last executing test programs:

24.998212414s ago: executing program 2 (id=3006):
r0 = socket$nl_netfilter(0x10, 0x3, 0xc)
sendmsg$NFT_BATCH(r0, &(0x7f0000000040)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000700)=ANY=[@ANYBLOB="14000000100001000000000000000c000000000a20000000000a03000000000000000000010000000900010073797a300000000040000000080a01010000000000000000010000000900010073797a30"], 0xc8}}, 0x0)

13.555270688s ago: executing program 4 (id=3032):
r0 = socket$nl_route(0x10, 0x3, 0x0)
sendmsg$nl_route_sched(0xffffffffffffffff, &(0x7f0000000180)={0x0, 0x0, &(0x7f0000000080)={&(0x7f0000000100)=@newqdisc={0x44, 0x24, 0xf0b, 0x3, 0x25dfdc00, {0x60, 0x0, 0x0, 0x0, {0xfff3, 0xfff2}, {0x2, 0xffff}, {0xfff9, 0xffff}}, [@qdisc_kind_options=@q_cake={{0x9}, {0x14, 0x2, [@TCA_CAKE_MPU={0x8, 0xe, 0x4c}, @TCA_CAKE_WASH={0x8}]}}]}, 0x44}, 0x1, 0x0, 0x0, 0x44045}, 0x4000885)
r1 = signalfd4(r0, &(0x7f00000001c0)={[0x2, 0xffffffff]}, 0x8, 0x800)
ioctl$KDENABIO(r1, 0x4b36)
sendmsg$nl_route(r0, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000080)={&(0x7f0000000100)=ANY=[@ANYBLOB="500000001000010425bbe5ad600027842cf52300", @ANYRES32=0x0, @ANYBLOB="0000000000008000280012800a00010076786c616e"], 0x50}}, 0x4000000)
r2 = add_key$fscrypt_provisioning(&(0x7f0000000040), &(0x7f0000000080)={'syz', 0x1}, &(0x7f00000000c0)=ANY=[@ANYBLOB="01000000000000000902030405060708090a0b0c0d0e0f101112131415161718191a1b1c1d1e1f202122232425262728292a2b2c2d2e2f303132333435363738393a3b3c168f2a83"], 0x48, 0xfffffffffffffff8)
keyctl$KEYCTL_PKEY_VERIFY(0x1c, &(0x7f0000000140)={r2, 0xcd, 0xd7}, &(0x7f00000005c0)=ANY=[@ANYBLOB="035a90b726f940010d3e656e633d706b63733120683132382d61726d0000000000000000000000000000000000946e96fdcf2200"/89], &(0x7f0000000340)="43f3048c3151f7ce991c2c67cb4629e3822adae7a88f6aed39758dca39b0a019911b53423c4863a041dc0b97e668b12ac89ae9ec1853cc8b05d35c496e1699b045b7563202cd69d13a34906e122af92e679d79a00323240613c04f26d6d9af3546f4f8fc997da6634564b34be349523f556b819dc839da51bf7584d873675fe948b7552ace4231f450d5a89c4dacc240a633a0365a2b1e7004cfe0d6649564f52c3c5d94fa605707bb562c5d5fcd7976bbbbfdec99b57bf4efae8ad8b930bb2acba1be4c8f36837616f96373e8", &(0x7f0000000440)="ff7d4584836d92cb06f722de8fd1d218d7fe4a7bb9dbf254c0338e74c77e0a8e1f05bf945a2e47dc4393fa71c72c70f953e9e425412970fb195f0012ce7b746815bfffa948b2acec5d6cd98b4342e05d5af9c1402e0072941b08d1cb6a622445d006184c58ffa4ab0a8dee59f2b5eb7f5b13c0ad8e638fa658efc9e9e2ae031111391556de478fbebb57ffd361f8e53e9c40a371143565c903b3e86eba6c691a8819a47a9a6772d83a7d83c80b35af203f2ae00e4e659772b5d85ba048faa34574498282ba94e63d2fb48ba39a13bd9a64c83281b2654b")
r3 = open(&(0x7f0000000280)='.\x00', 0x200, 0x0)
r4 = signalfd4(0xffffffffffffffff, &(0x7f0000000400)={[0xfffffffffffffff5]}, 0x8, 0x80000)
r5 = socket(0x28, 0x805, 0x0)
connect$vsock_stream(r5, &(0x7f0000000040)={0x28, 0x0, 0x0, @local}, 0x10)
connect$pppoe(r5, 0x0, 0x0)
ppoll(&(0x7f0000000040)=[{r4, 0x241a}, {r4, 0x1000}], 0x2, 0x0, 0x0, 0x0)
ioctl$IOMMU_TEST_OP_ADD_RESERVED(r4, 0x3ba0, &(0x7f0000000540)={0x48, 0x1, 0x0, 0x0, 0x6})
fcntl$notify(r3, 0x402, 0x8000003d)
fcntl$setsig(r3, 0xa, 0x21)
r6 = syz_open_dev$I2C(&(0x7f0000000480), 0x0, 0x0)
ioctl$I2C_RDWR(r6, 0x707, &(0x7f0000000180)={&(0x7f0000000000)=[{0x0, 0x0, 0x0, 0x0}, {0x0, 0xfff5, 0x1, &(0x7f0000000880)="d4"}], 0x2})
close_range(0xffffffffffffffff, 0xffffffffffffffff, 0x2)
r7 = openat$dsp(0xffffffffffffff9c, &(0x7f0000000000), 0x42, 0x0)
write$dsp(r7, 0x0, 0x0)
r8 = socket$nl_route(0x10, 0x3, 0x0)
ioctl$sock_SIOCGIFINDEX(r8, 0x8933, &(0x7f0000000380)={'wlan0\x00', <r9=>0x0})
ioctl$sock_SIOCGIFINDEX(r8, 0x8933, &(0x7f0000000000)={'batadv_slave_0\x00', <r10=>0x0})
sendmsg$nl_route(r8, &(0x7f00000002c0)={0x0, 0x0, &(0x7f0000000040)={&(0x7f0000000140)=@newlink={0x50, 0x10, 0x401, 0x0, 0x0, {0x0, 0x0, 0x0, 0x0, 0x4dc1}, [@IFLA_LINKINFO={0x30, 0x12, 0x0, 0x1, @hsr={{0x8}, {0x24, 0x2, 0x0, 0x1, [@IFLA_HSR_SLAVE2={0x8, 0x2, r10}, @IFLA_HSR_SLAVE1={0x8, 0x1, r9}, @IFLA_HSR_VERSION={0x5, 0x6, 0x1}, @IFLA_HSR_PROTOCOL={0x5}]}}}]}, 0x50}, 0x1, 0x0, 0x0, 0x40000}, 0x0)
prctl$PR_SET_SECCOMP(0x16, 0x1, 0x0)
openat(0xffffffffffffff9c, &(0x7f0000000300)='./file0\x00', 0x6b142, 0x0)

12.62344188s ago: executing program 4 (id=3036):
socket$inet6_udplite(0xa, 0x2, 0x88)
r0 = openat$uinput(0xffffffffffffff9c, &(0x7f0000000340), 0x802, 0x0)
ioctl$UI_DEV_SETUP(r0, 0x405c5503, &(0x7f00000001c0)={{0x0, 0x0, 0xfffd, 0x8001}, 'syz1\x00'})
ioctl$UI_DEV_SETUP(r0, 0x5501, 0x0)
pselect6(0x40, &(0x7f0000000100)={0x0, 0x0, 0x0, 0x0, 0x0, 0x8000000000000}, 0x0, &(0x7f0000000240)={0x1f, 0x0, 0x0, 0x322, 0x0, 0x0, 0x0, 0x10000}, 0x0, 0x0)
write$uinput_user_dev(r0, &(0x7f0000000900)={'syz1\x00', {0x9, 0x0, 0x6}, 0x37b4, [0xfeff, 0x4, 0x0, 0x0, 0x0, 0x20000, 0x0, 0x0, 0x0, 0x0, 0x0, 0xfffffffd, 0x3, 0x100, 0x0, 0x0, 0x0, 0x10000, 0x0, 0x0, 0x0, 0x10000000, 0x0, 0xbffffffe, 0x0, 0x0, 0x4, 0x0, 0x0, 0xfffffffd, 0x0, 0x8, 0x1, 0x0, 0x1, 0x3, 0xffffffff, 0x0, 0xffff, 0x0, 0x20, 0x6, 0x5, 0x0, 0x0, 0x11000000, 0x7, 0x0, 0x0, 0x0, 0x6, 0x0, 0x7, 0x0, 0x6, 0x0, 0x0, 0x20004, 0x0, 0x0, 0x105, 0x0, 0x800000], [0x11, 0xffffffff, 0x7, 0x0, 0xffffffff, 0x9, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2, 0x7, 0x4f3, 0x0, 0x4, 0xbb, 0x1, 0xfffffffc, 0x5, 0x800, 0x8001, 0xfffffffc, 0x0, 0x100, 0x0, 0x10000, 0xec6a, 0x5, 0x40000000, 0xffffffff, 0xfffffffc, 0x8, 0xfffffffd, 0x7fffffff, 0xfffffffc, 0x0, 0xfffffffd, 0x0, 0x0, 0x0, 0x2, 0xfffffffc, 0x0, 0x18c, 0x0, 0x0, 0x2, 0x5, 0x0, 0x0, 0x0, 0x100000, 0x0, 0x0, 0x4, 0x4000000, 0x0, 0x8000, 0x40000004, 0x0, 0x7, 0x93, 0x7], [0xe, 0x4, 0x0, 0x0, 0xffffffff, 0x1, 0xa000000, 0x0, 0xfff, 0xffff7fff, 0xfffffffd, 0x0, 0x0, 0x0, 0x0, 0x4f, 0x0, 0x0, 0x10000, 0x0, 0x0, 0x520, 0xc, 0x0, 0x0, 0x0, 0x1ff, 0x0, 0xfffffffc, 0x0, 0xfffffffc, 0x2af, 0x0, 0x9, 0x0, 0x10000, 0x3, 0x0, 0x0, 0x0, 0x6, 0x401, 0x0, 0x0, 0x0, 0x82ce, 0x0, 0x3, 0x1, 0x0, 0xff, 0x4000005, 0x0, 0x4, 0x2, 0x400000, 0x0, 0x6, 0x0, 0x0, 0x0, 0xb, 0xffffffdb], [0x0, 0x0, 0x4, 0x6, 0x0, 0x401, 0x1000, 0x211, 0x4, 0x7ff, 0x7, 0x3, 0x0, 0x0, 0x80, 0x0, 0x3, 0x0, 0x2, 0x2, 0x7fff, 0x0, 0xd, 0x71, 0x0, 0xfffffffd, 0x0, 0x0, 0x7fffffff, 0x1, 0x0, 0x9, 0x3, 0x0, 0x0, 0x6, 0xbfb6, 0x4, 0x4, 0x3, 0x0, 0x0, 0x1, 0xffffffff, 0x100, 0x0, 0x3, 0x3, 0xfffffffd, 0x53591b27, 0x3fffffd, 0x0, 0x0, 0x5, 0x400, 0x7, 0x9, 0x0, 0x0, 0x80000000, 0x1000000, 0x0, 0x5]}, 0x45c)

11.348560664s ago: executing program 4 (id=3039):
r0 = syz_open_dev$video4linux(&(0x7f0000000000), 0x401, 0x8100)
ioctl$VIDIOC_SUBDEV_ENUM_FRAME_SIZE(r0, 0xc040564a, &(0x7f0000000080)={0x0, 0x0, 0x101c, 0x0, 0x0, 0x0, 0x0, 0x1})
openat$ppp(0xffffffffffffff9c, &(0x7f0000001740), 0x183442, 0x0)
socketpair$unix(0x1, 0x3, 0x0, &(0x7f0000000080)={<r1=>0xffffffffffffffff, <r2=>0xffffffffffffffff})
connect$unix(r1, &(0x7f000057eff8)=@abs, 0x6e)
sendmmsg$unix(r2, &(0x7f00000bd000), 0x318, 0x0)
recvmmsg(r1, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
r3 = gettid()
sched_setattr(r3, &(0x7f0000000280)={0x38, 0x0, 0x2b, 0x7ffd, 0x0, 0xb, 0x2, 0xfffffe0000000000, 0xfa11, 0x7}, 0x0)
bpf$PROG_LOAD(0x5, 0x0, 0x0)
r4 = socket$nl_generic(0x10, 0x3, 0x10)
r5 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0)
r6 = ioctl$KVM_CREATE_VM(r5, 0xae01, 0x0)
ioctl$KVM_SET_TSC_KHZ_vm(r6, 0xaea2, 0x10000007)
r7 = ioctl$KVM_CREATE_VCPU(r6, 0xae41, 0x0)
ioctl$KVM_SET_TSC_KHZ_cpu(r7, 0xaea2, 0x8)
ioctl$KVM_RUN(r7, 0xae80, 0x0)
r8 = syz_open_dev$video(&(0x7f0000000040), 0xa7, 0x0)
ioctl$VIDIOC_G_TUNER(r8, 0xc054561d, &(0x7f0000000180)={0x0, "836d11f8a2f7337496bff2b4d43d400ebf870e7cf92542da0cbdf188dede83ee", 0x4, 0x20, 0x7fffffff, 0x7, 0x10, 0x1, 0x0, 0x3})
r9 = socket(0x15, 0x5, 0x0)
getsockopt(r9, 0x200000000114, 0x2711, &(0x7f0000032580)=""/102396, &(0x7f0000000000)=0x18ffc)
syz_genetlink_get_family_id$tipc(&(0x7f0000000040), 0xffffffffffffffff)
ioctl$sock_inet_SIOCSIFPFLAGS(r4, 0x8934, &(0x7f0000000300)={'ip6gre0\x00', 0x314})
capset(0x0, &(0x7f0000000280)={0x0, 0x0, 0x0, 0x81, 0xffffffff})
sendmsg$nl_route_sched(0xffffffffffffffff, &(0x7f0000000000)={0x0, 0xfffffffffffffcc3, &(0x7f0000000140)={0x0}, 0x1, 0x0, 0x0, 0xc0d4}, 0x0)
getsockopt$inet_sctp_SCTP_RECONFIG_SUPPORTED(r9, 0x84, 0x75, &(0x7f0000000240), &(0x7f00000002c0)=0x8)
syz_usb_connect(0x0, 0x3f, &(0x7f0000003100)=ANY=[@ANYBLOB="11010000733336088dee1adb23610000000109022d0001100000000904000003fe03010009cd8d1f000200000009050502000000001009058b1e20"], 0x0)
syz_open_dev$char_usb(0xc, 0xb4, 0x0)
syz_usb_connect$uac1(0x1, 0x8a, &(0x7f0000000000)=ANY=[@ANYBLOB="eb010000000000086b1d01014000010203010902780003010000000904000000010300000a2401000000020102082408000000007009040100000102000009040101010102000007246b0cccf1ad912b2601060400002ae30905010900000000000725010100000009"], &(0x7f0000011700)={0x0, 0x0, 0x0, 0x0, 0x1, [{0x0, 0x0}]})

8.884371987s ago: executing program 0 (id=3044):
r0 = openat$uinput(0xffffffffffffff9c, &(0x7f0000000040), 0x802, 0x0)
ioctl$UI_SET_EVBIT(r0, 0x40045564, 0x3)
ioctl$UI_SET_ABSBIT(r0, 0x40045567, 0x0)
write$uinput_user_dev(r0, &(0x7f0000000540)={'syz1\x00', {0x6, 0x7fff, 0xb25, 0xb}, 0x6, [0x9, 0x8, 0x5, 0x6, 0x6, 0x3, 0xafc, 0x32, 0x838, 0xb2, 0x6ff5, 0x9f5, 0x5, 0x1000000, 0x0, 0x6, 0x8001, 0x6, 0x4a4c, 0x3, 0xfffffffd, 0x9, 0x10, 0x8001, 0x5, 0x1, 0xd4a, 0xffefe87a, 0x1, 0x6, 0x9, 0x9, 0x8, 0x0, 0x0, 0xe, 0xf9c6, 0x3ff, 0x3ff, 0x4, 0xd, 0xff, 0x8, 0x9, 0x3ff, 0x83f5, 0x0, 0x2, 0xfe0, 0x7ff, 0x8, 0x3, 0x4, 0x2, 0xa45, 0x1df, 0xffff, 0x3, 0x2, 0x9, 0xf, 0x101, 0x200, 0x9a0], [0x3, 0x8, 0x6, 0xd, 0x1, 0xad10, 0x6, 0x13a0, 0x86, 0x7fff, 0x101, 0x8, 0x5, 0x1, 0x2, 0xffff, 0x4, 0x4a, 0xf, 0xfffff32a, 0xfffffff7, 0x4c4, 0x400, 0x7f, 0x1, 0x7, 0x4, 0x8, 0x30, 0x9, 0x1, 0x3, 0x4c6fbc51, 0x10001, 0xd35, 0xa, 0x6, 0x1, 0x1, 0x200, 0x20, 0x9, 0x0, 0x3ec8d8d2, 0x0, 0x3, 0x3, 0x2, 0x8, 0x6, 0xe51, 0x1, 0x7, 0x8, 0x3, 0x2, 0x0, 0x62, 0x7, 0x6, 0x4, 0x6, 0xfff, 0x4], [0xffffffff, 0x9, 0x6, 0xffff, 0x6, 0x8, 0xffffffff, 0xfd, 0x20, 0x8, 0x9, 0x74, 0x283, 0x2, 0x4d, 0x6, 0x6, 0x3ff, 0x10000, 0x5, 0x40, 0x4, 0x8, 0x0, 0x4, 0x5, 0x8001, 0x7, 0x1, 0xffff, 0x5, 0x7, 0x1, 0x9, 0x4, 0xfff, 0x3, 0x0, 0x1, 0x80000001, 0x53c2, 0x4, 0x4, 0x3, 0x80, 0x50, 0x3, 0xc, 0x8, 0x5, 0x4, 0x400, 0x3, 0x5, 0x86, 0x6, 0x400000, 0xb, 0x4, 0x0, 0x400, 0xfe6c, 0x2, 0x9], [0x3, 0x9, 0xffffffff, 0x2, 0x66, 0xffff, 0x401, 0x6, 0x8, 0x3, 0x101, 0x4, 0x9, 0x8, 0xce, 0x2, 0x8001, 0x1, 0x7, 0x6, 0x601000, 0x9, 0x5, 0xd, 0x1, 0x446, 0x800, 0x2, 0x0, 0x3, 0x2, 0x375, 0xfffffff1, 0x6, 0x5, 0x4, 0x7fff, 0x4, 0x3a2, 0x3, 0x2005, 0xe, 0xee6, 0x0, 0x7, 0x3, 0x8241, 0x7, 0x3, 0x9, 0xc, 0x3, 0x1, 0x1, 0x3, 0x296, 0x6, 0x7, 0xf, 0x0, 0x3, 0x7, 0xd, 0x56be]}, 0x45c)
ioctl$UI_DEV_CREATE(r0, 0x5501)
write$uinput_user_dev(r0, &(0x7f0000000a40)={'syz1\x00', {0x0, 0x0, 0x6}, 0x0, [0x0, 0x0, 0x0, 0x4, 0x1, 0x0, 0x401, 0x0, 0x4, 0x20008001, 0x2000, 0x0, 0x2000000, 0x0, 0x80, 0x1, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x8, 0x90, 0x801, 0x0, 0x2, 0x0, 0x0, 0x2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3, 0x0, 0x0, 0x0, 0x3, 0x0, 0x0, 0x0, 0x0, 0xfffffffb, 0x0, 0x3, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7ff, 0x3, 0x0, 0x0, 0x5, 0x7], [0x0, 0x3, 0x6, 0x0, 0x0, 0x5, 0x3, 0xff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x9, 0x6189fbd8, 0x0, 0x400000, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xfffffffd, 0x0, 0x0, 0x0, 0x0, 0x0, 0x9, 0x2, 0x0, 0x9e2b, 0x0, 0xfffffffd, 0x5, 0x7aae62b1, 0x100000, 0x0, 0x40002, 0xffffffff, 0x1c, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x8, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7ff, 0x0, 0xfd5], [0x0, 0x0, 0x0, 0xd1, 0x0, 0x0, 0x0, 0x400, 0x0, 0x0, 0x3, 0x7, 0x0, 0x1, 0x0, 0x3, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xfffffffc, 0x0, 0x2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4, 0x0, 0x3, 0x8000000, 0x8, 0x0, 0x0, 0x99, 0x0, 0x0, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, 0xfffffffd, 0x0, 0x8, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x100000], [0x0, 0x0, 0x0, 0x0, 0x0, 0x4bdf, 0x2, 0xf152, 0x0, 0x10004, 0x0, 0x0, 0xff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xfffff9bf, 0x0, 0x5, 0x0, 0x0, 0x0, 0x0, 0x7ff, 0x0, 0x0, 0x1, 0x0, 0x6, 0x8, 0x0, 0x735, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0xffffffff, 0x0, 0x0, 0x0, 0x0, 0x4]}, 0x45c)

8.704072527s ago: executing program 0 (id=3045):
socket$nl_route(0x10, 0x3, 0x0)
socket$nl_netfilter(0x10, 0x3, 0xc)
socket$netlink(0x10, 0x3, 0x8000000004)
r0 = socket$alg(0x26, 0x5, 0x0)
bind$alg(r0, &(0x7f0000000200)={0x26, 'hash\x00', 0x0, 0x0, 'sha224\x00'}, 0x58)
accept4(r0, 0x0, 0x0, 0x0)
r1 = socket$inet6_sctp(0xa, 0x5, 0x84)
getsockopt$inet_sctp6_SCTP_SOCKOPT_CONNECTX3(r1, 0x84, 0x6f, &(0x7f0000000140)={0x0, 0x10, &(0x7f0000000100)=[@in={0x2, 0x4e20, @private=0xa010101}]}, &(0x7f0000000180)=0x10)
getsockopt$inet_sctp6_SCTP_GET_ASSOC_ID_LIST(r1, 0x84, 0x1d, &(0x7f0000000000)={0x1, [0x0]}, &(0x7f0000000080)=0x8)
openat$autofs(0xffffffffffffff9c, &(0x7f00000000c0), 0x200003, 0x0)
socket$kcm(0x11, 0x2, 0x0)
socket$nl_route(0x10, 0x3, 0x0)
syz_usb_connect$uac1(0x3, 0x71, &(0x7f0000000280)=ANY=[@ANYBLOB="1201500200000020"], 0x0)
landlock_create_ruleset(&(0x7f0000000040)={0x0, 0x3}, 0x10, 0x0)
socket$netlink(0x10, 0x3, 0x0)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000040)={0xffffffffffffffff, <r2=>0xffffffffffffffff})
r3 = socket$nl_route(0x10, 0x3, 0x0)
syz_usb_connect(0x0, 0x2d, &(0x7f00000012c0)=ANY=[@ANYBLOB="120100001ddf8208c007121522300000000109021b0001000000010904000001faf40d000905820349"], 0x0)
r4 = socket$inet_smc(0x2b, 0x1, 0x0)
connect$inet(r4, &(0x7f0000000000)={0x2, 0x4001, @remote}, 0x10)
sendmsg$nl_route(r3, &(0x7f0000000280)={0x0, 0x0, &(0x7f0000000940)={&(0x7f00000013c0)=ANY=[@ANYBLOB="640000001000030400"/20, @ANYRES32=0x0, @ANYBLOB="e5fda988000000002800128009000100766c616e00000000180002800c0002001c0000001f000000060001000000000008000500", @ANYRES32=r2, @ANYBLOB='\b\x00\n\x00', @ANYRES32=r4, @ANYBLOB="0a000100000070"], 0x64}, 0x1, 0x0, 0x0, 0x820}, 0x0)

8.233925644s ago: executing program 3 (id=3047):
socketpair$unix(0x1, 0x3, 0x0, &(0x7f0000000080)={<r0=>0xffffffffffffffff, <r1=>0xffffffffffffffff})
connect$unix(r0, &(0x7f000057eff8)=@abs, 0x6e)
sendmmsg$unix(r1, &(0x7f00000bd000), 0x318, 0x0)
recvmmsg(r0, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
bpf$OBJ_GET_PROG(0x7, 0x0, 0x0)
sched_setattr(0x0, &(0x7f0000000280)={0x38, 0x5, 0x8, 0x8001, 0x0, 0x9, 0x0, 0xfffffe0000000001, 0xfa11, 0xffffffff}, 0x0)
connect$unix(0xffffffffffffffff, 0x0, 0x0)
r2 = socket$inet6_sctp(0xa, 0x1, 0x84)
r3 = openat$sw_sync(0xffffffffffffff9c, &(0x7f0000000380), 0x0, 0x0)
ioctl$SW_SYNC_IOC_CREATE_FENCE(r3, 0xc0285700, &(0x7f0000000140)={0xbf48ce7, "1803c809800000000800000000000000000000000000d63175876b4c69a600", <r4=>0xffffffffffffffff})
r5 = openat$sw_sync(0xffffffffffffff9c, &(0x7f0000000200), 0x28001, 0x0)
ioctl$SW_SYNC_IOC_CREATE_FENCE(r5, 0xc0285700, &(0x7f0000000500)={0x2, "fa02c80a3a1e9d4b9aaf000000008d6762e69b5b7638dd031dd7504fe5809639", <r6=>0xffffffffffffffff})
ioctl$SYNC_IOC_MERGE(r6, 0xc0303e03, &(0x7f0000000080)={"6ef7669f274d13b691ebe44b00e4f5b53deca24dd02ace71edc05e3106628168", r4, <r7=>0xffffffffffffffff})
ioctl$SW_SYNC_IOC_CREATE_FENCE(r3, 0xc0285700, &(0x7f0000000000)={0x4, "34e6498c25f58dad9987ffe93bbabd18cf504a2700", <r8=>0xffffffffffffffff})
ioctl$SYNC_IOC_MERGE(r7, 0xc0303e03, &(0x7f00000000c0)={"0e337b42cc00d331ff0007000000000000001a00", r8})
setsockopt$inet_sctp6_SCTP_PEER_ADDR_PARAMS(r2, 0x84, 0x9, &(0x7f0000001d80)={0x0, @in6={{0xa, 0x4e23, 0x20006, @empty, 0x6}}, 0x7f, 0x2, 0x0, 0x5, 0x392, 0x94}, 0x9c)
shutdown(r2, 0x0)
r9 = socket$key(0xf, 0x3, 0x2)
sendmsg$key(r9, &(0x7f0000000380)={0x40000000, 0x0, &(0x7f00000000c0)={&(0x7f00000002c0)={0x2, 0x18, 0x0, 0xe, 0xc, 0x0, 0x0, 0x0, [@sadb_address={0x5, 0x17, 0x0, 0x0, 0x0, @in6={0xa, 0x0, 0x0, @empty}}, @sadb_x_filter={0x5, 0x1a, @in6=@mcast2, @in6=@private2, 0x29, 0x10, 0x10}]}, 0x60}}, 0x0)
getsockopt$inet_sctp6_SCTP_SOCKOPT_CONNECTX3(r2, 0x84, 0x6f, &(0x7f0000000340)={<r10=>0x0, 0x1c, &(0x7f0000000240)=[@in6={0xa, 0x4e24, 0x40, @local, 0x1}]}, &(0x7f0000000100)=0xc)
r11 = socket$nl_route(0x10, 0x3, 0x0)
r12 = fsopen(&(0x7f0000000280)='ceph\x00', 0x0)
fsconfig$FSCONFIG_SET_STRING(r12, 0x1, 0x0, &(0x7f0000002280)='//\xf2b\x06\b\xba\xdf/o\xdc\xea\x95\x9a\x82\x10\x97W\x8f7\x98\x9b///\x00\rmD\x94)U\xdb\x15X.I\n}\xf3\x9d\xe4_\x05\x9cqf4I^#b?9\xde\xafu\'\x83L\xe0\x97\xe1n_\xa4%\xb1\x97\x93\xafv\xce/\\\xb4L\xf2_\xa7\xfb\xf4\x84\x1fA\xeas^\xef\xa2\x85\xa3!\xfb\x97\xd7R\xab2\x1eW\xe9h\x9b\xf7ul\xf9D\xd4\x82X5\x13\xaa\x87\xf9\xba\xa9m\x14\x14R_\x9a\\>4\xce\x8e_#\xf8DD\x9bp\x01\xcc:\xa6\xc5n\x9f\xfb\x81 \x10\x0fQ\x90}Zd\xeb\xab\xf70\x99\xef\x8b<M\n\xc0`[\x82\xf6$\xa4\xbe\x1e\xd3\xe4\xd9L\x14\xed\xcfK\xcc\xeb,\x1a1\xa6\xf3e\xc2F\xc3V\x9c\x8c\xf8\xf7\xe2\xd5\x8bE\xee5\x00\xaa\xd5\xfc\x1b$\x06\x1a\xb0W#\xf4\xde6\x04c\xc0\xeec\xa0l\xd5d\xe5\xcd\xb2\xc10\x97w\x87\xe5\x06\x91W\rr\xf5\x97%\xe8pO\xeb]\xc2\x98C\xffK\xa0\xb3\\\x99{\xcdR\x92\x94\xf7\x1d\x01Q\x1a\xbd\x15b\x15h\xe2!\x00\xb9z)\x19\x00\xee\xd2)[p`\xb3\x03\xa7p\'X\xec\xcdoX\x05\xff\xff/o\xb2\xad\xb8\x89i@\f\xffS&\x8a\xc9\xfez\xc2\x90\xe7F\xa6\xdb\r\x03j,N\xe1lw\xec\xac\xe8\xf0\xbd\xa1\x98\xce\xf9\x1eR\x9cc\xc5ke_\xa7\x11\"\x04\xd8.\xa0\x15\x83\xf1\x92\xdby\xe9\xdc@.\xc1g\xc6\fc\xa26\xd8\xdf\xec\x9es\xee\xcc\x8am\x8b7\xcf\xc5\xa6\xf4\f\xabj%Y\xa9\xdd\x0e9e\xb5\xec\x99@\xd2\t\n\xb1o\x00\x00\x00\x00\x00\x00\x00\x00_\tN\xfd\xa2\xc2SPu\xe7\xc0+SL\xa1', 0x0)
sendmsg$nl_route(r11, &(0x7f0000000400)={0x0, 0x0, &(0x7f0000000200)={&(0x7f0000000140)=ANY=[@ANYBLOB='$\x00\x00\x00v'], 0x24}, 0x1, 0x5502000000000000}, 0x0)
getsockopt$inet_sctp6_SCTP_PEER_ADDR_PARAMS(r2, 0x84, 0x9, &(0x7f0000000140)={r10, @in6={{0xa, 0x4e24, 0x800, @empty, 0x9}}, 0x7, 0xfe00, 0x2, 0x3, 0x54, 0x6, 0xf5}, &(0x7f0000000480)=0x9c)
r13 = openat$nullb(0xffffffffffffff9c, &(0x7f0000000080), 0x4000000002a82, 0x0)
ioctl$BLKTRACESETUP(r13, 0xc0401273, &(0x7f0000000680)={'\x00', 0x8001, 0x101, 0x5308, 0xfffffffffffffffb, 0x40000, 0xffffffffffffffff})
r14 = dup(r13)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0x1000006, 0x28011, r14, 0x0)

7.979628552s ago: executing program 1 (id=3049):
r0 = socket$inet_tcp(0x2, 0x1, 0x0)
r1 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x103042, 0x0)
syz_mount_image$fuse(&(0x7f0000000240), &(0x7f0000000280)='./file0\x00', 0x8000, &(0x7f0000000300)=ANY=[@ANYBLOB="66643de9aedfe8a854143818cd678601a737f472a14e0644c709dc07978be6c788725b20d3555c29554f9bd9b04e944d6fd9b7bb969ad0272762b926a9a6b63b22a6578ddee83cf70297dd9ed933deee2d2716281ea5de40db1f96f39f8fd2579145b73159cc0ef76064cf499184d3054239c5bf6b9b8f0bcb4fdce9b9c50cb6c7cd29376499862998b406391f51167592e9e4d8fc64f4e2a33631a3c89ed7bf868b7e46ade7bd0200"/188, @ANYRESHEX=r1, @ANYBLOB=',rootmode=00000000000000000140000,user_id=', @ANYRESDEC=0x0, @ANYBLOB=',group_id=', @ANYRESDEC=0x0, @ANYBLOB=',default_permissions,max_read=0x0000000000000003,max_read=0x0000000000000001,default_permissions,max_read=0x0000000000005366,\x00'], 0x0, 0x0, 0x0)
socket$netlink(0x10, 0x3, 0x14)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
sendmsg$nl_route_sched(0xffffffffffffffff, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000000040)={&(0x7f0000001440)=@delchain={0xa5c, 0x65, 0x20, 0x70bd2d, 0x25dfdbfd, {0x0, 0x0, 0x0, 0x0, {0x6, 0xa}, {0xd}, {0xf, 0x5}}, [@TCA_CHAIN={0x8, 0xb, 0xd495}, @filter_kind_options=@f_flow={{0x9}, {0x9cc, 0x2, [@TCA_FLOW_KEYS={0x8, 0x1, 0x1fe06}, @TCA_FLOW_POLICE={0x438, 0xa, 0x0, 0x1, [@TCA_POLICE_RESULT={0x8, 0x5, 0x40}, @TCA_POLICE_AVRATE={0x8, 0x4, 0x4321}, @TCA_POLICE_RESULT={0x8, 0x5, 0x6}, @TCA_POLICE_RESULT={0x8}, @TCA_POLICE_RATE={0x404, 0x2, [0x4, 0x2326, 0x10000, 0x92f, 0x4, 0x1, 0x3, 0x3, 0x2, 0xe9, 0x8, 0x7ff, 0x1, 0xfffff7ca, 0xffff, 0x5, 0xff, 0xb72, 0x4, 0xc4, 0x4, 0x8, 0x8b, 0x0, 0xd188, 0x7, 0x5, 0xa, 0x78f, 0x9, 0x7, 0x401, 0xa, 0x7, 0x2, 0x4, 0x11764f3b, 0x4, 0x3e, 0x8e, 0x7, 0x0, 0x3, 0xa9bf, 0x10000, 0x800593d, 0x7, 0x3, 0x1, 0x6, 0x9, 0x80000001, 0x22, 0x760, 0x9b, 0x4, 0x8, 0x1, 0x1, 0x1, 0x9, 0x6, 0x1, 0x85, 0x4, 0x6, 0x8, 0x9, 0x0, 0xa, 0x10, 0xf, 0x1, 0x80, 0x7e, 0x8, 0x1f599a0a, 0x3aa5, 0x80000000, 0x1000, 0x2, 0xfffffffa, 0x0, 0x1, 0xffffff22, 0xb5c, 0x81, 0xb65, 0x0, 0xb, 0x8, 0xf0c6, 0xfffffffe, 0x3, 0x101, 0x3, 0x9, 0x3, 0x99, 0xe5ac, 0xf60, 0xf, 0xe, 0x80000000, 0x2, 0x80, 0x10, 0x6, 0x80, 0xfffffff9, 0x0, 0x3, 0x5, 0x8, 0xc28, 0xb, 0xffff0d29, 0x401, 0xffff, 0x6, 0xd, 0x0, 0x5, 0x7, 0x9, 0x7, 0x5, 0x9, 0x8, 0x9, 0x8, 0x6c0, 0x80000000, 0x80, 0x1000, 0x200, 0x200, 0x1, 0xde0, 0xa27, 0x6, 0x100, 0xc3a3, 0x2, 0x9, 0x7, 0x3, 0x6, 0x1000, 0x40, 0xd9db480, 0x4, 0x7, 0x5, 0x80, 0xff, 0xfffffffc, 0x34b, 0x7, 0x400, 0x2, 0x5, 0x2, 0xfffffca4, 0x10001, 0x80, 0x7, 0x5, 0x7, 0x6, 0x964, 0x4, 0x5, 0xffffffff, 0xb0, 0x6, 0x1, 0x3, 0x2, 0x86, 0x8, 0x5, 0x8ad7, 0x800, 0x9, 0xdf27, 0x6, 0x4, 0x4, 0x5, 0x6, 0xffffffff, 0x3, 0xfffffffa, 0x10001, 0x3, 0x80000001, 0x619, 0x6a, 0x9, 0xccb, 0x1, 0x80000000, 0x0, 0x5, 0x0, 0x5a8e, 0x99a4, 0x8, 0x405, 0x200, 0x5, 0x9, 0x243, 0x33861633, 0xa, 0x7, 0x40, 0x40, 0x60e, 0x5, 0x7, 0x3, 0x5, 0x3ff, 0x3, 0x2, 0x80000001, 0x328, 0x7f, 0xb94f, 0xc6c2, 0xffffffff, 0x4f, 0xb1c, 0x5, 0x53d9bf89, 0x9, 0xa0, 0xd87c, 0x294, 0x0, 0xfffffff9, 0x47, 0x3c819303, 0xb, 0x214, 0x0, 0xfffffffc, 0x5, 0xa, 0x0, 0x4, 0x40, 0x6, 0x7]}, @TCA_POLICE_AVRATE={0x8, 0x4, 0x1694}, @TCA_POLICE_AVRATE={0x8, 0x4, 0x8000}]}, @TCA_FLOW_KEYS={0x8, 0x1, 0x1a8af}, @TCA_FLOW_KEYS={0x8, 0x1, 0x1ba8}, @TCA_FLOW_MODE={0x8, 0x2, 0x1}, @TCA_FLOW_EMATCHES={0x14, 0xb, 0x0, 0x1, [@TCA_EMATCH_TREE_HDR={0x8, 0x1, {0x9}}, @TCA_EMATCH_TREE_HDR={0x8, 0x1, {0x5}}]}, @TCA_FLOW_ACT={0x374, 0x9, 0x0, 0x1, [@m_ife={0x170, 0x1f, 0x0, 0x0, {{0x8}, {0xa0, 0x2, 0x0, 0x1, [@TCA_IFE_TYPE={0x6, 0x5, 0x800}, @TCA_IFE_PARMS={0x1c, 0x1, {{0x6, 0xfffffff1, 0x20000000, 0xe9a, 0x9}}}, @TCA_IFE_SMAC={0xa}, @TCA_IFE_DMAC={0xa, 0x3, @multicast}, @TCA_IFE_PARMS={0x1c, 0x1, {{0x8, 0x3, 0x1, 0x14a, 0x9}, 0x1}}, @TCA_IFE_TYPE={0x6, 0x5, 0x4}, @TCA_IFE_SMAC={0xa}, @TCA_IFE_TYPE={0x6, 0x5, 0x100}, @TCA_IFE_PARMS={0x1c, 0x1, {{0x4, 0x9, 0x2, 0x9, 0x2}}}, @TCA_IFE_SMAC={0xa, 0x4, @link_local={0x1, 0x80, 0xc2, 0x0, 0x0, 0x3}}]}, {0xa9, 0x6, "7e2d8c2fdf2fa7e2fbd60bb6a0f7359375210a336cfc961967c3b3c7dada131e5003d196636574f1815449407e9a029a10816461969fd48c0565b5378efe56c68f3f8dac4faa707611c0f033acc934f151f1751df22714f6cff88c39f6fd8f95a9231917e692eff5a08860e12a82d447190eb0fe086d3e753fa590a1428a9b416f6f9cbd47c869e7e7e024b5f31aedbb32a167bc1794565ac7cb79f7351f5412f7802683ee"}, {0xc}, {0xc, 0x8, {0x2, 0x1}}}}, @m_skbmod={0x17c, 0x15, 0x0, 0x0, {{0xb}, {0x50, 0x2, 0x0, 0x1, [@TCA_SKBMOD_DMAC={0xa, 0x3, @local}, @TCA_SKBMOD_PARMS={0x20, 0x2, {{0x6, 0x85, 0x0, 0xa, 0x559}, 0xf}}, @TCA_SKBMOD_PARMS={0x20, 0x2, {{0x9, 0x5, 0x0, 0x1, 0xc0000000}}}]}, {0x102, 0x6, "68d49cd28ff2839c184d6c54fdb61d589ce569098f179c7e952b459c5d658f48556bfd1aba4094a2c25bc883537c94fcc8478bd22eef2b9bf2901cee555839235c7c14b752fcc48caa280ea123537f88e522a348e1db0ef62c30db3089769cb6eea768f80ce6e990b125cb38e2421cd01a9cbf26a459dd6a8c4ea3a315e9daca7a4382741a91493fa07c7c4f50a7e09a11a52e754fa4d362e91ad46601cb4fab5b8016486583465c88ae276740b65e9a527c10bd85ac4077b21494877e47cceb778ac405ea003c82cd94f354fd0c31914bc167d59a4e0fc375695b02f21892287f70e0d8626053d6bde2d4150b4f3352fd9bd8dbaca9e24923477398ee99"}, {0xc, 0x7, {0x1}}, {0xc, 0x8, {0x2}}}}, @m_connmark={0x84, 0xb, 0x0, 0x0, {{0xd}, {0x20, 0x2, 0x0, 0x1, [@TCA_CONNMARK_PARMS={0x1c, 0x1, {{0x0, 0xf, 0x3, 0x5, 0xaf1}, 0xe168}}]}, {0x36, 0x6, "13367acd1788e95f2a009caa62eb63d2198b803225ad4371adcbb83641e6c1059a0cb436a786b936940127378b2916eee604"}, {0xc, 0x7, {0x1}}, {0xc, 0x8, {0x1, 0x2}}}}]}, @TCA_FLOW_EMATCHES={0x1e8, 0xb, 0x0, 0x1, [@TCA_EMATCH_TREE_HDR={0x8, 0x1, {0xd1d2}}, @TCA_EMATCH_TREE_LIST={0x1dc, 0x2, 0x0, 0x1, [@TCF_EM_CONTAINER={0xd0, 0x2, 0x0, 0x0, {{0x8, 0x0, 0x6cfd}, "d4ce0ddc6000757deb408982442c6def07b00b6c68beaa547b68b64362274ce486f6320cc04eb4869c504d8e6bf7e0fef08b17cd294a167539cd8c6520ea758e4177fb1aa3a4a24405100cd396d3118e8cdd3fecccbffec8b3a0b4292771481cdf95c8c34e81eef8a10868596ff070ca499a82c6d0e98208240005568aad4fe68a8084a8d19b1878a708f326bb9a6267f2f32e32cc49951b9be7d34d5c090b8578776df1a71908bc6efff489c23c49c106d8105493a676095a060acff0e71a5bf9f0c9ab"}}, @TCF_EM_NBYTE={0x14, 0x1, 0x0, 0x0, {{0x9, 0x2, 0x8}, {0x0, 0x3, 0x2, "582ebb"}}}, @TCF_EM_CMP={0x18, 0x1, 0x0, 0x0, {{0x80, 0x1, 0x8000}, {0x7, 0xb, 0x0, 0x4, 0xf, 0x1}}}, @TCF_EM_CANID={0x14, 0x2, 0x0, 0x0, {{0x80, 0x7, 0x1}, {{0x0, 0x0, 0x1}, {0x2, 0x1, 0x0, 0x1}}}}, @TCF_EM_CANID={0x14, 0x1, 0x0, 0x0, {{0x9, 0x7, 0x80}, {{0x1, 0x1, 0x1, 0x1}, {0x0, 0x1, 0x1}}}}, @TCF_EM_CONTAINER={0x74, 0x1, 0x0, 0x0, {{0x6, 0x0, 0x7}, "386b21d30361301219d1d8e9cb6254f03676db07dea69e47683b9424484413e93dbb7ffbf08f4a8e7b1390267da8b621854f29027cbfbeae9f22a42b484638b8384ee489e20f92a8bd76a5f52d65b0b7571bb6a463b4a46b1cd28e398ecbcf04f7d11456082bd2"}}, @TCF_EM_IPT={0x40, 0x2, 0x0, 0x0, {{0xe, 0x9, 0x6}, [@TCA_EM_IPT_NFPROTO={0x5}, @TCA_EM_IPT_NFPROTO={0x5, 0x4, 0x5}, @TCA_EM_IPT_MATCH_NAME={0xb}, @TCA_EM_IPT_MATCH_REVISION={0x5, 0x3, 0x5}, @TCA_EM_IPT_HOOK={0x8, 0x1, 0x4}, @TCA_EM_IPT_HOOK={0x8, 0x1, 0x4}]}}]}]}]}}, @TCA_CHAIN={0x8, 0xb, 0x3}, @filter_kind_options=@f_flow={{0x9}, {0x2c, 0x2, [@TCA_FLOW_DIVISOR={0x8, 0x8, 0xfffffffe}, @TCA_FLOW_PERTURB={0x8, 0xc, 0x10}, @TCA_FLOW_XOR={0x8, 0x7, 0x5}, @TCA_FLOW_RSHIFT={0x8, 0x4, 0x200}, @TCA_FLOW_ADDEND={0x8, 0x5, 0x6}]}}, @TCA_RATE={0x6, 0x5, {0x0, 0xa}}, @TCA_CHAIN={0x8, 0xb, 0x7ea}, @TCA_CHAIN={0x8, 0xb, 0x10}]}, 0xa5c}, 0x1, 0x0, 0x0, 0x804}, 0x2002c810)
prlimit64(0x0, 0xe, 0x0, 0x0)
sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x7)
r2 = getpid()
sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeef, 0x8031, 0xffffffffffffffff, 0x707cb000)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={<r3=>0xffffffffffffffff, <r4=>0xffffffffffffffff})
connect$unix(r3, &(0x7f000057eff8)=@file={0x0, './file0\x00'}, 0x6e)
sendmmsg$unix(r4, &(0x7f0000000000), 0x400000000000041, 0x0)
sched_setaffinity(r2, 0x0, 0x0)
recvmmsg(r3, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
r5 = openat$procfs(0xffffffffffffff9c, &(0x7f00000000c0)='/proc/sysvipc/msg\x00', 0x0, 0x0)
bind$netlink(r5, &(0x7f0000000500)={0x10, 0x0, 0x25dfdbfc, 0x2000000}, 0xc)
prctl$PR_SET_MM(0x23, 0xa, &(0x7f00002d5000/0x2000)=nil)
r6 = syz_open_procfs(0xffffffffffffffff, 0x0)
preadv(r6, &(0x7f0000001400)=[{&(0x7f0000000040)=""/113, 0x200000b1}], 0x1, 0xc002a0, 0x0)
r7 = syz_io_uring_setup(0x18d7, &(0x7f0000000040)={0x0, 0x0, 0x2, 0x0, 0x25b}, &(0x7f0000ffe000), &(0x7f0000ffe000)=<r8=>0x0)
io_uring_register$IORING_REGISTER_IOWQ_MAX_WORKERS(r7, 0x2, &(0x7f0000000180), 0xfe)
syz_open_procfs(0x0, 0x0)
r9 = socket$inet6(0xa, 0x2, 0x0)
getsockopt$inet6_buf(r9, 0x29, 0x30, &(0x7f0000000180)=""/214, 0x0)
syz_emit_vhci(&(0x7f0000000540)=ANY=[@ANYBLOB="9974dcff236544c4c49ef57c01a699a65a0117ae4545bdf12d48568eea51eaab492a54d147d14713e1d13af743362a9488b12f98b12186084a28cf6e4e69b2ba263a092d516964e253238e1d0a325818bf330ba5ca", @ANYRES32=r0, @ANYRESOCT=r8, @ANYRESHEX=r7, @ANYRES32=r2, @ANYRES16=0x0, @ANYRESOCT=r4, @ANYRES64=r6], 0xfffffffffffffe30)
bind$inet(r0, &(0x7f00000000c0)={0x2, 0x4e20, @broadcast}, 0x10)
sendto$inet(r0, &(0x7f0000000000), 0x0, 0x20008005, &(0x7f0000000100)={0x2, 0x4e20}, 0x10)
shutdown(r0, 0x1)

