last executing test programs:

3m31.267012625s ago: executing program 4 (id=5):
pipe2$watch_queue(&(0x7f0000001180)={0xffffffffffffffff, <r0=>0xffffffffffffffff}, 0x80)
prctl$PR_SET_MM_MAP(0x23, 0xe, &(0x7f0000000080)={&(0x7f0000ff0000/0x1000)=nil, &(0x7f0000ffd000/0x3000)=nil, &(0x7f0000ffc000/0x4000)=nil, &(0x7f0000ffc000/0x4000)=nil, &(0x7f0000ff8000/0x4000)=nil, &(0x7f0000ff8000/0x3000)=nil, &(0x7f0000ffb000/0x3000)=nil, &(0x7f0000ffb000/0x3000)=nil, &(0x7f0000ffc000/0x3000)=nil, &(0x7f0000ffa000/0x1000)=nil, &(0x7f0000ffa000/0x2000)=nil, 0x0}, 0x68)
ioctl$BTRFS_IOC_GET_SUBVOL_ROOTREF(0xffffffffffffffff, 0xd000943d, 0x0)
sendmsg$NFT_BATCH(0xffffffffffffffff, &(0x7f0000000080)={0x0, 0x0, 0x0}, 0x400c804)
r1 = openat$fb0(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0)
ioctl$FBIOPUT_VSCREENINFO(r1, 0x4601, &(0x7f0000000040)={0x80, 0x20, 0x0, 0x0, 0x60d4f506, 0x0, 0x10, 0x0, {0x8010, 0x8}, {0x8, 0x8}, {0x2}, {}, 0x0, 0x10, 0x0, 0x0, 0x1, 0x0, 0x80000000, 0x0, 0x0, 0x6, 0x0, 0x3, 0x0, 0x200, 0x2, 0xc})
r2 = syz_open_dev$amidi(&(0x7f0000000140), 0x2, 0x100)
madvise(&(0x7f0000000000/0x600000)=nil, 0x600003, 0x15)
ioctl$SNDRV_RAWMIDI_IOCTL_INFO(r2, 0x40045731, &(0x7f0000000180))
sendmsg$IPSET_CMD_GET_BYNAME(0xffffffffffffffff, &(0x7f00000001c0)={&(0x7f0000000100)={0x10, 0x0, 0x0, 0x10}, 0xc, &(0x7f0000000180)={&(0x7f0000000140)=ANY=[@ANYBLOB="2c0000000e0601020000005a90dee4f42bc9190500010007000000050001000700000000003bd590c9043900"], 0x2c}, 0x1, 0x0, 0x0, 0x48044}, 0x5)
r3 = io_uring_setup(0xb, &(0x7f0000000040)={0x0, 0x6492, 0x80, 0x8, 0x8000})
bpf$MAP_GET_NEXT_KEY(0x2, 0x0, 0x0)
bpf$MAP_CREATE(0x0, &(0x7f0000000000)=ANY=[@ANYBLOB="1a00000004"], 0x50)
io_uring_enter(r3, 0x2219, 0x7721, 0x16, 0x0, 0x0)
sendmsg$NFT_MSG_GETRULE(r0, &(0x7f0000000380)={&(0x7f0000000240)={0x10, 0x0, 0x0, 0x10}, 0xc, &(0x7f0000000340)={&(0x7f0000000280)={0x8c, 0x7, 0xa, 0x201, 0x0, 0x0, {0x5, 0x0, 0xa}, [@NFTA_RULE_EXPRESSIONS={0x78, 0x4, 0x0, 0x1, [{0x10, 0x1, 0x0, 0x1, @lookup={{0xb}, @void}}, {0xc, 0x1, 0x0, 0x1, @fwd={{0x8}, @void}}, {0x10, 0x1, 0x0, 0x1, @socket={{0xb}, @void}}, {0x10, 0x1, 0x0, 0x1, @meta={{0x9}, @void}}, {0x28, 0x1, 0x0, 0x1, @fwd={{0x8}, @val={0x1c, 0x2, 0x0, 0x1, [@NFTA_FWD_NFPROTO={0x8, 0x3, 0x1, 0x0, 0x2}, @NFTA_FWD_SREG_DEV={0x8, 0x1, 0x1, 0x0, 0x2}, @NFTA_FWD_SREG_ADDR={0x8, 0x2, 0x1, 0x0, 0x3}]}}}, {0x10, 0x1, 0x0, 0x1, @dynset={{0xb}, @void}}]}]}, 0x8c}, 0x1, 0x0, 0x0, 0x4810}, 0x20004000)
ioctl$sock_inet_tcp_SIOCATMARK(r0, 0x8905, &(0x7f0000000200))

3m30.07727597s ago: executing program 4 (id=15):
r0 = syz_open_dev$sndpcmc(&(0x7f0000001fc0), 0x0, 0x420a01)
landlock_create_ruleset(&(0x7f0000000140)={0x0, 0x3, 0x6}, 0xfffffffffffffeae, 0x0)
r1 = syz_usb_connect(0x5, 0x36, &(0x7f00000000c0)=ANY=[@ANYBLOB="120100001a77aa4094225b4210a20102030109022400010000000009040000029233500009050602ff030000000905ba3e79"], 0x0)
socket$can_raw(0x1d, 0x3, 0x1)
syz_usb_control_io$cdc_ncm(r1, 0x0, &(0x7f00000006c0)={0x44, &(0x7f0000000240)=ANY=[@ANYBLOB="40010400000003"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0})
syz_usb_control_io$sierra_net(r1, 0x0, &(0x7f0000000040)={0x1c, &(0x7f0000000000)={0x40, 0x7, 0x27, "45e528a8ec2169b388981ed7818e291623be4c17e8391504f6401c08000000000002000000e1b7"}, 0x0, 0x0})
setsockopt$inet6_int(0xffffffffffffffff, 0x29, 0x4a, 0x0, 0x0)
ioctl$SNDRV_PCM_IOCTL_PAUSE(r0, 0x40044145, 0x0)

3m25.372095454s ago: executing program 4 (id=19):
socketpair$unix(0x1, 0x1, 0x0, &(0x7f0000000b40))
r0 = syz_open_dev$loop(&(0x7f0000000240), 0xffffffff7ffffffe, 0x1e67e3)
r1 = socket$alg(0x26, 0x5, 0x0)
bind$alg(r1, &(0x7f00000004c0)={0x26, 'skcipher\x00', 0x0, 0x0, 'cbc-camellia-asm\x00'}, 0x58)
r2 = accept4(r1, 0x0, 0x0, 0x80800)
r3 = epoll_create1(0x80000)
epoll_ctl$EPOLL_CTL_ADD(r3, 0x1, r2, &(0x7f00000002c0)={0x10000018})
r4 = openat$sysfs(0xffffffffffffff9c, &(0x7f00000001c0)='/sys/power/pm_freeze_timeout', 0x82802, 0xf)
ioctl$LOOP_CONFIGURE(r0, 0x4c0a, &(0x7f0000000080)={r4, 0x400, {0x0, 0x0, 0x0, 0x4, 0x7fffffff, 0x0, 0x0, 0xa, 0xc, "faf98357e5a1149989fc8dbec3bd02b82a128bbad0099cebdc25f5abb534464c516bdd8a0f3500", "32d8cc26f7061a74df2cfc06c89f3d2b984b30c50997d3bef409ff2176fd7afe55cd4a5d83cd4a524bd3ffe70c7f3f800b2f7b6aa501c50a1fcaed1e831fa79a", "715237641a8ccf162e43ac61f700000000009b4100", [0x9, 0xa]}})
ioctl$SIOCSIFHWADDR(r4, 0x8b2b, &(0x7f0000000040)={'wlan1\x00', @broadcast})
r5 = socket$inet6_mptcp(0xa, 0x1, 0x106)
setsockopt$inet6_tcp_int(r5, 0x6, 0x6, &(0x7f0000000180)=0x1, 0x4)
r6 = socket$nl_generic(0x10, 0x3, 0x10)
sendmsg$nl_generic(r6, &(0x7f0000000100)={0x0, 0x0, &(0x7f0000000140)={&(0x7f0000003e40)={0x14, 0x1e, 0x301, 0x20000002, 0x0, {0x19}}, 0x14}, 0x1, 0x0, 0x0, 0x81}, 0x4004000)
connect$inet6(r5, &(0x7f0000000080)={0xa, 0x4e23, 0x9, @remote, 0xc6}, 0x1c)

3m22.09972429s ago: executing program 4 (id=24):
openat$ptp0(0xffffffffffffff9c, 0x0, 0x2, 0x0)
socket$nl_generic(0x10, 0x3, 0x10)
r0 = getpgrp(0x0)
sched_setaffinity(r0, 0x8, &(0x7f0000000040)=0x5)
prlimit64(0x0, 0xe, &(0x7f0000000100)={0x8, 0x80000100008b}, 0x0)
sched_setscheduler(0x0, 0x1, &(0x7f0000000300)=0x7)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
r1 = getpid()
sched_setscheduler(r1, 0x2, &(0x7f0000000000)=0x3)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0)
r2 = syz_clone(0x8000, 0x0, 0xfffffffffffffe7e, 0x0, 0x0, 0x0)
prctl$PR_SCHED_CORE(0x3e, 0x1, r2, 0x1, 0x0)
r3 = syz_open_dev$MSR(&(0x7f00000001c0), 0x0, 0x0)
read$msr(r3, 0x0, 0x0)
r4 = syz_open_procfs(0xffffffffffffffff, 0x0)
lseek(r4, 0xfffd, 0x0)

3m21.242344391s ago: executing program 4 (id=26):
r0 = openat$vmci(0xffffffffffffff9c, &(0x7f0000000040), 0x2, 0x0)
syz_io_uring_setup(0xb9a, 0x0, 0x0, 0x0, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000200)=0x6)
sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
r1 = syz_open_dev$MSR(&(0x7f00000001c0), 0x0, 0x0)
read$msr(r1, &(0x7f0000019680)=""/102392, 0x18ff8)
r2 = socket$inet_mptcp(0x2, 0x1, 0x106)
ioctl$int_in(r2, 0x5452, 0x0)
listen(r2, 0x28)
shutdown(r2, 0x0)
setsockopt$inet6_group_source_req(0xffffffffffffffff, 0x29, 0x2e, 0x0, 0x0)
r3 = syz_init_net_socket$rose(0xb, 0x5, 0x0)
ioctl$SIOCRSSL2CALL(r3, 0x89e2, &(0x7f0000000300)=@netrom={0xbb, 0xbb, 0xbb, 0xbb, 0xbb, 0x0, 0x0})
setsockopt$inet6_group_source_req(0xffffffffffffffff, 0x29, 0x2f, &(0x7f0000000200)={0x0, {{0xa, 0x4e21, 0x80, @mcast1={0xff, 0x7}, 0x6}}, {{0xa, 0x0, 0x0, @empty, 0x8}}}, 0x108)
socket$key(0xf, 0x3, 0x2)
fcntl$addseals(0xffffffffffffffff, 0x409, 0xc)
ioctl$IOCTL_VMCI_QUEUEPAIR_DETACH(r0, 0x7aa, &(0x7f00000000c0)={{@my=0x1, 0xffffffff}, 0x7ff80004, 0x7})
r4 = socket$kcm(0x10, 0x2, 0x0)
sendmsg$kcm(r4, &(0x7f0000000600)={0x0, 0xc, &(0x7f0000000000)=[{&(0x7f0000000080)="2e00000010008188e6b62aa73772cc9f1ba1f848480000005e140602000000000e000a000f000000028000001294", 0x2e}], 0x1}, 0x0)

3m5.497265808s ago: executing program 32 (id=26):
r0 = openat$vmci(0xffffffffffffff9c, &(0x7f0000000040), 0x2, 0x0)
syz_io_uring_setup(0xb9a, 0x0, 0x0, 0x0, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000200)=0x6)
sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
r1 = syz_open_dev$MSR(&(0x7f00000001c0), 0x0, 0x0)
read$msr(r1, &(0x7f0000019680)=""/102392, 0x18ff8)
r2 = socket$inet_mptcp(0x2, 0x1, 0x106)
ioctl$int_in(r2, 0x5452, 0x0)
listen(r2, 0x28)
shutdown(r2, 0x0)
setsockopt$inet6_group_source_req(0xffffffffffffffff, 0x29, 0x2e, 0x0, 0x0)
r3 = syz_init_net_socket$rose(0xb, 0x5, 0x0)
ioctl$SIOCRSSL2CALL(r3, 0x89e2, &(0x7f0000000300)=@netrom={0xbb, 0xbb, 0xbb, 0xbb, 0xbb, 0x0, 0x0})
setsockopt$inet6_group_source_req(0xffffffffffffffff, 0x29, 0x2f, &(0x7f0000000200)={0x0, {{0xa, 0x4e21, 0x80, @mcast1={0xff, 0x7}, 0x6}}, {{0xa, 0x0, 0x0, @empty, 0x8}}}, 0x108)
socket$key(0xf, 0x3, 0x2)
fcntl$addseals(0xffffffffffffffff, 0x409, 0xc)
ioctl$IOCTL_VMCI_QUEUEPAIR_DETACH(r0, 0x7aa, &(0x7f00000000c0)={{@my=0x1, 0xffffffff}, 0x7ff80004, 0x7})
r4 = socket$kcm(0x10, 0x2, 0x0)
sendmsg$kcm(r4, &(0x7f0000000600)={0x0, 0xc, &(0x7f0000000000)=[{&(0x7f0000000080)="2e00000010008188e6b62aa73772cc9f1ba1f848480000005e140602000000000e000a000f000000028000001294", 0x2e}], 0x1}, 0x0)

18.648356265s ago: executing program 0 (id=318):
r0 = socket(0x10, 0x3, 0x0)
r1 = syz_open_dev$vim2m(&(0x7f0000000140), 0x200000001003, 0x2)
ioctl$vim2m_VIDIOC_REQBUFS(r1, 0xc0145608, &(0x7f00000000c0)={0x1, 0x2, 0x1})
ioctl$vim2m_VIDIOC_STREAMON(r1, 0x40045612, &(0x7f0000000080)=0x2)
r2 = openat$uhid(0xffffffffffffff9c, &(0x7f0000000000), 0x2, 0x0)
write$UHID_CREATE(r2, &(0x7f0000000540)={0x0, {'syz0\x00', 'syz0\x00', 'syz0\x00', &(0x7f0000000240)=""/17, 0x11, 0x2, 0x4, 0x9, 0x4, 0xc08}}, 0x120)
read$FUSE(r2, &(0x7f0000006b40)={0x2020}, 0x2020)
ioctl$VIDIOC_DECODER_CMD(r1, 0xc0485660, &(0x7f0000000000)={0x1, 0x1, @stop_pts=0x5})
r3 = openat$binderfs_ctrl(0xffffffffffffff9c, &(0x7f00000000c0)='./binderfs2/binder-control\x00', 0x802, 0x0)
dup3(r3, r0, 0x0)
r4 = socket$inet6(0xa, 0x2, 0x0)
bind$inet6(r4, 0x0, 0x0)
timer_create(0x0, &(0x7f0000000240)={0x0, 0x21, 0x2}, &(0x7f0000000300)=<r5=>0x0)
fcntl$lock(0xffffffffffffffff, 0x25, &(0x7f0000000040)={0x0, 0x0, 0xfd8b, 0x5})
mprotect(&(0x7f0000000000/0xf000)=nil, 0xf000, 0x1)
timer_settime(r5, 0x1, &(0x7f0000000040)={{}, {0x0, 0x989680}}, 0x0)
r6 = syz_open_dev$tty1(0xc, 0x4, 0x1)
r7 = dup(r6)
ioctl$TCXONC(r6, 0x540a, 0x0)
write$FUSE_INIT(r7, &(0x7f00000004c0)={0x50, 0xfffffffffffffff5, 0x0, {0x7, 0x9, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1}}, 0x50)
sendmsg$nl_generic(r0, &(0x7f0000000240)={0x0, 0x0, &(0x7f0000000100)={&(0x7f0000000380)={0x14, 0x1a, 0x1, 0x0, 0x102, {0xa}}, 0x14}}, 0x40)
capset(&(0x7f0000000040)={0x20080522}, &(0x7f0000000080))

18.087883378s ago: executing program 2 (id=319):
mkdirat(0xffffffffffffff9c, &(0x7f0000000100)='./file0\x00', 0x0)
mount(0x0, &(0x7f0000000080)='./file0\x00', &(0x7f0000000040)='cgroup2\x00', 0x0, 0x0)
r0 = syz_open_dev$usbfs(&(0x7f0000000100), 0x77, 0x101301)
r1 = bpf$MAP_CREATE_CONST_STR(0x0, &(0x7f0000000340)={0x2, 0x4, 0x8, 0x1, 0x80, 0xffffffffffffffff, 0x9}, 0x50)
bpf$BPF_MAP_CONST_STR_FREEZE(0x16, &(0x7f00000005c0)={r1}, 0x4)
r2 = bpf$PROG_LOAD(0x5, &(0x7f0000000040)={0x6, 0x10, &(0x7f0000000100)=@framed={{0x18, 0x2, 0x0, 0x0, 0xfefff963}, [@snprintf={{}, {}, {}, {}, {}, {}, {}, {}, {}, {0x18, 0x3, 0x2, 0x0, r1}}]}, &(0x7f00000001c0)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @xdp, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
bpf$BPF_PROG_TEST_RUN(0xa, &(0x7f0000000200)={r2, 0x0, 0xe, 0x0, &(0x7f0000000180)="19b24f406b4b34f555028d313a39", 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2, 0x9, 0x2}, 0x50)
ioctl$USBDEVFS_CONTROL(r0, 0xc0105500, &(0x7f0000000040)={0x0, 0x1, 0x1, 0x3, 0x0, 0x0, 0x0})
mount$overlay(0x0, &(0x7f0000000000)='./file0\x00', 0x0, 0x2110420, &(0x7f0000001300)={[], [{@audit}, {@smackfshat}]})
file_getattr(0xffffffffffffff9c, &(0x7f00000000c0)='./file0\x00', &(0x7f0000000140), 0x18, 0x100)

16.72908198s ago: executing program 2 (id=321):
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x20000008b}, 0x0)
sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x7)
r0 = getpid()
sched_setscheduler(r0, 0x2, &(0x7f0000000200)=0x7)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={<r1=>0xffffffffffffffff, <r2=>0xffffffffffffffff})
read$alg(0xffffffffffffffff, 0x0, 0x0)
r3 = openat$proc_mixer(0xffffffffffffff9c, &(0x7f0000000000)='/proc/asound/card0/oss_mixer\x00', 0x2002, 0x0)
readv(r3, &(0x7f0000000600)=[{&(0x7f0000000380)=""/71, 0x47}], 0x1)
connect$unix(r1, &(0x7f0000000180)=@file={0x1, './file0\x00'}, 0x6e)
sendmmsg$unix(r2, &(0x7f00000bd000), 0x318, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000340)=0x6)
socket$rds(0x15, 0x5, 0x0)
r4 = openat$vicodec0(0xffffffffffffff9c, &(0x7f0000000000), 0x2, 0x0)
bpf$MAP_CREATE(0x100000000000000, &(0x7f0000000440)=ANY=[], 0x48)
r5 = bpf$MAP_CREATE(0x0, &(0x7f0000000340)=ANY=[@ANYBLOB='\x00'/13], 0x48)
bpf$PROG_LOAD(0x5, &(0x7f0000001080)={0x6, 0x14, &(0x7f00000000c0)=ANY=[@ANYBLOB="1800000000000000000000000000000018150000", @ANYRES32=r5, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b7040000000000008500000045000000180100002020692500000000002020207b1af8ff00000000bfa100000000000007010000f8ffffffb702000008000000b703000000000000850000000700000095"], &(0x7f0000000080)='GPL\x00', 0x0, 0x0, 0x0, 0x40f00, 0x2, '\x00', 0x0, @fallback=0x21, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
bpf$MAP_LOOKUP_ELEM(0x1, 0x0, 0x0)
ioctl$VIDIOC_G_OUTPUT(r4, 0x8004562e, 0x0)
r6 = bpf$BPF_BTF_LOAD(0x12, &(0x7f0000000300)={&(0x7f0000000400)=ANY=[@ANYBLOB="9feb01001800000000000000ee000000ee000000040000000e00000004000004c80500000b00000001000000070000000900000000000000070000000100000003000000020000000000000005000000000000000b0000000400000604000000100000000f00000009000000000000000a0000000300003c749b221d7a7132000b000000060000000300000000000009030000000f0000000500000f0200000001000000ffffffff04000000022000000300000008000000040000000300000001000000050000000600000008000000010000000301000017000000054c0c00000003000004070000000b00000001000000010000000200000003000000ff07000006000000000000009c8b"], &(0x7f0000000540), 0x10c, 0x0, 0x0, 0x9, 0x10000}, 0x28)
syz_open_dev$loop(&(0x7f0000000100), 0x2, 0x2001)
bpf$MAP_CREATE(0x0, &(0x7f0000000240)=ANY=[@ANYBLOB="1e00000007000000060000000002000009000200", @ANYRES32=r5, @ANYBLOB="018b0000000000f8ff000000000c000000000000", @ANYRES32, @ANYRES32=r6, @ANYBLOB="0000000005000000040000000500"/28], 0x50)
r7 = openat$sndtimer(0xffffffffffffff9c, &(0x7f0000000080), 0x0)
ioctl$SNDRV_TIMER_IOCTL_SELECT(r7, 0x40345410, &(0x7f00000083c0)={{0x3, 0x0, 0x7}})

15.126008171s ago: executing program 0 (id=322):
r0 = openat(0xffffffffffffff9c, 0x0, 0x80940, 0xd2)
close(r0)
socket$tipc(0x1e, 0x2, 0x0)
socketpair$tipc(0x1e, 0x5, 0x0, &(0x7f0000000040)={<r1=>0xffffffffffffffff})
shutdown(r1, 0x2)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000080)=0x8)
r2 = getpid()
sched_setscheduler(r2, 0x2, &(0x7f0000000200)=0x7)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f00000007c0))
socketpair$unix(0x1, 0x3, 0x0, &(0x7f0000000080)={<r3=>0xffffffffffffffff, <r4=>0xffffffffffffffff})
connect$unix(r3, &(0x7f0000000300)=@abs, 0x6e)
sendmmsg$unix(r4, &(0x7f00000bd000), 0x28e, 0x0)
recvmmsg(r3, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
r5 = socket$inet6_tcp(0xa, 0x1, 0x0)
setsockopt$inet6_tcp_int(r5, 0x6, 0x13, 0x0, 0x0)
connect$inet6(r5, &(0x7f0000000200)={0xa, 0x0, 0x0, @loopback}, 0x1c)
setsockopt$inet6_tcp_TCP_ULP(r5, 0x6, 0x1f, &(0x7f00000000c0), 0x4)
setsockopt$inet6_tcp_TLS_TX(r5, 0x11a, 0x1, &(0x7f0000000540)=@gcm_128={{0x303}, "ffffffffffffffe2", "8e083700daf38a6d69e9b5e9c2f133d7", "6a3a05b9", "12772541f8eb02bb"}, 0x28)
shutdown(r5, 0x1)
r6 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f00000002c0)='freezer.state\x00', 0x275a, 0x0)
write$cgroup_int(r6, &(0x7f0000000000), 0xffffff6a)
sendfile(r5, r6, 0x0, 0xffffffff004)
ioctl$XFS_IOC_ATTRMULTI_BY_HANDLE(r6, 0x4048587b, &(0x7f0000000980)={{r0, &(0x7f0000000180)='(/!\x9c,\x0f\x00', 0x200, &(0x7f00000001c0)={@align=0x5, {0xfff2, 0x5, 0x9, 0x6}}, 0x200, &(0x7f0000000240)={@_ha_fsid}, &(0x7f0000000500)=0xb}, 0x5, &(0x7f00000008c0)=[{0x3, 0x4, &(0x7f0000000380)='tls', &(0x7f00000003c0)="1afa92336878987b752eec4fadc8b5fc469aca783a699d0c806b58a62874f0d55992390fb15ea5d6b87978e288008c0ba6feb1d8d8e36a6c9db22c8ca561b76695d59261646415ea74e6ef4dce5e6a09cad96f27f12979a0a9c6b7ccc56f9442afbb3b72fe6307cc9afcdff8e9c34fafbbaa19a173c238c259038bd3588d135ab50b7e0ca317babdca00473c017b14e8871edaa890c1f6902167c2c4975f8a0c6cf780ee19294d142a2ab74413ac4cc645633b5c522d2e66a3d86b5f5e2630a906a5c770849f9635248fea40914475f4d4449e42688ea84f64a7480464604a7d107a55e63b53878a7f0edc2a0fb6c0dd194e50158777b98d635b03", 0xfb}, {0x2, 0x2800, &(0x7f00000004c0)='!$)\x00', &(0x7f0000000580)="209733fcd93b037500096dc5669a6d23ba5d0dae3303f42aa5a88f327b09eec4705792b6e1b9a3ea9351778fbbd094df7feb6a3f9e464532e7308088f02c7fc5a0af220e8f9b66602f94152dea245601c6b8549bf1036d729029dd60409b6f5c749f5b567b9b2c0b7181b4a1c4f26589471ae7", 0x73, 0x3}, {0x1, 0x2, &(0x7f0000000600)='*\x00', &(0x7f0000000680)="ce1e32dae2b9f93f99826e7a0a8252fa5cf8d5054228f338e548ddebda2e9bcf0d3fcb16e04adaeb6e33b5ffe49b46d391a37c809bf39beb2df83c9a93c44475c2d0caa4cbae1da06c5b537cae4a0b3efb8b691306ff7503b23660e3f420eb125fd78051bf2964cd9db5aac9c945fc52a3d458f01bb55e5d74852f8646a2b530db3d98d116c1f9256e533c61f2739538eab0afd8dffdd5730751415f2c7a64e80188a8f4f48dfed0d64598acfbf90c4f968830d66c1f5e7c10e2d9c605ca398fbee67128d6ec81e45607a7d30923598d842f5e033b73a78da3", 0xd9, 0x30}, {0x2, 0x7fff, &(0x7f0000000780)=')\x00', &(0x7f0000002000)="32f4675e63563f06f43ad643dadd1e106fcff002e9e1f2559806f49b07e08bdd6e8d528e5e3491a6e1af5c31167fa83c657c162ce3de31e9516389a89c29905c0e7fd57cb5fcf4de9c4d2de2735c9629a30cb8776deb", 0x56, 0x2}, {0x1, 0x5, &(0x7f0000000800)='tls', &(0x7f0000000840)="0ab4d62b9004d0ec7ea20f724af93f21f6658a60fcdeb8a7aa5338af977abf81fdcf2097a2f1376d7c360d7cc69d04592276ba8fde92c18da3f13f0648272a3427936254a00826e5f8082ec92de732bb441e2c38a62a5ed7fff7df6e14356349d597b73ca8", 0x65, 0xa}]})
madvise(&(0x7f0000ffd000/0x2000)=nil, 0x2000, 0xa)
syz_usb_connect$uac3(0x0, 0x80, &(0x7f00000000c0)={{0x12, 0x1, 0x300, 0x0, 0x0, 0x0, 0x20, 0x1235, 0x8214, 0x40, 0x1, 0x2, 0x3, 0x1, [{{0x9, 0x2, 0x6e, 0x3, 0x1, 0x7, 0x10, 0x1, {0x8, 0xb, 0x0, 0x2, 0x1, 0x21, 0x30, 0xd6}, {{{0x9, 0x4, 0x0, 0x0, 0x0, 0x1, 0x1, 0x30, 0x0, {{0xa, 0x24, 0x1, 0x9, 0xa, 0x7}}}, {}, {0x9, 0x4, 0x1, 0x1, 0x1, 0x1, 0x2, 0x30, 0x0, {}, {{0x9, 0x5, 0x1, 0x9, 0x3ff, 0x7, 0xbf, 0x41, {0xa, 0x25, 0x25, 0x6, 0x76, 0xba}}}}, {}, {0x9, 0x4, 0x2, 0x1, 0x1, 0x1, 0x2, 0x30, 0x0, {}, {{0x9, 0x5, 0x82, 0x9, 0x400, 0x9, 0x7, 0xd0, {0xa, 0x25, 0x25, 0x6, 0x1, 0x5}}}}}}}}]}}, &(0x7f0000000640)={0x0, 0x0, 0x0, 0x0})

14.996903876s ago: executing program 3 (id=324):
r0 = socket$nl_route(0x10, 0x3, 0x0)
sendmsg$nl_route(r0, &(0x7f0000000200)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000080)=ANY=[@ANYBLOB="40000000210001002bbd7000fcdbdf25060020dd000000020400010008000200ac1414aa08000a00000000001400110069703667726574617030000000000000"], 0x40}, 0x1, 0x0, 0x0, 0x8000}, 0x40800)
r1 = socket$xdp(0x2c, 0x3, 0x0)
r2 = socket$nl_route(0x10, 0x3, 0x0)
sendmsg$nl_route(r2, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000040)={&(0x7f0000000240)=ANY=[@ANYRES32=0x0, @ANYRES64=r1, @ANYBLOB="ffc30000000000003c00adeaeed89ea6400d518703888c0d12800c0001006d6163766c616c002c0002800a000900ffffbfffffff00000a000400aaaaaa91458d4d28ad4f75d3a7556eaaaabb0000060002000500"/98, @ANYRES32=r0, @ANYRES8=r0], 0x64}}, 0x0)
io_setup(0x9, &(0x7f0000000080))
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0)
sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x7)
r3 = getpid()
sched_setscheduler(r3, 0x2, &(0x7f0000000200)=0x6)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={<r4=>0xffffffffffffffff, <r5=>0xffffffffffffffff})
connect$unix(r4, &(0x7f000057eff8)=@abs, 0x6e)
sendmmsg$unix(r5, &(0x7f0000000000), 0x651, 0x0)
recvmmsg(r4, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
sched_setaffinity(0x0, 0x0, 0x0)
syz_init_net_socket$nl_generic(0x10, 0x3, 0x10)
syz_init_net_socket$nl_generic(0x10, 0x3, 0x10)
r6 = socket$inet6_sctp(0xa, 0x5, 0x84)
setsockopt$inet_sctp6_SCTP_PEER_ADDR_PARAMS(r6, 0x84, 0x9, &(0x7f0000000580)={0x0, @in={{0x2, 0x0, @empty}}, 0x0, 0x0, 0x3fc, 0x0, 0x32}, 0x9c)
setsockopt$inet_sctp6_SCTP_DEFAULT_PRINFO(r6, 0x84, 0x72, &(0x7f00000001c0)={0x0, 0x1, 0x20}, 0xc)
setsockopt$inet_sctp6_SCTP_PEER_ADDR_PARAMS(r6, 0x84, 0x9, &(0x7f0000000000)={0x0, @in6={{0xa, 0x0, 0x0, @empty}}, 0x0, 0x800, 0x0, 0x0, 0x8a}, 0x9c)
bind$inet6(r6, &(0x7f00004b8fe4)={0xa, 0x4e23, 0x0, @loopback}, 0x1c)
sendto$inet6(r6, &(0x7f0000847fff)='X', 0x34000, 0x0, &(0x7f000005ffe4)={0xa, 0x4e23, 0x0, @loopback}, 0x1c)
setsockopt$inet_sctp6_SCTP_PEER_ADDR_PARAMS(r6, 0x84, 0x9, &(0x7f0000000a00)={0x0, @in6={{0xa, 0x4e23, 0x0, @loopback}}, 0x100, 0x0, 0x0, 0x0, 0x54, 0x0, 0x8}, 0x9c)
bpf$MAP_CREATE_RINGBUF(0x0, 0x0, 0x0)
fsconfig$FSCONFIG_SET_BINARY(0xffffffffffffffff, 0x2, 0x0, 0x0, 0x0)
fcntl$lock(r5, 0x24, 0x0)
socket$nl_route(0x10, 0x3, 0x0)

