last executing test programs:

8m29.477354097s ago: executing program 3 (id=239):
r0 = openat$binderfs(0xffffffffffffff9c, &(0x7f0000000380)='./binderfs/binder0\x00', 0x0, 0x0)
ioctl$BINDER_SET_CONTEXT_MGR_EXT(r0, 0x4018620d, &(0x7f00000000c0)={0x73622a85, 0x110b, 0x8000000000002})
r1 = openat$binderfs(0xffffffffffffff9c, &(0x7f0000000200)='./binderfs/binder0\x00', 0x0, 0x0)
ioctl$BINDER_WRITE_READ(r1, 0xc0306201, &(0x7f0000000080)={0x8, 0x0, &(0x7f0000000400)=[@increfs], 0x0, 0x0, 0x0})
r2 = dup3(r1, r0, 0x0)
r3 = openat$binderfs(0xffffffffffffff9c, &(0x7f0000000000)='./binderfs/binder0\x00', 0x802, 0x0)
mmap$binder(&(0x7f0000ffd000/0x3000)=nil, 0x3000, 0x1, 0x11, r3, 0x0)
ioctl$BINDER_SET_CONTEXT_MGR_EXT(r3, 0x4018620d, &(0x7f0000000040)={0x73622a85, 0x10a})
ioctl$BINDER_WRITE_READ(r2, 0xc0306201, &(0x7f00000003c0)={0x8, 0x0, &(0x7f0000000340)=[@acquire], 0x0, 0x0, 0x0})
r4 = socket$netlink(0x10, 0x3, 0x10)
bind$netlink(r4, &(0x7f0000000340)={0x10, 0x0, 0x0, 0x2ffffffff}, 0xc)
ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000001040)={0x4c, 0x0, &(0x7f0000000ec0)=[@transaction_sg={0x40486311, {0x1, 0x0, 0x0, 0x0, 0x41, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x1000}], 0x0, 0x0, 0x0})
ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f00000001c0)={0x4c, 0x4000, &(0x7f0000000740)=[@transaction_sg={0x40486311, {0x1, 0x0, 0x0, 0x0, 0x11, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x400}], 0x0, 0x0, 0x0})

8m29.332582038s ago: executing program 3 (id=240):
socket$nl_route(0x10, 0x3, 0x0)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f00000000c0))
r0 = bpf$MAP_CREATE(0x0, 0x0, 0x50)
socketpair$unix(0x1, 0x3, 0x0, &(0x7f0000000080)={<r1=>0xffffffffffffffff, <r2=>0xffffffffffffffff})
connect$unix(r1, &(0x7f000057eff8)=@abs, 0x6e)
sendmmsg$unix(r2, &(0x7f00000bd000), 0x318, 0x0)
recvmmsg(r1, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
mbind(&(0x7f0000053000/0x1000)=nil, 0x1000, 0x3, 0x0, 0x5, 0x101)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
sched_setattr(0x0, 0x0, 0x0)
ioctl$VIDIOC_S_FMT(r0, 0xc0d05605, &(0x7f0000000300)={0xb, @sdr={0x34565559, 0x2}})
r3 = socket(0x40000000015, 0x5, 0x0)
ioctl$XFS_IOC_PATH_TO_HANDLE(r0, 0xc0385869, &(0x7f0000000240)={<r4=>r2, &(0x7f0000000100)='\x00', 0x180, &(0x7f0000000140)={@_ha_fsid={[0x1000, 0x8001]}, {0x9, 0x4477, 0x8001, 0xffffffffffffff19}}, 0x5, &(0x7f00000001c0)={@_ha_fsid}, &(0x7f0000000200)=0x3ff})
ioctl$IOMMU_VFIO_IOAS$GET(0xffffffffffffffff, 0x3b88, &(0x7f0000000400)={0xc, <r5=>0x0})
ioctl$IOMMU_IOAS_MAP(r4, 0x3b85, &(0x7f00000004c0)={0x28, 0x0, r5, 0x0, &(0x7f0000000440)="6a81644f4c86581936b12efaa844a39ab635d304d8454a8d93ab65df845d3e35cc4d49c2ce36403fe5729bb343d7a428872c276fc17869813a19b8dfb767f27f2481a601bfce95125a118102469eeb6fed", 0x51, 0xfffffffeffffffff})
r6 = socket$inet6_sctp(0xa, 0x1, 0x84)
sendto(r6, &(0x7f0000000100), 0x0, 0x20000000, &(0x7f0000000280)=@x25={0x9, @remote={'\xcc\xcc\xcc\xcc\xcc\xcc\xcc\xcc\xcc\xcc\xcc\xcc\xcc\xcc', 0x0}}, 0x80)
bind$inet(r3, &(0x7f0000000340)={0x2, 0x0, @loopback}, 0x10)
sendmsg$nl_xfrm(r3, &(0x7f0000000080)={0x0, 0x0, 0x0}, 0x0)
socket(0x10, 0x3, 0x0)
prctl$PR_SET_MM_MAP(0x23, 0xe, &(0x7f0000000080)={&(0x7f0000ff0000/0x1000)=nil, &(0x7f0000ff9000/0x4000)=nil, &(0x7f0000ffc000/0x4000)=nil, &(0x7f0000ffd000/0x3000)=nil, &(0x7f0000ff8000/0x4000)=nil, &(0x7f0000ff8000/0x3000)=nil, &(0x7f0000ffb000/0x3000)=nil, &(0x7f0000ff8000/0x3000)=nil, &(0x7f0000ffd000/0x1000)=nil, &(0x7f0000ffa000/0x1000)=nil, &(0x7f0000ffd000/0x2000)=nil, 0x0}, 0x68)
sendmsg$NFT_BATCH(0xffffffffffffffff, &(0x7f0000000080)={0x0, 0x0, 0x0}, 0x0)
r7 = io_uring_setup(0x780, &(0x7f0000000040)={0x0, 0xec5d, 0x1c881, 0x0, 0xd1})
r8 = syz_usb_connect$hid(0x0, 0x36, &(0x7f0000000140)=ANY=[@ANYBLOB="1201000000000040ac054382408b0b00000109022400010000002009040000fd0301000009210000000122010009058103"], 0x0)
syz_usb_control_io$hid(r8, 0x0, 0x0)
syz_usb_control_io$hid(r8, &(0x7f00000003c0)={0x24, 0x0, 0x0, &(0x7f0000000a80)=ANY=[@ANYBLOB="002281"], 0x0}, 0x0)
r9 = syz_open_dev$hiddev(&(0x7f00000000c0), 0x0, 0x0)
ioctl$HIDIOCSREPORT(r9, 0x81044804, &(0x7f0000000400)={0xfffffffd, 0xffffffff, 0x1bc3})
bpf$PROG_LOAD(0x5, &(0x7f0000000500)={0x5, 0x4, &(0x7f0000000180)=ANY=[@ANYRESDEC=r8], 0x0, 0x8, 0x0, 0x0, 0x41000, 0x65, '\x00', 0x0, @fallback=0x18, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x10, 0xfffffffe}, 0x94)
io_uring_enter(r7, 0x2219, 0x7721, 0x16, 0x0, 0x0)

8m25.685890307s ago: executing program 3 (id=256):
r0 = openat$sysfs(0xffffffffffffff9c, 0x0, 0x102, 0x20)
r1 = syz_open_dev$ttys(0xc, 0x2, 0x0)
ioctl$TIOCGPKT(r1, 0x40045431, 0x0)
r2 = openat$binderfs(0xffffffffffffff9c, &(0x7f0000000380)='./binderfs/binder0\x00', 0x0, 0x0)
ioctl$BINDER_SET_CONTEXT_MGR_EXT(r2, 0x4018620d, &(0x7f00000000c0)={0x73622a85, 0x110b, 0x8000000000002})
r3 = openat$binderfs(0xffffffffffffff9c, &(0x7f0000000200)='./binderfs/binder0\x00', 0x0, 0x0)
ioctl$BINDER_WRITE_READ(r3, 0xc0306201, &(0x7f0000000080)={0x8, 0x0, &(0x7f0000000280)=[@increfs], 0x0, 0x0, 0x0})
r4 = dup3(r3, r2, 0x0)
r5 = openat$binderfs(0xffffffffffffff9c, &(0x7f0000000000)='./binderfs/binder0\x00', 0x800, 0x0)
mmap$binder(&(0x7f0000ffd000/0x3000)=nil, 0x3000, 0x1, 0x11, r5, 0x10000000000)
ioctl$BINDER_SET_CONTEXT_MGR_EXT(r5, 0x4018620d, &(0x7f0000000040)={0x73622a85, 0x10a})
ioctl$BINDER_WRITE_READ(r4, 0xc0306201, &(0x7f00000003c0)={0x8, 0x0, &(0x7f0000000340)=[@acquire], 0x0, 0x0, 0x0})
r6 = syz_io_uring_setup(0x1e1e, &(0x7f0000000200)={0x0, 0x86f7, 0x10100}, &(0x7f0000002000)=<r7=>0x0, &(0x7f0000000000)=<r8=>0x0)
syz_io_uring_submit(r7, r8, 0x0)
io_uring_enter(r6, 0x48e9, 0x0, 0x2, 0x0, 0x0)
ioctl$BINDER_WRITE_READ(r2, 0xc0306201, &(0x7f00000001c0)={0x4c, 0x0, &(0x7f0000000100)=[@transaction_sg={0x40486311, {0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x1000}], 0x0, 0x0, 0x0})
ioctl$BINDER_WRITE_READ(r5, 0xc0306201, &(0x7f0000000240)={0x0, 0x0, 0x0, 0x50, 0x0, &(0x7f0000000440)="97713b46fbaa2b1044f2d408ffca802db4d770eb9874f493e0ef367e4bde497c403b450c72ff2417d079bb892435a1e107fa5c0ecd207d9e6f2a209bf148e6bc56955cb53347d1499097488fcad724a1"})
ioctl$BINDER_WRITE_READ(r4, 0xc0306201, &(0x7f0000000400)={0x4c, 0x0, &(0x7f0000000700)=[@reply_sg={0x40486312, {0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x400}], 0x0, 0x0, 0x0}) (fail_nth: 6)
ioctl$BINDER_WRITE_READ(r5, 0xc0306201, &(0x7f00000002c0)={0x44, 0x0, &(0x7f0000000600)=[@reply={0x40406301, {0x2, 0x0, 0x0, 0x0, 0x21, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}}], 0x0, 0x0, 0x0})
write$binfmt_misc(r0, &(0x7f0000000040)="f602e3da4258d005a959a7556a73a7bb2b9bcf2156b52fce67d944db87", 0x1d)

8m24.879303718s ago: executing program 3 (id=259):
bind$inet6(0xffffffffffffffff, &(0x7f0000000080)={0xa, 0x4e22, 0x0, @empty}, 0x1c)
r0 = socket$tipc(0x1e, 0x2, 0x0)
bind$tipc(r0, &(0x7f0000000200)=@id={0x1e, 0x3, 0x2, {0x4e23}}, 0x10) (async)
bind$tipc(r0, &(0x7f0000000200)=@id={0x1e, 0x3, 0x2, {0x4e23}}, 0x10)
bind$tipc(r0, &(0x7f0000000000)=@name={0x1e, 0x2, 0x1, {{0x41, 0x3}, 0x1}}, 0x10) (async)
bind$tipc(r0, &(0x7f0000000000)=@name={0x1e, 0x2, 0x1, {{0x41, 0x3}, 0x1}}, 0x10)
socket$tipc(0x1e, 0x5, 0x0) (async)
r1 = socket$tipc(0x1e, 0x5, 0x0)
bind$tipc(r0, &(0x7f0000000100)=@name={0x1e, 0x2, 0x0, {{0x42, 0x20000003}}}, 0x10)
bind$tipc(r1, &(0x7f00000001c0)=@nameseq={0x1e, 0x1, 0x2, {0x42, 0x1, 0x3}}, 0x10)
bind$tipc(r0, 0x0, 0x0)
listen(0xffffffffffffffff, 0x4)
socket$inet_mptcp(0x2, 0x1, 0x106) (async)
r2 = socket$inet_mptcp(0x2, 0x1, 0x106)
connect$inet(r2, &(0x7f0000000000)={0x2, 0x4e22, @local}, 0x10) (async)
connect$inet(r2, &(0x7f0000000000)={0x2, 0x4e22, @local}, 0x10)
socket$nl_generic(0x10, 0x3, 0x10)
r3 = openat$fuse(0xffffffffffffff9c, &(0x7f00000000c0), 0x2, 0x0)
syz_mount_image$fuse(&(0x7f0000000040), &(0x7f0000000000)='./file0\x00', 0x0, &(0x7f00000002c0)=ANY=[@ANYBLOB='fd=', @ANYRESHEX=r3, @ANYBLOB=',rootmode=00000000000000000040000,user_id=', @ANYRESDEC=0x0, @ANYBLOB=',group_id=', @ANYRESDEC=0x0], 0x0, 0x0, 0x0) (async)
syz_mount_image$fuse(&(0x7f0000000040), &(0x7f0000000000)='./file0\x00', 0x0, &(0x7f00000002c0)=ANY=[@ANYBLOB='fd=', @ANYRESHEX=r3, @ANYBLOB=',rootmode=00000000000000000040000,user_id=', @ANYRESDEC=0x0, @ANYBLOB=',group_id=', @ANYRESDEC=0x0], 0x0, 0x0, 0x0)
mount$fuse(0x0, &(0x7f0000000280)='./file0\x00', 0x0, 0x100000, 0x0)
r4 = open_tree(0xffffffffffffff9c, &(0x7f0000000080)='./file0\x00', 0x89901)
move_mount(r4, &(0x7f0000000140)='.\x00', 0xffffffffffffff9c, &(0x7f0000000180)='./file0\x00', 0x0)
mount$fuse(0x0, &(0x7f00000001c0)='./file0\x00', 0x0, 0x80000, 0x0) (async)
mount$fuse(0x0, &(0x7f00000001c0)='./file0\x00', 0x0, 0x80000, 0x0)
open_tree(0xffffffffffffff9c, &(0x7f0000000640)='\x00', 0x89901) (async)
r5 = open_tree(0xffffffffffffff9c, &(0x7f0000000640)='\x00', 0x89901)
move_mount(r5, &(0x7f0000000140)='.\x00', 0xffffffffffffff9c, &(0x7f0000000180)='./file0\x00', 0x0)
umount2(&(0x7f0000000140)='./file0\x00', 0xa) (async)
umount2(&(0x7f0000000140)='./file0\x00', 0xa)
r6 = socket$nl_generic(0x10, 0x3, 0x10)
r7 = syz_genetlink_get_family_id$mptcp(&(0x7f0000000040), 0xffffffffffffffff)
sendmsg$MPTCP_PM_CMD_DEL_ADDR(r6, &(0x7f0000000140)={0x0, 0x0, &(0x7f0000000100)={&(0x7f0000000280)={0x20, r7, 0x7, 0x70bd29, 0x0, {}, [@MPTCP_PM_ATTR_ADDR={0xc, 0x1, 0x0, 0x1, [@MPTCP_PM_ADDR_ATTR_ID={0x5, 0x2, 0x1}]}]}, 0x20}, 0x1, 0x0, 0x0, 0x48050}, 0x4040051)
r8 = gettid()
timer_create(0x0, &(0x7f0000533fa0)={0x0, 0x21, 0x4, @tid=r8}, &(0x7f0000000180)) (async)
timer_create(0x0, &(0x7f0000533fa0)={0x0, 0x21, 0x4, @tid=r8}, &(0x7f0000000180))
timer_settime(0x0, 0x0, &(0x7f00000002c0)={{0x0, 0x989680}, {0x0, 0x989680}}, 0x0)
r9 = syz_open_dev$dvb_frontend(&(0x7f0000000000), 0x0, 0x40002)
ioctl$FE_GET_EVENT(r9, 0x80286f4e, &(0x7f00000000c0))
ioctl$FE_SET_FRONTEND(r9, 0x40246f4c, &(0x7f0000000080)={0x30a32c0, 0x1, @qam={0x3, 0x2, 0xa}})

8m24.287242072s ago: executing program 3 (id=264):
r0 = fsopen(&(0x7f0000000140)='sysfs\x00', 0x0)
fsconfig$FSCONFIG_CMD_CREATE(r0, 0x6, 0x0, 0x0, 0x0)
r1 = fsmount(r0, 0x0, 0x5)
fchdir(r1)
mknodat(0xffffffffffffff9c, &(0x7f0000000040)='./file0\x00', 0x1000, 0x0)
r2 = open$dir(&(0x7f0000000180)='./file0\x00', 0x7e, 0x8a)
open$dir(&(0x7f0000000180)='./file0\x00', 0x207e, 0x0)
fcntl$setstatus(r2, 0x4, 0x42400)
renameat(r1, &(0x7f0000000000)='./file0\x00', r1, &(0x7f0000000080)='./file0\x00')

8m23.965592793s ago: executing program 3 (id=266):
socketpair$unix(0x1, 0x3, 0x0, &(0x7f0000000080)={<r0=>0xffffffffffffffff, <r1=>0xffffffffffffffff})
bpf$BPF_LINK_CREATE(0x1c, 0x0, 0x0)
keyctl$join(0x1, &(0x7f00000000c0)={'syz', 0x0})
connect$unix(r0, &(0x7f000057eff8)=@abs, 0x6e)
sendmmsg$unix(r1, &(0x7f00000bd000), 0x318, 0x0)
recvmmsg(r0, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
sched_setattr(0x0, 0x0, 0x0)
syz_open_dev$video(0x0, 0x1d24, 0x0)
r2 = socket$inet6_tcp(0xa, 0x1, 0x0)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0x2, 0x8031, 0xffffffffffffffff, 0x0)
r3 = userfaultfd(0x80001)
ioctl$UFFDIO_API(r3, 0xc018aa3f, &(0x7f0000000140)={0xaa, 0x77c})
ioctl$UFFDIO_REGISTER(r3, 0xc020aa00, &(0x7f0000000080)={{&(0x7f00000e2000/0xc00000)=nil, 0xc00000}, 0x1})
mremap(&(0x7f0000580000/0x4000)=nil, 0x4000, 0x2000, 0x3, &(0x7f00007ff000/0x2000)=nil)
close_range(r2, 0xffffffffffffffff, 0x0)

8m23.384911913s ago: executing program 32 (id=266):
socketpair$unix(0x1, 0x3, 0x0, &(0x7f0000000080)={<r0=>0xffffffffffffffff, <r1=>0xffffffffffffffff})
bpf$BPF_LINK_CREATE(0x1c, 0x0, 0x0)
keyctl$join(0x1, &(0x7f00000000c0)={'syz', 0x0})
connect$unix(r0, &(0x7f000057eff8)=@abs, 0x6e)
sendmmsg$unix(r1, &(0x7f00000bd000), 0x318, 0x0)
recvmmsg(r0, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
sched_setattr(0x0, 0x0, 0x0)
syz_open_dev$video(0x0, 0x1d24, 0x0)
r2 = socket$inet6_tcp(0xa, 0x1, 0x0)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0x2, 0x8031, 0xffffffffffffffff, 0x0)
r3 = userfaultfd(0x80001)
ioctl$UFFDIO_API(r3, 0xc018aa3f, &(0x7f0000000140)={0xaa, 0x77c})
ioctl$UFFDIO_REGISTER(r3, 0xc020aa00, &(0x7f0000000080)={{&(0x7f00000e2000/0xc00000)=nil, 0xc00000}, 0x1})
mremap(&(0x7f0000580000/0x4000)=nil, 0x4000, 0x2000, 0x3, &(0x7f00007ff000/0x2000)=nil)
close_range(r2, 0xffffffffffffffff, 0x0)

2m40.256039151s ago: executing program 1 (id=1703):
r0 = socket$nl_route(0x10, 0x3, 0x0)
sendmsg$nl_route(r0, &(0x7f0000000040)={0x0, 0x0, &(0x7f0000000100)={&(0x7f0000000080)=ANY=[@ANYBLOB="38000000180001bd000000000000000002000000fc00bd090000"], 0x38}}, 0xefff)

2m39.70452009s ago: executing program 1 (id=1705):
r0 = socket(0x10, 0x803, 0x0)
r1 = socket$unix(0x1, 0x1, 0x0)
ioctl$sock_SIOCGIFINDEX(r1, 0x8933, &(0x7f0000000100)={'team_slave_1\x00', <r2=>0x0})
sendmsg$nl_route_sched(r0, &(0x7f00000012c0)={0x0, 0x0, &(0x7f0000000080)={&(0x7f00000005c0)=@newqdisc={0x38, 0x24, 0x4ee4e6a52ff56541, 0x70bd2a, 0xffffffff, {0x0, 0x0, 0x0, r2, {0x0, 0xfff1}, {0xffff, 0xffff}, {0xffe0, 0xffff}}, [@qdisc_kind_options=@q_multiq={{0xb}, {0x8, 0x2, {0x1}}}]}, 0x38}}, 0x0)
sendmsg$nl_route_sched(r0, &(0x7f0000000040)={0x0, 0x0, &(0x7f0000000140)={&(0x7f0000001300)=@newtfilter={0x58, 0x2c, 0xd2b, 0x70bd2b, 0x35dfdbfb, {0x0, 0x0, 0x0, r2, {0xf}, {}, {0x7, 0xfff3}}, [@filter_kind_options=@f_u32={{0x8}, {0x2c, 0x2, [@TCA_U32_INDEV={0x14, 0x8, 'veth0_virt_wifi\x00'}, @TCA_U32_SEL={0x14, 0x5, {0x10, 0x9, 0x6, 0x10da, 0xa760, 0x0, 0x10, 0x100}}]}}]}, 0x58}}, 0x20044004)

2m39.464405726s ago: executing program 1 (id=1706):
socket$pppl2tp(0x18, 0x1, 0x1)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000080))
syz_open_dev$vcsa(&(0x7f0000000300), 0x1, 0x102)
socketpair$tipc(0x1e, 0x2, 0x0, &(0x7f0000000140))
syz_open_dev$video4linux(&(0x7f0000000000), 0x0, 0x0)
socket$kcm(0x29, 0x2, 0x0)
memfd_create(&(0x7f0000000000)='e\xf4E\x88-\x00', 0x0)
r0 = socket$alg(0x26, 0x5, 0x0)
bind$alg(r0, &(0x7f0000000240)={0x26, 'hash\x00', 0x0, 0x0, 'michael_mic-generic\x00'}, 0x58)
accept4(r0, 0x0, 0x0, 0x0)
syz_open_dev$sndctrl(&(0x7f0000000240), 0x2, 0x20001)
r1 = socket$nl_route(0x10, 0x3, 0x0)
openat(0xffffffffffffff9c, &(0x7f0000000380)='./file0\x00', 0x40, 0x0)
openat$fuse(0xffffffffffffff9c, &(0x7f00000000c0), 0x42, 0x0)
openat(0xffffffffffffff9c, &(0x7f0000000180)='./file0\x00', 0x101001, 0x0)
pipe(&(0x7f0000000080)={0xffffffffffffffff, <r2=>0xffffffffffffffff})
sendmsg$nl_route(r1, &(0x7f00000002c0)={0x0, 0x0, &(0x7f0000000100)={&(0x7f0000000580)=ANY=[@ANYBLOB="540000001000010400030000000000ffff000000", @ANYRES32=0x0, @ANYBLOB="0380000000000000240012800c0001006d6163766c616e00140002800800010008000000062102000100000008000500", @ANYRES32=r2, @ANYBLOB='\b\x00\n\x00]'], 0x54}, 0x1, 0x0, 0x0, 0x8000}, 0x0)

2m39.050826763s ago: executing program 1 (id=1710):
bpf$PROG_LOAD(0x5, &(0x7f0000000100)={0x1f, 0x11, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1a, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
r0 = syz_open_dev$cec(&(0x7f0000000200), 0xffffffffffffffff, 0x0)
socketpair$unix(0x1, 0x3, 0x0, &(0x7f0000000080)={<r1=>0xffffffffffffffff, <r2=>0xffffffffffffffff})
connect$unix(r1, &(0x7f000057eff8)=@abs, 0x6e)
sendmmsg$unix(r2, &(0x7f00000bd000), 0x318, 0x0)
recvmmsg(r1, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
write$USERIO_CMD_SEND_INTERRUPT(0xffffffffffffffff, 0x0, 0x0)
bpf$BPF_GET_PROG_INFO(0xf, &(0x7f00000000c0)={0xffffffffffffffff, 0xe0, &(0x7f0000000280)={0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, ""/16, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, &(0x7f0000000080), 0x0, 0xc5, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x47, 0x8, 0x0, 0x0}}, 0x10)
sendmsg$nl_generic(0xffffffffffffffff, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000180)={&(0x7f00000002c0)=ANY=[@ANYBLOB], 0x34}, 0x1, 0x0, 0x0, 0x4048011}, 0x8800)
mknod$loop(&(0x7f00000190c0)='./file0\x00', 0xfff, 0x0)
execve(&(0x7f0000019100)='./file0\x00', 0x0, 0x0)
kexec_load(0x0, 0x0, 0x0, 0x0)
recvmmsg(0xffffffffffffffff, 0x0, 0x0, 0x2, 0x0)
r3 = syz_io_uring_setup(0x497, &(0x7f0000000400)={0x0, 0x203f76, 0x100, 0xfffffffe, 0x1cf}, &(0x7f0000000340)=<r4=>0x0, &(0x7f0000000600)=<r5=>0x0)
io_uring_register$IORING_REGISTER_PBUF_RING(r3, 0x16, &(0x7f0000000040)={&(0x7f0000001000)={[{0x0, 0xffffffffffffff3a, 0x3, 0xf4}]}, 0x1, 0x1}, 0x1)
syz_memcpy_off$IO_URING_METADATA_GENERIC(r4, 0x4, &(0x7f0000000080)=0xfffffffc, 0x0, 0x4)
r6 = socket$inet_mptcp(0x2, 0x1, 0x106)
syz_io_uring_submit(r4, r5, &(0x7f00000002c0)=@IORING_OP_RECV=@use_registered_buffer={0x1b, 0x20, 0x10, r6, 0x0, 0x0, 0x0, 0x2000, 0x1, {0x1}})
io_uring_enter(r3, 0x3516, 0xf400, 0x0, 0x0, 0x0)
bpf$PROG_LOAD(0x5, &(0x7f00000017c0)={0x1, 0xe, &(0x7f0000000cc0)=ANY=[@ANYBLOB="b700000018000000bfa30000000000000703000028feffff7a0af0fff8ffffff61a4f0ff0000000015040000000002000f040000000000003404ffc101ed0a0065040000170000801f400000000000007b0a00fe000000002c04000000000000c6000000000000009500000000000000023bc065b7a379d17cf9333379fc9e84af69912435f1b6a693002e7f3be361917adef6ee1c8a2b4f8ef1e50b91f32050e436fe275daf51efd601b6482a0800000098efefb202ee010400006e7a1de4a21f379dbf01de00b1b564fef3bef70548aed0d600c095199fe3ff3128e599b0eaebbdbd7359a48f5b0afc646cb7798b3e6440c2fbdb00a3e35208b0bbf12cd8dff0c710e4000000000000009fbe4b61a615c6c57a2b649dc74a1a610643b08d9ec21ead2ed51b104d4d91af25b8123deda8a3658d42ecbf1dbf6d8e8afcb913466aaa7f6df70252e79166d858fcd0e06dd31a76e42f2460d0b11008e59a5923906f88b53987ad1714e72ba7a54f0800000000000000d5f728d236619074d6ebdf098bc908f50ae728a40f9411fe7226a4040bef29b66e3858d051c096e37c4f46010400000000c3da29faf75ddd1aa96960bca97af13382cb881cc1f62c0f8f8f0e8d76b86f9c45636614786f5a2cb77230a874640dcbe0b20bb77c022d0cab080078fce8c5c81b7037181fc2f18f781aaa6e2957d7e39cc1baddcb7ec6667e699f24e41697ee7ea23e4b29a8b6cc9a1f5a7b3caae05f13792292cb949b3aab06b1e042ff2164d80c605532b18ab1c156b97e5889685a96949e4cb40df77b8bb84b0e733a63784ccc214d930cbb7e090df9a2867b3acec439c163fcd7071b53ac29df826f8ae6d6e18c1eacf5bf870768d5217e9bb5a05d9e22ce67f1231bd236486727d970acc546087acbf30f2f8165b47ba56dfadd14b306e98931481747292c6fe6e188750cf4f87cce2aa7d67c7133a9f05954cde298a35ea6d715ba80aee63300000000000000000000000000000000000040000000000000000386000000b854adb4f8080064e8407c6bdb37114c80fbaa4a0ec5aaf4b0ac6f2128668279eb6fc144344e2d461c9a1be8fa0061ea9d55ee4716bea8e1cebf9ed39325ab4c5530dd6ee9fffc00000000000000d7c5af73c683625aaad5eda5004a76c9f8975ed4c5e4eb3e77e9"], 0x0}, 0x94)
ioctl$CEC_ADAP_S_LOG_ADDRS(r0, 0xc05c6104, &(0x7f0000000140)={"4497ccf4", 0xb, 0x5, 0x0, 0x3, 0x1000006, "55000000030007000000dc7500", "1575a859", "07d7fcde", "2782914e", ["aabe8459c62224475793e8a7", "7f9ce2d2c4f4390300c1d1c8", "ce0301000c0091023be516d1", '\x00\x00k\x00\x00\x00\x00\x00\x00 \x00']})
r7 = socket(0x1, 0x2, 0x0)
socket(0x10, 0x3, 0x0)
getsockname$packet(r7, &(0x7f0000000100)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000540)=0x14)

2m37.441833371s ago: executing program 1 (id=1718):
r0 = socket$nl_route(0x10, 0x3, 0x0)
sendmsg$nl_route(r0, &(0x7f0000000040)={0x0, 0x0, &(0x7f0000000100)={&(0x7f0000000080)=ANY=[@ANYBLOB="38000000180001bd000000000000000002000000fc00bd090000"], 0x38}}, 0xf0ff)

2m37.279267534s ago: executing program 1 (id=1719):
ioctl$sock_ipv6_tunnel_SIOCDELPRL(0xffffffffffffffff, 0x89f6, &(0x7f0000000100)={'sit0\x00', 0x0})
socketpair$unix(0x1, 0x3, 0x0, &(0x7f0000000200)={<r0=>0xffffffffffffffff, <r1=>0xffffffffffffffff})
connect$unix(r0, &(0x7f000057eff8)=@file={0x0, './file0\x00'}, 0x6e)
sendmmsg$unix(r1, &(0x7f00000bd000), 0x318, 0x0)
recvmmsg(r0, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
sched_setattr(0x0, &(0x7f0000000280)={0x38, 0x3, 0x8, 0x6f9d, 0x0, 0xb, 0xfffffff7ffffffff, 0x6, 0xfa11, 0x80000000}, 0x0)
r2 = openat$urandom(0xffffffffffffff9c, 0x0, 0x103902, 0x0)
writev(r2, &(0x7f0000000380)=[{0x0}, {&(0x7f00000004c0)}], 0x2)
r3 = syz_open_procfs(0x0, 0x0)
read$FUSE(r3, &(0x7f00000051c0)={0x2020}, 0x2020)
pread64(r3, &(0x7f0000000100)=""/253, 0xfd, 0xadc)
r4 = syz_open_dev$usbfs(&(0x7f0000000240), 0xb, 0x101301)
ioctl$USBDEVFS_IOCTL(r4, 0xc0105512, &(0x7f0000000200))
ioctl$USBDEVFS_IOCTL(r4, 0x80045505, &(0x7f0000000040)=@usbdevfs_connect)
r5 = openat$mixer(0xffffffffffffff9c, &(0x7f00000000c0), 0x189200, 0x0)
ioctl$BTRFS_IOC_SNAP_CREATE(r5, 0x50009401, &(0x7f00000003c0)={{r3}, "0c44d50be9c1dfb769e0de22cd08aa912fd37a9dd187a5cab978e581215d1d8ea6d39d7f19341b96c6970eb39f8d9e27956535d60ffac826d7d642dcfc69a3029eaf66f284bdc93c1a34dc24c45fe68c11b4accae22b132d8da6c4921249e437805207b257b7a2f8f9a7d23c1e82bde35f9862aab8f180809729343f5d224ab149a5404d5e26f4728f5548e04f50c103186b3a2a83601f4b44169c2cfdd1e06f701a7b32b904435a6e8c6919b722a4d8eb90e3a8a4f0bc18b840d4c547470e49c40dd4cbe52b284183622372f6ebaa933660284218e4957b0d80c347811398ef4c34017bc65514a05b1bfddce3f58ccd07df77bbddb367662e18b34db73055b661282401f90a1a9303b4614acbd223372d5f913d1dd724b4c920bbd672330a4b055ce1202b9263cc02858713d17ed7335dad34d406c10e3f47ef44caf41d82f0778a6a5c70b5f3496643996ae6a0fc4b13cc0d6814b13baee4bec05455fc3a5f80b8402ce067725aa78cf301d3306598554ac3b073a5457a4300aca76642c091a026a50b11374b3161bc22caf76162fa02f0c782fbf8fe3dbddecdaffc17694cce987bcd639dfa0e6d29187e83575b8fbc9e625454c8aa39a489f972659c1b1200d3f7355d21586ad89c91b28ba2ccef5530c1e309b0b9585ffa1345df8e25777ec939ccf02c2b3e518d6e41ecd3b9f518c35e7376840cd4d2a6b5d1d9334a2cf61bac854759a36f9432f943e1ef25453553768322ca3c9bbb9136599309b0c5d764d8ae858203bd58ebe2c3efa8279a24ae2671e81d8742e63cb79e871d5e2786ee715684aa5c3840112f7b589a6ee9ad8f8c02eea8a696b57c39c2d9ba3a088fe9d7f62af469a58fc3e18e5d008d6a32fa5511b386322bd38c0d155ef0be0c6cf2cadce48f3b0b1151b34b35046955f7d6fdb505d95e2308a3991f339a6300aa68e24c3fc43419719a02910fe2a47a007a635df876ca87b432bc2bc7688fdbe1c351b90bf7c1a4e176c517f5237f7aaa637daf26dea1ef940cdbefd4d5531595967d1f0afd2348aea8db6296a0923ee2b8f3bc2c10777054eeba6b12cd422a1094f61777badf7b603bbf6cf37d0c36bcd9c3517503715caf69f8418bef39ea53091f5bae4a0bc0fdde032c453e9de62600a7f0931afd113d1b3364d7889873cf262aecc6fcbee35ee4189b9314ea6506fdaa4f0aec118b50f35ee6abad50d012d190850c093baa4b17c60494fcf267672126f4ce4ea932c54b9953c2684b93c6131a81a4175334b05aa0df9336241cbaa1c6d09df3ce83fa551ba769b7f5e0e061326e6af922c466a20e80bf30e677ccb7d1f7fe7b7319d732ef578e4a42243240a743c56ad17213a7338f5c2d01e426a474c55f517104a48e1e2b5ab5b41fa1506e8ee7720f03acb6d7d35136d056055c187917093be1277b58d77affed60d65e85575a261ee5996d6d3dc36e5cffc873e94be021f3830459ae24080e8f0c09b40e2172ce6e4af8411b83e357df8e1a14ed280c67a36bbb1024e3bb6bb51bb05fcc971cbf584f9eab5c2037907db1372e99a071d2d1908a13b5f2cfde40e080b383f1a9ae5ba6be4a3740d6d1f385238854b24f49a4f63b8271590e45c1cacc40d0ac76d10b011ea80e89fce9026f42ec84029f2b593a7067f828fcf25eaa0a2cf74b7bfa2b0e9429d07442d8a1a2706c642016118fd7419f64e73bf9387661a4adfcec672002dcb8c14c571cb5741e88525bcaf795a4fe21bc92801a3a6dd6f18159549b5c835658da5330c30bacf59e057368459518a646d60b6eb5377abee8a9583d4b23ac7c2a0d68ba1e79eddb39bc7ecd25aed218569834a5524a3ec3192df542a1c6d5fac971a4478789396f876335ff13bd0256d431f059376d74249833f8262fb051149673bb844da998d4a41cf9a7942fad3d58176fed79ba8e452e46105a504e31cc4980a96fdb14fdba4404f9f41b0a0a0fb68cc22f0fbb468f42e403fd5b09a2d53faeb697ab2be7ca733064c674e3491c520ce611945dd2956dd94aff5d0fb71e89038c3ce65765a8b47b02378d857c02f3107c2292a8b37400f2702a51bbdbef07a4f9e32d61a09788987b4a959ae54e760c83b4a3b07b873909f6731d2b46ff9f0050c9a437f40f9cc11f4c221e57d87200430b25a4eb0d270d6f6c8a0afcbab5c6953b542c043190dfa8d3b165fadf6b819bb3fc43ac2e837d81e89e97c27a4be6f462a63771e337de8c46b4a56a6318f5cb59fca72a8add164aa70f166ab92ea78227298d73d13d114a026111d7cc6d6eedba71ae80f65afb7620c57ac91aaa96dbdd4a7983012e7926324ed4528a7b6e88b7ffe81eb1c96676c76265024c2b3a6f1a0f9dd65b7d6bf06ba0c7c4b3fa226a224dc7dc47970a4d231fc482f4797343768f4695002f0d4a1dd0ee99cbd37bd26a7dc7d8182ca524b0923344c73a34e64d1518cc3bc8b342bace48f65d6161b33ea5f72de068340f4d5596b98e5cff086db713f2680c3ba822cc579cadf7c7fd43274f412106e83d1a7831b381a9e6421cacc8145872482480fc624b9c1f9d028f74ca8ea8de8ccb10f3b342b3a0b7d9b76871623481de48787e4396e337de660f9d140d6264913328a337fcc33e6c258f64a89cc98f517e8f3c28bdb08f3915385ea34c5b7b954f96250e8d01dad5280b345e8abab3d8c99bce98921fb2df3c2d28883c9d2f24bcc7f823ce1cfc1fb610413857a515fe658a8565bcd77d1b93a78783c26e8e7591201bf1dc5b26b5a6b8cbe59b816390b2e153cc01db0ce861bc311d8bc3463f689b6b01bbe34b7debad7f7b811d1c259a3fbb9d43fa53fc64f5095ca70f20ccb09ec3701e350c18f95e6a8cc2a010ccfb84309eb30b9a42109dca89a95f42563b0632847626b18303e39a8cf8f69c091fcaa0f434a6912509d5c5603c154ae272763bd7515240188030f0146216415ad761aad901b8bf236c7d67e3f99b3d775165a4c44235e488a70b469123aa2484de5646fb106ec382774a3450b6c4d6febd089938e2727725756a6563d4dd3b236800fc20edf8837588254ee08d0d3734c168329113de05a742e365996b747bbc6a706d6387e711c779b3b76bc235bb5fa675a0ef1eea7f0042bd34fa55ff80d978f332f3be49c9136f18664bdcf57cd9b0785c1ce6ac71e7c6ab36b51fba3c6d72b76fbd8c3652d434ea959d2c4b8393ecfda5bee96e35c3177393dfb8247b1137506688231858763a462546d35aab5ef01a48b2932c7fddb9a0e3608ad86d8d730bf4cc504aa283ee80ab73a5249bc1bab1fee4bb6eda78731eed929b05c88d9d41be3234b3b4f35626281ef4ca4a50a82df763675eb8c79123905a4c05d6e69a1ebd41723afce1cbcf5b88b32a92619e5687f97cb955059e241348a8280cfb7fb96be5d4021079b4e934f30cb36906335cb43ed38eb05d2df097b0140eeb80ad40abc9754bbd6cb7dff772fbd005afe40ea76a26c5533657de5b543552863aefe39d5ea0ae249538a1618155d094d0709d01bff5981ff21ea477f0068fce45757f11ee3b998bae15ee3372524edff9346bda3dda885608e47623ed42424ae91d71626195678ac96a9ef7554e469a0d31524242e34acdff2e052cc1c737eb5d4043e6498d9f15e09aebbd6f23d118d628df0db0b09bc78d306dfb2d90c24a3601754e41df0f6b3e6d7d7b95a2bcd1792b60b2dc6840cbae52c0b2eabe059745d4d9cbaa6f02a1c8655cad39ba8f5c11eccda3336823bd00c5665c547e4f34b22b3f4abba00edf5edb6484505ef30b7f71bb91bc37151a91a9a5fd96094d0e4168de36b6f792b11cdb95d4904c51863de65204eefe59d46478fd711b1d1f55e4052a09b7d8ea47cb818b2e11180c514443891b80d118d399ff9d05365e90f3fdd06cbdefb7790ea7186d8404fd3dc490aea81024cd4140ce917a889fe6ce0a4969a2ce6224eb50cfbc9ce2e623fea1f05ebe61814b1468cc869f984c55ce2012006346008bac5d3d17945108b744109cd69c60ccf6ff87db8bd0a0dd2a603e8a8d979c99e7026ffc78c60a287813553633a63338af14d282b2015c33b91dcd09ca91e9d6f4c0b705f5780786456a64885f1d8c5fd7eedf5a6948bc3711281cd01de199f37e0aa7ac8170d901781a11ee632a2306297a86537dc8f620552680a8c12fedc56fec0970b7d2c4f261549eb66e5f429e14af5a433f6bf021962238205ca3947728fb3b9f34d3862446b080f43a8c2485712df0e6ef95d3d63a2507d0fdae6ef082e1918882339011e9c897275a85ab907d68d63b98af1e9812e9be71d0597185708aadf7ad88ed836fec7def57110cf5277822a7ad17f01738a93991d3fb1c02306fa9a16ee820ee1de99e91af02233b98ab9f7ce18e855798868a861ce78b9c6582ad9ccabf43f32c095973f568d577223d0b54729bb34d6ac2fc72a89608c8a039de3d20a957aa7a542afe5c0cd3cc20c2c0e50b2139cebd30c8a4cb46671affeccf7a4627b8df0929fe44af2a914a8e4598d7197d9e69c3c2501363b26b031695b9f4d0f85d98dc27a0ab09730c56063b9a5b316abc83f8f89973903a0ab2a0b678bf9feda5aab0f23424edffd7fc9be6fb0006902704747a62ac338548c494518ccb4a74e531c945a5788c8e6ba6069c723b2e80ca9a5ff809ff05903ba2232f84b1d16d406aea9827a4c4d4486fdf44ef26f51ea40aa3c5d0821961c8e5df6e43a432db29092389ed7c1bef7ced1a0409a93f731e7e7f10e76ffd6df1dbb4a653b7e9659383955c16382e2c0c58dda6503e17535f29c23653c315c4cafa62720dc7f05481d74b0cb35b300a1853dd090665dcb9f6ac799b662b62a20c5f797dffd77a5d2af013cecc9e402c125d1986c85a4be704e24047b48bdc4cc4784cfe41109e23a6177d19f984ba97eb1b18e8176bf52d2c17b6a9306a3df24a0116bd408fd338f002ed5c80f9911c99e1a08010e1085b25b7d2ccc2510587f2550642927c71df92a01f8569c6d6578c723f1aa4099340943a584aee66a87a54db920f0d290df3732beefeaf775f472e4f527d72c41dc18ed68d22b98347584c706a1ae423f97b42eaba24b90b0f3ee73a13cf55333906b2632f2b5aeb2a89dffeceab8d8cddd0840846173841f4a9fe6e438be2eb6708fea66d53cee692a0b27ce28b9dfdc704d6cf163f26aad422b9f1728519badfe16cba80859e86574d0c48c387aa754dfca81396182c162d85dea40a19fae06600b5c2769e55e885cbc878dfc723931a8eda30ec99baa9f4b2c3e6b55852b3ab527010da7a8ca21bc2608c55f62537154dd7a76be1a88c7611bf6ac3d6a34bb10c07ae32b5004c3ff83699cd70fa5708c13b2ee1d111717c96d1819b9e1aabfa104956636f99cc79425aa207f90f7502f1d97062f9f6f7dab4d05a162d6a3e93ca766c2388723fb169f9cf05ca3d12b1c26c3fc8c247a7821f55e757661beab42180b7651dd1ec9058027b8b9f9a9fa81e387ca9d4a4e67a9530e69b41e7bb0da76ae4004f173ed22f4c219dc73db359a773e93e94f893bada1092c1d1b1921b6c0f7a94e6c23f0c9d089960b62a4c9608ea90436e01b976d33a264dcd30e9e86b7b27247e872a831e60924b5ed0e346f9834b1f8cd684159223a61e2f063be679b79c673f5cd06dbeac2658c32042082c29bc1d8dd5bcac34163d955b5b02f10bf95142d20c0a2e827039e8c2ae1da9dbfd1a7dff5441785255502095cb453e0da37b75955deebd400f1e7f"})
openat$cgroup_int(0xffffffffffffffff, 0x0, 0x2, 0x0)
ioctl$USBDEVFS_SETCONFIGURATION(r4, 0x80045505, &(0x7f0000000000)=0x1)
bind$vsock_stream(r3, &(0x7f0000000080)={0x28, 0x0, 0x2710, @my=0x0}, 0x10)
mlock2(&(0x7f0000108000/0x3000)=nil, 0x3000, 0x0)
timer_settime(0x0, 0x0, &(0x7f000006b000)={{0x0, 0x8}, {0x0, 0x9}}, 0x0)
mbind(&(0x7f0000001000/0x800000)=nil, 0x800000, 0x0, 0x0, 0x0, 0x2)

