last executing test programs:

24m20.123819782s ago: executing program 2 (id=569):
ioctl$KVM_SET_REGS(0xffffffffffffffff, 0x4090ae82, &(0x7f0000000000)={[0x15, 0x7, 0x0, 0x180, 0x4, 0x10, 0x2000000000, 0x0, 0x7ff, 0x5, 0x0, 0x9, 0x3, 0x6, 0x0, 0xbdb], 0x1, 0x1d6690})
r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000040), 0x0, 0x0)
r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0)
ioctl$DVB_DEMUX_DMX_EXPBUF(0xffffffffffffffff, 0xc00c6f3e, &(0x7f00000001c0)={0x2, 0x80000, <r2=>r0})
r3 = openat$cgroup_ro(r2, &(0x7f0000000180)='rdma.current\x00', 0x275a, 0x0)
write$binfmt_script(r3, &(0x7f0000000000), 0x208e24b)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0x1000003, 0x28011, r3, 0x0)
preadv(r3, &(0x7f00000015c0)=[{&(0x7f0000000080)=""/124, 0xffffff23}], 0x1, 0x0, 0x0)
ioctl$KVM_SET_USER_MEMORY_REGION(r1, 0x4020ae46, &(0x7f0000000400)={0x0, 0x0, 0x0, 0x20002000, &(0x7f0000000000/0x2000)=nil})
r4 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0)
syz_kvm_setup_cpu$x86(0xffffffffffffffff, r4, &(0x7f0000000000/0x18000)=nil, &(0x7f0000000140)=[@text64={0x40, 0x0}], 0x1, 0x44, 0x0, 0x0)
bind$unix(0xffffffffffffffff, &(0x7f0000000100)=@abs={0x1, 0x0, 0x4e20}, 0x1c)
setsockopt$inet6_IPV6_RTHDR(r3, 0x29, 0x39, &(0x7f0000000200)={0x4, 0xe, 0x2, 0x1, 0x0, [@local, @ipv4={'\x00', '\xff\xff', @multicast2}, @private1={0xfc, 0x1, '\x00', 0x1}, @local, @rand_addr=' \x01\x00', @private2, @loopback]}, 0x78)
ioctl$KVM_RUN(r4, 0xae80, 0x0)

24m18.899378832s ago: executing program 2 (id=573):
socket$inet_smc(0x2b, 0x1, 0x0) (async)
r0 = socket$inet_smc(0x2b, 0x1, 0x0)
socket$nl_generic(0x10, 0x3, 0x10)
getsockopt$ARPT_SO_GET_INFO(r0, 0x0, 0x60, &(0x7f0000000000)={'filter\x00', 0x0, [0x7fff, 0x3, 0x73d]}, &(0x7f0000000080)=0x44) (async)
getsockopt$ARPT_SO_GET_INFO(r0, 0x0, 0x60, &(0x7f0000000000)={'filter\x00', 0x0, [0x7fff, 0x3, 0x73d]}, &(0x7f0000000080)=0x44)
socket(0x200000000000011, 0x2, 0x0) (async)
r1 = socket(0x200000000000011, 0x2, 0x0)
ioctl$sock_SIOCGIFINDEX(r1, 0x8933, &(0x7f0000000240)={'ip6gre0\x00', <r2=>0x0})
socketpair$unix(0x1, 0x1, 0x0, &(0x7f0000000600)={0xffffffffffffffff, <r3=>0xffffffffffffffff})
io_submit(0x0, 0x2, &(0x7f0000000140)=[&(0x7f00000001c0)={0x0, 0x4, 0x0, 0x0, 0x0, r3, 0x0, 0x0, 0x0, 0x0, 0x2}, &(0x7f0000000080)={0x0, 0x0, 0x2, 0x2, 0x0, r3, 0x0}])
bind$packet(r1, &(0x7f0000000180)={0x11, 0x0, r2, 0x1, 0x0, 0x6, @multicast}, 0x14)
socket$inet6_sctp(0xa, 0x5, 0x84) (async)
r4 = socket$inet6_sctp(0xa, 0x5, 0x84)
r5 = socket$alg(0x26, 0x5, 0x0)
bind$alg(r5, &(0x7f0000000000)={0x26, 'skcipher\x00', 0x0, 0x0, 'ecb(aes-aesni)\x00'}, 0x58)
r6 = creat(&(0x7f0000000240)='./bus\x00', 0xc2)
io_setup(0x5, &(0x7f0000000100)) (async)
io_setup(0x5, &(0x7f0000000100)=<r7=>0x0)
io_submit(r7, 0x2, &(0x7f0000000200)=[&(0x7f0000000140)={0x0, 0x0, 0x0, 0x2, 0x0, r6, 0x0}, &(0x7f0000000080)={0x0, 0x0, 0x8, 0x0, 0x0, r6, 0x0, 0x0, 0x0, 0x0, 0x2, r6}]) (async)
io_submit(r7, 0x2, &(0x7f0000000200)=[&(0x7f0000000140)={0x0, 0x0, 0x0, 0x2, 0x0, r6, 0x0}, &(0x7f0000000080)={0x0, 0x0, 0x8, 0x0, 0x0, r6, 0x0, 0x0, 0x0, 0x0, 0x2, r6}])
r8 = openat$nullb(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0)
ioctl$BLKRESETZONE(r8, 0x40101288, 0x0)
setsockopt$ALG_SET_KEY(r5, 0x117, 0x1, &(0x7f0000c18000)="ad56b6c5820fae9d6dcd3292ea54c7beef915d564c90c200", 0x18)
socket$nl_generic(0x10, 0x3, 0x10) (async)
r9 = socket$nl_generic(0x10, 0x3, 0x10)
setsockopt$SO_ATTACH_FILTER(r9, 0x1, 0x1a, &(0x7f0000000100)={0x3, &(0x7f0000000040)=[{0x40, 0x4, 0x76, 0xfff00000}, {0x50, 0x7, 0x48, 0x7}, {0x6, 0x25, 0x7, 0x207}]}, 0x10)
eventfd2(0x401, 0x800) (async)
r10 = eventfd2(0x401, 0x800)
read$eventfd(r10, &(0x7f00000000c0), 0x8)
syz_genetlink_get_family_id$devlink(&(0x7f0000000080), r9)
accept4(r5, 0x0, 0x0, 0x0) (async)
r11 = accept4(r5, 0x0, 0x0, 0x0)
recvmmsg(r11, &(0x7f0000001440)=[{{0x0, 0x0, &(0x7f0000001380)=[{&(0x7f0000000240)=""/4096, 0x1000}], 0x1}}], 0x1, 0x122, 0x0)
sendmmsg$alg(r11, &(0x7f0000002fc0)=[{0x0, 0x0, &(0x7f0000000100)=[{&(0x7f0000001240)="baae8280b28e215ef3759f10a3d38fbb2086e530e9e3327f439bba6b82fb8abb", 0x20}], 0x1, &(0x7f00000001c0)=[@op={0x18, 0x117, 0x3, 0x1}], 0x18}], 0x1, 0x10)
getsockopt$bt_hci(r4, 0x84, 0x1, 0x0, &(0x7f0000000580)=0x15)
sendmmsg(r1, &(0x7f0000007100)=[{{0x0, 0x0, 0x0}}], 0x1, 0x0)

24m18.41334499s ago: executing program 2 (id=575):
userfaultfd(0x80001)
r0 = open(&(0x7f0000000140)='./file0\x00', 0x2a4c0, 0x0)
openat$fuse(0xffffffffffffff9c, 0x0, 0x2, 0x0)
socketpair$unix(0x1, 0x3, 0x0, &(0x7f0000000080)={<r1=>0xffffffffffffffff, <r2=>0xffffffffffffffff})
connect$unix(r1, &(0x7f000057eff8)=@abs, 0x6e)
sendmmsg$unix(r2, &(0x7f00000bd000), 0x318, 0x0)
recvmmsg(r1, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
bpf$MAP_CREATE(0x0, 0x0, 0x48)
syz_genetlink_get_family_id$ethtool(0x0, 0xffffffffffffffff)
r3 = syz_create_resource$binfmt(0x0)
r4 = openat$binfmt(0xffffffffffffff9c, r3, 0x42, 0x1ff)
close(r4)
execveat$binfmt(0xffffffffffffff9c, r3, 0x0, 0x0, 0x0)
r5 = openat$binfmt(0xffffffffffffff9c, r3, 0x2, 0x0)
close(r5)
execveat$binfmt(0xffffffffffffff9c, r3, 0x0, 0x0, 0x0)
r6 = socket$nl_generic(0x10, 0x3, 0x10)
sendmsg$IPSET_CMD_CREATE(r0, &(0x7f0000000180)={&(0x7f0000000000)={0x10, 0x0, 0x0, 0x8}, 0xc, &(0x7f0000000100)={&(0x7f00000000c0)={0x34, 0x2, 0x6, 0x5, 0x0, 0x0, {0xb, 0x0, 0x1}, [@IPSET_ATTR_TYPENAME={0x11, 0x3, 'hash:ip,port\x00'}, @IPSET_ATTR_DATA={0xc, 0x7, 0x0, 0x1, [@IPSET_ATTR_CADT_FLAGS={0x8, 0x8, 0x1, 0x0, 0x50}]}]}, 0x34}}, 0x48010)
syz_genetlink_get_family_id$tipc2(&(0x7f0000000740), 0xffffffffffffffff)
sendmsg$TIPC_NL_UDP_GET_REMOTEIP(r6, &(0x7f00000001c0)={0x0, 0x0, 0x0}, 0x0)
execveat$binfmt(0xffffffffffffff9c, r3, 0x0, 0x0, 0x0)
r7 = socket$inet_udplite(0x2, 0x2, 0x88)
sendmsg$nl_route_sched(0xffffffffffffffff, 0x0, 0x0)
sendmsg$nl_route_sched(0xffffffffffffffff, 0x0, 0x0)
ioctl$sock_SIOCGIFINDEX(r7, 0x8933, &(0x7f00000002c0)={'bridge_slave_0\x00', <r8=>0x0})
r9 = socket(0x10, 0x80002, 0x0)
sendmsg$nl_route(r9, &(0x7f0000000040)={0x0, 0xffa1, &(0x7f0000000380)={&(0x7f0000000140)=ANY=[@ANYBLOB="440000001300a7cc4a372eaf541d002007000000", @ANYRES32=r8, @ANYBLOB="00000000100000001c001a80080002802d00ff0008000200", @ANYBLOB="35874207"], 0x44}, 0x1, 0x0, 0x0, 0x50}, 0x0)

24m17.284284305s ago: executing program 2 (id=581):
r0 = open(&(0x7f0000000140)='./file1\x00', 0x60142, 0x0)
r1 = openat$fuse(0xffffffffffffff9c, &(0x7f00000001c0), 0x2, 0x0)
mount$fuse(0x0, &(0x7f0000000100)='./file1\x00', &(0x7f0000000140), 0x2, &(0x7f0000002400)=ANY=[@ANYBLOB='fd=', @ANYRESHEX=r1, @ANYBLOB=',rootmode=00000000000000000100000,user_id=', @ANYRESDEC=0x0, @ANYBLOB=',group_id=', @ANYRESDEC=0x0])
read$FUSE(r1, &(0x7f0000000200)={0x2020, 0x0, <r2=>0x0}, 0x2020)
bpf$PROG_LOAD(0x5, &(0x7f0000000000)={0x1, 0x8, &(0x7f0000002480)=ANY=[@ANYBLOB="7a0af8ff75250000bfa100000000000007010000f8ffffffb702000005000000bf13000000000000850000000b000000b700000000000000950000ff00000000b2595285faa6ead0169191d54f8196217fc560e2fc91f6da4dad4fdc2eb1b5986fc4a3f611a7c8edd3aa5d6ee7ab10b1a297cf52866651064d08dde084e0c7ffddd73f30f2382f6cda4bfdd45be583823c0f09621f3c1c65ee19ee875daf45006a4c4ea5e13b2f9614d547244a22000000000000db453620ce72d75946c0b638d91dbef661935839c77edf2d34b12cd48a1b20fb7dd843267e0331759f4ec6b5b0af58e604f4942eb613eff289026d5045ef4a96279856076ff7ac9ba09f4886afc26abba34635d0e8b598a51bc742135a6e1d33fe226c944bc76be40d435aa8b5208ff0df2db761014b1b999a12df6bee431a668135b8214afa5827b56a8074bf1e6cf5d84b35a3a3a4c66824fe12dbe20fcf50a194185b9e2d8b815fedb0d982936156be22dda66fb977aef7c9cb92428ef25d9bf665bd60024c09e9eed5441218c54d0b3e9f298392b3276fabe4cb8d826e1ec03cc492f5cad6227c94fea467aea7fa8b58abc37056433edf43fba5566a3e022034ac81fd48f9b7314ffa730017fbd37fdb23bc26992529402a520ef67e246415a6a8ca9d4aa797a95ca3314d7bb31ad9713d249499ed0d8a24abd57e052888a9141ab4e6c6b939aaefc248791464970c43120211b9bc82a85cd2fc18f535c7986c2d52ba62f74f000000eaffffffffffffff0000000000c9b46ff99a039eda74f74fe532dcfcd2c315b626fd768dbdf00fd532575767a7bca3968f50c20cfcaf91ab14b77f87e476bcf45fff904531adea62a517702743bf3492c8952c8e1fc37674de47d5881750516404c647fe02085b1a9603227411b17b6c7bc84fdfa0cfce589550df8faeeae5ca5024b374da260be559a741d22370373392ed74a7d1aff96a5b59775237f50c6bd8e0c4a7666be5962cd0931845e659a03a48fe85d370d9b6b755a2f66989da880c899d4d1c6757be6baffdce49b8c81f43d933549289dd475e39f399f6822a111ed8142b5dd2c01a15c949d86bd93b580800"/798, @ANYRES32=r0], &(0x7f0000000180)='syzkaller\x00', 0xfffffffe, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback=0x13}, 0x94)
r3 = syz_open_dev$dri(&(0x7f0000000040), 0xd21, 0x0)
ioctl$DRM_IOCTL_GET_CAP(r3, 0xc010640c, &(0x7f0000000080)={0x9})
open(&(0x7f00000000c0)='./file1\x00', 0x0, 0x0)
write$FUSE_INIT(r1, &(0x7f0000002300)={0x50, 0x0, r2, {0x7, 0x9, 0x0, 0x1030002}}, 0x50)
read$FUSE(r1, &(0x7f00000027c0)={0x2020, 0x0, <r4=>0x0}, 0x2020)
ioctl$USBDEVFS_BULK(0xffffffffffffffff, 0x5523, 0x0)
setsockopt$inet_tcp_TCP_CONGESTION(0xffffffffffffffff, 0x6, 0xd, 0x0, 0x0)
r5 = syz_open_procfs(0xffffffffffffffff, &(0x7f0000000040)='net/vlan/vlan0\x00')
socketpair$nbd(0x1, 0x1, 0x0, &(0x7f0000000200)={0xffffffffffffffff, <r6=>0xffffffffffffffff})
ioctl$SIOCSIFHWADDR(r6, 0x8923, &(0x7f0000000000)={'vlan0\x00', @local})
sendfile(r5, r5, 0x0, 0xe)
mkdirat(0xffffffffffffff9c, &(0x7f0000000040)='./file0\x00', 0x1c0)
r7 = openat$fuse(0xffffffffffffff9c, &(0x7f0000000080), 0x42, 0x0)
mount$fuse(0x0, &(0x7f00000020c0)='./file0\x00', &(0x7f0000002100), 0x0, &(0x7f0000002140)=ANY=[@ANYBLOB='fd=', @ANYRESHEX=r7, @ANYBLOB="2c726f6f74c46f64653d30303030303030303030303030303030303034303030302c4815ecb5f9341fc8", @ANYRESDEC=0x0, @ANYBLOB=',group_id=', @ANYRESDEC=0x0, @ANYBLOB=',\x00'])
r8 = syz_open_dev$video4linux(&(0x7f0000000080), 0x0, 0x0)
ioctl$VIDIOC_SUBSCRIBE_EVENT(r8, 0x4020565a, &(0x7f0000000180)={0x3, 0x980900, 0x1})
ioctl$VIDIOC_DQEVENT(r8, 0x80885659, &(0x7f0000000240)={0x0, @src_change})
r9 = open_tree(0xffffffffffffff9c, &(0x7f0000000040)='.\x00', 0x89901)
move_mount(r9, &(0x7f0000000140)='.\x00', 0xffffffffffffff9c, &(0x7f0000000180)='./file0\x00', 0x0)
chroot(&(0x7f0000000300)='./file0/../file0/../file0/../file0\x00')
r10 = open_tree(0xffffffffffffff9c, &(0x7f0000000640)='\x00', 0x89901)
move_mount(r10, &(0x7f0000000140)='.\x00', 0xffffffffffffff9c, &(0x7f0000000300)='./file0\x00', 0x0)
pivot_root(&(0x7f0000000380)='./file0/../file0/../file0/../file0/file0\x00', &(0x7f0000000080)='./file0/../file0/../file0/../file0\x00')
write$FUSE_INTERRUPT(r1, &(0x7f0000002240)={0x10, 0xffffffffffffffda, r4}, 0x10)
openat$ubi_ctrl(0xffffffffffffff9c, 0x0, 0x20080, 0x0)

24m16.247737583s ago: executing program 2 (id=589):
r0 = socket$kcm(0x1e, 0x4, 0x0)
setsockopt$sock_attach_bpf(r0, 0x10f, 0x87, &(0x7f00000008c0), 0x43)
socketpair$unix(0x1, 0x3, 0x0, &(0x7f0000000080)={<r1=>0xffffffffffffffff, <r2=>0xffffffffffffffff})
connect$unix(r1, &(0x7f000057eff8)=@abs, 0x6e)
sendmmsg$unix(r2, &(0x7f00000bd000), 0x318, 0x0)
recvmmsg(r1, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x1, 0x0)
sched_setattr(0x0, &(0x7f0000000100)={0x38, 0x5, 0x0, 0x0, 0x0, 0xb45, 0x100000000009, 0xa, 0x0, 0x3}, 0x0)
socket$unix(0x1, 0x1, 0x0)
pipe2$watch_queue(&(0x7f0000000280)={<r3=>0xffffffffffffffff, <r4=>0xffffffffffffffff}, 0x80)
ioctl$vim2m_VIDIOC_REQBUFS(r4, 0xc0145608, &(0x7f00000001c0)={0x9, 0x3, 0x3, 0x0, 0x7})
r5 = add_key(&(0x7f0000000040)='cifs.spnego\x00', &(0x7f0000000100)={'syz', 0x3}, 0x0, 0x0, 0xfffffffffffffffe)
keyctl$KEYCTL_WATCH_KEY(0x20, r5, r3, 0x0)
keyctl$revoke(0x3, r5)
r6 = syz_io_uring_setup(0x111, &(0x7f0000000140)={0x0, 0x334e, 0x10, 0x10000006, 0x30f}, &(0x7f0000000280), &(0x7f0000000300))
io_uring_enter(r6, 0x7277, 0x0, 0x0, 0x0, 0x0)
r7 = socket$inet_sctp(0x2, 0x1, 0x84)
r8 = socket$inet_sctp(0x2, 0x1, 0x84)
setsockopt$IP_VS_SO_SET_ADD(r8, 0x0, 0x482, &(0x7f00000000c0)={0x84, @multicast2, 0x15, 0x3, 'rr\x00', 0x30, 0x4, 0x18}, 0x2c)
setsockopt$IP_VS_SO_SET_DELDEST(r7, 0x0, 0x488, &(0x7f0000000280)={{0x84, @empty, 0x4e20, 0x3, 'lblc\x00', 0x1d, 0x2, 0x2a}, {@loopback, 0x4e23, 0x10000, 0xc24, 0x9, 0xfffffffc}}, 0x44)
r9 = openat$ptp0(0xffffffffffffff9c, &(0x7f0000000000), 0xc0402, 0x0)
ioctl$PTP_SYS_OFFSET_EXTENDED(r9, 0xc4c03d09, 0x0)
r10 = syz_open_dev$loop(&(0x7f0000000280), 0xffff, 0x14f600)
r11 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000200)='cpuacct.stat\x00', 0x275a, 0x0)
sendmsg$NFT_BATCH(0xffffffffffffffff, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000040)={&(0x7f0000000400)=ANY=[@ANYBLOB="140000001000010000000000000000000000000a20000000000a03000000000000000000070000040900010073797a30000000009c000000090a010400000000000000000700000308000a40000000000900020073797a300000000009"], 0xe4}, 0x1, 0x0, 0x0, 0x8001}, 0x20050840)
write$binfmt_misc(r11, &(0x7f0000000040), 0xe09)
ioctl$LOOP_CONFIGURE(r10, 0x4c0a, &(0x7f00000002c0)={r11, 0x0, {0x2a00, 0x80010000, 0x0, 0x2, 0x0, 0x0, 0x0, 0x9, 0x1c, "fee8a2ab78fc979fd1e00d96072000001ea89de2b7fb0000e60080b8785d96000100", "2809e8dbe108598948224ad54afac11d875397bdb22d0000b420a1a93c5240f45f819e01177d3d458dd4992861ac00000000170000000400", "f4bd000000801900", [0x100000000, 0x8000000000000000]}})
setsockopt$sock_attach_bpf(0xffffffffffffffff, 0x10f, 0x87, &(0x7f00000008c0), 0x43)
socket$nl_generic(0x10, 0x3, 0x10)

24m15.559526457s ago: executing program 2 (id=591):
openat$dir(0xffffffffffffff9c, &(0x7f0000000040)='.\x00', 0x8000, 0x1b6)
fanotify_init(0x200, 0x0)
socket(0x28, 0x5, 0x0)
pipe2$watch_queue(&(0x7f0000000000), 0x80)
socket$can_bcm(0x1d, 0x2, 0x2)
userfaultfd(0x80800)
socket$kcm(0xa, 0x2, 0x73)
socket$nl_netfilter(0x10, 0x3, 0xc)
socket$inet6(0xa, 0x2, 0x0)
r0 = socket(0x10, 0x803, 0x0)
socket$nl_route(0x10, 0x3, 0x0)
openat$fuse(0xffffffffffffff9c, &(0x7f0000000040), 0x42, 0x0)
socket(0x80000000000000a, 0x2, 0x0)
socket$nl_generic(0x10, 0x3, 0x10)
syz_open_dev$video4linux(&(0x7f0000000000), 0xf, 0x101800)
socket$inet6_sctp(0xa, 0x1, 0x84)
syz_usb_connect(0x6, 0x24, &(0x7f00000001c0)=ANY=[], 0x0)
r1 = socket$nl_route(0x10, 0x3, 0x0)
unshare(0x6a040000)
mmap(&(0x7f00002ad000/0xc00000)=nil, 0xc00000, 0x3, 0x8031, 0xffffffffffffffff, 0x0)
socket$netlink(0x10, 0x3, 0x0)
r2 = gettid()
sendmsg$nl_route(r0, &(0x7f0000000340)={0x0, 0x0, &(0x7f0000000080)={&(0x7f0000005f00)=ANY=[@ANYBLOB="2800000010000100"/20, @ANYRES32=r1, @ANYBLOB="6d3082610000000008001300", @ANYRES32=r2], 0x28}, 0x1, 0x0, 0x0, 0x4000004}, 0x0)

24m14.775713263s ago: executing program 32 (id=591):
openat$dir(0xffffffffffffff9c, &(0x7f0000000040)='.\x00', 0x8000, 0x1b6)
fanotify_init(0x200, 0x0)
socket(0x28, 0x5, 0x0)
pipe2$watch_queue(&(0x7f0000000000), 0x80)
socket$can_bcm(0x1d, 0x2, 0x2)
userfaultfd(0x80800)
socket$kcm(0xa, 0x2, 0x73)
socket$nl_netfilter(0x10, 0x3, 0xc)
socket$inet6(0xa, 0x2, 0x0)
r0 = socket(0x10, 0x803, 0x0)
socket$nl_route(0x10, 0x3, 0x0)
openat$fuse(0xffffffffffffff9c, &(0x7f0000000040), 0x42, 0x0)
socket(0x80000000000000a, 0x2, 0x0)
socket$nl_generic(0x10, 0x3, 0x10)
syz_open_dev$video4linux(&(0x7f0000000000), 0xf, 0x101800)
socket$inet6_sctp(0xa, 0x1, 0x84)
syz_usb_connect(0x6, 0x24, &(0x7f00000001c0)=ANY=[], 0x0)
r1 = socket$nl_route(0x10, 0x3, 0x0)
unshare(0x6a040000)
mmap(&(0x7f00002ad000/0xc00000)=nil, 0xc00000, 0x3, 0x8031, 0xffffffffffffffff, 0x0)
socket$netlink(0x10, 0x3, 0x0)
r2 = gettid()
sendmsg$nl_route(r0, &(0x7f0000000340)={0x0, 0x0, &(0x7f0000000080)={&(0x7f0000005f00)=ANY=[@ANYBLOB="2800000010000100"/20, @ANYRES32=r1, @ANYBLOB="6d3082610000000008001300", @ANYRES32=r2], 0x28}, 0x1, 0x0, 0x0, 0x4000004}, 0x0)

7m51.100222632s ago: executing program 1 (id=4248):
r0 = socket$nl_netfilter(0x10, 0x3, 0xc)
sendmsg$IPSET_CMD_CREATE(r0, &(0x7f0000000040)={0x0, 0x0, &(0x7f00000044c0)={&(0x7f0000000200)={0x58, 0x2, 0x6, 0x801, 0x0, 0x0, {}, [@IPSET_ATTR_DATA={0xc, 0x7, 0x0, 0x1, [@IPSET_ATTR_BUCKETSIZE={0x5, 0x15, 0x3}]}, @IPSET_ATTR_FAMILY={0x5, 0x5, 0xa}, @IPSET_ATTR_PROTOCOL={0x5}, @IPSET_ATTR_REVISION={0x5}, @IPSET_ATTR_SETNAME={0x9, 0x2, 'syz1\x00'}, @IPSET_ATTR_TYPENAME={0x14, 0x3, 'hash:ip,port,ip\x00'}]}, 0x58}, 0x1, 0x0, 0xa000000}, 0x0)

7m50.95755368s ago: executing program 1 (id=4250):
r0 = socket(0x10, 0x803, 0x0)
sendmsg$IPVS_CMD_SET_INFO(r0, &(0x7f0000000b00)={0x0, 0x0, &(0x7f0000000ac0)={0x0, 0x14}}, 0x0)
getsockname$packet(r0, &(0x7f0000000100)={0x11, 0x0, <r1=>0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000200)=0x14)
sendmsg$nl_route(r0, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000380)=ANY=[@ANYBLOB="3c0000001000850600"/20, @ANYRES32=r1, @ANYBLOB="01000000000000001c0012000c000100626f6e64000000000c0002000800010006"], 0x3c}}, 0x0)
r2 = socket$nl_route(0x10, 0x3, 0x0)
r3 = socket(0x1, 0x803, 0x0)
getsockname$packet(r3, &(0x7f0000000100)={0x11, 0x0, <r4=>0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f00000001c0)=0x14)
r5 = socket$unix(0x1, 0x1, 0x0)
ioctl$sock_SIOCGIFINDEX(r5, 0x8933, &(0x7f0000000100)={'veth0_to_bond\x00', <r6=>0x0})
sendmsg$nl_route(r2, &(0x7f0000000280)={0x0, 0x0, &(0x7f0000000140)={&(0x7f00000003c0)=@newlink={0x68, 0x10, 0x403, 0x0, 0x0, {0x0, 0x0, 0x0, 0x0, 0x90646}, [@IFLA_LINKINFO={0x38, 0x12, 0x0, 0x1, @vlan={{0x9}, {0x28, 0x2, 0x0, 0x1, [@IFLA_VLAN_ID={0x6, 0x1, 0x4}, @IFLA_VLAN_EGRESS_QOS={0x1c, 0x3, 0x0, 0x1, [@IFLA_VLAN_QOS_MAPPING={0xc, 0x1, {0x7, 0x1}}, @IFLA_VLAN_QOS_MAPPING={0xc, 0x1, {0xfffffff7, 0x3}}]}]}}}, @IFLA_LINK={0x8, 0x5, r6}, @IFLA_MASTER={0x8, 0xa, r4}]}, 0x68}, 0x1, 0x0, 0x0, 0x600}, 0x8000000)

7m50.372137707s ago: executing program 1 (id=4253):
syz_open_dev$sndpcmp(&(0x7f0000000180), 0x1, 0x1)
syz_open_dev$sndpcmc(&(0x7f0000000000), 0x8, 0x8200)
openat$dlm_plock(0xffffffffffffff9c, &(0x7f0000000000), 0x41, 0x0)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
syz_open_dev$sndmidi(0x0, 0x2, 0x141101)
socketpair$unix(0x1, 0x3, 0x0, &(0x7f0000000080)={<r0=>0xffffffffffffffff, <r1=>0xffffffffffffffff})
connect$unix(r0, &(0x7f00000000c0)=@abs={0x0, 0x0, 0x4e24}, 0x6e)
sendmmsg$unix(r1, &(0x7f00000bd000), 0x318, 0x0)
recvmmsg(r0, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
sched_setattr(0x0, &(0x7f0000000280)={0x38, 0x5, 0x8, 0x8001, 0x0, 0x9, 0x0, 0xfffffe0000000001, 0xfa11, 0xffffffff}, 0x0)
r2 = syz_open_procfs(0xffffffffffffffff, &(0x7f0000000500)='status\x00')
lseek(r2, 0x6, 0x0)
r3 = socket$nl_route(0x10, 0x3, 0x0)
r4 = openat$tun(0xffffffffffffff9c, &(0x7f0000000240), 0x0, 0x0)
ioctl$TUNSETIFF(r4, 0x400454ca, &(0x7f0000000040)={'syzkaller0\x00', 0x7101})
r5 = socket(0x400000000010, 0x3, 0x0)
r6 = socket$unix(0x1, 0x1, 0x0)
ioctl$sock_SIOCGIFINDEX(r6, 0x8933, &(0x7f0000000100)={'syzkaller0\x00', <r7=>0x0})
sendmsg$nl_route_sched(r5, &(0x7f0000000bc0)={0x0, 0x0, &(0x7f0000000080)={&(0x7f00000005c0)=@newqdisc={0x38, 0x24, 0x4ee4e6a52ff56541, 0x70bd2a, 0xffffffff, {0x0, 0x0, 0x0, r7, {0x0, 0xfff1}, {0xffff, 0xffff}, {0x0, 0x2}}, [@qdisc_kind_options=@q_multiq={{0xb}, {0x8, 0x2, {0x0, 0x3}}}]}, 0x38}}, 0x0)
sendmsg$nl_route_sched(r5, 0x0, 0x20000000)
r8 = getpid()
prctl$PR_SCHED_CORE(0x3e, 0x0, r8, 0x1, &(0x7f0000000140))
sendmsg$nl_route_sched(r3, &(0x7f0000000700)={0x0, 0x1e5, &(0x7f00000006c0)={&(0x7f0000000440)=@deltaction={0x28, 0x32, 0x101, 0x0, 0x0, {}, [@TCA_ACT_TAB={0x14, 0x1, [{0x10, 0x1, 0x0, 0x0, @TCA_ACT_KIND={0x9, 0x1, 'gact\x00'}}]}]}, 0x28}}, 0x0)
unshare(0x2040400)
fsconfig$FSCONFIG_CMD_CREATE(0xffffffffffffffff, 0x6, 0x0, 0x0, 0x0)
unshare(0x2000400)
fsmount(0xffffffffffffffff, 0x0, 0x0)
r9 = socket(0x2, 0x80805, 0x0)
getsockopt$inet_sctp_SCTP_GET_ASSOC_STATS(r9, 0x84, 0x70, 0x0, &(0x7f0000000000)=0x17)

7m48.674230659s ago: executing program 1 (id=4260):
unshare(0x62040200)
syz_usb_connect(0x2, 0x56, &(0x7f0000000100)=ANY=[@ANYBLOB="1201000084a48e08d112f74247aa000000010902"], 0x0)
r0 = socket$inet(0xa, 0x801, 0x84)
r1 = openat$sysfs(0xffffffffffffff9c, &(0x7f0000000080)='/sys/power/resume', 0x149a82, 0x80)
write$cgroup_int(r1, &(0x7f0000000040)=0x800000000001e8, 0x12)
mkdir(&(0x7f00000002c0)='./file0\x00', 0x0)
r2 = openat$fuse(0xffffffffffffff9c, &(0x7f0000002080), 0x2, 0x0)
mount$fuse(0x0, &(0x7f00000020c0)='./file0\x00', &(0x7f0000002100), 0x0, &(0x7f0000000700)={{'fd', 0x3d, r2}, 0x2c, {'rootmode', 0x3d, 0x4000}})
r3 = open_tree(0xffffffffffffff9c, &(0x7f0000000640)='\x00', 0x89901)
r4 = epoll_create1(0x80000)
r5 = signalfd4(r2, &(0x7f00000000c0)={[0xfffffffffffffffd]}, 0x8, 0x180800)
epoll_ctl$EPOLL_CTL_ADD(r4, 0x1, r5, &(0x7f0000000180)={0x90000009})
ioctl$AUTOFS_DEV_IOCTL_ASKUMOUNT(r5, 0xc018937d, &(0x7f0000000680)={{0x1, 0x1, 0x18, r2, {0x4}}, './file0\x00'})
move_mount(r3, &(0x7f0000000140)='.\x00', 0xffffffffffffff9c, &(0x7f0000000180)='./file0\x00', 0x0)
r6 = open_tree(0xffffffffffffff9c, &(0x7f0000000640)='\x00', 0x9801)
move_mount(r6, &(0x7f0000000140)='.\x00', 0xffffffffffffff9c, &(0x7f0000000180)='./file0\x00', 0x0)
mount$fuseblk(0x0, &(0x7f0000000000)='./file0\x00', 0x0, 0x24000, 0x0)
r7 = socket$kcm(0x11, 0x3, 0x0)
sendmsg$kcm(r7, &(0x7f0000000fc0)={&(0x7f0000001340)=@hci={0x1f, 0xa888, 0x31}, 0x80, &(0x7f0000001000)=[{&(0x7f0000000000)="b8b2cc1e00c1dba49dbb46ca88fb", 0xe}], 0x1}, 0x0)
open_tree(0xffffffffffffff9c, &(0x7f0000000640)='\x00', 0x89901)
getsockopt$IPT_SO_GET_INFO(r0, 0x29, 0x40, &(0x7f0000000000)={'mangle\x00', 0x0, [0x8, 0x3, 0x3, 0x9, 0x8b37]}, &(0x7f00000005c0)=0x54)
r8 = socket$inet6_udplite(0xa, 0x2, 0x88)
setsockopt$IP6T_SO_SET_REPLACE(r8, 0x29, 0x40, &(0x7f0000000000)=@raw={'raw\x00', 0x3c1, 0x3, 0x530, 0x348, 0x18c, 0x203, 0x348, 0x19030000, 0x460, 0x2e0, 0x2e0, 0x460, 0x2e0, 0x3, 0x0, {[{{@uncond, 0x300, 0x300, 0x348, 0x0, {}, [@common=@unspec=@bpf0={{0x230}, {0x13, [{}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {0x16}]}}, @common=@hl={{0x28}}]}, @common=@unspec=@LED={0x48, 'LED\x00', 0x0, {'syz1\x00'}}}, {{@uncond, 0x0, 0xd0, 0x118, 0x0, {}, [@inet=@rpfilter={{0x28}}]}, @common=@unspec=@LED={0x48, 'LED\x00', 0x0, {'syz1\x00'}}}], {{'\x00', 0x0, 0xa8, 0xd0}, {0x28}}}}, 0x590)

7m47.223322946s ago: executing program 1 (id=4265):
r0 = openat$iommufd(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0)
sendmsg$alg(0xffffffffffffffff, &(0x7f0000000640)={0x0, 0x0, &(0x7f00000005c0)=[{&(0x7f0000000000)="a6820b3a60a072898c4a821e01f1df8b1f7b3f617653b5d3", 0x18}], 0x1, 0x0, 0x0, 0x200000d1}, 0x40880)
r1 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000040), 0x0, 0x0)
r2 = ioctl$KVM_CREATE_VM(r1, 0xae01, 0x0)
ioctl$sock_SIOCGIFINDEX_80211(0xffffffffffffffff, 0x8933, &(0x7f0000000000)={'wlan1\x00'})
r3 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f00000001c0)='blkio.bfq.io_wait_time_recursive\x00', 0x275a, 0x0)
r4 = socket$tipc(0x1e, 0x2, 0x0)
ioctl$sock_SIOCETHTOOL(r4, 0x8946, &(0x7f0000003fc0)={'bond0\x00', &(0x7f0000003f80)=@ethtool_pauseparam={0x13, 0x3, 0x1, 0x1}})
write$binfmt_script(r3, &(0x7f0000000000), 0x208e24b)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0x2, 0x28011, r3, 0x0)
ioctl$SNDRV_TIMER_IOCTL_PARAMS(r3, 0x40505412, &(0x7f0000000200)={0x2, 0x9, 0x9})
preadv(r3, &(0x7f00000015c0)=[{&(0x7f0000000440)=""/137, 0x89}], 0x1, 0x0, 0x0)
ioctl$KVM_SET_USER_MEMORY_REGION(r2, 0x4020ae46, &(0x7f0000000400)={0x10200, 0x0, 0x0, 0x2000, &(0x7f0000000000/0x2000)=nil})
r5 = ioctl$KVM_CREATE_VCPU(r2, 0xae41, 0x0)
syz_kvm_setup_cpu$x86(0xffffffffffffffff, r5, &(0x7f0000000000/0x18000)=nil, &(0x7f0000000140)=[@text64={0x40, 0x0}], 0x1, 0x64, 0x0, 0x0)
sendmsg$NL80211_CMD_SET_REKEY_OFFLOAD(r3, &(0x7f0000000300)={0x0, 0x18, 0x0}, 0x0)
ioctl$KVM_RUN(r5, 0xae80, 0x0)
ioctl$IOMMU_IOAS_ALLOC(r0, 0x3b81, &(0x7f0000000380)={0xc, 0x0, <r6=>0x0})
write$FUSE_DIRENT(r3, &(0x7f0000000680)={0x180, 0xfffffffffffffff5, 0x0, [{0x8000000000004, 0x2a0, 0xba, 0x7fff, 'blkio.bfq.io_wait_timursive\x00\xd0\xc3!\x83L^\xd8\xc8\b\xc7\x8f\b\xfbz\x9ct\x88g\"\n\fg\x16\xbe.\xd5E=q\xa9\xb8\xa3jt1M\xe6\xa5\f\x10d\xf3\x9eU\xc0 \xc8\xb4\xf5\xe3\xf4\xaa\x1aF~\xdc\xe6~\x87\x872\xdb^\x82%\xc01@A\xb1\x80N\x9e\b\xd5\xc0\xc3\xac\x1f\xaf\x98\xafg\x81\xba\xdd\x86\xb4y\xac\x80h\x8f\xc9\xb5\x91\xdf\xf8\xbc\xb5\xdbl\x9b\x81\xb7]\xfe?>a\xc6\x05Z\'\xff\xa5\xf9\xad\xff7\x1d\xef\x9fE\xb5\xcc5IL\xbc\xdfE\x7f\x8c\xc1\xaa\xf4\x90j\xe3y\xc7\xe9O\x93\xad\x7f\xbdm-_a\xf9(\x88\xf1\xd4\xd5'}, {0x3, 0xf5b, 0x4, 0xd62e, '/:,,'}, {0x2, 0x6, 0x3, 0x1, '.}^'}, {0x3, 0x800c, 0x1a, 0x800, '/v\xef\xf0\x96l\x0fr\xfd\x95\x1f\x1aq\xbf\x97\x94dev/iomm\xd8@'}, {0x3, 0x5, 0x1, 0x2, '\x00'}]}, 0x180)
sendmsg$nl_generic(0xffffffffffffffff, 0x0, 0x0)
ioctl$IOMMU_TEST_OP_CREATE_ACCESS(r0, 0x3ba0, 0x0)
ioctl$IOMMU_TEST_OP_MOCK_DOMAIN_FLAGS(r0, 0x3ba0, &(0x7f0000000040)={0x48, 0x2, r6, 0x0, <r7=>0x0})
r8 = socket$nl_netfilter(0x10, 0x3, 0xc)
sendmsg$NFT_BATCH(r8, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000000140)={&(0x7f0000000340)=ANY=[@ANYBLOB="140000001000010000000000000000000000000a28000000000a0101000000005e1affd5020000000900010073797a300000000008000240000000032c000000030a01030000e6ff00000000020000000900010073797a30000000000900030073797a320000000014000000110001"], 0x7c}}, 0x10)
sendmsg$NFT_BATCH(r8, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000040)={&(0x7f0000000180)={{0x14}, [@NFT_MSG_NEWRULE={0x54, 0x6, 0xa, 0x401, 0x0, 0x0, {0x2}, [@NFTA_RULE_EXPRESSIONS={0x28, 0x4, 0x0, 0x1, [{0x24, 0x1, 0x0, 0x1, @inner={{0xa}, @val={0x14, 0x2, 0x0, 0x1, [@NFTA_INNER_FLAGS={0x8, 0x3, 0x1, 0x0, 0xa}, @NFTA_INNER_NUM={0x8}]}}}]}, @NFTA_RULE_TABLE={0x9, 0x1, 'syz0\x00'}, @NFTA_RULE_CHAIN={0x9, 0x2, 'syz2\x00'}]}], {0x14, 0x11, 0x1, 0x0, 0x0, {0x1}}}, 0x7c}}, 0x0)
ioctl$IOMMU_TEST_OP_MOCK_DOMAIN_REPLACE(r0, 0x3ba0, &(0x7f0000000180)={0x48, 0x12, r7, 0x0, r6})
socket$inet6_tcp(0xa, 0x1, 0x0)
mprotect(&(0x7f0000000000/0x800000)=nil, 0x800000, 0x5)
socket$inet_udplite(0x2, 0x2, 0x88)
writev(0xffffffffffffffff, 0x0, 0x0)

