last executing test programs:

7m30.7689076s ago: executing program 3 (id=132):
syz_emit_ethernet(0x4e, &(0x7f0000000040)=ANY=[@ANYBLOB="aaaaaaaaaaaa1780c206050086dd6018232500182c00fe8000000000000000000000000210bbfe8000000000000000000000000000aa080202"], 0x0)

7m30.601801654s ago: executing program 3 (id=133):
r0 = socket$inet_udp(0x2, 0x2, 0x0)
bind$inet(r0, &(0x7f0000000040)={0x2, 0x4e20, @empty}, 0x10)
socket$inet_sctp(0x2, 0x1, 0x84)
syz_emit_ethernet(0x80, &(0x7f0000000100)={@local, @link_local, @void, {@ipv4={0x800, @udp={{0x5, 0x4, 0x0, 0x1, 0x61, 0x0, 0x0, 0x0, 0x11, 0x0, @empty, @empty}, {0x4e24, 0x4e20, 0x4d, 0x0, @wg=@initiation={0x1, 0x1, "65a252e7cb7a5918c004a9971a46afced2c32642b1ec9fe34818d8ccd82041b7", "c930713c550e74ee13c2638ac75b2a9666efd31a34fce4498df8105d8bd8ed283a220c3a9becd8a70d3607ea8270d351", "ae12e16b560f2f8ac4ca3e745ce285f12f6e8719e7f1e7f286a68f76", {"980aa8fb8f80d69f1fb587086447e93e", "55e824bb69e833bd36300b088233545a"}}}}}}}, 0x0)
syz_emit_ethernet(0x2a, &(0x7f0000000080)={@local, @link_local, @void, {@ipv4={0x800, @udp={{0x5, 0x4, 0x0, 0x8, 0x1c, 0x0, 0x0, 0x0, 0x11, 0x0, @empty, @empty}, {0x4e24, 0x4e20, 0x8}}}}}, 0x0)
pselect6(0x40, &(0x7f0000000100)={0x0, 0x0, 0x1, 0x0, 0x800, 0x0, 0x100001, 0x5}, 0x0, &(0x7f0000000240)={0x1f, 0x2, 0xffff, 0x3, 0x4, 0x800000fffffdfe, 0x6a9}, &(0x7f0000000280)={0x0, 0x3938700}, 0x0)

7m30.361604445s ago: executing program 3 (id=134):
r0 = syz_open_dev$video4linux(&(0x7f0000000600), 0x14, 0x40080)
socket$nl_route(0x10, 0x3, 0x0)
r1 = socket$inet_tcp(0x2, 0x1, 0x0)
bind$inet(r1, &(0x7f0000000280)={0x2, 0x4e21, @local}, 0x10)
setsockopt$inet_tcp_TCP_CONGESTION(r1, 0x6, 0xd, &(0x7f0000000040)='htcp', 0x4)
connect$inet(r1, &(0x7f0000000180)={0x2, 0x4e21, @local}, 0x10)
r2 = socket$nl_route(0x10, 0x3, 0x0)
lsetxattr$security_capability(0x0, &(0x7f0000000200), &(0x7f00000006c0)=@v2={0x2000000, [{0x0, 0x9}, {0x5, 0x2}]}, 0x14, 0x0)
fchown(0xffffffffffffffff, 0x0, 0x0)
ioctl$sock_SIOCGIFINDEX(r2, 0x8933, &(0x7f0000000100)={'lo\x00', <r3=>0x0})
sendmsg$nl_route_sched(r2, &(0x7f00000012c0)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000740)=@newqdisc={0x4c, 0x24, 0x4ee4e6a52ff56541, 0x40000, 0x25dfdbfb, {0x0, 0x0, 0x0, r3, {0x0, 0xb}, {0xffff, 0xffff}, {0x3, 0xfff3}}, [@qdisc_kind_options=@q_netem={{0xa}, {0x1c, 0x2, {{0x6, 0x6b7, 0x80, 0x0, 0x1, 0x91b1}}}}]}, 0x4c}, 0x1, 0x0, 0x0, 0x4000400}, 0x24000000)
sendto$inet(r1, &(0x7f0000000900)="2e552f5d9fd8b0d9627c4980f0d1ea2bf8f617a682acd2841acd878bd68344d4f50f83b0c51fa9135a01c95d4a068ec8b12d01010000a44c4505ba9a36f2cf4cc5e8308126d0a2c3b9d24e57c5011376b6263e2a1258eec1eb72bedea3eb5ccf73eb081b4c6d5faa998d7b795c057dd757d14200a8a6dbb3e59df96b77d16753ac4b32b94ffe6b5ee304d0428eb18056657c8c5c71c632be66cb26fe5c9abec7591ef3cb9b2a1133e9fa9bf0de6c378bed7b51cb8a07c343aabfda193349b91a5dc81a658cb61fbbfa51ef95abe03381ee2cb8d41da19ea8b96ec68ce17cf57da60f1d04acaf34a643db8d2d5ad2991f306b42744347a0c9e1fe2136b2b3da49032d3a57df1e236222cf6d6fe396aff8e5fe7fff5baa88789b783c12045e2c904a5d118369fdddc3e6e2f24bdbb26df92ac9bf4751c897a87c0223888e36ad14ba6e4d879ff464cac6f13a3a543e067d922e99c50f2fc6391e9c1c82b7195005eafdbb3374200c134cbd0f11739e8c19dd07140686242fea48caf3a1a93b86f35d77f258a2c9ce24cf321068551a584262d7a74a344e428c77c8af755e72904b0ca8a0bb359fb0", 0xffffff5d, 0x12, 0x0, 0x0)
recvfrom$inet(r1, &(0x7f0000000080), 0xffffffffffffffa9, 0xc9100120, 0x0, 0x1500)
socket$netlink(0x10, 0x3, 0x0)
ioctl$VIDIOC_TRY_EXT_CTRLS(r0, 0xc0205647, 0x0)

7m29.345147131s ago: executing program 3 (id=139):
syz_open_dev$vim2m(&(0x7f00000002c0), 0x2000000f5, 0x2)
r0 = socket$inet_smc(0x2b, 0x1, 0x0)
setsockopt$inet_tcp_TCP_MD5SIG(r0, 0x6, 0x20, &(0x7f0000000080)={@in={{0x2, 0x0, @multicast2}}, 0x3, 0x0, 0x1a, 0x0, "5ec800000000000000fabcaff49c2eeb8c4614c85b196a0c67a7768e058e3008931c08d43101cb8242bc42b8e0662749302c1ffcd1d1190000000000000000000000000000000000000000000200"}, 0xd8)
r1 = socket$nl_generic(0x10, 0x3, 0x10)
syz_genetlink_get_family_id$tipc2(&(0x7f0000000000), 0xffffffffffffffff)
sendmsg$TIPC_NL_NET_SET(r1, &(0x7f0000000480)={0x0, 0x0, &(0x7f0000000440)={&(0x7f0000000300)=ANY=[], 0x30}, 0x1, 0x0, 0x0, 0x24040801}, 0x0)
setsockopt$inet_tcp_TCP_MD5SIG(r0, 0x6, 0xe, &(0x7f00000003c0)={@in={{0x2, 0x4e23, @remote}}, 0x0, 0x0, 0x1b, 0x0, "dc6efbc3b54972ba0604b8e20a587d8607043cff9ba01fb10d4df7171eb926b1343726c9a11cc6437caa2dc891b724181fb42d00e3cefe6630aadee9a73a7095657dfccc791536fe9c5268be2bdd7a74"}, 0xd8)
connect$inet(r0, &(0x7f0000000000)={0x2, 0x4001, @remote}, 0x10)
r2 = syz_mount_image$fuse(0x0, &(0x7f0000000000)='./file0\x00', 0x0, 0x0, 0x0, 0x0, 0x0)
open_tree(0xffffffffffffff9c, &(0x7f0000000640)='\x00', 0x89901)
openat(0xffffffffffffff9c, &(0x7f0000000440)='./file0\x00', 0x103a42, 0x0)
mkdirat(0xffffffffffffff9c, &(0x7f0000000080)='./file1\x00', 0x1c0)
mknodat(r2, &(0x7f00000000c0)='./file1/file2\x00', 0x1, 0x100006)
r3 = openat$dir(0xffffffffffffff9c, &(0x7f0000000100)='.\x00', 0x40400, 0x8)
r4 = socket$can_raw(0x1d, 0x3, 0x1)
setsockopt$CAN_RAW_ERR_FILTER(r4, 0x65, 0x7, &(0x7f00000001c0)=0x8, 0x4)
ioctl$sock_SIOCGIFINDEX(r4, 0x8933, &(0x7f0000000080)={'bond_slave_1\x00', <r5=>0x0})
sendmsg$can_raw(r4, &(0x7f0000000480)={&(0x7f0000000000)={0x1d, r5}, 0x10, &(0x7f00000005c0)={&(0x7f0000000100)=@can={{}, 0x80, 0x3, 0x4, 0x2, "07000000008000"}, 0x10}}, 0x40)
fcntl$notify(r3, 0x402, 0x8000003b)
renameat2(0xffffffffffffff9c, &(0x7f0000000480)='./file1/file2\x00', 0xffffffffffffff9c, &(0x7f00000004c0)='./file0\x00', 0x2)
mount$fuse(0x0, &(0x7f0000000000)='./file0\x00', 0x0, 0x100000, 0x0)
r6 = openat$fuse(0xffffffffffffff9c, &(0x7f0000000180), 0x42, 0x0)
mount$fuse(0x0, &(0x7f00000020c0)='./file0\x00', &(0x7f0000002100), 0x0, &(0x7f00000003c0)=ANY=[@ANYBLOB='fd=', @ANYRESHEX=r6, @ANYBLOB=',rootmode=00000000000000000040000,user_id=', @ANYRESDEC=0x0, @ANYBLOB=',group_id=', @ANYRESDEC=0x0])
r7 = open_tree(0xffffffffffffff9c, &(0x7f0000000040)='.\x00', 0x89901)
move_mount(r7, &(0x7f0000000140)='.\x00', 0xffffffffffffff9c, &(0x7f0000000180)='./file0\x00', 0x10)
chroot(&(0x7f0000000100)='./file0\x00')
r8 = open_tree(0xffffffffffffff9c, &(0x7f0000000640)='\x00', 0x89901)
move_mount(r8, &(0x7f0000000140)='.\x00', 0xffffffffffffff9c, &(0x7f0000000300)='./file0\x00', 0x0)
sendmsg$nl_route(0xffffffffffffffff, &(0x7f0000000040)={0x0, 0x0, 0x0}, 0x0)
mknodat(0xffffffffffffff9c, &(0x7f0000000140)='./file1/file2\x00', 0x1000, 0x0)

7m28.323516957s ago: executing program 3 (id=142):
mmap(&(0x7f0000000000/0xff5000)=nil, 0xff5000, 0x2, 0x4c831, 0xffffffffffffffff, 0x0)
r0 = openat$iommufd(0xffffffffffffff9c, 0x0, 0x0, 0x0)
ioctl$IOMMU_TEST_OP_MD_CHECK_REFS(r0, 0x3ba0, &(0x7f0000000880)={0x48, 0x4, 0x0, 0x0, 0x1000, &(0x7f0000ffc000), 0x1})

