last executing test programs:

29.844760827s ago: executing program 0 (id=3239):
socket$nl_netfilter(0x10, 0x3, 0xc)
syz_usb_control_io$printer(0xffffffffffffffff, 0x0, &(0x7f00000003c0)={0x1c, 0x0, 0x0, 0x0, 0x0, 0x0, &(0x7f0000000380)={0x20, 0x0, 0x1}})
syz_open_dev$char_usb(0xc, 0xb4, 0x0)
mq_open(&(0x7f0000000680)='\x00\x00\x00@\x00\xb1\x1dzo\xef\xc8\xcc\x87@\xa4\xa06<tQ\xb9,\xca\x16\x91eI\xe8\x17e\x15\x82\xfe\x99\x95\xd7\xb2e\n\xaa\xd1[\xf0\xe6\xa6\xb7\x80Y\xfen\xc0\xed\xf8 \x95\f\xfe\xa8%,\x7f\xf7\xd0[(G5\x01\x03\x80\x06s\xe5RJb\xfc\xde\xe7\xf6\xec\xee$\x83\x7f.\x1e\x11\x1e\v\xef\xf4%\xde\x16n\xcfs>\xbcQ\'\xae,\x8e9h2\xda', 0x840, 0x0, 0x0)
r0 = openat$adsp1(0xffffffffffffff9c, &(0x7f0000000080), 0xa0201, 0x0)
r1 = syz_open_dev$sg(&(0x7f0000000000), 0x0, 0x103001)
r2 = openat$fb0(0xffffffffffffff9c, &(0x7f0000000340), 0x0, 0x0)
ioctl$FBIOPUT_VSCREENINFO(r2, 0x4601, &(0x7f0000000940)={0x60, 0x20, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, {}, {0xfffffffe}})
remap_file_pages(&(0x7f0000ffe000/0x2000)=nil, 0x2000, 0x0, 0x80000000, 0x20000)
ioctl$SG_IO(r1, 0x2285, &(0x7f00000000c0)={0x53, 0xfffffffffffffffd, 0x6, 0x3, @buffer={0x0, 0x0, 0x0}, &(0x7f0000000280)="4ac5664913cd", 0x0, 0x3, 0x10000, 0x22, 0x0})
io_setup(0x19, &(0x7f00000009c0)=<r3=>0x0)
io_submit(r3, 0x1, &(0x7f0000000500)=[&(0x7f0000000200)={0x0, 0x0, 0x0, 0x5, 0x0, r0, 0x0, 0x0, 0x0, 0x0, 0x1}])
r4 = socket$alg(0x26, 0x5, 0x0)
bind$alg(r4, &(0x7f00000004c0)={0x26, 'skcipher\x00', 0x0, 0x0, 'ecb-camellia-asm\x00'}, 0x58)
setsockopt$ALG_SET_KEY(r4, 0x117, 0x1, &(0x7f0000000280)="ad56b6c5820fae9d6dcd3292ea54c7beef915d564c90c200", 0x18)
r5 = accept4(r4, 0x0, 0x0, 0x800)
r6 = openat(0xffffffffffffff9c, &(0x7f0000000000)='./file1\x00', 0x88040, 0x0)
fcntl$setlease(r6, 0x400, 0x1000000)
sendmsg$NFT_MSG_GETRULE(0xffffffffffffffff, &(0x7f0000000340)={&(0x7f0000000100)={0x10, 0x0, 0x0, 0xa6f7cb34936b33be}, 0xc, &(0x7f00000002c0)={&(0x7f0000000840)=ANY=[@ANYBLOB="40010000070a0101000000000008000a40000000020c000340000000000000000557000740c28f913aa2ade40f294a059fa6db5c40aaee44c2f698135517a6e3274b930bff199c734be845fc8ea5f5ae4d3c482673d4573693be83c73d5a53a0c5e90d74907cd3bf1397e29863d0e3855f26bf1ec1d0a3e7007a000740e5564ab91340a56bf8254a950390eac56485670d13a716cfbbb5a3d69622e98bd3d56a7fcabe331f16380faded4588ac2bb504acbad353fc5091a9581b52360475e2d76ce1172be102bc8176375940dd581f2607a0713d3301d3d0eee39180bfc7242bfdcd8e2c1b990d11ba7c032ab1749988f0c8f7a2000008000b40000000033c0005800800014000000200080001400000002f0800014000000008080001400000003c080002400000003b080001400000008400000000000000f1da04bf7fde139746a93f26238f0409d536f92b5b2b833e076c99f0da65ddc9e49b33e1d7"], 0x140}, 0x1, 0x0, 0x0, 0x4048094}, 0x20000080)
sendmmsg$alg(r6, &(0x7f0000000040)=[{0x0, 0x0, 0x0, 0x0, &(0x7f0000000400)=ANY=[@ANYBLOB="380000001701000002000000280000006110a4ea0e5cd821caf19d4da09661dbf74e866268a8d9eab7472f4de4a81c64439f4b6dcac97eb910000000559c00000300000000000000"], 0x48, 0x200080d1}], 0x1, 0x40800)
recvmsg(r5, &(0x7f00000005c0)={0x0, 0x0, &(0x7f00000001c0)=[{&(0x7f0000000540)=""/81, 0x51}], 0x1}, 0x40000000)
syz_io_uring_submit(0x0, 0x0, &(0x7f0000000140)=@IORING_OP_TIMEOUT={0xb, 0x0, 0x0, 0x0, 0x1, &(0x7f0000000180)={0x0, 0x3938700}, 0x1, 0x0, 0x1})
io_uring_enter(0xffffffffffffffff, 0x48e9, 0x300, 0x2, 0x0, 0x0)
prctl$PR_SET_SYSCALL_USER_DISPATCH_ON(0x3b, 0x1, 0x9, 0x1, &(0x7f0000006680))
faccessat2(0xffffffffffffff9c, &(0x7f0000000480)='./file1\x00', 0x87, 0x1200)
prctl$PR_SET_KEEPCAPS(0x8, 0x0)
r7 = openat$binderfs(0xffffffffffffff9c, &(0x7f0000000240)='./binderfs/binder0\x00', 0x802, 0x0)
mmap$binder(&(0x7f000020b000/0x1000)=nil, 0x1000, 0x1, 0x11, r7, 0x2005)
r8 = syz_open_dev$evdev(&(0x7f0000000000), 0x0, 0x20000)
ioctl$EVIOCGMASK(r8, 0x80104592, &(0x7f0000000300)={0x0, 0xffffffffffffff36, &(0x7f0000000200)="952bb3e006ae9a4c3a"})

29.195342311s ago: executing program 0 (id=3241):
r0 = eventfd2(0x0, 0x80801)
readv(r0, &(0x7f00000005c0)=[{&(0x7f0000000340)=""/134, 0x86}], 0x1)
syz_usb_connect(0x5, 0x24, &(0x7f0000000400)=ANY=[@ANYBLOB="120110010928fc10ac059102254301020301090212000100004000090484000003e10200f5b0da7f0000000000000043fc76dcb62f05c053b268c2ed3aa401e01e11d00e7541d7bbde"], 0x0)
r1 = openat$tun(0xffffffffffffff9c, &(0x7f0000000000), 0x40241, 0x0)
ioctl$TUNSETIFF(r1, 0x400454ca, &(0x7f0000000200)={'syzkaller1\x00', 0xc201})
r2 = socket$kcm(0x2, 0x3, 0x2)
ioctl$SIOCSIFHWADDR(r2, 0x8914, 0x0)
bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000480)={0x8, 0x6, &(0x7f0000000580)=ANY=[@ANYBLOB="1800008080b63428e900"/20, @ANYRES32, @ANYRESDEC=r0, @ANYRES16=r0], 0x0, 0x7, 0x0, 0x0, 0x41000, 0xf72cb191e650caa, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0xffffffffffffff0c, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x6}, 0x94)
openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000200)='blkio.bfq.io_service_bytes_recursive\x00', 0x275a, 0x0)
r3 = syz_open_dev$loop(&(0x7f0000000280), 0xffff, 0x14f600)
seccomp$SECCOMP_SET_MODE_FILTER_LISTENER(0x1, 0x8, &(0x7f0000000240)={0x3, &(0x7f0000000200)=[{0x15, 0x0, 0xfc, 0xb7a}, {0x2c, 0xe, 0x0, 0x3}, {0x6, 0x0, 0x8, 0x7ffffcb9}]})
r4 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000200)='cpuacct.stat\x00', 0x275a, 0x0)
write$binfmt_misc(r4, &(0x7f0000000040), 0xe09)
ioctl$LOOP_CONFIGURE(r3, 0x4c0a, &(0x7f00000002c0)={r4, 0x0, {0x2a00, 0x80010000, 0x0, 0x2, 0x0, 0x0, 0x0, 0x9, 0x1c, "fee8a2ab78fc979fd1e00d96072000001ea89de2b7fb0000e60080b8785d96000100", "2809e8dbe108598948224ad54afac11d875397bdb22d0000b420a1a93c5240f45f819e01177d3d458dd4992861ac00000000170000000400", "f4bd000000801900", [0x100000000, 0x8000000000000000]}})
r5 = socket$packet(0x11, 0x3, 0x300)
setsockopt$packet_int(r5, 0x107, 0xa, &(0x7f0000000080)=0x1, 0x4)
setsockopt$packet_rx_ring(r5, 0x107, 0x5, &(0x7f0000000140)=@req3={0x1000, 0x3a, 0x1000, 0x3a, 0x800, 0x2, 0x4}, 0x1c)
write$tun(r1, &(0x7f0000000280)={@val={0x8, 0x800}, @val={0x3, 0x0, 0x0, 0x0, 0x14}, @ipv4=@generic={{0x5, 0x4, 0x1, 0x2b, 0x16, 0x65, 0x0, 0x60, 0x2, 0x0, @initdev={0xac, 0x1e, 0x0, 0x0}, @broadcast}, "7bbd"}}, 0x24)
openat$mice(0xffffffffffffff9c, &(0x7f0000000040), 0x80082)
r6 = socket$inet_sctp(0x2, 0x5, 0x84)
r7 = openat$vimc1(0xffffffffffffff9c, &(0x7f0000000180), 0x2, 0x0)
ioctl$VIDIOC_SUBSCRIBE_EVENT(r7, 0x4020565a, &(0x7f00000000c0)={0x2, 0x8})
ioctl$VIDIOC_SUBSCRIBE_EVENT(r7, 0x4020565a, &(0x7f0000000040)={0x2, 0xe, 0x5})
close_range(r6, 0xffffffffffffffff, 0x0)
r8 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000180), 0x2, 0x0)
r9 = ioctl$KVM_CREATE_VM(r8, 0xae01, 0x0)
r10 = ioctl$KVM_CREATE_VCPU(r9, 0xae41, 0x1)
ioctl$KVM_SET_MSRS(r10, 0x4008ae89, &(0x7f0000000100)={0x1, 0x0, [{0x40000010, 0x0, 0xffffffffffffffff}]})
r11 = socket$nl_route(0x10, 0x3, 0x0)
sendmsg$nl_route(r11, &(0x7f0000000100)={0x0, 0x0, &(0x7f00000000c0)={&(0x7f00000001c0)=ANY=[@ANYBLOB="1c0000006800e9780000000006000000dde5902af6a9e0650eddff290a0003000000000004009793"], 0x1c}}, 0x0)

26.127926995s ago: executing program 0 (id=3250):
r0 = socket$igmp(0x2, 0x3, 0x2)
ioctl$sock_inet_SIOCSARP(r0, 0x8955, &(0x7f0000000100)={{0x2, 0x4e22, @rand_addr=0x64010102}, {0x304, @multicast}, 0xa, {0x2, 0x4e20, @private=0x8a010100}})
r1 = io_uring_setup(0x47d7, &(0x7f0000000040)={0x0, 0x0, 0x0, 0x200000})
getsockopt$inet_sctp6_SCTP_SOCKOPT_CONNECTX3(0xffffffffffffffff, 0x84, 0x6f, &(0x7f00000000c0)={<r2=>0x0, 0x1c, &(0x7f0000000000)=[@in6={0xa, 0x4e20, 0x2e677c62, @mcast1, 0x4}]}, &(0x7f0000000100)=0xc)
r3 = syz_open_dev$sndctrl(&(0x7f0000001440), 0x0, 0x8201)
ioctl$SNDRV_CTL_IOCTL_PCM_PREFER_SUBDEVICE(r3, 0x40045532, &(0x7f0000000100))
r4 = openat$audio(0xffffffffffffff9c, &(0x7f0000000200), 0xa2442, 0x0)
r5 = syz_open_dev$sndpcmp(&(0x7f00000001c0), 0x0, 0xa2c65)
write$dsp(r4, &(0x7f0000000140)="e3", 0x1)
write$snddsp(r5, &(0x7f0000000240)='K', 0x1)
ioctl$SNDCTL_DSP_GETODELAY(r4, 0x80045017, &(0x7f0000000180))
getsockopt$inet_sctp_SCTP_LOCAL_AUTH_CHUNKS(r1, 0x84, 0x1b, &(0x7f0000000140)={r2, 0x5d, "50db5baccb6e54f415fba433affbb4d4531b16bb049432720c751dadefc9dbc0403671d74493ee067ce6ac2bb6b1ebf668f8f7a50d2a11da40fb7301e1f74cef895be68434107af57493056768fce4ce35f06764fdd7f0e6d9f536639a"}, 0x0)
io_uring_register$IORING_REGISTER_FILES2(r1, 0xf, &(0x7f0000000380)={0x60, 0x1, 0x0, 0x0, 0x0}, 0x20)

25.472041971s ago: executing program 0 (id=3253):
r0 = socket$nl_route(0x10, 0x3, 0x0)
seccomp$SECCOMP_SET_MODE_FILTER_LISTENER(0x1, 0x0, &(0x7f00000001c0)={0x1, &(0x7f0000000180)=[{0x6, 0x0, 0x0, 0x7fff0000}]})
seccomp$SECCOMP_SET_MODE_FILTER_LISTENER(0x1, 0x0, &(0x7f0000000040)={0x3, &(0x7f0000000080)=[{0x15, 0x0, 0x1}, {0x24}, {0x6, 0x0, 0x0, 0x7ffffdbd}]})
r1 = socket$can_j1939(0x1d, 0x2, 0x7)
syz_clone(0x0, &(0x7f0000000380)="281d1da2022efd5fdef86a26426e0e2871dc295b5db62e6fe326357900216ed43714c50419bca57c4d89c6fcb3682176f3eb99ee35dcd9b0bebbfcbe044ef2d46987023fd8ee4d1b32332846ef497a0d2969add92cc3df6770284827708c552adcacb4ef8c48838a3aad3442f64a078192e3320a54f393b7fb80b0399d0b04b0abc4cd2c39334dd5f42bca286e55f2604566942b31177c3d2484f456803a827595314d33b2fe0c7b12beb8bfd49bc99834ae0f6b1e84bf942d898afce66686a3b29145c884f6af0cd9cc2e692d8a06aaf3a81446c6db372965b450da697a9f398feca04d1323", 0xe6, &(0x7f0000000000), &(0x7f00000000c0), &(0x7f0000000480)="a397cfffb768d681c1857d74c793e8f7e0db344727b595def4e188ed9c5dce8084dceca4e39df950e958aee10f29d0d98fcce3fa4767a6f57b8f069ee91ec6f2212405921d42422d186fcc78e7d18647f39805235d1cbe562d8759a101d17df8c49210df128341edd218222bfe58fb6bd6addfb725313475c45685fd587b0ab503521ce53a2ddd6fa78a0fdbc63da30dcbdf2d0cfbb2628d3f0b")
ioctl$ifreq_SIOCGIFINDEX_vcan(r0, 0x8933, &(0x7f0000000080)={'vcan0\x00', <r2=>0x0})
syz_emit_ethernet(0x0, 0x0, 0x0)
r3 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0)
r4 = ioctl$KVM_CREATE_VM(r3, 0xae01, 0x0)
ioctl$KVM_CREATE_IRQCHIP(r4, 0xae60)
r5 = ioctl$KVM_CREATE_VCPU(r4, 0xae41, 0x0)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={<r6=>0xffffffffffffffff, <r7=>0xffffffffffffffff})
connect$unix(r6, &(0x7f000057eff8)=@abs, 0x6e)
sendmmsg$unix(r7, &(0x7f00000bd000), 0x353, 0x4000)
recvmmsg(r6, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
ioctl$KVM_CAP_HYPERV_SYNIC2(r5, 0x4068aea3, &(0x7f0000000140))
openat$ttyprintk(0xffffff9c, 0x0, 0x181000, 0x0)
ioctl$KVM_RUN(r5, 0xae80, 0x0)
syz_io_uring_setup(0x7505, &(0x7f0000000280)={0x0, 0xcce3, 0x860, 0x2, 0x100002cf}, &(0x7f0000000000), 0x0)
r8 = socket$inet6_mptcp(0xa, 0x1, 0x106)
getsockopt$inet6_mptcp_buf(r8, 0x11c, 0x2, &(0x7f0000000000)=""/126, &(0x7f0000000080)=0x7e)
bind$can_j1939(r1, &(0x7f0000000340)={0x1d, r2, 0x1, {0x1, 0xf0, 0x2}, 0x1}, 0x18)
writev(r1, &(0x7f0000000240)=[{&(0x7f0000000280)="b7d6e8", 0x3}], 0x1)

24.464990937s ago: executing program 0 (id=3257):
socketpair$unix(0x1, 0x3, 0x0, &(0x7f0000000080)={<r0=>0xffffffffffffffff, <r1=>0xffffffffffffffff})
connect$unix(r0, &(0x7f000057eff8)=@abs, 0x6e)
r2 = socket$nl_netfilter(0x10, 0x3, 0xc)
sendmsg$IPSET_CMD_DESTROY(r2, &(0x7f00000001c0)={&(0x7f0000000040)={0x10, 0x0, 0x0, 0x2}, 0xc, &(0x7f0000000140)={&(0x7f0000000500)=ANY=[@ANYBLOB="1c0000000306010400000000000000000200e704050001000700000030692b5aebac0cd17186e7779be9ab9e218cc6ca0af0bd83226a6865a9f667"], 0x1c}, 0x1, 0x0, 0x0, 0x1}, 0x20000080)
r3 = seccomp$SECCOMP_SET_MODE_FILTER_LISTENER(0x1, 0xa, &(0x7f0000001840)={0x3, &(0x7f0000001800)=[{0x3, 0x9c, 0x8}, {0xd44, 0x9, 0x8, 0xfffffff8}, {0xc, 0xd9, 0x1, 0x3}]})
sendmmsg$unix(r1, &(0x7f0000003280)=[{{0x0, 0x0, &(0x7f0000000240)=[{&(0x7f0000000140)="b1ffd675726339d746fd758cbe4c117a6dfc112adedc41d2bc8fce4cb871866145223b65458629e1a7c43a5a2f895b4724e01710be136069e7cfe9f60fbe0c185a70c6e23874963ee8a7fd79f6ff2debe7ca815b38c0959a38475c6ba20d176efe51bd119cd200e80ae9d983ce6e5caa4251c5ebb08215fff12c114edd7405", 0x7f}, {&(0x7f0000000400)="2ee9d37cc0d28639e5d649f51bbc35648f794e1918c6ff23ee9d125059b256be4ea724d2c9f08c2eea0dcbe1d9c5a4c008727ed404b3964b825ed60a14c744a44b90fbcd97f7cee0aa6f090fcbc37f169c6898136e1daed9a9a0995eba1033fd0c132308d57f197aab1fa8e4f02c3ebdb8f3a5dad391ebc73aeffe746a7d7780c4bb4caf71b717c265ee75a54092cbce7dc28dc447368e631efcde2d23791515c7c93460a351b74830a28cdbcd01a374eeb71ac034c15783d5016a65aaa7ffac9149f8f83ade2eeb9629d8453e6db12d00597fef3364694e99cd59ce7dcbebb3bfbf76c1f29dfee3c520174f09171be8bd09bb6db49ed93c506514bf0d04a7fdaeb300dd5fdaffc8de9323e5b32d01147b6ba6c4184eddeedcbfbe898a9644f2ab39396fc4a8cea1fef265460d48122114641c25a095f0e6825947de78d46c2491e34a440b81f7b9183f6f4d243b4b2c4c59c891fba74df7db39d280c184cd057e8f6fed4e518ac2f7a65cbd8dae66669bc68bb185c1cc23eb1d824d37fae6af2a00a3f4946779b6b34b193bab522c685bb03786e1b9fa67ecdec58cb062aab254cb88817cfbfd545d748ac2f6864781838e1e5ac1e4375a59ae9c85b649134964dd6a17c399833d0d930f6976a928fdf15a113cb0d3260d56f9dc9ec5f06d88a373bcb9c67a62dedb571a6a48ebc7fcdd9d9bb893af2ccd2f7e919eb04e3a574e028fe44f5c63139780ef700732e5be0e6cc7604747a9e9bfee5130fd0d9ec8f6b3df3d0200f6db67d3bfeb757160c54ee4f9cf0afcef2b0da0ff7db50c99d033b0361d0daa7eca6a50c8a488ba25321042665f43fcae0807f5b3752e3cc7791620d6886382e033cd242eee3df6e95c7fcca888b44e74795f09f7b570e36db40dc09955a211efb730b7ff5c13dcbaef22a8d4a8a82bb2fc1589562d02eff778f9577dcf7eaf9aa4d7f5ee91502f78461beddff79e2bd4a6f4f7d345d329845395a696f3d9db5fe27901928cb2f507cb3d0ab83ea9ae60be2d0c0879e7ed2aedb83d0982f4c7968bfbcc9e1d3191bfea4a303704ef55dd80daba843ee45e008fc612fe3f094bf75c6fbc5a5e9f54c3280e69c3c4a5a6df391401e6991706de76070765023e763340129734909eae3a9e2175a313a16b4f8fa9c1a13db761252085c5a5ec6c08dfb54b25ef0995d0f557d9ee1eebbbe7e7cf2f7f10d6a830b8d3e5111fc63a43c58d9b2adb67a22f5043e4bce4eed74170bcf38caeb98481e99596b83b6c3183f0726bc55004fe830581192ae639ea92f87210789577307f014cd26cede0299fe4cb3c84d77b684e1c43d2c1e97876cca675dda976af161d35f6d68ada2d4828edcc4d51b460f339901f1920571bb5a6fe4a00fc4fca8698a531cce0fe4ca5236514094648b3cb1456859defc4eb3bee2e836ac1594e7fdb4313b6d3b1b4ffedaa3bf5657c7ac52bdf831de46cc02441a5510b0b4110a8b39e27057980865e29e4edcd236b5c433f03cfd1194315d565838a39ef36f9800b37dd12de2e698e04492be7c32cea287f5d02be207d389b99d50f33dcc3a057d028435a69d36e481ffa7e501fef18088defc640ac71670de42c847bed5bd97441f846f7c4fae6efce1dd88fb378232ae54738798f88466921aefd136b430611985338324f47f3e3695c63c3d91c1e3156b1128f39cc31dcd8a8ecc0f0f905b730c73263a84a4dfb5700749a0c97b3a60079b4c27e138f7bbda24dd64407244460ee9de0b376f92da45d2f02ff5862a74187c7daa188a778571f7a9d60744ba2c38d50dd1abe439bd59306785853a97ef8225f0095ca50dfd4939e32c8aa50a3497f7429b3d8469b83241f529d97f306af7fdb32bdb72a35bee812fad59d524a6e2dbb0ddb9b38dd6cf07e56d70c678a3ff5810e4ae21ebf6b8524e56b021048280e2415bc5f868393f644cb8d3b63f41af837ac1d2d791427580f7f36b9071ee604f6cea5aeb0dd41243f1cb07df988afdf19bc9ad89c513f5ec69931f02f845005ccfd1e7cf54e49d6f9230274d9d706ef2d27503b03dbca398ce2d4afc54ee92a9723aeff0674a26544179c579c350873acef4797228e6b13f40048c51c3590950f6dfeeb44126b2f0d13274905a74ae207c8c6ec608c25176ea8977689e2a98e5a34c781b2465c225bfe75dbdc99bf065f11c693350f414b71afee076ac6b3eff8eadbc21279cda0e0f0e7299d893469999581cf8ded9ace241ca2681e8cabe14bbc310a5c4d9ad3f15943886966a0f3caabd2c6d7260cef5a40af268c43ce52ac55c0fee20b69a77a8962e6c73c28ac2b09817c84c729e401500d9ee3179242feb02da48ba3f9152532ea92fd4722b6d51011bb841660cb5d2e52a9fe04bf8df2f8ea0466a09b6a458ac51b18afe253c3ed7a57178e245809d6e7a3cca9ff494a96fbbe8322d54989acd2ecb7533db06a4495160deba026e1317275ccdd2e4e6a71e92e86f1ac43a3a7786bf0017dc80e9ff5445465c1694279562d5a9efb83145610bad0cae988db47c5b5a8df94bb1d9400f85d8aef48e34bf87a920d61f269075c148f8c10b6e57e47a2ae6a4068b277fd6a3dcf1b1b7724f70b6dfe77d1494c0b7bfc324bcad024750510601473bcec44d882b46c147152cd8e2b2cf3f0d1e56a1561adba1268b29359a484662d53411f10deb69f08d94233b28a11bc9cd5dfe2c81807ec49379fe701a493966e75bc6757d94a8b0c0ffad03ddc6b74dec4b1ab4a98f106df22353bba333dfa419b3cda09c3d225bf50b18cd66341bd0768804d01daaa85682497124a97e7a236f667c475d3aa7be4c8bf65d90b9e57347e10f346f44e0fdf4391af6cfd7bbd470b0449857fc64f72ddd598a8f041074ac62d1bea939d3bbb8c45ee2f04608e28ab659114959b03756baff68a0492092cdecc93076cfff033607fa395b09a800ee1b19e7fa3faa004b62d4464d83e0050d6b162417da9ff292e9e6efdb3b8e07e9a10386c07224ab972679afee8b9ef6fa7836df71fdfd6c813e62daa28ea32530298799f25a3f82cc257bafd1f58745f172e033189ac577ff8c06bd03cbe7a563157af70b5b3d51065d908068e5075e12aa6c7c4a5731d7d65538339a37d5f3e8996778370a4e1601fd15bc7fe0290a6965c3bbd152c799f48b39754138beee911e9fcd1c9048f87b83235f6612a2aa0e6230c5018cdc0a117b35262202d552d4490cc775c54196c0d963bad70bc08af40f608af251b3195fda2f0b157d294ca3740843379b7f6459173e8bad903a9d8bfa62315366be48d223d9caedd4242737074e3a1f20d26d164d2f46f72dee9eb7fcbe025704f3e44ac2f99356555070ef0ccf5b7a73e1242a284cbc89bae3bf5d5aaca0836f1ab2501371d43dd7d740d04a77ccb810e28ba130b61c0b78adc9c5a5fac082c3559ddaa09fa69685fc026d715994101a5c7cea4f0ccd9cfb390c4a23dd2aca2007da534dbdf1867a2c331cd6e7e4a7811888fcf33e1ae65976e3024f4acd9302bb64a13b32a004c6430e3e8b56c1973b43453e27b662165cf28c3c9f3b215d9b54dc627a033da89f8989f5d4e7be59aa4d9d09be8f02ece940b19def0da646962343ba249516eeb6bfda4ec1bffcc824bda8146897954f315dafc4a85415edeff201bdca4be80a27b3aa040831bf7c0b250ad4c8717a74c3576c18463bad7ef01ec6a63143ef1ea3026f5f0c85060ebc0c11b1944d78a766c9fcd3c0bb68955e3f99e8791b4d0282ad7e65a67be60a33a6716d4f8c221d5e6a953d998afe9cb72418839b6a0125b3898be4ef9de4f03cc3a100bee6ed2a768b097d73a5717eb00cef56c12ed8091b0322ad5dbaadacfecbaef0dcfd9c7d156126ab53b669d294fda9b75fcdd0a9998ea70c89e94d17c285779a1ceb14a58c1c44812ece7f6c6ca342d134e4ca2e0e0265a1b796367c8afc6b3a02fa7c12bffd9c24524132059b8213f231f2194ac2dd395af55734b094bc3540dfe114f717c12930027d814f8fbeb2235dede8ce0e1ffebe647560b636d86d84d129a20aacc1c20c34cd434c5805368609eea37d4a262bb5150db172c086efa009ec1afadf3e066ebf978767b1c55bebe09f52f5d0a37d70dc03f30404c288b12704c8dd4d202978d7e7cf5cb88c7895470a69f64185a1ac7bd39a1f6f244a55b2e2513f0452318892e1f4f9e4211e73fa524d327ae77a063cdf1fe56fd42717a37da892fcda507d5a0e4e0cb7a12bb272a13b644456416123106e8ab5209eda6d7bd9494763545d075a6c007d60602839b371aaa19e79b5dac2ee89c8d98d81de0271b5670a5c898ed2506684554fa8e7f470f64ef30a731c36f8c32e147f17204ce872b1a5ef88a5b2fa376c095d70838fe5db4a160fa486d414bc82d4ecd9d9b00435c08a5c9df985c30c0b133ad7980ed2318436b796f3f326ed99e50ef5051cdb9cce0bb40ac2cb5457960441143510dad1bab97cc82eac5fac2559e9c48385ee9453707825c4f1f1d2f6067052fd0f1ee090e72421ba9763ca81c3514116b18f3d4dad9df7d829428a3e25ca7b9991f1043173a14e1d98e0b0f605d2a2b172f9a40c77cb3ac1a5647e1509cca022f0803b306b4ff6f9400881b3291e7b3e94ce89dee993eaec11ad25aecda43a447e918cd2d34833eafc4aa8d42e612f1f16edf825ab0bfd5b4c319e86a8305eb0a60b9cb889b7aa442c8f4f3223562ca68471866765ae6e2976198db0c7cbdee4f0f6720158b26961e2dabccce3936a5b982561e78e972e72f640716fc5a621be93de0248263c042430024df8665d3dc21421923f106b09e825f8b27fbde730e72e679e6a0766b961f77bf903db5520f54a17e292d3e98f35affbef6ad77d37b26c43eca4423edcab25a828ab639b518c9f09cba252f368fefde3bbdfb8496b2fba3ec9537962b305999c13111dc5d467b49cd03247e250d5a500927651f1c3421478ca5789e8973eb4a97930adbae3b4ebddcd6b69e417eeb89cc10e2bbe5585a89b000f80860fbe76310c49e923571ca5bda5df146beb25efe62ec9e2926b715c5968efafa148dc7b31a162bdbfe3cc6948f877190701a8823936e05dd5d8ddd1f8c5eca8d6c17e97f0ceae5fa2394abe4a3de555a5b9b3cde3581d3d0bcd2ddd32d700614471f15180095afd5774343059450c94bfbae6749686a3481f4532430a608549838740d0e926d6fec5078dcf91194449800c7c5c3ee7f2514bd8a0db255208928870535a6c7eb447b146f7b6a21476f0d028626e31b33be64b33606ed09df259f9e75c15db7da0debd5e880b470cd50784257e59e1322752320af532864799af0000fd355125ec6026754920a8cc4acfafad992097af7fb0f0b7f2c3cc6ea48f9b9ebf42832e846f6cc51704d5e8bdad786e2901006f321464ccf91db9ef19705279840690ec34ac9553de7b0055d0aada72ee30e946ab3f6de2d44c947963b71ff041b113ec600ec9146d9c6bd7af7083c2e32bcdaf9c5299f6b7dc3b1d112d9990a60e76c7768e5c2ad41bc568721c6e9fce32e016a19b4c082a3fdd11ceb44ef3d765b3c8b9f964c5c9b3c961d623a7bd0d5a6ea9ee92cda9f87441a271f6b2e1ef47190bdb95cba770d64d1ce0afc10b7693cbcc446a797fead5c8ea4aa2f4f45864bc2a1989241d4781f11fae5d63e21d44d85b2b881f947cefa9b1043bc0e62cfa52f50d7c7327550d25292b833e45b0e914bbfd5997d8e19d1d4d0e79ac4ad3415933130b027d570c8f7ec1a7e88a8", 0x1000}, {&(0x7f00000002c0)="2d6ddda9c8f55de395220508df7c514118d07e8cc8185fdec36fbc1382e8499174e266fe768473557dfc942192797ba29e4661312deb219ffd347defea8ee7212082e544ebd08ac7b583580323914381788cfa9b69c65721a317d08bf808c3d30aa18e9cd772d74b50823553b0affd452c4617f08716338442ad5c5e78600aca4169fc232a7b279b60aacf516550e191d0990dc086842b226f827a076bfd2af2638e762e974b3ad4d8e2511b25d069d26b9abdeadb0341ac57f0a5ddb78eefb5f6238de565051e2765931e4a4c3067baf49f08fad641e08ee0a84383d426be255465955240", 0xe5}, {&(0x7f0000001400)="dbbb3f381901d67d903bea09f9f83b1844dee920eb904f495295e4e62dc379a81d8bb9f44a068009f31842c52a7d652a340d655ded7e8f73b73bf02de0f17cd879b370cce7d7faa857764abb918110370278f66eb49bf4729eae52e15e6ab20be8f6ed68e313c0d068174f37b4392e16a18d093a93349736a2bed8c92d446549b8a83f68cb6117861dd4f6cb8387783455fe296337bf4367f823254535515ecac0b4ac607a899ed0ca2dfa43fdf039a29269e6fe84212adb56f938783e4936fd35481c85675269a15a4850246f54a1c2f69ecb4dff54d1d4eb1f5b408ed8d55d989be0e35313cb7a558c6fe980a29c3c8a9f0f", 0xf3}, {&(0x7f0000001500)="1b05a42179a8821b5b07ae4bd7627745b67bdeb0200c5fa4f973fdd8cbf7a256be9bc337d2e9b65586dfc2732d2ea73652f1e2e4d7b85f4dd4738ef3cadac8988b33c274128a932419766df01cc72c92ade04a7f6d667eb3430f90ac97cbdb7922ba7ef1f4d8d46256e11e9c3da4a2ca2f25a34ed6275127619e25677f963213f8ee3e45c1182c111dc439a796e9b7e476b006214ba0e28c2328b875bcc25115f28b6983d26d50f7ddf631ea20bcddb261e2ae5a55523056f05cff3da397ef62abbf53b072e61387b8ef25ea6c0a8fc7a2a3675194a23e966bd91506d3148e2a257343e8e5289747a0f2452bf17cfcfc99fe1b", 0xf3}, {&(0x7f0000001600)="57c25c180af4fa58445edd0ce452af9965a83dfde659f1743e0184eb9eb1e2ff2cae3dca892952425fa238190a55dfb8579a79d1554ff4f0c70b282a358122adedf702decf6850e4bd96ec49156fca3cbe7d743a07ac3e160b305380d2ca6ee9cb73b3f91eb173f0edeab70246dfd2ad8e23a61fcad0e4b1cdb2f6b3f569faedd10f7a9abf08bd2835f21381bb873504ebcacf7f2ade5bca9cb31ceb07810aeb96923c51d29e04836846582debf74f2b915f659cdb2942a3994cbe4902b33e63ee612fdf6f2858d457d124ff90003bb3bce362d953eda687aab03214d7a2e8272042", 0xe2}, {&(0x7f00000001c0)="2f25003f27fd4561401bc1e7a3df2382556f9f75a5b1434839b469af107cf5f16f8f293b4064922140484633b68d1cccb75575e2e22fa83ade95ad8a9e4ad066cd57769669dddbe4d72a204962ab7313a6aeba95c84393625a794f0df85d6f6f219cf34598e0134a90c1b185c2559b7aaf4ba4f8881142d584584bdf5a", 0x7d}, {&(0x7f0000001880)="169a5e092635f7a14c73f004267b6144f613eb36a46696b366ec32528797a4f795c886078c4dbaeac852b04358ef3d0eed37645f87e4f66693409451c03e5d73f4b9246227e6de5f190b9e0faf08a941ee6531161526a3ad585ecdded56ef64973f51d1cbc063c3bf68c13c545424e7bacccfb9e87f7c84e662777da1e818840d383d89aa29e715998bb14383d06d7011319dce5b5d70466ade0fd4e0acc98993f17c0b568311ac61aa605608c06ade0112b6cdb9d2312ed7692799d24128c5a6f4e45d78ea28259acc5a935428d70bbd3d8e73d390c442c79225dd732ce176215e6a9a889328fcd831f4741cca494b900ab02489c99c9c0d02ff674e5eac92d05db06d2a3aa76764d825442a9aa7dc9717243f6dad2b43706413e2af09bd112b2a6", 0x122}], 0x8, &(0x7f00000019c0)=[@rights={{0x30, 0x1, 0x1, [r1, r0, r1, r0, r2, r0, r0, r3, r0]}}, @cred={{0x18}}, @rights={{0x20, 0x1, 0x1, [r1, r1, 0xffffffffffffffff, r1, r0]}}], 0x68, 0xc050}}, {{&(0x7f0000001a40)=@file={0x0, './file0\x00'}, 0x6e, &(0x7f0000001c80)=[{&(0x7f0000001ac0)="5800a4b744a54d0ca49387bc2e57505fadd11287c5c06a8c5667ebe60733", 0x1e}, {&(0x7f0000001b00)="ad1a82f33058402fd4ff1da265474b46c2dfd10990451829cdf77e65573b1c51f17697e64be3ace02fa4e574feec4affa9be35968a1e702ce3c920f7f99ebd375f34eebbc9477f6f33b4f9f882ec5e90f3827ec037766e3228efb9c25c28d650a03e966d6e7241223def356d9ca829302d36f87680b2a7c4bd564f5bbc88951925f5cecb4c138c55f1ae70e705a30e806b15c76f641a81d23129b16fe5f3c220dd233dc40bea7e6349a080b7e89d1b7985094198f4991713fc2d17ac147e1c74ea930356cf555463384ee0f4fe2282639ccc03bda36298b2c699ca3c5920d212ed6bfd21b1", 0xe5}, {&(0x7f0000001c00)="ee0626047f42f4c1f94b256479d7480b501b9d9f66a7be6542600d7cbc73f53600ae01f5c493e2becaa58fad3bdd41b098132ad7f10d17e9eae70a926e67b9af7dfe9751773a48e03a8174eae69814953e5e1476707669163d3f1de1229181132891a84597d81e4d1d02f17994cab95bc32ca137ea29cd03e6b027b387677384", 0x80}, {&(0x7f00000021c0)="1953ed4b3e02df5d0ee25e09d4a0273cec60fd7925d24eac7b1350bc30a75b3d32068110b156c8214079a440ccced2f5c1bb322d1c777185964f6b89c09201894f869e67255bdd4e3136b331cc34b6dc473a5afe1d8d17a12349a3f5d98bb1adef70effd55714b40d0611e6fea6d3a41635e3499e6fd687687f8a3da8d532d66ea6ba244ce1b43d062d2f1c24fe12211d93d670c02bf455a682b1143d56d0e580a146646b4a9932daab2a2e9ab33e3cda1ea88294f8e94f1286765f83990557c771102af1e2a558566f5fe6e78e2e930a2bc96934984f1c51938f33ca71cfb8c6bc6cf243b28c505de4cafe7e9fe0e98dbc201becb689ff521d2d5fa8d5be1cf067f366f8fe3b7bab8f9a090417b8043f454703e3cb499c5a8f18f3e3878859c3bd9abfc22e408e53799847d9ffac85236d1c3b86fe54484eb88f8147380c7ca77ad19c3219ff531bd0dbd9db1b04cc3e6775def0863f14abda478d56ebb6a2378ef638b2c53858d22d5f067b32fda0c6a780508224a3f168ce4ed736098dd2146066db504fbc5d8dba279750bb6059c4cdd2ec221f15907db4d50550bf061d9f97658e0920c01dd4e0242243f0285ba6d8930da3148ace9fd00070521f914d7cbc46cebc61b9251948a0017bfd35a92d597e3149d892777373d1d7f5c7f08edafe4b1578c94a9553ef180fe8cc3ba9af2138535669c3641c15242e5e89700035d6fa4c08970f84d30fe138592a086b8c014961f5a77ee4a291fb34f0d3f12d1ba2f9c5078bd2984ac4006247d968dfc0cb143c13a6101ea07c81b98a531a20eea0eef10d571d6bd19b64154d7a022ffb5a17b1da9d2c6a9b92481429f8e4d6517d4c29cf1e7c1002d1bad4c7596f856837669885e7a0000a17392210f0e6d0d13eb88b65feb6c80903124b942338d9fdc79348a2c75815b27462b3a080c405422ea45531eff408a3e8e7e1d8ac2cca9145474766da9ae2427f2f81baff1b0742a5c87854c7c887c4a1c6ff1735b3a7736005d53e82e92194a37648d6bec3a45fd78dcb130e1598a4929ff6c607e90e12a17f1b317d1ee12805034566b9b1bc5af595939defac9e1f4633bed19cb64a1eee698f34e1d6120b595f74d15e71dfecac3c4b549affd543f278d2b32f76fb48e50c2e5d4698342bc9f7dad417823f8c3dcd57ee9ff66e036b7b00496b3ca7ed0eccdba797567f890eeb0cfb0b96f287eeb100b01618c7ea35ab5c2bd1fd142b98712fe508bac6af2bd5ae6c5fb3333302e728b6c6660379a26f0311bd760a3ded7a3f89ca36f5809894598390afe054df63c552922a73e68e5e3dceb54d027cb80da4db71049fd2fb664edd8f4e6449877e0a1caf237d0f9185aab4b89fd1aec3064a9d08c9315603890d08a517d817ea4b5614fad076ebcc4ad6f44708886232b3bfea389e835d7997f0b5cc2588a5883f883c018af3d15c2747459f155884fe0338a818be4c7e1fc695de62da330665bd15e0fe16ff6aab5adb620707af395add7623e712635915ca6eaab3ae41f993fa84f7a7ebfc2333d9d0a70fc13160b48113c1a20412732789c989c97b728ed74ac562b71c398f6a373437037722f3c150a6b82efabb59d56a9c302d0f18c7256d78abc791059abf8e2d77d52f83fe573f0aded6e506800b5be9663bee64bb2cde879697261890f4bde1d385b09b4a7c814e528efcc6163e927836b38b9e7fb8d1ccb3478107718dc02d984d14b6aba02003e1ccaf3d9448c3969b9b896110674e7c4953d0c234685f1d20418f159fab22ee2d7d0092eb4e7feb67c84c4ab71687f5afde31426c356b609cd296b6cdfcdfa662d6e3dd7300dde2365096580e4d6667f070a082fe351edddb921a5da30c3aeb98da2fbb92e0f4218a35bb6776b725f084398fb705e91c907693c1c0f368af3c02168913f12679309a58cc2c26f6581ef36e401368b6e66b5640139a60e8668fb748c91782eeef1892b8d353cf201ca541b7f44eadd2b82dbba72857fdd343cacf440bcccf928a5244fa04abb1bbbf1d9ad544f871fb0ba554a2e3cb637808861efd16af177bf1a8ed6a784889fb7d31646b46d6fbb18ace5a33d7b736e0e8c6d56e1e2033472c2c7d5b7057b992d8e6da47c028d0035be55411a5c75e8a96c8367059516ad8c1d2bdd021e3e50360857057f0e711498c3e90a4dac8f2b4bb5366a46e143dd28438ffdb36e04e4bf6ec458643f36ef8ab829ad632451b14980360b9a1f68677321782e36a2237ee625fd679410b77edb7f87892ce1d9a3a77003922bcdd309de9c25c9c2c675922f0eb3d9d1a6a70287dcecfafb1512a2a3ef037b1aace332f4cc4ce308319f01e0e577dce4833c2ddca512f9a580cbeaca6309c542b4d64684152d169f911ebf8684b62bb302f00a9733162062b656032cf70cfaee7c8100bb4956ec01572a2ae3d7b3d2b26a6195ea028ac649d7c19daa235605f26a0bc665dbaeb594c9edca469948e7663a8dfb164a3f19cdf6eaee89db7cdcf5e40343bfcb211328650e43d023d6f6c98ea5618ba95587e7b6c507641c3046d1e0715b3b1b2f22c434a81d4716eaae7bbef920e001c761481d2806e5fd8a8f4c3e83c329f471e244742ac6990e157418be66ee5846269020909dd6acc9fcce70c3c59e7d92fb0c4dd7524122016de6a6529129c0e76a4f352fa6428d953b2216a8d6b4e0aa41f5607cfae80823f60d83498f3420d1856e88e26162af9a731ad89eb14b70f5486db01cec3d4ad3a6a2c0b213670f8b7f6a33aec8a9b246a51fbdf315589da1d9a3e32526bb851c2ef0fc2408f06671ae5726a866b192de4c40642a984f86742d18fb85c9c268ff3ed54adc4736484196203b14a72206f28d88a33334b6a13a9ae0648811a6e06288d02b7c03b3fd15165050de9c8fcb3112a861bb05647c1a80fc0c6f567ddb7a63e5b4409c8a0820be6c9d38a3b6a9b46dcb917ef26ce3a7d77e66c3b6569452a20692da3fb8817e368b3eb95cd4331d751b092f6bf20b842328af5ee1d4de04ce7bdde2d75d62669c48b8dc039ef7586cb4c7ea2fb96c50e51ebd391365b051eea0614d97616c0a58a41ab12e44693f2f912decb103569800bc11ac614888ad01082a8f1c8ccaf77e744f89c094ad4d65d17093bcf10435554131a941f7b7661f76c664f59c34899cd5b8f5c7c9aa8998499cdf57fdbcb355b689c5a946970abb30c3a05774f4996ed398c770942571c4808a2022cc4c765835b25ad32da6bd1e408b933dcbeab85bfd97ba8c3e9dec5d764dad7cbffd540218a77a0980667f04c412c250f06707e0c9d3cd0d01a03180554fc0060166b7d653358a02e94ff29cd4061f7a09b723c1a47451b23f31102e97ea951dfe84a2915ef14dfc2df70a143fa9af91f79c600b0adf746645f00f4b9f5c4f3e12799189617d61fa4bb5e107e772c10b0fbb34b12e3be63ff9633ae13adfe510c055deec9c194578c8527fb3484f94da094a7c29204dae820d11847b72cbef2e991ec603cb4ca1cbe2951a340c2401bd7cd96e848a70d7ebce8cf388351e9c18d647757ffc52b3ded0eca1971b932c1377cf4221de98eb2859e00a2493ce74ecc8693d071eef8504ba67cc1385329d873257cce08ce47b0385734bdddb33a0ebdb6cc35b3f22bd76125bccdc599b559de230abab28c00d2b9c5fb2bf68eeab12d764951fdc4f9d907500de06cb3297f74f42fcd71167dcad09dcdd7a3f083ad61b445103262d86f792a2b9e15a14ee481b139af3e13c8edcc85f0ab275faaf130d111c5c177a36f241c054f500e0f8d9463338fd279a2017a30022ad9866652eeeb793b218f2f23cd44b064073141e9d913f8c6a2a567519abe5c89abd77bb86e58d6ea4d87f2e826111df005955a24d9000bb0fbca84f40c23b01cffbf654bb29cdbe8c41c3843d9b207a93ea83b6fe85e09f1a9aad80f7470f1b32c5074430690fcfff328af933b007e2124f23eb01b7bfe8b156a7af19b107cc9e8419ee8f8b67ad0d11352672bbec93c2a33f293c1f6408991435ea87209bf3167838f2535a96866134ee6954c2a61be2830946200671d368b7a3bf32b6e7c55f91eb546344c59b328a6c3a0a53c6fa1d06d34605c0d39f4e9ae1b9c5957f00302f0790ad466f15b29a5c460e424763cec5374ba07b15f2e530e58837937241aa44c0e6fa3ffd0a8b33b29d0a67959cf7b4b8e06ee61179372769a4326ee57a9e2b08321c2234d1ea5b7752a311b5f907446c08b223469979844de57473715c7f5da893b5c7228a1d8c1da29bf5a442e941bd0264775d7fecc827037ea0d502b572cf93775363cd3c33df254849c6c2638159e14e7ae539f04ce00c0744358255de3f5185207dc3b3fef87392aecc3bd9c286d66b68faec377ee920f5ffaf75c9e04058ff8395e404ebc713ba74c2320ea9a44b6a229db764fa1f16c234cdcbaeb1f7f60e894478f1583ca7799982fb4b922f7386bb10a62717056fc07d9ea4d551a6be2172842fdf715857cb21615b59cc85a573def11b3e72a888e26ef407ccbd704923051134ce34ce75fd3872790cdcdcb8363d3cd51cf3105fa6e64410db00ee8efcb23715a065ae6037d528c7d4b219514d30bc27b327ea531b021b676e02f48016c33fa3b0f3ba3f2735c7665c5f5681dae9ff1fb1b8ad35459b1852db4fa7ecf01c0a1097deba64d8c9a71675ca916d24b6e0cef792a9f8d12e116180db3ce0c7dce88a11707a636d192436dbaa818de185dc8d7f5b4d3836cdb09c37d01641003926862dfb0326bb167a425f4c973edde023b07eb26cbe5bca90f4f716eed5b579f19ce9eef453c7c917e01ad19df9adce71f5ce990856598166207f6480beffee681db85c3d782bad116048147be3de867a1d43145bdf78671477d491bfd8ff0964534f2cdcfc4b8889d78bd603905094d879ec71f4002ce5fed10bf8313ffcfbd86f60882d1ab26de06216ae46f44fd05286b0811f74f5b6d559f7db42c697bd466fc20f6ef8956366e92da64e94fb2bb624d3957bf2d2997672ab1d4650c1d8f48b536355b79cdb370f06942f16d2029542370183edd3bd4445417efcae8f5887cb2a6fe54d09862819a5ece4ef030d75610e5f56efd6de76a393843d37540310fa1a9dfee82ddb1099ddf5d27ab95db8134e55fe81c791182fb52edf0e9241ad5fe45dd8b508228df47651f83d4f9bb2e2e9cafafc98fc4c6cbe5a2322192b9125f3c60c9a0426bc40e3053bec26f9da9f9ca17c3377da22da41886c7b67746a7f090a2716543a9a232179dd29fa9cc1c84e6f429f311854388883cc121a940cc9d229196d9aaee149633a6bb7fa0ca1ff8665f8ee985111b6b4bd6d6866d4ff31f708d8eb9557122f257c80b6a489d884e16b9750678a6b33a79df071990c5f8459a10b792b4513834e87d57c8dfeae117e64c3fb9ee1eb1310f5222cc90a1735a8e661bac3fc8518f75acf4ade4c803af214c3004f24ee971c996cfab342b02555c99f7d249e44d303e90518205423c1b2c7d24384452dece985e1c296c46e50f109bad74b6ea78df9469b04c5720fa5f28d55a9e31a830dcfb331bf193825c452642d6815bc3228163fe704a8f6b8118141ff4268b5c2f410fa473b254d80089b9fc73849f21d8127d9c74a5b8b24e83175c983e1e42f913a104e93a3ec39aab642c2096849f86e0a267c7ae08c8adb62da7f73ef01cf61aee4f86aa6622a595cc4dd249ba9b259ca2fa14ceee1f2434553e85052aacfe6c1e55580bf09dd28b0be68e3d9", 0x1000}], 0x4, &(0x7f0000001cc0)=[@rights={{0x1c, 0x1, 0x1, [0xffffffffffffffff, 0xffffffffffffffff, 0xffffffffffffffff, 0xffffffffffffffff]}}, @cred={{0x18}}], 0x34, 0x10}}, {{&(0x7f0000001d00)=@abs={0x0, 0x0, 0x4e24}, 0x6e, &(0x7f00000020c0)=[{&(0x7f0000001d80)="f3eba18e0873dc589461904b5b59d01d736eb48f6a08446072369ed6334cade91f5779b7ac6ea502069698c26ea47ab13b4a38f98f56e7246aa6fa8956564b0e43062e9581dfe12c08cb8bce67650c007dc955258256d3ee118f1f7a14eb209ba61f3632b40de1be0408433aa48891e4a7220bb992dcc9b4844ba24bfdc61fc675", 0x81}, {&(0x7f0000001e40)="d3a12f23bba3d3161224f0cd1a6c9ced32cc89a39353e3ec00b844f9b1dbbbde5b99f3d87c4d0ee7293a03c36c7dc65aca45bfe5063078dd1a3f190c895b84513527533fd099213967e17d52a0efae14634a7b8cf8f0722f23", 0x59}, {&(0x7f0000001ec0)="f96debab2966cb1220ff5484fa75e1c573ccc923e2562af51559cea70eddd4beba3aed5819db36133594c2ab24cdabd17c44adcbd613d2a185b149fccbdcee35a83f467c621b9ead2cbdf1aa839c8299575d6450f8a823a86298c2d718e3e1e1c7a7d7e4df", 0x65}, {&(0x7f0000001f40)="b3272039efb6446dbc9ac42a499490ca18612a74c6818dcfda0e0ad0afec83547373a67c2108c8ed684f4a8b38a98890ea15034e69b49ec882fffa4e41d7ef607289fd34dd695d59110a3f9f6ac224cba5bea33806ac9f4fdd4e6987bcd9d3cc7503b6", 0x63}, {&(0x7f0000001fc0)="653cd0edcf915d421f01661aa0b0cac0334e661069e02f7a01a33085c433df091e27efa521426eb0d9b72c35da9a6a8324354173af26e0499b5dc9f4d4e33d2a40ec2ae87a58866ac77d6c19a7dfc971faf1addd911fd10a1f7761c63b04ae60b75bb132d8a539d7b692fbdd75d2ae099cd63e854172e19481ddc47c32b6ee1c73e4e380526cfb0f66e4caeab39e791852364a7caeb9847a3358dca0b2a447f6648125ed8d8ae98577bd0d3f385721653838585d28cc9e26ec242ca8ad85ce979e003d8f9d74d8f44df68b1149d9c9cff1e845e207f6f9deac8f27", 0xdb}], 0x5, &(0x7f0000001700)=[@cred={{0x18}}, @cred={{0x18}}, @rights={{0x1c, 0x1, 0x1, [r2, r2, r0, r2]}}, @rights={{0x14, 0x1, 0x1, [0xffffffffffffffff, 0xffffffffffffffff]}}, @rights={{0x14, 0x1, 0x1, [r1, 0xffffffffffffffff]}}], 0x74, 0x8804}}], 0x3, 0x20000000)
recvmmsg(r0, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
sched_setattr(0x0, &(0x7f0000000280)={0x38, 0x5, 0x8, 0x8001, 0x0, 0x9, 0x0, 0xfffffe0000000001, 0xfa11, 0xffffffff}, 0x0)
r4 = openat$ttyS3(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0)
unshare(0x26020480)
r5 = socket(0x10, 0x80002, 0x2)
bind$netlink(r5, 0x0, 0x0)
r6 = socket$packet(0x11, 0x3, 0x300)
ioctl$sock_SIOCGIFINDEX(r6, 0x8933, &(0x7f0000000000)={'veth1_to_bond\x00', <r7=>0x0})
setsockopt$packet_add_memb(r6, 0x107, 0x1, &(0x7f0000000100)={r7, 0x2, 0x6}, 0x10)
setsockopt$packet_drop_memb(r6, 0x107, 0x2, &(0x7f00000003c0)={0x0, 0x1, 0x6, @remote}, 0x10)
r8 = syz_usb_connect(0x0, 0x24, 0x0, 0x0)
syz_usb_control_io$printer(r8, 0x0, 0x0)
syz_usb_control_io$cdc_ncm(r8, 0x0, 0x0)
syz_usb_control_io$cdc_ncm(r8, 0x0, 0x0)
ioctl$TIOCSETD(r4, 0x5423, &(0x7f00000000c0)=0x3)
r9 = userfaultfd(0x0)
ioctl$UFFDIO_WRITEPROTECT(r9, 0xc018aa06, &(0x7f0000000100)={{&(0x7f0000fff000/0x1000)=nil, 0x1000}, 0x2})
ioctl$TCSETSW2(r4, 0x80047456, &(0x7f0000000040)={0x3, 0xb, 0xfffffffe, 0x7fffffff, 0x0, "23f555d9adb42d4408020e90d1beaa82dc1ecf", 0xffffffff})
r10 = socket$inet6(0xa, 0x3, 0x7)
r11 = socket$netlink(0x10, 0x3, 0x0)
writev(r11, &(0x7f00000000c0)=[{0x0}], 0x1)
connect$inet6(r10, &(0x7f00000000c0)={0xa, 0x0, 0x0, @loopback}, 0x1c)
sendmmsg(r10, &(0x7f0000000480), 0x2e9, 0x0)

