last executing test programs:

3m37.431865955s ago: executing program 4 (id=810):
r0 = socket$tipc(0x1e, 0x5, 0x0)
bind$tipc(r0, &(0x7f0000000340)=@nameseq={0x1e, 0x1, 0x3, {0x43}}, 0x10)
setsockopt$TIPC_GROUP_JOIN(r0, 0x10f, 0x87, &(0x7f0000000100)={0x43, 0x0, 0x3, 0x3}, 0x10)
sendmsg$tipc(r0, &(0x7f0000000400)={&(0x7f00000008c0), 0x58, 0x0, 0x0, 0x0, 0x0, 0x1}, 0x20)
sendmsg$tipc(r0, &(0x7f0000000000)={&(0x7f0000000040)=@nameseq={0x1e, 0x1, 0x2, {0x1, 0x0, 0x4}}, 0x10, 0x0, 0x0, 0x0, 0x0, 0xc8045}, 0x40011)

3m37.204913908s ago: executing program 4 (id=814):
mmap(&(0x7f0000000000/0xfbe000)=nil, 0xfbe000, 0x2, 0x31, 0xffffffffffffffff, 0x0)
mremap(&(0x7f0000a96000/0x1000)=nil, 0x1000, 0x400000, 0x3, &(0x7f0000000000/0x400000)=nil)
timer_create(0x0, 0x0, &(0x7f0000bbdffc))
r0 = io_uring_setup(0xaae, &(0x7f0000000d40)={0x0, 0xbfffeffb, 0x400, 0x0, 0x4})
io_uring_register$IORING_REGISTER_BUFFERS(r0, 0x2300000000000000, &(0x7f00000002c0)=[{&(0x7f0000001700)=""/4095, 0x440000}], 0x100000000000011a)

3m35.955265725s ago: executing program 4 (id=823):
pipe(&(0x7f0000000200)={0xffffffffffffffff, <r0=>0xffffffffffffffff})
pipe(&(0x7f0000000000)={<r1=>0xffffffffffffffff})
r2 = socket$inet_udp(0x2, 0x2, 0x0)
splice(r1, 0x0, r2, 0x0, 0x2000000002ffff, 0x0)
splice(r1, 0x0, r0, &(0x7f0000000080)=0xa, 0x200000000005, 0xe)

3m34.935311712s ago: executing program 4 (id=837):
mkdirat(0xffffffffffffff9c, &(0x7f0000000240)='./file0\x00', 0x0)
mount(0x0, &(0x7f0000000100)='./file0\x00', &(0x7f00000000c0)='debugfs\x00', 0x0, 0x0)
chroot(&(0x7f0000000100)='./file0\x00')
mount$bind(&(0x7f0000000040)='.\x00', &(0x7f00000008c0)='./file0\x00', 0x0, 0x2a05004, 0x0)
pivot_root(&(0x7f0000000600)='./file0\x00', &(0x7f00000001c0)='./file0/../file0\x00')

3m34.64361492s ago: executing program 4 (id=842):
r0 = socket(0x1e, 0x5, 0x0)
openat$random(0xffffffffffffff9c, &(0x7f0000000340), 0x900, 0x0)
listen(r0, 0x0)
close_range(0xffffffffffffffff, 0xffffffffffffffff, 0x2)
pselect6(0x40, &(0x7f0000000100)={0x0, 0x9, 0x3, 0x80000001, 0x7fb, 0x8, 0x100200}, 0x0, &(0x7f0000000240)={0x1e, 0x3, 0xfffffffffffffffe, 0x0, 0x0, 0xa}, &(0x7f0000000280)={0x0, 0x3938700}, 0x0)

3m33.006924983s ago: executing program 4 (id=850):
r0 = open(&(0x7f0000000140)='./bus\x00', 0x42b42, 0x1c0)
prctl$PR_SET_SYSCALL_USER_DISPATCH_ON(0x3b, 0x1, 0x0, 0x0, &(0x7f0000006680))
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0x2, 0x8031, 0xffffffffffffffff, 0x6a855000)
madvise(&(0x7f0000000000/0x600000)=nil, 0x600002, 0x9)
readahead(r0, 0x862, 0x5)

3m32.486947773s ago: executing program 32 (id=850):
r0 = open(&(0x7f0000000140)='./bus\x00', 0x42b42, 0x1c0)
prctl$PR_SET_SYSCALL_USER_DISPATCH_ON(0x3b, 0x1, 0x0, 0x0, &(0x7f0000006680))
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0x2, 0x8031, 0xffffffffffffffff, 0x6a855000)
madvise(&(0x7f0000000000/0x600000)=nil, 0x600002, 0x9)
readahead(r0, 0x862, 0x5)

3m16.701138283s ago: executing program 2 (id=955):
r0 = socket$alg(0x26, 0x5, 0x0)
bind$alg(r0, &(0x7f00000004c0)={0x26, 'skcipher\x00', 0x0, 0x0, 'cbc-camellia-asm\x00'}, 0x58)
setsockopt$ALG_SET_KEY(r0, 0x117, 0x1, &(0x7f0000000280)="ad56b6c5820fae9d6dcd3292ea54c7beef915d564c90c200", 0x18)
r1 = accept4(r0, 0x0, 0x0, 0x800)
sendmmsg$alg(r1, &(0x7f0000000040)=[{0x0, 0x0, &(0x7f0000000000)=[{&(0x7f0000000080)="f78d9ca38fff48f3be52163448412ba8", 0xfffffe3f}, {&(0x7f0000000140)="ebe3a0e9796cfd1647e299f4e376fdba128280b372219d205e81f4a7f71c1926aae1efd7e0054a863f3d5cfe6cb55b5bb9fa6935849e6098ed884e7cb51726b360fbb37b4fe035bbb095873048"}, {&(0x7f00000003c0)="e8700e444d50a969ff67347cff6127e6ef12ee3819271482a4975a52c1ab9b8b4db3945d1032005eabe97b4dc33a47d3a158da988456d30026b433186f53cdcdb93a4722bf306a10470d50f5cb1ece9ead3459bab1cf1538cd0b157653c5e892962c80f158c443e9c6ad7d2a8103ef2f4b93766b9a21501f94c1568b13756b66f74f46cf801704d2da8b96c34070b233af0afcc436712e58ed25e721193af05a045ad3fdc928f02f3dbad19d3e66eebda2e63f3f46ef4511cee26d7b48241847bf9e343ef4674c45e2a085060f11"}], 0x1, &(0x7f0000000380)=[@op={0x18, 0x117, 0x3, 0x1}], 0x18}], 0x1, 0x40800)
recvmsg(r1, &(0x7f00000005c0)={0x0, 0x0, &(0x7f00000001c0)=[{&(0x7f00000000c0)=""/81, 0x7ffff000}, {&(0x7f0000000200)=""/83, 0x20000253}], 0x2}, 0x0)

3m16.290188474s ago: executing program 2 (id=958):
r0 = syz_io_uring_setup(0xf00, &(0x7f0000000080)={0x0, 0x0, 0xc00, 0x0, 0x0, 0x0, 0x0}, &(0x7f0000000100)=<r1=>0x0, &(0x7f0000000140)=<r2=>0x0, &(0x7f0000000180)=<r3=>0x0)
syz_io_uring_submit(r1, r2, r3, &(0x7f00000001c0)=@IORING_OP_OPENAT2={0x1c, 0x0, 0x0, 0xffffffffffffff9c, &(0x7f0000000200)={0x42}, &(0x7f0000000240)='./file1\x00', 0x18, 0x0, 0x12345})
io_uring_enter(r0, 0x1, 0x1, 0x1, 0x0, 0x0)
r4 = syz_io_uring_complete(r1, r2)
close(r4)

3m15.641198779s ago: executing program 2 (id=962):
r0 = socket$nl_generic(0x10, 0x3, 0x10)
r1 = syz_genetlink_get_family_id$nl80211(&(0x7f0000000080), 0xffffffffffffffff)
ioctl$sock_SIOCGIFINDEX_80211(r0, 0x8933, &(0x7f00000000c0)={'wlan0\x00', <r2=>0x0})
sendmsg$NL80211_CMD_SET_INTERFACE(r0, &(0x7f0000000100)={0x0, 0x0, &(0x7f0000000140)={&(0x7f0000000180)={0x24, r1, 0x5, 0x0, 0x0, {{}, {@val={0x8, 0x3, r2}, @void}}, [@NL80211_ATTR_IFTYPE={0x8, 0x5, 0x3}]}, 0x24}}, 0x0)
sendmsg$NL80211_CMD_START_AP(r0, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000200)={&(0x7f0000000240)={0x74, r1, 0x5, 0x0, 0x0, {{}, {@val={0x8, 0x3, r2}, @void}}, [@beacon=[@NL80211_ATTR_BEACON_HEAD={0x28, 0xe, {{{}, {}, @broadcast, @device_a, @from_mac}, 0x0, @default, 0x1, @void, @void, @void, @void, @void, @void, @void, @void, @void, @void, @void, @void, @void}}], @chandef_params=[@NL80211_ATTR_WIPHY_FREQ={0x8}], @NL80211_ATTR_BEACON_INTERVAL={0x8}, @NL80211_ATTR_DTIM_PERIOD={0x8}, @NL80211_ATTR_SSID={0xa, 0x34, @default_ap_ssid}, @NL80211_ATTR_AUTH_TYPE={0x8}, @NL80211_ATTR_EXTERNAL_AUTH_SUPPORT={0x4}]}, 0x74}}, 0x0)

3m14.507170964s ago: executing program 2 (id=972):
mkdirat(0xffffffffffffff9c, &(0x7f0000000080)='./file0\x00', 0x0)
mount$bind(&(0x7f0000000380)='./file0\x00', &(0x7f0000000200)='./file0\x00', 0x0, 0x2125099, 0x0)
chroot(&(0x7f0000000100)='./file0\x00')
mount$bind(&(0x7f0000000040)='.\x00', &(0x7f00000003c0)='./file0\x00', 0x0, 0x2a05004, 0x0)
pivot_root(&(0x7f00000001c0)='./file0\x00', &(0x7f0000000240)='./file0\x00')
pivot_root(&(0x7f0000000300)='./file0\x00', &(0x7f0000000340)='.\x00')

3m14.259011789s ago: executing program 2 (id=975):
r0 = socket(0x40000000015, 0x5, 0x0)
connect$inet(r0, &(0x7f0000000000)={0x2, 0x4e20, @loopback}, 0x10)
bind$inet(r0, &(0x7f0000000340)={0x2, 0x4e20, @loopback}, 0x57)
sendmsg$nl_route_sched(0xffffffffffffffff, &(0x7f00000004c0)={0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x4000000}, 0x0)
sendmsg$xdp(r0, &(0x7f0000000100)={0x0, 0x0, &(0x7f0000000140)=[{&(0x7f0000000900)='Z', 0xffaa}, {&(0x7f0000000040)="a3d7f3e8a9cf9e3887a6f6eca30e90d85fcfa281378973ab916b0e1d03bd28bca55c552da8cfecb0fbccbfb18ef20fe9541e0e1e8fa214cb6bb0455c2386f5ebb4730be449beb72f481c1429d6eb835b76fd1fdcacd50b884c98caa871ec4e225b6036b6ad2638ab5b06828c10fc355b170075f37b748b8f466fe29f40ec981d1431132bca9884654780b3205ed61f49c3b3b6229593e61d13a8505de19a8a0f502d4f3148f9450ed35ef5950bb7fefcf299beed14", 0xb5}], 0x2}, 0x0)
recvmmsg(r0, &(0x7f0000005680)=[{{0x0, 0x0, &(0x7f0000000380)=[{&(0x7f0000001940)=""/4096, 0x1000}, {&(0x7f00000002c0)=""/120, 0x78}], 0x24}}], 0x1, 0x0, 0x0)

3m10.891305682s ago: executing program 2 (id=991):
r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000180), 0x2, 0x0)
ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0)
r1 = userfaultfd(0x80001)
ioctl$UFFDIO_API(r1, 0xc018aa3f, &(0x7f0000000140)={0xaa, 0x1a5})
ioctl$UFFDIO_REGISTER(r1, 0xc020aa00, &(0x7f0000000080)={{&(0x7f0000ffd000/0x3000)=nil, 0x3000}, 0x1})
ioctl$UFFDIO_COPY(r1, 0xc028aa05, &(0x7f0000000040)={&(0x7f0000ffd000/0x3000)=nil, &(0x7f0000000000/0x3000)=nil, 0x3000})

3m10.384963889s ago: executing program 33 (id=991):
r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000180), 0x2, 0x0)
ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0)
r1 = userfaultfd(0x80001)
ioctl$UFFDIO_API(r1, 0xc018aa3f, &(0x7f0000000140)={0xaa, 0x1a5})
ioctl$UFFDIO_REGISTER(r1, 0xc020aa00, &(0x7f0000000080)={{&(0x7f0000ffd000/0x3000)=nil, 0x3000}, 0x1})
ioctl$UFFDIO_COPY(r1, 0xc028aa05, &(0x7f0000000040)={&(0x7f0000ffd000/0x3000)=nil, &(0x7f0000000000/0x3000)=nil, 0x3000})

2m42.952855005s ago: executing program 3 (id=1145):
r0 = openat$uinput(0xffffffffffffff9c, &(0x7f0000000040), 0x802, 0x0)
ioctl$UI_SET_ABSBIT(r0, 0x40045567, 0x0)
ioctl$UI_ABS_SETUP(r0, 0x401c5504, &(0x7f00000002c0)={0x3f})
ioctl$UI_SET_EVBIT(r0, 0x40045564, 0x3)
write$uinput_user_dev(r0, &(0x7f0000001740)={'syz1\x00', {}, 0x0, [0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x31, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3, 0x0, 0x0, 0x0, 0x0, 0x2], [0x0, 0x0, 0x3, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x80000000, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1ff, 0x0, 0x0, 0x0, 0x200000, 0x0, 0xfffffffd, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xdf51, 0x0, 0x0, 0x2, 0x0, 0x0, 0x0, 0x80, 0x0, 0x0, 0x0, 0x0, 0x7fffffff], [0x0, 0x0, 0x4, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xfffffffc, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xe8c, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3, 0xffffffff, 0x0, 0x0, 0xffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x800, 0x0, 0x2, 0x0, 0xfaea, 0x0, 0x0, 0x0, 0x6], [0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x9, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x27, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2, 0x0, 0x0, 0x0, 0x6, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2]}, 0x45c)
ioctl$UI_DEV_CREATE(r0, 0x5501)

2m42.247096993s ago: executing program 3 (id=1153):
r0 = socket$netlink(0x10, 0x3, 0x0)
bind$netlink(r0, &(0x7f0000514ff4)={0x10, 0x0, 0x25dfdbfc, 0x2ffffffff}, 0xc)
r1 = socket(0x10, 0x3, 0x0)
socketpair$unix(0x1, 0x1, 0x0, &(0x7f0000000080)={0xffffffffffffffff, <r2=>0xffffffffffffffff})
ioctl$sock_SIOCGIFINDEX(r2, 0x8933, &(0x7f0000000000)={'lo\x00', <r3=>0x0})
sendmsg$nl_route_sched(r1, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000780)={&(0x7f00000001c0)=@newqdisc={0x48, 0x24, 0xd0f, 0x0, 0x0, {0x60, 0x0, 0x0, r3, {0x0, 0x2}, {0xffff, 0xffff}}, [@qdisc_kind_options=@q_prio={{0x9}, {0x18, 0x2, {0x8}}}]}, 0x48}}, 0x0)

2m42.080186571s ago: executing program 3 (id=1155):
r0 = memfd_create(&(0x7f0000000840)='\x01\xfd\xae.+\xa6\x8c\xb6?2\x199\x94S,|x?Ue[\xbd\xe1!\x033\xbc\'#\xff\x17\x9b%\xf3[d \x06\x00\x00\x00\x97A\xc2\xd8\xf0Uq!\xe4\xc4\xb1\xa2\x1c\xffC;\x94Q\r\xb6}\x9c\xecC\v\xcf\xe5,\x82\x03\x00\x19\x8d\xff\xff\xff\xff\xb4\x99\x8a\x19\xe5\xb8\x8cx\b\x99\x04R\x05\xaf\xa2\xea5\f\xcc\x1a\x9b\x00Uf\xa5\xf7\x80Tgiz\nX\b\x91\xfd0\x8e\xb6\xa3\v#\x16\xdf\xb4\xc0\xe6\xb4\xef\xa8i\xd8\xa2\xd2(\x98\x9bA\x8f\x13\xeb\xf4b/\xe7!\x8f\xf6]-\xf1k\xb62\x89gEv\x13\xf4\xc7\xb2\xf5\\\x17\x90\xb5\xa6\xa8\xb8o\x0f\xe2 \xe7\x9c$\xd7\xf2@\xf7c\x06\x00\x00\x00\x00\x00\x00\x001\r$\x1e\xff\xf0P\xb2\x97\xb8\xbc\xeb\x91\x87\x8bu\xbf\xd4\'\xff\x1f\f\x016\x9dQ\xeeT\xe8\bY\x00\xb2\x06\xa6\xbel\x9b.o\xbe\x80\x9dx\xd5O\xd6h\\I\xc9\x8d\a\x1d\xc9k\x83\xfc\xa4\xad4\x03\xa2X\x0f\x82\xdbs\xc7\x83L\x9e\xa2\xd1\xb3\xac\x8d\xd8\xb4\xb4\xea\x90Q\xd8\xc7\xeb%\x8bOp\x1ab\x96\xcf\xbb\x15\xcf\xfc^\xed\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00s\xaf\xa2\x14]p+\x96\x1ei|n\xda\xee\\\xae\x96*\x82*\xb8j\xda\xaa\x14\x1f\x1d\xf8\xf8\xae\xfcH\xc4\xb3j\xe8\xcfO\xef\x0e\xafe\xb5*\x89\x18\xb2w\x96\b\x1by\xeaT\xdd\xb3g6\xbc\x85\xb2Y\xccv\x06\x00\x00\x00\xc5e\x90\xc51\x9f\v_# \b\xa5\xbcP,|\xe9\xd6s\x1f\x1f\xbe\xd3\x80\xb1\xa8 \xce|df\x903\v\x02\xea.\x03X\xb5\xe4,8\xb7\xadEI\xdcA\xa7\xcc\xd7\xf9n\x1b\x95\xf8\x11X\xe6:\x03\xce\xfe\x02\x8ctdy~_oC\x9e\xef\xf0\xa2K\xe9;\x8e:\x01\x03C\x92\xeb\x16\x1c\xbf\xbe\xef\xccUxhg\xfc\xbc\xeb[^\xc7\xc0v/\xdfY\xe6\x83\xa6z\xff\x01\x9d o_{!O\xaajU\x84 \xe9\xb59r\x9cw\x18Z\xd3\xcd\x0e\xba\\\xdb\xf0a\x86\t\xaf\vi\xdc\xbf?\xf5\n\xbd^\x05\xc0\xceuC}\xa8\xc7\xed\x86\xd7\x15&\xb9]1\x05J\x96\xf0\x84\xc1\f\xa6p\x96?\x00\x00\x00\x9f\x0f\x00\x00\x12\x88\xc8\x9c\xc9Cn\xd4\xa47V\'+\xcc\xbf\r\xa9\x10\x1d\xcf\xebKl\xcc\xa4:\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00G\xdf\xbb\xc0_\x99F\xf4n]\x14\xbc\xcd\xd3\x9f\x9fe\xc5\xe6\xe8Mb\xc6\x82\x82\xcb\xcaXe\xe1\xa2\xaa\x02\x86\xb8\x18\xe2C\xeb\xa9\x17&\x01&\'w\xa1t0\x80\xf0\x93\x80\x9f\x9b\xe0\x9f\xea\xb9\x9eD]#V\xda\x92\xca\xc6\xfa.\xd6\xe31\xfe\xe8\x02\xebX\xbd\nz\x01O\xd3r\x93>m\xd7q\'\xdf\xfajo\xd8n\xa7\xecJi\xde\xdf\x7f\xe3\xc4*Z 4\xe8S$\xa1H=\xdf\x05\xf3\xc3T\xd1\xdd\xc6f\xa4\xb4\x96\\\xa0\xf9\x0f\x17\x11{\xb6\x9d\xd21\xc1\x90Vj\x13r\x00\x00\xde\x03\xab\xff\x8as0\xc6E\xca\"\xd9*\x9a\x15\xb95r\x8f\xaaj\x82\xd6\xd2%\xed\xa2WQ\xec2\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\xccX\xfdRB\xffU\xe9\xfa\x1f\xf6\xce\b\xde@\x061\xc6z\xe4\xe0\xc9?\xa7\x94>\x9c\xd1\xa5o\x04\xaaim\xae\xfe\xc7f\xa3\x96\xd7\xb4c)r{\r#\xddI&\n\xf2\xec\xd4\xff\x9f\x136zZ-2\x80\xfbH+\x9b8\xf3\xed\xdf\xa2my\xb28c[\xc3\xfe\xb5M\x84\x97\xa5\'s\xe9\xdc=)I\xabLt2\x9c\v\xd9S\x00\x00\x00\x00\x00\x00\x00', 0x6)
fallocate(r0, 0x0, 0xb, 0x1)
mmap(&(0x7f0000000000/0x3000)=nil, 0x3000, 0x5, 0x12, r0, 0x0)
seccomp$SECCOMP_SET_MODE_FILTER_LISTENER(0x1, 0x7, &(0x7f0000000240)={0x0, 0x0})
syz_clone(0x11, 0x0, 0x0, 0x0, 0x0, 0x0)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeef, 0x8031, 0xffffffffffffffff, 0x0)

2m40.520439668s ago: executing program 3 (id=1164):
syz_clone(0x8120011, 0x0, 0x0, 0x0, 0x0, 0x0)
mkdirat(0xffffffffffffff9c, &(0x7f0000000240)='./file0\x00', 0x0)
mount$bind(&(0x7f0000000000)='.\x00', &(0x7f0000000200)='./file0/../file0\x00', 0x0, 0x101091, 0x0)
chroot(&(0x7f0000000100)='./file0\x00')
mount$bind(&(0x7f0000000040)='.\x00', &(0x7f00000008c0)='./file0\x00', 0x0, 0x2a05004, 0x0)
pivot_root(&(0x7f0000000600)='./file0\x00', &(0x7f00000001c0)='./file0/../file0\x00')

2m40.119945459s ago: executing program 3 (id=1166):
r0 = fsopen(&(0x7f0000000080)='mqueue\x00', 0x0)
fsconfig$FSCONFIG_CMD_CREATE(r0, 0x6, 0x0, 0x0, 0x0)
r1 = fsmount(r0, 0x0, 0x0)
fchdir(r1)
r2 = openat$dir(0xffffffffffffff9c, &(0x7f0000000580)='.\x00', 0x8880, 0x4d)
lseek(r2, 0x1, 0x1)

2m38.723207045s ago: executing program 3 (id=1180):
r0 = openat$sysctl(0xffffffffffffff9c, 0x0, 0x1, 0x0)
r1 = bpf$MAP_CREATE(0x0, &(0x7f0000000100)=ANY=[@ANYBLOB="010000000400100004112200a4e2000001"], 0x48)
ioctl$BTRFS_IOC_SET_FEATURES(r0, 0x40309439, &(0x7f00000001c0)={0x7, 0x2, 0x1})
bpf$BPF_MAP_LOOKUP_AND_DELETE_BATCH(0x18, &(0x7f0000000080)={0x0, 0x0, 0x0, 0x0, 0x1, r1}, 0x38)
sendfile(r0, 0xffffffffffffffff, &(0x7f00000000c0)=0x58, 0x5)
ioctl$XFS_IOC_FSGEOMETRY_V4(r0, 0x8070587c, &(0x7f0000000140))

2m38.361166894s ago: executing program 34 (id=1180):
r0 = openat$sysctl(0xffffffffffffff9c, 0x0, 0x1, 0x0)
r1 = bpf$MAP_CREATE(0x0, &(0x7f0000000100)=ANY=[@ANYBLOB="010000000400100004112200a4e2000001"], 0x48)
ioctl$BTRFS_IOC_SET_FEATURES(r0, 0x40309439, &(0x7f00000001c0)={0x7, 0x2, 0x1})
bpf$BPF_MAP_LOOKUP_AND_DELETE_BATCH(0x18, &(0x7f0000000080)={0x0, 0x0, 0x0, 0x0, 0x1, r1}, 0x38)
sendfile(r0, 0xffffffffffffffff, &(0x7f00000000c0)=0x58, 0x5)
ioctl$XFS_IOC_FSGEOMETRY_V4(r0, 0x8070587c, &(0x7f0000000140))

1m48.243228484s ago: executing program 7 (id=1447):
r0 = socket$nl_generic(0x10, 0x3, 0x10)
r1 = syz_genetlink_get_family_id$nl80211(&(0x7f0000000200), 0xffffffffffffffff)
ioctl$sock_SIOCGIFINDEX_80211(r0, 0x8933, &(0x7f0000000700)={'wlan1\x00', <r2=>0x0})
sendmsg$NL80211_CMD_SET_INTERFACE(r0, &(0x7f0000000340)={0x0, 0x0, &(0x7f0000000300)={&(0x7f0000000240)={0x24, r1, 0x5, 0x0, 0x0, {{}, {@val={0x8, 0x3, r2}, @void}}, [@NL80211_ATTR_IFTYPE={0x8, 0x5, 0x2}]}, 0x24}}, 0x0)
sendmsg$NL80211_CMD_TRIGGER_SCAN(r0, &(0x7f0000000340)={0x0, 0x0, &(0x7f0000000300)={&(0x7f0000000240)={0x40, r1, 0x5, 0x0, 0x0, {{}, {@val={0x8, 0x3, r2}, @void}}, [@NL80211_ATTR_IE={0x11, 0x2a, [@random={0xdd, 0xb, 'abcdefghijk'}]}, @NL80211_ATTR_SCAN_SSIDS={0x10, 0x2d, 0x0, 0x1, [{0xa, 0x0, @default_ap_ssid}]}]}, 0x40}}, 0x0)
syz_80211_inject_frame(&(0x7f0000000300)=@device_b, &(0x7f0000000040)=@mgmt_frame=@beacon={{{}, {}, @device_b, @device_a, @from_mac}, 0x0, @default, 0x1, @val={0x0, 0x6, @default_ap_ssid}, @val={0x1, 0x8, [{0x2, 0x1}, {0x4, 0x1}, {0xb, 0x1}, {0x16, 0x1}, {0xc}, {0x12}, {0x18}, {0x24}]}, @void, @void, @void, @void, @void, @void, @void, @void, @void, @void, @void}, 0x36)
nanosleep(&(0x7f0000000080)={0x0, 0x4c4b40}, &(0x7f00000000c0))
syz_80211_inject_frame(&(0x7f0000000300)=@device_b, &(0x7f0000000340)=@mgmt_frame=@probe_response={{{}, {}, @device_b, @device_a, @from_mac}, 0x0, @default, 0x1, @val={0x0, 0x6, @default_ap_ssid}, @val={0x1, 0x8, [{0x2, 0x1}, {0x4, 0x1}, {0xb, 0x1}, {0x16, 0x1}, {0xc}, {0x12}, {0x18}, {0x24}]}, @void, @void, @void, @void, @void, @void}, 0x36)

1m46.11950503s ago: executing program 7 (id=1455):
openat$vhost_vsock(0xffffffffffffff9c, &(0x7f00000002c0), 0x2, 0x0)
r0 = socket$vsock_stream(0x28, 0x1, 0x0)
bind$vsock_stream(r0, &(0x7f0000000440), 0x10)
listen(r0, 0x6d5)
r1 = socket$vsock_stream(0x28, 0x1, 0x0)
connect$vsock_stream(r1, &(0x7f0000000100)={0x28, 0x0, 0x0, @local}, 0x10)
r2 = socket$vsock_stream(0x28, 0x1, 0x0)
connect$vsock_stream(r2, &(0x7f0000000040)={0x28, 0x0, 0x0, @local}, 0x10)
close(0x3)

1m45.037154941s ago: executing program 7 (id=1459):
syz_open_dev$dri(&(0x7f0000000180), 0x1, 0x0)
r0 = syz_open_dev$tty20(0xc, 0x4, 0x1)
r1 = socket$alg(0x26, 0x5, 0x0)
bind$alg(r1, &(0x7f00000004c0)={0x26, 'skcipher\x00', 0x0, 0x0, 'cbc-camellia-aesni\x00'}, 0x58)
setsockopt$ALG_SET_KEY(r1, 0x117, 0x1, &(0x7f0000000280)="ad56fa8ef1d91a4574758ecefbe1d7a46df6d558ecf1820f", 0x18)
r2 = accept4(r1, 0x0, 0x0, 0x800)
sendmmsg$alg(r2, &(0x7f0000000040)=[{0x0, 0x0, &(0x7f0000000000)=[{&(0x7f0000000080)="f78d9ca38fff48f3be52163448412ba8", 0xfffffe3f}, {&(0x7f0000000140)="ebe3a0e9796cfd1647e299f4e376fdba128280b372219d205e81f4a7f71c1926aae1efd7e0054a863f3d5cfe6cb55b5bb9fa6935849e6098ed884e7cb51726b360fbb37b4fe035bbb095873048"}, {&(0x7f00000003c0)="e8700e444d50a969ff67347cff6127e6ef12ee3819271482a4975a52c1ab9b8b4db3945d1032005eabe97b4dc33a47d3a158da988456d30026b433186f53cdcdb93a4722bf306a10470d50f5cb1ece9ead3459bab1cf1538cd0b157653c5e892962c80f158c443e9c6ad7d2a8103ef2f4b93766b9a21501f94c1568b13756b66f74f46cf801704d2da8b96c34070b233af0afcc436712e58ed25e721193af05a045ad3fdc928f02f3dbad19d3e66eebda2e63f3f46ef4511cee26d7b48241847bf9e343ef4674c45e2a085060f11"}], 0x1, &(0x7f0000000380)=[@op={0x18, 0x117, 0x3, 0x1}], 0x18}], 0x1, 0x40800)
recvmsg(r2, &(0x7f00000005c0)={0x0, 0x0, &(0x7f00000001c0)=[{&(0x7f00000000c0)=""/81, 0x7ffff000}, {&(0x7f0000000200)=""/83, 0x20000253}], 0x2}, 0x0)
write$binfmt_misc(r0, &(0x7f0000000240), 0xfffffecc)

1m43.972523734s ago: executing program 7 (id=1463):
mkdir(&(0x7f0000001a80)='./file0\x00', 0x1cb)
mount$bpf(0x200000000000, &(0x7f0000000000)='./file0/../file0\x00', 0x0, 0x989046, 0x0)
mount$bpf(0x0, &(0x7f00000000c0)='./file0/../file0\x00', 0x0, 0x100000, 0x0)
mount$bpf(0x200000000000, &(0x7f0000000200)='.\x00', 0x0, 0x8b7840, 0x0)
mount$bpf(0x0, &(0x7f0000000040)='./file0\x00', 0x0, 0x84000, 0x0)
mkdir(&(0x7f0000000140)='./file0/../file0\x00', 0x190)
mount$bpf(0x200000000000, &(0x7f0000000000)='./file0\x00', 0x0, 0x989046, 0x0)
mount$bpf(0x200000000000, &(0x7f0000000440)='./file0/../file0\x00', 0x0, 0x2042, 0x0)
move_mount(0xffffffffffffff9c, &(0x7f00000000c0)='./file0\x00', 0xffffffffffffff9c, &(0x7f0000000080)='./file0\x00', 0x100)

1m43.705286973s ago: executing program 7 (id=1466):
sendmmsg$inet(0xffffffffffffffff, &(0x7f0000000cc0)=[{{0x0, 0x0, &(0x7f0000000200)=[{&(0x7f0000000340)}], 0x1}}], 0x1, 0xd0)
r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000300), 0x800, 0x0)
r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0)
setsockopt$SO_ATTACH_FILTER(0xffffffffffffffff, 0x1, 0x1a, &(0x7f0000000000)={0x2, &(0x7f00000000c0)=[{0x30, 0x3, 0x0, 0xfffff03c}, {0x6, 0x80, 0xff}]}, 0x10)
ioctl$KVM_SET_USER_MEMORY_REGION(r1, 0x4020ae46, &(0x7f0000000400)={0x0, 0x0, 0x0, 0x20002000, &(0x7f0000000000/0x2000)=nil})
r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0)
syz_kvm_setup_cpu$x86(0xffffffffffffffff, r2, &(0x7f0000000000/0x18000)=nil, &(0x7f0000000140)=[@text64={0x40, &(0x7f0000000180)="420fc7bc4898580000640f01c50f01c566baf80cb864c95782ef66bafc0cec67670f1b0166b8fb008ec046d9c3c442b90a2c81c442812852fcc744240012000000c74424020b000000ff1c24", 0x4c}], 0x1, 0x0, 0x0, 0x0)
ioctl$KVM_SET_REGS(r2, 0x4090ae82, &(0x7f0000000240)={[0x5836, 0x4, 0x7, 0x4000000000000e51, 0xfffffffffffffffe, 0x5479, 0x1039, 0x200000000006, 0x0, 0x5, 0xfffffffffffffffc, 0xffffffff, 0xbf4, 0xfff, 0x808000000000005, 0x800000068], 0x2000, 0x80cd4})
ioctl$KVM_RUN(r2, 0xae80, 0x0)

1m40.909315009s ago: executing program 7 (id=1477):
ioctl$sock_ipv6_tunnel_SIOCGET6RD(0xffffffffffffffff, 0x89f8, 0x0)
ioctl$ifreq_SIOCGIFINDEX_batadv_mesh(0xffffffffffffffff, 0x8933, 0x0)
ioctl$sock_SIOCGIFINDEX(0xffffffffffffffff, 0x8933, 0x0)
openat$pfkey(0xffffffffffffff9c, &(0x7f0000001440), 0x602180, 0x0)
r0 = socket$inet6_tcp(0xa, 0x1, 0x0)
r1 = dup3(0xffffffffffffffff, r0, 0x0)
setsockopt$inet6_MCAST_LEAVE_GROUP(r0, 0x29, 0x2d, &(0x7f0000001640)={0x0, {{0xa, 0x4e24, 0x9, @loopback, 0x6df}}}, 0x88)
getdents(r1, 0x0, 0x0)
ioctl$SIOCX25SFACILITIES(r1, 0x89e3, 0x0)
syz_open_procfs(0x0, 0x0)

1m40.378055057s ago: executing program 35 (id=1477):
ioctl$sock_ipv6_tunnel_SIOCGET6RD(0xffffffffffffffff, 0x89f8, 0x0)
ioctl$ifreq_SIOCGIFINDEX_batadv_mesh(0xffffffffffffffff, 0x8933, 0x0)
ioctl$sock_SIOCGIFINDEX(0xffffffffffffffff, 0x8933, 0x0)
openat$pfkey(0xffffffffffffff9c, &(0x7f0000001440), 0x602180, 0x0)
r0 = socket$inet6_tcp(0xa, 0x1, 0x0)
r1 = dup3(0xffffffffffffffff, r0, 0x0)
setsockopt$inet6_MCAST_LEAVE_GROUP(r0, 0x29, 0x2d, &(0x7f0000001640)={0x0, {{0xa, 0x4e24, 0x9, @loopback, 0x6df}}}, 0x88)
getdents(r1, 0x0, 0x0)
ioctl$SIOCX25SFACILITIES(r1, 0x89e3, 0x0)
syz_open_procfs(0x0, 0x0)

1m4.659356014s ago: executing program 6 (id=1563):
socket$netlink(0x10, 0x3, 0x15)
socket$inet(0x2, 0x1, 0x100)
syz_emit_vhci(&(0x7f0000000000)=ANY=[@ANYBLOB="040e04003120"], 0x7)
sendmsg$nl_route_sched(0xffffffffffffffff, 0x0, 0x0)
prlimit64(0x0, 0xe, 0x0, 0x0)
sched_setscheduler(0x0, 0x1, 0x0)
getpid()
sched_setaffinity(0x0, 0x0, 0x0)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeef, 0x8031, 0xffffffffffffffff, 0x0)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={<r0=>0xffffffffffffffff})
connect$unix(r0, &(0x7f000057eff8)=@file={0x0, './file0\x00'}, 0x6e)