7m27.915730718s ago: executing program 3 (id=145):
socket$inet6_sctp(0xa, 0x1, 0x84)
r0 = openat$sysfs(0xffffffffffffff9c, &(0x7f0000000000)='/sys/kernel/rcu_stall_count', 0x80000, 0x93)
ioctl$KVM_SET_SREGS(r0, 0x4138ae84, &(0x7f0000000040)={{0x1, 0x26000, 0xe, 0x10, 0xcb, 0x3, 0x7, 0x10, 0x7, 0xda, 0x1, 0xe}, {0x4000, 0x60000, 0x10, 0xf, 0x0, 0x0, 0x1, 0x8, 0x80, 0x4, 0x4, 0xf3}, {0xd000, 0x26000, 0x10, 0x1, 0x8, 0x2, 0x3, 0x3, 0x6, 0x6, 0x10, 0x7f}, {0x4000, 0x58000, 0xa, 0x7, 0x7c, 0x19, 0xf, 0x5, 0x4, 0x5, 0x10, 0x6}, {0x2, 0x10000, 0x4, 0x7, 0xd, 0xa9, 0x81, 0x9, 0xa, 0x2, 0x3, 0x2}, {0xffff1000, 0xffffffff, 0xe, 0x3, 0x1, 0x1, 0xbd, 0x8, 0x6, 0x81, 0x3, 0x9}, {0x1000, 0xb000, 0x8, 0xac, 0xb, 0x6, 0x6, 0xff, 0x5, 0x81, 0x6, 0x4}, {0x54000, 0x0, 0xf, 0x80, 0x5, 0x9, 0x3, 0x4, 0x9, 0x7, 0xba, 0x6e}, {0x9000, 0x7ff}, {0x58000, 0x1}, 0x50000, 0x0, 0xeeee8000, 0x224500, 0xb, 0x4000, 0x70000, [0x9, 0x8, 0x3, 0x7fffffff]})
ioctl$KVM_SET_XCRS(r0, 0x4188aea7, &(0x7f0000000180)={0xd, 0x4, [{0x0, 0x0, 0x4}, {0x9, 0x0, 0xffffffffffffffff}, {0x6, 0x0, 0x1d9c}, {0x3, 0x0, 0x6}, {0x1, 0x0, 0x8}, {0x3668, 0x0, 0xb76}, {0x3e6, 0x0, 0x3}, {0x100, 0x0, 0xd}, {0x800, 0x0, 0xa5ca}, {0x1, 0x0, 0x9}, {0x4, 0x0, 0x9}, {0x3, 0x0, 0xb}, {0x1}, {0x1, 0x0, 0x40}, {0x1, 0x0, 0x2d3d}, {0x0, 0x0, 0x8001}]})
r1 = syz_kvm_add_vcpu$x86(0x0, &(0x7f00000007c0)={0x0, &(0x7f0000000340)=[@cpuid={0x64, 0x18, {0x10001, 0x5}}, @nested_amd_invlpga={0x17d, 0x20, {0xeab77616fd3f450, 0x9435}}, @nested_amd_clgi={0x17f, 0x10}, @nested_vmresume={0x130, 0x18, 0x3}, @rdmsr={0x66, 0x18, {0xc1}}, @nested_intel_vmwrite_mask={0x154, 0x38, {0x0, @ro64=0x2401, 0x10000, 0x5, 0xd5e}}, @nested_load_code={0x12e, 0x48, {0x1, "66470f388156d7430f225f260f01ca450f01c326660fe1e1b9e60b00000f328f6878c106e00f01d8410f01f8470f01df"}}, @nested_amd_inject_event={0x180, 0x38, {0x2, 0xae, 0x5, 0x2, 0x2}}, @nested_vmlaunch={0x12f, 0x18, 0x1}, @nested_create_vm={0x12d, 0x18, 0x3}, @nested_amd_set_intercept={0x181, 0x30, {0xd, 0x9, 0x2, 0x1}}, @in_dx={0x69, 0x20, {0x2b3e, 0x6}}, @nested_create_vm={0x12d, 0x18}, @code={0xa, 0x53, {"42ad8fc978d1ed42c200402e44ff6af866410fdf17b9800000c00f3235010000000f30c463117ca2008800000067660f73f7006566410f3aceeb00c4a211905c7464"}}, @nested_create_vm={0x12d, 0x18, 0x1}, @wr_crn={0x67, 0x20, {0x2, 0x7}}, @cpuid={0x64, 0x18, {0x5f99, 0x5}}, @nested_amd_set_intercept={0x181, 0x30, {0x3, 0x1, 0x1, 0x1}}, @wrmsr={0x65, 0x20, {0xb41, 0xe9b}}, @nested_load_syzos={0x136, 0xf0, {0x0, 0xfffffffffffffff9, [@nested_vmresume={0x130, 0x18, 0x2}, @nested_create_vm={0x12d, 0x18}, @nested_amd_stgi={0x17e, 0x10}, @wr_drn={0x68, 0x20, {0x5, 0x1}}, @nested_vmlaunch={0x12f, 0x18, 0x1}, @nested_amd_inject_event={0x180, 0x38, {0x0, 0x3e, 0x3, 0xff, 0x2}}, @in_dx={0x69, 0x20, {0xe486, 0x5}}]}}, @nested_amd_stgi={0x17e, 0x10}, @nested_amd_vmcb_write_mask={0x17c, 0x38, {0x2, @control_area=0x25, 0xff, 0x5, 0x2}}, @nested_amd_vmsave={0x183, 0x18, 0x3}, @nested_amd_clgi={0x17f, 0x10}, @uexit={0x0, 0x18, 0x5}, @wr_drn={0x68, 0x20, {0x3, 0x10}}, @wrmsr={0x65, 0x20, {0x413, 0x7ff}}], 0x473})
ioctl$KVM_GET_FPU(r1, 0x81a0ae8c, &(0x7f0000000800))
ioctl$BTRFS_IOC_SET_FEATURES(r1, 0x40309439, &(0x7f00000009c0)={0x1, 0x2, 0x6})
ioctl$TIOCGPTLCK(r0, 0x80045439, &(0x7f0000000a00))
ioctl$KVM_DIRTY_TLB(r0, 0x4010aeaa, &(0x7f0000000a40)={0x3ff, 0xfff})
r2 = getpgrp(0x0)
fcntl$lock(r0, 0x25, &(0x7f0000000a80)={0x2, 0x2, 0x9, 0x6, r2})
r3 = open_tree(r0, &(0x7f0000000ac0)='./file0\x00', 0x8100)
r4 = syz_genetlink_get_family_id$nl80211(&(0x7f0000000b40), r0)
sendmsg$NL80211_CMD_SET_REG(r3, &(0x7f0000000c40)={&(0x7f0000000b00)={0x10, 0x0, 0x0, 0x8000000}, 0xc, &(0x7f0000000c00)={&(0x7f0000000b80)={0x7c, r4, 0x800, 0x70bd2d, 0x25dfdbfe, {}, [@NL80211_ATTR_REG_RULES={0x54, 0x22, 0x0, 0x1, [{0x14, 0x0, 0x0, 0x1, [@NL80211_ATTR_POWER_RULE_MAX_EIRP={0x8, 0x6, 0x7}, @NL80211_ATTR_POWER_RULE_MAX_ANT_GAIN={0x8, 0x5, 0x1}]}, {0x3c, 0x0, 0x0, 0x1, [@NL80211_ATTR_POWER_RULE_MAX_EIRP={0x8, 0x6, 0x8}, @NL80211_ATTR_POWER_RULE_MAX_EIRP={0x8, 0x6, 0x4}, @NL80211_ATTR_POWER_RULE_MAX_EIRP={0x8}, @NL80211_ATTR_POWER_RULE_MAX_EIRP={0x8, 0x6, 0x3ad9}, @NL80211_ATTR_POWER_RULE_MAX_ANT_GAIN={0x8, 0x5, 0x1}, @NL80211_ATTR_DFS_CAC_TIME={0x8, 0x7, 0x6}, @NL80211_ATTR_REG_RULE_FLAGS={0x8, 0x1, 0x1}]}]}, @NL80211_ATTR_USER_REG_HINT_TYPE={0x8, 0x9a, 0x2}, @NL80211_ATTR_SOCKET_OWNER={0x4}, @NL80211_ATTR_USER_REG_HINT_TYPE={0x8, 0x9a, 0x1}]}, 0x7c}, 0x1, 0x0, 0x0, 0x800}, 0x40000)
io_uring_register$IORING_UNREGISTER_PBUF_RING(r0, 0x17, &(0x7f0000000d40)={&(0x7f0000001000)={[{&(0x7f0000000c80)="fa4752a4a6689ddcf50ae5a893be32ee582b56", 0x13}, {&(0x7f0000000cc0)="3ad318318854d97081ff424956df9416ac451ec86b224ddc676dc08ef0de0792aa38e798b2045400a9db7d95c064fdfd152d50f52646c46956eb13b4d016219a4263cbdcffa53c53b5dabce955ad287c279cf87974d6868cf2f6c60b2e51c03e3618919a61d5cee3f1091360732c82bce1", 0x71, 0x3}]}, 0x2, 0x1}, 0x1)
ioctl$sock_FIOGETOWN(r0, 0x8903, &(0x7f0000000d80)=<r5=>0x0)
capset(&(0x7f0000000dc0)={0x19980330, r5}, &(0x7f0000000e00)={0x2, 0x7fff, 0x1, 0x7, 0xfffffffb, 0x8dd})
getsockopt$inet_sctp_SCTP_GET_ASSOC_ID_LIST(r0, 0x84, 0x1d, &(0x7f0000000e40)={0x3, [0x0, <r6=>0x0, 0x0]}, &(0x7f0000000e80)=0x10)
setsockopt$inet_sctp6_SCTP_STREAM_SCHEDULER_VALUE(r0, 0x84, 0x7c, &(0x7f0000000ec0)={r6, 0x2, 0xbb6f}, 0x8)
getsockopt$inet_sctp_SCTP_ASSOCINFO(r0, 0x84, 0x1, &(0x7f0000000f00)={<r7=>0x0, 0x5, 0x5, 0x7, 0x1, 0x4}, &(0x7f0000000f40)=0x14)
getsockopt$inet_sctp6_SCTP_PEER_ADDR_THLDS(r3, 0x84, 0x1f, &(0x7f0000002000)={r7, @in={{0x2, 0x4e20, @private=0xa010102}}, 0x7, 0x9}, &(0x7f00000020c0)=0x90)
r8 = openat$tun(0xffffffffffffff9c, &(0x7f0000002100), 0x800, 0x0)
write$tun(r8, &(0x7f0000002140)={@val={0x0, 0xf5}, @val={0x0, 0x3, 0x4, 0x4, 0x5, 0xfffa}, @x25={0x3, 0x6, 0xf, "de0a748d5ba8bc9097fe6cc2fbf746741890a355ad087160ccf07190435dfa375049ff1247d5625f1bcf384f35f45a7358ee41e0675686d407b9d691803124568834ec945473371602ef68e21a3a6abcfc3087904dcad9f02677a85ac633607295a88d"}}, 0x74)
socket$inet6_tcp(0xa, 0x1, 0x0)
fcntl$getownex(r0, 0x10, &(0x7f00000021c0))
r9 = syz_genetlink_get_family_id$batadv(&(0x7f0000002240), r0)
sendmsg$BATADV_CMD_SET_HARDIF(r3, &(0x7f0000002300)={&(0x7f0000002200)={0x10, 0x0, 0x0, 0x80}, 0xc, &(0x7f00000022c0)={&(0x7f0000002280)={0x1c, r9, 0x0, 0x70bd28, 0x25dfdbfe, {}, [@BATADV_ATTR_VLANID={0x6, 0x28, 0x2}]}, 0x1c}, 0x1, 0x0, 0x0, 0x20000000}, 0x4000)
socket$inet_tcp(0x2, 0x1, 0x0)
r10 = add_key$user(&(0x7f0000002340), &(0x7f0000002380)={'syz', 0x0}, &(0x7f00000023c0)="f07a3c7101ee3bd2d170ac7b1dfe82adb7934606e4a74982b67af78da8899da463d18deccab7442b7ca0790b5a69b3a16c25e6821121931218e1b67c5b80545344c516a7ad5ae5f086765fec4179871e5cee511195437e87b498a97180db413d246ac610cc3705adb4e138e6177d585e15250ceef5d6a2315599708ccbcbe6e988e5871d001d8965929989eae609641c1b4bc6fb6ca89abb3ed5bfed0b734ac168e8d52b7aa474939abb2c230b7c9089312ff0647296848e8877aea4a2683abf4d6881f00bd022c4f84c094d64ecb70a2bfb1e39c76dee5196413d71df6c8e5482f4ceedf64c294cde3dcd70e47db967298c362c362e2444c596c363512f0275fbbd87bde3c6789883a1da96830d208c823fcedfbd635b3beff4dba392884f0958e598608a543964c7fae879dff38b515c623a60588d617b54a479ae2b3be9b2504267d5253b160f0e487ae918ae975e0eb684bb8ba0973eefbd759504cde33efdf5136b6a3af266d409599b5c20eb112136b7e89593b7a91192ebac73722614eead2478b1f0cde9a56e2914e179d3584955d6f8ad447a839de3e389fc2edfc77b361aff4aa19df42e96c301cd72c9d1956fa1acbcfbd599e923f018b860efc79f341e58478cd0ef4b84a73534ef3313af74e02a4bd10382378df4976dab7188114b718adfa2e8edbd6a0e3e55c765be6084af6fe1601d37260b0ea2b64732e3e11f8b68cec00db910620885a24d1166cdb6704e58c79555a061a458f73436f72344d3d324073589a2f38ccf134f93bfa2b75a840c6f4bae0f19ee510d2c86e0a9bcca400eb95af059108b85d2a348bff5b3659d8734a8b4fd454c2a4e3d5687d84b2785aac67268af9b389294877b9bd244fcf713b4bca9e0cc970124f9c44fe2af2282a0d9bf334a8a9e46152714923ad53036994402e6cb5beb859436cc181d60fc8353923401fafccf2402834d3cb5cd48b042c828518dd80844dc0fafee3b5b806ee3c2a8897a2109079510be05edac22142feabd2688bb1173001ad8bbf93691e147d436961bc077dba1d2c88cd4d846dd32795d26c27d5719b1a089cea635af2a1355f4b7f2522e1a1e47d06412d184fdfe534f9631be06aaeddc0c5ece4ea77c1e7a8c8da1aaaf0944ae3f61f2417d9b401359cccadf646b3ba2a415b370a450d036bc29ecdc89d3cfc794b06ce0e8006f33fe1f871c74ddb4d419447d7d714963ffcc2c56d8dccf386fcad8c6a72ae4e90602625c8a3fcb1be390d4806aa5864c4d1884a4c84577f5b04b21b11d0f7b0f025514d8c339ca82ffd964d5a1ab5571af53112f454504332b94dbcea21c8723ead124be6f92d3f2e5c24a32c838b3ea352ffd5be6736464c820d124f34415029a6cba1b66ce7d7abb25acb21124d404fcd46294b1cff2ecd4732211cf2f3e25c258d479fe49740a809943c3efd7917fd06e8cbd867f258c7b711e3e47e26c25e9efdedae26be77a0e0e7098312acb89cf429a1ad9f33b9921efbbd3af79f24d22fdc31b96411db5b53750ac63cb5c3d28011736d81dba33a160049a63df86b1ed6de234fa7f401b02ab75cff849b7c07ced0e818fa1172ac53ae6faeeccca10f9556d8dfa30d3036e66ed1c9a7a4fec1f8fa455e85a521baea3338bdaeeb1f697fb289d931a52a37b90f5dd7b5e1e3569f3ae2564490b6dcbbece183b3f32891a6451577b7093428ab36d26f528c64e965280c0f702265a6e80958f2ec04c67a7df0fc9f3e8985e291703804775e5efc2ceb644baace4a58e4e6082e247be1907e39fbe7f366429b9ec90830d5282d15ac352d149234bf857bd4f110ba0195aa722fb65c5ca5c353b69ac7abeb6c52fce7269ffe4ea00f73813fc1cbb4659b646f5ca552c4cf45672dce8f26490c0c784b818839271e2ef7d420c28f341fed69b4fc3958ef2cf5abc70063a498df3dca5a5603463159e87eb66be4753f5470b0f121fcd883a8ff336240935a26aeb459d86f7183d04748243cf582f9a36ba6346eb5983ba5395f4bfc457a3302bbfe8b2c1e7052767e91a382cfdd5c67ccd5233887bcb9a41fde0870f3c4c8984a3325646ba29334ba8020c627a1451da11cd50f8af0affc31d0aeb4201ff34b40d997f2b83d80e6ade48a94ac92190c384e744d6a77a7d842fe37ef324022d38b96e6d1912e404836a90be94bb339f94766ca27e82c2631c1631bba2ef1849be8b4f89a47de2d8292f24560c8ea0bfd4b8609b888ed0ce6264bc1de5c60e418f4a568aa9897c251f39c9c994eeb821a3b58220583217cc077b6389c105fb0084c0cf45270c4a14b47e4accdbae4e1cb6b3dccb8380439f4a8fac965cfeef711f7f164da92df8c0c3d3b0e3f2f7b8ae94b70d4260a18d5a5ab92ab9947cbcfbf773e3645d2132a174863755c35eba83b6ddad5594f6e2846882ebc5aefbf51f7e3c493f420a0a6db16bc31b6e0a2a1853959c87c4d4b559064e1769f97f158ea0c7305cf54e976452deccad1fcedceee5aba595a8c916f3610d59d99e27457faef8eedaf3fb0bc388f2faa24d0b5f4160c1d3d2be708e5497c5f4432bbab05b66e30cbf223f79c48a7784b250311dd99625322e996e70cb7188583c5a8dd615a4c37a2f51cd487db208f30b7d67a956ffa85239296709b38948f3b55a17fb0ba4740f4673297b3b18ffd320d9d2109c19df68f1408cd21570e9bab479556d04e1e5824f3583652da042c8c09378b935cbd6c60c18fe5945b519458dcbe55c496e5c3cc65be334ff3d4a376cc5bc6ffeface0e3228f2b02470cf43a75bfda84876928352b6c95af723f06e5283f54feb66894b5c5e0f9244fca4a2e824a3ac94039832227fdc11b9ce8992e7c129194b49040d1bb67908ebfa469d9104c2fe07aece5d667cadf17edd7b4686d674eec14c012c7655be954cc068790ade9995e4e49218198de7a4d9fd9ad257be3f0b8b6c3334056e2d3e3ce29463c7b35065d1e630a55eb1727cdaa9b931a3057b1d999a8b0851d7cb4bcdac9586e62f7f95e10f6e166b4c0e6b8d1e1a0687708db7908110168ec8358d985249bb750ff21ccf2769680d6f2365fc45943fc743191541bd42800add0551c8925d5fad87a1ba498021606f959524787f7ee2da7b8407fffef17c94f872b03b7ba0d4f872c1bcf4bec913363f720764a3bb9b1e56aa195efb535e07d3f969a587cf87ca5073666e6a7dd7f58a57d05618ad8795dfdd51414c11db92c30c366b73f84226637e2411bf2c686b3de81a7d71329c61f0bf46b5e55b23f25d5f325900c941f481cc936cfe96406f81602c47b88383e71408b2e879801adced4341ab281404ccd6d3ceac539d9029530692901aae4182958f3f4b7d8cc54d28c865dde80392cfcb4bfacc928866fc4de28ed4bfa637d4f28fc1f5a3e241d4dcda620352125d314221e81d738ed039cd42fa170fd6fc0ba62dcbb2f55a97027bdfeed6849ed19a54192eb9053872d2d8268204d08568dd1530f7baf2d35a8ad79f48aec172343cf2768fab740e38f0be74aec83b4ec1adcb835ed6d327ba53c31288774e5d6f1474c3aefb437ea2938a382609e74f901a430aa931443089eff3e39d856f5e3a537a3c26c09e88d73676f80b73b6aa6508e3d37c1edfce5f915dee0d8b4db4daf75e9807bc4768add9bcb757554a6e1bc5e9d0b7faf549f39f7e14a528eb5a6ba88bc19db681aca399b9fffc0f34bafbc5f5f01e17b161b847a35cf18dd7b83f46459397ed19daf242fb194642592f896944b90d47cdbfffbcbae32f4f3d39b0166e8773a587bbfccfbc81b45f9e246a1c714ead5451a8933e660c7edcab739eaf5c0cffb2e29bb84974f8ba988fb541d61571b3c9450e89499d23f42e9a576c985cab120628083fa698432c66c8c7faa4c9a90610bc8a9c01254b0c0012f6c3d1a0e75285403c352977280ecd0c8e24b22e89056c3ec4897f98dc00b96747fc17bbfd542a53a5a01f84185c1c045238b6d7813b25b21a1dd0a9263387148aa3d8caa0c73be7f2049f036452b046e9d330a178f60310a66f80d3255cde25d1396c38503f2277cd3e7df74e6abed673f04b86dc03e9c75c3f67a5ef6a700877e05f431901de4319ccf630bdda63bf73192f058b487c483dcd50a12d73470b9b230b35d7260bdd0d2e801de62ae8d3c121c51f2070ed26a298e912fd2ddc74a2f140ef3ffb01f1e2d2e744f99d998bedf6333f9b577c3ea8e8e012dad5a39b22850c22103d4551ac0ad72c2cf8b3d5d12b5e281da0b5e96add1c81fb467f7926f93cc6b1c77a9e8cc46a4320621cd70e026afe6b9a48dfd73eb00966fe936bdd2878cb5d430aa4b09661a61be1d13fd0251247b3b747fdad3077becdc61e8f388e2b2d662caf33eb0adb4457ef6fd5d6386e5b28779a62a246c7b18bdca10eb5fd47f450743a81b239fab9fa2f442db5eb7c76e282845201bc326094d4d91c11c76a88ac9da1729e93b65fb163211b6e80c432bf38e1aca3aa29e43d4928189a6b77c80c4890e5f5178907f982bdb627600ddbedd21c55d0adac94c20f16423e69ac86bcd6f19aca3b51e80f0d61976f68e6310e56ac62aa2a754436867451cb333bc6d788705731eae3fa591c2fd2258bcac62f570a045068c5bb5c7b35ed85e899e59cc32871e539999d355be5a4e3426b8b7406192332cb2a76c2fc0e8f75be5e76fd1e7de39821b3a8c4fe8e48acb43eea7f2688192efa34859a497b28ab6881bd59b9e04f3c54c8baeb348ee689dd58d53477e93acfec30275158016598a7d855adaeb7d797ccbdf0c059e83032682cd0f9bcb2ff0a32d2d7bab3968c2acca77acb0cd529f220414abdb1d92b55c79fecc4d150bc8f6f3cdd933878abbe464a64f9fa20d3b142ae8e37ee8f11ebca0df0bf1058365476eaae64d7a78eef93985d1b0f49e9944ea5fbfe80e58a328af0898aa59d4ed931e141537f16d978cfab0033ed9ac62ea15a331f9946e86afb38c60f53d0ae24818c116da028caf630c0a1ec3a351833d085abe5444ef60e4b07b9568aeaca0acf4b96cb11cf88952432aa8675f8fcf51a1024135c88fb85a8fef9cd7a5d25cb79338d7e689ab0ceb9d64e28c47735230626607d4e1f4d530a919f5e0fa34a2d59d5c4016aadb5dfc6a40a9daf1675fe3930518a6d30106702a644f0f58e8e1648d523ee53c4c558ab348913046163956cd8edb88bf266b23d145a32120983596adf0f11db4112ba80f5061973043bc76bb494cc020e4ee32ca173db945dc21979f43a6bd8fc450f32bf5d64fa910a704e30e4dea9055c7a6c097ae09f624aa6c6ae3ad0d89df7519d129c262b183ce28f9193a5749a85593c016b3814993e715885977c47b1e053e2c3450fa038c6c5ae8985932b564f2a030cad74089006c6e06548bbfc878d60bad2c3904724b4055cb85aa42ca83ff07b56410133d7a3266b5e46aa88ae532fc16fd5813ed18e0faf738daaae3abf3b987f06a533c9c89de8c183dcb33ba435ecf02d6386818984c6f60a1fe70e91f74b511810b7d2494129b0f24d98fda5cec679a4626dd926b0c9f199227d9c717a9696b3af9c1d8f5dcaf1733733b49ecf33fb6e14126246d72224ca43a0c1caef1256297e02aed427f89205edce67a6f5bc824f21926cf58ed769b49453092fad3b02b81a17f99c3c4225ea9874362f2922e6d587b5c9556be8116ceba904f2bef189d66e76e8a7ac1e6d24cb1d2059cba3a0fb6659e84a811fe7bd850b589cab61d3825567d68d3daf5ded5d3bb946e2c36027bd", 0x1000, 0xfffffffffffffffe)
keyctl$dh_compute(0x17, &(0x7f00000035c0)={r10}, &(0x7f0000003600)=""/115, 0x73, &(0x7f0000003700)={&(0x7f0000003680)={'blake2s-224-generic\x00'}, &(0x7f00000036c0)="60b23926d96b04866d177c90c41b02c4765a52", 0x13})