21.355081935s ago: executing program 0 (id=3270):
syz_usb_connect(0x0, 0x24, &(0x7f00000001c0)=ANY=[@ANYBLOB="1201000013906c08e90f01db9be90102030109021200010000000009"], 0x0)
write$FUSE_BMAP(0xffffffffffffffff, &(0x7f0000000100)={0x18, 0x0, 0x0, {0x2}}, 0x18)
sendmmsg$inet(0xffffffffffffffff, 0x0, 0x0, 0xf5)
r0 = syz_open_dev$I2C(&(0x7f0000000040), 0x1, 0x2003)
ioctl$I2C_RDWR(r0, 0x707, &(0x7f0000000a40)={&(0x7f00000000c0)=[{0x1e, 0x6000, 0x0, 0x0}, {0x6, 0x4001, 0x0, 0x0}], 0x2})

10.943482142s ago: executing program 1 (id=3301):
syz_usb_connect(0x0, 0x24, &(0x7f00000001c0)=ANY=[@ANYBLOB="1201000013906c08e90f01db9be9010203010902120001000000000904"], 0x0)
write$FUSE_BMAP(0xffffffffffffffff, 0x0, 0x0)
sendmmsg$inet(0xffffffffffffffff, 0x0, 0x0, 0xf5)
r0 = syz_open_dev$I2C(0x0, 0x1, 0x2003)
ioctl$I2C_RDWR(r0, 0x707, &(0x7f0000000a40)={&(0x7f00000000c0)=[{0x1e, 0x6000, 0x0, 0x0}, {0x6, 0x4001, 0x0, 0x0}], 0x2})

9.518067545s ago: executing program 1 (id=3305):
r0 = socket$packet(0x11, 0x3, 0x300)
ioctl$sock_SIOCGIFINDEX(r0, 0x8933, &(0x7f0000001800)={'veth1_virt_wifi\x00', <r1=>0x0})
setsockopt$packet_int(r0, 0x107, 0x14, &(0x7f0000000180)=0x2, 0x4)
setsockopt$packet_int(r0, 0x107, 0xf, &(0x7f0000000000)=0x3da, 0x4)
sendto$packet(r0, &(0x7f00000000c0), 0x0, 0x0, &(0x7f0000000540)={0xc9, 0x0, r1, 0x1, 0x0, 0x6, @multicast}, 0x14)

9.399251888s ago: executing program 1 (id=3306):
r0 = socket(0x10, 0x3, 0x0)
r1 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000080)='cpuset.effective_mems\x00', 0x275a, 0x0)
r2 = socket$alg(0x26, 0x5, 0x0)
bind$alg(r2, &(0x7f0000000180)={0x26, 'skcipher\x00', 0x0, 0x0, 'ecb(aes)\x00'}, 0x58)
setsockopt$ALG_SET_KEY(r2, 0x117, 0x1, &(0x7f0000000340)="71e67a15cdf0311cfcf33a52a7d86bd1", 0x20)
r3 = accept4$alg(r2, 0x0, 0x0, 0x0)
io_setup(0x42, &(0x7f0000000100)=<r4=>0x0)
write(r3, &(0x7f0000000400)='`', 0x1)
io_submit(r4, 0x1, &(0x7f0000000580)=[&(0x7f0000000200)={0x1000000, 0x0, 0x700000000000000, 0x0, 0x0, r3, &(0x7f0000000000)='e', 0x3f}])
write$binfmt_misc(r1, &(0x7f0000000040), 0xe09)
r5 = syz_open_dev$loop(&(0x7f0000000140), 0x9, 0x40000)
ioctl$LOOP_CONFIGURE(r5, 0x4c0a, &(0x7f00000002c0)={r1, 0x0, {0x2a00, 0x80010000, 0x0, 0x2, 0x0, 0x0, 0x0, 0xb, 0x1c, "fee8a2ab78fc979fd1e00d96072000001ea89de2b7fb0000e60080b8785d96000100", "2809e8dbe108598948224ad54afac11d875397bdb22d0000b420a1a93c5240f45f819e01177d3d458dd4992861ac00", "f4bd00000080190000000000000800", [0x0, 0x2000000000001]}})
readv(r5, &(0x7f0000003a00)=[{&(0x7f0000003b00)=""/4096, 0x1000}], 0x1)
sendto$inet6(r0, &(0x7f0000000180)="9000000018001f2fb9409b52ffff65580200be04020c060560020b0243000f00ffffff9e00c8388827a685a168d0bf47d32345653602648dcaaf6c26c291214549935ade4a460c20b6ec0cff3959547f500f58ba86c902000f1d012e02000280160012000a000000000000000000000000080000000eceb6b362bb944cf2e70100aba4183b003e5fa424ac4d31c4f7a1", 0x90, 0x0, 0x0, 0xf)

8.102252812s ago: executing program 1 (id=3308):
r0 = socket$nl_generic(0x10, 0x3, 0x10)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0x1000006, 0x28011, 0xffffffffffffffff, 0x0)
cachestat(0xffffffffffffffff, &(0x7f0000001840)={0x1, 0x2}, &(0x7f0000001880), 0x0)
read$FUSE(0xffffffffffffffff, &(0x7f0000000f80)={0x2020}, 0x2020)
socketpair$unix(0x1, 0x3, 0x0, &(0x7f0000000080)={<r1=>0xffffffffffffffff, <r2=>0xffffffffffffffff})
connect$unix(r1, &(0x7f000057eff8)=@abs, 0x6e)
sendmmsg$unix(r2, &(0x7f00000bd000), 0x318, 0x0)
recvmmsg(r1, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
sched_setattr(0x0, &(0x7f0000000280)={0x38, 0x5, 0x8, 0x8001, 0x0, 0x9, 0x0, 0xfffffe0000000001, 0xfa11, 0xffffffff}, 0x0)
madvise(&(0x7f0000a93000/0x4000)=nil, 0x4000, 0x80000000e)
mlock(&(0x7f0000a93000/0x4000)=nil, 0x4000)
mkdirat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000000)='./cgroup.cpu/syz0\x00', 0x1ff)
io_submit(0x0, 0x1, &(0x7f0000000500)=[&(0x7f00000000c0)={0x0, 0x0, 0x0, 0x5, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x2}])
ioctl$IOC_WATCH_QUEUE_SET_FILTER(0xffffffffffffffff, 0x5761, &(0x7f0000000f40)=ANY=[@ANYBLOB="0100000000000000008000000700000014f7ffff0900000009000000af010000a2b9000001000000100000000800"])
r3 = syz_open_dev$dri(&(0x7f0000000000), 0x0, 0x0)
r4 = socket$nl_netfilter(0x10, 0x3, 0xc)
sendmsg$NFT_BATCH(r4, &(0x7f000000c2c0)={0x0, 0x0, &(0x7f0000000200)={&(0x7f00000003c0)=ANY=[@ANYBLOB="140000001000010000000000000000000000000a28000000000a0101000000005e1affd5020000000900010073797a300000000008000240000000032c000000030a01030000e6ff00000000020000000900010073797a30000000000900030073797a320000000014000000110001"], 0x7c}}, 0x0)
sendmsg$NFT_BATCH(r4, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000b00)={&(0x7f0000000440)=ANY=[@ANYBLOB="140000001000010000000000000000000a00000a6c000000060a0104000000000000000002000000400004803c0001800a0001006d617463680000002c00028014000300f4f03b0200000000030007116b61979e0c000100636c75737465720008000240000000000900010073"], 0x94}, 0x1, 0x0, 0x0, 0x4000000}, 0x0)
ioctl$DRM_IOCTL_MODE_CREATE_DUMB(r3, 0xc02064b2, &(0x7f0000000040)={0x7, 0x6576, 0x3})
socket$netlink(0x10, 0x3, 0x12)
lremovexattr(0x0, &(0x7f00000001c0)=@known='trusted.syz\x00')
write$FUSE_STATX(0xffffffffffffffff, &(0x7f0000000540)={0x130, 0x0, 0x0, {0x3, 0x6, 0x0, '\x00', {0x2000, 0x5, 0x7, 0xc07, 0x0, 0x0, 0xc000, '\x00', 0x1, 0x3ff, 0x0, 0x3, {0x0, 0x1}, {0x4, 0x800}, {0x961, 0x6a5ad1fb}, {0xfffffffffffffffe}, 0x80000000, 0xdc, 0x7e, 0xa}}}, 0x130)
sendmsg$NL80211_CMD_CONNECT(r0, &(0x7f00000001c0)={0x0, 0x0, 0x0}, 0x0)
r5 = socket$nl_netfilter(0x10, 0x3, 0xc)
sendmsg$IPSET_CMD_CREATE(r5, &(0x7f0000000240)={0x0, 0x0, &(0x7f00000000c0)={&(0x7f0000000480)=ANY=[@ANYBLOB="4c00000002060108000034e4000000000000000805000400030000000900020073797a3100000000050005000200000014000300686173683a69702c706f72742c6970000500010007"], 0x4c}, 0x1, 0x0, 0x0, 0x20044095}, 0x8042)
r6 = socket$nl_netfilter(0x10, 0x3, 0xc)
sendmsg$IPSET_CMD_LIST(r6, &(0x7f0000000140)={0x0, 0x0, &(0x7f0000000100)={&(0x7f00000000c0)={0x1c, 0x7, 0x6, 0x5, 0x0, 0x0, {0x1, 0x0, 0x2}, [@IPSET_ATTR_PROTOCOL={0x5}]}, 0x1c}, 0x1, 0x0, 0x0, 0x20004080}, 0x48810)
recvmsg(r6, &(0x7f000000c1c0)={0x0, 0x0, &(0x7f000000c080)=[{&(0x7f000000acc0)=""/4096, 0x1000}, {&(0x7f000000bec0)=""/27, 0x1b}], 0x2}, 0x20)
syz_80211_inject_frame(&(0x7f00000002c0)=@device_b, &(0x7f0000000300)=ANY=[], 0x2e)

6.551169237s ago: executing program 2 (id=3309):
r0 = socket$nl_generic(0x10, 0x3, 0x10)
r1 = syz_genetlink_get_family_id$nl80211(&(0x7f0000000040), 0xffffffffffffffff)
ioctl$sock_SIOCGIFINDEX_80211(r0, 0x8933, &(0x7f0000000080)={'wlan0\x00', <r2=>0x0})
sendmsg$NL80211_CMD_JOIN_MESH(r0, &(0x7f0000000180)={0x0, 0x0, &(0x7f00000001c0)={&(0x7f0000000200)={0x40, r1, 0x5, 0x0, 0x0, {{}, {@val={0x8, 0x3, r2}, @void}}, [@NL80211_ATTR_MESH_ID={0xa}, @chandef_params=[@NL80211_ATTR_WIPHY_FREQ={0x8, 0x26, @random=0x985}], @chandef_params=[@NL80211_ATTR_WIPHY_EDMG_CHANNELS={0x5, 0x118, 0x2c}], @NL80211_ATTR_DTIM_PERIOD={0x8, 0xd, 0x6150}]}, 0x40}}, 0x0)
r3 = socket$alg(0x26, 0x5, 0x0)
bind$alg(r3, &(0x7f0000000000)={0x26, 'aead\x00', 0x0, 0x0, 'aegis128-generic\x00'}, 0x58)
setsockopt$ALG_SET_KEY(r3, 0x117, 0x1, 0x0, 0x0)
r4 = socket$inet_sctp(0x2, 0x5, 0x84)
getsockopt$inet_sctp_SCTP_GET_ASSOC_ID_LIST(r4, 0x84, 0x1d, &(0x7f0000000000)={0x1, [0x0]}, &(0x7f0000000040)=0x8)
sendto$inet6(0xffffffffffffffff, 0x0, 0x0, 0x200c8004, &(0x7f0000000280)={0xa, 0xe20, 0x0, @remote}, 0x1c)
r5 = openat$ttyS3(0xffffffffffffff9c, &(0x7f0000001200), 0x101101, 0x0)
ioctl$TCSBRKP(r5, 0x5425, 0xfffffffa)
syz_clone(0x11, 0x0, 0x0, 0x0, 0x0, 0x0)
ioctl$TCSBRKP(r5, 0x5425, 0x80000000)
setsockopt$inet6_udp_int(0xffffffffffffffff, 0x88, 0x1, &(0x7f0000000080), 0x4)
r6 = openat$binder_debug(0xffffff9c, &(0x7f0000000340)='/sys/kernel/debug/binder/state\x00', 0x0, 0x0)
bpf$PROG_LOAD(0x5, &(0x7f000000e000)={0x1, 0x1b, &(0x7f0000000380)=@raw=[@btf_id={0x18, 0x3, 0x3, 0x0, 0x1}, @snprintf={{}, {}, {0x7, 0x0, 0xb, 0x8, 0x0, 0x0, 0x3}, {}, {}, {}, {}, {}, {}, {0x18, 0x3, 0x2, 0x0, r6}}, @printk={@lld, {}, {}, {}, {}, {0x7, 0x0, 0xb, 0x3, 0x0, 0x0, 0x10001}}, @initr0={0x18, 0x0, 0x0, 0x0, 0x5, 0x0, 0x0, 0x0, 0x40}, @map_idx_val={0x18, 0x3, 0x6, 0x0, 0x5, 0x0, 0x0, 0x0, 0x4}], &(0x7f0000003ff6)='GPL\x00', 0x9, 0xc9, &(0x7f0000000080)=""/201, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x8, &(0x7f0000000000), 0x8, 0x10, &(0x7f0000000000)={0x0, 0x4, 0x0, 0xffffffff}, 0x10, 0x0, r6}, 0x94)
lseek(0xffffffffffffffff, 0x5, 0x3)

6.414772151s ago: executing program 4 (id=3310):
socketpair$unix(0x1, 0x3, 0x0, &(0x7f0000000200)={<r0=>0xffffffffffffffff, <r1=>0xffffffffffffffff})
openat(0xffffffffffffff9c, &(0x7f0000000040)='.\x00', 0x0, 0x0)
r2 = landlock_create_ruleset(&(0x7f00000002c0)={0x7f6e}, 0x18, 0x0)
landlock_restrict_self(r2, 0x0)
landlock_restrict_self(r2, 0x0)
link(&(0x7f0000000140)='.\x00', &(0x7f0000000180)='./file0\x00')
connect$unix(r0, &(0x7f000057eff8)=@file={0x0, './file0\x00'}, 0x6e)
sendmmsg$unix(r1, &(0x7f00000bd000), 0x318, 0x0)
recvmmsg(r0, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
sched_setattr(0x0, &(0x7f0000000280)={0x38, 0x3, 0x8, 0x8001, 0x0, 0xb, 0x8000000000000000, 0x6, 0xfa11, 0xffffffff}, 0x0)
madvise(&(0x7f0000a93000/0x4000)=nil, 0x4000, 0x80000000e)
r3 = openat$urandom(0xffffffffffffff9c, &(0x7f0000000000), 0x103902, 0x0)
writev(r3, &(0x7f0000000380)=[{&(0x7f00000004c0)="ea70918135eaab3a884242c9d1d25114aa96787c02826ef6ca3afcb0b9dcdf64e03e2d393b8f9ce9a5e0ad21c8e307f9e4bb018c5b22023f073f9fbe1508819dd448be8d9873aa90426f3cf4c187d10215395e8a7807e5893b0bd80f4ff745fe7f9c316d18f69265662694261c0b194ef861", 0x72}], 0x1)
r4 = socket(0x840000000002, 0x3, 0x100)
connect$inet(r4, &(0x7f0000000000)={0x2, 0x1, @dev}, 0x10)
sendmmsg$inet(r4, &(0x7f0000005240), 0x4000095, 0x0)
setsockopt$inet_mreqsrc(r4, 0x0, 0x25, 0x0, 0x0)
syz_open_dev$sndpcmc(0x0, 0x0, 0x42c001)
syz_open_procfs(0xffffffffffffffff, 0x0)
r5 = syz_open_procfs(0x0, &(0x7f0000000080)='net/snmp6\x00')
read$FUSE(0xffffffffffffffff, &(0x7f0000002280)={0x2020}, 0xfffffffffffffd63)
pread64(r5, &(0x7f0000000100)=""/253, 0xfd, 0xadc)
mount_setattr(0xffffffffffffffff, 0x0, 0x0, &(0x7f0000000080)={0xb, 0x0, 0x40000}, 0x20)
r6 = syz_open_dev$usbfs(&(0x7f0000000240), 0xb, 0x101301)
ioctl$USBDEVFS_IOCTL(r6, 0x80045505, &(0x7f0000000040)=@usbdevfs_connect)
r7 = openat$adsp1(0xffffffffffffff9c, &(0x7f0000000040), 0xa0201, 0x0)
ioctl$SNDCTL_DSP_GETBLKSIZE(r7, 0xc0045004, &(0x7f00000000c0))
ioctl$USBDEVFS_SETCONFIGURATION(r6, 0x80045505, &(0x7f0000000000)=0x1)
close_range(0xffffffffffffffff, 0xffffffffffffffff, 0x2)

5.941383983s ago: executing program 1 (id=3313):
r0 = eventfd2(0x0, 0x80801)
readv(r0, &(0x7f00000005c0)=[{&(0x7f0000000340)=""/134, 0x86}], 0x1)
syz_usb_connect(0x5, 0x24, &(0x7f0000000400)=ANY=[@ANYBLOB="120110010928fc10ac059102254301020301090212000100004000090484000003e10200f5b0da7f0000000000000043fc76dcb62f05c053b268c2ed3aa401e01e11d00e7541d7bbde"], 0x0)
r1 = openat$tun(0xffffffffffffff9c, &(0x7f0000000000), 0x40241, 0x0)
ioctl$TUNSETIFF(r1, 0x400454ca, &(0x7f0000000200)={'syzkaller1\x00', 0xc201})
r2 = socket$kcm(0x2, 0x3, 0x2)
ioctl$SIOCSIFHWADDR(r2, 0x8914, &(0x7f0000000040)={'syzkaller1\x00', @broadcast})
bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, 0x0, 0x0)
openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000200)='blkio.bfq.io_service_bytes_recursive\x00', 0x275a, 0x0)
r3 = syz_open_dev$loop(&(0x7f0000000280), 0xffff, 0x14f600)
seccomp$SECCOMP_SET_MODE_FILTER_LISTENER(0x1, 0x8, &(0x7f0000000240)={0x3, &(0x7f0000000200)=[{0x15, 0x0, 0xfc, 0xb7a}, {0x2c, 0xe, 0x0, 0x3}, {0x6, 0x0, 0x8, 0x7ffffcb9}]})
r4 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000200)='cpuacct.stat\x00', 0x275a, 0x0)
write$binfmt_misc(r4, &(0x7f0000000040), 0xe09)
ioctl$LOOP_CONFIGURE(r3, 0x4c0a, &(0x7f00000002c0)={r4, 0x0, {0x2a00, 0x80010000, 0x0, 0x2, 0x0, 0x0, 0x0, 0x9, 0x1c, "fee8a2ab78fc979fd1e00d96072000001ea89de2b7fb0000e60080b8785d96000100", "2809e8dbe108598948224ad54afac11d875397bdb22d0000b420a1a93c5240f45f819e01177d3d458dd4992861ac00000000170000000400", "f4bd000000801900", [0x100000000, 0x8000000000000000]}})
r5 = socket$packet(0x11, 0x3, 0x300)
setsockopt$packet_int(r5, 0x107, 0xa, &(0x7f0000000080)=0x1, 0x4)
setsockopt$packet_rx_ring(r5, 0x107, 0x5, &(0x7f0000000140)=@req3={0x1000, 0x3a, 0x1000, 0x3a, 0x800, 0x2, 0x4}, 0x1c)
write$tun(r1, &(0x7f0000000280)={@val={0x8, 0x800}, @val={0x3, 0x0, 0x0, 0x0, 0x14}, @ipv4=@generic={{0x5, 0x4, 0x1, 0x2b, 0x16, 0x65, 0x0, 0x60, 0x2, 0x0, @initdev={0xac, 0x1e, 0x0, 0x0}, @broadcast}, "7bbd"}}, 0x24)
openat$mice(0xffffffffffffff9c, &(0x7f0000000040), 0x80082)
r6 = socket$inet_sctp(0x2, 0x5, 0x84)
r7 = openat$vimc1(0xffffffffffffff9c, &(0x7f0000000180), 0x2, 0x0)
ioctl$VIDIOC_SUBSCRIBE_EVENT(r7, 0x4020565a, &(0x7f00000000c0)={0x2, 0x8})
ioctl$VIDIOC_SUBSCRIBE_EVENT(r7, 0x4020565a, &(0x7f0000000040)={0x2, 0xe, 0x5})
close_range(r6, 0xffffffffffffffff, 0x0)
r8 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000180), 0x2, 0x0)
r9 = ioctl$KVM_CREATE_VM(r8, 0xae01, 0x0)
r10 = ioctl$KVM_CREATE_VCPU(r9, 0xae41, 0x1)
ioctl$KVM_SET_MSRS(r10, 0x4008ae89, &(0x7f0000000100)={0x1, 0x0, [{0x40000010, 0x0, 0xffffffffffffffff}]})
r11 = socket$nl_route(0x10, 0x3, 0x0)
sendmsg$nl_route(r11, &(0x7f0000000100)={0x0, 0x0, &(0x7f00000000c0)={&(0x7f00000001c0)=ANY=[@ANYBLOB="1c0000006800e9780000000006000000dde5902af6a9e0650eddff290a0003000000000004009793"], 0x1c}}, 0x0)