1m1.561054561s ago: executing program 6 (id=1569):
capset(&(0x7f0000000080)={0x20080522}, &(0x7f0000000040)={0x1000, 0x10ffff, 0xfffffffd})
r0 = gettid()
r1 = signalfd4(0xffffffffffffffff, &(0x7f0000000140)={[0xfffffffffbfffff5]}, 0x8, 0x0)
readv(r1, &(0x7f0000000000)=[{&(0x7f0000000080)=""/59, 0x3b}, {&(0x7f0000000300)=""/69, 0x45}], 0x2)
sendmmsg$inet(0xffffffffffffffff, 0x0, 0x0, 0x8014)
tkill(r0, 0x8)
socket$caif_seqpacket(0x25, 0x5, 0x4)
r2 = socket$inet_tcp(0x2, 0x1, 0x0)
setsockopt$sock_int(r2, 0x1, 0x3c, &(0x7f0000000040)=0x1, 0x4)
setsockopt$inet_tcp_TCP_REPAIR(r2, 0x6, 0x13, &(0x7f00000000c0)=0x1, 0x4)
connect$inet(r2, &(0x7f0000000080)={0x2, 0x0, @loopback}, 0x10)
setsockopt$inet_tcp_TCP_REPAIR(r2, 0x6, 0x13, &(0x7f00000001c0)=0xffffffffffffffff, 0x4)
sendmmsg$inet(r2, &(0x7f0000000d00)=[{{0x0, 0x0, &(0x7f0000002c00)=[{&(0x7f0000000440)="b25b", 0x2}, {&(0x7f0000002800)="cf", 0x1}, {&(0x7f0000000380)='\b', 0x1}, {&(0x7f0000000100)="2a1b1a4552a31452d5c73c376f8a", 0xe}, {&(0x7f0000002b40)='-', 0x1}], 0x5}}, {{0x0, 0x0, &(0x7f0000002f00)=[{&(0x7f0000001580)="ce", 0x1}, {&(0x7f00000007c0)="f2", 0xfea9}, {&(0x7f0000002e40)="d4", 0x1}], 0x3}}, {{0x0, 0x0, &(0x7f0000000b40)=[{&(0x7f0000003000)="e1", 0x1}, {&(0x7f00000010c0)="fa", 0x1}, {&(0x7f0000001680)="d8", 0x1}], 0x3}}, {{0x0, 0x0, &(0x7f0000000a40)=[{&(0x7f0000000340)='\x00', 0x1}], 0x1}}], 0x4, 0x4000084)
setsockopt$sock_int(r2, 0x1, 0x20, &(0x7f0000000000)=0x7fffffff, 0x4)

1m1.051378338s ago: executing program 6 (id=1570):
syz_usb_connect(0x5, 0x79, 0x0, 0x0)
socket$nl_netfilter(0x10, 0x3, 0xc)
poll(&(0x7f0000000380), 0x0, 0xfa2)
openat$cgroup_ro(0xffffffffffffff9c, 0x0, 0x275a, 0x0)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x7, 0x100}, 0x0)
sched_setscheduler(0x0, 0x1, 0x0)
r0 = getpid()
sched_setscheduler(r0, 0x1, &(0x7f0000000200)=0x7)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f00000000c0)={<r1=>0xffffffffffffffff})
connect$unix(r1, &(0x7f000057eff8)=@file={0x0, './file0\x00'}, 0x6e)
recvmmsg(r1, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000000)=0x6)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000000)={0xffffffffffffffff, <r2=>0xffffffffffffffff})
setsockopt$sock_attach_bpf(r2, 0x1, 0x4c, &(0x7f0000000f00), 0x4)

55.990622119s ago: executing program 6 (id=1576):
r0 = syz_open_dev$ndb(&(0x7f0000000000), 0x0, 0x2)
socketpair$nbd(0x1, 0x1, 0x0, &(0x7f0000000040)={<r1=>0xffffffffffffffff})
ioctl$NBD_SET_SOCK(r0, 0xab00, r1)
ioctl$NBD_DO_IT(r0, 0xab03)
ioctl$NBD_CLEAR_SOCK(r0, 0xab04)
r2 = add_key(&(0x7f0000000000)='cifs.spnego\x00', &(0x7f0000000040)={'syz', 0x2}, &(0x7f0000000080)="1d001eba239db2bbf3ede4e64a07026e2406f27e5730c6188ef8084f205da3a9a6d872de03e2731f6ce968dbb70373185fa469f9e8bb122db7f58199f29bab2179e34ed84c0c19d521b3acf84ae52dfe5810dd42ca77c2c87a9da46f6ae62943134bc9f55b1c4b40ca8b689232dd91a9dce1c7e0f0ae", 0x76, 0xfffffffffffffff9)
r3 = add_key$keyring(&(0x7f00000003c0), &(0x7f0000000400)={'syz', 0x1}, 0x0, 0x0, 0xfffffffffffffffb)
pipe2$watch_queue(&(0x7f0000000080)={<r4=>0xffffffffffffffff}, 0x80)
keyctl$KEYCTL_WATCH_KEY(0x20, r3, r4, 0x0)
r5 = socket$nl_route(0x10, 0x3, 0x0)
r6 = socket$inet6(0xa, 0x2, 0x0)
sendmsg$nl_route(r5, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000000280)={&(0x7f0000000300)=@newlink={0x38, 0x10, 0x403, 0x200000, 0x0, {0x0, 0x0, 0x0, 0x0, 0x12080, 0x24046}, [@IFLA_LINKINFO={0x18, 0x12, 0x0, 0x1, @gtp={{0x8}, {0xc, 0x2, 0x0, 0x1, [@IFLA_GTP_FD0={0x8, 0x1, @udp6=r6}]}}}]}, 0x38}, 0x1, 0xba01}, 0x0)
keyctl$setperm(0x5, r3, 0x10000)
keyctl$reject(0x13, r2, 0x1, 0x6, r2)

49.768489618s ago: executing program 6 (id=1590):
r0 = openat$tun(0xffffffffffffff9c, &(0x7f0000000100), 0x0, 0x0)
ioctl$TUNSETIFF(r0, 0x400454ca, &(0x7f0000000040)={'syzkaller0\x00', 0x2})
close(0xffffffffffffffff)
socket$nl_generic(0x10, 0x3, 0x10)
close(0xffffffffffffffff)
r1 = socket$unix(0x1, 0x2, 0x0)
r2 = socket$nl_route(0x10, 0x3, 0x0)
ioctl$sock_SIOCGIFINDEX(r1, 0x8933, &(0x7f0000000100)={'syzkaller0\x00', <r3=>0x0})
r4 = socket$unix(0x1, 0x1, 0x0)
r5 = socket$nl_route(0x10, 0x3, 0x0)
ioctl$sock_SIOCGIFINDEX(r4, 0x8933, &(0x7f0000000100)={'syzkaller0\x00', <r6=>0x0})
sendmsg$nl_route_sched(r5, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000180)={&(0x7f00000026c0)=@newqdisc={0x48, 0x24, 0x4ee4e6a52ff56541, 0x70bd2d, 0x0, {0x0, 0x0, 0x0, r6, {0x0, 0xb}, {0xffff, 0xffff}, {0xfff2, 0x2}}, [@qdisc_kind_options=@q_cbs={{0x8}, {0x1c, 0x2, @TCA_CBS_PARMS={0x18, 0x1, {0x0, '\x00', 0x1, 0x7, 0x100, 0x8}}}}]}, 0x48}, 0x1, 0x0, 0x0, 0x20000001}, 0x0)
sendmsg$nl_route_sched(r2, &(0x7f0000000200)={0x0, 0x0, &(0x7f0000000140)={&(0x7f0000000340)=@newqdisc={0x2c, 0x24, 0x4ee4e6a52ff56541, 0x71b52c, 0x80000, {0x0, 0x0, 0x0, r3, {0x0, 0x6}, {0x2, 0xb}, {0xffe0, 0xb}}, [@qdisc_kind_options=@q_qfg={0x8}]}, 0x2c}, 0x1, 0x0, 0x0, 0x20000000}, 0x4008000)

44.896870226s ago: executing program 6 (id=1599):
prlimit64(0x0, 0xe, &(0x7f0000000040)={0x8, 0x8b}, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000080)=0x8)
r0 = getpid()
sched_setscheduler(r0, 0x2, 0x0)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={<r1=>0xffffffffffffffff, <r2=>0xffffffffffffffff})
connect$unix(r1, &(0x7f000057eff8)=@abs, 0x6e)
sendmmsg$unix(r2, &(0x7f0000000000), 0x651, 0x0)
recvmmsg(r1, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
r3 = socket$kcm(0x2, 0x5, 0x84)
setsockopt$sock_attach_bpf(r3, 0x84, 0x14, &(0x7f0000000000), 0x8)
socket$inet_icmp_raw(0x2, 0x3, 0x1)
r4 = syz_open_dev$tty1(0xc, 0x4, 0x1)
ioctl$VT_DISALLOCATE(r4, 0x5608)

28.454094809s ago: executing program 36 (id=1599):
prlimit64(0x0, 0xe, &(0x7f0000000040)={0x8, 0x8b}, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000080)=0x8)
r0 = getpid()
sched_setscheduler(r0, 0x2, 0x0)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={<r1=>0xffffffffffffffff, <r2=>0xffffffffffffffff})
connect$unix(r1, &(0x7f000057eff8)=@abs, 0x6e)
sendmmsg$unix(r2, &(0x7f0000000000), 0x651, 0x0)
recvmmsg(r1, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
r3 = socket$kcm(0x2, 0x5, 0x84)
setsockopt$sock_attach_bpf(r3, 0x84, 0x14, &(0x7f0000000000), 0x8)
socket$inet_icmp_raw(0x2, 0x3, 0x1)
r4 = syz_open_dev$tty1(0xc, 0x4, 0x1)
ioctl$VT_DISALLOCATE(r4, 0x5608)

15.461312671s ago: executing program 0 (id=1634):
socket$nl_netfilter(0x10, 0x3, 0xc)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0)
sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x7)
r0 = getpid()
sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2)
sched_setscheduler(r0, 0x2, &(0x7f0000000200)=0x3)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f05ebbeef, 0x8031, 0xffffffffffffffff, 0x0)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={<r1=>0xffffffffffffffff, <r2=>0xffffffffffffffff})
connect$unix(r1, &(0x7f000057eff8)=@file={0x0, './file0\x00'}, 0x6e)
sendmmsg$unix(r2, &(0x7f0000000000), 0x400000000000041, 0x0)
sched_setaffinity(r0, 0x0, 0x0)
recvmmsg(r1, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
mkdir(&(0x7f0000000300)='./bus\x00', 0x0)
io_getevents(0x0, 0x407, 0x0, 0x0, 0x0)
mkdirat(0xffffffffffffff9c, &(0x7f0000000240)='./file1\x00', 0x40)
mkdirat(0xffffffffffffff9c, 0x0, 0x1a0)
mount$overlay(0x0, &(0x7f0000000000)='./bus\x00', &(0x7f0000000080), 0x0, &(0x7f0000000380)={[{@upperdir={'upperdir', 0x3d, './file1'}}, {@lowerdir={'lowerdir', 0x3d, './file0'}}, {@workdir={'workdir', 0x3d, './bus'}}, {@nfs_export_on}]})
chdir(&(0x7f00000000c0)='./bus\x00')
r3 = openat(0xffffffffffffff9c, &(0x7f0000000080)='./file1\x00', 0x42, 0x0)
r4 = creat(&(0x7f0000000580)='./file1\x00', 0x0)
r5 = fanotify_init(0xf00, 0x1)
sendmsg$NL80211_CMD_STOP_P2P_DEVICE(r3, &(0x7f0000000500)={&(0x7f0000000180)={0x10, 0x0, 0x0, 0x4000}, 0xc, &(0x7f00000004c0)={&(0x7f00000005c0)=ANY=[@ANYBLOB="1c000000", @ANYRES16=0x0, @ANYRES32=0x0, @ANYBLOB="30b0c52467f9417e6464e27f648ec8a5bfbfe5c54ab6eacddbfb4c48e776cd2ff7456b71cda2e92fef1900419fbf024060b31796e1ff537e155b5e09f1a9fc61bad277fc19f6e1bc864502df20c8735e89152d5dc233ba30a36bfe78b06e50"], 0x1c}}, 0x0)
fanotify_mark(r5, 0x105, 0x40009975, r4, 0x0)
fallocate(r3, 0x0, 0x1000000, 0x3)
mmap(&(0x7f0000000000/0x600000)=nil, 0x600000, 0x27ffff7, 0x4012011, r3, 0x0)

13.809425616s ago: executing program 1 (id=1637):
ioctl$BTRFS_IOC_SPACE_INFO(0xffffffffffffffff, 0xc0109414, 0x0)
socket$nl_generic(0x10, 0x3, 0x10)
syz_genetlink_get_family_id$batadv(&(0x7f0000000400), 0xffffffffffffffff)
r0 = socket$kcm(0x10, 0x2, 0x0)
r1 = socket$nl_route(0x10, 0x3, 0x0)
sendmsg$nl_route_sched(r1, &(0x7f0000000300)={0x0, 0x0, &(0x7f00000002c0)={&(0x7f00000004c0)=@newtaction={0x78, 0x30, 0xffff, 0xfffffffe, 0x0, {}, [{0x64, 0x1, [@m_police={0x30, 0x1, 0x0, 0x0, {{0xb}, {0x4}, {0x4}, {0xc}, {0xc}}}, @m_gact={0x30, 0x2, 0x0, 0x0, {{0x9}, {0x4}, {0x4}, {0xc}, {0xc, 0x8, {0x73251c587dd540e9}}}}]}]}, 0x78}}, 0x0)
semop(0x0, &(0x7f0000000140)=[{0x4, 0x6, 0x1800}, {0x4, 0x3, 0x3000}, {0x3, 0xfffb, 0x1000}], 0x3)
r2 = socket$nl_generic(0x10, 0x3, 0x10)
r3 = syz_genetlink_get_family_id$devlink(&(0x7f00000001c0), r2)
sendmsg$DEVLINK_CMD_RATE_SET(r2, &(0x7f0000000440)={0x0, 0x0, &(0x7f0000000580)={&(0x7f0000000000)={0x3c, r3, 0x801, 0x70bd2a, 0x25dfdbfd, {0x2a}, [@DEVLINK_ATTR_PORT_INDEX={0x8, 0x58}, @handle=@nsim={{0xe}, {0xf, 0x2, {'netdevsim', 0x0}}}]}, 0x3c}, 0x1, 0x0, 0x0, 0xd4209235c937efa7}, 0x0)
semop(0x0, &(0x7f0000000180)=[{0x3, 0x5, 0x3000}], 0x1)
sendmsg$kcm(r0, &(0x7f00000002c0)={0x0, 0x0, &(0x7f0000000080)=[{&(0x7f0000000300)="2e00000011008108090f9becdb4cb9200a4831371400000069bd6efb2502eaf60d000300020400bf050005001201", 0x2e}], 0x1}, 0x0)
r4 = dup(0xffffffffffffffff)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xa, 0x13, r4, 0x5000)
ioctl$SNDRV_SEQ_IOCTL_GET_QUEUE_INFO(r4, 0xc08c5334, &(0x7f00000001c0)={0x81, 0x0, 0x1, 'queue0\x00', 0xbc49})
bpf$MAP_CREATE_CONST_STR(0x0, &(0x7f00000002c0)={0x2, 0x4, 0x8, 0x1, 0x80, 0x0, 0x0, '\x00', 0x0, 0x0}, 0x50)
read$FUSE(0xffffffffffffffff, &(0x7f0000001280)={0x2020}, 0x2020)
r5 = bpf$MAP_CREATE_RINGBUF(0x0, &(0x7f0000000180)=ANY=[@ANYBLOB="1b0000000000000000000000000004"], 0x48)
bpf$PROG_LOAD(0x5, &(0x7f0000000840)={0x10, 0xf, &(0x7f0000000040)=@ringbuf={{0x18, 0x8, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x8}, {{0x18, 0x1, 0x1, 0x0, r5}, {}, {}, {0x85, 0x0, 0x0, 0x5}, {0x4, 0x1, 0xb, 0x9, 0xa}}, {{0x5, 0x0, 0x3}}, [], {{0x7, 0x1, 0xb, 0x8}, {0x6, 0x0, 0x5, 0x8}, {0x85, 0x0, 0x0, 0xbf}}}, &(0x7f0000000980)='GPL\x00', 0x5, 0x0, 0x0, 0x0, 0x9, '\x00', 0x0, @sk_msg, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2}, 0x94)
syz_usb_connect(0x0, 0x24, &(0x7f0000000300)={{0x12, 0x1, 0x310, 0xd1, 0xe6, 0x5d, 0x10, 0x411, 0x12, 0x15b8, 0x1, 0x2, 0x3, 0x1, [{{0x9, 0x2, 0x12, 0x1, 0x4, 0x2, 0x80, 0x4, "", [{{0x9, 0x4, 0x6, 0x0, 0x0, 0xb7, 0xc9, 0xa2, 0x3}}]}}]}}, &(0x7f0000001240)={0x0, 0x0, 0x0, 0x0})

10.225241205s ago: executing program 5 (id=1640):
socketpair$unix(0x1, 0x3, 0x0, 0x0)
r0 = gettid()
timer_create(0x0, 0x0, &(0x7f0000bbdffc))
fcntl$lock(0xffffffffffffffff, 0x24, &(0x7f0000000040)={0x0, 0x0, 0x10001, 0x5})
mprotect(&(0x7f0000000000/0xf000)=nil, 0xf000, 0x1)
timer_settime(0x0, 0x1, &(0x7f0000000040)={{}, {0x0, 0x989680}}, 0x0)
mmap(&(0x7f0000000000/0x200000)=nil, 0x200000, 0x300000b, 0x204031, 0xffffffffffffffff, 0xec776000)
pipe(&(0x7f0000000000)={<r1=>0xffffffffffffffff, <r2=>0xffffffffffffffff})
r3 = open(&(0x7f0000000000)='./bus\x00', 0x141b42, 0x8)
r4 = syz_open_dev$cec(&(0x7f0000000200), 0xffffffffffffffff, 0x4ae60)
ioctl$CEC_ADAP_S_LOG_ADDRS(r4, 0xc05c6104, &(0x7f0000000340)={'\x00\f\x00', 0x0, 0x5, 0x1, 0x200000, 0x9, "00000000020000f50800", '\x00', '\x00', '\x00', ["fdffffff84a438dfc4d5c010", "d78cb8b0211a83be12ff0bff"]})
ioctl$CEC_TRANSMIT(r4, 0xc0386105, &(0x7f0000000000)={0x8, 0x0, 0x8, 0xd13e, 0x4, 0x2, "55c799fa9efa88afad769ab115199085", 0x2, 0x76, 0x4, 0xe2, 0x0, 0x4, 0x7})
r5 = syz_init_net_socket$802154_dgram(0x24, 0x2, 0x0)
setsockopt$WPAN_SECURITY_LEVEL(r5, 0x0, 0x2, 0x0, 0x0)
r6 = syz_open_procfs(r0, 0x0)
mount$9p_fd(0x0, &(0x7f0000000300)='.\x00', &(0x7f0000000080), 0x0, &(0x7f0000000240)={'trans=fd,', {'rfdno', 0x3d, r6}})
pipe(&(0x7f0000000180)={<r7=>0xffffffffffffffff, <r8=>0xffffffffffffffff})
splice(r7, 0x0, r3, 0x0, 0x1000, 0x800000000000000)
splice(r1, 0x0, r8, 0x0, 0x80, 0x8)
r9 = syz_open_dev$sndctrl(&(0x7f0000000100), 0x0, 0x0)
ioctl$SNDRV_CTL_IOCTL_ELEM_ADD(r9, 0xc1105517, &(0x7f0000000340)={{0x0, 0x0, 0x0, 0x0, 'syz0\x00'}, 0x6, 0x0, 0x4, 0x0, 0x0, 0x0, 'syz1\x00', 0x0})
ioctl$SNDRV_CTL_IOCTL_ELEM_WRITE(r9, 0xc1105518, &(0x7f0000000040)={{0x0, 0x0, 0x0, 0x0, 'syz0\x00'}, 0x1, [0x7, 0xfffffffffffffffc, 0x0, 0x2, 0x0, 0x0, 0x0, 0x0, 0x6, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x9, 0x0, 0x0, 0x0, 0x0, 0x0, 0x20000000, 0x0, 0x0, 0x0, 0x0, 0xfffffffffffff3e5, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x9, 0x4, 0x8, 0x0, 0x0, 0x20000000, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3, 0x0, 0x0, 0x1, 0x0, 0x0, 0x200000000, 0x1, 0x0, 0xfffffffffffffffe, 0x0, 0x2, 0x2, 0x0, 0x0, 0x0, 0x0, 0x1, 0xed9b, 0x0, 0x0, 0x7ff, 0x0, 0x0, 0x9, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x9, 0x2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4, 0x0, 0x4, 0x5, 0x400000000, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x100, 0x0, 0x0, 0x0, 0x0, 0xffffffffffffffff]})
write$tun(r2, &(0x7f00000033c0)=ANY=[], 0x107c)

9.71616584s ago: executing program 1 (id=1641):
bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000840)={0x18, 0x3, &(0x7f0000000380)=ANY=[], 0x0, 0x2, 0xba, &(0x7f0000000140)=""/186, 0x40f00, 0x2b, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x37}, 0x94)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0)
sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x7)
r0 = getpid()
sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2)
sched_setscheduler(r0, 0x2, &(0x7f0000000200)=0x6)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeef, 0x8031, 0xffffffffffffffff, 0x0)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={<r1=>0xffffffffffffffff, <r2=>0xffffffffffffffff})
connect$unix(r1, &(0x7f000057eff8)=@file={0x0, './file0\x00'}, 0x6e)
sendmmsg$unix(r2, &(0x7f0000000000), 0x400000000000041, 0x0)
mount$9p_virtio(&(0x7f00000001c0), 0x0, 0x0, 0x8c, 0x0)
r3 = openat$adsp1(0xffffffffffffff9c, &(0x7f0000000000), 0x80002, 0x0)
ioctl$SNDCTL_DSP_SETFMT(r3, 0xc0045005, &(0x7f0000000080)=0x40000)
r4 = socket$inet6_sctp(0xa, 0x1, 0x84)
setsockopt$inet_sctp6_SCTP_PEER_ADDR_PARAMS(r4, 0x84, 0x9, &(0x7f0000000580)={0x0, @in={{0x2, 0x0, @empty}}, 0x0, 0x0, 0x3fc, 0x0, 0x32}, 0x9c)
cachestat(r2, &(0x7f00000000c0)={0x2f, 0x3}, &(0x7f0000000100), 0x0)
setsockopt$inet_sctp6_SCTP_DEFAULT_PRINFO(r4, 0x84, 0x72, 0x0, 0x0)
r5 = socket$nl_netfilter(0x10, 0x3, 0xc)
sendmsg$NFT_BATCH(r5, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000000)={&(0x7f00000026c0)=ANY=[], 0x108}}, 0x0)
setsockopt$inet_sctp6_SCTP_PEER_ADDR_PARAMS(r4, 0x84, 0x9, &(0x7f0000000000)={0x0, @in6={{0xa, 0x0, 0x0, @empty}}, 0x0, 0x800, 0x0, 0x0, 0x8a}, 0x9c)
bind$inet6(r4, &(0x7f00004b8fe4)={0xa, 0x4e23, 0x0, @loopback}, 0x1c)
sendto$inet6(r4, &(0x7f0000847fff)='X', 0x34000, 0x0, &(0x7f000005ffe4)={0xa, 0x4e23, 0x0, @loopback}, 0x1c)
setsockopt$inet_sctp6_SCTP_PEER_ADDR_PARAMS(r4, 0x84, 0x9, &(0x7f0000000a00)={0x0, @in6={{0xa, 0x4e23, 0x0, @loopback}}, 0x100, 0x0, 0x0, 0x0, 0x54}, 0x9c)
setsockopt$bt_l2cap_L2CAP_LM(0xffffffffffffffff, 0x6, 0x3, 0x0, 0x0)

9.600850112s ago: executing program 0 (id=1642):
socket$nl_netfilter(0x10, 0x3, 0xc)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000240)=0x8)
r0 = getpid()
sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2)
sched_setscheduler(r0, 0x2, &(0x7f0000000200)=0x7)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeeb, 0x8031, 0xffffffffffffffff, 0x0)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={<r1=>0xffffffffffffffff, <r2=>0xffffffffffffffff})
connect$unix(r1, &(0x7f000057eff8)=@abs, 0x6e)
sendmmsg$unix(r2, &(0x7f0000000000), 0x651, 0x0)
recvmmsg(r1, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
r3 = socket(0x10, 0x3, 0x0)
write(r3, &(0x7f0000000000)="240000001a005f0314f9f407000904000200000001000000000000000800040001000000", 0x24)
recvmmsg(r3, &(0x7f0000000040)=[{{0x0, 0x0, 0x0}}], 0x1, 0x2002, 0x0)
r4 = bpf$PROG_LOAD(0x5, &(0x7f00000004c0)={0x30cf5ccb03c1cc8a, 0x3, &(0x7f0000000440)=ANY=[], &(0x7f0000281ffc)='GPL\x00', 0x0, 0x0, 0x0, 0x41100, 0x6a, '\x00', 0x0, @fallback=0x38}, 0x94)
r5 = socket$inet6(0xa, 0x80002, 0x0)
fsconfig$FSCONFIG_CMD_CREATE(0xffffffffffffffff, 0x6, 0x0, 0x0, 0x0)
fsmount(0xffffffffffffffff, 0x0, 0x80)
write$cgroup_pid(0xffffffffffffffff, &(0x7f0000001c00), 0x12)
ioctl(r4, 0xbb, &(0x7f0000000580)="f923c5e5c36ea15affcd887c0115eb2704d71eafc8621382a101e0e704e19a810df7e47540c635297fddd4f5ecfd57b8a5e21f167c2bc9a494007065366d90843dbd32d1f17210b08c3f2efa1160c4b8efe468dea89f7095b9fdae476defadd6a7c216e86adea4645da95797df99d5a5c20459f3f17405844646b53ad363e9118aa0ca86f9dab8c9f30ce6c7c70f92a8c1df72803f2bf500d388092ff2ae3a3ec2548d17aee4ed6d4be941493b0596052427c0cf7670165d198de2797c3818a2fa4aebf7e22410fe79fde05f537aa6da3d374c5884c00eb72059280faa7be0ca543844d6c13ab0bad914b2458195c9fbec32125bceccd550cc893e8d76f9a71780755cb860cd693ad672cf7a1e35f088a003bd4321c395c9ca6c861e200a6bcc67763a90c6973a5e0bf30af1797dd9d4347f6655c834e2990de4b0aa68d6b007799be03fabd2758e204f753ff005fcaeaf5dc65ee6e71ae9a5909504a64ca538494f639607517846f3d12b6047eb5f4241762aad3215417e5e0c3fb091011379e79b797ae2ede61b3890f6e6efbc7a04bb7a991681dcc9ef01bba806b3b21fdcb4c37a811e3802db149450a3b8b20a3ccb0b286ce822365380828465b9b1bfaf91a4efe455e46f28dc815b478d037cceb0a7d2bfc09f6b0c2fac574b5b3760921e9ab268c3907c07cc98dacb06d52f075bb4c7a7e42e60fa5716779b4173e1e022b092cd181c26aed23957242f84dc570a998398a2d9215457f4b86cab409ee39d921ddbb8e4ce1a467d5297023b075fd75c79cadc1ac992ee213d0eaae36b2be468e471f61c26767710bfb289dc790645647269010c571cea85d3dd22e6c0f6d1744289cc88421ab72d0c971a9173aa0f68fe2bf81bd41a47d3b93042e16d6d3925eb6a73673fc15b32012cade9b9b85c06b2f5a5ab917a1ca8f52d548040b8c1ee4b8b89928d562e30b5b967776b0ec01ca122218ecdbcd8c2dcbd936689b1ffe2f4934b8c8793fdd81a64ff8f5682b4eb97e1595a69b56f92bc2fab7715076f7b2ecb9a79695f1915731e5aede02271901af193b9915090d6c8cd794013f25ce9cb768cd29cabe4985fb2a1d8780608e280083d2e7a3f3cb4b3d45c4827d7a2f59066bdb2d89a5138530be6511bdb1ae9eba29cc79cee746f8cfd13e3065c971b323b058dd4a3a6a166bfa474df575ef7c4b23ecb6df200b69d36ab30f4f97ca21dd2366b472d8fbafff213126f60fa8fb8644d61510c863d4b2da2855edb214af9c5c33279e00e51c532ad1bb5a1eda07bb49f56014ca50bdc6a025ef132543c465dc71a3ab2ca91e8e632512ef015874c3173a47b32e6c3355b060dafb55e24b3a9749ad4c18d042323a9f2a8ca28298f26a98d0be59f3c88ac6512093e1d2d657ace3f76a2456679aceb257bd1810992afa864686a1ac11c27d179ca95e5ec12382a9595a5e4e079817f847cdffd8556b398c2251c2e68fe196361870aaaf7c7d5edac5756c197fc40d7d917d87e74b5510528be0747a883ae4347e43976cd51af3219cf69864e3a93d243ea61105fc3176965872bb91d3da83385540107f0c4dccf647a3f2c58dacdbb8788fe93ff3bbfac58bf9f214726ab32b1f60df3176a71481b7c9789d9d54e69a9e435379a15d5df8dc468014c606f161847990ad11171d1c5cd785d65bd66467b643797c6a6486a1f3724379d6f0acdf2470065571018b9b5be3360f35b4fec7ab7bf1e5d4fabc449b51c95463465051660e1ef1394038ee94e6617a06936951fcb6645d0230b2560ba934b3b93cd2c2cdd3cc0cc941b4135ba979bcf7b839f3d878ab2870e33c7f8526d68c19e0ce709367cc2f118a1401f5622f548ccfda9bae33bf642d820305662c6e97dc6a8b8ede08653ac404fcb6e87d81dbbc7dd9c236956c990bfe568c3695f3f4e1cb4d3e635464bdbd550e905116bc419d0de80ab8c5de387f9020b49a4b6f4df2c3716e35e2bf42366f87284f311d775530dfd4d8d10f6deb90638e509f00616d6e8316f067c516ad61a62b4306b09680c05e3f570a591cf834f3c3eb8cd2ffb9b69973a75e0d9b599dcb3b24cc7de3790831d3d53418f1dbc5d7a0bc14570ac21fdd44a55d909172213de3e29c46d5a79e281bbb84d826bc833598f35f372f40b6c9487511fa28b2dea265f1384253321c61e5b1cf3c30cfe07c0bd67a15ad02b81914ef2e6af653083cd9bb9df728be548ff90d35ea65118c22f4b04f55f7ef4320fb3f901685bbca760a7f9a72c6229b2ce33be618fe65be8b434d9a29a39e2995766b84e42dcc9e97bfd694e40b9d09c3950c633cba18f6e120f223fd4c232343f08b63654ab5de6af62a0654ef12004102dbbdc9fa9756b20318c3bb95b249654e18703de488eec20074e903f41a9a92b1cd116db14813f80eae0e98946103f8a38f6789555ab52b4b77ee42509c957f1203908e01475453573516e0e05e2c334134a4659fa8f")
connect$inet6(r5, &(0x7f0000000000)={0xa, 0x4e22, 0x0, @dev, 0x5}, 0x1c)
socket$nl_route(0x10, 0x3, 0x0)
syz_emit_ethernet(0x0, 0x0, 0x0)
r6 = socket$igmp6(0xa, 0x3, 0x2)
setsockopt$IP6T_SO_SET_REPLACE(r6, 0x29, 0x40, &(0x7f0000000440)=@raw={'raw\x00', 0x8, 0x3, 0x4c8, 0x0, 0xffffffff, 0xffffffff, 0x0, 0xffffffff, 0x3f8, 0xffffffff, 0xffffffff, 0x3f8, 0xffffffff, 0x3, 0x0, {[{{@ipv6={@private0, @mcast2, [], [], 'veth0_macvtap\x00', 'bridge0\x00'}, 0x0, 0x148, 0x170, 0x0, {}, [@common=@unspec=@helper={{0x48}}, @common=@inet=@hashlimit1={{0x58}, {'bond_slave_1\x00', {0x41, 0x1ff, 0x6, 0xb0e2, 0x10001, 0x84e, 0xfffffffb, 0x18, 0x8}, {0x1}}}]}, @common=@unspec=@NFQUEUE0={0x28}}, {{@ipv6={@remote, @ipv4={'\x00', '\xff\xff', @dev}, [], [], 'erspan0\x00', 'gre0\x00', {0xff}, {}, 0x0, 0x0, 0x0, 0x4b}, 0x0, 0x258, 0x288, 0x0, {}, [@common=@inet=@hashlimit1={{0x58}, {'pim6reg\x00', {0x0, 0x0, 0x5, 0x0, 0x0, 0x7, 0x3ff}}}, @common=@inet=@hashlimit3={{0x158}, {'vcan0\x00', {0x3, 0x0, 0x41, 0xfffffffe, 0x2, 0x1000, 0x6, 0x3}}}]}, @common=@unspec=@CONNMARK={0x30}}], {{'\x00', 0x0, 0xa8, 0xd0}, {0x28, '\x00', 0x7}}}}, 0x528)
syz_emit_ethernet(0xea, &(0x7f0000000700)=ANY=[@ANYBLOB="aaaaaaaaaaaa00000000000086dd60a24b9f00b42b00fe8000"/37], 0x0)

9.595781832s ago: executing program 5 (id=1643):
socket$nl_netfilter(0x10, 0x3, 0xc)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0)
sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x7)
r0 = getpid()
sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2)
sched_setscheduler(r0, 0x2, &(0x7f0000000200)=0x6)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={<r1=>0xffffffffffffffff, <r2=>0xffffffffffffffff})
connect$unix(r1, &(0x7f000057eff8)=@abs, 0x6e)
sendmmsg$unix(r2, &(0x7f0000000000), 0x651, 0x0)
recvmmsg(r1, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
socket$nl_netfilter(0x10, 0x3, 0xc)
sendmsg$IPCTNL_MSG_CT_GET(0xffffffffffffffff, &(0x7f0000000200)={0x0, 0x0, &(0x7f0000000280)={&(0x7f0000000300)=ANY=[@ANYBLOB], 0x74}}, 0x20048044)
sched_setaffinity(0x0, 0x8, &(0x7f0000000240)=0x6)
pipe(0x0)
r3 = fsopen(&(0x7f0000000080)='autofs\x00', 0x0)
fsconfig$FSCONFIG_SET_FD(r3, 0x5, &(0x7f00000005c0)='fd', 0x0, r2)
r4 = syz_open_dev$dri(&(0x7f0000000080), 0x1, 0x400)
ioctl$DRM_IOCTL_MODE_GETPLANE(r4, 0xc02064b6, &(0x7f00000001c0)={0x0, <r5=>0x0, 0x0, 0x0, 0x0, 0x0, 0x0})
ioctl$DRM_IOCTL_MODE_OBJ_GETPROPERTIES(r4, 0xc02064b9, &(0x7f00000002c0)={&(0x7f0000000240)=[0x0, 0x0, 0x0], &(0x7f0000000040), 0x3, r5})

7.679104201s ago: executing program 0 (id=1644):
bpf$BPF_BTF_LOAD(0x12, &(0x7f00000001c0)={&(0x7f0000000040)={{0xeb9f, 0x1, 0x0, 0x18, 0x0, 0x24, 0x24, 0x2, [@func_proto={0x0, 0x0, 0x0, 0x2, 0x2}, @array={0x0, 0x0, 0x0, 0xa, 0x3, {0x0, 0x9000000, 0x2}}]}}, 0x0, 0x3e}, 0x28)
bpf$MAP_CREATE(0x0, &(0x7f0000000340)=ANY=[@ANYBLOB="0f0000000000000000006c556043e415f5be3d92b70b679af0a8000000000000000000009d2088d475376003e24deda95c737a9b2270c829714588c8b35be916aa286dc43143b5282f9a876969fd9af536b35909a20c8b9f66c13a2628678e6781174d5fa499ac96b6e8055bc96b1897f2f75eb9ac698b15ca1540f2dee32976392ea9f8aab7bbc12bb31600eb434cee11e8833506982781c9ec10c3b136e4166c714ecd58766067207355f3d6edb88f73c59f1cfa647ed3613bdb04285f22588a425ef3c45a343e992919397a990e48bcb0de3566802ad7a2087e031bc5feb60ce342e946ddb20c388310b40533505c0467e280d0371fa12ba4d52c168acbc3ab6899437093906d21226a12fda8cf", @ANYRES32, @ANYBLOB='\x00'/20, @ANYRES32, @ANYBLOB='\x00'/28], 0x50)
socketpair$unix(0x1, 0x3, 0x0, &(0x7f0000000080)={<r0=>0xffffffffffffffff})
madvise(&(0x7f0000bdf000/0x1000)=nil, 0x1000, 0x17)
r1 = socket$inet(0x2b, 0x801, 0x0)
r2 = socket(0x10, 0x3, 0x0)
r3 = syz_open_dev$video4linux(0x0, 0x5, 0x0)
ioctl$VIDIOC_SUBDEV_ENUM_MBUS_CODE(r3, 0xc0305602, 0x0)
sendto$inet(0xffffffffffffffff, 0x0, 0x0, 0x2400076c, 0x0, 0x0)
bpf$MAP_CREATE(0x0, &(0x7f0000000480)=ANY=[@ANYRES32], 0x50)
bpf$PROG_LOAD(0x5, 0x0, 0x0)
syz_emit_ethernet(0x378, &(0x7f0000000580)=ANY=[@ANYRES8=r2], 0x0)
sendmsg$inet(0xffffffffffffffff, &(0x7f0000000180)={0x0, 0x0, &(0x7f0000000280)}, 0x41)
syz_usb_control_io$cdc_ecm(0xffffffffffffffff, 0x0, 0x0)
syz_usb_ep_write$ath9k_ep1(0xffffffffffffffff, 0x82, 0xfffffffffffffea8, &(0x7f0000000100)=ANY=[])
getsockopt$IP_VS_SO_GET_SERVICE(r1, 0x0, 0x483, &(0x7f0000000100), &(0x7f0000000080)=0x68)
accept4(r0, &(0x7f0000000200)=@in={0x2, 0x0, @private}, &(0x7f0000000280)=0x80, 0x81800)
r4 = syz_open_procfs(0x0, &(0x7f00000001c0)='net/psched\x00')
close_range(r4, r4, 0x0)
io_uring_register$IORING_REGISTER_BUFFERS_UPDATE(r4, 0x10, &(0x7f0000000a80)={0x7, 0x0, &(0x7f00000009c0)=[{&(0x7f00000002c0)=""/78, 0x4e}, {&(0x7f00000004c0)=""/102, 0x66}, {&(0x7f00000005c0)=""/207, 0xcf}, {&(0x7f00000006c0)=""/49, 0x31}, {&(0x7f0000000700)=""/220, 0xdc}, {&(0x7f0000000800)=""/182, 0xb6}, {&(0x7f00000008c0)=""/193, 0xc1}], &(0x7f0000000a40)=[0x448], 0x7}, 0x20)