7m27.449931876s ago: executing program 32 (id=145):
socket$inet6_sctp(0xa, 0x1, 0x84)
r0 = openat$sysfs(0xffffffffffffff9c, &(0x7f0000000000)='/sys/kernel/rcu_stall_count', 0x80000, 0x93)
ioctl$KVM_SET_SREGS(r0, 0x4138ae84, &(0x7f0000000040)={{0x1, 0x26000, 0xe, 0x10, 0xcb, 0x3, 0x7, 0x10, 0x7, 0xda, 0x1, 0xe}, {0x4000, 0x60000, 0x10, 0xf, 0x0, 0x0, 0x1, 0x8, 0x80, 0x4, 0x4, 0xf3}, {0xd000, 0x26000, 0x10, 0x1, 0x8, 0x2, 0x3, 0x3, 0x6, 0x6, 0x10, 0x7f}, {0x4000, 0x58000, 0xa, 0x7, 0x7c, 0x19, 0xf, 0x5, 0x4, 0x5, 0x10, 0x6}, {0x2, 0x10000, 0x4, 0x7, 0xd, 0xa9, 0x81, 0x9, 0xa, 0x2, 0x3, 0x2}, {0xffff1000, 0xffffffff, 0xe, 0x3, 0x1, 0x1, 0xbd, 0x8, 0x6, 0x81, 0x3, 0x9}, {0x1000, 0xb000, 0x8, 0xac, 0xb, 0x6, 0x6, 0xff, 0x5, 0x81, 0x6, 0x4}, {0x54000, 0x0, 0xf, 0x80, 0x5, 0x9, 0x3, 0x4, 0x9, 0x7, 0xba, 0x6e}, {0x9000, 0x7ff}, {0x58000, 0x1}, 0x50000, 0x0, 0xeeee8000, 0x224500, 0xb, 0x4000, 0x70000, [0x9, 0x8, 0x3, 0x7fffffff]})
ioctl$KVM_SET_XCRS(r0, 0x4188aea7, &(0x7f0000000180)={0xd, 0x4, [{0x0, 0x0, 0x4}, {0x9, 0x0, 0xffffffffffffffff}, {0x6, 0x0, 0x1d9c}, {0x3, 0x0, 0x6}, {0x1, 0x0, 0x8}, {0x3668, 0x0, 0xb76}, {0x3e6, 0x0, 0x3}, {0x100, 0x0, 0xd}, {0x800, 0x0, 0xa5ca}, {0x1, 0x0, 0x9}, {0x4, 0x0, 0x9}, {0x3, 0x0, 0xb}, {0x1}, {0x1, 0x0, 0x40}, {0x1, 0x0, 0x2d3d}, {0x0, 0x0, 0x8001}]})
r1 = syz_kvm_add_vcpu$x86(0x0, &(0x7f00000007c0)={0x0, &(0x7f0000000340)=[@cpuid={0x64, 0x18, {0x10001, 0x5}}, @nested_amd_invlpga={0x17d, 0x20, {0xeab77616fd3f450, 0x9435}}, @nested_amd_clgi={0x17f, 0x10}, @nested_vmresume={0x130, 0x18, 0x3}, @rdmsr={0x66, 0x18, {0xc1}}, @nested_intel_vmwrite_mask={0x154, 0x38, {0x0, @ro64=0x2401, 0x10000, 0x5, 0xd5e}}, @nested_load_code={0x12e, 0x48, {0x1, "66470f388156d7430f225f260f01ca450f01c326660fe1e1b9e60b00000f328f6878c106e00f01d8410f01f8470f01df"}}, @nested_amd_inject_event={0x180, 0x38, {0x2, 0xae, 0x5, 0x2, 0x2}}, @nested_vmlaunch={0x12f, 0x18, 0x1}, @nested_create_vm={0x12d, 0x18, 0x3}, @nested_amd_set_intercept={0x181, 0x30, {0xd, 0x9, 0x2, 0x1}}, @in_dx={0x69, 0x20, {0x2b3e, 0x6}}, @nested_create_vm={0x12d, 0x18}, @code={0xa, 0x53, {"42ad8fc978d1ed42c200402e44ff6af866410fdf17b9800000c00f3235010000000f30c463117ca2008800000067660f73f7006566410f3aceeb00c4a211905c7464"}}, @nested_create_vm={0x12d, 0x18, 0x1}, @wr_crn={0x67, 0x20, {0x2, 0x7}}, @cpuid={0x64, 0x18, {0x5f99, 0x5}}, @nested_amd_set_intercept={0x181, 0x30, {0x3, 0x1, 0x1, 0x1}}, @wrmsr={0x65, 0x20, {0xb41, 0xe9b}}, @nested_load_syzos={0x136, 0xf0, {0x0, 0xfffffffffffffff9, [@nested_vmresume={0x130, 0x18, 0x2}, @nested_create_vm={0x12d, 0x18}, @nested_amd_stgi={0x17e, 0x10}, @wr_drn={0x68, 0x20, {0x5, 0x1}}, @nested_vmlaunch={0x12f, 0x18, 0x1}, @nested_amd_inject_event={0x180, 0x38, {0x0, 0x3e, 0x3, 0xff, 0x2}}, @in_dx={0x69, 0x20, {0xe486, 0x5}}]}}, @nested_amd_stgi={0x17e, 0x10}, @nested_amd_vmcb_write_mask={0x17c, 0x38, {0x2, @control_area=0x25, 0xff, 0x5, 0x2}}, @nested_amd_vmsave={0x183, 0x18, 0x3}, @nested_amd_clgi={0x17f, 0x10}, @uexit={0x0, 0x18, 0x5}, @wr_drn={0x68, 0x20, {0x3, 0x10}}, @wrmsr={0x65, 0x20, {0x413, 0x7ff}}], 0x473})
ioctl$KVM_GET_FPU(r1, 0x81a0ae8c, &(0x7f0000000800))
ioctl$BTRFS_IOC_SET_FEATURES(r1, 0x40309439, &(0x7f00000009c0)={0x1, 0x2, 0x6})
ioctl$TIOCGPTLCK(r0, 0x80045439, &(0x7f0000000a00))
ioctl$KVM_DIRTY_TLB(r0, 0x4010aeaa, &(0x7f0000000a40)={0x3ff, 0xfff})
r2 = getpgrp(0x0)
fcntl$lock(r0, 0x25, &(0x7f0000000a80)={0x2, 0x2, 0x9, 0x6, r2})
r3 = open_tree(r0, &(0x7f0000000ac0)='./file0\x00', 0x8100)
r4 = syz_genetlink_get_family_id$nl80211(&(0x7f0000000b40), r0)
sendmsg$NL80211_CMD_SET_REG(r3, &(0x7f0000000c40)={&(0x7f0000000b00)={0x10, 0x0, 0x0, 0x8000000}, 0xc, &(0x7f0000000c00)={&(0x7f0000000b80)={0x7c, r4, 0x800, 0x70bd2d, 0x25dfdbfe, {}, [@NL80211_ATTR_REG_RULES={0x54, 0x22, 0x0, 0x1, [{0x14, 0x0, 0x0, 0x1, [@NL80211_ATTR_POWER_RULE_MAX_EIRP={0x8, 0x6, 0x7}, @NL80211_ATTR_POWER_RULE_MAX_ANT_GAIN={0x8, 0x5, 0x1}]}, {0x3c, 0x0, 0x0, 0x1, [@NL80211_ATTR_POWER_RULE_MAX_EIRP={0x8, 0x6, 0x8}, @NL80211_ATTR_POWER_RULE_MAX_EIRP={0x8, 0x6, 0x4}, @NL80211_ATTR_POWER_RULE_MAX_EIRP={0x8}, @NL80211_ATTR_POWER_RULE_MAX_EIRP={0x8, 0x6, 0x3ad9}, @NL80211_ATTR_POWER_RULE_MAX_ANT_GAIN={0x8, 0x5, 0x1}, @NL80211_ATTR_DFS_CAC_TIME={0x8, 0x7, 0x6}, @NL80211_ATTR_REG_RULE_FLAGS={0x8, 0x1, 0x1}]}]}, @NL80211_ATTR_USER_REG_HINT_TYPE={0x8, 0x9a, 0x2}, @NL80211_ATTR_SOCKET_OWNER={0x4}, @NL80211_ATTR_USER_REG_HINT_TYPE={0x8, 0x9a, 0x1}]}, 0x7c}, 0x1, 0x0, 0x0, 0x800}, 0x40000)
io_uring_register$IORING_UNREGISTER_PBUF_RING(r0, 0x17, &(0x7f0000000d40)={&(0x7f0000001000)={[{&(0x7f0000000c80)="fa4752a4a6689ddcf50ae5a893be32ee582b56", 0x13}, {&(0x7f0000000cc0)="3ad318318854d97081ff424956df9416ac451ec86b224ddc676dc08ef0de0792aa38e798b2045400a9db7d95c064fdfd152d50f52646c46956eb13b4d016219a4263cbdcffa53c53b5dabce955ad287c279cf87974d6868cf2f6c60b2e51c03e3618919a61d5cee3f1091360732c82bce1", 0x71, 0x3}]}, 0x2, 0x1}, 0x1)
ioctl$sock_FIOGETOWN(r0, 0x8903, &(0x7f0000000d80)=<r5=>0x0)
capset(&(0x7f0000000dc0)={0x19980330, r5}, &(0x7f0000000e00)={0x2, 0x7fff, 0x1, 0x7, 0xfffffffb, 0x8dd})
getsockopt$inet_sctp_SCTP_GET_ASSOC_ID_LIST(r0, 0x84, 0x1d, &(0x7f0000000e40)={0x3, [0x0, <r6=>0x0, 0x0]}, &(0x7f0000000e80)=0x10)
setsockopt$inet_sctp6_SCTP_STREAM_SCHEDULER_VALUE(r0, 0x84, 0x7c, &(0x7f0000000ec0)={r6, 0x2, 0xbb6f}, 0x8)
getsockopt$inet_sctp_SCTP_ASSOCINFO(r0, 0x84, 0x1, &(0x7f0000000f00)={<r7=>0x0, 0x5, 0x5, 0x7, 0x1, 0x4}, &(0x7f0000000f40)=0x14)
getsockopt$inet_sctp6_SCTP_PEER_ADDR_THLDS(r3, 0x84, 0x1f, &(0x7f0000002000)={r7, @in={{0x2, 0x4e20, @private=0xa010102}}, 0x7, 0x9}, &(0x7f00000020c0)=0x90)
r8 = openat$tun(0xffffffffffffff9c, &(0x7f0000002100), 0x800, 0x0)
write$tun(r8, &(0x7f0000002140)={@val={0x0, 0xf5}, @val={0x0, 0x3, 0x4, 0x4, 0x5, 0xfffa}, @x25={0x3, 0x6, 0xf, "de0a748d5ba8bc9097fe6cc2fbf746741890a355ad087160ccf07190435dfa375049ff1247d5625f1bcf384f35f45a7358ee41e0675686d407b9d691803124568834ec945473371602ef68e21a3a6abcfc3087904dcad9f02677a85ac633607295a88d"}}, 0x74)
socket$inet6_tcp(0xa, 0x1, 0x0)
fcntl$getownex(r0, 0x10, &(0x7f00000021c0))
r9 = syz_genetlink_get_family_id$batadv(&(0x7f0000002240), r0)
sendmsg$BATADV_CMD_SET_HARDIF(r3, &(0x7f0000002300)={&(0x7f0000002200)={0x10, 0x0, 0x0, 0x80}, 0xc, &(0x7f00000022c0)={&(0x7f0000002280)={0x1c, r9, 0x0, 0x70bd28, 0x25dfdbfe, {}, [@BATADV_ATTR_VLANID={0x6, 0x28, 0x2}]}, 0x1c}, 0x1, 0x0, 0x0, 0x20000000}, 0x4000)
socket$inet_tcp(0x2, 0x1, 0x0)
r10 = add_key$user(&(0x7f0000002340), &(0x7f0000002380)={'syz', 0x0}, &(0x7f00000023c0)="f07a3c7101ee3bd2d170ac7b1dfe82adb7934606e4a74982b67af78da8899da463d18deccab7442b7ca0790b5a69b3a16c25e6821121931218e1b67c5b80545344c516a7ad5ae5f086765fec4179871e5cee511195437e87b498a97180db413d246ac610cc3705adb4e138e6177d585e15250ceef5d6a2315599708ccbcbe6e988e5871d001d8965929989eae609641c1b4bc6fb6ca89abb3ed5bfed0b734ac168e8d52b7aa474939abb2c230b7c9089312ff0647296848e8877aea4a2683abf4d6881f00bd022c4f84c094d64ecb70a2bfb1e39c76dee5196413d71df6c8e5482f4ceedf64c294cde3dcd70e47db967298c362c362e2444c596c363512f0275fbbd87bde3c6789883a1da96830d208c823fcedfbd635b3beff4dba392884f0958e598608a543964c7fae879dff38b515c623a60588d617b54a479ae2b3be9b2504267d5253b160f0e487ae918ae975e0eb684bb8ba0973eefbd759504cde33efdf5136b6a3af266d409599b5c20eb112136b7e89593b7a91192ebac73722614eead2478b1f0cde9a56e2914e179d3584955d6f8ad447a839de3e389fc2edfc77b361aff4aa19df42e96c301cd72c9d1956fa1acbcfbd599e923f018b860efc79f341e58478cd0ef4b84a73534ef3313af74e02a4bd10382378df4976dab7188114b718adfa2e8edbd6a0e3e55c765be6084af6fe1601d37260b0ea2b64732e3e11f8b68cec00db910620885a24d1166cdb6704e58c79555a061a458f73436f72344d3d324073589a2f38ccf134f93bfa2b75a840c6f4bae0f19ee510d2c86e0a9bcca400eb95af059108b85d2a348bff5b3659d8734a8b4fd454c2a4e3d5687d84b2785aac67268af9b389294877b9bd244fcf713b4bca9e0cc970124f9c44fe2af2282a0d9bf334a8a9e46152714923ad53036994402e6cb5beb859436cc181d60fc8353923401fafccf2402834d3cb5cd48b042c828518dd80844dc0fafee3b5b806ee3c2a8897a2109079510be05edac22142feabd2688bb1173001ad8bbf93691e147d436961bc077dba1d2c88cd4d846dd32795d26c27d5719b1a089cea635af2a1355f4b7f2522e1a1e47d06412d184fdfe534f9631be06aaeddc0c5ece4ea77c1e7a8c8da1aaaf0944ae3f61f2417d9b401359cccadf646b3ba2a415b370a450d036bc29ecdc89d3cfc794b06ce0e8006f33fe1f871c74ddb4d419447d7d714963ffcc2c56d8dccf386fcad8c6a72ae4e90602625c8a3fcb1be390d4806aa5864c4d1884a4c84577f5b04b21b11d0f7b0f025514d8c339ca82ffd964d5a1ab5571af53112f454504332b94dbcea21c8723ead124be6f92d3f2e5c24a32c838b3ea352ffd5be6736464c820d124f34415029a6cba1b66ce7d7abb25acb21124d404fcd46294b1cff2ecd4732211cf2f3e25c258d479fe49740a809943c3efd7917fd06e8cbd867f258c7b711e3e47e26c25e9efdedae26be77a0e0e7098312acb89cf429a1ad9f33b9921efbbd3af79f24d22fdc31b96411db5b53750ac63cb5c3d28011736d81dba33a160049a63df86b1ed6de234fa7f401b02ab75cff849b7c07ced0e818fa1172ac53ae6faeeccca10f9556d8dfa30d3036e66ed1c9a7a4fec1f8fa455e85a521baea3338bdaeeb1f697fb289d931a52a37b90f5dd7b5e1e3569f3ae2564490b6dcbbece183b3f32891a6451577b7093428ab36d26f528c64e965280c0f702265a6e80958f2ec04c67a7df0fc9f3e8985e291703804775e5efc2ceb644baace4a58e4e6082e247be1907e39fbe7f366429b9ec90830d5282d15ac352d149234bf857bd4f110ba0195aa722fb65c5ca5c353b69ac7abeb6c52fce7269ffe4ea00f73813fc1cbb4659b646f5ca552c4cf45672dce8f26490c0c784b818839271e2ef7d420c28f341fed69b4fc3958ef2cf5abc70063a498df3dca5a5603463159e87eb66be4753f5470b0f121fcd883a8ff336240935a26aeb459d86f7183d04748243cf582f9a36ba6346eb5983ba5395f4bfc457a3302bbfe8b2c1e7052767e91a382cfdd5c67ccd5233887bcb9a41fde0870f3c4c8984a3325646ba29334ba8020c627a1451da11cd50f8af0affc31d0aeb4201ff34b40d997f2b83d80e6ade48a94ac92190c384e744d6a77a7d842fe37ef324022d38b96e6d1912e404836a90be94bb339f94766ca27e82c2631c1631bba2ef1849be8b4f89a47de2d8292f24560c8ea0bfd4b8609b888ed0ce6264bc1de5c60e418f4a568aa9897c251f39c9c994eeb821a3b58220583217cc077b6389c105fb0084c0cf45270c4a14b47e4accdbae4e1cb6b3dccb8380439f4a8fac965cfeef711f7f164da92df8c0c3d3b0e3f2f7b8ae94b70d4260a18d5a5ab92ab9947cbcfbf773e3645d2132a174863755c35eba83b6ddad5594f6e2846882ebc5aefbf51f7e3c493f420a0a6db16bc31b6e0a2a1853959c87c4d4b559064e1769f97f158ea0c7305cf54e976452deccad1fcedceee5aba595a8c916f3610d59d99e27457faef8eedaf3fb0bc388f2faa24d0b5f4160c1d3d2be708e5497c5f4432bbab05b66e30cbf223f79c48a7784b250311dd99625322e996e70cb7188583c5a8dd615a4c37a2f51cd487db208f30b7d67a956ffa85239296709b38948f3b55a17fb0ba4740f4673297b3b18ffd320d9d2109c19df68f1408cd21570e9bab479556d04e1e5824f3583652da042c8c09378b935cbd6c60c18fe5945b519458dcbe55c496e5c3cc65be334ff3d4a376cc5bc6ffeface0e3228f2b02470cf43a75bfda84876928352b6c95af723f06e5283f54feb66894b5c5e0f9244fca4a2e824a3ac94039832227fdc11b9ce8992e7c129194b49040d1bb67908ebfa469d9104c2fe07aece5d667cadf17edd7b4686d674eec14c012c7655be954cc068790ade9995e4e49218198de7a4d9fd9ad257be3f0b8b6c3334056e2d3e3ce29463c7b35065d1e630a55eb1727cdaa9b931a3057b1d999a8b0851d7cb4bcdac9586e62f7f95e10f6e166b4c0e6b8d1e1a0687708db7908110168ec8358d985249bb750ff21ccf2769680d6f2365fc45943fc743191541bd42800add0551c8925d5fad87a1ba498021606f959524787f7ee2da7b8407fffef17c94f872b03b7ba0d4f872c1bcf4bec913363f720764a3bb9b1e56aa195efb535e07d3f969a587cf87ca5073666e6a7dd7f58a57d05618ad8795dfdd51414c11db92c30c366b73f84226637e2411bf2c686b3de81a7d71329c61f0bf46b5e55b23f25d5f325900c941f481cc936cfe96406f81602c47b88383e71408b2e879801adced4341ab281404ccd6d3ceac539d9029530692901aae4182958f3f4b7d8cc54d28c865dde80392cfcb4bfacc928866fc4de28ed4bfa637d4f28fc1f5a3e241d4dcda620352125d314221e81d738ed039cd42fa170fd6fc0ba62dcbb2f55a97027bdfeed6849ed19a54192eb9053872d2d8268204d08568dd1530f7baf2d35a8ad79f48aec172343cf2768fab740e38f0be74aec83b4ec1adcb835ed6d327ba53c31288774e5d6f1474c3aefb437ea2938a382609e74f901a430aa931443089eff3e39d856f5e3a537a3c26c09e88d73676f80b73b6aa6508e3d37c1edfce5f915dee0d8b4db4daf75e9807bc4768add9bcb757554a6e1bc5e9d0b7faf549f39f7e14a528eb5a6ba88bc19db681aca399b9fffc0f34bafbc5f5f01e17b161b847a35cf18dd7b83f46459397ed19daf242fb194642592f896944b90d47cdbfffbcbae32f4f3d39b0166e8773a587bbfccfbc81b45f9e246a1c714ead5451a8933e660c7edcab739eaf5c0cffb2e29bb84974f8ba988fb541d61571b3c9450e89499d23f42e9a576c985cab120628083fa698432c66c8c7faa4c9a90610bc8a9c01254b0c0012f6c3d1a0e75285403c352977280ecd0c8e24b22e89056c3ec4897f98dc00b96747fc17bbfd542a53a5a01f84185c1c045238b6d7813b25b21a1dd0a9263387148aa3d8caa0c73be7f2049f036452b046e9d330a178f60310a66f80d3255cde25d1396c38503f2277cd3e7df74e6abed673f04b86dc03e9c75c3f67a5ef6a700877e05f431901de4319ccf630bdda63bf73192f058b487c483dcd50a12d73470b9b230b35d7260bdd0d2e801de62ae8d3c121c51f2070ed26a298e912fd2ddc74a2f140ef3ffb01f1e2d2e744f99d998bedf6333f9b577c3ea8e8e012dad5a39b22850c22103d4551ac0ad72c2cf8b3d5d12b5e281da0b5e96add1c81fb467f7926f93cc6b1c77a9e8cc46a4320621cd70e026afe6b9a48dfd73eb00966fe936bdd2878cb5d430aa4b09661a61be1d13fd0251247b3b747fdad3077becdc61e8f388e2b2d662caf33eb0adb4457ef6fd5d6386e5b28779a62a246c7b18bdca10eb5fd47f450743a81b239fab9fa2f442db5eb7c76e282845201bc326094d4d91c11c76a88ac9da1729e93b65fb163211b6e80c432bf38e1aca3aa29e43d4928189a6b77c80c4890e5f5178907f982bdb627600ddbedd21c55d0adac94c20f16423e69ac86bcd6f19aca3b51e80f0d61976f68e6310e56ac62aa2a754436867451cb333bc6d788705731eae3fa591c2fd2258bcac62f570a045068c5bb5c7b35ed85e899e59cc32871e539999d355be5a4e3426b8b7406192332cb2a76c2fc0e8f75be5e76fd1e7de39821b3a8c4fe8e48acb43eea7f2688192efa34859a497b28ab6881bd59b9e04f3c54c8baeb348ee689dd58d53477e93acfec30275158016598a7d855adaeb7d797ccbdf0c059e83032682cd0f9bcb2ff0a32d2d7bab3968c2acca77acb0cd529f220414abdb1d92b55c79fecc4d150bc8f6f3cdd933878abbe464a64f9fa20d3b142ae8e37ee8f11ebca0df0bf1058365476eaae64d7a78eef93985d1b0f49e9944ea5fbfe80e58a328af0898aa59d4ed931e141537f16d978cfab0033ed9ac62ea15a331f9946e86afb38c60f53d0ae24818c116da028caf630c0a1ec3a351833d085abe5444ef60e4b07b9568aeaca0acf4b96cb11cf88952432aa8675f8fcf51a1024135c88fb85a8fef9cd7a5d25cb79338d7e689ab0ceb9d64e28c47735230626607d4e1f4d530a919f5e0fa34a2d59d5c4016aadb5dfc6a40a9daf1675fe3930518a6d30106702a644f0f58e8e1648d523ee53c4c558ab348913046163956cd8edb88bf266b23d145a32120983596adf0f11db4112ba80f5061973043bc76bb494cc020e4ee32ca173db945dc21979f43a6bd8fc450f32bf5d64fa910a704e30e4dea9055c7a6c097ae09f624aa6c6ae3ad0d89df7519d129c262b183ce28f9193a5749a85593c016b3814993e715885977c47b1e053e2c3450fa038c6c5ae8985932b564f2a030cad74089006c6e06548bbfc878d60bad2c3904724b4055cb85aa42ca83ff07b56410133d7a3266b5e46aa88ae532fc16fd5813ed18e0faf738daaae3abf3b987f06a533c9c89de8c183dcb33ba435ecf02d6386818984c6f60a1fe70e91f74b511810b7d2494129b0f24d98fda5cec679a4626dd926b0c9f199227d9c717a9696b3af9c1d8f5dcaf1733733b49ecf33fb6e14126246d72224ca43a0c1caef1256297e02aed427f89205edce67a6f5bc824f21926cf58ed769b49453092fad3b02b81a17f99c3c4225ea9874362f2922e6d587b5c9556be8116ceba904f2bef189d66e76e8a7ac1e6d24cb1d2059cba3a0fb6659e84a811fe7bd850b589cab61d3825567d68d3daf5ded5d3bb946e2c36027bd", 0x1000, 0xfffffffffffffffe)
keyctl$dh_compute(0x17, &(0x7f00000035c0)={r10}, &(0x7f0000003600)=""/115, 0x73, &(0x7f0000003700)={&(0x7f0000003680)={'blake2s-224-generic\x00'}, &(0x7f00000036c0)="60b23926d96b04866d177c90c41b02c4765a52", 0x13})

12.628431067s ago: executing program 1 (id=3008):
r0 = socket$nl_netfilter(0x10, 0x3, 0xc)
sendmsg$NFT_BATCH(r0, &(0x7f000000c2c0)={0x0, 0x0, &(0x7f0000000200)={&(0x7f00000000c0)=ANY=[@ANYBLOB="140000001000010000000000000000000000000a28000000000a0101000000005e1affd5020000000900010073797a300000000008000240000000032c000000030a01030000e6ff00000000020000000900010073797a30000000000900030073797a320000000014000000110001"], 0x7c}}, 0x0)
r1 = socket$nl_netfilter(0x10, 0x3, 0xc)
bind$xdp(0xffffffffffffffff, &(0x7f0000000100)={0x2c, 0x2}, 0x10)
sendmsg$NFT_BATCH(r1, &(0x7f0000000200)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000040)=ANY=[@ANYBLOB="140000001000040000000000000000000000000a20000000000a01020000000000000000010000000900010073797a300000000058000000160a01000000000000000000010000000900010073797a30000000000900020073797a30000000002c0003800800014000000000080002400000000010000380140001007465616d3000000000000000000000005c000000160a0101000b000000000000010000000900020073797a30000000000900010073797a3000000000300003802c00038014"], 0xfc}}, 0x0)
sendmsg$NFT_BATCH(r0, &(0x7f0000002300)={0x0, 0x0, &(0x7f0000000280)={&(0x7f00000002c0)=ANY=[@ANYBLOB="140000001000010000000006000000000000000a14000000020a0900000000000000000002000000140000001100010000"], 0x3c}}, 0x0)

