.905651][T25455] CPU: 1 UID: 0 PID: 25455 Comm: syz.0.5648 Tainted: G             L      syzkaller #0 PREEMPT(full) 
[ 1653.916594][T25455] Tainted: [L]=SOFTLOCKUP
[ 1653.920907][T25455] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/13/2026
[ 1653.930949][T25455] RIP: 0010:su3000_i2c_transfer+0x1ad/0xfd0
[ 1653.936840][T25455] Code: 4c 89 f8 48 c1 e8 03 49 bc 00 00 00 00 00 fc ff df 42 80 3c 20 00 74 08 4c 89 ff e8 6d e0 47 fa 49 8b 1f 48 89 d8 48 c1 e8 03 <42> 0f b6 04 20 84 c0 0f 85 f5 08 00 00 0f b6 1b 48 8b 44 24 38 42
[ 1653.956435][T25455] RSP: 0018:ffffc9000df2f9d0 EFLAGS: 00010202
[ 1653.962490][T25455] RAX: 0000000000000002 RBX: 0000000000000010 RCX: 0000000000000003
[ 1653.970445][T25455] RDX: ffffffff87e4e2e5 RSI: ffffffff8f54a930 RDI: 0000000000001900
[ 1653.978419][T25455] RBP: 0000000000000000 R08: ffff88805b075b80 R09: 0000000000000002
[ 1653.986382][T25455] R10: 0000000000001a00 R11: 0000000000000002 R12: dffffc0000000000
[ 1653.994337][T25455] R13: 1ffff1100b3bbdfc R14: 0000000000000001 R15: ffff888059ddefe8
[ 1654.002297][T25455] FS:  0000000000000000(0000) GS:ffff8881257f5000(0063) knlGS:00000000f5426b40
[ 1654.011216][T25455] CS:  0010 DS: 002b ES: 002b CR0: 0000000080050033
[ 1654.017788][T25455] CR2: 00000000800ce018 CR3: 0000000032188000 CR4: 00000000003526f0
[ 1654.025753][T25455] Call Trace:
[ 1654.029017][T25455]  <TASK>
[ 1654.031937][T25455]  __i2c_transfer+0x79a/0x1ee0
[ 1654.036693][T25455]  ? i2c_transfer+0xc8/0x2d0
[ 1654.041270][T25455]  i2c_transfer+0x1cc/0x2d0
[ 1654.045765][T25455]  i2cdev_ioctl_rdwr+0x460/0x740
[ 1654.050698][T25455]  compat_i2cdev_ioctl+0x59f/0x5c0
[ 1654.055799][T25455]  ? __pfx_compat_i2cdev_ioctl+0x10/0x10
[ 1654.061422][T25455]  ? __fget_files+0x3a0/0x420
[ 1654.066082][T25455]  ? __fget_files+0x2a/0x420
[ 1654.070654][T25455]  ? bpf_lsm_file_ioctl_compat+0x9/0x20
[ 1654.076192][T25455]  __ia32_compat_sys_ioctl+0x5ea/0x950
[ 1654.081672][T25455]  ? __pfx___ia32_compat_sys_ioctl+0x10/0x10
[ 1654.087637][T25455]  ? kmem_cache_free+0x195/0x610
[ 1654.092557][T25455]  ? __se_sys_futex_time32+0x3ab/0x440
[ 1654.098002][T25455]  ? rcu_is_watching+0x15/0xb0
[ 1654.102751][T25455]  __do_fast_syscall_32+0x1d2/0x540
[ 1654.107941][T25455]  ? lockdep_hardirqs_on+0x7a/0x110
[ 1654.113131][T25455]  ? do_fast_syscall_32+0x33/0x70
[ 1654.118142][T25455]  ? asm_int80_emulation+0x1a/0x20
[ 1654.123238][T25455]  ? do_int80_emulation+0x20e/0x400
[ 1654.128439][T25455]  do_fast_syscall_32+0x33/0x70
[ 1654.133281][T25455]  entry_SYSENTER_compat_after_hwframe+0x84/0x8e
[ 1654.139596][T25455] RIP: 0023:0xf7f63539
[ 1654.143645][T25455] Code: 03 74 b4 01 10 07 03 74 b0 01 10 08 03 74 d8 01 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 51 52 55 89 e5 0f 34 cd 80 <5d> 5a 59 c3 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90
[ 1654.163237][T25455] RSP: 002b:00000000f542650c EFLAGS: 00000206 ORIG_RAX: 0000000000000036
[ 1654.171636][T25455] RAX: ffffffffffffffda RBX: 0000000000000004 RCX: 0000000000000707
[ 1654.179591][T25455] RDX: 0000000080000a40 RSI: 0000000000000000 RDI: 0000000000000000
[ 1654.187544][T25455] RBP: 0000000000000000 R08: 0000000000000000 R09: 0000000000000000
[ 1654.195496][T25455] R10: 0000000000000000 R11: 0000000000000206 R12: 0000000000000000
[ 1654.203447][T25455] R13: 0000000000000000 R14: 0000000000000000 R15: 0000000000000000
[ 1654.211412][T25455]  </TASK>
[ 1654.214414][T25455] Modules linked in:
[ 1654.219386][T25455] ---[ end trace 0000000000000000 ]---
[ 1654.244063][ T5144] Bluetooth: hci3: command 0x0c1a tx timeout
[ 1654.264076][T25455] RIP: 0010:su3000_i2c_transfer+0x1ad/0xfd0
[ 1654.278922][T25455] Code: 4c 89 f8 48 c1 e8 03 49 bc 00 00 00 00 00 fc ff df 42 80 3c 20 00 74 08 4c 89 ff e8 6d e0 47 fa 49 8b 1f 48 89 d8 48 c1 e8 03 <42> 0f b6 04 20 84 c0 0f 85 f5 08 00 00 0f b6 1b 48 8b 44 24 38 42
[ 1654.305928][T10807] usb 6-1: New USB device found, idVendor=0bed, idProduct=1100, bcdDevice=ec.c3
[ 1654.315021][T10807] usb 6-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[ 1654.323823][T10807] usb 6-1: config 0 descriptor??
[ 1654.330599][T10807] cp210x 6-1:0.0: cp210x converter detected
[ 1654.378135][T25455] RSP: 0018:ffffc9000df2f9d0 EFLAGS: 00010202
[ 1654.386118][T25455] RAX: 0000000000000002 RBX: 0000000000000010 RCX: 0000000000000003
[ 1654.396213][T25455] RDX: ffffffff87e4e2e5 RSI: ffffffff8f54a930 RDI: 0000000000001900
[ 1654.405851][T25455] RBP: 0000000000000000 R08: ffff88805b075b80 R09: 0000000000000002
[ 1654.420442][T25455] R10: 0000000000001a00 R11: 0000000000000002 R12: dffffc0000000000
[ 1654.429734][T25455] R13: 1ffff1100b3bbdfc R14: 0000000000000001 R15: ffff888059ddefe8
[ 1654.442839][T25455] FS:  0000000000000000(0000) GS:ffff8881256f5000(0063) knlGS:00000000f5426b40
[ 1654.474199][T25455] CS:  0010 DS: 002b ES: 002b CR0: 0000000080050033
[ 1654.484408][T25455] CR2: 0000558e5c585168 CR3: 0000000032188000 CR4: 00000000003526f0
[ 1654.493193][T25455] Kernel panic - not syncing: Fatal exception
[ 1654.499666][T25455] Kernel Offset: disabled
[ 1654.503995][T25455] Rebooting in 86400 seconds..