7m46.915526477s ago: executing program 1 (id=4266):
setsockopt$inet6_IPV6_FLOWLABEL_MGR(0xffffffffffffffff, 0x29, 0x20, &(0x7f00000000c0)={@mcast2, 0x800, 0x0, 0x3, 0x9, 0x401}, 0x20)
openat$sndseq(0xffffffffffffff9c, &(0x7f0000000800), 0x7850c0)
r0 = socket$nl_route(0x10, 0x3, 0x0)
openat$kvm(0xffffff9c, 0x0, 0x0, 0x0)
socketpair$unix(0x1, 0x3, 0x0, &(0x7f0000000080)={<r1=>0xffffffffffffffff, <r2=>0xffffffffffffffff})
connect$unix(r1, &(0x7f0000000300)=@abs, 0x6e)
sendmmsg$unix(r2, &(0x7f00000bd000), 0x318, 0x0)
recvmmsg(r1, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
sendmsg$kcm(0xffffffffffffffff, &(0x7f0000001f80)={0x0, 0x0, &(0x7f0000000140)}, 0x0)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
sched_setattr(0x0, &(0x7f0000000100)={0x38, 0x3, 0x0, 0x18000000, 0x0, 0xb47, 0x9, 0x8, 0x80000001, 0x3}, 0x0)
openat$sequencer2(0xffffffffffffff9c, &(0x7f0000000140), 0x8417f, 0x0)
r3 = openat$cgroup_ro(0xffffffffffffff9c, 0x0, 0x26e1, 0x0)
r4 = socket$nl_generic(0x10, 0x3, 0x10)
r5 = syz_genetlink_get_family_id$ethtool(&(0x7f0000000540), 0xffffffffffffffff)
io_uring_enter(r3, 0x4bb7, 0xcfff, 0x6, &(0x7f0000000980)={[0x800000000]}, 0x8)
sendmsg$ETHTOOL_MSG_STRSET_GET(r4, &(0x7f0000000a40)={0x0, 0x0, &(0x7f00000009c0)={&(0x7f0000001340)=ANY=[@ANYBLOB="fe41d4d758d9847b56d5069f89746a68a9aceefb5797d1f8b748b66a49b0dc064f604f1b2c00e6ccf38632d84d4fdf57976216d505f7ff2bab2b2d1a1ac7064a49263361f86ca82f6d28345cc51b8f9c0bc18f53a7befaa620b0372ed71269703e451b21942f375758f6f2926d9573b7fef0a5add7cedc5a749dfa9639d1b7ebf8954cf96437573da963aedaefdb57f0a5af190840f417b4b2945f92a50739ddd334c92b7e772351f90e36de0000000000", @ANYRES16=r5, @ANYBLOB="010000000000fedbdf250100000000000300100002800c0001800800010002000000"], 0xfffffffffffffe81}, 0x1, 0x0, 0x0, 0x141}, 0x80c0)
r6 = syz_genetlink_get_family_id$nl80211(&(0x7f00000005c0), r3)
ioctl$sock_SIOCGIFINDEX_80211(0xffffffffffffffff, 0x8933, &(0x7f0000000600)={'wlan1\x00'})
sendmsg$NL80211_CMD_CONTROL_PORT_FRAME(r4, &(0x7f0000000f40)={&(0x7f0000000580)={0x10, 0x0, 0x0, 0x200}, 0x9, &(0x7f0000000640)={&(0x7f0000001180)=ANY=[@ANYBLOB="60000000f13126fbe642bf6bc7bb8e45d23bb3e8bd901e74637e687e02096388d5a7c5c68dfbdd605c56fc505507641a55cc717790ca1ce3f0655cc0584487fbb97f83431ef0762dddf21a8b3f15aff5dade2f75cbc642f11f6edafc63a4e3e951e1acfcd31d88a09eb02430482ed316e709f5b6ff38e49f329a4503255dcf70e2f57d926abf9b115680a58afbff6e739e0604b53b8bbe53b17cf84dfe012a08034a4cae9f3e3b9edf9a4acae0834929ca18401fce5207e3f64c160cd6684efa23441ff97a94dd5c631b6cb6a4fcdd0c02624de7cb40f93f9ee46a6f72e1b5b876b604fc10774f5ce33bcefbf03cf836522482e9b35f96203f340828ce4e7fae366cf21f8173665848711ce84e35d396c7787a958db9a1d1a0ef83b0415496d7a4c8a3cfd026cb32981bc5577bd499e6f12bb87d8ea6eb08aa2d6b0f49abc05f4b6101952650035e8ce4e09f3e3c013875825c24d54f324a816c0b11e89092c2ca58aaeb6e34e1934ced6a70c95d19913516982262f68c8b580b5c64c9aa8017a5d3747d511e27de365bd4ad87", @ANYRES16=r6, @ANYBLOB="10002cbd7000fbdbdf258100000008000300", @ANYRES8=r4, @ANYRESOCT=r1], 0x70}, 0x1, 0x0, 0x0, 0x4000800}, 0x1)
recvfrom$inet(0xffffffffffffffff, 0x0, 0x0, 0x40000021, 0x0, 0x0)
r7 = openat$vicodec0(0xffffffffffffff9c, &(0x7f0000000240), 0x2, 0x0)
mknod$loop(&(0x7f0000000140)='./file0\x00', 0x8fff, 0x0)
move_pages(0x0, 0x0, &(0x7f0000000040), &(0x7f0000001180), 0x0, 0x0)
r8 = socket$inet6_sctp(0xa, 0x5, 0x84)
getsockopt$inet_sctp6_SCTP_SOCKOPT_CONNECTX3(r8, 0x84, 0x6f, &(0x7f0000000280)={0x0, 0x0, &(0x7f0000000180)}, &(0x7f0000000080)=0x10)
execve(&(0x7f0000000040)='./file0\x00', &(0x7f0000000ac0)={[&(0x7f0000000280)='\x7f\xb7\xc3\x7f\xa5a\xd6A*c\x9b\xd8R\xf02b\xefA|uiWb\x8f\xee\x1c\xc5\xdb^\x11\x16h\x83\x94y<yN\xfbXh[\xe9\xa9\x1702\x7f\x9e\xf0\x99\xad\xdc;p\x98R\a\xb1\x9d^\x0f\x121\xb3\xab7P\xd6\xcb\x06\xfe2~W\xd9\xad\x80\xd9!\x89%\xb80\xa3l;\x1eK\x90\x15\xc6\x11A\xfc\x7f\xc6\xed\xe7\xa3\x9f\xb4\xce\"\xef\xa8\x86F\x15\xb9\rj\f\xafa\xb0}\xde\'E\x84\xb2bO\xd2\xd4\x85F\xde1e\xe0\xf2\xa0/\xd3<\xda\xfe\x04,\xfa\x97\xb6\xf4\xcf\x0el\xf2\xbd\x18\x88\xd7\x02\xce\x99\x1f\xadj\x89\xd9\xb7\xae9\xb0\xb0{n.\xd7\x87C\x0eh|KZG\x108l\n\xcd\xe9\x04\xafM\xbf\x83#>\x89\xf1Y{\x87\xd5\xf3\xccMr\xc5\xbdT\x9e\xc4\x84\x06\xcd\x8b\xcd\t\x01', &(0x7f0000000180)='\x7f\xbf\xc3\x7f\xa5a\xd6A*c\x9b\xd8R\xf02b\xefA|uiWb\x8f\xee\x1c\xc5\xdb^\x11\x16h\x83\x94y<yN\xfbXh[\xe9\xf0\x99\xad\xdc;p\x98R\a\xb1\x9d^\x0f\x121\xb3\xab7P\xd6\xcb\x06\xfe2~W\xd9\xad\x80\xd9!\x89%\xb80\xa3l;\x1eK\x90\x15\xc6\x11A\xfc\x7f\xc6\xed\xe7\xa3\x9f\xb4\xce\"\xef\xa8\x86F\x15\xb9\rj\f\xafa\xb0}\xde\'E\x84\xb2bO\xd2\xd4\x85F\xde1e\xe0\xf2\xa0/\xd3<\xda\xfe\x04,\xfa\x97\xb6\xf4\xcf\x0el\xf2\xbd\x18\x88\xd7\x02\xce\x99\x1f\xadj\x89\xd9\xb7\xae9\xb0\xb0{n.\xd7\x87C\x0eh|KZG\x108l\n\xcd\xe9\x04\xafM\xbf\x83#>\x89\xf1Y{\x87\xd5\xf3\xccMr\xc5\xbdT\x9e\xc4\x84\x06\xcd\x8b\xcd\t\x01', &(0x7f0000000380)='\x7f\xb7\xc3\x7f\xa5a\xd6A*c\x9b\xd8R\xf02b\xefA|uiWb\x8f\xee\x1c\xc5\xdb^\x11\x16h\x83\x94y<yN\xfbXh[\xe9\xa9\x1702\x7f\x9e\xf0\x99\xad\xdc;p\x98R\a\xb1\x9d^\x0f\x121\xb3\xab7P\xd6\xcb\x06\xfe2~W\xd9\xad\x80\xd9!\x89%\xb80\xa3l;\x1eK\x90\x15\xc6\x11A\xfc\x7f\xc6\xed\xe7\xa3\x9f\xb4\xce\"\xef\xa8\x86F\x15\xb9\rj\f\xafa\xb0}\xde\'E\x84\xb2bO\xd2\xd4\x85F\xde1e\xe0\xf2\xa0/\xd3<\xda\xfe\x04,\xfa\x97\xb6\xf4\xcf\x0el\xf2\xbd\x18\x88\xd7\x02\xce\x99\x1f\xadj\x89\xd9\xb7\xae9\xb0\xb0{n.\xd7\x87C\x0eh|KZG\x108l\n\xcd\xe9\x04\xafM\xbf\x83#>\x89\xf1Y{\x87\xd5\xf3\xccMr\xc5\xbdT\x9e\xc4\x84\x06\xcd\x8b\xcd\t\x01', &(0x7f0000000840)='\xf6\x98l_\xf5<\x1a_6:E\rUM\xedE\x89\xdfA\xe4\xf0\xc5\x819\xd1\x06C\xfe\xdc\x0f\x83\xe9\xbd\x15\x90\x91d\xde\xbf`p\x00\x91\x13^m\x86\xd1\xcc\xf3\xac\xf2\xed\x14\x1f4\xd6\x15\xf70\'', &(0x7f0000000480)='\x7f\xb7\xc3\x7f\xa5a\xd6A*c\x9b\xd8R\xf02b\xefA|uiWb\x8f\xee\x1c\xc5\xdb^\x11\x16h\x83\x94y<yN\xfbXh[\xe9\xa9\x1702\x7f\x9e\xf0\x99\xad\xdc;p\x98R\a\xb1\x9d^\x0f\x121\xb3\xab7P\xd6\xcb\x06\xfe2~W\xd9\xad\x80\xd9!\x89%\xb80\xa3l;\x1eK\x90\x15\xc6\x11A\xfc\x7f\xc6\xed\xe7\xa3\x9f\xb4\xce\"\xef\xa8\x86F\x15\xb9\rj\f\xafa\xb0}\xde\'E\x84\xb2bO\xd2\xd4\x85F\xde1e\xe0\xf2\xa0/\xd3<\xda\xfe\x04,\xfa\x97\xb6\xf4\xcf\x0el\xf2\xbd\x18\x88\xd7\x02\xce\x99\x1f\xadj\x89\xd9\xb7\xae9\xb0\xb0{n.\xd7\x87C\x0eh|KZG\x108l\n\xcd\xe9\x04\xafM\xbf\x83#>\x89\xf1Y{\x87\xd5\xf3\xccMr\xc5\xbdT\x9e\xc4\x84\x06\xcd\x8b\xcd\t\x01', &(0x7f0000001440)='\x7f\xb7\xc3\x7f\xa5a\xd6\xd3\x18\xd0\xe0\xd8R\xf02b\xefA|uiWb\x8f\xee\x1ch\x83\x94y<yN\xfbXh[\xe9\xa9\x1702\x7f\x9e\xf0\x99\xad\xdc;p\x98R\a\xb1\x9d^\x0f\x121\xb3\xab7P\xd6\xcb\x06\xfe2~W\xd9\xad\x80\xd9!\x89%\xb80\xa3l\x00\x1eK\x90\x15\xc6\x11A\xfc\x7f\xc6\xed\xe7\xa3\x9f\xb4\xce\"\xe5\x9ez1b\xf1\xef\xa8\x86F\x15\xb9\rj\f\xafa\xb0}\xde\'E\x84\xb2bO\xd2\xd4\x85F\xde1e\xe0\xf2\xa0/\xd3<\xda\xfe\x04,\xfa\x97\xb6\xf4\xcf\x0el\xf2\xbd\x18\x88\xd7\x02\xce\x99\x1f\xadj\x89\xd9\xb7\xae9\xb0\xb0{n.\xd7\x87C$h|\xcbZG\x108l\n\xcd\xe9\x04\xafM\xbf\x83#>\x89\xf1Y{\x87\xd5\xf7\xccMr\xc5\xbdT\x9e\xd4\x84\x06\xcd\x8b\xcd\t\x01\x11\xbc\x86<\x8b\xad\xc4\x80B\xce\x86\x86g\x92\x92w\x89\xfe\xba\xbeeC\x96Ad\t\xc2\xc8\xed\xf3\x1e\x84Ot\x12`=\x98r\x94[\xc8\x91r\xbaG3\xd6a\xca\x05\xd5\xec\xfd\xfa\xaa\xa1\xa7\xcc\x85\xf5D_\xb4$r\xca\x8f\xcf[T\xb9\x0f\xaf\x00\xbc\xa4\xba\xb6=]\x8a\xfb\xaa\xdc+\xbe\a\x06>\r\xe5,i\xa2\xa8\xa2M\xc7\xfb\x11\xd1U\xe5H\xd6\x1b\xf7\xf6B\xcbG\xe4\xe6\xc3{\xf5\xf9_F\x02\x8ah\x15G`+\xf9\xb9\x95V\xa3\xb0\x1b\x0e\xafle%/K\xbb\x9d\x17\xde0\xc2\xa41\x9aS\xe6M\x1e\xb9\xc9\xe8\xf7i\x02e\x8c\xce\xa9\xe7\xc9\x13\xa4\xe8\xf4\x1c\xff\x82\xe13\x89\xeex\xb5\xcf\xce\x108j#\xabH\xc3RU\x00M?\xca\x9c\xefT\xaaJ8*\xe0S\rV\x9c\xaf\xb3yh\x15\xa2\xce>>f\x16\x8d(\xeaot\x83\xe5\x13\xf2bA\xc1O\xbb~\xe5p\x83\xb3\x9d\x1c}\xe7\xd7\x811\x15\x9eP\xea\x00\x00\x00\x00\x00\xfd\x8c\x96\xebw\xdeg\"\xe4\xf6\xfc\x96N\xaf>!\xd9\xaf\x1be\xfa\xedJ\"\xab\x18xK5?\xec\xa0\xc2<\xa8\xdbo\xb1l\nn\xdb#\x97\xbcd\x0e\x93\x9e\xea\xb9\x9d-\xb6u\x7f\xe0\xa6\xef\xb4#\x1b@N\x04\xa0s\xa0\xe1\x90k8\xc3\r\xd0\x1b70b\xda\xe5\xb0\xa8\x01\x14N\xcf\x8dJ\xad\xc69\v\xbc[\xec\x97\xe7\xb2\x90j\xbd\xb1GX\xf2\xed\x15\xceK\xac\x19`a\x1e\x15\x90\x8d\xf4r\xd4Q\xd5\xc19|\xf7\x99\xed\x0e\xaf\xf7\xefR\xa6\xd0:\xe2yB\xfdpG\xf5\xc5\x919\x0f\xfa\xd1R\xc7\x8b\xbc)l\x11\xa8h2V\xe8\x1a\xf7\x8e\x14\xcbF\r\xa7w\xd3\xd3\xb7\xa5\x88\"\xa8\xa4>\xf0*\xbeM\x02\xf0i\x10m(7\xb64\xf5\xa1aZ\x16^\xde\a\xfae\xae\xe7{1\xd0\xa2\t\f\x85\x98\xdaK4]Hi1J\x95\x0e\xa37\x86ch\xcb\xeb\xbfq\xc6\xd3\x98\xd3\x8c_R\xe4oN\xa7\xab\x03\x1c\xc5}\xf1\x92\x82\xe3\xa5~jy<\xf7T\xaf\xabYQ\x82EI\xf0P\x96', &(0x7f0000000680)='\x7f\xb7\xc3\x7f\xa5a\xd6A*c\x9b\xd8R\xf02b\xefA|uiWb\x8f\xee\x1c\xc5\xdb^\x11\x16h\x83\x94y<yN\xfbXh[\xe9\xa9\x1702\x7f\x9e\xf0\x99\xad\xdc;p\x98R\a\xb1\x9d^\x0f\x12V-\xab7P\xd6\xcb\x06\xfe2~W\xd9\xad\x80\xd9!\x89%\xb80\xa3l;\x1eK\x90\x15\xc6\x11A\xfc\x7f\xc6\xed\xe7\xa3\x9f\xb4\xce\"\xef\xa8\x86F\x15\xb9\rj\f\xafa\xb0}\xde\'E\x84\xb2bO\xd2\xd4\x85F\xde1e\xe0\xf2\xa0/\xd3<\xda\xfe\x04,\xfa\x97\xb3\xf4\xcf\x0el\xf2\xbd\x18\x88\xd7\x02\xce\x99\x1f\xadj\x89\xd9\xb7\xae9\xb0\xb0{n.\xd7\x87C\x0eh|KZG\x108l\n\xcd\xe9\x04\xafM\xbf\x83#>\x89\xf1Y{\x87\xd5\xf3\xccMr\xc5\xbdT\x9e\xc4\x84\x06\xcd\x8b\xcd\t\x01', &(0x7f0000000880)='\xc1r\x9dnyb`\x00\xa2\xabCg\x13\b\x8f*\xdaA\x822\xf7\xaf\xf6U\xad\xb0\xb2\f\x88s\x19\xa3D\xa9\x82\x8a\xa3\x94\xab\"|\xcf\x1f\x12\x8d\xe1\xe5\xc3\x01\x03\x003\xa9p^\x01^\x16>tnF', &(0x7f00000007c0)='\x00', &(0x7f0000000900)='\x01-\x00\xb6\xb7\xe1\x7fl\xd5\xf8G\xfdQ=\xc3\xd4\x02RP\xb2\xbf\x99\xfc\x10\" \x93)\xc5\x93\x98\x11\xe0\xd4\x14\x9a\f#LU\xda\xeb\f\x03\xa4\xf7\x85\xddYL\xf7\xf2\xc4\xff@+\x04^\xcc\xc8\xa1\x9f\xa7p\xd2\xaa\xa2^\xa6\xd1\v\xd1\xdd+o\x91\xc8\x90\xeebUCE\xdc=\x89\x86\x81S\x038', &(0x7f0000001100)='\x10!%{@{+\x00\xb1\x1c\xbd\x18\x8e\xf7\x84\xb1\xd1\\C*8F}\xc0\xb4\xca\x17m\xef\xd5J\xb6\xd9$\xb9\xd8\x8b\b\xca\x91A\x0fp\xa3f\xec\xd2\xf3\xd9\x0e\xc9\xd6\x16\xa1w\x97\x86\xf5;\x94j\xbdl\x04\xe8\x97\xeftD\xb9\x85\'5\xe1\xb2\xaf4\x9dB\xf1}D\xc4\xb9\x12\x0f\xcd@:g\x05\x06\x87\xd6\x12N\xae\xa0S\xc0\xd8\xfeZ}\xe8\xc4\xce7\x91\xbbp\xad\xd7\x7f\x03RS\x0f\x81\xbaw\x1bJ\x85V\xe7s_', &(0x7f0000000a00)='.-\\:!\x00\x00\x00\x00\x00y\xa5\x91\x9d:)\x0f\x9d/\xf8\f\xad\xdb|\xcf\x1cHB\xc8\xa3Qo{\xc5|\xa5z\x0e\x0f\xdee\xc2\xe5>\xb6\xfe\xeaZ~\xa3\x15Vl\x00', &(0x7f00000008c0)='-\xf3\x00', &(0x7f0000000780)='.-\\:!\x00\x00\x00\x00\x00y\xa5\x91\x9d:)\x0f\x9d/\xf8\f\xad\xdb|\xcf\x1cHB\xc8\xa3Qo{\xc5|\xa5z\x0e\x0f\xdee\xc2>\xb6\xfe\xeaZ~\xa3\x15\x16l\x00', &(0x7f0000000a80)='::-$[]#:{\x00']}, &(0x7f0000000b80)={[0x0, &(0x7f0000000ec0)='-\xf3\x00u&\v/G\xe25\xa7\vk\xbc\x15\x17\x950\xca\xc5\x13\xaf\xfe\xa8\xd1>8W@SR\r\x10 \x16\xa6\x97\x9e\x82\x00\xf8\xef*`\xfe\x82<o\x89cf\xbd>\xff\xe15\t\xe5`\xd03\x06\xa0\xad=\x82MW 7\xaa\x9a\xb2\xa2\x00'/90]})
ioctl$VIDIOC_CREATE_BUFS(r7, 0xc100565c, &(0x7f0000001000)={0x0, 0x5, 0x3, {0xa, @pix={0x50000000, 0xf55d, 0x41414770, 0x45d5c735d62e0472, 0x81, 0xe4d3, 0x6, 0x7, 0x1, 0x2, 0x0, 0x4}}})
ioctl$KVM_CREATE_IRQCHIP(0xffffffffffffffff, 0xae60)
sendmsg$nl_route(r0, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000280)={&(0x7f0000000080)=ANY=[@ANYBLOB="4000000010000d042abd70000000000000000000", @ANYRES32=0x0, @ANYBLOB="21120000000000002000128008000100736974001400028206000d000500000008000300ac1414aa"], 0x40}, 0x1, 0x0, 0x0, 0x40}, 0x0)

7m46.538874238s ago: executing program 33 (id=4266):
setsockopt$inet6_IPV6_FLOWLABEL_MGR(0xffffffffffffffff, 0x29, 0x20, &(0x7f00000000c0)={@mcast2, 0x800, 0x0, 0x3, 0x9, 0x401}, 0x20)
openat$sndseq(0xffffffffffffff9c, &(0x7f0000000800), 0x7850c0)
r0 = socket$nl_route(0x10, 0x3, 0x0)
openat$kvm(0xffffff9c, 0x0, 0x0, 0x0)
socketpair$unix(0x1, 0x3, 0x0, &(0x7f0000000080)={<r1=>0xffffffffffffffff, <r2=>0xffffffffffffffff})
connect$unix(r1, &(0x7f0000000300)=@abs, 0x6e)
sendmmsg$unix(r2, &(0x7f00000bd000), 0x318, 0x0)
recvmmsg(r1, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
sendmsg$kcm(0xffffffffffffffff, &(0x7f0000001f80)={0x0, 0x0, &(0x7f0000000140)}, 0x0)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
sched_setattr(0x0, &(0x7f0000000100)={0x38, 0x3, 0x0, 0x18000000, 0x0, 0xb47, 0x9, 0x8, 0x80000001, 0x3}, 0x0)
openat$sequencer2(0xffffffffffffff9c, &(0x7f0000000140), 0x8417f, 0x0)
r3 = openat$cgroup_ro(0xffffffffffffff9c, 0x0, 0x26e1, 0x0)
r4 = socket$nl_generic(0x10, 0x3, 0x10)
r5 = syz_genetlink_get_family_id$ethtool(&(0x7f0000000540), 0xffffffffffffffff)
io_uring_enter(r3, 0x4bb7, 0xcfff, 0x6, &(0x7f0000000980)={[0x800000000]}, 0x8)
sendmsg$ETHTOOL_MSG_STRSET_GET(r4, &(0x7f0000000a40)={0x0, 0x0, &(0x7f00000009c0)={&(0x7f0000001340)=ANY=[@ANYBLOB="fe41d4d758d9847b56d5069f89746a68a9aceefb5797d1f8b748b66a49b0dc064f604f1b2c00e6ccf38632d84d4fdf57976216d505f7ff2bab2b2d1a1ac7064a49263361f86ca82f6d28345cc51b8f9c0bc18f53a7befaa620b0372ed71269703e451b21942f375758f6f2926d9573b7fef0a5add7cedc5a749dfa9639d1b7ebf8954cf96437573da963aedaefdb57f0a5af190840f417b4b2945f92a50739ddd334c92b7e772351f90e36de0000000000", @ANYRES16=r5, @ANYBLOB="010000000000fedbdf250100000000000300100002800c0001800800010002000000"], 0xfffffffffffffe81}, 0x1, 0x0, 0x0, 0x141}, 0x80c0)
r6 = syz_genetlink_get_family_id$nl80211(&(0x7f00000005c0), r3)
ioctl$sock_SIOCGIFINDEX_80211(0xffffffffffffffff, 0x8933, &(0x7f0000000600)={'wlan1\x00'})
sendmsg$NL80211_CMD_CONTROL_PORT_FRAME(r4, &(0x7f0000000f40)={&(0x7f0000000580)={0x10, 0x0, 0x0, 0x200}, 0x9, &(0x7f0000000640)={&(0x7f0000001180)=ANY=[@ANYBLOB="60000000f13126fbe642bf6bc7bb8e45d23bb3e8bd901e74637e687e02096388d5a7c5c68dfbdd605c56fc505507641a55cc717790ca1ce3f0655cc0584487fbb97f83431ef0762dddf21a8b3f15aff5dade2f75cbc642f11f6edafc63a4e3e951e1acfcd31d88a09eb02430482ed316e709f5b6ff38e49f329a4503255dcf70e2f57d926abf9b115680a58afbff6e739e0604b53b8bbe53b17cf84dfe012a08034a4cae9f3e3b9edf9a4acae0834929ca18401fce5207e3f64c160cd6684efa23441ff97a94dd5c631b6cb6a4fcdd0c02624de7cb40f93f9ee46a6f72e1b5b876b604fc10774f5ce33bcefbf03cf836522482e9b35f96203f340828ce4e7fae366cf21f8173665848711ce84e35d396c7787a958db9a1d1a0ef83b0415496d7a4c8a3cfd026cb32981bc5577bd499e6f12bb87d8ea6eb08aa2d6b0f49abc05f4b6101952650035e8ce4e09f3e3c013875825c24d54f324a816c0b11e89092c2ca58aaeb6e34e1934ced6a70c95d19913516982262f68c8b580b5c64c9aa8017a5d3747d511e27de365bd4ad87", @ANYRES16=r6, @ANYBLOB="10002cbd7000fbdbdf258100000008000300", @ANYRES8=r4, @ANYRESOCT=r1], 0x70}, 0x1, 0x0, 0x0, 0x4000800}, 0x1)
recvfrom$inet(0xffffffffffffffff, 0x0, 0x0, 0x40000021, 0x0, 0x0)
r7 = openat$vicodec0(0xffffffffffffff9c, &(0x7f0000000240), 0x2, 0x0)
mknod$loop(&(0x7f0000000140)='./file0\x00', 0x8fff, 0x0)
move_pages(0x0, 0x0, &(0x7f0000000040), &(0x7f0000001180), 0x0, 0x0)
r8 = socket$inet6_sctp(0xa, 0x5, 0x84)
getsockopt$inet_sctp6_SCTP_SOCKOPT_CONNECTX3(r8, 0x84, 0x6f, &(0x7f0000000280)={0x0, 0x0, &(0x7f0000000180)}, &(0x7f0000000080)=0x10)
execve(&(0x7f0000000040)='./file0\x00', &(0x7f0000000ac0)={[&(0x7f0000000280)='\x7f\xb7\xc3\x7f\xa5a\xd6A*c\x9b\xd8R\xf02b\xefA|uiWb\x8f\xee\x1c\xc5\xdb^\x11\x16h\x83\x94y<yN\xfbXh[\xe9\xa9\x1702\x7f\x9e\xf0\x99\xad\xdc;p\x98R\a\xb1\x9d^\x0f\x121\xb3\xab7P\xd6\xcb\x06\xfe2~W\xd9\xad\x80\xd9!\x89%\xb80\xa3l;\x1eK\x90\x15\xc6\x11A\xfc\x7f\xc6\xed\xe7\xa3\x9f\xb4\xce\"\xef\xa8\x86F\x15\xb9\rj\f\xafa\xb0}\xde\'E\x84\xb2bO\xd2\xd4\x85F\xde1e\xe0\xf2\xa0/\xd3<\xda\xfe\x04,\xfa\x97\xb6\xf4\xcf\x0el\xf2\xbd\x18\x88\xd7\x02\xce\x99\x1f\xadj\x89\xd9\xb7\xae9\xb0\xb0{n.\xd7\x87C\x0eh|KZG\x108l\n\xcd\xe9\x04\xafM\xbf\x83#>\x89\xf1Y{\x87\xd5\xf3\xccMr\xc5\xbdT\x9e\xc4\x84\x06\xcd\x8b\xcd\t\x01', &(0x7f0000000180)='\x7f\xbf\xc3\x7f\xa5a\xd6A*c\x9b\xd8R\xf02b\xefA|uiWb\x8f\xee\x1c\xc5\xdb^\x11\x16h\x83\x94y<yN\xfbXh[\xe9\xf0\x99\xad\xdc;p\x98R\a\xb1\x9d^\x0f\x121\xb3\xab7P\xd6\xcb\x06\xfe2~W\xd9\xad\x80\xd9!\x89%\xb80\xa3l;\x1eK\x90\x15\xc6\x11A\xfc\x7f\xc6\xed\xe7\xa3\x9f\xb4\xce\"\xef\xa8\x86F\x15\xb9\rj\f\xafa\xb0}\xde\'E\x84\xb2bO\xd2\xd4\x85F\xde1e\xe0\xf2\xa0/\xd3<\xda\xfe\x04,\xfa\x97\xb6\xf4\xcf\x0el\xf2\xbd\x18\x88\xd7\x02\xce\x99\x1f\xadj\x89\xd9\xb7\xae9\xb0\xb0{n.\xd7\x87C\x0eh|KZG\x108l\n\xcd\xe9\x04\xafM\xbf\x83#>\x89\xf1Y{\x87\xd5\xf3\xccMr\xc5\xbdT\x9e\xc4\x84\x06\xcd\x8b\xcd\t\x01', &(0x7f0000000380)='\x7f\xb7\xc3\x7f\xa5a\xd6A*c\x9b\xd8R\xf02b\xefA|uiWb\x8f\xee\x1c\xc5\xdb^\x11\x16h\x83\x94y<yN\xfbXh[\xe9\xa9\x1702\x7f\x9e\xf0\x99\xad\xdc;p\x98R\a\xb1\x9d^\x0f\x121\xb3\xab7P\xd6\xcb\x06\xfe2~W\xd9\xad\x80\xd9!\x89%\xb80\xa3l;\x1eK\x90\x15\xc6\x11A\xfc\x7f\xc6\xed\xe7\xa3\x9f\xb4\xce\"\xef\xa8\x86F\x15\xb9\rj\f\xafa\xb0}\xde\'E\x84\xb2bO\xd2\xd4\x85F\xde1e\xe0\xf2\xa0/\xd3<\xda\xfe\x04,\xfa\x97\xb6\xf4\xcf\x0el\xf2\xbd\x18\x88\xd7\x02\xce\x99\x1f\xadj\x89\xd9\xb7\xae9\xb0\xb0{n.\xd7\x87C\x0eh|KZG\x108l\n\xcd\xe9\x04\xafM\xbf\x83#>\x89\xf1Y{\x87\xd5\xf3\xccMr\xc5\xbdT\x9e\xc4\x84\x06\xcd\x8b\xcd\t\x01', &(0x7f0000000840)='\xf6\x98l_\xf5<\x1a_6:E\rUM\xedE\x89\xdfA\xe4\xf0\xc5\x819\xd1\x06C\xfe\xdc\x0f\x83\xe9\xbd\x15\x90\x91d\xde\xbf`p\x00\x91\x13^m\x86\xd1\xcc\xf3\xac\xf2\xed\x14\x1f4\xd6\x15\xf70\'', &(0x7f0000000480)='\x7f\xb7\xc3\x7f\xa5a\xd6A*c\x9b\xd8R\xf02b\xefA|uiWb\x8f\xee\x1c\xc5\xdb^\x11\x16h\x83\x94y<yN\xfbXh[\xe9\xa9\x1702\x7f\x9e\xf0\x99\xad\xdc;p\x98R\a\xb1\x9d^\x0f\x121\xb3\xab7P\xd6\xcb\x06\xfe2~W\xd9\xad\x80\xd9!\x89%\xb80\xa3l;\x1eK\x90\x15\xc6\x11A\xfc\x7f\xc6\xed\xe7\xa3\x9f\xb4\xce\"\xef\xa8\x86F\x15\xb9\rj\f\xafa\xb0}\xde\'E\x84\xb2bO\xd2\xd4\x85F\xde1e\xe0\xf2\xa0/\xd3<\xda\xfe\x04,\xfa\x97\xb6\xf4\xcf\x0el\xf2\xbd\x18\x88\xd7\x02\xce\x99\x1f\xadj\x89\xd9\xb7\xae9\xb0\xb0{n.\xd7\x87C\x0eh|KZG\x108l\n\xcd\xe9\x04\xafM\xbf\x83#>\x89\xf1Y{\x87\xd5\xf3\xccMr\xc5\xbdT\x9e\xc4\x84\x06\xcd\x8b\xcd\t\x01', &(0x7f0000001440)='\x7f\xb7\xc3\x7f\xa5a\xd6\xd3\x18\xd0\xe0\xd8R\xf02b\xefA|uiWb\x8f\xee\x1ch\x83\x94y<yN\xfbXh[\xe9\xa9\x1702\x7f\x9e\xf0\x99\xad\xdc;p\x98R\a\xb1\x9d^\x0f\x121\xb3\xab7P\xd6\xcb\x06\xfe2~W\xd9\xad\x80\xd9!\x89%\xb80\xa3l\x00\x1eK\x90\x15\xc6\x11A\xfc\x7f\xc6\xed\xe7\xa3\x9f\xb4\xce\"\xe5\x9ez1b\xf1\xef\xa8\x86F\x15\xb9\rj\f\xafa\xb0}\xde\'E\x84\xb2bO\xd2\xd4\x85F\xde1e\xe0\xf2\xa0/\xd3<\xda\xfe\x04,\xfa\x97\xb6\xf4\xcf\x0el\xf2\xbd\x18\x88\xd7\x02\xce\x99\x1f\xadj\x89\xd9\xb7\xae9\xb0\xb0{n.\xd7\x87C$h|\xcbZG\x108l\n\xcd\xe9\x04\xafM\xbf\x83#>\x89\xf1Y{\x87\xd5\xf7\xccMr\xc5\xbdT\x9e\xd4\x84\x06\xcd\x8b\xcd\t\x01\x11\xbc\x86<\x8b\xad\xc4\x80B\xce\x86\x86g\x92\x92w\x89\xfe\xba\xbeeC\x96Ad\t\xc2\xc8\xed\xf3\x1e\x84Ot\x12`=\x98r\x94[\xc8\x91r\xbaG3\xd6a\xca\x05\xd5\xec\xfd\xfa\xaa\xa1\xa7\xcc\x85\xf5D_\xb4$r\xca\x8f\xcf[T\xb9\x0f\xaf\x00\xbc\xa4\xba\xb6=]\x8a\xfb\xaa\xdc+\xbe\a\x06>\r\xe5,i\xa2\xa8\xa2M\xc7\xfb\x11\xd1U\xe5H\xd6\x1b\xf7\xf6B\xcbG\xe4\xe6\xc3{\xf5\xf9_F\x02\x8ah\x15G`+\xf9\xb9\x95V\xa3\xb0\x1b\x0e\xafle%/K\xbb\x9d\x17\xde0\xc2\xa41\x9aS\xe6M\x1e\xb9\xc9\xe8\xf7i\x02e\x8c\xce\xa9\xe7\xc9\x13\xa4\xe8\xf4\x1c\xff\x82\xe13\x89\xeex\xb5\xcf\xce\x108j#\xabH\xc3RU\x00M?\xca\x9c\xefT\xaaJ8*\xe0S\rV\x9c\xaf\xb3yh\x15\xa2\xce>>f\x16\x8d(\xeaot\x83\xe5\x13\xf2bA\xc1O\xbb~\xe5p\x83\xb3\x9d\x1c}\xe7\xd7\x811\x15\x9eP\xea\x00\x00\x00\x00\x00\xfd\x8c\x96\xebw\xdeg\"\xe4\xf6\xfc\x96N\xaf>!\xd9\xaf\x1be\xfa\xedJ\"\xab\x18xK5?\xec\xa0\xc2<\xa8\xdbo\xb1l\nn\xdb#\x97\xbcd\x0e\x93\x9e\xea\xb9\x9d-\xb6u\x7f\xe0\xa6\xef\xb4#\x1b@N\x04\xa0s\xa0\xe1\x90k8\xc3\r\xd0\x1b70b\xda\xe5\xb0\xa8\x01\x14N\xcf\x8dJ\xad\xc69\v\xbc[\xec\x97\xe7\xb2\x90j\xbd\xb1GX\xf2\xed\x15\xceK\xac\x19`a\x1e\x15\x90\x8d\xf4r\xd4Q\xd5\xc19|\xf7\x99\xed\x0e\xaf\xf7\xefR\xa6\xd0:\xe2yB\xfdpG\xf5\xc5\x919\x0f\xfa\xd1R\xc7\x8b\xbc)l\x11\xa8h2V\xe8\x1a\xf7\x8e\x14\xcbF\r\xa7w\xd3\xd3\xb7\xa5\x88\"\xa8\xa4>\xf0*\xbeM\x02\xf0i\x10m(7\xb64\xf5\xa1aZ\x16^\xde\a\xfae\xae\xe7{1\xd0\xa2\t\f\x85\x98\xdaK4]Hi1J\x95\x0e\xa37\x86ch\xcb\xeb\xbfq\xc6\xd3\x98\xd3\x8c_R\xe4oN\xa7\xab\x03\x1c\xc5}\xf1\x92\x82\xe3\xa5~jy<\xf7T\xaf\xabYQ\x82EI\xf0P\x96', &(0x7f0000000680)='\x7f\xb7\xc3\x7f\xa5a\xd6A*c\x9b\xd8R\xf02b\xefA|uiWb\x8f\xee\x1c\xc5\xdb^\x11\x16h\x83\x94y<yN\xfbXh[\xe9\xa9\x1702\x7f\x9e\xf0\x99\xad\xdc;p\x98R\a\xb1\x9d^\x0f\x12V-\xab7P\xd6\xcb\x06\xfe2~W\xd9\xad\x80\xd9!\x89%\xb80\xa3l;\x1eK\x90\x15\xc6\x11A\xfc\x7f\xc6\xed\xe7\xa3\x9f\xb4\xce\"\xef\xa8\x86F\x15\xb9\rj\f\xafa\xb0}\xde\'E\x84\xb2bO\xd2\xd4\x85F\xde1e\xe0\xf2\xa0/\xd3<\xda\xfe\x04,\xfa\x97\xb3\xf4\xcf\x0el\xf2\xbd\x18\x88\xd7\x02\xce\x99\x1f\xadj\x89\xd9\xb7\xae9\xb0\xb0{n.\xd7\x87C\x0eh|KZG\x108l\n\xcd\xe9\x04\xafM\xbf\x83#>\x89\xf1Y{\x87\xd5\xf3\xccMr\xc5\xbdT\x9e\xc4\x84\x06\xcd\x8b\xcd\t\x01', &(0x7f0000000880)='\xc1r\x9dnyb`\x00\xa2\xabCg\x13\b\x8f*\xdaA\x822\xf7\xaf\xf6U\xad\xb0\xb2\f\x88s\x19\xa3D\xa9\x82\x8a\xa3\x94\xab\"|\xcf\x1f\x12\x8d\xe1\xe5\xc3\x01\x03\x003\xa9p^\x01^\x16>tnF', &(0x7f00000007c0)='\x00', &(0x7f0000000900)='\x01-\x00\xb6\xb7\xe1\x7fl\xd5\xf8G\xfdQ=\xc3\xd4\x02RP\xb2\xbf\x99\xfc\x10\" \x93)\xc5\x93\x98\x11\xe0\xd4\x14\x9a\f#LU\xda\xeb\f\x03\xa4\xf7\x85\xddYL\xf7\xf2\xc4\xff@+\x04^\xcc\xc8\xa1\x9f\xa7p\xd2\xaa\xa2^\xa6\xd1\v\xd1\xdd+o\x91\xc8\x90\xeebUCE\xdc=\x89\x86\x81S\x038', &(0x7f0000001100)='\x10!%{@{+\x00\xb1\x1c\xbd\x18\x8e\xf7\x84\xb1\xd1\\C*8F}\xc0\xb4\xca\x17m\xef\xd5J\xb6\xd9$\xb9\xd8\x8b\b\xca\x91A\x0fp\xa3f\xec\xd2\xf3\xd9\x0e\xc9\xd6\x16\xa1w\x97\x86\xf5;\x94j\xbdl\x04\xe8\x97\xeftD\xb9\x85\'5\xe1\xb2\xaf4\x9dB\xf1}D\xc4\xb9\x12\x0f\xcd@:g\x05\x06\x87\xd6\x12N\xae\xa0S\xc0\xd8\xfeZ}\xe8\xc4\xce7\x91\xbbp\xad\xd7\x7f\x03RS\x0f\x81\xbaw\x1bJ\x85V\xe7s_', &(0x7f0000000a00)='.-\\:!\x00\x00\x00\x00\x00y\xa5\x91\x9d:)\x0f\x9d/\xf8\f\xad\xdb|\xcf\x1cHB\xc8\xa3Qo{\xc5|\xa5z\x0e\x0f\xdee\xc2\xe5>\xb6\xfe\xeaZ~\xa3\x15Vl\x00', &(0x7f00000008c0)='-\xf3\x00', &(0x7f0000000780)='.-\\:!\x00\x00\x00\x00\x00y\xa5\x91\x9d:)\x0f\x9d/\xf8\f\xad\xdb|\xcf\x1cHB\xc8\xa3Qo{\xc5|\xa5z\x0e\x0f\xdee\xc2>\xb6\xfe\xeaZ~\xa3\x15\x16l\x00', &(0x7f0000000a80)='::-$[]#:{\x00']}, &(0x7f0000000b80)={[0x0, &(0x7f0000000ec0)='-\xf3\x00u&\v/G\xe25\xa7\vk\xbc\x15\x17\x950\xca\xc5\x13\xaf\xfe\xa8\xd1>8W@SR\r\x10 \x16\xa6\x97\x9e\x82\x00\xf8\xef*`\xfe\x82<o\x89cf\xbd>\xff\xe15\t\xe5`\xd03\x06\xa0\xad=\x82MW 7\xaa\x9a\xb2\xa2\x00'/90]})
ioctl$VIDIOC_CREATE_BUFS(r7, 0xc100565c, &(0x7f0000001000)={0x0, 0x5, 0x3, {0xa, @pix={0x50000000, 0xf55d, 0x41414770, 0x45d5c735d62e0472, 0x81, 0xe4d3, 0x6, 0x7, 0x1, 0x2, 0x0, 0x4}}})
ioctl$KVM_CREATE_IRQCHIP(0xffffffffffffffff, 0xae60)
sendmsg$nl_route(r0, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000280)={&(0x7f0000000080)=ANY=[@ANYBLOB="4000000010000d042abd70000000000000000000", @ANYRES32=0x0, @ANYBLOB="21120000000000002000128008000100736974001400028206000d000500000008000300ac1414aa"], 0x40}, 0x1, 0x0, 0x0, 0x40}, 0x0)

10.507199713s ago: executing program 0 (id=5723):
r0 = openat$binfmt_format(0xffffffffffffff9c, &(0x7f0000000040)='/proc/sys/fs/binfmt_misc/syz1\x00', 0x2, 0x0)
r1 = socket$inet6_sctp(0xa, 0x1, 0x84)
setsockopt(r1, 0x84, 0x81, &(0x7f00000002c0)="1a00000002000000", 0x8)
setsockopt$inet_sctp_SCTP_SOCKOPT_BINDX_ADD(r1, 0x84, 0x64, &(0x7f0000000000)=[@in6={0xa, 0x4e23, 0x0, @loopback}], 0x1c)
setsockopt$inet_sctp6_SCTP_AUTH_CHUNK(r1, 0x84, 0x15, &(0x7f0000000180)={0x6}, 0x1)
sendto$inet6(r1, &(0x7f0000000040)='l', 0x1, 0x0, &(0x7f0000000100)={0xa, 0x4e23, 0x0, @loopback}, 0x1c)
close_range(r0, 0xffffffffffffffff, 0x0)

10.414015677s ago: executing program 4 (id=5724):
r0 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000040)='cgroup.controllers\x00', 0x275a, 0x0)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0x2, 0x28012, r0, 0x0)
syz_emit_ethernet(0x0, 0x0, 0x0)
madvise(&(0x7f0000000000/0x600000)=nil, 0x600003, 0x19)
madvise(&(0x7f0000130000/0xc00000)=nil, 0xc00000, 0x4)

10.251577276s ago: executing program 6 (id=5727):
r0 = openat$tun(0xffffffffffffff9c, &(0x7f0000000100), 0x0, 0x0)
bpf$MAP_CREATE(0x0, 0x0, 0x48)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
sched_setscheduler(0x0, 0x2, 0x0)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0)
ioctl$TUNSETIFF(r0, 0x400454ca, &(0x7f0000000040)={'syzkaller0\x00', 0x2})
r1 = socket$nl_route(0x10, 0x3, 0x0)
r2 = socket$unix(0x1, 0x1, 0x0)
ioctl$sock_SIOCGIFINDEX(r2, 0x8933, &(0x7f0000000100)={'syzkaller0\x00', <r3=>0x0})
sendmsg$nl_route_sched(r1, &(0x7f00000012c0)={0x0, 0x0, &(0x7f0000000080)={&(0x7f0000000700)=@newqdisc={0x48, 0x24, 0x4ee4e6a52ff56541, 0x70bd26, 0xffffffff, {0x0, 0x0, 0x0, r3, {0x0, 0xfff1}, {0xffff, 0xffff}}, [@qdisc_kind_options=@q_htb={{0x8}, {0x1c, 0x2, [@TCA_HTB_INIT={0x18, 0x2, {0x3, 0x8, 0x4}}]}}]}, 0x48}}, 0x20040084)
r4 = socket(0x400000000010, 0x3, 0x0)
r5 = socket$unix(0x1, 0x5, 0x0)
ioctl$sock_SIOCGIFINDEX(r5, 0x8933, &(0x7f0000000100)={'syzkaller0\x00', <r6=>0x0})
sendmsg$nl_route_sched(r4, &(0x7f0000006040)={0x0, 0x0, &(0x7f0000000140)={&(0x7f00000000c0)=@gettfilter={0x24, 0x2e, 0x1, 0x78bd28, 0x25dfdbfd, {0x0, 0x0, 0x0, r6, {0xfff2, 0xffe0}, {0xc, 0xfff1}, {0x7, 0x2}}}, 0x24}, 0x1, 0x0, 0x0, 0x20000801}, 0x4041080)

10.195386356s ago: executing program 4 (id=5728):
r0 = socket$inet6(0xa, 0x80001, 0x0)
r1 = syz_open_procfs(0x0, 0x0)
getdents(r1, &(0x7f0000000000)=""/41, 0x29)
getdents64(r1, 0xffffffffffffffff, 0x43)
setsockopt$inet6_MCAST_JOIN_GROUP(r0, 0x29, 0x2a, &(0x7f0000fca000)={0x100000001, {{0xa, 0x0, 0x0, @mcast1}}}, 0x88)
socketpair$unix(0x1, 0x3, 0x0, &(0x7f0000000180)={<r2=>0xffffffffffffffff, <r3=>0xffffffffffffffff})
connect$unix(r2, &(0x7f000057eff8)=@abs, 0x6e)
sendmmsg$unix(r3, &(0x7f00000bd000), 0x318, 0x0)
recvmmsg(r2, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
sendto$unix(0xffffffffffffffff, 0x0, 0xffffffffffffff84, 0x48850, &(0x7f0000000340)=@abs={0x0, 0x0, 0x4e20}, 0x6e)
sched_setattr(0x0, &(0x7f0000000280)={0x38, 0x5, 0x8, 0x8001, 0x0, 0x9, 0x0, 0xfffffe0000000001, 0xfa11, 0xffffffff}, 0x0)
setsockopt$inet6_group_source_req(0xffffffffffffffff, 0x29, 0x2e, &(0x7f0000000200)={0x6, {{0xa, 0x3, 0x0, @mcast1={0xff, 0x7}}}, {{0xa, 0xfffd, 0x0, @ipv4={'\x00', '\xff\xff', @local}}}}, 0x108)
r4 = socket$nl_netfilter(0x10, 0x3, 0xc)
socket$nl_route(0x10, 0x3, 0x0)
syz_usb_connect$cdc_ncm(0x6, 0x9b, 0x0, 0x0)
syz_open_dev$radio(&(0x7f0000000140), 0x2, 0x2)
syz_usb_connect$cdc_ncm(0x4, 0xd1, &(0x7f0000000040)=ANY=[@ANYBLOB="12011003020000182505a1a44000010203010902bf0002010650000900000000020d00000524060001082400a9b30d240f010a0000000300ff000606241a05001407240a050905580c240c00000000a90c0900030424020204240200042402"], 0x0)
syz_usb_connect(0x3, 0xf5, &(0x7f0000000000)=ANY=[@ANYBLOB="12010000772aed408680070bb96c010203010902e30003dc2000000904003f000e01000505a40600010524007f000d240f0104000000080000000006241a03000a05240101070424020a1524120009a317a88b045e4f01a607c0ffcb7e392a09044c03003a92a2010a240109000102010205240401050c2402"], 0x0)
sendmsg$NFT_BATCH(r4, &(0x7f0000009b40)={0x0, 0x0, &(0x7f0000009b00)={&(0x7f0000000400)=ANY=[@ANYBLOB], 0xb8}, 0x1, 0x0, 0x0, 0x4000850}, 0x40)
r5 = socket$nl_netfilter(0x10, 0x3, 0xc)
sendmsg$NFT_MSG_GETSETELEM(r5, &(0x7f0000000100)={0x0, 0x0, 0x0}, 0x8000)
bpf$PROG_LOAD(0x5, &(0x7f00000017c0)={0x1, 0xe, &(0x7f0000000200)=ANY=[], &(0x7f00000001c0)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x8, &(0x7f0000000000), 0x8, 0x10, &(0x7f0000000000), 0x10}, 0x94)
r6 = syz_open_dev$vcsa(&(0x7f0000000040), 0x1, 0x48042)
writev(r6, &(0x7f0000000c40)=[{0x0}, {&(0x7f00000005c0)="c21cfb", 0x3}, {0x0}, {&(0x7f0000000900)}], 0x4)
setsockopt$inet6_group_source_req(r0, 0x29, 0x2e, &(0x7f0000000240)={0x0, {{0xa, 0x0, 0x0, @mcast2, 0xfffffffe}}, {{0xa, 0x4e21, 0x0, @ipv4={'\x00', '\xff\xff', @remote}, 0x100b}}}, 0x108)
setsockopt$inet6_MCAST_MSFILTER(r0, 0x29, 0x30, &(0x7f0000000380)=ANY=[@ANYBLOB="01000000000000000a00000000000000"], 0x90)