12.006970347s ago: executing program 1 (id=3012):
sendmsg$nl_xfrm(0xffffffffffffffff, &(0x7f0000000480)={0x0, 0x0, &(0x7f0000001f40)={&(0x7f00000004c0)=@updpolicy={0xfc, 0x19, 0x1, 0x0, 0x0, {{@in6=@rand_addr=' \x01\x00', @in=@dev={0xac, 0x14, 0x14, 0x15}, 0x2, 0x5, 0x0, 0x3, 0xa, 0x20, 0x0, 0x16, 0x0, 0xffffffffffffffff}, {0x0, 0xac, 0xfff, 0xffffffffffffffff, 0x0, 0xffffffffffffffff, 0x7fffffff, 0x10000}, {0x2, 0xa00, 0x40800000000000, 0x800000000000000}, 0x0, 0x0, 0x1, 0x0, 0x0, 0x3}, [@tmpl={0x44, 0x5, [{{@in=@empty, 0x4d2, 0x3c}, 0x0, @in=@broadcast, 0x0, 0x0, 0x3, 0x0, 0x49}]}]}, 0xfc}}, 0x0)
r0 = socket$nl_xfrm(0x10, 0x3, 0x6)
sendmsg$nl_xfrm(r0, &(0x7f0000000480)={0x0, 0x0, &(0x7f0000001f40)={&(0x7f00000004c0)=ANY=[@ANYBLOB="fc000000190001002dbd70000000000064010100000000000000000000000000fc01000000000000000000000000000000000000000000000a0000"], 0xfc}}, 0x0)
r1 = socket$key(0xf, 0x3, 0x2)
r2 = bpf$MAP_CREATE_TAIL_CALL(0x0, &(0x7f0000000800)=ANY=[@ANYBLOB="0300000004000000040000000a"], 0x50)
bpf$PROG_LOAD(0x5, &(0x7f0000000880)={0x1, 0x8, &(0x7f0000000180)=ANY=[@ANYBLOB="1808000000000018000000000000000018124000", @ANYRES32=r2, @ANYBLOB="0000000000000000b7030000000000008500000089000000b70000002000000095"], &(0x7f0000000980)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
sendmsg$key(r1, &(0x7f0000000000)={0x40000000, 0x0, &(0x7f0000000040)={&(0x7f0000000240)=ANY=[@ANYBLOB="0207000902"], 0x10}}, 0x0)
r3 = socket$kcm(0xa, 0x2, 0x88)
sendmsg$kcm(r3, &(0x7f0000000340)={&(0x7f00000000c0)=@in6={0xa, 0x4e22, 0x0, @dev, 0x7}, 0x80, 0x0}, 0x200ce0c0)

10.948781114s ago: executing program 1 (id=3014):
bpf$MAP_CREATE(0x0, &(0x7f00000009c0)=ANY=[@ANYBLOB="0100000004000000080000000d"], 0x48)
r0 = bpf$MAP_CREATE(0x0, &(0x7f00000009c0)=ANY=[], 0x48)
r1 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x1, 0xd, &(0x7f0000000f80)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32=r0, @ANYBLOB="0000000000000000b7080000000001007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b704000000000000850000000100000085000000a000000095"], &(0x7f0000001000)='GPL\x00', 0x0, 0x0, 0x0, 0x40f00, 0x6, '\x00', 0x0, @fallback=0x35, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
socketpair$unix(0x1, 0x1, 0x0, &(0x7f0000000000)={<r2=>0xffffffffffffffff, <r3=>0xffffffffffffffff})
setsockopt$sock_attach_bpf(r2, 0x1, 0x32, &(0x7f0000000040)=r1, 0x4)
sendmsg$inet(r3, &(0x7f0000000500)={0x0, 0x0, 0x0}, 0x4800)
r4 = socket$alg(0x26, 0x5, 0x0)
bind$alg(r4, &(0x7f0000000080)={0x26, 'skcipher\x00', 0x0, 0x0, 'xts(ecb-aes-aesni)\x00'}, 0x58)
setsockopt$ALG_SET_KEY(r4, 0x117, 0x1, &(0x7f0000000180)="10797fcd6cd957d2b903c6bf46b4abf3629ff075475e4bd6e43be1712bf8b4dc", 0x20)
r5 = accept$alg(r4, 0x0, 0x0)
sendmsg$alg(r5, &(0x7f0000000400)={0x0, 0x0, &(0x7f00000002c0)=[{&(0x7f0000000240)="4df3d99a134ba79554ba3a23864aaa91f166", 0x12}], 0x1, &(0x7f00000003c0)=[@op={0x18, 0x117, 0x3, 0x1}], 0x18, 0x4000800}, 0x4048002)
sendmmsg$alg(r5, &(0x7f0000000040)=[{0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x24000000}], 0x1, 0x11)
recvmsg(r5, &(0x7f0000000700)={0x0, 0x0, &(0x7f0000000680)=[{&(0x7f0000000300)=""/135, 0x87}], 0x1}, 0x21)

10.516950842s ago: executing program 1 (id=3018):
syz_usb_ep_write$ath9k_ep1(0xffffffffffffffff, 0x82, 0xa8, &(0x7f0000000040)=ANY=[@ANYBLOB="6b0ee0b3d4"])
syz_emit_ethernet(0x4a, &(0x7f0000000000)=ANY=[@ANYBLOB="aaaaaaaaaaaaaaaaaaaaaabb86dd69010000001406fffe800000000000000000000039fe8000000000000000000000000000aa4e224e24000000", @ANYRES32=0x41424344, @ANYRES32=0x41424344, @ANYBLOB="51c2"], 0x0)
sendmmsg$inet6(0xffffffffffffffff, &(0x7f0000007880)=[{{0x0, 0x0, &(0x7f0000000740)=[{&(0x7f0000000040)="af0ac9", 0x3}], 0x1}}], 0x1, 0x4000000)
bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000440)={0x18, 0xf, &(0x7f0000000200)=ANY=[@ANYRESDEC, @ANYRES32, @ANYBLOB="0000000000000000b702000014000000b7020000000000008500000051000000bf0900000000000055"], 0x0, 0x7, 0x0, 0x0, 0x0, 0x1, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x6}, 0x94)
r0 = syz_open_dev$loop(&(0x7f0000000100), 0x2, 0x0)
r1 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000200)='blkio.bfq.idle_time\x00', 0x275a, 0x0)
write$binfmt_misc(r1, &(0x7f0000000040), 0xe09)
ioctl$LOOP_CONFIGURE(r0, 0x4c0a, &(0x7f00000002c0)={r1, 0x0, {0x2a00, 0x80010000, 0xaaffffff, 0x2, 0x0, 0x0, 0x0, 0xb, 0x1c, "fee8a2ab78fc979fd1e00db6072000001ea89de2b4410000e60080b8785d960000100000000000000000000000000000000000527000", "2809e8dbe108598948224ad44afac11d875397bdb22d0000b420a1a93c5240f45f819ef6167d3d458dd4992861ac00", "f4bd000000801900000000000000000000000000000000000000000100", [0x0, 0x2000000000001]}})

9.694886841s ago: executing program 1 (id=3028):
r0 = socket$nl_generic(0x10, 0x3, 0x10)
r1 = syz_genetlink_get_family_id$mptcp(&(0x7f0000000000), 0xffffffffffffffff)
sendmsg$MPTCP_PM_CMD_ADD_ADDR(r0, &(0x7f0000000400)={0x0, 0x0, &(0x7f00000003c0)={&(0x7f0000000080)=ANY=[@ANYBLOB='8\x00\x00\x00', @ANYRES16=r1, @ANYBLOB="010000000000000000000700200024000180060005004e2300000600020002"], 0x38}, 0x1, 0x0, 0x0, 0x14}, 0x0)

9.476300562s ago: executing program 1 (id=3031):
sendfile(0xffffffffffffffff, 0xffffffffffffffff, 0x0, 0x5)
r0 = socket$nl_generic(0x10, 0x3, 0x10)
r1 = syz_genetlink_get_family_id$tipc2(&(0x7f0000000180), r0)
sendmsg$TIPC_NL_KEY_SET(r0, &(0x7f00000006c0)={0x0, 0x0, &(0x7f0000000680)={&(0x7f0000000440)=ANY=[@ANYBLOB="23020000", @ANYRES16=r1, @ANYBLOB="010025bd7000ffdbdf2517000000c8000580080001007564700007000100696200002c000280080003000100000008000200020000000800010017000000080003000e000000080003007ef200000800010075647000070001006962000024000280080002000800000008000200e9000000080001001500000008000400040000000c00028008000200000100002c0002800800010008000000080004005de50000080003004000000008000200030000000800020033c30e4f080001006574680014000280080004000100ffff08000100120000006000068008000100020000004400040067636d28616573290000000000000000000000000000000000000000000000001c0000003d36f39c618f285e41515ab9f055e76069db3732ad6fd5d3d02f9e32080006000000000008000600ae"], 0x234}, 0x1, 0xf5ffffff, 0x0, 0x48014}, 0x40)
sendmsg$TIPC_NL_KEY_SET(0xffffffffffffffff, 0x0, 0x20000000)

6.423130201s ago: executing program 4 (id=3044):
pipe(&(0x7f00000000c0)={<r0=>0xffffffffffffffff, <r1=>0xffffffffffffffff})
syz_usb_connect$hid(0x2, 0x36, &(0x7f00000000c0)=ANY=[@ANYBLOB="12010000090024206d041cc340000000000109022400010000a000090400000103010100092100080001220100090581"], 0x0)
r2 = socket$inet_udp(0x2, 0x2, 0x0)
r3 = memfd_create(&(0x7f0000000240)='\x9d#\x00\xe6Z\x00\xafq%\xa5\x83\xa6\xb5\x00\x83y\xf3\xb2\xe6b\x00\x00\x00\x00\x00\x00\x00\x01\x00\x00\x00\x00\x00\x00\x17?&^\xe1Ob\xe1Y\xd6\xeb\x91\x83;\xeb\xf1\xd0\xe3\xe5\x19T\xff\x01\x00\x00\xe2\x9f\xd9\xae\xcf>/\x05V%$6\x9fU\x86\xbe\xcbx\x00\x00\x00\x15\x00\x00\x00\xa1\xa2\xe0g\x98\xbf*\xa2c\x12.\xb7\xbe`\'\xcb\xb6\xaf\xdc\xa0D\x93.\xf25\x957\xec\xfb\xe6|\\\xe4h\xfc\x14\x06\xb5\xaa\xe6\x05\xe4\xc3\x90\x91\x98\x15\xec\xdb\xaa\t9\x11\xb4\x84$&0\xdd\x19\x86\x90\xbe\xd7\xdc\n\xcbC\x15\xfcp\x11\xdai\f{a?\xd0\xe1{\x84\xb5\x82q\x19\xacS\x88|\x99\xfd\x9eS\x80\xcb\x14G\xfa\xff\xff\xff\xff\xff\xff\xff\xcd\xf0%\x97!\xba\xe3J\xc2t\x96\xf8\xb1\xd2\x168\xbf`$\xbf\xca\xea\xa3\x83\x8e-k\x12\xdf\xb9q\xb6Pr\xd4\xb5X\\\xdbD\n\x03G\x00\x04\x00\x00\xbc\xac\x18\xba\xce\xb3%QF\x03\b\x9dh\xcb)\xf4f\x12[\xf9\r\t\xef{h\xb0\xc0:\x8f|\x8f\x06\xf8\x83\x87+nM\x11\x1c\xb0*8\v\x1e\xcf\x03\xd3\xe8,?\x87\x84\\/y\xed\x01#?\xab\x1c\x11\x00\xc5\x8d\x82\x9c\xd6B[\xc9\x00\xf5]\x81\xf3\xfd\x06M\xbe\xf9\xba\x9em\xe9\"\x03\x933P\xa3\xcc\x9b\f\xa7\x8f\x91O\xc9\xb9\x10M\x8b\xd0\xc0\xb8L\xbd\x1c4\xb59\x988\tgC\xbc\xe0\xc5\xf4\xe0E%\xd9\xd8w\x00k\x042Y\xdc\xc5\xe59\xa95\xd1m\xd8hCuZYi\x10D\xb9\xe6\xff\x04K%yH\xe5W\xfb\x82\xac\x19,\\D\x91T\xfd\x9c\xb8\x8b\x88\xa5\xcc\x8fI\x00\xf0\xc9%\n\xa7\xd6\x0f:\xb0\xf5?\xc3\x88\x1e\xbb-\xa6\xecA\x92\xaf\xa4Xl\v\xa5\xca\v|\xe2L\xac\x80\xc7\x15\x96fh\x83\x15\xc7\xea\xd5\xe8\x89W\x11\xd7oC\xe4\x06\xa8[O\xe6\x1d=\x87\x93\x0f\x87I\xdf\xb1\xeb\x89\x11.\x01\x00\r`\x1e8\x94\v)\x06B\xf0\xed\x91 )y\xb4\xba\xba\xb7\xbc\xc3\xad\xf1\x92/(A=A\x8b\xa5\xb0\x89\x9e5\x12\xa4\x9a\va\xdf\xf4\xea\xc6\xc7\x10g\x1d\xd5\xb0\xbb\xd2\xfc]fC\x8d\x0f\xa6q\x0f\xef\x90\xfe\x94k\xf1\xb8\xfa\xbbb\xb1\x03\x99\xf7\xfd\'\xae\x906\xe0\xaa\xdbtWWH\xa4L\xb5pe,\xdfN\x0f8\t\xe7X_H\xd4\xe3\xb2,oj\xac\xd7\xbd\xd0\xadW\x1f<\xd0\b\x00\x00\x00\x00/ \xe4]@\xf7mA\xe8\xd1\xf4:\xb3\xeb\x81\xb9\x018\x1c\x95%o\x05x\x1a\x90\xf4\x03\xe7\xe9\xa9', 0x4)
ioctl$FS_IOC_RESVSP(r3, 0x4030582b, &(0x7f0000000180)={0x0, 0x2, 0x102, 0x100000002})
syz_open_dev$sndctrl(&(0x7f0000000440), 0xfffffffffffffffc, 0x260100)
r4 = openat$vnet(0xffffffffffffff9c, &(0x7f0000000180), 0x2, 0x0)
ioctl$int_in(r4, 0x40000000af01, 0x0)
mmap$IORING_OFF_SQ_RING(&(0x7f0000400000/0xc00000)=nil, 0xc00000, 0x0, 0x5d031, 0xffffffffffffffff, 0x0)
r5 = shmget$private(0x0, 0x2000, 0x100, &(0x7f0000f51000/0x2000)=nil)
shmat(r5, &(0x7f0000b2f000/0x3000)=nil, 0xffffffffffffcfff)
ioctl$VHOST_SET_LOG_FD(r4, 0x4004af07, &(0x7f0000000000))
ioctl$KVM_GET_STATS_FD_cpu(r1, 0xaece)
syz_open_dev$sndctrl(&(0x7f0000000180), 0x6, 0x40)
prctl$PR_SET_SYSCALL_USER_DISPATCH_ON(0x3b, 0x1, 0x0, 0x10000, &(0x7f00000001c0))
ioctl$BLKDISCARDZEROES(r1, 0x127c, &(0x7f00000004c0))
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0x12, 0x8031, 0xffffffffffffffff, 0x6a855000)
madvise(&(0x7f0000000000/0x600000)=nil, 0x600002, 0x9)
sigaltstack(0x0, 0x0)
ioctl$SNDRV_CTL_IOCTL_PCM_PREFER_SUBDEVICE(r1, 0x40045532, &(0x7f0000000040)=0x40)
r6 = openat$audio(0xffffffffffffff9c, &(0x7f0000000140), 0x40000000040201, 0x0)
r7 = syz_open_dev$sndpcmp(0x0, 0x0, 0xa2c65)
write$RDMA_USER_CM_CMD_CREATE_ID(r6, &(0x7f0000000500)={0x0, 0x18, 0xfa00, {0x3, 0x0, 0x0, 0x9}}, 0x20)
ioctl$SNDRV_PCM_IOCTL_WRITEN_FRAMES(r7, 0x40184152, &(0x7f0000000100)={0x0, 0x0, 0xb1b7})
close(r2)
socket$nl_netfilter(0x10, 0x3, 0xc)
sendmsg$IPSET_CMD_CREATE(r0, &(0x7f0000001080)={0x0, 0x0, &(0x7f0000000080)={&(0x7f0000000000)=ANY=[@ANYBLOB="6c00000002060104db406e3e0004000200000000100003006269746d61703a706f72070005000400000000000900020073797a32000000000500050000006c000500010006"], 0x6c}}, 0x80)
write$binfmt_misc(r1, &(0x7f0000000000), 0xfffffecc)
sigaltstack(&(0x7f0000000340)={&(0x7f0000000240)=""/252, 0x3, 0xfc}, &(0x7f0000000400)={&(0x7f0000000380)=""/97, 0x0, 0x61})
splice(r0, 0x0, r2, 0x0, 0x4ffe6, 0x8864000000000000) (fail_nth: 8)

3.357231531s ago: executing program 2 (id=3054):
socket$kcm(0xa, 0x3, 0x87)
r0 = openat$tun(0xffffffffffffff9c, &(0x7f0000000000), 0x40241, 0x0)
ioctl$TUNSETIFF(r0, 0x400454ca, &(0x7f0000000200)={'syzkaller1\x00', 0xc201})
r1 = socket$kcm(0x2, 0xa, 0x2)
ioctl$SIOCSIFHWADDR(r1, 0x8914, &(0x7f0000000180)={'syzkaller1\x00', @link_local})
write$tun(r0, &(0x7f0000000040)=ANY=[@ANYBLOB="034886dd010000000000140000006000000003088700fe88a43de1a400000000120000007d01ff020000000000000000000000000001"], 0xfdef)

3.356921754s ago: executing program 5 (id=3055):
r0 = openat$tun(0xffffffffffffff9c, &(0x7f0000000240), 0x0, 0x0)
ioctl$TUNSETIFF(r0, 0x400454ca, &(0x7f0000000040)={'syzkaller0\x00', 0x7101})
r1 = socket(0x400000000010, 0x3, 0x0)
ioctl$sock_SIOCGIFINDEX(r1, 0x8933, &(0x7f0000000000)={'syzkaller0\x00', <r2=>0x0})
sendmsg$nl_route_sched(r1, &(0x7f00000012c0)={0x0, 0x0, &(0x7f0000000080)={&(0x7f00000005c0)=@newqdisc={0x38, 0x24, 0x4ee4e6a52ff56541, 0x70bd2c, 0x25dddbfd, {0x0, 0x0, 0x0, r2, {0x0, 0xffff}, {0xffff, 0xffff}, {0x1, 0xd}}, [@qdisc_kind_options=@q_multiq={{0xb}, {0x8, 0x2, {0x28}}}]}, 0x38}}, 0x0)
sendmsg$nl_route_sched(r1, &(0x7f00000003c0)={0x0, 0x0, &(0x7f0000000200)={&(0x7f0000000280)=@newtfilter={0x44, 0x2c, 0xd27, 0x70bd28, 0x8000, {0x0, 0x0, 0x0, r2, {0x0, 0x8}, {}, {0xc, 0xf2ff}}, [@filter_kind_options=@f_flower={{0xb}, {0x14, 0x2, [@TCA_FLOWER_KEY_ENC_OPTS={0x10, 0x54, 0x0, 0x1, [@TCA_FLOWER_KEY_ENC_OPTS_ERSPAN={0xc, 0x3, 0x0, 0x1, [@TCA_FLOWER_KEY_ENC_OPT_ERSPAN_VER={0x5, 0x1, 0x82}]}]}]}}]}, 0x44}, 0x1, 0x0, 0x0, 0x260580e9}, 0x810)

3.204552317s ago: executing program 4 (id=3056):
r0 = socket$inet_tcp(0x2, 0x1, 0x0)
setsockopt$IPT_SO_SET_REPLACE(r0, 0x4000000000000, 0x40, &(0x7f0000000800)=@raw={'raw\x00', 0x41, 0x3, 0x290, 0x140, 0x19, 0x0, 0x140, 0x0, 0x1f8, 0x1f0, 0x1f0, 0x1f8, 0x1f0, 0x3, 0x0, {[{{@ip={@private, @remote, 0x0, 0x0, 'wlan1\x00', 'veth1_to_bridge\x00'}, 0x0, 0xe0, 0x140, 0x0, {0x0, 0xffffffffa0028000}, [@common=@unspec=@limit={{0x48}, {0x0, 0x1}}, @common=@inet=@socket1={{0x28}, 0xc}]}, @common=@SET={0x60}}, {{@ip={@dev={0xac, 0x14, 0x14, 0x2f}, @initdev={0xac, 0x1e, 0x0, 0x0}, 0x2709fb5a2bab03dc, 0xff0000ff, 'bridge_slave_0\x00', 'pimreg\x00', {}, {0xe8835d89a38d226f}, 0xff, 0x2, 0x1}, 0x0, 0x70, 0xb8}, @unspec=@CT0={0x48, 'CT\x00', 0x0, {0x0, 0x0, 0x0, 0x5c8f0200, 'syz0\x00'}}}], {{'\x00', 0x0, 0x70, 0x98}, {0x28, '\x00', 0x4}}}}, 0x2f0)