7.540359142s ago: executing program 1 (id=1645):
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x88}, 0x0)
sched_setscheduler(0x0, 0x1, &(0x7f0000000240)=0x7)
r0 = getpid()
sched_setscheduler(r0, 0x2, &(0x7f0000000200)=0x7)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={<r1=>0xffffffffffffffff, <r2=>0xffffffffffffffff})
connect$unix(r1, &(0x7f000057eff8)=@abs, 0x6e)
sendmmsg$unix(r2, &(0x7f0000000000), 0x651, 0x0)
recvmmsg(r1, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000000)=0x6)
socket$nl_sock_diag(0x10, 0x3, 0x4)
mlock2(&(0x7f0000627000/0x3000)=nil, 0x3000, 0x0)
mlock(&(0x7f0000626000/0x5000)=nil, 0x5000)
r3 = syz_open_dev$dri(0x0, 0x1, 0x0)
ioctl$DRM_IOCTL_SET_CLIENT_CAP(r3, 0x4010640d, &(0x7f0000000000)={0x3, 0x2})
ioctl$DRM_IOCTL_MODE_OBJ_GETPROPERTIES(r3, 0xc02064b9, &(0x7f0000000540)={&(0x7f0000000380)=[0x0, 0x0, 0x0, 0x0], &(0x7f0000000240), 0xc, 0x0, 0xeeeeeeee})
r4 = socket(0x2b, 0x1, 0x1)
setsockopt$inet6_tcp_TCP_REPAIR(r4, 0x6, 0x13, &(0x7f0000000000)=0x1, 0x4)
connect$inet6(r4, &(0x7f00000000c0)={0xa, 0x4e5b, 0x80000000, @empty, 0x8}, 0x1c)

5.386564072s ago: executing program 1 (id=1646):
mmap(&(0x7f0000000000/0x200000)=nil, 0x200000, 0x300000b, 0x204031, 0xffffffffffffffff, 0xb320a000)
pipe2(0x0, 0x0)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x88}, 0x0)
sched_setscheduler(0x0, 0x1, &(0x7f0000000240)=0x7)
r0 = getpid()
sched_setscheduler(r0, 0x2, &(0x7f0000000200)=0x7)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={<r1=>0xffffffffffffffff, <r2=>0xffffffffffffffff})
connect$unix(r1, &(0x7f000057eff8)=@abs, 0x6e)
sendmmsg$unix(r2, &(0x7f0000000000), 0x651, 0x0)
recvmmsg(r1, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000000)=0x6)
setrlimit(0x9, &(0x7f0000000040)={0x7, 0x67})
mlock2(&(0x7f0000627000/0x3000)=nil, 0x3000, 0x0)
mremap(&(0x7f0000532000/0x3000)=nil, 0x3000, 0x1000, 0x3, &(0x7f0000190000/0x1000)=nil)
mlock(&(0x7f0000626000/0x5000)=nil, 0x5000)
r3 = socket(0x2b, 0x1, 0x1)
setsockopt$inet6_tcp_TCP_REPAIR(r3, 0x6, 0x13, &(0x7f0000000000)=0x1, 0x4)
set_mempolicy(0x0, 0x0, 0x2)
setsockopt$IP6T_SO_SET_REPLACE(r3, 0x29, 0x40, 0x0, 0x0)
connect$inet6(r3, 0x0, 0x0)
r4 = memfd_create(0x0, 0x3)
sendfile(0xffffffffffffffff, r4, 0x0, 0xd39a)
r5 = open(0x0, 0x0, 0x0)
fcntl$lock(r5, 0x5, &(0x7f00000000c0)={0x1, 0x1, 0x80009, 0x10000})
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeea, 0x8031, 0xffffffffffffffff, 0xc369d000)
sendmsg$IPSET_CMD_ADD(0xffffffffffffffff, &(0x7f0000000140)={0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x20000005}, 0x204c00c)

5.31420919s ago: executing program 0 (id=1647):
ioctl$IOC_WATCH_QUEUE_SET_SIZE(0xffffffffffffffff, 0x5760, 0x1f)
keyctl$revoke(0x3, 0x0)
r0 = fsopen(0x0, 0x0)
fsconfig$FSCONFIG_CMD_CREATE(r0, 0x6, 0x0, 0x0, 0x0)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x7, 0x100}, 0x0)
sched_setscheduler(0x0, 0x1, &(0x7f0000000240)=0x7)
r1 = getpid()
sched_setscheduler(r1, 0x2, &(0x7f0000000200)=0x7)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbee2, 0x8031, 0xffffffffffffffff, 0x3000)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={<r2=>0xffffffffffffffff, <r3=>0xffffffffffffffff})
connect$unix(r2, &(0x7f000057eff8)=@abs={0x0, 0x0, 0x4e21}, 0x6e)
sendmmsg$unix(r3, &(0x7f0000000000), 0x651, 0x0)
recvmmsg(r2, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
sched_setscheduler(0x0, 0x1, &(0x7f0000000000)=0x6)
ptrace(0x10, 0x1)
r4 = socket(0x2, 0x2, 0x1)
ioctl$sock_SIOCGIFINDEX(r4, 0x8933, &(0x7f0000000040)={'batadv_slave_1\x00', <r5=>0x0})
bpf$PROG_LOAD_XDP(0x5, &(0x7f0000000200)={0x6, 0x3, &(0x7f00000001c0)=@framed={{0x18, 0x0, 0x0, 0x0, 0x4, 0x0, 0x0, 0x0, 0x1}}, &(0x7f0000000040)='GPL\x00', 0x5, 0x0, 0x0, 0x40f00, 0x40, '\x00', r5, 0x25, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0xff}, 0x94)
bpf$BPF_LINK_CREATE_XDP(0x1c, 0x0, 0x0)
socket(0x400000000010, 0x3, 0x0)

5.0604627s ago: executing program 5 (id=1648):
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000180)=0x4)
socket$nl_route(0x10, 0x3, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000240)=0x7)
r0 = getpid()
sched_setscheduler(r0, 0x2, &(0x7f0000000200)=0x7)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000080)={<r1=>0xffffffffffffffff, <r2=>0xffffffffffffffff})
connect$unix(r1, &(0x7f0000000380)=@file={0x0, './file0\x00'}, 0x6e)
sendmmsg$unix(r2, &(0x7f0000000000), 0x651, 0x0)
recvmmsg(r1, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
syz_emit_ethernet(0x46, 0x0, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000000)=0x6)
setfsgid(0xee00)
mkdirat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000000)='./cgroup.cpu/syz1\x00', 0x1ff)
syz_kvm_setup_cpu$x86(0xffffffffffffffff, 0xffffffffffffffff, &(0x7f0000fe5000/0x18000)=nil, 0x0, 0x0, 0x1c, &(0x7f00000003c0)=[@cr0={0x0, 0x20}], 0x1)
r3 = socket$nl_netfilter(0x10, 0x3, 0xc)
r4 = socket$kcm(0x10, 0x2, 0x10)
sendmsg$kcm(r4, &(0x7f0000000000)={0x0, 0xd18c9b25, &(0x7f0000000080)=[{&(0x7f0000000040)="e03f030041000b05d25a806c8c6394f90324fc60100000000a000200053582c137153e3704020180fc5409000c00", 0x33fe0}], 0x1}, 0x0)
mount(&(0x7f0000000900)=@nbd={'/dev/nbd', 0x0}, &(0x7f0000000040)='./cgroup\x00', &(0x7f0000000080)='squashfs\x00', 0x1408009, 0x0)
sendmsg$NFNL_MSG_CTHELPER_GET(0xffffffffffffffff, 0x0, 0x48d0)
sendmsg$NFT_BATCH(r3, &(0x7f0000009b40)={0x0, 0x0, &(0x7f0000009b00)={&(0x7f00000002c0)=ANY=[@ANYBLOB="140000001000010000000130000000000100000a3c000000090a010300000000000000000a0000040900020073"], 0x64}, 0x1, 0x0, 0x0, 0x4044050}, 0x40)

3.34944371s ago: executing program 1 (id=1649):
setsockopt$inet_tcp_TCP_REPAIR_QUEUE(0xffffffffffffffff, 0x6, 0x14, 0x0, 0x0)
bind$inet(0xffffffffffffffff, &(0x7f0000000200)={0x2, 0x4e22, @multicast1}, 0x10)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x100}, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000240)=0x7)
r0 = getpid()
sched_setscheduler(r0, 0x2, 0x0)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0)
process_vm_writev(r0, 0x0, 0x0, 0x0, 0x0, 0x0)
socketpair$unix(0x1, 0x2, 0x0, 0x0)
connect$unix(0xffffffffffffffff, 0x0, 0x0)
sendmmsg$unix(0xffffffffffffffff, &(0x7f0000000000), 0x651, 0x0)
recvmmsg(0xffffffffffffffff, 0x0, 0x0, 0x2, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000000)=0x6)
r1 = syz_open_procfs(0x0, &(0x7f00000003c0)='net/mcfilter6\x00')
r2 = socket(0x80000000000000a, 0x2, 0x0)
setsockopt$inet6_group_source_req(r2, 0x29, 0x2e, &(0x7f0000000200)={0x0, {{0xa, 0x0, 0x1, @mcast1={0xff, 0x7}, 0x20000}}, {{0xa, 0x0, 0x0, @remote}}}, 0x108)
setsockopt$inet6_group_source_req(r2, 0x29, 0x2e, &(0x7f0000000400)={0x0, {{0xa, 0x4e20, 0x6589e3, @mcast1, 0x8}}, {{0xa, 0x4e21, 0x4, @private1, 0xfffffff8}}}, 0x108)
preadv(r1, &(0x7f0000000100)=[{&(0x7f0000000340)=""/104, 0x68}], 0x1, 0x5b, 0x100)
shutdown(0xffffffffffffffff, 0x0)
setsockopt$inet_sctp_SCTP_MAX_BURST(0xffffffffffffffff, 0x84, 0x14, 0x0, 0x0)

3.347000844s ago: executing program 0 (id=1650):
socketpair$unix(0x1, 0x1, 0x0, &(0x7f00000000c0)={<r0=>0xffffffffffffffff})
r1 = openat$cgroup_ro(0xffffffffffffff9c, 0x0, 0x275a, 0x0)
sendmsg$nl_route_sched(0xffffffffffffffff, &(0x7f00000096c0)={0x0, 0x0, &(0x7f0000000080)={&(0x7f0000000000)=@newtaction={0x18, 0x30, 0xb, 0xfffffffe, 0xfffffffd, {}, [{0x4}]}, 0x18}}, 0x0)
r2 = socket$kcm(0x10, 0x2, 0x0)
openat$sndseq(0xffffffffffffff9c, &(0x7f0000000040), 0x0)
write$cgroup_subtree(r2, &(0x7f0000000000)=ANY=[], 0xfe33)
fcntl$lock(r1, 0x6, 0x0)
r3 = socket$nl_generic(0x10, 0x3, 0x10)
syz_genetlink_get_family_id$devlink(&(0x7f0000000040), 0xffffffffffffffff)
sendmsg$DEVLINK_CMD_RATE_GET(r3, &(0x7f0000000080)={0x0, 0x0, &(0x7f00000000c0)={&(0x7f00000005c0)=ANY=[], 0x34}, 0x1, 0x0, 0x0, 0x4}, 0x20000000)
fcntl$lock(r1, 0x26, &(0x7f0000000080)={0x1, 0x0, 0x2007, 0x1fd})
r4 = openat$ptmx(0xffffffffffffff9c, &(0x7f0000000000), 0x80002, 0x0)
io_setup(0xb, &(0x7f00000003c0)=<r5=>0x0)
io_submit(r5, 0x1, &(0x7f0000000880)=[&(0x7f0000000080)={0x0, 0x0, 0x0, 0x1, 0x4, r4, 0x0, 0x0, 0x7}])
r6 = socket$can_j1939(0x1d, 0x2, 0x7)
setsockopt$SO_J1939_ERRQUEUE(r6, 0x6b, 0x4, 0x0, 0x0)
r7 = syz_open_dev$vbi(&(0x7f0000000040), 0x0, 0x2)
ppoll(&(0x7f0000000180)=[{r7, 0x1}], 0x1, 0x0, 0x0, 0x0)
socketpair$unix(0x1, 0x2, 0x0, 0x0)
r8 = bpf$MAP_CREATE(0x0, &(0x7f00000023c0)=ANY=[@ANYBLOB], 0x48)
bpf$MAP_DELETE_ELEM(0x3, &(0x7f0000000000)={r8, &(0x7f00000006c0)}, 0x20)
close_range(r0, 0xffffffffffffffff, 0x0)
r9 = syz_open_dev$vim2m(&(0x7f0000000000), 0x800, 0x2)
write$dsp(r1, &(0x7f00000001c0)="e29b9f9d827278c6bcc21faae8a0d00db4c229845075a789c99d3e023fed9fdfa0f80bb79df9f284e0d8741a4923361cd692ea34fda4834b959ac6c8509116765d2b8cde2a70c98c128c6eb03be56b01", 0x50)
ioctl$vim2m_VIDIOC_ENUM_FMT(r9, 0xc0405602, &(0x7f0000000100)={0x45, 0x2, 0x80, "987e1d01e1327528cd7e5f3dfee6955a6c39ddf28000", 0x3436324d})

3.174699762s ago: executing program 5 (id=1651):
syz_emit_ethernet(0x0, 0x0, 0x0)
mkdirat(0xffffffffffffff9c, 0x0, 0x0)
socket$nl_route(0x10, 0x3, 0x0)
r0 = syz_open_dev$tty1(0xc, 0x4, 0x1)
sendmsg$nl_route_sched(0xffffffffffffffff, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000000040)={&(0x7f00000000c0)=@newtaction={0xa4, 0x30, 0x1, 0x0, 0x0, {}, [{0x90, 0x1, [@m_ct={0x44, 0x2, 0x0, 0x0, {{0x7}, {0x1c, 0x2, 0x0, 0x1, [@TCA_CT_PARMS={0x18, 0x1, {0x9d, 0x11e41e7a, 0x20000000, 0x0, 0xf}}]}, {0x4}, {0xc, 0x7, {0x0, 0x1}}, {0xc, 0x8, {0x3, 0x1}}}}, @m_ife={0x48, 0x1, 0x0, 0x0, {{0x8}, {0x20, 0x2, 0x0, 0x1, [@TCA_IFE_PARMS={0x1c}]}, {0x4}, {0xc}, {0xc}}}]}]}, 0xa4}, 0x1, 0x0, 0x0, 0x804}, 0x0)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0)
sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x7)
r1 = getpid()
sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2)
sched_setscheduler(r1, 0x2, &(0x7f0000000200)=0x4)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeef, 0x8031, 0xffffffffffffffff, 0x0)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={<r2=>0xffffffffffffffff, <r3=>0xffffffffffffffff})
connect$unix(r2, &(0x7f000057eff8)=@file={0x0, './file0\x00'}, 0x6e)
sendmmsg$unix(r3, &(0x7f0000000000), 0x400000000000041, 0x0)
sched_setaffinity(r1, 0x8, &(0x7f0000000240)=0x2)
recvmmsg(r2, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
seccomp$SECCOMP_SET_MODE_FILTER_LISTENER(0x1, 0x7, &(0x7f0000000100)={0x1, &(0x7f0000000000)=[{0x6, 0x0, 0x0, 0x7fff0000}]})
seccomp$SECCOMP_SET_MODE_FILTER_LISTENER(0x1, 0x7, &(0x7f0000000100)={0x1, &(0x7f0000000000)=[{0x6, 0x0, 0x0, 0x7fff0000}]})
r4 = fsopen(&(0x7f0000000280)='ceph\x00', 0x0)
fsconfig$FSCONFIG_CMD_CREATE(r4, 0x6, 0x0, 0x0, 0x0)
ioctl$VT_RESIZEX(r0, 0x560a, &(0x7f00000006c0)={0x4, 0x0, 0x0, 0x0, 0x132, 0x3})
ioctl$TIOCL_SETSEL(r0, 0x541c, &(0x7f0000001900)={0x2, {0xc, 0x117, 0x5, 0x101, 0x200}})
syz_init_net_socket$llc(0x1a, 0x801, 0x0)
openat$nullb(0xffffffffffffff9c, &(0x7f0000000040), 0x6200, 0x0)

1.679588959s ago: executing program 5 (id=1652):
mkdirat(0xffffffffffffff9c, &(0x7f0000000100)='./file0\x00', 0x0)
mount$afs(&(0x7f00000000c0)=ANY=[], &(0x7f0000000240)='./file0\x00', &(0x7f00000002c0), 0x1800002, 0x0)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000080)=0x8)
r0 = getpid()
sched_setscheduler(r0, 0x2, &(0x7f0000000200)=0x7)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={<r1=>0xffffffffffffffff, <r2=>0xffffffffffffffff})
connect$unix(r1, &(0x7f000057eff8)=@file={0x0, './file0\x00'}, 0x6e)
sendmmsg$unix(r2, &(0x7f0000000000), 0x651, 0x0)
recvmmsg(r1, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
pipe2(&(0x7f00000000c0)={0xffffffffffffffff, <r3=>0xffffffffffffffff}, 0x80000)
fcntl$setpipe(r3, 0x407, 0x2)
write$FUSE_INIT(r3, &(0x7f0000000340)={0x50, 0x0, 0x0, {0x7, 0x28, 0x0, 0x840, 0x0, 0x4, 0x4}}, 0x50)
vmsplice(r3, &(0x7f0000000140)=[{&(0x7f0000000100)="eb", 0x20000101}], 0x1, 0x0)
fcntl$setpipe(r3, 0x407, 0x2000000)
r4 = syz_open_dev$video4linux(0x0, 0x3, 0x40)
ioctl$VIDIOC_SUBDEV_S_FMT(r4, 0xc0585605, &(0x7f0000019080)={0x1, 0x0, {0x1, 0x0, 0x300a, 0x8, 0x9, 0x8}})
mkdir(&(0x7f0000000400)='./file0\x00', 0x0)
mount$overlay(0x0, &(0x7f00000000c0)='./bus\x00', &(0x7f0000000040), 0x0, &(0x7f0000000280)={[{@upperdir={'upperdir', 0x3d, './file1'}}, {@workdir={'workdir', 0x3d, './bus'}}, {@lowerdir={'lowerdir', 0x3d, './file0'}}]})
chdir(&(0x7f0000000000)='./bus\x00')
pipe(&(0x7f0000000200)={<r5=>0xffffffffffffffff})
ioctl$sock_inet_tcp_SIOCINQ(r5, 0x5760, 0x0)
write$binfmt_elf64(0xffffffffffffffff, 0x0, 0xfffffe3e)

