last executing test programs:

3m9.291794913s ago: executing program 2 (id=2529):
r0 = socket$netlink(0x10, 0x3, 0x10)
sendmsg$nl_generic(r0, &(0x7f0000000100)={0x0, 0x0, &(0x7f0000000040)={&(0x7f00000003c0)=ANY=[@ANYBLOB="200000002e00090027bd700000201000040000000c0018000bac0f0006ac0f"], 0x20}, 0x1, 0x0, 0x0, 0x20042894}, 0x0)

3m8.920562265s ago: executing program 2 (id=2530):
munmap(&(0x7f0000001000/0x3000)=nil, 0x3000)
r0 = openat$sequencer(0xffffffffffffff9c, &(0x7f0000000040), 0xa8002, 0x0)
write$P9_RSTATu(r0, &(0x7f0000000dc0)=ANY=[@ANYBLOB="a40700007d044000051a040000400000002002000000060000000000200000003101000000000c0000000000000000000000c301046e6f645a3dbf6460d2c297442c0237fc6225ffffff8005000000000000ff03ff92e91600050000002c93cb3db6c231d119aaa16f75c58fa6889ff3c8f7abc61b59a1d26f0c4af8e293d3f86ccdc66ff57be90000000000000003d5892d8efebb9e05ac0a6bc529607ac68a3813afe79e85636afd6c5d15b2aebbb7ee3b1eae8affbe2e85887314cbecf0a1a512347a8c15b320d1e1c010557aaa77165e51603230385e7c000100ac42330044a9083de5bed8e0bd28682294f638c38e25aa7bd0237f65dbd624ee955f7da78ee19649373f30e3f7b964f0a266c3ac9e507753a3c403c87bf14a7687259168b45bbd7a1fd8600ea12e00dbfe4c9b686c0d62d9e674b814c7ecd72fbe1afe1c1b6b52b4a75a1c821893f7f47c3c50718cc31cb963b0abbff990869396c145f8f6e9eb2dee2c63f488e1e13bb6bb8ba6772382e6a5e8754799f97fa7dc865058c1863da60d4db5ff45dcfdda7cbcdbba4948d04fee7eb06dd4e2848735abf3f8a60faf13c9a646323453a02c7f09a3f60e5694626e6320f1b82674ceb8f54149dce02555368798a9dc0c4d4265b946afc52acbdaf4faca436e2ee8a9b01ed081d1a1acc223ff5d51db027cec2fe0318e22ad503a9435bb99017002007dfa673effeb09b5351f5bde0540000000ca595fcb14034354b9fd9ef196a51cd5157adc8106b494e148ea978baba0fe35b365dc8169ea90b2cdef60103709d4e0d63115704cbac260a7e80e04692844dd5a3e6e7b1edcc7eb4b8946a5219db294e1b67c4a0450e3816358b2715dba60c8ccf0b28d69f114ffffcceb3f6246e3ba44797334f55ff77582a6b704e74860d0ca05592d76c8996dd59b8008262e6b38eda77ab9"], 0x7a4)

3m8.604118078s ago: executing program 2 (id=2533):
r0 = socket$netlink(0x10, 0x3, 0x0)
prctl$PR_SET_MM_MAP(0x23, 0xe, &(0x7f0000000080)={&(0x7f0000ff7000/0x1000)=nil, &(0x7f0000ff1000/0xf000)=nil, &(0x7f0000ff1000/0x2000)=nil, &(0x7f0000ff5000/0x3000)=nil, &(0x7f0000ff8000/0x4000)=nil, &(0x7f0000ff8000/0x3000)=nil, &(0x7f0000ffd000/0x3000)=nil, &(0x7f0000ffb000/0x3000)=nil, &(0x7f0000ff5000/0x1000)=nil, &(0x7f0000ffa000/0x1000)=nil, &(0x7f0000ffa000/0x2000)=nil, 0x0}, 0x68)
fsopen(&(0x7f0000000000)='selinuxfs\x00', 0x0)
sendmsg$NFT_BATCH(0xffffffffffffffff, &(0x7f0000000080)={0x0, 0x0, 0x0}, 0x24004045)
io_uring_setup(0x524, &(0x7f0000000040)={0x0, 0x3cb1, 0x1c080, 0xa, 0x20002f7})
sendmsg$nl_route(r0, &(0x7f0000000640)={0x0, 0x0, &(0x7f0000000240)={&(0x7f0000000080)=ANY=[@ANYBLOB="2c00000015000504e1ff4319918e00352d"], 0x2c}}, 0x60040050)
openat$nci(0xffffffffffffff9c, &(0x7f0000000100), 0x2, 0x0)

3m7.980353985s ago: executing program 2 (id=2537):
r0 = socket$nl_netfilter(0x10, 0x3, 0xc)
sendmsg$NFT_BATCH(r0, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000040)={&(0x7f0000000100)=ANY=[@ANYBLOB="140000001000010000000000000000000000000a20000000000a03000000000000010000070000000900010073797a30000000005c000000090a010400000000000000000700000008000a40000000000900020073797a31000000000900010073797a30000000000800054000000021200011800e000100636f6e6e6c696d69740000000c00028008000140fffffff73c0000000c0a01010000000000000000070400000900020073797a31000000000900010073797a3000000000100003800c0000800800034000000002"], 0xe0}, 0x1, 0x0, 0x0, 0x800}, 0x0)

3m7.483713534s ago: executing program 2 (id=2540):
r0 = socket$nl_route(0x10, 0x3, 0x0)
sendmsg$nl_route(r0, &(0x7f0000000040)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000080)=ANY=[@ANYBLOB="2000000076000d0b2abd7008fddbd725030000000000000008000100fd"], 0x20}}, 0x300480fd)

3m7.144421711s ago: executing program 2 (id=2541):
syz_usb_connect$hid(0x0, 0x36, 0x0, 0x0)
r0 = socket$nl_netfilter(0x10, 0x3, 0xc)
sendmsg$NFT_BATCH(r0, &(0x7f000000c2c0)={0x0, 0x0, &(0x7f0000000200)={&(0x7f0000000300)={{0x14}, [@NFT_MSG_NEWTABLE={0x20, 0x0, 0xa, 0x7, 0x0, 0x0, {0x2}, [@NFTA_TABLE_NAME={0x9, 0x1, 'syz0\x00'}]}, @NFT_MSG_NEWCHAIN={0x3c, 0x3, 0xa, 0x201, 0x0, 0x0, {0x2}, [@NFTA_CHAIN_TABLE={0x9, 0x1, 'syz0\x00'}, @NFTA_CHAIN_USERDATA={0x1a, 0x3, "91abc12404cf378042f26c43f91f68d8a90767c0bc71"}]}, @NFT_MSG_DELTABLE={0x14, 0x2, 0xa, 0x9}], {0x14}}, 0x98}}, 0x0)
r1 = syz_io_uring_setup(0x10d2, &(0x7f0000000480)={0x0, 0x107734, 0x80, 0x0, 0x34f}, &(0x7f00000000c0)=<r2=>0x0, &(0x7f0000000080)=<r3=>0x0)
syz_memcpy_off$IO_URING_METADATA_GENERIC(r2, 0x4, &(0x7f0000000180)=0xfffffffc, 0x0, 0x4)
mprotect(&(0x7f0000000000/0x800000)=nil, 0x800000, 0x5)
syz_io_uring_submit(r2, r3, &(0x7f0000000200)=@IORING_OP_POLL_REMOVE={0x7, 0x50, 0x0, 0x0, 0x0, 0x23456, 0x0, 0x0, 0x1})
io_uring_enter(r1, 0x47bc, 0xfac7, 0x0, 0x0, 0x0)

2m52.099564973s ago: executing program 32 (id=2541):
syz_usb_connect$hid(0x0, 0x36, 0x0, 0x0)
r0 = socket$nl_netfilter(0x10, 0x3, 0xc)
sendmsg$NFT_BATCH(r0, &(0x7f000000c2c0)={0x0, 0x0, &(0x7f0000000200)={&(0x7f0000000300)={{0x14}, [@NFT_MSG_NEWTABLE={0x20, 0x0, 0xa, 0x7, 0x0, 0x0, {0x2}, [@NFTA_TABLE_NAME={0x9, 0x1, 'syz0\x00'}]}, @NFT_MSG_NEWCHAIN={0x3c, 0x3, 0xa, 0x201, 0x0, 0x0, {0x2}, [@NFTA_CHAIN_TABLE={0x9, 0x1, 'syz0\x00'}, @NFTA_CHAIN_USERDATA={0x1a, 0x3, "91abc12404cf378042f26c43f91f68d8a90767c0bc71"}]}, @NFT_MSG_DELTABLE={0x14, 0x2, 0xa, 0x9}], {0x14}}, 0x98}}, 0x0)
r1 = syz_io_uring_setup(0x10d2, &(0x7f0000000480)={0x0, 0x107734, 0x80, 0x0, 0x34f}, &(0x7f00000000c0)=<r2=>0x0, &(0x7f0000000080)=<r3=>0x0)
syz_memcpy_off$IO_URING_METADATA_GENERIC(r2, 0x4, &(0x7f0000000180)=0xfffffffc, 0x0, 0x4)
mprotect(&(0x7f0000000000/0x800000)=nil, 0x800000, 0x5)
syz_io_uring_submit(r2, r3, &(0x7f0000000200)=@IORING_OP_POLL_REMOVE={0x7, 0x50, 0x0, 0x0, 0x0, 0x23456, 0x0, 0x0, 0x1})
io_uring_enter(r1, 0x47bc, 0xfac7, 0x0, 0x0, 0x0)

13.304726331s ago: executing program 4 (id=3096):
syz_usb_connect(0x0, 0x0, 0x0, 0x0)
r0 = socket$nl_generic(0x10, 0x3, 0x10)
r1 = openat$tun(0xffffffffffffff9c, &(0x7f0000000240), 0x0, 0x0)
ioctl$TUNSETIFF(r1, 0x400454ca, &(0x7f0000000040)={'syzkaller0\x00', 0x7101})
socket$nl_route(0x10, 0x3, 0x0)
socket$nl_route(0x10, 0x3, 0x0)
r2 = socket$unix(0x1, 0x1, 0x0)
ioctl$sock_SIOCGIFINDEX(r2, 0x8933, 0x0)
socket(0xa, 0x3, 0x3a)
socketpair$unix(0x1, 0x3, 0x0, &(0x7f0000000080)={<r3=>0xffffffffffffffff, <r4=>0xffffffffffffffff})
connect$unix(r3, 0x0, 0x0)
sendmmsg$unix(r4, &(0x7f00000bd000), 0x318, 0x0)
recvmmsg(r3, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
sched_setattr(0x0, &(0x7f0000000280)={0x38, 0x6, 0x8, 0x8001, 0x0, 0x9, 0x4, 0xfffffe0000000001, 0xfa14, 0xffffffff}, 0x0)
r5 = openat$fb0(0xffffffffffffff9c, 0x0, 0x101800, 0x0)
ioctl$FBIOBLANK(r5, 0x4611, 0x3)
sched_setattr(0x0, &(0x7f0000000100)={0x38, 0x5, 0x0, 0x0, 0x800, 0xb49, 0x2, 0x8, 0x0, 0xfffffff9}, 0x0)
ioprio_get$uid(0x3, 0x0)
pread64(0xffffffffffffffff, 0x0, 0x0, 0x97)
openat$binder_debug(0xffffffffffffff9c, &(0x7f0000002780)='/sys/kernel/debug/binder/transactions\x00', 0x0, 0x0)
syz_genetlink_get_family_id$ethtool(&(0x7f0000000040), r0)
openat$procfs(0xffffffffffffff9c, &(0x7f0000000440)='/proc/mdstat\x00', 0x1800, 0x0)
r6 = syz_io_uring_setup(0xbdc, &(0x7f0000000640)={0x0, 0xec25, 0x400, 0x0, 0x40000333}, &(0x7f00000006c0)=<r7=>0x0, &(0x7f00000001c0)=<r8=>0x0)
syz_memcpy_off$IO_URING_METADATA_GENERIC(r7, 0x4, &(0x7f0000000180)=0xfffffffc, 0x0, 0x4)
syz_io_uring_submit(r7, r8, &(0x7f0000000200)=@IORING_OP_READV=@pass_iovec={0x1, 0x0, 0x0, @fd_index=0x4, 0x0, &(0x7f0000000100)=[{&(0x7f0000000240)=""/216, 0xd8}, {0x0}], 0x2})
io_uring_enter(r6, 0x847ba, 0x0, 0xf, 0x0, 0x0)

12.185322783s ago: executing program 3 (id=3102):
r0 = socket$inet6_tcp(0xa, 0x1, 0x0)
sched_setattr(0x0, 0x0, 0x0)
fsetxattr$security_capability(0xffffffffffffffff, 0x0, 0x0, 0x0, 0x1)
r1 = socket$nl_xfrm(0x10, 0x3, 0x6)
sendmsg$nl_xfrm(r1, 0x0, 0x0)
r2 = socket$nl_xfrm(0x10, 0x3, 0x6)
sendmsg$nl_xfrm(r2, &(0x7f0000000380)={0x0, 0x0, &(0x7f0000000340)={&(0x7f00000005c0)=ANY=[@ANYBLOB="d001000021000101a800000004000000ff010000000000000000000000000001fc02000000000000000000000000000000000000000000000a00000000000000", @ANYRES32=0x0, @ANYRES32=0x0, @ANYBLOB="000000000000000080011100fe8000000000000000000000000000bbac1e000100000000000000000000000020010000000000000010000000000000fe8800000000000000000000000001012b0200000135000002000200e0000001000000000000000000000000ac1414aa000000000000000000000000fc020000000000000000000000000000fe88000000000000000000000000000133030000ff34000002000200fc010000000000000000000000000001fe800000000000000000000000000035ac1414aa000000000000000000000000fc0200000000000000000000000000013c000000000000000a0008000a01010200000000000000000000000000000000000000000000000000000000e0000002000000000000000000000000fe8000000000000029cbae1b0000003f3c0000000535000002000a007f000001000000000000000000000000fe8000000000000000000000000000bbfc010000000000000000000000000001fc00000000000000000000000000000133040000033500000a"], 0x1d0}}, 0x0)
bind$tipc(0xffffffffffffffff, &(0x7f0000000180)=@nameseq={0x1e, 0x1, 0x0, {0x42, 0x1, 0x5}}, 0x10)
setsockopt$inet6_tcp_TCP_ULP(r0, 0x6, 0x1f, &(0x7f00000000c0), 0x4)
setsockopt$inet6_tcp_TCP_REPAIR_QUEUE(r0, 0x6, 0x14, &(0x7f0000000080)=0x1, 0x4)
syz_open_dev$video4linux(&(0x7f0000000180), 0x101, 0x20000)

11.796248675s ago: executing program 5 (id=3104):
syz_open_dev$video(&(0x7f0000000300), 0x9, 0x0)
r0 = openat$adsp1(0xffffffffffffff9c, &(0x7f0000000180), 0x2, 0x0)
ioctl$SNDCTL_DSP_SETFMT(r0, 0xc0045005, &(0x7f0000000640)=0x10)
r1 = syz_usb_connect(0x0, 0x36, &(0x7f0000000280)={{0x12, 0x1, 0x141, 0xf2, 0xc5, 0x96, 0x20, 0x16d0, 0x10b8, 0xde8e, 0x1, 0x2, 0x3, 0x1, [{{0x9, 0x2, 0x24, 0x1, 0x0, 0x0, 0x10, 0x0, [{{0x9, 0x4, 0x0, 0x2, 0x2, 0x0, 0x83, 0xec, 0x0, [], [{{0x9, 0x5, 0x6, 0x2, 0x200, 0x2, 0x0, 0xa}}, {{0x9, 0x5, 0x82, 0x2, 0x200, 0x0, 0x1, 0x10}}]}}]}}]}}, 0x0)
syz_usb_control_io$uac1(r1, 0x0, 0x0)
syz_usb_control_io$hid(r1, 0x0, &(0x7f00000004c0)={0x2c, &(0x7f00000002c0)=ANY=[@ANYBLOB="40157a"], 0x0, 0x0, 0x0, 0x0})
syz_usb_control_io$printer(r1, 0x0, &(0x7f0000000e40)={0x34, &(0x7f0000000c40)={0x40, 0x30, 0x28, "ab9fda4d840d08dd1ce4cfda9a75902d05eeb700bcd403ef1dff4ea565c78e67664c1a624043f850"}, 0x0, 0x0, 0x0, 0x0, 0x0})
r2 = socket$netlink(0x10, 0x3, 0x10)
bind$netlink(r2, &(0x7f0000514ff4)={0x10, 0x0, 0x0, 0x2ffffffff}, 0xc)
setsockopt$sock_int(r2, 0x1, 0x8, &(0x7f0000000000), 0x4)
setsockopt$netlink_NETLINK_BROADCAST_ERROR(r2, 0x10e, 0x4, &(0x7f0000000100)=0x1800, 0x4)
r3 = socket$inet6_mptcp(0xa, 0x1, 0x106)
bind$inet6(r3, &(0x7f0000000040)={0xa, 0x4e22, 0x0, @empty, 0x7}, 0x1c)
listen(r3, 0xfffffffc)
r4 = socket$nl_generic(0x10, 0x3, 0x10)
r5 = syz_genetlink_get_family_id$mptcp(&(0x7f0000000040), 0xffffffffffffffff)
r6 = socket$inet_mptcp(0x2, 0x1, 0x106)
connect$inet(r6, &(0x7f0000000000)={0x2, 0x4e22, @local}, 0x10)
r7 = socket$nl_route(0x10, 0x3, 0x0)
syz_usb_control_io(0xffffffffffffffff, 0x0, 0x0)
syz_usb_control_io$uac1(0xffffffffffffffff, &(0x7f0000000800)={0x14, &(0x7f00000006c0)={0x20, 0xb, 0x25, {0x25, 0x21, "a917f81e5c6df671ec0fb82745b5510ff852e11593942ea501b0f247694b186b053aa3"}}, &(0x7f0000000700)={0x0, 0x3, 0xe4, @string={0xe4, 0x3, "77919aac4f7d35da0ac1b0d1cecf112d693f3c7a1a0088f3b64ab92cb39a3d2b87cee40c44c539f2f8ac7dd319feb4fa7d791129eea7fb5809fa866471cd9383ab9143fc2efce7d55810d4ae46ddc94c7e6f7c2e12de75c5519b1ac0d2b6945498c9394d11baaeab783971d7cd6302ec719682f909af3d36d29cbb975e1ca190b4abedd540c5cad9d9169f8808f1e8ff773479a6e00640875f57dccc2155eb46dff786c72e7922cb0c9a067aaab51d4cdd72492bd90c1ae6620add4a86b7c8eb9365a45b3067780a84435c1f38d2e210df7314a0faf7a5ca7dc2be9571c688396e0b"}}}, &(0x7f0000000b40)={0x44, &(0x7f0000000840)={0x20, 0x9, 0xc5, "87edbf774625ad6ba0754453fb1f2bea7e8e4647176cac972094ff7fcf062957a63fec0e0c5e566fbc2ea58209611e02f72b10111d12f1a5fe7b037a2ce30cb037c528cc292d56fcafa0e7114bd7ddf551a585ed026b60425e194f831ca87c20eef341ec41642636af836fb86e4da96e0ecc60db864a5127e1f7b5cb8d511dd2d6e5cb44eee9969460718b39de6bd972930b92b856259b07c5f23a4b9ee2df9e2f3c89dc53c4658165449f846a89c088be3b3dfc5e197ff820b3291e8acaeeb7a954164f86"}, &(0x7f0000000940)={0x0, 0xa, 0x1, 0x2}, &(0x7f0000000980)={0x0, 0x8, 0x1, 0x81}, &(0x7f0000000a00)={0x20, 0x81, 0x2, "b82b"}, &(0x7f0000000a40)={0x20, 0x82, 0x3, "f31325"}, &(0x7f0000000a80)={0x20, 0x83, 0x2, "81d9"}, &(0x7f0000000ac0)={0x20, 0x84, 0x3, "281b9b"}, &(0x7f0000000b00)={0x20, 0x85, 0x3, "56867a"}})
sendmsg$nl_route(r7, &(0x7f0000000040)={0x0, 0x0, &(0x7f0000000080)={&(0x7f00000009c0)=@newlink={0x28, 0x10, 0xc362e63b3f31ba5f, 0x0, 0x0, {0x0, 0x0, 0x0, 0x0, 0x100, 0x80e1}, [@IFLA_GROUP={0x8}]}, 0x28}}, 0x0)
ioctl$sock_ipv6_tunnel_SIOCDELTUNNEL(0xffffffffffffffff, 0x89f2, &(0x7f0000000680)={'syztnl1\x00', &(0x7f0000000bc0)={'syztnl2\x00', <r8=>0x0, 0x2f, 0x4, 0xf3, 0x1, 0x10, @empty, @ipv4={'\x00', '\xff\xff', @dev={0xac, 0x14, 0x14, 0xe}}, 0x700, 0x8, 0x7, 0x2}})
sendmsg$MPTCP_PM_CMD_DEL_ADDR(r4, &(0x7f0000000140)={0x0, 0x0, &(0x7f0000000100)={&(0x7f0000000580)={0x28, r5, 0x7, 0x0, 0x0, {}, [@MPTCP_PM_ATTR_ADDR={0x14, 0x1, 0x0, 0x1, [@MPTCP_PM_ADDR_ATTR_IF_IDX={0x8, 0x7, r8}, @MPTCP_PM_ADDR_ATTR_ADDR4={0x8, 0x3, @local}]}]}, 0x28}}, 0x0)
r9 = socket$inet6_tcp(0xa, 0x1, 0x0)
setsockopt$inet6_IPV6_FLOWLABEL_MGR(r9, 0x29, 0x20, &(0x7f0000000000)={@ipv4={'\x00', '\xff\xff', @broadcast}, 0x62a2, 0x1, 0x1, 0xf, 0x773, 0x8}, 0x20)
socketpair(0x2a, 0x0, 0xa7, &(0x7f0000000540))
close(r0)
syz_usb_control_io$rtl8150(r1, &(0x7f0000000140)={0x14, &(0x7f00000001c0)={0x0, 0xa, 0xb0, {0xb0, 0xc, "62a1ec21c1d3496f7c3350c24cd897c3035cd1645d74adc5a8bcb978f3f74c3f4b985420102b46aeebe4d8fb7a02ef96e130e943e712ad3d3ba22be0958ca71fff5a01ce2f7c3c9aa795de4ef3f988871882a73ef30aed2b73396019413207d773846728e21f2369d5fa2cd55266409f6e7b2fe565f356ac315992f525cbc46b6b7ff384b0229ee537b8ed0bce04e1973faa6dc605476709df20a45baf0afef8c94a7cf133d8eb0b633f098bd0c6"}}, &(0x7f0000000100)={0x0, 0x3, 0x4, @lang_id={0x4, 0x3, 0x300a}}}, &(0x7f0000000500)={0x2c, &(0x7f0000000340)={0x20, 0x3, 0x58, "b360afdd855eb7e9da19f72ef572ef4c0e7657f3fa5a5e416809d7e121017aaf89b3f028aff1b26e5479a63d309d8f8358296cfd7e6891bff3b3a88452a6d584b1e1ee1b8841f2a3a4eb05b4de49c3594e639c2b22ca108f"}, &(0x7f00000003c0)={0x0, 0xa, 0x1, 0x4}, &(0x7f0000000400)={0x0, 0x8, 0x1, 0xa}, &(0x7f00000005c0)={0xc0, 0x5, 0x6, "4e157322d699"}, &(0x7f0000000480)={0x40, 0x5, 0x4, "ffca0000"}})
ioctl$VIDIOC_TRY_FMT(0xffffffffffffffff, 0xc0d05640, &(0x7f0000000000)={0xd, @pix={0x3, 0x7, 0x3147504d, 0x8, 0x2, 0x9, 0x5, 0xa, 0x1, 0x1, 0x0, 0x4}})

11.77441556s ago: executing program 3 (id=3105):
r0 = socket$nl_generic(0x10, 0x3, 0x10)
r1 = syz_genetlink_get_family_id$mptcp(&(0x7f0000000040), 0xffffffffffffffff)
sendmsg$MPTCP_PM_CMD_DEL_ADDR(r0, &(0x7f0000000140)={0x0, 0x0, &(0x7f0000000100)={&(0x7f0000000240)=ANY=[@ANYBLOB='(\x00\x00\x00', @ANYRES16=r1, @ANYBLOB="070000000000000000000200000014000180060001"], 0x28}}, 0x0)

11.488040302s ago: executing program 3 (id=3107):
write(0xffffffffffffffff, &(0x7f0000000180)="7e7226ce9b4d692092ffa2b579f0ff5793012c9738a9be19ff3e69a683a0a1bbace0dc3853c661a4e1019e7a1f3af60350126cb99c5f3ace6f5616c00e0fb30b2832398fed6233b8632a001dd0a846cbb8a5d77e3208db486b055edb6ae7917f07ccf4b6811be57047aa17799359e733ec395940d1feb7a9ec2ddadb1ff61070c9c00f9db8e47f74a5271fa77b6e692e6ac97aaae883e5522f8e86c2403aec0ff8dee1cba5d40f0969470b9a2a95f6f22f9d4250809400ea8403", 0xba)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000040)={0xffffffffffffffff, <r0=>0xffffffffffffffff})
setsockopt$packet_int(0xffffffffffffffff, 0x107, 0xf, &(0x7f0000000100)=0x9, 0x4)
ioctl$sock_SIOCGIFINDEX(r0, 0x8933, &(0x7f00000000c0)={'ip6gretap0\x00'})
fstatfs(0xffffffffffffffff, 0x0)
sendmsg$SEG6_CMD_SETHMAC(0xffffffffffffffff, &(0x7f0000000d40)={&(0x7f0000000c00)={0x10, 0x0, 0x0, 0x4000}, 0xc, 0x0, 0x1, 0x0, 0x0, 0x4000004}, 0x20040084)
syz_usb_connect(0x5, 0x61, &(0x7f0000000e00)={{0x12, 0x1, 0x110, 0x22, 0xb, 0x78, 0x8, 0x5ac, 0x216, 0x997e, 0x1, 0x2, 0x3, 0x1, [{{0x9, 0x2, 0x4f, 0x1, 0xa, 0x8, 0x0, 0x9, [{{0x9, 0x4, 0xd3, 0xe, 0x6, 0x3, 0xa0, 0x2, 0x80, [], [{{0x9, 0x5, 0x8, 0x0, 0x10, 0x2, 0xfa, 0xff, [@uac_iso={0x7, 0x25, 0x1, 0x83, 0x3, 0x7}]}}, {{0x9, 0x5, 0xf, 0xc, 0x400, 0x9, 0x81, 0xc4}}, {{0x9, 0x5, 0xf, 0x10, 0x3ff, 0x7, 0x7, 0x81}}, {{0x9, 0x5, 0xe, 0x3, 0x10, 0x3, 0x6, 0x4}}, {{0x9, 0x5, 0x80, 0x0, 0x8, 0x1, 0x3, 0xbb}}, {{0x9, 0x5, 0x9, 0x1, 0x20, 0xde, 0xc5, 0x2}}]}}]}}]}}, &(0x7f00000017c0)={0xa, &(0x7f0000001540)={0xa, 0x6, 0x300, 0x6f, 0xff, 0x6, 0x20, 0x6}, 0x0, 0x0, 0x1, [{0x0, 0x0}]})
openat$pfkey(0xffffffffffffff9c, &(0x7f0000002840), 0x12000, 0x0)
r1 = socket$nl_generic(0x10, 0x3, 0x10)
sendmsg$nl_generic(r1, &(0x7f0000000100)={0x0, 0x0, &(0x7f0000000040)={&(0x7f0000000000)={0x1c, 0x2e, 0x9, 0x70bc27, 0x0, {0x4}, [@typed={0x8, 0x1a, 0x0, 0x0, @u32=0x40}]}, 0x1c}, 0x1, 0x0, 0x0, 0x42804}, 0x20000084)
mmap(&(0x7f0000000000/0xfbe000)=nil, 0xfbe000, 0x300000a, 0x4031, 0xffffffffffffffff, 0x0)
mmap$IORING_OFF_SQ_RING(&(0x7f0000400000/0xc00000)=nil, 0xc00000, 0x3000002, 0x5d031, 0xffffffffffffffff, 0x0)
r2 = syz_clone(0x11, 0x0, 0x0, 0x0, 0x0, 0x0)
move_pages(r2, 0x0, 0x0, 0x0, &(0x7f0000000540), 0x0)
r3 = socket$inet6_tcp(0xa, 0x1, 0x0)
setsockopt$inet6_tcp_int(r3, 0x6, 0x13, &(0x7f0000000040)=0x100000001, 0x76dc)
connect$inet6(r3, &(0x7f0000000080)={0xa, 0x0, 0x0, @loopback}, 0x1c)
splice(r3, 0x0, 0xffffffffffffffff, 0x0, 0x10000008ebc, 0x0)
io_uring_enter(0xffffffffffffffff, 0xf73, 0x99aa, 0x21, &(0x7f00000003c0)={[0x6]}, 0x8)
ioctl$VIDIOC_S_FBUF(0xffffffffffffffff, 0x4030560b, &(0x7f0000000380)={0x22, 0x2, &(0x7f0000000280)="0b666b704c5bad6b50f313024b7570e9c7a6308cefc144bdf66c5cc5045ccda60112c25f568c6d031213ab664e0959c8b7c0484d9f3d1ed202c6a0e19025daa5027bfb87c047f468049e0735026a2db8ec61d2947e1d7ec7bae0010c2bfc2cd5833c116bed5c41cae1cab2133b1b33b2d32185aed602f999cf57d73edaabe29a04640cce5fbb253dcc11fe0cf0685923db05941407885d6e10f708e12257664d125ede86b7f6a0218e04692e0b4e5bace303f4511a75c3382e3c4bc3d45e4f979f331bcadb39beaf063f09bf9ec146b70b677dcf9c3a5ab93580cd85353c0dd4a63385aad1f0cabd661b14585089196ec1", {0x200, 0xfffffffe, 0x35323645, 0x0, 0xffff8000, 0x2, 0x7, 0x9}})
r4 = socket$nl_netfilter(0x10, 0x3, 0xc)
sendmsg$NFT_BATCH(r4, &(0x7f000000c2c0)={0x0, 0x0, &(0x7f0000000200)={&(0x7f00000003c0)=ANY=[@ANYRESDEC=r0], 0x7c}, 0x1, 0x0, 0x0, 0x20000800}, 0x4800)
sendmsg$NFT_BATCH(r4, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000000b00)={&(0x7f0000000640)={{0x14}, [@NFT_MSG_NEWRULE={0x5c, 0x6, 0xa, 0x401, 0x0, 0x0, {0x2}, [@NFTA_RULE_EXPRESSIONS={0x24, 0x4, 0x0, 0x1, [{0x20, 0x1, 0x0, 0x1, @ct={{0x7}, @val={0x14, 0x2, 0x0, 0x1, [@NFTA_CT_DREG={0x8, 0x1, 0x1, 0x0, 0x12}, @NFTA_CT_KEY={0x8, 0x2, 0x1, 0x0, 0x15}]}}}]}, @NFTA_RULE_TABLE={0x9, 0x1, 'syz0\x00'}, @NFTA_RULE_CHAIN={0x9, 0x2, 'syz2\x00'}, @NFTA_RULE_POSITION={0xc, 0x6, 0x1, 0x0, 0x3}]}], {0x14}}, 0x84}}, 0x0)
socketpair$tipc(0x1e, 0x1, 0x0, &(0x7f0000000000)={<r5=>0xffffffffffffffff, <r6=>0xffffffffffffffff})
recvmsg(r5, &(0x7f0000000500)={&(0x7f0000000040)=@hci, 0x80, &(0x7f0000000100)=[{&(0x7f0000000400)=""/248, 0x200105d0}], 0x1}, 0x1f00)
mkdirat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000000)='./cgroup.cpu/syz0\x00', 0x1ff)
openat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000000), 0x200002, 0x0)
write$cgroup_subtree(0xffffffffffffffff, &(0x7f0000000180)=ANY=[@ANYBLOB='-1'], 0x27)
sendmsg$tipc(r6, &(0x7f0000000240)={0x0, 0xfffffff5, &(0x7f0000000200)=[{&(0x7f0000000140)="a2", 0xfffffdef}], 0x1}, 0x0)
syz_open_procfs(0x0, &(0x7f0000000240)='clear_refs\x00')

9.899238862s ago: executing program 4 (id=3109):
openat$kvm(0xffffffffffffff9c, &(0x7f0000000200), 0x0, 0x0)
r0 = socket$inet_udplite(0x2, 0x2, 0x88)
r1 = socket$nl_route(0x10, 0x3, 0x0)
sendmsg$nl_route(r1, &(0x7f0000000280)={0x0, 0x0, &(0x7f0000000140)={&(0x7f0000000600)=ANY=[@ANYBLOB="640000001000030400"/20, @ANYRES32=0x0, @ANYBLOB="e5fda9880000ffef2800128009000100766c616e00000000180002800c0002001c0000001f000000060001000000000008000500", @ANYRES32=r0, @ANYBLOB='\b\x00\n\x00', @ANYRES32, @ANYBLOB="0a000100000070"], 0x64}}, 0x0)

7.848094804s ago: executing program 3 (id=3111):
r0 = syz_clone(0x0, 0x0, 0x0, 0x0, 0x0, 0x0)
ptrace(0x10, r0)
r1 = syz_usb_connect(0x5, 0x207, &(0x7f0000009a00)=ANY=[@ANYBLOB="12011003a9372540f30c1010db26010203010902f50101030250070904"], &(0x7f0000000300)={0x0, 0x0, 0x0, 0x0})
syz_usb_disconnect(r1)
r2 = syz_usb_connect(0x0, 0x3f, &(0x7f0000000080)=ANY=[@ANYBLOB="11010000733336088dee1adb23610000000109022d0001100000000904000003fe03010009cd8d1f000200000009050502000000001009058b1e20"], 0x0)
syz_usb_control_io(r2, 0x0, &(0x7f0000000300)={0x84, &(0x7f00000000c0)=ANY=[], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0})
r3 = syz_open_dev$char_usb(0xc, 0xb4, 0x0)
ioctl$AUTOFS_DEV_IOCTL_READY(0xffffffffffffffff, 0xc0189376, &(0x7f0000000000)={{0x1, 0x1, 0x18, 0xffffffffffffffff, {0x1}}, './file0\x00'})
ioctl$FS_IOC_GETVERSION(r3, 0xc0145b0e, &(0x7f0000000000))
syz_usb_connect$hid(0x0, 0x36, &(0x7f0000000380)=ANY=[], &(0x7f0000000680)={0x0, 0x0, 0x0, 0x0})
ptrace$pokeuser(0x6, r0, 0x388, 0x202599ca)