5.230672776s ago: executing program 4 (id=3314):
r0 = memfd_secret(0x0)
mmap(&(0x7f0000000000/0x3000)=nil, 0x3000, 0xa, 0x11, r0, 0x0) (async, rerun: 32)
ftruncate(r0, 0x51a9497) (async, rerun: 32)
mknodat$null(0xffffffffffffff9c, &(0x7f0000000180)='./file0\x00', 0x0, 0x103)
r1 = openat$fuse(0xffffffffffffff9c, &(0x7f0000000280), 0x2, 0x0)
mount$fuse(0x0, &(0x7f0000000100)='./file0\x00', &(0x7f0000000140), 0x0, &(0x7f0000002280)=ANY=[@ANYBLOB='fd=', @ANYRESHEX=r1, @ANYBLOB=',rootmode=00000000000000000020000,user_id=', @ANYRESDEC=0x0, @ANYBLOB=',group_id=', @ANYRESDEC=0x0]) (async)
statx(0xffffffffffffff9c, &(0x7f00000001c0)='./file0\x00', 0x2000, 0x800, 0x0)
read$FUSE(r1, &(0x7f0000008340)={0x2020}, 0x2020)
syz_fuse_handle_req(r1, &(0x7f0000004300)="00e7a0633e8438bafa888b9b02144af32e296a0a01dc194d649b6fa26d6d5e63bac4a04baeeb8aacb22c6eec461b67db6a737737c6d2687acb00572f92e3fdb5d0cb2f11121c557a943020200755bcab77b39c406b733239e2bb1175b9322ba39dc7d67da8f77aed1714dae2e6c24c3ea96be9d151c6ab7b3c54bbe507b8b2461fb4be8dc90042184af6d48f8ace16abb5e3fc943cf61cdb75624a259bdb5f7829b9775820f85f2d1a6ee6c6c2af4fd41ab8a41ecb2612abf13cd2c6f9f3e6db505e4bbe68cc000cf5fa6d5636191a4b366ab59af52132a3f9678d4ed1bd577bacffb3b52850804005eebf3dfa4763168ff30490a11acdbbf4c3312a45f30139f6b72b1e7cdec185006bb30e0e8fa88da2cefc718cae7e9830f7ca101e4e23c6bd16bfacf4a9927fb13af4b79c86ab999beda4ad396abdda354a42fb4ef21d6749175dc21a0cf9191aa4f90d274b50370a580ad8dcd166d2b06c0d8b071973c3fde30f7e2bc371a51ca5866bf8b24eaac75bf482dd4436b214ff62d32e20df223b0b680ede28b3a49e66e330a8a3ecace0db9855d235d5ff23765e742d1a739c2ac8743f4c62664a3b347279da55a1a5b16e1e2828b584a013577d50f890e3894d9e8d6bfccdfb2b70221f12a7fac24b7a8818edce72b65f622c77bf1312771a2c0d805ec9a25c536c91868762032255be78903b77b2c1a773a03996fabba69214e76f5df6df0375b592692a2c3c86c75a3be56fe598ddaea0b9901d20db7e43e128e04e5509283f833c24c625887288459db5727210ba9a301fb8c934dd1d8dca68039fe5b2e1a8d7cdfc6d875e5851098100c3cd42544ed90bb55b58d20a501fabbc485d148c615a3b070fa0520da2ed68ee115a4411d5418b47f3d95616096f67a7a36d68f1e8df82eca8ef96fb4a96b3422fe046a37ea5f5967513a559bd770fecab7228b0692f439765c9e9c6ea4fc608e0b27f9b49064dd2f9ac06f83f6d87ebc61fa3a29bb5ed39641245ce8cf43770df32a84838802b0827ca5a40e2003915e2ed108a005637bb028d29bd2cfd28a1bd55e67ed1b6b7b72163c27c4b0e36d1b134d6dfdb165a66fb46498fc04bb8053b84098af5b18758631d1318d625a6fa4d3ce5a4d3a90e10c6363a26b5ae96c2d56f87ad21a6118af6847d041f88f852ddc3f250c088ef5cb31198f3ac81cff9a5bab26ed56c09f8416188974e08349f7da28fc754b98c1ac4ea0060ac1e1b1c49f7dbadbc59254b265dc418cab9ac14e2bbecc4c3103543e37984efb1f61315e10d2b422732217d3a9b0cfe4561f3765d3bda60be239e02bdc164dd631582e8c87dd8fa60d63dcf9e7f3dadc4ce5e4433a42425b8ee8cb8a2defab0bf9b6109c90b5655b79b18c06884f2670a985d454e08e54de69f645cb0cbb70620bd988ee717c310ae77b4abe81c01c6e7f47268ee20bc30b9062830917705682eba2c5ef966b877f33294aa5f8b29d3dd5ed92302087f34fa18d19a005de05f925e3e93c8c0f24507ff20cd23d9ae5452c32ff58c78ccdb1ab32c98edfaa6d2c3971934ca8f849ac360c286566eb72b0793f12cef84bd282368d533247ee750f18aeda484167f3d680e4aaa3aa0694441d4ff6a71531f1a30f87eeb71afd04c5d686e1f86f27586f4e2c8ff77c09612ba1af9b3fb93efd31af42f8e0498f35d07c662b743a08f2839cad8f95b90cbb4fc0ed2ca45dd093a549cde4c6ff08ce09a2cbc6f9f78b6f96643357f92f8f403202742057731fd3e343a87c0affe803cfdbddb8c2694ab63f2dc35da705624747e30a943000fc82c40f10e1975d2e2ec15aefd531b6dbc053606b054dc976f44d5b5a5f37e9c08532ce16cf8bca55ab6c814ceb855ab50b8b52620f8645a9dc25fcb7320f39c3ebb235b4d96da527b64ec4b72f69e91d16a4efcaf76f2e1f968ca68a06f60b01ec7becc9ffd7877c0992cb0f80fb3daabc039513896bd7697843be06aba53e7761e11e075c61ef2d897d4d9f90041c14283746feeb3f0d456ba4be27843350fe43e7c1110b4439489139f6dae01c43f23ec71f08d3042663c65e059d368e4e2c6e49de45bf078d3182a1bc1208bc59379e705aa3309579947409f2a8b3d79099c8619f916e7a6fa333d2312a274247156b8c25cbcfcc59ef13339c700f56a8691dff39bd4338789001872c0d90929037dc0ad99b380a6ba73f331f73f9274f4c2bf5233d7482edf37bf6ffed4f2c0ee44a1d57cae0d644f25591dc03bf837571a82d0c31b61be7ff85a5b3843e8f96a50eaa43f5c137ecfc4e4530d08a2afa4ba02fcc50117a4ad0d5862302017639344c82749f673dbd650e49b35302d0acbab45c0973198291bb42b4cfcd3b0c252074341ea8eca19e122cd234da6d41bf5eedb706e16c17687ed8b84db67130796d26b94eac83bbcd785b603242bd6252c155711efd7dd22cc54e1eaf6d910d0f22c701f3d4da0314dd2829c6ee13bbcbd126558b47b8066bf0766c792a012315bd29bfeda8f28a2c1f4e638b701758e19a0e5bd5b4f19048b00a877d956292e345f8a3a8367892f955bcb5e50ca145ec5e2c9309e25941bd277e393aaad38f9b72a42514b27da6856223c37a1fc1327fa760551d3fdeb0b222ab180b16c9eea138cf4f327e88fdfee293c5b6b007028eb796a60772148282dcd17ffc1c90ed8b6540ede933545ed5a5301d6ff39734444ff3d85cda4ac3befa5083a4685e9e231eba4a91a35f4f7f48fd5ac2447c64c010e2a9f8e80691c95460e1995444466ec5f3cd71fe509a26ff0b7f3254bc8c3255e903834e841b37c70b267fb33deb0d1ed4ea84a869453ba508fc255b12cf847103d5195046c930ae4a75c956f22fcfe4186d547686b54bd7a534940d5d62216994eac0e8ed3bd2bd59354e6b9c6b5b10511d54a8b928040f1e13c4a423b0cf519fc6e9673df5c48c0778c7edb8fa8d8ace77463a77d2d6313160e1ee72742953e433b670400d59c93464fd91520847db238610ed0c289fc55647881a7d6257cf28090c75a6f19df079cfd35742a74a5ab270314f7c8039c20ff0f3f543d029b75a741b5dc6425241ac2ffabf1f96288e6d4ba34da09fb6049c2c8753fbd41fdb4bc68c57bf374ef4feb0df00c41319debb26afba2ff39e1799a1c2137f4e920ee5b02d93789b6b0c853e8143dae5b08ee85da2ea7c31803610ce797293ea95c16ade6dae2afb008e59d8b9505737f008b5227df5f1e4eb5d707f502698a17ead9b1f5ec09dff34248ff2fb153dc6df4812e39754a4baa42e1d8b77fbddef3ca091701ac28ae5fd422dbd8db5b122d3965383abc37a52d2fca5ce56eba974dba3d059cefe40e3c35c9daa8ae31198214303c1dcb90d58fc983ccfd504fa43925636f94b128d44e8aa5cd3ecfabd50a84062d03f7508a0575ab65ecc749d3ef566fdbc529a8139b7a7fb3a9bd784df52cddc6f2699044ba47615163fbbe19f3d88d38a8b71fe52b2611ca74341429d1cef1a7e350545be29d2caa560e60352cab074c298c44ca2c07f9795ce52f10aa3e2fcdef371f24e3f2b09e52218881f25a4674527edbe3b3bd0b9b536d810c6f9500c0c81bcfd9a440dd91c1d35c52758d2b2ae1a8497bb394c4f09d3947cf777727b0d1daf5ac4fe4fa3c247a791702cb84b96321b7fec81bf549d4eb5d6dafe019b26187417c68b064e4308908535a3e77b6cd3e28caaf12d726f15590b7958e40134d045a38cbb689131a7e85532f1c63dd4bac9e4d00645cd7b2b71704563f3738b92044a8153f6ba717800ab7cb238175c376d7add2c5ec38e4c856f1ab9c3ee33f6ca6d576ae908dd290e4bae23470182e253765e04e8eb02a791c4396a511ef467879a9e2818b8a4b1b0b39a6c44e816e3ebf6e3be93929dfcb38d5dad7d20b60215447674d0608b8b02331ac20e57083cb9b4449fecbb149441aea0ad82f00a82d87d743fc80d410922bc20923516885440f43c9f32beb81ce148def6140952583a7825c2d2fe012d52d30ef66d32a8a0864ac5c1737e2506228d41ff0515ee80be4cf012927dde0fd2a07cac68eff8c4437f2844d4df07936fd8753e5909f962c5c767f8719cc295bdfa8a16f3f36ff56e34d7b14b6b8c46d5af248b04a9c5396f84990e23d145670950bce5f5638e5e2cea37c371a4483729338f1305cbb32fa1c05dd9d21d2a69e5fa3abe9a2dad2237be20b4088393c04aa66cf13718de4bffac72f641a8c017a1d5568fa15a6a06e4dc833874ec95af6f115bdadf15179bfc8c4e3e64f26f1299e282c4ab397340934efc1e601afc630fe195e8ae7d8da1310568cab4f2fad085d0ec39710d8b7c812b3fd55c6f50925bcfc90fbcb35b8daa0f1e1f69d82fae2034039f7ad6921694ed48a55a68bc541e6d86f1e33c261a92d48b50eb58a03d8e31b2f6564a4ddc3ee988d0dc47b4b610a9a9dcb87571b5c1edb3362df0ec3d58872157e0f7247dfa8100b4478b705702a5620c9201010f40232327550db333e845dbecd6aadbd0a94c064862b1100b6dd45ece811b8c0275e3753e11b4bcd8bc5ed7668e72afa5bc5cc17b4c313273755f532ecfdefdf2d5c47999453a3b7c158d98332f0bd3a820cfb2c8c3bcd43197e7395a032cec6e41662079f2f654965aebc393e22b5c8516d9b8ad01e33ee481a4ac46a2df304dadeaa9e5274d340aaebe14dcea315fe1279f1a41a5c7aa8c94bf4b3d48757503171f53488e01210145e62c0de7c39737848dbdb1b207d4d33b8de180b020e8a76b1b521905e5e3ce97292f8558fb68efdee774681bfffcf1dc3eef35f660dd1659a32950de2d50e762313beee330d9c2a9fe8ce5e4e61ddd86378d3551335f6ef62053d3b248a8c33a11abdf3f3aa1975a15f4a6957a13d5b12a44d0f2b52b9a2d996e98c630c0f2abca80c7ae89efcf81ae284a0d19582cb1319d207077e5657d245533181ed6e07e0f7647123fc46c37bd75b4f4d181112b4a08acdcf445332cb9dde69a0923dd9244dd2ecd818b19588939922e3b2d8dd9d9fed95fa55b0e4564b38aca2c4d24eebc634664400177fbdeaeb278bb1d8eb11baf4be5c87d4f8d9a855bfa75df4c51fb4eec87a27c59df9a47d82523b08022a1c0fb22ff6f93c3d2cc22a4111a6ec5be428cba33617be65739c2240248f3a02d01ddf2d6aca9e537a2296b16d082d2b868504371dd5e41898885b03ebfaca73b40e8924ece83c1c80de6ce14943e1199c6f81bf359f44c3ed5ae3c6eacb730b1039f0b6555347bd566dfff45a7a2176420ab2b40916a73b66a3ad07af6e1ac5597393d203fafed34d4564af956b0a3e2997e27a4e5eff67dd89cce8875d995e00c1858234f149f6ad4cac2b8056966f726df57b8c4ee8f22f23097ba1471b1f1036e3a499400fccdb75b56eb13e9eca1407d5bff4b075b06d00fcbfcafc28431eb33156232e73c6577e3eca437330c494ede57b9609e1f40634918dea767338b5542197410cdc000143ace89ca0b7bf645b3267f74767d7c7fce05d2f59c137204e56bfa711f66903c511f681cf7a1b4f9fc0f42b7c438ff8957e1059375321df5b0c5c884f46d94c21686e1300582d34928bc398653118f79bfeea2e7cfbbf31a7718f4aab50fae57db94203d43e060365c9a7455241be03d82dffc3783d0f6aa170c0866eb0dad07485831526922d8348a7a16e2e9903a2ac93c58c6dce83127fab17703ec004a519ae5675baffb31bf4b52f9ca992a84017a44d68dc693abd829947342f277fdcbc87168bcc03c32b8b1e81a1915af2517c464af07d52b79d1b0e53164c82ba049f81e92ed1dc20a88fd72e9ce7aa4b22a7cc57dc5527d14f62bc29cfc9d57ed26fd523cac39ac00ba12d3a49d694709924275fc0793d56acf9558818dc9eb210749fa5307d45886b879257d627cee0542b51c2ce6ce134100efb47c92456ece5b73cdc051f570810a8d534222649eb56cf73a377162b753de6c282bcd4a25dda21dd10901bd8dfe8fd4ba8a70811c39707beded23dd60f23e2933372e3a6bce099899b07f0a4c4956fd98e956a8649622c77717de099463c0c6c9389ab4a1ae10f8ddd086d876af2943ee0b6b402ae5f89e09922e8c510ec0caa0a83e366e916400bfec88a52ab457037a35ddc6a8e2289c33684a5915c37bf5d227cbc65a737b52bdcb4fbbb7b4e7f965db116b46044d0870846c730dce12e120b1fe6dd5798ced24cad72c59a3f44de4978b8bc05a1dbeb766be6e2abf6ef46c67a58a370e54e92d89e5f44525e82b94a388d8d0cb20c3469a258c1633c9dddb6854aee255f93f59435ff317622f6899250aa185c207644275278580c5d32401741fe264a2e03b80f442ed58fd0704ebac923ac6a5abb7f0c695252f82e3fbcf2b99d721589a8fe3fad4d5926aee3d7bfafb6739e525faae3d25b12841fa2cc61dddc44d36acb9a8b72d60ecdd9c8cf04f9bac341b5e0f9bc59042db8126324888b07afe72b18cce36d61eec975b6b4ef5dc4a16ac14440cf770599bd4db630bd110eb63a03a80cd95c16d314a4de60cc5115bf0754cb7ab84a827ecefafa96069c721a5979f227fdc2467b4cd1975dafb5b28e1d6f3c1c3a2816ad831dd98c1378a03798c128f176426eaa0e361571e758d54bf4ec2c988355f016e16d6cd5cf97bb4891ab33f5623b7e796af313cc7a9e2f9510cd2bead1ea5dd080d9de1f595b2629ebccf69a0feaed3963ae8a6c89edd66fbf6e566379898185828925f8669668d6bddff961b08aaedbbe7fc196931a887ec740da6bcdab8f826a34aa2aa1e406a258558f3baf022a64222df4d6ee8726c79ba3dd6e11a19e4b4bb49b4a8cd99c189e6392f08ad731e415b65d0ccb919dca46efe9f79e21437111ab09e926d3038182044ae047bf1cc92e2d2644c528985719667a1a8abaf65d0f211172ea789b2fa016e1a88325d1ed706239da4dbb9e2079e3598b4ae5885667587ba1e0921c9ba55d7a3be4c47bc2f2f3547ce9efe32e5a22855f761bd4cbe1cd9337eda4bd7d82a918084d7e116b656104ca87e64b1b8c62323c3c296c5b5b98051feb607b872edf9f789744aff710c4b7279711182bcac6b76c05f5cd982f52f451e7e29046550e012e01d8cdd3e305427030f4247488c9136303084c12175c5c781cdd08aede5a356ea0ccdd05a460be3c7b4bfd62c3ce9ab68e285a36c1546d0b18edad71f69f5bedb340772e1bbb035514b085067259e39f59dc292a12557350c66904b253efee29a5eb7a6920f583c899dc46a1d3e2af2db3a3d1a0e8d1f98722a16c6cc1e401058d60c8c436d8f1166ba53bdde5810f9d0288528affd486c266546a864c92af3df8abd451cc1e0d6bfea534865cea9d49b3ea5e390fa823118df8a61e31022f5fbb8ceee870bf2e60890263c4d14e24d053d0fddf665ff80a66fa00a5957f8a30fe82a4b82cf2f6b4d49def98f66bfcdaa0aef13314e950ca9f3849b1edf3b82eaf74a0dbcf45c3dba9bd2d853281a78484f1efaf4150da1207ec3cb61fbcbf759f8182b7052b28d7164b73197b0a440759fe9d5ddf827f1897a174e82fb968a9a07c61bee44bc1f7f9ee5c6de04c02d57735c5fab741b36aec7c8642e540ba932a08b8e8a9d3eb066a4ee7cbf22e5abbd4346de59eca1f24ad9f7f9ff7621e5f30dd08f4cddda8e80e496908109f5212a72bab1378d1237def07bdda4178719975346c68405de15153031fb17535894e5e3c1de6fdd507333f0226b78ba7cae509cfb48d6735ede9392650bf85ac1db919b1e9fe0a823119d8253204dbb2f7a8f524be6d419f3a45c5051a7a88ef0bd41586d90c11a894d647f03895f671a6e19f1c70e32668653aba8366a3d372522f49844081a9637db080663ab02f4a8af502955d5411461b62f85308c91852f8fb9f0bdddd500b4a133791d3a2f91a82dc4b09f5ad2196a9172ab0cd3fafe7266e9f6d159110d99ca8da8a34b17be17a04ad4509a9fffab1e45e10f10e0cf9cfbd9c761ad044064c07e473fdc626289cfb88b13a11455c069b70aa02426d9119ac878a14c9483be9c0d5bcbb5fa76c8d06531f59c7cf7c26372e750e2f332418ca769e5e7fbeb3ada7bb58b573a0635e2e3ad9a53ddb809ea01086a3fa993ad57e89da6f9c5e61bd0f8ba69212a386b2aa1ae17520d7fb989dbe14021885eb50fa3048aebd42c861a09a308b660d382c0480ead8a52a1e14927c7c77957f94bb59ccfd557f8c4a7af23360a298a603d20ebc386db041d8c306b3e32b0bff541bdec5ff75c3b40950815cf9f89d48a382f67e44c409d046c01fb1262aca0df6f5238a3c3c09977261494f7361ba326815d6e23f49e4d6d4b54665081067332265fff59cf54af9da0db9d19bc611cbcb6e6f3f1e2e1ffb6cdd6253578d78d06a2ff5f9250f1994c5749e3ce49231fbd63bba28e948f9150933e3ae31299babaa41043b181a100882e613b4b4b8f49ceeb742d22f860853a9b917f5a323a8a1fb1f3363a7be4407fba44b408f259b5db79a055b92ce3d7a0649cc59f4afa2b1f69959d5c6f5eef1fa7987a47bee4491f685c52e9db1ee1a231ab5a4bae1019c97868a409dd0d57b32525394a233023c4a7ac429808bbcb57a34b41883202744c3bdebc0a637773273f19c2be6e806bef7fc1002846db762ee4e16867773808c5477987d5851d5b1641d070feabc203cb3d7943ffb206272fcac1bccb616352d85975f5a22c0f247548535ad9fb83fb2be17689453f10691143c060cd964df63c3c70e7b1cfc7e2b468015f327f9869353477bfeeed330b03ddd9e4e0a2441182244da283d7a59d2b2b20e6de3e3a47c26aeef4944c1190bba674523a6c3c4ed6bac53b9edffcb0e9fb19d8bf36949d03ef6a7e59eb903a00d9614f642d1932c766421906f5b177963c71e881453560e3ffcec792e8dc46b1832a8fcb2ab2268a9c1fb648d1c6fa1c8cbd50d5a2d8264fbc6c063e6daac5519d362da389dcd3d12c8039f991de91e728abf5bab95c3aef66dd8cc36c60e73cb10afb02eff6df20ff12c59b142b07fc48fe94612de80b8b958f78256fd7cf3c6f79a83867f3bb5f70da392957badadecefdf7b6e4ebd39ff945397c7d302ca0a5a3918d8abb893cd9cdd680916a50fe19699ff0476ad82e6ba46523f26ccc5eb65313c1df1077c8876d2b73bf86ba311862d12b0c557a92ef827197121512e87f817167d4b17c7e225a48b3f8fbbf4187438e0e9b78e905cdbeb72e80dfb37ec0104f5186b39b4ff34f0cdf4b74dc915acd3f98874cd6a67308d0ad9697121ac477550b1affe004f433705933f9647522be65cb5a7471120ec942aeb956f195be0c1783102cf7d842f2968222ae1a7fa6513f200d3fa85d71724956ed697f0673ee3b40a4d46ba4850439ec125b708ed52b52b9f72906477d520c90a9f5dd49a7a33a328137a183f439895532b78ae451a8c3db789bc862fbc37241d523027e1a008629c969380f6eb55f9cf3f0675bca6851f00df6aaf90de9f62d5c179945ef81d1073850301f97e379ea415d830e3f3751cf83e2dba541cb6cdd89e6b674f2c53e329e5f3dd418d534ada6469a5b3bca5b7cfbdfdd6df4abaf77d4520d0311e801145c91b52586a56086e663841b702f52cef9fff8cfb7b33dfa125688ba6b4fadd1dca8defaf4259ca85323b23d3bbb45933562c25af3e8d7bc6ad4a50ae974f8d207994b3bd74a6812ab6a40fcaf96bb4e17bd20d742b14c72226caef3e0f5c56c4930071e9f9a894f18650fbb785c6f707605c86b634c9722c8690cf3a954f68d7c2db3a257339ade67a41259f6f878dd0ab7876deffa77f6f00819282a8f4c4da84c6cf4f335cd0410770a2b1a1fbb3f85f4489eeceb78bbfddb2d1866c57b41f6ed179a0bc3750a486403d23473f2feef43ebc5af1018d9c20089e277d77fb9c34f425c8f8af4c49864b57572fa8c232e61ef37194251a1ddc2f73ffecd57e638751cb72bcb2c40d22540166ca1e8588f24b010c9fbd962e3a2c23a7e93f131df61b8703ce326ed80cc87912d3c6aaa27574bbe8d65bcaecd660c31cead132a44b1d0e4a53cacc0b82a263c4e7783944af0af08ea9e68e8e25ed9111cfef841f1b2fd24164f9097f70efe09b1109e5cb91fe68a2760381fd63a7fd422dd578a60661abc9ee3a5db1c2cde2fb21f2040f1ed3fc27b99e254256949d0560e8b98fa028fca50768caa951a87bf8969af498d50a9ee773c9caa7d9f7d8e1955506013f198cda316d79b177e59f233b98f727afd2494fc18642f0015adab756ea6742690c7d00f28655b915ce4eb8b3ba2e8559ba23e1ff1ccc9f79ae2df85f924459c56715dec78ef4592352eb1a850cd65ecd36e1a9121e888586b7b2fa84da920b8cf44480433e61ab076b10171c0537524bb170a4b99b0b0c437418a665b7ef909652b6483b20362e557c1480c2a2a0efa221fc59054a48122b52d38245f9bd026001635be5b155f5c766a59306fbde231fa72b4d74449a2fe8fb969496ee26af5881adaafb4189b439877ab8f78709cfd12c10ea576a010bfc137b7a4aae137ea3d29070ce3bc8dbe6655e967115ca3461ad9d28b9cf8af07441e68a54ec5e889846f3978f07ba51f7d5af5da78c5c675dc5d0c1a4a399ff4247203573a46fb903eaf7bc886e6cbd3126fa4a3fe3bb13bbdfea7da871f6563aa750f6ad7895b34b2809563dcf5ed30f1c60cef4138aa49d4f55e396534ed10cf4d857723a2b442f47d79de162c30ec6c4daf939b4c88649494e3682d1da81b4a5928d8e18a16c46700500000000000000cb484e28e9d5af89c44b6e563d125ec97c0155410527406d94b90bc9576a662db99da1cb82b04d610d02187ce08f22ea0e8fd31919d53fa6aaf980e31ca7f8610e695a41919c24136a8406c62d5f15fca365892a2b54ece17664b5247583ad60d863f283f3c288946139575dcaedc978762e85f534e56334ef0221c34ffae054ddf79339b8f08701e9699b11041df8f518dd33203363c8098fbefb01555bcc2542422777b38d8dff11b15aadb0c251ce2c5b32f8735b3cb784f2e5731b48feb5a0e791a1106abdea0f7d1f087737cbe7fdf523fa14c9be2a2987511004c5b7ac1814ef6961db16799698242452c469a07c30e4a1f73193c74a41bdd88aef50035e4648bc9dfa276951798420a45e4085932bdb9381af3cc4678bd962af616549e4020d2c9fd25e2117a6d8934fde2218273d7833d60ea492e251417a27e7fb32012a940a6b6487af4b64958bf05f1b1107732149d227eeda5ca5a43cf583dc297d66072a1acd75e93a7caefd36a0d581e21d5cb08654c4ecef46ebac5391546e0b7d2a6418548d8f816446bcf237f676e873e6bae9107234abe5ab24c53ea472ad10653cef068fd9f4e729fc0d526e489f8df13af5575f1e70e0ec22899728b0659d70fc2dd509d9df3ec170638f89e540f4d3f02aa9b1b1819f84da596e0d7b45a5818061728f8eeccd2bea0f460dd7e18cb95f2364c50e351f0690e184eb63ebbb14a0b4b2117e44f3b2b300", 0x2000, &(0x7f0000000b40)={0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, &(0x7f00000002c0)={0x130, 0x0, 0x7, {0x0, 0x0, 0x0, '\x00', {0x1, 0x0, 0x7eff, 0x806, 0x0, 0x0, 0x2000, '\x00', 0x40000000000007, 0x81, 0x4, 0x1, {0x8, 0x4}, {0x4000000000005, 0x10d}, {0x1, 0x3af5}, {0x1000005, 0x2}, 0x2, 0xa, 0x13ff, 0x6}}}}) (async)
read$FUSE(r1, &(0x7f0000006300)={0x2020, 0x0, <r2=>0x0}, 0x2020)
write$FUSE_INIT(r0, &(0x7f0000001200)={0x50, 0x783df250c8bc2e90, r2, {0x7, 0x29, 0x0, 0x40411000, 0x0, 0x2, 0x1, 0x0, 0x0, 0x0, 0x20}}, 0x50) (async)
r3 = syz_io_uring_setup(0x247a, &(0x7f0000000080)={0x0, 0x3, 0x10100, 0x2}, &(0x7f0000000540)=<r4=>0x0, &(0x7f00000001c0)=<r5=>0x0)
syz_io_uring_submit(r4, r5, &(0x7f0000000240)=@IORING_OP_LINKAT={0x27, 0x0, 0x0, 0xffffffffffffffff, 0x0, &(0x7f0000020240)='./file1\x00'})
io_uring_enter(r3, 0x2d3e, 0x0, 0x0, 0x0, 0x0) (async)
ioctl$KVM_X86_SET_MSR_FILTER(0xffffffffffffffff, 0x4188aec6, &(0x7f0000002cc0)={0x1, [{0x0, 0x10, 0x6, &(0x7f0000000640)='ze'}, {0x0, 0x0, 0x41ff7484, 0x0}, {0x2, 0x0, 0x100d5ba, 0x0}, {0x2, 0x0, 0x4, 0x0}, {0x0, 0x0, 0x9, 0x0}, {0x2, 0x0, 0x3, 0x0}, {0x2, 0x0, 0xa2d, 0x0}, {0x0, 0x0, 0x1, 0x0}, {0x1, 0x0, 0xf3f, 0x0}, {0x4, 0x0, 0x1000, 0x0}, {0x3, 0x0, 0x8, 0x0}, {0x3, 0x0, 0x1000, 0x0}, {0x0, 0x0, 0x9, 0x0}, {0x0, 0x0, 0x1545, 0x0}, {0x2, 0x0, 0x3, 0x0}, {0x1, 0x0, 0x40005, 0x0}]})
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0xffffe000) (async)
r6 = seccomp$SECCOMP_SET_MODE_FILTER_LISTENER(0x1, 0x0, &(0x7f0000000000)={0x1, &(0x7f0000000100)=[{0x6, 0x72, 0x0, 0x7fff0000}]})
close_range(r6, 0xffffffffffffffff, 0x0)
r7 = openat$panthor(0xffffff9c, &(0x7f0000000080), 0x2, 0x0)
ioctl$DRM_IOCTL_MODE_CREATEPROPBLOB(r7, 0xc01064bd, &(0x7f00000001c0)={&(0x7f0000000400)="bbf290502dc21ed319c3fe851bfd25f54a32486d1ea22099ff30649176d2822cde5f13812e319a839e530bdaf22d2fe59fb1050b4118a27abec6a120dcf2b5c04ccc4e0c9c91f1a018a6a7bb98424e8162ab2c0d6e44479036900dae4d648dd2e879f96ce789001406ecc56ad487714540bc91b46b4435472171709f129eb8c40edabc63afee9cfc1c015ee5c1426ad84466f3ea47e126fcfced274e20db544d2594d831b913a1674664aa688d2e5a22ed67abdd5123b65bd6093872ae4b90989cdac21c5ee2b26237ea22ab78e6848e0678b29f948c469af93aad254c49cebb2ab7aab09f7683a732b05d0bce2a2fe2eafbeb0758fbc04c58cd", 0xfa, <r8=>0x0})
ioctl$DRM_IOCTL_MODE_DESTROYPROPBLOB(r7, 0xc00464be, &(0x7f0000000200)={r8}) (async)
r9 = socket(0x10, 0x3, 0x0)
setsockopt$netlink_NETLINK_TX_RING(r9, 0x10e, 0xc, &(0x7f0000000000)={0xfffffffb}, 0x10) (async, rerun: 32)
r10 = syz_clone(0x24308000, 0x0, 0x0, 0x0, 0x0, 0x0) (rerun: 32)
syz_pidfd_open(r10, 0x0) (async, rerun: 32)
fcntl$setown(r6, 0x8, r10) (rerun: 32)
ioctl$UFFDIO_UNREGISTER(r0, 0x8010aa01, &(0x7f0000000240)={&(0x7f00006e7000/0x1000)=nil, 0x1000}) (async, rerun: 64)
sendmsg$nl_route(r9, &(0x7f0000000040)={0x0, 0x0, &(0x7f0000000280)={&(0x7f00000002c0)=ANY=[@ANYRES64=0x0], 0x28}, 0x1, 0x0, 0x0, 0x4040010}, 0x0) (rerun: 64)

5.140794896s ago: executing program 2 (id=3315):
syz_usb_connect(0x0, 0x24, &(0x7f00000001c0)=ANY=[@ANYBLOB="1201000013906c08e90f01db9be9010203010902120001000000000904"], 0x0)
write$FUSE_BMAP(0xffffffffffffffff, 0x0, 0x0)
sendmmsg$inet(0xffffffffffffffff, 0x0, 0x0, 0xf5)
r0 = syz_open_dev$I2C(0x0, 0x1, 0x2003)
ioctl$I2C_RDWR(r0, 0x707, &(0x7f0000000a40)={&(0x7f00000000c0)=[{0x1e, 0x6000, 0x0, 0x0}, {0x6, 0x4001, 0x0, 0x0}], 0x2})

5.08137651s ago: executing program 3 (id=3316):
r0 = socket$packet(0x11, 0x3, 0x300)
ioctl$sock_SIOCGIFINDEX(r0, 0x8933, &(0x7f0000001800)={'veth1_virt_wifi\x00', <r1=>0x0})
setsockopt$packet_int(r0, 0x107, 0x14, &(0x7f0000000180)=0x2, 0x4)
setsockopt$packet_int(r0, 0x107, 0xf, &(0x7f0000000000)=0x3da, 0x4)
sendto$packet(r0, &(0x7f00000000c0)="3f03fe7f0302140006001e0089e9aaa911d7c2290f0086dd1327c9167c643c4a1b788061", 0x24, 0x0, &(0x7f0000000540)={0xc9, 0x0, r1, 0x1, 0x0, 0x6, @multicast}, 0x14)

4.908625698s ago: executing program 3 (id=3317):
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
socketpair$unix(0x1, 0x3, 0x0, &(0x7f0000000080)) (async)
socketpair$unix(0x1, 0x3, 0x0, &(0x7f0000000080)={<r0=>0xffffffffffffffff, <r1=>0xffffffffffffffff})
connect$unix(r0, &(0x7f000057eff8)=@abs, 0x6e)
sendmmsg$unix(r1, &(0x7f00000bd000), 0x318, 0x0) (async)
sendmmsg$unix(r1, &(0x7f00000bd000), 0x318, 0x0)
recvmmsg(r0, &(0x7f00000000c0), 0x10106, 0x2, 0x0) (async)
recvmmsg(r0, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
syz_open_dev$dri(0x0, 0xd21, 0x4000)
r2 = openat$kvm(0xffffff9c, &(0x7f0000000100), 0x41, 0x0)
r3 = ioctl$KVM_CREATE_VM(r2, 0xae01, 0x0)
ioctl$KVM_CREATE_IRQCHIP(r3, 0xae60) (async)
ioctl$KVM_CREATE_IRQCHIP(r3, 0xae60)
sendmsg$nl_route(0xffffffffffffffff, 0x0, 0x0) (async)
sendmsg$nl_route(0xffffffffffffffff, 0x0, 0x0)
ioctl$KVM_CREATE_PIT2(r3, 0x4040ae77, &(0x7f0000000140)={0x3fd})
ioctl$KVM_CREATE_VCPU(r3, 0xae41, 0x0) (async)
r4 = ioctl$KVM_CREATE_VCPU(r3, 0xae41, 0x0)
syz_open_dev$swradio(0x0, 0x0, 0x2)
ioctl$KVM_SET_PIT(r3, 0x8048ae66, &(0x7f0000000080)={[{0x5, 0xffbf, 0x1, 0x2, 0x0, 0x0, 0x0, 0x1, 0x0, 0x3, 0x0, 0x40, 0x1}, {0x0, 0x200, 0x0, 0x5, 0x0, 0x0, 0x0, 0x7, 0x0, 0x0, 0x0, 0x1, 0x1}, {0x0, 0x14, 0x9, 0x0, 0x0, 0x0, 0x0, 0x10, 0x1}]})
unlink(&(0x7f0000000000)='./file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa\x00')
r5 = syz_usb_connect(0x3, 0x36, &(0x7f0000000000)=ANY=[@ANYBLOB="31010000dccd5e08cb060300000000ea22010902240001000064000904340102d469e70009058acf"], 0x0)
syz_usb_control_io(r5, 0x0, 0x0)
ioctl$LOOP_GET_STATUS64(0xffffffffffffffff, 0x4c05, 0x0)
openat$vhost_vsock(0xffffffffffffff9c, &(0x7f0000000400), 0x2, 0x0) (async)
r6 = openat$vhost_vsock(0xffffffffffffff9c, &(0x7f0000000400), 0x2, 0x0)
ioctl$VHOST_SET_VRING_BASE(r6, 0xaf01, 0x0)
ioctl$SNDRV_TIMER_IOCTL_PARAMS(0xffffffffffffffff, 0x40605414, 0x0)
sendmsg$nl_route(0xffffffffffffffff, 0x0, 0x0)
msgctl$IPC_STAT(0x0, 0x2, 0x0)
ioctl$KVM_SET_REGS(r4, 0x4090ae82, &(0x7f00000001c0)={[0xf, 0x3, 0x4, 0x4, 0x102000000000002, 0x8000000d, 0x2004c8, 0xffff, 0x3, 0x100000001, 0xffffffffffffffff, 0x7fffffffffffffff, 0x4b0, 0xfffffffffffffff9, 0x2000000000000003, 0x5], 0x80a0000, 0x4284}) (async)
ioctl$KVM_SET_REGS(r4, 0x4090ae82, &(0x7f00000001c0)={[0xf, 0x3, 0x4, 0x4, 0x102000000000002, 0x8000000d, 0x2004c8, 0xffff, 0x3, 0x100000001, 0xffffffffffffffff, 0x7fffffffffffffff, 0x4b0, 0xfffffffffffffff9, 0x2000000000000003, 0x5], 0x80a0000, 0x4284})
ioctl$KVM_RUN(r4, 0xae80, 0x0) (async)
ioctl$KVM_RUN(r4, 0xae80, 0x0)
ioctl$KVM_RUN(r4, 0xae80, 0x0)
syz_open_procfs(0xffffffffffffffff, 0x0)
prctl$PR_SET_SECCOMP(0x16, 0x1, 0x0)
r7 = openat$sndseq(0xffffffffffffff9c, &(0x7f0000000180), 0x0)
ioctl$SNDRV_SEQ_IOCTL_UNSUBSCRIBE_PORT(r7, 0x40505331, 0x0) (async)
ioctl$SNDRV_SEQ_IOCTL_UNSUBSCRIBE_PORT(r7, 0x40505331, 0x0)

4.403399971s ago: executing program 4 (id=3318):
r0 = socket$nl_route(0x10, 0x3, 0x0)
seccomp$SECCOMP_SET_MODE_FILTER_LISTENER(0x1, 0x0, &(0x7f00000001c0)={0x1, &(0x7f0000000180)=[{0x6, 0x0, 0x0, 0x7fff0000}]})
seccomp$SECCOMP_SET_MODE_FILTER_LISTENER(0x1, 0x0, &(0x7f0000000040)={0x3, &(0x7f0000000080)=[{0x15, 0x0, 0x1}, {0x24}, {0x6, 0x0, 0x0, 0x7ffffdbd}]})
r1 = socket$can_j1939(0x1d, 0x2, 0x7)
syz_clone(0x0, &(0x7f0000000380)="281d1da2022efd5fdef86a26426e0e2871dc295b5db62e6fe326357900216ed43714c50419bca57c4d89c6fcb3682176f3eb99ee35dcd9b0bebbfcbe044ef2d46987023fd8ee4d1b32332846ef497a0d2969add92cc3df6770284827708c552adcacb4ef8c48838a3aad3442f64a078192e3320a54f393b7fb80b0399d0b04b0abc4cd2c39334dd5f42bca286e55f2604566942b31177c3d2484f456803a827595314d33b2fe0c7b12beb8bfd49bc99834ae0f6b1e84bf942d898afce66686a3b29145c884f6af0cd9cc2e692d8a06aaf3a81446c6db372965b450da697a9f398feca04d1323", 0xe6, &(0x7f0000000000), &(0x7f00000000c0), &(0x7f0000000480)="a397cfffb768d681c1857d74c793e8f7e0db344727b595def4e188ed9c5dce8084dceca4e39df950e958aee10f29d0d98fcce3fa4767a6f57b8f069ee91ec6f2212405921d42422d186fcc78e7d18647f39805235d1cbe562d8759a101d17df8c49210df128341edd218222bfe58fb6bd6addfb725313475c45685fd587b0ab503521ce53a2ddd6fa78a0fdbc63da30dcbdf2d0cfbb2628d3f0b")
ioctl$ifreq_SIOCGIFINDEX_vcan(r0, 0x8933, &(0x7f0000000080)={'vcan0\x00', <r2=>0x0})
syz_emit_ethernet(0x0, 0x0, 0x0)
r3 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0)
r4 = ioctl$KVM_CREATE_VM(r3, 0xae01, 0x0)
ioctl$KVM_CREATE_IRQCHIP(r4, 0xae60)
r5 = ioctl$KVM_CREATE_VCPU(r4, 0xae41, 0x0)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={<r6=>0xffffffffffffffff, <r7=>0xffffffffffffffff})
connect$unix(r6, &(0x7f000057eff8)=@abs, 0x6e)
sendmmsg$unix(r7, &(0x7f00000bd000), 0x353, 0x4000)
recvmmsg(r6, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
ioctl$KVM_SET_MSRS(r5, 0x4008ae89, &(0x7f0000000040)={0x2, 0x0, [{0x400000b0, 0x0, 0x160f}, {0x400000b1, 0x0, 0x8000000000000001}]})
openat$ttyprintk(0xffffff9c, 0x0, 0x181000, 0x0)
ioctl$KVM_RUN(r5, 0xae80, 0x0)
syz_io_uring_setup(0x7505, &(0x7f0000000280)={0x0, 0xcce3, 0x860, 0x2, 0x100002cf}, &(0x7f0000000000), 0x0)
r8 = socket$inet6_mptcp(0xa, 0x1, 0x106)
getsockopt$inet6_mptcp_buf(r8, 0x11c, 0x2, &(0x7f0000000000)=""/126, &(0x7f0000000080)=0x7e)
bind$can_j1939(r1, &(0x7f0000000340)={0x1d, r2, 0x1, {0x1, 0xf0, 0x2}, 0x1}, 0x18)
writev(r1, &(0x7f0000000240)=[{&(0x7f0000000280)="b7d6e8", 0x3}], 0x1)