14.903052421s ago: executing program 2 (id=325):
r0 = syz_usb_connect$cdc_ncm(0x0, 0x8f, &(0x7f0000000580)=ANY=[@ANYBLOB="12010000020000402505a1a440000102030109027d0002010080000904000001020d0000052406000105240000000d240f0103050000fd0000000406241aff072908241c0101090000142413099f33760bf14377323063f9c8a04d113905241510000905810300020800040904010000020d00000904010102020d0000090582020002e1ad00090503020002"], 0x0)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0)
sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x7)
r1 = getpid()
sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2)
sched_setscheduler(r1, 0x2, &(0x7f0000000200)=0x6)
ioprio_set$pid(0x2, 0xffffffffffffffff, 0x2004)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeef, 0x8031, 0xffffffffffffffff, 0x0)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f00000001c0)={<r2=>0xffffffffffffffff, <r3=>0xffffffffffffffff})
connect$unix(r2, &(0x7f000057eff8)=@file={0x0, './file0\x00'}, 0x6e)
sendmmsg$unix(r3, &(0x7f0000000000), 0x400000000000041, 0x0)
sched_setaffinity(r1, 0x8, &(0x7f0000000240)=0x2)
recvmmsg(r2, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
mkdirat(0xffffffffffffff9c, &(0x7f0000000040)='./file0\x00', 0xc0)
ioctl$sock_inet_SIOCSIFADDR(r2, 0x8916, 0x0)
mount(0x0, &(0x7f0000000180)='./file0\x00', &(0x7f00000000c0)='tracefs\x00', 0x1214040, 0x0)
mount$overlay(0x0, &(0x7f0000000140)='./file0\x00', &(0x7f0000000180), 0x0, &(0x7f00000003c0)={[{@lowerdir={'lowerdir', 0x3d, './file0'}, 0x3a}], [], 0x2f})
mount$overlay(0x0, &(0x7f0000000140)='./file0\x00', &(0x7f0000000180), 0x0, &(0x7f0000000040)={[{@lowerdir={'lowerdir', 0x3d, './file0'}, 0x3a}], [], 0x2f})
r4 = openat(0xffffffffffffff9c, &(0x7f0000000000)='./file0\x00', 0x4, 0x80)
getdents64(r4, &(0x7f0000000400)=""/4096, 0xc00)
syz_usb_control_io$cdc_ncm(r0, 0x0, 0x0)
syz_usb_control_io$cdc_ncm(r0, 0x0, 0x0)
r5 = syz_usb_connect$cdc_ecm(0x5, 0x61, &(0x7f00000002c0)={{0x12, 0x1, 0x300, 0x2, 0x0, 0x0, 0x10, 0x525, 0xa4a1, 0x40, 0x1, 0x2, 0x3, 0x1, [{{0x9, 0x2, 0x4f, 0x1, 0x1, 0xe1, 0x60, 0x9, "", [{{0x9, 0x4, 0x0, 0x1, 0x2, 0x2, 0x6, 0x0, 0x9, {{0xb, 0x24, 0x6, 0x0, 0x0, "08b77534c4e4"}, {0x5, 0x24, 0x0, 0xe}, {0xd, 0x24, 0xf, 0x1, 0x1, 0xc7, 0xecf, 0x3}, [@call_mgmt={0x5, 0x24, 0x1, 0x1, 0xe0}]}, {[{{0x9, 0x5, 0x81, 0x3, 0x10, 0x79, 0x3, 0x1}}], {{0x9, 0x5, 0x82, 0x2, 0x20, 0xfb, 0x5}}, {{0x9, 0x5, 0x3, 0x2, 0x3ff, 0x10, 0x9, 0x3}}}}}]}}]}}, &(0x7f0000000b00)={0xa, &(0x7f0000000340)={0xa, 0x6, 0x200, 0x54, 0x7, 0x2, 0x20, 0x2}, 0x10, &(0x7f0000000380)={0x5, 0xf, 0x10, 0x1, [@wireless={0xb, 0x10, 0x1, 0xc, 0x10, 0x1, 0x49, 0x7, 0x9}]}, 0x7, [{0x4, &(0x7f00000003c0)=@lang_id={0x4, 0x3, 0x416}}, {0xfd, &(0x7f0000000640)=@string={0xfd, 0x3, "cd8f73b7a3387107d6e9db58dc8faa50cf1f701e7d0f65e9206e0b9969b0409bdf00e1eebf9a684a4525035ac0f2681a48a54142db02d9fba22665fd96c144adaa9c120e05a560010d7540e859d15f18115eeb5cf8c29c70ebad826f8d80c39b04ef227c6229c833cbad6469f50a4b20681c9ddd9e04348675f2e7409715c70e50133618218aac56974d4ef9b26882e2e0fdfad7b5104071eceba795980aff80cf3d7083dda28c1a93f4b9bb436f41d59bea1422021438a226f5b9a945f4f9ea8a849731be0519f72c968ee3f64581734bf81c315808c55e955a3eac385fa8e1a9e13fd8b140ea9d9169772f062fd3936f2458531d884e51020512"}}, {0x4, &(0x7f0000000840)=@lang_id={0x4, 0x3, 0x83e}}, {0x2, &(0x7f0000000880)=@string={0x2}}, {0x69, &(0x7f0000000940)=@string={0x69, 0x3, "d474cd2ed522b9ebc4ca615cc90209922abc7e010bb9107aa7da7b966d90745cb892b80930378e6bdcb1c41a116b81ac64152175a6cf3470e769c0b6208b8b5ae784c1c40defb9d7fd29087260c66f66db2c34db6cbe567c333ce561c762ae7c3f44c1537d335f"}}, {0x4, &(0x7f00000009c0)=@lang_id={0x4, 0x3, 0x827}}, {0xb0, &(0x7f0000000a00)=@string={0xb0, 0x3, "7edfc1546b280342e19e00514ae91d47698d2f8213c54cc843ecaab0a4d6117244f56118d3d44c2ad695e4a2acbc821cc3a9ffab1fe3569d41cbf9d327955d66bab905de8d59073f5ca92a78f9a7e0249e0462334399b3f08274ccd453ef7dc286b85db158ff66f9f6c5578ff71f0dd56dbdefe01c9c6a6f678ecc3263fc249b07f33d24a7fa281b8ba0763b3f9fb686f09e9c58ebe94719741ea2bb9b331dafd8b761929d05b5feed3379389859"}}]})
r6 = syz_init_net_socket$802154_dgram(0x24, 0x2, 0x0)
sendmsg$802154_dgram(r6, &(0x7f0000000240)={0x0, 0x0, &(0x7f0000000200)={0x0}, 0x1, 0x0, 0x0, 0x24048040}, 0x4044001)
r7 = bpf$PROG_LOAD(0x5, &(0x7f0000000200)={0xc, 0xe, &(0x7f0000001080)=ANY=[@ANYBLOB="b702000024000000bfa30000000000000703000000feffff7a0af0fff8bffffd79a4f0ff00000000b7060000ffffffff2d640500000000006502040001001f000404000001007d60b7030000000000006a0a00fefdff00008500000026000000b7000000000000009500000000000000c743a0c8e3ebbadc20e5a7efcc9ac1467fb2ea80dbcf8df265e1b40e4c8afd5c0c000000008da68076774bbcdb2c769937000090af27db5b56024db96bcbbbd2cb2000ce03000000000000007e357754508535766c80114604a86fe569b05614eab9297eb290a248a120c9c6e39f403ff065fd3052aae80675eeba68562eaeaea5fecf298ca20f274233106eab63ecf772de7b265040b6c50b7420b48a93fe94c756108afcd0b2eb78040000005f02a5a6474ae549070004000000001294fba0ed5020e6474ac921fee1f6d8ad6a80c0947cd6d4a561ced21a0b4a902be6af7ec2d1ba002e57f301000000000000000000000000100000aaf25343063e6581f9e6de14ad72e5ad84309f47f96a576cd20cef7ed951a73ea73d7c7f14e306f1f1d1377e57abb1af00f0077e9d0000b93eb0f2c6f8141e350dc68147e5958128d22d586270f9dba211bfff9c3709c9b134625d3d2369f516a49eeeb1a662c8dfb875bdf5c6ba73cccdfacb202994c40d322717faff03323dce8a34ee0ca2cf61efb4b30000642735d6d482ba98d252f36c54333aab1aa736369392b9067665339820f5f1557b0bf7cc06a5a13c714e0b1a1f000000ff3283076cda3d0b1a2905cfc3d04f1db264b530abcbe44bc405f600807970727fb819afa1907228fa9e83433eedb4ac88d0285594ffb0d14c09d5c77f33702822b02488ea570204c8441ced81cacf945dcb2486c9e3600e916ae6307bd8325a442095bc9a8b0c95905979f34adddbb26f0d24425c8ab9d937d84b521914f92eed3d3e9de82942a952e86b567aff5bc2e3c1fcc00f618363df5d0d181ee8f4b8fd356c9eb365adc037e443820c05c5db16ff07a9cf471e2ebf91ab00a05f88c1cd55f8c81f5eb1f8d615ca27efb2193bb61665a1ce37f30c2efc9c3b5a4a5d95479fac471ba60fbd0e50225563cd37343d09da72472efc2b2877fbab12a891513e5f0763ae06c0610a2869747c143d75007606000000b2310e19ac58bf29d7f178d09a9f634a3ae492f54649589e3692768a0f3a082c5242c8fa7f01e0873c9c5c604108ad85950d8e08465fa1067ea8f383b3e7a7ddf5977d46f4bc38f914b4a496426d8468f9ba618b6b2218b50c8fc9efbce3ba799cf70de7e13be871aa7eb402e2b11f440361e18d4e334bfc6ae54e62e67a0338c756c544189e4519a029674e2a2bbbc7f6600000000000800000e5e30b70b198246d3a62660600000030a0af132e680510811d3ab71af5d98e2d3d928a749e8b9402d14655612bd58fb40b4625cb69bf6cea97b447f2d970d99100000000086000001b881afb2cc500003a73562af4878f75b4c98274eeb666aa1f5fcf91990cf0dcfef9540057b8a3fff2bc02c5941626d2015f414546e87835ba18e91017343e3dc6955fc6b9a25fe2a3dd8bab7f21beccba5493a164c663eceed401737c12c65804712236a9a29a43b1e27e9b6816f2328ea8423121f12b7b35aa721fef26934ccafde573bee5c33ef15309f43cbd5d61aa679a9c402d337ebf57a5eacb569401c1df7b9c45b09743c61d1db37f0000000000020000000000de00d23dd63b7761d7d6818db785d8ba13dc577fe61a68eb365de5661f43d4c789bb117a3d208ae44a38e7868dc32e132124ecf52327631b718b3157e218959156ff8e92b7e92bc275d2c9114547351a0d0f1370d13be0194b6cb68b03000000000000004f153bbc7f52861e4e5df0d19e4e40ac44cfda6f87807e5b5ed7072c04da88afd3d4b79f060e004a0e2f00b9e726ac75d2ac0691314c627e9a8a07bdd607919fd48f01ad6d2f7621d9a75b134f1bc25ed7c33d411a5baa4daa3add16afc502b2b7629541d722e91d631e5ffb9d4beb5aa5a2c4e490a5bd038c1817f0d4652a29353b05b16b3c5cf4538ba310b8cbc221af38ea842d4cb908bcd574f794459fd54b58c6a791e6df625a47bade4ba41ee014184395a479544619f749ff70088b0fd115077f7eff7c5a3315ca604d110df1c54407f191a78d8362e4dc6e1138391c2a65246779bb76c9f1daea4f085f38810edef6dd047937c231cba791a4e7713c5b3b0a0b6ba37db5016e02d114d714459d065a79609fea4efebad04eda001aac0e53dd094827453144fa419ee81823d00a90a9058ba740d2f4125377960604f521df5e325efe395a4e3b7ca8d01a8c1a7265a084e30ad10d412aee8170a7111d62473e7bd8f3d64fb7ebdd32aada331900000000000000000000000084ef49dd020000000000000000000000d9dcb285038ec38d5f4969ed0e98a71ac7bf8159a234833a5241722b2d24aa2fa4965d4eb7966fb27d118b6ef3308627e67d42f1041d5e92da28e0a7724ce715854775cbe06c5166f1dac0745f1373156a536cb6394c2c4473e2050cacf693fdf8e305080000001a901ecd90a5f53b8327a485557bc2a147b036477915e600000000034258ebbb6099b597d17ee2fc97ca850b8580b1337016a40566814594c13052b9d2b0741326825f19a244609ac04a0c29691a7c8f7a78c1a7590a293c561f304533c638ae635f5ce026f7fa034d8cfe0e11831d4829692beab26891ef583cfcb713a4d3a2d8b958c0875d7e4bdcf98802db086ebcbb9d82fa569a18f06facc2ffe1ea9ae4231e1e7a5dd7503faa2de7f898c97788c4b9c61c70ff92abdf7476cc351156d11c0ada7614f315f4c6cca119d16827d4e864f5a7a9b690272a510c451dc07f391309d02e31e53b2bf0b5f86e776b1bcfe6c85ccd7ddf8a9559d58bb5603895f265685f0400000000000000ccec1b0d45a47a89b8237cbbdab14e4ca6dc76b2c41e071b93a065c0f5aa718e1cfab29beea78a6bd9a3114f0f6f03160ec875b92be9a5862627b4bd99db2c08e4636e43f05f33535d5d1f9bb40e1fd8e5125a3d29b31dd94a6744bbc21722222b976089f073a4d3fcafc6d06518cf0c4fc6c8e3da0000000000000000000000007d3b60775243f2143d9f54804b11102cf0e4c641db1ba8bf75e46ab3a8fdece6562e7ebb3e407f3c7504dfa3da3aecbd49af3d1edeea11cc970416fadeedc8423bfdc85041ac4d8243a1130e6f4cb5bbfed9d095e18c98c7d690e4c491a7ddcd5635bc61dbed719ca28e8ca3f1fbbe588913ed057f1d6e34a79f4dc10df54d1993a5bc5f9ef6dbd339ee4b0b5764169f305e284ef82cc23e9366d4bc7eb45c7230b13433e5240657cb8eba33260147be8620b6d98cc48b000000000000000000000000c1ce872b18984f080100000000000000bd3fded92547d41809b398f36749083a147eb09ff1ed601bd36b873d3947fb223da647052528e0466cb917db7800f7c7000b593fca1903991cca1343882e3a1f60044f11c081dae4fc5bcf20efacdd2c577f4bcda2eea6f75a31dc90eebb6135b6fb824052181b0ad8a49ebf03ccf61d7e39bf6b0762d24d19796016301d1415b5110ba9df7f204aedb2a2e4e621c0553d312b309db67192f98ef7800000d629c04e216afc8fc66616bbf304e452373aa927c2ad6f5417f1b9bc322b802c1c42112a92a331cdc113b9ace3ff52ede7a853f9a89002ba070bac2f635a03db3375e5564f1a798bf9c0f8c72725d2eca9b0ec7e453d78ea20eca61530fe574299b393ca144adcb06108dfbb934065a87972739150a8752ac111c4d9062ccb95c54034fbdee131d94dfbaab1854d55665746fb7b47d25e54070b0d14c0a29c57bc4930075e1761913b036d43852c6df9f10e15105b2a18668298a3577943514db0dce953dcec62139ff3f16066efec5d8cbc0600000000007289be5883aab951ea67cf2ff691d05c1ea91dd569ed9897fe8d88a0a6977dc8955be17e8026aff11c61fa5cc76196c14233d597345253baa1537eb6962a3ce1fe5d5ab46938e8fb23fa7047bc59c4345e912585a9adb5fe2ff51b64a326321b594e3f2d339f4090bdae6b30b62064bacbc155d3c930576f506b093ca7c60957bdfdd6536baaa871cf6a603c736b78761e6463b8ac503e219cc3d98f649602ad24d5667368290ee926fba76ee482a201a03efece3b236f4ee2ffcd5d90d92a2f0c5cb2791add8279c491fa48c87f27c2f1e92988a6508c12f6b7755cc48eb10edafca92cb0260c72295a27a24846d3a2334bd60e94c0fd07e5db0a4964a7fc4e89f11a300510776934e87bb3c21394f46954a012b2a3b0760f1bad1dbd6b466e0000000000000000008e5f9004e01fe2b177c5f443d09de4ba8f72d534405f9e7807c864bbca5893376420e38cf47a3660a2ab17b20baa271aa9eaffc19b50f291f51a7cc935023382bd80d7bca313636f3aaa6b788b233097bd545d9bf9715fbf"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x8, &(0x7f0000000000), 0x8, 0x10, &(0x7f0000000000), 0x10}, 0x94)
bpf$BPF_PROG_TEST_RUN(0xa, &(0x7f00000003c0)={r7, 0x18000000000002a0, 0xe, 0x0, &(0x7f00000000c0)="b907ef19edfff00702000ff0888e", 0x0, 0x6500, 0x18000000, 0x0, 0x0, 0x0, 0x0, 0x4}, 0x50)
syz_usb_control_io$cdc_ecm(r5, &(0x7f0000000c00)={0x14, &(0x7f0000000b80)={0x1465c8eadaf9c77c, 0x5, 0x34, {0x34, 0x22, "8ac13a5e4761da2fda1b5353c2908ad386c0333723f2a21b72a5f2e3aaf568bf28ed90230d49269c05a42c105e26a3e462cf"}}, &(0x7f0000000bc0)={0x0, 0x3, 0x1a, {0x1a}}}, &(0x7f0000000d00)={0x1c, &(0x7f0000000c40)={0x0, 0x14, 0xc, "f1103afd4613de0b7e9b7799"}, &(0x7f0000000c80)={0x0, 0xa, 0x1, 0x2}, &(0x7f0000000cc0)={0x0, 0x8, 0x1, 0x9}})
syz_usb_control_io$cdc_ncm(r0, 0x0, &(0x7f0000000000)={0x44, 0x0, 0x0, 0x0, &(0x7f0000000280)={0x20, 0x80, 0x1c, {0x10ff, 0x2, 0x4003c, 0x6, 0x4, 0x7fff, 0xfffd, 0xef, 0x1, 0xfff4, 0x4, 0x2fb}}, 0x0, 0x0, 0x0, 0x0})
request_key(&(0x7f00000001c0)='user\x00', &(0x7f0000000200)={'syz', 0x2}, &(0x7f0000000240)='-,#,,\x00', 0xfffffffffffffffc)

14.641032251s ago: executing program 1 (id=326):
syz_usb_connect$cdc_ncm(0x0, 0x8f, &(0x7f0000000580)=ANY=[@ANYBLOB="12010000020000402505a1a440000102030109027d0002010080000904000001020d0000052406000105240000000d240f0103050000fd0000000406241aff072908241c0101090000142413099f33760bf14377323063f9c8a04d113905241510000905810300020800040904010000020d0000090401010202"], 0x0)
r0 = socket$phonet_pipe(0x23, 0x5, 0x2)
socketpair$nbd(0x1, 0x1, 0x0, &(0x7f0000000800))
socket$phonet_pipe(0x23, 0x5, 0x2)
bind$phonet(r0, 0x0, 0x0)
socket$phonet_pipe(0x23, 0x5, 0x2)
socket$nl_generic(0x10, 0x3, 0x10)
socket(0x1e, 0x4, 0x0)
socket$inet_tcp(0x2, 0x1, 0x0)
r1 = syz_open_dev$dvb_frontend(&(0x7f00000000c0), 0x0, 0x40002)
ioctl$FE_SET_PROPERTY(r1, 0x40106f52, &(0x7f00000001c0)={0x3b, 0x0})
syz_init_net_socket$802154_raw(0x24, 0x3, 0x0)
io_uring_enter(0xffffffffffffffff, 0x8ae, 0x6933, 0x17, 0x0, 0xeffd)
r2 = fsopen(&(0x7f00000001c0)='ramfs\x00', 0x0)
fsconfig$FSCONFIG_CMD_CREATE(r2, 0x6, 0x0, 0x0, 0x0)
r3 = fsmount(r2, 0x1, 0x0)
fchdir(r3)
mkdirat(0xffffffffffffff9c, &(0x7f0000000100)='./file0\x00', 0x0)
mknodat$loop(0xffffffffffffff9c, &(0x7f0000000040)='./file5\x00', 0x6000, 0x1)
renameat2(0xffffffffffffff9c, &(0x7f0000000a00)='./file0\x00', 0xffffffffffffff9c, &(0x7f0000000600)='./file5\x00', 0x2)
socket$inet6(0xa, 0x80001, 0x0)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200))
r4 = syz_open_dev$dri(&(0x7f0000000440), 0x1, 0x48240)
ioctl$DRM_IOCTL_SET_CLIENT_CAP(r4, 0x4010640d, &(0x7f0000000000)={0x3, 0x2})
ioctl$DRM_IOCTL_MODE_GETPLANERESOURCES(r4, 0xc01064b5, &(0x7f0000000040)={&(0x7f0000000100)=[<r5=>0x0], 0x1})
ioctl$DRM_IOCTL_MODE_ATOMIC(r4, 0xc03864bc, &(0x7f0000000180)={0x1, 0x1, &(0x7f00000000c0)=[r5], &(0x7f0000000180), &(0x7f0000000200), &(0x7f00000001c0), 0x0, 0x1})

12.282303313s ago: executing program 3 (id=327):
r0 = openat$sysfs(0xffffffffffffff9c, 0x0, 0x169a82, 0x109)
statx(r0, &(0x7f0000002900)='./file0\x00', 0x400, 0x20, &(0x7f0000002940))
read$FUSE(r0, &(0x7f0000002a40)={0x2020}, 0x2020)

11.71517243s ago: executing program 0 (id=328):
r0 = socket$inet6_sctp(0xa, 0x5, 0x84)
setsockopt$inet_sctp6_SCTP_PEER_ADDR_PARAMS(r0, 0x84, 0x9, &(0x7f0000000580)={0x0, @in={{0x2, 0x0, @empty}}, 0x0, 0x0, 0x3fc, 0x0, 0x32}, 0x9c)
setsockopt$inet_sctp6_SCTP_DEFAULT_PRINFO(r0, 0x84, 0x72, &(0x7f00000001c0)={0x0, 0x1, 0x20}, 0xc)
setsockopt$inet_sctp6_SCTP_PEER_ADDR_PARAMS(r0, 0x84, 0x9, &(0x7f0000000000)={0x0, @in6={{0xa, 0x0, 0x0, @empty}}, 0x0, 0x800, 0x0, 0x0, 0x8a}, 0x9c)
bind$inet6(r0, &(0x7f00004b8fe4)={0xa, 0x4e23, 0x0, @loopback}, 0x1c)
sendto$inet6(r0, &(0x7f0000847fff)='X', 0x34000, 0x0, &(0x7f000005ffe4)={0xa, 0x4e23, 0x0, @loopback}, 0x1c)
setsockopt$inet_sctp6_SCTP_PEER_ADDR_PARAMS(r0, 0x84, 0x9, &(0x7f0000000a00)={0x0, @in6={{0xa, 0x4e23, 0x0, @loopback}}, 0x100, 0x0, 0x0, 0x0, 0x54, 0x0, 0x8}, 0x9c)

9.530911373s ago: executing program 3 (id=329):
r0 = socket$inet6_sctp(0xa, 0x1, 0x84)
r1 = socket$inet_tcp(0x2, 0x1, 0x0)
setsockopt$inet_tcp_TCP_CONGESTION(r1, 0x6, 0xd, 0x0, 0xffffffffffffff5d)
ioctl$DMA_HEAP_IOCTL_ALLOC(0xffffffffffffffff, 0xc0184800, &(0x7f0000000100)={0x2, <r2=>r1})
r3 = socket$nl_generic(0x10, 0x3, 0x10)
r4 = syz_genetlink_get_family_id$devlink(0x0, 0xffffffffffffffff)
sendmsg$DEVLINK_CMD_RATE_DEL(r3, 0x0, 0x0)
sendmsg$DEVLINK_CMD_RATE_NEW(r2, &(0x7f00000003c0)={&(0x7f00000002c0)={0x10, 0x0, 0x0, 0x2000}, 0xc, &(0x7f0000000380)={&(0x7f0000000300)={0x48, r4, 0x300, 0x70bd2a, 0x25dfdbfd, {}, [@DEVLINK_ATTR_RATE_TX_MAX={0xc, 0xa7, 0xfff}, @DEVLINK_ATTR_RATE_TX_MAX={0xc, 0xa7, 0x47fa5999}, @DEVLINK_ATTR_RATE_NODE_NAME={0xf, 0xa8, @name2}, @DEVLINK_ATTR_RATE_TX_MAX={0xc, 0xa7, 0x1}]}, 0x48}, 0x1, 0x0, 0x0, 0x4000414}, 0x0)
sendto$inet(r1, 0x0, 0x0, 0xf401, 0x0, 0x0)
socketpair$unix(0x1, 0x3, 0x0, &(0x7f0000000080)={<r5=>0xffffffffffffffff, <r6=>0xffffffffffffffff})
r7 = syz_init_net_socket$bt_hci(0x1f, 0x3, 0x1)
bind$bt_hci(r7, &(0x7f0000000040), 0x6)
ioctl$sock_bt_hci(r7, 0x400448e6, &(0x7f0000000080))
ioctl$sock_bt_hci(r7, 0x400448e7, 0x0)
sendmmsg$unix(r6, &(0x7f00000bd000), 0x318, 0x0)
recvmmsg(r5, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
sched_setattr(0x0, 0x0, 0x0)
r8 = openat$adsp1(0xffffffffffffff9c, &(0x7f0000000040), 0xa0201, 0x0)
ioctl$SNDCTL_DSP_SPEED(r8, 0xc0045002, &(0x7f0000000080)=0x3ff)
write$dsp(r8, &(0x7f00000012c0)="a52876830a602214f6b4e928d758f38a5a7cb4b31c4c09289e9ebb6286784ca3", 0x4000)
listen(r0, 0x3)
r9 = socket$netlink(0x10, 0x3, 0x4)
r10 = socket$nl_netfilter(0x10, 0x3, 0xc)
sendmsg$IPCTNL_MSG_TIMEOUT_NEW(r10, &(0x7f0000000200)={0x0, 0x0, &(0x7f00000001c0)={&(0x7f0000000480)=ANY=[@ANYBLOB="580000000008010200000000000000000200ffff0600024022eb000005000300ffff00000900010073797a3000000000260004"], 0x58}}, 0x20008000)
r11 = syz_open_dev$vbi(&(0x7f0000000000), 0x0, 0x2)
ioctl$VIDIOC_S_INPUT(r11, 0xc0045627, &(0x7f00000000c0)=0x3)
recvfrom$inet6(r0, &(0x7f00000004c0)=""/208, 0xd0, 0x2001, &(0x7f00000005c0)={0xa, 0x4e23, 0xe8, @empty, 0x11}, 0x1c)
writev(r9, &(0x7f0000000000)=[{&(0x7f0000000140)="480000001400190d09004beafd0d8c560a84476080ffe00600004e22590000a2bc5603ca00000f7f89000000200000000101ff000000", 0x36}], 0x1)

9.225518026s ago: executing program 1 (id=330):
r0 = socket$nl_route(0x10, 0x3, 0x0)
sendmsg$nl_route(r0, &(0x7f00000016c0)={0x0, 0x0, &(0x7f0000001680)={&(0x7f0000000040)=ANY=[@ANYBLOB="340000001100010026bd700003dcdf0500000000", @ANYRES32=0x0, @ANYBLOB="0a220400100000001400350076657468315f766c616e000000000000"], 0x34}, 0x1, 0x200000000000000, 0x0, 0x240040c4}, 0x0)
r1 = socket$pppoe(0x18, 0x1, 0x0)
connect$pppoe(r1, &(0x7f0000000000)={0x18, 0x0, {0x7, @dev={'\xaa\xaa\xaa\xaa\xaa', 0x35}, 'macvlan1\x00'}}, 0x1e)
r2 = syz_open_dev$dri(&(0x7f0000000180), 0x1, 0x0)
ioctl$DRM_IOCTL_MODE_CREATE_DUMB(r2, 0xc02064b2, &(0x7f00000029c0)={0x6, 0x8000005, 0x9, 0x0, <r3=>0x0})
r4 = openat$uinput(0xffffffffffffff9c, &(0x7f0000000200), 0x802, 0x0)
r5 = syz_open_dev$loop(&(0x7f0000000000), 0x2, 0x80000)
ioctl$LOOP_SET_FD(r5, 0x4c00, r4)
ioctl$DRM_IOCTL_MODE_CREATE_DUMB(r2, 0xc02064b2, &(0x7f0000000200)={0x200, 0x1fb, 0xc38})
ioctl$DRM_IOCTL_MODE_CREATE_DUMB(r2, 0xc02064b2, &(0x7f0000000980)={0xd, 0x4, 0x1})
ioctl$DRM_IOCTL_MODE_CREATE_DUMB(r2, 0xc02064d2, &(0x7f0000000080)={0x3, 0x80, 0x3})
ioctl$DRM_IOCTL_MODE_DESTROY_DUMB(r2, 0xc00464b4, &(0x7f0000000040)={r3})
r6 = openat$sndseq(0xffffffffffffff9c, &(0x7f00000002c0), 0x1)
ioctl$SNDRV_SEQ_IOCTL_CREATE_QUEUE(r6, 0xc08c5332, &(0x7f0000000300)={0x1, 0x0, 0x0, 'queue1\x00'})
pipe(&(0x7f0000000040)={0xffffffffffffffff, <r7=>0xffffffffffffffff})
close(r7)
socket$netlink(0x10, 0x3, 0x0)
ioctl$SNDRV_SEQ_IOCTL_GET_NAMED_QUEUE(r6, 0xc08c5336, &(0x7f0000000400)={0x200, 0x7, 0x1, 'queue1\x00', 0x3})
sendmmsg(r1, &(0x7f0000000200)=[{{0x0, 0x0, 0x0}, 0x5b4}], 0x1, 0x0)

8.816379884s ago: executing program 2 (id=331):
r0 = socket$alg(0x26, 0x5, 0x0)
bind$alg(r0, &(0x7f00000004c0)={0x26, 'hash\x00', 0x0, 0x0, 'hmac(sha1)\x00'}, 0x58)
setsockopt$ALG_SET_KEY(r0, 0x117, 0x1, 0x0, 0x0)
r1 = accept4(r0, 0x0, 0x0, 0x80800)
sendmmsg$alg(r1, &(0x7f0000000540)=[{0x0, 0x0, &(0x7f0000000000)=[{&(0x7f00000008c0)="0928ffffff", 0x5}, {&(0x7f0000000140)="ebe3a0e9", 0x4}], 0x2, 0x0, 0x0, 0x800}], 0x1, 0x40800)
r2 = socket$inet_tcp(0x2, 0x1, 0x0)
bind$inet(r2, &(0x7f0000000200)={0x2, 0x4e20, @multicast2}, 0x10)
setsockopt$inet_tcp_TCP_MD5SIG(r2, 0x6, 0xe, &(0x7f0000000280)={@in={{0x2, 0x4e20, @loopback}}, 0x0, 0x0, 0x0, 0x0, "e83ae75240c2d6d8ec87bb53679fd0450078548ceb6c4414fab091000000000000000776aea5922406b64cddaeb9d339ba3c01c2c7d0df8e61740b9af2d4e499d58654a4cf0fa0ce1f830c3279cffcfd"}, 0xd8)
setsockopt$inet_tcp_int(r2, 0x6, 0x2, &(0x7f0000000040)=0xce, 0x4)
r3 = syz_init_net_socket$nl_generic(0x10, 0x3, 0x10)
r4 = syz_genetlink_get_family_id$nl802154(&(0x7f00000003c0), 0xffffffffffffffff)
ioctl$sock_SIOCGIFINDEX_802154(r3, 0x8933, &(0x7f0000000000)={'wpan0\x00', <r5=>0x0})
sendmsg$NL802154_CMD_NEW_SEC_DEVKEY(r3, &(0x7f0000000580)={0x0, 0x0, &(0x7f0000000540)={&(0x7f00000000c0)={0x38, r4, 0x1, 0xfffffffd, 0x0, {}, [@NL802154_ATTR_IFINDEX={0x8, 0x3, r5}, @NL802154_ATTR_SEC_DEVKEY={0x1c, 0x2f, 0x0, 0x1, [@NL802154_DEVKEY_ATTR_EXTENDED_ADDR={0xc}, @NL802154_DEVKEY_ATTR_FRAME_COUNTER={0x8}, @NL802154_DEVKEY_ATTR_ID={0x4}]}]}, 0x38}}, 0x0)
connect$inet(r2, &(0x7f00000001c0)={0x2, 0x4e20, @loopback}, 0x10)
sendmsg$inet(r2, &(0x7f00000015c0)={0x0, 0x14, &(0x7f0000001600)=[{&(0x7f0000000240)=' ', 0x100120}], 0x1}, 0xd007)
bpf$BPF_PROG_WITH_BTFID_LOAD(0x5, &(0x7f0000000300)=@bpf_lsm={0x3, 0x4, &(0x7f0000000000)=ANY=[@ANYBLOB="660a0000000000006111600000000000850000006b00000095"], &(0x7f00000001c0)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x8}, 0x94)
r6 = bpf$MAP_CREATE(0x0, &(0x7f0000000500)=ANY=[@ANYBLOB="1e0000000000000002000000", @ANYRES32=0x1], 0x50)
bpf$MAP_GET_NEXT_KEY(0x4, &(0x7f0000000700)={r6, &(0x7f0000000080), 0x0}, 0x20)
mlock(&(0x7f0000ffb000/0x3000)=nil, 0x3000)
sendmsg$inet(0xffffffffffffffff, &(0x7f0000000680)={0x0, 0x0, &(0x7f0000000540)=[{&(0x7f0000000240)}], 0x1}, 0x4000080)
move_pages(0x0, 0x2, &(0x7f00000003c0)=[&(0x7f0000ffc000/0x4000)=nil, &(0x7f0000ffd000/0x3000)=nil], &(0x7f0000000540)=[0x1], &(0x7f0000001680), 0x0)
r7 = syz_open_procfs(0x0, &(0x7f00000001c0)='fd/3\x00')
r8 = epoll_create1(0x80000)
epoll_ctl$EPOLL_CTL_ADD(r8, 0x1, r7, &(0x7f0000000040))
epoll_ctl$EPOLL_CTL_MOD(r8, 0x3, r7, &(0x7f0000000c40)={0xc0000000})
ioctl$sock_ipv4_tunnel_SIOCGETTUNNEL(0xffffffffffffffff, 0x89f0, &(0x7f0000000280)={'gretap0\x00', &(0x7f0000000740)={'gretap0\x00', 0x0, 0x80, 0x80, 0x81, 0x5, {{0x17, 0x4, 0x1, 0x4, 0x5c, 0x65, 0x0, 0x6, 0x4, 0x0, @multicast1, @dev={0xac, 0x14, 0x14, 0x2a}, {[@cipso={0x86, 0x15, 0x3, [{0x1, 0xf, '\x00'/13}]}, @timestamp={0x44, 0x18, 0x70, 0x0, 0x7, [0x892a, 0x7, 0x6, 0x5, 0x8]}, @timestamp={0x44, 0x14, 0x30, 0x0, 0x0, [0xfffffffe, 0x7, 0x72, 0x5]}, @generic={0x88, 0x5, "007496"}]}}}}})
syz_open_procfs(0x0, &(0x7f0000000500)='task\x00')