7.32133649s ago: executing program 4 (id=3112):
r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000100), 0x0, 0x0)
r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0)
syz_usb_connect(0x5, 0x63, &(0x7f0000000300)=ANY=[@ANYBLOB="120101020f4f07407b060323f5530102030109025100010304e0030904130906ba95d20309050f002000fe8500090506001000009606090306065709050200100006080709040483af0cf67b3f09058e0220000c08ff09050c1287c9e491f4ae61abadb2d7d50acc4da62dce2a69ca5df71b26447c3f235b64c8e8ae7f5eaa9a4c71d0817ca14efb457b891cbd1fad753cf1d74ea99df6562682e56fbd8a68c5e3eda487d9aeb8c94c739a2a5caacbbe67d47e834ec8ae5b8711d1ebc746193e7365dd0dcbbe292c224b154c53e78c39d88eb3a2246db9acfdf802bfa0b955daa75db062f04b408f6d82f9f31ea47aab184da141cb66fe4a2d29dfe62e5b5724ea9d3f03e3a12e731237c8f4e4ba121f32d9463965f6490c6f5c66e8d71ce2dddc338f06dc56937fe02e3795fa709a9bea2d710e552b780eb16cd4fae8abfaba593a2a283e39e51601c8383d96a6d9f4e43fe48efd6e00000000"], &(0x7f0000003780)={0x0, 0x0, 0x0, 0x0})
sendmsg$key(0xffffffffffffffff, 0x0, 0x10)
r2 = socket$nl_generic(0x10, 0x3, 0x10)
socketpair$unix(0x1, 0x1, 0x0, &(0x7f00000001c0))
socketpair$unix(0x1, 0x5, 0x0, &(0x7f0000000080))
rseq(&(0x7f00000000c0)={0x0, 0x0, 0x0, 0x5}, 0x20, 0x0, 0x0)
prctl$PR_SET_MM_MAP(0x23, 0xe, &(0x7f0000000080)={&(0x7f0000a6b000/0x1000)=nil, &(0x7f0000cf1000/0x4000)=nil, &(0x7f0000400000/0xc00000)=nil, &(0x7f0000ffc000/0x4000)=nil, &(0x7f0000ff8000/0x4000)=nil, &(0x7f0000ff8000/0x3000)=nil, &(0x7f0000ffb000/0x3000)=nil, &(0x7f000068c000/0xc000)=nil, &(0x7f0000ca2000/0x4000)=nil, &(0x7f0000ffa000/0x1000)=nil, &(0x7f0000cae000/0x2000)=nil, 0x0}, 0x68)
syz_open_dev$radio(0x0, 0x2, 0x2)
mprotect(&(0x7f0000000000/0xf000)=nil, 0xf000, 0x1)
r3 = syz_genetlink_get_family_id$tipc(&(0x7f00000000c0), r2)
sendmsg$TIPC_CMD_ENABLE_BEARER(r2, &(0x7f00000002c0)={0x0, 0x0, &(0x7f0000000280)={&(0x7f0000000680)=ANY=[@ANYBLOB='8\x00\x00\x00', @ANYRES16=r3, @ANYBLOB="010000000d000000000001"], 0x38}}, 0x0)
r4 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0)
keyctl$instantiate(0xc, 0x0, &(0x7f0000000100)=@encrypted_update={'update ', 'default', 0x20, 'user:', 'new '}, 0x19, 0xfffffffffffffffe)
add_key(&(0x7f0000000140)='encrypted\x00', &(0x7f0000000180), &(0x7f0000000100), 0xca, 0xfffffffffffffffe)
ioctl$KVM_X86_SET_MCE(r4, 0x4040ae9e, &(0x7f0000000000)={0xae00000000000000, 0x80a0000, 0x1800000, 0x0, 0x10})
r5 = syz_usb_connect(0x0, 0x24, &(0x7f0000000040)=ANY=[@ANYBLOB="1201000003005740ed0b0011c3ec000000010902120001000000000904"], 0x0)
r6 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0)
r7 = ioctl$KVM_CREATE_VM(r6, 0xae01, 0x0)
ioctl$KVM_CREATE_IRQCHIP(r7, 0xae60)
r8 = ioctl$KVM_CREATE_VCPU(r7, 0xae41, 0x0)
syz_kvm_setup_cpu$x86(0xffffffffffffffff, r8, &(0x7f0000fe8000/0x18000)=nil, &(0x7f0000000100)=[@text64={0x40, 0x0}], 0x1, 0x43, 0x0, 0x0)
ioctl$KVM_GET_SREGS2(r8, 0x8140aecc, &(0x7f0000000280))
syz_usb_control_io$hid(r5, 0x0, &(0x7f0000000100)={0xfffffffffffffecb, &(0x7f0000000200)=ANY=[@ANYBLOB="00000400000000"], 0x0, 0x0, 0x0, 0x0})

7.156681365s ago: executing program 5 (id=3113):
r0 = socket$nl_xfrm(0x10, 0x3, 0x6)
sendmsg$nl_xfrm(r0, &(0x7f00000002c0)={0x0, 0x0, &(0x7f0000001100)={&(0x7f0000000a00)=@newsa={0x138, 0x10, 0x1, 0x0, 0x0, {{@in=@private=0xa010101, @in=@remote, 0x0, 0x0, 0x0, 0x0, 0xa, 0x0, 0x0, 0x64}, {@in, 0x0, 0x32}, @in=@dev={0xac, 0x14, 0x14, 0x36}, {0x0, 0x100, 0x0, 0xfffffffffffffffd, 0x0, 0x0, 0x100000000000000, 0xe3}, {0xfffffffffffffffd, 0x4, 0x8000000, 0x100000000}, {0x0, 0x0, 0x2}, 0x0, 0x0, 0xa, 0x0, 0x0, 0xcd}, [@algo_crypt={0x48, 0x2, {{'cbc(aes)\x00'}}}]}, 0x138}}, 0x0)

6.932755264s ago: executing program 5 (id=3116):
r0 = socket(0x10, 0x3, 0x0)
r1 = socket$nl_route(0x10, 0x3, 0x0)
ioctl$ifreq_SIOCGIFINDEX_team(r1, 0x8933, &(0x7f0000000000)={'team0\x00', <r2=>0x0})
r3 = syz_open_dev$dvb_demux(&(0x7f0000000080), 0x0, 0x41)
ioctl$DVB_DEMUX_DMX_SET_PES_FILTER(r3, 0x40146f2c, &(0x7f00000000c0)={0x2, 0x1, 0x3, 0x13, 0x4})
syz_open_dev$dvb_demux(0x0, 0x0, 0x62400)
close(r3)
sendmsg$nl_route(r0, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000180)={&(0x7f00000000c0)=ANY=[@ANYBLOB="680000001000ffff25bd7000fddbdf2500000000", @ANYRES32=0x0, @ANYBLOB="1720000021200000400012800c0001006d6163766c616e0030000280080003000300000008000100100000001c0005800a000400aaaaaaaaaa2d00000a0004003426f7b68ed1000008000500", @ANYRES32=r2], 0x68}, 0x1, 0x0, 0x9000000, 0x1}, 0x8000002)

6.769617069s ago: executing program 1 (id=3117):
r0 = socket$nl_netfilter(0x10, 0x3, 0xc)
sendmsg$NFT_BATCH(r0, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000040)={&(0x7f0000000100)=ANY=[@ANYBLOB="140000001000010000000000000000000000000a20000000000a03000000000000000006070000000900010073797a30000000005c000000090a010400000000000000000700000008000a40000000000900020073797a31000000000900010073797a30000000000800054000000021200011800e000100636f6e6e6c696d69740000000c00028008000140fffffff73c0000000c0a01010000000000000000070400000900020073797a31000000000900010073797a3000000000100003800c0000800800034000000002"], 0xe0}, 0x1, 0x0, 0x0, 0x800}, 0x0)

6.769316887s ago: executing program 0 (id=3118):
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
socketpair$unix(0x1, 0x3, 0x0, 0x0)
connect$unix(0xffffffffffffffff, &(0x7f000057eff8)=@abs, 0x6e)
sendmmsg$unix(0xffffffffffffffff, &(0x7f00000bd000), 0x318, 0x0)
recvmmsg(0xffffffffffffffff, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
bpf$PROG_LOAD(0x5, &(0x7f0000000380)={0x1, 0x0, 0x0, 0x0, 0x9, 0x0, 0x0, 0x40f00, 0x66, '\x00', 0x0, @fallback=0x7, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10000000}, 0x94)
sched_setattr(0x0, &(0x7f0000000280)={0x38, 0x5, 0x8, 0x8001, 0x0, 0x9, 0x0, 0xfffffe0000000001, 0xfa11, 0xffffffff}, 0x0)
r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000340), 0x0, 0x0)
r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0)
ioctl$KVM_CAP_DISABLE_QUIRKS(r1, 0x4068aea3, &(0x7f0000000200)={0x74, 0x0, 0x10})
ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x2)
bpf$PROG_LOAD(0x5, &(0x7f00000004c0)={0x11, 0x14, 0x0, &(0x7f0000000100)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
prctl$PR_SET_SECCOMP(0x16, 0x2, &(0x7f0000000000)={0x1, &(0x7f00000000c0)=[{0x200000000006, 0x0, 0x0, 0x7ffc1ffb}]})
socket$nl_generic(0x10, 0x3, 0x10)
r2 = socket$nl_generic(0x10, 0x3, 0x10)
r3 = syz_genetlink_get_family_id$tipc2(&(0x7f0000000100), 0xffffffffffffffff)
sendmsg$TIPC_NL_BEARER_ENABLE(r2, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000180)={&(0x7f0000000080)={0x54, r3, 0x1, 0x0, 0x0, {}, [@TIPC_NLA_BEARER={0x40, 0x1, 0x0, 0x1, [@TIPC_NLA_BEARER_UDP_OPTS={0x2c, 0x4, {{0x14, 0x1, @in={0x2, 0x4e22, @loopback}}, {0x14, 0x2, @in={0x2, 0x0, @multicast2}}}}, @TIPC_NLA_BEARER_NAME={0xd, 0x1, @udp='udp:syz2\x00'}]}]}, 0x54}, 0x1, 0x0, 0x0, 0x4040000}, 0x0)
r4 = socket$nl_generic(0x10, 0x3, 0x10)
r5 = syz_genetlink_get_family_id$tipc2(&(0x7f0000000100), 0xffffffffffffffff)
r6 = socket$nl_generic(0x10, 0x3, 0x10)
syz_genetlink_get_family_id$tipc2(&(0x7f0000000040), 0xffffffffffffffff)
sendmsg$TIPC_NL_BEARER_ENABLE(r6, &(0x7f0000001380)={0x0, 0x0, &(0x7f0000001340)={&(0x7f0000000300)=ANY=[], 0x68}}, 0x0)
sendmsg$TIPC_NL_KEY_SET(r4, &(0x7f0000000100)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000200)={0x54, r5, 0x1, 0x0, 0x0, {}, [@TIPC_NLA_NODE={0x40, 0x6, 0x0, 0x1, [@TIPC_NLA_NODE_KEY={0x3c, 0x4, {'gcm(aes)\x00', 0x14, "e3de3d7b4cd07ec3ee777de774fc7987cca41989"}}]}]}, 0x54}, 0x1, 0x0, 0x0, 0x4}, 0x4000004)
r7 = syz_genetlink_get_family_id$tipc2(&(0x7f0000000e40), 0xffffffffffffffff)
sendmsg$TIPC_NL_BEARER_ENABLE(r2, &(0x7f0000000580)={0x0, 0x0, &(0x7f0000001080)={&(0x7f0000000000)={0x6c, r7, 0x1, 0x0, 0x25dfdbfe, {}, [@TIPC_NLA_BEARER={0x58, 0x1, 0x0, 0x1, [@TIPC_NLA_BEARER_UDP_OPTS={0x44, 0x4, {{0x20, 0x1, @in6={0xa, 0x0, 0x0, @loopback}}, {0x20, 0x2, @in6={0xa, 0x0, 0x1, @remote}}}}, @TIPC_NLA_BEARER_NAME={0xd, 0x1, @udp='udp:syz0\x00'}]}]}, 0x6c}}, 0x0)
setfsuid(0xffffffffffffffff)
socket$rxrpc(0x21, 0x2, 0xa)
r8 = openat$rdma_cm(0xffffffffffffff9c, &(0x7f0000000540), 0x2, 0x0)
write$RDMA_USER_CM_CMD_ACCEPT(r8, &(0x7f0000000580)={0x8, 0x11e, 0xfa00, {0x2, {0x6, 0x401, "654ab74f49928339207e51090f5bc27680cb3a2882cbdd91212c607346a8e1f152a32701540de00ed23edeb4690a538cf3cec237e42498b656d1853715f732c45fb93db1fb33b14c3928b598ffbcc6c3ace4d961194f8b6f4f98886301aa84ce6d6868a99f8e89fbf8d112e323853f9ad8f1312c872eaa86df69820386329a4fd99c00a738a16a87d52658a83653b57e75bfd76297eded467f114f3f56b8ff76c2d725d8902822b6803bf493278d85466eb9621e433f4f484fdf82919268589e5e6f647505495beaa84034e47fe3a3f53634d17210b4b74ca184c2f1124fe84d84f84d61b43bd051532ccbd25aba9f43541400", 0x8, 0x1, 0x33, 0x4d, 0xd5, 0x4, 0x25, 0x1}}}, 0x128)

6.624157428s ago: executing program 5 (id=3119):
syz_usb_connect(0x0, 0x0, 0x0, 0x0)
r0 = socket$nl_generic(0x10, 0x3, 0x10)
r1 = openat$tun(0xffffffffffffff9c, &(0x7f0000000240), 0x0, 0x0)
ioctl$TUNSETIFF(r1, 0x400454ca, &(0x7f0000000040)={'syzkaller0\x00', 0x7101})
socket$nl_route(0x10, 0x3, 0x0)
socket$nl_route(0x10, 0x3, 0x0)
r2 = socket$unix(0x1, 0x1, 0x0)
ioctl$sock_SIOCGIFINDEX(r2, 0x8933, 0x0)
socket(0xa, 0x3, 0x3a)
socketpair$unix(0x1, 0x3, 0x0, &(0x7f0000000080)={<r3=>0xffffffffffffffff, <r4=>0xffffffffffffffff})
connect$unix(r3, 0x0, 0x0)
sendmmsg$unix(r4, &(0x7f00000bd000), 0x318, 0x0)
recvmmsg(r3, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
sched_setattr(0x0, &(0x7f0000000280)={0x38, 0x6, 0x8, 0x8001, 0x0, 0x9, 0x4, 0xfffffe0000000001, 0xfa14, 0xffffffff}, 0x0)
r5 = openat$fb0(0xffffffffffffff9c, 0x0, 0x101800, 0x0)
ioctl$FBIOBLANK(r5, 0x4611, 0x3)
sched_setattr(0x0, &(0x7f0000000100)={0x38, 0x5, 0x0, 0x0, 0x800, 0xb49, 0x2, 0x8, 0x0, 0xfffffff9}, 0x0)
ioprio_get$uid(0x3, 0x0)
pread64(0xffffffffffffffff, 0x0, 0x0, 0x97)
openat$binder_debug(0xffffffffffffff9c, &(0x7f0000002780)='/sys/kernel/debug/binder/transactions\x00', 0x0, 0x0)
syz_genetlink_get_family_id$ethtool(&(0x7f0000000040), r0)
openat$procfs(0xffffffffffffff9c, &(0x7f0000000440)='/proc/mdstat\x00', 0x1800, 0x0)
r6 = syz_io_uring_setup(0xbdc, &(0x7f0000000640)={0x0, 0xec25, 0x400, 0x0, 0x40000333}, &(0x7f00000006c0)=<r7=>0x0, &(0x7f00000001c0)=<r8=>0x0)
syz_memcpy_off$IO_URING_METADATA_GENERIC(r7, 0x4, &(0x7f0000000180)=0xfffffffc, 0x0, 0x4)
syz_io_uring_submit(r7, r8, &(0x7f0000000200)=@IORING_OP_READV=@pass_iovec={0x1, 0x0, 0x0, @fd_index=0x4, 0x0, &(0x7f0000000100)=[{&(0x7f0000000240)=""/216, 0xd8}, {0x0}], 0x2})
io_uring_enter(r6, 0x847ba, 0x0, 0xf, 0x0, 0x0)

6.49644262s ago: executing program 1 (id=3120):
mmap$IORING_OFF_SQ_RING(&(0x7f0000400000/0xc00000)=nil, 0xc00000, 0x6, 0x50, 0xffffffffffffffff, 0x0)
socket(0xa, 0x3, 0x3a)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000080)={<r0=>0xffffffffffffffff, <r1=>0xffffffffffffffff})
connect$unix(r0, &(0x7f000057eff8)=@abs, 0x6e)
sendmmsg$unix(r1, &(0x7f00000bd000), 0x318, 0x0)
recvmmsg(r0, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
syz_genetlink_get_family_id$ethtool(0x0, 0xffffffffffffffff)
recvmmsg(0xffffffffffffffff, &(0x7f0000004600), 0x0, 0x2, 0x0)
sched_setattr(0x0, &(0x7f0000000280)={0x38, 0x5, 0x8, 0x8001, 0x0, 0x9, 0x0, 0xfffffe0000000001, 0xfa11, 0xffffffff}, 0x0)
socket$inet_sctp(0x2, 0x1, 0x84)
r2 = openat$ttyS3(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0)
r3 = syz_usb_connect(0x0, 0x24, 0x0, 0x0)
syz_usb_control_io$cdc_ncm(r3, 0x0, 0x0)
ioctl$TIOCSETD(r2, 0x5423, &(0x7f00000000c0)=0x3)
mknodat(0xffffffffffffff9c, &(0x7f00000000c0)='./file2\x00', 0x81c0, 0x0)
execveat(0xffffffffffffff9c, &(0x7f0000000280)='./file2\x00', 0x0, 0x0, 0x0)
mknod$loop(&(0x7f0000000140)='./file7\x00', 0x2000, 0x0)
madvise(&(0x7f0000000000/0x800000)=nil, 0x800000, 0xe)
madvise(&(0x7f0000529000/0x2000)=nil, 0x2000, 0x16)
socket$nl_route(0x10, 0x3, 0x0)
syz_open_dev$ndb(&(0x7f0000003b80), 0x0, 0x0)
socket(0xa, 0x3, 0x3a)
socketpair$unix(0x1, 0x3, 0x0, &(0x7f0000000080)={<r4=>0xffffffffffffffff, <r5=>0xffffffffffffffff})
connect$unix(r4, &(0x7f000057eff8)=@abs, 0x6e)
sendmmsg$unix(r5, &(0x7f00000bd000), 0x318, 0x0)
recvmmsg(r4, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
prctl$PR_SET_SECCOMP(0x16, 0x2, 0x0)
sched_setattr(0x0, &(0x7f0000000280)={0x38, 0x5, 0x8, 0x8001, 0x0, 0x9, 0x0, 0xfffffe0000000001, 0xfa11, 0xffffffff}, 0x0)

6.445141908s ago: executing program 0 (id=3121):
openat$rfkill(0xffffffffffffff9c, &(0x7f0000000040), 0x801, 0x0)
socketpair$unix(0x1, 0x3, 0x0, &(0x7f0000000080)={<r0=>0xffffffffffffffff, <r1=>0xffffffffffffffff})
connect$unix(r0, &(0x7f000057eff8)=@abs, 0x6e)
sendmmsg$unix(r1, &(0x7f00000bd000), 0x318, 0x0)
recvmmsg(r0, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
ioctl$IOMMU_TEST_OP_MOCK_DOMAIN_FLAGS(0xffffffffffffffff, 0x3ba0, &(0x7f0000000200)={0x48})
r2 = dup(0xffffffffffffffff)
setsockopt$inet_sctp6_SCTP_STREAM_SCHEDULER(r2, 0x84, 0x7b, &(0x7f0000000280)={0x0, 0x4}, 0x8)
setsockopt$inet_sctp6_SCTP_SOCKOPT_BINDX_ADD(r2, 0x84, 0x64, &(0x7f0000000040)=[@in6={0xa, 0x4e24, 0x6, @local, 0x3}], 0x1c)
bpf$PROG_LOAD(0x5, &(0x7f0000000080)={0x1, 0xe, &(0x7f0000001100)=ANY=[@ANYBLOB="b7020000c54a4530bfa30000ff9000000703000000feffff7a0af0fff8ffff1971a4f0ff00000000b706000008ffffffcf6400000000000045040400010000001704000001000a00b7040000000100006a0af2fe0000004f850000001a000000b7000000000000009500000000000000455781a5feee5e1ce784909b849d5550adf200000000000000b61d69f2ffdaa10350e11cb97c8ad51bcda0c4ee6d9674c77404ceb9971e43405d62de53a1a53608c10556e5734eb84049761451ce2e2d9f8004e26f7fcc059c06220002595f6dba87b81d1106fb026cce67a66afd9ac3d09e29a9d542ca9d85a5c9c88474895c679838def0a83a733dc6a39b63a5ed69d32394c53361d7480884bd6fee53f5b2e7b91c61ced1ebad000000000000e8122a793c080a882add4e1179bd4a44f2fcb6d753a78845d8363e0401861abebe428ba953df4aece69311687f4122073a236c3ad198e3f3a532efa04137d452ff47d2638da3261c8362bb7c7824be6195a66d2e17e122040e11e3bd4a69fc6e8d9f7043e09b9e10dc7777bfae5884e4ba1e9cc4a2bbe99e30810400000000000000d63d716c0975e1ce4a655362e7062ff6ab3934555c01840219829472adefa06d3482c7b2711b98eabdca89b77efd13e6dba4a431ce47911834118093b6cabaa17a57727474e1785ee234835088445aa4a9b677d3d342640e328504aea02a2dff0f000000000000bf8fe1d704765de7482040b2fc3000000000000000008947baeaaf954aff687deaa2f804924600273ee26d8115cbca081a14cba24788779291745083fccdddc90d7af35c048d46362ea0d8d79c79ddca066da478c197d4a550470557bc99cca336bd88cd28a5ee651627e3a6fbf6ea53b95ddb64c69c7d8d2f4baddc239828760459564124bad68209d2a1d16ad085886c017679cfcda8b10700ac1e2bcc5ede5b5687aa418abfa29acd7339e73b2cd185c9eb5fb34fccd20ffa155b16c0c309ed6f6663677df37de0ec0d0f548b273940be5d1fe0bae14d1a76bf741330dacd9cc19c0163bcc93059e8d2d120ea257bba458ecd989cb3581a3f270ad48255ac0dad4923e3e357e4e90583ce8d43ec65ed491d87a51d7c13f665dcf772e3ead71112008b16b0ea821f70aee1ccbd71c5a1c21e87d5b7b73d356337dbcf3456ff6cd0d6b98a258e3509a7d15b9dcae4d0d750ffa07909c955e718585b2456308beda2fa03bb9bcf03cdff31ee4b1665b987829c0f0872c006c6e4ed666fe23b343aae943923eedbdb0e7abee90e3da7b98b7d07d2d4816201ad1737798635b0a3ebd3aed120e4500c16e6c9dc729f2cb4ff5106419291d4222980b49ddb9527ce785822d8f4e2bc30a96767f500b9e26e3b12854da63083320d8bfe49d85e0842803dc59d6375bce2b8a93caf39c0ba767880b9bf9407e6a6c0f9a43d1ab51dabf9423b482e848fbe1653ff0c6161fa43543546ce17a42e6cddadaf0767d84407478ffe2d0b567d81201efc81e800d4c0874235ff5cd7f5f0ee71cc2b0193bfc9290627ceaeb0b02931a817688f3a51fa2861e70cbab50a5d434ed8d8841694dba46f3d5a95ae86e4d471684ccf427b2ba53a157b2a7cf7a4c10051bb77822190a14c2ab1f271a7cf9c240b99"], &(0x7f0000000100)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x8, &(0x7f0000000000), 0x0, 0x10, &(0x7f0000000340), 0xfffffffffffffe19, 0x0, 0xffffffffffffffff, 0x54}, 0x42)
r3 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000440), 0x0, 0x0)
r4 = ioctl$KVM_CREATE_VM(r3, 0xae01, 0x0)
r5 = ioctl$KVM_CREATE_VCPU(r4, 0xae41, 0x2)
mmap(&(0x7f0000000000/0x4000)=nil, 0x4000, 0x1000003, 0x13, r5, 0x0)
ioctl$KVM_SET_REGS(r5, 0x4090ae82, &(0x7f00000000c0)={[0x1, 0x1000000000000000, 0x7, 0x109e93, 0xffffffffffffffff, 0x400000, 0xd, 0x0, 0x2, 0xfffffffffffffffd, 0x48d6, 0x200000010000, 0x6, 0x6, 0x20000001], 0xd5d5c004, 0x8340})
ioctl$KVM_SET_VCPU_EVENTS(r5, 0x4040aea0, &(0x7f00000001c0)=@x86={0x9, 0x0, 0xb, 0x0, 0x4, 0x8, 0xe, 0x4, 0x9, 0x3c, 0x2, 0x2, 0x0, 0x6, 0x9, 0xd, 0x4, 0xc2, 0x98, '\x00', 0xbc, 0x901c835})
bpf$PROG_LOAD(0x5, &(0x7f0000000280)={0x1d, 0xc, 0x0, 0x0, 0x0, 0x0, 0x0, 0x41000, 0x64, '\x00', 0x0, @lsm=0x2b, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xa2af}, 0x94)
ioctl$KVM_RUN(r5, 0xae80, 0x0)
ioctl$KVM_RUN(r5, 0xae80, 0x0)
socket$can_bcm(0x1d, 0x2, 0x2)
r6 = bpf$PROG_LOAD(0x5, &(0x7f0000008000)={0x1, 0x3, &(0x7f0000000680)=ANY=[@ANYBLOB="b70000000000000007000000000000009500000000000000a9171809f8dcf159569d5475991f7de1a0d0c119cfcf6b98741c23fb7f8d3002ec85db75af955427e91496087a51a0a78f269a9e216a0d0177c4fe3552396a180330807a5b6e8c79aa92038c78d1f16c1323f0e0c8d45c641a21757847cb22230e4321cc3581e40c62c4defee8cffe359cfeef7f58fffdb48647d28ae810f6d22d20271e9e88e94aa6982bf48356652b08e2fbd404e41e0058aae0478fbe542b648421d1b4486a542a7d478fbe6b5e000000293853f9c68e235184b7ad5b6c4fe70ec8320500db0db7fda3da6171a05509ffecef2cb9802d4f36c9a1ce46d3b355fec188ccfc2f0fc89e164561fb06ee9a0153981a47b5de9edd3536d5534f9a699f73b2c9341d2d05043748ce1f4577ed76cdf5b3c697089daa4abda69a8c0c992404610a6be9e103c972459065dec0488e85a6a0418fc87dd8019ef7bb4ef4fa6ee08d81797570578f2e8198e687012f25a69a90e7515e35f8abbddfa96c3f0485f01f0e9e144a2bd31c1b594c50de7c9efd826f1e19b7bd89ca4052b1985287bd13957a48467e0eeddf564d175bf4340885b63976df609806c3b2a3667539dfd66a7400000000003be6026e60205f761ce85cdf75cdb95ca5d32b5bf87eed4184d49f8f48181ef2419efe82ebb18ee55772d562b3b49551714e805a5211a3f4e8e703c03e23b2074bc573dbb66d59e269b722637c4a2efb5241cae2f14774609ad91d66724c438455dc4fcf0b4c8fc235f6c190b4c82bb2556d1fbcd4468369e98e900c743162ce2c7e60610acf0c8e4ba94a7e7127c7de0e6c35acecee1b8434fdca4579f9ebc6a515f7d910b466eb583fb0a7e65fbecb2b8ee0e9da33afb88aa5da8da3a5e0e58fcb48de6f165826b046a8951a47e040bd419d0efa0f54e8e3694085a7bde6f6494968d8200000000000"], &(0x7f0000003ff6)='syzkaller\x00', 0x1, 0xc3, &(0x7f00000002c0)=""/195, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x8, &(0x7f0000000000), 0xffffffffffffff37}, 0x48)
r7 = socket$inet_udp(0x2, 0x2, 0x0)
setsockopt$sock_int(r7, 0x1, 0x1000000000000f, &(0x7f0000000080)=0x7fffffff, 0x4)
setsockopt$sock_attach_bpf(r7, 0x1, 0x34, &(0x7f0000000040)=r6, 0x4)
r8 = bpf$PROG_LOAD(0x5, &(0x7f0000008000)={0x1, 0x3, &(0x7f0000000140)=ANY=[@ANYBLOB="b7000000ecffffff0c0000000000000095000000000000005e0c83dfb64a3eb1cdfa541cd3957aa8a96b9fa4591c1eb556e38defc504b011face5a06294c2115a9ad943bac350e8d7961537181f79ead9176dc7c3ed2d45004deb987fa0d"], &(0x7f0000003ff6)='syzkaller\x00', 0x1, 0xc3, &(0x7f00000002c0)=""/195, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x8, &(0x7f0000000000), 0xffffffffffffff37}, 0x48)
r9 = dup2(r8, r6)
setsockopt$sock_attach_bpf(r7, 0x1, 0x34, &(0x7f00000000c0)=r9, 0x4)

5.207623572s ago: executing program 4 (id=3122):
r0 = socket$nl_netfilter(0x10, 0x3, 0xc)
openat$iommufd(0xffffffffffffff9c, 0x0, 0x80, 0x0)
socketpair$unix(0x1, 0x3, 0x0, &(0x7f0000000080)={<r1=>0xffffffffffffffff, <r2=>0xffffffffffffffff})
connect$unix(r1, &(0x7f000057eff8)=@abs, 0x6e)
sendmmsg$unix(r2, &(0x7f00000bd000), 0x318, 0x0)
recvmmsg(r1, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
r3 = socket$inet6_sctp(0xa, 0x1, 0x84)
setsockopt$inet6_mtu(r3, 0x29, 0x17, &(0x7f00000000c0), 0x4)
setsockopt$inet_sctp6_SCTP_DEFAULT_PRINFO(r3, 0x84, 0x72, 0x0, 0x0)
sendmsg$inet6(r3, 0x0, 0x0)
r4 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000040), 0x20040, 0x0)
r5 = ioctl$KVM_CREATE_VM(r4, 0xae01, 0x0)
ioctl$KVM_SET_USER_MEMORY_REGION(r5, 0x4020ae46, &(0x7f0000000400)={0x0, 0x0, 0x0, 0x20002000, &(0x7f0000000000/0x2000)=nil})
r6 = ioctl$KVM_CREATE_VCPU(r5, 0xae41, 0x0)
syz_kvm_setup_cpu$x86(0xffffffffffffffff, r6, &(0x7f0000000000/0x18000)=nil, &(0x7f0000000140)=[@text64={0x40, &(0x7f0000000640)="430fc73f0f2390b9800000c00f3235010000000f300f20d835080000000f22d8c4e18173f53866baf80cb83879e487ef66bafc0cec66b88e008ec02d1aa80000460f1c460041ae", 0x47}], 0x1, 0x74, 0x0, 0x0)
getsockopt$sock_buf(0xffffffffffffffff, 0x1, 0x0, 0x0, &(0x7f0000000240))
bpf$BPF_BTF_LOAD(0x12, &(0x7f00000005c0)={0x0, 0x0, 0x0, 0x0, 0x1, 0x2}, 0x28)
ioctl$KVM_RUN(r6, 0xae80, 0x0)
openat$kvm(0xffffffffffffff9c, &(0x7f0000000180), 0x2, 0x0)
sendmsg$NL80211_CMD_SET_NOACK_MAP(0xffffffffffffffff, &(0x7f00000003c0)={&(0x7f0000000000)={0x10, 0x0, 0x0, 0x80000000}, 0xc, &(0x7f00000001c0)={0x0, 0x44}, 0x1, 0x0, 0x0, 0x804}, 0x44)
sendmsg$nl_route_sched(0xffffffffffffffff, &(0x7f0000000080)={0x0, 0xfffffffffffffe1d, &(0x7f0000000780)={&(0x7f0000000380)=@newqdisc={0x94, 0x24, 0x400, 0x70bd2b, 0x25dfdc01, {0x0, 0x0, 0x12, 0x0, {0x10}, {0xffff, 0xffff}, {0xfff1, 0xfff2}}, [@TCA_STAB={0xfffffffffffffd39, 0x8, 0x0, 0x1, [{{0x0, 0x1, {0x10, 0x9, 0x2, 0x9, 0x2, 0x1, 0x80}}, {0x0, 0x2, [0xd, 0xce7, 0x9]}}, {{0x0, 0x1, {0x0, 0x9, 0x1f25, 0x3, 0x6253f26a4a3d0c7c, 0x7ff, 0x5}}, {0x0, 0x2, [0x100, 0x4, 0x4e, 0x8]}}, {{0x0, 0x1, {0xc, 0xf, 0xa, 0x1, 0x2, 0x692a, 0x40}}, {0x0, 0x2, [0x9, 0x2, 0x8]}}, {{0x0, 0x1, {0x81, 0x1, 0xd, 0x0, 0x1, 0xa, 0x4}}, {0x0, 0x2, [0x21]}}, {{0x0, 0x1, {0x3, 0xc, 0x6, 0x1, 0x2, 0x8000, 0xe84}}, {0x0, 0x2, [0xfffc, 0xffff, 0x9, 0xe]}}]}]}, 0x94}, 0x1, 0x0, 0x0, 0x840}, 0x0)
r7 = syz_open_procfs(0xffffffffffffffff, &(0x7f0000000040)='net/vlan/vlan0\x00')
fallocate(r7, 0x20, 0x0, 0x80000000)
sendmsg$NFT_BATCH(r0, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000040)={&(0x7f0000000100)=ANY=[@ANYBLOB="140000001000010000000000000000000000000a20000000000a03000000000000000000010000000900010073797a300000000058000000030a0102000000000000000001000000090003803d2175fbe782c2002c00048008000240172af2e40800014000000003080002401c791e7108000240423930ce08000140000000030900010073797a300000000088000000060a010400000000000000000100000008000b400000000014000480100001800b0001006e756d67656e00000900010073797a30000000004c0004804800018008000100666962003c000280080003400000000c0800014000000002080001400000003008000240000000030800014000000012080003"], 0x122}}, 0x0)
syz_usb_connect(0x0, 0x36, &(0x7f0000000240)=ANY=[@ANYBLOB="120100002aafee08f00a5167cb75000000010902240001000000000904010002ffffff000905ff000000000000090501"], 0x0)

4.819876689s ago: executing program 3 (id=3123):
openat$kvm(0xffffffffffffff9c, &(0x7f0000000180), 0x100, 0x0)
socketpair$unix(0x1, 0x3, 0x0, &(0x7f0000000080)={<r0=>0xffffffffffffffff, <r1=>0xffffffffffffffff})
connect$unix(r0, &(0x7f000057eff8)=@abs, 0x6e)
sendmmsg$unix(r1, &(0x7f00000bd000), 0x318, 0x0)
recvmmsg(r0, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
sched_setattr(0x0, &(0x7f0000000000)={0x38, 0x0, 0x8, 0x8001, 0x0, 0x9, 0x0, 0xfffffe0000000001, 0xfa11, 0xffffffff}, 0x0)
r2 = socket$inet(0xa, 0x801, 0x84)
connect$inet(r2, &(0x7f0000000340)={0x2, 0x0, @remote={0xac, 0x14, 0xffffffffffffffff}}, 0x10)
socket$nl_route(0x10, 0x3, 0x0)
r3 = accept4(r2, 0x0, 0x0, 0x0)
setsockopt$inet_sctp6_SCTP_DEFAULT_SNDINFO(r3, 0x84, 0x22, 0x0, 0x0)
sendto$inet(r3, &(0x7f0000000300), 0x0, 0x0, 0x0, 0x0)
munmap(&(0x7f0000002000/0x2000)=nil, 0x2000)
syz_open_procfs$pagemap(0x0, &(0x7f0000000240))
r4 = socket$inet_tcp(0x2, 0x1, 0x0)
setsockopt$inet_buf(r4, 0x0, 0x10, &(0x7f00000006c0)="170000000200020000ffbe8c5ee17688a2003c000303000afdff0230040000d90200bb6a880000d6c9db0000db00000200df01800a0000ebfc0607bdff59100ac45761547a681f009cee4a5acba400001fb700674f00c88ebbf9315033bf79ac2dfc061f15003901dee2ffffffffe9000000000000000062068f5ee50ce5af9b1c568302ffff02ff0331dd3bab0840024f0298e9e90539062a80e605007f71174ab498a30b3e5a1b47b63a6323ded2aa084cd36276a3afff0100", 0xba)
openat$apparmor_thread_current(0xffffffffffffff9c, &(0x7f0000000140), 0x2, 0x0)
ioctl$VIDIOC_CREATE_BUFS(0xffffffffffffffff, 0xc100565c, &(0x7f0000000040)={0x4, 0xfff, 0x4, {0x9, @sliced={0xd, [0x2, 0x9, 0x0, 0x7, 0x2, 0x3, 0xfff9, 0x3, 0x104d, 0x1, 0x4, 0x6a, 0x200, 0x8f, 0x7, 0x4, 0x4, 0x8022, 0x3, 0xd, 0x2, 0x1000, 0x50, 0x5, 0x1, 0x9, 0x1c61, 0x3, 0x9, 0x9, 0x9, 0x7, 0xbaab, 0x7, 0x21, 0x3e1f, 0x5, 0x7, 0x0, 0x9f, 0x5, 0xd, 0x4, 0x100, 0x1000, 0x4, 0x7d82, 0x7], 0x9}}, 0xfffffffd})
mmap(&(0x7f0000000000/0xfbe000)=nil, 0xfbe000, 0xb, 0x31, 0xffffffffffffffff, 0x0)
r5 = syz_usb_connect(0x0, 0x2d, &(0x7f00000005c0)=ANY=[@ANYBLOB="12010000413f5f201d0650c16fce0102030109021b00010000100009043300011870fd"], 0x0)
syz_usb_control_io$hid(r5, 0x0, 0x0)
ioctl$TIOCSETD(0xffffffffffffffff, 0x5423, &(0x7f0000000040)=0xd)
socket$nl_generic(0x10, 0x3, 0x10)
r6 = socket$pppl2tp(0x18, 0x1, 0x1)
r7 = socket$inet6_udp(0xa, 0x2, 0x0)
connect$pppl2tp(r6, &(0x7f0000000040)=@pppol2tp={0x18, 0x1, {0x0, r7, {0x2, 0x0, @local}, 0x2}}, 0x26)
r8 = syz_genetlink_get_family_id$l2tp(&(0x7f0000000040), 0xffffffffffffffff)
r9 = socket$nl_generic(0x10, 0x3, 0x10)
sendmsg$L2TP_CMD_SESSION_DELETE(r9, &(0x7f0000000140)={0x0, 0x0, &(0x7f0000000100)={&(0x7f0000000180)={0x34, r8, 0x1, 0x60bd27, 0x4, {0x5}, [@L2TP_ATTR_CONN_ID={0x8, 0x9, 0x2}, @L2TP_ATTR_PEER_SESSION_ID={0x8, 0xc, 0xaa8}, @L2TP_ATTR_SESSION_ID={0x8}, @L2TP_ATTR_PW_TYPE={0x6}]}, 0x34}}, 0x20)