7.278442546s ago: executing program 4 (id=3050):
fcntl$setstatus(0xffffffffffffffff, 0x4, 0x42000)
userfaultfd(0x801)
socketpair$unix(0x1, 0x3, 0x0, &(0x7f0000000080)={<r0=>0xffffffffffffffff, <r1=>0xffffffffffffffff})
connect$unix(r0, &(0x7f000057eff8)=@abs, 0x6e)
sendmmsg$unix(r1, &(0x7f00000bd000), 0x218, 0x0)
recvmmsg(r0, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
socket(0x22, 0x2, 0x24)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
ioctl$TIOCSPTLCK(0xffffffffffffffff, 0x40045431, 0x0)
sched_setattr(0x0, &(0x7f0000000100)={0x38, 0x5, 0x0, 0x0, 0x0, 0x0, 0x0, 0xfffffffffffffffe}, 0x0)
r2 = socket$inet_udp(0x2, 0x2, 0x0)
listen(0xffffffffffffffff, 0x0)
r3 = socket$inet_mptcp(0x2, 0x1, 0x106)
writev(0xffffffffffffffff, 0x0, 0x0)
shutdown(r3, 0x1)
r4 = syz_open_dev$dri(&(0x7f0000000100), 0x1f, 0x0)
ioctl$DRM_IOCTL_MODE_GETRESOURCES(r4, 0xc04064a0, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000140)=[<r5=>0x0], 0x0, 0x0, 0x0, 0x1})
ioctl$DRM_IOCTL_MODE_GETCONNECTOR(r4, 0xc05064a7, &(0x7f0000000a00)={0x0, 0x0, &(0x7f0000000000), 0x0, 0x0, 0x0, 0x0, 0x0, r5})
r6 = socket$inet6(0x10, 0x3, 0x0)
sendmsg(r6, &(0x7f0000000000)={0x0, 0x0, &(0x7f00000000c0)=[{&(0x7f0000001500)="5500000020007fafb72d13b2a4a2719302000000030b43026c26236925000400fe7f0000bd2dca8a9848a3c728f1c46b7b31afdc1338d509000000000100005ae583de0dd7d8319f98af84fda542e718f94b929ade", 0x55}], 0x1}, 0x0)
syz_usb_connect(0x0, 0x36, 0x0, 0x0)
ioctl$int_in(r2, 0x5452, &(0x7f0000000200)=0xffffffff)
openat$sequencer2(0xffffffffffffff9c, &(0x7f0000000240), 0xc2882, 0x0)
syz_emit_ethernet(0x66, &(0x7f0000000880)={@local, @link_local, @void, {@ipv6={0x86dd, @generic={0x0, 0x6, "b81923", 0x30, 0x0, 0x0, @empty, @local, {[@dstopts={0x29}], "d6eaf5e9114aa92d6ef4c971edf1f3f32acdb1339557d47f451df212f2ec084f845725165a4bdce8"}}}}}, 0x0)
syz_open_dev$midi(0x0, 0x500, 0x0)
r7 = seccomp$SECCOMP_SET_MODE_FILTER_LISTENER(0x1, 0x0, &(0x7f0000000040)={0x1, &(0x7f0000000000)=[{0x6, 0x0, 0x0, 0x7fff7ffc}]})
close_range(r7, 0xffffffffffffffff, 0x0)

6.359367516s ago: executing program 3 (id=3051):
r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000200), 0x161642, 0x0)
r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0)
r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0)
ioctl$KVM_SET_USER_MEMORY_REGION(r1, 0x4020ae46, &(0x7f0000000180)={0x0, 0x0, 0x0, 0x2000, &(0x7f0000000000/0x2000)=nil})
ioctl$KVM_NMI(r2, 0xae9a)
ioctl$KVM_SET_REGS(r2, 0x4090ae82, &(0x7f0000000380)={[0x0, 0x100000000, 0x0, 0x81, 0x100000, 0x0, 0x2004c8, 0x8000000, 0x0, 0x0, 0x7, 0x0, 0x5, 0x0, 0x2, 0xffffffffffffffff], 0x0, 0x200})
ioctl$KVM_RUN(r2, 0xae80, 0x0)
ioctl$KVM_SET_VCPU_EVENTS(r2, 0x4040aea0, &(0x7f0000000040)=@x86={0xff, 0xe, 0x7, 0x0, 0x9, 0x3, 0x7f, 0x9, 0x62, 0x81, 0x7, 0xc, 0x0, 0x3ff, 0x7, 0x7, 0x2, 0xcd, 0x1, '\x00', 0xe, 0x84})
ioctl$KVM_SET_REGS(r2, 0x4090ae82, &(0x7f00000002c0)={[0x400000000000000, 0x2, 0xfffffffffffffffe, 0x100000000004004, 0x2, 0x4, 0xefffffffffffffff, 0xd, 0x0, 0x1fffffe, 0x0, 0x1c, 0x0, 0xfffffffffffffbff, 0x5, 0x1], 0x0, 0x41901})
ioctl$KVM_RUN(r2, 0xae80, 0x0)
r3 = syz_open_procfs(0x0, &(0x7f0000002380)='net/ip_mr_cache\x00')
pread64(r3, &(0x7f0000000040)=""/117, 0x75, 0x3e)

5.766923266s ago: executing program 3 (id=3052):
r0 = socket$nl_generic(0x10, 0x3, 0x10)
openat$kvm(0xffffffffffffff9c, &(0x7f0000000100), 0x0, 0x0)
socketpair$unix(0x1, 0x3, 0x0, &(0x7f0000000080)={<r1=>0xffffffffffffffff, <r2=>0xffffffffffffffff})
connect$unix(r1, &(0x7f000057eff8)=@abs={0x0, 0x0, 0x4e22}, 0x6e)
sendmmsg$unix(r2, &(0x7f00000bd000), 0x318, 0x0)
recvmmsg(r1, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
sched_setattr(0x0, &(0x7f0000000280)={0x38, 0x5, 0xd, 0x8001, 0x0, 0x9, 0x0, 0x81, 0x11, 0xffffffff}, 0x0)
ioctl$KVM_SET_USER_MEMORY_REGION(0xffffffffffffffff, 0x4020ae46, &(0x7f0000000400)={0x0, 0x0, 0x0, 0x20002000, &(0x7f0000000000/0x2000)=nil})
ioctl$KVM_SET_REGS(0xffffffffffffffff, 0x4090ae82, 0x0)
ioctl$VIDIOC_SUBDEV_ENUM_FRAME_SIZE(0xffffffffffffffff, 0xc040564a, 0x0)
r3 = ioctl$KVM_CREATE_VCPU(0xffffffffffffffff, 0xae41, 0x0)
ioctl$KVM_RUN(r3, 0xae80, 0x0)
ioctl$KVM_RUN(r3, 0xae80, 0x0)
socket(0x40000000015, 0x5, 0x800)
openat$tun(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0)
mkdirat(0xffffffffffffff9c, 0x0, 0x34)
syz_clone(0x100411, 0x0, 0x0, 0x0, 0x0, 0x0)
openat$qrtrtun(0xffffffffffffff9c, &(0x7f0000000100), 0x8000)
r4 = socket$qrtr(0x2a, 0x2, 0x0)
connect$qrtr(r4, &(0x7f0000000200)={0x2a, 0xffffffffffffffff, 0xfffffffe}, 0xc)
r5 = syz_io_uring_setup(0x497, &(0x7f0000000540)={0x0, 0x4660, 0x400, 0x3, 0x285}, &(0x7f00000004c0)=<r6=>0x0, &(0x7f00000000c0)=<r7=>0x0)
syz_memcpy_off$IO_URING_METADATA_GENERIC(r6, 0x4, &(0x7f0000000080)=0xfffffffc, 0x0, 0x4)
syz_io_uring_submit(r6, r7, &(0x7f00000002c0)=@IORING_OP_WRITEV={0x2, 0x0, 0x0, @fd=r4, 0x0, 0x0})
io_uring_enter(r5, 0x3498, 0x969, 0xffff000000000000, 0x0, 0x0)
ioctl$sock_SIOCGIFINDEX_80211(r0, 0x8933, &(0x7f0000000640)={'wlan0\x00', <r8=>0x0})
sendmsg$NL80211_CMD_CONNECT(r0, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000200)={&(0x7f00000000c0)=ANY=[@ANYBLOB='<\x00\x00\x00', @ANYRES16, @ANYBLOB="0501ffffffff0a0000002e00000008000300", @ANYRES32=r8, @ANYBLOB="040046000800490006ac0f002300cc0010009d000000400000000800030000020e18b255688d7dafe9bfed7f50077fef340e53adf3eeb36fdea5b9166f73bac66b881aa915e91066eb8f835f6fc2bcaa7dfa123b59d202d651c77757635ce9e1e70bd016cd28fd46111a228edc098e99a8c754645a5cb4f1b4198e5cc7539db1281000dbff90f65e2927f1bbac7040c237b42d9d286000d47d66aee5a932877a38d087f205b22d3abc8007c93c199c8be963aed000097cf5c16366a13ab6df1cc3f6e610f1a5fd09f7ddeaf970d27ad7f42dbb8b5c"], 0x3c}, 0x1, 0x0, 0x0, 0x4000810}, 0x4004050)

5.440966696s ago: executing program 0 (id=3053):
r0 = socket$key(0xf, 0x3, 0x2)
socket$unix(0x1, 0x1, 0x0)
ioctl$BTRFS_IOC_SET_FEATURES(0xffffffffffffffff, 0x40309439, 0x0)
r1 = socket$nl_route(0x10, 0x3, 0x0)
r2 = socket$nl_route(0x10, 0x3, 0x0)
sendmsg$nl_route(r2, &(0x7f0000000280)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000200)=ANY=[@ANYBLOB="3000000010000100"/20, @ANYRES32=0x0, @ANYBLOB='\x00\x00\x00\x00\x00\x00\x00\x00\b\x00\n\x00', @ANYRES32=0x0, @ANYBLOB="08001b"], 0x30}}, 0x0)
r3 = socket$nl_generic(0x10, 0x3, 0x10)
ioctl$ifreq_SIOCGIFINDEX_team(r3, 0x8933, &(0x7f0000004700)={'team0\x00', <r4=>0x0})
syz_usb_connect$cdc_ncm(0x1, 0x0, 0x0, 0x0)
r5 = socket$kcm(0x10, 0x2, 0x0)
sendmsg$kcm(r5, &(0x7f0000000600)={0x0, 0xfffffffe, &(0x7f0000000080)=[{&(0x7f0000000000)="2e00000010008188040f80ec59acbc0413a1f8480f0000005e140602000000000e000a001000000002800000121f", 0x2e}], 0x1}, 0x0)
sendmsg$nl_route_sched(r1, &(0x7f0000000200)={0x0, 0x0, &(0x7f0000000240)={&(0x7f0000004c00)=@newtfilter={0x24, 0x11, 0xd27, 0x0, 0x0, {0x0, 0x0, 0x74, r4, {}, {}, {0x8, 0x5}}}, 0x24}, 0x1, 0xf0ffffffffffff, 0x0, 0x8881}, 0x0)
timerfd_create(0x8, 0x0)
r6 = epoll_create1(0x0)
r7 = syz_open_dev$sndpcmc(&(0x7f0000000000), 0x0, 0x0)
r8 = syz_open_dev$dri(&(0x7f0000000180), 0x1, 0x0)
ioctl$DRM_IOCTL_MODE_CREATE_DUMB(r8, 0xc02064b2, &(0x7f00000000c0)={0xdb, 0x1ff, 0xf})
epoll_ctl$EPOLL_CTL_ADD(r6, 0x1, r7, &(0x7f0000000040)={0xb0000000})
r9 = syz_io_uring_setup(0x88f, &(0x7f0000000140)={0x0, 0xaee1, 0x0, 0x2, 0xbfdffffc}, &(0x7f0000000000), &(0x7f0000000280))
io_uring_enter(r9, 0x47f6, 0x0, 0x2, 0x0, 0x0)
sendmsg$key(r0, &(0x7f0000000000)={0x500, 0x0, &(0x7f0000000040)={&(0x7f0000000340)=ANY=[@ANYBLOB="020300000e000000000000000000000002000600000000000a"], 0x70}}, 0x0)

4.589140146s ago: executing program 1 (id=3054):
r0 = socket$nl_generic(0x10, 0x3, 0x10)
r1 = syz_genetlink_get_family_id$nl80211(&(0x7f0000000080), 0xffffffffffffffff)
ioctl$sock_SIOCGIFINDEX_80211(r0, 0x8933, &(0x7f00000000c0)={'wlan1\x00', <r2=>0x0})
sendmsg$NL80211_CMD_SET_INTERFACE(r0, &(0x7f0000000100)={0x0, 0x0, &(0x7f0000000140)={&(0x7f0000000180)={0x24, r1, 0x5, 0x0, 0x0, {{}, {@val={0x8, 0x3, r2}, @void}}, [@NL80211_ATTR_IFTYPE={0x8, 0x5, 0x2}]}, 0x24}}, 0x0)
sendmsg$NL80211_CMD_CONNECT(r0, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000200)={&(0x7f0000000240)={0x44, r1, 0x5, 0x0, 0x0, {{}, {@val={0x8, 0x3, r2}, @void}}, [@NL80211_ATTR_SSID={0xa, 0x34, @default_ap_ssid}, @NL80211_ATTR_MAC={0xa, 0x6, @from_mac}, @NL80211_ATTR_AUTH_TYPE={0x8}, @chandef_params=[@NL80211_ATTR_WIPHY_FREQ={0x8}]]}, 0x44}}, 0x4400)
syz_80211_inject_frame(&(0x7f00000002c0)=@device_b, &(0x7f0000000300)=@mgmt_frame=@probe_response={{{}, {}, @device_b, @device_a, @from_mac}, 0x0, @default, 0x1, @val={0x0, 0x6, @default_ap_ssid}, @val={0x1, 0x8, [{0x2, 0x1}, {0x4, 0x1}, {0xb, 0x1}, {0x16, 0x1}, {0xc}, {0x12}, {0x18}, {0x24}]}, @void, @void, @void, @void, @void, @void}, 0x36)
nanosleep(&(0x7f0000000340)={0x0, 0x2faf080}, &(0x7f0000000380))
syz_80211_inject_frame(&(0x7f00000003c0)=@device_b, &(0x7f0000000400)=@mgmt_frame=@auth={{{}, {}, @device_b, @device_a, @from_mac, {0x0, 0x1}}, 0x0, 0x2, 0x0, @void}, 0x1e)
nanosleep(&(0x7f0000000440)={0x0, 0x2faf080}, &(0x7f0000000480))
syz_80211_inject_frame(&(0x7f00000004c0)=@device_b, &(0x7f0000000500)=@mgmt_frame=@assoc_resp={{{}, {}, @device_b, @device_a, @from_mac, {0x0, 0x2}}, 0x1, 0x0, @default, @val={0x1, 0x8, [{0x2, 0x1}, {0x4, 0x1}, {0xb, 0x1}, {0x16, 0x1}, {0xc}, {0x12}, {0x18}, {0x24}]}, @void}, 0x28)

4.04111782s ago: executing program 4 (id=3055):
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={<r0=>0xffffffffffffffff, <r1=>0xffffffffffffffff})
connect$unix(r0, &(0x7f000057eff8)=@abs, 0x6e)
sendmmsg$unix(r1, &(0x7f00000bd000), 0x318, 0x0)
recvmmsg(r0, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
r2 = openat$udambuf(0xffffffffffffff9c, &(0x7f0000000040), 0x2)
r3 = memfd_create(&(0x7f0000000080)='y\x105\xfb\xf7u\x83%:r\xc2\xb9x\xa4q\xc1\xea\x7f\x8cZ7`_4t\xcda\x9b\x11\x11\x0e\xa1\xcf\x00'/51, 0x2)
ftruncate(r3, 0x1000006)
r4 = ioctl$KVM_CREATE_VCPU(0xffffffffffffffff, 0xae41, 0x1)
ioctl$KVM_SET_REGS(r4, 0x4090ae82, &(0x7f0000000100)={[0x3, 0x7fff, 0x82, 0x8, 0xfff, 0x4, 0x5, 0x1ff, 0xfa71, 0x7, 0x9, 0x10, 0x8000, 0x0, 0x8, 0xffffffffffffffff], 0x2000, 0x2201})
fcntl$addseals(r3, 0x409, 0x7)
ioctl$UDMABUF_CREATE(r2, 0x40187542, &(0x7f0000000000)={r3, 0x0, 0x0, 0x1000000})
r5 = syz_open_dev$I2C(&(0x7f00000000c0), 0x3, 0x40000)
ioctl$I2C_SLAVE_FORCE(r5, 0x706, 0xce)

3.288863068s ago: executing program 3 (id=3056):
r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000200), 0x81, 0x0)
r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0)
ioctl$KVM_CAP_EXIT_HYPERCALL(r1, 0x4068aea3, &(0x7f0000000040)={0x79, 0x0, 0xc})
r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x1)
ioctl$KVM_SET_GSI_ROUTING(r1, 0x4008ae6a, &(0x7f0000000300))
ioctl$KVM_SET_MSRS(r2, 0x4008ae89, &(0x7f00000000c0)={0x1, 0x0, [{0x4000009c, 0x0, 0xba}]})
ioctl$KVM_IRQ_LINE_STATUS(r1, 0xc008ae67, &(0x7f00000002c0)={0x0, 0x1})
r3 = socket$inet_mptcp(0x2, 0x1, 0x106)
setsockopt$inet_tcp_TCP_CONGESTION(r3, 0x6, 0xd, &(0x7f0000000040)='westwood', 0x8)
ioctl$KVM_CAP_ENFORCE_PV_FEATURE_CPUID(r2, 0x4068aea3, &(0x7f0000000100)={0xbe, 0x0, 0x1})
getsockopt$inet_tcp_buf(r3, 0x6, 0x1a, 0x0, &(0x7f00000000c0))

3.017205461s ago: executing program 1 (id=3057):
r0 = socket$igmp(0x2, 0x3, 0x2)
setsockopt$ARPT_SO_SET_REPLACE(r0, 0x0, 0x60, &(0x7f0000000440)={'filter\x00', 0xb001, 0x4, 0x3d8, 0xe0, 0xe0, 0xe0, 0x2f8, 0x2f8, 0x2f8, 0x7fffffe, 0x0, {[{{@uncond, 0xbc, 0xe0, 0x0, {0xff03000000000000}}, @unspec=@STANDARD={0x24, '\x00', 0x0, 0xe0}}, {{@arp={@multicast2, @broadcast, 0xff, 0xff000000, 0x10, 0xf, {@empty, {[0xff, 0x0, 0x0, 0xff]}}, {@mac=@random="9b90ceb9f7a9", {[0x0, 0x0, 0xff, 0xff, 0xff]}}, 0x5, 0x6, 0x6, 0x40d, 0xf01, 0x5592, 'bridge0\x00', 'team_slave_0\x00', {}, {0xff}, 0x0, 0x302}, 0xbc, 0x10c, 0x0, {0x0, 0x1e03}}, @mangle={0x50, 'mangle\x00', 0x0, {@mac=@dev={'\xaa\xaa\xaa\xaa\xaa', 0xe}, @empty, @loopback, @empty}}}, {{@arp={@rand_addr=0x64010100, @remote, 0x0, 0x0, 0x0, 0xc, {@mac=@link_local={0x1, 0x80, 0xc2, 0x0, 0x0, 0x3}, {[0x0, 0x0, 0x0, 0xff, 0xff]}}, {}, 0xe, 0x1, 0xfff8, 0x0, 0x0, 0x9, 'ip6_vti0\x00', 'netpci0\x00', {}, {}, 0x0, 0x84}, 0xbc, 0x10c}, @mangle={0x50, 'mangle\x00', 0x0, {@empty, @mac=@dev={'\xaa\xaa\xaa\xaa\xaa', 0x2a}, @empty, @initdev={0xac, 0x1e, 0x0, 0x0}, 0x1, 0x1}}}], {{'\x00', 0xbc, 0xe0}, {0x24}}}}, 0x424)

2.934201366s ago: executing program 3 (id=3058):
bpf$BPF_PROG_WITH_BTFID_LOAD(0x5, &(0x7f0000000100)=@bpf_ext={0x1c, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x41100, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x1313f, 0xffffffffffffffff, 0x0, 0x0, &(0x7f00000003c0), 0x10, 0x746}, 0x94)
r0 = openat$tun(0xffffffffffffff9c, &(0x7f0000000080), 0x0, 0x0)
socketpair$unix(0x1, 0x3, 0x0, &(0x7f0000000080)={<r1=>0xffffffffffffffff, <r2=>0xffffffffffffffff})
connect$unix(r1, 0x0, 0x0)
sendmmsg$unix(r2, 0x0, 0x0, 0x0)
recvmmsg(r1, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
r3 = syz_io_uring_setup(0x88f, &(0x7f0000000300)={0x0, 0x17da, 0x0, 0x1, 0xbfdffffc}, &(0x7f0000000000)=<r4=>0x0, &(0x7f0000000180)=<r5=>0x0)
syz_memcpy_off$IO_URING_METADATA_GENERIC(r4, 0x4, &(0x7f0000000080)=0xfffffffc, 0x0, 0x4)
r6 = socket$inet(0x2, 0x4000000000000001, 0x0)
bind$inet(r6, 0x0, 0x0)
setsockopt$sock_int(r6, 0x1, 0x29, &(0x7f0000000100)=0xac05, 0x4)
sendto$inet(r6, 0x0, 0x0, 0x200007fd, &(0x7f0000000000)={0x2, 0x24e23, @loopback}, 0x10)
setsockopt$SO_TIMESTAMPING(r6, 0x1, 0x25, 0x0, 0x0)
ioctl$ifreq_SIOCGIFINDEX_vcan(0xffffffffffffffff, 0x8933, &(0x7f0000000140)={'vcan0\x00'})
ioctl$TIOCGPTPEER(0xffffffffffffffff, 0x5441, 0x8)
socket$inet6(0xa, 0x5, 0x0)
getsockopt$inet_sctp6_SCTP_GET_PEER_ADDR_INFO(0xffffffffffffffff, 0x84, 0x17, 0x0, &(0x7f00000002c0))
r7 = dup(0xffffffffffffffff)
write$UHID_INPUT(r7, &(0x7f0000001040)={0xfc, {"a2e3ad0e090d07f91b5e1a1887f70706d038e7ff7fc6e5539b0d3c0a8b089b3f3b3168030890e0879b0af8c6e70a9b334a959b669a240d0a0af3988f7ef319520100ffe8d178708c523c921b1b5b31070d0773090acd3b78130daa61d8e8040000005802b77f07227227b7ba67e0e78657a6f5c2a874e62a9ccdc0d31a0c9f318c0da1993bd160e233df4a62179c6f30e065cd5b91cd0ae193973735b36d5b1b63dd1c00305d3f46635eb016d5b1dda98e2d749be7bd1df1fb3b231fdcdb5075a9aaa1b469c3090000000000000075271b286329d169934288fd789aa37d6e98b224fd44b65b31334ffc55cc82cd3ac32ecdb08ced6f9081b4dd0d8b38f3cd4498bee800490841bdb114f6b76383709d8f5c55432a909fda039aec54a1236e80f6a8abadea7662496bddbb42be6bfb2f17959d1f416e56c71b1931870262f5e801119242ca026bfc821e7e7daf2451138e645bb80c617669314e2fbe70de98ec76a9e40dad47f36fd9f7d0d42a4b5f1185ccdcf16ff46295d8a0fa17713c5802630933a9a34af674f3f39fe23491237c08822dec110911e893d0a8c4f677747abc360934b82910ff85bfd995083bba2987a67399eac427d145d546a40b9f6ff14ac488ec130fb3850a27af9544ae15a7e454dea05918b41243513f000000000000000a3621c56cea8d20fa911a0c41db6ebe8cac64f17679141d54b34bbc9963ac4f4bb3309603f1d4ab966203861b5b15a841f2b575a8bd0d78248ebe4d9a80002695104f674c2431dca141fae269cab70e9a66f3c3a9a63e9639e1f59c0ede26c6b5d74b078a5e15c31634e5ae098ce9ee70771aaa18119a867e1088334975e9f73483b6a62fa678ca14ffd9f9db2a7869d85864056526f889af43a6056080572286522449df466c632b3570243f989cce7cd9f465e41e610c20d80421d653a5520000008213b704c7fb082ff27590678ef9f190bae97909507041d860420c5664b27921b14dc1db8892fd32d0ad7bc946813591ad8deff4b05f60cea0da7710ac0000000000008000bea37ce0d0d4aa202f928f28381aab144a5d429a04a6a2b83c7068ae949ed06e288e810bac9c76600025e19c907f8ea2e2010000008271a1f5f8528f227e79c1389dbdfffe492f21579d2c15b8c70cdb1c332d86d87341432750861ec2bc3451edca194b221cfec4603d276bbaa1dfa6d4fb8a48a76eafc9a9a0270e4c10d64cd5a62427264f2377fe763c43470833ac96c45f357cbbaba8f1b1fdcc7cbb61a7cdb9744ed7f9129aede2be21ccfdc4e9134f8684b3a4f354da9a795e96334e207dff70f1988037b2ed3aaf575c0b88d8f146684078416d59fdee5325928974d12dad99dac44c3f0008047096a44002bebc2420aed92fa9b6578b4779415d4ac01b75d5495c118045651cf41c2fc48b778efa5ea5677747430af4162b987b80c3e001cd34e5c92f76cc4c24eeb8bc4e9ac2aed9e53803ed0ca4ae3a9737d214060005ea6f1783e287b3bee96e3a726eafe2fdfaa78d1f48c13b64df07847754b8400daaa69bf5c8f4350aeae9ca1207e78283cd0b20ceb360c7e658828163e2d25c4aa348561f927e88f63aa70e73a5e69b3df3495903f06572e1e007fa55a2999f596d067312f5779e8dbfdcf3427138f3d444d2639a10477f9bec4b0bbb6e3c04be68981f392203dd0ee3ef478e16dacfc5e3e03cf7ab8e3902f1b0ff034ef655b253ca509383815b1b6fc6522d4e4fdc11a48cf42d48604675fde2b94cf00500a2690891abf8ab9c015073014d9e08d4338b8780bdecd436cf0541359bafffa45237f104b96210403b2de9efed496f42355bc7872c827467cfa5c4e72730d56bd068ed211cf847535edecb7b373f78b095b68441a34cb51682a8ae4d24ad0465f3927f889b813076038e79a7962fb385a882e8020f06c4c2ba1dd5cac7c18876da865d258734dd73583df292892448039ef799cf0630becdcce04579b5561dc825ab829827945e020c1f67ee615feb6243378e0610060f02cca4e91b2f001edb3d78fb4b55668dda93aec92a5de203717aa49c2d284acfabe262fccfcbb2b75a2183c46eb65ca8104e1b4da7fbb77ab2fc043aead87c32ab875ee7c2e7b7019c982cd3b43eaeb1a5fb135c0c7dcee8fe6516a328032f88c042891824659e9e94265c803b35ee5f83a2b210520106b8a358b50ab7a1fa89af9c251fe5294b3d1802d5676d95f160ec97b1ad94872cb2044642c37b4a6cc6c04effc1672db7e4b68d787d9a7a508ae54b3cd7369dde50e8c77d95a3d361c040babb171607caac2a3559ad4f75465f49c0d0ae3716db6e00cb11db4a5fade2a57c10238e204a67737c3b42aae501b20f7694a00f16e2d0174035a2c22656dc29880acebdbe8ddbd75c2f998d8ac2dfad2ba3a504767b6b45a45957f24d758ed024b3849c11d412a2a03b4047497022d9c30e23ef4df5c89644f48bb536f7945b59d7bcddff754413d135273ea8e75f22f216c6b9990ae71806f2c00b4025c48b75c0f73cdb9a7b8fa367b50028067e7f16f4dd569d462f4f19eacdb3ed70eeebb4483f8fd777d443e8b40427db6fe29068c0ca3d2414442e8f3a154704b0e51bc664a137b26be719f4f7c9a5678a674dfc95df80b9ce375dd649c8c704e509bd88c8e63d8c7dd67071115c8982ba46af4d6adcc9f68a75b9397b035153faf46366e7205dd8d6f37525c1a0e94610dd94323f6c15d085197149bfd6655548cfd9c52c9711937f79abb1a124f1210465483cd3b2d78378cfb85ed82e7da0f6eb6d279f2ae455925d0f6f1ba571eba281f2a654fb39ddff3b484439ff158e7c5419e037f3e3ad038f2211f1033195563c7f93cd54b9094f226e783271e1e5a2a2c10712eab625d64931cd4ffe6738d97b9b5ef828ee9fb059fc01af0e79c1e14b1d25988c69a399567c1d93768f7971d31488b8658a20878b7c1dd7ba02fc42939dde3d4a3339a65d507dc59c51097b40517705da56e9ebf0afa53282bf86dbb58c548069ff6eb95aade7cc66d7bbef724779ca1f731b3346ff177050373d79ff7b3e7f9bc0c1b4b266a8878b90baaa039d3e3b63979ac3df6e6f4859afd50238c7547a39b60810938044ae185d2ba3e00a4e73676864ae090d81eaee5ee6cf1d0ab378dd4dd891e937c2ea5410e0513005000000000000003911fab964c271550027697b52160687461602f88df165d884b36ec2b6c25a2f33c715687e9d4afb96d6861aca47da73d6f3144345f48843dd014e5c5ad8fe995754bd9cf32fce1e31919c4b2082fb0a30b9deae84bed4b28045634073c9c58c89d9e99c81769177c6d594f88a4facfd4c735a20307c737afa2d60399473296b831dbd933d93994ba3064279b10ea0c5833f41f157ea2302993dbe433b1aa3a3766d5439020484f4113c4c859465c3b415c3432f81db8719539d5bf372aaaea1cc43a6c5cbe59758bfee2916580dac4b008e595f437491d87abed02cefcd9db53d94d02daee67918e5d6787463183b4b87c1050000002f7809959bc048850613d17ca51055f2f416a44fe180d2d50c312cca7cb14a2bdc331f57a9817139a206fc76957227ffff2de20a4b8e3737fbb42913777c06376f799eba367e21f94ca598705f5dcb767d6f0900d6b0f6095e53c4c4234d0c1fbe434f6ab8f43c0013ee93b83946ee7759e89d7bdd1a32d7b311711b757fe43c06d21a35810d8fe98b27faea8aa12bc8716eefc5c97c45ac33eeec964c5214bc3a9359bdea1cccab94f15e36319cb34ebcacedb82c2ed3de5a8a8f0011e8f74e82d7f96093530e76692839d7961939adfdeeeaff19d11efcafb6d546fef271e89d6cc2389e81ff58cefcce3fbf4625a7e7de40e42e07b34449e15e065cc7340002000000000000f288a4510de03dab19d26285eda89156d50dd385a60333ba5bbf5d77cd7007ad1519ad5470de3dd6d6080cafccf8a97406bb6b68a1f0c4549820a73c880f475f732ae00398e8bd1f4108b7807fb33b72685ec37a2d3f766413a60459516246e5a1d998a2017aef0948a68cf255315ab80dd349e891aef595dc4d470e8ac32a308e15fc37d06aeac289c0523f483e1ff7408c6087f1ab652f2ef91d4f2b01987b0f46da034e5c3f745a7ee8101a3934c54e24b48ec0275e2d0687dc746b0827cbf652f406c6b95f2722e58c05f752ce2126596e1cd7655b904801784c416b22f73d324678e2724f43f1fe687c7e8a60c28b82b6528341b648cdd56fed7cdcbb1575912d5ecd36dea3bca0b7427d8392c6289455e8f8d2ab2242729251ae033a9e02210e62df0546a74b333a1c48f95fd54acb5741259e8c5488efeee327415cc19451432c6f14c27693102a3cd84857cd6586fc5ca9a93eb0145fac0662ff86107f998a8ef7df8aa14046c55b03d3d47f88a8d60f7774a2ee08758897fb411a94b3c2fc5d5f0db42c0456ec015f08e5247d33ae2d35603ff8454c16f8342856935125102bb784ed7148b6ce431b63ee356b0c785f2f47b90e29389f22fc5b59a70efaea2bd40195af4486220d702e30bfc43c10ec23ea6283994a7dde4dcb61fea6b651fb1d62458d0741a12830052fcc460db043afe525629b40d7cee458e4cb5e930ed624806c43a006e39336d07c2b8081c128ad2706f48261f7897484c297a1a6613bc18f5a38d442768af38041efe03d152ef95ff569e76db2391f4509d7f339d92fdb4a89364949da398000000000000000d80a4fe654578376e599aff3565b1d531f30912b9945030b81ea9935fd46edb44a78f615255490a4b621501f2a9e4d24624c4dac9274118c67584f5d374755534d7f68f679c4ff516a9c861a0e7e65868fcb2bf1cb9aea4e05df72279fdb0d2b9e935c5af3cf474bed79dfc248c1f5aea4b8b32c5d295e57079d0fe662a46b7f71cd47744db86c50b704c971d90295c7b2c7439a2d78ccfa79b5fc2bff6bbf840262bf89394b3e0691953264d2700c838fa2c7b3425260f59554e502dcea39cb313b0000000000004ca7c12f45858d6284ca6270d6b2f0e58fded8a7b4a302a97bc641df07720ba2b26bbfcc807ca0abb1b44322269c21c5ec68cb068ea88067d905ea917bb03eefdaebdeabf2d0dce80997c915c8949de992587c2cb5fe36d7d3e5db21b094b8b77940b5f07722e47a08d367e5f84c96ec664b72934b99b3109af65d77e86abd6859cddf4bbae1f0930462df15fddbc48562ea3511a8065ef028cf12f14dcf6ebecd8d884836174faf1aa609e5f1ee1162dfa13bdc1fa7cfaadba85c72e9758f03a755d0be53f8d2a1dfb1c68cc164b0a0780d971a96ea2c4d4ca0398c2235980a9307b3d5bd3b01faffd0a5dbed2881a9700af561ac8c6b00000000000000f96f06817fb903729a7db6ff957697c9ede7885d94ffb0969be0daf60af93109eb1dee72e4363f51af62af6fb2a6df3bec89822a7a0b678058fa3fef86faec216eb6992162f8dcbf719c148cd2f9c55f4901203a9a8a2c3e90f3943dbc10360a1a49700d1dfbf66d69f6fbaf506c8bcce8bb0d872a02238926407a4eddd5d0fc5a752f9000", 0xffffffffffffff34}}, 0x1006)
syz_io_uring_submit(r4, r5, &(0x7f00000000c0)=@IORING_OP_RECV=@use_registered_buffer={0x1b, 0x10, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x2060, 0x0, {0x3}})
io_uring_enter(r3, 0x75fa, 0xe475, 0x0, 0x0, 0x0)
close(r0)
r8 = openat$ppp(0xffffffffffffff9c, &(0x7f0000000200), 0x88081, 0x0)
ioctl$TUNSETOFFLOAD(r8, 0xc004743e, 0x110e22fff6)
ioctl$TUNGETVNETLE(r0, 0x40087447, &(0x7f0000000180))