2m22.274721247s ago: executing program 33 (id=1719):
ioctl$sock_ipv6_tunnel_SIOCDELPRL(0xffffffffffffffff, 0x89f6, &(0x7f0000000100)={'sit0\x00', 0x0})
socketpair$unix(0x1, 0x3, 0x0, &(0x7f0000000200)={<r0=>0xffffffffffffffff, <r1=>0xffffffffffffffff})
connect$unix(r0, &(0x7f000057eff8)=@file={0x0, './file0\x00'}, 0x6e)
sendmmsg$unix(r1, &(0x7f00000bd000), 0x318, 0x0)
recvmmsg(r0, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
sched_setattr(0x0, &(0x7f0000000280)={0x38, 0x3, 0x8, 0x6f9d, 0x0, 0xb, 0xfffffff7ffffffff, 0x6, 0xfa11, 0x80000000}, 0x0)
r2 = openat$urandom(0xffffffffffffff9c, 0x0, 0x103902, 0x0)
writev(r2, &(0x7f0000000380)=[{0x0}, {&(0x7f00000004c0)}], 0x2)
r3 = syz_open_procfs(0x0, 0x0)
read$FUSE(r3, &(0x7f00000051c0)={0x2020}, 0x2020)
pread64(r3, &(0x7f0000000100)=""/253, 0xfd, 0xadc)
r4 = syz_open_dev$usbfs(&(0x7f0000000240), 0xb, 0x101301)
ioctl$USBDEVFS_IOCTL(r4, 0xc0105512, &(0x7f0000000200))
ioctl$USBDEVFS_IOCTL(r4, 0x80045505, &(0x7f0000000040)=@usbdevfs_connect)
r5 = openat$mixer(0xffffffffffffff9c, &(0x7f00000000c0), 0x189200, 0x0)
ioctl$BTRFS_IOC_SNAP_CREATE(r5, 0x50009401, &(0x7f00000003c0)={{r3}, "0c44d50be9c1dfb769e0de22cd08aa912fd37a9dd187a5cab978e581215d1d8ea6d39d7f19341b96c6970eb39f8d9e27956535d60ffac826d7d642dcfc69a3029eaf66f284bdc93c1a34dc24c45fe68c11b4accae22b132d8da6c4921249e437805207b257b7a2f8f9a7d23c1e82bde35f9862aab8f180809729343f5d224ab149a5404d5e26f4728f5548e04f50c103186b3a2a83601f4b44169c2cfdd1e06f701a7b32b904435a6e8c6919b722a4d8eb90e3a8a4f0bc18b840d4c547470e49c40dd4cbe52b284183622372f6ebaa933660284218e4957b0d80c347811398ef4c34017bc65514a05b1bfddce3f58ccd07df77bbddb367662e18b34db73055b661282401f90a1a9303b4614acbd223372d5f913d1dd724b4c920bbd672330a4b055ce1202b9263cc02858713d17ed7335dad34d406c10e3f47ef44caf41d82f0778a6a5c70b5f3496643996ae6a0fc4b13cc0d6814b13baee4bec05455fc3a5f80b8402ce067725aa78cf301d3306598554ac3b073a5457a4300aca76642c091a026a50b11374b3161bc22caf76162fa02f0c782fbf8fe3dbddecdaffc17694cce987bcd639dfa0e6d29187e83575b8fbc9e625454c8aa39a489f972659c1b1200d3f7355d21586ad89c91b28ba2ccef5530c1e309b0b9585ffa1345df8e25777ec939ccf02c2b3e518d6e41ecd3b9f518c35e7376840cd4d2a6b5d1d9334a2cf61bac854759a36f9432f943e1ef25453553768322ca3c9bbb9136599309b0c5d764d8ae858203bd58ebe2c3efa8279a24ae2671e81d8742e63cb79e871d5e2786ee715684aa5c3840112f7b589a6ee9ad8f8c02eea8a696b57c39c2d9ba3a088fe9d7f62af469a58fc3e18e5d008d6a32fa5511b386322bd38c0d155ef0be0c6cf2cadce48f3b0b1151b34b35046955f7d6fdb505d95e2308a3991f339a6300aa68e24c3fc43419719a02910fe2a47a007a635df876ca87b432bc2bc7688fdbe1c351b90bf7c1a4e176c517f5237f7aaa637daf26dea1ef940cdbefd4d5531595967d1f0afd2348aea8db6296a0923ee2b8f3bc2c10777054eeba6b12cd422a1094f61777badf7b603bbf6cf37d0c36bcd9c3517503715caf69f8418bef39ea53091f5bae4a0bc0fdde032c453e9de62600a7f0931afd113d1b3364d7889873cf262aecc6fcbee35ee4189b9314ea6506fdaa4f0aec118b50f35ee6abad50d012d190850c093baa4b17c60494fcf267672126f4ce4ea932c54b9953c2684b93c6131a81a4175334b05aa0df9336241cbaa1c6d09df3ce83fa551ba769b7f5e0e061326e6af922c466a20e80bf30e677ccb7d1f7fe7b7319d732ef578e4a42243240a743c56ad17213a7338f5c2d01e426a474c55f517104a48e1e2b5ab5b41fa1506e8ee7720f03acb6d7d35136d056055c187917093be1277b58d77affed60d65e85575a261ee5996d6d3dc36e5cffc873e94be021f3830459ae24080e8f0c09b40e2172ce6e4af8411b83e357df8e1a14ed280c67a36bbb1024e3bb6bb51bb05fcc971cbf584f9eab5c2037907db1372e99a071d2d1908a13b5f2cfde40e080b383f1a9ae5ba6be4a3740d6d1f385238854b24f49a4f63b8271590e45c1cacc40d0ac76d10b011ea80e89fce9026f42ec84029f2b593a7067f828fcf25eaa0a2cf74b7bfa2b0e9429d07442d8a1a2706c642016118fd7419f64e73bf9387661a4adfcec672002dcb8c14c571cb5741e88525bcaf795a4fe21bc92801a3a6dd6f18159549b5c835658da5330c30bacf59e057368459518a646d60b6eb5377abee8a9583d4b23ac7c2a0d68ba1e79eddb39bc7ecd25aed218569834a5524a3ec3192df542a1c6d5fac971a4478789396f876335ff13bd0256d431f059376d74249833f8262fb051149673bb844da998d4a41cf9a7942fad3d58176fed79ba8e452e46105a504e31cc4980a96fdb14fdba4404f9f41b0a0a0fb68cc22f0fbb468f42e403fd5b09a2d53faeb697ab2be7ca733064c674e3491c520ce611945dd2956dd94aff5d0fb71e89038c3ce65765a8b47b02378d857c02f3107c2292a8b37400f2702a51bbdbef07a4f9e32d61a09788987b4a959ae54e760c83b4a3b07b873909f6731d2b46ff9f0050c9a437f40f9cc11f4c221e57d87200430b25a4eb0d270d6f6c8a0afcbab5c6953b542c043190dfa8d3b165fadf6b819bb3fc43ac2e837d81e89e97c27a4be6f462a63771e337de8c46b4a56a6318f5cb59fca72a8add164aa70f166ab92ea78227298d73d13d114a026111d7cc6d6eedba71ae80f65afb7620c57ac91aaa96dbdd4a7983012e7926324ed4528a7b6e88b7ffe81eb1c96676c76265024c2b3a6f1a0f9dd65b7d6bf06ba0c7c4b3fa226a224dc7dc47970a4d231fc482f4797343768f4695002f0d4a1dd0ee99cbd37bd26a7dc7d8182ca524b0923344c73a34e64d1518cc3bc8b342bace48f65d6161b33ea5f72de068340f4d5596b98e5cff086db713f2680c3ba822cc579cadf7c7fd43274f412106e83d1a7831b381a9e6421cacc8145872482480fc624b9c1f9d028f74ca8ea8de8ccb10f3b342b3a0b7d9b76871623481de48787e4396e337de660f9d140d6264913328a337fcc33e6c258f64a89cc98f517e8f3c28bdb08f3915385ea34c5b7b954f96250e8d01dad5280b345e8abab3d8c99bce98921fb2df3c2d28883c9d2f24bcc7f823ce1cfc1fb610413857a515fe658a8565bcd77d1b93a78783c26e8e7591201bf1dc5b26b5a6b8cbe59b816390b2e153cc01db0ce861bc311d8bc3463f689b6b01bbe34b7debad7f7b811d1c259a3fbb9d43fa53fc64f5095ca70f20ccb09ec3701e350c18f95e6a8cc2a010ccfb84309eb30b9a42109dca89a95f42563b0632847626b18303e39a8cf8f69c091fcaa0f434a6912509d5c5603c154ae272763bd7515240188030f0146216415ad761aad901b8bf236c7d67e3f99b3d775165a4c44235e488a70b469123aa2484de5646fb106ec382774a3450b6c4d6febd089938e2727725756a6563d4dd3b236800fc20edf8837588254ee08d0d3734c168329113de05a742e365996b747bbc6a706d6387e711c779b3b76bc235bb5fa675a0ef1eea7f0042bd34fa55ff80d978f332f3be49c9136f18664bdcf57cd9b0785c1ce6ac71e7c6ab36b51fba3c6d72b76fbd8c3652d434ea959d2c4b8393ecfda5bee96e35c3177393dfb8247b1137506688231858763a462546d35aab5ef01a48b2932c7fddb9a0e3608ad86d8d730bf4cc504aa283ee80ab73a5249bc1bab1fee4bb6eda78731eed929b05c88d9d41be3234b3b4f35626281ef4ca4a50a82df763675eb8c79123905a4c05d6e69a1ebd41723afce1cbcf5b88b32a92619e5687f97cb955059e241348a8280cfb7fb96be5d4021079b4e934f30cb36906335cb43ed38eb05d2df097b0140eeb80ad40abc9754bbd6cb7dff772fbd005afe40ea76a26c5533657de5b543552863aefe39d5ea0ae249538a1618155d094d0709d01bff5981ff21ea477f0068fce45757f11ee3b998bae15ee3372524edff9346bda3dda885608e47623ed42424ae91d71626195678ac96a9ef7554e469a0d31524242e34acdff2e052cc1c737eb5d4043e6498d9f15e09aebbd6f23d118d628df0db0b09bc78d306dfb2d90c24a3601754e41df0f6b3e6d7d7b95a2bcd1792b60b2dc6840cbae52c0b2eabe059745d4d9cbaa6f02a1c8655cad39ba8f5c11eccda3336823bd00c5665c547e4f34b22b3f4abba00edf5edb6484505ef30b7f71bb91bc37151a91a9a5fd96094d0e4168de36b6f792b11cdb95d4904c51863de65204eefe59d46478fd711b1d1f55e4052a09b7d8ea47cb818b2e11180c514443891b80d118d399ff9d05365e90f3fdd06cbdefb7790ea7186d8404fd3dc490aea81024cd4140ce917a889fe6ce0a4969a2ce6224eb50cfbc9ce2e623fea1f05ebe61814b1468cc869f984c55ce2012006346008bac5d3d17945108b744109cd69c60ccf6ff87db8bd0a0dd2a603e8a8d979c99e7026ffc78c60a287813553633a63338af14d282b2015c33b91dcd09ca91e9d6f4c0b705f5780786456a64885f1d8c5fd7eedf5a6948bc3711281cd01de199f37e0aa7ac8170d901781a11ee632a2306297a86537dc8f620552680a8c12fedc56fec0970b7d2c4f261549eb66e5f429e14af5a433f6bf021962238205ca3947728fb3b9f34d3862446b080f43a8c2485712df0e6ef95d3d63a2507d0fdae6ef082e1918882339011e9c897275a85ab907d68d63b98af1e9812e9be71d0597185708aadf7ad88ed836fec7def57110cf5277822a7ad17f01738a93991d3fb1c02306fa9a16ee820ee1de99e91af02233b98ab9f7ce18e855798868a861ce78b9c6582ad9ccabf43f32c095973f568d577223d0b54729bb34d6ac2fc72a89608c8a039de3d20a957aa7a542afe5c0cd3cc20c2c0e50b2139cebd30c8a4cb46671affeccf7a4627b8df0929fe44af2a914a8e4598d7197d9e69c3c2501363b26b031695b9f4d0f85d98dc27a0ab09730c56063b9a5b316abc83f8f89973903a0ab2a0b678bf9feda5aab0f23424edffd7fc9be6fb0006902704747a62ac338548c494518ccb4a74e531c945a5788c8e6ba6069c723b2e80ca9a5ff809ff05903ba2232f84b1d16d406aea9827a4c4d4486fdf44ef26f51ea40aa3c5d0821961c8e5df6e43a432db29092389ed7c1bef7ced1a0409a93f731e7e7f10e76ffd6df1dbb4a653b7e9659383955c16382e2c0c58dda6503e17535f29c23653c315c4cafa62720dc7f05481d74b0cb35b300a1853dd090665dcb9f6ac799b662b62a20c5f797dffd77a5d2af013cecc9e402c125d1986c85a4be704e24047b48bdc4cc4784cfe41109e23a6177d19f984ba97eb1b18e8176bf52d2c17b6a9306a3df24a0116bd408fd338f002ed5c80f9911c99e1a08010e1085b25b7d2ccc2510587f2550642927c71df92a01f8569c6d6578c723f1aa4099340943a584aee66a87a54db920f0d290df3732beefeaf775f472e4f527d72c41dc18ed68d22b98347584c706a1ae423f97b42eaba24b90b0f3ee73a13cf55333906b2632f2b5aeb2a89dffeceab8d8cddd0840846173841f4a9fe6e438be2eb6708fea66d53cee692a0b27ce28b9dfdc704d6cf163f26aad422b9f1728519badfe16cba80859e86574d0c48c387aa754dfca81396182c162d85dea40a19fae06600b5c2769e55e885cbc878dfc723931a8eda30ec99baa9f4b2c3e6b55852b3ab527010da7a8ca21bc2608c55f62537154dd7a76be1a88c7611bf6ac3d6a34bb10c07ae32b5004c3ff83699cd70fa5708c13b2ee1d111717c96d1819b9e1aabfa104956636f99cc79425aa207f90f7502f1d97062f9f6f7dab4d05a162d6a3e93ca766c2388723fb169f9cf05ca3d12b1c26c3fc8c247a7821f55e757661beab42180b7651dd1ec9058027b8b9f9a9fa81e387ca9d4a4e67a9530e69b41e7bb0da76ae4004f173ed22f4c219dc73db359a773e93e94f893bada1092c1d1b1921b6c0f7a94e6c23f0c9d089960b62a4c9608ea90436e01b976d33a264dcd30e9e86b7b27247e872a831e60924b5ed0e346f9834b1f8cd684159223a61e2f063be679b79c673f5cd06dbeac2658c32042082c29bc1d8dd5bcac34163d955b5b02f10bf95142d20c0a2e827039e8c2ae1da9dbfd1a7dff5441785255502095cb453e0da37b75955deebd400f1e7f"})
openat$cgroup_int(0xffffffffffffffff, 0x0, 0x2, 0x0)
ioctl$USBDEVFS_SETCONFIGURATION(r4, 0x80045505, &(0x7f0000000000)=0x1)
bind$vsock_stream(r3, &(0x7f0000000080)={0x28, 0x0, 0x2710, @my=0x0}, 0x10)
mlock2(&(0x7f0000108000/0x3000)=nil, 0x3000, 0x0)
timer_settime(0x0, 0x0, &(0x7f000006b000)={{0x0, 0x8}, {0x0, 0x9}}, 0x0)
mbind(&(0x7f0000001000/0x800000)=nil, 0x800000, 0x0, 0x0, 0x0, 0x2)

11.751637582s ago: executing program 5 (id=2409):
socket$nl_generic(0x10, 0x3, 0x10)
r0 = socket$xdp(0x2c, 0x3, 0x0)
setsockopt$XDP_TX_RING(r0, 0x11b, 0x3, 0x0, 0x0)
setsockopt$XDP_UMEM_REG(r0, 0x11b, 0x4, &(0x7f0000000100)={&(0x7f0000000000)=""/5, 0x204000, 0x1000}, 0x20)
socketpair$unix(0x1, 0x5, 0x0, &(0x7f0000000080))
socketpair$unix(0x1, 0x3, 0x0, &(0x7f0000000080)={<r1=>0xffffffffffffffff, <r2=>0xffffffffffffffff})
connect$unix(r1, &(0x7f000057eff8)=@abs, 0x6e)
sendmmsg$unix(r2, &(0x7f00000bd000), 0x318, 0x0)
recvmmsg(r1, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
syz_open_dev$video4linux(0x0, 0x7fff, 0x48b03)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
sched_setattr(0x0, &(0x7f0000000280)={0x38, 0x5, 0x8, 0x2d03629c, 0x0, 0x9, 0x40000000000, 0xfffffe0000000001, 0x10000000, 0xffffffff}, 0x0)
socket$nl_netfilter(0x10, 0x3, 0xc)
openat$audio1(0xffffffffffffff9c, 0x0, 0x0, 0x0)
r3 = syz_open_procfs(0x0, &(0x7f00000000c0)='cgroup\x00')
lseek(r3, 0xffffff60, 0x1)
setsockopt$XDP_UMEM_FILL_RING(r0, 0x11b, 0x5, &(0x7f0000000040)=0x4000, 0x4)
bind$xdp(r0, &(0x7f00000002c0)={0x2c, 0xe}, 0x10)
socket$inet6_udplite(0xa, 0x2, 0x88)
r4 = openat$ttyprintk(0xffffffffffffff9c, &(0x7f0000000280), 0x22802, 0x0)
ioctl$TIOCSETD(r4, 0x5423, &(0x7f0000000240)=0xe)
ioctl$TCFLSH(r4, 0x540b, 0x0)
r5 = openat$sequencer(0xffffffffffffff9c, &(0x7f0000000000), 0x103001, 0x0)
write$sequencer(r5, &(0x7f0000000040)=[@generic={0xa}, @t={0x4, 0x0, 0x6, 0x81, @generic=0x5}, @s={0x5, @generic=0x1, 0x1f}], 0xd)
r6 = syz_usb_connect(0x0, 0x24, &(0x7f0000000300)=ANY=[@ANYBLOB="1201000003005740ed0b0011c3ec000000010902120001000000000904"], 0x0)
syz_usb_control_io(r6, 0x0, &(0x7f00000000c0)={0x84, &(0x7f0000000000)=ANY=[@ANYBLOB="00000100000005"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0})
syz_usb_control_io(r6, 0x0, 0x0)

10.735468242s ago: executing program 2 (id=2413):
syz_open_dev$loop(&(0x7f0000000240), 0xffffffff7ffffffd, 0x160862)
r0 = socket$nl_netfilter(0x10, 0x3, 0xc)
r1 = socket$nl_route(0x10, 0x3, 0x0)
socketpair$unix(0x1, 0x3, 0x0, &(0x7f0000000180)={<r2=>0xffffffffffffffff, <r3=>0xffffffffffffffff})
connect$unix(r2, &(0x7f000057eff8)=@abs, 0x6e)
sendmmsg$unix(r3, &(0x7f00000bd000), 0x318, 0x0)
socket(0x2b, 0x80801, 0x1)
recvmmsg(r2, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
ioctl$BLKTRACESETUP(0xffffffffffffffff, 0xc0481273, &(0x7f00000001c0)={'\x00', 0x1, 0x7, 0x80000001, 0x37f, 0xfffffffffffffe00, <r4=>0xffffffffffffffff})
prctl$PR_SCHED_CORE(0x3e, 0x1, r4, 0x2, 0x0)
sendto$unix(0xffffffffffffffff, 0x0, 0x0, 0x48850, 0x0, 0x0)
sched_setattr(0x0, &(0x7f0000000280)={0x38, 0x5, 0x8, 0x8001, 0x0, 0x9, 0x0, 0xfffffe0000000001, 0xfa11, 0xffffffff}, 0x0)
unshare(0x8040600)
socket$inet6_tcp(0xa, 0x1, 0x0)
r5 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000340), 0x1, 0x0)
r6 = ioctl$KVM_CREATE_VM(r5, 0xae01, 0x0)
r7 = eventfd(0x8c69)
ioctl$KVM_IOEVENTFD(r6, 0x4040ae79, &(0x7f0000000140)={0x2, 0x0, 0x0, r7})
getsockopt$sock_cred(r2, 0x1, 0x11, &(0x7f0000000040)={<r8=>0x0}, &(0x7f00000000c0)=0xc)
tkill(r8, 0x1f)
ioctl$KVM_IOEVENTFD(r6, 0x4040ae79, &(0x7f0000000100)={0xfffffffffffffffe, 0x0, 0x8, r1, 0x1})
write$P9_RFLUSH(r5, &(0x7f00000002c0)={0x7, 0x6d, 0x1}, 0x7)
socket$l2tp(0x2, 0x2, 0x73)
ioctl$ifreq_SIOCGIFINDEX_team(r1, 0x8933, &(0x7f0000000000))
socket(0x1, 0x5, 0xfffffffd)
sendmsg$nl_route(r1, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000000180)={&(0x7f0000000240)=@newlink={0x64, 0x10, 0xffffffffffffffff, 0x703d2f, 0x25dfdbfc, {0x0, 0x0, 0x0, 0x0, 0x2017, 0x12021}, [@IFLA_LINKINFO={0x44, 0x12, 0x0, 0x1, @vlan={{0x9}, {0x34, 0x2, 0x0, 0x1, [@IFLA_VLAN_ID={0x6, 0x1, 0x3}, @IFLA_VLAN_EGRESS_QOS={0x28, 0x3, 0x0, 0x1, [@IFLA_VLAN_QOS_MAPPING={0xc, 0x1, {0x0, 0x1}}, @IFLA_VLAN_QOS_MAPPING={0xc, 0x1, {0x7fff0, 0x9}}, @IFLA_VLAN_QOS_MAPPING={0xc}]}]}}}]}, 0x64}}, 0x8001002)
sendmsg$NFT_BATCH(r0, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000080)={&(0x7f0000000240)=ANY=[@ANYBLOB="140000001000010000000000000000000500000a28000000000a030000000000000000000a00000708000240000000020900010073797a31000000002c000000030a010100000000000000000a0000070900010073797a31000000000900030073797a320000000014000000110001"], 0x7c}, 0x1, 0x0, 0x0, 0x4000}, 0x0)
sendmsg$NFT_BATCH(r0, &(0x7f0000009b40)={0x0, 0x0, &(0x7f0000009b00)={&(0x7f0000000100)=ANY=[@ANYBLOB="140000001000010000000000000000000500000a4c000000090a0104000000d9ffffff000a0000040900010073797a310000000008000540000000020900020073797a310000000008000a40fffffffc080003400000001408000c4000000e45400000000c0a010100000000000000000a0000060900020073797a31000000000900010073797a310000000014000380100000800c00018006000100d1"], 0xb4}, 0x1, 0x0, 0x0, 0x4000850}, 0x40)
sendmsg$NFNL_MSG_COMPAT_GET(r0, &(0x7f00000002c0)={&(0x7f0000000000)={0x10, 0x0, 0x0, 0x10}, 0xc, &(0x7f0000000200)={&(0x7f00000001c0)={0x1c, 0x0, 0xb, 0x101, 0x0, 0x0, {0xa, 0x0, 0x4}, [@NFTA_COMPAT_NAME={0x5, 0x1, '\x00'}]}, 0x1c}, 0x1, 0x0, 0x0, 0x4000}, 0x40010)

7.747213941s ago: executing program 5 (id=2418):
r0 = socket$nl_xfrm(0x10, 0x3, 0x6)
sendmsg$nl_xfrm(r0, &(0x7f0000000540)={0x0, 0x0, &(0x7f0000000240)={&(0x7f0000000280)=ANY=[@ANYBLOB="40010000100001000000000800000000ac1e0001001074c8e8860000000000000000200000000000000000000000000000000000000000000000000000000020", @ANYRES32=0x0, @ANYRES32=0x0, @ANYBLOB="ffffffff0000000000000000000000000000000033000000ac1414aa0000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000ffffffffffffffff000000805600000000000000000000000000000001000000000000000000000010000000090000000200000000000000000000000200010000000000000000004800010073686132353600"/194], 0x140}}, 0x0)

7.360324241s ago: executing program 2 (id=2419):
r0 = socket$nl_netfilter(0x10, 0x3, 0xc)
sendmsg$IPSET_CMD_CREATE(r0, &(0x7f0000001080)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000440)={0x50, 0x2, 0x6, 0x1, 0x0, 0x0, {}, [@IPSET_ATTR_REVISION={0x5}, @IPSET_ATTR_SETNAME={0x9, 0x2, 'syz1\x00'}, @IPSET_ATTR_DATA={0xc, 0x7, 0x0, 0x1, [@IPSET_ATTR_CADT_FLAGS={0x8, 0x6, 0x0}]}, @IPSET_ATTR_TYPENAME={0xc, 0x3, 'hash:ip\x00'}, @IPSET_ATTR_PROTOCOL={0x5, 0x1, 0x6}, @IPSET_ATTR_FAMILY={0x5, 0x5, 0xa}]}, 0x50}, 0x1, 0x0, 0x0, 0x6}, 0x0)
r1 = syz_open_dev$usbfs(&(0x7f0000000000), 0x9bcc, 0x8000)
r2 = socket$inet6(0xa, 0x2, 0x0)
connect$inet6(r2, &(0x7f0000000180)={0x2, 0x0, 0x7fffffff, @dev, 0x2008}, 0x1c)
mmap$usbfs(&(0x7f0000ffe000/0x2000)=nil, 0x2000, 0x5, 0x810, r1, 0x5)
syz_memcpy_off$IO_URING_METADATA_GENERIC(0x0, 0x108, &(0x7f0000000100)=0x7, 0x0, 0x4)
r3 = socket$inet6(0xa, 0x2, 0x0)
setsockopt$sock_int(r3, 0x1, 0xf, &(0x7f0000000240)=0x9, 0x4)
bind$inet6(r3, &(0x7f0000000040)={0xa, 0xe22}, 0x1c)
r4 = socket$netlink(0x10, 0x3, 0x8000000004)
r5 = socket$netlink(0x10, 0x3, 0x8000000004)
r6 = openat$dsp(0xffffffffffffff9c, &(0x7f0000000180), 0x0, 0x0)
ioctl$SNDCTL_DSP_SETTRIGGER(r6, 0x40045010, &(0x7f0000000000))
r7 = syz_io_uring_setup(0x496, &(0x7f0000000400)={0x0, 0x7daf, 0x10, 0x8000, 0x8000e1}, &(0x7f0000000340)=<r8=>0x0, &(0x7f0000000040)=<r9=>0x0)
syz_memcpy_off$IO_URING_METADATA_GENERIC(r8, 0x4, &(0x7f0000000000)=0xffb, 0x0, 0x4)
r10 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f00000000c0)='cpuset.memory_pressure_enabled\x00', 0x275a, 0x0)
syz_io_uring_submit(0x0, 0x0, &(0x7f00000001c0)=@IORING_OP_TEE={0x21, 0x0, 0x0, @fd_index=0x3, 0x0, 0x0, 0x1, 0x7})
sendmsg$NL80211_CMD_ASSOCIATE(0xffffffffffffffff, &(0x7f0000000300)={&(0x7f0000000140)={0x10, 0x0, 0x0, 0x20000}, 0xc, &(0x7f00000002c0)={&(0x7f0000000280)={0x3c, 0x0, 0x10, 0x70bd2d, 0x25dfdbfc, {{}, {@val={0x8}, @void}}, [@NL80211_ATTR_HT_CAPABILITY={0x1e, 0x1f, {0x400, 0x2, 0x4, 0x0, {0x8000, 0x2, 0x0, 0x5, 0x0, 0x0, 0x1}, 0x400, 0x3, 0x2}}]}, 0x3c}, 0x1, 0x0, 0x0, 0x90}, 0x4040843)
ioctl$BLKSSZGET(r10, 0x1268, &(0x7f0000000080))
write$UHID_CREATE2(r10, &(0x7f00000001c0)=ANY=[@ANYBLOB="06"], 0x118)
mmap(&(0x7f0000000000/0x3000)=nil, 0x3000, 0x1, 0x12, r10, 0x0)
syz_io_uring_submit(r8, r9, &(0x7f0000000000)=@IORING_OP_LINKAT={0x27, 0x2, 0x0, r10, 0x0, 0x0, r10, 0x400, 0x1})
io_uring_enter(r7, 0x627, 0xc1040000, 0x43, 0x0, 0x0)
writev(r5, &(0x7f0000000180)=[{&(0x7f00000001c0)="580000001500add427323b472545b45602117fffffff81000e22d991000000000000a80013007b00090080007f000001e809000000ff0000f03ac7100003ffffffffffffffffffffffe7ee000000deff0000000200000000", 0x58}], 0x1)
writev(r4, &(0x7f0000000180)=[{&(0x7f0000000700)="580000001400add427323b472545b45602117fffffff81000e220e2280007f000001e801000500000000003ac7100003ffffffffd3daffffffffffe7ee000000deff000000ddbd57cff2ffe293a2afebd998c88d5d6b3710", 0x58}], 0x1)

7.358545846s ago: executing program 5 (id=2420):
r0 = socket$nl_netfilter(0x10, 0x3, 0xc)
sendmsg$NFT_BATCH(r0, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000080)={&(0x7f0000000240)=ANY=[@ANYBLOB="140000001000010000000000000000000500000a28000000000a030000000000000000000a00000708000240000000020900010073797a31000000002c000000030a010100000000000000000a0000070900010073797a31000000000900030073797a320000000014000000110001"], 0x7c}, 0x1, 0x0, 0x0, 0x4000}, 0x0)
sendmsg$NFT_BATCH(r0, &(0x7f0000009b40)={0x0, 0x0, &(0x7f0000009b00)={&(0x7f0000000600)=ANY=[@ANYBLOB="140000001000010000000000000000000500000a3c000000090a010400000000000000000a0000040900010073797a310000000008000540000000020900020073797a310000008408000a40fffffffc680000000c0a010100000000000000000a0000070900020073797a31000000000900010073797a31000000003c0003803800008008000340000000022c0007800a0001006c696d69740000001c0002800c00024000000000000000050c0001400000000000000004"], 0xcc}, 0x1, 0x0, 0x0, 0x24000850}, 0x40)