3.912828895s ago: executing program 0 (id=3124):
write(0xffffffffffffffff, &(0x7f0000000180)="7e7226ce9b4d692092ffa2b579f0ff5793012c9738a9be19ff3e69a683a0a1bbace0dc3853c661a4e1019e7a1f3af60350126cb99c5f3ace6f5616c00e0fb30b2832398fed6233b8632a001dd0a846cbb8a5d77e3208db486b055edb6ae7917f07ccf4b6811be57047aa17799359e733ec395940d1feb7a9ec2ddadb1ff61070c9c00f9db8e47f74a5271fa77b6e692e6ac97aaae883e5522f8e86c2403aec0ff8dee1cba5d40f0969470b9a2a95f6f22f9d4250809400ea8403", 0xba)
setsockopt$TIPC_GROUP_LEAVE(0xffffffffffffffff, 0x10f, 0x88)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000040)={0xffffffffffffffff, <r0=>0xffffffffffffffff})
setsockopt$packet_int(0xffffffffffffffff, 0x107, 0xf, &(0x7f0000000100)=0x9, 0x4)
ioctl$sock_SIOCGIFINDEX(r0, 0x8933, &(0x7f00000000c0)={'ip6gretap0\x00'})
r1 = socket$nl_generic(0x10, 0x3, 0x10)
sendmsg$nl_generic(r1, &(0x7f0000000100)={0x0, 0x0, &(0x7f0000000040)={&(0x7f0000000240)=ANY=[@ANYBLOB="1c006a81886489c231531346a2b0f73abcc800002e00090027bc7000"], 0x1c}, 0x1, 0x0, 0x0, 0x42804}, 0x4084)
mmap(&(0x7f0000000000/0xfbe000)=nil, 0xfbe000, 0x300000a, 0x4031, 0xffffffffffffffff, 0x0)
sendmsg$IPSET_CMD_CREATE(0xffffffffffffffff, &(0x7f0000000340)={0x0, 0x0, &(0x7f0000000300)={&(0x7f0000000080)=ANY=[@ANYBLOB="54000000020601080000000000000000000000000d0003006c6973743a73657400000000050001000700000005000500020000000900060073797a300000000005000400000000000c0027800800064000000000"], 0x54}, 0x1, 0x0, 0x0, 0x2002c0c4}, 0x0)
mmap$IORING_OFF_SQ_RING(&(0x7f0000400000/0xc00000)=nil, 0xc00000, 0x3000002, 0x5d031, 0xffffffffffffffff, 0x0)
r2 = syz_clone(0x11, 0x0, 0x0, 0x0, 0x0, 0x0)
move_pages(r2, 0x0, 0x0, 0x0, &(0x7f0000000540), 0x0)
r3 = socket$inet6_tcp(0xa, 0x1, 0x0)
setsockopt$inet6_tcp_int(r3, 0x6, 0x13, &(0x7f0000000040)=0x100000001, 0x76dc)
connect$inet6(r3, &(0x7f0000000080)={0xa, 0x0, 0x0, @loopback}, 0x1c)
splice(r3, 0x0, 0xffffffffffffffff, 0x0, 0x10000008ebc, 0x0)
ioctl$VIDIOC_S_FBUF(0xffffffffffffffff, 0x4030560b, &(0x7f0000000380)={0x22, 0x2, &(0x7f0000000280)="0b666b704c5bad6b50f313024b7570e9c7a6308cefc144bdf66c5cc5045ccda60112c25f568c6d031213ab664e0959c8b7c0484d9f3d1ed202c6a0e19025daa5027bfb87c047f468049e0735026a2db8ec61d2947e1d7ec7bae0010c2bfc2cd5833c116bed5c41cae1cab2133b1b33b2d32185aed602f999cf57d73edaabe29a04640cce5fbb253dcc11fe0cf0685923db05941407885d6e10f708e12257664d125ede86b7f6a0218e04692e0b4e5bace303f4511a75c3382e3c4bc3d45e4f979f331bcadb39beaf063f09bf9ec146b70b677dcf9c3a5ab93580cd85353c0dd4a63385aad1f0cabd661b14585089196ec1", {0x200, 0xfffffffe, 0x35323645, 0x0, 0xffff8000, 0x2, 0x7, 0x9}})
socketpair$tipc(0x1e, 0x1, 0x0, &(0x7f0000000000))
r4 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000100), 0x709882, 0x0)
r5 = ioctl$KVM_CREATE_VM(r4, 0xae01, 0x0)
ioctl$KVM_SET_USER_MEMORY_REGION(r5, 0x4020ae46, &(0x7f0000000400)={0x0, 0x0, 0x0, 0x20002000, &(0x7f0000000000/0x2000)=nil})
r6 = ioctl$KVM_CREATE_VCPU(r5, 0xae41, 0x2)
syz_kvm_setup_cpu$x86(0xffffffffffffffff, r6, &(0x7f0000000000/0x18000)=nil, &(0x7f0000000140)=[@text64={0x40, 0x0}], 0x1, 0xe8, 0x0, 0x0)
ioctl$KVM_RUN(r6, 0xae80, 0x0)
syz_kvm_setup_cpu$x86(r5, r6, &(0x7f000000c000/0x18000)=nil, &(0x7f0000000080)=[@text32={0x20, 0x0}], 0x1, 0x4, 0x0, 0x0)
r7 = ioctl$KVM_CREATE_VM(0xffffffffffffffff, 0xae01, 0xffffffffffffffff)
ioctl$KVM_SET_USER_MEMORY_REGION(r7, 0x4020ae46, &(0x7f0000000400)={0x0, 0x0, 0x0, 0x20002000, &(0x7f0000000000/0x2000)=nil})
r8 = ioctl$KVM_CREATE_VCPU(r5, 0xae41, 0x0)
syz_kvm_setup_cpu$x86(0xffffffffffffffff, r8, &(0x7f0000000000/0x18000)=nil, &(0x7f0000000600)=[@text64={0x40, &(0x7f0000000640)="430fc73f0f2390b9800000c00f3235010000000f300f20d835080000000f22d8c4e18173f53866baf80cb83879e487ef66bafc0cec66b88e008ec02d1aa80000460f1c460041ae", 0x47}], 0x1, 0x74, 0x0, 0x0)

3.520488113s ago: executing program 0 (id=3125):
openat$rfkill(0xffffffffffffff9c, &(0x7f0000000040), 0x801, 0x0)
socketpair$unix(0x1, 0x3, 0x0, &(0x7f0000000080)={<r0=>0xffffffffffffffff, <r1=>0xffffffffffffffff})
connect$unix(r0, &(0x7f000057eff8)=@abs, 0x6e)
sendmmsg$unix(r1, &(0x7f00000bd000), 0x318, 0x0)
recvmmsg(r0, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
ioctl$IOMMU_TEST_OP_MOCK_DOMAIN_FLAGS(0xffffffffffffffff, 0x3ba0, &(0x7f0000000200)={0x48})
r2 = dup(0xffffffffffffffff)
setsockopt$inet_sctp6_SCTP_STREAM_SCHEDULER(r2, 0x84, 0x7b, &(0x7f0000000280)={0x0, 0x4}, 0x8)
setsockopt$inet_sctp6_SCTP_SOCKOPT_BINDX_ADD(r2, 0x84, 0x64, &(0x7f0000000040)=[@in6={0xa, 0x4e24, 0x6, @local, 0x3}], 0x1c)
bpf$PROG_LOAD(0x5, &(0x7f0000000080)={0x1, 0xe, &(0x7f0000001100)=ANY=[@ANYBLOB="b7020000c54a4530bfa30000ffb000000703000000feffff7a0af0fff8ffff1971a4f0ff00000000b706000008ffffffcf6400000000000045040400010000001704000001000a00b7040000000100006a0af2fe0000004f850000001a000000b7000000000000009500000000000000455781a5feee5e1ce784909b849d5550adf200000000000000b61d69f2ffdaa10350e11cb97c8ad51bcda0c4ee6d9674c77404ceb9971e43405d62de53a1a53608c10556e5734eb84049761451ce2e2d9f8004e26f7fcc059c06220002595f6dba87b81d1106fb026cce67a66afd9ac3d09e29a9d542ca9d85a5c9c88474895c679838def0a83a733dc6a39b63a5ed69d32394c53361d7480884bd6fee53f5b2e7b91c61ced1ebad000000000000e8122a793c080a882add4e1179bd4a44f2fcb6d753a78845d8363e0401861abebe428ba953df4aece69311687f4122073a236c3ad198e3f3a532efa04137d452ff47d2638da3261c8362bb7c7824be6195a66d2e17e122040e11e3bd4a69fc6e8d9f7043e09b9e10dc7777bfae5884e4ba1e9cc4a2bbe99e30810400000000000000d63d716c0975e1ce4a655362e7062ff6ab3934555c01840219829472adefa06d3482c7b2711b98eabdca89b77efd13e6dba4a431ce47911834118093b6cabaa17a57727474e1785ee234835088445aa4a9b677d3d342640e328504aea02a2dff0f000000000000bf8fe1d704765de7482040b2fc3000000000000000008947baeaaf954aff687deaa2f804924600273ee26d8115cbca081a14cba24788779291745083fccdddc90d7af35c048d46362ea0d8d79c79ddca066da478c197d4a550470557bc99cca336bd88cd28a5ee651627e3a6fbf6ea53b95ddb64c69c7d8d2f4baddc239828760459564124bad68209d2a1d16ad085886c017679cfcda8b10700ac1e2bcc5ede5b5687aa418abfa29acd7339e73b2cd185c9eb5fb34fccd20ffa155b16c0c309ed6f6663677df37de0ec0d0f548b273940be5d1fe0bae14d1a76bf741330dacd9cc19c0163bcc93059e8d2d120ea257bba458ecd989cb3581a3f270ad48255ac0dad4923e3e357e4e90583ce8d43ec65ed491d87a51d7c13f665dcf772e3ead71112008b16b0ea821f70aee1ccbd71c5a1c21e87d5b7b73d356337dbcf3456ff6cd0d6b98a258e3509a7d15b9dcae4d0d750ffa07909c955e718585b2456308beda2fa03bb9bcf03cdff31ee4b1665b987829c0f0872c006c6e4ed666fe23b343aae943923eedbdb0e7abee90e3da7b98b7d07d2d4816201ad1737798635b0a3ebd3aed120e4500c16e6c9dc729f2cb4ff5106419291d4222980b49ddb9527ce785822d8f4e2bc30a96767f500b9e26e3b12854da63083320d8bfe49d85e0842803dc59d6375bce2b8a93caf39c0ba767880b9bf9407e6a6c0f9a43d1ab51dabf9423b482e848fbe1653ff0c6161fa43543546ce17a42e6cddadaf0767d84407478ffe2d0b567d81201efc81e800d4c0874235ff5cd7f5f0ee71cc2b0193bfc9290627ceaeb0b02931a817688f3a51fa2861e70cbab50a5d434ed8d8841694dba46f3d5a95ae86e4d471684ccf427b2ba53a157b2a7cf7a4c10051bb77822190a14c2ab1f271a7cf9c240b99"], &(0x7f0000000100)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x8, &(0x7f0000000000), 0x0, 0x10, &(0x7f0000000340), 0xfffffffffffffe19, 0x0, 0xffffffffffffffff, 0x54}, 0x42)
r3 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000440), 0x0, 0x0)
r4 = ioctl$KVM_CREATE_VM(r3, 0xae01, 0x0)
r5 = ioctl$KVM_CREATE_VCPU(r4, 0xae41, 0x2)
mmap(&(0x7f0000000000/0x4000)=nil, 0x4000, 0x1000003, 0x13, r5, 0x0)
ioctl$KVM_SET_REGS(r5, 0x4090ae82, &(0x7f00000000c0)={[0x1, 0x1000000000000000, 0x7, 0x109e93, 0xffffffffffffffff, 0x400000, 0xd, 0x0, 0x2, 0xfffffffffffffffd, 0x48d6, 0x200000010000, 0x6, 0x6, 0x20000001], 0xd5d5c004, 0x8340})
ioctl$KVM_SET_VCPU_EVENTS(r5, 0x4040aea0, &(0x7f00000001c0)=@x86={0x9, 0x0, 0xb, 0x0, 0x4, 0x8, 0xe, 0x4, 0x9, 0x3c, 0x2, 0x2, 0x0, 0x6, 0x9, 0xd, 0x4, 0xc2, 0x98, '\x00', 0xbc, 0x901c835})
bpf$PROG_LOAD(0x5, &(0x7f0000000280)={0x1d, 0xc, 0x0, 0x0, 0x0, 0x0, 0x0, 0x41000, 0x64, '\x00', 0x0, @lsm=0x2b, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xa2af}, 0x94)
ioctl$KVM_RUN(r5, 0xae80, 0x0)
ioctl$KVM_RUN(r5, 0xae80, 0x0)
socket$can_bcm(0x1d, 0x2, 0x2)
r6 = bpf$PROG_LOAD(0x5, &(0x7f0000008000)={0x1, 0x3, &(0x7f0000000680)=ANY=[@ANYBLOB="b70000000000000007000000000000009500000000000000a9171809f8dcf159569d5475991f7de1a0d0c119cfcf6b98741c23fb7f8d3002ec85db75af955427e91496087a51a0a78f269a9e216a0d0177c4fe3552396a180330807a5b6e8c79aa92038c78d1f16c1323f0e0c8d45c641a21757847cb22230e4321cc3581e40c62c4defee8cffe359cfeef7f58fffdb48647d28ae810f6d22d20271e9e88e94aa6982bf48356652b08e2fbd404e41e0058aae0478fbe542b648421d1b4486a542a7d478fbe6b5e000000293853f9c68e235184b7ad5b6c4fe70ec8320500db0db7fda3da6171a05509ffecef2cb9802d4f36c9a1ce46d3b355fec188ccfc2f0fc89e164561fb06ee9a0153981a47b5de9edd3536d5534f9a699f73b2c9341d2d05043748ce1f4577ed76cdf5b3c697089daa4abda69a8c0c992404610a6be9e103c972459065dec0488e85a6a0418fc87dd8019ef7bb4ef4fa6ee08d81797570578f2e8198e687012f25a69a90e7515e35f8abbddfa96c3f0485f01f0e9e144a2bd31c1b594c50de7c9efd826f1e19b7bd89ca4052b1985287bd13957a48467e0eeddf564d175bf4340885b63976df609806c3b2a3667539dfd66a7400000000003be6026e60205f761ce85cdf75cdb95ca5d32b5bf87eed4184d49f8f48181ef2419efe82ebb18ee55772d562b3b49551714e805a5211a3f4e8e703c03e23b2074bc573dbb66d59e269b722637c4a2efb5241cae2f14774609ad91d66724c438455dc4fcf0b4c8fc235f6c190b4c82bb2556d1fbcd4468369e98e900c743162ce2c7e60610acf0c8e4ba94a7e7127c7de0e6c35acecee1b8434fdca4579f9ebc6a515f7d910b466eb583fb0a7e65fbecb2b8ee0e9da33afb88aa5da8da3a5e0e58fcb48de6f165826b046a8951a47e040bd419d0efa0f54e8e3694085a7bde6f6494968d8200000000000"], &(0x7f0000003ff6)='syzkaller\x00', 0x1, 0xc3, &(0x7f00000002c0)=""/195, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x8, &(0x7f0000000000), 0xffffffffffffff37}, 0x48)
r7 = socket$inet_udp(0x2, 0x2, 0x0)
setsockopt$sock_int(r7, 0x1, 0x1000000000000f, &(0x7f0000000080)=0x7fffffff, 0x4)
setsockopt$sock_attach_bpf(r7, 0x1, 0x34, &(0x7f0000000040)=r6, 0x4)
r8 = bpf$PROG_LOAD(0x5, &(0x7f0000008000)={0x1, 0x3, &(0x7f0000000140)=ANY=[@ANYBLOB="b7000000ecffffff0c0000000000000095000000000000005e0c83dfb64a3eb1cdfa541cd3957aa8a96b9fa4591c1eb556e38defc504b011face5a06294c2115a9ad943bac350e8d7961537181f79ead9176dc7c3ed2d45004deb987fa0d"], &(0x7f0000003ff6)='syzkaller\x00', 0x1, 0xc3, &(0x7f00000002c0)=""/195, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x8, &(0x7f0000000000), 0xffffffffffffff37}, 0x48)
r9 = dup2(r8, r6)
setsockopt$sock_attach_bpf(r7, 0x1, 0x34, &(0x7f00000000c0)=r9, 0x4)

3.252196494s ago: executing program 5 (id=3126):
r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000100), 0x8000, 0x0)
r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0)
ioctl$KVM_SET_USER_MEMORY_REGION(r1, 0x4020ae46, &(0x7f0000000400)={0x0, 0x0, 0x0, 0x20002000, &(0x7f0000000000/0x2000)=nil})
r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0)
syz_kvm_setup_cpu$x86(0xffffffffffffffff, r2, &(0x7f0000000000/0x18000)=nil, &(0x7f0000000140)=[@text64={0x40, &(0x7f00000001c0)="c744240077dd0000c74424027fbe0000c7442406000000000f011c24b8010000000f01c1450f01ca470f01f866baf80cb8e4f61882ef66bafc0c66b8795966ef40250000000066b8de000f00d02e0f005ffa0f01c92e640fc71f", 0x5a}], 0x1, 0xe8, 0x0, 0x0)
ioctl$KVM_RUN(r2, 0xae80, 0x0)
munmap(&(0x7f0000001000/0x3000)=nil, 0x3000)
ioctl$KVM_RUN(r2, 0xae80, 0x0)
ioctl$KVM_SET_GUEST_DEBUG_x86(r2, 0x4048ae9b, &(0x7f0000000240)={0x40000, 0x0, {[0x2, 0x5, 0x0, 0xffffffff80000000, 0x2, 0x8, 0x20000000, 0x5]}})
r3 = openat$nvram(0xffffffffffffff9c, &(0x7f0000000000), 0x400080, 0x0)
r4 = socket$nl_generic(0x10, 0x3, 0x10)
r5 = socket$nl_generic(0x10, 0x3, 0x10)
r6 = syz_genetlink_get_family_id$nl80211(&(0x7f0000000240), 0xffffffffffffffff)
preadv2(r2, &(0x7f0000000a00)=[{&(0x7f0000000680)=""/161, 0xa1}, {&(0x7f0000000740)=""/112, 0x70}, {&(0x7f00000007c0)=""/221, 0xdd}, {&(0x7f00000008c0)=""/197, 0xc5}, {&(0x7f00000009c0)=""/21, 0x15}], 0x5, 0xaad, 0x7, 0x18)
ioctl$sock_SIOCGIFINDEX_80211(r4, 0x8933, &(0x7f0000000000)={'wlan1\x00', <r7=>0x0})
sendmsg$NL80211_CMD_NEW_INTERFACE(r5, &(0x7f0000000300)={0x0, 0x0, &(0x7f00000000c0)={&(0x7f0000000340)=ANY=[@ANYBLOB="e4000000", @ANYRES16=r6, @ANYBLOB="07002abd5248ffdbdf2507ff000008000300", @ANYRES32=r7, @ANYBLOB="0c00990001000c0069000000140004002f6163766c616e3100000000000000000400cc00080005000a"], 0xe4}}, 0x0)
getsockname$packet(r3, &(0x7f0000000280)={0x11, 0x0, <r8=>0x0, 0x1, 0x0, 0x6, @random}, &(0x7f00000002c0)=0x14)
socketpair$unix(0x1, 0x3, 0x0, &(0x7f0000000080)={<r9=>0xffffffffffffffff})
connect$unix(r9, &(0x7f000057eff8)=@abs, 0x6e)
recvmmsg(r9, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
fcntl$getownex(r9, 0x10, &(0x7f0000000040))
bpf$BPF_GET_PROG_INFO(0xf, &(0x7f00000000c0)={0xffffffffffffffff, 0xe0, &(0x7f0000000280)={0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, ""/16, <r10=>0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, &(0x7f0000000080), <r11=>0x0, 0xc5, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x47, 0x8, 0x0, 0x0}}, 0x10)
r12 = socket$nl_generic(0x10, 0x3, 0x10)
sendmsg$nl_generic(r12, &(0x7f0000000400)={0x0, 0x0, &(0x7f0000000180)={&(0x7f0000000440)=ANY=[@ANYRES32=r10, @ANYRESHEX=r11, @ANYRESHEX=r9], 0x34}, 0x1, 0x0, 0x0, 0x24048011}, 0x8800)
r13 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000000)='hugetlb.1GB.usage_in_bytes\x00', 0x275a, 0x0)
cachestat(r13, &(0x7f0000000040)={0x2, 0x1}, 0xfffffffffffffffe, 0x0)
io_uring_register$IORING_REGISTER_FILES_UPDATE(r13, 0x6, &(0x7f0000000640)={0xc4d, 0x0, &(0x7f0000000600)=[r2, r3, r2, r4, r13]}, 0x5)
bpf$PROG_LOAD(0x5, &(0x7f0000000540)={0x17, 0x16, &(0x7f00000003c0)=@raw=[@tail_call, @map_val={0x18, 0x9, 0x2, 0x0, r3, 0x0, 0x0, 0x0, 0x4}, @kfunc={0x85, 0x0, 0x2, 0x0, 0x3}, @ringbuf_query={{0x18, 0x1, 0x1, 0x0, r3}}, @printk={@lld, {}, {}, {}, {}, {0x7, 0x0, 0xb, 0x3, 0x0, 0x0, 0x7}}, @initr0={0x18, 0x0, 0x0, 0x0, 0x7, 0x0, 0x0, 0x0, 0x7ff}], &(0x7f00000001c0)='GPL\x00', 0x8, 0x19, &(0x7f0000000200)=""/25, 0x41000, 0x50, '\x00', r8, @cgroup_sysctl, r3, 0x8, &(0x7f0000000480)={0x8, 0x4}, 0x8, 0x10, &(0x7f00000004c0)={0x1, 0xe, 0x7f94, 0x3ff}, 0x10, r11, r13, 0x0, &(0x7f0000000500)=[r3, r3, r3, r3, r3, r3], 0x0, 0x10, 0x80000001}, 0x94)
sendmsg$NL80211_CMD_CHANNEL_SWITCH(r3, &(0x7f0000000180)={&(0x7f0000000080)={0x10, 0x0, 0x0, 0x1000}, 0xc, &(0x7f0000000140)={&(0x7f00000000c0)={0x78, r6, 0x622, 0x70bd2a, 0x25dfdbfb, {{}, {@void, @void}}, [@NL80211_ATTR_CH_SWITCH_COUNT={0x8, 0xb7, 0x2c}, @chandef_params=[@NL80211_ATTR_CHANNEL_WIDTH={0x8, 0x9f, 0x5}, @NL80211_ATTR_CENTER_FREQ1={0x8, 0xa0, 0x400}], @NL80211_ATTR_CH_SWITCH_BLOCK_TX={0x4}, @NL80211_ATTR_CH_SWITCH_BLOCK_TX={0x4}, @NL80211_ATTR_CSA_IES={0x24, 0xb9, 0x0, 0x1, [@NL80211_ATTR_CSA_C_OFF_PRESP={0xc, 0xbb, [0x6, 0x9, 0x9, 0x600]}, @NL80211_ATTR_CSA_C_OFF_PRESP={0x12, 0xbb, [0xf39e, 0x2, 0x4, 0xff, 0x653b, 0x3, 0x6]}]}, @chandef_params=[@NL80211_ATTR_WIPHY_FREQ={0x8, 0x26, @random=0x98f}], @NL80211_ATTR_CH_SWITCH_COUNT={0x8, 0xb7, 0x18}, @NL80211_ATTR_CH_SWITCH_BLOCK_TX={0x4}, @NL80211_ATTR_CH_SWITCH_COUNT={0x8, 0xb7, 0xdd}, @NL80211_ATTR_CH_SWITCH_BLOCK_TX={0x4}]}, 0x78}}, 0x20080)
syz_usb_connect(0x5, 0x3f, &(0x7f0000000040)={{0x12, 0x1, 0x0, 0xb8, 0x2b, 0xc6, 0x20, 0x711, 0x901, 0xa806, 0x1, 0x2, 0x3, 0x1, [{{0x9, 0x2, 0x2d, 0x1, 0x0, 0x0, 0x70, 0x2, [{{0x9, 0x4, 0x44, 0x80, 0x3, 0x6c, 0xb9, 0x7e, 0x6, [], [{{0x9, 0x5, 0x4, 0x0, 0x200, 0x80, 0x2, 0x9}}, {{0x9, 0x5, 0xf, 0x8, 0x200, 0x10, 0x5}}, {{0x9, 0x5, 0xc, 0x0, 0x3ff, 0x1, 0xa, 0x2}}]}}]}}]}}, 0x0)

2.656080472s ago: executing program 1 (id=3127):
bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000300)={0x1, 0x4, &(0x7f00000000c0)=ANY=[@ANYBLOB="180000000000000000000003000000005e0000000000000095"], &(0x7f00000002c0)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x4000}, 0x94)

2.274817266s ago: executing program 1 (id=3128):
bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000040)={0x1, 0x4, &(0x7f0000000100)=ANY=[@ANYBLOB="183f0000000000000000000003000000950000000000000095"], &(0x7f00000003c0)='GPL\x00', 0x1, 0x20, &(0x7f0000001840)=""/4066, 0x0, 0x6, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x810, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x6}, 0x94)

2.059826943s ago: executing program 1 (id=3129):
openat$uinput(0xffffff9c, 0x0, 0x2, 0x0) (async)
socketpair$unix(0x1, 0x3, 0x0, &(0x7f0000000200)={<r0=>0xffffffffffffffff, <r1=>0xffffffffffffffff})
connect$unix(r0, &(0x7f000057eff8)=@file={0x0, './file0\x00'}, 0x6e) (async)
sendmmsg$unix(r1, &(0x7f00000bd000), 0x318, 0x0) (async)
recvmmsg(r0, &(0x7f00000000c0), 0x10106, 0x2, 0x0) (async)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0) (async)
r2 = socket$qrtr(0x2a, 0x2, 0x0)
connect$qrtr(r2, &(0x7f0000000200)={0x2a, 0xffffffffffffffff, 0xfffffffe}, 0xc) (async)
io_setup(0x6, &(0x7f0000000540)) (async)
r3 = syz_io_uring_setup(0x498, &(0x7f0000000540)={0x0, 0x465e, 0x400, 0x3, 0x285}, &(0x7f00000004c0)=<r4=>0x0, &(0x7f0000000480)=<r5=>0x0) (async)
r6 = socket$nl_netfilter(0x10, 0x3, 0xc)
sendmsg$IPCTNL_MSG_TIMEOUT_GET(r6, &(0x7f0000000180)={0x0, 0x60b1a859, &(0x7f0000000140)={&(0x7f00000000c0)={0x14, 0x1, 0x8, 0xe01, 0x0, 0x0, {0x7, 0x0, 0x1}}, 0x14}, 0x1, 0x0, 0x0, 0x40}, 0x0)
r7 = socket$nl_route(0x10, 0x3, 0x0)
sendmsg$nl_route_sched(r7, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000280)={&(0x7f00000006c0)=@newtaction={0x80, 0x1c, 0x1, 0x0, 0x0, {0x0, 0x0, 0x1300}, [{0x6c, 0x1, [@m_tunnel_key={0x38, 0x17, 0x0, 0x0, {{0xf}, {0x4}, {0x6, 0x6, "c9e6"}, {0xc, 0x7, {0x0, 0x1}}, {0xc, 0x8, {0x3, 0x2}}}}, @m_simple={0x30, 0xe, 0x0, 0x0, {{0xb}, {0x4}, {0x4}, {0xc, 0x7, {0x1, 0x1}}, {0xc, 0x8, {0x3, 0x2}}}}]}]}, 0x80}}, 0x0)
socket$key(0xf, 0x3, 0x2)
syz_memcpy_off$IO_URING_METADATA_GENERIC(r4, 0x4, &(0x7f0000000080)=0xfffffffc, 0x0, 0x4) (async)
write$vhost_msg(0xffffffffffffffff, &(0x7f0000000300)={0x1, {&(0x7f0000000100)=""/169, 0xa9, 0x0, 0x3, 0x3}}, 0x48) (async)
syz_io_uring_submit(r4, r5, &(0x7f00000002c0)=@IORING_OP_WRITEV={0x2, 0x0, 0x0, @fd=r2, 0x0, 0x0})
io_uring_enter(r3, 0x3498, 0x969, 0x0, 0x0, 0x0) (async)
socket$nl_generic(0x10, 0x3, 0x10)
mkdirat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000000)='./cgroup.net/syz1\x00', 0x1ff)
r8 = openat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000000), 0x200002, 0x0)
r9 = openat$cgroup_procs(r8, &(0x7f0000000080)='cgroup.procs\x00', 0x2, 0x0)
write$cgroup_pid(r9, &(0x7f00000001c0), 0x12) (async)
sync() (async)
socket$nl_generic(0x10, 0x3, 0x10) (async)
syz_genetlink_get_family_id$tipc2(&(0x7f0000000280), 0xffffffffffffffff)
r10 = socket$inet6_icmp_raw(0xa, 0x3, 0x3a)
ioctl$sock_SIOCGIFINDEX(r10, 0x8933, &(0x7f0000000000)={'bridge0\x00'}) (async)
socket$nl_route(0x10, 0x3, 0x0)

1.392474574s ago: executing program 5 (id=3130):
r0 = bpf$MAP_CREATE_RINGBUF(0x0, &(0x7f00000009c0)={0x1b, 0x0, 0x0, 0x40000, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0}, 0x48)
r1 = bpf$PROG_LOAD(0x5, &(0x7f00000006c0)={0x1, 0xf, &(0x7f0000000480)=@ringbuf={{0x18, 0x0, 0x0, 0x0, 0x4000}, {{0x18, 0x1, 0x1, 0x0, r0}}, {}, [], {{}, {0x7, 0x0, 0xb, 0x2, 0x0, 0x0, 0x1}, {0x85, 0x0, 0x0, 0x84}}}, &(0x7f0000000340)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
r2 = bpf$MAP_CREATE_TAIL_CALL(0x0, &(0x7f0000000740)={0x3, 0x4, 0x4, 0xa, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0}, 0x48)
bpf$MAP_UPDATE_ELEM_TAIL_CALL(0x2, &(0x7f0000000200)={{r2}, &(0x7f0000000000), &(0x7f0000000140)=r1}, 0x20)
bpf$PROG_LOAD(0x5, &(0x7f0000000500)={0x1, 0x8, &(0x7f0000000180)=ANY=[@ANYBLOB="1808000000000020000000000000000018120000", @ANYRES32=r2, @ANYBLOB="0000000000000000b703000000000000850000000c000000b70000002000000095"], &(0x7f0000000980)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x24, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
r3 = creat(&(0x7f0000000000)='./file0\x00', 0x40)
lsetxattr$security_capability(&(0x7f0000002580)='./file0\x00', &(0x7f00000025c0), 0x0, 0x0, 0x0)
write$binfmt_elf32(r3, &(0x7f00000000c0)=ANY=[@ANYBLOB="7f454c460104028dbe05000000000000020006000400000019000000380000005e020000"], 0x58)
r4 = socket$inet6_udp(0xa, 0x2, 0x0)
sendmsg$inet6(r4, &(0x7f0000000000)={&(0x7f00000000c0)={0xa, 0x4e20, 0x0, @loopback}, 0x1c, 0x0, 0x0, &(0x7f0000001400)=[@rthdr_2292={{0x28, 0x29, 0x5, {0x0, 0x2, 0x2, 0x1, 0x0, [@remote]}}}], 0x28}, 0x0)
close(r3)
accept4$unix(r3, &(0x7f0000000100), 0x0, 0x0)
execve(&(0x7f0000000080)='./file0\x00', 0x0, 0x0)
syz_usb_connect$uac1(0x69a90eab3db9c902, 0xa5, &(0x7f0000000280)={{0x12, 0x1, 0x200, 0x0, 0x0, 0x0, 0x40, 0x1d6b, 0x101, 0x40, 0x1, 0x2, 0x3, 0x1, [{{0x9, 0x2, 0x93, 0x3, 0x1, 0x4, 0xa0, 0x9, {{0x9, 0x4, 0x0, 0x0, 0x0, 0x1, 0x1, 0x0, 0x0, {{0xa, 0x24, 0x1, 0xfff7, 0x7}, [@output_terminal={0x9, 0x24, 0x3, 0x3, 0x300, 0x1, 0x3, 0xb}, @selector_unit={0x5, 0x24, 0x5, 0x6, 0x2}]}}, {}, {0x9, 0x4, 0x1, 0x1, 0x1, 0x1, 0x2, 0x0, 0x0, {[@format_type_i_continuous={0x8, 0x24, 0x2, 0x1, 0x82, 0x4, 0x9, 0x10}, @format_type_i_continuous={0xc, 0x24, 0x2, 0x1, 0x4, 0x1, 0xc, 0x3, "83b266", "a2"}]}, {{0x9, 0x5, 0x1, 0x9, 0x400, 0xff, 0xc8, 0x3, {0x7, 0x25, 0x1, 0x0, 0x4, 0x5}}}}, {}, {0x9, 0x4, 0x2, 0x1, 0x1, 0x1, 0x2, 0x0, 0x0, {[@format_type_i_discrete={0xb, 0x24, 0x2, 0x1, 0x6, 0x1, 0x8, 0x1, "3a3882"}, @as_header={0x7, 0x24, 0x1, 0x1, 0xc0, 0x5}]}, {{0x9, 0x5, 0x82, 0x9, 0x50, 0x5, 0x8, 0x41, {0x7, 0x25, 0x1, 0x82, 0xfe, 0x7}}}}}}}]}}, &(0x7f0000000200)={0x0, 0x0, 0x0, 0x0})

1.321128964s ago: executing program 4 (id=3131):
ioctl$VIDIOC_TRY_FMT(0xffffffffffffffff, 0xc0d05640, &(0x7f0000000000)={0xd, @pix_mp={0x9, 0x40000055, 0x47524247, 0x6, 0x8, [{0x9, 0x4000}, {0x9, 0x7fffffff}, {0x7f4d6e18, 0x2}, {0x0, 0x1}, {0x8000, 0x80000000}, {0x4000007}, {0x865b, 0x1f}, {0x7311, 0x7fff}], 0xc3, 0x4, 0x8, 0xe87b598fe6909e43, 0x5}})