3.707561883s ago: executing program 2 (id=3319):
r0 = socket$inet_smc(0x2b, 0x1, 0x0)
setsockopt$inet_int(r0, 0x11e, 0x1, &(0x7f0000000080)=0x5, 0x4)
pipe(&(0x7f0000000180)={<r1=>0xffffffffffffffff})
r2 = socket$inet_udp(0x2, 0x2, 0x0)
close(r2)
splice(r1, 0x0, r2, 0x0, 0x4ffe6, 0x8)
getsockopt$inet_sctp_SCTP_GET_ASSOC_NUMBER(r1, 0x84, 0x1c, &(0x7f00000000c0), &(0x7f0000000180)=0x4)
listen(r0, 0x400)
openat$cgroup_ro(0xffffffffffffff9c, &(0x7f00000001c0)='memory.events\x00', 0x7a44, 0x1700)
openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000140)='memory.events\x00', 0x7a05, 0x1700)
socket$vsock_stream(0x28, 0x1, 0x0)
openat$tun(0xffffffffffffff9c, &(0x7f0000000000), 0x48241, 0x0)
socket$kcm(0x2, 0xa, 0x2)
socket$inet_udplite(0x2, 0x2, 0x88)
socket$nl_generic(0x10, 0x3, 0x10)
bpf$MAP_CREATE(0x0, &(0x7f0000000580)=@base={0x5, 0x4, 0x4, 0x4}, 0x48)
socket$netlink(0x10, 0x3, 0x0)
syz_open_dev$evdev(&(0x7f0000000080), 0x3, 0x101142)
r3 = socket$netlink(0x10, 0x3, 0x0)
sendmsg$nl_route(0xffffffffffffffff, &(0x7f00000002c0)={0x0, 0x0, &(0x7f0000000100)={&(0x7f0000000000)=ANY=[@ANYBLOB="540000001000010400000000000000ffff000000", @ANYRES32=0x0, @ANYBLOB="0380000000000000240012800c0001006d6163766c616e00140002800800010008000000060002000100000008000500", @ANYRES32=r3, @ANYBLOB='\b\x00\n\x00', @ANYRES16], 0x54}}, 0x0)
sendmmsg(r3, &(0x7f00000002c0), 0x40000000000009f, 0x0)

3.552880581s ago: executing program 3 (id=3320):
mmap(&(0x7f0000ffc000/0x4000)=nil, 0x4000, 0x0, 0x2172, 0xffffffffffffffff, 0x0)
syz_genetlink_get_family_id$ethtool(0x0, 0xffffffffffffffff)
setsockopt$inet6_IPV6_ADDRFORM(0xffffffffffffffff, 0x29, 0x1, 0x0, 0x0)
socketpair$unix(0x1, 0x3, 0x0, &(0x7f0000000080)={<r0=>0xffffffffffffffff, <r1=>0xffffffffffffffff})
connect$unix(r0, &(0x7f000057eff8)=@abs, 0x6e)
sendmmsg$unix(r1, &(0x7f00000bd000), 0x318, 0x0)
recvmmsg(r0, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
sched_setattr(0x0, &(0x7f0000000280)={0x38, 0x5, 0x8, 0x8001, 0x0, 0x9, 0x0, 0xfffffe0000000001, 0xfa11, 0xffffffff}, 0x0)
madvise(&(0x7f0000a93000/0x4000)=nil, 0x4000, 0x80000000e)
mremap(&(0x7f0000a96000/0x1000)=nil, 0x1000, 0x3000, 0x3, &(0x7f00004fc000/0x3000)=nil)
mlock(&(0x7f0000000000/0x800000)=nil, 0x800000)
recvmsg$unix(r1, &(0x7f0000000680)={&(0x7f0000000100)=@abs, 0x6e, &(0x7f00000005c0)=[{&(0x7f0000000300)=""/142, 0x8e}, {&(0x7f0000000000)=""/57, 0x39}, {&(0x7f00000003c0)=""/56, 0x38}], 0x3, &(0x7f0000000600)=[@rights={{0x1c, 0x1, 0x1, [0xffffffffffffffff, 0xffffffffffffffff, 0xffffffffffffffff, 0xffffffffffffffff]}}, @cred={{0x18}}, @cred={{0x18}}], 0x4c}, 0x40002100)
bind$alg(0xffffffffffffffff, 0x0, 0x0)
setsockopt$ALG_SET_KEY(0xffffffffffffffff, 0x117, 0x1, &(0x7f0000000000), 0x0)
sendmsg$MPTCP_PM_CMD_GET_ADDR(0xffffffffffffffff, &(0x7f0000000200)={0x0, 0x0, &(0x7f0000000180)={&(0x7f0000000400)=ANY=[@ANYBLOB='8\x00\x00\x00', @ANYRES16=0x0, @ANYBLOB="000226bd7000fcdbdf25030000000500050007000000080004000500000005000500ca000000480003000700000004000680"], 0x38}, 0x1, 0x0, 0x0, 0x44044001}, 0x4000041)
r2 = socket$nl_generic(0x10, 0x3, 0x10)
r3 = syz_genetlink_get_family_id$batadv(0x0, 0xffffffffffffffff)
r4 = socket(0x10, 0x3, 0x0)
ioctl$sock_SIOCGIFINDEX(r4, 0x8933, 0x0)
sendmsg$BATADV_CMD_GET_BLA_BACKBONE(r2, 0x0, 0x0)
ioctl$ifreq_SIOCGIFINDEX_batadv_hard(r0, 0x8933, &(0x7f00000000c0)={'batadv_slave_0\x00'})
sendmsg$BATADV_CMD_GET_ROUTING_ALGOS(0xffffffffffffffff, &(0x7f0000000200)={&(0x7f0000000040)={0x10, 0x0, 0x0, 0x100000}, 0xc, &(0x7f00000001c0)={&(0x7f0000000440)=ANY=[@ANYBLOB="28276dbf14100f3ad7c30700be65c50424003b49b1b21aba941c4b660e4a5d2b4865464b63be1ea4e77d4809f97c5f2e12179ba820b75cf70b8be47ed505786607a8ec4dd927777dd4a9463d47443f6ef5932732c08e1bb620b0b8e618535eea9cb518d945673343b9b31fdc2e634583c07d05b2997a2cf9db55febf9a5f7b51e36825989a2126af9f09755a09978b0dbeda46bd915397e086fd6d019693b894bfa57efc046e661b0eb9e9d190efb3ee5ee1b44d5a04e80c0589c41de6396b5e4776a42b653063d9c98b2da8fe19eeb40dcb1338f93495fa0f78eea68ddf7292e83ca6324e81f3eb62c5be079dd8f9fde53a5e94a33b68450c83f197dd004e9e447d219e62062b7708fc6e57fa8a3fbf4bcb0a76d699507ecea091ca1b34c2646f73615f0c", @ANYRES16=r3, @ANYBLOB="000328bd7000ffdbdf250400000008003c00080000000800310008000000"], 0x24}, 0x1, 0x0, 0x0, 0x40011}, 0x20000004)
r5 = socket$inet6_sctp(0xa, 0x5, 0x84)
setsockopt$inet_sctp6_SCTP_INITMSG(r5, 0x84, 0x2, &(0x7f00000000c0)={0xfffc, 0xb, 0x7, 0x8f}, 0x8)
getsockopt$inet_sctp6_SCTP_SOCKOPT_CONNECTX3(r5, 0x84, 0x6f, &(0x7f0000000200)={<r6=>0x0, 0x1c, &(0x7f00000001c0)=[@in6={0xa, 0x0, 0x0, @private0={0xfc, 0x0, '\x00', 0x1}, 0xfffffffb}]}, &(0x7f0000000180)=0x10)
getsockopt$inet_sctp6_SCTP_DEFAULT_SEND_PARAM(r5, 0x84, 0xa, &(0x7f0000000240)={0x1, 0x7, 0x2, 0x2, 0x9, 0xa582, 0x1, 0x7, r6}, &(0x7f00000002c0)=0x20)
syz_clone(0x11, 0x0, 0x0, 0x0, 0x0, 0x0)
mremap(&(0x7f000054e000/0x1000)=nil, 0x1000, 0x3000, 0x3, &(0x7f000022c000/0x3000)=nil)
mprotect(&(0x7f0000ffc000/0x1000)=nil, 0x1000, 0x100000f)

2.198857722s ago: executing program 3 (id=3321):
socketpair$unix(0x1, 0x3, 0x0, &(0x7f0000000080)={<r0=>0xffffffffffffffff, <r1=>0xffffffffffffffff})
connect$unix(r0, &(0x7f000057eff8)=@abs, 0x6e)
sendmmsg$unix(r1, &(0x7f00000bd000), 0x318, 0x0)
recvmmsg(r0, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
sched_setattr(0x0, &(0x7f0000000280)={0x38, 0x5, 0x8, 0x8001, 0x0, 0x9, 0x0, 0xfffffe0000000001, 0xfa11, 0xffffffff}, 0x0)
r2 = openat$vnet(0xffffffffffffff9c, &(0x7f0000000180), 0x2, 0x0)
ioctl$int_in(r2, 0x40000000af01, 0x0)
r3 = syz_io_uring_setup(0xb7f, &(0x7f0000000180)={0x0, 0x38ab, 0x80, 0x0, 0x1e6}, &(0x7f0000000340)=<r4=>0x0, &(0x7f0000000600)=<r5=>0x0)
syz_memcpy_off$IO_URING_METADATA_GENERIC(r4, 0x4, &(0x7f0000000080)=0xfffffffc, 0x0, 0x4)
r6 = socket$nl_netfilter(0x10, 0x3, 0xc)
sendmsg$NFNL_MSG_ACCT_DEL(r6, &(0x7f00000002c0)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000200)=ANY=[], 0x20}, 0x1, 0x0, 0x0, 0x8000}, 0x10)
syz_io_uring_submit(r4, r5, &(0x7f00000002c0)=@IORING_OP_RECV=@use_registered_buffer={0x1b, 0x20, 0x10, r6, 0x0, 0x0, 0x0, 0x322, 0x1, {0x1}})
io_uring_enter(r3, 0x3516, 0x0, 0x1000000, 0x0, 0x0)
ioctl$VHOST_SET_MEM_TABLE(r2, 0x4008af03, &(0x7f00000016c0)={0x1, 0x0, [{0x2, 0x0, 0x0}]})
ioctl$VHOST_SET_FEATURES(r2, 0x4008af00, 0x0)
socket$nl_xfrm(0x10, 0x3, 0x6)

2.198526565s ago: executing program 4 (id=3322):
socket$nl_generic(0x10, 0x3, 0x10)
r0 = socket$nl_route(0x10, 0x3, 0x0)
ioctl$sock_SIOCGIFINDEX(r0, 0x8933, &(0x7f00000008c0)={'bridge_slave_1\x00'})
socket$netlink(0x10, 0x3, 0x0)
socket(0x10, 0x803, 0x0)
r1 = openat$tun(0xffffffffffffff9c, &(0x7f0000000240), 0x0, 0x0)
ioctl$TUNSETIFF(r1, 0x400454ca, &(0x7f0000000040)={'syzkaller0\x00', 0x7101})
r2 = socket(0x400000000010, 0x3, 0x0)
r3 = socket$unix(0x1, 0x1, 0x0)
ioctl$sock_SIOCGIFINDEX(r3, 0x8933, &(0x7f0000000100)={'syzkaller0\x00', <r4=>0x0})
sendmsg$nl_route_sched(r2, &(0x7f00000012c0)={0x0, 0x0, &(0x7f0000000080)={&(0x7f0000000500)=@newqdisc={0x34, 0x24, 0x4ee4e6a52ff56541, 0x70bd2a, 0xffffffff, {0x0, 0x0, 0x0, r4, {0x0, 0xfff1}, {0xffff, 0xffff}, {0x1, 0xf}}, [@TCA_RATE={0x6, 0x5, {0xd, 0x2}}, @qdisc_kind_options=@q_mq={0x7}]}, 0x34}, 0x1, 0x0, 0x0, 0x8001}, 0x20008850)

1.072936349s ago: executing program 2 (id=3323):
r0 = socket$nl_netfilter(0x10, 0x3, 0xc)
sendmsg$NFT_BATCH(r0, &(0x7f0000000200)={0x0, 0x0, &(0x7f0000000040)={&(0x7f0000000300)={{0x14}, [@NFT_MSG_NEWTABLE={0x20, 0x0, 0xa, 0x101, 0x0, 0x0, {0x7}, [@NFTA_TABLE_NAME={0x9, 0x1, 'syz0\x00'}]}, @NFT_MSG_NEWSET={0x4c, 0x9, 0xa, 0x401, 0x0, 0x0, {0x7}, [@NFTA_SET_ID={0x8}, @NFTA_SET_NAME={0x9, 0x2, 'syz1\x00'}, @NFTA_SET_TABLE={0x9, 0x1, 'syz0\x00'}, @NFTA_SET_KEY_LEN={0x8, 0x5, 0x1, 0x0, 0x4}, @NFTA_SET_DESC={0xc, 0x9, 0x0, 0x1, [@NFTA_SET_DESC_SIZE={0x8, 0x1, 0x1, 0x0, 0x800}]}, @NFTA_SET_USERDATA={0x4}]}], {0x14, 0x10, 0x1, 0x0, 0x0, {0x0, 0x84}}}, 0x94}}, 0x0)
r1 = socket$inet6(0xa, 0x2, 0x0)
mprotect(&(0x7f0000000000/0x4000)=nil, 0x4000, 0x1)
r2 = socket(0x40000000015, 0x5, 0x0)
sendto$inet(r2, 0x0, 0x0, 0x0, &(0x7f0000000200)={0x2, 0x0, @loopback}, 0x10)
bind$inet6(r1, &(0x7f0000000040)={0xa, 0xe22}, 0x1c)
connect$inet6(r1, &(0x7f0000000340)={0x2, 0x0, 0x0, @rand_addr=' \x01\x00'}, 0x1c)
r3 = socket$netlink(0x10, 0x3, 0x8000000004)
connect$inet6(r1, &(0x7f0000000080)={0xa, 0x4e21, 0x4, @remote, 0x8000009}, 0x1c)
writev(r3, &(0x7f0000000000)=[{&(0x7f00000001c0)="580000001500add427323b472545b45602117fffffff81000e224e217f000001925aa80020007b00090080007f000001e809000000ff0000f03ac71009000008ffffffffffffffffffe7ee00000000000000000200000000", 0x58}], 0x1)

983.738588ms ago: executing program 4 (id=3324):
r0 = socket$nl_generic(0x10, 0x3, 0x10)
r1 = syz_genetlink_get_family_id$nl80211(&(0x7f0000000040), 0xffffffffffffffff)
ioctl$sock_SIOCGIFINDEX_80211(r0, 0x8933, &(0x7f0000000080)={'wlan0\x00', <r2=>0x0})
sendmsg$NL80211_CMD_JOIN_MESH(r0, &(0x7f0000000180)={0x0, 0x0, &(0x7f00000001c0)={&(0x7f0000000200)={0x40, r1, 0x5, 0x0, 0x0, {{}, {@val={0x8, 0x3, r2}, @void}}, [@NL80211_ATTR_MESH_ID={0xa}, @chandef_params=[@NL80211_ATTR_WIPHY_FREQ={0x8, 0x26, @random=0x985}], @chandef_params=[@NL80211_ATTR_WIPHY_EDMG_CHANNELS={0x5, 0x118, 0x2c}], @NL80211_ATTR_DTIM_PERIOD={0x8, 0xd, 0x6150}]}, 0x40}}, 0x0)
r3 = socket$alg(0x26, 0x5, 0x0)
bind$alg(r3, &(0x7f0000000000)={0x26, 'aead\x00', 0x0, 0x0, 'aegis128-generic\x00'}, 0x58)
setsockopt$ALG_SET_KEY(r3, 0x117, 0x1, 0x0, 0x0)
r4 = socket$inet_sctp(0x2, 0x5, 0x84)
getsockopt$inet_sctp_SCTP_GET_ASSOC_ID_LIST(r4, 0x84, 0x1d, &(0x7f0000000000)={0x1, [0x0]}, &(0x7f0000000040)=0x8)
sendto$inet6(0xffffffffffffffff, 0x0, 0x0, 0x200c8004, &(0x7f0000000280)={0xa, 0xe20, 0x0, @remote}, 0x1c)
r5 = openat$ttyS3(0xffffffffffffff9c, &(0x7f0000001200), 0x101101, 0x0)
ioctl$TCSBRKP(r5, 0x5425, 0xfffffffa)
syz_clone(0x11, 0x0, 0x0, 0x0, 0x0, 0x0)
ioctl$TCSBRKP(r5, 0x5425, 0x80000000)
setsockopt$inet6_udp_int(0xffffffffffffffff, 0x88, 0x1, &(0x7f0000000080), 0x4)
r6 = openat$binder_debug(0xffffff9c, &(0x7f0000000340)='/sys/kernel/debug/binder/state\x00', 0x0, 0x0)
bpf$PROG_LOAD(0x5, &(0x7f000000e000)={0x1, 0x1b, &(0x7f0000000380)=@raw=[@btf_id={0x18, 0x3, 0x3, 0x0, 0x1}, @snprintf={{}, {}, {0x7, 0x0, 0xb, 0x8, 0x0, 0x0, 0x3}, {}, {}, {}, {}, {}, {}, {0x18, 0x3, 0x2, 0x0, r6}}, @printk={@lld, {}, {}, {}, {}, {0x7, 0x0, 0xb, 0x3, 0x0, 0x0, 0x10001}}, @initr0={0x18, 0x0, 0x0, 0x0, 0x5, 0x0, 0x0, 0x0, 0x40}, @map_idx_val={0x18, 0x3, 0x6, 0x0, 0x5, 0x0, 0x0, 0x0, 0x4}], &(0x7f0000003ff6)='GPL\x00', 0x9, 0xc9, &(0x7f0000000080)=""/201, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x8, &(0x7f0000000000), 0x8, 0x10, &(0x7f0000000000)={0x0, 0x4, 0x0, 0xffffffff}, 0x10, 0x0, r6}, 0x94)
lseek(0xffffffffffffffff, 0x5, 0x3)

890.767867ms ago: executing program 2 (id=3325):
syz_usb_connect(0x5, 0x0, 0x0, 0x0)
socket$nl_generic(0x10, 0x3, 0x10)
socketpair$unix(0x1, 0x3, 0x0, &(0x7f0000000080)={<r0=>0xffffffffffffffff, <r1=>0xffffffffffffffff})
connect$unix(r0, &(0x7f000057eff8)=@abs, 0x6e)
sendmmsg$unix(r1, &(0x7f00000bd000), 0x318, 0x0)
recvmmsg(r0, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
sched_setattr(0x0, 0x0, 0x0)
setsockopt$MRT6_ADD_MIF(0xffffffffffffffff, 0x29, 0xca, 0x0, 0x0)
sendmsg$nl_generic(0xffffffffffffffff, &(0x7f0000000100)={0x0, 0x0, &(0x7f0000000040)={0x0, 0x20}, 0x1, 0x0, 0x0, 0x42804}, 0x0)
r2 = socket$inet_icmp_raw(0x2, 0x3, 0x1)
ppoll(&(0x7f00000000c0), 0x0, &(0x7f00000001c0), 0x0, 0x0)
ioctl$KVM_CREATE_VM(0xffffffffffffffff, 0xae01, 0x0)
setsockopt$inet_int(r2, 0x0, 0x12, &(0x7f0000000300)=0x1, 0x4)
sendto$inet(r2, &(0x7f0000000000)="f461c5bbd75c3583", 0x8, 0x20040000, &(0x7f0000000100)={0x2, 0x4e22, @empty}, 0x10)
recvmmsg(r2, &(0x7f000000e280), 0x58a, 0x42, 0x0) (fail_nth: 3)

888.296278ms ago: executing program 3 (id=3326):
r0 = socket$packet(0x11, 0x3, 0x300)
ioctl$sock_SIOCGIFINDEX(r0, 0x8933, &(0x7f0000001800)={'veth1_virt_wifi\x00', <r1=>0x0})
setsockopt$packet_int(r0, 0x107, 0x14, &(0x7f0000000180)=0x2, 0x4)
setsockopt$packet_int(r0, 0x107, 0xf, &(0x7f0000000000)=0x3da, 0x4)
sendto$packet(r0, &(0x7f00000000c0)="3f03fe7f0302140006001e0089e9aaa911d7c2290f0086dd1327c9167c643c4a1b788061", 0x24, 0x0, &(0x7f0000000540)={0xc9, 0x0, r1, 0x1, 0x0, 0x6, @multicast}, 0x14)

839.83134ms ago: executing program 1 (id=3327):
setsockopt$sock_int(0xffffffffffffffff, 0x1, 0x8, 0x0, 0x0)
r0 = openat$nullb(0xffffffffffffff9c, &(0x7f0000000080), 0x400000000a882, 0x0)
r1 = openat$nullb(0xffffffffffffff9c, &(0x7f0000000040), 0x84042, 0x0)
r2 = syz_open_dev$loop(&(0x7f0000000080), 0x47ffffa, 0x1a6c42)
ioctl$LOOP_CONFIGURE(r2, 0x4c0a, &(0x7f0000001ac0)={r1, 0x2000, {0x0, 0x0, 0x0, 0x3, 0x14a1ff, 0x0, 0x0, 0x1e, 0x1c, "339f020bbe82b398000000000000000000000d0ec0c1b4e9b1c4369d03740250ceaac594b1b3d741dd17c1c50d38ef2a565ef1e83323691c58d66500", "a9103939c787a16c1ca43f80026d1a8554fe581b59ded130e04d528539f3d3289737f0374c72a964a02447a75df8a69ea917deb7ba193b3e7772fd29f35239d2", "24431a1e77a68e174f000000000000000010e200", [0x0, 0x400]}})
r3 = dup(r2)
write$UHID_INPUT(r3, &(0x7f0000001c00)={0x8, {"b0476b76ba5d044f65271519727e4ff1ff0d12c0e6bdf3ea1f52e24f60ca698457b32832b83d7e96694c1feb5809bd67002f71e0b97c0d5270c04ffa64f63b2e18ee4b7b572fe2f4d03cad38bcd106ff12f53b443ac6fc81da518f54b9004a44859529c07a2b1b8feddc0180a0f37b13babba1dd0813b7ea56dac4b7ffe9a2ef54221439ecc55223ef2d40f4ba8108c10387ddffbaed25d41e7692bf26ddfa747a666caff49843e38c86cac7323f784a17df6beaa49c3f4a98fb4013f4e573e2ef77b0965d4bfbdf7d5eada69406ca93f422495e00addfca1518085a40f10284ff59388ecf476a12ef1a540163922098d600519ae8cf3ef544344e9d968f341af618503b455f3976b76975270e94d714302382c63de5b7c1fad1fa373b369916cb3b4d583a9ebbaeb262884d25a0e1d9fb141de60df7e64cb38b6f7167991f8fba06bffe2d49133bbb462cd8a9493177eee5f03875b15c7a92c3cd6a3fdfc64f236e14fa05a0e8d3c45f13eecd22e13528c74186dc50e0e2af44177e26bded1161e5533375508dadb83db5126cc810f4e30d4e24ec12c3b99e5220aacf42c58f2960bd43c337dbd318aeeb5c9a6cd5ffd3bf1497bb48ab7bcb32c9c33c9f5b9bc4645b96f23f9e0d826b780030444ffb925f55df587ef5ca5ea74ccd66afc7981da496d6f037efbb0b08f3f5078c60ffb4db18d1b59996bd9b1513442785bf4ece8587b39d8176dc9c735d5ea25133b2053bba227b81faab7220326f8814a9df4eba4ecc6acdd82f70b653b56a18cc9dfa4deb0a112c797ab89a51a103c3a9085d828523370c4d79d9484f4dc910735a2c9b5b85197cd9c073df7a54b40df8e1bf595bab957900c2a1a7dc40e88ed0c55c362ffbb7f88a0725a6ae73b936a639e951faf9c45ae74a2ece2f6f88e425ee41d2c60cb083a2fd6d07381908a7f629e32f89a553cf0794f54b8bdc7bd541d88464a4f80ac0b8b625a803a55de4b05a95fc7f8fc3d6d79858ccb269b7b8b21657654164a9aa29f4e8462377e9d234a41ea69841a4aaa1e5f89f9b074f6f71cb1ffaa450c3160b0e319ec81ad30101db66218b0c69f97c234465dc45849fcfd62d396f2b50ddcc0ed7dd8651431534232ab6d1186d7760770a1fc6c77553a79d0297194f794997ee47781094a76d9dccf632dcbb527b3e68950d9bb534245c7f08ae1d6ef2750292ae28e5e6dcfe2a69737dd7a1e453f3902ae90789e98c212905422099904d3bfb949bde187682a59c01aa8e6a9972a63d6aaef4d4139b10a24e063707f1aba79bd59e3f9709a873dff401d1f356c4be5e449ae0e2633a1fe50ed367fe56b0499957c3b6cabb42256547995ea998f3937d153897d1c83f1ad922d6835bdfa3b986dc6f4bd927a4ca13fbaa99b7b43758e2329d588f40fac718b16cca855468643f3818496b4915fe9a2bdd3e68889fea24bc1dfa6287a801d49a7bb84654147448550d2919e4df3a943a88cf616befea4e7a4fddb7969311c6837f9529966241be1e57ed2d773debc542986d09866905a3f63b6e1820086d52a70f039154e839da7ea852c33bf3722a048f61bbf068519e050b8788370fb130a42e9f5322dfff65b15d588f9e926b70e4530e8b66697cabb1e8514831431fa0eaecb49f9613ed5fd7bc50f897bda36d24d4296e143e2480e325ec09a77c03a07b4f86eb703085313ebeee94ef5b1cde3f6a7efd785772eb4034039f598c07819b769416a223fab824c4ac50086e78042a1ccf47b6c7ede8540cded4bd4c920ce6c2b7493a5634c5e96bb761373623ab473b121d555bfd5a8bc3f5c5418bed83ffd0d6492840550fccc0c35746370396d0190b7b1d2cadcc150877e0d197f692f97cec790c95e3d3959dc7c68aca37306c1bc13ad33848395dba5e3c9ce8090bc0e7e8312091773641be56411921e3d473321c6d8bd10b7d3f5aedd6620bcaa06474bbb298bc77297b8b5dcb9e6b33dbe676460cca825609857724cee245306d07fda287d5fe57c424c27cf9b6cf0f16d2c6a8071bd57c826d7371841cf43dab1b42421ce416d0d3a9c80bc807d2e6761e53f06b3e63c0af1b4548d820118421205f040f4ab35307871e4c7a21ff28082c29e02e89486064661898c0eb1811c70a6124c1f25d62c38794a3e87c312c870db7b60d0df8b57860c94d1a9c561b327fae3a68ce9ff4551e418eb00766f0341c5e796e3cbbbe6b4864928b966110256d5475eb1fd7b2893b60e19e859baaf23c9233a1b064771671ee2d07c151e2e99c37a116a338788052a726a8519b8335e9ff4f71d00ab634543c20ddea1bf57d4f2b797182ff19618b6974d2b69d9f052934d527a1830bf2785842f35eaf32b65b7c9fdd6f0c41756072a59c0cce0b7305740729f1daa14e0092da9d022321b726d658fcef55affa2bbf36ad788f1f423b7dfd328435b4d5df315143d8b8028ba4bea6134a3dc9720c73d5e66b8b8168752eea6b78c75f04efd9677dbe419f13f5e1c9764276a83821b710307d8f85359b34d038ff17de45e8739d4b647fd1a8d794a3273d922af3374f5d3c75b8345b9dfdabb2c0418a358921e0e73d0fe88caab1741b913673e22ff4b59afa0f653a423d9b2bb20cbf07951a349eea18a891b4f4dc6df8e42a6181284f643de5fd2924ae54f672a1920343476c67333e1e8205bf4877b1251a83f417936714edb1c6975ba7969d2fcc2e69024a4669ac2f998116ade1bd84568b8f3f1fccbe95df9ed21db77315b7469f30bfae418415d9cb5aeea627ba6811e30d56d4f4bfe5f794ea4243e3cdfad3ef55199699b8433083b6f72f95effc5f2f613cfcefaf0b94e801ebcb7095a1474ee93142b82c9bf9886617b6bf69d08c83c76cd21d4cce5872d99de8e54bbff915ab923b2d24bb3aa178dd50b44fd0eb880ef33ca51d4bf5f0fbc8ffe18afe4245397f277e4efad955baa10cf56613481253d69c02e7661714b68be0fd64f29bdafbc8b4a0b30bd6709c67fe8e8915d0479b3902b1d0169fb5486b02e966ad5d8a2bcf42ecba59177cd85e17239667f6b045d1f873ce24733ae17e2d8432709062e786a32ac925121f1b0d46c66d4fb9088f4aa0cfe2149f6c2cb5b75d45349bc88fbd47e01ea07e7cd573335aab8d389846566800dd084bc3caa95f7632719c651f2d33be0fb56347c063b3c6e3e75c5e58caeb4c37574859b78c1ed018fbeed788a4305a9ee1c1ef65a0c83a7cd717a8c08ecd4e86370ffffd6d40a89a0b1e8c15a10ad5406e867e49319ad83bfbb925d5e240b4bd44fd751e7510d5ea03a6cab95f37155d1fd69aaea1db4a1f53714eb90e669209cf634f84a50c85bdc51838ebbb545b4387790df67f0122740c2abc910cf83230394172a56c9ffda6675bb8bb39846730a1bf764aeb92407c90a194da880cb8a4efb5b57a8311d864209c7fd226b93582b6b11eec559abfbba653c0569c219d3a2e60555cb739f9d32d564f23c4e98be78aa553610822af426f961df0df2185c61ccaa22b2a6aa6fb3e917bdfb2be9c3ffb8a50821321119c4cf4917db39548abc17bfba267fa50f6af15c560a21055f967f1ca6f656ddb556f9c7e17a771eeef7e80940d1c14ddf2c27647686fd0526460036aeea395fb10abef2be2ea96c9bb380370c08d1568d30eea0f3e6b7cf8f7edc7b36d4d0affd249330707b54ee620f208d885791171eb67a25a80fcc6922e0258c9673b6576564949dfa5bed9a0299bf952aade654de16e22d54fcd391ded6adab94ff621efcd91ef69acf8dfa1b22692ba3e49cd1d3fbed6db1402065ab37e457056877977ebac33ef566f28a19b9acb67a9cc53feb156814e880b3dd5a9119ffdbc5a45c20ea375f2882575b9a28740eebf63f2895d9ffac1ec33cbdcdede98a201424d000df1efd64dd7268cc1b2366ccfb09754822dafdb1821de5e6ebee09608e82e679fafb7a5100172f26998d31d7f27c2b310f0372c3b5e888f8e6efb56074177bf6a2a5bbd9ed070ad5aaf23ce144d1ac86cad110e5916a8a57e1e7fc3d37353f84f2f6d43d92ab8b35040467f3f8b1d23fac021bbac3710edc8e2e26d794db38e48020f63e94d4b4dca3e015537a8e3008274d55f81af931a0faf1a438444b6a0489b93f7b88f81f761eae0f82e60cb0cf2745ca8c9e30d3cc189c1405b1994ed71b00d90ea7a94102916cdc915620c363d04e51eabaaca6c2814a7c1e7aaeec80bdc13135b813e6d0eea83446a5c57ec29695c302c0d8da65b61fe8ada51a36e1aff34d449f9eb70cb94931226121ab121a971c2fc070ca84272d122c1696f52fbd5ed06783abe188dcf133c4d41e10295f6ffda69fa8c5a7c0fec3425a2d60523a60d280b5ce34eac5911268172e772fefba63a6f5c6dafa9e500a5e1355fb614613f8fc1ef5e5466fa19212bcdc349a865f4cee6ea80b11a410bb6e4ad677393973e38621d25ff6c4876ef8a8d2ba651be4a78d2ba9fafadcea8eff9cca3f4ab71a0b84917794e521220dad099ac8aaf32abd162348879e4299e4d46395f9d55267b635e18ca2e2fc96146b96c8a8055130b8d8cb10cc31382df34057bd8637f86e48adc854af408226752a04df8d0362db263e0959f2bd7e8a4d33a8c4b257e19d308280baf40cced1b3cd3a86ee22df0da49d750539eee1104e99a9f8a065e5499c73125a8a8430eda7aee156821a97c237611b50f682a2cccd0969304f0a50ae98800dfb32ee1bcfeab98182c34a51e67fa5bd738c22c44fc1269ce73f464edd2f31296e92e62df51cf55798ae2e3c33c57b09f4ecd13469122095a3563f95f0a04cf58dcea4aed5e8bdda7617863cbc37a97ebadb46d679f7e30014d96d0ac7ce9484368fa5fd19cbc3d139410a2bd7ffacef1bdf76dd1d5f34d2392fcb91c7585fc1ae7d8ba2aa8ded9645d5a5e76e2279b6e0692101137da946dfbd3836476f5dad7fed70115d716dce87b5ad755e5653a709f5aa42265ec9657ed406cc9256af3628c0116b8e1d23306983e9adbc19dec354870c98e2e76566895df933a80c4c36b617db4bbda1a4ca7d6c80a43734471fc92d0bdeacfc125dddd73febd8f7ef84f221d52ae71372cee802d59013a15958e850f8fdf46d8fd3b874633daf3b1f346470456c05722258480959dd6afcffa1f3f2ca033011339c5cb85b7d1c9b5916fb8dc9c2783df64eb5cca5af83a74fe5bb259f93722842eb4ac851e71f3cfd67a39590e7f8e20f018744b9277e6eb46b5f211df5f767ef29dc9a972e14c40ea2d4624f187f301c1116d3a61adeb5c6f7ccc021ac5e18d8b40d7f1f19daf4445c06e72db8701c267c0144c92cddd49af7a87aca5aa05d0e380dd27cc780d2f7db3bef26cc4fd358543e19d73179b879f7bdc702ab405270c93a3ed64153e20b5b663773a2ad4e8e3e1e8eaf39ec80d75d02f74ff94f0e095240a564eeece4fc9bcf19bf2243c700e1dae14a1b0217013977bfa05f681abc37714fe462d0a632044ce52fdaa1c1a806b1eb4370e23ca0247e536165aa9f1c2af8adfea369ee1f4a2c7823a7baef028a1e77501db48db6aa0d7e30969f7197368db02d443803b53b2899315f7e2ba9c5ae952a3866b4ea60f3d669e0a91f7ef640cd938646bf8822fe455f0302fccf87c7fad6daf38fde038fa596b83a9fd5bf675669a6cb2bab44c6617f07950bf34edb93bbcb4174630f275dbda7a0631c4b456e5f80eb6258c1874e77d426743e478917fe44b73dc203baa2cc442b84b5818409abae99d97a28754969bd393df", 0x1000}}, 0xfffffe38)
r4 = dup(r0)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0x3000002, 0x28011, r4, 0x0)
madvise(&(0x7f0000000000/0x600000)=nil, 0x600000, 0x15)
socketpair$unix(0x1, 0x3, 0xfdff, &(0x7f0000000080))

495.498407ms ago: executing program 3 (id=3328):
syz_usb_connect(0x0, 0x24, &(0x7f00000001c0)=ANY=[@ANYBLOB="1201000013906c08e90f01db9be9010203010902120001000000000904"], 0x0)
write$FUSE_BMAP(0xffffffffffffffff, 0x0, 0x0)
sendmmsg$inet(0xffffffffffffffff, 0x0, 0x0, 0xf5)
r0 = syz_open_dev$I2C(0x0, 0x1, 0x2003)
ioctl$I2C_RDWR(r0, 0x707, &(0x7f0000000a40)={&(0x7f00000000c0)=[{0x1e, 0x6000, 0x0, 0x0}, {0x6, 0x4001, 0x0, 0x0}], 0x2})

33.576396ms ago: executing program 4 (id=3329):
r0 = socket(0x10, 0x3, 0x0)
setsockopt$netlink_NETLINK_TX_RING(r0, 0x10e, 0xc, &(0x7f0000000180)={0xffffff}, 0x10)
openat$kvm(0xffffffffffffff9c, 0x0, 0x728e1, 0x0)
socketpair$unix(0x1, 0x3, 0x0, &(0x7f0000000080)={<r1=>0xffffffffffffffff, <r2=>0xffffffffffffffff})
connect$unix(r1, &(0x7f000057eff8)=@abs, 0x6e)
sendmmsg$unix(r2, &(0x7f00000bd000), 0x318, 0x0)
recvmmsg(r1, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
sched_setattr(0x0, &(0x7f0000000100)={0x38, 0x5, 0x0, 0x1, 0x0, 0x0, 0x0, 0xfffffffffffffffe, 0xfffffffc}, 0x0)
sendmsg$NFT_BATCH(0xffffffffffffffff, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000040)={&(0x7f0000000100)={{0x14}, [@NFT_MSG_NEWRULE={0x14, 0x6, 0xa, 0x40b, 0x0, 0x0, {0x2}}], {0x14}}, 0x3c}}, 0x0)
kcmp(0x0, 0x0, 0x2, 0xffffffffffffffff, 0xffffffffffffffff)
ioctl$SNDRV_CTL_IOCTL_ELEM_REPLACE(0xffffffffffffffff, 0xc1105518, &(0x7f0000000340)={{0x1, 0x6, 0x6, 0x7, 'syz0\x00', 0x9}, 0x4, 0x2, 0x4, 0x0, 0xa, 0x2b7, 'syz1\x00', &(0x7f00000000c0)=['\x00', 'user\x00', ']\x00', '\xca#-^$\',$\x00', '\x00', '/dev/vmci\x00', 'syz', '(%,&\x00', '$&/\x00', '/dev/vmci\x00'], 0x32})
socket(0x10, 0x800, 0x0)
write(r0, &(0x7f0000000000)="240000001a005f0214f9f407000904001f000000000000000000", 0x1a)
sendmsg$NFT_BATCH(0xffffffffffffffff, 0x0, 0x6682dad6279e7a13)
syz_emit_ethernet(0x12, &(0x7f0000000000)=ANY=[@ANYBLOB="910418166421b54fa0"], 0x0)
prctl$PR_SET_SYSCALL_USER_DISPATCH_ON(0x3b, 0x1, 0x0, 0x1, &(0x7f0000006680))
syz_genetlink_get_family_id$tipc(0x0, 0xffffffffffffffff)
r3 = add_key$user(&(0x7f0000000000), &(0x7f0000000100)={'syz', 0x2}, &(0x7f0000000080)="01", 0x1, 0xffffffffffffffff)
r4 = add_key$user(&(0x7f0000000140), &(0x7f0000002840)={'syz', 0x0}, &(0x7f0000002880)="f40fc24077021c9b084c60ffc26f26db12b9e78d629870bb26edb4a5e1cc0942ed8c58ca4fe84b94a0e31ea64089ee9ca1efb52945ffebbfea11dd3d0df936a10285eccab940ab5c96cb5d81dac1ad2243d878dde6cfd6ea08d5abcb00bb35436929ddabce530b63fab525337057438cf64a506d54d5c83e3e593d1d53ad0e6a44168fe8cfc6ad98b653d80636e4ddc1f2ab58762b3494250b9557f5b606a43e50874c90143034142cd5f7bd9b4dd876b97b7feb75b9138dde818a3c6b96dd80", 0xc0, 0xfffffffffffffffb)
keyctl$dh_compute(0x17, &(0x7f0000000500)={r4, r4, r3}, &(0x7f0000000b40)=""/4111, 0x100f, 0x0) (fail_nth: 4)
sendmsg$TIPC_CMD_ENABLE_BEARER(0xffffffffffffffff, &(0x7f00000002c0)={0x0, 0x0, 0x0}, 0x40)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0x2, 0x8031, 0xffffffffffffffff, 0x0)
r5 = openat$vmci(0xffffffffffffff9c, &(0x7f0000000740), 0x2, 0x0)
ioctl$IOCTL_VMCI_VERSION2(r5, 0x7a7, &(0x7f0000000100)=0x80000)
ioctl$IOCTL_VMCI_INIT_CONTEXT(r5, 0x7a0, &(0x7f0000000140)={@my=0x1})
ioctl$IOCTL_VMCI_QUEUEPAIR_ALLOC(r5, 0x7a8, &(0x7f0000000000)={{@my=0x1, 0xffffffff}, @any, 0x0, 0x0, 0x8000000, 0x0, 0x6})
close(r5)
ustat(0x801, &(0x7f0000000300))

