last executing test programs:

4.689337275s ago: executing program 0 (id=60):
socketpair$nbd(0x1, 0x1, 0x0, &(0x7f0000000040)={0xffffffffffffffff, <r0=>0xffffffffffffffff})
ioctl$SIOCSIFHWADDR(r0, 0x8914, &(0x7f0000000140)={'pim6reg1\x00', @multicast})

4.278266939s ago: executing program 0 (id=63):
syz_usb_connect(0x0, 0x36, &(0x7f0000000040)=ANY=[@ANYBLOB="120100008010bd40820514009dbb0000000109022400011b00000009040000022a3e740009058bff7f0000"], 0x0)
r0 = syz_open_dev$midi(&(0x7f0000000100), 0x3ff, 0x2000)
read(r0, &(0x7f0000000080)=""/128, 0x80)
timer_create(0x0, &(0x7f0000000080)={0x0, 0x11, 0x0, @thr={0x0, 0x0}}, &(0x7f0000000000))
timer_settime(0x0, 0x0, &(0x7f0000000240)={{0x0, 0x8}, {0x0, 0x9}}, 0x0)

2.853109784s ago: executing program 2 (id=70):
r0 = socket(0x40000000015, 0x5, 0x0)
setsockopt$sock_int(r0, 0x1, 0x23, &(0x7f0000000000)=0x2, 0x4)
bind$inet(r0, &(0x7f00008a5ff0)={0x2, 0x0, @loopback}, 0x10)
recvmmsg(r0, &(0x7f00000001c0)=[{{0x0, 0x0, 0x0, 0x0, &(0x7f0000002d00)=""/96, 0x60}, 0xfff}], 0x1, 0x0, 0x0)
sendto$inet(r0, 0x0, 0x0, 0x0, &(0x7f0000000200)={0x2, 0x0, @loopback}, 0x10)

2.599855926s ago: executing program 2 (id=72):
r0 = syz_open_dev$sndctrl(&(0x7f0000001440), 0x0, 0x0)
ioctl$SNDRV_CTL_IOCTL_PCM_PREFER_SUBDEVICE(r0, 0x40045532, &(0x7f0000000100))
r1 = openat$audio(0xffffffffffffff9c, &(0x7f00000000c0), 0x88602, 0x0)
ioctl$SNDCTL_DSP_GETODELAY(r1, 0x80045017, 0x0)
r2 = syz_open_dev$sndpcmp(&(0x7f0000001200), 0x0, 0xa2c65)
write$snddsp(r2, &(0x7f0000000200)="a38d", 0x2)
ioctl$SNDRV_PCM_IOCTL_REWIND(r2, 0x40084146, &(0x7f00000003c0)=0x2)

2.442668474s ago: executing program 1 (id=73):
r0 = fsopen(0x0, 0x0)
fsconfig$FSCONFIG_SET_BINARY(r0, 0x2, &(0x7f0000000040)='utf8', &(0x7f0000000080)="a6c5", 0x2)

2.388914084s ago: executing program 2 (id=75):
r0 = openat$iommufd(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0)
ioctl$IOMMU_IOAS_ALLOC(r0, 0x3b81, &(0x7f0000000340)={0xc, 0x0, <r1=>0x0})
ioctl$IOMMU_TEST_OP_MOCK_DOMAIN_FLAGS(r0, 0x3ba0, &(0x7f0000000200)={0x48, 0x2, r1})
ioctl$IOMMU_IOAS_ALLOC(r0, 0x3b81, &(0x7f0000000040)={0xc})
ioctl$IOMMU_HWPT_GET_DIRTY_BITMAP(r0, 0x3b8c, &(0x7f0000000100)={0x30, 0x0, 0x1, 0x0, 0x0, 0x0, 0x1000, 0x0})

2.256140224s ago: executing program 1 (id=76):
r0 = memfd_create(&(0x7f0000000b40)='Y\xff\xff\x00\x00\x00\x00\x00K\xb2\x02\x80B\xe9\xe8\xcc\xde\x06\x00l\xa8\x1aJ\xaf\xb2M\xba\xb8_\x05U\xcd<|>\x9e\xec^\x0e\xbe\x18+-\x9b\x893\x02\x00\xa6\x1f+\xb3\xc5\x90z5\xe0\xdfi\xb7\x9f\xb4QW\xc9\xc9\x92\x03\t\x00\x00\x00\x00\x00\xb2\x0f\xee\xbe\f8\xcc\x7f\x00\x00\x00Z\x81\x00\x00\x00\x00\x18I\x13\xf1\xa2x\x04\x81R\xd45R\xae\x84\xcdN\xf7\xf6\b~\xed_M^dQ:\xbc\xafq\x88\x19nSF|;]\xe1A\x8c\x8a\x98\xd7|\xadNaC\xa6\xf9\xa7>c\x84\xd8\xfa\xf1\r\xb1\xfd\xbf!\xc7u\xccP\xdd\x13~\x89\xcf\x85\xca\xa0%\xc6\xc7\x11\x00\x00\x00\x00\x00\x00\x00?M9\\\av~\'\xd9\xb0\xacdya]8\x9d\xb7\v\xf39\xc5{\x9c!\x0f/\xb8g8\xb9\x8d\x19\xe2\xca\x01y\x83\xe7\ng\x87\xd93<u\xbe\xeag\xd2\x04e\xf2s\xde}o#\x90\xda\x9cs,r\xfd:\xcb\xc7\vTmPZH\xac\x8b\xd0\xc0\xbcRK\xcb\x1e8\xce\xbd[N\xb0\xb4<\xeb\x86[\xec\x8f\x14\xea\x82\x9e&\\\xb7!\xed\xa0\xc3,\x90m\x0f\x00\x00\x00\x00\x00\x00\xff\xd0\xb3\x94\x00\x00\x00\x00\x00\x00\x00\x9dH\xf8\xffRo\xa3W\xe1\x0f\x8eS\xaeX\x93\x7f\xd3\xb9a\xe4\xe0\xbd\xd9\xf5\xe4e\xf9\xcam\xe3\x03\xe4\xad\xd5&A\x02\xc8\xa9\xfe\xcb\x87\xd9\xd3\x84\f\xc08T~\xc4\xbd\x90?\x1f\x9c\x9b0\x19 \x9f\xd1p`\xc0/\x00u\x19\x1d\xac\xe8%\xb7\t\x9f4\xbb\x89\xe9\xc1\x81\xb0\xd6\xf7\x05\x16\xb9\xe9\xdc~\xd3-s\xe6;\x94\x1c^\x06\xdav;\xccD\x95sj\xe0\xd5\xbeS\xac\xe5N\xea\x9eyl[[\xce5\xee\x05\x9c\x96\x87\x9dp\xea?/\xcb\x9a\xaa5\'Q\fuG\x81\x8a@\x97M=v\xfe\a\xabp\xf3\x93\x9d\x7f@9\xc0\xd2\xf1#\xe7N\x89\xf8\xe8+\xa1\x82\x13\xb2\xa9\xef\xa5\xf8\x8b \x00\x9ev\x92\x0e\xd1\x1f\x17Dx[\xad\xb0\x9d/\x96\xe42mO\x9fh\xea\xf3\x14\xcd\x96\x89_)2\xe2\xd6\x81\x00b\xaf;\x92T\xafz\x94\x9fG\xfb\xfd|&k\x03\xd7;\x9ay\xee\xf9W?\xb3\xf9\xf8I.E4\xc3eWq\xfa\":$\xd0\x17Q\x94\xf5\xe5mk\x8e&\xf1;#z\xef*\xce\x99\x04\xb9\x90\xbc\xc9#-\x8di\xae\xc5\xdf\x13\xd2K\x8b\xf5\f\xb2x\xdd\xd5\xb4\xa9^~O<\x12\xe3\xc2Ru2Ht\re\xa1\xf6\xbd\xaa\xb0\x83}i\xc3P|7\xc4\xc8\xb1r0Z\x98\x87^\xc8C\x1b\x96\xb4lsyF\xc5\xbc\xffOE\xe9\xd70\xe7\xfep\x83\xa7\xa1\xd9\xe4\xba\x92\x17\xbf\xe0\xe1\x01\xb7\x8b\x18j\x19n\xc8\xff\xe9\xf4\xf4\xcf a\xd7_w\x0f\x9dF\xae\xccA-/\x83\xabU\xd5\xbf\xa4O\xb4\xed\xc8\xccH\xd1=\x81\x00\x00\x00\xc7;Lb\xce\x1a\xcc\x98\xe8\xe9e\xe0\xc2N\xe7\xd7\x1d\x92\x87F8\x9e\xd6\xdd\xdaW\xf5X\x80\xa0f\xceo\xd8\x7f\xc0\x96\bSB\xce&\x04$\xc3\xe31U\x84\x82\xf0{i\x1d\x02\x10\x86C\x01^\xcf\x93?w\x01\x84\xa0\xd6\xa2\x10\xa4\xfcG\xabD\xd6dGZ\xb2Cx\x1b\xfdD9\x17U\xf0\x16K\xf9&@\xb1[\xe2j$F1n@\xde\n%t.[\xad\xb5\f<o\xdb\xa4\x90\xc4\xd0I\xa6\x96\xa1\x00\xbb\xdd\x94\x00t/1YekG\x7f\xbdrI\x1e\x8a4=\xa2\xe9\x82<\x9e|\xf5#\x7f\xa8\x1f\x14\x82ih\xf9?\x03Q\xf5\xc4\x95\x99 \xa7v~:$\x02O\xe3\xaa\x1f\x00\xebk\'\xd2q\x10\x1e\x94n\xd7w\xb1\xc8G\x89\xf4\x8ct\xf9R\x850\b,r\xc6r\xf7=\xfe\xc1\x16\xe6\xee\xbb:-h\x03;\xe5\x04\xd8\xa9\x9a\xd3\x05(\x7f|\xadU\xafe\x87V.i4$6U,R\x9b\n{\'\xfe1\xc4\xb09\x96\x87\xc0e\xab\xe7\xa9\xb4\x1a\n\xf5\xd7zuvz\x972\xd4\xfb\x13u2\xab\x18\x01~r\xbbcW!\xec\xf7$\xc2\xbaU \x98\xb2\xe3I\xbd\x16T\xb75\xa6\a\xb7\xa1\x8d\xc9\x12\xb1\xbd\xbc\xd9c\xe9\"k\xee\x06\x83\xf4\xab\x18\x038\x8f\xc9^\x0f\xab\xea&P\b\xef#\xf6\xc3\xfc\xd4\xa0\xfd\x15N\xd3\xa0\x80\x9f\bU\xa63\xf6\xc9\xec\x01\'\t\x89(\xf9\x98B\xaf\xde*\x91\xd5k\xa1`d\xf0\x97\xc9e\xc1\"EC\x9a?x\x89\x8d\xb3\xfaF}\x82D\xf8\f\xf1`\x90D\xd1|%(\xd8\t\xea\xdfC\xce\x7fo+?v\xee\xc6bL\x1d\xbe\x84\x0e\xa7U\xc7}\xea.U`\x1b*\xcep\x8d\xa3\xec\xf7\xe0\xfe\x8c=<\xf2\x1f@\xc9\xcfw\xf3\x02\x1b\xde\xc3\x86\xe66E\xa7\x9c\xd3\xb6\xf5\xe0\x14\xb8\xd4`\x85\xe3;\x8c\xf8\xf2\xd9)\x0e\xd0\xff\xa5K\xf3\xf1\xc4\x18\xf4Z\xdci\x91\x84\xe8\xb7\x10\x90\xbc\xect\x13\xdfR\xe2\x80\xf8a\x92\xb2R\xdf0\xcdQ\xdf\x83\xbdjp,\xe8\xbb\xe6\xc6Db\xb8\xd6\xcd\x1ch3h\xcf<\x82\x97\xa5s/m\xb2\x1dd\xf7\xfc\xf5\xa9\x1d\xd34{\xcc\x1f\t,i\x16\x82\xad\x8e\xb6\x17\x0f\xaa\x85^/w\xbb~\xff\xce\x92\x90\x83\n\xe5\x14\x95\x92|\xfe-S%\x91i\xafh\x97z\x00@K\xbb\xc2\fcD\xff\xdcl\xa1\xfaR\xbc\xd4k7L\x8a\xa3Z\xf9%{\xfax\x9a\x04\'/\x90\xe6\xe2\xe9\xf1@o\x0ez\xb8\xce\xbeF\x0fkE\xf4ry\x92n\xff\xcb\xf8e\xf3j\xc5[wK\x91\xdb\xf7-r\xd3\x1bx\x9b$\x91\x03q~@\xd8R\x11\x05|\x8f\xb4\xc9\x16\x87C\xab\x96\xc4\xef\xea\xb9\r\xf5\xf3\xbe\x8a\t\xc7\x88\xc0sL;.\xcf\x1d\xc4^\xb0l\xbb\x97\xc5\xf6n\xca\x18M\xb8\x81\xff\xa9~\xf7\xa3\xa6\xd3\x15I\xecXG\x89\xa8\b\x8b\xcc\xe8\x88\xa07Z\x03\xff14\x87I\xc7\\vK<m2\x16\x03\xcd\xc1\xa8.\x7f\x16qlk\xf1\xf1y\x8c\xde\xd6|\xa1(\xf4\x12O\xca3\xf8%1\x8d\xd7\a\xfeJ\xe6\x8bc\xb3\x1bKC.\xafB\x8d\xdd\xf9\x1e\x9d\xa7\x13\x00\x14\xc7\xa1\xf3\x1e\xcb\x19\x13z`\xac\xf3\xd1x\x1b#}\xfaYR\xc5#Zoag@\x18\xfa*\xb4\xc4\x04\x03V\x87\xc5\xe7\xb5\x9bJ\x85-\x7f\xfe\xc0\xb7g\xe8\'`\x96q\x88[\xf8\xe8L\x12\x85\xf5t\x99\x0e}\xd3H\xed\xda\xf3>\xd8\x12\x8cXc5%\x03\x8d`\xdayC\x9b\x9a\xd9c\xe9\xb4\v\x99\x87\xe4\x00\x8a\x8eS\x8e\f\x05ZH\xa2\x0e\xbc\x9c\x95\b2Cf6\x9a\xe7\xb9\x86\xbe\xd0\xda\x91\xc1sl\x11PA\x93\xa5\x93\xc8\xf1w\x7fp6z\xbf\xe8[\'u\xb8\xd2$K\x12\rt\x87\x00\x00\x00\x00\x00\x04\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00r\xe2`\xdf\xd2\xb3\xaf\xe9\xc4!Z\xb4&\xa2\x12\xe2i\x91kC$A\xafR\xb3\xff\x1d=Z\x0e\xde\x99\xec\x10\xb4+\x13\'\x92>\x14\x00\a\xb6R\x8b\xdcz\xc3\xd1Y\xd6\xd9;s \xb0\x938\xb7D9\xdcN\xbd\xdbn\xe35\xa7\x02\x9c\xc1\xd9\x13?\xc9\xd7\xab\x9c\xf3\x82\xd1\xee^kk\xce\xdbn\x02\x1f\x80\t\xdbr\xa9\xcc\xf1\xcb\x9f@\x8c\xfc\x02W/p\x97\xb0\xbd\x8f\xdb|n2a\xee\x95u\x83\xca\x8a>}\xd3\xd0\xff6.pa\x17\xe3e\xd2\x7f\xf6\xbc\x9d\x112\x1b\x14<B\x91\xc0{{\x9d@\xb3a\xad\x14\xe9\xcc|\xd7\xa1\xc6\xb9F\x04\xce]\xb9Y\xbd\xbd\f\xa4F;q\xec\x83\x9bM\x93\xa4\x9c\xdd\x93\xa0\x82E\x02d\xd4RAI\xd9O\x17\xa6P#\xa35\a\xf6\xbb\t>p\xa1\xd6u\xefn\xb4\xa3\x05D\x8c\xc5l\xcc\b\xeb\xf42\xe9\xf15\xf3\xf2\xee\xd6\xed\t\xb3\xf7\x1a\x7f\xe6\xb4z\x19\xe1\xb4w\xf7\xa6\xd7\\\xfa\x96\xe2\xf9\xb1\x81\xba\xdfg\xadI\x1c\xde*_\xd5\xdf\xeeA\xcd \x91\xc9\xd4\xd1\xcd*.t\x80]\xd5~\xfb\xfb>\x9d\x91Kq]N\x87\x0f\x04L\xd4(\xf2G \xfdr~:\xc4\xc3\xfe\x14G\xadG~^l\xe0:(Y`\x0e\x90\xfa\x1c\xb6\f6\x92B\x92\xd3\xa9BG\xd2*AB\x1e\x01\xf0m+\x02\x87\x81aj;\xb6y.g\xeb\xc4\x0f\xd3\x85\xa5\x00\xa1\xa6iP\x0f\x02\x14\x90q\x94\xab\xb3\x0f\x01=\x06\x98\xa8\x87\xd9=\xce\xbef<\x1d\v\xba[\xd8]\x9e\xf30\xb8\xf1\b\x06M\x18w\xdc\x0e\x98?\x04G\xf9\x99\xab\xc1\xc0z\xe9Fu\x03\x9aj\xc0]\xb47\xd5\xb8]\x98y@\x8c\x8fM\x8c],\x1b\x03\xaa\'gv\xeb\xbf\xa8d\"\x94e3Q\xfci\xdf\xad\x819\xd1\xf3\xaa\xc8i\xf2\x8a\xc4CU3\x87Ns\x9f\x9f\xcd\x05\x06g\x9aRBg\x98\x10Ch\x1c\x96\xd3\xce', 0x7)
mmap(&(0x7f0000000000/0x400000)=nil, 0x400000, 0x2000002, 0x10012, r0, 0x0)
read(r0, &(0x7f0000000000)=""/269, 0xfffffdef)

