last executing test programs:

21.580825794s ago: executing program 2 (id=1687):
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x20000008b}, 0x0)
sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x7)
r0 = getpid()
sched_setscheduler(r0, 0x2, &(0x7f0000000200)=0x7)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={<r1=>0xffffffffffffffff, <r2=>0xffffffffffffffff})
connect$unix(r1, &(0x7f0000000180)=@abs, 0x6e)
sendmmsg$unix(r2, &(0x7f00000bd000), 0x318, 0x0)
recvmmsg(r1, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000200)=0x4)
bpf$MAP_CREATE(0x0, 0x0, 0x0)
r3 = add_key$fscrypt_v1(&(0x7f0000000100), &(0x7f0000000040), &(0x7f0000000080)={0x0, "5d9bc136c963254c661fb620148b6f72ca6ae2a44829bfa79ec13499f8ec9077d85d879711d98bb1687ad36dfe5f14a7b0ce15c1e6be0e7ecabfdfde0dfa00b1"}, 0x48, 0xffffffffffffffff)
pipe2$watch_queue(&(0x7f0000002340)={<r4=>0xffffffffffffffff, <r5=>0xffffffffffffffff}, 0x80)
keyctl$KEYCTL_WATCH_KEY(0x20, r3, r4, 0x0)
keyctl$KEYCTL_WATCH_KEY(0x20, 0x0, r5, 0xfffffffdffffffff)

20.359532943s ago: executing program 2 (id=1690):
ioctl$KVM_CREATE_VM(0xffffffffffffffff, 0xae01, 0x0)
r0 = syz_open_dev$sndctrl(&(0x7f0000001440), 0x0, 0x0)
ioctl$SNDRV_CTL_IOCTL_PCM_PREFER_SUBDEVICE(r0, 0x40045532, &(0x7f0000000100))
r1 = openat$audio(0xffffffffffffff9c, &(0x7f00000000c0), 0x88602, 0x0)
ioctl$SNDCTL_DSP_GETODELAY(r1, 0x80045017, 0x0)
r2 = syz_open_dev$sndpcmp(&(0x7f00000001c0), 0x0, 0xa2c65)
ioctl$SNDRV_PCM_IOCTL_SW_PARAMS(r2, 0xc0884113, 0x0)
write$snddsp(r2, &(0x7f0000000000)="ea09b7bafc1a5dbbe8165e69a528416b71a4e275bc6fdf758f90408b0885", 0x1e)
ioctl$SNDRV_PCM_IOCTL_REWIND(r2, 0x4141, 0x0)
write$FUSE_BMAP(0xffffffffffffffff, 0x0, 0x0)
r3 = fsmount(0xffffffffffffffff, 0x0, 0x70)
getsockopt$inet_sctp6_SCTP_AUTO_ASCONF(r3, 0x84, 0x1e, &(0x7f0000000040), 0x0)
keyctl$instantiate(0xc, 0x0, &(0x7f0000000100)=ANY=[@ANYBLOB='new'], 0x2a, 0x0)
r4 = openat$smackfs_relabel_self(0xffffffffffffff9c, &(0x7f00000001c0), 0x2, 0x0)
read(r4, &(0x7f00000003c0)=""/238, 0xee)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0)
sched_setscheduler(0x0, 0x1, 0x0)
getpid()
sched_setscheduler(0x0, 0x2, &(0x7f0000000300)=0x5)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={<r5=>0xffffffffffffffff, <r6=>0xffffffffffffffff})
connect$unix(r5, &(0x7f000057eff8)=@file={0x1, './file0\x00'}, 0x6e)
sendmmsg$unix(r6, &(0x7f0000000000), 0x651, 0x0)
recvmmsg(r5, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
mknod$loop(&(0x7f0000000140)='./file0\x00', 0x0, 0x1)
socket$nl_netfilter(0x10, 0x3, 0xc)
r7 = socket$nl_route(0x10, 0x3, 0x0)
sendmsg$nl_route(r7, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000000100)={&(0x7f0000000240)=ANY=[@ANYBLOB="40000000100039040000bd9bb751000000000000", @ANYRES32=r0, @ANYRESHEX=0x0], 0x40}}, 0x0)

17.691868628s ago: executing program 1 (id=1698):
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0)
sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x7)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
sched_setaffinity(0x0, 0x8, &(0x7f0000000040)=0x10001)
r0 = openat$hwrng(0xffffffffffffff9c, &(0x7f00000002c0), 0x0, 0x0)
preadv(r0, &(0x7f0000000240)=[{&(0x7f0000033a80)=""/102386, 0xfffffd6e}], 0x1, 0x0, 0x0)
syz_io_uring_setup(0x0, 0x0, &(0x7f0000000380), &(0x7f0000000280)=<r1=>0x0)
r2 = syz_open_procfs(0x0, &(0x7f00000000c0)='task\x00')
fchdir(r2)
ioctl$SIOCSIFHWADDR(0xffffffffffffffff, 0x8914, &(0x7f0000000240)={'syzkaller1\x00', @link_local})
mount(0x0, &(0x7f0000000080)='.\x00', &(0x7f0000000000)='proc\x00', 0x0, 0x0)
fcntl$setown(0xffffffffffffffff, 0x8, 0xffffffffffffffff)
fcntl$getownex(0xffffffffffffffff, 0x10, &(0x7f0000000140)={0x0, <r3=>0x0})
r4 = syz_open_procfs(r3, &(0x7f0000000600)='fd/4\x00')
ioctl$EXT4_IOC_GROUP_EXTEND(r4, 0x40305829, &(0x7f0000000240))
openat$tun(0xffffffffffffff9c, &(0x7f0000000100), 0x0, 0x0)
ioctl$SIOCGSKNS(0xffffffffffffffff, 0x894c, 0x0)
syz_io_uring_submit(0x0, r1, &(0x7f00000002c0)=@IORING_OP_CONNECT={0x10, 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0})
r5 = io_uring_register$IORING_REGISTER_PERSONALITY(0xffffffffffffffff, 0x9, 0x0, 0x0)
io_uring_register$IORING_UNREGISTER_PERSONALITY(0xffffffffffffffff, 0x11, 0x20000000, r5)
r6 = socket$inet6_icmp_raw(0xa, 0x3, 0x3a)
setsockopt$inet6_IPV6_HOPOPTS(r6, 0x29, 0x36, &(0x7f0000001500)=ANY=[], 0x10)
write(r6, 0x0, 0x0)

16.245804547s ago: executing program 1 (id=1701):
open$dir(&(0x7f0000000100)='./file0/file0\x00', 0x0, 0x182)
openat$cuse(0xffffffffffffff9c, 0x0, 0x2, 0x0)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
sched_setaffinity(0x0, 0x8, &(0x7f0000000040)=0x10001)
r0 = openat$hwrng(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0)
preadv(r0, &(0x7f0000000240)=[{&(0x7f0000033a80)=""/102386, 0xfffffd6e}], 0x1, 0x0, 0x0)
setsockopt$sock_int(0xffffffffffffffff, 0x1, 0x0, 0x0, 0x0)
setsockopt$inet6_IPV6_RTHDRDSTOPTS(0xffffffffffffffff, 0x29, 0x48, &(0x7f0000000180), 0x8)
write$cgroup_subtree(0xffffffffffffffff, &(0x7f0000000280)=ANY=[], 0x31)
r1 = socket$pppoe(0x18, 0x1, 0x0)
connect$pppoe(r1, &(0x7f0000000000)={0x18, 0x0, {0x3, @link_local, 'ip6gretap0\x00'}}, 0x1e)
ioctl$PPPOEIOCSFWD(r1, 0x4008b100, &(0x7f0000000040)={0x18, 0x0, {0x0, @local, 'bridge_slave_1\x00'}})
mkdirat(0xffffffffffffff9c, &(0x7f0000000000)='./file0\x00', 0x0)
r2 = syz_init_net_socket$nl_generic(0x10, 0x3, 0x10)
pipe2$watch_queue(&(0x7f0000000000)={0xffffffffffffffff, <r3=>0xffffffffffffffff}, 0x80)
r4 = openat$bsg(0xffffffffffffff9c, &(0x7f0000000280), 0x101801, 0x0)
fsetxattr$security_ima(r4, &(0x7f0000000180), &(0x7f0000000380)=@v2={0x5, 0x0, 0x14, 0xfffffeff, 0x3d, "142f0cd89bbe430d2777af6fca2392e26156c1fb7d9b7b0408fce4db6857b267ef6768b645ed2c96e585f9de990f324299cca15d1b67c70108b68ac6d1"}, 0x5, 0x0)
r5 = syz_genetlink_get_family_id$netlbl_unlabel(&(0x7f00000000c0), r2)
sendmsg$NLBL_UNLABEL_C_STATICREMOVEDEF(r2, &(0x7f0000000140)={0x0, 0x0, &(0x7f0000000040)={&(0x7f0000000300)={0x1c, r5, 0x1, 0x8000000, 0x0, {0x6}, [@NLBL_UNLABEL_A_IPV4ADDR={0x8, 0x4, @empty}]}, 0x1c}, 0x1, 0x0, 0x0, 0x8c0}, 0x0)
mmap(&(0x7f0000000000/0xff5000)=nil, 0xff5000, 0x3, 0x200000005c832, 0xffffffffffffffff, 0x0)
r6 = socket$xdp(0x2c, 0x3, 0x0)
setsockopt$XDP_UMEM_REG(r6, 0x11b, 0x4, &(0x7f00000000c0)={&(0x7f0000000000)=""/65, 0x328000, 0x800}, 0x20)
mprotect(&(0x7f0000000000/0x800000)=nil, 0x800000, 0x0)
syz_clone(0x0, 0x0, 0x0, 0x0, 0x0, 0x0)
socket$inet_udplite(0x2, 0x2, 0x88)
getsockopt$sock_cred(r4, 0x1, 0x11, &(0x7f0000000080)={0x0, <r7=>0x0}, &(0x7f00000000c0)=0xc)
ioctl$AUTOFS_DEV_IOCTL_PROTOVER(r3, 0xc0189372, &(0x7f00000001c0)={{0x1, 0x1, 0x18, <r8=>r4, {0xe}}, './file0\x00'})
ioctl$AUTOFS_DEV_IOCTL_EXPIRE(r8, 0xc018937c, &(0x7f0000000400)={{0x1, 0x1, 0x18, r3, {0x4}}, './file1\x00'})
setuid(r7)
mount$tmpfs(0x0, &(0x7f00000002c0)='./file0\x00', &(0x7f0000000340), 0x0, &(0x7f0000000200))

14.191274237s ago: executing program 4 (id=1705):
r0 = socket$inet_mptcp(0x2, 0x1, 0x106)
listen(r0, 0x0)
r1 = syz_io_uring_setup(0x239, &(0x7f0000000080)={0x0, 0x0, 0x11900}, &(0x7f0000000000)=<r2=>0x0, &(0x7f0000000040)=<r3=>0x0)
socket(0x10, 0x0, 0x0)
r4 = socket$inet_smc(0x2b, 0x1, 0x0)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
sched_setaffinity(0x0, 0x8, &(0x7f0000000500)=0x20000000005)
r5 = openat$hwrng(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0)
preadv(r5, &(0x7f0000000100)=[{&(0x7f0000033a80)=""/102386, 0x18ff2}], 0x1, 0x0, 0x0)
getpeername$packet(0xffffffffffffffff, 0x0, &(0x7f0000000200))
socket$unix(0x1, 0x0, 0x0)
socket$kcm(0x29, 0x5, 0x0)
r6 = socket(0x2, 0x80805, 0x0)
getsockopt$inet_sctp6_SCTP_SOCKOPT_CONNECTX3(r6, 0x84, 0x6f, &(0x7f0000001040)={0x0, 0x10, &(0x7f0000000380)=[@in={0x2, 0x0, @initdev={0xac, 0x1e, 0x3, 0x0}}]}, &(0x7f0000000180)=0x10)
getsockopt$bt_hci(r6, 0x84, 0x7c, &(0x7f0000000000)=""/4087, &(0x7f0000001080)=0xff7)
r7 = memfd_create(&(0x7f0000000000)='e\xf4E\x88-\x00', 0x0)
pwritev(r7, &(0x7f0000000040)=[{&(0x7f0000000480)="db", 0x1}], 0x1, 0x4000001, 0x0)
sendfile(r4, r7, 0x0, 0x8000fb04)
r8 = syz_init_net_socket$nl_generic(0x10, 0x3, 0x10)
r9 = syz_genetlink_get_family_id$netlbl_cipso(&(0x7f0000000180), r8)
sendmsg$NLBL_CIPSOV4_C_ADD(r8, &(0x7f0000001740)={0x0, 0x0, &(0x7f0000001700)={&(0x7f0000001000)=ANY=[@ANYBLOB="30671d1908caa30b", @ANYRES16=r9, @ANYBLOB="01000000000000000000010000000c000480050003000200000008000200030000000800010001000000"], 0x30}}, 0x0)
syz_io_uring_submit(r2, r3, &(0x7f0000000380)=@IORING_OP_POLL_ADD={0x6, 0x0, 0x0, @fd_index=0x3, 0x0, 0x0, 0x0, {0x380}})
mmap(&(0x7f0000000000/0xfff000)=nil, 0xfff002, 0x0, 0x32, 0xffffffffffffffff, 0x0)
semtimedop(0x0, 0x0, 0x0, &(0x7f0000000140)={0x77359400})
io_uring_enter(r1, 0x2def, 0x0, 0x0, 0x0, 0x0)
r10 = bpf$MAP_CREATE(0x0, &(0x7f0000000000)=@base={0x19, 0x4, 0x4, 0x2, 0x0, 0x1}, 0x48)
bpf$MAP_GET_NEXT_KEY(0x2, &(0x7f0000000240)={r10, &(0x7f0000000280), &(0x7f0000000000)=""/10, 0x2}, 0x20)
bpf$MAP_LOOKUP_ELEM(0x1, &(0x7f0000000680)={r10, &(0x7f0000000c00)='\x00\x00', 0xfffffffffffffffd}, 0x20)
prctl$PR_SET_SECCOMP(0x16, 0x1, 0x0)
shutdown(r0, 0x0)

13.915672567s ago: executing program 2 (id=1707):
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x100008b}, 0x0)
sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x7)
r0 = getpid()
sched_setscheduler(r0, 0x2, &(0x7f0000000100)=0x5)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0)
socketpair$unix(0x1, 0x3, 0x0, &(0x7f0000001480)={<r1=>0xffffffffffffffff, <r2=>0xffffffffffffffff})
connect$unix(r1, &(0x7f000057eff8)=@abs, 0x6e)
sendmmsg$unix(r2, &(0x7f00000bd000), 0x318, 0x0)
recvmmsg(r1, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
r3 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000240)={0x11, 0x4, &(0x7f00000000c0)=ANY=[@ANYBLOB="18000000000004000000000000000000850000002300000095"], &(0x7f0000000180)='GPL\x00'}, 0x90)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f00000000c0)={&(0x7f0000000380)='sched_switch\x00', r3}, 0x10)
unshare(0x2a020400)
r4 = bpf$MAP_CREATE_TAIL_CALL(0x0, &(0x7f0000000740)={0x3, 0x4, 0x4, 0xa, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0}, 0x48)
r5 = socket(0x0, 0x0, 0x0)
mmap(&(0x7f0000fa0000/0x4000)=nil, 0x4000, 0x5000007, 0x10, r4, 0x0)
r6 = syz_init_net_socket$bt_hci(0x1f, 0x3, 0x5)
ioctl$AUTOFS_IOC_CATATONIC(r6, 0x800443d3, 0x20000002)
syz_genetlink_get_family_id$nl80211(0x0, 0xffffffffffffffff)
sendmsg$NL80211_CMD_FRAME(r5, &(0x7f0000000200)={0x0, 0x0, &(0x7f0000000640)={&(0x7f0000000140)=ANY=[@ANYRES8, @ANYRESOCT=r5, @ANYRES32], 0x48}, 0x1, 0x0, 0x0, 0x800}, 0x0)
bpf$PROG_LOAD(0x5, &(0x7f0000000880)={0x3, 0x10, &(0x7f0000000000)=ANY=[@ANYBLOB="1800000000000000000000000000000018120000", @ANYRES32=r4, @ANYBLOB="0000000000000000b703000004000000850000000c000000b400000000000000180100002020702500000000002020207b1af8ff00000000bfa100000000000007010000f8ffffffb702000008000000b703000000000700850000000600000095000000000000008ef04eb174858af8776547f44a79f48a776291d07c333170e13a3827ff"], &(0x7f0000000980)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x6, '\x00', 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2000000, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90)
semget$private(0x0, 0x2, 0x0)
semtimedop(0x0, &(0x7f0000000000)=[{0x500, 0x0, 0x1800}], 0x1, 0x0)
syz_emit_vhci(0x0, 0x7)
syz_emit_vhci(&(0x7f0000000540)=ANY=[@ANYBLOB="043e1f0a"], 0x22)
ioctl$SNAPSHOT_SET_SWAP_AREA(0xffffffffffffffff, 0x400c330d, &(0x7f0000000200)={0xffff, 0x4})
socketpair(0x1e, 0x4, 0x9, &(0x7f0000000300))

13.915245865s ago: executing program 1 (id=1708):
mmap(&(0x7f000001a000/0x2000)=nil, 0x2000, 0x0, 0x10, 0xffffffffffffffff, 0x0)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0)
sched_setscheduler(0x0, 0x0, 0x0)
r0 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0x3, &(0x7f0000000180)=@framed, &(0x7f0000000200)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000740)={&(0x7f00000006c0)='sched_switch\x00', r0}, 0x10)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x10, 0xffffffffffffffff, 0x0)
connect$unix(0xffffffffffffffff, 0x0, 0x0)
ioctl$KDENABIO(0xffffffffffffffff, 0x4b36)
mount$bind(0x0, 0x0, 0x0, 0x0, 0x0)
sched_setscheduler(0x0, 0x1, &(0x7f0000000240)=0x7)
r1 = getpid()
sched_setscheduler(r1, 0x2, &(0x7f0000000200)=0x7)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={<r2=>0xffffffffffffffff, <r3=>0xffffffffffffffff})
connect$unix(r2, &(0x7f00000000c0)=@abs, 0x6e)
sendmmsg$unix(r3, &(0x7f0000000000), 0x651, 0x0)
recvmmsg(r2, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000200)=0x4)
r4 = syz_open_dev$sndpcmp(&(0x7f0000002440), 0x0, 0x0)
ioctl$SNDRV_PCM_IOCTL_PAUSE(r4, 0x40044160, 0x0)
ioctl$IOMMU_IOAS_ALLOC(0xffffffffffffffff, 0x3b81, 0x0)
r5 = openat$vmci(0xffffffffffffff9c, &(0x7f0000000740), 0x2, 0x0)
ioctl$IOCTL_VMCI_VERSION2(r5, 0x7a7, &(0x7f0000000100)=0x80000)
ioctl$IOCTL_VMCI_INIT_CONTEXT(r5, 0x7a0, &(0x7f0000000140)={@my=0x1})
ioctl$IOCTL_VMCI_QUEUEPAIR_ALLOC(r5, 0x7a8, &(0x7f00000001c0)={{@host}, @host, 0x0, 0x0, 0x2449})
ioctl$IOCTL_VMCI_QUEUEPAIR_ALLOC(r5, 0x7a8, &(0x7f0000000040)={{@my=0x1, 0xffffffff}, @host, 0x0, 0x0, 0x7})
ioctl$IOCTL_VMCI_QUEUEPAIR_ALLOC(r5, 0x7a8, &(0x7f0000000080)={{@hyper}, @hyper, 0x0, 0x0, 0x7})
openat$sndseq(0xffffffffffffff9c, &(0x7f0000000100), 0x82)

13.915170788s ago: executing program 3 (id=1709):
bpf$PROG_LOAD_XDP(0x5, &(0x7f0000000380)={0x18, 0x8, &(0x7f0000000040)=ANY=[@ANYBLOB="18000000000000000000000000000000a5000100000000000500020000000000050000000000000018400000faffffff00000000000000009500000000000000766eca56d73fbd68b055156b1302704f1b58c56f462ac365d87bbf164819b4a07cbcf10a111a886b76a379c67b8a38c34df162a5b5d6fd17ab9965fceec6a7e16b1664748180175bacb7"], &(0x7f0000000000)='GPL\x00'}, 0x90)
mmap$binder(&(0x7f0000ffd000/0x3000)=nil, 0x3000, 0x1, 0x11, 0xffffffffffffffff, 0x4)

12.691291326s ago: executing program 0 (id=1710):
socket$rxrpc(0x21, 0x2, 0xa) (async)
r0 = socket$netlink(0x10, 0x3, 0x0) (async)
ioctl$IOMMU_IOAS_ALLOC(0xffffffffffffffff, 0x3b81, &(0x7f0000000d00)={0xc, 0x0, <r1=>0x0})
getsockopt$IP_SET_OP_GET_FNAME(r0, 0x1, 0x53, &(0x7f00000000c0)={0x8, 0x7, 0x0, 'syz1\x00'}, 0x0) (async)
ioctl$IOMMU_DESTROY$ioas(0xffffffffffffffff, 0x3b80, &(0x7f0000000200)={0x8, r1})
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0) (async)
sched_setaffinity(0x0, 0x8, &(0x7f0000000040)=0x10001)
r2 = openat$hwrng(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0)
preadv(r2, &(0x7f0000000240)=[{&(0x7f0000033a80)=""/102386, 0xfffffd6e}], 0x1, 0x0, 0x0)
socket$nl_netfilter(0x10, 0x3, 0xc) (async)
socket$inet6_mptcp(0xa, 0x1, 0x106) (async)
r3 = syz_open_dev$vbi(0x0, 0x2, 0x2)
ioctl$VIDIOC_CREATE_BUFS(r3, 0xc100565c, &(0x7f0000000500)={0x0, 0x0, 0x2, {0x4, @sliced={0x0, [0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x800, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x5]}}})
bpf$MAP_CREATE(0x0, &(0x7f00000009c0)=@base={0x14, 0x7, 0x8, 0x8}, 0x48) (async)
r4 = socket$inet6_tcp(0xa, 0x1, 0x0)
bind$inet6(r4, &(0x7f0000000100)={0xa, 0x4e22}, 0x1c)
syz_emit_ethernet(0x4a, &(0x7f0000001600)={@local, @link_local, @void, {@ipv6={0x86dd, @tcp={0x0, 0x6, "0a8435", 0x14, 0x6, 0x0, @remote, @local, {[], {{0x0, 0x4e22, 0x41424344, 0x41424344, 0x0, 0x0, 0x5}}}}}}}, 0x0)
r5 = syz_init_net_socket$nl_generic(0x10, 0x3, 0x10) (async)
r6 = syz_genetlink_get_family_id$nbd(&(0x7f00000000c0), 0xffffffffffffffff)
sendmsg$NBD_CMD_CONNECT(r5, &(0x7f0000000140)={0x0, 0x0, &(0x7f00000001c0)={&(0x7f0000000580)={0x30, r6, 0x1, 0x0, 0x0, {}, [@NBD_ATTR_SOCKETS={0x4}, @NBD_ATTR_TIMEOUT={0xc}, @NBD_ATTR_SIZE_BYTES={0xc}]}, 0x30}}, 0x0)
syz_emit_ethernet(0x52, &(0x7f0000000340)={@empty, @dev={'\xaa\xaa\xaa\xaa\xaa', 0xfe}, @val={@val={0x88a8, 0x4, 0x0, 0x3}, {0x8100, 0x5}}, {@ipv6={0x86dd, @tcp={0x0, 0x6, '\x00', 0x14, 0x6, 0xff, @private0, @private0={0xfc, 0x0, '\x00', 0x1}, {[], {{0x4e22, 0x4e21, 0x41424344, 0x41424344, 0x0, 0x0, 0x5, 0x8}}}}}}}, 0x0) (async)
r7 = socket$kcm(0x10, 0x2, 0x0) (async)
rseq(&(0x7f00000004c0), 0x20, 0x0, 0x0)
r8 = syz_open_dev$MSR(&(0x7f00000001c0), 0x0, 0x0)
preadv(r8, &(0x7f0000000000)=[{&(0x7f0000001a40)=""/4080, 0xff0}], 0x1, 0x0, 0x0)
write$RDMA_USER_CM_CMD_CREATE_ID(r2, &(0x7f0000000180)={0x0, 0x18, 0xfa00, {0x1, &(0x7f0000000080)={<r9=>0xffffffffffffffff}, 0x106, 0xa}}, 0x20)
write$RDMA_USER_CM_CMD_BIND(r2, &(0x7f0000000280)={0x14, 0x88, 0xfa00, {r9, 0x1c, 0x0, @in={0x2, 0x4e22, @rand_addr=0x64010101}}}, 0x90) (async)
sendmsg$kcm(r7, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000500)=[{&(0x7f00000000c0)="2e00000010008188040f46ecdb4cb9cca7480ef43c000000e3bd6efb440009000e000a0010000000ba8000001201", 0x2e}], 0x1}, 0x0)
connect$bt_l2cap(0xffffffffffffffff, &(0x7f0000000040)={0x2, 0x0, @fixed={'\xaa\xaa\xaa\xaa\xaa', 0x10}}, 0xe)

12.69072552s ago: executing program 2 (id=1711):
r0 = syz_open_dev$radio(&(0x7f00000000c0), 0xffffffffffffffff, 0x2)
ioctl$VIDIOC_S_EXT_CTRLS(r0, 0xc0205648, &(0x7f0000000100)={0x0, 0x1, 0x0, 0xffffffffffffffff, 0x0, &(0x7f0000000040)={0x98f905, 0x8000, '\x00', @p_u32=0x0}})
r1 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f00000013c0)={0x18, 0x3, &(0x7f0000000140)=ANY=[@ANYBLOB="18000000000000000000429a00000000000095000000000800005373c7ce"], &(0x7f0000000000)='syzkaller\x00'}, 0x90)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f00000000c0)={&(0x7f0000000040)='contention_end\x00', r1}, 0x10)
r2 = socket$kcm(0x10, 0x2, 0x10)
r3 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000340)='memory.stat\x00', 0x275a, 0x0)
write$binfmt_script(r3, &(0x7f0000000100), 0xfecc)
mmap(&(0x7f0000000000/0x3000)=nil, 0x3000, 0x1, 0x12, r3, 0x0)
openat$cgroup_subtree(r3, &(0x7f0000000100), 0x2, 0x0)
bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000200)={0x0, 0x4, &(0x7f00000002c0)=ANY=[@ANYRES64], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x2}, 0x90)
r4 = socket$packet(0x11, 0x3, 0x300)
setsockopt$packet_int(r4, 0x107, 0xf, &(0x7f0000000140)=0xd, 0x4)
r5 = socket(0x200000100000011, 0x3, 0x0)
r6 = socket$nl_generic(0x10, 0x3, 0x10)
ioctl$sock_SIOCGIFINDEX(r6, 0x8933, &(0x7f00000005c0)={'gre0\x00', <r7=>0x0})
bind$packet(r5, &(0x7f0000000180)={0x11, 0x0, r7, 0x1, 0x0, 0x6, @random="4e84e5679f60"}, 0x14)
setsockopt$packet_int(r5, 0x107, 0x0, &(0x7f0000000240)=0xe9, 0x4)
sendmsg$netlink(r5, &(0x7f0000002ac0), 0x0)
readv(r4, &(0x7f0000000300)=[{&(0x7f0000001600)=""/4096, 0x1000}], 0x1)
r8 = openat$ptmx(0xffffffffffffff9c, &(0x7f0000000040), 0x0, 0x0)
ioctl$TCSETS(r8, 0x40045431, &(0x7f00000000c0)={0x7, 0x0, 0x0, 0x0, 0x0, "0062ffffff00"})
sendmsg$kcm(r2, &(0x7f0000000000)={0x0, 0xffffff2d, &(0x7f0000000080)=[{&(0x7f0000000040)="0401020028000b05d25a806f8c6394f90524fc600d00030009000100ff3582c137153e370248018010001700d1bd", 0x33fe0}], 0x1}, 0x0)

12.690354442s ago: executing program 3 (id=1712):
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0)
sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x7)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
sched_setaffinity(0x0, 0x8, &(0x7f0000000040)=0x10001)
r0 = openat$hwrng(0xffffffffffffff9c, &(0x7f00000002c0), 0x0, 0x0)
preadv(r0, &(0x7f0000000240)=[{&(0x7f0000033a80)=""/102386, 0xfffffd6e}], 0x1, 0x0, 0x0)
syz_io_uring_setup(0x0, 0x0, &(0x7f0000000380), &(0x7f0000000280)=<r1=>0x0)
r2 = syz_open_procfs(0x0, &(0x7f00000000c0)='task\x00')
fchdir(r2)
ioctl$SIOCSIFHWADDR(0xffffffffffffffff, 0x8914, &(0x7f0000000240)={'syzkaller1\x00', @link_local})
mount(0x0, &(0x7f0000000080)='.\x00', &(0x7f0000000000)='proc\x00', 0x0, 0x0)
fcntl$setown(0xffffffffffffffff, 0x8, 0xffffffffffffffff)
fcntl$getownex(0xffffffffffffffff, 0x10, &(0x7f0000000140)={0x0, <r3=>0x0})
r4 = syz_open_procfs(r3, &(0x7f0000000600)='fd/4\x00')
ioctl$EXT4_IOC_GROUP_EXTEND(r4, 0x40305829, &(0x7f0000000240))
openat$tun(0xffffffffffffff9c, &(0x7f0000000100), 0x0, 0x0)
ioctl$SIOCGSKNS(0xffffffffffffffff, 0x894c, 0x0)
syz_io_uring_submit(0x0, r1, &(0x7f00000002c0)=@IORING_OP_CONNECT={0x10, 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0})
r5 = io_uring_register$IORING_REGISTER_PERSONALITY(0xffffffffffffffff, 0x9, 0x0, 0x0)
io_uring_register$IORING_UNREGISTER_PERSONALITY(0xffffffffffffffff, 0x11, 0x20000000, r5)
r6 = socket$inet6_icmp_raw(0xa, 0x3, 0x3a)
setsockopt$inet6_IPV6_HOPOPTS(r6, 0x29, 0x36, &(0x7f0000001500)=ANY=[], 0x10)
write(r6, 0x0, 0x0)

12.55471668s ago: executing program 4 (id=1713):
r0 = socket$kcm(0x10, 0x2, 0x4)
close(r0)
r1 = socket$inet_mptcp(0x2, 0x1, 0x106)
recvmmsg(r1, &(0x7f0000003e40)=[{{0x0, 0x0, 0x0}}, {{0x0, 0x0, &(0x7f0000003780)=[{&(0x7f0000003740)=""/4, 0x4}], 0x1}}], 0x2, 0x0, 0x0)
sendmsg$inet(r0, &(0x7f0000000040)={0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1f00c00e}, 0xffffff7f00000000)

11.541898771s ago: executing program 1 (id=1714):
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x20000008b}, 0x0)
sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x7)
r0 = getpid()
sched_setscheduler(r0, 0x2, &(0x7f0000000200)=0x7)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={<r1=>0xffffffffffffffff, <r2=>0xffffffffffffffff})
connect$unix(r1, &(0x7f0000000180)=@abs, 0x6e)
sendmmsg$unix(r2, &(0x7f00000bd000), 0x318, 0x0)
recvmmsg(r1, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000200)=0x4)
bpf$MAP_CREATE(0x0, 0x0, 0x0)
r3 = add_key$fscrypt_v1(&(0x7f0000000100), &(0x7f0000000040), &(0x7f0000000080)={0x0, "5d9bc136c963254c661fb620148b6f72ca6ae2a44829bfa79ec13499f8ec9077d85d879711d98bb1687ad36dfe5f14a7b0ce15c1e6be0e7ecabfdfde0dfa00b1"}, 0x48, 0xffffffffffffffff)
pipe2$watch_queue(&(0x7f0000002340)={<r4=>0xffffffffffffffff}, 0x80)
keyctl$KEYCTL_WATCH_KEY(0x20, r3, r4, 0x0)
keyctl$KEYCTL_WATCH_KEY(0x20, r3, 0xffffffffffffffff, 0xfffffffdffffffff)