1.39259815s ago: executing program 1 (id=1653):
r0 = openat$adsp1(0xffffffffffffff9c, &(0x7f00000004c0), 0xa8201, 0x0)
ioctl$SNDCTL_DSP_SETFMT(r0, 0xc0045005, &(0x7f0000000200)=0x8000)
r1 = openat$dsp1(0xffffffffffffff9c, &(0x7f00000001c0), 0x9640, 0x0)
ppoll(&(0x7f0000000380)=[{r1}], 0x1, 0x0, 0x0, 0x0)
write$dsp(r0, &(0x7f0000002200)="44e211a385424bf02640ba0d3a219de1033222bea86d14dc6bc540f652f0873cec4d2b540364b6e4ff506bf40b976a8485725d9cfab14bb4c91a5fd888b8b983ef960999942529696b90b853c1f1a3b01af9b0cdc6a605c13de44b58eaf66b597768a5a9bccdb34c1aa1c48b2484cf0f1d68f8b5c1d9f6179459a466a2e865c2a66274717ef95f59fcf4d5b05c4540a35bb64a8fab9af3ad51f3c648121e933ea77809f3901ca59ed3e990ff80d87a814eb6fb68e3305fd9420d4a163ad5654ce60386346b6d1154ecef0f4a782c4459c0a8ca7278655e6f806c4bc2e870000bfcb1346232b0ccce39ee18152165cf3f85e87ae23c4113586cf300b39d7589b28372e554f7d748b618bca2a4298d82864e0d8212f4fbd80fd854691ccac21279bb85aacac8a3301ad2ece3d6061dbcc63e4af0fefc68fab6e5319f6d9e6a2708e41e60b2673d62ec952bae35b854fe7e87bc78e2d1a56cc383e5a1783ce35eaa20868d97eb1198ecae2d6375d7cd6992883aa3bbbdcb93b92b6eca3d6cde5baa92a6adda4540d5fce6d4772e5711b3744210587c05833966b300da0a378787ad06e9d5cba6e569b14c013b8428dad38eb6d2bc547615dac42aca90ac891e6db4d1dd029fe628170433f9229a286a814d39afd5a019db11c185b72c34e01ea5e82a5008a059e6791c9b807c4aab4e9807a5a7896a4c5bfa42f15284c1481618461ce3501cf24a722e74923d01bd7d586eec5d5ccba03eee1c8fc83bc5d73675a11eaaebdcd25fb806155f5e669ed8af3267b214f7d23cf8600ab7e909e7347783b94f235ea797d2c1bd83c7f499c04532f2b63a55b336fa9e5305a4a22cdde74360995ffd241c9592043df3dc99dac462dd43443604ffed04b1ee23b6665e0955e0b38fa71f73af930a9762d6d4d762e11df043a78b90f49f1645acffe61094a20b4caaeca22feca5f66c549cfcda38a1a7b6b79b71aba7a696975a257a94344bf65b7b79212a61f465ee55b530582e8b1dc993c379dd40ab5dd860c5828e2c27afae20539978340db55a68897920c1019e75e0b43b4c93cb1061c98f683f8d407fae9b1a87f2f9cd2b8252059ac39766fc174c344c5224b43bbea978d722c93e727292c738b293da0b9f12b4f11c8f354ae91d644131ce3873612146d79fe3ace49c1446a79e0a324f23cc0b6fb673fc6c34315fa0baf03fb5bd36656a2272c9a4d80a312dfbec125af5aacd2faf633650e3ab54f9fd2c6ee76d5abd9fac547fe7880d0dd9341ac0f095c529d3232447a0d1b28c101a2a95c4a9040041fbdf47ff7da3abe4ee7d8acac57b6553e58f1c5f832e7b920ef3708b98e4917f5b855928344da2ad0a9755d3f90d31f3e427bc869a163844b5e38c62302cc2938b03c132caa4d8044ed92680d406b7d635026f38082b26d6d3dfe80e8f659f1101cec8ea74418699a4fedfcd4ce6f2693cce43123c03122f61b62497bc2fdc2307786943feb7325d645657ae5e58d1e2587003ed4712aba34973199238d3f3d29704ba86538a764abb4d69b9efabcd956fa688536e0661a2a2e0fc84d3e4152187fd90dfbd5023aa12e964d1f3bff4e2c2915f2600a3ab701b177bda95ba8203a45182e03cc07db3b20342cd45d4f8954edebb32fb7fdf49d1952477da9ead5d4ba6de96c42f5923e3dce7188b9e9ec1862dd2fd39d256e1de8cd0906f67a8423b29f0b5bf81539828a1f8ae7e747e6b43bd639c6d6a52a29a0e4944f6b07390fc390770154135acf448ed23c507009af66d20b175723069f8eef06c2cd3edc86bd80ebbe2f5cd56c379d655632b62794aa3757ea10fb232414a9477277261879e88c49e8eb5253c91551c13ed725f3551939533d7c131109d10b4300e24db600f8020b10e9aac24d8572873fac24d149398a3306707c5c3de875eca837e140d23b02637ef888d539b6f0c7fd6d97fd8b9edf9a82bf19d75cec625237a6b9716ac0003d1b8c8db5d04f5231bed4aac9e93da9b6bfea002af81eb77a3ef8cab9878fac2574742277e5403e44844e50e64d1471213c724cf14142291a44ff108c1334fd2aa086aff52cdf1e7c53a3c9757a6717ad360137a50c4968865083c132abfc3a5eba97a4387bd5affdf091f8396b443dad822a15150d68a0d9728c548fb793e6c9d5420561fe683b8b5e89227d357873891e95d87db4a33056f3af5aabdffa3cbaacc44bdbcca971d8e84586545ae5b0e5eb5c7fada201db84c3faf06eb3812c560d7b0c680e9c4908837c5fb10627eb828dc34718004c066b8d999d34fe25b831771eda169c2bd54aab176e851db66c2623a01b8ef09c006c9aeb2fc87502231f75f5e4e01cc2674847c4c4eef86afee4ae3646b25d11d885befe01c43a34d60eff675eabefceba4664fbc211b3f014e315ea8e4c95f5088b82c590695616127cf63ebcee2fd78f3856443d3cb529376d34db3db1a6949cb7c80bc403ba92952b694dec72c540763ce3901d262087bf5a16a89c4151ce2d2d97eb77dce3d93d99e087bc5352cbda39935c686cf294c3ba66fab0135acb713281c90d562fc473df7133df5af7d42e183e4b860ee7b624038141ee757cb14db143ef8e8617eb6cb24a0eb73ef230e417d543f4afc5858c43ad20819bf6eda31bd5c258e66e9703a9b1daa8b34f9db16cae43b131ef258da25272320e2b357357b1d12fd87d9a00551185f3d494426d3f33b0ee84e1ae65508b9916fec12805783a857ac5d70a661fce59088437cf991821d3cf5b0db477dc8f6bb38c8455bb628e563ca45cb65383db9ecfc80386cd05f92ab32bf825a0953c101609ca8239b6ef1fb5a7fcc55642f9b2911df108d64b8c72c5bd31645955056968d4917cbab525ae5994b5dcbd33de392081819012a16be8c1b4f164fa6a1c2d88fd957bd62f28a3e87ba1ffcf644116ffdcf26937d4e64b4e87bd4771b9e0a8d8eba4605a8eac0f8e320b1204eeab358a5a5b2caf3e534c28f9da5598fedc5f13b4a7930a569439c3bc43ac5f5195a29280042278f194f84f8e5ee210223f8a486d568fe4a51bf8ef813c1bd02a669e4e0ea79d1e6bad48257ace2e7feba18123a5e67fd7212a341f92061df472db87f1158b0a2088e48a3680edc29ce3d3156108c04e3b16a1cf18cd70c5f5eeeb59824fb869906679eceb4a6ab8ec8733e72db06403f357e128e3383e2b35269b20f032cc21da717ba3febe02fba9f4893074ee2fd98e85499e36ffe2077348bc541548a34bc32fa0f7c00d84cabfd31e5c75b6769a1ba5770c5217cb03d1f0a8c91ba8d524b42c7365e09d94d95cf43f7ec896718f210fd0ba4ef91a5262daf7cd2bae3c2aad3e2eb925bec9ca7c1b874776dc28784a3719cb191cc317ff897698b2667081cc9db30c96c6510766b65c55c5fd4b8564faca924e6f52c2b181561ee5403184a822f0a207d747602f616c5513cabfe55e525b2bce4d662ae0b9ea68c015d6ca87bc752ed3e527826191a36d23e8032e15f65b3d60a517f16c4ece8bc8b09681bad96a5300f7e30e6848612d67ad853bc1523799c568e46b1dfe0d37cbc202c1332718cfadd4d6938bc0bfb21fc15ad19a0506f669d5c8790b685d81c4acbdb8e1b06918e934b459e3f2b46fe0999e6eae4185edac1cb3e85e8b61de24794d339014c03a285a3d7ba91e00bed2d63b0edb933c290ddd62fb1c56b6d08cb99f47dabd72a667805d63a7784450a1bd1af6dfc2ec785ddb8b86fe4a44a7c8f86c4b19a61fdb701a81bd720bb70f8657e256b0f531ab7848b6206ba7cd4c32b866735a4b46091a0bb6c47c923a3efa99a09c0344228ed412f94c4eca96e6bf6ee75f23a1ae8415a892ff19bd190e1d67b8e1212be638eb179176e40", 0xac0)
r2 = syz_io_uring_setup(0xf00, &(0x7f0000000080)={0x0, 0x0, 0xc00, 0x0, 0x374}, &(0x7f0000000100)=<r3=>0x0, &(0x7f0000000140)=<r4=>0x0, &(0x7f0000000180)=<r5=>0x0)
syz_io_uring_submit(r3, r4, r5, &(0x7f0000000000)=@IORING_OP_READ=@use_registered_buffer={0x16, 0x0, 0x4004, @fd_index=0x4, 0x718a, 0x0, 0x0, 0x12, 0x1, {0x2}})
io_uring_enter(r2, 0x742f, 0x77ae, 0x1, 0x0, 0x0)
r6 = syz_init_net_socket$802154_dgram(0x24, 0x2, 0x0)
bind$802154_dgram(r6, &(0x7f0000000040)={0x24, @short={0x2, 0x1, 0xffff}}, 0x14)
r7 = socket$inet6_sctp(0xa, 0x1, 0x84)
r8 = syz_init_net_socket$802154_raw(0x24, 0x3, 0x0)
bind$802154_raw(r8, &(0x7f0000000300)={0x24, @short={0x2, 0x3, 0xaaa1}}, 0x14)
r9 = memfd_secret(0x0)
ioctl$IOMMU_IOAS_ALLOC(r9, 0x3b81, &(0x7f0000000080)={0xc})
r10 = getpid()
sched_setscheduler(r10, 0x2, &(0x7f00000000c0)=0x7)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000500)={0xffffffffffffffff, <r11=>0xffffffffffffffff})
sendmmsg$unix(r11, &(0x7f0000000000), 0x651, 0x0)
r12 = syz_open_procfs(0x0, &(0x7f0000000140)='net/snmp\x00')
getsockopt$sock_cred(r11, 0x1, 0x11, &(0x7f0000000040)={0x0, <r13=>0x0}, &(0x7f0000000100)=0xc)
ioctl$DRM_IOCTL_GET_CLIENT(r12, 0xc0286405, &(0x7f0000003c80)={0x3, 0x7f, {r10}, {r13}, 0x8000, 0x8004})
mount$fuse(0x0, &(0x7f0000000100)='./file0\x00', &(0x7f0000000140), 0x0, &(0x7f0000000200)=ANY=[@ANYRESHEX, @ANYBLOB=',rootmode=00000000000000000140000,user_i', @ANYRESDEC=0x0, @ANYBLOB=',group_id=', @ANYRESDEC=0x0])
read$FUSE(0xffffffffffffffff, &(0x7f0000001e00)={0x2020, 0x0, 0x0, <r14=>0x0, <r15=>0x0}, 0x2020)
syz_fuse_handle_req(0xffffffffffffffff, &(0x7f0000004300)="00e7a0633e8438bafa888b9b02144af32e296a0a01dc194d649b6fa26d6d5e63bac4a04baeeb8aacb22c6eec461b67db6a737737c6d2687acb00572f92e3fdb5d0cb2f11121c557a943020200755bcab77b39c406b733239e2bb1175b9322ba39dc7d67da8f77aed1714dae2e6c24c3ea96be9d151c6ab7b3c54bbe507b8b2461fb4be8dc90042184af6d48f8ace16abb5e3fc943cf61cdb75624a259bdb5f7829b9775820f85f2d1a6ee6c6c2af4fd41ab8a41ecb2612abf13cd2c6f9f3e6db505e4bbe68cc000cf5fa6d5636191a4b366ab59af52132a3f9678d4ed1bd577bacffb3b52850804005eebf3dfa4763168ff30490a11acdbbf4c3312a45f30139f6b72b1e7cdec185006bb30e0e8fa88da2cefc718cae7e9830f7ca101e4e23c6bd16bfacf4a9927fb13af4b79c86ab999beda4ad396abdda354a42fb4ef21d6749175dc21a0cf9191aa4f90d274b50370a580ad8dcd166d2b06c0d8b071973c3fde30f7e2bc371a51ca5866bf8b24eaac75bf482dd4436b214ff62d32e20df223b0b680ede28b3a49e66e330a8a3ecace0db9855d235d5ff23765e742d1a739c2ac8743f4c62664a3b347279da55a1a5b16e1e2828b584a013577d50f890e3894d9e8d6bfccdfb2b70221f12a7fac24b7a8818edce72b65f622c77bf1312771a2c0d805ec9a25c536c91868762032255be78903b77b2c1a773a03996fabba69214e76f5df6df0375b592692a2c3c86c75a3be56fe598ddaea0b9901d20db7e43e128e04e5509283f833c24c625887288459db5727210ba9a301fb8c934dd1d8dca68039fe5b2e1a8d7cdfc6d875e5851098100c3cd42544ed90bb55b58d20a501fabbc485d148c615a3b070fa0520da2ed68ee115a4411d5418b47f3d95616096f67a7a36d68f1e8df82eca8ef96fb4a96b3422fe046a37ea5f5967513a559bd770fecab7228b0692f439765c9e9c6ea4fc608e0b27f9b49064dd2f9ac06f83f6d87ebc61fa3a29bb5ed39641245ce8cf43770df32a84838802b0827ca5a40e2003915e2ed108a005637bb028d29bd2cfd28a1bd55e67ed1b6b7b72163c27c4b0e36d1b134d6dfdb165a66fb46498fc04bb8053b84098af5b18758631d1318d625a6fa4d3ce5a4d3a90e10c6363a26b5ae96c2d56f87ad21a6118af6847d041f88f852ddc3f250c088ef5cb31198f3ac81cff9a5bab26ed56c09f8416188974e08349f7da28fc754b98c1ac4ea0060ac1e1b1c49f7dbadbc59254b265dc418cab9ac14e2bbecc4c3103543e37984efb1f61315e10d2b422732217d3a9b0cfe4561f3765d3bda60be239e02bdc164dd631582e8c87dd8fa60d63dcf9e7f3dadc4ce5e4433a42425b8ee8cb8a2defab0bf9b6109c90b5655b79b18c06884f2670a985d454e08e54de69f645cb0cbb70620bd988ee717c310ae77b4abe81c01c6e7f47268ee20bc30b9062830917705682eba2c5ef966b877f33294aa5f8b29d3dd5ed92302087f34fa18d19a005de05f925e3e93c8c0f24507ff20cd23d9ae5452c32ff58c78ccdb1ab32c98edfaa6d2c3971934ca8f849ac360c286566eb72b0793f12cef84bd282368d533247ee750f18aeda484167f3d680e4aaa3aa0694441d4ff6a71531f1a30f87eeb71afd04c5d686e1f86f27586f4e2c8ff77c09612ba1af9b3fb93efd31af42f8e0498f35d07c662b743a08f2839cad8f95b90cbb4fc0ed2ca45dd093a549cde4c6ff08ce09a2cbc6f9f78b6f96643357f92f8f403202742057731fd3e343a87c0affe803cfdbddb8c2694ab63f2dc35da705624747e30a943000fc82c40f10e1975d2e2ec15aefd531b6dbc053606b054dc976f44d5b5a5f37e9c08532ce16cf8bca55ab6c814ceb855ab50b8b52620f8645a9dc25fcb732080d84bf39c3ebb235b4d96da527b64ec4b72f69e91d16a4efcaf76f2e1f968ca68a06f60b01ec7becc9ffd7877c0992cb0f80fb3daabc039513896bd7697843be06aba53e7761e11e075c61ef2d897d4d9f90041c14283746feeb3f0d456ba4be27843350fe43e7c1110b4439489139f6dae01c43f23ec71f08d3042663c65e059d368e4e2c6e49de45bf078d3182a1bc1208bc59379e705aa3309579947409f2a8b3d79099c8619f916e7a6fa333d2312a274247156b8c25cbcfcc59ef13339c700f56a8691dff39bd4338789001872c0d90929037dc0ad99b380a6ba73f331f73f9274f4c2bf5233d7482edf37bf6ffed4f2c0ee44a1d57cae0d644f25591dc03bf837571a82d0c31b61be7ff85a5b3843e8f96a50eaa43f5c137ecfc4e4530d08a2afa4ba02fcc50117a4ad0d5862302017639344c82749f673dbd650e49b35302d0acbab45c0973198291bb42b4cfcd3b0c252074341ea8eca19e122cd234da6d41bf5eedb706e16c17687ed8b84db67130796d26b94eac83bbcd785b603242bd6252c155711efd7dd22cc54e1eaf6d910d0f22c701f3d4da0314dd2829c6ee13bbcbd126558b47b8066bf0766c792a012315bd29bfeda8f28a2c1f4e638b701758e19a0e5bd5b4f19048b00a877d956292e345f8a3a8367892f955bcb5e50ca145ec5e2c9309e25941bd277e393aaad38f9b72a42514b27da6856223c37a16c9eea138cf4f327e88fdfee293c5b6b007028eb796a60772148282dcd17ffc1c90ed8b6540ede933545ed5a5301d6ff39734444ff3d85cda4ac3befa5083a4685e9e231eba4a91a35f4f7f48fd5ac2447c64c010e2a9f8e80691c95460e1995444466ec5f3cd71fe509a26ff0b7f3254bc8c3255e903834e841b37c70b267fb33deb0d1ed4ea84a869453ba508fc255b12cf847103d5195046c930ae4a75c956f22fcfe4186d547686b54bd7a534940d5d62216994eac0e8ed3bd2bd59354e6b9c6b5b10511d54a8b928040f1e13c4a423b0cf519fc6e9673df5c48c0778c7edb8fa8d8ace77463a77d2d6313160e1ee72742953e433b670400d59c93464fd91520847db238610ed0c289fc55647881a7d6257cf28090c75a6f19df079cfd35742a74a5ab270314f7c8039c20ff0f3f543d029b75a741b5dc6425241ac2ffabf1f96288e6d4ba34da09fb6049c2c8753fbd41fdb4bc68c57bf374ef4feb0df00c41319debb26afba2ff39e1799a1c2137f4e920ee5b02d93789b6b0c853e8143dae5b08ee85da2ea7c31803610ce797293ea95c16ade6dae2afb008e59d8b9505737f008b5227df5f1e4eb5d707f502698a17ead9b1f5ec09dff34248ff2fb153dc6df4812e39754a4baa42e1d8b77fbddef3ca091701ac28ae5fd422dbd8db5b122d3965383abc37a52d2fca5ce56eba974dba3d059cefe40e3c35c9daa8ae31198214303c1dcb90d58fc983ccfd504fa43925636f94b128d44e8aa5cd3ecfabd50a84062d03f7508a0575ab65ecc749d3ef566fdbc529a8139b7a7fb3a9bd784df52cddc6f2699044ba47615163fbbe19f3d88d38a8b71fe52b2611ca74341429d1cef1a7e350545be29d2caa560e60352cc2074c298c44ca2c07f9795ce52f10aa3e2fcdef371f24e309b19e52218881f25a4674527edbe3b3bd0b9b536d810c6f9500c0c81bcfd9a440dd91c1d35c52758d2b2ae1a8497bb394c4f09d3947cf777727b0d1daf5ac4fe4fa3c247a791702cb84b96321b7fec81bf549d4eb5d6dafe019b26187417c68b064e4308908535a3e77b6cd3e28caaf12d726f15590b7958e40134d045a38cbb689131a7e85532f1c63dd4bac9e4d00645cd7b2b71704563f3738b92044a8153f6ba717800ab7cb238175c376d7add2c5ec38e4c856f1ab9c3ee33f6ca6d576ae908dd290e4bae23470182e253765e04e8eb02a791c4396a511ef467879a9e2818b8a4b1b0b39a6c44e816e3ebf6e3be93929dfcb38d5dad7d20b60215447674d0608b8b02331ac20e57083cb9b4449fecbb149441aea0ad82f00a82d87d743fc80d410922bc20923516885440f43c9f32beb81ce148def6140952583a7825c2d2fe012d52d30ef66d32a8a0864ac5c1737e2506228d41ff0515ee80be4cf012927dde0fd2a07cac68eff8c4437f2844d4df07936fd8753e5909f962c5c767f8719cc295bdfa8a16f3f36ff56e34d7b14b6b8c46d5af248b04a9c5396f84990e23d145670950bce5f5638e5e2cea37c371a4483729338f1305cbb32fa1c05dd9d21d2a69e5fa3abe9a2dad2237be20b4088393c04aa66cf13718de4bffac72f641a8c017a1d5568fa15a6a06e4dc833874ec95af6f115bdadf15179bfc8c4e3e64f26f1299e282c4ab397340934efc1e601afc630fe195e8ae7d8da1310568cab4f2fad085d0ec39710d8b7c812b3fd55c6f50925bcfc90fbcb35b8daa0f1e1f69d82fae2034039f7ad6921694ed48a55a68bc541e6d86f1e33c261a92d48b50eb58a03d8e31b2f6564a4ddc3ee988d0dc47b4b610a9a9dcb87571b5c1edb3362df0ec3d58872157e0f7247dfa8100b4478b705702a5620c9201010f40232327550db333e845dbecd6aadbd0a94c064862b1100b6dd45ece811b8c0275e3753e11b4bcd8bc5ed7668e72afa5bc5cc17b4c313273755f532ecfdefdf2d5c47999453a3b7c158d98332f0bd3a820cfb2c8c3bcd43197e7395a032cec6e41662079f2f654965aebc393e22b5c8516d9b8ad01e33ee481a4ac46a2df304dadeaa9e5274d340aaebe14dcea315fe1279f1a41a5c7aa8c94bf4b3d48757503171f53488e01210145e62c0de7c39737848dbdb1b207d4d33b8de180b020e8a76b1b521905e5e3ce97292f8558fb68efdee774681bfffcf1dc3eef35f660dd1659a32950dc6d50e762313beee330d9c2a9fe8ce5e4e61ddd86378d3551335f6ef62053d3b248a8c33a11abdf3f3aa1975a15f4a6957a13d5b12a44d0f2b52b9a2d996e98c630c0f2abca80c7ae89efcf81ae284a0d19582cb1319d207077e5657d245533181ed6e07e0f7647123fc46c37bd75b4f4d181112b4a08acdcf445332cb9dde69a0923dd9244dd2ecd818b19588939922e3b2d8dd9d9fed95fa55b0e4564b38aca2c4d24eebc634664400177fbdeaeb08000000eb11baf4be5c87d4f8d9a855bfa75df4c51fb4eec87a27c59df9a47d82523b08022a1c0fb22ff6f93c3d2cc22a4111a6ec5be428cba33617be65739c2240248f3a02d01ddf2d6aca9e537a2296b16d082d2b868504371dd5e41898885b03ebfaca73b40e8924ece83c1c80de6ce14943e1199c6f81bf359f44c3ed5ae3c6eacb730b1039f0b6555347bd566dfff45a7a2176420ab2b40916a73b66a3ad07af6e1ac5597393d203fa1ad34d4564af956a0a3e2997e27a4e5eff67dd89cce8875d995e00c1858234f149f6ad4cac2b8056966f726df57b8c4ee8f22f23097ba1471b1f1036e3a499400fccdb75b56eb13e9eca1407d5bff4b075b06d00fcbfcafc28431eb33156232e73c6577e3eca437330c494ede57b9609e1f40634918dea767338b5542197410cdc000143ace89ca0b7bf645b3267f74767d7c7fce05d2f59c137204e56bfa711f66903c511f681cf7a1b4f9fc0f42b7c438ff8957e1059375321df5b0c5c884f46d94c21686e1300582d34928bc398653118f79bfeea2e7cfbbf31a7718f4aab50fae57db94203d43e060365c9a7455241be03d82dffc3783d0f6aa170c0866eb0dad07485831526922d8348a7a16e2e9903a2ac93c58c6dce83127fab17703ec004a519ae5675baffb31bf4b52f9ca992a84017a44d68dc693abd829947342f277fdcbc87168bcc03c32b8b1e81a1915af2517c464af07d52b79d1b0e53164c82ba049f81e92ed1dc20a88fd72e9ce7aa4b22a7cc57dc5527d14f62bc29cfc9d57ed26fd523cac39ac00ba12d3a070094709924275fc0793d56acf9558818dc9eb210749fa5307d45886b879257d627cee0542b51c2ce6ce134100efb47c92456ece5b73cdc051f570810a8d534222649eb56cf73a377162b753de6c282bcd4a25dda21dd10901bd8dfe8fd4ba8a70811c39707beded23dd60f23e2933372e3a6bce099899b07f0a4c4956fd98e956a8649622c77717de099463c0c6c9389ab506c000000000000876af2943ee0b6b402ae5f89e09922e8c510ec0caa0a83e366e916400bfec88a52ab457037a35ddc6a8e2289c33684a5915c37bf5d227cbc65a737b52bdcb4fbbb7b4e7f965db116b46044d0870846c730dce12e120b1fe6dd5798ced24cad72c59a3f44de4978b8bc05a1dbeb766be6e2abf6ef46c67a58a370e54e92d89e5f44525e82b94a388d8d0cb20c3469a258c1633c9dddb6854aee255f93f59435ff317622f6899250aa185c207644275278580c5d32401741fe264a2e03b80f442ed58fd0704ebac923ac6a5abb7f0c695252f82e3fbcf2b99d721589a8fe3fad4d5926aee3d7bfafb6739e525faae3d25b12841fa2cc61dddc44d36acb9a8b72d60ecdd9c8cf04f9bac341b5e0f9bc59042db8126324888b07afe72b18cce36d61eec975b6b4ef5dc4a16ac14440cf770599bd4db630bd110eb63a03a80cd95c16d314a4de60cc5115bf0754cb7ab84a827ecefafa96069c721a5979f227fdc2467b4cd1975dafb5b28e1d6f3c1c3a2816ad831dd98c1378a03798c128f176426eaa0e361571e758d54bf4ec2c988355f016e16d6cd5cf97bb4891ab33f5623b7e796af313cc7a9e2f9510cd2bead1ea5dd080d9de1f595b2629ebccf69a0feaed3963ae8a6c89edd66fbf6e566379898185828925f8669668d6bddff961b08aaedbbe7fc196931a887ec740da6bcdab8f826a34aa2aa1e406a258558f3baf022a64222df4d6ee8726c79ba3dd6e11a19e4b4bb49b4a8cd99c189e6392f08ad731e415b65d0ccb919dca46efe9f79e21437111ab09e926d3038182044ae047bf1cc92e2d2644c528985719667a1a8abaf65d0f211172ea789b2fa016e1a88325d1ed706239da4dbb9e2079e3598b4ae5885667587ba1e0921c9ba55d7a3be4c47bc2f2f3547ce9efe32e5a22855f761bd4cbe1cd9337eda4bd7d82a918084d7e116b656104ca87e64b1b8c62323c3c296c5b5b98051feb607b872edf9f789744aff710c4b7279711182bcac6b76c05f5cd982f52f451e7e29046550e012e01d8cdd3e305427030f4247488c9136303084c12175c5c781cdd08aede5a356ea0ccdd05a460be3c7b4bfd62c3ce9ab68e285a36c1546d0b18edad71f69f5bedb340772e1bbb035514b085067259e39f59dc292a12557350c66904b253efee29a5eb7a6920f583c899dc46a1d3e2af2db3a3d1a0e8d1f98722a16c6cc1e401058d60c8c436d8f1166ba53bdde5810f9d0288528affd486c266546a864c92af3df8abd451cc1e0d6bfea534865cea9d49b3ea5e390fa823118df8a61e31022f5fbb8ceee870bf2e60890263c4d14e24d053d0fddf665ff80a66fa00a5957f8a30fe82a4b82cf2f6b4d49def98f66bfcdaa0aef13314e950ca9f3849b1edf3b82eaf74a0dbcf45c3dba9bd2d853281a78484f1efaf4150da1207ec3cb61fbcbf759f8182b7052b28d7164b73197b0a440759fe9d5ddf827f1897a174e82fb968a9a07c61bee44bc1f7f9ee5c6de04c02d57735c5fab741b36aec7c8642e56cba932a08b8e8a9d3eb066a4ee7cbf22e5abbd4346de59eca1f24ad9f7f9ff7621e5f30dd08f4cddda8e80e496908109f5212a72bab1378d1237def07bdda4178719975346c68405de15153031fb17535894e5e3c1de6fdd507333f0226b78ba7cae509cfb48d6735ede9392650bf85ac1db919b1e9fe0a823119d8253204dbb2f7a8f524be6d419f3a45c5051a7a88ef0bd41586d90c11a894d647f03895f671a6e19f1c70e32668653aba8366a3d372522f49844081a9637db080663ab02f4a8af502955d5411461b62f85308c91852f8fb9f0bdddd500b4a133791d3a2f91a82dc4b09f5ad2196a9172ab0cd3fafe7266e9f6d159110d99ca8da8a34b17be17a04ad4509a9fffab1e45e10f10e0cf9cfbd9c761ad044064c07e473fdc626289cfb88b13a11455c069b70aa02426d9119ac878a14c9483be9c0d5bcbb5fa76c8d06531f59c7cf7c26372e750e2f332418ca769e5e7fbeb3ada7bb58b573a0635e2e3ad9a53ddb809ea01086a3fa993ad57e89da6f9c5e61bd0f8ba69212a386b2aa1ae17520d7fb989dbe14021885eb50fa3048aebd42c861a09a308b660d382c0480ead8a52a1e14927c7c77957f94bb59ccfd557f8c4a7af23360a298a603d20ebc386db041d8c306b3e32b0bff541bdec5ff75c3b40950815cf9f89d48a382f67e44c409d046c01fb1262aca0df6f5238a3c3c09977261494f7361ba326815d6e23f49e4d6d4b54665081067332265fff59cf54af9da0db9d19bc611cbcb6e6f3f1e2e1ffb6cdd6253578d78d06a2ff5f9250f1994c5749e3ce49231fbd63bba28e948f9150933e3ae31299babaa41043b181a100882e613b4b4b8f49ceeb742d22f860853a9b917f5a323a8a1fb1f3363a7be4407fba44b408f259b5db79a055b92ce3d7a0649cc59f4afa2a5f69959d5c6f5eef1fa7987a47bee4491f685c52e9db1ee1a231ab5a4bae1019c97868a409dd0d57b32525394a233023c4a7ac429808bbcb57a34b41883202744c3bdebc0a637773273f19c2be6e806bef7fc1002846db762ee4e16867773808c5477987d5851d5b1641d070feabc203cb3d7943ffb206272fcac1bccb616352d85975f5a22c0f247548535ad9fb83fb2be17689453f10691143c060cd964df63c3c70e7b1cfc7e2b468015f327f9869353477bfeeed330b03ddd9e4e0a2441182244da283d7a59d2b2b20e6de3e3a47c26aeef4944c1190bba674523a6c3c4ed6bac53b9edffcb0e9fb19d8bf36949d03ef6a7e59eb903a00d9614f642d1932c766421906f5b177963c71e881453560e3ffcec792e8dc46b1832a8fcb2ab2268a9c1fb648d1c6fa1c8cbd50d5a2d8264fbc6c063e6daac5519d362da389dcd3d12c8039f991de91e728abf5bab95c3aef66dd8cc36c60e73cb10afb02eff6df20ff12c59b142b07fc48fe94612de80b8b958f78256fd7cf3c6f79a83867f3bb5f70da392957badadecefdf7b6e4ebd39ff945397c7d302ca0a5a3918d8abb893cd9cdd680916a50fe19699ff0476ad82e6ba46523f26ccc5eb65313c1df1077c8876d2b73bf86ba311862d12b0c557a92ef827197121512e87f817167d4b17c7e225a48b3f8fbbf4187438e0e9b78e905cdbeb72e80dfb37ec0104f5186b39b4ff34f0cdf4b74dc915acd3f98874cd6a67308d0ad9697121ac477550b1affe004f433705933f9647522be65cb5a7471120ec942aeb956f195be0c1783102cf7d842f2968222ae1a7fa6513f200d3fa85d71724956ed697f0673ee3b40a4d46ba4850439ec125b708ed52b52b9f72906477d520c90a9f5dd49a7a33a328137a183f439895532b78ae451a8c3db789bc862fbc37241d523027e1a008629c969380f6eb55f9cf3f0675bca6851f00df6aaf90de9f62d5c179945ef81d1073850301f97e379ea415d830e3f3751cf83e2dba541cb6cdd89e6b674f2c53e329e5f3dd418d534ada6469a5b3bca5b7cfbdfdd6df4abaf77d4520d0311e801145c91b52586a56086e663841b702f52cef9fff8cfb7b33dfa125688ba6b4fadd1dca8defaf4259ca85323b23d3bbb45933562c25af3e8d7bc6ad4a50ae974f8d207994b3bd74a6812ab6a40fcaf96bb4e17bd20d742b14c72226caef3e0f5c56c4930071e9f9a894f18650fbb785c6f707605c86b634c9722c8690cf3a954f68d7c2db3a257339ade67a41259f6f878dd0ab7876deffa77f6f00819282a8f4c4da84c6cf4f335cd0410770a2b1a1fbb3f85f4489eeceb78bbfdd21d1866c57b41f6ed179a0bc3750a486403d23473f2feef43ebc5af1018d9c20089e277d77fb9c34f425c8f8af4c49864b57572fa8c232e61ef37194251a1ddc2f73fdecd57e638751cb72bcb2c40d22540166ca1e8588f24b010c9fbd962e3a2c23a7e93f131df61b8703ce326ed80cc87912d3c6aaa27574bbe8d65bcaecd660c31cead132a44b1d0e4a53cacc0b82a263c4e7783944af0af08ea9e68e8e25ed9111cfef841f1b2fd24164f9097f70efe09b1109e5cb91fe68a2760381fd63a7fd422dd578a60661abc9ee3a5db1c2cde2fb21f2040f1ed3fc27b99e254256949d0560e8b98fa028fca50768caa951a87bf8969af498d50a9ee773c9caa7d9f7d8e1955506013f198cda316d79b177e59f233b98f727afd2494fc18642f0015adab756ea6742690c7d00f28655b915ce4eb8b3ba2e8559ba23e1ff1ccc9f79ae2df85f924459c56715dec78ef4592352eb1a850cd65ecd36e1a9121e888586b7b2fa84da920b8cf44480433e61ab076b10171c0537524bb170a4b99b0b0c437418a665b7ef909652b6483b20362e557c1480c2a2a0efa221fc59054a48122b52d38245f9bd026001635be5b155f5c766a59306fbde231fa72b4d74449a2fe8fb969496ee26af5881adaafb4189b439877ab8f78709cfd32c10ea576a010bfc137b7a4aae137ea3d29070ce3bc8dbe6655e967115ca3461ad9d28b9cf8af07441e68a54ec5e889846f3978f07ba51f7d5af5da78c5c675dc5d0c1a4a399ff4247203573a46fb903eaf7bc886e6cbd3126fa4a3fe3bb13bbdfea7da871f65665a750f6ad7895b34b2809563dcf5ed30f1c60cef4138aa49d4f55e396534ed10cf4d857723a2b442f47d79de162c30ec6c4daf939b4c88649495e3682d1da81b4a5928d8e18a16c46707a685305e592589acb484e28e9d5af89c44b6e563d125ec97c0155410527406d94b90bc9576a662db99da1cb82b04d610d02187ce08f22ea0e8fd31919d53fa6aaf980e31ca7f8610e695a41919c24136a8406c62d5f15fca365892a2b54ece17664b5247583ad60d863f283f3c288946139575dcaedc978762e85f534e56334ef0221c34ffae054ddf79339b8f0870300000011041df8f518dd33203377b38d8dff11b15aadb0c251ce2c5b32f8735b3cb784f2e5731b48feb5a0e791a1106abdea0f7d1f087737cbe7fdf523fa14c9be2a2987511004c5b7ac1814ef6961db16799698242452c469a07c30e4a1f73193c74a41bdd88aef50035e4648bc9dfa276951798420a45e4085932bdb9381af3cc4678bd962af616549e4020d2c9fd25e2117a6d8934fde2218273d7833d60ea492e251417a27e7fb32012a940a6b6487af4b64958bf05f1b1107732149d227eeda5ca5a43cf583dc297d66072a1acd75e93a7caefd36a0d581e21d5cb08654c4ecef46ebac5391546e0b7d2a6418548d8f816446bcf237f676e873e6bae9107234abe5ab24c53ea472ad10653cef068fd9f4e729fc0d526e489f8df13af5575f1e70e0ec22899728b0659d70fc2dd509d9df3ec170638f89e540f4d3f02aa9b1b1819f84da596e0d7b45a5818061728f8eeccd2bea0f460dd7e18cb95f2364c50e351f0690e184eb63ebbb14a0b4b2117e44f3b2b300", 0x2000, &(0x7f0000001780)={0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, &(0x7f00000004c0)={0x130, 0x0, 0x4000000000010001, {0x3ffffffffffffffc, 0xfffffff7, 0x0, '\x00', {0x2fff, 0xfffffffd, 0x8000000000010000, 0x906, r14, r15, 0xc000, '\x00', 0x6, 0x27efc00800000, 0xc, 0x9, {0xa, 0x3fe}, {0x6, 0x3}, {0x5, 0x4}, {0xffffffffe, 0xa03}, 0x80008001, 0x800d, 0xfffffffe, 0x5}}}})
fchown(r7, r13, r15)
seccomp$SECCOMP_SET_MODE_FILTER_LISTENER(0x1, 0x7, &(0x7f0000000d00)={0x1, &(0x7f0000000000)=[{0x6, 0x5, 0x7, 0x7ffc0001}]})
flock(r7, 0x9)

33.800934ms ago: executing program 0 (id=1654):
r0 = openat$adsp1(0xffffffffffffff9c, &(0x7f0000000180), 0x2, 0x0)
ioctl$SNDCTL_DSP_SPEED(r0, 0xc0045002, &(0x7f00000001c0))
r1 = openat$dsp1(0xffffffffffffff9c, &(0x7f0000000000), 0x20080, 0x0)
ioctl$SNDCTL_DSP_CHANNELS(r1, 0xc0045006, &(0x7f0000000180)=0x6f)
r2 = dup2(r1, r1)
r3 = syz_open_dev$ttys(0xc, 0x2, 0x0)
ioctl$TIOCSETD(r3, 0x5423, &(0x7f0000000000)=0xd)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0)
sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x7)
r4 = getpid()
sched_setscheduler(r4, 0x2, &(0x7f0000000200)=0x6)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeef, 0x8031, 0xffffffffffffffff, 0x0)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={<r5=>0xffffffffffffffff, <r6=>0xffffffffffffffff})
connect$unix(r5, &(0x7f000057eff8)=@file={0x0, './file0\x00'}, 0x6e)
sendmmsg$unix(r6, &(0x7f0000000000), 0x400000000000041, 0x0)
recvmmsg(r5, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
socket$inet_udp(0x2, 0x2, 0x0)
openat$nullb(0xffffffffffffff9c, &(0x7f0000000100), 0x1c3902, 0x0)
ioctl$TIOCSETD(r3, 0x5423, &(0x7f0000000300)=0x3)
read$FUSE(r2, &(0x7f00000063c0)={0x2020}, 0x2020)
r7 = socket$nl_generic(0x10, 0x3, 0x10)
sendmsg$nl_generic(r7, &(0x7f00000008c0)={0x0, 0x0, &(0x7f0000000180)={&(0x7f0000000900)=ANY=[@ANYBLOB="5c0800002c0007012bbd700000000000077c00000c00018006000600843b000009000280040071008c0000000800e400", @ANYBLOB="2d0529800c00f800030000000000000004006080fa003b800400df00c1becb03dbe55b6c782cebd6a7bc78a21d1bc9f3c1bd441ada5266780599eaf18965bbfcc07c2037129672275c399e1e03f8a0664d807385cc4d566f230400db800400498096d9641e8b1887b25501b11ecd71313a47df368b078d7b825bff33b9eab3964d7b2394b1950c7aeaba6014fe2cd33c89fd070ce0f1f306494a44adf6609d8ad55a5080b36b05cb0b9a57833b14fcd62c0aba0ac67f03b20e87ba6f3610a5bd1d3369ae014c8036c1e596b800991698810ff706e98871c17ad581b0695476273ac6c33a7a51d4a44a5b95684befe95ef49b03458bce89d87355f35b766b242b9f98b661269bb9255d836fb4e30d0000c72ec5561adf6112ca278273b4af42597e7bfa1f5c228f13161b34517c92bc352c017afac22d14047e6fbdc61536f9e51738ea935cb2a577ec2b788433bc13a9e976cfee267f36d988b766a29632c84c94d4cf31d780ef683293d7eacfc93f248d137affcae7cffa699237ea9c74919850dc164f1483f3f352bf7dd787191705b26936e1d090526b6ac5765df318f160cc84b15b94c662cf92611c9eb0b92bfbd3512bffed96a4150d653e130625b6ae5a78da2c4b9c70c736a224b18d89222095fbc4c61bcad1eb73be9c6efaaae48f871223694999b2a925a37138be8220008180cc20e57a92076b2308003200", @ANYBLOB="040044800800c800e00000027a01f380a2b4c1dbd4f221c0a1fd468ca63ae97de147e5bc2d0313377dc17591b491acf18312bee324decf810970090c77ec4ca173b12577aeb13c354245be77050365697b3b4707060c00045e46d612b09c487d7c9c94f778c0a015ecfa70d229085252956142772f9ff5a61a9b7fbc6712f8e64566b7ade87d293b81bd3cd1b2ad2852dc1dbb07d54f5544759f0eb23131b5780de6354f0714b2c5b86323969d0b4f5bd8c4489e0e7471c6a84feb9dead9d156d060a9373c7f80f4f1ec2a87efdeceec8d99c9664ee184f112929fe92da18f26929f98233f18dcbe0c638c040061800400058012fc33716331943112df1a6d89852782e376609e4a38717148d34e9d36191fe607748ad822c89800b204bd5831c55511fc4e85d09c44ef3be8ce710d034d3940"], 0x85c}, 0x1, 0x0, 0x0, 0x24048011}, 0x2004c800)
recvmmsg(r7, &(0x7f00000002c0)=[{{&(0x7f0000000040)=@alg, 0x80, &(0x7f0000000100)=[{&(0x7f00000000c0)=""/25, 0x19}, {&(0x7f0000000200)=""/151, 0x97}], 0x2, &(0x7f00000005c0)=""/4096, 0x1000}, 0xee}, {{0x0, 0x0, &(0x7f0000000140)=[{&(0x7f0000000400)=""/235, 0xeb}], 0x1, &(0x7f00000015c0)=""/229, 0xe5}, 0x5}], 0x2, 0x0, 0x0)
ioctl$SNDCTL_DSP_SETFMT(r0, 0xc0045005, &(0x7f0000000580)=0x10)

0s ago: executing program 5 (id=1655):
bpf$BPF_BTF_LOAD(0x12, &(0x7f0000000000)={&(0x7f0000000480)=ANY=[@ANYBLOB="9feb01081800"], 0x0, 0x32, 0x0, 0xa}, 0x28)

kernel console output (not intermixed with test programs):