2.201068602s ago: executing program 2 (id=77):
r0 = socket$inet6_sctp(0xa, 0x1, 0x84)
setsockopt(r0, 0x84, 0x81, &(0x7f0000000280)="1a00000002000000", 0x8)
setsockopt$inet_sctp_SCTP_SOCKOPT_BINDX_ADD(r0, 0x84, 0x64, &(0x7f0000000000)=[@in6={0xa, 0x4e23, 0x401, @empty}], 0x1c)
setsockopt$inet_sctp6_SCTP_AUTH_KEY(r0, 0x84, 0x17, &(0x7f0000000540)=ANY=[], 0xed)

2.116217856s ago: executing program 1 (id=78):
syz_kvm_setup_cpu$x86(0xffffffffffffffff, 0xffffffffffffffff, &(0x7f0000151000/0x18000)=nil, &(0x7f00000001c0)=[@text64={0x40, &(0x7f0000000080)="0f23520fc73b0f35c744240000000000c744240200000000c7442406000000000f011424f30f0966b8bd000f00d0400fc7350200000026f30fc7b6242fb92566ba210066b8a5b466ef66baa10066b8b28c66ef", 0x53}], 0x1, 0x4, 0x0, 0x0)
r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000000), 0x20042, 0x0)
r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0)
r2 = dup(r1)
ioctl$KVM_SET_USER_MEMORY_REGION(r1, 0x4020ae46, &(0x7f0000000840)={0x1fe, 0x2, 0x2000, 0x1000, &(0x7f0000003000/0x1000)=nil})
r3 = ioctl$KVM_CREATE_VCPU(r2, 0xae41, 0x2)
syz_kvm_setup_cpu$x86(0xffffffffffffffff, r3, &(0x7f0000000000/0x18000)=nil, &(0x7f0000000040)=[@text64={0x40, 0x0}], 0x1, 0x11, 0x0, 0x0)
ioctl$KVM_RUN(r3, 0xae80, 0x0)

2.026011911s ago: executing program 2 (id=79):
unshare(0x6a040000)
r0 = socket$inet6(0x10, 0x3, 0x0)
sendto$inet6(r0, &(0x7f00000000c0)="900000001c001f4d154a817393278bff0a80a578020000000104740014000100ac1414bb0542d6401051a2d708f37ac8da1a297e0099c5ac0000c5b068d0bf46d323456536016466fcb78dcaaf6c3efed495a46215be0000760700c0c80cefd28581d158ba86c9d2896c6d3bca2d0000000b0015009e49a6560641263da4de1df32c1739d7fbee9aa241731ae9e0b390", 0x90, 0x0, 0x0, 0x0)

1.862245827s ago: executing program 1 (id=80):
r0 = socket$inet6(0xa, 0x400000000001, 0x0)
bind$inet6(r0, &(0x7f0000fa0fe4)={0xa, 0x4e20, 0x0, @loopback}, 0x1c)
sendto$inet6(r0, 0x0, 0x0, 0x20000008, &(0x7f00000001c0)={0xa, 0x4e20, 0x0, @loopback}, 0x1c)
sendto$inet6(r0, &(0x7f0000000000)="8d", 0x1, 0x40, 0x0, 0x0)
recvmmsg(r0, &(0x7f000000d980)=[{{0x0, 0x0, 0x0}, 0xb}], 0x1, 0x2131, 0x0)

1.775465126s ago: executing program 1 (id=81):
r0 = socket(0x40000000015, 0x5, 0x0)
setsockopt$sock_int(r0, 0x1, 0x23, &(0x7f0000000000)=0x2, 0x4)
bind$inet(r0, &(0x7f00008a5ff0)={0x2, 0x0, @loopback}, 0x10)
recvmmsg(r0, &(0x7f00000001c0)=[{{0x0, 0x0, 0x0, 0x0, &(0x7f0000002d00)=""/96, 0x60}, 0xfff}], 0x1, 0x0, 0x0)
sendto$inet(r0, 0x0, 0x0, 0x0, &(0x7f0000000200)={0x2, 0x0, @loopback}, 0x10)

1.619354553s ago: executing program 1 (id=82):
socketpair$unix(0x1, 0x3, 0x0, &(0x7f0000000080)={<r0=>0xffffffffffffffff, <r1=>0xffffffffffffffff})
connect$unix(r0, &(0x7f000057eff8)=@abs={0x0, 0x0, 0x4e20}, 0x6e)
sendmmsg$unix(r1, &(0x7f00000bd000), 0x318, 0x0)
recvmmsg(r0, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
write$RDMA_USER_CM_CMD_CREATE_ID(r1, 0x0, 0x0)
openat$kvm(0xffffffffffffff9c, &(0x7f0000000040), 0x60140, 0x0)
r2 = socket$inet(0xa, 0x801, 0x84)
sendto$inet(r2, &(0x7f0000000080)='w', 0x34000, 0x0, &(0x7f00000000c0)={0x2, 0x0, @rand_addr=0x64010102}, 0x10)
r3 = socket$netlink(0x10, 0x3, 0x4)
writev(r3, &(0x7f0000000000)=[{&(0x7f0000000140)="480000001400190d09004beafd0d8c560a84476080ffe00600000000590000a2bc5603ca00000f7f89000000200000000101ff0000000309ff5bffff00c7e5ed5e00000000000000", 0x40b}], 0x1)
r4 = openat$tun(0xffffffffffffff9c, &(0x7f00000001c0), 0x42000, 0x0)
ioctl$TUNSETIFF(r4, 0x400454ca, &(0x7f0000000000)={'pim6reg1\x00', 0x2})
ioctl$TUNSETLINK(r4, 0x400454cd, 0x6)
r5 = socket$nl_generic(0x10, 0x3, 0x10)
syz_genetlink_get_family_id$ethtool(&(0x7f000000a780), 0xffffffffffffffff)
sendmsg$ETHTOOL_MSG_LINKSTATE_GET(r5, &(0x7f000000a8c0)={0x0, 0x0, &(0x7f000000a880)={&(0x7f0000000200)=ANY=[], 0x2c}, 0x1, 0x0, 0x0, 0x24048091}, 0x80)
ioctl$SIOCSIFHWADDR(0xffffffffffffffff, 0x8914, &(0x7f0000000140)={'pim6reg1\x00', @multicast})