1.128728111s ago: executing program 4 (id=3132):
socket$netlink(0x10, 0x3, 0x0)
r0 = shmget$private(0x0, 0x3000, 0x400, &(0x7f0000674000/0x3000)=nil)
shmat(r0, &(0x7f0000000000/0x4000)=nil, 0xffffffffffffcfff)
syz_clone(0x0, 0x0, 0x0, 0x0, 0x0, 0x0)
r1 = openat$cuse(0xffffffffffffff9c, &(0x7f0000000100), 0x2, 0x0)
ppoll(&(0x7f0000000000)=[{r1, 0x100}], 0x1, 0x0, 0x0, 0x0)
socketpair$unix(0x1, 0x3, 0x0, &(0x7f0000000080)={<r2=>0xffffffffffffffff, <r3=>0xffffffffffffffff})
connect$unix(r2, &(0x7f000057eff8)=@abs, 0x6e)
sendmmsg$unix(r3, &(0x7f00000bd000), 0x318, 0x0)
recvmmsg(r2, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
sendmsg(r3, &(0x7f0000000180)={0x0, 0x0, 0x0}, 0x0)
r4 = socket$nl_generic(0x10, 0x3, 0x10)
syz_genetlink_get_family_id$batadv(0x0, r4)
r5 = openat$nullb(0xffffffffffffff9c, &(0x7f0000000080), 0x2, 0x0)
r6 = dup(r5)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0x3000007, 0x38011, r6, 0x0)
open(&(0x7f0000000240)='./file0\x00', 0x4a100, 0x0)
sendfile(r6, r6, 0x0, 0xffffffff)
r7 = getpid()
r8 = syz_pidfd_open(r7, 0x0)
r9 = socket$nl_netfilter(0x10, 0x3, 0xc)
sendmsg$NFT_BATCH(r9, &(0x7f000000c2c0)={0x0, 0x0, &(0x7f0000000200)={&(0x7f0000000400)=ANY=[@ANYBLOB="140000001000010000000000000000000000000a28000000000a0101000000005e1affd5020000000900010073797a300000000008000240000000032c000000030a01030000e6ff00000000020000000900010073797a30000000000900030073797a320000000014000000110001"], 0x7c}}, 0x0)
process_madvise(r8, &(0x7f00000007c0)=[{&(0x7f0000000480)="ab1d3c56054b1efc90bf54d80859b679851088dbc17787ed192898b3fe5e5d3effecfd3b5fc248f1bb62f468b468681b1c1197a91cf9e9601b5cc8477a9a1609359d4a6c717ef0848ed05f85a4447d08b880e1a61c30a4caafe8994d258052eae56b6afd4052181a6cf53ec3b25d7b0d85605565eef855e1f429476a0ed4313eb80897322ba662a7d085b021efc4347d1377336a5f0bf4510cc2b54daa7e0408c69bffb6a75e4a4f506aaaa6401b77753d07065703890749e9e832c89426efb903b5405e6ce74e75633a6ed5da7ae02dac997906177432c70483a383a5dd713f71ac24e315b2042d2bac0ed1", 0xec}, {&(0x7f0000000580)="618a11a7810c9c8bbbdbe237d7112fa7843c969fbf9725172bf37d3a496c10543e42977f941437d7bc93919bfca1df8a4726d7a9177b62a4adfcd0e2765626f76dde5423583b7b41c72524fbdbe9526096108fd4d7f3b86fcbb3db00d60fa8cb0a25b6aa0fb58ffb10ea4117ca4a2602ff5fbced13ce042c67b19aa307a6752543c3c136ed331c34c5825bdc2d9531f78804a681e2a0fb40dab45173cbab092f973a181ded2880a65c50bed4", 0xac}, {&(0x7f0000000640)="641dcfe8abe1ac4aa44510665cd7f2f7646144ae87bd73d2f157a2b493d958b0a6784497c1b6e5434d4e532eea62b62e0476802fb7cf302a014c6ed88683534e09aa60eda2fb7c2f6b9a16575d890c7b1723e29ccd9d9491b0c47b88fc89a14a7c48614cafd6657aa5c4a2f945c1ee47d5ad2e88b307", 0x76}, {&(0x7f00000000c0)="f74e7c", 0x3}, {&(0x7f0000000700)="b86be48f6b44c0bc4df1c95b2aef35d58b3408b7af9beb06fb92a2b43703d9cfecc1fc2e413fbaadcfd58ba6fdaf0f937c957628620db05ad48c8bcf3f1a1f2301a0870fe797af8a56f2468f494ea26503b4252fc0fd96b07c0df02877c39196fe4c14999b509edb895b5c377c98ee66c213653585848e6b1905352db0447826e08e1d9db08ec7115014542eaab4825744e149ccafabc7108ced5d4ce1784536d4bd2bd99afdafaf", 0xa8}, {&(0x7f00000001c0)="e86dbd7e1761e27592d1d2d21ef9764887cc1c22945802067181775dcca407071083ddbee25375fbdfe1002f252e3ca419c0b94f68a4", 0x36}], 0x6, 0xc, 0x0)
sendmsg$NFT_BATCH(r9, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000040)={&(0x7f0000000100)={{0x14}, [@NFT_MSG_NEWRULE={0x98, 0x6, 0xa, 0x40b, 0x0, 0x0, {0x2}, [@NFTA_RULE_EXPRESSIONS={0x6c, 0x4, 0x0, 0x1, [{0x18, 0x1, 0x0, 0x1, @osf={{0x8}, @val={0xc, 0x2, 0x0, 0x1, [@NFTA_OSF_DREG={0x8, 0x1, 0x1, 0x0, 0x4}]}}}, {0x24, 0x1, 0x0, 0x1, @meta={{0x9}, @val={0x14, 0x2, 0x0, 0x1, [@NFTA_META_KEY={0x8, 0x2, 0x1, 0x0, 0xe}, @NFTA_META_SREG={0x8, 0x3, 0x1, 0x0, 0x4}]}}}, {0x2c, 0x1, 0x0, 0x1, @limit={{0xa}, @val={0x1c, 0x2, 0x0, 0x1, [@NFTA_LIMIT_RATE={0xc, 0x1, 0x1, 0x0, 0x23}, @NFTA_LIMIT_UNIT={0xc, 0x2, 0x1, 0x0, 0x1}]}}}]}, @NFTA_RULE_TABLE={0x9, 0x1, 'syz0\x00'}, @NFTA_RULE_CHAIN={0x9, 0x2, 'syz2\x00'}]}], {0x14, 0x11, 0x1, 0x0, 0x0, {0x1}}}, 0xc0}}, 0x0)
close(r9)
process_madvise(r8, &(0x7f0000000900)=[{0x0}, {&(0x7f0000000080)="c7", 0x1}], 0x2, 0x18, 0x0)
r10 = socket$nl_xfrm(0x10, 0x3, 0x6)
ioctl$sock_SIOCGIFINDEX(r10, 0x8933, &(0x7f0000000180)={'netdevsim0\x00', <r11=>0x0})
sendmsg$nl_xfrm(r10, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000040)={&(0x7f0000000280)=ANY=[@ANYBLOB="5c0100001000130700000000fcdbdf25e0000001000000000000000000000000ff02000000000000000000000000000100040b6e4e2100020000000021000000", @ANYRES32=0x0, @ANYRES32=0xee00, @ANYBLOB="fc010000000000000000000000000000000004d632000000e0000002000000000000000000000000000000000000000000000000000000000100008000000000010000000000008001000000ffffffff0000000000000000010000800000000043050000000000000400000000000000ffffffffffffff7f0000000000000000fdffffffffffffff0000000000000000000000002cbd70000035000002000000500000000000000060001200726663343130362867636d2861657329290000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000a000000060000000210466d38547aa140db9a200000000c538c7cb7a0c001c00", @ANYRES32=r11], 0x15c}, 0x1, 0x0, 0x0, 0x880}, 0x2014)

1.111328206s ago: executing program 0 (id=3133):
socket$nl_generic(0x10, 0x3, 0x10)
socket(0xa, 0x5, 0x0)
socket$nl_generic(0x10, 0x3, 0x10)
socket$pptp(0x18, 0x1, 0x2)
socket(0x400000000010, 0x3, 0x0)
socket$unix(0x1, 0x5, 0x0)
socket$alg(0x26, 0x5, 0x0)
bpf$MAP_CREATE_RINGBUF(0x0, &(0x7f0000000200)={0x1b, 0x0, 0x0, 0x40000, 0x0, 0x0}, 0x50)
r0 = socket$nl_route(0x10, 0x3, 0x0)
sendmsg$nl_route(r0, &(0x7f00000002c0)={0x0, 0x0, &(0x7f0000000100)={&(0x7f0000001800)=ANY=[@ANYBLOB="4c0000001000010400"/20, @ANYRES32=0x0, @ANYBLOB="03000000000000001c0012800c0001006d6163766c616e000c000280080001000800000008000500", @ANYRES32=r0, @ANYBLOB='\b\x00\n\x00', @ANYRES32], 0x4c}, 0x1, 0x0, 0x0, 0x4000000}, 0x800)

586.882302ms ago: executing program 0 (id=3134):
r0 = socket$nl_xfrm(0x10, 0x3, 0x6)
r1 = gettid()
r2 = socket$nl_xfrm(0x10, 0x3, 0x6)
mmap(&(0x7f0000ff9000/0x4000)=nil, 0x4000, 0xe, 0x2010, r2, 0x0)
socketpair$unix(0x1, 0x3, 0x0, &(0x7f0000000080)={<r3=>0xffffffffffffffff, <r4=>0xffffffffffffffff})
connect$unix(r3, &(0x7f000057eff8)=@abs, 0x6e)
sendmmsg$unix(r4, &(0x7f00000bd000), 0x318, 0x0)
recvmmsg(r3, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
syz_genetlink_get_family_id$ethtool(0x0, 0xffffffffffffffff)
sched_setattr(0x0, &(0x7f0000000280)={0x38, 0x5, 0xa, 0x8000, 0x0, 0x9, 0x1, 0xfffffdffffffffff, 0xfa0f, 0xffffffff}, 0x0)
mremap(&(0x7f00007f1000/0x4000)=nil, 0x4000, 0x800000, 0x0, &(0x7f0000130000/0x800000)=nil)
syz_open_dev$dri(0x0, 0x1, 0x0)
openat$ttyS3(0xffffffffffffff9c, &(0x7f0000001840), 0x2982, 0x0)
r5 = openat$procfs(0xffffffffffffff9c, &(0x7f00000001c0)='/proc/timer_list\x00', 0x0, 0x0)
r6 = socket$nl_netfilter(0x10, 0x3, 0xc)
sendmsg$NFT_BATCH(r6, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000200)={&(0x7f00000003c0)=ANY=[@ANYBLOB="140000001000010000000000000000000000000a28000000000a0101000000005e1affd5020000000900010073797a300000000008000240000000032c000000030a01030000e6ff00000000020000000900010073797a30000000000900030073797a320000000014000000110001"], 0x7c}}, 0x0)
sendmsg$NFT_BATCH(r6, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000040)={&(0x7f0000000540)=ANY=[@ANYBLOB="140000001000010000000000000000000000000a58000000060a0b040000000000000000020000002c0004802800018011000100666c6f775f0666666c6f616400000000100002800900010073797a30000000000900010073797a30000000000900020073797a3200000000140000001100010000000000000000000000000a"], 0x80}, 0x1, 0x0, 0x0, 0x2000094}, 0x4000800)
io_setup(0x1, &(0x7f00000016c0)=<r7=>0x0)
ioctl$SIOCGETSGCNT(r5, 0x89e1, &(0x7f0000000100)={@local, @remote})
io_submit(r7, 0x1, &(0x7f0000000140)=[&(0x7f0000000000)={0x0, 0x0, 0x0, 0x1, 0x8, 0xffffffffffffffff, &(0x7f0000000180)="282fa8c2", 0x4, 0x5}])
sendmsg$nl_xfrm(r2, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000040)={&(0x7f0000000680)=ANY=[@ANYBLOB="500100001a00130700000000fcdbdf252001000000000000000000000000000120010000000000000072f77a4e9b5e527a648800000000000001000000004e21", @ANYRES32=0x0, @ANYRES32=0xee00, @ANYBLOB="fc010000000000000000000000000000000000fe32000000fe80000000000000000000000000001b000000000000000000000000000000000000000000000000080000000000000000000000000000000000000000000000000000000000000043050000000000000400000000000000ffffffffffffff7f0000000000000000000000000000000000000000000000000000000028bd7000003500000a00040000000000000000005f001200726663343130362867636d28616573292900000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000009800000060000000217d66d38547aa140db8a200000000c538c7cb00"], 0x150}, 0x1, 0x0, 0x0, 0x880}, 0x0)
mprotect(&(0x7f0000000000/0x800000)=nil, 0x800000, 0x1)
syz_open_dev$ttys(0xc, 0x2, 0x1)
r8 = syz_open_dev$ptys(0xc, 0x3, 0x1)
ioctl$TIOCSWINSZ(r8, 0x5414, &(0x7f0000000000)={0x0, 0x0, 0x4})
r9 = openat$vimc0(0xffffffffffffff9c, &(0x7f0000000200), 0x2, 0x0)
ioctl$VIDIOC_ENUM_FRAMESIZES(r9, 0xc02c564a, &(0x7f0000000240)={0x3, 0x3234564e, 0x3, @stepwise={0x9, 0x10, 0x3, 0x7ff, 0xfffffffb, 0x530}})
capget(&(0x7f0000000280)={0x20080522, r1}, &(0x7f00000002c0)={0x2, 0x2, 0x9, 0x104, 0x7fffffff, 0x5})
sendmsg$nl_xfrm(r0, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000000040)={&(0x7f00000003c0)=@updpolicy={0x13c, 0x19, 0x1, 0x0, 0x0, {{@in6=@private2, @in=@remote, 0xffff, 0x3, 0x400, 0x0, 0xa, 0x0, 0x80, 0x32}, {0x3, 0x800, 0x0, 0x7, 0x0, 0x0, 0x6, 0x7}, {0x0, 0x7, 0x3, 0x8}, 0x0, 0x6e6bb3}, [@tmpl={0x84, 0x5, [{{@in6=@loopback, 0x4, 0x6c}, 0x0, @in=@dev={0xac, 0x14, 0x14, 0x6}, 0x0, 0x0, 0x0, 0x56, 0x0, 0xfffffffd, 0x4}, {{@in=@multicast1, 0x40, 0x3c}, 0x2, @in=@dev={0xac, 0x14, 0x14, 0x44}, 0x400, 0x1, 0x2}]}]}, 0x13c}}, 0x0)

215.941697ms ago: executing program 3 (id=3135):
prlimit64(0x0, 0xe, &(0x7f0000000200)={0x8, 0x8a}, 0x0)
socketpair$unix(0x1, 0x3, 0x0, &(0x7f0000000080)={<r0=>0xffffffffffffffff, <r1=>0xffffffffffffffff})
connect$unix(r0, &(0x7f000057eff8)=@abs, 0x6e)
sendmmsg$unix(r1, &(0x7f00000bd000), 0x318, 0x0)
recvmmsg(r0, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
connect$unix(r1, &(0x7f00000004c0)=@abs={0x1, 0x0, 0x4e20}, 0x6e)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
sched_setattr(0x0, &(0x7f0000000280)={0x38, 0x5, 0x8, 0x8001, 0x0, 0x9, 0x0, 0xfffffe0000000001, 0xfa11, 0xffffffff}, 0x0)
r2 = socket$inet(0x2, 0x3, 0x9)
r3 = socket$nl_generic(0x10, 0x3, 0x10)
r4 = syz_genetlink_get_family_id$devlink(&(0x7f0000000040), 0xffffffffffffffff)
sendmsg$DEVLINK_CMD_TRAP_GROUP_GET(r3, &(0x7f00000005c0)={0x0, 0x0, &(0x7f0000000580)={&(0x7f00000003c0)={0x14, r4, 0x80485dc1c126afb3, 0x0, 0x0, {0x33}}, 0x14}}, 0x0)
pipe2$watch_queue(0x0, 0x80)
shutdown(r2, 0x0)
recvmmsg(r2, &(0x7f00000066c0), 0xa0d, 0x0, 0x0)
madvise(&(0x7f0000a93000/0x4000)=nil, 0x4000, 0x80000000e)
mkdirat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000000)='./cgroup.cpu/syz0\x00', 0x1ff)
r5 = fsopen(&(0x7f00000000c0)='cgroup2\x00', 0x0)
fsconfig$FSCONFIG_SET_BINARY(r5, 0x6, 0x0, 0x0, 0x0)
fsmount(r5, 0x0, 0x0)
r6 = socket$nl_xfrm(0x10, 0x3, 0x6)
syz_clone(0x8a140600, &(0x7f00000001c0)="07b5e42d30226aba87697ce3ff665d7cb4bdf0381b74230609ad5a0c5b8a9d5c2f3277994317083b76b0aedef0afef4267cf265f61c257cdf6b2b4f80e41dc603103f166f30d40ea85dfe1e8e66067ed6f2943db878e74532cf26a3f8ca5", 0x5e, &(0x7f0000000240), &(0x7f0000000340), &(0x7f0000000380)="646a21c1314836dab1375dc5370b85967842427f74c7fdda0fb7ef9233f6099289037fa8ede14a0147999b5b523275ef4abe7ff27941f54759b8ecf4d9f02b8e7d4d9dfadc80893ce8f09ba0bcc31b1ba7191c0c1c71e4bb4b162e670308b4d33e0f02aa5e24636f9c2d0db8a006018c1225f05d35d6e969f5fabf0a8c6ba2ea8675fa596d5d008285bc2bc52fea5fdafb52bfa310ecb3056c7f32881c0305e3ea74da8d09229309241efeed6eb72cf772")
sendmsg$nl_xfrm(r6, &(0x7f00000002c0)={0x0, 0x0, &(0x7f0000001100)={&(0x7f0000000a00)=@newsa={0x19c, 0x10, 0x1, 0x0, 0x0, {{@in=@private=0xa010101, @in=@remote, 0x0, 0x0, 0x0, 0x0, 0xa, 0x0, 0x0, 0x64}, {@in, 0x0, 0x32}, @in=@dev={0xac, 0x14, 0x14, 0x36}, {0x0, 0x100, 0x0, 0xfffffffffffffffd, 0x0, 0x0, 0x2000, 0xe3}, {0xfffffffffffffffd, 0x4, 0x8000000, 0x100000000}, {0x0, 0x0, 0x2}, 0x0, 0x0, 0xa, 0x0, 0x0, 0xcd}, [@algo_crypt={0x48, 0x2, {{'cbc(aes)\x00'}}}, @replay_esn_val={0x1c, 0x17, {0x0, 0x70bd27, 0x0, 0x70bd2a, 0x70bd28}}, @algo_auth_trunc={0x4c, 0x14, {{'cmac(aes)\x00'}}}]}, 0x19c}}, 0x0)
syz_open_dev$dmmidi(&(0x7f0000000300), 0x6, 0x70202)
socket$nl_route(0x10, 0x3, 0x0)
openat$audio(0xffffffffffffff9c, 0x0, 0x80802, 0x0)

0s ago: executing program 1 (id=3136):
r0 = openat$vimc1(0xffffffffffffff9c, &(0x7f0000000040), 0x2, 0x0)
bpf$MAP_CREATE(0x0, 0x0, 0x50)
mmap$IORING_OFF_SQ_RING(&(0x7f0000400000/0xc00000)=nil, 0xc00000, 0x0, 0x50, 0xffffffffffffffff, 0x0)
socket(0x23, 0x6, 0x1000)
socketpair$unix(0x1, 0x3, 0x0, &(0x7f0000000080)={<r1=>0xffffffffffffffff, <r2=>0xffffffffffffffff})
connect$unix(r1, &(0x7f000057eff8)=@abs, 0x6e)
sendmmsg$unix(r2, &(0x7f00000bd000), 0x318, 0x0)
recvmmsg(r1, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x1, 0x0)
prctl$PR_SET_SECCOMP(0x16, 0x2, 0x0)
ioctl$sock_FIOGETOWN(r1, 0x8903, 0x0)
sched_setattr(0x0, &(0x7f0000000100)={0x38, 0x5, 0x8, 0x8001, 0x0, 0x9, 0x100000004, 0xfffffdfffffffffe, 0xfa11, 0x65aa}, 0x0)
mknodat(0xffffffffffffff9c, &(0x7f00000000c0)='./file2\x00', 0x81c0, 0x0)
execveat(0xffffffffffffff9c, &(0x7f0000000280)='./file2\x00', 0x0, 0x0, 0x0)
syz_io_uring_setup(0x595d, &(0x7f0000000180)={0x0, 0xcfa4, 0x80, 0x2, 0x141}, 0x0, &(0x7f0000000380))
r3 = socket$inet6_udp(0xa, 0x2, 0x0)
setsockopt$IP6T_SO_SET_REPLACE(r3, 0x29, 0x40, &(0x7f0000000f80)=@mangle={'mangle\x00', 0x2, 0x6, 0x5c0, 0x0, 0x190, 0x260, 0x420, 0x260, 0x4f0, 0x4f0, 0x4f0, 0x4f0, 0x4f0, 0x6, 0x0, {[{{@ipv6={@mcast1, @private1, [], [], 'bond_slave_0\x00', 'vlan1\x00', {}, {0xff}, 0x21}, 0x0, 0x168, 0x190, 0x0, {0x7a00000010000000}, [@common=@srh1={{0x90}, {0x0, 0x0, 0x0, 0x0, 0x0, @empty, @mcast2, @private2, [], [0xff000000, 0xffffffff, 0x0, 0xffffff00], [], 0x0, 0x10}}, @common=@inet=@dccp={{0x30}, {[0x4e21, 0x4e24], [0x4e23, 0x4e24], 0xd, 0x0, 0x4, 0x7}}]}, @HL={0x28}}, {{@ipv6={@mcast2, @dev={0xfe, 0x80, '\x00', 0x2}, [], [0x0, 0x0, 0x0, 0xffffff00], 'veth0_macvtap\x00', 'veth1_vlan\x00', {}, {}, 0x0, 0x0, 0x5}, 0x0, 0xa8, 0xd0}, @common=@inet=@TCPMSS={0x28}}, {{@ipv6={@ipv4, @initdev={0xfe, 0x88, '\x00', 0x0, 0x0}, [], [], 'bridge0\x00', 'sit0\x00', {0xff}}, 0x0, 0xa8, 0xd0, 0x48000000}, @common=@unspec=@STANDARD={0x28, '\x00', 0x0, 0xfffffffffffffffc}}, {{@ipv6={@empty, @local, [0xff, 0x0, 0xff, 0xff000000], [0xff000000, 0xff000000, 0xffffffff, 0xffffff00], 'macvlan0\x00', 'veth1_to_bridge\x00', {}, {0xff}, 0x8, 0x81, 0x1, 0x36}, 0x0, 0xa8, 0xf0}, @SNPT={0x48, 'SNPT\x00', 0x0, {@ipv4, @ipv6=@private1, 0x0, 0x37}}}, {{@uncond, 0x0, 0xa8, 0xd0}, @inet=@TOS={0x28, 'TOS\x00', 0x0, {0x50, 0x1}}}], {{'\x00', 0x0, 0xa8, 0xd0}, {0x28}}}}, 0x620)
symlink(&(0x7f0000002040)='./file0/file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa/file0\x00', &(0x7f0000000000)='./file0\x00')
rename(0x0, 0x0)
r4 = getpid()
r5 = syz_pidfd_open(r4, 0x0)
io_uring_setup(0x80070c5, 0x0)
connect$inet6(0xffffffffffffffff, &(0x7f0000000040)={0xa, 0x0, 0x0, @local, 0x3}, 0x1c)
syz_clone(0x11, 0x0, 0x0, 0x0, 0x0, 0x0)
sendmsg$MPTCP_PM_CMD_GET_LIMITS(0xffffffffffffffff, &(0x7f0000000280)={0x0, 0x0, &(0x7f0000000200)={0x0}, 0x1, 0x0, 0x0, 0x4000}, 0x24000010)
ioctl$AUTOFS_DEV_IOCTL_READY(0xffffffffffffffff, 0xc0189376, 0x0)
seccomp$SECCOMP_SET_MODE_FILTER_LISTENER(0x1, 0x8, 0x0)
ptrace$ARCH_SHSTK_LOCK(0x1e, 0x0, 0x1, 0x5003)
setns(r5, 0x20000)
ioctl$VIDIOC_STREAMOFF(r0, 0x40045613, &(0x7f0000000140)=0x7)

kernel console output (not intermixed with test programs):