10.727777128s ago: executing program 0 (id=1715):
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x100008b}, 0x0)
sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x7)
r0 = getpid()
sched_setscheduler(r0, 0x2, &(0x7f0000000100)=0x5)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0)
socketpair$unix(0x1, 0x3, 0x0, &(0x7f0000001480)={<r1=>0xffffffffffffffff, <r2=>0xffffffffffffffff})
connect$unix(r1, &(0x7f000057eff8)=@abs, 0x6e)
sendmmsg$unix(r2, &(0x7f00000bd000), 0x318, 0x0)
recvmmsg(r1, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
r3 = open(0x0, 0x0, 0x0)
r4 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000240)={0x11, 0x4, &(0x7f00000000c0)=ANY=[@ANYBLOB="18000000000004000000000000000000850000002300000095"], &(0x7f0000000180)='GPL\x00'}, 0x90)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f00000000c0)={&(0x7f0000000380)='sched_switch\x00', r4}, 0x10)
unshare(0x0)
r5 = socket(0x0, 0x0, 0x0)
mmap(&(0x7f0000fa0000/0x4000)=nil, 0x4000, 0x5000007, 0x10, 0xffffffffffffffff, 0x0)
r6 = syz_init_net_socket$bt_hci(0x1f, 0x3, 0x5)
ioctl$AUTOFS_IOC_CATATONIC(r6, 0x800443d3, 0x20000002)
syz_genetlink_get_family_id$nl80211(0x0, 0xffffffffffffffff)
sendmsg$NL80211_CMD_FRAME(r5, &(0x7f0000000200)={0x0, 0x0, &(0x7f0000000640)={&(0x7f0000000140)=ANY=[@ANYRES8, @ANYRES32], 0x48}, 0x1, 0x0, 0x0, 0x800}, 0x0)
bpf$PROG_LOAD(0x5, &(0x7f0000000880)={0x3, 0x10, &(0x7f0000000000)=ANY=[@ANYBLOB, @ANYRES32, @ANYBLOB='\x00'], &(0x7f0000000980)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x6, '\x00', 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2000000, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90)
semget$private(0x0, 0x2, 0x0)
semtimedop(0x0, &(0x7f0000000000)=[{0x500, 0x0, 0x1800}], 0x1, 0x0)
syz_emit_vhci(0x0, 0x7)
syz_emit_vhci(&(0x7f0000000540)=ANY=[@ANYBLOB="043e1f0a"], 0x22)
syz_emit_vhci(&(0x7f00000001c0)=ANY=[@ANYBLOB="04006faaaaaaaaaa11400900"], 0xc)
socket(0x10, 0x80002, 0x0)
ioctl$SNAPSHOT_SET_SWAP_AREA(r3, 0x400c330d, &(0x7f0000000200)={0xffff, 0x4})
socketpair(0x1e, 0x4, 0x9, &(0x7f0000000300))
bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000600)={0x9, 0x3, &(0x7f0000000000)=ANY=[@ANYBLOB="720aacff0000000071102b00000000009500000000000000"], &(0x7f0000000480)='GPL\x00'}, 0x90)

10.699130171s ago: executing program 3 (id=1716):
r0 = landlock_create_ruleset(&(0x7f0000000140)={0x895}, 0x10, 0x0)
landlock_restrict_self(r0, 0x0)
r1 = openat(0xffffffffffffff9c, &(0x7f00000000c0)='./file1\x00', 0x281c2, 0x0)
truncate(&(0x7f0000000000)='./file1\x00', 0x0)
socket(0x0, 0x0, 0x0)
bpf$PROG_LOAD(0x5, &(0x7f0000000440)={0x0, 0x4, &(0x7f0000000200)=ANY=[@ANYRESOCT=r1], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90)
r2 = bpf$PROG_LOAD(0x5, &(0x7f0000000100)={0xe, 0x4, &(0x7f0000000200)=ANY=[], &(0x7f0000000240)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90)
r3 = bpf$MAP_CREATE(0x0, &(0x7f0000000000)=@base={0x12, 0x7, 0x8, 0x22}, 0x48)
bpf$BPF_PROG_DETACH(0x8, &(0x7f0000000400)={@map=r3, r2, 0x5}, 0x10)
socket$inet6(0xa, 0x6, 0x800)
r4 = socket(0x1, 0x3, 0x0)
bpf$MAP_UPDATE_ELEM(0x2, &(0x7f00000000c0)={r3, &(0x7f0000000680), &(0x7f0000000080)=@udp6=r4}, 0x20)
r5 = socket$inet6_tcp(0xa, 0x1, 0x0)
bind$inet6(r5, &(0x7f0000000040)={0xa, 0x4e22, 0x0, @empty}, 0x1c)
setsockopt$sock_int(r5, 0x1, 0xf, &(0x7f0000000200)=0x8, 0x4)
r6 = socket$inet6_tcp(0xa, 0x1, 0x0)
setsockopt$inet6_int(r6, 0x29, 0x1a, &(0x7f0000000100)=0x401, 0x4)
setsockopt$sock_int(r6, 0x1, 0xf, &(0x7f0000000180)=0x800001, 0x4)
bind$inet6(r6, &(0x7f0000000140)={0xa, 0x4e22}, 0x1c)
r7 = socket$inet6_tcp(0xa, 0x1, 0x0)
setsockopt$sock_int(r7, 0x1, 0xf, &(0x7f0000000000)=0x5, 0x4)
bind$inet6(r7, &(0x7f0000000080)={0xa, 0x14e22, 0x0, @ipv4={'\x00', '\xff\xff', @local}}, 0x1c)
bind$unix(r4, &(0x7f0000000300)=@file={0x1, './file0\x00'}, 0x6e)
r8 = socket(0x1, 0x3, 0x0)
sendmmsg$unix(r8, &(0x7f0000000c80)=[{{&(0x7f0000000280)=@file={0x1, './file0\x00'}, 0x6e, 0x0}}], 0x1, 0x0)

10.690651797s ago: executing program 4 (id=1717):
r0 = socket$packet(0x11, 0x3, 0x300)
setsockopt$packet_int(r0, 0x107, 0xf, 0x0, 0x0)
r1 = socket$nl_route(0x10, 0x3, 0x0)
r2 = socket(0x10, 0x803, 0x0)
sendmsg$nl_route_sched(r2, &(0x7f00000004c0)={0x0, 0x0, &(0x7f00000003c0)={0x0, 0x24}}, 0x0)
getsockname$packet(r2, &(0x7f0000000100)={0x11, 0x0, <r3=>0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000180)=0x14)
sendmsg$nl_route(r1, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000140)={&(0x7f0000000040)=ANY=[@ANYBLOB="3c0000001000010400eeffffffff00f687000000", @ANYRES32=r3, @ANYBLOB="01000000010000001c0012000c000100627269646765"], 0x3c}}, 0x0)
sendmsg$nl_route_sched(r1, &(0x7f0000000080)={0x0, 0x0, &(0x7f00000000c0)={&(0x7f0000000940)=@newqdisc={0x78, 0x24, 0xe0b, 0x0, 0x0, {0x0, 0x0, 0x0, r3, {}, {0xffff, 0xffff}}, [@qdisc_kind_options=@q_tbf={{0x8}, {0x4c, 0x2, [@TCA_TBF_RATE64={0xc, 0x4, 0x4e1e2563543d84f9}, @TCA_TBF_PBURST={0x8, 0x7, 0x1cdf}, @TCA_TBF_PARMS={0x28, 0x1, {{}, {0x0, 0x0, 0x0, 0x0, 0x0, 0x3}, 0x0, 0x81}}, @TCA_TBF_PRATE64={0xc, 0x5, 0xcb59372f370e8465}]}}]}, 0x78}}, 0x0)
bind$packet(r0, &(0x7f0000000040)={0x11, 0x0, r3, 0x1, 0x0, 0x6, @remote}, 0x14)
mkdirat(0xffffffffffffff9c, &(0x7f0000000000)='./file0\x00', 0x0)
sendto$inet6(r0, &(0x7f0000000800)="4103082c1116480401020200c52cf7c25975e005b02f000006892f000300897c6b118777faffffff3066090cb600c5471d130a66321a54e7df305fbe258161b6fd8f2428652265d94c6fdbaefc57376a57c2feffff188be9427c323ef024a37016d2a7f9ab6e7941a6fc4f95aa73c1dfff4941f6503b5bd8c91db22cd33795481c94085fa12cdc679ac2a5d7b5d99b93fb07acb0da680e78b74c74aae8d7690d5986a9af81622a0ac210bc7b5ca5fed11cb54d046642670041e846bb184ff5d39fe8516d2d2a8d84e6e7dfcb2b8a8023444db513a3d7a124b59f0a5cd36489dbbb75cce3145d0ea3c3aa21af7cbcbc7a7575db782e757ca543109f5ddcec4930aa91f4119ea3d1f56140cb86cfe0724b23904ef5d05c725ee23918a502b1afe09fb0757d", 0xfc13, 0x880, 0x0, 0xfffffffffffffef0)

9.807831648s ago: executing program 1 (id=1718):
r0 = socket$nl_sock_diag(0x10, 0x3, 0x4)
r1 = epoll_create(0x2)
epoll_wait(r1, &(0x7f0000001400)=[{}], 0x1, 0x770c)
epoll_ctl$EPOLL_CTL_ADD(r1, 0x1, 0xffffffffffffffff, &(0x7f0000000000))
epoll_wait(r1, &(0x7f0000000040)=[{}], 0x1, 0x8001)
epoll_ctl$EPOLL_CTL_MOD(r1, 0x3, r0, &(0x7f00000000c0)={0x300})

9.600237242s ago: executing program 2 (id=1719):
r0 = openat$ipvs(0xffffffffffffff9c, &(0x7f0000000100)='/proc/sys/net/ipv4/vs/sync_ports\x00', 0x2, 0x0)
r1 = bpf$PROG_LOAD(0x5, &(0x7f00002a0fb8)={0x11, 0x4, &(0x7f00000017c0)=ANY=[@ANYBLOB="8500000061000000350000000000002085000000070000009500000000000000f4670880271e3503200ffa95b2c8c037c5a142c9a8d76287066c51adde96fcc309926fa3b4b87b3e0cc7444a2391511c97fabd5f9810e81ae0b737136ea6f7be39cd34d5ae35de38dde54704d25c79949c00a7c09cc28d7673294f42a5f0a8761b30d64b741a226de7bad76402320e13822c45c0f8612c10b1f3c075ff1ebb755a2dd5760903000000000000006c6386d7ec7209d031f40f3012e9576e51a7f578602f5807785b92e544fc46c744aeeee4418d6af3e4195cc03710212436a4ff3274cac948d85cec074c6949e1298901ebb39522f6649dd76d067a82f5fe47fe5f17f99ab1e394ab800f4104dbffff0000000000005c6d1d224b64be6c4d7f47ef21eb7e46f9aa4a9779f8555eaea768c1f2c221c410ef4b253d110ee282ab94de93d928cf95846be6277c04b4c5324812696aa89e393c941d9541c86238d0703394a90231ccca9c3499c9a4cd3cd8a4f8070000000b1b2d2747c45b0c52087b5efabf84960ba0e3c4c00322de328c10752a42dca52fb98c1452b6518a6ef7297f7b2744419a2f238f173d0cd46daf2fcb5500f53e7309ec91d83cf4fbf975d9c07d8d3c76e65760ff000000b78863e629b3b200000000000000000000000000008b0000000a449c810d3174c87ee545867a3126af7a8b20744ea9875b9cba735b9594aa904e5a4bb2c3dfa8ea63e3e7000860000000004a2147c1128c697d9966b3c9f0e9e203911a3fac929a4fc6e625247510bc24e20ad88d4fe6a3ae2f7967546c4aae83352106055e22f30a85f5681ca3000000002300000000000396e7b6e1aa007018f6d93e79fce95d405b809238cca421c82c96f10dfa978bee51f581d124216e8bd9b1855f77138e438bdc037865f07f98c068be4c6155ec27365410866059475714844a3ea4cbe37e4000000000ef6dc4dd63bb928ff58b3bd2a600089d172a884dcdb8b9f9050297815a371deec596838e38068b5e438cbcd585a8cf37c496a8d2dab79d4242a353917ebdf2dc7926d80260898d4e1ca5e3a833f8f65429845bc3c3092af2bc4ee7263d3cbd9cab24eafd961a2d0c7b"], &(0x7f0000000140)='GPL\x00', 0x0, 0x99, &(0x7f0000000180)=""/153, 0x0, 0x0, '\x00', 0x0, 0x28}, 0x90)
r2 = syz_init_net_socket$llc(0x1a, 0x1, 0x0)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0)
sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x7)
prctl$PR_SCHED_CORE(0x3e, 0x0, 0x0, 0x0, 0x0)
r3 = getpid()
sched_setscheduler(r3, 0x2, &(0x7f0000000200)=0x4)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={<r4=>0xffffffffffffffff, <r5=>0xffffffffffffffff})
connect$unix(r4, &(0x7f000057eff8)=@abs={0x0, 0x0, 0x4e22}, 0x6e)
sendmmsg$unix(r5, &(0x7f0000000000), 0x651, 0x0)
recvmmsg(r4, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
timerfd_settime(0xffffffffffffffff, 0x0, 0x0, 0x0)
r6 = syz_init_net_socket$nfc_llcp(0x27, 0x2, 0x1)
bind$bt_hci(r6, &(0x7f0000000000)={0x27}, 0x74)
sendmmsg$unix(0xffffffffffffffff, &(0x7f0000000bc0)=[{{&(0x7f00000000c0)=@file={0x0, './file0\x00'}, 0x6e, 0x0}}, {{&(0x7f0000000e80)=@file={0x0, './file0\x00'}, 0x6e, &(0x7f0000000740)=[{&(0x7f0000001dc0)="bb", 0x1}, {0x0}], 0x2}}, {{&(0x7f0000000580)=@file={0x0, './file0/file0\x00'}, 0x6e, &(0x7f00000006c0)=[{&(0x7f0000000600)='z', 0x1}], 0x1}}, {{&(0x7f0000000380)=@abs={0x1, 0x0, 0x4e24}, 0x6e, &(0x7f00000009c0)=[{&(0x7f0000000480)="c3672ce30d0d0e91701b28dbc240ad6cf5bdd12c6a56fd4f2c2f912ac380aad4c21e3202d1a427ea", 0x28}, {0x0}, {&(0x7f0000000640)="0cc6c3c1b720e2ee9783189592f52a4f3dd71379599ffbaae2536f0c05049e96a54c4185df", 0x25}, {&(0x7f0000000a40)="3be9bf39fcb70d9dd99418d08bf745058316", 0x12}, {0x0}, {&(0x7f0000000280)="cdf17b38f8", 0x5}, {&(0x7f00000008c0)="2cb656e0c0e8690cf21c8f1d4c16e46f9bbe6aed57a8f55a333ee5db48523296ffd6bf78b47602c210e644670ec5a45c0656e5dde33d84d6db839f60caca6a123b5673ea068b454bcb628b9d25266320de530d8265e9dab744eb2de1f59037a94125af700dee320e74ba881c88a3281b01c5607904afa9beee09afcf0c010be9a95b834e2208a681fbd56b0ab016b46478839bfb075169bfcc4cc1776c", 0x9d}], 0x7, &(0x7f0000000a80)=ANY=[@ANYBLOB="20000000000000000100000001000000", @ANYRES32=r4, @ANYRES32=r1, @ANYRES32=<r7=>0xffffffffffffffff, @ANYRES32=<r8=>r5, @ANYBLOB="1c000000000000000100000002000000ee638c8c9d5aa65af57c4527c09474d995e217fc0a6790fe88d674942361bbe4153d004744af1cb703f9be05ce449ef28e85dcd4078ef890ba7473c8660baad9ab27b485375ebe9cd39a22e66c5400f31ef43abcee5a50918be65bf87d3ef8dfde8a57", @ANYRES32=r3, @ANYRES32=0x0], 0x40, 0x8000001}}], 0x4, 0x0)
r9 = openat$tun(0xffffffffffffff9c, &(0x7f0000000000), 0x40241, 0x0)
ioctl$TUNSETIFF(r9, 0x400454ca, &(0x7f0000000200)={'syzkaller1\x00', 0xc201})
r10 = socket$kcm(0x2, 0xa, 0x2)
ioctl$SIOCSIFHWADDR(r10, 0x8914, &(0x7f0000000180)={'syzkaller1\x00', @link_local})
write$tun(r9, &(0x7f0000000800)=ANY=[@ANYBLOB="040048000100000000010000004000000000008490783ffdedffac1414aa00008d15fe20817b87000000000000", @ANYRES32=r8, @ANYRESOCT=r2, @ANYRES16=r6, @ANYRESOCT=r7], 0x4e)
syz_io_uring_setup(0x2ddd, &(0x7f0000000780)={0x0, 0x0, 0x10100, 0x4, 0xfffffffe, 0x0, r0}, &(0x7f0000000100), &(0x7f0000000540)=<r11=>0x0)
syz_io_uring_setup(0x131a, &(0x7f0000000200)={0x0, 0x0, 0x0, 0x2, 0x1fa}, &(0x7f0000000140)=<r12=>0x0, &(0x7f00000002c0))
syz_io_uring_submit(r12, r11, &(0x7f00000001c0)=@IORING_OP_POLL_ADD={0x6, 0x0, 0x0, @fd_index=0xa})
shutdown(0xffffffffffffffff, 0x0)
setsockopt$sock_timeval(r2, 0x1, 0x15, &(0x7f0000000100)={0x0, 0x7530}, 0x10)
connect$llc(r2, &(0x7f0000000000)={0x1a, 0x0, 0x0, 0x0, 0x0, 0x0, @random="d52a99295b2f"}, 0x10)
bpf$BPF_PROG_TEST_RUN(0xa, &(0x7f0000000080)={r1, 0x18000000000002a0, 0xce0, 0x0, &(0x7f0000000100)="b9ff03076044238cb89e14f086dd", 0x0, 0x0, 0x60000000, 0x0, 0x0, 0x0, 0x0}, 0x48)

9.234590607s ago: executing program 0 (id=1720):
r0 = socket$nl_sock_diag(0x10, 0x3, 0x4)
r1 = epoll_create(0x2)
epoll_wait(r1, &(0x7f0000001400)=[{}], 0x1, 0x770c)
epoll_ctl$EPOLL_CTL_ADD(r1, 0x1, r0, 0x0)
epoll_wait(r1, &(0x7f0000000040)=[{}], 0x1, 0x8001)
epoll_ctl$EPOLL_CTL_MOD(r1, 0x3, r0, &(0x7f00000000c0)={0x300})

9.234251322s ago: executing program 4 (id=1721):
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x100008b}, 0x0)
sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x7)
r0 = getpid()
sched_setscheduler(r0, 0x2, &(0x7f0000000100)=0x5)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0)
socketpair$unix(0x1, 0x3, 0x0, &(0x7f0000001480)={<r1=>0xffffffffffffffff, <r2=>0xffffffffffffffff})
connect$unix(r1, &(0x7f000057eff8)=@abs, 0x6e)
sendmmsg$unix(r2, &(0x7f00000bd000), 0x318, 0x0)
recvmmsg(r1, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
r3 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000240)={0x11, 0x4, &(0x7f00000000c0)=ANY=[@ANYBLOB="18000000000004000000000000000000850000002300000095"], &(0x7f0000000180)='GPL\x00'}, 0x90)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f00000000c0)={&(0x7f0000000380)='sched_switch\x00', r3}, 0x10)
unshare(0x2a020400)
r4 = bpf$MAP_CREATE_TAIL_CALL(0x0, &(0x7f0000000740)={0x3, 0x4, 0x4, 0xa, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0}, 0x48)
r5 = socket(0x0, 0x0, 0x0)
mmap(&(0x7f0000fa0000/0x4000)=nil, 0x4000, 0x5000007, 0x10, r4, 0x0)
r6 = syz_init_net_socket$bt_hci(0x1f, 0x3, 0x5)
ioctl$AUTOFS_IOC_CATATONIC(r6, 0x800443d3, 0x20000002)
syz_genetlink_get_family_id$nl80211(0x0, 0xffffffffffffffff)
sendmsg$NL80211_CMD_FRAME(r5, &(0x7f0000000200)={0x0, 0x0, &(0x7f0000000640)={&(0x7f0000000140)=ANY=[@ANYRES8, @ANYRESOCT=r5, @ANYRES32], 0x48}, 0x1, 0x0, 0x0, 0x800}, 0x0)
bpf$PROG_LOAD(0x5, &(0x7f0000000880)={0x3, 0x10, &(0x7f0000000000)=ANY=[@ANYBLOB="1800000000000000000000000000000018120000", @ANYRES32=r4, @ANYBLOB="0000000000000000b703000004000000850000000c000000b400000000000000180100002020702500000000002020207b1af8ff00000000bfa100000000000007010000f8ffffffb702000008000000b703000000000700850000000600000095000000000000008ef04eb174858af8776547f44a79f48a776291d07c333170e13a3827ff"], &(0x7f0000000980)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x6, '\x00', 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2000000, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90)
semget$private(0x0, 0x2, 0x0)
semtimedop(0x0, &(0x7f0000000000)=[{0x500, 0x0, 0x1800}], 0x1, 0x0)
syz_emit_vhci(0x0, 0x7)
syz_emit_vhci(&(0x7f0000000540)=ANY=[@ANYBLOB="043e1f0a"], 0x22)
ioctl$SNAPSHOT_SET_SWAP_AREA(0xffffffffffffffff, 0x400c330d, &(0x7f0000000200)={0xffff, 0x4})
socketpair(0x1e, 0x4, 0x9, &(0x7f0000000300))

9.142499865s ago: executing program 3 (id=1722):
sendmsg$nl_route_sched(0xffffffffffffffff, &(0x7f00000007c0)={0x0, 0x0, &(0x7f0000000480)={&(0x7f0000002ac0)=@delchain={0x1b4, 0x65, 0x0, 0x0, 0x0, {}, [@TCA_CHAIN={0x8}, @TCA_RATE={0x6}, @TCA_CHAIN={0x8}, @filter_kind_options=@f_flower={{0xb}, {0x2c, 0x2, [@TCA_FLOWER_KEY_ARP_OP={0x5}, @TCA_FLOWER_KEY_ICMPV6_CODE={0x5}, @TCA_FLOWER_KEY_ENC_UDP_SRC_PORT={0x6}, @TCA_FLOWER_KEY_UDP_SRC_MASK={0x6}, @TCA_FLOWER_KEY_ICMPV6_TYPE={0x5}]}}, @filter_kind_options=@f_route={{0xa}, {0x134, 0x2, [@TCA_ROUTE4_FROM={0x8}, @TCA_ROUTE4_POLICE={0x6c, 0x5, [@TCA_POLICE_RATE64={0xc}, @TCA_POLICE_TBF={0x3c}, @TCA_POLICE_RESULT={0x8}, @TCA_POLICE_PEAKRATE64={0xc}, @TCA_POLICE_RATE64={0xc}]}, @TCA_ROUTE4_FROM={0x8}, @TCA_ROUTE4_ACT={0xb4, 0x6, [@m_ctinfo={0xb0, 0x0, 0x0, 0x0, {{0xb}, {0xc, 0x2, 0x0, 0x1, [@TCA_CTINFO_ZONE={0x6}]}, {0x7c, 0x6, "55eb88be72ea2bba577976ef9b5ab407e07afa05e4594285326849c2ec806d7b79f86d10adeb18245c150ce2b9eaeb2380aa7104a6df31aefd38f6b7bb0a45721ccbc5daab03190ea553ce464d09642e4ff5eeaf1f2e6171c16bc9ed3d7f4e1d714b45e839ac2719fe34dbba607211f211a9b5b79c050373"}, {0xc}, {0xc}}}]}]}}]}, 0x1b4}}, 0x0)
sendmsg$NFT_BATCH(0xffffffffffffffff, &(0x7f000000c2c0)={0x0, 0x0, &(0x7f0000000200)={0x0, 0x7c}}, 0x0)
r0 = socket$rds(0x15, 0x5, 0x0)
ioctl$sock_proto_private(r0, 0x89e1, &(0x7f0000000100))
r1 = socket(0x10, 0x803, 0x0)
ioctl$KVM_CAP_EXIT_ON_EMULATION_FAILURE(0xffffffffffffffff, 0x4068aea3, &(0x7f0000000240))
openat$cgroup_ro(0xffffffffffffff9c, 0x0, 0x26e1, 0x0)
syz_genetlink_get_family_id$nl80211(0x0, 0xffffffffffffffff)
prlimit64(0x0, 0x0, 0x0, 0x0)
sched_setscheduler(0x0, 0x0, 0x0)
connect$unix(0xffffffffffffffff, 0x0, 0x0)
recvmmsg(0xffffffffffffffff, 0x0, 0x0, 0x2, 0x0)
ioctl$vim2m_VIDIOC_CREATE_BUFS(0xffffffffffffffff, 0xc100565c, &(0x7f0000000140)={0x0, 0x40, 0x4, {0x0, @raw_data="3d924b8271394fa4ec01eb92492ff84715d1a004d08b012a7cafe27a5f313d31bbdae5b411ca5be6bfe92437ed0d21b5180e375be56b3b9306d7dbb26bf9f22de7ac7681cca450055250217bdf1113b4258293ba4efed32147bda8454dd115bd5ba066ba06f2854cc96db9a98055cbde9fd084a1223ada91ed2e832907a01ab5ee65f997b617f73d1aa5a6dfc47acdc5eb834f8e448469d235e4380cbcc3314c94970349a3c1374ffec96177b67caa0656f9664277cadb8597e7d911ad1da457ef9744b0993c57a7"}})
r2 = socket$nl_generic(0x10, 0x3, 0x10)
r3 = syz_genetlink_get_family_id$ethtool(&(0x7f0000000040), 0xffffffffffffffff)
sendmsg$ETHTOOL_MSG_COALESCE_SET(r2, &(0x7f00000002c0)={0x0, 0x0, &(0x7f0000000280)={&(0x7f0000000380)={0x3c, r3, 0x1, 0x0, 0x0, {}, [@ETHTOOL_A_COALESCE_HEADER={0x18, 0x1, 0x0, 0x1, [@ETHTOOL_A_HEADER_DEV_NAME={0x14, 0x2, 'netdevsim0\x00'}]}, @ETHTOOL_A_COALESCE_TX_MAX_FRAMES_HIGH={0x8}, @ETHTOOL_A_COALESCE_RATE_SAMPLE_INTERVAL={0x8, 0x17, 0x1}]}, 0x3c}}, 0x0)
sendto(r1, &(0x7f0000000740)="120000001200e7ef007b00000000000000a1", 0x12, 0x0, 0x0, 0x0)
recvmmsg(r1, &(0x7f00000037c0)=[{{&(0x7f00000004c0)=@ethernet={0x0, @random}, 0xfdf4, &(0x7f0000000380)=[{&(0x7f0000000140)=""/100, 0x365}, {&(0x7f0000000280)=""/85, 0x7c}, {&(0x7f0000000fc0)=""/4096, 0x197}, {&(0x7f0000000400)=""/106, 0x645}, {&(0x7f0000000980)=""/73, 0x1b}, {&(0x7f0000000200)=""/77, 0x334}, {&(0x7f00000007c0)=""/154, 0x94}, {&(0x7f00000001c0)=""/17, 0x1d8}], 0x21, &(0x7f0000000600)=""/191, 0x41}}], 0x4000000000003b4, 0x0, &(0x7f0000003700)={0x77359400})

7.240231353s ago: executing program 4 (id=1723):
r0 = socket$inet_mptcp(0x2, 0x1, 0x106)
listen(r0, 0x0)
r1 = syz_io_uring_setup(0x239, &(0x7f0000000080)={0x0, 0x0, 0x11900}, &(0x7f0000000000)=<r2=>0x0, &(0x7f0000000040)=<r3=>0x0)
socket(0x10, 0x0, 0x0)
r4 = socket$inet_smc(0x2b, 0x1, 0x0)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
sched_setaffinity(0x0, 0x8, &(0x7f0000000500)=0x20000000005)
r5 = openat$hwrng(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0)
preadv(r5, &(0x7f0000000100)=[{&(0x7f0000033a80)=""/102386, 0x18ff2}], 0x1, 0x0, 0x0)
getpeername$packet(0xffffffffffffffff, 0x0, &(0x7f0000000200))
socket$unix(0x1, 0x0, 0x0)
socket$kcm(0x29, 0x5, 0x0)
r6 = socket(0x2, 0x80805, 0x0)
getsockopt$inet_sctp6_SCTP_SOCKOPT_CONNECTX3(r6, 0x84, 0x6f, &(0x7f0000001040)={0x0, 0x10, &(0x7f0000000380)=[@in={0x2, 0x0, @initdev={0xac, 0x1e, 0x3, 0x0}}]}, &(0x7f0000000180)=0x10)
getsockopt$bt_hci(r6, 0x84, 0x7c, &(0x7f0000000000)=""/4087, &(0x7f0000001080)=0xff7)
r7 = memfd_create(&(0x7f0000000000)='e\xf4E\x88-\x00', 0x0)
pwritev(r7, &(0x7f0000000040)=[{&(0x7f0000000480)="db", 0x1}], 0x1, 0x4000001, 0x0)
sendfile(r4, r7, 0x0, 0x8000fb04)
r8 = syz_init_net_socket$nl_generic(0x10, 0x3, 0x10)
r9 = syz_genetlink_get_family_id$netlbl_cipso(&(0x7f0000000180), r8)
sendmsg$NLBL_CIPSOV4_C_ADD(r8, &(0x7f0000001740)={0x0, 0x0, &(0x7f0000001700)={&(0x7f0000001000)=ANY=[@ANYBLOB="30671d1908caa30b", @ANYRES16=r9, @ANYBLOB="01000000000000000000010000000c000480050003000200000008000200030000000800010001000000"], 0x30}}, 0x0)
syz_io_uring_submit(r2, r3, &(0x7f0000000380)=@IORING_OP_POLL_ADD={0x6, 0x0, 0x0, @fd_index=0x3, 0x0, 0x0, 0x0, {0x380}})
mmap(&(0x7f0000000000/0xfff000)=nil, 0xfff002, 0x0, 0x32, 0xffffffffffffffff, 0x0)
semtimedop(0x0, 0x0, 0x0, &(0x7f0000000140)={0x77359400})
io_uring_enter(r1, 0x2def, 0x0, 0x0, 0x0, 0x0)
r10 = bpf$MAP_CREATE(0x0, &(0x7f0000000000)=@base={0x19, 0x4, 0x4, 0x2, 0x0, 0x1}, 0x48)
bpf$MAP_GET_NEXT_KEY(0x2, &(0x7f0000000240)={r10, &(0x7f0000000280), &(0x7f0000000000)=""/10, 0x2}, 0x20)
bpf$MAP_LOOKUP_ELEM(0x1, &(0x7f0000000680)={r10, &(0x7f0000000c00)='\x00\x00', 0xfffffffffffffffd}, 0x20)
prctl$PR_SET_SECCOMP(0x16, 0x1, 0x0)
shutdown(r0, 0x0)

7.05755518s ago: executing program 1 (id=1724):
mknod$loop(0x0, 0x0, 0x1)
utimes(0x0, 0x0)
syz_open_procfs(0x0, 0x0)
r0 = socket$nl_generic(0x10, 0x3, 0x10)
r1 = socket$nl_route(0x10, 0x3, 0x0)
syz_genetlink_get_family_id$tipc(&(0x7f00000004c0), r0)
sendmsg$inet(r1, &(0x7f0000000040)={0x0, 0x0, &(0x7f0000000100)=[{&(0x7f00000006c0)="5c00000013006bcd9e3fe3dc6e48aa31086b87030b0000001f00000000000000040014000d000a000d0000009ee517d34460bc24eab556a705251e6182949a3651f60a84c9f5d1938037e786a6d0bdd7fcf50e4509c5bb5a00f69853", 0x5c}], 0x1, 0x0, 0x0, 0x1f00c00e}, 0x0)
syz_emit_ethernet(0xc0, &(0x7f0000000180)={@multicast, @remote, @void, {@ipv4={0x800, @tipc={{0x1f, 0x4, 0x3, 0x1d, 0xb2, 0x67, 0x0, 0x7, 0x6, 0x0, @empty, @multicast1, {[@noop, @timestamp={0x44, 0x14, 0xa8, 0x0, 0x7, [0xbba, 0x4, 0x6, 0x800]}, @lsrr={0x83, 0xf, 0xc2, [@rand_addr=0x64010101, @dev={0xac, 0x14, 0x14, 0x18}, @dev={0xac, 0x14, 0x14, 0x16}]}, @generic={0x0, 0x2}, @timestamp_prespec={0x44, 0x34, 0xf2, 0x3, 0x8, [{@private=0xa010101, 0x6}, {@rand_addr=0x64010100, 0xfffff801}, {@private=0xa010100, 0xfffff933}, {@initdev={0xac, 0x1e, 0x0, 0x0}, 0x41b}, {@private=0xa010101, 0x80000000}, {@rand_addr=0x64010101, 0x3ff}]}, @noop, @generic={0x7, 0xc, "0d18f6a2f90d7c67c626"}]}}, @payload_mcast={{{{{{0x36, 0x0, 0x0, 0x0, 0x1, 0xb, 0x1, 0x2, 0x4, 0x0, 0x0, 0x0, 0x4, 0x1, 0x4, 0xf65, 0x0, 0x4e23, 0x4e20}, 0x2, 0x2}, 0x3, 0x3}}}, [0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0]}}}}}, 0x0)