1.415365322s ago: executing program 2 (id=84):
read$FUSE(0xffffffffffffffff, 0x0, 0x0)
syz_genetlink_get_family_id$nl80211(0x0, 0xffffffffffffffff)
socket$nl_generic(0x10, 0x3, 0x10)
socket$nl_generic(0x10, 0x3, 0x10)
ioctl$SNDRV_CTL_IOCTL_TLV_WRITE(0xffffffffffffffff, 0xc008551b, &(0x7f0000000540)={0x1ff})
r0 = creat(&(0x7f0000000000)='./file0\x00', 0x0)
syz_usb_connect(0x3, 0x36, &(0x7f00000000c0)=ANY=[@ANYBLOB="120100008010bd40820514009dbb0000000109022400011b00000009040000022a3e740009058bff7f0000100109050b362f"], 0x0)
syz_open_dev$midi(&(0x7f0000000000), 0x3, 0x18bf42)
close_range(r0, 0xffffffffffffffff, 0x0)

1.139637315s ago: executing program 3 (id=85):
r0 = fsopen(0x0, 0x0)
fsconfig$FSCONFIG_SET_BINARY(r0, 0x2, &(0x7f0000000040)='utf8', &(0x7f0000000080)="a6c5", 0x2)

1.014277923s ago: executing program 0 (id=86):
r0 = openat$iommufd(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0)
ioctl$IOMMU_IOAS_ALLOC(r0, 0x3b81, &(0x7f0000000340)={0xc, 0x0, <r1=>0x0})
ioctl$IOMMU_TEST_OP_MOCK_DOMAIN_FLAGS(r0, 0x3ba0, &(0x7f0000000200)={0x48, 0x2, r1})
ioctl$IOMMU_IOAS_ALLOC(r0, 0x3b81, &(0x7f0000000040)={0xc})
ioctl$IOMMU_HWPT_GET_DIRTY_BITMAP(r0, 0x3b8c, &(0x7f0000000100)={0x30, 0x0, 0x1, 0x0, 0x0, 0x0, 0x1000, 0x0})

866.032173ms ago: executing program 3 (id=87):
r0 = socket$inet6_sctp(0xa, 0x1, 0x84)
setsockopt(r0, 0x84, 0x81, &(0x7f0000000280)="1a00000002000000", 0x8)
setsockopt$inet_sctp_SCTP_SOCKOPT_BINDX_ADD(r0, 0x84, 0x64, &(0x7f0000000000)=[@in6={0xa, 0x4e23, 0x401, @empty}], 0x1c)
setsockopt$inet_sctp6_SCTP_AUTH_KEY(r0, 0x84, 0x17, &(0x7f0000000540)=ANY=[], 0xed)

831.664166ms ago: executing program 0 (id=88):
r0 = memfd_create(&(0x7f0000000b40)='Y\xff\xff\x00\x00\x00\x00\x00K\xb2\x02\x80B\xe9\xe8\xcc\xde\x06\x00l\xa8\x1aJ\xaf\xb2M\xba\xb8_\x05U\xcd<|>\x9e\xec^\x0e\xbe\x18+-\x9b\x893\x02\x00\xa6\x1f+\xb3\xc5\x90z5\xe0\xdfi\xb7\x9f\xb4QW\xc9\xc9\x92\x03\t\x00\x00\x00\x00\x00\xb2\x0f\xee\xbe\f8\xcc\x7f\x00\x00\x00Z\x81\x00\x00\x00\x00\x18I\x13\xf1\xa2x\x04\x81R\xd45R\xae\x84\xcdN\xf7\xf6\b~\xed_M^dQ:\xbc\xafq\x88\x19nSF|;]\xe1A\x8c\x8a\x98\xd7|\xadNaC\xa6\xf9\xa7>c\x84\xd8\xfa\xf1\r\xb1\xfd\xbf!\xc7u\xccP\xdd\x13~\x89\xcf\x85\xca\xa0%\xc6\xc7\x11\x00\x00\x00\x00\x00\x00\x00?M9\\\av~\'\xd9\xb0\xacdya]8\x9d\xb7\v\xf39\xc5{\x9c!\x0f/\xb8g8\xb9\x8d\x19\xe2\xca\x01y\x83\xe7\ng\x87\xd93<u\xbe\xeag\xd2\x04e\xf2s\xde}o#\x90\xda\x9cs,r\xfd:\xcb\xc7\vTmPZH\xac\x8b\xd0\xc0\xbcRK\xcb\x1e8\xce\xbd[N\xb0\xb4<\xeb\x86[\xec\x8f\x14\xea\x82\x9e&\\\xb7!\xed\xa0\xc3,\x90m\x0f\x00\x00\x00\x00\x00\x00\xff\xd0\xb3\x94\x00\x00\x00\x00\x00\x00\x00\x9dH\xf8\xffRo\xa3W\xe1\x0f\x8eS\xaeX\x93\x7f\xd3\xb9a\xe4\xe0\xbd\xd9\xf5\xe4e\xf9\xcam\xe3\x03\xe4\xad\xd5&A\x02\xc8\xa9\xfe\xcb\x87\xd9\xd3\x84\f\xc08T~\xc4\xbd\x90?\x1f\x9c\x9b0\x19 \x9f\xd1p`\xc0/\x00u\x19\x1d\xac\xe8%\xb7\t\x9f4\xbb\x89\xe9\xc1\x81\xb0\xd6\xf7\x05\x16\xb9\xe9\xdc~\xd3-s\xe6;\x94\x1c^\x06\xdav;\xccD\x95sj\xe0\xd5\xbeS\xac\xe5N\xea\x9eyl[[\xce5\xee\x05\x9c\x96\x87\x9dp\xea?/\xcb\x9a\xaa5\'Q\fuG\x81\x8a@\x97M=v\xfe\a\xabp\xf3\x93\x9d\x7f@9\xc0\xd2\xf1#\xe7N\x89\xf8\xe8+\xa1\x82\x13\xb2\xa9\xef\xa5\xf8\x8b \x00\x9ev\x92\x0e\xd1\x1f\x17Dx[\xad\xb0\x9d/\x96\xe42mO\x9fh\xea\xf3\x14\xcd\x96\x89_)2\xe2\xd6\x81\x00b\xaf;\x92T\xafz\x94\x9fG\xfb\xfd|&k\x03\xd7;\x9ay\xee\xf9W?\xb3\xf9\xf8I.E4\xc3eWq\xfa\":$\xd0\x17Q\x94\xf5\xe5mk\x8e&\xf1;#z\xef*\xce\x99\x04\xb9\x90\xbc\xc9#-\x8di\xae\xc5\xdf\x13\xd2K\x8b\xf5\f\xb2x\xdd\xd5\xb4\xa9^~O<\x12\xe3\xc2Ru2Ht\re\xa1\xf6\xbd\xaa\xb0\x83}i\xc3P|7\xc4\xc8\xb1r0Z\x98\x87^\xc8C\x1b\x96\xb4lsyF\xc5\xbc\xffOE\xe9\xd70\xe7\xfep\x83\xa7\xa1\xd9\xe4\xba\x92\x17\xbf\xe0\xe1\x01\xb7\x8b\x18j\x19n\xc8\xff\xe9\xf4\xf4\xcf a\xd7_w\x0f\x9dF\xae\xccA-/\x83\xabU\xd5\xbf\xa4O\xb4\xed\xc8\xccH\xd1=\x81\x00\x00\x00\xc7;Lb\xce\x1a\xcc\x98\xe8\xe9e\xe0\xc2N\xe7\xd7\x1d\x92\x87F8\x9e\xd6\xdd\xdaW\xf5X\x80\xa0f\xceo\xd8\x7f\xc0\x96\bSB\xce&\x04$\xc3\xe31U\x84\x82\xf0{i\x1d\x02\x10\x86C\x01^\xcf\x93?w\x01\x84\xa0\xd6\xa2\x10\xa4\xfcG\xabD\xd6dGZ\xb2Cx\x1b\xfdD9\x17U\xf0\x16K\xf9&@\xb1[\xe2j$F1n@\xde\n%t.[\xad\xb5\f<o\xdb\xa4\x90\xc4\xd0I\xa6\x96\xa1\x00\xbb\xdd\x94\x00t/1YekG\x7f\xbdrI\x1e\x8a4=\xa2\xe9\x82<\x9e|\xf5#\x7f\xa8\x1f\x14\x82ih\xf9?\x03Q\xf5\xc4\x95\x99 \xa7v~:$\x02O\xe3\xaa\x1f\x00\xebk\'\xd2q\x10\x1e\x94n\xd7w\xb1\xc8G\x89\xf4\x8ct\xf9R\x850\b,r\xc6r\xf7=\xfe\xc1\x16\xe6\xee\xbb:-h\x03;\xe5\x04\xd8\xa9\x9a\xd3\x05(\x7f|\xadU\xafe\x87V.i4$6U,R\x9b\n{\'\xfe1\xc4\xb09\x96\x87\xc0e\xab\xe7\xa9\xb4\x1a\n\xf5\xd7zuvz\x972\xd4\xfb\x13u2\xab\x18\x01~r\xbbcW!\xec\xf7$\xc2\xbaU \x98\xb2\xe3I\xbd\x16T\xb75\xa6\a\xb7\xa1\x8d\xc9\x12\xb1\xbd\xbc\xd9c\xe9\"k\xee\x06\x83\xf4\xab\x18\x038\x8f\xc9^\x0f\xab\xea&P\b\xef#\xf6\xc3\xfc\xd4\xa0\xfd\x15N\xd3\xa0\x80\x9f\bU\xa63\xf6\xc9\xec\x01\'\t\x89(\xf9\x98B\xaf\xde*\x91\xd5k\xa1`d\xf0\x97\xc9e\xc1\"EC\x9a?x\x89\x8d\xb3\xfaF}\x82D\xf8\f\xf1`\x90D\xd1|%(\xd8\t\xea\xdfC\xce\x7fo+?v\xee\xc6bL\x1d\xbe\x84\x0e\xa7U\xc7}\xea.U`\x1b*\xcep\x8d\xa3\xec\xf7\xe0\xfe\x8c=<\xf2\x1f@\xc9\xcfw\xf3\x02\x1b\xde\xc3\x86\xe66E\xa7\x9c\xd3\xb6\xf5\xe0\x14\xb8\xd4`\x85\xe3;\x8c\xf8\xf2\xd9)\x0e\xd0\xff\xa5K\xf3\xf1\xc4\x18\xf4Z\xdci\x91\x84\xe8\xb7\x10\x90\xbc\xect\x13\xdfR\xe2\x80\xf8a\x92\xb2R\xdf0\xcdQ\xdf\x83\xbdjp,\xe8\xbb\xe6\xc6Db\xb8\xd6\xcd\x1ch3h\xcf<\x82\x97\xa5s/m\xb2\x1dd\xf7\xfc\xf5\xa9\x1d\xd34{\xcc\x1f\t,i\x16\x82\xad\x8e\xb6\x17\x0f\xaa\x85^/w\xbb~\xff\xce\x92\x90\x83\n\xe5\x14\x95\x92|\xfe-S%\x91i\xafh\x97z\x00@K\xbb\xc2\fcD\xff\xdcl\xa1\xfaR\xbc\xd4k7L\x8a\xa3Z\xf9%{\xfax\x9a\x04\'/\x90\xe6\xe2\xe9\xf1@o\x0ez\xb8\xce\xbeF\x0fkE\xf4ry\x92n\xff\xcb\xf8e\xf3j\xc5[wK\x91\xdb\xf7-r\xd3\x1bx\x9b$\x91\x03q~@\xd8R\x11\x05|\x8f\xb4\xc9\x16\x87C\xab\x96\xc4\xef\xea\xb9\r\xf5\xf3\xbe\x8a\t\xc7\x88\xc0sL;.\xcf\x1d\xc4^\xb0l\xbb\x97\xc5\xf6n\xca\x18M\xb8\x81\xff\xa9~\xf7\xa3\xa6\xd3\x15I\xecXG\x89\xa8\b\x8b\xcc\xe8\x88\xa07Z\x03\xff14\x87I\xc7\\vK<m2\x16\x03\xcd\xc1\xa8.\x7f\x16qlk\xf1\xf1y\x8c\xde\xd6|\xa1(\xf4\x12O\xca3\xf8%1\x8d\xd7\a\xfeJ\xe6\x8bc\xb3\x1bKC.\xafB\x8d\xdd\xf9\x1e\x9d\xa7\x13\x00\x14\xc7\xa1\xf3\x1e\xcb\x19\x13z`\xac\xf3\xd1x\x1b#}\xfaYR\xc5#Zoag@\x18\xfa*\xb4\xc4\x04\x03V\x87\xc5\xe7\xb5\x9bJ\x85-\x7f\xfe\xc0\xb7g\xe8\'`\x96q\x88[\xf8\xe8L\x12\x85\xf5t\x99\x0e}\xd3H\xed\xda\xf3>\xd8\x12\x8cXc5%\x03\x8d`\xdayC\x9b\x9a\xd9c\xe9\xb4\v\x99\x87\xe4\x00\x8a\x8eS\x8e\f\x05ZH\xa2\x0e\xbc\x9c\x95\b2Cf6\x9a\xe7\xb9\x86\xbe\xd0\xda\x91\xc1sl\x11PA\x93\xa5\x93\xc8\xf1w\x7fp6z\xbf\xe8[\'u\xb8\xd2$K\x12\rt\x87\x00\x00\x00\x00\x00\x04\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00r\xe2`\xdf\xd2\xb3\xaf\xe9\xc4!Z\xb4&\xa2\x12\xe2i\x91kC$A\xafR\xb3\xff\x1d=Z\x0e\xde\x99\xec\x10\xb4+\x13\'\x92>\x14\x00\a\xb6R\x8b\xdcz\xc3\xd1Y\xd6\xd9;s \xb0\x938\xb7D9\xdcN\xbd\xdbn\xe35\xa7\x02\x9c\xc1\xd9\x13?\xc9\xd7\xab\x9c\xf3\x82\xd1\xee^kk\xce\xdbn\x02\x1f\x80\t\xdbr\xa9\xcc\xf1\xcb\x9f@\x8c\xfc\x02W/p\x97\xb0\xbd\x8f\xdb|n2a\xee\x95u\x83\xca\x8a>}\xd3\xd0\xff6.pa\x17\xe3e\xd2\x7f\xf6\xbc\x9d\x112\x1b\x14<B\x91\xc0{{\x9d@\xb3a\xad\x14\xe9\xcc|\xd7\xa1\xc6\xb9F\x04\xce]\xb9Y\xbd\xbd\f\xa4F;q\xec\x83\x9bM\x93\xa4\x9c\xdd\x93\xa0\x82E\x02d\xd4RAI\xd9O\x17\xa6P#\xa35\a\xf6\xbb\t>p\xa1\xd6u\xefn\xb4\xa3\x05D\x8c\xc5l\xcc\b\xeb\xf42\xe9\xf15\xf3\xf2\xee\xd6\xed\t\xb3\xf7\x1a\x7f\xe6\xb4z\x19\xe1\xb4w\xf7\xa6\xd7\\\xfa\x96\xe2\xf9\xb1\x81\xba\xdfg\xadI\x1c\xde*_\xd5\xdf\xeeA\xcd \x91\xc9\xd4\xd1\xcd*.t\x80]\xd5~\xfb\xfb>\x9d\x91Kq]N\x87\x0f\x04L\xd4(\xf2G \xfdr~:\xc4\xc3\xfe\x14G\xadG~^l\xe0:(Y`\x0e\x90\xfa\x1c\xb6\f6\x92B\x92\xd3\xa9BG\xd2*AB\x1e\x01\xf0m+\x02\x87\x81aj;\xb6y.g\xeb\xc4\x0f\xd3\x85\xa5\x00\xa1\xa6iP\x0f\x02\x14\x90q\x94\xab\xb3\x0f\x01=\x06\x98\xa8\x87\xd9=\xce\xbef<\x1d\v\xba[\xd8]\x9e\xf30\xb8\xf1\b\x06M\x18w\xdc\x0e\x98?\x04G\xf9\x99\xab\xc1\xc0z\xe9Fu\x03\x9aj\xc0]\xb47\xd5\xb8]\x98y@\x8c\x8fM\x8c],\x1b\x03\xaa\'gv\xeb\xbf\xa8d\"\x94e3Q\xfci\xdf\xad\x819\xd1\xf3\xaa\xc8i\xf2\x8a\xc4CU3\x87Ns\x9f\x9f\xcd\x05\x06g\x9aRBg\x98\x10Ch\x1c\x96\xd3\xce', 0x7)
read(r0, &(0x7f0000000000)=""/269, 0xfffffdef)