0s ago: executing program 2 (id=3330):
r0 = syz_open_dev$vim2m(&(0x7f00000001c0), 0x647, 0x2)
pread64(r0, &(0x7f0000000200)=""/2, 0x63, 0x9)
r1 = socket$qrtr(0x2a, 0x2, 0x0)
bind$qrtr(r1, &(0x7f0000000180)={0x2a, 0x4}, 0xc)
ioctl$BTRFS_IOC_QUOTA_RESCAN_WAIT(r0, 0x942e, 0x0)
r2 = socket$nl_generic(0x10, 0x3, 0x10)
sendmsg$nl_generic(r2, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000180)={&(0x7f0000000200)={0x38, 0x40, 0x107, 0xfffffffc, 0x10000, {0x1, 0x7c}, [@nested={0x4, 0x1142}, @nested={0xc, 0x1, 0x0, 0x1, [@typed={0x6, 0x6, 0x0, 0x0, @str='\x80\n'}]}, @nested={0x14, 0x2, 0x0, 0x1, [@nested={0x10, 0x14, 0x0, 0x1, [@typed={0x8, 0x18, 0x0, 0x0, @ipv4=@empty}, @nested={0x4, 0x134}]}]}]}, 0x38}, 0x1, 0x0, 0x0, 0x4048011}, 0xc000)
r3 = socket$nl_netfilter(0x10, 0x3, 0xc)
sendmsg$IPSET_CMD_GET_BYINDEX(r3, &(0x7f00000038c0)={&(0x7f0000003800)={0x10, 0x0, 0x0, 0x8420c43}, 0xc, &(0x7f0000003880)={&(0x7f0000003840)={0x24, 0xf, 0x6, 0x101, 0x0, 0x0, {0x0, 0x0, 0x6}, [@IPSET_ATTR_PROTOCOL={0x5}, @IPSET_ATTR_INDEX={0x6, 0xb, 0xffffffffffffffff}]}, 0x24}, 0x1, 0x0, 0x0, 0x40800}, 0x44000)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xe1000, 0x280000b, 0x28011, r0, 0x1f)

kernel console output (not intermixed with test programs):