9.958308941s ago: executing program 3 (id=5730):
socket$nl_netfilter(0x10, 0x3, 0xc)
memfd_create(&(0x7f0000000000)='\x103q}2\x9a\xce\xaf\x03\xdfy[\xd9\xffR8\xf4\x1c\bi\xe4^\xd5\xfd\xa9\r\xac7A\x94\xa0\x00\x00\x00\x90+\xd6\x05\r\x84\x87\x1c\b\xdb\xe2\x00\x00A\x90m\xb6&\xd0\x9d\x00\x00\xc5\xb8,\f\xd4s\xb2\x99/\xc0\x9a\xf2O\xdb\x00\x00\x00\x00\x00\x00\r\x1b\xd3\xff<\x83z\x80\x8fQ|\xf5d\x10\x10\xd7\x01M\x7fML\x18\'\x1a<\xfee7{l\x16}\xa0I\x7f\xb5)l\xbb\x02\xfa\xb7\xb6\xa0]\xda8\xe0~\x1c \x91\t\x8b\xbd\x1f\xb3834d1i\x9b\x94\xa6\\\x0e\xe2\xfa\xe5!\xd3\xcf\xfc\xce\xba\xe2\x9f\x05xgL5\x14Y+\xb3\x1axi)<\xf7\x98\xc1\xba\xf4|\xe7|\xc4\xd7\x03\x00\x00\x00\x04D\x15E^7%8\x94y\xfe\x96\x98\xf0l\xa0\'Q%\xd4\xda\xee\x81}\xcc\xfd\xa2\xe3M~x\x96\xe3]\xd70\xa2\x17\xca\xde\x1b\xaa\xe0l\xfc\x85\x8fc\x1c{|e\x8bs\xb0\x85E\xce;p)\xf8\xa6\xaa&QC4V\x81\x04\xcf\xd2\x81\xdc\xdf\xd7<\x9f\x93\x8bX\xd4\xea\xb2\xff\b\x92\xc7\x00\xef\xff\x00\x93\x1f\x92\xa7dcY\x9c\x9e9O-\xfcF\xbb\xbd{:IR\xea\xd8$\xe2\xa0\xc2\x8b\x1a\xead\xb8\xe1:6\x15M\x1d\xdak\x8c\x909\xd8\xb3\x02\xe0\x04\x9c\xc2\x06|\xf0\x0f\xa6Y&r\x9b\xc7\x1d\xe7jDf\x87@\x8fg\x15RJwe\xe2\xdcunu\xff`\xa40\xce\xffB%\xe4k\xff\x8d\x06\x0e\x89\xd9DC\x9fF\x9c[M=\xe0^\xa8\xed)\xe8Z\xe8\x99&\x87\x04\xa4\t\xaa\xd8\xd6\xd5pG\xcb\xc4\x8b\xf7\xb8#\xcb\xd8|\xa5\xa6S\x8b\x8cv\xb7)\x02k\xf3L\x03\xbb\xfa\xe1\\\xf1\x8cUj\xd5\xa5\x88GL\xe7_\xfd\x17C=G\x0f\xe9u\x1d\xfeg\xfex\xcd\xaa\xad\x906\xd0sy\xc6T\x93\xae\xd5r\xc8G\xc5\xfdS\xff\x04:`\x1e\xe3;l\xcd&\xd4\xf4\x8eum\x04\x00~\xfa\x05\xd7\xe7X\xc7/\xae5\x93wwT\x13\xbd,\xd6\x16\x84\xcd\xd1\xd8\xe1P_\xbf0\xd8\x8d%Yh\xb5\xb4\"\xf5\x93\xdeh\xce\xa5\xe8\xc8\xec\x88\x89\xf07{\x95\xc9\xd0\xee\xe1\x1d\x80\xcc]-\xc2\xa1\x02ELhI\xd9\xf5\xcfk\x8a&i\xc1\xff9T\x8e\xe2rY\xa3\xd2H9\xfe\x0e\x1e\xac\x0f\xc3\xbd{\xd9\xcc\xbe\xa9\x93\xe0\xa4W\x1cn>\xc1\xf1\x9e\"\x93\x19\x19\x1a\xcc\x7fy\xd2~\x05\x99\xe6\x00o\xca\xe0\xc6\xd4\xf5\xa0\xc8P\xd6;\xf3\xc6~E\xacI\xd4\xe9\xa1|>\x91.K\x81\xa9+\xcf\xff\xcb\xfa\x0f\xe7n\x83H\x12\xac\x80\x16\xf8\x87Q\x97Az\n`\xb6\xe13A\xec\x8d(\\D\xec\xa6\t1\xa0h\xfc\x1f\xdd1@-4\xb4:\xf8\xd5wP \x84m\xe2\xd9\xfcb\xa0\xc3\xc9\xe7W\x86\xd7$\xa4ml\xee\x97[', 0x2)
r0 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000280)='cpuacct.usage_percpu\x00', 0x275a, 0x0)
write$UHID_CREATE2(r0, &(0x7f0000000040)=ANY=[], 0x118)
mmap(&(0x7f0000000000/0x3000)=nil, 0x3000, 0x88fd537e5c114b6e, 0x11, r0, 0x0)
r1 = syz_usb_connect(0x0, 0x2d, &(0x7f0000000000)={{0x12, 0x1, 0x0, 0x4d, 0xda, 0xcc, 0x20, 0xe41, 0x4750, 0x269c, 0x1, 0x2, 0x3, 0x1, [{{0x9, 0x2, 0x1b, 0x1, 0x0, 0x0, 0x10, 0x0, [{{0x9, 0x4, 0xf4, 0x2, 0x1, 0xd2, 0x98, 0x2c, 0x0, [], [{{0x9, 0x5, 0x2, 0x0, 0x200, 0x2}}]}}]}}]}}, 0x0)
syz_usb_control_io$uac1(r1, 0x0, 0x0)
io_submit(0x0, 0x1, &(0x7f0000000200)=[&(0x7f0000000080)={0x0, 0x0, 0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0}])
r2 = syz_open_dev$vim2m(&(0x7f0000000000), 0x7, 0x2)
ioctl$vim2m_VIDIOC_G_FMT(r2, 0xc0285629, 0x0)
ioctl$KVM_SET_REGS(0xffffffffffffffff, 0x4090ae82, &(0x7f0000000000)={[0x0, 0x9, 0x0, 0x81, 0x9, 0x0, 0x2004c8, 0x8000000, 0x0, 0x0, 0x7, 0x0, 0x5, 0xd, 0xfe54, 0xffffffffffffffff], 0x106000})
syz_kvm_add_vcpu$x86(0x0, &(0x7f0000000000)={0x0, &(0x7f0000000100)=[@code={0x1, 0x81, {"0f22e5c744240060420000c744240233d8cecbc7442406000000000f011c24668f38896810c4027958b20000000064449966baf80cb83284af80ef66bafc0c66ed66baf80cb8cc07ff8aef66bafc0cb8d4000000ef48b8f8000000000000000f23c00f2135030009000f23f8450f2244"}}], 0x81})
ioctl$KVM_SET_MSRS(0xffffffffffffffff, 0xc008ae88, &(0x7f0000000000)={0x1, 0x0, [{0xf88e470f, 0xed}]})
r3 = openat$kvm(0xffffff9c, &(0x7f00000000c0), 0x800, 0x0)
r4 = ioctl$KVM_CREATE_VM(r3, 0xae01, 0x0)
r5 = ioctl$KVM_CREATE_VCPU(r4, 0xae41, 0x0)
ioctl$KVM_SET_USER_MEMORY_REGION(r4, 0x4020ae46, &(0x7f0000000080)={0x0, 0x0, 0x0, 0x2000, &(0x7f0000000000/0x2000)=nil})
ioctl$KVM_SET_REGS(r5, 0x4090ae82, &(0x7f00000002c0)={[0xc46, 0x9, 0xfffffffffffffffd, 0x10000000, 0x10000, 0x3, 0x4002004c2, 0x7ff, 0x9, 0x0, 0x400, 0x64513f24, 0x89, 0x0, 0x8, 0x8d], 0x100000, 0x240046})
ioctl$KVM_RUN(r5, 0xae80, 0x0)
ioctl$KVM_RUN(r5, 0xae80, 0x0)
ioctl$KVM_RUN(r5, 0xae80, 0x0)
bpf$OBJ_GET_PROG(0x7, &(0x7f00000003c0)=@generic={&(0x7f0000000380)='./file0\x00', 0x0, 0x18}, 0x18)

9.365623943s ago: executing program 0 (id=5731):
socketpair$unix(0x1, 0x3, 0x0, &(0x7f0000000080)={<r0=>0xffffffffffffffff, <r1=>0xffffffffffffffff})
connect$unix(r0, &(0x7f000057eff8)=@abs={0x0, 0x0, 0x4e22}, 0x6e)
sendmmsg$unix(r1, &(0x7f00000bd000), 0x318, 0x0)
recvmmsg(r0, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
sched_setattr(0x0, 0x0, 0x0)
seccomp$SECCOMP_SET_MODE_FILTER_LISTENER(0x1, 0x0, &(0x7f0000000400)={0x1, &(0x7f0000000380)=[{0x6, 0x0, 0x0, 0x7ffffeff}]})
r2 = syz_open_procfs(0x0, 0x0)
lseek(r2, 0x2000, 0x0)
mmap(&(0x7f0000000000/0xff5000)=nil, 0xff5000, 0x2, 0x4c831, 0xffffffffffffffff, 0x1000000)
openat$nullb(0xffffffffffffff9c, &(0x7f0000000080), 0x4000000004002, 0x0)
syz_memcpy_off$IO_URING_METADATA_GENERIC(0x0, 0x4, &(0x7f0000000180)=0xfffffffc, 0x0, 0x4)
io_uring_enter(0xffffffffffffffff, 0x847ba, 0x0, 0xe, 0x0, 0x0)
r3 = socket$inet_tcp(0x2, 0x1, 0x0)
r4 = fcntl$dupfd(r3, 0x406, 0xffffffffffffffff)
syz_emit_ethernet(0x4e, &(0x7f0000000600)=ANY=[@ANYBLOB="ffffffffffffffffffffffff080046000040000000000067907800000000ffffffff010100002100907812000228280000240000000000000000e0000002e0000000860800000000000200000000f7a92911457b66bfcd46d0da7c3b964d1135a9687dae55b93e8ad4224480ba70aa5fad77ec0f73bd8eebfff8accb76c27ed00c42f6b1fa0f00000000000000ce2bc8b838425c8fe204ee9202fbe5195607b51da61dce76b3aabe6af174fcfbcec0e4c7ba830cbc08f5122bf220d1fab67591864561e1445b3a29d721a4f79cf9a73acb751018a94682fc594531b7a89c8cb1eddafd353f71be73709111f8bd1676d6f538ce2cebcfe95a821f8e67f0b8aec9629196ba4bf1cb7a7412a808c128c2d480cb5e8789e0fcc4c6cecd1fb126966961f065a71f17b25c46f3b269d87cd9cc78e314aeedecafdefa1ebd860000000000000000309636eb7b19b2a6f8f02e794788e2394e1e7cbe6a2453c41a2f2bc7dbe9500360e3fdadb183697fc438c1348edfe917a172df4450f80c839837845c5c845a468b9132284acc7006198244bd593e8c5b4837177b684cdcacee956df7575211596376ccf77c5f51e2d6ec2c595048cb69e8cd02dc794f8b8858c03cee92f778d39d176793c357b2970287b1739f4b7def3e1ca91b04b44f567873070e364b306f38b5ab727710626155d0500a169c28a0d3e41fa2a7f267bd2cb1bcc605d72ae16ad099b8183689a2370961116a221c3b92854922239550301c22dc833feb0c78fcd4b9c4bf4eec01a4056fd3f401da09faa4efcbb62bae8add23197e197d2d942c96dc9765930b89ae5910094ff5169c11538fc4de1ad2ea0d904912d2ade7b156951d214389ca1739cde5334da3c54dfeaf1d74bbe7db3df1e32ae4755c19227dc811a98ea4844702ccf37a4c359ddcb6f9"], 0x0)
mount_setattr(0xffffffffffffff9c, &(0x7f0000000180)='.\x00', 0x0, &(0x7f0000001dc0)={0xf, 0x5, 0x100000}, 0x20)
r5 = openat$sysfs(0xffffffffffffff9c, &(0x7f0000000000)='/sys/kernel/uevent_helper', 0x102, 0x0)
bpf$PROG_LOAD(0x5, &(0x7f00000004c0)={0x20, 0x18, &(0x7f00000002c0)=@raw=[@ringbuf_query={{0x18, 0x1, 0x1, 0x0, r2}}, @map_fd={0x18, 0x0, 0x1, 0x0, r4}, @generic={0x4, 0x7, 0x6, 0x6, 0x10}, @alu={0x4, 0x1, 0x3, 0x0, 0x4, 0x20, 0x8}, @snprintf={{}, {}, {0x7, 0x0, 0xb, 0x8, 0x0, 0x0, 0x5}}, @call={0x85, 0x0, 0x0, 0xa1}, @map_idx={0x18, 0xe, 0x5, 0x0, 0x2}], &(0x7f0000000040)='syzkaller\x00', 0x1000, 0x1, &(0x7f0000000140)=""/1, 0x41100, 0x40, '\x00', 0x0, @netfilter, r5, 0x8, &(0x7f0000000200)={0x0, 0x1}, 0x8, 0x10, &(0x7f0000000240)={0x6, 0x0, 0x3, 0x62f4}, 0x10, 0xffffffffffffffff, r4, 0x7, &(0x7f00000003c0), &(0x7f0000000440)=[{0x4, 0x4, 0x2ef30}, {0x4, 0x1, 0x9, 0x6}, {0x3, 0x5, 0xe, 0x5}, {0x3, 0x2, 0x4, 0x1}, {0x4, 0x3, 0x7, 0x1}, {0x4, 0x0, 0x2, 0x9}, {0x3, 0x3, 0xf, 0x8}], 0x10, 0xf23d}, 0x94)
epoll_ctl$EPOLL_CTL_ADD(0xffffffffffffffff, 0x1, r4, &(0x7f0000000000))
epoll_ctl$EPOLL_CTL_ADD(0xffffffffffffffff, 0x1, r3, &(0x7f00000001c0)={0xd0002016})
r6 = getpid()
r7 = syz_clone(0x11, 0x0, 0x0, 0x0, 0x0, 0x0)
bind$vsock_stream(0xffffffffffffffff, &(0x7f0000000000)={0x10}, 0x10)
lseek(0xffffffffffffffff, 0x8001, 0x1)
kcmp$KCMP_EPOLL_TFD(r6, r7, 0x7, r4, &(0x7f0000000100)={0xffffffffffffffff, r4})

8.701570178s ago: executing program 6 (id=5733):
getsockopt$XDP_STATISTICS(0xffffffffffffffff, 0x11b, 0x7, &(0x7f0000000000), &(0x7f0000000040)=0x30)
socketpair$unix(0x1, 0x3, 0x0, &(0x7f0000000180)={<r0=>0xffffffffffffffff, <r1=>0xffffffffffffffff})
connect$unix(r0, &(0x7f000057eff8)=@abs, 0x6e)
sendmmsg$unix(r1, &(0x7f00000bd000), 0x318, 0x0)
recvmmsg(r0, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
sched_setattr(0x0, &(0x7f0000000280)={0x38, 0x0, 0x8, 0x8001, 0x0, 0x2, 0x7, 0xfffffe0001000001, 0xfa11, 0xffffffff}, 0x0)
connect$unix(0xffffffffffffffff, 0x0, 0x0)
openat$binderfs(0xffffffffffffff9c, &(0x7f00000000c0)='./binderfs/binder1\x00', 0x0, 0x0)
bpf$PROG_LOAD(0x5, &(0x7f00000004c0)={0x13, 0x4, &(0x7f0000000300)=ANY=[@ANYBLOB="180000000000ec97069f000000000000080000007918a800000067b2dc3c4b56523e597646a087b467921c0d2deccb305308f02e64b20a36e3e18922c7678017a0d9de5dabe5a6bcc00e5bbe7e1860fd76c0595c1b3f7147827fcc524fd71c2d6a125ac770eaa2bb189c5c3d66717854aedb16d7bca02a5ed00f2ac7469e0f7b97249f99b5194ce72b48dc484f02a6642b83329fec5f68b794a49ac3c0161fcb8399a0f48d333700184a2f684bdeba06b0de1eae4059d72e84e1416b6a69a294bd7efa2891ad6c42fa4d"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0xffffffff}, 0x94)
bpf$PROG_LOAD(0x5, &(0x7f0000000140)={0x1, 0x4, &(0x7f0000000480)=ANY=[], &(0x7f0000000780)='GPL\x00', 0x0, 0x0, 0x0, 0x41100, 0x28, '\x00', 0x0, @fallback=0x1f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
ioctl$IOMMU_TEST_OP_MOCK_DOMAIN(0xffffffffffffffff, 0x3ba0, &(0x7f0000000100)={0x48})
r2 = syz_open_dev$dri(0x0, 0x0, 0x0)
ioctl$DRM_IOCTL_MODE_CREATE_DUMB(r2, 0xc02064b2, 0x0)
syz_usb_connect(0x3, 0x2d, &(0x7f0000000280)=ANY=[@ANYBLOB="120100000c9768405e0483020b9901e4020109021b000100000000090400fb0160291d00090536"], 0x0)
unshare(0x6020480)
socketpair$nbd(0x1, 0x1, 0x0, &(0x7f00000001c0)={<r3=>0xffffffffffffffff})
sendmsg$inet(r3, &(0x7f0000000d40)={0x0, 0x7000000, &(0x7f00000023c0)=[{&(0x7f0000000b40)='?', 0x1}, {0x0, 0x1}, {0x0}, {0x0}, {0x0}, {0x0}, {0x0}, {0x0}, {0x0}], 0x9}, 0x20001)
syz_open_dev$tty1(0xc, 0x4, 0x1)
r4 = socket$nl_xfrm(0x10, 0x3, 0x6)
sendmsg$nl_xfrm(r4, 0x0, 0x50)
r5 = socket$inet6_udp(0xa, 0x2, 0x0)
connect$inet6(r5, &(0x7f00000002c0)={0xa, 0x0, 0x0, @remote, 0x3}, 0x1c)
connect$pppl2tp(0xffffffffffffffff, &(0x7f0000000080)=@pppol2tpv3in6={0x18, 0x1, {0x0, r5, 0x1, 0x0, 0x0, 0x0, {0xa, 0x0, 0x6, @private0}}}, 0x3a)
connect$inet6(r5, &(0x7f0000000480)={0xa, 0x0, 0x0, @ipv4={'\x00', '\xff\xff', @loopback}}, 0x1c)
r6 = socket$pppl2tp(0x18, 0x1, 0x1)
connect$pppl2tp(r6, &(0x7f0000000000)=@pppol2tpv3={0x18, 0x1, {0x0, 0xffffffffffffffff, {0x2, 0x3, @remote}, 0x1, 0x1}}, 0x2e)
r7 = syz_open_dev$audion(&(0x7f0000000000), 0x3, 0x1)
write$P9_RLCREATE(r7, &(0x7f0000000180)={0x18, 0xf, 0x1, {{0x0, 0x4, 0x5}, 0xffffff80}}, 0x18)
ioctl$SNDCTL_DSP_SETTRIGGER(r7, 0x40045010, 0x0)

7.995089773s ago: executing program 3 (id=5734):
r0 = openat$iommufd(0xffffffffffffff9c, &(0x7f0000000280), 0x0, 0x0)
ioctl$IOMMU_IOAS_ALLOC(r0, 0x3b81, &(0x7f00000000c0)={0xc, 0x0, <r1=>0x0})
epoll_create1(0x0)
socketpair$unix(0x1, 0x3, 0x0, &(0x7f0000000080)={<r2=>0xffffffffffffffff, <r3=>0xffffffffffffffff})
connect$unix(r2, &(0x7f000057eff8)=@abs, 0x6e)
sendmmsg$unix(r3, &(0x7f00000bd000), 0x318, 0x0)
recvmmsg(r2, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x1, 0x0)
seccomp$SECCOMP_SET_MODE_FILTER_LISTENER(0x1, 0x3d, &(0x7f0000000040)={0x0, &(0x7f0000000080)})
shmget$private(0x0, 0x3000, 0x2, &(0x7f0000ffd000/0x3000)=nil)
shmdt(0x0)
mlock(&(0x7f0000000000/0x800000)=nil, 0x800000)
mremap(&(0x7f0000724000/0x4000)=nil, 0x4000, 0x4000, 0x3, &(0x7f0000290000/0x4000)=nil)
syz_emit_ethernet(0x95, &(0x7f0000000240)=ANY=[@ANYBLOB="ffffffffffffbbbbbbbbbbbb810013000805000817a2f1ff80114502115efa2edffe20909cab2da7c0ba8cc356fcdb59c3048b9ae94577115ca496e8207377a0b02da9b6b5f9dbacf68e1ecd9b71d26b036bef2c5ce88ea55818abc98ace892033dfe821fa6263b648e2bd1fcc2e0f5a7088bd59ef54b91786f90f4626dd33800b261e2f6292f759b1c6d900000000"], &(0x7f00000001c0)={0x1, 0x1, [0xf74, 0x4e0, 0xe4b, 0xa20]})
syz_open_dev$usbfs(&(0x7f0000000100), 0x775, 0x8000)
munlockall()
madvise(&(0x7f0000000000/0x600000)=nil, 0x600002, 0x8)
dup(r2)
r4 = openat$rfkill(0xffffffffffffff9c, &(0x7f0000000040), 0x801, 0x0)
write$rfkill(r4, &(0x7f0000000080)={0x0, 0x1, 0x3, 0x1}, 0x8)
r5 = syz_usb_connect$hid(0x0, 0x36, &(0x7f0000000100)=ANY=[@ANYBLOB="12013f00000000407f04ffff000000000001090224000100000000090400001503000000092140000001220f000905", @ANYRES16], 0x0)
syz_usb_control_io$hid(r5, 0x0, 0x0)
syz_open_dev$hiddev(&(0x7f00000006c0), 0x4, 0x121000)
syz_usb_control_io$hid(r5, &(0x7f0000000280)={0x24, 0x0, 0x0, &(0x7f00000003c0)=ANY=[@ANYBLOB="00220f0000000b2e2b5aa40bf85e080083"], 0x0}, 0x0)
syz_usb_control_io(r5, &(0x7f0000000340)={0x2c, &(0x7f0000000440)={0x20, 0x31, 0xf1, {0x126, 0x495f9a3a962d5024, "5f5c60ff458f3e3c2d6d92f001e9f8b03bf5a3085c30844181f4995c28ee5cb1dabf931128803cdbb3ae638e420084038632e3ea4c437a97aafeca7134234a901708c7c2a0c59371427c6ad0f5f85310cee01017f56d9bab622af6cd02f708007a7689450af13a2757adc7b2de5b1c75eaea2a4618555b25a74c2784c8e44d0fd6a6b0d7ac2976a1f80e1d6c4349017a293fe100471b548d4a5dcaffd4692e5b824cfdeab1f03290ad03f79335382962fb023ac155120fdc37be0f688da25e94a894f47cde5546d555373be1acba152ec72a4ac4abf51fa88d1fcb1b86b5b5845573f983482e604579aa0000000000"}}, &(0x7f0000000ac0)={0x0, 0x3, 0x70, @string={0x70, 0x3, "bfcb90ed5b99060681eeb07546778b7729380dff06cec8489438e52ddac6f3ecaf40d35fafae6505567dec36b2d12ff75cec8497aae38652a40d2a3be726fa9526981d1d283017a3d8f776644fc14a2c9a2cbb594e0658854d75e9e27ec1e0e23d30e200406ae336918c527c2551"}}, &(0x7f0000000180)={0x0, 0xf, 0x21, {0x5, 0xf, 0x21, 0x1, [@ssp_cap={0x1c, 0x10, 0xa, 0x5, 0x4, 0xd79, 0x0, 0x1, [0xffc00f, 0xf, 0xcf, 0xf0]}]}}, &(0x7f0000000200)={0x20, 0x29, 0xf, {0xf, 0x29, 0x7, 0x4, 0x6, 0x0, "8890a679", "4c107112"}}, &(0x7f0000000300)={0x20, 0x2a, 0xc, {0xc, 0x2a, 0xff, 0x0, 0x2, 0x5f, 0x69, 0x67, 0x8}}}, &(0x7f00000009c0)={0x84, &(0x7f0000000580)={0x20, 0xd, 0xab, "052bba8e2cc6c1ec24d7b3702bb18a0f9af3fe9e69682d314a8ec95ef441f86f10387ef6a775cb0101311e47d3d7ae210195b5dcc9b7f0dcc9a696eb773a08613e818e989f26dc2a7f1fafc20ef6b2d569e560c329c1bee71995df7dc890ded34da3048d4709cc754d42e83c89c9a00361f2183dc07f82bea520e71dd22409acd4ce04eaf3e87cc13cb20ccd499ff14fa33171f85b2a29b21f8f1a95bbac620145dff05feb84e93976aa6d"}, &(0x7f0000000380)={0x0, 0xa, 0x1, 0xa5}, &(0x7f0000000640)={0x0, 0x8, 0x1, 0x8}, &(0x7f0000000680)={0x20, 0x0, 0x4}, &(0x7f0000000a80)={0x20, 0x0, 0x8, {0x1c00, 0x4, [0xf]}}, &(0x7f0000000700)={0x40, 0x7, 0x2, 0x7f}, &(0x7f0000000740)={0x40, 0x9, 0x1, 0x94}, &(0x7f0000000780)={0x40, 0xb, 0x2}, &(0x7f00000007c0)={0x40, 0xf, 0x2, 0x6}, &(0x7f0000000800)={0x40, 0x13, 0x6, @dev={'\xaa\xaa\xaa\xaa\xaa', 0x29}}, &(0x7f0000000840)={0x40, 0x17, 0x6, @local}, &(0x7f0000000880)={0x40, 0x19, 0x2, '%N'}, &(0x7f00000008c0)={0x40, 0x1a, 0x2, 0x5}, &(0x7f0000000140)={0x40, 0x1c, 0x1, 0x7}, &(0x7f0000000940)={0x40, 0x1e, 0x1, 0xf5}, &(0x7f0000000980)={0x40, 0x21, 0x1, 0x14}})
r6 = syz_open_dev$hiddev(&(0x7f0000000540), 0x0, 0x0)
ioctl$HIDIOCGUSAGE(r6, 0xc018480b, &(0x7f0000000040)={0x1, 0xffffffff, 0x6f94, 0x5, 0xa45a2b2e, 0x7fff})
msgctl$IPC_SET(0x0, 0x1, &(0x7f0000000000)={{0x2, 0x0, 0x0, 0x0, 0x0, 0xa9, 0x14fe}, 0x1ff, 0x5, 0x7, 0x0, 0x8000000000000002, 0x2, 0x8abd, 0x5})
ioctl$IOMMU_TEST_OP_ADD_RESERVED(r0, 0x3ba0, &(0x7f00000003c0)={0x48, 0xc, r1, 0x0, 0x0, 0x200000000})
ioctl$IOMMU_IOAS_MAP$PAGES(r0, 0x3b85, &(0x7f0000000000)={0x28, 0x6, r1, 0x0, &(0x7f0000ffb000/0x4000)=nil, 0x4000})

6.541426843s ago: executing program 0 (id=5736):
syz_usb_connect(0x6, 0x0, 0x0, 0x0)
r0 = openat$binder_debug(0xffffffffffffff9c, 0x0, 0x0, 0x0)
r1 = syz_open_dev$vbi(0x0, 0x3, 0x2)
socketpair$unix(0x1, 0x3, 0x0, &(0x7f0000000080)={<r2=>0xffffffffffffffff, <r3=>0xffffffffffffffff})
connect$unix(r2, &(0x7f0000000300)=@abs, 0x6e)
sendmmsg$unix(r3, &(0x7f00000bd000), 0x318, 0x0)
recvmmsg(r2, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
r4 = socket$inet6_udplite(0xa, 0x2, 0x88)
ioctl$sock_ipv6_tunnel_SIOCADDTUNNEL(r4, 0x89f1, &(0x7f00000003c0)={'ip6_vti0\x00', 0x0})
io_uring_register$IORING_REGISTER_FILE_ALLOC_RANGE(0xffffffffffffffff, 0x19, &(0x7f00000000c0)={0x1, 0x2, 0xa}, 0x0)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
sched_setattr(0x0, &(0x7f0000000140)={0x38, 0x0, 0x0, 0x200000, 0x0, 0xb49, 0x9, 0xc, 0x0, 0x1}, 0x0)
r5 = syz_open_dev$dri(0x0, 0x1, 0x0)
r6 = openat$audio(0xffffffffffffff9c, &(0x7f0000000040), 0x0, 0x0)
read$dsp(r6, 0x0, 0x0)
socket$nl_generic(0x10, 0x3, 0x10)
ioctl$VIDIOC_S_PARM(r1, 0xc0cc5616, &(0x7f00000003c0)={0xe, @capture={0x0, 0x0, {0x8, 0x1}, 0x81, 0x800007}})
r7 = openat$sequencer(0xffffffffffffff9c, &(0x7f0000000040), 0x8002, 0x0)
write$P9_RSTATu(r7, &(0x7f0000000580)=ANY=[@ANYBLOB="370200007d02000005f600000000000005830005000008000000000000000000404100000000e0e5000005000000000000001b00046e6f6465767b65766f6f7e0545c60005080037d93a8b920000003300704a86cec602007dfa673effeb09b5351f5bde054000000000187b8200b500002b595fcb140300000000000000dc8103b494e13700cfc36d07c500f04cd85f2a70f5e9930e5e989cd5ef4d51f60da7582c4a05c8f828f68dc1774d5de2564a862381f6686dd1bb8fd70000003e00f8f669fb716dcf315ecaf385409ac65b9408678c3c3b9e1d52c36cde7ba4a400b4b077dc74000000000000000007ec21cabff20f9c0089f90600000000002c016f6465762f6eb17b2300f9daa5ee23266ecf85fea65e42d979a3fde5f475daf03b1372d97badc7095afd76fe4f0441f7f7741eac030000ecff0000dba0c2f7f09ff53c7e4d1ad66e2d070198019f30118447aa9a74f51685f506ae894806878267d5a1298d792c4a37f2e1cbbd2482929a0d8972b42ee7cac07de09d1d68a60333a882467d2b31aacdf9188549b1125d6c4c9b18c2fb56c57d7dc626e4390796a1eb48274669ab13f8b11d146059f310e2634d593fec65d529f382066664df244e4c90570a70049f399f061f75b7797ce1fe11ea919609d51a41dd3de304bd7c7ed0a456f0ae12516105c9ce887df5a6e0b6a77d596cf88ba6e5c6397c7d5021d7989528fd1739e1c2d87fff00"/540, @ANYRES32=0x0, @ANYRES32=0x0, @ANYRES32=0x0], 0x237)
r8 = io_uring_setup(0x7534, &(0x7f00000003c0)={0x0, 0x48c7, 0x80, 0x0, 0xffffffff})
ioctl$DRM_IOCTL_PRIME_FD_TO_HANDLE(r0, 0xc00c642e, &(0x7f0000000280)={<r9=>0x0, 0x0, r5})
ioctl$DRM_IOCTL_MODE_GETFB2(r5, 0xc06864ce, &(0x7f00000004c0)={0x0, 0x6, 0xc65, 0x80, 0x1, [0x0, 0x0, 0x0, <r10=>0x0], [0xffff, 0xeeef, 0x8, 0x3], [0xf, 0x6, 0x4, 0x1], [0x6, 0x7, 0x5, 0x360]})
ioctl$DRM_IOCTL_MODE_GETFB2(0xffffffffffffffff, 0xc06864ce, &(0x7f00000007c0)={0x0, 0x1000, 0x21, 0xffffffff, 0x0, [0x0, 0x0, <r11=>0x0], [0x200, 0x6, 0x1, 0x6], [0x1, 0x7, 0x45, 0x8], [0x9, 0x4, 0x2, 0xc4]})
ioctl$DRM_IOCTL_MODE_ADDFB2(r0, 0xc06864b8, &(0x7f0000000840)={0x0, 0xd, 0x5, 0x5, 0x0, [0x0, r9, r10, r11], [0x7, 0xc3f, 0x1, 0x979e], [0x3, 0x101, 0x7, 0x80000000], [0xaac, 0x2, 0x5, 0x8000000000000001]})
syz_emit_vhci(0x0, 0xd)
openat$snapshot(0xffffffffffffff9c, &(0x7f0000000040), 0x800, 0x0)
syz_open_dev$usbfs(&(0x7f0000000100), 0x45e, 0x101701)
close_range(r8, 0xffffffffffffffff, 0x0)

5.30394742s ago: executing program 4 (id=5737):
syz_open_dev$evdev(&(0x7f0000000000), 0x3, 0x640000)
r0 = socket$inet6_tcp(0xa, 0x1, 0x0)
setsockopt$inet6_int(r0, 0x29, 0x1a, &(0x7f0000000100)=0x401, 0x4)
socketpair$unix(0x1, 0x3, 0x0, &(0x7f0000000080)={<r1=>0xffffffffffffffff, <r2=>0xffffffffffffffff})
connect$unix(r1, &(0x7f000057eff8)=@abs, 0x6e)
sendmmsg$unix(r2, &(0x7f00000bd000), 0x318, 0x0)
recvmmsg(r1, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
sendmsg$nl_route(0xffffffffffffffff, 0x0, 0x0)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
sched_setattr(0x0, &(0x7f0000000280)={0x38, 0x5, 0x8, 0x8001, 0x0, 0x9, 0x0, 0xfffffe0000000001, 0xfa11, 0xffffffff}, 0x0)
mkdirat(0xffffffffffffff9c, &(0x7f0000000440)='./file0\x00', 0x0)
mount$fuse(0x0, &(0x7f00000020c0)='./file0\x00', &(0x7f0000000080), 0x800, &(0x7f00000003c0)=ANY=[@ANYBLOB='fd=', @ANYRESHEX, @ANYBLOB=',rootmode=00000000000000000040000,user_id=', @ANYRESDEC=0x0, @ANYBLOB=',group_i', @ANYRESDEC=0x0])
r3 = syz_open_procfs(0xffffffffffffffff, &(0x7f0000000040)='mountinfo\x00')
read$FUSE(r3, &(0x7f0000004100)={0x2020}, 0x2020)
r4 = socket$nl_route(0x10, 0x3, 0x0)
r5 = socket$nl_route(0x10, 0x3, 0x0)
sendmsg$nl_route(r5, &(0x7f0000000280)={0x0, 0x0, &(0x7f0000000140)={&(0x7f0000000480)=ANY=[@ANYBLOB="400000001000090600"/20, @ANYRES32=0x0, @ANYBLOB="a7ffa88800000000200012800900010069706970000000fa0f000280040013000500090000000008f33a5798cb485f3a9776f093ab3e544599d87862ad961fa67f7215b55c42d37b9a100eb2ec063287898534c013c8f11d376156badd398f094e0e3b0cae09b813a27158392211de2312f2526854a5a004cb08dad59319ee0f21d26b"], 0x40}}, 0x0)
r6 = socket$inet_udp(0x2, 0x2, 0x0)
ioctl$sock_SIOCGIFINDEX(r6, 0x8933, &(0x7f0000000680)={'bridge0\x00', <r7=>0x0})
socket(0x400000000010, 0x3, 0x0)
r8 = syz_open_procfs(0x0, &(0x7f0000000000)='smaps\x00')
read$FUSE(r8, &(0x7f0000002640)={0x2020}, 0x2020)
sendmsg$nl_route(r4, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000240)={&(0x7f00000002c0)=ANY=[@ANYBLOB="4800000010000104000000000007000000000000", @ANYRES32=r7, @ANYBLOB="3f00000006020400280012800b0001006272696467650000180002800c002e0003000000030000000500070008"], 0x48}, 0x1, 0x0, 0x0, 0x44000}, 0x0)
r9 = socket$nl_xfrm(0x10, 0x3, 0x6)
sendmsg$nl_xfrm(r9, 0x0, 0x10)
socket$nl_xfrm(0x10, 0x3, 0x6)
r10 = socket$inet_udp(0x2, 0x2, 0x0)
ioctl$sock_inet_udp_SIOCINQ(r10, 0x541b, &(0x7f00000000c0))
sendmsg$nl_xfrm(0xffffffffffffffff, &(0x7f0000000040)={0x0, 0x0, &(0x7f0000000000)={&(0x7f00000016c0)=@newsa={0x138, 0x10, 0x1, 0xfff7fffe, 0x100, {{@in6=@initdev={0xfe, 0x88, '\x00', 0x0, 0x0}, @in6=@private1={0xfc, 0x1, '\x00', 0x1}, 0x1, 0x714, 0x4e23, 0x5, 0x0, 0x0, 0x0, 0x3a}, {@in6=@remote, 0x4d4, 0x6c}, @in=@loopback, {0x0, 0x192, 0x6, 0xffff, 0x8251c, 0x2, 0xfffffffffffffff8}, {0xffffffffffffffff, 0x0, 0x1f, 0xfffffffffffffffe}, {0x2, 0xfffffffc, 0x40}, 0x70bd2a, 0x3504, 0x2, 0x1, 0x0, 0x20}, [@algo_comp={0x48, 0x3, {{'deflate\x00'}}}]}, 0x138}, 0x1, 0x0, 0x0, 0x8801}, 0x0)

3.763654845s ago: executing program 6 (id=5739):
r0 = socket$inet_udplite(0x2, 0x2, 0x88)
r1 = socket(0x10, 0x2, 0x0)
socket$nl_route(0x10, 0x3, 0x0)
r2 = socket(0x10, 0x803, 0x0)
sendmsg$NL80211_CMD_GET_COALESCE(r2, &(0x7f0000000600)={0x0, 0x0, &(0x7f0000000400)={0x0, 0x14}}, 0x0)
getsockname$packet(r2, &(0x7f0000000200)={0x11, 0x0, <r3=>0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000100)=0x14)
r4 = socket$alg(0x26, 0x5, 0x0)
bind$alg(r4, &(0x7f0000000140)={0x26, 'skcipher\x00', 0x0, 0x0, 'cbc(blowfish)\x00'}, 0x58)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000080)={<r5=>0xffffffffffffffff})
r6 = bpf$MAP_CREATE_TAIL_CALL(0x0, &(0x7f0000004440)=ANY=[@ANYBLOB="e5888242315e7acf0c2c0e43294ba5a5413bb8090ab407c45943c8d0c550a7adc7ec0cfce6600d31407b2aabaf1d1379d3456650138b039a8efb2c497005bf77b513d473979b5b4d25263995c0dab2b3a7e50ab63f78412d451311e14688c36fff34458717237c0f9c0f750f1d36cd0848338c162de4e7493e4a7362889dbbf5213f05ddc0162f6bf0df0c0a852f4a48099e41bc1b71b8ef0b9c8448f5029535c858b3d74b6876f76c23cd2836bdec6270f70349e72ca9ce6e5b18973d33cadf437df1e99030beeedad50614c7e6c638a3bc751fe8a9099674ca1363556ed18431d3e97f0482e791f7a7643be92ed44ad7464f8de4b2512dc97fcff53d7f7d033c539b38cecc91e2684b6e54ec27bd51d52b8b0cc18da21b67302773b2a3517bdc8eb34e07bd03320202a4d0a437b35772dfe270674072b5d247d3da94e01864c4dd054db260a0d4c16fbc02397a76b5a9b30f457eed504ba6dbc6c481fb5bd73546580769bfae9f0bb3e00fad0215f4c1912d3cc076601d5eab8a7fba44236685ffec32e48876b55c3cc3d7388196a7767a29527051a03100f8df0fd3b1e595891a800bfcdf00d39a7f5a5942b5efa3774594064829b69186af111babce3b28099711e210b86fd82eb9e5905e9a9b17b57a24d1215d3343abd5356b996a59d02e2374ddc987dc991eb8d23e708201988cb31f6cd1c9b5bbef0b8578c790493aab148445fab8508a15102980e921d48a73c8be4e0383f14972293e970033add8628d5d7227b71c311601fc49668f5554a53acc27c861c48a228bd2bde7c46cc17050adbef11e8c3d12117120da82f7d9743d6f03a90dc4fd3765d46dc5ec595c3e2cf540a3f9bd5d77b51ef01027a09d12ed4f63bb708307e3d484a56055afdde1cd8d139dcea8a19989573a9ccdbef7abec50ffbee72304b0898534dcf8f94cba4aeec0edcc9ec658398ea0ea86658c7a94d0bf843e0c45e6ab61a0e20624eed7bdccac29c53953a0fbbe2e5278d6845b95ae3fc7f702ad22a11c6e2d1990bd56bb58e4e751c92323b7e0ba9ae4b2636f6fdf904f8176e835a200c84105b7c9f13f8b6ad548c122debd34bb35b3f3ba32af5e6b72a487bee62ea767b3b300170864b14e7fc172cc1f793d067dc66c5194d7ad451c314d91fc296452b8371487288ebad1a9b0f2bc3186c7bbecbb0f4408bfdd9171424c56bce206ae9f5886342d0f753dd03bef2c49a6b9c194833d2f87c938b7ce4614248e9e28d09361a37d2bc53c5720bfa3860988a428dc13ac22bcc43df5530f837ae96c63ec1ab53282d4b13902605ebce4736c8cbfae53ada2ffca906dae3e1744a11ffd109b455d9ad3d29c397f32de18f9c7bb0fa3f7fae57f05f98d228ae297ff2b7a797276df5c8447c892c73dac5feae67854f0c4c107387f0dc8358883c91c02c7b36c7f793c7def7bdc6f4f54106790fc437d30a82f0e8546d4948cd947d1f0d8df8971dbfc5244926e23e17cb578ccbe06024fcab6922c36d3abb3051da154e4d770d6969a7409b576ccf8cb6b49cf67d4d4b9d0a03b47fb8c9b5f6be1c8b7ff8e4c35f6ba588c05d749c1cd6166e663efd073e3fafceb5e79c0c2846155883dbaf5425ba0bce53c606eea782a268ae88e60e8b548b8f8ec05b8e549c512db458ced49d51c7269832e13e04c968b5a8d3e6f128ea7c044b5e20f245cf34a48da51ab08afeccff50a34666b9b8ff9c00f0d373ce26f88233557aa0339c1ec7d6d1b6452d4dcb30d18975bca2b7c2156661747316d8b48d4478679ea425de9701a554ce9107c512640fa95d34fdb03aaa2b139d10cf4d14dafff1a7c953bbcc831de49a21e80ecdb316f99cddf7a42901f2b5860f6379200835966268f9e56943aec20930d2172ea101e2475d628d5820f7ebc233a060a549904f742e0000e4a97a8da8c82c1e0c6b1d0d45d814a9efc7234413ff0286ab7f7777bd080b3900e4d17a3d18bec5fae39de3a328ea4da938ebb806193f077692b5891bb7c74548adca1c67470ded672ca96b5aba27b4cd9973147fd8ddddc4ffbf4715f36097892092c97f546bbb63581851dff51a59a03096fd4e93737b507acd87a7b90292e2291a26edaba0e35c47a56174d89424991a64a2e117490a0f1026ca6de4415e9844280cc79b3423c81d7a8e436cfb5ca752fc9a9f98b0f46e293ee39ac18f0fa01ba3ef7966cdfc76d872e31f8958f0277d8d4d644879e86e66854fa7b64dea6bd0a91a137bc7a7f5a924a9713867985cfe82ab0e19a45a17fb346a7a73ff22b9c357cfd3660b7f5853009544c5348910a8d15d983bb9147269a465caea4533a77dcfca51c3c426cfc261b58f786f8804e1450666e881d189582e591405030f8bf6bff9217fc08f92de0f7515c27c643bb5fb15a9615ab25d1fe66f6218d6a324b67e3673db7e66ae12744b63ec19defdc82da9f7bef42a715ae4247a260a72dd8befeb23089f31df2681ac3f2a6b6b416b0f18b2422720622c9333c60129c1e8e1d9493032ee6fa2320154df375d06f76c3b1925b207386f164e7cd402a19fea4c7dbd159e65a045116fa5ad43b12b1090ff17ad906f402fdc432326bba810d6f923c26aa203bab9e7ec31f26f885350cd451c30ec2044fc7e10c35d9706fe9a0243513c05deb6be17a481af683429dcd4e6e4e0a2a3105a5844a86e9880f11c2e9d6b7f704a86c799633133c29e7e459a3345d9c54cf42f0568c42e796dd8cba3a34e3748ffa0729b4a75b676925b2083d2722cc1d065c9232d83a325d3510da64393ddd58f671d7a2d3c3776b2b66a57fa9235766229d6259a31536f251ab3df326ac2b674ef1e1f3e975d6463b3bbc933e604620015d484bfad64067fa4191b87766fb03f8e5d1b87fdfdedc5e76b6c0659120e10a36f518917583fcee6379a25ba7d917d7a9087782e61ee6c41d08149bc408909b62b02a9175eafe693442ab7dcb34e83bb97d53dc7fbbad0313b3bac14e9b3bc02cae0b24a2643be10a788da1cb7651ff86266fc642048f3ae41969ce2f9fd0a3cefed0b4f432e77d43570b4505bae9f29e8cd3b6431b798a87e997bf1b3f958a8fd4cd90af781acfa5eeeb446c1917d32ad53aed9fc8611cac75e4ea167db9307aba6f5b4f9a5a94c1e7853b5e8383138b8c9c86248d7aef409ef03ebcf96fa01c0b1dfe8268caa6a342a125c5609ad31fc37eb29b9b2e729fbf8e599434487fe473c68529c5063ffaa6bb26565c4e192e3d3f9c57fd06aab6a042120e7ca628cae437aea06c480ea9de9a28a349064cec5e3acfd03620eccae55342d6971cbeed584bbf2446c5149cdb07c6cc4efcae8ecbcbed841ba1b280e53436a2eea7ef5d83b1903d9258cc9231484dc57c8136e44cc458171735aa58ce2a1ffdebead8f0ea0d3c066c1e8ddfabf43b2715fad5f4e4f82a88304598865249851f0bafecef63bf0621fd9d86fa1926be6a3b7a41280d98edb7a7fe50dc7a3faf532f1e669b0be170c710374bbcd1aaf8ab73692512f5028952d2dcf7610f56d34588b489b810d72270ac9d8cb22a75a735c0a2db19b33f303bac4fae004677ffc11a2fdcc37550c09a3279bb2ddaf471cd232f4fa9981a21ed92ebb84838cedef27462aaac61157acfb43316851bda80f0677217006cb8fb260b98afb32987bd80096ba4af46014f05c387cc29bd0cff6d3de60da0e141c0956b8200d0301a670cec4f5af6d9c5a12eeb16e243385c9a32a5e78cc01602906e19f1ce835396d96da786b82bfdde39dc14059823fa29d2f815c393e0686cf35bed313b95f347b944b8b05d861e756e1587997ada32d015ba0746696a433f3fc1cf01b03ab4db7459a6fca6f034323a51f28908c8691b0a25a42ea58c0ad12475564a1c64269fda977c173823e3a9f7bc394f1f4f6d555c8e2f7a53158cc71a3de937247549ea90e6cb4b31b0e744eea8557bf59dec8be418d8ee59b2fe63ef88fb4e253112c50aef8754aa0a18f46abc4727aca0cd732c617687ee3749e73a0849a474b5755997795f078f231d6b3a63f1b23bf2554e4d1e1adc8b682df89deb3436278cb817a034b5bccb8166666b869bab7ca78c5670c45b067e9836751c9f3496cd83864b6a17d8ceb171f8c5a2fcb7279bac1d7b3a2374f3731666ccae6ffd00d07e773dff6914d3b1eb2b27913a2101cd169dba140841663e28510cfa8ab6391a5f0e69730361f6a4ec1bd37dd21a9c93e18202a0f0dbdce1f3b48d4952869de1d7f28819f6107d1f8f9947d89093e42ac85962c6ef91510c1c1c0d322701d1d67298f374673e1c6ab6d592e818da6f323e9b0755cb600d733f49d5fb96a6a6576fdc9bde13373e8965936e2affc0460bf7dc0a717e59ac679f0da2463c983f88bcf7a1b9b516ff3fff0e6b58e7a5d6569e2a1c8f581b3b2143634ea6e6b3a0b3826a5410674df7a000b8ed92cf64f06302812ae5c4630565649b8853fe7154f3b4766a49e42705b3dfadb045d1d34b1be85e063cd289f0ce1e29f3ebae9566dac534dbfb438f18a3ba18b5d272f7c92a8d8a76aa3d502274922decbcfdbc22d1fd3004c700579b5c18eef33be5a0997d53bca99b19eaeeb7baeeab4296c3e91fe6785c6f47779308ded1ed695e581fc1dc01c4812ebaa35d87fc8da3c5c2cf7a1e0f12a67ea0efd72b928b22b9c17bac0842adad7caea786adf61454b8198ba9e7191061fbc707fda8718326ed1faf6ec18ae7c18342dccb9437b7e4814adcab3296b6a1ed9691d04a49045e808bb88ff6125330e9306915cbc629a8421ec94ba089ba035ba34dec088752f7fc62a83d9f0d4e6ce955a7a99e64a7768e1e8a2175c78c196c180d107e5805449b251ef4c128a2ccbf6b153dfcc7e8b88e7548009142f5809cd91914ec8a6457dc60d0592f1481f915201a80d0b2b5a106a81e56e2a42aaa60f91ca3dbf8997357a839c95d54a1c92207d634938e0a936f7b6e1c039e27c074e79c60af8091a8f9be5f963d62b27fe43bebaa6eaa805d665e289d3819012e96026b8f89ae8ec8c4c68fe617d9231ae8e5df1729388c15d9f3dcdbba71b6b10f735394a18073e66e55ac6d2ce9b9003cd8a9fbb235bbd6ad8b0187614aa3ddd100616c65db0f48786575a404945da5333ea3aeed577b2c6051622a27e987ba6f059a20ea5eaf4183b25107e7a7de866469178c35dd82e89ea2ba17193bec62a428de0d3d0d8ea737d52a81fd7f380a73197fad1d209f42dddaaedbec63e258e3bfab144c6720cf5e65cce72baed14e9cd7fa5c773a304b0a7d1453c38324e8470dc01a38be458506f60b20d70c89ee0e655f803f634b98e4ac9cee3fc89d86f027bbb6e244d3dc67ba97567b0adaf94a64b6ba89a26c3f3d609824ca185df60efcdea5c2247df3543089b528afc33e7fb876fdbd766b8b84e6988d161ca024728442f7051d7372b672702f97640dcf9bfe2a0e824dc20aaa587593e588590178d0e187cda09e192ecc4cdd8826cbd297755ee968f37fd40a47e094b4173bdc462316ce41787a35eddcfe6a6dd5970369168b4816ffb2675a0e5c3921f709da4e6c67bffeb90470084d117ba200fc6fa480f37344f5f110f214805d18b42126a105e9caf6227f1fce956aa4ed3f93cb894cd577db751062ee27b06c70e5b12df1eac403e3c9322dadb3bab36011f00d3eefb75e7fe035d3a4911881e86326f6071b76ded945a8e6bd02a15d17e2955df20665b87ecafc6251afbb2898708b76d26379a344eef949a00eb9c8384b127317287dae", @ANYRES8=r5, @ANYRESHEX=r1, @ANYBLOB="20340e18ddcddb81b64ccb5c3f294c00ee17c00f7891fe", @ANYRESOCT=r4], 0x50)
bpf$PROG_LOAD(0x5, &(0x7f0000000880)={0x1, 0x10, &(0x7f0000000340)=ANY=[@ANYRES16], &(0x7f0000000980)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x2, '\x00', 0x0, @fallback=0x2, 0xffffffffffffffff, 0x0, 0x0, 0xfffffff1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
accept4(r0, 0x0, 0x0, 0x80800)
r7 = openat$adsp1(0xffffffffffffff9c, &(0x7f0000000300), 0x0, 0x0)
syz_open_dev$swradio(&(0x7f0000000000), 0x1, 0x2)
socketpair$unix(0x1, 0x3, 0x0, &(0x7f0000000080)={<r8=>0xffffffffffffffff, <r9=>0xffffffffffffffff})
connect$unix(r8, &(0x7f000057eff8)=@abs, 0x6e)
sendmmsg$unix(r9, &(0x7f00000bd000), 0x318, 0x0)
recvmmsg(r8, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
sched_setattr(0x0, 0x0, 0x0)
sendmsg$nl_route(0xffffffffffffffff, 0x0, 0x20008095)
epoll_create1(0x0)
statx(0xffffffffffffffff, &(0x7f0000000380)='./file0/file0\x00', 0x0, 0x8, &(0x7f00000009c0))
sendmsg$nl_route(0xffffffffffffffff, 0x0, 0x4000000)
readv(r5, &(0x7f0000000240)=[{&(0x7f0000000040)=""/71, 0x47}], 0x1)
openat$ptmx(0xffffffffffffff9c, &(0x7f00000000c0), 0x0, 0x0)
bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f00000001c0)={0x11, 0x5, &(0x7f00000006c0)=ANY=[@ANYRESDEC=r6, @ANYRES32, @ANYBLOB="0000000004000000954ac50b27000000"], &(0x7f0000000000)='syzkaller\x00', 0xb, 0xff5, &(0x7f00000013c0)=""/4085, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x9d}, 0x94)
close_range(r7, 0xffffffffffffffff, 0x0)
r10 = socket$nl_route(0x10, 0x3, 0x0)
sendmsg$nl_route(r10, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000000580)={&(0x7f00000002c0)=ANY=[@ANYBLOB="3c0000001000030400000006000000005dcc0300", @ANYRES32=r3, @ANYBLOB="71e79fd800000000140012800c0001006d616376746170001400028008000500", @ANYRES32=r10], 0x3c}}, 0x0)