entered forwarding state
[  895.590556][   T10] usb 1-1: new high-speed USB device number 86 using dummy_hcd
[  895.785601][   T10] usb 1-1: too many configurations: 47, using maximum allowed: 8
[  895.835180][   T10] usb 1-1: New USB device found, idVendor=0cf3, idProduct=9271, bcdDevice= 1.08
[  895.854235][   T10] usb 1-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  895.873417][   T10] usb 1-1: Product: syz
[  895.883095][   T10] usb 1-1: Manufacturer: syz
[  895.888344][   T10] usb 1-1: SerialNumber: syz
[  895.907385][   T10] usb 1-1: ath9k_htc: Firmware ath9k_htc/htc_9271-1.4.0.fw requested
[  895.928144][ T5877] usb 1-1: ath9k_htc: Transferred FW: ath9k_htc/htc_9271-1.4.0.fw, size: 51008
[  896.599254][ T5911] usb 1-1: USB disconnect, device number 86
[  896.701718][T15862] ipip0: entered promiscuous mode
[  896.707079][T15862] ipip0: entered allmulticast mode
[  896.885487][T15865] loop2: detected capacity change from 0 to 7
[  896.902499][ T5829] Dev loop2: unable to read RDB block 7
[  896.908887][ T5829]  loop2: unable to read partition table
[  896.949356][ T5829] loop2: partition table beyond EOD, truncated
[  896.978862][T15865] Dev loop2: unable to read RDB block 7
[  897.055030][T15865]  loop2: unable to read partition table
[  897.062908][T15865] loop2: partition table beyond EOD, truncated
[  897.069661][T15865] loop_reread_partitions: partition scan of loop2 (þ被xü—ŸÑà– ) failed (rc=-5)
[  897.206169][ T5877] usb 1-1: Service connection timeout for: 256
[  897.206198][ T5877] ath9k_htc 1-1:1.0: ath9k_htc: Unable to initialize HTC services
[  897.207961][ T5877] ath9k_htc: Failed to initialize the device
[  897.208252][ T5911] usb 1-1: ath9k_htc: USB layer deinitialized
[  897.706208][T15876] Cannot find add_set index 2 as target
[  898.664797][ T5911] usb 1-1: new high-speed USB device number 87 using dummy_hcd
[  899.113415][ T5911] usb 1-1: Using ep0 maxpacket: 8
[  899.158801][ T5911] usb 1-1: New USB device found, idVendor=047d, idProduct=5003, bcdDevice=2f.8c
[  899.173260][ T5911] usb 1-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  899.190107][ T5911] usb 1-1: Product: syz
[  899.202309][ T5911] usb 1-1: Manufacturer: syz
[  899.213333][ T5911] usb 1-1: SerialNumber: syz
[  899.235589][ T5911] usb 1-1: config 0 descriptor??
[  899.247787][ T5911] gspca_main: se401-2.14.0 probing 047d:5003
[  899.454880][ T5897] usb 2-1: new high-speed USB device number 78 using dummy_hcd
[  899.629422][ T5897] usb 2-1: config 1 has an invalid descriptor of length 0, skipping remainder of the config
[  899.653501][ T5897] usb 2-1: config 1 has 1 interface, different from the descriptor's value: 3
[  899.718359][ T5897] usb 2-1: New USB device found, idVendor=08b7, idProduct=0000, bcdDevice= 0.00
[  899.774832][ T5897] usb 2-1: New USB device strings: Mfr=0, Product=0, SerialNumber=3
[  899.953738][ T5897] usb 2-1: SerialNumber: syz
[  900.090282][ T5911] input: se401 as /devices/platform/dummy_hcd.0/usb1/1-1/input/input42
[  900.152526][ T5911] usb 1-1: USB disconnect, device number 87
[  900.686239][T15933] loop2: detected capacity change from 0 to 7
[  901.185162][T15933] Dev loop2: unable to read RDB block 7
[  901.190823][T15933]  loop2: unable to read partition table
[  901.237649][T15933] loop2: partition table beyond EOD, truncated
[  901.268877][T15933] loop_reread_partitions: partition scan of loop2 (þ被xü—ŸÑà– ) failed (rc=-5)
[  902.434938][ T5911] usb 1-1: new high-speed USB device number 88 using dummy_hcd
[  902.608579][ T5897] usb 2-1: 0:2 : does not exist
[  902.665471][ T5911] usb 1-1: Using ep0 maxpacket: 32
[  902.700314][ T5911] usb 1-1: config 180 has too many interfaces: 78, using maximum allowed: 32
[  902.733015][ T5911] usb 1-1: config 180 has 1 interface, different from the descriptor's value: 78
[  902.735170][ T5897] usb 2-1: USB disconnect, device number 78
[  902.838993][ T5911] usb 1-1: config 180 has no interface number 0
[  902.893183][ T5829] udevd[5829]: error opening ATTR{/sys/devices/platform/dummy_hcd.1/usb2/2-1/2-1:1.0/sound/card3/controlC3/../uevent} for writing: No such file or directory
[  902.995883][ T5911] usb 1-1: config 180 interface 35 altsetting 0 endpoint 0x85 has an invalid bInterval 0, changing to 7
[  903.078020][ T5911] usb 1-1: config 180 interface 35 altsetting 0 endpoint 0x85 has invalid wMaxPacketSize 0
[  903.172819][ T5911] usb 1-1: New USB device found, idVendor=10c4, idProduct=818a, bcdDevice=7d.8f
[  903.204809][ T5911] usb 1-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  903.234575][ T5911] usb 1-1: Product: syz
[  903.243522][ T5911] usb 1-1: Manufacturer: syz
[  903.260433][ T5911] usb 1-1: SerialNumber: syz
[  903.310241][T15962] netlink: 24 bytes leftover after parsing attributes in process `syz.1.2739'.
[  903.732840][ T5911] radio-si470x 1-1:180.35: this is not a si470x device.
[  904.056344][ T5911] radio-raremono 1-1:180.35: this is not Thanko's Raremono.
[  904.105798][ T5911] usb 1-1: USB disconnect, device number 88
[  904.335741][ T5892] usb 4-1: new full-speed USB device number 91 using dummy_hcd
[  904.516615][ T5892] usb 4-1: config 8 has an invalid interface number: 223 but max is 0
[  904.865767][ T5897] usb 2-1: new high-speed USB device number 79 using dummy_hcd
[  904.876979][T15987] Cannot find add_set index 0 as target
[  904.893764][ T5892] usb 4-1: config 8 contains an unexpected descriptor of type 0x1, skipping
[  904.977903][ T5892] usb 4-1: config 8 has an invalid descriptor of length 143, skipping remainder of the config
[  904.999558][ T5892] usb 4-1: config 8 has no interface number 0
[  905.031172][ T5897] usb 2-1: config 1 has an invalid descriptor of length 0, skipping remainder of the config
[  905.042106][ T5892] usb 4-1: config 8 interface 223 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 3
[  905.064918][ T5897] usb 2-1: config 1 has 1 interface, different from the descriptor's value: 3
[  905.079101][ T5897] usb 2-1: New USB device found, idVendor=08b7, idProduct=0000, bcdDevice= 0.00
[  905.098337][ T5897] usb 2-1: New USB device strings: Mfr=0, Product=0, SerialNumber=3
[  905.109599][ T5897] usb 2-1: SerialNumber: syz
[  905.149544][ T5892] usb 4-1: New USB device found, idVendor=a6da, idProduct=7458, bcdDevice=2d.4d
[  905.174185][ T5892] usb 4-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  905.197994][ T5892] usb 4-1: Product: syz
[  905.209471][ T5892] usb 4-1: Manufacturer: syz
[  905.222273][ T5892] usb 4-1: SerialNumber: syz
[  905.723571][ T5892] usb 4-1: USB disconnect, device number 91
[  906.188524][T16008] syzkaller0: entered promiscuous mode
[  906.216364][T16008] syzkaller0: entered allmulticast mode
[  907.164836][ T5877] usb 5-1: new high-speed USB device number 85 using dummy_hcd
[  907.327119][ T5877] usb 5-1: Using ep0 maxpacket: 16
[  907.336548][ T5877] usb 5-1: no configurations
[  907.346751][ T5877] usb 5-1: can't read configurations, error -22
[  907.428082][ T5897] usb 2-1: 0:2 : does not exist
[  907.515674][T16020] netlink: 4 bytes leftover after parsing attributes in process `syz.3.2762'.
[  907.604923][ T5877] usb 5-1: new high-speed USB device number 86 using dummy_hcd
[  908.049833][ T5908] usb 4-1: new high-speed USB device number 92 using dummy_hcd
[  908.070486][ T5877] usb 5-1: Using ep0 maxpacket: 16
[  908.105943][ T5877] usb 5-1: no configurations
[  908.110627][ T5877] usb 5-1: can't read configurations, error -22
[  908.264855][ T5908] usb 4-1: Using ep0 maxpacket: 16
[  908.279073][ T5897] usb 2-1: USB disconnect, device number 79
[  908.334905][ T5908] usb 4-1: no configurations
[  908.356816][ T5908] usb 4-1: can't read configurations, error -22
[  908.370708][ T5877] usb usb5-port1: attempt power cycle
[  908.555078][ T5908] usb 4-1: new high-speed USB device number 93 using dummy_hcd
[  908.767023][ T5908] usb 4-1: Using ep0 maxpacket: 16
[  908.867338][ T5877] usb 5-1: new high-speed USB device number 87 using dummy_hcd
[  908.908664][ T5877] usb 5-1: Using ep0 maxpacket: 16
[  908.915423][ T5877] usb 5-1: no configurations
[  908.920077][ T5877] usb 5-1: can't read configurations, error -22
[  908.936346][ T5908] usb 4-1: no configurations
[  909.003797][ T5908] usb 4-1: can't read configurations, error -22
[  909.027895][ T5908] usb usb4-port1: attempt power cycle
[  909.119690][ T5877] usb 5-1: new high-speed USB device number 88 using dummy_hcd
[  909.225266][ T5877] usb 5-1: device descriptor read/8, error -71
[  909.255434][ T5911] usb 6-1: new high-speed USB device number 3 using dummy_hcd
[  909.360472][ T5877] usb usb5-port1: unable to enumerate USB device
[  909.415176][ T5908] usb 4-1: new high-speed USB device number 94 using dummy_hcd
[  909.437992][ T5908] usb 4-1: Using ep0 maxpacket: 16
[  909.455427][ T5908] usb 4-1: no configurations
[  909.460182][ T5908] usb 4-1: can't read configurations, error -22
[  909.629393][T16043] netlink: 4 bytes leftover after parsing attributes in process `syz.1.2769'.
[  909.639070][T16043] netlink: 28 bytes leftover after parsing attributes in process `syz.1.2769'.
[  909.784893][ T5908] usb 4-1: new high-speed USB device number 95 using dummy_hcd
[  909.837020][ T5908] usb 4-1: Using ep0 maxpacket: 16
[  909.920219][ T5908] usb 4-1: no configurations
[  909.928294][ T5908] usb 4-1: can't read configurations, error -22
[  909.950725][ T5908] usb usb4-port1: unable to enumerate USB device
[  909.972436][   T30] kauditd_printk_skb: 31 callbacks suppressed
[  909.972456][   T30] audit: type=1800 audit(1770714811.591:2830): pid=16047 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed comm="syz.1.2771" name="SYSV00000000" dev="tmpfs" ino=4 res=0 errno=0
[  910.153752][T16053] netlink: 1204 bytes leftover after parsing attributes in process `syz.4.2773'.
[  910.434885][ T5911] usb 6-1: new high-speed USB device number 4 using dummy_hcd
[  910.609599][ T5911] usb 6-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7
[  910.815985][T16062] netdevsim netdevsim1 netdevsim0: IPsec offload requires 128 bit authentication
[  911.030437][ T5911] usb 6-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0
[  911.040306][ T5911] usb 6-1: New USB device found, idVendor=27b8, idProduct=01ed, bcdDevice= 0.00
[  911.050233][ T5911] usb 6-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  911.138486][ T5911] usb 6-1: config 0 descriptor??
[  911.187821][T16063] tipc: Enabling of bearer <udp:syz2> rejected, failed to enable media
[  911.215276][T16063] tipc: Enabling of bearer <udp:syz0> rejected, already enabled
[  911.237583][   T30] audit: type=1326 audit(1770714812.801:2831): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=16058 comm="syz.4.2774" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f589219af79 code=0x7ffc0000
[  911.264843][   T30] audit: type=1326 audit(1770714812.801:2832): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=16058 comm="syz.4.2774" exe="/root/syz-executor" sig=0 arch=c000003e syscall=41 compat=0 ip=0x7f589219af79 code=0x7ffc0000
[  911.292444][   T30] audit: type=1326 audit(1770714812.801:2833): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=16058 comm="syz.4.2774" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f589219af79 code=0x7ffc0000
[  911.315945][   T30] audit: type=1326 audit(1770714812.801:2834): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=16058 comm="syz.4.2774" exe="/root/syz-executor" sig=0 arch=c000003e syscall=41 compat=0 ip=0x7f589219af79 code=0x7ffc0000
[  911.340154][   T30] audit: type=1326 audit(1770714812.801:2835): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=16058 comm="syz.4.2774" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f589219af79 code=0x7ffc0000
[  911.363569][   T30] audit: type=1326 audit(1770714812.801:2836): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=16058 comm="syz.4.2774" exe="/root/syz-executor" sig=0 arch=c000003e syscall=41 compat=0 ip=0x7f589219c807 code=0x7ffc0000
[  911.401414][ T5911] usbhid 6-1:0.0: can't add hid device: -71
[  911.407629][ T5911] usbhid 6-1:0.0: probe with driver usbhid failed with error -71
[  911.483135][ T5911] usb 6-1: USB disconnect, device number 4
[  911.658884][   T30] audit: type=1326 audit(1770714812.801:2837): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=16058 comm="syz.4.2774" exe="/root/syz-executor" sig=0 arch=c000003e syscall=44 compat=0 ip=0x7f589215b84e code=0x7ffc0000
[  911.815025][   T30] audit: type=1326 audit(1770714812.801:2838): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=16058 comm="syz.4.2774" exe="/root/syz-executor" sig=0 arch=c000003e syscall=45 compat=0 ip=0x7f589215b84e code=0x7ffc0000
[  911.884134][   T30] audit: type=1326 audit(1770714812.801:2839): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=16058 comm="syz.4.2774" exe="/root/syz-executor" sig=0 arch=c000003e syscall=45 compat=0 ip=0x7f589215b84e code=0x7ffc0000
[  913.399593][T16081] netlink: 72 bytes leftover after parsing attributes in process `syz.1.2778'.
[  915.181285][T16111] FAULT_INJECTION: forcing a failure.
[  915.181285][T16111] name fail_usercopy, interval 1, probability 0, space 0, times 0
[  915.495163][T16111] CPU: 1 UID: 0 PID: 16111 Comm: syz.1.2784 Tainted: G             L      syzkaller #0 PREEMPT(full) 
[  915.495189][T16111] Tainted: [L]=SOFTLOCKUP
[  915.495195][T16111] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/24/2026
[  915.495205][T16111] Call Trace:
[  915.495212][T16111]  <TASK>
[  915.495218][T16111]  dump_stack_lvl+0xe8/0x150
[  915.495244][T16111]  should_fail_ex+0x412/0x560
[  915.495270][T16111]  _copy_to_user+0x31/0xb0
[  915.495288][T16111]  simple_read_from_buffer+0xe1/0x170
[  915.495307][T16111]  proc_fail_nth_read+0x1bb/0x230
[  915.495332][T16111]  ? __pfx_proc_fail_nth_read+0x10/0x10
[  915.495355][T16111]  ? rw_verify_area+0x2a6/0x4d0
[  915.495378][T16111]  ? __pfx_proc_fail_nth_read+0x10/0x10
[  915.495400][T16111]  vfs_read+0x20c/0xa70
[  915.495419][T16111]  ? fdget_pos+0x246/0x320
[  915.495439][T16111]  ? __pfx___mutex_lock+0x10/0x10
[  915.495459][T16111]  ? __pfx_vfs_read+0x10/0x10
[  915.495480][T16111]  ? __fget_files+0x2a/0x420
[  915.495499][T16111]  ? __fget_files+0x3a0/0x420
[  915.495513][T16111]  ? __fget_files+0x2a/0x420
[  915.495535][T16111]  ksys_read+0x150/0x270
[  915.495557][T16111]  ? __pfx_ksys_read+0x10/0x10
[  915.495582][T16111]  ? __pfx_userfaultfd_ioctl+0x10/0x10
[  915.495613][T16111]  do_syscall_64+0xe2/0xf80
[  915.495632][T16111]  ? entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  915.495646][T16111]  ? trace_irq_disable+0x37/0x100
[  915.495660][T16111]  ? clear_bhb_loop+0x60/0xb0
[  915.495678][T16111]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  915.495693][T16111] RIP: 0033:0x7f9b3bf5b84e
[  915.495707][T16111] Code: 08 0f 85 a5 a8 ff ff 49 89 fb 48 89 f0 48 89 d7 48 89 ce 4c 89 c2 4d 89 ca 4c 8b 44 24 08 4c 8b 4c 24 10 4c 89 5c 24 08 0f 05 <c3> 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 80 00 00 00 00 48 83 ec 08
[  915.495720][T16111] RSP: 002b:00007f9b3cee4fe8 EFLAGS: 00000246 ORIG_RAX: 0000000000000000
[  915.495736][T16111] RAX: ffffffffffffffda RBX: 00007f9b3cee56c0 RCX: 00007f9b3bf5b84e
[  915.495748][T16111] RDX: 000000000000000f RSI: 00007f9b3cee50a0 RDI: 0000000000000004
[  915.495758][T16111] RBP: 00007f9b3cee5090 R08: 0000000000000000 R09: 0000000000000000
[  915.495767][T16111] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[  915.495776][T16111] R13: 00007f9b3c216038 R14: 00007f9b3c215fa0 R15: 00007f9b3c33fa48
[  915.495800][T16111]  </TASK>
[  916.200863][T16122] netlink: 4 bytes leftover after parsing attributes in process `syz.1.2785'.
[  916.327793][T16121] netlink: 4 bytes leftover after parsing attributes in process `syz.5.2786'.
[  917.040138][ T5877] usb 2-1: new high-speed USB device number 80 using dummy_hcd
[  917.275079][ T5877] usb 2-1: Using ep0 maxpacket: 16
[  917.286593][ T5877] usb 2-1: unable to read config index 0 descriptor/start: -61
[  917.294603][ T5877] usb 2-1: can't read configurations, error -61
[  917.447531][ T5877] usb 2-1: new high-speed USB device number 81 using dummy_hcd
[  917.613245][T16138] tipc: Enabling of bearer <udp:syz2> rejected, already enabled
[  917.648605][ T5877] usb 2-1: Using ep0 maxpacket: 16
[  917.657013][   T30] kauditd_printk_skb: 42 callbacks suppressed
[  917.657033][   T30] audit: type=1326 audit(1770714819.221:2882): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=16135 comm="syz.3.2790" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f3a7539af79 code=0x7ffc0000
[  917.676528][ T5877] usb 2-1: unable to read config index 0 descriptor/start: -61
[  917.714472][ T5877] usb 2-1: can't read configurations, error -61
[  917.727442][T16138] tipc: Enabling of bearer <udp:syz0> rejected, already enabled
[  917.804937][ T5877] usb usb2-port1: attempt power cycle
[  917.986921][   T30] audit: type=1326 audit(1770714819.231:2883): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=16135 comm="syz.3.2790" exe="/root/syz-executor" sig=0 arch=c000003e syscall=41 compat=0 ip=0x7f3a7539af79 code=0x7ffc0000
[  918.136656][   T30] audit: type=1326 audit(1770714819.231:2884): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=16135 comm="syz.3.2790" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f3a7539af79 code=0x7ffc0000
[  918.195109][ T5877] usb 2-1: new high-speed USB device number 82 using dummy_hcd
[  918.221559][   T30] audit: type=1326 audit(1770714819.231:2885): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=16135 comm="syz.3.2790" exe="/root/syz-executor" sig=0 arch=c000003e syscall=41 compat=0 ip=0x7f3a7539af79 code=0x7ffc0000
[  918.298604][ T5877] usb 2-1: Using ep0 maxpacket: 16
[  918.478469][   T30] audit: type=1326 audit(1770714819.231:2886): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=16135 comm="syz.3.2790" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f3a7539af79 code=0x7ffc0000
[  918.520703][ T5877] usb 2-1: unable to read config index 0 descriptor/start: -61
[  918.544903][   T30] audit: type=1326 audit(1770714819.231:2887): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=16135 comm="syz.3.2790" exe="/root/syz-executor" sig=0 arch=c000003e syscall=41 compat=0 ip=0x7f3a7539c807 code=0x7ffc0000
[  918.557238][ T5877] usb 2-1: can't read configurations, error -61
[  918.648621][   T30] audit: type=1326 audit(1770714819.231:2888): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=16135 comm="syz.3.2790" exe="/root/syz-executor" sig=0 arch=c000003e syscall=44 compat=0 ip=0x7f3a7535b84e code=0x7ffc0000
[  918.714831][ T5877] usb 2-1: new high-speed USB device number 83 using dummy_hcd
[  918.742831][   T30] audit: type=1326 audit(1770714819.231:2889): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=16135 comm="syz.3.2790" exe="/root/syz-executor" sig=0 arch=c000003e syscall=45 compat=0 ip=0x7f3a7535b84e code=0x7ffc0000
[  918.838788][   T30] audit: type=1326 audit(1770714819.231:2890): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=16135 comm="syz.3.2790" exe="/root/syz-executor" sig=0 arch=c000003e syscall=45 compat=0 ip=0x7f3a7535b84e code=0x7ffc0000
[  918.919053][   T30] audit: type=1326 audit(1770714819.231:2891): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=16135 comm="syz.3.2790" exe="/root/syz-executor" sig=0 arch=c000003e syscall=3 compat=0 ip=0x7f3a7535b84e code=0x7ffc0000
[  919.414814][ T5939] usb 5-1: new high-speed USB device number 89 using dummy_hcd
[  919.595027][ T5939] usb 5-1: Using ep0 maxpacket: 32
[  919.621817][ T5939] usb 5-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7
[  919.633347][ T5939] usb 5-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0
[  919.647041][ T5939] usb 5-1: New USB device found, idVendor=0403, idProduct=6030, bcdDevice= 0.00
[  919.689746][ T5939] usb 5-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  919.745167][ T5939] usb 5-1: config 0 descriptor??
[  920.262627][T16155] Cannot find add_set index 0 as target
[  920.273975][ T5877] usb 2-1: device descriptor read/8, error -71
[  920.400203][ T5877] usb usb2-port1: unable to enumerate USB device
[  921.442630][ T5908] usb 2-1: new high-speed USB device number 84 using dummy_hcd
[  921.518369][T16175] FAULT_INJECTION: forcing a failure.
[  921.518369][T16175] name fail_usercopy, interval 1, probability 0, space 0, times 0
[  921.555915][T16175] CPU: 1 UID: 0 PID: 16175 Comm: syz.3.2801 Tainted: G             L      syzkaller #0 PREEMPT(full) 
[  921.555955][T16175] Tainted: [L]=SOFTLOCKUP
[  921.555961][T16175] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/24/2026
[  921.555971][T16175] Call Trace:
[  921.555977][T16175]  <TASK>
[  921.555985][T16175]  dump_stack_lvl+0xe8/0x150
[  921.556012][T16175]  should_fail_ex+0x412/0x560
[  921.556037][T16175]  _copy_from_user+0x2d/0xb0
[  921.556054][T16175]  ___sys_sendmsg+0x1c6/0x360
[  921.556078][T16175]  ? __lock_acquire+0x6b5/0x2cf0
[  921.556103][T16175]  ? __pfx____sys_sendmsg+0x10/0x10
[  921.556150][T16175]  ? __fget_files+0x2a/0x420
[  921.556165][T16175]  ? __fget_files+0x3a0/0x420
[  921.556212][T16175]  __x64_sys_sendmsg+0x1bd/0x2a0
[  921.556247][T16175]  ? __pfx___x64_sys_sendmsg+0x10/0x10
[  921.556293][T16175]  ? __pfx_ksys_write+0x10/0x10
[  921.556324][T16175]  do_syscall_64+0xe2/0xf80
[  921.556342][T16175]  ? entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  921.556357][T16175]  ? clear_bhb_loop+0x60/0xb0
[  921.556375][T16175]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  921.556389][T16175] RIP: 0033:0x7f3a7539af79
[  921.556403][T16175] Code: ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 e8 ff ff ff f7 d8 64 89 01 48
[  921.556416][T16175] RSP: 002b:00007f3a76194028 EFLAGS: 00000246 ORIG_RAX: 000000000000002e
[  921.556432][T16175] RAX: ffffffffffffffda RBX: 00007f3a75615fa0 RCX: 00007f3a7539af79
[  921.556443][T16175] RDX: 0000000030048004 RSI: 0000200000000040 RDI: 0000000000000003
[  921.556453][T16175] RBP: 00007f3a76194090 R08: 0000000000000000 R09: 0000000000000000
[  921.556463][T16175] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[  921.556472][T16175] R13: 00007f3a75616038 R14: 00007f3a75615fa0 R15: 00007f3a7573fa48
[  921.556495][T16175]  </TASK>
[  922.010810][ T5908] usb 2-1: config index 0 descriptor too short (expected 3133, got 61)
[  922.052560][ T5908] usb 2-1: config 0 has an invalid interface number: 156 but max is 1
[  922.102077][ T5908] usb 2-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config
[  922.153416][ T5908] usb 2-1: config 0 has 1 interface, different from the descriptor's value: 2
[  922.206292][ T5908] usb 2-1: config 0 has no interface number 0
[  922.232888][ T5908] usb 2-1: config 0 interface 156 altsetting 0 endpoint 0xA has invalid wMaxPacketSize 0
[  922.272279][ T5908] usb 2-1: config 0 interface 156 altsetting 0 endpoint 0x3 has an invalid bInterval 0, changing to 7
[  922.337771][ T5908] usb 2-1: config 0 interface 156 altsetting 0 endpoint 0x3 has invalid wMaxPacketSize 0
[  922.380645][ T5908] usb 2-1: config 0 interface 156 altsetting 0 has 2 endpoint descriptors, different from the interface descriptor's value: 3
[  922.431353][ T5908] usb 2-1: New USB device found, idVendor=abcd, idProduct=cdee, bcdDevice= 5.b9
[  922.452010][ T5908] usb 2-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  922.567036][ T5908] usb 2-1: config 0 descriptor??
[  922.612956][ T5908] gspca_main: spca561-2.14.0 probing abcd:cdee
[  922.798086][   T30] kauditd_printk_skb: 92 callbacks suppressed
[  922.798104][   T30] audit: type=1800 audit(1770714824.421:2984): pid=16186 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed comm="syz.0.2805" name="SYSV00000000" dev="tmpfs" ino=17 res=0 errno=0
[  923.231663][ T5908] spca561 2-1:0.156: probe with driver spca561 failed with error -22
[  923.487729][ T5908] usb 2-1: Quirk or no altset; falling back to MIDI 1.0
[  923.504009][ T5908] usb 2-1: MIDIStreaming interface descriptor not found
[  923.601492][T16192] netdevsim netdevsim0 netdevsim0: IPsec offload requires 128 bit authentication
[  923.977910][ T5939] usbhid 5-1:0.0: can't add hid device: -71
[  923.983927][ T5939] usbhid 5-1:0.0: probe with driver usbhid failed with error -71
[  924.037054][ T5908] usb 2-1: USB disconnect, device number 84
[  924.043063][ T5939] usb 5-1: USB disconnect, device number 89
[  924.435187][T16200] netlink: 1204 bytes leftover after parsing attributes in process `syz.4.2808'.
[  924.617807][ T5908] usb 2-1: new high-speed USB device number 85 using dummy_hcd
[  924.804941][ T5908] usb 2-1: Using ep0 maxpacket: 32
[  924.862761][ T5908] usb 2-1: config 0 has an invalid interface number: 239 but max is 0
[  924.944142][ T5908] usb 2-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config
[  924.997378][ T5908] usb 2-1: config 0 has no interface number 0
[  925.036653][ T5908] usb 2-1: config 0 interface 239 altsetting 4 bulk endpoint 0x2 has invalid maxpacket 8
[  925.078540][T16206] FAULT_INJECTION: forcing a failure.
[  925.078540][T16206] name failslab, interval 1, probability 0, space 0, times 0
[  925.092436][ T5908] usb 2-1: config 0 interface 239 altsetting 4 endpoint 0x8 has invalid maxpacket 1023, setting to 64
[  925.125388][T16206] CPU: 0 UID: 0 PID: 16206 Comm: syz.5.2811 Tainted: G             L      syzkaller #0 PREEMPT(full) 
[  925.125424][T16206] Tainted: [L]=SOFTLOCKUP
[  925.125433][T16206] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/24/2026
[  925.125446][T16206] Call Trace:
[  925.125455][T16206]  <TASK>
[  925.125465][T16206]  dump_stack_lvl+0xe8/0x150
[  925.125498][T16206]  should_fail_ex+0x412/0x560
[  925.125534][T16206]  should_failslab+0xa8/0x100
[  925.125558][T16206]  __kvmalloc_node_noprof+0x166/0x8d0
[  925.125582][T16206]  ? fuse_readdir+0x1581/0x2ee0
[  925.125614][T16206]  fuse_readdir+0x1581/0x2ee0
[  925.125654][T16206]  ? __lock_acquire+0x6b5/0x2cf0
[  925.125687][T16206]  ? look_up_lock_class+0x57/0x110
[  925.125728][T16206]  ? __lock_acquire+0x6b5/0x2cf0
[  925.125762][T16206]  ? _parse_integer_limit+0x1ae/0x1f0
[  925.125793][T16206]  ? __pfx_fuse_readdir+0x10/0x10
[  925.125818][T16206]  ? aa_file_perm+0x12d/0x1630
[  925.125848][T16206]  ? look_up_lock_class+0x57/0x110
[  925.125874][T16206]  ? register_lock_class+0x31/0x2e0
[  925.125908][T16206]  ? __lock_acquire+0x6b5/0x2cf0
[  925.125951][T16206]  ? __mutex_lock+0x319/0x1300
[  925.126007][T16206]  ? iterate_dir+0x292/0x570
[  925.126035][T16206]  ? down_read_killable+0x1bb/0x340
[  925.126070][T16206]  iterate_dir+0x399/0x570
[  925.126106][T16206]  __se_sys_getdents64+0xf1/0x280
[  925.126140][T16206]  ? __pfx___se_sys_getdents64+0x10/0x10
[  925.126168][T16206]  ? ksys_write+0x242/0x270
[  925.126195][T16206]  ? __pfx_filldir64+0x10/0x10
[  925.126228][T16206]  ? __pfx_ksys_write+0x10/0x10
[  925.126269][T16206]  do_syscall_64+0xe2/0xf80
[  925.126294][T16206]  ? entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  925.126328][T16206]  ? trace_irq_disable+0x37/0x100
[  925.126346][T16206]  ? clear_bhb_loop+0x60/0xb0
[  925.126373][T16206]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  925.126395][T16206] RIP: 0033:0x7ff3fc19af79
[  925.126415][T16206] Code: ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 e8 ff ff ff f7 d8 64 89 01 48
[  925.126434][T16206] RSP: 002b:00007ff3fa3ee028 EFLAGS: 00000246 ORIG_RAX: 00000000000000d9
[  925.126457][T16206] RAX: ffffffffffffffda RBX: 00007ff3fc415fa0 RCX: 00007ff3fc19af79
[  925.126474][T16206] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000000000005
[  925.126487][T16206] RBP: 00007ff3fa3ee090 R08: 0000000000000000 R09: 0000000000000000
[  925.126502][T16206] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[  925.126515][T16206] R13: 00007ff3fc416038 R14: 00007ff3fc415fa0 R15: 00007ff3fc53fa48
[  925.126550][T16206]  </TASK>
[  925.190190][ T5908] usb 2-1: config 0 interface 239 altsetting 4 has an endpoint descriptor with address 0xA9, changing to 0x89
[  925.654801][ T5892] usb 5-1: new full-speed USB device number 90 using dummy_hcd
[  925.684019][ T5908] usb 2-1: config 0 interface 239 altsetting 4 endpoint 0x89 has invalid maxpacket 28648, setting to 1024
[  925.695725][ T5908] usb 2-1: config 0 interface 239 altsetting 4 bulk endpoint 0x89 has invalid maxpacket 1024
[  925.732920][T16210] netlink: 'syz.3.2812': attribute type 2 has an invalid length.
[  925.783432][ T5908] usb 2-1: config 0 interface 239 altsetting 4 has an endpoint descriptor with address 0xD5, changing to 0x85
[  925.804989][ T5908] usb 2-1: config 0 interface 239 altsetting 4 endpoint 0x85 has invalid wMaxPacketSize 0
[  925.816162][ T5908] usb 2-1: config 0 interface 239 has no altsetting 0
[  925.849744][T16213] xt_TCPMSS: Only works on TCP SYN packets
[  925.868848][ T5892] usb 5-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 10
[  925.883118][ T5892] usb 5-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0
[  925.906492][ T5908] usb 2-1: New USB device found, idVendor=105b, idProduct=1799, bcdDevice=36.e9
[  925.917384][ T5892] usb 5-1: New USB device found, idVendor=04f3, idProduct=0755, bcdDevice= 0.00
[  925.934827][ T5908] usb 2-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  925.943636][ T5892] usb 5-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  925.961696][ T5908] usb 2-1: Product: syz
[  925.977245][ T5892] usb 5-1: config 0 descriptor??
[  925.995083][ T5908] usb 2-1: Manufacturer: syz
[  925.995098][T16213] netlink: 'syz.3.2812': attribute type 25 has an invalid length.
[  926.016361][ T5908] usb 2-1: SerialNumber: syz
[  926.025808][ T5908] usb 2-1: config 0 descriptor??
[  926.031920][T16198] raw-gadget.0 gadget.1: fail, usb_ep_enable returned -22
[  926.039834][T16198] raw-gadget.0 gadget.1: fail, usb_ep_enable returned -22
[  926.240168][ T5877] usb 4-1: new full-speed USB device number 96 using dummy_hcd
[  926.242697][ T5892] usbhid 5-1:0.0: can't add hid device: -71
[  926.265049][ T5892] usbhid 5-1:0.0: probe with driver usbhid failed with error -71
[  926.305140][ T5892] usb 5-1: USB disconnect, device number 90
[  926.322005][T16222] loop2: detected capacity change from 0 to 7
[  926.353342][T16198] openvswitch: netlink: Flow key attr not present in new flow.
[  926.372117][T16222] Dev loop2: unable to read RDB block 7
[  926.390387][T16222]  loop2: unable to read partition table
[  926.408721][T16227] vlan3: entered promiscuous mode
[  926.423482][T16222] loop2: partition table beyond EOD, truncated
[  926.447210][ T5877] usb 4-1: config 4 has an invalid descriptor of length 0, skipping remainder of the config
[  926.468862][ T5877] usb 4-1: config 4 has 0 interfaces, different from the descriptor's value: 1
[  926.478108][T16222] loop_reread_partitions: partition scan of loop2 (þ被xü—ŸÑà– ) failed (rc=-5)
[  926.517879][ T5877] usb 4-1: New USB device found, idVendor=1d40, idProduct=60c6, bcdDevice=af.e7
[  926.530133][ T5877] usb 4-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  926.551425][ T5877] usb 4-1: Product: syz
[  926.569294][ T5877] usb 4-1: Manufacturer: syz
[  926.591765][ T5877] usb 4-1: SerialNumber: syz
[  926.731149][T16233] hub 9-0:1.0: USB hub found
[  926.740755][T16233] hub 9-0:1.0: 1 port detected
[  927.764394][ T5911] usb 2-1: USB disconnect, device number 85
[  928.228521][   T30] audit: type=1800 audit(1770714829.851:2985): pid=16253 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed comm="syz.4.2824" name="SYSV00000000" dev="tmpfs" ino=14 res=0 errno=0
[  928.802025][T16262] netdevsim netdevsim4 netdevsim0: IPsec offload requires 128 bit authentication
[  928.884960][ T5892] usb 6-1: new high-speed USB device number 5 using dummy_hcd
[  928.896567][ T5908] usb 4-1: USB disconnect, device number 96
[  929.185213][ T5892] usb 6-1: Using ep0 maxpacket: 32
[  929.255454][ T5892] usb 6-1: config 0 has an invalid interface number: 1 but max is 0
[  929.263624][ T5892] usb 6-1: config 0 has no interface number 0
[  929.287378][ T5892] usb 6-1: config 0 interface 1 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7
[  929.303228][ T5892] usb 6-1: config 0 interface 1 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0
[  929.317156][ T5892] usb 6-1: New USB device found, idVendor=28bd, idProduct=0094, bcdDevice= 0.00
[  929.341242][ T5892] usb 6-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  929.373103][ T5892] usb 6-1: config 0 descriptor??
[  929.524438][T16268] SET target dimension over the limit!
[  929.623056][   T30] audit: type=1326 audit(1770714831.241:2986): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=16269 comm="syz.0.2829" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f4a3ed9af79 code=0x7ffc0000
[  929.646182][ T5911] usb 2-1: new full-speed USB device number 86 using dummy_hcd
[  929.667815][   T30] audit: type=1326 audit(1770714831.241:2987): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=16269 comm="syz.0.2829" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f4a3ed9af79 code=0x7ffc0000
[  929.696487][   T30] audit: type=1326 audit(1770714831.301:2988): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=16269 comm="syz.0.2829" exe="/root/syz-executor" sig=0 arch=c000003e syscall=314 compat=0 ip=0x7f4a3ed9af79 code=0x7ffc0000
[  929.765742][   T30] audit: type=1326 audit(1770714831.301:2989): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=16269 comm="syz.0.2829" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f4a3ed9af79 code=0x7ffc0000
[  929.792406][   T30] audit: type=1326 audit(1770714831.301:2990): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=16269 comm="syz.0.2829" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f4a3ed9af79 code=0x7ffc0000
[  929.829247][   T30] audit: type=1326 audit(1770714831.301:2991): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=16269 comm="syz.0.2829" exe="/root/syz-executor" sig=0 arch=c000003e syscall=16 compat=0 ip=0x7f4a3ed9af79 code=0x7ffc0000
[  929.877080][ T5911] usb 2-1: not running at top speed; connect to a high speed hub
[  929.891334][   T30] audit: type=1326 audit(1770714831.301:2992): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=16269 comm="syz.0.2829" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f4a3ed9af79 code=0x7ffc0000
[  929.891483][ T5911] usb 2-1: config 1 contains an unexpected descriptor of type 0x2, skipping
[  929.924872][   T30] audit: type=1326 audit(1770714831.301:2993): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=16269 comm="syz.0.2829" exe="/root/syz-executor" sig=0 arch=c000003e syscall=250 compat=0 ip=0x7f4a3ed9af79 code=0x7ffc0000