   T36] audit: type=1326 audit(1776718624.231:22): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=6311 comm="syz.3.154" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f902d1cc819 code=0x7ffc0000
[  138.455940][   T36] audit: type=1326 audit(1776718624.231:23): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=6311 comm="syz.3.154" exe="/root/syz-executor" sig=0 arch=c000003e syscall=49 compat=0 ip=0x7f902d1cc819 code=0x7ffc0000
[  138.456301][   T36] audit: type=1326 audit(1776718624.231:24): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=6311 comm="syz.3.154" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f902d1cc819 code=0x7ffc0000
[  138.456695][   T36] audit: type=1326 audit(1776718624.231:25): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=6311 comm="syz.3.154" exe="/root/syz-executor" sig=0 arch=c000003e syscall=288 compat=0 ip=0x7f902d1cc819 code=0x7ffc0000
[  138.457935][   T36] audit: type=1326 audit(1776718624.231:26): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=6311 comm="syz.3.154" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f902d1cc819 code=0x7ffc0000
[  138.459079][   T36] audit: type=1326 audit(1776718624.231:27): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=6311 comm="syz.3.154" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f902d1cc819 code=0x7ffc0000
[  138.824638][ T6317] Driver unsupported XDP return value 0 on prog  (id 13) dev N/A, expect packet loss!
[  139.511959][ T6328] netlink: 'syz.0.161': attribute type 3 has an invalid length.
[  139.511984][ T6328] netlink: 4344 bytes leftover after parsing attributes in process `syz.0.161'.
[  139.512082][ T6328] netlink: 'syz.0.161': attribute type 3 has an invalid length.
[  139.512096][ T6328] netlink: 4344 bytes leftover after parsing attributes in process `syz.0.161'.
[  139.785053][ T6337] netlink: 24 bytes leftover after parsing attributes in process `syz.3.165'.
[  139.872129][ T6340] sock: sock_set_timeout: `syz.1.167' (pid 6340) tries to set negative timeout
[  139.962871][ T5832] usb 5-1: new high-speed USB device number 4 using dummy_hcd
[  140.132315][ T5832] usb 5-1: config 1 has an invalid interface number: 7 but max is 0
[  140.132344][ T5832] usb 5-1: config 1 has no interface number 0
[  140.132485][ T5832] usb 5-1: config 1 interface 7 altsetting 0 bulk endpoint 0x1 has invalid maxpacket 1023
[  140.132514][ T5832] usb 5-1: config 1 interface 7 altsetting 0 bulk endpoint 0x2 has invalid maxpacket 8
[  140.132538][ T5832] usb 5-1: config 1 interface 7 altsetting 0 has an invalid descriptor for endpoint zero, skipping
[  140.162334][ T5832] usb 5-1: New USB device found, idVendor=1199, idProduct=68a3, bcdDevice= 0.00
[  140.162364][ T5832] usb 5-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  140.162384][ T5832] usb 5-1: Product: syz
[  140.162398][ T5832] usb 5-1: Manufacturer: syz
[  140.162413][ T5832] usb 5-1: SerialNumber: syz
[  140.245644][ T6331] raw-gadget.0 gadget.4: fail, usb_ep_enable returned -22
[  140.245778][ T6331] raw-gadget.0 gadget.4: fail, usb_ep_enable returned -22
[  140.269774][ T5832] usb 5-1: Expected 3 endpoints, found: 2
[  140.349279][ T6346] netlink: 12 bytes leftover after parsing attributes in process `syz.0.168'.
[  140.486477][ T5832] usb 5-1: USB disconnect, device number 4
[  140.827282][ T6351] overlay: Unknown parameter '/file0'
[  140.978165][ T6353] tracefs: Unknown parameter 'team_slave_0'
[  142.302531][ T6392] netlink: 424 bytes leftover after parsing attributes in process `syz.0.188'.
[  142.304527][ T6392] sch_tbf: burst 0 is lower than device lo mtu (65550) !
[  143.093290][  T821] usb 5-1: new high-speed USB device number 5 using dummy_hcd
[  143.253298][  T821] usb 5-1: Using ep0 maxpacket: 8
[  143.257199][  T821] usb 5-1: unable to get BOS descriptor or descriptor too short
[  143.281607][  T821] usb 5-1: New USB device found, idVendor=1235, idProduct=8201, bcdDevice= 0.40
[  143.281647][  T821] usb 5-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  143.281663][  T821] usb 5-1: Product: syz
[  143.281675][  T821] usb 5-1: Manufacturer: syz
[  143.281685][  T821] usb 5-1: SerialNumber: syz
[  144.012249][ T6422] netlink: 28 bytes leftover after parsing attributes in process `syz.1.200'.
[  145.277032][  T821] usb 5-1: 1:1 : UAC_AS_GENERAL descriptor not found
[  145.311630][  T821] usb 5-1: Focusrite Scarlett Gen 2 Mixer Driver enabled (pid=0x8201); report any issues to https://github.com/geoffreybennett/scarlett-gen2/issues
[  145.311704][  T821] usb 5-1: Error initialising Scarlett Gen 2 Mixer Driver: -22
[  146.555939][ T6462] erspan0: entered promiscuous mode
[  147.086471][  T821] snd-usb-audio 5-1:1.0: probe with driver snd-usb-audio failed with error -22
[  147.172251][  T821] usb 5-1: USB disconnect, device number 5
[  147.308856][ T5934] udevd[5934]: error opening ATTR{/sys/devices/platform/dummy_hcd.4/usb5/5-1/5-1:1.0/sound/card3/controlC3/../uevent} for writing: No such file or directory
[  147.492850][    T9] usb 2-1: new full-speed USB device number 5 using dummy_hcd
[  147.712778][    T9] usb 2-1: config 0 has an invalid interface number: 41 but max is 0
[  147.712814][    T9] usb 2-1: config 0 has no interface number 0
[  147.712866][    T9] usb 2-1: config 0 interface 41 has no altsetting 0
[  147.738012][    T9] usb 2-1: New USB device found, idVendor=0fe6, idProduct=9800, bcdDevice=d1.9a
[  147.738045][    T9] usb 2-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  147.738065][    T9] usb 2-1: Product: syz
[  147.738079][    T9] usb 2-1: Manufacturer: syz
[  147.738094][    T9] usb 2-1: SerialNumber: syz
[  147.822508][    T9] usb 2-1: config 0 descriptor??
[  148.076000][ T6499] netlink: 'syz.3.232': attribute type 29 has an invalid length.
[  148.484364][ T6505] binder: 6503:6505 ioctl c0306201 200000000640 returned -22
[  148.813006][    T9] CoreChips 2-1:0.41 (unnamed net_device) (uninitialized): sr_get_phy_addr : Error reading PHYID register:ffffffb9
[  148.821291][    T9] CoreChips 2-1:0.41: probe with driver CoreChips failed with error -71
[  148.900588][    T9] usb 2-1: USB disconnect, device number 5
[  150.324697][ T6539] netlink: 428 bytes leftover after parsing attributes in process `syz.1.250'.
[  150.324743][ T6539] netlink: 104 bytes leftover after parsing attributes in process `syz.1.250'.
[  151.524022][ T5832] usb 5-1: new low-speed USB device number 6 using dummy_hcd
[  151.675517][ T5832] usb 5-1: config 1 has an invalid descriptor of length 0, skipping remainder of the config
[  151.675547][ T5832] usb 5-1: config 1 has 1 interface, different from the descriptor's value: 2
[  151.675607][ T5832] usb 5-1: config 1 interface 0 altsetting 0 endpoint 0x81 has invalid maxpacket 26984, setting to 8
[  151.675652][ T5832] usb 5-1: New USB device found, idVendor=0225, idProduct=0000, bcdDevice= 0.00
[  151.675675][ T5832] usb 5-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  151.755701][ T6565] raw-gadget.0 gadget.4: fail, usb_ep_enable returned -22
[  151.791340][ T5832] hub 5-1:1.0: bad descriptor, ignoring hub
[  151.791385][ T5832] hub 5-1:1.0: probe with driver hub failed with error -5
[  151.808842][ T5832] cdc_wdm 5-1:1.0: skipping garbage
[  151.808863][ T5832] cdc_wdm 5-1:1.0: skipping garbage
[  151.890505][ T5832] cdc_wdm 5-1:1.0: cdc-wdm0: USB WDM device
[  151.890540][ T5832] cdc_wdm 5-1:1.0: Unknown control protocol
[  152.283399][ T5832] usb 5-1: USB disconnect, device number 6
[  153.002911][    T9] usb 3-1: new high-speed USB device number 3 using dummy_hcd
[  153.122886][ T5832] usb 5-1: new full-speed USB device number 7 using dummy_hcd
[  153.158652][    T9] usb 3-1: config 0 has too many interfaces: 253, using maximum allowed: 32
[  153.158683][    T9] usb 3-1: config 0 has 1 interface, different from the descriptor's value: 253
[  153.162654][    T9] usb 3-1: New USB device found, idVendor=055f, idProduct=c630, bcdDevice=b6.ac
[  153.162682][    T9] usb 3-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  153.162895][    T9] usb 3-1: Product: syz
[  153.162908][    T9] usb 3-1: Manufacturer: syz
[  153.162922][    T9] usb 3-1: SerialNumber: syz
[  153.230068][    T9] usb 3-1: config 0 descriptor??
[  153.305582][ T5832] usb 5-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 10
[  153.305633][ T5832] usb 5-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0
[  153.305672][ T5832] usb 5-1: New USB device found, idVendor=0458, idProduct=5016, bcdDevice= 0.00
[  153.305696][ T5832] usb 5-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  153.308407][    T9] gspca_main: sunplus-2.14.0 probing 055f:c630
[  153.373647][ T5832] usb 5-1: config 0 descriptor??
[  153.879085][    T9] gspca_sunplus: reg_r err -71
[  153.879198][    T9] sunplus 3-1:0.0: probe with driver sunplus failed with error -71
[  153.930233][ T5832] kye 0003:0458:5016.0005: control desc unexpectedly large
[  153.992171][    T9] usb 3-1: USB disconnect, device number 3
[  154.179570][ T5832] input: HID 0458:5016 as /devices/platform/dummy_hcd.4/usb5/5-1/5-1:0.0/0003:0458:5016.0005/input/input7
[  154.309651][ T6628] sch_fq: defrate 5 ignored.
[  154.591794][ T5832] input: HID 0458:5016 as /devices/platform/dummy_hcd.4/usb5/5-1/5-1:0.0/0003:0458:5016.0005/input/input8
[  154.720897][ T5832] kye 0003:0458:5016.0005: input,hiddev0,hidraw0: USB HID v0.09 Device [HID 0458:5016] on usb-dummy_hcd.4-1/input0
[  155.033270][ T5832] usb 5-1: USB disconnect, device number 7
[  155.386240][ T6646] fido_id[6646]: Failed to open report descriptor at '/sys/devices/platform/dummy_hcd.4/usb5/5-1/report_descriptor': No such file or directory
[  155.674229][ T6654] ieee802154 phy0 wpan0: encryption failed: -22
[  155.980543][    T9] usb 1-1: new high-speed USB device number 2 using dummy_hcd
[  156.052858][   T48] usb 2-1: new high-speed USB device number 6 using dummy_hcd
[  156.081622][ T6662] program syz.2.304 is using a deprecated SCSI ioctl, please convert it to SG_IO
[  156.194818][    T9] usb 1-1: Using ep0 maxpacket: 16
[  156.197511][    T9] usb 1-1: config index 0 descriptor too short (expected 4495, got 71)
[  156.197539][    T9] usb 1-1: config 0 has an invalid interface number: 105 but max is 0
[  156.197560][    T9] usb 1-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config
[  156.197579][    T9] usb 1-1: config 0 has no interface number 0
[  156.212598][   T48] usb 2-1: Using ep0 maxpacket: 32
[  156.273712][   T48] usb 2-1: config 0 interface 0 altsetting 0 has an endpoint descriptor with address 0xA6, changing to 0x86
[  156.273748][   T48] usb 2-1: config 0 interface 0 altsetting 0 endpoint 0x86 has an invalid bInterval 0, changing to 7
[  156.273774][   T48] usb 2-1: config 0 interface 0 altsetting 0 endpoint 0x86 has invalid wMaxPacketSize 0
[  156.273797][   T48] usb 2-1: config 0 interface 0 altsetting 0 endpoint 0x7 has invalid wMaxPacketSize 0
[  156.278647][    T9] usb 1-1: New USB device found, idVendor=046c, idProduct=14e0, bcdDevice= 0.01
[  156.278680][    T9] usb 1-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  156.278700][    T9] usb 1-1: Product: syz
[  156.278714][    T9] usb 1-1: Manufacturer: syz
[  156.278730][    T9] usb 1-1: SerialNumber: syz
[  156.280081][   T48] usb 2-1: New USB device found, idVendor=05ef, idProduct=020a, bcdDevice=91.36
[  156.280110][   T48] usb 2-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  156.280130][   T48] usb 2-1: Product: syz
[  156.280146][   T48] usb 2-1: Manufacturer: syz
[  156.280161][   T48] usb 2-1: SerialNumber: syz
[  156.520042][   T48] usb 2-1: config 0 descriptor??
[  156.614861][    T9] usb 1-1: config 0 descriptor??
[  156.689567][    T9] uvcvideo 1-1:0.105: Found UVC 0.00 device syz (046c:14e0)
[  156.689617][    T9] uvcvideo 1-1:0.105: No valid video chain found.
[  156.849030][ T5832] usb 2-1: USB disconnect, device number 6
[  156.974155][   T48] usb 1-1: USB disconnect, device number 2
[  158.303929][ T6692] netlink: 52 bytes leftover after parsing attributes in process `syz.1.317'.
[  159.272847][   T10] usb 1-1: new full-speed USB device number 3 using dummy_hcd
[  159.285614][ T6725] input: syz1 as /devices/virtual/input/input9
[  159.332832][    T9] usb 4-1: new high-speed USB device number 4 using dummy_hcd
[  159.451303][   T10] usb 1-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid maxpacket 1023, setting to 64
[  159.451330][   T10] usb 1-1: config 0 interface 0 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 9
[  159.451366][   T10] usb 1-1: New USB device found, idVendor=17ef, idProduct=6047, bcdDevice= 0.00
[  159.451383][   T10] usb 1-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  159.552843][    T9] usb 4-1: Using ep0 maxpacket: 32
[  159.558296][    T9] usb 4-1: config 0 interface 0 altsetting 2 endpoint 0x82 has invalid wMaxPacketSize 0
[  159.558326][    T9] usb 4-1: config 0 interface 0 altsetting 2 bulk endpoint 0x82 has invalid maxpacket 0
[  159.558351][    T9] usb 4-1: config 0 interface 0 has no altsetting 0
[  159.559282][   T10] usb 1-1: config 0 descriptor??
[  159.560488][ T6718] raw-gadget.0 gadget.0: fail, usb_ep_enable returned -22
[  159.561135][    T9] usb 4-1: New USB device found, idVendor=16d0, idProduct=10b8, bcdDevice=de.8e
[  159.561161][    T9] usb 4-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  159.561183][    T9] usb 4-1: Product: syz
[  159.561198][    T9] usb 4-1: Manufacturer: syz
[  159.561213][    T9] usb 4-1: SerialNumber: syz
[  159.857225][    T9] usb 4-1: config 0 descriptor??
[  160.075331][   T10] hid_parser_main: 62 callbacks suppressed
[  160.075355][   T10] lenovo 0003:17EF:6047.0006: unknown main item tag 0x0
[  160.075769][   T10] lenovo 0003:17EF:6047.0006: unknown main item tag 0x0
[  160.075805][   T10] lenovo 0003:17EF:6047.0006: unknown main item tag 0x0
[  160.075832][   T10] lenovo 0003:17EF:6047.0006: unknown main item tag 0x0
[  160.075866][   T10] lenovo 0003:17EF:6047.0006: unknown main item tag 0x0
[  160.077818][   T10] lenovo 0003:17EF:6047.0006: unknown main item tag 0x0
[  160.077852][   T10] lenovo 0003:17EF:6047.0006: unknown main item tag 0x0
[  160.082646][   T10] lenovo 0003:17EF:6047.0006: unknown main item tag 0x0
[  160.082684][   T10] lenovo 0003:17EF:6047.0006: unknown main item tag 0x0
[  160.085798][   T10] lenovo 0003:17EF:6047.0006: unknown main item tag 0x0
[  160.202846][   T48] usb 2-1: new high-speed USB device number 7 using dummy_hcd
[  160.354551][   T48] usb 2-1: Using ep0 maxpacket: 16
[  160.357201][   T48] usb 2-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7
[  160.357304][   T48] usb 2-1: config 0 interface 0 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 9
[  160.357356][   T48] usb 2-1: New USB device found, idVendor=045e, idProduct=07da, bcdDevice= 0.00
[  160.357377][   T48] usb 2-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  160.390752][   T10] lenovo 0003:17EF:6047.0006: hidraw0: USB HID v0.05 Device [HID 17ef:6047] on usb-dummy_hcd.0-1/input0
[  160.427067][    T9] gs_usb 4-1:0.0: Configuring for 1 interfaces
[  160.457272][   T48] usb 2-1: config 0 descriptor??
[  160.609365][   T10] usb 1-1: USB disconnect, device number 3
[  160.857642][    T9] gs_usb 4-1:0.0: Disabling termination support for channel 0 (-EPROTO)
[  160.937317][   T48] HID 045e:07da: Invalid code 65791 type 1
[  160.981285][   T48] input: HID 045e:07da as /devices/platform/dummy_hcd.1/usb2/2-1/2-1:0.0/0003:045E:07DA.0007/input/input10
[  160.998469][    T9] gs_usb 4-1:0.0: Couldn't register candev for channel 0 (-EINVAL)
[  161.065879][    T9] gs_usb 4-1:0.0: probe with driver gs_usb failed with error -22
[  161.387212][   T48] microsoft 0003:045E:07DA.0007: input,hidraw0: USB HID v0.00 Device [HID 045e:07da] on usb-dummy_hcd.1-1/input0
[  161.423314][   T48] usb 2-1: USB disconnect, device number 7
[  161.425102][    T9] usb 4-1: USB disconnect, device number 4
[  162.146190][ T6761] fido_id[6761]: Failed to open report descriptor at '/sys/devices/platform/dummy_hcd.1/usb2/2-1/report_descriptor': No such file or directory
[  162.168881][ T6760] vxcan3: entered promiscuous mode
[  163.105869][ T6796] netlink: 8 bytes leftover after parsing attributes in process `syz.2.361'.
[  163.105907][ T6796] netlink: 4 bytes leftover after parsing attributes in process `syz.2.361'.
[  163.345092][ T6803] netlink: 24 bytes leftover after parsing attributes in process `syz.1.364'.
[  163.965001][   T10] usb 2-1: new full-speed USB device number 8 using dummy_hcd
[  164.121595][ T5835] block nbd0: Receive control failed (result -32)
[  164.235921][   T10] usb 2-1: config 0 has an invalid descriptor of length 185, skipping remainder of the config
[  164.235981][   T10] usb 2-1: config 0 interface 0 altsetting 0 has an endpoint descriptor with address 0xBE, changing to 0x8E
[  164.236012][   T10] usb 2-1: config 0 interface 0 altsetting 0 endpoint 0x8E has an invalid bInterval 0, changing to 10
[  164.236031][   T10] usb 2-1: config 0 interface 0 altsetting 0 endpoint 0x8E has invalid maxpacket 1464, setting to 64
[  164.236050][   T10] usb 2-1: config 0 interface 0 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 3
[  164.239060][   T10] usb 2-1: New USB device found, idVendor=10c5, idProduct=819a, bcdDevice=e4.46
[  164.239090][   T10] usb 2-1: New USB device strings: Mfr=1, Product=2, SerialNumber=35
[  164.239110][   T10] usb 2-1: Product: syz
[  164.239125][   T10] usb 2-1: Manufacturer: syz
[  164.239139][   T10] usb 2-1: SerialNumber: syz
[  164.341561][   T10] usb 2-1: config 0 descriptor??
[  164.342447][ T6809] raw-gadget.0 gadget.1: fail, usb_ep_enable returned -22
[  164.578313][   T10] radio-si470x 2-1:0.0: DeviceID=0x0000 ChipID=0x0000
[  164.578340][   T10] radio-si470x 2-1:0.0: This driver is known to work with firmware version 12, but the device has firmware version 0.
[  164.780212][   T10] radio-si470x 2-1:0.0: software version 0, hardware version 0
[  164.780241][   T10] radio-si470x 2-1:0.0: This driver is known to work with hardware version 1, but the device has hardware version 0.
[  164.780263][   T10] radio-si470x 2-1:0.0: If you have some trouble using this driver, please report to V4L ML at linux-media@vger.kernel.org
[  164.981181][   T10] radio-si470x 2-1:0.0: si470x_set_report: usb_control_msg returned -71
[  164.981477][    C0] radio-si470x 2-1:0.0: non-zero urb status (-71)
[  164.981720][    C0] radio-si470x 2-1:0.0: non-zero urb status (-71)
[  164.981805][   T10] radio-si470x 2-1:0.0: si470x_set_report: usb_control_msg returned -71
[  165.028875][   T10] radio-si470x 2-1:0.0: probe with driver radio-si470x failed with error -22
[  165.110211][   T10] usb 2-1: USB disconnect, device number 8
[  166.443069][ T6862] vxcan0: tx address claim with dest, not broadcast
[  168.683489][ T5824] usb 3-1: new high-speed USB device number 4 using dummy_hcd
[  168.730371][ T6911] iommufd_mock iommufd_mock0: Adding to iommu group 0
[  168.832841][ T5824] usb 3-1: Using ep0 maxpacket: 16
[  168.835698][ T5824] usb 3-1: config 0 interface 0 altsetting 9 endpoint 0x81 has an invalid bInterval 0, changing to 7
[  168.835729][ T5824] usb 3-1: config 0 interface 0 altsetting 9 endpoint 0x81 has invalid wMaxPacketSize 0
[  168.835752][ T5824] usb 3-1: config 0 interface 0 has no altsetting 0
[  168.835784][ T5824] usb 3-1: New USB device found, idVendor=1e71, idProduct=2009, bcdDevice= 0.00
[  168.835809][ T5824] usb 3-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  168.904011][ T5824] usb 3-1: config 0 descriptor??
[  169.162421][   T36] kauditd_printk_skb: 11 callbacks suppressed
[  169.162441][   T36] audit: type=1326 audit(1776718654.931:39): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=6916 comm="syz.3.417" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f902d1cc819 code=0x7ffc0000
[  169.209392][   T36] audit: type=1326 audit(1776718654.981:40): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=6916 comm="syz.3.417" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f902d1cc819 code=0x7ffc0000
[  169.233912][   T36] audit: type=1326 audit(1776718655.001:41): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=6916 comm="syz.3.417" exe="/root/syz-executor" sig=0 arch=c000003e syscall=257 compat=0 ip=0x7f902d1cc819 code=0x7ffc0000
[  169.233988][   T36] audit: type=1326 audit(1776718655.011:42): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=6916 comm="syz.3.417" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f902d1cc819 code=0x7ffc0000
[  169.281988][   T36] audit: type=1326 audit(1776718655.011:43): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=6916 comm="syz.3.417" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f902d1cc819 code=0x7ffc0000
[  169.362616][   T36] audit: type=1326 audit(1776718655.021:44): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=6916 comm="syz.3.417" exe="/root/syz-executor" sig=0 arch=c000003e syscall=257 compat=0 ip=0x7f902d1cc819 code=0x7ffc0000
[  169.391293][   T36] audit: type=1326 audit(1776718655.151:45): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=6916 comm="syz.3.417" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f902d1cc819 code=0x7ffc0000
[  169.391363][   T36] audit: type=1326 audit(1776718655.151:46): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=6916 comm="syz.3.417" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f902d1cc819 code=0x7ffc0000
[  169.450029][ T5824] nzxt-smart2 0003:1E71:2009.0008: hidraw0: USB HID v0.05 Device [HID 1e71:2009] on usb-dummy_hcd.2-1/input0
[  169.585278][ T5824] usb 3-1: USB disconnect, device number 4
[  170.719504][ T6941] program syz.2.425 is using a deprecated SCSI ioctl, please convert it to SG_IO
[  171.775406][ T6977] tap0: tun_chr_ioctl cmd 1074025675
[  171.775430][ T6977] tap0: persist enabled
[  171.775630][ T6977] tap0: tun_chr_ioctl cmd 1074025675
[  171.775646][ T6977] tap0: persist disabled
[  173.632272][ T7004] mkiss: ax0: crc mode is auto.
[  173.670705][ T7020] warning: `syz.0.459' uses wireless extensions which will stop working for Wi-Fi 7 hardware; use nl80211
[  174.528314][ T5832] usb 1-1: new high-speed USB device number 4 using dummy_hcd
[  174.672875][ T5832] usb 1-1: Using ep0 maxpacket: 8
[  174.682506][ T5832] usb 1-1: config 179 has an invalid interface number: 65 but max is 0
[  174.682536][ T5832] usb 1-1: config 179 has no interface number 0
[  174.682597][ T5832] usb 1-1: config 179 interface 65 altsetting 12 endpoint 0xF has an invalid bInterval 63, changing to 9
[  174.682626][ T5832] usb 1-1: config 179 interface 65 altsetting 12 endpoint 0xF has invalid maxpacket 57605, setting to 1024
[  174.682657][ T5832] usb 1-1: config 179 interface 65 altsetting 12 endpoint 0x83 has an invalid bInterval 0, changing to 7
[  174.692616][ T5832] usb 1-1: config 179 interface 65 altsetting 12 endpoint 0x83 has invalid wMaxPacketSize 0
[  174.692649][ T5832] usb 1-1: config 179 interface 65 altsetting 12 has 2 endpoint descriptors, different from the interface descriptor's value: 23
[  174.692840][ T5832] usb 1-1: config 179 interface 65 has no altsetting 0
[  174.692880][ T5832] usb 1-1: New USB device found, idVendor=12ab, idProduct=0004, bcdDevice= 0.00
[  174.692905][ T5832] usb 1-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  174.981491][ T5832] input: Honey Bee Xbox360 dancepad as /devices/platform/dummy_hcd.0/usb1/1-1/1-1:179.65/input/input11
[  175.557805][ T5832] usb 1-1: USB disconnect, device number 4
[  175.557900][    C1] xpad 1-1:179.65: xpad_irq_out - usb_submit_urb failed with result -19
[  175.955327][ T7056] netlink: 12 bytes leftover after parsing attributes in process `syz.2.474'.
[  176.114976][ T7056] Zero length message leads to an empty skb
[  177.309241][ T7092] block nbd3: shutting down sockets
[  177.550349][ T7099] batman_adv: batadv0: Adding interface: gretap1
[  177.550399][ T7099] batman_adv: batadv0: The MTU of interface gretap1 is too small (1382) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1532 would solve the problem.
[  177.550433][ T7099] batman_adv: batadv0: Interface activated: gretap1
[  177.922489][ T7104] netlink: 4 bytes leftover after parsing attributes in process `syz.2.494'.
[  177.933663][ T7104] chnl_net:caif_netlink_parms(): no params data found
[  178.256298][ T7115] netlink: 12 bytes leftover after parsing attributes in process `syz.4.498'.
[  178.818469][ T7128] Invalid argument reading file caps for ./file0
[  179.316103][ T7142] sctp: [Deprecated]: syz.2.510 (pid 7142) Use of struct sctp_assoc_value in delayed_ack socket option.
[  179.316103][ T7142] Use struct sctp_sack_info instead
[  179.413139][   T10] usb 5-1: new high-speed USB device number 8 using dummy_hcd
[  179.582867][   T10] usb 5-1: Using ep0 maxpacket: 32
[  179.586822][   T10] usb 5-1: config 0 has an invalid interface number: 184 but max is 0
[  179.586853][   T10] usb 5-1: config 0 has no interface number 0
[  179.586899][   T10] usb 5-1: config 0 interface 184 has no altsetting 0
[  179.683059][   T10] usb 5-1: New USB device found, idVendor=0424, idProduct=7500, bcdDevice=69.ee
[  179.683095][   T10] usb 5-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  179.683117][   T10] usb 5-1: Product: syz
[  179.683133][   T10] usb 5-1: Manufacturer: syz
[  179.683149][   T10] usb 5-1: SerialNumber: syz
[  179.923429][   T10] usb 5-1: config 0 descriptor??
[  180.594134][   T10] smsc75xx 5-1:0.184 (unnamed net_device) (uninitialized): Failed to read reg index 0x00000040: -32
[  180.594169][   T10] smsc75xx 5-1:0.184 (unnamed net_device) (uninitialized): Error reading E2P_CMD
[  180.818287][   T10] smsc75xx 5-1:0.184 (unnamed net_device) (uninitialized): Failed to read reg index 0x00000010: -71
[  180.818324][   T10] smsc75xx 5-1:0.184 (unnamed net_device) (uninitialized): Failed to read HW_CFG: -71
[  180.818346][   T10] smsc75xx 5-1:0.184 (unnamed net_device) (uninitialized): smsc75xx_reset error -71
[  180.818670][   T10] smsc75xx 5-1:0.184: probe with driver smsc75xx failed with error -71
[  180.957233][   T10] usb 5-1: USB disconnect, device number 8
[  181.707244][ T7187] netlink: 52 bytes leftover after parsing attributes in process `syz.0.529'.
[  181.901191][ T7187] bridge0: port 2(bridge_slave_1) entered disabled state
[  181.920644][ T7187] bridge0: port 1(bridge_slave_0) entered disabled state
[  182.451437][ T7195] netlink: 20 bytes leftover after parsing attributes in process `syz.1.530'.
[  183.529062][ T7222] skbuff: bad partial csum: csum=65506/2 headroom=168 headlen=65526
[  184.172946][ T5921] usb 5-1: new high-speed USB device number 9 using dummy_hcd
[  184.352938][ T5921] usb 5-1: Using ep0 maxpacket: 16
[  184.384840][ T5921] usb 5-1: New USB device found, idVendor=06be, idProduct=a232, bcdDevice=33.f3
[  184.384874][ T5921] usb 5-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  184.384894][ T5921] usb 5-1: Product: syz
[  184.384909][ T5921] usb 5-1: Manufacturer: syz
[  184.384925][ T5921] usb 5-1: SerialNumber: syz
[  184.446206][ T5921] usb 5-1: config 0 descriptor??
[  184.924657][ T5921] dvb-usb: found a 'AME DTV-5100 USB2.0 DVB-T' in warm state.
[  185.117534][ T5921] dvb-usb: will pass the complete MPEG2 transport stream to the software demuxer.
[  185.125658][ T5921] dvbdev: DVB: registering new adapter (AME DTV-5100 USB2.0 DVB-T)
[  185.125726][ T5921] usb 5-1: media controller created
[  185.300765][ T5921] dvbdev: dvb_create_media_entity: media entity 'dvb-demux' registered.
[  185.842095][ T5921] dvb-usb: no frontend was attached by 'AME DTV-5100 USB2.0 DVB-T'
[  185.842129][ T5921] dvb-usb: AME DTV-5100 USB2.0 DVB-T successfully initialized and connected.
[  186.141858][   T10] usb 5-1: USB disconnect, device number 9
[  186.639138][   T10] dvb-usb: AME DTV-5100 USB2.0 DVB-T successfully deinitialized and disconnected.
[  186.854451][ T7262] Bluetooth: hci0: Opcode 0x0c03 failed: -4
[  187.546280][ T7291] netlink: 7 bytes leftover after parsing attributes in process `syz.3.569'.
[  188.017221][ T5835] block nbd1: Receive control failed (result -32)
[  188.030602][ T5835] block nbd1: Receive control failed (result -32)
[  188.048905][ T5835] block nbd1: Receive control failed (result -32)
[  188.270297][   T48] kernel read not supported for file bpf-prog (pid: 48 comm: kworker/1:1)
[  188.368118][ T5921] kernel read not supported for file /256/timers (pid: 5921 comm: kworker/0:6)
[  189.650469][ T7347] input: syz0 as /devices/virtual/input/input15
[  190.107636][ T7364] loop8: detected capacity change from 0 to 7
[  190.181994][ T7364] Dev loop8: unable to read RDB block 7
[  190.182045][ T7364]  loop8: unable to read partition table
[  190.182279][ T7364] loop8: partition table beyond EOD, truncated
[  190.182299][ T7364] loop_reread_partitions: partition scan of loop8 (þ被xü^>Ñà– ) failed (rc=-5)
[  190.213635][ T7361] sctp: [Deprecated]: syz.2.601 (pid 7361) Use of int in max_burst socket option deprecated.
[  190.213635][ T7361] Use struct sctp_assoc_value instead
[  190.602950][   T36] audit: type=1800 audit(1776718676.311:47): pid=7372 uid=0 auid=4294967295 ses=4294967295 subj=_ op=collect_data cause=failed comm="syz.4.605" name="SYSV00000000" dev="tmpfs" ino=0 res=0 errno=0
[  190.747849][ T7374] loop2: detected capacity change from 0 to 7
[  190.949415][ T7374] Dev loop2: unable to read RDB block 7
[  190.949466][ T7374]  loop2: unable to read partition table
[  190.949693][ T7374] loop2: partition table beyond EOD, truncated
[  190.949732][ T7374] loop_reread_partitions: partition scan of loop2 (þ被xü—ŸÑච) failed (rc=-5)
[  193.864575][   T48] usb 1-1: new high-speed USB device number 5 using dummy_hcd
[  194.012820][   T48] usb 1-1: Using ep0 maxpacket: 32
[  194.017319][   T48] usb 1-1: config index 0 descriptor too short (expected 156, got 27)
[  194.017363][   T48] usb 1-1: too many endpoints for config 0 interface 0 altsetting 191: 144, using maximum allowed: 30
[  194.017405][   T48] usb 1-1: config 0 interface 0 altsetting 191 endpoint 0x87 has an invalid bInterval 0, changing to 7
[  194.017438][   T48] usb 1-1: config 0 interface 0 altsetting 191 has 1 endpoint descriptor, different from the interface descriptor's value: 144
[  194.017465][   T48] usb 1-1: config 0 interface 0 has no altsetting 0
[  194.029128][   T48] usb 1-1: New USB device found, idVendor=0f11, idProduct=1021, bcdDevice=86.66
[  194.029208][   T48] usb 1-1: New USB device strings: Mfr=85, Product=120, SerialNumber=172
[  194.029280][   T48] usb 1-1: Product: syz
[  194.029343][   T48] usb 1-1: Manufacturer: syz
[  194.029388][   T48] usb 1-1: SerialNumber: syz
[  194.107128][ T5832] usb 3-1: new full-speed USB device number 5 using dummy_hcd
[  194.151545][   T48] usb 1-1: config 0 descriptor??
[  194.205536][   T48] ldusb 1-1:0.0: Interrupt out endpoint not found (using control endpoint instead)
[  194.313713][   T48] ldusb 1-1:0.0: LD USB Device #0 now attached to major 180 minor 0
[  194.315950][ T5832] usb 3-1: config 6 has an invalid interface number: 2 but max is 0
[  194.315983][ T5832] usb 3-1: config 6 has no interface number 0
[  194.316030][ T5832] usb 3-1: config 6 interface 2 altsetting 0 endpoint 0xB has invalid wMaxPacketSize 0
[  194.316054][ T5832] usb 3-1: config 6 interface 2 altsetting 0 has an endpoint descriptor with address 0xFF, changing to 0x8F
[  194.316079][ T5832] usb 3-1: config 6 interface 2 altsetting 0 endpoint 0x8F has invalid maxpacket 65535, setting to 64
[  194.402185][ T5832] usb 3-1: New USB device found, idVendor=0af0, idProduct=7271, bcdDevice=88.91
[  194.402216][ T5832] usb 3-1: New USB device strings: Mfr=17, Product=2, SerialNumber=3
[  194.402237][ T5832] usb 3-1: Product: syz
[  194.402251][ T5832] usb 3-1: Manufacturer: syz
[  194.402266][ T5832] usb 3-1: SerialNumber: syz
[  194.482892][ T7430] raw-gadget.1 gadget.2: fail, usb_ep_enable returned -22
[  194.578100][ T5832] hso 3-1:6.2: Failed to find BULK eps
[  194.598352][   T48] usb 1-1: USB disconnect, device number 5
[  194.632236][ T1337] ieee802154 phy0 wpan0: encryption failed: -22
[  194.632305][ T1337] ieee802154 phy1 wpan1: encryption failed: -22
[  194.943863][   T48] ldusb 1-1:0.0: LD USB Device #0 now disconnected
[  195.142110][ T5832] usb 3-1: USB disconnect, device number 5
[  195.732488][ T7459] input: syz1 as /devices/virtual/input/input16
[  196.038925][ T5934] udevd[5934]: setting owner of /dev/input/event4 to uid=0, gid=104 failed: No such file or directory
[  197.101434][ T7491] netlink: 'syz.4.651': attribute type 11 has an invalid length.
[  198.170791][ T7510] netlink: 'syz.0.659': attribute type 1 has an invalid length.
[  198.459332][ T7510] 8021q: adding VLAN 0 to HW filter on device bond1
[  200.713220][ T7545] syz.3.670 (7545) used greatest stack depth: 16920 bytes left
[  201.132841][  T821] usb 2-1: new high-speed USB device number 9 using dummy_hcd
[  201.286181][  T821] usb 2-1: config 1 has an invalid descriptor of length 31, skipping remainder of the config
[  201.286297][  T821] usb 2-1: config 1 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7
[  201.286342][  T821] usb 2-1: config 1 interface 1 altsetting 1 has 1 endpoint descriptor, different from the interface descriptor's value: 2
[  201.291418][  T821] usb 2-1: New USB device found, idVendor=0525, idProduct=a4a1, bcdDevice= 0.40
[  201.291449][  T821] usb 2-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  201.291470][  T821] usb 2-1: Product: syz
[  201.291494][  T821] usb 2-1: Manufacturer: syz
[  201.291509][  T821] usb 2-1: SerialNumber: syz
[  201.919916][ T7595] syz.4.693 uses obsolete (PF_INET,SOCK_PACKET)
[  202.427419][  T821] cdc_ncm 2-1:1.0: bind() failure
[  202.478070][  T821] usbtest 2-1:1.1: probe with driver usbtest failed with error -71
[  202.525521][  T821] usb 2-1: USB disconnect, device number 9
[  203.121547][ T7623] netlink: 43 bytes leftover after parsing attributes in process `syz.4.705'.
[  203.137566][ T5920] usb 4-1: new full-speed USB device number 5 using dummy_hcd
[  203.343756][ T5920] usb 4-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config
[  203.343812][ T5920] usb 4-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 10
[  203.343840][ T5920] usb 4-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0
[  203.343862][ T5920] usb 4-1: config 0 interface 0 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 5
[  203.343904][ T5920] usb 4-1: New USB device found, idVendor=20bc, idProduct=5500, bcdDevice= 0.00
[  203.343927][ T5920] usb 4-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  203.357226][ T5920] usb 4-1: config 0 descriptor??
[  203.676838][ T5920] usbhid 4-1:0.0: can't add hid device: -71
[  203.676970][ T5920] usbhid 4-1:0.0: probe with driver usbhid failed with error -71
[  203.714553][ T5920] usb 4-1: USB disconnect, device number 5
[  204.135193][ T5832] usb 1-1: new high-speed USB device number 6 using dummy_hcd
[  204.298990][ T5832] usb 1-1: config 1 has an invalid descriptor of length 0, skipping remainder of the config
[  204.299019][ T5832] usb 1-1: config 1 has 1 interface, different from the descriptor's value: 3