2.913690995s ago: executing program 2 (id=3007):
r0 = socket$nl_generic(0x10, 0x3, 0x10)
openat$kvm(0xffffffffffffff9c, &(0x7f0000000100), 0x0, 0x0)
socketpair$unix(0x1, 0x3, 0x0, &(0x7f0000000080)={<r1=>0xffffffffffffffff, <r2=>0xffffffffffffffff})
connect$unix(r1, &(0x7f000057eff8)=@abs={0x0, 0x0, 0x4e22}, 0x6e)
sendmmsg$unix(r2, &(0x7f00000bd000), 0x318, 0x0)
recvmmsg(r1, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
sched_setattr(0x0, &(0x7f0000000280)={0x38, 0x5, 0xd, 0x8001, 0x0, 0x9, 0x0, 0x81, 0x11, 0xffffffff}, 0x0)
ioctl$KVM_SET_USER_MEMORY_REGION(0xffffffffffffffff, 0x4020ae46, &(0x7f0000000400)={0x0, 0x0, 0x0, 0x20002000, &(0x7f0000000000/0x2000)=nil})
ioctl$KVM_SET_REGS(0xffffffffffffffff, 0x4090ae82, 0x0)
ioctl$VIDIOC_SUBDEV_ENUM_FRAME_SIZE(0xffffffffffffffff, 0xc040564a, 0x0)
r3 = ioctl$KVM_CREATE_VCPU(0xffffffffffffffff, 0xae41, 0x0)
ioctl$KVM_RUN(r3, 0xae80, 0x0)
ioctl$KVM_RUN(r3, 0xae80, 0x0)
socket(0x40000000015, 0x5, 0x800)
openat$tun(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0)
mkdirat(0xffffffffffffff9c, 0x0, 0x34)
syz_clone(0x100411, 0x0, 0x0, 0x0, 0x0, 0x0)
openat$qrtrtun(0xffffffffffffff9c, &(0x7f0000000100), 0x8000)
r4 = socket$qrtr(0x2a, 0x2, 0x0)
connect$qrtr(r4, &(0x7f0000000200)={0x2a, 0xffffffffffffffff, 0xfffffffe}, 0xc)
r5 = syz_io_uring_setup(0x497, &(0x7f0000000540)={0x0, 0x4660, 0x400, 0x3, 0x285}, &(0x7f00000004c0)=<r6=>0x0, &(0x7f00000000c0)=<r7=>0x0)
syz_memcpy_off$IO_URING_METADATA_GENERIC(r6, 0x4, &(0x7f0000000080)=0xfffffffc, 0x0, 0x4)
syz_io_uring_submit(r6, r7, &(0x7f00000002c0)=@IORING_OP_WRITEV={0x2, 0x0, 0x0, @fd=r4, 0x0, 0x0})
io_uring_enter(r5, 0x3498, 0x969, 0xffff000000000000, 0x0, 0x0)
syz_genetlink_get_family_id$nl80211(&(0x7f0000000080), 0xffffffffffffffff)
ioctl$sock_SIOCGIFINDEX_80211(r0, 0x8933, &(0x7f0000000640)={'wlan0\x00'})

2.895708083s ago: executing program 1 (id=3059):
r0 = socket$inet(0x2, 0x4000000000000001, 0x0)
bind$inet(r0, &(0x7f0000000400)={0x2, 0x4e23, @multicast1}, 0x10)
sendto$inet(r0, 0x0, 0x0, 0x200007fd, &(0x7f0000000000)={0x2, 0x24e23, @loopback}, 0x10)
setsockopt$SO_TIMESTAMPING(r0, 0x1, 0x41, &(0x7f0000000040)=0x1b32, 0x4)
r1 = openat$sndseq(0xffffff9c, &(0x7f0000001240), 0x0)
ioctl$SNDRV_SEQ_IOCTL_CREATE_PORT(r1, 0xc0a45320, &(0x7f00000000c0)={{0x80}, 'port0\x00', 0x3eb, 0x2062f, 0x3, 0x7, 0x0, 0xc, 0x400, 0x0, 0x6, 0xfd})
r2 = openat$sequencer(0xffffff9c, &(0x7f0000000000), 0x20000, 0x0)
r3 = dup2(r1, r2)
read$FUSE(r3, &(0x7f0000004380)={0x2020}, 0x2020)
sendto$inet(r0, &(0x7f0000000540)='v', 0x1, 0x4040, 0x0, 0x0)
recvmmsg(r0, &(0x7f0000000140)=[{{0x0, 0x0, 0x0, 0x0, &(0x7f0000001200)=""/25, 0x19}, 0xde6c}], 0x33, 0x40012002, 0x0)
sendmmsg$alg(0xffffffffffffffff, &(0x7f0000000040)=[{0x0, 0x0, &(0x7f0000000000)=[{0x0}, {0x0}], 0x2}], 0x1, 0x40800)
r4 = socket$inet6_tcp(0xa, 0x1, 0x0)
bind$inet6(r4, &(0x7f0000000140)={0xa, 0x4e22, 0x0, @empty}, 0x1c)
listen(r4, 0x0)
syz_emit_ethernet(0x4a, &(0x7f00000004c0)={@local, @empty, @void, {@ipv6={0x86dd, @tcp={0x0, 0x6, "0a8435", 0x14, 0x6, 0x0, @remote, @local, {[], {{0x0, 0x4e22, 0x41424344, 0x41424344, 0x0, 0x0, 0x5, 0x2}}}}}}}, 0x0)
syz_emit_ethernet(0x4e, &(0x7f0000000000)={@local, @link_local, @void, {@ipv6={0x86dd, @tcp={0x0, 0x6, '\x00', 0x18, 0x6, 0x1, @empty, @local, {[], {{0x400, 0x4e22, 0x41424344, 0x41424344, 0x0, 0x4, 0x6, 0xc2, 0x0, 0x0, 0x0, {[@sack={0x5, 0x2}]}}}}}}}}, 0x0)

2.687405902s ago: executing program 1 (id=3060):
socket$packet(0x11, 0xa, 0x300)
r0 = openat$tun(0xffffffffffffff9c, &(0x7f0000000000), 0x40241, 0x0)
ioctl$TUNSETIFF(r0, 0x400454ca, &(0x7f0000000200)={'syzkaller1\x00', 0xc201})
io_submit(0x0, 0x1, &(0x7f0000000300)=[&(0x7f0000000000)={0x0, 0x0, 0x20, 0x0, 0x0, 0xffffffffffffffff, 0x0}])
r1 = socket$kcm(0x2, 0xa, 0x2)
syz_usb_connect(0x0, 0x48, 0x0, 0x0)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
r2 = socket$inet6(0xa, 0x3, 0x6)
setsockopt$inet6_buf(r2, 0x29, 0x39, &(0x7f0000000040)="ff02040000ffffffffffffffff1f2be82db1af0000000000", 0x18)
getsockopt$MISDN_TIME_STAMP(0xffffffffffffffff, 0x0, 0x1, 0x0, 0x0)
socket$nl_netfilter(0x10, 0x3, 0xc)
connect$inet6(r2, &(0x7f0000000080)={0xa, 0x4e2b, 0x7, @rand_addr=' \x01\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x02', 0x7ff}, 0x1c)
sendmmsg$inet6(r2, &(0x7f0000002940)=[{{0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x8000000}}], 0x800008d, 0x0)
ioctl$SIOCSIFHWADDR(r1, 0x8914, &(0x7f0000000180)={'syzkaller1\x00', @link_local})
write$tun(r0, &(0x7f00000002c0)=ANY=[@ANYBLOB="000086dd000411000400000097ff6e6ad9ba00442f017944154f000000000000ffff7f000001ff020000000000000000000000000001"], 0x7a)

2.570836025s ago: executing program 0 (id=3061):
r0 = socket$netlink(0x10, 0x3, 0x0)
r1 = socket(0x10, 0x803, 0x0)
bpf$PROG_LOAD(0x5, &(0x7f00000017c0)={0x1, 0xe, &(0x7f0000000380)=ANY=[@ANYBLOB="b700000012edfffebfa30000000000000703000028feffff7a0af0fff8ffffff61a4f0ff000000001f040000000000003f000000000000005504020001ed0a0085ff0000170000000f030000000000007b0a00fe000000006e04000000000000c6000000000000009500000000000000023bc065b7a379d17cf9333379fc9e84af69912435f1b6a693002e7f3be3619184a0b139d8d4209c8ef1e50b91f32050e436fe275daf51efd601b6482a0800000098efd2a102ee010400006e7a1de4a21f379dbf01de00b1b564fef3bef70548aed0d600c095199fe3ff3128e599b0eaebbdbd7359a48f5b0afc532ef58de3c1b7646cb7798b3e6440c2fbdb00a3e35208b0bbf12cd8dff095edc710e4000000000000009fbe4b61a615c6c57a2b649dc74a1a610643b08d9ec21ead2ed51b104d4d91af25b8123deda8a3658d42ecbf28bf6d8e8afcb913466aaa7f6df70252e79166d8582755a314d31a76e42f2460d0b11008e59a5923906f88b53987ad1714e72ba7a54f0800000000000000d5f728d236619074d6ebdf098bc908f50ae728a40f9411fe7226a4040b96e37c4f46010400000000c3da29faf75ddd1aa96960bca97af133824b881cc1f62c0f8f8f0e8d76b86f9c45636614786f5a2cb77230a874640dcbe0b20bb77c022d4cab080078fce8c5c8216feb1a69005bbe781aaa6e2957d7e39cc1baddcb7ec6667e699f24e41697ee7ea23e4b29a8b6cc9a1f5a7b3caae05f13792292cb949b3aab06b1e042ff2164d80c605532b18ab1c156b97e5889685a96949e4cb40df77b8bb84b0e733a63784ccc214d930cbb7e090df9a2867b3acec439c163fc8706869ada11390d4dbcf840fa68e7d7071b53ac29df826f8ae6d6e18c1eacf5bf870768d5217e9bb5a05d9e224e67f1231bd236ed200073824d93c4e1a0f50a74bb4850486727d970acc546087acbf30f2f8165b47ba56dfadd14b306e98931485747292c6fe6e188750cf4f87cce2aa7d67c7133a9f05954cde298a35ea6d715ba80aee63300000000000000000000000000000000000040000000000000000386000000b854adb4f8080064e8407c6bdb37114c80fbaa4a0ec5aaf4b0ac6f2128668279eb6fc144344e2d461c9a1be8fa0061ea9d55ee4716bea8e1cebf9ed39325ab4c5530dd6ee9fffc00000000000000d7c5af73c683625aaad5eda5004a76c9f8975ed4c5e4eb3e77e9885f69754932609f19e2f615a01cb6d17fbf5cb539403cb0572534f054d5514ad8264f7b029b2bdf2ca4958a62a6e744f9a4c1e646e1dd2ca19583f0f8b0dc53debd7d44f334e6ed7445a9580f970e483b307c4b3c018bc194b23d37e6a2e52d8288e5aab6fec586d52386e8c07a88c88e8faec5f1b16b2014f6952ce7d6be12c6bdb9651ca6fc907061be311d1354e6295698594a73136237bee068d3819400e43544830a3f74b7942f22336953978a5b2032da4238cc61162c04c1297395b73e18c9387615a2bc87d9e2445f3d323d3fac347926a4bac694c55fe9d145906d410f58f1951405d10504efe402cae085afef5dbd617e87ddbd239e4a50d7eb8e327fb5db12cbd6a9efe8e671c4f251cafffe3400a670d14b9b3cd8d86e492997a0168c022ef3536bd1dc731f4f9f8cb6c3857fb8aaaa95024f8da775f72950212b84fc6133ae14d1429cd4905dabb52e43af7e65acf97b4951fa1e967d16a5ed642efc855a4a46b85cd079934ad3188276efae9387eaa232697526e24b5d4fded86c3811ccd00520150b16000080122965558074956da5e4c3bbefcb64aa8be4456ed2caf0f467b6bbf3aa4371f5e76ab3f60afea80bb066aafb7517f787b090f419a20278a3c779e03afd9a6af6fd518e5dce030f88ec5a5cb7601a161da0f80893220800c523040d13e1f1300c2c6555bce60d95dd3288e53435713f03add23f14c8db5555c62de4f626483632a2ab547f88dd6efec73a0271a19ca3aa860aa4dcaeeb9bd91a0cb429efae2a5fcc08b3a572969bbe917d1767e38ba49e3e57fafea83e495a6a1d1a4ebf83434986091dd66ffe3ffed0c39552a312e2db596d9c827e02f6fc13c8ddbb50bfd7dd8aa2f35f259fc83e007fe79d2d25e30830b92fca00a292dd3b856faa4b7e66e1b64505f65900839df71a97d4d07d37f7ecf8ed9a22da26ae674bba16c204f6b2f8f74fc56b7126d7c11ece6e88ec41192aaee75415c58d264a2b6adae02c821b62428902aad499825ab85a348638384cd12e61dbde5c47056f0a20b4e2a2328d5db5cfe56557a129e6be231acf5f57995c60d9fca5f63a0dfd18054717120bda466d04774b53208ad8b022719ca77a4e0a66b4708f791d849a5e2aaa0074a9560ede2600df5a5c41392fe9460080fcb1e65233fb8dbeec4c86dbcf6a0673e38d2d3615e5bfbde44afe0fa7564231fff7e7f1f3ad68492dd2ccb1decb15b5d7d3e37e8b7d28921c4b9280979521173f322df408d9818b6cc400098abb869921911480a876fbba698801937e8b4264eb6f5137bdaa075f1488d22230592a79000000000000000000000000000000000000000000110000000000000000000000000000000000000000000000000000000000000000002f316aa0886c174b73decb46c1c85edf50d8fcbac5ff76b365611666da86a8e65b308706bd7c000000000000003f7cd4d5cb9076b81b7741ec03877afb5237ea1694addebc14c3ae49f88c462ea2050acf2d9a97d3be29a5614d1eba2c98cf0236401e02d7c445e50f76419ab4f78f67a09e63dd4faa2e7b59399f055f2fa278783f26d0a52aefb0a5ef0b41e14a6fe6ba306206670b84894e901a523fcbadfeff535f2514bc834e876810d9a6a78e70a9e22860c36a724770b4185de44db6bf21fef32a8d5b36d9014f38fee012365f963b2a85e7d8075c333475b9f0284405e3127dde7e41285fbe0bdd370c06c6a41744c3d24eab511317f97b7b4a1c2ec33fedc46e9bf0fa640eebd3d58f0ebdb7cb8ccffd6d6ab7e0e843591d2618e2d2cdc7081c8fafffe9c3500800000087de4ee7aac6478d99de7dd82bef044a6d33c789d566c90c46ad581aa22f910547a77d55e26bf19f1d4661550b177ef53933a305e69b8a95119dcf5bda599d625054776151b2cd1fcde238bdc527594a6c17aa9728af24e2bb7a3830e7092b01b119ea4e7e7f0e21527d622cc29c9f0c8720195368f8374337ab4d130619d93c5ef37e7ddd0b2da147e6e513455b88753452de959a6cbfa1ffbc7ad5d8c3b48017fd31dcf72f337b639253f44cb27a12174bc4c191e21015d0c431a71906eb9c6a14c8a060459ef26787ce3d1cbfd5cc459f0048b5d06f6cbd3e9b34c89f3fb2f951ae81d7fcc8bc0000000000000000000000000000000000000000009231feef3117197c796369f776c8b2ea3970f358107945d9e74e9bdfa58e68b65a9201bc4b73b431df5aa29f363917f90e3fa1eaf553db1c761dd9b634a9c4d7c21d24fe6d953ed9438cad0f8dfe03e5e2f73019352f1fb682a5a6ebbf24ebc49e3d7058e696eb3f4b642f36c9006c0067e24a64aa8c53dd824a4ee271e35ed90000800847683c08bfda74a143c855030ae004ac797c575c202d8091eb77565212548ead770d680000000000"], &(0x7f00000001c0)='GPL\x00'}, 0x48)
sendmsg$IPVS_CMD_SET_INFO(r1, &(0x7f0000000b00)={0x0, 0x0, &(0x7f0000000ac0)={0x0, 0x14}}, 0x0)
getsockname$packet(r1, &(0x7f0000000100)={0x11, 0x0, <r2=>0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000200)=0x14)
sendmsg$nl_route(r1, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000380)=ANY=[@ANYBLOB="3c0000001000850600"/20, @ANYRES32=r2, @ANYBLOB="01000000000000001c0012000c000100626f6e64000000000c0002000800010006"], 0x3c}}, 0x0)
sendmsg$nl_route(r0, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000300)={&(0x7f0000000140)=@newlink={0x3c, 0x10, 0xffffff1f, 0x0, 0x1, {}, [@IFLA_LINKINFO={0x14, 0x12, 0x0, 0x1, @veth={{0x9}, {0x4, 0x2, 0x0, 0x1, @void}}}, @IFLA_MASTER={0x8, 0xa, r2}]}, 0x3c}, 0x1, 0x0, 0x0, 0x40000}, 0x0)
r3 = socket$nl_route(0x10, 0x3, 0x0)
sendmsg$nl_route(r3, &(0x7f0000000200)={0x0, 0x0, &(0x7f0000000540)={&(0x7f0000000240)=@newlink={0x48, 0x10, 0xff05, 0x0, 0x0, {0x0, 0x0, 0x4a00}, [@IFLA_LINKINFO={0x14, 0x12, 0x0, 0x1, @batadv={{0xb}, {0x4}}}, @IFLA_MASTER={0x8, 0xa, r2}, @IFLA_ADDRESS={0xa, 0x1, @multicast}]}, 0x48}}, 0x0)

1.652344595s ago: executing program 4 (id=3062):
r0 = openat$ttyS3(0xffffffffffffff9c, 0x0, 0x80000, 0x0)
fcntl$setstatus(r0, 0x4, 0x42000)
userfaultfd(0x801)
socketpair$unix(0x1, 0x3, 0x0, &(0x7f0000000080)={<r1=>0xffffffffffffffff, <r2=>0xffffffffffffffff})
connect$unix(r1, &(0x7f000057eff8)=@abs, 0x6e)
sendmmsg$unix(r2, &(0x7f00000bd000), 0x218, 0x0)
recvmmsg(r1, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
socket(0x22, 0x2, 0x24)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
ioctl$TIOCSPTLCK(r0, 0x40045431, 0x0)
sched_setattr(0x0, &(0x7f0000000100)={0x38, 0x5, 0x0, 0x0, 0x0, 0x0, 0x0, 0xfffffffffffffffe}, 0x0)
r3 = socket$inet_udp(0x2, 0x2, 0x0)
listen(0xffffffffffffffff, 0x0)
r4 = socket$inet_mptcp(0x2, 0x1, 0x106)
writev(0xffffffffffffffff, 0x0, 0x0)
shutdown(r4, 0x1)
r5 = syz_open_dev$dri(&(0x7f0000000100), 0x1f, 0x0)
ioctl$DRM_IOCTL_MODE_GETRESOURCES(r5, 0xc04064a0, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000140)=[<r6=>0x0], 0x0, 0x0, 0x0, 0x1})
ioctl$DRM_IOCTL_MODE_GETCONNECTOR(r5, 0xc05064a7, &(0x7f0000000a00)={0x0, 0x0, &(0x7f0000000000), 0x0, 0x0, 0x0, 0x0, 0x0, r6})
r7 = socket$inet6(0x10, 0x3, 0x0)
sendmsg(r7, &(0x7f0000000000)={0x0, 0x0, &(0x7f00000000c0)=[{&(0x7f0000001500)="5500000020007fafb72d13b2a4a2719302000000030b43026c26236925000400fe7f0000bd2dca8a9848a3c728f1c46b7b31afdc1338d509000000000100005ae583de0dd7d8319f98af84fda542e718f94b929ade", 0x55}], 0x1}, 0x0)
syz_usb_connect(0x0, 0x36, 0x0, 0x0)
ioctl$int_in(r3, 0x5452, &(0x7f0000000200)=0xffffffff)
openat$sequencer2(0xffffffffffffff9c, &(0x7f0000000240), 0xc2882, 0x0)
syz_emit_ethernet(0x66, &(0x7f0000000880)={@local, @link_local, @void, {@ipv6={0x86dd, @generic={0x0, 0x6, "b81923", 0x30, 0x0, 0x0, @empty, @local, {[@dstopts={0x29}], "d6eaf5e9114aa92d6ef4c971edf1f3f32acdb1339557d47f451df212f2ec084f845725165a4bdce8"}}}}}, 0x0)
syz_open_dev$midi(0x0, 0x500, 0x0)
r8 = seccomp$SECCOMP_SET_MODE_FILTER_LISTENER(0x1, 0x0, &(0x7f0000000040)={0x1, &(0x7f0000000000)=[{0x6, 0x0, 0x0, 0x7fff7ffc}]})
close_range(r8, 0xffffffffffffffff, 0x0)

1.617548124s ago: executing program 3 (id=3063):
syz_genetlink_get_family_id$nl80211(&(0x7f0000000040), 0xffffffffffffffff)
mremap(&(0x7f0000aaf000/0x3000)=nil, 0x3000, 0x800000, 0x3, &(0x7f0000130000/0x800000)=nil)
mknod$loop(&(0x7f0000000140)='./file0\x00', 0xfff, 0x1)
syz_emit_ethernet(0xaa, &(0x7f0000000000)={@multicast, @random="50a245d5cde0", @void, {@ipv4={0x800, @icmp={{0x8, 0x4, 0x0, 0x0, 0x9c, 0x65, 0x0, 0x0, 0x2, 0x0, @empty, @broadcast, {[@timestamp_prespec={0x44, 0xc, 0x72, 0x3, 0x8, [{@rand_addr=0x64010100, 0x1}]}]}}, @time_exceeded={0xb, 0x1, 0x0, 0x0, 0x80, 0x0, {0x1b, 0x4, 0x0, 0x5, 0x3, 0x68, 0x1, 0x7f, 0x0, 0x8, @initdev={0xac, 0x1e, 0x1, 0x0}, @empty, {[@lsrr={0x83, 0x1f, 0xa6, [@multicast1, @empty, @remote, @dev={0xac, 0x14, 0x14, 0xd}, @private=0xa010100, @rand_addr=0x64010102, @broadcast]}, @cipso={0x86, 0x26, 0x3, [{0x5, 0x7, "ecc1573488"}, {0x1, 0x11, "3d67f47f2718c557d68e506975b5b4"}, {0x0, 0x4, "e1e7"}, {0x2, 0x4, "cacc"}]}, @generic={0x88, 0x4, "1d03"}, @generic={0x83, 0xf, "e3999e4322d18e559004230877"}]}}, "17deba919bfcd0a9"}}}}}, 0x0)
r0 = openat$fuse(0xffffffffffffff9c, &(0x7f00000001c0), 0x42, 0x0)
mount$fuse(0x0, &(0x7f00000020c0)='./file0\x00', &(0x7f0000002100), 0x80, &(0x7f0000002140)=ANY=[@ANYBLOB='fd=', @ANYRESHEX=r0, @ANYBLOB=',rootmode=000000000100000,user_id=', @ANYRESDEC=0x0, @ANYBLOB=',group_id='])
read$FUSE(r0, &(0x7f0000006300)={0x2020, 0x0, <r1=>0x0, <r2=>0x0, <r3=>0x0}, 0x2020)
write$FUSE_INIT(r0, &(0x7f0000000040)={0x50, 0x0, r1, {0x7, 0x1f, 0x0, 0x34014c40, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10}}, 0x50)
r4 = socket(0x10, 0x3, 0x0)
socketpair$unix(0x1, 0x5, 0x0, &(0x7f0000000240)={0xffffffffffffffff, <r5=>0xffffffffffffffff})
ioctl$sock_SIOCGIFINDEX(r5, 0x8933, &(0x7f0000000000)={'lo\x00'})
sendmsg$nl_route_sched(r4, &(0x7f0000000280)={0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x55}, 0x4000)
getsockopt$TIPC_SRC_DROPPABLE(r4, 0x10f, 0x80, &(0x7f0000000240), &(0x7f00000002c0)=0x4)
syz_fuse_handle_req(r0, &(0x7f00000021c0)="0000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000e00000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000800000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000060000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000dc4e00000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000400000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000ba045abcd5dfc67d00000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000081000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000230000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000050000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000a0000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000090000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000dc000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000008000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000209bfd66eea210560000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000020000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000003dc150f400000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000040000000000000000001d000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000030000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000f50000000000000000000000000000000000000000000000000000000000000000000000000000000000c6d90000000000001354c4b6000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000f8000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000001a00", 0x2000, &(0x7f00000062c0)={0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, &(0x7f0000000300)={0x20, 0x0, 0x0, {0x0, 0x1a}}, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0})
syz_fuse_handle_req(r0, &(0x7f0000004200)="a28096c80abf3543ecde7564abff5085d2227ebcb0f164ae92706ad0b083a3f469a3efd15b4921e9c3063b98b3082068e7c31950dde842eac55df0f991453cad62a6956b0b6f7b8cf49b506a3060fe1127eca99663ade8efa89ee189acb5f3b92f6bc4c46621c803eed0d0bb5f32384870ed08f89d4f74445762fb99715e083c4c92a8878be19ffacc30d0f2da64f971cd40563163adc15670ecf25cd3ad96138967c4b53ad9d04b5193ab5fb674aa0030a9d703d1baf810ce897f969121f142161919e583c275671b999e7f363891dfdfdf3556d01b86ee29eca8fccbfeaf1771395148706cc6e6be7ce29fc9ffef061b5420950c1a525bf75ad06edec51538d1c5bbc77da72dc90fd9998936fffdda2427e5a68966c7e2208f76304680182ec73007e482f034195712af922db2726195d997708734db9e7825a864be00b2a4f800881fc0363f5e618398454f35b148b4ccb88d418269fac868a8ba4a2d5b4f06a1ac01b5ad158b842e05adca22c7372585bf4ce95560b6c1e021a3ed2ff7bd3b6b3c7734c3b66d7e4c460096312082f89b16baa6e73814aa60925780cd92cd65087e260ec046fc363264366a9df2c849c0644911303946adad544521ceb469a3e193ecc9a7876403fac461a4a70d6193b2451189a5c5120b3535e9edf619108af7f517b58abd3fa7fb1ab832213430d2e6901076fba9c9e1acc6c6f48ff0e419bbc45589745a176f52a7407ad5e3dd49acb31b47862806f47077dda04905e45a80a12cbcd4d2dd9fe66c2d1f99394fed8ec60961cd2dc7115a96ece432fac86d51bebb08b95f447a83792fe80291fca7b298c9043ef2c26f0f7e42798d3f54c84b94c24c76c555d83ecc53b99bb22d71845e5cf21a5ba7fbeffeb6306e1730db14561b950a3f24bcfd78d4ab0d97de8054bb1a6077ae7cca6e45d846d3df82298d07212922742cb0facac3b77edfbab90e9ee2d4f7b0ee9b17bb11ec5e5721340d84cb6bd93428167e69b47759172557acda313c3decdfc6fe9336bfade459f43b39d0f2289f9142db280f4ee668e650e12858c577e12e2b9a57ee66c834be97979bcbe94747fa5d8d0b7d3a9f8f218df1bf960f828429a1efe838616b18faf6629236ddbded43a093efae163228e5c38fd7714743c2fcca47e3382bcfb1ab893fd7377527b4ec43f3fa60ebd338161d8de7cad65b15579e4af258f5fe3a63c2637a15703207029b0899b5427767647baef11e291358e6e54f6f13d3d2ca7a5e7969e04d2733b3b9ab822c69a3cfac097384de5071a9b74a656136d55eb1000008747b509fd610ff62b4950ef71c934fe21a48a4931d3d9458b415f112cee65c660f5490e982341da1c58634b3967ca6f3596d20cc90f508382156e36f16539093240ef5f2aa6a2c0dff2a67df30dcf50bf6e0b82a3d49f2d532a8dde1b3ceefcf0837190b74186090d1c18b59917d7efce1adfb238ef4a7b1d22c4cef09320221de883e97e6882466508de06fcdabad3b741bdca2cff879d57ddda52f42b3dcb8a78cfc05826af7e4ff155960ff8491194f4d321ef195990abaeeefdcb852d1e1e3703f317385a9458b6c2dd9db830f757ec29c9939fc7313e639fe485bc1e41ddaaef3fbf1f7cc527c8fad0d21b8082482caad7bee440e5097665f636c3dfec82f8c98afb6243bc3944939675a594277d278ba4361461f7da52e224e4ce5dee4a467bf6ae9f67b61ac6eb0a440406abac2016eec907e241c57f5f44be47290fd0fef785ff04df3810ccd637b4d97a84bae8486a36f75d872e645fe46625969fc2d1f032c56ed44bd98ea27bd9b6ddc8eb2dc2ec9f90f2f1ca1bd20e37ac58b03c84c872f4ba47310654986641460dfdd531ac62a76ad87b89c103ac5c9c2e7e70c66447b3412d4a1e5cbc30e16939505116c04de33ae054ed366de8d1f971c2de439957a194e22a488f58d7efd46439177f3f3c45a1475927eecd846d3d2e6a2ab5c7f8addd99062c2fc6b272d1f51bb8f22f1b6f8bb3faf8aa85e5eb9abf7df5cf8f26267323808b0833a987989cbe59205e7ad06556e2d1b8a4873ca1cbcbc8d43abc145fd4eb832e7a58ab2c793d003ce7b1850ce45eb7480417a1e9eb9d39a1028a2a04a2aa649c098c4f8eee514db5f6021173bb254b8e22b150b2ca01dc7ff235db46ed78d07f43d1adab13b8445d1b32069eb45f9d389fcf5a3f7d3ebe243c5b1fe17b1f5a3d571b65f21b9e471e818172554dc956749b99cb7a5f303ec480d7194a2ba86e204f06aa1becdddc8c49082c527e7064ac2ad77dc05639d3d2a7778f6943ed6105ebf6f0b9e94fddbe05c236ec000f4d1d4e496b10068211ab68ada4c7f7ac61f5f5ba5f1810d5bbe87ff4f8356af0d3f682baedb0ad8f8488b277421f0a03fc5e3095ee34bc4472d8f17e3f7013cf2f79f5ff3ea4b6bae56d1365a33b09bfa9a496323f7da923b7e29dce4beb80035f13130004c96e56d7ef6ca6c101d20c27a218e623227c33c9e488b17e7ae9ac20da8240501f7b614a1730f164553fe479ef149866e4ea47296814284a3d3eb7cbb294289ffb996e0eb053b9c16e54cf267832e3d360eb196ed51305630223309ea97215628f01ec9d3ea48096418d5e962cac5063460f0a18772ec7ce66d14a1cce14b52c40bbbfafccbf1e76f09e57ff0718048e5b993157a6cf4718826b1e09430413a3596a15c4a620fa8c8e1d1663e5739f9f790ddbb3be0e00187d43717d659242467d8681ac10303346157f894d9037641417010e9654c6a5b22383e73a5a37128f50078a980c30930321aa5c5e7851d5d392ddce3a14a96916fa8421ae6728f37f5de7c3e98feb4babd4e1bd2315d595e209d52748f70adc2284fcdaa6ad880470d2a071f3490aaf3491fb64b4547419e8eccdc491a8921156cb4811ad1e66514a32b0b31b641438881f28c1e6461b4f451938999af671e8c6a5cd0c072a9fe4cdbefe24ca616f3d0a15ac97cca835b1a440e04fa28340c6044176c8ecc8ee0d033d47db8a0aacfa0eabdfa1c9509fc2604008f01cbafeb5bd2b503b809ed672340b9a576593f1ef388391b54b605e7a15bef7b1345627a34fca57738b0f8f4f19eea93c903495274a4425a1a1cc6c4c6e335b631df5185c95b485a4257867b5347a40e4e14dcc560f061fd4fd265137dc68afd548adde778f1330f769acb1ccf5da14ff6992c24e210ea6e6179421881b803393bc6974e37106c5b5b3b5d0b3469f8969bffb7e4ceb2c98e928e74366492d27235ae4c74a2f48511aeeaa53a2beafa7a331b50e454c507af1b63350a5cef35668a5b9325014192277e509561008b3601088f79d42eaa8b1e4ae2000b31749e2b8094312ddb7f3c1cd625ef885c11fa22a66e374b52b3425e0b8016154e1fd8471339e32e7373d63ab646d893fbe09ae07b06074c01401ea76b3c382a9d32f24f93c789964e16bc4206ecd75c10917ab84ffd8d6cdf4cd28fd90375ff28518f8c1a3befc538e1b9e427fb671988d29f2fb2fcd039f4d341c84eb4d7cf600ddaba88bb094e4d87a1419180149f491368e648b69985b05ac39a4ecdd3c5135f3a5c8ad7792dacb6470144bb9e67805a211efb3ec9ccaf8e0901345fb19e4da579e1fbe86a1207f4f13c3436009c2c640b7cf3f8b77ca7bd994bf93308027359c6dd1b7db1e153fc0821968ef36c003b6c73fe890f4de24f5c6458dbaaf3819edeaa91783c3cfc7e773689236248195c7bbd60113f2476fa3687621d668d1728ee433d2f8f4db707345d30f1e52ab87a2a0afd547c6bb06500f59f17facde48f693490e22494b75d11df1a143b85068d143ef6a9bb5937a9df380c8948f1a01e9675e18409edb0f6b9605b68e34632fcce472dc50b90b0f6dcd57931f78e1e8861a0fb62e72b0baad6f9d23c1cfb0f19b25013c8d9fcd786a2f6f79768b5fb398f7b2baa31ce8156d1fc4a46c1c463fdf30360d42aeed2ef11611d0b7f654bb51052fd4dc39328f8ec4c58bbda05e6f1b3c8f6d8adca0268f2410e9a4a7d63b6616006d0e02f6edacc10e5c54fd85f15a8bd7648a293f23d6a699bd9a675250475a73a96d7475e4fabb89fb5e7de5d7a3479aa485c0befc60d0ac4fd5ac6dbecceb06cad86e219fc0ce4720758917811a3215f8d13e413bfb64fc065fc421aede0b56691797dac428c7e463479fa591b9072c309b7533e427c5cc11a1f6cf9a5b995d328d796d874c5b55dfc12a5039b413ce319cf5ba1f355c4e0717d32650b43e18010f37f048731931c52c4f36eb969dda702afe96c2a5241350a67ba2d026946189c5e281293c9a8e2cff3784776f1de78b917101b54e5ab00c045ea15f28a0e3f509962cf8bd3385d85250737eae5c34ece86b86669c13b00308a3b13c0ac3c83ff26fb52a4aa83c1233a9490cb9ca917a056908931751bddb88a62379a713395f0764e4a393faf253a4026d0472270e6036287d56850df1751543484d65b3062155b6300e0024241c59a862ae769c1a9232a2d9fb24705177a09cceb3eefbf9f106f67e01be14cdeb4d2fc7d8661df3e75de5ccd09a7e559f028fb9837c621ea0045b4d1b679067f246339c974631aa7134d4e910efb28d3c48929cef1df7e6c73668762d55086b6c59c36ac90154135fd7ca4e4047dd0aa161fa982d8edf9c0cb9666477e096c55718f6e4742415fefd4f696d1f1ccd6322bc19496ddebd36282a7c707d5b44113e30678e6e33ab7d34be04a59ac614d6a54134490998be02636fa91633d6294781c2b9a54c611c0045cfcfe81f49aa21b29d835cd2047c854486fd8e65a2ebf629f7ced602b9dd107bfde483e5c9b5cbba4a08cdce09920bda9978b7fc2b4a89bf1573a26389e52090fdf5dccf22111dc8c42fd3c8c477092895398086cc22cca665269e193fc650742a361a44b857d258429f701f22e9b7615bc3dab78c1479a41cf8575cdb17169470b347adfc03e03daea3e269725cfc72df5664b9df36d2f2b55013b71133e0b80577a47182511ebb308b6248d457bd2af7b28e77182c305241178c4124ab102771fd5a8c3dacb8775de881301d71587c76bcf0a97a72ad244d0c42fd71aceec32dd48bb5c9a95b391166c832ac5bac8c7cae4d18b3f7d9f2e4782fdf97732e3d51f67bbb57f989ee0d7589dbd0c2a5c63840e914b9d7d720fa120acbffebf816b588b2ccc052e7fa78992e0ea39dd21a122add41195f8e2e1acd777c1a4e8ef4362fef441feb4d9252c6bfbd2742152300a32027776e3341620d3c8d9365e10e81adcca7d87a0e555c98a0353c692557d90ee9be3fbaab766abf93e2462149fd99c92a5fc58d899ee75535cd1fe1386c5ab0b157c2102039d6015258f59cef3f15b951893a30ae839f740402a30b34e7be73796286403c5beb0853d856d83f1b00b48328f56dcb32e1faab08a3435b1482bf18b21c95aefeaafa7fd761c7f28d416fcde06bf7aee5c6e9eb50e55874253ba3f1d0ce2505b4fc7c3fc996bfbb8446bafe84f5bea94bfd7ca5aeaf237fe793b66e5c521d4092e4e1f9bde1dfcfe53fa55005d21cfa833a338fd9792614129336060e10d1911862070761aa20c2902eb7c5a355eff4cf6253d7102a2ca1fead4c53b57d576d104c081310d92797e4e2e8c269d19910d0d4cedf30fa28ba680c00137f83de940624229b6a125ce5233c6cf4a3640b74f58f288dad8451fbe37641c5559a5f3caf1299c8bfb230723652278fe378efd8e459b9da26cffeb58468a6301dbc06d713ba2d8d43d9038f5f2dc8b831ba58a88eeb5b1786b21e398aeeeb7c1f3d6f01d82b3947862fb9e7cbd7da5d04c5fcd34da28d53e2246e3ac1e3a619ad174efa6435eaa0fc94d610799ce0158421dce046306eb5042143daa336d52206b12610ea6389cdda49bf5af1d4ee42ac090a94ae7b7612073f3a5c36a2245eda887f41478f7d20f18667f941f71eebcfa76c1ab28f2a49a3bd56bd3f4e6bd079ab3fe2d94782236e83585a03e52907abaef7456a95d5d3f3d37efdc035dbfd7c41b8ba0af2df8adf1cf24f7ff0beccd3d26bc91caf42314ef7e466f74e19ae0df2e2298fc2f694a7ec134632035585d530e7e19f65c256f001d75382d9825ef741bc213af186377d9ca10d3722354e1897ca5c23ac6a52c9ad0e6b686e1776f7ec65df033e8f4d5db80c1bc354093b319cb70df93d610667675816328c99322f14e636b95f04e6497f139d508b453f53ddb5c289d849fd5407c9bdcefd1642abd46e28cb4e94371bdc606eeb67c9fe17747c68f2d50e82711da4d3edb0eda06f41b7f93fa8fb4d83cf21c79da67000bac2275508217ade1659fa8d24e5f8efb9f4bd21073ebef3d06368eb03fa3cf0d638448bd055ed20d292033ffdba538559c8ff9a2a5c8f83b5c393643d6585d1df994c3be43e72b8f3f53114d2a5f6bcedb573842b23b6a3eb7fca8495bf03bd03fde7b19bd39a16cec49e01f38e671af33cae082d9788e3202799bc466babec2080528d0609c0b731964719093735b4c1e73bd0705637c47516922197c552baeaf3516b5e3bbc2cd1afa3ef8215196ed580d9561092f620b897e98e786a0c7cbb0eedda8063292ba6482497f5f6bb62fb5ab4c97cb7658dc6579718eb97b547fcf47ced1426561af93a15fb4dc6d3d93b868644943c2c94b23b0570bbb81df2666c24f5abccfcdd71e209f3bb43c01d17f9bc8b9af2c26762fc6a741a150b7d1186e4f35175f3c315243e1c11e92c43a1fc492eef5a13c77a81fcf514ebfd0f8e645dae15a07e86b2f01fda065db4505a5eea83cb616f744f6bee731be191c65449c02603556d5a51422cf9c2f19f8d6843e0c1091e0708aa271e91f71c8602b9fa72189e036b7cb6af1569f21269283de94a6d7fe5849fd433d5b719c80419873db0587fc29786cc598d896fb16360bddd2ce12e54d05418f4f5e5f2d7aafe9fcd6268cbe2e9e6329ffb6c67fab8f3ce673028cc06aaa6b857556bba3b44d3fab5b6e875e70a2f3ad4b2ff76f31ead3462d3801ba373b3c2f545e94f57021575e2947f81f53283fc0a5137fd44fa3d074c92de54a0a3465c858f5a7ef08313faddbc3663e4e0167f3cba39612057a7518fbfb031f5ad0f9f75831973ebd733b82e554bf3fdec84e51f65dab6028c6c51366d9d4700fdf255e4c7bd70766e7f2281b3f2a5363f85ce49f9135904d14bcb117ad754c2594dcdca2d30e40ff265b5accfb116f64ed99aad570c4c5a91efdbb984ac651d8721405a0342cf77f448c17a152eabf29e88950558a86d0074e1cefab1eb7c366682f686ee1338737e675ea58eb8b4c86b9f28a6f6e96459f29e3b4dc59ff044c61a0dcc5c31d803e6e98420e446229ccdec3d0f705e92ffe016bb3696373eadab7f35ccf65ab4d9be09a085ce21bbd7c0555376e4d7fe68b5e7a64f48b5127825fb2be598d991f9c1a54bf52713417dcc599e812d85513a537e6eafa738edc972b67e065595d11678449bce6cd3d69800a649b560d0e057c502ca3e72e97820829ecfea801192c3f4e2c8763c095a43ee6fe45fe8730130937668df1d4ee577ada28238be03286481f2d2a004cc4d48856e71fbd64f1a0043a4520ecbbf1b3abdc96b87a27be8495a20542967aa4cd3a44a11502419a083d84e97abfde0901b66dde48388649a0ed6d93b9f20c530e990c7c52370a114d800d6ab3f6687d6bbc105b63738fe05fa6cac98ad6663936bb18cb923264e4c921012b68a26a70977446b8f15f9d62467d8b356560c183a6bd6cd76ec868c3bd94a595cd7bf996755a508a814980c5e588b275200c45afd900c8c2de329ec2484b0e3ecd7b0960e5e3425881d1ff7f8bd8b20f5cc98ffc3acb77f5e88775a4bd3ab9f9eb027e27d3af55ebdf4eebab48ea911128d668d00fc3f5b5480aa0d9a4af563ba577384448e5425157133d59e1cef3c722f33700bd372825046b1fa5824e405154a3af1440bc2b75acfbd07cf92e8c162587e74b5ab66b1c6aeab3ad5fa3ee91da4900ef30ad04baea326df912517dd96e1696b4a91faa66675978a375e81f25464a1073dc6737af08d7e25956bb31d438548a7da38662d49db812a8cf1d6cc65f5c63879fd9ee7fd2a66ca3fc1a768cb239aab88c87206470b4c60592afeb6d69ed97a8f990155862ba4e22b64804142c131a23792937aa8a8696e165c24d7692a04bb4471b0f0d2507fe7c8618421428fc7a0acc984ca5cc6bacb772e8a717bbaa646f9643275910a6037afaf5a80678d18edda138a4e13d06d04a5d06431eab48738225cf1567e960e765728dc12e91b91c6f2b33dfb6e033aa68c1c2334d24335abc4a7a1df5636dec29091da54d5f5a1fff41e4a35a0c2f04f968f7d78e2f51c73577e2192bb20f289aaba5a175c2ed533855bd9ed9a842ad482136dd5e0cf45eb5e2d31ff62a3be1cf8a94a58316e74f4ab9fc54f3a0bb83beef0f355993bdea2c83e61cdc796bf2564ae51fae616799e8711998cd88d35cd9824452fdd65226174b46792cb87f4dd282e4e6f67eb66da413ad877ed6ce775f7e19bc93f48bb9e5ec04009de3c042aeacf7f4b25ad6b30e017303f64fe07ac79e8744aab6926d117f13513d0469cef335fe1d0d787c2d0b2c031a9521786ac10e9f8b768271680337f2c3262abdccb5d3107c632bf1f74c83ee91f49988222fb080cc8faa9b1a02526d8b6087e0b2354173d29016b3309587c16f057dd812aa63c3169150de81f3af97d082a8f8da4ce4f909ff649821d7f96d97613552e8cc4902e046ecfa329b1d980ff5ece69b8f1615fdff5244f41cec0af924624ae1641ecae5fa26c5fb9006e57100ee71377ced7c255ae17a0845e2ee0287c62c1852f93877f9f86157ca9675d383fff5cd6f2b001ec0136c07cf37f5ace1853122c2baa1092d418e2a490c4a5c8f56b828ce1bafeef4e77f095d6b4ed99d56f66812cb19be540ebe5d52e7eff2d69cbb8477e11514f7e3604bf9999f78c2f1ca6f60a2216b87fa0f25269c425b7d50709b200912b3b7899c95e12d6e9c4dacc19e327721860e0477a53e6793fbb7fb9704a848f395f48c24a6e79b9e1358cc3497251de88b8d3a7b22c6d8af1a7fab81530d9f0cc98f62debb222b54780d89794238532717b447d71b46a60ed481c21db85b590b31720009695ecffd4ef029964e5d5149622233ac013e960a005c924f73ea82c318455546c53d74aa3f7e2ff26aa074c40a55aba8b08027fc19b596eec6c4f89bae39e74b9aad88344f7cc5ad3eefa5095f2ab47222e9a357ecd71c6700ac576025201490d9e446603dfd4bda7617dd500981b2d2ab8c43882a5208494cb3f8ebc720bca8a7cf6c80bd7aaaf89507bb3412ea490a78973f12cc30413e9df1458917ea3d68b438d424c1314bc8d01939c5a5a842438281e62d0c800dee704b2a6cd3e1e4b885a6b26b894a98765fa3308c9e4b87f93625faecdb17c29a27cd243bf6030a67874ec9f2443cf8154261ac2a834c01cbe1f314ee7aa3ca552e1648cf8b42a63f249e3538026e09e44d69dc259adb0d1a0cbccb5a5dd5d0dccc90d023da79d5634188ff060f7e35a5f9d7ad99546824d63975d4452de876093f4e997dc46eedcd80a9eebf5e4f077fbb10c7d9e19a3419e7b845972a3b62613c5404a209b16fa88e0ff49d7b4f21fecc1f773c5b4be61021e0cab8602c6e8257649303aaeafcbb178e7a460ff07f219c46eb6fe5bf8113723e454003bd707767c107daf4255751daaf8decf35262640058924eb6587868b2c08230b317e97396ebc928ba8d274ca0eed0bfcb637676003c64e8c1e1a0420b6c96a44226061ced41b8448382abd2f3d0c472afcde231fbc9ee90c2f1132f8e2391246f95ad93354c7460e20de996ad0f61b13b27646887a637cede90b94b7d8c3130f0fe060e8d955c711a2700b302a75bdeb32a0a6802ea795cb114f5f82a1a381a86bbff88b299e47728b746dff964c94c52b661b9429376b1320b46081426b7c340206dc0da151bf84be2a49e78b6b5938753d2b1be8d9e67c43c5d70e72519f5f90d0500e84ee38f82b191ac4d968b0a37901fd923cb289d585693ac3c3f8a94fca6df45e694e199a9cd0b1bc1fa7394bcc96aae670dca6605a998793b7e067ac410ba631057b8b76fcbe9524df820c02efef1608b743cd2aa6d60d3d8e476fa12d3acc329f8272b087d89471177ed531fec1f9c24a975ca2fcd8c246a33e291a3f00b7f234052067a0059c86762475256bb5e7dac6f121a0925506b18933c6e314915d4b3b2130aafc2483ef22ff8bb7b887565b1bd22fabca22037d8fc9437f675c5313526266f60bb7c7c47f30c7d567ed142ea5ec367c4298328d20e5344f01c0c90cf8a6302f4d84b6ba7495fba314a05ba29b63bb6d458fdb05a4411136958309f418fb178e19aa09ff9e62b29732fb2986c96e738f7a688cb2122dbb8f2ad9a5f28bc49ec0c462413552afee8e403259b55ad6dc334dde7f2d306929dd01f2aa6036cafd41874522689301b81c9e50e86828894140356db0a3317b081ed9d8148c41e77e6bda6287762532b86eb91f5480915680deb8a91fb8656b7f0109064865d2b846af0861f67d3f720d6e306540cd7b68f095ef3690b88ea93fb6a402ff5697597cda83171f159e85307d1a8c01611189bd4eb4f0453ab88d43ae181a562a76902a67c687514079d6f4304d9a7c0fa24b6e86074ea0a9fd8187c120312078f5ebfa674adc0303734bf8f6b5585943706594192ad64c9f7d9794fb83758924f862855ddd50bff58b522c43d73c03289baec628cd693cab93101b1e473b76532510e10f03e86812fea6f2d6f5467dcf29e6d7cf8524f383a0ded3f0951c3ffb171a6b8a6d97b5fa8899a19f1a3d0e934a1d4741076e4394ba225158f697bf7d5651717c6950229a0be22e8120d76a414edbcd03d505264b7ede8272ccbd6dbdcebaf11daf6a652f6f9eb74ba7a3ecc942892891388005ae5d971e4e79d696564906dffd44845b704a9abc2fa5ba1bb69a548423a08044ad6d0e365db7e6bea0f3844a452759716cb98dcf326001ec90c1c343174098cdf47ea2e13341058ca014d2a30e9ba3c526de72a6e387181bf76a278c9cbc518d8c374a3f1d9802a39464a100903dbec16f8f095f5d82d9d09507281e4f7fe0ce4fbeced193902a5f658af2a4c1d0952dabdc6ae5830b6b5a2c3f5b8d33a73665990822e5f4a7ce5366755a1615543bdf78299c71e890e0bedb6ec277b10a389d6a3ba9c037221421279e51ab50fb115de2076cc99444202e88ebd9d0fbe4e60234b7b761495ac6c9e615ddac8176164a88fb6d6cc2b52672c8949afe3efc1e87a598896bc93e421423844fcaafe65af898a015b3bcaf623ebeef9a57155af5278ceb52b995f7ca466d9e18b05e86380679e0257cff6d0c6750078462f2ee4701d6d8289ed848b877cf5918625b7937060d667c11119881c30809056892352c6c53c01e395af6866ea350e6f21fa3db772c1177c759999973b51e11ffc590800", 0x2000, &(0x7f0000000c80)={0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, &(0x7f0000000580)={0x78, 0x0, 0x6, {0xfeffffffffffffff, 0x0, 0x0, {0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, 0x3966, 0x1, 0x8000, 0xfffffffc, r2, r3, 0x3, 0x4}}}, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0})
r6 = openat(0xffffffffffffff9c, &(0x7f0000000280)='./file0\x00', 0x80101, 0x101)
write$tcp_congestion(r6, &(0x7f00000000c0)='lp\x00', 0xfffffdef)
dup2(r6, r0)
utime(&(0x7f0000000000)='./file0\x00', &(0x7f0000000180)={0x8})
r7 = fspick(r6, &(0x7f0000000200)='./file0\x00', 0x0)
close_range(r0, r7, 0x0)
socket$nl_generic(0x10, 0x3, 0x10)
r8 = syz_open_dev$sndctrl(&(0x7f0000000180), 0x2, 0x28000)
write$binfmt_script(0xffffffffffffffff, &(0x7f0000000000), 0xfea7)
ioctl$SNDRV_CTL_IOCTL_RAWMIDI_PREFER_SUBDEVICE(r8, 0xc0b45545, &(0x7f0000000040)=0x1000)