8.526053848s ago: executing program 0 (id=332):
r0 = openat(0xffffffffffffff9c, 0x0, 0x80940, 0xd2)
close(r0)
socket$tipc(0x1e, 0x2, 0x0)
socketpair$tipc(0x1e, 0x5, 0x0, &(0x7f0000000040)={<r1=>0xffffffffffffffff})
shutdown(r1, 0x2)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000080)=0x8)
r2 = getpid()
sched_setscheduler(r2, 0x2, &(0x7f0000000200)=0x7)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f00000007c0))
socketpair$unix(0x1, 0x3, 0x0, &(0x7f0000000080)={<r3=>0xffffffffffffffff, <r4=>0xffffffffffffffff})
connect$unix(r3, &(0x7f0000000300)=@abs, 0x6e)
sendmmsg$unix(r4, &(0x7f00000bd000), 0x28e, 0x0)
recvmmsg(r3, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
r5 = socket$inet6_tcp(0xa, 0x1, 0x0)
setsockopt$inet6_tcp_int(r5, 0x6, 0x13, &(0x7f0000000000)=0x100000001, 0x4)
connect$inet6(r5, &(0x7f0000000200)={0xa, 0x0, 0x0, @loopback}, 0x1c)
setsockopt$inet6_tcp_TCP_ULP(r5, 0x6, 0x1f, 0x0, 0x0)
setsockopt$inet6_tcp_TLS_TX(r5, 0x11a, 0x1, &(0x7f0000000540)=@gcm_128={{0x303}, "ffffffffffffffe2", "8e083700daf38a6d69e9b5e9c2f133d7", "6a3a05b9", "12772541f8eb02bb"}, 0x28)
shutdown(r5, 0x1)
r6 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f00000002c0)='freezer.state\x00', 0x275a, 0x0)
write$cgroup_int(r6, &(0x7f0000000000), 0xffffff6a)
sendfile(r5, r6, 0x0, 0xffffffff004)
ioctl$XFS_IOC_ATTRMULTI_BY_HANDLE(r6, 0x4048587b, &(0x7f0000000980)={{r0, &(0x7f0000000180)='(/!\x9c,\x0f\x00', 0x200, &(0x7f00000001c0)={@align=0x5, {0xfff2, 0x5, 0x9, 0x6}}, 0x200, &(0x7f0000000240)={@_ha_fsid}, &(0x7f0000000500)=0xb}, 0x5, &(0x7f00000008c0)=[{0x3, 0x4, &(0x7f0000000380)='tls', &(0x7f00000003c0)="1afa92336878987b752eec4fadc8b5fc469aca783a699d0c806b58a62874f0d55992390fb15ea5d6b87978e288008c0ba6feb1d8d8e36a6c9db22c8ca561b76695d59261646415ea74e6ef4dce5e6a09cad96f27f12979a0a9c6b7ccc56f9442afbb3b72fe6307cc9afcdff8e9c34fafbbaa19a173c238c259038bd3588d135ab50b7e0ca317babdca00473c017b14e8871edaa890c1f6902167c2c4975f8a0c6cf780ee19294d142a2ab74413ac4cc645633b5c522d2e66a3d86b5f5e2630a906a5c770849f9635248fea40914475f4d4449e42688ea84f64a7480464604a7d107a55e63b53878a7f0edc2a0fb6c0dd194e50158777b98d635b03", 0xfb}, {0x2, 0x2800, &(0x7f00000004c0)='!$)\x00', &(0x7f0000000580)="209733fcd93b037500096dc5669a6d23ba5d0dae3303f42aa5a88f327b09eec4705792b6e1b9a3ea9351778fbbd094df7feb6a3f9e464532e7308088f02c7fc5a0af220e8f9b66602f94152dea245601c6b8549bf1036d729029dd60409b6f5c749f5b567b9b2c0b7181b4a1c4f26589471ae7", 0x73, 0x3}, {0x1, 0x2, &(0x7f0000000600)='*\x00', &(0x7f0000000680)="ce1e32dae2b9f93f99826e7a0a8252fa5cf8d5054228f338e548ddebda2e9bcf0d3fcb16e04adaeb6e33b5ffe49b46d391a37c809bf39beb2df83c9a93c44475c2d0caa4cbae1da06c5b537cae4a0b3efb8b691306ff7503b23660e3f420eb125fd78051bf2964cd9db5aac9c945fc52a3d458f01bb55e5d74852f8646a2b530db3d98d116c1f9256e533c61f2739538eab0afd8dffdd5730751415f2c7a64e80188a8f4f48dfed0d64598acfbf90c4f968830d66c1f5e7c10e2d9c605ca398fbee67128d6ec81e45607a7d30923598d842f5e033b73a78da3", 0xd9, 0x30}, {0x2, 0x7fff, &(0x7f0000000780)=')\x00', &(0x7f0000002000)="32f4675e63563f06f43ad643dadd1e106fcff002e9e1f2559806f49b07e08bdd6e8d528e5e3491a6e1af5c31167fa83c657c162ce3de31e9516389a89c29905c0e7fd57cb5fcf4de9c4d2de2735c9629a30cb8776deb", 0x56, 0x2}, {0x1, 0x5, &(0x7f0000000800)='tls', &(0x7f0000000840)="0ab4d62b9004d0ec7ea20f724af93f21f6658a60fcdeb8a7aa5338af977abf81fdcf2097a2f1376d7c360d7cc69d04592276ba8fde92c18da3f13f0648272a3427936254a00826e5f8082ec92de732bb441e2c38a62a5ed7fff7df6e14356349d597b73ca8", 0x65, 0xa}]})
madvise(&(0x7f0000ffd000/0x2000)=nil, 0x2000, 0xa)
syz_usb_connect$uac3(0x0, 0x80, &(0x7f00000000c0)={{0x12, 0x1, 0x300, 0x0, 0x0, 0x0, 0x20, 0x1235, 0x8214, 0x40, 0x1, 0x2, 0x3, 0x1, [{{0x9, 0x2, 0x6e, 0x3, 0x1, 0x7, 0x10, 0x1, {0x8, 0xb, 0x0, 0x2, 0x1, 0x21, 0x30, 0xd6}, {{{0x9, 0x4, 0x0, 0x0, 0x0, 0x1, 0x1, 0x30, 0x0, {{0xa, 0x24, 0x1, 0x9, 0xa, 0x7}}}, {}, {0x9, 0x4, 0x1, 0x1, 0x1, 0x1, 0x2, 0x30, 0x0, {}, {{0x9, 0x5, 0x1, 0x9, 0x3ff, 0x7, 0xbf, 0x41, {0xa, 0x25, 0x25, 0x6, 0x76, 0xba}}}}, {}, {0x9, 0x4, 0x2, 0x1, 0x1, 0x1, 0x2, 0x30, 0x0, {}, {{0x9, 0x5, 0x82, 0x9, 0x400, 0x9, 0x7, 0xd0, {0xa, 0x25, 0x25, 0x6, 0x1, 0x5}}}}}}}}]}}, &(0x7f0000000640)={0x0, 0x0, 0x0, 0x0})

8.513358065s ago: executing program 1 (id=333):
r0 = socket$nl_route(0x10, 0x3, 0x0)
sendmsg$nl_route(r0, &(0x7f0000000200)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000080)=ANY=[@ANYBLOB="40000000210001002bbd7000fcdbdf25060020dd000000020400010008000200ac1414aa08000a00000000001400110069703667726574617030000000000000"], 0x40}, 0x1, 0x0, 0x0, 0x8000}, 0x40800)
r1 = socket$xdp(0x2c, 0x3, 0x0)
r2 = socket$nl_route(0x10, 0x3, 0x0)
sendmsg$nl_route(r2, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000040)={&(0x7f0000000240)=ANY=[@ANYRES32=0x0, @ANYRES64=r1, @ANYBLOB="ffc30000000000003c00adeaeed89ea6400d518703888c0d12800c0001006d6163766c616c002c0002800a000900ffffbfffffff00000a000400aaaaaa91458d4d28ad4f75d3a7556eaaaabb0000060002000500"/98, @ANYRES32=r0, @ANYRES8=r0], 0x64}}, 0x0)
io_setup(0x9, &(0x7f0000000080))
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0)
sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x7)
r3 = getpid()
sched_setscheduler(r3, 0x2, &(0x7f0000000200)=0x6)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={<r4=>0xffffffffffffffff, <r5=>0xffffffffffffffff})
connect$unix(r4, &(0x7f000057eff8)=@abs, 0x6e)
sendmmsg$unix(r5, &(0x7f0000000000), 0x651, 0x0)
recvmmsg(r4, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
sched_setaffinity(0x0, 0x0, 0x0)
syz_init_net_socket$nl_generic(0x10, 0x3, 0x10)
syz_init_net_socket$nl_generic(0x10, 0x3, 0x10)
r6 = socket$inet6_sctp(0xa, 0x5, 0x84)
setsockopt$inet_sctp6_SCTP_PEER_ADDR_PARAMS(r6, 0x84, 0x9, &(0x7f0000000580)={0x0, @in={{0x2, 0x0, @empty}}, 0x0, 0x0, 0x3fc, 0x0, 0x32}, 0x9c)
setsockopt$inet_sctp6_SCTP_DEFAULT_PRINFO(r6, 0x84, 0x72, &(0x7f00000001c0)={0x0, 0x1, 0x20}, 0xc)
setsockopt$inet_sctp6_SCTP_PEER_ADDR_PARAMS(r6, 0x84, 0x9, &(0x7f0000000000)={0x0, @in6={{0xa, 0x0, 0x0, @empty}}, 0x0, 0x800, 0x0, 0x0, 0x8a}, 0x9c)
bind$inet6(r6, &(0x7f00004b8fe4)={0xa, 0x4e23, 0x0, @loopback}, 0x1c)
sendto$inet6(r6, &(0x7f0000847fff)='X', 0x34000, 0x0, &(0x7f000005ffe4)={0xa, 0x4e23, 0x0, @loopback}, 0x1c)
setsockopt$inet_sctp6_SCTP_PEER_ADDR_PARAMS(r6, 0x84, 0x9, &(0x7f0000000a00)={0x0, @in6={{0xa, 0x4e23, 0x0, @loopback}}, 0x100, 0x0, 0x0, 0x0, 0x54, 0x0, 0x8}, 0x9c)
bpf$MAP_CREATE_RINGBUF(0x0, 0x0, 0x0)
fsconfig$FSCONFIG_SET_BINARY(0xffffffffffffffff, 0x2, 0x0, 0x0, 0x0)
fcntl$lock(r5, 0x24, 0x0)
mprotect(&(0x7f0000000000/0xf000)=nil, 0xf000, 0x1)

6.450320306s ago: executing program 1 (id=334):
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x20000008b}, 0x0)
sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x7)
r0 = getpid()
sched_setscheduler(r0, 0x2, &(0x7f0000000200)=0x7)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={<r1=>0xffffffffffffffff, <r2=>0xffffffffffffffff})
read$alg(0xffffffffffffffff, 0x0, 0x0)
r3 = openat$proc_mixer(0xffffffffffffff9c, &(0x7f0000000000)='/proc/asound/card0/oss_mixer\x00', 0x2002, 0x0)
readv(r3, &(0x7f0000000600)=[{&(0x7f0000000380)=""/71, 0x47}], 0x1)
connect$unix(r1, &(0x7f0000000180)=@file={0x1, './file0\x00'}, 0x6e)
sendmmsg$unix(r2, &(0x7f00000bd000), 0x318, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000340)=0x6)
bind$rds(0xffffffffffffffff, 0x0, 0x0)
r4 = openat$vicodec0(0xffffffffffffff9c, &(0x7f0000000000), 0x2, 0x0)
bpf$MAP_CREATE(0x100000000000000, &(0x7f0000000440)=ANY=[], 0x48)
r5 = bpf$MAP_CREATE(0x0, &(0x7f0000000340)=ANY=[@ANYBLOB='\x00'/13], 0x48)
bpf$PROG_LOAD(0x5, &(0x7f0000001080)={0x6, 0x14, &(0x7f00000000c0)=ANY=[@ANYBLOB="1800000000000000000000000000000018150000", @ANYRES32=r5, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b7040000000000008500000045000000180100002020692500000000002020207b1af8ff00000000bfa100000000000007010000f8ffffffb702000008000000b703000000000000850000000700000095"], &(0x7f0000000080)='GPL\x00', 0x0, 0x0, 0x0, 0x40f00, 0x2, '\x00', 0x0, @fallback=0x21, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
bpf$MAP_LOOKUP_ELEM(0x1, 0x0, 0x0)
ioctl$VIDIOC_G_OUTPUT(r4, 0x8004562e, 0x0)
r6 = bpf$BPF_BTF_LOAD(0x12, &(0x7f0000000300)={&(0x7f0000000400)=ANY=[@ANYBLOB="9feb01001800000000000000ee000000ee000000040000000e00000004000004c80500000b00000001000000070000000900000000000000070000000100000003000000020000000000000005000000000000000b0000000400000604000000100000000f00000009000000000000000a0000000300003c749b221d7a7132000b000000060000000300000000000009030000000f0000000500000f0200000001000000ffffffff04000000022000000300000008000000040000000300000001000000050000000600000008000000010000000301000017000000054c0c00000003000004070000000b00000001000000010000000200000003000000ff07000006000000000000009c8b"], &(0x7f0000000540), 0x10c, 0x0, 0x0, 0x9, 0x10000}, 0x28)
syz_open_dev$loop(&(0x7f0000000100), 0x2, 0x2001)
bpf$MAP_CREATE(0x0, &(0x7f0000000240)=ANY=[@ANYBLOB="1e00000007000000060000000002000009000200", @ANYRES32=r5, @ANYBLOB="018b0000000000f8ff000000000c000000000000", @ANYRES32, @ANYRES32=r6, @ANYBLOB="0000000005000000040000000500"/28], 0x50)
r7 = openat$sndtimer(0xffffffffffffff9c, &(0x7f0000000080), 0x0)
ioctl$SNDRV_TIMER_IOCTL_SELECT(r7, 0x40345410, &(0x7f00000083c0)={{0x3, 0x0, 0x7}})

5.360586204s ago: executing program 1 (id=335):
r0 = openat(0xffffffffffffff9c, 0x0, 0x80940, 0xd2)
close(r0)
socket$tipc(0x1e, 0x2, 0x0)
socketpair$tipc(0x1e, 0x5, 0x0, &(0x7f0000000040)={<r1=>0xffffffffffffffff})
shutdown(r1, 0x2)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000080)=0x8)
r2 = getpid()
sched_setscheduler(r2, 0x2, &(0x7f0000000200)=0x7)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f00000007c0))
socketpair$unix(0x1, 0x3, 0x0, &(0x7f0000000080)={<r3=>0xffffffffffffffff, <r4=>0xffffffffffffffff})
connect$unix(r3, &(0x7f0000000300)=@abs, 0x6e)
sendmmsg$unix(r4, &(0x7f00000bd000), 0x28e, 0x0)
recvmmsg(r3, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
r5 = socket$inet6_tcp(0xa, 0x1, 0x0)
setsockopt$inet6_tcp_int(r5, 0x6, 0x13, &(0x7f0000000000)=0x100000001, 0x4)
connect$inet6(r5, &(0x7f0000000200)={0xa, 0x0, 0x0, @loopback}, 0x1c)
setsockopt$inet6_tcp_TCP_ULP(r5, 0x6, 0x1f, 0x0, 0x0)
setsockopt$inet6_tcp_TLS_TX(r5, 0x11a, 0x1, &(0x7f0000000540)=@gcm_128={{0x303}, "ffffffffffffffe2", "8e083700daf38a6d69e9b5e9c2f133d7", "6a3a05b9", "12772541f8eb02bb"}, 0x28)
shutdown(r5, 0x1)
r6 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f00000002c0)='freezer.state\x00', 0x275a, 0x0)
write$cgroup_int(r6, &(0x7f0000000000), 0xffffff6a)
sendfile(r5, r6, 0x0, 0xffffffff004)
ioctl$XFS_IOC_ATTRMULTI_BY_HANDLE(r6, 0x4048587b, &(0x7f0000000980)={{r0, &(0x7f0000000180)='(/!\x9c,\x0f\x00', 0x200, &(0x7f00000001c0)={@align=0x5, {0xfff2, 0x5, 0x9, 0x6}}, 0x200, &(0x7f0000000240)={@_ha_fsid}, &(0x7f0000000500)=0xb}, 0x5, &(0x7f00000008c0)=[{0x3, 0x4, &(0x7f0000000380)='tls', &(0x7f00000003c0)="1afa92336878987b752eec4fadc8b5fc469aca783a699d0c806b58a62874f0d55992390fb15ea5d6b87978e288008c0ba6feb1d8d8e36a6c9db22c8ca561b76695d59261646415ea74e6ef4dce5e6a09cad96f27f12979a0a9c6b7ccc56f9442afbb3b72fe6307cc9afcdff8e9c34fafbbaa19a173c238c259038bd3588d135ab50b7e0ca317babdca00473c017b14e8871edaa890c1f6902167c2c4975f8a0c6cf780ee19294d142a2ab74413ac4cc645633b5c522d2e66a3d86b5f5e2630a906a5c770849f9635248fea40914475f4d4449e42688ea84f64a7480464604a7d107a55e63b53878a7f0edc2a0fb6c0dd194e50158777b98d635b03", 0xfb}, {0x2, 0x2800, &(0x7f00000004c0)='!$)\x00', &(0x7f0000000580)="209733fcd93b037500096dc5669a6d23ba5d0dae3303f42aa5a88f327b09eec4705792b6e1b9a3ea9351778fbbd094df7feb6a3f9e464532e7308088f02c7fc5a0af220e8f9b66602f94152dea245601c6b8549bf1036d729029dd60409b6f5c749f5b567b9b2c0b7181b4a1c4f26589471ae7", 0x73, 0x3}, {0x1, 0x2, &(0x7f0000000600)='*\x00', &(0x7f0000000680)="ce1e32dae2b9f93f99826e7a0a8252fa5cf8d5054228f338e548ddebda2e9bcf0d3fcb16e04adaeb6e33b5ffe49b46d391a37c809bf39beb2df83c9a93c44475c2d0caa4cbae1da06c5b537cae4a0b3efb8b691306ff7503b23660e3f420eb125fd78051bf2964cd9db5aac9c945fc52a3d458f01bb55e5d74852f8646a2b530db3d98d116c1f9256e533c61f2739538eab0afd8dffdd5730751415f2c7a64e80188a8f4f48dfed0d64598acfbf90c4f968830d66c1f5e7c10e2d9c605ca398fbee67128d6ec81e45607a7d30923598d842f5e033b73a78da3", 0xd9, 0x30}, {0x2, 0x7fff, &(0x7f0000000780)=')\x00', &(0x7f0000002000)="32f4675e63563f06f43ad643dadd1e106fcff002e9e1f2559806f49b07e08bdd6e8d528e5e3491a6e1af5c31167fa83c657c162ce3de31e9516389a89c29905c0e7fd57cb5fcf4de9c4d2de2735c9629a30cb8776deb", 0x56, 0x2}, {0x1, 0x5, &(0x7f0000000800)='tls', &(0x7f0000000840)="0ab4d62b9004d0ec7ea20f724af93f21f6658a60fcdeb8a7aa5338af977abf81fdcf2097a2f1376d7c360d7cc69d04592276ba8fde92c18da3f13f0648272a3427936254a00826e5f8082ec92de732bb441e2c38a62a5ed7fff7df6e14356349d597b73ca8", 0x65, 0xa}]})
madvise(&(0x7f0000ffd000/0x2000)=nil, 0x2000, 0xa)
syz_usb_connect$uac3(0x0, 0x80, &(0x7f00000000c0)={{0x12, 0x1, 0x300, 0x0, 0x0, 0x0, 0x20, 0x1235, 0x8214, 0x40, 0x1, 0x2, 0x3, 0x1, [{{0x9, 0x2, 0x6e, 0x3, 0x1, 0x7, 0x10, 0x1, {0x8, 0xb, 0x0, 0x2, 0x1, 0x21, 0x30, 0xd6}, {{{0x9, 0x4, 0x0, 0x0, 0x0, 0x1, 0x1, 0x30, 0x0, {{0xa, 0x24, 0x1, 0x9, 0xa, 0x7}}}, {}, {0x9, 0x4, 0x1, 0x1, 0x1, 0x1, 0x2, 0x30, 0x0, {}, {{0x9, 0x5, 0x1, 0x9, 0x3ff, 0x7, 0xbf, 0x41, {0xa, 0x25, 0x25, 0x6, 0x76, 0xba}}}}, {}, {0x9, 0x4, 0x2, 0x1, 0x1, 0x1, 0x2, 0x30, 0x0, {}, {{0x9, 0x5, 0x82, 0x9, 0x400, 0x9, 0x7, 0xd0, {0xa, 0x25, 0x25, 0x6, 0x1, 0x5}}}}}}}}]}}, &(0x7f0000000640)={0x0, 0x0, 0x0, 0x0})

5.03347474s ago: executing program 2 (id=336):
r0 = socket$nl_route(0x10, 0x3, 0x0)
sendmsg$nl_route(r0, &(0x7f0000000200)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000080)=ANY=[@ANYBLOB="40000000210001002bbd7000fcdbdf25060020dd000000020400010008000200ac1414aa08000a00000000001400110069703667726574617030000000000000"], 0x40}, 0x1, 0x0, 0x0, 0x8000}, 0x40800)
r1 = socket$xdp(0x2c, 0x3, 0x0)
r2 = socket$nl_route(0x10, 0x3, 0x0)
sendmsg$nl_route(r2, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000040)={&(0x7f0000000240)=ANY=[@ANYRES32=0x0, @ANYRES64=r1, @ANYBLOB="ffc30000000000003c00adeaeed89ea6400d518703888c0d12800c0001006d6163766c616c002c0002800a000900ffffbfffffff00000a000400aaaaaa91458d4d28ad4f75d3a7556eaaaabb0000060002000500"/98, @ANYRES32=r0, @ANYRES8=r0], 0x64}}, 0x0)
io_setup(0x9, &(0x7f0000000080))
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0)
sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x7)
r3 = getpid()
sched_setscheduler(r3, 0x2, &(0x7f0000000200)=0x6)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={<r4=>0xffffffffffffffff, <r5=>0xffffffffffffffff})
connect$unix(r4, &(0x7f000057eff8)=@abs, 0x6e)
sendmmsg$unix(r5, &(0x7f0000000000), 0x651, 0x0)
recvmmsg(r4, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
sched_setaffinity(0x0, 0x0, 0x0)
syz_init_net_socket$nl_generic(0x10, 0x3, 0x10)
syz_init_net_socket$nl_generic(0x10, 0x3, 0x10)
r6 = socket$inet6_sctp(0xa, 0x5, 0x84)
setsockopt$inet_sctp6_SCTP_PEER_ADDR_PARAMS(r6, 0x84, 0x9, &(0x7f0000000580)={0x0, @in={{0x2, 0x0, @empty}}, 0x0, 0x0, 0x3fc, 0x0, 0x32}, 0x9c)
setsockopt$inet_sctp6_SCTP_DEFAULT_PRINFO(r6, 0x84, 0x72, &(0x7f00000001c0)={0x0, 0x1, 0x20}, 0xc)
setsockopt$inet_sctp6_SCTP_PEER_ADDR_PARAMS(r6, 0x84, 0x9, &(0x7f0000000000)={0x0, @in6={{0xa, 0x0, 0x0, @empty}}, 0x0, 0x800, 0x0, 0x0, 0x8a}, 0x9c)
bind$inet6(r6, &(0x7f00004b8fe4)={0xa, 0x4e23, 0x0, @loopback}, 0x1c)
sendto$inet6(r6, &(0x7f0000847fff)='X', 0x34000, 0x0, &(0x7f000005ffe4)={0xa, 0x4e23, 0x0, @loopback}, 0x1c)
setsockopt$inet_sctp6_SCTP_PEER_ADDR_PARAMS(r6, 0x84, 0x9, &(0x7f0000000a00)={0x0, @in6={{0xa, 0x4e23, 0x0, @loopback}}, 0x100, 0x0, 0x0, 0x0, 0x54, 0x0, 0x8}, 0x9c)
bpf$MAP_CREATE_RINGBUF(0x0, 0x0, 0x0)
fsconfig$FSCONFIG_SET_BINARY(0xffffffffffffffff, 0x2, 0x0, 0x0, 0x0)
fcntl$lock(r5, 0x24, 0x0)
socket$nl_route(0x10, 0x3, 0x0)

3.385070699s ago: executing program 0 (id=337):
r0 = syz_open_dev$vbi(&(0x7f0000000000), 0x0, 0x2)
ioctl$VIDIOC_S_INPUT(r0, 0xc0045627, &(0x7f00000000c0)=0x3)
ioctl$VIDIOC_SUBDEV_S_DV_TIMINGS(r0, 0xc0845657, &(0x7f0000000600)={0x700, @bt={0x8a5, 0x92, 0x1, 0x3, 0xd59f80, 0x0, 0x2803, 0x200010, 0x7, 0x2, 0x2, 0xf20, 0x1, 0x0, 0x1, 0x12, {0x401, 0x40}, 0xcc, 0xb}})

3.235415495s ago: executing program 3 (id=338):
r0 = socket$netlink(0x10, 0x3, 0x0)
sendmsg$nl_route(r0, &(0x7f00000002c0)={0x0, 0x0, &(0x7f0000000200)={&(0x7f0000000300)=ANY=[@ANYBLOB="5c00000020000100000000000000000002200000000000000000000005"], 0x5c}}, 0x0)
sendmsg$nl_route_sched(0xffffffffffffffff, 0x0, 0x20000000)
sendmmsg(r0, &(0x7f00000002c0), 0x40000000000009f, 0x0)

2.137567236s ago: executing program 2 (id=339):
syz_usb_connect$cdc_ncm(0x0, 0x8f, &(0x7f0000000580)=ANY=[@ANYBLOB="12010000020000402505a1a440000102030109027d0002010080000904000001020d0000052406000105240000000d240f0103050000fd0000000406241aff072908241c0101090000142413099f33760bf14377323063f9c8a04d113905241510000905810300020800040904010000020d0000090401010202"], 0x0)
r0 = socket$phonet_pipe(0x23, 0x5, 0x2)
socketpair$nbd(0x1, 0x1, 0x0, &(0x7f0000000800))
socket$phonet_pipe(0x23, 0x5, 0x2)
bind$phonet(r0, 0x0, 0x0)
socket$phonet_pipe(0x23, 0x5, 0x2)
socket$nl_generic(0x10, 0x3, 0x10)
socket(0x1e, 0x4, 0x0)
socket$inet_tcp(0x2, 0x1, 0x0)
r1 = syz_open_dev$dvb_frontend(&(0x7f00000000c0), 0x0, 0x40002)
ioctl$FE_SET_PROPERTY(r1, 0x40106f52, &(0x7f00000001c0)={0x3b, 0x0})
syz_init_net_socket$802154_raw(0x24, 0x3, 0x0)
io_uring_enter(0xffffffffffffffff, 0x8ae, 0x6933, 0x17, 0x0, 0xeffd)
r2 = fsopen(&(0x7f00000001c0)='ramfs\x00', 0x0)
fsconfig$FSCONFIG_CMD_CREATE(r2, 0x6, 0x0, 0x0, 0x0)
r3 = fsmount(r2, 0x1, 0x0)
fchdir(r3)
mkdirat(0xffffffffffffff9c, &(0x7f0000000100)='./file0\x00', 0x0)
mknodat$loop(0xffffffffffffff9c, &(0x7f0000000040)='./file5\x00', 0x6000, 0x1)
renameat2(0xffffffffffffff9c, &(0x7f0000000a00)='./file0\x00', 0xffffffffffffff9c, &(0x7f0000000600)='./file5\x00', 0x2)
socket$inet6(0xa, 0x80001, 0x0)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200))
r4 = syz_open_dev$dri(&(0x7f0000000440), 0x1, 0x48240)
ioctl$DRM_IOCTL_SET_CLIENT_CAP(r4, 0x4010640d, &(0x7f0000000000)={0x3, 0x2})
ioctl$DRM_IOCTL_MODE_GETPLANERESOURCES(r4, 0xc01064b5, &(0x7f0000000040)={&(0x7f0000000100)=[<r5=>0x0], 0x1})
ioctl$DRM_IOCTL_MODE_ATOMIC(r4, 0xc03864bc, &(0x7f0000000180)={0x1, 0x1, &(0x7f00000000c0)=[r5], &(0x7f0000000180), &(0x7f0000000200), &(0x7f00000001c0), 0x0, 0x1})