[  204.314068][ T5832] usb 1-1: New USB device found, idVendor=08b7, idProduct=0000, bcdDevice= 0.00
[  204.314099][ T5832] usb 1-1: New USB device strings: Mfr=0, Product=0, SerialNumber=3
[  204.314119][ T5832] usb 1-1: SerialNumber: syz
[  204.322833][ T5920] usb 4-1: new high-speed USB device number 6 using dummy_hcd
[  204.485494][ T7653] netlink: 32 bytes leftover after parsing attributes in process `syz.4.718'.
[  204.502950][ T5920] usb 4-1: Using ep0 maxpacket: 32
[  204.507665][ T5920] usb 4-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config
[  204.507777][ T5920] usb 4-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7
[  204.507806][ T5920] usb 4-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0
[  204.507859][ T5920] usb 4-1: config 0 interface 0 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 5
[  204.507944][ T5920] usb 4-1: New USB device found, idVendor=20bc, idProduct=5500, bcdDevice= 0.00
[  204.507969][ T5920] usb 4-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  204.583248][ T5920] usb 4-1: config 0 descriptor??
[  204.685242][ T5832] usb 1-1: 0:2 : does not exist
[  204.909172][  T821] hid_parser_main: 27 callbacks suppressed
[  204.909197][  T821] hid-generic 0000:0000:0000.0009: unknown main item tag 0x0
[  205.090499][ T5832] usb 1-1: USB disconnect, device number 6
[  205.102091][ T5920] betop 0003:20BC:5500.000A: item fetching failed at offset 2/5
[  205.119836][ T5920] betop 0003:20BC:5500.000A: parse failed
[  205.119917][ T5920] betop 0003:20BC:5500.000A: probe with driver betop failed with error -22
[  205.211599][  T821] hid-generic 0000:0000:0000.0009: hidraw0: <UNKNOWN> HID v0.00 Device [syz1] on syz0
[  205.289314][ T5920] usb 4-1: USB disconnect, device number 6
[  205.736978][ T7668] semctl(GETNCNT/GETZCNT) is since 3.16 Single Unix Specification compliant.
[  205.736978][ T7668] The task syz.2.723 (7668) triggered the difference, watch for misbehavior.
[  205.849922][ T5934] udevd[5934]: error opening ATTR{/sys/devices/platform/dummy_hcd.0/usb1/1-1/1-1:1.0/sound/card3/controlC3/../uevent} for writing: No such file or directory
[  206.148612][ T7648] hid-generic 0000:0000:0000.0009: pid 7648 passed too short report
[  206.613799][ T7683] netlink: 20 bytes leftover after parsing attributes in process `syz.2.730'.
[  207.194742][ T5920] usb 1-1: new high-speed USB device number 7 using dummy_hcd
[  207.342912][ T5920] usb 1-1: Using ep0 maxpacket: 32
[  207.345852][ T5920] usb 1-1: config 0 has an invalid interface number: 184 but max is 0
[  207.345880][ T5920] usb 1-1: config 0 has no interface number 0
[  207.345926][ T5920] usb 1-1: config 0 interface 184 has no altsetting 0
[  207.392959][ T5920] usb 1-1: New USB device found, idVendor=0424, idProduct=7500, bcdDevice=69.ee
[  207.392989][ T5920] usb 1-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  207.393009][ T5920] usb 1-1: Product: syz
[  207.393023][ T5920] usb 1-1: Manufacturer: syz
[  207.393038][ T5920] usb 1-1: SerialNumber: syz
[  207.401984][ T5920] usb 1-1: config 0 descriptor??
[  207.808119][   T36] audit: type=1326 audit(1776718693.581:48): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=7711 comm="syz.3.743" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f902d1cc819 code=0x7ffc0000
[  207.810465][   T36] audit: type=1326 audit(1776718693.581:49): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=7711 comm="syz.3.743" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f902d1cc819 code=0x7ffc0000
[  207.811336][   T36] audit: type=1326 audit(1776718693.581:50): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=7711 comm="syz.3.743" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f902d1cc819 code=0x7ffc0000
[  207.811605][   T36] audit: type=1326 audit(1776718693.581:51): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=7711 comm="syz.3.743" exe="/root/syz-executor" sig=0 arch=c000003e syscall=49 compat=0 ip=0x7f902d1cc819 code=0x7ffc0000
[  207.889724][   T36] audit: type=1326 audit(1776718693.581:52): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=7711 comm="syz.3.743" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f902d1cc819 code=0x7ffc0000
[  207.889781][   T36] audit: type=1326 audit(1776718693.601:53): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=7711 comm="syz.3.743" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f902d1cc819 code=0x7ffc0000
[  207.889826][   T36] audit: type=1326 audit(1776718693.661:54): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=7711 comm="syz.3.743" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f902d1cc819 code=0x7ffc0000
[  207.961718][   T36] audit: type=1326 audit(1776718693.661:55): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=7711 comm="syz.3.743" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f902d1cc819 code=0x7ffc0000
[  207.978516][   T36] audit: type=1326 audit(1776718693.741:56): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=7711 comm="syz.3.743" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f902d1cc819 code=0x7ffc0000
[  208.093518][   T36] audit: type=1326 audit(1776718693.821:57): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=7711 comm="syz.3.743" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f902d1cc819 code=0x7ffc0000
[  208.154371][ T5920] smsc75xx 1-1:0.184 (unnamed net_device) (uninitialized): Failed to read reg index 0x00000040: -32
[  208.154408][ T5920] smsc75xx 1-1:0.184 (unnamed net_device) (uninitialized): Error reading E2P_CMD
[  208.355957][ T5920] smsc75xx 1-1:0.184 (unnamed net_device) (uninitialized): Failed to read reg index 0x00000014: -71
[  208.355990][ T5920] smsc75xx 1-1:0.184 (unnamed net_device) (uninitialized): Failed to read PMT_CTL: -71
[  208.356010][ T5920] smsc75xx 1-1:0.184 (unnamed net_device) (uninitialized): device not ready in smsc75xx_reset
[  208.356028][ T5920] smsc75xx 1-1:0.184 (unnamed net_device) (uninitialized): smsc75xx_reset error -71
[  208.356348][ T5920] smsc75xx 1-1:0.184: probe with driver smsc75xx failed with error -71
[  208.469963][ T5920] usb 1-1: USB disconnect, device number 7
[  208.844847][ T7731] netlink: 8 bytes leftover after parsing attributes in process `syz.4.750'.
[  208.864827][ T5921] usb 4-1: new high-speed USB device number 7 using dummy_hcd
[  209.021932][ T5921] usb 4-1: Using ep0 maxpacket: 32
[  209.100354][ T5921] usb 4-1: config 0 has an invalid interface number: 12 but max is 0
[  209.100385][ T5921] usb 4-1: config 0 has no interface number 0
[  209.100435][ T5921] usb 4-1: config 0 interface 12 has no altsetting 0
[  209.121299][ T5921] usb 4-1: New USB device found, idVendor=2c42, idProduct=1202, bcdDevice=85.40
[  209.121388][ T5921] usb 4-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  209.121447][ T5921] usb 4-1: Product: syz
[  209.121491][ T5921] usb 4-1: Manufacturer: syz
[  209.121528][ T5921] usb 4-1: SerialNumber: syz
[  209.207129][ T5921] usb 4-1: config 0 descriptor??
[  209.842224][ T5921] f81534 4-1:0.12: f81534_set_register: reg: 1003 data: d8 failed: -71
[  209.842295][ T5921] f81534 4-1:0.12: f81534_find_config_idx: read failed: -71
[  209.842313][ T5921] f81534 4-1:0.12: f81534_calc_num_ports: find idx failed: -71
[  209.842401][ T5921] f81534 4-1:0.12: probe with driver f81534 failed with error -71
[  209.974969][ T5921] usb 4-1: USB disconnect, device number 7
[  210.779925][ T7765] loop7: detected capacity change from 0 to 16384
[  211.102903][ T7773] netlink: 8 bytes leftover after parsing attributes in process `syz.4.768'.
[  211.102936][ T7773] netlink: 'syz.4.768': attribute type 2 has an invalid length.
[  212.544459][   T48] usb 2-1: new high-speed USB device number 10 using dummy_hcd
[  212.693090][   T48] usb 2-1: Using ep0 maxpacket: 32
[  212.695426][   T48] usb 2-1: config 0 has an invalid interface number: 51 but max is 0
[  212.695453][   T48] usb 2-1: config 0 has no interface number 0
[  212.729471][   T48] usb 2-1: New USB device found, idVendor=061d, idProduct=c150, bcdDevice=ce.6f
[  212.729505][   T48] usb 2-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  212.729525][   T48] usb 2-1: Product: syz
[  212.729540][   T48] usb 2-1: Manufacturer: syz
[  212.729555][   T48] usb 2-1: SerialNumber: syz
[  212.782637][   T48] usb 2-1: config 0 descriptor??
[  212.804227][   T48] quatech2 2-1:0.51: Quatech 2nd gen USB to Serial Driver converter detected
[  212.983492][ T7817] Invalid argument reading file caps for ./file0
[  213.268862][   T48] usb 2-1: Quatech 2nd gen USB to Serial Driver converter now attached to ttyUSB0
[  213.269008][    T9] hid-generic 0000:0000:0000.000B: unknown main item tag 0x0
[  213.314263][    T9] hid-generic 0000:0000:0000.000B: hidraw0: <UNKNOWN> HID v0.00 Device [syz1] on syz0
[  213.424142][   T48] usb 2-1: Quatech 2nd gen USB to Serial Driver converter now attached to ttyUSB1
[  213.448439][    C1] usb 2-1: qt2_read_bulk_callback - non-zero urb status: -71
[  213.493197][   T48] usb 2-1: USB disconnect, device number 10
[  213.526526][   T48] quatech-serial ttyUSB0: Quatech 2nd gen USB to Serial Driver converter now disconnected from ttyUSB0
[  213.546928][   T48] quatech-serial ttyUSB1: Quatech 2nd gen USB to Serial Driver converter now disconnected from ttyUSB1
[  213.547883][   T48] quatech2 2-1:0.51: device disconnected
[  214.100425][ T7829] Invalid argument reading file caps for ./file0
[  214.312257][ T7833] netlink: 'syz.1.792': attribute type 2 has an invalid length.
[  214.312280][ T7833] netlink: 'syz.1.792': attribute type 1 has an invalid length.
[  214.312294][ T7833] netlink: 68 bytes leftover after parsing attributes in process `syz.1.792'.
[  214.507851][ T7837] Bluetooth: MGMT ver 1.23
[  215.587984][ T7852] loop8: detected capacity change from 0 to 4
[  215.641483][ T7852] Dev loop8: unable to read RDB block 4
[  215.641529][ T7852]  loop8: unable to read partition table
[  215.641753][ T7852] loop8: partition table beyond EOD, truncated
[  215.641781][ T7852] loop_reread_partitions: partition scan of loop8 (þ被xü—ŸÑà– ) failed (rc=-5)
[  217.562611][  T821] IPVS: starting estimator thread 0...
[  217.571307][ T7898] IPVS: lc: UDP 224.0.0.2:0 - no destination available
[  217.673499][ T7901] IPVS: using max 8 ests per chain, 19200 per kthread
[  218.532622][ T7924] Trying to write to read-only block-device nullb0
[  219.652897][ T5921] usb 3-1: new high-speed USB device number 6 using dummy_hcd
[  219.911433][ T5921] usb 3-1: Using ep0 maxpacket: 8
[  219.918916][ T5921] usb 3-1: config 0 interface 0 altsetting 0 endpoint 0x82 has an invalid bInterval 0, changing to 7
[  219.918967][ T5921] usb 3-1: New USB device found, idVendor=07c0, idProduct=1512, bcdDevice=30.22
[  219.919001][ T5921] usb 3-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  219.974963][ T5921] usb 3-1: config 0 descriptor??
[  220.197123][ T5921] iowarrior 3-1:0.0: IOWarrior product=0x1512, serial= interface=0 now attached to iowarrior0
[  220.324106][  T821] usb 1-1: new full-speed USB device number 8 using dummy_hcd
[  220.476347][  T821] usb 1-1: config 16 interface 0 altsetting 0 endpoint 0x5 has invalid wMaxPacketSize 0
[  220.476378][  T821] usb 1-1: config 16 interface 0 altsetting 0 has 2 endpoint descriptors, different from the interface descriptor's value: 3
[  220.476465][  T821] usb 1-1: New USB device found, idVendor=ee8d, idProduct=db1a, bcdDevice=61.23
[  220.476485][  T821] usb 1-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  220.775935][ T5921] usb 3-1: USB disconnect, device number 6
[  220.827952][  T821] usb 1-1: usb_control_msg returned -32
[  220.828002][  T821] usbtmc 1-1:16.0: can't read capabilities
[  221.056676][ T5880] usb 1-1: USB disconnect, device number 8
[  221.822940][ T5920] usb 4-1: new high-speed USB device number 8 using dummy_hcd
[  221.951966][ T5829] Bluetooth: hci4: unexpected cc 0x0c03 length: 249 > 1
[  221.991688][ T5829] Bluetooth: hci4: unexpected cc 0x1003 length: 249 > 9
[  222.046195][ T5920] usb 4-1: config 2 has an invalid descriptor of length 0, skipping remainder of the config
[  222.048583][ T5920] usb 4-1: New USB device found, idVendor=7a69, idProduct=0001, bcdDevice=a8.6b
[  222.048617][ T5920] usb 4-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  222.048631][ T5920] usb 4-1: Product: syz
[  222.048642][ T5920] usb 4-1: Manufacturer: syz
[  222.048652][ T5920] usb 4-1: SerialNumber: syz
[  222.102420][ T5829] Bluetooth: hci4: unexpected cc 0x1001 length: 249 > 9
[  222.118037][ T5829] Bluetooth: hci4: unexpected cc 0x0c23 length: 249 > 4
[  222.120925][ T5829] Bluetooth: hci4: unexpected cc 0x0c38 length: 249 > 2
[  222.194794][ T5920] usb 4-1: dvb_usb_v2: found a '774 Friio White ISDB-T USB2.0' in warm state
[  222.913160][ T5920] usb 4-1: dvb_usb_v2: will pass the complete MPEG2 transport stream to the software demuxer
[  222.916375][ T5920] dvbdev: DVB: registering new adapter (774 Friio White ISDB-T USB2.0)
[  222.916432][ T5920] usb 4-1: media controller created
[  222.982139][ T5920] dvbdev: dvb_create_media_entity: media entity 'dvb-demux' registered.
[  223.493358][ T5921] usb 2-1: new high-speed USB device number 11 using dummy_hcd
[  223.582043][ T5920] usb 4-1: USB disconnect, device number 8
[  223.588918][ T7986] chnl_net:caif_netlink_parms(): no params data found
[  223.652886][ T5921] usb 2-1: Using ep0 maxpacket: 16
[  223.655586][ T5921] usb 2-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7
[  223.655618][ T5921] usb 2-1: config 0 interface 0 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 9
[  223.655660][ T5921] usb 2-1: New USB device found, idVendor=0566, idProduct=3004, bcdDevice= 0.00
[  223.655683][ T5921] usb 2-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  223.841103][ T5921] usb 2-1: config 0 descriptor??
[  224.152888][ T6092] usb 1-1: new high-speed USB device number 9 using dummy_hcd
[  224.199996][ T7986] bridge0: port 1(bridge_slave_0) entered blocking state
[  224.201697][ T7986] bridge0: port 1(bridge_slave_0) entered disabled state
[  224.201907][ T7986] bridge_slave_0: entered allmulticast mode
[  224.206857][ T7986] bridge_slave_0: entered promiscuous mode
[  224.212608][ T7986] bridge0: port 2(bridge_slave_1) entered blocking state
[  224.213998][ T7986] bridge0: port 2(bridge_slave_1) entered disabled state
[  224.214428][ T7986] bridge_slave_1: entered allmulticast mode
[  224.218981][ T7986] bridge_slave_1: entered promiscuous mode
[  224.299601][ T5835] Bluetooth: hci4: command tx timeout
[  224.302905][ T6092] usb 1-1: Using ep0 maxpacket: 32
[  224.322155][ T6092] usb 1-1: config 0 has an invalid interface number: 119 but max is 0
[  224.322185][ T6092] usb 1-1: config 0 has no interface number 0
[  224.322231][ T6092] usb 1-1: config 0 interface 119 altsetting 0 has an invalid descriptor for endpoint zero, skipping
[  224.322253][ T6092] usb 1-1: config 0 interface 119 altsetting 0 has an endpoint descriptor with address 0xE3, changing to 0x83
[  224.322281][ T6092] usb 1-1: config 0 interface 119 altsetting 0 bulk endpoint 0x83 has invalid maxpacket 27
[  224.322305][ T6092] usb 1-1: config 0 interface 119 altsetting 0 has 2 endpoint descriptors, different from the interface descriptor's value: 1
[  224.386910][ T5921] monterey 0003:0566:3004.000C: unknown main item tag 0x0
[  224.386950][ T5921] monterey 0003:0566:3004.000C: unknown main item tag 0x0
[  224.386979][ T5921] monterey 0003:0566:3004.000C: unknown main item tag 0x0
[  224.387008][ T5921] monterey 0003:0566:3004.000C: unknown main item tag 0x0
[  224.387037][ T5921] monterey 0003:0566:3004.000C: unknown main item tag 0x0
[  224.387065][ T5921] monterey 0003:0566:3004.000C: unknown main item tag 0x0
[  224.387092][ T5921] monterey 0003:0566:3004.000C: unknown main item tag 0x0
[  224.389349][ T5921] monterey 0003:0566:3004.000C: unknown main item tag 0x0
[  224.389385][ T5921] monterey 0003:0566:3004.000C: unknown main item tag 0x0
[  224.389412][ T5921] monterey 0003:0566:3004.000C: unknown main item tag 0x0
[  224.476037][ T5921] monterey 0003:0566:3004.000C: hidraw0: USB HID v0.0b Device [HID 0566:3004] on usb-dummy_hcd.1-1/input0
[  224.480818][ T5921] usb 2-1: USB disconnect, device number 11
[  224.561960][ T6092] usb 1-1: New USB device found, idVendor=05ac, idProduct=0292, bcdDevice=88.73
[  224.561997][ T6092] usb 1-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  224.562012][ T6092] usb 1-1: Product: syz
[  224.562022][ T6092] usb 1-1: Manufacturer: syz
[  224.562033][ T6092] usb 1-1: SerialNumber: syz
[  224.696694][ T7986] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link
[  224.750042][ T8031] overlayfs: failed to create directory ./bus/work (errno: 13); mounting read-only
[  224.750064][ T8031] overlayfs: fs on './cgroup' does not support file handles, falling back to index=off,nfs_export=off.
[  224.777634][ T7986] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link
[  224.851952][ T6092] usb 1-1: config 0 descriptor??
[  224.863945][ T8020] raw-gadget.0 gadget.0: fail, usb_ep_enable returned -22
[  224.948173][ T6092] input: bcm5974 as /devices/platform/dummy_hcd.0/usb1/1-1/1-1:0.119/input/input17
[  225.035335][ T5172] usb 1-1: BOGUS urb xfer, pipe 1 != type 3
[  225.211511][    C1] bcm5974 1-1:0.119: trackpad urb failed: -1
[  225.258298][ T8034] fido_id[8034]: Failed to open report descriptor at '/sys/devices/platform/dummy_hcd.1/usb2/report_descriptor': No such file or directory
[  225.259077][ T6092] usb 1-1: USB disconnect, device number 9
[  225.405771][ T7986] team0: Port device team_slave_0 added
[  225.443161][ T7986] team0: Port device team_slave_1 added
[  226.246196][ T8045] team0: Port device vlan2 added
[  226.280616][ T7986] batman_adv: batadv0: Adding interface: batadv_slave_0
[  226.280636][ T7986] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1532 would solve the problem.
[  226.280663][ T7986] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active
[  226.358275][ T7986] batman_adv: batadv0: Adding interface: batadv_slave_1
[  226.358296][ T7986] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1532 would solve the problem.
[  226.358324][ T7986] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active
[  226.373965][ T5835] Bluetooth: hci4: command tx timeout
[  226.621267][ T7986] hsr_slave_0: entered promiscuous mode
[  226.643671][ T7986] hsr_slave_1: entered promiscuous mode
[  226.649561][ T7986] debugfs: 'hsr0' already exists in 'hsr'
[  226.649591][ T7986] Cannot create hsr debugfs directory
[  226.723680][ T8056] netlink: 8 bytes leftover after parsing attributes in process `syz.1.881'.
[  227.412968][ T5835] Bluetooth: hci1: command 0x0406 tx timeout
[  227.429187][ T5836] Bluetooth: hci3: command 0x0406 tx timeout
[  227.432595][ T5829] Bluetooth: hci2: command 0x0406 tx timeout
[  228.452872][   T59] Bluetooth: hci4: command tx timeout
[  228.846927][ T8100] netlink: 8 bytes leftover after parsing attributes in process `syz.0.900'.
[  228.951583][ T8100] ip6gre1: entered promiscuous mode
[  228.951603][ T8100] ip6gre1: entered allmulticast mode
[  229.676769][ T8120] netlink: 236 bytes leftover after parsing attributes in process `syz.1.908'.
[  229.676797][ T8120] netlink: 236 bytes leftover after parsing attributes in process `syz.1.908'.
[  229.843110][  T276] ip6_tunnel: ip6gre1 xmit: Local address not yet configured!
[  229.843432][  T276] ip6_tunnel: ip6gre1 xmit: Local address not yet configured!
[  229.863156][ T5921] ip6_tunnel: ip6gre1 xmit: Local address not yet configured!
[  229.912372][ T7986] netdevsim netdevsim5 netdevsim0: renamed from eth0
[  230.164752][ T7986] 8021q: adding VLAN 0 to HW filter on device netdevsim0
[  230.170193][ T7986] netdevsim netdevsim5 netdevsim1: renamed from eth1
[  230.324872][ T7986] 8021q: adding VLAN 0 to HW filter on device netdevsim1
[  230.341028][ T7986] netdevsim netdevsim5 netdevsim2: renamed from eth2
[  230.392979][ T5921] ip6_tunnel: ip6gre1 xmit: Local address not yet configured!
[  230.533108][   T59] Bluetooth: hci4: command tx timeout
[  230.533323][ T5921] ip6_tunnel: ip6gre1 xmit: Local address not yet configured!
[  230.536452][ T7986] 8021q: adding VLAN 0 to HW filter on device netdevsim2
[  230.735622][ T7986] netdevsim netdevsim5 netdevsim3: renamed from eth3
[  230.828043][ T7986] 8021q: adding VLAN 0 to HW filter on device netdevsim3
[  231.446524][ T8144] IPVS: Scheduler module ip_vs_sip not found
[  231.718799][ T7986] 8021q: adding VLAN 0 to HW filter on device bond0
[  232.020990][ T7986] 8021q: adding VLAN 0 to HW filter on device team0
[  232.130286][ T1029] bridge0: port 1(bridge_slave_0) entered blocking state
[  232.130432][ T1029] bridge0: port 1(bridge_slave_0) entered forwarding state
[  232.213522][ T6092] usb 2-1: new high-speed USB device number 12 using dummy_hcd
[  232.285101][  T276] bridge0: port 2(bridge_slave_1) entered blocking state
[  232.285241][  T276] bridge0: port 2(bridge_slave_1) entered forwarding state
[  232.365877][ T6092] usb 2-1: config 1 has an invalid descriptor of length 0, skipping remainder of the config
[  232.365907][ T6092] usb 2-1: config 1 has 1 interface, different from the descriptor's value: 3
[  232.368243][ T6092] usb 2-1: New USB device found, idVendor=08b7, idProduct=0000, bcdDevice= 0.00
[  232.368273][ T6092] usb 2-1: New USB device strings: Mfr=0, Product=0, SerialNumber=67
[  232.368294][ T6092] usb 2-1: SerialNumber: syz
[  232.676032][ T6092] usb 2-1: 0:2 : does not exist
[  232.807433][ T8170] tmpfs: Bad value for 'gid'
[  232.807456][ T8170] tmpfs: Bad value for 'gid'
[  232.876201][ T8170] overlay: Unknown parameter 'func'
[  232.956597][ T6092] usb 2-1: USB disconnect, device number 12
[  233.502908][    C0] ip6_tunnel: ip6gre1 xmit: Local address not yet configured!
[  233.609161][ T5934] udevd[5934]: error opening ATTR{/sys/devices/platform/dummy_hcd.1/usb2/2-1/2-1:1.0/sound/card3/controlC3/../uevent} for writing: No such file or directory
[  233.937278][ T8192] netlink: 104 bytes leftover after parsing attributes in process `syz.0.937'.
[  234.015098][ T8191] netlink: 8 bytes leftover after parsing attributes in process `syz.1.936'.
[  234.194228][ T7986] 8021q: adding VLAN 0 to HW filter on device batadv0
[  234.352791][ T6092] usb 1-1: new high-speed USB device number 10 using dummy_hcd
[  234.505064][ T6092] usb 1-1: config 1 interface 0 altsetting 0 has 2 endpoint descriptors, different from the interface descriptor's value: 18
[  234.506554][ T6092] usb 1-1: New USB device found, idVendor=0525, idProduct=a4a1, bcdDevice= 0.40
[  234.506583][ T6092] usb 1-1: New USB device strings: Mfr=0, Product=0, SerialNumber=1
[  234.506602][ T6092] usb 1-1: SerialNumber: syz
[  235.843160][ T6092] cdc_ether 1-1:1.0 usb0: register 'cdc_ether' at usb-dummy_hcd.0-1, CDC Ethernet Device, 42:42:42:42:42:42
[  235.883341][ T6092] usb 1-1: USB disconnect, device number 10
[  235.888584][ T6092] cdc_ether 1-1:1.0 usb0: unregister 'cdc_ether' usb-dummy_hcd.0-1, CDC Ethernet Device
[  236.551593][ T7986] veth0_vlan: entered promiscuous mode
[  236.610952][ T7986] veth1_vlan: entered promiscuous mode
[  236.799153][ T7986] veth0_macvtap: entered promiscuous mode
[  236.836921][ T7986] veth1_macvtap: entered promiscuous mode
[  236.895528][ T7986] batman_adv: batadv0: Interface activated: batadv_slave_0
[  237.056328][ T7986] batman_adv: batadv0: Interface activated: batadv_slave_1
[  237.097492][   T12] netdevsim netdevsim5 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0
[  237.115510][ T1471] netdevsim netdevsim5 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0
[  237.132908][ T1471] netdevsim netdevsim5 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0
[  237.133753][ T1471] netdevsim netdevsim5 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0
[  237.437474][ T8238] iommufd_mock iommufd_mock0: Adding to iommu group 0
[  238.566842][ T8254] binder: 8249:8254 ioctl c0306201 200000000480 returned -14
[  238.674531][ T8255] geneve2: entered promiscuous mode
[  238.674560][ T8255] geneve2: entered allmulticast mode
[  239.284126][   T42] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[  239.284151][   T42] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50
[  239.685080][  T276] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[  239.685105][  T276] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50
[  239.737027][ T8281] pim6reg: entered allmulticast mode
[  239.837657][ T8281] pim6reg: left allmulticast mode
[  240.701009][    C0] ip6_tunnel: ip6gre1 xmit: Local address not yet configured!
[  241.950048][ T8312] mmap: syz.3.986 (8312) uses deprecated remap_file_pages() syscall. See Documentation/mm/remap_file_pages.rst.
[  243.313739][   T10] usb 4-1: new high-speed USB device number 9 using dummy_hcd
[  243.472785][   T10] usb 4-1: Using ep0 maxpacket: 32
[  243.478767][   T10] usb 4-1: New USB device found, idVendor=055f, idProduct=d001, bcdDevice=88.92
[  243.478798][   T10] usb 4-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  243.764878][   T10] gspca_main: nw80x-2.14.0 probing 055f:d001
[  244.421137][ T5137] Bluetooth: hci2: unexpected cc 0x0c03 length: 249 > 1
[  244.480824][ T5137] Bluetooth: hci2: unexpected cc 0x1003 length: 249 > 9
[  244.513257][ T5137] Bluetooth: hci2: unexpected cc 0x1001 length: 249 > 9
[  244.514786][ T5137] Bluetooth: hci2: unexpected cc 0x0c23 length: 249 > 4
[  244.555900][ T5137] Bluetooth: hci2: unexpected cc 0x0c38 length: 249 > 2
[  244.825893][   T10] gspca_nw80x: reg_w err -71
[  244.825996][   T10] nw80x 4-1:3.0: probe with driver nw80x failed with error -71
[  245.025982][   T10] usb 4-1: USB disconnect, device number 9
[  245.466513][   T36] kauditd_printk_skb: 23 callbacks suppressed
[  245.466532][   T36] audit: type=1326 audit(1776718731.241:81): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=8347 comm="syz.0.1002" exe="/root/syz-executor" sig=9 arch=c000003e syscall=231 compat=0 ip=0x7f5b3a2bc819 code=0x0
[  245.906368][ T8358] tipc: Started in network mode
[  245.906391][ T8358] tipc: Node identity 4004, cluster identity 4711
[  245.906404][ T8358] tipc: Node number set to 16388
[  246.773595][ T8333] chnl_net:caif_netlink_parms(): no params data found
[  247.096102][   T59] Bluetooth: hci2: command tx timeout
[  247.135654][ T8333] bridge0: port 1(bridge_slave_0) entered blocking state
[  247.135898][ T8333] bridge0: port 1(bridge_slave_0) entered disabled state
[  247.136465][ T8333] bridge_slave_0: entered allmulticast mode
[  247.139280][ T8333] bridge_slave_0: entered promiscuous mode
[  247.146844][ T8333] bridge0: port 2(bridge_slave_1) entered blocking state
[  247.148581][ T8333] bridge0: port 2(bridge_slave_1) entered disabled state
[  247.149234][ T8333] bridge_slave_1: entered allmulticast mode
[  247.157558][ T8333] bridge_slave_1: entered promiscuous mode
[  247.409322][ T8333] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link
[  247.450098][ T8333] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link
[  247.585264][   T10] usb 2-1: new high-speed USB device number 13 using dummy_hcd
[  247.649743][ T8333] team0: Port device team_slave_0 added
[  247.703187][ T8333] team0: Port device team_slave_1 added
[  247.733946][   T10] usb 2-1: Using ep0 maxpacket: 8
[  247.738202][   T10] usb 2-1: config index 0 descriptor too short (expected 301, got 45)
[  247.738260][   T10] usb 2-1: config 16 interface 0 altsetting 0 endpoint 0x5 has invalid wMaxPacketSize 0
[  247.738284][   T10] usb 2-1: config 16 interface 0 altsetting 0 bulk endpoint 0x5 has invalid maxpacket 0
[  247.738310][   T10] usb 2-1: config 16 interface 0 altsetting 0 bulk endpoint 0x8B has invalid maxpacket 32
[  247.738334][   T10] usb 2-1: config 16 interface 0 altsetting 0 has 2 endpoint descriptors, different from the interface descriptor's value: 3
[  247.738375][   T10] usb 2-1: New USB device found, idVendor=ee8d, idProduct=db1e, bcdDevice=61.23
[  247.738398][   T10] usb 2-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  248.092988][ T8333] batman_adv: batadv0: Adding interface: batadv_slave_0
[  248.093007][ T8333] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1532 would solve the problem.
[  248.093034][ T8333] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active
[  248.100359][ T8333] batman_adv: batadv0: Adding interface: batadv_slave_1
[  248.100379][ T8333] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1532 would solve the problem.
[  248.100408][ T8333] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active
[  248.203994][   T10] usb 2-1: usb_control_msg returned -32
[  248.204054][   T10] usbtmc 2-1:16.0: can't read capabilities
[  248.417012][ T8391] usbtmc 2-1:16.0: send_request_dev_dep_msg_in returned -90
[  248.522292][   T10] usb 2-1: USB disconnect, device number 13
[  248.651959][ T8333] hsr_slave_0: entered promiscuous mode
[  248.676300][ T8333] hsr_slave_1: entered promiscuous mode
[  248.688666][ T8333] debugfs: 'hsr0' already exists in 'hsr'
[  248.688696][ T8333] Cannot create hsr debugfs directory
[  249.174312][   T59] Bluetooth: hci2: command tx timeout
[  250.987344][ T5880] usb 2-1: new high-speed USB device number 14 using dummy_hcd
[  251.184779][ T5880] usb 2-1: Using ep0 maxpacket: 32
[  251.187534][ T5880] usb 2-1: config 0 has an invalid interface number: 51 but max is 0
[  251.187562][ T5880] usb 2-1: config 0 has no interface number 0
[  251.262924][   T59] Bluetooth: hci2: command tx timeout
[  251.292528][ T5880] usb 2-1: New USB device found, idVendor=061d, idProduct=c150, bcdDevice=ce.6f
[  251.292562][ T5880] usb 2-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  251.292583][ T5880] usb 2-1: Product: syz
[  251.292597][ T5880] usb 2-1: Manufacturer: syz
[  251.292611][ T5880] usb 2-1: SerialNumber: syz
[  251.411653][ T5880] usb 2-1: config 0 descriptor??
[  251.459927][ T5880] quatech2 2-1:0.51: Quatech 2nd gen USB to Serial Driver converter detected
[  251.730206][ T5880] usb 2-1: Quatech 2nd gen USB to Serial Driver converter now attached to ttyUSB0
[  251.877158][ T5880] usb 2-1: Quatech 2nd gen USB to Serial Driver converter now attached to ttyUSB1
[  252.081522][  T821] usb 4-1: new high-speed USB device number 10 using dummy_hcd
[  252.125873][    C0] usb 2-1: qt2_read_bulk_callback - non-zero urb status: -71
[  252.128406][ T5832] usb 2-1: USB disconnect, device number 14
[  252.282899][  T821] usb 4-1: Using ep0 maxpacket: 16
[  252.285920][  T821] usb 4-1: config 0 interface 0 altsetting 2 endpoint 0x81 has an invalid bInterval 0, changing to 7
[  252.285953][  T821] usb 4-1: config 0 interface 0 altsetting 2 endpoint 0x81 has invalid wMaxPacketSize 0
[  252.285976][  T821] usb 4-1: config 0 interface 0 has no altsetting 0
[  252.286010][  T821] usb 4-1: New USB device found, idVendor=056a, idProduct=0331, bcdDevice= 0.00
[  252.286035][  T821] usb 4-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  252.301920][ T5832] quatech-serial ttyUSB0: Quatech 2nd gen USB to Serial Driver converter now disconnected from ttyUSB0
[  252.415222][  T821] usb 4-1: config 0 descriptor??
[  252.539554][ T8333] netdevsim netdevsim6 netdevsim0: renamed from eth0
[  252.540611][ T5832] quatech-serial ttyUSB1: Quatech 2nd gen USB to Serial Driver converter now disconnected from ttyUSB1
[  252.567768][ T5832] quatech2 2-1:0.51: device disconnected
[  252.622166][ T8450] netlink: 28 bytes leftover after parsing attributes in process `syz.5.1038'.
[  252.687416][ T8333] 8021q: adding VLAN 0 to HW filter on device netdevsim0
[  252.689411][ T8333] netdevsim netdevsim6 netdevsim1: renamed from eth1
[  252.841463][ T8333] 8021q: adding VLAN 0 to HW filter on device netdevsim1
[  252.850359][ T8333] netdevsim netdevsim6 netdevsim2: renamed from eth2
[  252.910001][  T821] hid (null): global environment stack underflow
[  252.910057][  T821] hid (null): global environment stack underflow
[  252.910105][  T821] hid (null): report_id 0 is invalid
[  252.910449][  T821] hid (null): global environment stack underflow
[  252.910505][  T821] hid (null): report_id 0 is invalid
[  252.910544][  T821] hid (null): report_id 0 is invalid
[  252.910592][  T821] hid (null): global environment stack underflow
[  253.012003][ T8333] 8021q: adding VLAN 0 to HW filter on device netdevsim2
[  253.020974][ T8333] netdevsim netdevsim6 netdevsim3: renamed from eth3
[  253.131584][  T821] usb 4-1: USB disconnect, device number 10
[  253.155992][ T8333] 8021q: adding VLAN 0 to HW filter on device netdevsim3
[  253.334552][   T59] Bluetooth: hci2: command tx timeout
[  253.600023][ T8333] 8021q: adding VLAN 0 to HW filter on device bond0
[  253.711137][ T8333] 8021q: adding VLAN 0 to HW filter on device team0
[  253.755439][ T1402] bridge0: port 1(bridge_slave_0) entered blocking state
[  253.755793][ T1402] bridge0: port 1(bridge_slave_0) entered forwarding state
[  253.814206][   T12] bridge0: port 2(bridge_slave_1) entered blocking state
[  253.814333][   T12] bridge0: port 2(bridge_slave_1) entered forwarding state
[  254.650055][ T5920] usb 2-1: new high-speed USB device number 15 using dummy_hcd
[  254.822828][ T5920] usb 2-1: Using ep0 maxpacket: 32
[  254.828009][ T5920] usb 2-1: config 4 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7
[  254.828045][ T5920] usb 2-1: config 4 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0
[  254.840127][ T5920] usb 2-1: New USB device found, idVendor=046d, idProduct=c314, bcdDevice= 0.40
[  254.840158][ T5920] usb 2-1: New USB device strings: Mfr=255, Product=255, SerialNumber=0
[  254.840180][ T5920] usb 2-1: Product: syz
[  254.840194][ T5920] usb 2-1: Manufacturer: syz
[  254.907154][ T5920] hub 2-1:4.0: USB hub found
[  255.147393][ T5920] hub 2-1:4.0: 2 ports detected
[  255.422919][    C0] ip6_tunnel: ip6gre1 xmit: Local address not yet configured!
[  255.686895][ T8333] 8021q: adding VLAN 0 to HW filter on device batadv0
[  255.856802][ T5920] hub 2-1:4.0: set hub depth failed
[  255.877053][ T5920] usb 2-1: USB disconnect, device number 15
[  256.040184][ T5934] udevd[5934]: setting mode of /dev/bus/usb/002/015 to 020664 failed: No such file or directory
[  256.040378][ T5934] udevd[5934]: setting owner of /dev/bus/usb/002/015 to uid=0, gid=0 failed: No such file or directory
[  256.064451][ T1337] ieee802154 phy0 wpan0: encryption failed: -22
[  256.064528][ T1337] ieee802154 phy1 wpan1: encryption failed: -22
[  257.261957][ T8333] veth0_vlan: entered promiscuous mode
[  257.320036][ T8333] veth1_vlan: entered promiscuous mode
[  257.676309][ T8333] veth0_macvtap: entered promiscuous mode
[  257.756554][ T8520] ceph: No mds server is up or the cluster is laggy
[  257.794815][ T8333] veth1_macvtap: entered promiscuous mode
[  257.928074][ T8333] batman_adv: batadv0: Interface activated: batadv_slave_0
[  258.017839][ T8333] batman_adv: batadv0: Interface activated: batadv_slave_1
[  258.109055][  T152] netdevsim netdevsim6 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0
[  258.109279][  T152] netdevsim netdevsim6 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0