3.542590289s ago: executing program 5 (id=5740):
socketpair$unix(0x1, 0x3, 0x0, &(0x7f0000000080)={<r0=>0xffffffffffffffff, <r1=>0xffffffffffffffff})
connect$unix(r0, 0x0, 0x0)
sendmmsg$unix(r1, &(0x7f00000bd000), 0x318, 0x0)
recvmmsg(r0, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
sched_setattr(0x0, &(0x7f0000000280)={0x38, 0x5, 0x8, 0x8001, 0x0, 0x9, 0x0, 0xfffffe0000000001, 0xfa11, 0xffffffff}, 0x0)
seccomp$SECCOMP_SET_MODE_FILTER_LISTENER(0x1, 0x0, &(0x7f0000000400)={0x1, &(0x7f0000000380)=[{0x6, 0x0, 0x0, 0x7ffffeff}]})
lseek(0xffffffffffffffff, 0x2000, 0x0)
syz_memcpy_off$IO_URING_METADATA_GENERIC(0x0, 0x4, &(0x7f0000000180)=0xfffffffc, 0x0, 0x4)
io_uring_enter(0xffffffffffffffff, 0x847ba, 0x0, 0xe, 0x0, 0x0)
r2 = socket$inet_tcp(0x2, 0x1, 0x0)
r3 = epoll_create1(0x80000)
r4 = fcntl$dupfd(r2, 0x406, r3)
mount_setattr(0xffffffffffffff9c, &(0x7f0000000180)='.\x00', 0x0, &(0x7f0000001dc0)={0xf, 0x5, 0x100000}, 0x20)
r5 = openat$sysfs(0xffffffffffffff9c, &(0x7f0000000000)='/sys/kernel/uevent_helper', 0x102, 0x0)
sendfile(r5, r5, 0x0, 0x4)
bpf$PROG_LOAD(0x5, &(0x7f00000004c0)={0x20, 0x18, &(0x7f00000002c0)=@raw=[@ringbuf_query, @map_fd={0x18, 0x0, 0x1, 0x0, r4}, @generic={0x4, 0x7, 0x6, 0x6, 0x10}, @alu={0x4, 0x1, 0x3, 0x0, 0x4, 0x20, 0x8}, @snprintf={{}, {}, {0x7, 0x0, 0xb, 0x8, 0x0, 0x0, 0x5}}, @call={0x85, 0x0, 0x0, 0xa1}, @map_idx={0x18, 0xe, 0x5, 0x0, 0x2}], &(0x7f0000000040)='syzkaller\x00', 0x1000, 0x1, &(0x7f0000000140)=""/1, 0x41100, 0x40, '\x00', 0x0, @netfilter, r5, 0x8, &(0x7f0000000200)={0x0, 0x1}, 0x8, 0x10, &(0x7f0000000240)={0x6, 0x0, 0x3, 0x62f4}, 0x10, 0xffffffffffffffff, r4, 0x7, &(0x7f00000003c0), &(0x7f0000000440)=[{0x4, 0x4, 0x2ef30}, {0x4, 0x1, 0x9, 0x6}, {0x3, 0x5, 0xe, 0x5}, {0x3, 0x2, 0x4, 0x1}, {0x4, 0x3, 0x7, 0x1}, {0x4, 0x0, 0x2, 0x9}, {0x3, 0x3, 0xf, 0x8}], 0x10, 0xf23d}, 0x94)
epoll_ctl$EPOLL_CTL_ADD(r3, 0x1, r4, &(0x7f0000000000))
r6 = getpid()
r7 = syz_clone(0x11, 0x0, 0x0, 0x0, 0x0, 0x0)
r8 = socket$nl_generic(0x10, 0x3, 0x10)
bind$vsock_stream(r8, &(0x7f0000000000)={0x10}, 0x10)
lseek(0xffffffffffffffff, 0x8001, 0x1)
kcmp$KCMP_EPOLL_TFD(r6, r7, 0x7, r4, &(0x7f0000000100)={r3, r4})

3.241676345s ago: executing program 4 (id=5741):
r0 = socket$alg(0x26, 0x5, 0x0)
bind$alg(r0, &(0x7f00000004c0)={0x26, 'aead\x00', 0x0, 0x0, 'gcm(aes)\x00'}, 0x58)
setsockopt$ALG_SET_KEY(r0, 0x117, 0x1, &(0x7f0000c18000)="ad56b6c5820fae9d6dcd3292ea54c7beef915d564c90c200", 0x18)
r1 = accept4(r0, 0x0, 0x0, 0x80800)
setsockopt$sock_int(r1, 0x1, 0x7, 0x0, 0x0)
sendmmsg$alg(r1, &(0x7f0000000040)=[{0x0, 0x0, &(0x7f0000000000)=[{&(0x7f0000000080)}, {&(0x7f0000000140)="ebe3a0e9796cfd1647e299f4e376fdba128280b372219d205e81f4a7f71c1926aae1efd7e0054a863f3d5cfe6cb55b5bb9fa6935849e6098ed884e7cb51726b360fbb37b4fe035bbb095873048", 0x4d}, {&(0x7f00000003c0)="e8700e444d50a969ff67347cff6127e6ef12ee3819271482a4975a52c1ab9b8b4db3945d1032005eabe97b4dc33a47d3a158da988456d30026b433186f53cdcdb93a4722bf306a10470d50f5cb1ece9ead3459bab1cf1538cd0b157653c5e892962c80f158c443e9c6ad7d2a8103ef2f4b93766b9a21501f94c1568b13756b66f74f46cf801704d2da8b96c34070b233af0afcc436712e58ed25e721193af05a045ad3fdc928f02f3dbad19d3e66eebda2e63f3f46ef4511cee26d7b48241847bf9e343ef4674c45e2a085060f11", 0xce}], 0x3, &(0x7f0000000380)=[@op={0x18, 0x117, 0x3, 0x1}], 0x18}], 0x1, 0x40800)
recvmsg(r1, &(0x7f00000005c0)={0x0, 0x0, 0x0}, 0x0)

3.067210912s ago: executing program 4 (id=5742):
socketpair$unix(0x1, 0x5, 0x0, &(0x7f00000006c0)={<r0=>0xffffffffffffffff})
socketpair$unix(0x1, 0x5, 0x0, &(0x7f0000000040)={<r1=>0xffffffffffffffff})
close_range(r1, 0xffffffffffffffff, 0x2)
dup3(r0, r1, 0x80000)
syz_genetlink_get_family_id$tipc2(0x0, 0xffffffffffffffff)
socket$key(0xf, 0x3, 0x2)
r2 = openat$vicodec1(0xffffffffffffff9c, &(0x7f0000000000), 0x2, 0x0)
ioctl$VIDIOC_CREATE_BUFS(r2, 0xc100565c, &(0x7f0000000040)={0xfffffff9, 0x7, 0x4, {0x3, @pix={0x0, 0x100, 0x32315241, 0x4, 0x8, 0x2ab, 0x5, 0x9, 0x0, 0x0, 0x1, 0x3}}, 0xd})
r3 = syz_io_uring_setup(0x1009, &(0x7f00000001c0)={0x0, 0x4204, 0x100, 0x3, 0x205}, &(0x7f0000000080), &(0x7f0000000280))
io_uring_register$IORING_UNREGISTER_PERSONALITY(r3, 0xa, 0x20, 0x0)
openat$tun(0xffffffffffffff9c, &(0x7f0000000000), 0x40241, 0x0)
socket$xdp(0x2c, 0x3, 0x0)
socket$inet6_udplite(0xa, 0x2, 0x88)
socket$kcm(0x2, 0x3, 0x2)
r4 = socket(0xf, 0xa, 0x6)
r5 = inotify_init()
inotify_add_watch(r5, &(0x7f0000000000)='.\x00', 0x400017e)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0)
mremap(&(0x7f0000000000/0x9000)=nil, 0x600002, 0x600002, 0x7, &(0x7f0000a00000/0x600000)=nil)
openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000300)='blkio.bfq.io_merged_recursive\x00', 0x275a, 0x0)
read$FUSE(r5, &(0x7f0000001fc0)={0x2020}, 0x2020)
listxattr(&(0x7f0000000180)='./cgroup\x00', &(0x7f0000000140)=""/31, 0x1f)
r6 = syz_open_dev$tty1(0xc, 0x4, 0x1)
r7 = dup(r6)
ioctl$TCSETSF(r7, 0x5404, &(0x7f0000000000)={0x0, 0xfffffff7, 0x0, 0x515f3157, 0x4, "78e1141009f593233bce41f20613341f43d01f"})
ioctl$BTRFS_IOC_DEV_INFO(r4, 0xd000941e, &(0x7f0000004000)={0x0, "5b3d497faef6a30bd7e5afc30e8327ad"})
write$UHID_INPUT(r7, &(0x7f0000001040)={0xd, {"a2e3ad21ed6b0af99cfbf4c007f70eb4d04fe7ff7fc6e5539b0872fc8b546a1b4d09940f08900c878f0e1ac6e7049b4cb4956c409b3c2a0867f3988f7ef319520100ffe8d178708c523c921b1b0f5a0a169b50d336cd3b78130daa61d8f809ea882f5802b77f07227227b7ba67e0e78657a6f5c2a874e62a9ccdc0d31a0c9f318c0da1993bd160e233df4a62179c6f309f4cff7738596ecae8707ce065cd5b91cd0ae193973735b36d5b1b63e91c00305d3f46635eb016d5b1dda98e2d749be7bd1df1fb3b231fdcdb5075a9aaa1b469c3090000000000000075271b286329d169934288fd789aa37d6e98b224fd44b65b31334ffc55cc82cd3ac32ecd03aded6f9081b4dd0d8b38f3cd4498bee800490841bdb114f6b76383709d8f5c55432a909fda039aec54a1236e80f6a8abadea7662496bddbb42be6bfb2f17959d1f416e56c71b1931870262f5e801119242ca5b6bfc821e7e7daf2451138e645bb80c617669314e2fbe70de98ec76a9e40dad47f36fd9f7d0d42a4b5f1185ccdcf16ff46295d8a0fa17713c5802630933a9a34af674f3f39fe23491237c08822dec110911e893d0a8c4f677747abc360934b82910ff85bfd995083bba2987a67399eac427d145d546a40b9f6ff14ac488ec130fb3850a27afc953854a642c57519544ae15a7e454dea05918b4124351601611c8f11baa500a3621c56cea8d20ff911a0c41db6ebe8cac64f17679141d54b34bbc9963ac4f4bb3309603f1d4ab966203861b5b15a841f2b575a8bd0d78248ebe4d9a80002695104f674c2431dca141fae269cab70e9a66f3c3a9a63e9639e1f59c0ede26c6b5d74b078a5e15c31634e5ae098ce9ee70771aaa18119a867e1088334975e9f73483b6a62fa678ca14ffd9f9db2a7869d85864056526f889af43a60560a22f1fca567e65d5e880572286522449df466c632b3570243f989cce3803f465e41e610c20d80421d653a5120000008213b704c7fb082ff27590678ef9f190bae979babc7041d860420c5664ba7921b14dc1db8892fd32d0ad7bc946813591ad8deff4b05f60cea0da7710ac0000000000008000bea37ce0d0d4aa202fd28f28381aab144a5d429a04a689b83c7068ae949ed06e288e810bac9c76600025e19c907f8ea2e2f05dd3318271a1f5f8528f227e79c1388dbdfffe492f21579d2c15b8c70cdb1c332d86d87341432750861ec2bc3451edca194b221cfec4603d276bbaa1dfa6d4fb8a48a76eefc9a9a0270e4c10d64cd5a62427264f2377fe763c43470833ac96c45f357cbbaba8f1b1fdcc7cbb61a7cdb9744ed7f9129aede2be21ccfdc4e9134f8684b3a4f354da9a795e96334e207dff70f1988037b2ed3aaf575c0b88d8f146684078416d59fdee5325928974d12dad99dac44c3f0008047096a44060bebc2420aed92fa9b6578b4779415d97b9a6d6d5495c118045651cf41c2fc48b778efa5ea5677747430af4162b987b80c3e001cd34e5c92f76cc4c24eeb8bc4e9ac2aed9e53803ed0ca4ae3a9737d214060005ea6f1783e287b3bee96e3a7288afe2fdfaa78d1f48c13b64df07847754b8400daaa69bf5c8f48fe4eae9ca1207e78283cd0b20ceb360c7e658828163e2d25c4aa348561f927e88f63aa70e73a5e69b3df3495903f06572e1e007fa55a2999f596d067312f5779e8dbfdcf3427138f3d444d2639a10477f9bec4b0bbb6e3c04be68981f392203dd0ee3ef478e16dacfc5e3e03cf7ab8e3902f1b0ff034ef655b253ca509383815b1b6fc6522d4e4fdc11a48cf42d48604675fde2b94cf02b98a269b891abf8ab9c015073014d9e08d4338b8780bdecd436cf0541359bafffa45237f104b96210403b2de9efedfd71af9444e197f47e866101496f42355bc7872c827467cfa5c4e72730d56bd068ed211cf847535edecb7b373f78b095b68441a34cb51682a8ae4d24ad0465f3927f889b813076038e79a7962fb385a882e8020f06c4c2ba1dd5cac7c18876da865d258734dd73583df292892448039ef799cf0630becdcce04579b5561dc825ab829827945e020c1f67ee615f7084a607a7eceb6243378e0610060f02cca4051c2f001edb3d78fb4b55668dda93aec92a5de203717aa49c2d284acfabe262fccfcbb2b75a2183c4e15a7b6eb65ca8104e1b4da1fbb77ab2fc043aead87c32ab875ee7c2e7b7019c902cd3b43eaeb1a5fb135c0c7dcee8fe6516a328032f88c042891824659e9e94265c803b35ee5f83a2b210520106b8a358b50ab7a1fa89af9c251fe5294b3d1802d5676d95f160ec97b1ad948741b2044642c37b4a6cc6c04effc1672db7e4b68d787d9a7a508ae54b3cd73643de50e8c77d95a3d361c040babb171607caac2a3559ad4f75465f49c0d0ae3716db6e00cb11db4a5fade2a57c1023bf70cc77737c3b42aae501b20f7694a00f16e2d0174035a2c22656dc29880acebdbe8ddbd75c2f998d8ac2dfad2ba3a504767b6b45a45957f24d758ed024b3849c11d412a2a03b4047497022d9c30e23ef4df5c89644f48bb536f7945b59d7bcddff754413d135273ea8e75f22f216c6b9990ae71806f2c00b4025c48b75c0f73c497579773767075428067e7f16f4dde374f8211fef42cb468e623daf60b3569d462f4f19eacdb3ed70eeebb4483f8fd777d443e8b40426db6fe29068c0ca3d3414442e863a154704b0e51bc664a137b26be719f4f7c9a5678a674dfc95df80b9ce375dd649c8c704e509bd88c8e63d8c7dd67071115c8982ba46af4d6adcc9f68a75b9397b035153faf46366e7205dd8d6f37525c1a0e94610dd94323f6c15d085197149bfd6655548cfd9c52c9711937f79abb1a124f1210465483cd3b2d78378cfb85ed82e7da0f6eb6d279f2ae44369ddb4581c55925d0f6f1ba471eba281f259152f85a654fb39ddff3b484439ff158e7c5419e037f3e3ad038f2211f1033195563c7f93cd54b9094f226e783271e1e5a2a2c10712eab625d64931cd4ffe6738d97b9b5ef828ee9fb059fc01af0e79c1e14b1d25988c69a399567c1d93768f7971d31488b8658a20878b7c1dd7ba02fc42939dde3d4a3339a65d507dc59c51097b40517705da56e9ebf0afa53282bf86dbb58c548069ff6eb95aade7cc66d7bbef724779ca1f731b3346ff177050373d79ff7b3e7f9bc0c1b4b266a8878b90baaa039d3e3b63979ac3df6e6f4859afd50238c7547a39b60810938044ae185d2ba3e00a4e73676864ae090d81eaee5ee6cf1d0ab378dd4dd891e937c2ea5410e05130935e00785ec27e923911fab964c271556527697b52160687461602f88df165d884b36ec2b6c25a2f33c715687e9ddbfb96d6861aca47da73d6f3144345f48843dd014e5c5ad8fe995754bd9cf32fce1e7027132f2082fb0a30b9deae84bed4b28045634073c9c58c89d9e99c81769177c6d594f88a4facfd4c735a20307c737afae5336651b1b9bd522d60399473296b831dbd933d93994ba3064279b10ea0c5833f41f157ea2302993dbe433b1aa3a3766d5439020484f4113c4c859465c3b415c3432f81db8719539d5bf372aaaea1cc43a6c5cbe59758bfee29165895ac4b008e595f437491d87abed02cefcd9db53d94d02dae17b118e5d6787463181f4b87c10772d2b13f7809959bc048850613d17ca51055f2f416a44fe180d2d50c312cca7cb14a2bdc331f57a9817139a206fc76d57227ffff2de20a4b8e3737fbb42913777c06376f799eba367e21f94ca598705f5dcb767d6f84fad6b0f6095e53c4c4234d0c1fbe434f6ab8f43c0013ee93b83946ee7759e89d7bdd1a32d7b3110b932a4d02da711b757fe43c06d21e35810d8fe98b27faea8aa12bc8716eefc5c97c45ac33eeec964c5214bc3a9359bdea1cccab94f15e36319cb34ebcacedb82c2ed3de5a8a8f0011e8f74e82d7f96093530e76692839d7961939adfdeeeaff19d11efcafb6d546fef271e89d6cc238a081ff58cefcce3fbf4625a7e7de40e42e07b34449e15e065cc7348663a52190202c7af288a4510de03dab19d26285eda89156d50dd385a60333ba5bbf5d77cd7007ad1519ad5470de3dd6d6080cafccf8a97406bb6b68a1f0c4549820a73c880f475f732ae00398e8bd1f4908b7807fb33b72685ec37a2d3f766413a60459516246e5a1d998a2017aef0948a68cb0b3e35cb80dd349e891aef595dc4d470e8ac32a308e15fc37d06aeac289c0523f483e1ff7408c60edddab652f2ef91d4f2b01987b0f46da034e5c3f745a7ee8101a3934c54e24b48ec0275e2d0687dc746b0827cbf652f406c6b95f2722e58c05f752ce2126596e1cd7655b904801784c416b22f73d324678e2724f43f1fe687c7e8a60c28b82b6528341b648cdd56fed7cdcbb1575912d5ecd36dea3bca0b7427d8392c6289455e8f8d2ab2242729251ae033a9e02210e62df0546a74b333a1c48f95fd54acb5741259e8c5488efeee327415cc19451432c6f14c27693102a3cd84857cd6586fc5ca9a93eb0145fac0662ff86107f998a8ef7df8aa14046c55b03d3d47f88a8d60f7774a2ee08758897fb411a94b3c2fc5d5f0db42c0456ec014508e5247d33ae6c962d35603ff8454c16f8342856935125102bb784ed714887071f3d998efdd9923c954ab6ce431b63ee356b0c785f2f47b90e29389f22fc5b59a70efaea2bd40195af4486220d702e30bfc43c10ec23ea6283994a7dde4dcb61fea6b651fb1d62458d0741a12830052fcc460db043afe525629b40d7cee658e4cb5e930ed624806c43a006dc9336d07c2b8081c128ad2706f48261f7897084c297a1a6613bc18f5a38d442768af38041efe03d152ef95ff569e76db2391f4509d7f339d92fdb4a89364949da3932ba5c04c24a560ad80a3ce654578376e599aff3565b1d531f30912b99e6619ebe93cc0b81ea9935fd46edb44a78f615255490a4b621501f2a9e4d24624c4dac9274118c67584f5d374755534d7f68f679c4ff516a9c861a0e7e65868fcb2bf1cb9aea4e05df72279fdb0d2b9e935c5af3cf474bed79dfc248c1f5aea4b8b32c5d295e57079d0fe662a46b7f71cd47744db86c50b704c971d90295c7b2c7439a2d78ccfa79b5fc2bff6bbf840262bf89394b3e6491953264d2700c838fa2c7b34252600c9654e502dcea39cb6bc3eb69992e234b4ca7db2f45858d6284ca6270d6b2f0e58fded8a7b4a302a97bc641df07720ba2b26bbfcc807ca0abb1b44322269c21c5ec68cb068ea88067d905ea917bb03eefdaebdeabf2d0dce80997c915c8949de992587c2cb5fe36d7d3e5db21b094b8b77940b5f07722e47a08d367e5f84c96ec664b72934b99b3109af65d77e86abd6859cddf4bbae1f0930462df15fddbc48562ea3511a8065ef028cf12f14dcf6ebecd8d884836174faf1aa609e5f1ee1162dfa13bdc1fa7cfaadba85c72e9758f03a755d0be53f8d2a1dfb1c68cc164b0a0780d971a96ea2c4d4ca0398c2235980a9307b3d5bd3b01faffd0a5dbed2881a9700af561ac8c7e36bb2fc4c40e9cf96f06817fb903729a7db6ff957697c9ede7885d94ff1aa70826ad01a9b03c37b0969be0daf60af93109eb1dee72e4363f51af62af6fb2a6df3bec89822a7a0b678058fa3fef86faec216eb6992162f8dcbf719c148cd2f9c55f4901203a9a8a2c3e90f3943dbc10360a1a49700d1dfbf66d69f6fbaf506c8bcce8bb0d872a02238926407a4eddd5d0fc5a752f9000", 0x1010}}, 0x1b7)
r8 = syz_open_dev$dvb_frontend(&(0x7f0000000000), 0x0, 0x141000)
ioctl$FE_GET_PROPERTY(r8, 0x80106f53, &(0x7f0000000040)={0x34, &(0x7f0000000100)=[{0x1d, '\x00', @buffer={"efd276c2de78a4b0520401e0b00a546c932af18fdc53e3ba9286f559d69b4b25", 0x20}, 0x2}]})
syz_usb_connect$uac1(0x3, 0xdc, &(0x7f00000017c0)=ANY=[@ANYBLOB="12010000000000106b1d01014000010203010902ca0003010070000904000000010100000a24010800000201020d24060000030800000000000000240803960c03112d9cd2ce0c240208000103000000ff000924060506020100000924030003030005490c240206", @ANYRES8=r4, @ANYBLOB="07b0"], 0x0)

2.754448255s ago: executing program 3 (id=5743):
io_setup(0x4, &(0x7f0000000100)=<r0=>0x0)
r1 = openat$sysfs(0xffffffffffffff9c, &(0x7f0000000000)='/sys/power/disk', 0x1, 0x0)
io_submit(r0, 0x1, &(0x7f0000000400)=[&(0x7f0000000080)={0x0, 0x0, 0x0, 0x1, 0x0, r1, &(0x7f0000000300)="8799", 0x2, 0x4, 0x40000000}])

2.669481936s ago: executing program 0 (id=5744):
socket$nl_netfilter(0x10, 0x3, 0xc)
memfd_create(&(0x7f0000000000)='\x103q}2\x9a\xce\xaf\x03\xdfy[\xd9\xffR8\xf4\x1c\bi\xe4^\xd5\xfd\xa9\r\xac7A\x94\xa0\x00\x00\x00\x90+\xd6\x05\r\x84\x87\x1c\b\xdb\xe2\x00\x00A\x90m\xb6&\xd0\x9d\x00\x00\xc5\xb8,\f\xd4s\xb2\x99/\xc0\x9a\xf2O\xdb\x00\x00\x00\x00\x00\x00\r\x1b\xd3\xff<\x83z\x80\x8fQ|\xf5d\x10\x10\xd7\x01M\x7fML\x18\'\x1a<\xfee7{l\x16}\xa0I\x7f\xb5)l\xbb\x02\xfa\xb7\xb6\xa0]\xda8\xe0~\x1c \x91\t\x8b\xbd\x1f\xb3834d1i\x9b\x94\xa6\\\x0e\xe2\xfa\xe5!\xd3\xcf\xfc\xce\xba\xe2\x9f\x05xgL5\x14Y+\xb3\x1axi)<\xf7\x98\xc1\xba\xf4|\xe7|\xc4\xd7\x03\x00\x00\x00\x04D\x15E^7%8\x94y\xfe\x96\x98\xf0l\xa0\'Q%\xd4\xda\xee\x81}\xcc\xfd\xa2\xe3M~x\x96\xe3]\xd70\xa2\x17\xca\xde\x1b\xaa\xe0l\xfc\x85\x8fc\x1c{|e\x8bs\xb0\x85E\xce;p)\xf8\xa6\xaa&QC4V\x81\x04\xcf\xd2\x81\xdc\xdf\xd7<\x9f\x93\x8bX\xd4\xea\xb2\xff\b\x92\xc7\x00\xef\xff\x00\x93\x1f\x92\xa7dcY\x9c\x9e9O-\xfcF\xbb\xbd{:IR\xea\xd8$\xe2\xa0\xc2\x8b\x1a\xead\xb8\xe1:6\x15M\x1d\xdak\x8c\x909\xd8\xb3\x02\xe0\x04\x9c\xc2\x06|\xf0\x0f\xa6Y&r\x9b\xc7\x1d\xe7jDf\x87@\x8fg\x15RJwe\xe2\xdcunu\xff`\xa40\xce\xffB%\xe4k\xff\x8d\x06\x0e\x89\xd9DC\x9fF\x9c[M=\xe0^\xa8\xed)\xe8Z\xe8\x99&\x87\x04\xa4\t\xaa\xd8\xd6\xd5pG\xcb\xc4\x8b\xf7\xb8#\xcb\xd8|\xa5\xa6S\x8b\x8cv\xb7)\x02k\xf3L\x03\xbb\xfa\xe1\\\xf1\x8cUj\xd5\xa5\x88GL\xe7_\xfd\x17C=G\x0f\xe9u\x1d\xfeg\xfex\xcd\xaa\xad\x906\xd0sy\xc6T\x93\xae\xd5r\xc8G\xc5\xfdS\xff\x04:`\x1e\xe3;l\xcd&\xd4\xf4\x8eum\x04\x00~\xfa\x05\xd7\xe7X\xc7/\xae5\x93wwT\x13\xbd,\xd6\x16\x84\xcd\xd1\xd8\xe1P_\xbf0\xd8\x8d%Yh\xb5\xb4\"\xf5\x93\xdeh\xce\xa5\xe8\xc8\xec\x88\x89\xf07{\x95\xc9\xd0\xee\xe1\x1d\x80\xcc]-\xc2\xa1\x02ELhI\xd9\xf5\xcfk\x8a&i\xc1\xff9T\x8e\xe2rY\xa3\xd2H9\xfe\x0e\x1e\xac\x0f\xc3\xbd{\xd9\xcc\xbe\xa9\x93\xe0\xa4W\x1cn>\xc1\xf1\x9e\"\x93\x19\x19\x1a\xcc\x7fy\xd2~\x05\x99\xe6\x00o\xca\xe0\xc6\xd4\xf5\xa0\xc8P\xd6;\xf3\xc6~E\xacI\xd4\xe9\xa1|>\x91.K\x81\xa9+\xcf\xff\xcb\xfa\x0f\xe7n\x83H\x12\xac\x80\x16\xf8\x87Q\x97Az\n`\xb6\xe13A\xec\x8d(\\D\xec\xa6\t1\xa0h\xfc\x1f\xdd1@-4\xb4:\xf8\xd5wP \x84m\xe2\xd9\xfcb\xa0\xc3\xc9\xe7W\x86\xd7$\xa4ml\xee\x97[', 0x2)
r0 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000280)='cpuacct.usage_percpu\x00', 0x275a, 0x0)
write$UHID_CREATE2(r0, &(0x7f0000000040)=ANY=[], 0x118)
mmap(&(0x7f0000000000/0x3000)=nil, 0x3000, 0x88fd537e5c114b6e, 0x11, r0, 0x0)
r1 = syz_usb_connect(0x0, 0x2d, &(0x7f0000000000)={{0x12, 0x1, 0x0, 0x4d, 0xda, 0xcc, 0x20, 0xe41, 0x4750, 0x269c, 0x1, 0x2, 0x3, 0x1, [{{0x9, 0x2, 0x1b, 0x1, 0x0, 0x0, 0x10, 0x0, [{{0x9, 0x4, 0xf4, 0x2, 0x1, 0xd2, 0x98, 0x2c, 0x0, [], [{{0x9, 0x5, 0x2, 0x0, 0x200, 0x2}}]}}]}}]}}, 0x0)
syz_usb_control_io$uac1(r1, 0x0, 0x0)
io_submit(0x0, 0x1, &(0x7f0000000200)=[&(0x7f0000000080)={0x0, 0x0, 0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0}])
r2 = syz_open_dev$vim2m(&(0x7f0000000000), 0x7, 0x2)
ioctl$vim2m_VIDIOC_G_FMT(r2, 0xc0285629, &(0x7f0000000080)={0x3, @win={{0x2}, 0x7, 0x0, 0x0, 0x0, 0x0}})
ioctl$KVM_SET_REGS(0xffffffffffffffff, 0x4090ae82, &(0x7f0000000000)={[0x0, 0x9, 0x0, 0x81, 0x9, 0x0, 0x2004c8, 0x8000000, 0x0, 0x0, 0x7, 0x0, 0x5, 0xd, 0xfe54, 0xffffffffffffffff], 0x106000})
syz_kvm_add_vcpu$x86(0x0, &(0x7f0000000000)={0x0, &(0x7f0000000100)=[@code={0x1, 0x81, {"0f22e5c744240060420000c744240233d8cecbc7442406000000000f011c24668f38896810c4027958b20000000064449966baf80cb83284af80ef66bafc0c66ed66baf80cb8cc07ff8aef66bafc0cb8d4000000ef48b8f8000000000000000f23c00f2135030009000f23f8450f2244"}}], 0x81})
ioctl$KVM_SET_MSRS(0xffffffffffffffff, 0xc008ae88, &(0x7f0000000000)={0x1, 0x0, [{0xf88e470f, 0xed}]})
r3 = openat$kvm(0xffffff9c, &(0x7f00000000c0), 0x800, 0x0)
r4 = ioctl$KVM_CREATE_VM(r3, 0xae01, 0x0)
r5 = ioctl$KVM_CREATE_VCPU(r4, 0xae41, 0x0)
ioctl$KVM_SET_USER_MEMORY_REGION(r4, 0x4020ae46, &(0x7f0000000080)={0x0, 0x0, 0x0, 0x2000, &(0x7f0000000000/0x2000)=nil})
ioctl$KVM_SET_REGS(r5, 0x4090ae82, &(0x7f00000002c0)={[0xc46, 0x9, 0xfffffffffffffffd, 0x10000000, 0x10000, 0x3, 0x4002004c2, 0x7ff, 0x9, 0x0, 0x400, 0x64513f24, 0x89, 0x0, 0x8, 0x8d], 0x100000, 0x240046})
ioctl$KVM_RUN(r5, 0xae80, 0x0)
ioctl$KVM_RUN(r5, 0xae80, 0x0)
ioctl$KVM_RUN(r5, 0xae80, 0x0)
bpf$OBJ_GET_PROG(0x7, &(0x7f00000003c0)=@generic={&(0x7f0000000380)='./file0\x00', 0x0, 0x18}, 0x18)

2.575408508s ago: executing program 3 (id=5745):
r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0)
r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0)
ioctl$KVM_CREATE_IRQCHIP(r1, 0xae60)
ioctl$KVM_REGISTER_COALESCED_MMIO(r1, 0x4010ae67, &(0x7f0000000040)={0x9000, 0x104000})
socket$nl_generic(0x10, 0x3, 0x10)
socket$packet(0x11, 0xa, 0x300)
socketpair$unix(0x1, 0x3, 0x0, &(0x7f0000000080)={<r2=>0xffffffffffffffff, <r3=>0xffffffffffffffff})
connect$unix(r2, &(0x7f000057eff8)=@abs, 0x6e)
sendmmsg$unix(r3, &(0x7f00000bd000), 0x318, 0x0)
recvmmsg(r2, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
sched_setattr(0x0, &(0x7f0000000280)={0x38, 0x5, 0x8, 0x8001, 0x0, 0x9, 0x0, 0xfffffe0000000001, 0xfa11, 0xffffffff}, 0x0)
openat$vimc2(0xffffffffffffff9c, &(0x7f0000000180), 0x2, 0x0)
r4 = socket$inet6(0xa, 0x3, 0x3c)
r5 = socket$nl_netfilter(0x10, 0x3, 0xc)
sendmsg$NFT_BATCH(r5, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000080)={&(0x7f0000000240)=ANY=[@ANYBLOB="140000001000010000000000000000000500000a28000000000a030000000000000000000a00000708000240000000020900010073797a31000000002c000000030a010100000000000000000a0000070900010073797a31000000000900030073797a3200000000140000001100"], 0x7c}, 0x1, 0x0, 0x0, 0x4841}, 0x0)
sendmsg$NFT_BATCH(r5, &(0x7f0000009b40)={0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x4000850}, 0x40)
connect$inet6(r4, &(0x7f0000000000)={0xa, 0x5002, 0x80000001, @private2, 0x7}, 0x1c)
setsockopt$inet_tcp_TCP_REPAIR(0xffffffffffffffff, 0x6, 0x13, &(0x7f0000000040), 0x4)
writev(r4, &(0x7f00000000c0)=[{&(0x7f0000000100)=',', 0xffdf}], 0x1)
r6 = socket$nl_generic(0x10, 0x3, 0x10)
syz_genetlink_get_family_id$ethtool(&(0x7f0000000140), r6)
syz_genetlink_get_family_id$nl80211(&(0x7f0000000200), 0xffffffffffffffff)
r7 = syz_open_dev$sndpcmp(&(0x7f00000001c0), 0x0, 0x0)
ioctl$SNDRV_PCM_IOCTL_WRITEN_FRAMES(r7, 0x40184152, 0x0)

2.575071641s ago: executing program 6 (id=5746):
socketpair$unix(0x1, 0x3, 0x0, &(0x7f0000000080)={<r0=>0xffffffffffffffff, <r1=>0xffffffffffffffff})
connect$unix(r0, &(0x7f000057eff8)=@abs={0x0, 0x0, 0x4e22}, 0x6e)
sendmmsg$unix(r1, &(0x7f00000bd000), 0x318, 0x0)
recvmmsg(r0, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
sched_setattr(0x0, &(0x7f0000000280)={0x38, 0x5, 0x8, 0x8001, 0x0, 0x9, 0x0, 0xfffffe0000000001, 0xfa11, 0xffffffff}, 0x0)
seccomp$SECCOMP_SET_MODE_FILTER_LISTENER(0x1, 0x0, 0x0)
r2 = syz_open_procfs(0x0, 0x0)
lseek(r2, 0x2000, 0x0)
mmap(&(0x7f0000000000/0xff5000)=nil, 0xff5000, 0x2, 0x4c831, 0xffffffffffffffff, 0x1000000)
openat$nullb(0xffffffffffffff9c, &(0x7f0000000080), 0x4000000004002, 0x0)
syz_memcpy_off$IO_URING_METADATA_GENERIC(0x0, 0x4, &(0x7f0000000180)=0xfffffffc, 0x0, 0x4)
io_uring_enter(0xffffffffffffffff, 0x847ba, 0x0, 0xe, 0x0, 0x0)
r3 = socket$inet_tcp(0x2, 0x1, 0x0)
r4 = fcntl$dupfd(r3, 0x406, 0xffffffffffffffff)
syz_emit_ethernet(0x4e, &(0x7f0000000600)=ANY=[@ANYBLOB="ffffffffffffffffffffffff080046000040000000000067907800000000ffffffff010100002100907812000228280000240000000000000000e0000002e0000000860800000000000200000000f7a92911457b66bfcd46d0da7c3b964d1135a9687dae55b93e8ad4224480ba70aa5fad77ec0f73bd8eebfff8accb76c27ed00c42f6b1fa0f00000000000000ce2bc8b838425c8fe204ee9202fbe5195607b51da61dce76b3aabe6af174fcfbcec0e4c7ba830cbc08f5122bf220d1fab67591864561e1445b3a29d721a4f79cf9a73acb751018a94682fc594531b7a89c8cb1eddafd353f71be73709111f8bd1676d6f538ce2cebcfe95a821f8e67f0b8aec9629196ba4bf1cb7a7412a808c128c2d480cb5e8789e0fcc4c6cecd1fb126966961f065a71f17b25c46f3b269d87cd9cc78e314aeedecafdefa1ebd860000000000000000309636eb7b19b2a6f8f02e794788e2394e1e7cbe6a2453c41a2f2bc7dbe9500360e3fdadb183697fc438c1348edfe917a172df4450f80c839837845c5c845a468b9132284acc7006198244bd593e8c5b4837177b684cdcacee956df7575211596376ccf77c5f51e2d6ec2c595048cb69e8cd02dc794f8b8858c03cee92f778d39d176793c357b2970287b1739f4b7def3e1ca91b04b44f567873070e364b306f38b5ab727710626155d0500a169c28a0d3e41fa2a7f267bd2cb1bcc605d72ae16ad099b8183689a2370961116a221c3b92854922239550301c22dc833feb0c78fcd4b9c4bf4eec01a4056fd3f401da09faa4efcbb62bae8add23197e197d2d942c96dc9765930b89ae5910094ff5169c11538fc4de1ad2ea0d904912d2ade7b156951d214389ca1739cde5334da3c54dfeaf1d74bbe7db3df1e32ae4755c19227dc811a98ea4844702ccf37a4c359ddcb6f9"], 0x0)
mount_setattr(0xffffffffffffff9c, &(0x7f0000000180)='.\x00', 0x0, &(0x7f0000001dc0)={0xf, 0x5, 0x100000}, 0x20)
r5 = openat$sysfs(0xffffffffffffff9c, &(0x7f0000000000)='/sys/kernel/uevent_helper', 0x102, 0x0)
bpf$PROG_LOAD(0x5, &(0x7f00000004c0)={0x20, 0x18, &(0x7f00000002c0)=@raw=[@ringbuf_query={{0x18, 0x1, 0x1, 0x0, r2}}, @map_fd={0x18, 0x0, 0x1, 0x0, r4}, @generic={0x4, 0x7, 0x6, 0x6, 0x10}, @alu={0x4, 0x1, 0x3, 0x0, 0x4, 0x20, 0x8}, @snprintf={{}, {}, {0x7, 0x0, 0xb, 0x8, 0x0, 0x0, 0x5}}, @call={0x85, 0x0, 0x0, 0xa1}, @map_idx={0x18, 0xe, 0x5, 0x0, 0x2}], &(0x7f0000000040)='syzkaller\x00', 0x1000, 0x1, &(0x7f0000000140)=""/1, 0x41100, 0x40, '\x00', 0x0, @netfilter, r5, 0x8, &(0x7f0000000200)={0x0, 0x1}, 0x8, 0x10, &(0x7f0000000240)={0x6, 0x0, 0x3, 0x62f4}, 0x10, 0xffffffffffffffff, r4, 0x7, &(0x7f00000003c0), &(0x7f0000000440)=[{0x4, 0x4, 0x2ef30}, {0x4, 0x1, 0x9, 0x6}, {0x3, 0x5, 0xe, 0x5}, {0x3, 0x2, 0x4, 0x1}, {0x4, 0x3, 0x7, 0x1}, {0x4, 0x0, 0x2, 0x9}, {0x3, 0x3, 0xf, 0x8}], 0x10, 0xf23d}, 0x94)
epoll_ctl$EPOLL_CTL_ADD(0xffffffffffffffff, 0x1, r4, &(0x7f0000000000))
epoll_ctl$EPOLL_CTL_ADD(0xffffffffffffffff, 0x1, r3, &(0x7f00000001c0)={0xd0002016})
r6 = getpid()
r7 = syz_clone(0x11, 0x0, 0x0, 0x0, 0x0, 0x0)
bind$vsock_stream(0xffffffffffffffff, &(0x7f0000000000)={0x10}, 0x10)
lseek(0xffffffffffffffff, 0x8001, 0x1)
kcmp$KCMP_EPOLL_TFD(r6, r7, 0x7, r4, &(0x7f0000000100)={0xffffffffffffffff, r4})

1.797863808s ago: executing program 5 (id=5747):
r0 = syz_open_dev$usbfs(&(0x7f0000000480), 0x76, 0x160341)
ioctl$USBDEVFS_IOCTL(r0, 0xc0105512, &(0x7f0000000000)=@usbdevfs_driver={0x0, 0x7f, 0x0})

1.559858469s ago: executing program 5 (id=5748):
r0 = socket$inet_mptcp(0x2, 0x1, 0x106)
bind$inet(r0, &(0x7f0000000080)={0x2, 0x4e26, @multicast2}, 0x10)
connect$inet(r0, &(0x7f0000000140)={0x2, 0x4e24, @dev={0xac, 0x14, 0x14, 0x21}}, 0x71)
writev(r0, &(0x7f0000000200)=[{&(0x7f00000000c0)='X', 0x8030000}], 0x11)
sendto$inet(r0, &(0x7f0000000240)="f27b7b9c934c4f94c5f3744a32acf68713cdcc43e2a1cc5c66229bc0e183ff1f1689214da53dbf42f4268f8c0ffaf7c4dee025733997b05201fa5199a94342000b87e1a0b7cc4cf832650a24aa46be4f59db993359af940dda37230abeaa5b6e9ec2b41b0848f0c3cbcf944992def7eb46cd32dc068bc97c52ab59fddab889a6b6cbeec8cfe8e60be12a75c2c0b2d074b36c7e2756ff5d46e217c71b0dd50a55c1ecc56b4de2c3d269eedd36aac89b05d791f0763c5afe49fb73c9456dee63f4f0bbe84326447cb6420ac77182ee12b5cfb508c7ad312d69d6", 0x0, 0xf32f8da68e050109, 0x0, 0x0)

1.496025539s ago: executing program 6 (id=5749):
socket$key(0xf, 0x3, 0x2)
sendmsg$nl_xfrm(0xffffffffffffffff, &(0x7f0000000480)={0x0, 0x0, &(0x7f0000001f40)={&(0x7f00000005c0)=ANY=[@ANYBLOB="90010000190001002dbd70000300000000000000000000000000000000000001ac1414aa00000000000000000000000000000000000000000a0000001d000000", @ANYRES32=0x0, @ANYRES32, @ANYBLOB="00000000000000000b000000000000008100000000000000000000000000000000000000000000000800000000000000000000000000000000000000000000000000000000000000000a00000000000000000000008040000200000000000008000000000000000001000600000000001c00040000004e204e220000e0000002000000000000000000000000ac000700ffffffff000000000000000000000000ff0100000000000000000000000000014e2300004e2100c30a00000087000000", @ANYRES32, @ANYRES32, @ANYBLOB="090000000000000089b3000000000000090000000000000006000000000000000080000000e4ffff04000100000000007a01000000000000ff0f00000000000008000000000000000400000000000000f7ffffffffffffff0b0000000000000005000000bc6b04bbaff25921beaff32e66ceef9b2bca6e000001cd91d0070000"], 0x190}}, 0x0)
r0 = socket$inet6_sctp(0xa, 0x1, 0x84)
sendmmsg$inet6(r0, &(0x7f00000003c0)=[{{&(0x7f0000000080)={0xa, 0x4e23, 0x0, @loopback, 0x280020}, 0x1c, &(0x7f00000000c0)=[{&(0x7f0000000540)='\x00', 0x1}], 0x1}}], 0x1, 0x20008050) (fail_nth: 3)

878.559051ms ago: executing program 5 (id=5750):
r0 = socket$inet6_sctp(0xa, 0x5, 0x84)
bind$inet6(r0, &(0x7f0000000300)={0xa, 0x4e23, 0x0, @loopback, 0x3}, 0x7e)
r1 = socket$nl_netfilter(0x10, 0x3, 0xc)
sendmsg$NFT_BATCH(r1, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000080)={&(0x7f0000000780)=ANY=[@ANYBLOB="140000001000010000000000000000000500000a28000000000a030000000000000000000a00000708000240000000020900010073797a31000000002c000000030a010100000000000000000a0000070900010073797a31000000000900030073797a320000000014000000110001"], 0x7c}, 0x1, 0x0, 0x0, 0x4000}, 0x0)
r2 = socket$netlink(0x10, 0x3, 0xc)
bind$netlink(r2, &(0x7f0000514ff4)={0x10, 0x0, 0x0, 0x2ffffffff}, 0xc)
sendmsg$NFT_BATCH(r1, &(0x7f0000000100)={0x0, 0x0, &(0x7f0000009b00)={&(0x7f0000000500)={{0x14, 0x10, 0x1, 0x0, 0x0, {0x3}}, [@NFT_MSG_NEWRULE={0x48, 0x6, 0xa, 0x401, 0x0, 0x0, {0xa, 0x0, 0x4}, [@NFTA_RULE_TABLE={0x9, 0x1, 'syz1\x00'}, @NFTA_RULE_CHAIN={0x9, 0x2, 'syz2\x00'}, @NFTA_RULE_EXPRESSIONS={0x1c, 0x4, 0x0, 0x1, [{0x18, 0x1, 0x0, 0x1, @synproxy={{0xd}, @val={0x4}}}]}]}], {0x14, 0x11, 0x1, 0x0, 0x0, {0x1}}}, 0x70}, 0x1, 0x0, 0x0, 0x4000850}, 0x24044010)
sendto$inet6(r0, &(0x7f0000847fff)='X', 0x34000, 0xe0, &(0x7f000005ffe4)={0xa, 0x4e23, 0x2000, @loopback}, 0x1c)