2.011846717s ago: executing program 1 (id=340):
r0 = syz_usb_connect$cdc_ncm(0x0, 0x8f, &(0x7f0000000580)=ANY=[@ANYBLOB="12010000020000402505a1a440000102030109027d0002010080000904000001020d0000052406000105240000000d240f0103050000fd0000000406241aff072908241c0101090000142413099f33760bf14377323063f9c8a04d113905241510000905810300020800040904010000020d00000904010102020d0000090582020002e1ad00090503020002"], 0x0)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0)
sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x7)
r1 = getpid()
sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2)
sched_setscheduler(r1, 0x2, &(0x7f0000000200)=0x6)
ioprio_set$pid(0x2, 0xffffffffffffffff, 0x2004)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeef, 0x8031, 0xffffffffffffffff, 0x0)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f00000001c0)={<r2=>0xffffffffffffffff, <r3=>0xffffffffffffffff})
connect$unix(r2, &(0x7f000057eff8)=@file={0x0, './file0\x00'}, 0x6e)
sendmmsg$unix(r3, &(0x7f0000000000), 0x400000000000041, 0x0)
sched_setaffinity(r1, 0x8, &(0x7f0000000240)=0x2)
recvmmsg(r2, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
mkdirat(0xffffffffffffff9c, &(0x7f0000000040)='./file0\x00', 0xc0)
ioctl$sock_inet_SIOCSIFADDR(r2, 0x8916, 0x0)
mount(0x0, &(0x7f0000000180)='./file0\x00', &(0x7f00000000c0)='tracefs\x00', 0x1214040, 0x0)
mount$overlay(0x0, &(0x7f0000000140)='./file0\x00', &(0x7f0000000180), 0x0, &(0x7f00000003c0)={[{@lowerdir={'lowerdir', 0x3d, './file0'}, 0x3a}], [], 0x2f})
mount$overlay(0x0, &(0x7f0000000140)='./file0\x00', &(0x7f0000000180), 0x0, &(0x7f0000000040)={[{@lowerdir={'lowerdir', 0x3d, './file0'}, 0x3a}], [], 0x2f})
r4 = openat(0xffffffffffffff9c, &(0x7f0000000000)='./file0\x00', 0x4, 0x80)
getdents64(r4, &(0x7f0000000400)=""/4096, 0xc00)
syz_usb_control_io$cdc_ncm(r0, 0x0, 0x0)
syz_usb_control_io$cdc_ncm(r0, 0x0, 0x0)
r5 = syz_usb_connect$cdc_ecm(0x5, 0x61, &(0x7f00000002c0)={{0x12, 0x1, 0x300, 0x2, 0x0, 0x0, 0x10, 0x525, 0xa4a1, 0x40, 0x1, 0x2, 0x3, 0x1, [{{0x9, 0x2, 0x4f, 0x1, 0x1, 0xe1, 0x60, 0x9, "", [{{0x9, 0x4, 0x0, 0x1, 0x2, 0x2, 0x6, 0x0, 0x9, {{0xb, 0x24, 0x6, 0x0, 0x0, "08b77534c4e4"}, {0x5, 0x24, 0x0, 0xe}, {0xd, 0x24, 0xf, 0x1, 0x1, 0xc7, 0xecf, 0x3}, [@call_mgmt={0x5, 0x24, 0x1, 0x1, 0xe0}]}, {[{{0x9, 0x5, 0x81, 0x3, 0x10, 0x79, 0x3, 0x1}}], {{0x9, 0x5, 0x82, 0x2, 0x20, 0xfb, 0x5}}, {{0x9, 0x5, 0x3, 0x2, 0x3ff, 0x10, 0x9, 0x3}}}}}]}}]}}, &(0x7f0000000b00)={0xa, &(0x7f0000000340)={0xa, 0x6, 0x200, 0x54, 0x7, 0x2, 0x20, 0x2}, 0x10, &(0x7f0000000380)={0x5, 0xf, 0x10, 0x1, [@wireless={0xb, 0x10, 0x1, 0xc, 0x10, 0x1, 0x49, 0x7, 0x9}]}, 0x7, [{0x4, &(0x7f00000003c0)=@lang_id={0x4, 0x3, 0x416}}, {0xfd, &(0x7f0000000640)=@string={0xfd, 0x3, "cd8f73b7a3387107d6e9db58dc8faa50cf1f701e7d0f65e9206e0b9969b0409bdf00e1eebf9a684a4525035ac0f2681a48a54142db02d9fba22665fd96c144adaa9c120e05a560010d7540e859d15f18115eeb5cf8c29c70ebad826f8d80c39b04ef227c6229c833cbad6469f50a4b20681c9ddd9e04348675f2e7409715c70e50133618218aac56974d4ef9b26882e2e0fdfad7b5104071eceba795980aff80cf3d7083dda28c1a93f4b9bb436f41d59bea1422021438a226f5b9a945f4f9ea8a849731be0519f72c968ee3f64581734bf81c315808c55e955a3eac385fa8e1a9e13fd8b140ea9d9169772f062fd3936f2458531d884e51020512"}}, {0x4, &(0x7f0000000840)=@lang_id={0x4, 0x3, 0x83e}}, {0x2, &(0x7f0000000880)=@string={0x2}}, {0x69, &(0x7f0000000940)=@string={0x69, 0x3, "d474cd2ed522b9ebc4ca615cc90209922abc7e010bb9107aa7da7b966d90745cb892b80930378e6bdcb1c41a116b81ac64152175a6cf3470e769c0b6208b8b5ae784c1c40defb9d7fd29087260c66f66db2c34db6cbe567c333ce561c762ae7c3f44c1537d335f"}}, {0x4, &(0x7f00000009c0)=@lang_id={0x4, 0x3, 0x827}}, {0xb0, &(0x7f0000000a00)=@string={0xb0, 0x3, "7edfc1546b280342e19e00514ae91d47698d2f8213c54cc843ecaab0a4d6117244f56118d3d44c2ad695e4a2acbc821cc3a9ffab1fe3569d41cbf9d327955d66bab905de8d59073f5ca92a78f9a7e0249e0462334399b3f08274ccd453ef7dc286b85db158ff66f9f6c5578ff71f0dd56dbdefe01c9c6a6f678ecc3263fc249b07f33d24a7fa281b8ba0763b3f9fb686f09e9c58ebe94719741ea2bb9b331dafd8b761929d05b5feed3379389859"}}]})
r6 = syz_init_net_socket$802154_dgram(0x24, 0x2, 0x0)
sendmsg$802154_dgram(r6, &(0x7f0000000240)={0x0, 0x0, &(0x7f0000000200)={0x0}, 0x1, 0x0, 0x0, 0x24048040}, 0x4044001)
r7 = bpf$PROG_LOAD(0x5, &(0x7f0000000200)={0xc, 0xe, &(0x7f0000001080)=ANY=[@ANYBLOB="b702000024000000bfa30000000000000703000000feffff7a0af0fff8bffffd79a4f0ff00000000b7060000ffffffff2d640500000000006502040001001f000404000001007d60b7030000000000006a0a00fefdff00008500000026000000b7000000000000009500000000000000c743a0c8e3ebbadc20e5a7efcc9ac1467fb2ea80dbcf8df265e1b40e4c8afd5c0c000000008da68076774bbcdb2c769937000090af27db5b56024db96bcbbbd2cb2000ce03000000000000007e357754508535766c80114604a86fe569b05614eab9297eb290a248a120c9c6e39f403ff065fd3052aae80675eeba68562eaeaea5fecf298ca20f274233106eab63ecf772de7b265040b6c50b7420b48a93fe94c756108afcd0b2eb78040000005f02a5a6474ae549070004000000001294fba0ed5020e6474ac921fee1f6d8ad6a80c0947cd6d4a561ced21a0b4a902be6af7ec2d1ba002e57f301000000000000000000000000100000aaf25343063e6581f9e6de14ad72e5ad84309f47f96a576cd20cef7ed951a73ea73d7c7f14e306f1f1d1377e57abb1af00f0077e9d0000b93eb0f2c6f8141e350dc68147e5958128d22d586270f9dba211bfff9c3709c9b134625d3d2369f516a49eeeb1a662c8dfb875bdf5c6ba73cccdfacb202994c40d322717faff03323dce8a34ee0ca2cf61efb4b30000642735d6d482ba98d252f36c54333aab1aa736369392b9067665339820f5f1557b0bf7cc06a5a13c714e0b1a1f000000ff3283076cda3d0b1a2905cfc3d04f1db264b530abcbe44bc405f600807970727fb819afa1907228fa9e83433eedb4ac88d0285594ffb0d14c09d5c77f33702822b02488ea570204c8441ced81cacf945dcb2486c9e3600e916ae6307bd8325a442095bc9a8b0c95905979f34adddbb26f0d24425c8ab9d937d84b521914f92eed3d3e9de82942a952e86b567aff5bc2e3c1fcc00f618363df5d0d181ee8f4b8fd356c9eb365adc037e443820c05c5db16ff07a9cf471e2ebf91ab00a05f88c1cd55f8c81f5eb1f8d615ca27efb2193bb61665a1ce37f30c2efc9c3b5a4a5d95479fac471ba60fbd0e50225563cd37343d09da72472efc2b2877fbab12a891513e5f0763ae06c0610a2869747c143d75007606000000b2310e19ac58bf29d7f178d09a9f634a3ae492f54649589e3692768a0f3a082c5242c8fa7f01e0873c9c5c604108ad85950d8e08465fa1067ea8f383b3e7a7ddf5977d46f4bc38f914b4a496426d8468f9ba618b6b2218b50c8fc9efbce3ba799cf70de7e13be871aa7eb402e2b11f440361e18d4e334bfc6ae54e62e67a0338c756c544189e4519a029674e2a2bbbc7f6600000000000800000e5e30b70b198246d3a62660600000030a0af132e680510811d3ab71af5d98e2d3d928a749e8b9402d14655612bd58fb40b4625cb69bf6cea97b447f2d970d99100000000086000001b881afb2cc500003a73562af4878f75b4c98274eeb666aa1f5fcf91990cf0dcfef9540057b8a3fff2bc02c5941626d2015f414546e87835ba18e91017343e3dc6955fc6b9a25fe2a3dd8bab7f21beccba5493a164c663eceed401737c12c65804712236a9a29a43b1e27e9b6816f2328ea8423121f12b7b35aa721fef26934ccafde573bee5c33ef15309f43cbd5d61aa679a9c402d337ebf57a5eacb569401c1df7b9c45b09743c61d1db37f0000000000020000000000de00d23dd63b7761d7d6818db785d8ba13dc577fe61a68eb365de5661f43d4c789bb117a3d208ae44a38e7868dc32e132124ecf52327631b718b3157e218959156ff8e92b7e92bc275d2c9114547351a0d0f1370d13be0194b6cb68b03000000000000004f153bbc7f52861e4e5df0d19e4e40ac44cfda6f87807e5b5ed7072c04da88afd3d4b79f060e004a0e2f00b9e726ac75d2ac0691314c627e9a8a07bdd607919fd48f01ad6d2f7621d9a75b134f1bc25ed7c33d411a5baa4daa3add16afc502b2b7629541d722e91d631e5ffb9d4beb5aa5a2c4e490a5bd038c1817f0d4652a29353b05b16b3c5cf4538ba310b8cbc221af38ea842d4cb908bcd574f794459fd54b58c6a791e6df625a47bade4ba41ee014184395a479544619f749ff70088b0fd115077f7eff7c5a3315ca604d110df1c54407f191a78d8362e4dc6e1138391c2a65246779bb76c9f1daea4f085f38810edef6dd047937c231cba791a4e7713c5b3b0a0b6ba37db5016e02d114d714459d065a79609fea4efebad04eda001aac0e53dd094827453144fa419ee81823d00a90a9058ba740d2f4125377960604f521df5e325efe395a4e3b7ca8d01a8c1a7265a084e30ad10d412aee8170a7111d62473e7bd8f3d64fb7ebdd32aada331900000000000000000000000084ef49dd020000000000000000000000d9dcb285038ec38d5f4969ed0e98a71ac7bf8159a234833a5241722b2d24aa2fa4965d4eb7966fb27d118b6ef3308627e67d42f1041d5e92da28e0a7724ce715854775cbe06c5166f1dac0745f1373156a536cb6394c2c4473e2050cacf693fdf8e305080000001a901ecd90a5f53b8327a485557bc2a147b036477915e600000000034258ebbb6099b597d17ee2fc97ca850b8580b1337016a40566814594c13052b9d2b0741326825f19a244609ac04a0c29691a7c8f7a78c1a7590a293c561f304533c638ae635f5ce026f7fa034d8cfe0e11831d4829692beab26891ef583cfcb713a4d3a2d8b958c0875d7e4bdcf98802db086ebcbb9d82fa569a18f06facc2ffe1ea9ae4231e1e7a5dd7503faa2de7f898c97788c4b9c61c70ff92abdf7476cc351156d11c0ada7614f315f4c6cca119d16827d4e864f5a7a9b690272a510c451dc07f391309d02e31e53b2bf0b5f86e776b1bcfe6c85ccd7ddf8a9559d58bb5603895f265685f0400000000000000ccec1b0d45a47a89b8237cbbdab14e4ca6dc76b2c41e071b93a065c0f5aa718e1cfab29beea78a6bd9a3114f0f6f03160ec875b92be9a5862627b4bd99db2c08e4636e43f05f33535d5d1f9bb40e1fd8e5125a3d29b31dd94a6744bbc21722222b976089f073a4d3fcafc6d06518cf0c4fc6c8e3da0000000000000000000000007d3b60775243f2143d9f54804b11102cf0e4c641db1ba8bf75e46ab3a8fdece6562e7ebb3e407f3c7504dfa3da3aecbd49af3d1edeea11cc970416fadeedc8423bfdc85041ac4d8243a1130e6f4cb5bbfed9d095e18c98c7d690e4c491a7ddcd5635bc61dbed719ca28e8ca3f1fbbe588913ed057f1d6e34a79f4dc10df54d1993a5bc5f9ef6dbd339ee4b0b5764169f305e284ef82cc23e9366d4bc7eb45c7230b13433e5240657cb8eba33260147be8620b6d98cc48b000000000000000000000000c1ce872b18984f080100000000000000bd3fded92547d41809b398f36749083a147eb09ff1ed601bd36b873d3947fb223da647052528e0466cb917db7800f7c7000b593fca1903991cca1343882e3a1f60044f11c081dae4fc5bcf20efacdd2c577f4bcda2eea6f75a31dc90eebb6135b6fb824052181b0ad8a49ebf03ccf61d7e39bf6b0762d24d19796016301d1415b5110ba9df7f204aedb2a2e4e621c0553d312b309db67192f98ef7800000d629c04e216afc8fc66616bbf304e452373aa927c2ad6f5417f1b9bc322b802c1c42112a92a331cdc113b9ace3ff52ede7a853f9a89002ba070bac2f635a03db3375e5564f1a798bf9c0f8c72725d2eca9b0ec7e453d78ea20eca61530fe574299b393ca144adcb06108dfbb934065a87972739150a8752ac111c4d9062ccb95c54034fbdee131d94dfbaab1854d55665746fb7b47d25e54070b0d14c0a29c57bc4930075e1761913b036d43852c6df9f10e15105b2a18668298a3577943514db0dce953dcec62139ff3f16066efec5d8cbc0600000000007289be5883aab951ea67cf2ff691d05c1ea91dd569ed9897fe8d88a0a6977dc8955be17e8026aff11c61fa5cc76196c14233d597345253baa1537eb6962a3ce1fe5d5ab46938e8fb23fa7047bc59c4345e912585a9adb5fe2ff51b64a326321b594e3f2d339f4090bdae6b30b62064bacbc155d3c930576f506b093ca7c60957bdfdd6536baaa871cf6a603c736b78761e6463b8ac503e219cc3d98f649602ad24d5667368290ee926fba76ee482a201a03efece3b236f4ee2ffcd5d90d92a2f0c5cb2791add8279c491fa48c87f27c2f1e92988a6508c12f6b7755cc48eb10edafca92cb0260c72295a27a24846d3a2334bd60e94c0fd07e5db0a4964a7fc4e89f11a300510776934e87bb3c21394f46954a012b2a3b0760f1bad1dbd6b466e0000000000000000008e5f9004e01fe2b177c5f443d09de4ba8f72d534405f9e7807c864bbca5893376420e38cf47a3660a2ab17b20baa271aa9eaffc19b50f291f51a7cc935023382bd80d7bca313636f3aaa6b788b233097bd545d9bf9715fbf"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x8, &(0x7f0000000000), 0x8, 0x10, &(0x7f0000000000), 0x10}, 0x94)
bpf$BPF_PROG_TEST_RUN(0xa, &(0x7f00000003c0)={r7, 0x18000000000002a0, 0xe, 0x0, &(0x7f00000000c0)="b907ef19edfff00702000ff0888e", 0x0, 0x6500, 0x18000000, 0x0, 0x0, 0x0, 0x0, 0x4}, 0x50)
syz_usb_control_io$cdc_ecm(r5, &(0x7f0000000c00)={0x14, &(0x7f0000000b80)={0x1465c8eadaf9c77c, 0x5, 0x34, {0x34, 0x22, "8ac13a5e4761da2fda1b5353c2908ad386c0333723f2a21b72a5f2e3aaf568bf28ed90230d49269c05a42c105e26a3e462cf"}}, &(0x7f0000000bc0)={0x0, 0x3, 0x1a, {0x1a}}}, &(0x7f0000000d00)={0x1c, &(0x7f0000000c40)={0x0, 0x14, 0xc, "f1103afd4613de0b7e9b7799"}, &(0x7f0000000c80)={0x0, 0xa, 0x1, 0x2}, &(0x7f0000000cc0)={0x0, 0x8, 0x1, 0x9}})
syz_usb_control_io$cdc_ncm(r0, 0x0, &(0x7f0000000000)={0x44, 0x0, 0x0, 0x0, &(0x7f0000000280)={0x20, 0x80, 0x1c, {0x10ff, 0x2, 0x4003c, 0x6, 0x4, 0x7fff, 0xfffd, 0xef, 0x1, 0xfff4, 0x4, 0x2fb}}, 0x0, 0x0, 0x0, 0x0})
request_key(&(0x7f00000001c0)='user\x00', &(0x7f0000000200)={'syz', 0x2}, &(0x7f0000000240)='-,#,,\x00', 0xfffffffffffffffc)

1.73879322s ago: executing program 3 (id=341):
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0)
sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x7)
r0 = getpid()
sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2)
sched_setscheduler(r0, 0x2, &(0x7f0000000200)=0x3)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f05ebbeef, 0x8031, 0xffffffffffffffff, 0x0)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={<r1=>0xffffffffffffffff, <r2=>0xffffffffffffffff})
connect$unix(r1, &(0x7f000057eff8)=@file={0x0, './file0\x00'}, 0x6e)
sendmmsg$unix(r2, &(0x7f0000000000), 0x400000000000041, 0x0)
sched_setaffinity(r0, 0x8, &(0x7f0000000240)=0x2)
recvmmsg(r1, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
mkdir(&(0x7f0000000300)='./bus\x00', 0x0)
mkdirat(0xffffffffffffff9c, &(0x7f0000000240)='./file1\x00', 0x40)
mkdirat(0xffffffffffffff9c, &(0x7f0000000100)='./file0\x00', 0x1a0)
mkdirat(0xffffffffffffff9c, &(0x7f0000002000)='./file0\x00', 0x190)
r3 = openat$fuse(0xffffffffffffff9c, &(0x7f0000002080), 0x2, 0x0)
mount$fuse(0x0, &(0x7f00000020c0)='./file0\x00', &(0x7f0000002100), 0x404, &(0x7f0000000280)={{'fd', 0x3d, r3}, 0x2c, {'rootmode', 0x3d, 0x4000}, 0x2c, {}, 0x2c, {}, 0x2c, {[{@allow_other}]}})
open(&(0x7f00000000c0)='./file0\x00', 0x80, 0x48)
mount$overlay(0x0, &(0x7f0000000000)='./bus\x00', &(0x7f0000000080), 0x0, &(0x7f0000000380)={[{@upperdir={'upperdir', 0x3d, './file1'}}, {@lowerdir={'lowerdir', 0x3d, './file0'}}, {@workdir={'workdir', 0x3d, './bus'}}]})
r4 = openat$iommufd(0xffffffffffffff9c, &(0x7f0000000040), 0x0, 0x0)
ioctl$IOMMU_IOAS_ALLOC(r4, 0x3b81, &(0x7f0000000080)={0xc, 0x0, <r5=>0x0})
ioctl$IOMMU_VFIO_IOAS$SET(r4, 0x3b88, &(0x7f00000000c0)={0xc, r5})
ioctl$IOMMU_VFIO_IOAS$CLEAR(r4, 0x3b88, 0x0)
ioctl$IOMMU_IOAS_ALLOW_IOVAS(r4, 0x3b82, &(0x7f0000000180)={0x20, r5, 0x0, 0x0, &(0x7f00000001c0)})
ioctl$IOMMU_VFIO_GET_API_VERSION(r4, 0x3b64)
ioctl$IOMMU_VFIO_SET_IOMMU(r4, 0x3b66, 0x3)
ioctl$IOMMU_VFIO_CHECK_EXTENSION(r4, 0x3b65, 0x9)
ioctl$IOMMU_VFIO_IOMMU_GET_INFO(r4, 0x3b70, &(0x7f0000000240)={0x70, 0x0, 0x0, 0x0, {}, {{}, 0x0, 0x0, [{}]}})
ioctl$IOMMU_VFIO_IOMMU_UNMAP_DMA(r4, 0x3b72, &(0x7f0000000300)={0x18, 0x0, 0x1c, 0x1c})

1.344064274s ago: executing program 0 (id=342):
r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0)
r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0)
ioctl$KVM_CREATE_IRQCHIP(r1, 0xae60)
r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x1)
ioctl$KVM_CAP_X2APIC_API(r1, 0x4068aea3, &(0x7f0000002a80)={0x81, 0x0, 0x3})
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000940)={0xffffffffffffffff, <r3=>0xffffffffffffffff})
pipe(&(0x7f0000000080)={0xffffffffffffffff, <r4=>0xffffffffffffffff})
splice(r3, 0x0, r4, 0x0, 0xf3a, 0x0)
write$UHID_CREATE2(r4, &(0x7f00000003c0)={0xb, {'syz1\x00', 'syz1\x00', 'syz0\x00', 0x92, 0xec90, 0x5, 0x3, 0x4, 0x6, "6456e8352b72f3343801142dbe4c5174875da49bae37cffa8ee3e5614a6d3d1cd8190971ec65bf5912add87bbe01e99dd48e6789c9beaf4bfe363ee5d69a49023575ed79e4ee61e063d7f8c894e0d92f6259f66093d820610a0f8a7afeb2a11b9205204e64434d6f3dc742f1bcda74277cf40247e94db3707547cefd514f9d01de9e8e56b7b1900a1c3b1bbcd706eb73c45d"}}, 0x1aa)
ioctl$KVM_SET_VCPU_EVENTS(r2, 0x4400ae8f, &(0x7f0000000140)=@x86={0x0, 0xff, 0x8e, 0x0, 0x0, 0x0, 0x0, 0x2, 0x0, 0x0, 0x5, 0x2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x8d})
seccomp$SECCOMP_SET_MODE_FILTER(0x1, 0x1, &(0x7f00000000c0)={0x1, &(0x7f0000000000)=[{0x6, 0x9, 0x0, 0x7fff0000}]})

0s ago: executing program 3 (id=343):
r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0)
r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0)
ioctl$KVM_CREATE_IRQCHIP(r1, 0xae60)
ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x1)
ioctl$KVM_CAP_X2APIC_API(r1, 0x4068aea3, &(0x7f0000002a80)={0x81, 0x0, 0x3})
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000940)={0xffffffffffffffff, <r2=>0xffffffffffffffff})
pipe(&(0x7f0000000080)={0xffffffffffffffff, <r3=>0xffffffffffffffff})
splice(r2, 0x0, r3, 0x0, 0xf3a, 0x0)
write$UHID_CREATE2(r3, &(0x7f00000003c0)={0xb, {'syz1\x00', 'syz1\x00', 'syz0\x00', 0x92, 0xec90, 0x5, 0x3, 0x4, 0x6, "6456e8352b72f3343801142dbe4c5174875da49bae37cffa8ee3e5614a6d3d1cd8190971ec65bf5912add87bbe01e99dd48e6789c9beaf4bfe363ee5d69a49023575ed79e4ee61e063d7f8c894e0d92f6259f66093d820610a0f8a7afeb2a11b9205204e64434d6f3dc742f1bcda74277cf40247e94db3707547cefd514f9d01de9e8e56b7b1900a1c3b1bbcd706eb73c45d"}}, 0x1aa)
seccomp$SECCOMP_SET_MODE_FILTER(0x1, 0x1, &(0x7f00000000c0)={0x1, &(0x7f0000000000)=[{0x6, 0x9, 0x0, 0x7fff0000}]})
mkdir(&(0x7f0000000080)='./file1\x00', 0x8)

kernel console output (not intermixed with test programs):