7.017779588s ago: executing program 5 (id=2422):
r0 = seccomp$SECCOMP_SET_MODE_FILTER_LISTENER(0x1, 0x0, &(0x7f00000001c0)={0x0, 0x0})
socketpair$unix(0x1, 0x3, 0x0, &(0x7f00000000c0)={<r1=>0xffffffffffffffff, <r2=>0xffffffffffffffff})
connect$unix(r1, &(0x7f000057eff8)=@abs, 0x6e)
sendmmsg$unix(r2, &(0x7f00000bd000), 0x318, 0x0)
recvmmsg(r1, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
bpf$OBJ_GET_PROG(0x7, &(0x7f00000005c0)=@generic={&(0x7f0000000580)='./bus\x00', 0x0, 0x8}, 0x18)
r3 = openat$vsock(0xffffffffffffff9c, 0x0, 0x2c0c2, 0x0)
bpf$PROG_LOAD(0x5, 0x0, 0x0)
sched_setattr(0x0, &(0x7f0000000000)={0x38, 0x0, 0x4, 0x8001, 0x0, 0xb49, 0x200000000002, 0x7, 0x8, 0x5}, 0x0)
syz_genetlink_get_family_id$batadv(0x0, r0)
sendmsg$nl_route(0xffffffffffffffff, &(0x7f0000000ac0)={0x0, 0x0, &(0x7f0000000180)={&(0x7f0000000f40)=ANY=[], 0x3c}, 0x1, 0x0, 0x0, 0x1}, 0x8000002)
socketpair$unix(0x1, 0x1, 0x0, 0x0)
poll(0x0, 0x0, 0x9)
setitimer(0x2, 0x0, 0x0)
sendmsg$NFT_BATCH(0xffffffffffffffff, &(0x7f00000000c0)={0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x4000}, 0x0)
r4 = socket$nl_netfilter(0x10, 0x3, 0xc)
sendmsg$NFT_BATCH(r4, &(0x7f0000000040)={0x0, 0x0, &(0x7f0000000200)={&(0x7f00000003c0)=ANY=[@ANYBLOB="140000001000010000000000000000000000000a28000000000a0101000000005e1affd5020000000900010073797a300000000008000240000000032c000000030a01030000e6ff00000000020000000900010073797a30000000000900030073797a320000000014000000110001"], 0x7c}}, 0x0)
sendmsg$NFT_BATCH(r4, &(0x7f00000002c0)={0x0, 0x0, &(0x7f0000000140)={&(0x7f0000000500)={{0x14}, [@NFT_MSG_NEWRULE={0x6c, 0x6, 0xa, 0x409, 0x0, 0x0, {0x2, 0x0, 0x2}, [@NFTA_RULE_EXPRESSIONS={0x40, 0x4, 0x0, 0x1, [{0x3c, 0x1, 0x0, 0x1, @immediate={{0xe}, @val={0x28, 0x2, 0x0, 0x1, [@NFTA_IMMEDIATE_DATA={0x1c, 0x2, 0x0, 0x1, [@NFTA_DATA_VERDICT={0x18, 0x2, 0x0, 0x1, [@NFTA_VERDICT_CHAIN={0x9, 0x2, 'syz2\x00'}, @NFTA_VERDICT_CODE={0x8, 0x1, 0x0, 0x1, 0xfffffffffffffffc}]}]}, @NFTA_IMMEDIATE_DREG={0x8}]}}}]}, @NFTA_RULE_TABLE={0x9, 0x1, 'syz0\x00'}, @NFTA_RULE_CHAIN={0x9, 0x2, 'syz2\x00'}]}], {0x14}}, 0x94}}, 0x0)
sendmsg$NFT_BATCH(r4, &(0x7f0000000480)={0x0, 0x0, &(0x7f0000000440)={&(0x7f0000000280)=ANY=[@ANYBLOB="140000001000010000002000000000f40600000a14000000020a01"], 0x3c}, 0x1, 0x0, 0x0, 0x4011}, 0x4000094)
prlimit64(0x0, 0x0, 0x0, &(0x7f0000000180))
r5 = socket$nl_route(0x10, 0x3, 0x0)
sendmsg$nl_route(r5, &(0x7f0000000140)={0x0, 0x0, &(0x7f00000000c0)={&(0x7f0000002640)=@ipv4_newrule={0x24, 0x20, 0x301, 0x70bd2c, 0x25dfdbff, {0x2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x5, 0x10}, [@FRA_GENERIC_POLICY=@FRA_IP_PROTO={0x5, 0x16, 0x2c}]}, 0x24}}, 0x8800)
ioctl$KVM_CREATE_VM(r3, 0xae01, 0x37)
sendmsg$nl_route(r5, &(0x7f0000000280)={0x0, 0x0, &(0x7f0000000100)={&(0x7f0000000300)=ANY=[@ANYBLOB="3c0000001000390400"/20, @ANYRES32=0x0, @ANYBLOB="01980000031300001c0012800900010069706970000083000c00028008000300e00000015c413394c2cd647ccea14a0fa72abaaded37e53e987e722424214f79ed6432be46dbbcbf8bc3039a06c208aa6c7b8658e45d6d0c"], 0x3c}}, 0x0)
syz_usb_control_io(0xffffffffffffffff, 0x0, 0x0)
openat$nci(0xffffffffffffff9c, &(0x7f0000000240), 0x2, 0x0)
socket$nl_netfilter(0x10, 0x3, 0xc)

6.887079432s ago: executing program 2 (id=2423):
r0 = syz_open_dev$vim2m(&(0x7f0000000080), 0x2, 0x2)
ioctl$vim2m_VIDIOC_REQBUFS(r0, 0xc0145608, &(0x7f0000000040)={0xc0, 0x1, 0x4, 0x0, 0x9})
openat$tun(0xffffffffffffff9c, &(0x7f0000000280), 0x0, 0x0)
ioctl$vim2m_VIDIOC_ENUM_FMT(r0, 0xc0405668, &(0x7f0000000140)={0x9, 0x3, 0x0, "0000087aba10fdfffffbe30b51751bc53051a30000000000000016ebffffff00", 0x55595659})
r1 = socket$l2tp(0x2, 0x2, 0x73)
syz_usb_connect(0x2, 0x36, &(0x7f0000000040)={{0x12, 0x1, 0x0, 0xad, 0xf4, 0x9d, 0x20, 0x789, 0x160, 0xfd08, 0x1, 0x2, 0x3, 0x1, [{{0x9, 0x2, 0x24, 0x1, 0x0, 0x0, 0x10, 0x0, [{{0x9, 0x4, 0xc3, 0x0, 0x2, 0xdd, 0x54, 0xf5, 0x0, [], [{{0x9, 0x5, 0x6, 0x2, 0x3ff}}, {{0x9, 0x5, 0x82, 0x2, 0x8}}]}}]}}]}}, 0x0)
setsockopt$IPT_SO_SET_REPLACE(r1, 0x0, 0x40, &(0x7f0000000000)=@raw={'raw\x00', 0x8, 0x3, 0x368, 0x1b0, 0xa, 0x148, 0x1b0, 0x10, 0x2d0, 0x2a8, 0x2a8, 0x2d0, 0x2a8, 0x3, 0x0, {[{{@ip={@empty, @multicast1, 0x0, 0xffffffff, 'team_slave_0\x00', 'veth0_to_bond\x00', {}, {}, 0x0, 0x0, 0x1}, 0x0, 0x190, 0x1b0, 0x0, {0x200003ae, 0x7f00}, [@common=@inet=@recent0={{0xf8}, {0xfffffffa, 0x40e151, 0x2, 0x0, 'syz0\x00', 0xfa}}, @inet=@rpfilter={{0x28}, {0x9}}]}, @unspec=@NOTRACK={0x20}}, {{@ip={@empty, @dev={0xac, 0x14, 0x14, 0x32}, 0x0, 0x0, 'ipvlan0\x00', 'nr0\x00', {}, {}, 0x6c}, 0x0, 0xc0, 0x120, 0x0, {}, [@inet=@rpfilter={{0x28}, {0x9}}, @inet=@rpfilter={{0x28}}]}, @common=@CLUSTERIP={0x60, 'CLUSTERIP\x00', 0x0, {0x1, @link_local={0x1, 0x80, 0xc2, 0x0, 0x0, 0x3}, 0x2, 0x7, [0x8, 0x2b, 0xe, 0x9, 0x40, 0x16, 0x1a, 0x25, 0x16, 0x28, 0x3a, 0x26, 0x23, 0x8022, 0x401a, 0x19], 0x0, 0x1000, 0x7}}}], {{'\x00', 0xc8, 0x70, 0x98}, {0x28}}}}, 0x3c8)

6.088674466s ago: executing program 2 (id=2428):
socket$nl_generic(0x10, 0x3, 0x10)
r0 = socket$xdp(0x2c, 0x3, 0x0)
setsockopt$XDP_TX_RING(r0, 0x11b, 0x3, 0x0, 0x0)
setsockopt$XDP_UMEM_REG(r0, 0x11b, 0x4, &(0x7f0000000100)={&(0x7f0000000000)=""/5, 0x204000, 0x1000}, 0x20)
socketpair$unix(0x1, 0x5, 0x0, &(0x7f0000000080))
socketpair$unix(0x1, 0x3, 0x0, &(0x7f0000000080)={<r1=>0xffffffffffffffff, <r2=>0xffffffffffffffff})
connect$unix(r1, &(0x7f000057eff8)=@abs, 0x6e)
sendmmsg$unix(r2, &(0x7f00000bd000), 0x318, 0x0)
recvmmsg(r1, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
syz_open_dev$video4linux(0x0, 0x7fff, 0x48b03)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
sched_setattr(0x0, &(0x7f0000000280)={0x38, 0x5, 0x8, 0x2d03629c, 0x0, 0x9, 0x40000000000, 0xfffffe0000000001, 0x10000000, 0xffffffff}, 0x0)
socket$nl_netfilter(0x10, 0x3, 0xc)
openat$audio1(0xffffffffffffff9c, 0x0, 0x0, 0x0)
r3 = syz_open_procfs(0x0, &(0x7f00000000c0)='cgroup\x00')
lseek(r3, 0xffffff60, 0x1)
setsockopt$XDP_UMEM_FILL_RING(r0, 0x11b, 0x5, &(0x7f0000000040)=0x4000, 0x4)
bind$xdp(r0, &(0x7f00000002c0)={0x2c, 0xe}, 0x10)
socket$inet6_udplite(0xa, 0x2, 0x88)
r4 = openat$ttyprintk(0xffffffffffffff9c, &(0x7f0000000280), 0x22802, 0x0)
ioctl$TIOCSETD(r4, 0x5423, &(0x7f0000000240)=0xe)
ioctl$TCFLSH(r4, 0x540b, 0x0)
r5 = openat$sequencer(0xffffffffffffff9c, &(0x7f0000000000), 0x103001, 0x0)
write$sequencer(r5, &(0x7f0000000040)=[@generic={0xa}, @t={0x4, 0x0, 0x6, 0x81, @generic=0x5}, @s={0x5, @generic=0x1, 0x1f}], 0xd)
r6 = syz_usb_connect(0x0, 0x24, &(0x7f0000000300)=ANY=[@ANYBLOB="1201000003005740ed0b0011c3ec000000010902120001000000000904"], 0x0)
syz_usb_control_io(r6, 0x0, &(0x7f00000000c0)={0x84, &(0x7f0000000000)=ANY=[@ANYBLOB="00000100000005"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0})
syz_usb_control_io(r6, 0x0, 0x0)

5.825245237s ago: executing program 6 (id=2429):
socket$inet6_tcp(0xa, 0x1, 0x0)
r0 = syz_open_dev$video(&(0x7f0000000000), 0x5, 0x101800)
ioctl$VIDIOC_G_FMT(r0, 0xc0d05604, &(0x7f0000000140)={0x9, @raw_data="aa1d33c716d5b6c598bb846045a4bcde20fce0759b5c056dddb296fe6a83dba0fddded3748767a86464e2d891fd2233e2e34bc803b4b8da2533af7268e8114063e523749d15932de0994c6b645832eb306dd6b2b142a27f2a2422a49a8d947ddcabfc37cb266e3ba7058137740598d04828e74eb7b413ec0847036eca4215e1f4fddca2e40b6ec95e1a190fb73954b3ada9faf3ef4d77d6cffe617981a6310195ddd8619b1a733a7122304db80ebb456edb8117402076cea30bccfc83eddbac4c369c3528b552ad4"})
pselect6(0xfe41, &(0x7f0000000040)={0xd, 0x0, 0x0, 0x8000000}, 0x0, 0x0, 0x0, 0x0)
r1 = openat$tun(0xffffffffffffff9c, &(0x7f0000000240), 0x0, 0x0)
ioctl$TUNSETIFF(r1, 0x400454ca, &(0x7f0000000040)={'syzkaller0\x00', 0x7101})
r2 = socket$unix(0x1, 0x1, 0x0)
ioctl$sock_SIOCGIFINDEX(r2, 0x8933, &(0x7f0000000100)={'syzkaller0\x00', <r3=>0x0})
r4 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000200), 0x2800, 0x0)
fcntl$lock(r4, 0x24, &(0x7f0000000000)={0x2, 0x2, 0x0, 0x800003fffffffffd})
r5 = socket(0x10, 0x3, 0x0)
sendmsg$nl_route_sched(r5, &(0x7f0000000200)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000300)=@newqdisc={0x88, 0x24, 0xf0b, 0x470bd26, 0x25dfdbfd, {0x0, 0x0, 0x0, r3, {0x0, 0xffff}, {0xffff, 0xffff}, {0x0, 0xfff1}}, [@qdisc_kind_options=@q_mqprio={{0xb}, {0x58, 0x2, {{0x1, [0x0, 0x0, 0x0, 0x8, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xff, 0xd], 0x0, [0x1, 0x2, 0xfffe, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x5c4, 0x8000, 0x0, 0x0, 0x3dc], [0x2, 0x4, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1000]}}}}]}, 0x88}}, 0x24004000)

5.385053241s ago: executing program 6 (id=2430):
r0 = openat$vhost_vsock(0xffffffffffffff9c, &(0x7f00000015c0), 0x2, 0x0) (async)
socketpair(0x1, 0x3, 0x0, &(0x7f0000000100)={0xffffffffffffffff, <r1=>0xffffffffffffffff}) (async)
r2 = syz_io_uring_setup(0x1104, &(0x7f0000000300)={0x0, 0x0, 0x400, 0x2, 0x31c}, &(0x7f00000001c0)=<r3=>0x0, &(0x7f0000000040)=<r4=>0x0)
syz_memcpy_off$IO_URING_METADATA_GENERIC(r3, 0x4, &(0x7f0000000080)=0xfffffffc, 0x0, 0x4) (async)
syz_io_uring_submit(r3, r4, &(0x7f0000000380)=@IORING_OP_PROVIDE_BUFFERS={0x1f, 0x0, 0x0, 0x7, 0x0, 0x0, 0x7ff}) (async, rerun: 32)
io_uring_enter(r2, 0x7a91, 0x0, 0x0, 0x0, 0x18) (rerun: 32)
syz_io_uring_submit(r3, r4, &(0x7f00000002c0)=@IORING_OP_SEND={0x1a, 0x20, 0x0, r1, 0x0, 0x0, 0x0, 0x44040001, 0x1}) (async)
io_uring_register$IORING_REGISTER_PBUF_RING(r2, 0x16, &(0x7f0000000580)={&(0x7f0000002000)={[{0x0}, {0x0, 0x0, 0x3}, {0x0, 0x0, 0x1}, {0x0, 0x0, 0x8}, {0x0}, {0x0}, {0x0}, {0x0, 0x0, 0x1}]}, 0x8}, 0x1)
ioctl$VHOST_SET_VRING_BASE(r0, 0xaf01, 0x0) (async, rerun: 64)
r5 = eventfd(0xc) (rerun: 64)
ioctl$VHOST_SET_LOG_FD(r0, 0x4004af07, &(0x7f0000000240)=r5)
syz_usb_connect(0x1, 0x3d, &(0x7f0000000080)=ANY=[@ANYBLOB="12010000bdce4208110f80106afc0000000109022b00010000000009043700022ee5cd0009058010ff037f790209050e0320000980070705ab0b78"], 0x0) (async)
syz_open_dev$char_usb(0xc, 0xb4, 0x0) (async, rerun: 64)
prctl$PR_SET_MM_MAP(0x23, 0xe, 0x0, 0x0) (async, rerun: 64)
ioctl$SG_GET_REQUEST_TABLE(0xffffffffffffffff, 0x2286, &(0x7f0000000300)) (async, rerun: 32)
sendmsg$NFT_BATCH(0xffffffffffffffff, 0x0, 0x24004045) (rerun: 32)
ioctl$VHOST_SET_VRING_KICK(r0, 0x4008af20, &(0x7f0000000040)={0x1, r5}) (async, rerun: 32)
ioctl$VHOST_SET_VRING_ADDR(r0, 0x4028af11, &(0x7f0000000180)={0x0, 0x0, 0x0, &(0x7f0000000500)=""/67, 0x0}) (rerun: 32)
ioctl$VHOST_SET_VRING_ADDR(r0, 0x4028af11, &(0x7f0000000280)={0x1, 0x1, 0x0, &(0x7f00000000c0)=""/87, &(0x7f0000000480)=""/74}) (async)
openat$kvm(0xffffffffffffff9c, &(0x7f00000003c0), 0x0, 0x0) (async)
openat$fb0(0xffffffffffffff9c, 0x0, 0x0, 0x0) (async)
socketpair$unix(0x1, 0x3, 0x0, &(0x7f0000000080)={<r6=>0xffffffffffffffff, <r7=>0xffffffffffffffff})
connect$unix(r6, &(0x7f000057eff8)=@abs, 0x6e)
sendmmsg$unix(r7, &(0x7f00000bd000), 0x318, 0x0)
recvmmsg(r6, &(0x7f00000000c0), 0x10106, 0x2, 0x0) (async, rerun: 64)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0) (async, rerun: 64)
r8 = userfaultfd(0x80801)
ioctl$UFFDIO_API(r8, 0xc018aa3f, &(0x7f0000000040)={0xaa, 0x100}) (async)
ioctl$UFFDIO_REGISTER(r8, 0xc020aa00, &(0x7f0000000180)={{&(0x7f0000ffc000/0x4000)=nil, 0x4000}, 0x1}) (async)
ioctl$UFFDIO_ZEROPAGE(r8, 0xc020aa08, &(0x7f0000000000)={{&(0x7f0000ffd000/0x2000)=nil, 0x2000}, 0x1})

4.984802962s ago: executing program 4 (id=2432):
r0 = socket$nl_xfrm(0x10, 0x3, 0x6)
sendmsg$nl_xfrm(r0, &(0x7f0000000540)={0x0, 0x0, &(0x7f0000000240)={&(0x7f0000000280)=ANY=[@ANYBLOB="40010000100001000000000800000000ac1e0001001074c8e8860000000000000000400000000000000000000000000000000000000000000000000000000020", @ANYRES32=0x0, @ANYRES32=0x0, @ANYBLOB="ffffffff0000000000000000000000000000000033000000ac1414aa0000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000ffffffffffffffff000000805600000000000000000000000000000001000000000000000000000010000000090000000200000000000000000000000200010000000000000000004800010073686132353600"/194], 0x140}}, 0x0)

4.707288067s ago: executing program 4 (id=2433):
socket$inet6_sctp(0xa, 0x5, 0x84)
socket$inet6(0xa, 0x3, 0xfa)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
socket$inet_mptcp(0x2, 0x1, 0x106)
r0 = syz_open_dev$sndmidi(&(0x7f0000000100), 0x2, 0x101121)
r1 = dup(r0)
write$6lowpan_enable(r1, &(0x7f0000000000)='0', 0xfffffd2c)
openat$procfs(0xffffffffffffff9c, &(0x7f00000000c0)='/proc/mdstat\x00', 0x0, 0x0)
openat$sequencer(0xffffffffffffff9c, &(0x7f0000000300), 0x0, 0x0)
pselect6(0x40, &(0x7f00000001c0)={0x0, 0xfffffffffffffffe, 0x3, 0xfffffffffffffffd, 0xfffffffffffffffe}, 0x0, &(0x7f00000002c0)={0x3ff, 0x0, 0x0, 0x9, 0x0, 0x0, 0x7fffffff, 0x4000}, 0x0, 0x0)

4.591778388s ago: executing program 6 (id=2434):
syz_open_dev$dri(0x0, 0x0, 0x0)
r0 = socket(0xa, 0x3, 0x3a)
socketpair$unix(0x1, 0x3, 0x0, &(0x7f0000000080)={<r1=>0xffffffffffffffff, <r2=>0xffffffffffffffff})
connect$unix(r1, &(0x7f000057eff8)=@abs, 0x6e)
sendmmsg$unix(r2, &(0x7f00000bd000), 0x318, 0x0)
recvmmsg(r1, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
sched_setattr(0x0, &(0x7f0000000280)={0x38, 0x5, 0x8, 0x8001, 0x0, 0x9, 0x0, 0xfffffe0000000001, 0xfa11, 0xffffffff}, 0x0)
madvise(&(0x7f0000a93000/0x4000)=nil, 0x4000, 0x80000000e)
ioctl$sock_SIOCGIFVLAN_SET_VLAN_NAME_TYPE_CMD(r1, 0x8982, 0x0)
mmap(&(0x7f0000000000/0xff5000)=nil, 0xff5000, 0x1000002, 0x200000005c831, 0xffffffffffffffff, 0x0)
socket$nl_xfrm(0x10, 0x3, 0x6)
r3 = socket$nl_generic(0x10, 0x3, 0x10)
syz_genetlink_get_family_id$wireguard(&(0x7f0000000840), 0xffffffffffffffff)
r4 = socket$inet6_tcp(0xa, 0x1, 0x0)
setsockopt$inet_opts(r4, 0x0, 0x4, &(0x7f0000000080)="441f08100000009837a0324d7df546bcb8e8c94efe76cef3e200", 0x1a)
setsockopt$inet_mreq(0xffffffffffffffff, 0x0, 0x87da4854b9abaabb, &(0x7f00000000c0)={@empty, @initdev={0xac, 0x1e, 0x0, 0x0}}, 0x8)
sendmsg$WG_CMD_GET_DEVICE(r3, &(0x7f00000026c0)={0x0, 0x0, &(0x7f0000002680)={0x0}, 0x1, 0x0, 0x0, 0x20}, 0x20000880)
setsockopt$MRT6_ADD_MIF(r0, 0x29, 0xca, 0x0, 0x0)
syz_clone(0x11, 0x0, 0x0, 0x0, 0x0, 0x0)
set_mempolicy(0xc005, 0x0, 0x5)
r5 = socket$nl_route(0x10, 0x3, 0x0)
sendmsg$kcm(0xffffffffffffffff, &(0x7f0000000080)={0x0, 0x0, 0x0, 0x0, &(0x7f0000000180)=ANY=[@ANYBLOB="18000000000000001001000001"], 0x18, 0x68000000}, 0x0)
r6 = socket$kcm(0x21, 0x2, 0xa)
sendmsg$kcm(r6, &(0x7f0000000080)={&(0x7f0000000100)=@rxrpc=@in6={0x21, 0x0, 0x2, 0x1c, {0xa, 0x4e23, 0x0, @private1}}, 0x80, 0x0, 0x0, &(0x7f0000000180)=ANY=[], 0x18, 0x68000000}, 0x80fe)
sendmsg$kcm(r6, &(0x7f0000000080)={&(0x7f0000000100)=@rxrpc=@in4={0x21, 0x0, 0x2, 0x10, {0x2, 0x4e24, @loopback}}, 0x80, 0x0, 0x0, &(0x7f0000000180)=ANY=[], 0x18, 0x68000000}, 0x0)
ioctl$XFS_IOC_FD_TO_HANDLE(0xffffffffffffffff, 0xc038586a, &(0x7f00000002c0)={r5, &(0x7f0000000040)='\x00', 0x80, &(0x7f00000001c0)={@align=0x574a, {0xf21, 0x8001, 0x5, 0x9}}, 0x2, &(0x7f0000000200), &(0x7f0000000240)=0x6})
io_uring_register$IORING_REGISTER_FILES(0xffffffffffffffff, 0x1e, &(0x7f0000000000)=[0xffffffffffffffff], 0x1)

4.064130348s ago: executing program 0 (id=2435):
r0 = openat$ppp(0xffffffffffffff9c, &(0x7f0000000080), 0x100, 0x0)
ioctl$KVM_CREATE_VM(0xffffffffffffffff, 0xae01, 0x37)
ioctl$TUNSETOFFLOAD(r0, 0xc004743e, 0x110e22fff6)
r1 = bpf$TOKEN_CREATE(0x24, 0x0, 0x0)
socketpair$unix(0x1, 0x3, 0x0, &(0x7f0000000080)={<r2=>0xffffffffffffffff, <r3=>0xffffffffffffffff})
connect$unix(r2, &(0x7f000057eff8)=@abs, 0x6e)
sendmmsg$unix(r3, 0x0, 0x0, 0x0)
recvmmsg(r2, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
r4 = openat$nullb(0xffffffffffffff9c, &(0x7f0000000080), 0x4000000004002, 0x0)
ioprio_set$uid(0x3, 0x0, 0x0)
r5 = socket$nl_netfilter(0x10, 0x3, 0xc)
r6 = socket$nl_route(0x10, 0x3, 0x0)
r7 = socket$inet6(0xa, 0x2, 0x0)
setsockopt$inet6_int(r1, 0x29, 0x1a, &(0x7f0000000000)=0x6, 0x4)
r8 = socket$inet_udp(0x2, 0x2, 0x0)
sendmsg$nl_route(r6, &(0x7f0000000080)={0x0, 0x0, &(0x7f00000002c0)={&(0x7f00000000c0)=@newlink={0x40, 0x10, 0x403, 0x0, 0x0, {0x0, 0x0, 0x0, 0x0, 0x0, 0x42}, [@IFLA_LINKINFO={0x20, 0x12, 0x0, 0x1, @gtp={{0x8}, {0x14, 0x2, 0x0, 0x1, [@IFLA_GTP_FD1={0x8, 0x2, @udp6=r7}, @IFLA_GTP_FD0={0x8, 0x1, @udp=r8}]}}}]}, 0x40}, 0x1, 0xba01, 0x0, 0x4000050}, 0x0)
sendmsg$NFULNL_MSG_CONFIG(r5, &(0x7f0000000300)={0x0, 0x0, &(0x7f00000002c0)={&(0x7f00000009c0)=ANY=[@ANYBLOB="2400000001040102000000c9fd0000000000000008000340000100000500010001"], 0x24}, 0x1, 0x0, 0x0, 0x4000000}, 0x0)
sendmsg$NFULNL_MSG_CONFIG(r5, &(0x7f0000000340)={0x0, 0x0, &(0x7f0000000040)={&(0x7f0000000180)=ANY=[@ANYBLOB="340000000104050000000000000000000700000006000640000200000500010002"], 0x34}}, 0x2000004)
write$RDMA_USER_CM_CMD_CREATE_ID(r1, &(0x7f0000000140)={0x0, 0x18, 0xfa00, {0x1, 0x0, 0x111, 0x9}}, 0x20)
syz_clone(0x93f0b91, 0x0, 0x0, 0x0, 0x0, 0x0)
r9 = socket$kcm(0x2, 0x200000000000001, 0x106)
sendmsg$inet(r9, &(0x7f0000000440)={&(0x7f0000000000)={0x2, 0x4e24, @local}, 0x10, 0x0}, 0x200040c0)
sendmsg$kcm(r9, 0x0, 0x20040000)
r10 = dup(r4)
socket$nl_audit(0x10, 0x3, 0x9)
sendmsg$nl_xfrm(0xffffffffffffffff, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000340)={0x0, 0x13c}, 0x1, 0x0, 0x0, 0x20000011}, 0x0)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0x3000007, 0x38011, r10, 0x0)
sendfile(r10, r10, 0x0, 0xffffffff)
openat$ppp(0xffffffffffffff9c, &(0x7f00000000c0), 0x181000, 0x0)

4.014651902s ago: executing program 5 (id=2436):
r0 = openat$tun(0xffffffffffffff9c, &(0x7f0000000240), 0x0, 0x0)
ioctl$TUNSETIFF(r0, 0x400454ca, &(0x7f0000000040)={'syzkaller0\x00', 0x7101})
r1 = socket$nl_route(0x10, 0x3, 0x0)
r2 = socket$unix(0x1, 0x1, 0x0)
ioctl$sock_SIOCGIFINDEX(r2, 0x8933, &(0x7f0000000100)={'syzkaller0\x00', <r3=>0x0})
sendmsg$nl_route_sched(r1, &(0x7f0000000740)={0x0, 0x0, &(0x7f0000000080)={&(0x7f00000006c0)=@newqdisc={0x48, 0x24, 0x4ee4e6a52ff56541, 0x70bd2a, 0xffffffff, {0x0, 0x0, 0x0, r3, {0x0, 0xfff1}, {0xffff, 0xffff}, {0x0, 0x10}}, [@qdisc_kind_options=@q_prio={{0x9}, {0x18, 0x2, {0x8}}}]}, 0x48}, 0x1, 0x0, 0x0, 0x4000000}, 0x20040084)
r4 = socket$nl_route(0x10, 0x3, 0x0)
r5 = socket$unix(0x1, 0x1, 0x0)
ioctl$sock_SIOCGIFINDEX(r5, 0x8933, &(0x7f0000000100)={'syzkaller0\x00', <r6=>0x0})
sendmsg$nl_route_sched(r4, &(0x7f0000001200)={0x0, 0x0, &(0x7f0000000280)={&(0x7f0000001740)=@newqdisc={0x24, 0x28, 0x4ee4e6a52ff56541, 0x4001, 0xfffffdf8, {0x0, 0x0, 0x0, r6, {0x5}, {}, {0xa, 0x3}}}, 0x24}, 0x1, 0x0, 0x0, 0x40098}, 0x0)
r7 = syz_usb_connect(0x0, 0x24, &(0x7f0000000f40)=ANY=[@ANYBLOB="12010000dc3f6e4013080100083a000000010902120001000000000904"], 0x0)
syz_usb_control_io$uac1(r7, 0x0, 0x0)
syz_usb_control_io$hid(r7, 0x0, &(0x7f0000000500)={0x2c, &(0x7f0000000200)={0x40, 0x30, 0x2, "02ed"}, 0x0, 0x0, 0x0, 0x0})

3.560752938s ago: executing program 4 (id=2437):
syz_usb_control_io$hid(0xffffffffffffffff, 0x0, &(0x7f0000000b00)={0x2c, &(0x7f0000000500)=ANY=[], 0x0, 0x0, 0x0, 0x0})
sendmsg$TIPC_NL_MON_GET(0xffffffffffffffff, &(0x7f0000000600)={0x0, 0x0, &(0x7f00000005c0)={0x0}, 0x1, 0x0, 0x0, 0x4000040}, 0x854)
r0 = openat$vhost_vsock(0xffffffffffffff9c, &(0x7f00000000c0), 0x2, 0x0)
sendmsg$ETHTOOL_MSG_FEATURES_GET(0xffffffffffffffff, &(0x7f0000000ac0)={0x0, 0x0, &(0x7f0000000a80)={&(0x7f0000000000)={0x14, 0x0, 0x4f79951a91b7df8f, 0x70bd26, 0x3}, 0x14}, 0x1, 0x0, 0x0, 0x4005}, 0x2040084)
pwritev(r0, &(0x7f0000000600)=[{&(0x7f0000000240)}], 0x1, 0x0, 0x0)

3.282799255s ago: executing program 6 (id=2438):
r0 = seccomp$SECCOMP_SET_MODE_FILTER_LISTENER(0x1, 0x0, &(0x7f00000001c0)={0x0, 0x0})
socketpair$unix(0x1, 0x3, 0x0, &(0x7f00000000c0)={<r1=>0xffffffffffffffff, <r2=>0xffffffffffffffff})
connect$unix(r1, &(0x7f000057eff8)=@abs, 0x6e)
sendmmsg$unix(r2, &(0x7f00000bd000), 0x318, 0x0)
recvmmsg(r1, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
bpf$OBJ_GET_PROG(0x7, &(0x7f00000005c0)=@generic={&(0x7f0000000580)='./bus\x00', 0x0, 0x8}, 0x18)
r3 = openat$vsock(0xffffffffffffff9c, 0x0, 0x2c0c2, 0x0)
bpf$PROG_LOAD(0x5, 0x0, 0x0)
sched_setattr(0x0, &(0x7f0000000000)={0x38, 0x0, 0x4, 0x8001, 0x0, 0xb49, 0x200000000002, 0x7, 0x8, 0x5}, 0x0)
syz_genetlink_get_family_id$batadv(0x0, r0)
sendmsg$nl_route(0xffffffffffffffff, &(0x7f0000000ac0)={0x0, 0x0, &(0x7f0000000180)={&(0x7f0000000f40)=ANY=[], 0x3c}, 0x1, 0x0, 0x0, 0x1}, 0x8000002)
socketpair$unix(0x1, 0x1, 0x0, 0x0)
poll(0x0, 0x0, 0x9)
setitimer(0x2, 0x0, 0x0)
sendmsg$NFT_BATCH(0xffffffffffffffff, &(0x7f00000000c0)={0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x4000}, 0x0)
r4 = socket$nl_netfilter(0x10, 0x3, 0xc)
sendmsg$NFT_BATCH(r4, &(0x7f0000000040)={0x0, 0x0, &(0x7f0000000200)={&(0x7f00000003c0)=ANY=[@ANYBLOB="140000001000010000000000000000000000000a28000000000a0101000000005e1affd5020000000900010073797a300000000008000240000000032c000000030a01030000e6ff00000000020000000900010073797a30000000000900030073797a320000000014000000110001"], 0x7c}}, 0x0)
sendmsg$NFT_BATCH(r4, &(0x7f00000002c0)={0x0, 0x0, &(0x7f0000000140)={&(0x7f0000000500)={{0x14}, [@NFT_MSG_NEWRULE={0x6c, 0x6, 0xa, 0x409, 0x0, 0x0, {0x2, 0x0, 0x2}, [@NFTA_RULE_EXPRESSIONS={0x40, 0x4, 0x0, 0x1, [{0x3c, 0x1, 0x0, 0x1, @immediate={{0xe}, @val={0x28, 0x2, 0x0, 0x1, [@NFTA_IMMEDIATE_DATA={0x1c, 0x2, 0x0, 0x1, [@NFTA_DATA_VERDICT={0x18, 0x2, 0x0, 0x1, [@NFTA_VERDICT_CHAIN={0x9, 0x2, 'syz2\x00'}, @NFTA_VERDICT_CODE={0x8, 0x1, 0x0, 0x1, 0xfffffffffffffffc}]}]}, @NFTA_IMMEDIATE_DREG={0x8}]}}}]}, @NFTA_RULE_TABLE={0x9, 0x1, 'syz0\x00'}, @NFTA_RULE_CHAIN={0x9, 0x2, 'syz2\x00'}]}], {0x14}}, 0x94}}, 0x0)
sendmsg$NFT_BATCH(r4, &(0x7f0000000480)={0x0, 0x0, &(0x7f0000000440)={&(0x7f0000000280)=ANY=[@ANYBLOB="140000001000010000002000000000f40600000a14000000020a01"], 0x3c}, 0x1, 0x0, 0x0, 0x4011}, 0x4000094)
prlimit64(0x0, 0x0, 0x0, &(0x7f0000000180))
r5 = socket$nl_route(0x10, 0x3, 0x0)
sendmsg$nl_route(r5, &(0x7f0000000140)={0x0, 0x0, &(0x7f00000000c0)={&(0x7f0000002640)=@ipv4_newrule={0x24, 0x20, 0x301, 0x70bd2c, 0x25dfdbff, {0x2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x5, 0x10}, [@FRA_GENERIC_POLICY=@FRA_IP_PROTO={0x5, 0x16, 0x2c}]}, 0x24}}, 0x8800)
ioctl$KVM_CREATE_VM(r3, 0xae01, 0x37)
sendmsg$nl_route(r5, &(0x7f0000000280)={0x0, 0x0, &(0x7f0000000100)={&(0x7f0000000300)=ANY=[@ANYBLOB="3c0000001000390400"/20, @ANYRES32=0x0, @ANYBLOB="01980000031300001c0012800900010069706970000083000c00028008000300e00000015c413394c2cd647ccea14a0fa72abaaded37e53e987e722424214f79ed6432be46dbbcbf8bc3039a06c208aa6c7b8658e45d6d0c"], 0x3c}}, 0x0)
syz_usb_control_io(0xffffffffffffffff, 0x0, 0x0)
openat$nci(0xffffffffffffff9c, &(0x7f0000000240), 0x2, 0x0)
sendmsg$NFT_BATCH(0xffffffffffffffff, &(0x7f00000000c0)={0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x4000}, 0x4000000)

2.836675817s ago: executing program 4 (id=2439):
r0 = socket$nl_generic(0x10, 0x3, 0x10)
r1 = openat$vnet(0xffffffffffffff9c, &(0x7f0000000040), 0x2, 0x0)
sendmsg$nl_generic(r0, &(0x7f0000000100)={&(0x7f0000000000)={0x10, 0x0, 0x0, 0x100}, 0xc, &(0x7f00000000c0)={&(0x7f0000000080)={0x24, 0x2d, 0x400, 0x70bd25, 0x25dfdbfd, {0xf}, [@typed={0x8, 0x129, 0x0, 0x0, @ipv4=@local}, @typed={0x8, 0x8d, 0x0, 0x0, @fd=r1}]}, 0x24}, 0x1, 0x0, 0x0, 0x80}, 0x40)
socket$nl_generic(0x10, 0x3, 0x10)
r2 = socket$nl_generic(0x10, 0x3, 0x10)
sendmsg$nl_generic(r2, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000680)={&(0x7f00000001c0)={0x24, 0x23, 0x9, 0x70bd25, 0x25dfd3ff, {0x1}, [@typed={0x8, 0x1, 0x0, 0x0, @ipv4=@remote}, @typed={0x8, 0xb, 0x0, 0x0, @uid}]}, 0x24}, 0x1, 0x0, 0x0, 0x24040811}, 0x8410)
r3 = socket$nl_generic(0x10, 0x3, 0x10)
r4 = syz_genetlink_get_family_id$l2tp(&(0x7f0000000140), 0xffffffffffffffff)
r5 = socket$l2tp6(0xa, 0x2, 0x73)
sendmsg$L2TP_CMD_TUNNEL_CREATE(r3, &(0x7f0000000240)={0x0, 0x0, &(0x7f0000000200)={&(0x7f00000003c0)=ANY=[@ANYBLOB='<\x00\x00\x00', @ANYRES16=r4, @ANYBLOB="230900000000000000000100000005000700000000000800090000000000060002000100000008000a000000000008001700", @ANYRES32=r5], 0x3c}}, 0x0)
sendmsg$L2TP_CMD_TUNNEL_CREATE(r0, &(0x7f0000000200)={&(0x7f0000000140)={0x10, 0x0, 0x0, 0x800}, 0xc, &(0x7f00000001c0)={&(0x7f0000000280)=ANY=[@ANYBLOB='$\x00\x00\x00', @ANYRES16=r4, @ANYBLOB="01002cbd18842000f8ffffffffffff0000000000000000000000000000006449ab5e4166bd2efb37d089218fc1d9d17a0913fea0626ba0052a527aaf51f48a23ac5ed9db89e559e3b01fb12badf767db8897d190a3f65e84c8b6712f377d3eb1406c5c9e6f5016628e1e"], 0x24}, 0x1, 0x0, 0x0, 0x8000081}, 0x40)