768.383789ms ago: executing program 3 (id=89):
r0 = socket$inet6(0xa, 0x400000000001, 0x0)
bind$inet6(r0, &(0x7f0000fa0fe4)={0xa, 0x4e20, 0x0, @loopback}, 0x1c)
sendto$inet6(r0, 0x0, 0x0, 0x20000008, &(0x7f00000001c0)={0xa, 0x4e20, 0x0, @loopback}, 0x1c)
sendto$inet6(r0, &(0x7f0000000000)="8d", 0x1, 0x40, 0x0, 0x0)
recvmmsg(r0, &(0x7f000000d980)=[{{0x0, 0x0, 0x0}, 0xb}], 0x1, 0x2131, 0x0)

469.907303ms ago: executing program 0 (id=90):
r0 = socket(0x40000000015, 0x5, 0x0)
setsockopt$sock_int(r0, 0x1, 0x23, &(0x7f0000000000)=0x2, 0x4)
bind$inet(r0, &(0x7f00008a5ff0)={0x2, 0x0, @loopback}, 0x10)
recvmmsg(r0, &(0x7f00000001c0)=[{{0x0, 0x0, 0x0, 0x0, &(0x7f0000002d00)=""/96, 0x60}, 0xfff}], 0x1, 0x0, 0x0)
sendto$inet(r0, 0x0, 0x0, 0x0, &(0x7f0000000200)={0x2, 0x0, @loopback}, 0x10)

469.660993ms ago: executing program 3 (id=91):
syz_kvm_setup_cpu$x86(0xffffffffffffffff, 0xffffffffffffffff, &(0x7f0000151000/0x18000)=nil, &(0x7f00000001c0)=[@text64={0x40, &(0x7f0000000080)="0f23520fc73b0f35c744240000000000c744240200000000c7442406000000000f011424f30f0966b8bd000f00d0400fc7350200000026f30fc7b6242fb92566ba210066b8a5b466ef66baa10066b8b28c66ef", 0x53}], 0x1, 0x4, 0x0, 0x0)
r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000000), 0x20042, 0x0)
r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0)
r2 = dup(r1)
ioctl$KVM_SET_USER_MEMORY_REGION(r1, 0x4020ae46, &(0x7f0000000840)={0x1fe, 0x2, 0x2000, 0x1000, &(0x7f0000003000/0x1000)=nil})
r3 = ioctl$KVM_CREATE_VCPU(r2, 0xae41, 0x2)
syz_kvm_setup_cpu$x86(0xffffffffffffffff, r3, &(0x7f0000000000/0x18000)=nil, &(0x7f0000000040)=[@text64={0x40, 0x0}], 0x1, 0x11, 0x0, 0x0)
ioctl$KVM_RUN(r3, 0xae80, 0x0)

215.328441ms ago: executing program 0 (id=92):
unshare(0x6a040000)
r0 = socket$inet6(0x10, 0x3, 0x0)
sendto$inet6(r0, &(0x7f00000000c0)="900000001c001f4d154a817393278bff0a80a578020000000104740014000100ac1414bb0542d6401051a2d708f37ac8da1a297e0099c5ac0000c5b068d0bf46d323456536016466fcb78dcaaf6c3efed495a46215be0000760700c0c80cefd28581d158ba86c9d2896c6d3bca2d0000000b0015009e49a6560641263da4de1df32c1739d7fbee9aa241731ae9e0b390", 0x90, 0x0, 0x0, 0x0)

191.303716ms ago: executing program 3 (id=93):
r0 = syz_open_dev$sndctrl(&(0x7f0000001440), 0x0, 0x0)
ioctl$SNDRV_CTL_IOCTL_PCM_PREFER_SUBDEVICE(r0, 0x40045532, &(0x7f0000000100))
r1 = openat$audio(0xffffffffffffff9c, &(0x7f00000000c0), 0x88602, 0x0)
ioctl$SNDCTL_DSP_GETODELAY(r1, 0x80045017, 0x0)
r2 = syz_open_dev$sndpcmp(&(0x7f0000001200), 0x0, 0xa2c65)
write$snddsp(r2, &(0x7f0000000200)="a38d", 0x2)
ioctl$SNDRV_PCM_IOCTL_REWIND(r2, 0x40084146, &(0x7f00000003c0)=0x2)

0s ago: executing program 3 (id=94):
r0 = socket$inet6_tcp(0xa, 0x1, 0x0)
getsockopt$IP_VS_SO_GET_DAEMON(r0, 0x0, 0x487, &(0x7f0000000140), &(0x7f00000001c0)=0x30)
lseek(0xffffffffffffffff, 0x5, 0x4)
r1 = socket$packet(0x11, 0x3, 0x300)
ioctl$sock_SIOCGIFINDEX(r1, 0x8933, &(0x7f0000000180)={'bond0\x00'})
r2 = openat$binfmt_format(0xffffff9c, &(0x7f0000000040)='/proc/sys/fs/binfmt_misc/syz0\x00', 0x2, 0x0)
write$binfmt_format(r2, &(0x7f0000000100)='-1\x00', 0x2)
close_range(r2, 0xffffffffffffffff, 0x0)

kernel console output (not intermixed with test programs):