878.085224ms ago: executing program 6 (id=5751):
syz_open_dev$evdev(&(0x7f0000000000), 0x3, 0x640000)
r0 = socket$inet6_tcp(0xa, 0x1, 0x0)
setsockopt$inet6_int(r0, 0x29, 0x1a, &(0x7f0000000100)=0x401, 0x4)
socketpair$unix(0x1, 0x3, 0x0, &(0x7f0000000080)={<r1=>0xffffffffffffffff, <r2=>0xffffffffffffffff})
connect$unix(r1, &(0x7f000057eff8)=@abs, 0x6e)
sendmmsg$unix(r2, &(0x7f00000bd000), 0x318, 0x0)
recvmmsg(r1, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
sendmsg$nl_route(0xffffffffffffffff, 0x0, 0x0)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
sched_setattr(0x0, &(0x7f0000000280)={0x38, 0x5, 0x8, 0x8001, 0x0, 0x9, 0x0, 0xfffffe0000000001, 0xfa11, 0xffffffff}, 0x0)
mkdirat(0xffffffffffffff9c, &(0x7f0000000440)='./file0\x00', 0x0)
mount$fuse(0x0, &(0x7f00000020c0)='./file0\x00', &(0x7f0000000080), 0x800, &(0x7f00000003c0)=ANY=[@ANYBLOB='fd=', @ANYRESHEX, @ANYBLOB=',rootmode=00000000000000000040000,user_id=', @ANYRESDEC=0x0, @ANYBLOB=',group_i', @ANYRESDEC=0x0])
r3 = syz_open_procfs(0xffffffffffffffff, &(0x7f0000000040)='mountinfo\x00')
read$FUSE(r3, &(0x7f0000004100)={0x2020}, 0x2020)
r4 = socket$nl_route(0x10, 0x3, 0x0)
r5 = socket$nl_route(0x10, 0x3, 0x0)
sendmsg$nl_route(r5, &(0x7f0000000280)={0x0, 0x0, &(0x7f0000000140)={&(0x7f0000000480)=ANY=[@ANYBLOB="400000001000090600"/20, @ANYRES32=0x0, @ANYBLOB="a7ffa88800000000200012800900010069706970000000fa0f000280040013000500090000000008f33a5798cb485f3a9776f093ab3e544599d87862ad961fa67f7215b55c42d37b9a100eb2ec063287898534c013c8f11d376156badd398f094e0e3b0cae09b813a27158392211de2312f2526854a5a004cb08dad59319ee0f21d26b"], 0x40}}, 0x0)
r6 = socket$inet_udp(0x2, 0x2, 0x0)
ioctl$sock_SIOCGIFINDEX(r6, 0x8933, &(0x7f0000000680)={'bridge0\x00', <r7=>0x0})
socket(0x400000000010, 0x3, 0x0)
r8 = syz_open_procfs(0x0, &(0x7f0000000000)='smaps\x00')
read$FUSE(r8, &(0x7f0000002640)={0x2020}, 0x2020)
sendmsg$nl_route(r4, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000240)={&(0x7f00000002c0)=ANY=[@ANYBLOB="4800000010000104000000000007000000000000", @ANYRES32=r7, @ANYBLOB="3f00000006020400280012800b0001006272696467650000180002800c002e0003000000030000000500070008"], 0x48}, 0x1, 0x0, 0x0, 0x44000}, 0x0)
r9 = socket$nl_xfrm(0x10, 0x3, 0x6)
sendmsg$nl_xfrm(r9, 0x0, 0x10)
socket$nl_xfrm(0x10, 0x3, 0x6)
r10 = socket$inet_udp(0x2, 0x2, 0x0)
ioctl$sock_inet_udp_SIOCINQ(r10, 0x541b, &(0x7f00000000c0))
sendmsg$nl_xfrm(0xffffffffffffffff, &(0x7f0000000040)={0x0, 0x0, &(0x7f0000000000)={&(0x7f00000016c0)=@newsa={0x138, 0x10, 0x1, 0xfff7fffe, 0x100, {{@in6=@initdev={0xfe, 0x88, '\x00', 0x0, 0x0}, @in6=@private1={0xfc, 0x1, '\x00', 0x1}, 0x1, 0x714, 0x4e23, 0x5, 0x0, 0x0, 0x0, 0x3a}, {@in6=@remote, 0x4d4, 0x6c}, @in=@loopback, {0x0, 0x192, 0x6, 0xffff, 0x8251c, 0x2, 0xfffffffffffffff8}, {0xffffffffffffffff, 0x0, 0x1f, 0xfffffffffffffffe}, {0x2, 0xfffffffc, 0x40}, 0x70bd2a, 0x3504, 0x2, 0x1, 0x0, 0x20}, [@algo_comp={0x48, 0x3, {{'deflate\x00'}}}]}, 0x138}, 0x1, 0x0, 0x0, 0x8801}, 0x0)

612.335658ms ago: executing program 3 (id=5752):
r0 = socket$alg(0x26, 0x5, 0x0)
bind$alg(r0, &(0x7f00000004c0)={0x26, 'aead\x00', 0x0, 0x0, 'gcm(aes)\x00'}, 0x58)
setsockopt$ALG_SET_KEY(r0, 0x117, 0x1, &(0x7f0000c18000)="ad56b6c5820fae9d6dcd3292ea54c7beef915d564c90c200", 0x18)
r1 = accept4(r0, 0x0, 0x0, 0x80800)
setsockopt$sock_int(r1, 0x1, 0x7, 0x0, 0x0)
sendmmsg$alg(r1, &(0x7f0000000040)=[{0x0, 0x0, &(0x7f0000000000)=[{&(0x7f0000000080)}, {&(0x7f0000000140)="ebe3a0e9796cfd1647e299f4e376fdba128280b372219d205e81f4a7f71c1926aae1efd7e0054a863f3d5cfe6cb55b5bb9fa6935849e6098ed884e7cb51726b360fbb37b4fe035bbb095873048", 0x4d}, {&(0x7f00000003c0)="e8700e444d50a969ff67347cff6127e6ef12ee3819271482a4975a52c1ab9b8b4db3945d1032005eabe97b4dc33a47d3a158da988456d30026b433186f53cdcdb93a4722bf306a10470d50f5cb1ece9ead3459bab1cf1538cd0b157653c5e892962c80f158c443e9c6ad7d2a8103ef2f4b93766b9a21501f94c1568b13756b66f74f46cf801704d2da8b96c34070b233af0afcc436712e58ed25e721193af05a045ad3fdc928f02f3dbad19d3e66eebda2e63f3f46ef4511cee26d7b48241847bf9e343ef4674c45e2a085060f11", 0xce}], 0x3, &(0x7f0000000380)=[@op={0x18, 0x117, 0x3, 0x1}], 0x18}], 0x1, 0x40800)
recvmsg(r1, &(0x7f00000005c0)={0x0, 0x0, 0x0}, 0x0)

600.640703ms ago: executing program 5 (id=5753):
mkdirat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000000)='./cgroup.net/syz1\x00', 0x1ff)
r0 = openat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000000), 0x200002, 0x0)
r1 = bpf$PROG_LOAD(0x5, &(0x7f0000000400)={0x19, 0x3, &(0x7f00000003c0)=ANY=[@ANYBLOB="1800000001000000000000000000000095"], &(0x7f0000000200)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @cgroup_sockopt=0x15, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
bpf$BPF_LINK_CREATE(0x1c, &(0x7f00000005c0)={r1, r0, 0x15, 0x0, @void}, 0x10)
r2 = openat$cgroup_procs(r0, &(0x7f0000000140)='cgroup.procs\x00', 0x2, 0x0)
write$cgroup_pid(r2, &(0x7f00000001c0), 0x12)
r3 = socket$inet6_tcp(0xa, 0x1, 0x0)
getsockopt$sock_buf(r3, 0x1, 0x1a, 0xfffffffffffffffd, &(0x7f00000003c0)=0x4d)

374.564661ms ago: executing program 0 (id=5754):
socket$inet_icmp_raw(0x2, 0x3, 0x1)
r0 = socket$inet_icmp_raw(0x2, 0x3, 0x1)
setsockopt$SO_ATTACH_FILTER(r0, 0x1, 0x1a, &(0x7f0000000000)={0x1, &(0x7f00000001c0)=[{0x6, 0x0, 0x2}]}, 0x10)
syz_emit_ethernet(0x3e, &(0x7f0000000080)={@multicast, @broadcast, @void, {@ipv4={0x800, @icmp={{0x5, 0x4, 0x0, 0x1, 0x30, 0x0, 0x0, 0xfd, 0x1, 0x0, @initdev={0xac, 0x1e, 0x0, 0x0}, @local}, @time_exceeded={0x3, 0x0, 0x0, 0x3, 0x24, 0x0, {0x5, 0x4, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3, 0x1, 0x0, @remote, @dev={0xac, 0x14, 0x14, 0x35}}}}}}}, 0x0)

288.065635ms ago: executing program 3 (id=5755):
bpf$BPF_BTF_LOAD(0x12, 0x0, 0x0)
r0 = socket$alg(0x26, 0x5, 0x0)
bind$alg(r0, &(0x7f0000000080)={0x26, 'skcipher\x00', 0x0, 0x0, 'ecb(cipher_null)\x00'}, 0x58)
accept$alg(r0, 0x0, 0x0)
prlimit64(0x0, 0xe, &(0x7f0000000600)={0x9, 0x20000008b}, 0x0)
sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x7)
timer_create(0x0, &(0x7f0000000000)={0x0, 0x21, 0x2, @thr={0x0, 0x0}}, &(0x7f0000000300))
fcntl$lock(0xffffffffffffffff, 0x24, &(0x7f0000000040)={0x0, 0x0, 0x3fd4, 0x5})
mlock(&(0x7f0000000000/0x800000)=nil, 0x800000)
sendmsg$ETHTOOL_MSG_LINKMODES_GET(0xffffffffffffffff, &(0x7f0000000d80)={&(0x7f00000001c0)={0x10, 0x0, 0x0, 0x40000000}, 0xc, &(0x7f0000000d40)={&(0x7f0000000b40)=ANY=[@ANYBLOB, @ANYRES32=0x0, @ANYBLOB="2000018008000100", @ANYRES32=0x0, @ANYBLOB="1400020076657468305f746f5f687372000000000c000180080001", @ANYRES32=0x0, @ANYBLOB="64000180140002006272696467655f736c6176655f3000001400020076657468315f746f5f6873720000000008000300030000001400020070696d3672656730000000000000000008000100", @ANYRES32=0x0, @ANYRES32=0x0, @ANYBLOB="08000100", @ANYRES32=0x0, @ANYBLOB="08000300010000000800030001000000140002006272696467655f736c6176655f300000140002006d61637674617030000000000000000014000200766574683100000000000000000000001c00018008000100", @ANYRES32=0x0, @ANYBLOB="08000100", @ANYRES32=0x0, @ANYRES32, @ANYBLOB], 0x1d8}, 0x1, 0x0, 0x0, 0x4000001}, 0x20008010)
capset(0x0, 0x0)

273.95277ms ago: executing program 5 (id=5756):
r0 = syz_open_dev$loop(&(0x7f0000000240), 0x7, 0x142ba3)
r1 = openat$sysfs(0xffffffffffffff9c, &(0x7f0000000140)='/sys/kernel/fscaps', 0xb883, 0xb2)
ioctl$LOOP_CONFIGURE(r0, 0x4c0a, &(0x7f0000000000)={r1, 0x0, {0x0, 0x0, 0x0, 0x400, 0x0, 0x0, 0x0, 0xf, 0x18, "faf98317e5a1149989fc8dbe43ea6acc96e3a2503dc3bd3fe37d58128bbad0099cebdc25f5ab60c9e6d680f9858c1a7bedabd69098c8b534464c516bdd8a0f35", "32d8cc26f7063deb2076fc06c89f3d9e234b30d50997b0ffffffff2176ff7bfe55cd4a5d83cd4a524bd3ffe70c7f3f800b2f7b6aa54cc50a1fcaed1e831fa79a", "678ca55ba139cc1802c4dae4162e43ac61b7ad3300", [0x2, 0x2c0]}})
ioctl$LOOP_CHANGE_FD(r0, 0x4c06, r1)

89.886616ms ago: executing program 4 (id=5757):
socket$inet6_icmp_raw(0xa, 0x3, 0x3a)
socketpair$unix(0x1, 0x3, 0x0, &(0x7f0000000080)={<r0=>0xffffffffffffffff, <r1=>0xffffffffffffffff})
connect$unix(r0, &(0x7f000057eff8)=@abs, 0x6e)
sendmmsg$unix(r1, &(0x7f00000bd000), 0x318, 0x0)
recvmmsg(r0, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
sched_setattr(0x0, &(0x7f0000000240)={0x38, 0x0, 0x8, 0x8001, 0x0, 0x12, 0x0, 0xfffffe0000000001, 0xfa13, 0xffffffff}, 0x0)
r2 = socket$inet6(0xa, 0x2, 0x0)
setsockopt$inet6_IPV6_FLOWLABEL_MGR(r2, 0x29, 0x20, &(0x7f00000001c0)={@rand_addr=' \x01\x00', 0x800, 0x0, 0x103, 0x1}, 0x20)
writev(0xffffffffffffffff, &(0x7f0000000140)=[{0x0}], 0x1)
r3 = memfd_create(&(0x7f0000000480)='[\v\xdbX\xae[5\xa9\x90\xffc\x1f\x1a\xa9\xfd\xfa\xad\xd1md\xe7\xe2\x7f\x9b\xd5R\x10\xf3\xb6\xffT\xbf\xd1\xc8\x85HX\xa9%\f\x1ae\xe0\x00\x00\x00\x00\xfb\xff\x00\x00\x81\x9eG\xd9,\xe2\xc6a\x9f\xe8\xf1\xb3\x86\xe2+Op\xd0\xa2\x82\x1eb;(\xb5\xe1jS\xd6\x91%||\xa0\x8ez\xadT\xc8\f\xe5\x89\xbf3:\x99\x1e\xac`\xc3\x9fc\xda\xa9\x83r\xd8\x98\x00\xff\xf5\x95\xd2q#\xc6\xca\x97\x9d\xcb\x1e\x80\xd6\xd5%N&\xf8#\x80z8Z\xd2}\xf5\xe4\x9f5\x9b\x01\xf9', 0x0)
write$binfmt_script(r3, 0x0, 0x0)
r4 = openat$vhost_vsock(0xffffffffffffff9c, &(0x7f00000000c0), 0x2, 0x0)
ioctl$VHOST_SET_VRING_BASE(r4, 0xaf01, 0x0)
ioctl$VHOST_SET_MEM_TABLE(r4, 0x4008af03, 0x0)
r5 = openat$sndseq(0xffffffffffffff9c, &(0x7f0000000340), 0x0)
ioctl$SNDRV_SEQ_IOCTL_CREATE_QUEUE(0xffffffffffffffff, 0xc08c5332, &(0x7f0000000400)={0xfffffffd, 0x2, 0x0, 'queue0\x00', 0xffd})
ioctl$SNDRV_SEQ_IOCTL_SET_QUEUE_CLIENT(r5, 0x404c534a, &(0x7f0000000380))
r6 = openat$procfs(0xffffffffffffff9c, &(0x7f0000000000)='/proc/schedstat\x00', 0x0, 0x0)
read$FUSE(r6, &(0x7f0000003d40)={0x2020}, 0xfffffffffffffe0c)
r7 = dup2(r4, r4)
ioctl$VHOST_VSOCK_SET_RUNNING(r7, 0x4004af61, &(0x7f0000000000)=0x5)
r8 = socket(0x8, 0x1, 0x1)
setsockopt$inet6_IPV6_RTHDR(r8, 0x29, 0x39, 0x0, 0x0)
r9 = userfaultfd(0x80001)
ioctl$UFFDIO_API(r9, 0xc018aa3f, &(0x7f00000000c0))
ioctl$UFFDIO_REGISTER(r9, 0xc020aa00, &(0x7f0000000080)={{&(0x7f0000ffd000/0x3000)=nil, 0x3000}, 0x1})
madvise(&(0x7f0000000000/0x400000)=nil, 0x400000, 0x19)
r10 = socket$xdp(0x2c, 0x3, 0x0)
setsockopt$XDP_UMEM_REG(r10, 0x11b, 0x4, &(0x7f0000000340)={&(0x7f0000000000)=""/59, 0x304000, 0x800, 0x0, 0x2}, 0x20)

0s ago: executing program 0 (id=5758):
r0 = socket$inet_tcp(0x2, 0x1, 0x0)
bind$inet(r0, &(0x7f0000000080)={0x2, 0x4e21, @broadcast}, 0x10)
connect$inet(r0, &(0x7f0000000180)={0x2, 0x4e21, @local}, 0x10)
setsockopt$inet_tcp_TCP_MD5SIG(r0, 0x6, 0xe, &(0x7f0000000340)={@in={{0x2, 0x4e22, @local}}, 0x0, 0x0, 0x33, 0x0, "cebd7ceedb7b01d952e966bbe242b92b746b023df2cb59e32e10366456deac64e782206bd4ae0072005a52a40b7161161abf6024293fcc250c30136f9e12ef8b00000000000000002800"}, 0xd8)
setsockopt$inet_tcp_TCP_MD5SIG(r0, 0x6, 0xe, 0x0, 0x0)
sendmmsg$inet(r0, &(0x7f0000001800)=[{{0x0, 0x0, &(0x7f0000000440)=[{&(0x7f00000000c0)="80", 0x1}], 0x1}}], 0x1, 0x8000)
shutdown(r0, 0x2)

kernel console output (not intermixed with test programs):