6.919631276s ago: executing program 3 (id=1725):
mkdirat(0xffffffffffffff9c, &(0x7f0000000340)='./file1\x00', 0x0)
mount(0x0, &(0x7f0000000240)='./file1\x00', &(0x7f0000000000)='tmpfs\x00', 0x0, 0x0)
chdir(&(0x7f0000000080)='./file1\x00')
mkdir(&(0x7f00000003c0)='./file0\x00', 0x0)
mkdirat(0xffffffffffffff9c, &(0x7f0000000340)='./file1\x00', 0x0)
mkdirat(0xffffffffffffff9c, &(0x7f0000002040)='./file0\x00', 0x0)
mount$bind(&(0x7f00000002c0)='.\x00', &(0x7f0000000200)='./file0\x00', 0x0, 0x101091, 0x0)
mount$bind(0x0, &(0x7f0000000140)='./file0\x00', 0x0, 0x24000, 0x0)
syz_usb_connect(0x0, 0x24, &(0x7f0000000000)=ANY=[@ANYBLOB="120100005c7f8e20d3131133d7ea01020301090212000100000000090400"], 0x0)
r0 = openat$fuse(0xffffffffffffff9c, &(0x7f00000000c0), 0x42, 0x0)
mount$fuse(0x0, &(0x7f00000020c0)='./file0\x00', &(0x7f0000000100), 0x0, &(0x7f0000002140)=ANY=[@ANYBLOB='fd=', @ANYRESHEX=r0, @ANYBLOB=',rootmode=00000000000000000100000,user_id=', @ANYRESDEC=0x0, @ANYBLOB=',group_id=', @ANYRESDEC=0x0])
read$FUSE(r0, &(0x7f00000021c0)={0x2020, 0x0, <r1=>0x0}, 0x2020)
write$FUSE_INIT(r0, &(0x7f0000000240)={0x50, 0x0, r1, {0x7, 0x1f, 0x0, 0x202}}, 0x50)
syz_fuse_handle_req(r0, &(0x7f0000008380)="000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000002000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000080000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000dc4e00000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000400000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000ba045abcd5dfc67d000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000230000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000050000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000a000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000008000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000209bfd66eea210560000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000020000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000040000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000001354c4b600", 0x2000, &(0x7f00000062c0)={0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, &(0x7f0000006340)={0x20}, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0})
r2 = socket$inet_sctp(0x2, 0x1, 0x84)
bind$inet(r2, &(0x7f0000000000)={0x2, 0x4e22, @empty}, 0x10)
sendto$inet(r2, &(0x7f0000000300)="ab", 0x1, 0x0, &(0x7f0000000380)={0x2, 0x4e22, @local}, 0x10)
sendmsg$inet_sctp(r2, &(0x7f0000000240)={0x0, 0x0, &(0x7f0000000180)=[{&(0x7f0000000280)='\x00', 0x1}], 0x1, &(0x7f0000000200)=ANY=[@ANYBLOB="2000000000cea65700004100001f00"/28, @ANYRES32=0x0], 0x20}, 0x0)
r3 = getpid()
syz_fuse_handle_req(r0, &(0x7f0000004200)="ee43a8f8855298a8290b47b6eb9ecbe3b5cc7d6c5531c6b9218388565017628705c4c32fd55292c0c3f883dbf2e8034edf548838c491174fa9ac73e1c9cc70bf5a3522661ea6daeb623ad80d7d2c07b34a3c60821044fcdef7787b6571dfdf4179e6fe0b1d1a55e1804b1c64f153b46f3ea2ddeb087377540bd71dd01663b7fcb827815c7f8a0045e3e851ccf0c6e73fee19fedd3098a97fbef63ff5eb7c1c1f2facda43aba1f2cdf493a3539ab05e525711238ea2b5e70c7bf56091e3fdd7de8cc3ff7b43e649b5c7378c1f9538f8cd9adc78d0093204f65f7d3b0c7d4d5dd1441cf6d19035e5382545c8c91521551b6347bf4d2356b015b77d05a492e1f8a5a356afeec8b308d8f2c838bd0c9b28dde9239783312362e311e727d23d8545f171dfad77a54fc618378a8088c4627b29643e40ddabc200ae14284084d327e439fa1901f9bf6c52e9a2b7176cd308b3c0d82f6ac370a95055c37b56478f8f33648164250f2c4ec4ff44ff22fc62308909ac5f6b3ee783169933dd421a77bdc238b6e54ed292d033fc80b2f4f6e9200589ef32be4de445d981ed0df390fa2691cf5a22eb7dd1277eed9f79cc489fcbd424f9e42683b4891d54d93d1d12eb6076af805bd5ab5a6007da7daa9eaa4763c5ff36b4d6547145e90e5b74041e24bd3c4b996412637757dcc343784511f09bce6e91908b1a3d4f2bc8310105bef2474b2a7e3204a475a1aa5b6189ca02892342e4ce48e4e7a34eac5f5a973ad1fdeb2404e8899bfa9e40f411c84f75d76a4c680ca107e8cc134527f942d15a17011ffed9f11947a2054d8875d6a562a10685e73c92b78ed8b8c05ac12bdc7b627f0f00a2048027ef15085179610b3142e65b73e931ffd17a40f207e682cd567213c4b88ece6f8e41917944da92b7b834027b0ca18d3f1d1264a920dda9f494bdc359e060be1298dcf3be313cbbc61a70bc02dadc0bbaa4fcc2ce0575651adf3d277f0d4e0bf7ef449e0a6a9d9ff5a20f659fd0b5515d46dd1ed1b412b19a7ab40eff607d26b71056de718acdf6ac40f5e50bfd2a65984242fc20d69bba826d308e0cbafe1b6bd336bc2f1c205bd454a06e5199a23ca1c0a7595cae2550c21aae006001cfa7cdc428cded037397e6b6d009f6b9bee1615aa52da336538e045bf324c71dad2997d87801f87d4d3e0a9a7038573b6220b0676af9b56240f3db4af583ff2a8b9242a6568bc0994d89639a88fea8ede9c59b04591378ec636088dd6ec82c4de4c9de7776ca070a3e7103551ad58eee1ccc0e4d3a0392285802d23b8b5be7b407bb8e38dd7fb793c295c16167c6761ab88f28d509854314f5b7120eaa00f0665c4131cad14a86cd4a758716426eb189b9ad7736d7c7b4a49e7be11019cd28d8869a9f30d8ae52ce35c5a69163d514884fb0e404f59bb7f378dae93d3b1c77db574c5115136a7a0d751486cb0dfc6231b3e242ef88c0d983f65e78e74001e50019fd124d1a0761362cd0ee6d6212c55f37837e21356db7fb5fe79c05db8e45425222f3c4d1fc09667accd4164b8ef336ae3db5b215c82dc0ae4e44c98db78481b9942555dc0ca311c4cabdddd318c5e4f8d477294aa43820f3e4c334987423acd6736196a2990789b4b2d65f48ba3039eeecb2ab8abbf1004c10cc1b563ad368df3513b152878c08fefe65744210432347bf4a67f09dda78be9f1024e077c7191f39b718eb12d7bc7500e855f40673d9975c12ac0bc3526d5017cbfa2a07263f58293bb8c7500b8e365533161295d9ca65c6b8b29482ce3078295a6454bdb574476249c0f7b4cdf3ae3ef55afa3ef653e712f14dd7e270ef728ff4c4f38d09b03daad2868e922a7723ec00884ddfd19a527744ef6cecbc74e8c74aa37b62734286ef94d400a7f884f20c2891ebe78b70a7ea6535c1f1d2a421fd3a05a45749f1511a10eb6f45e54e1b83a2e437df5127be5b54cdaf39bbc96187e46cde341a948bc6999ff738a8abb8da9b943e8e2de28d37cd07c346d05b18b90dc98310d8de6286c42bad83393f3f57ab3c54ad753588909c7eaa08eaccfbda485af7423bcfb58966a0f2b1362801223a99228865b1dfba3d102b63fe3a1dfedd561d205358a276d3887612ce91de546ce6d0b9f5420b667675bc597964910891bf71f949e186f4fe96324b1690c53a8ac12bcbd86e046f3752453bc8c3abc04ca05aeaa4539419dcc2985eb0ba64faa63733a417c25eb4e0a94d4237c9f305fc1a5575b85835f2a71d9dbebbf13a8f58ae798feac3f36af38970b89a705fdb4964ad62c2e3bcf80078a03bff48b9a7c948010789fcd4930999ab49c8dbac946ae3e51ce06b24d0a96fd51070e79950f4477fa39452180ae8cf0dae34079354e0772283d07f0580fc9e03cdac4b27edcf59587746871b1739daf3db43e78d832039f3d82f2fc9aee5798b4d19ae96b9b81c73bc2633a32db2b0452bd22a0cc557d20d46343b244051e0aa33edb3edf35d26114e59424454225e4468131ba1ab70c320a321d5771f18c8fc48617763f77cd3d0b51d90a0d05bef340cc4d52fd65e6b39f2e4f7a7bb8722641df73ec3931541a6cdc43cafa6c5e885ebcc00d230f5d03e59e46feb996da8fa59d16d1e271b0faf2f3f1e1eeda53b9f6bee341b94f4ac6c2f0431253c2beb3d3dac49ae543643a2a4b6aaf5ae46d85a102b71d7ae6cbcd50ab8c6a7a61a972cd6c0ecc8ac1cb7c2b7b732e268c0155b918559afe4f470a9f3e61a41acdee97605332613bce6cb5eadf3786a6ab6bd90d672cd4861f273b1a16998a22c03a81fd8295f6a3068581844ffee8b1e7b95b246167b367b2696508d51b2fa3ccdaae9edd68a04a85a95603b28c273f24715267b8e066cfbbce136ea2cbcc9087fcfe17da753734ce7c47195d9aa65149dc2d0e6155d52ac5173160b84d21906704ea06b34c6f7696f81f39ea3c3b2e5ccb3866357143da1ea3362fa2567b3822f3cfa547cab553f16c589339cefd6620f290273be6375afe68d09f910c6121c84d787b6fbb46ea6561f78459d08a15d8e712606015709fbf5902e46f84ac3d270df370acb8f6c7ee59f61eccd167a885068da639fb3f1c4c7722d7a0fed2489855dd31783bfe807926dff94b6d98535364ea1117592025d20942d2090b0706ae357f98f1e2b7511a9f37b3a9d3d2bacc5aff1e8b3d5f3d5134e75f8af24bf348d50a5222eb0cb2ac2a53ae4e069bce30cda581df56adfe41f7c1831bb2e4370914be2d3c6b5f33c5414597c7248d402e373aa246535d69385da9da1c4a3584b8d280fea95ab160ac8c4303c3f2800ccb7b5797395418b4f3c7dc728dac80404c576e6731644089bc7fc82bc3c6abbd5e174a40e6f1d56c5023669aa08130eee2a0b7263eb215af283b7422689b1966d0bb8e34b8b2b8acd118f125c3d45c4297ff38e1e45c5eb1f3d9b5ef283a7f188baf6ca030b9dbf624e23f8455bb8afe8314bc1acd0beda0cd477a16d982ddbc9c525c8c24b9e53ddb4ff9d03c6db15b121738c4d5a24e638a0c238e3cb865eb7433d672401f6dae1ce7ffe330045e44644f185b2d47c82108dd6052d2a928d7f49e9e22b7cdd94c09a6c9820ff22169acc82e08b430926c5af7d290ca92598fa2d212154a10e17e5af05b5c2141475d7ab034bd384cf663fec9e1f9d8f50c1d3e0406f2665cb273ca0185281ee3a65cd76a1a350fe9aeae6e49cb8f0eb4dba4c19ecf27479833fc47dfee6ae7806723ba5c2f24c62e26a3d8a74cb43546d28acb0fbf287c03dcdac6699c3c7f9a3b806bcac2318118395fa4e052eb620f02a90dc0556e6338266d5529f968359372a21c5b54a46ae61dcd528d7569435311abf1133be800f466dc19ade70b233ab4a5fa04ddcc476ba44aafd2c443a0c6738a422477a8da46420dbc8cf09302e8e59ce967a4832b46e74bf81306ccb497bcd35ae1e552566c5414982ba51151a4f1b13dc1d0065ea65e5272d9a004ffa84574ce96d94561d46664659dd9ebabd1a907b5127b140801720c1d92a40530040c03a869debffa977a57a8d6196cfc24e844f2486639ed630f5eae1dafd32ebaa1d71a7cfbe98badd7f0962fdce731e2ebd4b97fbbfb82a6cbf94d9d67a58f74d0856ae50e757823976f018281590e6adb9b6d5c0e58833d747957196d502f0f96f70bc351fb9599dd3d177162d087f25f4ef07c2796d2b3b1d2ed1d45bd3ee150d0b9569c4ba640526df0c91825fa8442045ca8397aaa16a39f179dd04fa63c9195617849868f0018756391089827fd090b898b165c0528f835d7726c18cd81f1613c5607d54d074d0c3e37a76c884f963ff8070cb25e441d215c02328ea43f518e139a5df4c033e429a27ca9ec62b103578c075baee7a047e070892c169401bd1d3b9b94bb3375af9ef41d75e4199e486042c0c50bf7b2b883251938ec16150cdcd3806b1df7c6bf190567afbfc540145e9f4885a02a2e0a32f878c097799b728eb6db95061c741526f9a8f988f6c6c24b459fa236b27e978628e38c6a4e0a88199f645e64a535a13e8aec318c43c55c7e61160851d534383b76e300718553a710ddbf937f2f16bff9a2cb883d4d96151b2ce87b6269dce42b153d8d4d7cdd1f1d041bd0a58e76f169f8a3ca5fe9d1cd0d5023b9caaec86fbd65b67c7a972a9616cbeee989942b965d6fc0eaa1ac40240dbc910a72cb5ac4af89b390eabfa9fb874323ff0db6c52036df330d65b958d54b92e156a560648e83fc66c05aa2e64b558c03a035f539ae047d611c3eff899ea684e02eb0021ab1a7a20ada3a7bc671935238232b785bc740aeda2a9a8107d63aaea386b9b4462921f2a57c9f681ac4d2e5688de78480826fd0c2646c6922a337a121efad078e8032b9adae398d02da7ab5144f9cde3cc6306c4250788f365f7a51f59e4bd7b4944f5c3acf6046e5ac66fb5d0f83ffbd24de6b43ca32547138609099bb2615fb1ffd971a7117b21e2b70002b5de395f14bf5bd96869bb858687c69026453e2f2f058736603f95f80d8c8d0a22f4f547bf5873ec896f46ce6699682f375cc3d460e836ab58e19830d10dd6458eca0b31dc8b568a1d99b7f01ae483f8c9e99245a5437d4af82b3925aee36b3dc77d5b588d9e225050ee847bbf1c4d0a26fa55eed6f8586d979e9b0e0fadafc8cb56bb74f16efdf4967627a11f669aa5eea716f957d2352e158dec9d295f9d50ca846fda87fcbaeac91df406b7250da41177587dc7102f8fcd9086e263feec335ed1312b71d74403f81c7c7d5731d4b8a10475f86bfeb59a52e769d8c1322facd03960286cda9b6fbea84b06b443baf710d29a209e01d572beb43ddd6ffef3c35afd79a3b12099680a377ee7469610fa26210522d8764d93a00d4a63061f7d0c777199984217b34b4f247ceabff49eed8f404739cb76c6a3f3a1c5804074756266294e2ed4fb15ef2f2cbbf98183dc5dfcb568da748ddf2e5ff56688e1ea25410321d0015c45ceb9eff7c855f683e6a7da716ae15363f98a17fa602edc2cda3ba3bf3d0f53adf56618b2629d4feb77bf70f80c68beea0a37034270c6599498d995c91468fcc4c6650471227af2e38eb3ba208bb7c3c7c326ef744c58bb10e548a770caf35e0ee64053bd8820cdcb4cee1f5ef3dc45ecf8f2a6a0d8e3978c5456ea5989316d75ec5743faf8e63c6b1d68186c7dc2bb8b04f239b42af853e39a43d5891ba3479c0efcb885466710ea1112bd2a7561a6ddbb744ba207ab8ff1e755f3f304d286de3a739b2801af5bab3fd7f034ede2dd38da60415393d6b12ea96ee6cf3b1a87b12b034719e9d907497e1114c888ff2ead6cbc00aa4e9db18186913c35147c9ad06748971a7aed0fa87b4c864150ff06e37b2ef984f0d6e2838e099bcfb92939c75082fa5dc9c7c8455b119866939ef78a594d48b1e233ab2530058a7c2ae8f4147528d0ba328aabdd8d61c2270fb9ab790fbf913e97d15d5e20553016791855e617131474ef0b75081a0c43fc5fa1ecb67c7edeeecc97cd7d941845dad2e54b42e18e68ce41f849313143fe0152e104a2a401e42f982145d9bce7ed874705bf7576ce102ebbe11d6187acba2d06e2b3762cdc8c3f67aa66fd1d70e4ee55e739ebe0b390c8205edc63a9895969ec6fd13b798d5a0401c2e18a580f10505d5abc79a799088d59481a6c26b94180efda1c5c23e9b884f658d8fb0cd80e8e6b3a20c81676f47e929433c27bacb24257edf3e8630755e17d800d8db4f2be1fda9317ba2ecb53756fb0ca80701e49e209859f006a4324c0de093b3da7c23be79567990c79887a03ab64b787832dbaf2579e76d343d41d37431475d11e918393296bff7a33feb659948d554405fac79bf7cc7c4f702e0d74a3cc384f44bdcb800cb24ee11c9531418c1c82453c0410514391cf5679e4d0d9949a8ce20ac70c12694ea6ca08a87307a98a05d48c7608783e0acc829c65425d8677f103a92e1c852164f09ab67f9a155f3575b2ec3ccfd7cb9ad431dd875369abb7ea31b994e2e39a59e5bd93bc8852ea3e2efff3707c8e1319e6c16be14e3386ad2bb5affb435c2436762b58dc6ffeec0743ea0dca0384ef1217db3d6219fb2921861b176fa0b714decb2e5bfe305691d92c4c65a427ab02b8cbf11a701fe74c20de74ef56ed85fd9136ca03b15d0d99e553ba4ebc8ac4e6c41506c97a33c9a05ce53d19bf62cf6ff16ede1bdbee982553bcf11ea5d2d4922f4e7ba82c83a6307610e34da0ca81c43193cdd16a8bd73b6b119461dd245e1f033da72e644614743741b34bc7813a3937a6447e499f036440781a43ccef1bcc15c8b58999e60ad807e82529bd8c819194f0e396b0d93168fc800c0fec2b7b260d1b6c18956d66ad2db20acb3117a2bd17ddb5c046559461f5e91c74b89535c49efb89bf78ec20743017eae6e1f7c393d28f5c8f7c0f0914a30eb2626a294a3ed7ada207e51bd7a95204605af2b8586c29fdf88ece2a3a5a068430a571d98c26e51a45bbb50231197363845c76f58506bf31738a23fe792f678c042e30d7dd5f19ed5ab4bb36536671e160925d4af6ff078c2b7dbdf9c55ed31e61eacc01babc62d9d2e671bc6c1932e170e3dcc5ad67a9ea7d46fca2f256fbf781019782d4066331fe10f62a6ae077a8b9569dc4bac6b90fb730a968f1782cbfc5e005bad8d9b00ae9199c81e317d91196abc75f1887cb8ffcb440f37a972d4ced20f158844e0ee36111a4247dfda14cc5cada6d372e75ee370149d7fa822f73ef0edc835a338c6d5699911fea2fedd7f3e381caff836a690331327f96ab7904a461ef5a36ce5f552bc1d1d9968106a7b8e07eef4aae2e716422a2fb7b0c1e05f09c29ca83f3405adb80e237d6f145383ec4885573e50ca2ad014308ed70477257f4d904089eec809c55d85684265a1d3b00718cfb14d644463623ba225aa95bee2a95e13a0817e2c98d96b822e6e4ef36d18a831699889034d116c84e45467f46140b88c765339b04ee65e3ef12356fe6d7ef1c80653d2e34af6e03c4503431f775e161ab7edbbfd9316372084e5e69d98443d529c9488e26c40734a636d3cb2f3b7e9bf248d647382937e623f1a7119a8deb731db5e2dbb5cc9d7b60e80f35ada2ee398d3a6c1d1d9c485d4c31c4e3beb69017bc92d9d1eba03994832aa7081bc0d29d97154c20f29d183c589e939f2e62ee71ebcbbf42ecdc9b0342920112b6a50bfa1558ca9b8af99008a8a9be29d121b4cb879ad0f61a21d57698cbda61acf65abd1912e1956226ee647d1e87315939ec9d98db2e49101964e26b28350c7fa529bbcad3c1794c2c52fa63755f09b6e1e2ee4d63050f7197b8d013296b1594a8aa16aafbb3cd4cead348e1c1a9cbdcbc09908e8696a72528ecdf12579e3a9d16afcc7b995398e3f0e6c169363195c454c0d761b20a073c962b29d0dc6dc053a586fe928ca31a759781744ed81844ae0c002b039c32538d35cc293d1fe828123110c07a81e6e0ecabf7075cd890c88c4b67a900464a234dc7043ad678f189c4c47068f16d9cc2ea87211cac5d3c3db3e220eb2463a548d4329093d486ea81c020bb72bffaaf205490011900e3dec6dc911343298a47019dd4d18a8bd71cad38ada40ffe14072790ab40c0a586a3ce452dc15940847ce5c794a6840ff6222c934893226bf8315a0be2f2fb6371cfeeedfe94736af945259bee27ce07827b4fa6dfab66e28ebde09053cf8ec25861aad91cfd1efcb69e60cf8ff3c1b8283301c0b5c1122f7b0733fcfe7f71066d74da3a0fa3abe052de9acf07aa091c139120bf5a35fadf7894d494d34f4e10b5cba392de299c971b1cd8eb8c5fcfba94585f58b995c89136383742f318bb3c738ecf00014d9025b7b01b905aafbb58910a873e6dad1227dc062455b1390d8835e1ca0e0799993239fcc387f2bcc85380286c79317e1233faaade720b19b4847c97840fab93d928a2d664edf10c610110188c69cbcba07e95a7659ee5311dbb4fbbdb63c8c561a1d8e6f3c8c940c4ea4d8ebf8e18ca586f8da46e82dfd1fe22a396518f81b97fed2a3b1d36a7e5348e64838594f9f9aacc3494d01f2bf7cf78c5ab4d715aaa3300b384d80265c9675a9db90ea034d91731dd4c0186bdf370df405a8c3aac525aee5dc5174d61e0ea993b79f47f63ca6d7fa2cb2ac622020e7f7b1c4701a248835de588056c4ca462777cca604c3df4d4984ae969c3bfd440906360341b624a234f28de5e5f2fd22b13daae2ce5afcec92a7950930b771c18f18926cedbfe440ec532e343ba80da0ae9f5f5357094052c26d554715a08670aa16bc4d7787a5d81af654e37133e3557d36ca5a9b6206b0d5a0e82c210e4f9693a91d8a5d7d074cce6c9b9f52ca31f0895add87f9fd430b6cf3e9ad17aeae6ed22278b41a2ae03eebb14d679a11372a5850d2456714bf379799d4b8fae37c0e6176c2b6017a73c2234133632a4f0b582a79573e3fb1669a94708da158443266feefe6cfe3b618d1a9cadc213952c420267016deed5cdcfbd521fb8d0f93f5d445b682a67f214d73467c4c76719eef00990fbcbc327ad082a111bc618593bdb67bad926a47c4a5bf18a37abb8f8b6808d69c36520e9dd74799f565cdb5cdea0d89888b4e83b885aaf1c08131f9bb680392b83aae52911f824865a0678160aceebbfb599871399319c4743ae40fdb9d8219ff9ca1c910e42eeb8e79c902b2bfa71ca623ca5ab04b191c50a2a131dbfa051fa4419161285e39ba8eced0fa666b0a83d7677e786396e63efcb0122c437b2396d4b93047320c136e965f24884bbc7f7211c92330205241b1b50013881ba99c1f630f9942be247bbb8db79d517d60d71d16270d7abc0780b812efba3dec50711bd7cbdfa1606bafca8401c44f3672b64a5fd53fd6f8f4dbde88e3dee77df73eba8deeebe60ebbea469fc95e69210be69cf3c483c1ed1e109dd96f4c87e23a2350574e7c6d856628dced7383176ec275fcec450a0cd3c3762d7646ea93c3dc83914127c344c05f6d951e733da419dc5ffb448cbac887194560a0e6072c4bb6c46678a15e6c4086dcae730ac7100d2fa6885002ee67fdb3191179646fcbffd570d4c788e21557acddb0a169e358b3ad891db2013f5155793a8cd8b30a89081709a9d32abe87b8c659439443c5b2a2b4154a531220c7ed0a1719b379d0586ba129b64c6c648546e127e2a9e12121d7a23d453ced5d1659fae2e8472d0a57837dea21faae210abdc7647491cff768dc4b22a3848be5fa919f475117eb9be58660db072ca53c4496308c75a341deb2637c58b58d33e06659d0ef2b89f2e39d7489365ff42204353887b2911b8ab780ca4939033717223286671fe3a91eace5eb8ef8e613cb2256e9cf98a828f3568e89a8124a23f796f49243a5d9e194f4dc832a756fa800cf25a919ca672d027b9aea023261f8d2e923020f9f80292e9a5288160632ceb2017c3f355d1e87371a2db60d6ef950161c9aab029e9e41d3539ec0b73041586063d060e7c1a03d40347b25f6c304f37babf81ad29acd7e7843a15024de14d6f4eb41ac1bf595938c8c831802bddfda06c714c05ffd88954b230d1bdcc1e186ce5e856483b571b7181770c29df1b1997916949194066134a3ec3ad3ffe2075cc4c327f6a50dedb03c63e791f5d2ecc04fe56c96d7e24175c6d9fa6c0f9bbbc51686ae9ad58c7ce31744610e4ba65c86f19cb03cb93fc570d5b8a3e14b5500df16c8929e263193f57d6dd358a1d958bb43a21b5bb59e218bf7eac475c852a0291fdda5a07c8a35a34ffe25d869c769242bc2ac43b9a7a3c6699a5dc51d5289a075406e893adc7cf3bc460914fe02f287c8bed53fb562c36561caee0a49aeb021235aecfa1897bd118f876d7b10b274ce0328eae9b6586296347c8021ea5d3bb651d7fc7ef7810dd8358850c0f6bd2e17b56cd904c52d6f09f3488c6888e78558cc2c1ec1ae10aee278a3d6aa94ea83e2c62fb3fe9f109e34b1911f87cc37d4ec57f0df5aeae79aa4fa669efef94a35298d9cb0221dceb1579094df98bbbc2f5934c52c4dceca9c3296e8a19ca944c8a9222cd0a98dcdc399fd7ed7eee87d90faa80c5a87a13dd195683e94ff03eed98cc5015a31e587497f9152e43423b8f60df798384be82b41736aba5e40ce8ddfd4197637769fa8143886dd72af1ec9bb9b2860fb23f64ac33e8dfa5496fe2099a0d2a7d6c5991e858b909221981dd426bdaa2f98a4d85d8bc6bbe054861c83c2a7c817ed30aff28942165c0a97e0705a759d38c204b41d757501cf5692645c561e9f74e9fc0e77aa2c72880066d7397be02931ac1e51e3a4a624110e89d782479b7566d711504c62724617648ddae642e45696909bc03f4dee792cb7065ad13b4098400bb1f5b85602f8abb6c3cd0e113a04df48cc27b3524de423bcd2468b96262059958c3b576fd755a3f47e6e8adb9707b781545eff74eba17e3165e0aa070a113c9dfe8e02628581a31284d10b4bae5fed080f3fc34785e388e4ea17107945e3542f103e2991084d55165ddc8a42e66ab8011d030c9b2b8ce7dbbe556b40bd37e8adb463cbcb98f721dbafec0effa06975360cf73d1402f973fad361769f7a6fc58b4e4309e973b180662ce8bcbcd2856dc869cad595c9403c34745f59a48648397c8bac67e3df1f5f9463f4ee0cdb6f0e0e14d88b7b56627bad0e79c9b1449efe71517125591671122b482887b36af65250efb90d6de209b38285305fb4460d418046e422c5726b095ea16396878d2884bf0342f3909b9b497cad70fb25d6a6edd41df986bd4586608c45c9dbe452424f1b339cea49d88b2c4e9968e27da1b6bbb62074fd24368cc0f60dadb5965efaf09788d618a76cec20920bcf1634c93b101f15cdf12ad81ab311a0963679be0b1fa1fddada5c37e0fee1cf92952375133b518edac696889a54c6c42bf655f8b982704ee2356133d78c20ef8ec58bc4b1b3b71b8440aca555ddb82e8c6774970298116369847d443e0fc134aab890c658bce45801df1e1ca6b2eb433e0af4ccf7436d7", 0x2000, &(0x7f0000000b40)={0x0, 0x0, 0x0, 0x0, 0x0, &(0x7f0000000300)={0x28, 0x0, 0x0, {{0x0, 0x0, 0x2, r3}}}, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0})
openat(0xffffffffffffff9c, &(0x7f0000000180)='./file0\x00', 0x101001, 0x0)
r4 = syz_genetlink_get_family_id$nl80211(0x0, 0xffffffffffffffff)
ioctl$KVM_CREATE_VCPU(0xffffffffffffffff, 0xae41, 0x0)
ioctl$KVM_SET_VAPIC_ADDR(0xffffffffffffffff, 0x4008ae93, &(0x7f00000004c0))
sendmsg$NL80211_CMD_FRAME(0xffffffffffffffff, &(0x7f0000000040)={0x0, 0x0, &(0x7f0000000fc0)={&(0x7f0000000440)=ANY=[@ANYRESDEC, @ANYRES64=r4, @ANYRES16=r4, @ANYRES32, @ANYBLOB="0c00990000000200000000000800a0008a0900000800260094030000080027"], 0x48}, 0x1, 0x0, 0x0, 0x8890}, 0x24000014)
r5 = socket$key(0xf, 0x3, 0x2)
sendmsg$key(r5, &(0x7f00000001c0)={0x600000000000000, 0x0, &(0x7f0000000080)={&(0x7f0000000200)={0x2, 0x3, 0x0, 0x0, 0x13, 0x0, 0x0, 0x0, [@sadb_address={0x3, 0x6, 0x0, 0x0, 0x0, @in={0x2, 0x0, @local}}, @sadb_address={0x3, 0x1, 0x0, 0x0, 0x0, @in={0x2, 0x0, @local}}, @sadb_address={0x3, 0x5, 0x0, 0x0, 0x0, @in={0x2, 0x0, @loopback}}, @sadb_lifetime={0x4, 0x4}, @sadb_lifetime={0x4, 0x3}]}, 0x98}}, 0x0)
socket$key(0xf, 0x3, 0x2)

6.919438908s ago: executing program 0 (id=1726):
r0 = socket(0x1e, 0x0, 0x0)
setsockopt$packet_tx_ring(r0, 0x10f, 0x87, &(0x7f0000000440)=@req={0x3fc}, 0x10)
r1 = socket(0x1e, 0x4, 0x0)
setsockopt$packet_tx_ring(r1, 0x10f, 0x87, &(0x7f0000000440)=@req={0x3fc}, 0x10)
sendmmsg(r1, &(0x7f00000030c0)=[{{0x0, 0xa9cc7003, &(0x7f0000000400)=[{&(0x7f00000000c0)="ee", 0x101d0}], 0x1}}], 0x400000000000181, 0x9200000000000000)
sendmmsg(r0, &(0x7f00000030c0)=[{{0x0, 0xa9cc7003, &(0x7f0000000400)=[{&(0x7f00000000c0)="ee", 0x101d0}], 0x1}}], 0x400000000000181, 0x9200000000000000)
recvmmsg(r0, &(0x7f0000000a40)=[{{0x0, 0x0, &(0x7f0000000380)=[{&(0x7f0000000040)=""/19, 0x13}], 0x1}}, {{0x0, 0x0, &(0x7f0000000080)=[{&(0x7f00000008c0)=""/209, 0xd1}], 0x1}}], 0x2, 0x0, 0x0)

6.89124256s ago: executing program 2 (id=1727):
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0)
sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x7)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
sched_setaffinity(0x0, 0x8, &(0x7f0000000040)=0x10001)
r0 = openat$hwrng(0xffffffffffffff9c, &(0x7f00000002c0), 0x0, 0x0)
preadv(r0, &(0x7f0000000240)=[{&(0x7f0000033a80)=""/102386, 0xfffffd6e}], 0x1, 0x0, 0x0)
syz_io_uring_setup(0x0, 0x0, &(0x7f0000000380), &(0x7f0000000280)=<r1=>0x0)
r2 = syz_open_procfs(0x0, &(0x7f00000000c0)='task\x00')
fchdir(r2)
ioctl$SIOCSIFHWADDR(0xffffffffffffffff, 0x8914, &(0x7f0000000240)={'syzkaller1\x00', @link_local})
mount(0x0, &(0x7f0000000080)='.\x00', &(0x7f0000000000)='proc\x00', 0x0, 0x0)
fcntl$setown(0xffffffffffffffff, 0x8, 0xffffffffffffffff)
fcntl$getownex(0xffffffffffffffff, 0x10, &(0x7f0000000140)={0x0, <r3=>0x0})
r4 = syz_open_procfs(r3, &(0x7f0000000600)='fd/4\x00')
ioctl$EXT4_IOC_GROUP_EXTEND(r4, 0x40305829, &(0x7f0000000240))
openat$tun(0xffffffffffffff9c, &(0x7f0000000100), 0x0, 0x0)
ioctl$SIOCGSKNS(0xffffffffffffffff, 0x894c, 0x0)
syz_io_uring_submit(0x0, r1, &(0x7f00000002c0)=@IORING_OP_CONNECT={0x10, 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0})
r5 = io_uring_register$IORING_REGISTER_PERSONALITY(0xffffffffffffffff, 0x9, 0x0, 0x0)
io_uring_register$IORING_UNREGISTER_PERSONALITY(0xffffffffffffffff, 0x11, 0x20000000, r5)
r6 = socket$inet6_icmp_raw(0xa, 0x3, 0x3a)
setsockopt$inet6_IPV6_HOPOPTS(r6, 0x29, 0x36, &(0x7f0000001500)=ANY=[], 0x10)
write(r6, 0x0, 0x0)