2.835500913s ago: executing program 2 (id=2440):
r0 = openat$cgroup_ro(0xffffffffffffff9c, 0x0, 0x26e1, 0x0)
socketpair$unix(0x1, 0x3, 0x0, &(0x7f0000000080)={<r1=>0xffffffffffffffff, <r2=>0xffffffffffffffff})
madvise(&(0x7f0000000000/0x800000)=nil, 0x800000, 0xe)
bpf$MAP_CREATE(0x0, &(0x7f0000000200)=@bloom_filter={0x1e, 0x7, 0x4, 0x80000001, 0x51, r0, 0x80, '\x00', 0x0, r0, 0x2, 0x4, 0x0, 0xa}, 0x50)
vmsplice(0xffffffffffffffff, &(0x7f0000e79000)=[{&(0x7f00003fb000)="f7", 0x7ffff000}], 0x1, 0x0)
syz_clone3(&(0x7f0000000680)={0x1000, 0x0, 0x0, 0x0, {0x13}, 0x0, 0x0, 0x0, 0x0}, 0x58)
mremap(&(0x7f000020e000/0x2000)=nil, 0x2000, 0x400000, 0x3, &(0x7f000082a000/0x400000)=nil)
mbind(&(0x7f0000400000/0xc00000)=nil, 0xc00000, 0x1, 0x0, 0x0, 0x2)
connect$unix(r1, &(0x7f0000000180)=@file={0x0, './bus\x00'}, 0x6e)
r3 = openat$nullb(0xffffffffffffff9c, &(0x7f0000000000), 0xa402, 0x0)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0x3000009, 0x38011, r3, 0x0)
madvise(&(0x7f0000000000/0xc00000)=nil, 0xc00000, 0xe)
syz_open_procfs(0x0, &(0x7f00000000c0)='net/dev_snmp6\x00')
mprotect(&(0x7f0000000000/0x800000)=nil, 0x800000, 0x2)
sendmmsg$unix(r2, &(0x7f00000bd000), 0x318, 0x0)
r4 = openat$iommufd(0xffffffffffffff9c, &(0x7f0000000000), 0x101000, 0x0)
ioctl$IOMMU_GET_HW_INFO(r4, 0x3b8a, &(0x7f0000000040)={0x28, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2000000})
recvmmsg(r1, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
r5 = epoll_create1(0x80000)
epoll_ctl$EPOLL_CTL_ADD(0xffffffffffffffff, 0x1, r2, &(0x7f0000000100)={0x20000014})
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
sched_setattr(0x0, &(0x7f0000000280)={0x38, 0x6, 0x8, 0x8001, 0x0, 0x9, 0x0, 0xfffffe0000000001, 0xfa0e, 0xffffffff}, 0x0)
socket$netlink(0x10, 0x3, 0x0)
socket$nl_generic(0x10, 0x3, 0x10)
set_mempolicy(0x4005, 0x0, 0x4)
bpf$MAP_CREATE(0x0, 0x0, 0x0)
r6 = socket$nl_generic(0x10, 0x3, 0x10)
sendmsg$nl_generic(r6, &(0x7f0000000100)={0x0, 0x0, &(0x7f0000000040)={&(0x7f0000000080)={0x20, 0x2e, 0x9, 0x70bd27, 0x0, {0x4}, [@typed={0xc, 0x9, 0x0, 0x0, @u64=0x744a}]}, 0x20}, 0x1, 0x0, 0x0, 0x42804}, 0x0)
bpf$PROG_LOAD(0x5, &(0x7f0000000700)={0x1, 0x21, &(0x7f0000000a40)=ANY=[], &(0x7f0000000000)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback=0x10, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
poll(&(0x7f0000000140)=[{r5}, {r2, 0x2cfc08c20dafc34e}], 0x2, 0x8000007)

2.676676394s ago: executing program 4 (id=2441):
r0 = socket$inet_tcp(0x2, 0x1, 0x0)
bind$inet(r0, &(0x7f0000000040)={0x2, 0x4e21, @local}, 0x47)
r1 = socket$kcm(0x2, 0x200000000000001, 0x106)
setsockopt$sock_attach_bpf(r1, 0x1, 0x7, 0x0, 0x0)
r2 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000080), 0x400, 0x0)
r3 = ioctl$KVM_CREATE_VM(r2, 0xae01, 0x0)
ioctl$KVM_REINJECT_CONTROL(r3, 0xae71, &(0x7f0000000000)={0x4})
r4 = socket$inet_mptcp(0x2, 0x1, 0x106)
bind$inet(r4, 0x0, 0x0)
socketpair$unix(0x1, 0x3, 0x0, &(0x7f0000000080)={<r5=>0xffffffffffffffff, <r6=>0xffffffffffffffff})
connect$unix(r5, &(0x7f000057eff8)=@abs, 0x6e)
sendmmsg$unix(r6, &(0x7f00000bd000), 0x318, 0x0)
recvmmsg(r5, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
syz_emit_ethernet(0x87, 0x0, 0x0)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
setsockopt$IPT_SO_SET_REPLACE(0xffffffffffffffff, 0x0, 0x40, 0x0, 0x0)
sched_setattr(0x0, &(0x7f0000000240)={0x38, 0x6, 0x8, 0x8001, 0x0, 0xb3, 0x4, 0xfffffe0000000001, 0x7, 0xffffffff}, 0x0)
r7 = socket$inet6_sctp(0xa, 0x1, 0x84)
getsockopt$inet_sctp6_SCTP_SOCKOPT_CONNECTX3(r7, 0x84, 0x6f, &(0x7f0000000280)={0x0, 0x1c, &(0x7f0000000100)=[@in6={0xa, 0x4e23, 0x4, @dev={0xfe, 0x80, '\x00', 0x38}, 0x9}]}, 0x0)
shutdown(r7, 0x2)
madvise(&(0x7f0000000000/0x3000)=nil, 0x7fffffffffffffff, 0x3)
add_key$user(&(0x7f0000000000), &(0x7f0000000340)={'syz', 0x2}, &(0x7f0000000480)="d25a9850a9a91163f76c5357f3bbadf2656e10d77f85d1028e60ab4e45b931e71645d3d636e82cfdeaadb674e1693d4a7de63820fefc4f787e272b122ebbff6884b3de82f8a3df9a2d0b67e46c349917110300b94240185146e52ac1540130161b6534e99e466173af4c775f", 0x6c, 0xfffffffffffffffe)
add_key$user(&(0x7f00000003c0), &(0x7f0000000440), &(0x7f00000000c0), 0xc9, 0xfffffffffffffffd)
keyctl$dh_compute(0x17, 0x0, &(0x7f00000000c0)=""/83, 0x53, 0x0)
ioctl$sock_SIOCGIFINDEX(0xffffffffffffffff, 0x8933, &(0x7f0000000180)={'syz_tun\x00'})
r8 = socket$nl_route(0x10, 0x3, 0x0)
sendmsg$nl_route(r8, &(0x7f0000000140)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000040)=@ipv4_delroute={0x44, 0x19, 0x901, 0x0, 0x20, {0x2, 0x18, 0x0, 0x0, 0x0, 0x2, 0xfd, 0x1}, [@RTA_DST={0x8, 0x1, @dev}, @RTA_GATEWAY={0x8, 0x5, @rand_addr=0x64010100}, @RTA_ENCAP={0x10, 0x16, 0x0, 0x1, @RPL_IPTUNNEL_SRH={0xc, 0x1, {0x3, 0x8, 0x1, 0x8, 0x2}}}, @RTA_ENCAP_TYPE={0x6, 0x15, 0x4}]}, 0x44}}, 0x0)
bpf$MAP_CREATE(0x0, &(0x7f0000000540)=ANY=[@ANYBLOB, @ANYRES32, @ANYRES32=0x0, @ANYBLOB], 0x50)
bpf$MAP_CREATE(0x0, &(0x7f0000000700)=ANY=[@ANYBLOB="11000000040000000400000008"], 0x48)
socketpair(0x2b, 0x1, 0x0, 0x0)

2.659921994s ago: executing program 0 (id=2442):
r0 = socket$inet6_sctp(0xa, 0x5, 0x84)
setsockopt$inet6_IPV6_RTHDR(r0, 0x29, 0x39, &(0x7f0000000080)=ANY=[], 0x18)
socket$inet_udplite(0x2, 0x2, 0x88)
socketpair$unix(0x1, 0x3, 0x0, &(0x7f0000000080)={<r1=>0xffffffffffffffff, <r2=>0xffffffffffffffff})
connect$unix(r1, &(0x7f000057eff8)=@abs, 0x6e)
sendmmsg$unix(r2, &(0x7f00000bd000), 0x318, 0x0)
recvmmsg(r1, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
sched_setattr(0x0, &(0x7f0000000280)={0x38, 0x5, 0x8, 0x8004, 0x0, 0x9, 0x7, 0xfffffdffffffffff, 0xfa11, 0xffffffff}, 0x0)
sendmsg$nl_route_sched(0xffffffffffffffff, 0x0, 0x0)
r3 = openat$sysctl(0xffffffffffffff9c, &(0x7f0000000040)='/proc/sys/vm/drop_caches\x00', 0x1, 0x0)
writev(r3, &(0x7f00000000c0)=[{&(0x7f0000000140)='2', 0x1}], 0x1)
r4 = socket$nl_xfrm(0x10, 0x3, 0x6)
sendmsg$nl_xfrm(r4, &(0x7f0000000180)={0x0, 0x0, &(0x7f00000001c0)={0x0, 0x13c}, 0x1, 0x0, 0x0, 0x20000000}, 0x20040880)
write$rfkill(0xffffffffffffffff, &(0x7f0000000080)={0x0, 0x0, 0x3, 0x1}, 0x8)
sendmmsg$inet6(r0, &(0x7f00000034c0)=[{{0x0, 0x0, &(0x7f0000000040)}}, {{&(0x7f0000000240)={0xa, 0x4e23, 0x0, @mcast2, 0x7}, 0x1c, 0x0, 0x0, &(0x7f00000007c0)=[@rthdr={{0x28, 0x29, 0x39, {0x0, 0x2, 0x0, 0x0, 0x0, [@remote]}}}, @dstopts={{0x58, 0x29, 0x37, {0x3b, 0x7, '\x00', [@pad1, @calipso={0x7, 0x38, {0x3, 0xc, 0xfd, 0x1ff, [0x5, 0x9, 0x11d46c03, 0x0, 0x9, 0x5]}}]}}}], 0x80}}, {{&(0x7f0000002040)={0xa, 0x4e21, 0x9, @private0={0xfc, 0x0, '\x00', 0x1}, 0x1}, 0x1c, &(0x7f0000003400)=[{&(0x7f0000002080)}, {0x0}, {&(0x7f0000003200)="ac1d1cf19d45906f68c1dd6113c7f52a36e28747ec70422e8923892900f97440229182102e6f46b87f006e8853c18884acc070e724f9f802d19051a530358055ddd937e65e1143a87566c2ddf3dab6f3b3aab87e3a736d97c2cca3d85b680f1ac3b8715fdd96dd", 0x67}, {&(0x7f0000003300)}], 0x4, 0x0}}], 0x3, 0x4c040)
listen(0xffffffffffffffff, 0x6)
bpf$PROG_LOAD(0x5, &(0x7f0000000880)={0x1, 0x10, &(0x7f0000000740)=ANY=[@ANYBLOB="18000000000100000000000000010000b7080000000000007b8af8ff00000000b7080000001000007b8af0ff00000000bfa100000000000007010000f8ffffffbfa400000000000007040000f0ffffffb70200000800000018210000", @ANYRES32, @ANYBLOB="0000000000000000b70500000800000085000000b600000095"], &(0x7f0000000100)='GPL\x00', 0x0, 0x0, 0x0, 0x41100, 0x0, '\x00', 0x0, @fallback=0x16, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
connect$unix(0xffffffffffffffff, &(0x7f0000000000)=@file={0x1}, 0x6e)
setsockopt$inet_mreq(0xffffffffffffffff, 0x0, 0x23, &(0x7f0000000000)={@multicast1=0xe0000300, @local}, 0x8)

1.54736089s ago: executing program 0 (id=2443):
r0 = socket$nl_route(0x10, 0x3, 0x0)
sendmsg$nl_route(r0, &(0x7f0000000040)={0x0, 0x0, &(0x7f0000000100)={&(0x7f0000000080)=ANY=[@ANYBLOB="38000000180001bd000000000000000002000000fc00bd090000"], 0x38}}, 0x0)

1.395538319s ago: executing program 2 (id=2444):
syz_open_dev$sg(&(0x7f0000000000), 0x0, 0x0)
socketpair$unix(0x1, 0x3, 0x0, &(0x7f0000000080)={<r0=>0xffffffffffffffff, <r1=>0xffffffffffffffff})
connect$unix(r0, &(0x7f000057eff8)=@abs, 0x6e)
sendmmsg$unix(r1, &(0x7f00000bd000), 0x318, 0x0)
recvmmsg(r0, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
sched_setattr(0x0, &(0x7f0000000280)={0x38, 0x5, 0x8, 0x8001, 0x0, 0x0, 0x100000000000000, 0xfffffe0000000000, 0xfa11, 0xffffffff}, 0x0)
mkdir(&(0x7f00000000c0)='./file0\x00', 0x104)
sendmsg$BATADV_CMD_GET_NEIGHBORS(0xffffffffffffffff, 0x0, 0x4000000)
socket(0x6, 0xa, 0x4)
mmap(&(0x7f0000000000/0xfbe000)=nil, 0xfbe000, 0x2, 0x31, 0xffffffffffffffff, 0x0)
r2 = socket$nl_route(0x10, 0x3, 0x0)
r3 = userfaultfd(0x80001)
ioctl$UFFDIO_API(r3, 0xc018aa3f, &(0x7f00000000c0))
setsockopt$netlink_NETLINK_TX_RING(r2, 0x10e, 0xc, &(0x7f0000000040)={0x5b91, 0x6, 0x8001, 0x2000000}, 0x10)
sendmsg$nl_route(r2, &(0x7f0000000300)={0x0, 0x0, &(0x7f0000000000)={&(0x7f00000000c0)=ANY=[@ANYBLOB="440000001a0001000000fbdbdf250a8080"], 0x44}}, 0x10)
r4 = syz_open_dev$vim2m(&(0x7f0000000000), 0x800, 0x2)
ioctl$vim2m_VIDIOC_S_FMT(r4, 0xc0d05605, &(0x7f0000000540)={0x1, @vbi={0x7fff, 0x8, 0x1, 0x52424752, [0x4, 0x1000], [0xfffffffb, 0x5]}})
r5 = syz_open_dev$dri(&(0x7f0000000180), 0x7, 0x0)
openat$procfs(0xffffffffffffff9c, &(0x7f0000000100)='/proc/mdstat\x00', 0x0, 0x0)
r6 = syz_io_uring_setup(0x88f, &(0x7f0000000180)={0x0, 0x40c989, 0x20, 0xffffffdf, 0x175}, &(0x7f0000000000)=<r7=>0x0, &(0x7f0000000040)=<r8=>0x0)
syz_memcpy_off$IO_URING_METADATA_GENERIC(r7, 0x4, &(0x7f0000000080)=0xfffffffa, 0x0, 0x4)
syz_io_uring_submit(r7, r8, &(0x7f00000002c0)=@IORING_OP_POLL_ADD={0x6, 0x40, 0x0, @fd_index=0x3, 0x0, 0x0, 0x0, {0x8001}})
io_uring_enter(r6, 0x2b93, 0xf9d0, 0x22, 0x0, 0x0)
ioctl$DRM_IOCTL_MODE_CREATE_DUMB(r5, 0xc02064b2, &(0x7f0000000240)={0x2, 0x5, 0x40003})
openat$vmci(0xffffffffffffff9c, &(0x7f0000000140), 0x2, 0x0)
ioctl$DRM_IOCTL_MODE_CREATE_DUMB(r5, 0xc02064b2, &(0x7f0000000300)={0xa, 0x9, 0xf6})
linkat(0xffffffffffffffff, &(0x7f0000001940)='./file0/file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa/file0\x00', 0xffffffffffffffff, &(0x7f0000004040)='./file0/file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa/file0\x00', 0x400)
close(r5)

1.336761984s ago: executing program 0 (id=2445):
r0 = syz_io_uring_setup(0x237, &(0x7f0000000280)={0x0, 0x275, 0x400, 0x0, 0x2cf}, &(0x7f0000000040)=<r1=>0x0, &(0x7f0000000600)=<r2=>0x0)
syz_memcpy_off$IO_URING_METADATA_GENERIC(r1, 0x4, &(0x7f0000000180)=0xfffffffc, 0x0, 0x4)
sendmsg$rds(0xffffffffffffffff, &(0x7f00000001c0)={0x0, 0xfffffffffffffc95, &(0x7f00000000c0), 0x0, 0x0, 0x0, 0x20000800}, 0x400c0)
setsockopt$inet_sctp6_SCTP_PEER_ADDR_PARAMS(0xffffffffffffffff, 0x84, 0x9, &(0x7f00000001c0)={0x0, @in={{0x2, 0x0, @empty}}, 0x5, 0x12, 0x0, 0x3}, 0x9c)
r3 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000080)='cpu.stat\x00', 0x275a, 0x0)
write$UHID_CREATE2(r3, &(0x7f00000001c0)=ANY=[@ANYBLOB='3'], 0x118)
mmap(&(0x7f0000000000/0x3000)=nil, 0x3000, 0x5, 0x12, r3, 0x0)
socket$isdn(0x22, 0x3, 0x23)
syz_io_uring_submit(r1, r2, &(0x7f0000000000)=@IORING_OP_READV=@pass_iovec={0x1, 0x8, 0x0, @fd, 0x6, 0x0, 0x0, 0x1})
io_uring_enter(r0, 0x47ba, 0x0, 0x0, 0x0, 0x0)

1.336214933s ago: executing program 5 (id=2446):
syz_emit_ethernet(0x0, 0x0, 0x0)
socketpair$unix(0x1, 0x3, 0x0, &(0x7f0000000080)={<r0=>0xffffffffffffffff, <r1=>0xffffffffffffffff})
connect$unix(r0, &(0x7f000057eff8)=@abs, 0x6e)
sendmmsg$unix(r1, &(0x7f00000bd000), 0x318, 0x0)
openat$kvm(0xffffffffffffff9c, 0x0, 0x1000, 0x0)
recvmmsg(r0, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
ioctl$sock_SIOCGPGRP(r1, 0x8904, &(0x7f0000000180)=<r2=>0x0)
prctl$PR_SCHED_CORE(0x3e, 0x1, r2, 0x1, 0x0)
syz_open_dev$dri(0x0, 0x0, 0x28900)
r3 = socket$kcm(0x2, 0x3, 0x2)
ioctl$sock_SIOCETHTOOL(r3, 0x8946, &(0x7f0000000200)={'bond0\x00', &(0x7f0000000880)=@ethtool_per_queue_op={0x4b, 0x1d, [0x4, 0x8, 0xfffffff1, 0x8, 0x0, 0x1, 0x3e7, 0x5, 0x9, 0x6, 0x5, 0x6, 0x7ff, 0x4, 0x4, 0x3ff, 0x4, 0x8, 0xfffffffe, 0x4, 0x9, 0x4, 0x8, 0x1, 0xfffffa0c, 0x7, 0x8, 0x9be, 0x3, 0x3ff, 0xa, 0x14dc, 0x147, 0xd, 0x2, 0x3, 0x1, 0x0, 0x89, 0x1, 0x7, 0x5, 0x4, 0x4, 0x8, 0x80000000, 0x1005, 0x100, 0x5, 0x19dd, 0x7, 0x3ff, 0x588, 0x6, 0xf667, 0xfffffffc, 0x5, 0x8, 0x7f, 0x6, 0xc8, 0x6, 0x0, 0xc3, 0x4, 0x10, 0xffffffa8, 0x1, 0x5, 0x1, 0x5, 0x83, 0xe39, 0xcf, 0x10, 0x401, 0x41267e2a, 0x7, 0x2a, 0x71c9, 0x3, 0x321, 0xfffffeff, 0x7f, 0x66, 0x1c24, 0xff, 0x9, 0x4, 0x2, 0x3, 0xff, 0x100, 0x126, 0x6, 0x8, 0xc, 0xc, 0x4, 0x8, 0xffffffc0, 0x1, 0x10001, 0x5, 0x4, 0x4e27, 0x6fb26e6, 0x0, 0x8356, 0x0, 0x100009, 0x9b7, 0x1, 0x80000001, 0x7f, 0xea, 0x6, 0x80000000, 0xff, 0x7, 0x4da8e6f3, 0x5, 0x10001, 0x8, 0x69e4, 0x80000001, 0xfffffff4, 0x100], "81be740924d2e750097e7928e499c6c74ccfe9134767046ad485ecb22b963519b784ba7509ded29466e9ee30a6c4e51b5795b65c07e2bba6d08f2ecec6b3b0d0aaf707bff22fc2bdd0676c020d98f2936679e91e"}})
openat$ptmx(0xffffffffffffff9c, 0x0, 0xc044, 0x0)
r4 = syz_io_uring_setup(0xad3, &(0x7f00000002c0)={0x0, 0x3594, 0x10, 0x1003, 0x21e}, &(0x7f0000000240)=<r5=>0x0, &(0x7f0000000340)=<r6=>0x0)
syz_memcpy_off$IO_URING_METADATA_GENERIC(r5, 0x4, &(0x7f0000000080)=0x2a5cc081, 0x0, 0x4)
syz_io_uring_submit(r5, r6, &(0x7f00000004c0)=@IORING_OP_PROVIDE_BUFFERS={0x1f, 0x4, 0x0, 0x80, 0x2, 0x0, 0x127, 0x0, 0x1, {0x1}})
io_uring_enter(r4, 0x6efc, 0x3900, 0xb, 0x0, 0x0)
io_uring_register$IORING_REGISTER_SYNC_CANCEL(r4, 0x18, &(0x7f00000000c0)={0x1, 0xffffffffffffffff, 0x0, {0x5, 0x5}, 0x1}, 0x1)
socket$nl_xfrm(0x10, 0x3, 0x6)
mmap(&(0x7f0000000000/0xfbe000)=nil, 0xfbe000, 0x2, 0x31, 0xffffffffffffffff, 0x0)
r7 = openat$vhost_vsock(0xffffffffffffff9c, &(0x7f0000000580), 0x2, 0x0)
ioctl$VHOST_VSOCK_SET_RUNNING(r7, 0x4004af61, 0x0)
close(0x3)
r8 = socket(0x2, 0x80805, 0x0)
r9 = socket$inet6_sctp(0xa, 0x5, 0x84)
shutdown(r9, 0x0)
getsockopt$inet_sctp6_SCTP_RESET_STREAMS(r8, 0x84, 0x77, &(0x7f0000000540)={0x0, 0x1, 0x2, [0x0, 0x8]}, &(0x7f0000000580)=0xc)
close(0x3)
getsockopt$inet_sctp6_SCTP_SOCKOPT_CONNECTX3(r9, 0x84, 0x6f, &(0x7f0000000200)={<r10=>0x0, 0x10, &(0x7f00000001c0)=[@in={0x2, 0x4e23, @rand_addr=0x64010100}]}, &(0x7f0000000140)=0x10)
getsockopt$inet_sctp6_SCTP_PRIMARY_ADDR(r9, 0x84, 0x7a, &(0x7f0000000340)={r10, @in={{0x2, 0x4e24, @local}}}, &(0x7f0000000040)=0x84)
sendmmsg$inet_sctp(r8, &(0x7f0000000600)=[{0x0, 0x0, 0x0, 0x0, &(0x7f0000000700)=ANY=[@ANYBLOB="30000000000000008400000001000000000000017c"], 0x30, 0x180}], 0x1, 0x0)

958.644023ms ago: executing program 6 (id=2447):
r0 = socket$nl_route(0x10, 0x3, 0x0)
ioctl$sock_SIOCGIFINDEX(r0, 0x8933, &(0x7f0000000180)={'netdevsim0\x00', <r1=>0x0})
sendmsg$nl_route(r0, &(0x7f0000000840)={0x0, 0x0, &(0x7f0000000000)={&(0x7f00000002c0)=ANY=[@ANYBLOB="800000001000030400"/20, @ANYRES32=0x0, @ANYBLOB="00000000000000005000128009000100766c616e000000004000028006000100000ffe00340003800c0001000ffe0000000000000c00010094040000000000000c00010000010000000000000c000100060000000000000008000500", @ANYRES32=r1, @ANYBLOB="080003"], 0x80}}, 0x8000)

673.267502ms ago: executing program 0 (id=2448):
r0 = socket$nl_netfilter(0x10, 0x3, 0xc)
sendmsg$NFT_BATCH(r0, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000040)={&(0x7f0000000480)=ANY=[@ANYBLOB="140000001000010000000000000000000500000a20000000000a01020000000000000000010080030900010073797a300000000034000000030a01010000000000030000010000000900010073797a30000000000900030073797a320000000008000b4000000003b0000000060a010400000000000000000100000008000b400000000388000480340001800b000100657874686472000024000280080001400000000c080003400000000008000440000000220500020007000000500001800c000100626974776973650040000280080003400000000208000140ed00001408000240000000122000048004000100150001001be760703b32608b49425f4275e5b5ecfa000000040005800900010073797a30"], 0x12c}}, 0x20008000)

571.028492ms ago: executing program 6 (id=2449):
r0 = syz_open_procfs(0x0, &(0x7f0000002280)='net/ip_mr_cache\x00')
r1 = syz_open_dev$sndctrl(&(0x7f0000000000), 0x802, 0x100)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0)
mlock2(&(0x7f0000627000/0x3000)=nil, 0x3000, 0x0)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
socketpair$unix(0x1, 0x3, 0x0, &(0x7f0000000080)={<r2=>0xffffffffffffffff, <r3=>0xffffffffffffffff})
connect$unix(r2, &(0x7f000057eff8)=@file={0x0, './file0\x00'}, 0x6e)
sendmmsg$unix(r3, &(0x7f00000bd000), 0x318, 0x0)
recvmmsg(r2, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
socket(0x840000000002, 0x3, 0xfa)
sched_setattr(0x0, &(0x7f0000000040)={0x38, 0x5, 0x9, 0x6, 0x0, 0xb49, 0x9, 0x8, 0x2, 0x3}, 0x0)
r4 = socket$nl_netfilter(0x10, 0x3, 0xc)
sendmsg$NFT_BATCH(r4, &(0x7f000000c2c0)={0x0, 0x0, &(0x7f0000000200)={&(0x7f00000003c0)=ANY=[@ANYBLOB="140000001000010000000000000000000000000a28000000000a0101000000005e1affd5020000000900010073797a300000000008000240000000032c000000030a01030000e6ff00000000020000100900010073797a30000000000900030073797a320000000014000000110001"], 0x7c}}, 0x0)
sendmsg$NFT_BATCH(r4, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000000040)={&(0x7f00000000c0)={{0x14, 0x10, 0x1, 0x0, 0x0, {0x5}}, [@NFT_MSG_NEWCHAIN={0x38, 0x3, 0xa, 0x3, 0x0, 0x0, {0x2}, [@NFTA_CHAIN_TABLE={0x9, 0x1, 'syz0\x00'}, @NFTA_CHAIN_NAME={0x9, 0x3, 'syz0\x00'}, @NFTA_CHAIN_HANDLE={0xc, 0x2, 0x1, 0x0, 0x1}]}], {0x14}}, 0x60}}, 0x0)
ioctl$sock_SIOCGIFINDEX(0xffffffffffffffff, 0x8933, &(0x7f0000000040)={'lo\x00'})
sendmsg$nl_route_sched(0xffffffffffffffff, 0x0, 0x4000)
sendmsg$nl_route_sched(0xffffffffffffffff, &(0x7f0000000040)={0x0, 0x0, &(0x7f0000000100)={0x0}}, 0x0)
mkdir(0x0, 0x22)
close_range(0xffffffffffffffff, 0xffffffffffffffff, 0x2)
ioctl$vim2m_VIDIOC_REQBUFS(r0, 0xc0145608, &(0x7f0000000300)={0x7, 0x2, 0x3})
unshare(0x62040200)
socket$inet6(0xa, 0x800000000000002, 0x0)
openat$iommufd(0xffffffffffffff9c, 0x0, 0x0, 0x0)
r5 = socket$nl_route(0x10, 0x3, 0x0)
bind$netlink(r5, &(0x7f00000001c0)={0x10, 0x0, 0x25dfdbfb, 0x200000}, 0xc)
sendmsg$nl_route(r5, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000180)={&(0x7f0000000600)=ANY=[@ANYBLOB="3000000010", @ANYRES16=r4, @ANYBLOB="15888844000700000dfb1088d4673b758647eb0200000000"], 0x30}, 0x1, 0x0, 0x0, 0x24000040}, 0x4000000)
ioctl$SNDRV_CTL_IOCTL_PCM_NEXT_DEVICE(r1, 0xc1205531, &(0x7f00000010c0)=""/4101)
r6 = syz_open_procfs(0x0, &(0x7f0000000100)='environ\x00')
fcntl$setstatus(r6, 0x4, 0x40800)

554.956971ms ago: executing program 0 (id=2450):
socket$nl_generic(0x10, 0x3, 0x10)
r0 = socket$xdp(0x2c, 0x3, 0x0)
setsockopt$XDP_TX_RING(r0, 0x11b, 0x3, 0x0, 0x0)
setsockopt$XDP_UMEM_REG(r0, 0x11b, 0x4, &(0x7f0000000100)={&(0x7f0000000000)=""/5, 0x204000, 0x1000}, 0x20)
socketpair$unix(0x1, 0x5, 0x0, &(0x7f0000000080))
socketpair$unix(0x1, 0x3, 0x0, &(0x7f0000000080)={<r1=>0xffffffffffffffff, <r2=>0xffffffffffffffff})
connect$unix(r1, &(0x7f000057eff8)=@abs, 0x6e)
sendmmsg$unix(r2, &(0x7f00000bd000), 0x318, 0x0)
recvmmsg(r1, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
syz_open_dev$video4linux(0x0, 0x7fff, 0x48b03)
sched_setattr(0x0, &(0x7f0000000280)={0x38, 0x5, 0x8, 0x2d03629c, 0x0, 0x9, 0x40000000000, 0xfffffe0000000001, 0x10000000, 0xffffffff}, 0x0)
socket$nl_netfilter(0x10, 0x3, 0xc)
openat$audio1(0xffffffffffffff9c, 0x0, 0x0, 0x0)
r3 = syz_open_procfs(0x0, &(0x7f00000000c0)='cgroup\x00')
lseek(r3, 0xffffff60, 0x1)
setsockopt$XDP_UMEM_FILL_RING(r0, 0x11b, 0x5, &(0x7f0000000040)=0x4000, 0x4)
bind$xdp(r0, &(0x7f00000002c0)={0x2c, 0xe}, 0x10)
socket$inet6_udplite(0xa, 0x2, 0x88)
r4 = openat$ttyprintk(0xffffffffffffff9c, &(0x7f0000000280), 0x22802, 0x0)
ioctl$TIOCSETD(r4, 0x5423, &(0x7f0000000240)=0xe)
ioctl$TCFLSH(r4, 0x540b, 0x0)
r5 = openat$sequencer(0xffffffffffffff9c, &(0x7f0000000000), 0x103001, 0x0)
write$sequencer(r5, &(0x7f0000000040)=[@generic={0xa}, @t={0x4, 0x0, 0x6, 0x81, @generic=0x5}, @s={0x5, @generic=0x1, 0x1f}], 0xd)
r6 = syz_usb_connect(0x0, 0x24, &(0x7f0000000300)=ANY=[@ANYBLOB="1201000003005740ed0b0011c3ec000000010902120001000000000904"], 0x0)
syz_usb_control_io(r6, 0x0, &(0x7f00000000c0)={0x84, &(0x7f0000000000)=ANY=[@ANYBLOB="00000100000005"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0})
syz_usb_control_io(r6, 0x0, 0x0)

0s ago: executing program 4 (id=2451):
r0 = socket$inet6_sctp(0xa, 0x5, 0x84)
setsockopt$inet6_IPV6_RTHDR(r0, 0x29, 0x39, &(0x7f0000000080)=ANY=[@ANYBLOB="00020201"], 0x18)
socket$inet_udplite(0x2, 0x2, 0x88)
socketpair$unix(0x1, 0x3, 0x0, &(0x7f0000000080)={<r1=>0xffffffffffffffff, <r2=>0xffffffffffffffff})
connect$unix(r1, &(0x7f000057eff8)=@abs, 0x6e)
sendmmsg$unix(r2, &(0x7f00000bd000), 0x318, 0x0)
recvmmsg(r1, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
sched_setattr(0x0, &(0x7f0000000280)={0x38, 0x5, 0x8, 0x8004, 0x0, 0x9, 0x7, 0xfffffdffffffffff, 0xfa11, 0xffffffff}, 0x0)
sendmsg$nl_route_sched(0xffffffffffffffff, 0x0, 0x0)
fsopen(0x0, 0x0)
syz_open_dev$vim2m(&(0x7f0000000200), 0x8, 0x2)
r3 = openat$sysctl(0xffffffffffffff9c, &(0x7f0000000040)='/proc/sys/vm/drop_caches\x00', 0x1, 0x0)
writev(r3, &(0x7f00000000c0)=[{&(0x7f0000000140)='2', 0x1}], 0x1)
r4 = socket$nl_xfrm(0x10, 0x3, 0x6)
sendmsg$nl_xfrm(r4, &(0x7f0000000180)={0x0, 0x0, &(0x7f00000001c0)={&(0x7f00000004c0)=ANY=[@ANYBLOB="3c010000190001000000000000000000e0000001000000000000000000000000fe8000000000000000000000000000aa4e2200000000", @ANYRES32=0x0, @ANYRES32=0x0, @ANYBLOB="00000000000000000104000000000000feffffffffffffff0300"/51], 0x13c}, 0x1, 0x0, 0x0, 0x20000000}, 0x20040880)
r5 = openat$rfkill(0xffffffffffffff9c, &(0x7f0000000040), 0x801, 0x0)
write$rfkill(r5, &(0x7f0000000080)={0x0, 0x0, 0x3, 0x1}, 0x8)
sendmmsg$inet6(r0, &(0x7f00000034c0), 0x0, 0x4c040)
bind$unix(0xffffffffffffffff, 0x0, 0x0)
listen(0xffffffffffffffff, 0x6)
r6 = bpf$MAP_CREATE_CONST_STR(0x0, 0x0, 0x48)
bpf$PROG_LOAD(0x5, &(0x7f0000000880)={0x1, 0x10, &(0x7f0000000740)=ANY=[@ANYBLOB="18000000000100000000000000010000b7080000000000007b8af8ff00000000b7080000001000007b8af0ff00000000bfa100000000000007010000f8ffffffbfa400000000000007040000f0ffffffb70200000800000018210000", @ANYRES32=r6], &(0x7f0000000100)='GPL\x00', 0x0, 0x0, 0x0, 0x41100, 0x0, '\x00', 0x0, @fallback=0x16, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
r7 = socket$unix(0x1, 0x1, 0x0)
connect$unix(r7, &(0x7f0000000000)=@file={0x1}, 0x6e)
setsockopt$inet_mreq(0xffffffffffffffff, 0x0, 0x23, &(0x7f0000000000)={@multicast1=0xe0000300, @local}, 0x8)

kernel console output (not intermixed with test programs):