[  929.950812][ T5911] usb 2-1: config 1 has 2 interfaces, different from the descriptor's value: 3
[  929.961835][ T5911] usb 2-1: config 1 has no interface number 1
[  929.970242][ T5911] usb 2-1: config 1 interface 2 has no altsetting 0
[  929.977896][   T30] audit: type=1326 audit(1770714831.301:2994): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=16269 comm="syz.0.2829" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f4a3ed9af79 code=0x7ffc0000
[  930.004271][ T5911] usb 2-1: New USB device found, idVendor=1d6b, idProduct=0101, bcdDevice= 0.40
[  930.022950][ T5911] usb 2-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  930.045123][ T5911] usb 2-1: Product: syz
[  930.057153][ T5911] usb 2-1: Manufacturer: syz
[  930.065579][ T5911] usb 2-1: SerialNumber: syz
[  930.113815][ T5892] usbhid 6-1:0.1: can't add hid device: -71
[  930.125240][T10389] usb 4-1: new high-speed USB device number 97 using dummy_hcd
[  930.143184][ T5892] usbhid 6-1:0.1: probe with driver usbhid failed with error -71
[  930.218508][ T5892] usb 6-1: USB disconnect, device number 5
[  930.329088][T10389] usb 4-1: config 17 interface 0 altsetting 0 endpoint 0x8B has an invalid bInterval 255, changing to 11
[  930.342919][T16278] netlink: 12 bytes leftover after parsing attributes in process `syz.5.2831'.
[  930.363107][T10389] usb 4-1: config 17 interface 0 altsetting 0 endpoint 0x8B has invalid maxpacket 59391, setting to 1024
[  930.407522][T10389] usb 4-1: New USB device found, idVendor=0458, idProduct=5003, bcdDevice= 0.00
[  930.434864][T10389] usb 4-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  930.452416][ T5911] usb 2-1: selecting invalid altsetting 0
[  930.482200][T16273] raw-gadget.2 gadget.3: fail, usb_ep_enable returned -22
[  930.486754][ T5911] usb 2-1: failed to enable PITCH for EP 0x82
[  930.502364][T16279] bridge1: port 1(veth0_to_bond) entered blocking state
[  930.516141][T16279] bridge1: port 1(veth0_to_bond) entered disabled state
[  930.525323][ T5911] usb 2-1: selecting invalid altsetting 0
[  930.543410][T16279] veth0_to_bond: entered allmulticast mode
[  930.583201][T16279] veth0_to_bond: entered promiscuous mode
[  930.627969][ T5911] usb 2-1: USB disconnect, device number 86
[  930.732946][ T5822] udevd[5822]: error opening ATTR{/sys/devices/platform/dummy_hcd.1/usb2/2-1/2-1:1.0/sound/card3/controlC3/../uevent} for writing: No such file or directory
[  930.854100][T16283] netlink: 'syz.0.2833': attribute type 62 has an invalid length.
[  931.540507][T10389] aiptek 4-1:17.0: Aiptek using 400 ms programming speed
[  931.554951][ T5911] usb 5-1: new high-speed USB device number 91 using dummy_hcd
[  931.567809][T10389] input: Aiptek as /devices/platform/dummy_hcd.3/usb4/4-1/4-1:17.0/input/input43
[  931.734900][ T5911] usb 5-1: Using ep0 maxpacket: 16
[  931.746271][ T5911] usb 5-1: New USB device found, idVendor=0644, idProduct=8021, bcdDevice=38.b7
[  931.759417][ T5911] usb 5-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  931.813235][ T5911] usb 5-1: Product: syz
[  931.881332][T10389] usb 4-1: USB disconnect, device number 97
[  931.887616][    C0] aiptek 4-1:17.0: aiptek_irq - usb_submit_urb failed with result -19
[  931.890027][ T5911] usb 5-1: Manufacturer: syz
[  931.951775][ T5911] usb 5-1: SerialNumber: syz
[  932.368886][ T5911] usb 5-1: config 0 descriptor??
[  932.403450][ T5911] hub 5-1:0.0: bad descriptor, ignoring hub
[  932.416911][ T5911] hub 5-1:0.0: probe with driver hub failed with error -5
[  932.585519][T16308] netlink: 20 bytes leftover after parsing attributes in process `syz.0.2839'.
[  933.624092][T16319] loop9: detected capacity change from 0 to 7
[  933.658911][T16319] buffer_io_error: 9 callbacks suppressed
[  933.658924][T16319] Buffer I/O error on dev loop9, logical block 0, async page read
[  933.711234][T16319] Buffer I/O error on dev loop9, logical block 0, async page read
[  933.721321][T16319] Buffer I/O error on dev loop9, logical block 0, async page read
[  933.732574][T16319] Buffer I/O error on dev loop9, logical block 0, async page read
[  933.759030][T16319] Buffer I/O error on dev loop9, logical block 0, async page read
[  933.805889][T16319] Buffer I/O error on dev loop9, logical block 0, async page read
[  933.838249][T16319] Buffer I/O error on dev loop9, logical block 0, async page read
[  933.883311][T16319] ldm_validate_partition_table(): Disk read failed.
[  933.917602][T16319] Buffer I/O error on dev loop9, logical block 0, async page read
[  933.955657][T16319] Buffer I/O error on dev loop9, logical block 0, async page read
[  933.983204][T16319] Buffer I/O error on dev loop9, logical block 0, async page read
[  934.012083][T16319] Dev loop9: unable to read RDB block 0
[  934.032528][T16319]  loop9: unable to read partition table
[  934.053040][T16319] loop9: partition table beyond EOD, truncated
[  934.077527][T16319] loop_reread_partitions: partition scan of loop9 (þ被xüŸÑø éÚ¬§½dG¤´à–ƒÝ¡¯ �â·û
[  934.077527][T16319] 
) failed (rc=-5)
[  934.331260][   T30] kauditd_printk_skb: 31 callbacks suppressed
[  934.331281][   T30] audit: type=1804 audit(1770714835.951:3026): pid=16321 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=invalid_pcr cause=ToMToU comm="syz.5.2842" name="/newroot/52/file1" dev="fuse" ino=1 res=1 errno=0
[  934.517213][ T5877] usb 2-1: new full-speed USB device number 87 using dummy_hcd
[  934.611223][T16332] syz_tun: entered promiscuous mode
[  934.637310][T16332] syz_tun: left promiscuous mode
[  934.700479][ T5877] usb 2-1: too many endpoints for config 0 interface 0 altsetting 0: 129, using maximum allowed: 30
[  934.720847][ T5877] usb 2-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid maxpacket 512, setting to 64
[  934.758489][ T5877] usb 2-1: config 0 interface 0 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 129
[  934.796750][ T5877] usb 2-1: New USB device found, idVendor=056a, idProduct=00b3, bcdDevice= 0.00
[  934.821178][ T5877] usb 2-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  934.914903][T16334] macvlan0: entered promiscuous mode
[  934.931643][ T5877] usb 2-1: config 0 descriptor??
[  934.978982][T16325] raw-gadget.1 gadget.1: fail, usb_ep_enable returned -22
[  935.406993][ T5908] usb 5-1: USB disconnect, device number 91
[  935.804845][ T5911] usb 5-1: new high-speed USB device number 92 using dummy_hcd
[  935.962609][ T5911] usb 5-1: New USB device found, idVendor=055f, idProduct=c230, bcdDevice=b6.ac
[  935.975056][ T5911] usb 5-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  936.004000][ T5911] usb 5-1: Product: syz
[  936.019082][ T5911] usb 5-1: Manufacturer: syz
[  936.023757][ T5911] usb 5-1: SerialNumber: syz
[  936.081950][ T5911] usb 5-1: config 0 descriptor??
[  936.168682][ T5911] gspca_main: sunplus-2.14.0 probing 055f:c230
[  936.744887][T10389] usb 4-1: new high-speed USB device number 98 using dummy_hcd
[  936.855067][ T5911] gspca_sunplus: reg_r err -110
[  936.860263][ T5911] sunplus 5-1:0.0: probe with driver sunplus failed with error -110
[  936.892535][ T1299] ieee802154 phy0 wpan0: encryption failed: -22
[  936.904824][ T1299] ieee802154 phy1 wpan1: encryption failed: -22
[  937.318569][ T5877] usbhid 2-1:0.0: can't add hid device: -71
[  937.332789][ T5877] usbhid 2-1:0.0: probe with driver usbhid failed with error -71
[  937.377029][ T5877] usb 2-1: USB disconnect, device number 87
[  938.613516][ T5897] usb 5-1: USB disconnect, device number 92
[  940.704829][ T5911] usb 5-1: new high-speed USB device number 93 using dummy_hcd
[  941.374917][ T5911] usb 5-1: Using ep0 maxpacket: 16
[  941.445536][ T5911] usb 5-1: New USB device found, idVendor=0644, idProduct=8021, bcdDevice=38.b7
[  941.458807][ T5911] usb 5-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  941.494990][T10389] usb 4-1: new high-speed USB device number 99 using dummy_hcd
[  941.649446][ T5911] usb 5-1: Product: syz
[  941.653673][ T5911] usb 5-1: Manufacturer: syz
[  941.674762][ T5911] usb 5-1: SerialNumber: syz
[  941.704991][ T5911] usb 5-1: config 0 descriptor??
[  941.724516][T10389] usb 4-1: config 1 has an invalid descriptor of length 0, skipping remainder of the config
[  941.739863][T10389] usb 4-1: config 1 has 1 interface, different from the descriptor's value: 3
[  941.743138][ T5911] hub 5-1:0.0: bad descriptor, ignoring hub
[  941.776905][T10389] usb 4-1: New USB device found, idVendor=08b7, idProduct=0000, bcdDevice= 0.00
[  941.787249][T10389] usb 4-1: New USB device strings: Mfr=0, Product=0, SerialNumber=3
[  941.806593][ T5911] hub 5-1:0.0: probe with driver hub failed with error -5
[  941.820279][T10389] usb 4-1: SerialNumber: syz
[  941.968177][T16424] netlink: 1204 bytes leftover after parsing attributes in process `syz.1.2874'.
[  942.625168][   T30] audit: type=1326 audit(1770714844.201:3027): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=16428 comm="syz.1.2875" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f9b3bf9af79 code=0x7ffc0000
[  942.657429][   T30] audit: type=1326 audit(1770714844.201:3028): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=16428 comm="syz.1.2875" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f9b3bf9af79 code=0x7ffc0000
[  943.165369][   T30] audit: type=1326 audit(1770714844.201:3029): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=16428 comm="syz.1.2875" exe="/root/syz-executor" sig=0 arch=c000003e syscall=314 compat=0 ip=0x7f9b3bf9af79 code=0x7ffc0000
[  943.519770][   T30] audit: type=1326 audit(1770714844.201:3030): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=16428 comm="syz.1.2875" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f9b3bf9af79 code=0x7ffc0000
[  943.603817][   T30] audit: type=1326 audit(1770714844.201:3031): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=16428 comm="syz.1.2875" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f9b3bf9af79 code=0x7ffc0000
[  943.659164][   T30] audit: type=1326 audit(1770714844.201:3032): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=16428 comm="syz.1.2875" exe="/root/syz-executor" sig=0 arch=c000003e syscall=16 compat=0 ip=0x7f9b3bf9af79 code=0x7ffc0000
[  943.689902][T16441] gretap0: entered promiscuous mode
[  943.698236][T16441] vlan2: entered promiscuous mode
[  943.719455][   T30] audit: type=1326 audit(1770714844.201:3033): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=16428 comm="syz.1.2875" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f9b3bf9af79 code=0x7ffc0000
[  943.764584][   T30] audit: type=1326 audit(1770714844.201:3034): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=16428 comm="syz.1.2875" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f9b3bf9af79 code=0x7ffc0000
[  943.828907][   T30] audit: type=1326 audit(1770714844.201:3035): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=16428 comm="syz.1.2875" exe="/root/syz-executor" sig=0 arch=c000003e syscall=250 compat=0 ip=0x7f9b3bf9af79 code=0x7ffc0000
[  943.897451][   T30] audit: type=1326 audit(1770714844.201:3036): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=16428 comm="syz.1.2875" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f9b3bf9af79 code=0x7ffc0000
[  944.072046][T16443] 8021q: adding VLAN 0 to HW filter on device macvlan1
[  944.640503][ T5892] usb 5-1: USB disconnect, device number 93
[  944.648378][T16456] netlink: 20 bytes leftover after parsing attributes in process `syz.4.2885'.
[  944.906299][T16461] netlink: 72 bytes leftover after parsing attributes in process `syz.5.2882'.
[  944.927317][T10389] usb 4-1: 0:2 : does not exist
[  944.954063][T10389] usb 4-1: USB disconnect, device number 99
[  945.042788][ T5829] udevd[5829]: error opening ATTR{/sys/devices/platform/dummy_hcd.3/usb4/4-1/4-1:1.0/sound/card3/controlC3/../uevent} for writing: No such file or directory
[  945.119303][T16468] netlink: 4 bytes leftover after parsing attributes in process `syz.4.2886'.
[  945.152310][T16468] netlink: 28 bytes leftover after parsing attributes in process `syz.4.2886'.
[  945.666596][T16481] netdevsim netdevsim0 netdevsim0: IPsec offload requires 128 bit authentication
[  946.474873][ T5908] usb 4-1: new high-speed USB device number 100 using dummy_hcd
[  946.694807][ T5908] usb 4-1: device descriptor read/64, error -71
[  947.279767][ T5908] usb 4-1: new high-speed USB device number 101 using dummy_hcd
[  947.968078][T16499] kvm: vcpu 2: requested lapic timer restore with starting count register 0x390=198462431 (396924862 ns) > initial count (148514 ns). Using initial count to start timer.
[  948.044804][ T5908] usb 4-1: device descriptor read/64, error -71
[  948.168898][ T5908] usb usb4-port1: attempt power cycle
[  948.452232][T16502] netlink: 1204 bytes leftover after parsing attributes in process `syz.4.2893'.
[  948.534856][ T5908] usb 4-1: new high-speed USB device number 102 using dummy_hcd
[  949.536858][T16519] netlink: 20 bytes leftover after parsing attributes in process `syz.0.2900'.
[  949.853182][ T5908] usb 4-1: device descriptor read/8, error -71
[  950.135171][T16534] kvm_intel: set kvm_intel.dump_invalid_vmcs=1 to dump internal KVM state.
[  950.557199][T16542] netlink: 28 bytes leftover after parsing attributes in process `syz.0.2907'.
[  951.007161][T16556] fuse: Bad value for 'group_id'
[  951.025861][T16556] fuse: Bad value for 'group_id'
[  951.141955][T16558] netlink: 4 bytes leftover after parsing attributes in process `syz.5.2914'.
[  951.161482][T16558] FAULT_INJECTION: forcing a failure.
[  951.161482][T16558] name failslab, interval 1, probability 0, space 0, times 0
[  951.211213][T16558] CPU: 0 UID: 0 PID: 16558 Comm: syz.5.2914 Tainted: G             L      syzkaller #0 PREEMPT(full) 
[  951.211248][T16558] Tainted: [L]=SOFTLOCKUP
[  951.211256][T16558] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/24/2026
[  951.211268][T16558] Call Trace:
[  951.211276][T16558]  <TASK>
[  951.211285][T16558]  dump_stack_lvl+0xe8/0x150
[  951.211318][T16558]  should_fail_ex+0x412/0x560
[  951.211352][T16558]  should_failslab+0xa8/0x100
[  951.211376][T16558]  kmem_cache_alloc_noprof+0x87/0x6e0
[  951.211407][T16558]  ? skb_clone+0x212/0x3a0
[  951.211432][T16558]  skb_clone+0x212/0x3a0
[  951.211456][T16558]  __netlink_deliver_tap+0x404/0x850
[  951.211491][T16558]  ? netlink_deliver_tap+0x2e/0x1b0
[  951.211517][T16558]  netlink_deliver_tap+0x19c/0x1b0
[  951.211543][T16558]  netlink_sendskb+0x68/0x140
[  951.211565][T16558]  netlink_unicast+0x3a3/0x9b0
[  951.211594][T16558]  ? __pfx_netlink_unicast+0x10/0x10
[  951.211624][T16558]  netlink_rcv_skb+0x2b6/0x4b0
[  951.211648][T16558]  ? __pfx_genl_rcv_msg+0x10/0x10
[  951.211678][T16558]  ? __pfx_netlink_rcv_skb+0x10/0x10
[  951.211699][T16558]  ? genl_rcv+0x19/0x40
[  951.211742][T16558]  ? down_read+0x272/0x2e0
[  951.211768][T16558]  ? genl_rcv+0xd/0x40
[  951.211798][T16558]  genl_rcv+0x28/0x40
[  951.211834][T16558]  netlink_unicast+0x80f/0x9b0
[  951.211866][T16558]  ? __pfx_netlink_unicast+0x10/0x10
[  951.211888][T16558]  ? __alloc_skb+0x193/0x390
[  951.211916][T16558]  ? netlink_sendmsg+0x650/0xb40
[  951.211939][T16558]  ? skb_put+0x11b/0x210
[  951.211971][T16558]  netlink_sendmsg+0x813/0xb40
[  951.212005][T16558]  ? __pfx_netlink_sendmsg+0x10/0x10
[  951.212034][T16558]  ? aa_sock_msg_perm+0xf1/0x1b0
[  951.212065][T16558]  ? bpf_lsm_socket_sendmsg+0x9/0x20
[  951.212088][T16558]  ? __pfx_netlink_sendmsg+0x10/0x10
[  951.212121][T16558]  ____sys_sendmsg+0xa68/0xad0
[  951.212152][T16558]  ? __might_fault+0xaf/0x130
[  951.212187][T16558]  ? __pfx_____sys_sendmsg+0x10/0x10
[  951.212234][T16558]  ? import_iovec+0x73/0xa0
[  951.212259][T16558]  ___sys_sendmsg+0x2a5/0x360
[  951.212288][T16558]  ? __lock_acquire+0x6b5/0x2cf0
[  951.212323][T16558]  ? __pfx____sys_sendmsg+0x10/0x10
[  951.212392][T16558]  ? __fget_files+0x2a/0x420
[  951.212414][T16558]  ? __fget_files+0x3a0/0x420
[  951.212448][T16558]  __x64_sys_sendmsg+0x1bd/0x2a0
[  951.212484][T16558]  ? __pfx___x64_sys_sendmsg+0x10/0x10
[  951.212527][T16558]  ? __pfx_ksys_write+0x10/0x10
[  951.212568][T16558]  do_syscall_64+0xe2/0xf80
[  951.212594][T16558]  ? entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  951.212615][T16558]  ? trace_irq_disable+0x37/0x100
[  951.212633][T16558]  ? clear_bhb_loop+0x60/0xb0
[  951.212659][T16558]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  951.212681][T16558] RIP: 0033:0x7ff3fc19af79
[  951.212701][T16558] Code: ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 e8 ff ff ff f7 d8 64 89 01 48
[  951.212721][T16558] RSP: 002b:00007ff3fa3ee028 EFLAGS: 00000246 ORIG_RAX: 000000000000002e
[  951.212744][T16558] RAX: ffffffffffffffda RBX: 00007ff3fc415fa0 RCX: 00007ff3fc19af79
[  951.212760][T16558] RDX: 0000000020000084 RSI: 0000200000000100 RDI: 0000000000000005
[  951.212776][T16558] RBP: 00007ff3fa3ee090 R08: 0000000000000000 R09: 0000000000000000
[  951.212789][T16558] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[  951.212802][T16558] R13: 00007ff3fc416038 R14: 00007ff3fc415fa0 R15: 00007ff3fc53fa48
[  951.212838][T16558]  </TASK>
[  951.851588][T16566] netlink: 44 bytes leftover after parsing attributes in process `syz.1.2917'.
[  952.544471][T16574] netlink: 4 bytes leftover after parsing attributes in process `syz.0.2919'.
[  952.557131][T16574] netlink: 28 bytes leftover after parsing attributes in process `syz.0.2919'.
[  952.825544][ T5951] usb 6-1: new high-speed USB device number 6 using dummy_hcd
[  953.066137][ T5951] usb 6-1: too many configurations: 47, using maximum allowed: 8
[  953.139563][T16585] netlink: 1204 bytes leftover after parsing attributes in process `syz.3.2922'.
[  953.147033][ T5951] usb 6-1: New USB device found, idVendor=0cf3, idProduct=9271, bcdDevice= 1.08
[  953.184799][ T5951] usb 6-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  953.318206][   T30] kauditd_printk_skb: 32 callbacks suppressed
[  953.318231][   T30] audit: type=1800 audit(1770714854.931:3069): pid=16586 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed comm="syz.0.2923" name="SYSV00000000" dev="tmpfs" ino=19 res=0 errno=0
[  953.374735][ T5951] usb 6-1: Product: syz
[  953.384809][ T5951] usb 6-1: Manufacturer: syz
[  953.397532][ T5951] usb 6-1: SerialNumber: syz
[  953.426918][ T5951] usb 6-1: ath9k_htc: Firmware ath9k_htc/htc_9271-1.4.0.fw requested
[  953.468766][ T5892] usb 6-1: ath9k_htc: Transferred FW: ath9k_htc/htc_9271-1.4.0.fw, size: 51008
[  953.887393][T16595] netlink: 36 bytes leftover after parsing attributes in process `syz.4.2925'.
[  953.897235][T16595] netlink: 12 bytes leftover after parsing attributes in process `syz.4.2925'.
[  953.992773][T16595] netlink: 8 bytes leftover after parsing attributes in process `syz.4.2925'.
[  953.999530][T16598] netlink: 'syz.4.2925': attribute type 6 has an invalid length.
[  954.036648][T16599] netdevsim netdevsim0 netdevsim0: IPsec offload requires 128 bit authentication
[  954.255205][T16598] netlink: 36 bytes leftover after parsing attributes in process `syz.4.2925'.
[  954.338536][T14490] usb 6-1: USB disconnect, device number 6
[  954.361800][T16598] bridge0: port 1(bridge_slave_0) entered disabled state
[  954.811684][ T5892] usb 6-1: Service connection timeout for: 256
[  954.821186][   T30] audit: type=1326 audit(1770714856.411:3070): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=16601 comm="syz.3.2926" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f3a7539af79 code=0x7ffc0000
[  954.845934][ T5892] ath9k_htc 6-1:1.0: ath9k_htc: Unable to initialize HTC services
[  954.854307][ T5892] ath9k_htc: Failed to initialize the device
[  954.862464][   T30] audit: type=1326 audit(1770714856.421:3071): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=16601 comm="syz.3.2926" exe="/root/syz-executor" sig=0 arch=c000003e syscall=314 compat=0 ip=0x7f3a7539af79 code=0x7ffc0000
[  954.887659][   T30] audit: type=1326 audit(1770714856.421:3072): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=16601 comm="syz.3.2926" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f3a7539af79 code=0x7ffc0000
[  954.924108][T14490] usb 6-1: ath9k_htc: USB layer deinitialized
[  955.104627][   T30] audit: type=1326 audit(1770714856.421:3073): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=16601 comm="syz.3.2926" exe="/root/syz-executor" sig=0 arch=c000003e syscall=16 compat=0 ip=0x7f3a7539af79 code=0x7ffc0000
[  955.141313][   T30] audit: type=1326 audit(1770714856.421:3074): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=16601 comm="syz.3.2926" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f3a7539af79 code=0x7ffc0000
[  955.189260][   T30] audit: type=1326 audit(1770714856.421:3075): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=16601 comm="syz.3.2926" exe="/root/syz-executor" sig=0 arch=c000003e syscall=250 compat=0 ip=0x7f3a7539af79 code=0x7ffc0000
[  955.440457][T16623] netlink: 72 bytes leftover after parsing attributes in process `syz.5.2931'.
[  955.471327][   T30] audit: type=1326 audit(1770714856.421:3076): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=16601 comm="syz.3.2926" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f3a7539af79 code=0x7ffc0000
[  955.747825][T16633] loop9: detected capacity change from 0 to 7
[  955.765312][T16633] buffer_io_error: 9 callbacks suppressed
[  955.765326][T16633] Buffer I/O error on dev loop9, logical block 0, async page read
[  955.791407][T16633] Buffer I/O error on dev loop9, logical block 0, async page read
[  955.817459][   T30] audit: type=1326 audit(1770714856.421:3077): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=16601 comm="syz.3.2926" exe="/root/syz-executor" sig=0 arch=c000003e syscall=257 compat=0 ip=0x7f3a7539af79 code=0x7ffc0000
[  955.934590][   T30] audit: type=1326 audit(1770714856.421:3078): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=16601 comm="syz.3.2926" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f3a7539af79 code=0x7ffc0000
[  955.986491][T16633] Buffer I/O error on dev loop9, logical block 0, async page read
[  956.022007][T16633] Buffer I/O error on dev loop9, logical block 0, async page read
[  956.120279][T16633] Buffer I/O error on dev loop9, logical block 0, async page read
[  956.247331][T16633] Buffer I/O error on dev loop9, logical block 0, async page read
[  956.264985][T16633] Buffer I/O error on dev loop9, logical block 0, async page read
[  956.290745][T16633] ldm_validate_partition_table(): Disk read failed.
[  956.314563][T16633] Buffer I/O error on dev loop9, logical block 0, async page read
[  956.356685][T16633] Buffer I/O error on dev loop9, logical block 0, async page read
[  956.394874][T16633] Buffer I/O error on dev loop9, logical block 0, async page read
[  956.441853][T16633] Dev loop9: unable to read RDB block 0
[  956.454979][T16633]  loop9: unable to read partition table
[  956.471293][T16633] loop9: partition table beyond EOD, truncated
[  956.481301][T16633] loop_reread_partitions: partition scan of loop9 (þ被xüŸÑø éÚ¬§½dG¤´à–ƒÝ¡¯ �â·û
[  956.481301][T16633] 
) failed (rc=-5)
[  956.945029][T16644] Cannot find add_set index 0 as target
[  957.854834][ T5897] usb 2-1: new full-speed USB device number 88 using dummy_hcd
[  958.045242][ T5897] usb 2-1: config 0 interface 0 altsetting 0 endpoint 0xD has invalid wMaxPacketSize 0
[  958.078869][ T5897] usb 2-1: config 0 interface 0 altsetting 0 endpoint 0xA has invalid wMaxPacketSize 0
[  958.097571][ T5897] usb 2-1: config 0 interface 0 altsetting 0 endpoint 0xD has invalid wMaxPacketSize 0
[  958.119727][ T5897] usb 2-1: config 0 interface 0 altsetting 0 endpoint 0xA has invalid wMaxPacketSize 0
[  958.139935][ T5897] usb 2-1: config 0 interface 0 altsetting 0 endpoint 0xD has invalid wMaxPacketSize 0
[  958.150462][ T5897] usb 2-1: config 0 interface 0 altsetting 0 endpoint 0xA has invalid wMaxPacketSize 0
[  958.186999][ T5897] usb 2-1: New USB device found, idVendor=0451, idProduct=5152, bcdDevice=c0.b9
[  958.197798][ T5897] usb 2-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  958.206426][ T5897] usb 2-1: Product: syz
[  958.210826][ T5897] usb 2-1: Manufacturer: syz
[  958.216251][T14490] usb 4-1: new high-speed USB device number 104 using dummy_hcd
[  958.224897][ T5897] usb 2-1: SerialNumber: syz
[  958.282366][ T5897] usb 2-1: config 0 descriptor??
[  958.860595][T16665] Cannot find add_set index 2 as target
[  958.949541][ T5897] ti_usb_3410_5052 2-1:0.0: TI USB 5052 2 port adapter converter detected
[  958.969114][ T5897] ti_usb_3410_5052 2-1:0.0: missing endpoints
[  960.534811][   T10] usb 5-1: new high-speed USB device number 94 using dummy_hcd
[  960.554869][T16680] loop9: detected capacity change from 0 to 7
[  960.578806][T16680] ldm_validate_partition_table(): Disk read failed.
[  960.600940][T16680] Dev loop9: unable to read RDB block 0
[  960.620086][T16680]  loop9: unable to read partition table
[  960.637097][T16680] loop9: partition table beyond EOD, truncated
[  960.660879][T16680] loop_reread_partitions: partition scan of loop9 (þ被xüŸÑø éÚ¬§½dG¤´à–ƒÝ¡¯ �â·û
[  960.660879][T16680] 
) failed (rc=-5)
[  960.706388][   T10] usb 5-1: Using ep0 maxpacket: 16
[  960.731602][   T10] usb 5-1: config 0 has no interfaces?
[  960.739438][   T10] usb 5-1: New USB device found, idVendor=2040, idProduct=b138, bcdDevice= 1.42
[  960.771436][   T10] usb 5-1: New USB device strings: Mfr=4, Product=0, SerialNumber=0
[  960.808833][   T10] usb 5-1: Manufacturer: syz
[  960.853056][   T10] usb 5-1: config 0 descriptor??
[  961.107048][   T10] usb 2-1: USB disconnect, device number 88
[  961.445338][T16693] hub 9-0:1.0: USB hub found
[  961.465244][T16693] hub 9-0:1.0: 1 port detected
[  961.962212][ T5835] Bluetooth: hci0: unexpected cc 0x0c03 length: 249 > 1
[  961.976770][ T5835] Bluetooth: hci0: unexpected cc 0x1003 length: 249 > 9
[  961.989158][ T5835] Bluetooth: hci0: unexpected cc 0x1001 length: 249 > 9
[  962.000147][ T5835] Bluetooth: hci0: unexpected cc 0x0c23 length: 249 > 4
[  962.019924][ T5835] Bluetooth: hci0: unexpected cc 0x0c38 length: 249 > 2
[  962.654819][T16711] netlink: 8 bytes leftover after parsing attributes in process `syz.1.2955'.
[  962.730019][T16716] netlink: 72 bytes leftover after parsing attributes in process `syz.3.2954'.
[  963.106919][T11215] syz_tun (unregistering): left promiscuous mode
[  963.154293][T16705] chnl_net:caif_netlink_parms(): no params data found
[  963.735676][T14490] usb 5-1: USB disconnect, device number 94
[  963.871812][T16705] bridge0: port 1(bridge_slave_0) entered blocking state
[  963.904157][T16737] netlink: 4 bytes leftover after parsing attributes in process `syz.5.2958'.
[  963.931991][T16705] bridge0: port 1(bridge_slave_0) entered disabled state
[  963.946242][T16705] bridge_slave_0: entered allmulticast mode
[  963.969399][T16705] bridge_slave_0: entered promiscuous mode
[  963.990849][T16736] syz_tun: entered promiscuous mode
[  964.049709][T16736] syz_tun: left promiscuous mode
[  964.090769][ T5835] Bluetooth: hci0: command tx timeout
[  964.169246][T16705] bridge0: port 2(bridge_slave_1) entered blocking state
[  964.196790][T16705] bridge0: port 2(bridge_slave_1) entered disabled state
[  964.207875][T16705] bridge_slave_1: entered allmulticast mode
[  964.217395][T16705] bridge_slave_1: entered promiscuous mode
[  964.326102][T16705] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link
[  964.362780][T16705] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link
[  964.393305][T16741] syzkaller0: entered promiscuous mode
[  964.423408][T16741] syzkaller0: entered allmulticast mode
[  964.461039][ T5951] usb 6-1: new high-speed USB device number 7 using dummy_hcd
[  964.688682][T16705] team0: Port device team_slave_0 added
[  964.695101][ T5951] usb 6-1: Using ep0 maxpacket: 16
[  964.983088][   T30] kauditd_printk_skb: 30 callbacks suppressed
[  964.983117][   T30] audit: type=1326 audit(1770714866.601:3109): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=16750 comm="syz.3.2963" exe="/root/syz-executor" sig=31 arch=c000003e syscall=202 compat=0 ip=0x7f3a7539af79 code=0x0
[  965.077310][ T5951] usb 6-1: config 0 has no interfaces?
[  965.095106][ T5951] usb 6-1: New USB device found, idVendor=2040, idProduct=b138, bcdDevice= 1.42
[  965.101637][T16705] team0: Port device team_slave_1 added
[  965.104554][ T5951] usb 6-1: New USB device strings: Mfr=4, Product=0, SerialNumber=0
[  965.104582][ T5951] usb 6-1: Manufacturer: syz
[  965.169115][ T5951] usb 6-1: config 0 descriptor??
[  965.323319][T16705] batman_adv: batadv0: Adding interface: batadv_slave_0
[  965.340760][T16705] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1532 would solve the problem.
[  965.478175][T16705] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active
[  965.479226][T16756] loop9: detected capacity change from 0 to 7
[  965.498425][ T7015] buffer_io_error: 28 callbacks suppressed
[  965.498446][ T7015] Buffer I/O error on dev loop9, logical block 0, async page read
[  965.521363][ T7015] Buffer I/O error on dev loop9, logical block 0, async page read
[  965.535925][T16705] batman_adv: batadv0: Adding interface: batadv_slave_1
[  965.553535][T16705] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1532 would solve the problem.
[  965.553995][ T7015] Buffer I/O error on dev loop9, logical block 0, async page read
[  965.735797][ T7015] Buffer I/O error on dev loop9, logical block 0, async page read
[  965.743999][ T7015] Buffer I/O error on dev loop9, logical block 0, async page read
[  965.752115][ T7015] Buffer I/O error on dev loop9, logical block 0, async page read
[  965.773801][T16705] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active
[  965.813440][ T7015] Buffer I/O error on dev loop9, logical block 0, async page read
[  965.842208][ T7015] ldm_validate_partition_table(): Disk read failed.
[  965.862212][ T7015] Buffer I/O error on dev loop9, logical block 0, async page read
[  965.882257][ T7015] Buffer I/O error on dev loop9, logical block 0, async page read
[  965.904493][ T7015] Buffer I/O error on dev loop9, logical block 0, async page read
[  965.922447][ T7015] Dev loop9: unable to read RDB block 0
[  965.938113][ T7015]  loop9: unable to read partition table
[  965.968323][ T7015] loop9: partition table beyond EOD, truncated
[  965.990937][T16756] ldm_validate_partition_table(): Disk read failed.
[  966.003810][T16756] Dev loop9: unable to read RDB block 0
[  966.015045][T16756]  loop9: unable to read partition table
[  966.021320][T16756] loop9: partition table beyond EOD, truncated
[  966.028073][T16756] loop_reread_partitions: partition scan of loop9 (þ被xüŸÑø éÚ¬§½dG¤´à–ƒÝ¡¯ �â·û
[  966.028073][T16756] 
) failed (rc=-5)
[  966.175245][ T5835] Bluetooth: hci0: command tx timeout
[  966.348440][T16705] hsr_slave_0: entered promiscuous mode
[  966.378761][T16705] hsr_slave_1: entered promiscuous mode
[  966.401054][T16705] debugfs: 'hsr0' already exists in 'hsr'
[  966.419973][T16705] Cannot create hsr debugfs directory
[  966.740035][ T5951] usb 6-1: USB disconnect, device number 7
[  967.351802][T16705] netdevsim netdevsim0 netdevsim3 (unregistering): unset [0, 0] type 1 family 0 port 8472 - 0
[  967.501197][T16705] netdevsim netdevsim0 netdevsim2 (unregistering): unset [0, 0] type 1 family 0 port 8472 - 0
[  967.681624][T16705] netdevsim netdevsim0 netdevsim1 (unregistering): unset [0, 0] type 1 family 0 port 8472 - 0
[  967.859932][T16705] netdevsim netdevsim0 netdevsim0 (unregistering): unset [0, 0] type 1 family 0 port 8472 - 0
[  968.143619][T16705] netdevsim netdevsim0 netdevsim0: renamed from eth0
[  968.245291][ T5835] Bluetooth: hci0: command tx timeout
[  968.256040][T16705] netdevsim netdevsim0 netdevsim1: renamed from eth1
[  968.287910][T16705] netdevsim netdevsim0 netdevsim2: renamed from eth2
[  968.328278][T16786] iommufd_mock iommufd_mock0: Adding to iommu group 0
[  968.351264][T16705] netdevsim netdevsim0 netdevsim3: renamed from eth3
[  968.511831][T16705] 8021q: adding VLAN 0 to HW filter on device bond0
[  968.579556][T16705] 8021q: adding VLAN 0 to HW filter on device team0
[  968.615728][T10669] bridge0: port 1(bridge_slave_0) entered blocking state
[  968.622966][T10669] bridge0: port 1(bridge_slave_0) entered forwarding state
[  968.675000][T14490] usb 6-1: new high-speed USB device number 8 using dummy_hcd
[  968.684102][T10669] bridge0: port 2(bridge_slave_1) entered blocking state
[  968.691335][T10669] bridge0: port 2(bridge_slave_1) entered forwarding state
[  968.906193][T14490] usb 6-1: too many configurations: 47, using maximum allowed: 8
[  968.959511][T14490] usb 6-1: New USB device found, idVendor=0cf3, idProduct=9271, bcdDevice= 1.08
[  968.992575][T14490] usb 6-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  969.010008][T14490] usb 6-1: Product: syz
[  969.052054][T14490] usb 6-1: Manufacturer: syz
[  969.064613][T14490] usb 6-1: SerialNumber: syz
[  969.093823][T14490] usb 6-1: ath9k_htc: Firmware ath9k_htc/htc_9271-1.4.0.fw requested
[  969.119353][T10389] usb 6-1: ath9k_htc: Transferred FW: ath9k_htc/htc_9271-1.4.0.fw, size: 51008
[  969.139444][T16705] 8021q: adding VLAN 0 to HW filter on device batadv0
[  969.183218][T16807] netlink: 4 bytes leftover after parsing attributes in process `syz.4.2976'.
[  969.483354][T16705] veth0_vlan: entered promiscuous mode
[  969.524581][T16705] veth1_vlan: entered promiscuous mode
[  969.903598][T14490] usb 6-1: USB disconnect, device number 8
[  969.968353][ T5951] usb 5-1: new high-speed USB device number 95 using dummy_hcd
[  970.304588][T16705] veth0_macvtap: entered promiscuous mode
[  970.316972][T16705] veth1_macvtap: entered promiscuous mode
[  970.332933][ T5835] Bluetooth: hci0: command tx timeout
[  970.335909][ T5951] usb 5-1: Using ep0 maxpacket: 16
[  970.375917][T16705] batman_adv: batadv0: Interface activated: batadv_slave_0
[  970.423679][ T5951] usb 5-1: config 0 has no interfaces?
[  970.457022][ T5951] usb 5-1: New USB device found, idVendor=2040, idProduct=b138, bcdDevice= 1.42
[  970.468418][T16705] batman_adv: batadv0: Interface activated: batadv_slave_1
[  970.487266][T10389] usb 6-1: Service connection timeout for: 256
[  970.497435][T10389] ath9k_htc 6-1:1.0: ath9k_htc: Unable to initialize HTC services
[  970.515610][T10389] ath9k_htc: Failed to initialize the device
[  970.522302][T14490] usb 6-1: ath9k_htc: USB layer deinitialized
[  970.542359][ T5951] usb 5-1: New USB device strings: Mfr=4, Product=0, SerialNumber=0