07357][ T5810] netdevsim netdevsim1 netdevsim3: renamed from eth3
[   84.852726][ T1119] bridge0: port 1(bridge_slave_0) entered blocking state
[   84.853228][ T1119] bridge0: port 1(bridge_slave_0) entered forwarding state
[   84.886165][ T5800] 8021q: adding VLAN 0 to HW filter on device bond0
[   84.911303][ T1220] bridge0: port 2(bridge_slave_1) entered blocking state
[   84.911373][ T1220] bridge0: port 2(bridge_slave_1) entered forwarding state
[   84.989724][ T5800] 8021q: adding VLAN 0 to HW filter on device team0
[   85.022781][ T1119] bridge0: port 1(bridge_slave_0) entered blocking state
[   85.022896][ T1119] bridge0: port 1(bridge_slave_0) entered forwarding state
[   85.029035][ T5799] 8021q: adding VLAN 0 to HW filter on device bond0
[   85.086343][   T43] bridge0: port 2(bridge_slave_1) entered blocking state
[   85.086478][   T43] bridge0: port 2(bridge_slave_1) entered forwarding state
[   85.175374][ T5799] 8021q: adding VLAN 0 to HW filter on device team0
[   85.229045][ T1804] bridge0: port 1(bridge_slave_0) entered blocking state
[   85.229253][ T1804] bridge0: port 1(bridge_slave_0) entered forwarding state
[   85.314760][ T5811] 8021q: adding VLAN 0 to HW filter on device bond0
[   85.322731][   T67] bridge0: port 2(bridge_slave_1) entered blocking state
[   85.322868][   T67] bridge0: port 2(bridge_slave_1) entered forwarding state
[   85.472354][ T5811] 8021q: adding VLAN 0 to HW filter on device team0
[   85.519568][ T5810] 8021q: adding VLAN 0 to HW filter on device bond0
[   85.546012][ T1119] bridge0: port 1(bridge_slave_0) entered blocking state
[   85.546217][ T1119] bridge0: port 1(bridge_slave_0) entered forwarding state
[   85.608382][ T1220] bridge0: port 2(bridge_slave_1) entered blocking state
[   85.608924][ T1220] bridge0: port 2(bridge_slave_1) entered forwarding state
[   85.687907][ T5810] 8021q: adding VLAN 0 to HW filter on device team0
[   85.732574][ T5805] 8021q: adding VLAN 0 to HW filter on device batadv0
[   85.755236][ T1119] bridge0: port 1(bridge_slave_0) entered blocking state
[   85.755360][ T1119] bridge0: port 1(bridge_slave_0) entered forwarding state
[   85.840453][   T59] Bluetooth: hci0: command tx timeout
[   85.840483][   T59] Bluetooth: hci1: command tx timeout
[   85.840602][ T5814] Bluetooth: hci2: command tx timeout
[   85.864916][   T67] bridge0: port 2(bridge_slave_1) entered blocking state
[   85.865045][   T67] bridge0: port 2(bridge_slave_1) entered forwarding state
[   85.955104][ T5800] 8021q: adding VLAN 0 to HW filter on device batadv0
[   86.002072][ T5814] Bluetooth: hci3: command tx timeout
[   86.080685][ T5814] Bluetooth: hci4: command tx timeout
[   86.293149][ T5805] veth0_vlan: entered promiscuous mode
[   86.353669][ T5805] veth1_vlan: entered promiscuous mode
[   86.389794][ T5799] 8021q: adding VLAN 0 to HW filter on device batadv0
[   86.616449][ T5805] veth0_macvtap: entered promiscuous mode
[   86.642888][ T5811] 8021q: adding VLAN 0 to HW filter on device batadv0
[   86.646160][ T5805] veth1_macvtap: entered promiscuous mode
[   86.698755][ T5799] veth0_vlan: entered promiscuous mode
[   86.734373][ T5805] batman_adv: batadv0: Interface activated: batadv_slave_0
[   86.750997][ T5799] veth1_vlan: entered promiscuous mode
[   86.775313][ T5805] batman_adv: batadv0: Interface activated: batadv_slave_1
[   86.792915][ T5810] 8021q: adding VLAN 0 to HW filter on device batadv0
[   86.795261][ T5800] veth0_vlan: entered promiscuous mode
[   86.834025][   T67] netdevsim netdevsim2 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0
[   86.849645][   T67] netdevsim netdevsim2 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0
[   86.864465][   T67] netdevsim netdevsim2 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0
[   86.880168][   T67] netdevsim netdevsim2 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0
[   86.888401][ T5800] veth1_vlan: entered promiscuous mode
[   86.915015][    T9] cfg80211: failed to load regulatory.db
[   87.012835][ T5811] veth0_vlan: entered promiscuous mode
[   87.149008][ T5799] veth0_macvtap: entered promiscuous mode
[   87.217842][ T5811] veth1_vlan: entered promiscuous mode
[   87.242313][ T5799] veth1_macvtap: entered promiscuous mode
[   87.319226][ T5810] veth0_vlan: entered promiscuous mode
[   87.349986][ T5800] veth0_macvtap: entered promiscuous mode
[   87.395849][ T5799] batman_adv: batadv0: Interface activated: batadv_slave_0
[   87.402319][ T5800] veth1_macvtap: entered promiscuous mode
[   87.432279][ T5810] veth1_vlan: entered promiscuous mode
[   87.435065][   T67] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[   87.435087][   T67] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50
[   87.444668][ T5799] batman_adv: batadv0: Interface activated: batadv_slave_1
[   87.508223][ T5811] veth0_macvtap: entered promiscuous mode
[   87.520072][  T153] netdevsim netdevsim0 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0
[   87.551615][  T153] netdevsim netdevsim0 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0
[   87.553824][ T5811] veth1_macvtap: entered promiscuous mode
[   87.555085][  T153] netdevsim netdevsim0 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0
[   87.577725][ T5800] batman_adv: batadv0: Interface activated: batadv_slave_0
[   87.579405][  T153] netdevsim netdevsim0 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0
[   87.608849][ T1804] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[   87.608869][ T1804] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50
[   87.663295][ T5800] batman_adv: batadv0: Interface activated: batadv_slave_1
[   87.755587][   T43] netdevsim netdevsim4 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0
[   87.769149][   T43] netdevsim netdevsim4 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0
[   87.895812][ T5811] batman_adv: batadv0: Interface activated: batadv_slave_0
[   87.906223][   T43] netdevsim netdevsim4 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0
[   87.921680][ T5801] Bluetooth: hci1: command tx timeout
[   87.921709][ T5801] Bluetooth: hci0: command tx timeout
[   87.921759][ T5814] Bluetooth: hci2: command tx timeout
[   87.978207][   T43] netdevsim netdevsim4 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0
[   88.027770][ T5810] veth0_macvtap: entered promiscuous mode
[   88.080776][ T5814] Bluetooth: hci3: command tx timeout
[   88.084280][ T5811] batman_adv: batadv0: Interface activated: batadv_slave_1
[   88.162564][ T5810] veth1_macvtap: entered promiscuous mode
[   88.165321][ T5814] Bluetooth: hci4: command tx timeout
[   88.178157][   T43] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[   88.178174][   T43] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50
[   88.244914][   T67] netdevsim netdevsim3 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0
[   88.265639][   T67] netdevsim netdevsim3 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0
[   88.316046][   T67] netdevsim netdevsim3 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0
[   88.394648][   T67] netdevsim netdevsim3 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0
[   88.598229][ T5921] netlink: 32 bytes leftover after parsing attributes in process `syz.2.3'.
[   88.730216][ T5810] batman_adv: batadv0: Interface activated: batadv_slave_0
[   88.751642][   T12] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[   88.751660][   T12] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50
[   88.855947][ T5810] batman_adv: batadv0: Interface activated: batadv_slave_1
[   88.942267][ T1220] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[   88.942286][ T1220] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50
[   88.942499][ T1220] netdevsim netdevsim1 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0
[   88.966712][   T43] netdevsim netdevsim1 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0
[   88.983864][   T67] netdevsim netdevsim1 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0
[   88.991628][ T1119] netdevsim netdevsim1 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0
[   89.285219][ T5928] netlink: 24 bytes leftover after parsing attributes in process `syz.2.8'.
[   89.433938][   T67] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[   89.433956][   T67] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50
[   89.870571][ T1119] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[   89.870590][ T1119] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50
[   90.090755][   T67] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[   90.090776][   T67] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50
[   90.125949][    T9] usb 1-1: new high-speed USB device number 2 using dummy_hcd
[   90.225763][ T5937] fuse: Bad value for 'fd'
[   90.227036][ T5937] UDPLite: UDP-Lite is deprecated and scheduled to be removed in 2025, please contact the netdev mailing list
[   90.460773][    T9] usb 1-1: Using ep0 maxpacket: 32
[   90.498662][    T9] usb 1-1: config 0 has an invalid interface number: 196 but max is 0
[   90.498690][    T9] usb 1-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config
[   90.498708][    T9] usb 1-1: config 0 has no interface number 0
[   90.498746][    T9] usb 1-1: config 0 interface 196 altsetting 1 endpoint 0x2 has invalid wMaxPacketSize 0
[   90.498767][    T9] usb 1-1: config 0 interface 196 altsetting 1 has 1 endpoint descriptor, different from the interface descriptor's value: 2
[   90.498793][    T9] usb 1-1: config 0 interface 196 has no altsetting 0
[   90.518063][    T9] usb 1-1: New USB device found, idVendor=05ac, idProduct=7700, bcdDevice=eb.3a
[   90.518091][    T9] usb 1-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[   90.518110][    T9] usb 1-1: Product: syz
[   90.518123][    T9] usb 1-1: Manufacturer: syz
[   90.518137][    T9] usb 1-1: SerialNumber: syz
[   90.544699][   T12] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[   90.544721][   T12] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50
[   90.639827][    T9] usb 1-1: config 0 descriptor??
[   90.933432][   T37] audit: type=1326 audit(1776227504.430:2): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=5941 comm="syz.2.12" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7efe9dc3c819 code=0x7ffc0000
[   90.933480][   T37] audit: type=1326 audit(1776227504.430:3): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=5941 comm="syz.2.12" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7efe9dc3c819 code=0x7ffc0000
[   90.933518][   T37] audit: type=1326 audit(1776227504.430:4): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=5941 comm="syz.2.12" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7efe9dc3c819 code=0x7ffc0000
[   90.933555][   T37] audit: type=1326 audit(1776227504.430:5): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=5941 comm="syz.2.12" exe="/root/syz-executor" sig=0 arch=c000003e syscall=257 compat=0 ip=0x7efe9dbfd04e code=0x7ffc0000
[   90.933593][   T37] audit: type=1326 audit(1776227504.440:6): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=5941 comm="syz.2.12" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7efe9dc3c819 code=0x7ffc0000
[   90.933628][   T37] audit: type=1326 audit(1776227504.440:7): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=5941 comm="syz.2.12" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7efe9dc3c819 code=0x7ffc0000
[   90.936371][   T37] audit: type=1326 audit(1776227504.440:8): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=5941 comm="syz.2.12" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7efe9dc3c819 code=0x7ffc0000
[   90.936410][   T37] audit: type=1326 audit(1776227504.440:9): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=5941 comm="syz.2.12" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7efe9dc3c819 code=0x7ffc0000
[   91.134469][   T37] audit: type=1326 audit(1776227504.440:10): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=5941 comm="syz.2.12" exe="/root/syz-executor" sig=0 arch=c000003e syscall=17 compat=0 ip=0x7efe9dc3c819 code=0x7ffc0000
[   91.134517][   T37] audit: type=1326 audit(1776227504.480:11): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=5941 comm="syz.2.12" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7efe9dc3c819 code=0x7ffc0000
[   91.379978][ T1252] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[   91.379996][ T1252] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50
[   91.393113][ T5930] netlink: 144 bytes leftover after parsing attributes in process `syz.0.1'.
[   94.383964][ T5802] usb 5-1: new high-speed USB device number 2 using dummy_hcd
[   94.748061][ T5802] usb 5-1: config 0 interface 0 altsetting 0 bulk endpoint 0x6 has invalid maxpacket 1023
[   94.748093][ T5802] usb 5-1: config 0 interface 0 altsetting 0 has an endpoint descriptor with address 0xBA, changing to 0x8A
[   94.748119][ T5802] usb 5-1: config 0 interface 0 altsetting 0 bulk endpoint 0x8A has invalid maxpacket 121
[   94.803727][ T5802] usb 5-1: New USB device found, idVendor=2294, idProduct=425b, bcdDevice=a2.10
[   94.803757][ T5802] usb 5-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[   94.803776][ T5802] usb 5-1: Product: syz
[   94.803790][ T5802] usb 5-1: Manufacturer: syz
[   94.803804][ T5802] usb 5-1: SerialNumber: syz
[   94.874670][ T5802] usb 5-1: config 0 descriptor??
[   94.890057][ T5963] raw-gadget.1 gadget.4: fail, usb_ep_enable returned -22
[   94.983391][ T5963] raw-gadget.1 gadget.4: fail, usb_ep_enable returned -22
[   95.046917][ T5802] usb 5-1: ucan: probing device on interface #0
[   95.212967][    T9] ipheth 1-1:0.196: Unable to find endpoints
[   95.420460][ T5871] usb 3-1: new high-speed USB device number 2 using dummy_hcd
[   96.047098][ T5802] ucan 5-1:0.0: probe with driver ucan failed with error -71
[   96.048139][    T9] usb 1-1: USB disconnect, device number 2
[   96.107908][ T5802] usb 5-1: USB disconnect, device number 2
[   97.331842][ T5998] netlink: 40 bytes leftover after parsing attributes in process `syz.2.18'.
[   97.390771][ T5888] usb 2-1: new high-speed USB device number 2 using dummy_hcd
[   97.545865][ T6000] loop6: detected capacity change from 0 to 7
[   97.700295][    T0] NOHZ tick-stop error: local softirq work is pending, handler #80!!!
[   97.707032][ T5888] usb 2-1: Using ep0 maxpacket: 32
[   97.747293][ T5888] usb 2-1: New USB device found, idVendor=05a9, idProduct=1550, bcdDevice=e4.bb
[   97.747321][ T5888] usb 2-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[   97.747341][ T5888] usb 2-1: Product: syz
[   97.747353][ T5888] usb 2-1: Manufacturer: syz
[   97.747366][ T5888] usb 2-1: SerialNumber: syz
[   99.214922][ T5888] usb 2-1: config 0 descriptor??
[   99.294717][ T6000] Buffer I/O error on dev loop6, logical block 0, async page read
[   99.294874][ T6000] Buffer I/O error on dev loop6, logical block 0, async page read
[   99.294978][ T6000] Buffer I/O error on dev loop6, logical block 0, async page read
[   99.295064][ T6000] Buffer I/O error on dev loop6, logical block 0, async page read
[   99.295166][ T6000] Buffer I/O error on dev loop6, logical block 0, async page read
[   99.295262][ T6000] Buffer I/O error on dev loop6, logical block 0, async page read
[   99.295343][ T6000] Buffer I/O error on dev loop6, logical block 0, async page read
[   99.295413][ T6000] ldm_validate_partition_table(): Disk read failed.
[   99.399778][ T5888] usb 2-1: can't set config #0, error -71
[   99.448226][ T6000] Buffer I/O error on dev loop6, logical block 0, async page read
[   99.448321][ T6000] Buffer I/O error on dev loop6, logical block 0, async page read
[   99.448378][ T6000] Buffer I/O error on dev loop6, logical block 0, async page read
[   99.514047][ T5888] usb 2-1: USB disconnect, device number 2
[   99.575600][ T6000] Dev loop6: unable to read RDB block 0
[   99.575909][ T6000]  loop6: unable to read partition table
[   99.576129][ T6000] loop6: partition table beyond EOD, truncated
[   99.586695][ T6000] loop_reread_partitions: partition scan of loop6 (úùƒWå¡™‰ü�¾Ã½¸*‹ºÐ	œëÜ%õ«µ4FLQkÝŠ5) failed (rc=-5)
[  100.671215][ T6014] Zero length message leads to an empty skb
[  102.686596][ T6026] /dev/nullb0: Can't open blockdev
[  102.690282][    T0] NOHZ tick-stop error: local softirq work is pending, handler #80!!!
[  103.230284][    T0] NOHZ tick-stop error: local softirq work is pending, handler #80!!!
[  103.250283][    T0] NOHZ tick-stop error: local softirq work is pending, handler #80!!!
[  103.260291][    T0] NOHZ tick-stop error: local softirq work is pending, handler #80!!!
[  103.270304][    T0] NOHZ tick-stop error: local softirq work is pending, handler #80!!!
[  103.280286][    T0] NOHZ tick-stop error: local softirq work is pending, handler #80!!!
[  103.290282][    T0] NOHZ tick-stop error: local softirq work is pending, handler #80!!!
[  103.300285][    T0] NOHZ tick-stop error: local softirq work is pending, handler #80!!!
[  103.310281][    T0] NOHZ tick-stop error: local softirq work is pending, handler #80!!!
[  103.890388][ T5872] usb 1-1: new high-speed USB device number 3 using dummy_hcd
[  103.890639][    C0] raw-gadget.0 gadget.0: ignoring, device is not running
[  104.050477][ T5872] usb 1-1: device descriptor read/64, error -32
[  104.303345][ T5872] usb 1-1: new high-speed USB device number 4 using dummy_hcd
[  106.681494][ T6044] netlink: 'syz.0.30': attribute type 10 has an invalid length.
[  106.917627][ T6033] netlink: 'syz.4.26': attribute type 10 has an invalid length.
[  107.798181][ T6044] bond0: (slave wlan1): Enslaving as an active interface with an up link
[  110.321137][ T6054] capability: warning: `syz.0.33' uses 32-bit capabilities (legacy support in use)
[  110.565421][ T1220] Bluetooth: hci5: Frame reassembly failed (-90)
[  110.603281][   T43] Bluetooth: hci5: Frame reassembly failed (-84)
[  111.027753][ T6033] bond0: (slave wlan1): Enslaving as an active interface with an up link
[  112.136669][ T6066] UDPLite6: UDP-Lite is deprecated and scheduled to be removed in 2025, please contact the netdev mailing list
[  112.565276][   T59] Bluetooth: hci5: command 0x1003 tx timeout
[  112.568393][ T5814] Bluetooth: hci5: Opcode 0x1003 failed: -110
[  113.946553][ T6076] /dev/nullb0: Can't open blockdev
[  116.869161][ T6092] netlink: 24 bytes leftover after parsing attributes in process `syz.3.42'.
[  117.075201][ T6093] netlink: 36 bytes leftover after parsing attributes in process `syz.3.42'.
[  119.785284][   T59] Bluetooth: hci5: unexpected cc 0x0c03 length: 249 > 1
[  119.815593][   T59] Bluetooth: hci5: unexpected cc 0x1003 length: 249 > 9
[  119.817278][   T59] Bluetooth: hci5: unexpected cc 0x1001 length: 249 > 9
[  119.819177][   T59] Bluetooth: hci5: unexpected cc 0x0c23 length: 249 > 4
[  119.822990][   T59] Bluetooth: hci5: unexpected cc 0x0c38 length: 249 > 2
[  120.121451][   T37] kauditd_printk_skb: 113 callbacks suppressed
[  120.121500][   T37] audit: type=1326 audit(1776227533.630:125): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=6114 comm="syz.1.47" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f5de623c819 code=0x7ffc0000
[  120.122329][   T37] audit: type=1326 audit(1776227533.630:126): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=6114 comm="syz.1.47" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f5de623c819 code=0x7ffc0000
[  120.252498][   T37] audit: type=1326 audit(1776227533.720:127): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=6114 comm="syz.1.47" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f5de623c819 code=0x7ffc0000
[  120.293580][   T37] audit: type=1326 audit(1776227533.800:128): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=6114 comm="syz.1.47" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f5de623c819 code=0x7ffc0000
[  120.460843][   T37] audit: type=1326 audit(1776227533.950:129): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=6114 comm="syz.1.47" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f5de623c819 code=0x7ffc0000
[  120.460891][   T37] audit: type=1326 audit(1776227533.950:130): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=6114 comm="syz.1.47" exe="/root/syz-executor" sig=0 arch=c000003e syscall=9 compat=0 ip=0x7f5de623c582 code=0x7ffc0000
[  120.460926][   T37] audit: type=1326 audit(1776227533.950:131): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=6114 comm="syz.1.47" exe="/root/syz-executor" sig=0 arch=c000003e syscall=10 compat=0 ip=0x7f5de623c617 code=0x7ffc0000
[  120.460954][   T37] audit: type=1326 audit(1776227533.960:132): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=6114 comm="syz.1.47" exe="/root/syz-executor" sig=0 arch=c000003e syscall=14 compat=0 ip=0x7f5de61f9511 code=0x7ffc0000
[  120.460983][   T37] audit: type=1326 audit(1776227533.960:133): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=6114 comm="syz.1.47" exe="/root/syz-executor" sig=0 arch=c000003e syscall=435 compat=0 ip=0x7f5de623d609 code=0x7ffc0000
[  120.461011][   T37] audit: type=1326 audit(1776227533.960:134): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=6114 comm="syz.1.47" exe="/root/syz-executor" sig=0 arch=c000003e syscall=14 compat=0 ip=0x7f5de61f957b code=0x7ffc0000
[  122.620328][ T5814] Bluetooth: hci5: command tx timeout
[  122.909234][ T6133] /dev/nullb0: Can't open blockdev
[  124.987441][ T5814] Bluetooth: hci5: command tx timeout
[  127.020332][ T5888] usb 1-1: new high-speed USB device number 5 using dummy_hcd
[  127.040469][ T5814] Bluetooth: hci5: command tx timeout
[  127.191187][ T5888] usb 1-1: Using ep0 maxpacket: 16
[  127.213422][ T5888] usb 1-1: New USB device found, idVendor=05d1, idProduct=2001, bcdDevice= 2.00
[  127.213451][ T5888] usb 1-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  127.507267][ T5888] usb 1-1: config 0 descriptor??
[  127.576545][ T5888] ftdi_sio 1-1:0.0: FTDI USB Serial Device converter detected
[  127.912578][ T6164] netlink: 4 bytes leftover after parsing attributes in process `syz.2.57'.
[  128.987631][ T5888] usb 1-1: Detected FT232A
[  129.130382][ T5814] Bluetooth: hci5: command tx timeout
[  129.278033][ T5888] usb 1-1: FTDI USB Serial Device converter now attached to ttyUSB0
[  129.377246][ T6169] FAULT_INJECTION: forcing a failure.
[  129.377246][ T6169] name fail_usercopy, interval 1, probability 0, space 0, times 1
[  129.377288][ T6169] CPU: 1 UID: 0 PID: 6169 Comm: syz.3.58 Not tainted syzkaller #0 PREEMPT_{RT,(full)} 
[  129.377310][ T6169] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 03/18/2026
[  129.377326][ T6169] Call Trace:
[  129.377337][ T6169]  <TASK>
[  129.377346][ T6169]  dump_stack_lvl+0xe8/0x150
[  129.377379][ T6169]  should_fail_ex+0x46b/0x600
[  129.377412][ T6169]  _copy_from_user+0x2d/0xb0
[  129.377434][ T6169]  ___sys_sendmsg+0x1c6/0x360
[  129.377465][ T6169]  ? __lock_acquire+0x6b5/0x2cf0
[  129.377488][ T6169]  ? __pfx____sys_sendmsg+0x10/0x10
[  129.377519][ T6169]  ? kstrtouint+0x6e/0xe0
[  129.377567][ T6169]  ? __fget_files+0x2a/0x420
[  129.377593][ T6169]  ? __fget_files+0x3a6/0x420
[  129.377627][ T6169]  __sys_sendmmsg+0x282/0x4e0
[  129.377659][ T6169]  ? __pfx___sys_sendmmsg+0x10/0x10
[  129.377693][ T6169]  ? __pfx_rt_mutex_slowunlock+0x10/0x10
[  129.377726][ T6169]  ? ksys_write+0x248/0x270
[  129.377745][ T6169]  ? __pfx_ksys_write+0x10/0x10
[  129.377768][ T6169]  __x64_sys_sendmmsg+0xa0/0xc0
[  129.377795][ T6169]  ? entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  129.377813][ T6169]  do_syscall_64+0x15f/0xf80
[  129.377835][ T6169]  ? trace_irq_disable+0x3b/0x140
[  129.377859][ T6169]  ? clear_bhb_loop+0x40/0x90
[  129.377881][ T6169]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  129.377899][ T6169] RIP: 0033:0x7f62e23fc819
[  129.377922][ T6169] Code: ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 e8 ff ff ff f7 d8 64 89 01 48
[  129.377937][ T6169] RSP: 002b:00007f62e0656028 EFLAGS: 00000246 ORIG_RAX: 0000000000000133
[  129.377969][ T6169] RAX: ffffffffffffffda RBX: 00007f62e2675fa0 RCX: 00007f62e23fc819
[  129.377982][ T6169] RDX: 0000000000000001 RSI: 0000200000001240 RDI: 0000000000000004
[  129.377993][ T6169] RBP: 00007f62e0656090 R08: 0000000000000000 R09: 0000000000000000
[  129.378004][ T6169] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[  129.378014][ T6169] R13: 00007f62e2676038 R14: 00007f62e2675fa0 R15: 00007ffdb65b60d8
[  129.378042][ T6169]  </TASK>
[  129.523065][ T5888] usb 1-1: USB disconnect, device number 5
[  130.821947][ T6174] netlink: 8 bytes leftover after parsing attributes in process `syz.3.60'.
[  130.868843][   T43] netdevsim netdevsim4 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  131.174433][ T6173] Bluetooth: hci1: Opcode 0x0c1a failed: -4
[  131.174515][ T6173] Bluetooth: hci1: Opcode 0x0406 failed: -4
[  131.197731][ T5888] ftdi_sio ttyUSB0: FTDI USB Serial Device converter now disconnected from ttyUSB0
[  131.201292][ T6164] workqueue: Failed to create a rescuer kthread for wq "bond1": -EINTR
[  131.221749][ T5888] ftdi_sio 1-1:0.0: device disconnected
[  131.484220][ T6173] Bluetooth: hci1: Opcode 0x0406 failed: -4
[  131.526894][ T6173] Bluetooth: hci2: Opcode 0x0c1a failed: -4
[  131.526950][ T6173] Bluetooth: hci2: Opcode 0x0406 failed: -4
[  132.817782][ T6173] Bluetooth: hci2: Opcode 0x0406 failed: -4
[  132.856156][ T6173] Bluetooth: hci3: Opcode 0x0c1a failed: -4
[  132.856203][ T6173] Bluetooth: hci3: Opcode 0x0406 failed: -4
[  132.895412][ T6173] Bluetooth: hci3: Opcode 0x0406 failed: -4
[  133.072208][ T1324] ieee802154 phy0 wpan0: encryption failed: -22
[  133.072298][ T1324] ieee802154 phy1 wpan1: encryption failed: -22
[  133.082308][ T6173] Bluetooth: hci4: Opcode 0x0c1a failed: -4
[  133.082355][ T6173] Bluetooth: hci4: Opcode 0x0406 failed: -4
[  133.265835][ T5814] Bluetooth: hci1: command 0x0c1a tx timeout
[  133.839069][   T43] netdevsim netdevsim4 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  133.857543][ T6173] Bluetooth: hci4: Opcode 0x0406 failed: -4
[  133.981801][ T6173] Bluetooth: hci5: Opcode 0x0c1a failed: -4
[  133.983309][ T6173] Bluetooth: hci5: Opcode 0x0406 failed: -4
[  134.110358][ T5814] Bluetooth: hci2: command 0x0c1a tx timeout
[  134.181317][ T6173] Bluetooth: hci5: Opcode 0x0406 failed: -4
[  134.522662][   T43] netdevsim netdevsim4 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  135.902977][   T59] Bluetooth: hci4: command 0x0c1a tx timeout
[  135.903211][   T59] Bluetooth: hci1: command 0x0c1a tx timeout
[  135.903337][ T5814] Bluetooth: hci3: command 0x0c1a tx timeout
[  136.000998][ T5801] Bluetooth: hci5: command 0x0c1a tx timeout
[  136.163295][ T5801] Bluetooth: hci2: command 0x0c1a tx timeout
[  136.369864][ T6208] FAULT_INJECTION: forcing a failure.
[  136.369864][ T6208] name fail_usercopy, interval 1, probability 0, space 0, times 0
[  136.369897][ T6208] CPU: 1 UID: 0 PID: 6208 Comm: syz.0.71 Not tainted syzkaller #0 PREEMPT_{RT,(full)} 
[  136.369919][ T6208] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 03/18/2026
[  136.369930][ T6208] Call Trace:
[  136.369937][ T6208]  <TASK>
[  136.369945][ T6208]  dump_stack_lvl+0xe8/0x150
[  136.369980][ T6208]  should_fail_ex+0x46b/0x600
[  136.370014][ T6208]  _copy_from_user+0x2d/0xb0
[  136.370037][ T6208]  ___sys_sendmsg+0x1c6/0x360
[  136.370064][ T6208]  ? __lock_acquire+0x6b5/0x2cf0
[  136.370087][ T6208]  ? __pfx____sys_sendmsg+0x10/0x10
[  136.370146][ T6208]  ? __fget_files+0x2a/0x420
[  136.370171][ T6208]  ? __fget_files+0x3a6/0x420
[  136.370209][ T6208]  __x64_sys_sendmsg+0x1c3/0x2a0
[  136.370235][ T6208]  ? __pfx___x64_sys_sendmsg+0x10/0x10
[  136.370276][ T6208]  ? rcu_is_watching+0x15/0xb0
[  136.370303][ T6208]  ? entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  136.370322][ T6208]  do_syscall_64+0x15f/0xf80
[  136.370347][ T6208]  ? trace_irq_disable+0x3b/0x140
[  136.370368][ T6208]  ? clear_bhb_loop+0x40/0x90
[  136.370389][ T6208]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  136.370405][ T6208] RIP: 0033:0x7f8026a2c819
[  136.370423][ T6208] Code: ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 e8 ff ff ff f7 d8 64 89 01 48
[  136.370438][ T6208] RSP: 002b:00007f8024c7e028 EFLAGS: 00000246 ORIG_RAX: 000000000000002e
[  136.370458][ T6208] RAX: ffffffffffffffda RBX: 00007f8026ca5fa0 RCX: 00007f8026a2c819
[  136.370471][ T6208] RDX: 0000000000000000 RSI: 0000200000000680 RDI: 0000000000000003
[  136.370483][ T6208] RBP: 00007f8024c7e090 R08: 0000000000000000 R09: 0000000000000000
[  136.370494][ T6208] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[  136.370505][ T6208] R13: 00007f8026ca6038 R14: 00007f8026ca5fa0 R15: 00007fff87296438
[  136.370534][ T6208]  </TASK>
[  136.586616][   T43] netdevsim netdevsim4 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  137.871337][ T6113] chnl_net:caif_netlink_parms(): no params data found
[  137.921169][   T59] Bluetooth: hci4: command 0x0c1a tx timeout
[  137.921257][ T5814] Bluetooth: hci1: command 0x0c1a tx timeout
[  137.921317][ T5801] Bluetooth: hci3: command 0x0c1a tx timeout
[  138.083955][ T5814] Bluetooth: hci5: command 0x0c1a tx timeout
[  138.112290][ T1222] Bluetooth: hci0: Frame reassembly failed (-90)
[  138.240338][ T5814] Bluetooth: hci2: command 0x0c1a tx timeout
[  138.697107][ T6229] capability: warning: `syz.1.69' uses deprecated v2 capabilities in a way that may be insecure
[  139.125269][ T6224] netlink: 28 bytes leftover after parsing attributes in process `syz.2.75'.
[  139.507718][   T43] bridge_slave_1: left allmulticast mode
[  139.507839][   T43] bridge_slave_1: left promiscuous mode
[  139.557693][   T43] bridge0: port 2(bridge_slave_1) entered disabled state
[  139.793457][   T43] bridge_slave_0: left allmulticast mode
[  139.793481][   T43] bridge_slave_0: left promiscuous mode
[  139.793766][   T43] bridge0: port 1(bridge_slave_0) entered disabled state
[  139.874297][ T6255] netlink: 8 bytes leftover after parsing attributes in process `syz.2.79'.
[  139.985643][ T6256] ieee802154 phy0 wpan0: encryption failed: -22
[  139.987724][ T6256] netlink: 'syz.2.79': attribute type 1 has an invalid length.
[  140.001489][   T59] Bluetooth: hci4: command 0x0c1a tx timeout
[  140.001536][ T5814] Bluetooth: hci3: command 0x0c1a tx timeout
[  140.177929][ T5801] Bluetooth: hci0: Opcode 0x1003 failed: -110
[  140.182385][ T5814] Bluetooth: hci5: command 0x0c1a tx timeout
[  141.770950][   T43] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface
[  141.830806][   T43] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface
[  141.870950][   T43] bond0 (unregistering): (slave wlan1): Releasing backup interface
[  141.961057][   T43] bond0 (unregistering): Released all slaves
[  141.998126][ T6264] pim6reg1: entered promiscuous mode
[  141.998150][ T6264] pim6reg1: entered allmulticast mode
[  142.155973][ T6113] bridge0: port 1(bridge_slave_0) entered blocking state
[  142.156053][ T6113] bridge0: port 1(bridge_slave_0) entered disabled state
[  142.156296][ T6113] bridge_slave_0: entered allmulticast mode
[  142.162133][ T6113] bridge_slave_0: entered promiscuous mode
[  142.246383][ T6113] bridge0: port 2(bridge_slave_1) entered blocking state
[  142.246489][ T6113] bridge0: port 2(bridge_slave_1) entered disabled state
[  142.246610][ T6113] bridge_slave_1: entered allmulticast mode
[  142.277828][ T6113] bridge_slave_1: entered promiscuous mode
[  142.426499][ T6113] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link
[  142.479729][ T6113] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link
[  143.317689][ T6279] pim6reg1: entered promiscuous mode
[  143.317766][ T6279] pim6reg1: entered allmulticast mode
[  146.056012][ T6301] FAULT_INJECTION: forcing a failure.
[  146.056012][ T6301] name fail_page_alloc, interval 1, probability 0, space 0, times 1
[  146.056047][ T6301] CPU: 1 UID: 0 PID: 6301 Comm: syz.1.88 Not tainted syzkaller #0 PREEMPT_{RT,(full)} 
[  146.056070][ T6301] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 03/18/2026
[  146.056080][ T6301] Call Trace:
[  146.056087][ T6301]  <TASK>
[  146.056095][ T6301]  dump_stack_lvl+0xe8/0x150
[  146.056133][ T6301]  should_fail_ex+0x46b/0x600
[  146.056168][ T6301]  prepare_alloc_pages+0x22a/0x6b0
[  146.056198][ T6301]  __alloc_frozen_pages_noprof+0x12f/0x380
[  146.056225][ T6301]  ? __pfx___alloc_frozen_pages_noprof+0x10/0x10
[  146.056260][ T6301]  ? __pfx_policy_nodemask+0x10/0x10
[  146.056285][ T6301]  ? _raw_spin_unlock_irqrestore+0x30/0x80
[  146.056318][ T6301]  alloc_pages_bulk_noprof+0x5f1/0x7d0
[  146.056346][ T6301]  ? alloc_pages_noprof+0xe3/0x1e0
[  146.056370][ T6301]  __kasan_populate_vmalloc+0xc1/0x1d0
[  146.056399][ T6301]  ? rt_spin_unlock+0x160/0x200
[  146.056425][ T6301]  alloc_vmap_area+0xd47/0x1480
[  146.056468][ T6301]  ? __pfx_alloc_vmap_area+0x10/0x10
[  146.056497][ T6301]  ? __kmalloc_cache_node_noprof+0x27d/0x6c0
[  146.056519][ T6301]  ? __get_vm_area_node+0x171/0x350
[  146.056546][ T6301]  ? bpf_check+0x1ae/0x1ce10
[  146.056569][ T6301]  __get_vm_area_node+0x226/0x350
[  146.056604][ T6301]  __vmalloc_node_range_noprof+0x372/0x1730
[  146.056624][ T6301]  ? bpf_check+0x1ae/0x1ce10