3.015436101s ago: executing program 4 (id=3057):
r0 = openat$procfs(0xffffffffffffff9c, &(0x7f0000000040)='/proc/locks\x00', 0x0, 0x0)
r1 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000200), 0x2840, 0x0)
r2 = ioctl$KVM_CREATE_VM(r1, 0xae01, 0x0)
r3 = openat$vnet(0xffffffffffffff9c, &(0x7f0000000140), 0x2, 0x0)
ioctl$int_in(r3, 0x40000000af01, 0x0)
r4 = openat$tun(0xffffffffffffff9c, &(0x7f0000000100), 0x0, 0x0)
ioctl$TUNSETIFF(r4, 0x400454ca, &(0x7f00000000c0)={'syzkaller1\x00', 0x2})
r5 = socket$kcm(0x2, 0xa, 0x2)
ioctl$SIOCSIFHWADDR(r5, 0x8914, &(0x7f0000000000)={'syzkaller1\x00', @link_local})
ioctl$VHOST_SET_MEM_TABLE(r3, 0x4008af03, &(0x7f0000000600))
r6 = socket$packet(0x11, 0x3, 0x300)
r7 = dup(r4)
r8 = fcntl$dupfd(r3, 0x406, r6)
ioctl$VHOST_SET_VRING_ADDR(r8, 0x4028af11, &(0x7f0000000340)={0x0, 0x0, 0x0, &(0x7f0000000180)=""/251, 0x0, 0xe000})
ioctl$VHOST_NET_SET_BACKEND(r8, 0x4008af30, &(0x7f0000000080)={0x0, r7})
r9 = socket$inet6(0xa, 0x2, 0x0)
setsockopt$inet6_udp_int(r9, 0x11, 0x67, &(0x7f0000000080)=0x9, 0x4)
connect$inet6(r9, &(0x7f00000001c0)={0xa, 0x4e23, 0x0, @ipv4={'\x00', '\xff\xff', @dev}}, 0x1c)
sendmmsg$inet6(r9, &(0x7f0000003cc0)=[{{0x0, 0x0, &(0x7f0000003980), 0x171}, 0x97}], 0x400000000000172, 0x4001c00)
ioctl$KVM_SET_USER_MEMORY_REGION(r2, 0x4020ae46, &(0x7f0000000400)={0x0, 0x0, 0x0, 0x20002000, &(0x7f0000000000/0x2000)=nil})
r10 = ioctl$KVM_CREATE_VCPU(r2, 0xae41, 0x0)
syz_kvm_setup_cpu$x86(0xffffffffffffffff, r10, &(0x7f0000000000/0x18000)=nil, &(0x7f0000000140)=[@text64={0x40, 0x0}], 0x1, 0x64, 0x0, 0x0)
ioctl$KVM_RUN(r10, 0xae80, 0x0)
close_range(r0, 0xffffffffffffffff, 0x0)

2.740163506s ago: executing program 2 (id=3058):
r0 = socket$nl_route(0x10, 0x3, 0x0)
ioctl$sock_SIOCGIFINDEX(r0, 0x8933, &(0x7f00000003c0)={'wlan0\x00', <r1=>0x0})
ioctl$ifreq_SIOCGIFINDEX_batadv_mesh(r0, 0x8933, &(0x7f0000000200)={'batadv0\x00', <r2=>0x0})
sendmsg$nl_route(r0, &(0x7f0000000040)={0x0, 0x0, &(0x7f0000000100)={&(0x7f0000000240)=ANY=[@ANYBLOB="480000001000010400000000000000588035045a", @ANYRES32=0x0, @ANYBLOB="5142000000000000280012800800", @ANYRES32=r1, @ANYBLOB="050007000100000008000100", @ANYRES32=r2], 0x48}, 0x1, 0x0, 0x0, 0x20040000}, 0x0)

2.739554724s ago: executing program 5 (id=3059):
r0 = socket$pppl2tp(0x18, 0x1, 0x1)
r1 = socket$inet6_udp(0xa, 0x2, 0x0)
connect$pppl2tp(r0, &(0x7f0000000000)=@pppol2tpv3={0x18, 0x1, {0x3, r1, {0x2, 0x4e21, @initdev={0xac, 0x1e, 0x0, 0x0}}, 0x2}}, 0x2e)
r2 = syz_genetlink_get_family_id$l2tp(&(0x7f0000000040), 0xffffffffffffffff)
r3 = socket$nl_generic(0x10, 0x3, 0x10)
sendmsg$L2TP_CMD_SESSION_DELETE(r3, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000000100)={&(0x7f0000000380)={0x40, r2, 0x1, 0x70bd26, 0x25dfdbfe, {0x5}, [@L2TP_ATTR_CONN_ID={0x8, 0x9, 0x2}, @L2TP_ATTR_PW_TYPE={0x6, 0x1, 0x5}, @L2TP_ATTR_PEER_SESSION_ID={0x8, 0xc, 0xaaa}, @L2TP_ATTR_SESSION_ID={0x8, 0xb, 0x4}, @L2TP_ATTR_RECV_TIMEOUT={0xc, 0x16, 0x7ffffffe}]}, 0x40}, 0x1, 0x0, 0x0, 0x20006911}, 0x0)

2.589118599s ago: executing program 0 (id=3060):
r0 = openat$sw_sync(0xffffffffffffff9c, &(0x7f0000000380), 0x0, 0x0)
ioctl$SW_SYNC_IOC_CREATE_FENCE(r0, 0xc0285700, &(0x7f0000000140)={0xbf48ce7, "1803c80980000000080000000003000000d600", <r1=>0xffffffffffffffff})
r2 = openat$sw_sync(0xffffffffffffff9c, &(0x7f0000000000), 0x101000, 0x0)
ioctl$SW_SYNC_IOC_CREATE_FENCE(r0, 0xc0285700, &(0x7f0000000340)={0x2, "fa02791d2a69a2610f02000000000000001100010000000800", <r3=>0xffffffffffffffff})
ioctl$SYNC_IOC_MERGE(r3, 0xc0303e03, &(0x7f0000000080)={"6739669f274d13b691ebe45b00e4f5b53e0ca34dd02acecdc67c5e3126628168", r1, <r4=>0xffffffffffffffff})
r5 = openat$sw_sync(0xffffffffffffff9c, &(0x7f0000000180), 0x28d00, 0x0)
ioctl$SW_SYNC_IOC_CREATE_FENCE(r2, 0xc0285700, &(0x7f0000000240)={0x1b, "8a6035ceeae3ecc42317afad010000000000000400", <r6=>0xffffffffffffffff})
ioctl$SW_SYNC_IOC_CREATE_FENCE(r5, 0xc0285700, &(0x7f00000004c0)={0x9, "34e6498c270e0000b56a000005000000000000000000000000000100", <r7=>0xffffffffffffffff})
ioctl$SYNC_IOC_MERGE(r4, 0xc0303e03, &(0x7f00000000c0)={"0e337b42cc00d331ff0007000000000000001a00", r7, <r8=>0xffffffffffffffff})
ioctl$SYNC_IOC_MERGE(r6, 0xc0303e03, &(0x7f0000000040)={"130f2672af9ee0452321864922cd3bebd7f9cec5064e58445f1268334b4900", r8, <r9=>0xffffffffffffffff})
ioctl$SYNC_IOC_MERGE(r4, 0xc0303e03, &(0x7f00000002c0)={"31ec869d1bdbb2f104dd52ad43b7db0600000000000000e1070000001b00", r9})

2.520110616s ago: executing program 0 (id=3061):
ioctl$TUNSETIFF(0xffffffffffffffff, 0x400454ca, 0x0)
r0 = socket$inet_udp(0x2, 0x2, 0x0)
bind$inet(r0, &(0x7f00000001c0)={0x2, 0x0, @local}, 0x10)
r1 = openat$iommufd(0xffffffffffffff9c, &(0x7f0000000040), 0x0, 0x0)
ioctl$IOMMU_VFIO_IOAS$CLEAR(r1, 0x3b88, &(0x7f0000000140)={0xc, 0x0, 0x2, 0xfdfd})
connect$inet(r0, &(0x7f0000000480)={0x2, 0xfffd, @multicast1}, 0x10)
sendmmsg(r0, &(0x7f0000007fc0), 0x800001d, 0x0)
r2 = socket$nl_route(0x10, 0x3, 0x0)
sendmsg$nl_route(r2, &(0x7f0000000040)={0x0, 0x0, &(0x7f00000002c0)={&(0x7f00000000c0)=ANY=[@ANYBLOB="3800000010005fba00"/20, @ANYRES32=0x0, @ANYBLOB="800002010800000008001b000000000008000d"], 0x38}}, 0x0)

1.884608745s ago: executing program 2 (id=3062):
r0 = socket$nl_netfilter(0x10, 0x3, 0xc)
sendmsg$NFT_BATCH(r0, &(0x7f00000001c0)={0x0, 0x48, &(0x7f0000000000)={&(0x7f0000000500)=ANY=[@ANYBLOB="140000001000010000000000000000000000000a20000000000a03000000000000000000010000000900010073797a300000000044000000090a010400000000000000000100000008000a40000000000900020073797a32000000000900010073797a3000000000080005400000001f08000340000000074c0000000c0a01020000000000000000010000000900020073797a3200000000200003801c0000800400018008000340000000010c00044000000000000000000900010073797a300000000038000000020a01"], 0x110}}, 0x0)

1.796589728s ago: executing program 5 (id=3063):
r0 = socket$nl_netfilter(0x10, 0x3, 0xc)
sendmsg$NFT_BATCH(r0, &(0x7f000000c2c0)={0x0, 0x0, &(0x7f0000000200)={&(0x7f00000000c0)=ANY=[@ANYBLOB="140000001000010600000000000000000021000a28000000000a0101000000005e1affd5020000000900010073797a300000000008000240000000032c000000030a01030000e6ff1b00000002000000090001"], 0x7c}}, 0x0)

1.76220852s ago: executing program 4 (id=3064):
r0 = socket$nl_netfilter(0x10, 0x3, 0xc)
sendmsg$NFT_BATCH(r0, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000000)={&(0x7f00000002c0)={{0x14}, [@NFT_MSG_NEWTABLE={0x20, 0x0, 0xa, 0x401, 0x0, 0x0, {0x1, 0x0, 0x3}, [@NFTA_TABLE_NAME={0x9, 0x1, 'syz0\x00'}]}, @NFT_MSG_NEWCHAIN={0x2c, 0x3, 0xa, 0x101, 0x0, 0x0, {0x1}, [@NFTA_CHAIN_TABLE={0x9, 0x1, 'syz0\x00'}, @NFTA_CHAIN_NAME={0x9, 0x3, 'syz2\x00'}]}, @NFT_MSG_NEWRULE={0x70, 0x6, 0xa, 0x401, 0x0, 0x0, {0x1, 0x0, 0x2}, [@NFTA_RULE_CHAIN_ID={0x8}, @NFTA_RULE_EXPRESSIONS={0x48, 0x4, 0x0, 0x1, [{0x1c, 0x1, 0x0, 0x1, @exthdr={{0xb}, @val={0xc, 0x2, 0x0, 0x1, [@NFTA_EXTHDR_OFFSET={0x8, 0x3, 0x1, 0x0, 0x2}]}}}, {0x28, 0x1, 0x0, 0x1, @cmp={{0x8}, @val={0x1c, 0x2, 0x0, 0x1, [@NFTA_CMP_DATA={0x8, 0x3, 0x0, 0x1, [@NFTA_DATA_VALUE={0x4}]}, @NFTA_CMP_SREG={0x8, 0x1, 0x1, 0x0, 0x2}, @NFTA_CMP_OP={0x8}]}}}]}, @NFTA_RULE_TABLE={0x9, 0x1, 'syz0\x00'}]}], {0x14}}, 0xe4}, 0x1, 0x24}, 0x0)

1.714781134s ago: executing program 5 (id=3065):
r0 = socket$nl_route(0x10, 0x3, 0x0)
ioctl$sock_SIOCGIFINDEX(r0, 0x8933, &(0x7f00000000c0)={'hsr0\x00', <r1=>0x0})
sendmsg$nl_route(r0, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000000100)={&(0x7f0000000440)=ANY=[@ANYBLOB="4c00000010000104000000080000000000000000", @ANYRES32=0x0, @ANYBLOB="03000000000000001c0012800c0001006d6163766c616e000c000280080007000800000008000500", @ANYRES32=r1, @ANYBLOB='\b\x00\n\x00', @ANYRES32=r1], 0x4c}}, 0x0)

1.636487944s ago: executing program 2 (id=3066):
r0 = socket$nl_route(0x10, 0x3, 0x0)
ioctl$sock_SIOCGIFINDEX(r0, 0x8933, &(0x7f0000000040)={'tunl0\x00', <r1=>0x0})
sendmsg$nl_route_sched(r0, &(0x7f0000001200)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000c40)=@newqdisc={0x150, 0x24, 0x4ee4e6a52ff56541, 0x70bd2a, 0xfffffffe, {0x0, 0x0, 0x0, r1, {}, {0xffff, 0xffff}, {0x16, 0xffe0}}, [@qdisc_kind_options=@q_red={{0x8}, {0x124, 0x2, [@TCA_RED_STAB={0x104, 0x2, "09200020000000008f29d158039b90627d7b60f0d5ca47f33eed46409b7c8722ce020df6b24c2e6ac7b97dc04d01be2092874115214b1ebb764511f69cd1e9f6263346363d2c639c76000067af25166c2f0f85f36aa8867406119c010400002e31dea98204000000d560eae59ea49ef95d73202a6e3b5e1eb38244e694e7410d33bc92794ad27031f2a19698b5142ddf36e2a876a4fc871207bf12a84f1d4d132f5bb7edcf2d08d677e6a7268e106b6ced3c7f53df24092ddb9e0fac6a1153c3fc88bfd1404fef22cf3e825a6e19c6a48a5444eabb459ac3ec9a278df4011773d2f2e6529ed0ad424b47ec67522477f979360b76d1008000"}, @TCA_RED_PARMS={0x14, 0x1, {0x3f26, 0x71, 0x81, 0x2, 0xb, 0x12, 0x5}}, @TCA_RED_MAX_P={0x8, 0x3, 0x1}]}}]}, 0x150}, 0x1, 0xf1ffffff}, 0x0)

1.634307708s ago: executing program 4 (id=3067):
r0 = openat$vicodec1(0xffffffffffffff9c, &(0x7f00000000c0), 0x2, 0x0)
syz_usbip_server_init(0x0) (async)
ioctl$VIDIOC_G_TUNER(r0, 0xc054561d, &(0x7f0000000100)={0x8, "ddd60015cbbba33438dbaf77fe83733e0351c666ce25ca755b3ceb1c34e6b45a", 0x2, 0x100, 0x6, 0xfffffff9, 0x0, 0x4, 0x2})
r1 = socket$nl_route(0x10, 0x3, 0x0)
sendmsg$nl_route(r1, &(0x7f0000000040)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000100)=ANY=[@ANYBLOB="6c0000001000ffff28bd7000f8dbdf250000395c", @ANYRES32=0x0, @ANYBLOB="0000000000000000440012800b000100697036746e6c000034000280140002002001000000000000000000000000000014000300ff02007a0d00000000000000000000010500280029000000080004"], 0x6c}, 0x1, 0x0, 0x0, 0x24004845}, 0x40014)

1.523476041s ago: executing program 0 (id=3068):
syz_open_dev$dri(&(0x7f0000000280), 0x1, 0x0)
r0 = socket$nl_route(0x10, 0x3, 0x0)
sendmsg$nl_route(r0, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000180)={&(0x7f00000002c0)=@ipv4_newroute={0x24, 0x1a, 0x1, 0x70bd28, 0x25dfdbff, {0x2, 0x0, 0x20, 0x1, 0x0, 0x0, 0x0, 0x2c43f19b53dfe4bb, 0x2000}, [@RTA_DST={0x8, 0x1, @remote}]}, 0x24}, 0x1, 0x0, 0x0, 0x440c1}, 0x0) (fail_nth: 4)

1.400532793s ago: executing program 2 (id=3069):
sendmsg$TIPC_NL_PEER_REMOVE(0xffffffffffffffff, &(0x7f0000000500)={0x0, 0x0, &(0x7f00000004c0)={&(0x7f0000000280)=ANY=[@ANYBLOB='x\x00\x00\x00', @ANYRES16=0x0, @ANYBLOB="00022abd7000fcdbdf2514000000640001802c0004001400010002004e210000000000000000000000001400020002004e21e00000979520d9000000000008380000000000140002800800020002000000ba63bda8bd26182088d8080002000300"/114], 0x78}, 0x1, 0x0, 0x0, 0x4000064}, 0xc010)
r0 = socket$netlink(0x10, 0x3, 0x0)
sendmsg$nl_route(r0, &(0x7f0000000600)={0x0, 0x0, &(0x7f0000000340)={&(0x7f0000000040)=ANY=[@ANYBLOB="48eb0027c9eedfb0ebac0010008105000000000000009700", @ANYRESHEX, @ANYRES32=r0], 0x48}}, 0x1)

1.293365188s ago: executing program 2 (id=3070):
r0 = socket$nl_generic(0x10, 0x3, 0x10)
r1 = openat$tun(0xffffffffffffff9c, &(0x7f0000000000), 0x40201, 0x0)
ioctl$TUNSETIFF(r1, 0x400454ca, &(0x7f0000000380)={'syzkaller1\x00', 0x19d7188d110b7b73})
openat$sndtimer(0xffffffffffffff9c, &(0x7f0000000000), 0x101343)
syz_open_dev$vbi(&(0x7f0000000000), 0x1, 0x2)
chdir(0x0)
r2 = syz_usb_connect$hid(0x0, 0x36, &(0x7f0000000300)=ANY=[@ANYBLOB="12010000000000106b14020900000000000109022400010000000009040000010300000009210000000122050009058103"], 0x0)
syz_usb_control_io(r2, 0x0, 0x0)
syz_usb_control_io(r2, &(0x7f0000000580)={0x18, &(0x7f0000000240)=ANY=[@ANYBLOB="400cff"], 0x0, 0x0, 0x0, 0x0}, 0x0)
r3 = openat(0xffffffffffffff9c, 0x0, 0x0, 0x0)
ioctl$SNDRV_TIMER_IOCTL_GSTATUS(r3, 0xc0505405, &(0x7f0000000600)={{0x1, 0x3, 0x8, 0x1, 0x2}, 0x5, 0x805, 0x8})
syz_genetlink_get_family_id$tipc(&(0x7f0000000200), 0xffffffffffffffff)
r4 = socket$nl_generic(0x10, 0x3, 0x10)
r5 = socket$nl_netfilter(0x10, 0x3, 0xc)
sendmsg$NFT_BATCH(r5, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000040)={&(0x7f0000000180)={{0x14}, [@NFT_MSG_NEWTABLE={0x20, 0x0, 0xa, 0x401, 0x0, 0x0, {0x1, 0x0, 0x2}, [@NFTA_TABLE_NAME={0x9, 0x1, 'syz0\x00'}]}, @NFT_MSG_NEWCHAIN={0x2c, 0x3, 0xa, 0x201, 0x0, 0x0, {0x1, 0x0, 0x4}, [@NFTA_CHAIN_TABLE={0x9, 0x1, 'syz0\x00'}, @NFTA_CHAIN_NAME={0x9, 0x3, 'syz0\x00'}]}, @NFT_MSG_NEWRULE={0x5c, 0x6, 0xa, 0x401, 0x0, 0x0, {0x1}, [@NFTA_RULE_EXPRESSIONS={0x2c, 0x4, 0x0, 0x1, [{0x28, 0x1, 0x0, 0x1, @objref={{0xb}, @val={0x18, 0x2, 0x0, 0x1, [@NFTA_OBJREF_SET_SREG={0x8}, @NFTA_OBJREF_SET_NAME={0x9, 0x4, 'syz2\x00'}]}}}]}, @NFTA_RULE_CHAIN_ID={0x8}, @NFTA_RULE_TABLE={0x9, 0x1, 'syz0\x00'}, @NFTA_RULE_USERDATA={0x5, 0x7, 0x1, 0x0, "89"}]}], {0x14}}, 0xd0}}, 0x0)
socket$nl_generic(0x10, 0x3, 0x10)
r6 = socket$inet_udp(0x2, 0x2, 0x0)
r7 = seccomp$SECCOMP_SET_MODE_FILTER_LISTENER(0x1, 0x0, &(0x7f0000000000)={0x2, &(0x7f0000000140)=[{0x6, 0x8, 0x94, 0x7fff0000}, {0x0, 0x5, 0x7, 0x1ff}]})
close_range(r7, 0xffffffffffffffff, 0x0)
connect$vsock_stream(0xffffffffffffffff, &(0x7f0000000000)={0x28, 0x0, 0x0, @hyper}, 0x10)
mprotect(&(0x7f0000000000/0x800000)=nil, 0x800000, 0x5)
io_uring_register$IORING_REGISTER_FILES(0xffffffffffffffff, 0x1f, &(0x7f0000000000)=[0xffffffffffffffff], 0x1)
setsockopt$SO_BINDTODEVICE(r6, 0x1, 0x19, &(0x7f0000000040)='pimreg1\x00', 0x10)
socket$nl_netfilter(0x10, 0x3, 0xc)
r8 = syz_genetlink_get_family_id$tipc2(&(0x7f0000000100), 0xffffffffffffffff)
sendmsg$TIPC_NL_KEY_SET(r4, &(0x7f0000000100)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000200)={0x5c, r8, 0x1, 0x0, 0x0, {}, [@TIPC_NLA_NODE={0x48, 0x6, 0x0, 0x1, [@TIPC_NLA_NODE_KEY={0x3c, 0x4, {'gcm(aes)\x00', 0x14, "e3de3d7b4cd07ec3ee777de774fc7987cca41989"}}, @TIPC_NLA_NODE_REKEYING={0x8, 0x6, 0xffffffff}]}]}, 0x5c}, 0x1, 0x0, 0x0, 0x4}, 0x4000004)
r9 = openat$sysfs(0xffffffffffffff9c, &(0x7f0000000040)='/sys/power/resume', 0x169a82, 0x109)
write$UHID_CREATE2(r9, &(0x7f0000000480)=ANY=[@ANYBLOB="0b00000073797a310000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000073797a30000000000000000000008000000000000000000000000000000000000000002a8a3e27de5a41000000000000000000000000000000000000000000000000000000000073797a310000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000810021000000c747000001000000fcffffff84a63c6e747f82060ca3397e24ae686a80e6d872400de79cb1fd705e33244760d8404dc685e3f468c6707e5059aed583b5c96ebcc908"], 0x118)
ioctl$F2FS_IOC_MOVE_RANGE(r0, 0xc020f509, &(0x7f0000000280)={r4, 0x4, 0xffffffff})
bpf$OBJ_PIN_PROG(0x6, &(0x7f00000001c0)=@o_path={&(0x7f0000000080)='./file0\x00', r9}, 0x18)