686.968048ms ago: executing program 0 (id=3065):
r0 = openat$fb0(0xffffffffffffff9c, &(0x7f0000000040), 0x0, 0x0)
ioctl$FBIOPUT_VSCREENINFO(r0, 0x4601, &(0x7f0000000100)={0x400, 0x300, 0x320, 0x2000, 0x80001000, 0x0, 0x20, 0x0, {0x0, 0x9416, 0x1000000}, {0x350, 0xfffffffd}, {0xf4ef}, {0x0, 0x0, 0xffe}, 0x1, 0x100, 0x0, 0xd614, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x8, 0x4, 0x0, 0x7})

596.151521ms ago: executing program 2 (id=3066):
r0 = socket(0x11, 0x800000003, 0x0)
ioctl$ifreq_SIOCGIFINDEX_team(r0, 0x8933, &(0x7f0000000600)={'team0\x00', <r1=>0x0})
r2 = socket$nl_route(0x10, 0x3, 0x0)
sendmsg$nl_route_sched(r2, &(0x7f00000007c0)={0x0, 0x0, &(0x7f0000000780)={&(0x7f0000000640)=@newqdisc={0x8c, 0x24, 0xf0b, 0x70bd28, 0x1000000, {0x0, 0x0, 0x12, r1, {0x0, 0x4}, {0xffff, 0xffff}, {0x0, 0xc}}, [@qdisc_kind_options=@q_taprio={{0xb}, {0x5c, 0x2, [@TCA_TAPRIO_ATTR_PRIOMAP={0x56, 0x1, {0x2, [0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x5, 0x7], 0x0, [0x8, 0x4], [0x20, 0x8, 0x0, 0x0, 0xd645, 0x0, 0x0, 0x0, 0x0, 0xd00, 0x0, 0x4, 0x0, 0x0, 0x0, 0xffff]}}]}}]}, 0x8c}, 0x1, 0x7a00}, 0x0)

452.730108ms ago: executing program 0 (id=3067):
setitimer(0x2, &(0x7f0000000040)={{0x77359400}, {0x0, 0xea60}}, 0x0)
ioctl$KVM_SET_REGS(0xffffffffffffffff, 0x4090ae82, &(0x7f0000000000)={[0x7, 0x2, 0x7fffffffffffffff, 0x7, 0x7fffffffffffffff, 0x2, 0x2, 0x6dd, 0xfffffffffffffff9, 0xb482, 0x9, 0xfffffffffffffffc, 0x7ff, 0xa, 0x0, 0x9], 0x80a0000, 0x148800})
madvise(&(0x7f0000000000/0x600000)=nil, 0x60005f, 0x67)
getitimer(0x2, &(0x7f00000000c0))
r0 = syz_usb_connect(0x0, 0x2d, &(0x7f0000000000)=ANY=[@ANYBLOB="120100007516b7108c0d0e008f8e0018030109021b0001000000000904080001030000000905", @ANYBLOB="8ccf"], 0x0)
syz_usb_control_io$cdc_ecm(r0, 0x0, 0x0)
r1 = syz_open_dev$tty1(0xc, 0x4, 0x3)
r2 = dup(r1)
write$UHID_INPUT(r2, &(0x7f0000000000)={0xfc, {"fce3ad0eed0d07f91b5e091887f70706d038e7ff7fc6e5539b0d3c0a8b089b3f383163030890e0879b0af8c6e70a9b334a959b669a240d0a0af3988f7ef319520100ffe8d178708c523c921b1b503107200773090acd3b78130daa61d8e8040000005802b77f07227227b7ba67e0e78657a6f5c2a874e62a9ccdc0d31a0c9f318c0da1993bd160e233df4a62179c6f30e065cd5b91cd0ae193973735b36d5b1b63dd1c00305d3f46635eb016d5b1dda98e2d749be7bd1df1fb3b231fdcdb5075a9aaa1b469c3090000000000000075271b286329d169934288fd789aa37d6e98b224fd44b65b31334ffc55cc82cd3ac32ecdb08ced6f9081b4dd0d8b38f3cd4498bee800490841bdb114f6b76383709d8f5c55432a909fda039aec54a1236e80f6a8abadea7662496bddbb42be6bfb2f17959d1f416e56c71b1931870262f5e801119242ca026bfc821e7e7daf2451138e645bb80c617669314e2fbe70de98ec76a9e40dad47f36fd9f7d0d42a4b5f1185ccdcf16ff46295d8a0fa17713c5802630933a9a34af674f3f39fe23491237c08822dec110911e893d0a8c4f677747abc360934b82910ff85bfd995083bba2987a67399eac427d145d546a40b9f6ff14ac488ec130fb3850a27af9544ae15a7e454dea05918b41243513f000000000000000a3621c56cea8d20fa911a0c41db6ebe8cac64f17679141d54b34bbc9963ac4f4bb3309603f1d4ab966203861b5b15a841f2b575a8bd0d78248ebe4d9a80002695104f674c2431dca141fae269cab70e9a66f3c3a9a63e9639e1f59c0ede26c6b5d74b078a5e15c31634e5ae098ce9ee70771aaa18119a867e1088334975e9f73483b6a62fa678ca14ffd9f9db2a7869d85864056526f889af43a6056080572286522449df466c632b3570243f989cce7cd9f465e41e610c20d80421d653a5520000008213b704c7fb082ff27590678ef9f190bae97909507041d860420c5664b27921b14dc1db8892fd32d0ad7bc946813591ad8deff4b05f60cea0da7710ac0000000000008000bea37ce0d0d4aa202f928f28381aab144a5d429a04a6a2b83c7068ae949ed06e288e810bac9c76600025e19c907f8ea2e2010000008271a1f5f8528f227e79c1389dbdfffe492f21579d2c15b8c70cdb1c332d86d87341432750861ec2bc3451edca194b221cfec4603d276bbaa1dfa6d4fb8a48a76eafc9a9a0270e4c10d64cd5a62427264f2377fe763c43470833ac96c45f357cbbaba8f1b1fdcc7cbb61a7cdb9744ed7f9129aede2be21ccfdc4e9134f8684b3a4f354da9a795e96334e207dff70f1988037b2ed3aaf575c0b88d8f146684078416d59fdee5325928974d12dad99dac44c3f0008047096a44002bebc2420aed92fa9b6578b4779415d4ac01b75d5495c118045651cf41c2fc48b778efa5ea5677747430af4162b987b80c3e001cd34e5c92f76cc4c24eeb8bc4e9ac2aed9e53803ed0ca4ae3a9737d214060005ea6f1783e287b3bee96e3a726eafe2fdfaa78d1f48c13b64df07847754b8400daaa69bf5c8f4350aeae9ca1207e78283cd0b20ceb360c7e658828163e2d25c4aa348561f927e88f63aa70e73a5e69b3df3495903f06572e1e007fa55a2999f596d067312f5779e8dbfdcf3427138f3d444d2639a10477f9bec4b0bbb6e3c04be68981f392203dd0ee3ef478e16dacfc5e3e03cf7ab8e3902f1b0ff034ef655b253ca509383815b1b6fc6522d4e4fdc11a48cf42d48604675fde2b94cf00500a2690891abf8ab9c015073014d9e08d4338b8780bdecd436cf0541359bafffa45237f104b96210403b2de9efed496f42355bc7872c827467cfa5c4e72730d56bd068ed211cf847535edecb7b373f78b095b68441a34cb51682a8ae4d24ad0465f3927f889b813076038e79a7962fb385a882e8020f06c4c2ba1dd5cac7c18876da865d258734dd73583df292892448039ef799cf0630becdcce04579b5561dc825ab829827945e020c1f67ee615feb6243378e0610060f02cca4e91b2f001edb3d78fb4b55668dda93aec92a5de203717aa49c2d284acfabe262fccfcbb2b75a2183c46eb65ca8104e1b4da7fbb77ab2fc043aead87c32ab875ee7c2e7b7019c982cd3b43eaeb1a5fb135c0c7dcee8fe6516a328032f88c042891824659e9e94265c803b35ee5f83a2b210520106b8a358b50ab7a1fa89af9c251fe5294b3d1802d5676d95f160ec97b1ad94872cb2044642c37b4a6cc6c04effc1672db7e4b68d787d9a7a508ae54b3cd7369dde50e8c77d95a3d361c040babb171607caac2a3559ad4f75465f49c0d0ae3716db6e00cb11db4a5fade2a57c10238e204a67737c3b42aae501b20f7694a00f16e2d0174035a2c22656dc29880acebdbe8ddbd75c2f998d8ac2dfad2ba3a504767b6b45a45957f24d758ed024b3849c11d412a2a03b4047497022d9c30e23ef4df5c89644f48bb536f7945b59d7bcddff754413d135273ea8e75f22f216c6b9990ae71806f2c00b4025c48b75c0f73cdb9a7b8fa367b50028067e7f16f4dd569d462f4f19eacdb3ed70eeebb4483f8fd777d443e8b40427db6fe29068c0ca3d2414442e8f3a154704b0e51bc664a137b26be719f4f7c9a5678a674dfc95df80b9ce375dd649c8c704e509bd88c8e63d8c7dd67071115c8982ba46af4d6adcc9f68a75b9397b035153faf46366e7205dd8d6f37525c1a0e94610dd94323f6c15d085197149bfd6655548cfd9c52c9711937f79abb1a124f1210465483cd3b2d78378cfb85ed82e7da0f6eb6d279f2ae455925d0f6f1ba571eba281f2a654fb39ddff3b484439ff158e7c5419e037f3e3ad038f2211f1033195563c7f93cd54b9094f226e783271e1e5a2a2c10712eab625d64931cd4ffe6738d97b9b5ef828ee9fb059fc01af0e79c1e14b1d25988c69a399567c1d93768f7971d31488b8658a20878b7c1dd7ba02fc42939dde3d4a3339a65d507dc59c51097b40517705da56e9ebf0afa53282bf86dbb58c548069ff6eb95aade7cc66d7bbef724779ca1f731b3346ff177050373d79ff7b3e7f9bc0c1b4b266a8878b90baaa039d3e3b63979ac3df6e6f4859afd50238c7547a39b60810938044ae185d2ba3e00a4e73676864ae090d81eaee5ee6cf1d0ab378dd4dd891e937c2ea5410e0513005000000000000003911fab964c271550027697b52160687461602f88df165d884b36ec2b6c25a2f33c715687e9d4afb96d6861aca47da73d6f3144345f48843dd014e5c5ad8fe995754bd9cf32fce1e31919c4b2082fb0a30b9deae84bed4b28045634073c9c58c89d9e99c81769177c6d594f88a4facfd4c735a20307c737afa2d60399473296b831dbd933d93994ba3064279b10ea0c5833f41f157ea2302993dbe433b1aa3a3766d5439020484f4113c4c859465c3b415c3432f81db8719539d5bf372aaaea1cc43a6c5cbe59758bfee2916580dac4b008e595f437491d87abed02cefcd9db53d94d02daee67918e5d6787463183b4b87c1050000002f7809959bc048850613d17ca51055f2f416a44fe180d2d50c312cca7cb14a2bdc331f57a9817139a206fc76957227ffff2de20a4b8e3737fbb42913777c06376f799eba367e21f94ca598705f5dcb767d6f0900d6b0f6095e53c4c4234d0c1fbe434f6ab8f43c0013ee93b83946ee7759e89d7bdd1a32d7b311711b757fe43c06d21a35810d8fe98b27faea8aa12bc8716eefc5c97c45ac33eeec964c5214bc3a9359bdea1cccab94f15e36319cb34ebcacedb82c2ed3de5a8a8f0011e8f74e82d7f96093530e76692839d7961939adfdeeeaff19d11efcafb6d546fef271e89d6cc2389e81ff58cefcce3fbf4625a7e7de40e42e07b34449e15e065cc7340002000000000000f288a4510de03dab19d26285eda89156d50dd385a60333ba5bbf5d77cd7007ad1519ad5470de3dd6d6080cafccf8a97406bb6b68a1f0c4549820a73c880f475f732ae00398e8bd1f4108b7807fb33b72685ec37a2d3f766413a60459516246e5a1d998a2017aef0948a68cf255315ab80dd349e891aef595dc4d470e8ac32a308e15fc37d06aeac289c0523f483e1ff7408c6087f1ab652f2ef91d4f2b01987b0f46da034e5c3f745a7ee8101a3934c54e24b48ec0275e2d0687dc746b0827cbf652f406c6b95f2722e58c05f752ce2126596e1cd7655b904801784c416b22f73d324678e2724f43f1fe687c7e8a60c28b82b6528341b648cdd56fed7cdcbb1575912d5ecd36dea3bca0b7427d8392c6289455e8f8d2ab2242729251ae033a9e02210e62df0546a74b333a1c48f95fd54acb5741259e8c5488efeee327415cc19451432c6f14c27693102a3cd84857cd6586fc5ca9a93eb0145fac0662ff86107f998a8ef7df8aa14046c55b03d3d47f88a8d60f7774a2ee08758897fb411a94b3c2fc5d5f0db42c0456ec015f08e5247d33ae2d35603ff8454c16f8342856935125102bb784ed7148b6ce431b63ee356b0c785f2f47b90e29389f22fc5b59a70efaea2bd40195af4486220d702e30bfc43c10ec23ea6283994a7dde4dcb61fea6b651fb1d62458d0741a12830052fcc460db043afe525629b40d7cee458e4cb5e930ed624806c43a006e39336d07c2b8081c128ad2706f48261f7897484c297a1a6613bc18f5a38d442768af38041efe03d152ef95ff569e76db2391f4509d7f339d92fdb4a89364949da398000000000000000d80a4fe654578376e599aff3565b1d531f30912b9945030b81ea9935fd46edb44a78f615255490a4b621501f2a9e4d24624c4dac9274118c67584f5d374755534d7f68f679c4ff516a9c861a0e7e65868fcb2bf1cb9aea4e05df72279fdb0d2b9e935c5af3cf474bed79dfc248c1f5aea4b8b32c5d295e57079d0fe662a46b7f71cd47744db86c50b704c971d90295c7b2c7439a2d78ccfa79b5fc2bff6bbf840262bf89394b3e0691953264d2700c838fa2c7b3425260f59554e502dcea39cb313b0000000000004ca7c12f45858d6284ca6270d6b2f0e58fded8a7b4a302a97bc641df07720ba2b26bbfcc807ca0abb1b44322269c21c5ec68cb068ea88067d905ea917bb03eefdaebdeabf2d0dce80997c915c8949de992587c2cb5fe36d7d3e5db21b094b8b77940b5f07722e47a08d367e5f84c96ec664b72934b99b3109af65d77e86abd6859cddf4bbae1f0930462df15fddbc48562ea3511a8065ef028cf12f14dcf6ebecd8d884836174faf1aa609e5f1ee1162dfa13bdc1fa7cfaadba85c72e9758f03a755d0be53f8d2a1dfb1c68cc164b0a0780d971a96ea2c4d4ca0398c2235980a9307b3d5bd3b01faffd0a5dbed2881a9700af561ac8c6b00000000000000f96f06817fb903729a7db6ff957697c9ede7885d94ffb0969be0daf60af93109eb1dee72e4363f51af62af6fb2a6df3bec89822a7a0b678058fa3fef86faec216eb6992162f8dcbf719c148cd2f9c55f4901203a9a8a2c3e90f3943dbc10360a1a49700d1dfbf66d69f6fbaf506c8bcce8bb0d872a02238926407a4eddd5d0fc5a752f9000", 0x1000}}, 0x1006)

370.73962ms ago: executing program 2 (id=3068):
r0 = socket$nl_netfilter(0x10, 0x3, 0xc)
r1 = syz_open_dev$media(&(0x7f00000012c0), 0x66, 0x180502)
r2 = syz_open_dev$vbi(&(0x7f0000000040), 0x1, 0x2)
ioctl$VIDIOC_G_PARM(r2, 0xc0cc5615, &(0x7f0000000900)={0x5, @raw_data="41fbdc2cbb9c6dfa256512afcacebbfcd262c07edc31bfc0be8a95805fa720d3e636e8b2edda7d288d2ea195aaaab257264876d17f660fa15f54db34b66f8e5404fc51adaf7860c1859e457bd2653c6ed949fd420287524cdd3192cf07cb47695221c0561c550c921bddf3b446c3423100ef4a9641855538684f02ce4ba5c2dbb107803a90055caecb09450ef5d14bd9a5f4c3770758da51c95a8f604cc3a8c5051256a8558af595112b0d9bc5e1b707659e3040b1985c229e110030575db9f9ebe223335a992ab4"})
r3 = socket$inet6_tcp(0xa, 0x1, 0x0)
setsockopt$inet6_tcp_TCP_CONGESTION(r3, 0x6, 0xd, &(0x7f00000004c0)='htcp', 0x4)
bind$inet6(r3, &(0x7f0000000080)={0xa, 0x2, 0x200, @loopback, 0x7}, 0x1c)
setsockopt$inet6_tcp_int(r3, 0x6, 0x2000000000000022, &(0x7f0000000200)=0x1, 0x4)
openat$vnet(0xffffff9c, &(0x7f0000000000), 0x2, 0x0)
sendto$inet6(r3, &(0x7f0000000280)='2', 0x1, 0x20000045, &(0x7f00000001c0)={0xa, 0x2, 0xffff, @loopback, 0x3}, 0x1c)
shutdown(r3, 0x1)
ioctl$MEDIA_IOC_ENUM_LINKS(r1, 0xc01c7c02, &(0x7f0000000340)={0x80000000, &(0x7f0000000240), &(0x7f00000002c0)=[{{}, {<r4=>0x80000000}}]})
ioctl$MEDIA_IOC_ENUM_LINKS(r1, 0xc01c7c02, &(0x7f0000000100)={r4, 0x0, 0x0})
sendmsg$NFT_BATCH(r0, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000040)={&(0x7f0000000100)={{0x14}, [@NFT_MSG_NEWTABLE={0x20, 0x0, 0xa, 0x401, 0x0, 0x0, {0x1, 0x0, 0x2}, [@NFTA_TABLE_NAME={0x9, 0x1, 'syz0\x00'}]}, @NFT_MSG_NEWCHAIN={0x2c, 0x3, 0xa, 0x201, 0x0, 0x0, {0x1, 0x0, 0xfffe}, [@NFTA_CHAIN_TABLE={0x9, 0x1, 'syz0\x00'}, @NFTA_CHAIN_NAME={0x9, 0x3, 'syz0\x00'}]}, @NFT_MSG_NEWRULE={0x64, 0x6, 0xa, 0x401, 0x0, 0x0, {0x1}, [@NFTA_RULE_CHAIN_ID={0x8}, @NFTA_RULE_EXPRESSIONS={0x3c, 0x4, 0x0, 0x1, [{0x38, 0x1, 0x0, 0x1, @immediate={{0xe}, @val={0x24, 0x2, 0x0, 0x1, [@NFTA_IMMEDIATE_DREG={0x8}, @NFTA_IMMEDIATE_DATA={0x18, 0x2, 0x0, 0x1, [@NFTA_DATA_VERDICT={0x14, 0x2, 0x0, 0x1, [@NFTA_VERDICT_CODE={0x8, 0x1, 0x0, 0x1, 0xfffffffffffffffd}, @NFTA_VERDICT_CHAIN_ID={0x8, 0x3, 0x1, 0x0, 0x1}]}]}]}}}]}, @NFTA_RULE_TABLE={0x9, 0x1, 'syz0\x00'}]}], {0x14}}, 0xed}}, 0x0)

98.307836ms ago: executing program 2 (id=3069):
r0 = socket$nl_netfilter(0x10, 0x3, 0xc)
sendmsg$NFT_BATCH(r0, &(0x7f0000000040)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000700)=ANY=[@ANYBLOB="14000000100001000000000000000e000000000a20000000000a03000000000000000000010000000900010073797a300000000040000000080a01010000000000000000010000000900010073797a30"], 0xc8}}, 0x0)

92.479015ms ago: executing program 1 (id=3070):
syz_open_dev$dri(&(0x7f0000000040), 0xd21, 0x0)
r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000100), 0x0, 0x0)
r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0)
syz_kvm_setup_cpu$x86(0xffffffffffffffff, 0xffffffffffffffff, &(0x7f0000005000/0x18000)=nil, &(0x7f0000000380)=[@text32={0x20, &(0x7f0000000140)="b8050000000f01c10f46a78900000066ba2100b067ee66ba2000b000ee6d2f2f800000c0d23266bac0000f3066b808008ed0660f38806f008ee0", 0x3a}], 0x1, 0x0, 0x0, 0x0)
ioctl$KVM_CREATE_IRQCHIP(r1, 0xae60)
ioctl$KVM_CREATE_PIT2(r1, 0x4040ae77, &(0x7f0000000040)={0x1})
r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0)
ioctl$KVM_SET_PIT(r1, 0x8048ae66, &(0x7f0000000080)={[{0x5, 0x0, 0x0, 0x0, 0x0, 0x0, 0x8, 0x0, 0x0, 0x3}, {}, {0xeda7, 0x4, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x8}]})
socket$nl_xfrm(0x10, 0x3, 0x6)
ioctl$KVM_SET_USER_MEMORY_REGION(r1, 0x4020ae46, &(0x7f0000000180)={0x0, 0x0, 0x0, 0x2000, &(0x7f0000000000/0x2000)=nil})
ioctl$KVM_SET_REGS(r2, 0x4090ae82, &(0x7f0000000200)={[0x0, 0x20000000, 0x3, 0x3f8, 0x0, 0x0, 0x2004cb, 0x3, 0x0, 0xfffffffffffffff8, 0x0, 0x9, 0x2000000000003ff, 0x2], 0x2000, 0x200206})
socket$inet6_tcp(0xa, 0x1, 0x0)
ioctl$AUTOFS_DEV_IOCTL_CLOSEMOUNT(0xffffffffffffffff, 0xc0189375, &(0x7f00000001c0)={{0x1, 0x1, 0x18, <r3=>r1}, './file0\x00'})
ioctl$IOMMU_TEST_OP_MOCK_DOMAIN(0xffffffffffffffff, 0x3ba0, &(0x7f00000002c0)={0x48, 0x2, 0x0, 0x0, <r4=>0x0})
ioctl$IOMMU_DESTROY$stdev(r3, 0x3b80, &(0x7f0000000340)={0x8, r4})
socket$inet6_tcp(0xa, 0x1, 0x0)
socketpair$unix(0x1, 0x0, 0x0, &(0x7f0000000000))
ioctl$KVM_RUN(r2, 0xae80, 0x0)

0s ago: executing program 2 (id=3071):
r0 = socket$nl_netfilter(0x10, 0x3, 0xc)
sendmsg$NFT_BATCH(r0, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000080)={&(0x7f0000000240)=ANY=[@ANYBLOB="140000001000010000000000000000000500000a28000000000a030000000000000000000a00000708000240000000020900010073797a31000000002c000000030a010100000000000000000a0000070900010073797a31000000000900030073797a320000000014000000110001"], 0x7c}, 0x1, 0x0, 0x0, 0x4000}, 0x0)
sendmsg$NFT_BATCH(r0, &(0x7f0000009b40)={0x0, 0x0, &(0x7f0000009b00)={&(0x7f0000000100)={{0x14, 0x10, 0x1, 0x0, 0x0, {0x5}}, [@NFT_MSG_NEWSET={0x3c, 0x9, 0xa, 0x401, 0x0, 0x0, {0xa, 0x0, 0x4}, [@NFTA_SET_TABLE={0x9, 0x1, 'syz1\x00'}, @NFTA_SET_KEY_LEN={0x8, 0x5, 0x1, 0x0, 0x19}, @NFTA_SET_NAME={0x9, 0x2, 'syz1\x00'}, @NFTA_SET_ID={0x8, 0xa, 0x1, 0x0, 0xfffffffc}]}, @NFT_MSG_NEWSETELEM={0x98, 0xc, 0xa, 0x101, 0x0, 0x0, {0xa, 0x0, 0x6}, [@NFTA_SET_ELEM_LIST_SET={0x9, 0x2, 'syz1\x00'}, @NFTA_SET_ELEM_LIST_TABLE={0x9, 0x1, 'syz1\x00'}, @NFTA_SET_ELEM_LIST_ELEMENTS={0x6c, 0x3, 0x0, 0x1, [{0x68, 0x0, 0x0, 0x1, [@NFTA_SET_ELEM_FLAGS={0x8, 0x3, 0x1, 0x0, 0x2}, @NFTA_SET_ELEM_EXPRESSIONS={0x5c, 0xb, 0x0, 0x1, [{0x2c, 0x1, 0x0, 0x1, @limit={{0xa}, @val={0x1c, 0x2, 0x0, 0x1, [@NFTA_LIMIT_UNIT={0xc, 0x2, 0x1, 0x0, 0x3}, @NFTA_LIMIT_RATE={0xc, 0x1, 0x1, 0x0, 0x10000}]}}}, {0x2c, 0x1, 0x0, 0x1, @limit={{0xa}, @val={0x1c, 0x2, 0x0, 0x1, [@NFTA_LIMIT_UNIT={0xc, 0x2, 0x1, 0x0, 0x80000000}, @NFTA_LIMIT_RATE={0xc, 0x1, 0x1, 0x0, 0x8}]}}}]}]}]}]}], {0x14, 0x11, 0x1, 0x0, 0x0, {0x3}}}, 0xfc}, 0x1, 0x0, 0x0, 0x4000850}, 0x40)
close(0x3)
r1 = openat(0xffffffffffffff9c, 0x0, 0x80000, 0x2)
syz_genetlink_get_family_id$tipc2(&(0x7f0000000140), r1)
r2 = bpf$PROG_LOAD(0x5, &(0x7f0000000080)={0x1, 0x5, &(0x7f0000001340)=ANY=[@ANYBLOB="bf16000000000000b70700000100f0ff4870000000000000200000000000e0ff95000000000000002ba7e1d30cb599e83f040000f300000000bd01212fb56f040026fbfefc41056bd8174b79ed317142fa9ea4158123751c5c652fbc1626cca2a2ad75806150ae0209e62f55ee988e6e06c8206ac6939fc404004900c788b277be1cb79b0a4dcf3ed410f6accd3641110bec4e90a634199e07f8f6eb9604000e011ea665c45a3449abe802f5ab3e89cf6cfdffffffb8580218ce740068720000074e8b1715807ea0ca469e468eea13c9a77e1c89c5082a703fd2f73902ebcfcf49822775985bf313405b367e81c700000040000000000200000000005335000000143ea7042ab40c7cb70cc8943a6d60d7c4900282e147d08e0af4b29df814f5691db43a5c00000004000000000089faff01210cce39bf405f1e846c12423a164a330100846f26ad03dd65873d9f87463ad6f7c2e8ee1a39244960b318778f2a047f6d5bc24fef5d7d6155102b1ced1e8019e63c850bf895abba14f6fbd7fb5e2a431ab914040000000000010092c9f4609646b6c5c29647d2f950a959cf9938d6dfcb8ed2cbdc2ba9d580609e31c3fa90812a533ce206e7e57a79d6fce424c2200af6c7784a1975fabc0c4dd418c005479ecab19bdfb15a32a4fd67ce446adb431d7e74853b7978639be2463308af07db79240acaf0910300000077d05d988d6efdffdf48dca02113a38300cabf2b5543ffc166955709009e000000000061622718551c20ec23812770d72c700a44e113d17088fdd00600000f7889b8d7044f56ff030000000000006cd4970400cac6f45a6922ded2e29514af463f740586903500090000000000000000be34b10f9d640dd782ac0cbc0abcf728"], 0x0}, 0x94)
socket$pppl2tp(0x18, 0x1, 0x1)
syz_usb_connect(0x3, 0x2d, &(0x7f00000001c0)=ANY=[@ANYBLOB="12012002ae7b9b40eb1501000252d1acbdc78601000406000904f240010083cb710905000000000000000000c51ec8b4c79c53f679d90472907895516cf47b8f2c4cdd03c9e5d8717fa3d9aae314600f4019d29511d298f5aa72449ff3f351668f66cb1d162c167cd1a3c5867c387ede62c51fce"], &(0x7f0000000380)={0x0, 0x0, 0x0, 0x0, 0x5, [{0x4, &(0x7f0000000000)=@lang_id={0x4, 0x3, 0x1401}}, {0x4, &(0x7f0000000040)=@lang_id={0x4, 0x3, 0x80c}}, {0x34, &(0x7f0000000180)=ANY=[@ANYBLOB="3403eede25df44f63245add91beb2ee8bad127c2a3b18f0f114a2d2577287aeeecd72eb09b198dfcadb2ddb6e6cc06a0f1abdbc78f5560196bd3a2c7e476"]}, {0xd1, &(0x7f00000003c0)=@string={0xd1, 0x3, "747de286ea2d3fe79d933872f08c835eb1b83791516c9de3b48c8350a0624654a0a91bc56094404cfaa62da25ebbc5cd4d1fcb8f435ff7ac6c31b175b465d6aa9139590541e5af57e6993c6bb1d48c88165e058d710781e2c697f65f5fe79dbfd1959d4b99c09951c777a5253cddd73d105e9ec63723841084e60ff6e6f4ea56f1e4c794de1a1025c9b8f4f443d3f35a3f6801cc0e1a49cdfe95d5ee863af80bb32284bc9669bb52c0391737baf97db5b0d7f7c2716deb87a4b4a1037c9fca97465368385fcd6f05a608a7a0b591e1"}}, {0x3, &(0x7f0000000340)=@string={0x3, 0x3, '1'}}]})
dup2(r2, r1)

kernel console output (not intermixed with test programs):