[  146.056651][ T6301]  ? lruvec_stat_mod_folio+0x70/0x4b0
[  146.056689][ T6301]  ? __pfx___vmalloc_node_range_noprof+0x10/0x10
[  146.056707][ T6301]  ? rcu_is_watching+0x15/0xb0
[  146.056729][ T6301]  ? trace_kmalloc+0x2a/0xf0
[  146.056750][ T6301]  ? __kvmalloc_node_noprof+0x3df/0x8e0
[  146.056772][ T6301]  ? bpf_check+0x1ae/0x1ce10
[  146.056793][ T6301]  vzalloc_noprof+0xb2/0xe0
[  146.056811][ T6301]  ? bpf_check+0x1ae/0x1ce10
[  146.056834][ T6301]  bpf_check+0x1ae/0x1ce10
[  146.056861][ T6301]  ? try_to_take_rt_mutex+0x840/0xb00
[  146.056895][ T6301]  ? __lock_acquire+0x6b5/0x2cf0
[  146.056915][ T6301]  ? __lock_acquire+0x6b5/0x2cf0
[  146.056941][ T6301]  ? __lock_acquire+0x6b5/0x2cf0
[  146.056961][ T6301]  ? do_raw_spin_lock+0x12b/0x2f0
[  146.056989][ T6301]  ? css_rstat_updated+0x23a/0x530
[  146.057040][ T6301]  ? pcpu_memcg_post_alloc_hook+0x77/0x580
[  146.057064][ T6301]  ? __pfx_bpf_check+0x10/0x10
[  146.057089][ T6301]  ? ktime_get_with_offset+0x93/0x2d0
[  146.057123][ T6301]  ? ktime_get_with_offset+0x93/0x2d0
[  146.057149][ T6301]  ? ktime_get_with_offset+0x93/0x2d0
[  146.057179][ T6301]  ? __asan_memset+0x22/0x50
[  146.057205][ T6301]  ? bpf_lsm_bpf_prog_load+0x9/0x20
[  146.057228][ T6301]  ? security_bpf_prog_load+0x125/0x3c0
[  146.057263][ T6301]  bpf_prog_load+0x1484/0x1ae0
[  146.057300][ T6301]  ? __pfx_bpf_prog_load+0x10/0x10
[  146.057323][ T6301]  ? __might_fault+0xaf/0x130
[  146.057360][ T6301]  ? bpf_lsm_bpf+0x9/0x20
[  146.057380][ T6301]  ? security_bpf+0x7e/0x2d0
[  146.057406][ T6301]  __sys_bpf+0x618/0x950
[  146.057433][ T6301]  ? __pfx___sys_bpf+0x10/0x10
[  146.057455][ T6301]  ? rt_mutex_slowunlock+0x1cb/0x300
[  146.057492][ T6301]  ? ksys_write+0x248/0x270
[  146.057513][ T6301]  ? __pfx_ksys_write+0x10/0x10
[  146.057536][ T6301]  ? entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  146.057556][ T6301]  __x64_sys_bpf+0x7c/0x90
[  146.057579][ T6301]  do_syscall_64+0x15f/0xf80
[  146.057609][ T6301]  ? clear_bhb_loop+0x40/0x90
[  146.057633][ T6301]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  146.057651][ T6301] RIP: 0033:0x7f5de623c819
[  146.057669][ T6301] Code: ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 e8 ff ff ff f7 d8 64 89 01 48
[  146.057684][ T6301] RSP: 002b:00007f5de4496028 EFLAGS: 00000246 ORIG_RAX: 0000000000000141
[  146.057705][ T6301] RAX: ffffffffffffffda RBX: 00007f5de64b5fa0 RCX: 00007f5de623c819
[  146.057719][ T6301] RDX: 0000000000000094 RSI: 00002000000000c0 RDI: 0000000000000005
[  146.057731][ T6301] RBP: 00007f5de4496090 R08: 0000000000000000 R09: 0000000000000000
[  146.057743][ T6301] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000002
[  146.057754][ T6301] R13: 00007f5de64b6038 R14: 00007f5de64b5fa0 R15: 00007ffd9ca863e8
[  146.057785][ T6301]  </TASK>
[  146.066830][ T6301] syz.1.88: vmalloc error: size 384, vm_struct allocation failed, mode:0xdc0(GFP_KERNEL|__GFP_ZERO), nodemask=(null),cpuset=/,mems_allowed=0-1
[  146.067119][ T6301] CPU: 1 UID: 0 PID: 6301 Comm: syz.1.88 Not tainted syzkaller #0 PREEMPT_{RT,(full)} 
[  146.067142][ T6301] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 03/18/2026
[  146.067152][ T6301] Call Trace:
[  146.067159][ T6301]  <TASK>
[  146.067167][ T6301]  dump_stack_lvl+0xe8/0x150
[  146.067198][ T6301]  warn_alloc+0x263/0x3e0
[  146.067221][ T6301]  ? kasan_quarantine_put+0xbb/0x1f0
[  146.067259][ T6301]  ? __pfx_warn_alloc+0x10/0x10
[  146.067280][ T6301]  ? __get_vm_area_node+0x23f/0x350
[  146.067305][ T6301]  ? __get_vm_area_node+0x171/0x350
[  146.067332][ T6301]  ? bpf_check+0x1ae/0x1ce10
[  146.067354][ T6301]  ? __get_vm_area_node+0x23f/0x350
[  146.067387][ T6301]  __vmalloc_node_range_noprof+0x397/0x1730
[  146.067412][ T6301]  ? lruvec_stat_mod_folio+0x70/0x4b0
[  146.067453][ T6301]  ? __pfx___vmalloc_node_range_noprof+0x10/0x10
[  146.067470][ T6301]  ? rcu_is_watching+0x15/0xb0
[  146.067490][ T6301]  ? trace_kmalloc+0x2a/0xf0
[  146.067511][ T6301]  ? __kvmalloc_node_noprof+0x3df/0x8e0
[  146.067530][ T6301]  ? bpf_check+0x1ae/0x1ce10
[  146.067551][ T6301]  vzalloc_noprof+0xb2/0xe0
[  146.067569][ T6301]  ? bpf_check+0x1ae/0x1ce10
[  146.067594][ T6301]  bpf_check+0x1ae/0x1ce10
[  146.067619][ T6301]  ? try_to_take_rt_mutex+0x840/0xb00
[  146.067653][ T6301]  ? __lock_acquire+0x6b5/0x2cf0
[  146.067673][ T6301]  ? __lock_acquire+0x6b5/0x2cf0
[  146.067701][ T6301]  ? __lock_acquire+0x6b5/0x2cf0
[  146.067720][ T6301]  ? do_raw_spin_lock+0x12b/0x2f0
[  146.067747][ T6301]  ? css_rstat_updated+0x23a/0x530
[  146.067794][ T6301]  ? pcpu_memcg_post_alloc_hook+0x77/0x580
[  146.067817][ T6301]  ? __pfx_bpf_check+0x10/0x10
[  146.067840][ T6301]  ? ktime_get_with_offset+0x93/0x2d0
[  146.067872][ T6301]  ? ktime_get_with_offset+0x93/0x2d0
[  146.067896][ T6301]  ? ktime_get_with_offset+0x93/0x2d0
[  146.067924][ T6301]  ? __asan_memset+0x22/0x50
[  146.067948][ T6301]  ? bpf_lsm_bpf_prog_load+0x9/0x20
[  146.067969][ T6301]  ? security_bpf_prog_load+0x125/0x3c0
[  146.067996][ T6301]  bpf_prog_load+0x1484/0x1ae0
[  146.068033][ T6301]  ? __pfx_bpf_prog_load+0x10/0x10
[  146.068057][ T6301]  ? __might_fault+0xaf/0x130
[  146.068092][ T6301]  ? bpf_lsm_bpf+0x9/0x20
[  146.068110][ T6301]  ? security_bpf+0x7e/0x2d0
[  146.068135][ T6301]  __sys_bpf+0x618/0x950
[  146.068159][ T6301]  ? __pfx___sys_bpf+0x10/0x10
[  146.068180][ T6301]  ? rt_mutex_slowunlock+0x1cb/0x300
[  146.068215][ T6301]  ? ksys_write+0x248/0x270
[  146.068240][ T6301]  ? __pfx_ksys_write+0x10/0x10
[  146.068262][ T6301]  ? entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  146.068280][ T6301]  __x64_sys_bpf+0x7c/0x90
[  146.068302][ T6301]  do_syscall_64+0x15f/0xf80
[  146.068329][ T6301]  ? clear_bhb_loop+0x40/0x90
[  146.068351][ T6301]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  146.068368][ T6301] RIP: 0033:0x7f5de623c819
[  146.068386][ T6301] Code: ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 e8 ff ff ff f7 d8 64 89 01 48
[  146.068401][ T6301] RSP: 002b:00007f5de4496028 EFLAGS: 00000246 ORIG_RAX: 0000000000000141
[  146.068419][ T6301] RAX: ffffffffffffffda RBX: 00007f5de64b5fa0 RCX: 00007f5de623c819
[  146.068432][ T6301] RDX: 0000000000000094 RSI: 00002000000000c0 RDI: 0000000000000005
[  146.068444][ T6301] RBP: 00007f5de4496090 R08: 0000000000000000 R09: 0000000000000000
[  146.068455][ T6301] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000002
[  146.068465][ T6301] R13: 00007f5de64b6038 R14: 00007f5de64b5fa0 R15: 00007ffd9ca863e8
[  146.068493][ T6301]  </TASK>
[  146.075418][ T6301] Mem-Info:
[  146.075430][ T6301] active_anon:263 inactive_anon:18709 isolated_anon:0
[  146.075430][ T6301]  active_file:17889 inactive_file:43125 isolated_file:0
[  146.075430][ T6301]  unevictable:768 dirty:154 writeback:49
[  146.075430][ T6301]  slab_reclaimable:11726 slab_unreclaimable:104079
[  146.075430][ T6301]  mapped:39526 shmem:13899 pagetables:1392
[  146.075430][ T6301]  sec_pagetables:0 bounce:0
[  146.075430][ T6301]  kernel_misc_reclaimable:0
[  146.075430][ T6301]  free:1289080 free_pcp:8338 free_cma:0
[  146.075481][ T6301] Node 0 active_anon:1052kB inactive_anon:74836kB active_file:71368kB inactive_file:172500kB unevictable:1536kB isolated(anon):0kB isolated(file):0kB mapped:158104kB dirty:616kB writeback:196kB shmem:54060kB kernel_stack:13220kB pagetables:5364kB sec_pagetables:0kB all_unreclaimable? no Balloon:0kB
[  146.075525][ T6301] Node 1 active_anon:0kB inactive_anon:0kB active_file:188kB inactive_file:0kB unevictable:1536kB isolated(anon):0kB isolated(file):0kB mapped:0kB dirty:0kB writeback:0kB shmem:1536kB kernel_stack:64kB pagetables:204kB sec_pagetables:0kB all_unreclaimable? no Balloon:0kB
[  146.075565][ T6301] Node 0 DMA free:15360kB boost:0kB min:20kB low:32kB high:44kB reserved_highatomic:0KB free_highatomic:0KB active_anon:0kB inactive_anon:0kB active_file:0kB inactive_file:0kB unevictable:0kB writepending:0kB zspages:0kB present:15992kB managed:15360kB mlocked:0kB bounce:0kB free_pcp:0kB local_pcp:0kB free_cma:0kB
[  146.075624][ T6301] lowmem_reserve[]: 0 2506 2506 2506 2506
[  146.075656][ T6301] Node 0 DMA32 free:1200976kB boost:0kB min:3932kB low:6468kB high:9004kB reserved_highatomic:0KB free_highatomic:0KB active_anon:1052kB inactive_anon:74836kB active_file:71368kB inactive_file:172500kB unevictable:1536kB writepending:812kB zspages:0kB present:3129332kB managed:2566544kB mlocked:0kB bounce:0kB free_pcp:33104kB local_pcp:11964kB free_cma:0kB
[  146.075712][ T6301] lowmem_reserve[]: 0 0 0 0 0
[  146.075741][ T6301] Node 0 Normal free:0kB boost:0kB min:0kB low:0kB high:0kB reserved_highatomic:0KB free_highatomic:0KB active_anon:0kB inactive_anon:0kB active_file:0kB inactive_file:0kB unevictable:0kB writepending:0kB zspages:0kB present:1048580kB managed:416kB mlocked:0kB bounce:0kB free_pcp:0kB local_pcp:0kB free_cma:0kB
[  146.075793][ T6301] lowmem_reserve[]: 0 0 0 0 0
[  146.075821][ T6301] Node 1 Normal free:3939984kB boost:0kB min:6364kB low:10472kB high:14580kB reserved_highatomic:0KB free_highatomic:0KB active_anon:0kB inactive_anon:0kB active_file:188kB inactive_file:0kB unevictable:1536kB writepending:0kB zspages:0kB present:4194300kB managed:4111100kB mlocked:0kB bounce:0kB free_pcp:248kB local_pcp:0kB free_cma:0kB
[  146.075876][ T6301] lowmem_reserve[]: 0 0 0 0 0
[  146.075905][ T6301] Node 0 DMA: 0*4kB 0*8kB 0*16kB 0*32kB 0*64kB 0*128kB 0*256kB 0*512kB 1*1024kB (U) 1*2048kB (M) 3*4096kB (M) = 15360kB
[  146.076010][ T6301] Node 0 DMA32: 584*4kB (UME) 1080*8kB (UM) 601*16kB (UM) 228*32kB (UME) 333*64kB (UM) 264*128kB (UME) 153*256kB (UME) 57*512kB (UM) 27*1024kB (UM) 11*2048kB (UM) 244*4096kB (UM) = 1200944kB
[  146.076150][ T6301] Node 0 Normal: 0*4kB 0*8kB 0*16kB 0*32kB 0*64kB 0*128kB 0*256kB 0*512kB 0*1024kB 0*2048kB 0*4096kB = 0kB
[  146.076245][ T6301] Node 1 Normal: 2*4kB (UM) 1*8kB (M) 2*16kB (UM) 1*32kB (M) 5*64kB (UM) 2*128kB (UM) 2*256kB (M) 3*512kB (UM) 1*1024kB (M) 0*2048kB 961*4096kB (M) = 3939984kB
[  146.076379][ T6301] Node 0 hugepages_total=0 hugepages_free=0 hugepages_surp=0 hugepages_size=1048576kB
[  146.076394][ T6301] Node 0 hugepages_total=2 hugepages_free=2 hugepages_surp=0 hugepages_size=2048kB
[  146.076409][ T6301] Node 1 hugepages_total=0 hugepages_free=0 hugepages_surp=0 hugepages_size=1048576kB
[  146.076424][ T6301] Node 1 hugepages_total=2 hugepages_free=2 hugepages_surp=0 hugepages_size=2048kB
[  146.076522][ T6301] 74909 total pagecache pages
[  146.076536][ T6301] 0 pages in swap cache
[  146.076543][ T6301] Free swap  = 124996kB
[  146.076549][ T6301] Total swap = 124996kB
[  146.076560][ T6301] 2097051 pages RAM
[  146.076567][ T6301] 0 pages HighMem/MovableOnly
[  146.076572][ T6301] 423696 pages reserved
[  146.076578][ T6301] 0 pages cma reserved
[  146.361357][ T6113] team0: Port device team_slave_0 added
[  146.460896][ T5888] usb 2-1: new high-speed USB device number 3 using dummy_hcd
[  146.572335][ T5814] Bluetooth: hci5: command 0x0c1a tx timeout
[  146.658741][ T5888] usb 2-1: New USB device found, idVendor=0525, idProduct=a4a1, bcdDevice= 0.40
[  146.658769][ T5888] usb 2-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  146.658788][ T5888] usb 2-1: Product: syz
[  146.658801][ T5888] usb 2-1: Manufacturer: syz
[  146.658815][ T5888] usb 2-1: SerialNumber: syz
[  147.459979][ T6309] =======================================================
[  147.459979][ T6309] WARNING: The mand mount option has been deprecated and
[  147.459979][ T6309]          and is ignored by this kernel. Remove the mand
[  147.459979][ T6309]          option from the mount to silence this warning.
[  147.459979][ T6309] =======================================================
[  147.533427][ T6309] overlayfs: "xino" feature enabled using 3 upper inode bits.
[  148.365630][ T6308] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy
[  148.366236][ T6308] misc raw-gadget: fail, usb_gadget_register_driver returned -16
[  148.469663][ T6314] kvm_intel: L1TF CPU bug present and SMT on, data leak possible. See CVE-2018-3646 and https://www.kernel.org/doc/html/latest/admin-guide/hw-vuln/l1tf.html for details.
[  148.940654][  T808] usb 1-1: new high-speed USB device number 6 using dummy_hcd
[  149.120675][  T808] usb 1-1: config 2 has an invalid interface number: 39 but max is 0
[  149.120783][  T808] usb 1-1: config 2 has no interface number 0
[  149.120815][  T808] usb 1-1: config 2 interface 39 has no altsetting 0
[  149.126417][  T808] usb 1-1: New USB device found, idVendor=0bfd, idProduct=0119, bcdDevice=e4.9a
[  149.126446][  T808] usb 1-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  149.126466][  T808] usb 1-1: Product: syz
[  149.126572][  T808] usb 1-1: Manufacturer: syz
[  149.126587][  T808] usb 1-1: SerialNumber: syz
[  149.251685][ T6113] team0: Port device team_slave_1 added
[  149.269228][ T6312] sch_tbf: burst 2 is lower than device netdevsim0 mtu (1514) !
[  149.467562][  T808] kvaser_usb 1-1:2.39: error -ENODEV: Cannot get usb endpoint(s)
[  149.524379][  T808] usb 1-1: USB disconnect, device number 6
[  149.798509][ T5888] cdc_ncm 2-1:1.0: SET_NTB_FORMAT failed
[  149.822521][ T5888] cdc_ncm 2-1:1.0: bind() failure
[  149.921659][ T5888] cdc_ncm 2-1:1.1: CDC Union missing and no IAD found
[  149.921706][ T5888] cdc_ncm 2-1:1.1: bind() failure
[  150.376328][ T5888] usb 2-1: USB disconnect, device number 3
[  150.632510][  T808] usb 3-1: new high-speed USB device number 3 using dummy_hcd
[  151.684855][  T808] usb 3-1: Using ep0 maxpacket: 32
[  151.690449][  T808] usb 3-1: unable to get BOS descriptor or descriptor too short
[  151.700329][  T808] usb 3-1: New USB device found, idVendor=1235, idProduct=8214, bcdDevice= 0.40
[  151.700346][  T808] usb 3-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  151.700356][  T808] usb 3-1: Product: syz
[  151.700364][  T808] usb 3-1: Manufacturer: syz
[  151.700371][  T808] usb 3-1: SerialNumber: syz
[  153.057283][ T6346] pim6reg1: entered promiscuous mode
[  153.057299][ T6346] pim6reg1: entered allmulticast mode
[  153.390691][  T808] usb 3-1: 1:1 : incorrect wMaxPacketSize for BADD profile
[  153.441563][  T808] usb 3-1: incorrect wMaxPacketSize 0x3ff for BADD profile
[  153.497458][ T6113] batman_adv: batadv0: Adding interface: batadv_slave_0
[  153.497474][ T6113] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1532 would solve the problem.
[  153.497497][ T6113] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active
[  156.997151][ T6369] pim6reg1: entered promiscuous mode
[  156.997185][ T6369] pim6reg1: entered allmulticast mode
[  157.082375][  T808] snd-usb-audio 3-1:1.0: probe with driver snd-usb-audio failed with error -22
[  157.117315][  T808] usb 3-1: USB disconnect, device number 3
[  157.193553][ T5970] udevd[5970]: error opening ATTR{/sys/devices/platform/dummy_hcd.2/usb3/3-1/3-1:1.0/sound/card3/controlC3/../uevent} for writing: No such file or directory
[  157.348008][ T6113] batman_adv: batadv0: Adding interface: batadv_slave_1
[  157.348024][ T6113] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1532 would solve the problem.
[  157.348048][ T6113] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active
[  160.471860][  T808] usb 1-1: new high-speed USB device number 7 using dummy_hcd
[  160.622424][  T808] usb 1-1: config 1 has an invalid descriptor of length 0, skipping remainder of the config
[  160.622519][  T808] usb 1-1: config 1 interface 1 altsetting 1 has 0 endpoint descriptors, different from the interface descriptor's value: 2
[  160.625766][  T808] usb 1-1: New USB device found, idVendor=0525, idProduct=a4a1, bcdDevice= 0.40
[  160.625795][  T808] usb 1-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  160.625814][  T808] usb 1-1: Product: syz
[  160.625827][  T808] usb 1-1: Manufacturer: syz
[  160.625842][  T808] usb 1-1: SerialNumber: syz
[  160.991894][   T43] hsr_slave_0: left promiscuous mode
[  162.451166][   T43] hsr_slave_1: left promiscuous mode
[  162.562841][   T43] batman_adv: batadv0: Interface deactivated: batadv_slave_0
[  162.563005][   T43] batman_adv: batadv0: Removing interface: batadv_slave_0
[  162.902558][   T37] kauditd_printk_skb: 66 callbacks suppressed
[  162.902576][   T37] audit: type=1326 audit(1776227576.410:201): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=6405 comm="syz.3.106" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f62e23fc819 code=0x7ffc0000
[  162.902620][   T37] audit: type=1326 audit(1776227576.410:202): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=6405 comm="syz.3.106" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f62e23fc819 code=0x7ffc0000
[  162.902645][   T37] audit: type=1326 audit(1776227576.410:203): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=6405 comm="syz.3.106" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f62e23fc819 code=0x7ffc0000
[  162.902666][   T37] audit: type=1326 audit(1776227576.410:204): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=6405 comm="syz.3.106" exe="/root/syz-executor" sig=0 arch=c000003e syscall=41 compat=0 ip=0x7f62e23fc819 code=0x7ffc0000
[  162.902698][   T37] audit: type=1326 audit(1776227576.410:205): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=6405 comm="syz.3.106" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f62e23fc819 code=0x7ffc0000
[  162.906513][   T37] audit: type=1326 audit(1776227576.410:206): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=6405 comm="syz.3.106" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f62e23fc819 code=0x7ffc0000
[  162.906559][   T37] audit: type=1326 audit(1776227576.410:207): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=6405 comm="syz.3.106" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f62e23fc819 code=0x7ffc0000
[  162.906591][   T37] audit: type=1326 audit(1776227576.410:208): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=6405 comm="syz.3.106" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f62e23fc819 code=0x7ffc0000
[  162.906611][   T37] audit: type=1326 audit(1776227576.410:210): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=6405 comm="syz.3.106" exe="/root/syz-executor" sig=0 arch=c000003e syscall=41 compat=0 ip=0x7f62e23fc819 code=0x7ffc0000
[  162.906633][   T37] audit: type=1326 audit(1776227576.410:209): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=6405 comm="syz.3.106" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f62e23fc819 code=0x7ffc0000
[  163.206834][   T43] batman_adv: batadv0: Interface deactivated: batadv_slave_1
[  163.206863][   T43] batman_adv: batadv0: Removing interface: batadv_slave_1
[  163.230874][  T808] cdc_ncm 1-1:1.0: bind() failure
[  163.253939][  T808] cdc_ncm 1-1:1.1: CDC Union missing and no IAD found
[  163.253985][  T808] cdc_ncm 1-1:1.1: bind() failure
[  163.293934][  T808] usb 1-1: USB disconnect, device number 7
[  164.302999][   T43] veth1_macvtap: left promiscuous mode
[  164.303231][   T43] veth0_macvtap: left promiscuous mode
[  164.304415][   T43] veth1_vlan: left promiscuous mode
[  164.304953][   T43] veth0_vlan: left promiscuous mode
[  165.171004][   T43] team0 (unregistering): Port device team_slave_1 removed
[  165.221026][   T43] team0 (unregistering): Port device team_slave_0 removed
[  165.515868][ T6418] pim6reg1: entered promiscuous mode
[  165.515893][ T6418] pim6reg1: entered allmulticast mode
[  166.111537][ T6438] FAULT_INJECTION: forcing a failure.
[  166.111537][ T6438] name fail_usercopy, interval 1, probability 0, space 0, times 0
[  166.111569][ T6438] CPU: 1 UID: 0 PID: 6438 Comm: syz.3.112 Not tainted syzkaller #0 PREEMPT_{RT,(full)} 
[  166.111591][ T6438] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 03/18/2026
[  166.111602][ T6438] Call Trace:
[  166.111609][ T6438]  <TASK>
[  166.111618][ T6438]  dump_stack_lvl+0xe8/0x150
[  166.111652][ T6438]  should_fail_ex+0x46b/0x600
[  166.111687][ T6438]  _copy_to_user+0x31/0xb0
[  166.111711][ T6438]  simple_read_from_buffer+0xe1/0x170
[  166.111743][ T6438]  proc_fail_nth_read+0x1be/0x230
[  166.111774][ T6438]  ? __pfx_proc_fail_nth_read+0x10/0x10
[  166.111804][ T6438]  ? rw_verify_area+0x2ac/0x4e0
[  166.111833][ T6438]  ? __pfx_proc_fail_nth_read+0x10/0x10
[  166.111862][ T6438]  vfs_read+0x212/0xa80
[  166.111889][ T6438]  ? __pfx_vfs_read+0x10/0x10
[  166.111910][ T6438]  ? _raw_spin_unlock_irqrestore+0x30/0x80
[  166.111938][ T6438]  ? lockdep_hardirqs_on+0x7a/0x110
[  166.111965][ T6438]  ? _raw_spin_unlock_irqrestore+0x4c/0x80
[  166.111993][ T6438]  ? mutex_lock_nested+0x152/0x1d0
[  166.112013][ T6438]  ? fdget_pos+0x252/0x320
[  166.112046][ T6438]  ksys_read+0x156/0x270
[  166.112067][ T6438]  ? __pfx_ksys_read+0x10/0x10
[  166.112094][ T6438]  ? entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  166.112119][ T6438]  do_syscall_64+0x15f/0xf80
[  166.112145][ T6438]  ? trace_irq_disable+0x3b/0x140
[  166.112170][ T6438]  ? clear_bhb_loop+0x40/0x90
[  166.112193][ T6438]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  166.112218][ T6438] RIP: 0033:0x7f62e23bd04e
[  166.112236][ T6438] Code: 08 0f 85 a5 a8 ff ff 49 89 fb 48 89 f0 48 89 d7 48 89 ce 4c 89 c2 4d 89 ca 4c 8b 44 24 08 4c 8b 4c 24 10 4c 89 5c 24 08 0f 05 <c3> 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 80 00 00 00 00 48 83 ec 08
[  166.112251][ T6438] RSP: 002b:00007f62e0655fe8 EFLAGS: 00000246 ORIG_RAX: 0000000000000000
[  166.112271][ T6438] RAX: ffffffffffffffda RBX: 00007f62e06566c0 RCX: 00007f62e23bd04e
[  166.112284][ T6438] RDX: 000000000000000f RSI: 00007f62e06560a0 RDI: 0000000000000004
[  166.112296][ T6438] RBP: 00007f62e0656090 R08: 0000000000000000 R09: 0000000000000000
[  166.112308][ T6438] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[  166.112319][ T6438] R13: 00007f62e2676038 R14: 00007f62e2675fa0 R15: 00007ffdb65b60d8
[  166.112350][ T6438]  </TASK>
[  166.891661][ T6440] overlayfs: statfs failed on './file0'
[  167.469457][ T6113] hsr_slave_0: entered promiscuous mode
[  167.477962][ T6113] hsr_slave_1: entered promiscuous mode
[  167.486946][ T6113] debugfs: 'hsr0' already exists in 'hsr'
[  167.486971][ T6113] Cannot create hsr debugfs directory
[  167.600315][  T807] usb 4-1: new high-speed USB device number 2 using dummy_hcd
[  167.766190][  T807] usb 4-1: config 1 has an invalid descriptor of length 0, skipping remainder of the config
[  167.766261][  T807] usb 4-1: config 1 interface 1 altsetting 1 has 0 endpoint descriptors, different from the interface descriptor's value: 2
[  167.769910][  T807] usb 4-1: New USB device found, idVendor=0525, idProduct=a4a1, bcdDevice= 0.40
[  167.769940][  T807] usb 4-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  167.769959][  T807] usb 4-1: Product: syz
[  167.769974][  T807] usb 4-1: Manufacturer: syz
[  167.769996][  T807] usb 4-1: SerialNumber: syz
[  170.246136][ T5814] Bluetooth: hci0: Opcode 0x1003 failed: -110
[  170.603088][  T807] cdc_ncm 4-1:1.0: bind() failure
[  170.641336][  T807] cdc_ncm 4-1:1.1: CDC Union missing and no IAD found
[  170.641381][  T807] cdc_ncm 4-1:1.1: bind() failure
[  170.680840][  T807] usb 4-1: USB disconnect, device number 2
[  170.781990][ T6478] /dev/nullb0: Can't open blockdev
[  171.675728][ T6480] syz.0.124 uses obsolete (PF_INET,SOCK_PACKET)
[  173.220711][ T6491] netlink: 8 bytes leftover after parsing attributes in process `syz.3.126'.
[  173.729235][ T6492] Bluetooth: hci1: Opcode 0x0c1a failed: -4
[  173.729350][ T6492] Bluetooth: hci2: Opcode 0x0c1a failed: -4
[  173.729443][ T6492] Bluetooth: hci3: Opcode 0x0c1a failed: -4
[  173.729541][ T6492] Bluetooth: hci4: Opcode 0x0c1a failed: -4
[  173.729633][ T6492] Bluetooth: hci5: Opcode 0x0c1a failed: -4
[  174.196159][ T6500] fuse: Bad value for 'fd'
[  175.395288][ T6113] netdevsim netdevsim5 netdevsim0: renamed from eth0
[  175.533232][ T6113] netdevsim netdevsim5 netdevsim1: renamed from eth1
[  175.743957][ T6113] netdevsim netdevsim5 netdevsim2: renamed from eth2
[  175.760361][ T5814] Bluetooth: hci2: command 0x0c1a tx timeout
[  175.760397][ T5814] Bluetooth: hci5: command 0x0c1a tx timeout
[  175.760422][ T5814] Bluetooth: hci4: command 0x0c1a tx timeout
[  175.760447][ T5814] Bluetooth: hci3: command 0x0c1a tx timeout
[  175.760470][ T5814] Bluetooth: hci1: command 0x0c1a tx timeout
[  175.889992][ T6113] netdevsim netdevsim5 netdevsim3: renamed from eth3
[  176.446666][ T6520] warning: `syz.0.131' uses wireless extensions which will stop working for Wi-Fi 7 hardware; use nl80211
[  176.498067][ T6520] erspan1: entered allmulticast mode
[  176.766963][ T6113] 8021q: adding VLAN 0 to HW filter on device bond0
[  176.812511][ T6113] 8021q: adding VLAN 0 to HW filter on device team0
[  176.976986][   T67] bridge0: port 1(bridge_slave_0) entered blocking state
[  176.991012][   T67] bridge0: port 1(bridge_slave_0) entered forwarding state
[  176.994953][   T67] bridge0: port 2(bridge_slave_1) entered blocking state
[  176.995099][   T67] bridge0: port 2(bridge_slave_1) entered forwarding state
[  178.104293][ T6529] A link change request failed with some changes committed already. Interface caif0 may have been left with an inconsistent configuration, please check.
[  179.975340][ T5814] Bluetooth: hci0: unexpected cc 0x0c03 length: 249 > 1
[  179.995889][ T5814] Bluetooth: hci0: unexpected cc 0x1003 length: 249 > 9
[  180.020439][ T5814] Bluetooth: hci0: unexpected cc 0x1001 length: 249 > 9
[  180.025795][ T5814] Bluetooth: hci0: unexpected cc 0x0c23 length: 249 > 4
[  180.028915][ T5814] Bluetooth: hci0: unexpected cc 0x0c38 length: 249 > 2
[  182.080775][ T5120] Bluetooth: hci0: command tx timeout
[  183.585413][ T6562] netlink: 8 bytes leftover after parsing attributes in process `syz.0.139'.
[  184.004307][ T6560] Bluetooth: hci1: Opcode 0x0c1a failed: -4
[  184.005152][ T6560] Bluetooth: hci2: Opcode 0x0c1a failed: -4
[  184.005266][ T6560] Bluetooth: hci3: Opcode 0x0c1a failed: -4
[  184.005369][ T6560] Bluetooth: hci4: Opcode 0x0c1a failed: -4
[  184.005472][ T6560] Bluetooth: hci0: Opcode 0x0c1a failed: -4
[  184.005513][ T6560] Bluetooth: hci0: Opcode 0x0406 failed: -4
[  184.141397][ T6560] Bluetooth: hci0: Opcode 0x0406 failed: -4
[  186.103881][ T5814] Bluetooth: hci0: command 0x040f tx timeout
[  186.104009][ T5814] Bluetooth: hci4: command 0x0c1a tx timeout
[  186.104037][ T5814] Bluetooth: hci3: command 0x0c1a tx timeout
[  186.104063][ T5814] Bluetooth: hci2: command 0x0c1a tx timeout
[  186.104089][ T5814] Bluetooth: hci1: command 0x0c1a tx timeout
[  186.977303][ T6589] A link change request failed with some changes committed already. Interface caif0 may have been left with an inconsistent configuration, please check.
[  187.050041][ T6581] netlink: 8 bytes leftover after parsing attributes in process `syz.3.138'.
[  187.050089][ T6581] netlink: 8 bytes leftover after parsing attributes in process `syz.3.138'.
[  187.822649][ T6602] faux_driver vkms: [drm] Unknown color mode 9; guessing buffer size.
[  188.160328][ T5120] Bluetooth: hci0: command 0x040f tx timeout
[  188.328772][ T1220] Bluetooth: hci5: Frame reassembly failed (-84)
[  189.284357][ T6615] FAULT_INJECTION: forcing a failure.
[  189.284357][ T6615] name failslab, interval 1, probability 0, space 0, times 0
[  189.284451][ T6615] CPU: 0 UID: 0 PID: 6615 Comm: syz.2.147 Not tainted syzkaller #0 PREEMPT_{RT,(full)} 
[  189.284473][ T6615] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 03/18/2026
[  189.284483][ T6615] Call Trace:
[  189.284491][ T6615]  <TASK>
[  189.284500][ T6615]  dump_stack_lvl+0xe8/0x150
[  189.284534][ T6615]  should_fail_ex+0x46b/0x600
[  189.284566][ T6615]  ? __pfx_sock_alloc_inode+0x10/0x10
[  189.284587][ T6615]  should_failslab+0xa8/0x100
[  189.284609][ T6615]  ? __pfx_sock_alloc_inode+0x10/0x10
[  189.284627][ T6615]  kmem_cache_alloc_lru_noprof+0x8b/0x680
[  189.284645][ T6615]  ? sock_alloc_inode+0x2c/0x190
[  189.284665][ T6615]  ? __pfx_sock_alloc_inode+0x10/0x10
[  189.284681][ T6615]  sock_alloc_inode+0x2c/0x190
[  189.284699][ T6615]  ? __pfx_sock_alloc_inode+0x10/0x10
[  189.284715][ T6615]  alloc_inode+0x6a/0x1b0
[  189.284739][ T6615]  __sock_create+0x12d/0x9d0
[  189.284760][ T6615]  ? irqentry_exit+0x61a/0x700
[  189.284792][ T6615]  mptcp_subflow_create_socket+0xfb/0x800
[  189.284817][ T6615]  ? __pfx_mptcp_subflow_create_socket+0x10/0x10
[  189.284845][ T6615]  __mptcp_nmpc_sk+0x14e/0x790
[  189.284867][ T6615]  ? __pfx___mptcp_nmpc_sk+0x10/0x10
[  189.284888][ T6615]  ? __local_bh_enable_ip+0x1c2/0x2b0
[  189.284918][ T6615]  mptcp_listen+0x112/0x610
[  189.284949][ T6615]  __x64_sys_listen+0x1cd/0x240
[  189.284970][ T6615]  ? entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  189.284989][ T6615]  do_syscall_64+0x15f/0xf80
[  189.285019][ T6615]  ? clear_bhb_loop+0x40/0x90
[  189.285042][ T6615]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  189.285060][ T6615] RIP: 0033:0x7efe9dc3c819
[  189.285079][ T6615] Code: ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 e8 ff ff ff f7 d8 64 89 01 48
[  189.285094][ T6615] RSP: 002b:00007efe9be75028 EFLAGS: 00000246 ORIG_RAX: 0000000000000032
[  189.285114][ T6615] RAX: ffffffffffffffda RBX: 00007efe9deb6090 RCX: 00007efe9dc3c819
[  189.285128][ T6615] RDX: 0000000000000000 RSI: 0000000000000028 RDI: 0000000000000005
[  189.285140][ T6615] RBP: 00007efe9be75090 R08: 0000000000000000 R09: 0000000000000000
[  189.285151][ T6615] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[  189.285162][ T6615] R13: 00007efe9deb6128 R14: 00007efe9deb6090 R15: 00007fff89866ba8
[  189.285193][ T6615]  </TASK>
[  189.285264][ T6615] socket: no more sockets
[  190.261940][ T5814] Bluetooth: hci0: command 0x040f tx timeout
[  190.403828][ T5120] Bluetooth: hci5: Opcode 0x1003 failed: -110
[  190.700377][  T808] usb 4-1: new high-speed USB device number 3 using dummy_hcd
[  190.834891][ T6619] netlink: 28 bytes leftover after parsing attributes in process `syz.2.149'.
[  190.853369][  T808] usb 4-1: Using ep0 maxpacket: 8
[  190.893047][  T808] usb 4-1: New USB device found, idVendor=0c45, idProduct=613e, bcdDevice=c4.6d
[  190.893079][  T808] usb 4-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  190.893101][  T808] usb 4-1: Product: syz
[  190.893115][  T808] usb 4-1: Manufacturer: syz
[  190.893130][  T808] usb 4-1: SerialNumber: syz
[  190.949373][  T808] usb 4-1: config 0 descriptor??
[  191.007378][  T808] gspca_main: sonixj-2.14.0 probing 0c45:613e
[  191.141859][ T5888] usb 1-1: new full-speed USB device number 8 using dummy_hcd
[  191.312601][ T5888] usb 1-1: config 1 has an invalid descriptor of length 0, skipping remainder of the config
[  191.312626][ T5888] usb 1-1: config 1 has 2 interfaces, different from the descriptor's value: 3
[  191.315273][ T5888] usb 1-1: New USB device found, idVendor=041e, idProduct=3000, bcdDevice= 0.40
[  191.315300][ T5888] usb 1-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  191.315319][ T5888] usb 1-1: Product: syz
[  191.315333][ T5888] usb 1-1: Manufacturer: syz
[  191.315348][ T5888] usb 1-1: SerialNumber: syz
[  191.520395][  T808] gspca_sonixj: reg_w1 err -110
[  191.520489][  T808] sonixj 4-1:0.0: probe with driver sonixj failed with error -110
[  191.746130][ T6623] bridge0: port 2(bridge_slave_1) entered disabled state
[  191.794345][ T6623] bridge0: port 1(bridge_slave_0) entered disabled state
[  191.931468][ T6545] chnl_net:caif_netlink_parms(): no params data found
[  192.254791][  T808] usb 4-1: USB disconnect, device number 3
[  192.320815][ T5120] Bluetooth: hci0: command 0x040f tx timeout
[  192.730326][ T5888] usb 1-1: 0:2 : does not exist
[  192.730425][ T5888] usb 1-1: unit 4 not found!
[  192.730444][ T5888] usb 1-1: unit 132 not found!
[  192.763813][   T31] usb 3-1: new high-speed USB device number 4 using dummy_hcd
[  192.950920][   T31] usb 3-1: Using ep0 maxpacket: 32
[  192.957353][   T31] usb 3-1: unable to get BOS descriptor or descriptor too short
[  192.984282][   T31] usb 3-1: New USB device found, idVendor=1235, idProduct=8214, bcdDevice= 0.40
[  192.984312][   T31] usb 3-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  192.984331][   T31] usb 3-1: Product: syz
[  192.984345][   T31] usb 3-1: Manufacturer: syz
[  192.984360][   T31] usb 3-1: SerialNumber: syz
[  193.483509][ T6640] netlink: 8 bytes leftover after parsing attributes in process `syz.1.154'.
[  193.483547][ T6640] netlink: 8 bytes leftover after parsing attributes in process `syz.1.154'.
[  193.525403][   T31] usb 3-1: 1:1 : incorrect wMaxPacketSize for BADD profile
[  193.527385][   T31] usb 3-1: incorrect wMaxPacketSize 0x3ff for BADD profile
[  193.636335][ T5888] usb 1-1: USB disconnect, device number 8
[  194.183500][   T31] snd-usb-audio 3-1:1.0: probe with driver snd-usb-audio failed with error -22
[  194.188562][ T6545] bridge0: port 1(bridge_slave_0) entered blocking state
[  194.188737][ T6545] bridge0: port 1(bridge_slave_0) entered disabled state
[  194.188949][ T6545] bridge_slave_0: entered allmulticast mode
[  194.993125][ T5120] Bluetooth: hci0: command 0x040f tx timeout
[  195.087283][ T6645] overlayfs: missing 'lowerdir'
[  195.100941][ T1324] ieee802154 phy0 wpan0: encryption failed: -22