6.806278665s ago: executing program 0 (id=1728):
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x20000008b}, 0x0)
sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x7)
r0 = getpid()
sched_setscheduler(r0, 0x2, &(0x7f0000000200)=0x7)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={<r1=>0xffffffffffffffff, <r2=>0xffffffffffffffff})
connect$unix(r1, &(0x7f0000000180)=@abs, 0x6e)
sendmmsg$unix(r2, &(0x7f00000bd000), 0x318, 0x0)
recvmmsg(r1, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000200)=0x4)
bpf$MAP_CREATE(0x0, 0x0, 0x0)
r3 = add_key$fscrypt_v1(&(0x7f0000000100), &(0x7f0000000040), &(0x7f0000000080)={0x0, "5d9bc136c963254c661fb620148b6f72ca6ae2a44829bfa79ec13499f8ec9077d85d879711d98bb1687ad36dfe5f14a7b0ce15c1e6be0e7ecabfdfde0dfa00b1"}, 0x48, 0xffffffffffffffff)
pipe2$watch_queue(&(0x7f0000002340)={<r4=>0xffffffffffffffff}, 0x80)
keyctl$KEYCTL_WATCH_KEY(0x20, r3, r4, 0x0)
keyctl$KEYCTL_WATCH_KEY(0x20, r3, 0xffffffffffffffff, 0xfffffffdffffffff)

929.208013ms ago: executing program 3 (id=1729):
r0 = socket$inet6_sctp(0xa, 0x5, 0x84)
r1 = openat$dlm_plock(0xffffffffffffff9c, &(0x7f0000000080), 0xc0000, 0x0)
ioctl$DRM_IOCTL_SET_CLIENT_CAP(r1, 0x4010640d, &(0x7f00000000c0)={0x4})
shutdown(r0, 0x0)
getsockopt$inet_sctp6_SCTP_SOCKOPT_CONNECTX3(r0, 0x84, 0x6f, &(0x7f0000000000)={0x0, 0x10, &(0x7f0000000500)=[@in={0x2, 0x0, @private=0xa010102}]}, &(0x7f0000000140)=0x10)
r2 = openat$sequencer2(0xffffffffffffff9c, &(0x7f0000000000), 0x181c82, 0x0)
write$sequencer(r2, &(0x7f0000000180)=ANY=[@ANYBLOB="92000000000025050043e91abbdb0000"], 0x10)
r3 = socket$inet(0x2, 0x80001, 0x84)
getsockopt$inet_sctp_SCTP_MAX_BURST(r3, 0x84, 0x14, &(0x7f0000000000)=@assoc_value={<r4=>0x0}, &(0x7f0000000300)=0x8)
openat$cgroup_ro(0xffffffffffffff9c, 0x0, 0x275a, 0x0)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0x0, 0x10, 0xffffffffffffffff, 0x0)
ftruncate(0xffffffffffffffff, 0x0)
bpf$PROG_LOAD(0x5, &(0x7f000000e000)={0x9, 0x4, &(0x7f0000000080)=ANY=[@ANYBLOB="b4000000000000050f1100000000000063000400000000009500050e73c3d31f2e0e0000000000798c6157542167c2a47ac8de1bd30c479958b200"], &(0x7f0000003ff6)='GPL\x00', 0x4, 0xfd90, &(0x7f000000cf3d)=""/195, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x8, &(0x7f0000000000), 0x1f2, 0x10, &(0x7f0000000000), 0xfffffe51}, 0x22)
setsockopt$inet_sctp6_SCTP_RTOINFO(r0, 0x84, 0x0, &(0x7f0000000040)={r4, 0x6}, 0x10)

783.747231ms ago: executing program 4 (id=1730):
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x100008b}, 0x0)
sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x7)
r0 = getpid()
sched_setscheduler(r0, 0x2, &(0x7f0000000100)=0x5)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0)
socketpair$unix(0x1, 0x3, 0x0, &(0x7f0000001480)={<r1=>0xffffffffffffffff, <r2=>0xffffffffffffffff})
connect$unix(r1, &(0x7f000057eff8)=@abs, 0x6e)
sendmmsg$unix(r2, &(0x7f00000bd000), 0x318, 0x0)
recvmmsg(r1, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
r3 = open(0x0, 0x0, 0x0)
r4 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000240)={0x11, 0x4, &(0x7f00000000c0)=ANY=[@ANYBLOB="18000000000004000000000000000000850000002300000095"], &(0x7f0000000180)='GPL\x00'}, 0x90)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f00000000c0)={&(0x7f0000000380)='sched_switch\x00', r4}, 0x10)
unshare(0x0)
r5 = socket(0x0, 0x0, 0x0)
mmap(&(0x7f0000fa0000/0x4000)=nil, 0x4000, 0x5000007, 0x10, 0xffffffffffffffff, 0x0)
r6 = syz_init_net_socket$bt_hci(0x1f, 0x3, 0x5)
ioctl$AUTOFS_IOC_CATATONIC(r6, 0x800443d3, 0x20000002)
syz_genetlink_get_family_id$nl80211(0x0, 0xffffffffffffffff)
sendmsg$NL80211_CMD_FRAME(r5, &(0x7f0000000200)={0x0, 0x0, &(0x7f0000000640)={&(0x7f0000000140)=ANY=[@ANYRES8, @ANYRES32], 0x48}, 0x1, 0x0, 0x0, 0x800}, 0x0)
bpf$PROG_LOAD(0x5, &(0x7f0000000880)={0x3, 0x10, &(0x7f0000000000)=ANY=[@ANYBLOB="18000000000000000000", @ANYRES32, @ANYBLOB='\x00'], &(0x7f0000000980)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x6, '\x00', 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2000000, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90)
semget$private(0x0, 0x2, 0x0)
semtimedop(0x0, &(0x7f0000000000)=[{0x500, 0x0, 0x1800}], 0x1, 0x0)
syz_emit_vhci(0x0, 0x7)
syz_emit_vhci(&(0x7f0000000540)=ANY=[@ANYBLOB="043e1f0a"], 0x22)
syz_emit_vhci(&(0x7f00000001c0)=ANY=[@ANYBLOB="04006faaaaaaaaaa11400900"], 0xc)
socket(0x10, 0x80002, 0x0)
ioctl$SNAPSHOT_SET_SWAP_AREA(r3, 0x400c330d, &(0x7f0000000200)={0xffff, 0x4})
socketpair(0x1e, 0x4, 0x9, &(0x7f0000000300))
bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000600)={0x9, 0x3, &(0x7f0000000000)=ANY=[@ANYBLOB="720aacff0000000071102b00000000009500000000000000"], &(0x7f0000000480)='GPL\x00'}, 0x90)

0s ago: executing program 0 (id=1731):
openat$ppp(0xffffffffffffff9c, &(0x7f0000000080), 0x0, 0x0)
openat$ppp(0xffffffffffffff9c, 0x0, 0x0, 0x0)
socket$inet6_tcp(0xa, 0x1, 0x0)
prlimit64(0x0, 0xe, &(0x7f0000000280), 0x0)
socket$nl_sock_diag(0x10, 0x3, 0x4)
sendmsg$SOCK_DIAG_BY_FAMILY(0xffffffffffffffff, &(0x7f0000000340)={0x0, 0x0, &(0x7f0000000300)={&(0x7f00000001c0)={0x18, 0x14, 0x0, 0x0, 0x0, {0x11}, [@INET_DIAG_REQ_BYTECODE={0x4}]}, 0x18}}, 0x0)
sched_setscheduler(0x0, 0x0, 0x0)
open(0x0, 0x0, 0x0)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0)
sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x7)
r0 = getpid()
sched_setscheduler(r0, 0x1, &(0x7f0000000200)=0x6)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000240)={<r1=>0xffffffffffffffff, <r2=>0xffffffffffffffff})
connect$unix(r1, &(0x7f0000000180)=@file={0x0, './file0\x00'}, 0x6e)
sendmmsg$unix(r2, &(0x7f00000bd000), 0x318, 0x0)
recvmmsg(r1, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
r3 = socket$inet_udp(0x2, 0x2, 0x0)
r4 = socket$key(0xf, 0x3, 0x2)
sendmsg$key(r4, &(0x7f0000000000)={0x40000000, 0x0, &(0x7f0000000040)={&(0x7f00000002c0)=ANY=[@ANYBLOB], 0x10}}, 0x0)
bind$inet(r3, &(0x7f00000001c0)={0x2, 0x0, @local}, 0x10)
connect$inet(r3, &(0x7f0000000480)={0x2, 0x0, @multicast1}, 0x10)
sendmmsg(r3, &(0x7f0000000180), 0x400000000000077, 0x0) (fail_nth: 8)
openat$ppp(0xffffffffffffff9c, &(0x7f0000000040), 0x0, 0x0)
socket$nl_netfilter(0x10, 0x3, 0xc)
sendmsg$NFT_BATCH(0xffffffffffffffff, &(0x7f0000000380)={0x0, 0x0, &(0x7f0000000080)={0x0}}, 0x0)

kernel console output (not intermixed with test programs):