[  970.562182][T10674] netdevsim netdevsim0 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0
[  970.572488][ T5951] usb 5-1: Manufacturer: syz
[  970.591943][T10674] netdevsim netdevsim0 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0
[  970.643320][T10674] netdevsim netdevsim0 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0
[  970.684152][T10674] netdevsim netdevsim0 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0
[  970.702621][ T5951] usb 5-1: config 0 descriptor??
[  971.108387][T10661] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[  971.116556][T10661] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50
[  971.521052][T10661] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[  971.545470][T10661] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50
[  971.714599][T16822] loop9: detected capacity change from 0 to 7
[  971.732730][T16822] buffer_io_error: 23 callbacks suppressed
[  971.732751][T16822] Buffer I/O error on dev loop9, logical block 0, async page read
[  971.756721][T16822] Buffer I/O error on dev loop9, logical block 0, async page read
[  971.766167][T16822] Buffer I/O error on dev loop9, logical block 0, async page read
[  971.774390][T16822] Buffer I/O error on dev loop9, logical block 0, async page read
[  971.789548][T16822] Buffer I/O error on dev loop9, logical block 0, async page read
[  971.798296][T16822] Buffer I/O error on dev loop9, logical block 0, async page read
[  971.824871][ T5908] usb 6-1: new high-speed USB device number 9 using dummy_hcd
[  971.849406][T16822] Buffer I/O error on dev loop9, logical block 0, async page read
[  971.870565][T16822] ldm_validate_partition_table(): Disk read failed.
[  971.890958][T16822] Buffer I/O error on dev loop9, logical block 0, async page read
[  971.918939][T16822] Buffer I/O error on dev loop9, logical block 0, async page read
[  971.956663][T16822] Buffer I/O error on dev loop9, logical block 0, async page read
[  971.974925][T16822] Dev loop9: unable to read RDB block 0
[  971.993924][T16822]  loop9: unable to read partition table
[  972.000540][ T5908] usb 6-1: Using ep0 maxpacket: 16
[  972.008111][ T5908] usb 6-1: unable to get BOS descriptor or descriptor too short
[  972.028475][T16822] loop9: partition table beyond EOD, truncated
[  972.037727][ T5908] usb 6-1: config 1 has an invalid descriptor of length 0, skipping remainder of the config
[  972.045712][T16822] loop_reread_partitions: partition scan of loop9 (þ被xüŸÑø éÚ¬§½dG¤´à–ƒÝ¡¯ �â·û
[  972.045712][T16822] 
) failed (rc=-5)
[  972.072109][ T5908] usb 6-1: config 1 interface 0 altsetting 127 has 0 endpoint descriptors, different from the interface descriptor's value: 2
[  972.112739][ T5908] usb 6-1: config 1 interface 0 has no altsetting 0
[  972.147536][ T5908] usb 6-1: New USB device found, idVendor=05ac, idProduct=0242, bcdDevice= 0.40
[  972.169233][ T5908] usb 6-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  972.220581][ T5908] usb 6-1: Product: syz
[  972.411127][ T5908] usb 6-1: Manufacturer: syz
[  972.440447][ T5908] usb 6-1: SerialNumber: syz
[  972.460930][ T5908] input: bcm5974 as /devices/platform/dummy_hcd.5/usb6/6-1/6-1:1.0/input/input44
[  972.566544][T16835] netlink: 4 bytes leftover after parsing attributes in process `syz.3.2984'.
[  972.621796][ T5951] usb 5-1: USB disconnect, device number 95
[  972.675489][T16818] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy
[  972.720709][T16818] misc raw-gadget: fail, usb_gadget_register_driver returned -16
[  972.906026][T16843] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy
[  972.915170][T16843] misc raw-gadget: fail, usb_gadget_register_driver returned -16
[  972.934330][T16843] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy
[  972.977619][T16843] misc raw-gadget: fail, usb_gadget_register_driver returned -16
[  973.174989][ T5951] usb 5-1: new high-speed USB device number 96 using dummy_hcd
[  973.335710][ T5951] usb 5-1: too many configurations: 47, using maximum allowed: 8
[  973.392176][ T5951] usb 5-1: New USB device found, idVendor=0cf3, idProduct=9271, bcdDevice= 1.08
[  973.404874][ T5951] usb 5-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  973.440318][ T5951] usb 5-1: Product: syz
[  973.449515][ T5951] usb 5-1: Manufacturer: syz
[  973.456288][ T5951] usb 5-1: SerialNumber: syz
[  973.483701][ T5951] usb 5-1: ath9k_htc: Firmware ath9k_htc/htc_9271-1.4.0.fw requested
[  973.504164][ T5911] usb 5-1: ath9k_htc: Transferred FW: ath9k_htc/htc_9271-1.4.0.fw, size: 51008
[  973.632584][T16859] netlink: 20 bytes leftover after parsing attributes in process `syz.3.2989'.
[  974.501764][T10389] usb 5-1: USB disconnect, device number 96
[  974.785670][ T5177] bcm5974 6-1:1.0: could not read from device
[  974.803371][ T5908] usb 6-1: USB disconnect, device number 9
[  974.813428][ T5177] bcm5974 6-1:1.0: could not read from device
[  974.842534][T16870] vlan2: entered promiscuous mode
[  974.859075][ T5177] bcm5974 6-1:1.0: could not read from device
[  974.887711][T16870] gretap0: entered promiscuous mode
[  975.061647][ T5831] Bluetooth: hci1: unexpected cc 0x0c03 length: 249 > 1
[  975.088512][ T5831] Bluetooth: hci1: unexpected cc 0x1003 length: 249 > 9
[  975.108730][ T5831] Bluetooth: hci1: unexpected cc 0x1001 length: 249 > 9
[  975.125387][ T5911] usb 5-1: Service connection timeout for: 256
[  975.131712][ T5911] ath9k_htc 5-1:1.0: ath9k_htc: Unable to initialize HTC services
[  975.145526][ T5831] Bluetooth: hci1: unexpected cc 0x0c23 length: 249 > 4
[  975.156277][ T5831] Bluetooth: hci1: unexpected cc 0x0c38 length: 249 > 2
[  975.239065][ T5911] ath9k_htc: Failed to initialize the device
[  975.295152][T10389] usb 5-1: ath9k_htc: USB layer deinitialized
[  975.401862][T16880] loop2: detected capacity change from 0 to 7
[  975.414429][ T5829] Dev loop2: unable to read RDB block 7
[  975.436047][ T5829]  loop2: unable to read partition table
[  975.695199][ T5829] loop2: partition table beyond EOD, truncated
[  975.745256][T16880] Dev loop2: unable to read RDB block 7
[  975.757211][T16880]  loop2: unable to read partition table
[  975.770780][T16888] openvswitch: netlink: IP tunnel dst address not specified
[  975.875646][T16891] netlink: 4 bytes leftover after parsing attributes in process `syz.5.2996'.
[  975.923634][T16880] loop2: partition table beyond EOD, truncated
[  975.958465][T16880] loop_reread_partitions: partition scan of loop2 (þ被xü—ŸÑà– ) failed (rc=-5)
[  976.700804][T10389] usb 6-1: new high-speed USB device number 10 using dummy_hcd
[  976.760626][ T7504] syz_tun (unregistering): left promiscuous mode
[  976.870219][T10389] usb 6-1: Using ep0 maxpacket: 16
[  976.953112][T10389] usb 6-1: config 0 has no interfaces?
[  976.990368][T10389] usb 6-1: New USB device found, idVendor=2040, idProduct=b138, bcdDevice= 1.42
[  977.014872][T10389] usb 6-1: New USB device strings: Mfr=4, Product=0, SerialNumber=0
[  977.039202][T10389] usb 6-1: Manufacturer: syz
[  977.130109][T10389] usb 6-1: config 0 descriptor??
[  977.294825][ T5831] Bluetooth: hci1: command tx timeout
[  977.399627][T16906] Cannot find add_set index 2 as target
[  978.390276][T16874] chnl_net:caif_netlink_parms(): no params data found
[  978.726076][T10389] usb 6-1: USB disconnect, device number 10
[  978.982097][T16916] netlink: 8 bytes leftover after parsing attributes in process `syz.0.3001'.
[  979.250080][   T29] usb 5-1: new high-speed USB device number 97 using dummy_hcd
[  979.295890][T16874] bridge0: port 1(bridge_slave_0) entered blocking state
[  979.305276][T16874] bridge0: port 1(bridge_slave_0) entered disabled state
[  979.330937][T16874] bridge_slave_0: entered allmulticast mode
[  979.338785][T16874] bridge_slave_0: entered promiscuous mode
[  979.347735][T16874] bridge0: port 2(bridge_slave_1) entered blocking state
[  979.358663][T16874] bridge0: port 2(bridge_slave_1) entered disabled state
[  979.375077][ T5831] Bluetooth: hci1: command tx timeout
[  979.394477][T16874] bridge_slave_1: entered allmulticast mode
[  979.419148][T16874] bridge_slave_1: entered promiscuous mode
[  979.455010][   T29] usb 5-1: Using ep0 maxpacket: 16
[  979.474071][   T29] usb 5-1: New USB device found, idVendor=0644, idProduct=8021, bcdDevice=38.b7
[  979.507854][   T29] usb 5-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  979.539981][   T29] usb 5-1: Product: syz
[  979.553927][   T29] usb 5-1: Manufacturer: syz
[  979.570606][   T29] usb 5-1: SerialNumber: syz
[  979.613117][   T29] usb 5-1: config 0 descriptor??
[  979.628097][   T29] hub 5-1:0.0: bad descriptor, ignoring hub
[  979.646187][   T29] hub 5-1:0.0: probe with driver hub failed with error -5
[  979.897129][T16874] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link
[  980.011723][ T5831] Bluetooth: hci5: command 0x0406 tx timeout
[  980.054124][ T5951] usb 2-1: new high-speed USB device number 89 using dummy_hcd
[  980.080746][T16874] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link
[  980.216114][ T5951] usb 2-1: too many configurations: 47, using maximum allowed: 8
[  980.237971][ T5951] usb 2-1: New USB device found, idVendor=0cf3, idProduct=9271, bcdDevice= 1.08
[  980.250361][ T5951] usb 2-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  980.286862][ T5951] usb 2-1: Product: syz
[  980.291083][ T5951] usb 2-1: Manufacturer: syz
[  980.334515][ T5951] usb 2-1: SerialNumber: syz
[  980.394448][ T5951] usb 2-1: ath9k_htc: Firmware ath9k_htc/htc_9271-1.4.0.fw requested
[  980.418520][   T29] usb 2-1: ath9k_htc: Transferred FW: ath9k_htc/htc_9271-1.4.0.fw, size: 51008
[  980.545397][T16874] team0: Port device team_slave_0 added
[  980.563623][T16874] team0: Port device team_slave_1 added
[  980.695388][T16874] batman_adv: batadv0: Adding interface: batadv_slave_0
[  980.722322][T16874] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1532 would solve the problem.
[  980.764431][T16874] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active
[  980.793612][T16874] batman_adv: batadv0: Adding interface: batadv_slave_1
[  980.811229][T16874] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1532 would solve the problem.
[  980.845099][T16874] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active
[  980.920165][T16937] netlink: 4 bytes leftover after parsing attributes in process `syz.0.3005'.
[  980.974854][T16937] netlink: 60 bytes leftover after parsing attributes in process `syz.0.3005'.
[  981.115792][ T5897] usb 2-1: USB disconnect, device number 89
[  981.146329][T16874] hsr_slave_0: entered promiscuous mode
[  981.156447][T16874] hsr_slave_1: entered promiscuous mode
[  981.212076][T16874] debugfs: 'hsr0' already exists in 'hsr'
[  981.224899][T16874] Cannot create hsr debugfs directory
[  981.445294][ T5835] Bluetooth: hci1: command tx timeout
[  981.798130][   T29] usb 2-1: Service connection timeout for: 256
[  981.855870][   T29] ath9k_htc 2-1:1.0: ath9k_htc: Unable to initialize HTC services
[  981.906820][   T29] ath9k_htc: Failed to initialize the device
[  981.919377][ T5897] usb 2-1: ath9k_htc: USB layer deinitialized
[  981.989780][T16874] netdevsim netdevsim3 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  982.195904][T16951] netlink: 8 bytes leftover after parsing attributes in process `syz.5.3010'.
[  982.237044][T16958] netlink: 4 bytes leftover after parsing attributes in process `syz.1.3011'.
[  982.385507][T16874] netdevsim netdevsim3 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  982.795461][   T29] usb 5-1: USB disconnect, device number 97
[  982.805738][ T5897] usb 2-1: new high-speed USB device number 90 using dummy_hcd
[  982.816124][T10389] usb 1-1: new high-speed USB device number 89 using dummy_hcd
[  982.916564][T16874] netdevsim netdevsim3 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  983.220096][T10389] usb 1-1: Using ep0 maxpacket: 32
[  983.245272][ T5897] usb 2-1: Using ep0 maxpacket: 16
[  983.258867][ T5897] usb 2-1: config 0 has no interfaces?
[  983.268392][T16874] netdevsim netdevsim3 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  983.282025][T10389] usb 1-1: config 0 has an invalid interface number: 221 but max is 0
[  983.294944][T10389] usb 1-1: config 0 has no interface number 0
[  983.296583][ T5897] usb 2-1: New USB device found, idVendor=2040, idProduct=b138, bcdDevice= 1.42
[  983.324607][T10389] usb 1-1: New USB device found, idVendor=1d50, idProduct=60c6, bcdDevice=62.9b
[  983.340333][ T5897] usb 2-1: New USB device strings: Mfr=4, Product=0, SerialNumber=0
[  983.348857][T10389] usb 1-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  983.399748][ T5897] usb 2-1: Manufacturer: syz
[  983.446434][T10389] usb 1-1: Product: syz
[  983.478502][T10389] usb 1-1: Manufacturer: syz
[  983.491476][ T5897] usb 2-1: config 0 descriptor??
[  983.513030][T10389] usb 1-1: SerialNumber: syz
[  983.535451][ T5835] Bluetooth: hci1: command tx timeout
[  983.574410][T10389] usb 1-1: config 0 descriptor??
[  983.688936][ T5911] usb 6-1: new high-speed USB device number 11 using dummy_hcd
[  983.884803][ T5911] usb 6-1: Using ep0 maxpacket: 16
[  984.377637][T16874] netdevsim netdevsim3 netdevsim0: renamed from eth0
[  984.428536][T16874] netdevsim netdevsim3 netdevsim1: renamed from eth1
[  984.504619][T16874] netdevsim netdevsim3 netdevsim2: renamed from eth2
[  984.555119][T16874] netdevsim netdevsim3 netdevsim3: renamed from eth3
[  984.893355][   T29] usb 1-1: USB disconnect, device number 89
[  985.046612][T16874] 8021q: adding VLAN 0 to HW filter on device bond0
[  985.273938][T16874] 8021q: adding VLAN 0 to HW filter on device team0
[  985.317041][T14532] bridge0: port 1(bridge_slave_0) entered blocking state
[  985.324343][T14532] bridge0: port 1(bridge_slave_0) entered forwarding state
[  985.397459][T14532] bridge0: port 2(bridge_slave_1) entered blocking state
[  985.404870][T14532] bridge0: port 2(bridge_slave_1) entered forwarding state
[  985.884381][ T5897] usb 2-1: USB disconnect, device number 90
[  985.922849][T16874] 8021q: adding VLAN 0 to HW filter on device batadv0
[  986.098118][T16989] netlink: 4 bytes leftover after parsing attributes in process `syz.4.3019'.
[  986.129426][T16874] veth0_vlan: entered promiscuous mode
[  986.178094][T16874] veth1_vlan: entered promiscuous mode
[  986.295672][   T29] usb 1-1: new high-speed USB device number 90 using dummy_hcd
[  986.297265][T16874] veth0_macvtap: entered promiscuous mode
[  986.332411][T16874] veth1_macvtap: entered promiscuous mode
[  986.444225][T16874] batman_adv: batadv0: Interface activated: batadv_slave_0
[  986.454861][   T29] usb 1-1: device descriptor read/64, error -71
[  986.542172][T16874] batman_adv: batadv0: Interface activated: batadv_slave_1
[  986.611333][T10667] netdevsim netdevsim3 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0
[  986.633442][T10667] netdevsim netdevsim3 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0
[  986.658307][T10667] netdevsim netdevsim3 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0
[  986.691101][T10667] netdevsim netdevsim3 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0
[  986.735560][   T29] usb 1-1: new high-speed USB device number 91 using dummy_hcd
[  986.766355][ T5908] usb 2-1: new high-speed USB device number 91 using dummy_hcd
[  986.915450][   T29] usb 1-1: device descriptor read/64, error -71
[  986.938535][T10667] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[  986.959347][ T5908] usb 2-1: config 6 has an invalid interface number: 14 but max is 0
[  986.971183][T10667] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50
[  987.010042][ T5908] usb 2-1: config 6 has no interface number 0
[  987.035370][ T5908] usb 2-1: config 6 interface 14 altsetting 218 endpoint 0x3 has invalid maxpacket 1024, setting to 64
[  987.055911][   T29] usb usb1-port1: attempt power cycle
[  987.085809][ T5908] usb 2-1: config 6 interface 14 has no altsetting 0
[  987.099515][ T5908] usb 2-1: New USB device found, idVendor=0979, idProduct=0227, bcdDevice=6f.50
[  987.108999][ T5908] usb 2-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  987.118383][ T5908] usb 2-1: Product: syz
[  987.122745][ T5908] usb 2-1: Manufacturer: syz
[  987.129149][ T5908] usb 2-1: SerialNumber: syz
[  987.164841][T10667] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[  987.179982][ T5911] usb 6-1: unable to get BOS descriptor or descriptor too short
[  987.195728][ T5911] usb 6-1: unable to read config index 0 descriptor/start: -71
[  987.217512][ T5911] usb 6-1: can't read configurations, error -71
[  987.230442][T10667] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50
[  987.293126][T17006] syz_tun: entered promiscuous mode
[  987.302013][T17006] syz_tun: left promiscuous mode
[  987.388090][ T5908] gspca_main: jl2005bcd-2.14.0 probing 0979:0227
[  987.401557][ T5908] command write [95] error -8
[  987.414801][   T29] usb 1-1: new high-speed USB device number 92 using dummy_hcd
[  987.434516][ T5908] usb 2-1: USB disconnect, device number 91
[  987.457540][   T29] usb 1-1: device descriptor read/8, error -71
[  987.493946][ T5897] usb 5-1: new full-speed USB device number 98 using dummy_hcd
[  987.646965][ T5897] usb 5-1: not running at top speed; connect to a high speed hub
[  987.656677][ T5897] usb 5-1: config 1 contains an unexpected descriptor of type 0x2, skipping
[  987.667111][ T5897] usb 5-1: config 1 has 2 interfaces, different from the descriptor's value: 3
[  987.676414][ T5897] usb 5-1: config 1 has no interface number 1
[  987.682830][ T5897] usb 5-1: config 1 interface 2 has no altsetting 0
[  987.696572][ T5897] usb 5-1: New USB device found, idVendor=1d6b, idProduct=0101, bcdDevice= 0.40
[  987.706655][ T5897] usb 5-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  987.714850][ T5897] usb 5-1: Product: syz
[  987.714983][   T29] usb 1-1: new high-speed USB device number 93 using dummy_hcd
[  987.719403][ T5897] usb 5-1: Manufacturer: syz
[  987.731754][ T5897] usb 5-1: SerialNumber: syz
[  987.768058][   T29] usb 1-1: device descriptor read/8, error -71
[  987.889421][   T29] usb usb1-port1: unable to enumerate USB device
[  987.964470][ T5897] usb 5-1: selecting invalid altsetting 0
[  987.971538][ T5897] usb 5-1: failed to enable PITCH for EP 0x82
[  987.977878][ T5897] usb 5-1: selecting invalid altsetting 0
[  988.050710][ T5897] usb 5-1: USB disconnect, device number 98
[  988.149134][ T6209] udevd[6209]: error opening ATTR{/sys/devices/platform/dummy_hcd.4/usb5/5-1/5-1:1.0/sound/card3/controlC3/../uevent} for writing: No such file or directory
[  988.350909][T17021] netlink: 4 bytes leftover after parsing attributes in process `syz.1.3027'.
[  988.773115][T17033] ip6_tunnel: non-ECT from fc02:0000:0000:0000:0000:0000:0000:0000 with DS=0x6
[  989.255582][ T5877] usb 2-1: new high-speed USB device number 92 using dummy_hcd
[  989.445651][ T5831] Bluetooth: hci3: unexpected cc 0x0c03 length: 249 > 1
[  989.459639][ T5831] Bluetooth: hci3: unexpected cc 0x1003 length: 249 > 9
[  989.475280][ T5831] Bluetooth: hci3: unexpected cc 0x1001 length: 249 > 9
[  989.490388][ T5831] Bluetooth: hci3: unexpected cc 0x0c23 length: 249 > 4
[  989.504323][ T5877] usb 2-1: Using ep0 maxpacket: 16
[  989.516998][ T5831] Bluetooth: hci3: unexpected cc 0x0c38 length: 249 > 2
[  989.591253][ T5877] usb 2-1: config 0 has no interfaces?
[  989.601919][ T5877] usb 2-1: New USB device found, idVendor=2040, idProduct=b138, bcdDevice= 1.42
[  989.620691][ T5877] usb 2-1: New USB device strings: Mfr=4, Product=0, SerialNumber=0
[  989.632943][ T5877] usb 2-1: Manufacturer: syz
[  989.733435][ T5877] usb 2-1: config 0 descriptor??
[  989.755565][T17044] mac80211_hwsim hwsim41 wlan1: entered promiscuous mode
[  989.789852][T17044] macvlan2: entered promiscuous mode
[  989.975503][   T10] usb 1-1: new high-speed USB device number 94 using dummy_hcd
[  990.088885][   T30] audit: type=1800 audit(1770714891.711:3110): pid=17046 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed comm="syz.5.3034" name="SYSV00000000" dev="tmpfs" ino=1 res=0 errno=0
[  990.145971][   T10] usb 1-1: device descriptor read/64, error -71
[  990.445710][   T10] usb 1-1: new high-speed USB device number 95 using dummy_hcd
[  990.674787][   T10] usb 1-1: device descriptor read/64, error -71
[  990.768883][T17053] netdevsim netdevsim5 netdevsim0: IPsec offload requires 128 bit authentication
[  990.984921][   T10] usb usb1-port1: attempt power cycle
[  991.366261][   T10] usb 1-1: new high-speed USB device number 96 using dummy_hcd
[  991.416521][   T10] usb 1-1: device descriptor read/8, error -71
[  991.540618][T17042] chnl_net:caif_netlink_parms(): no params data found
[  991.604884][ T5835] Bluetooth: hci3: command tx timeout
[  991.685197][   T10] usb 1-1: new high-speed USB device number 97 using dummy_hcd
[  991.732749][   T10] usb 1-1: device descriptor read/8, error -71
[  991.879850][T17060] x_tables: ip_tables: osf match: only valid for protocol 6
[  991.891220][   T10] usb usb1-port1: unable to enumerate USB device
[  991.968910][T17042] bridge0: port 1(bridge_slave_0) entered blocking state
[  992.052577][T17042] bridge0: port 1(bridge_slave_0) entered disabled state
[  992.085207][T17042] bridge_slave_0: entered allmulticast mode
[  992.114046][ T5877] usb 2-1: USB disconnect, device number 92
[  992.145408][T17042] bridge_slave_0: entered promiscuous mode
[  992.156432][T17042] bridge0: port 2(bridge_slave_1) entered blocking state
[  992.163577][T17042] bridge0: port 2(bridge_slave_1) entered disabled state
[  992.197944][T17042] bridge_slave_1: entered allmulticast mode
[  992.235473][T17042] bridge_slave_1: entered promiscuous mode
[  992.323790][T17042] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link
[  992.344073][T17042] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link
[  992.439639][T17042] team0: Port device team_slave_0 added
[  992.537012][T17042] team0: Port device team_slave_1 added
[  992.620360][T17042] batman_adv: batadv0: Adding interface: batadv_slave_0
[  992.628113][T17042] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1532 would solve the problem.
[  992.678805][T17042] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active
[  992.690389][T17075] netlink: 'syz.3.3038': attribute type 1 has an invalid length.
[  992.750078][   T30] audit: type=1800 audit(1770714894.371:3111): pid=17079 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed comm="syz.0.3041" name="SYSV00000000" dev="tmpfs" ino=0 res=0 errno=0
[  992.814467][T17075] 8021q: adding VLAN 0 to HW filter on device bond1
[  992.823041][T17042] batman_adv: batadv0: Adding interface: batadv_slave_1
[  992.830482][T17042] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1532 would solve the problem.
[  992.859819][T17042] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active
[  992.954348][T17042] hsr_slave_0: entered promiscuous mode
[  992.966353][T17042] hsr_slave_1: entered promiscuous mode
[  992.983086][T17042] debugfs: 'hsr0' already exists in 'hsr'
[  992.989299][T17042] Cannot create hsr debugfs directory
[  993.007313][T17085] A link change request failed with some changes committed already. Interface netdevsim0 may have been left with an inconsistent configuration, please check.
[  993.344546][T17092] netdevsim netdevsim0 netdevsim0: IPsec offload requires 128 bit authentication
[  993.414583][T17080] netlink: 28 bytes leftover after parsing attributes in process `syz.3.3038'.
[  993.724814][ T5835] Bluetooth: hci3: command tx timeout
[  994.150205][T17095] netlink: 'syz.3.3043': attribute type 15 has an invalid length.
[  994.198719][T17095] sch_tbf: burst 19872 is lower than device lo mtu (65550) !
[  994.442327][T17104] netlink: 4 bytes leftover after parsing attributes in process `syz.5.3045'.
[  994.500652][T17042] netdevsim netdevsim4 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  994.904783][   T29] usb 6-1: new high-speed USB device number 13 using dummy_hcd
[  995.078296][   T29] usb 6-1: Using ep0 maxpacket: 16
[  995.172011][   T29] usb 6-1: config 0 has no interfaces?
[  995.265129][   T29] usb 6-1: New USB device found, idVendor=2040, idProduct=b138, bcdDevice= 1.42
[  995.280626][   T29] usb 6-1: New USB device strings: Mfr=4, Product=0, SerialNumber=0
[  995.291051][   T29] usb 6-1: Manufacturer: syz
[  995.317492][   T29] usb 6-1: config 0 descriptor??
[  995.383435][   T30] audit: type=1800 audit(1770714897.001:3112): pid=17117 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed comm="syz.1.3048" name="SYSV00000000" dev="tmpfs" ino=6 res=0 errno=0
[  995.683446][T17042] netdevsim netdevsim4 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  995.765021][ T5835] Bluetooth: hci3: command tx timeout
[  996.102488][T17128] netdevsim netdevsim1 netdevsim0: IPsec offload requires 128 bit authentication
[  996.355237][T17042] netdevsim netdevsim4 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  996.847743][T17042] netdevsim netdevsim4 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  997.184841][T14490] usb 1-1: new high-speed USB device number 98 using dummy_hcd
[  997.344767][T14490] usb 1-1: Using ep0 maxpacket: 32
[  997.359952][T14490] usb 1-1: config 0 has an invalid interface number: 85 but max is 0
[  997.369081][T14490] usb 1-1: config 0 has no interface number 0
[  997.397149][T14490] usb 1-1: config 0 interface 85 altsetting 7 endpoint 0x82 has an invalid bInterval 0, changing to 7
[  997.423742][T14490] usb 1-1: config 0 interface 85 has no altsetting 0
[  997.448718][T17042] netdevsim netdevsim4 netdevsim0: renamed from eth0
[  997.471843][T14490] usb 1-1: New USB device found, idVendor=05ac, idProduct=0219, bcdDevice=f0.72
[  997.482414][T14490] usb 1-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  997.500429][T17042] netdevsim netdevsim4 netdevsim1: renamed from eth1
[  997.507867][T14490] usb 1-1: Product: syz
[  997.513444][T14490] usb 1-1: Manufacturer: syz
[  997.529756][T14490] usb 1-1: SerialNumber: syz
[  997.534530][T17042] netdevsim netdevsim4 netdevsim2: renamed from eth2
[  997.561567][T14490] usb 1-1: config 0 descriptor??
[  997.602346][T17042] netdevsim netdevsim4 netdevsim3: renamed from eth3
[  997.850798][ T5835] Bluetooth: hci3: command tx timeout
[  998.055443][T14490] appletouch 1-1:0.85: Geyser mode initialized.
[  998.093420][T14490] input: appletouch as /devices/platform/dummy_hcd.0/usb1/1-1/1-1:0.85/input/input45
[  998.337149][ T1299] ieee802154 phy0 wpan0: encryption failed: -22
[  998.344177][ T1299] ieee802154 phy1 wpan1: encryption failed: -22
[  998.368277][   T29] usb 6-1: USB disconnect, device number 13
[  998.396007][ T5897] usb 1-1: USB disconnect, device number 98
[  998.437685][T17042] 8021q: adding VLAN 0 to HW filter on device bond0
[  998.488649][ T5897] appletouch 1-1:0.85: input: appletouch disconnected
[  998.539455][T17042] 8021q: adding VLAN 0 to HW filter on device team0
[  998.586233][T14532] bridge0: port 1(bridge_slave_0) entered blocking state
[  998.593485][T14532] bridge0: port 1(bridge_slave_0) entered forwarding state
[  998.672963][T14532] bridge0: port 2(bridge_slave_1) entered blocking state
[  998.680201][T14532] bridge0: port 2(bridge_slave_1) entered forwarding state
[  998.816332][   T30] audit: type=1326 audit(1770714900.391:3113): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=17143 comm="syz.5.3051" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7ff3fc19af79 code=0x7ffc0000
[  998.876683][T17042] hsr0: Slave B (hsr_slave_1) is not up; please bring it up to get a fully working HSR network
[  998.893495][   T30] audit: type=1326 audit(1770714900.391:3114): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=17143 comm="syz.5.3051" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7ff3fc19af79 code=0x7ffc0000
[  998.934631][T17042] 8021q: adding VLAN 0 to HW filter on device batadv0
[  998.945603][   T30] audit: type=1326 audit(1770714900.391:3115): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=17143 comm="syz.5.3051" exe="/root/syz-executor" sig=0 arch=c000003e syscall=314 compat=0 ip=0x7ff3fc19af79 code=0x7ffc0000
[  998.982101][   T30] audit: type=1326 audit(1770714900.391:3116): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=17143 comm="syz.5.3051" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7ff3fc19af79 code=0x7ffc0000
[  999.005402][   T30] audit: type=1326 audit(1770714900.391:3117): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=17143 comm="syz.5.3051" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7ff3fc19af79 code=0x7ffc0000
[  999.028498][ T5908] usb 2-1: new high-speed USB device number 93 using dummy_hcd
[  999.121152][T17042] veth0_vlan: entered promiscuous mode
[  999.129663][   T30] audit: type=1326 audit(1770714900.391:3118): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=17143 comm="syz.5.3051" exe="/root/syz-executor" sig=0 arch=c000003e syscall=16 compat=0 ip=0x7ff3fc19af79 code=0x7ffc0000
[  999.168863][T17042] veth1_vlan: entered promiscuous mode
[  999.180018][   T30] audit: type=1326 audit(1770714900.391:3119): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=17143 comm="syz.5.3051" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7ff3fc19af79 code=0x7ffc0000
[  999.205025][ T5908] usb 2-1: Using ep0 maxpacket: 8
[  999.213056][ T5908] usb 2-1: config index 0 descriptor too short (expected 301, got 45)
[  999.236863][ T5908] usb 2-1: config 16 interface 0 altsetting 0 endpoint 0x5 has invalid wMaxPacketSize 0
[  999.250107][   T30] audit: type=1326 audit(1770714900.391:3120): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=17143 comm="syz.5.3051" exe="/root/syz-executor" sig=0 arch=c000003e syscall=250 compat=0 ip=0x7ff3fc19af79 code=0x7ffc0000
[  999.275618][ T5908] usb 2-1: config 16 interface 0 altsetting 0 bulk endpoint 0x5 has invalid maxpacket 0
[  999.290784][T17042] veth0_macvtap: entered promiscuous mode
[  999.303858][T17042] veth1_macvtap: entered promiscuous mode
[  999.326934][   T30] audit: type=1326 audit(1770714900.391:3121): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=17143 comm="syz.5.3051" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7ff3fc19af79 code=0x7ffc0000
[  999.329099][ T5908] usb 2-1: config 16 interface 0 altsetting 0 endpoint 0x8B has invalid maxpacket 33056, setting to 1024
[  999.373823][ T5908] usb 2-1: config 16 interface 0 altsetting 0 bulk endpoint 0x8B has invalid maxpacket 1024
[  999.384981][ T5908] usb 2-1: config 16 interface 0 altsetting 0 has 2 endpoint descriptors, different from the interface descriptor's value: 3
[  999.399045][ T5908] usb 2-1: New USB device found, idVendor=ee8d, idProduct=db1e, bcdDevice=61.23
[  999.428453][ T5908] usb 2-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  999.440725][T17042] batman_adv: batadv0: Interface activated: batadv_slave_0
[  999.477780][T17042] batman_adv: batadv0: Interface activated: batadv_slave_1
[  999.517760][T10669] netdevsim netdevsim4 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0
[  999.544301][T10669] netdevsim netdevsim4 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0
[  999.558432][T10669] netdevsim netdevsim4 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0
[  999.570538][T10669] netdevsim netdevsim4 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0
[  999.612827][T17157] ip6gre1: entered promiscuous mode
[  999.620895][T17157] ip6gre1: entered allmulticast mode
[  999.670139][ T5908] usb 2-1: GET_CAPABILITIES returned 0
[  999.716971][ T5908] usbtmc 2-1:16.0: can't read capabilities
[  999.783096][T17159] vlan2: entered promiscuous mode
[  999.825012][T17159] gretap0: entered promiscuous mode
[ 1000.042949][T10669] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[ 1000.058200][T10669] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50
[ 1000.198222][ T1318] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[ 1000.210021][ T1318] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50
[ 1001.191476][T17189] netdevsim netdevsim5 netdevsim0: IPsec offload requires 128 bit authentication
[ 1001.851898][ T5939] usb 2-1: USB disconnect, device number 93
[ 1002.316374][T17207] netlink: 16 bytes leftover after parsing attributes in process `syz.3.3067'.
[ 1002.818434][T17210] loop2: detected capacity change from 0 to 7
[ 1002.877407][ T5829] Dev loop2: unable to read RDB block 7
[ 1002.897187][ T5829]  loop2: unable to read partition table
[ 1002.928110][ T5829] loop2: partition table beyond EOD, truncated
[ 1002.956050][T17210] Dev loop2: unable to read RDB block 7
[ 1002.974765][T17210]  loop2: unable to read partition table
[ 1003.019032][T17210] loop2: partition table beyond EOD, truncated
[ 1003.041740][T17210] loop_reread_partitions: partition scan of loop2 (þ被xü—ŸÑà– ) failed (rc=-5)
[ 1003.148024][T17212] Cannot find add_set index 0 as target
[ 1003.366912][T17214] raw_sendmsg: syz.3.3070 forgot to set AF_INET. Fix it!
[ 1003.719177][T17226] vhci_hcd vhci_hcd.0: pdev(1) rhport(0) sockfd(5)
[ 1003.725766][T17226] vhci_hcd vhci_hcd.0: devid(0) speed(5) speed_str(super-speed)
[ 1003.738340][T17226] vhci_hcd vhci_hcd.0: Device attached
[ 1003.804761][   T10] usb 1-1: new high-speed USB device number 99 using dummy_hcd
[ 1004.014831][   T10] usb 1-1: Using ep0 maxpacket: 16
[ 1004.024968][ T5939] usb 2-1: new full-speed USB device number 94 using dummy_hcd
[ 1004.031367][   T10] usb 1-1: New USB device found, idVendor=061d, idProduct=c020, bcdDevice=9c.15
[ 1004.042009][   T10] usb 1-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[ 1004.127345][   T10] usb 1-1: Product: syz
[ 1004.156183][ T5939] usb 2-1: device descriptor read/64, error -71
[ 1004.156203][ T5877] usb 36-1: SetAddress Request (2) to port 0
[ 1004.214954][ T5877] usb 36-1: new SuperSpeed USB device number 2 using vhci_hcd
[ 1004.283258][   T10] usb 1-1: Manufacturer: syz
[ 1004.303622][   T10] usb 1-1: SerialNumber: syz
[ 1004.404898][ T5939] usb 2-1: new full-speed USB device number 95 using dummy_hcd
[ 1004.409260][   T10] usb 1-1: config 0 descriptor??
[ 1004.431006][   T10] ssu100 1-1:0.0: Quatech SSU-100 USB to Serial Driver converter detected
[ 1004.554832][ T5939] usb 2-1: device descriptor read/64, error -71
[ 1004.665242][ T5939] usb usb2-port1: attempt power cycle
[ 1004.774824][T14490] usb 4-1: new full-speed USB device number 105 using dummy_hcd
[ 1004.932222][T14490] usb 4-1: New USB device found, idVendor=0ccd, idProduct=00b3, bcdDevice=2d.ea
[ 1004.951748][T14490] usb 4-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[ 1004.968002][T14490] usb 4-1: Product: syz