[  195.101006][ T1324] ieee802154 phy1 wpan1: encryption failed: -22
[  195.215086][ T6545] bridge_slave_0: entered promiscuous mode
[  195.240619][   T31] usb 3-1: USB disconnect, device number 4
[  195.304295][ T6545] bridge0: port 2(bridge_slave_1) entered blocking state
[  195.304422][ T6545] bridge0: port 2(bridge_slave_1) entered disabled state
[  195.304632][ T6545] bridge_slave_1: entered allmulticast mode
[  195.347379][ T5970] udevd[5970]: error opening ATTR{/sys/devices/platform/dummy_hcd.2/usb3/3-1/3-1:1.0/sound/card4/controlC4/../uevent} for writing: No such file or directory
[  195.381473][ T6545] bridge_slave_1: entered promiscuous mode
[  195.776714][   T37] kauditd_printk_skb: 86 callbacks suppressed
[  195.776732][   T37] audit: type=1326 audit(1776227609.280:297): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=6659 comm="syz.2.158" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7efe9dc3c819 code=0x7ffc0000
[  195.776765][   T37] audit: type=1326 audit(1776227609.280:298): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=6659 comm="syz.2.158" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7efe9dc3c819 code=0x7ffc0000
[  195.776793][   T37] audit: type=1326 audit(1776227609.280:299): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=6659 comm="syz.2.158" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7efe9dc3c819 code=0x7ffc0000
[  195.776821][   T37] audit: type=1326 audit(1776227609.280:300): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=6659 comm="syz.2.158" exe="/root/syz-executor" sig=0 arch=c000003e syscall=257 compat=0 ip=0x7efe9dbfd04e code=0x7ffc0000
[  195.776851][   T37] audit: type=1326 audit(1776227609.280:301): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=6659 comm="syz.2.158" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7efe9dc3c819 code=0x7ffc0000
[  195.776879][   T37] audit: type=1326 audit(1776227609.280:302): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=6659 comm="syz.2.158" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7efe9dc3c819 code=0x7ffc0000
[  195.809944][   T37] audit: type=1326 audit(1776227609.290:303): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=6659 comm="syz.2.158" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7efe9dc3c819 code=0x7ffc0000
[  195.809995][   T37] audit: type=1326 audit(1776227609.290:304): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=6659 comm="syz.2.158" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7efe9dc3c819 code=0x7ffc0000
[  195.810034][   T37] audit: type=1326 audit(1776227609.290:305): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=6659 comm="syz.2.158" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7efe9dc3c819 code=0x7ffc0000
[  195.810072][   T37] audit: type=1326 audit(1776227609.290:306): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=6659 comm="syz.2.158" exe="/root/syz-executor" sig=0 arch=c000003e syscall=17 compat=0 ip=0x7efe9dc3c819 code=0x7ffc0000
[  196.090854][ T6545] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link
[  196.177911][ T6545] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link
[  196.618143][ T6545] team0: Port device team_slave_0 added
[  196.645478][ T6545] team0: Port device team_slave_1 added
[  196.738789][   T56] bridge_slave_1: left allmulticast mode
[  196.738815][   T56] bridge_slave_1: left promiscuous mode
[  196.739036][   T56] bridge0: port 2(bridge_slave_1) entered disabled state
[  196.842061][   T56] bridge_slave_0: left allmulticast mode
[  196.842091][   T56] bridge_slave_0: left promiscuous mode
[  196.842337][   T56] bridge0: port 1(bridge_slave_0) entered disabled state
[  197.000439][  T808] usb 1-1: new high-speed USB device number 9 using dummy_hcd
[  197.223445][  T808] usb 1-1: Using ep0 maxpacket: 32
[  197.225703][  T808] usb 1-1: config 7 has an invalid interface number: 15 but max is 2
[  197.225728][  T808] usb 1-1: config 7 has an invalid interface number: 192 but max is 2
[  197.225748][  T808] usb 1-1: config 7 has an invalid interface number: 96 but max is 2
[  197.225768][  T808] usb 1-1: config 7 has an invalid interface number: 51 but max is 2
[  197.225788][  T808] usb 1-1: config 7 has 4 interfaces, different from the descriptor's value: 3
[  197.225808][  T808] usb 1-1: config 7 has no interface number 0
[  197.225824][  T808] usb 1-1: config 7 has no interface number 1
[  197.225839][  T808] usb 1-1: config 7 has no interface number 2
[  197.225855][  T808] usb 1-1: config 7 has no interface number 3
[  197.225932][  T808] usb 1-1: too many endpoints for config 7 interface 192 altsetting 139: 39, using maximum allowed: 30
[  197.225977][  T808] usb 1-1: config 7 interface 192 altsetting 139 has 0 endpoint descriptors, different from the interface descriptor's value: 39
[  197.226016][  T808] usb 1-1: config 7 interface 96 altsetting 255 endpoint 0xC has invalid maxpacket 1023, setting to 64
[  197.226055][  T808] usb 1-1: config 7 interface 51 altsetting 207 has a duplicate endpoint with address 0xA, skipping
[  197.226087][  T808] usb 1-1: config 7 interface 51 altsetting 207 has a duplicate endpoint with address 0xA, skipping
[  197.226110][  T808] usb 1-1: config 7 interface 15 has no altsetting 0
[  197.226127][  T808] usb 1-1: config 7 interface 192 has no altsetting 0
[  197.226145][  T808] usb 1-1: config 7 interface 96 has no altsetting 0
[  197.226162][  T808] usb 1-1: config 7 interface 51 has no altsetting 0
[  197.242054][  T808] usb 1-1: string descriptor 0 read error: -22
[  197.242191][  T808] usb 1-1: New USB device found, idVendor=12d1, idProduct=dfe6, bcdDevice=3f.1b
[  197.242213][  T808] usb 1-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  197.630397][ T6674] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy
[  197.636479][ T6674] misc raw-gadget: fail, usb_gadget_register_driver returned -16
[  197.733760][ T6672] netlink: 28 bytes leftover after parsing attributes in process `syz.1.161'.
[  197.857094][  T808] usb 1-1: USB disconnect, device number 9
[  198.260520][ T6089] usb 4-1: new full-speed USB device number 4 using dummy_hcd
[  198.444790][ T6089] usb 4-1: config 1 has an invalid descriptor of length 0, skipping remainder of the config
[  198.444816][ T6089] usb 4-1: config 1 has 2 interfaces, different from the descriptor's value: 3
[  198.447612][ T6089] usb 4-1: New USB device found, idVendor=041e, idProduct=3000, bcdDevice= 0.40
[  198.447639][ T6089] usb 4-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  198.447658][ T6089] usb 4-1: Product: syz
[  198.447672][ T6089] usb 4-1: Manufacturer: syz
[  198.447687][ T6089] usb 4-1: SerialNumber: syz
[  198.726612][ T5814] Bluetooth: hci0: command 0x040f tx timeout
[  199.758078][ T6688] netlink: 8 bytes leftover after parsing attributes in process `syz.1.166'.
[  199.758668][ T6688] netlink: 8 bytes leftover after parsing attributes in process `syz.1.166'.
[  199.964753][ T1928] Bluetooth: hci5: Frame reassembly failed (-90)
[  200.275344][   T56] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface
[  200.352714][   T56] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface
[  200.408036][   T56] bond0 (unregistering): Released all slaves
[  202.153070][ T5814] Bluetooth: hci5: command 0x1003 tx timeout
[  202.158679][ T5120] Bluetooth: hci5: Opcode 0x1003 failed: -110
[  202.491148][ T6545] batman_adv: batadv0: Adding interface: batadv_slave_0
[  202.491162][ T6545] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1532 would solve the problem.
[  202.491182][ T6545] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active
[  202.498051][ T6089] usb 4-1: 0:2 : does not exist
[  202.498118][ T6089] usb 4-1: unit 4 not found!
[  202.498132][ T6089] usb 4-1: unit 132 not found!
[  202.564296][ T6545] batman_adv: batadv0: Adding interface: batadv_slave_1
[  202.564310][ T6545] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1532 would solve the problem.
[  202.564333][ T6545] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active
[  204.146318][ T6089] usb 4-1: USB disconnect, device number 4
[  205.349196][ T6545] hsr_slave_0: entered promiscuous mode
[  205.350477][ T6545] hsr_slave_1: entered promiscuous mode
[  205.351098][ T6545] debugfs: 'hsr0' already exists in 'hsr'
[  205.351113][ T6545] Cannot create hsr debugfs directory
[  206.600729][ T6726] Bluetooth: hci1: Opcode 0x0c1a failed: -4
[  206.600906][ T6726] Bluetooth: hci2: Opcode 0x0c1a failed: -4
[  206.613483][ T6726] Bluetooth: hci3: Opcode 0x0c1a failed: -4
[  206.613588][ T6726] Bluetooth: hci4: Opcode 0x0c1a failed: -4
[  206.613693][ T6726] Bluetooth: hci0: Opcode 0x0c1a failed: -4
[  206.661245][ T5851] udevd[5851]: error opening ATTR{/sys/devices/platform/dummy_hcd.3/usb4/4-1/4-1:1.0/sound/card3/controlC3/../uevent} for writing: No such file or directory
[  206.982905][   T56] hsr_slave_0: left promiscuous mode
[  207.110537][   T56] hsr_slave_1: left promiscuous mode
[  207.111553][   T56] batman_adv: batadv0: Removing interface: batadv_slave_0
[  207.203909][   T56] batman_adv: batadv0: Removing interface: batadv_slave_1
[  208.645850][ T5814] Bluetooth: hci0: command 0x040f tx timeout
[  208.645894][ T5814] Bluetooth: hci4: command 0x0c1a tx timeout
[  208.645919][ T5814] Bluetooth: hci3: command 0x0c1a tx timeout
[  208.646017][ T5814] Bluetooth: hci2: command 0x0c1a tx timeout
[  208.646043][ T5814] Bluetooth: hci1: command 0x0c1a tx timeout
[  210.640305][ T5801] Bluetooth: hci5: command 0x1003 tx timeout
[  210.640488][ T5120] Bluetooth: hci5: Opcode 0x1003 failed: -110
[  210.686558][   T37] kauditd_printk_skb: 116 callbacks suppressed
[  210.686576][   T37] audit: type=1326 audit(1776227624.190:423): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=6768 comm="syz.1.182" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f5de623c819 code=0x7ffc0000
[  210.686861][   T37] audit: type=1326 audit(1776227624.190:424): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=6768 comm="syz.1.182" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f5de623c819 code=0x7ffc0000
[  210.743269][   T37] audit: type=1326 audit(1776227624.250:425): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=6768 comm="syz.1.182" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f5de623c819 code=0x7ffc0000
[  210.743318][   T37] audit: type=1326 audit(1776227624.250:426): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=6768 comm="syz.1.182" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f5de623c819 code=0x7ffc0000
[  210.748049][   T37] audit: type=1326 audit(1776227624.250:427): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=6768 comm="syz.1.182" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f5de623c819 code=0x7ffc0000
[  210.748093][   T37] audit: type=1326 audit(1776227624.250:428): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=6768 comm="syz.1.182" exe="/root/syz-executor" sig=0 arch=c000003e syscall=257 compat=0 ip=0x7f5de61fd04e code=0x7ffc0000
[  210.748133][   T37] audit: type=1326 audit(1776227624.250:429): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=6768 comm="syz.1.182" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f5de623c819 code=0x7ffc0000
[  210.748170][   T37] audit: type=1326 audit(1776227624.250:430): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=6768 comm="syz.1.182" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f5de623c819 code=0x7ffc0000
[  210.748208][   T37] audit: type=1326 audit(1776227624.250:431): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=6768 comm="syz.1.182" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f5de623c819 code=0x7ffc0000
[  210.748260][   T37] audit: type=1326 audit(1776227624.250:432): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=6768 comm="syz.1.182" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f5de623c819 code=0x7ffc0000
[  211.380821][   T56] team0 (unregistering): Port device team_slave_1 removed
[  211.420822][   T56] team0 (unregistering): Port device team_slave_0 removed
[  214.923408][ T6802] FAULT_INJECTION: forcing a failure.
[  214.923408][ T6802] name failslab, interval 1, probability 0, space 0, times 0
[  214.923440][ T6802] CPU: 1 UID: 0 PID: 6802 Comm: syz.2.195 Not tainted syzkaller #0 PREEMPT_{RT,(full)} 
[  214.923463][ T6802] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 03/18/2026
[  214.923474][ T6802] Call Trace:
[  214.923482][ T6802]  <TASK>
[  214.923490][ T6802]  dump_stack_lvl+0xe8/0x150
[  214.923523][ T6802]  should_fail_ex+0x46b/0x600
[  214.923557][ T6802]  should_failslab+0xa8/0x100
[  214.923580][ T6802]  kmem_cache_alloc_noprof+0x87/0x680
[  214.923611][ T6802]  ? posix_lock_inode+0x35d/0x3d90
[  214.923649][ T6802]  posix_lock_inode+0x35d/0x3d90
[  214.923675][ T6802]  ? smk_tskacc+0x311/0x3a0
[  214.923708][ T6802]  ? smack_file_lock+0x1e4/0x280
[  214.923728][ T6802]  ? __pfx_smack_file_lock+0x10/0x10
[  214.923757][ T6802]  ? __pfx_posix_lock_inode+0x10/0x10
[  214.923793][ T6802]  fcntl_setlk+0x9de/0x1090
[  214.923831][ T6802]  ? __pfx_fcntl_setlk+0x10/0x10
[  214.923864][ T6802]  do_fcntl+0x981/0x19e0
[  214.923887][ T6802]  ? smack_file_fcntl+0x27a/0x320
[  214.923907][ T6802]  ? __pfx_do_fcntl+0x10/0x10
[  214.923926][ T6802]  ? __pfx_smack_file_fcntl+0x10/0x10
[  214.923955][ T6802]  ? __sanitizer_cov_trace_pc+0x8/0x80
[  214.923986][ T6802]  ? bpf_lsm_file_fcntl+0x9/0x20
[  214.924012][ T6802]  __se_sys_fcntl+0xcb/0x160
[  214.924030][ T6802]  ? entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  214.924052][ T6802]  do_syscall_64+0x15f/0xf80
[  214.924079][ T6802]  ? trace_irq_disable+0x3b/0x140
[  214.924103][ T6802]  ? clear_bhb_loop+0x40/0x90
[  214.924126][ T6802]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  214.924145][ T6802] RIP: 0033:0x7efe9dc3c819
[  214.924162][ T6802] Code: ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 e8 ff ff ff f7 d8 64 89 01 48
[  214.924178][ T6802] RSP: 002b:00007efe9be75028 EFLAGS: 00000246 ORIG_RAX: 0000000000000048
[  214.924199][ T6802] RAX: ffffffffffffffda RBX: 00007efe9deb6090 RCX: 00007efe9dc3c819
[  214.924213][ T6802] RDX: 0000200000000280 RSI: 0000000000000006 RDI: 0000000000000004
[  214.924225][ T6802] RBP: 00007efe9be75090 R08: 0000000000000000 R09: 0000000000000000
[  214.924237][ T6802] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[  214.924248][ T6802] R13: 00007efe9deb6128 R14: 00007efe9deb6090 R15: 00007fff89866ba8
[  214.924278][ T6802]  </TASK>
[  215.693178][   T37] kauditd_printk_skb: 99 callbacks suppressed
[  215.693189][   T37] audit: type=1326 audit(1776227629.190:532): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=6811 comm="syz.2.198" exe="/root/syz-executor" sig=0 arch=c000003e syscall=16 compat=0 ip=0x7efe9dc3c819 code=0x7ffc0000
[  215.693213][   T37] audit: type=1326 audit(1776227629.200:533): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=6811 comm="syz.2.198" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7efe9dc3c819 code=0x7ffc0000
[  215.696714][   T37] audit: type=1326 audit(1776227629.200:534): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=6811 comm="syz.2.198" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7efe9dc3c819 code=0x7ffc0000
[  215.696741][   T37] audit: type=1326 audit(1776227629.200:535): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=6811 comm="syz.2.198" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7efe9dc3c819 code=0x7ffc0000
[  215.699361][   T37] audit: type=1326 audit(1776227629.200:536): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=6811 comm="syz.2.198" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7efe9dc3c819 code=0x7ffc0000
[  215.699624][   T37] audit: type=1326 audit(1776227629.200:537): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=6811 comm="syz.2.198" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7efe9dc3c819 code=0x7ffc0000
[  215.764168][   T37] audit: type=1326 audit(1776227629.200:538): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=6811 comm="syz.2.198" exe="/root/syz-executor" sig=0 arch=c000003e syscall=16 compat=0 ip=0x7efe9dc3c819 code=0x7ffc0000
[  215.764203][   T37] audit: type=1326 audit(1776227629.270:539): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=6811 comm="syz.2.198" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7efe9dc3c819 code=0x7ffc0000
[  215.764225][   T37] audit: type=1326 audit(1776227629.270:540): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=6811 comm="syz.2.198" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7efe9dc3c819 code=0x7ffc0000
[  215.764245][   T37] audit: type=1326 audit(1776227629.270:541): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=6811 comm="syz.2.198" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7efe9dc3c819 code=0x7ffc0000
[  218.812917][ T6836] bridge0: port 2(bridge_slave_1) entered blocking state
[  218.813068][ T6836] bridge0: port 2(bridge_slave_1) entered forwarding state
[  218.814235][ T6836] bridge0: port 1(bridge_slave_0) entered blocking state
[  218.814383][ T6836] bridge0: port 1(bridge_slave_0) entered forwarding state
[  219.662524][ T6836] A link change request failed with some changes committed already. Interface caif0 may have been left with an inconsistent configuration, please check.
[  221.088208][ T5802] usb 2-1: new high-speed USB device number 4 using dummy_hcd
[  221.344649][ T5802] usb 2-1: New USB device found, idVendor=0525, idProduct=a4a1, bcdDevice= 0.40
[  221.344667][ T5802] usb 2-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  221.344680][ T5802] usb 2-1: Product: syz
[  221.344688][ T5802] usb 2-1: Manufacturer: syz
[  221.344695][ T5802] usb 2-1: SerialNumber: syz
[  222.810283][ T6893] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy
[  222.810848][ T6893] misc raw-gadget: fail, usb_gadget_register_driver returned -16
[  223.767776][   T37] kauditd_printk_skb: 24 callbacks suppressed
[  223.767796][   T37] audit: type=1326 audit(1776227637.160:566): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=6896 comm="syz.2.215" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7efe9dc3c819 code=0x7ffc0000
[  223.767840][   T37] audit: type=1326 audit(1776227637.160:567): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=6896 comm="syz.2.215" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7efe9dc3c819 code=0x7ffc0000
[  223.792881][   T37] audit: type=1326 audit(1776227637.300:568): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=6896 comm="syz.2.215" exe="/root/syz-executor" sig=0 arch=c000003e syscall=41 compat=0 ip=0x7efe9dc3c819 code=0x7ffc0000
[  223.792930][   T37] audit: type=1326 audit(1776227637.300:569): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=6896 comm="syz.2.215" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7efe9dc3c819 code=0x7ffc0000
[  223.792965][   T37] audit: type=1326 audit(1776227637.300:570): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=6896 comm="syz.2.215" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7efe9dc3c819 code=0x7ffc0000
[  223.807488][   T37] audit: type=1326 audit(1776227637.310:571): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=6896 comm="syz.2.215" exe="/root/syz-executor" sig=0 arch=c000003e syscall=54 compat=0 ip=0x7efe9dc3c819 code=0x7ffc0000
[  223.807535][   T37] audit: type=1326 audit(1776227637.310:572): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=6896 comm="syz.2.215" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7efe9dc3c819 code=0x7ffc0000
[  223.807571][   T37] audit: type=1326 audit(1776227637.310:573): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=6896 comm="syz.2.215" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7efe9dc3c819 code=0x7ffc0000
[  223.807606][   T37] audit: type=1326 audit(1776227637.310:574): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=6896 comm="syz.2.215" exe="/root/syz-executor" sig=0 arch=c000003e syscall=41 compat=0 ip=0x7efe9dc3c819 code=0x7ffc0000
[  223.807643][   T37] audit: type=1326 audit(1776227637.310:575): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=6896 comm="syz.2.215" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7efe9dc3c819 code=0x7ffc0000
[  225.071005][ T5802] cdc_ncm 2-1:1.0: SET_NTB_FORMAT failed
[  225.939670][ T5802] cdc_ncm 2-1:1.0: bind() failure
[  226.141551][ T5802] cdc_ncm 2-1:1.1: CDC Union missing and no IAD found
[  226.141598][ T5802] cdc_ncm 2-1:1.1: bind() failure
[  226.239809][ T5802] usb 2-1: USB disconnect, device number 4
[  227.372002][ T6926] overlayfs: statfs failed on './file0'
[  231.400363][ T6089] usb 3-1: new high-speed USB device number 5 using dummy_hcd
[  231.571903][ T6089] usb 3-1: Using ep0 maxpacket: 8
[  231.574904][ T6089] usb 3-1: unable to get BOS descriptor or descriptor too short
[  231.576414][ T6089] usb 3-1: config 7 has an invalid interface number: 83 but max is 0
[  231.576438][ T6089] usb 3-1: config 7 has no interface number 0
[  231.576467][ T6089] usb 3-1: config 7 interface 83 has no altsetting 0
[  232.286682][ T6089] usb 3-1: New USB device found, idVendor=046d, idProduct=08c5, bcdDevice=cb.ab
[  232.286711][ T6089] usb 3-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  232.286731][ T6089] usb 3-1: Product: syz
[  232.286744][ T6089] usb 3-1: Manufacturer: syz
[  232.286759][ T6089] usb 3-1: SerialNumber: syz
[  232.650546][ T5801] Bluetooth: hci0: command 0x040f tx timeout
[  232.817872][ T6089] uvcvideo 3-1:7.83: Found multiple Units with ID 1
[  232.818600][ T6089] uvcvideo 3-1:7.83: Found UVC 0.00 device syz (046d:08c5)
[  232.818625][ T6089] uvcvideo 3-1:7.83: No valid video chain found.
[  232.850945][ T6089] usb 3-1: USB disconnect, device number 5
[  233.020820][  T807] usb 1-1: new high-speed USB device number 10 using dummy_hcd
[  233.229026][  T807] usb 1-1: New USB device found, idVendor=0525, idProduct=a4a1, bcdDevice= 0.40
[  233.229057][  T807] usb 1-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  233.229073][  T807] usb 1-1: Product: syz
[  233.229086][  T807] usb 1-1: Manufacturer: syz
[  233.229100][  T807] usb 1-1: SerialNumber: syz
[  234.553228][ T6997] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy
[  234.563028][ T6997] misc raw-gadget: fail, usb_gadget_register_driver returned -16
[  235.884056][  T807] cdc_ncm 1-1:1.0: SET_NTB_FORMAT failed
[  235.911978][  T807] cdc_ncm 1-1:1.0: bind() failure
[  235.917140][  T807] cdc_ncm 1-1:1.1: CDC Union missing and no IAD found
[  235.917167][  T807] cdc_ncm 1-1:1.1: bind() failure
[  235.958011][  T807] usb 1-1: USB disconnect, device number 10
[  236.142080][ T6545] netdevsim netdevsim5 netdevsim0: renamed from eth0
[  236.189623][ T6545] netdevsim netdevsim5 netdevsim1: renamed from eth1
[  236.192315][ T7007] netlink: 34 bytes leftover after parsing attributes in process `syz.3.235'.
[  236.312414][ T6545] netdevsim netdevsim5 netdevsim2: renamed from eth2
[  236.403168][ T6545] netdevsim netdevsim5 netdevsim3: renamed from eth3
[  238.001348][ T6545] 8021q: adding VLAN 0 to HW filter on device bond0
[  239.798861][ T5801] Bluetooth: hci5: unexpected cc 0x0c03 length: 249 > 1
[  239.842599][ T5801] Bluetooth: hci5: unexpected cc 0x1003 length: 249 > 9
[  239.862080][ T5801] Bluetooth: hci5: unexpected cc 0x1001 length: 249 > 9
[  239.864416][ T5801] Bluetooth: hci5: unexpected cc 0x0c23 length: 249 > 4
[  239.866737][ T5801] Bluetooth: hci5: unexpected cc 0x0c38 length: 249 > 2
[  240.410307][ T5803] usb 4-1: new full-speed USB device number 5 using dummy_hcd
[  240.577116][ T5803] usb 4-1: config 1 has an invalid descriptor of length 0, skipping remainder of the config
[  240.577141][ T5803] usb 4-1: config 1 has 2 interfaces, different from the descriptor's value: 3
[  240.611904][ T5803] usb 4-1: New USB device found, idVendor=041e, idProduct=3000, bcdDevice= 0.40
[  240.611931][ T5803] usb 4-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  240.611963][ T5803] usb 4-1: Product: syz
[  240.611975][ T5803] usb 4-1: Manufacturer: syz
[  240.611986][ T5803] usb 4-1: SerialNumber: syz
[  242.014911][ T5801] Bluetooth: hci5: command tx timeout
[  243.657861][ T5803] usb 4-1: 0:2 : does not exist
[  243.657945][ T5803] usb 4-1: unit 4 not found!
[  243.657961][ T5803] usb 4-1: unit 132 not found!
[  243.932506][ T5803] usb 4-1: USB disconnect, device number 5
[  244.080322][ T5801] Bluetooth: hci5: command tx timeout
[  244.279661][ T5885] usb 3-1: new high-speed USB device number 6 using dummy_hcd
[  245.347644][ T7092] A link change request failed with some changes committed already. Interface caif0 may have been left with an inconsistent configuration, please check.
[  245.502089][ T5885] usb 3-1: New USB device found, idVendor=0525, idProduct=a4a1, bcdDevice= 0.40
[  245.502121][ T5885] usb 3-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  245.502139][ T5885] usb 3-1: Product: syz
[  245.502153][ T5885] usb 3-1: Manufacturer: syz
[  245.502166][ T5885] usb 3-1: SerialNumber: syz
[  245.505188][ T5981] udevd[5981]: error opening ATTR{/sys/devices/platform/dummy_hcd.3/usb4/4-1/4-1:1.0/sound/card3/controlC3/../uevent} for writing: No such file or directory
[  246.654980][ T5801] Bluetooth: hci5: command tx timeout
[  246.718693][ T7101] A link change request failed with some changes committed already. Interface caif0 may have been left with an inconsistent configuration, please check.
[  246.984629][ T5885] cdc_ncm 3-1:1.0: bind() failure
[  247.007464][ T5885] cdc_ncm 3-1:1.1: CDC Union missing and no IAD found
[  247.007492][ T5885] cdc_ncm 3-1:1.1: bind() failure
[  247.051451][ T5885] usb 3-1: USB disconnect, device number 6
[  248.721016][ T5801] Bluetooth: hci5: command tx timeout
[  250.152009][ T7117] netlink: 8 bytes leftover after parsing attributes in process `syz.2.253'.
[  250.615174][ T7118] Bluetooth: hci1: Opcode 0x0c1a failed: -4
[  250.615307][ T7118] Bluetooth: hci2: Opcode 0x0c1a failed: -4
[  250.615401][ T7118] Bluetooth: hci3: Opcode 0x0c1a failed: -4
[  250.615503][ T7118] Bluetooth: hci4: Opcode 0x0c1a failed: -4
[  250.615606][ T7118] Bluetooth: hci5: Opcode 0x0c1a failed: -4
[  250.615647][ T7118] Bluetooth: hci5: Opcode 0x0406 failed: -4
[  250.745748][   T37] kauditd_printk_skb: 16 callbacks suppressed
[  250.745765][   T37] audit: type=1326 audit(1776227664.250:592): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=7122 comm="syz.3.254" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f62e23fc819 code=0x7ffc0000
[  250.765170][ T7118] Bluetooth: hci5: Opcode 0x0406 failed: -4
[  250.767663][   T37] audit: type=1326 audit(1776227664.260:593): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=7122 comm="syz.3.254" exe="/root/syz-executor" sig=0 arch=c000003e syscall=41 compat=0 ip=0x7f62e23fc819 code=0x7ffc0000
[  250.767702][   T37] audit: type=1326 audit(1776227664.260:594): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=7122 comm="syz.3.254" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f62e23fc819 code=0x7ffc0000
[  250.773052][   T37] audit: type=1326 audit(1776227664.270:595): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=7122 comm="syz.3.254" exe="/root/syz-executor" sig=0 arch=c000003e syscall=54 compat=0 ip=0x7f62e23fc819 code=0x7ffc0000
[  250.806381][   T37] audit: type=1326 audit(1776227664.310:596): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=7122 comm="syz.3.254" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f62e23fc819 code=0x7ffc0000
[  250.806430][   T37] audit: type=1326 audit(1776227664.310:597): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=7122 comm="syz.3.254" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f62e23fc819 code=0x7ffc0000
[  250.806467][   T37] audit: type=1326 audit(1776227664.310:598): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=7122 comm="syz.3.254" exe="/root/syz-executor" sig=0 arch=c000003e syscall=41 compat=0 ip=0x7f62e23fc819 code=0x7ffc0000
[  250.806503][   T37] audit: type=1326 audit(1776227664.310:599): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=7122 comm="syz.3.254" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f62e23fc819 code=0x7ffc0000
[  250.812532][   T37] audit: type=1326 audit(1776227664.320:600): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=7122 comm="syz.3.254" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f62e23fc819 code=0x7ffc0000
[  250.812578][   T37] audit: type=1326 audit(1776227664.320:601): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=7122 comm="syz.3.254" exe="/root/syz-executor" sig=0 arch=c000003e syscall=257 compat=0 ip=0x7f62e23bd04e code=0x7ffc0000
[  250.927440][ T7125] netlink: 32 bytes leftover after parsing attributes in process `syz.1.255'.
[  252.640481][ T5801] Bluetooth: hci5: command 0x0c1a tx timeout
[  252.640590][ T5801] Bluetooth: hci3: command 0x0c1a tx timeout
[  252.640617][ T5801] Bluetooth: hci1: command 0x0c1a tx timeout
[  252.640642][ T5801] Bluetooth: hci4: command 0x0c1a tx timeout
[  252.640668][ T5814] Bluetooth: hci2: command 0x0c1a tx timeout
[  253.135960][ T7046] chnl_net:caif_netlink_parms(): no params data found
[  253.310296][  T807] usb 1-1: new high-speed USB device number 11 using dummy_hcd
[  253.480505][  T807] usb 1-1: New USB device found, idVendor=0525, idProduct=a4a1, bcdDevice= 0.40
[  253.480536][  T807] usb 1-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  253.480556][  T807] usb 1-1: Product: syz
[  253.480568][  T807] usb 1-1: Manufacturer: syz
[  253.480582][  T807] usb 1-1: SerialNumber: syz
[  254.798493][ T7180] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy
[  254.808115][ T7180] misc raw-gadget: fail, usb_gadget_register_driver returned -16
[  254.891884][ T5120] Bluetooth: hci5: command 0x0c1a tx timeout
[  255.874454][ T1324] ieee802154 phy0 wpan0: encryption failed: -22
[  255.874522][ T1324] ieee802154 phy1 wpan1: encryption failed: -22
[  256.114699][  T807] cdc_ncm 1-1:1.0: SET_NTB_FORMAT failed
[  256.125454][  T807] cdc_ncm 1-1:1.0: bind() failure
[  256.236521][  T807] cdc_ncm 1-1:1.1: CDC Union missing and no IAD found
[  256.236567][  T807] cdc_ncm 1-1:1.1: bind() failure
[  256.292617][ T7199] /dev/nullb0: Can't open blockdev
[  257.022014][ T5120] Bluetooth: hci5: command 0x0c1a tx timeout
[  257.048252][  T807] usb 1-1: USB disconnect, device number 11
[  257.636245][ T7046] bridge0: port 1(bridge_slave_0) entered blocking state
[  257.636323][ T7046] bridge0: port 1(bridge_slave_0) entered disabled state
[  257.636498][ T7046] bridge_slave_0: entered allmulticast mode
[  257.638303][ T7046] bridge_slave_0: entered promiscuous mode
[  259.375675][ T7046] bridge0: port 2(bridge_slave_1) entered blocking state
[  259.375834][ T7046] bridge0: port 2(bridge_slave_1) entered disabled state
[  259.376063][ T7046] bridge_slave_1: entered allmulticast mode
[  259.378840][ T7046] bridge_slave_1: entered promiscuous mode
[  259.423303][ T7212] overlayfs: statfs failed on './file0'
[  259.903785][ T7046] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link
[  259.965056][  T139] Bluetooth: hci0: Frame reassembly failed (-84)
[  260.510815][ T7046] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link
[  260.820715][ T5803] usb 1-1: new high-speed USB device number 12 using dummy_hcd
[  260.917087][ T7046] team0: Port device team_slave_0 added
[  260.941515][ T7046] team0: Port device team_slave_1 added
[  261.020785][ T5803] usb 1-1: New USB device found, idVendor=0525, idProduct=a4a1, bcdDevice= 0.40
[  261.020816][ T5803] usb 1-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  261.020836][ T5803] usb 1-1: Product: syz
[  261.020850][ T5803] usb 1-1: Manufacturer: syz
[  261.020865][ T5803] usb 1-1: SerialNumber: syz
[  261.490740][ T7046] batman_adv: batadv0: Adding interface: batadv_slave_0
[  261.490757][ T7046] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1532 would solve the problem.
[  261.490779][ T7046] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active
[  262.105739][ T7237] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy
[  262.112686][ T7237] misc raw-gadget: fail, usb_gadget_register_driver returned -16
[  262.263940][ T5801] Bluetooth: hci0: command 0x1003 tx timeout
[  262.264099][ T5120] Bluetooth: hci0: Opcode 0x1003 failed: -110
[  262.318254][ T7046] batman_adv: batadv0: Adding interface: batadv_slave_1
[  262.318271][ T7046] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1532 would solve the problem.
[  262.318296][ T7046] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active
[  262.433417][  T808] usb 3-1: new high-speed USB device number 7 using dummy_hcd
[  262.598828][ T7240] FAULT_INJECTION: forcing a failure.
[  262.598828][ T7240] name fail_usercopy, interval 1, probability 0, space 0, times 0
[  262.598888][ T7240] CPU: 1 UID: 0 PID: 7240 Comm: syz.1.278 Not tainted syzkaller #0 PREEMPT_{RT,(full)} 
[  262.598901][ T7240] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 03/18/2026
[  262.598908][ T7240] Call Trace:
[  262.598912][ T7240]  <TASK>
[  262.598917][ T7240]  dump_stack_lvl+0xe8/0x150
[  262.598937][ T7240]  should_fail_ex+0x46b/0x600
[  262.598957][ T7240]  _copy_from_user+0x2d/0xb0