dit(1772038987.928:2721): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=12674 comm="syz.2.1849" exe="/root/syz-executor" sig=0 arch=c000003e syscall=0 compat=0 ip=0x7f775eb9c629 code=0x7ffc0000
[  509.257821][   T30] audit: type=1326 audit(1772038987.928:2722): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=12674 comm="syz.2.1849" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f775eb9c629 code=0x7ffc0000
[  509.281844][   T30] audit: type=1326 audit(1772038987.928:2723): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=12674 comm="syz.2.1849" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f775eb9c629 code=0x7ffc0000
[  509.330200][   T30] audit: type=1326 audit(1772038987.928:2724): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=12674 comm="syz.2.1849" exe="/root/syz-executor" sig=0 arch=c000003e syscall=54 compat=0 ip=0x7f775eb9c629 code=0x7ffc0000
[  509.360363][   T30] audit: type=1326 audit(1772038987.928:2725): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=12674 comm="syz.2.1849" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f775eb9c629 code=0x7ffc0000
[  509.399258][   T30] audit: type=1326 audit(1772038987.928:2726): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=12674 comm="syz.2.1849" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f775eb9c629 code=0x7ffc0000
[  509.422399][ T8720] usb 3-1: new high-speed USB device number 72 using dummy_hcd
[  509.591325][ T8720] usb 3-1: config 0 interface 0 altsetting 0 has an endpoint descriptor with address 0xF4, changing to 0x84
[  509.610263][ T8720] usb 3-1: config 0 interface 0 altsetting 0 bulk endpoint 0x84 has invalid maxpacket 1023
[  509.626537][ T8720] usb 3-1: config 0 interface 0 altsetting 0 has an endpoint descriptor with address 0xBA, changing to 0x8A
[  509.644551][ T8720] usb 3-1: config 0 interface 0 altsetting 0 endpoint 0x8A has invalid wMaxPacketSize 0
[  509.673284][ T8720] usb 3-1: config 0 interface 0 altsetting 0 bulk endpoint 0x8A has invalid maxpacket 0
[  509.703427][ T8720] usb 3-1: New USB device found, idVendor=2294, idProduct=425b, bcdDevice=a2.10
[  509.718578][ T8720] usb 3-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  509.733425][ T8720] usb 3-1: Product: syz
[  509.745218][ T8720] usb 3-1: Manufacturer: syz
[  509.750250][ T8720] usb 3-1: SerialNumber: syz
[  509.782989][ T8720] usb 3-1: config 0 descriptor??
[  509.797153][T12676] raw-gadget.1 gadget.2: fail, usb_ep_enable returned -22
[  509.814653][ T8720] usb 3-1: ucan: probing device on interface #0
[  509.832042][ T8720] usb 3-1: ucan: invalid endpoint configuration
[  509.844513][ T8720] usb 3-1: ucan: probe failed; try to update the device firmware
[  510.020777][ T5879] usb 3-1: USB disconnect, device number 72
[  511.524357][T12696] netlink: 56 bytes leftover after parsing attributes in process `syz.5.1855'.
[  511.725334][ T8575] wlan0: Trigger new scan to find an IBSS to join
[  511.837837][T12701] syzkaller0: entered promiscuous mode
[  511.975244][T12701] syzkaller0: entered allmulticast mode
[  512.034995][T12697] tipc: Started in network mode
[  512.115751][T12697] tipc: Node identity 1e632836acef, cluster identity 4711
[  512.162701][T12697] tipc: Enabled bearer <eth:syzkaller0>, priority 0
[  512.275883][T12695] tipc: Resetting bearer <eth:syzkaller0>
[  512.281778][T12705] netlink: 8 bytes leftover after parsing attributes in process `syz.5.1857'.
[  512.316707][T12695] tipc: Disabling bearer <eth:syzkaller0>
[  512.473720][T12712] netlink: 28 bytes leftover after parsing attributes in process `syz.4.1860'.
[  512.493239][T12712] netlink: 28 bytes leftover after parsing attributes in process `syz.4.1860'.
[  512.533818][T12712] ip6gretap0: entered promiscuous mode
[  512.540707][T12712] syz_tun: entered promiscuous mode
[  512.565446][T12712] debugfs: 'hsr0' already exists in 'hsr'
[  512.565470][T12712] Cannot create hsr debugfs directory
[  512.570781][T12712] hsr0: Slave A (ip6gretap0) is not up; please bring it up to get a fully working HSR network
[  512.570805][T12712] hsr0: Slave B (syz_tun) is not up; please bring it up to get a fully working HSR network
[  512.777652][ T8582] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50
[  512.911639][T12722] PKCS7: Unknown OID: [4] 2.19.13055.1334505.0.0.0.0
[  512.919792][T12722] PKCS7: Only support pkcs7_signedData type
[  513.258076][T12733] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy
[  513.311232][T12733] misc raw-gadget: fail, usb_gadget_register_driver returned -16
[  513.423361][T12733] pimreg: tun_chr_ioctl cmd 1074025677
[  513.435136][ T8725] usb 3-1: new high-speed USB device number 73 using dummy_hcd
[  513.445691][T12733] pimreg: linktype set to 0
[  513.457747][T12733] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy
[  513.475311][T12733] misc raw-gadget: fail, usb_gadget_register_driver returned -16
[  513.575287][ T8725] usb 3-1: device descriptor read/64, error -71
[  513.815295][ T8725] usb 3-1: new high-speed USB device number 74 using dummy_hcd
[  513.965220][ T8725] usb 3-1: device descriptor read/64, error -71
[  514.085240][ T8725] usb usb3-port1: attempt power cycle
[  514.442242][ T8725] usb 3-1: new high-speed USB device number 75 using dummy_hcd
[  514.477508][T12750] syzkaller0: entered promiscuous mode
[  514.482802][ T8725] usb 3-1: device descriptor read/8, error -71
[  514.500885][T12750] syzkaller0: entered allmulticast mode
[  514.728072][ T8725] usb 3-1: new high-speed USB device number 76 using dummy_hcd
[  514.816009][ T5879] usb 5-1: new high-speed USB device number 65 using dummy_hcd
[  514.831750][ T8725] usb 3-1: device descriptor read/8, error -71
[  514.945695][ T8725] usb usb3-port1: unable to enumerate USB device
[  515.135125][ T5879] usb 5-1: Using ep0 maxpacket: 32
[  515.144938][ T5879] usb 5-1: unable to get BOS descriptor or descriptor too short
[  515.179524][ T5879] usb 5-1: config 1 interface 0 altsetting 8 endpoint 0x81 has an invalid bInterval 164, changing to 11
[  515.201005][ T5879] usb 5-1: config 1 interface 0 has no altsetting 0
[  515.321321][ T5879] usb 5-1: New USB device found, idVendor=05ac, idProduct=0259, bcdDevice= 0.40
[  515.335082][ T5879] usb 5-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  515.454821][ T5879] usb 5-1: Product: syz
[  515.459096][ T5879] usb 5-1: Manufacturer: syz
[  515.463684][ T5879] usb 5-1: SerialNumber: syz
[  515.733589][ T5879] input: bcm5974 as /devices/platform/dummy_hcd.4/usb5/5-1/5-1:1.0/input/input34
[  515.777887][ T5176] bcm5974 5-1:1.0: could not read from device
[  515.791945][ T5879] usb 5-1: USB disconnect, device number 65
[  515.799303][ T5176] bcm5974 5-1:1.0: could not read from device
[  515.816949][ T5176] bcm5974 5-1:1.0: could not read from device
[  515.903354][T12761] netlink: 16 bytes leftover after parsing attributes in process `syz.0.1878'.
[  516.045459][    C0] ip6_tunnel: ip6gre1 xmit: Local address not yet configured!
[  516.433429][T12772] netlink: 8 bytes leftover after parsing attributes in process `syz.4.1880'.
[  516.632218][T12776] netlink: 28 bytes leftover after parsing attributes in process `syz.6.1882'.
[  516.685784][   T63] wlan0: Trigger new scan to find an IBSS to join
[  516.747707][T12778] netlink: 48 bytes leftover after parsing attributes in process `syz.4.1881'.
[  516.940738][T12782] loop6: detected capacity change from 0 to 2640
[  516.942354][T12782] buffer_io_error: 27 callbacks suppressed
[  516.942370][T12782] Buffer I/O error on dev loop6, logical block 0, async page read
[  516.942406][T12782] Buffer I/O error on dev loop6, logical block 0, async page read
[  516.942432][T12782] Buffer I/O error on dev loop6, logical block 0, async page read
[  516.942459][T12782] Buffer I/O error on dev loop6, logical block 0, async page read
[  516.942485][T12782] Buffer I/O error on dev loop6, logical block 0, async page read
[  516.942527][T12782] Buffer I/O error on dev loop6, logical block 0, async page read
[  516.942564][T12782] Buffer I/O error on dev loop6, logical block 0, async page read
[  516.942588][T12782] Buffer I/O error on dev loop6, logical block 0, async page read
[  516.942603][T12782] ldm_validate_partition_table(): Disk read failed.
[  516.942627][T12782] Buffer I/O error on dev loop6, logical block 0, async page read
[  516.942655][T12782] Buffer I/O error on dev loop6, logical block 0, async page read
[  516.942722][T12782] Dev loop6: unable to read RDB block 0
[  516.942856][T12782]  loop6: unable to read partition table
[  516.943036][T12782] loop_reread_partitions: partition scan of loop6 (3�����) failed (rc=-5)
[  517.581277][T12794] tipc: Enabling of bearer <eth:syzkaller0> rejected, already enabled
[  517.895306][ T8725] usb 3-1: new high-speed USB device number 77 using dummy_hcd
[  517.938389][   T30] kauditd_printk_skb: 67 callbacks suppressed
[  517.938407][   T30] audit: type=1326 audit(1772038996.778:2794): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=12797 comm="syz.5.1890" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f6abfb9c629 code=0x7ffc0000
[  518.023993][   T30] audit: type=1326 audit(1772038996.808:2795): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=12797 comm="syz.5.1890" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f6abfb9c629 code=0x7ffc0000
[  518.060495][   T30] audit: type=1326 audit(1772038996.808:2796): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=12797 comm="syz.5.1890" exe="/root/syz-executor" sig=0 arch=c000003e syscall=16 compat=0 ip=0x7f6abfb9c629 code=0x7ffc0000
[  518.065184][ T8725] usb 3-1: device descriptor read/64, error -71
[  518.083331][ T8717] usb 7-1: new high-speed USB device number 2 using dummy_hcd
[  518.135699][   T30] audit: type=1326 audit(1772038996.808:2797): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=12797 comm="syz.5.1890" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f6abfb9c629 code=0x7ffc0000
[  518.159677][   T30] audit: type=1326 audit(1772038996.808:2798): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=12797 comm="syz.5.1890" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f6abfb9c629 code=0x7ffc0000
[  518.205529][T12814] netlink: 8 bytes leftover after parsing attributes in process `syz.0.1894'.
[  518.220588][T12814] batadv0: entered promiscuous mode
[  518.243321][T12814] 8021q: adding VLAN 0 to HW filter on device macvlan2
[  518.255620][ T8720] usb 6-1: new high-speed USB device number 61 using dummy_hcd
[  518.276595][   T30] audit: type=1326 audit(1772038996.808:2799): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=12797 comm="syz.5.1890" exe="/root/syz-executor" sig=0 arch=c000003e syscall=314 compat=0 ip=0x7f6abfb9c629 code=0x7ffc0000
[  518.284860][T12814] batadv0: left promiscuous mode
[  518.299335][ T8717] usb 7-1: device descriptor read/64, error -71
[  518.338463][   T30] audit: type=1326 audit(1772038996.808:2800): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=12797 comm="syz.5.1890" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f6abfb9c629 code=0x7ffc0000
[  518.365263][ T8725] usb 3-1: new high-speed USB device number 78 using dummy_hcd
[  518.376685][   T30] audit: type=1326 audit(1772038996.818:2801): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=12797 comm="syz.5.1890" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f6abfb9c629 code=0x7ffc0000
[  518.404005][   T30] audit: type=1326 audit(1772038996.818:2802): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=12797 comm="syz.5.1890" exe="/root/syz-executor" sig=0 arch=c000003e syscall=259 compat=0 ip=0x7f6abfb9c629 code=0x7ffc0000
[  518.431414][   T30] audit: type=1326 audit(1772038996.818:2803): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=12797 comm="syz.5.1890" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f6abfb9c629 code=0x7ffc0000
[  518.505176][ T8720] usb 6-1: Using ep0 maxpacket: 32
[  518.525164][ T8725] usb 3-1: device descriptor read/64, error -71
[  518.540549][ T8720] usb 6-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7
[  518.543288][T12819] netlink: 28 bytes leftover after parsing attributes in process `syz.0.1896'.
[  518.555928][ T8720] usb 6-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0
[  518.596048][ T8717] usb 7-1: new high-speed USB device number 3 using dummy_hcd
[  518.611323][ T8720] usb 6-1: New USB device found, idVendor=0403, idProduct=6030, bcdDevice= 0.00
[  518.615846][T12821] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy
[  518.628859][ T8720] usb 6-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  518.633194][T12821] misc raw-gadget: fail, usb_gadget_register_driver returned -16
[  518.637345][ T8725] usb usb3-port1: attempt power cycle
[  518.665278][ T8720] usb 6-1: config 0 descriptor??
[  518.735270][ T8717] usb 7-1: device descriptor read/64, error -71
[  518.855479][ T8717] usb usb7-port1: attempt power cycle
[  518.863508][T12826] tipc: Enabled bearer <eth:syzkaller0>, priority 0
[  518.872136][T12826] syzkaller0: entered promiscuous mode
[  518.885251][ T5886] usb 5-1: new high-speed USB device number 66 using dummy_hcd
[  518.898722][T12826] syzkaller0: entered allmulticast mode
[  518.911613][T12826] sch_tbf: burst 8 is lower than device syzkaller0 mtu (1514) !
[  518.930534][T12826] tipc: Resetting bearer <eth:syzkaller0>
[  518.941249][T12825] tipc: Resetting bearer <eth:syzkaller0>
[  518.961018][T12825] tipc: Disabling bearer <eth:syzkaller0>
[  519.025159][ T8725] usb 3-1: new high-speed USB device number 79 using dummy_hcd
[  519.046342][ T8725] usb 3-1: device descriptor read/8, error -71
[  519.065127][ T5886] usb 5-1: Using ep0 maxpacket: 32
[  519.072940][ T5886] usb 5-1: config 0 has an invalid interface number: 12 but max is 0
[  519.086358][ T5886] usb 5-1: config 0 has no interface number 0
[  519.097553][ T5886] usb 5-1: config 0 interface 12 has no altsetting 0
[  519.112690][ T5886] usb 5-1: New USB device found, idVendor=2c42, idProduct=1202, bcdDevice=85.40
[  519.129565][ T5886] usb 5-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  519.143292][ T5886] usb 5-1: Product: syz
[  519.150752][ T5886] usb 5-1: Manufacturer: syz
[  519.159275][ T5886] usb 5-1: SerialNumber: syz
[  519.176248][ T5886] usb 5-1: config 0 descriptor??
[  519.205179][ T8717] usb 7-1: new high-speed USB device number 4 using dummy_hcd
[  519.237369][ T8717] usb 7-1: device descriptor read/8, error -71
[  519.285209][ T8725] usb 3-1: new high-speed USB device number 80 using dummy_hcd
[  519.305776][ T8725] usb 3-1: device descriptor read/8, error -71
[  519.415650][ T8725] usb usb3-port1: unable to enumerate USB device
[  519.505388][ T8717] usb 7-1: new high-speed USB device number 5 using dummy_hcd
[  519.525788][ T8717] usb 7-1: device descriptor read/8, error -71
[  519.614266][T12828] syzkaller0: entered promiscuous mode
[  519.621210][T12828] syzkaller0: entered allmulticast mode
[  519.633822][T12828] tipc: Enabled bearer <eth:syzkaller0>, priority 0
[  519.640897][ T8717] usb usb7-port1: unable to enumerate USB device
[  519.652062][T12827] tipc: Resetting bearer <eth:syzkaller0>
[  519.669505][T12827] tipc: Disabling bearer <eth:syzkaller0>
[  520.411604][ T5886] f81534 5-1:0.12: f81534_get_register: reg: 1003 failed: -71
[  520.427599][ T5886] f81534 5-1:0.12: f81534_find_config_idx: read failed: -71
[  520.439210][ T5886] f81534 5-1:0.12: f81534_calc_num_ports: find idx failed: -71
[  520.447274][ T5886] f81534 5-1:0.12: probe with driver f81534 failed with error -71
[  520.470587][ T5886] usb 5-1: USB disconnect, device number 66
[  520.882570][ T8720] usbhid 6-1:0.0: can't add hid device: -71
[  520.882679][ T8720] usbhid 6-1:0.0: probe with driver usbhid failed with error -71
[  520.885568][ T8720] usb 6-1: USB disconnect, device number 61
[  520.977312][T12845] QAT: Invalid ioctl 1074328842
[  521.205174][ T5886] usb 3-1: new high-speed USB device number 81 using dummy_hcd
[  521.741564][   T63] wlan0: Trigger new scan to find an IBSS to join
[  521.762867][ T5886] usb 3-1: no configurations
[  521.770016][ T5886] usb 3-1: can't read configurations, error -22
[  521.995169][ T5886] usb 3-1: new high-speed USB device number 82 using dummy_hcd
[  522.207005][ T5886] usb 3-1: no configurations
[  522.211678][ T5886] usb 3-1: can't read configurations, error -22
[  522.226678][ T5886] usb usb3-port1: attempt power cycle
[  522.404186][T12869] netlink: 12 bytes leftover after parsing attributes in process `syz.6.1911'.
[  522.645284][ T5886] usb 3-1: new high-speed USB device number 83 using dummy_hcd
[  522.709779][ T5886] usb 3-1: no configurations
[  522.714380][ T5886] usb 3-1: can't read configurations, error -22
[  522.795376][ T8570] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50
[  522.843635][ T8724] usb 7-1: new high-speed USB device number 6 using dummy_hcd
[  522.875171][ T5886] usb 3-1: new high-speed USB device number 84 using dummy_hcd
[  522.906049][ T5886] usb 3-1: no configurations
[  522.910673][ T5886] usb 3-1: can't read configurations, error -22
[  522.918263][ T5886] usb usb3-port1: unable to enumerate USB device
[  523.005206][ T8724] usb 7-1: device descriptor read/64, error -71
[  523.115158][ T8725] usb 5-1: new high-speed USB device number 67 using dummy_hcd
[  523.216822][ T8720] usb 6-1: new full-speed USB device number 62 using dummy_hcd
[  523.245288][ T8724] usb 7-1: new high-speed USB device number 7 using dummy_hcd
[  523.265229][ T8725] usb 5-1: Using ep0 maxpacket: 32
[  523.272462][ T8725] usb 5-1: New USB device found, idVendor=17ef, idProduct=60a4, bcdDevice= 0.00
[  523.282664][ T8725] usb 5-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  523.296357][ T8725] usb 5-1: config 0 descriptor??
[  523.376980][ T8720] usb 6-1: config index 0 descriptor too short (expected 35577, got 27)
[  523.386409][ T8720] usb 6-1: config 1 has too many interfaces: 92, using maximum allowed: 32
[  523.399334][ T8720] usb 6-1: config 1 has an invalid descriptor of length 0, skipping remainder of the config
[  523.411518][ T8724] usb 7-1: device descriptor read/64, error -71
[  523.420306][ T8720] usb 6-1: config 1 has 1 interface, different from the descriptor's value: 92
[  523.429492][ T8720] usb 6-1: config 1 has no interface number 0
[  523.435963][ T8720] usb 6-1: New USB device found, idVendor=0e41, idProduct=5051, bcdDevice=d5.e8
[  523.445175][ T8720] usb 6-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  523.467325][ T8720] snd_usb_pod 6-1:1.1: Line 6 Pocket POD found
[  523.525598][ T8724] usb usb7-port1: attempt power cycle
[  523.667288][ T8720] snd_usb_pod 6-1:1.1: endpoint not available, using fallback values
[  523.677316][ T8720] snd_usb_pod 6-1:1.1: invalid control EP
[  523.683507][ T8720] snd_usb_pod 6-1:1.1: cannot start listening: -22
[  523.691286][ T8720] snd_usb_pod 6-1:1.1: Line 6 Pocket POD now disconnected
[  523.699408][ T8720] snd_usb_pod 6-1:1.1: probe with driver snd_usb_pod failed with error -22
[  523.714548][T12873] program syz.4.1913 is using a deprecated SCSI ioctl, please convert it to SG_IO
[  523.757216][ T8725] lenovo 0003:17EF:60A4.0014: item fetching failed at offset 5/6
[  523.766257][ T8725] lenovo 0003:17EF:60A4.0014: hid_parse failed
[  523.772796][ T8725] lenovo 0003:17EF:60A4.0014: probe with driver lenovo failed with error -22
[  523.875176][ T8724] usb 7-1: new high-speed USB device number 8 using dummy_hcd
[  523.905935][ T8724] usb 7-1: device descriptor read/8, error -71
[  523.923635][ T8725] usb 6-1: USB disconnect, device number 62
[  523.953374][T12873] netlink: 224 bytes leftover after parsing attributes in process `syz.4.1913'.
[  524.036532][ T8723] usb 5-1: USB disconnect, device number 67
[  524.155190][ T8724] usb 7-1: new high-speed USB device number 9 using dummy_hcd
[  524.186066][ T8724] usb 7-1: device descriptor read/8, error -71
[  524.296098][ T8724] usb usb7-port1: unable to enumerate USB device
[  524.484496][T12900] xt_bpf: check failed: parse error
[  525.602432][T12915] xt_CT: You must specify a L4 protocol and not use inversions on it
[  525.693346][ T8724] usb 5-1: new high-speed USB device number 68 using dummy_hcd
[  525.938798][ T8724] usb 5-1: Using ep0 maxpacket: 8
[  525.989278][ T8724] usb 5-1: New USB device found, idVendor=05f9, idProduct=ffff, bcdDevice=bc.ed
[  526.022976][ T8724] usb 5-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  526.053156][ T8724] usb 5-1: Product: syz
[  526.057391][ T8724] usb 5-1: Manufacturer: syz
[  526.061960][ T8724] usb 5-1: SerialNumber: syz
[  526.102365][ T8724] usb 5-1: config 0 descriptor??
[  526.354486][T12913] sctp: [Deprecated]: syz.4.1926 (pid 12913) Use of int in maxseg socket option.
[  526.354486][T12913] Use struct sctp_assoc_value instead
[  527.292121][T12934] netlink: 16 bytes leftover after parsing attributes in process `syz.2.1931'.
[  528.673945][ T8724] usbserial_generic 5-1:0.0: The "generic" usb-serial driver is only for testing and one-off prototypes.
[  528.700446][ T8724] usbserial_generic 5-1:0.0: Tell linux-usb@vger.kernel.org to add your device to a proper driver.
[  528.728115][ T8724] usbserial_generic 5-1:0.0: device has no bulk endpoints
[  528.896148][ T8724] usb 5-1: USB disconnect, device number 68
[  529.511001][T12966] syzkaller1: entered promiscuous mode
[  529.516845][T12966] syzkaller1: entered allmulticast mode
[  530.302799][T12980] syz.4.1944 (12980): drop_caches: 2
[  531.351923][T12986] netlink: 12 bytes leftover after parsing attributes in process `syz.0.1945'.
[  531.459119][T12988] netlink: 8 bytes leftover after parsing attributes in process `syz.5.1946'.
[  531.816264][T12995] netlink: 40 bytes leftover after parsing attributes in process `syz.5.1948'.
[  531.912388][T12997] netlink: 'syz.2.1951': attribute type 11 has an invalid length.
[  531.976011][T13002] netlink: 8 bytes leftover after parsing attributes in process `syz.0.1952'.
[  532.130940][T13004] netlink: 76 bytes leftover after parsing attributes in process `syz.6.1950'.
[  532.146028][T13004] netlink: 92 bytes leftover after parsing attributes in process `syz.6.1950'.
[  532.339965][T13012] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy
[  532.359118][T13012] misc raw-gadget: fail, usb_gadget_register_driver returned -16
[  532.494589][T13015] syz.2.1954 (13015): drop_caches: 2
[  532.851542][T13023] loop6: detected capacity change from 0 to 2640
[  532.868264][T13023] buffer_io_error: 11 callbacks suppressed
[  532.868282][T13023] Buffer I/O error on dev loop6, logical block 0, async page read
[  532.912397][T13023] Buffer I/O error on dev loop6, logical block 0, async page read
[  532.941344][T13023] Buffer I/O error on dev loop6, logical block 0, async page read
[  532.996471][T13023] Buffer I/O error on dev loop6, logical block 0, async page read
[  533.070622][T13023] Buffer I/O error on dev loop6, logical block 0, async page read
[  533.155907][T13026] netlink: 212348 bytes leftover after parsing attributes in process `syz.2.1958'.
[  533.244925][T13026] netlink: ct family unspecified
[  533.248370][T13023] Buffer I/O error on dev loop6, logical block 0, async page read
[  533.259183][T13023] Buffer I/O error on dev loop6, logical block 0, async page read
[  533.280402][T13023] Buffer I/O error on dev loop6, logical block 0, async page read
[  533.295256][T13030] netlink: 8 bytes leftover after parsing attributes in process `syz.4.1960'.
[  533.307447][T13023] ldm_validate_partition_table(): Disk read failed.
[  533.328851][T13030] batadv0: entered promiscuous mode
[  533.336325][T13030] 8021q: adding VLAN 0 to HW filter on device macvlan2
[  533.343467][T13023] Buffer I/O error on dev loop6, logical block 0, async page read
[  533.353572][T13030] batadv0: left promiscuous mode
[  533.358896][T13023] Buffer I/O error on dev loop6, logical block 0, async page read
[  533.369554][T13023] Dev loop6: unable to read RDB block 0
[  533.382230][T13023]  loop6: unable to read partition table
[  533.407291][T13023] loop_reread_partitions: partition scan of loop6 (3�����) failed (rc=-5)
[  533.689165][T13044] netlink: 16 bytes leftover after parsing attributes in process `syz.0.1962'.
[  533.729491][T13047] syz.2.1963 (13047): drop_caches: 2
[  533.789593][T13051] netlink: 56 bytes leftover after parsing attributes in process `syz.6.1966'.
[  534.755741][T13065] fuse: Bad value for 'user_id'
[  534.770583][T13065] fuse: Bad value for 'user_id'
[  535.526437][T13072] syzkaller1: left promiscuous mode
[  535.531701][T13072] syzkaller1: left allmulticast mode
[  535.988913][T13087] syzkaller1: entered promiscuous mode
[  535.994410][T13087] syzkaller1: entered allmulticast mode
[  536.914173][T13100] syz.5.1980 (13100): drop_caches: 2
[  536.922392][T13100] __nla_validate_parse: 4 callbacks suppressed
[  536.922414][T13100] netlink: 132 bytes leftover after parsing attributes in process `syz.5.1980'.
[  537.576789][T13106] netlink: 388 bytes leftover after parsing attributes in process `syz.2.1981'.
[  538.045335][ T8724] usb 3-1: new high-speed USB device number 85 using dummy_hcd
[  538.170104][T13115] syzkaller0: entered promiscuous mode
[  538.175754][T13115] syzkaller0: entered allmulticast mode
[  538.183976][T13115] tipc: Started in network mode
[  538.189801][T13115] tipc: Node identity 1671c7146244, cluster identity 4711
[  538.201339][T13115] tipc: Enabled bearer <eth:syzkaller0>, priority 0
[  538.230668][ T8724] usb 3-1: unable to get BOS descriptor or descriptor too short
[  538.242670][T13113] tipc: Resetting bearer <eth:syzkaller0>
[  538.265340][ T8724] usb 3-1: config 1 interface 0 altsetting 6 endpoint 0x81 has an invalid bInterval 127, changing to 10
[  538.295107][ T8724] usb 3-1: config 1 interface 0 altsetting 6 endpoint 0x81 has invalid maxpacket 1048, setting to 1024
[  538.390653][T13121] binder_alloc: 13119: pid 13119 spamming oneway? 1 buffers allocated for a total size of 4096
[  538.395162][ T8724] usb 3-1: config 1 interface 0 has no altsetting 0
[  538.455699][T13113] tipc: Disabling bearer <eth:syzkaller0>
[  538.474693][ T8724] usb 3-1: New USB device found, idVendor=1781, idProduct=0898, bcdDevice= 0.40
[  538.502534][ T8724] usb 3-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  538.528536][ T8724] usb 3-1: Product: syz
[  538.532764][ T8724] usb 3-1: Manufacturer: syz
[  538.545867][ T8724] usb 3-1: SerialNumber: syz
[  538.578240][T13107] raw-gadget.1 gadget.2: fail, usb_ep_enable returned -22
[  539.155216][ T8717] usb 5-1: new high-speed USB device number 69 using dummy_hcd
[  539.325503][ T8717] usb 5-1: Using ep0 maxpacket: 8
[  539.332746][ T8717] usb 5-1: config 179 has an invalid interface number: 65 but max is 0
[  539.343344][ T8717] usb 5-1: config 179 has no interface number 0
[  539.357493][ T8717] usb 5-1: config 179 interface 65 altsetting 0 endpoint 0xF has an invalid bInterval 0, changing to 7
[  539.380794][ T8717] usb 5-1: config 179 interface 65 altsetting 0 endpoint 0xF has invalid maxpacket 1025, setting to 1024
[  539.431453][ T8717] usb 5-1: config 179 interface 65 altsetting 0 endpoint 0x83 has an invalid bInterval 0, changing to 7
[  539.583132][ T8717] usb 5-1: config 179 interface 65 altsetting 0 endpoint 0x83 has invalid maxpacket 41728, setting to 1024
[  539.621523][ T8717] usb 5-1: config 179 interface 65 altsetting 0 has 2 endpoint descriptors, different from the interface descriptor's value: 23
[  539.712156][ T8717] usb 5-1: New USB device found, idVendor=12ab, idProduct=90a3, bcdDevice=1e.eb
[  539.722171][ T8717] usb 5-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  539.861421][T13141] PKCS7: Unknown OID: [4] 2.19.13055.1334505.0.0.0.0
[  539.868307][T13141] PKCS7: Only support pkcs7_signedData type
[  539.967918][T13129] raw-gadget.2 gadget.4: fail, usb_ep_enable returned -22
[  540.191804][T13146] netlink: 76 bytes leftover after parsing attributes in process `syz.0.1992'.
[  540.205643][T13146] netlink: 92 bytes leftover after parsing attributes in process `syz.0.1992'.
[  540.385293][ T8720] usb 5-1: USB disconnect, device number 69
[  540.385394][    C0] xpad 5-1:179.65: xpad_irq_in - usb_submit_urb failed with result -19
[  540.399762][    C0] xpad 5-1:179.65: xpad_irq_out - usb_submit_urb failed with result -19
[  540.547305][T13129] xt_CT: No such helper "netbios-ns"
[  540.599936][T13129] loop2: detected capacity change from 0 to 7
[  540.607338][T13129] Dev loop2: unable to read RDB block 7
[  540.614348][T13129]  loop2: unable to read partition table
[  540.665413][T13129] loop2: partition table beyond EOD, truncated
[  540.671633][T13129] loop_reread_partitions: partition scan of loop2 (�被x������ ) failed (rc=-5)
[  540.722245][ T8724] input: PXRC Flight Controller Adapter as /devices/platform/dummy_hcd.2/usb3/3-1/3-1:1.0/input/input35
[  540.761516][ T5191] Dev loop2: unable to read RDB block 7
[  540.774519][ T5191]  loop2: unable to read partition table
[  540.812944][ T5191] loop2: partition table beyond EOD, truncated
[  540.829971][ T8724] usb 3-1: USB disconnect, device number 85
[  540.830099][    C0] pxrc 3-1:1.0: pxrc_usb_irq - usb_submit_urb failed with result: -19
[  540.860630][ T5176] pxrc 3-1:1.0: pxrc_open - usb_submit_urb failed, error: -19
[  540.892432][ T5176] pxrc 3-1:1.0: pxrc_open - usb_submit_urb failed, error: -19
[  540.912586][ T5176] pxrc 3-1:1.0: pxrc_open - usb_submit_urb failed, error: -19
[  541.068429][T13155] syz.2.1994 (13155): drop_caches: 2
[  541.591900][T13155] tipc: Resetting bearer <eth:syzkaller0>
[  541.879669][T13170] syz.6.1998 (13170): drop_caches: 2
[  541.887525][T13170] netlink: 132 bytes leftover after parsing attributes in process `syz.6.1998'.
[  542.100896][T13168] bond5: (slave lo): enslaved VLAN challenged slave. Adding VLANs will be blocked as long as it is part of bond.
[  542.134270][T13168] A link change request failed with some changes committed already. Interface lo may have been left with an inconsistent configuration, please check.
[  542.515326][ T5879] usb 5-1: new high-speed USB device number 70 using dummy_hcd
[  542.626685][T13181] netlink: 28 bytes leftover after parsing attributes in process `syz.0.2001'.
[  542.635832][T13181] netlink: 28 bytes leftover after parsing attributes in process `syz.0.2001'.
[  542.667970][ T5879] usb 5-1: Using ep0 maxpacket: 16
[  542.715235][ T5879] usb 5-1: config 0 has no interfaces?
[  542.758091][ T5879] usb 5-1: New USB device found, idVendor=2040, idProduct=b138, bcdDevice= 1.42
[  542.800695][ T5879] usb 5-1: New USB device strings: Mfr=4, Product=0, SerialNumber=0
[  542.823817][ T5879] usb 5-1: Manufacturer: syz
[  542.840880][ T5879] usb 5-1: config 0 descriptor??
[  542.949367][T13193] syz.0.2004 (13193): drop_caches: 2
[  543.231464][T13195] netlink: 8 bytes leftover after parsing attributes in process `syz.2.2006'.
[  543.585747][T13203] PKCS7: Unknown OID: [4] 2.19.13055.1334505.0.0.0.0
[  543.592633][T13203] PKCS7: Only support pkcs7_signedData type
[  543.989104][T13207] netlink: 12 bytes leftover after parsing attributes in process `syz.2.2009'.
[  544.115925][T13209] netlink: 12 bytes leftover after parsing attributes in process `syz.2.2009'.
[  544.138024][T13207] bond6: entered promiscuous mode
[  544.205277][    C0] ip6_tunnel: ip6gre1 xmit: Local address not yet configured!
[  544.245235][T13209] netlink: 12 bytes leftover after parsing attributes in process `syz.2.2009'.
[  544.254928][T13207] 8021q: adding VLAN 0 to HW filter on device bond6
[  544.420046][T13210] bridge6: entered promiscuous mode
[  544.435677][T13210] bond6: (slave bridge6): Enslaving as an active interface with an up link
[  544.515216][ T5879] usb 5-1: USB disconnect, device number 70
[  544.702495][T13217] netlink: 48 bytes leftover after parsing attributes in process `syz.0.2012'.
[  544.913891][T13224] [U] 
[  544.916911][T13224] [U] 
[  544.919600][T13224] [U] 
[  544.922277][T13224] [U] 
[  544.962133][T13224] [U] 
[  544.964880][T13224] [U] 
[  544.967583][T13224] [U] 
[  544.970285][T13224] [U] 
[  545.003891][T13224] [U] 
[  545.006630][T13224] [U] 
[  545.009331][T13224] [U] 
[  545.037318][T13231] syzkaller0: entered promiscuous mode
[  545.042837][T13231] syzkaller0: entered allmulticast mode
[  545.057400][T13231] tipc: Enabled bearer <eth:syzkaller0>, priority 0
[  545.069131][T13229] tipc: Resetting bearer <eth:syzkaller0>
[  545.219595][T13238] syz.6.2015 (13238): drop_caches: 2
[  545.310763][T13229] tipc: Disabling bearer <eth:syzkaller0>
[  545.369624][T13237] tipc: Enabled bearer <eth:syzkaller0>, priority 0
[  545.381787][T13237] syzkaller0: entered promiscuous mode
[  545.388862][T13237] syzkaller0: entered allmulticast mode
[  545.593167][T13244] syz.0.2020 (13244): drop_caches: 2
[  545.771137][T13223] [U] 
[  545.992472][T13227] tipc: Resetting bearer <eth:syzkaller0>
[  546.114860][T13227] tipc: Disabling bearer <eth:syzkaller0>
[  546.418141][T13256] netdevsim netdevsim6: Firmware load for './file0/../file0/file0' refused, path contains '..' component
[  546.439217][T13256] netlink: 16 bytes leftover after parsing attributes in process `syz.6.2024'.
[  547.068197][T13266] PKCS7: Unknown OID: [4] 2.19.13055.1334505.0.0.0.0
[  547.074923][T13266] PKCS7: Only support pkcs7_signedData type
[  547.405739][T13270] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy
[  547.476055][T13270] misc raw-gadget: fail, usb_gadget_register_driver returned -16
[  547.485251][T13274] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy
[  547.585520][T13274] misc raw-gadget: fail, usb_gadget_register_driver returned -16
[  548.084314][T13281] netlink: 'syz.6.2030': attribute type 10 has an invalid length.
[  548.110031][T13281] team0: Port device dummy0 added
[  548.117761][T13281] netlink: 'syz.6.2030': attribute type 10 has an invalid length.
[  548.271678][T13281] team0: Failed to send port change of device dummy0 via netlink (err -105)
[  548.368205][T13281] team0: Failed to send options change via netlink (err -105)
[  548.376235][T13281] team0: Failed to send port change of device dummy0 via netlink (err -105)
[  548.385487][T13281] team0: Port device dummy0 removed
[  548.479034][   T30] kauditd_printk_skb: 99 callbacks suppressed
[  548.479051][   T30] audit: type=1326 audit(1772039027.318:2903): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=13289 comm="syz.5.2035" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f6abfb9c629 code=0x7ffc0000
[  548.734496][   T30] audit: type=1326 audit(1772039027.518:2904): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=13289 comm="syz.5.2035" exe="/root/syz-executor" sig=0 arch=c000003e syscall=257 compat=0 ip=0x7f6abfb9c629 code=0x7ffc0000
[  548.895509][T13298] netlink: 16 bytes leftover after parsing attributes in process `syz.6.2034'.
[  548.906579][T13298] netlink: 16 bytes leftover after parsing attributes in process `syz.6.2034'.