46.663016][T14719] bridge_slave_1: entered promiscuous mode
[  646.674721][T14710] netlink: 12 bytes leftover after parsing attributes in process `syz.1.2652'.
[  646.693546][ T6096] usb 2-1: USB disconnect, device number 52
[  646.860118][ T8787] usb 3-1: unable to get BOS descriptor or descriptor too short
[  646.877017][ T8787] usb 3-1: no configurations
[  646.892064][ T8787] usb 3-1: can't read configurations, error -22
[  647.155310][ T6096] usb 1-1: new low-speed USB device number 123 using dummy_hcd
[  647.305411][ T6096] usb 1-1: device descriptor read/64, error -71
[  647.503249][T14748] A link change request failed with some changes committed already. Interface lo may have been left with an inconsistent configuration, please check.
[  647.545331][ T6096] usb 1-1: new low-speed USB device number 124 using dummy_hcd
[  647.675326][ T6096] usb 1-1: device descriptor read/64, error -71
[  647.796793][ T6096] usb usb1-port1: attempt power cycle
[  648.011312][T14770] FAULT_INJECTION: forcing a failure.
[  648.011312][T14770] name failslab, interval 1, probability 0, space 0, times 0
[  648.060190][T14770] CPU: 1 UID: 0 PID: 14770 Comm: syz.1.2671 Tainted: G             L      syzkaller #0 PREEMPT(full) 
[  648.060209][T14770] Tainted: [L]=SOFTLOCKUP
[  648.060214][T14770] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/25/2025
[  648.060220][T14770] Call Trace:
[  648.060226][T14770]  <TASK>
[  648.060232][T14770]  dump_stack_lvl+0x189/0x250
[  648.060249][T14770]  ? __pfx____ratelimit+0x10/0x10
[  648.060262][T14770]  ? __pfx_dump_stack_lvl+0x10/0x10
[  648.060274][T14770]  ? __pfx__printk+0x10/0x10
[  648.060291][T14770]  ? __pfx___might_resched+0x10/0x10
[  648.060302][T14770]  ? fs_reclaim_acquire+0x7d/0x100
[  648.060316][T14770]  should_fail_ex+0x414/0x560
[  648.060332][T14770]  should_failslab+0xa8/0x100
[  648.060345][T14770]  kmem_cache_alloc_noprof+0x88/0x710
[  648.060360][T14770]  ? ep_ptable_queue_proc+0x5c/0x200
[  648.060377][T14770]  ep_ptable_queue_proc+0x5c/0x200
[  648.060391][T14770]  ? __pfx_ep_ptable_queue_proc+0x10/0x10
[  648.060405][T14770]  cec_poll+0x9a/0x290
[  648.060417][T14770]  ? __pfx_cec_poll+0x10/0x10
[  648.060426][T14770]  ep_insert+0x1161/0x19e0
[  648.060447][T14770]  ? __pfx_ep_insert+0x10/0x10
[  648.060459][T14770]  ? __pfx___mutex_lock+0x10/0x10
[  648.060473][T14770]  ? __fget_files+0x2a/0x420
[  648.060486][T14770]  ? __pfx_ep_ptable_queue_proc+0x10/0x10
[  648.060500][T14770]  ? __fget_files+0x3a0/0x420
[  648.060511][T14770]  ? __fget_files+0x2a/0x420
[  648.060527][T14770]  do_epoll_ctl+0x7f4/0xe80
[  648.060544][T14770]  __ia32_sys_epoll_ctl+0x15d/0x1a0
[  648.060559][T14770]  ? __pfx___ia32_sys_epoll_ctl+0x10/0x10
[  648.060574][T14770]  ? __do_fast_syscall_32+0xbe/0x570
[  648.060590][T14770]  __do_fast_syscall_32+0x1f7/0x570
[  648.060605][T14770]  ? rcu_is_watching+0x15/0xb0
[  648.060616][T14770]  ? do_fast_syscall_32+0x34/0x80
[  648.060631][T14770]  do_fast_syscall_32+0x34/0x80
[  648.060663][T14770]  entry_SYSENTER_compat_after_hwframe+0x84/0x8e
[  648.060676][T14770] RIP: 0023:0xf7f76539
[  648.060686][T14770] Code: 03 74 b4 01 10 07 03 74 b0 01 10 08 03 74 d8 01 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 51 52 55 89 e5 0f 34 cd 80 <5d> 5a 59 c3 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90
[  648.060695][T14770] RSP: 002b:00000000f546655c EFLAGS: 00000206 ORIG_RAX: 00000000000000ff
[  648.060707][T14770] RAX: ffffffffffffffda RBX: 0000000000000005 RCX: 0000000000000001
[  648.060715][T14770] RDX: 0000000000000004 RSI: 0000000080000040 RDI: 0000000000000000
[  648.060721][T14770] RBP: 0000000000000000 R08: 0000000000000000 R09: 0000000000000000
[  648.060727][T14770] R10: 0000000000000000 R11: 0000000000000206 R12: 0000000000000000
[  648.060733][T14770] R13: 0000000000000000 R14: 0000000000000000 R15: 0000000000000000
[  648.060748][T14770]  </TASK>
[  648.135296][ T6096] usb 1-1: new low-speed USB device number 125 using dummy_hcd
[  648.397065][ T6096] usb 1-1: device descriptor read/8, error -71
[  648.635586][ T6096] usb 1-1: new low-speed USB device number 126 using dummy_hcd
[  648.656129][ T6096] usb 1-1: device descriptor read/8, error -71
[  648.766387][ T6096] usb usb1-port1: unable to enumerate USB device
[  649.126558][ T8787] usb 3-1: new high-speed USB device number 94 using dummy_hcd
[  649.299576][ T8787] usb 3-1: unable to get BOS descriptor or descriptor too short
[  649.312998][ T8787] usb 3-1: config 66 interface 0 altsetting 16 bulk endpoint 0x7 has invalid maxpacket 16
[  649.332531][ T8787] usb 3-1: config 66 interface 0 has no altsetting 0
[  649.355582][ T8787] usb 3-1: New USB device found, idVendor=0471, idProduct=0602, bcdDevice=a4.95
[  649.367977][ T8787] usb 3-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  649.383939][ T8787] usb 3-1: Product: syz
[  649.389040][ T8787] usb 3-1: Manufacturer: syz
[  649.394185][ T8787] usb 3-1: SerialNumber: syz
[  649.428359][T14781] raw-gadget.2 gadget.2: fail, usb_ep_enable returned -22
[  649.542724][T14789] netlink: 4 bytes leftover after parsing attributes in process `syz.0.2679'.
[  649.567024][T14789] netdevsim netdevsim0 netdevsim0: IPsec offload requires 128 bit authentication
[  649.657302][ T8787] ati_remote2 3-1:66.0: ati_remote2_probe(): interface 1 must have an endpoint
[  649.669614][T14791] FAULT_INJECTION: forcing a failure.
[  649.669614][T14791] name failslab, interval 1, probability 0, space 0, times 0
[  649.673853][ T8787] usb 3-1: USB disconnect, device number 94
[  649.698914][T14791] CPU: 0 UID: 0 PID: 14791 Comm: syz.3.2680 Tainted: G             L      syzkaller #0 PREEMPT(full) 
[  649.698944][T14791] Tainted: [L]=SOFTLOCKUP
[  649.698951][T14791] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/25/2025
[  649.698962][T14791] Call Trace:
[  649.698970][T14791]  <TASK>
[  649.698978][T14791]  dump_stack_lvl+0x189/0x250
[  649.699003][T14791]  ? __pfx____ratelimit+0x10/0x10
[  649.699026][T14791]  ? __pfx_dump_stack_lvl+0x10/0x10
[  649.699045][T14791]  ? __pfx__printk+0x10/0x10
[  649.699071][T14791]  ? __pfx___might_resched+0x10/0x10
[  649.699100][T14791]  ? fs_reclaim_acquire+0x7d/0x100
[  649.699123][T14791]  should_fail_ex+0x414/0x560
[  649.699147][T14791]  should_failslab+0xa8/0x100
[  649.699168][T14791]  kmem_cache_alloc_node_noprof+0x8c/0x720
[  649.699194][T14791]  ? __alloc_skb+0x255/0x430
[  649.699214][T14791]  ? napi_skb_cache_get+0x4a5/0x780
[  649.699231][T14791]  ? napi_skb_cache_get+0x151/0x780
[  649.699255][T14791]  __alloc_skb+0x255/0x430
[  649.699279][T14791]  ? __pfx___alloc_skb+0x10/0x10
[  649.699305][T14791]  ? netlink_ack_tlv_len+0x6c/0x210
[  649.699332][T14791]  netlink_ack+0x146/0xa50
[  649.699362][T14791]  ? __kmalloc_cache_noprof+0x3e2/0x700
[  649.699385][T14791]  nfnetlink_rcv+0x2309/0x2590
[  649.699441][T14791]  ? __pfx_nfnetlink_rcv+0x10/0x10
[  649.699479][T14791]  ? ref_tracker_free+0x63a/0x7d0
[  649.699524][T14791]  ? __netlink_deliver_tap+0x807/0x850
[  649.699539][T14791]  ? netlink_deliver_tap+0x2e/0x1b0
[  649.699569][T14791]  netlink_unicast+0x82f/0x9e0
[  649.699597][T14791]  ? __pfx_netlink_unicast+0x10/0x10
[  649.699620][T14791]  ? netlink_sendmsg+0x642/0xb30
[  649.699634][T14791]  ? skb_put+0x11b/0x210
[  649.699658][T14791]  netlink_sendmsg+0x805/0xb30
[  649.699681][T14791]  ? __pfx_netlink_sendmsg+0x10/0x10
[  649.699699][T14791]  ? __import_iovec+0x5d4/0x7f0
[  649.699721][T14791]  ? aa_sock_msg_perm+0xf1/0x1b0
[  649.699739][T14791]  ? bpf_lsm_socket_sendmsg+0x9/0x20
[  649.699756][T14791]  ? __pfx_netlink_sendmsg+0x10/0x10
[  649.699772][T14791]  __sock_sendmsg+0x21c/0x270
[  649.699787][T14791]  ____sys_sendmsg+0x505/0x820
[  649.699804][T14791]  ? __pfx_____sys_sendmsg+0x10/0x10
[  649.699820][T14791]  ? kstrtouint+0x6e/0xe0
[  649.699845][T14791]  ___sys_sendmsg+0x21f/0x2a0
[  649.699867][T14791]  ? __pfx____sys_sendmsg+0x10/0x10
[  649.699884][T14791]  ? rcu_read_lock_any_held+0xb3/0x120
[  649.699911][T14791]  ? __fget_files+0x2a/0x420
[  649.699924][T14791]  ? __fget_files+0x3a0/0x420
[  649.699940][T14791]  __sys_sendmsg+0x164/0x220
[  649.699955][T14791]  ? __pfx___sys_sendmsg+0x10/0x10
[  649.699973][T14791]  ? __pfx_ksys_write+0x10/0x10
[  649.699986][T14791]  ? __do_fast_syscall_32+0xbe/0x570
[  649.700002][T14791]  __do_fast_syscall_32+0x1f7/0x570
[  649.700029][T14791]  ? rcu_is_watching+0x15/0xb0
[  649.700040][T14791]  ? do_fast_syscall_32+0x34/0x80
[  649.700055][T14791]  do_fast_syscall_32+0x34/0x80
[  649.700069][T14791]  entry_SYSENTER_compat_after_hwframe+0x84/0x8e
[  649.700086][T14791] RIP: 0023:0xf70dd539
[  649.700097][T14791] Code: 03 74 b4 01 10 07 03 74 b0 01 10 08 03 74 d8 01 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 51 52 55 89 e5 0f 34 cd 80 <5d> 5a 59 c3 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90
[  649.700106][T14791] RSP: 002b:00000000f54cd55c EFLAGS: 00000206 ORIG_RAX: 0000000000000172
[  649.700119][T14791] RAX: ffffffffffffffda RBX: 0000000000000003 RCX: 00000000800000c0
[  649.700126][T14791] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000000000000
[  649.700133][T14791] RBP: 0000000000000000 R08: 0000000000000000 R09: 0000000000000000
[  649.700138][T14791] R10: 0000000000000000 R11: 0000000000000206 R12: 0000000000000000
[  649.700144][T14791] R13: 0000000000000000 R14: 0000000000000000 R15: 0000000000000000
[  649.700159][T14791]  </TASK>
[  650.197731][T14797] netlink: 12 bytes leftover after parsing attributes in process `syz.1.2682'.
[  650.217969][T14800] netlink: 212352 bytes leftover after parsing attributes in process `syz.3.2684'.
[  650.605422][ T6096] usb 2-1: new high-speed USB device number 53 using dummy_hcd
[  650.754881][ T6096] usb 2-1: Using ep0 maxpacket: 16
[  650.762135][ T6096] usb 2-1: unable to get BOS descriptor or descriptor too short
[  650.787948][ T6096] usb 2-1: config 8 has an invalid interface number: 190 but max is 1
[  650.797112][ T6096] usb 2-1: config 8 has an invalid interface number: 57 but max is 1
[  650.808612][ T6096] usb 2-1: config 8 has no interface number 0
[  650.815657][ T6096] usb 2-1: config 8 has no interface number 1
[  650.854592][ T6096] usb 2-1: config 8 interface 190 has no altsetting 0
[  650.861881][ T6096] usb 2-1: config 8 interface 57 has no altsetting 0
[  650.930783][ T6096] usb 2-1: language id specifier not provided by device, defaulting to English
[  650.948585][ T6096] usb 2-1: New USB device found, idVendor=041e, idProduct=4060, bcdDevice=61.31
[  650.966136][ T6096] usb 2-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  650.982515][ T6096] usb 2-1: Product: Р
[  650.990450][ T6096] usb 2-1: Manufacturer: à°�
[  651.001066][ T6096] usb 2-1: SerialNumber: 솗粫尀閅垖��ꞃ⯀쒆䊼肴냄�焫膅˱췴冇햔�젎凰뭷廊﹧㨪诤ſ︗䓫⽀�꬜ో할섻艒佧�榬�뷨뛅金஡�Ò�⩤綅耿ֳ풧굵㢮�⧪腣�
[  652.152645][T14832] netlink: 8 bytes leftover after parsing attributes in process `syz.3.2693'.
[  652.655290][ T5914] usb 1-1: new low-speed USB device number 127 using dummy_hcd
[  652.703246][T14848] netlink: 32 bytes leftover after parsing attributes in process `syz.3.2697'.
[  652.780259][T14849] netlink: 4 bytes leftover after parsing attributes in process `syz.3.2697'.
[  652.815337][ T5914] usb 1-1: Invalid ep0 maxpacket: 32
[  653.556996][ T5914] usb 1-1: new low-speed USB device number 2 using dummy_hcd
[  653.566409][ T6096] usb 2-1: USB disconnect, device number 53
[  653.640901][T14854] loop2: detected capacity change from 0 to 7
[  653.665108][T14854]  loop2:
[  653.689535][T14854] loop2: partition table partially beyond EOD, truncated
[  653.725312][ T5914] usb 1-1: Invalid ep0 maxpacket: 32
[  653.732693][ T5914] usb usb1-port1: attempt power cycle
[  653.903692][T14862] netlink: 24 bytes leftover after parsing attributes in process `syz.3.2700'.
[  653.935354][ T6096] usb 2-1: new high-speed USB device number 54 using dummy_hcd
[  654.115940][ T5914] usb 1-1: new low-speed USB device number 3 using dummy_hcd
[  654.119501][T14872] netlink: 'syz.4.2704': attribute type 4 has an invalid length.
[  654.131383][T14872] netlink: 17 bytes leftover after parsing attributes in process `syz.4.2704'.
[  654.161337][T14872] delete_channel: no stack
[  654.165943][ T8709] usb 4-1: new high-speed USB device number 121 using dummy_hcd
[  654.184687][ T5914] usb 1-1: Invalid ep0 maxpacket: 32
[  654.193040][ T6096] usb 2-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7
[  654.215371][ T6096] usb 2-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0
[  654.236984][ T6096] usb 2-1: New USB device found, idVendor=10c4, idProduct=ea90, bcdDevice= 0.00
[  654.256561][ T6096] usb 2-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  654.287867][ T6096] usb 2-1: config 0 descriptor??
[  654.325310][ T5914] usb 1-1: new low-speed USB device number 4 using dummy_hcd
[  654.346140][ T5914] usb 1-1: Invalid ep0 maxpacket: 32
[  654.352553][ T5914] usb usb1-port1: unable to enumerate USB device
[  654.359887][ T8709] usb 4-1: Using ep0 maxpacket: 32
[  654.367900][ T8709] usb 4-1: New USB device found, idVendor=0fd9, idProduct=0025, bcdDevice=29.40
[  654.377641][ T8709] usb 4-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  654.390674][ T8709] usb 4-1: config 0 descriptor??
[  654.604653][T14862] fuse: Bad value for 'rootmode'
[  654.615341][ T8709] dvb-usb: found a 'Elgato EyeTV Sat' in cold state, will try to load a firmware
[  654.625717][ T8709] usb 4-1: Direct firmware load for dvb-usb-az6027-03.fw failed with error -2
[  654.639597][ T8709] usb 4-1: Falling back to sysfs fallback for: dvb-usb-az6027-03.fw
[  655.239419][ T6096] usbhid 2-1:0.0: can't add hid device: -71
[  655.270423][ T6096] usbhid 2-1:0.0: probe with driver usbhid failed with error -71
[  655.292806][ T6096] usb 2-1: USB disconnect, device number 54
[  656.025002][ T8787] usb 1-1: new high-speed USB device number 5 using dummy_hcd
[  656.195244][ T8787] usb 1-1: Using ep0 maxpacket: 32
[  656.214567][T14892] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy
[  656.223594][T14892] misc raw-gadget: fail, usb_gadget_register_driver returned -16
[  656.290793][T14912] team_slave_0: entered promiscuous mode
[  656.296536][T14912] team_slave_1: entered promiscuous mode
[  656.313412][T14912] vlan2: entered promiscuous mode
[  656.324669][T14912] team0: entered promiscuous mode
[  656.768734][T13537] Bluetooth: hci2: unexpected cc 0x0c03 length: 249 > 1
[  656.780096][T13537] Bluetooth: hci2: unexpected cc 0x1003 length: 249 > 9
[  656.790014][T13537] Bluetooth: hci2: unexpected cc 0x1001 length: 249 > 9
[  656.801325][T13537] Bluetooth: hci2: unexpected cc 0x0c23 length: 249 > 4
[  656.810269][T13537] Bluetooth: hci2: unexpected cc 0x0c38 length: 249 > 2
[  657.099472][T14914] chnl_net:caif_netlink_parms(): no params data found
[  657.206916][T14914] bridge0: port 1(bridge_slave_0) entered blocking state
[  657.221543][T14914] bridge0: port 1(bridge_slave_0) entered disabled state
[  657.230055][T14914] bridge_slave_0: entered allmulticast mode
[  657.239082][T14914] bridge_slave_0: entered promiscuous mode
[  657.249174][T14914] bridge0: port 2(bridge_slave_1) entered blocking state
[  657.257592][T14914] bridge0: port 2(bridge_slave_1) entered disabled state
[  657.266019][T14914] bridge_slave_1: entered allmulticast mode
[  657.273970][T14914] bridge_slave_1: entered promiscuous mode
[  657.334186][T14914] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link
[  657.350251][T14914] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link
[  657.437884][T14914] team0: Port device team_slave_0 added
[  657.447882][T14914] team0: Port device team_slave_1 added
[  657.520205][T14914] batman_adv: batadv0: Adding interface: batadv_slave_0
[  657.528282][T14914] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1532 would solve the problem.
[  657.555336][T14914] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active
[  657.568783][T14914] batman_adv: batadv0: Adding interface: batadv_slave_1
[  657.581592][T14914] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1532 would solve the problem.
[  657.608974][T14914] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active
[  657.678864][T14914] hsr_slave_0: entered promiscuous mode
[  657.687262][T14914] hsr_slave_1: entered promiscuous mode
[  657.694321][T14914] debugfs: 'hsr0' already exists in 'hsr'
[  657.701613][T14914] Cannot create hsr debugfs directory
[  657.878892][T14914] netdevsim netdevsim1 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  657.944875][ T5824] usb 3-1: new high-speed USB device number 95 using dummy_hcd
[  657.982949][T14914] netdevsim netdevsim1 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  658.072384][T14914] netdevsim netdevsim1 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  658.105491][ T5824] usb 3-1: Using ep0 maxpacket: 16
[  658.112644][ T5824] usb 3-1: config 1 has an invalid descriptor of length 0, skipping remainder of the config
[  658.123249][ T5824] usb 3-1: config 1 has 1 interface, different from the descriptor's value: 3
[  658.135924][ T5824] usb 3-1: New USB device found, idVendor=1d6b, idProduct=0101, bcdDevice= 0.40
[  658.145385][ T5824] usb 3-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  658.153463][ T5824] usb 3-1: Product: syz
[  658.157820][ T5824] usb 3-1: Manufacturer: syz
[  658.162462][ T5824] usb 3-1: SerialNumber: syz
[  658.183778][T14914] netdevsim netdevsim1 netdevsim0 (unregistering): left allmulticast mode
[  658.197696][T14914] netdevsim netdevsim1 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  658.376359][ T5824] usb 3-1: 0:2 : does not exist
[  658.396167][ T5824] usb 3-1: 5:0: failed to get current value for ch 0 (-22)
[  658.431626][T14914] netdevsim netdevsim1 netdevsim0: renamed from eth0
[  658.465752][ T5824] usb 3-1: USB disconnect, device number 95
[  658.475823][T14914] netdevsim netdevsim1 netdevsim1: renamed from eth1
[  658.490835][T14914] netdevsim netdevsim1 netdevsim2: renamed from eth2
[  658.510723][T14914] netdevsim netdevsim1 netdevsim3: renamed from eth3
[  658.544016][T10288] udevd[10288]: error opening ATTR{/sys/devices/platform/dummy_hcd.2/usb3/3-1/3-1:1.0/sound/card3/controlC3/../uevent} for writing: No such file or directory
[  658.680335][T14914] 8021q: adding VLAN 0 to HW filter on device bond0
[  658.708035][T14914] 8021q: adding VLAN 0 to HW filter on device team0
[  658.729275][ T5958] bridge0: port 1(bridge_slave_0) entered blocking state
[  658.736606][ T5958] bridge0: port 1(bridge_slave_0) entered forwarding state
[  658.758709][  T152] bridge0: port 2(bridge_slave_1) entered blocking state
[  658.765967][  T152] bridge0: port 2(bridge_slave_1) entered forwarding state
[  658.794905][ T8787] usb 1-1: unable to get BOS descriptor or descriptor too short
[  658.811668][ T8787] usb 1-1: no configurations
[  658.828748][ T8787] usb 1-1: can't read configurations, error -22
[  658.861093][T14914] hsr0: Slave A (hsr_slave_0) is not up; please bring it up to get a fully working HSR network
[  658.896023][T14914] hsr0: Slave B (hsr_slave_1) is not up; please bring it up to get a fully working HSR network
[  658.916153][T13537] Bluetooth: hci2: command tx timeout
[  659.024449][T14914] 8021q: adding VLAN 0 to HW filter on device batadv0
[  659.092737][T14951] FAULT_INJECTION: forcing a failure.
[  659.092737][T14951] name failslab, interval 1, probability 0, space 0, times 0
[  659.133871][T14951] CPU: 0 UID: 0 PID: 14951 Comm: syz.2.2726 Tainted: G             L      syzkaller #0 PREEMPT(full) 
[  659.133900][T14951] Tainted: [L]=SOFTLOCKUP
[  659.133907][T14951] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/25/2025
[  659.133918][T14951] Call Trace:
[  659.133926][T14951]  <TASK>
[  659.133935][T14951]  dump_stack_lvl+0x189/0x250
[  659.133961][T14951]  ? __pfx____ratelimit+0x10/0x10
[  659.133984][T14951]  ? __pfx_dump_stack_lvl+0x10/0x10
[  659.134002][T14951]  ? __pfx__printk+0x10/0x10
[  659.134031][T14951]  ? __pfx___might_resched+0x10/0x10
[  659.134057][T14951]  ? fs_reclaim_acquire+0x7d/0x100
[  659.134080][T14951]  should_fail_ex+0x414/0x560
[  659.134106][T14951]  should_failslab+0xa8/0x100
[  659.134128][T14951]  __kmalloc_noprof+0xdf/0x800
[  659.134145][T14951]  ? genl_family_rcv_msg_attrs_parse+0xa3/0x2a0
[  659.134174][T14951]  genl_family_rcv_msg_attrs_parse+0xa3/0x2a0
[  659.134202][T14951]  genl_family_rcv_msg_doit+0xb8/0x300
[  659.134230][T14951]  ? __pfx_genl_family_rcv_msg_doit+0x10/0x10
[  659.134257][T14951]  ? apparmor_capable+0x137/0x1a0
[  659.134280][T14951]  ? bpf_lsm_capable+0x9/0x20
[  659.134300][T14951]  ? security_capable+0x7e/0x2e0
[  659.134329][T14951]  genl_rcv_msg+0x60e/0x790
[  659.134356][T14951]  ? __pfx_genl_rcv_msg+0x10/0x10
[  659.134376][T14951]  ? __pfx_nl80211_pre_doit+0x10/0x10
[  659.134402][T14951]  ? __pfx_nl80211_connect+0x10/0x10
[  659.134418][T14951]  ? __pfx_nl80211_post_doit+0x10/0x10
[  659.134458][T14951]  netlink_rcv_skb+0x208/0x470
[  659.134475][T14951]  ? __pfx_genl_rcv_msg+0x10/0x10
[  659.134496][T14951]  ? __pfx_netlink_rcv_skb+0x10/0x10
[  659.134531][T14951]  ? down_read+0x274/0x2e0
[  659.134552][T14951]  ? genl_rcv+0xd/0x40
[  659.134574][T14951]  genl_rcv+0x28/0x40
[  659.134593][T14951]  netlink_unicast+0x82f/0x9e0
[  659.134623][T14951]  ? __pfx_netlink_unicast+0x10/0x10
[  659.134648][T14951]  ? netlink_sendmsg+0x642/0xb30
[  659.134663][T14951]  ? skb_put+0x11b/0x210
[  659.134691][T14951]  netlink_sendmsg+0x805/0xb30
[  659.134718][T14951]  ? __pfx_netlink_sendmsg+0x10/0x10
[  659.134737][T14951]  ? __import_iovec+0x5d4/0x7f0
[  659.134757][T14951]  ? aa_sock_msg_perm+0xf1/0x1b0
[  659.134775][T14951]  ? bpf_lsm_socket_sendmsg+0x9/0x20
[  659.134814][T14951]  ? __pfx_netlink_sendmsg+0x10/0x10
[  659.134832][T14951]  __sock_sendmsg+0x21c/0x270
[  659.134854][T14951]  ____sys_sendmsg+0x505/0x820
[  659.134883][T14951]  ? __pfx_____sys_sendmsg+0x10/0x10
[  659.134912][T14951]  ? kstrtouint+0x6e/0xe0
[  659.134939][T14951]  ___sys_sendmsg+0x21f/0x2a0
[  659.134966][T14951]  ? __pfx____sys_sendmsg+0x10/0x10
[  659.134997][T14951]  ? rcu_read_lock_any_held+0xb3/0x120
[  659.135051][T14951]  ? __fget_files+0x2a/0x420
[  659.135072][T14951]  ? __fget_files+0x3a0/0x420
[  659.135102][T14951]  __sys_sendmsg+0x164/0x220
[  659.135129][T14951]  ? __pfx___sys_sendmsg+0x10/0x10
[  659.135162][T14951]  ? __pfx_ksys_write+0x10/0x10
[  659.135183][T14951]  ? __do_fast_syscall_32+0xbe/0x570
[  659.135209][T14951]  __do_fast_syscall_32+0x1f7/0x570
[  659.135232][T14951]  ? rcu_is_watching+0x15/0xb0
[  659.135251][T14951]  ? do_fast_syscall_32+0x34/0x80
[  659.135277][T14951]  do_fast_syscall_32+0x34/0x80
[  659.135299][T14951]  entry_SYSENTER_compat_after_hwframe+0x84/0x8e
[  659.135321][T14951] RIP: 0023:0xf700d539
[  659.135338][T14951] Code: 03 74 b4 01 10 07 03 74 b0 01 10 08 03 74 d8 01 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 51 52 55 89 e5 0f 34 cd 80 <5d> 5a 59 c3 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90
[  659.135353][T14951] RSP: 002b:00000000f53fd55c EFLAGS: 00000206 ORIG_RAX: 0000000000000172
[  659.135374][T14951] RAX: ffffffffffffffda RBX: 0000000000000003 RCX: 00000000800001c0
[  659.135386][T14951] RDX: 0000000004004050 RSI: 0000000000000000 RDI: 0000000000000000
[  659.135397][T14951] RBP: 0000000000000000 R08: 0000000000000000 R09: 0000000000000000
[  659.135407][T14951] R10: 0000000000000000 R11: 0000000000000206 R12: 0000000000000000
[  659.135418][T14951] R13: 0000000000000000 R14: 0000000000000000 R15: 0000000000000000
[  659.135445][T14951]  </TASK>
[  659.538877][T14914] veth0_vlan: entered promiscuous mode
[  659.549269][T14914] veth1_vlan: entered promiscuous mode
[  659.569705][T14914] veth0_macvtap: entered promiscuous mode
[  659.578369][T14914] veth1_macvtap: entered promiscuous mode
[  659.593825][T14914] batman_adv: batadv0: Interface activated: batadv_slave_0
[  659.604177][T14914] batman_adv: batadv0: Interface activated: batadv_slave_1
[  659.679433][ T9407] netdevsim netdevsim1 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0
[  659.710283][ T9407] netdevsim netdevsim1 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0
[  659.772872][ T9407] netdevsim netdevsim1 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0
[  659.782881][ T9407] netdevsim netdevsim1 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0
[  659.961377][T14958] A link change request failed with some changes committed already. Interface geneve0 may have been left with an inconsistent configuration, please check.
[  659.981652][T10801] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[  659.995096][T10801] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50
[  660.018186][ T5824] usb 3-1: new high-speed USB device number 96 using dummy_hcd
[  660.090417][ T9784] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[  660.129164][ T9784] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50
[  660.132347][T14964] FAULT_INJECTION: forcing a failure.
[  660.132347][T14964] name fail_page_alloc, interval 1, probability 0, space 0, times 0
[  660.163732][T14964] CPU: 0 UID: 0 PID: 14964 Comm: syz.0.2731 Tainted: G             L      syzkaller #0 PREEMPT(full) 
[  660.163760][T14964] Tainted: [L]=SOFTLOCKUP
[  660.163766][T14964] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/25/2025
[  660.163777][T14964] Call Trace:
[  660.163786][T14964]  <TASK>
[  660.163794][T14964]  dump_stack_lvl+0x189/0x250
[  660.163814][T14964]  ? __pfx____ratelimit+0x10/0x10
[  660.163828][T14964]  ? __pfx_dump_stack_lvl+0x10/0x10
[  660.163839][T14964]  ? __pfx__printk+0x10/0x10
[  660.163854][T14964]  ? fs_reclaim_acquire+0x7d/0x100
[  660.163870][T14964]  should_fail_ex+0x414/0x560
[  660.163886][T14964]  prepare_alloc_pages+0x22b/0x650
[  660.163901][T14964]  __alloc_frozen_pages_noprof+0x123/0x370
[  660.163915][T14964]  ? __pfx___alloc_frozen_pages_noprof+0x10/0x10
[  660.163932][T14964]  ? is_bpf_text_address+0x26/0x2b0
[  660.163944][T14964]  ? kernel_text_address+0xa5/0xe0
[  660.163960][T14964]  ? policy_nodemask+0x27c/0x720
[  660.163975][T14964]  alloc_pages_mpol+0x232/0x4a0
[  660.163989][T14964]  vma_alloc_folio_noprof+0xe4/0x200
[  660.164001][T14964]  ? __lock_acquire+0x6b6/0x2cf0
[  660.164012][T14964]  ? __pfx_vma_alloc_folio_noprof+0x10/0x10
[  660.164030][T14964]  folio_prealloc+0x30/0x180
[  660.164041][T14964]  do_pte_missing+0x14e8/0x3330
[  660.164062][T14964]  handle_mm_fault+0x1b26/0x32b0
[  660.164083][T14964]  ? handle_mm_fault+0xdb/0x32b0
[  660.164101][T14964]  ? __pfx_handle_mm_fault+0x10/0x10
[  660.164125][T14964]  ? lock_mm_and_find_vma+0x9c/0x300
[  660.164136][T14964]  do_user_addr_fault+0x764/0x1380
[  660.164155][T14964]  exc_page_fault+0x82/0x100
[  660.164170][T14964]  asm_exc_page_fault+0x26/0x30
[  660.164180][T14964] RIP: 0010:rep_movs_alternative+0x33/0x90
[  660.164192][T14964] Code: 73 25 85 c9 74 0f 8a 06 88 07 48 ff c7 48 ff c6 48 ff c9 75 f1 c3 cc cc cc cc 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 00 48 8b 06 <48> 89 07 48 83 c6 08 48 83 c7 08 83 e9 08 74 db 83 f9 08 73 e8 eb
[  660.164201][T14964] RSP: 0018:ffffc9001b6b7878 EFLAGS: 00050206
[  660.164211][T14964] RAX: 4530303030323020 RBX: ffff888030a0a008 RCX: 0000000000000029
[  660.164219][T14964] RDX: 0000000000000000 RSI: ffff888030a0a008 RDI: 0000000080000040
[  660.164226][T14964] RBP: ffffc9001b6b79f0 R08: ffff888030a0a030 R09: 1ffff11006141406
[  660.164233][T14964] R10: dffffc0000000000 R11: ffffed1006141407 R12: dffffc0000000000
[  660.164240][T14964] R13: 0000000000000000 R14: 00007ffffffff000 R15: 0000000000000029
[  660.164256][T14964]  _copy_to_iter+0x493/0x1790
[  660.164278][T14964]  ? __pfx__copy_to_iter+0x10/0x10
[  660.164291][T14964]  ? traverse+0x544/0x580
[  660.164308][T14964]  seq_read_iter+0x2e9/0xe20
[  660.164323][T14964]  ? __asan_memset+0x22/0x50
[  660.164342][T14964]  seq_read+0x369/0x480
[  660.164356][T14964]  ? __pfx_seq_read+0x10/0x10
[  660.164376][T14964]  ? __pfx_seq_read+0x10/0x10
[  660.164384][T14964]  proc_reg_read+0x1e9/0x2e0
[  660.164397][T14964]  ? __pfx_proc_reg_read+0x10/0x10
[  660.164415][T14964]  vfs_read+0x200/0xa30
[  660.164431][T14964]  ? __pfx_vfs_read+0x10/0x10
[  660.164441][T14964]  ? __fget_files+0x2a/0x420
[  660.164456][T14964]  ? __fget_files+0x2a/0x420
[  660.164467][T14964]  ? __fget_files+0x3a0/0x420
[  660.164478][T14964]  ? __fget_files+0x2a/0x420
[  660.164494][T14964]  ksys_pread64+0x126/0x1c0
[  660.164506][T14964]  ? __pfx_ksys_pread64+0x10/0x10
[  660.164518][T14964]  ? __do_fast_syscall_32+0xbe/0x570
[  660.164530][T14964]  ? __ia32_sys_ia32_pread64+0x20/0xd0
[  660.164546][T14964]  __do_fast_syscall_32+0x1f7/0x570
[  660.164560][T14964]  ? rcu_is_watching+0x15/0xb0
[  660.164571][T14964]  ? do_fast_syscall_32+0x34/0x80
[  660.164587][T14964]  do_fast_syscall_32+0x34/0x80
[  660.164600][T14964]  entry_SYSENTER_compat_after_hwframe+0x84/0x8e
[  660.164614][T14964] RIP: 0023:0xf701d539
[  660.164625][T14964] Code: 03 74 b4 01 10 07 03 74 b0 01 10 08 03 74 d8 01 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 51 52 55 89 e5 0f 34 cd 80 <5d> 5a 59 c3 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90
[  660.164633][T14964] RSP: 002b:00000000f540d55c EFLAGS: 00000206 ORIG_RAX: 00000000000000b4
[  660.164647][T14964] RAX: ffffffffffffffda RBX: 0000000000000003 RCX: 0000000080000040
[  660.164654][T14964] RDX: 0000000000000075 RSI: 000000000000003e RDI: 0000000000000000
[  660.164660][T14964] RBP: 0000000000000000 R08: 0000000000000000 R09: 0000000000000000
[  660.164666][T14964] R10: 0000000000000000 R11: 0000000000000206 R12: 0000000000000000
[  660.164674][T14964] R13: 0000000000000000 R14: 0000000000000000 R15: 0000000000000000
[  660.164690][T14964]  </TASK>
[  660.186539][ T5824] usb 3-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7
[  660.613029][ T5824] usb 3-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0
[  660.625916][ T5824] usb 3-1: New USB device found, idVendor=044f, idProduct=b65d, bcdDevice= 0.00
[  660.636408][ T5824] usb 3-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  660.649999][ T5824] usb 3-1: config 0 descriptor??
[  660.920400][T14974] input: syz1 as /devices/virtual/input/input45
[  660.998159][T13537] Bluetooth: hci2: command tx timeout
[  661.090962][ T5824] hid-thrustmaster 0003:044F:B65D.0016: unknown main item tag 0x0
[  661.094209][ T5824] hid-thrustmaster 0003:044F:B65D.0016: hidraw0: USB HID v0.00 Device [HID 044f:b65d] on usb-dummy_hcd.2-1/input0
[  661.094390][ T5824] hid-thrustmaster 0003:044F:B65D.0016: Wrong number of endpoints?
[  661.273603][T14983] bridge3: entered promiscuous mode
[  661.485752][T14987] netlink: 'syz.3.2738': attribute type 4 has an invalid length.
[  661.508459][T14987] netlink: 17 bytes leftover after parsing attributes in process `syz.3.2738'.
[  661.781150][T14987] delete_channel: no stack
[  662.161888][T14997] netlink: 'syz.1.2741': attribute type 1 has an invalid length.
[  662.179332][T14997] bridge0: port 3(geneve2) entered blocking state
[  662.190485][T14997] bridge0: port 3(geneve2) entered disabled state
[  662.199585][T14997] geneve2: entered allmulticast mode
[  662.209429][T14997] geneve2: entered promiscuous mode
[  662.221819][T14997] netlink: 28 bytes leftover after parsing attributes in process `syz.1.2741'.
[  662.245488][ T5824] usb 1-1: new high-speed USB device number 7 using dummy_hcd
[  662.417130][ T5824] usb 1-1: config 0 has an invalid interface number: 1 but max is 0
[  662.427080][ T5824] usb 1-1: config 0 has no interface number 0
[  662.435937][    C1] hid-thrustmaster 0003:044F:B65D.0016: URB to get model id failed with error -108
[  662.448240][ T5824] usb 1-1: New USB device found, idVendor=18b4, idProduct=fffb, bcdDevice=dc.7b
[  662.458446][ T5824] usb 1-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  662.466586][ T5824] usb 1-1: Product: syz
[  662.470751][ T5824] usb 1-1: Manufacturer: syz
[  662.475478][ T5824] usb 1-1: SerialNumber: syz
[  662.482196][ T5824] usb 1-1: config 0 descriptor??
[  662.803480][ T5824] usb 1-1: dvb_usb_v2: found a 'E3C EC168 reference design' in warm state
[  662.821141][ T5824] usb 1-1: dvb_usb_v2: will pass the complete MPEG2 transport stream to the software demuxer
[  662.834409][ T5824] dvbdev: DVB: registering new adapter (E3C EC168 reference design)
[  662.847865][ T5824] usb 1-1: media controller created
[  662.867899][ T5824] dvbdev: dvb_create_media_entity: media entity 'dvb-demux' registered.
[  663.076035][T13537] Bluetooth: hci2: command tx timeout
[  663.103677][T15011] TCP: request_sock_TCPv6: Possible SYN flooding on port [::]:20002. Sending cookies.
[  663.216848][   T10] usb 3-1: USB disconnect, device number 96
[  663.354491][T15016] input: syz0 as /devices/virtual/input/input47
[  663.806027][T15026] netlink: 'syz.1.2748': attribute type 10 has an invalid length.
[  663.845281][T15026] 8021q: adding VLAN 0 to HW filter on device batadv0
[  663.855330][T15026] bond0: (slave batadv0): Enslaving as an active interface with an up link
[  663.864491][T15027] netlink: 'syz.1.2748': attribute type 10 has an invalid length.
[  663.872410][T15027] netlink: 40 bytes leftover after parsing attributes in process `syz.1.2748'.
[  663.882683][T15027] batadv0: entered promiscuous mode
[  663.888040][T15027] batadv0: entered allmulticast mode
[  663.936176][T15027] bond0: (slave batadv0): Releasing backup interface
[  663.952528][T15027] bridge0: port 4(batadv0) entered blocking state
[  663.962571][T15027] bridge0: port 4(batadv0) entered disabled state
[  664.306624][ T9782] batman_adv: batadv0: No IGMP Querier present - multicast optimizations disabled
[  664.316332][ T9782] batman_adv: batadv0: No MLD Querier present - multicast optimizations disabled
[  664.898054][T15034] netlink: 212336 bytes leftover after parsing attributes in process `syz.4.2750'.
[  664.933694][T15034] fuse: Bad value for 'user_id'
[  664.943333][T15034] fuse: Bad value for 'user_id'
[  664.961346][T15031] netlink: 116 bytes leftover after parsing attributes in process `syz.4.2750'.
[  665.157233][T13537] Bluetooth: hci2: command tx timeout