[  262.598970][ T7240]  __se_sys_mount+0x18b/0x420
[  262.598987][ T7240]  ? __pfx___se_sys_mount+0x10/0x10
[  262.599007][ T7240]  ? __x64_sys_mount+0x20/0xc0
[  262.599020][ T7240]  ? entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  262.599031][ T7240]  do_syscall_64+0x15f/0xf80
[  262.599046][ T7240]  ? trace_irq_disable+0x3b/0x140
[  262.599060][ T7240]  ? clear_bhb_loop+0x40/0x90
[  262.599073][ T7240]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  262.599083][ T7240] RIP: 0033:0x7f5de623c819
[  262.599093][ T7240] Code: ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 e8 ff ff ff f7 d8 64 89 01 48
[  262.599102][ T7240] RSP: 002b:00007f5de4496028 EFLAGS: 00000246 ORIG_RAX: 00000000000000a5
[  262.599113][ T7240] RAX: ffffffffffffffda RBX: 00007f5de64b5fa0 RCX: 00007f5de623c819
[  262.599121][ T7240] RDX: 0000000000000000 RSI: 0000200000000000 RDI: 0000000000000000
[  262.599127][ T7240] RBP: 00007f5de4496090 R08: 0000200000001300 R09: 0000000000000000
[  262.599133][ T7240] R10: 0000000002110420 R11: 0000000000000246 R12: 0000000000000001
[  262.599140][ T7240] R13: 00007f5de64b6038 R14: 00007f5de64b5fa0 R15: 00007ffd9ca863e8
[  262.599155][ T7240]  </TASK>
[  262.634183][  T808] usb 3-1: config 1 has an invalid descriptor of length 0, skipping remainder of the config
[  262.634259][  T808] usb 3-1: config 1 interface 1 altsetting 1 has 0 endpoint descriptors, different from the interface descriptor's value: 2
[  262.637179][  T808] usb 3-1: New USB device found, idVendor=0525, idProduct=a4a1, bcdDevice= 0.40
[  262.637204][  T808] usb 3-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  262.637222][  T808] usb 3-1: Product: syz
[  262.637236][  T808] usb 3-1: Manufacturer: syz
[  262.637249][  T808] usb 3-1: SerialNumber: syz
[  262.958289][   T43] bridge_slave_1: left allmulticast mode
[  262.958317][   T43] bridge_slave_1: left promiscuous mode
[  262.958789][   T43] bridge0: port 2(bridge_slave_1) entered disabled state
[  263.137314][   T43] bridge_slave_0: left allmulticast mode
[  263.137760][   T43] bridge_slave_0: left promiscuous mode
[  263.139116][   T43] bridge0: port 1(bridge_slave_0) entered disabled state
[  263.176152][ T7243] /dev/nullb0: Can't open blockdev
[  263.869179][ T5120] Bluetooth: hci5: command 0x0c1a tx timeout
[  264.004358][ T5803] cdc_ncm 1-1:1.0: SET_NTB_FORMAT failed
[  264.081267][ T5803] cdc_ncm 1-1:1.0: bind() failure
[  264.100621][ T5803] cdc_ncm 1-1:1.1: CDC Union missing and no IAD found
[  264.100666][ T5803] cdc_ncm 1-1:1.1: bind() failure
[  264.124346][ T5803] usb 1-1: USB disconnect, device number 12
[  264.623714][  T808] cdc_ncm 3-1:1.0: bind() failure
[  264.863562][  T808] cdc_ncm 3-1:1.1: CDC Union missing and no IAD found
[  264.863606][  T808] cdc_ncm 3-1:1.1: bind() failure
[  265.880405][  T808] usb 3-1: USB disconnect, device number 7
[  267.090284][  T808] usb 2-1: new high-speed USB device number 5 using dummy_hcd
[  267.241969][  T808] usb 2-1: config 1 has an invalid descriptor of length 0, skipping remainder of the config
[  267.242015][  T808] usb 2-1: config 1 interface 1 altsetting 1 has 0 endpoint descriptors, different from the interface descriptor's value: 2
[  267.245296][  T808] usb 2-1: New USB device found, idVendor=0525, idProduct=a4a1, bcdDevice= 0.40
[  267.245313][  T808] usb 2-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  267.245332][  T808] usb 2-1: Product: syz
[  267.245347][  T808] usb 2-1: Manufacturer: syz
[  267.245361][  T808] usb 2-1: SerialNumber: syz
[  267.401710][   T43] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface
[  267.502264][   T43] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface
[  267.645696][   T43] bond0 (unregistering): Released all slaves
[  267.711811][  T808] cdc_ncm 2-1:1.0: bind() failure
[  267.757011][  T808] cdc_ncm 2-1:1.1: CDC Union missing and no IAD found
[  267.769711][  T808] cdc_ncm 2-1:1.1: bind() failure
[  269.073827][  T808] usb 2-1: USB disconnect, device number 5
[  269.101697][ T7278] FAULT_INJECTION: forcing a failure.
[  269.101697][ T7278] name failslab, interval 1, probability 0, space 0, times 0
[  269.101727][ T7278] CPU: 1 UID: 0 PID: 7278 Comm: syz.1.289 Not tainted syzkaller #0 PREEMPT_{RT,(full)} 
[  269.101749][ T7278] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 03/18/2026
[  269.101760][ T7278] Call Trace:
[  269.101767][ T7278]  <TASK>
[  269.101775][ T7278]  dump_stack_lvl+0xe8/0x150
[  269.101812][ T7278]  should_fail_ex+0x46b/0x600
[  269.101846][ T7278]  should_failslab+0xa8/0x100
[  269.101868][ T7278]  __kmalloc_cache_noprof+0x84/0x690
[  269.101889][ T7278]  ? call_usermodehelper_setup+0x8e/0x270
[  269.101919][ T7278]  call_usermodehelper_setup+0x8e/0x270
[  269.101942][ T7278]  ? __pfx_free_modprobe_argv+0x10/0x10
[  269.101966][ T7278]  __request_module+0x3ba/0x630
[  269.101991][ T7278]  ? __pfx___request_module+0x10/0x10
[  269.102011][ T7278]  ? rt_read_lock+0x277/0x4b0
[  269.102041][ T7278]  ? rt_read_unlock+0x14f/0x220
[  269.102067][ T7278]  ? rt_read_unlock+0x16d/0x220
[  269.102091][ T7278]  get_fs_type+0x180/0x480
[  269.102110][ T7278]  ? entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  269.102139][ T7278]  __se_sys_fsopen+0x8b/0x2c0
[  269.102159][ T7278]  ? entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  269.102179][ T7278]  do_syscall_64+0x15f/0xf80
[  269.102205][ T7278]  ? trace_irq_disable+0x3b/0x140
[  269.102228][ T7278]  ? clear_bhb_loop+0x40/0x90
[  269.102251][ T7278]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  269.102269][ T7278] RIP: 0033:0x7f5de623c819
[  269.102287][ T7278] Code: ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 e8 ff ff ff f7 d8 64 89 01 48
[  269.102301][ T7278] RSP: 002b:00007f5de4496028 EFLAGS: 00000246 ORIG_RAX: 00000000000001ae
[  269.102320][ T7278] RAX: ffffffffffffffda RBX: 00007f5de64b5fa0 RCX: 00007f5de623c819
[  269.102333][ T7278] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000200000001c80
[  269.102345][ T7278] RBP: 00007f5de4496090 R08: 0000000000000000 R09: 0000000000000000
[  269.102356][ T7278] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000002
[  269.102367][ T7278] R13: 00007f5de64b6038 R14: 00007f5de64b5fa0 R15: 00007ffd9ca863e8
[  269.102396][ T7278]  </TASK>
[  269.801767][ T5803] usb 1-1: new high-speed USB device number 13 using dummy_hcd
[  270.138382][ T7046] hsr_slave_0: entered promiscuous mode
[  270.139503][ T7046] hsr_slave_1: entered promiscuous mode
[  270.238862][ T7046] debugfs: 'hsr0' already exists in 'hsr'
[  270.240494][ T7046] Cannot create hsr debugfs directory
[  271.072215][ T5803] usb 1-1: New USB device found, idVendor=0525, idProduct=a4a1, bcdDevice= 0.40
[  271.072234][ T5803] usb 1-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  271.072246][ T5803] usb 1-1: Product: syz
[  271.072253][ T5803] usb 1-1: Manufacturer: syz
[  271.072260][ T5803] usb 1-1: SerialNumber: syz
[  271.164544][ T7287] A link change request failed with some changes committed already. Interface caif0 may have been left with an inconsistent configuration, please check.
[  271.462750][   T43] hsr_slave_0: left promiscuous mode
[  271.512964][   T43] hsr_slave_1: left promiscuous mode
[  271.519085][   T43] batman_adv: batadv0: Removing interface: batadv_slave_0
[  271.942416][ T5814] Bluetooth: hci0: Opcode 0x1003 failed: -110
[  272.432855][ T7294] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy
[  272.439898][ T7294] misc raw-gadget: fail, usb_gadget_register_driver returned -16
[  272.656590][   T43] batman_adv: batadv0: Removing interface: batadv_slave_1
[  272.820310][  T808] usb 2-1: new high-speed USB device number 6 using dummy_hcd
[  272.985157][  T808] usb 2-1: config 1 has an invalid descriptor of length 0, skipping remainder of the config
[  272.985238][  T808] usb 2-1: config 1 interface 1 altsetting 1 has 0 endpoint descriptors, different from the interface descriptor's value: 2
[  272.988187][  T808] usb 2-1: New USB device found, idVendor=0525, idProduct=a4a1, bcdDevice= 0.40
[  272.988214][  T808] usb 2-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  272.988234][  T808] usb 2-1: Product: syz
[  272.988248][  T808] usb 2-1: Manufacturer: syz
[  272.988262][  T808] usb 2-1: SerialNumber: syz
[  273.979601][ T5803] cdc_ncm 1-1:1.0: SET_NTB_FORMAT failed
[  274.015046][ T5803] cdc_ncm 1-1:1.0: bind() failure
[  274.069064][ T5803] cdc_ncm 1-1:1.1: CDC Union missing and no IAD found
[  274.069097][ T5803] cdc_ncm 1-1:1.1: bind() failure
[  274.229369][ T5803] usb 1-1: USB disconnect, device number 13
[  274.361611][   T43] team0 (unregistering): Port device team_slave_1 removed
[  274.398683][   T43] team0 (unregistering): Port device team_slave_0 removed
[  274.702262][ T7302] A link change request failed with some changes committed already. Interface caif0 may have been left with an inconsistent configuration, please check.
[  275.214544][  T808] cdc_ncm 2-1:1.0: bind() failure
[  275.262319][  T808] cdc_ncm 2-1:1.1: CDC Union missing and no IAD found
[  275.262363][  T808] cdc_ncm 2-1:1.1: bind() failure
[  275.307992][  T808] usb 2-1: USB disconnect, device number 6
[  275.336217][   T37] kauditd_printk_skb: 4 callbacks suppressed
[  275.336242][   T37] audit: type=1326 audit(1776227688.840:606): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=7312 comm="syz.2.298" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7efe9dc3c819 code=0x7ffc0000
[  275.345049][   T37] audit: type=1326 audit(1776227688.840:607): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=7312 comm="syz.2.298" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7efe9dc3c819 code=0x7ffc0000
[  275.345098][   T37] audit: type=1326 audit(1776227688.840:608): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=7312 comm="syz.2.298" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7efe9dc3c819 code=0x7ffc0000
[  275.356180][   T37] audit: type=1326 audit(1776227688.850:609): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=7312 comm="syz.2.298" exe="/root/syz-executor" sig=0 arch=c000003e syscall=257 compat=0 ip=0x7efe9dbfd04e code=0x7ffc0000
[  275.356225][   T37] audit: type=1326 audit(1776227688.860:611): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=7312 comm="syz.2.298" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7efe9dc3c819 code=0x7ffc0000
[  275.356272][   T37] audit: type=1326 audit(1776227688.860:612): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=7312 comm="syz.2.298" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7efe9dc3c819 code=0x7ffc0000
[  275.356308][   T37] audit: type=1326 audit(1776227688.860:613): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=7312 comm="syz.2.298" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7efe9dc3c819 code=0x7ffc0000
[  275.358830][   T37] audit: type=1326 audit(1776227688.860:610): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=7312 comm="syz.2.298" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7efe9dc3c819 code=0x7ffc0000
[  275.359095][   T37] audit: type=1326 audit(1776227688.860:614): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=7312 comm="syz.2.298" exe="/root/syz-executor" sig=0 arch=c000003e syscall=17 compat=0 ip=0x7efe9dc3c819 code=0x7ffc0000
[  275.361719][   T37] audit: type=1326 audit(1776227688.860:615): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=7312 comm="syz.2.298" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7efe9dc3c819 code=0x7ffc0000
[  275.594042][ T7311] A link change request failed with some changes committed already. Interface caif0 may have been left with an inconsistent configuration, please check.
[  278.411085][ T7338] A link change request failed with some changes committed already. Interface caif0 may have been left with an inconsistent configuration, please check.
[  278.931122][ T1928] Bluetooth: hci0: Frame reassembly failed (-90)
[  279.073965][ T7357] FAULT_INJECTION: forcing a failure.
[  279.073965][ T7357] name fail_usercopy, interval 1, probability 0, space 0, times 0
[  279.073987][ T7357] CPU: 1 UID: 0 PID: 7357 Comm: syz.0.309 Not tainted syzkaller #0 PREEMPT_{RT,(full)} 
[  279.074000][ T7357] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 03/18/2026
[  279.074006][ T7357] Call Trace:
[  279.074010][ T7357]  <TASK>
[  279.074015][ T7357]  dump_stack_lvl+0xe8/0x150
[  279.074036][ T7357]  should_fail_ex+0x46b/0x600
[  279.074056][ T7357]  _copy_to_user+0x31/0xb0
[  279.074070][ T7357]  simple_read_from_buffer+0xe1/0x170
[  279.074087][ T7357]  proc_fail_nth_read+0x1be/0x230
[  279.074105][ T7357]  ? __pfx_proc_fail_nth_read+0x10/0x10
[  279.074121][ T7357]  ? rw_verify_area+0x2ac/0x4e0
[  279.074137][ T7357]  ? __pfx_proc_fail_nth_read+0x10/0x10
[  279.074152][ T7357]  vfs_read+0x212/0xa80
[  279.074163][ T7357]  ? rt_spin_unlock+0x160/0x200
[  279.074178][ T7357]  ? __pfx_vfs_read+0x10/0x10
[  279.074191][ T7357]  ? bpf_lsm_socket_connect+0x9/0x20
[  279.074208][ T7357]  ? __sys_connect+0x338/0x450
[  279.074232][ T7357]  ? __pfx___sys_connect+0x10/0x10
[  279.074253][ T7357]  ksys_read+0x156/0x270
[  279.074264][ T7357]  ? __pfx_ksys_read+0x10/0x10
[  279.074278][ T7357]  ? entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  279.074290][ T7357]  do_syscall_64+0x15f/0xf80
[  279.074305][ T7357]  ? trace_irq_disable+0x3b/0x140
[  279.074318][ T7357]  ? clear_bhb_loop+0x40/0x90
[  279.074331][ T7357]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  279.074341][ T7357] RIP: 0033:0x7f80269ed04e
[  279.074352][ T7357] Code: 08 0f 85 a5 a8 ff ff 49 89 fb 48 89 f0 48 89 d7 48 89 ce 4c 89 c2 4d 89 ca 4c 8b 44 24 08 4c 8b 4c 24 10 4c 89 5c 24 08 0f 05 <c3> 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 80 00 00 00 00 48 83 ec 08
[  279.074361][ T7357] RSP: 002b:00007f8024c7dfe8 EFLAGS: 00000246 ORIG_RAX: 0000000000000000
[  279.074373][ T7357] RAX: ffffffffffffffda RBX: 00007f8024c7e6c0 RCX: 00007f80269ed04e
[  279.074381][ T7357] RDX: 000000000000000f RSI: 00007f8024c7e0a0 RDI: 0000000000000005
[  279.074388][ T7357] RBP: 00007f8024c7e090 R08: 0000000000000000 R09: 0000000000000000
[  279.074395][ T7357] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[  279.074401][ T7357] R13: 00007f8026ca6038 R14: 00007f8026ca5fa0 R15: 00007fff87296438
[  279.074417][ T7357]  </TASK>
[  279.130304][  T808] usb 4-1: new high-speed USB device number 6 using dummy_hcd
[  279.425109][  T808] usb 4-1: New USB device found, idVendor=0525, idProduct=a4a1, bcdDevice= 0.40
[  279.425140][  T808] usb 4-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  279.425167][  T808] usb 4-1: Product: syz
[  279.425181][  T808] usb 4-1: Manufacturer: syz
[  279.425193][  T808] usb 4-1: SerialNumber: syz
[  279.800350][ T5872] usb 1-1: new high-speed USB device number 14 using dummy_hcd
[  280.932625][ T5872] usb 1-1: config 1 has an invalid descriptor of length 0, skipping remainder of the config
[  280.932757][ T5872] usb 1-1: config 1 interface 1 altsetting 1 has 0 endpoint descriptors, different from the interface descriptor's value: 2
[  280.960289][ T5120] Bluetooth: hci0: command 0x1003 tx timeout
[  280.965045][ T5814] Bluetooth: hci0: Opcode 0x1003 failed: -110
[  280.981975][ T7367] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy
[  280.982526][ T7367] misc raw-gadget: fail, usb_gadget_register_driver returned -16
[  281.037390][ T5872] usb 1-1: New USB device found, idVendor=0525, idProduct=a4a1, bcdDevice= 0.40
[  281.037474][ T5872] usb 1-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  281.037494][ T5872] usb 1-1: Product: syz
[  281.037507][ T5872] usb 1-1: Manufacturer: syz
[  281.037520][ T5872] usb 1-1: SerialNumber: syz
[  283.197241][  T808] cdc_ncm 4-1:1.0: SET_NTB_FORMAT failed
[  283.221800][  T808] cdc_ncm 4-1:1.0: bind() failure
[  283.408882][ T5872] cdc_ncm 1-1:1.0: bind() failure
[  283.509794][  T808] cdc_ncm 4-1:1.1: CDC Union missing and no IAD found
[  283.509837][  T808] cdc_ncm 4-1:1.1: bind() failure
[  283.528070][ T5872] cdc_ncm 1-1:1.1: CDC Union missing and no IAD found
[  283.528114][ T5872] cdc_ncm 1-1:1.1: bind() failure
[  283.639304][  T808] usb 4-1: USB disconnect, device number 6
[  283.650321][ T5872] usb 1-1: USB disconnect, device number 14
[  283.715910][ T7386] netlink: 28 bytes leftover after parsing attributes in process `syz.0.317'.
[  284.534861][ T5872] hid-generic 0002:0004:0009.0001: unknown main item tag 0x0
[  284.534901][ T5872] hid-generic 0002:0004:0009.0001: unknown main item tag 0x0
[  284.534928][ T5872] hid-generic 0002:0004:0009.0001: unknown main item tag 0x0
[  284.534954][ T5872] hid-generic 0002:0004:0009.0001: unknown main item tag 0x0
[  284.534980][ T5872] hid-generic 0002:0004:0009.0001: unknown main item tag 0x0
[  284.535005][ T5872] hid-generic 0002:0004:0009.0001: unknown main item tag 0x0
[  284.535030][ T5872] hid-generic 0002:0004:0009.0001: unknown main item tag 0x0
[  284.535054][ T5872] hid-generic 0002:0004:0009.0001: unknown main item tag 0x0
[  284.535079][ T5872] hid-generic 0002:0004:0009.0001: unknown main item tag 0x0
[  284.535103][ T5872] hid-generic 0002:0004:0009.0001: unknown main item tag 0x0
[  285.138259][ T5872] hid-generic 0002:0004:0009.0001: hidraw0: <UNKNOWN> HID v0.04 Device [syz0] on syz0
[  285.800369][   T37] kauditd_printk_skb: 62 callbacks suppressed
[  285.800386][   T37] audit: type=1326 audit(1776227699.300:678): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=7407 comm="syz.3.320" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f62e23fc819 code=0x7ffc0000
[  285.800428][   T37] audit: type=1326 audit(1776227699.300:679): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=7407 comm="syz.3.320" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f62e23fc819 code=0x7ffc0000
[  285.806260][   T37] audit: type=1326 audit(1776227699.310:680): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=7407 comm="syz.3.320" exe="/root/syz-executor" sig=0 arch=c000003e syscall=41 compat=0 ip=0x7f62e23fc819 code=0x7ffc0000
[  285.806312][   T37] audit: type=1326 audit(1776227699.310:681): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=7407 comm="syz.3.320" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f62e23fc819 code=0x7ffc0000
[  285.822894][   T37] audit: type=1326 audit(1776227699.330:682): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=7407 comm="syz.3.320" exe="/root/syz-executor" sig=0 arch=c000003e syscall=54 compat=0 ip=0x7f62e23fc819 code=0x7ffc0000
[  285.822942][   T37] audit: type=1326 audit(1776227699.330:683): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=7407 comm="syz.3.320" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f62e23fc819 code=0x7ffc0000
[  285.822980][   T37] audit: type=1326 audit(1776227699.330:684): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=7407 comm="syz.3.320" exe="/root/syz-executor" sig=0 arch=c000003e syscall=41 compat=0 ip=0x7f62e23fc819 code=0x7ffc0000
[  285.823018][   T37] audit: type=1326 audit(1776227699.330:685): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=7407 comm="syz.3.320" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f62e23fc819 code=0x7ffc0000
[  285.823054][   T37] audit: type=1326 audit(1776227699.330:686): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=7407 comm="syz.3.320" exe="/root/syz-executor" sig=0 arch=c000003e syscall=257 compat=0 ip=0x7f62e23bd04e code=0x7ffc0000
[  285.823090][   T37] audit: type=1326 audit(1776227699.330:687): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=7407 comm="syz.3.320" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f62e23fc819 code=0x7ffc0000
[  288.924983][ T7046] netdevsim netdevsim5 netdevsim0: renamed from eth0
[  288.940291][ T5888] usb 1-1: new high-speed USB device number 15 using dummy_hcd
[  288.967969][ T7046] netdevsim netdevsim5 netdevsim1: renamed from eth1
[  289.125876][ T5802] usb 2-1: new high-speed USB device number 7 using dummy_hcd
[  289.140327][  T808] usb 3-1: new high-speed USB device number 8 using dummy_hcd
[  289.370263][ T5888] usb 1-1: Using ep0 maxpacket: 32
[  290.136731][ T5888] usb 1-1: unable to get BOS descriptor or descriptor too short
[  290.142327][ T5888] usb 1-1: New USB device found, idVendor=1235, idProduct=8214, bcdDevice= 0.40
[  290.142355][ T5888] usb 1-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  290.142375][ T5888] usb 1-1: Product: syz
[  290.142389][ T5888] usb 1-1: Manufacturer: syz
[  290.142403][ T5888] usb 1-1: SerialNumber: syz
[  290.188212][ T5802] usb 2-1: config 1 has an invalid descriptor of length 0, skipping remainder of the config
[  290.188290][ T5802] usb 2-1: config 1 interface 1 altsetting 1 has 0 endpoint descriptors, different from the interface descriptor's value: 2
[  290.222778][ T5802] usb 2-1: New USB device found, idVendor=0525, idProduct=a4a1, bcdDevice= 0.40
[  290.222816][ T5802] usb 2-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  290.222827][ T5802] usb 2-1: Product: syz
[  290.222842][ T5802] usb 2-1: Manufacturer: syz
[  290.222849][ T5802] usb 2-1: SerialNumber: syz
[  290.317272][ T7046] netdevsim netdevsim5 netdevsim2: renamed from eth2
[  290.437899][  T808] usb 3-1: New USB device found, idVendor=0525, idProduct=a4a1, bcdDevice= 0.40
[  290.437929][  T808] usb 3-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  290.437950][  T808] usb 3-1: Product: syz
[  290.437963][  T808] usb 3-1: Manufacturer: syz
[  290.437977][  T808] usb 3-1: SerialNumber: syz
[  290.747882][ T5888] usb 1-1: 1:1 : incorrect wMaxPacketSize for BADD profile
[  290.767722][ T5888] usb 1-1: incorrect wMaxPacketSize 0x3ff for BADD profile
[  290.958023][ T7046] netdevsim netdevsim5 netdevsim3: renamed from eth3
[  292.228259][ T7440] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy
[  292.228847][ T7440] misc raw-gadget: fail, usb_gadget_register_driver returned -16
[  292.514060][ T5802] cdc_ncm 2-1:1.0: bind() failure
[  292.609543][ T5802] cdc_ncm 2-1:1.1: CDC Union missing and no IAD found
[  292.609590][ T5802] cdc_ncm 2-1:1.1: bind() failure
[  292.864304][ T5802] usb 2-1: USB disconnect, device number 7
[  293.133570][ T5888] snd-usb-audio 1-1:1.0: probe with driver snd-usb-audio failed with error -22
[  293.267026][ T5888] usb 1-1: USB disconnect, device number 15
[  293.542460][  T808] cdc_ncm 3-1:1.0: SET_NTB_FORMAT failed
[  293.592315][  T808] cdc_ncm 3-1:1.0: bind() failure
[  293.623188][ T5970] udevd[5970]: error opening ATTR{/sys/devices/platform/dummy_hcd.0/usb1/1-1/1-1:1.0/sound/card3/controlC3/../uevent} for writing: No such file or directory
[  293.651458][  T808] cdc_ncm 3-1:1.1: CDC Union missing and no IAD found
[  293.651504][  T808] cdc_ncm 3-1:1.1: bind() failure
[  293.696217][  T808] usb 3-1: USB disconnect, device number 8
[  293.895392][ T7046] 8021q: adding VLAN 0 to HW filter on device bond0
[  294.028012][ T7046] 8021q: adding VLAN 0 to HW filter on device team0
[  294.074203][   T67] bridge0: port 1(bridge_slave_0) entered blocking state
[  294.074278][   T67] bridge0: port 1(bridge_slave_0) entered forwarding state
[  294.096909][   T43] bridge0: port 2(bridge_slave_1) entered blocking state
[  294.096982][   T43] bridge0: port 2(bridge_slave_1) entered forwarding state
[  296.180447][  T808] usb 1-1: new high-speed USB device number 16 using dummy_hcd
[  296.330231][  T808] usb 1-1: Using ep0 maxpacket: 32
[  296.332687][  T808] usb 1-1: unable to get BOS descriptor or descriptor too short
[  296.356058][  T808] usb 1-1: New USB device found, idVendor=1235, idProduct=8214, bcdDevice= 0.40
[  296.356087][  T808] usb 1-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  296.356108][  T808] usb 1-1: Product: syz
[  296.356123][  T808] usb 1-1: Manufacturer: syz
[  296.356137][  T808] usb 1-1: SerialNumber: syz
[  297.276396][ T7046] 8021q: adding VLAN 0 to HW filter on device batadv0
[  299.115145][ T5871] usb 2-1: new high-speed USB device number 8 using dummy_hcd
[  299.173997][  T808] usb 1-1: 1:1 : incorrect wMaxPacketSize for BADD profile
[  299.176072][  T808] usb 1-1: incorrect wMaxPacketSize 0x3ff for BADD profile
[  299.310509][ T5871] usb 2-1: Using ep0 maxpacket: 32
[  299.326005][ T5871] usb 2-1: unable to get BOS descriptor or descriptor too short
[  299.347916][ T5871] usb 2-1: New USB device found, idVendor=1235, idProduct=8214, bcdDevice= 0.40
[  299.347945][ T5871] usb 2-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  299.347962][ T5871] usb 2-1: Product: syz
[  299.347976][ T5871] usb 2-1: Manufacturer: syz
[  299.347992][ T5871] usb 2-1: SerialNumber: syz
[  300.535328][ T7495] netlink: 56 bytes leftover after parsing attributes in process `syz.3.338'.
[  300.536081][ T7495] netlink: 56 bytes leftover after parsing attributes in process `syz.3.338'.
[  300.562140][ T5871] usb 2-1: can't set config #1, error -71
[  300.617565][  T808] snd-usb-audio 1-1:1.0: probe with driver snd-usb-audio failed with error -22
[  300.639236][ T5871] usb 2-1: USB disconnect, device number 8
[  300.686115][  T808] usb 1-1: USB disconnect, device number 16
[  300.892586][ T5970] udevd[5970]: error opening ATTR{/sys/devices/platform/dummy_hcd.0/usb1/1-1/1-1:1.0/sound/card3/controlC3/../uevent} for writing: No such file or directory
[  301.328052][ T5120] Bluetooth: hci0: unexpected cc 0x0c03 length: 249 > 1
[  301.390977][   T36] usb 3-1: new high-speed USB device number 9 using dummy_hcd
[  302.150627][ T7507] overlayfs: statfs failed on './file0'
[  302.182292][ T5120] Bluetooth: hci0: unexpected cc 0x1003 length: 249 > 9
[  302.183499][ T5120] Bluetooth: hci0: unexpected cc 0x1001 length: 249 > 9
[  302.184968][ T5120] Bluetooth: hci0: unexpected cc 0x0c23 length: 249 > 4
[  302.185733][ T5120] Bluetooth: hci0: unexpected cc 0x0c38 length: 249 > 2
[  302.464598][   T36] usb 3-1: config 1 has an invalid descriptor of length 0, skipping remainder of the config
[  302.464676][   T36] usb 3-1: config 1 interface 1 altsetting 1 has 0 endpoint descriptors, different from the interface descriptor's value: 2
[  302.520224][   T36] usb 3-1: New USB device found, idVendor=0525, idProduct=a4a1, bcdDevice= 0.40
[  302.520250][   T36] usb 3-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  302.520268][   T36] usb 3-1: Product: syz
[  302.520279][   T36] usb 3-1: Manufacturer: syz
[  302.520290][   T36] usb 3-1: SerialNumber: syz
[  302.632225][  T808] ------------[ cut here ]------------
[  302.632239][  T808] workqueue: cannot queue hci_conn_timeout on wq hci5
[  302.632275][  T808] WARNING: kernel/workqueue.c:2283 at __queue_work+0xd5c/0x1010, CPU#0: kworker/0:2/808
[  302.632312][  T808] Modules linked in:
[  302.632334][  T808] CPU: 0 UID: 0 PID: 808 Comm: kworker/0:2 Not tainted syzkaller #0 PREEMPT_{RT,(full)} 
[  302.632356][  T808] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 03/18/2026
[  302.632367][  T808] Workqueue: events l2cap_chan_timeout
[  302.632394][  T808] RIP: 0010:__queue_work+0xd87/0x1010
[  302.632419][  T808] Code: 83 c5 18 4c 89 e8 48 c1 e8 03 42 80 3c 20 00 74 08 4c 89 ef e8 5a 0a 9d 00 49 8b 75 00 49 81 c7 68 01 00 00 4c 89 f7 4c 89 fa <67> 48 0f b9 3a 48 83 c4 58 5b 41 5c 41 5d 41 5e 41 5f 5d c3 cc cc
[  302.632432][  T808] RSP: 0018:ffffc900057278a8 EFLAGS: 00010082
[  302.632446][  T808] RAX: 1ffff1100c19495b RBX: 0000000000000008 RCX: ffff888025ed0000
[  302.632458][  T808] RDX: ffff888064566168 RSI: ffffffff8a156d20 RDI: ffffffff8f6d5910
[  302.632471][  T808] RBP: 0000000000000020 R08: 0000000000000000 R09: 0000000000000000
[  302.632482][  T808] R10: dffffc0000000000 R11: ffffed100c194959 R12: dffffc0000000000
[  302.632499][  T808] R13: ffff888060ca4ad8 R14: ffffffff8f6d5910 R15: ffff888064566168
[  302.632512][  T808] FS:  0000000000000000(0000) GS:ffff888126338000(0000) knlGS:0000000000000000
[  302.632528][  T808] CS:  0010 DS: 0000 ES: 0000 CR0: 0000000080050033
[  302.632540][  T808] CR2: 00007fffb991fa30 CR3: 0000000040d4e000 CR4: 00000000003526f0
[  302.632557][  T808] Call Trace:
[  302.632564][  T808]  <TASK>
[  302.632577][  T808]  ? rcu_is_watching+0x15/0xb0
[  302.632597][  T808]  ? __queue_delayed_work+0xe1/0x2d0
[  302.632627][  T808]  queue_delayed_work_on+0x11a/0x1e0
[  302.632662][  T808]  l2cap_chan_del+0x285/0x610
[  302.632692][  T808]  l2cap_chan_close+0x4d7/0x770
[  302.632721][  T808]  ? __pfx_l2cap_chan_close+0x10/0x10
[  302.632752][  T808]  ? lockdep_hardirqs_on+0x7a/0x110
[  302.632780][  T808]  ? _raw_spin_unlock_irqrestore+0x4c/0x80
[  302.632808][  T808]  ? mutex_lock_nested+0x152/0x1d0
[  302.632828][  T808]  ? l2cap_chan_timeout+0xa0/0x3b0
[  302.632855][  T808]  l2cap_chan_timeout+0x158/0x3b0
[  302.632877][  T808]  ? process_scheduled_works+0xa70/0x1860
[  302.632904][  T808]  process_scheduled_works+0xb5d/0x1860
[  302.632958][  T808]  ? __pfx_process_scheduled_works+0x10/0x10
[  302.632989][  T808]  ? assign_work+0x3d5/0x5e0
[  302.633020][  T808]  worker_thread+0xa53/0xfc0
[  302.633073][  T808]  kthread+0x388/0x470
[  302.633093][  T808]  ? __pfx_worker_thread+0x10/0x10
[  302.633115][  T808]  ? __pfx_kthread+0x10/0x10
[  302.633136][  T808]  ret_from_fork+0x514/0xb70
[  302.633166][  T808]  ? __pfx_ret_from_fork+0x10/0x10
[  302.633192][  T808]  ? __switch_to+0xc79/0x1410
[  302.633219][  T808]  ? __pfx_kthread+0x10/0x10
[  302.633240][  T808]  ret_from_fork_asm+0x1a/0x30
[  302.633275][  T808]  </TASK>
[  302.633285][  T808] Kernel panic - not syncing: kernel: panic_on_warn set ...
[  302.633300][  T808] CPU: 0 UID: 0 PID: 808 Comm: kworker/0:2 Not tainted syzkaller #0 PREEMPT_{RT,(full)} 
[  302.633321][  T808] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 03/18/2026
[  302.633334][  T808] Workqueue: events l2cap_chan_timeout
[  302.633357][  T808] Call Trace:
[  302.633365][  T808]  <TASK>
[  302.633372][  T808]  vpanic+0x56c/0xa60
[  302.633402][  T808]  ? __pfx__printk+0x10/0x10
[  302.633423][  T808]  ? __pfx_vpanic+0x10/0x10
[  302.633447][  T808]  ? is_bpf_text_address+0x292/0x2b0
[  302.633475][  T808]  ? is_bpf_text_address+0x26/0x2b0
[  302.633509][  T808]  panic+0xc5/0xd0
[  302.633535][  T808]  ? __pfx_panic+0x10/0x10
[  302.633572][  T808]  ? ret_from_fork_asm+0x1a/0x30
[  302.633596][  T808]  __warn+0x315/0x4c0
[  302.633622][  T808]  ? __queue_work+0xd5c/0x1010
[  302.633649][  T808]  ? __queue_work+0xd5c/0x1010
[  302.633677][  T808]  __report_bug+0x29a/0x540
[  302.633704][  T808]  ? __queue_work+0xd5c/0x1010
[  302.633730][  T808]  ? __pfx___report_bug+0x10/0x10
[  302.633764][  T808]  ? __pfx_hci_conn_timeout+0x10/0x10
[  302.633795][  T808]  ? do_raw_spin_lock+0x12b/0x2f0
[  302.633829][  T808]  report_bug_entry+0x19a/0x290
[  302.633856][  T808]  ? __queue_work+0xd87/0x1010
[  302.633877][  T808]  ? __queue_work+0xd8c/0x1010
[  302.633901][  T808]  handle_bug+0xce/0x200
[  302.633920][  T808]  exc_invalid_op+0x1a/0x50
[  302.633937][  T808]  asm_exc_invalid_op+0x1a/0x20
[  302.633955][  T808] RIP: 0010:__queue_work+0xd87/0x1010
[  302.633982][  T808] Code: 83 c5 18 4c 89 e8 48 c1 e8 03 42 80 3c 20 00 74 08 4c 89 ef e8 5a 0a 9d 00 49 8b 75 00 49 81 c7 68 01 00 00 4c 89 f7 4c 89 fa <67> 48 0f b9 3a 48 83 c4 58 5b 41 5c 41 5d 41 5e 41 5f 5d c3 cc cc
[  302.633998][  T808] RSP: 0018:ffffc900057278a8 EFLAGS: 00010082
[  302.634012][  T808] RAX: 1ffff1100c19495b RBX: 0000000000000008 RCX: ffff888025ed0000
[  302.634025][  T808] RDX: ffff888064566168 RSI: ffffffff8a156d20 RDI: ffffffff8f6d5910
[  302.634039][  T808] RBP: 0000000000000020 R08: 0000000000000000 R09: 0000000000000000
[  302.634049][  T808] R10: dffffc0000000000 R11: ffffed100c194959 R12: dffffc0000000000
[  302.634062][  T808] R13: ffff888060ca4ad8 R14: ffffffff8f6d5910 R15: ffff888064566168
[  302.634084][  T808]  ? __pfx_hci_conn_timeout+0x10/0x10
[  302.634109][  T808]  ? __queue_work+0xfcf/0x1010
[  302.634140][  T808]  ? rcu_is_watching+0x15/0xb0
[  302.634160][  T808]  ? __queue_delayed_work+0xe1/0x2d0
[  302.634189][  T808]  queue_delayed_work_on+0x11a/0x1e0
[  302.634222][  T808]  l2cap_chan_del+0x285/0x610
[  302.634251][  T808]  l2cap_chan_close+0x4d7/0x770
[  302.634278][  T808]  ? __pfx_l2cap_chan_close+0x10/0x10
[  302.634302][  T808]  ? lockdep_hardirqs_on+0x7a/0x110
[  302.634328][  T808]  ? _raw_spin_unlock_irqrestore+0x4c/0x80
[  302.634370][  T808]  ? mutex_lock_nested+0x152/0x1d0
[  302.634391][  T808]  ? l2cap_chan_timeout+0xa0/0x3b0
[  302.634416][  T808]  l2cap_chan_timeout+0x158/0x3b0
[  302.634438][  T808]  ? process_scheduled_works+0xa70/0x1860
[  302.634467][  T808]  process_scheduled_works+0xb5d/0x1860
[  302.634520][  T808]  ? __pfx_process_scheduled_works+0x10/0x10
[  302.634553][  T808]  ? assign_work+0x3d5/0x5e0
[  302.634585][  T808]  worker_thread+0xa53/0xfc0
[  302.634637][  T808]  kthread+0x388/0x470
[  302.634657][  T808]  ? __pfx_worker_thread+0x10/0x10
[  302.634681][  T808]  ? __pfx_kthread+0x10/0x10
[  302.634701][  T808]  ret_from_fork+0x514/0xb70
[  302.634730][  T808]  ? __pfx_ret_from_fork+0x10/0x10
[  302.634763][  T808]  ? __switch_to+0xc79/0x1410
[  302.634789][  T808]  ? __pfx_kthread+0x10/0x10
[  302.634808][  T808]  ret_from_fork_asm+0x1a/0x30
[  302.634842][  T808]  </TASK>
[  302.635168][  T808] Kernel Offset: disabled