k_sendmsg+0x8db/0xcb0
[  376.092079][ T9053]  ? __pfx_netlink_sendmsg+0x10/0x10
[  376.097428][ T9053]  ? __import_iovec+0x536/0x820
[  376.102484][ T9053]  ? bpf_lsm_socket_sendmsg+0x9/0x10
[  376.107799][ T9053]  ? security_socket_sendmsg+0x87/0xb0
[  376.113299][ T9053]  ? __pfx_netlink_sendmsg+0x10/0x10
[  376.118623][ T9053]  __sock_sendmsg+0x221/0x270
[  376.122490][ T5132] usb 3-1: New USB device found, idVendor=08b7, idProduct=0000, bcdDevice= 0.00
[  376.123324][ T9053]  ____sys_sendmsg+0x525/0x7d0
[  376.137171][ T9053]  ? __pfx_____sys_sendmsg+0x10/0x10
[  376.142519][ T9053]  __sys_sendmsg+0x2b0/0x3a0
[  376.147149][ T9053]  ? __pfx___sys_sendmsg+0x10/0x10
[  376.148303][ T5132] usb 3-1: New USB device strings: Mfr=0, Product=0, SerialNumber=3
[  376.152273][ T9053]  ? vfs_write+0x7c4/0xc90
[  376.152361][ T9053]  ? __pfx_lockdep_hardirqs_on_prepare+0x10/0x10
[  376.171047][ T9053]  ? do_syscall_64+0x100/0x230
[  376.176218][ T9053]  ? do_syscall_64+0xb6/0x230
[  376.180965][ T9053]  do_syscall_64+0xf3/0x230
[  376.185520][ T9053]  ? clear_bhb_loop+0x35/0x90
[  376.185691][ T5132] usb 3-1: SerialNumber: syz
[  376.190214][ T9053]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  376.190250][ T9053] RIP: 0033:0x7f1bcd775bd9
[  376.190272][ T9053] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[  376.190292][ T9053] RSP: 002b:00007f1bce5be048 EFLAGS: 00000246 ORIG_RAX: 000000000000002e
[  376.190318][ T9053] RAX: ffffffffffffffda RBX: 00007f1bcd903f60 RCX: 00007f1bcd775bd9
[  376.190335][ T9053] RDX: 0000000000000000 RSI: 0000000020000180 RDI: 0000000000000006
[  376.190349][ T9053] RBP: 00007f1bce5be0a0 R08: 0000000000000000 R09: 0000000000000000
[  376.257310][ T9053] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[  376.265308][ T9053] R13: 000000000000000b R14: 00007f1bcd903f60 R15: 00007ffc050bd7d8
[  376.273310][ T9053]  </TASK>
[  376.278460][   T25] asix 2-1:0.0 (unnamed net_device) (uninitialized): Failed to write RX_CTL mode to 0x0080: ffffffb9
[  376.291030][   T25] asix 2-1:0.0: probe with driver asix failed with error -71
[  376.322787][   T25] usb 2-1: USB disconnect, device number 26
[  376.337066][ T9053] netlink: 4 bytes leftover after parsing attributes in process `syz.4.916'.
[  376.453372][ T5132] usb 3-1: 0:2 : does not exist
[  376.476939][ T5132] usb 3-1: unit 255 not found!
[  376.562856][ T5132] usb 3-1: USB disconnect, device number 21
[  376.820095][ T5089] udevd[5089]: error opening ATTR{/sys/devices/platform/dummy_hcd.2/usb3/3-1/3-1:1.0/sound/card3/controlC3/../uevent} for writing: No such file or directory
[  376.972299][ T5131] usb 4-1: USB disconnect, device number 27
[  377.587680][ T5132] usb 3-1: new high-speed USB device number 22 using dummy_hcd
[  378.068897][   T29] audit: type=1326 audit(1720691524.902:28): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=9094 comm="syz.0.926" exe="/root/syz-executor" sig=31 arch=c000003e syscall=202 compat=0 ip=0x7f9c8a775bd9 code=0x0
[  378.132435][    T9] usb 2-1: new high-speed USB device number 27 using dummy_hcd
[  378.896863][ T5134] usb 5-1: new high-speed USB device number 24 using dummy_hcd
[  379.011240][ T1249] ieee802154 phy1 wpan1: encryption failed: -22
[  379.131915][ T5134] usb 5-1: config 0 interface 0 has no altsetting 0
[  379.149070][ T5134] usb 5-1: New USB device found, idVendor=046d, idProduct=0a0e, bcdDevice=94.75
[  379.204362][ T5134] usb 5-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  379.243241][ T9109] batadv0: entered promiscuous mode
[  379.271848][ T5134] usb 5-1: config 0 descriptor??
[  379.943175][ T5134] video4linux radio32: keene_cmd_set failed (-71)
[  380.064971][ T9108] batadv0: left promiscuous mode
[  380.107273][ T5134] radio-keene 5-1:0.0: V4L2 device registered as radio32
[  380.212458][ T5134] usb 5-1: USB disconnect, device number 24
[  380.626988][ T1148] usb 2-1: new high-speed USB device number 28 using dummy_hcd
[  381.150963][ T1148] usb 2-1: device descriptor read/all, error -71
[  381.374694][   T29] audit: type=1326 audit(1720691528.232:29): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=9147 comm="syz.0.939" exe="/root/syz-executor" sig=31 arch=c000003e syscall=39 compat=0 ip=0x7f9c8a76cc27 code=0x0
[  382.752165][ T9152] overlayfs: missing 'lowerdir'
[  383.121090][ T9162] Invalid ELF section name index: 0 || e_shstrndx (0) >= e_shnum (0)
[  383.861676][ T5135] usb 4-1: new high-speed USB device number 28 using dummy_hcd
[  384.356835][ T5135] usb 4-1: Using ep0 maxpacket: 32
[  384.371910][ T5135] usb 4-1: New USB device found, idVendor=13d3, idProduct=3311, bcdDevice=ea.d7
[  384.411849][ T5135] usb 4-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  384.450123][ T5135] usb 4-1: Product: syz
[  384.454472][ T5135] usb 4-1: Manufacturer: syz
[  384.460371][ T9175] IPVS: set_ctl: invalid protocol: 92 0.0.0.0:20000
[  384.495582][ T9175] Falling back ldisc for ptm0.
[  384.506510][ T5135] usb 4-1: SerialNumber: syz
[  384.540940][ T5135] usb 4-1: config 0 descriptor??
[  384.568711][ T5135] r8712u: register rtl8712_netdev_ops to netdev_ops
[  384.599814][ T5135] usb 4-1: r8712u: USB_SPEED_HIGH with 0 endpoints
[  384.731609][ T9188] overlayfs: missing 'lowerdir'
[  384.741839][ T9185] netlink: 8 bytes leftover after parsing attributes in process `syz.4.951'.
[  384.767603][ T9185] netlink: 8 bytes leftover after parsing attributes in process `syz.4.951'.
[  384.854625][ T9190] netlink: 8 bytes leftover after parsing attributes in process `syz.2.953'.
[  384.867133][ T9190] netlink: 8 bytes leftover after parsing attributes in process `syz.2.953'.
[  384.929097][ T5135] usb 4-1: r8712u: Boot from EFUSE: Autoload Failed
[  384.936098][ T5135] usb 4-1: r8712u: MAC Address from efuse = 00:e0:4c:87:00:00
[  384.943875][ T5135] usb 4-1: r8712u: Loading firmware from "rtlwifi/rtl8712u.bin"
[  384.955513][ T5135] usb 4-1: USB disconnect, device number 28
[  385.067465][   T25] usb 5-1: new high-speed USB device number 25 using dummy_hcd
[  385.196999][ T5131] usb 3-1: new high-speed USB device number 24 using dummy_hcd
[  385.252769][   T25] usb 5-1: Using ep0 maxpacket: 8
[  385.260486][   T25] usb 5-1: New USB device found, idVendor=0424, idProduct=7800, bcdDevice=e9.41
[  385.269826][   T25] usb 5-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  385.303943][   T25] usb 5-1: config 0 descriptor??
[  385.386676][ T5131] usb 3-1: Using ep0 maxpacket: 8
[  385.399534][ T5131] usb 3-1: New USB device found, idVendor=0424, idProduct=7800, bcdDevice=e9.41
[  385.413581][ T5131] usb 3-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  385.449523][ T5131] usb 3-1: config 0 descriptor??
[  385.606969][ T5135] usb 5-1: USB disconnect, device number 25
[  385.931806][ T9205] binder: 9198:9205 ioctl 4018620d 0 returned -22
[  386.810400][ T5134] usb 2-1: new high-speed USB device number 30 using dummy_hcd
[  386.853534][ T9208] netlink: 4 bytes leftover after parsing attributes in process `syz.4.957'.
[  386.908727][ T5131] usb 3-1: USB disconnect, device number 24
[  387.141846][ T5134] usb 2-1: New USB device found, idVendor=077b, idProduct=2226, bcdDevice=ca.8b
[  387.180204][ T5134] usb 2-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  387.204500][ T5134] usb 2-1: config 0 descriptor??
[  387.362785][ T5092] Bluetooth: hci3: Received unexpected HCI Event 0x00
[  388.466100][ T9220] syz.0.961: attempt to access beyond end of device
[  388.466100][ T9220] nbd0: rw=4096, sector=0, nr_sectors = 2 limit=0
[  388.496448][ T9220] XFS (nbd0): SB validate failed with error -5.
[  388.693356][ T5092] Bluetooth: hci3: Ignoring HCI_Connection_Complete for existing connection
[  388.697420][ T5092] Bluetooth: hci3: Received unexpected HCI Event 0x00
[  389.234942][ T9235] overlayfs: missing 'lowerdir'
[  389.307134][ T5134] asix 2-1:0.0 (unnamed net_device) (uninitialized): Failed to write reg index 0x0000: -71
[  389.319572][ T5134] asix 2-1:0.0 (unnamed net_device) (uninitialized): Failed to write RX_CTL mode to 0x0080: ffffffb9
[  389.331694][ T5134] asix 2-1:0.0: probe with driver asix failed with error -71
[  389.350528][ T5134] usb 2-1: USB disconnect, device number 30
[  389.406818][ T5092] Bluetooth: hci3: command tx timeout
[  389.674504][ T9248] netlink: 8 bytes leftover after parsing attributes in process `syz.1.968'.
[  389.706828][    T9] usb 4-1: new high-speed USB device number 29 using dummy_hcd
[  389.727542][ T9248] netlink: 8 bytes leftover after parsing attributes in process `syz.1.968'.
[  389.899799][    T9] usb 4-1: config 1 has an invalid descriptor of length 0, skipping remainder of the config
[  389.929933][    T9] usb 4-1: config 1 has 1 interface, different from the descriptor's value: 2
[  389.962814][    T9] usb 4-1: config 1 interface 0 altsetting 0 has 0 endpoint descriptors, different from the interface descriptor's value: 1
[  390.003413][    T9] usb 4-1: New USB device found, idVendor=0525, idProduct=a4a1, bcdDevice= 0.40
[  390.016249][    T9] usb 4-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  390.033540][    T9] usb 4-1: Product: syz
[  390.046890][   T25] usb 2-1: new high-speed USB device number 31 using dummy_hcd
[  390.052104][    T9] usb 4-1: Manufacturer: syz
[  390.067972][    T9] usb 4-1: SerialNumber: syz
[  390.087604][    T9] cdc_ncm 4-1:1.0: CDC Union missing and no IAD found
[  390.106289][    T9] cdc_ncm 4-1:1.0: bind() failure
[  390.260025][   T25] usb 2-1: Using ep0 maxpacket: 8
[  390.274059][   T25] usb 2-1: New USB device found, idVendor=0424, idProduct=7800, bcdDevice=e9.41
[  390.326106][   T25] usb 2-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  390.368854][   T25] usb 2-1: config 0 descriptor??
[  390.992020][ T9274] input: syz1 as /devices/virtual/input/input17
[  391.018244][ T9274] netlink: 'syz.0.976': attribute type 8 has an invalid length.
[  391.032556][    T9] usb 2-1: USB disconnect, device number 31
[  391.042801][   T29] audit: type=1326 audit(1720691537.882:30): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=9263 comm="syz.2.975" exe="/root/syz-executor" sig=9 arch=c000003e syscall=231 compat=0 ip=0x7f07b8375bd9 code=0x0
[  391.471370][ T9277] overlayfs: option "workdir=./bus" is useless in a non-upper mount, ignore
[  391.480572][ T9277] overlayfs: at least 2 lowerdir are needed while upperdir nonexistent
[  391.782063][ T9291] netlink: 12 bytes leftover after parsing attributes in process `syz.0.983'.
[  391.807000][ T5134] usb 3-1: new high-speed USB device number 25 using dummy_hcd
[  391.978040][ T9295] netlink: 2 bytes leftover after parsing attributes in process `syz.3.964'.
[  392.011568][ T5134] usb 3-1: New USB device found, idVendor=077b, idProduct=2226, bcdDevice=ca.8b
[  392.011609][ T5134] usb 3-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  392.015806][ T5134] usb 3-1: config 0 descriptor??
[  392.857832][   T29] audit: type=1326 audit(1720691539.722:31): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=9305 comm="syz.4.989" exe="/root/syz-executor" sig=9 arch=c000003e syscall=231 compat=0 ip=0x7f1bcd775bd9 code=0x0
[  393.120276][ T5134] asix 3-1:0.0 (unnamed net_device) (uninitialized): Failed to write reg index 0x0000: -71
[  393.135994][ T5134] asix 3-1:0.0 (unnamed net_device) (uninitialized): Failed to write RX_CTL mode to 0x0080: ffffffb9
[  393.147714][ T5134] asix 3-1:0.0: probe with driver asix failed with error -71
[  393.162243][ T5134] usb 3-1: USB disconnect, device number 25
[  393.192089][ T9309] netlink: 204 bytes leftover after parsing attributes in process `syz.0.990'.
[  393.880600][ T9313] input: syz1 as /devices/virtual/input/input18
[  393.908724][ T9295] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium
[  393.937997][ T5134] usb 4-1: USB disconnect, device number 29
[  393.958655][ T9315] overlayfs: option "workdir=./bus" is useless in a non-upper mount, ignore
[  393.970676][ T9313] netlink: 'syz.4.991': attribute type 8 has an invalid length.
[  393.986142][ T9315] overlayfs: at least 2 lowerdir are needed while upperdir nonexistent
[  394.164632][ T9321] netlink: 12 bytes leftover after parsing attributes in process `syz.3.995'.
[  395.496061][   T29] audit: type=1326 audit(1720691542.352:32): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=9337 comm="syz.0.1001" exe="/root/syz-executor" sig=9 arch=c000003e syscall=231 compat=0 ip=0x7f9c8a775bd9 code=0x0
[  395.516894][    C0] vkms_vblank_simulate: vblank timer overrun
[  395.947627][ T9361] netlink: 12 bytes leftover after parsing attributes in process `syz.0.1009'.
[  396.219385][ T5137] usb 2-1: new high-speed USB device number 32 using dummy_hcd
[  396.460624][ T5137] usb 2-1: New USB device found, idVendor=077b, idProduct=2226, bcdDevice=ca.8b
[  396.706715][ T5137] usb 2-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  396.755741][ T9378] netlink: 32 bytes leftover after parsing attributes in process `syz.4.1015'.
[  397.027845][ T5137] usb 2-1: config 0 descriptor??
[  398.549177][ T5137] asix 2-1:0.0 (unnamed net_device) (uninitialized): Failed to write reg index 0x0000: -71
[  398.571679][ T5137] asix 2-1:0.0 (unnamed net_device) (uninitialized): Failed to write RX_CTL mode to 0x0080: ffffffb9
[  398.599132][   T29] audit: type=1326 audit(1720691545.462:33): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=9392 comm="syz.0.1019" exe="/root/syz-executor" sig=9 arch=c000003e syscall=231 compat=0 ip=0x7f9c8a775bd9 code=0x0
[  398.604914][ T5137] asix 2-1:0.0: probe with driver asix failed with error -71
[  398.654005][ T5137] usb 2-1: USB disconnect, device number 32
[  398.895488][ T9401] netlink: 12 bytes leftover after parsing attributes in process `syz.4.1022'.
[  398.926831][ T5131] usb 3-1: new high-speed USB device number 26 using dummy_hcd
[  398.953538][ T9403] tipc: Started in network mode
[  398.960365][ T9403] tipc: Node identity 4, cluster identity 4711
[  398.966811][ T9403] tipc: Node number set to 4
[  399.136984][ T5131] usb 3-1: Using ep0 maxpacket: 32
[  399.156062][ T5131] usb 3-1: New USB device found, idVendor=13d3, idProduct=3311, bcdDevice=ea.d7
[  399.180141][ T5131] usb 3-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  399.189082][ T5131] usb 3-1: Product: syz
[  399.193451][ T5131] usb 3-1: Manufacturer: syz
[  399.200311][ T5131] usb 3-1: SerialNumber: syz
[  399.210408][ T5131] usb 3-1: config 0 descriptor??
[  399.225163][ T5131] r8712u: register rtl8712_netdev_ops to netdev_ops
[  399.388834][ T5131] usb 3-1: r8712u: USB_SPEED_HIGH with 0 endpoints
[  399.530146][ T9417] binder: 9412:9417 ioctl 4018620d 0 returned -22
[  399.933398][ T5131] usb 3-1: r8712u: Boot from EFUSE: Autoload Failed
[  399.986816][ T5131] usb 3-1: r8712u: MAC Address from efuse = 00:e0:4c:87:00:00
[  400.145548][ T5131] usb 3-1: r8712u: Loading firmware from "rtlwifi/rtl8712u.bin"
[  400.182858][ T9420] netlink: 8 bytes leftover after parsing attributes in process `syz.0.1029'.
[  400.192114][ T9420] netlink: 8 bytes leftover after parsing attributes in process `syz.0.1029'.
[  400.337211][    T8] usb 5-1: new high-speed USB device number 26 using dummy_hcd
[  400.410190][ T9414] ax25_connect(): syz.3.1027 uses autobind, please contact jreuter@yaina.de
[  400.520340][ T5137] usb 3-1: USB disconnect, device number 26
[  400.541409][    T8] usb 5-1: config 1 has an invalid descriptor of length 0, skipping remainder of the config
[  400.617889][ T5131] usb 1-1: new high-speed USB device number 27 using dummy_hcd
[  400.635423][    T8] usb 5-1: config 1 has 1 interface, different from the descriptor's value: 3
[  400.668374][    T8] usb 5-1: New USB device found, idVendor=08b7, idProduct=0000, bcdDevice= 0.00
[  400.679477][    T8] usb 5-1: New USB device strings: Mfr=0, Product=0, SerialNumber=3
[  400.696909][    T8] usb 5-1: SerialNumber: syz
[  400.816708][ T5131] usb 1-1: Using ep0 maxpacket: 8
[  400.826252][ T5131] usb 1-1: New USB device found, idVendor=0424, idProduct=7800, bcdDevice=e9.41
[  400.836103][ T5131] usb 1-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  400.860597][ T5131] usb 1-1: config 0 descriptor??
[  400.951937][    T8] usb 5-1: 0:2 : does not exist
[  400.974482][    T8] usb 5-1: unit 255 not found!
[  400.995604][    T8] usb 5-1: USB disconnect, device number 26
[  401.270244][    T8] usb 1-1: USB disconnect, device number 27
[  402.163070][ T9445] netlink: 12 bytes leftover after parsing attributes in process `syz.0.1035'.
[  402.403477][ T9451] netlink: 8 bytes leftover after parsing attributes in process `syz.2.1037'.
[  402.435784][ T9451] netlink: 8 bytes leftover after parsing attributes in process `syz.2.1037'.
[  402.492166][ T9456] netlink: 'syz.0.1040': attribute type 10 has an invalid length.
[  402.501546][ T9456] netlink: 40 bytes leftover after parsing attributes in process `syz.0.1040'.
[  402.511521][ T9456] bridge0: port 3(syz_tun) entered blocking state
[  402.520252][ T9456] bridge0: port 3(syz_tun) entered disabled state
[  402.549781][ T9456] syz_tun: entered allmulticast mode
[  402.570580][ T9456] syz_tun: entered promiscuous mode
[  402.576517][ T9456] bridge0: port 3(syz_tun) entered blocking state
[  402.583275][ T9456] bridge0: port 3(syz_tun) entered forwarding state
[  403.060291][ T9470] binder: 9462:9470 ioctl 4018620d 0 returned -22
[  403.096404][ T9468] nvme_fabrics: unknown parameter or missing value '' in ctrl creation request
[  403.152057][ T9476] input: syz1 as /devices/virtual/input/input19
[  403.258621][ T9476] netlink: 'syz.3.1046': attribute type 8 has an invalid length.
[  403.349083][ T9481] tipc: Started in network mode
[  403.359243][ T9481] tipc: Node identity 4, cluster identity 4711
[  403.365651][ T9481] tipc: Node number set to 4
[  403.407863][    T8] usb 1-1: new high-speed USB device number 28 using dummy_hcd
[  403.627361][    T8] usb 1-1: Using ep0 maxpacket: 8
[  403.655590][    T8] usb 1-1: config 1 interface 0 altsetting 194 endpoint 0x81 has invalid wMaxPacketSize 0
[  403.692183][    T8] usb 1-1: config 1 interface 0 has no altsetting 0
[  403.720143][    T8] usb 1-1: New USB device found, idVendor=04e7, idProduct=0050, bcdDevice= 0.40
[  403.720222][ T9487] netlink: 12 bytes leftover after parsing attributes in process `syz.1.1050'.
[  403.737631][    T8] usb 1-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  403.765660][    T8] usb 1-1: Product: à „
[  403.781246][    T8] usb 1-1: Manufacturer: Ї
[  403.794026][    T8] usb 1-1: SerialNumber: à �
[  404.126975][ T9495] netlink: 8 bytes leftover after parsing attributes in process `syz.3.1052'.
[  404.135953][ T9495] netlink: 8 bytes leftover after parsing attributes in process `syz.3.1052'.
[  404.376435][    T8] usbhid 1-1:1.0: can't add hid device: -71
[  405.048944][ T9504] netlink: 'syz.4.1055': attribute type 10 has an invalid length.
[  405.072008][ T9504] netlink: 40 bytes leftover after parsing attributes in process `syz.4.1055'.
[  405.256768][    T8] usbhid 1-1:1.0: probe with driver usbhid failed with error -71
[  405.277314][    T8] usb 1-1: USB disconnect, device number 28
[  405.317043][ T5135] usb 4-1: new high-speed USB device number 30 using dummy_hcd
[  405.526716][ T5135] usb 4-1: Using ep0 maxpacket: 8
[  405.535460][ T5135] usb 4-1: New USB device found, idVendor=0424, idProduct=7800, bcdDevice=e9.41
[  405.563919][ T5135] usb 4-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  405.918274][ T5135] usb 4-1: config 0 descriptor??
[  406.123174][ T9511] nvme_fabrics: unknown parameter or missing value '' in ctrl creation request
[  406.367980][   T25] usb 4-1: USB disconnect, device number 30
[  406.617584][   T29] audit: type=1326 audit(1720691553.442:34): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=9521 comm="syz.1.1060" exe="/root/syz-executor" sig=31 arch=c000003e syscall=202 compat=0 ip=0x7fe4be575bd9 code=0x0
[  406.638500][    C1] vkms_vblank_simulate: vblank timer overrun
[  406.701595][ T9523] binder: 9519:9523 ioctl 4018620d 0 returned -22
[  407.938290][ T9531] netlink: 12 bytes leftover after parsing attributes in process `syz.4.1063'.
[  408.065151][ T9531] sch_tbf: burst 0 is lower than device bridge2 mtu (1514) !
[  409.818747][ T9540] netlink: 'syz.2.1066': attribute type 10 has an invalid length.
[  409.852087][ T9540] netlink: 40 bytes leftover after parsing attributes in process `syz.2.1066'.
[  410.057800][ T9555] netlink: 8 bytes leftover after parsing attributes in process `syz.2.1069'.
[  410.066997][ T9555] netlink: 8 bytes leftover after parsing attributes in process `syz.2.1069'.
[  410.086922][ T9553] nbd4: detected capacity change from 0 to 8388607
[  410.116966][ T5134] usb 2-1: new high-speed USB device number 33 using dummy_hcd
[  410.163415][ T5092] block nbd4: Receive control failed (result -32)
[  410.165911][ T9553] block nbd4: shutting down sockets
[  410.195388][ T9561] netlink: 8 bytes leftover after parsing attributes in process `syz.0.1072'.
[  410.217134][ T9561] netlink: 8 bytes leftover after parsing attributes in process `syz.0.1072'.
[  410.356834][ T5130] usb 3-1: new high-speed USB device number 27 using dummy_hcd
[  410.416699][   T25] usb 4-1: new high-speed USB device number 31 using dummy_hcd
[  410.436912][ T5134] usb 2-1: Using ep0 maxpacket: 8
[  410.444167][ T5134] usb 2-1: config 0 has an invalid interface number: 5 but max is 0
[  410.452291][ T5134] usb 2-1: config 0 has no interface number 0
[  410.461732][ T5134] usb 2-1: New USB device found, idVendor=1498, idProduct=a090, bcdDevice=f0.ff
[  410.470902][ T5134] usb 2-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  410.479177][ T5134] usb 2-1: Product: syz
[  410.483795][ T5134] usb 2-1: Manufacturer: syz
[  410.489372][ T5134] usb 2-1: SerialNumber: syz
[  410.494130][ T9564] binder: 9562:9564 ioctl 4018620d 0 returned -22
[  410.505021][ T5134] usb 2-1: config 0 descriptor??
[  410.507302][ T5131] usb 1-1: new high-speed USB device number 29 using dummy_hcd
[  410.577040][ T5130] usb 3-1: Using ep0 maxpacket: 8
[  410.585243][ T5130] usb 3-1: New USB device found, idVendor=0424, idProduct=7800, bcdDevice=e9.41
[  410.594709][ T5130] usb 3-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  410.605611][ T5130] usb 3-1: config 0 descriptor??
[  410.636702][   T25] usb 4-1: Using ep0 maxpacket: 32
[  410.650475][   T25] usb 4-1: New USB device found, idVendor=13d3, idProduct=3311, bcdDevice=ea.d7
[  410.660010][   T25] usb 4-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  410.668223][   T25] usb 4-1: Product: syz
[  410.672746][   T25] usb 4-1: Manufacturer: syz
[  410.677497][   T25] usb 4-1: SerialNumber: syz
[  410.684271][   T25] usb 4-1: config 0 descriptor??
[  410.692302][   T25] r8712u: register rtl8712_netdev_ops to netdev_ops
[  410.699124][ T5131] usb 1-1: Using ep0 maxpacket: 8
[  410.704324][   T25] usb 4-1: r8712u: USB_SPEED_HIGH with 0 endpoints
[  410.724485][ T5131] usb 1-1: New USB device found, idVendor=0424, idProduct=7800, bcdDevice=e9.41
[  410.735425][ T5131] usb 1-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  410.745844][ T5131] usb 1-1: config 0 descriptor??
[  411.040438][ T5134] usb 1-1: USB disconnect, device number 29
[  411.132385][ T5131] usb 3-1: USB disconnect, device number 27
[  411.178348][   T25] usb 4-1: r8712u: Boot from EFUSE: Autoload Failed
[  411.194895][   T25] usb 4-1: r8712u: MAC Address from efuse = 00:e0:4c:87:00:00
[  411.219159][   T25] usb 4-1: r8712u: Loading firmware from "rtlwifi/rtl8712u.bin"
[  411.247885][   T25] usb 4-1: USB disconnect, device number 31
[  411.835399][ T5134] usb 2-1: USB disconnect, device number 33
[  412.047439][ T9580] netlink: 12 bytes leftover after parsing attributes in process `syz.1.1077'.
[  412.186400][ T9583] sch_tbf: burst 0 is lower than device bridge2 mtu (1514) !
[  412.224102][ T9590] netlink: 'syz.3.1079': attribute type 10 has an invalid length.
[  412.235378][ T9590] netlink: 40 bytes leftover after parsing attributes in process `syz.3.1079'.
[  412.248650][ T9590] bridge0: port 3(syz_tun) entered blocking state
[  412.255624][ T9590] bridge0: port 3(syz_tun) entered disabled state
[  412.278761][ T9590] syz_tun: entered allmulticast mode
[  412.307873][ T9590] syz_tun: entered promiscuous mode
[  412.320941][ T9590] bridge0: port 3(syz_tun) entered blocking state
[  412.327678][ T9590] bridge0: port 3(syz_tun) entered forwarding state
[  412.598347][ T9598] dlm: no locking on control device
[  413.159827][ T9600] vxcan0: tx drop: invalid da for name 0x0000000000000004
[  413.195925][ T9600] Bluetooth: MGMT ver 1.22
[  413.505102][ T9612] dvmrp0: entered allmulticast mode
[  414.087489][ T5134] usb 2-1: new high-speed USB device number 34 using dummy_hcd
[  414.288902][ T5134] usb 2-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7
[  414.306697][ T5134] usb 2-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0
[  414.330209][ T5134] usb 2-1: New USB device found, idVendor=256c, idProduct=006d, bcdDevice= 0.00
[  414.354436][ T5134] usb 2-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  414.368285][ T5134] usb 2-1: config 0 descriptor??
[  414.423742][ T9646] ip6gretap0: entered promiscuous mode
[  414.457796][ T9646] batadv_slave_0: entered promiscuous mode
[  414.506713][  T784] usb 5-1: new high-speed USB device number 27 using dummy_hcd
[  414.719149][  T784] usb 5-1: config 0 interface 0 has no altsetting 0
[  414.743585][  T784] usb 5-1: New USB device found, idVendor=046d, idProduct=0a0e, bcdDevice=94.75
[  414.760773][  T784] usb 5-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  414.778269][  T784] usb 5-1: config 0 descriptor??
[  414.792336][ T9658] netlink: 20 bytes leftover after parsing attributes in process `syz.0.1106'.
[  414.804196][ T9628] binder: 9626:9628 ioctl c0306201 20000580 returned -14
[  415.185823][ T9670] netlink: 16 bytes leftover after parsing attributes in process `syz.0.1112'.
[  415.403305][ T9639] kvm_intel: set kvm_intel.dump_invalid_vmcs=1 to dump internal KVM state.
[  415.418185][  T784] video4linux radio32: keene_cmd_set failed (-71)
[  415.444133][  T784] radio-keene 5-1:0.0: V4L2 device registered as radio32
[  415.473502][  T784] usb 5-1: USB disconnect, device number 27
[  415.580835][ T9681] netlink: 8 bytes leftover after parsing attributes in process `syz.0.1117'.
[  415.602017][ T9681] dummy0: entered promiscuous mode
[  415.660277][ T5134] uclogic 0003:256C:006D.0002: failed retrieving Huion firmware version: -71
[  415.677841][ T5134] uclogic 0003:256C:006D.0002: failed probing parameters: -71
[  415.685495][ T5134] uclogic 0003:256C:006D.0002: probe with driver uclogic failed with error -71
[  415.720637][ T5134] usb 2-1: USB disconnect, device number 34
[  416.422070][ T9709] pim6reg: entered allmulticast mode
[  417.826919][  T784] usb 4-1: new high-speed USB device number 32 using dummy_hcd
[  418.047142][  T784] usb 4-1: config 0 interface 0 has no altsetting 0
[  418.068174][  T784] usb 4-1: New USB device found, idVendor=046d, idProduct=0a0e, bcdDevice=94.75
[  418.084964][  T784] usb 4-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  418.129427][  T784] usb 4-1: config 0 descriptor??
[  418.924074][ T9731] kvm_intel: set kvm_intel.dump_invalid_vmcs=1 to dump internal KVM state.
[  419.031811][  T784] video4linux radio32: keene_cmd_set failed (-71)
[  419.070778][  T784] radio-keene 4-1:0.0: V4L2 device registered as radio32
[  419.109641][  T784] usb 4-1: USB disconnect, device number 32
[  419.177961][ T9768] netlink: 12 bytes leftover after parsing attributes in process `syz.0.1150'.
[  419.209052][ T9768] netlink: 'syz.0.1150': attribute type 6 has an invalid length.
[  419.437791][ T9768] netdevsim netdevsim0 netdevsim0: set [0, 0] type 1 family 0 port 8472 - 0
[  419.447493][ T9768] netdevsim netdevsim0 netdevsim1: set [0, 0] type 1 family 0 port 8472 - 0
[  419.456231][ T9768] netdevsim netdevsim0 netdevsim2: set [0, 0] type 1 family 0 port 8472 - 0
[  419.465028][ T9768] netdevsim netdevsim0 netdevsim3: set [0, 0] type 1 family 0 port 8472 - 0
[  419.535081][ T9768] vxlan0: entered promiscuous mode
[  419.815317][ T9778] netlink: 20 bytes leftover after parsing attributes in process `syz.4.1154'.
[  421.621734][ T9808] netlink: 4 bytes leftover after parsing attributes in process `syz.2.1164'.
[  422.117255][ T9815] netlink: 20 bytes leftover after parsing attributes in process `syz.4.1168'.
[  422.642719][ T9832] syz.2.1174: attempt to access beyond end of device
[  422.642719][ T9832] loop2: rw=0, sector=64, nr_sectors = 1 limit=0
[  422.695778][ T9832] syz.2.1174: attempt to access beyond end of device
[  422.695778][ T9832] loop2: rw=0, sector=256, nr_sectors = 1 limit=0
[  422.724058][ T9832] UDF-fs: error (device loop2): udf_read_tagged: read failed, block=256, location=256
[  422.765502][ T9832] syz.2.1174: attempt to access beyond end of device
[  422.765502][ T9832] loop2: rw=0, sector=512, nr_sectors = 1 limit=0
[  422.789981][ T9832] UDF-fs: error (device loop2): udf_read_tagged: read failed, block=512, location=512
[  422.843950][ T9832] UDF-fs: warning (device loop2): udf_load_vrs: No anchor found
[  422.901067][ T9832] UDF-fs: Scanning with blocksize 512 failed
[  422.937053][ T9832] syz.2.1174: attempt to access beyond end of device
[  422.937053][ T9832] loop2: rw=0, sector=64, nr_sectors = 2 limit=0
[  422.995305][ T9832] syz.2.1174: attempt to access beyond end of device
[  422.995305][ T9832] loop2: rw=0, sector=512, nr_sectors = 2 limit=0
[  423.083718][ T9832] UDF-fs: error (device loop2): udf_read_tagged: read failed, block=256, location=256
[  423.139113][ T9832] syz.2.1174: attempt to access beyond end of device
[  423.139113][ T9832] loop2: rw=0, sector=1024, nr_sectors = 2 limit=0
[  423.213936][ T9832] UDF-fs: error (device loop2): udf_read_tagged: read failed, block=512, location=512
[  423.244636][ T9832] UDF-fs: warning (device loop2): udf_load_vrs: No anchor found
[  423.252527][ T9832] UDF-fs: Scanning with blocksize 1024 failed
[  423.260583][ T9832] syz.2.1174: attempt to access beyond end of device
[  423.260583][ T9832] loop2: rw=0, sector=64, nr_sectors = 4 limit=0
[  423.296830][ T9832] syz.2.1174: attempt to access beyond end of device
[  423.296830][ T9832] loop2: rw=0, sector=1024, nr_sectors = 4 limit=0
[  423.329367][ T9832] UDF-fs: error (device loop2): udf_read_tagged: read failed, block=256, location=256
[  423.343478][ T9845] netlink: 8 bytes leftover after parsing attributes in process `syz.1.1180'.
[  423.376870][ T9832] syz.2.1174: attempt to access beyond end of device
[  423.376870][ T9832] loop2: rw=0, sector=2048, nr_sectors = 4 limit=0
[  423.409930][ T9832] UDF-fs: error (device loop2): udf_read_tagged: read failed, block=512, location=512
[  423.449805][ T9832] UDF-fs: warning (device loop2): udf_load_vrs: No anchor found
[  423.473236][ T9832] UDF-fs: Scanning with blocksize 2048 failed
[  423.493347][ T9832] syz.2.1174: attempt to access beyond end of device
[  423.493347][ T9832] loop2: rw=0, sector=64, nr_sectors = 8 limit=0
[  423.547079][ T9832] UDF-fs: error (device loop2): udf_read_tagged: read failed, block=256, location=256
[  423.583237][ T9832] UDF-fs: error (device loop2): udf_read_tagged: read failed, block=512, location=512
[  423.595292][ T9832] UDF-fs: warning (device loop2): udf_load_vrs: No anchor found
[  423.642271][ T9832] UDF-fs: Scanning with blocksize 4096 failed
[  423.665964][ T9832] UDF-fs: warning (device loop2): udf_fill_super: No partition found (1)
[  423.695957][ T9851] netlink: 12 bytes leftover after parsing attributes in process `syz.4.1179'.
[  423.753706][ T9851] netlink: 'syz.4.1179': attribute type 6 has an invalid length.
[  423.777752][ T9854] sctp: [Deprecated]: syz.1.1182 (pid 9854) Use of int in maxseg socket option.
[  423.777752][ T9854] Use struct sctp_assoc_value instead
[  423.814312][ T9856] loop4: detected capacity change from 0 to 7
[  423.840714][ T9856] Dev loop4: unable to read RDB block 7
[  423.872535][ T9851] netdevsim netdevsim4 netdevsim0: set [0, 0] type 1 family 0 port 8472 - 0
[  423.881386][ T9851] netdevsim netdevsim4 netdevsim1: set [0, 0] type 1 family 0 port 8472 - 0
[  423.890257][ T9851] netdevsim netdevsim4 netdevsim2: set [0, 0] type 1 family 0 port 8472 - 0
[  423.899035][ T9851] netdevsim netdevsim4 netdevsim3: set [0, 0] type 1 family 0 port 8472 - 0
[  423.905091][ T9856]  loop4: unable to read partition table
[  423.914159][ T9856] loop4: partition table beyond EOD, truncated
[  423.916087][ T9851] vxlan0: entered promiscuous mode
[  423.947817][ T9856] loop_reread_partitions: partition scan of loop4 (þ被xüŸÑø éÚ¬§½dƤ´à–ƒÝ¡¯¨�â·û
[  423.947817][ T9856] 
) failed (rc=-5)
[  424.300317][ T9866] bridge0: received packet on syz_tun with own address as source address (addr:aa:aa:aa:aa:aa:aa, vlan:0)
[  425.089662][ T1148] usb 1-1: new high-speed USB device number 30 using dummy_hcd
[  425.329215][ T1148] usb 1-1: config 0 interface 0 has no altsetting 0
[  425.336374][ T1148] usb 1-1: New USB device found, idVendor=046d, idProduct=0a0e, bcdDevice=94.75
[  425.359893][ T1148] usb 1-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  425.387393][ T1148] usb 1-1: config 0 descriptor??
[  425.484281][ T9884] UDF-fs: error (device loop1): udf_read_tagged: read failed, block=256, location=256
[  425.523584][ T9884] UDF-fs: error (device loop1): udf_read_tagged: read failed, block=512, location=512
[  425.544978][ T9884] UDF-fs: warning (device loop1): udf_load_vrs: No anchor found
[  425.575061][ T9884] UDF-fs: Scanning with blocksize 512 failed
[  425.610574][ T9884] UDF-fs: error (device loop1): udf_read_tagged: read failed, block=256, location=256
[  425.667393][ T9884] UDF-fs: error (device loop1): udf_read_tagged: read failed, block=512, location=512
[  425.712874][ T9884] UDF-fs: warning (device loop1): udf_load_vrs: No anchor found
[  425.735681][ T9884] UDF-fs: Scanning with blocksize 1024 failed
[  425.748060][ T9884] UDF-fs: error (device loop1): udf_read_tagged: read failed, block=256, location=256
[  425.767372][ T9884] UDF-fs: error (device loop1): udf_read_tagged: read failed, block=512, location=512
[  426.546839][ T1148] video4linux radio32: keene_cmd_main failed (-110)
[  426.553488][ T1148] radio-keene 1-1:0.0: V4L2 device registered as radio32
[  426.574427][ T9901] sctp: [Deprecated]: syz.3.1200 (pid 9901) Use of int in maxseg socket option.
[  426.574427][ T9901] Use struct sctp_assoc_value instead
[  426.616792][ T9884] UDF-fs: warning (device loop1): udf_load_vrs: No anchor found
[  426.624502][ T9884] UDF-fs: Scanning with blocksize 2048 failed
[  426.649111][ T9884] UDF-fs: error (device loop1): udf_read_tagged: read failed, block=256, location=256
[  426.672295][ T9884] UDF-fs: error (device loop1): udf_read_tagged: read failed, block=512, location=512
[  426.690647][ T9884] UDF-fs: warning (device loop1): udf_load_vrs: No anchor found
[  426.700143][ T9884] UDF-fs: Scanning with blocksize 4096 failed