1.055964478s ago: executing program 0 (id=3071):
r0 = socket$nl_route(0x10, 0x3, 0x0)
ioctl$sock_SIOCGIFINDEX(r0, 0x8933, &(0x7f00000003c0)={'wlan0\x00', <r1=>0x0})
ioctl$ifreq_SIOCGIFINDEX_batadv_mesh(r0, 0x8933, &(0x7f0000000200)={'batadv0\x00', <r2=>0x0})
sendmsg$nl_route(r0, &(0x7f0000000040)={0x0, 0x0, &(0x7f0000000100)={&(0x7f0000000240)=ANY=[@ANYBLOB="480000001000010400000000000000588035045a", @ANYRES32=0x0, @ANYBLOB="51420000000000002800128008000100687372001c", @ANYRES32=r1, @ANYBLOB="050007000100000008000100", @ANYRES32=r2], 0x48}, 0x1, 0x0, 0x0, 0x20040000}, 0x0)

981.931805ms ago: executing program 5 (id=3072):
r0 = socket$nl_xfrm(0x10, 0x3, 0x6)
sendmsg$nl_xfrm(r0, &(0x7f0000000340)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000140)=@newsa={0x138, 0x1a, 0x713, 0x0, 0x0, {{@in6=@loopback, @in=@loopback, 0x0, 0x0, 0x0, 0x2}, {@in=@local, 0x0, 0x33}, @in=@dev={0xac, 0x14, 0x14, 0x2a}, {0x0, 0x0, 0x0, 0x0, 0xb4, 0x0, 0x0, 0x20000000}, {}, {0xfffffffe}, 0x0, 0x0, 0xa, 0x2, 0x0, 0x2a}, [@algo_auth={0x48, 0x1, {{'rmd160\x00'}}}]}, 0x138}, 0x1, 0x11}, 0x0)

920.2567ms ago: executing program 0 (id=3073):
r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0)
r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0)
r2 = syz_kvm_setup_syzos_vm$x86(r1, &(0x7f0000bfd000/0x400000)=nil)
r3 = syz_kvm_add_vcpu$x86(r2, &(0x7f0000000080)={0x0, 0x0})
r4 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000380), 0x0, 0x0)
r5 = ioctl$KVM_CREATE_VM(r4, 0xae01, 0x0)
r6 = syz_kvm_setup_syzos_vm$x86(r5, &(0x7f0000bfd000/0x400000)=nil)
r7 = socket$inet6_sctp(0xa, 0x1, 0x84)
sendmmsg$inet6(r7, &(0x7f0000000e40)=[{{&(0x7f0000000240)={0xa, 0x4e1f, 0x61, @dev={0xfe, 0x80, '\x00', 0x15}, 0x3}, 0x1c, &(0x7f0000000080)=[{&(0x7f0000000040)="14", 0x1}], 0x1}}], 0x1, 0x931766f6319eed00)
shutdown(r7, 0x1)
setsockopt(r7, 0x84, 0x80, &(0x7f0000000000)="0000000000000002", 0x8)
syz_kvm_add_vcpu$x86(r6, &(0x7f0000000080)={0x0, &(0x7f0000000f40)})
ioctl$KVM_SET_CPUID2(r3, 0x4008ae90, &(0x7f0000000000)={0x1, 0x0, [{0x40000001, 0x4, 0x2, 0x31237648, 0x6, 0x2, 0x80}]})
r8 = socket$nl_generic(0x10, 0x3, 0x10)
r9 = syz_genetlink_get_family_id$nl80211(&(0x7f0000000100), 0xffffffffffffffff)
sendmsg$NL80211_CMD_GET_MESH_CONFIG(r8, &(0x7f00000001c0)={&(0x7f00000000c0)={0x10, 0x0, 0x0, 0x4080800}, 0xc, &(0x7f0000000180)={&(0x7f0000000140)={0x14, r9, 0x4, 0x70bd28, 0x25dfdbfb, {{}, {@void, @void}}, ["", ""]}, 0x14}, 0x1, 0x0, 0x0, 0x40000810}, 0x4000000)
ioctl$KVM_CAP_HYPERV_ENFORCE_CPUID(r3, 0x4068aea3, &(0x7f00000002c0)={0xc7, 0x0, 0x1})
ioctl$KVM_RUN(r3, 0xae80, 0x0)