[  665.266440][ T5824] usb 1-1: USB disconnect, device number 7
[  665.372786][T15039] netlink: 212368 bytes leftover after parsing attributes in process `syz.2.2752'.
[  665.557240][T15047] program syz.2.2754 is using a deprecated SCSI ioctl, please convert it to SG_IO
[  666.020266][T15058] 8021q: adding VLAN 0 to HW filter on device batadv0
[  666.028421][T15058] batadv0: entered promiscuous mode
[  666.037979][T15058] team0: Port device batadv0 added
[  666.366052][T15061] netlink: 'syz.4.2757': attribute type 4 has an invalid length.
[  666.394298][T15061] netlink: 17 bytes leftover after parsing attributes in process `syz.4.2757'.
[  666.430131][T15061] delete_channel: no stack
[  667.124978][ T5914] usb 3-1: new high-speed USB device number 97 using dummy_hcd
[  667.285680][ T5914] usb 3-1: Using ep0 maxpacket: 32
[  667.295817][T15073] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy
[  667.306832][T15073] misc raw-gadget: fail, usb_gadget_register_driver returned -16
[  667.381231][T15084] vlan2: entered promiscuous mode
[  668.813862][T15108] netlink: 32 bytes leftover after parsing attributes in process `syz.0.2771'.
[  669.232264][T15117] netlink: 'syz.0.2775': attribute type 10 has an invalid length.
[  669.364388][T15121] netlink: 'syz.4.2774': attribute type 4 has an invalid length.
[  669.375714][T15121] netlink: 17 bytes leftover after parsing attributes in process `syz.4.2774'.
[  669.491964][T15121] delete_channel: no stack
[  670.179773][ T5914] usb 3-1: unable to get BOS descriptor or descriptor too short
[  670.211761][ T5914] usb 3-1: no configurations
[  670.236252][ T5914] usb 3-1: can't read configurations, error -22
[  671.050535][T15144] netlink: 212348 bytes leftover after parsing attributes in process `syz.1.2781'.
[  672.451767][T15168] netlink: 6 bytes leftover after parsing attributes in process `syz.0.2789'.
[  672.627900][T15172] FAULT_INJECTION: forcing a failure.
[  672.627900][T15172] name fail_usercopy, interval 1, probability 0, space 0, times 0
[  672.944883][T15172] CPU: 1 UID: 0 PID: 15172 Comm: syz.4.2792 Tainted: G             L      syzkaller #0 PREEMPT(full) 
[  672.944915][T15172] Tainted: [L]=SOFTLOCKUP
[  672.944923][T15172] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/25/2025
[  672.944934][T15172] Call Trace:
[  672.944943][T15172]  <TASK>
[  672.944954][T15172]  dump_stack_lvl+0x189/0x250
[  672.944981][T15172]  ? __pfx____ratelimit+0x10/0x10
[  672.945003][T15172]  ? __pfx_dump_stack_lvl+0x10/0x10
[  672.945024][T15172]  ? __pfx__printk+0x10/0x10
[  672.945062][T15172]  should_fail_ex+0x414/0x560
[  672.945089][T15172]  _copy_to_user+0x31/0xb0
[  672.945109][T15172]  simple_read_from_buffer+0xe1/0x170
[  672.945136][T15172]  proc_fail_nth_read+0x1b3/0x220
[  672.945159][T15172]  ? __pfx_proc_fail_nth_read+0x10/0x10
[  672.945182][T15172]  ? rw_verify_area+0x2a6/0x4d0
[  672.945199][T15172]  ? __pfx_proc_fail_nth_read+0x10/0x10
[  672.945220][T15172]  vfs_read+0x200/0xa30
[  672.945237][T15172]  ? fdget_pos+0x247/0x320
[  672.945262][T15172]  ? __pfx___mutex_lock+0x10/0x10
[  672.945285][T15172]  ? __pfx_vfs_read+0x10/0x10
[  672.945303][T15172]  ? __fget_files+0x2a/0x420
[  672.945327][T15172]  ? __fget_files+0x3a0/0x420
[  672.945345][T15172]  ? __fget_files+0x2a/0x420
[  672.945372][T15172]  ksys_read+0x145/0x250
[  672.945392][T15172]  ? __pfx_ksys_read+0x10/0x10
[  672.945422][T15172]  ? __do_fast_syscall_32+0xbe/0x570
[  672.945450][T15172]  __do_fast_syscall_32+0x1f7/0x570
[  672.945473][T15172]  ? rcu_is_watching+0x15/0xb0
[  672.945493][T15172]  ? do_fast_syscall_32+0x34/0x80
[  672.945527][T15172]  do_fast_syscall_32+0x34/0x80
[  672.945550][T15172]  entry_SYSENTER_compat_after_hwframe+0x84/0x8e
[  672.945572][T15172] RIP: 0023:0xf7fa7539
[  672.945588][T15172] Code: 03 74 b4 01 10 07 03 74 b0 01 10 08 03 74 d8 01 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 51 52 55 89 e5 0f 34 cd 80 <5d> 5a 59 c3 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90
[  672.945608][T15172] RSP: 002b:00000000f5496590 EFLAGS: 00000206 ORIG_RAX: 0000000000000003
[  672.945628][T15172] RAX: ffffffffffffffda RBX: 0000000000000006 RCX: 00000000f5496620
[  672.945641][T15172] RDX: 000000000000000f RSI: 00000000f7436ff4 RDI: 0000000000000000
[  672.945652][T15172] RBP: 0000000000000001 R08: 0000000000000000 R09: 0000000000000000
[  672.945662][T15172] R10: 0000000000000000 R11: 0000000000000206 R12: 0000000000000000
[  672.945673][T15172] R13: 0000000000000000 R14: 0000000000000000 R15: 0000000000000000
[  672.945702][T15172]  </TASK>
[  673.586309][T15183] netlink: 4 bytes leftover after parsing attributes in process `syz.0.2796'.
[  673.792516][T15183] bond2: (slave bridge0): Releasing backup interface
[  673.872287][T15183] bridge0 (unregistering): left promiscuous mode
[  674.443346][T15197] netlink: 'syz.0.2798': attribute type 4 has an invalid length.
[  674.451773][T15197] netlink: 17 bytes leftover after parsing attributes in process `syz.0.2798'.
[  674.479886][T15197] delete_channel: no stack
[  674.931183][T15209] netlink: 20 bytes leftover after parsing attributes in process `syz.1.2805'.
[  674.965345][T15008] usb 3-1: new full-speed USB device number 99 using dummy_hcd
[  674.974332][T15209] xt_TCPMSS: Only works on TCP SYN packets
[  674.987019][T15211] netlink: 212352 bytes leftover after parsing attributes in process `syz.4.2806'.
[  675.070346][T15213] netlink: 12 bytes leftover after parsing attributes in process `syz.4.2807'.
[  675.116884][T15008] usb 3-1: unable to get BOS descriptor or descriptor too short
[  675.127690][T15008] usb 3-1: not running at top speed; connect to a high speed hub
[  675.147467][T15008] usb 3-1: config 1 has an invalid interface number: 138 but max is 0
[  675.160924][T15008] usb 3-1: config 1 has an invalid descriptor of length 158, skipping remainder of the config
[  675.178498][T15008] usb 3-1: config 1 has no interface number 0
[  675.185325][T15008] usb 3-1: config 1 interface 138 altsetting 252 endpoint 0xC has invalid maxpacket 52496, setting to 64
[  675.305005][T15008] usb 3-1: config 1 interface 138 has no altsetting 0
[  675.320808][T15008] usb 3-1: New USB device found, idVendor=0cb8, idProduct=c90b, bcdDevice= d.ae
[  675.337347][T15008] usb 3-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  675.356596][T15008] usb 3-1: Product: syz
[  675.365177][T15008] usb 3-1: Manufacturer: syz
[  675.377341][T15008] usb 3-1: SerialNumber: syz
[  675.431994][T15203] raw-gadget.1 gadget.2: fail, usb_ep_enable returned -22
[  675.492479][T15223] netlink: 20 bytes leftover after parsing attributes in process `syz.1.2808'.
[  675.907868][T15008] usb 3-1: Quirk or no altset; falling back to MIDI 1.0
[  676.032150][T15008] usb 3-1: USB disconnect, device number 99
[  676.081414][T10201] udevd[10201]: error opening ATTR{/sys/devices/platform/dummy_hcd.2/usb3/3-1/3-1:1.138/sound/card3/controlC3/../uevent} for writing: No such file or directory
[  676.225490][T15228] netlink: 16 bytes leftover after parsing attributes in process `syz.4.2810'.
[  676.253159][T15230] xt_connbytes: Forcing CT accounting to be enabled
[  676.270630][T15230] x_tables: ip_tables: rpfilter match: used from hooks OUTPUT, but only valid from PREROUTING
[  676.942931][T15251] netlink: 'syz.4.2819': attribute type 1 has an invalid length.
[  676.945397][T15008] usb 1-1: new high-speed USB device number 8 using dummy_hcd
[  677.013815][T15251] bond0: (slave vxcan3): The slave device specified does not support setting the MAC address
[  677.067116][T15251] bond0: (slave vxcan3): Error -95 calling set_mac_address
[  677.127779][T15008] usb 1-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7
[  677.158721][T15008] usb 1-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0
[  677.208966][T15008] usb 1-1: New USB device found, idVendor=1e7d, idProduct=2cf6, bcdDevice= 0.00
[  677.218691][T15008] usb 1-1: New USB device strings: Mfr=4, Product=0, SerialNumber=0
[  677.228453][T15008] usb 1-1: Manufacturer: syz
[  677.265523][T15256] bond0: (slave bridge0): Enslaving as an active interface with a down link
[  677.294341][T15008] usb 1-1: config 0 descriptor??
[  677.402312][T15261] bond0: (slave gretap1): making interface the new active one
[  677.420911][T15261] bond0: (slave gretap1): Enslaving as an active interface with an up link
[  677.763732][T15248] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy
[  677.853796][T15248] misc raw-gadget: fail, usb_gadget_register_driver returned -16
[  677.913468][T15008] pyra 0003:1E7D:2CF6.0017: unknown main item tag 0x0
[  677.929020][T15008] pyra 0003:1E7D:2CF6.0017: unknown main item tag 0x0
[  677.952633][T15008] pyra 0003:1E7D:2CF6.0017: unknown main item tag 0x0
[  677.981560][T15008] pyra 0003:1E7D:2CF6.0017: unknown main item tag 0x0
[  678.005776][T15008] pyra 0003:1E7D:2CF6.0017: unknown main item tag 0x0
[  678.015306][T15008] pyra 0003:1E7D:2CF6.0017: unknown main item tag 0x0
[  678.034114][T15008] pyra 0003:1E7D:2CF6.0017: hidraw0: USB HID v0.00 Device [syz] on usb-dummy_hcd.0-1/input0
[  678.138532][T15008] pyra 0003:1E7D:2CF6.0017: couldn't init struct pyra_device
[  678.147208][T15008] pyra 0003:1E7D:2CF6.0017: couldn't install mouse
[  678.157981][T15008] pyra 0003:1E7D:2CF6.0017: probe with driver pyra failed with error -71
[  678.179334][T15008] usb 1-1: USB disconnect, device number 8
[  678.439307][T15277] fuse: Unknown parameter ''
[  679.036116][T15276] fido_id[15276]: Failed to open report descriptor at '/sys/devices/platform/dummy_hcd.0/usb1/report_descriptor': No such file or directory
[  679.459244][T15305] netlink: 4 bytes leftover after parsing attributes in process `syz.0.2831'.
[  679.752939][ T5824] IPVS: starting estimator thread 0...
[  679.945079][T15320] IPVS: using max 51 ests per chain, 122400 per kthread
[  680.605765][ T5824] usb 1-1: new high-speed USB device number 9 using dummy_hcd
[  681.031462][T15337] FAULT_INJECTION: forcing a failure.
[  681.031462][T15337] name failslab, interval 1, probability 0, space 0, times 0
[  681.048491][T15337] CPU: 1 UID: 0 PID: 15337 Comm: syz.1.2842 Tainted: G             L      syzkaller #0 PREEMPT(full) 
[  681.048522][T15337] Tainted: [L]=SOFTLOCKUP
[  681.048529][T15337] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/25/2025
[  681.048541][T15337] Call Trace:
[  681.048550][T15337]  <TASK>
[  681.048559][T15337]  dump_stack_lvl+0x189/0x250
[  681.048586][T15337]  ? __pfx____ratelimit+0x10/0x10
[  681.048614][T15337]  ? __pfx_dump_stack_lvl+0x10/0x10
[  681.048636][T15337]  ? __pfx__printk+0x10/0x10
[  681.048663][T15337]  ? __pfx___might_resched+0x10/0x10
[  681.048684][T15337]  ? fs_reclaim_acquire+0x7d/0x100
[  681.048715][T15337]  should_fail_ex+0x414/0x560
[  681.048742][T15337]  should_failslab+0xa8/0x100
[  681.048766][T15337]  kmem_cache_alloc_node_noprof+0x8c/0x720
[  681.048793][T15337]  ? __alloc_skb+0x255/0x430
[  681.048814][T15337]  ? napi_skb_cache_get+0x4a5/0x780
[  681.048835][T15337]  ? napi_skb_cache_get+0x151/0x780
[  681.048862][T15337]  __alloc_skb+0x255/0x430
[  681.048888][T15337]  ? __pfx___alloc_skb+0x10/0x10
[  681.048922][T15337]  rtmsg_ifinfo_build_skb+0x84/0x260
[  681.048951][T15337]  rtnetlink_event+0x1b7/0x270
[  681.048978][T15337]  notifier_call_chain+0x19d/0x3a0
[  681.049007][T15337]  netif_set_mac_address+0x37c/0x4c0
[  681.049032][T15337]  ? __pfx_netif_set_mac_address+0x10/0x10
[  681.049059][T15337]  ? down_write+0x162/0x1f0
[  681.049086][T15337]  ? finish_task_switch+0x23d/0x940
[  681.049109][T15337]  ? validate_linkmsg+0x765/0x950
[  681.049128][T15337]  ? do_setlink+0x874/0x41c0
[  681.049158][T15337]  do_setlink+0x88c/0x41c0
[  681.049199][T15337]  ? __pfx_do_setlink+0x10/0x10
[  681.049260][T15337]  ? __pfx__raw_spin_unlock_irqrestore+0x10/0x10
[  681.049287][T15337]  ? rcu_is_watching+0x15/0xb0
[  681.049314][T15337]  ? __mutex_lock+0xd3b/0x1350
[  681.049341][T15337]  ? __mutex_lock+0x5bb/0x1350
[  681.049370][T15337]  ? rtnl_newlink+0x8ec/0x1c90
[  681.049396][T15337]  ? __pfx___mutex_lock+0x10/0x10
[  681.049430][T15337]  ? ns_capable+0x8a/0xf0
[  681.049454][T15337]  rtnl_newlink+0x161c/0x1c90
[  681.049490][T15337]  ? __pfx_rtnl_newlink+0x10/0x10
[  681.049511][T15337]  ? __do_fast_syscall_32+0x1f7/0x570
[  681.049533][T15337]  ? do_fast_syscall_32+0x34/0x80
[  681.049553][T15337]  ? entry_SYSENTER_compat_after_hwframe+0x84/0x8e
[  681.049609][T15337]  ? kasan_quarantine_put+0xdd/0x220
[  681.049628][T15337]  ? lockdep_hardirqs_on+0x98/0x140
[  681.049657][T15337]  ? kmem_cache_free+0x197/0x620
[  681.049676][T15337]  ? nlmon_xmit+0xb0/0x100
[  681.049709][T15337]  ? __lock_acquire+0x6b6/0x2cf0
[  681.049733][T15337]  ? __pfx___local_bh_enable_ip+0x10/0x10
[  681.049757][T15337]  ? __dev_queue_xmit+0x289/0x3140
[  681.049775][T15337]  ? __dev_queue_xmit+0x289/0x3140
[  681.049791][T15337]  ? __dev_queue_xmit+0x289/0x3140
[  681.049838][T15337]  ? __pfx_rtnl_newlink+0x10/0x10
[  681.049861][T15337]  rtnetlink_rcv_msg+0x7cf/0xb70
[  681.049888][T15337]  ? rtnetlink_rcv_msg+0x1ab/0xb70
[  681.049911][T15337]  ? __pfx_rtnetlink_rcv_msg+0x10/0x10
[  681.049932][T15337]  ? ref_tracker_free+0x63a/0x7d0
[  681.049955][T15337]  ? __asan_memcpy+0x40/0x70
[  681.049980][T15337]  ? __pfx_ref_tracker_free+0x10/0x10
[  681.050013][T15337]  netlink_rcv_skb+0x208/0x470
[  681.050033][T15337]  ? __pfx_rtnetlink_rcv_msg+0x10/0x10
[  681.050062][T15337]  ? __pfx_netlink_rcv_skb+0x10/0x10
[  681.050094][T15337]  ? netlink_deliver_tap+0x2e/0x1b0
[  681.050120][T15337]  netlink_unicast+0x82f/0x9e0
[  681.050154][T15337]  ? __pfx_netlink_unicast+0x10/0x10
[  681.050181][T15337]  ? netlink_sendmsg+0x642/0xb30
[  681.050197][T15337]  ? skb_put+0x11b/0x210
[  681.050223][T15337]  netlink_sendmsg+0x805/0xb30
[  681.050252][T15337]  ? __pfx_netlink_sendmsg+0x10/0x10
[  681.050273][T15337]  ? __import_iovec+0x5d4/0x7f0
[  681.050296][T15337]  ? aa_sock_msg_perm+0xf1/0x1b0
[  681.050317][T15337]  ? bpf_lsm_socket_sendmsg+0x9/0x20
[  681.050335][T15337]  ? __pfx_netlink_sendmsg+0x10/0x10
[  681.050355][T15337]  __sock_sendmsg+0x21c/0x270
[  681.050380][T15337]  ____sys_sendmsg+0x505/0x820
[  681.050411][T15337]  ? __pfx_____sys_sendmsg+0x10/0x10
[  681.050441][T15337]  ? kstrtouint+0x6e/0xe0
[  681.050470][T15337]  ___sys_sendmsg+0x21f/0x2a0
[  681.050498][T15337]  ? __pfx____sys_sendmsg+0x10/0x10
[  681.050530][T15337]  ? rcu_read_lock_any_held+0xb3/0x120
[  681.050581][T15337]  ? __fget_files+0x2a/0x420
[  681.050602][T15337]  ? __fget_files+0x3a0/0x420
[  681.050633][T15337]  __sys_sendmsg+0x164/0x220
[  681.050660][T15337]  ? __pfx___sys_sendmsg+0x10/0x10
[  681.050701][T15337]  ? __pfx_ksys_write+0x10/0x10
[  681.050723][T15337]  ? __do_fast_syscall_32+0xbe/0x570
[  681.050751][T15337]  __do_fast_syscall_32+0x1f7/0x570
[  681.050775][T15337]  ? rcu_is_watching+0x15/0xb0
[  681.050795][T15337]  ? do_fast_syscall_32+0x34/0x80
[  681.050823][T15337]  do_fast_syscall_32+0x34/0x80
[  681.050847][T15337]  entry_SYSENTER_compat_after_hwframe+0x84/0x8e
[  681.050868][T15337] RIP: 0023:0xf708d539
[  681.050884][T15337] Code: 03 74 b4 01 10 07 03 74 b0 01 10 08 03 74 d8 01 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 51 52 55 89 e5 0f 34 cd 80 <5d> 5a 59 c3 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90
[  681.050900][T15337] RSP: 002b:00000000f547d55c EFLAGS: 00000206 ORIG_RAX: 0000000000000172
[  681.050921][T15337] RAX: ffffffffffffffda RBX: 0000000000000003 RCX: 0000000080000000
[  681.050934][T15337] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000000000000
[  681.050945][T15337] RBP: 0000000000000000 R08: 0000000000000000 R09: 0000000000000000
[  681.050957][T15337] R10: 0000000000000000 R11: 0000000000000206 R12: 0000000000000000
[  681.050968][T15337] R13: 0000000000000000 R14: 0000000000000000 R15: 0000000000000000
[  681.050998][T15337]  </TASK>
[  681.606783][ T5824] usb 1-1: Using ep0 maxpacket: 32
[  681.613665][T15338] FAULT_INJECTION: forcing a failure.
[  681.613665][T15338] name fail_usercopy, interval 1, probability 0, space 0, times 0
[  681.624412][ T5824] usb 1-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7
[  681.642908][ T5824] usb 1-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0
[  681.653315][ T5824] usb 1-1: New USB device found, idVendor=046d, idProduct=c31c, bcdDevice= 0.40
[  681.665003][ T5824] usb 1-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  681.667429][T15338] CPU: 0 UID: 0 PID: 15338 Comm: syz.4.2841 Tainted: G             L      syzkaller #0 PREEMPT(full) 
[  681.667466][T15338] Tainted: [L]=SOFTLOCKUP
[  681.667473][T15338] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/25/2025
[  681.667484][T15338] Call Trace:
[  681.667492][T15338]  <TASK>
[  681.667500][T15338]  dump_stack_lvl+0x189/0x250
[  681.667530][T15338]  ? __pfx____ratelimit+0x10/0x10
[  681.667552][T15338]  ? __pfx_dump_stack_lvl+0x10/0x10
[  681.667572][T15338]  ? __pfx__printk+0x10/0x10
[  681.667596][T15338]  ? __might_fault+0xb0/0x130
[  681.667630][T15338]  should_fail_ex+0x414/0x560
[  681.667656][T15338]  _copy_from_iter+0x1cd/0x1630
[  681.667690][T15338]  ? __pfx__copy_from_iter+0x10/0x10
[  681.667709][T15338]  ? sock_alloc_send_pskb+0x86b/0x980
[  681.667733][T15338]  ? __pfx__copy_from_iter+0x10/0x10
[  681.667758][T15338]  ? page_copy_sane+0x16a/0x280
[  681.667783][T15338]  copy_page_from_iter+0xdd/0x170
[  681.667809][T15338]  skb_copy_datagram_from_iter+0x306/0x720
[  681.667839][T15338]  tun_get_user+0x1683/0x3dc0
[  681.667881][T15338]  ? aa_file_perm+0x44c/0x1530
[  681.667899][T15338]  ? __pfx_tun_get_user+0x10/0x10
[  681.667925][T15338]  ? __lock_acquire+0x6b6/0x2cf0
[  681.667959][T15338]  ? kstrtoull+0x12f/0x1d0
[  681.667986][T15338]  ? ref_tracker_alloc+0x318/0x460
[  681.668010][T15338]  ? __pfx_ref_tracker_alloc+0x10/0x10
[  681.668037][T15338]  ? tun_get+0x1c/0x2f0
[  681.668066][T15338]  ? tun_get+0x1c/0x2f0
[  681.668088][T15338]  ? tun_get+0x1c/0x2f0
[  681.668116][T15338]  tun_chr_write_iter+0x113/0x200
[  681.668143][T15338]  vfs_write+0x5c9/0xb30
[  681.668165][T15338]  ? __pfx_tun_chr_write_iter+0x10/0x10
[  681.668190][T15338]  ? __pfx_vfs_write+0x10/0x10
[  681.668216][T15338]  ? __fget_files+0x2a/0x420
[  681.668245][T15338]  ksys_write+0x145/0x250
[  681.668262][T15338]  ? exc_page_fault+0x82/0x100
[  681.668284][T15338]  ? __pfx_ksys_write+0x10/0x10
[  681.668304][T15338]  ? __do_fast_syscall_32+0xbe/0x570
[  681.668330][T15338]  __do_fast_syscall_32+0x1f7/0x570
[  681.668353][T15338]  ? rcu_is_watching+0x15/0xb0
[  681.668373][T15338]  ? do_fast_syscall_32+0x34/0x80
[  681.668399][T15338]  do_fast_syscall_32+0x34/0x80
[  681.668422][T15338]  entry_SYSENTER_compat_after_hwframe+0x84/0x8e
[  681.668442][T15338] RIP: 0023:0xf7fa7539
[  681.668464][T15338] Code: 03 74 b4 01 10 07 03 74 b0 01 10 08 03 74 d8 01 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 51 52 55 89 e5 0f 34 cd 80 <5d> 5a 59 c3 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90
[  681.668478][T15338] RSP: 002b:00000000f547555c EFLAGS: 00000206 ORIG_RAX: 0000000000000004
[  681.668497][T15338] RAX: ffffffffffffffda RBX: 0000000000000008 RCX: 0000000080000300
[  681.668509][T15338] RDX: 000000000000fdef RSI: 0000000000000000 RDI: 0000000000000000
[  681.668521][T15338] RBP: 0000000000000000 R08: 0000000000000000 R09: 0000000000000000
[  681.668532][T15338] R10: 0000000000000000 R11: 0000000000000206 R12: 0000000000000000
[  681.668543][T15338] R13: 0000000000000000 R14: 0000000000000000 R15: 0000000000000000
[  681.668570][T15338]  </TASK>
[  681.970791][ T5824] usb 1-1: config 0 descriptor??
[  682.076937][ T5824] hub 1-1:0.0: USB hub found
[  682.358824][T15345] netlink: 'syz.4.2843': attribute type 10 has an invalid length.
[  682.443217][T15347] netlink: 'syz.4.2843': attribute type 10 has an invalid length.
[  682.502181][T15347] netlink: 40 bytes leftover after parsing attributes in process `syz.4.2843'.
[  682.550629][T15347] batadv0: entered promiscuous mode
[  682.557089][T15347] batadv0: entered allmulticast mode
[  682.616974][T15347] A link change request failed with some changes committed already. Interface batadv0 may have been left with an inconsistent configuration, please check.
[  682.926918][T15350] A link change request failed with some changes committed already. Interface geneve0 may have been left with an inconsistent configuration, please check.
[  683.123771][T15352] FAULT_INJECTION: forcing a failure.
[  683.123771][T15352] name fail_usercopy, interval 1, probability 0, space 0, times 0
[  683.139141][T15352] CPU: 1 UID: 0 PID: 15352 Comm: syz.3.2845 Tainted: G             L      syzkaller #0 PREEMPT(full) 
[  683.139173][T15352] Tainted: [L]=SOFTLOCKUP
[  683.139180][T15352] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/25/2025
[  683.139192][T15352] Call Trace:
[  683.139201][T15352]  <TASK>
[  683.139211][T15352]  dump_stack_lvl+0x189/0x250
[  683.139237][T15352]  ? __pfx____ratelimit+0x10/0x10
[  683.139260][T15352]  ? __pfx_dump_stack_lvl+0x10/0x10
[  683.139280][T15352]  ? __pfx__printk+0x10/0x10
[  683.139302][T15352]  ? __might_fault+0xb0/0x130
[  683.139334][T15352]  should_fail_ex+0x414/0x560
[  683.139361][T15352]  _copy_to_iter+0x404/0x1790
[  683.139395][T15352]  ? __local_bh_enable_ip+0x12d/0x1c0
[  683.139415][T15352]  ? __pfx__copy_to_iter+0x10/0x10
[  683.139440][T15352]  ? do_raw_spin_unlock+0x122/0x240
[  683.139464][T15352]  ? mr_mfc_seq_next+0x29f/0x2e0
[  683.139485][T15352]  ? mr_mfc_seq_next+0x29f/0x2e0
[  683.139510][T15352]  seq_read_iter+0xbf5/0xe20
[  683.139554][T15352]  seq_read+0x369/0x480
[  683.139582][T15352]  ? __pfx_seq_read+0x10/0x10
[  683.139618][T15352]  ? __pfx_seq_read+0x10/0x10
[  683.139634][T15352]  proc_reg_read+0x1e9/0x2e0
[  683.139656][T15352]  ? __pfx_proc_reg_read+0x10/0x10
[  683.139678][T15352]  vfs_read+0x200/0xa30
[  683.139705][T15352]  ? __pfx_vfs_read+0x10/0x10
[  683.139724][T15352]  ? __fget_files+0x2a/0x420
[  683.139749][T15352]  ? __fget_files+0x2a/0x420
[  683.139768][T15352]  ? __fget_files+0x3a0/0x420
[  683.139788][T15352]  ? __fget_files+0x2a/0x420
[  683.139818][T15352]  ksys_pread64+0x126/0x1c0
[  683.139839][T15352]  ? __pfx_ksys_pread64+0x10/0x10
[  683.139861][T15352]  ? __do_fast_syscall_32+0xbe/0x570
[  683.139883][T15352]  ? __ia32_sys_ia32_pread64+0x20/0xd0
[  683.139911][T15352]  __do_fast_syscall_32+0x1f7/0x570
[  683.139933][T15352]  ? lockdep_hardirqs_on+0x98/0x140
[  683.139954][T15352]  ? do_fast_syscall_32+0x34/0x80
[  683.139976][T15352]  ? irqentry_exit+0x10f/0x660
[  683.140001][T15352]  do_fast_syscall_32+0x34/0x80
[  683.140024][T15352]  entry_SYSENTER_compat_after_hwframe+0x84/0x8e
[  683.140042][T15352] RIP: 0023:0xf70dd539
[  683.140057][T15352] Code: 03 74 b4 01 10 07 03 74 b0 01 10 08 03 74 d8 01 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 51 52 55 89 e5 0f 34 cd 80 <5d> 5a 59 c3 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90
[  683.140072][T15352] RSP: 002b:00000000f54cd55c EFLAGS: 00000206 ORIG_RAX: 00000000000000b4
[  683.140090][T15352] RAX: ffffffffffffffda RBX: 0000000000000003 RCX: 0000000080000040
[  683.140102][T15352] RDX: 0000000000000075 RSI: 000000000000003e RDI: 0000000000000000
[  683.140113][T15352] RBP: 0000000000000000 R08: 0000000000000000 R09: 0000000000000000
[  683.140123][T15352] R10: 0000000000000000 R11: 0000000000000206 R12: 0000000000000000
[  683.140133][T15352] R13: 0000000000000000 R14: 0000000000000000 R15: 0000000000000000
[  683.140160][T15352]  </TASK>
[  683.562497][T15331] delete_channel: no stack
[  683.870613][T15362] vhci_hcd vhci_hcd.0: pdev(3) rhport(0) sockfd(5)
[  683.877167][T15362] vhci_hcd vhci_hcd.0: devid(0) speed(6) speed_str(super-speed-plus)
[  683.897596][T15361] netlink: 'syz.1.2849': attribute type 4 has an invalid length.
[  683.906281][T15361] netlink: 17 bytes leftover after parsing attributes in process `syz.1.2849'.
[  683.927721][T15362] vhci_hcd vhci_hcd.0: Device attached
[  683.962828][T15367] vhci_hcd vhci_hcd.0: port 0 already used
[  684.159566][T15368] delete_channel: no stack
[  684.246922][T14959] usb 40-1: SetAddress Request (2) to port 0
[  684.255431][T14959] usb 40-1: new SuperSpeed USB device number 2 using vhci_hcd
[  684.515395][ T5824] hub 1-1:0.0: config failed, can't read hub descriptor (err -22)
[  684.556609][ T5824] usbhid 1-1:0.0: can't add hid device: -71
[  684.562843][ T5824] usbhid 1-1:0.0: probe with driver usbhid failed with error -71
[  684.606618][ T5824] usb 1-1: USB disconnect, device number 9
[  685.801161][ T1300] ieee802154 phy0 wpan0: encryption failed: -22
[  685.807673][ T1300] ieee802154 phy1 wpan1: encryption failed: -22
[  685.891214][T15008] usb 3-1: new high-speed USB device number 100 using dummy_hcd
[  686.078264][T15396] FAULT_INJECTION: forcing a failure.
[  686.078264][T15396] name failslab, interval 1, probability 0, space 0, times 0
[  686.095433][T15396] CPU: 0 UID: 0 PID: 15396 Comm: syz.1.2858 Tainted: G             L      syzkaller #0 PREEMPT(full) 
[  686.095463][T15396] Tainted: [L]=SOFTLOCKUP
[  686.095470][T15396] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/25/2025
[  686.095482][T15396] Call Trace:
[  686.095490][T15396]  <TASK>
[  686.095499][T15396]  dump_stack_lvl+0x189/0x250
[  686.095525][T15396]  ? __pfx____ratelimit+0x10/0x10
[  686.095548][T15396]  ? __pfx_dump_stack_lvl+0x10/0x10
[  686.095569][T15396]  ? __pfx__printk+0x10/0x10
[  686.095599][T15396]  ? __pfx___might_resched+0x10/0x10
[  686.095618][T15396]  ? fs_reclaim_acquire+0x7d/0x100
[  686.095642][T15396]  should_fail_ex+0x414/0x560
[  686.095670][T15396]  should_failslab+0xa8/0x100
[  686.095692][T15396]  __kmalloc_noprof+0xdf/0x800
[  686.095711][T15396]  ? genl_family_rcv_msg_attrs_parse+0xa3/0x2a0
[  686.095739][T15396]  genl_family_rcv_msg_attrs_parse+0xa3/0x2a0
[  686.095769][T15396]  genl_family_rcv_msg_doit+0xb8/0x300
[  686.095798][T15396]  ? __pfx_genl_family_rcv_msg_doit+0x10/0x10
[  686.095827][T15396]  ? apparmor_capable+0x137/0x1a0
[  686.095851][T15396]  ? bpf_lsm_capable+0x9/0x20
[  686.095871][T15396]  ? security_capable+0x7e/0x2e0
[  686.095901][T15396]  genl_rcv_msg+0x60e/0x790
[  686.095928][T15396]  ? __pfx_genl_rcv_msg+0x10/0x10
[  686.095947][T15396]  ? __pfx_nl80211_pre_doit+0x10/0x10
[  686.095969][T15396]  ? __pfx_nl80211_connect+0x10/0x10
[  686.095986][T15396]  ? __pfx_nl80211_post_doit+0x10/0x10
[  686.096024][T15396]  netlink_rcv_skb+0x208/0x470
[  686.096043][T15396]  ? __pfx_genl_rcv_msg+0x10/0x10
[  686.096065][T15396]  ? __pfx_netlink_rcv_skb+0x10/0x10
[  686.096100][T15396]  ? down_read+0x274/0x2e0
[  686.096122][T15396]  ? genl_rcv+0xd/0x40
[  686.096144][T15396]  genl_rcv+0x28/0x40
[  686.096162][T15396]  netlink_unicast+0x82f/0x9e0
[  686.096196][T15396]  ? __pfx_netlink_unicast+0x10/0x10
[  686.096221][T15396]  ? netlink_sendmsg+0x642/0xb30
[  686.096244][T15396]  ? skb_put+0x11b/0x210
[  686.096275][T15396]  netlink_sendmsg+0x805/0xb30
[  686.096303][T15396]  ? __pfx_netlink_sendmsg+0x10/0x10
[  686.096324][T15396]  ? __import_iovec+0x5d4/0x7f0
[  686.096347][T15396]  ? aa_sock_msg_perm+0xf1/0x1b0
[  686.096367][T15396]  ? bpf_lsm_socket_sendmsg+0x9/0x20
[  686.096384][T15396]  ? __pfx_netlink_sendmsg+0x10/0x10
[  686.096403][T15396]  __sock_sendmsg+0x21c/0x270
[  686.096428][T15396]  ____sys_sendmsg+0x505/0x820
[  686.096458][T15396]  ? __pfx_____sys_sendmsg+0x10/0x10
[  686.096488][T15396]  ? kstrtouint+0x6e/0xe0
[  686.096516][T15396]  ___sys_sendmsg+0x21f/0x2a0
[  686.096543][T15396]  ? __pfx____sys_sendmsg+0x10/0x10
[  686.096575][T15396]  ? rcu_read_lock_any_held+0xb3/0x120
[  686.096625][T15396]  ? __fget_files+0x2a/0x420
[  686.096645][T15396]  ? __fget_files+0x3a0/0x420
[  686.096677][T15396]  __sys_sendmsg+0x164/0x220
[  686.096704][T15396]  ? __pfx___sys_sendmsg+0x10/0x10
[  686.096738][T15396]  ? __pfx_ksys_write+0x10/0x10
[  686.096760][T15396]  ? __do_fast_syscall_32+0xbe/0x570
[  686.096788][T15396]  __do_fast_syscall_32+0x1f7/0x570
[  686.096812][T15396]  ? rcu_is_watching+0x15/0xb0
[  686.096830][T15396]  ? do_fast_syscall_32+0x34/0x80
[  686.096859][T15396]  do_fast_syscall_32+0x34/0x80
[  686.096883][T15396]  entry_SYSENTER_compat_after_hwframe+0x84/0x8e
[  686.096908][T15396] RIP: 0023:0xf708d539
[  686.096925][T15396] Code: 03 74 b4 01 10 07 03 74 b0 01 10 08 03 74 d8 01 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 51 52 55 89 e5 0f 34 cd 80 <5d> 5a 59 c3 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90
[  686.096940][T15396] RSP: 002b:00000000f547d55c EFLAGS: 00000206 ORIG_RAX: 0000000000000172
[  686.096960][T15396] RAX: ffffffffffffffda RBX: 0000000000000003 RCX: 00000000800001c0
[  686.096973][T15396] RDX: 0000000004004050 RSI: 0000000000000000 RDI: 0000000000000000
[  686.096984][T15396] RBP: 0000000000000000 R08: 0000000000000000 R09: 0000000000000000
[  686.096995][T15396] R10: 0000000000000000 R11: 0000000000000206 R12: 0000000000000000
[  686.097006][T15396] R13: 0000000000000000 R14: 0000000000000000 R15: 0000000000000000
[  686.097035][T15396]  </TASK>
[  686.505497][T15008] usb 3-1: Using ep0 maxpacket: 32
[  686.512513][T15008] usb 3-1: config 0 has an invalid interface number: 132 but max is 0
[  686.521900][T15008] usb 3-1: config 0 has no interface number 0
[  686.528963][T15008] usb 3-1: config 0 interface 132 altsetting 0 endpoint 0x82 has invalid wMaxPacketSize 0
[  686.542440][T15008] usb 3-1: New USB device found, idVendor=0413, idProduct=6023, bcdDevice=ec.e5
[  686.551803][T15008] usb 3-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  686.562803][T15008] usb 3-1: Product: syz
[  686.567052][T15008] usb 3-1: Manufacturer: syz
[  686.571659][T15008] usb 3-1: SerialNumber: syz
[  686.590163][T15008] usb 3-1: config 0 descriptor??
[  686.605732][T15008] em28xx 3-1:0.132: New device syz syz @ 480 Mbps (0413:6023, interface 132, class 132)
[  686.616603][T15008] em28xx 3-1:0.132: Video interface 132 found:
[  686.668434][ T5824] hid-generic 0000:0000:0000.0018: unknown main item tag 0x0
[  686.684556][ T5824] hid-generic 0000:0000:0000.0018: hidraw0: <UNKNOWN> HID v0.00 Device [syz1] on syz0
[  686.856789][T15363] vhci_hcd: connection reset by peer
[  686.862504][   T36] vhci_hcd vhci_hcd.3: stop threads
[  686.869356][   T36] vhci_hcd vhci_hcd.3: release socket
[  686.878202][   T36] vhci_hcd vhci_hcd.3: disconnect device
[  686.991440][T15412] openvswitch: netlink: nsh attribute has 65532 unknown bytes.
[  687.015171][T15412] openvswitch: netlink: Flow actions may not be safe on all matching packets.
[  687.032294][T15008] em28xx 3-1:0.132: unknown em28xx chip ID (0)
[  687.040361][T15387] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy
[  687.054496][T15387] misc raw-gadget: fail, usb_gadget_register_driver returned -16
[  687.288369][T15415] fuse: Bad value for 'fd'
[  687.470085][T15008] em28xx 3-1:0.132: reading from i2c device at 0xa0 failed: couldn't get the received message from the bridge (error=0)
[  687.494577][T15008] em28xx 3-1:0.132: board has no eeprom
[  687.755353][T15008] em28xx 3-1:0.132: Identified as Leadtek Winfast USB II (card=7)
[  687.771171][T15008] em28xx 3-1:0.132: analog set to bulk mode.
[  687.786157][T13524] em28xx 3-1:0.132: Registering V4L2 extension
[  687.894619][T15387] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy
[  687.895824][T15387] misc raw-gadget: fail, usb_gadget_register_driver returned -16
[  688.271911][T15435] netlink: 32 bytes leftover after parsing attributes in process `syz.3.2867'.
[  688.468144][T15008] usb 3-1: USB disconnect, device number 100
[  688.476464][T15008] em28xx 3-1:0.132: Disconnecting em28xx
[  688.482657][T13524] em28xx 3-1:0.132: failed to trigger read from i2c address 0x4a (error=-5)
[  688.817326][T13524] em28xx 3-1:0.132: Config register raw data: 0xffffffed
[  688.845489][T13524] em28xx 3-1:0.132: AC97 chip type couldn't be determined
[  688.858086][T13524] em28xx 3-1:0.132: No AC97 audio processor
[  688.888437][T13524] usb 3-1: Decoder not found
[  688.893092][T13524] em28xx 3-1:0.132: failed to create media graph
[  688.935732][T13524] em28xx 3-1:0.132: V4L2 device video103 deregistered
[  688.980237][T13524] em28xx 3-1:0.132: Remote control support is not available for this card.
[  689.005724][T15008] em28xx 3-1:0.132: Closing input extension
[  689.009248][T15008] em28xx 3-1:0.132: Freeing device
[  689.319127][T14959] usb 40-1: device descriptor read/8, error -110
[  689.736567][T14959] usb usb40-port1: attempt power cycle
[  689.753524][T15466] netlink: 'syz.1.2874': attribute type 10 has an invalid length.
[  689.779915][T15466] bridge0: port 2(bridge_slave_1) entered disabled state
[  689.787740][T15466] bridge0: port 1(bridge_slave_0) entered disabled state
[  689.817186][T15466] bridge0: port 2(bridge_slave_1) entered blocking state
[  689.824425][T15466] bridge0: port 2(bridge_slave_1) entered forwarding state
[  689.832117][T15466] bridge0: port 1(bridge_slave_0) entered blocking state
[  689.839286][T15466] bridge0: port 1(bridge_slave_0) entered forwarding state
[  689.861106][T15466] team0: Port device bridge0 added
[  690.320380][T14959] usb usb40-port1: unable to enumerate USB device
[  690.881546][T15481] netlink: 'syz.0.2878': attribute type 10 has an invalid length.
[  691.656140][T14959] usb 1-1: new high-speed USB device number 10 using dummy_hcd
[  691.827660][T14959] usb 1-1: New USB device found, idVendor=0813, idProduct=0001, bcdDevice=3a.08
[  691.846744][T14959] usb 1-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  691.881579][T14959] usb 1-1: config 0 descriptor??
[  691.892799][T14959] gspca_main: cpia1-2.14.0 probing 0813:0001
[  692.268881][T15501] netlink: 4 bytes leftover after parsing attributes in process `syz.1.2883'.
[  692.294532][T15501] bridge0: port 4(batadv0) entered disabled state
[  692.330312][T15501] geneve2: left allmulticast mode
[  692.358890][T15501] geneve2: left promiscuous mode
[  692.368420][T15501] bridge0: port 3(geneve2) entered disabled state
[  692.401336][T15502] netlink: 20 bytes leftover after parsing attributes in process `syz.3.2882'.