[ 1004.977205][T14490] usb 4-1: Manufacturer: syz
[ 1004.982004][T14490] usb 4-1: SerialNumber: syz
[ 1005.025579][ T5939] usb 2-1: new full-speed USB device number 96 using dummy_hcd
[ 1005.056548][T14490] usb 4-1: config 0 descriptor??
[ 1005.076034][ T5939] usb 2-1: device descriptor read/8, error -71
[ 1005.264975][T14490] usb 4-1: dvb_usb_v2: found a 'TerraTec NOXON DAB Stick' in warm state
[ 1005.309545][T14490] dvb_usb_rtl28xxu 4-1:0.0: probe with driver dvb_usb_rtl28xxu failed with error -71
[ 1005.321847][T17243] netlink: 148 bytes leftover after parsing attributes in process `syz.0.3073'.
[ 1005.327821][ T5939] usb 2-1: new full-speed USB device number 97 using dummy_hcd
[ 1005.355123][   T10] ssu100 1-1:0.0: probe with driver ssu100 failed with error -110
[ 1005.400708][T14490] usb 4-1: USB disconnect, device number 105
[ 1005.466290][ T5939] usb 2-1: device descriptor read/8, error -71
[ 1005.585227][ T5939] usb usb2-port1: unable to enumerate USB device
[ 1005.784808][ T5939] usb 6-1: new high-speed USB device number 14 using dummy_hcd
[ 1005.884743][ T5908] usb 4-1: new full-speed USB device number 106 using dummy_hcd
[ 1005.954783][ T5939] usb 6-1: Using ep0 maxpacket: 16
[ 1005.964572][ T5939] usb 6-1: New USB device found, idVendor=0644, idProduct=8021, bcdDevice=38.b7
[ 1005.974706][ T5939] usb 6-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[ 1005.983106][ T5939] usb 6-1: Product: syz
[ 1005.987783][ T5939] usb 6-1: Manufacturer: syz
[ 1005.992687][ T5939] usb 6-1: SerialNumber: syz
[ 1005.999984][ T5939] usb 6-1: config 0 descriptor??
[ 1006.011900][ T5939] hub 6-1:0.0: bad descriptor, ignoring hub
[ 1006.019554][ T5939] hub 6-1:0.0: probe with driver hub failed with error -5
[ 1006.026978][ T5908] usb 4-1: device descriptor read/64, error -71
[ 1006.274770][ T5908] usb 4-1: new full-speed USB device number 107 using dummy_hcd
[ 1006.405396][ T5908] usb 4-1: device descriptor read/64, error -71
[ 1006.557916][ T5897] usb 1-1: USB disconnect, device number 99
[ 1006.577886][ T5908] usb usb4-port1: attempt power cycle
[ 1006.777866][T17227] vhci_hcd: connection reset by peer
[ 1006.801973][T10669] vhci_hcd vhci_hcd.1: stop threads
[ 1006.838547][T10669] vhci_hcd vhci_hcd.1: release socket
[ 1006.847119][T10669] vhci_hcd vhci_hcd.1: disconnect device
[ 1007.124770][ T5908] usb 4-1: new full-speed USB device number 108 using dummy_hcd
[ 1007.154495][ T5908] usb 4-1: device descriptor read/8, error -71
[ 1007.475070][T17267] netlink: 12 bytes leftover after parsing attributes in process `syz.0.3084'.
[ 1007.484135][ T5908] usb 4-1: new full-speed USB device number 109 using dummy_hcd
[ 1007.519630][ T5908] usb 4-1: device descriptor read/8, error -71
[ 1007.658039][ T5908] usb usb4-port1: unable to enumerate USB device
[ 1008.915868][   T30] kauditd_printk_skb: 30 callbacks suppressed
[ 1008.915888][   T30] audit: type=1326 audit(1770714910.541:3152): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=17278 comm="syz.3.3089" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f066819af79 code=0x7ffc0000
[ 1009.326239][   T30] audit: type=1326 audit(1770714910.571:3153): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=17278 comm="syz.3.3089" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f066819af79 code=0x7ffc0000
[ 1009.374825][ T5877] usb 36-1: device descriptor read/8, error -110
[ 1009.377121][T17282] tipc: Started in network mode
[ 1009.386423][T17282] tipc: Node identity 7f000001, cluster identity 4711
[ 1009.448993][   T30] audit: type=1326 audit(1770714910.571:3154): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=17278 comm="syz.3.3089" exe="/root/syz-executor" sig=0 arch=c000003e syscall=272 compat=0 ip=0x7f066819af79 code=0x7ffc0000
[ 1009.528955][T17282] tipc: Enabling of bearer <udp:syz2> rejected, failed to enable media
[ 1009.560588][   T30] audit: type=1326 audit(1770714910.671:3155): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=17276 comm="syz.4.3087" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f19e359af79 code=0x7ffc0000
[ 1009.608136][ T5908] usb 6-1: USB disconnect, device number 14
[ 1009.743222][   T30] audit: type=1326 audit(1770714910.671:3156): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=17276 comm="syz.4.3087" exe="/root/syz-executor" sig=0 arch=c000003e syscall=41 compat=0 ip=0x7f19e359af79 code=0x7ffc0000
[ 1009.767692][ T5939] usb 2-1: new high-speed USB device number 98 using dummy_hcd
[ 1009.886629][   T30] audit: type=1326 audit(1770714910.671:3157): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=17276 comm="syz.4.3087" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f19e359af79 code=0x7ffc0000
[ 1009.955989][ T5877] usb usb36-port1: attempt power cycle
[ 1010.014762][ T5939] usb 2-1: Using ep0 maxpacket: 16
[ 1010.077110][T17298] netlink: 24 bytes leftover after parsing attributes in process `syz.5.3091'.
[ 1010.191945][   T30] audit: type=1326 audit(1770714910.671:3158): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=17276 comm="syz.4.3087" exe="/root/syz-executor" sig=0 arch=c000003e syscall=41 compat=0 ip=0x7f19e359af79 code=0x7ffc0000
[ 1010.192003][   T30] audit: type=1326 audit(1770714910.671:3159): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=17276 comm="syz.4.3087" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f19e359af79 code=0x7ffc0000
[ 1010.192080][   T30] audit: type=1326 audit(1770714910.671:3160): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=17276 comm="syz.4.3087" exe="/root/syz-executor" sig=0 arch=c000003e syscall=41 compat=0 ip=0x7f19e359c807 code=0x7ffc0000
[ 1010.192125][   T30] audit: type=1326 audit(1770714910.671:3161): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=17276 comm="syz.4.3087" exe="/root/syz-executor" sig=0 arch=c000003e syscall=44 compat=0 ip=0x7f19e355b84e code=0x7ffc0000
[ 1010.616594][ T5877] usb usb36-port1: unable to enumerate USB device
[ 1010.721707][T17305] netlink: 8 bytes leftover after parsing attributes in process `syz.4.3094'.
[ 1010.746663][T17305] netlink: 8 bytes leftover after parsing attributes in process `syz.4.3094'.
[ 1011.366443][T17314] loop2: detected capacity change from 0 to 7
[ 1011.374551][ T5829] Dev loop2: unable to read RDB block 7
[ 1011.380896][ T5829]  loop2: unable to read partition table
[ 1011.391459][ T5829] loop2: partition table beyond EOD, truncated
[ 1011.426469][T17314] Dev loop2: unable to read RDB block 7
[ 1011.457887][T17314]  loop2: unable to read partition table
[ 1011.501063][T17314] loop2: partition table beyond EOD, truncated
[ 1011.709407][T17314] loop_reread_partitions: partition scan of loop2 (þ被xü—ŸÑà– ) failed (rc=-5)
[ 1012.234807][ T5939] usb 2-1: unable to get BOS descriptor or descriptor too short
[ 1012.248877][ T5939] usb 2-1: unable to read config index 0 descriptor/start: -71
[ 1012.283982][ T5939] usb 2-1: can't read configurations, error -71
[ 1012.447661][T17322] tipc: Started in network mode
[ 1012.461978][T17322] tipc: Node identity 00000000000000000000000000000001, cluster identity 4711
[ 1012.520714][T17322] tipc: New replicast peer: fe80:0000:0000:0000:0000:0000:0000:00bb
[ 1012.552448][T17322] tipc: Enabled bearer <udp:syz0>, priority 10
[ 1012.571675][T17332] netlink: 8 bytes leftover after parsing attributes in process `syz.3.3105'.
[ 1012.592534][T17332] netlink: 8 bytes leftover after parsing attributes in process `syz.3.3105'.
[ 1012.899484][ T5877] usb 6-1: new high-speed USB device number 15 using dummy_hcd
[ 1012.947828][T17334] netlink: 'syz.1.3106': attribute type 27 has an invalid length.
[ 1013.080963][ T5877] usb 6-1: Using ep0 maxpacket: 32
[ 1013.093440][ T5877] usb 6-1: config 0 interface 0 has no altsetting 0
[ 1013.099373][ T5908] usb 4-1: new high-speed USB device number 110 using dummy_hcd
[ 1013.149137][ T5877] usb 6-1: New USB device found, idVendor=16d0, idProduct=10b8, bcdDevice=de.8e
[ 1013.186096][ T5877] usb 6-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[ 1013.207346][ T5877] usb 6-1: Product: syz
[ 1013.223793][ T5877] usb 6-1: Manufacturer: syz
[ 1013.355169][ T5877] usb 6-1: SerialNumber: syz
[ 1013.376554][ T5877] usb 6-1: config 0 descriptor??
[ 1013.386372][ T5908] usb 4-1: Using ep0 maxpacket: 8
[ 1013.437137][ T5908] usb 4-1: config 10 has an invalid interface number: 211 but max is 0
[ 1013.476103][ T5908] usb 4-1: config 10 has no interface number 0
[ 1013.512219][ T5908] usb 4-1: config 10 interface 211 altsetting 14 endpoint 0xF has invalid maxpacket 1024, setting to 64
[ 1013.576613][ T5908] usb 4-1: config 10 interface 211 altsetting 14 has a duplicate endpoint with address 0xF, skipping
[ 1013.611150][T17334] team_slave_0: left promiscuous mode
[ 1013.631279][T17334] team_slave_1: left promiscuous mode
[ 1013.661327][ T5908] usb 4-1: config 10 interface 211 altsetting 14 has an invalid descriptor for endpoint zero, skipping
[ 1013.689967][T17341] usb 1-1: new high-speed USB device number 100 using dummy_hcd
[ 1013.722443][ T5908] usb 4-1: config 10 interface 211 altsetting 14 endpoint 0x9 has an invalid bInterval 222, changing to 7
[ 1013.743455][ T5908] usb 4-1: config 10 interface 211 has no altsetting 0
[ 1013.777683][ T5908] usb 4-1: string descriptor 0 read error: -22
[ 1013.794032][ T5908] usb 4-1: New USB device found, idVendor=05ac, idProduct=0216, bcdDevice=99.7e
[ 1013.804124][ T5877] gs_usb 6-1:0.0: Configuring for 1 interfaces
[ 1013.869331][T17341] usb 1-1: Using ep0 maxpacket: 32
[ 1013.879980][ T5908] usb 4-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[ 1013.999491][   T30] kauditd_printk_skb: 66 callbacks suppressed
[ 1013.999536][   T30] audit: type=1326 audit(1770714915.621:3228): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=17339 comm="syz.0.3108" exe="/root/syz-executor" sig=0 arch=c000003e syscall=16 compat=0 ip=0x7f084759ac0b code=0x7ffc0000
[ 1014.050138][T17341] usb 1-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7
[ 1014.077825][T17341] usb 1-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0
[ 1014.110714][ T5908] appletouch 4-1:10.211: Could not find int-in endpoint
[ 1014.128563][   T30] audit: type=1326 audit(1770714915.661:3229): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=17339 comm="syz.0.3108" exe="/root/syz-executor" sig=0 arch=c000003e syscall=16 compat=0 ip=0x7f084759ac0b code=0x7ffc0000
[ 1014.165082][T17341] usb 1-1: New USB device found, idVendor=0403, idProduct=6030, bcdDevice= 0.00
[ 1014.183460][ T5908] appletouch 4-1:10.211: probe with driver appletouch failed with error -5
[ 1014.319346][T17336] netlink: 4 bytes leftover after parsing attributes in process `syz.3.3107'.
[ 1014.338316][T17341] usb 1-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[ 1014.355534][ T5908] usbhid 4-1:10.211: couldn't find an input interrupt endpoint
[ 1014.380973][T17341] usb 1-1: config 0 descriptor??
[ 1014.449351][   T30] audit: type=1326 audit(1770714915.671:3230): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=17339 comm="syz.0.3108" exe="/root/syz-executor" sig=0 arch=c000003e syscall=16 compat=0 ip=0x7f084759ac0b code=0x7ffc0000
[ 1014.580002][   T30] audit: type=1326 audit(1770714915.671:3231): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=17339 comm="syz.0.3108" exe="/root/syz-executor" sig=0 arch=c000003e syscall=16 compat=0 ip=0x7f084759ac0b code=0x7ffc0000
[ 1014.737941][   T30] audit: type=1326 audit(1770714916.041:3232): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=17339 comm="syz.0.3108" exe="/root/syz-executor" sig=0 arch=c000003e syscall=16 compat=0 ip=0x7f084759ac0b code=0x7ffc0000
[ 1014.855065][   T30] audit: type=1326 audit(1770714916.041:3233): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=17339 comm="syz.0.3108" exe="/root/syz-executor" sig=0 arch=c000003e syscall=16 compat=0 ip=0x7f084759ac0b code=0x7ffc0000
[ 1015.080218][   T30] audit: type=1326 audit(1770714916.051:3234): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=17339 comm="syz.0.3108" exe="/root/syz-executor" sig=0 arch=c000003e syscall=16 compat=0 ip=0x7f084759ac0b code=0x7ffc0000
[ 1015.182167][   T30] audit: type=1326 audit(1770714916.051:3235): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=17339 comm="syz.0.3108" exe="/root/syz-executor" sig=0 arch=c000003e syscall=16 compat=0 ip=0x7f084759ac0b code=0x7ffc0000
[ 1015.272678][   T30] audit: type=1326 audit(1770714916.051:3236): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=17339 comm="syz.0.3108" exe="/root/syz-executor" sig=0 arch=c000003e syscall=230 compat=0 ip=0x7f084755b84e code=0x7ffc0000
[ 1015.375076][   T30] audit: type=1326 audit(1770714916.251:3237): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=17339 comm="syz.0.3108" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f084759af79 code=0x7ffc0000
[ 1015.446456][ T5877] gs_usb 6-1:0.0: Couldn't get extended bit timing const for channel 0 (-ETIMEDOUT)
[ 1015.462176][ T5877] gs_usb 6-1:0.0: probe with driver gs_usb failed with error -110
[ 1015.544565][T17347] tipc: Node number set to 1
[ 1015.783042][T17328] bridge0: port 1(bridge_slave_0) entered disabled state
[ 1016.034020][T17328] team0: Failed to send port change of device team_slave_0 via netlink (err -105)
[ 1016.091620][T17328] team0: Failed to send port change of device team_slave_1 via netlink (err -105)
[ 1016.137616][T17328] batman_adv: batadv0: Interface deactivated: batadv_slave_0
[ 1016.190019][T17328] batman_adv: batadv0: Interface deactivated: batadv_slave_1
[ 1016.216998][T17340] usb 4-1: USB disconnect, device number 110
[ 1016.694912][ T1318] netdevsim netdevsim1 netdevsim0: unset [1, 0] type 2 family 0 port 6081 - 0
[ 1016.723096][ T1318] netdevsim netdevsim1 netdevsim1: unset [1, 0] type 2 family 0 port 6081 - 0
[ 1016.760022][ T1318] netdevsim netdevsim1 netdevsim2: unset [1, 0] type 2 family 0 port 6081 - 0
[ 1016.790982][ T1318] netdevsim netdevsim1 netdevsim3: unset [1, 0] type 2 family 0 port 6081 - 0
[ 1016.815974][ T1318] netdevsim netdevsim5 netdevsim0: unset [1, 0] type 2 family 0 port 6081 - 0
[ 1016.854891][ T1318] netdevsim netdevsim5 netdevsim1: unset [1, 0] type 2 family 0 port 6081 - 0
[ 1016.892717][ T1318] netdevsim netdevsim5 netdevsim2: unset [1, 0] type 2 family 0 port 6081 - 0
[ 1016.944296][ T1318] netdevsim netdevsim5 netdevsim3: unset [1, 0] type 2 family 0 port 6081 - 0
[ 1016.989109][T17351] usb 6-1: USB disconnect, device number 15
[ 1017.058318][T17341] usbhid 1-1:0.0: can't add hid device: -71
[ 1017.064397][T17341] usbhid 1-1:0.0: probe with driver usbhid failed with error -71
[ 1017.118652][T17341] usb 1-1: USB disconnect, device number 100
[ 1017.144832][T17368] usb 4-1: new high-speed USB device number 111 using dummy_hcd
[ 1017.255528][ T5897] usb 5-1: new high-speed USB device number 99 using dummy_hcd
[ 1017.326246][T17368] usb 4-1: unable to get BOS descriptor or descriptor too short
[ 1017.339698][T17368] usb 4-1: config 3 has an invalid descriptor of length 0, skipping remainder of the config
[ 1017.364361][T17368] usb 4-1: New USB device found, idVendor=0cf3, idProduct=1010, bcdDevice=26.db
[ 1017.384203][T17368] usb 4-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[ 1017.413705][T17368] usb 4-1: Product: syz
[ 1017.425787][T17368] usb 4-1: Manufacturer: syz
[ 1017.431200][T17368] usb 4-1: SerialNumber: syz
[ 1017.436881][ T5897] usb 5-1: unable to get BOS descriptor or descriptor too short
[ 1017.447437][ T5897] usb 5-1: config 3 has an invalid interface number: 19 but max is 0
[ 1017.460457][ T5897] usb 5-1: config 3 has an invalid descriptor of length 142, skipping remainder of the config
[ 1017.478931][ T5897] usb 5-1: config 3 has no interface number 0
[ 1017.494844][ T5897] usb 5-1: config 3 interface 19 altsetting 9 has 2 endpoint descriptors, different from the interface descriptor's value: 6
[ 1017.514038][T17394] tipc: Enabling of bearer <udp:syz2> rejected, failed to enable media
[ 1017.523799][ T5897] usb 5-1: config 3 interface 19 has no altsetting 0
[ 1017.558098][ T5897] usb 5-1: New USB device found, idVendor=067b, idProduct=2303, bcdDevice=53.f5
[ 1017.574777][ T5897] usb 5-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[ 1017.576128][T17394] tipc: Enabling of bearer <udp:syz0> rejected, already enabled
[ 1017.594744][ T5897] usb 5-1: Product: syz
[ 1017.600445][ T5897] usb 5-1: Manufacturer: syz
[ 1017.605878][ T5897] usb 5-1: SerialNumber: syz
[ 1017.955649][T17408] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy
[ 1017.967027][T17408] misc raw-gadget: fail, usb_gadget_register_driver returned -16
[ 1018.314158][ T5897] pl2303 5-1:3.19: required endpoints missing
[ 1018.330272][ T5897] usb 5-1: USB disconnect, device number 99
[ 1018.446368][T17368] usb 4-1: reset high-speed USB device number 111 using dummy_hcd
[ 1018.631970][T17379] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy
[ 1018.642774][T17379] misc raw-gadget: fail, usb_gadget_register_driver returned -16
[ 1018.683160][T17368] usb 4-1: unable to get BOS descriptor or descriptor too short
[ 1018.711007][T17368] usb 4-1: device firmware changed
[ 1018.742265][T17368] usb 4-1: USB disconnect, device number 111
[ 1019.774732][T17368] usb 5-1: new high-speed USB device number 100 using dummy_hcd
[ 1019.934933][T17368] usb 5-1: Using ep0 maxpacket: 8
[ 1019.952716][T17368] usb 5-1: config 0 has an invalid interface number: 1 but max is 0
[ 1019.963462][T17368] usb 5-1: config 0 has no interface number 0
[ 1019.971095][T17368] usb 5-1: config 0 interface 1 altsetting 0 has an endpoint descriptor with address 0xFF, changing to 0x8F
[ 1020.004744][T17368] usb 5-1: config 0 interface 1 altsetting 0 endpoint 0x8F has invalid wMaxPacketSize 0
[ 1020.024789][T17368] usb 5-1: config 0 interface 1 altsetting 0 endpoint 0x1 has an invalid bInterval 72, changing to 10
[ 1020.050688][T17368] usb 5-1: config 0 interface 1 altsetting 0 endpoint 0x1 has invalid maxpacket 49273, setting to 1024
[ 1020.102754][T17368] usb 5-1: New USB device found, idVendor=0af0, idProduct=6751, bcdDevice=75.cb
[ 1020.114978][T17368] usb 5-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[ 1020.181436][T17368] usb 5-1: config 0 descriptor??
[ 1020.222325][T17368] hso 5-1:0.1: Failed to find BULK IN ep
[ 1020.344767][ T5897] usb 4-1: new high-speed USB device number 112 using dummy_hcd
[ 1020.525296][ T5897] usb 4-1: Using ep0 maxpacket: 32
[ 1020.561929][ T5897] usb 4-1: config 0 has an invalid interface number: 51 but max is 0
[ 1020.571482][ T5897] usb 4-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config
[ 1020.582138][ T5897] usb 4-1: config 0 has no interface number 0
[ 1020.588897][ T5897] usb 4-1: config 0 interface 51 altsetting 0 has 0 endpoint descriptors, different from the interface descriptor's value: 1
[ 1020.652343][ T5897] usb 4-1: New USB device found, idVendor=061d, idProduct=c150, bcdDevice=ce.6f
[ 1020.663348][ T5897] usb 4-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[ 1020.699868][ T5897] usb 4-1: Product: syz
[ 1020.714090][ T5897] usb 4-1: Manufacturer: syz
[ 1020.727547][ T5897] usb 4-1: SerialNumber: syz
[ 1020.751269][ T5897] usb 4-1: config 0 descriptor??
[ 1020.777150][ T5897] quatech2 4-1:0.51: Quatech 2nd gen USB to Serial Driver converter detected
[ 1020.979838][ T5897] usb 4-1: qt2_setup_urbs - submit read urb failed -8
[ 1020.987668][ T5897] quatech2 4-1:0.51: probe with driver quatech2 failed with error -8
[ 1021.251478][T17433] kvm_intel: set kvm_intel.dump_invalid_vmcs=1 to dump internal KVM state.
[ 1021.404757][ T5897] usb 6-1: new high-speed USB device number 16 using dummy_hcd
[ 1021.554812][ T5897] usb 6-1: Using ep0 maxpacket: 32
[ 1021.568000][ T5897] usb 6-1: config 0 has an invalid interface number: 68 but max is 0
[ 1021.585009][ T5897] usb 6-1: config 0 has no interface number 0
[ 1021.606873][ T5897] usb 6-1: config 0 interface 68 altsetting 128 endpoint 0x4 has invalid maxpacket 512, setting to 64
[ 1021.637211][ T5897] usb 6-1: config 0 interface 68 altsetting 128 endpoint 0xF has invalid maxpacket 512, setting to 64
[ 1021.678934][ T5897] usb 6-1: config 0 interface 68 altsetting 128 endpoint 0xC has invalid maxpacket 1023, setting to 64
[ 1021.720254][ T5897] usb 6-1: config 0 interface 68 has no altsetting 0
[ 1021.752018][ T5897] usb 6-1: New USB device found, idVendor=0711, idProduct=0901, bcdDevice=a8.06
[ 1021.761806][ T5897] usb 6-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[ 1021.771651][ T5897] usb 6-1: Product: syz
[ 1021.790746][ T5897] usb 6-1: Manufacturer: syz
[ 1021.829529][ T5897] usb 6-1: SerialNumber: syz
[ 1021.866646][ T5897] usb 6-1: config 0 descriptor??
[ 1022.103502][ T5897] sisusb 6-1:0.68: Invalid USB2VGA device
[ 1022.121847][ T5897] sisusb 6-1:0.68: probe with driver sisusb failed with error -22
[ 1022.177500][ T5897] usb 6-1: USB disconnect, device number 16
[ 1022.552493][T17351] usb 5-1: USB disconnect, device number 100
[ 1023.117969][   T30] kauditd_printk_skb: 92 callbacks suppressed
[ 1023.117989][   T30] audit: type=1800 audit(1770714924.741:3330): pid=17450 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed comm="syz.4.3132" name="SYSV00000000" dev="tmpfs" ino=0 res=0 errno=0
[ 1023.155024][T17340] usb 6-1: new full-speed USB device number 17 using dummy_hcd
[ 1023.233716][T17452] syz_tun: entered promiscuous mode
[ 1023.280526][T17452] syz_tun: left promiscuous mode
[ 1023.345863][T17340] usb 6-1: not running at top speed; connect to a high speed hub
[ 1023.362380][T17340] usb 6-1: config 1 contains an unexpected descriptor of type 0x2, skipping
[ 1023.384841][T17340] usb 6-1: config 1 has 2 interfaces, different from the descriptor's value: 3
[ 1023.393823][T17340] usb 6-1: config 1 has no interface number 1
[ 1023.437394][T17340] usb 6-1: config 1 interface 2 has no altsetting 0
[ 1023.509728][T17340] usb 6-1: New USB device found, idVendor=1d6b, idProduct=0101, bcdDevice= 0.40
[ 1023.552425][T17340] usb 6-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[ 1023.680122][T17340] usb 6-1: Product: syz
[ 1023.684391][ T5897] usb 4-1: USB disconnect, device number 112
[ 1023.688397][T17340] usb 6-1: Manufacturer: syz
[ 1023.848875][T17461] netdevsim netdevsim4 netdevsim0: IPsec offload requires 128 bit authentication
[ 1023.900984][T17340] usb 6-1: SerialNumber: syz
[ 1024.335738][T17470] x_tables: ip6_tables: TCPMSS target: only valid for protocol 6
[ 1024.439394][T17340] usb 6-1: selecting invalid altsetting 0
[ 1024.450344][T17340] usb 6-1: failed to enable PITCH for EP 0x82
[ 1024.489549][T17340] usb 6-1: selecting invalid altsetting 0
[ 1024.657600][   T31] INFO: task kworker/u8:13:10671 blocked for more than 143 seconds.
[ 1024.675342][   T31]       Tainted: G             L      syzkaller #0
[ 1024.682014][   T31] "echo 0 > /proc/sys/kernel/hung_task_timeout_secs" disables this message.
SYZFAIL: failed to recv rpc
fd=3 want=4 recv=0 n=0 (errno 9: Bad file descriptor)
[ 1024.704781][   T31] task:kworker/u8:13   state:D stack:22200 pid:10671 tgid:10671 ppid:2      task_flags:0x4208060 flags:0x00080000
[ 1024.772503][   T31] Workqueue: netns cleanup_net
[ 1024.911875][   T31] Call Trace:
[ 1024.920328][   T31]  <TASK>
[ 1024.942429][   T31]  __schedule+0x1522/0x51d0
[ 1024.973462][   T31]  ? __pfx___schedule+0x10/0x10
[ 1025.023362][   T31]  ? schedule+0x90/0x360
[ 1025.072546][   T31]  schedule+0x164/0x360
[ 1025.078427][   T31]  afs_cell_purge+0x40d/0x580
[ 1025.083204][   T31]  ? __pfx_afs_cell_purge+0x10/0x10
[ 1025.114972][   T31]  ? __pfx_var_wake_function+0x10/0x10
[ 1025.120497][   T31]  ? _raw_spin_unlock_irqrestore+0x4c/0x80
[ 1025.144953][   T31]  ? __timer_delete_sync+0x4a4/0x520
[ 1025.150425][   T31]  afs_net_exit+0x50/0x100
[ 1025.163522][   T31]  ops_undo_list+0x49f/0x940
[ 1025.169899][T17340] usb 6-1: USB disconnect, device number 17
[ 1025.205553][   T31]  ? __pfx_ops_undo_list+0x10/0x10
[ 1025.255456][   T31]  ? do_raw_spin_unlock+0xf5/0x210
[ 1025.260668][   T31]  cleanup_net+0x4df/0x7b0
[ 1025.294741][   T31]  ? __pfx_cleanup_net+0x10/0x10
[ 1025.299791][   T31]  ? process_scheduled_works+0xa0f/0x17a0
[ 1025.354822][   T31]  ? process_scheduled_works+0xa0f/0x17a0
[ 1025.360951][   T31]  process_scheduled_works+0xaec/0x17a0
[ 1025.384987][   T31]  ? __pfx_process_scheduled_works+0x10/0x10
[ 1025.391595][   T31]  ? do_raw_spin_lock+0x12b/0x2f0
[ 1025.424732][   T31]  ? __pfx_do_raw_spin_lock+0x10/0x10
[ 1025.430302][   T31]  ? schedule+0x90/0x360
[ 1025.455082][   T31]  worker_thread+0xda6/0x1360
[ 1025.459870][   T31]  kthread+0x726/0x8b0
[ 1025.464082][   T31]  ? __pfx_worker_thread+0x10/0x10
[ 1025.485115][   T31]  ? __pfx_kthread+0x10/0x10
[ 1025.535003][   T31]  ? _raw_spin_unlock_irq+0x23/0x50
[ 1025.540336][   T31]  ? __pfx_kthread+0x10/0x10
[ 1025.545481][   T31]  ret_from_fork+0x51b/0xa40
[ 1025.550093][   T31]  ? __pfx_ret_from_fork+0x10/0x10
[ 1025.555558][   T31]  ? __switch_to+0xc82/0x1410
[ 1025.560266][   T31]  ? __pfx_kthread+0x10/0x10
[ 1025.565193][   T31]  ret_from_fork_asm+0x1a/0x30
[ 1025.570009][   T31]  </TASK>
[ 1025.616453][   T31] 
[ 1025.616453][   T31] Showing all locks held in the system:
[ 1025.624431][   T31] 1 lock held by khungtaskd/31:
[ 1025.744842][   T31]  #0: ffffffff8e5582e0 (rcu_read_lock){....}-{1:3}, at: debug_show_all_locks+0x2e/0x180
[ 1025.784772][   T31] 5 locks held by kworker/u8:4/65:
[ 1025.789980][   T31] 2 locks held by getty/5580:
[ 1025.844795][   T31]  #0: ffff88814e56f0a0 (&tty->ldisc_sem){++++}-{0:0}, at: tty_ldisc_ref_wait+0x25/0x70
[ 1025.882534][   T31]  #1: ffffc900036bb2f0 (&ldata->atomic_read_lock){+.+.}-{4:4}, at: n_tty_read+0x45c/0x13c0
[ 1025.934816][   T31] 3 locks held by kworker/u8:13/10671:
[ 1025.940414][   T31]  #0: ffff88801b2e7148 ((wq_completion)netns){+.+.}-{0:0}, at: process_scheduled_works+0x9d4/0x17a0
[ 1026.014724][   T31]  #1: ffffc90004447bc0 (net_cleanup_work){+.+.}-{0:0}, at: process_scheduled_works+0xa0f/0x17a0
[ 1026.075033][   T31]  #2: ffffffff8f9a4170 (pernet_ops_rwsem){++++}-{4:4}, at: cleanup_net+0xfe/0x7b0
[ 1026.084517][   T31] 1 lock held by syz-executor/15248:
[ 1026.154840][   T31] 3 locks held by kworker/0:17/17368:
[ 1026.160282][   T31]  #0: ffff88813fe55948 ((wq_completion)events){+.+.}-{0:0}, at: process_scheduled_works+0x9d4/0x17a0
[ 1026.205049][   T31]  #1: ffffc9000afe7bc0 (free_ipc_work){+.+.}-{0:0}, at: process_scheduled_works+0xa0f/0x17a0
[ 1026.294725][   T31]  #2: ffffffff8e55e578 (rcu_state.exp_mutex){+.+.}-{4:4}, at: synchronize_rcu_expedited+0x2d0/0x770
[ 1026.344878][   T31] 1 lock held by syz.4.3132/17453:
[ 1026.350081][   T31] 1 lock held by syz.1.3136/17469:
[ 1026.385154][   T31] 
[ 1026.396730][   T31] =============================================
[ 1026.396730][   T31] 
[ 1026.424584][   T31] NMI backtrace for cpu 0
[ 1026.424607][   T31] CPU: 0 UID: 0 PID: 31 Comm: khungtaskd Tainted: G             L      syzkaller #0 PREEMPT(full) 
[ 1026.424639][   T31] Tainted: [L]=SOFTLOCKUP
[ 1026.424646][   T31] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/24/2026
[ 1026.424658][   T31] Call Trace:
[ 1026.424666][   T31]  <TASK>
[ 1026.424675][   T31]  dump_stack_lvl+0xe8/0x150
[ 1026.424709][   T31]  nmi_cpu_backtrace+0x274/0x2d0
[ 1026.424743][   T31]  ? __pfx_nmi_raise_cpu_backtrace+0x10/0x10
[ 1026.424775][   T31]  nmi_trigger_cpumask_backtrace+0x17a/0x300
[ 1026.424811][   T31]  sys_info+0x135/0x170
[ 1026.424838][   T31]  watchdog+0xf90/0xfe0
[ 1026.424865][   T31]  ? watchdog+0x209/0xfe0
[ 1026.424893][   T31]  kthread+0x726/0x8b0
[ 1026.424921][   T31]  ? __pfx_watchdog+0x10/0x10
[ 1026.424941][   T31]  ? __pfx_kthread+0x10/0x10
[ 1026.424968][   T31]  ? _raw_spin_unlock_irq+0x23/0x50
[ 1026.424990][   T31]  ? __pfx_kthread+0x10/0x10
[ 1026.425013][   T31]  ret_from_fork+0x51b/0xa40
[ 1026.425034][   T31]  ? __pfx_ret_from_fork+0x10/0x10
[ 1026.425054][   T31]  ? __switch_to+0xc82/0x1410
[ 1026.425087][   T31]  ? __pfx_kthread+0x10/0x10
[ 1026.425110][   T31]  ret_from_fork_asm+0x1a/0x30
[ 1026.425154][   T31]  </TASK>
[ 1026.549040][   T31] Sending NMI from CPU 0 to CPUs 1:
[ 1026.554327][    C1] NMI backtrace for cpu 1
[ 1026.554348][    C1] CPU: 1 UID: 0 PID: 17341 Comm: kworker/1:8 Tainted: G             L      syzkaller #0 PREEMPT(full) 
[ 1026.554373][    C1] Tainted: [L]=SOFTLOCKUP
[ 1026.554380][    C1] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/24/2026
[ 1026.554392][    C1] Workqueue: events drain_vmap_area_work
[ 1026.554417][    C1] RIP: 0010:rcu_is_watching+0x10/0xb0
[ 1026.554446][    C1] Code: 66 2e 0f 1f 84 00 00 00 00 00 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 f3 0f 1e fa 41 57 41 56 53 65 ff 05 70 a7 4a 11 <e8> 6b 10 f1 09 89 c3 83 f8 08 73 65 49 bf 00 00 00 00 00 fc ff df
[ 1026.554462][    C1] RSP: 0018:ffffc90003027238 EFLAGS: 00000283
[ 1026.554477][    C1] RAX: 0000000000000001 RBX: 0000000000000000 RCX: 0000000000000002
[ 1026.554489][    C1] RDX: 0000000000000000 RSI: 0000000000000000 RDI: ffffffff8e5582e0
[ 1026.554501][    C1] RBP: ffffffff81759195 R08: 0000000000000000 R09: 0000000000000000
[ 1026.554513][    C1] R10: ffffc90003027418 R11: ffffffff81af68f0 R12: 0000000000000002
[ 1026.554526][    C1] R13: ffffffff8e5582e0 R14: 0000000000000000 R15: 0000000000000000
[ 1026.554539][    C1] FS:  0000000000000000(0000) GS:ffff8881257df000(0000) knlGS:0000000000000000
[ 1026.554554][    C1] CS:  0010 DS: 0000 ES: 0000 CR0: 0000000080050033
[ 1026.554567][    C1] CR2: 0000200000305030 CR3: 0000000064a72000 CR4: 00000000003526f0
[ 1026.554584][    C1] DR0: ffffffffffffffff DR1: 00000000000001f8 DR2: 0000000000000083
[ 1026.554596][    C1] DR3: ffffffffefffff15 DR6: 00000000ffff0ff0 DR7: 0000000000000400
[ 1026.554610][    C1] Call Trace:
[ 1026.554617][    C1]  <TASK>
[ 1026.554630][    C1]  lock_acquire+0x5f/0x330
[ 1026.554662][    C1]  ? unwind_next_frame+0xa5/0x23c0
[ 1026.554684][    C1]  ? worker_thread+0xda6/0x1360
[ 1026.554701][    C1]  ? unwind_next_frame+0xa5/0x23c0
[ 1026.554721][    C1]  unwind_next_frame+0xc2/0x23c0
[ 1026.554748][    C1]  ? unwind_next_frame+0xa5/0x23c0
[ 1026.554772][    C1]  ? unwind_next_frame+0xa5/0x23c0
[ 1026.554795][    C1]  ? process_scheduled_works+0xaec/0x17a0
[ 1026.554823][    C1]  ? worker_thread+0xda6/0x1360
[ 1026.554842][    C1]  ? __pfx_stack_trace_consume_entry+0x10/0x10
[ 1026.554865][    C1]  arch_stack_walk+0x11b/0x150
[ 1026.554891][    C1]  ? worker_thread+0xda6/0x1360
[ 1026.554911][    C1]  stack_trace_save+0xa9/0x100
[ 1026.554947][    C1]  ? __pfx_stack_trace_save+0x10/0x10
[ 1026.554974][    C1]  save_stack+0x122/0x230
[ 1026.555003][    C1]  ? __lock_acquire+0x6b5/0x2cf0
[ 1026.555032][    C1]  ? __pfx_save_stack+0x10/0x10
[ 1026.555060][    C1]  ? __free_frozen_pages+0xbf8/0xd70
[ 1026.555089][    C1]  ? kasan_depopulate_vmalloc_pte+0x6d/0x90
[ 1026.555120][    C1]  ? __apply_to_page_range+0xbdc/0x1420
[ 1026.555143][    C1]  ? __kasan_release_vmalloc+0xa2/0xd0
[ 1026.555170][    C1]  ? purge_vmap_node+0x21c/0x8e0
[ 1026.555188][    C1]  ? __purge_vmap_area_lazy+0x77a/0xb00
[ 1026.555207][    C1]  ? drain_vmap_area_work+0x27/0x40
[ 1026.555228][    C1]  ? process_scheduled_works+0xaec/0x17a0
[ 1026.555257][    C1]  ? worker_thread+0xda6/0x1360
[ 1026.555280][    C1]  ? page_ext_put+0x97/0xc0
[ 1026.555315][    C1]  __reset_page_owner+0x71/0x1f0
[ 1026.555343][    C1]  __free_frozen_pages+0xbf8/0xd70
[ 1026.555380][    C1]  kasan_depopulate_vmalloc_pte+0x6d/0x90
[ 1026.555411][    C1]  __apply_to_page_range+0xbdc/0x1420
[ 1026.555434][    C1]  ? trace_sched_exit_tp+0x36/0xf0
[ 1026.555468][    C1]  ? __pfx_kasan_depopulate_vmalloc_pte+0x10/0x10
[ 1026.555499][    C1]  ? __pfx___apply_to_page_range+0x10/0x10
[ 1026.555523][    C1]  ? smp_call_function_many_cond+0xde6/0x1270
[ 1026.555550][    C1]  __kasan_release_vmalloc+0xa2/0xd0
[ 1026.555578][    C1]  purge_vmap_node+0x21c/0x8e0
[ 1026.555604][    C1]  ? preempt_schedule_common+0x82/0xd0
[ 1026.555627][    C1]  ? preempt_schedule_thunk+0x16/0x30
[ 1026.555645][    C1]  ? __pfx_purge_vmap_node+0x10/0x10
[ 1026.555669][    C1]  ? flush_tlb_kernel_range+0x374/0x460
[ 1026.555701][    C1]  __purge_vmap_area_lazy+0x77a/0xb00
[ 1026.555725][    C1]  ? process_scheduled_works+0xa0f/0x17a0
[ 1026.555764][    C1]  drain_vmap_area_work+0x27/0x40
[ 1026.555785][    C1]  process_scheduled_works+0xaec/0x17a0
[ 1026.555831][    C1]  ? __pfx_process_scheduled_works+0x10/0x10
[ 1026.555861][    C1]  ? do_raw_spin_lock+0x12b/0x2f0
[ 1026.555886][    C1]  ? __pfx_do_raw_spin_lock+0x10/0x10
[ 1026.555908][    C1]  ? schedule+0x90/0x360
[ 1026.555934][    C1]  worker_thread+0xda6/0x1360
[ 1026.555967][    C1]  kthread+0x726/0x8b0
[ 1026.555991][    C1]  ? __pfx_worker_thread+0x10/0x10
[ 1026.556009][    C1]  ? __pfx_kthread+0x10/0x10
[ 1026.556048][    C1]  ? _raw_spin_unlock_irq+0x23/0x50
[ 1026.556069][    C1]  ? __pfx_kthread+0x10/0x10
[ 1026.556093][    C1]  ret_from_fork+0x51b/0xa40
[ 1026.556114][    C1]  ? __pfx_ret_from_fork+0x10/0x10
[ 1026.556132][    C1]  ? __switch_to+0xc82/0x1410
[ 1026.556161][    C1]  ? __pfx_kthread+0x10/0x10
[ 1026.556185][    C1]  ret_from_fork_asm+0x1a/0x30
[ 1026.556223][    C1]  </TASK>
[ 1027.030378][   T31] Kernel panic - not syncing: hung_task: blocked tasks
[ 1027.037287][   T31] CPU: 0 UID: 0 PID: 31 Comm: khungtaskd Tainted: G             L      syzkaller #0 PREEMPT(full) 
[ 1027.048010][   T31] Tainted: [L]=SOFTLOCKUP
[ 1027.052368][   T31] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/24/2026
[ 1027.062461][   T31] Call Trace:
[ 1027.065779][   T31]  <TASK>
[ 1027.068755][   T31]  vpanic+0x1e0/0x670
[ 1027.072784][   T31]  panic+0xc5/0xd0
[ 1027.076560][   T31]  ? __pfx_panic+0x10/0x10
[ 1027.081031][   T31]  ? preempt_schedule_thunk+0x16/0x30
[ 1027.086533][   T31]  ? nmi_trigger_cpumask_backtrace+0x2bb/0x300
[ 1027.092770][   T31]  watchdog+0xfda/0xfe0
[ 1027.097012][   T31]  ? watchdog+0x209/0xfe0
[ 1027.101474][   T31]  kthread+0x726/0x8b0
[ 1027.105580][   T31]  ? __pfx_watchdog+0x10/0x10
[ 1027.110381][   T31]  ? __pfx_kthread+0x10/0x10
[ 1027.115010][   T31]  ? _raw_spin_unlock_irq+0x23/0x50
[ 1027.120585][   T31]  ? __pfx_kthread+0x10/0x10
[ 1027.125203][   T31]  ret_from_fork+0x51b/0xa40
[ 1027.129835][   T31]  ? __pfx_ret_from_fork+0x10/0x10
[ 1027.134983][   T31]  ? __switch_to+0xc82/0x1410
[ 1027.139710][   T31]  ? __pfx_kthread+0x10/0x10
[ 1027.144420][   T31]  ret_from_fork_asm+0x1a/0x30
[ 1027.149227][   T31]  </TASK>
[ 1027.152861][   T31] Kernel Offset: disabled
[ 1027.157216][   T31] Rebooting in 86400 seconds..