040f tx timeout
[ 1519.651722][T25429] A link change request failed with some changes committed already. Interface gretap0 may have been left with an inconsistent configuration, please check.
[ 1520.070944][T25456] binder: BINDER_SET_CONTEXT_MGR already set
[ 1520.122330][T25456] binder: 25453:25456 ioctl 4018620d 200000004a80 returned -16
[ 1520.130960][T25459] binder: 25453:25459 unknown command 0
[ 1520.137245][T25459] binder: 25453:25459 ioctl c0306201 200000000180 returned -22
[ 1520.617007][ T5892] uvcvideo 4-1:220.0: Found UVC 7.01 device syz (8086:0b07)
[ 1520.628753][ T5892] uvcvideo 4-1:220.0: No valid video chain found.
[ 1520.709933][ T5892] usb 4-1: USB disconnect, device number 73
[ 1521.050204][   T39] usb 1-1: USB disconnect, device number 111
[ 1522.852718][T25500] FAULT_INJECTION: forcing a failure.
[ 1522.852718][T25500] name fail_usercopy, interval 1, probability 0, space 0, times 0
[ 1523.080207][T25500] CPU: 0 UID: 0 PID: 25500 Comm: syz.0.5176 Tainted: G             L      syzkaller #0 PREEMPT(full) 
[ 1523.080236][T25500] Tainted: [L]=SOFTLOCKUP
[ 1523.080243][T25500] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/24/2026
[ 1523.080254][T25500] Call Trace:
[ 1523.080261][T25500]  <TASK>
[ 1523.080269][T25500]  dump_stack_lvl+0xe8/0x150
[ 1523.080295][T25500]  should_fail_ex+0x412/0x560
[ 1523.080320][T25500]  _copy_from_user+0x2d/0xb0
[ 1523.080337][T25500]  core_sys_select+0x578/0xc30
[ 1523.080370][T25500]  ? __pfx_core_sys_select+0x10/0x10
[ 1523.080409][T25500]  ? __pfx_set_user_sigmask+0x10/0x10
[ 1523.080434][T25500]  __se_sys_pselect6+0x267/0x320
[ 1523.080457][T25500]  ? __pfx___se_sys_pselect6+0x10/0x10
[ 1523.080474][T25500]  ? __pfx_ksys_write+0x10/0x10
[ 1523.080500][T25500]  ? __x64_sys_pselect6+0x21/0xf0
[ 1523.080520][T25500]  do_syscall_64+0xe2/0xf80
[ 1523.080536][T25500]  ? entry_SYSCALL_64_after_hwframe+0x77/0x7f
[ 1523.080551][T25500]  ? trace_irq_disable+0x37/0x100
[ 1523.080566][T25500]  ? clear_bhb_loop+0x60/0xb0
[ 1523.080584][T25500]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[ 1523.080598][T25500] RIP: 0033:0x7fe854f9af79
[ 1523.080613][T25500] Code: ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 e8 ff ff ff f7 d8 64 89 01 48
[ 1523.080627][T25500] RSP: 002b:00007fe8531f6028 EFLAGS: 00000246 ORIG_RAX: 000000000000010e
[ 1523.080645][T25500] RAX: ffffffffffffffda RBX: 00007fe855215fa0 RCX: 00007fe854f9af79
[ 1523.080658][T25500] RDX: 0000000000000000 RSI: 0000200000000240 RDI: 0000000000000040
[ 1523.080668][T25500] RBP: 00007fe8531f6090 R08: 0000000000000000 R09: 0000000000000000
[ 1523.080678][T25500] R10: 00002000000002c0 R11: 0000000000000246 R12: 0000000000000001
[ 1523.080689][T25500] R13: 00007fe855216038 R14: 00007fe855215fa0 R15: 00007fe85533fa48
[ 1523.080716][T25500]  </TASK>
[ 1523.407116][T25519] Bluetooth: hci5: Opcode 0x0c1a failed: -4
[ 1523.413260][T25519] Bluetooth: hci2: Opcode 0x0c1a failed: -4
[ 1523.419370][T25519] Bluetooth: hci3: Opcode 0x0c1a failed: -4
[ 1523.425557][T25519] Bluetooth: hci0: Opcode 0x0c1a failed: -4
[ 1523.431651][T25519] Bluetooth: hci1: Opcode 0x0c1a failed: -4
[ 1523.858877][T18293] usb 5-1: new high-speed USB device number 78 using dummy_hcd
[ 1524.000004][T18293] usb 5-1: device descriptor read/64, error -71
[ 1524.290615][T18293] usb 5-1: new high-speed USB device number 79 using dummy_hcd
[ 1524.637820][T18293] usb 5-1: device descriptor read/64, error -71
[ 1524.959690][T18293] usb usb5-port1: attempt power cycle
[ 1525.368383][T18293] usb 5-1: new high-speed USB device number 80 using dummy_hcd
[ 1525.399579][T18293] usb 5-1: device descriptor read/8, error -71
[ 1525.459676][T13312] Bluetooth: hci1: command 0x041b tx timeout
[ 1525.459725][T17839] Bluetooth: hci0: command 0x0c1a tx timeout
[ 1525.465944][T12891] Bluetooth: hci5: command 0x0c1a tx timeout
[ 1525.472089][T17839] Bluetooth: hci2: command 0x040f tx timeout
[ 1525.472121][T17839] Bluetooth: hci3: command 0x0419 tx timeout
[ 1525.638903][T18293] usb 5-1: new high-speed USB device number 81 using dummy_hcd
[ 1525.648358][T12943] usb 4-1: new high-speed USB device number 74 using dummy_hcd
[ 1525.864479][T12943] usb 4-1: Using ep0 maxpacket: 32
[ 1525.886022][T12943] usb 4-1: config 0 has an invalid interface number: 244 but max is 0
[ 1525.976109][T18293] usb 5-1: device descriptor read/8, error -71
[ 1525.982684][T12943] usb 4-1: config 0 has no interface number 0
[ 1525.994263][T12943] usb 4-1: config 0 interface 244 altsetting 2 endpoint 0x2 has invalid maxpacket 512, setting to 64
[ 1526.068411][T12943] usb 4-1: config 0 interface 244 has no altsetting 0
[ 1526.088820][T12943] usb 4-1: New USB device found, idVendor=0e41, idProduct=4750, bcdDevice=26.9c
[ 1526.099142][T18293] usb usb5-port1: unable to enumerate USB device
[ 1526.147764][T12943] usb 4-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[ 1526.183120][T12943] usb 4-1: Product: syz
[ 1526.199456][T12943] usb 4-1: Manufacturer: syz
[ 1526.204098][T12943] usb 4-1: SerialNumber: syz
[ 1526.241341][T12943] usb 4-1: config 0 descriptor??
[ 1526.265068][T12943] snd_usb_toneport 4-1:0.244: Line 6 GuitarPort found
[ 1526.462714][T12943] snd_usb_toneport 4-1:0.244: cannot get proper max packet size
[ 1526.488656][T12943] snd_usb_toneport 4-1:0.244: Line 6 GuitarPort now disconnected
[ 1526.690134][T25574] netlink: 4 bytes leftover after parsing attributes in process `syz.6.5187'.
[ 1526.701889][T12943] snd_usb_toneport 4-1:0.244: probe with driver snd_usb_toneport failed with error -22
[ 1526.915074][T18293] usb 4-1: USB disconnect, device number 74
[ 1527.028569][T12943] usb 1-1: new high-speed USB device number 112 using dummy_hcd
[ 1527.198563][T12943] usb 1-1: Using ep0 maxpacket: 16
[ 1527.220305][T12943] usb 1-1: config 0 interface 0 altsetting 9 endpoint 0x81 has an invalid bInterval 0, changing to 7
[ 1527.238657][T12943] usb 1-1: config 0 interface 0 has no altsetting 0
[ 1527.254883][T12943] usb 1-1: New USB device found, idVendor=1e71, idProduct=2009, bcdDevice= 0.00
[ 1527.278019][T12943] usb 1-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[ 1527.309271][T12943] usb 1-1: config 0 descriptor??
[ 1527.478785][T25601] netlink: 4 bytes leftover after parsing attributes in process `syz.3.5193'.
[ 1527.661809][T25601] netlink: 4 bytes leftover after parsing attributes in process `syz.3.5193'.
[ 1527.830796][T25601] netlink: 12 bytes leftover after parsing attributes in process `syz.3.5193'.
[ 1527.847215][T12943] nzxt-smart2 0003:1E71:2009.0081: hidraw0: USB HID v0.05 Device [HID 1e71:2009] on usb-dummy_hcd.0-1/input0
[ 1527.929625][T25608] Bluetooth: hci5: Opcode 0x0c1a failed: -4
[ 1527.936048][T25608] Bluetooth: hci2: Opcode 0x0c1a failed: -4
[ 1527.948534][T25608] Bluetooth: hci3: Opcode 0x0c1a failed: -4
[ 1527.962452][T25608] Bluetooth: hci0: Opcode 0x0c1a failed: -4
[ 1528.018072][T25608] Bluetooth: hci1: Opcode 0x0c1a failed: -4
[ 1528.140929][T25584] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy
[ 1528.152380][T25584] misc raw-gadget: fail, usb_gadget_register_driver returned -16
[ 1528.387362][ T5936] usb 1-1: USB disconnect, device number 112
[ 1528.538325][T25188] usb 4-1: new high-speed USB device number 75 using dummy_hcd
[ 1528.779076][T25188] usb 4-1: Using ep0 maxpacket: 32
[ 1528.790271][T25188] usb 4-1: New USB device found, idVendor=0fd9, idProduct=0025, bcdDevice=29.40
[ 1528.800300][T25188] usb 4-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[ 1528.824142][T25188] usb 4-1: config 0 descriptor??
[ 1529.038060][T25188] dvb-usb: found a 'Elgato EyeTV Sat' in cold state, will try to load a firmware
[ 1529.053610][T25188] usb 4-1: Direct firmware load for dvb-usb-az6027-03.fw failed with error -2
[ 1529.063099][T25188] usb 4-1: Falling back to sysfs fallback for: dvb-usb-az6027-03.fw
[ 1529.368330][ T5936] usb 1-1: new high-speed USB device number 113 using dummy_hcd
[ 1529.518340][ T5936] usb 1-1: Using ep0 maxpacket: 32
[ 1529.525652][ T5936] usb 1-1: config 0 has an invalid interface number: 244 but max is 0
[ 1529.535278][ T5936] usb 1-1: config 0 has no interface number 0
[ 1529.542051][ T5936] usb 1-1: config 0 interface 244 altsetting 2 endpoint 0x2 has invalid maxpacket 512, setting to 64
[ 1529.554195][ T5936] usb 1-1: config 0 interface 244 has no altsetting 0
[ 1529.564515][ T5936] usb 1-1: New USB device found, idVendor=0e41, idProduct=4750, bcdDevice=26.9c
[ 1529.573891][ T5936] usb 1-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[ 1529.582421][ T5936] usb 1-1: Product: syz
[ 1529.586653][ T5936] usb 1-1: Manufacturer: syz
[ 1529.591431][ T5936] usb 1-1: SerialNumber: syz
[ 1529.598580][ T5936] usb 1-1: config 0 descriptor??
[ 1529.609424][ T5936] snd_usb_toneport 1-1:0.244: Line 6 GuitarPort found
[ 1529.812639][ T5936] snd_usb_toneport 1-1:0.244: cannot get proper max packet size
[ 1529.824398][ T5936] snd_usb_toneport 1-1:0.244: Line 6 GuitarPort now disconnected
[ 1529.835837][ T5936] snd_usb_toneport 1-1:0.244: probe with driver snd_usb_toneport failed with error -22
[ 1529.939202][T12891] Bluetooth: hci5: command 0x0c1a tx timeout
[ 1530.021242][T13312] Bluetooth: hci3: command 0x0419 tx timeout
[ 1530.027404][T19636] Bluetooth: hci2: command 0x040f tx timeout
[ 1530.034803][T12891] Bluetooth: hci0: command 0x0c1a tx timeout
[ 1530.098415][T12891] Bluetooth: hci1: command 0x041b tx timeout
[ 1530.130824][T12943] usb 1-1: USB disconnect, device number 113
[ 1531.272515][T25662] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy
[ 1531.293663][T25662] misc raw-gadget: fail, usb_gadget_register_driver returned -16
[ 1531.313763][T25662] netlink: 8 bytes leftover after parsing attributes in process `syz.0.5211'.
[ 1531.447832][T25667] SET target dimension over the limit!
[ 1531.461386][T25667] netdevsim netdevsim5: Direct firmware load for /
[ 1531.461386][T25667]  failed with error -2
[ 1531.480816][T25667] netdevsim netdevsim5: Falling back to sysfs fallback for: /
[ 1531.480816][T25667] 
[ 1531.530687][   T39] usb 1-1: new high-speed USB device number 114 using dummy_hcd
[ 1531.546945][T12891] Bluetooth: hci5: unexpected event for opcode 0x2043
[ 1531.556045][T25669] netlink: 84 bytes leftover after parsing attributes in process `syz.0.5212'.
[ 1531.802783][T25676] gretap1: entered allmulticast mode
[ 1532.718446][   T39] usb 1-1: new full-speed USB device number 115 using dummy_hcd
[ 1532.880004][   T39] usb 1-1: config 0 has an invalid interface number: 67 but max is 0
[ 1532.893336][   T39] usb 1-1: config 0 has no interface number 0
[ 1532.913295][   T39] usb 1-1: config 0 interface 67 altsetting 0 endpoint 0x2 has invalid maxpacket 512, setting to 64
[ 1532.942798][   T39] usb 1-1: config 0 interface 67 altsetting 0 endpoint 0x82 has invalid maxpacket 512, setting to 64
[ 1532.977306][   T39] usb 1-1: New USB device found, idVendor=0424, idProduct=9901, bcdDevice=c2.57
[ 1533.003940][   T39] usb 1-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[ 1533.052106][   T39] usb 1-1: Product: syz
[ 1533.062251][   T39] usb 1-1: Manufacturer: syz
[ 1533.087363][   T39] usb 1-1: SerialNumber: syz
[ 1533.124346][   T39] usb 1-1: config 0 descriptor??
[ 1533.142853][T12943] usb 7-1: new high-speed USB device number 35 using dummy_hcd
[ 1533.156848][T25678] raw-gadget.0 gadget.0: fail, usb_ep_enable returned -22
[ 1533.179023][T25678] raw-gadget.0 gadget.0: fail, usb_ep_enable returned -22
[ 1533.198354][   T39] smsc95xx v2.0.0
[ 1533.258974][T25694] Bluetooth: hci5: Opcode 0x0c1a failed: -4
[ 1533.265213][T25694] Bluetooth: hci2: Opcode 0x0c1a failed: -4
[ 1533.271416][T25694] Bluetooth: hci3: Opcode 0x0c1a failed: -4
[ 1533.277708][T25694] Bluetooth: hci0: Opcode 0x0c1a failed: -4
[ 1533.318801][T12943] usb 7-1: Using ep0 maxpacket: 32
[ 1533.325820][T12943] usb 7-1: config 0 has an invalid interface number: 244 but max is 0
[ 1533.335482][T25694] Bluetooth: hci1: Opcode 0x0c1a failed: -4
[ 1533.344028][T12943] usb 7-1: config 0 has no interface number 0
[ 1533.366486][T12943] usb 7-1: config 0 interface 244 altsetting 2 endpoint 0x2 has invalid maxpacket 512, setting to 64
[ 1533.378502][T12943] usb 7-1: config 0 interface 244 has no altsetting 0
[ 1533.395991][T25678] raw-gadget.0 gadget.0: fail, usb_ep_enable returned -22
[ 1533.408851][T12943] usb 7-1: New USB device found, idVendor=0e41, idProduct=4750, bcdDevice=26.9c
[ 1533.419262][T12943] usb 7-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[ 1533.428759][T12943] usb 7-1: Product: syz
[ 1533.433131][T12943] usb 7-1: Manufacturer: syz
[ 1533.438081][T12943] usb 7-1: SerialNumber: syz
[ 1533.441475][T25678] raw-gadget.0 gadget.0: fail, usb_ep_enable returned -22
[ 1533.447326][T12943] usb 7-1: config 0 descriptor??
[ 1533.465188][T12943] snd_usb_toneport 7-1:0.244: Line 6 GuitarPort found
[ 1533.663970][T12943] snd_usb_toneport 7-1:0.244: cannot get proper max packet size
[ 1533.678795][T12943] snd_usb_toneport 7-1:0.244: Line 6 GuitarPort now disconnected
[ 1533.691811][   T39] smsc95xx 1-1:0.67 (unnamed net_device) (uninitialized): Failed to read reg index 0x00000030: -32
[ 1533.706585][T12943] snd_usb_toneport 7-1:0.244: probe with driver snd_usb_toneport failed with error -22
[ 1533.706899][   T39] smsc95xx 1-1:0.67 (unnamed net_device) (uninitialized): Error reading E2P_CMD
[ 1533.928959][   T39] smsc95xx 1-1:0.67 (unnamed net_device) (uninitialized): Failed to read reg index 0x00000014: -61
[ 1533.963758][   T39] smsc95xx 1-1:0.67: probe with driver smsc95xx failed with error -61
[ 1533.981847][T12943] usb 7-1: USB disconnect, device number 35
[ 1534.458455][   T39] usb 6-1: new high-speed USB device number 27 using dummy_hcd
[ 1534.618305][   T39] usb 6-1: Using ep0 maxpacket: 8
[ 1534.630761][   T39] usb 6-1: config 1 interface 0 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 0
[ 1534.701210][   T39] usb 6-1: New USB device found, idVendor=0e8f, idProduct=0003, bcdDevice= 0.40
[ 1534.710613][   T39] usb 6-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[ 1534.719918][   T39] usb 6-1: Product: syz
[ 1534.724283][   T39] usb 6-1: Manufacturer: syz
[ 1534.730875][   T39] usb 6-1: SerialNumber: syz
[ 1534.744152][   T39] usbhid 6-1:1.0: couldn't find an input interrupt endpoint
[ 1534.941115][T12943] usb 6-1: USB disconnect, device number 27
[ 1535.166431][ T5828] usb 1-1: USB disconnect, device number 115
[ 1535.298671][T12891] Bluetooth: hci3: command 0x0419 tx timeout
[ 1535.304943][T19636] Bluetooth: hci2: command 0x040f tx timeout
[ 1535.304960][T17839] Bluetooth: hci5: command 0x0c1a tx timeout
[ 1535.311228][T13312] Bluetooth: hci0: command 0x0c1a tx timeout
[ 1535.379619][T13312] Bluetooth: hci1: command 0x041b tx timeout
[ 1535.405589][T25714] netlink: 'syz.4.5227': attribute type 1 has an invalid length.
[ 1535.652276][T25725] iommufd_mock iommufd_mock0: Adding to iommu group 0
[ 1535.679870][T25728] netlink: 60 bytes leftover after parsing attributes in process `syz.0.5231'.
[ 1535.707950][T25728] netlink: 60 bytes leftover after parsing attributes in process `syz.0.5231'.
[ 1535.821717][T13312] Bluetooth: unknown link type 128
[ 1536.244540][T25742] netlink: 8 bytes leftover after parsing attributes in process `syz.3.5236'.
[ 1536.414229][   T39] usb 7-1: new high-speed USB device number 36 using dummy_hcd
[ 1536.982290][   T39] usb 7-1: config 220 has an invalid interface number: 76 but max is 2
[ 1536.992200][   T39] usb 7-1: config 220 contains an unexpected descriptor of type 0x2, skipping
[ 1537.044622][   T39] usb 7-1: config 220 has an invalid descriptor of length 0, skipping remainder of the config
[ 1537.065150][   T39] usb 7-1: config 220 has no interface number 2
[ 1537.072386][   T39] usb 7-1: config 220 interface 1 altsetting 5 has 0 endpoint descriptors, different from the interface descriptor's value: 12
[ 1537.116614][   T39] usb 7-1: config 220 interface 0 has no altsetting 0
[ 1537.146981][   T39] usb 7-1: config 220 interface 76 has no altsetting 0
[ 1537.167356][   T39] usb 7-1: config 220 interface 1 has no altsetting 0
[ 1537.226292][   T39] usb 7-1: New USB device found, idVendor=8086, idProduct=0b07, bcdDevice=6c.b9
[ 1537.238465][   T39] usb 7-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[ 1537.248413][   T39] usb 7-1: Product: syz
[ 1537.252615][   T39] usb 7-1: Manufacturer: syz
[ 1537.278394][   T39] usb 7-1: SerialNumber: syz
[ 1537.860186][T13312] Bluetooth: hci0: command 0x0c1a tx timeout
[ 1538.050587][T25770] Bluetooth: hci5: Opcode 0x0c1a failed: -4
[ 1538.069334][T25770] Bluetooth: hci2: Opcode 0x0c1a failed: -4
[ 1538.075855][T25770] Bluetooth: hci3: Opcode 0x0c1a failed: -4
[ 1538.110382][T25770] Bluetooth: hci0: Opcode 0x0c1a failed: -4
[ 1538.112328][T25774] netlink: 16 bytes leftover after parsing attributes in process `syz.5.5248'.
[ 1538.142345][T25770] Bluetooth: hci1: Opcode 0x0c1a failed: -4
[ 1538.152856][T25774] netlink: 4 bytes leftover after parsing attributes in process `syz.5.5248'.
[ 1538.438325][ T5936] usb 6-1: new high-speed USB device number 28 using dummy_hcd
[ 1538.808365][ T5936] usb 6-1: Using ep0 maxpacket: 32
[ 1538.815723][ T5936] usb 6-1: config 0 has an invalid interface number: 51 but max is 0
[ 1538.827019][ T5936] usb 6-1: config 0 has no interface number 0
[ 1538.839407][ T5936] usb 6-1: New USB device found, idVendor=061d, idProduct=c150, bcdDevice=ce.6f
[ 1538.849879][ T5936] usb 6-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[ 1538.861989][ T5936] usb 6-1: Product: syz
[ 1538.868283][ T5936] usb 6-1: Manufacturer: syz
[ 1538.875720][ T5936] usb 6-1: SerialNumber: syz
[ 1539.015481][ T5936] usb 6-1: config 0 descriptor??
[ 1539.026350][ T5936] quatech2 6-1:0.51: Quatech 2nd gen USB to Serial Driver converter detected
[ 1539.263059][ T5936] usb 6-1: Quatech 2nd gen USB to Serial Driver converter now attached to ttyUSB0
[ 1539.286282][ T5936] usb 6-1: Quatech 2nd gen USB to Serial Driver converter now attached to ttyUSB1
[ 1539.718589][T12943] usb 1-1: new high-speed USB device number 116 using dummy_hcd
[ 1539.908333][T12943] usb 1-1: Using ep0 maxpacket: 32
[ 1539.921836][   T39] usb 7-1: selecting invalid altsetting 0
[ 1539.925966][T12943] usb 1-1: config 0 interface 0 altsetting 0 has an endpoint descriptor with address 0xFF, changing to 0x8F
[ 1539.939723][T12943] usb 1-1: config 0 interface 0 altsetting 0 endpoint 0x8F has an invalid bInterval 255, changing to 11
[ 1539.942739][   T39] uvcvideo 7-1:220.0: Found UVC 7.01 device syz (8086:0b07)
[ 1539.984267][   T39] uvcvideo 7-1:220.0: No valid video chain found.
[ 1540.010376][   T39] usb 7-1: selecting invalid altsetting 0
[ 1540.010907][T12943] usb 1-1: config 0 interface 0 altsetting 0 endpoint 0x8F has invalid maxpacket 59391, setting to 1024
[ 1540.016277][   T39] usbtest 7-1:220.1: probe with driver usbtest failed with error -22
[ 1540.028565][T13312] Bluetooth: hci5: command 0x0c1a tx timeout
[ 1540.028654][   T39] usb 7-1: USB disconnect, device number 36
[ 1540.056147][T12943] usb 1-1: New USB device found, idVendor=046d, idProduct=c314, bcdDevice= 0.40
[ 1540.066032][T12943] usb 1-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[ 1540.102276][T12891] Bluetooth: hci2: command 0x040f tx timeout
[ 1540.102277][T13312] Bluetooth: hci3: command 0x0419 tx timeout
[ 1540.124045][T12943] usb 1-1: config 0 descriptor??
[ 1540.139979][T25783] raw-gadget.2 gadget.0: fail, usb_ep_enable returned -22
[ 1540.156914][T12943] hub 1-1:0.0: USB hub found
[ 1540.178340][T12891] Bluetooth: hci1: command 0x041b tx timeout
[ 1540.178650][T13312] Bluetooth: hci0: command 0x0c1a tx timeout
[ 1541.611304][T25802] netdevsim netdevsim0: Direct firmware load for  failed with error -2
[ 1541.627287][T25802] netdevsim netdevsim0: Falling back to sysfs fallback for: 
[ 1541.665817][T12943] hub 1-1:0.0: config failed, can't read hub descriptor (err -22)
[ 1542.263764][T25843] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy
[ 1542.272885][T25843] misc raw-gadget: fail, usb_gadget_register_driver returned -16
[ 1542.962530][T12943] usbhid 1-1:0.0: can't add hid device: -71
[ 1542.970728][T12943] usbhid 1-1:0.0: probe with driver usbhid failed with error -71
[ 1543.090619][T12943] usb 1-1: USB disconnect, device number 116
[ 1543.779932][T25864] Bluetooth: hci5: Opcode 0x0c1a failed: -4
[ 1543.786660][T25864] Bluetooth: hci2: Opcode 0x0c1a failed: -4
[ 1543.807448][T25864] Bluetooth: hci3: Opcode 0x0c1a failed: -4
[ 1543.846456][T25864] Bluetooth: hci0: Opcode 0x0c1a failed: -4
[ 1543.956975][T25864] Bluetooth: hci1: Opcode 0x0c1a failed: -4
[ 1545.578933][T25881] usb usb8: usbfs: process 25881 (syz.6.5272) did not claim interface 0 before use
[ 1545.788461][T13312] Bluetooth: hci5: command 0x0c1a tx timeout
[ 1545.858351][T13312] Bluetooth: hci0: command 0x0c1a tx timeout
[ 1545.858394][T12891] Bluetooth: hci3: command 0x0419 tx timeout
[ 1545.858425][T12891] Bluetooth: hci2: command 0x040f tx timeout
[ 1546.020853][T12891] Bluetooth: hci1: command 0x041b tx timeout
[ 1546.056969][T25887] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy
[ 1546.082173][T25887] misc raw-gadget: fail, usb_gadget_register_driver returned -16
[ 1546.104207][ T1301] ieee802154 phy0 wpan0: encryption failed: -22
[ 1546.110732][ T1301] ieee802154 phy1 wpan1: encryption failed: -22
[ 1546.383935][T25889] kvm: kvm [25888]: vcpu0, guest rIP: 0x9114 Unhandled WRMSR(0xc2) = 0x9d00
[ 1546.395244][T25889] kvm: kvm [25888]: vcpu0, guest rIP: 0x9114 Unhandled WRMSR(0xc1) = 0x9d00
[ 1546.563160][T25888] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium
[ 1546.881792][T18293] usb 7-1: new high-speed USB device number 37 using dummy_hcd
[ 1547.181133][T18293] usb 7-1: config 0 has an invalid interface number: 1 but max is 0
[ 1547.189521][T18293] usb 7-1: config 0 has no interface number 0
[ 1547.199590][T18293] usb 7-1: New USB device found, idVendor=18b4, idProduct=fffb, bcdDevice=dc.7b
[ 1547.210540][T18293] usb 7-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[ 1547.219092][T18293] usb 7-1: Product: syz
[ 1547.223988][T18293] usb 7-1: Manufacturer: syz
[ 1547.229492][T18293] usb 7-1: SerialNumber: syz
[ 1547.262831][T18293] usb 7-1: config 0 descriptor??
[ 1547.496092][T18293] usb 7-1: dvb_usb_v2: found a 'E3C EC168 reference design' in warm state
[ 1547.537076][T18293] usb 7-1: dvb_usb_v2: will pass the complete MPEG2 transport stream to the software demuxer
[ 1547.559252][T18293] dvbdev: DVB: registering new adapter (E3C EC168 reference design)
[ 1547.585545][T18293] usb 7-1: media controller created
[ 1547.733570][T18293] dvbdev: dvb_create_media_entity: media entity 'dvb-demux' registered.
[ 1547.830204][T18293] i2c i2c-1: ec100: i2c rd failed=-71 reg=33
[ 1548.266116][T18293] usb 7-1: USB disconnect, device number 37
[ 1549.218697][T25929] Bluetooth: hci5: Opcode 0x0c1a failed: -4
[ 1549.242274][T25929] Bluetooth: hci2: Opcode 0x0c1a failed: -4
[ 1549.287974][T25929] Bluetooth: hci3: Opcode 0x0c1a failed: -4
[ 1549.302502][T25929] Bluetooth: hci0: Opcode 0x0c1a failed: -4
[ 1549.329190][T25929] Bluetooth: hci1: Opcode 0x0c1a failed: -4
[ 1550.203619][T25941] netlink: 8 bytes leftover after parsing attributes in process `syz.5.5291'.
[ 1550.402136][T25951] openvswitch: netlink: IP tunnel dst address not specified
[ 1550.417185][T25951] netdevsim netdevsim0: Direct firmware load for /
[ 1550.417185][T25951]  failed with error -2
[ 1550.431532][T25951] netdevsim netdevsim0: Falling back to sysfs fallback for: /
[ 1550.431532][T25951] 
[ 1551.227281][T12891] Bluetooth: hci5: command 0x0c1a tx timeout
[ 1551.299654][T12891] Bluetooth: hci3: command 0x0419 tx timeout
[ 1551.305748][T19636] Bluetooth: hci2: command 0x040f tx timeout
[ 1551.381741][T12891] Bluetooth: hci1: command 0x041b tx timeout
[ 1551.388517][T19636] Bluetooth: hci0: command 0x0c1a tx timeout
[ 1553.564224][T25989] pim6reg1: entered promiscuous mode
[ 1553.576814][T25989] pim6reg1: entered allmulticast mode
[ 1554.132998][T26001] FAULT_INJECTION: forcing a failure.
[ 1554.132998][T26001] name failslab, interval 1, probability 0, space 0, times 0
[ 1554.225173][T26001] CPU: 1 UID: 0 PID: 26001 Comm: syz.4.5308 Tainted: G             L      syzkaller #0 PREEMPT(full) 
[ 1554.225194][T26001] Tainted: [L]=SOFTLOCKUP
[ 1554.225197][T26001] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/24/2026
[ 1554.225204][T26001] Call Trace:
[ 1554.225209][T26001]  <TASK>
[ 1554.225214][T26001]  dump_stack_lvl+0xe8/0x150
[ 1554.225235][T26001]  should_fail_ex+0x412/0x560
[ 1554.225251][T26001]  should_failslab+0xa8/0x100
[ 1554.225264][T26001]  kmem_cache_alloc_node_noprof+0x8b/0x6f0
[ 1554.225280][T26001]  ? __alloc_skb+0x193/0x390
[ 1554.225291][T26001]  ? __alloc_skb+0x1d7/0x390
[ 1554.225301][T26001]  ? __local_bh_enable_ip+0xd0/0x130
[ 1554.225311][T26001]  ? __alloc_skb+0x193/0x390
[ 1554.225322][T26001]  __alloc_skb+0x1d7/0x390
[ 1554.225335][T26001]  netlink_ack+0x146/0xa50
[ 1554.225345][T26001]  ? __pfx_rtnetlink_rcv_msg+0x10/0x10
[ 1554.225356][T26001]  ? ref_tracker_free+0x693/0x840
[ 1554.225367][T26001]  ? __copy_skb_header+0xa3/0x4a0
[ 1554.225381][T26001]  ? __pfx_ref_tracker_free+0x10/0x10
[ 1554.225392][T26001]  ? __skb_clone+0x63/0x7a0
[ 1554.225419][T26001]  netlink_rcv_skb+0x2b6/0x4b0
[ 1554.225437][T26001]  ? __pfx_rtnetlink_rcv_msg+0x10/0x10
[ 1554.225465][T26001]  ? __pfx_netlink_rcv_skb+0x10/0x10
[ 1554.225489][T26001]  ? netlink_deliver_tap+0x2e/0x1b0
[ 1554.225512][T26001]  netlink_unicast+0x80f/0x9b0
[ 1554.225538][T26001]  ? __pfx_netlink_unicast+0x10/0x10
[ 1554.225559][T26001]  ? __alloc_skb+0x193/0x390
[ 1554.225579][T26001]  ? netlink_sendmsg+0x650/0xb40
[ 1554.225595][T26001]  ? skb_put+0x11b/0x210
[ 1554.225618][T26001]  netlink_sendmsg+0x813/0xb40
[ 1554.225645][T26001]  ? __pfx_netlink_sendmsg+0x10/0x10
[ 1554.225672][T26001]  ? aa_sock_msg_perm+0xf1/0x1b0
[ 1554.225693][T26001]  ? bpf_lsm_socket_sendmsg+0x9/0x20
[ 1554.225713][T26001]  ? __pfx_netlink_sendmsg+0x10/0x10
[ 1554.225731][T26001]  ____sys_sendmsg+0xa68/0xad0
[ 1554.225753][T26001]  ? __might_fault+0xaf/0x130
[ 1554.225781][T26001]  ? __pfx_____sys_sendmsg+0x10/0x10
[ 1554.225807][T26001]  ? import_iovec+0x73/0xa0
[ 1554.225831][T26001]  ___sys_sendmsg+0x2a5/0x360
[ 1554.225849][T26001]  ? __lock_acquire+0x6b5/0x2cf0
[ 1554.225871][T26001]  ? __pfx____sys_sendmsg+0x10/0x10
[ 1554.225924][T26001]  ? __fget_files+0x2a/0x420
[ 1554.225942][T26001]  ? __fget_files+0x3a0/0x420
[ 1554.225968][T26001]  __x64_sys_sendmsg+0x1bd/0x2a0
[ 1554.225992][T26001]  ? __pfx___x64_sys_sendmsg+0x10/0x10
[ 1554.226022][T26001]  ? __pfx_ksys_write+0x10/0x10
[ 1554.226055][T26001]  do_syscall_64+0xe2/0xf80
[ 1554.226074][T26001]  ? entry_SYSCALL_64_after_hwframe+0x77/0x7f
[ 1554.226091][T26001]  ? clear_bhb_loop+0x60/0xb0
[ 1554.226111][T26001]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[ 1554.226128][T26001] RIP: 0033:0x7fd53b19af79
[ 1554.226143][T26001] Code: ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 e8 ff ff ff f7 d8 64 89 01 48
[ 1554.226157][T26001] RSP: 002b:00007fd53bfe7028 EFLAGS: 00000246 ORIG_RAX: 000000000000002e
[ 1554.226176][T26001] RAX: ffffffffffffffda RBX: 00007fd53b415fa0 RCX: 00007fd53b19af79
[ 1554.226188][T26001] RDX: 0000000020040054 RSI: 0000200000006040 RDI: 0000000000000005
[ 1554.226200][T26001] RBP: 00007fd53bfe7090 R08: 0000000000000000 R09: 0000000000000000
[ 1554.226210][T26001] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[ 1554.226221][T26001] R13: 00007fd53b416038 R14: 00007fd53b415fa0 R15: 00007fd53b53fa48
[ 1554.226249][T26001]  </TASK>
[ 1554.994285][   T30] kauditd_printk_skb: 4 callbacks suppressed
[ 1554.994303][   T30] audit: type=1326 audit(1770650938.696:3857): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=26016 comm="syz.5.5312" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fbb5c39af79 code=0x7ffc0000
[ 1555.051470][   T30] audit: type=1326 audit(1770650938.696:3858): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=26016 comm="syz.5.5312" exe="/root/syz-executor" sig=0 arch=c000003e syscall=435 compat=0 ip=0x7fbb5c39af79 code=0x7ffc0000
[ 1555.074606][   T30] audit: type=1326 audit(1770650938.696:3859): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=26016 comm="syz.5.5312" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fbb5c39af79 code=0x7ffc0000
[ 1555.098373][   T30] audit: type=1326 audit(1770650938.696:3860): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=26016 comm="syz.5.5312" exe="/root/syz-executor" sig=0 arch=c000003e syscall=54 compat=0 ip=0x7fbb5c39af79 code=0x7ffc0000
[ 1555.122399][   T30] audit: type=1326 audit(1770650938.696:3861): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=26016 comm="syz.5.5312" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fbb5c39af79 code=0x7ffc0000
[ 1555.148769][   T30] audit: type=1326 audit(1770650938.696:3862): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=26016 comm="syz.5.5312" exe="/root/syz-executor" sig=0 arch=c000003e syscall=288 compat=0 ip=0x7fbb5c39af79 code=0x7ffc0000
[ 1555.171934][   T30] audit: type=1326 audit(1770650938.696:3863): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=26016 comm="syz.5.5312" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fbb5c39af79 code=0x7ffc0000
[ 1555.197807][   T30] audit: type=1326 audit(1770650938.696:3864): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=26016 comm="syz.5.5312" exe="/root/syz-executor" sig=0 arch=c000003e syscall=307 compat=0 ip=0x7fbb5c39af79 code=0x7ffc0000
[ 1555.271133][   T30] audit: type=1326 audit(1770650938.696:3865): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=26016 comm="syz.5.5312" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fbb5c39af79 code=0x7ffc0000
[ 1555.297424][   T30] audit: type=1326 audit(1770650938.696:3866): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=26016 comm="syz.5.5312" exe="/root/syz-executor" sig=0 arch=c000003e syscall=47 compat=0 ip=0x7fbb5c39af79 code=0x7ffc0000
[ 1558.258412][T26029] Bluetooth: hci5: Opcode 0x0c1a failed: -110
[ 1558.258958][T12891] Bluetooth: hci5: command 0x0c1a tx timeout
[ 1558.603265][T26029] Bluetooth: hci2: Opcode 0x0c1a failed: -4
[ 1558.609772][T26029] Bluetooth: hci3: Opcode 0x0c1a failed: -4
[ 1558.824045][T26029] Bluetooth: hci0: Opcode 0x0c1a failed: -4
[ 1558.861931][T26029] Bluetooth: hci1: Opcode 0x0c1a failed: -4
[ 1559.198569][T12943] usb 5-1: new high-speed USB device number 82 using dummy_hcd
[ 1559.369066][T12943] usb 5-1: Using ep0 maxpacket: 32
[ 1559.392131][T12943] usb 5-1: config 0 interface 0 altsetting 0 bulk endpoint 0x85 has invalid maxpacket 1024
[ 1559.431531][T12943] usb 5-1: New USB device found, idVendor=12d8, idProduct=0001, bcdDevice=de.79
[ 1559.456669][T12943] usb 5-1: New USB device strings: Mfr=1, Product=236, SerialNumber=2
[ 1559.491489][T12943] usb 5-1: Product: syz
[ 1559.507865][T12943] usb 5-1: Manufacturer: syz
[ 1559.525858][T12943] usb 5-1: SerialNumber: syz
[ 1559.557610][T12943] usb 5-1: config 0 descriptor??
[ 1559.577161][T26037] raw-gadget.0 gadget.4: fail, usb_ep_enable returned -22
[ 1559.586341][T12943] hub 5-1:0.0: bad descriptor, ignoring hub
[ 1559.621166][T12943] hub 5-1:0.0: probe with driver hub failed with error -5
[ 1559.861535][T12943] usb 5-1: USB disconnect, device number 82
[ 1560.343312][T12891] Bluetooth: hci2: command 0x040f tx timeout
[ 1560.711494][T12891] Bluetooth: hci3: command 0x0419 tx timeout
[ 1560.898918][T12891] Bluetooth: hci1: command 0x041b tx timeout
[ 1560.905227][T19636] Bluetooth: hci0: command 0x0c1a tx timeout
[ 1563.218489][T12891] Bluetooth: hci5: command 0x0c1a tx timeout
[ 1563.224798][T26087] Bluetooth: hci5: Opcode 0x0c1a failed: -110
[ 1564.733081][T26087] Bluetooth: hci2: Opcode 0x0c1a failed: -4
[ 1564.743051][T26087] Bluetooth: hci3: Opcode 0x0c1a failed: -4
[ 1564.749874][T26087] Bluetooth: hci0: Opcode 0x0c1a failed: -4
[ 1564.756193][T26087] Bluetooth: hci1: Opcode 0x0c1a failed: -4
[ 1565.210359][T26119] openvswitch: netlink: Message has 83 unknown bytes.
[ 1565.304690][T19636] Bluetooth: hci2: command 0x040f tx timeout
[ 1565.362113][T26122] syzkaller1: entered promiscuous mode
[ 1565.396099][T26122] syzkaller1: entered allmulticast mode
[ 1565.482645][ T5936] usb 1-1: new high-speed USB device number 117 using dummy_hcd
[ 1565.730073][ T5936] usb 1-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config
[ 1565.743424][ T5936] usb 1-1: config 0 interface 0 has no altsetting 0
[ 1565.754071][ T5936] usb 1-1: New USB device found, idVendor=10fd, idProduct=1513, bcdDevice=7e.ce
[ 1565.763516][ T5936] usb 1-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[ 1565.772315][ T5936] usb 1-1: Product: syz
[ 1565.776778][ T5936] usb 1-1: Manufacturer: syz
[ 1565.782205][ T5936] usb 1-1: SerialNumber: syz
[ 1565.796270][ T5936] usb 1-1: config 0 descriptor??
[ 1565.810884][ T5936] dvb-usb: found a 'MSI DIGI VOX mini II DVB-T USB2.0' in warm state.
[ 1566.056700][ T5936] dvb-usb: will pass the complete MPEG2 transport stream to the software demuxer.
[ 1566.081767][ T5936] dvbdev: DVB: registering new adapter (MSI DIGI VOX mini II DVB-T USB2.0)
[ 1566.108562][ T5936] usb 1-1: media controller created
[ 1566.228603][ T5936] dvbdev: dvb_create_media_entity: media entity 'dvb-demux' registered.
[ 1566.349205][T26140] fuse: Bad value for 'fd'
[ 1566.389074][T26140] ipip0: entered promiscuous mode
[ 1566.394348][T26140] ipip0: entered allmulticast mode
[ 1566.617067][ T5936] DVB: Unable to find symbol tda10046_attach()
[ 1566.637319][ T5936] dvb-usb: no frontend was attached by 'MSI DIGI VOX mini II DVB-T USB2.0'
[ 1566.692337][ T5936] dvb-usb: MSI DIGI VOX mini II DVB-T USB2.0 successfully initialized and connected.
[ 1566.824270][T19636] Bluetooth: hci0: command 0x0c1a tx timeout
[ 1566.824283][T13312] Bluetooth: hci3: command 0x0419 tx timeout
[ 1566.836659][T12891] Bluetooth: hci1: command 0x041b tx timeout
[ 1567.383302][ T5936] dvb_usb_m920x 1-1:0.0: probe with driver dvb_usb_m920x failed with error -71
[ 1567.427827][ T5936] usb 1-1: USB disconnect, device number 117
[ 1568.928789][T26168] vlan2: entered allmulticast mode
[ 1568.942616][T26168] team0: entered allmulticast mode
[ 1568.958070][T26168] team_slave_0: entered allmulticast mode
[ 1568.981649][T26168] team_slave_1: entered allmulticast mode
[ 1569.177726][ T5936] usb 1-1: new high-speed USB device number 118 using dummy_hcd
[ 1569.368431][ T5936] usb 1-1: Using ep0 maxpacket: 16
[ 1569.387700][ T5936] usb 1-1: config 0 has no interfaces?
[ 1569.435314][ T5936] usb 1-1: New USB device found, idVendor=2040, idProduct=b138, bcdDevice= 1.42
[ 1569.480990][ T5936] usb 1-1: New USB device strings: Mfr=4, Product=0, SerialNumber=0
[ 1569.510692][ T5936] usb 1-1: Manufacturer: syz
[ 1569.542631][T26172] netlink: 'syz.6.5357': attribute type 5 has an invalid length.
[ 1569.563361][ T5936] usb 1-1: config 0 descriptor??
[ 1569.818845][T26165] netlink: 16 bytes leftover after parsing attributes in process `syz.0.5355'.
[ 1569.860900][T26165] A link change request failed with some changes committed already. Interface gretap0 may have been left with an inconsistent configuration, please check.
[ 1570.048028][T26179] FAULT_INJECTION: forcing a failure.
[ 1570.048028][T26179] name failslab, interval 1, probability 0, space 0, times 0
[ 1570.063761][T26179] CPU: 1 UID: 0 PID: 26179 Comm: syz.6.5361 Tainted: G             L      syzkaller #0 PREEMPT(full) 
[ 1570.063791][T26179] Tainted: [L]=SOFTLOCKUP
[ 1570.063797][T26179] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/24/2026
[ 1570.063808][T26179] Call Trace:
[ 1570.063819][T26179]  <TASK>
[ 1570.063828][T26179]  dump_stack_lvl+0xe8/0x150
[ 1570.063854][T26179]  should_fail_ex+0x412/0x560
[ 1570.063880][T26179]  should_failslab+0xa8/0x100
[ 1570.063901][T26179]  kmem_cache_alloc_node_noprof+0x8b/0x6f0
[ 1570.063925][T26179]  ? __alloc_skb+0x1d7/0x390
[ 1570.063944][T26179]  ? tipc_own_addr+0x45/0x2a0
[ 1570.063965][T26179]  __alloc_skb+0x1d7/0x390
[ 1570.063986][T26179]  tipc_msg_create+0x51/0x4d0
[ 1570.064011][T26179]  tipc_group_proto_xmit+0xce/0x790
[ 1570.064037][T26179]  tipc_group_cong+0x4dc/0x5e0
[ 1570.064083][T26179]  ? __pfx_tipc_group_cong+0x10/0x10
[ 1570.064114][T26179]  ? net_generic+0x1e/0x240
[ 1570.064129][T26179]  ? net_generic+0x1e/0x240
[ 1570.064147][T26179]  tipc_group_bc_cong+0x155/0x210
[ 1570.064170][T26179]  tipc_send_group_bcast+0x36e/0xad0
[ 1570.064206][T26179]  ? __pfx_tipc_send_group_bcast+0x10/0x10
[ 1570.064235][T26179]  ? __pfx_woken_wake_function+0x10/0x10
[ 1570.064260][T26179]  ? tipc_dest_list_purge+0x167/0x190
[ 1570.064285][T26179]  __tipc_sendmsg+0x1f20/0x2ba0
[ 1570.064319][T26179]  ? __pfx___tipc_sendmsg+0x10/0x10
[ 1570.064337][T26179]  ? aa_label_sk_perm+0x529/0x6d0
[ 1570.064354][T26179]  ? __lock_acquire+0x6b5/0x2cf0
[ 1570.064382][T26179]  ? __pfx_aa_label_sk_perm+0x10/0x10
[ 1570.064402][T26179]  ? __lock_acquire+0x6b5/0x2cf0
[ 1570.064427][T26179]  ? __lock_acquire+0x6b5/0x2cf0
[ 1570.064489][T26179]  ? __local_bh_enable_ip+0xd0/0x130
[ 1570.064510][T26179]  tipc_sendmsg+0x55/0x70
[ 1570.064527][T26179]  ? __pfx_tipc_sendmsg+0x10/0x10
[ 1570.064542][T26179]  ____sys_sendmsg+0xa68/0xad0
[ 1570.064570][T26179]  ? __pfx_____sys_sendmsg+0x10/0x10
[ 1570.064599][T26179]  ? import_iovec+0x73/0xa0
[ 1570.064625][T26179]  ___sys_sendmsg+0x2a5/0x360
[ 1570.064644][T26179]  ? __lock_acquire+0x6b5/0x2cf0
[ 1570.064668][T26179]  ? __pfx____sys_sendmsg+0x10/0x10
[ 1570.064722][T26179]  ? __fget_files+0x2a/0x420
[ 1570.064739][T26179]  ? __fget_files+0x3a0/0x420
[ 1570.064766][T26179]  __x64_sys_sendmsg+0x1bd/0x2a0
[ 1570.064788][T26179]  ? __pfx___x64_sys_sendmsg+0x10/0x10
[ 1570.064818][T26179]  ? __pfx_ksys_write+0x10/0x10
[ 1570.064850][T26179]  do_syscall_64+0xe2/0xf80
[ 1570.064867][T26179]  ? entry_SYSCALL_64_after_hwframe+0x77/0x7f
[ 1570.064882][T26179]  ? trace_irq_disable+0x37/0x100
[ 1570.064897][T26179]  ? clear_bhb_loop+0x60/0xb0
[ 1570.064917][T26179]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[ 1570.064932][T26179] RIP: 0033:0x7f02e9d9af79
[ 1570.064949][T26179] Code: ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 e8 ff ff ff f7 d8 64 89 01 48
[ 1570.064963][T26179] RSP: 002b:00007f02eac0b028 EFLAGS: 00000246 ORIG_RAX: 000000000000002e
[ 1570.064981][T26179] RAX: ffffffffffffffda RBX: 00007f02ea015fa0 RCX: 00007f02e9d9af79
[ 1570.064993][T26179] RDX: 0000000000000000 RSI: 0000200000000240 RDI: 0000000000000005
[ 1570.065004][T26179] RBP: 00007f02eac0b090 R08: 0000000000000000 R09: 0000000000000000
[ 1570.065015][T26179] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[ 1570.065025][T26179] R13: 00007f02ea016038 R14: 00007f02ea015fa0 R15: 00007f02ea13fa48
[ 1570.065060][T26179]  </TASK>
[ 1571.714474][T26192] netlink: 8 bytes leftover after parsing attributes in process `syz.4.5364'.
[ 1572.001045][T18293] usb 1-1: USB disconnect, device number 118
[ 1575.231384][T26237] openvswitch: netlink: Flow actions may not be safe on all matching packets.
[ 1575.928938][T26239] Bluetooth: hci5: Opcode 0x0c1a failed: -4
[ 1575.942436][T26239] Bluetooth: hci2: Opcode 0x0c1a failed: -4
[ 1576.083047][T26239] Bluetooth: hci3: Opcode 0x0c1a failed: -4
[ 1576.126496][T26239] Bluetooth: hci0: Opcode 0x0c1a failed: -4
[ 1576.134006][T26239] Bluetooth: hci1: Opcode 0x0c1a failed: -4
[ 1576.382475][T26252] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy
[ 1576.431367][T26252] misc raw-gadget: fail, usb_gadget_register_driver returned -16
[ 1577.619385][T12891] Bluetooth: hci5: command 0x0c1a tx timeout
[ 1577.881604][   T39] usb 1-1: new high-speed USB device number 119 using dummy_hcd
[ 1578.036824][T12891] Bluetooth: hci2: command 0x040f tx timeout
[ 1578.058371][   T39] usb 1-1: Using ep0 maxpacket: 32
[ 1578.095111][   T39] usb 1-1: New USB device found, idVendor=1bc7, idProduct=1041, bcdDevice=54.7c
[ 1578.105080][   T39] usb 1-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[ 1578.112043][T12891] Bluetooth: hci3: command 0x0419 tx timeout
[ 1578.147262][   T39] usb 1-1: Product: syz
[ 1578.216273][   T39] usb 1-1: Manufacturer: syz
[ 1578.230764][   T39] usb 1-1: SerialNumber: syz
[ 1578.260201][T19636] Bluetooth: hci1: command 0x041b tx timeout
[ 1578.267001][T19636] Bluetooth: hci0: command 0x0c1a tx timeout
[ 1578.871523][   T39] usb 1-1: config 0 descriptor??
[ 1578.902722][   T39] cdc_mbim 1-1:0.0: CDC Union missing and no IAD found
[ 1578.949539][   T39] cdc_mbim 1-1:0.0: bind() failure
[ 1578.957084][   T39] option 1-1:0.0: GSM modem (1-port) converter detected
[ 1579.079566][   T39] usb 1-1: USB disconnect, device number 119
[ 1579.097862][   T39] option 1-1:0.0: device disconnected
[ 1581.068482][ T5892] usb 5-1: new high-speed USB device number 83 using dummy_hcd
[ 1581.150457][T26292] vhci_hcd vhci_hcd.0: pdev(3) rhport(0) sockfd(6)
[ 1581.157004][T26292] vhci_hcd vhci_hcd.0: devid(0) speed(1) speed_str(low-speed)
[ 1581.231974][ T5892] usb 5-1: config 27 interface 0 altsetting 0 endpoint 0x8B has an invalid bInterval 0, changing to 7
[ 1581.287514][ T5892] usb 5-1: config 27 interface 0 altsetting 0 bulk endpoint 0xB has invalid maxpacket 47
[ 1581.353905][ T5892] usb 5-1: New USB device found, idVendor=0582, idProduct=0014, bcdDevice=bb.9d
[ 1581.355052][T26292] vhci_hcd vhci_hcd.0: Device attached
[ 1581.406553][ T5892] usb 5-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[ 1581.485293][T26288] raw-gadget.0 gadget.4: fail, usb_ep_enable returned -22
[ 1581.504474][ T5892] usb 5-1: Quirk or no altset; falling back to MIDI 1.0
[ 1581.588594][ T5828] usb 39-1: new low-speed USB device number 9 using vhci_hcd
[ 1581.698639][   T39] usb 5-1: USB disconnect, device number 83
[ 1581.773387][T26147] udevd[26147]: error opening ATTR{/sys/devices/platform/dummy_hcd.4/usb5/5-1/5-1:27.0/sound/card3/controlC3/../uevent} for writing: No such file or directory
[ 1581.802352][T26293] vhci_hcd: connection reset by peer
[ 1581.817282][T22069] vhci_hcd vhci_hcd.3: stop threads
[ 1581.829584][T22069] vhci_hcd vhci_hcd.3: release socket
[ 1581.842291][T22069] vhci_hcd vhci_hcd.3: disconnect device
[ 1582.042256][T26299] netlink: 44 bytes leftover after parsing attributes in process `syz.4.5391'.
[ 1582.424947][ T5936] usb 5-1: new high-speed USB device number 84 using dummy_hcd
[ 1582.709832][T26303] Bluetooth: hci5: Opcode 0x0c1a failed: -4
[ 1582.716973][T26303] Bluetooth: hci2: Opcode 0x0c1a failed: -4
[ 1582.723753][T26303] Bluetooth: hci3: Opcode 0x0c1a failed: -4
[ 1582.732280][T26303] Bluetooth: hci0: Opcode 0x0c1a failed: -4
[ 1582.738516][ T5936] usb 5-1: config 2 has an invalid interface number: 207 but max is 1
[ 1582.738543][ T5936] usb 5-1: config 2 has an invalid descriptor of length 202, skipping remainder of the config
[ 1582.738560][ T5936] usb 5-1: config 2 has 1 interface, different from the descriptor's value: 2
[ 1582.738597][ T5936] usb 5-1: config 2 has no interface number 0
[ 1582.738634][ T5936] usb 5-1: config 2 interface 207 altsetting 73 has 0 endpoint descriptors, different from the interface descriptor's value: 11
[ 1582.738658][ T5936] usb 5-1: config 2 interface 207 has no altsetting 0
[ 1582.741452][ T5936] usb 5-1: New USB device found, idVendor=1410, idProduct=9010, bcdDevice=95.7e
[ 1582.758704][T26303] Bluetooth: hci1: Opcode 0x0c1a failed: -4
[ 1582.808987][ T5936] usb 5-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[ 1582.817139][ T5936] usb 5-1: Product: syz
[ 1582.821642][ T5936] usb 5-1: Manufacturer: syz
[ 1582.828362][ T5936] usb 5-1: SerialNumber: syz
[ 1583.771421][T26315] FAULT_INJECTION: forcing a failure.
[ 1583.771421][T26315] name failslab, interval 1, probability 0, space 0, times 0
[ 1583.784591][T26315] CPU: 1 UID: 0 PID: 26315 Comm: syz.5.5397 Tainted: G             L      syzkaller #0 PREEMPT(full) 
[ 1583.784620][T26315] Tainted: [L]=SOFTLOCKUP
[ 1583.784626][T26315] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/24/2026
[ 1583.784635][T26315] Call Trace:
[ 1583.784643][T26315]  <TASK>
[ 1583.784649][T26315]  dump_stack_lvl+0xe8/0x150
[ 1583.784667][T26315]  should_fail_ex+0x412/0x560
[ 1583.784682][T26315]  should_failslab+0xa8/0x100
[ 1583.784695][T26315]  kmem_cache_alloc_noprof+0x87/0x6e0
[ 1583.784710][T26315]  ? dst_alloc+0x105/0x170
[ 1583.784724][T26315]  ? fib_lookup+0x76/0x440
[ 1583.784736][T26315]  dst_alloc+0x105/0x170
[ 1583.784751][T26315]  ip_route_output_key_hash_rcu+0x14d0/0x25d0
[ 1583.784768][T26315]  ? ip_route_output_key_hash+0xd8/0x2a0
[ 1583.784780][T26315]  ip_route_output_key_hash+0x18d/0x2a0
[ 1583.784795][T26315]  ? __pfx_ip_route_output_key_hash+0x10/0x10
[ 1583.784826][T26315]  ip_route_output_flow+0x2a/0x150
[ 1583.784843][T26315]  ? security_sk_classify_flow+0x6d/0x150
[ 1583.784869][T26315]  udp_sendmsg+0x14ec/0x2240
[ 1583.784896][T26315]  ? __pfx_ip_generic_getfrag+0x10/0x10
[ 1583.784909][T26315]  ? __pfx_udp_sendmsg+0x10/0x10
[ 1583.784920][T26315]  ? tomoyo_write_log2+0x250/0x910
[ 1583.784936][T26315]  ? tomoyo_supervisor+0x4cb/0x1570
[ 1583.784949][T26315]  ? register_lock_class+0x31/0x2e0
[ 1583.784971][T26315]  ? get_random_u32+0x497/0x8b0
[ 1583.784984][T26315]  ? lockdep_hardirqs_on+0x7a/0x110
[ 1583.784993][T26315]  ? get_random_u32+0x13a/0x8b0
[ 1583.785005][T26315]  ? get_random_u32+0x4ce/0x8b0
[ 1583.785021][T26315]  udpv6_sendmsg+0xe5f/0x25a0
[ 1583.785038][T26315]  ? __lock_acquire+0x6b5/0x2cf0
[ 1583.785052][T26315]  ? __pfx_udpv6_sendmsg+0x10/0x10
[ 1583.785067][T26315]  ? ip6_datagram_release_cb+0x7c/0x550
[ 1583.785091][T26315]  ? lockdep_hardirqs_on+0x7a/0x110
[ 1583.785100][T26315]  ? inet_send_prepare+0x1b9/0x270
[ 1583.785111][T26315]  ? __local_bh_enable_ip+0xd0/0x130
[ 1583.785121][T26315]  ? inet_send_prepare+0x1b9/0x270
[ 1583.785137][T26315]  ? inet6_sendmsg+0xe4/0x120
[ 1583.785154][T26315]  ____sys_sendmsg+0x62c/0xad0
[ 1583.785182][T26315]  ? __pfx_____sys_sendmsg+0x10/0x10
[ 1583.785205][T26315]  ? import_iovec+0x73/0xa0
[ 1583.785222][T26315]  ___sys_sendmsg+0x2a5/0x360
[ 1583.785233][T26315]  ? __lock_acquire+0x6b5/0x2cf0
[ 1583.785248][T26315]  ? __pfx____sys_sendmsg+0x10/0x10
[ 1583.785262][T26315]  ? kstrtouint+0x6e/0xe0
[ 1583.785286][T26315]  ? __fget_files+0x2a/0x420
[ 1583.785296][T26315]  ? __fget_files+0x3a0/0x420
[ 1583.785310][T26315]  __sys_sendmmsg+0x27c/0x4e0
[ 1583.785325][T26315]  ? __pfx___sys_sendmmsg+0x10/0x10