[  258.109319][  T152] netdevsim netdevsim6 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0
[  258.109356][  T152] netdevsim netdevsim6 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0
[  260.195962][ T1471] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[  260.195987][ T1471] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50
[  260.599981][   T13] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[  260.600006][   T13] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50
[  261.105662][ T8556] netlink: 20 bytes leftover after parsing attributes in process `syz.0.1074'.
[  261.219811][ T8556] netlink: 20 bytes leftover after parsing attributes in process `syz.0.1074'.
[  263.802802][ T5832] usb 4-1: new high-speed USB device number 11 using dummy_hcd
[  263.953041][ T5832] usb 4-1: Using ep0 maxpacket: 16
[  263.958954][ T5832] usb 4-1: config 0 interface 0 altsetting 0 has an endpoint descriptor with address 0xF3, changing to 0x83
[  263.958990][ T5832] usb 4-1: config 0 interface 0 altsetting 0 endpoint 0x83 has an invalid bInterval 0, changing to 7
[  264.048764][ T8630] netlink: 'syz.1.1097': attribute type 8 has an invalid length.
[  264.048784][ T8630] netlink: 4 bytes leftover after parsing attributes in process `syz.1.1097'.
[  264.078238][ T8630] bond0: entered promiscuous mode
[  264.078261][ T8630] bond_slave_0: entered promiscuous mode
[  264.078454][ T8630] bond_slave_1: entered promiscuous mode
[  264.084276][ T5832] usb 4-1: New USB device found, idVendor=2040, idProduct=0264, bcdDevice=4e.d1
[  264.084358][ T5832] usb 4-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  264.084415][ T5832] usb 4-1: Product: syz
[  264.084452][ T5832] usb 4-1: Manufacturer: syz
[  264.084497][ T5832] usb 4-1: SerialNumber: syz
[  264.172625][ T5832] usb 4-1: config 0 descriptor??
[  264.217516][ T5832] em28xx 4-1:0.0: New device syz syz @ 480 Mbps (2040:0264, interface 0, class 0)
[  264.217554][ T5832] em28xx 4-1:0.0: Audio interface 0 found (Vendor Class)
[  264.276487][ T8630] gretap0: entered promiscuous mode
[  264.356029][ T8630] bridge0: entered promiscuous mode
[  264.453820][ T8630] hsr1: entered promiscuous mode
[  264.789611][ T5832] em28xx 4-1:0.0: unknown em28xx chip ID (0)
[  264.790954][ T5832] em28xx 4-1:0.0: Config register raw data: 0x5e
[  264.817673][ T8643] tipc: Can't bind to reserved service type 1
[  264.824456][   T36] audit: type=1326 audit(1776718750.601:82): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=8639 comm="syz.1.1101" exe="/root/syz-executor" sig=9 arch=c000003e syscall=231 compat=0 ip=0x7f0e0442c819 code=0x0
[  265.007138][ T5832] em28xx 4-1:0.0: AC97 chip type couldn't be determined
[  265.007162][ T5832] em28xx 4-1:0.0: No AC97 audio processor
[  265.145984][ T5832] usb 4-1: USB disconnect, device number 11
[  265.170111][ T5832] em28xx 4-1:0.0: Disconnecting em28xx
[  265.702573][ T5832] em28xx 4-1:0.0: Freeing device
[  266.235315][ T5880] usb 7-1: new high-speed USB device number 2 using dummy_hcd
[  266.392820][ T5880] usb 7-1: Using ep0 maxpacket: 8
[  266.413251][ T5880] usb 7-1: config 0 interface 0 altsetting 2 endpoint 0x2 has invalid maxpacket 26632, setting to 64
[  266.413288][ T5880] usb 7-1: config 0 interface 0 has no altsetting 0
[  266.416314][ T5880] usb 7-1: New USB device found, idVendor=0e41, idProduct=4142, bcdDevice=d4.6e
[  266.416351][ T5880] usb 7-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  266.416373][ T5880] usb 7-1: Product: syz
[  266.416388][ T5880] usb 7-1: Manufacturer: syz
[  266.416403][ T5880] usb 7-1: SerialNumber: syz
[  266.499330][ T5880] usb 7-1: config 0 descriptor??
[  266.695986][ T5880] snd_usb_toneport 7-1:0.0: Line 6 TonePort UX2 found
[  266.821195][ T5880] snd_usb_toneport 7-1:0.0: Line 6 TonePort UX2 now disconnected
[  266.846933][ T5880] snd_usb_toneport 7-1:0.0: probe with driver snd_usb_toneport failed with error -22
[  266.999766][   T48] usb 7-1: USB disconnect, device number 2
[  268.749849][ T8727] netlink: 8 bytes leftover after parsing attributes in process `syz.0.1126'.
[  268.961113][ T8728] syzkaller1: entered promiscuous mode
[  268.961142][ T8728] syzkaller1: entered allmulticast mode
[  269.235174][ T8733] netlink: 4 bytes leftover after parsing attributes in process `syz.1.1128'.
[  271.285297][ T8772] input: syz1 as /devices/virtual/input/input18
[  271.913017][   T48] usb 7-1: new high-speed USB device number 3 using dummy_hcd
[  272.096849][   T48] usb 7-1: config 1 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7
[  272.096903][   T48] usb 7-1: config 1 interface 1 altsetting 1 endpoint 0x3 has invalid wMaxPacketSize 0
[  272.099361][   T48] usb 7-1: New USB device found, idVendor=0525, idProduct=a4a1, bcdDevice= 0.40
[  272.099389][   T48] usb 7-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  272.099406][   T48] usb 7-1: Product: syz
[  272.099418][   T48] usb 7-1: Manufacturer: syz
[  272.099431][   T48] usb 7-1: SerialNumber: syz
[  272.832912][    T9] usb 6-1: new high-speed USB device number 2 using dummy_hcd
[  272.985173][    T9] usb 6-1: Using ep0 maxpacket: 16
[  272.987806][    T9] usb 6-1: New USB device found, idVendor=0471, idProduct=0327, bcdDevice=61.a4
[  272.987836][    T9] usb 6-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  273.085469][    T9] usb 6-1: config 0 descriptor??
[  273.196895][    T9] gspca_main: sonixj-2.14.0 probing 0471:0327
[  273.277668][   T48] cdc_ncm 7-1:1.0: bind() failure
[  273.325189][   T48] cdc_ncm 7-1:1.1: probe with driver cdc_ncm failed with error -71
[  273.326516][   T48] cdc_mbim 7-1:1.1: probe with driver cdc_mbim failed with error -71
[  273.329397][   T48] usbtest 7-1:1.1: probe with driver usbtest failed with error -71
[  273.374556][   T48] usb 7-1: USB disconnect, device number 3
[  274.370783][    T9] gspca_sonixj: reg_w1 err -71
[  274.383267][    T9] sonixj 6-1:0.0: probe with driver sonixj failed with error -71
[  274.415709][    T9] usb 6-1: USB disconnect, device number 2
[  274.844639][ T8840] netlink: 4 bytes leftover after parsing attributes in process `syz.0.1176'.
[  275.917754][ T8864] dvmrp6: entered allmulticast mode
[  276.003879][ T5137] Bluetooth: hci1: unexpected cc 0x0c03 length: 249 > 1
[  276.025733][ T5137] Bluetooth: hci1: unexpected cc 0x1003 length: 249 > 9
[  276.071272][ T5137] Bluetooth: hci1: unexpected cc 0x1001 length: 249 > 9
[  276.092455][ T5137] Bluetooth: hci1: unexpected cc 0x0c23 length: 249 > 4
[  276.107979][ T5137] Bluetooth: hci1: unexpected cc 0x0c38 length: 249 > 2
[  276.917172][   T36] audit: type=1326 audit(1776718762.681:83): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=8886 comm="syz.0.1196" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f5b3a2bc819 code=0x7ffc0000
[  276.948192][   T36] audit: type=1326 audit(1776718762.691:84): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=8886 comm="syz.0.1196" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f5b3a2bc819 code=0x7ffc0000
[  276.948253][   T36] audit: type=1326 audit(1776718762.691:85): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=8886 comm="syz.0.1196" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f5b3a2bc819 code=0x7ffc0000
[  276.948406][   T36] audit: type=1326 audit(1776718762.691:86): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=8886 comm="syz.0.1196" exe="/root/syz-executor" sig=0 arch=c000003e syscall=250 compat=0 ip=0x7f5b3a2bc819 code=0x7ffc0000
[  276.948910][   T36] audit: type=1326 audit(1776718762.721:87): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=8886 comm="syz.0.1196" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f5b3a2bc819 code=0x7ffc0000
[  276.951088][   T36] audit: type=1326 audit(1776718762.721:88): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=8886 comm="syz.0.1196" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f5b3a2bc819 code=0x7ffc0000
[  276.951145][   T36] audit: type=1326 audit(1776718762.721:89): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=8886 comm="syz.0.1196" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f5b3a2bc819 code=0x7ffc0000
[  276.958230][   T36] audit: type=1326 audit(1776718762.731:90): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=8886 comm="syz.0.1196" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f5b3a2bc819 code=0x7ffc0000
[  276.958286][   T36] audit: type=1326 audit(1776718762.731:91): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=8886 comm="syz.0.1196" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f5b3a2bc819 code=0x7ffc0000
[  276.975698][   T36] audit: type=1326 audit(1776718762.751:92): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=8886 comm="syz.0.1196" exe="/root/syz-executor" sig=0 arch=c000003e syscall=65 compat=0 ip=0x7f5b3a2bc819 code=0x7ffc0000
[  277.203455][ T8889] netlink: 'syz.5.1197': attribute type 1 has an invalid length.
[  277.555738][ T8889] 8021q: adding VLAN 0 to HW filter on device bond1
[  277.730758][ T8891] bond1: (slave ip6gretap1): making interface the new active one
[  277.787608][ T8891] bond1: (slave ip6gretap1): Enslaving as an active interface with an up link
[  278.298346][   T59] Bluetooth: hci1: command tx timeout
[  278.712842][ T5824] usb 6-1: new low-speed USB device number 3 using dummy_hcd
[  278.772846][ T5920] usb 7-1: new high-speed USB device number 4 using dummy_hcd
[  278.869912][ T5824] usb 6-1: config index 0 descriptor too short (expected 6427, got 27)
[  278.869943][ T5824] usb 6-1: config 0 has an invalid interface number: 21 but max is 0
[  278.869963][ T5824] usb 6-1: config 0 has no interface number 0
[  278.870001][ T5824] usb 6-1: config 0 interface 21 altsetting 0 endpoint 0x82 is Bulk; changing to Interrupt
[  278.870020][ T5824] usb 6-1: config 0 interface 21 altsetting 0 endpoint 0x82 has invalid wMaxPacketSize 0
[  278.870054][ T5824] usb 6-1: New USB device found, idVendor=06cd, idProduct=0202, bcdDevice=92.d4
[  278.870075][ T5824] usb 6-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  278.954075][ T5824] usb 6-1: config 0 descriptor??
[  279.098408][ T5920] usb 7-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7
[  279.098445][ T5920] usb 7-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0
[  279.098485][ T5920] usb 7-1: New USB device found, idVendor=054c, idProduct=0df2, bcdDevice=d6.af
[  279.098507][ T5920] usb 7-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  279.158805][ T5920] usb 7-1: config 0 descriptor??
[  279.487445][ T8868] chnl_net:caif_netlink_parms(): no params data found
[  279.607242][ T5824] input: USB Keyspan Remote 06cd:0202 as /devices/platform/dummy_hcd.5/usb6/6-1/6-1:0.21/input/input19
[  279.697978][ T5920] hid_parser_main: 26 callbacks suppressed
[  279.698004][ T5920] playstation 0003:054C:0DF2.000E: unknown main item tag 0x0
[  279.698038][ T5920] playstation 0003:054C:0DF2.000E: unknown main item tag 0x0
[  279.698068][ T5920] playstation 0003:054C:0DF2.000E: unknown main item tag 0x0
[  279.698113][ T5920] playstation 0003:054C:0DF2.000E: unknown main item tag 0x0
[  279.698149][ T5920] playstation 0003:054C:0DF2.000E: unknown main item tag 0x0
[  279.855378][ T5824] input: failed to attach handler kbd to device input19, error: -5
[  279.877493][ T5920] playstation 0003:054C:0DF2.000E: hidraw0: USB HID v1.01 Device [HID 054c:0df2] on usb-dummy_hcd.6-1/input0
[  280.372878][   T59] Bluetooth: hci1: command tx timeout
[  280.373065][ T5920] playstation 0003:054C:0DF2.000E: Failed to retrieve feature with reportID 5: -71
[  280.373098][ T5920] playstation 0003:054C:0DF2.000E: Failed to retrieve DualSense calibration info: -71
[  280.373151][ T5920] playstation 0003:054C:0DF2.000E: Failed to get calibration data from DualSense
[  280.373188][ T5920] playstation 0003:054C:0DF2.000E: Failed to create dualsense.
[  280.594556][ T5920] playstation 0003:054C:0DF2.000E: probe with driver playstation failed with error -71
[  280.853181][ T5920] usb 7-1: USB disconnect, device number 4
[  281.131677][ T5824] usb 6-1: USB disconnect, device number 3
[  281.477895][ T8868] bridge0: port 1(bridge_slave_0) entered blocking state
[  281.478243][ T8868] bridge0: port 1(bridge_slave_0) entered disabled state
[  281.478455][ T8868] bridge_slave_0: entered allmulticast mode
[  281.481412][ T8868] bridge_slave_0: entered promiscuous mode
[  281.515303][ T8868] bridge0: port 2(bridge_slave_1) entered blocking state
[  281.516898][ T8868] bridge0: port 2(bridge_slave_1) entered disabled state
[  281.517153][ T8868] bridge_slave_1: entered allmulticast mode
[  281.606941][ T8868] bridge_slave_1: entered promiscuous mode
[  281.662840][ T5832] usb 7-1: new high-speed USB device number 5 using dummy_hcd
[  281.813127][ T5832] usb 7-1: Using ep0 maxpacket: 32
[  281.818158][ T5832] usb 7-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7
[  281.818193][ T5832] usb 7-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0
[  281.818232][ T5832] usb 7-1: New USB device found, idVendor=046d, idProduct=c31c, bcdDevice= 0.40
[  281.818256][ T5832] usb 7-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  281.902391][ T5832] usb 7-1: config 0 descriptor??
[  281.931586][ T5832] hub 7-1:0.0: USB hub found
[  282.016431][ T8868] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link
[  282.113809][ T8868] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link
[  282.166958][ T5832] hub 7-1:0.0: config failed, can't read hub descriptor (err -22)
[  282.378566][ T8868] team0: Port device team_slave_0 added
[  282.414025][ T5832] hid-generic 0003:046D:C31C.000F: item fetching failed at offset 0/1
[  282.414740][ T5832] hid-generic 0003:046D:C31C.000F: probe with driver hid-generic failed with error -22
[  282.441312][ T8868] team0: Port device team_slave_1 added
[  282.453243][ T5137] Bluetooth: hci1: command tx timeout
[  282.714732][   T48] usb 7-1: USB disconnect, device number 5
[  282.898509][ T8868] batman_adv: batadv0: Adding interface: batadv_slave_0
[  282.898530][ T8868] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1532 would solve the problem.
[  282.898561][ T8868] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active
[  282.966181][ T8868] batman_adv: batadv0: Adding interface: batadv_slave_1
[  282.966200][ T8868] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1532 would solve the problem.
[  282.966230][ T8868] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active
[  283.104786][ T8868] hsr_slave_0: entered promiscuous mode
[  283.106309][ T8868] hsr_slave_1: entered promiscuous mode
[  283.107278][ T8868] debugfs: 'hsr0' already exists in 'hsr'
[  283.107304][ T8868] Cannot create hsr debugfs directory
[  284.213261][    C0] ip6_tunnel: ip6gre1 xmit: Local address not yet configured!
[  284.370347][ T8978] dummy0: entered allmulticast mode
[  284.450517][ T8974] dummy0: left allmulticast mode
[  284.538184][ T5137] Bluetooth: hci1: command tx timeout
[  284.955336][ T5880] usb 6-1: new high-speed USB device number 4 using dummy_hcd
[  285.103585][ T5880] usb 6-1: Using ep0 maxpacket: 32
[  285.119726][ T5880] usb 6-1: config index 0 descriptor too short (expected 29220, got 36)
[  285.119756][ T5880] usb 6-1: config 0 has too many interfaces: 81, using maximum allowed: 32
[  285.119778][ T5880] usb 6-1: config 0 has 1 interface, different from the descriptor's value: 81
[  285.119851][ T5880] usb 6-1: config 0 interface 0 altsetting 0 endpoint 0x1 has invalid wMaxPacketSize 0
[  285.119876][ T5880] usb 6-1: config 0 interface 0 altsetting 0 bulk endpoint 0x1 has invalid maxpacket 0
[  285.119902][ T5880] usb 6-1: config 0 interface 0 altsetting 0 has 2 endpoint descriptors, different from the interface descriptor's value: 18
[  285.119947][ T5880] usb 6-1: New USB device found, idVendor=03f0, idProduct=6c17, bcdDevice= 0.40
[  285.119972][ T5880] usb 6-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  285.221697][ T5880] usb 6-1: config 0 descriptor??
[  285.461334][ T5880] usblp 6-1:0.0: usblp0: USB Bidirectional printer dev 4 if 0 alt 0 proto 3 vid 0x03F0 pid 0x6C17
[  285.564523][ T5880] usb 6-1: USB disconnect, device number 4
[  285.641596][ T5880] usblp0: removed
[  286.094917][ T5880] usb 6-1: new high-speed USB device number 5 using dummy_hcd
[  286.158707][ T8868] netdevsim netdevsim7 netdevsim0: renamed from eth0
[  286.191818][ T8868] 8021q: adding VLAN 0 to HW filter on device netdevsim0
[  286.200916][ T8868] netdevsim netdevsim7 netdevsim1: renamed from eth1
[  286.252923][ T5880] usb 6-1: Using ep0 maxpacket: 32
[  286.255250][ T5880] usb 6-1: config index 0 descriptor too short (expected 29220, got 36)
[  286.255278][ T5880] usb 6-1: config 0 has too many interfaces: 81, using maximum allowed: 32
[  286.255301][ T5880] usb 6-1: config 0 has 1 interface, different from the descriptor's value: 81
[  286.255353][ T5880] usb 6-1: config 0 interface 0 altsetting 0 endpoint 0x1 has invalid wMaxPacketSize 0
[  286.255376][ T5880] usb 6-1: config 0 interface 0 altsetting 0 bulk endpoint 0x1 has invalid maxpacket 0
[  286.255401][ T5880] usb 6-1: config 0 interface 0 altsetting 0 has 2 endpoint descriptors, different from the interface descriptor's value: 18
[  286.255443][ T5880] usb 6-1: New USB device found, idVendor=03f0, idProduct=6c17, bcdDevice= 0.40
[  286.255467][ T5880] usb 6-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  286.354001][ T5880] usb 6-1: config 0 descriptor??
[  286.361147][ T8868] 8021q: adding VLAN 0 to HW filter on device netdevsim1
[  286.362195][ T8868] netdevsim netdevsim7 netdevsim2: renamed from eth2
[  286.621987][ T5880] usblp 6-1:0.0: usblp0: USB Bidirectional printer dev 5 if 0 alt 0 proto 3 vid 0x03F0 pid 0x6C17
[  286.697102][ T8868] 8021q: adding VLAN 0 to HW filter on device netdevsim2
[  286.699521][ T8868] netdevsim netdevsim7 netdevsim3: renamed from eth3
[  286.841167][    T9] usb 6-1: USB disconnect, device number 5
[  286.860996][    T9] usblp0: removed
[  286.913629][ T8868] 8021q: adding VLAN 0 to HW filter on device netdevsim3
[  287.372922][    T9] usb 2-1: new high-speed USB device number 16 using dummy_hcd
[  287.537913][    T9] usb 2-1: Using ep0 maxpacket: 16
[  287.540678][    T9] usb 2-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7
[  287.540713][    T9] usb 2-1: config 0 interface 0 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 9
[  287.540757][    T9] usb 2-1: New USB device found, idVendor=045e, idProduct=07da, bcdDevice= 0.00
[  287.540782][    T9] usb 2-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  287.604750][    T9] usb 2-1: config 0 descriptor??
[  287.831108][ T8868] 8021q: adding VLAN 0 to HW filter on device bond0
[  288.002204][ T8868] 8021q: adding VLAN 0 to HW filter on device team0
[  288.105185][  T276] bridge0: port 1(bridge_slave_0) entered blocking state
[  288.105358][  T276] bridge0: port 1(bridge_slave_0) entered forwarding state
[  288.107039][    T9] HID 045e:07da: Invalid code 65791 type 1
[  288.155782][    T9] input: HID 045e:07da as /devices/platform/dummy_hcd.1/usb2/2-1/2-1:0.0/0003:045E:07DA.0010/input/input20
[  288.195394][  T276] bridge0: port 2(bridge_slave_1) entered blocking state
[  288.195531][  T276] bridge0: port 2(bridge_slave_1) entered forwarding state
[  288.262774][    T9] microsoft 0003:045E:07DA.0010: input,hidraw0: USB HID v0.00 Device [HID 045e:07da] on usb-dummy_hcd.1-1/input0
[  289.064974][    T9] usb 2-1: USB disconnect, device number 16
[  289.311761][ T5824] usb 1-1: new high-speed USB device number 11 using dummy_hcd
[  289.473201][ T5824] usb 1-1: Using ep0 maxpacket: 8
[  289.479140][ T5824] usb 1-1: config 16 interface 0 altsetting 0 endpoint 0x5 has invalid wMaxPacketSize 0
[  289.479174][ T5824] usb 1-1: config 16 interface 0 altsetting 0 bulk endpoint 0x5 has invalid maxpacket 0
[  289.479200][ T5824] usb 1-1: config 16 interface 0 altsetting 0 bulk endpoint 0x8B has invalid maxpacket 32
[  289.479226][ T5824] usb 1-1: config 16 interface 0 altsetting 0 has 2 endpoint descriptors, different from the interface descriptor's value: 3
[  289.479268][ T5824] usb 1-1: New USB device found, idVendor=ee8d, idProduct=db1a, bcdDevice=61.23
[  289.479292][ T5824] usb 1-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  289.969959][ T5824] usb 1-1: GET_CAPABILITIES returned 0
[  289.970013][ T5824] usbtmc 1-1:16.0: can't read capabilities
[  290.310372][ T5824] usb 1-1: USB disconnect, device number 11
[  290.374308][ T8868] 8021q: adding VLAN 0 to HW filter on device batadv0
[  291.967924][ T8868] veth0_vlan: entered promiscuous mode
[  292.114276][ T8868] veth1_vlan: entered promiscuous mode
[  292.413547][ T8868] veth0_macvtap: entered promiscuous mode
[  292.493282][ T8868] veth1_macvtap: entered promiscuous mode
[  292.580588][ T8868] batman_adv: batadv0: Interface activated: batadv_slave_0
[  293.014751][    T9] usb 1-1: new high-speed USB device number 12 using dummy_hcd
[  293.074659][ T8868] batman_adv: batadv0: Interface activated: batadv_slave_1
[  293.211573][   T56] netdevsim netdevsim7 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0
[  293.254721][ T1029] netdevsim netdevsim7 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0
[  293.263583][ T1029] netdevsim netdevsim7 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0
[  293.263975][ T1029] netdevsim netdevsim7 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0
[  293.452816][    T9] usb 1-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7
[  293.452859][    T9] usb 1-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0
[  293.452884][    T9] usb 1-1: config 0 interface 0 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 21
[  293.452929][    T9] usb 1-1: New USB device found, idVendor=047f, idProduct=ffff, bcdDevice= 0.00
[  293.452953][    T9] usb 1-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  293.458556][    T9] usb 1-1: config 0 descriptor??
[  293.503888][ T9082] netlink: 24 bytes leftover after parsing attributes in process `syz.6.1260'.
[  293.648605][ T9082] ip6gre1: entered promiscuous mode
[  293.648632][ T9082] ip6gre1: entered allmulticast mode
[  294.642113][    T9] plantronics 0003:047F:FFFF.0011: hiddev0,hidraw0: USB HID v0.40 Device [HID 047f:ffff] on usb-dummy_hcd.0-1/input0
[  294.699308][    T9] usb 1-1: USB disconnect, device number 12
[  295.869096][ T9092] fido_id[9092]: Failed to open report descriptor at '/sys/devices/platform/dummy_hcd.0/usb1/report_descriptor': No such file or directory
[  296.027251][ T9102] trusted_key: syz.0.1267 sent an empty control message without MSG_MORE.
[  296.860238][   T12] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[  296.860266][   T12] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50
[  297.331845][ T1029] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[  297.331869][ T1029] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50
[  297.728765][ T9132] netlink: 4 bytes leftover after parsing attributes in process `syz.5.1278'.
[  298.213617][ T9143] netlink: 8 bytes leftover after parsing attributes in process `syz.7.1183'.
[  299.030169][ T9161] netlink: 28 bytes leftover after parsing attributes in process `syz.5.1288'.
[  299.116369][    T9] usb 7-1: new full-speed USB device number 6 using dummy_hcd
[  299.366096][    T9] usb 7-1: config 1 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 10
[  299.366139][    T9] usb 7-1: config 1 interface 0 altsetting 0 endpoint 0x81 has invalid maxpacket 512, setting to 64
[  299.366187][    T9] usb 7-1: config 1 interface 1 altsetting 1 endpoint 0x82 has invalid maxpacket 512, setting to 64
[  299.366220][    T9] usb 7-1: config 1 interface 1 altsetting 1 endpoint 0x3 has invalid maxpacket 512, setting to 64
[  299.369326][    T9] usb 7-1: New USB device found, idVendor=0525, idProduct=a4a1, bcdDevice= 0.40
[  299.369357][    T9] usb 7-1: New USB device strings: Mfr=0, Product=2, SerialNumber=3
[  299.369379][    T9] usb 7-1: Product: syz
[  299.369396][    T9] usb 7-1: SerialNumber: syz
[  299.474603][ T9152] raw-gadget.0 gadget.6: fail, usb_ep_enable returned -22
[  299.708687][ T9152] raw-gadget.0 gadget.6: fail, usb_ep_enable returned -22
[  299.709599][ T9152] raw-gadget.0 gadget.6: fail, usb_ep_enable returned -22
[  300.372350][ T9152] raw-gadget.0 gadget.6: fail, usb_ep_enable returned -22
[  300.372521][ T9152] raw-gadget.0 gadget.6: fail, usb_ep_enable returned -22
[  300.598285][    T9] cdc_ncm 7-1:1.0: MAC-Address: 42:42:42:42:42:42
[  300.598333][    T9] cdc_ncm 7-1:1.0: setting tx_max = 184
[  300.879855][    T9] cdc_ncm 7-1:1.0 usb0: register 'cdc_ncm' at usb-dummy_hcd.6-1, CDC NCM (NO ZLP), 42:42:42:42:42:42
[  301.072406][    T9] usb 7-1: USB disconnect, device number 6
[  301.105479][    T9] cdc_ncm 7-1:1.0 usb0: unregister 'cdc_ncm' usb-dummy_hcd.6-1, CDC NCM (NO ZLP)
[  305.077132][ T5137] Bluetooth: hci5: Opcode 0x1003 failed: -110
[  305.279896][ T9268] binder: 9267:9268 ioctl c0306201 200000000040 returned -11
[  305.429882][ T9272] netlink: 32 bytes leftover after parsing attributes in process `syz.1.1334'.
[  305.573388][ T9272] netlink: 40 bytes leftover after parsing attributes in process `syz.1.1334'.
[  305.624334][ T9277] IPVS: Schedule: port zero only supported in persistent services, check your ipvs configuration
[  307.761758][ T9309] netlink: 'syz.7.1346': attribute type 12 has an invalid length.
[  308.794465][ T5832] usb 2-1: new high-speed USB device number 17 using dummy_hcd
[  308.959552][ T5832] usb 2-1: config 0 has no interfaces?
[  308.959593][ T5832] usb 2-1: New USB device found, idVendor=047f, idProduct=ffff, bcdDevice= 0.00
[  308.959620][ T5832] usb 2-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  308.999828][ T5832] usb 2-1: config 0 descriptor??
[  309.289326][ T5880] usb 2-1: USB disconnect, device number 17
[  310.320101][ T9356] binder: BINDER_SET_CONTEXT_MGR already set
[  310.320120][ T9356] binder: 9355:9356 ioctl 4018620d 200000004a80 returned -16
[  312.114710][ T5137] Bluetooth: hci4: Malformed MSFT vendor event: 0x02
[  313.373939][ T9428] netlink: 88 bytes leftover after parsing attributes in process `syz.7.1392'.
[  313.378398][ T9430] netlink: 212348 bytes leftover after parsing attributes in process `syz.0.1393'.
[  313.399573][ T9430] netlink: Conntrack attr has 4 unknown bytes
[  315.164297][ T9469] input: syz0 as /devices/virtual/input/input21
[  315.619693][ T9461] overlayfs: statfs failed on './file0'
[  318.216574][ T9505] overlayfs: upper fs does not support RENAME_WHITEOUT.
[  318.216611][ T9505] overlayfs: failed to set xattr on upper
[  318.216620][ T9505] overlayfs: ...falling back to redirect_dir=nofollow.
[  318.216629][ T9505] overlayfs: ...falling back to index=off.
[  318.216638][ T9505] overlayfs: ...falling back to uuid=null.
[  318.216658][ T9505] overlayfs: maximum fs stacking depth exceeded
[  319.046895][ T6092] usb 8-1: new full-speed USB device number 2 using dummy_hcd
[  319.266442][ T6092] usb 8-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config
[  319.266508][ T6092] usb 8-1: config 0 interface 0 altsetting 0 has an endpoint descriptor with address 0xBE, changing to 0x8E
[  319.266535][ T6092] usb 8-1: config 0 interface 0 altsetting 0 endpoint 0x8E has an invalid bInterval 0, changing to 10
[  319.266561][ T6092] usb 8-1: config 0 interface 0 altsetting 0 endpoint 0x8E has invalid wMaxPacketSize 0
[  319.266583][ T6092] usb 8-1: config 0 interface 0 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 3
[  319.270382][ T6092] usb 8-1: New USB device found, idVendor=10c5, idProduct=819a, bcdDevice=e4.46
[  319.270411][ T6092] usb 8-1: New USB device strings: Mfr=1, Product=2, SerialNumber=35
[  319.270433][ T6092] usb 8-1: Product: syz
[  319.270448][ T6092] usb 8-1: Manufacturer: syz
[  319.270463][ T6092] usb 8-1: SerialNumber: syz
[  319.449426][ T6092] usb 8-1: config 0 descriptor??
[  319.680056][ T6092] radio-si470x 8-1:0.0: DeviceID=0x0000 ChipID=0x0000
[  319.680082][ T6092] radio-si470x 8-1:0.0: This driver is known to work with firmware version 12, but the device has firmware version 0.
[  319.901191][ T6092] radio-si470x 8-1:0.0: software version 0, hardware version 0
[  319.901218][ T6092] radio-si470x 8-1:0.0: This driver is known to work with hardware version 1, but the device has hardware version 0.
[  319.901238][ T6092] radio-si470x 8-1:0.0: If you have some trouble using this driver, please report to V4L ML at linux-media@vger.kernel.org
[  319.978741][ T1337] ieee802154 phy0 wpan0: encryption failed: -22
[  319.978981][ T1337] ieee802154 phy1 wpan1: encryption failed: -22
[  320.119251][ T6092] radio-si470x 8-1:0.0: submitting int urb failed (-90)
[  320.343973][ T6092] radio-si470x 8-1:0.0: si470x_set_report: usb_control_msg returned -71
[  320.344315][ T6092] radio-si470x 8-1:0.0: probe with driver radio-si470x failed with error -22
[  320.390818][ T6092] usb 8-1: USB disconnect, device number 2
[  323.355845][ T9575] syzkaller1: entered promiscuous mode
[  323.355895][ T9575] syzkaller1: entered allmulticast mode
[  325.127411][ T5880] usb 2-1: new high-speed USB device number 18 using dummy_hcd
[  325.409448][ T5880] usb 2-1: Using ep0 maxpacket: 8
[  325.412156][ T5880] usb 2-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config
[  325.412183][ T5880] usb 2-1: config 0 has no interfaces?
[  325.412215][ T5880] usb 2-1: New USB device found, idVendor=0403, idProduct=f0c8, bcdDevice= 2.56
[  325.412242][ T5880] usb 2-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  325.449438][ T5880] usb 2-1: config 0 descriptor??
[  326.247353][ T9610] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium
[  326.295548][ T9610] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium
[  326.377518][ T5921] usb 2-1: USB disconnect, device number 18
[  326.840484][ T5832] usb 7-1: new high-speed USB device number 7 using dummy_hcd
[  327.012832][ T5832] usb 7-1: Using ep0 maxpacket: 8
[  327.015812][ T5832] usb 7-1: config 0 has an invalid interface number: 33 but max is 1
[  327.015929][ T5832] usb 7-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config
[  327.015955][ T5832] usb 7-1: config 0 has no interface number 1
[  327.016019][ T5832] usb 7-1: config 0 interface 33 altsetting 0 endpoint 0x6 has an invalid bInterval 0, changing to 7
[  327.016060][ T5832] usb 7-1: config 0 interface 0 altsetting 0 has 0 endpoint descriptors, different from the interface descriptor's value: 1
[  327.019728][ T5832] usb 7-1: New USB device found, idVendor=2040, idProduct=2950, bcdDevice=85.f1
[  327.019764][ T5832] usb 7-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  327.019785][ T5832] usb 7-1: Product: syz
[  327.019800][ T5832] usb 7-1: Manufacturer: syz
[  327.019815][ T5832] usb 7-1: SerialNumber: syz
[  327.193729][ T5832] usb 7-1: config 0 descriptor??
[  327.234769][ T5832] pvrusb2: Hardware description: WinTV PVR USB2 Model 29xxx
[  327.462482][ T9612] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy
[  327.463819][ T9612] misc raw-gadget: fail, usb_gadget_register_driver returned -16
[  327.687116][ T2394] pvrusb2: Invalid write control endpoint
[  327.811777][ T5832] pvrusb2: Hardware description: WinTV PVR USB2 Model 29xxx
[  327.856843][ T5832] usb 7-1: USB disconnect, device number 7
[  328.221459][ T9631] netlink: 164 bytes leftover after parsing attributes in process `syz.5.1456'.
[  328.549637][ T2394] usb 7-1: Direct firmware load for v4l-pvrusb2-29xxx-01.fw failed with error -2
[  328.549669][ T2394] usb 7-1: Falling back to sysfs fallback for: v4l-pvrusb2-29xxx-01.fw
[  330.162962][ T9652] io-wq is not configured for unbound workers
[  333.605833][   T48] usb 2-1: new high-speed USB device number 19 using dummy_hcd
[  333.773411][   T48] usb 2-1: Using ep0 maxpacket: 32
[  333.809266][   T48] usb 2-1: New USB device found, idVendor=2304, idProduct=0222, bcdDevice=77.3f
[  333.809299][   T48] usb 2-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  333.809322][   T48] usb 2-1: Product: syz
[  333.809338][   T48] usb 2-1: Manufacturer: syz
[  333.809353][   T48] usb 2-1: SerialNumber: syz
[  333.884500][   T48] usb 2-1: config 0 descriptor??
[  333.901846][   T48] dvb-usb: found a 'Pinnacle 450e DVB-S USB2.0' in warm state.
[  333.938004][   T48] dvb-usb: bulk message failed: -22 (4/0)
[  333.938040][   T48] ttusb2: there might have been an error during control message transfer. (rlen = 0, was 0)
[  333.938182][   T48] dvb-usb: bulk message failed: -22 (5/0)
[  333.938200][   T48] ttusb2: there might have been an error during control message transfer. (rlen = 0, was 0)
[  334.069896][   T48] dvb-usb: will pass the complete MPEG2 transport stream to the software demuxer.
[  334.106289][ T9693] dvb-usb: bulk message failed: -22 (7/0)
[  334.106314][ T9693] ttusb2: there might have been an error during control message transfer. (rlen = 3, was 0)
[  334.106436][ T9693] ttusb2: i2c transfer failed.
[  334.139669][   T48] dvbdev: DVB: registering new adapter (Pinnacle 450e DVB-S USB2.0)
[  334.139739][   T48] usb 2-1: media controller created
[  334.183394][   T48] dvbdev: dvb_create_media_entity: media entity 'dvb-demux' registered.
[  334.264344][   T48] usb 2-1: selecting invalid altsetting 3
[  334.264367][   T48] ttusb2: set interface to alts=3 failed
[  334.415015][   T48] DVB: Unable to find symbol tda10086_attach()
[  334.415034][   T48] dvb-usb: no frontend was attached by 'Pinnacle 450e DVB-S USB2.0'
[  334.423570][   T48] dvb-usb: bulk message failed: -22 (4/0)
[  334.423595][   T48] ttusb2: there might have been an error during control message transfer. (rlen = 0, was 0)
[  334.423729][   T48] dvb-usb: bulk message failed: -22 (5/0)
[  334.423760][   T48] ttusb2: there might have been an error during control message transfer. (rlen = 0, was 0)
[  334.423931][   T48] dvb-usb: Pinnacle 450e DVB-S USB2.0 successfully initialized and connected.
[  334.485958][   T48] usb 2-1: USB disconnect, device number 19
[  334.704676][   T59] Bluetooth: hci1: unexpected cc 0x0c03 length: 249 > 1
[  334.736879][   T48] dvb-usb: Pinnacle 450e DVB-S USB2.0 successfully deinitialized and disconnected.
[  334.804291][   T59] Bluetooth: hci1: unexpected cc 0x1003 length: 249 > 9
[  334.809469][   T59] Bluetooth: hci1: unexpected cc 0x1001 length: 249 > 9
[  334.838647][   T59] Bluetooth: hci1: unexpected cc 0x0c23 length: 249 > 4
[  334.879004][   T59] Bluetooth: hci1: unexpected cc 0x0c38 length: 249 > 2
[  335.495648][   T68] netdevsim netdevsim7 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  337.254850][ T5137] Bluetooth: hci1: command tx timeout
[  338.135229][ T9724] syz.5.1488 (9724) used greatest stack depth: 16864 bytes left
[  338.141265][   T68] netdevsim netdevsim7 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  339.508896][ T5137] Bluetooth: hci1: command tx timeout
[  339.645517][   T68] netdevsim netdevsim7 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  340.626573][   T68] netdevsim netdevsim7 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  340.833584][   T36] kauditd_printk_skb: 13 callbacks suppressed