3356][  T797] usb 5-1: config 0 has no interface number 0
[  780.832738][ T5822] usb 3-1: New USB device found, idVendor=05ac, idProduct=0291, bcdDevice=43.25
[  780.842859][ T5822] usb 3-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  780.852216][ T5822] usb 3-1: Product: syz
[  780.858284][  T797] usb 5-1: New USB device found, idVendor=05ac, idProduct=0291, bcdDevice=43.25
[  780.869638][  T797] usb 5-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  780.885402][ T5822] usb 3-1: Manufacturer: syz
[  780.890717][  T797] usb 5-1: Product: syz
[  780.895201][ T5822] usb 3-1: SerialNumber: syz
[  780.899869][  T797] usb 5-1: Manufacturer: syz
[  780.909011][  T797] usb 5-1: SerialNumber: syz
[  780.914967][ T5822] usb 3-1: config 0 descriptor??
[  780.947967][  T797] usb 5-1: config 0 descriptor??
[  780.955961][  T797] hub 5-1:0.132: bad descriptor, ignoring hub
[  780.964403][ T5822] hub 3-1:0.132: bad descriptor, ignoring hub
[  780.974896][  T797] hub 5-1:0.132: probe with driver hub failed with error -5
[  780.982270][ T5822] hub 3-1:0.132: probe with driver hub failed with error -5
[  781.006073][  T797] input: bcm5974 as /devices/platform/dummy_hcd.4/usb5/5-1/5-1:0.132/input/input117
[  781.041287][ T5822] input: bcm5974 as /devices/platform/dummy_hcd.2/usb3/3-1/3-1:0.132/input/input118
[  781.151534][T16483] syzkaller1: entered promiscuous mode
[  781.177589][T16483] syzkaller1: entered allmulticast mode
[  781.228377][T16483] loop5: detected capacity change from 0 to 7
[  781.256214][T16483] Dev loop5: unable to read RDB block 7
[  781.273115][T16481] syzkaller1: entered promiscuous mode
[  781.283154][T16483]  loop5: AHDI p1 p2 p3
[  781.288157][T16483] loop5: partition table partially beyond EOD, truncated
[  781.296096][T16481] syzkaller1: entered allmulticast mode
[  781.303109][T16483] loop5: p1 size 100663304 extends beyond EOD, truncated
[  781.358873][T16483] loop5: p2 start 1702059890 is beyond EOD, truncated
[  781.702916][T16483] netlink: 4 bytes leftover after parsing attributes in process `syz.2.2946'.
[  781.751630][T16481] netlink: 4 bytes leftover after parsing attributes in process `syz.4.2936'.
[  781.826434][T16495] bridge0: entered promiscuous mode
[  781.834508][T16495] bridge0: port 3(macvtap1) entered blocking state
[  781.842104][T16495] bridge0: port 3(macvtap1) entered disabled state
[  781.879866][T16495] macvtap1: entered allmulticast mode
[  781.904676][T16495] bridge0: entered allmulticast mode
[  781.923195][T16495] macvtap1: left allmulticast mode
[  781.933541][T16495] bridge0: left allmulticast mode
[  781.947830][T16495] bridge0: left promiscuous mode
[  782.237018][ T5914] usb 2-1: new full-speed USB device number 15 using dummy_hcd
[  782.389571][   T40] usb 5-1: USB disconnect, device number 113
[  782.398815][ T5914] usb 2-1: config 1 has no interfaces?
[  782.404584][ T5914] usb 2-1: New USB device found, idVendor=12d1, idProduct=42f7, bcdDevice=aa.47
[  782.414867][ T5914] usb 2-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  783.018726][T16504] netdevsim netdevsim4 netdevsim0: entered allmulticast mode
[  783.376266][ T5180] usb 3-1: reset high-speed USB device number 69 using dummy_hcd
[  783.426582][  T797] usb 5-1: new high-speed USB device number 114 using dummy_hcd
[  783.517696][ T5180] usb 3-1: device descriptor read/64, error -71
[  783.596299][  T797] usb 5-1: Using ep0 maxpacket: 8
[  783.604221][  T797] usb 5-1: config 0 interface 0 altsetting 188 endpoint 0x81 has invalid wMaxPacketSize 0
[  783.614434][  T797] usb 5-1: config 0 interface 0 has no altsetting 0
[  783.621184][  T797] usb 5-1: New USB device found, idVendor=1b1c, idProduct=0c10, bcdDevice= 0.00
[  783.630308][  T797] usb 5-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  783.640777][  T797] usb 5-1: config 0 descriptor??
[  783.756545][ T5180] usb 3-1: reset high-speed USB device number 69 using dummy_hcd
[  783.896283][ T5180] usb 3-1: device descriptor read/64, error -71
[  784.136276][ T5180] usb 3-1: reset high-speed USB device number 69 using dummy_hcd
[  784.157021][ T5180] usb 3-1: device descriptor read/8, error -71
[  784.406340][ T5180] usb 3-1: reset high-speed USB device number 69 using dummy_hcd
[  784.426983][ T5180] usb 3-1: device descriptor read/8, error -71
[  784.530978][ T5914] usb 2-1: string descriptor 0 read error: -71
[  784.542194][ T5914] usb 2-1: USB disconnect, device number 15
[  784.554208][ T5919] usb 3-1: USB disconnect, device number 69
[  784.751419][T16523] netlink: 28 bytes leftover after parsing attributes in process `syz.1.2948'.
[  784.766211][ T5919] usb 3-1: new high-speed USB device number 70 using dummy_hcd
[  784.989666][ T5919] usb 3-1: device descriptor read/64, error -71
[  785.846231][ T5919] usb 3-1: new high-speed USB device number 71 using dummy_hcd
[  785.986328][ T5919] usb 3-1: device descriptor read/64, error -71
[  786.046290][  T797] usbhid 5-1:0.0: can't add hid device: -71
[  786.052313][  T797] usbhid 5-1:0.0: probe with driver usbhid failed with error -71
[  786.072024][  T797] usb 5-1: USB disconnect, device number 114
[  786.106000][ T5919] usb usb3-port1: attempt power cycle
[  786.265138][T16548] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy
[  786.280175][T16548] misc raw-gadget: fail, usb_gadget_register_driver returned -16
[  786.304151][T16548] syzkaller1: entered promiscuous mode
[  786.310582][T16548] syzkaller1: entered allmulticast mode
[  786.324258][T16548] loop5: detected capacity change from 0 to 7
[  786.332132][ T5820] Dev loop5: unable to read RDB block 7
[  786.338055][ T5820]  loop5: AHDI p1 p2 p3
[  786.342238][ T5820] loop5: partition table partially beyond EOD, truncated
[  786.349950][ T5820] loop5: p1 size 100663304 extends beyond EOD, truncated
[  786.359685][ T5820] loop5: p2 start 1702059890 is beyond EOD, truncated
[  786.387408][T16548] Dev loop5: unable to read RDB block 7
[  786.393019][T16548]  loop5: AHDI p1 p2 p3
[  786.397831][T16548] loop5: partition table partially beyond EOD, truncated
[  786.405386][T16548] loop5: p1 size 100663304 extends beyond EOD, truncated
[  786.424780][T16554] netlink: 4 bytes leftover after parsing attributes in process `syz.3.2953'.
[  786.509327][   T30] audit: type=1326 audit(1770107719.965:756): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=16552 comm="syz.4.2958" exe="/root/syz-executor" sig=0 arch=40000003 syscall=240 compat=1 ip=0xf747d539 code=0x7ffc0000
[  786.536601][   T30] audit: type=1326 audit(1770107719.965:757): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=16552 comm="syz.4.2958" exe="/root/syz-executor" sig=0 arch=40000003 syscall=240 compat=1 ip=0xf747d539 code=0x7ffc0000
[  786.568351][T16548] loop5: p2 start 1702059890 is beyond EOD, truncated
[  786.576223][   T30] audit: type=1326 audit(1770107719.965:758): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=16552 comm="syz.4.2958" exe="/root/syz-executor" sig=0 arch=40000003 syscall=54 compat=1 ip=0xf747d539 code=0x7ffc0000
[  786.627635][   T30] audit: type=1326 audit(1770107719.965:759): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=16552 comm="syz.4.2958" exe="/root/syz-executor" sig=0 arch=40000003 syscall=240 compat=1 ip=0xf747d539 code=0x7ffc0000
[  786.672554][   T30] audit: type=1326 audit(1770107719.965:760): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=16552 comm="syz.4.2958" exe="/root/syz-executor" sig=0 arch=40000003 syscall=351 compat=1 ip=0xf747d539 code=0x7ffc0000
[  786.714967][   T30] audit: type=1326 audit(1770107719.965:761): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=16552 comm="syz.4.2958" exe="/root/syz-executor" sig=0 arch=40000003 syscall=240 compat=1 ip=0xf747d539 code=0x7ffc0000
[  786.768653][   T40] usb 5-1: new high-speed USB device number 115 using dummy_hcd
[  786.786887][   T30] audit: type=1326 audit(1770107719.965:762): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=16552 comm="syz.4.2958" exe="/root/syz-executor" sig=0 arch=40000003 syscall=295 compat=1 ip=0xf747d539 code=0x7ffc0000
[  786.806234][ T5919] usb 3-1: new high-speed USB device number 72 using dummy_hcd
[  786.811192][   T30] audit: type=1326 audit(1770107719.965:763): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=16552 comm="syz.4.2958" exe="/root/syz-executor" sig=0 arch=40000003 syscall=240 compat=1 ip=0xf747d539 code=0x7ffc0000
[  786.884451][ T5919] usb 3-1: config 0 interface 0 altsetting 0 endpoint 0x85 has an invalid bInterval 0, changing to 7
[  786.896548][ T5919] usb 3-1: config 0 interface 0 altsetting 0 has an endpoint descriptor with address 0xF3, changing to 0x83
[  786.934455][ T5919] usb 3-1: config 0 interface 0 altsetting 0 endpoint 0x83 has invalid wMaxPacketSize 0
[  786.946651][   T30] audit: type=1326 audit(1770107719.965:764): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=16552 comm="syz.4.2958" exe="/root/syz-executor" sig=0 arch=40000003 syscall=54 compat=1 ip=0xf747d539 code=0x7ffc0000
[  786.954765][ T5919] usb 3-1: New USB device found, idVendor=2040, idProduct=1605, bcdDevice= a.94
[  786.986490][   T40] usb 5-1: Using ep0 maxpacket: 32
[  786.990434][ T5919] usb 3-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  787.003220][   T40] usb 5-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7
[  787.005483][ T5919] usb 3-1: config 0 descriptor??
[  787.015368][   T40] usb 5-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0
[  787.028189][ T5919] em28xx 3-1:0.0: error: skipping audio endpoint 0x83, because it uses bulk transfers !
[  787.046723][   T30] audit: type=1326 audit(1770107719.965:765): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=16552 comm="syz.4.2958" exe="/root/syz-executor" sig=0 arch=40000003 syscall=240 compat=1 ip=0xf747d539 code=0x7ffc0000
[  787.047634][T16559] FAULT_INJECTION: forcing a failure.
[  787.047634][T16559] name failslab, interval 1, probability 0, space 0, times 0
[  787.072369][   T40] usb 5-1: New USB device found, idVendor=0403, idProduct=6030, bcdDevice= 0.00
[  787.111446][T16559] CPU: 0 UID: 0 PID: 16559 Comm: syz.1.2959 Tainted: G             L      syzkaller #0 PREEMPT(full) 
[  787.111474][T16559] Tainted: [L]=SOFTLOCKUP
[  787.111480][T16559] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/24/2026
[  787.111491][T16559] Call Trace:
[  787.111499][T16559]  <TASK>
[  787.111507][T16559]  dump_stack_lvl+0xe8/0x150
[  787.111536][T16559]  should_fail_ex+0x412/0x560
[  787.111562][T16559]  should_failslab+0xa8/0x100
[  787.111584][T16559]  kmem_cache_alloc_noprof+0x87/0x6e0
[  787.111609][T16559]  ? fcntl_setlk+0xa9/0x1070
[  787.111631][T16559]  fcntl_setlk+0xa9/0x1070
[  787.111647][T16559]  ? get_pid_task+0x20/0x1f0
[  787.111665][T16559]  ? get_pid_task+0x20/0x1f0
[  787.111690][T16559]  ? __might_fault+0xaf/0x130
[  787.111714][T16559]  ? __might_fault+0xaf/0x130
[  787.111751][T16559]  ? __pfx_fcntl_setlk+0x10/0x10
[  787.111781][T16559]  do_compat_fcntl64+0x640/0x7e0
[  787.111806][T16559]  ? __pfx_do_compat_fcntl64+0x10/0x10
[  787.111828][T16559]  ? __fget_files+0x3a0/0x420
[  787.111853][T16559]  ? fput+0xa0/0xd0
[  787.111873][T16559]  ? ksys_write+0x242/0x270
[  787.111897][T16559]  ? __pfx_ksys_write+0x10/0x10
[  787.111928][T16559]  __do_fast_syscall_32+0x1d2/0x540
[  787.111948][T16559]  ? lockdep_hardirqs_on+0x7a/0x110
[  787.111965][T16559]  ? do_fast_syscall_32+0x33/0x70
[  787.112026][T16559]  ? asm_int80_emulation+0x1a/0x20
[  787.112046][T16559]  ? do_int80_emulation+0x20e/0x400
[  787.112068][T16559]  do_fast_syscall_32+0x33/0x70
[  787.112090][T16559]  entry_SYSENTER_compat_after_hwframe+0x84/0x8e
[  787.112141][T16559] RIP: 0023:0xf7f22539
[  787.112158][T16559] Code: 03 74 b4 01 10 07 03 74 b0 01 10 08 03 74 d8 01 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 51 52 55 89 e5 0f 34 cd 80 <5d> 5a 59 c3 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90
[  787.112173][T16559] RSP: 002b:00000000f53c550c EFLAGS: 00000206 ORIG_RAX: 0000000000000037
[  787.112193][T16559] RAX: ffffffffffffffda RBX: 0000000000000003 RCX: 0000000000000007
[  787.112206][T16559] RDX: 0000000080000140 RSI: 0000000000000000 RDI: 0000000000000000
[  787.112217][T16559] RBP: 0000000000000000 R08: 0000000000000000 R09: 0000000000000000
[  787.112228][T16559] R10: 0000000000000000 R11: 0000000000000206 R12: 0000000000000000
[  787.112239][T16559] R13: 0000000000000000 R14: 0000000000000000 R15: 0000000000000000
[  787.112267][T16559]  </TASK>
[  787.339829][   T40] usb 5-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  787.362220][   T40] usb 5-1: config 0 descriptor??
[  787.380333][   T40] usbhid 5-1:0.0: fixing wrong optional hid class descriptors count
[  787.412459][ T5822] usb 3-1: USB disconnect, device number 72
[  787.670088][T16564] netlink: 4 bytes leftover after parsing attributes in process `syz.2.2960'.
[  787.910346][   T40] ft260 0003:0403:6030.003E: unknown main item tag 0x7
[  788.105491][   T40] ft260 0003:0403:6030.003E: failed to retrieve chip version
[  788.113980][   T40] ft260 0003:0403:6030.003E: probe with driver ft260 failed with error -32
[  788.294645][T16572] input: syz1 as /devices/virtual/input/input119
[  788.310498][T16572] fuse: Bad value for 'fd'
[  788.318445][   T10] usb 2-1: new high-speed USB device number 16 using dummy_hcd
[  788.603379][   T10] usb 2-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config
[  788.620866][   T10] usb 2-1: config 0 has 1 interface, different from the descriptor's value: 3
[  788.636712][   T10] usb 2-1: New USB device found, idVendor=0489, idProduct=e057, bcdDevice= 0.00
[  788.648949][   T10] usb 2-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  788.658840][   T10] usb 2-1: config 0 descriptor??
[  788.666598][T16555] netlink: 12 bytes leftover after parsing attributes in process `syz.4.2958'.
[  788.681145][T16555] netlink: 'syz.4.2958': attribute type 2 has an invalid length.
[  788.699043][T16555] netlink: 16 bytes leftover after parsing attributes in process `syz.4.2958'.
[  789.790118][T15347] usb 5-1: USB disconnect, device number 115
[  790.331634][T16598] sctp: [Deprecated]: syz.3.2970 (pid 16598) Use of struct sctp_assoc_value in delayed_ack socket option.
[  790.331634][T16598] Use struct sctp_sack_info instead
[  791.086305][T15347] usb 3-1: new high-speed USB device number 73 using dummy_hcd
[  791.216890][   T10] Bluetooth: Can't get version to change to load ram patch err
[  791.234124][   T10] Bluetooth: Loading sysconfig file failed
[  791.241167][T15347] usb 3-1: Using ep0 maxpacket: 32
[  791.249287][   T10] ath3k 2-1:0.0: probe with driver ath3k failed with error -71
[  791.258153][T15347] usb 3-1: config 0 has an invalid interface number: 138 but max is 0
[  791.279455][T15347] usb 3-1: config 0 has no interface number 0
[  791.296205][T15347] usb 3-1: config 0 interface 138 has no altsetting 0
[  791.307627][   T10] usb 2-1: USB disconnect, device number 16
[  791.344961][T15347] usb 3-1: New USB device found, idVendor=0e41, idProduct=4642, bcdDevice=d1.a3
[  791.365151][T15347] usb 3-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  791.383374][T15347] usb 3-1: Product: syz
[  791.393381][T15347] usb 3-1: Manufacturer: syz
[  791.398960][T15347] usb 3-1: SerialNumber: syz
[  791.407539][T15347] usb 3-1: config 0 descriptor??
[  791.481932][T16620] netlink: 16 bytes leftover after parsing attributes in process `syz.3.2976'.
[  791.505906][T16622] input: syz1 as /devices/virtual/input/input120
[  791.539727][T16620] netlink: 1 bytes leftover after parsing attributes in process `syz.3.2976'.
[  791.646454][T16609] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy
[  791.660129][T16609] misc raw-gadget: fail, usb_gadget_register_driver returned -16
[  791.747266][T16622] fuse: Bad value for 'fd'
[  792.987687][T16644] syzkaller0: left promiscuous mode
[  792.993004][T16644] syzkaller0: left allmulticast mode
[  794.421967][T16662] sctp: [Deprecated]: syz.0.2985 (pid 16662) Use of struct sctp_assoc_value in delayed_ack socket option.
[  794.421967][T16662] Use struct sctp_sack_info instead
[  794.794586][T15347] snd_usb_pod 3-1:0.138: Line 6 BassPODxt Live found
[  794.826457][T15347] snd_usb_pod 3-1:0.138: set_interface failed
[  794.832788][T15347] snd_usb_pod 3-1:0.138: Line 6 BassPODxt Live now disconnected
[  794.896371][T15347] snd_usb_pod 3-1:0.138: probe with driver snd_usb_pod failed with error -71
[  794.944703][T15347] usb 3-1: USB disconnect, device number 73
[  795.252141][T16672] syzkaller0: entered promiscuous mode
[  795.257972][T16672] syzkaller0: entered allmulticast mode
[  795.268942][T16672] 0: reclassify loop, rule prio 0, protocol 800
[  795.503024][T16684] sctp: [Deprecated]: syz.0.3001 (pid 16684) Use of struct sctp_assoc_value in delayed_ack socket option.
[  795.503024][T16684] Use struct sctp_sack_info instead
[  795.610839][T16690] input: syz1 as /devices/virtual/input/input121
[  795.678452][T16690] fuse: Bad value for 'fd'
[  795.896220][ T5899] usb 2-1: new high-speed USB device number 17 using dummy_hcd
[  796.056201][ T5899] usb 2-1: Using ep0 maxpacket: 16
[  796.063344][ T5899] usb 2-1: config 0 has an invalid interface number: 132 but max is 0
[  796.072800][ T5899] usb 2-1: config 0 has no interface number 0
[  796.088749][ T5899] usb 2-1: New USB device found, idVendor=05ac, idProduct=0291, bcdDevice=43.25
[  796.102323][ T5899] usb 2-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  796.123871][ T5899] usb 2-1: Product: syz
[  796.134024][ T5899] usb 2-1: Manufacturer: syz
[  796.145748][ T5899] usb 2-1: SerialNumber: syz
[  796.163422][ T5899] usb 2-1: config 0 descriptor??
[  796.180601][ T5899] hub 2-1:0.132: bad descriptor, ignoring hub
[  796.194881][ T5899] hub 2-1:0.132: probe with driver hub failed with error -5
[  796.226588][ T5899] input: bcm5974 as /devices/platform/dummy_hcd.1/usb2/2-1/2-1:0.132/input/input122
[  796.476650][ T5825] Bluetooth: hci0: unexpected cc 0x0c03 length: 249 > 1
[  796.488070][ T5825] Bluetooth: hci0: unexpected cc 0x1003 length: 249 > 9
[  796.496726][ T5825] Bluetooth: hci0: unexpected cc 0x1001 length: 249 > 9
[  796.504638][ T5825] Bluetooth: hci0: unexpected cc 0x0c23 length: 249 > 4
[  796.507290][T16689] syzkaller1: entered promiscuous mode
[  796.513542][ T5825] Bluetooth: hci0: unexpected cc 0x0c38 length: 249 > 2
[  796.576468][T16689] syzkaller1: entered allmulticast mode
[  796.640724][T16689] loop5: detected capacity change from 0 to 7
[  796.693488][T16689] Dev loop5: unable to read RDB block 7
[  796.699593][T16701] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy
[  796.699941][T16701] misc raw-gadget: fail, usb_gadget_register_driver returned -16
[  796.712478][T16689]  loop5: AHDI p1 p2 p3
[  796.744455][T16689] loop5: partition table partially beyond EOD, truncated
[  796.752990][T16689] loop5: p1 size 100663304 extends beyond EOD, truncated
[  796.802302][T16689] loop5: p2 start 1702059890 is beyond EOD, truncated
[  796.930537][T16689] netlink: 4 bytes leftover after parsing attributes in process `syz.1.2995'.
[  797.155756][ T9566] bond0: (slave syz_tun): Releasing backup interface
[  797.180232][T16696] chnl_net:caif_netlink_parms(): no params data found
[  797.206264][T15347] usb 3-1: new high-speed USB device number 74 using dummy_hcd
[  797.296495][ T5914] usb 2-1: USB disconnect, device number 17
[  797.343737][T16696] bridge0: port 1(bridge_slave_0) entered blocking state
[  797.354289][T16696] bridge0: port 1(bridge_slave_0) entered disabled state
[  797.360964][T15347] usb 3-1: Using ep0 maxpacket: 8
[  797.367475][T16696] bridge_slave_0: entered allmulticast mode
[  797.375427][T16696] bridge_slave_0: entered promiscuous mode
[  797.382082][T15347] usb 3-1: config index 0 descriptor too short (expected 301, got 45)
[  797.385746][T16696] bridge0: port 2(bridge_slave_1) entered blocking state
[  797.391932][T15347] usb 3-1: config 16 interface 0 altsetting 0 endpoint 0x5 has invalid wMaxPacketSize 0
[  797.407709][T15347] usb 3-1: config 16 interface 0 altsetting 0 bulk endpoint 0x5 has invalid maxpacket 0
[  797.411132][T16696] bridge0: port 2(bridge_slave_1) entered disabled state
[  797.417530][T15347] usb 3-1: config 16 interface 0 altsetting 0 bulk endpoint 0x8B has invalid maxpacket 32
[  797.417561][T15347] usb 3-1: config 16 interface 0 altsetting 0 has 2 endpoint descriptors, different from the interface descriptor's value: 3
[  797.417611][T15347] usb 3-1: New USB device found, idVendor=ee8d, idProduct=db1e, bcdDevice=61.23
[  797.417634][T15347] usb 3-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  797.495921][T16696] bridge_slave_1: entered allmulticast mode
[  797.504363][T16696] bridge_slave_1: entered promiscuous mode
[  797.548288][T16696] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link
[  797.560638][T16696] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link
[  797.599511][T16696] team0: Port device team_slave_0 added
[  797.614842][T16696] team0: Port device team_slave_1 added
[  797.625743][T15347] usb 3-1: GET_CAPABILITIES returned 0
[  797.633502][T15347] usbtmc 3-1:16.0: can't read capabilities
[  797.651418][T16696] batman_adv: batadv0: Adding interface: batadv_slave_0
[  797.660240][T16696] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1532 would solve the problem.
[  797.687792][T16696] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active
[  797.808720][T16718] netlink: 4 bytes leftover after parsing attributes in process `syz.0.3000'.
[  797.891854][T16696] batman_adv: batadv0: Adding interface: batadv_slave_1
[  797.899174][T16696] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1532 would solve the problem.
[  797.925504][T16696] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active
[  798.047064][T16696] hsr_slave_0: entered promiscuous mode
[  798.053941][T16696] hsr_slave_1: entered promiscuous mode
[  798.060560][T16696] debugfs: 'hsr0' already exists in 'hsr'
[  798.066999][T16696] Cannot create hsr debugfs directory
[  798.617773][ T5825] Bluetooth: hci0: command tx timeout
[  798.999594][T16696] netdevsim netdevsim4 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  799.229655][T16696] netdevsim netdevsim4 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  799.646553][T16696] netdevsim netdevsim4 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  799.947087][T16735] Attempt to restore checkpoint with obsolete wellknown handles
[  800.512835][T16696] netdevsim netdevsim4 netdevsim0: renamed from eth0
[  800.546795][T16696] netdevsim netdevsim4 netdevsim1: renamed from eth1
[  800.570423][T16696] netdevsim netdevsim4 netdevsim2: renamed from eth2
[  800.589642][T16696] netdevsim netdevsim4 netdevsim3: renamed from eth3
[  800.646807][ T5825] Bluetooth: hci0: command tx timeout
[  800.885569][T16696] 8021q: adding VLAN 0 to HW filter on device bond0
[  800.916002][T16753] sctp: [Deprecated]: syz.1.3007 (pid 16753) Use of struct sctp_assoc_value in delayed_ack socket option.
[  800.916002][T16753] Use struct sctp_sack_info instead
[  800.937809][T16696] 8021q: adding VLAN 0 to HW filter on device team0
[  800.958094][ T3016] bridge0: port 1(bridge_slave_0) entered blocking state
[  800.965251][ T3016] bridge0: port 1(bridge_slave_0) entered forwarding state
[  801.002428][   T30] kauditd_printk_skb: 36 callbacks suppressed
[  801.002445][   T30] audit: type=1326 audit(1770107734.505:802): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=16747 comm="syz.0.3008" exe="/root/syz-executor" sig=0 arch=40000003 syscall=240 compat=1 ip=0xf7f05539 code=0x7ffc0000
[  801.061776][   T30] audit: type=1326 audit(1770107734.525:803): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=16747 comm="syz.0.3008" exe="/root/syz-executor" sig=0 arch=40000003 syscall=240 compat=1 ip=0xf7f05539 code=0x7ffc0000
[  801.063671][ T3016] bridge0: port 2(bridge_slave_1) entered blocking state
[  801.090967][ T3016] bridge0: port 2(bridge_slave_1) entered forwarding state
[  801.148999][   T30] audit: type=1326 audit(1770107734.525:804): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=16747 comm="syz.0.3008" exe="/root/syz-executor" sig=0 arch=40000003 syscall=447 compat=1 ip=0xf7f05539 code=0x7ffc0000
[  801.175723][   T30] audit: type=1326 audit(1770107734.525:805): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=16747 comm="syz.0.3008" exe="/root/syz-executor" sig=0 arch=40000003 syscall=240 compat=1 ip=0xf7f05539 code=0x7ffc0000
[  801.210449][   T30] audit: type=1326 audit(1770107734.525:806): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=16747 comm="syz.0.3008" exe="/root/syz-executor" sig=0 arch=40000003 syscall=240 compat=1 ip=0xf7f05539 code=0x7ffc0000
[  801.243442][T16696] hsr0: Slave A (hsr_slave_0) is not up; please bring it up to get a fully working HSR network
[  801.255092][T16696] hsr0: Slave B (hsr_slave_1) is not up; please bring it up to get a fully working HSR network
[  801.287644][   T30] audit: type=1326 audit(1770107734.525:807): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=16747 comm="syz.0.3008" exe="/root/syz-executor" sig=0 arch=40000003 syscall=298 compat=1 ip=0xf7f05539 code=0x7ffc0000
[  801.333664][T16696] 8021q: adding VLAN 0 to HW filter on device batadv0
[  801.334114][T16755] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy
[  801.347330][   T30] audit: type=1326 audit(1770107734.525:808): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=16747 comm="syz.0.3008" exe="/root/syz-executor" sig=0 arch=40000003 syscall=240 compat=1 ip=0xf7f05539 code=0x7ffc0000
[  801.402654][T16755] misc raw-gadget: fail, usb_gadget_register_driver returned -16
[  801.427415][T16696] veth0_vlan: entered promiscuous mode
[  801.433107][   T30] audit: type=1326 audit(1770107734.525:809): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=16747 comm="syz.0.3008" exe="/root/syz-executor" sig=0 arch=40000003 syscall=240 compat=1 ip=0xf7f05539 code=0x7ffc0000
[  801.465379][T16696] veth1_vlan: entered promiscuous mode
[  801.479318][   T30] audit: type=1326 audit(1770107734.525:810): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=16747 comm="syz.0.3008" exe="/root/syz-executor" sig=0 arch=40000003 syscall=360 compat=1 ip=0xf7f05539 code=0x7ffc0000
[  801.536817][T16696] veth0_macvtap: entered promiscuous mode
[  801.543742][   T30] audit: type=1326 audit(1770107734.525:811): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=16747 comm="syz.0.3008" exe="/root/syz-executor" sig=0 arch=40000003 syscall=240 compat=1 ip=0xf7f05539 code=0x7ffc0000
[  801.570567][T16696] veth1_macvtap: entered promiscuous mode
[  801.599240][T16696] batman_adv: batadv0: Interface activated: batadv_slave_0
[  801.617396][T16696] batman_adv: batadv0: Interface activated: batadv_slave_1
[  801.726056][   T33] netdevsim netdevsim4 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0
[  801.746779][   T33] netdevsim netdevsim4 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0
[  801.769153][   T33] netdevsim netdevsim4 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0
[  801.786312][   T33] netdevsim netdevsim4 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0
[  801.972282][T11455] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[  801.983526][T11455] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50
[  802.101929][T11460] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[  802.114848][T11460] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50
[  802.686504][T15347] usb 5-1: new high-speed USB device number 116 using dummy_hcd
[  802.716364][ T5825] Bluetooth: hci0: command tx timeout
[  802.848250][T15347] usb 5-1: config 27 interface 0 altsetting 0 endpoint 0x8B has an invalid bInterval 0, changing to 7
[  802.870187][T15347] usb 5-1: config 27 interface 0 altsetting 0 endpoint 0xB has invalid maxpacket 58398, setting to 1024
[  802.884408][T15347] usb 5-1: config 27 interface 0 altsetting 0 bulk endpoint 0xB has invalid maxpacket 1024
[  802.903337][T15347] usb 5-1: New USB device found, idVendor=0582, idProduct=0014, bcdDevice=bb.9d
[  802.927238][T15347] usb 5-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  802.955729][T16771] raw-gadget.1 gadget.4: fail, usb_ep_enable returned -22
[  802.972285][T15347] usb 5-1: Quirk or no altset; falling back to MIDI 1.0
[  803.112763][ T5890] usb 2-1: new high-speed USB device number 18 using dummy_hcd
[  803.197137][T16707] usbtmc 4-1:16.0: usb_control_msg returned -110
[  803.212921][ T5899] usb 5-1: USB disconnect, device number 116
[  803.223715][T15347] usb 3-1: USB disconnect, device number 74
[  803.278058][ T5890] usb 2-1: too many configurations: 62, using maximum allowed: 8
[  803.295985][ T5890] usb 2-1: unable to read config index 0 descriptor/start: -61
[  803.318374][ T5890] usb 2-1: can't read configurations, error -61
[  803.466821][ T5890] usb 2-1: new high-speed USB device number 19 using dummy_hcd
[  803.579611][T16783] FAULT_INJECTION: forcing a failure.
[  803.579611][T16783] name failslab, interval 1, probability 0, space 0, times 0
[  803.593196][T16783] CPU: 1 UID: 0 PID: 16783 Comm: syz.2.3018 Tainted: G             L      syzkaller #0 PREEMPT(full) 
[  803.593225][T16783] Tainted: [L]=SOFTLOCKUP
[  803.593232][T16783] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/24/2026
[  803.593244][T16783] Call Trace:
[  803.593252][T16783]  <TASK>
[  803.593260][T16783]  dump_stack_lvl+0xe8/0x150
[  803.593288][T16783]  should_fail_ex+0x412/0x560
[  803.593316][T16783]  should_failslab+0xa8/0x100
[  803.593339][T16783]  kmem_cache_alloc_node_noprof+0x8b/0x6f0
[  803.593365][T16783]  ? __alloc_skb+0x1d7/0x390
[  803.593385][T16783]  ? __local_bh_enable_ip+0xd0/0x130
[  803.593404][T16783]  ? __alloc_skb+0x193/0x390
[  803.593425][T16783]  __alloc_skb+0x1d7/0x390
[  803.593451][T16783]  ip_frag_next+0xd1/0xa60
[  803.593472][T16783]  ? ip_skb_dst_mtu+0x109/0xa50
[  803.593497][T16783]  ? ip_skb_dst_mtu+0x109/0xa50
[  803.593521][T16783]  ip_do_fragment+0x76d/0x1770
[  803.593554][T16783]  ? __pfx_ip_finish_output2+0x10/0x10
[  803.593576][T16783]  ? ip_skb_dst_mtu+0x80b/0xa50
[  803.593606][T16783]  ip_output+0x29f/0x450
[  803.593627][T16783]  ? ip_output+0x5b/0x450
[  803.593649][T16783]  iptunnel_xmit+0x59f/0xa00
[  803.593689][T16783]  udp_tunnel_xmit_skb+0x26e/0x3c0
[  803.593732][T16783]  geneve_xmit+0x2a7b/0x37e0
[  803.593777][T16783]  ? geneve_xmit+0x13d/0x37e0
[  803.593802][T16783]  ? __pfx_geneve_xmit+0x10/0x10
[  803.593825][T16783]  ? dev_queue_xmit_nit+0x969/0xad0
[  803.593847][T16783]  ? dev_queue_xmit_nit+0x2d/0xad0
[  803.593878][T16783]  dev_hard_start_xmit+0x2cd/0x7f0
[  803.593917][T16783]  __dev_queue_xmit+0x168f/0x3850
[  803.593952][T16783]  ? __dev_queue_xmit+0x274/0x3850
[  803.593977][T16783]  ? __asan_memcpy+0x40/0x70
[  803.594000][T16783]  ? __pskb_pull_tail+0xfee/0x1600
[  803.594026][T16783]  ? __pfx___dev_queue_xmit+0x10/0x10
[  803.594057][T16783]  ? virtio_net_hdr_to_skb+0xa8a/0x1620
[  803.594079][T16783]  ? packet_parse_headers+0x808/0xb50
[  803.594117][T16783]  ? __pfx_virtio_net_hdr_to_skb+0x10/0x10
[  803.594144][T16783]  ? packet_xmit+0x68/0x320
[  803.594170][T16783]  packet_sendmsg+0x3eb6/0x50f0
[  803.594232][T16783]  ? aa_sk_perm+0x15a/0x960
[  803.594255][T16783]  ? aa_sk_perm+0x82d/0x960
[  803.594275][T16783]  ? __pfx_packet_sendmsg+0x10/0x10
[  803.594303][T16783]  ? tomoyo_socket_sendmsg_permission+0x1e0/0x300
[  803.594332][T16783]  ? aa_sock_msg_perm+0xf1/0x1b0
[  803.594354][T16783]  ? bpf_lsm_socket_sendmsg+0x9/0x20
[  803.594377][T16783]  __sys_sendto+0x709/0x7a0
[  803.594402][T16783]  ? __pfx___sys_sendto+0x10/0x10
[  803.594447][T16783]  ? fput+0xa0/0xd0
[  803.594467][T16783]  ? ksys_write+0x242/0x270
[  803.594494][T16783]  ? __pfx_ksys_write+0x10/0x10
[  803.594519][T16783]  __ia32_sys_sendto+0xdd/0x100
[  803.594543][T16783]  __do_fast_syscall_32+0x1d2/0x540
[  803.594564][T16783]  ? lockdep_hardirqs_on+0x7a/0x110
[  803.594581][T16783]  ? do_fast_syscall_32+0x33/0x70
[  803.594599][T16783]  ? asm_int80_emulation+0x1a/0x20
[  803.594615][T16783]  ? do_int80_emulation+0x20e/0x400
[  803.594639][T16783]  do_fast_syscall_32+0x33/0x70
[  803.594659][T16783]  entry_SYSENTER_compat_after_hwframe+0x84/0x8e
[  803.594680][T16783] RIP: 0023:0xf7f21539
[  803.594703][T16783] Code: 03 74 b4 01 10 07 03 74 b0 01 10 08 03 74 d8 01 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 51 52 55 89 e5 0f 34 cd 80 <5d> 5a 59 c3 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90
[  803.594718][T16783] RSP: 002b:00000000f53e650c EFLAGS: 00000206 ORIG_RAX: 0000000000000171
[  803.594739][T16783] RAX: ffffffffffffffda RBX: 0000000000000003 RCX: 0000000080000180
[  803.594752][T16783] RDX: 0000000000010000 RSI: 0000000000000000 RDI: 0000000080000140
[  803.594765][T16783] RBP: 0000000000000014 R08: 0000000000000000 R09: 0000000000000000
[  803.594777][T16783] R10: 0000000000000000 R11: 0000000000000206 R12: 0000000000000000
[  803.594789][T16783] R13: 0000000000000000 R14: 0000000000000000 R15: 0000000000000000
[  803.594818][T16783]  </TASK>
[  803.738264][ T5890] usb 2-1: too many configurations: 62, using maximum allowed: 8
[  804.001433][ T5890] usb 2-1: unable to read config index 0 descriptor/start: -61
[  804.013887][ T5890] usb 2-1: can't read configurations, error -61
[  804.021198][ T5890] usb usb2-port1: attempt power cycle
[  804.436309][ T5890] usb 2-1: new high-speed USB device number 20 using dummy_hcd
[  804.446654][ T5899] usb 3-1: new high-speed USB device number 75 using dummy_hcd
[  804.477507][ T5890] usb 2-1: too many configurations: 62, using maximum allowed: 8
[  804.493041][ T5890] usb 2-1: unable to read config index 0 descriptor/start: -61
[  804.501338][ T5890] usb 2-1: can't read configurations, error -61
[  804.574949][T16800] syzkaller0: entered promiscuous mode
[  804.582126][T16800] syzkaller0: entered allmulticast mode
[  804.598939][ T5899] usb 3-1: Using ep0 maxpacket: 8
[  804.605937][ T5899] usb 3-1: config 16 interface 0 altsetting 0 endpoint 0x5 has invalid maxpacket 56832, setting to 1024
[  804.618069][ T5899] usb 3-1: config 16 interface 0 altsetting 0 bulk endpoint 0x5 has invalid maxpacket 1024
[  804.628948][ T5899] usb 3-1: config 16 interface 0 altsetting 0 bulk endpoint 0x8B has invalid maxpacket 32
[  804.639426][ T5899] usb 3-1: config 16 interface 0 altsetting 0 has 2 endpoint descriptors, different from the interface descriptor's value: 3
[  804.645595][ T5890] usb 2-1: new high-speed USB device number 21 using dummy_hcd
[  804.657700][ T5899] usb 3-1: New USB device found, idVendor=ee8d, idProduct=db1a, bcdDevice=61.23
[  804.670401][ T5899] usb 3-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  804.687506][ T5890] usb 2-1: too many configurations: 62, using maximum allowed: 8
[  804.698983][ T5890] usb 2-1: unable to read config index 0 descriptor/start: -61
[  804.707006][ T5890] usb 2-1: can't read configurations, error -61
[  804.718342][ T5890] usb usb2-port1: unable to enumerate USB device
[  804.797498][ T5825] Bluetooth: hci0: command tx timeout
[  804.861224][T16807] kvm_intel: set kvm_intel.dump_invalid_vmcs=1 to dump internal KVM state.
[  804.890953][ T5899] usb 3-1: GET_CAPABILITIES returned 0
[  804.896693][ T5899] usbtmc 3-1:16.0: can't read capabilities
[  805.100305][T16793] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy
[  805.114512][T16793] misc raw-gadget: fail, usb_gadget_register_driver returned -16
[  805.132824][ T5914] usb 3-1: USB disconnect, device number 75
[  805.481310][T16818] netlink: 4 bytes leftover after parsing attributes in process `syz.4.3030'.
[  806.012587][   T30] kauditd_printk_skb: 3258 callbacks suppressed
[  806.012606][   T30] audit: type=1326 audit(1770107739.465:4070): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=16815 comm="syz.3.3029" exe="/root/syz-executor" sig=0 arch=40000003 syscall=240 compat=1 ip=0xf7f25539 code=0x7ff00000
[  806.093173][   T30] audit: type=1326 audit(1770107739.465:4071): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=16815 comm="syz.3.3029" exe="/root/syz-executor" sig=0 arch=40000003 syscall=240 compat=1 ip=0xf7f25539 code=0x7ff00000
[  806.160657][   T30] audit: type=1326 audit(1770107739.465:4072): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=16815 comm="syz.3.3029" exe="/root/syz-executor" sig=0 arch=40000003 syscall=240 compat=1 ip=0xf7f25539 code=0x7ff00000
[  806.217894][   T30] audit: type=1326 audit(1770107739.465:4073): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=16815 comm="syz.3.3029" exe="/root/syz-executor" sig=0 arch=40000003 syscall=240 compat=1 ip=0xf7f25539 code=0x7ff00000
[  806.307993][   T30] audit: type=1326 audit(1770107739.465:4074): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=16815 comm="syz.3.3029" exe="/root/syz-executor" sig=0 arch=40000003 syscall=240 compat=1 ip=0xf7f25539 code=0x7ff00000
[  806.401828][   T30] audit: type=1326 audit(1770107739.465:4075): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=16815 comm="syz.3.3029" exe="/root/syz-executor" sig=0 arch=40000003 syscall=240 compat=1 ip=0xf7f25539 code=0x7ff00000
[  806.458018][   T30] audit: type=1326 audit(1770107739.465:4076): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=16815 comm="syz.3.3029" exe="/root/syz-executor" sig=0 arch=40000003 syscall=240 compat=1 ip=0xf7f25539 code=0x7ff00000
[  806.548373][   T30] audit: type=1326 audit(1770107739.465:4077): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=16815 comm="syz.3.3029" exe="/root/syz-executor" sig=0 arch=40000003 syscall=240 compat=1 ip=0xf7f25539 code=0x7ff00000
[  806.635280][   T30] audit: type=1326 audit(1770107739.465:4078): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=16815 comm="syz.3.3029" exe="/root/syz-executor" sig=0 arch=40000003 syscall=240 compat=1 ip=0xf7f25539 code=0x7ff00000
[  806.704262][   T30] audit: type=1326 audit(1770107739.465:4079): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=16815 comm="syz.3.3029" exe="/root/syz-executor" sig=0 arch=40000003 syscall=240 compat=1 ip=0xf7f25539 code=0x7ff00000
[  806.856203][   T40] usb 5-1: new high-speed USB device number 117 using dummy_hcd
[  807.019598][   T40] usb 5-1: config 0 has an invalid interface number: 1 but max is 0
[  807.030246][   T40] usb 5-1: config 0 has no interface number 0
[  807.039467][   T40] usb 5-1: New USB device found, idVendor=18b4, idProduct=fffb, bcdDevice=dc.7b
[  807.049601][   T40] usb 5-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  807.059241][   T40] usb 5-1: Product: syz
[  807.076838][   T40] usb 5-1: Manufacturer: syz
[  807.082402][   T40] usb 5-1: SerialNumber: syz
[  807.103589][   T40] usb 5-1: config 0 descriptor??
[  807.311424][   T40] usb 5-1: dvb_usb_v2: found a 'E3C EC168 reference design' in warm state
[  807.338911][   T40] usb 5-1: dvb_usb_v2: will pass the complete MPEG2 transport stream to the software demuxer
[  807.361654][   T40] dvbdev: DVB: registering new adapter (E3C EC168 reference design)
[  807.370740][   T40] usb 5-1: media controller created
[  807.391458][   T40] dvbdev: dvb_create_media_entity: media entity 'dvb-demux' registered.
[  807.523098][   T40] i2c i2c-2: ec100: i2c rd failed=-32 reg=33
[  807.601987][   T40] usb 5-1: USB disconnect, device number 117
[  808.057098][T16851] FAULT_INJECTION: forcing a failure.
[  808.057098][T16851] name fail_page_alloc, interval 1, probability 0, space 0, times 0
[  808.097558][T16851] CPU: 0 UID: 0 PID: 16851 Comm: syz.2.3042 Tainted: G             L      syzkaller #0 PREEMPT(full) 
[  808.097588][T16851] Tainted: [L]=SOFTLOCKUP
[  808.097595][T16851] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/24/2026
[  808.097606][T16851] Call Trace:
[  808.097613][T16851]  <TASK>
[  808.097622][T16851]  dump_stack_lvl+0xe8/0x150
[  808.097649][T16851]  should_fail_ex+0x412/0x560
[  808.097675][T16851]  prepare_alloc_pages+0x22a/0x650
[  808.097702][T16851]  __alloc_frozen_pages_noprof+0x12f/0x380
[  808.097733][T16851]  ? __pfx___alloc_frozen_pages_noprof+0x10/0x10
[  808.097757][T16851]  ? __pfx_policy_nodemask+0x10/0x10
[  808.097776][T16851]  ? page_table_check_set+0x148/0x610
[  808.097807][T16851]  alloc_pages_mpol+0x232/0x4a0
[  808.097832][T16851]  alloc_pages_noprof+0xa8/0x190
[  808.097854][T16851]  pte_alloc_one+0x23/0x370
[  808.097872][T16851]  ? __pte_alloc+0x1d/0x430
[  808.097893][T16851]  __pte_alloc+0x25/0x430
[  808.097916][T16851]  do_pte_missing+0x2edb/0x37a0
[  808.097939][T16851]  ? count_memcg_event_mm+0x21/0x260
[  808.097969][T16851]  ? mtree_range_walk+0x6a7/0x840
[  808.097996][T16851]  handle_mm_fault+0x1b8c/0x32a0
[  808.098018][T16851]  ? mt_find+0x186/0x630
[  808.098047][T16851]  ? handle_mm_fault+0xee/0x32a0
[  808.098076][T16851]  ? __pfx_handle_mm_fault+0x10/0x10
[  808.098125][T16851]  __get_user_pages+0x165b/0x29d0
[  808.098177][T16851]  __gup_longterm_locked+0xdcf/0x1630
[  808.098209][T16851]  ? gup_fast_fallback+0x1b1/0x22e0
[  808.098231][T16851]  ? sanity_check_pinned_pages+0x1219/0x12d0
[  808.098261][T16851]  gup_fast_fallback+0x1d82/0x22e0
[  808.098281][T16851]  ? trace_sched_exit_tp+0x36/0xf0
[  808.098332][T16851]  ? __pfx_gup_fast_fallback+0x10/0x10
[  808.098360][T16851]  ? pin_user_pages_fast+0x4d/0xb0
[  808.098383][T16851]  iov_iter_extract_pages+0x37b/0x5f0
[  808.098412][T16851]  extract_iter_to_sg+0xe62/0x2520
[  808.098446][T16851]  ? __pfx_extract_iter_to_sg+0x10/0x10
[  808.098465][T16851]  ? gup_put_folio+0xf9/0x210
[  808.098487][T16851]  ? unpin_user_page+0xc9/0x1d0
[  808.098506][T16851]  ? __pfx_unpin_user_page+0x10/0x10
[  808.098534][T16851]  ? __asan_memset+0x22/0x50
[  808.098558][T16851]  hash_sendmsg+0x5c6/0x1110
[  808.098606][T16851]  __sys_sendto+0x709/0x7a0
[  808.098630][T16851]  ? __pfx___sys_sendto+0x10/0x10
[  808.098673][T16851]  ? fput+0xa0/0xd0
[  808.098692][T16851]  ? ksys_write+0x242/0x270
[  808.098717][T16851]  ? __pfx_ksys_write+0x10/0x10
[  808.098751][T16851]  __ia32_sys_sendto+0xdd/0x100
[  808.098774][T16851]  __do_fast_syscall_32+0x1d2/0x540
[  808.098793][T16851]  ? lockdep_hardirqs_on+0x7a/0x110
[  808.098810][T16851]  ? do_fast_syscall_32+0x33/0x70
[  808.098827][T16851]  ? asm_int80_emulation+0x1a/0x20
[  808.098844][T16851]  ? do_int80_emulation+0x20e/0x400
[  808.098866][T16851]  do_fast_syscall_32+0x33/0x70
[  808.098886][T16851]  entry_SYSENTER_compat_after_hwframe+0x84/0x8e
[  808.098905][T16851] RIP: 0023:0xf7f21539
[  808.098921][T16851] Code: 03 74 b4 01 10 07 03 74 b0 01 10 08 03 74 d8 01 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 51 52 55 89 e5 0f 34 cd 80 <5d> 5a 59 c3 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90
[  808.098936][T16851] RSP: 002b:00000000f53e650c EFLAGS: 00000206 ORIG_RAX: 0000000000000171
[  808.098956][T16851] RAX: ffffffffffffffda RBX: 0000000000000005 RCX: 00000000800004c0
[  808.098969][T16851] RDX: 00000000fffffd56 RSI: 00000000000180d4 RDI: 0000000000000000
[  808.098981][T16851] RBP: 0000000000000000 R08: 0000000000000000 R09: 0000000000000000
[  808.098991][T16851] R10: 0000000000000000 R11: 0000000000000206 R12: 0000000000000000
[  808.099002][T16851] R13: 0000000000000000 R14: 0000000000000000 R15: 0000000000000000
[  808.099031][T16851]  </TASK>
[  808.539913][T16860] netlink: 4 bytes leftover after parsing attributes in process `syz.3.3045'.
[  808.551935][T16860] FAULT_INJECTION: forcing a failure.
[  808.551935][T16860] name fail_usercopy, interval 1, probability 0, space 0, times 0
[  808.583336][T16860] CPU: 1 UID: 0 PID: 16860 Comm: syz.3.3045 Tainted: G             L      syzkaller #0 PREEMPT(full) 
[  808.583366][T16860] Tainted: [L]=SOFTLOCKUP
[  808.583373][T16860] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/24/2026
[  808.583384][T16860] Call Trace:
[  808.583392][T16860]  <TASK>
[  808.583401][T16860]  dump_stack_lvl+0xe8/0x150
[  808.583425][T16860]  should_fail_ex+0x412/0x560
[  808.583440][T16860]  _copy_from_iter+0x1d3/0x1670
[  808.583458][T16860]  ? trace_kmem_cache_alloc+0x1f/0xb0
[  808.583475][T16860]  ? __pfx__copy_from_iter+0x10/0x10
[  808.583488][T16860]  ? __build_skb_around+0x22d/0x3c0
[  808.583502][T16860]  ? __alloc_skb+0x193/0x390
[  808.583514][T16860]  ? netlink_sendmsg+0x650/0xb40
[  808.583524][T16860]  ? skb_put+0x11b/0x210
[  808.583537][T16860]  netlink_sendmsg+0x6c0/0xb40
[  808.583552][T16860]  ? __pfx_netlink_sendmsg+0x10/0x10
[  808.583564][T16860]  ? aa_sock_msg_perm+0xf1/0x1b0
[  808.583577][T16860]  ? bpf_lsm_socket_sendmsg+0x9/0x20
[  808.583590][T16860]  ? __pfx_netlink_sendmsg+0x10/0x10
[  808.583600][T16860]  ____sys_sendmsg+0xa68/0xad0
[  808.583617][T16860]  ? __pfx_____sys_sendmsg+0x10/0x10
[  808.583632][T16860]  ? kstrtoull+0x12f/0x1d0
[  808.583647][T16860]  ___sys_sendmsg+0x2a5/0x360
[  808.583659][T16860]  ? __lock_acquire+0x6b5/0x2cf0
[  808.583683][T16860]  ? __pfx____sys_sendmsg+0x10/0x10
[  808.583698][T16860]  ? get_pid_task+0x20/0x1f0
[  808.583709][T16860]  ? get_pid_task+0x20/0x1f0
[  808.583718][T16860]  ? get_pid_task+0x20/0x1f0
[  808.583741][T16860]  ? __fget_files+0x2a/0x420
[  808.583751][T16860]  ? __fget_files+0x3a0/0x420
[  808.583767][T16860]  __sys_sendmsg+0x183/0x260
[  808.583781][T16860]  ? __pfx___sys_sendmsg+0x10/0x10
[  808.583799][T16860]  ? __pfx_ksys_write+0x10/0x10
[  808.583818][T16860]  __do_fast_syscall_32+0x1d2/0x540
[  808.583829][T16860]  ? lockdep_hardirqs_on+0x7a/0x110
[  808.583839][T16860]  ? do_fast_syscall_32+0x33/0x70
[  808.583849][T16860]  ? asm_int80_emulation+0x1a/0x20