Warning: Permanently added '10.128.0.64' (ED25519) to the list of known hosts.
[   82.097975][ T5823] cgroup: Unknown subsys name 'net'
[   82.252747][ T5823] cgroup: Unknown subsys name 'cpuset'
[   82.262495][ T5823] cgroup: Unknown subsys name 'rlimit'
Setting up swapspace version 1, size = 127995904 bytes
[   83.954582][ T5823] Adding 124996k swap on ./swap-file.  Priority:0 extents:1 across:124996k 
[   86.565657][ T5839] Bluetooth: hci0: unexpected cc 0x0c03 length: 249 > 1
[   86.574096][ T5839] Bluetooth: hci0: unexpected cc 0x1003 length: 249 > 9
[   86.582723][ T5839] Bluetooth: hci0: unexpected cc 0x1001 length: 249 > 9
[   86.591074][ T5839] Bluetooth: hci0: unexpected cc 0x0c23 length: 249 > 4
[   86.599031][ T5839] Bluetooth: hci0: unexpected cc 0x0c38 length: 249 > 2
[   86.622587][ T5843] Bluetooth: hci1: unexpected cc 0x0c03 length: 249 > 1
[   86.633617][ T5155] Bluetooth: hci3: unexpected cc 0x0c03 length: 249 > 1
[   86.642760][ T5155] Bluetooth: hci3: unexpected cc 0x1003 length: 249 > 9
[   86.642854][ T5842] Bluetooth: hci2: unexpected cc 0x0c03 length: 249 > 1
[   86.650995][ T5155] Bluetooth: hci3: unexpected cc 0x1001 length: 249 > 9
[   86.658941][ T5842] Bluetooth: hci1: unexpected cc 0x1003 length: 249 > 9
[   86.667450][ T5155] Bluetooth: hci3: unexpected cc 0x0c23 length: 249 > 4
[   86.672748][ T5842] Bluetooth: hci1: unexpected cc 0x1001 length: 249 > 9
[   86.679786][ T5155] Bluetooth: hci3: unexpected cc 0x0c38 length: 249 > 2
[   86.687507][ T5842] Bluetooth: hci2: unexpected cc 0x1003 length: 249 > 9
[   86.700843][ T5839] Bluetooth: hci1: unexpected cc 0x0c23 length: 249 > 4
[   86.701079][ T5842] Bluetooth: hci2: unexpected cc 0x1001 length: 249 > 9
[   86.715935][ T5842] Bluetooth: hci1: unexpected cc 0x0c38 length: 249 > 2
[   86.721070][ T5155] Bluetooth: hci2: unexpected cc 0x0c23 length: 249 > 4
[   86.732882][ T5842] Bluetooth: hci2: unexpected cc 0x0c38 length: 249 > 2
[   87.271483][ T5835] chnl_net:caif_netlink_parms(): no params data found
[   87.322427][ T5832] chnl_net:caif_netlink_parms(): no params data found
[   87.438563][ T5844] chnl_net:caif_netlink_parms(): no params data found
[   87.568120][ T5835] bridge0: port 1(bridge_slave_0) entered blocking state
[   87.575472][ T5835] bridge0: port 1(bridge_slave_0) entered disabled state
[   87.584214][ T5835] bridge_slave_0: entered allmulticast mode
[   87.591818][ T5835] bridge_slave_0: entered promiscuous mode
[   87.602344][ T5840] chnl_net:caif_netlink_parms(): no params data found
[   87.644371][ T5835] bridge0: port 2(bridge_slave_1) entered blocking state
[   87.652940][ T5835] bridge0: port 2(bridge_slave_1) entered disabled state
[   87.660784][ T5835] bridge_slave_1: entered allmulticast mode
[   87.668053][ T5835] bridge_slave_1: entered promiscuous mode
[   87.688443][ T5832] bridge0: port 1(bridge_slave_0) entered blocking state
[   87.696063][ T5832] bridge0: port 1(bridge_slave_0) entered disabled state
[   87.703715][ T5832] bridge_slave_0: entered allmulticast mode
[   87.711034][ T5832] bridge_slave_0: entered promiscuous mode
[   87.770452][ T5832] bridge0: port 2(bridge_slave_1) entered blocking state
[   87.778096][ T5832] bridge0: port 2(bridge_slave_1) entered disabled state
[   87.786142][ T5832] bridge_slave_1: entered allmulticast mode
[   87.793468][ T5832] bridge_slave_1: entered promiscuous mode
[   87.842413][ T5844] bridge0: port 1(bridge_slave_0) entered blocking state
[   87.849717][ T5844] bridge0: port 1(bridge_slave_0) entered disabled state
[   87.857274][ T5844] bridge_slave_0: entered allmulticast mode
[   87.865711][ T5844] bridge_slave_0: entered promiscuous mode
[   87.890386][ T5835] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link
[   87.905903][ T5844] bridge0: port 2(bridge_slave_1) entered blocking state
[   87.914088][ T5844] bridge0: port 2(bridge_slave_1) entered disabled state
[   87.921669][ T5844] bridge_slave_1: entered allmulticast mode
[   87.929762][ T5844] bridge_slave_1: entered promiscuous mode
[   87.940072][ T5832] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link
[   87.952296][ T5835] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link
[   88.031225][ T5832] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link
[   88.085899][ T5844] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link
[   88.125396][ T5835] team0: Port device team_slave_0 added
[   88.131688][ T5840] bridge0: port 1(bridge_slave_0) entered blocking state
[   88.139669][ T5840] bridge0: port 1(bridge_slave_0) entered disabled state
[   88.146959][ T5840] bridge_slave_0: entered allmulticast mode
[   88.154453][ T5840] bridge_slave_0: entered promiscuous mode
[   88.164474][ T5844] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link
[   88.190025][ T5832] team0: Port device team_slave_0 added
[   88.197707][ T5835] team0: Port device team_slave_1 added
[   88.204283][ T5840] bridge0: port 2(bridge_slave_1) entered blocking state
[   88.214176][ T5840] bridge0: port 2(bridge_slave_1) entered disabled state
[   88.221715][ T5840] bridge_slave_1: entered allmulticast mode
[   88.229854][ T5840] bridge_slave_1: entered promiscuous mode
[   88.264101][ T5832] team0: Port device team_slave_1 added
[   88.317648][ T5844] team0: Port device team_slave_0 added
[   88.337306][ T5835] batman_adv: batadv0: Adding interface: batadv_slave_0
[   88.344384][ T5835] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[   88.372268][ T5835] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active
[   88.385981][ T5835] batman_adv: batadv0: Adding interface: batadv_slave_1
[   88.393462][ T5835] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[   88.420462][ T5835] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active
[   88.434896][ T5840] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link
[   88.450012][ T5840] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link
[   88.461882][ T5844] team0: Port device team_slave_1 added
[   88.531250][ T5832] batman_adv: batadv0: Adding interface: batadv_slave_0
[   88.538251][ T5832] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[   88.564477][ T5832] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active
[   88.577310][ T5832] batman_adv: batadv0: Adding interface: batadv_slave_1
[   88.584430][ T5832] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[   88.611407][ T5832] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active
[   88.636751][ T5840] team0: Port device team_slave_0 added
[   88.663230][ T5844] batman_adv: batadv0: Adding interface: batadv_slave_0
[   88.670467][ T5844] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[   88.697936][ T5842] Bluetooth: hci0: command tx timeout
[   88.704153][ T5844] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active
[   88.716994][ T5840] team0: Port device team_slave_1 added
[   88.759078][ T5836] Bluetooth: hci3: command tx timeout
[   88.759865][ T5835] hsr_slave_0: entered promiscuous mode
[   88.765105][ T5842] Bluetooth: hci2: command tx timeout
[   88.772743][ T5835] hsr_slave_1: entered promiscuous mode
[   88.778828][ T5836] Bluetooth: hci1: command tx timeout
[   88.785559][ T5844] batman_adv: batadv0: Adding interface: batadv_slave_1
[   88.795061][ T5844] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[   88.821273][ T5844] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active
[   88.867864][ T5840] batman_adv: batadv0: Adding interface: batadv_slave_0
[   88.875298][ T5840] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[   88.901500][ T5840] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active
[   88.934113][ T5832] hsr_slave_0: entered promiscuous mode
[   88.940985][ T5832] hsr_slave_1: entered promiscuous mode
[   88.947214][ T5832] debugfs: 'hsr0' already exists in 'hsr'
[   88.953162][ T5832] Cannot create hsr debugfs directory
[   88.960562][ T5840] batman_adv: batadv0: Adding interface: batadv_slave_1
[   88.967546][ T5840] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[   88.993707][ T5840] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active
[   89.124972][ T5844] hsr_slave_0: entered promiscuous mode
[   89.131851][ T5844] hsr_slave_1: entered promiscuous mode
[   89.137976][ T5844] debugfs: 'hsr0' already exists in 'hsr'
[   89.144399][ T5844] Cannot create hsr debugfs directory
[   89.223607][ T5840] hsr_slave_0: entered promiscuous mode
[   89.230190][ T5840] hsr_slave_1: entered promiscuous mode
[   89.236301][ T5840] debugfs: 'hsr0' already exists in 'hsr'
[   89.242305][ T5840] Cannot create hsr debugfs directory
[   89.631257][ T5835] netdevsim netdevsim0 netdevsim0: renamed from eth0
[   89.658428][ T5835] netdevsim netdevsim0 netdevsim1: renamed from eth1
[   89.680002][ T5835] netdevsim netdevsim0 netdevsim2: renamed from eth2
[   89.701790][ T5835] netdevsim netdevsim0 netdevsim3: renamed from eth3
[   89.750215][ T5832] netdevsim netdevsim1 netdevsim0: renamed from eth0
[   89.766574][ T5832] netdevsim netdevsim1 netdevsim1: renamed from eth1
[   89.779820][ T5832] netdevsim netdevsim1 netdevsim2: renamed from eth2
[   89.803401][ T5832] netdevsim netdevsim1 netdevsim3: renamed from eth3
[   89.867285][ T5844] netdevsim netdevsim2 netdevsim0: renamed from eth0
[   89.904386][ T5844] netdevsim netdevsim2 netdevsim1: renamed from eth1
[   89.933856][ T5844] netdevsim netdevsim2 netdevsim2: renamed from eth2
[   89.966773][ T5844] netdevsim netdevsim2 netdevsim3: renamed from eth3
[   90.016709][ T5840] netdevsim netdevsim3 netdevsim0: renamed from eth0
[   90.041871][ T5840] netdevsim netdevsim3 netdevsim1: renamed from eth1
[   90.061256][ T5840] netdevsim netdevsim3 netdevsim2: renamed from eth2
[   90.075662][ T5840] netdevsim netdevsim3 netdevsim3: renamed from eth3
[   90.171774][ T5835] 8021q: adding VLAN 0 to HW filter on device bond0
[   90.210539][ T5835] 8021q: adding VLAN 0 to HW filter on device team0
[   90.256335][ T5832] 8021q: adding VLAN 0 to HW filter on device bond0
[   90.268147][   T36] bridge0: port 1(bridge_slave_0) entered blocking state
[   90.275445][   T36] bridge0: port 1(bridge_slave_0) entered forwarding state
[   90.287170][   T36] bridge0: port 2(bridge_slave_1) entered blocking state
[   90.294333][   T36] bridge0: port 2(bridge_slave_1) entered forwarding state
[   90.333147][ T5844] 8021q: adding VLAN 0 to HW filter on device bond0
[   90.398308][ T5832] 8021q: adding VLAN 0 to HW filter on device team0
[   90.441954][ T1342] bridge0: port 1(bridge_slave_0) entered blocking state
[   90.449193][ T1342] bridge0: port 1(bridge_slave_0) entered forwarding state
[   90.481947][ T5840] 8021q: adding VLAN 0 to HW filter on device bond0
[   90.494212][ T5844] 8021q: adding VLAN 0 to HW filter on device team0
[   90.512404][   T12] bridge0: port 2(bridge_slave_1) entered blocking state
[   90.519781][   T12] bridge0: port 2(bridge_slave_1) entered forwarding state
[   90.573935][ T5840] 8021q: adding VLAN 0 to HW filter on device team0
[   90.596955][ T1147] bridge0: port 1(bridge_slave_0) entered blocking state
[   90.604310][ T1147] bridge0: port 1(bridge_slave_0) entered forwarding state
[   90.618226][ T1147] bridge0: port 2(bridge_slave_1) entered blocking state