[  340.833603][   T36] audit: type=1326 audit(1776718825.578:106): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=9764 comm="syz.1.1502" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f0e0442c819 code=0x7ffc0000
[  340.833759][   T36] audit: type=1326 audit(1776718825.578:107): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=9764 comm="syz.1.1502" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f0e0442c819 code=0x7ffc0000
[  340.833929][   T36] audit: type=1326 audit(1776718825.578:108): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=9764 comm="syz.1.1502" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f0e0442c819 code=0x7ffc0000
[  340.834412][   T36] audit: type=1326 audit(1776718825.578:109): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=9764 comm="syz.1.1502" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f0e0442c819 code=0x7ffc0000
[  340.834671][   T36] audit: type=1326 audit(1776718825.578:110): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=9764 comm="syz.1.1502" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f0e0442c819 code=0x7ffc0000
[  340.835125][   T36] audit: type=1326 audit(1776718825.578:111): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=9764 comm="syz.1.1502" exe="/root/syz-executor" sig=0 arch=c000003e syscall=43 compat=0 ip=0x7f0e0442c819 code=0x7ffc0000
[  340.835322][   T36] audit: type=1326 audit(1776718825.578:112): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=9764 comm="syz.1.1502" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f0e0442c819 code=0x7ffc0000
[  340.837129][   T36] audit: type=1326 audit(1776718825.578:114): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=9764 comm="syz.1.1502" exe="/root/syz-executor" sig=0 arch=c000003e syscall=10 compat=0 ip=0x7f0e0442c819 code=0x7ffc0000
[  340.837540][   T36] audit: type=1326 audit(1776718825.578:115): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=9764 comm="syz.1.1502" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f0e0442c819 code=0x7ffc0000
[  340.837742][   T36] audit: type=1326 audit(1776718825.578:116): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=9764 comm="syz.1.1502" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f0e0442c819 code=0x7ffc0000
[  341.751992][ T5137] Bluetooth: hci1: command tx timeout
[  341.996297][ T9701] chnl_net:caif_netlink_parms(): no params data found
[  344.008322][ T5137] Bluetooth: hci1: command tx timeout
[  344.105143][ T9701] bridge0: port 1(bridge_slave_0) entered blocking state
[  344.105240][ T9701] bridge0: port 1(bridge_slave_0) entered disabled state
[  344.105444][ T9701] bridge_slave_0: entered allmulticast mode
[  344.232212][ T9796] faux_driver vkms: [drm] Unknown color mode 256; guessing buffer size.
[  344.309216][ T9701] bridge_slave_0: entered promiscuous mode
[  344.369435][ T9701] bridge0: port 2(bridge_slave_1) entered blocking state
[  344.369563][ T9701] bridge0: port 2(bridge_slave_1) entered disabled state
[  344.369784][ T9701] bridge_slave_1: entered allmulticast mode
[  345.021445][ T9701] bridge_slave_1: entered promiscuous mode
[  347.288374][ T9701] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link
[  347.332550][ T9701] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link
[  348.056705][ T9701] team0: Port device team_slave_0 added
[  348.141795][ T9701] team0: Port device team_slave_1 added
[  349.542908][ T9853] netlink: 220 bytes leftover after parsing attributes in process `syz.1.1529'.
[  350.112992][ T5137] Bluetooth: hci4: command 0x0406 tx timeout
[  350.444725][   T68] bridge_slave_1: left allmulticast mode
[  350.444911][   T68] bridge_slave_1: left promiscuous mode
[  350.506737][   T68] bridge0: port 2(bridge_slave_1) entered disabled state
[  352.135126][   T68] bridge_slave_0: left allmulticast mode
[  352.135160][   T68] bridge_slave_0: left promiscuous mode
[  352.159476][   T68] bridge0: port 1(bridge_slave_0) entered disabled state
[  352.217963][   T36] kauditd_printk_skb: 29 callbacks suppressed
[  352.217986][   T36] audit: type=1804 audit(1776718836.070:145): pid=9866 uid=0 auid=4294967295 ses=4294967295 subj=_ op=invalid_pcr cause=ToMToU comm="syz.1.1533" name="/newroot/310/file1" dev="fuse" ino=1 res=1 errno=0
[  352.218133][   T36] audit: type=1800 audit(1776718836.079:146): pid=9866 uid=0 auid=4294967295 ses=4294967295 subj=_ op=collect_data cause=failed(directio) comm="syz.1.1533" name="/" dev="fuse" ino=1 res=0 errno=0
[  353.439599][    C0] ip6_tunnel: ip6gre1 xmit: Local address not yet configured!
[  356.485346][   T68] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface
[  356.568097][   T68] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface
[  356.659210][   T68] bond0 (unregistering): Released all slaves
[  356.755303][ T9701] batman_adv: batadv0: Adding interface: batadv_slave_0
[  356.755319][ T9701] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1532 would solve the problem.
[  356.755353][ T9701] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active
[  356.867249][ T9867] netlink: 8 bytes leftover after parsing attributes in process `syz.5.1535'.
[  356.904106][ T9701] batman_adv: batadv0: Adding interface: batadv_slave_1
[  356.904139][ T9701] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1532 would solve the problem.
[  356.904239][ T9701] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active
[  358.185860][ T9701] hsr_slave_0: entered promiscuous mode
[  358.201774][ T9701] hsr_slave_1: entered promiscuous mode
[  358.228769][ T9701] debugfs: 'hsr0' already exists in 'hsr'
[  358.228798][ T9701] Cannot create hsr debugfs directory
[  359.936726][ T9916] vimc link validate: Sensor A:src:640x480 (0x33424752, 8, 0, 0, 0) Raw Capture 0:snk:640x480 (0x33424752, 8, 0, 0, 0)
[  360.858849][    T0] NOHZ tick-stop error: local softirq work is pending, handler #80!!!
[  366.342774][    T0] NOHZ tick-stop error: local softirq work is pending, handler #80!!!
[  366.364437][    T0] NOHZ tick-stop error: local softirq work is pending, handler #80!!!
[  367.421447][ T5482] 8021q: adding VLAN 0 to HW filter on device eth1
[  373.583471][   T68] hsr_slave_0: left promiscuous mode
[  373.627355][   T68] hsr_slave_1: left promiscuous mode
[  373.653201][   T68] batman_adv: batadv0: Interface deactivated: batadv_slave_0
[  373.653417][   T68] batman_adv: batadv0: Removing interface: batadv_slave_0
[  373.713667][   T68] batman_adv: batadv0: Interface deactivated: batadv_slave_1
[  373.713698][   T68] batman_adv: batadv0: Removing interface: batadv_slave_1
[  374.051612][   T59] Bluetooth: hci2: Controller not accepting commands anymore: ncmd = 0
[  374.051899][   T59] Bluetooth: hci2: Injecting HCI hardware error event
[  374.056236][   T59] Bluetooth: hci2: hardware error 0x00
[  378.416182][T10046] block nbd6: shutting down sockets
[  378.597899][   T68] veth1_macvtap: left promiscuous mode
[  378.598337][   T68] veth0_macvtap: left promiscuous mode
[  378.598687][   T68] veth1_vlan: left promiscuous mode
[  378.599229][   T68] veth0_vlan: left promiscuous mode
[  381.096053][   T59] Bluetooth: hci2: Opcode 0x0c03 failed: -110
[  382.045351][T10073] overlayfs: missing 'lowerdir'
[  382.936739][   T68] team0 (unregistering): Port device team_slave_1 removed
[  383.001353][   T68] team0 (unregistering): Port device team_slave_0 removed
[  383.564572][T10036] batman_adv: batadv0: Adding interface: dummy0
[  383.564593][T10036] batman_adv: batadv0: The MTU of interface dummy0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1532 would solve the problem.
[  383.564628][T10036] batman_adv: batadv0: Interface activated: dummy0
[  383.797115][T10038] batadv0: mtu less than device minimum
[  383.831986][T10038] batman_adv: batadv0: Forced to purge local tt entries to fit new maximum fragment MTU (-320)
[  383.848394][T10038] batman_adv: batadv0: Forced to purge local tt entries to fit new maximum fragment MTU (-320)
[  383.866583][T10038] batman_adv: batadv0: Forced to purge local tt entries to fit new maximum fragment MTU (-320)
[  383.883368][T10038] batman_adv: batadv0: Forced to purge local tt entries to fit new maximum fragment MTU (-320)
[  383.894183][T10038] batman_adv: batadv0: Forced to purge local tt entries to fit new maximum fragment MTU (-320)
[  383.916957][T10038] batman_adv: batadv0: Forced to purge local tt entries to fit new maximum fragment MTU (-320)
[  383.940773][T10038] batman_adv: batadv0: Forced to purge local tt entries to fit new maximum fragment MTU (-320)
[  383.967582][T10038] batman_adv: batadv0: Forced to purge local tt entries to fit new maximum fragment MTU (-320)
[  383.975689][T10038] batman_adv: batadv0: Forced to purge local tt entries to fit new maximum fragment MTU (-320)
[  384.086127][ T5482] 8021q: adding VLAN 0 to HW filter on device eth2
[  384.217942][ T9701] netdevsim netdevsim8 netdevsim0: renamed from eth0
[  384.381124][ T9701] 8021q: adding VLAN 0 to HW filter on device netdevsim0
[  385.304013][ T9701] netdevsim netdevsim8 netdevsim1: renamed from eth1
[  385.666464][    T0] NOHZ tick-stop error: local softirq work is pending, handler #80!!!
[  386.198502][ T9701] 8021q: adding VLAN 0 to HW filter on device netdevsim1
[  386.533982][ T1337] ieee802154 phy0 wpan0: encryption failed: -22
[  386.534066][ T1337] ieee802154 phy1 wpan1: encryption failed: -22
[  387.977852][ T9701] netdevsim netdevsim8 netdevsim2: renamed from eth2
[  390.462072][ T9701] 8021q: adding VLAN 0 to HW filter on device netdevsim2
[  390.482872][ T9701] netdevsim netdevsim8 netdevsim3: renamed from eth3
[  392.395441][ T9701] 8021q: adding VLAN 0 to HW filter on device netdevsim3
[  396.683013][ T9701] 8021q: adding VLAN 0 to HW filter on device bond0
[  396.736248][ T9701] 8021q: adding VLAN 0 to HW filter on device team0
[  396.893516][ T1171] bridge0: port 1(bridge_slave_0) entered blocking state
[  396.893674][ T1171] bridge0: port 1(bridge_slave_0) entered forwarding state
[  398.083666][ T1029] bridge0: port 2(bridge_slave_1) entered blocking state
[  398.131244][ T1029] bridge0: port 2(bridge_slave_1) entered forwarding state
[  398.411680][    T0] NOHZ tick-stop error: local softirq work is pending, handler #80!!!
[  398.433354][    T0] NOHZ tick-stop error: local softirq work is pending, handler #80!!!
[  398.444191][    T0] NOHZ tick-stop error: local softirq work is pending, handler #80!!!
[  398.455021][    T0] NOHZ tick-stop error: local softirq work is pending, handler #80!!!
[  398.465858][    T0] NOHZ tick-stop error: local softirq work is pending, handler #80!!!
[  398.476711][    T0] NOHZ tick-stop error: local softirq work is pending, handler #80!!!
[  402.442586][ T2394] pvrusb2: request_firmware fatal error with code=-110
[  402.442620][ T2394] pvrusb2: Failure uploading firmware1
[  402.442630][ T2394] pvrusb2: Device initialization was not successful.
[  402.442639][ T2394] pvrusb2: ***WARNING*** pvrusb2 device hardware appears to be jammed and I can't clear it.
[  402.442651][ T2394] pvrusb2: You might need to power cycle the pvrusb2 device in order to recover.
[  402.510821][ T2394] usb 7-1: Direct firmware load for v4l-pvrusb2-29xxx-01.fw failed with error -2
[  402.510853][ T2394] usb 7-1: Falling back to sysfs fallback for: v4l-pvrusb2-29xxx-01.fw
[  402.564233][ T5832] pvrusb2: Device being rendered inoperable
[  404.193480][ T5482] 8021q: adding VLAN 0 to HW filter on device eth3
[  404.790266][ T5137] Bluetooth: hci5: unexpected cc 0x0c03 length: 249 > 1
[  404.814600][ T5137] Bluetooth: hci5: unexpected cc 0x1003 length: 249 > 9
[  404.816697][ T5137] Bluetooth: hci5: unexpected cc 0x1001 length: 249 > 9
[  404.871578][ T5137] Bluetooth: hci5: unexpected cc 0x0c23 length: 249 > 4
[  404.875909][ T5137] Bluetooth: hci5: unexpected cc 0x0c38 length: 249 > 2
[  405.840372][  T276] netdevsim netdevsim3 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  407.219364][   T59] Bluetooth: hci5: command tx timeout
[  407.627390][ T5137] Bluetooth: hci1: unexpected cc 0x0c03 length: 249 > 1
[  407.696223][ T5137] Bluetooth: hci1: unexpected cc 0x1003 length: 249 > 9
[  407.699381][ T5137] Bluetooth: hci1: unexpected cc 0x1001 length: 249 > 9
[  407.774375][ T5137] Bluetooth: hci1: unexpected cc 0x0c23 length: 249 > 4
[  407.856310][ T5137] Bluetooth: hci1: unexpected cc 0x0c38 length: 249 > 2
[  409.466315][   T59] Bluetooth: hci5: command tx timeout
[  410.310655][   T59] Bluetooth: hci1: command tx timeout
[  411.667192][T10232] [U] 
[  411.722010][   T59] Bluetooth: hci5: command tx timeout
[  411.757425][T10231] binder: 10230:10231 ioctl c0306201 200000000680 returned -14
[  412.162298][  T276] netdevsim netdevsim3 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  412.921766][   T59] Bluetooth: hci1: command tx timeout
[  413.531577][   T31] usb 6-1: new high-speed USB device number 6 using dummy_hcd
[  413.694421][   T31] usb 6-1: Using ep0 maxpacket: 32
[  413.696863][   T31] usb 6-1: config 0 has an invalid interface number: 51 but max is 0
[  413.696890][   T31] usb 6-1: config 0 has no interface number 0
[  413.703372][   T31] usb 6-1: New USB device found, idVendor=061d, idProduct=c150, bcdDevice=ce.6f
[  413.703403][   T31] usb 6-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  413.703426][   T31] usb 6-1: Product: syz
[  413.703441][   T31] usb 6-1: Manufacturer: syz
[  413.703456][   T31] usb 6-1: SerialNumber: syz
[  413.916608][   T31] usb 6-1: config 0 descriptor??
[  413.926518][   T31] quatech2 6-1:0.51: Quatech 2nd gen USB to Serial Driver converter detected
[  414.033924][   T59] Bluetooth: hci5: command tx timeout
[  415.164942][   T31] usb 6-1: Quatech 2nd gen USB to Serial Driver converter now attached to ttyUSB0
[  415.211335][   T59] Bluetooth: hci1: command tx timeout
[  415.245617][   T31] usb 6-1: Quatech 2nd gen USB to Serial Driver converter now attached to ttyUSB1
[  415.610588][  T276] netdevsim netdevsim3 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  416.351116][T10270] netlink: 'syz.1.1630': attribute type 2 has an invalid length.
[  416.351194][T10270] netlink: 'syz.1.1630': attribute type 1 has an invalid length.
[  416.355128][T10270] netlink: 'syz.1.1630': attribute type 1 has an invalid length.
[  417.196366][    C1] usb 6-1: qt2_read_bulk_callback - non-zero urb status: -71
[  417.202242][  T822] usb 6-1: USB disconnect, device number 6
[  417.252006][  T822] quatech-serial ttyUSB0: Quatech 2nd gen USB to Serial Driver converter now disconnected from ttyUSB0
[  417.270031][  T822] quatech-serial ttyUSB1: Quatech 2nd gen USB to Serial Driver converter now disconnected from ttyUSB1
[  417.270990][  T822] quatech2 6-1:0.51: device disconnected
[  417.589552][   T59] Bluetooth: hci1: command tx timeout
[  420.212600][  T276] netdevsim netdevsim3 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  420.374241][ T5482] 8021q: adding VLAN 0 to HW filter on device eth4
[  420.376859][T10298] batman_adv: batadv0: Interface deactivated: batadv_slave_0
[  420.376886][T10298] net_ratelimit: 10 callbacks suppressed
[  420.376900][T10298] batadv0: mtu less than device minimum
[  420.493624][T10298] batman_adv: batadv0: Forced to purge local tt entries to fit new maximum fragment MTU (-320)
[  420.539701][T10298] batman_adv: batadv0: Forced to purge local tt entries to fit new maximum fragment MTU (-320)
[  420.607605][T10298] batman_adv: batadv0: Forced to purge local tt entries to fit new maximum fragment MTU (-320)
[  420.620709][  T822] usb 2-1: new high-speed USB device number 20 using dummy_hcd
[  420.634909][T10298] batman_adv: batadv0: Forced to purge local tt entries to fit new maximum fragment MTU (-320)
[  420.665687][T10298] batman_adv: batadv0: Forced to purge local tt entries to fit new maximum fragment MTU (-320)
[  420.703821][T10298] batman_adv: batadv0: Forced to purge local tt entries to fit new maximum fragment MTU (-320)
[  420.722057][T10298] batman_adv: batadv0: Forced to purge local tt entries to fit new maximum fragment MTU (-320)
[  420.766718][T10298] batman_adv: batadv0: Forced to purge local tt entries to fit new maximum fragment MTU (-320)
[  420.835815][  T822] usb 2-1: Using ep0 maxpacket: 16
[  420.856815][  T822] usb 2-1: unable to get BOS descriptor or descriptor too short
[  420.862925][  T822] usb 2-1: config 4 has an invalid interface number: 6 but max is 0
[  420.862952][  T822] usb 2-1: config 4 has no interface number 0
[  420.870724][T10304] overlayfs: failed to resolve './file0': -2
[  420.890015][T10298] batman_adv: batadv0: Forced to purge local tt entries to fit new maximum fragment MTU (-320)
[  420.914759][  T822] usb 2-1: New USB device found, idVendor=0411, idProduct=0012, bcdDevice=15.b8
[  420.914792][  T822] usb 2-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  420.914811][  T822] usb 2-1: Product: syz
[  420.914826][  T822] usb 2-1: Manufacturer: syz
[  420.914841][  T822] usb 2-1: SerialNumber: syz
[  421.585461][T10298] batman_adv: batadv0: Removing interface: batadv_slave_0
[  421.779582][T10298] batman_adv: batadv0: Interface deactivated: batadv_slave_1
[  422.341729][T10298] batman_adv: batadv0: Removing interface: batadv_slave_1
[  422.389704][T10298] batman_adv: batadv0: Interface deactivated: dummy0
[  422.389749][T10298] batman_adv: batadv0: Removing interface: dummy0
[  424.016058][T10315] 9p: Bad value for 'rfdno'
[  424.180613][ T5187] udevd[5187]: worker [5934] /devices/platform/dummy_hcd.6/usb7/7-1 is taking a long time
[  424.290783][  T822] rtl8150 2-1:4.6: couldn't find required endpoints
[  424.291350][  T822] rtl8150 2-1:4.6: probe with driver rtl8150 failed with error -5
[  424.337348][  T822] usb 2-1: USB disconnect, device number 20
[  427.566041][T10202] chnl_net:caif_netlink_parms(): no params data found
[  428.651781][T10185] chnl_net:caif_netlink_parms(): no params data found
[  430.048198][T10357] ptrace attach of "./syz-executor exec"[5818] was attempted by "./syz-executor exec"[10357]
[  430.333530][T10354] netlink: 212408 bytes leftover after parsing attributes in process `syz.5.1648'.
[  430.335582][T10354] netlink: 28 bytes leftover after parsing attributes in process `syz.5.1648'.
[  432.338420][T10371] afs: Bad value for 'source'
[  433.667057][   T36] audit: type=1326 audit(1776718911.233:147): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=10375 comm="syz.1.1653" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f0e0442c819 code=0x7ffc0000
[  433.667117][   T36] audit: type=1326 audit(1776718911.233:148): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=10375 comm="syz.1.1653" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f0e0442c819 code=0x7ffc0000
[  433.667165][   T36] audit: type=1326 audit(1776718911.233:149): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=10375 comm="syz.1.1653" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f0e0442c819 code=0x7ffc0000
[  433.667212][   T36] audit: type=1326 audit(1776718911.233:150): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=10375 comm="syz.1.1653" exe="/root/syz-executor" sig=0 arch=c000003e syscall=73 compat=0 ip=0x7f0e0442c819 code=0x7ffc0000
[  433.667260][   T36] audit: type=1326 audit(1776718911.233:151): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=10375 comm="syz.1.1653" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f0e0442c819 code=0x7ffc0000
[  433.667306][   T36] audit: type=1326 audit(1776718911.233:152): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=10375 comm="syz.1.1653" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f0e0442c819 code=0x7ffc0000
[  433.667352][   T36] audit: type=1326 audit(1776718911.233:153): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=10375 comm="syz.1.1653" exe="/root/syz-executor" sig=0 arch=c000003e syscall=230 compat=0 ip=0x7f0e043ed04e code=0x7ffc0000
[  433.667401][   T36] audit: type=1326 audit(1776718911.233:154): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=10375 comm="syz.1.1653" exe="/root/syz-executor" sig=0 arch=c000003e syscall=230 compat=0 ip=0x7f0e043ed04e code=0x7ffc0000
[  433.667908][   T36] audit: type=1326 audit(1776718911.242:155): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=10375 comm="syz.1.1653" exe="/root/syz-executor" sig=0 arch=c000003e syscall=230 compat=0 ip=0x7f0e043ed04e code=0x7ffc0000
[  433.669364][   T36] audit: type=1326 audit(1776718911.242:156): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=10375 comm="syz.1.1653" exe="/root/syz-executor" sig=0 arch=c000003e syscall=230 compat=0 ip=0x7f0e043ed04e code=0x7ffc0000
[  434.000343][T10375] ==================================================================
[  434.000362][T10375] BUG: KASAN: slab-use-after-free in rt_spin_lock+0x83/0x400
[  434.000399][T10375] Read of size 1 at addr ffff888075ce3200 by task syz.1.1653/10375
[  434.000419][T10375] 
[  434.000446][T10375] CPU: 1 UID: 0 PID: 10375 Comm: syz.1.1653 Tainted: G             L      syzkaller #0 PREEMPT_{RT,(full)} 
[  434.000476][T10375] Tainted: [L]=SOFTLOCKUP
SYZFAIL: failed to recv rpc
fd=3 want=4 recv=0 n=0 (errno 9: Bad file descriptor)
[  434.000485][T10375] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 03/18/2026
[  434.000507][T10375] Call Trace:
[  434.000515][T10375]  <TASK>
[  434.000524][T10375]  dump_stack_lvl+0xe8/0x150
[  434.000563][T10375]  print_address_description+0x55/0x1e0
[  434.000600][T10375]  ? rt_spin_lock+0x83/0x400
[  434.000626][T10375]  print_report+0x58/0x70
[  434.000658][T10375]  kasan_report+0x117/0x150
[  434.000683][T10375]  ? rt_spin_lock+0x83/0x400
[  434.000713][T10375]  ? __wake_up_common_lock+0x2f/0x1e0
[  434.000739][T10375]  __kasan_check_byte+0x2a/0x40
[  434.000761][T10375]  lock_acquire+0x84/0x350
[  434.000792][T10375]  rt_spin_lock+0x83/0x400
[  434.000818][T10375]  ? __wake_up_common_lock+0x2f/0x1e0
[  434.000843][T10375]  ? __pfx_rt_mutex_slowunlock+0x10/0x10
[  434.000872][T10375]  ? __pfx_rt_spin_lock+0x10/0x10
[  434.000899][T10375]  ? rt_spin_unlock+0x14f/0x200
[  434.000928][T10375]  ? rt_spin_unlock+0x160/0x200
[  434.000958][T10375]  __wake_up_common_lock+0x2f/0x1e0
[  434.000997][T10375]  snd_pcm_stop+0x428/0x550
[  434.001034][T10375]  loopback_trigger+0x11ff/0x1cf0
[  434.001069][T10375]  snd_pcm_start+0x43d/0x5d0
[  434.001106][T10375]  __snd_pcm_lib_xfer+0x175a/0x1d10
[  434.001139][T10375]  ? __pfx_interleaved_copy+0x10/0x10
[  434.001167][T10375]  ? __pfx_default_write_copy+0x10/0x10
[  434.001196][T10375]  ? _raw_spin_unlock_irqrestore+0x30/0x80
[  434.001233][T10375]  ? __pfx___snd_pcm_lib_xfer+0x10/0x10
[  434.001259][T10375]  ? rt_mutex_slowunlock+0x1cb/0x300
[  434.001287][T10375]  ? __pfx_rt_mutex_slowunlock+0x10/0x10
[  434.001319][T10375]  ? snd_pcm_oss_write3+0x191/0x300
[  434.001347][T10375]  snd_pcm_oss_write3+0x1ab/0x300
[  434.001374][T10375]  snd_pcm_oss_write2+0x2c2/0x440
[  434.001402][T10375]  ? __pfx_snd_pcm_oss_write2+0x10/0x10
[  434.001427][T10375]  ? rt_spin_unlock+0x14f/0x200
[  434.001457][T10375]  ? rt_spin_unlock+0x160/0x200
[  434.001487][T10375]  snd_pcm_oss_sync1+0x180/0x520
[  434.001519][T10375]  ? __pfx_snd_pcm_oss_sync1+0x10/0x10
[  434.001548][T10375]  ? __pfx_default_wake_function+0x10/0x10
[  434.001581][T10375]  ? _raw_spin_unlock_irqrestore+0x30/0x80
[  434.001618][T10375]  ? __asan_memset+0x22/0x50
[  434.001647][T10375]  ? snd_pcm_format_set_silence+0x11c/0x2d0
[  434.001679][T10375]  snd_pcm_oss_sync+0xab2/0xfc0
[  434.001709][T10375]  snd_pcm_oss_release+0x102/0x250
[  434.001730][T10375]  ? __pfx_snd_pcm_oss_release+0x10/0x10
[  434.001751][T10375]  __fput+0x461/0xa70
[  434.001786][T10375]  task_work_run+0x1d9/0x270
[  434.001816][T10375]  ? __pfx_task_work_run+0x10/0x10
[  434.001847][T10375]  ? entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  434.001871][T10375]  exit_to_user_mode_loop+0xed/0x480
[  434.001896][T10375]  ? rcu_is_watching+0x15/0xb0
[  434.001928][T10375]  ? entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  434.001951][T10375]  do_syscall_64+0x33e/0xf80
[  434.001991][T10375]  ? entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  434.002014][T10375]  ? clear_bhb_loop+0x40/0x90
[  434.002039][T10375]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  434.002068][T10375] RIP: 0033:0x7f0e0442c819
[  434.002091][T10375] Code: ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 e8 ff ff ff f7 d8 64 89 01 48
[  434.002111][T10375] RSP: 002b:00007fff937b97c8 EFLAGS: 00000246 ORIG_RAX: 00000000000001b4
[  434.002135][T10375] RAX: 0000000000000000 RBX: 00007f0e046a7da0 RCX: 00007f0e0442c819
[  434.002150][T10375] RDX: 0000000000000000 RSI: 000000000000001e RDI: 0000000000000003
[  434.002164][T10375] RBP: 00007f0e046a7da0 R08: 0000000000000006 R09: 0000000000000000
[  434.002177][T10375] R10: 00007f0e046a7cb0 R11: 0000000000000246 R12: 0000000000067078
[  434.002191][T10375] R13: 00007f0e046a618c R14: 0000000000067045 R15: 00007f0e046a6180
[  434.002217][T10375]  </TASK>
[  434.002225][T10375] [  434.002225][T10375] 
[  434.002234][T10375] Allocated by task 10376:
[  434.002245][T10375]  kasan_save_track+0x3e/0x80
[  434.002275][T10375]  __kasan_kmalloc+0x93/0xb0
[  434.002304][T10375]  __kmalloc_cache_noprof+0x3a6/0x690
[  434.002323][T10375]  snd_pcm_attach_substream+0x5b7/0xb20
[  434.002349][T10375]  snd_pcm_open_substream+0xbd/0x2420
[  434.002382][T10375]  snd_pcm_oss_open+0xf90/0x1c20
[  434.002403][T10375]  chrdev_open+0x4d0/0x5f0
[  434.002425][T10375]  do_dentry_open+0x83d/0x13e0
[  434.002451][T10375]  vfs_open+0x3b/0x350
[  434.002474][T10375]  path_openat+0x2e43/0x38a0
[  434.002491][T10375]  do_file_open+0x23e/0x4a0
[  434.002507][T10375]  do_sys_openat2+0x113/0x200
[  434.002534][T10375]  __x64_sys_openat+0x138/0x170
[  434.002560][T10375]  do_syscall_64+0x15f/0xf80
[  434.002591][T10375]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  434.002611][T10375] 
[  434.002616][T10375] Freed by task 10376:
[  434.002626][T10375]  kasan_save_track+0x3e/0x80
[  434.002655][T10375]  kasan_save_free_info+0x46/0x50
[  434.002679][T10375]  __kasan_slab_free+0x5c/0x80
[  434.002709][T10375]  kfree+0x1c5/0x6c0
[  434.002736][T10375]  snd_pcm_detach_substream+0x1c8/0x270
[  434.002762][T10375]  snd_pcm_oss_release+0x184/0x250
[  434.002783][T10375]  __fput+0x461/0xa70
[  434.002809][T10375]  task_work_run+0x1d9/0x270
[  434.002833][T10375]  exit_to_user_mode_loop+0xed/0x480
[  434.002854][T10375]  do_syscall_64+0x33e/0xf80
[  434.002885][T10375]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  434.002906][T10375] 
[  434.002911][T10375] The buggy address belongs to the object at ffff888075ce3000
[  434.002911][T10375]  which belongs to the cache kmalloc-2k of size 2048
[  434.002931][T10375] The buggy address is located 512 bytes inside of
[  434.002931][T10375]  freed 2048-byte region [ffff888075ce3000, ffff888075ce3800)
[  434.002953][T10375] 
[  434.002958][T10375] The buggy address belongs to the physical page:
[  434.002975][T10375] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x75ce0
[  434.003004][T10375] head: order:3 mapcount:0 entire_mapcount:0 nr_pages_mapped:0 pincount:0
[  434.003022][T10375] flags: 0x80000000000040(head|node=0|zone=1)
[  434.003045][T10375] page_type: f5(slab)
[  434.003069][T10375] raw: 0080000000000040 ffff88801a025000 dead000000000100 dead000000000122
[  434.003088][T10375] raw: 0000000000000000 0000000800080008 00000000f5000000 0000000000000000
[  434.003108][T10375] head: 0080000000000040 ffff88801a025000 dead000000000100 dead000000000122
[  434.003127][T10375] head: 0000000000000000 0000000800080008 00000000f5000000 0000000000000000
[  434.003146][T10375] head: 0080000000000003 fffffffffffffe01 00000000ffffffff 00000000ffffffff
[  434.003164][T10375] head: 0000000000000000 0000000000000000 00000000ffffffff 0000000000000008
[  434.003176][T10375] page dumped because: kasan: bad access detected
[  434.003192][T10375] page_owner tracks the page as allocated
[  434.003200][T10375] page last allocated via order 3, migratetype Unmovable, gfp_mask 0xd20c0(__GFP_IO|__GFP_FS|__GFP_NOWARN|__GFP_NORETRY|__GFP_COMP|__GFP_NOMEMALLOC), pid 5824, tgid 5824 (kworker/1:4), ts 293496914699, free_ts 293273305618
[  434.003237][T10375]  post_alloc_hook+0x231/0x280
[  434.003269][T10375]  get_page_from_freelist+0x27c8/0x2840
[  434.003292][T10375]  __alloc_frozen_pages_noprof+0x18d/0x380
[  434.003315][T10375]  allocate_slab+0x77/0x660
[  434.003339][T10375]  refill_objects+0x33c/0x3d0
[  434.003362][T10375]  __pcs_replace_empty_main+0x373/0x720
[  434.003390][T10375]  __kmalloc_node_track_caller_noprof+0x60b/0x7e0
[  434.003410][T10375]  __alloc_skb+0x2c1/0x7d0
[  434.003433][T10375]  mld_newpack+0x14c/0xc90
[  434.003458][T10375]  add_grhead+0x5a/0x2a0
[  434.003482][T10375]  add_grec+0x1452/0x1740
[  434.003506][T10375]  mld_ifc_work+0x6e6/0xe70
[  434.003529][T10375]  process_scheduled_works+0xb5d/0x1860
[  434.003560][T10375]  worker_thread+0xa53/0xfc0
[  434.003576][T10375]  kthread+0x388/0x470
[  434.003598][T10375]  ret_from_fork+0x514/0xb70
[  434.003615][T10375] page last free pid 8868 tgid 8868 stack trace:
[  434.003627][T10375]  __free_frozen_pages+0xfa6/0x10f0
[  434.003645][T10375]  __slab_free+0x252/0x2a0
[  434.003663][T10375]  qlist_free_all+0x99/0x100
[  434.003690][T10375]  kasan_quarantine_reduce+0x148/0x160
[  434.003719][T10375]  __kasan_slab_alloc+0x22/0x80
[  434.003750][T10375]  __kmalloc_cache_noprof+0x338/0x690
[  434.003768][T10375]  rtnl_newlink+0x136/0x1bb0
[  434.003788][T10375]  rtnetlink_rcv_msg+0x7d5/0xbe0
[  434.003807][T10375]  netlink_rcv_skb+0x232/0x4b0
[  434.003830][T10375]  netlink_unicast+0x780/0x920
[  434.003848][T10375]  netlink_sendmsg+0x813/0xb40
[  434.003872][T10375]  __sys_sendto+0x67f/0x710
[  434.003895][T10375]  __x64_sys_sendto+0xde/0x100
[  434.003919][T10375]  do_syscall_64+0x15f/0xf80
[  434.003950][T10375]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  434.003968][T10375] 
[  434.003973][T10375] Memory state around the buggy address:
[  434.003982][T10375]  ffff888075ce3100: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb
[  434.004006][T10375]  ffff888075ce3180: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb
[  434.004019][T10375] >ffff888075ce3200: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb
[  434.004029][T10375]                    ^
[  434.004038][T10375]  ffff888075ce3280: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb
[  434.004051][T10375]  ffff888075ce3300: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb
[  434.004061][T10375] ==================================================================
[  434.433939][T10375] Kernel panic - not syncing: KASAN: panic_on_warn set ...
[  434.433966][T10375] CPU: 1 UID: 0 PID: 10375 Comm: syz.1.1653 Tainted: G             L      syzkaller #0 PREEMPT_{RT,(full)} 
[  434.433998][T10375] Tainted: [L]=SOFTLOCKUP
[  434.434006][T10375] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 03/18/2026
[  434.434021][T10375] Call Trace:
[  434.434029][T10375]  <TASK>
[  434.434039][T10375]  vpanic+0x56c/0xa60
[  434.434068][T10375]  ? __pfx_vpanic+0x10/0x10
[  434.434090][T10375]  ? __pfx___schedule+0x10/0x10
[  434.434136][T10375]  panic+0xc5/0xd0
[  434.434157][T10375]  ? __pfx_panic+0x10/0x10
[  434.434182][T10375]  ? preempt_schedule_common+0x82/0xd0
[  434.434217][T10375]  ? rt_spin_lock+0x83/0x400
[  434.434242][T10375]  check_panic_on_warn+0x89/0xb0
[  434.434272][T10375]  ? rt_spin_lock+0x83/0x400
[  434.434298][T10375]  end_report+0x73/0x170
[  434.434318][T10375]  ? rt_spin_lock+0x83/0x400
[  434.434343][T10375]  kasan_report+0x128/0x150
[  434.434365][T10375]  ? rt_spin_lock+0x83/0x400
[  434.434394][T10375]  ? __wake_up_common_lock+0x2f/0x1e0
[  434.434418][T10375]  __kasan_check_byte+0x2a/0x40
[  434.434438][T10375]  lock_acquire+0x84/0x350
[  434.434470][T10375]  rt_spin_lock+0x83/0x400
[  434.434496][T10375]  ? __wake_up_common_lock+0x2f/0x1e0
[  434.434520][T10375]  ? __pfx_rt_mutex_slowunlock+0x10/0x10
[  434.434548][T10375]  ? __pfx_rt_spin_lock+0x10/0x10
[  434.434574][T10375]  ? rt_spin_unlock+0x14f/0x200
[  434.434605][T10375]  ? rt_spin_unlock+0x160/0x200
[  434.434634][T10375]  __wake_up_common_lock+0x2f/0x1e0
[  434.434662][T10375]  snd_pcm_stop+0x428/0x550
[  434.434697][T10375]  loopback_trigger+0x11ff/0x1cf0
[  434.434730][T10375]  snd_pcm_start+0x43d/0x5d0
[  434.434766][T10375]  __snd_pcm_lib_xfer+0x175a/0x1d10
[  434.434799][T10375]  ? __pfx_interleaved_copy+0x10/0x10
[  434.434825][T10375]  ? __pfx_default_write_copy+0x10/0x10
[  434.434853][T10375]  ? _raw_spin_unlock_irqrestore+0x30/0x80
[  434.434896][T10375]  ? __pfx___snd_pcm_lib_xfer+0x10/0x10
[  434.434921][T10375]  ? rt_mutex_slowunlock+0x1cb/0x300
[  434.434948][T10375]  ? __pfx_rt_mutex_slowunlock+0x10/0x10
[  434.434980][T10375]  ? snd_pcm_oss_write3+0x191/0x300
[  434.435006][T10375]  snd_pcm_oss_write3+0x1ab/0x300
[  434.435034][T10375]  snd_pcm_oss_write2+0x2c2/0x440
[  434.435060][T10375]  ? __pfx_snd_pcm_oss_write2+0x10/0x10
[  434.435084][T10375]  ? rt_spin_unlock+0x14f/0x200
[  434.435114][T10375]  ? rt_spin_unlock+0x160/0x200
[  434.435144][T10375]  snd_pcm_oss_sync1+0x180/0x520
[  434.435176][T10375]  ? __pfx_snd_pcm_oss_sync1+0x10/0x10
[  434.435203][T10375]  ? __pfx_default_wake_function+0x10/0x10
[  434.435235][T10375]  ? _raw_spin_unlock_irqrestore+0x30/0x80
[  434.435271][T10375]  ? __asan_memset+0x22/0x50
[  434.435300][T10375]  ? snd_pcm_format_set_silence+0x11c/0x2d0
[  434.435332][T10375]  snd_pcm_oss_sync+0xab2/0xfc0
[  434.435366][T10375]  snd_pcm_oss_release+0x102/0x250
[  434.435390][T10375]  ? __pfx_snd_pcm_oss_release+0x10/0x10
[  434.435415][T10375]  __fput+0x461/0xa70
[  434.435451][T10375]  task_work_run+0x1d9/0x270
[  434.435482][T10375]  ? __pfx_task_work_run+0x10/0x10
[  434.435513][T10375]  ? entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  434.435538][T10375]  exit_to_user_mode_loop+0xed/0x480
[  434.435562][T10375]  ? rcu_is_watching+0x15/0xb0
[  434.435591][T10375]  ? entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  434.435615][T10375]  do_syscall_64+0x33e/0xf80
[  434.435647][T10375]  ? entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  434.435670][T10375]  ? clear_bhb_loop+0x40/0x90
[  434.435696][T10375]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  434.435719][T10375] RIP: 0033:0x7f0e0442c819
[  434.435739][T10375] Code: ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 e8 ff ff ff f7 d8 64 89 01 48
[  434.435758][T10375] RSP: 002b:00007fff937b97c8 EFLAGS: 00000246 ORIG_RAX: 00000000000001b4
[  434.435781][T10375] RAX: 0000000000000000 RBX: 00007f0e046a7da0 RCX: 00007f0e0442c819
[  434.435796][T10375] RDX: 0000000000000000 RSI: 000000000000001e RDI: 0000000000000003
[  434.435809][T10375] RBP: 00007f0e046a7da0 R08: 0000000000000006 R09: 0000000000000000
[  434.435823][T10375] R10: 00007f0e046a7cb0 R11: 0000000000000246 R12: 0000000000067078
[  434.435838][T10375] R13: 00007f0e046a618c R14: 0000000000067045 R15: 00007f0e046a6180
[  434.435863][T10375]  </TASK>
[  434.436024][T10375] Kernel Offset: disabled