[ 1583.785336][T26315]  ? __mutex_unlock_slowpath+0x1bd/0x7d0
[ 1583.785366][T26315]  ? ksys_write+0x242/0x270
[ 1583.785381][T26315]  ? __pfx_ksys_write+0x10/0x10
[ 1583.785397][T26315]  __x64_sys_sendmmsg+0xa0/0xc0
[ 1583.785410][T26315]  do_syscall_64+0xe2/0xf80
[ 1583.785421][T26315]  ? entry_SYSCALL_64_after_hwframe+0x77/0x7f
[ 1583.785430][T26315]  ? clear_bhb_loop+0x60/0xb0
[ 1583.785441][T26315]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[ 1583.785451][T26315] RIP: 0033:0x7fbb5c39af79
[ 1583.785462][T26315] Code: ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 e8 ff ff ff f7 d8 64 89 01 48
[ 1583.785470][T26315] RSP: 002b:00007fbb5a5f6028 EFLAGS: 00000246 ORIG_RAX: 0000000000000133
[ 1583.785482][T26315] RAX: ffffffffffffffda RBX: 00007fbb5c615fa0 RCX: 00007fbb5c39af79
[ 1583.785489][T26315] RDX: 0000000000000001 RSI: 00002000000017c0 RDI: 0000000000000003
[ 1583.785495][T26315] RBP: 00007fbb5a5f6090 R08: 0000000000000000 R09: 0000000000000000
[ 1583.785501][T26315] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[ 1583.785507][T26315] R13: 00007fbb5c616038 R14: 00007fbb5c615fa0 R15: 00007fbb5c73fa48
[ 1583.785522][T26315]  </TASK>
[ 1584.169575][ T5936] qmi_wwan 5-1:2.207: skipping garbage
[ 1584.175133][ T5936] qmi_wwan 5-1:2.207: skipping garbage
[ 1584.208583][ T5936] qmi_wwan 5-1:2.207: skipping garbage
[ 1584.214155][ T5936] qmi_wwan 5-1:2.207: skipping garbage
[ 1584.219666][ T5936] qmi_wwan 5-1:2.207: skipping garbage
[ 1584.225137][ T5936] qmi_wwan 5-1:2.207: skipping garbage
[ 1584.230850][ T5936] qmi_wwan 5-1:2.207: probe with driver qmi_wwan failed with error -22
[ 1584.242035][ T5936] usb 5-1: USB disconnect, device number 84
[ 1584.501288][T19636] Bluetooth: hci5: command 0x0c1a tx timeout
[ 1584.592902][T26321] FAULT_INJECTION: forcing a failure.
[ 1584.592902][T26321] name failslab, interval 1, probability 0, space 0, times 0
[ 1584.646272][T26321] CPU: 0 UID: 0 PID: 26321 Comm: syz.5.5399 Tainted: G             L      syzkaller #0 PREEMPT(full) 
[ 1584.646309][T26321] Tainted: [L]=SOFTLOCKUP
[ 1584.646315][T26321] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/24/2026
[ 1584.646325][T26321] Call Trace:
[ 1584.646333][T26321]  <TASK>
[ 1584.646341][T26321]  dump_stack_lvl+0xe8/0x150
[ 1584.646367][T26321]  should_fail_ex+0x412/0x560
[ 1584.646396][T26321]  should_failslab+0xa8/0x100
[ 1584.646414][T26321]  __kmalloc_noprof+0xde/0x7e0
[ 1584.646425][T26321]  ? fib6_info_alloc+0x30/0xf0
[ 1584.646438][T26321]  fib6_info_alloc+0x30/0xf0
[ 1584.646448][T26321]  ip6_route_info_create+0x142/0x860
[ 1584.646463][T26321]  ip6_route_add+0x49/0x1b0
[ 1584.646477][T26321]  inet6_rtm_newroute+0x268/0x19e0
[ 1584.646500][T26321]  ? kasan_quarantine_put+0xbb/0x1f0
[ 1584.646523][T26321]  ? lockdep_hardirqs_on+0x7a/0x110
[ 1584.646543][T26321]  ? __pfx_inet6_rtm_newroute+0x10/0x10
[ 1584.646559][T26321]  ? kmem_cache_free+0x195/0x610
[ 1584.646570][T26321]  ? nlmon_xmit+0xb0/0x100
[ 1584.646585][T26321]  ? __lock_acquire+0x6b5/0x2cf0
[ 1584.646602][T26321]  ? __local_bh_enable_ip+0xd0/0x130
[ 1584.646612][T26321]  ? lockdep_hardirqs_on+0x7a/0x110
[ 1584.646643][T26321]  ? __pfx_inet6_rtm_newroute+0x10/0x10
[ 1584.646659][T26321]  rtnetlink_rcv_msg+0x7d5/0xbe0
[ 1584.646683][T26321]  ? rtnetlink_rcv_msg+0x1b9/0xbe0
[ 1584.646699][T26321]  ? __pfx_rtnetlink_rcv_msg+0x10/0x10
[ 1584.646714][T26321]  ? ref_tracker_free+0x693/0x840
[ 1584.646726][T26321]  ? __copy_skb_header+0xa3/0x4a0
[ 1584.646739][T26321]  ? __pfx_ref_tracker_free+0x10/0x10
[ 1584.646750][T26321]  ? __skb_clone+0x63/0x7a0
[ 1584.646766][T26321]  netlink_rcv_skb+0x232/0x4b0
[ 1584.646781][T26321]  ? __pfx_rtnetlink_rcv_msg+0x10/0x10
[ 1584.646800][T26321]  ? __pfx_netlink_rcv_skb+0x10/0x10
[ 1584.646825][T26321]  ? netlink_deliver_tap+0x2e/0x1b0
[ 1584.646849][T26321]  netlink_unicast+0x80f/0x9b0
[ 1584.646879][T26321]  ? __pfx_netlink_unicast+0x10/0x10
[ 1584.646899][T26321]  ? __alloc_skb+0x193/0x390
[ 1584.646913][T26321]  ? netlink_sendmsg+0x650/0xb40
[ 1584.646922][T26321]  ? skb_put+0x11b/0x210
[ 1584.646936][T26321]  netlink_sendmsg+0x813/0xb40
[ 1584.646960][T26321]  ? __pfx_netlink_sendmsg+0x10/0x10
[ 1584.646981][T26321]  ? aa_sock_msg_perm+0xf1/0x1b0
[ 1584.647002][T26321]  ? bpf_lsm_socket_sendmsg+0x9/0x20
[ 1584.647021][T26321]  ? __pfx_netlink_sendmsg+0x10/0x10
[ 1584.647032][T26321]  ____sys_sendmsg+0xa68/0xad0
[ 1584.647046][T26321]  ? __might_fault+0xaf/0x130
[ 1584.647062][T26321]  ? __pfx_____sys_sendmsg+0x10/0x10
[ 1584.647078][T26321]  ? import_iovec+0x73/0xa0
[ 1584.647102][T26321]  ___sys_sendmsg+0x2a5/0x360
[ 1584.647121][T26321]  ? __lock_acquire+0x6b5/0x2cf0
[ 1584.647145][T26321]  ? __pfx____sys_sendmsg+0x10/0x10
[ 1584.647184][T26321]  ? __fget_files+0x2a/0x420
[ 1584.647194][T26321]  ? __fget_files+0x3a0/0x420
[ 1584.647228][T26321]  __x64_sys_sendmsg+0x1bd/0x2a0
[ 1584.647247][T26321]  ? __pfx___x64_sys_sendmsg+0x10/0x10
[ 1584.647283][T26321]  ? __pfx_ksys_write+0x10/0x10
[ 1584.647315][T26321]  do_syscall_64+0xe2/0xf80
[ 1584.647328][T26321]  ? entry_SYSCALL_64_after_hwframe+0x77/0x7f
[ 1584.647342][T26321]  ? trace_irq_disable+0x37/0x100
[ 1584.647358][T26321]  ? clear_bhb_loop+0x60/0xb0
[ 1584.647377][T26321]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[ 1584.647393][T26321] RIP: 0033:0x7fbb5c39af79
[ 1584.647409][T26321] Code: ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 e8 ff ff ff f7 d8 64 89 01 48
[ 1584.647422][T26321] RSP: 002b:00007fbb5a5f6028 EFLAGS: 00000246 ORIG_RAX: 000000000000002e
[ 1584.647440][T26321] RAX: ffffffffffffffda RBX: 00007fbb5c615fa0 RCX: 00007fbb5c39af79
[ 1584.647452][T26321] RDX: 0000000000000010 RSI: 0000200000000680 RDI: 000000000000000a
[ 1584.647462][T26321] RBP: 00007fbb5a5f6090 R08: 0000000000000000 R09: 0000000000000000
[ 1584.647469][T26321] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[ 1584.647474][T26321] R13: 00007fbb5c616038 R14: 00007fbb5c615fa0 R15: 00007fbb5c73fa48
[ 1584.647489][T26321]  </TASK>
[ 1585.039292][T19636] Bluetooth: hci1: command 0x041b tx timeout
[ 1585.041555][T12891] Bluetooth: hci0: command 0x0c1a tx timeout
[ 1585.045727][T19636] Bluetooth: hci3: command 0x0419 tx timeout
[ 1585.051641][T12891] Bluetooth: hci2: command 0x040f tx timeout
[ 1585.599338][T26330] FAULT_INJECTION: forcing a failure.
[ 1585.599338][T26330] name fail_usercopy, interval 1, probability 0, space 0, times 0
[ 1585.628499][ T5936] usb 5-1: new high-speed USB device number 85 using dummy_hcd
[ 1585.642225][T26330] CPU: 0 UID: 0 PID: 26330 Comm: syz.5.5402 Tainted: G             L      syzkaller #0 PREEMPT(full) 
[ 1585.642256][T26330] Tainted: [L]=SOFTLOCKUP
[ 1585.642262][T26330] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/24/2026
[ 1585.642271][T26330] Call Trace:
[ 1585.642277][T26330]  <TASK>
[ 1585.642282][T26330]  dump_stack_lvl+0xe8/0x150
[ 1585.642299][T26330]  should_fail_ex+0x412/0x560
[ 1585.642315][T26330]  _copy_from_user+0x2d/0xb0
[ 1585.642325][T26330]  dvb_usercopy+0x15c/0x2e0
[ 1585.642345][T26330]  ? __pfx_dvb_frontend_do_ioctl+0x10/0x10
[ 1585.642363][T26330]  ? __pfx_dvb_usercopy+0x10/0x10
[ 1585.642392][T26330]  ? ksys_write+0x1fc/0x270
[ 1585.642419][T26330]  ? __pfx_dvb_frontend_ioctl+0x10/0x10
[ 1585.642429][T26330]  dvb_frontend_ioctl+0x59/0x80
[ 1585.642440][T26330]  __se_sys_ioctl+0xfc/0x170
[ 1585.642455][T26330]  do_syscall_64+0xe2/0xf80
[ 1585.642466][T26330]  ? entry_SYSCALL_64_after_hwframe+0x77/0x7f
[ 1585.642475][T26330]  ? trace_irq_disable+0x37/0x100
[ 1585.642491][T26330]  ? clear_bhb_loop+0x60/0xb0
[ 1585.642511][T26330]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[ 1585.642528][T26330] RIP: 0033:0x7fbb5c39af79
[ 1585.642544][T26330] Code: ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 e8 ff ff ff f7 d8 64 89 01 48
[ 1585.642558][T26330] RSP: 002b:00007fbb5a5f6028 EFLAGS: 00000246 ORIG_RAX: 0000000000000010
[ 1585.642573][T26330] RAX: ffffffffffffffda RBX: 00007fbb5c615fa0 RCX: 00007fbb5c39af79
[ 1585.642580][T26330] RDX: 0000200000000040 RSI: 0000000080106f53 RDI: 0000000000000010
[ 1585.642587][T26330] RBP: 00007fbb5a5f6090 R08: 0000000000000000 R09: 0000000000000000
[ 1585.642593][T26330] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[ 1585.642599][T26330] R13: 00007fbb5c616038 R14: 00007fbb5c615fa0 R15: 00007fbb5c73fa48
[ 1585.642615][T26330]  </TASK>
[ 1585.852717][T26330] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy
[ 1585.929381][T26330] misc raw-gadget: fail, usb_gadget_register_driver returned -16
[ 1586.049271][ T5936] usb 5-1: config 0 interface 0 altsetting 251 has an endpoint descriptor with address 0x36, changing to 0x6
[ 1586.088968][ T5936] usb 5-1: config 0 interface 0 has no altsetting 0
[ 1586.135429][ T5936] usb 5-1: New USB device found, idVendor=045e, idProduct=0283, bcdDevice=99.0b
[ 1586.144925][ T5936] usb 5-1: New USB device strings: Mfr=1, Product=228, SerialNumber=2
[ 1586.157499][ T5936] usb 5-1: Product: syz
[ 1586.168348][ T5936] usb 5-1: Manufacturer: syz
[ 1586.202392][ T5936] usb 5-1: SerialNumber: syz
[ 1586.254323][ T5936] usb 5-1: config 0 descriptor??
[ 1586.277650][ T5936] usb 5-1: selecting invalid altsetting 0
[ 1586.438513][ T5892] usb 7-1: new full-speed USB device number 38 using dummy_hcd
[ 1586.635740][ T5892] usb 7-1: unable to get BOS descriptor or descriptor too short
[ 1586.647500][ T5892] usb 7-1: not running at top speed; connect to a high speed hub
[ 1586.736710][ T5828] vhci_hcd vhci_hcd.3: vhci_device speed not set
[ 1586.756096][ T5892] usb 7-1: config 1 has an invalid interface number: 138 but max is 0
[ 1586.782090][ T5892] usb 7-1: config 1 has no interface number 0
[ 1586.801602][ T5892] usb 7-1: config 1 interface 138 has no altsetting 0
[ 1586.821686][ T5892] usb 7-1: New USB device found, idVendor=0cb8, idProduct=c90b, bcdDevice= d.ae
[ 1586.834053][ T5892] usb 7-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[ 1586.854498][ T5892] usb 7-1: Product: syz
[ 1586.963242][ T5892] usb 7-1: Manufacturer: syz
[ 1586.993169][ T5892] usb 7-1: SerialNumber: syz
[ 1587.308564][T26338] netlink: 4 bytes leftover after parsing attributes in process `syz.6.5404'.
[ 1587.568568][T26338] bridge_slave_1: left allmulticast mode
[ 1587.620501][T26338] bridge_slave_1: left promiscuous mode
[ 1587.651081][T26338] bridge0: port 2(bridge_slave_1) entered disabled state
[ 1587.729677][T26338] bridge_slave_0: left allmulticast mode
[ 1587.887012][T26338] bridge_slave_0: left promiscuous mode
[ 1587.924980][T26338] bridge0: port 1(bridge_slave_0) entered disabled state
[ 1588.336009][T18293] usb 5-1: USB disconnect, device number 85
[ 1588.757812][ T5892] usb 7-1: Quirk or no altset; falling back to MIDI 1.0
[ 1588.884796][ T5892] usb 7-1: USB disconnect, device number 38
[ 1592.200739][T25188] dvb-usb: did not find the firmware file 'dvb-usb-az6027-03.fw' (status -110). You can use <kernel_dir>/scripts/get_dvb_firmware to get the firmware
[ 1592.344611][T25188] dvb_usb_az6027 4-1:0.0: probe with driver dvb_usb_az6027 failed with error -110
[ 1592.445914][T25188] usb 4-1: USB disconnect, device number 75
[ 1592.503377][T12891] Bluetooth: hci5: command 0x0c1a tx timeout
[ 1592.584156][T26386] Bluetooth: hci5: Opcode 0x0c1a failed: -110
[ 1593.184055][T26386] Bluetooth: hci2: Opcode 0x0c1a failed: -4
[ 1593.190936][T26386] Bluetooth: hci3: Opcode 0x0c1a failed: -4
[ 1593.206889][T26386] Bluetooth: hci0: Opcode 0x0c1a failed: -4
[ 1593.222659][T26386] Bluetooth: hci1: Opcode 0x0c1a failed: -4
[ 1593.788578][T26414] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy
[ 1593.878699][T26414] misc raw-gadget: fail, usb_gadget_register_driver returned -16
[ 1594.658431][T12891] Bluetooth: hci2: command 0x040f tx timeout
[ 1594.718358][T25188] usb 4-1: new high-speed USB device number 76 using dummy_hcd
[ 1594.789615][ T5936] usb 5-1: new high-speed USB device number 86 using dummy_hcd
[ 1594.899627][T25188] usb 4-1: config 220 has an invalid interface number: 76 but max is 2
[ 1594.908077][T25188] usb 4-1: config 220 contains an unexpected descriptor of type 0x2, skipping
[ 1594.935074][T25188] usb 4-1: config 220 has an invalid descriptor of length 0, skipping remainder of the config
[ 1594.977341][T25188] usb 4-1: config 220 has no interface number 2
[ 1595.000138][ T5936] usb 5-1: Using ep0 maxpacket: 32
[ 1595.022576][ T5936] usb 5-1: config 0 has an invalid interface number: 244 but max is 0
[ 1595.044234][ T5936] usb 5-1: config 0 has no interface number 0
[ 1595.059357][T25188] usb 4-1: config 220 interface 1 altsetting 5 has 0 endpoint descriptors, different from the interface descriptor's value: 12
[ 1595.078464][ T5936] usb 5-1: config 0 interface 244 has no altsetting 0
[ 1595.098536][ T5936] usb 5-1: New USB device found, idVendor=0e41, idProduct=4750, bcdDevice=26.9c
[ 1595.107938][ T5936] usb 5-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[ 1595.168529][ T5936] usb 5-1: Product: syz
[ 1595.172939][T25188] usb 4-1: config 220 interface 0 has no altsetting 0
[ 1595.210152][ T5936] usb 5-1: Manufacturer: syz
[ 1595.220436][T25188] usb 4-1: config 220 interface 76 has no altsetting 0
[ 1595.228897][T12891] Bluetooth: hci1: command 0x041b tx timeout
[ 1595.228955][T13312] Bluetooth: hci0: command 0x0c1a tx timeout
[ 1595.241387][T19636] Bluetooth: hci3: command 0x0419 tx timeout
[ 1595.262163][ T5936] usb 5-1: SerialNumber: syz
[ 1595.292243][T25188] usb 4-1: config 220 interface 1 has no altsetting 0
[ 1595.314107][ T5936] usb 5-1: config 0 descriptor??
[ 1595.328010][T25188] usb 4-1: New USB device found, idVendor=8086, idProduct=0b07, bcdDevice=6c.b9
[ 1595.353952][T25188] usb 4-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[ 1595.382979][ T5936] snd_usb_toneport 5-1:0.244: Line 6 GuitarPort found
[ 1595.454377][T25188] usb 4-1: Product: syz
[ 1595.464426][T25188] usb 4-1: Manufacturer: syz
[ 1595.483280][T25188] usb 4-1: SerialNumber: syz
[ 1595.588572][ T5936] snd_usb_toneport 5-1:0.244: cannot get proper max packet size
[ 1595.602402][ T5936] snd_usb_toneport 5-1:0.244: Line 6 GuitarPort now disconnected
[ 1595.670111][ T5936] snd_usb_toneport 5-1:0.244: probe with driver snd_usb_toneport failed with error -22
[ 1595.918359][T18293] usb 7-1: new high-speed USB device number 39 using dummy_hcd
[ 1595.959027][T26442] netlink: 32 bytes leftover after parsing attributes in process `syz.5.5431'.
[ 1596.082423][T18293] usb 7-1: Using ep0 maxpacket: 8
[ 1596.091589][T18293] usb 7-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config
[ 1596.106554][T18293] usb 7-1: config 0 interface 0 altsetting 0 endpoint 0x8D has an invalid bInterval 0, changing to 7
[ 1596.175248][T18293] usb 7-1: config 0 interface 0 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 3
[ 1596.305370][T18293] usb 7-1: New USB device found, idVendor=05ac, idProduct=8215, bcdDevice=8f.58
[ 1596.335408][ T5892] usb 5-1: USB disconnect, device number 86
[ 1596.389129][T18293] usb 7-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[ 1596.550152][T18293] usb 7-1: config 0 descriptor??
[ 1598.110058][T25188] usb 4-1: selecting invalid altsetting 0
[ 1598.151065][T25188] uvcvideo 4-1:220.0: Found UVC 7.01 device syz (8086:0b07)
[ 1598.208301][T25188] uvcvideo 4-1:220.0: No valid video chain found.
[ 1598.261899][T25188] usb 4-1: selecting invalid altsetting 0
[ 1598.285515][T25188] usbtest 4-1:220.1: probe with driver usbtest failed with error -22
[ 1598.345792][T25188] usb 4-1: USB disconnect, device number 76
[ 1599.167112][T18293] usb 7-1: USB disconnect, device number 39
[ 1599.604708][T26469] netlink: 'syz.3.5437': attribute type 6 has an invalid length.
[ 1599.725129][T12891] Bluetooth: hci5: command 0x0c1a tx timeout
[ 1599.880041][T26452] Bluetooth: hci5: Opcode 0x0c1a failed: -110
[ 1600.019219][T26452] Bluetooth: hci2: Opcode 0x0c1a failed: -4
[ 1600.025762][T26452] Bluetooth: hci3: Opcode 0x0c1a failed: -4
[ 1600.034839][T26452] Bluetooth: hci0: Opcode 0x0c1a failed: -4
[ 1600.117637][T26452] Bluetooth: hci1: Opcode 0x0c1a failed: -4
[ 1600.465762][T18294] usb 7-1: new full-speed USB device number 40 using dummy_hcd
[ 1600.700296][T18294] usb 7-1: config 2 has an invalid interface number: 108 but max is 0
[ 1600.711255][T18294] usb 7-1: config 2 has no interface number 0
[ 1600.736592][T18294] usb 7-1: config 2 interface 108 has no altsetting 0
[ 1600.744198][ T5892] usb 5-1: new high-speed USB device number 87 using dummy_hcd
[ 1600.786665][T18294] usb 7-1: New USB device found, idVendor=129b, idProduct=160c, bcdDevice=1b.d8
[ 1600.816341][T18294] usb 7-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[ 1600.840493][T18294] usb 7-1: Product: syz
[ 1600.855262][T18294] usb 7-1: Manufacturer: syz
[ 1600.871503][T18294] usb 7-1: SerialNumber: syz
[ 1601.357249][T18294] usb 7-1: Could not find all expected endpoints
[ 1601.375589][T18294] usb 7-1: Quirk or no altset; falling back to MIDI 1.0
[ 1601.385887][T18294] usb 7-1: MIDIStreaming interface descriptor not found
[ 1601.532835][T18294] usb 7-1: USB disconnect, device number 40
[ 1601.659933][T26149] udevd[26149]: error opening ATTR{/sys/devices/platform/dummy_hcd.6/usb7/7-1/7-1:2.108/sound/card3/controlC3/../uevent} for writing: No such file or directory
[ 1601.957826][T12891] Bluetooth: hci2: command 0x040f tx timeout
[ 1602.108642][T12891] Bluetooth: hci0: command 0x0c1a tx timeout
[ 1602.114692][T13312] Bluetooth: hci3: command 0x0419 tx timeout
[ 1602.179222][T12891] Bluetooth: hci1: command 0x041b tx timeout
[ 1602.271223][T26490] fuse: Bad value for 'fd'
[ 1603.586810][   T30] kauditd_printk_skb: 69 callbacks suppressed
[ 1603.586830][   T30] audit: type=1326 audit(1770650987.286:3936): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=26503 comm="syz.0.5448" exe="/root/syz-executor" sig=31 arch=c000003e syscall=39 compat=0 ip=0x7fe854f94d97 code=0x0
[ 1606.299722][T26526] netlink: 'syz.3.5453': attribute type 6 has an invalid length.
[ 1606.689988][T26533] Bluetooth: hci5: Opcode 0x0c1a failed: -4
[ 1606.700700][T26533] Bluetooth: hci2: Opcode 0x0c1a failed: -4
[ 1606.709799][T26533] Bluetooth: hci3: Opcode 0x0c1a failed: -4
[ 1606.721320][T26533] Bluetooth: hci0: Opcode 0x0c1a failed: -4
[ 1606.735955][T26533] Bluetooth: hci1: Opcode 0x0c1a failed: -4
[ 1607.075408][T26542] xt_hashlimit: size too large, truncated to 1048576
[ 1607.547518][ T1301] ieee802154 phy0 wpan0: encryption failed: -22
[ 1607.553980][ T1301] ieee802154 phy1 wpan1: encryption failed: -22
[ 1608.031237][T26556] iommufd_mock iommufd_mock0: Adding to iommu group 0
[ 1608.193204][T26556] ipt_REJECT: TCP_RESET invalid for non-tcp
[ 1608.658589][T12891] Bluetooth: hci5: command 0x0c1a tx timeout
[ 1608.820807][T12891] Bluetooth: hci0: command 0x0c1a tx timeout
[ 1608.826943][T12891] Bluetooth: hci3: command 0x0419 tx timeout
[ 1608.833354][T12891] Bluetooth: hci2: command 0x040f tx timeout
[ 1608.839558][T12891] Bluetooth: hci1: command 0x041b tx timeout
[ 1610.176664][T26577] ipt_ECN: cannot use operation on non-tcp rule
[ 1611.077739][T26590] netlink: 4 bytes leftover after parsing attributes in process `syz.4.5472'.
[ 1611.191822][T26590] bridge0: entered promiscuous mode
[ 1611.213988][T26590] macvtap2: entered promiscuous mode
[ 1611.239790][T26590] macvtap2: entered allmulticast mode
[ 1611.260434][T26590] bridge0: entered allmulticast mode
[ 1611.284814][T26595] netlink: 'syz.0.5474': attribute type 6 has an invalid length.
[ 1611.316074][T26593] bridge0: left allmulticast mode
[ 1611.335581][T26593] bridge0: left promiscuous mode
[ 1613.289861][T26621] Bluetooth: hci5: Opcode 0x0c1a failed: -4
[ 1613.303013][T26621] Bluetooth: hci2: Opcode 0x0c1a failed: -4
[ 1613.344538][T26621] Bluetooth: hci3: Opcode 0x0c1a failed: -4
[ 1613.357311][T26626] x_tables: duplicate underflow at hook 3
[ 1613.381297][T26621] Bluetooth: hci0: Opcode 0x0c1a failed: -4
[ 1613.410310][T26621] Bluetooth: hci1: Opcode 0x0c1a failed: -4
[ 1613.698471][T18294] usb 7-1: new full-speed USB device number 41 using dummy_hcd
[ 1613.847775][T26636] fuse: Bad value for 'fd'
[ 1613.957269][T18294] usb 7-1: config 1 interface 0 altsetting 4 endpoint 0x81 has invalid maxpacket 512, setting to 64
[ 1613.969953][T18294] usb 7-1: config 1 interface 0 altsetting 4 has 2 endpoint descriptors, different from the interface descriptor's value: 1
[ 1614.001849][T26636] ipip0: entered promiscuous mode
[ 1614.007036][T26636] ipip0: entered allmulticast mode
[ 1614.155651][T18294] usb 7-1: config 1 interface 0 has no altsetting 0
[ 1614.251574][T18294] usb 7-1: New USB device found, idVendor=258a, idProduct=6a88, bcdDevice= 0.40
[ 1614.269529][T18294] usb 7-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[ 1614.278194][T18294] usb 7-1: Product: ఱ
[ 1614.295126][T18294] usb 7-1: Manufacturer: х
[ 1614.305964][T18294] usb 7-1: SerialNumber: ᠌
[ 1614.330798][T26626] raw-gadget.0 gadget.6: fail, usb_ep_enable returned -22
[ 1614.341471][T26626] raw-gadget.0 gadget.6: fail, usb_ep_enable returned -22
[ 1614.605225][T26639] netlink: 'syz.4.5486': attribute type 6 has an invalid length.
[ 1615.367167][T13312] Bluetooth: hci5: command 0x0c1a tx timeout
[ 1615.381816][T13312] Bluetooth: hci3: command 0x0419 tx timeout
[ 1615.397667][T13312] Bluetooth: hci2: command 0x040f tx timeout
[ 1615.468348][T12891] Bluetooth: hci1: command 0x041b tx timeout
[ 1615.468348][T13312] Bluetooth: hci0: command 0x0c1a tx timeout
[ 1615.613888][T18294] usbhid 7-1:1.0: can't add hid device: -71
[ 1615.625308][T18294] usbhid 7-1:1.0: probe with driver usbhid failed with error -71
[ 1615.651251][T18294] usb 7-1: USB disconnect, device number 41
[ 1615.714224][T25188] usb 5-1: new high-speed USB device number 88 using dummy_hcd
[ 1615.996865][T25188] usb 5-1: config 0 interface 0 altsetting 0 has an endpoint descriptor with address 0xFF, changing to 0x8F
[ 1616.024394][T25188] usb 5-1: config 0 interface 0 altsetting 0 endpoint 0x8F has an invalid bInterval 0, changing to 7
[ 1616.087756][T25188] usb 5-1: config 0 interface 0 altsetting 0 endpoint 0x8F has invalid wMaxPacketSize 0
[ 1616.150060][T25188] usb 5-1: config 0 interface 0 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 21
[ 1616.186058][T25188] usb 5-1: New USB device found, idVendor=047f, idProduct=ffff, bcdDevice= 0.00
[ 1616.281577][T25188] usb 5-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[ 1616.365809][T25188] usb 5-1: config 0 descriptor??
[ 1616.468361][T18294] usb 4-1: new high-speed USB device number 77 using dummy_hcd
[ 1616.841515][T18294] usb 4-1: Using ep0 maxpacket: 32
[ 1616.849378][T18294] usb 4-1: config index 0 descriptor too short (expected 29220, got 36)
[ 1616.869953][T18294] usb 4-1: config 0 has too many interfaces: 81, using maximum allowed: 32
[ 1617.369487][T18294] usb 4-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config
[ 1617.413911][T18294] usb 4-1: config 0 has 1 interface, different from the descriptor's value: 81
[ 1617.486360][T25188] plantronics 0003:047F:FFFF.0082: hiddev0,hidraw0: USB HID v0.40 Device [HID 047f:ffff] on usb-dummy_hcd.4-1/input0
[ 1617.558353][T18294] usb 4-1: config 0 interface 0 altsetting 0 endpoint 0x1 has invalid wMaxPacketSize 0
[ 1617.590501][T18294] usb 4-1: config 0 interface 0 altsetting 0 bulk endpoint 0x1 has invalid maxpacket 0
[ 1617.641858][T18294] usb 4-1: config 0 interface 0 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 18
[ 1617.694864][T18294] usb 4-1: New USB device found, idVendor=03f0, idProduct=6c17, bcdDevice= 0.40
[ 1617.739511][T18294] usb 4-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[ 1617.842696][T18294] usb 4-1: config 0 descriptor??
[ 1618.157665][T18293] usb 4-1: USB disconnect, device number 77
[ 1618.548572][   T30] audit: type=1326 audit(1770651002.196:3937): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=26670 comm="syz.6.5494" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f02e9d9af79 code=0x7ffc0000
[ 1618.706727][   T30] audit: type=1326 audit(1770651002.196:3938): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=26670 comm="syz.6.5494" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f02e9d9af79 code=0x7ffc0000
[ 1618.909226][   T30] audit: type=1326 audit(1770651002.196:3939): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=26670 comm="syz.6.5494" exe="/root/syz-executor" sig=0 arch=c000003e syscall=16 compat=0 ip=0x7f02e9d9af79 code=0x7ffc0000
[ 1619.038605][   T24] usb 5-1: reset high-speed USB device number 88 using dummy_hcd
[ 1619.042310][   T30] audit: type=1326 audit(1770651002.196:3940): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=26670 comm="syz.6.5494" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f02e9d9af79 code=0x7ffc0000
[ 1619.128188][T25188] usb 4-1: new high-speed USB device number 78 using dummy_hcd
[ 1619.175746][   T30] audit: type=1326 audit(1770651002.196:3941): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=26670 comm="syz.6.5494" exe="/root/syz-executor" sig=0 arch=c000003e syscall=314 compat=0 ip=0x7f02e9d9af79 code=0x7ffc0000
[ 1619.277639][   T30] audit: type=1326 audit(1770651002.196:3942): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=26670 comm="syz.6.5494" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f02e9d9af79 code=0x7ffc0000
[ 1619.349195][   T30] audit: type=1326 audit(1770651002.196:3943): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=26670 comm="syz.6.5494" exe="/root/syz-executor" sig=0 arch=c000003e syscall=259 compat=0 ip=0x7f02e9d9af79 code=0x7ffc0000
[ 1619.398874][T25188] usb 4-1: New USB device found, idVendor=2c42, idProduct=1709, bcdDevice=ca.b7
[ 1619.450195][T25188] usb 4-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[ 1619.479796][T25188] usb 4-1: Product: syz
[ 1619.494422][T25188] usb 4-1: Manufacturer: syz
[ 1619.496617][   T30] audit: type=1326 audit(1770651002.196:3944): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=26670 comm="syz.6.5494" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f02e9d9af79 code=0x7ffc0000
[ 1619.562726][T25188] usb 4-1: SerialNumber: syz
[ 1619.607147][T25188] usb 4-1: config 0 descriptor??
[ 1619.804028][   T30] audit: type=1326 audit(1770651002.196:3945): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=26670 comm="syz.6.5494" exe="/root/syz-executor" sig=0 arch=c000003e syscall=53 compat=0 ip=0x7f02e9d9af79 code=0x7ffc0000
[ 1619.852734][T26679] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy
[ 1619.872460][   T30] audit: type=1326 audit(1770651002.196:3946): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=26670 comm="syz.6.5494" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f02e9d9af79 code=0x7ffc0000
[ 1619.914542][T26679] misc raw-gadget: fail, usb_gadget_register_driver returned -16
[ 1620.012694][T25188] usb 4-1: f81604_read: reg: 105 failed: -EPIPE
[ 1620.024981][T25188] f81604 4-1:0.0: Setting termination of CH#0 failed: -EPIPE
[ 1620.047116][T25188] f81604 4-1:0.0: probe with driver f81604 failed with error -32
[ 1620.202715][T25188] usb 4-1: USB disconnect, device number 78
[ 1620.245766][T26681] netlink: 'syz.4.5497': attribute type 6 has an invalid length.
[ 1620.969624][ T5936] usb 5-1: USB disconnect, device number 88
[ 1623.146290][T18294] usb 4-1: new high-speed USB device number 79 using dummy_hcd
[ 1623.358559][T18294] usb 4-1: Using ep0 maxpacket: 32
[ 1623.372027][T18294] usb 4-1: New USB device found, idVendor=055f, idProduct=d001, bcdDevice=88.92
[ 1623.381549][T18294] usb 4-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[ 1623.468134][T18294] usb 4-1: config 0 descriptor??
[ 1623.497777][T18294] gspca_main: nw80x-2.14.0 probing 055f:d001
[ 1623.948509][ T5936] usb 1-1: new high-speed USB device number 120 using dummy_hcd
[ 1624.418543][T18294] usb 4-1: USB disconnect, device number 79
[ 1624.447058][   T30] kauditd_printk_skb: 5 callbacks suppressed
[ 1624.447084][   T30] audit: type=1326 audit(1770651008.146:3952): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=26729 comm="syz.6.5509" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f02e9d9af79 code=0x7ffc0000
[ 1624.499027][ T5936] usb 1-1: Using ep0 maxpacket: 32
[ 1624.545532][   T30] audit: type=1326 audit(1770651008.146:3953): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=26729 comm="syz.6.5509" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f02e9d9af79 code=0x7ffc0000
[ 1624.590653][ T5936] usb 1-1: config index 0 descriptor too short (expected 29220, got 36)
[ 1624.612644][   T30] audit: type=1326 audit(1770651008.146:3954): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=26729 comm="syz.6.5509" exe="/root/syz-executor" sig=0 arch=c000003e syscall=16 compat=0 ip=0x7f02e9d9af79 code=0x7ffc0000
[ 1624.686185][ T5936] usb 1-1: config 0 has too many interfaces: 81, using maximum allowed: 32
[ 1624.697912][ T5936] usb 1-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config
[ 1624.813853][ T5936] usb 1-1: config 0 has 1 interface, different from the descriptor's value: 81
[ 1624.826455][   T30] audit: type=1326 audit(1770651008.186:3955): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=26729 comm="syz.6.5509" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f02e9d9af79 code=0x7ffc0000
[ 1624.856001][ T5936] usb 1-1: config 0 interface 0 altsetting 0 endpoint 0x1 has invalid wMaxPacketSize 0
[ 1624.903226][   T30] audit: type=1326 audit(1770651008.186:3956): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=26729 comm="syz.6.5509" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f02e9d9af79 code=0x7ffc0000
[ 1625.002982][ T5936] usb 1-1: config 0 interface 0 altsetting 0 bulk endpoint 0x1 has invalid maxpacket 0
[ 1625.012924][   T30] audit: type=1326 audit(1770651008.186:3957): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=26729 comm="syz.6.5509" exe="/root/syz-executor" sig=0 arch=c000003e syscall=314 compat=0 ip=0x7f02e9d9af79 code=0x7ffc0000
[ 1625.143326][   T30] audit: type=1326 audit(1770651008.186:3958): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=26729 comm="syz.6.5509" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f02e9d9af79 code=0x7ffc0000
[ 1625.236023][   T30] audit: type=1326 audit(1770651008.186:3959): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=26729 comm="syz.6.5509" exe="/root/syz-executor" sig=0 arch=c000003e syscall=259 compat=0 ip=0x7f02e9d9af79 code=0x7ffc0000
[ 1625.237905][ T5936] usb 1-1: config 0 interface 0 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 18
[ 1625.486418][ T5936] usb 1-1: New USB device found, idVendor=03f0, idProduct=6c17, bcdDevice= 0.40
[ 1625.512395][ T5936] usb 1-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[ 1625.531523][ T5936] usb 1-1: config 0 descriptor??
[ 1625.628578][   T30] audit: type=1326 audit(1770651008.186:3960): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=26729 comm="syz.6.5509" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f02e9d9af79 code=0x7ffc0000
[ 1625.722837][   T30] audit: type=1326 audit(1770651008.186:3961): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=26729 comm="syz.6.5509" exe="/root/syz-executor" sig=0 arch=c000003e syscall=53 compat=0 ip=0x7f02e9d9af79 code=0x7ffc0000
[ 1625.837077][T18293] usb 1-1: USB disconnect, device number 120
[ 1626.832048][T18293] usb 1-1: new low-speed USB device number 121 using dummy_hcd
[ 1627.078388][T18293] usb 1-1: Invalid ep0 maxpacket: 32
[ 1627.218529][T18293] usb 1-1: new low-speed USB device number 122 using dummy_hcd
[ 1627.434770][T18293] usb 1-1: Invalid ep0 maxpacket: 32
[ 1627.445117][T18293] usb usb1-port1: attempt power cycle
[ 1627.798433][T18293] usb 1-1: new low-speed USB device number 123 using dummy_hcd
[ 1627.838614][ T5936] usb 7-1: new high-speed USB device number 42 using dummy_hcd
[ 1627.920947][T18293] usb 1-1: Invalid ep0 maxpacket: 32
[ 1627.998590][ T5936] usb 7-1: device descriptor read/64, error -71
[ 1628.048639][T18293] usb 1-1: new low-speed USB device number 124 using dummy_hcd
[ 1628.070728][T18293] usb 1-1: Invalid ep0 maxpacket: 32
[ 1628.085387][T18293] usb usb1-port1: unable to enumerate USB device
[ 1628.258778][ T5936] usb 7-1: new high-speed USB device number 43 using dummy_hcd
[ 1628.438385][ T5936] usb 7-1: device descriptor read/64, error -71
[ 1628.517883][T26767] Cannot find set identified by id 65534 to match
[ 1628.550042][ T5936] usb usb7-port1: attempt power cycle
[ 1628.918505][   T24] usb 5-1: new high-speed USB device number 89 using dummy_hcd
[ 1628.928486][ T5936] usb 7-1: new high-speed USB device number 44 using dummy_hcd
[ 1629.039351][ T5936] usb 7-1: device descriptor read/8, error -71
[ 1629.266831][T26781] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy
[ 1629.289997][T26781] misc raw-gadget: fail, usb_gadget_register_driver returned -16
[ 1629.308535][   T24] usb 5-1: Using ep0 maxpacket: 8
[ 1629.317123][   T24] usb 5-1: config 2 has an invalid interface number: 31 but max is 0
[ 1629.325947][   T24] usb 5-1: config 2 has no interface number 0
[ 1629.345972][   T24] usb 5-1: config 2 interface 31 has no altsetting 0
[ 1629.368401][ T5936] usb 7-1: new high-speed USB device number 45 using dummy_hcd
[ 1629.382301][   T24] usb 5-1: New USB device found, idVendor=1a86, idProduct=e006, bcdDevice=53.3f
[ 1629.392289][ T5936] usb 7-1: device descriptor read/8, error -71
[ 1629.399734][   T24] usb 5-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[ 1629.415784][   T24] usb 5-1: Product: syz
[ 1629.427035][   T24] usb 5-1: Manufacturer: syz
[ 1629.435397][   T24] usb 5-1: SerialNumber: syz
[ 1629.509461][ T5936] usb usb7-port1: unable to enumerate USB device
[ 1629.672379][ T5936] usb 5-1: USB disconnect, device number 89
[ 1630.427482][T26794] block device autoloading is deprecated and will be removed.
[ 1630.518859][ T5936] usb 4-1: new high-speed USB device number 80 using dummy_hcd
[ 1630.726319][ T5936] usb 4-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7
[ 1630.778309][ T5936] usb 4-1: New USB device found, idVendor=0d8c, idProduct=0014, bcdDevice= 0.00
[ 1630.882243][ T5936] usb 4-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[ 1630.926509][T26815] netlink: 24 bytes leftover after parsing attributes in process `syz.0.5532'.
[ 1630.969107][ T5936] usb 4-1: config 0 descriptor??
[ 1631.034956][T26818] netlink: 'syz.4.5534': attribute type 27 has an invalid length.
[ 1631.212278][T26807] netlink: 32 bytes leftover after parsing attributes in process `syz.6.5530'.
[ 1631.257173][T26807] syz_tun: entered promiscuous mode
[ 1631.427775][T26792] dlm: plock device version mismatch: kernel (1.2.0), user (1.4294967293.0)
[ 1631.776221][ T5936] cmedia_hs100b 0003:0D8C:0014.0083: hidraw0: USB HID v0.00 Device [HID 0d8c:0014] on usb-dummy_hcd.3-1/input0
[ 1631.932283][ T5936] usb 4-1: USB disconnect, device number 80
[ 1633.222716][T26839] netlink: 8 bytes leftover after parsing attributes in process `syz.3.5538'.
[ 1633.271358][T26839] netlink: 4 bytes leftover after parsing attributes in process `syz.3.5538'.
[ 1633.362018][T26839] netlink: 'syz.3.5538': attribute type 7 has an invalid length.
[ 1633.447567][T14549] netdevsim netdevsim3 netdevsim0: set [0, 0] type 1 family 0 port 8472 - 0
[ 1633.460476][T14549] netdevsim netdevsim3 netdevsim1: set [0, 0] type 1 family 0 port 8472 - 0
[ 1633.472187][T14549] netdevsim netdevsim3 netdevsim2: set [0, 0] type 1 family 0 port 8472 - 0
[ 1633.501072][T26839] netlink: 8 bytes leftover after parsing attributes in process `syz.3.5538'.
[ 1633.524718][T14549] netdevsim netdevsim3 netdevsim3: set [0, 0] type 1 family 0 port 8472 - 0
[ 1633.564757][T26839] netlink: 4 bytes leftover after parsing attributes in process `syz.3.5538'.
[ 1633.578972][ T5936] usb 1-1: new high-speed USB device number 125 using dummy_hcd
[ 1633.643131][T26839] netlink: 'syz.3.5538': attribute type 7 has an invalid length.
[ 1633.738340][ T5936] usb 1-1: Using ep0 maxpacket: 32
[ 1633.746089][ T5936] usb 1-1: config index 0 descriptor too short (expected 29220, got 36)
[ 1633.755885][ T5936] usb 1-1: config 0 has too many interfaces: 81, using maximum allowed: 32
[ 1633.798289][ T5936] usb 1-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config
[ 1633.849397][ T5936] usb 1-1: config 0 has 1 interface, different from the descriptor's value: 81
[ 1633.867728][ T5936] usb 1-1: config 0 interface 0 altsetting 0 endpoint 0x1 has invalid wMaxPacketSize 0
[ 1633.904584][ T5936] usb 1-1: config 0 interface 0 altsetting 0 bulk endpoint 0x1 has invalid maxpacket 0
[ 1633.917166][ T5936] usb 1-1: config 0 interface 0 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 18
[ 1633.936156][ T5936] usb 1-1: New USB device found, idVendor=03f0, idProduct=6c17, bcdDevice= 0.40
[ 1633.946047][ T5936] usb 1-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[ 1633.995217][ T5936] usb 1-1: config 0 descriptor??
[ 1634.070473][T26847] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy
[ 1634.102150][T26847] misc raw-gadget: fail, usb_gadget_register_driver returned -16
[ 1634.117379][T26847] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy
[ 1634.164132][T26852] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy
[ 1634.184046][T26847] misc raw-gadget: fail, usb_gadget_register_driver returned -16
[ 1634.195475][T26852] misc raw-gadget: fail, usb_gadget_register_driver returned -16
[ 1634.310022][ T5936] usb 5-1: new high-speed USB device number 90 using dummy_hcd
[ 1634.375421][   T24] usb 1-1: USB disconnect, device number 125
[ 1634.596595][T26862] netlink: 28 bytes leftover after parsing attributes in process `syz.3.5543'.
[ 1635.655576][T26874] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy
[ 1635.664862][T26874] misc raw-gadget: fail, usb_gadget_register_driver returned -16
[ 1635.818660][T18294] usb 1-1: new high-speed USB device number 126 using dummy_hcd
[ 1635.996035][T18294] usb 1-1: New USB device found, idVendor=0cf3, idProduct=9271, bcdDevice= 1.08
[ 1636.018445][T18294] usb 1-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[ 1636.046424][T18294] usb 1-1: Product: syz
[ 1636.060805][T18294] usb 1-1: Manufacturer: syz
[ 1636.095637][T18294] usb 1-1: SerialNumber: syz
[ 1636.133330][T18294] usb 1-1: ath9k_htc: Firmware ath9k_htc/htc_9271-1.4.0.fw requested
[ 1636.169293][T18293] usb 1-1: ath9k_htc: Transferred FW: ath9k_htc/htc_9271-1.4.0.fw, size: 51008
[ 1636.348450][T18294] usb 4-1: new high-speed USB device number 81 using dummy_hcd
[ 1636.542613][T18294] usb 4-1: Using ep0 maxpacket: 32
[ 1636.563390][T18294] usb 4-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config
[ 1636.601454][T18294] usb 4-1: config 0 has 1 interface, different from the descriptor's value: 2
[ 1636.640595][T18294] usb 4-1: config 0 interface 0 altsetting 245 has 1 endpoint descriptor, different from the interface descriptor's value: 0
[ 1636.668479][T18294] usb 4-1: config 0 interface 0 altsetting 64 has 0 endpoint descriptors, different from the interface descriptor's value: 8
[ 1636.962572][T18294] usb 4-1: config 0 interface 0 has no altsetting 0
[ 1636.986789][T18294] usb 4-1: config 0 interface 0 has no altsetting 1
[ 1637.109175][T18294] usb 4-1: New USB device found, idVendor=0582, idProduct=0016, bcdDevice=8e.57
[ 1637.119365][T18294] usb 4-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[ 1637.127453][T18294] usb 4-1: Product: syz
[ 1637.134060][T26888] netlink: 8 bytes leftover after parsing attributes in process `syz.4.5549'.
[ 1637.493137][T18293] usb 1-1: Service connection timeout for: 256
[ 1637.532047][T18293] ath9k_htc 1-1:1.0: ath9k_htc: Unable to initialize HTC services
[ 1637.554167][T18294] usb 4-1: Manufacturer: syz
[ 1637.564904][T18294] usb 4-1: SerialNumber: syz
[ 1637.595578][T18293] ath9k_htc: Failed to initialize the device
[ 1637.615840][T18293] usb 1-1: ath9k_htc: USB layer deinitialized
[ 1637.624271][T18294] usb 4-1: config 0 descriptor??
[ 1637.650826][T18294] usbhid 4-1:0.0: couldn't find an input interrupt endpoint
[ 1637.671905][T18294] usb 4-1: selecting invalid altsetting 0
[ 1637.871220][ T5936] usb 4-1: USB disconnect, device number 81
[ 1638.603699][T26899] netlink: 20 bytes leftover after parsing attributes in process `syz.5.5552'.
[ 1638.613342][T26899] netlink: 4 bytes leftover after parsing attributes in process `syz.5.5552'.
[ 1639.070191][T18294] usb 1-1: USB disconnect, device number 126
[ 1639.918403][ T5892] usb 5-1: new high-speed USB device number 91 using dummy_hcd
[ 1640.068348][ T5892] usb 5-1: Using ep0 maxpacket: 32
[ 1640.077751][ T5892] usb 5-1: config index 0 descriptor too short (expected 29220, got 36)
[ 1640.115360][ T5892] usb 5-1: config 0 has too many interfaces: 81, using maximum allowed: 32
[ 1640.170011][ T5892] usb 5-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config
[ 1640.213839][ T5892] usb 5-1: config 0 has 1 interface, different from the descriptor's value: 81
[ 1640.241285][ T5892] usb 5-1: config 0 interface 0 altsetting 0 endpoint 0x1 has invalid wMaxPacketSize 0
[ 1640.280139][ T5892] usb 5-1: config 0 interface 0 altsetting 0 bulk endpoint 0x1 has invalid maxpacket 0
[ 1640.363641][ T5892] usb 5-1: config 0 interface 0 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 18
[ 1640.469687][ T5892] usb 5-1: New USB device found, idVendor=03f0, idProduct=6c17, bcdDevice= 0.40
[ 1640.496734][ T5892] usb 5-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[ 1640.545960][ T5892] usb 5-1: config 0 descriptor??
[ 1641.146452][T26930] netlink: 8 bytes leftover after parsing attributes in process `syz.5.5561'.
[ 1641.445478][ T5892] usb 5-1: USB disconnect, device number 91
[ 1643.659887][T26956] netlink: 8 bytes leftover after parsing attributes in process `syz.0.5567'.
[ 1643.894816][T26964] xt_hashlimit: size too large, truncated to 1048576
[ 1643.939332][T26965] netlink: 92 bytes leftover after parsing attributes in process `syz.6.5568'.
[ 1644.038586][T26965] netlink: 990 bytes leftover after parsing attributes in process `syz.6.5568'.
[ 1644.456413][T26966] fuse: Unknown parameter 'L�Є�group_id'
[ 1644.708491][ T5892] usb 5-1: new high-speed USB device number 92 using dummy_hcd
[ 1644.778028][T26983] netlink: 8 bytes leftover after parsing attributes in process `syz.6.5572'.
[ 1644.807741][T26985] netlink: 44 bytes leftover after parsing attributes in process `syz.5.5574'.
[ 1644.860856][ T5892] usb 5-1: Using ep0 maxpacket: 32
[ 1644.882759][ T5892] usb 5-1: config index 0 descriptor too short (expected 29220, got 36)
[ 1644.910183][ T5892] usb 5-1: config 0 has too many interfaces: 81, using maximum allowed: 32
[ 1644.937386][ T5892] usb 5-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config
[ 1644.957878][ T5892] usb 5-1: config 0 has 1 interface, different from the descriptor's value: 81
[ 1644.976786][ T5892] usb 5-1: config 0 interface 0 altsetting 0 endpoint 0x1 has invalid wMaxPacketSize 0
[ 1644.999675][ T5892] usb 5-1: config 0 interface 0 altsetting 0 bulk endpoint 0x1 has invalid maxpacket 0
[ 1645.018694][ T5892] usb 5-1: config 0 interface 0 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 18
[ 1645.041005][ T5892] usb 5-1: New USB device found, idVendor=03f0, idProduct=6c17, bcdDevice= 0.40
[ 1645.095970][ T5892] usb 5-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[ 1645.153709][ T5892] usb 5-1: config 0 descriptor??
[ 1645.941610][ T5892] usb 5-1: USB disconnect, device number 92
[ 1647.359956][T27021] netlink: 43 bytes leftover after parsing attributes in process `syz.0.5584'.
[ 1648.793233][T27025] netlink: 43 bytes leftover after parsing attributes in process `syz.3.5585'.
[ 1649.056660][T27031] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy
[ 1649.066224][T27031] misc raw-gadget: fail, usb_gadget_register_driver returned -16
[ 1649.389985][T27035] macvlan3: entered promiscuous mode
[ 1649.705058][T27033] netlink: 8 bytes leftover after parsing attributes in process `syz.4.5587'.
[ 1649.830722][T27041] openvswitch: netlink: Flow actions may not be safe on all matching packets.
[ 1650.608371][ T5892] usb 5-1: new high-speed USB device number 93 using dummy_hcd
[ 1650.768481][ T5892] usb 5-1: Using ep0 maxpacket: 16
[ 1650.788398][ T5892] usb 5-1: config 0 interface 0 altsetting 9 endpoint 0x81 has invalid wMaxPacketSize 0
[ 1650.831734][ T5892] usb 5-1: config 0 interface 0 has no altsetting 0
[ 1650.872933][ T5892] usb 5-1: New USB device found, idVendor=1e71, idProduct=2009, bcdDevice= 0.00
[ 1650.915102][ T5892] usb 5-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[ 1650.954111][ T5892] usb 5-1: config 0 descriptor??
[ 1651.010881][ T5892] usbhid 5-1:0.0: couldn't find an input interrupt endpoint
[ 1651.900874][ T5828] usb 1-1: new high-speed USB device number 127 using dummy_hcd
[ 1651.962586][T27060] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy
[ 1651.990644][ T5936] usb 7-1: new high-speed USB device number 46 using dummy_hcd
[ 1652.050620][T27060] misc raw-gadget: fail, usb_gadget_register_driver returned -16
[ 1652.118701][ T5828] usb 1-1: Using ep0 maxpacket: 32
[ 1652.137931][ T5828] usb 1-1: config index 0 descriptor too short (expected 29220, got 36)
[ 1652.147617][ T5828] usb 1-1: config 0 has too many interfaces: 81, using maximum allowed: 32
[ 1652.165394][ T5828] usb 1-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config
[ 1652.187019][ T5828] usb 1-1: config 0 has 1 interface, different from the descriptor's value: 81
[ 1652.196653][ T5828] usb 1-1: config 0 interface 0 altsetting 0 endpoint 0x1 has invalid wMaxPacketSize 0
[ 1652.221641][ T5828] usb 1-1: config 0 interface 0 altsetting 0 bulk endpoint 0x1 has invalid maxpacket 0
[ 1652.231993][ T5828] usb 1-1: config 0 interface 0 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 18
[ 1652.246267][ T5828] usb 1-1: New USB device found, idVendor=03f0, idProduct=6c17, bcdDevice= 0.40
[ 1652.255752][ T5936] usb 7-1: Using ep0 maxpacket: 32
[ 1652.265815][ T5828] usb 1-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[ 1652.278923][ T5936] usb 7-1: config index 0 descriptor too short (expected 29220, got 36)
[ 1652.291072][ T5936] usb 7-1: config 0 has too many interfaces: 81, using maximum allowed: 32
[ 1652.309360][ T5828] usb 1-1: config 0 descriptor??
[ 1652.314521][ T5936] usb 7-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config
[ 1652.343099][ T5936] usb 7-1: config 0 has 1 interface, different from the descriptor's value: 81