789.943644ms ago: executing program 5 (id=3074):
r0 = openat$fuse(0xffffffffffffff9c, &(0x7f0000000080), 0x2, 0x0)
syz_mount_image$fuse(&(0x7f0000002040), &(0x7f0000000000)='./file0\x00', 0x8, &(0x7f0000000280)=ANY=[@ANYBLOB='fd=', @ANYRESHEX=r0, @ANYBLOB=',rootmode=00000000000000000040000,user_id=', @ANYRESDEC=0x0, @ANYBLOB=',group_id=', @ANYRESDEC=0x0, @ANYBLOB=',default_permissions'], 0x0, 0x0, 0x0)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f00000000c0)={<r1=>0xffffffffffffffff, <r2=>0xffffffffffffffff})
sendmmsg$unix(r2, &(0x7f00000bd000), 0x318, 0x0)
recvmmsg(r1, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
r3 = gettid()
timer_create(0x7, &(0x7f0000533fa0)={0x0, 0x21, 0x800000000004, @tid=r3}, &(0x7f0000bbdffc)=<r4=>0x0)
timer_settime(r4, 0x1, &(0x7f0000000280)={{0x0, 0x989680}, {0x0, 0x3938700}}, 0x0)
r5 = landlock_create_ruleset(&(0x7f0000000040)={0x0, 0x3}, 0x10, 0x0)
landlock_restrict_self(r5, 0xc)
poll(0x0, 0x0, 0x9)
syz_fuse_handle_req(r0, &(0x7f000000a100)="58785f58471eb4b5b3ff3946acaad41068511507291e72541d949ffc8a54ff637ccef1fe8511899ea7f3c82cbc6539763a34f6760c1608c911801ca672e62708ba4fc023749076ff6a0daba0caa57000acbd9ecf5e97201f7f14e715bc8c089c3d65e92fd65dedb76d61715067ccf6dfec2b56a48f2b274b564d90c3d868f2bdc07b7e636ad78904bca826fa69b7783e7be2b8e7c997b99225467747875695f6d500cb82b479fe9486bb94e06f796f89906bbfccc964830f86986760ade90c3f7a9dde3172a5124c1889075ad30b5ee2a5f257a6ac790a8e89b247ccbc8d241b7b95f8fc649deffc1bc37d51a8c3dfae38ac968eb48695de38df941f9632ef9ad6779e41ccea8a3ff1cac4fa4b47a152a8f9a1bb0094f41580bbf60fa11cfaf2c535a12c866e9414ee9b58226fbdb0d221e1bdc50e3fa300351364f6350030383856f1f809aee19f337f3d3435ae6754916be1eec24643cec1bd1007ffa38418735988cc901603895f66bd6450d54f99e1246ded898499d2a447f899c00368ce1dd4a4f4cf9cdf7d4f8b38d7b98a598ac490f1086ec712b0cb94610abfdb25b0f6947b46e1dd628897ab68445568578049fa6140250a5d821d70f102fadc2fa273a6e486f250712ec847de3b02a121e19775311e8629045f3404bdfa3207aecdac43c3571b86a9423bd716aa67cb688f9ee4f2b14ea42c89f2766c78fd4ec41ab34eebb4256e885bd7e3abe4348772993bb630aa3397084bbc66cdad664d6a9d33767cc375a44dbc0b08931053a6780a796fd31e1d7c512599f9e010883a52c07ec0938ce1acb3fe3baac6af9fb7e9d7942662e41bd3626d240d5ed34ebcbcc0ccf1c3280c76fbf6cdfb04bdb2d3b4ec6a8961b1eb036b211eff6247b95039cc67d222f2ff122340c56d74b4fffa79a202144bb10ad766f1fd6b3276342baf2fdbd26e9563dadd01fce19d7ec025d05d0494e53229379d13c1cae48ec058cff0bc1ccdc94a74b11a9bc87c580bb6a3f45fe15d15d89bf6102dc1085bfe27b2ab462aaf642b8ceed519cf88b31e9e00fdc23e8f6967a72b4c38b2458656dbf26dd75586731bb519a97d0ff43f4358cd40c7ed371ae8a24f46e320d4c4c0a1b8c42f10908a1c283d8032d76f52d4509d78c2f3a0716c37bc0c786ce9174a88d468e88a6d154e4712778aecded0ca5de28e52c04e33672ecea5135438e908aa1bf00e65ba6dacc4bd018b7bb1c30aa5d9acc679220cb5e7207f1759bd7722d10469225aae24973031a21358532a63aab42f33b1f8f40d545fec7799703ba067592b34247fbc7375acdcb3883ace7d34cf33484f2cf662f3f0e18b5c475ae311fb20f6e6b85320b2bc37e56512dc27815b37bfd9f172be1a119197eb53b535c440f97f24724e1d466309c0f8556965bd02d75c3dbe2baa0c6a515db07af1f77306577d0b38f0aa8cb188cf5523368951b8210f4bfc6afa0d058ad84656d27a46faef225e6268396ecb54a5182591bff3a86792db5454e238afe7c26eae85fd3c1c060760d89223bbdbe8966ae2558f47d799839cd959c974b69ad262cf8ab4fee554288e767ede9bc5d7f0cfba05966ef7858e41db363122680abe978345d45e4b52b73fe9f52ad26371a5b0539d88aa0c572aa01a41b079dde5a14e031ad903629d06c8d85ad82828c25a9ba7ce0fef2316eb011643e47feca7d280833f8b3008841fb2d88ea84df65b03aa5baaa29d6234ed5db8db461fc5df77aad38690277cd5dac1ed3c23c9f2778295578561f9a4d31159a826b4b62b2a867e6e8a9514edddaacad22106880e6633fb2f3b17c8d10bec633d6128489f7253b3e3e38e5942743ddd1547dfab27a152549f61891e3a5ad17f733b042f7ef915ad7423b9719fee9142407fe1d10ec8b64a21cd24fd39de4496ca3f394f07149bdbf1393181b5afee090ff40ee31d34a9c6a113e3823fac425fa85e212de1a9f7c4937ba64f3327961fccf85e6fa29be12de9589671d60d4658b1562ce7dedcde8ec79d265c13f5e197b66989c3f067d2801fcd78bb92b45e55fb4089a7cd3b179284af782ae0327ba56fc307a281772384448ee465dccefe41be8d75c8cd0eb5c0217d7ca706848f9b82500b77c2d838cbd536304556af87d3b6fb9183b5dc9cf2d0f7ecbb24d9f790151b9c6092dfb2c14decbe6448362cd7c13515f66a99c37b56134d12e8c7f1a5b75e14e47f84d8658f0b65ea91014e2e4fd361f03dbf8ca509d426ca1bba7e43ce918268393ff16b17d9e1bb49fb2b4f6eeb8b4b226c79303b19412a55b7ea7c8774ccebd8d66abe117a8be9a3c4faea730902136df57aff991b59dd71610ba4c8e1cded8287c21c56526f4fb6c502ea73ae310d56640990b3e695b278de6e1eebd51108cf7547c0e457e5fdf59691baf080dd3f5dc3c9a10bd4cc5e10ba42d4d3d9dc4f7ebe0bd2981a1d6fb06f7457dca1e56fac3f0fa7ca19ec2fb7940ee837e960d93a73bf085eaa2888fe3025aadd33cae85d63273be6ae3a92e35d78602d8e23b9460f04b7c0e0e710d10fdb0dd3fa9b880865603500d81dc7e968e8046569830b526e441f25f8b0af47d524aa80fd7dd9c3f72facec2032e2c06bc33c6b739c5368bf54e32b6acdca9d2d14276a8348ae92bfbd60f6aceecf98f3c6fe70747499b25667a96c52e21236421b27deafbc6b5e2b8a4ea2a0d3cd5ee1a10f3153b529b5c04a1961223a943842e17ee0cd114ce6983536400fc40f3d4708436954803fd60caf2b5ed7e4ce90bc75385e2424191c6a5038fa15d99aade49fa1affe63fb73078a6bb4ee560b0b521aeb33f507bdf876829f4d3f695197468e41503a10870a8e6df800608ac33dfdecc03f64d03fb6180287a684063c7edfc8db1366f6bb502fe446085f6acc4741b273a0b736f0f55da28967390bc7434db54ad0da9d1d002ceaa5c3e53efa95e7aaa792db32501a072e669da29fb734d771a6fa8c753fb2fcc204e31d668992473e7937fcf751bc79b125db1725f2a495bd2a4207e4db8d44810a4db5113705c5cb8733866ade3375d1bdbcb965cbd927e7d285f2933bf037911959088b64cfac0ff1e39244f2e9416653ed87ec564eb686af1062354a8bd7034c1022cb0d0b6996762ef4a0a3ab4f3deb459f023a867a38fcad2a10fcf0872862b386ff7c5ea7ce13abb112d1f0ed0723870eccc76d16f7e3cc00e28945bb93d9f2bd8e2017993102f0824867ec141f20df951202a2ab1cd796516ca0b4fdd9e6de8b82fcd30f9ab85cf0a5547e1ad1ef1ad5be7a878a16864d7c06b4ae002f3ba485a9bb36b8a591ecb64a4a5c0fd3b4beb015f58ea4cfe190f3b46cc4d9108d10c52a9de859814edac575d2a3d937a9b31db049e70aa76c085ab63d61c1317205c228f7027fa39125de8fec40ed7982e36a7cfa9fedca30f0b692bd4c7794f6b56d69ada1fed168cf03cc57321fe37e3a8cea4bd093e87b657fe5acb13d2591bebb526301d16707eaa38e52f913f8aa3e27b2387ca1a217ac69966e287ad5cb0286535d5d00b7006661dbc7923a066945c1a2040a4e95d7b0de4dc8217bf1d4e9b6cccc671fdd9a5770c21e749b407df8c463a3bf17e47bfcba6a890a0435d3fbb7252fe072b149b7bfeb185b088686dd70e0c9cda275497b553aff2b319f7d7b0ed64002c5f9f6ccfc3d55d8c908d314487452f37a650f4561326a84c660b6111702a87db03595b5d080c60288203f091de9f78b997e47233f4bab9b044a98ab118a6c45b7ca746cc2fb90182a923d67216412e24a955c0c2307acc47bdd319955249d8412a5ccf444437f53f524c69ba0167c920f0c1f775cd1a225636200a9e4adf61f418d20f717339d0c8c5386af0936f628cc589a8d5581c1c8cad0b564a3f38b606473280a3fa586a5ba932fd38eeb23096df29a92ab54c409f88ef4f03217f0bb90fea539e629d8a025c802f6b5c3d735fe950c8ff7136e6db287851dfbffea1ef81491a50cb75a103367e85afa3484d6af865dfbca91dc05632b0d94aa384ee0c585424a5ddf80babe0b913b0a2eedda34c7ea7814642a69f8eae868274b16fe0f52fb60b201e6685dad3f419413d5b8186992855a25ffe0d4773a14c7977181a120cbc42af4f9acca3fee1d54ccc125ea49b62ab60c58a0ecdf50ee7c16f3b6b12b254fc08fcc85d409eef7c3f30cf705617f926a17e6588a9fd7e34be9fd863a7b157a2d9a336356d568c2d2dbaf76c2d2b2ff8703748b860e36f02b04d6e4f2fd49511f12ce395dc18622cd51948a32cc432cd797d8a68838cebbbdd9bcb6f2e85719785706012e894cb043bb9a53998131fd4aae3321d81fc001e718c4a99c0580af1d4a0c81665cc5adcf337c8bc00fc0fb3c7be0d5e5ff6a6fae5891858eafedbed69223170ccc71ce36ae439d769c3520972601fbab93f54808d6950cb7cf1e5a3b32d8c6a975e3adccca0b2ee28a4eb5ca3b0ceb9d31a8f767c3f4486a62215171738007675a55abf5916513f7eb9b21ff291f2b4b48bbfcf394cf861fe016b3680be422a8bff49963ce096d1bc17186822b1392e68b1a05fa6c70bd2d9a164f12301a6e78caa8f4cd437497320d383e752dd224aeef80794d3f206741363e74fa181c9f1dc47557553de620794f096c59ccd74a178f5adb466ad5a62fffc1886f56ebceca4ed46ed2396bcbc31160b4eb1b7d69642e33315e3adbdbe1b9794931e7babf745ecfca37dd4190013793d530df12d6521bc069a05a94e0ffe91900a0c2209a6914d2f85bd161ff77284198129a9b1ba600bda3e52769d39c1bd61c4a70c627c3ad89aa0bdf0c93a2c35e166da9a08b4d2f92deacb6e9034274305b6d254c4052868ba32bec9aa3cec75debe24e78e43374efffe444722a983935f9007fe3de37dd83c52be16e034d09592a179275dd0c91281be579cd19c0162123886893713f25cdae19cf258926bf2070741111eee6b3df708c3fc416b7d046c948bf8500779c0cd5460e640bb1f860f58052b8087e6eb2f16e48f4984c9f9fc9fb2652ac5305861ece5362db08ae912ba055af766da1322057d0bfa647d98b8d4f1e7ed43ecdf1050c0eb19dae93b8014da57241cdab4ffacf0ec1348d4a89b3e8ff187098d83d8eba34e5c7ad4215f1977968a9d337d08fd1188754e7cf41baf0189ccaa5f3b1005f807b0255ce1920ca7d919e4684af70c3d089a99922727c607a2b06e713dd61122842a913036f6cd64dfb313fbdf639fcbd712852bb85337d056685b0a54225ae27e1e8c7ce5acd1f017b8f712c268b9cc0ee26d26c63f0a8b0a40fccec5f945431a2e81c35720d178feb481092e4f51978493c5fd502f252bc0152f145f268ead14932990069169483ecc7abc901657460c8730715c078b61059bd2621f50fb838376e0b808a3f118f761efea45bbac4274016960063cc67c428e72e516685552dc3bf473e442d76f2d3ed07b319694490054302a538b52e3b8496b7e37fbf4a2ffff2b484f98fdb14c66ecb8447834733f8a7a5a3c83de34b6647842dd56d8201f9d9240f3b3a5b5cbccf174a08853d06fd164fe74e04608ae12df8a35b73517d22a87c7ebca60942932d03102ff7e8644611b5520b5ebce950945498ce19210c866e48284d18fb7e049deaa43ee5283e3dfad7316ba85490e93182d13efe7ba64ee5ceeaabcff3eb24d46a3a129dd5a6b82e8c48210cb1e6564833f3e15dda4dec383b4319741cebf6374cf2c5d64722afccf7c4e2d81ae28d45f2c35b764281f1f08fec8f8e9277277ae1ae8a8981f85e041d2450afc9374e978f73b66da9aadb2087223f28e21e946eb07710ec86cdcad0948d4ca93827ea34e28806d172c3feb83471ed2d4d7ada2360b209d16b9d35861082d85b6be3c3589a6bdaf6f9b5d52ac8fd7388e32b24f1d5d34b5442c1ceebde311decd709f075d064f07bc60ab14c101ef51039eed56ae1e0a374e3e956603737b3a16db684a81e9b8998a0bb9b17a0876a92b2a3b9924f44b16ae4c7ff376ea8a8c91b504c1dbeb522cf846fc3ec6b9a01f452eeb35cade34c6a0463b92c46e013ee7906ee934141870ddd1464ae688805933504a2dc7cb1f947e28bf22f5eea6afb5de3b950056bf44065b84fd5589385d0feec4ef1db4fb4b595957130e575dc383e3686f4674143debb23e17b398f32683fb4805f297369d0e5f2e63af6891491e4e37186b4a3dffbbdcfff63d1fea4e12d24ef96fde3ed7a323a3605cdf5eaa43da738004556c2c20aa30c40079bc2e9ebe102c1fcf5259f1e3acc6b2a2bc9da4d0b1252433c58a1810581152a235e93deabf7f728eace350bcc4db4f249d4234bbd858c4e61a0eda4e3db0ae530c78eb63425502d651fd0cb986341ba69c44ede18eb3ebf25b2336cdda02447a9e20426d8206368c63b5fd6828612d3b99f627e331bab0009579de8270c36aa03861c300d34f2a3703870712325190073e6c17d8699f6744acb1b5468f93b57ab0366796181a4f543511d7ea2b32606c33cda61e81ed1c2194d305be47a3f1a9145d023620af12e79ec188573526ec35b9ce44e95fdb3530bd0431dd12a227d0ffe317cda1bbd787979261d6c9cf728b3d6bec3ba6ae15a595a30fc242bc5f25d837c1c642219afcfe043bb68a82965574b8b2139789235b262cf4af95a538e6954acf8e27ac3c95328df6e4bd615a376cd96bbc9e0d9802fbb40f80a848225e076219e26e0e63f57330b8bda69ec8dbd8b3272798cbfbb085b1885a1c22b3e2df2a879020ac1110b7af4f53ac97f556596ba0e164df0c85842026a87cf9631c9c9d851549efd8ca37e3b863e88436d5da5f4d3b5b5528e2d08d92b0d3ac6a06a0699653718e93a25b5afe254a068e300751eb6c67e3f5a1813d58d428f1ec108b88ec81444ccb50e8452941510c11f2e80bfd712f64b32b686c92ce922baf6c8eed1e9f0717a654d53b3ce1001880de80b5b15362b20286db9dfdf6c41f48aae84d5ab12ac45310f0eefc56e54113bcf95c1b2a259895af2ae9c679de4e2b898bf8a40a199a2059f8248c1303351dca3fb38906a682f66a94ee660debd6eaaee7b2f1051781084b3c9d626263d011a3daf971b708750a77614753b89b5e1a77a52510ced5708083fb48c554dfd6aacfcf97650f3a3b3f97566050e76da968d4eceb83bc1e005ed1596d6e0ec5e2c90231e62496d7435ec5b28f805e3b7aefdd3718e4ff53065b8e4b15175d80eec59218d8278e711c6049bf6d62ae7069578e957135463d7616b37c1e4bf44d60dac6c7aa04cbbc4a64bb0cc0b059abb6b26f8ed5203232ddd8a6c5882e6e6c53068a71bc84c5834104e85bc96db2163798a3881929248b8c788e5bdc9e46e5f7f3f6ad43fad6fa381a0b924bd938702470b330fb90ba73d557c0d203d55edaed6e3a01aeb53b061dad57713ab27e1a9e0d06b534a65d85beb061bb5258bbb38179ea612a6f402affb8ca018ebf0d6f61d44d5a657c080c7d2dbc9b08c07713b17b0f173ada59b57abb401212f4f1fa026491b48d08cf46a704ab43e46de8ea596d68658523b61a156278b3b77bd1f4491381bfd874ed72b00675fd5b4b7c0ec13c6837434ba8e22230d32e7bb1287e488e14f5c5602cd4ca88012b244c7f23f4897e27027aa862ca139bc8b5fe14be7554832ab02e4ba19699a1e66825d94c7c44451062819a38d3376f0a3716b210c7adf4bfbbc303058aa2e054b3bd53539764f177b11b05451705550f90196997de3d1d480e500cd9d234078cb1a09c63d8911381d327402702c2765fe92b8ba3a0189b2b11b7460996c36eaae3ecb4f4e63bfafd7953ff086dfc0b12e616bbdca4707631467b830d244bd3f4371744bc8a4baac728a397818875d1b6a4a2f0d10be607122a6fe813f52e4456b8a5eb6c9ee0cf889f777a03cc26a055f9f259cfc4f8552b568a4b371260af062619dfb215ecfe7b318f8d627d2777bd5103d6ca2948d19d5812112962b63c2bf3d090ff19185dbc5ad49a580451de717c0baa288cd96669babe88a8b1ab6d0936c4c407878786695f46f59ef06c5c2166b661542c598b6e0551d490946182841184a7a0e669c6ccd73a342f65c4525dc7522dccab15fa72bd07588b5bca71635b9466ca72a504c74cca1c573e8d40d83d1b5c5326481ff8a2055a2e0fb997fe8e4787deaa2a8a57afe74a971e7f1f280895f2fc9d99c41416adef7b70ec47e7a12d0ca3c0ab1dba3c2d65bb172fde1fcd7f97692d3d8c9657e3277ce95947d59bf37dde3f35f7a5d76575f5c14caf7f0926c0896995a5f42efd0d38c42de202bea5b5db39bf697f9a96b54aefec723db523893186634763e7399bfa8029c2708dc817984528601c77a1d78bd4b2c85f10f5ca9363badcdab51a1b315cafa5c2ef64f60395f53efb9d60d89e1b2a5f147508c90d2b09476eee3cb9b5957669a77cd2c522909480dea9be3406d1779ffe4539f2e03efb5f8c2d040f0ea776ff869a36862246294d0ced556a129ef78327617052dc1ef5cfb4e5986ba2f0e063b90e1657d8977b58827a3c4e3d556eb3cf0540685f7c9eda461aa2ecc539fec3d2d56be99a518f11752f2be2f670c5fbe8010ac4eae0ede31c1a48f747ff2eac9fc069d3700a40bf5fcda80a3a4f5fa920f117a72de6da51195d2d7f0cc92ff7835bce2ba6b564832f582df56b24cf30c8297a826a4bbfe0afeb1da3e986b3d0a95509e0037d212a70178ecb246061e067238ea9238e4c4a9a7c6fc5dcba290970f50c52598423336c523f2de7580d059fb53934cb0beb208585e897fafeba30853e54badefa197478fe6b9f26ed0d33babb53acee7b7221d8e0cad7a6bd0d9383ced6391bf88ca7aa50c75c136075e87b92445f02fbbc92f7cb65fe2bbe0bf0c9fc2577da63a56f1efbeb276c1f4d01da6f6f7a842212d96dd45edcd2aee7f2c553ace15eb9336bb1804ec252998c5c8b25033894b05c01ce7c77b73ec0e239478c67d5378fe5a53fe6269025d54006e9bb1cbd09b81a39615517c609f3d74e377888f641587121f0f097b48d8be85800295ebab9407978a9cd379966577cb6e1f5261e4305696a2cdd50d8cb1964d3ae18ec730d40f9c782533efba47db8378c6aa15ce85985e211fff2659729599802a7b585cbef3a2762595f67e2054a0fb4457b146e7a656abb2c4b2387d760f7e5b8b7864132317d5ba29a662f50af8dc182d2fbe216db8e997ac856bc59855ca48999699cd6c5576cc47bf8a8c30638c7e08847e5083aa82068940409461d1065c2b53292d3ab145d5bb590bcd278e48ebd34920b18a2e1731c1855ae5a3ed637ff568d205a08cf98c58f5d79c99912e6c1ab257ece0d68ef13d69a56364419aac7df43f43d5faa9ad851c9810648f9050012e55475109ca3ada3452b78a7964377e0d862e022c73ca3ed6cee8c5fbb2d7c12f91c4851fea7c5b02e0a3c5364b7fcca110f20f8858465c498d7e9c6049417fc5c7d4e0059852a6d794af426e938a401cf43b2ba9f4f3f6f0f2eb710ecf3c0c36c4b3072597f805eca9cb14602292ec7d5601e6b1555c8d024aa4bb81a4cff98cb03725cb184ea7dbed6814106a1402bf68a2e51660af930a500d5530651a0dbf2fdc01a31a99be25350b5c8a5fe01155343d028c03e09009ef2c386a24eba8d842cac581402c8faec7dca1623afe25a230d8d4a8bd23df3cf12abedc2a50e387285acf1b3105011a2bdefb204a53b20be213b50f5244511f25852271e05c03fb9a799ac7ea675ffbde8de181368748a9707674e7e70f28a75e4036b6cf9e0693f91a65be4478b6630067ad8dae030a4b7b9784a206b2f7cfeeefc65aae11fc20190f4d6387bab05fa6de640bfbfb0c4f604878771aeace0676d12325e61b19a5317c4d4bb9fe6f3fc8b171f1116528b7cbcc4a91c26a729b512196828075f4d0aeac98887e2a6a19b4e1f1f66233962961c0d49df14c3e6123c9ec8dd7152ad045000107365fd5ed7ce6a6d65ae0736a7e227f77c9b0903d4589ac58ceb691583cdb93ae3fc792c886663cb7c5b0640deb66e29b3c69d2f1a3d1d47d7b672ee3c49e90bd406aa84a0189808924c4e67c5495b045e779c58ca65b42889f52d7315c66be3716dc8592b4875629cd0cb02c29d42bdf9ca5c16bc9051c2a6c09d0695bfba58c19a995838c022e9936c407d8999aa65e4a9d6d8eff99f8dcfac9b561375b6d1293441b9d32533161062c053c63ef09f6100cd748700a710f5bfc2a6297b15242b1f41e21bd004b885d6429a0d334a8c115f7d53d278dad24c9d295b97c50eb340d1e6d523f1757e2014c1605c3bd35f0cfdb74f79850423a37e2f95dfe41c56df09724d21065377f1818311f0c70aaf6fb2d4fc8d9eef576136617371d85481770ce9c390859eacfebba34e75a238ce80bcccadd6c42e8e186be3c15451131fbe9e345c05ab8e23f917d269686a9b5f06dd474f95757b9e5a3328416595539cbdfa69efa9702e5a268b1a70c6e5ff2c118a6e574bfecf17b1576e4f2f7ee566b0b2b5388476a68562991ac01412fa463b0f9e586ad4bde59e91a4b303268b5d8644cb7996cfbba422facd59875ed6ac057e563412255c412be0928a0b6fdb6f35d7008b5d5528ca796a4a69bd90b993a52da9c7d62f4b71a2763f822bb39f3ed39cc5ad5a4d51b5c27d31d105000f3f1e705ed5c42067106f3fe6d30151021bcab7f3a1ad9175b3d3644325aa676b9e057bf9d9aa3348b1d9b31bd639c59bb63f46a6c18794ae006db3b1ee20368160a82e26aee5a9fdc6b44df8be294f3ac0a1275e57ebf5e384b141ce89dd51aaf2248274468894645ba54bc4e6b9788b1eb5043c1f0dffe2e13c6179d0238d8cd037b6fe3e484445ab458fa09e4e8010d3288aa6e6cdbfba4b62c7984d058da8993d5de1df75a1ce8e3bd5875709fd2ede4cd5843e7102ed4031ed096a0c6e3ae9d522ad95ef4af83599507dd32fe3325819cdd7718c9797e921e6e365175e1dd53991edcd2baf27df8b1670d01967e97b3e3e75d297f908deedf2e3b91bd61973e8aa75a5a6f9db11525dd35556bbd13873602a320af74677832f93bd01f1e0631c882c8ab254a26b73a60a6c90cf9b96bd576e05b9befbce882c5d29198451bd15acaa894a5276ea9d870f49a33ee9d2429ef35a905b281deb75be54fa0c9e47be5876d7dce01986f2d0e7ae6df9b87a0ba6cfa55cec0c65dd386db5adc427eac18a00c9aded475417add4ebb8880ef3dd218a9ec3e6e13456f8de1630774e918fe5288dbaec3dd2a74698ec9e28ad573761b9e78af3d5c7a61e3eefc1a54c25bb841529b3fc9137836a2e7eff5ffae8e44f0257160da51ec0b3d144b92f1f43d2782513705baf5930903602d40cb4de87feca7243d2248a78a5d684e303ae147acc96e0b755eea77092b5f6efa723afc6c9a44c575738725815a9af1ced500", 0x2000, &(0x7f0000000200)={&(0x7f0000000400)={0x50, 0x0, 0x100000001, {0x7, 0x28, 0x7a, 0x2143040, 0x104, 0x9, 0x0, 0xfffffffc, 0x0, 0x0, 0x0, 0x2}}, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0})
syz_fuse_handle_req(r0, &(0x7f0000004080)="cf6dcad1f5c5c712407a3f1d491539b627c8255f86be020a4f0ff8851dc6d8ab33ec6d10e619ed910e4811af9ee1581a1d0687020937fa7005f26bab6e9591923f5c1086ecd154e9bfbec5afd856afe3429448161089fab21bc7b9ab5158aa219761d845b8307b1fc87605dbaa4cf80fc74737d4d4cfc68fe06c16b87b759a91a368c70b2e05ee4acf0f9111df10f30c4e16b7ee3d1cf380273ab8e6ca382e06022f539c0c4e62b1ad827ff576249375b2231e47038c67b3353242c81baaf90b3645ed12504a4ccf4b0e6419804399f9fe7f60df022a12405093264d225e8003061dd690cd169f922da3507717ade8bfa8ae2c45eccd32e14ffc4e11ae939e90fceb53e0bde3916d9e4e36d1de07fbbdd2dbc24145e1e7bc8f3423f4c3426406fa499a6de404e6827db35840a726a1582be4457f0ce0cde1c414e2f497ff8ff4cb606962f6acac00230b2cbce10b09d2f6b33b9f4edc3839a222c4bc5bb3e552056f8c2b7bc84ab62434bcc61f64b74367a9ec857ec7f5a09ab6b16667bdc846434d22dd95f7b8a47a1246a39d135de1ffc2946cf36034ef8d753b7d692aa00c91fc1636c0be309ef4bf345918a386e76edc3680ee574528bf3369741c9104bd77e61aa72d8b82162bb150d4232e21c8c9453d89467f9e00fd5148bee49da206fbe6357bbc31b111e68f0b95c37063a6c5401a094819e28a2104c37db5624fe075d0b2cc50f7140f4f49396b43d14f93ab9f9649e2dc694cea520cc068a3869a3ea4ec599a995f69d936dd62e2b81499f3ed4879d25b90aff3eae74b28ae35f18f0b457a5af35e2ede43786958b127ef76723d6ffe0e7e3346d5a9f0aabcc0d93fc085316516ef79b3e2400ed2946a0d1b2ace13ea7ed39ac51cb9d98cf70feb30d5bad39f6b5903e8ab654f48bfd7e54dcb502b158f68bd96e6beb4392fa59d3e1048803e4749f3ad522414d3180de3a0da1227bfbb704b66ae6a85b1c2c51e484622eeb169760e9ec50e14c014a0cc05aebbee77f31b62834169cb49bec0c43090506c8f34ca6e108e6328ced7a9f11cb3d57398b0b1d84c9e75d5cdf17766d619dc2658aacb900ca0f93aa248d702039417b558b8ab4a41921154153cdc86d999b2e7932eabb55a4e6c8c03029c851a9e84ef84acd9affdff84ffc063bb1ab6c97e169071edbe524462fef9116edd9fbb5032478cd5ad2b2c5527fdf64223dbc952fb528f7b1d817ca787f8a57992b40202ca124cd27eadd6d70351379a6456b697b317d101514d1d5d61002e4f3bcf7555c6b36c4c1d18cba0fd4fd7b3a246b72d47d7c1908cc9c3a29fbf43019b5179b0975d7680ec15720f7fc8b96b13522d058ef009719580227489ea68062cc735cca0b6a60a10c44f2b75d2895be41a278c50e62f979674c9e507dfa7a0c087c4fd43ccc32357e34c0bcc526fe43bed33e99632c84ea59780f78e7954d8e5430c9acb7d9dd28ac3761515cba6064fe81d3b4541dacfd6fb916735833704a5cb1723f867322fa806a20d5029a608986b5019402035bebf3e099547702409815bd1d3c63072fb0fc216c2186048f1e4ae5288a12a5c9b25f7649899f84c8aedc3721334d7bcdb656f8e3c0f2b7e40b837a15c9d6472b6acb58a39babc65d08e529f2f690ea780f43c35698610351fde4615efafba129b2b619135f8af77c7291483262c5555f4d66173b34c5c7f1c415cd6ab15ae4cef34cf5680e11332c6863d2140f00cc3a337b23afb0080fa54360282086b0c0faaf2bc2a9f7335a96fa8af6a52a1e04eed2e7c337d1e378545ded0d0453b8a16b6d0a90860dfe560528515005ba852a314b4540206a8513e73212c65fb4b35f4ac7050d18bd62a6c720cfda30cb2385d3d5217655db1f344fc34361b83b22d31a040366acbdc28d397254b41c3b1f0d20e0a5db4df6338e78ae09b38f82c71fb0208afbb506461384bf578c607e05ad5a6ddb708b9add5d4d363877659a663827136b4dc1b4012c7035a56bb91e14a3d22b3ac3989f91d78808758d1b5bfdbfc66d3389e3362987e13bf9a9747373c90c0c658b7b832eff19aa2f3667f79bcd073765308fbabf2d612d0445fa1be6280cb9d0ba759d218ae971d3dd5d458c10d14f154109bfb2fd03523ac5748bcd8582dc3be5c28ef4be94cb55fdcb12a6271dbb7f11fd33d61382096588167a2b20b02cc43b88729985073a5b21b8e4bb2c43894d7c88bf111576b3b56f905b1f23f0570c07b475d5f86508c3489f4f2e2d0f3b11bfd6c3c58930483f9345f4f755089848c42361d4b0c0e855935d7f6793f78a68b554358b810cdcdec350376c94486c67fc5d11c0a68873312b40b49bb29aca16e1f3e3ce4da7a9e7aaa6ec1d9932b78d9c12c45e61b5f6faa6ffcb21608fc61bc4180f91d26f9db592c98e532d60c28e9fab794ab8a62c21122397193d8b5b72bf050b07f79df5e14069b56359835e3048f182629328e4a72a1fd0530182c802744611637e93deabc6c3ee30041025026be97ac314eaf7b399b0702cf73848e54f355d766121361398609078057473c2aa46b2fbd7e7a7d6d039615eea23fd223c49a9b5b5fd7b0c6f30c9b0e55fbebced3c90ceb668e6dbd5e6511c19d32c29b5fef7d06cf2ffff7872bd541d0fe70e5991ba3c19e72d5533e6fe9652c21338ced211c7d9e912486b4de29998ef4cca892fe94972b31fa33e781386b75b5d6980a9bfb887d7485d71f6744a6f87bc407ccd03281e10eb1bafd5d9bf279d362e2a49e54187e40abb06e21ed8425135a169ba5b8e1a806951352580ae135dfbbe3395e18ccf67fdb891903934739b56dc0e49e258552dc66d46eadfed9a7ceeabf20d02aee2c8ce4060382474252ccd9bab03d7e8eb77195bb712c19e066153bef5a212f2a450d4a1280d243928f3add450c2544c800b507c8b8ffc5d7f3cd9a4526505d05d04fbfdd0fc1f996ba3f4a797c96b24af37c15859b4bcda9234750fb6acef8dc20893ac5051b3d6aee60f01fc34e3b6753848fdca9b18e461c87f08fb8d67ddce234ca56bbe021f468f964ec1416ba6df0434440140090edd222cb9534830fec026788f43899737771e67552df68fb81d90aa90fcc1149149aaa96c1730829c6856407e5194dd2ec7cfe5fa419c2ea6127039ae188649b2cfccb9faf59f45dc9af76f3cb17c8224e68fb5f81b4556980542a928f9563bebcf3db248cff2183fffff15710432f8691041fa8aceb65b6454e9c375402b599503fb4881a3baa5ba58893cac154575ef0ec8efe35a6eeccb98d081f6d4cf2661b484765ce95bca5bda75fc90e630e355d0dd6d22a5d4c7990931ac160da14f211c33b668edb93cd9c87de3881c47e4b0fab746d0e931600478c9cc2e3cc08eab1ee7cb4e3749ab44e7ab4be15e5b031e58d59b294fbe794fb5760a2ceedd1cfc4343b1c2886b0721945a109384cb00fe6e9bdf09e5e406e757a6f24e659495a11a93382d5425d6fcab1d802303aa1531a120b8f30dd17cac7385bb8455503b2ff0daf8b4dc5353f88f34c894fc0b2fd2920c97432aded8b89fba9a9db4c4f3498043f936a1cb0dee7f5d902b1f6d909b637b8e2f05d31a2640eb1ac556ede22006466014d4a407e3486f94ca676ef39be6399ca24bff48b03ab1da71d1a5e3994d0a8723894bfbbc33969923970df3a9fd0b5084a6cbb41f79a0d3338bb61e7dc2cf795f2fa883aa61d7820c4e2215744dd9cf517cc5921850d1d9aaaaede5fb125e663c830c2414655d6af43a90f9b79eccbc2c009b963b503827c7614ab8824b3289ed8e559ed644a163db18fe66789037eb599be39fb66955a27a4831a59322d39b95b6d571d8fffb5352a0297b449719a5246247ec4c24f40b5ace1c8e76fa1029a47065af4adfc03b2732677f81bf9729ba06380a330cb388c9e4f50a0cf4ceb5ea8b6bdda8df0839de274c0c7a57f7a9173d21832b7f19ee8cfc340eea461ce7956f986f828c91697c5a241cb9efec40a1a0f34a2a63821dbd50a111b368a034823191dbd3b7a9fe8bee53cada1902f2a278efe3f10eecbf8279c2f9b2e7bf542076bf0bb41e9f21e766741f3ecfbd5a38158b1ce884255cc227a7b7196f966b631c228fea918d8dfee020dcf4c40231c0ab6fd7ccf4e7444fb360f2be3c1519a577dae770a14cd90df85490995fa8553fb255ee9807e0c7617c582f82ac56a0d902c8cd58244cddcec23cf2a05a79b474c716d9ea92bc28b0132ec48a3c5257dc7e1d9cc3f760d559b5c12ad75c95497962f9a564b0d9ed29f44f63b2c56169b2151d699e8d2d570d94f5f37898d3d8abde9253354fd146af62ccfd171d9014fd4d142e2e390f3ce2370165a01aff0fe566ec44e3084815cecc85540d84d8a11d0504fbd95f2c2709b87083b3cfffe36f611a4a6b9e4237a350d1ad4b1e0239946d86ce535e9f07def01a5e6d2e65ee59f380e55c9f295478c5589425852fd22eec2d6e555828ffb4212b33ad530c38b76254d2baac6bff5f94d3ba19ff4b35cb1c972c0b538e1adb5da70affc99c99c0613bea6111848054b416d26368c90784d845f0507f89fd058381dc7d6c6bb81dae94d11e3a0de778aca82814fec0b63780fb2b4f480da063411cd66356f87e68780448ed0c1f3836a46e536609d672d7cef1cffa0614a4f6286ab7f3fab0baf595b4c3c2e43f979f4f4a89165c24698f71406b4330a333f6c8ee018420b2b47735295043123459fafeb5886fc044a3805b162714a3436f58264c0713a4be82a7550f37f88cd7f61c0ec27d887285da7ecb4eb32963c8205eff6d5bf532b72976c5f0a24d6d4d2bf4030f04a47a15fb4de2631361fe0895aeacd2028401c5c183223647c1e765e6406542eeac4d979e6a493e389a649af7ddb35fadd32cf1edaeaaf0982ae8131084ae4759e2af1dbd007f7ce00900437be6d8d3559210b3011d1fe52e8485cc5c14ad4aab4c03c7dec4302e7f72abb7fcc799899cec17308151a758b810369c4d53c443cb1278709df6336f84fa39e51d208b4507a31e6f06352dbd99d7dadd86215e47ed645a9b89bdce630cf80fc1fe59dc31eae39010a930965b3b0e0f595347158d683de6888f3284c1fd47b3e79e0fcc299cd4f519ce067a007ae7ee906d639789fedc850e60a7b4be9dc525e3e58b01f24b065c4b21b9011e74030aba77931bec74698557b4768ae41eeb4caa2f530578bf1f9379fb623a27561bba03c7623400ef975ca2e2d6881e0f96fe1e7f9ec0e8f6aeac30f70f848399c6dc9c4e58bf50aacbe566965b257943f6c9ffe210af0cb488488d67b09164d98f3254cc313f7cf8dab1f2e1ed3a7e4a86ad85707d4fe0e7fe483c7f311912e92bee9b17819b53a39c374cfbadf8c3641bae4177aafacf3394af12310f222dc0a67eba49c1475da8607c25f3ee7b1e1e0961c7d319b32ab549c002b93852af7146f5e74aab020446d9a446582a2bc19a730bafcca463fbe0cf2664e10746ddbf0966ec1e327e1f8fa6bb67e18cf849fa810c938695de5f8df98d3004065c787181f4bd8324c59b18972ac5ca92f96c51b4a63ea130712d70a51c49def99feb37312fa6a52e188de88f5446fa4688514bf96f195bfdae4b248445ef5a37e5c0169c7ee42a8e613e71793486bfb24e37bd0d9f0cfb3db61b45ed731edd5c4bd7b6b133f5f3f51fb3a12e9e43db5a23a4c6c787c803791341f10aa083760413724031ec83d5d5c03e9d3585e6a6c87f51ad4db6d678cae14936c09e24fba69e90fe4c2ebed615e254b1d2a25c12b07c1226c0e9fa9112a49cffc9238d3303d3a9a293c5bdec80545e76b911aec6f956d2122d0ee2bee424aee05e0a25a7ff72e3e1c10f590380f82f1e693fb45b1466cbc7e8ee741ca97775c2ae15c1ad0f4a8221c55e82b4e4ddbbb3d88516fdc26969707143e3175f56b07ea8a7d40660ee346a511e0985c6cde95b573dab7c53cb9d32eb18bdb67147b562dd99124d744703492a89dc8cf387ad17a992a6870ee683953c70547f2c70ac44ddc4563fb0c0c23ac7b806a0172a3a74db45378568306ab3036b5348f96ddec344a899b6058179c070cb5f3a478a02d94dbd836a0e2223194e406c2296ceb6dd39667ce62b4c191889ea052f382b9c051c272480111fe287b84c10cf7512a6dd0a601a1cb41545915925a63bd09f9d77a1bc156a7d822e204029363b3c713c5cbef590efd01c4ffe00b816745a37d83b27ab05c3a0c2d6ff800276f3fe502bb3bd7b60b38d32376246a3384554072fe63ec409a0182d588b839d319c680f830583db3e4f5071eaa066689e9e19539d9a12fefffe223288b77600dabde9b2bea871cc1ea2b3318a9699d736f02490d76c1e457aaf45ce318445ce10625b43059694e996ace387580589f9f37944b799337fa38ef9292d2276e0f659471134aaef911514212553779be2ba00816187465e278ba2d03e66cd633f9a274ce882ae971f2d07cb4fde38bf88327aea83d5303011b0263f24630916b796d532e5437179882b0470dbf8d693bbae4015ef28b3d57b5e3b643068dc1d1921291f4f1280a8183532298dffc2501cd3ff0bfb6b0e61d2a59c596f21b98db4d730e155936e98c95c96ac6231b1232e4ed89ce65311fe66199e113f9f69084c31444ae9f106e909bc070d83c1cffc514189c1e0b6763c2732a227a6229407af592772c2b843fb944896ff61161449b6df045ba618d117d8361733198f0963850df3e077aa538571efe279f9c7e006e2c882f5301706ee2bbbe769164cf7d9597d0142d0052641eb43a9ffe76d978384ea8c10050a80021d3c9177fcb29652b4906081d926ea23e749c9272731aff7fd0c271ac4859a5829c5b406a1c363752fecb1a76b201a0df467efd6ffe6adc0debe36ec6d1fc84ccebfa07cb136bbea0f1ef74983bdfc087e050430f5aa395cd8786b609941fbce55ab9f304ba11910a0790685cab24847d85f8bc7a5784a4367ba06690cf1a88acfeddcb7cc44c9797f4f0e5daf9d301c6e702652268530c22df26d14da8768a8951f26849fa1e20015878cb6332d033531b8128233e61094cfc5dd71ba9af36ba6aa1c37b24805a45c3dd302bbc1dc8e9348f9a47540e14016bd5357e7978092497b800a97425363a42454eb04c32c9ac959fb37eb00ed6e31f81b2aa67d9f4930eb31dc2260151d845f9865d2b3a301ce3bef54a977492039eb908512a083087961f90ee568c5e5c60d6e726dda2c3f31c072979e09d8fd6f2365f65ef46399a183511904226d8ec72805582107ff5951d2e0d5c028d29e940fa068c0ca1c238420e53297c31d68f70fb543f347d91afb5d66ef1e8460a1431b638a6b0ae259f7fe8eb03aae9ef1ea4cfcfbac7e7b20b5c46ea8b0a2e88527bf54fd866362ab6a99e466bb029259f35711bc376b2f70edd738b48451f20ee404938821419ee5eace0171b3fd73d57bf0a723152933ccb84d567e79737b33e334dab955cdc03298215a2943ee493d815af83d48ee808a5e508903cc574ea4b52de645a18b0f43cd6b81a15a7f089cc7596adde2ea693381c7eaa2e246b9cbec98bb4e8ea3db8b47e57ef8d3a2eace3e2dcc083f6625f4e86bdbe2d6c57fa8ae4902ae9964c847eb292998d485d3326a7076360b85365edd5b733876abb5e26943481a52b10a1c95f34aed88568b873ef481798fbafe036d5d580c7437cb1a651e2a89d98d9002d0bf6418a271f9808df4b2ceaa8508e6c1d7d58e96d87f6db011395a0b74cb39e066411fef6c8ce7942ef8d8bb826be0b06ecada10e46f7ac25eb7ab0e3339752c8d0784659d72a287ea9a5e3a699977456695a6f9fe40eb8f7269b414cda403ba94f512c332fcea82f1927a5695ea2eb2ce7380ae74a0672ffe7fd2c4a19715a984d518b5be67543c31e42962b4c030fbdfedc5977b03d85294db2578d6561fdd9e0f9cfaf7eb1609bfab67105b227ec43189e449c4f2f17b8175b3afb0087f70786673353a3913cd03240761b5ff91a1e6510499c1f4152a759b1ca39ace773a1f27a5a88bb94a4201a91addf5c2c8587547e454d186b562cf89a41a02c36765565c3d753a2d8127d3908853f5ccc1c35346f22284573695c5695a520ace2d0cd13c1138b1fb10f74487b9a2c7a5e01195a1629d3e5d567a77a2aae2e74e24d2936c2618c63eb5cdeb64f5592cb38175d416c05588f03b287c6e16329fee69c8294db5b5bbb81499d7ef18ddb93144c897253e8330cea3be31bab73de42284fce239597ab7cd5b68cfba057b01aaab0f0d4191c31b407fd8f9c7f04eaca31e5d240c7910663bde4ad478f134d09dca902e6acdd292f2745c73cecea2204a56d0098c32da73eeee41b348d5826109ccfd2397bb73a25ebb7e95537df71cce504f14c219ec525795d2fd5027cea9810aadc77e1b874f9fc4e33ed7b90a4007bbc341493302e4e2cbca2a8229fd2c3db7faecec2b8805bde9d92a29f6a7096cfc05ed5b678566e6c079dddfcc0b6c17541047beb477c4493a1588be177490db134d69a225aa6848b27494f17c3882ea2ee436ac1e981256ccaa70ba1f7a621385694b62bda8c4f6b04c61d6798afdc9cec019392d1242a35c3382b09aab4999e1b383714622f2ab80f275ecc8ea67694f020466aef6ed5a4535f32df47f0478e00194b44b9003f6dff232bdecbdf2a06da35246dfbc0d40becfdd5ecf971f0f408913bf094282fa2272cc5683604945e3eba52231f131c81b1035dcbb8a4292059ceaf92f36877aa15049bacc544d2c9bee4eb1bd01d76861557e646082f118454c37bbc7d08a311b4668f2777912cf882439b47e7d3c08bfdefe31e3effcbddf9e5bf175fd7c1ae85f6436cd817580970b3d8303e33ea128d222e8adb1de246fd9583c0385fe89bbf9af2cd82a38083069a997175fc7e96096052d55620554bd723b28de9a177b0aa0a5928d3d991c7da85a3513b1fffb8c75b5bc2874491ac6affc2a71ef1d639a90bb4c53624139ab8764f60e7470592608a520dfa0289c3be27e2a8f6525a31830aaf887213285eeb4286509c4904f2f5c6058e07c9c5c7886e107fc8b6411ea86bef63c88c863c7d7be52424a0126b8642d83946792de32c6150e9ce9be9d20eada4b47bd24fda102ee8cbc3a870743ab1839f979076b79cffac7d2234db5b345de7f994110bbb873a7058e5ad2fe9d9f0527a4a7b3799f81a06c9ee25c1a4a6317c3c454e9b9bb03360775184c37897db2e23dda4fc5cfbbdd477f564ad48416224ab75742d8d2375773c34325b36cead158372821e3db81a2dc99fc4293b39b183f1a71afbd4faa5e66a0d457f15424ca9c39969a85226b03b1ba8a98b0655a4581c7849bad2b1e5eb09236284779235ec2c0f44d547705298a9076bd32cdbb0a1169529a4780629e8cc291bbe25d98eaca72e934b7ef3a26d60dcebb509b8122d9d3de366b1c81c01e1a3f2ec0556d4759917612ba175b48f47534e592293e50e66dfbd0e1d0373cb3f58a43f3c32408ceba4c2614ff35b72a2cc03166f9866904f7ec19650edc06ca73ef63fc759094ae06a8405144dc22a0480155057169e59897eded975544a3e26dc0ba673a803fd35e16f6ef4695fc554e0c92fd97d3287f368b06ebb41e7d9a5956ceac39f27a82dda86f981519e31f544d844109d5ed58c159e7aa1805461149c604f262a1dd0c2f072f8f5b9b9bd4542cff3050c85b981dbf1731805fee07a4f92bb1828842f34395b90b76834a624690bfd431185026fd090c8dce10ac30ea68502dc8d2d85f836eb747c9bb8b6d16da1cb692f33b77f80c05b250496f3a880dca37c6514d5b5e2cf90d0b18bc31fd27a2c96110b9aacbe2afce417c415778e58e0b9ace5f209696980cc45e51bc292b3d5c247e2c8fffecd214d927aab0fecd0f50b359df4971944891fbefd40345e7f14e833486c126df0c1839032e64fa59280d699eed79f03acc206d6a5340cc1c5deb4204cb8780830497f23522b89fc503e6a8a01d11e83de680bbaed65fbd970c71e2087213c3ee64280bcc1f616a274c11d01f0d81f084c3873bc871d50395e05f658a75915118b0da8281a310fc905488ae03aa89726d74d6ed6da76d6dffcdafd7b4d2fa4a867e9b42cdf71db56c542ccf1270974f1efcd80f70fd463d2cfc03c8e111f2d1232bf6e228123c316ecb60eb6d8f650e9281381d540b29b520be3f921bd314eff9ca241b69d95e78256f1bfcbfe37a9f094716d36af6e1ce36184bc6a4dfb88320ee186f52db245dd50d8af51f489f792494c14efffdb88faa1d9ad1d633b327b7ff6523bbfdfe4274b856bbca9e2847499923738207a399dffb514bba855b75d12c9c57aa2e58db0000210f5ad375d3b697f3dda96f5f78c13bfd6d01a5050e01a2e55cc2695a3f2193820286a688cc144fb9043e7c6772bf2cbd7bb5a7a57fee1c18dbdfaadfa5be0d1adfa55dd3a8480807708ee6e11d9f9dfc5bc682e104795928e56af800b42c9c07a25237b092ba1e93a525ed5b5b39ad6e02ac6b41e136c904dd4592370c322f5eb595ed30fa00a277928dfc765930af1c2936f5ad2425c411980b5bb012e0e240c7d50f16ba990540a765cc1fef3809a0344ce6d083ab8705378fabe14a2e63e12eaef453273a78a7d3fabff1fe6a9ba07e208740ab8ed6e50abe2a85b649e1d3ec2f3191e010b50a7ddffdfb25e53e196775655a1ae707daafc4e9709927eb961faaeb1be21ddde0fab9665774086c34af3beac362a5cb712b786a5e1c8811ef574c5b269946939ed530c5bf42306016b69957dd57d83c88cc32a366c0aacc964c693fa7e03c1e89832f2076ec03995f1f9b2cde66acdffa3ca33776b61176369c78e87b2eeb0a14d7cbbaa597c0ae8e1014660baf06e22a6fc4974772975b7d7d003e6bc6a4cdf4cd5f2a95dcfc8194d93b273e59baeb350935aef906bdb94d1fd3c0781aa8fcb17f3f68c9afe090ba059acf599d2934481eae73717c4354c8c2b4d425ef7073968624c5d91e46322cc23091c58643316acff626f160b9cb770e0d9595d33cb6f44915d7efb6747973ffbf34119bba44d074472e661095012ad94af00463520deb45a6b6b7b6a173b23aef637e4cc0363d43c5ddb43c81936143f7db63f7f7771a611930f9f82a12f3c59b0f72de98bbc75ad33f1823fa872be154b19f16f0fba01ac3d64d46cbfc1850d1b4b5790cd86633b1880b86fc34a8b9f31100950ea0bda3abf2b037e21ee348418df67cc1d056d74125f9c73b42b104b6ad322ffebfe658dc3c0a06af44d73324b5ae59e2bd99d4782ec053ea07513a271ecf8651b25bc3e026bc88a4aa1513a2b4d4e173c1e21c77302ce64be8331c4d5b6203bbccd96dfbf9debb29a167753e06c55ca88550ec186bd20b3d94f7c2af719bc638cac3f8cc6c80220fd5f4be03bab9bb975e5effa4c5eac098c531590ec5eeaa90faec3630671d9e1a454577b01b73bfea67456ae187f0e61a9292612f428ab8c5780a3803b7dc2ec8221181db3876f2c00", 0x2000, &(0x7f00000010c0)={0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, &(0x7f00000005c0)={0x78, 0x0, 0x7, {0xfffffffffffffffe, 0x1, 0x0, {0x3, 0x69ec2dea, 0x1, 0x201, 0x6dc6, 0x7, 0x5, 0x7, 0xe000, 0xa000, 0xcd35, 0xee01, 0xffffffffffffffff, 0x5, 0x9}}}, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0})
lgetxattr(&(0x7f0000000bc0)='./file0\x00', &(0x7f0000000c00)=@random={'system.', 'fuse\x00'}, 0x0, 0x0)
utime(&(0x7f0000000040)='./file0\x00', &(0x7f00000000c0)={0x924, 0x9})