[   90.625978][ T1147] bridge0: port 2(bridge_slave_1) entered forwarding state
[   90.655600][ T1147] bridge0: port 1(bridge_slave_0) entered blocking state
[   90.662994][ T1147] bridge0: port 1(bridge_slave_0) entered forwarding state
[   90.708050][ T1342] bridge0: port 2(bridge_slave_1) entered blocking state
[   90.715230][ T1342] bridge0: port 2(bridge_slave_1) entered forwarding state
[   90.759924][ T5842] Bluetooth: hci0: command tx timeout
[   90.782660][ T5844] hsr0: Slave A (hsr_slave_0) is not up; please bring it up to get a fully working HSR network
[   90.793552][ T5844] hsr0: Slave B (hsr_slave_1) is not up; please bring it up to get a fully working HSR network
[   90.840581][ T5842] Bluetooth: hci2: command tx timeout
[   90.846120][ T5155] Bluetooth: hci3: command tx timeout
[   90.858942][ T5836] Bluetooth: hci1: command tx timeout
[   90.897746][ T5835] 8021q: adding VLAN 0 to HW filter on device batadv0
[   91.110653][ T5835] veth0_vlan: entered promiscuous mode
[   91.126893][ T5835] veth1_vlan: entered promiscuous mode
[   91.202070][ T5835] veth0_macvtap: entered promiscuous mode
[   91.233379][ T5835] veth1_macvtap: entered promiscuous mode
[   91.295622][ T5835] batman_adv: batadv0: Interface activated: batadv_slave_0
[   91.315609][ T5832] 8021q: adding VLAN 0 to HW filter on device batadv0
[   91.334716][ T5835] batman_adv: batadv0: Interface activated: batadv_slave_1
[   91.357845][ T5844] 8021q: adding VLAN 0 to HW filter on device batadv0
[   91.382071][   T49] netdevsim netdevsim0 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0
[   91.416905][   T49] netdevsim netdevsim0 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0
[   91.447296][   T49] netdevsim netdevsim0 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0
[   91.457751][   T49] netdevsim netdevsim0 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0
[   91.592178][ T5844] veth0_vlan: entered promiscuous mode
[   91.603257][ T5840] 8021q: adding VLAN 0 to HW filter on device batadv0
[   91.651175][   T49] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[   91.666908][ T5844] veth1_vlan: entered promiscuous mode
[   91.674864][   T49] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50
[   91.679948][ T5832] veth0_vlan: entered promiscuous mode
[   91.734701][ T5832] veth1_vlan: entered promiscuous mode
[   91.770633][   T49] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[   91.778558][   T49] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50
[   91.784033][ T5844] veth0_macvtap: entered promiscuous mode
[   91.807719][ T5844] veth1_macvtap: entered promiscuous mode
[   91.868468][ T5844] batman_adv: batadv0: Interface activated: batadv_slave_0
[   91.896318][ T5840] veth0_vlan: entered promiscuous mode
[   91.907746][ T5844] batman_adv: batadv0: Interface activated: batadv_slave_1
[   91.915636][ T5835] soft_limit_in_bytes is deprecated and will be removed. Please report your usecase to linux-mm@kvack.org if you depend on this functionality.
[   91.946171][ T5840] veth1_vlan: entered promiscuous mode
[   91.968087][   T49] netdevsim netdevsim2 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0
[   91.994104][ T5832] veth0_macvtap: entered promiscuous mode
[   92.008609][ T5832] veth1_macvtap: entered promiscuous mode
[   92.030326][   T49] netdevsim netdevsim2 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0
[   92.056076][   T49] netdevsim netdevsim2 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0
[   92.065122][   T49] netdevsim netdevsim2 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0
[   92.261390][ T5840] veth0_macvtap: entered promiscuous mode
[   92.271620][ T5832] batman_adv: batadv0: Interface activated: batadv_slave_0
[   92.294405][ T5832] batman_adv: batadv0: Interface activated: batadv_slave_1
[   92.374848][ T5840] veth1_macvtap: entered promiscuous mode
[   92.401940][   T70] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[   92.429086][   T70] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50
[   92.559120][   T49] netdevsim netdevsim1 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0
[   92.567941][   T49] netdevsim netdevsim1 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0
[   92.642281][   T49] netdevsim netdevsim1 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0
[   92.659152][   T49] netdevsim netdevsim1 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0
[   92.833249][ T5840] batman_adv: batadv0: Interface activated: batadv_slave_0
[   92.853516][   T36] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[   92.857760][ T5836] Bluetooth: hci0: command tx timeout
[   92.867006][   T36] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50
[   92.919764][ T5836] Bluetooth: hci1: command tx timeout
[   92.925252][ T5836] Bluetooth: hci2: command tx timeout
[   92.932721][ T5842] Bluetooth: hci3: command tx timeout
[   92.949751][ T5840] batman_adv: batadv0: Interface activated: batadv_slave_1
[   92.979362][    T0] NOHZ tick-stop error: local softirq work is pending, handler #200!!!
[   93.013664][   T12] netdevsim netdevsim3 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0
[   93.023514][   T12] netdevsim netdevsim3 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0
[   93.033293][   T12] netdevsim netdevsim3 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0
[   93.043128][   T12] netdevsim netdevsim3 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0
[   93.266065][ T1147] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[   93.351744][ T5935] kvm_intel: L1TF CPU bug present and SMT on, data leak possible. See CVE-2018-3646 and https://www.kernel.org/doc/html/latest/admin-guide/hw-vuln/l1tf.html for details.
[   93.355331][ T1147] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50
[   93.634628][    T0] NOHZ tick-stop error: local softirq work is pending, handler #40!!!
[   93.643582][    T0] NOHZ tick-stop error: local softirq work is pending, handler #40!!!
[   93.853294][   T49] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[   93.867713][   T70] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[   93.887311][   T49] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50
[   93.893996][   T70] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50
[   94.061859][   T36] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[   94.113682][   T36] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50
[   94.234370][ T5887] usb 3-1: new high-speed USB device number 2 using dummy_hcd
[   94.408903][ T5924] usb 2-1: new high-speed USB device number 2 using dummy_hcd
[   94.422665][ T5887] usb 3-1: Using ep0 maxpacket: 16
[   94.443701][ T5887] usb 3-1: config 0 has an invalid interface number: 148 but max is 0
[   94.465946][ T5887] usb 3-1: config 0 has no interface number 0
[   94.489071][ T5874] usb 1-1: new high-speed USB device number 2 using dummy_hcd
[   94.496868][ T5887] usb 3-1: New USB device found, idVendor=0499, idProduct=8206, bcdDevice=f4.55
[   94.535612][ T5959] iommufd_mock iommufd_mock0: Adding to iommu group 0
[   94.549861][ T5887] usb 3-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[   94.575783][ T5946] could not allocate digest TFM handle cryptd(blake2b-160)
[   94.592994][ T5887] usb 3-1: config 0 descriptor??
[   94.611275][ T5924] usb 2-1: config 27 has an invalid descriptor of length 0, skipping remainder of the config
[   94.621889][ T5924] usb 2-1: config 27 interface 0 altsetting 0 endpoint 0x8B has an invalid bInterval 0, changing to 7
[   94.637766][ T5924] usb 2-1: config 27 interface 0 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 2
[   94.655401][ T5924] usb 2-1: New USB device found, idVendor=0582, idProduct=0014, bcdDevice=bb.9d
[   94.688054][ T5874] usb 1-1: config 1 has too many interfaces: 66, using maximum allowed: 32
[   94.697546][ T5874] usb 1-1: config 1 has an invalid descriptor of length 55, skipping remainder of the config
[   94.716997][ T5924] usb 2-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[   94.732650][ T5874] usb 1-1: config 1 has 1 interface, different from the descriptor's value: 66
[   94.744879][ T5874] usb 1-1: config 1 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 52, changing to 9
[   94.759626][ T5874] usb 1-1: config 1 interface 0 altsetting 0 endpoint 0x81 has invalid maxpacket 8241, setting to 1024
[   94.777571][ T5924] usb 2-1: Quirk or no altset; falling back to MIDI 1.0
[   94.785920][ T5924] usb 2-1: invalid MIDI out EP 0
[   94.794016][ T5874] usb 1-1: New USB device found, idVendor=7d25, idProduct=a415, bcdDevice= 0.40
[   94.821362][ T5874] usb 1-1: New USB device strings: Mfr=1, Product=4, SerialNumber=0
[   94.832986][ T5874] usb 1-1: Product: syz
[   94.848762][ T5874] usb 1-1: Manufacturer: syz
[   94.874240][ T5874] cdc_wdm 1-1:1.0: skipping garbage
[   94.899309][ T5874] cdc_wdm 1-1:1.0: skipping garbage
[   94.919316][ T5842] Bluetooth: hci0: command tx timeout
[   94.923324][ T5874] cdc_wdm 1-1:1.0: cdc-wdm0: USB WDM device
[   94.931861][ T5874] cdc_wdm 1-1:1.0: Unknown control protocol
[   94.951921][ T5939] netlink: 96 bytes leftover after parsing attributes in process `syz.2.6'.
[   94.970985][ T5888] usb 3-1: USB disconnect, device number 2
[   95.000060][ T5842] Bluetooth: hci1: command tx timeout
[   95.006170][ T5836] Bluetooth: hci2: command tx timeout
[   95.012295][ T5155] Bluetooth: hci3: command tx timeout
[   95.181759][ T5924] snd-usb-audio 2-1:27.0: probe with driver snd-usb-audio failed with error -22
[   95.232532][    C1] cdc_wdm 1-1:1.0: nonzero urb status received: -71
[   95.239407][    C1] cdc_wdm 1-1:1.0: wdm_int_callback - 0 bytes
[   95.246773][    C1] cdc_wdm 1-1:1.0: nonzero urb status received: -71
[   95.253424][    C1] cdc_wdm 1-1:1.0: wdm_int_callback - 0 bytes
[   95.259916][    C1] cdc_wdm 1-1:1.0: nonzero urb status received: -71
[   95.266553][    C1] cdc_wdm 1-1:1.0: wdm_int_callback - 0 bytes
[   95.273388][    C1] cdc_wdm 1-1:1.0: nonzero urb status received: -71
[   95.280031][    C1] cdc_wdm 1-1:1.0: wdm_int_callback - 0 bytes
[   95.287145][    C1] cdc_wdm 1-1:1.0: nonzero urb status received: -71
[   95.293797][    C1] cdc_wdm 1-1:1.0: wdm_int_callback - 0 bytes
[   95.300505][    C1] cdc_wdm 1-1:1.0: nonzero urb status received: -71
[   95.307325][    C1] cdc_wdm 1-1:1.0: wdm_int_callback - 0 bytes
[   95.313725][    C1] cdc_wdm 1-1:1.0: nonzero urb status received: -71
[   95.320619][    C1] cdc_wdm 1-1:1.0: wdm_int_callback - 0 bytes
[   95.328264][    C1] cdc_wdm 1-1:1.0: nonzero urb status received: -71
[   95.334926][    C1] cdc_wdm 1-1:1.0: wdm_int_callback - 0 bytes
[   95.341236][    C1] cdc_wdm 1-1:1.0: nonzero urb status received: -71
[   95.347876][    C1] cdc_wdm 1-1:1.0: wdm_int_callback - 0 bytes
[   95.354176][    C1] cdc_wdm 1-1:1.0: nonzero urb status received: -71
[   95.360842][    C1] cdc_wdm 1-1:1.0: wdm_int_callback - 0 bytes
[   95.392703][ T5925] usb 1-1: USB disconnect, device number 2
[   95.398664][    C1] cdc_wdm 1-1:1.0: wdm_int_callback - usb_submit_urb failed with result -19
[   95.419040][ T5924] usb 2-1: USB disconnect, device number 2
[   95.801087][   T43] usb 4-1: new high-speed USB device number 2 using dummy_hcd