[  548.919017][T13298] netlink: 20 bytes leftover after parsing attributes in process `syz.6.2034'.
[  548.929824][   T30] audit: type=1326 audit(1772039027.518:2905): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=13289 comm="syz.5.2035" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f6abfb9c629 code=0x7ffc0000
[  549.169660][T13300] syz.0.2036 (13300): drop_caches: 2
[  549.186836][   T30] audit: type=1326 audit(1772039027.518:2906): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=13289 comm="syz.5.2035" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f6abfb9c629 code=0x7ffc0000
[  549.246791][ T8720] usb 6-1: new high-speed USB device number 63 using dummy_hcd
[  549.281966][   T30] audit: type=1326 audit(1772039027.538:2907): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=13289 comm="syz.5.2035" exe="/root/syz-executor" sig=0 arch=c000003e syscall=0 compat=0 ip=0x7f6abfb9c629 code=0x7ffc0000
[  549.371476][   T30] audit: type=1326 audit(1772039027.538:2908): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=13289 comm="syz.5.2035" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f6abfb9c629 code=0x7ffc0000
[  549.405601][   T30] audit: type=1326 audit(1772039027.538:2909): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=13289 comm="syz.5.2035" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f6abfb9c629 code=0x7ffc0000
[  549.439800][ T8720] usb 6-1: config 0 interface 0 altsetting 0 has an endpoint descriptor with address 0xF4, changing to 0x84
[  549.455977][ T8720] usb 6-1: config 0 interface 0 altsetting 0 bulk endpoint 0x84 has invalid maxpacket 1023
[  549.468542][   T30] audit: type=1326 audit(1772039027.568:2910): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=13289 comm="syz.5.2035" exe="/root/syz-executor" sig=0 arch=c000003e syscall=54 compat=0 ip=0x7f6abfb9c629 code=0x7ffc0000
[  549.494415][ T8720] usb 6-1: config 0 interface 0 altsetting 0 has an endpoint descriptor with address 0xBA, changing to 0x8A
[  549.506523][ T8720] usb 6-1: config 0 interface 0 altsetting 0 endpoint 0x8A has invalid wMaxPacketSize 0
[  549.518006][   T30] audit: type=1326 audit(1772039027.568:2911): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=13289 comm="syz.5.2035" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f6abfb9c629 code=0x7ffc0000
[  549.540588][ T8725] usb 7-1: new high-speed USB device number 10 using dummy_hcd
[  549.549054][ T8720] usb 6-1: config 0 interface 0 altsetting 0 bulk endpoint 0x8A has invalid maxpacket 0
[  549.585558][   T30] audit: type=1326 audit(1772039027.568:2912): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=13289 comm="syz.5.2035" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f6abfb9c629 code=0x7ffc0000
[  549.588990][ T8720] usb 6-1: New USB device found, idVendor=2294, idProduct=425b, bcdDevice=a2.10
[  549.640021][ T8720] usb 6-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  549.657020][ T8720] usb 6-1: Product: syz
[  549.675139][ T8720] usb 6-1: Manufacturer: syz
[  549.691593][ T8720] usb 6-1: SerialNumber: syz
[  549.719610][ T8725] usb 7-1: New USB device found, idVendor=0cf3, idProduct=9271, bcdDevice= 1.08
[  549.731285][ T8725] usb 7-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  549.810878][ T8720] usb 6-1: config 0 descriptor??
[  549.815933][ T8725] usb 7-1: Product: syz
[  549.825530][ T8725] usb 7-1: Manufacturer: syz
[  549.831489][T13291] raw-gadget.1 gadget.5: fail, usb_ep_enable returned -22
[  549.846802][ T8720] usb 6-1: ucan: probing device on interface #0
[  549.853198][ T8725] usb 7-1: SerialNumber: syz
[  549.864177][ T8720] usb 6-1: ucan: invalid endpoint configuration
[  549.887233][ T8725] usb 7-1: ath9k_htc: Firmware ath9k_htc/htc_9271-1.4.0.fw requested
[  549.907893][ T8720] usb 6-1: ucan: probe failed; try to update the device firmware
[  549.965784][ T8724] usb 7-1: ath9k_htc: Transferred FW: ath9k_htc/htc_9271-1.4.0.fw, size: 51008
[  550.052355][ T5879] usb 6-1: USB disconnect, device number 63
[  550.107215][T13306] FAULT_INJECTION: forcing a failure.
[  550.107215][T13306] name fail_usercopy, interval 1, probability 0, space 0, times 0
[  550.163788][T13306] CPU: 1 UID: 0 PID: 13306 Comm: syz.4.2039 Tainted: G             L      syzkaller #0 PREEMPT(full) 
[  550.163819][T13306] Tainted: [L]=SOFTLOCKUP
[  550.163824][T13306] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 02/12/2026
[  550.163830][T13306] Call Trace:
[  550.163836][T13306]  <TASK>
[  550.163841][T13306]  dump_stack_lvl+0xe8/0x150
[  550.163860][T13306]  should_fail_ex+0x412/0x560
[  550.163875][T13306]  _copy_from_user+0x2d/0xb0
[  550.163890][T13306]  ___sys_sendmsg+0x1c6/0x360
[  550.163909][T13306]  ? __pfx____sys_sendmsg+0x10/0x10
[  550.163939][T13306]  ? __fget_files+0x2a/0x420
[  550.163954][T13306]  ? __fget_files+0x3a0/0x420
[  550.163972][T13306]  __x64_sys_sendmsg+0x1bd/0x2a0
[  550.163988][T13306]  ? __pfx___x64_sys_sendmsg+0x10/0x10
[  550.164007][T13306]  ? __pfx_ksys_write+0x10/0x10
[  550.164023][T13306]  do_syscall_64+0x14d/0xf80
[  550.164039][T13306]  ? trace_irq_disable+0x3b/0x150
[  550.164054][T13306]  ? entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  550.164065][T13306]  ? clear_bhb_loop+0x40/0x90
[  550.164077][T13306]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  550.164087][T13306] RIP: 0033:0x7ff918f9c629
[  550.164098][T13306] Code: ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 e8 ff ff ff f7 d8 64 89 01 48
[  550.164107][T13306] RSP: 002b:00007ff919e06028 EFLAGS: 00000246 ORIG_RAX: 000000000000002e
[  550.164120][T13306] RAX: ffffffffffffffda RBX: 00007ff919215fa0 RCX: 00007ff918f9c629
[  550.164127][T13306] RDX: 0000000020000080 RSI: 00002000000001c0 RDI: 0000000000000003
[  550.164134][T13306] RBP: 00007ff919e06090 R08: 0000000000000000 R09: 0000000000000000
[  550.164141][T13306] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[  550.164147][T13306] R13: 00007ff919216038 R14: 00007ff919215fa0 R15: 00007ff91933fa48
[  550.164162][T13306]  </TASK>
[  550.652907][T13312] netlink: 124 bytes leftover after parsing attributes in process `syz.4.2041'.
[  550.744805][T13314] netlink: 'syz.2.2040': attribute type 21 has an invalid length.
[  550.752854][T13314] netlink: 132 bytes leftover after parsing attributes in process `syz.2.2040'.
[  550.795313][T13311] netlink: 124 bytes leftover after parsing attributes in process `syz.4.2041'.
[  550.860323][T13316] xt_bpf: check failed: parse error
[  550.932701][T13322] netlink: 8 bytes leftover after parsing attributes in process `syz.5.2044'.
[  551.170873][T13332] fuse: Bad value for 'group_id'
[  551.192453][T13332] fuse: Bad value for 'group_id'
[  551.405166][ T8724] usb 7-1: Service connection timeout for: 256
[  551.421554][ T8724] ath9k_htc 7-1:1.0: ath9k_htc: Unable to initialize HTC services
[  551.485954][ T8724] ath9k_htc: Failed to initialize the device
[  551.533527][ T8724] usb 7-1: ath9k_htc: USB layer deinitialized
[  552.056930][T13343] netlink: 28 bytes leftover after parsing attributes in process `syz.5.2050'.
[  552.178425][T13351] openvswitch: netlink: IP tunnel dst address not specified
[  552.246078][T13357] netlink: 8 bytes leftover after parsing attributes in process `syz.4.2052'.
[  552.732054][ T8725] usb 7-1: USB disconnect, device number 10
[  552.885174][T13369] FAULT_INJECTION: forcing a failure.
[  552.885174][T13369] name failslab, interval 1, probability 0, space 0, times 0
[  552.945591][T13369] CPU: 0 UID: 0 PID: 13369 Comm: syz.2.2056 Tainted: G             L      syzkaller #0 PREEMPT(full) 
[  552.945622][T13369] Tainted: [L]=SOFTLOCKUP
[  552.945629][T13369] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 02/12/2026
[  552.945640][T13369] Call Trace:
[  552.945648][T13369]  <TASK>
[  552.945657][T13369]  dump_stack_lvl+0xe8/0x150
[  552.945688][T13369]  should_fail_ex+0x412/0x560
[  552.945715][T13369]  should_failslab+0xa8/0x100
[  552.945739][T13369]  kmem_cache_alloc_node_noprof+0x8f/0x690
[  552.945768][T13369]  ? __alloc_skb+0x186/0x7d0
[  552.945791][T13369]  ? __alloc_skb+0x1d0/0x7d0
[  552.945813][T13369]  ? __local_bh_enable_ip+0xd0/0x130
[  552.945840][T13369]  __alloc_skb+0x1d0/0x7d0
[  552.945867][T13369]  netlink_sendmsg+0x5d4/0xb40
[  552.945898][T13369]  ? __pfx_netlink_sendmsg+0x10/0x10
[  552.945923][T13369]  ? aa_sock_msg_perm+0xf1/0x1b0
[  552.945947][T13369]  ? bpf_lsm_socket_sendmsg+0x9/0x20
[  552.945970][T13369]  ? __pfx_netlink_sendmsg+0x10/0x10
[  552.946003][T13369]  ____sys_sendmsg+0xa68/0xad0
[  552.946037][T13369]  ? __pfx_____sys_sendmsg+0x10/0x10
[  552.946072][T13369]  ? import_iovec+0x73/0xa0
[  552.946100][T13369]  ___sys_sendmsg+0x2a5/0x360
[  552.946129][T13369]  ? __pfx____sys_sendmsg+0x10/0x10
[  552.946183][T13369]  ? __fget_files+0x2a/0x420
[  552.946208][T13369]  ? __fget_files+0x3a0/0x420
[  552.946242][T13369]  __x64_sys_sendmsg+0x1bd/0x2a0
[  552.946270][T13369]  ? __pfx___x64_sys_sendmsg+0x10/0x10
[  552.946304][T13369]  ? __pfx_ksys_write+0x10/0x10
[  552.946330][T13369]  do_syscall_64+0x14d/0xf80
[  552.946357][T13369]  ? trace_irq_disable+0x3b/0x150
[  552.946381][T13369]  ? entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  552.946400][T13369]  ? clear_bhb_loop+0x40/0x90
[  552.946421][T13369]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  552.946439][T13369] RIP: 0033:0x7f775eb9c629
[  552.946466][T13369] Code: ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 e8 ff ff ff f7 d8 64 89 01 48
[  552.946482][T13369] RSP: 002b:00007f775fa1e028 EFLAGS: 00000246 ORIG_RAX: 000000000000002e
[  552.946503][T13369] RAX: ffffffffffffffda RBX: 00007f775ee15fa0 RCX: 00007f775eb9c629
[  552.946517][T13369] RDX: 0000000020000080 RSI: 00002000000001c0 RDI: 0000000000000003
[  552.946528][T13369] RBP: 00007f775fa1e090 R08: 0000000000000000 R09: 0000000000000000
[  552.946540][T13369] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[  552.946552][T13369] R13: 00007f775ee16038 R14: 00007f775ee15fa0 R15: 00007f775ef3fa48
[  552.946577][T13369]  </TASK>
[  553.501427][T13384] sg_write: data in/out 411065/130 bytes for SCSI command 0x89-- guessing data in;
[  553.501427][T13384]    program syz.6.2062 not setting count and/or reply_len properly
[  553.651205][T13384] loop6: detected capacity change from 0 to 2640
[  553.699157][T13384] buffer_io_error: 11 callbacks suppressed
[  553.699177][T13384] Buffer I/O error on dev loop6, logical block 0, async page read
[  553.735908][T13384] Buffer I/O error on dev loop6, logical block 0, async page read
[  553.743779][T13384] Buffer I/O error on dev loop6, logical block 0, async page read
[  553.764578][T13384] Buffer I/O error on dev loop6, logical block 0, async page read
[  553.779143][T13384] Buffer I/O error on dev loop6, logical block 0, async page read
[  553.788348][T13384] Buffer I/O error on dev loop6, logical block 0, async page read
[  553.796318][T13384] Buffer I/O error on dev loop6, logical block 0, async page read
[  553.825674][T13384] Buffer I/O error on dev loop6, logical block 0, async page read
[  553.838396][T13384] ldm_validate_partition_table(): Disk read failed.
[  553.856341][T13384] Buffer I/O error on dev loop6, logical block 0, async page read
[  553.884518][T13384] Buffer I/O error on dev loop6, logical block 0, async page read
[  553.912742][T13384] Dev loop6: unable to read RDB block 0
[  553.922917][T13384]  loop6: unable to read partition table
[  553.946632][T13384] loop_reread_partitions: partition scan of loop6 (3�����) failed (rc=-5)
[  554.475353][ T8725] usb 7-1: new high-speed USB device number 11 using dummy_hcd
[  554.635176][ T8723] usb 5-1: new high-speed USB device number 71 using dummy_hcd
[  554.643128][ T8725] usb 7-1: Using ep0 maxpacket: 16
[  554.650786][ T8725] usb 7-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config
[  554.662053][ T8725] usb 7-1: config 0 interface 0 altsetting 0 has 0 endpoint descriptors, different from the interface descriptor's value: 9
[  554.679160][ T8725] usb 7-1: New USB device found, idVendor=045e, idProduct=07da, bcdDevice= 0.00
[  554.694136][ T8725] usb 7-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  554.763255][T13412] netlink: 28 bytes leftover after parsing attributes in process `syz.5.2068'.
[  554.784750][T13412] netlink: 8 bytes leftover after parsing attributes in process `syz.5.2068'.
[  554.819329][ T8725] usb 7-1: config 0 descriptor??
[  554.838189][ T8723] usb 5-1: Using ep0 maxpacket: 32
[  554.843736][ T8725] usbhid 7-1:0.0: couldn't find an input interrupt endpoint
[  554.926250][ T8723] usb 5-1: New USB device found, idVendor=0fd9, idProduct=0025, bcdDevice=29.40
[  554.948628][ T8723] usb 5-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  554.990678][ T8723] usb 5-1: config 0 descriptor??
[  555.232187][ T8723] dvb-usb: found a 'Elgato EyeTV Sat' in cold state, will try to load a firmware
[  555.261923][ T8723] usb 5-1: Direct firmware load for dvb-usb-az6027-03.fw failed with error -2
[  555.277456][ T8723] usb 5-1: Falling back to sysfs fallback for: dvb-usb-az6027-03.fw
[  555.830649][T13424] netlink: 8 bytes leftover after parsing attributes in process `syz.2.2073'.
[  555.840884][ T8582] bond0: (slave bond_slave_0): interface is now down
[  555.848917][ T8582] bond0: (slave bond_slave_1): interface is now down
[  555.858012][T13424] 8021q: adding VLAN 0 to HW filter on device bond0
[  556.005309][   T63] bond0: (slave bond_slave_0): interface is now down
[  556.016465][   T63] bond0: (slave bond_slave_1): interface is now down
[  556.044425][   T63] bond0: now running without any active interface!
[  556.126185][   T30] kauditd_printk_skb: 58 callbacks suppressed
[  556.126205][   T30] audit: type=1326 audit(1772039034.968:2971): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=13430 comm="syz.5.2076" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f6abfb9c629 code=0x7ffc0000
[  556.182349][   T30] audit: type=1326 audit(1772039034.998:2972): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=13430 comm="syz.5.2076" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f6abfb9c629 code=0x7ffc0000
[  556.387618][T13437] PKCS7: Unknown OID: [4] 2.19.13055.1334505.0.0.0.0
[  556.394356][T13437] PKCS7: Only support pkcs7_signedData type
[  556.556196][   T30] audit: type=1326 audit(1772039035.088:2973): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=13430 comm="syz.5.2076" exe="/root/syz-executor" sig=0 arch=c000003e syscall=257 compat=0 ip=0x7f6abfb9c629 code=0x7ffc0000
[  556.649689][ T8725] usb 6-1: new high-speed USB device number 64 using dummy_hcd
[  556.663509][   T30] audit: type=1326 audit(1772039035.088:2974): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=13430 comm="syz.5.2076" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f6abfb9c629 code=0x7ffc0000
[  556.708803][   T30] audit: type=1326 audit(1772039035.088:2975): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=13430 comm="syz.5.2076" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f6abfb9c629 code=0x7ffc0000
[  556.735145][   T30] audit: type=1326 audit(1772039035.098:2976): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=13430 comm="syz.5.2076" exe="/root/syz-executor" sig=0 arch=c000003e syscall=0 compat=0 ip=0x7f6abfb9c629 code=0x7ffc0000
[  556.817123][   T30] audit: type=1326 audit(1772039035.098:2977): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=13430 comm="syz.5.2076" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f6abfb9c629 code=0x7ffc0000
[  556.841415][   T30] audit: type=1326 audit(1772039035.098:2978): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=13430 comm="syz.5.2076" exe="/root/syz-executor" sig=0 arch=c000003e syscall=41 compat=0 ip=0x7f6abfb9c629 code=0x7ffc0000
[  556.931148][ T8725] usb 6-1: no configurations
[  556.948890][ T8725] usb 6-1: can't read configurations, error -22
[  556.983078][   T30] audit: type=1326 audit(1772039035.098:2979): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=13430 comm="syz.5.2076" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f6abfb9c629 code=0x7ffc0000
[  557.140220][   T30] audit: type=1326 audit(1772039035.098:2980): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=13430 comm="syz.5.2076" exe="/root/syz-executor" sig=0 arch=c000003e syscall=49 compat=0 ip=0x7f6abfb9c629 code=0x7ffc0000
[  557.155153][ T8725] usb 6-1: new high-speed USB device number 65 using dummy_hcd
[  557.239253][ T8717] usb 7-1: USB disconnect, device number 11
[  557.337861][T13410] usb 3-1: new high-speed USB device number 86 using dummy_hcd
[  557.378642][ T8725] usb 6-1: no configurations
[  557.385935][ T8725] usb 6-1: can't read configurations, error -22
[  557.394306][ T8725] usb usb6-port1: attempt power cycle
[  557.453735][T13449] binder_alloc: 13448: binder_alloc_buf, no vma
[  557.476498][T13410] usb 3-1: device descriptor read/64, error -71
[  557.629795][T13455] delete_channel: no stack
[  557.765150][T13410] usb 3-1: new high-speed USB device number 87 using dummy_hcd
[  557.772798][ T8725] usb 6-1: new high-speed USB device number 66 using dummy_hcd
[  557.797236][ T8725] usb 6-1: no configurations
[  557.801914][ T8725] usb 6-1: can't read configurations, error -22
[  557.844624][T13460] netlink: 104 bytes leftover after parsing attributes in process `syz.0.2086'.
[  557.906058][T13410] usb 3-1: device descriptor read/64, error -71
[  557.935173][ T8725] usb 6-1: new high-speed USB device number 67 using dummy_hcd
[  557.942392][T13460] netlink: 116 bytes leftover after parsing attributes in process `syz.0.2086'.
[  557.953893][T13460] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy
[  557.957256][ T8725] usb 6-1: no configurations
[  557.969566][T13460] misc raw-gadget: fail, usb_gadget_register_driver returned -16
[  557.981860][T13460] kvm: kvm [13459]: vcpu0, guest rIP: 0x9114 Unhandled WRMSR(0xc2) = 0x9d00
[  557.990839][T13460] kvm: kvm [13459]: vcpu0, guest rIP: 0x9114 Unhandled WRMSR(0xc1) = 0x9d00
[  558.002904][ T8725] usb 6-1: can't read configurations, error -22
[  558.012942][ T8725] usb usb6-port1: unable to enumerate USB device
[  558.020733][T13410] usb usb3-port1: attempt power cycle
[  558.342841][T13463] FAULT_INJECTION: forcing a failure.
[  558.342841][T13463] name fail_usercopy, interval 1, probability 0, space 0, times 0
[  558.357985][T13463] CPU: 1 UID: 0 PID: 13463 Comm: syz.6.2087 Tainted: G             L      syzkaller #0 PREEMPT(full) 
[  558.358014][T13463] Tainted: [L]=SOFTLOCKUP
[  558.358018][T13463] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 02/12/2026
[  558.358025][T13463] Call Trace:
[  558.358030][T13463]  <TASK>
[  558.358035][T13463]  dump_stack_lvl+0xe8/0x150
[  558.358054][T13463]  should_fail_ex+0x412/0x560
[  558.358069][T13463]  _copy_from_iter+0x1d3/0x1670
[  558.358084][T13463]  ? rcu_is_watching+0x15/0xb0
[  558.358102][T13463]  ? __pfx__copy_from_iter+0x10/0x10
[  558.358119][T13463]  ? netlink_sendmsg+0x650/0xb40
[  558.358131][T13463]  ? skb_put+0x11b/0x210
[  558.358147][T13463]  netlink_sendmsg+0x6c0/0xb40
[  558.358163][T13463]  ? __pfx_netlink_sendmsg+0x10/0x10
[  558.358177][T13463]  ? aa_sock_msg_perm+0xf1/0x1b0
[  558.358190][T13463]  ? bpf_lsm_socket_sendmsg+0x9/0x20
[  558.358203][T13463]  ? __pfx_netlink_sendmsg+0x10/0x10
[  558.358215][T13463]  ____sys_sendmsg+0xa68/0xad0
[  558.358234][T13463]  ? __pfx_____sys_sendmsg+0x10/0x10
[  558.358252][T13463]  ? import_iovec+0x73/0xa0
[  558.358268][T13463]  ___sys_sendmsg+0x2a5/0x360
[  558.358285][T13463]  ? __pfx____sys_sendmsg+0x10/0x10
[  558.358315][T13463]  ? __fget_files+0x2a/0x420
[  558.358330][T13463]  ? __fget_files+0x3a0/0x420
[  558.358348][T13463]  __x64_sys_sendmsg+0x1bd/0x2a0
[  558.358365][T13463]  ? __pfx___x64_sys_sendmsg+0x10/0x10
[  558.358384][T13463]  ? __pfx_ksys_write+0x10/0x10
[  558.358400][T13463]  do_syscall_64+0x14d/0xf80
[  558.358415][T13463]  ? trace_irq_disable+0x3b/0x150
[  558.358430][T13463]  ? entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  558.358442][T13463]  ? clear_bhb_loop+0x40/0x90
[  558.358456][T13463]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  558.358466][T13463] RIP: 0033:0x7f110739c629
[  558.358477][T13463] Code: ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 e8 ff ff ff f7 d8 64 89 01 48
[  558.358486][T13463] RSP: 002b:00007f1108295028 EFLAGS: 00000246 ORIG_RAX: 000000000000002e
[  558.358499][T13463] RAX: ffffffffffffffda RBX: 00007f1107615fa0 RCX: 00007f110739c629
[  558.358506][T13463] RDX: 0000000020000080 RSI: 00002000000001c0 RDI: 0000000000000003
[  558.358514][T13463] RBP: 00007f1108295090 R08: 0000000000000000 R09: 0000000000000000
[  558.358520][T13463] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[  558.358526][T13463] R13: 00007f1107616038 R14: 00007f1107615fa0 R15: 00007f110773fa48
[  558.358542][T13463]  </TASK>
[  558.606836][T13410] usb 3-1: new high-speed USB device number 88 using dummy_hcd
[  558.635831][T13410] usb 3-1: device descriptor read/8, error -71
[  558.672840][T13465] netlink: 'syz.6.2088': attribute type 30 has an invalid length.
[  558.875822][T13410] usb 3-1: new high-speed USB device number 89 using dummy_hcd
[  558.895754][T13410] usb 3-1: device descriptor read/8, error -71
[  559.010990][T13410] usb usb3-port1: unable to enumerate USB device
[  559.080376][T13477] netlink: 16 bytes leftover after parsing attributes in process `syz.0.2091'.
[  559.275757][T13410] usb 7-1: new high-speed USB device number 12 using dummy_hcd
[  559.851287][T13482] netlink: 16 bytes leftover after parsing attributes in process `syz.5.2092'.
[  559.915454][T13410] usb 7-1: Using ep0 maxpacket: 16
[  559.921804][T13410] usb 7-1: config 0 has an invalid interface number: 105 but max is 0
[  559.930406][T13410] usb 7-1: config 0 has an invalid descriptor of length 25, skipping remainder of the config
[  559.968042][T13410] usb 7-1: config 0 has no interface number 0
[  559.997548][T13410] usb 7-1: New USB device found, idVendor=046c, idProduct=14e8, bcdDevice= b.28
[  560.586253][T13410] usb 7-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  560.599926][T13410] usb 7-1: Product: syz
[  560.606544][T13410] usb 7-1: Manufacturer: syz
[  560.625235][T13410] usb 7-1: SerialNumber: syz
[  560.636922][T13410] usb 7-1: config 0 descriptor??
[  560.645190][T13410] uvcvideo 7-1:0.105: probe with driver uvcvideo failed with error -22
[  560.913888][T13492] syzkaller1: entered promiscuous mode
[  560.939884][T13492] syzkaller1: entered allmulticast mode
[  561.106404][T13499] netlink: 36 bytes leftover after parsing attributes in process `syz.2.2098'.
[  561.106774][T13496] netlink: 'syz.0.2097': attribute type 30 has an invalid length.
[  561.296227][T13504] openvswitch: netlink: Flow actions may not be safe on all matching packets.
[  561.419018][T13504] netlink: set zone limit has 4 unknown bytes
[  561.420218][T13504] netlink: zone id is out of range
[  561.420293][T13504] netlink: zone id is out of range
[  561.420303][T13504] netlink: zone id is out of range
[  561.420312][T13504] netlink: zone id is out of range
[  561.420321][T13504] netlink: zone id is out of range
[  561.420346][T13504] netlink: zone id is out of range
[  561.478169][T13514] binder_alloc: 13512: binder_alloc_buf, no vma
[  561.893678][T13526] netlink: 'syz.2.2106': attribute type 10 has an invalid length.
[  561.930023][T13526] bridge0: port 3(netdevsim0) entered blocking state
[  561.940590][ T8725] usb 7-1: USB disconnect, device number 12
[  561.983141][T13526] bridge0: port 3(netdevsim0) entered disabled state
[  562.021603][T13526] netdevsim netdevsim2 netdevsim0: entered allmulticast mode
[  562.051396][T13526] netdevsim netdevsim2 netdevsim0: entered promiscuous mode
[  562.082646][T13533] netlink: 8 bytes leftover after parsing attributes in process `syz.4.2108'.
[  562.279875][T13541] netlink: 12 bytes leftover after parsing attributes in process `syz.0.2111'.
[  562.469934][T13548] sg_write: data in/out 411065/130 bytes for SCSI command 0x89-- guessing data in;
[  562.469934][T13548]    program syz.0.2114 not setting count and/or reply_len properly
[  562.595425][T13548] loop6: detected capacity change from 0 to 2640
[  562.617563][T13548] buffer_io_error: 11 callbacks suppressed
[  562.617580][T13548] Buffer I/O error on dev loop6, logical block 0, async page read
[  562.678493][T13548] Buffer I/O error on dev loop6, logical block 0, async page read
[  562.712066][T13548] Buffer I/O error on dev loop6, logical block 0, async page read
[  562.736622][T13557] netlink: 28 bytes leftover after parsing attributes in process `syz.2.2117'.
[  562.785214][T13548] Buffer I/O error on dev loop6, logical block 0, async page read
[  562.800144][ T1299] ieee802154 phy0 wpan0: encryption failed: -22
[  562.810059][T13548] Buffer I/O error on dev loop6, logical block 0, async page read
[  562.818159][ T1299] ieee802154 phy1 wpan1: encryption failed: -22
[  562.875172][T13548] Buffer I/O error on dev loop6, logical block 0, async page read
[  562.883219][T13548] Buffer I/O error on dev loop6, logical block 0, async page read
[  562.894196][T13548] Buffer I/O error on dev loop6, logical block 0, async page read
[  562.902311][T13548] ldm_validate_partition_table(): Disk read failed.
[  563.018189][T13548] Buffer I/O error on dev loop6, logical block 0, async page read
[  563.036246][T13548] Buffer I/O error on dev loop6, logical block 0, async page read
[  563.075899][T13548] Dev loop6: unable to read RDB block 0
[  563.339286][ T8717] usb 3-1: new high-speed USB device number 90 using dummy_hcd
[  563.459556][T13548]  loop6: unable to read partition table
[  563.465794][T13548] loop_reread_partitions: partition scan of loop6 (3�����) failed (rc=-5)
[  563.506176][ T8717] usb 3-1: Using ep0 maxpacket: 32
[  563.513261][ T8717] usb 3-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7
[  563.632527][ T8717] usb 3-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0
[  563.671544][ T8717] usb 3-1: New USB device found, idVendor=046d, idProduct=c31c, bcdDevice= 0.40
[  563.674605][T13562] binder_alloc: 13561: binder_alloc_buf, no vma
[  563.694025][ T8717] usb 3-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  563.731696][ T8717] usb 3-1: config 0 descriptor??
[  563.771002][ T8717] hub 3-1:0.0: USB hub found
[  563.986762][T13560] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy
[  564.009278][T13560] misc raw-gadget: fail, usb_gadget_register_driver returned -16
[  564.017337][ T8717] hub 3-1:0.0: config failed, can't read hub descriptor (err -90)
[  564.019448][T13576] netlink: 'syz.0.2124': attribute type 9 has an invalid length.
[  564.019468][T13576] netlink: 'syz.0.2124': attribute type 11 has an invalid length.
[  564.019482][T13576] netlink: 'syz.0.2124': attribute type 12 has an invalid length.
[  564.019498][T13576] netlink: 210020 bytes leftover after parsing attributes in process `syz.0.2124'.
[  564.019695][T13576] netlink: 4 bytes leftover after parsing attributes in process `syz.0.2124'.
[  564.030160][T13576] macvtap1: entered allmulticast mode
[  564.030354][T13576] netdevsim netdevsim0 netdevsim0: entered allmulticast mode
[  564.031638][T13576] netdevsim netdevsim0 netdevsim0: left allmulticast mode
[  564.222193][ T8717] usbhid 3-1:0.0: can't add hid device: -71
[  564.232060][ T8717] usbhid 3-1:0.0: probe with driver usbhid failed with error -71
[  564.286001][ T8717] usb 3-1: USB disconnect, device number 90
[  564.433348][T13586] netlink: 12 bytes leftover after parsing attributes in process `syz.6.2127'.
[  565.037740][T13594] Cannot find add_set index 0 as target
[  565.477863][T13601] netlink: 8 bytes leftover after parsing attributes in process `syz.5.2132'.
[  565.593168][T13598] netlink: 32 bytes leftover after parsing attributes in process `syz.4.2131'.
[  566.360126][T13609] netlink: 28 bytes leftover after parsing attributes in process `syz.6.2135'.
[  566.601356][T13615] binder_alloc: 13614: pid 13614 spamming oneway? 1 buffers allocated for a total size of 4096
[  567.392806][T13641] netlink: 388 bytes leftover after parsing attributes in process `syz.0.2143'.
[  567.935612][T13651] netlink: 36 bytes leftover after parsing attributes in process `syz.6.2149'.
[  568.798663][T13658] syz.6.2150 (13658): drop_caches: 2
[  568.885863][T13663] netlink: 8 bytes leftover after parsing attributes in process `syz.5.2152'.
[  569.787492][T13675] netlink: 8 bytes leftover after parsing attributes in process `syz.2.2156'.
[  572.137142][T13707] sg_write: data in/out 411065/130 bytes for SCSI command 0x89-- guessing data in;
[  572.137142][T13707]    program syz.0.2164 not setting count and/or reply_len properly
[  572.240653][T13706] loop5: detected capacity change from 0 to 7
[  572.255467][T13708] loop6: detected capacity change from 0 to 2640
[  572.278885][T13708] buffer_io_error: 11 callbacks suppressed
[  572.278897][T13708] Buffer I/O error on dev loop6, logical block 0, async page read
[  572.309226][T13706] Buffer I/O error on dev loop5, logical block 0, async page read
[  572.335706][T13706] Buffer I/O error on dev loop5, logical block 0, async page read
[  572.344798][T13706] Buffer I/O error on dev loop5, logical block 0, async page read
[  572.362866][T13708] Buffer I/O error on dev loop6, logical block 0, async page read
[  572.374587][T13708] Buffer I/O error on dev loop6, logical block 0, async page read
[  572.392041][T13706] Buffer I/O error on dev loop5, logical block 0, async page read
[  572.400606][T13706] Buffer I/O error on dev loop5, logical block 0, async page read
[  572.413023][T13708] Buffer I/O error on dev loop6, logical block 0, async page read
[  572.431757][T13708] Buffer I/O error on dev loop6, logical block 0, async page read
[  572.445299][T13708] ldm_validate_partition_table(): Disk read failed.
[  572.472377][T13706] ldm_validate_partition_table(): Disk read failed.
[  572.505276][T13706] Dev loop5: unable to read RDB block 0
[  572.522974][T13708] Dev loop6: unable to read RDB block 0
[  572.536103][T13706]  loop5: unable to read partition table
[  572.592661][T13706] loop5: partition table beyond EOD, truncated
[  572.602649][T13706] loop_reread_partitions: partition scan of loop5 (���������S�j̖�P=ý?�}X���	���%��`��ր����5) failed (rc=-5)
[  572.605329][T13708]  loop6: unable to read partition table
[  572.651550][T13708] loop_reread_partitions: partition scan of loop6 (3�����) failed (rc=-5)
[  572.695921][T13717] netlink: 388 bytes leftover after parsing attributes in process `syz.2.2165'.
[  572.740880][ T5191] ldm_validate_partition_table(): Disk read failed.
[  572.750597][ T5191] Dev loop6: unable to read RDB block 0
[  572.757848][ T5191]  loop6: unable to read partition table
[  573.041261][T13724] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy
[  573.051289][T13725] FAULT_INJECTION: forcing a failure.
[  573.051289][T13725] name fail_usercopy, interval 1, probability 0, space 0, times 0
[  573.065743][T13724] misc raw-gadget: fail, usb_gadget_register_driver returned -16
[  573.073775][T13725] CPU: 0 UID: 0 PID: 13725 Comm: syz.4.2167 Tainted: G             L      syzkaller #0 PREEMPT(full) 
[  573.073803][T13725] Tainted: [L]=SOFTLOCKUP
[  573.073809][T13725] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 02/12/2026
[  573.073821][T13725] Call Trace:
[  573.073829][T13725]  <TASK>
[  573.073837][T13725]  dump_stack_lvl+0xe8/0x150
[  573.073866][T13725]  should_fail_ex+0x412/0x560
[  573.073891][T13725]  _copy_from_user+0x2d/0xb0
[  573.073917][T13725]  __sys_sendto+0x2af/0x7a0
[  573.073945][T13725]  ? __pfx___sys_sendto+0x10/0x10
[  573.073967][T13725]  ? __mutex_unlock_slowpath+0x1bd/0x7d0
[  573.074006][T13725]  ? __fget_files+0x3a0/0x420
[  573.074040][T13725]  ? ksys_write+0x242/0x270
[  573.074062][T13725]  ? __pfx_ksys_write+0x10/0x10
[  573.074085][T13725]  __x64_sys_sendto+0xde/0x100
[  573.074119][T13725]  do_syscall_64+0x14d/0xf80
[  573.074146][T13725]  ? trace_irq_disable+0x3b/0x150
[  573.074172][T13725]  ? entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  573.074191][T13725]  ? clear_bhb_loop+0x40/0x90
[  573.074214][T13725]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  573.074234][T13725] RIP: 0033:0x7ff918f9c629
[  573.074251][T13725] Code: ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 e8 ff ff ff f7 d8 64 89 01 48
[  573.074267][T13725] RSP: 002b:00007ff919e06028 EFLAGS: 00000246 ORIG_RAX: 000000000000002c
[  573.074288][T13725] RAX: ffffffffffffffda RBX: 00007ff919215fa0 RCX: 00007ff918f9c629
[  573.074302][T13725] RDX: 000000000000000e RSI: 0000200000000a80 RDI: 0000000000000004
[  573.074314][T13725] RBP: 00007ff919e06090 R08: 0000200000000200 R09: 0000000000000014
[  573.074327][T13725] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[  573.074339][T13725] R13: 00007ff919216038 R14: 00007ff919215fa0 R15: 00007ff91933fa48
[  573.074368][T13725]  </TASK>
[  573.464705][T13724] iommufd_mock iommufd_mock0: Adding to iommu group 0
[  574.136851][T13735] syzkaller0: entered promiscuous mode
[  574.142326][T13735] syzkaller0: entered allmulticast mode
[  574.505251][ T5886] usb 3-1: new high-speed USB device number 91 using dummy_hcd
[  575.275090][ T5886] usb 3-1: Using ep0 maxpacket: 8
[  575.281833][ T5886] usb 3-1: config 0 has an invalid interface number: 130 but max is 0
[  575.327203][ T5886] usb 3-1: config 0 has no interface number 0
[  575.340877][T13748] netlink: 28 bytes leftover after parsing attributes in process `syz.4.2174'.
[  575.380255][ T5886] usb 3-1: New USB device found, idVendor=2013, idProduct=0246, bcdDevice=e6.56
[  575.384123][T13748] netlink: 20 bytes leftover after parsing attributes in process `syz.4.2174'.
[  575.422611][ T5886] usb 3-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  575.493541][ T5886] usb 3-1: Product: syz
[  575.505983][ T5886] usb 3-1: Manufacturer: syz
[  575.510690][ T5886] usb 3-1: SerialNumber: syz
[  575.528350][ T5886] usb 3-1: config 0 descriptor??
[  575.660776][ T5886] as10x_usb: device has been detected
[  575.709346][ T5886] dvbdev: DVB: registering new adapter (PCTV Systems picoStick (74e))
[  575.866188][T13759] fuse: Bad value for 'user_id'
[  575.871055][T13759] fuse: Bad value for 'user_id'
[  576.030220][ T5886] usb 3-1: DVB: registering adapter 1 frontend 0 (PCTV Systems picoStick (74e))...
[  576.150456][ T5886] as10x_usb: error during firmware upload part1
[  576.173684][ T5886] Registered device PCTV Systems picoStick (74e)
[  576.190902][ T5886] usb 3-1: USB disconnect, device number 91
[  576.298224][T13762] fuse: Bad value for 'user_id'
[  576.335191][T13762] fuse: Bad value for 'user_id'
[  576.360254][ T5886] Unregistered device PCTV Systems picoStick (74e)