[  426.706351][ T9884] UDF-fs: warning (device loop1): udf_fill_super: No partition found (1)
[  426.715227][ T9906] netlink: 4 bytes leftover after parsing attributes in process `syz.2.1201'.
[  426.781879][ T9906] UDF-fs: error (device loop2): udf_read_tagged: read failed, block=256, location=256
[  426.805163][ T9906] UDF-fs: error (device loop2): udf_read_tagged: read failed, block=512, location=512
[  426.815643][ T9906] UDF-fs: warning (device loop2): udf_load_vrs: No anchor found
[  426.824229][ T9906] UDF-fs: Scanning with blocksize 512 failed
[  426.833745][ T9906] UDF-fs: error (device loop2): udf_read_tagged: read failed, block=256, location=256
[  426.844695][ T9906] UDF-fs: error (device loop2): udf_read_tagged: read failed, block=512, location=512
[  426.861910][ T9906] UDF-fs: warning (device loop2): udf_load_vrs: No anchor found
[  426.880525][ T9906] UDF-fs: Scanning with blocksize 1024 failed
[  426.892150][ T9906] UDF-fs: error (device loop2): udf_read_tagged: read failed, block=256, location=256
[  426.912481][ T9906] UDF-fs: error (device loop2): udf_read_tagged: read failed, block=512, location=512
[  426.943729][ T9906] UDF-fs: warning (device loop2): udf_load_vrs: No anchor found
[  426.963736][ T9906] UDF-fs: Scanning with blocksize 2048 failed
[  426.974856][ T9906] UDF-fs: error (device loop2): udf_read_tagged: read failed, block=256, location=256
[  426.984967][ T9906] UDF-fs: error (device loop2): udf_read_tagged: read failed, block=512, location=512
[  427.004708][ T9914] kvm_intel: set kvm_intel.dump_invalid_vmcs=1 to dump internal KVM state.
[  427.017089][ T9906] UDF-fs: warning (device loop2): udf_load_vrs: No anchor found
[  427.025033][ T9906] UDF-fs: Scanning with blocksize 4096 failed
[  427.031574][ T9906] UDF-fs: warning (device loop2): udf_fill_super: No partition found (1)
[  428.648023][    T8] usb 1-1: USB disconnect, device number 30
[  429.047025][ T5134] usb 3-1: new high-speed USB device number 28 using dummy_hcd
[  429.147245][ T9945] netlink: 28 bytes leftover after parsing attributes in process `syz.4.1212'.
[  429.167979][ T9945] netlink: 28 bytes leftover after parsing attributes in process `syz.4.1212'.
[  429.287118][ T5134] usb 3-1: config 0 has an invalid interface number: 96 but max is 0
[  429.295263][ T5134] usb 3-1: config 0 has no interface number 0
[  429.319360][ T9953] sctp: [Deprecated]: syz.4.1214 (pid 9953) Use of int in maxseg socket option.
[  429.319360][ T9953] Use struct sctp_assoc_value instead
[  429.336765][ T5134] usb 3-1: too many endpoints for config 0 interface 96 altsetting 173: 169, using maximum allowed: 30
[  429.379604][ T5134] usb 3-1: config 0 interface 96 altsetting 173 has 0 endpoint descriptors, different from the interface descriptor's value: 169
[  429.424387][ T5134] usb 3-1: config 0 interface 96 has no altsetting 0
[  429.437623][ T5134] usb 3-1: New USB device found, idVendor=9710, idProduct=7730, bcdDevice=96.33
[  429.457504][ T5134] usb 3-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  429.482221][ T5134] usb 3-1: config 0 descriptor??
[  429.744820][ T5134] usb 3-1: string descriptor 0 read error: -32
[  429.772567][ T5134] usb 3-1: Cannot read MAC address
[  429.785845][ T5134] MOSCHIP usb-ethernet driver 3-1:0.96: probe with driver MOSCHIP usb-ethernet driver failed with error -71
[  429.834051][ T5134] usb 3-1: USB disconnect, device number 28
[  432.620259][ T9958] netlink: 28 bytes leftover after parsing attributes in process `syz.4.1216'.
[  432.646789][ T9958] netlink: 28 bytes leftover after parsing attributes in process `syz.4.1216'.
[  432.747063][ T9960] netlink: 28 bytes leftover after parsing attributes in process `syz.2.1217'.
[  432.756089][ T9960] netlink: 28 bytes leftover after parsing attributes in process `syz.2.1217'.
[  437.602902][T10033] netlink: 204 bytes leftover after parsing attributes in process `syz.1.1237'.
[  437.807844][ T5135] usb 1-1: new high-speed USB device number 31 using dummy_hcd
[  438.008525][ T5135] usb 1-1: Using ep0 maxpacket: 32
[  438.018584][ T5135] usb 1-1: config 0 interface 0 altsetting 0 bulk endpoint 0x85 has invalid maxpacket 32
[  438.046425][T10026] Bluetooth: hci0: Opcode 0x0c20 failed: -4
[  438.129750][ T5135] usb 1-1: New USB device found, idVendor=0499, idProduct=1010, bcdDevice= 5.f5
[  438.169208][ T5135] usb 1-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  438.284476][ T5135] usb 1-1: Product: syz
[  438.338720][ T5135] usb 1-1: Manufacturer: syz
[  438.400927][ T5135] usb 1-1: SerialNumber: syz
[  438.486541][ T5135] usb 1-1: config 0 descriptor??
[  438.555923][T10032] raw-gadget.0 gadget.0: fail, usb_ep_enable returned -22
[  438.622520][ T5135] snd-usb-audio 1-1:0.0: probe with driver snd-usb-audio failed with error -2
[  438.698876][T10044] input: syz1 as /devices/virtual/input/input22
[  438.918633][T10044] netlink: 'syz.4.1240': attribute type 8 has an invalid length.
[  440.950198][ T1249] ieee802154 phy1 wpan1: encryption failed: -22
[  442.271725][ T5131] usb 1-1: USB disconnect, device number 31
[  442.306734][   T25] usb 5-1: new high-speed USB device number 28 using dummy_hcd
[  442.504108][   T25] usb 5-1: config 1 has an invalid descriptor of length 0, skipping remainder of the config
[  442.536205][   T25] usb 5-1: config 1 has 1 interface, different from the descriptor's value: 3
[  442.577051][   T25] usb 5-1: New USB device found, idVendor=08b7, idProduct=0000, bcdDevice= 0.00
[  442.599122][   T25] usb 5-1: New USB device strings: Mfr=0, Product=0, SerialNumber=3
[  442.611385][   T25] usb 5-1: SerialNumber: syz
[  442.833543][   T25] usb 5-1: 0:2 : does not exist
[  442.859249][   T25] usb 5-1: unit 255 not found!
[  442.883987][   T25] usb 5-1: USB disconnect, device number 28
[  443.529810][T10082] Bluetooth: hci0: Opcode 0x0c20 failed: -4
[  443.697018][ T2867] Bluetooth: hci5: Frame reassembly failed (-84)
[  443.836823][   T25] usb 5-1: new high-speed USB device number 29 using dummy_hcd
[  444.111013][   T25] usb 5-1: New USB device found, idVendor=077b, idProduct=2226, bcdDevice=ca.8b
[  444.143408][   T25] usb 5-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  444.967299][   T25] usb 5-1: config 0 descriptor??
[  445.009041][T10086] Bluetooth: hci5: received HCILL_GO_TO_SLEEP_ACK in state 2
[  445.726791][ T5092] Bluetooth: hci5: Opcode 0x1003 failed: -110
[  445.726834][   T53] Bluetooth: hci5: command 0x1003 tx timeout
[  446.392288][   T25] asix 5-1:0.0 (unnamed net_device) (uninitialized): Failed to write reg index 0x0000: -71
[  446.473110][   T25] asix 5-1:0.0 (unnamed net_device) (uninitialized): Failed to write RX_CTL mode to 0x0080: ffffffb9
[  446.527716][   T25] asix 5-1:0.0: probe with driver asix failed with error -71
[  446.540305][   T25] usb 5-1: USB disconnect, device number 29
[  446.655727][T10120] netlink: 12 bytes leftover after parsing attributes in process `syz.0.1261'.
[  446.707486][T10120] sch_tbf: burst 0 is lower than device bridge3 mtu (1514) !
[  447.717618][T10107] Bluetooth: hci1: command 0x0406 tx timeout
[  447.766749][T10127] Bluetooth: hci0: Opcode 0x0c20 failed: -4
[  449.479923][ T1148] usb 1-1: new high-speed USB device number 32 using dummy_hcd
[  449.756904][ T1148] usb 1-1: Using ep0 maxpacket: 8
[  449.802131][ T1148] usb 1-1: config 1 interface 0 altsetting 194 endpoint 0x81 has invalid wMaxPacketSize 0
[  449.842476][ T1148] usb 1-1: config 1 interface 0 has no altsetting 0
[  449.866164][T10154] netlink: 12 bytes leftover after parsing attributes in process `syz.4.1272'.
[  449.875455][ T1148] usb 1-1: New USB device found, idVendor=04e7, idProduct=0050, bcdDevice= 0.40
[  449.927123][ T1148] usb 1-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  449.957148][ T1148] usb 1-1: Product: à „
[  449.980774][ T1148] usb 1-1: Manufacturer: Ї
[  449.985353][ T1148] usb 1-1: SerialNumber: à �
[  450.095484][T10161] netlink: 12 bytes leftover after parsing attributes in process `syz.2.1274'.
[  450.146934][T10161] sch_tbf: burst 0 is lower than device bridge3 mtu (1514) !
[  450.335116][T10169] netlink: 8 bytes leftover after parsing attributes in process `syz.2.1278'.
[  450.365926][T10169] netlink: 8 bytes leftover after parsing attributes in process `syz.2.1278'.
[  450.793497][ T1148] usbhid 1-1:1.0: can't add hid device: -71
[  450.929156][ T1148] usbhid 1-1:1.0: probe with driver usbhid failed with error -71
[  451.085277][ T1148] usb 1-1: USB disconnect, device number 32
[  451.446745][ T5131] usb 3-1: new high-speed USB device number 29 using dummy_hcd
[  451.656819][ T5131] usb 3-1: Using ep0 maxpacket: 8
[  451.681380][ T5131] usb 3-1: New USB device found, idVendor=0424, idProduct=7800, bcdDevice=e9.41
[  451.731500][ T5131] usb 3-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  451.858593][ T5131] usb 3-1: config 0 descriptor??
[  452.333281][T10183] Bluetooth: hci0: Opcode 0x0c20 failed: -4
[  452.441614][   T25] usb 3-1: USB disconnect, device number 29
[  454.081201][T10211] netlink: 8 bytes leftover after parsing attributes in process `syz.1.1288'.
[  454.088714][T10213] netlink: 12 bytes leftover after parsing attributes in process `syz.2.1289'.
[  454.105345][T10211] netlink: 8 bytes leftover after parsing attributes in process `syz.1.1288'.
[  454.408143][  T784] usb 2-1: new high-speed USB device number 35 using dummy_hcd
[  455.386964][  T784] usb 2-1: Using ep0 maxpacket: 8
[  455.398734][  T784] usb 2-1: New USB device found, idVendor=0424, idProduct=7800, bcdDevice=e9.41
[  455.412018][  T784] usb 2-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  455.717375][ T1148] usb 3-1: new high-speed USB device number 30 using dummy_hcd
[  455.864074][  T784] usb 2-1: config 0 descriptor??
[  455.917426][ T1148] usb 3-1: Using ep0 maxpacket: 8
[  455.929710][ T1148] usb 3-1: New USB device found, idVendor=0424, idProduct=7800, bcdDevice=e9.41
[  455.940387][ T1148] usb 3-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  455.955115][ T1148] usb 3-1: config 0 descriptor??
[  456.120751][  T784] usb 2-1: USB disconnect, device number 35
[  456.183775][T10223] Bluetooth: hci0: Opcode 0x0c20 failed: -4
[  456.264947][   T25] usb 3-1: USB disconnect, device number 30
[  457.517938][T10253] netlink: 12 bytes leftover after parsing attributes in process `syz.2.1301'.
[  464.547399][T10286] nbd4: detected capacity change from 0 to 8388607
[  465.037049][T10274] Bluetooth: hci0: Opcode 0x0c20 failed: -4
[  465.110324][T10286] block nbd4: shutting down sockets
[  465.171307][T10288] netlink: 'syz.3.1310': attribute type 12 has an invalid length.
[  465.179267][T10288] netlink: 'syz.3.1310': attribute type 11 has an invalid length.
[  465.188656][T10288] netlink: 190580 bytes leftover after parsing attributes in process `syz.3.1310'.
[  466.836920][ T5083] Bluetooth: hci3: command 0x0406 tx timeout
[  467.396755][    T8] usb 3-1: new high-speed USB device number 31 using dummy_hcd
[  467.497205][T10316] netlink: 12 bytes leftover after parsing attributes in process `syz.0.1318'.
[  467.596863][    T8] usb 3-1: Using ep0 maxpacket: 8
[  467.680209][    T8] usb 3-1: New USB device found, idVendor=0424, idProduct=7800, bcdDevice=e9.41
[  467.718546][    T8] usb 3-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  467.765617][    T8] usb 3-1: config 0 descriptor??
[  469.076679][ T5083] Bluetooth: hci2: command 0x0405 tx timeout
[  469.108457][ T5134] usb 3-1: USB disconnect, device number 31
[  469.272404][ T1148] usb 2-1: new high-speed USB device number 36 using dummy_hcd
[  469.637969][ T1148] usb 2-1: Using ep0 maxpacket: 8
[  469.650749][ T1148] usb 2-1: config 0 has an invalid interface number: 5 but max is 0
[  469.665173][ T1148] usb 2-1: config 0 has no interface number 0
[  469.675762][ T1148] usb 2-1: New USB device found, idVendor=1498, idProduct=a090, bcdDevice=f0.ff
[  469.688986][ T1148] usb 2-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  469.716316][ T1148] usb 2-1: Product: syz
[  469.739235][ T1148] usb 2-1: Manufacturer: syz
[  469.744135][ T1148] usb 2-1: SerialNumber: syz
[  469.761789][ T1148] usb 2-1: config 0 descriptor??
[  470.026692][T10340] nbd0: detected capacity change from 0 to 8388607
[  470.678779][ T5083] block nbd0: Receive control failed (result -32)
[  470.816058][T10340] block nbd0: shutting down sockets
[  471.136196][ T1148] usb 2-1: USB disconnect, device number 36
[  471.164113][T10359] netlink: 12 bytes leftover after parsing attributes in process `syz.0.1330'.
[  472.517181][T10394] nbd3: detected capacity change from 0 to 8388607
[  473.393227][T10394] block nbd3: shutting down sockets
[  473.753879][T10407] nvme_fabrics: unknown parameter or missing value '' in ctrl creation request
[  476.327426][T10448] nbd2: detected capacity change from 0 to 8388607
[  476.717681][ T5083] block nbd2: Receive control failed (result -104)
[  479.277919][T10477] nvme_fabrics: unknown parameter or missing value '' in ctrl creation request
[  480.366785][    T8] usb 5-1: new high-speed USB device number 30 using dummy_hcd
[  480.446954][ T5083] Bluetooth: hci2: command 0x0405 tx timeout
[  480.566792][    T8] usb 5-1: Using ep0 maxpacket: 32
[  480.586258][    T8] usb 5-1: New USB device found, idVendor=13d3, idProduct=3311, bcdDevice=ea.d7
[  480.700299][    T8] usb 5-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  480.713515][    T8] usb 5-1: Product: syz
[  480.718838][    T8] usb 5-1: Manufacturer: syz
[  480.723644][    T8] usb 5-1: SerialNumber: syz
[  480.731591][    T8] usb 5-1: config 0 descriptor??
[  480.739544][    T8] r8712u: register rtl8712_netdev_ops to netdev_ops
[  480.749892][    T8] usb 5-1: r8712u: USB_SPEED_HIGH with 0 endpoints
[  481.806920][    T8] usb 5-1: r8712u: Boot from EFUSE: Autoload Failed
[  481.813551][    T8] usb 5-1: r8712u: MAC Address from efuse = 00:e0:4c:87:00:00
[  481.837361][    T8] usb 5-1: r8712u: Loading firmware from "rtlwifi/rtl8712u.bin"
[  483.358768][T10522] nvme_fabrics: unknown parameter or missing value '' in ctrl creation request
[  483.651033][ T5137] usb 5-1: USB disconnect, device number 30
[  485.926696][   T25] usb 2-1: new high-speed USB device number 37 using dummy_hcd
[  486.286716][   T25] usb 2-1: Using ep0 maxpacket: 32
[  486.301054][   T25] usb 2-1: config 0 interface 0 altsetting 0 bulk endpoint 0x85 has invalid maxpacket 32
[  486.429567][   T25] usb 2-1: New USB device found, idVendor=0499, idProduct=1010, bcdDevice= 5.f5
[  486.522693][   T25] usb 2-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  486.820487][   T25] usb 2-1: Product: syz
[  486.909568][   T25] usb 2-1: Manufacturer: syz
[  486.914317][   T25] usb 2-1: SerialNumber: syz
[  487.152994][   T25] usb 2-1: config 0 descriptor??
[  487.177348][T10556] raw-gadget.0 gadget.1: fail, usb_ep_enable returned -22
[  487.400126][   T25] snd-usb-audio 2-1:0.0: probe with driver snd-usb-audio failed with error -2
[  487.414082][T10571] nvme_fabrics: unknown parameter or missing value '' in ctrl creation request
[  487.445786][T10107] Bluetooth: hci5: unexpected cc 0x0c03 length: 249 > 1
[  487.456488][T10107] Bluetooth: hci5: unexpected cc 0x1003 length: 249 > 9
[  487.489410][T10107] Bluetooth: hci5: unexpected cc 0x1001 length: 249 > 9
[  487.502009][T10107] Bluetooth: hci5: unexpected cc 0x0c23 length: 249 > 4
[  487.519210][T10107] Bluetooth: hci5: unexpected cc 0x0c25 length: 249 > 3
[  487.526834][T10107] Bluetooth: hci5: unexpected cc 0x0c38 length: 249 > 2
[  488.475744][T10572] chnl_net:caif_netlink_parms(): no params data found
[  488.673806][T10572] bridge0: port 1(bridge_slave_0) entered blocking state
[  488.684208][T10572] bridge0: port 1(bridge_slave_0) entered disabled state
[  488.760625][ T5130] usb 2-1: USB disconnect, device number 37
[  488.787098][T10572] bridge_slave_0: entered allmulticast mode
[  488.814050][T10572] bridge_slave_0: entered promiscuous mode
[  488.832038][T10572] bridge0: port 2(bridge_slave_1) entered blocking state
[  488.872622][T10572] bridge0: port 2(bridge_slave_1) entered disabled state
[  488.903479][T10572] bridge_slave_1: entered allmulticast mode
[  488.924215][T10572] bridge_slave_1: entered promiscuous mode
[  489.025789][T10572] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link
[  489.052153][T10572] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link
[  489.147109][    T8] usb 4-1: new high-speed USB device number 33 using dummy_hcd
[  489.164740][T10572] team0: Port device team_slave_0 added
[  489.187655][T10572] team0: Port device team_slave_1 added
[  489.356684][    T8] usb 4-1: Using ep0 maxpacket: 32
[  489.540930][T10572] batman_adv: batadv0: Adding interface: batadv_slave_0
[  489.551538][    T8] usb 4-1: New USB device found, idVendor=13d3, idProduct=3311, bcdDevice=ea.d7
[  489.573495][    T8] usb 4-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  489.581815][T10572] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[  489.589208][    T8] usb 4-1: Product: syz
[  489.607724][    C1] vkms_vblank_simulate: vblank timer overrun
[  489.624220][    T8] usb 4-1: Manufacturer: syz
[  489.637751][T10107] Bluetooth: hci5: command tx timeout
[  489.658154][    T8] usb 4-1: SerialNumber: syz
[  489.667489][T10572] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active
[  489.679630][    T8] usb 4-1: config 0 descriptor??
[  489.688421][T10572] batman_adv: batadv0: Adding interface: batadv_slave_1
[  489.695904][T10572] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[  489.912894][T10572] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active
[  489.916263][    T8] r8712u: register rtl8712_netdev_ops to netdev_ops
[  490.736794][    T8] usb 4-1: r8712u: USB_SPEED_HIGH with 0 endpoints
[  491.105564][T10625] nvme_fabrics: unknown parameter or missing value '' in ctrl creation request
[  491.311998][    T8] usb 4-1: r8712u: Boot from EFUSE: Autoload Failed
[  491.322229][    T8] usb 4-1: r8712u: MAC Address from efuse = 00:e0:4c:87:00:00
[  491.337317][    T8] usb 4-1: r8712u: Loading firmware from "rtlwifi/rtl8712u.bin"
[  491.480105][  T784] usb 4-1: USB disconnect, device number 33
[  491.562110][T10572] hsr_slave_0: entered promiscuous mode
[  491.592631][T10572] hsr_slave_1: entered promiscuous mode
[  491.609955][T10572] debugfs: Directory 'hsr0' with parent 'hsr' already present!
[  491.632702][T10572] Cannot create hsr debugfs directory
[  491.706213][T10631] netlink: 12 bytes leftover after parsing attributes in process `syz.0.1400'.
[  491.717024][T10107] Bluetooth: hci5: command tx timeout
[  491.791526][T10630] netlink: 204 bytes leftover after parsing attributes in process `syz.4.1401'.
[  491.818028][T10630] tipc: Resetting bearer <eth:team0>
[  492.674650][T10630] bridge0: port 4(team0) entered disabled state
[  493.797152][T10107] Bluetooth: hci5: command tx timeout
[  494.701281][T10107] Bluetooth: hci2: Ignoring HCI_Connection_Complete for existing connection
[  494.712648][T10107] Bluetooth: hci2: Received unexpected HCI Event 0x00
[  494.967609][T10572] netdevsim netdevsim2 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  495.486752][T10572] netdevsim netdevsim2 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  495.519405][T10672] netlink: 12 bytes leftover after parsing attributes in process `syz.4.1412'.
[  495.738666][T10677] nvme_fabrics: unknown parameter or missing value '' in ctrl creation request
[  495.759280][T10572] netdevsim netdevsim2 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  495.947243][T10107] Bluetooth: hci5: command tx timeout
[  496.658486][T10572] netdevsim netdevsim2 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  496.892037][T10692] input: syz1 as /devices/virtual/input/input23
[  497.012703][T10681] nvme_fabrics: unknown parameter or missing value '' in ctrl creation request
[  497.832940][T10692] netlink: 'syz.4.1415': attribute type 8 has an invalid length.
[  498.062827][T10572] netdevsim netdevsim2 netdevsim0: renamed from eth0
[  498.204630][T10693] Bluetooth: hci0: Opcode 0x0c20 failed: -4
[  498.237822][T10704] netlink: 204 bytes leftover after parsing attributes in process `syz.1.1419'.
[  498.414243][T10107] Bluetooth: hci3: Ignoring HCI_Connection_Complete for existing connection
[  498.424308][T10107] Bluetooth: hci3: Received unexpected HCI Event 0x00
[  499.171559][T10572] netdevsim netdevsim2 netdevsim1: renamed from eth1
[  499.243814][T10572] netdevsim netdevsim2 netdevsim2: renamed from eth2
[  499.299762][T10572] netdevsim netdevsim2 netdevsim3: renamed from eth3
[  499.853076][T10572] 8021q: adding VLAN 0 to HW filter on device bond0
[  499.973008][T10572] 8021q: adding VLAN 0 to HW filter on device team0
[  499.998159][T10730] nvme_fabrics: unknown parameter or missing value '' in ctrl creation request
[  500.047233][   T25] bridge0: port 1(bridge_slave_0) entered blocking state
[  500.054859][   T25] bridge0: port 1(bridge_slave_0) entered forwarding state
[  500.674210][   T25] bridge0: port 2(bridge_slave_1) entered blocking state
[  500.681492][   T25] bridge0: port 2(bridge_slave_1) entered forwarding state
[  502.285645][ T1249] ieee802154 phy1 wpan1: encryption failed: -22
[  502.307513][ T5083] Bluetooth: hci3: Ignoring HCI_Connection_Complete for existing connection
[  502.733780][T10741] nvme_fabrics: unknown parameter or missing value '' in ctrl creation request
[  502.757841][T10752] netlink: 204 bytes leftover after parsing attributes in process `syz.1.1429'.
[  503.255374][T10107] Bluetooth: hci3: Ignoring HCI_Connection_Complete for existing connection
[  503.268251][T10107] Bluetooth: hci3: Received unexpected HCI Event 0x00
[  504.007074][T10765] netlink: 204 bytes leftover after parsing attributes in process `syz.3.1433'.
[  505.408640][T10572] 8021q: adding VLAN 0 to HW filter on device batadv0
[  506.284925][T10572] veth0_vlan: entered promiscuous mode
[  507.978339][   T98] block nbd2: Possible stuck request ffff888020600000: control (read@0,4096B). Runtime 30 seconds
[  507.982194][T10572] veth1_vlan: entered promiscuous mode
[  508.251019][T10794] input: syz1 as /devices/virtual/input/input24
[  508.367503][T10572] veth0_macvtap: entered promiscuous mode
[  508.401770][T10572] veth1_macvtap: entered promiscuous mode
[  508.466257][T10794] netlink: 'syz.3.1437': attribute type 8 has an invalid length.
[  508.496202][T10572] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0
[  508.517329][T10572] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  508.543594][T10572] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0
[  508.734474][T10572] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  508.777256][T10572] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0
[  509.540176][ T5083] Bluetooth: hci2: Ignoring HCI_Connection_Complete for existing connection
[  509.609250][T10572] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  509.656806][T10572] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0
[  509.702551][T10572] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  509.736752][T10572] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0
[  509.776706][T10572] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  509.847746][T10572] batman_adv: batadv0: Interface activated: batadv_slave_0
[  509.901758][T10572] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1
[  509.946718][T10572] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  509.963980][T10572] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1
[  509.974619][T10572] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  509.992486][T10572] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1
[  510.005592][T10572] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  510.022808][T10572] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1
[  510.054636][T10572] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  510.083825][T10572] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1
[  510.100596][T10572] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  510.142823][T10572] batman_adv: batadv0: Interface activated: batadv_slave_1
[  510.172424][T10572] netdevsim netdevsim2 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0
[  510.197158][  T784] usb 1-1: new high-speed USB device number 33 using dummy_hcd
[  510.225567][T10572] netdevsim netdevsim2 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0
[  510.261113][T10572] netdevsim netdevsim2 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0
[  510.282443][T10572] netdevsim netdevsim2 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0
[  510.538995][ T5083] Bluetooth: hci3: Ignoring HCI_Connection_Complete for existing connection
[  510.551575][ T5083] Bluetooth: hci3: Received unexpected HCI Event 0x00
[  510.928164][T10818] nvme_fabrics: unknown parameter or missing value '' in ctrl creation request
[  511.058548][  T942] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[  511.099109][  T942] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50
[  511.136701][  T784] usb 1-1: Using ep0 maxpacket: 8
[  511.144262][  T784] usb 1-1: New USB device found, idVendor=0424, idProduct=7800, bcdDevice=e9.41
[  511.154693][  T784] usb 1-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  511.168400][  T784] usb 1-1: config 0 descriptor??
[  511.237671][ T2465] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[  511.286743][ T2465] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50
[  513.386731][    T8] usb 3-1: new high-speed USB device number 32 using dummy_hcd
[  513.666461][    T8] usb 3-1: New USB device found, idVendor=077b, idProduct=2226, bcdDevice=ca.8b
[  513.886764][    T8] usb 3-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  513.944211][    T8] usb 3-1: config 0 descriptor??
[  514.177106][T10846] netlink: 204 bytes leftover after parsing attributes in process `syz.3.1451'.
[  514.357560][   T25] usb 1-1: USB disconnect, device number 33
[  514.999721][    T8] asix 3-1:0.0 (unnamed net_device) (uninitialized): Failed to write reg index 0x0000: -71
[  515.793689][    T8] asix 3-1:0.0 (unnamed net_device) (uninitialized): Failed to write RX_CTL mode to 0x0080: ffffffb9
[  515.825717][    T8] asix 3-1:0.0: probe with driver asix failed with error -71
[  515.896702][    T8] usb 3-1: USB disconnect, device number 32
[  516.646770][ T1148] usb 2-1: new high-speed USB device number 38 using dummy_hcd
[  517.188795][ T1148] usb 2-1: New USB device found, idVendor=077b, idProduct=2226, bcdDevice=ca.8b
[  517.203884][   T29] audit: type=1326 audit(1720691664.062:35): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=10871 comm="syz.4.1460" exe="/root/syz-executor" sig=9 arch=c000003e syscall=231 compat=0 ip=0x7f1bcd775bd9 code=0x0
[  517.213855][ T1148] usb 2-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  517.245779][ T1148] usb 2-1: config 0 descriptor??
[  520.715411][T10107] Bluetooth: hci2: Ignoring HCI_Connection_Complete for existing connection
[  520.724553][T10107] Bluetooth: hci2: Received unexpected HCI Event 0x00
[  520.731580][ T5083] Bluetooth: hci5: command tx timeout
[  520.795213][ T1148] asix 2-1:0.0 (unnamed net_device) (uninitialized): Failed to write reg index 0x0000: -71
[  520.836779][ T1148] asix 2-1:0.0 (unnamed net_device) (uninitialized): Failed to write RX_CTL mode to 0x0080: ffffffb9
[  520.860178][ T1148] asix 2-1:0.0: probe with driver asix failed with error -71
[  520.909518][ T1148] usb 2-1: USB disconnect, device number 38
[  521.029011][T10912] netlink: 12 bytes leftover after parsing attributes in process `syz.4.1469'.
[  521.064899][T10912] netlink: 8 bytes leftover after parsing attributes in process `syz.4.1469'.
[  521.136272][T10912] netlink: 8 bytes leftover after parsing attributes in process `syz.4.1469'.
[  521.446715][ T5130] usb 5-1: new high-speed USB device number 31 using dummy_hcd
[  521.637258][ T5130] usb 5-1: Using ep0 maxpacket: 8
[  521.656451][ T5130] usb 5-1: New USB device found, idVendor=0424, idProduct=7800, bcdDevice=e9.41
[  521.676620][ T5130] usb 5-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  521.676852][T10924] nbd1: detected capacity change from 0 to 8388607
[  521.698544][ T5130] usb 5-1: config 0 descriptor??
[  522.215546][    T8] usb 5-1: USB disconnect, device number 31
[  522.406393][ T5092] block nbd1: Receive control failed (result -104)
[  523.331026][   T29] audit: type=1326 audit(1720691670.192:36): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=10928 comm="syz.0.1474" exe="/root/syz-executor" sig=9 arch=c000003e syscall=231 compat=0 ip=0x7f9c8a775bd9 code=0x0
[  523.416639][ T5135] usb 4-1: new high-speed USB device number 34 using dummy_hcd
[  523.836684][ T5135] usb 4-1: Using ep0 maxpacket: 8
[  523.844170][ T5135] usb 4-1: config 0 has an invalid interface number: 5 but max is 0
[  523.854821][ T5135] usb 4-1: config 0 has no interface number 0
[  523.870133][ T5135] usb 4-1: New USB device found, idVendor=1498, idProduct=a090, bcdDevice=f0.ff
[  523.897293][ T5135] usb 4-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  523.953851][ T5135] usb 4-1: Product: syz
[  523.966185][ T5135] usb 4-1: Manufacturer: syz
[  523.978999][ T5135] usb 4-1: SerialNumber: syz
[  524.035464][ T5092] Bluetooth: hci2: Ignoring HCI_Connection_Complete for existing connection
[  524.172183][ T5135] usb 4-1: config 0 descriptor??
[  525.767462][ T5130] usb 4-1: USB disconnect, device number 34
[  525.856844][T10950] netlink: 'syz.4.1480': attribute type 8 has an invalid length.
[  526.312117][ T5092] Bluetooth: hci5: Ignoring HCI_Connection_Complete for existing connection
[  526.325568][ T5092] Bluetooth: hci5: Received unexpected HCI Event 0x00
[  526.938641][T10960] netlink: 'syz.3.1482': attribute type 8 has an invalid length.
[  527.235020][T10965] netlink: 'syz.2.1484': attribute type 12 has an invalid length.
[  527.244836][T10965] netlink: 'syz.2.1484': attribute type 11 has an invalid length.
[  527.252787][T10965] netlink: 190580 bytes leftover after parsing attributes in process `syz.2.1484'.
[  527.810174][ T5135] usb 1-1: new high-speed USB device number 34 using dummy_hcd
[  528.767304][ T5135] usb 1-1: New USB device found, idVendor=077b, idProduct=2226, bcdDevice=ca.8b
[  528.983274][ T5092] Bluetooth: hci3: Ignoring HCI_Connection_Complete for existing connection
[  529.651381][ T5135] usb 1-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  529.707348][ T5135] usb 1-1: config 0 descriptor??
[  529.736289][   T29] audit: type=1326 audit(1720691676.592:37): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=10972 comm="syz.4.1486" exe="/root/syz-executor" sig=9 arch=c000003e syscall=231 compat=0 ip=0x7f1bcd775bd9 code=0x0
[  531.384610][   T29] audit: type=1326 audit(1720691678.242:38): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=11001 comm="syz.3.1492" exe="/root/syz-executor" sig=9 arch=c000003e syscall=231 compat=0 ip=0x7feb1a975bd9 code=0x0
[  531.549249][ T5135] asix 1-1:0.0 (unnamed net_device) (uninitialized): Failed to write reg index 0x0000: -71
[  531.574257][ T5135] asix 1-1:0.0 (unnamed net_device) (uninitialized): Failed to write RX_CTL mode to 0x0080: ffffffb9
[  531.615146][ T5135] asix 1-1:0.0: probe with driver asix failed with error -71
[  531.656639][ T5135] usb 1-1: USB disconnect, device number 34
[  531.966020][T11009] netlink: 'syz.4.1495': attribute type 12 has an invalid length.
[  531.973937][T11009] netlink: 'syz.4.1495': attribute type 11 has an invalid length.
[  531.981874][T11009] netlink: 190580 bytes leftover after parsing attributes in process `syz.4.1495'.
[  532.474413][T11015] netlink: 'syz.3.1497': attribute type 8 has an invalid length.
[  533.270064][ T5092] Bluetooth: hci6: unexpected cc 0x0c03 length: 249 > 1
[  533.281856][ T5092] Bluetooth: hci6: unexpected cc 0x1003 length: 249 > 9
[  533.307123][ T5092] Bluetooth: hci6: unexpected cc 0x1001 length: 249 > 9
[  533.321591][ T5092] Bluetooth: hci6: unexpected cc 0x0c23 length: 249 > 4
[  533.330144][ T5092] Bluetooth: hci6: unexpected cc 0x0c25 length: 249 > 3
[  533.337583][ T5092] Bluetooth: hci6: unexpected cc 0x0c38 length: 249 > 2
[  533.848011][ T5092] Bluetooth: hci3: Ignoring HCI_Connection_Complete for existing connection
[  535.490451][ T5083] Bluetooth: hci6: command tx timeout
[  535.953110][T11019] chnl_net:caif_netlink_parms(): no params data found
[  536.139857][T11048] netlink: 'syz.3.1505': attribute type 12 has an invalid length.
[  536.149110][T11048] netlink: 'syz.3.1505': attribute type 11 has an invalid length.
[  536.158355][T11048] netlink: 190580 bytes leftover after parsing attributes in process `syz.3.1505'.
[  536.519870][T11050] binder: 11029:11050 ioctl 4018620d 0 returned -22
[  537.559384][ T5083] Bluetooth: hci6: command tx timeout
[  537.564904][   T29] audit: type=1326 audit(1720691684.422:39): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=11037 comm="syz.4.1503" exe="/root/syz-executor" sig=9 arch=c000003e syscall=231 compat=0 ip=0x7f1bcd775bd9 code=0x0
[  538.023242][T11019] bridge0: port 1(bridge_slave_0) entered blocking state
[  538.061251][T11019] bridge0: port 1(bridge_slave_0) entered disabled state
[  538.078946][T11019] bridge_slave_0: entered allmulticast mode
[  538.089788][T11019] bridge_slave_0: entered promiscuous mode
[  538.112636][T11019] bridge0: port 2(bridge_slave_1) entered blocking state
[  538.130718][T11019] bridge0: port 2(bridge_slave_1) entered disabled state
[  538.171100][T11019] bridge_slave_1: entered allmulticast mode
[  538.185801][T11019] bridge_slave_1: entered promiscuous mode
[  538.465978][   T98] block nbd2: Possible stuck request ffff888020600000: control (read@0,4096B). Runtime 60 seconds
[  538.594702][T11019] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link
[  539.042573][ T5083] Bluetooth: hci5: Ignoring HCI_Connection_Complete for existing connection
[  539.619789][T11070] netlink: 'syz.4.1508': attribute type 8 has an invalid length.
[  539.636640][ T5092] Bluetooth: hci6: command tx timeout
[  539.719233][T11019] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link
[  539.971974][T11019] team0: Port device team_slave_0 added
[  540.208603][T11088] netlink: 'syz.2.1515': attribute type 12 has an invalid length.
[  540.216906][T11088] netlink: 'syz.2.1515': attribute type 11 has an invalid length.
[  540.224841][T11088] netlink: 190580 bytes leftover after parsing attributes in process `syz.2.1515'.
[  540.543229][T11019] team0: Port device team_slave_1 added
[  541.723919][ T5092] Bluetooth: hci6: command tx timeout
[  541.771098][T11097] netlink: 8 bytes leftover after parsing attributes in process `syz.4.1517'.
[  541.774302][T11019] batman_adv: batadv0: Adding interface: batadv_slave_0
[  541.780298][T11097] netlink: 8 bytes leftover after parsing attributes in process `syz.4.1517'.
[  542.138989][T11019] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[  542.485415][    T8] usb 5-1: new high-speed USB device number 32 using dummy_hcd