[   95.981396][   T43] usb 4-1: config 27 interface 0 altsetting 0 endpoint 0x8B has an invalid bInterval 0, changing to 7
[   96.018812][   T43] usb 4-1: config 27 interface 0 altsetting 0 bulk endpoint 0xB has invalid maxpacket 47
[   96.055281][   T43] usb 4-1: New USB device found, idVendor=0582, idProduct=0014, bcdDevice=bb.9d
[   96.090863][   T43] usb 4-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[   96.143668][ T5963] raw-gadget.0 gadget.3: fail, usb_ep_enable returned -22
[   96.177001][   T43] usb 4-1: Quirk or no altset; falling back to MIDI 1.0
[   96.428839][ T5924] usb 3-1: new high-speed USB device number 3 using dummy_hcd
[   96.455269][ T5889] usb 4-1: USB disconnect, device number 2
[   96.588831][ T5924] usb 3-1: Using ep0 maxpacket: 16
[   96.601507][ T5924] usb 3-1: config 0 has an invalid interface number: 190 but max is 1
[   96.612049][ T5924] usb 3-1: config 0 has an invalid descriptor of length 36, skipping remainder of the config
[   96.625645][ T5924] usb 3-1: config 0 has no interface number 1
[   96.633325][ T5924] usb 3-1: config 0 interface 0 altsetting 5 has 0 endpoint descriptors, different from the interface descriptor's value: 1
[   96.655848][ T5924] usb 3-1: config 0 interface 0 has no altsetting 0
[   96.667204][ T5924] usb 3-1: New USB device found, idVendor=0499, idProduct=150a, bcdDevice=f6.7f
[   96.678454][ T5924] usb 3-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[   96.693554][ T5924] usb 3-1: Product: syz
[   96.697926][ T5924] usb 3-1: Manufacturer: syz
[   96.702708][ T5924] usb 3-1: SerialNumber: syz
[   96.716947][ T5924] usb 3-1: config 0 descriptor??
[   96.728808][ T5896] usb 1-1: new full-speed USB device number 3 using dummy_hcd
[   96.894503][ T5896] usb 1-1: config 0 has no interfaces?
[   96.900560][ T5896] usb 1-1: New USB device found, idVendor=ee8d, idProduct=db1a, bcdDevice=61.23
[   96.931767][ T5896] usb 1-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[   96.944202][ T5896] usb 1-1: config 0 descriptor??
[   97.044657][ T5967] Zero length message leads to an empty skb
[   97.097706][ T5924] usb 3-1: USB disconnect, device number 3
[   97.170297][ T5849] udevd[5849]: error opening ATTR{/sys/devices/platform/dummy_hcd.2/usb3/3-1/3-1:0.190/sound/card3/controlC3/../uevent} for writing: No such file or directory
[   97.193859][    T9] usb 1-1: USB disconnect, device number 3
[   97.290840][ T5977] netlink: 'syz.3.13': attribute type 10 has an invalid length.
[   97.337762][   T24] cfg80211: failed to load regulatory.db
[   97.371643][ T5977] bond0: (slave wlan1): Enslaving as an active interface with an up link
[   97.646927][ T5986] pim6reg1: entered promiscuous mode
[   97.652369][ T5986] pim6reg1: entered allmulticast mode
[   98.409197][    T0] NOHZ tick-stop error: local softirq work is pending, handler #200!!!
[   98.679223][    T0] NOHZ tick-stop error: local softirq work is pending, handler #200!!!
[   98.755067][    T0] NOHZ tick-stop error: local softirq work is pending, handler #40!!!
[   99.268821][ T5924] usb 1-1: new high-speed USB device number 4 using dummy_hcd
[   99.329061][    T0] NOHZ tick-stop error: local softirq work is pending, handler #200!!!
[   99.459449][ T5924] usb 1-1: Using ep0 maxpacket: 16
[   99.508097][ T5924] usb 1-1: config 0 has an invalid interface number: 148 but max is 0
[   99.553530][ T5924] usb 1-1: config 0 has no interface number 0
[   99.555906][ T6018] netlink: 'syz.2.26': attribute type 10 has an invalid length.
[   99.579575][ T5924] usb 1-1: New USB device found, idVendor=0499, idProduct=8206, bcdDevice=f4.55
[   99.601060][ T5924] usb 1-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[   99.641870][ T5924] usb 1-1: config 0 descriptor??
[   99.729241][ T6018] bond0: (slave wlan1): Enslaving as an active interface with an up link
[   99.852637][ T5889] usb 2-1: new full-speed USB device number 3 using dummy_hcd
[  100.015659][ T6010] netlink: 96 bytes leftover after parsing attributes in process `syz.0.24'.
[  100.034793][ T5896] usb 1-1: USB disconnect, device number 4
[  100.065501][ T5889] usb 2-1: config 0 has no interfaces?
[  100.078980][ T5889] usb 2-1: New USB device found, idVendor=ee8d, idProduct=db1a, bcdDevice=61.23
[  100.095058][ T5889] usb 2-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  100.123986][ T5889] usb 2-1: config 0 descriptor??
[  100.348056][ T5889] usb 2-1: USB disconnect, device number 3
[  100.570106][ T5896] usb 4-1: new high-speed USB device number 3 using dummy_hcd
[  100.753748][ T5896] usb 4-1: Using ep0 maxpacket: 16
[  100.773524][ T5896] usb 4-1: config 0 has an invalid interface number: 190 but max is 1
[  100.789417][ T5896] usb 4-1: config 0 has an invalid descriptor of length 36, skipping remainder of the config
[  100.804768][ T5896] usb 4-1: config 0 has no interface number 1
[  100.812828][ T5896] usb 4-1: config 0 interface 0 altsetting 5 has 0 endpoint descriptors, different from the interface descriptor's value: 1
[  100.830559][ T5896] usb 4-1: config 0 interface 0 has no altsetting 0
[  100.841669][ T5896] usb 4-1: New USB device found, idVendor=0499, idProduct=150a, bcdDevice=f6.7f
[  100.853737][ T5896] usb 4-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  100.860642][ T6035] could not allocate digest TFM handle cryptd(blake2b-160)
[  100.869129][ T5896] usb 4-1: Product: syz
[  100.869172][ T5896] usb 4-1: Manufacturer: syz
[  100.869189][ T5896] usb 4-1: SerialNumber: syz
[  100.880746][ T5896] usb 4-1: config 0 descriptor??
[  100.970957][   T24] usb 3-1: new high-speed USB device number 4 using dummy_hcd
[  101.018802][   T43] usb 1-1: new high-speed USB device number 5 using dummy_hcd
[  101.140170][   T24] usb 3-1: config 1 has too many interfaces: 66, using maximum allowed: 32
[  101.175446][   T24] usb 3-1: config 1 has an invalid descriptor of length 55, skipping remainder of the config
[  101.198781][   T43] usb 1-1: Using ep0 maxpacket: 16
[  101.208635][   T24] usb 3-1: config 1 has 1 interface, different from the descriptor's value: 66
[  101.226000][ T5896] usb 4-1: USB disconnect, device number 3
[  101.232171][   T43] usb 1-1: config 0 has an invalid interface number: 148 but max is 0
[  101.259496][   T43] usb 1-1: config 0 has no interface number 0
[  101.265680][   T43] usb 1-1: New USB device found, idVendor=0499, idProduct=8206, bcdDevice=f4.55
[  101.277364][   T24] usb 3-1: config 1 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 52, changing to 9
[  101.288627][ T5849] udevd[5849]: error opening ATTR{/sys/devices/platform/dummy_hcd.3/usb4/4-1/4-1:0.190/sound/card3/controlC3/../uevent} for writing: No such file or directory
[  101.308504][   T24] usb 3-1: config 1 interface 0 altsetting 0 endpoint 0x81 has invalid maxpacket 8241, setting to 1024
[  101.328821][   T43] usb 1-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  101.354916][   T24] usb 3-1: New USB device found, idVendor=7d25, idProduct=a415, bcdDevice= 0.40
[  101.371029][   T43] usb 1-1: config 0 descriptor??
[  101.376427][   T24] usb 3-1: New USB device strings: Mfr=1, Product=4, SerialNumber=0
[  101.388100][   T24] usb 3-1: Product: syz
[  101.419367][   T24] usb 3-1: Manufacturer: syz
[  101.434030][ T5924] usb 2-1: new high-speed USB device number 4 using dummy_hcd
[  101.462842][   T24] cdc_wdm 3-1:1.0: skipping garbage
[  101.468206][   T24] cdc_wdm 3-1:1.0: skipping garbage
[  101.485063][   T24] cdc_wdm 3-1:1.0: cdc-wdm0: USB WDM device
[  101.491313][   T24] cdc_wdm 3-1:1.0: Unknown control protocol
[  101.601098][ T5924] usb 2-1: config 27 interface 0 altsetting 0 endpoint 0x8B has an invalid bInterval 0, changing to 7
[  101.612517][ T5924] usb 2-1: config 27 interface 0 altsetting 0 bulk endpoint 0xB has invalid maxpacket 47
[  101.616437][ T5896] usb 1-1: USB disconnect, device number 5
[  101.623605][ T5924] usb 2-1: New USB device found, idVendor=0582, idProduct=0014, bcdDevice=bb.9d
[  101.638430][ T5924] usb 2-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  101.654134][ T6044] raw-gadget.3 gadget.1: fail, usb_ep_enable returned -22
[  101.682898][ T5924] usb 2-1: Quirk or no altset; falling back to MIDI 1.0
[  101.727989][    C0] wdm_int_callback: 123 callbacks suppressed
[  101.728013][    C0] cdc_wdm 3-1:1.0: nonzero urb status received: -71
[  101.728614][   T43] usb 3-1: USB disconnect, device number 4
[  101.734051][    C0] wdm_int_callback: 123 callbacks suppressed
[  101.734069][    C0] cdc_wdm 3-1:1.0: wdm_int_callback - 0 bytes
[  101.734086][    C0] cdc_wdm 3-1:1.0: wdm_int_callback - usb_submit_urb failed with result -19
[  101.889775][ T5896] usb 2-1: USB disconnect, device number 4
[  102.198983][    T0] NOHZ tick-stop error: local softirq work is pending, handler #200!!!
[  102.207833][    T0] NOHZ tick-stop error: local softirq work is pending, handler #200!!!
[  102.216588][    T0] NOHZ tick-stop error: local softirq work is pending, handler #200!!!
[  102.338387][ T6053] pim6reg1: entered promiscuous mode
[  102.346065][ T6053] pim6reg1: entered allmulticast mode
[  102.766941][ T6059] netlink: 'syz.1.37': attribute type 10 has an invalid length.
[  102.811486][ T6059] bond0: (slave wlan1): Enslaving as an active interface with an up link
[  103.098737][ T5924] usb 3-1: new high-speed USB device number 5 using dummy_hcd
[  103.304637][ T5924] usb 3-1: config 27 has an invalid descriptor of length 0, skipping remainder of the config
[  103.315601][ T5924] usb 3-1: config 27 interface 0 altsetting 0 endpoint 0x8B has an invalid bInterval 0, changing to 7
[  103.336408][ T5924] usb 3-1: config 27 interface 0 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 2
[  103.358948][ T5924] usb 3-1: New USB device found, idVendor=0582, idProduct=0014, bcdDevice=bb.9d
[  103.368650][ T5924] usb 3-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  103.399740][ T5924] usb 3-1: Quirk or no altset; falling back to MIDI 1.0
[  103.407808][ T5924] usb 3-1: invalid MIDI out EP 0
[  103.562552][ T5848] udevd[5848]: error opening ATTR{/sys/devices/platform/dummy_hcd.2/usb3/3-1/3-1:27.0/sound/card3/controlC3/../uevent} for writing: No such file or directory
[  103.596940][ T5924] snd-usb-audio 3-1:27.0: probe with driver snd-usb-audio failed with error -22
[  104.760714][ T5924] usb 4-1: new high-speed USB device number 4 using dummy_hcd
[  104.919297][ T5924] usb 4-1: Using ep0 maxpacket: 16
[  104.928496][ T5924] usb 4-1: config 0 has an invalid interface number: 148 but max is 0
[  104.937549][ T5924] usb 4-1: config 0 has no interface number 0
[  104.955568][ T5924] usb 4-1: New USB device found, idVendor=0499, idProduct=8206, bcdDevice=f4.55
[  104.965037][ T5924] usb 4-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  104.996828][ T5924] usb 4-1: config 0 descriptor??
[  105.008953][ T5925] usb 2-1: new high-speed USB device number 5 using dummy_hcd
[  105.023141][ T6086] could not allocate digest TFM handle cryptd(blake2b-160)
[  105.182843][ T5925] usb 2-1: config 1 has too many interfaces: 66, using maximum allowed: 32
[  105.197434][ T5925] usb 2-1: config 1 has an invalid descriptor of length 55, skipping remainder of the config