[  576.389526][ T5886] as10x_usb: device has been disconnected
[  576.746985][T13766] binder_alloc: 13764: pid 13764 spamming oneway? 1 buffers allocated for a total size of 4096
[  577.011904][T13773] FAULT_INJECTION: forcing a failure.
[  577.011904][T13773] name fail_usercopy, interval 1, probability 0, space 0, times 0
[  577.029681][T13773] CPU: 1 UID: 0 PID: 13773 Comm: syz.5.2183 Tainted: G             L      syzkaller #0 PREEMPT(full) 
[  577.029712][T13773] Tainted: [L]=SOFTLOCKUP
[  577.029720][T13773] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 02/12/2026
[  577.029732][T13773] Call Trace:
[  577.029740][T13773]  <TASK>
[  577.029749][T13773]  dump_stack_lvl+0xe8/0x150
[  577.029780][T13773]  should_fail_ex+0x412/0x560
[  577.029807][T13773]  _copy_from_user+0x2d/0xb0
[  577.029834][T13773]  ___sys_sendmsg+0x1c6/0x360
[  577.029866][T13773]  ? __pfx____sys_sendmsg+0x10/0x10
[  577.029923][T13773]  ? __fget_files+0x2a/0x420
[  577.029948][T13773]  ? __fget_files+0x3a0/0x420
[  577.029982][T13773]  __x64_sys_sendmsg+0x1bd/0x2a0
[  577.030011][T13773]  ? __pfx___x64_sys_sendmsg+0x10/0x10
[  577.030046][T13773]  ? __pfx_ksys_write+0x10/0x10
[  577.030076][T13773]  do_syscall_64+0x14d/0xf80
[  577.030103][T13773]  ? entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  577.030123][T13773]  ? clear_bhb_loop+0x40/0x90
[  577.030146][T13773]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  577.030165][T13773] RIP: 0033:0x7f6abfb9c629
[  577.030184][T13773] Code: ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 e8 ff ff ff f7 d8 64 89 01 48
[  577.030201][T13773] RSP: 002b:00007f6ac0a5a028 EFLAGS: 00000246 ORIG_RAX: 000000000000002e
[  577.030222][T13773] RAX: ffffffffffffffda RBX: 00007f6abfe15fa0 RCX: 00007f6abfb9c629
[  577.030236][T13773] RDX: 0000000020000000 RSI: 0000200000000200 RDI: 0000000000000005
[  577.030248][T13773] RBP: 00007f6ac0a5a090 R08: 0000000000000000 R09: 0000000000000000
[  577.030259][T13773] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[  577.030270][T13773] R13: 00007f6abfe16038 R14: 00007f6abfe15fa0 R15: 00007f6abff3fa48
[  577.030298][T13773]  </TASK>
[  577.227153][T13776] netlink: 388 bytes leftover after parsing attributes in process `syz.2.2181'.
[  577.504849][T13783] input: syz0 as /devices/virtual/input/input37
[  577.525723][T13785] netlink: 8 bytes leftover after parsing attributes in process `syz.0.2187'.
[  577.573633][T13785] batadv0: entered promiscuous mode
[  577.600896][T13785] 8021q: adding VLAN 0 to HW filter on device macvlan2
[  577.624300][T13785] batadv0: left promiscuous mode
[  578.575096][T13804] xt_bpf: check failed: parse error
[  579.145259][ T8725] usb 7-1: new high-speed USB device number 13 using dummy_hcd
[  579.305118][ T8725] usb 7-1: Using ep0 maxpacket: 8
[  579.318240][ T8725] usb 7-1: config 0 has an invalid interface number: 1 but max is 0
[  579.330609][ T8725] usb 7-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config
[  579.341641][ T8725] usb 7-1: config 0 has no interface number 0
[  579.349081][ T8725] usb 7-1: New USB device found, idVendor=1395, idProduct=0300, bcdDevice=81.75
[  579.358853][ T8725] usb 7-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  579.379301][ T8725] usb 7-1: config 0 descriptor??
[  579.487255][T13820] netlink: 16 bytes leftover after parsing attributes in process `syz.0.2195'.
[  580.105084][ T8725] usb 7-1: USB disconnect, device number 13
[  581.838408][T13848] binder: BINDER_SET_CONTEXT_MGR already set
[  581.844866][T13848] binder: 13845:13848 ioctl 4018620d 200000004a80 returned -16
[  582.208185][T13858] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy
[  582.217665][T13858] misc raw-gadget: fail, usb_gadget_register_driver returned -16
[  582.444096][T13865] netlink: 8 bytes leftover after parsing attributes in process `syz.4.2212'.
[  582.457694][T13865] netlink: 16 bytes leftover after parsing attributes in process `syz.4.2212'.
[  582.485201][ T5886] usb 6-1: new low-speed USB device number 68 using dummy_hcd
[  582.718463][ T5886] usb 6-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 10
[  582.820041][T13870] netlink: 76 bytes leftover after parsing attributes in process `syz.4.2213'.
[  582.836099][T13870] netlink: 92 bytes leftover after parsing attributes in process `syz.4.2213'.
[  582.846046][ T5886] usb 6-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0
[  582.865634][ T5886] usb 6-1: New USB device found, idVendor=258a, idProduct=0036, bcdDevice= 0.00
[  582.892397][ T5886] usb 6-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  582.926852][ T5886] usb 6-1: config 0 descriptor??
[  582.932319][T13872] binder_alloc: 13871: pid 13871 spamming oneway? 1 buffers allocated for a total size of 4096
[  583.238341][T13878] xt_CT: You must specify a L4 protocol and not use inversions on it
[  583.406076][T13856] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy
[  583.468023][T13856] misc raw-gadget: fail, usb_gadget_register_driver returned -16
[  583.622175][ T5886] glorious 0003:258A:0036.0015: hidraw0: USB HID v0.00 Device [Glorious Model O] on usb-dummy_hcd.5-1/input0
[  583.861984][T13410] usb 6-1: USB disconnect, device number 68
[  584.216217][T13895] openvswitch: netlink: Flow actions may not be safe on all matching packets.
[  584.230700][T13895] netlink: 8 bytes leftover after parsing attributes in process `syz.0.2220'.
[  584.302176][T13898] netlink: 28 bytes leftover after parsing attributes in process `syz.6.2222'.
[  584.324946][T13899] netlink: 12 bytes leftover after parsing attributes in process `syz.4.2221'.
[  584.392211][T13899] bond6: entered promiscuous mode
[  584.492692][T13899] 8021q: adding VLAN 0 to HW filter on device bond6
[  584.524030][T13909] netlink: 'syz.6.2225': attribute type 11 has an invalid length.
[  584.598286][T13909] netlink: 132 bytes leftover after parsing attributes in process `syz.6.2225'.
[  584.662573][T13903] bridge13: entered promiscuous mode
[  584.679850][T13903] bond6: (slave bridge13): Enslaving as an active interface with an up link
[  584.866181][T13917] syz.2.2226 (13917): drop_caches: 2
[  584.960299][T13920] syzkaller1: entered promiscuous mode
[  584.966191][T13920] syzkaller1: entered allmulticast mode
[  585.019855][T13922] xt_bpf: check failed: parse error
[  586.433240][T13938] netlink: 'syz.4.2233': attribute type 12 has an invalid length.
[  586.452638][T13938] netlink: 'syz.4.2233': attribute type 29 has an invalid length.
[  586.469999][T13938] netlink: 148 bytes leftover after parsing attributes in process `syz.4.2233'.
[  586.486403][T13942] netlink: 212348 bytes leftover after parsing attributes in process `syz.4.2233'.
[  586.505139][T13938] netlink: 59 bytes leftover after parsing attributes in process `syz.4.2233'.
[  586.526924][T13940] xt_CT: You must specify a L4 protocol and not use inversions on it
[  587.319949][T13947] FAULT_INJECTION: forcing a failure.
[  587.319949][T13947] name failslab, interval 1, probability 0, space 0, times 0
[  587.341221][T13947] CPU: 0 UID: 0 PID: 13947 Comm: syz.5.2238 Tainted: G             L      syzkaller #0 PREEMPT(full) 
[  587.341252][T13947] Tainted: [L]=SOFTLOCKUP
[  587.341260][T13947] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 02/12/2026
[  587.341271][T13947] Call Trace:
[  587.341281][T13947]  <TASK>
[  587.341289][T13947]  dump_stack_lvl+0xe8/0x150
[  587.341321][T13947]  should_fail_ex+0x412/0x560
[  587.341347][T13947]  should_failslab+0xa8/0x100
[  587.341372][T13947]  __kvmalloc_node_noprof+0x178/0x8a0
[  587.341393][T13947]  ? xt_alloc_table_info+0x40/0xb0
[  587.341427][T13947]  xt_alloc_table_info+0x40/0xb0
[  587.341454][T13947]  do_ipt_set_ctl+0x903/0xe00
[  587.341477][T13947]  ? rcu_is_watching+0x15/0xb0
[  587.341502][T13947]  ? trace_contention_end+0x3d/0x150
[  587.341531][T13947]  ? __pfx_do_ipt_set_ctl+0x10/0x10
[  587.341566][T13947]  ? __pfx___mutex_lock+0x10/0x10
[  587.341585][T13947]  ? __pfx___mutex_unlock_slowpath+0x10/0x10
[  587.341619][T13947]  ? __pfx_aa_sk_perm+0x10/0x10
[  587.341652][T13947]  nf_setsockopt+0x26f/0x290
[  587.341681][T13947]  ? __pfx_sock_common_setsockopt+0x10/0x10
[  587.341704][T13947]  do_sock_setsockopt+0x17c/0x1b0
[  587.341734][T13947]  __x64_sys_setsockopt+0x13d/0x1b0
[  587.341765][T13947]  do_syscall_64+0x14d/0xf80
[  587.341791][T13947]  ? trace_irq_disable+0x3b/0x150
[  587.341817][T13947]  ? entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  587.341836][T13947]  ? clear_bhb_loop+0x40/0x90
[  587.341859][T13947]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  587.341878][T13947] RIP: 0033:0x7f6abfb9c629
[  587.341896][T13947] Code: ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 e8 ff ff ff f7 d8 64 89 01 48
[  587.341911][T13947] RSP: 002b:00007f6ac0a5a028 EFLAGS: 00000246 ORIG_RAX: 0000000000000036
[  587.341932][T13947] RAX: ffffffffffffffda RBX: 00007f6abfe15fa0 RCX: 00007f6abfb9c629
[  587.341945][T13947] RDX: 0000000000000040 RSI: 0000000000000000 RDI: 0000000000000005
[  587.341957][T13947] RBP: 00007f6ac0a5a090 R08: 00000000000003c8 R09: 0000000000000000
[  587.341969][T13947] R10: 0000200000000000 R11: 0000000000000246 R12: 0000000000000001
[  587.341981][T13947] R13: 00007f6abfe16038 R14: 00007f6abfe15fa0 R15: 00007f6abff3fa48
[  587.342008][T13947]  </TASK>
[  588.535101][ T5886] usb 3-1: new high-speed USB device number 92 using dummy_hcd
[  588.595347][T13966] netlink: 12 bytes leftover after parsing attributes in process `syz.4.2244'.
[  588.671155][T13969] netlink: 12 bytes leftover after parsing attributes in process `syz.4.2244'.
[  588.789805][T13969] netlink: 12 bytes leftover after parsing attributes in process `syz.4.2244'.
[  588.810145][T13965] PKCS7: Unknown OID: [4] 2.19.13055.1334505.0.0.0.0
[  588.817175][T13965] PKCS7: Only support pkcs7_signedData type
[  588.860637][T13973] netlink: 'syz.6.2245': attribute type 11 has an invalid length.
[  588.875237][ T5886] usb 3-1: Using ep0 maxpacket: 16
[  588.884628][ T5886] usb 3-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7
[  588.896905][ T5886] usb 3-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0
[  589.013459][ T5886] usb 3-1: New USB device found, idVendor=04d8, idProduct=f002, bcdDevice= 0.00
[  589.035160][ T5886] usb 3-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  589.110982][T13966] bond7: entered promiscuous mode
[  589.116457][T13966] 8021q: adding VLAN 0 to HW filter on device bond7
[  589.123867][ T5886] usb 3-1: config 0 descriptor??
[  589.618619][ T5886] hid-picolcd 0003:04D8:F002.0016: unknown main item tag 0x0
[  589.653582][T13985] syz.6.2247 (13985): drop_caches: 2
[  589.694953][ T5886] hid-picolcd 0003:04D8:F002.0016: No report with id 0xf3 found
[  589.711087][ T5886] hid-picolcd 0003:04D8:F002.0016: No report with id 0xf4 found
[  589.830713][ T8717] usb 3-1: USB disconnect, device number 92
[  590.451744][T13993] =======================================================
[  590.451744][T13993] WARNING: The mand mount option has been deprecated and
[  590.451744][T13993]          and is ignored by this kernel. Remove the mand
[  590.451744][T13993]          option from the mount to silence this warning.
[  590.451744][T13993] =======================================================
[  590.500933][T13993] fuse: Unknown parameter 'fd<0x00000000000000050000000000000000000000300000000000000000000'
[  591.124860][T13999] sg_write: data in/out 411065/130 bytes for SCSI command 0x89-- guessing data in;
[  591.124860][T13999]    program syz.6.2252 not setting count and/or reply_len properly
[  591.264112][T13999] loop6: detected capacity change from 0 to 2640
[  591.278036][ T6916] buffer_io_error: 51 callbacks suppressed
[  591.278052][ T6916] Buffer I/O error on dev loop6, logical block 0, async page read
[  591.353077][ T6916] Buffer I/O error on dev loop6, logical block 0, async page read
[  591.362433][ T6916] Buffer I/O error on dev loop6, logical block 0, async page read
[  591.377772][ T6916] Buffer I/O error on dev loop6, logical block 0, async page read
[  591.387275][ T6916] Buffer I/O error on dev loop6, logical block 0, async page read
[  591.396486][ T6916] Buffer I/O error on dev loop6, logical block 0, async page read
[  591.416056][ T6916] Buffer I/O error on dev loop6, logical block 0, async page read
[  591.424352][ T6916] Buffer I/O error on dev loop6, logical block 0, async page read
[  591.433509][ T6916] ldm_validate_partition_table(): Disk read failed.
[  591.441389][ T6916] Buffer I/O error on dev loop6, logical block 0, async page read
[  591.450670][ T6916] Buffer I/O error on dev loop6, logical block 0, async page read
[  591.459703][ T6916] Dev loop6: unable to read RDB block 0
[  591.466191][ T6916]  loop6: unable to read partition table
[  591.715929][T13999] ldm_validate_partition_table(): Disk read failed.
[  591.741462][T13999] Dev loop6: unable to read RDB block 0
[  591.757655][T13999]  loop6: unable to read partition table
[  591.814371][T13999] loop_reread_partitions: partition scan of loop6 (3�����) failed (rc=-5)
[  592.307577][T14015] binder: BINDER_SET_CONTEXT_MGR already set
[  592.313592][T14015] binder: 14014:14015 ioctl 4018620d 200000000040 returned -16
[  592.388392][T14017] netlink: 8 bytes leftover after parsing attributes in process `syz.5.2257'.
[  592.637178][T14019] netlink: 'syz.4.2258': attribute type 1 has an invalid length.
[  592.692139][T14019] netlink: 288 bytes leftover after parsing attributes in process `syz.4.2258'.
[  592.720361][T14024] netlink: 28 bytes leftover after parsing attributes in process `syz.5.2260'.
[  592.768762][T14025] syz.6.2259 (14025): drop_caches: 2
[  592.835409][T14024] netlink: 28 bytes leftover after parsing attributes in process `syz.5.2260'.
[  592.950201][T14029] netlink: 8 bytes leftover after parsing attributes in process `syz.4.2262'.
[  593.022843][T14031] syz.0.2261 (14031): drop_caches: 2
[  593.168485][T14029] batadv0: entered promiscuous mode
[  593.211634][T14029] 8021q: adding VLAN 0 to HW filter on device macvlan2
[  593.244672][T14029] batadv0: left promiscuous mode
[  594.088656][T14043] sg_write: data in/out 411065/130 bytes for SCSI command 0x89-- guessing data in;
[  594.088656][T14043]    program syz.4.2266 not setting count and/or reply_len properly
[  594.301340][T14043] loop6: detected capacity change from 0 to 2640
[  594.308514][   T30] kauditd_printk_skb: 93 callbacks suppressed
[  594.308581][   T30] audit: type=1326 audit(1772039073.148:3074): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=14046 comm="syz.0.2267" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f411139c629 code=0x7ffc0000
[  594.341875][T14043] ldm_validate_partition_table(): Disk read failed.
[  594.355804][T14043] Dev loop6: unable to read RDB block 0
[  594.375698][T14049] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy
[  594.394679][   T30] audit: type=1326 audit(1772039073.148:3075): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=14046 comm="syz.0.2267" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f411139c629 code=0x7ffc0000
[  594.424375][T14043]  loop6: unable to read partition table
[  594.424854][T14049] misc raw-gadget: fail, usb_gadget_register_driver returned -16
[  594.463105][   T30] audit: type=1326 audit(1772039073.158:3076): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=14046 comm="syz.0.2267" exe="/root/syz-executor" sig=0 arch=c000003e syscall=257 compat=0 ip=0x7f411139c629 code=0x7ffc0000
[  594.508707][   T30] audit: type=1326 audit(1772039073.158:3077): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=14046 comm="syz.0.2267" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f411139c629 code=0x7ffc0000
[  594.549589][   T30] audit: type=1326 audit(1772039073.158:3078): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=14046 comm="syz.0.2267" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f411139c629 code=0x7ffc0000
[  594.577744][   T30] audit: type=1326 audit(1772039073.158:3079): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=14046 comm="syz.0.2267" exe="/root/syz-executor" sig=0 arch=c000003e syscall=0 compat=0 ip=0x7f411139c629 code=0x7ffc0000
[  594.620743][T14043] loop_reread_partitions: partition scan of loop6 (3�����) failed (rc=-5)
[  594.717177][   T30] audit: type=1326 audit(1772039073.168:3080): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=14046 comm="syz.0.2267" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f411139c629 code=0x7ffc0000
[  594.765161][   T30] audit: type=1326 audit(1772039073.168:3081): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=14046 comm="syz.0.2267" exe="/root/syz-executor" sig=0 arch=c000003e syscall=54 compat=0 ip=0x7f411139c629 code=0x7ffc0000
[  594.793794][ T5191] ldm_validate_partition_table(): Disk read failed.
[  594.803236][ T5191] Dev loop6: unable to read RDB block 0
[  594.809818][ T5191]  loop6: unable to read partition table
[  595.184047][   T30] audit: type=1326 audit(1772039073.168:3082): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=14046 comm="syz.0.2267" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f411139c629 code=0x7ffc0000
[  595.257280][T14057] FAULT_INJECTION: forcing a failure.
[  595.257280][T14057] name failslab, interval 1, probability 0, space 0, times 0
[  595.292016][   T30] audit: type=1326 audit(1772039073.168:3083): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=14046 comm="syz.0.2267" exe="/root/syz-executor" sig=0 arch=c000003e syscall=47 compat=0 ip=0x7f411139c629 code=0x7ffc0000
[  595.314753][T14057] CPU: 1 UID: 0 PID: 14057 Comm: syz.4.2270 Tainted: G             L      syzkaller #0 PREEMPT(full) 
[  595.314780][T14057] Tainted: [L]=SOFTLOCKUP
[  595.314786][T14057] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 02/12/2026
[  595.314796][T14057] Call Trace:
[  595.314803][T14057]  <TASK>
[  595.314810][T14057]  dump_stack_lvl+0xe8/0x150
[  595.314841][T14057]  should_fail_ex+0x412/0x560
[  595.314868][T14057]  should_failslab+0xa8/0x100
[  595.314890][T14057]  __kvmalloc_node_noprof+0x178/0x8a0
[  595.314909][T14057]  ? xt_alloc_table_info+0x40/0xb0
[  595.314933][T14057]  ? do_ipt_set_ctl+0x903/0xe00
[  595.314952][T14057]  ? translate_table+0x1b5/0x2110
[  595.314978][T14057]  translate_table+0x1b5/0x2110
[  595.315019][T14057]  ? __pfx_translate_table+0x10/0x10
[  595.315056][T14057]  ? _copy_from_user+0x94/0xb0
[  595.315084][T14057]  do_ipt_set_ctl+0x9f5/0xe00
[  595.315104][T14057]  ? rcu_is_watching+0x15/0xb0
[  595.315129][T14057]  ? trace_contention_end+0x3d/0x150
[  595.315157][T14057]  ? __pfx_do_ipt_set_ctl+0x10/0x10
[  595.315193][T14057]  ? __pfx___mutex_lock+0x10/0x10
[  595.315212][T14057]  ? __pfx___mutex_unlock_slowpath+0x10/0x10
[  595.315242][T14057]  ? __pfx_aa_sk_perm+0x10/0x10
[  595.315267][T14057]  nf_setsockopt+0x26f/0x290
[  595.315295][T14057]  ? __pfx_sock_common_setsockopt+0x10/0x10
[  595.315319][T14057]  do_sock_setsockopt+0x17c/0x1b0
[  595.315348][T14057]  __x64_sys_setsockopt+0x13d/0x1b0
[  595.315377][T14057]  do_syscall_64+0x14d/0xf80
[  595.315402][T14057]  ? trace_irq_disable+0x3b/0x150
[  595.315427][T14057]  ? entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  595.315446][T14057]  ? clear_bhb_loop+0x40/0x90
[  595.315468][T14057]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  595.315486][T14057] RIP: 0033:0x7ff918f9c629
[  595.315504][T14057] Code: ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 e8 ff ff ff f7 d8 64 89 01 48
[  595.315520][T14057] RSP: 002b:00007ff919e06028 EFLAGS: 00000246 ORIG_RAX: 0000000000000036
[  595.315540][T14057] RAX: ffffffffffffffda RBX: 00007ff919215fa0 RCX: 00007ff918f9c629
[  595.315553][T14057] RDX: 0000000000000040 RSI: 0000000000000000 RDI: 0000000000000005
[  595.315564][T14057] RBP: 00007ff919e06090 R08: 00000000000003c8 R09: 0000000000000000
[  595.315576][T14057] R10: 0000200000000000 R11: 0000000000000246 R12: 0000000000000001
[  595.315589][T14057] R13: 00007ff919216038 R14: 00007ff919215fa0 R15: 00007ff91933fa48
[  595.315618][T14057]  </TASK>
[  595.339285][T14059] binder_alloc: 14058: pid 14058 spamming oneway? 1 buffers allocated for a total size of 4096
[  595.606649][T14061] netlink: 28 bytes leftover after parsing attributes in process `syz.6.2272'.
[  595.888877][T14073] PKCS7: Unknown OID: [4] 2.19.13055.1334505.0.0.0.0
[  595.895700][T14073] PKCS7: Only support pkcs7_signedData type
[  596.152147][T14079] FAULT_INJECTION: forcing a failure.
[  596.152147][T14079] name fail_usercopy, interval 1, probability 0, space 0, times 0
[  596.273864][T14079] CPU: 0 UID: 0 PID: 14079 Comm: syz.2.2279 Tainted: G             L      syzkaller #0 PREEMPT(full) 
[  596.273895][T14079] Tainted: [L]=SOFTLOCKUP
[  596.273903][T14079] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 02/12/2026
[  596.273914][T14079] Call Trace:
[  596.273921][T14079]  <TASK>
[  596.273930][T14079]  dump_stack_lvl+0xe8/0x150
[  596.273959][T14079]  should_fail_ex+0x412/0x560
[  596.273986][T14079]  _copy_to_user+0x31/0xb0
[  596.274013][T14079]  simple_read_from_buffer+0xe1/0x170
[  596.274043][T14079]  proc_fail_nth_read+0x1bb/0x230
[  596.274070][T14079]  ? __pfx_proc_fail_nth_read+0x10/0x10
[  596.274097][T14079]  ? rw_verify_area+0x2a6/0x4d0
[  596.274115][T14079]  ? __pfx_proc_fail_nth_read+0x10/0x10
[  596.274141][T14079]  vfs_read+0x20c/0xa70
[  596.274158][T14079]  ? fdget_pos+0x246/0x320
[  596.274187][T14079]  ? __pfx___mutex_lock+0x10/0x10
[  596.274206][T14079]  ? __pfx_vfs_read+0x10/0x10
[  596.274225][T14079]  ? __fget_files+0x2a/0x420
[  596.274253][T14079]  ? __fget_files+0x3a0/0x420
[  596.274276][T14079]  ? __fget_files+0x2a/0x420
[  596.274309][T14079]  ksys_read+0x150/0x270
[  596.274330][T14079]  ? __pfx_ksys_read+0x10/0x10
[  596.274366][T14079]  do_syscall_64+0x14d/0xf80
[  596.274392][T14079]  ? entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  596.274411][T14079]  ? clear_bhb_loop+0x40/0x90
[  596.274433][T14079]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  596.274449][T14079] RIP: 0033:0x7f775eb5cece
[  596.274464][T14079] Code: 08 0f 85 a5 a8 ff ff 49 89 fb 48 89 f0 48 89 d7 48 89 ce 4c 89 c2 4d 89 ca 4c 8b 44 24 08 4c 8b 4c 24 10 4c 89 5c 24 08 0f 05 <c3> 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 80 00 00 00 00 48 83 ec 08
[  596.274481][T14079] RSP: 002b:00007f775fa1dfe8 EFLAGS: 00000246 ORIG_RAX: 0000000000000000
[  596.274501][T14079] RAX: ffffffffffffffda RBX: 00007f775fa1e6c0 RCX: 00007f775eb5cece
[  596.274515][T14079] RDX: 000000000000000f RSI: 00007f775fa1e0a0 RDI: 0000000000000004
[  596.274527][T14079] RBP: 00007f775fa1e090 R08: 0000000000000000 R09: 0000000000000000
[  596.274539][T14079] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000002
[  596.274550][T14079] R13: 00007f775ee16038 R14: 00007f775ee15fa0 R15: 00007f775ef3fa48
[  596.274580][T14079]  </TASK>
[  597.775802][T14096] netlink: 12 bytes leftover after parsing attributes in process `syz.5.2283'.
[  598.480578][T14111] netlink: 'syz.2.2288': attribute type 10 has an invalid length.
[  598.492839][T14111] team0: Port device dummy0 added
[  598.530469][T14111] netlink: 'syz.2.2288': attribute type 10 has an invalid length.
[  598.586054][T14111] team0: Failed to send port change of device dummy0 via netlink (err -105)
[  598.625943][T14113] syz.4.2287 (14113): drop_caches: 2
[  598.633204][T14113] netlink: 132 bytes leftover after parsing attributes in process `syz.4.2287'.
[  598.703232][T14111] team0: Failed to send options change via netlink (err -105)
[  598.925701][T14111] team0: Failed to send port change of device dummy0 via netlink (err -105)
[  598.934537][T14116] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy
[  598.934890][T14116] misc raw-gadget: fail, usb_gadget_register_driver returned -16
[  599.061295][T14111] team0: Port device dummy0 removed
[  599.072548][T14111] bond0: (slave dummy0): Enslaving as an active interface with an up link
[  599.219663][T14120] netlink: 60 bytes leftover after parsing attributes in process `syz.6.2291'.
[  599.232716][T14120] netlink: 60 bytes leftover after parsing attributes in process `syz.6.2291'.
[  599.279289][T14120] netlink: 60 bytes leftover after parsing attributes in process `syz.6.2291'.
[  599.296116][T14120] netlink: 8 bytes leftover after parsing attributes in process `syz.6.2291'.
[  599.314673][T14120] netlink: 'syz.6.2291': attribute type 18 has an invalid length.
[  599.322995][T14120] netlink: 4 bytes leftover after parsing attributes in process `syz.6.2291'.
[  599.380588][T14120] netlink: 8 bytes leftover after parsing attributes in process `syz.6.2291'.
[  599.416744][T14120] netlink: 'syz.6.2291': attribute type 18 has an invalid length.
[  599.436235][ T8582] bond0: (slave dummy0): interface is now down
[  599.475374][ T8582] bond0: now running without any active interface!
[  599.482526][T14120] netlink: 4 bytes leftover after parsing attributes in process `syz.6.2291'.
[  599.532830][T14120] netlink: 8 bytes leftover after parsing attributes in process `syz.6.2291'.
[  599.590367][T14120] netlink: 'syz.6.2291': attribute type 18 has an invalid length.
[  599.681088][T14120] netlink: 'syz.6.2291': attribute type 18 has an invalid length.
[  599.713028][T14120] netlink: 'syz.6.2291': attribute type 18 has an invalid length.
[  599.778712][T14120] netlink: 'syz.6.2291': attribute type 18 has an invalid length.
[  599.790914][T14120] netlink: 'syz.6.2291': attribute type 18 has an invalid length.
[  599.801901][T14120] netlink: 'syz.6.2291': attribute type 18 has an invalid length.
[  599.919583][T14130] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy
[  599.949927][T14130] misc raw-gadget: fail, usb_gadget_register_driver returned -16
[  600.273344][T14136] ip6gretap0: entered promiscuous mode
[  600.337802][T14136] syz_tun: entered promiscuous mode
[  600.351184][T14136] debugfs: 'hsr1' already exists in 'hsr'
[  600.394036][T14136] Cannot create hsr debugfs directory
[  600.756013][T14143] binder_alloc: 14141: pid 14141 spamming oneway? 1 buffers allocated for a total size of 4096
[  600.997711][T14147] bond8: entered promiscuous mode
[  601.025404][T14147] 8021q: adding VLAN 0 to HW filter on device bond8
[  601.126472][T14147] bridge14: entered promiscuous mode
[  601.165260][T14147] bond8: (slave bridge14): Enslaving as an active interface with an up link
[  602.898757][T14185] xt_CT: You must specify a L4 protocol and not use inversions on it
[  603.058302][T14182] syz.0.2312 (14182): drop_caches: 2
[  603.499626][T14182] __nla_validate_parse: 65 callbacks suppressed
[  603.499639][T14182] netlink: 132 bytes leftover after parsing attributes in process `syz.0.2312'.
[  603.735380][    C0] ip6_tunnel: ip6gre1 xmit: Local address not yet configured!
[  604.030286][T14196] netlink: 28 bytes leftover after parsing attributes in process `syz.6.2316'.
[  604.075135][T14196] netlink: 28 bytes leftover after parsing attributes in process `syz.6.2316'.
[  604.235466][T13410] usb 6-1: new high-speed USB device number 69 using dummy_hcd
[  605.095135][T13410] usb 6-1: Using ep0 maxpacket: 8
[  605.194177][T13410] usb 6-1: config 0 has an invalid interface number: 1 but max is 0
[  605.203047][T13410] usb 6-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config
[  605.228588][T14209] netlink: 56 bytes leftover after parsing attributes in process `syz.6.2321'.
[  605.237795][T13410] usb 6-1: config 0 has no interface number 0
[  605.251910][T13410] usb 6-1: New USB device found, idVendor=1395, idProduct=0300, bcdDevice=81.75
[  605.265269][T13410] usb 6-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  605.309530][T13410] usb 6-1: config 0 descriptor??
[  605.750221][T13410] usb 6-1: USB disconnect, device number 69
[  605.766066][T14218] syz.6.2322 (14218): drop_caches: 2
[  606.565107][ T8722] usb 3-1: new low-speed USB device number 93 using dummy_hcd
[  606.716628][ T8722] usb 3-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 10
[  606.751235][ T8722] usb 3-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0
[  606.799406][ T8722] usb 3-1: New USB device found, idVendor=258a, idProduct=0036, bcdDevice= 0.00
[  606.830687][ T8722] usb 3-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  606.948923][ T8722] usb 3-1: config 0 descriptor??
[  606.979365][T14237] iommufd_mock iommufd_mock0: Adding to iommu group 0
[  607.365995][T14222] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy
[  607.381625][T14222] misc raw-gadget: fail, usb_gadget_register_driver returned -16
[  607.611849][ T8722] glorious 0003:258A:0036.0017: hidraw0: USB HID v0.00 Device [Glorious Model O] on usb-dummy_hcd.2-1/input0
[  607.784855][ T8722] usb 3-1: USB disconnect, device number 93
[  607.926642][T14247] fido_id[14247]: Failed to open report descriptor at '/sys/devices/platform/dummy_hcd.2/usb3/report_descriptor': No such file or directory
[  609.095659][ T5886] usb 6-1: new high-speed USB device number 70 using dummy_hcd
[  609.282762][ T5886] usb 6-1: Using ep0 maxpacket: 8
[  609.326863][ T5886] usb 6-1: config 0 has an invalid interface number: 55 but max is 0
[  609.383283][ T5886] usb 6-1: config 0 has no interface number 0
[  609.389689][ T5886] usb 6-1: config 0 interface 55 altsetting 0 has an invalid descriptor for endpoint zero, skipping
[  609.410904][ T5886] usb 6-1: config 0 interface 55 altsetting 0 has an endpoint descriptor with address 0xAB, changing to 0x8B
[  609.422650][ T5886] usb 6-1: config 0 interface 55 altsetting 0 endpoint 0x8B has an invalid bInterval 0, changing to 7
[  609.433680][ T5886] usb 6-1: config 0 interface 55 altsetting 0 has 3 endpoint descriptors, different from the interface descriptor's value: 2
[  609.497842][ T5886] usb 6-1: New USB device found, idVendor=0f11, idProduct=1080, bcdDevice=fc.6a
[  609.564023][T14269] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy
[  609.574296][ T5886] usb 6-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  609.611470][T14269] misc raw-gadget: fail, usb_gadget_register_driver returned -16
[  609.623512][ T5886] usb 6-1: config 0 descriptor??
[  609.784240][ T5886] ldusb 6-1:0.55: LD USB Device #0 now attached to major 180 minor 0
[  610.089550][ T8724] usb 6-1: USB disconnect, device number 70
[  610.098959][ T8724] ldusb 6-1:0.55: LD USB Device #0 now disconnected
[  610.403083][T14276] netlink: 8 bytes leftover after parsing attributes in process `syz.0.2336'.
[  610.422842][T14276] netlink: 8 bytes leftover after parsing attributes in process `syz.0.2336'.
[  610.578420][T14284] netlink: 8 bytes leftover after parsing attributes in process `syz.0.2339'.
[  610.699948][T14287] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy
[  610.718276][T14287] misc raw-gadget: fail, usb_gadget_register_driver returned -16
[  610.740882][T14287] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy
[  610.750253][T14287] misc raw-gadget: fail, usb_gadget_register_driver returned -16
[  611.958210][T14311] syz.0.2345 (14311): drop_caches: 2
[  612.245454][T14311] netlink: 132 bytes leftover after parsing attributes in process `syz.0.2345'.
[  612.910981][T14322] netlink: 4 bytes leftover after parsing attributes in process `syz.5.2347'.
[  613.641498][T14328] xt_CT: You must specify a L4 protocol and not use inversions on it
[  613.774032][T14331] netlink: 8 bytes leftover after parsing attributes in process `syz.4.2351'.
[  613.903531][T14331] batadv0: entered promiscuous mode
[  613.953452][T14331] 8021q: adding VLAN 0 to HW filter on device macvlan2
[  613.971217][T14331] batadv0: left promiscuous mode
[  614.195304][ T8722] usb 3-1: new high-speed USB device number 94 using dummy_hcd
[  614.233547][T14344] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy
[  614.280427][T14344] misc raw-gadget: fail, usb_gadget_register_driver returned -16
[  614.320668][T14344] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy
[  614.334828][T14350] netlink: 4 bytes leftover after parsing attributes in process `syz.4.2357'.
[  614.355160][ T8722] usb 3-1: Using ep0 maxpacket: 8
[  614.362138][ T8722] usb 3-1: unable to get BOS descriptor or descriptor too short
[  614.374983][T14344] misc raw-gadget: fail, usb_gadget_register_driver returned -16
[  614.395877][ T8722] usb 3-1: config 8 has an invalid interface number: 250 but max is 0
[  614.404790][ T8722] usb 3-1: config 8 has no interface number 0
[  614.412515][ T8722] usb 3-1: config 8 interface 250 altsetting 1 endpoint 0x3 has an invalid bInterval 109, changing to 7
[  614.437155][T14350] syz_tun (unregistering): left promiscuous mode
[  614.441863][ T8722] usb 3-1: config 8 interface 250 altsetting 1 endpoint 0x6 has invalid maxpacket 1024, setting to 64
[  614.463472][ T8722] usb 3-1: config 8 interface 250 altsetting 1 endpoint 0x8 has an invalid bInterval 252, changing to 7
[  614.476968][ T8722] usb 3-1: config 8 interface 250 has no altsetting 0
[  614.483875][T14355] netlink: 64 bytes leftover after parsing attributes in process `syz.5.2359'.
[  614.496224][ T8722] usb 3-1: New USB device found, idVendor=0846, idProduct=9014, bcdDevice=87.d2
[  614.515253][ T8722] usb 3-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  614.523747][ T8722] usb 3-1: Product: syz
[  614.533499][ T8722] usb 3-1: Manufacturer: syz
[  614.541862][T14353] loop5: detected capacity change from 0 to 8
[  614.543606][ T8722] usb 3-1: SerialNumber: syz
[  614.579707][   T30] kauditd_printk_skb: 28 callbacks suppressed
[  614.579724][   T30] audit: type=1800 audit(1772039093.418:3112): pid=14358 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed(directio) comm="syz.4.2360" name="file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa" dev="tmpfs" ino=2431 res=0 errno=0
[  614.704288][ T6914] Dev loop5: unable to read RDB block 8
[  614.710113][ T6914]  loop5: unable to read partition table
[  614.716422][ T6914] loop5: partition table beyond EOD, truncated
[  614.723329][T14353] Dev loop5: unable to read RDB block 8
[  614.774950][ T8722] usb 3-1: USB disconnect, device number 94
[  614.775068][T14353]  loop5: unable to read partition table
[  614.806074][T14353] loop5: partition table beyond EOD, truncated
[  614.865404][T14353] loop_reread_partitions: partition scan of loop5 (���������S�j̖�P=ý?�}X���	���%��`��ր����5) failed (rc=-5)
[  614.885703][T14369] netlink: 56 bytes leftover after parsing attributes in process `syz.4.2363'.
[  614.991708][T14373] syz.5.2361 (14373): drop_caches: 2
[  615.279814][T14380] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy
[  615.305189][   T30] audit: type=1326 audit(1772039094.108:3113): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=14374 comm="syz.0.2364" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f411139c629 code=0x7ffc0000
[  615.400604][T14380] misc raw-gadget: fail, usb_gadget_register_driver returned -16