[  692.913993][T14959] cpia1 1-1:0.0: unexpected state after lo power cmd: 00
[  692.933656][T15501] bridge_slave_1: left allmulticast mode
[  693.006112][T15501] bridge_slave_1: left promiscuous mode
[  693.170370][T15501] bridge0: port 2(bridge_slave_1) entered disabled state
[  693.178556][T14959] gspca_cpia1: usb_control_msg 01, error -32
[  693.212961][T15501] bridge_slave_0: left allmulticast mode
[  693.229339][T15501] bridge_slave_0: left promiscuous mode
[  693.247480][T15506] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy
[  693.259581][T15501] bridge0: port 1(bridge_slave_0) entered disabled state
[  693.294449][T15506] misc raw-gadget: fail, usb_gadget_register_driver returned -16
[  693.307330][T15501] team0: Port device bridge0 removed
[  693.756289][ T5914] usb 3-1: new high-speed USB device number 101 using dummy_hcd
[  693.955117][ T5914] usb 3-1: Using ep0 maxpacket: 16
[  694.087478][ T5914] usb 3-1: New USB device found, idVendor=06be, idProduct=a232, bcdDevice=33.f3
[  694.103504][ T5914] usb 3-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  694.124295][ T5914] usb 3-1: Product: syz
[  694.138379][ T5914] usb 3-1: Manufacturer: syz
[  694.154392][ T5914] usb 3-1: SerialNumber: syz
[  694.194318][ T5914] usb 3-1: config 0 descriptor??
[  694.275245][T14959] gspca_cpia1: usb_control_msg 01, error -110
[  694.281836][T14959] cpia1 1-1:0.0: only firmware version 1 is supported (got: 0)
[  694.419511][T14959] usb 1-1: USB disconnect, device number 10
[  694.523343][T15523] fuse: Bad value for 'fd'
[  694.697384][ T5914] dvb-usb: found a 'AME DTV-5100 USB2.0 DVB-T' in warm state.
[  694.708630][ T5914] dvb-usb: will pass the complete MPEG2 transport stream to the software demuxer.
[  694.718978][ T5914] dvbdev: DVB: registering new adapter (AME DTV-5100 USB2.0 DVB-T)
[  694.795397][ T5914] usb 3-1: media controller created
[  694.898829][T15508] dtv5100: wlen = 0, aborting.
[  694.918621][ T5914] dvbdev: dvb_create_media_entity: media entity 'dvb-demux' registered.
[  695.186168][ T5914] zl10353_read_register: readreg error (reg=127, ret==0)
[  695.193412][ T5914] dvb-usb: no frontend was attached by 'AME DTV-5100 USB2.0 DVB-T'
[  695.213692][ T5914] dvb-usb: AME DTV-5100 USB2.0 DVB-T successfully initialized and connected.
[  695.249745][ T5914] usb 3-1: USB disconnect, device number 101
[  695.372581][ T5914] dvb-usb: AME DTV-5100 USB2.0 DVB-T successfully deinitialized and disconnected.
[  696.440979][T15544] program syz.4.2892 is using a deprecated SCSI ioctl, please convert it to SG_IO
[  697.437880][T15558] FAULT_INJECTION: forcing a failure.
[  697.437880][T15558] name failslab, interval 1, probability 0, space 0, times 0
[  697.483120][T15558] CPU: 0 UID: 0 PID: 15558 Comm: syz.1.2898 Tainted: G             L      syzkaller #0 PREEMPT(full) 
[  697.483151][T15558] Tainted: [L]=SOFTLOCKUP
[  697.483158][T15558] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/25/2025
[  697.483170][T15558] Call Trace:
[  697.483178][T15558]  <TASK>
[  697.483187][T15558]  dump_stack_lvl+0x189/0x250
[  697.483213][T15558]  ? __pfx____ratelimit+0x10/0x10
[  697.483236][T15558]  ? __pfx_dump_stack_lvl+0x10/0x10
[  697.483258][T15558]  ? __pfx__printk+0x10/0x10
[  697.483299][T15558]  should_fail_ex+0x414/0x560
[  697.483327][T15558]  should_failslab+0xa8/0x100
[  697.483351][T15558]  __kmalloc_cache_noprof+0x84/0x700
[  697.483369][T15558]  ? __sctp_v6_cmp_addr+0x1e6/0x510
[  697.483389][T15558]  ? sctp_add_bind_addr+0x8c/0x370
[  697.483414][T15558]  sctp_add_bind_addr+0x8c/0x370
[  697.483438][T15558]  sctp_copy_local_addr_list+0x30b/0x4e0
[  697.483463][T15558]  ? sctp_copy_local_addr_list+0x9b/0x4e0
[  697.483482][T15558]  ? __pfx_sctp_copy_local_addr_list+0x10/0x10
[  697.483504][T15558]  ? sctp_v6_is_any+0x64/0x80
[  697.483524][T15558]  ? sctp_copy_one_addr+0x93/0x360
[  697.483547][T15558]  sctp_bind_addr_copy+0xb3/0x3c0
[  697.483567][T15558]  ? sctp_assoc_set_bind_addr_from_ep+0xa5/0x1a0
[  697.483597][T15558]  sctp_connect_new_asoc+0x2e0/0x690
[  697.483623][T15558]  ? __pfx_sctp_connect_new_asoc+0x10/0x10
[  697.483644][T15558]  ? __local_bh_enable_ip+0x12d/0x1c0
[  697.483672][T15558]  ? bpf_lsm_sctp_bind_connect+0x9/0x20
[  697.483692][T15558]  ? security_sctp_bind_connect+0x7e/0x2e0
[  697.483719][T15558]  sctp_sendmsg+0x155c/0x2840
[  697.483763][T15558]  ? __pfx_sctp_sendmsg+0x10/0x10
[  697.483784][T15558]  ? aa_sk_perm+0x15f/0x920
[  697.483811][T15558]  ? aa_sk_perm+0x7ee/0x920
[  697.483842][T15558]  ? __pfx_aa_sk_perm+0x10/0x10
[  697.483870][T15558]  ? sock_rps_record_flow+0x19/0x410
[  697.483890][T15558]  ? inet_sendmsg+0x2f4/0x370
[  697.483913][T15558]  __sock_sendmsg+0x19c/0x270
[  697.483938][T15558]  __sys_sendto+0x3bd/0x520
[  697.483963][T15558]  ? __pfx___sys_sendto+0x10/0x10
[  697.483984][T15558]  ? __mutex_unlock_slowpath+0x1a1/0x730
[  697.484020][T15558]  ? __fget_files+0x3a0/0x420
[  697.484051][T15558]  ? ksys_write+0x22a/0x250
[  697.484067][T15558]  ? exc_page_fault+0x82/0x100
[  697.484088][T15558]  ? __pfx_ksys_write+0x10/0x10
[  697.484107][T15558]  __ia32_sys_sendto+0xdd/0x100
[  697.484132][T15558]  __do_fast_syscall_32+0x1f7/0x570
[  697.484156][T15558]  ? rcu_is_watching+0x15/0xb0
[  697.484174][T15558]  ? do_fast_syscall_32+0x34/0x80
[  697.484203][T15558]  do_fast_syscall_32+0x34/0x80
[  697.484226][T15558]  entry_SYSENTER_compat_after_hwframe+0x84/0x8e
[  697.484247][T15558] RIP: 0023:0xf708d539
[  697.484264][T15558] Code: 03 74 b4 01 10 07 03 74 b0 01 10 08 03 74 d8 01 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 51 52 55 89 e5 0f 34 cd 80 <5d> 5a 59 c3 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90
[  697.484279][T15558] RSP: 002b:00000000f547d55c EFLAGS: 00000206 ORIG_RAX: 0000000000000171
[  697.484299][T15558] RAX: ffffffffffffffda RBX: 0000000000000003 RCX: 0000000080000240
[  697.484312][T15558] RDX: 0000000000000001 RSI: 0000000000000051 RDI: 0000000080000080
[  697.484322][T15558] RBP: 000000000000001c R08: 0000000000000000 R09: 0000000000000000
[  697.484333][T15558] R10: 0000000000000000 R11: 0000000000000206 R12: 0000000000000000
[  697.484344][T15558] R13: 0000000000000000 R14: 0000000000000000 R15: 0000000000000000
[  697.484369][T15558]  </TASK>
[  697.902942][T15564] fuse: Bad value for 'fd'
[  698.128975][T13537] Bluetooth: hci4: command 0x0406 tx timeout
[  698.852066][T15582] netlink: 36 bytes leftover after parsing attributes in process `syz.1.2904'.
[  699.210463][T15587] netlink: 24 bytes leftover after parsing attributes in process `syz.2.2905'.
[  699.227208][T15585] FAULT_INJECTION: forcing a failure.
[  699.227208][T15585] name fail_usercopy, interval 1, probability 0, space 0, times 0
[  699.261556][T15585] CPU: 0 UID: 0 PID: 15585 Comm: syz.0.2906 Tainted: G             L      syzkaller #0 PREEMPT(full) 
[  699.261586][T15585] Tainted: [L]=SOFTLOCKUP
[  699.261593][T15585] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/25/2025
[  699.261604][T15585] Call Trace:
[  699.261613][T15585]  <TASK>
[  699.261622][T15585]  dump_stack_lvl+0x189/0x250
[  699.261648][T15585]  ? __pfx____ratelimit+0x10/0x10
[  699.261670][T15585]  ? __pfx_dump_stack_lvl+0x10/0x10
[  699.261694][T15585]  ? __pfx__printk+0x10/0x10
[  699.261730][T15585]  should_fail_ex+0x414/0x560
[  699.261758][T15585]  _copy_to_user+0x31/0xb0
[  699.261777][T15585]  simple_read_from_buffer+0xe1/0x170
[  699.261805][T15585]  proc_fail_nth_read+0x1b3/0x220
[  699.261836][T15585]  ? __pfx_proc_fail_nth_read+0x10/0x10
[  699.261858][T15585]  ? rw_verify_area+0x2a6/0x4d0
[  699.261876][T15585]  ? __pfx_proc_fail_nth_read+0x10/0x10
[  699.261896][T15585]  vfs_read+0x200/0xa30
[  699.261913][T15585]  ? fdget_pos+0x247/0x320
[  699.261938][T15585]  ? __pfx___mutex_lock+0x10/0x10
[  699.261962][T15585]  ? __pfx_vfs_read+0x10/0x10
[  699.261982][T15585]  ? __fget_files+0x2a/0x420
[  699.262007][T15585]  ? __fget_files+0x3a0/0x420
[  699.262027][T15585]  ? __fget_files+0x2a/0x420
[  699.262056][T15585]  ksys_read+0x145/0x250
[  699.262073][T15585]  ? exc_page_fault+0x82/0x100
[  699.262095][T15585]  ? __pfx_ksys_read+0x10/0x10
[  699.262117][T15585]  ? __do_fast_syscall_32+0xbe/0x570
[  699.262144][T15585]  __do_fast_syscall_32+0x1f7/0x570
[  699.262168][T15585]  ? rcu_is_watching+0x15/0xb0
[  699.262188][T15585]  ? do_fast_syscall_32+0x34/0x80
[  699.262216][T15585]  do_fast_syscall_32+0x34/0x80
[  699.262239][T15585]  entry_SYSENTER_compat_after_hwframe+0x84/0x8e
[  699.262258][T15585] RIP: 0023:0xf701d539
[  699.262274][T15585] Code: 03 74 b4 01 10 07 03 74 b0 01 10 08 03 74 d8 01 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 51 52 55 89 e5 0f 34 cd 80 <5d> 5a 59 c3 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90
[  699.262290][T15585] RSP: 002b:00000000f540d590 EFLAGS: 00000206 ORIG_RAX: 0000000000000003
[  699.262309][T15585] RAX: ffffffffffffffda RBX: 0000000000000004 RCX: 00000000f540d620
[  699.262323][T15585] RDX: 000000000000000f RSI: 00000000f73b6ff4 RDI: 0000000000000000
[  699.262334][T15585] RBP: 0000000000000001 R08: 0000000000000000 R09: 0000000000000000
[  699.262345][T15585] R10: 0000000000000000 R11: 0000000000000206 R12: 0000000000000000
[  699.262356][T15585] R13: 0000000000000000 R14: 0000000000000000 R15: 0000000000000000
[  699.262385][T15585]  </TASK>
[  699.654916][   T24] usb 3-1: new high-speed USB device number 102 using dummy_hcd
[  699.811545][T15590] bond4: option lacp_active: mode dependency failed, not supported in mode active-backup(1)
[  699.956845][T15590] bond4 (unregistering): Released all slaves
[  699.974891][   T24] usb 3-1: Using ep0 maxpacket: 32
[  699.976847][   T24] usb 3-1: New USB device found, idVendor=0fd9, idProduct=0025, bcdDevice=29.40
[  699.976875][   T24] usb 3-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  700.040540][T15595] netlink: 4 bytes leftover after parsing attributes in process `syz.0.2909'.
[  700.051280][   T24] usb 3-1: config 0 descriptor??
[  700.173180][T15597] netlink: 24 bytes leftover after parsing attributes in process `syz.3.2911'.
[  700.237982][T15599] FAULT_INJECTION: forcing a failure.
[  700.237982][T15599] name failslab, interval 1, probability 0, space 0, times 0
[  700.251534][T15599] CPU: 1 UID: 0 PID: 15599 Comm: syz.0.2910 Tainted: G             L      syzkaller #0 PREEMPT(full) 
[  700.251565][T15599] Tainted: [L]=SOFTLOCKUP
[  700.251572][T15599] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/25/2025
[  700.251584][T15599] Call Trace:
[  700.251592][T15599]  <TASK>
[  700.251604][T15599]  dump_stack_lvl+0x189/0x250
[  700.251630][T15599]  ? __pfx____ratelimit+0x10/0x10
[  700.251653][T15599]  ? __pfx_dump_stack_lvl+0x10/0x10
[  700.251674][T15599]  ? __pfx__printk+0x10/0x10
[  700.251704][T15599]  ? __pfx___might_resched+0x10/0x10
[  700.251729][T15599]  should_fail_ex+0x414/0x560
[  700.251756][T15599]  should_failslab+0xa8/0x100
[  700.251786][T15599]  __kmalloc_noprof+0xdf/0x800
[  700.251804][T15599]  ? cfg80211_conn_scan+0x1d1/0xd40
[  700.251831][T15599]  cfg80211_conn_scan+0x1d1/0xd40
[  700.251867][T15599]  cfg80211_connect+0x1854/0x2170
[  700.251916][T15599]  nl80211_connect+0x17bc/0x1cd0
[  700.251943][T15599]  ? rcu_is_watching+0x15/0xb0
[  700.251968][T15599]  ? __pfx_nl80211_connect+0x10/0x10
[  700.251985][T15599]  ? __mutex_lock+0x335/0x1350
[  700.252052][T15599]  ? nl80211_pre_doit+0x4f1/0x930
[  700.252083][T15599]  genl_family_rcv_msg_doit+0x215/0x300
[  700.252112][T15599]  ? __pfx_genl_family_rcv_msg_doit+0x10/0x10
[  700.252148][T15599]  ? bpf_lsm_capable+0x9/0x20
[  700.252168][T15599]  ? security_capable+0x7e/0x2e0
[  700.252198][T15599]  genl_rcv_msg+0x60e/0x790
[  700.252227][T15599]  ? __pfx_genl_rcv_msg+0x10/0x10
[  700.252246][T15599]  ? __pfx_nl80211_pre_doit+0x10/0x10
[  700.252267][T15599]  ? __pfx_nl80211_connect+0x10/0x10
[  700.252285][T15599]  ? __pfx_nl80211_post_doit+0x10/0x10
[  700.252323][T15599]  netlink_rcv_skb+0x208/0x470
[  700.252341][T15599]  ? __pfx_genl_rcv_msg+0x10/0x10
[  700.252364][T15599]  ? __pfx_netlink_rcv_skb+0x10/0x10
[  700.252400][T15599]  ? down_read+0x274/0x2e0
[  700.252422][T15599]  ? genl_rcv+0xd/0x40
[  700.252444][T15599]  genl_rcv+0x28/0x40
[  700.252463][T15599]  netlink_unicast+0x82f/0x9e0
[  700.252497][T15599]  ? __pfx_netlink_unicast+0x10/0x10
[  700.252522][T15599]  ? netlink_sendmsg+0x642/0xb30
[  700.252538][T15599]  ? skb_put+0x11b/0x210
[  700.252566][T15599]  netlink_sendmsg+0x805/0xb30
[  700.252594][T15599]  ? __pfx_netlink_sendmsg+0x10/0x10
[  700.252615][T15599]  ? __import_iovec+0x5d4/0x7f0
[  700.252637][T15599]  ? aa_sock_msg_perm+0xf1/0x1b0
[  700.252657][T15599]  ? bpf_lsm_socket_sendmsg+0x9/0x20
[  700.252674][T15599]  ? __pfx_netlink_sendmsg+0x10/0x10
[  700.252694][T15599]  __sock_sendmsg+0x21c/0x270
[  700.252719][T15599]  ____sys_sendmsg+0x505/0x820
[  700.252750][T15599]  ? __pfx_____sys_sendmsg+0x10/0x10
[  700.252785][T15599]  ? kstrtouint+0x6e/0xe0
[  700.252814][T15599]  ___sys_sendmsg+0x21f/0x2a0
[  700.252841][T15599]  ? __pfx____sys_sendmsg+0x10/0x10
[  700.252873][T15599]  ? rcu_read_lock_any_held+0xb3/0x120
[  700.252928][T15599]  ? __fget_files+0x2a/0x420
[  700.252948][T15599]  ? __fget_files+0x3a0/0x420
[  700.252980][T15599]  __sys_sendmsg+0x164/0x220
[  700.253008][T15599]  ? __pfx___sys_sendmsg+0x10/0x10
[  700.253041][T15599]  ? __pfx_ksys_write+0x10/0x10
[  700.253062][T15599]  ? __do_fast_syscall_32+0xbe/0x570
[  700.253090][T15599]  __do_fast_syscall_32+0x1f7/0x570
[  700.253114][T15599]  ? rcu_is_watching+0x15/0xb0
[  700.253133][T15599]  ? do_fast_syscall_32+0x34/0x80
[  700.253162][T15599]  do_fast_syscall_32+0x34/0x80
[  700.253185][T15599]  entry_SYSENTER_compat_after_hwframe+0x84/0x8e
[  700.253206][T15599] RIP: 0023:0xf701d539
[  700.253223][T15599] Code: 03 74 b4 01 10 07 03 74 b0 01 10 08 03 74 d8 01 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 51 52 55 89 e5 0f 34 cd 80 <5d> 5a 59 c3 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90
[  700.253239][T15599] RSP: 002b:00000000f540d55c EFLAGS: 00000206 ORIG_RAX: 0000000000000172
[  700.253259][T15599] RAX: ffffffffffffffda RBX: 0000000000000003 RCX: 00000000800001c0
[  700.253272][T15599] RDX: 0000000004004050 RSI: 0000000000000000 RDI: 0000000000000000
[  700.253284][T15599] RBP: 0000000000000000 R08: 0000000000000000 R09: 0000000000000000
[  700.253295][T15599] R10: 0000000000000000 R11: 0000000000000206 R12: 0000000000000000
[  700.253306][T15599] R13: 0000000000000000 R14: 0000000000000000 R15: 0000000000000000
[  700.253336][T15599]  </TASK>
[  700.680236][T15587] fuse: Bad value for 'rootmode'
[  700.690965][   T24] dvb-usb: found a 'Elgato EyeTV Sat' in cold state, will try to load a firmware
[  700.732018][T15603] A link change request failed with some changes committed already. Interface geneve0 may have been left with an inconsistent configuration, please check.
[  700.898481][T14959] usb 2-1: new high-speed USB device number 55 using dummy_hcd
[  701.054837][T14959] usb 2-1: Using ep0 maxpacket: 16
[  701.061639][T14959] usb 2-1: config 0 has an invalid interface number: 251 but max is 0
[  701.070172][T14959] usb 2-1: config 0 has no interface number 0
[  701.076365][T14959] usb 2-1: config 0 interface 251 altsetting 0 bulk endpoint 0x4 has invalid maxpacket 16
[  701.090397][T14959] usb 2-1: config 0 interface 251 altsetting 0 bulk endpoint 0x82 has invalid maxpacket 64
[  701.118197][T14959] usb 2-1: New USB device found, idVendor=0b95, idProduct=172a, bcdDevice=f7.f4
[  701.130109][T14959] usb 2-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  701.146191][T14959] usb 2-1: Product: syz
[  701.150564][T14959] usb 2-1: Manufacturer: syz
[  701.156067][T14959] usb 2-1: SerialNumber: syz
[  701.174318][T14959] usb 2-1: config 0 descriptor??
[  701.183311][T15601] raw-gadget.3 gadget.1: fail, usb_ep_enable returned -22
[  701.199387][T15601] raw-gadget.3 gadget.1: fail, usb_ep_enable returned -22
[  701.207488][ T5914] usb 1-1: new high-speed USB device number 11 using dummy_hcd
[  701.375351][ T5914] usb 1-1: Using ep0 maxpacket: 8
[  701.382217][ T5914] usb 1-1: config 1 has an invalid descriptor of length 0, skipping remainder of the config
[  701.393031][ T5914] usb 1-1: config 1 has 1 interface, different from the descriptor's value: 2
[  701.402467][ T5914] usb 1-1: config 1 interface 0 altsetting 0 has 0 endpoint descriptors, different from the interface descriptor's value: 1
[  701.416129][ T5914] usb 1-1: New USB device found, idVendor=0225, idProduct=0000, bcdDevice= 0.00
[  701.432048][T15601] raw-gadget.3 gadget.1: fail, usb_ep_enable returned -22
[  701.455577][ T5914] usb 1-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  701.465822][T15601] raw-gadget.3 gadget.1: fail, usb_ep_enable returned -22
[  701.487922][ T5914] hub 1-1:1.0: bad descriptor, ignoring hub
[  701.493885][ T5914] hub 1-1:1.0: probe with driver hub failed with error -5
[  701.508740][ T5914] cdc_wdm 1-1:1.0: skipping garbage
[  701.514097][ T5914] cdc_wdm 1-1:1.0: probe with driver cdc_wdm failed with error -22
[  701.749919][T15610] syz.0.2916 calls setitimer() with new_value NULL pointer. Misfeature support will be removed
[  703.693232][T14959] asix 2-1:0.251 (unnamed net_device) (uninitialized): Failed to read reg index 0x0000: -71
[  703.729837][T14959] asix 2-1:0.251 (unnamed net_device) (uninitialized): Failed to read MAC address: -71
[  703.732696][T15629] netlink: 'syz.4.2921': attribute type 1 has an invalid length.
[  703.751507][T14959] asix 2-1:0.251: probe with driver asix failed with error -5
[  703.787710][T14959] usb 2-1: USB disconnect, device number 55
[  703.809396][T15629] bond1: (slave geneve2): making interface the new active one
[  703.820256][T15629] bond1: (slave geneve2): Enslaving as an active interface with an up link
[  703.829588][ T9781] netdevsim netdevsim4 netdevsim0: set [1, 1] type 2 family 0 port 20000 - 0
[  703.833805][T15629] netlink: 28 bytes leftover after parsing attributes in process `syz.4.2921'.
[  703.840284][ T9781] netdevsim netdevsim4 netdevsim1: set [1, 1] type 2 family 0 port 20000 - 0
[  703.863560][T15629] 8021q: adding VLAN 0 to HW filter on device bond1
[  703.875850][ T9781] netdevsim netdevsim4 netdevsim2: set [1, 1] type 2 family 0 port 20000 - 0
[  703.889049][ T9781] netdevsim netdevsim4 netdevsim3: set [1, 1] type 2 family 0 port 20000 - 0
[  704.016716][T14959] usb 1-1: USB disconnect, device number 11
[  704.927394][T15650] TCP: request_sock_TCPv6: Possible SYN flooding on port [::]:20002. Sending cookies.
[  705.681361][T13537] Bluetooth: hci5: unexpected cc 0x0c03 length: 249 > 1
[  705.691301][T13537] Bluetooth: hci5: unexpected cc 0x1003 length: 249 > 9
[  705.701673][T13537] Bluetooth: hci5: unexpected cc 0x1001 length: 249 > 9
[  705.712655][T13537] Bluetooth: hci5: unexpected cc 0x0c23 length: 249 > 4
[  705.721439][T13537] Bluetooth: hci5: unexpected cc 0x0c38 length: 249 > 2
[  706.008213][T15661] chnl_net:caif_netlink_parms(): no params data found
[  706.093900][T15661] bridge0: port 1(bridge_slave_0) entered blocking state
[  706.104185][T15661] bridge0: port 1(bridge_slave_0) entered disabled state
[  706.113799][T15661] bridge_slave_0: entered allmulticast mode
[  706.121477][T15661] bridge_slave_0: entered promiscuous mode
[  706.155213][T10801] netdevsim netdevsim0 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  706.171896][T15661] bridge0: port 2(bridge_slave_1) entered blocking state
[  706.179406][T15661] bridge0: port 2(bridge_slave_1) entered disabled state
[  706.186856][T15661] bridge_slave_1: entered allmulticast mode
[  706.194064][T15661] bridge_slave_1: entered promiscuous mode
[  706.246574][T10801] netdevsim netdevsim0 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  706.267347][T15661] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link
[  706.281398][T15661] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link
[  706.317790][T15661] team0: Port device team_slave_0 added
[  706.337569][T10801] netdevsim netdevsim0 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  706.378503][T15661] team0: Port device team_slave_1 added
[  706.449219][T10801] netdevsim netdevsim0 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  706.464272][T15661] batman_adv: batadv0: Adding interface: batadv_slave_0
[  706.472403][T15661] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1532 would solve the problem.
[  706.499305][T15661] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active
[  706.520426][T15661] batman_adv: batadv0: Adding interface: batadv_slave_1
[  706.538697][T15661] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1532 would solve the problem.
[  706.594341][T15661] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active
[  706.703399][T15661] hsr_slave_0: entered promiscuous mode
[  706.712060][T15661] hsr_slave_1: entered promiscuous mode
[  706.720431][T15661] debugfs: 'hsr0' already exists in 'hsr'
[  706.727112][T15661] Cannot create hsr debugfs directory
[  707.795565][T13537] Bluetooth: hci5: command tx timeout
[  708.092193][T15690] loop6: detected capacity change from 0 to 524287999
[  708.194360][T15693] program syz.4.2936 is using a deprecated SCSI ioctl, please convert it to SG_IO
[  708.610255][T10801] bond3 (unregistering): (slave gretap1): Releasing active interface
[  708.760413][T10801] bond3 (unregistering): (slave bridge1): Releasing active interface
[  708.881472][T15711] netlink: 'syz.1.2940': attribute type 4 has an invalid length.
[  708.890455][T15711] netlink: 17 bytes leftover after parsing attributes in process `syz.1.2940'.
[  708.956732][T15712] delete_channel: no stack
[  709.299078][T10801] bond1 (unregistering): Released all slaves
[  709.444580][T10801] bond2 (unregistering): Released all slaves
[  709.457778][T10801] bond3 (unregistering): Released all slaves
[  709.587506][T10801] bond4 (unregistering): Released all slaves
[  709.707127][T10801] bond5 (unregistering): Released all slaves
[  709.723762][T10801] bond6 (unregistering): Released all slaves
[  709.737784][T10801] bond0 (unregistering): Released all slaves
[  709.835961][T10801] : left promiscuous mode
[  709.876287][T13537] Bluetooth: hci5: command tx timeout
[  710.015925][T10801] tipc: Disabling bearer <udp:s>
[  710.030426][T10801] tipc: Left network mode
[  710.569715][   T30] kauditd_printk_skb: 61 callbacks suppressed
[  710.569734][   T30] audit: type=1400 audit(1765221761.723:320): apparmor="DENIED" operation="setprocattr" info="current" error=-22 profile="unconfined" pid=15715 comm="syz.4.2942"
[  711.522231][T15748] program syz.2.2947 is using a deprecated SCSI ioctl, please convert it to SG_IO
[  711.623456][T15661] netdevsim netdevsim0 netdevsim0: renamed from eth0
[  711.714559][T15661] netdevsim netdevsim0 netdevsim1: renamed from eth1
[  711.729645][T15661] netdevsim netdevsim0 netdevsim2: renamed from eth2
[  711.781204][T15661] netdevsim netdevsim0 netdevsim3: renamed from eth3
[  711.956293][T13537] Bluetooth: hci5: command tx timeout
[  711.967292][T10801] mac80211_hwsim hwsim4 wlan1 (unregistering): left allmulticast mode
[  712.026607][T15763] netlink: 28 bytes leftover after parsing attributes in process `syz.4.2950'.
[  712.478835][T15776] netlink: 212352 bytes leftover after parsing attributes in process `syz.4.2952'.
[  712.731176][T10801] hsr_slave_0: left promiscuous mode
[  712.830203][T10801] hsr_slave_1: left promiscuous mode
[  713.047770][T10801] veth1_macvtap: left promiscuous mode
[  713.053930][T10801] veth0_macvtap: left promiscuous mode
[  713.059658][T10801] veth1_vlan: left promiscuous mode
[  713.400912][T10801] batadv0 (unregistering): left promiscuous mode
[  713.412190][T10801] team0 (unregistering): Port device batadv0 removed
[  713.432250][T10801] pimreg (unregistering): left allmulticast mode
[  714.034879][T13537] Bluetooth: hci5: command tx timeout
[  714.790160][T10801] team_slave_1 (unregistering): left promiscuous mode
[  714.846486][T10801] team0 (unregistering): Port device team_slave_1 removed
[  714.952480][T10801] team_slave_0 (unregistering): left promiscuous mode
[  715.009457][T15810] netlink: 'syz.4.2955': attribute type 1 has an invalid length.
[  715.077094][T10801] team0 (unregistering): Port device team_slave_0 removed
[  715.118234][T15812] netlink: 'syz.4.2955': attribute type 15 has an invalid length.
[  715.435831][T15817] netlink: 4 bytes leftover after parsing attributes in process `syz.2.2957'.
[  715.446299][T15817] netdevsim netdevsim2 netdevsim0: IPsec offload requires 128 bit authentication
[  715.721639][T15819] program syz.2.2958 is using a deprecated SCSI ioctl, please convert it to SG_IO
[  716.265438][T15824] x_tables: ip_tables: rpfilter match: used from hooks OUTPUT, but only valid from PREROUTING
[  716.289631][T15661] 8021q: adding VLAN 0 to HW filter on device bond0
[  716.304533][T15810] workqueue: Failed to create a rescuer kthread for wq "bond2": -EINTR
[  716.397783][T15827] netlink: 12 bytes leftover after parsing attributes in process `syz.2.2960'.
[  716.398278][T15661] 8021q: adding VLAN 0 to HW filter on device team0
[  716.488058][   T36] bridge0: port 1(bridge_slave_0) entered blocking state
[  716.495270][   T36] bridge0: port 1(bridge_slave_0) entered forwarding state
[  716.521035][   T24] dvb-usb: did not find the firmware file 'dvb-usb-az6027-03.fw' (status -2). You can use <kernel_dir>/scripts/get_dvb_firmware to get the firmware
[  716.521538][ T8709] dvb-usb: did not find the firmware file 'dvb-usb-az6027-03.fw' (status -110). You can use <kernel_dir>/scripts/get_dvb_firmware to get the firmware
[  716.554359][   T24] dvb_usb_az6027 3-1:0.0: probe with driver dvb_usb_az6027 failed with error -2
[  716.588239][   T24] usb 3-1: USB disconnect, device number 102
[  716.645017][ T8709] dvb_usb_az6027 4-1:0.0: probe with driver dvb_usb_az6027 failed with error -110
[  716.667759][ T8709] usb 4-1: USB disconnect, device number 121
[  716.720486][T15828] xt_CT: You must specify a L4 protocol and not use inversions on it
[  716.776718][   T36] bridge0: port 2(bridge_slave_1) entered blocking state
[  716.783859][   T36] bridge0: port 2(bridge_slave_1) entered forwarding state
[  716.957289][T15661] 8021q: adding VLAN 0 to HW filter on device batadv0
[  717.059323][T15661] veth0_vlan: entered promiscuous mode
[  717.241142][T15661] veth1_vlan: entered promiscuous mode
[  717.296376][T15661] veth0_macvtap: entered promiscuous mode
[  717.317290][T15661] veth1_macvtap: entered promiscuous mode
[  717.626699][T15661] batman_adv: batadv0: Interface activated: batadv_slave_0
[  717.663546][T15661] batman_adv: batadv0: Interface activated: batadv_slave_1
[  717.697824][   T13] netdevsim netdevsim0 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0
[  717.719979][   T13] netdevsim netdevsim0 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0
[  717.748853][   T13] netdevsim netdevsim0 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0
[  717.776926][   T13] netdevsim netdevsim0 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0
[  718.085314][T15008] usb 2-1: new high-speed USB device number 56 using dummy_hcd
[  718.138083][   T13] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[  718.169135][   T13] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50
[  718.228998][ T3517] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[  718.245439][T15008] usb 2-1: Using ep0 maxpacket: 8
[  718.257803][T15008] usb 2-1: New USB device found, idVendor=0c45, idProduct=613a, bcdDevice=c4.6d
[  718.268178][T15008] usb 2-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  718.285200][ T3517] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50
[  718.293353][T15008] usb 2-1: Product: syz
[  718.306004][T15008] usb 2-1: Manufacturer: syz
[  718.312989][T15008] usb 2-1: SerialNumber: syz
[  718.345553][T15008] usb 2-1: config 0 descriptor??
[  718.368755][T15008] gspca_main: sonixj-2.14.0 probing 0c45:613a
[  718.682399][T15865] pim6reg: entered allmulticast mode
[  719.000485][T15873] netlink: 8 bytes leftover after parsing attributes in process `syz.2.2971'.
[  719.477278][T15008] gspca_sonixj: reg_r err -110
[  719.482111][T15008] sonixj 2-1:0.0: probe with driver sonixj failed with error -110
[  719.529899][T15878] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy
[  719.573328][T15878] misc raw-gadget: fail, usb_gadget_register_driver returned -16
[  720.031733][T15895] program syz.4.2976 is using a deprecated SCSI ioctl, please convert it to SG_IO
[  720.339845][T15901] program syz.4.2978 is using a deprecated SCSI ioctl, please convert it to SG_IO
[  720.376009][ T8709] usb 1-1: new high-speed USB device number 12 using dummy_hcd
[  720.515416][ T8709] usb 1-1: device descriptor read/64, error -71
[  720.759362][T15908] loop2: detected capacity change from 0 to 7
[  720.788957][ T8709] usb 1-1: new high-speed USB device number 13 using dummy_hcd
[  720.799588][T15908] Dev loop2: unable to read RDB block 7
[  720.900962][T15908]  loop2: unable to read partition table
[  720.915628][T15908] loop2: partition table beyond EOD, truncated
[  720.935654][T15908] loop_reread_partitions: partition scan of loop2 (þ被xü—ŸÑà– ) failed (rc=-5)
[  721.005086][ T8709] usb 1-1: device descriptor read/64, error -71
[  721.067184][T15915] netlink: 4 bytes leftover after parsing attributes in process `syz.2.2982'.
[  721.119643][ T8709] usb usb1-port1: attempt power cycle
[  721.465361][ T8709] usb 1-1: new high-speed USB device number 14 using dummy_hcd
[  721.486569][ T8709] usb 1-1: device descriptor read/8, error -71
[  721.647206][ T8461] tipc: Resetting bearer <ib:wg1>
[  721.668818][ T1146] veth0_to_bond: left allmulticast mode
[  721.679210][ T1146] veth0_to_bond: left promiscuous mode
[  721.690435][ T1146] bridge1: port 1(veth0_to_bond) entered disabled state
[  721.725413][ T8709] usb 1-1: new high-speed USB device number 15 using dummy_hcd
[  721.747729][ T8709] usb 1-1: device descriptor read/8, error -71
[  721.856117][ T8709] usb usb1-port1: unable to enumerate USB device
[  722.062542][ T5896] usb 2-1: USB disconnect, device number 56
[  722.168051][T15934] openvswitch: netlink: IPv6 tunnel dst address is zero
[  722.272327][T15940] program syz.1.2989 is using a deprecated SCSI ioctl, please convert it to SG_IO
[  722.303703][ T1146] bond6 (unregistering): (slave gretap1): Releasing active interface
[  722.382729][T15942] netlink: 'syz.3.2988': attribute type 4 has an invalid length.
[  722.391012][T15942] netlink: 17 bytes leftover after parsing attributes in process `syz.3.2988'.
[  722.468547][T15944] delete_channel: no stack
[  722.546889][ T1146] bond6 (unregistering): (slave bridge0): Releasing active interface
[  722.604036][ T1146] bond0 (unregistering): (slave bridge2): Releasing active interface
[  722.809612][T15948] program syz.1.2991 is using a deprecated SCSI ioctl, please convert it to SG_IO
[  722.969841][ T1146] bond1 (unregistering): Released all slaves
[  722.991727][ T1146] bond2 (unregistering): Released all slaves
[  723.250227][ T1146] bond3 (unregistering): Released all slaves
[  723.565531][ T1146] bond4 (unregistering): Released all slaves
[  723.813571][ T1146] bond5 (unregistering): Released all slaves
[  723.836736][ T1146] bond6 (unregistering): Released all slaves
[  723.991030][ T1146] bond7 (unregistering): Released all slaves
[  724.111347][ T1146] bond8 (unregistering): Released all slaves
[  724.234289][ T1146] bond9 (unregistering): Released all slaves
[  724.248216][ T1146] bond0 (unregistering): Released all slaves
[  724.391257][ T1146] tipc: Disabling bearer <udp:s>
[  724.415400][ T1146] tipc: Disabling bearer <udp:syz2>
[  724.431874][ T1146] tipc: Disabling bearer <ib:wg1>
[  724.477669][ T1146] tipc: Left network mode
[  724.525897][T15966] FAULT_INJECTION: forcing a failure.
[  724.525897][T15966] name failslab, interval 1, probability 0, space 0, times 0
[  724.569083][T15966] CPU: 0 UID: 0 PID: 15966 Comm: syz.1.2994 Tainted: G             L      syzkaller #0 PREEMPT(full) 
[  724.569102][T15966] Tainted: [L]=SOFTLOCKUP
[  724.569106][T15966] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/25/2025
[  724.569113][T15966] Call Trace:
[  724.569118][T15966]  <TASK>
[  724.569124][T15966]  dump_stack_lvl+0x189/0x250
[  724.569141][T15966]  ? __pfx____ratelimit+0x10/0x10
[  724.569154][T15966]  ? __pfx_dump_stack_lvl+0x10/0x10
[  724.569166][T15966]  ? __pfx__printk+0x10/0x10
[  724.569182][T15966]  ? __pfx___might_resched+0x10/0x10
[  724.569194][T15966]  ? fs_reclaim_acquire+0x7d/0x100
[  724.569208][T15966]  should_fail_ex+0x414/0x560
[  724.569224][T15966]  should_failslab+0xa8/0x100
[  724.569237][T15966]  __kmalloc_cache_noprof+0x84/0x700
[  724.569248][T15966]  ? cfg80211_wdev_release_bsses+0x287/0x2c0
[  724.569259][T15966]  ? cfg80211_connect+0xcc2/0x2170
[  724.569273][T15966]  cfg80211_connect+0xcc2/0x2170
[  724.569299][T15966]  nl80211_connect+0x17bc/0x1cd0
[  724.569314][T15966]  ? rcu_is_watching+0x15/0xb0
[  724.569328][T15966]  ? __pfx_nl80211_connect+0x10/0x10
[  724.569337][T15966]  ? __mutex_lock+0x335/0x1350
[  724.569372][T15966]  ? nl80211_pre_doit+0x4f1/0x930
[  724.569390][T15966]  genl_family_rcv_msg_doit+0x215/0x300
[  724.569407][T15966]  ? __pfx_genl_family_rcv_msg_doit+0x10/0x10
[  724.569426][T15966]  ? bpf_lsm_capable+0x9/0x20
[  724.569438][T15966]  ? security_capable+0x7e/0x2e0
[  724.569455][T15966]  genl_rcv_msg+0x60e/0x790
[  724.569471][T15966]  ? __pfx_genl_rcv_msg+0x10/0x10
[  724.569482][T15966]  ? __pfx_nl80211_pre_doit+0x10/0x10
[  724.569494][T15966]  ? __pfx_nl80211_connect+0x10/0x10
[  724.569503][T15966]  ? __pfx_nl80211_post_doit+0x10/0x10
[  724.569523][T15966]  netlink_rcv_skb+0x208/0x470
[  724.569534][T15966]  ? __pfx_genl_rcv_msg+0x10/0x10
[  724.569546][T15966]  ? __pfx_netlink_rcv_skb+0x10/0x10
[  724.569565][T15966]  ? down_read+0x274/0x2e0
[  724.569577][T15966]  ? genl_rcv+0xd/0x40
[  724.569589][T15966]  genl_rcv+0x28/0x40
[  724.569600][T15966]  netlink_unicast+0x82f/0x9e0
[  724.569619][T15966]  ? __pfx_netlink_unicast+0x10/0x10
[  724.569633][T15966]  ? netlink_sendmsg+0x642/0xb30