[  542.527425][T11019] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active
[  542.597751][T11019] batman_adv: batadv0: Adding interface: batadv_slave_1
[  542.666618][T11019] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[  542.746723][T11019] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active
[  542.776640][    T8] usb 5-1: Using ep0 maxpacket: 8
[  542.797907][    T8] usb 5-1: New USB device found, idVendor=0424, idProduct=7800, bcdDevice=e9.41
[  542.830578][    T8] usb 5-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  542.865685][    T8] usb 5-1: config 0 descriptor??
[  543.001754][T11106] binder: 11094:11106 ioctl 4018620d 0 returned -22
[  543.112964][T11019] hsr_slave_0: entered promiscuous mode
[  543.141199][T11019] hsr_slave_1: entered promiscuous mode
[  543.165807][T11019] debugfs: Directory 'hsr0' with parent 'hsr' already present!
[  543.206633][T11019] Cannot create hsr debugfs directory
[  543.862937][T11019] netdevsim netdevsim1 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  544.536611][T11019] netdevsim netdevsim1 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  544.757477][   T25] usb 4-1: new high-speed USB device number 35 using dummy_hcd
[  545.006972][   T25] usb 4-1: Using ep0 maxpacket: 8
[  545.080468][   T25] usb 4-1: config 0 has an invalid interface number: 5 but max is 0
[  545.160855][   T25] usb 4-1: config 0 has no interface number 0
[  545.189227][   T25] usb 4-1: New USB device found, idVendor=1498, idProduct=a090, bcdDevice=f0.ff
[  545.226222][   T25] usb 4-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  545.247658][  T784] usb 5-1: USB disconnect, device number 32
[  545.255353][   T25] usb 4-1: Product: syz
[  545.268983][T11019] netdevsim netdevsim1 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  545.269923][   T25] usb 4-1: Manufacturer: syz
[  545.296707][   T25] usb 4-1: SerialNumber: syz
[  545.310083][   T25] usb 4-1: config 0 descriptor??
[  545.454387][T11019] netdevsim netdevsim1 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  545.730609][T11019] netdevsim netdevsim1 netdevsim0: renamed from eth0
[  545.751495][T11019] netdevsim netdevsim1 netdevsim1: renamed from eth1
[  545.781293][T11019] netdevsim netdevsim1 netdevsim2: renamed from eth2
[  545.804096][T11019] netdevsim netdevsim1 netdevsim3: renamed from eth3
[  545.857176][  T784] usb 3-1: new high-speed USB device number 33 using dummy_hcd
[  546.836735][  T784] usb 3-1: Using ep0 maxpacket: 32
[  546.841197][T11019] 8021q: adding VLAN 0 to HW filter on device bond0
[  546.851296][  T784] usb 3-1: config 0 interface 0 altsetting 0 bulk endpoint 0x85 has invalid maxpacket 32
[  546.868843][  T784] usb 3-1: New USB device found, idVendor=0499, idProduct=1010, bcdDevice= 5.f5
[  546.878139][  T784] usb 3-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  546.886167][  T784] usb 3-1: Product: syz
[  546.890697][  T784] usb 3-1: Manufacturer: syz
[  546.895330][  T784] usb 3-1: SerialNumber: syz
[  546.906924][  T784] usb 3-1: config 0 descriptor??
[  546.915856][T11120] raw-gadget.0 gadget.2: fail, usb_ep_enable returned -22
[  546.979431][  T784] snd-usb-audio 3-1:0.0: probe with driver snd-usb-audio failed with error -2
[  547.031124][T11019] 8021q: adding VLAN 0 to HW filter on device team0
[  547.043041][ T5135] usb 4-1: USB disconnect, device number 35
[  547.077085][T11129] nbd0: detected capacity change from 0 to 8388607
[  547.106385][ T5134] bridge0: port 1(bridge_slave_0) entered blocking state
[  547.113678][ T5134] bridge0: port 1(bridge_slave_0) entered forwarding state
[  547.128881][ T5134] bridge0: port 2(bridge_slave_1) entered blocking state
[  547.136142][ T5134] bridge0: port 2(bridge_slave_1) entered forwarding state
[  547.799525][ T5092] block nbd0: Receive control failed (result -32)
[  547.904368][T11129] block nbd0: shutting down sockets
[  548.764720][T11150] nvme_fabrics: unknown parameter or missing value '' in ctrl creation request
[  549.168959][T11019] 8021q: adding VLAN 0 to HW filter on device batadv0
[  549.398797][T11019] veth0_vlan: entered promiscuous mode
[  549.489962][T11019] veth1_vlan: entered promiscuous mode
[  549.595534][T11019] veth0_macvtap: entered promiscuous mode
[  549.653316][T11019] veth1_macvtap: entered promiscuous mode
[  549.739304][T11019] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0
[  549.766781][T11019] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  549.782496][T11019] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0
[  549.793152][T11019] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  549.803405][T11019] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0
[  549.836641][T11019] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  549.851681][ T5135] usb 3-1: USB disconnect, device number 33
[  549.866743][T11019] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0
[  549.900615][T11019] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  549.918976][T11019] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0
[  549.939912][T11019] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  549.956016][T11019] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0
[  549.976927][T11019] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  549.996681][T11019] batman_adv: batadv0: Interface activated: batadv_slave_0
[  550.020978][T11019] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1
[  550.032447][T11171] binder: 11162:11171 ioctl 4018620d 0 returned -22
[  550.075087][T11019] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  550.105962][T11019] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1
[  550.136895][T11019] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  550.163516][T11019] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1
[  550.194516][T11019] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  550.215114][T11019] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1
[  550.235945][T11019] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  550.268267][T11019] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1
[  550.289758][T11019] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  550.305283][T11019] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1
[  550.324262][T11019] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  550.336407][T11019] batman_adv: batadv0: Interface activated: batadv_slave_1
[  550.378260][T11019] netdevsim netdevsim1 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0
[  550.398259][T11019] netdevsim netdevsim1 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0
[  550.407863][T11019] netdevsim netdevsim1 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0
[  550.417234][T11019] netdevsim netdevsim1 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0
[  550.652231][T11176] netlink: 204 bytes leftover after parsing attributes in process `syz.4.1535'.
[  550.738269][   T12] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[  550.746121][   T12] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50
[  550.804719][T11179] netlink: 204 bytes leftover after parsing attributes in process `syz.2.1536'.
[  550.942469][   T61] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[  550.968402][   T61] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50
[  552.425992][   T98] block nbd1: Possible stuck request ffff888020590000: control (read@0,4096B). Runtime 30 seconds
[  552.726913][T11188] nbd4: detected capacity change from 0 to 8388607
[  553.398435][ T5092] block nbd4: Receive control failed (result -104)
[  555.106405][T11212] netlink: 8 bytes leftover after parsing attributes in process `syz.0.1544'.
[  555.141062][T11212] netlink: 8 bytes leftover after parsing attributes in process `syz.0.1544'.
[  555.222261][T11201] Bluetooth: hci0: Opcode 0x0c20 failed: -4
[  555.647370][ T5135] usb 1-1: new high-speed USB device number 35 using dummy_hcd
[  556.837317][ T5135] usb 1-1: Using ep0 maxpacket: 8
[  556.862377][ T5135] usb 1-1: New USB device found, idVendor=0424, idProduct=7800, bcdDevice=e9.41
[  556.876946][ T5135] usb 1-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  556.894250][ T5135] usb 1-1: config 0 descriptor??
[  557.221689][ T5134] usb 1-1: USB disconnect, device number 35
[  559.160590][T11242] nvme_fabrics: unknown parameter or missing value '' in ctrl creation request
[  559.637994][ T5134] usb 3-1: new high-speed USB device number 34 using dummy_hcd
[  559.958510][ T5134] usb 3-1: Using ep0 maxpacket: 8
[  560.051304][ T5134] usb 3-1: config 0 has an invalid interface number: 5 but max is 0
[  560.115241][ T5134] usb 3-1: config 0 has no interface number 0
[  560.139680][ T5134] usb 3-1: New USB device found, idVendor=1498, idProduct=a090, bcdDevice=f0.ff
[  560.166948][ T5134] usb 3-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  560.184055][ T5134] usb 3-1: Product: syz
[  560.208993][ T5134] usb 3-1: Manufacturer: syz
[  560.213643][ T5134] usb 3-1: SerialNumber: syz
[  560.265400][ T5134] usb 3-1: config 0 descriptor??
[  560.285142][ T8625] bridge0: port 3(syz_tun) entered disabled state
[  560.356139][ T8625] syz_tun (unregistering): left allmulticast mode
[  560.366732][ T8625] syz_tun (unregistering): left promiscuous mode
[  560.383414][ T8625] bridge0: port 3(syz_tun) entered disabled state
[  560.588308][T11257] binder: 11252:11257 ioctl 4018620d 0 returned -22
[  560.692789][  T942] netdevsim netdevsim0 netdevsim3 (unregistering): unset [0, 0] type 1 family 0 port 8472 - 0
[  560.713650][  T942] netdevsim netdevsim0 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  560.870220][  T942] netdevsim netdevsim0 netdevsim2 (unregistering): unset [0, 0] type 1 family 0 port 8472 - 0
[  560.899007][  T942] netdevsim netdevsim0 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  561.026405][  T942] netdevsim netdevsim0 netdevsim1 (unregistering): unset [0, 0] type 1 family 0 port 8472 - 0
[  561.052455][  T942] netdevsim netdevsim0 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  561.217932][  T942] netdevsim netdevsim0 netdevsim0 (unregistering): unset [0, 0] type 1 family 0 port 8472 - 0
[  561.245884][  T942] netdevsim netdevsim0 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  561.297417][ T5083] Bluetooth: hci2: unexpected cc 0x0c03 length: 249 > 1
[  561.307649][ T5083] Bluetooth: hci2: unexpected cc 0x1003 length: 249 > 9
[  561.315964][ T5083] Bluetooth: hci2: unexpected cc 0x1001 length: 249 > 9
[  561.327027][ T5083] Bluetooth: hci2: unexpected cc 0x0c23 length: 249 > 4
[  561.334843][ T5083] Bluetooth: hci2: unexpected cc 0x0c25 length: 249 > 3
[  561.350599][ T5083] Bluetooth: hci2: unexpected cc 0x0c38 length: 249 > 2
[  561.469686][  T942] bridge_slave_1: left allmulticast mode
[  561.475593][  T942] bridge_slave_1: left promiscuous mode
[  561.483167][  T942] bridge0: port 2(bridge_slave_1) entered disabled state
[  561.505824][  T942] bridge_slave_0: left allmulticast mode
[  561.521634][  T942] bridge_slave_0: left promiscuous mode
[  561.534391][  T942] bridge0: port 1(bridge_slave_0) entered disabled state
[  562.634809][    T8] usb 3-1: USB disconnect, device number 34
[  563.142829][ T5092] Bluetooth: hci7: unexpected cc 0x0c03 length: 249 > 1
[  563.171174][ T5092] Bluetooth: hci7: unexpected cc 0x1003 length: 249 > 9
[  563.185932][ T5092] Bluetooth: hci7: unexpected cc 0x1001 length: 249 > 9
[  563.269990][ T5092] Bluetooth: hci7: unexpected cc 0x0c23 length: 249 > 4
[  563.279147][ T5092] Bluetooth: hci7: unexpected cc 0x0c25 length: 249 > 3
[  563.289620][ T5092] Bluetooth: hci7: unexpected cc 0x0c38 length: 249 > 2
[  563.323568][ T1249] ieee802154 phy1 wpan1: encryption failed: -22
[  563.399124][ T5092] Bluetooth: hci2: command tx timeout
[  564.414341][ T5134] usb 3-1: new high-speed USB device number 35 using dummy_hcd
[  564.668313][ T5092] Bluetooth: hci3: Ignoring HCI_Connection_Complete for existing connection
[  564.678205][ T5092] Bluetooth: hci3: Received unexpected HCI Event 0x00
[  565.326146][  T942] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface
[  565.339011][ T5092] Bluetooth: hci7: command tx timeout
[  565.341307][T11295] netlink: 8 bytes leftover after parsing attributes in process `syz.3.1564'.
[  565.355209][T11295] netlink: 8 bytes leftover after parsing attributes in process `syz.3.1564'.
[  565.376108][  T942] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface
[  565.389094][  T942] bond0 (unregistering): Released all slaves
[  565.405635][ T5134] usb 3-1: config 1 has an invalid descriptor of length 0, skipping remainder of the config
[  565.426490][ T5134] usb 3-1: config 1 has 1 interface, different from the descriptor's value: 3
[  565.440439][ T5134] usb 3-1: New USB device found, idVendor=08b7, idProduct=0000, bcdDevice= 0.00
[  565.466053][ T5134] usb 3-1: New USB device strings: Mfr=0, Product=0, SerialNumber=3
[  565.485234][ T5134] usb 3-1: SerialNumber: syz
[  565.490081][ T5092] Bluetooth: hci2: command tx timeout
[  565.708846][ T5134] usb 3-1: 0:2 : does not exist
[  565.715562][ T5134] usb 3-1: unit 5 not found!
[  565.735690][ T5134] usb 3-1: USB disconnect, device number 35
[  565.752455][    T8] usb 4-1: new high-speed USB device number 36 using dummy_hcd
[  565.957505][    T8] usb 4-1: Using ep0 maxpacket: 8
[  565.980044][    T8] usb 4-1: New USB device found, idVendor=0424, idProduct=7800, bcdDevice=e9.41
[  566.008953][  T942] hsr_slave_0: left promiscuous mode
[  566.014434][    T8] usb 4-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  566.034568][  T942] hsr_slave_1: left promiscuous mode
[  566.044668][    T8] usb 4-1: config 0 descriptor??
[  566.072984][  T942] batman_adv: batadv0: Interface deactivated: batadv_slave_0
[  566.084896][  T942] batman_adv: batadv0: Removing interface: batadv_slave_0
[  566.092980][  T942] batman_adv: batadv0: Interface deactivated: batadv_slave_1
[  566.100761][  T942] batman_adv: batadv0: Removing interface: batadv_slave_1
[  566.122248][  T942] dummy0: left promiscuous mode
[  566.134025][  T942] veth1_macvtap: left promiscuous mode
[  566.139692][  T942] veth0_macvtap: left promiscuous mode
[  566.145375][  T942] veth1_vlan: left promiscuous mode
[  566.167201][  T942] veth0_vlan: left promiscuous mode
[  566.613451][ T5130] usb 4-1: USB disconnect, device number 36
[  567.057705][   T29] audit: type=1326 audit(1720691713.902:40): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=11307 comm="syz.1.1568" exe="/root/syz-executor" sig=9 arch=c000003e syscall=231 compat=0 ip=0x7fd6cdd75bd9 code=0x0
[  567.333110][  T942] team0 (unregistering): Port device team_slave_1 removed
[  567.388197][  T942] team0 (unregistering): Port device team_slave_0 removed
[  567.398883][ T5092] Bluetooth: hci7: command tx timeout
[  567.476669][    T8] usb 4-1: new high-speed USB device number 37 using dummy_hcd
[  567.557833][ T5092] Bluetooth: hci2: command tx timeout
[  567.683467][    T8] usb 4-1: unable to get BOS descriptor or descriptor too short
[  567.709564][    T8] usb 4-1: config 0 has no interfaces?
[  567.736946][    T8] usb 4-1: New USB device found, idVendor=07da, idProduct=104d, bcdDevice=e5.48
[  567.760128][    T8] usb 4-1: New USB device strings: Mfr=0, Product=2, SerialNumber=3
[  567.773392][    T8] usb 4-1: Product: syz
[  567.777697][    T8] usb 4-1: SerialNumber: syz
[  567.799044][    T8] usb 4-1: config 0 descriptor??
[  568.481105][T11264] chnl_net:caif_netlink_parms(): no params data found
[  568.505074][ T5137] usb 4-1: USB disconnect, device number 37
[  569.396298][   T98] block nbd2: Possible stuck request ffff888020600000: control (read@0,4096B). Runtime 90 seconds
[  569.458636][T11280] chnl_net:caif_netlink_parms(): no params data found
[  569.486788][ T5092] Bluetooth: hci7: command tx timeout
[  569.513058][T11264] bridge0: port 1(bridge_slave_0) entered blocking state
[  569.691997][T11264] bridge0: port 1(bridge_slave_0) entered disabled state
[  569.717324][ T5092] Bluetooth: hci2: command tx timeout
[  569.920238][T11264] bridge_slave_0: entered allmulticast mode
[  570.000976][ T5083] Bluetooth: hci6: Received unexpected HCI Event 0x00
[  572.451025][ T5083] Bluetooth: hci7: command tx timeout
[  572.456490][ T5083] Bluetooth: hci6: command tx timeout
[  572.775910][T11264] bridge_slave_0: entered promiscuous mode
[  572.865234][T11264] bridge0: port 2(bridge_slave_1) entered blocking state
[  572.883111][T11264] bridge0: port 2(bridge_slave_1) entered disabled state
[  572.896807][T11264] bridge_slave_1: entered allmulticast mode
[  572.919762][T11264] bridge_slave_1: entered promiscuous mode
[  572.984215][T11350] netlink: 8 bytes leftover after parsing attributes in process `syz.3.1578'.
[  572.994737][T11350] netlink: 8 bytes leftover after parsing attributes in process `syz.3.1578'.
[  573.131290][T11264] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link
[  573.144677][T11264] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link
[  573.216774][ T5133] usb 2-1: new high-speed USB device number 39 using dummy_hcd
[  573.236405][T11280] bridge0: port 1(bridge_slave_0) entered blocking state
[  573.256891][T11280] bridge0: port 1(bridge_slave_0) entered disabled state
[  573.264258][T11280] bridge_slave_0: entered allmulticast mode
[  573.272121][T11280] bridge_slave_0: entered promiscuous mode
[  573.281886][T11280] bridge0: port 2(bridge_slave_1) entered blocking state
[  573.291824][T11280] bridge0: port 2(bridge_slave_1) entered disabled state
[  573.296999][ T5135] usb 4-1: new high-speed USB device number 38 using dummy_hcd
[  573.299275][T11280] bridge_slave_1: entered allmulticast mode
[  573.318832][T11280] bridge_slave_1: entered promiscuous mode
[  573.336470][T11264] team0: Port device team_slave_0 added
[  573.355402][T11264] team0: Port device team_slave_1 added
[  573.402153][T11280] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link
[  573.450502][T11280] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link
[  573.767864][T11280] team0: Port device team_slave_0 added
[  573.789616][T11264] batman_adv: batadv0: Adding interface: batadv_slave_0
[  573.816775][T11264] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[  573.903050][T11264] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active
[  573.958494][T11280] team0: Port device team_slave_1 added
[  573.978208][ T5133] usb 2-1: unable to get BOS descriptor or descriptor too short
[  573.989418][ T5133] usb 2-1: config 0 has no interfaces?
[  574.007633][ T5133] usb 2-1: New USB device found, idVendor=07da, idProduct=104d, bcdDevice=e5.48
[  574.018807][ T5133] usb 2-1: New USB device strings: Mfr=0, Product=2, SerialNumber=3
[  574.037742][ T5133] usb 2-1: Product: syz
[  574.046805][ T5135] usb 4-1: Using ep0 maxpacket: 8
[  574.053878][ T5133] usb 2-1: SerialNumber: syz
[  574.067650][ T5135] usb 4-1: New USB device found, idVendor=0424, idProduct=7800, bcdDevice=e9.41
[  574.082934][ T5133] usb 2-1: config 0 descriptor??
[  574.088954][ T5135] usb 4-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  574.100733][T11264] batman_adv: batadv0: Adding interface: batadv_slave_1
[  574.109138][ T5135] usb 4-1: config 0 descriptor??
[  574.126646][T11264] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[  574.158617][T11264] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active
[  574.218290][T11280] batman_adv: batadv0: Adding interface: batadv_slave_0
[  574.225298][T11280] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[  574.264545][T11280] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active
[  574.354619][T11280] batman_adv: batadv0: Adding interface: batadv_slave_1
[  574.377262][T11280] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[  574.425863][T11280] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active
[  574.597023][T11349] pimreg: entered allmulticast mode
[  574.611829][ T5135] usb 2-1: USB disconnect, device number 39
[  574.645171][T11264] hsr_slave_0: entered promiscuous mode
[  574.663745][T11264] hsr_slave_1: entered promiscuous mode
[  574.684116][T11264] debugfs: Directory 'hsr0' with parent 'hsr' already present!
[  574.702442][T11264] Cannot create hsr debugfs directory
[  574.864631][ T5133] usb 4-1: USB disconnect, device number 38
[  574.918256][T11280] hsr_slave_0: entered promiscuous mode
[  574.929616][T11280] hsr_slave_1: entered promiscuous mode
[  574.935948][T11280] debugfs: Directory 'hsr0' with parent 'hsr' already present!
[  574.945129][T11280] Cannot create hsr debugfs directory
[  576.313602][T11372] netlink: 204 bytes leftover after parsing attributes in process `syz.3.1584'.
[  576.347804][T11374] netlink: 28 bytes leftover after parsing attributes in process `syz.2.1585'.
[  576.681356][T11280] netdevsim netdevsim4 netdevsim3 (unregistering): unset [0, 0] type 1 family 0 port 8472 - 0
[  576.695165][T11280] netdevsim netdevsim4 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  576.722686][T11264] netdevsim netdevsim0 netdevsim0: renamed from eth0
[  576.735912][T11264] netdevsim netdevsim0 netdevsim1: renamed from eth1
[  576.750997][T11264] netdevsim netdevsim0 netdevsim2: renamed from eth2
[  576.765123][T11264] netdevsim netdevsim0 netdevsim3: renamed from eth3
[  576.836889][ T5133] usb 3-1: new high-speed USB device number 36 using dummy_hcd
[  576.857447][T11280] netdevsim netdevsim4 netdevsim2 (unregistering): unset [0, 0] type 1 family 0 port 8472 - 0
[  576.878044][T11280] netdevsim netdevsim4 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  577.042801][ T5133] usb 3-1: New USB device found, idVendor=1d50, idProduct=6089, bcdDevice=d0.1d
[  577.055101][T11280] netdevsim netdevsim4 netdevsim1 (unregistering): unset [0, 0] type 1 family 0 port 8472 - 0
[  577.065827][ T5133] usb 3-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  577.069975][ T5133] usb 3-1: config 0 descriptor??
[  577.096928][T11280] netdevsim netdevsim4 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  577.259296][T11280] netdevsim netdevsim4 netdevsim0 (unregistering): unset [0, 0] type 1 family 0 port 8472 - 0
[  577.290325][T11280] netdevsim netdevsim4 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  577.419821][T11264] 8021q: adding VLAN 0 to HW filter on device bond0
[  577.510788][T11264] 8021q: adding VLAN 0 to HW filter on device team0
[  577.566376][ T5131] bridge0: port 1(bridge_slave_0) entered blocking state
[  577.573640][ T5131] bridge0: port 1(bridge_slave_0) entered forwarding state
[  577.816033][ T5131] bridge0: port 2(bridge_slave_1) entered blocking state
[  577.823339][ T5131] bridge0: port 2(bridge_slave_1) entered forwarding state
[  578.039643][T11280] netdevsim netdevsim4 netdevsim0: renamed from eth0
[  578.073135][T11280] netdevsim netdevsim4 netdevsim1: renamed from eth1
[  578.113373][T11280] netdevsim netdevsim4 netdevsim2: renamed from eth2
[  578.148693][T11280] netdevsim netdevsim4 netdevsim3: renamed from eth3
[  578.457105][ T5133] hackrf 3-1:0.0: usb_control_msg() failed -110 request 0f
[  578.464596][ T5133] hackrf 3-1:0.0: Could not detect board
[  578.509569][ T5133] hackrf 3-1:0.0: probe with driver hackrf failed with error -110
[  578.572289][T11280] 8021q: adding VLAN 0 to HW filter on device bond0
[  578.664505][T11280] 8021q: adding VLAN 0 to HW filter on device team0
[  578.708618][ T5130] bridge0: port 1(bridge_slave_0) entered blocking state
[  578.715780][ T5130] bridge0: port 1(bridge_slave_0) entered forwarding state
[  578.804115][ T5130] bridge0: port 2(bridge_slave_1) entered blocking state
[  578.811373][ T5130] bridge0: port 2(bridge_slave_1) entered forwarding state
[  578.842109][T11264] 8021q: adding VLAN 0 to HW filter on device batadv0
[  579.048112][T11264] veth0_vlan: entered promiscuous mode
[  579.105779][T11264] veth1_vlan: entered promiscuous mode
[  579.208258][T11264] veth0_macvtap: entered promiscuous mode
[  579.222914][T11264] veth1_macvtap: entered promiscuous mode
[  579.270653][T11264] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0
[  579.295136][T11264] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  579.327108][T11264] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0
[  579.378872][T11264] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  579.403555][T11264] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0
[  579.443753][T11264] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  579.486946][T11264] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0
[  579.517999][T11264] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  579.528648][T11264] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0
[  579.541235][T11264] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  579.551302][T11264] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0
[  579.562294][T11264] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  579.587838][T11264] batman_adv: batadv0: Interface activated: batadv_slave_0
[  579.641589][T11264] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1
[  579.663398][T11264] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  579.686121][T11264] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1
[  579.698060][T11264] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  579.708802][T11264] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1
[  579.815650][    T8] usb 3-1: USB disconnect, device number 36
[  579.834584][T11264] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  579.871625][T11264] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1
[  579.908245][T11264] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  579.937029][T11264] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1
[  579.986589][T11264] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  579.996635][T11264] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1
[  580.007878][T11264] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  580.025336][T11264] batman_adv: batadv0: Interface activated: batadv_slave_1
[  580.087542][T11264] netdevsim netdevsim0 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0
[  580.119502][T11264] netdevsim netdevsim0 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0
[  580.282330][T11264] netdevsim netdevsim0 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0
[  580.424856][T11264] netdevsim netdevsim0 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0
[  580.729608][T11280] 8021q: adding VLAN 0 to HW filter on device batadv0
[  580.876438][ T9722] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[  580.912944][ T9722] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50
[  581.145473][   T33] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[  581.154274][   T33] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50
[  581.259644][   T29] audit: type=1326 audit(1720691728.122:41): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=11423 comm="syz.2.1597" exe="/root/syz-executor" sig=9 arch=c000003e syscall=231 compat=0 ip=0x7fe19b375bd9 code=0x0
[  581.798016][T11280] veth0_vlan: entered promiscuous mode
[  581.862915][T11280] veth1_vlan: entered promiscuous mode
[  582.015100][T11280] veth0_macvtap: entered promiscuous mode
[  582.050693][T11280] veth1_macvtap: entered promiscuous mode
[  582.167532][T11459] nvme_fabrics: unknown parameter or missing value '' in ctrl creation request
[  582.191101][T11280] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0
[  582.232126][T11280] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  582.256639][T11280] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0
[  582.267399][T11280] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  582.292687][T11280] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0
[  582.385571][T11280] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  582.496329][T11280] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0
[  582.607736][T11280] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  582.717715][T11280] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0
[  582.837735][T11280] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  582.976979][T11280] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0
[  583.035685][   T98] block nbd1: Possible stuck request ffff888020590000: control (read@0,4096B). Runtime 60 seconds
[  583.035782][T11280] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  583.066647][T11280] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0
[  583.078285][T11280] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  583.090108][T11280] batman_adv: batadv0: Interface activated: batadv_slave_0
[  583.100938][T11280] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1
[  583.111804][T11280] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  583.122405][T11280] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1
[  583.135471][T11280] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  583.149637][T11280] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1
[  583.162382][T11280] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  583.172461][   T98] block nbd4: Possible stuck request ffff888020668000: control (read@0,4096B). Runtime 30 seconds
[  583.172520][T11280] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1
[  583.193971][T11280] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  583.203916][T11280] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1
[  583.214614][T11280] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  583.224541][T11280] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1
[  583.235146][T11280] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  583.245052][T11280] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1
[  583.259893][T11280] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  583.288127][T11280] batman_adv: batadv0: Interface activated: batadv_slave_1
[  583.500935][T11280] netdevsim netdevsim4 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0
[  583.514967][T11280] netdevsim netdevsim4 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0
[  583.548759][T11280] netdevsim netdevsim4 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0
[  583.570447][T11280] netdevsim netdevsim4 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0
[  583.655553][T11475] netlink: 12 bytes leftover after parsing attributes in process `syz.1.1609'.
[  583.708298][   T61] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[  583.728596][   T61] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50
[  583.768297][    T8] usb 3-1: new high-speed USB device number 37 using dummy_hcd
[  583.785752][ T2465] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[  583.798817][ T5135] usb 4-1: new high-speed USB device number 39 using dummy_hcd
[  583.803817][ T2465] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50
[  583.833289][T11479] netlink: 168 bytes leftover after parsing attributes in process `syz.1.1610'.
[  583.842972][T11479] netlink: 5 bytes leftover after parsing attributes in process `syz.1.1610'.
[  584.146864][ T5135] usb 4-1: Using ep0 maxpacket: 8
[  584.153376][    T8] usb 3-1: unable to get BOS descriptor or descriptor too short
[  584.163706][ T5135] usb 4-1: config 16 interface 0 altsetting 0 endpoint 0x5 has invalid wMaxPacketSize 0
[  584.174025][ T5135] usb 4-1: config 16 interface 0 altsetting 0 bulk endpoint 0x5 has invalid maxpacket 0
[  584.186780][    T8] usb 3-1: config 0 has no interfaces?
[  584.192508][ T5135] usb 4-1: config 16 interface 0 altsetting 0 bulk endpoint 0x8B has invalid maxpacket 32
[  584.221204][ T5135] usb 4-1: config 16 interface 0 altsetting 0 has 2 endpoint descriptors, different from the interface descriptor's value: 3
[  584.438556][    T8] usb 3-1: New USB device found, idVendor=07da, idProduct=104d, bcdDevice=e5.48
[  584.564381][ T5135] usb 4-1: New USB device found, idVendor=ee8d, idProduct=db1a, bcdDevice=61.23
[  584.605938][    T8] usb 3-1: New USB device strings: Mfr=0, Product=2, SerialNumber=3
[  584.833625][    T8] usb 3-1: Product: syz
[  584.864593][ T5135] usb 4-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  584.886883][    T8] usb 3-1: SerialNumber: syz
[  584.967317][    T8] usb 3-1: config 0 descriptor??
[  585.330346][ T5135] usb 4-1: usb_control_msg returned -32
[  585.336016][ T5135] usbtmc 4-1:16.0: can't read capabilities
[  585.518846][T11468] pimreg: entered allmulticast mode
[  585.538459][ T5137] usb 3-1: USB disconnect, device number 37
[  586.606103][T11506] netlink: 'syz.3.1607': attribute type 11 has an invalid length.
[  586.703764][T11513] netlink: 12 bytes leftover after parsing attributes in process `syz.4.1619'.
[  586.847095][T11506] netlink: 24 bytes leftover after parsing attributes in process `syz.3.1607'.
[  587.588742][T11514] delete_channel: no stack
[  587.855787][    T8] usb 1-1: new high-speed USB device number 36 using dummy_hcd
[  588.503213][ T5137] usb 4-1: USB disconnect, device number 39
[  588.798713][    T8] usb 1-1: New USB device found, idVendor=077b, idProduct=2226, bcdDevice=ca.8b
[  588.843057][    T8] usb 1-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  590.118421][    T8] usb 1-1: config 0 descriptor??
[  590.364418][    T8] asix 1-1:0.0 (unnamed net_device) (uninitialized): Failed to write reg index 0x0000: -71
[  590.417064][    T8] asix 1-1:0.0: probe with driver asix failed with error -71
[  590.430604][T11556] netlink: 8 bytes leftover after parsing attributes in process `syz.2.1631'.
[  590.458426][    T8] usb 1-1: USB disconnect, device number 36
[  590.476866][T11556] netlink: 6 bytes leftover after parsing attributes in process `syz.2.1631'.
[  590.733947][T11562] netlink: 12 bytes leftover after parsing attributes in process `syz.3.1633'.
[  591.099662][T11577] vim2m vim2m.0: Fourcc format (0x47425247) invalid.
[  591.108416][T11576] netlink: 'syz.4.1637': attribute type 29 has an invalid length.
[  591.132345][T11576] netlink: 'syz.4.1637': attribute type 29 has an invalid length.
[  591.198091][T11579] netlink: 105108 bytes leftover after parsing attributes in process `syz.0.1636'.
[  591.210108][T11578] netlink: 'syz.4.1637': attribute type 29 has an invalid length.
[  591.235387][T11579] netlink: 'syz.0.1636': attribute type 1 has an invalid length.
[  591.249316][T11579] netlink: 12 bytes leftover after parsing attributes in process `syz.0.1636'.
[  591.537193][ T5131] usb 3-1: new high-speed USB device number 38 using dummy_hcd
[  592.430075][ T5131] usb 3-1: too many configurations: 65, using maximum allowed: 8
[  592.615410][ T5131] usb 3-1: New USB device found, idVendor=046d, idProduct=08c1, bcdDevice=ee.8d
[  592.642480][ T5131] usb 3-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  592.886203][ T5131] usb 3-1: Found UVC 0.00 device <unnamed> (046d:08c1)
[  592.903710][ T5131] usb 3-1: No valid video chain found.
[  594.074089][ T5130] usb 3-1: USB disconnect, device number 38
[  594.339414][ T5133] usb 5-1: new high-speed USB device number 33 using dummy_hcd