[  615.412106][   T30] audit: type=1326 audit(1772039094.108:3114): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=14374 comm="syz.0.2364" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f411139c629 code=0x7ffc0000
[  615.573508][   T30] audit: type=1326 audit(1772039094.108:3115): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=14374 comm="syz.0.2364" exe="/root/syz-executor" sig=0 arch=c000003e syscall=16 compat=0 ip=0x7f411139c629 code=0x7ffc0000
[  615.602799][T14387] netlink: 8 bytes leftover after parsing attributes in process `syz.6.2368'.
[  615.759135][   T30] audit: type=1326 audit(1772039094.108:3116): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=14374 comm="syz.0.2364" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f411139c629 code=0x7ffc0000
[  615.815488][ T5886] usb 3-1: new high-speed USB device number 95 using dummy_hcd
[  615.823720][   T30] audit: type=1326 audit(1772039094.108:3117): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=14374 comm="syz.0.2364" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f411139c629 code=0x7ffc0000
[  615.884123][   T30] audit: type=1326 audit(1772039094.108:3118): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=14374 comm="syz.0.2364" exe="/root/syz-executor" sig=0 arch=c000003e syscall=314 compat=0 ip=0x7f411139c629 code=0x7ffc0000
[  615.955319][   T30] audit: type=1326 audit(1772039094.108:3119): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=14374 comm="syz.0.2364" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f411139c629 code=0x7ffc0000
[  616.025367][ T5886] usb 3-1: Using ep0 maxpacket: 16
[  616.075552][ T5886] usb 3-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config
[  616.086937][ T5886] usb 3-1: config 0 interface 0 altsetting 0 endpoint 0x82 has an invalid bInterval 0, changing to 7
[  616.099358][ T5886] usb 3-1: config 0 interface 0 altsetting 0 endpoint 0x2 has invalid wMaxPacketSize 0
[  616.115178][   T30] audit: type=1326 audit(1772039094.108:3120): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=14374 comm="syz.0.2364" exe="/root/syz-executor" sig=0 arch=c000003e syscall=259 compat=0 ip=0x7f411139c629 code=0x7ffc0000
[  616.141751][ T5886] usb 3-1: config 0 interface 0 altsetting 0 bulk endpoint 0x2 has invalid maxpacket 0
[  616.151925][ T5886] usb 3-1: config 0 interface 0 altsetting 0 has 2 endpoint descriptors, different from the interface descriptor's value: 3
[  616.165863][   T30] audit: type=1326 audit(1772039094.108:3121): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=14374 comm="syz.0.2364" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f411139c629 code=0x7ffc0000
[  616.213789][ T5886] usb 3-1: New USB device found, idVendor=2040, idProduct=b138, bcdDevice= 1.42
[  616.240331][ T5886] usb 3-1: New USB device strings: Mfr=4, Product=0, SerialNumber=0
[  616.255076][ T5886] usb 3-1: Manufacturer: syz
[  616.284134][ T5886] usb 3-1: config 0 descriptor??
[  616.475117][ T8717] usb 7-1: new full-speed USB device number 14 using dummy_hcd
[  616.595125][ T5886] rc_core: IR keymap rc-hauppauge not found
[  616.601111][ T5886] Registered IR keymap rc-empty
[  616.615164][ T5886] mceusb 3-1:0.0: Error: mce write submit urb error = -90
[  616.627154][ T8717] usb 7-1: unable to get BOS descriptor or descriptor too short
[  616.645237][ T5886] mceusb 3-1:0.0: Error: mce write submit urb error = -90
[  616.657206][ T8717] usb 7-1: not running at top speed; connect to a high speed hub
[  616.667782][ T5886] rc rc0: Conexant Hybrid TV (cx231xx) MCE IR no TX as /devices/platform/dummy_hcd.2/usb3/3-1/3-1:0.0/rc/rc0
[  616.681369][ T8717] usb 7-1: config 1 interface 0 altsetting 8 endpoint 0x81 has invalid maxpacket 1023, setting to 64
[  616.700003][ T8717] usb 7-1: config 1 interface 0 has no altsetting 0
[  616.708465][ T5886] input: Conexant Hybrid TV (cx231xx) MCE IR no TX as /devices/platform/dummy_hcd.2/usb3/3-1/3-1:0.0/rc/rc0/input40
[  616.728086][ T8717] usb 7-1: New USB device found, idVendor=05ac, idProduct=0259, bcdDevice= 0.40
[  616.739441][ T8717] usb 7-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  616.753594][ T5886] mceusb 3-1:0.0: Error: mce write submit urb error = -90
[  616.773166][ T8717] usb 7-1: Product: syz
[  616.782311][ T8717] usb 7-1: Manufacturer: syz
[  616.794868][ T8717] usb 7-1: SerialNumber: syz
[  616.801459][ T5886] mceusb 3-1:0.0: Error: mce write submit urb error = -90
[  616.829315][ T5886] mceusb 3-1:0.0: Error: mce write submit urb error = -90
[  616.846850][T14394] raw-gadget.3 gadget.6: fail, usb_ep_enable returned -22
[  616.895688][ T5886] mceusb 3-1:0.0: Error: mce write submit urb error = -90
[  616.936421][ T5886] mceusb 3-1:0.0: Error: mce write submit urb error = -90
[  616.985702][ T5886] mceusb 3-1:0.0: Error: mce write submit urb error = -90
[  617.015161][ T5886] mceusb 3-1:0.0: Error: mce write submit urb error = -90
[  617.046587][ T5886] mceusb 3-1:0.0: Error: mce write submit urb error = -90
[  617.074511][ T8717] input: bcm5974 as /devices/platform/dummy_hcd.6/usb7/7-1/7-1:1.0/input/input41
[  617.101257][ T5176] bcm5974 7-1:1.0: could not read from device
[  617.115240][ T5886] mceusb 3-1:0.0: Error: mce write submit urb error = -90
[  617.165190][ T5886] mceusb 3-1:0.0: Error: mce write submit urb error = -90
[  617.166794][ T5176] bcm5974 7-1:1.0: could not read from device
[  617.172515][ T8717] usb 7-1: USB disconnect, device number 14
[  617.203698][ T5176] bcm5974 7-1:1.0: could not read from device
[  617.215841][ T5176] bcm5974 7-1:1.0: could not read from device
[  617.217943][ T5886] mceusb 3-1:0.0: Registered  with mce emulator interface version 1
[  617.244596][T14405] netlink: 8 bytes leftover after parsing attributes in process `syz.4.2373'.
[  617.280111][ T5886] mceusb 3-1:0.0: 2 tx ports (0x0 cabled) and 2 rx sensors (0x0 active)
[  617.320058][T14405] batadv0: entered promiscuous mode
[  617.341168][T14405] 8021q: adding VLAN 0 to HW filter on device macvlan2
[  617.358338][T14405] batadv0: left promiscuous mode
[  617.445157][ T8724] usb 6-1: new high-speed USB device number 71 using dummy_hcd
[  617.606931][ T8724] usb 6-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config
[  617.618751][ T8724] usb 6-1: New USB device found, idVendor=0471, idProduct=0304, bcdDevice=e4.df
[  617.654059][ T8724] usb 6-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  617.697541][ T8724] usb 6-1: config 0 descriptor??
[  617.721019][ T8724] pwc: Askey VC010 type 2 USB webcam detected.
[  617.918231][ T8724] pwc: recv_control_msg error -32 req 02 val 2b00
[  617.930830][ T8724] pwc: recv_control_msg error -32 req 02 val 2700
[  617.946910][ T8724] pwc: recv_control_msg error -32 req 02 val 2c00
[  617.990687][ T8724] pwc: recv_control_msg error -71 req 04 val 1000
[  618.005294][ T8717] usb 7-1: new low-speed USB device number 15 using dummy_hcd
[  618.020019][ T8724] pwc: recv_control_msg error -71 req 04 val 1300
[  618.037953][ T8724] pwc: recv_control_msg error -71 req 04 val 1400
[  618.053421][ T8724] pwc: recv_control_msg error -71 req 02 val 2000
[  618.078000][ T8724] pwc: recv_control_msg error -71 req 02 val 2100
[  618.092083][ T8724] pwc: recv_control_msg error -71 req 04 val 1500
[  618.111008][ T8724] pwc: recv_control_msg error -71 req 02 val 2500
[  618.129402][ T8724] pwc: recv_control_msg error -71 req 02 val 2400
[  618.180972][ T8724] pwc: recv_control_msg error -71 req 02 val 2600
[  618.197098][ T8717] usb 7-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 10
[  618.222716][ T8724] pwc: recv_control_msg error -71 req 02 val 2900
[  618.231676][ T8717] usb 7-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0
[  618.242696][ T8717] usb 7-1: New USB device found, idVendor=258a, idProduct=0036, bcdDevice= 0.00
[  618.252411][ T8724] pwc: recv_control_msg error -71 req 02 val 2800
[  618.252966][ T8724] pwc: recv_control_msg error -71 req 04 val 1100
[  618.259677][ T8717] usb 7-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  618.325568][ T8717] usb 7-1: config 0 descriptor??
[  618.332214][ T8724] pwc: recv_control_msg error -71 req 04 val 1200
[  618.347945][T14428] netlink: 76 bytes leftover after parsing attributes in process `syz.5.2378'.
[  618.409525][ T8724] pwc: Registered as video103.
[  618.427242][ T8724] input: PWC snapshot button as /devices/platform/dummy_hcd.5/usb6/6-1/input/input42
[  618.480844][ T8724] usb 6-1: USB disconnect, device number 71
[  618.574637][T13410] usb 3-1: USB disconnect, device number 95
[  618.876560][T14435] PKCS7: Unknown OID: [4] 2.19.13055.1334505.0.0.0.0
[  618.883356][T14435] PKCS7: Only support pkcs7_signedData type
[  618.931494][T14414] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy
[  618.981211][T14414] misc raw-gadget: fail, usb_gadget_register_driver returned -16
[  619.137576][ T8717] glorious 0003:258A:0036.0018: hidraw0: USB HID v0.00 Device [Glorious Model O] on usb-dummy_hcd.6-1/input0
[  619.146724][ T8723] dvb-usb: did not find the firmware file 'dvb-usb-az6027-03.fw' (status -110). You can use <kernel_dir>/scripts/get_dvb_firmware to get the firmware
[  619.209812][ T8723] dvb_usb_az6027 5-1:0.0: probe with driver dvb_usb_az6027 failed with error -110
[  619.240088][ T8723] usb 5-1: USB disconnect, device number 71
[  619.359811][ T8717] usb 7-1: USB disconnect, device number 15
[  619.742005][T14454] xt_bpf: check failed: parse error
[  619.860909][T14459] xt_CT: You must specify a L4 protocol and not use inversions on it
[  619.948871][T14462] syzkaller1: entered promiscuous mode
[  619.996161][T14462] syzkaller1: entered allmulticast mode
[  620.291766][ T8723] usb 7-1: new high-speed USB device number 16 using dummy_hcd
[  620.305182][ T8717] usb 3-1: new high-speed USB device number 96 using dummy_hcd
[  620.390328][T14471] netlink: 16 bytes leftover after parsing attributes in process `syz.0.2390'.
[  620.476922][ T8717] usb 3-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7
[  620.488299][ T8717] usb 3-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0
[  620.502150][ T8723] usb 7-1: New USB device found, idVendor=0bed, idProduct=1100, bcdDevice=ec.c3
[  620.538917][ T8723] usb 7-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  620.577747][ T8723] usb 7-1: config 0 descriptor??
[  620.601215][ T8723] cp210x 7-1:0.0: cp210x converter detected
[  620.628372][ T8717] usb 3-1: New USB device found, idVendor=28de, idProduct=1142, bcdDevice= 0.00
[  620.656121][T14474] netlink: 520 bytes leftover after parsing attributes in process `syz.5.2391'.
[  620.690899][ T8717] usb 3-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  620.721674][ T8717] usb 3-1: config 0 descriptor??
[  620.986154][ T8723] cp210x 7-1:0.0: failed to get vendor val 0x000e size 3: -32
[  621.213248][ T8717] hid-steam 0003:28DE:1142.0019: unknown main item tag 0x0
[  621.228579][ T8717] hid-steam 0003:28DE:1142.0019: unknown main item tag 0x0
[  621.252008][ T8717] hid-steam 0003:28DE:1142.0019: unknown main item tag 0x0
[  621.348458][ T8717] hid-steam 0003:28DE:1142.0019: hidraw0: USB HID v0.00 Device [HID 28de:1142] on usb-dummy_hcd.2-1/input0
[  621.452627][T14462] kvm_intel: set kvm_intel.dump_invalid_vmcs=1 to dump internal KVM state.
[  621.542524][T14464] netlink: 48 bytes leftover after parsing attributes in process `syz.2.2387'.
[  621.701357][T14484] xt_addrtype: input interface limitation not valid in POSTROUTING and OUTPUT
[  621.840662][T14486] netlink: 28 bytes leftover after parsing attributes in process `syz.4.2394'.
[  621.872989][T14486] netlink: 28 bytes leftover after parsing attributes in process `syz.4.2394'.
[  621.933092][T14484] loop4: detected capacity change from 0 to 524287936
[  622.188797][T14489] Cannot find del_set index 0 as target
[  622.333633][T14496] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy
[  622.444859][T14496] misc raw-gadget: fail, usb_gadget_register_driver returned -16
[  622.773894][T14498] netlink: 76 bytes leftover after parsing attributes in process `syz.4.2395'.
[  623.010055][ T8723] cp210x 7-1:0.0: failed to get vendor val 0x3711 size 2: -71
[  623.177530][ T8723] cp210x 7-1:0.0: GPIO initialisation failed: -71
[  623.200278][T14502] validate_nla: 23 callbacks suppressed
[  623.200297][T14502] netlink: 'syz.0.2398': attribute type 10 has an invalid length.
[  623.216304][ T8723] usb 7-1: cp210x converter now attached to ttyUSB0
[  623.235414][ T8723] usb 7-1: USB disconnect, device number 16
[  623.253470][ T8723] cp210x ttyUSB0: cp210x converter now disconnected from ttyUSB0
[  623.265319][T14505] netlink: 'syz.0.2398': attribute type 10 has an invalid length.
[  623.294125][ T8723] cp210x 7-1:0.0: device disconnected
[  623.625160][ T8723] usb 7-1: new high-speed USB device number 17 using dummy_hcd
[  623.785343][ T8723] usb 7-1: Using ep0 maxpacket: 32
[  623.834645][ T8723] usb 7-1: config 0 has an invalid interface number: 12 but max is 0
[  623.850574][ T8723] usb 7-1: config 0 has no interface number 0
[  623.866333][ T8723] usb 7-1: too many endpoints for config 0 interface 12 altsetting 2: 235, using maximum allowed: 30
[  623.901214][ T8723] usb 7-1: config 0 interface 12 altsetting 2 endpoint 0x82 has invalid wMaxPacketSize 0
[  623.956998][ T8723] usb 7-1: config 0 interface 12 altsetting 2 bulk endpoint 0x82 has invalid maxpacket 0
[  623.984062][ T8723] usb 7-1: config 0 interface 12 altsetting 2 has 2 endpoint descriptors, different from the interface descriptor's value: 235
[  624.208168][ T1299] ieee802154 phy0 wpan0: encryption failed: -22
[  624.215596][ T1299] ieee802154 phy1 wpan1: encryption failed: -22
[  624.303718][ T8723] usb 7-1: config 0 interface 12 has no altsetting 0
[  624.313227][ T8723] usb 7-1: New USB device found, idVendor=2c42, idProduct=1202, bcdDevice=85.40
[  624.322337][ T8723] usb 7-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  624.331484][ T8723] usb 7-1: Product: syz
[  624.336908][ T8723] usb 7-1: Manufacturer: syz
[  624.344264][ T8723] usb 7-1: SerialNumber: syz
[  624.352268][ T8723] usb 7-1: config 0 descriptor??
[  624.626403][ T8723] f81534 7-1:0.12: unsupported endpoint max packet size
[  626.094726][T14505] team0: Port device dummy0 removed
[  626.104726][ T8723] usb 7-1: USB disconnect, device number 17
[  626.158736][T14523] tipc: Enabling of bearer <eth:syzkaller0> rejected, already enabled
[  626.226386][T14528] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium
[  626.325366][T14532] netlink: 12 bytes leftover after parsing attributes in process `syz.5.2406'.
[  626.396156][T14535] netlink: 12 bytes leftover after parsing attributes in process `syz.5.2406'.
[  626.428705][T14538] netlink: 36 bytes leftover after parsing attributes in process `syz.0.2405'.
[  626.438127][T14532] bond3: entered promiscuous mode
[  626.446776][T14538] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy
[  626.456074][T14532] 8021q: adding VLAN 0 to HW filter on device bond3
[  626.463485][T14538] misc raw-gadget: fail, usb_gadget_register_driver returned -16
[  626.479201][T14535] netlink: 12 bytes leftover after parsing attributes in process `syz.5.2406'.
[  626.504296][T14538] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy
[  626.518747][T14537] netlink: 28 bytes leftover after parsing attributes in process `syz.4.2407'.
[  626.524162][T14538] misc raw-gadget: fail, usb_gadget_register_driver returned -16
[  626.546494][T14537] netlink: 28 bytes leftover after parsing attributes in process `syz.4.2407'.
[  626.572952][T14539] bridge10: entered promiscuous mode
[  626.580476][T14539] bond3: (slave bridge10): Enslaving as an active interface with an up link
[  626.815519][T14546] PKCS7: Unknown OID: [4] 2.19.13055.1334505.0.0.0.0
[  626.822308][T14546] PKCS7: Only support pkcs7_signedData type
[  627.032469][T14552] xt_bpf: check failed: parse error
[  627.187304][T13410] usb 6-1: new high-speed USB device number 72 using dummy_hcd
[  627.310903][T14556] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy
[  627.360666][T14556] misc raw-gadget: fail, usb_gadget_register_driver returned -16
[  627.450085][T14556] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy
[  627.463974][T14556] misc raw-gadget: fail, usb_gadget_register_driver returned -16
[  627.714278][T13410] usb 6-1: New USB device found, idVendor=0bed, idProduct=1100, bcdDevice=ec.c3
[  627.788242][T13410] usb 6-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  627.955150][T13410] usb 6-1: config 0 descriptor??
[  628.040730][T13410] cp210x 6-1:0.0: cp210x converter detected
[  629.034043][T13410] cp210x 6-1:0.0: failed to get vendor val 0x000e size 3: -32
[  630.533336][T14586] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy
[  630.544327][T14586] misc raw-gadget: fail, usb_gadget_register_driver returned -16
[  630.657445][T13410] cp210x 6-1:0.0: failed to get vendor val 0x3711 size 2: -71
[  630.704717][T13410] cp210x 6-1:0.0: GPIO initialisation failed: -71
[  630.744422][T14587] PKCS7: Unknown OID: [4] 2.19.13055.1334505.0.0.0.0
[  630.751269][T14587] PKCS7: Only support pkcs7_signedData type
[  630.766650][T13410] usb 6-1: cp210x converter now attached to ttyUSB0
[  630.832312][T13410] usb 6-1: USB disconnect, device number 72
[  630.868293][T13410] cp210x ttyUSB0: cp210x converter now disconnected from ttyUSB0
[  630.901296][T13410] cp210x 6-1:0.0: device disconnected
[  630.936581][T14590] netlink: 8 bytes leftover after parsing attributes in process `syz.5.2418'.
[  631.278219][T14594] netlink: 28 bytes leftover after parsing attributes in process `syz.4.2421'.
[  631.328337][T14594] netlink: 28 bytes leftover after parsing attributes in process `syz.4.2421'.
[  631.667296][T14602] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy
[  631.686896][T14602] misc raw-gadget: fail, usb_gadget_register_driver returned -16
[  632.035085][ T5886] usb 5-1: new high-speed USB device number 72 using dummy_hcd
[  632.208404][ T5886] usb 5-1: Using ep0 maxpacket: 8
[  632.295885][ T5886] usb 5-1: config 0 has an invalid interface number: 1 but max is 0
[  632.303912][ T5886] usb 5-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config
[  632.333559][ T5886] usb 5-1: config 0 has no interface number 0
[  632.350027][ T5886] usb 5-1: New USB device found, idVendor=1395, idProduct=0300, bcdDevice=81.75
[  632.363310][T14616] netlink: 28 bytes leftover after parsing attributes in process `syz.6.2427'.
[  632.374742][ T5886] usb 5-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  632.565142][ T5886] usb 5-1: config 0 descriptor??
[  632.733341][T14621] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy
[  632.743958][T14621] misc raw-gadget: fail, usb_gadget_register_driver returned -16
[  632.944318][ T5886] usb 5-1: USB disconnect, device number 72
[  633.472748][T14628] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy
[  633.485169][   T30] kauditd_printk_skb: 29 callbacks suppressed
[  633.485190][   T30] audit: type=1326 audit(1772039112.308:3151): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=14627 comm="syz.0.2431" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f411139c629 code=0x7ffc0000
[  633.516128][T14628] misc raw-gadget: fail, usb_gadget_register_driver returned -16
[  633.575274][T14631] netlink: 8 bytes leftover after parsing attributes in process `syz.4.2432'.
[  633.604813][   T30] audit: type=1326 audit(1772039112.308:3152): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=14627 comm="syz.0.2431" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f411139c629 code=0x7ffc0000
[  633.735114][   T30] audit: type=1326 audit(1772039112.308:3153): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=14627 comm="syz.0.2431" exe="/root/syz-executor" sig=0 arch=c000003e syscall=257 compat=0 ip=0x7f411139c629 code=0x7ffc0000
[  633.883531][   T30] audit: type=1326 audit(1772039112.308:3154): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=14627 comm="syz.0.2431" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f411139c629 code=0x7ffc0000
[  634.147689][   T30] audit: type=1326 audit(1772039112.308:3155): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=14627 comm="syz.0.2431" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f411139c629 code=0x7ffc0000
[  634.235336][   T30] audit: type=1326 audit(1772039112.308:3156): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=14627 comm="syz.0.2431" exe="/root/syz-executor" sig=0 arch=c000003e syscall=0 compat=0 ip=0x7f411139c629 code=0x7ffc0000
[  634.284144][   T30] audit: type=1326 audit(1772039112.308:3157): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=14627 comm="syz.0.2431" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f411139c629 code=0x7ffc0000
[  634.668925][   T30] audit: type=1326 audit(1772039112.308:3158): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=14627 comm="syz.0.2431" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f411139c629 code=0x7ffc0000
[  634.738644][   T30] audit: type=1326 audit(1772039112.308:3159): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=14627 comm="syz.0.2431" exe="/root/syz-executor" sig=0 arch=c000003e syscall=54 compat=0 ip=0x7f411139c629 code=0x7ffc0000
[  634.792283][   T30] audit: type=1326 audit(1772039112.308:3160): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=14627 comm="syz.0.2431" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f411139c629 code=0x7ffc0000
[  635.045247][T14651] netlink: 16 bytes leftover after parsing attributes in process `syz.0.2435'.
[  635.226470][ T5900] usb 6-1: new high-speed USB device number 73 using dummy_hcd
[  635.419264][ T5900] usb 6-1: New USB device found, idVendor=0813, idProduct=0001, bcdDevice=3a.08
[  635.458083][ T5900] usb 6-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  635.471350][ T5900] usb 6-1: config 0 descriptor??
[  635.500144][ T5900] gspca_main: cpia1-2.14.0 probing 0813:0001
[  636.216765][T14673] netlink: 'syz.2.2440': attribute type 9 has an invalid length.
[  636.252080][ T5900] gspca_cpia1: usb_control_msg 01, error -71
[  636.255754][T14677] syz.0.2442 (14677): drop_caches: 2
[  636.273522][ T5900] cpia1 6-1:0.0: only firmware version 1 is supported (got: 0)
[  636.302197][ T5900] usb 6-1: USB disconnect, device number 73
[  636.985130][T14679] netlink: 28 bytes leftover after parsing attributes in process `syz.0.2443'.
[  638.360696][   T31] INFO: task syz.1.1719:12245 blocked for more than 143 seconds.
[  638.375064][   T31]       Tainted: G             L      syzkaller #0
[  638.381598][   T31] "echo 0 > /proc/sys/kernel/hung_task_timeout_secs" disables this message.
SYZFAIL: failed to recv rpc
fd=3 want=4 recv=0 n=0 (errno 9: Bad file descriptor)
[  638.452331][   T31] task:syz.1.1719      state:D stack:25160 pid:12245 tgid:12238 ppid:5836   task_flags:0x480040 flags:0x00080002
[  638.505075][   T31] Call Trace:
[  638.515793][   T31]  <TASK>
[  638.518762][   T31]  __schedule+0x1585/0x5340
[  638.745173][T14703] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy
[  638.905338][T14703] misc raw-gadget: fail, usb_gadget_register_driver returned -16
[  638.926581][   T31]  ? __pfx___schedule+0x10/0x10
[  638.951817][   T31]  ? schedule+0x90/0x360
[  639.014494][   T31]  schedule+0x164/0x360
[  639.025049][   T31]  schedule_timeout+0xc3/0x2c0
[  639.029843][   T31]  ? __pfx_schedule_timeout+0x10/0x10
[  639.125062][   T31]  ? do_raw_spin_lock+0x12b/0x2f0
[  639.186751][   T31]  ? _raw_spin_unlock_irq+0x23/0x50
[  639.191962][   T31]  ? wait_for_completion+0x274/0x5e0
[  639.214800][   T31]  wait_for_completion+0x2cc/0x5e0
[  639.255054][   T31]  ? __pfx_wait_for_completion+0x10/0x10
[  639.265228][   T31]  i2c_del_adapter+0x5c0/0x790
[  639.270026][   T31]  ? __pfx_i2c_del_adapter+0x10/0x10
[  639.289340][   T31]  ? kfree+0x4d/0x630
[  639.293331][   T31]  dvb_usb_i2c_exit+0x64/0xb0
[  639.298073][   T31]  dvb_usb_device_exit+0x1cb/0x360
[  639.303192][   T31]  ? __pfx_rpm_resume+0x10/0x10
[  639.315060][   T31]  ? __pfx_dvb_usb_device_exit+0x10/0x10
[  639.320754][   T31]  ? usb_disable_interface+0x31d/0x350
[  639.335064][   T31]  ? lockdep_hardirqs_on+0x7a/0x110
[  639.340303][   T31]  ? _raw_spin_unlock_irqrestore+0x4c/0x80
[  639.355188][   T31]  usb_unbind_interface+0x26e/0x910
[  639.365066][   T31]  ? __pfx_usb_unbind_interface+0x10/0x10
[  639.376056][   T31]  device_release_driver_internal+0x4d9/0x860
[  639.399010][   T31]  bus_remove_device+0x34d/0x440
[  639.403960][   T31]  device_del+0x527/0x8f0
[  639.455074][   T31]  ? __dev_printk+0x131/0x190
[  639.459801][   T31]  ? __pfx_device_del+0x10/0x10
[  639.464648][   T31]  usb_disable_device+0x3d4/0x8d0
[  639.475119][   T31]  usb_disconnect+0x32f/0x990
[  639.479812][   T31]  hub_quiesce+0x171/0x330
[  639.484212][   T31]  hub_disconnect+0xc8/0x470
[  639.505079][   T31]  usb_unbind_interface+0x26e/0x910
[  639.510313][   T31]  ? __pfx_usb_unbind_interface+0x10/0x10
[  639.516313][   T31]  device_release_driver_internal+0x4d9/0x860
[  639.522372][   T31]  proc_ioctl+0x294/0x6b0
[  639.535111][   T31]  proc_ioctl_default+0xc4/0x110
[  639.540062][   T31]  ? __pfx_proc_ioctl_default+0x10/0x10
[  639.575344][   T31]  usbdev_ioctl+0x134c/0x2120
[  639.580071][   T31]  ? __pfx_usbdev_ioctl+0x10/0x10
[  639.607105][   T31]  ? __fget_files+0x2a/0x420
[  639.611740][   T31]  ? __fget_files+0x3a0/0x420
[  639.613452][T13410] usb 3-1: USB disconnect, device number 96
[  639.616981][   T31]  ? __fget_files+0x2a/0x420
[  639.627236][   T31]  ? bpf_lsm_file_ioctl+0x9/0x20
[  639.632193][   T31]  ? __pfx_usbdev_ioctl+0x10/0x10
[  639.637774][   T31]  __se_sys_ioctl+0xfc/0x170
[  639.655119][   T31]  do_syscall_64+0x14d/0xf80
[  639.659771][   T31]  ? trace_irq_disable+0x3b/0x150
[  639.675145][   T31]  ? entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  639.681245][   T31]  ? clear_bhb_loop+0x40/0x90
[  639.705665][   T31]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  639.711561][   T31] RIP: 0033:0x7f7099b9c629
[  639.735080][   T31] RSP: 002b:00007f709aa88028 EFLAGS: 00000246 ORIG_RAX: 0000000000000010
[  639.743527][   T31] RAX: ffffffffffffffda RBX: 00007f7099e16180 RCX: 00007f7099b9c629
[  639.765104][   T31] RDX: 0000200000000200 RSI: 00000000c0105512 RDI: 0000000000000005
[  639.773094][   T31] RBP: 00007f7099c32b39 R08: 0000000000000000 R09: 0000000000000000
[  639.805068][   T31] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000
[  639.813045][   T31] R13: 00007f7099e16218 R14: 00007f7099e16180 R15: 00007f7099f3fa48
[  639.855155][   T31]  </TASK>
[  639.858213][   T31] INFO: task syz.1.1719:12246 blocked for more than 144 seconds.
[  639.863749][T12245] dvb-usb: Hauppauge MAX S2 or WinTV NOVA HD USB2. successfully deinitialized and disconnected.
[  639.875034][   T31]       Tainted: G             L      syzkaller #0
[  639.895591][   T31] "echo 0 > /proc/sys/kernel/hung_task_timeout_secs" disables this message.
[  639.913718][   T31] task:syz.1.1719      state:D stack:28832 pid:12246 tgid:12238 ppid:5836   task_flags:0x400040 flags:0x00080002
[  639.947519][   T31] Call Trace:
[  639.950826][   T31]  <TASK>
[  639.955522][   T31]  __schedule+0x1585/0x5340
[  639.960039][   T31]  ? __pfx___schedule+0x10/0x10
[  639.964876][   T31]  ? schedule+0x90/0x360
[  639.969493][   T31]  schedule+0x164/0x360
[  639.978702][   T31]  ? device_unregister+0x21/0xf0
[  639.987918][T12249] hub 1-0:1.0: USB hub found
[  639.993401][   T31]  ? do_group_exit+0x21b/0x2d0
[  639.998714][   T31]  ? _raw_spin_unlock_irq+0x23/0x50
[  640.005242][   T31]  ? get_signal+0x1284/0x1330
[  640.009942][   T31]  ? arch_do_signal_or_restart+0xbc/0x830
[  640.017222][T12249] hub 1-0:1.0: 1 port detected
[  640.022102][   T31]  ? usbdev_ioctl+0x787/0x2120
[  640.029087][   T31]  ? __pfx_arch_do_signal_or_restart+0x10/0x10
[  640.037012][   T31]  ? __fget_files+0x2a/0x420
[  640.068536][   T31]  ? exit_to_user_mode_loop+0x86/0x480
[  640.074007][   T31]  ? rcu_is_watching+0x15/0xb0
[  640.078805][   T31]  ? do_syscall_64+0x32d/0xf80
[  640.083573][   T31]  ? trace_irq_disable+0x3b/0x150
[  640.088640][   T31]  ? entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  640.094711][   T31]  ? clear_bhb_loop+0x40/0x90
[  640.099454][   T31]  ? entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  640.105580][   T31]  </TASK>
[  640.108637][   T31] 
[  640.108637][   T31] Showing all locks held in the system:
[  640.148019][   T31] 1 lock held by khungtaskd/31:
[  640.232468][   T31]  #0: ffffffff8e7602e0 (rcu_read_lock){....}-{1:3}, at: debug_show_all_locks+0x2e/0x180
[  640.315066][   T31] 2 locks held by getty/5576:
[  640.319763][   T31]  #0: ffff8880368490a0 (&tty->ldisc_sem){++++}-{0:0}, at: tty_ldisc_ref_wait+0x25/0x70
[  640.396505][   T31]  #1: ffffc9000332b2f0 (&ldata->atomic_read_lock){+.+.}-{4:4}, at: n_tty_read+0x45c/0x13c0
[  640.475052][   T31] 2 locks held by syz.2.349/7287:
[  640.480109][   T31]  #0: ffffffff8fbcc348 (rtnl_mutex){+.+.}-{4:4}, at: tun_chr_close+0x3e/0x1c0
[  640.525772][   T31]  #1: ffffffff8e766578 (rcu_state.exp_mutex){+.+.}-{4:4}, at: synchronize_rcu_expedited+0x38d/0x770
[  640.576951][   T31] 1 lock held by syz.1.1719/12249:
[  640.595109][   T31]  #0: ffffffff8fbcc348 (rtnl_mutex){+.+.}-{4:4}, at: tun_chr_close+0x3e/0x1c0
[  640.604087][   T31] 2 locks held by kworker/1:0/13410:
[  640.635136][   T31]  #0: ffff88813fe0f548 ((wq_completion)events){+.+.}-{0:0}, at: process_scheduled_works+0x9ea/0x1830
[  640.685135][   T31]  #1: ffffc90017ea7c40 (free_ipc_work){+.+.}-{0:0}, at: process_scheduled_works+0xa25/0x1830
[  640.715324][   T31] 1 lock held by syz.5.2446/14689:
[  640.721222][   T31]  #0: ffffffff8fbcc348 (rtnl_mutex){+.+.}-{4:4}, at: tun_chr_close+0x3e/0x1c0
[  640.753456][   T31] 1 lock held by syz.0.2450/14703:
[  640.758747][   T31] 1 lock held by syz.4.2451/14705:
[  640.763857][   T31]  #0: ffffffff8fbcc348 (rtnl_mutex){+.+.}-{4:4}, at: tun_chr_close+0x3e/0x1c0
[  640.786471][   T31] 
[  640.788830][   T31] =============================================
[  640.788830][   T31] 
[  640.797356][   T31] NMI backtrace for cpu 1
[  640.797373][   T31] CPU: 1 UID: 0 PID: 31 Comm: khungtaskd Tainted: G             L      syzkaller #0 PREEMPT(full) 
[  640.797398][   T31] Tainted: [L]=SOFTLOCKUP
[  640.797405][   T31] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 02/12/2026
[  640.797416][   T31] Call Trace:
[  640.797424][   T31]  <TASK>
[  640.797432][   T31]  dump_stack_lvl+0xe8/0x150
[  640.797462][   T31]  nmi_cpu_backtrace+0x274/0x2d0
[  640.797486][   T31]  ? __pfx_nmi_raise_cpu_backtrace+0x10/0x10
[  640.797512][   T31]  nmi_trigger_cpumask_backtrace+0x17a/0x300
[  640.797537][   T31]  sys_info+0x135/0x170
[  640.797555][   T31]  watchdog+0xfd9/0x1030
[  640.797586][   T31]  ? watchdog+0x21a/0x1030
[  640.797617][   T31]  kthread+0x388/0x470
[  640.797636][   T31]  ? __pfx_watchdog+0x10/0x10
[  640.797666][   T31]  ? __pfx_kthread+0x10/0x10
[  640.797685][   T31]  ret_from_fork+0x51e/0xb90
[  640.797712][   T31]  ? __pfx_ret_from_fork+0x10/0x10
[  640.797734][   T31]  ? __switch_to+0xc7d/0x1450
[  640.797759][   T31]  ? __pfx_kthread+0x10/0x10
[  640.797777][   T31]  ret_from_fork_asm+0x1a/0x30
[  640.797816][   T31]  </TASK>
[  640.797823][   T31] Sending NMI from CPU 1 to CPUs 0:
[  640.913030][    C0] NMI backtrace for cpu 0
[  640.913050][    C0] CPU: 0 UID: 0 PID: 0 Comm: swapper/0 Tainted: G             L      syzkaller #0 PREEMPT(full) 
[  640.913073][    C0] Tainted: [L]=SOFTLOCKUP
[  640.913080][    C0] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 02/12/2026
[  640.913091][    C0] RIP: 0010:pv_native_safe_halt+0xf/0x20
[  640.913121][    C0] Code: 8e 6d 02 c3 cc cc cc cc cc cc cc 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 f3 0f 1e fa 66 90 0f 00 2d 43 3d 1c 00 fb f4 <e9> 7c ea 02 00 cc cc cc cc cc cc cc cc cc cc cc cc 90 90 90 90 90
[  640.913137][    C0] RSP: 0018:ffffffff8e407dc0 EFLAGS: 00000246
[  640.913153][    C0] RAX: 0000000000c9d6af RBX: ffffffff819a80ad RCX: 0000000080000001
[  640.913166][    C0] RDX: 0000000000000001 RSI: ffffffff8def225c RDI: ffffffff8c27a880
[  640.913179][    C0] RBP: ffffffff8e407eb0 R08: ffff8880b863395b R09: 1ffff110170c672b
[  640.913192][    C0] R10: dffffc0000000000 R11: ffffed10170c672c R12: ffffffff90117db0
[  640.913205][    C0] R13: 1ffffffff1c929d8 R14: 0000000000000000 R15: 0000000000000000
[  640.913217][    C0] FS:  0000000000000000(0000) GS:ffff888125467000(0000) knlGS:0000000000000000
[  640.913231][    C0] CS:  0010 DS: 0000 ES: 0000 CR0: 0000000080050033
[  640.913243][    C0] CR2: 0000200000404000 CR3: 000000007412e000 CR4: 00000000003526f0
[  640.913259][    C0] Call Trace:
[  640.913267][    C0]  <TASK>
[  640.913274][    C0]  default_idle+0x9/0x20
[  640.913292][    C0]  default_idle_call+0x72/0xb0
[  640.913310][    C0]  do_idle+0x1bd/0x500
[  640.913334][    C0]  ? asm_sysvec_call_function_single+0x1a/0x20
[  640.913356][    C0]  ? __pfx_do_idle+0x10/0x10
[  640.913382][    C0]  cpu_startup_entry+0x43/0x60
[  640.913406][    C0]  rest_init+0x2de/0x300
[  640.913425][    C0]  start_kernel+0x385/0x3d0
[  640.913451][    C0]  x86_64_start_reservations+0x24/0x30
[  640.913470][    C0]  x86_64_start_kernel+0x143/0x1c0
[  640.913489][    C0]  common_startup_64+0x13e/0x147
[  640.913514][    C0]  </TASK>
[  641.113076][   T31] Kernel panic - not syncing: hung_task: blocked tasks
[  641.119960][   T31] CPU: 1 UID: 0 PID: 31 Comm: khungtaskd Tainted: G             L      syzkaller #0 PREEMPT(full) 
[  641.130631][   T31] Tainted: [L]=SOFTLOCKUP
[  641.134945][   T31] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 02/12/2026
[  641.144992][   T31] Call Trace:
[  641.148263][   T31]  <TASK>
[  641.151188][   T31]  vpanic+0x56c/0xa60
[  641.155168][   T31]  ? __pfx___schedule+0x10/0x10
[  641.160033][   T31]  ? __pfx_vpanic+0x10/0x10
[  641.164548][   T31]  ? __pfx_console_unlock+0x10/0x10
[  641.169759][   T31]  panic+0xc5/0xd0
[  641.173483][   T31]  ? __pfx_panic+0x10/0x10
[  641.177895][   T31]  ? preempt_schedule_thunk+0x16/0x30
[  641.183263][   T31]  ? nmi_trigger_cpumask_backtrace+0x2bb/0x300
[  641.189419][   T31]  watchdog+0x1023/0x1030
[  641.193758][   T31]  ? watchdog+0x21a/0x1030
[  641.198181][   T31]  kthread+0x388/0x470
[  641.202240][   T31]  ? __pfx_watchdog+0x10/0x10
[  641.206912][   T31]  ? __pfx_kthread+0x10/0x10
[  641.211495][   T31]  ret_from_fork+0x51e/0xb90
[  641.216086][   T31]  ? __pfx_ret_from_fork+0x10/0x10
[  641.221195][   T31]  ? __switch_to+0xc7d/0x1450
[  641.225866][   T31]  ? __pfx_kthread+0x10/0x10
[  641.230447][   T31]  ret_from_fork_asm+0x1a/0x30
[  641.235216][   T31]  </TASK>
[  641.238561][   T31] Kernel Offset: disabled
[  641.242872][   T31] Rebooting in 86400 seconds..