[ 1652.354516][ T5936] usb 7-1: config 0 interface 0 altsetting 0 endpoint 0x1 has invalid wMaxPacketSize 0
[ 1652.366578][ T5936] usb 7-1: config 0 interface 0 altsetting 0 bulk endpoint 0x1 has invalid maxpacket 0
[ 1652.438633][ T5936] usb 7-1: config 0 interface 0 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 18
[ 1652.459631][ T5936] usb 7-1: New USB device found, idVendor=03f0, idProduct=6c17, bcdDevice= 0.40
[ 1652.485622][ T5936] usb 7-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[ 1652.526650][ T5936] usb 7-1: config 0 descriptor??
[ 1652.546050][ T5828] usb 1-1: USB disconnect, device number 127
[ 1652.784720][ T5828] usb 7-1: USB disconnect, device number 46
[ 1653.175468][T18294] usb 5-1: USB disconnect, device number 93
[ 1653.382469][T27073] openvswitch: netlink: Tunnel attr 7 has unexpected len 1 expected 0
[ 1653.398327][T27073] netdevsim netdevsim5: Direct firmware load for /
[ 1653.398327][T27073]  failed with error -2
[ 1653.410106][T27073] netdevsim netdevsim5: Falling back to sysfs fallback for: /
[ 1653.410106][T27073] 
[ 1654.158424][ T5892] usb 1-1: new high-speed USB device number 2 using dummy_hcd
[ 1654.387808][T27088] netlink: 8 bytes leftover after parsing attributes in process `syz.4.5601'.
[ 1654.410567][ T5892] usb 1-1: Using ep0 maxpacket: 16
[ 1654.425063][ T5892] usb 1-1: config 0 interface 0 has no altsetting 0
[ 1654.437923][ T5892] usb 1-1: New USB device found, idVendor=06be, idProduct=a232, bcdDevice=33.f3
[ 1654.468444][ T5892] usb 1-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[ 1654.490069][ T5892] usb 1-1: Product: syz
[ 1654.494348][ T5892] usb 1-1: Manufacturer: syz
[ 1654.558682][ T5892] usb 1-1: SerialNumber: syz
[ 1654.650258][ T5892] usb 1-1: config 0 descriptor??
[ 1655.408554][ T5892] dvb_usb_dtv5100 1-1:0.0: probe with driver dvb_usb_dtv5100 failed with error -71
[ 1655.473027][ T5892] usb 1-1: USB disconnect, device number 2
[ 1656.548406][T18294] usb 5-1: new high-speed USB device number 94 using dummy_hcd
[ 1656.632446][ T5892] usb 1-1: new high-speed USB device number 3 using dummy_hcd
[ 1656.718951][T18294] usb 5-1: Using ep0 maxpacket: 32
[ 1656.753773][T18294] usb 5-1: config index 0 descriptor too short (expected 29220, got 36)
[ 1656.773349][T18294] usb 5-1: config 0 has too many interfaces: 81, using maximum allowed: 32
[ 1656.807493][ T5892] usb 1-1: Using ep0 maxpacket: 32
[ 1656.821281][ T5892] usb 1-1: config index 0 descriptor too short (expected 29220, got 36)
[ 1656.830367][ T5892] usb 1-1: config 0 has too many interfaces: 81, using maximum allowed: 32
[ 1656.842078][ T5892] usb 1-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config
[ 1656.856819][T18294] usb 5-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config
[ 1656.877700][ T5892] usb 1-1: config 0 has 1 interface, different from the descriptor's value: 81
[ 1656.887859][T18294] usb 5-1: config 0 has 1 interface, different from the descriptor's value: 81
[ 1656.898680][ T5892] usb 1-1: config 0 interface 0 altsetting 0 endpoint 0x1 has invalid wMaxPacketSize 0
[ 1656.908742][T27117] Bluetooth: hci5: Opcode 0x0c1a failed: -4
[ 1656.915040][T18294] usb 5-1: config 0 interface 0 altsetting 0 endpoint 0x1 has invalid wMaxPacketSize 0
[ 1656.925152][ T5892] usb 1-1: config 0 interface 0 altsetting 0 bulk endpoint 0x1 has invalid maxpacket 0
[ 1656.932201][T27117] Bluetooth: hci2: Opcode 0x0c1a failed: -4
[ 1656.935350][T18294] usb 5-1: config 0 interface 0 altsetting 0 bulk endpoint 0x1 has invalid maxpacket 0
[ 1656.950808][ T5892] usb 1-1: config 0 interface 0 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 18
[ 1656.964041][T18294] usb 5-1: config 0 interface 0 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 18
[ 1656.977246][ T5892] usb 1-1: New USB device found, idVendor=03f0, idProduct=6c17, bcdDevice= 0.40
[ 1656.986517][T18294] usb 5-1: New USB device found, idVendor=03f0, idProduct=6c17, bcdDevice= 0.40
[ 1656.988958][T27117] Bluetooth: hci3: Opcode 0x0c1a failed: -4
[ 1656.996147][ T5892] usb 1-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[ 1657.019725][T18294] usb 5-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[ 1657.062001][ T5892] usb 1-1: config 0 descriptor??
[ 1657.068946][T18294] usb 5-1: config 0 descriptor??
[ 1657.085897][T27117] Bluetooth: hci0: Opcode 0x0c1a failed: -4
[ 1657.116182][T27117] Bluetooth: hci1: Opcode 0x0c1a failed: -4
[ 1657.290324][ T5892] usb 1-1: USB disconnect, device number 3
[ 1657.334095][T18294] usb 5-1: USB disconnect, device number 94
[ 1657.378640][ T5936] usb 7-1: new high-speed USB device number 47 using dummy_hcd
[ 1657.578352][ T5936] usb 7-1: Using ep0 maxpacket: 16
[ 1657.600510][ T5936] usb 7-1: config 0 interface 0 altsetting 9 endpoint 0x81 has invalid wMaxPacketSize 0
[ 1657.607556][T27125] netlink: 8 bytes leftover after parsing attributes in process `syz.3.5612'.
[ 1657.628897][ T5936] usb 7-1: config 0 interface 0 has no altsetting 0
[ 1657.645255][ T5936] usb 7-1: New USB device found, idVendor=1e71, idProduct=2009, bcdDevice= 0.00
[ 1657.670138][ T5936] usb 7-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[ 1657.704990][ T5936] usb 7-1: config 0 descriptor??
[ 1657.720472][ T5936] usbhid 7-1:0.0: couldn't find an input interrupt endpoint
[ 1658.139379][T27133] fuse: Bad value for 'fd'
[ 1658.227085][T27133] ipip0: entered promiscuous mode
[ 1658.232618][T27133] ipip0: entered allmulticast mode
[ 1658.899323][T27121] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy
[ 1658.908023][T27121] misc raw-gadget: fail, usb_gadget_register_driver returned -16
[ 1658.946613][T13312] Bluetooth: hci5: command 0x0c1a tx timeout
[ 1658.978798][T13312] Bluetooth: hci2: command 0x040f tx timeout
[ 1659.069964][T13312] Bluetooth: hci3: command 0x0419 tx timeout
[ 1659.138394][T12891] Bluetooth: hci0: command 0x0c1a tx timeout
[ 1659.144710][T13312] Bluetooth: hci1: command 0x041b tx timeout
[ 1659.253749][T27145] netlink: 12 bytes leftover after parsing attributes in process `syz.5.5617'.
[ 1659.991844][ T5892] usb 7-1: USB disconnect, device number 47
[ 1660.599468][ T5892] usb 4-1: new high-speed USB device number 82 using dummy_hcd
[ 1660.607282][T18294] usb 7-1: new high-speed USB device number 48 using dummy_hcd
[ 1660.698350][T18293] usb 5-1: new high-speed USB device number 95 using dummy_hcd
[ 1660.759168][ T5892] usb 4-1: Using ep0 maxpacket: 32
[ 1660.766685][ T5892] usb 4-1: config index 0 descriptor too short (expected 29220, got 36)
[ 1660.775769][T18294] usb 7-1: Using ep0 maxpacket: 8
[ 1660.782563][ T5892] usb 4-1: config 0 has too many interfaces: 81, using maximum allowed: 32
[ 1660.788347][T25188] usb 1-1: new high-speed USB device number 4 using dummy_hcd
[ 1660.792797][ T5892] usb 4-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config
[ 1660.793726][T18294] usb 7-1: config index 0 descriptor too short (expected 8192, got 68)
[ 1660.822979][ T5892] usb 4-1: config 0 has 1 interface, different from the descriptor's value: 81
[ 1660.838025][T18294] usb 7-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config
[ 1660.855166][ T5892] usb 4-1: config 0 interface 0 altsetting 0 endpoint 0x1 has invalid wMaxPacketSize 0
[ 1660.871864][T18293] usb 5-1: config 220 has an invalid interface number: 76 but max is 2
[ 1660.884167][T18294] usb 7-1: config 0 has no interfaces?
[ 1660.893515][T18293] usb 5-1: config 220 contains an unexpected descriptor of type 0x2, skipping
[ 1660.905335][ T5892] usb 4-1: config 0 interface 0 altsetting 0 bulk endpoint 0x1 has invalid maxpacket 0
[ 1660.922205][T18294] usb 7-1: New USB device found, idVendor=12d1, idProduct=42f7, bcdDevice=aa.47
[ 1660.937848][T18293] usb 5-1: config 220 has an invalid descriptor of length 0, skipping remainder of the config
[ 1660.956850][ T5892] usb 4-1: config 0 interface 0 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 18
[ 1660.975932][T18294] usb 7-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[ 1660.978562][T25188] usb 1-1: Using ep0 maxpacket: 32
[ 1660.984384][T18293] usb 5-1: config 220 has no interface number 2
[ 1660.997505][ T5892] usb 4-1: New USB device found, idVendor=03f0, idProduct=6c17, bcdDevice= 0.40
[ 1661.008016][T18294] usb 7-1: config 0 descriptor??
[ 1661.008634][T25188] usb 1-1: config index 0 descriptor too short (expected 29220, got 36)
[ 1661.051382][T25188] usb 1-1: config 0 has too many interfaces: 81, using maximum allowed: 32
[ 1661.077239][T25188] usb 1-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config
[ 1661.105120][T25188] usb 1-1: config 0 has 1 interface, different from the descriptor's value: 81
[ 1661.119496][T18293] usb 5-1: config 220 interface 1 altsetting 5 has 0 endpoint descriptors, different from the interface descriptor's value: 12
[ 1661.132920][ T5892] usb 4-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[ 1661.142431][T18293] usb 5-1: config 220 interface 0 has no altsetting 0
[ 1661.152076][ T5892] usb 4-1: config 0 descriptor??
[ 1661.170729][T18293] usb 5-1: config 220 interface 76 has no altsetting 0
[ 1661.189026][T25188] usb 1-1: config 0 interface 0 altsetting 0 endpoint 0x1 has invalid wMaxPacketSize 0
[ 1661.198803][T18293] usb 5-1: config 220 interface 1 has no altsetting 0
[ 1661.214406][T25188] usb 1-1: config 0 interface 0 altsetting 0 bulk endpoint 0x1 has invalid maxpacket 0
[ 1661.232949][T25188] usb 1-1: config 0 interface 0 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 18
[ 1661.252365][T18293] usb 5-1: New USB device found, idVendor=8086, idProduct=0b07, bcdDevice=6c.b9
[ 1661.266349][T25188] usb 1-1: New USB device found, idVendor=03f0, idProduct=6c17, bcdDevice= 0.40
[ 1661.277250][T25188] usb 1-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[ 1661.277254][T18293] usb 5-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[ 1661.277277][T18293] usb 5-1: Product: syz
[ 1661.337384][T25188] usb 1-1: config 0 descriptor??
[ 1661.344875][T18293] usb 5-1: Manufacturer: syz
[ 1661.352860][T27156] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy
[ 1661.361774][T18293] usb 5-1: SerialNumber: syz
[ 1661.373108][T27156] misc raw-gadget: fail, usb_gadget_register_driver returned -16
[ 1661.401592][ T5936] usb 4-1: USB disconnect, device number 82
[ 1661.563880][T18294] usb 7-1: string descriptor 0 read error: -71
[ 1661.572452][T18294] usb 7-1: USB disconnect, device number 48
[ 1661.609368][ T5892] usb 1-1: USB disconnect, device number 4
[ 1662.407714][T27167] netlink: 8 bytes leftover after parsing attributes in process `syz.3.5625'.
[ 1662.629518][T27177] fuse: Bad value for 'fd'
[ 1663.378404][T25188] usb 7-1: new high-speed USB device number 49 using dummy_hcd
[ 1663.568550][T25188] usb 7-1: Using ep0 maxpacket: 16
[ 1663.576849][T25188] usb 7-1: config 0 has no interfaces?
[ 1663.590307][T25188] usb 7-1: New USB device found, idVendor=2040, idProduct=b138, bcdDevice= 1.42
[ 1663.653320][T25188] usb 7-1: New USB device strings: Mfr=4, Product=0, SerialNumber=0
[ 1663.687076][T25188] usb 7-1: Manufacturer: syz
[ 1663.728499][T25188] usb 7-1: config 0 descriptor??
[ 1663.744302][T18293] usb 5-1: selecting invalid altsetting 0
[ 1663.774232][T18293] uvcvideo 5-1:220.0: Found UVC 7.01 device syz (8086:0b07)
[ 1663.914833][T18293] uvcvideo 5-1:220.0: No valid video chain found.
[ 1664.037730][T18293] usb 5-1: selecting invalid altsetting 0
[ 1664.084376][T18293] usbtest 5-1:220.1: probe with driver usbtest failed with error -22
[ 1664.111899][T27193] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy
[ 1664.121014][T27193] misc raw-gadget: fail, usb_gadget_register_driver returned -16
[ 1664.133375][T27193] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy
[ 1664.157451][T27193] misc raw-gadget: fail, usb_gadget_register_driver returned -16
[ 1664.188536][T18293] usb 5-1: USB disconnect, device number 95
[ 1664.251717][T27179] A link change request failed with some changes committed already. Interface gretap0 may have been left with an inconsistent configuration, please check.
[ 1664.588366][T27180] A link change request failed with some changes committed already. Interface caif0 may have been left with an inconsistent configuration, please check.
[ 1665.037470][T27200] Bluetooth: hci5: Opcode 0x0c1a failed: -4
[ 1665.121359][T27200] Bluetooth: hci2: Opcode 0x0c1a failed: -4
[ 1665.275966][T27200] Bluetooth: hci3: Opcode 0x0c1a failed: -4
[ 1665.287504][T27200] Bluetooth: hci0: Opcode 0x0c1a failed: -4
[ 1665.312337][T27200] Bluetooth: hci1: Opcode 0x0c1a failed: -4
[ 1665.827248][T27204] xt_SECMARK: mode already set to 1 cannot mix with rules for mode 2
[ 1665.918166][T25188] usb 7-1: USB disconnect, device number 49
[ 1666.378423][T18293] usb 4-1: new high-speed USB device number 83 using dummy_hcd
[ 1666.579875][T18293] usb 4-1: Using ep0 maxpacket: 32
[ 1666.596769][T18293] usb 4-1: config index 0 descriptor too short (expected 29220, got 36)
[ 1666.622295][T18293] usb 4-1: config 0 has too many interfaces: 81, using maximum allowed: 32
[ 1666.645681][T18293] usb 4-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config
[ 1666.672370][T18293] usb 4-1: config 0 has 1 interface, different from the descriptor's value: 81
[ 1666.713777][T18293] usb 4-1: config 0 interface 0 altsetting 0 endpoint 0x1 has invalid wMaxPacketSize 0
[ 1666.743968][T18293] usb 4-1: config 0 interface 0 altsetting 0 bulk endpoint 0x1 has invalid maxpacket 0
[ 1666.758694][ T5892] usb 7-1: new high-speed USB device number 50 using dummy_hcd
[ 1666.792154][T27217] syzkaller1: entered promiscuous mode
[ 1666.822976][T18293] usb 4-1: config 0 interface 0 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 18
[ 1666.837081][T27217] syzkaller1: entered allmulticast mode
[ 1666.874304][T18293] usb 4-1: New USB device found, idVendor=03f0, idProduct=6c17, bcdDevice= 0.40
[ 1666.892494][T18293] usb 4-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[ 1666.926765][T18293] usb 4-1: config 0 descriptor??
[ 1666.958382][ T5892] usb 7-1: Using ep0 maxpacket: 32
[ 1666.967865][ T5892] usb 7-1: config index 0 descriptor too short (expected 29220, got 36)
[ 1667.035311][ T5892] usb 7-1: config 0 has too many interfaces: 81, using maximum allowed: 32
[ 1667.056900][ T5892] usb 7-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config
[ 1667.067182][T13312] Bluetooth: hci5: command 0x0c1a tx timeout
[ 1667.110075][ T5892] usb 7-1: config 0 has 1 interface, different from the descriptor's value: 81
[ 1667.119573][ T5892] usb 7-1: config 0 interface 0 altsetting 0 endpoint 0x1 has invalid wMaxPacketSize 0
[ 1667.134738][ T5892] usb 7-1: config 0 interface 0 altsetting 0 bulk endpoint 0x1 has invalid maxpacket 0
[ 1667.144704][T12891] Bluetooth: hci2: command 0x040f tx timeout
[ 1667.161999][ T5892] usb 7-1: config 0 interface 0 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 18
[ 1667.192384][T18294] usb 4-1: USB disconnect, device number 83
[ 1667.219661][T12891] Bluetooth: hci3: command 0x0419 tx timeout
[ 1667.250710][ T5892] usb 7-1: New USB device found, idVendor=03f0, idProduct=6c17, bcdDevice= 0.40
[ 1667.264514][ T5892] usb 7-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[ 1667.292183][ T5892] usb 7-1: config 0 descriptor??
[ 1667.301864][T12891] Bluetooth: hci0: command 0x0c1a tx timeout
[ 1667.378453][T12891] Bluetooth: hci1: command 0x041b tx timeout
[ 1667.419707][T27223] bond0: option lacp_rate: invalid value (223)
[ 1667.438042][T27223] bond0 (unregistering): Released all slaves
[ 1667.506806][T27221] netlink: 8 bytes leftover after parsing attributes in process `syz.5.5639'.
[ 1667.537882][T18294] usb 7-1: USB disconnect, device number 50
[ 1667.821447][T27232] loop4: detected capacity change from 0 to 7
[ 1667.853443][T27232] Dev loop4: unable to read RDB block 7
[ 1667.887290][T27232]  loop4: unable to read partition table
[ 1667.902456][T27232] loop4: partition table beyond EOD, truncated
[ 1667.942986][T27232] loop_reread_partitions: partition scan of loop4 (�被x������ ) failed (rc=-5)
[ 1668.065930][T27235] syzkaller1: entered promiscuous mode
[ 1668.136391][T27235] syzkaller1: entered allmulticast mode
[ 1668.838648][T25188] usb 7-1: new high-speed USB device number 51 using dummy_hcd
[ 1668.988852][ T1301] ieee802154 phy0 wpan0: encryption failed: -22
[ 1669.007217][ T1301] ieee802154 phy1 wpan1: encryption failed: -22
[ 1669.054413][T25188] usb 7-1: Using ep0 maxpacket: 16
[ 1669.069029][T25188] usb 7-1: config 0 interface 0 altsetting 9 endpoint 0x81 has an invalid bInterval 0, changing to 7
[ 1669.137693][T25188] usb 7-1: config 0 interface 0 has no altsetting 0
[ 1669.147890][T25188] usb 7-1: New USB device found, idVendor=1e71, idProduct=2009, bcdDevice= 0.00
[ 1669.204553][T25188] usb 7-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[ 1669.230959][T25188] usb 7-1: config 0 descriptor??
[ 1671.290720][T27281] netlink: 4 bytes leftover after parsing attributes in process `syz.3.5654'.
[ 1671.320402][T25188] usbhid 7-1:0.0: can't add hid device: -71
[ 1671.326612][T25188] usbhid 7-1:0.0: probe with driver usbhid failed with error -71
[ 1671.350488][T18293] usb 1-1: new high-speed USB device number 5 using dummy_hcd
[ 1671.371708][T25188] usb 7-1: USB disconnect, device number 51
[ 1671.523632][T18293] usb 1-1: Using ep0 maxpacket: 32
[ 1671.535376][T18293] usb 1-1: config index 0 descriptor too short (expected 29220, got 36)
[ 1671.581455][T18293] usb 1-1: config 0 has too many interfaces: 81, using maximum allowed: 32
[ 1671.840638][T18293] usb 1-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config
[ 1671.859534][T18293] usb 1-1: config 0 has 1 interface, different from the descriptor's value: 81
[ 1671.894382][T18293] usb 1-1: config 0 interface 0 altsetting 0 endpoint 0x1 has invalid wMaxPacketSize 0
[ 1671.921226][T18293] usb 1-1: config 0 interface 0 altsetting 0 bulk endpoint 0x1 has invalid maxpacket 0
[ 1671.945676][T18293] usb 1-1: config 0 interface 0 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 18
[ 1671.970358][T18293] usb 1-1: New USB device found, idVendor=03f0, idProduct=6c17, bcdDevice= 0.40
[ 1671.992129][T18293] usb 1-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[ 1672.070065][T18293] usb 1-1: config 0 descriptor??
[ 1672.107984][T27295] netlink: 8 bytes leftover after parsing attributes in process `syz.6.5655'.
[ 1672.446802][T18294] usb 1-1: USB disconnect, device number 5
[ 1672.598692][T27300] netlink: 'syz.5.5659': attribute type 1 has an invalid length.
[ 1672.652943][T27300] 8021q: adding VLAN 0 to HW filter on device bond3
[ 1674.071765][T27353] x_tables: ip6_tables: rpfilter match: used from hooks OUTPUT, but only valid from PREROUTING
[ 1674.423522][   T30] kauditd_printk_skb: 6 callbacks suppressed
[ 1674.423539][   T30] audit: type=1326 audit(1770651058.126:3968): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=27366 comm="syz.5.5681" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fbb5c39af79 code=0x7ffc0000
[ 1674.474394][   T30] audit: type=1326 audit(1770651058.126:3969): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=27366 comm="syz.5.5681" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fbb5c39af79 code=0x7ffc0000
[ 1674.538428][   T30] audit: type=1326 audit(1770651058.156:3970): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=27366 comm="syz.5.5681" exe="/root/syz-executor" sig=0 arch=c000003e syscall=223 compat=0 ip=0x7fbb5c39af79 code=0x7ffc0000
[ 1674.578972][   T30] audit: type=1326 audit(1770651058.156:3971): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=27366 comm="syz.5.5681" exe="/root/syz-executor" sig=0 arch=c000003e syscall=15 compat=0 ip=0x7fbb5c33c399 code=0x7ffc0000
[ 1674.638411][   T30] audit: type=1326 audit(1770651058.156:3972): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=27366 comm="syz.5.5681" exe="/root/syz-executor" sig=0 arch=c000003e syscall=15 compat=0 ip=0x7fbb5c33c399 code=0x7ffc0000
[ 1674.688335][   T30] audit: type=1326 audit(1770651058.156:3973): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=27366 comm="syz.5.5681" exe="/root/syz-executor" sig=0 arch=c000003e syscall=15 compat=0 ip=0x7fbb5c33c399 code=0x7ffc0000
[ 1674.758337][   T30] audit: type=1326 audit(1770651058.156:3974): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=27366 comm="syz.5.5681" exe="/root/syz-executor" sig=0 arch=c000003e syscall=15 compat=0 ip=0x7fbb5c33c399 code=0x7ffc0000
[ 1674.781936][   T30] audit: type=1326 audit(1770651058.156:3975): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=27366 comm="syz.5.5681" exe="/root/syz-executor" sig=0 arch=c000003e syscall=15 compat=0 ip=0x7fbb5c33c399 code=0x7ffc0000
[ 1674.807327][   T30] audit: type=1326 audit(1770651058.156:3976): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=27366 comm="syz.5.5681" exe="/root/syz-executor" sig=0 arch=c000003e syscall=15 compat=0 ip=0x7fbb5c33c399 code=0x7ffc0000
[ 1674.854610][   T30] audit: type=1326 audit(1770651058.156:3977): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=27366 comm="syz.5.5681" exe="/root/syz-executor" sig=0 arch=c000003e syscall=15 compat=0 ip=0x7fbb5c33c399 code=0x7ffc0000
[ 1675.867928][T27411] fuse: Unknown parameter '1844674407370955161500000000000000000000'
[ 1675.977922][T27416] sctp: [Deprecated]: syz.5.5700 (pid 27416) Use of struct sctp_assoc_value in delayed_ack socket option.
[ 1675.977922][T27416] Use struct sctp_sack_info instead
[ 1676.393357][T27433] netlink: 16 bytes leftover after parsing attributes in process `syz.6.5706'.
[ 1676.983416][T27453] ip_vti0: entered allmulticast mode
[ 1678.348433][T18293] usb 5-1: new high-speed USB device number 96 using dummy_hcd
[ 1678.508366][ T5892] usb 4-1: new high-speed USB device number 84 using dummy_hcd
[ 1678.668323][ T5892] usb 4-1: Using ep0 maxpacket: 32
[ 1678.700406][T18293] usb 5-1: config 220 has an invalid interface number: 76 but max is 2
[ 1678.728519][ T5892] usb 4-1: config 0 has an invalid interface number: 244 but max is 0
[ 1678.737116][T18293] usb 5-1: config 220 contains an unexpected descriptor of type 0x2, skipping
[ 1678.748175][ T5892] usb 4-1: config 0 has no interface number 0
[ 1678.755463][ T5892] usb 4-1: config 0 interface 244 altsetting 2 endpoint 0x2 has invalid maxpacket 512, setting to 64
[ 1678.781310][T18293] usb 5-1: config 220 has an invalid descriptor of length 0, skipping remainder of the config
[ 1678.802053][ T5892] usb 4-1: config 0 interface 244 has no altsetting 0
[ 1678.818056][T18293] usb 5-1: config 220 has no interface number 2
[ 1678.837770][T18293] usb 5-1: config 220 interface 1 altsetting 5 has 0 endpoint descriptors, different from the interface descriptor's value: 12
[ 1678.856871][T18293] usb 5-1: config 220 interface 0 has no altsetting 0
[ 1678.891822][ T5892] usb 4-1: New USB device found, idVendor=0e41, idProduct=4750, bcdDevice=26.9c
[ 1678.908511][ T5892] usb 4-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[ 1678.916638][ T5892] usb 4-1: Product: syz
[ 1678.921429][ T5892] usb 4-1: Manufacturer: syz
[ 1678.926245][ T5892] usb 4-1: SerialNumber: syz
[ 1678.942692][T18293] usb 5-1: config 220 interface 76 has no altsetting 0
[ 1678.959597][T18293] usb 5-1: config 220 interface 1 has no altsetting 0
[ 1678.967448][ T5892] usb 4-1: config 0 descriptor??
[ 1678.980779][ T5892] snd_usb_toneport 4-1:0.244: Line 6 GuitarPort found
[ 1679.004323][T18293] usb 5-1: New USB device found, idVendor=8086, idProduct=0b07, bcdDevice=6c.b9
[ 1679.013794][T18293] usb 5-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[ 1679.027719][T18293] usb 5-1: Product: syz
[ 1679.047889][T18293] usb 5-1: Manufacturer: syz
[ 1679.053847][T18293] usb 5-1: SerialNumber: syz
[ 1679.199358][ T5892] snd_usb_toneport 4-1:0.244: cannot get proper max packet size
[ 1679.207764][ T5892] snd_usb_toneport 4-1:0.244: Line 6 GuitarPort now disconnected
[ 1679.256036][ T5892] snd_usb_toneport 4-1:0.244: probe with driver snd_usb_toneport failed with error -22
[ 1679.750143][T25418] usb 4-1: USB disconnect, device number 84
[ 1679.938316][T25188] usb 7-1: new high-speed USB device number 52 using dummy_hcd
[ 1680.216493][T25188] usb 7-1: config 0 interface 0 altsetting 251 has an endpoint descriptor with address 0x36, changing to 0x6
[ 1680.475606][T25188] usb 7-1: config 0 interface 0 has no altsetting 0
[ 1680.762198][T25188] usb 7-1: New USB device found, idVendor=045e, idProduct=0283, bcdDevice=99.0b
[ 1680.772190][T27522] fuse: Bad value for 'fd'
[ 1680.822754][T25188] usb 7-1: New USB device strings: Mfr=1, Product=228, SerialNumber=2
[ 1680.841737][T25188] usb 7-1: Product: syz
[ 1681.066088][T25188] usb 7-1: Manufacturer: syz
[ 1681.626178][T25188] usb 7-1: SerialNumber: syz
[ 1681.631119][T12943] usb 4-1: new high-speed USB device number 85 using dummy_hcd
[ 1681.715182][T25188] usb 7-1: config 0 descriptor??
[ 1681.791229][T12943] usb 4-1: config 0 interface 0 altsetting 0 has an endpoint descriptor with address 0xFF, changing to 0x8F
[ 1681.811841][T25188] usb 7-1: selecting invalid altsetting 0
[ 1681.855868][T12943] usb 4-1: config 0 interface 0 altsetting 0 endpoint 0x8F has an invalid bInterval 0, changing to 7
[ 1681.998558][T12943] usb 4-1: config 0 interface 0 altsetting 0 endpoint 0x8F has invalid wMaxPacketSize 0
[ 1682.078552][T12943] usb 4-1: config 0 interface 0 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 21
[ 1682.338568][T27528] Bluetooth: hci5: Opcode 0x0c1a failed: -4
[ 1682.345663][T27528] Bluetooth: hci2: Opcode 0x0c1a failed: -4
[ 1682.353284][T27528] Bluetooth: hci3: Opcode 0x0c1a failed: -4
[ 1682.368828][T27528] Bluetooth: hci0: Opcode 0x0c1a failed: -4
[ 1682.398412][T12943] usb 4-1: New USB device found, idVendor=047f, idProduct=ffff, bcdDevice= 0.00
[ 1682.452408][T12943] usb 4-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[ 1682.525510][T12943] usb 4-1: config 0 descriptor??
[ 1682.569119][T27528] Bluetooth: hci1: Opcode 0x0c1a failed: -4
[ 1682.721541][T18293] usb 5-1: selecting invalid altsetting 0
[ 1682.746054][T18293] uvcvideo 5-1:220.0: Found UVC 7.01 device syz (8086:0b07)
[ 1682.794913][T18293] uvcvideo 5-1:220.0: No valid video chain found.
[ 1683.008492][T18293] usb 5-1: selecting invalid altsetting 0
[ 1683.017482][T18293] usbtest 5-1:220.1: probe with driver usbtest failed with error -22
[ 1683.055934][T12943] plantronics 0003:047F:FFFF.0084: hiddev0,hidraw0: USB HID v0.40 Device [HID 047f:ffff] on usb-dummy_hcd.3-1/input0
[ 1683.128815][T18293] usb 5-1: USB disconnect, device number 96
[ 1683.321107][T27536] fuse: Bad value for 'fd'
[ 1683.428323][T27536] ipip0: entered promiscuous mode
[ 1683.452046][T27536] ipip0: entered allmulticast mode
[ 1683.503745][T27537] kvm: kvm [27532]: vcpu0, guest rIP: 0x18e Unhandled WRMSR(0x186) = 0xff8200009700
[ 1683.609653][T27537] kvm: kvm [27532]: vcpu0, guest rIP: 0x1b8 Unhandled WRMSR(0x11e) = 0xbe702111
[ 1683.702980][T27537] kvm: kvm [27532]: vcpu0, guest rIP: 0x18e Unhandled WRMSR(0x187) = 0xa600000000
[ 1683.811589][T27537] kvm: kvm [27532]: vcpu0, guest rIP: 0x18e Unhandled WRMSR(0x186) = 0x4000000000
[ 1683.860267][T27537] kvm: kvm [27532]: vcpu0, guest rIP: 0x18e Unhandled WRMSR(0x11e) = 0x6e00008300
[ 1683.888514][T27537] kvm: kvm [27532]: vcpu0, guest rIP: 0x1b8 Unhandled WRMSR(0x11e) = 0xbe702111
[ 1684.148523][T13312] Bluetooth: hci5: command 0x0c1a tx timeout
[ 1684.319923][T25188] usb 7-1: USB disconnect, device number 52
[ 1684.428626][T13312] Bluetooth: hci0: command 0x0c1a tx timeout
[ 1684.431487][T12891] Bluetooth: hci3: command 0x0419 tx timeout
[ 1684.435074][T13312] Bluetooth: hci2: command 0x040f tx timeout
[ 1684.579950][T13312] Bluetooth: hci1: command 0x041b tx timeout
[ 1684.785904][T27541] netlink: 4 bytes leftover after parsing attributes in process `syz.6.5739'.
[ 1685.148513][T18293] usb 4-1: reset high-speed USB device number 85 using dummy_hcd
[ 1685.888399][ T5828] usb 1-1: new high-speed USB device number 6 using dummy_hcd
[ 1686.038385][ T5828] usb 1-1: Using ep0 maxpacket: 32
[ 1686.050096][ T5828] usb 1-1: config 0 has an invalid interface number: 244 but max is 0
[ 1686.073801][ T5828] usb 1-1: config 0 has no interface number 0
[ 1686.092781][ T5828] usb 1-1: config 0 interface 244 altsetting 2 endpoint 0x2 has invalid maxpacket 512, setting to 64
[ 1686.123284][ T5828] usb 1-1: config 0 interface 244 has no altsetting 0
[ 1686.137079][ T5828] usb 1-1: New USB device found, idVendor=0e41, idProduct=4750, bcdDevice=26.9c
[ 1686.139708][T25418] usb 4-1: USB disconnect, device number 85
[ 1686.152565][ T5828] usb 1-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[ 1686.164555][ T5828] usb 1-1: Product: syz
[ 1686.168418][T18294] usb 5-1: new high-speed USB device number 97 using dummy_hcd
[ 1686.183115][ T5828] usb 1-1: Manufacturer: syz
[ 1686.195367][ T5828] usb 1-1: SerialNumber: syz
[ 1686.244056][ T5828] usb 1-1: config 0 descriptor??
[ 1686.288723][ T5828] snd_usb_toneport 1-1:0.244: Line 6 GuitarPort found
[ 1686.328507][T18294] usb 5-1: Using ep0 maxpacket: 16
[ 1686.340163][T18294] usb 5-1: config 1 has an invalid descriptor of length 161, skipping remainder of the config
[ 1686.479596][T18294] usb 5-1: config 1 has 1 interface, different from the descriptor's value: 3
[ 1686.524392][T18294] usb 5-1: New USB device found, idVendor=1d6b, idProduct=0101, bcdDevice= 0.40
[ 1686.525252][ T5828] snd_usb_toneport 1-1:0.244: cannot get proper max packet size
[ 1686.534013][T18294] usb 5-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[ 1686.570328][T18294] usb 5-1: Product: syz
[ 1686.578436][T18294] usb 5-1: Manufacturer: syz
[ 1686.608467][T18294] usb 5-1: SerialNumber: syz
[ 1686.613415][ T5828] snd_usb_toneport 1-1:0.244: Line 6 GuitarPort now disconnected
[ 1686.627301][ T5828] snd_usb_toneport 1-1:0.244: probe with driver snd_usb_toneport failed with error -22
[ 1686.723572][T27573] FAULT_INJECTION: forcing a failure.
[ 1686.723572][T27573] name failslab, interval 1, probability 0, space 0, times 0
[ 1686.736931][T27573] CPU: 1 UID: 0 PID: 27573 Comm: syz.6.5749 Tainted: G             L      syzkaller #0 PREEMPT(full) 
[ 1686.736959][T27573] Tainted: [L]=SOFTLOCKUP
[ 1686.736965][T27573] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/24/2026
[ 1686.736976][T27573] Call Trace:
[ 1686.736985][T27573]  <TASK>
[ 1686.736992][T27573]  dump_stack_lvl+0xe8/0x150
[ 1686.737020][T27573]  should_fail_ex+0x412/0x560
[ 1686.737045][T27573]  should_failslab+0xa8/0x100
[ 1686.737065][T27573]  kmem_cache_alloc_noprof+0x87/0x6e0
[ 1686.737089][T27573]  ? sctp_get_port_local+0x6f2/0x1730
[ 1686.737113][T27573]  sctp_get_port_local+0x6f2/0x1730
[ 1686.737132][T27573]  ? sctp_bind_addr_match+0x30/0x2b0
[ 1686.737158][T27573]  ? __pfx_sctp_get_port_local+0x10/0x10
[ 1686.737181][T27573]  ? sctp_bind_addr_match+0x28b/0x2b0
[ 1686.737202][T27573]  sctp_do_bind+0x4f1/0x9d0
[ 1686.737233][T27573]  sctp_connect_new_asoc+0x270/0x6b0
[ 1686.737256][T27573]  ? __pfx_sctp_connect_new_asoc+0x10/0x10
[ 1686.737282][T27573]  ? __local_bh_enable_ip+0xd0/0x130
[ 1686.737296][T27573]  ? bpf_lsm_sctp_bind_connect+0x9/0x20
[ 1686.737315][T27573]  ? security_sctp_bind_connect+0x7e/0x2c0
[ 1686.737335][T27573]  sctp_sendmsg+0x1528/0x2c10
[ 1686.737368][T27573]  ? __pfx_sctp_sendmsg+0x10/0x10
[ 1686.737384][T27573]  ? aa_sk_perm+0x15a/0x960
[ 1686.737404][T27573]  ? aa_sk_perm+0x82d/0x960
[ 1686.737428][T27573]  ? __pfx_aa_sk_perm+0x10/0x10
[ 1686.737448][T27573]  ? sock_rps_record_flow+0x19/0x400
[ 1686.737473][T27573]  ? inet_sendmsg+0x2f4/0x370
[ 1686.737497][T27573]  ____sys_sendmsg+0x894/0xad0
[ 1686.737527][T27573]  ? __pfx_____sys_sendmsg+0x10/0x10
[ 1686.737555][T27573]  ? import_iovec+0x73/0xa0
[ 1686.737582][T27573]  ___sys_sendmsg+0x2a5/0x360
[ 1686.737601][T27573]  ? __lock_acquire+0x6b5/0x2cf0
[ 1686.737625][T27573]  ? __pfx____sys_sendmsg+0x10/0x10
[ 1686.737650][T27573]  ? kstrtouint+0x6e/0xe0
[ 1686.737692][T27573]  ? __fget_files+0x2a/0x420
[ 1686.737710][T27573]  ? __fget_files+0x3a0/0x420
[ 1686.737736][T27573]  __sys_sendmmsg+0x27c/0x4e0
[ 1686.737763][T27573]  ? __pfx___sys_sendmmsg+0x10/0x10
[ 1686.737789][T27573]  ? __mutex_unlock_slowpath+0x1bd/0x7d0
[ 1686.737831][T27573]  ? ksys_write+0x242/0x270
[ 1686.737853][T27573]  ? __pfx_ksys_write+0x10/0x10
[ 1686.737880][T27573]  __x64_sys_sendmmsg+0xa0/0xc0
[ 1686.737903][T27573]  do_syscall_64+0xe2/0xf80
[ 1686.737920][T27573]  ? entry_SYSCALL_64_after_hwframe+0x77/0x7f
[ 1686.737936][T27573]  ? clear_bhb_loop+0x60/0xb0
[ 1686.737956][T27573]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[ 1686.737972][T27573] RIP: 0033:0x7f02e9d9af79
[ 1686.737989][T27573] Code: ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 e8 ff ff ff f7 d8 64 89 01 48
[ 1686.738002][T27573] RSP: 002b:00007f02eac0b028 EFLAGS: 00000246 ORIG_RAX: 0000000000000133
[ 1686.738022][T27573] RAX: ffffffffffffffda RBX: 00007f02ea015fa0 RCX: 00007f02e9d9af79
[ 1686.738034][T27573] RDX: 0000000000000001 RSI: 00002000000003c0 RDI: 0000000000000004
[ 1686.738043][T27573] RBP: 00007f02eac0b090 R08: 0000000000000000 R09: 0000000000000000
[ 1686.738053][T27573] R10: 0000000020008050 R11: 0000000000000246 R12: 0000000000000001
[ 1686.738063][T27573] R13: 00007f02ea016038 R14: 00007f02ea015fa0 R15: 00007f02ea13fa48
[ 1686.738090][T27573]  </TASK>
[ 1687.116895][T18294] usb 5-1: 0:2 : does not exist
[ 1687.156161][T18293] usb 1-1: USB disconnect, device number 6
[ 1687.185338][T18294] usb 5-1: 5:0: failed to get current value for ch 0 (-22)
[ 1687.302170][T18294] usb 5-1: USB disconnect, device number 97
[ 1687.374640][T27515] udevd[27515]: error opening ATTR{/sys/devices/platform/dummy_hcd.4/usb5/5-1/5-1:1.0/sound/card3/controlC3/../uevent} for writing: No such file or directory
[ 1687.535921][T27579] fuse: Bad value for 'fd'
[ 1687.554549][T27579] ipip0: entered promiscuous mode
[ 1687.559760][T27579] ipip0: entered allmulticast mode
[ 1687.995265][T27591] loop7: detected capacity change from 0 to 6
[ 1688.056041][    C0] I/O error, dev loop7, sector 0 op 0x0:(READ) flags 0x800000 phys_seg 1 prio class 2
[ 1688.066028][    C0] Buffer I/O error on dev loop7, logical block 0, async page read
[ 1688.075210][    C0] I/O error, dev loop7, sector 0 op 0x0:(READ) flags 0x800000 phys_seg 1 prio class 2
[ 1688.084896][    C0] Buffer I/O error on dev loop7, logical block 0, async page read
[ 1688.100213][    C0] I/O error, dev loop7, sector 0 op 0x0:(READ) flags 0x800000 phys_seg 1 prio class 2
[ 1688.109931][    C0] Buffer I/O error on dev loop7, logical block 0, async page read
[ 1688.285744][T27594] 
[ 1688.288098][T27594] ======================================================
[ 1688.295192][T27594] WARNING: possible circular locking dependency detected
[ 1688.302360][T27594] syzkaller #0 Tainted: G             L     
[ 1688.308335][T27594] ------------------------------------------------------
[ 1688.315346][T27594] syz.5.5756/27594 is trying to acquire lock:
[ 1688.321397][T27594] ffff88801cab0220 (&root->kernfs_iattr_rwsem){++++}-{4:4}, at: kernfs_iop_getattr+0x9e/0x450
[ 1688.331663][T27594] 
[ 1688.331663][T27594] but task is already holding lock:
[ 1688.339012][T27594] ffff888024ce3008 (&q->q_usage_counter(io)#24){++++}-{0:0}, at: lo_ioctl+0x1a51/0x1fb0
[ 1688.348753][T27594] 
[ 1688.348753][T27594] which lock already depends on the new lock.
[ 1688.348753][T27594] 
[ 1688.359153][T27594] 
[ 1688.359153][T27594] the existing dependency chain (in reverse order) is:
[ 1688.368148][T27594] 
[ 1688.368148][T27594] -> #2 (&q->q_usage_counter(io)#24){++++}-{0:0}:
[ 1688.376740][T27594]        blk_alloc_queue+0x52f/0x610
[ 1688.382022][T27594]        __blk_mq_alloc_disk+0x197/0x390
[ 1688.387649][T27594]        loop_add+0x482/0xb40
[ 1688.392311][T27594]        loop_init+0xd9/0x170
[ 1688.396985][T27594]        do_one_initcall+0x250/0x840
[ 1688.402265][T27594]        do_initcall_level+0x104/0x190
[ 1688.407723][T27594]        do_initcalls+0x59/0xa0
[ 1688.412564][T27594]        kernel_init_freeable+0x2a6/0x3d0
[ 1688.418280][T27594]        kernel_init+0x1d/0x1d0
[ 1688.423139][T27594]        ret_from_fork+0x51b/0xa40
[ 1688.428244][T27594]        ret_from_fork_asm+0x1a/0x30
[ 1688.433528][T27594] 
[ 1688.433528][T27594] -> #1 (fs_reclaim){+.+.}-{0:0}:
[ 1688.440731][T27594]        fs_reclaim_acquire+0x71/0x100
[ 1688.446180][T27594]        kmem_cache_alloc_noprof+0x45/0x6e0
[ 1688.452068][T27594]        __kernfs_iattrs+0xdf/0x340
[ 1688.457258][T27594]        kernfs_iop_setattr+0xea/0x3f0
[ 1688.462713][T27594]        notify_change+0xc1a/0xf40
[ 1688.467818][T27594]        do_truncate+0x1c2/0x250
[ 1688.472779][T27594]        path_openat+0x360c/0x3e20
[ 1688.477897][T27594]        do_filp_open+0x22d/0x490
[ 1688.482910][T27594]        do_sys_openat2+0x12f/0x220
[ 1688.488095][T27594]        __x64_sys_openat+0x138/0x170
[ 1688.493457][T27594]        do_syscall_64+0xe2/0xf80
[ 1688.498475][T27594]        entry_SYSCALL_64_after_hwframe+0x77/0x7f
[ 1688.504883][T27594] 
[ 1688.504883][T27594] -> #0 (&root->kernfs_iattr_rwsem){++++}-{4:4}:
[ 1688.513394][T27594]        __lock_acquire+0x15a5/0x2cf0
[ 1688.518762][T27594]        lock_acquire+0x106/0x330
[ 1688.523903][T27594]        down_read+0x47/0x2e0
[ 1688.528567][T27594]        kernfs_iop_getattr+0x9e/0x450
[ 1688.534031][T27594]        vfs_getattr_nosec+0x2e1/0x430
[ 1688.539477][T27594]        loop_assign_backing_file+0x27a/0x4b0
[ 1688.545543][T27594]        lo_ioctl+0x1acb/0x1fb0
[ 1688.550385][T27594]        blkdev_ioctl+0x5e3/0x740
[ 1688.555402][T27594]        __se_sys_ioctl+0xfc/0x170
[ 1688.560521][T27594]        do_syscall_64+0xe2/0xf80
[ 1688.565560][T27594]        entry_SYSCALL_64_after_hwframe+0x77/0x7f
[ 1688.571979][T27594] 
[ 1688.571979][T27594] other info that might help us debug this:
[ 1688.571979][T27594] 
[ 1688.582195][T27594] Chain exists of:
[ 1688.582195][T27594]   &root->kernfs_iattr_rwsem --> fs_reclaim --> &q->q_usage_counter(io)#24
[ 1688.582195][T27594] 
[ 1688.596618][T27594]  Possible unsafe locking scenario:
[ 1688.596618][T27594] 
[ 1688.604059][T27594]        CPU0                    CPU1
[ 1688.609409][T27594]        ----                    ----
[ 1688.614848][T27594]   lock(&q->q_usage_counter(io)#24);
[ 1688.620214][T27594]                                lock(fs_reclaim);
[ 1688.626704][T27594]                                lock(&q->q_usage_counter(io)#24);
[ 1688.634592][T27594]   rlock(&root->kernfs_iattr_rwsem);
[ 1688.639954][T27594] 
[ 1688.639954][T27594]  *** DEADLOCK ***
[ 1688.639954][T27594] 
[ 1688.648106][T27594] 3 locks held by syz.5.5756/27594:
[ 1688.653286][T27594]  #0: ffff888141729448 (&lo->lo_mutex){+.+.}-{4:4}, at: lo_ioctl+0x14c7/0x1fb0
[ 1688.662333][T27594]  #1: ffff888024ce3008 (&q->q_usage_counter(io)#24){++++}-{0:0}, at: lo_ioctl+0x1a51/0x1fb0
[ 1688.672512][T27594]  #2: ffff888024ce3040 (&q->q_usage_counter(queue)#8){+.+.}-{0:0}, at: lo_ioctl+0x1a51/0x1fb0
[ 1688.683035][T27594] 
[ 1688.683035][T27594] stack backtrace:
[ 1688.688918][T27594] CPU: 1 UID: 0 PID: 27594 Comm: syz.5.5756 Tainted: G             L      syzkaller #0 PREEMPT(full) 
[ 1688.688937][T27594] Tainted: [L]=SOFTLOCKUP
[ 1688.688942][T27594] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/24/2026
[ 1688.688951][T27594] Call Trace:
[ 1688.688958][T27594]  <TASK>
[ 1688.688965][T27594]  dump_stack_lvl+0xe8/0x150
[ 1688.688984][T27594]  print_circular_bug+0x2e1/0x300
[ 1688.689000][T27594]  check_noncircular+0x12e/0x150
[ 1688.689015][T27594]  __lock_acquire+0x15a5/0x2cf0
[ 1688.689037][T27594]  ? kernfs_iop_getattr+0x9e/0x450
[ 1688.689054][T27594]  lock_acquire+0x106/0x330
[ 1688.689069][T27594]  ? kernfs_iop_getattr+0x9e/0x450
[ 1688.689088][T27594]  down_read+0x47/0x2e0
[ 1688.689103][T27594]  ? kernfs_iop_getattr+0x9e/0x450
[ 1688.689119][T27594]  kernfs_iop_getattr+0x9e/0x450
[ 1688.689137][T27594]  vfs_getattr_nosec+0x2e1/0x430
[ 1688.689152][T27594]  loop_assign_backing_file+0x27a/0x4b0
[ 1688.689168][T27594]  ? __pfx_loop_assign_backing_file+0x10/0x10
[ 1688.689192][T27594]  lo_ioctl+0x1acb/0x1fb0
[ 1688.689208][T27594]  ? __pfx_lo_ioctl+0x10/0x10
[ 1688.689221][T27594]  ? is_bpf_text_address+0x292/0x2b0
[ 1688.689236][T27594]  ? is_bpf_text_address+0x26/0x2b0
[ 1688.689249][T27594]  ? kernel_text_address+0xa5/0xe0
[ 1688.689266][T27594]  ? __lock_acquire+0x6b5/0x2cf0
[ 1688.689282][T27594]  ? __lock_acquire+0x6b5/0x2cf0
[ 1688.689299][T27594]  ? __lock_acquire+0x6b5/0x2cf0
[ 1688.689316][T27594]  ? __lock_acquire+0x6b5/0x2cf0
[ 1688.689333][T27594]  ? __lock_acquire+0x6b5/0x2cf0
[ 1688.689350][T27594]  ? __lock_acquire+0x6b5/0x2cf0
[ 1688.689365][T27594]  ? __lock_acquire+0x6b5/0x2cf0
[ 1688.689383][T27594]  ? unwind_next_frame+0xa5/0x23c0
[ 1688.689399][T27594]  ? unwind_next_frame+0xa5/0x23c0
[ 1688.689413][T27594]  ? is_bpf_text_address+0x26/0x2b0
[ 1688.689429][T27594]  ? is_bpf_text_address+0x26/0x2b0
[ 1688.689443][T27594]  ? is_bpf_text_address+0x292/0x2b0
[ 1688.689456][T27594]  ? is_bpf_text_address+0x26/0x2b0
[ 1688.689470][T27594]  ? kernel_text_address+0xa5/0xe0
[ 1688.689485][T27594]  ? __kernel_text_address+0xd/0x30
[ 1688.689498][T27594]  ? unwind_get_return_address+0x4d/0x90
[ 1688.689511][T27594]  ? __pfx_stack_trace_consume_entry+0x10/0x10
[ 1688.689527][T27594]  ? arch_stack_walk+0xfb/0x150
[ 1688.689544][T27594]  ? stack_trace_save+0xa9/0x100
[ 1688.689558][T27594]  ? __pfx_stack_trace_save+0x10/0x10
[ 1688.689577][T27594]  ? stack_depot_save_flags+0x33/0x810
[ 1688.689594][T27594]  ? kasan_save_track+0x4f/0x80
[ 1688.689605][T27594]  ? kasan_save_track+0x3e/0x80
[ 1688.689615][T27594]  ? kasan_save_free_info+0x46/0x50
[ 1688.689630][T27594]  ? __kasan_slab_free+0x5c/0x80
[ 1688.689641][T27594]  ? kfree+0x1be/0x650
[ 1688.689656][T27594]  ? tomoyo_path_number_perm+0x501/0x630
[ 1688.689670][T27594]  ? security_file_ioctl+0xc3/0x2a0
[ 1688.689681][T27594]  ? __se_sys_ioctl+0x47/0x170
[ 1688.689697][T27594]  ? do_syscall_64+0xe2/0xf80
[ 1688.689709][T27594]  ? entry_SYSCALL_64_after_hwframe+0x77/0x7f
[ 1688.689723][T27594]  ? __asan_memset+0x22/0x50
[ 1688.689739][T27594]  ? blk_get_meta_cap+0x16d/0x7a0
[ 1688.689754][T27594]  ? __pfx_blk_get_meta_cap+0x10/0x10
[ 1688.689769][T27594]  ? blkdev_common_ioctl+0x14b7/0x3250
[ 1688.689786][T27594]  ? __pfx_blkdev_common_ioctl+0x10/0x10
[ 1688.689800][T27594]  ? kasan_quarantine_put+0xbb/0x1f0
[ 1688.689819][T27594]  ? tomoyo_path_number_perm+0x219/0x630
[ 1688.689832][T27594]  ? tomoyo_path_number_perm+0x219/0x630
[ 1688.689846][T27594]  ? do_vfs_ioctl+0x1166/0x1530
[ 1688.689863][T27594]  ? __pfx_do_vfs_ioctl+0x10/0x10
[ 1688.689880][T27594]  ? do_raw_spin_lock+0x12b/0x2f0
[ 1688.689900][T27594]  ? __pfx_lo_ioctl+0x10/0x10
[ 1688.689914][T27594]  blkdev_ioctl+0x5e3/0x740
[ 1688.689929][T27594]  ? __pfx_blkdev_ioctl+0x10/0x10
[ 1688.689942][T27594]  ? __fget_files+0x2a/0x420
[ 1688.689956][T27594]  ? bpf_lsm_file_ioctl+0x9/0x20
[ 1688.689971][T27594]  ? __pfx_blkdev_ioctl+0x10/0x10
[ 1688.689984][T27594]  __se_sys_ioctl+0xfc/0x170
[ 1688.690000][T27594]  do_syscall_64+0xe2/0xf80
[ 1688.690013][T27594]  ? entry_SYSCALL_64_after_hwframe+0x77/0x7f
[ 1688.690024][T27594]  ? trace_irq_disable+0x37/0x100
[ 1688.690036][T27594]  ? clear_bhb_loop+0x60/0xb0
[ 1688.690050][T27594]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[ 1688.690063][T27594] RIP: 0033:0x7fbb5c39af79
[ 1688.690075][T27594] Code: ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 e8 ff ff ff f7 d8 64 89 01 48
[ 1688.690087][T27594] RSP: 002b:00007fbb5a5d5028 EFLAGS: 00000246 ORIG_RAX: 0000000000000010
[ 1688.690100][T27594] RAX: ffffffffffffffda RBX: 00007fbb5c616090 RCX: 00007fbb5c39af79
[ 1688.690110][T27594] RDX: 0000000000000004 RSI: 0000000000004c06 RDI: 0000000000000003
[ 1688.690119][T27594] RBP: 00007fbb5c4316e0 R08: 0000000000000000 R09: 0000000000000000
[ 1688.690127][T27594] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000
[ 1688.690135][T27594] R13: 00007fbb5c616128 R14: 00007fbb5c616090 R15: 00007fbb5c73fa48
[ 1688.690149][T27594]  </TASK>
[ 1689.296664][    C0] I/O error, dev loop7, sector 0 op 0x0:(READ) flags 0x800000 phys_seg 1 prio class 2
[ 1689.306338][    C0] Buffer I/O error on dev loop7, logical block 0, async page read
[ 1689.314860][T27591] ldm_validate_partition_table(): Disk read failed.
[ 1689.322710][    C0] I/O error, dev loop7, sector 0 op 0x0:(READ) flags 0x800000 phys_seg 1 prio class 2
[ 1689.332369][    C0] Buffer I/O error on dev loop7, logical block 0, async page read
[ 1689.341427][    C1] I/O error, dev loop7, sector 0 op 0x0:(READ) flags 0x800000 phys_seg 1 prio class 2
[ 1689.351058][    C1] Buffer I/O error on dev loop7, logical block 0, async page read
[ 1689.381467][    C0] I/O error, dev loop7, sector 0 op 0x0:(READ) flags 0x800000 phys_seg 1 prio class 2
[ 1689.391121][    C0] Buffer I/O error on dev loop7, logical block 0, async page read
[ 1689.400255][    C0] I/O error, dev loop7, sector 0 op 0x0:(READ) flags 0x800000 phys_seg 1 prio class 2
[ 1689.409916][    C0] Buffer I/O error on dev loop7, logical block 0, async page read
[ 1689.417945][T27591] Dev loop7: unable to read RDB block 0
[ 1689.433424][    C0] I/O error, dev loop7, sector 0 op 0x0:(READ) flags 0x800000 phys_seg 1 prio class 2
[ 1689.443207][    C0] Buffer I/O error on dev loop7, logical block 0, async page read
[ 1689.469608][    C0] I/O error, dev loop7, sector 0 op 0x0:(READ) flags 0x800000 phys_seg 1 prio class 2
[ 1689.479289][    C0] Buffer I/O error on dev loop7, logical block 0, async page read
[ 1689.490214][T27591]  loop7: unable to read partition table
[ 1689.505443][T27591] loop7: partition table beyond EOD, truncated
[ 1689.550528][T27514] ldm_validate_partition_table(): Disk read failed.
[ 1689.558727][T27591] loop_reread_partitions: partition scan of loop7 (���������C�j̖�P=ý?�}X���	���%��`��ր���{��֐�ȵ4FLQk݊) failed (rc=-5)
[ 1689.588482][T27514] Dev loop7: unable to read RDB block 0
[ 1689.612125][T27514]  loop7: unable to read partition table
[ 1689.806100][T27514] loop7: partition table beyond EOD, truncated
[ 1689.819824][T27594] ldm_validate_partition_table(): Disk read failed.
[ 1689.839045][T27594] Dev loop7: unable to read RDB block 0
[ 1689.854015][T27594]  loop7: unable to read partition table
[ 1689.868511][T27594] loop7: partition table beyond EOD, truncated
[ 1689.875781][T27594] loop_reread_partitions: partition scan of loop7 (���������C�j̖�P=ý?�}X���	���%��`��ր���{��֐�ȵ4FLQk݊) failed (rc=-5)