[  595.286129][T11624] nvme_fabrics: unknown parameter or missing value '' in ctrl creation request
[  595.418759][ T5133] usb 5-1: New USB device found, idVendor=077b, idProduct=2226, bcdDevice=ca.8b
[  595.438434][ T5133] usb 5-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  595.467902][ T5133] usb 5-1: config 0 descriptor??
[  595.981982][ T5131] usb 2-1: new high-speed USB device number 40 using dummy_hcd
[  596.778184][ T5131] usb 2-1: unable to get BOS descriptor or descriptor too short
[  596.847585][ T5131] usb 2-1: config 0 has no interfaces?
[  596.880292][ T5131] usb 2-1: New USB device found, idVendor=07da, idProduct=104d, bcdDevice=e5.48
[  596.906252][ T5131] usb 2-1: New USB device strings: Mfr=0, Product=2, SerialNumber=3
[  596.924420][ T5131] usb 2-1: Product: syz
[  596.932827][ T5131] usb 2-1: SerialNumber: syz
[  596.957637][ T5131] usb 2-1: config 0 descriptor??
[  597.033406][T11646] bridge0: entered promiscuous mode
[  597.048735][T11646] bridge0: left promiscuous mode
[  597.160017][T11652] netlink: 209852 bytes leftover after parsing attributes in process `syz.3.1662'.
[  597.198892][T11652] openvswitch: netlink: IP tunnel attribute has 3064 unknown bytes.
[  597.203723][ T5131] usb 2-1: USB disconnect, device number 40
[  597.297869][  T784] usb 1-1: new high-speed USB device number 37 using dummy_hcd
[  597.323316][ T5133] asix 5-1:0.0 (unnamed net_device) (uninitialized): Failed to write reg index 0x0000: -71
[  597.333984][ T5133] asix 5-1:0.0 (unnamed net_device) (uninitialized): Failed to write RX_CTL mode to 0x0080: ffffffb9
[  597.347084][ T5133] asix 5-1:0.0: probe with driver asix failed with error -71
[  597.358636][ T5133] usb 5-1: USB disconnect, device number 33
[  597.500802][  T784] usb 1-1: New USB device found, idVendor=07b0, idProduct=0006, bcdDevice=84.fc
[  597.519572][  T784] usb 1-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  597.560175][  T784] usb 1-1: config 0 descriptor??
[  597.578226][  T784] HFC-S_USB 1-1:0.0: probe with driver HFC-S_USB failed with error -5
[  597.668686][    T9] usb 4-1: new high-speed USB device number 40 using dummy_hcd
[  597.925602][    T9] usb 4-1: config 1 has an invalid descriptor of length 0, skipping remainder of the config
[  598.129703][    T9] usb 4-1: config 1 has 1 interface, different from the descriptor's value: 3
[  598.357900][    T9] usb 4-1: New USB device found, idVendor=08b7, idProduct=0000, bcdDevice= 0.00
[  598.582479][    T9] usb 4-1: New USB device strings: Mfr=0, Product=0, SerialNumber=3
[  598.611895][    T9] usb 4-1: SerialNumber: syz
[  599.039154][    T9] usb 4-1: 0:2 : does not exist
[  599.048865][    T9] usb 4-1: 5:0: failed to get current value for ch 0 (-22)
[  599.821201][    T9] usb 4-1: USB disconnect, device number 40
[  599.902117][   T98] block nbd2: Possible stuck request ffff888020600000: control (read@0,4096B). Runtime 120 seconds
[  601.147807][  T784] usb 1-1: USB disconnect, device number 37
[  601.214255][T11690] FAULT_INJECTION: forcing a failure.
[  601.214255][T11690] name fail_usercopy, interval 1, probability 0, space 0, times 0
[  601.228505][T11690] CPU: 1 PID: 11690 Comm: syz.1.1673 Not tainted 6.10.0-rc7-syzkaller-00025-ga19ea421490d #0
[  601.238710][T11690] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 06/07/2024
[  601.248794][T11690] Call Trace:
[  601.252101][T11690]  <TASK>
[  601.255055][T11690]  dump_stack_lvl+0x241/0x360
[  601.259787][T11690]  ? __pfx_dump_stack_lvl+0x10/0x10
[  601.265024][T11690]  ? __pfx__printk+0x10/0x10
[  601.269668][T11690]  ? snprintf+0xda/0x120
[  601.273947][T11690]  should_fail_ex+0x3b0/0x4e0
[  601.278676][T11690]  _copy_to_user+0x2f/0xb0
[  601.283127][T11690]  simple_read_from_buffer+0xca/0x150
[  601.288551][T11690]  proc_fail_nth_read+0x1e9/0x250
[  601.293621][T11690]  ? __pfx_proc_fail_nth_read+0x10/0x10
[  601.299205][T11690]  ? rw_verify_area+0x520/0x6b0
[  601.304096][T11690]  ? __pfx_proc_fail_nth_read+0x10/0x10
[  601.309678][T11690]  vfs_read+0x204/0xbc0
[  601.313867][T11690]  ? __pfx_lock_release+0x10/0x10
[  601.318922][T11690]  ? do_sock_setsockopt+0x3e2/0x720
[  601.324156][T11690]  ? __pfx_vfs_read+0x10/0x10
[  601.328876][T11690]  ? __fget_files+0x29/0x470
[  601.333502][T11690]  ? __fget_files+0x3f6/0x470
[  601.338211][T11690]  ksys_read+0x1a0/0x2c0
[  601.342463][T11690]  ? __pfx_ksys_read+0x10/0x10
[  601.347233][T11690]  ? do_syscall_64+0x100/0x230
[  601.352010][T11690]  ? do_syscall_64+0xb6/0x230
[  601.356693][T11690]  do_syscall_64+0xf3/0x230
[  601.361197][T11690]  ? clear_bhb_loop+0x35/0x90
[  601.365874][T11690]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  601.371784][T11690] RIP: 0033:0x7fd6cdd746bc
[  601.376214][T11690] Code: ec 28 48 89 54 24 18 48 89 74 24 10 89 7c 24 08 e8 c9 8c 02 00 48 8b 54 24 18 48 8b 74 24 10 41 89 c0 8b 7c 24 08 31 c0 0f 05 <48> 3d 00 f0 ff ff 77 34 44 89 c7 48 89 44 24 08 e8 1f 8d 02 00 48
[  601.395829][T11690] RSP: 002b:00007fd6ceb21040 EFLAGS: 00000246 ORIG_RAX: 0000000000000000
[  601.404269][T11690] RAX: ffffffffffffffda RBX: 00007fd6cdf04038 RCX: 00007fd6cdd746bc
[  601.412241][T11690] RDX: 000000000000000f RSI: 00007fd6ceb210b0 RDI: 0000000000000005
[  601.420244][T11690] RBP: 00007fd6ceb210a0 R08: 0000000000000000 R09: 0000000000000000
[  601.428213][T11690] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[  601.436200][T11690] R13: 000000000000006e R14: 00007fd6cdf04038 R15: 00007fff92b43298
[  601.444185][T11690]  </TASK>
[  605.494023][ T5135] usb 2-1: new high-speed USB device number 41 using dummy_hcd
[  605.522835][T11728] x_tables: ip6_tables: TCPMSS target: only valid for protocol 6
[  606.338367][ T5135] usb 2-1: unable to get BOS descriptor or descriptor too short
[  606.459233][ T5135] usb 2-1: config 0 has no interfaces?
[  606.516108][ T5135] usb 2-1: New USB device found, idVendor=07da, idProduct=104d, bcdDevice=e5.48
[  606.552811][ T5135] usb 2-1: New USB device strings: Mfr=0, Product=2, SerialNumber=3
[  606.588849][ T5135] usb 2-1: Product: syz
[  606.605296][ T5135] usb 2-1: SerialNumber: syz
[  606.632570][ T5135] usb 2-1: config 0 descriptor??
[  606.915668][  T784] usb 2-1: USB disconnect, device number 41
[  608.897953][ T5092] Bluetooth: hci7: Received unexpected HCI Event 0x00
[  609.337625][T11781] netlink: 12 bytes leftover after parsing attributes in process `syz.1.1694'.
[  609.379315][T11785] netlink: 32 bytes leftover after parsing attributes in process `syz.2.1690'.
[  610.728842][T11798] xt_hashlimit: overflow, try lower: 0/0
[  610.740457][T11798] Bluetooth: MGMT ver 1.22
[  610.745049][T11798] FAULT_INJECTION: forcing a failure.
[  610.745049][T11798] name failslab, interval 1, probability 0, space 0, times 0
[  610.760761][T11798] CPU: 1 PID: 11798 Comm: syz.4.1697 Not tainted 6.10.0-rc7-syzkaller-00025-ga19ea421490d #0
[  610.770953][T11798] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 06/07/2024
[  610.781039][T11798] Call Trace:
[  610.784323][T11798]  <TASK>
[  610.787264][T11798]  dump_stack_lvl+0x241/0x360
[  610.791996][T11798]  ? __pfx_dump_stack_lvl+0x10/0x10
[  610.797214][T11798]  ? __pfx__printk+0x10/0x10
[  610.801836][T11798]  should_fail_ex+0x3b0/0x4e0
[  610.806541][T11798]  ? __alloc_skb+0x1c3/0x440
[  610.811178][T11798]  should_failslab+0x9/0x20
[  610.815697][T11798]  kmem_cache_alloc_node_noprof+0x71/0x320
[  610.821525][T11798]  __alloc_skb+0x1c3/0x440
[  610.825975][T11798]  ? __pfx___alloc_skb+0x10/0x10
[  610.830932][T11798]  ? __pfx___alloc_skb+0x10/0x10
[  610.835900][T11798]  create_monitor_ctrl_event+0x35/0x4d0
[  610.841459][T11798]  ? mgmt_cmd_complete+0x1b5/0x580
[  610.846591][T11798]  mgmt_cmd_complete+0x220/0x580
[  610.851555][T11798]  remove_device+0x902/0xc40
[  610.856174][T11798]  ? __pfx_remove_device+0x10/0x10
[  610.861300][T11798]  ? __pfx_lockdep_init_map_type+0x10/0x10
[  610.867141][T11798]  ? __pfx_delayed_work_timer_fn+0x10/0x10
[  610.872965][T11798]  ? mgmt_init_hdev+0x444/0x470
[  610.877828][T11798]  hci_mgmt_cmd+0xc45/0x11d0
[  610.882441][T11798]  hci_sock_sendmsg+0x7a5/0x11c0
[  610.887419][T11798]  ? __pfx_hci_sock_sendmsg+0x10/0x10
[  610.892823][T11798]  ? bpf_lsm_socket_sendmsg+0x9/0x10
[  610.898141][T11798]  ? security_socket_sendmsg+0x87/0xb0
[  610.903646][T11798]  ? __pfx_hci_sock_sendmsg+0x10/0x10
[  610.909030][T11798]  __sock_sendmsg+0x221/0x270
[  610.913731][T11798]  sock_write_iter+0x2dd/0x400
[  610.918532][T11798]  ? __pfx_sock_write_iter+0x10/0x10
[  610.923842][T11798]  ? bpf_lsm_file_permission+0x9/0x10
[  610.929219][T11798]  ? security_file_permission+0x7f/0xa0
[  610.934779][T11798]  vfs_write+0xa72/0xc90
[  610.939129][T11798]  ? __pfx_sock_write_iter+0x10/0x10
[  610.944433][T11798]  ? __pfx_vfs_write+0x10/0x10
[  610.949234][T11798]  ksys_write+0x1a0/0x2c0
[  610.953604][T11798]  ? __pfx_ksys_write+0x10/0x10
[  610.958482][T11798]  ? do_syscall_64+0x100/0x230
[  610.963256][T11798]  ? do_syscall_64+0xb6/0x230
[  610.967961][T11798]  do_syscall_64+0xf3/0x230
[  610.972488][T11798]  ? clear_bhb_loop+0x35/0x90
[  610.977189][T11798]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  610.983264][T11798] RIP: 0033:0x7f9c9e775bd9
[  610.987685][T11798] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[  611.007314][T11798] RSP: 002b:00007f9c9f510048 EFLAGS: 00000246 ORIG_RAX: 0000000000000001
[  611.015762][T11798] RAX: ffffffffffffffda RBX: 00007f9c9e904038 RCX: 00007f9c9e775bd9
[  611.023751][T11798] RDX: 000000000000000d RSI: 0000000020000200 RDI: 000000000000000a
[  611.031743][T11798] RBP: 00007f9c9f5100a0 R08: 0000000000000000 R09: 0000000000000000
[  611.039721][T11798] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[  611.047693][T11798] R13: 000000000000006e R14: 00007f9c9e904038 R15: 00007ffca12d6bb8
[  611.055703][T11798]  </TASK>
[  611.072670][ T5092] Bluetooth: hci7: command tx timeout
[  611.505399][ T5092] Bluetooth: hci5: command 0x0406 tx timeout
[  611.945031][T11800] netlink: 'syz.0.1696': attribute type 8 has an invalid length.
[  612.248860][T11805] FAULT_INJECTION: forcing a failure.
[  612.248860][T11805] name fail_usercopy, interval 1, probability 0, space 0, times 0
[  612.819168][T11805] CPU: 0 PID: 11805 Comm: syz.3.1699 Not tainted 6.10.0-rc7-syzkaller-00025-ga19ea421490d #0
[  612.829400][T11805] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 06/07/2024
[  612.839483][T11805] Call Trace:
[  612.842788][T11805]  <TASK>
[  612.845741][T11805]  dump_stack_lvl+0x241/0x360
[  612.850500][T11805]  ? __pfx_dump_stack_lvl+0x10/0x10
[  612.855742][T11805]  ? __pfx__printk+0x10/0x10
[  612.860373][T11805]  ? __pfx_lock_release+0x10/0x10
[  612.865440][T11805]  should_fail_ex+0x3b0/0x4e0
[  612.870176][T11805]  _copy_to_iter+0x1f6/0x1960
[  612.874907][T11805]  ? __pfx_lockdep_hardirqs_on_prepare+0x10/0x10
[  612.881271][T11805]  ? __pfx__copy_to_iter+0x10/0x10
[  612.886432][T11805]  ? _raw_spin_unlock_irqrestore+0xdd/0x140
[  612.892364][T11805]  ? __pfx__raw_spin_unlock_irqrestore+0x10/0x10
[  612.898739][T11805]  ? remove_wait_queue+0x33/0x130
[  612.903793][T11805]  tun_do_read+0xff5/0x2330
[  612.908348][T11805]  ? __pfx_tun_do_read+0x10/0x10
[  612.913315][T11805]  ? __pfx_lock_release+0x10/0x10
[  612.918388][T11805]  ? __pfx_default_wake_function+0x10/0x10
[  612.924238][T11805]  ? tun_get+0x1e/0x2f0
[  612.928425][T11805]  ? tun_get+0x27d/0x2f0
[  612.932704][T11805]  tun_chr_read_iter+0x13a/0x270
[  612.937681][T11805]  do_iter_readv_writev+0x5a4/0x800
[  612.942908][T11805]  ? mark_lock+0x9a/0x350
[  612.947274][T11805]  ? __pfx_do_iter_readv_writev+0x10/0x10
[  612.953034][T11805]  ? bpf_lsm_file_permission+0x9/0x10
[  612.958438][T11805]  ? security_file_permission+0x7f/0xa0
[  612.964018][T11805]  ? rw_verify_area+0x52a/0x6b0
[  612.968912][T11805]  vfs_readv+0x2b6/0xa90
[  612.973206][T11805]  ? __pfx_vfs_readv+0x10/0x10
[  612.978001][T11805]  ? vfs_write+0x7c4/0xc90
[  612.982477][T11805]  ? __fget_files+0x29/0x470
[  612.987115][T11805]  do_readv+0x1b1/0x350
[  612.991315][T11805]  ? __pfx_do_readv+0x10/0x10
[  612.996026][T11805]  ? do_syscall_64+0x100/0x230
[  613.000831][T11805]  ? do_syscall_64+0xb6/0x230
[  613.005548][T11805]  do_syscall_64+0xf3/0x230
[  613.010102][T11805]  ? clear_bhb_loop+0x35/0x90
[  613.014816][T11805]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  613.020728][T11805] RIP: 0033:0x7feb1a975bd9
[  613.025143][T11805] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[  613.044771][T11805] RSP: 002b:00007feb1b669048 EFLAGS: 00000246 ORIG_RAX: 0000000000000013
[  613.053231][T11805] RAX: ffffffffffffffda RBX: 00007feb1ab03f60 RCX: 00007feb1a975bd9
[  613.061262][T11805] RDX: 0000000000000001 RSI: 0000000020000040 RDI: 0000000000000003
[  613.069250][T11805] RBP: 00007feb1b6690a0 R08: 0000000000000000 R09: 0000000000000000
[  613.077244][T11805] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[  613.085262][T11805] R13: 000000000000000b R14: 00007feb1ab03f60 R15: 00007ffe57db0088
[  613.093312][T11805]  </TASK>
[  613.364167][   T98] block nbd1: Possible stuck request ffff888020590000: control (read@0,4096B). Runtime 90 seconds
[  613.403294][   T98] block nbd4: Possible stuck request ffff888020668000: control (read@0,4096B). Runtime 60 seconds
[  613.563995][ T5092] Bluetooth: hci7: Ignoring HCI_Connection_Complete for existing connection
[  613.578294][ T5092] Bluetooth: hci7: Received unexpected HCI Event 0x00
[  614.717377][   T29] audit: type=1326 audit(1720691761.582:42): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=11829 comm="syz.4.1705" exe="/root/syz-executor" sig=9 arch=c000003e syscall=231 compat=0 ip=0x7f9c9e775bd9 code=0x0
[  615.530294][ T5083] Bluetooth: hci5: Ignoring HCI_Connection_Complete for existing connection
[  618.634759][ T5092] Bluetooth: hci2: Received unexpected HCI Event 0x00
[  618.726481][T11875] netlink: 12 bytes leftover after parsing attributes in process `syz.4.1717'.
[  620.767017][ T5083] Bluetooth: hci2: command tx timeout
[  620.768588][ T5092] Bluetooth: hci7: Ignoring HCI_Connection_Complete for existing connection
[  621.582909][T11909] netlink: 'syz.1.1724': attribute type 10 has an invalid length.
[  626.273900][T11909] netlink: 40 bytes leftover after parsing attributes in process `syz.1.1724'.
[  626.287195][ T1249] ieee802154 phy1 wpan1: encryption failed: -22
[  627.429550][T11909] bridge0: port 3(syz_tun) entered blocking state
[  627.436177][T11909] bridge0: port 3(syz_tun) entered disabled state
[  627.553210][T11909] syz_tun: entered allmulticast mode
[  628.398490][T11909] syz_tun: entered promiscuous mode
[  628.420010][T11909] bridge0: port 3(syz_tun) entered blocking state
[  628.426695][T11909] bridge0: port 3(syz_tun) entered forwarding state
[  628.736157][T11931] FAULT_INJECTION: forcing a failure.
[  628.736157][T11931] name failslab, interval 1, probability 0, space 0, times 0
[  628.749017][T11931] CPU: 0 PID: 11931 Comm: syz.0.1731 Not tainted 6.10.0-rc7-syzkaller-00025-ga19ea421490d #0
[  628.759199][T11931] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 06/07/2024
[  628.769256][T11931] Call Trace:
[  628.772555][T11931]  <TASK>
[  628.775520][T11931]  dump_stack_lvl+0x241/0x360
[  628.780230][T11931]  ? __pfx_dump_stack_lvl+0x10/0x10
[  628.785450][T11931]  ? __pfx__printk+0x10/0x10
[  628.790238][T11931]  ? nf_hook+0x396/0x450
[  628.794492][T11931]  should_fail_ex+0x3b0/0x4e0
[  628.799189][T11931]  ? skb_clone+0x20c/0x390
[  628.803631][T11931]  should_failslab+0x9/0x20
[  628.808143][T11931]  kmem_cache_alloc_noprof+0x6c/0x2a0
[  628.813545][T11931]  skb_clone+0x20c/0x390
[  628.817797][T11931]  ? ip_mc_output+0x1ea/0x5c0
[  628.822500][T11931]  ip_mc_output+0x1f7/0x5c0
[  628.827047][T11931]  ip_send_skb+0x74/0x100
[  628.831389][T11931]  udp_send_skb+0xaa4/0x1470
[  628.836003][T11931]  udp_sendmsg+0x1c21/0x2a60
[  628.840617][T11931]  ? mark_lock+0x9a/0x350
[  628.844991][T11931]  ? __pfx_ip_generic_getfrag+0x10/0x10
[  628.850777][T11931]  ? __pfx_udp_sendmsg+0x10/0x10
[  628.855728][T11931]  ? smack_socket_sendmsg+0x172/0x540
[  628.861113][T11931]  ? tomoyo_socket_sendmsg_permission+0x288/0x420
[  628.867564][T11931]  ? __pfx___might_resched+0x10/0x10
[  628.872860][T11931]  ? iovec_from_user+0x61/0x240
[  628.877723][T11931]  ? inet_sendmsg+0x2ba/0x390
[  628.882505][T11931]  ? bpf_lsm_socket_sendmsg+0x9/0x10
[  628.887797][T11931]  ? security_socket_sendmsg+0x87/0xb0
[  628.893270][T11931]  __sock_sendmsg+0x1a6/0x270
[  628.897959][T11931]  ____sys_sendmsg+0x525/0x7d0
[  628.902825][T11931]  ? __pfx_____sys_sendmsg+0x10/0x10
[  628.908134][T11931]  __sys_sendmmsg+0x3b2/0x740
[  628.912824][T11931]  ? __pfx___sys_sendmmsg+0x10/0x10
[  628.918067][T11931]  ? __pfx_rcu_read_lock_any_held+0x10/0x10
[  628.923973][T11931]  ? ksys_write+0x23e/0x2c0
[  628.928586][T11931]  ? __pfx_lock_release+0x10/0x10
[  628.933638][T11931]  ? vfs_write+0x7c4/0xc90
[  628.938070][T11931]  ? __mutex_unlock_slowpath+0x21d/0x750
[  628.943703][T11931]  ? __pfx_vfs_write+0x10/0x10
[  628.948503][T11931]  ? lockdep_hardirqs_on_prepare+0x43d/0x780
[  628.954506][T11931]  ? __pfx_lockdep_hardirqs_on_prepare+0x10/0x10
[  628.960846][T11931]  ? do_syscall_64+0x100/0x230
[  628.965627][T11931]  __x64_sys_sendmmsg+0xa0/0xb0
[  628.970512][T11931]  do_syscall_64+0xf3/0x230
[  628.975032][T11931]  ? clear_bhb_loop+0x35/0x90
[  628.979723][T11931]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  628.985625][T11931] RIP: 0033:0x7feba2375bd9
[  628.990056][T11931] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[  629.009669][T11931] RSP: 002b:00007feba31ad048 EFLAGS: 00000246 ORIG_RAX: 0000000000000133
[  629.018089][T11931] RAX: ffffffffffffffda RBX: 00007feba2504110 RCX: 00007feba2375bd9
[  629.026077][T11931] RDX: 0400000000000077 RSI: 0000000020000180 RDI: 0000000000000008
[  629.034063][T11931] RBP: 00007feba31ad0a0 R08: 0000000000000000 R09: 0000000000000000
[  629.042038][T11931] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[  629.050031][T11931] R13: 000000000000006e R14: 00007feba2504110 R15: 00007ffcc1eb1e18
[  629.058043][T11931]  </TASK>
[  631.705874][T10107] Bluetooth: hci7: Ignoring HCI_Connection_Complete for existing connection
[  631.714933][T10107] Bluetooth: hci7: Received unexpected HCI Event 0x00
[  631.726832][   T30] INFO: task syz.2.1355:10446 blocked for more than 145 seconds.
[  631.734599][   T30]       Not tainted 6.10.0-rc7-syzkaller-00025-ga19ea421490d #0
[  631.828315][   T98] block nbd2: Possible stuck request ffff888020600000: control (read@0,4096B). Runtime 150 seconds
[  631.920533][   T30] "echo 0 > /proc/sys/kernel/hung_task_timeout_secs" disables this message.
SYZFAIL: failed to send rpc
fd=3 want=47168 sent=0 n=-1 (errno 32: Broken pipe)
[  631.986716][   T30] task:syz.2.1355      state:D stack:20048 pid:10446 tgid:10445 ppid:8045   flags:0x00004004
[  632.026893][   T30] Call Trace:
[  632.030235][   T30]  <TASK>
[  632.033196][   T30]  __schedule+0x1796/0x49d0
[  632.076608][   T30]  ? __pfx___schedule+0x10/0x10
[  632.090914][   T30]  ? __pfx_lock_release+0x10/0x10
[  632.110453][   T30]  ? lockdep_hardirqs_on_prepare+0x43d/0x780
[  632.155703][   T30]  ? schedule+0x90/0x320
[  632.170326][   T30]  schedule+0x14b/0x320
[  632.174570][   T30]  io_schedule+0x8d/0x110
[  632.196977][   T30]  folio_wait_bit_common+0x882/0x12b0
[  632.207397][   T30]  ? __pfx_folio_wait_bit_common+0x10/0x10
[  632.215584][   T30]  ? __pfx_wake_page_function+0x10/0x10
[  632.221504][   T30]  ? __filemap_get_folio+0x769/0xc10
[  632.226950][   T30]  do_read_cache_folio+0xb9/0x820
[  632.232015][   T30]  ? __pfx_blkdev_read_folio+0x10/0x10
[  632.246745][   T30]  read_part_sector+0xb3/0x330
[  632.251569][   T30]  adfspart_check_POWERTEC+0xc8/0x8f0
[  632.266910][   T30]  ? irqentry_exit+0x63/0x90
[  632.271571][   T30]  ? lockdep_hardirqs_on+0x99/0x150
[  632.286640][   T30]  ? __pfx_adfspart_check_ICS+0x10/0x10
[  632.292245][   T30]  ? __pfx_adfspart_check_POWERTEC+0x10/0x10
[  632.309409][   T30]  ? bdev_disk_changed+0x700/0x13d0
[  632.314664][   T30]  ? kasan_check_range+0x175/0x290
[  632.344819][   T30]  bdev_disk_changed+0x72c/0x13d0
[  632.357000][   T30]  ? __pfx_bdev_disk_changed+0x10/0x10
[  632.362525][   T30]  ? __pfx___might_resched+0x10/0x10
[  632.385508][   T30]  blkdev_get_whole+0x315/0x470
[  632.396705][   T30]  bdev_open+0x2e9/0xc60
[  632.401026][   T30]  blkdev_open+0x20d/0x2e0
[  632.405561][   T30]  ? __pfx_blkdev_open+0x10/0x10
[  632.427660][   T30]  do_dentry_open+0x970/0x1450
[  632.432512][   T30]  vfs_open+0x3e/0x330
[  632.446538][   T30]  path_openat+0x2c01/0x35f0
[  632.451211][   T30]  ? __pfx___schedule+0x10/0x10
[  632.456105][   T30]  ? __lock_acquire+0x1346/0x1fd0
[  632.486642][   T30]  ? __pfx_path_openat+0x10/0x10
[  632.491673][   T30]  do_filp_open+0x235/0x490
[  632.496245][   T30]  ? __pfx_do_filp_open+0x10/0x10
[  632.527837][   T30]  ? _raw_spin_unlock+0x28/0x50
[  632.532782][   T30]  ? alloc_fd+0x5a1/0x640
[  632.545612][   T30]  do_sys_openat2+0x13e/0x1d0
[  632.550646][   T30]  ? __pfx_do_sys_openat2+0x10/0x10
[  632.555909][   T30]  ? smack_file_ioctl+0x2a1/0x3a0
[  632.566580][   T30]  __x64_sys_openat+0x247/0x2a0
[  632.571484][   T30]  ? __pfx___x64_sys_openat+0x10/0x10
[  632.585098][   T30]  ? do_syscall_64+0x100/0x230
[  632.590014][   T30]  ? do_syscall_64+0xb6/0x230
[  632.594732][   T30]  do_syscall_64+0xf3/0x230
[  632.609271][   T30]  ? clear_bhb_loop+0x35/0x90
[  632.616107][   T30]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  632.636345][   T30] RIP: 0033:0x7f07b8374610
[  632.642317][   T30] RSP: 002b:00007f07b9144b80 EFLAGS: 00000293 ORIG_RAX: 0000000000000101
[  632.656766][   T30] RAX: ffffffffffffffda RBX: 0000000000000000 RCX: 00007f07b8374610
[  632.664812][   T30] RDX: 0000000000000000 RSI: 00007f07b9144c20 RDI: 00000000ffffff9c
[  632.681178][   T30] RBP: 00007f07b9144c20 R08: 0000000000000000 R09: 002364626e2f7665
[  632.694301][   T30] R10: 0000000000000000 R11: 0000000000000293 R12: 0000000000000000
[  632.705686][   T30] R13: 000000000000000b R14: 00007f07b8503f60 R15: 00007ffffd604d78
[  632.724463][   T30]  </TASK>
[  632.746627][   T30] INFO: task syz.2.1355:10448 blocked for more than 146 seconds.
[  632.754374][   T30]       Not tainted 6.10.0-rc7-syzkaller-00025-ga19ea421490d #0
[  632.809598][   T30] "echo 0 > /proc/sys/kernel/hung_task_timeout_secs" disables this message.
[  632.820880][   T30] task:syz.2.1355      state:D stack:23312 pid:10448 tgid:10445 ppid:8045   flags:0x00004004
[  632.831216][   T30] Call Trace:
[  632.834521][   T30]  <TASK>
[  632.839061][   T30]  __schedule+0x1796/0x49d0
[  632.843647][   T30]  ? __pfx___schedule+0x10/0x10
[  632.851916][   T30]  ? __pfx_lock_release+0x10/0x10
[  632.857198][   T30]  ? __mutex_trylock_common+0x92/0x2e0
[  632.862711][   T30]  ? schedule+0x90/0x320
[  632.867806][   T30]  schedule+0x14b/0x320
[  632.872010][   T30]  schedule_preempt_disabled+0x13/0x30
[  632.877719][   T30]  __mutex_lock+0x6a4/0xd70
[  632.882259][   T30]  ? __mutex_lock+0x527/0xd70
[  632.887034][   T30]  ? bdev_release+0x184/0x700
[  632.891757][   T30]  ? __pfx___mutex_lock+0x10/0x10
[  632.906209][   T30]  ? __fsnotify_parent+0x20c/0x5e0
[  632.916604][   T30]  bdev_release+0x184/0x700
[  632.923173][   T30]  blkdev_release+0x15/0x20
[  632.928100][   T30]  ? __pfx_blkdev_release+0x10/0x10
[  632.933336][   T30]  __fput+0x24a/0x8a0
[  632.937471][   T30]  task_work_run+0x24f/0x310
[  632.942115][   T30]  ? __pfx_task_work_run+0x10/0x10
[  632.947544][   T30]  ? syscall_exit_to_user_mode+0xa3/0x360
[  632.953327][   T30]  syscall_exit_to_user_mode+0x168/0x360
[  632.961407][   T30]  do_syscall_64+0x100/0x230
[  632.966140][   T30]  ? clear_bhb_loop+0x35/0x90
[  632.971085][   T30]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  632.977134][   T30] RIP: 0033:0x7f07b8375bd9
[  632.981581][   T30] RSP: 002b:00007f07b9124048 EFLAGS: 00000246 ORIG_RAX: 0000000000000010
[  632.995144][   T30] RAX: 0000000000000000 RBX: 00007f07b8504038 RCX: 00007f07b8375bd9
[  633.003323][   T30] RDX: 0000000000000000 RSI: 000000000000ab03 RDI: 0000000000000003
[  633.011728][   T30] RBP: 00007f07b83e4e60 R08: 0000000000000000 R09: 0000000000000000
[  633.019769][   T30] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000
[  633.030105][   T30] R13: 000000000000006e R14: 00007f07b8504038 R15: 00007ffffd604d78
[  633.038234][   T30]  </TASK>
[  633.056578][   T30] 
[  633.056578][   T30] Showing all locks held in the system:
[  633.077632][   T30] 1 lock held by khungtaskd/30:
[  633.082512][   T30]  #0: ffffffff8e333f20 (rcu_read_lock){....}-{1:2}, at: debug_show_all_locks+0x55/0x2a0
[  633.136728][   T30] 3 locks held by kworker/u8:3/51:
[  633.141924][   T30] 2 locks held by getty/4840:
[  633.178948][   T30]  #0: ffff88802b10c0a0 (&tty->ldisc_sem){++++}-{0:0}, at: tty_ldisc_ref_wait+0x25/0x70
[  633.206575][   T30]  #1: ffffc900031332f0 (&ldata->atomic_read_lock){+.+.}-{3:3}, at: n_tty_read+0x6b5/0x1e10
[  633.246641][   T30] 3 locks held by kworker/0:7/5135:
[  633.264205][   T30]  #0: ffff888015080948 ((wq_completion)events){+.+.}-{0:0}, at: process_scheduled_works+0x90a/0x1830
[  633.288699][   T30]  #1: ffffc900040c7d00 (free_ipc_work){+.+.}-{0:0}, at: process_scheduled_works+0x945/0x1830
[  633.316868][   T30]  #2: ffffffff8e3392f8 (rcu_state.exp_mutex){+.+.}-{3:3}, at: synchronize_rcu_expedited+0x451/0x830
[  633.356561][   T30] 1 lock held by syz.2.1355/10446:
[  633.361727][   T30]  #0: ffff88802049a4c8 (&disk->open_mutex){+.+.}-{3:3}, at: bdev_open+0xe5/0xc60
[  633.398970][   T30] 1 lock held by syz.2.1355/10448:
[  633.404225][   T30]  #0: ffff88802049a4c8 (&disk->open_mutex){+.+.}-{3:3}, at: bdev_release+0x184/0x700
[  633.422312][   T30] 1 lock held by syz.1.1473/10924:
[  633.427546][   T30]  #0: ffff8880202844c8 (&disk->open_mutex){+.+.}-{3:3}, at: bdev_release+0x184/0x700
[  633.439259][   T30] 1 lock held by syz.1.1473/10926:
[  633.444406][   T30]  #0: ffff8880202844c8 (&disk->open_mutex){+.+.}-{3:3}, at: bdev_open+0xe5/0xc60
[  633.453807][   T30] 3 locks held by syz-executor/11019:
[  633.459430][   T30]  #0: ffff888023894d88 (&hdev->req_lock){+.+.}-{3:3}, at: hci_unregister_dev+0x203/0x510
[  633.469521][   T30]  #1: ffff888023894078 (&hdev->lock){+.+.}-{3:3}, at: hci_dev_close_sync+0x494/0xf60
[  633.479419][   T30]  #2: ffffffff8e3392f8 (rcu_state.exp_mutex){+.+.}-{3:3}, at: synchronize_rcu_expedited+0x381/0x830
[  633.490544][   T30] 1 lock held by syz.4.1538/11188:
[  633.495679][   T30]  #0: ffff88802049e4c8 (&disk->open_mutex){+.+.}-{3:3}, at: bdev_release+0x184/0x700
[  633.505501][   T30] 1 lock held by syz.4.1538/11192:
[  633.512095][   T30]  #0: ffff88802049e4c8 (&disk->open_mutex){+.+.}-{3:3}, at: bdev_open+0xe5/0xc60
[  633.521642][   T30] 3 locks held by syz-executor/11264:
[  633.527110][   T30]  #0: ffff888024ef4d88 (&hdev->req_lock){+.+.}-{3:3}, at: hci_unregister_dev+0x203/0x510
[  633.539854][   T30]  #1: ffff888024ef4078 (&hdev->lock){+.+.}-{3:3}, at: hci_dev_close_sync+0x494/0xf60
[  633.549701][   T30]  #2: ffffffff8f73f008 (hci_cb_list_lock){+.+.}-{3:3}, at: hci_conn_hash_flush+0xa6/0x240
[  633.559980][   T30] 3 locks held by syz-executor/11280:
[  633.565376][   T30]  #0: ffff88805672cd88 (&hdev->req_lock){+.+.}-{3:3}, at: hci_unregister_dev+0x203/0x510
[  633.575450][   T30]  #1: ffff88805672c078 (&hdev->lock){+.+.}-{3:3}, at: hci_dev_close_sync+0x494/0xf60
[  633.585221][   T30]  #2: ffffffff8f73f008 (hci_cb_list_lock){+.+.}-{3:3}, at: hci_conn_hash_flush+0xa6/0x240
[  633.595306][   T30] 3 locks held by syz.2.1727/11908:
[  633.600709][   T30]  #0: ffff88807df98d88 (&hdev->req_lock){+.+.}-{3:3}, at: hci_unregister_dev+0x203/0x510
[  633.610767][   T30]  #1: ffff88807df98078 (&hdev->lock){+.+.}-{3:3}, at: hci_dev_close_sync+0x494/0xf60
[  633.622345][   T30]  #2: ffffffff8f73f008 (hci_cb_list_lock){+.+.}-{3:3}, at: hci_conn_hash_flush+0xa6/0x240
[  633.632529][   T30] 
[  633.637016][   T30] =============================================
[  633.637016][   T30] 
[  633.652103][   T30] NMI backtrace for cpu 0
[  633.656557][   T30] CPU: 0 PID: 30 Comm: khungtaskd Not tainted 6.10.0-rc7-syzkaller-00025-ga19ea421490d #0
[  633.666478][   T30] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 06/07/2024
[  633.676568][   T30] Call Trace:
[  633.679844][   T30]  <TASK>
[  633.682774][   T30]  dump_stack_lvl+0x241/0x360
[  633.687460][   T30]  ? __pfx_dump_stack_lvl+0x10/0x10
[  633.692663][   T30]  ? __pfx__printk+0x10/0x10
[  633.697259][   T30]  ? vprintk_emit+0x631/0x770
[  633.701943][   T30]  ? __pfx_vprintk_emit+0x10/0x10
[  633.707003][   T30]  nmi_cpu_backtrace+0x49c/0x4d0
[  633.711979][   T30]  ? __pfx_nmi_cpu_backtrace+0x10/0x10
[  633.717457][   T30]  ? _printk+0xd5/0x120
[  633.721633][   T30]  ? __pfx__printk+0x10/0x10
[  633.726237][   T30]  ? __wake_up_klogd+0xcc/0x110
[  633.731110][   T30]  ? __pfx__printk+0x10/0x10
[  633.735716][   T30]  ? __rcu_read_unlock+0xa1/0x110
[  633.740760][   T30]  ? __pfx_nmi_raise_cpu_backtrace+0x10/0x10
[  633.746764][   T30]  nmi_trigger_cpumask_backtrace+0x198/0x320
[  633.752788][   T30]  watchdog+0xfde/0x1020
[  633.757053][   T30]  ? watchdog+0x1ea/0x1020
[  633.761702][   T30]  ? __pfx_watchdog+0x10/0x10
[  633.766389][   T30]  kthread+0x2f0/0x390
[  633.770471][   T30]  ? __pfx_watchdog+0x10/0x10
[  633.775157][   T30]  ? __pfx_kthread+0x10/0x10
[  633.779758][   T30]  ret_from_fork+0x4b/0x80
[  633.784189][   T30]  ? __pfx_kthread+0x10/0x10
[  633.788801][   T30]  ret_from_fork_asm+0x1a/0x30
[  633.793600][   T30]  </TASK>
[  633.798352][   T30] Sending NMI from CPU 0 to CPUs 1:
[  633.803700][    C1] NMI backtrace for cpu 1
[  633.803713][    C1] CPU: 1 PID: 51 Comm: kworker/u8:3 Not tainted 6.10.0-rc7-syzkaller-00025-ga19ea421490d #0
[  633.803732][    C1] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 06/07/2024
[  633.803744][    C1] Workqueue: bat_events batadv_nc_worker
[  633.803771][    C1] RIP: 0010:check_preemption_disabled+0x4f/0x120
[  633.803802][    C1] Code: 86 74 a9 ff ff ff 7f 74 26 65 48 8b 04 25 28 00 00 00 48 3b 44 24 08 0f 85 ce 00 00 00 89 d8 48 83 c4 10 5b 41 5c 41 5e 41 5f <c3> cc cc cc cc 48 c7 04 24 00 00 00 00 9c 8f 04 24 f7 04 24 00 02
[  633.803817][    C1] RSP: 0018:ffffc90000bb79d8 EFLAGS: 00000086
[  633.803832][    C1] RAX: 0000000000000001 RBX: ffffc90000bb7a40 RCX: 0000000000000001
[  633.803844][    C1] RDX: dffffc0000000000 RSI: ffffffff8bcaccc0 RDI: ffffffff8c1f15c0
[  633.803858][    C1] RBP: ffffc90000bb7b40 R08: ffffffff92f71587 R09: 1ffffffff25ee2b0
[  633.803871][    C1] R10: dffffc0000000000 R11: fffffbfff25ee2b1 R12: 1ffff92000176f44
[  633.803885][    C1] R13: dffffc0000000000 R14: 0000000000000000 R15: 0000000000000246
[  633.803897][    C1] FS:  0000000000000000(0000) GS:ffff8880b9500000(0000) knlGS:0000000000000000
[  633.803912][    C1] CS:  0010 DS: 0000 ES: 0000 CR0: 0000000080050033
[  633.803924][    C1] CR2: 00007f9c9f437d60 CR3: 000000000e132000 CR4: 00000000003506f0
[  633.803939][    C1] DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000
[  633.803950][    C1] DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400
[  633.803961][    C1] Call Trace:
[  633.803968][    C1]  <NMI>
[  633.803975][    C1]  ? nmi_cpu_backtrace+0x3c2/0x4d0
[  633.803994][    C1]  ? __pfx_lock_acquire+0x10/0x10
[  633.804015][    C1]  ? __pfx_nmi_cpu_backtrace+0x10/0x10
[  633.804044][    C1]  ? nmi_cpu_backtrace_handler+0xc/0x20
[  633.804065][    C1]  ? nmi_handle+0x14f/0x5a0
[  633.804091][    C1]  ? nmi_handle+0x2a/0x5a0
[  633.804118][    C1]  ? check_preemption_disabled+0x4f/0x120
[  633.804145][    C1]  ? default_do_nmi+0x63/0x160
[  633.804164][    C1]  ? exc_nmi+0x123/0x1f0
[  633.804183][    C1]  ? end_repeat_nmi+0xf/0x53
[  633.804215][    C1]  ? check_preemption_disabled+0x4f/0x120
[  633.804243][    C1]  ? check_preemption_disabled+0x4f/0x120
[  633.804271][    C1]  ? check_preemption_disabled+0x4f/0x120
[  633.804304][    C1]  </NMI>
[  633.804310][    C1]  <TASK>
[  633.804315][    C1]  lock_acquire+0x1fd/0x550
[  633.804337][    C1]  ? __pfx_lock_acquire+0x10/0x10
[  633.804357][    C1]  ? batadv_nc_worker+0xcb/0x610
[  633.804379][    C1]  ? __pfx_lock_release+0x10/0x10
[  633.804399][    C1]  ? lockdep_hardirqs_on_prepare+0x43d/0x780
[  633.804422][    C1]  batadv_nc_worker+0xec/0x610
[  633.804444][    C1]  ? batadv_nc_worker+0xcb/0x610
[  633.804465][    C1]  ? batadv_nc_worker+0xcb/0x610
[  633.804488][    C1]  ? process_scheduled_works+0x945/0x1830
[  633.804506][    C1]  process_scheduled_works+0xa2c/0x1830
[  633.804539][    C1]  ? __pfx_process_scheduled_works+0x10/0x10
[  633.804561][    C1]  ? assign_work+0x364/0x3d0
[  633.804581][    C1]  worker_thread+0x86d/0xd50
[  633.804607][    C1]  ? __kthread_parkme+0x169/0x1d0
[  633.804628][    C1]  ? __pfx_worker_thread+0x10/0x10
[  633.804646][    C1]  kthread+0x2f0/0x390
[  633.804667][    C1]  ? __pfx_worker_thread+0x10/0x10
[  633.804685][    C1]  ? __pfx_kthread+0x10/0x10
[  633.804706][    C1]  ret_from_fork+0x4b/0x80
[  633.804728][    C1]  ? __pfx_kthread+0x10/0x10
[  633.804749][    C1]  ret_from_fork_asm+0x1a/0x30
[  633.804782][    C1]  </TASK>
[  633.806843][   T30] Kernel panic - not syncing: hung_task: blocked tasks
[  633.806861][   T30] CPU: 0 PID: 30 Comm: khungtaskd Not tainted 6.10.0-rc7-syzkaller-00025-ga19ea421490d #0
[  633.806888][   T30] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 06/07/2024
[  633.806902][   T30] Call Trace:
[  633.806911][   T30]  <TASK>
[  633.806922][   T30]  dump_stack_lvl+0x241/0x360
[  633.806963][   T30]  ? __pfx_dump_stack_lvl+0x10/0x10
[  633.806998][   T30]  ? __pfx__printk+0x10/0x10
[  633.807028][   T30]  ? lockdep_hardirqs_on_prepare+0x43d/0x780
[  633.807072][   T30]  ? vscnprintf+0x5d/0x90
[  633.807100][   T30]  panic+0x349/0x860
[  633.807135][   T30]  ? nmi_trigger_cpumask_backtrace+0x244/0x320
[  633.807163][   T30]  ? __pfx_panic+0x10/0x10
[  633.807192][   T30]  ? tick_nohz_tick_stopped+0x82/0xb0
[  633.807227][   T30]  ? __irq_work_queue_local+0x137/0x410
[  633.807254][   T30]  ? preempt_schedule_thunk+0x1a/0x30
[  633.807281][   T30]  ? nmi_trigger_cpumask_backtrace+0x244/0x320
[  633.807306][   T30]  ? nmi_trigger_cpumask_backtrace+0x2d4/0x320
[  633.807336][   T30]  ? nmi_trigger_cpumask_backtrace+0x2d9/0x320
[  633.807364][   T30]  watchdog+0x101d/0x1020
[  633.807400][   T30]  ? watchdog+0x1ea/0x1020
[  633.807434][   T30]  ? __pfx_watchdog+0x10/0x10
[  633.807459][   T30]  kthread+0x2f0/0x390
[  633.807488][   T30]  ? __pfx_watchdog+0x10/0x10
[  633.807513][   T30]  ? __pfx_kthread+0x10/0x10
[  633.807543][   T30]  ret_from_fork+0x4b/0x80
[  633.807573][   T30]  ? __pfx_kthread+0x10/0x10
[  633.807602][   T30]  ret_from_fork_asm+0x1a/0x30
[  633.807652][   T30]  </TASK>
[  633.811158][   T30] Kernel Offset: disabled
[  634.287028][   T30] Rebooting in 86400 seconds..