[  808.583858][T16860]  ? do_int80_emulation+0x20e/0x400
[  808.583871][T16860]  do_fast_syscall_32+0x33/0x70
[  808.583882][T16860]  entry_SYSENTER_compat_after_hwframe+0x84/0x8e
[  808.583894][T16860] RIP: 0023:0xf7f25539
[  808.583904][T16860] Code: 03 74 b4 01 10 07 03 74 b0 01 10 08 03 74 d8 01 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 51 52 55 89 e5 0f 34 cd 80 <5d> 5a 59 c3 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90
[  808.583913][T16860] RSP: 002b:00000000f53e650c EFLAGS: 00000206 ORIG_RAX: 0000000000000172
[  808.583924][T16860] RAX: ffffffffffffffda RBX: 0000000000000003 RCX: 0000000080000d80
[  808.583931][T16860] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000000000000
[  808.583938][T16860] RBP: 0000000000000000 R08: 0000000000000000 R09: 0000000000000000
[  808.583943][T16860] R10: 0000000000000000 R11: 0000000000000206 R12: 0000000000000000
[  808.583949][T16860] R13: 0000000000000000 R14: 0000000000000000 R15: 0000000000000000
[  808.583962][T16860]  </TASK>
[  808.651673][ T1300] ieee802154 phy0 wpan0: encryption failed: -22
[  808.686535][T16858] netlink: 76 bytes leftover after parsing attributes in process `syz.0.3044'.
[  808.687152][ T1300] ieee802154 phy1 wpan1: encryption failed: -22
[  808.692243][T16858] netlink: 72 bytes leftover after parsing attributes in process `syz.0.3044'.
[  808.986891][T16858] netlink: 'syz.0.3044': attribute type 3 has an invalid length.
[  808.994647][T16858] netlink: 11 bytes leftover after parsing attributes in process `syz.0.3044'.
[  809.013333][T16869] netlink: 4 bytes leftover after parsing attributes in process `syz.2.3046'.
[  809.060188][T16875] netlink: 4 bytes leftover after parsing attributes in process `syz.2.3046'.
[  809.684306][T16898] netlink: 'syz.0.3057': attribute type 1 has an invalid length.
[  809.776627][ T5822] usb 3-1: new high-speed USB device number 76 using dummy_hcd
[  809.790266][T16898] 8021q: adding VLAN 0 to HW filter on device bond3
[  809.852161][T16900] vlan3: entered allmulticast mode
[  809.867181][T16900] veth0_to_bond: entered allmulticast mode
[  809.952373][ T5822] usb 3-1: Using ep0 maxpacket: 16
[  810.007502][T16900] bond3: (slave vlan3): Opening slave failed
[  810.016247][ T5822] usb 3-1: config 0 has an invalid interface number: 132 but max is 0
[  810.062659][ T5822] usb 3-1: config 0 has no interface number 0
[  810.113464][ T5822] usb 3-1: New USB device found, idVendor=05ac, idProduct=0291, bcdDevice=43.25
[  810.122908][ T5822] usb 3-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  810.167989][ T5822] usb 3-1: Product: syz
[  810.427599][ T5822] usb 3-1: Manufacturer: syz
[  810.433488][ T5822] usb 3-1: SerialNumber: syz
[  810.477207][ T5822] usb 3-1: config 0 descriptor??
[  810.494872][T16909] fuse: Unknown parameter '000000000000000000060x000000000000000600000000000000000000'
[  810.508387][T16909] netlink: 'syz.0.3059': attribute type 1 has an invalid length.
[  810.560837][ T5822] hub 3-1:0.132: bad descriptor, ignoring hub
[  810.576439][ T5822] hub 3-1:0.132: probe with driver hub failed with error -5
[  810.624598][ T5822] input: bcm5974 as /devices/platform/dummy_hcd.2/usb3/3-1/3-1:0.132/input/input123
[  810.762191][T16909] 8021q: adding VLAN 0 to HW filter on device bond4
[  810.853098][T16915] netlink: 20 bytes leftover after parsing attributes in process `syz.4.3061'.
[  810.884727][T16911] gretap1: entered promiscuous mode
[  810.902402][T16911] bond4: (slave gretap1): making interface the new active one
[  810.915703][T16911] bond4: (slave gretap1): Enslaving as an active interface with an up link
[  811.002376][T16913] syzkaller1: entered promiscuous mode
[  811.008307][T16913] syzkaller1: entered allmulticast mode
[  811.028970][T16887] loop5: detected capacity change from 0 to 7
[  811.035600][T16887] Dev loop5: unable to read RDB block 7
[  811.043977][T16887]  loop5: AHDI p1 p2 p3
[  811.050153][T16887] loop5: partition table partially beyond EOD, truncated
[  811.057777][T16887] loop5: p1 size 100663304 extends beyond EOD, truncated
[  811.168336][T16913] netlink: 4 bytes leftover after parsing attributes in process `syz.2.3054'.
[  811.222684][T16922] netlink: 4 bytes leftover after parsing attributes in process `syz.1.3064'.
[  811.278273][T16922] netlink: 4 bytes leftover after parsing attributes in process `syz.1.3064'.
[  811.468474][T16934] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy
[  811.566842][T16934] misc raw-gadget: fail, usb_gadget_register_driver returned -16
[  812.148690][ T5822] usb 3-1: USB disconnect, device number 76
[  812.340644][T16955] fuse: Bad value for 'fd'
[  812.635907][ T5822] usb 4-1: USB disconnect, device number 99
[  813.399733][ T5823] Bluetooth: hci4: unexpected cc 0x0c03 length: 249 > 1
[  813.414208][ T5823] Bluetooth: hci4: unexpected cc 0x1003 length: 249 > 9
[  813.442748][ T5823] Bluetooth: hci4: unexpected cc 0x1001 length: 249 > 9
[  813.451132][ T5823] Bluetooth: hci4: unexpected cc 0x0c23 length: 249 > 4
[  813.459586][ T5823] Bluetooth: hci4: unexpected cc 0x0c38 length: 249 > 2
[  813.675618][ T3495] netdevsim netdevsim3 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  813.809949][T16976] gretap0: entered promiscuous mode
[  813.850300][T16976] 8021q: adding VLAN 0 to HW filter on device bond0
[  813.862371][T16976] 8021q: adding VLAN 0 to HW filter on device team0
[  813.863230][T16979] netlink: 'syz.0.3078': attribute type 13 has an invalid length.
[  813.880959][T16976] A link change request failed with some changes committed already. Interface caif0 may have been left with an inconsistent configuration, please check.
[  813.896878][T16979] netlink: 'syz.0.3078': attribute type 17 has an invalid length.
[  813.983632][ T3495] netdevsim netdevsim3 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  813.998604][T16985] netlink: 8 bytes leftover after parsing attributes in process `syz.1.3079'.
[  814.111457][T16979] A link change request failed with some changes committed already. Interface caif0 may have been left with an inconsistent configuration, please check.
[  814.121857][T16990] netlink: 4 bytes leftover after parsing attributes in process `syz.2.3082'.
[  814.217899][ T3495] netdevsim netdevsim3 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  814.330612][ T3495] netdevsim netdevsim3 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  814.485989][T16968] chnl_net:caif_netlink_parms(): no params data found
[  814.536409][ T5822] usb 3-1: new high-speed USB device number 77 using dummy_hcd
[  814.686269][ T5822] usb 3-1: Using ep0 maxpacket: 16
[  814.715595][ T5822] usb 3-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7
[  814.758255][ T5822] usb 3-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0
[  814.769969][ T5822] usb 3-1: New USB device found, idVendor=0458, idProduct=5016, bcdDevice= 0.00
[  814.779837][ T5822] usb 3-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  814.797205][ T5822] usb 3-1: config 0 descriptor??
[  814.893808][ T3495] batadv0: left allmulticast mode
[  814.899129][ T3495] batadv0: left promiscuous mode
[  814.904286][ T3495] bridge0: port 3(batadv0) entered disabled state
[  814.985131][T16996] netlink: 16 bytes leftover after parsing attributes in process `syz.1.3084'.
[  815.068584][ T3495] bridge_slave_1: left allmulticast mode
[  815.078565][ T3495] bridge_slave_1: left promiscuous mode
[  815.096792][ T3495] bridge0: port 2(bridge_slave_1) entered disabled state
[  815.111622][ T3495] bridge_slave_0: left allmulticast mode
[  815.165562][ T3495] bridge_slave_0: left promiscuous mode
[  815.171960][ T3495] bridge0: port 1(bridge_slave_0) entered disabled state
[  815.269655][ T3495] veth0_to_bond: left allmulticast mode
[  815.275454][ T3495] veth0_to_bond: left promiscuous mode
[  815.285744][ T3495] bridge1: port 1(veth0_to_bond) entered disabled state
[  815.297723][ T3016] batman_adv: batadv0: Local translation table size (48) exceeds maximum packet size (-320); Ignoring new local tt entry: 33:33:00:00:00:01
[  815.523433][ T5823] Bluetooth: hci4: command tx timeout
[  815.826797][ T3016] batman_adv: batadv0: Local translation table size (48) exceeds maximum packet size (-320); Ignoring new local tt entry: 33:33:00:00:00:01
[  816.121530][ T3495] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface
[  816.132143][ T3495] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface
[  816.142583][ T3495] bond0 (unregistering): Released all slaves
[  816.153392][ T3495] bond1 (unregistering): Released all slaves
[  816.193457][T16968] bridge0: port 1(bridge_slave_0) entered blocking state
[  816.214205][T16968] bridge0: port 1(bridge_slave_0) entered disabled state
[  816.249021][T16968] bridge_slave_0: entered allmulticast mode
[  816.270490][T16968] bridge_slave_0: entered promiscuous mode
[  816.310658][T16968] bridge0: port 2(bridge_slave_1) entered blocking state
[  816.321936][T16968] bridge0: port 2(bridge_slave_1) entered disabled state
[  816.351154][T16968] bridge_slave_1: entered allmulticast mode
[  816.357308][T11458] batman_adv: batadv0: Local translation table size (48) exceeds maximum packet size (-320); Ignoring new local tt entry: 33:33:00:00:00:01
[  816.384047][T16968] bridge_slave_1: entered promiscuous mode
[  816.423952][ T3495] tipc: Left network mode
[  816.449708][T16968] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link
[  816.484113][T16968] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link
[  816.519758][ T3495] IPVS: stopping backup sync thread 8813 ...
[  816.553081][T16968] team0: Port device team_slave_0 added
[  816.644647][T16968] team0: Port device team_slave_1 added
[  816.775685][T16968] batman_adv: batadv0: Adding interface: batadv_slave_0
[  816.785371][T16968] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1532 would solve the problem.
[  816.815131][T16968] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active
[  816.864796][T16968] batman_adv: batadv0: Adding interface: batadv_slave_1
[  816.889116][T16968] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1532 would solve the problem.
[  816.916449][T11458] batman_adv: batadv0: Local translation table size (48) exceeds maximum packet size (-320); Ignoring new local tt entry: 33:33:00:00:00:01
[  816.972219][T16968] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active
[  817.016625][ T5890] usb 2-1: new high-speed USB device number 22 using dummy_hcd
[  817.168883][ T5890] usb 2-1: Using ep0 maxpacket: 8
[  817.183623][ T5890] usb 2-1: config index 0 descriptor too short (expected 301, got 45)
[  817.193240][ T5890] usb 2-1: config 16 interface 0 altsetting 0 endpoint 0x5 has invalid wMaxPacketSize 0
[  817.210637][ T5890] usb 2-1: config 16 interface 0 altsetting 0 bulk endpoint 0x5 has invalid maxpacket 0
[  817.244975][ T5890] usb 2-1: config 16 interface 0 altsetting 0 bulk endpoint 0x8B has invalid maxpacket 32
[  817.255137][ T5890] usb 2-1: config 16 interface 0 altsetting 0 has 2 endpoint descriptors, different from the interface descriptor's value: 3
[  817.301259][ T5890] usb 2-1: New USB device found, idVendor=ee8d, idProduct=db1e, bcdDevice=61.23
[  817.331672][T16968] hsr_slave_0: entered promiscuous mode
[  817.332625][ T5822] usbhid 3-1:0.0: can't add hid device: -71
[  817.339839][ T5890] usb 2-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  817.343439][ T5822] usbhid 3-1:0.0: probe with driver usbhid failed with error -71
[  817.357293][T16968] hsr_slave_1: entered promiscuous mode
[  817.415619][ T5822] usb 3-1: USB disconnect, device number 77
[  817.433606][T16968] debugfs: 'hsr0' already exists in 'hsr'
[  817.440342][ T3016] batman_adv: batadv0: Local translation table size (48) exceeds maximum packet size (-320); Ignoring new local tt entry: 33:33:00:00:00:01
[  817.448557][T16968] Cannot create hsr debugfs directory
[  817.597351][ T5823] Bluetooth: hci4: command tx timeout
[  817.609269][T17041] netlink: 4 bytes leftover after parsing attributes in process `syz.0.3093'.
[  817.696595][ T5890] usb 2-1: GET_CAPABILITIES returned 0
[  817.702593][ T5890] usbtmc 2-1:16.0: can't read capabilities
[  817.856937][ T5822] usb 3-1: new high-speed USB device number 78 using dummy_hcd
[  817.967646][ T3016] batman_adv: batadv0: Local translation table size (48) exceeds maximum packet size (-320); Ignoring new local tt entry: 33:33:00:00:00:01
[  818.037061][ T5822] usb 3-1: config 0 has an invalid interface number: 1 but max is 0
[  818.061891][ T5822] usb 3-1: config 0 has no interface number 0
[  818.086378][ T5822] usb 3-1: config 0 interface 1 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7
[  818.170273][ T5822] usb 3-1: config 0 interface 1 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0
[  818.208339][ T5822] usb 3-1: New USB device found, idVendor=256c, idProduct=006d, bcdDevice= 0.00
[  818.238206][ T5822] usb 3-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  818.277097][ T5822] usb 3-1: config 0 descriptor??
[  818.567436][ T3016] batman_adv: batadv0: Local translation table size (48) exceeds maximum packet size (-320); Ignoring new local tt entry: 33:33:00:00:00:01
[  819.116815][T11458] batman_adv: batadv0: Local translation table size (48) exceeds maximum packet size (-320); Ignoring new local tt entry: 33:33:00:00:00:01
[  819.669258][T11458] batman_adv: batadv0: Local translation table size (48) exceeds maximum packet size (-320); Ignoring new local tt entry: 33:33:00:00:00:01
[  819.686389][ T5823] Bluetooth: hci4: command tx timeout
[  820.206369][T11460] batman_adv: batadv0: Local translation table size (48) exceeds maximum packet size (-320); Ignoring new local tt entry: 33:33:00:00:00:01
[  820.736235][T10708] batman_adv: batadv0: Local translation table size (48) exceeds maximum packet size (-320); Ignoring new local tt entry: 33:33:00:00:00:01
[  821.276433][   T33] batman_adv: batadv0: Local translation table size (48) exceeds maximum packet size (-320); Ignoring new local tt entry: 33:33:00:00:00:01
[  821.766220][ T5823] Bluetooth: hci4: command tx timeout
[  821.806363][T11460] batman_adv: batadv0: Local translation table size (48) exceeds maximum packet size (-320); Ignoring new local tt entry: 33:33:00:00:00:01
[  822.357458][   T33] batman_adv: batadv0: Local translation table size (48) exceeds maximum packet size (-320); Ignoring new local tt entry: 33:33:00:00:00:01
[  822.886273][ T3016] batman_adv: batadv0: Local translation table size (48) exceeds maximum packet size (-320); Ignoring new local tt entry: 33:33:00:00:00:01
[  823.037539][T17023] usbtmc 2-1:16.0: usb_control_msg returned -110
[  823.066575][ T5914] usb 2-1: USB disconnect, device number 22
[  823.369656][ T5822] usbhid 3-1:0.1: can't add hid device: -32
[  823.375631][ T5822] usbhid 3-1:0.1: probe with driver usbhid failed with error -32
[  823.407251][T11460] batman_adv: batadv0: Local translation table size (48) exceeds maximum packet size (-320); Ignoring new local tt entry: 33:33:00:00:00:01
[  823.411330][T17064] IPv6: NLM_F_CREATE should be specified when creating new route
[  823.538129][T17067] netlink: 4 bytes leftover after parsing attributes in process `syz.1.3098'.
[  823.596231][ T3495] hsr_slave_0: left promiscuous mode
[  823.625074][ T3495] hsr_slave_1: left promiscuous mode
[  823.632250][ T3495] batman_adv: batadv0: Removing interface: batadv_slave_0
[  823.646571][ T3495] batman_adv: batadv0: Removing interface: batadv_slave_1
[  823.664643][ T3495] batman_adv: batadv0: Interface deactivated: dummy0
[  823.676822][ T5914] usb 3-1: USB disconnect, device number 78
[  823.700172][ T3495] batman_adv: batadv0: Removing interface: dummy0
[  823.724055][ T3495] batman_adv: batadv0: Interface deactivated: macvtap1
[  823.740286][ T3495] batman_adv: batadv0: Removing interface: macvtap1
[  823.930694][T11455] batman_adv: batadv0: adding TT local entry 33:33:00:00:00:01 to non-existent VLAN -1
[  824.036336][   T40] usb 5-1: new high-speed USB device number 118 using dummy_hcd
[  824.186489][   T40] usb 5-1: Using ep0 maxpacket: 16
[  824.200406][   T40] usb 5-1: config 0 has an invalid interface number: 132 but max is 0
[  824.219655][   T40] usb 5-1: config 0 has no interface number 0
[  824.235158][   T40] usb 5-1: New USB device found, idVendor=05ac, idProduct=0291, bcdDevice=43.25
[  824.244397][   T40] usb 5-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  824.252544][   T40] usb 5-1: Product: syz
[  824.258731][   T40] usb 5-1: Manufacturer: syz
[  824.263365][   T40] usb 5-1: SerialNumber: syz
[  824.271799][   T40] usb 5-1: config 0 descriptor??
[  824.283009][   T40] hub 5-1:0.132: bad descriptor, ignoring hub
[  824.289458][   T40] hub 5-1:0.132: probe with driver hub failed with error -5
[  824.304906][   T40] input: bcm5974 as /devices/platform/dummy_hcd.4/usb5/5-1/5-1:0.132/input/input124
[  824.428988][ T3495] team0 (unregistering): Port device team_slave_1 removed
[  824.452649][T11455] batman_adv: batadv0: adding TT local entry 33:33:00:00:00:01 to non-existent VLAN -1
[  824.481911][ T3495] team0 (unregistering): Port device team_slave_0 removed
[  824.629394][T17091] loop5: detected capacity change from 0 to 7
[  824.640776][T17061] Dev loop5: unable to read RDB block 7
[  824.655762][T17061]  loop5: AHDI p1 p2 p3
[  824.661740][T17061] loop5: partition table partially beyond EOD, truncated
[  824.670412][T17061] loop5: p1 size 100663304 extends beyond EOD, truncated
[  824.683498][T17061] loop5: p2 start 1702059890 is beyond EOD, truncated
[  824.721077][T17091] Dev loop5: unable to read RDB block 7
[  824.728316][T17091]  loop5: AHDI p1 p2 p3
[  824.732617][T17091] loop5: partition table partially beyond EOD, truncated
[  824.747488][T17091] loop5: p1 size 100663304 extends beyond EOD, truncated
[  824.761502][T17091] loop5: p2 start 1702059890 is beyond EOD, truncated
[  824.827801][T17091] netlink: 4 bytes leftover after parsing attributes in process `syz.4.3101'.
[  825.146630][T17090] syzkaller1: entered promiscuous mode
[  825.165784][T17090] syzkaller1: entered allmulticast mode
[  825.404887][T17110] fuse: Unknown parameter 'rootmU_Ýx00000000000¦È000000104000'
[  825.935556][T16968] netdevsim netdevsim3 netdevsim0: renamed from eth0
[  825.987139][T16968] netdevsim netdevsim3 netdevsim1: renamed from eth1
[  825.997170][   T40] usb 5-1: USB disconnect, device number 118
[  826.012464][T16968] netdevsim netdevsim3 netdevsim2: renamed from eth2
[  826.058724][T16968] netdevsim netdevsim3 netdevsim3: renamed from eth3
[  826.431385][ T3495] IPVS: stop unused estimator thread 0...
[  826.490574][T17133] netlink: 8 bytes leftover after parsing attributes in process `syz.0.3110'.
[  827.211702][T16968] 8021q: adding VLAN 0 to HW filter on device bond0
[  827.347210][T16968] 8021q: adding VLAN 0 to HW filter on device team0
[  827.410730][T11460] bridge0: port 1(bridge_slave_0) entered blocking state
[  827.418304][T11460] bridge0: port 1(bridge_slave_0) entered forwarding state
[  827.573778][T11458] bridge0: port 2(bridge_slave_1) entered blocking state
[  827.580978][T11458] bridge0: port 2(bridge_slave_1) entered forwarding state
[  827.593554][T17169] netlink: 8 bytes leftover after parsing attributes in process `syz.4.3118'.
[  827.706562][ T5823] Bluetooth: hci5: unexpected event for opcode 0x2035
[  827.770368][T16968] hsr0: Slave A (hsr_slave_0) is not up; please bring it up to get a fully working HSR network
[  827.800392][T16968] hsr0: Slave B (hsr_slave_1) is not up; please bring it up to get a fully working HSR network
[  827.959641][T17176] fuse: Unknown parameter 'ì<M$¿|К­puìn³ß&ø'
[  828.178190][T16968] 8021q: adding VLAN 0 to HW filter on device batadv0
[  828.282418][T16968] veth0_vlan: entered promiscuous mode
[  828.370528][T16968] veth1_vlan: entered promiscuous mode
[  828.504759][T16968] veth0_macvtap: entered promiscuous mode
[  828.548463][T16968] veth1_macvtap: entered promiscuous mode
[  828.618424][T16968] batman_adv: batadv0: Interface activated: batadv_slave_0
[  828.659951][T16968] batman_adv: batadv0: Interface activated: batadv_slave_1
[  828.846377][ T5890] usb 2-1: new high-speed USB device number 23 using dummy_hcd
[  828.987927][ T3016] netdevsim netdevsim3 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0
[  829.006353][ T3016] netdevsim netdevsim3 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0
[  829.070108][ T5890] usb 2-1: Using ep0 maxpacket: 16
[  829.092400][ T5890] usb 2-1: config 0 has an invalid interface number: 132 but max is 0
[  829.100961][ T5890] usb 2-1: config 0 has no interface number 0
[  829.110771][ T5890] usb 2-1: New USB device found, idVendor=05ac, idProduct=0291, bcdDevice=43.25
[  829.121863][ T5890] usb 2-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  829.134634][ T5890] usb 2-1: Product: syz
[  829.168857][ T5890] usb 2-1: Manufacturer: syz
[  829.174145][ T5890] usb 2-1: SerialNumber: syz
[  829.216038][ T5890] usb 2-1: config 0 descriptor??
[  829.223072][ T3016] netdevsim netdevsim3 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0
[  829.243066][ T5890] hub 2-1:0.132: bad descriptor, ignoring hub
[  829.256956][ T5890] hub 2-1:0.132: probe with driver hub failed with error -5
[  829.288292][ T3016] netdevsim netdevsim3 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0
[  829.306657][ T5890] input: bcm5974 as /devices/platform/dummy_hcd.1/usb2/2-1/2-1:0.132/input/input125
[  829.422655][T17211] netlink: 16 bytes leftover after parsing attributes in process `syz.2.3128'.
[  829.460474][T11455] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[  829.502678][T11455] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50
[  829.582064][T17216] netlink: 44 bytes leftover after parsing attributes in process `syz.0.3130'.
[  829.636380][T17216] netlink: 43 bytes leftover after parsing attributes in process `syz.0.3130'.
[  829.655089][ T3016] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[  829.657253][T17188] syzkaller1: entered promiscuous mode
[  829.680988][T17188] syzkaller1: entered allmulticast mode
[  829.689041][T17216] netlink: 'syz.0.3130': attribute type 6 has an invalid length.
[  829.700919][T17215] loop5: detected capacity change from 0 to 7
[  829.717268][ T3016] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50
[  829.727565][T17215] Dev loop5: unable to read RDB block 7
[  829.733158][T17215]  loop5: AHDI p1 p2 p3
[  829.737520][T17216] netlink: 'syz.0.3130': attribute type 5 has an invalid length.
[  829.745257][T17216] netlink: 43 bytes leftover after parsing attributes in process `syz.0.3130'.
[  829.786158][T17215] loop5: partition table partially beyond EOD, truncated
[  829.795236][T17215] loop5: p1 size 100663304 extends beyond EOD, truncated
[  829.826538][T17215] loop5: p2 start 1702059890 is beyond EOD, truncated
[  830.094052][T17188] netlink: 4 bytes leftover after parsing attributes in process `syz.1.3123'.
[  830.286483][ T5914] usb 4-1: new high-speed USB device number 100 using dummy_hcd
[  830.448789][ T5914] usb 4-1: config 27 interface 0 altsetting 0 endpoint 0x8B has an invalid bInterval 0, changing to 7
[  830.517802][ T5914] usb 4-1: config 27 interface 0 altsetting 0 endpoint 0xB has invalid maxpacket 58398, setting to 1024
[  830.568505][ T5914] usb 4-1: config 27 interface 0 altsetting 0 bulk endpoint 0xB has invalid maxpacket 1024
[  830.593762][ T5914] usb 4-1: New USB device found, idVendor=0582, idProduct=0014, bcdDevice=bb.9d
[  830.609961][ T5822] usb 2-1: USB disconnect, device number 23
[  830.637564][ T5914] usb 4-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  830.679613][T17233] raw-gadget.1 gadget.3: fail, usb_ep_enable returned -22
[  830.727491][ T5914] usb 4-1: Quirk or no altset; falling back to MIDI 1.0
[  830.937110][ T5822] usb 4-1: USB disconnect, device number 100
[  831.856258][T15347] usb 2-1: new high-speed USB device number 24 using dummy_hcd
[  832.036469][T15347] usb 2-1: Using ep0 maxpacket: 16
[  832.046366][T15347] usb 2-1: config 0 has an invalid interface number: 132 but max is 0
[  832.055264][T15347] usb 2-1: config 0 has no interface number 0
[  832.103478][T15347] usb 2-1: New USB device found, idVendor=05ac, idProduct=0291, bcdDevice=43.25
[  832.119881][T15347] usb 2-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  832.264848][T15347] usb 2-1: Product: syz
[  832.279689][T15347] usb 2-1: Manufacturer: syz
[  832.418309][T15347] usb 2-1: SerialNumber: syz
[  832.457306][T15347] usb 2-1: config 0 descriptor??
[  832.468208][T15347] hub 2-1:0.132: bad descriptor, ignoring hub
[  832.475959][T15347] hub 2-1:0.132: probe with driver hub failed with error -5
[  832.486424][T15347] input: bcm5974 as /devices/platform/dummy_hcd.1/usb2/2-1/2-1:0.132/input/input126
[  832.850815][T17270] loop5: detected capacity change from 0 to 7
[  832.881332][T17235] Dev loop5: unable to read RDB block 7
[  832.889505][T17235]  loop5: AHDI p1 p2 p3
[  832.893696][T17235] loop5: partition table partially beyond EOD, truncated
[  832.904332][T17235] loop5: p1 size 100663304 extends beyond EOD, truncated
[  832.927025][T17235] loop5: p2 start 1702059890 is beyond EOD, truncated
[  832.948016][T17270] Dev loop5: unable to read RDB block 7
[  832.953958][T17270]  loop5: AHDI p1 p2 p3
[  832.962603][T17270] loop5: partition table partially beyond EOD, truncated
[  832.991507][T17270] loop5: p1 size 100663304 extends beyond EOD, truncated
[  833.024455][T17270] loop5: p2 start 1702059890 is beyond EOD, truncated
[  833.065143][T17270] netlink: 4 bytes leftover after parsing attributes in process `syz.1.3150'.
[  833.462167][T15347] usb 2-1: USB disconnect, device number 24
[  833.576259][  T797] usb 3-1: new high-speed USB device number 79 using dummy_hcd
[  833.726362][  T797] usb 3-1: Using ep0 maxpacket: 16
[  833.735279][  T797] usb 3-1: config 0 has an invalid interface number: 132 but max is 0
[  833.744232][  T797] usb 3-1: config 0 has no interface number 0
[  833.759536][  T797] usb 3-1: New USB device found, idVendor=05ac, idProduct=0291, bcdDevice=43.25
[  833.776224][  T797] usb 3-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  833.785511][  T797] usb 3-1: Product: syz
[  833.809987][  T797] usb 3-1: Manufacturer: syz
[  833.859707][  T797] usb 3-1: SerialNumber: syz
[  833.897414][  T797] usb 3-1: config 0 descriptor??
[  833.905211][  T797] hub 3-1:0.132: bad descriptor, ignoring hub
[  833.939170][  T797] hub 3-1:0.132: probe with driver hub failed with error -5
[  833.961498][  T797] input: bcm5974 as /devices/platform/dummy_hcd.2/usb3/3-1/3-1:0.132/input/input127
[  834.094827][T17312] FAULT_INJECTION: forcing a failure.
[  834.094827][T17312] name failslab, interval 1, probability 0, space 0, times 0
[  834.113789][T17312] CPU: 1 UID: 0 PID: 17312 Comm: syz.1.3154 Tainted: G             L      syzkaller #0 PREEMPT(full) 
[  834.113821][T17312] Tainted: [L]=SOFTLOCKUP
[  834.113828][T17312] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/24/2026
[  834.113838][T17312] Call Trace:
[  834.113846][T17312]  <TASK>
[  834.113854][T17312]  dump_stack_lvl+0xe8/0x150
[  834.113890][T17312]  should_fail_ex+0x412/0x560
[  834.113914][T17312]  should_failslab+0xa8/0x100
[  834.113933][T17312]  __kmalloc_noprof+0xde/0x7e0
[  834.113946][T17312]  ? ima_alloc_init_template+0x172/0x6f0
[  834.113967][T17312]  ima_alloc_init_template+0x172/0x6f0
[  834.113986][T17312]  ima_store_measurement+0x1ce/0x670
[  834.113995][T17312]  ? take_dentry_name_snapshot+0x29/0x500
[  834.114010][T17312]  ? __pfx_ima_store_measurement+0x10/0x10
[  834.114019][T17312]  ? ima_d_path+0x1e9/0x250
[  834.114040][T17312]  process_measurement+0x13f8/0x1cb0
[  834.114064][T17312]  ? __pfx_process_measurement+0x10/0x10
[  834.114079][T17312]  ? aa_file_perm+0x12d/0x1630
[  834.114117][T17312]  ima_file_mmap+0x1ac/0x200
[  834.114136][T17312]  ? __pfx_ima_file_mmap+0x10/0x10
[  834.114157][T17312]  ? apparmor_mmap_file+0x23e/0x2b0
[  834.114169][T17312]  security_mmap_file+0x773/0xa20
[  834.114181][T17312]  vm_mmap_pgoff+0x134/0x4f0
[  834.114196][T17312]  ? __pfx_alloc_file_pseudo+0x10/0x10
[  834.114208][T17312]  ? __pfx_vm_mmap_pgoff+0x10/0x10
[  834.114219][T17312]  ? rcu_is_watching+0x15/0xb0
[  834.114230][T17312]  ? hugetlbfs_get_inode+0x448/0x640
[  834.114245][T17312]  ? hugetlb_file_setup+0x42c/0x630
[  834.114258][T17312]  ksys_mmap_pgoff+0x586/0x760
[  834.114277][T17312]  __do_fast_syscall_32+0x1d2/0x540
[  834.114290][T17312]  ? lockdep_hardirqs_on+0x7a/0x110
[  834.114299][T17312]  ? do_fast_syscall_32+0x33/0x70
[  834.114310][T17312]  ? asm_int80_emulation+0x1a/0x20
[  834.114319][T17312]  ? do_int80_emulation+0x20e/0x400
[  834.114332][T17312]  do_fast_syscall_32+0x33/0x70
[  834.114343][T17312]  entry_SYSENTER_compat_after_hwframe+0x84/0x8e
[  834.114355][T17312] RIP: 0023:0xf7f22539
[  834.114365][T17312] Code: 03 74 b4 01 10 07 03 74 b0 01 10 08 03 74 d8 01 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 51 52 55 89 e5 0f 34 cd 80 <5d> 5a 59 c3 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90
[  834.114374][T17312] RSP: 002b:00000000f53e650c EFLAGS: 00000206 ORIG_RAX: 00000000000000c0
[  834.114385][T17312] RAX: ffffffffffffffda RBX: 0000000080000000 RCX: 0000000000ff5000
[  834.114392][T17312] RDX: 0000000001000005 RSI: 00000000000ec071 RDI: 00000000ffffffff
[  834.114399][T17312] RBP: 0000000000000000 R08: 0000000000000000 R09: 0000000000000000
[  834.114404][T17312] R10: 0000000000000000 R11: 0000000000000206 R12: 0000000000000000
[  834.114410][T17312] R13: 0000000000000000 R14: 0000000000000000 R15: 0000000000000000
[  834.114424][T17312]  </TASK>
[  834.383095][   T30] kauditd_printk_skb: 3220 callbacks suppressed
[  834.383113][   T30] audit: type=1804 audit(1770107767.625:7300): pid=17312 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=add_template_measure cause=ENOMEM comm="syz.1.3154" name="anon_hugepage" dev="hugetlbfs" ino=81744 res=0 errno=0
[  834.565960][T17316] loop5: detected capacity change from 0 to 7
[  834.575533][T17315] syzkaller1: entered promiscuous mode
[  834.583849][T17315] syzkaller1: entered allmulticast mode
[  834.590576][T17316] Dev loop5: unable to read RDB block 7
[  834.597733][T17316]  loop5: AHDI p1 p2 p3
[  834.603973][T17316] loop5: partition table partially beyond EOD, truncated
[  834.625827][T17316] loop5: p1 size 100663304 extends beyond EOD, truncated
[  834.641674][T17316] loop5: p2 start 1702059890 is beyond EOD, truncated
[  834.718789][T17315] netlink: 4 bytes leftover after parsing attributes in process `syz.2.3149'.
[  835.188514][   T40] usb 3-1: USB disconnect, device number 79
[  836.166567][ T5890] usb 3-1: new high-speed USB device number 80 using dummy_hcd
[  836.336806][ T5890] usb 3-1: Using ep0 maxpacket: 16
[  836.344811][ T5890] usb 3-1: config 0 has an invalid interface number: 132 but max is 0
[  836.354445][ T5890] usb 3-1: config 0 has no interface number 0
[  836.363295][ T5890] usb 3-1: New USB device found, idVendor=05ac, idProduct=0291, bcdDevice=43.25
[  836.373435][ T5890] usb 3-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  836.381811][ T5890] usb 3-1: Product: syz
[  836.388859][ T5890] usb 3-1: Manufacturer: syz
[  836.393483][ T5890] usb 3-1: SerialNumber: syz
[  836.408595][ T5890] usb 3-1: config 0 descriptor??
[  836.419726][ T5890] hub 3-1:0.132: bad descriptor, ignoring hub
[  836.425841][ T5890] hub 3-1:0.132: probe with driver hub failed with error -5
[  836.439702][ T5890] input: bcm5974 as /devices/platform/dummy_hcd.2/usb3/3-1/3-1:0.132/input/input128
[  836.623898][T17345] loop5: detected capacity change from 0 to 7
[  836.631185][T17345] Dev loop5: unable to read RDB block 7
[  836.639894][T17345]  loop5: AHDI p1 p2 p3
[  836.645527][T17345] loop5: partition table partially beyond EOD, truncated
[  836.698000][T17345] loop5: p1 size 100663304 extends beyond EOD, truncated
[  836.833119][T17345] loop5: p2 start 1702059890 is beyond EOD, truncated
[  836.866621][T17382] binder: 17366:17382 ioctl 4018620d 0 returned -22
[  837.662679][T17345] netlink: 4 bytes leftover after parsing attributes in process `syz.2.3164'.
[  837.894334][T17383] netlink: 28 bytes leftover after parsing attributes in process `syz.0.3174'.
[  838.096501][T15347] usb 3-1: USB disconnect, device number 80
[  838.186614][ T5890] usb 2-1: new high-speed USB device number 25 using dummy_hcd
[  838.350935][ T5890] usb 2-1: New USB device found, idVendor=0cf3, idProduct=9271, bcdDevice= 1.08
[  838.365686][ T5890] usb 2-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  838.374386][ T5890] usb 2-1: Product: syz
[  838.379886][ T5890] usb 2-1: Manufacturer: syz
[  838.384743][ T5890] usb 2-1: SerialNumber: syz
[  838.405655][ T5890] usb 2-1: ath9k_htc: Firmware ath9k_htc/htc_9271-1.4.0.fw requested
[  838.516803][T15347] usb 2-1: ath9k_htc: Transferred FW: ath9k_htc/htc_9271-1.4.0.fw, size: 51008
[  838.653568][T17412] netlink: 24 bytes leftover after parsing attributes in process `syz.2.3187'.
[  839.130301][T17418] binder: 17414:17418 ioctl 4018620d 0 returned -22
[  839.361405][ T5914] usb 2-1: USB disconnect, device number 25
[  839.769721][T15347] ath9k_htc 2-1:1.0: ath9k_htc: Target is unresponsive
[  839.790285][T15347] ath9k_htc: Failed to initialize the device
[  840.082761][ T5914] usb 2-1: ath9k_htc: USB layer deinitialized
[  840.282227][T17426] netlink: 56 bytes leftover after parsing attributes in process `syz.3.3191'.
[  840.334993][T17440] cifs: Unknown parameter 'f,'
[  840.362623][T17442] netlink: 24 bytes leftover after parsing attributes in process `syz.2.3198'.
[  840.436201][ T5914] usb 5-1: new high-speed USB device number 119 using dummy_hcd
[  840.786415][ T5919] usb 4-1: new full-speed USB device number 101 using dummy_hcd
[  841.111143][ T5914] usb 5-1: New USB device found, idVendor=0bed, idProduct=1100, bcdDevice=ec.c3
[  841.126185][ T5914] usb 5-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  841.139999][ T5914] usb 5-1: config 0 descriptor??
[  841.165859][ T5914] cp210x 5-1:0.0: cp210x converter detected
[  841.236487][ T5919] usb 4-1: device descriptor read/64, error -71
[  841.367071][ T5914] cp210x 5-1:0.0: failed to get vendor val 0x370b size 1: -71
[  841.374561][ T5914] cp210x 5-1:0.0: querying part number failed
[  841.385153][ T5914] usb 5-1: cp210x converter now attached to ttyUSB0
[  841.395388][ T5914] usb 5-1: USB disconnect, device number 119
[  841.404753][ T5914] cp210x ttyUSB0: cp210x converter now disconnected from ttyUSB0
[  841.413579][ T5914] cp210x 5-1:0.0: device disconnected
[  841.476503][ T5919] usb 4-1: new full-speed USB device number 102 using dummy_hcd
[  841.606233][ T5919] usb 4-1: device descriptor read/64, error -71
[  841.718504][ T5919] usb usb4-port1: attempt power cycle
[  841.936720][ T5899] usb 3-1: new high-speed USB device number 81 using dummy_hcd
[  841.960097][T17457] openvswitch: netlink: Message has 16 unknown bytes.
[  842.056926][ T5919] usb 4-1: new full-speed USB device number 103 using dummy_hcd
[  842.095443][ T5919] usb 4-1: device descriptor read/8, error -71
[  842.111765][ T5899] usb 3-1: config 27 interface 0 altsetting 0 endpoint 0x8B has an invalid bInterval 0, changing to 7
[  842.136500][ T5899] usb 3-1: config 27 interface 0 altsetting 0 endpoint 0xB has invalid maxpacket 58398, setting to 1024
[  842.156785][ T5899] usb 3-1: config 27 interface 0 altsetting 0 bulk endpoint 0xB has invalid maxpacket 1024
[  842.172757][ T5899] usb 3-1: New USB device found, idVendor=0582, idProduct=0014, bcdDevice=bb.9d
[  842.183472][T17468] netlink: 84 bytes leftover after parsing attributes in process `syz.1.3208'.
[  842.193140][ T5899] usb 3-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  842.208803][T17453] raw-gadget.0 gadget.2: fail, usb_ep_enable returned -22
[  842.222963][ T5899] usb 3-1: Quirk or no altset; falling back to MIDI 1.0
[  842.336405][ T5919] usb 4-1: new full-speed USB device number 104 using dummy_hcd
[  842.377091][ T5919] usb 4-1: device descriptor read/8, error -71
[  842.439784][ T5890] usb 3-1: USB disconnect, device number 81
[  842.487485][ T5919] usb usb4-port1: unable to enumerate USB device
[  843.145744][T17480] binder: 17474:17480 ioctl 4018620d 0 returned -22
[  844.549438][T17508] FAULT_INJECTION: forcing a failure.
[  844.549438][T17508] name failslab, interval 1, probability 0, space 0, times 0
[  844.590768][T17508] CPU: 1 UID: 0 PID: 17508 Comm: syz.4.3218 Tainted: G             L      syzkaller #0 PREEMPT(full) 
[  844.590796][T17508] Tainted: [L]=SOFTLOCKUP
[  844.590803][T17508] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/24/2026
[  844.590812][T17508] Call Trace:
[  844.590820][T17508]  <TASK>
[  844.590828][T17508]  dump_stack_lvl+0xe8/0x150
[  844.590853][T17508]  should_fail_ex+0x412/0x560
[  844.590877][T17508]  should_failslab+0xa8/0x100
[  844.590898][T17508]  kmem_cache_alloc_noprof+0x87/0x6e0
[  844.590920][T17508]  ? do_user_addr_fault+0xc7c/0x1360
[  844.590943][T17508]  ? getname_kernel+0x5a/0x2f0
[  844.590965][T17508]  getname_kernel+0x5a/0x2f0
[  844.590985][T17508]  kern_path+0x1d/0x50
[  844.591003][T17508]  autofs_dev_ioctl_ismountpoint+0x490/0x800
[  844.591027][T17508]  ? __pfx_autofs_dev_ioctl_ismountpoint+0x10/0x10
[  844.591045][T17508]  ? __fget_files+0x2a/0x420
[  844.591065][T17508]  ? __fget_files+0x2a/0x420
[  844.591083][T17508]  ? __fget_files+0x2a/0x420
[  844.591101][T17508]  ? __pfx_autofs_dev_ioctl_ismountpoint+0x10/0x10
[  844.591121][T17508]  autofs_dev_ioctl+0x4c8/0xad0
[  844.591152][T17508]  ? __pfx_autofs_dev_ioctl+0x10/0x10
[  844.591177][T17508]  ? __fget_files+0x2a/0x420
[  844.591198][T17508]  ? bpf_lsm_file_ioctl_compat+0x9/0x20
[  844.591220][T17508]  __ia32_compat_sys_ioctl+0x5ea/0x950
[  844.591247][T17508]  ? __pfx___ia32_compat_sys_ioctl+0x10/0x10
[  844.591272][T17508]  ? __fget_files+0x3a0/0x420
[  844.591295][T17508]  ? fput+0xa0/0xd0
[  844.591315][T17508]  ? ksys_write+0x242/0x270
[  844.591340][T17508]  ? __pfx_ksys_write+0x10/0x10
[  844.591369][T17508]  __do_fast_syscall_32+0x1d2/0x540
[  844.591388][T17508]  ? lockdep_hardirqs_on+0x7a/0x110
[  844.591405][T17508]  ? do_fast_syscall_32+0x33/0x70
[  844.591422][T17508]  ? asm_int80_emulation+0x1a/0x20
[  844.591438][T17508]  ? do_int80_emulation+0x20e/0x400
[  844.591461][T17508]  do_fast_syscall_32+0x33/0x70
[  844.591487][T17508]  entry_SYSENTER_compat_after_hwframe+0x84/0x8e
[  844.591507][T17508] RIP: 0023:0xf7f51539
[  844.591523][T17508] Code: 03 74 b4 01 10 07 03 74 b0 01 10 08 03 74 d8 01 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 51 52 55 89 e5 0f 34 cd 80 <5d> 5a 59 c3 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90
[  844.591538][T17508] RSP: 002b:00000000f541650c EFLAGS: 00000206 ORIG_RAX: 0000000000000036
[  844.591557][T17508] RAX: ffffffffffffffda RBX: 0000000000000003 RCX: 00000000c018937e
[  844.591570][T17508] RDX: 0000000080000200 RSI: 0000000000000000 RDI: 0000000000000000
[  844.591581][T17508] RBP: 0000000000000000 R08: 0000000000000000 R09: 0000000000000000
[  844.591592][T17508] R10: 0000000000000000 R11: 0000000000000206 R12: 0000000000000000
[  844.591603][T17508] R13: 0000000000000000 R14: 0000000000000000 R15: 0000000000000000
[  844.591629][T17508]  </TASK>
[  845.545715][T17533] netlink: 28 bytes leftover after parsing attributes in process `syz.4.3225'.
[  845.557231][ T5919] usb 3-1: new high-speed USB device number 82 using dummy_hcd
[  845.627176][T17533] netlink: 28 bytes leftover after parsing attributes in process `syz.4.3225'.
[  845.716765][T17533] netlink: 40 bytes leftover after parsing attributes in process `syz.4.3225'.
[  845.746325][ T5919] usb 3-1: Using ep0 maxpacket: 16
[  845.753446][ T5919] usb 3-1: config 0 has an invalid interface number: 132 but max is 0
[  845.763276][ T5919] usb 3-1: config 0 has no interface number 0
[  845.774575][ T5919] usb 3-1: New USB device found, idVendor=05ac, idProduct=0291, bcdDevice=43.25
[  845.783950][ T5919] usb 3-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  845.798566][ T5919] usb 3-1: Product: syz
[  845.805390][ T5919] usb 3-1: Manufacturer: syz
[  845.810601][ T5919] usb 3-1: SerialNumber: syz
[  845.825943][ T5919] usb 3-1: config 0 descriptor??
[  845.839627][ T5919] hub 3-1:0.132: bad descriptor, ignoring hub
[  845.852317][ T5919] hub 3-1:0.132: probe with driver hub failed with error -5
[  845.870970][ T5919] input: bcm5974 as /devices/platform/dummy_hcd.2/usb3/3-1/3-1:0.132/input/input129
[  845.951259][    C0] vcan0: j1939_tp_rxtimer: 0xffff88807e906400: rx timeout, send abort
[  846.046726][T17526] loop5: detected capacity change from 0 to 7
[  846.053442][T17526] Dev loop5: unable to read RDB block 7
[  846.061533][T17526]  loop5: AHDI p1 p2 p3
[  846.065707][T17526] loop5: partition table partially beyond EOD, truncated
[  846.076433][T17526] loop5: p1 size 100663304 extends beyond EOD, truncated
[  846.090826][T17526] loop5: p2 start 1702059890 is beyond EOD, truncated
[  846.191810][T17526] netlink: 4 bytes leftover after parsing attributes in process `syz.2.3224'.
[  846.376575][   T40] usb 3-1: USB disconnect, device number 82
[  846.451354][    C0] vcan0: j1939_tp_rxtimer: 0xffff88807e906000: rx timeout, send abort
[  846.461377][    C0] vcan0: j1939_tp_rxtimer: 0xffff88807e906400: abort rx timeout. Force session deactivation
[  846.613623][T17548] netlink: 'syz.3.3230': attribute type 1 has an invalid length.
[  846.715099][T17550] netlink: 16 bytes leftover after parsing attributes in process `syz.4.3228'.
[  846.896296][   T40] usb 4-1: new high-speed USB device number 105 using dummy_hcd
[  846.959611][    C0] vcan0: j1939_tp_rxtimer: 0xffff88807e906000: abort rx timeout. Force session deactivation
[  847.046281][   T40] usb 4-1: device descriptor read/64, error -71
[  847.746333][   T40] usb 4-1: new high-speed USB device number 106 using dummy_hcd
[  847.906255][   T40] usb 4-1: device descriptor read/64, error -71
[  848.016567][   T40] usb usb4-port1: attempt power cycle
[  848.166485][ T5914] usb 5-1: new high-speed USB device number 120 using dummy_hcd
[  848.265970][T17572] netlink: 12 bytes leftover after parsing attributes in process `syz.2.3235'.
[  848.376801][ T5914] usb 5-1: Using ep0 maxpacket: 8
[  848.394001][ T5914] usb 5-1: config 1 has 1 interface, different from the descriptor's value: 7
[  848.408572][   T40] usb 4-1: new high-speed USB device number 107 using dummy_hcd
[  848.409332][ T5914] usb 5-1: New USB device found, idVendor=082d, idProduct=0100, bcdDevice=70.4b
[  848.427115][ T5914] usb 5-1: New USB device strings: Mfr=44, Product=2, SerialNumber=3
[  848.487265][   T40] usb 4-1: device descriptor read/8, error -71
[  848.527271][ T5914] usb 5-1: Product: syz
[  848.532988][ T5914] usb 5-1: Manufacturer: syz
[  848.540960][ T5914] usb 5-1: SerialNumber: syz
[  848.736210][   T40] usb 4-1: new high-speed USB device number 108 using dummy_hcd
[  848.756282][ T5822] usb 2-1: new high-speed USB device number 26 using dummy_hcd
[  848.765740][   T40] usb 4-1: device descriptor read/8, error -71
[  848.776765][ T5914] usb 5-1: Invalid connection information received from device
[  848.876464][   T40] usb usb4-port1: unable to enumerate USB device
[  848.916211][ T5822] usb 2-1: Using ep0 maxpacket: 8
[  848.922854][ T5822] usb 2-1: config index 0 descriptor too short (expected 301, got 45)
[  848.945652][ T5822] usb 2-1: config 16 interface 0 altsetting 0 endpoint 0x5 has invalid wMaxPacketSize 0
[  848.955849][ T5822] usb 2-1: config 16 interface 0 altsetting 0 bulk endpoint 0x5 has invalid maxpacket 0
[  848.965839][ T5822] usb 2-1: config 16 interface 0 altsetting 0 bulk endpoint 0x8B has invalid maxpacket 32
[  848.976023][ T5822] usb 2-1: config 16 interface 0 altsetting 0 has 2 endpoint descriptors, different from the interface descriptor's value: 3
[  848.993693][ T5822] usb 2-1: New USB device found, idVendor=ee8d, idProduct=db1e, bcdDevice=61.23
[  849.004358][ T5822] usb 2-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  849.223280][ T5822] usb 2-1: GET_CAPABILITIES returned 0
[  849.229416][ T5822] usbtmc 2-1:16.0: can't read capabilities
[  849.894307][T17589] bridge_slave_0: left allmulticast mode
[  849.900205][T17589] bridge_slave_0: left promiscuous mode
[  849.906261][T17589] bridge0: port 1(bridge_slave_0) entered disabled state
[  850.002562][T17589] bridge_slave_1: left allmulticast mode
[  850.008708][T17589] bridge_slave_1: left promiscuous mode
[  850.015346][T17589] bridge0: port 2(bridge_slave_1) entered disabled state
[  850.046013][T17589] bond0: (slave bond_slave_0): Releasing backup interface
[  850.077361][T17589] bond0: (slave bond_slave_1): Releasing backup interface
[  850.119087][T17589] team0: Port device team_slave_0 removed
[  850.143299][T17589] team0: Port device team_slave_1 removed
[  850.153826][T17589] batman_adv: batadv0: Interface deactivated: batadv_slave_0
[  850.161999][T17589] batman_adv: batadv0: Removing interface: batadv_slave_0
[  850.228594][T17589] batman_adv: batadv0: Interface deactivated: batadv_slave_1
[  850.236538][T17589] batman_adv: batadv0: Removing interface: batadv_slave_1
[  850.252908][T17589] A link change request failed with some changes committed already. Interface hsr_slave_0 may have been left with an inconsistent configuration, please check.
[  850.903513][ T5890] usb 5-1: USB disconnect, device number 120
[  850.936308][ T5822] usb 3-1: new high-speed USB device number 83 using dummy_hcd
[  851.206223][ T5822] usb 3-1: Using ep0 maxpacket: 8