[  724.569642][T15966]  ? skb_put+0x11b/0x210
[  724.569658][T15966]  netlink_sendmsg+0x805/0xb30
[  724.569673][T15966]  ? __pfx_netlink_sendmsg+0x10/0x10
[  724.569684][T15966]  ? __import_iovec+0x5d4/0x7f0
[  724.569697][T15966]  ? aa_sock_msg_perm+0xf1/0x1b0
[  724.569708][T15966]  ? bpf_lsm_socket_sendmsg+0x9/0x20
[  724.569718][T15966]  ? __pfx_netlink_sendmsg+0x10/0x10
[  724.569728][T15966]  __sock_sendmsg+0x21c/0x270
[  724.569742][T15966]  ____sys_sendmsg+0x505/0x820
[  724.569760][T15966]  ? __pfx_____sys_sendmsg+0x10/0x10
[  724.569776][T15966]  ? kstrtouint+0x6e/0xe0
[  724.569792][T15966]  ___sys_sendmsg+0x21f/0x2a0
[  724.569807][T15966]  ? __pfx____sys_sendmsg+0x10/0x10
[  724.569824][T15966]  ? rcu_read_lock_any_held+0xb3/0x120
[  724.569851][T15966]  ? __fget_files+0x2a/0x420
[  724.569864][T15966]  ? __fget_files+0x3a0/0x420
[  724.569881][T15966]  __sys_sendmsg+0x164/0x220
[  724.569896][T15966]  ? __pfx___sys_sendmsg+0x10/0x10
[  724.569914][T15966]  ? __pfx_ksys_write+0x10/0x10
[  724.569932][T15966]  ? __do_fast_syscall_32+0xbe/0x570
[  724.569949][T15966]  __do_fast_syscall_32+0x1f7/0x570
[  724.569962][T15966]  ? rcu_is_watching+0x15/0xb0
[  724.569973][T15966]  ? do_fast_syscall_32+0x34/0x80
[  724.569988][T15966]  do_fast_syscall_32+0x34/0x80
[  724.570002][T15966]  entry_SYSENTER_compat_after_hwframe+0x84/0x8e
[  724.570014][T15966] RIP: 0023:0xf708d539
[  724.570025][T15966] Code: 03 74 b4 01 10 07 03 74 b0 01 10 08 03 74 d8 01 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 51 52 55 89 e5 0f 34 cd 80 <5d> 5a 59 c3 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90
[  724.570034][T15966] RSP: 002b:00000000f547d55c EFLAGS: 00000206 ORIG_RAX: 0000000000000172
[  724.570045][T15966] RAX: ffffffffffffffda RBX: 0000000000000003 RCX: 00000000800001c0
[  724.570053][T15966] RDX: 0000000004004050 RSI: 0000000000000000 RDI: 0000000000000000
[  724.570059][T15966] RBP: 0000000000000000 R08: 0000000000000000 R09: 0000000000000000
[  724.570064][T15966] R10: 0000000000000000 R11: 0000000000000206 R12: 0000000000000000
[  724.570070][T15966] R13: 0000000000000000 R14: 0000000000000000 R15: 0000000000000000
[  724.570086][T15966]  </TASK>
[  725.256092][ T5914] usb 1-1: new high-speed USB device number 16 using dummy_hcd
[  725.304632][T15972] TCP: request_sock_TCPv6: Possible SYN flooding on port [::]:20002. Sending cookies.
[  725.414860][ T5914] usb 1-1: Using ep0 maxpacket: 8
[  725.424349][ T5914] usb 1-1: config 0 has an invalid interface number: 90 but max is 1
[  725.444277][ T5914] usb 1-1: config 0 contains an unexpected descriptor of type 0x2, skipping
[  725.465869][ T5914] usb 1-1: config 0 has no interface number 1
[  725.476936][ T5914] usb 1-1: config 0 interface 0 altsetting 9 has an invalid descriptor for endpoint zero, skipping
[  725.496274][T15981] program syz.1.3000 is using a deprecated SCSI ioctl, please convert it to SG_IO
[  725.549468][ T5914] usb 1-1: config 0 interface 90 altsetting 13 endpoint 0x8 has invalid maxpacket 512, setting to 64
[  725.634242][ T5914] usb 1-1: config 0 interface 90 altsetting 13 has a duplicate endpoint with address 0xD, skipping
[  725.665435][ T5914] usb 1-1: config 0 interface 90 altsetting 13 has a duplicate endpoint with address 0x3, skipping
[  725.691998][ T5914] usb 1-1: config 0 interface 90 altsetting 13 has an invalid descriptor for endpoint zero, skipping
[  725.748545][ T5914] usb 1-1: config 0 interface 0 has no altsetting 0
[  725.782408][ T5914] usb 1-1: config 0 interface 90 has no altsetting 0
[  725.823874][ T5914] usb 1-1: New USB device found, idVendor=1199, idProduct=9005, bcdDevice=a4.e8
[  725.890649][ T5914] usb 1-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  725.993515][ T5914] usb 1-1: config 0 descriptor??
[  726.092302][T15989] 8021q: adding VLAN 0 to HW filter on device batadv6
[  726.117323][T15989] batadv6: entered promiscuous mode
[  726.139055][T15989] team0: Port device batadv6 added
[  726.524515][ T5914] usb 1-1: string descriptor 0 read error: -71
[  726.627296][T15997] sctp: [Deprecated]: syz.2.3003 (pid 15997) Use of int in max_burst socket option deprecated.
[  726.627296][T15997] Use struct sctp_assoc_value instead
[  726.644315][ T1146] hsr_slave_0: left promiscuous mode
[  726.848344][ T1146] hsr_slave_1: left promiscuous mode
[  726.854913][ T1146] batman_adv: batadv0: Interface deactivated: batadv_slave_0
[  726.863514][ T1146] batman_adv: batadv0: Removing interface: batadv_slave_0
[  726.890351][ T1146] batman_adv: batadv0: Interface deactivated: batadv_slave_1
[  726.905237][ T1146] batman_adv: batadv0: Removing interface: batadv_slave_1
[  726.914626][ T1146] batman_adv: batadv0: Interface deactivated: vlan0
[  726.923038][ T5914] usb 1-1: USB disconnect, device number 16
[  726.923510][ T1146] batman_adv: batadv0: Removing interface: vlan0
[  727.506254][ T1146] batadv0: left allmulticast mode
[  727.511587][ T1146] batadv0: left promiscuous mode
[  727.547260][ T1146] veth1_macvtap: left promiscuous mode
[  727.578577][ T1146] veth0_macvtap: left promiscuous mode
[  728.297873][ T1146] team0 (unregistering): Port device batadv1 removed
[  728.673006][ T5148] Bluetooth: hci1: unexpected cc 0x0c03 length: 249 > 1
[  728.690988][ T5148] Bluetooth: hci1: unexpected cc 0x1003 length: 249 > 9
[  728.699733][ T5148] Bluetooth: hci1: unexpected cc 0x1001 length: 249 > 9
[  728.708463][ T5148] Bluetooth: hci1: unexpected cc 0x0c23 length: 249 > 4
[  728.725638][ T5148] Bluetooth: hci1: unexpected cc 0x0c38 length: 249 > 2
[  728.981049][ T1146] team0 (unregistering): Port device team_slave_1 removed
[  729.023296][ T1146] team0 (unregistering): Port device team_slave_0 removed
[  729.740708][T16013] loop6: detected capacity change from 0 to 524287999
[  729.920401][T16023] program syz.3.3012 is using a deprecated SCSI ioctl, please convert it to SG_IO
[  729.951336][T16027] netlink: 'syz.0.3009': attribute type 1 has an invalid length.
[  730.835138][T13537] Bluetooth: hci1: command tx timeout
[  731.081466][T16037] kvm_intel: set kvm_intel.dump_invalid_vmcs=1 to dump internal KVM state.
[  731.407207][T16009] chnl_net:caif_netlink_parms(): no params data found
[  732.186347][T16009] bridge0: port 1(bridge_slave_0) entered blocking state
[  732.207775][T16009] bridge0: port 1(bridge_slave_0) entered disabled state
[  732.225025][T16009] bridge_slave_0: entered allmulticast mode
[  732.290114][T16057] netlink: 'syz.4.3017': attribute type 4 has an invalid length.
[  732.298955][T16057] netlink: 17 bytes leftover after parsing attributes in process `syz.4.3017'.
[  732.349504][T16009] bridge_slave_0: entered promiscuous mode
[  732.358664][T16056] netlink: zone id is out of range
[  732.409981][T16058] delete_channel: no stack
[  732.628107][ T1146] netdevsim netdevsim2 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  732.656256][ T1146] netdevsim netdevsim2 netdevsim3 (unregistering): unset [1, 1] type 2 family 0 port 20000 - 0
[  732.703459][T16009] bridge0: port 2(bridge_slave_1) entered blocking state
[  732.711120][T16009] bridge0: port 2(bridge_slave_1) entered disabled state
[  732.720684][T16009] bridge_slave_1: entered allmulticast mode
[  732.748180][T16009] bridge_slave_1: entered promiscuous mode
[  732.925918][T13537] Bluetooth: hci1: command tx timeout
[  732.999655][ T1146] netdevsim netdevsim2 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  733.015159][ T1146] netdevsim netdevsim2 netdevsim2 (unregistering): unset [1, 1] type 2 family 0 port 20000 - 0
[  733.228233][T16071] netlink: 20 bytes leftover after parsing attributes in process `syz.0.3022'.
[  733.452356][T16009] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link
[  733.869399][ T1146] netdevsim netdevsim2 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  733.916121][ T1146] netdevsim netdevsim2 netdevsim1 (unregistering): unset [1, 1] type 2 family 0 port 20000 - 0
[  734.131544][T16009] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link
[  734.337497][T16074] program syz.3.3023 is using a deprecated SCSI ioctl, please convert it to SG_IO
[  734.561335][T16009] team0: Port device team_slave_0 added
[  734.592671][ T1146] bond0: (slave netdevsim0): Releasing backup interface
[  734.603127][ T1146] netdevsim netdevsim2 netdevsim0 (unregistering): left promiscuous mode
[  734.622596][ T1146] netdevsim netdevsim2 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  734.633375][ T1146] netdevsim netdevsim2 netdevsim0 (unregistering): unset [1, 1] type 2 family 0 port 20000 - 0
[  734.738884][T16009] team0: Port device team_slave_1 added
[  734.845800][T16009] batman_adv: batadv0: Adding interface: batadv_slave_0
[  734.869978][T16009] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1532 would solve the problem.
[  734.937928][T16009] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active
[  734.995528][T13537] Bluetooth: hci1: command tx timeout
[  735.054281][T16078] program syz.3.3024 is using a deprecated SCSI ioctl, please convert it to SG_IO
[  735.093642][T16009] batman_adv: batadv0: Adding interface: batadv_slave_1
[  735.144929][T16009] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1532 would solve the problem.
[  735.272161][T16009] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active
[  735.676577][T16090] netlink: 'syz.4.3027': attribute type 4 has an invalid length.
[  735.697850][T16090] netlink: 17 bytes leftover after parsing attributes in process `syz.4.3027'.
[  735.766098][T16092] delete_channel: no stack
[  735.927358][T16094] netlink: 'syz.1.3026': attribute type 4 has an invalid length.
[  735.936536][T16094] netlink: 17 bytes leftover after parsing attributes in process `syz.1.3026'.
[  736.193103][T16095] delete_channel: no stack
[  736.444703][ T1146] bond7 (unregistering): (slave gretap1): Releasing active interface
[  736.533722][ T1146] bond2 (unregistering): (slave geneve2): Releasing active interface
[  736.626404][ T1146] bond7 (unregistering): (slave bridge0): Releasing active interface
[  736.688781][ T1146] bond9 (unregistering): (slave bridge2): Releasing active interface
[  736.767531][T16101] netlink: 20 bytes leftover after parsing attributes in process `syz.3.3028'.
[  737.214392][T13537] Bluetooth: hci1: command tx timeout
[  737.360362][ T1146] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface
[  737.377023][ T1146] bond_slave_0: left promiscuous mode
[  737.388242][ T1146] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface
[  737.406842][ T1146] bond_slave_1: left promiscuous mode
[  737.424801][ T1146] bond0 (unregistering): (slave bond3): Releasing backup interface
[  737.433450][ T1146] bond3 (unregistering): left promiscuous mode
[  737.440974][ T1146] bond0 (unregistering): (slave bridge_slave_1): Releasing backup interface
[  737.450273][ T1146] bridge_slave_1: left promiscuous mode
[  737.456959][ T1146] bond0 (unregistering): Released all slaves
[  737.580363][ T1146] bond1 (unregistering): Released all slaves
[  737.700064][ T1146] bond2 (unregistering): Released all slaves
[  737.814567][ T1146] bond3 (unregistering): Released all slaves
[  737.939838][ T1146] bond4 (unregistering): Released all slaves
[  737.953017][ T1146] bond5 (unregistering): Released all slaves
[  738.086440][ T1146] bond6 (unregistering): Released all slaves
[  738.100145][ T1146] bond7 (unregistering): Released all slaves
[  738.237636][ T1146] bond8 (unregistering): Released all slaves
[  738.250820][ T1146] bond9 (unregistering): Released all slaves
[  738.392667][ T1146] bond10 (unregistering): Released all slaves
[  738.434670][T16009] hsr_slave_0: entered promiscuous mode
[  738.454373][T16009] hsr_slave_1: entered promiscuous mode
[  738.739379][ T1146] tipc: Disabling bearer <udp:s>
[  738.758822][ T1146] tipc: Left network mode
[  738.800421][T16107] netlink: 4 bytes leftover after parsing attributes in process `syz.0.3030'.
[  738.842412][T16107] netdevsim netdevsim0 netdevsim0: IPsec offload requires 128 bit authentication
[  739.106192][T16119] netlink: 8 bytes leftover after parsing attributes in process `syz.4.3032'.
[  739.106218][T16119] netlink: 4 bytes leftover after parsing attributes in process `syz.4.3032'.
[  739.106242][T16119] netlink: 'syz.4.3032': attribute type 14 has an invalid length.
[  739.106257][T16119] netlink: 'syz.4.3032': attribute type 13 has an invalid length.
[  739.249123][ T1146] mac80211_hwsim hwsim27 wlan1 (unregistering): left allmulticast mode
[  739.294533][ T1146] mac80211_hwsim hwsim27 wlan1 (unregistering): left promiscuous mode
[  739.409092][   T30] audit: type=1326 audit(1765221790.603:321): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=16118 comm="syz.4.3032" exe="/root/syz-executor" sig=9 arch=40000003 syscall=252 compat=1 ip=0xf7fa7539 code=0x0
[  740.135566][ T5914] usb 1-1: new high-speed USB device number 17 using dummy_hcd
[  740.343703][ T5914] usb 1-1: unable to get BOS descriptor or descriptor too short
[  740.358085][ T5914] usb 1-1: too many configurations: 199, using maximum allowed: 8
[  740.423954][T16151] input: syz1 as /devices/virtual/input/input48
[  740.438092][ T5914] usb 1-1: unable to read config index 0 descriptor/start: -61
[  740.462065][ T5914] usb 1-1: can't read configurations, error -61
[  740.636859][ T5914] usb 1-1: new high-speed USB device number 18 using dummy_hcd
[  740.823477][ T5914] usb 1-1: unable to get BOS descriptor or descriptor too short
[  740.832787][ T5914] usb 1-1: too many configurations: 199, using maximum allowed: 8
[  740.856857][ T5914] usb 1-1: unable to read config index 0 descriptor/start: -61
[  740.868733][ T5914] usb 1-1: can't read configurations, error -61
[  740.878527][ T5914] usb usb1-port1: attempt power cycle
[  741.110618][ T1146] hsr_slave_0: left promiscuous mode
[  741.147355][ T1146] hsr_slave_1: left promiscuous mode
[  741.153463][ T1146] batman_adv: batadv0: Interface deactivated: batadv_slave_0
[  741.198000][ T1146] batman_adv: batadv0: Removing interface: batadv_slave_0
[  741.235378][ T5914] usb 1-1: new high-speed USB device number 19 using dummy_hcd
[  741.285445][ T5914] usb 1-1: unable to get BOS descriptor or descriptor too short
[  741.293167][ T5914] usb 1-1: too many configurations: 199, using maximum allowed: 8
[  741.332938][ T5914] usb 1-1: unable to read config index 0 descriptor/start: -61
[  741.341589][ T1146] veth1_macvtap: left promiscuous mode
[  741.354873][ T1146] veth0_macvtap: left promiscuous mode
[  741.360878][ T1146] veth1_vlan: left promiscuous mode
[  741.366858][ T5914] usb 1-1: can't read configurations, error -61
[  741.390646][ T1146] veth0_vlan: left promiscuous mode
[  741.504836][ T5914] usb 1-1: new high-speed USB device number 20 using dummy_hcd
[  741.541952][T16175] kvm: user requested TSC rate below hardware speed
[  741.587876][ T5914] usb 1-1: unable to get BOS descriptor or descriptor too short
[  741.596361][ T5914] usb 1-1: too many configurations: 199, using maximum allowed: 8
[  741.644144][ T5914] usb 1-1: unable to read config index 0 descriptor/start: -61
[  741.658242][ T5914] usb 1-1: can't read configurations, error -61
[  741.679836][ T5914] usb usb1-port1: unable to enumerate USB device
[  741.800479][ T1146] batadv6 (unregistering): left promiscuous mode
[  741.820712][ T1146] team0 (unregistering): Port device batadv6 removed
[  741.882168][ T1146] batadv5 (unregistering): left promiscuous mode
[  741.906517][ T1146] team0 (unregistering): Port device batadv5 removed
[  742.455531][ T1146] batadv4 (unregistering): left promiscuous mode
[  742.537174][ T1146] team0 (unregistering): Port device batadv4 removed
[  742.616133][ T1146] batadv3 (unregistering): left promiscuous mode
[  742.631550][ T1146] team0 (unregistering): Port device batadv3 removed
[  742.695717][ T1146] batadv2 (unregistering): left promiscuous mode
[  742.702868][ T1146] team0 (unregistering): Port device batadv2 removed
[  742.734069][ T1146] batadv1 (unregistering): left promiscuous mode
[  742.746894][ T1146] team0 (unregistering): Port device batadv1 removed
[  742.941673][T16187] fuse: Bad value for 'group_id'
[  742.956261][T16187] fuse: Bad value for 'group_id'
[  743.707478][ T1146] team_slave_1 (unregistering): left promiscuous mode
[  743.717110][ T1146] team0 (unregistering): Port device team_slave_1 removed
[  743.763822][T16199] input: syz1 as /devices/virtual/input/input49
[  743.771560][ T1146] team_slave_0 (unregistering): left promiscuous mode
[  743.786689][ T1146] team0 (unregistering): Port device team_slave_0 removed
[  744.244999][   T24] usb 1-1: new high-speed USB device number 21 using dummy_hcd
[  744.347327][T16009] netdevsim netdevsim2 netdevsim0: renamed from eth0
[  744.364346][T16009] netdevsim netdevsim2 netdevsim1: renamed from eth1
[  744.383984][T16009] netdevsim netdevsim2 netdevsim2: renamed from eth2
[  744.396210][T16009] netdevsim netdevsim2 netdevsim3: renamed from eth3
[  744.404962][   T24] usb 1-1: Using ep0 maxpacket: 32
[  744.426706][T16202] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy
[  744.447150][T16202] misc raw-gadget: fail, usb_gadget_register_driver returned -16
[  744.540559][T16202] team_slave_0: entered promiscuous mode
[  744.546354][T16202] team_slave_1: entered promiscuous mode
[  744.553622][T16202] vlan2: entered promiscuous mode
[  744.564538][T16202] team0: entered promiscuous mode
[  744.781687][T16009] 8021q: adding VLAN 0 to HW filter on device bond0
[  744.797588][T16009] 8021q: adding VLAN 0 to HW filter on device team0
[  744.828564][T16009] hsr0: Slave A (hsr_slave_0) is not up; please bring it up to get a fully working HSR network
[  744.848128][T16219] blktrace: Concurrent blktraces are not allowed on nullb0
[  744.856600][T16009] hsr0: Slave B (hsr_slave_1) is not up; please bring it up to get a fully working HSR network
[  744.900794][ T5951] bridge0: port 1(bridge_slave_0) entered blocking state
[  744.907955][ T5951] bridge0: port 1(bridge_slave_0) entered forwarding state
[  744.923557][ T5951] bridge0: port 2(bridge_slave_1) entered blocking state
[  744.930722][ T5951] bridge0: port 2(bridge_slave_1) entered forwarding state
[  744.964636][T16220] fuse: Bad value for 'fd'
[  745.360605][T16009] 8021q: adding VLAN 0 to HW filter on device batadv0
[  745.473406][T16224] netlink: 'syz.4.3050': attribute type 4 has an invalid length.
[  745.482175][T16224] netlink: 17 bytes leftover after parsing attributes in process `syz.4.3050'.
[  746.275598][T16009] veth0_vlan: entered promiscuous mode
[  746.484536][T16009] veth1_vlan: entered promiscuous mode
[  746.769855][T16009] veth0_macvtap: entered promiscuous mode
[  746.781119][T16009] veth1_macvtap: entered promiscuous mode
[  746.852753][T16009] batman_adv: batadv0: Interface activated: batadv_slave_0
[  746.881720][T16009] batman_adv: batadv0: Interface activated: batadv_slave_1
[  746.920956][   T13] netdevsim netdevsim2 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0
[  747.115660][   T13] netdevsim netdevsim2 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0
[  747.129135][   T24] usb 1-1: unable to get BOS descriptor or descriptor too short
[  747.173909][   T13] netdevsim netdevsim2 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0
[  747.175874][   T24] usb 1-1: no configurations
[  747.257017][   T24] usb 1-1: can't read configurations, error -22
[  747.482887][ T1300] ieee802154 phy0 wpan0: encryption failed: -22
[  747.489298][ T1300] ieee802154 phy1 wpan1: encryption failed: -22
[  747.643122][T16242] netlink: 'syz.0.3053': attribute type 10 has an invalid length.
[  747.694607][T16243] netlink: 4 bytes leftover after parsing attributes in process `syz.0.3053'.
[  747.742193][T16241] bridge_slave_0: left allmulticast mode
[  747.795202][T16241] bridge_slave_0: left promiscuous mode
[  747.802681][T16241] bridge0: port 1(bridge_slave_0) entered disabled state
[  747.867486][T16241] bridge_slave_1: left allmulticast mode
[  747.908578][T16241] bridge_slave_1: left promiscuous mode
[  747.932094][T16241] bridge0: port 2(bridge_slave_1) entered disabled state
[  748.146092][T16241] bond0: (slave bond_slave_0): Releasing backup interface
[  748.188602][T16241] bond0: (slave bond_slave_1): Releasing backup interface
[  748.224325][T16241] team_slave_0: left promiscuous mode
[  748.244636][T16241] team0: Port device team_slave_0 removed
[  748.260955][T16241] team_slave_1: left promiscuous mode
[  748.282710][T16248] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium
[  748.297550][T16241] team0: Port device team_slave_1 removed
[  748.311731][T16241] batman_adv: batadv0: Interface deactivated: batadv_slave_0
[  748.328181][T16241] batman_adv: batadv0: Removing interface: batadv_slave_0
[  748.346583][T16241] batman_adv: batadv0: Interface deactivated: batadv_slave_1
[  748.354003][T16241] batman_adv: batadv0: Removing interface: batadv_slave_1
[  748.373153][T16248] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium
[  748.373959][T16241] A link change request failed with some changes committed already. Interface hsr_slave_0 may have been left with an inconsistent configuration, please check.
[  748.445908][T16249] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium
[  748.494392][T16242] 8021q: adding VLAN 0 to HW filter on device bond0
[  748.534056][T16242] bond0: entered promiscuous mode
[  748.541900][T16223] delete_channel: no stack
[  748.553096][T16242] team0: Port device bond0 added
[  748.560147][   T13] netdevsim netdevsim2 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0
[  749.190701][T16243] bond0: left promiscuous mode
[  749.210492][T16243] team0 (unregistering): Port device bond0 removed
[  749.375845][ T5951] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[  749.394616][ T5951] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50
[  749.508145][ T5951] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[  749.522289][ T5951] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50
[  749.866265][T16270] TCP: request_sock_TCPv6: Possible SYN flooding on port [::]:20002. Sending cookies.
[  750.250221][T16281] netlink: 'syz.0.3061': attribute type 1 has an invalid length.
[  751.000218][T16281] 8021q: adding VLAN 0 to HW filter on device bond1
[  751.092720][T16289] fuse: Bad value for 'group_id'
[  751.100698][T16289] fuse: Bad value for 'group_id'
[  751.102989][T16283] bond1: (slave batadv1): Opening slave failed
[  751.488632][T16291] netlink: 'syz.4.3062': attribute type 4 has an invalid length.
[  751.498339][T16291] netlink: 17 bytes leftover after parsing attributes in process `syz.4.3062'.
[  751.546055][ T5979] batman_adv: batadv1: adding TT local entry 33:33:00:00:00:01 to non-existent VLAN -1
[  751.877996][T16292] delete_channel: no stack
[  752.291562][ T5148] Bluetooth: hci3: unexpected cc 0x0c03 length: 249 > 1
[  752.306813][ T5148] Bluetooth: hci3: unexpected cc 0x1003 length: 249 > 9
[  752.319326][ T5148] Bluetooth: hci3: unexpected cc 0x1001 length: 249 > 9
[  752.331544][ T5148] Bluetooth: hci3: unexpected cc 0x0c23 length: 249 > 4
[  752.340884][ T5148] Bluetooth: hci3: unexpected cc 0x0c38 length: 249 > 2
[  752.543813][T16307] netlink: 32 bytes leftover after parsing attributes in process `syz.2.3069'.
[  752.565208][ T5896] usb 1-1: new high-speed USB device number 23 using dummy_hcd
[  752.723034][ T5896] usb 1-1: Using ep0 maxpacket: 16
[  752.736042][ T5896] usb 1-1: config 0 has an invalid interface number: 8 but max is 0
[  752.753933][ T5896] usb 1-1: config 0 has no interface number 0
[  752.764825][ T5896] usb 1-1: config 0 interface 8 altsetting 0 endpoint 0x8C has an invalid bInterval 0, changing to 7
[  752.777904][ T5896] usb 1-1: New USB device found, idVendor=0d8c, idProduct=000e, bcdDevice=8e.8f
[  752.794894][ T5896] usb 1-1: New USB device strings: Mfr=0, Product=24, SerialNumber=3
[  752.804531][ T5896] usb 1-1: Product: syz
[  752.809590][ T5896] usb 1-1: SerialNumber: syz
[  752.817129][ T5896] usb 1-1: config 0 descriptor??
[  752.836796][ T5896] cm109 1-1:0.8: invalid payload size 2, expected 4
[  752.847038][ T5896] input: CM109 USB driver as /devices/platform/dummy_hcd.0/usb1/1-1/1-1:0.8/input/input50
[  752.868165][T15008] usb 3-1: new high-speed USB device number 103 using dummy_hcd
[  753.015632][T16312] create_pit_timer: 13 callbacks suppressed
[  753.015651][T16312] kvm: requested 4190 ns i8254 timer period limited to 200000 ns
[  753.065701][T15008] usb 3-1: unable to get BOS descriptor or descriptor too short
[  753.073718][T15008] usb 3-1: too many configurations: 199, using maximum allowed: 8
[  753.109534][T16312] kvm: pic: level sensitive irq not supported
[  753.109852][T16312] kvm: pic: non byte read
[  753.122007][T16312] kvm: pic: level sensitive irq not supported
[  753.122153][T16312] kvm: pic: non byte read
[  753.136015][T16312] kvm: pic: level sensitive irq not supported
[  753.136099][T16312] kvm: pic: non byte read
[  753.153330][T15008] usb 3-1: unable to read config index 0 descriptor/start: -61
[  753.165893][T16312] kvm: pic: level sensitive irq not supported
[  753.165966][T16312] kvm: pic: non byte read
[  753.177733][T15008] usb 3-1: can't read configurations, error -61
[  753.192731][T16305] chnl_net:caif_netlink_parms(): no params data found
[  753.262874][    C1] cm109 1-1:0.8: cm109_urb_irq_callback: urb status -71
[  753.269902][    C1] ------------[ cut here ]------------
[  753.275775][    C1] URB ffff888025dee400 submitted while active
[  753.281905][    C1] WARNING: drivers/usb/core/urb.c:380 at 0x0, CPU#1: ksoftirqd/1/23
[  753.289944][    C1] Modules linked in:
[  753.294185][    C1] CPU: 1 UID: 0 PID: 23 Comm: ksoftirqd/1 Tainted: G             L      syzkaller #0 PREEMPT(full) 
[  753.305014][    C1] Tainted: [L]=SOFTLOCKUP
[  753.309379][    C1] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/25/2025
[  753.319688][    C1] RIP: 0010:usb_submit_urb+0x7e/0x18d0
[  753.325250][    C1] Code: 89 f0 48 c1 e8 03 42 80 3c 38 00 74 08 4c 89 f7 e8 47 e6 28 fb 49 83 3e 00 74 40 e8 7c 94 c2 fa 48 8d 3d 35 14 8f 08 48 89 de <67> 48 0f b9 3a b8 f0 ff ff ff eb 11 e8 61 94 c2 fa eb 05 e8 5a 94
[  753.345001][    C1] RSP: 0018:ffffc900001d7558 EFLAGS: 00010083
[  753.351170][    C1] RAX: ffffffff86ff1c74 RBX: ffff888025dee400 RCX: 0000000000040000
[  753.359292][    C1] RDX: ffffc90002392000 RSI: ffff888025dee400 RDI: ffffffff8f8e30b0
[  753.367314][    C1] RBP: 000000000000000f R08: 0000000000000003 R09: 0000000000000004
[  753.375326][    C1] R10: dffffc0000000000 R11: fffff5200003ae9c R12: 0000000000000820
[  753.383419][    C1] R13: ffff888056ca1030 R14: ffff888025dee408 R15: dffffc0000000000
[  753.391510][    C1] FS:  0000000000000000(0000) GS:ffff888125f44000(0000) knlGS:0000000000000000
[  753.400541][    C1] CS:  0010 DS: 0000 ES: 0000 CR0: 0000000080050033
[  753.407176][    C1] CR2: 000000002f815ff8 CR3: 000000005c0dc000 CR4: 00000000003526f0
[  753.415328][    C1] Call Trace:
[  753.418665][    C1]  <TASK>
[  753.421628][    C1]  ? _raw_spin_lock_irqsave+0xb3/0xf0
[  753.427052][    C1]  ? __pfx__raw_spin_lock_irqsave+0x10/0x10
[  753.433131][    C1]  ? kcov_remote_start+0x97/0x7f0
[  753.438397][    C1]  cm109_urb_irq_callback+0x709/0xcd0
[  753.443824][    C1]  __usb_hcd_giveback_urb+0x376/0x540
[  753.449261][    C1]  dummy_timer+0x85f/0x45b0
[  753.454245][    C1]  ? __pfx_do_raw_spin_lock+0x10/0x10
[  753.459651][    C1]  ? __pfx_dummy_timer+0x10/0x10
[  753.464585][    C1]  ? debug_object_deactivate+0x6d/0x360
[  753.470140][    C1]  ? __pfx_dummy_timer+0x10/0x10
[  753.475093][    C1]  ? __pfx_dummy_timer+0x10/0x10
[  753.480029][    C1]  __hrtimer_run_queues+0x51c/0xc30
[  753.485233][    C1]  ? ktime_get_update_offsets_now+0x67/0x3d0
[  753.491220][    C1]  ? __pfx___hrtimer_run_queues+0x10/0x10
[  753.496938][    C1]  ? read_tsc+0x9/0x20
[  753.501007][    C1]  ? __pfx_tasklet_action_common+0x10/0x10
[  753.506820][    C1]  hrtimer_run_softirq+0x187/0x2b0
[  753.511936][    C1]  handle_softirqs+0x27d/0x850
[  753.516702][    C1]  ? run_ksoftirqd+0x9b/0x100
[  753.521386][    C1]  ? __pfx_handle_softirqs+0x10/0x10
[  753.526666][    C1]  ? preempt_schedule_common+0x83/0xd0
[  753.532128][    C1]  ? smpboot_thread_fn+0x4d/0xa60
[  753.537154][    C1]  ? smpboot_thread_fn+0x4d/0xa60
[  753.542179][    C1]  run_ksoftirqd+0x9b/0x100
[  753.546686][    C1]  ? __pfx_run_ksoftirqd+0x10/0x10
[  753.551822][    C1]  ? __pfx_ksoftirqd_should_run+0x10/0x10
[  753.557565][    C1]  ? smpboot_thread_fn+0x5f4/0xa60
[  753.562683][    C1]  smpboot_thread_fn+0x542/0xa60
[  753.567625][    C1]  ? smpboot_thread_fn+0x4d/0xa60
[  753.572659][    C1]  kthread+0x711/0x8a0
[  753.576833][    C1]  ? __pfx_smpboot_thread_fn+0x10/0x10
[  753.582312][    C1]  ? __pfx_kthread+0x10/0x10
[  753.586910][    C1]  ? _raw_spin_unlock_irq+0x23/0x50
[  753.592111][    C1]  ? lockdep_hardirqs_on+0x98/0x140
[  753.597311][    C1]  ? __pfx_kthread+0x10/0x10
[  753.601900][    C1]  ret_from_fork+0x599/0xb30
[  753.606497][    C1]  ? __pfx_ret_from_fork+0x10/0x10
[  753.611615][    C1]  ? __switch_to_asm+0x39/0x70
[  753.616379][    C1]  ? __switch_to_asm+0x33/0x70
[  753.621148][    C1]  ? __pfx_kthread+0x10/0x10
[  753.625740][    C1]  ret_from_fork_asm+0x1a/0x30
[  753.630603][    C1]  </TASK>
[  753.633623][    C1] Kernel panic - not syncing: kernel: panic_on_warn set ...
[  753.640928][    C1] CPU: 1 UID: 0 PID: 23 Comm: ksoftirqd/1 Tainted: G             L      syzkaller #0 PREEMPT(full) 
[  753.651700][    C1] Tainted: [L]=SOFTLOCKUP
[  753.656022][    C1] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/25/2025
[  753.666165][    C1] Call Trace:
[  753.669454][    C1]  <TASK>
[  753.672377][    C1]  dump_stack_lvl+0x99/0x250
[  753.677232][    C1]  ? __asan_memcpy+0x40/0x70
[  753.681881][    C1]  ? __pfx_dump_stack_lvl+0x10/0x10
[  753.687083][    C1]  ? __pfx__printk+0x10/0x10
[  753.691698][    C1]  vpanic+0x237/0x6d0
[  753.695937][    C1]  ? __pfx_vpanic+0x10/0x10
[  753.700525][    C1]  ? is_bpf_text_address+0x292/0x2b0
[  753.705804][    C1]  ? is_bpf_text_address+0x26/0x2b0
[  753.711003][    C1]  panic+0xb9/0xc0
[  753.714719][    C1]  ? __pfx_panic+0x10/0x10
[  753.719152][    C1]  ? ret_from_fork_asm+0x1a/0x30
[  753.724159][    C1]  __warn+0x317/0x4b0
[  753.728233][    C1]  __report_bug+0x288/0x500
[  753.732831][    C1]  ? __pfx_dev_vprintk_emit+0x10/0x10
[  753.738211][    C1]  ? __pfx___report_bug+0x10/0x10
[  753.743237][    C1]  ? dev_printk_emit+0xe0/0x130
[  753.748095][    C1]  report_bug_entry+0x16a/0x220
[  753.752944][    C1]  ? usb_submit_urb+0x7e/0x18d0
[  753.757823][    C1]  ? usb_submit_urb+0x83/0x18d0
[  753.762675][    C1]  handle_bug+0xca/0x200
[  753.766943][    C1]  exc_invalid_op+0x1a/0x50
[  753.771458][    C1]  asm_exc_invalid_op+0x1a/0x20
[  753.776306][    C1] RIP: 0010:usb_submit_urb+0x7e/0x18d0
[  753.781764][    C1] Code: 89 f0 48 c1 e8 03 42 80 3c 38 00 74 08 4c 89 f7 e8 47 e6 28 fb 49 83 3e 00 74 40 e8 7c 94 c2 fa 48 8d 3d 35 14 8f 08 48 89 de <67> 48 0f b9 3a b8 f0 ff ff ff eb 11 e8 61 94 c2 fa eb 05 e8 5a 94
[  753.801474][    C1] RSP: 0018:ffffc900001d7558 EFLAGS: 00010083
[  753.807554][    C1] RAX: ffffffff86ff1c74 RBX: ffff888025dee400 RCX: 0000000000040000
[  753.815527][    C1] RDX: ffffc90002392000 RSI: ffff888025dee400 RDI: ffffffff8f8e30b0
[  753.823674][    C1] RBP: 000000000000000f R08: 0000000000000003 R09: 0000000000000004
[  753.831643][    C1] R10: dffffc0000000000 R11: fffff5200003ae9c R12: 0000000000000820
[  753.839613][    C1] R13: ffff888056ca1030 R14: ffff888025dee408 R15: dffffc0000000000
[  753.847693][    C1]  ? usb_submit_urb+0x74/0x18d0
[  753.852577][    C1]  ? usb_submit_urb+0x74/0x18d0
[  753.857542][    C1]  ? _raw_spin_lock_irqsave+0xb3/0xf0
[  753.862931][    C1]  ? __pfx__raw_spin_lock_irqsave+0x10/0x10
[  753.868826][    C1]  ? kcov_remote_start+0x97/0x7f0
[  753.873895][    C1]  cm109_urb_irq_callback+0x709/0xcd0
[  753.879272][    C1]  __usb_hcd_giveback_urb+0x376/0x540
[  753.884642][    C1]  dummy_timer+0x85f/0x45b0
[  753.889163][    C1]  ? __pfx_do_raw_spin_lock+0x10/0x10
[  753.894555][    C1]  ? __pfx_dummy_timer+0x10/0x10
[  753.899491][    C1]  ? debug_object_deactivate+0x6d/0x360
[  753.905046][    C1]  ? __pfx_dummy_timer+0x10/0x10
[  753.910078][    C1]  ? __pfx_dummy_timer+0x10/0x10
[  753.915018][    C1]  __hrtimer_run_queues+0x51c/0xc30
[  753.920241][    C1]  ? ktime_get_update_offsets_now+0x67/0x3d0
[  753.926667][    C1]  ? __pfx___hrtimer_run_queues+0x10/0x10
[  753.932384][    C1]  ? read_tsc+0x9/0x20
[  753.936473][    C1]  ? __pfx_tasklet_action_common+0x10/0x10
[  753.942279][    C1]  hrtimer_run_softirq+0x187/0x2b0
[  753.947485][    C1]  handle_softirqs+0x27d/0x850
[  753.952250][    C1]  ? run_ksoftirqd+0x9b/0x100
[  753.956928][    C1]  ? __pfx_handle_softirqs+0x10/0x10
[  753.962210][    C1]  ? preempt_schedule_common+0x83/0xd0
[  753.967668][    C1]  ? smpboot_thread_fn+0x4d/0xa60
[  753.972692][    C1]  ? smpboot_thread_fn+0x4d/0xa60
[  753.977709][    C1]  run_ksoftirqd+0x9b/0x100
[  753.982209][    C1]  ? __pfx_run_ksoftirqd+0x10/0x10
[  753.987316][    C1]  ? __pfx_ksoftirqd_should_run+0x10/0x10
[  753.993047][    C1]  ? smpboot_thread_fn+0x5f4/0xa60
[  753.998242][    C1]  smpboot_thread_fn+0x542/0xa60
[  754.003176][    C1]  ? smpboot_thread_fn+0x4d/0xa60
[  754.008201][    C1]  kthread+0x711/0x8a0
[  754.012270][    C1]  ? __pfx_smpboot_thread_fn+0x10/0x10
[  754.017726][    C1]  ? __pfx_kthread+0x10/0x10
[  754.022321][    C1]  ? _raw_spin_unlock_irq+0x23/0x50
[  754.027611][    C1]  ? lockdep_hardirqs_on+0x98/0x140
[  754.032850][    C1]  ? __pfx_kthread+0x10/0x10
[  754.037524][    C1]  ret_from_fork+0x599/0xb30
[  754.042112][    C1]  ? __pfx_ret_from_fork+0x10/0x10
[  754.047224][    C1]  ? __switch_to_asm+0x39/0x70
[  754.051986][    C1]  ? __switch_to_asm+0x33/0x70
[  754.056745][    C1]  ? __pfx_kthread+0x10/0x10
[  754.061332][    C1]  ret_from_fork_asm+0x1a/0x30
[  754.066111][    C1]  </TASK>
[  754.069551][    C1] Kernel Offset: disabled
[  754.073865][    C1] Rebooting in 86400 seconds..