[  105.244073][ T5925] usb 2-1: config 1 has 1 interface, different from the descriptor's value: 66
[  105.257352][   T43] usb 4-1: USB disconnect, device number 4
[  105.272551][ T5925] usb 2-1: config 1 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 52, changing to 9
[  105.295721][ T5925] usb 2-1: config 1 interface 0 altsetting 0 endpoint 0x81 has invalid maxpacket 8241, setting to 1024
[  105.314711][ T5925] usb 2-1: New USB device found, idVendor=7d25, idProduct=a415, bcdDevice= 0.40
[  105.326738][ T5925] usb 2-1: New USB device strings: Mfr=1, Product=4, SerialNumber=0
[  105.347179][ T5925] usb 2-1: Product: syz
[  105.351763][ T5925] usb 2-1: Manufacturer: syz
[  105.383530][ T5925] cdc_wdm 2-1:1.0: skipping garbage
[  105.397397][ T5925] cdc_wdm 2-1:1.0: skipping garbage
[  105.407971][ T5925] cdc_wdm 2-1:1.0: cdc-wdm0: USB WDM device
[  105.417087][ T5925] cdc_wdm 2-1:1.0: Unknown control protocol
[  105.481111][ T6098] iommufd_mock iommufd_mock0: Adding to iommu group 0
[  105.507394][   T43] usb 3-1: USB disconnect, device number 5
[  105.650138][    C1] cdc_wdm 2-1:1.0: nonzero urb status received: -71
[  105.657090][    C1] cdc_wdm 2-1:1.0: wdm_int_callback - 0 bytes
[  105.663575][    C1] cdc_wdm 2-1:1.0: nonzero urb status received: -71
[  105.670219][    C1] cdc_wdm 2-1:1.0: wdm_int_callback - 0 bytes
[  105.676593][    C1] cdc_wdm 2-1:1.0: nonzero urb status received: -71
[  105.683411][    C1] cdc_wdm 2-1:1.0: wdm_int_callback - 0 bytes
[  105.689826][    C1] cdc_wdm 2-1:1.0: nonzero urb status received: -71
[  105.696467][    C1] cdc_wdm 2-1:1.0: wdm_int_callback - 0 bytes
[  105.704668][    C1] cdc_wdm 2-1:1.0: nonzero urb status received: -71
[  105.711331][    C1] cdc_wdm 2-1:1.0: wdm_int_callback - 0 bytes
[  105.718434][    C1] cdc_wdm 2-1:1.0: nonzero urb status received: -71
[  105.725183][    C1] cdc_wdm 2-1:1.0: wdm_int_callback - 0 bytes
[  105.732648][    C1] cdc_wdm 2-1:1.0: nonzero urb status received: -71
[  105.739485][    C1] cdc_wdm 2-1:1.0: wdm_int_callback - 0 bytes
[  105.747455][    C1] cdc_wdm 2-1:1.0: nonzero urb status received: -71
[  105.754140][    C1] cdc_wdm 2-1:1.0: wdm_int_callback - 0 bytes
[  105.760543][ T5924] usb 2-1: USB disconnect, device number 5
[  105.766543][    C1] cdc_wdm 2-1:1.0: nonzero urb status received: -71
[  105.766576][    C1] cdc_wdm 2-1:1.0: wdm_int_callback - 0 bytes
[  105.766596][    C1] cdc_wdm 2-1:1.0: wdm_int_callback - usb_submit_urb failed with result -19
[  107.149503][ T5924] usb 2-1: new high-speed USB device number 6 using dummy_hcd
[  107.334109][ T5924] usb 2-1: Using ep0 maxpacket: 16
[  107.353293][ T5924] usb 2-1: config 0 has an invalid interface number: 148 but max is 0
[  107.353331][ T6138] iommufd_mock iommufd_mock0: Adding to iommu group 0
[  107.362260][ T5924] usb 2-1: config 0 has no interface number 0
[  107.388580][ T5924] usb 2-1: New USB device found, idVendor=0499, idProduct=8206, bcdDevice=f4.55
[  107.479430][   T24] usb 1-1: new high-speed USB device number 6 using dummy_hcd
[  107.493465][ T5924] usb 2-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  107.510016][ T5924] usb 2-1: config 0 descriptor??
[  107.661066][   T24] usb 1-1: config 27 has an invalid descriptor of length 0, skipping remainder of the config
[  107.677251][   T24] usb 1-1: config 27 interface 0 altsetting 0 endpoint 0x8B has an invalid bInterval 0, changing to 7
[  107.692335][   T24] usb 1-1: config 27 interface 0 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 2
[  107.706266][   T24] usb 1-1: New USB device found, idVendor=0582, idProduct=0014, bcdDevice=bb.9d
[  107.750741][   T24] usb 1-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  107.772630][ T5924] usb 2-1: USB disconnect, device number 6
[  107.873287][   T24] usb 1-1: Quirk or no altset; falling back to MIDI 1.0
[  107.891100][   T24] usb 1-1: invalid MIDI out EP 0
[  107.991415][ T5961] udevd[5961]: error opening ATTR{/sys/devices/platform/dummy_hcd.0/usb1/1-1/1-1:27.0/sound/card3/controlC3/../uevent} for writing: No such file or directory
[  108.045489][   T24] snd-usb-audio 1-1:27.0: probe with driver snd-usb-audio failed with error -22
[  108.265235][ T6142] could not allocate digest TFM handle cryptd(blake2b-160)
[  108.328826][ T5924] usb 4-1: new high-speed USB device number 5 using dummy_hcd
[  108.535682][ T5924] usb 4-1: config 1 has too many interfaces: 66, using maximum allowed: 32
[  108.550657][ T5924] usb 4-1: config 1 has an invalid descriptor of length 55, skipping remainder of the config
[  108.606286][ T5924] usb 4-1: config 1 has 1 interface, different from the descriptor's value: 66
[  108.615618][ T5924] usb 4-1: config 1 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 52, changing to 9
[  108.628041][ T5924] usb 4-1: config 1 interface 0 altsetting 0 endpoint 0x81 has invalid maxpacket 8241, setting to 1024
[  108.641285][ T5924] usb 4-1: New USB device found, idVendor=7d25, idProduct=a415, bcdDevice= 0.40
[  108.654960][ T5924] usb 4-1: New USB device strings: Mfr=1, Product=4, SerialNumber=0
[  108.729112][ T5924] usb 4-1: Product: syz
[  108.733356][ T5924] usb 4-1: Manufacturer: syz
[  108.768421][ T5924] cdc_wdm 4-1:1.0: skipping garbage
[  108.783991][ T5924] cdc_wdm 4-1:1.0: skipping garbage
[  108.801736][ T5924] cdc_wdm 4-1:1.0: cdc-wdm0: USB WDM device
[  108.807711][ T5924] cdc_wdm 4-1:1.0: Unknown control protocol
[  109.064213][ T6166] iommufd_mock iommufd_mock0: Adding to iommu group 0
[  109.073763][    C0] cdc_wdm 4-1:1.0: nonzero urb status received: -71
[  109.079306][   T43] usb 4-1: USB disconnect, device number 5
[  109.080417][    C0] cdc_wdm 4-1:1.0: wdm_int_callback - 0 bytes
[  109.092316][    C0] cdc_wdm 4-1:1.0: wdm_int_callback - usb_submit_urb failed with result -19
[  109.450850][ T6176] netlink: 96 bytes leftover after parsing attributes in process `syz.2.79'.
[  110.272215][ T5896] usb 1-1: USB disconnect, device number 6
[  110.434140][ T6195] iommufd_mock iommufd_mock0: Adding to iommu group 0
[  110.441374][   T43] usb 3-1: new high-speed USB device number 6 using dummy_hcd
[  110.609910][   T43] usb 3-1: config 27 interface 0 altsetting 0 endpoint 0x8B has an invalid bInterval 0, changing to 7
[  110.625740][   T43] usb 3-1: config 27 interface 0 altsetting 0 bulk endpoint 0xB has invalid maxpacket 47
[  110.648831][   T43] usb 3-1: New USB device found, idVendor=0582, idProduct=0014, bcdDevice=bb.9d
[  110.658190][   T43] usb 3-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  110.673966][ T6190] raw-gadget.0 gadget.2: fail, usb_ep_enable returned -22
[  110.803433][   T43] usb 3-1: Quirk or no altset; falling back to MIDI 1.0
[  110.906427][   T43] usb 3-1: USB disconnect, device number 6
[  111.291921][ T6212] netlink: 96 bytes leftover after parsing attributes in process `syz.0.92'.
[  111.382771][ T6214] 
[  111.385145][ T6214] ============================================
[  111.391758][ T6214] WARNING: possible recursive locking detected
[  111.398550][ T6214] 6.16.0-rc4-next-20250702-syzkaller #0 Not tainted
[  111.405501][ T6214] --------------------------------------------
[  111.412039][ T6214] syz.3.94/6214 is trying to acquire lock:
[  111.418460][ T6214] ffff88807895d568 (&sb->s_type->i_mutex_key#17){+.+.}-{4:4}, at: __simple_recursive_removal+0x95/0x510
[  111.429637][ T6214] 
[  111.429637][ T6214] but task is already holding lock:
[  111.437007][ T6214] ffff88814982ae90 (&sb->s_type->i_mutex_key#17){+.+.}-{4:4}, at: bm_entry_write+0x289/0x540
[  111.447211][ T6214] 
[  111.447211][ T6214] other info that might help us debug this:
[  111.455273][ T6214]  Possible unsafe locking scenario:
[  111.455273][ T6214] 
[  111.462723][ T6214]        CPU0
[  111.466012][ T6214]        ----
[  111.469295][ T6214]   lock(&sb->s_type->i_mutex_key#17);
[  111.474812][ T6214]   lock(&sb->s_type->i_mutex_key#17);
[  111.480297][ T6214] 
[  111.480297][ T6214]  *** DEADLOCK ***
[  111.480297][ T6214] 
[  111.488443][ T6214]  May be due to missing lock nesting notation
[  111.488443][ T6214] 
[  111.496769][ T6214] 3 locks held by syz.3.94/6214:
[  111.501793][ T6214]  #0: ffff88802ff875f8 (&f->f_pos_lock){+.+.}-{4:4}, at: fdget_pos+0x247/0x320
[  111.510958][ T6214]  #1: ffff888064bee428 (sb_writers#11){.+.+}-{0:0}, at: vfs_write+0x211/0xa90
[  111.519943][ T6214]  #2: ffff88814982ae90 (&sb->s_type->i_mutex_key#17){+.+.}-{4:4}, at: bm_entry_write+0x289/0x540
[  111.530578][ T6214] 
[  111.530578][ T6214] stack backtrace:
[  111.536490][ T6214] CPU: 0 UID: 0 PID: 6214 Comm: syz.3.94 Not tainted 6.16.0-rc4-next-20250702-syzkaller #0 PREEMPT(full) 
[  111.536511][ T6214] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025
[  111.536528][ T6214] Call Trace:
[  111.536537][ T6214]  <TASK>
[  111.536545][ T6214]  dump_stack_lvl+0x189/0x250
[  111.536567][ T6214]  ? __pfx_dump_stack_lvl+0x10/0x10
[  111.536585][ T6214]  ? __pfx__printk+0x10/0x10
[  111.536603][ T6214]  ? print_lock_name+0xde/0x100
[  111.536621][ T6214]  print_deadlock_bug+0x28b/0x2a0
[  111.536639][ T6214]  validate_chain+0x1a3f/0x2140
[  111.536657][ T6214]  ? lockdep_unlock+0x89/0x120
[  111.536678][ T6214]  ? validate_chain+0x897/0x2140
[  111.536697][ T6214]  __lock_acquire+0xab9/0xd20
[  111.536722][ T6214]  ? __simple_recursive_removal+0x95/0x510
[  111.536740][ T6214]  lock_acquire+0x120/0x360
[  111.536762][ T6214]  ? __simple_recursive_removal+0x95/0x510
[  111.536785][ T6214]  down_write+0x96/0x1f0
[  111.536809][ T6214]  ? __simple_recursive_removal+0x95/0x510
[  111.536827][ T6214]  ? __pfx_down_write+0x10/0x10
[  111.536852][ T6214]  __simple_recursive_removal+0x95/0x510
[  111.536873][ T6214]  bm_entry_write+0x4f7/0x540
[  111.536896][ T6214]  ? __pfx_bm_entry_write+0x10/0x10
[  111.536919][ T6214]  ? __pfx_bm_entry_write+0x10/0x10
[  111.536940][ T6214]  vfs_write+0x27e/0xa90
[  111.536961][ T6214]  ? __pfx_vfs_write+0x10/0x10
[  111.536978][ T6214]  ? __fget_files+0x2a/0x420
[  111.537001][ T6214]  ? __fget_files+0x3a0/0x420
[  111.537021][ T6214]  ? __fget_files+0x2a/0x420
[  111.537045][ T6214]  ksys_write+0x145/0x250
[  111.537064][ T6214]  ? __pfx_ksys_write+0x10/0x10
[  111.537080][ T6214]  ? rcu_is_watching+0x15/0xb0
[  111.537097][ T6214]  ? do_syscall_64+0xbe/0x3b0
[  111.537119][ T6214]  do_syscall_64+0xfa/0x3b0
[  111.537139][ T6214]  ? lockdep_hardirqs_on+0x9c/0x150
[  111.537158][ T6214]  ? entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  111.537173][ T6214]  ? clear_bhb_loop+0x60/0xb0
[  111.537190][ T6214]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  111.537205][ T6214] RIP: 0033:0x7f4ee5b8e929
[  111.537230][ T6214] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[  111.537245][ T6214] RSP: 002b:00007f4ee69cd038 EFLAGS: 00000246 ORIG_RAX: 0000000000000001
[  111.537261][ T6214] RAX: ffffffffffffffda RBX: 00007f4ee5db5fa0 RCX: 00007f4ee5b8e929
[  111.537273][ T6214] RDX: 0000000000000002 RSI: 0000200000000100 RDI: 0000000000000005
[  111.537284][ T6214] RBP: 00007f4ee5c10b39 R08: 0000000000000000 R09: 0000000000000000
[  111.537294][ T6214] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000
[  111.537303][ T6214] R13: 0000000000000000 R14: 00007f4ee5db5fa0 R15: 00007ffc84a2c3a8
[  111.537321][ T6214]  </TASK>