[  851.223430][ T5822] usb 3-1: config 0 has an invalid interface number: 1 but max is 0
[  851.233451][ T5822] usb 3-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config
[  851.254339][ T5822] usb 3-1: config 0 has no interface number 0
[  851.265606][ T5822] usb 3-1: config 0 interface 1 altsetting 0 has 0 endpoint descriptors, different from the interface descriptor's value: 2
[  851.282190][ T5822] usb 3-1: New USB device found, idVendor=0421, idProduct=008f, bcdDevice=ba.de
[  851.293363][ T5822] usb 3-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  851.322369][ T5822] usb 3-1: config 0 descriptor??
[  851.380052][ T5822] usb 3-1: bad CDC descriptors
[  851.399409][ T5822] cdc_acm 3-1:0.1: Zero length descriptor references
[  851.407434][ T5822] cdc_acm 3-1:0.1: probe with driver cdc_acm failed with error -22
[  851.429302][ T5822] usb 2-1: USB disconnect, device number 26
[  851.659921][ T5890] usb 5-1: new full-speed USB device number 121 using dummy_hcd
[  851.673542][T17611] netlink: 24 bytes leftover after parsing attributes in process `syz.1.3249'.
[  851.714780][T17611] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium
[  851.818594][ T5890] usb 5-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid maxpacket 1023, setting to 64
[  851.830385][ T5890] usb 5-1: New USB device found, idVendor=04f3, idProduct=0755, bcdDevice= 0.00
[  851.843701][ T5890] usb 5-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  851.869441][ T5890] usb 5-1: config 0 descriptor??
[  851.887576][T17607] raw-gadget.2 gadget.4: fail, usb_ep_enable returned -22
[  852.308610][ T5890] elan 0003:04F3:0755.003F: item fetching failed at offset 3/5
[  852.325744][ T5890] elan 0003:04F3:0755.003F: Hid Parse failed
[  852.352714][ T5890] elan 0003:04F3:0755.003F: probe with driver elan failed with error -22
[  852.517583][ T5890] usb 5-1: USB disconnect, device number 121
[  852.771729][T17615] netlink: 4 bytes leftover after parsing attributes in process `syz.3.3251'.
[  853.137311][ T5890] usb 4-1: new high-speed USB device number 109 using dummy_hcd
[  853.262339][  T797] usb 3-1: USB disconnect, device number 83
[  853.296418][ T5890] usb 4-1: Using ep0 maxpacket: 8
[  853.313659][ T5890] usb 4-1: config 0 has 0 interfaces, different from the descriptor's value: 1
[  853.340139][ T5890] usb 4-1: New USB device found, idVendor=0fe9, idProduct=db01, bcdDevice=e9.9b
[  853.358677][ T5890] usb 4-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  853.381285][ T5890] usb 4-1: Product: syz
[  853.385491][ T5890] usb 4-1: Manufacturer: syz
[  853.844308][ T5890] usb 4-1: SerialNumber: syz
[  853.874457][ T5890] usb 4-1: config 0 descriptor??
[  854.096542][ T5890] usb 4-1: USB disconnect, device number 109
[  855.476367][ T5914] usb 4-1: new high-speed USB device number 110 using dummy_hcd
[  855.518078][T17658] netlink: 24 bytes leftover after parsing attributes in process `syz.1.3264'.
[  855.611541][T17658] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium
[  855.846325][ T5914] usb 4-1: Using ep0 maxpacket: 16
[  855.896041][ T5914] usb 4-1: config 0 has an invalid interface number: 132 but max is 0
[  855.906382][ T5914] usb 4-1: config 0 has no interface number 0
[  856.011887][ T5914] usb 4-1: New USB device found, idVendor=05ac, idProduct=0291, bcdDevice=43.25
[  856.023384][ T5914] usb 4-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  856.032368][ T5914] usb 4-1: Product: syz
[  856.048487][ T5914] usb 4-1: Manufacturer: syz
[  856.060010][ T5914] usb 4-1: SerialNumber: syz
[  856.076781][ T5914] usb 4-1: config 0 descriptor??
[  856.100824][ T5914] hub 4-1:0.132: bad descriptor, ignoring hub
[  856.110953][ T5914] hub 4-1:0.132: probe with driver hub failed with error -5
[  856.133235][ T5914] input: bcm5974 as /devices/platform/dummy_hcd.3/usb4/4-1/4-1:0.132/input/input130
[  856.312129][T17646] loop5: detected capacity change from 0 to 7
[  856.339186][T17061] Dev loop5: unable to read RDB block 7
[  856.356383][T17061]  loop5: AHDI p1 p2 p3
[  856.383018][T17061] loop5: partition table partially beyond EOD, truncated
[  856.414530][T17061] loop5: p1 size 100663304 extends beyond EOD, truncated
[  856.446931][T17061] loop5: p2 start 1702059890 is beyond EOD, truncated
[  856.493518][T17646] Dev loop5: unable to read RDB block 7
[  856.554438][T17646]  loop5: AHDI p1 p2 p3
[  856.585424][T17646] loop5: partition table partially beyond EOD, truncated
[  856.668828][T17672] netlink: 4 bytes leftover after parsing attributes in process `syz.3.3260'.
[  856.710982][T17646] loop5: p1 size 100663304 extends beyond EOD, truncated
[  856.755994][T17646] loop5: p2 start 1702059890 is beyond EOD, truncated
[  857.014638][T17235] udevd[17235]: inotify_add_watch(7, /dev/loop5p1, 10) failed: No such file or directory
[  857.262178][T17235] udevd[17235]: inotify_add_watch(7, /dev/loop5p1, 10) failed: No such file or directory
[  858.827891][T17713] netlink: 4 bytes leftover after parsing attributes in process `syz.4.3277'.
[  859.205082][T17715] 8021q: adding VLAN 0 to HW filter on device macvlan2
[  859.338518][T17721] netlink: 24 bytes leftover after parsing attributes in process `syz.4.3279'.
[  859.416451][T15345] usb 3-1: new high-speed USB device number 84 using dummy_hcd
[  859.475131][T17725] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium
[  859.593262][T15345] usb 3-1: too many endpoints for config 0 interface 0 altsetting 0: 253, using maximum allowed: 30
[  859.606749][T15345] usb 3-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7
[  859.620406][T15345] usb 3-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0
[  859.637760][T15345] usb 3-1: config 0 interface 0 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 253
[  859.659553][T15345] usb 3-1: New USB device found, idVendor=05ac, idProduct=8243, bcdDevice=8b.40
[  859.671010][T15345] usb 3-1: New USB device strings: Mfr=11, Product=0, SerialNumber=0
[  859.683714][T15345] usb 3-1: Manufacturer: syz
[  859.697531][T15345] usb 3-1: config 0 descriptor??
[  859.786330][   T40] usb 2-1: new high-speed USB device number 27 using dummy_hcd
[  859.956170][   T40] usb 2-1: Using ep0 maxpacket: 16
[  859.968773][   T40] usb 2-1: config 0 has an invalid interface number: 132 but max is 0
[  859.977761][   T40] usb 2-1: config 0 has no interface number 0
[  859.986612][   T40] usb 2-1: New USB device found, idVendor=05ac, idProduct=0291, bcdDevice=43.25
[  860.025267][   T40] usb 2-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  860.033589][   T40] usb 2-1: Product: syz
[  860.038053][   T40] usb 2-1: Manufacturer: syz
[  860.046290][   T40] usb 2-1: SerialNumber: syz
[  860.063103][   T40] usb 2-1: config 0 descriptor??
[  860.078393][   T40] hub 2-1:0.132: bad descriptor, ignoring hub
[  860.088014][   T40] hub 2-1:0.132: probe with driver hub failed with error -5
[  860.111445][   T40] input: bcm5974 as /devices/platform/dummy_hcd.1/usb2/2-1/2-1:0.132/input/input131
[  860.133581][T17718] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy
[  860.144063][T17718] misc raw-gadget: fail, usb_gadget_register_driver returned -16
[  860.295542][T17727] syzkaller1: entered promiscuous mode
[  860.326296][T17727] syzkaller1: entered allmulticast mode
[  860.338830][T17727] loop5: detected capacity change from 0 to 7
[  860.356829][T17727] Dev loop5: unable to read RDB block 7
[  860.362454][T17727]  loop5: AHDI p1 p2 p3
[  860.415557][T17727] loop5: partition table partially beyond EOD, truncated
[  860.429771][T15345] appleir 0003:05AC:8243.0040: unknown main item tag 0x0
[  860.479590][T15345] appleir 0003:05AC:8243.0040: hiddev0,hidraw0: USB HID v0.00 Device [syz] on usb-dummy_hcd.2-1/input0
[  860.497704][T17727] loop5: p1 size 100663304 extends beyond EOD, truncated
[  860.542119][T17727] loop5: p2 start 1702059890 is beyond EOD, truncated
[  860.713359][ T5825] Bluetooth: hci1: unexpected cc 0x0c03 length: 249 > 1
[  860.729034][ T5825] Bluetooth: hci1: unexpected cc 0x1003 length: 249 > 9
[  860.737417][ T5825] Bluetooth: hci1: unexpected cc 0x1001 length: 249 > 9
[  860.745632][ T5825] Bluetooth: hci1: unexpected cc 0x0c23 length: 249 > 4
[  860.753132][ T5822] usb 4-1: USB disconnect, device number 110
[  860.763622][ T5825] Bluetooth: hci1: unexpected cc 0x0c38 length: 249 > 2
[  860.886479][  T797] usb 3-1: USB disconnect, device number 84
[  861.529389][T17748] bridge_slave_0: left allmulticast mode
[  861.535348][T17748] bridge_slave_0: left promiscuous mode
[  861.542613][T17748] bridge0: port 1(bridge_slave_0) entered disabled state
[  861.574782][T17748] bridge_slave_1: left allmulticast mode
[  861.599452][T17748] bridge_slave_1: left promiscuous mode
[  861.625086][T17753] netlink: 24 bytes leftover after parsing attributes in process `syz.3.3294'.
[  861.680673][T17755] FAULT_INJECTION: forcing a failure.
[  861.680673][T17755] name failslab, interval 1, probability 0, space 0, times 0
[  861.695404][T17755] CPU: 0 UID: 0 PID: 17755 Comm: syz.2.3287 Tainted: G             L      syzkaller #0 PREEMPT(full) 
[  861.695423][T17755] Tainted: [L]=SOFTLOCKUP
[  861.695427][T17755] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/24/2026
[  861.695434][T17755] Call Trace:
[  861.695438][T17755]  <TASK>
[  861.695444][T17755]  dump_stack_lvl+0xe8/0x150
[  861.695461][T17755]  should_fail_ex+0x412/0x560
[  861.695477][T17755]  should_failslab+0xa8/0x100
[  861.695490][T17755]  __kmalloc_cache_noprof+0x83/0x6e0
[  861.695501][T17755]  ? sctp_add_bind_addr+0x8c/0x370
[  861.695518][T17755]  sctp_add_bind_addr+0x8c/0x370
[  861.695530][T17755]  sctp_copy_local_addr_list+0x314/0x4f0
[  861.695542][T17755]  ? sctp_copy_local_addr_list+0xa4/0x4f0
[  861.695553][T17755]  ? __pfx_sctp_copy_local_addr_list+0x10/0x10
[  861.695565][T17755]  ? sctp_v4_is_any+0x35/0x60
[  861.695575][T17755]  ? sctp_copy_one_addr+0x93/0x360
[  861.695586][T17755]  sctp_bind_addr_copy+0xb3/0x3c0
[  861.695597][T17755]  ? sctp_assoc_set_bind_addr_from_ep+0xa5/0x1a0
[  861.695613][T17755]  sctp_connect_new_asoc+0x2ff/0x6b0
[  861.695627][T17755]  ? __pfx_sctp_connect_new_asoc+0x10/0x10
[  861.695643][T17755]  ? __local_bh_enable_ip+0xd0/0x130
[  861.695651][T17755]  ? bpf_lsm_sctp_bind_connect+0x9/0x20
[  861.695663][T17755]  ? security_sctp_bind_connect+0x7e/0x2c0
[  861.695675][T17755]  sctp_sendmsg+0x1528/0x2c10
[  861.695694][T17755]  ? __pfx_sctp_sendmsg+0x10/0x10
[  861.695706][T17755]  ? aa_sk_perm+0x15a/0x960
[  861.695718][T17755]  ? aa_sk_perm+0x82d/0x960
[  861.695729][T17755]  ? __might_fault+0xaf/0x130
[  861.695746][T17755]  ? __pfx_aa_sk_perm+0x10/0x10
[  861.695758][T17755]  ? sock_rps_record_flow+0x19/0x400
[  861.695774][T17755]  ? inet_sendmsg+0x2f4/0x370
[  861.695789][T17755]  ____sys_sendmsg+0x894/0xad0
[  861.695807][T17755]  ? __pfx_____sys_sendmsg+0x10/0x10
[  861.695827][T17755]  ___sys_sendmsg+0x2a5/0x360
[  861.695840][T17755]  ? __lock_acquire+0x6b5/0x2cf0
[  861.695855][T17755]  ? __pfx____sys_sendmsg+0x10/0x10
[  861.695869][T17755]  ? kstrtoull+0x12f/0x1d0
[  861.695896][T17755]  ? __fget_files+0x2a/0x420
[  861.695907][T17755]  ? __fget_files+0x3a0/0x420
[  861.695922][T17755]  __sys_sendmmsg+0x2e7/0x4e0
[  861.695938][T17755]  ? __pfx___sys_sendmmsg+0x10/0x10
[  861.695956][T17755]  ? __pfx___mutex_unlock_slowpath+0x10/0x10
[  861.695975][T17755]  ? ksys_write+0x242/0x270
[  861.695991][T17755]  ? __pfx_ksys_write+0x10/0x10
[  861.696007][T17755]  __ia32_compat_sys_sendmmsg+0xa2/0xc0
[  861.696021][T17755]  __do_fast_syscall_32+0x1d2/0x540
[  861.696033][T17755]  ? lockdep_hardirqs_on+0x7a/0x110
[  861.696042][T17755]  ? do_fast_syscall_32+0x33/0x70
[  861.696052][T17755]  ? asm_int80_emulation+0x1a/0x20
[  861.696061][T17755]  ? do_int80_emulation+0x20e/0x400
[  861.696081][T17755]  do_fast_syscall_32+0x33/0x70
[  861.696098][T17755]  entry_SYSENTER_compat_after_hwframe+0x84/0x8e
[  861.696117][T17755] RIP: 0023:0xf7f21539
[  861.696131][T17755] Code: 03 74 b4 01 10 07 03 74 b0 01 10 08 03 74 d8 01 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 51 52 55 89 e5 0f 34 cd 80 <5d> 5a 59 c3 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90
[  861.696145][T17755] RSP: 002b:00000000f53e650c EFLAGS: 00000206 ORIG_RAX: 0000000000000159
[  861.696164][T17755] RAX: ffffffffffffffda RBX: 0000000000000004 RCX: 0000000080000b00
[  861.696174][T17755] RDX: 0000000000000002 RSI: 0000000000000000 RDI: 0000000000000000
[  861.696180][T17755] RBP: 0000000000000000 R08: 0000000000000000 R09: 0000000000000000
[  861.696185][T17755] R10: 0000000000000000 R11: 0000000000000206 R12: 0000000000000000
[  861.696191][T17755] R13: 0000000000000000 R14: 0000000000000000 R15: 0000000000000000
[  861.696206][T17755]  </TASK>
[  862.136629][T17748] bridge0: port 2(bridge_slave_1) entered disabled state
[  862.480448][T17753] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium
[  862.569959][T17748] bond0: (slave bond_slave_0): Releasing backup interface
[  862.661813][T17748] bond0: (slave bond_slave_1): Releasing backup interface
[  862.722143][T17748] team0: Port device team_slave_0 removed
[  862.745180][T17748] team0: Port device team_slave_1 removed
[  862.754560][T17748] batman_adv: batadv0: Interface deactivated: batadv_slave_0
[  862.767583][T17748] batman_adv: batadv0: Removing interface: batadv_slave_0
[  862.780977][T17748] batman_adv: batadv0: Interface deactivated: batadv_slave_1
[  862.791073][T17748] batman_adv: batadv0: Removing interface: batadv_slave_1
[  862.804207][T17748] A link change request failed with some changes committed already. Interface hsr_slave_0 may have been left with an inconsistent configuration, please check.
[  862.847396][T17737] chnl_net:caif_netlink_parms(): no params data found
[  862.957145][ T5825] Bluetooth: hci1: command tx timeout
[  863.491895][T17737] bridge0: port 1(bridge_slave_0) entered blocking state
[  863.521844][T17737] bridge0: port 1(bridge_slave_0) entered disabled state
[  863.543765][T17737] bridge_slave_0: entered allmulticast mode
[  863.564756][T17737] bridge_slave_0: entered promiscuous mode
[  863.780003][T17737] bridge0: port 2(bridge_slave_1) entered blocking state
[  863.834496][T17777] netlink: 12 bytes leftover after parsing attributes in process `syz.2.3300'.
[  863.855607][T17777] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium
[  863.886034][T17737] bridge0: port 2(bridge_slave_1) entered disabled state
[  863.895787][T17737] bridge_slave_1: entered allmulticast mode
[  864.306483][T17737] bridge_slave_1: entered promiscuous mode
[  864.427629][T17737] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link
[  864.466373][T17737] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link
[  864.764263][T11460] bridge_slave_1: left allmulticast mode
[  864.805116][T11460] bridge_slave_1: left promiscuous mode
[  864.813510][T11460] bridge0: port 2(bridge_slave_1) entered disabled state
[  864.827631][T11460] bridge_slave_0: left allmulticast mode
[  864.833390][T11460] bridge_slave_0: left promiscuous mode
[  864.864663][T11460] bridge0: port 1(bridge_slave_0) entered disabled state
[  865.038592][ T5825] Bluetooth: hci1: command tx timeout
[  865.314635][T11460] bond2 (unregistering): (slave vti0): Releasing backup interface
[  865.344156][T11460] vti0 (unregistering): left promiscuous mode
[  865.357962][  T797] usb 2-1: USB disconnect, device number 27
[  865.554196][T11460] bond4 (unregistering): (slave gretap1): Releasing active interface
[  865.566196][ T5914] usb 5-1: new high-speed USB device number 122 using dummy_hcd
[  865.727001][ T5914] usb 5-1: Using ep0 maxpacket: 16
[  865.745442][ T5914] usb 5-1: config 0 has an invalid interface number: 132 but max is 0
[  865.761435][ T5914] usb 5-1: config 0 has no interface number 0
[  865.780867][ T5914] usb 5-1: New USB device found, idVendor=05ac, idProduct=0291, bcdDevice=43.25
[  865.800221][ T5914] usb 5-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  865.834242][ T5914] usb 5-1: Product: syz
[  865.851005][ T5914] usb 5-1: Manufacturer: syz
[  865.876291][ T5914] usb 5-1: SerialNumber: syz
[  865.912539][ T5914] usb 5-1: config 0 descriptor??
[  865.943060][ T5914] hub 5-1:0.132: bad descriptor, ignoring hub
[  865.952121][ T5914] hub 5-1:0.132: probe with driver hub failed with error -5
[  865.961809][ T5914] input: bcm5974 as /devices/platform/dummy_hcd.4/usb5/5-1/5-1:0.132/input/input132
[  866.083600][T11460] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface
[  866.109705][T11460] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface
[  866.123582][T11460] bond0 (unregistering): Released all slaves
[  866.141106][T11460] bond1 (unregistering): Released all slaves
[  866.175686][T17799] netlink: 'syz.1.3298': attribute type 21 has an invalid length.
[  866.194954][T17799] netlink: 128 bytes leftover after parsing attributes in process `syz.1.3298'.
[  866.769668][T17804] loop5: detected capacity change from 0 to 7
[  866.789565][T17804] Dev loop5: unable to read RDB block 7
[  866.795169][T17804]  loop5: AHDI p1 p2 p3
[  866.810933][T17804] loop5: partition table partially beyond EOD, truncated
[  866.831737][T17804] loop5: p1 size 100663304 extends beyond EOD, truncated
[  866.841470][T17804] loop5: p2 start 1702059890 is beyond EOD, truncated
[  866.932830][T17804] netlink: 4 bytes leftover after parsing attributes in process `syz.4.3296'.
[  867.126394][ T5825] Bluetooth: hci1: command tx timeout
[  867.163302][T11460] bond2 (unregistering): Released all slaves
[  867.305977][T11460] bond3 (unregistering): Released all slaves
[  867.417823][T11460] bond4 (unregistering): Released all slaves
[  867.445245][T17803] syzkaller1: entered promiscuous mode
[  867.451143][T17803] syzkaller1: entered allmulticast mode
[  867.466789][T17799] netlink: 'syz.1.3298': attribute type 4 has an invalid length.
[  867.475044][T17799] netlink: 'syz.1.3298': attribute type 5 has an invalid length.
[  867.485701][T17799] netlink: 3 bytes leftover after parsing attributes in process `syz.1.3298'.
[  867.550906][T17737] team0: Port device team_slave_0 added
[  867.592732][T11460] tipc: Disabling bearer <udp:syz0>
[  867.598592][T11460] tipc: Left network mode
[  867.657954][T17737] team0: Port device team_slave_1 added
[  867.699657][T17737] batman_adv: batadv0: Adding interface: batadv_slave_0
[  867.706920][T17737] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1532 would solve the problem.
[  867.735035][T17737] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active
[  867.767008][T17737] batman_adv: batadv0: Adding interface: batadv_slave_1
[  867.775033][T17737] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1532 would solve the problem.
[  867.801894][T17737] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active
[  867.802562][T15347] usb 5-1: USB disconnect, device number 122
[  867.856199][ T5919] usb 2-1: new high-speed USB device number 28 using dummy_hcd
[  867.976635][T17737] hsr_slave_0: entered promiscuous mode
[  867.983570][T17737] hsr_slave_1: entered promiscuous mode
[  868.018071][ T5919] usb 2-1: Using ep0 maxpacket: 8
[  868.040878][ T5919] usb 2-1: New USB device found, idVendor=0fe9, idProduct=db01, bcdDevice=e9.9b
[  868.057150][ T5919] usb 2-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  868.087113][ T5919] usb 2-1: Product: syz
[  868.091312][ T5919] usb 2-1: Manufacturer: syz
[  868.095902][ T5919] usb 2-1: SerialNumber: syz
[  868.143908][ T5919] usb 2-1: config 0 descriptor??
[  868.183256][ T5919] dvb-usb: found a 'DViCO FusionHDTV DVB-T USB (LGZ201)' in warm state.
[  868.214801][ T5919] dvb-usb: bulk message failed: -22 (2/0)
[  868.228844][ T5919] dvb-usb: will pass the complete MPEG2 transport stream to the software demuxer.
[  868.243015][ T5919] dvbdev: DVB: registering new adapter (DViCO FusionHDTV DVB-T USB (LGZ201))
[  868.255933][ T5919] usb 2-1: media controller created
[  868.351712][ T5919] dvbdev: dvb_create_media_entity: media entity 'dvb-demux' registered.
[  868.419955][ T5919] cxusb: set interface failed
[  868.424785][ T5919] dvb-usb: bulk message failed: -22 (1/0)
[  868.472007][ T5919] DVB: Unable to find symbol mt352_attach()
[  868.499634][T17836] netlink: 20 bytes leftover after parsing attributes in process `syz.3.3302'.
[  868.509194][ T5919] dvb-usb: no frontend was attached by 'DViCO FusionHDTV DVB-T USB (LGZ201)'
[  868.613525][ T5919] rc_core: IR keymap rc-dvico-portable not found
[  868.660875][ T5919] Registered IR keymap rc-empty
[  868.681976][ T5919] rc rc0: DViCO FusionHDTV DVB-T USB (LGZ201) as /devices/platform/dummy_hcd.1/usb2/2-1/rc/rc0
[  868.704734][ T5919] input: DViCO FusionHDTV DVB-T USB (LGZ201) as /devices/platform/dummy_hcd.1/usb2/2-1/rc/rc0/input133
[  868.736442][ T5914] usb 5-1: new high-speed USB device number 123 using dummy_hcd
[  868.778787][ T5919] dvb-usb: schedule remote query interval to 100 msecs.
[  868.786714][ T5919] dvb-usb: DViCO FusionHDTV DVB-T USB (LGZ201) successfully initialized and connected.
[  868.818430][ T5919] usb 2-1: USB disconnect, device number 28
[  868.860294][T17842] netlink: 8 bytes leftover after parsing attributes in process `syz.3.3302'.
[  868.870194][T17842] bridge_slave_1: entered promiscuous mode
[  868.912963][ T5919] dvb-usb: DViCO FusionHDTV DVB-T USB (LGZ201) successfully deinitialized and disconnected.
[  868.923176][ T5914] usb 5-1: Using ep0 maxpacket: 32
[  868.944665][ T5914] usb 5-1: config 9 has an invalid interface number: 95 but max is 0
[  868.966427][   T40] usb 4-1: new high-speed USB device number 111 using dummy_hcd
[  868.985232][ T5914] usb 5-1: config 9 has no interface number 0
[  868.998554][ T5914] usb 5-1: config 9 interface 95 altsetting 82 endpoint 0x9 has invalid maxpacket 2039, setting to 64
[  869.034221][T17844] bond0: (slave syz_tun): Releasing backup interface
[  869.041217][ T5914] usb 5-1: config 9 interface 95 altsetting 82 endpoint 0xA has invalid maxpacket 1024, setting to 64
[  869.064872][ T5914] usb 5-1: config 9 interface 95 has no altsetting 0
[  869.075056][ T5914] usb 5-1: New USB device found, idVendor=0763, idProduct=1041, bcdDevice=da.59
[  869.084511][ T5914] usb 5-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  869.097974][T17844] syz_tun: left allmulticast mode
[  869.103435][ T5914] usb 5-1: Product: syz
[  869.107926][ T5914] usb 5-1: Manufacturer: syz
[  869.112511][ T5914] usb 5-1: SerialNumber: syz
[  869.152124][   T40] usb 4-1: Using ep0 maxpacket: 8
[  869.173172][   T40] usb 4-1: config 168 descriptor has 1 excess byte, ignoring
[  869.187872][   T40] usb 4-1: too many endpoints for config 168 interface 0 altsetting 188: 100, using maximum allowed: 30
[  869.197875][T17844] bond0: left allmulticast mode
[  869.199214][ T5825] Bluetooth: hci1: command tx timeout
[  869.210063][T17844] bond_slave_0: left allmulticast mode
[  869.218329][   T40] usb 4-1: config 168 interface 0 altsetting 188 endpoint 0x3 has an invalid bInterval 255, changing to 11
[  869.222958][T17844] bond_slave_1: left allmulticast mode
[  869.242125][T17849] loop9: detected capacity change from 0 to 7
[  869.248808][   T40] usb 4-1: config 168 interface 0 altsetting 188 has an endpoint descriptor with address 0xFF, changing to 0x8F
[  869.261324][   T40] usb 4-1: config 168 interface 0 altsetting 188 endpoint 0x8F has an invalid bInterval 0, changing to 7
[  869.261528][T17849] Dev loop9: unable to read RDB block 7
[  869.273077][   T40] usb 4-1: config 168 interface 0 altsetting 188 endpoint 0x8F has invalid maxpacket 59391, setting to 1024
[  869.293063][   T40] usb 4-1: config 168 interface 0 altsetting 188 has 2 endpoint descriptors, different from the interface descriptor's value: 100
[  869.306926][T17844] bridge0: port 3(bond0) entered disabled state
[  869.316590][   T40] usb 4-1: config 168 interface 0 has no altsetting 0
[  869.317315][T17850] netlink: 'syz.1.3306': attribute type 15 has an invalid length.
[  869.331917][T17849]  loop9: unable to read partition table
[  869.349169][T17844] bridge_slave_0: left allmulticast mode
[  869.355048][T17844] bridge_slave_0: left promiscuous mode
[  869.361006][T17844] bridge0: port 1(bridge_slave_0) entered disabled state
[  869.376020][   T40] usb 4-1: config 168 descriptor has 1 excess byte, ignoring
[  869.384394][   T40] usb 4-1: too many endpoints for config 168 interface 0 altsetting 188: 100, using maximum allowed: 30
[  869.400018][T17849] loop9: partition table beyond EOD, truncated
[  869.409661][T17849] loop_reread_partitions: partition scan of loop9 (þ被xü—ŸÑà– ) failed (rc=-5)
[  869.419111][   T40] usb 4-1: config 168 interface 0 altsetting 188 endpoint 0x3 has an invalid bInterval 255, changing to 11
[  869.442254][T17850] netlink: 24 bytes leftover after parsing attributes in process `syz.1.3306'.
[  869.443453][T17844] bridge_slave_1: left allmulticast mode
[  869.459440][   T40] usb 4-1: config 168 interface 0 altsetting 188 has an endpoint descriptor with address 0xFF, changing to 0x8F
[  869.469253][ T5914] usb 5-1: Quirk or no altset; falling back to MIDI 1.0
[  869.472972][   T40] usb 4-1: config 168 interface 0 altsetting 188 endpoint 0x8F has an invalid bInterval 0, changing to 7
[  869.502351][T17844] bridge_slave_1: left promiscuous mode
[  869.508506][T17844] bridge0: port 2(bridge_slave_1) entered disabled state
[  869.528517][   T40] usb 4-1: config 168 interface 0 altsetting 188 endpoint 0x8F has invalid maxpacket 59391, setting to 1024
[  869.578588][ T5914] usb 5-1: USB disconnect, device number 123
[  869.597489][T17844] bond0: (slave bond_slave_0): Releasing backup interface
[  869.619786][   T40] usb 4-1: config 168 interface 0 altsetting 188 has 2 endpoint descriptors, different from the interface descriptor's value: 100
[  869.635384][T17844] bond_slave_0: left promiscuous mode
[  869.648941][   T40] usb 4-1: config 168 interface 0 has no altsetting 0
[  869.657414][   T40] usb 4-1: config 168 descriptor has 1 excess byte, ignoring
[  869.664909][   T40] usb 4-1: too many endpoints for config 168 interface 0 altsetting 188: 100, using maximum allowed: 30
[  869.681181][   T40] usb 4-1: config 168 interface 0 altsetting 188 endpoint 0x3 has an invalid bInterval 255, changing to 11
[  869.698859][T17254] udevd[17254]: error opening ATTR{/sys/devices/platform/dummy_hcd.4/usb5/5-1/5-1:9.95/sound/card3/controlC3/../uevent} for writing: No such file or directory
[  869.715602][   T40] usb 4-1: config 168 interface 0 altsetting 188 has an endpoint descriptor with address 0xFF, changing to 0x8F
[  869.731368][T17844] bond0: (slave bond_slave_1): Releasing backup interface
[  869.738793][   T40] usb 4-1: config 168 interface 0 altsetting 188 endpoint 0x8F has an invalid bInterval 0, changing to 7
[  869.738825][   T40] usb 4-1: config 168 interface 0 altsetting 188 endpoint 0x8F has invalid maxpacket 59391, setting to 1024
[  869.738854][   T40] usb 4-1: config 168 interface 0 altsetting 188 has 2 endpoint descriptors, different from the interface descriptor's value: 100
[  869.738881][   T40] usb 4-1: config 168 interface 0 has no altsetting 0
[  869.741848][   T40] usb 4-1: string descriptor 0 read error: -22
[  869.792529][T17844] bond_slave_1: left promiscuous mode
[  869.807351][   T40] usb 4-1: New USB device found, idVendor=0a07, idProduct=0064, bcdDevice=40.6e
[  869.824171][T17844] team0: Port device team_slave_0 removed
[  869.846307][T17844] team0: Port device team_slave_1 removed
[  869.855270][T17844] batman_adv: batadv0: Interface deactivated: batadv_slave_0
[  869.863475][T17844] batman_adv: batadv0: Removing interface: batadv_slave_0
[  869.875577][T17844] batman_adv: batadv0: Interface deactivated: batadv_slave_1
[  869.883884][T17844] batman_adv: batadv0: Removing interface: batadv_slave_1
[  869.895672][T17844] A link change request failed with some changes committed already. Interface hsr_slave_0 may have been left with an inconsistent configuration, please check.
[  870.024195][   T40] usb 4-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  870.083868][ T1300] ieee802154 phy0 wpan0: encryption failed: -22
[  870.084855][   T40] adutux 4-1:168.0: ADU100  now attached to /dev/usb/adutux0
[  870.090544][ T1300] ieee802154 phy1 wpan1: encryption failed: -22
[  870.617314][T17861] netlink: 12 bytes leftover after parsing attributes in process `syz.1.3308'.
[  870.929992][T17861] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium
[  871.148823][T17737] netdevsim netdevsim0 netdevsim0: renamed from eth0
[  871.280611][T17737] netdevsim netdevsim0 netdevsim1: renamed from eth1
[  871.345860][T17737] netdevsim netdevsim0 netdevsim2: renamed from eth2
[  871.419167][T17737] netdevsim netdevsim0 netdevsim3: renamed from eth3
[  872.339017][   T40] usb 4-1: USB disconnect, device number 111
[  872.433955][T17737] 8021q: adding VLAN 0 to HW filter on device bond0
[  872.753257][T17889] hub 1-0:1.0: USB hub found
[  872.761203][T17889] hub 1-0:1.0: 1 port detected
[  873.203951][T17737] 8021q: adding VLAN 0 to HW filter on device team0
[  873.224382][T11458] bridge0: port 1(bridge_slave_0) entered blocking state
[  873.231613][T11458] bridge0: port 1(bridge_slave_0) entered forwarding state
[  873.277552][ T5919] usb 2-1: new high-speed USB device number 29 using dummy_hcd
[  873.309697][T11455] bridge0: port 2(bridge_slave_1) entered blocking state
[  873.316821][T11455] bridge0: port 2(bridge_slave_1) entered forwarding state
[  873.441611][ T5919] usb 2-1: Using ep0 maxpacket: 16
[  873.468386][ T5919] usb 2-1: config 0 has an invalid interface number: 132 but max is 0
[  873.499008][ T5919] usb 2-1: config 0 has no interface number 0
[  873.507949][ T5919] usb 2-1: New USB device found, idVendor=05ac, idProduct=0291, bcdDevice=43.25
[  873.536155][ T5919] usb 2-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  873.557293][ T5919] usb 2-1: Product: syz
[  873.562813][ T5919] usb 2-1: Manufacturer: syz
[  873.570934][ T5919] usb 2-1: SerialNumber: syz
[  873.579082][ T5919] usb 2-1: config 0 descriptor??
[  873.587103][ T5919] hub 2-1:0.132: bad descriptor, ignoring hub
[  873.593273][ T5919] hub 2-1:0.132: probe with driver hub failed with error -5
[  873.613553][ T5919] input: bcm5974 as /devices/platform/dummy_hcd.1/usb2/2-1/2-1:0.132/input/input134
[  873.624806][T11460] dummy0: left promiscuous mode
[  873.666188][   T40] usb 3-1: new high-speed USB device number 85 using dummy_hcd
[  873.688833][T11460] hsr_slave_0: left promiscuous mode
[  873.706145][T11460] hsr_slave_1: left promiscuous mode
[  873.712390][T11460] batman_adv: batadv0: Removing interface: batadv_slave_0
[  873.732385][T11460] batman_adv: batadv0: Removing interface: batadv_slave_1
[  873.826840][   T40] usb 3-1: Using ep0 maxpacket: 8
[  873.860339][   T40] usb 3-1: New USB device found, idVendor=0fe9, idProduct=db01, bcdDevice=e9.9b
[  873.875194][   T40] usb 3-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  873.912413][T17913] loop5: detected capacity change from 0 to 7
[  873.916173][   T40] usb 3-1: Product: syz
[  873.928065][T17913] Dev loop5: unable to read RDB block 7
[  873.928509][   T40] usb 3-1: Manufacturer: syz
[  873.964464][T17913]  loop5: AHDI p1 p2 p3
[  873.966164][   T40] usb 3-1: SerialNumber: syz
[  873.987224][   T40] usb 3-1: config 0 descriptor??
[  874.015055][   T40] dvb-usb: found a 'DViCO FusionHDTV DVB-T USB (LGZ201)' in warm state.
[  874.015062][T17913] loop5: partition table partially beyond EOD, truncated
[  874.015239][T17913] loop5: p1 size 100663304 extends beyond EOD, 
[  874.046342][   T40] dvb-usb: bulk message failed: -22 (2/0)
[  874.077858][T17913] truncated
[  874.114361][T17913] loop5: p2 start 1702059890 is beyond EOD, truncated
[  874.125047][   T40] dvb-usb: will pass the complete MPEG2 transport stream to the software demuxer.
[  874.162540][   T40] dvbdev: DVB: registering new adapter (DViCO FusionHDTV DVB-T USB (LGZ201))
[  874.212997][   T40] usb 3-1: media controller created
[  874.271606][   T40] dvbdev: dvb_create_media_entity: media entity 'dvb-demux' registered.
[  874.294908][T17914] netlink: 4 bytes leftover after parsing attributes in process `syz.1.3313'.
[  874.368503][   T40] cxusb: set interface failed
[  874.379711][   T40] dvb-usb: bulk message failed: -22 (1/0)
[  874.455565][   T40] DVB: Unable to find symbol mt352_attach()
[  874.462836][   T40] dvb-usb: no frontend was attached by 'DViCO FusionHDTV DVB-T USB (LGZ201)'
[  874.586919][   T40] rc_core: IR keymap rc-dvico-portable not found
[  874.601812][   T40] Registered IR keymap rc-empty
[  874.621899][   T40] rc rc0: DViCO FusionHDTV DVB-T USB (LGZ201) as /devices/platform/dummy_hcd.2/usb3/3-1/rc/rc0
[  874.643602][   T40] input: DViCO FusionHDTV DVB-T USB (LGZ201) as /devices/platform/dummy_hcd.2/usb3/3-1/rc/rc0/input135
[  874.680077][   T40] dvb-usb: schedule remote query interval to 100 msecs.
[  874.689339][   T40] dvb-usb: DViCO FusionHDTV DVB-T USB (LGZ201) successfully initialized and connected.
[  874.764284][   T40] usb 3-1: USB disconnect, device number 85
[  874.883353][   T40] dvb-usb: DViCO FusionHDTV DVB-T USB (LGZ201) successfully deinitialized and disconnected.
[  875.586490][T11460] team0 (unregistering): Port device team_slave_1 removed
[  875.729661][T11460] team0 (unregistering): Port device team_slave_0 removed
[  877.087118][T17912] syzkaller1: entered promiscuous mode
[  877.093263][T17912] syzkaller1: entered allmulticast mode
[  877.133440][T17923] 8021q: adding VLAN 0 to HW filter on device macvlan2
[  877.672214][T17737] 8021q: adding VLAN 0 to HW filter on device batadv0
[  877.739416][T17955] loop6: detected capacity change from 0 to 2640
[  877.746713][   T40] usb 2-1: USB disconnect, device number 29
[  877.814887][T17960] I/O error, dev loop6, sector 0 op 0x1:(WRITE) flags 0xc800 phys_seg 128 prio class 2
[  877.828139][T17737] veth0_vlan: entered promiscuous mode
[  877.859844][T17737] veth1_vlan: entered promiscuous mode
[  877.893041][T17960] I/O error, dev loop6, sector 0 op 0x1:(WRITE) flags 0xc800 phys_seg 128 prio class 2
[  877.910277][T17955] buffer_io_error: 6203 callbacks suppressed
[  877.910296][T17955] Buffer I/O error on dev loop6, logical block 0, async page read
[  877.971161][T17737] veth0_macvtap: entered promiscuous mode
[  877.993372][T17737] veth1_macvtap: entered promiscuous mode
[  878.009808][T17955] Buffer I/O error on dev loop6, logical block 0, async page read
[  878.110855][T17955] Buffer I/O error on dev loop6, logical block 0, async page read
[  878.113563][T17737] batman_adv: batadv0: Interface activated: batadv_slave_0
[  878.161163][T17955] Buffer I/O error on dev loop6, logical block 0, async page read
[  878.204124][T17737] batman_adv: batadv0: Interface activated: batadv_slave_1
[  878.231427][T17955] Buffer I/O error on dev loop6, logical block 0, async page read
[  878.260952][T17955] Buffer I/O error on dev loop6, logical block 0, async page read
[  878.267319][T11455] netdevsim netdevsim0 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0
[  878.301561][ T5919] usb 4-1: new high-speed USB device number 112 using dummy_hcd
[  878.314661][T11455] netdevsim netdevsim0 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0
[  878.324049][T17955] Buffer I/O error on dev loop6, logical block 0, async page read
[  878.374933][ T3495] netdevsim netdevsim0 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0
[  878.404409][T17955] Buffer I/O error on dev loop6, logical block 0, async page read
[  878.413094][ T3495] netdevsim netdevsim0 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0
[  878.448901][T17955] ldm_validate_partition_table(): Disk read failed.
[  878.505445][ T5919] usb 4-1: Using ep0 maxpacket: 8
[  878.518495][T17955] Buffer I/O error on dev loop6, logical block 0, async page read
[  878.539683][ T5919] usb 4-1: New USB device found, idVendor=0fe9, idProduct=db01, bcdDevice=e9.9b
[  878.551542][T17955] Buffer I/O error on dev loop6, logical block 0, async page read
[  878.565377][ T5919] usb 4-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  878.590296][ T5919] usb 4-1: Product: syz
[  878.594784][T17955] Dev loop6: unable to read RDB block 0
[  878.605880][ T5919] usb 4-1: Manufacturer: syz
[  878.620844][T11460] IPVS: stop unused estimator thread 0...
[  878.621759][ T5919] usb 4-1: SerialNumber: syz
[  878.636045][T17955]  loop6: unable to read partition table
[  878.644966][T17955] loop_reread_partitions: partition scan of loop6 (3Ÿ¾‚³˜) failed (rc=-5)
[  878.659922][T17980] ==================================================================
[  878.668001][T17980] BUG: KASAN: vmalloc-out-of-bounds in tpg_fill_plane_buffer+0x1b9b/0x5ec0
[  878.676596][T17980] Write of size 1280 at addr ffffc900046d7b40 by task vivid-000-vid-c/17980
[  878.685273][T17980] 
[  878.687611][T17980] CPU: 0 UID: 0 PID: 17980 Comm: vivid-000-vid-c Tainted: G             L      syzkaller #0 PREEMPT(full) 
[  878.687638][T17980] Tainted: [L]=SOFTLOCKUP
[  878.687645][T17980] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/24/2026
[  878.687656][T17980] Call Trace:
[  878.687664][T17980]  <TASK>
[  878.687671][T17980]  dump_stack_lvl+0xe8/0x150
[  878.687695][T17980]  print_report+0xba/0x230
[  878.687711][T17980]  ? tpg_fill_plane_buffer+0x1b9b/0x5ec0
[  878.687730][T17980]  kasan_report+0x117/0x150
[  878.687749][T17980]  ? tpg_fill_plane_buffer+0x1b9b/0x5ec0
[  878.687767][T17980]  kasan_check_range+0x264/0x2c0
[  878.687785][T17980]  ? tpg_fill_plane_buffer+0x1b9b/0x5ec0
[  878.687804][T17980]  __asan_memcpy+0x40/0x70
[  878.687826][T17980]  tpg_fill_plane_buffer+0x1b9b/0x5ec0
[  878.687875][T17980]  vivid_thread_vid_cap_tick+0x1035/0x6040
[  878.687921][T17980]  ? __pfx_vivid_thread_vid_cap_tick+0x10/0x10
[  878.687946][T17980]  ? vivid_thread_vid_cap+0x491/0x1190
[  878.687976][T17980]  vivid_thread_vid_cap+0x909/0x1190
[  878.688009][T17980]  ? __pfx_vivid_thread_vid_cap+0x10/0x10
[  878.688034][T17980]  ? _raw_spin_unlock_irqrestore+0x30/0x80
[  878.688060][T17980]  ? __kthread_parkme+0x7a/0x1f0
[  878.688077][T17980]  ? __kthread_parkme+0x19c/0x1f0
[  878.688096][T17980]  kthread+0x726/0x8b0
[  878.688115][T17980]  ? __pfx_vivid_thread_vid_cap+0x10/0x10
[  878.688136][T17980]  ? __pfx_kthread+0x10/0x10
[  878.688154][T17980]  ? _raw_spin_unlock_irq+0x23/0x50
[  878.688193][T17980]  ? __pfx_kthread+0x10/0x10
[  878.688211][T17980]  ret_from_fork+0x51b/0xa40
[  878.688236][T17980]  ? __pfx_ret_from_fork+0x10/0x10
[  878.688256][T17980]  ? __switch_to+0xc82/0x1410
[  878.688278][T17980]  ? __pfx_kthread+0x10/0x10
[  878.688296][T17980]  ret_from_fork_asm+0x1a/0x30
[  878.688324][T17980]  </TASK>
[  878.688331][T17980] 
[  878.862162][T17980] The buggy address belongs to a 3-page vmalloc region starting at 0xffffc900046d5000 allocated at vb2_vmalloc_alloc+0xef/0x360
[  878.875361][T17980] The buggy address belongs to the physical page:
[  878.881770][T17980] page: refcount:1 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x7b97d
[  878.890512][T17980] flags: 0xfff00000000000(node=0|zone=1|lastcpupid=0x7ff)
[  878.897703][T17980] raw: 00fff00000000000 0000000000000000 dead000000000122 0000000000000000
[  878.906268][T17980] raw: 0000000000000000 0000000000000000 00000001ffffffff 0000000000000000
[  878.914835][T17980] page dumped because: kasan: bad access detected
[  878.921235][T17980] page_owner tracks the page as allocated
[  878.926936][T17980] page last allocated via order 0, migratetype Unmovable, gfp_mask 0x2dc2(GFP_KERNEL|__GFP_HIGHMEM|__GFP_ZERO|__GFP_NOWARN), pid 17979, tgid 17978 (syz.2.3330), ts 878657904785, free_ts 878657853380
[  878.946299][T17980]  post_alloc_hook+0x228/0x280
[  878.951058][T17980]  get_page_from_freelist+0x24dc/0x2580
[  878.956592][T17980]  __alloc_frozen_pages_noprof+0x18d/0x380
[  878.962398][T17980]  alloc_pages_bulk_noprof+0x558/0x700
[  878.967837][T17980]  alloc_pages_bulk_mempolicy_noprof+0x34e/0x1680
[  878.974235][T17980]  __vmalloc_node_range_noprof+0xa32/0x1730
[  878.980108][T17980]  vmalloc_user_noprof+0xad/0xe0
[  878.985033][T17980]  vb2_vmalloc_alloc+0xef/0x360
[  878.989869][T17980]  __vb2_queue_alloc+0x9c2/0x15a0
[  878.994875][T17980]  vb2_core_reqbufs+0xc1f/0x1410
[  878.999792][T17980]  __vb2_init_fileio+0x318/0xff0
[  879.004718][T17980]  __vb2_perform_fileio+0x282/0x1610
[  879.010071][T17980]  vb2_fop_read+0x273/0x360
[  879.014553][T17980]  v4l2_read+0x19c/0x2c0
[  879.018777][T17980]  vfs_read+0x20c/0xa70
[  879.022922][T17980]  ksys_pread64+0x126/0x1c0
[  879.027414][T17980] page last free pid 17979 tgid 17978 stack trace:
[  879.033900][T17980]  __free_frozen_pages+0xbf8/0xd70
[  879.038997][T17980]  __kasan_populate_vmalloc+0x1b2/0x1d0
[  879.044537][T17980]  alloc_vmap_area+0xdbc/0x14a0
[  879.049465][T17980]  __get_vm_area_node+0x1f8/0x300
[  879.054482][T17980]  __vmalloc_node_range_noprof+0x372/0x1730
[  879.060355][T17980]  vmalloc_user_noprof+0xad/0xe0
[  879.065272][T17980]  vb2_vmalloc_alloc+0xef/0x360
[  879.070104][T17980]  __vb2_queue_alloc+0x9c2/0x15a0
[  879.075118][T17980]  vb2_core_reqbufs+0xc1f/0x1410
[  879.080041][T17980]  __vb2_init_fileio+0x318/0xff0
[  879.084958][T17980]  __vb2_perform_fileio+0x282/0x1610
[  879.090225][T17980]  vb2_fop_read+0x273/0x360
[  879.094709][T17980]  v4l2_read+0x19c/0x2c0
[  879.098932][T17980]  vfs_read+0x20c/0xa70
[  879.103074][T17980]  ksys_pread64+0x126/0x1c0
[  879.107563][T17980]  __do_fast_syscall_32+0x1d2/0x540
[  879.112746][T17980] 
[  879.115051][T17980] Memory state around the buggy address:
[  879.120665][T17980]  ffffc900046d7f00: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
[  879.128707][T17980]  ffffc900046d7f80: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
[  879.136755][T17980] >ffffc900046d8000: f8 f8 f8 f8 f8 f8 f8 f8 f8 f8 f8 f8 f8 f8 f8 f8
[  879.144799][T17980]                    ^
[  879.148854][T17980]  ffffc900046d8080: f8 f8 f8 f8 f8 f8 f8 f8 f8 f8 f8 f8 f8 f8 f8 f8
[  879.156908][T17980]  ffffc900046d8100: f8 f8 f8 f8 f8 f8 f8 f8 f8 f8 f8 f8 f8 f8 f8 f8
[  879.164961][T17980] ==================================================================
[  879.217069][ T5919] usb 4-1: config 0 descriptor??
[  879.279025][T17981] openvswitch: netlink: Flow actions may not be safe on all matching packets.
[  879.290590][ T5919] dvb-usb: found a 'DViCO FusionHDTV DVB-T USB (LGZ201)' in warm state.
[  879.308334][ T5919] dvb-usb: bulk message failed: -22 (2/0)
SYZFAIL: failed to recv rpc
fd=3 want=4 recv=0 n=0 (errno 9: Bad file descriptor)
[  879.329742][ T5919] dvb-usb: will pass the complete MPEG2 transport stream to the software demuxer.
[  879.340780][ T5919] dvbdev: DVB: registering new adapter (DViCO FusionHDTV DVB-T USB (LGZ201))
[  879.350054][ T5919] usb 4-1: media controller created
[  879.375848][ T5919] dvbdev: dvb_create_media_entity: media entity 'dvb-demux' registered.
[  879.379043][   T50] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[  879.406357][   T50] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50
[  879.437140][T10708] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[  879.444989][T10708] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50
[  879.859157][T17980] Kernel panic - not syncing: KASAN: panic_on_warn set ...
[  879.866397][T17980] CPU: 0 UID: 0 PID: 17980 Comm: vivid-000-vid-c Tainted: G             L      syzkaller #0 PREEMPT(full) 
[  879.877769][T17980] Tainted: [L]=SOFTLOCKUP
[  879.882095][T17980] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/24/2026
[  879.892162][T17980] Call Trace:
[  879.895440][T17980]  <TASK>
[  879.898368][T17980]  vpanic+0x1e0/0x670
[  879.902365][T17980]  panic+0xc5/0xd0
[  879.906094][T17980]  ? __pfx_panic+0x10/0x10
[  879.910517][T17980]  ? preempt_schedule_thunk+0x16/0x30
[  879.915903][T17980]  ? preempt_schedule_thunk+0x16/0x30
[  879.921286][T17980]  ? tpg_fill_plane_buffer+0x1b9b/0x5ec0
[  879.926932][T17980]  check_panic_on_warn+0x89/0xb0
[  879.931883][T17980]  ? tpg_fill_plane_buffer+0x1b9b/0x5ec0
[  879.937524][T17980]  end_report+0x6f/0x140
[  879.941775][T17980]  kasan_report+0x128/0x150
[  879.946285][T17980]  ? tpg_fill_plane_buffer+0x1b9b/0x5ec0
[  879.951935][T17980]  kasan_check_range+0x264/0x2c0
[  879.956879][T17980]  ? tpg_fill_plane_buffer+0x1b9b/0x5ec0
[  879.962517][T17980]  __asan_memcpy+0x40/0x70
[  879.966938][T17980]  tpg_fill_plane_buffer+0x1b9b/0x5ec0
[  879.972436][T17980]  vivid_thread_vid_cap_tick+0x1035/0x6040
[  879.978269][T17980]  ? __pfx_vivid_thread_vid_cap_tick+0x10/0x10
[  879.984420][T17980]  ? vivid_thread_vid_cap+0x491/0x1190
[  879.989882][T17980]  vivid_thread_vid_cap+0x909/0x1190
[  879.995172][T17980]  ? __pfx_vivid_thread_vid_cap+0x10/0x10
[  880.000885][T17980]  ? _raw_spin_unlock_irqrestore+0x30/0x80
[  880.006686][T17980]  ? __kthread_parkme+0x7a/0x1f0
[  880.011655][T17980]  ? __kthread_parkme+0x19c/0x1f0
[  880.016672][T17980]  kthread+0x726/0x8b0
[  880.020731][T17980]  ? __pfx_vivid_thread_vid_cap+0x10/0x10
[  880.026444][T17980]  ? __pfx_kthread+0x10/0x10
[  880.031042][T17980]  ? _raw_spin_unlock_irq+0x23/0x50
[  880.036277][T17980]  ? __pfx_kthread+0x10/0x10
[  880.040857][T17980]  ret_from_fork+0x51b/0xa40
[  880.045439][T17980]  ? __pfx_ret_from_fork+0x10/0x10
[  880.050542][T17980]  ? __switch_to+0xc82/0x1410
[  880.055214][T17980]  ? __pfx_kthread+0x10/0x10
[  880.059792][T17980]  ret_from_fork_asm+0x1a/0x30
[  880.064555][T17980]  </TASK>
[  880.067900][T17980] Kernel Offset: disabled
[  880.072208][T17980] Rebooting in 86400 seconds..