672.410546ms ago: executing program 4 (id=3075):
socket$inet_udp(0x2, 0x2, 0x0)
socketpair$unix(0x1, 0x3, 0x0, &(0x7f0000000080)={<r0=>0xffffffffffffffff, <r1=>0xffffffffffffffff})
connect$unix(r0, &(0x7f000057eff8)=@abs, 0x6e)
sendmmsg$unix(r1, &(0x7f00000bd000), 0x318, 0x0)
recvmmsg(r0, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
ioctl$UI_SET_ABSBIT(0xffffffffffffffff, 0x40045567, 0x2)
sched_setattr(0x0, &(0x7f0000000280)={0x88, 0x0, 0x2, 0x8001, 0x0, 0x9, 0x0, 0xfffffe0000000001, 0x1800, 0xfffffffb}, 0x0)
r2 = socket(0x29, 0x800, 0x7)
sendmsg$DEVLINK_CMD_GET(r2, &(0x7f00000003c0)={&(0x7f0000000180)={0x10, 0x0, 0x0, 0x18000830}, 0xc, &(0x7f0000000380)={&(0x7f0000000340)={0x30, 0x0, 0x1, 0x70bd2a, 0x25dfdbff, {}, [@pci={{0x8}, {0x11}}]}, 0x30}, 0x1, 0x0, 0x0, 0x8000}, 0x20000000)
ioctl$sock_SIOCETHTOOL(0xffffffffffffffff, 0x8946, &(0x7f0000000440)={'wlan0\x00', &(0x7f00000007c0)=@ethtool_drvinfo={0x3, "712a47568b2c402e2c5792b5adbbb82e0c1f8ee15ff7a4373a68eb060d768899", "4a3eb3768515948dfab2e1f39f58465d11fafea228a4086797ceab4b73313c93", "2a9b70e21ec29d05eb89d11e2ed69c5ab4272fac74fcaab9925fabaa303bac61", "38e51009894cae17d2b361d9fedae469737f49b6a39d85a1ca87cbbb9b8e4809", "f16f995bdf5e1d0f32a39b81f061d8c510b4a16421b5cb56afda00", "87e20d1a690faf456b2d5369", 0x7afc, 0x3, 0x4, 0x6fa, 0x7ff}})
r3 = openat$vhost_vsock(0xffffffffffffff9c, &(0x7f00000015c0), 0x2, 0x0)
ioctl$VHOST_SET_VRING_BASE(r3, 0xaf01, 0x0)
r4 = socket$inet_tcp(0x2, 0x1, 0x0)
ioctl$sock_inet_SIOCADDRT(r4, 0x890b, 0x0)
eventfd(0xfffffff9)
r5 = socket(0x2, 0x3, 0x3)
setsockopt$SO_BINDTODEVICE(r5, 0x1, 0x19, &(0x7f0000000140)='bridge0\x00', 0x52c)
ioctl$FIBMAP(0xffffffffffffffff, 0x1, &(0x7f0000000100)=0x100)
sendto$unix(r5, 0x0, 0x0, 0x4008000, &(0x7f00000001c0)=@file={0x0, './file0\x00'}, 0x6e)
ioctl$VHOST_SET_LOG_FD(r3, 0x4004af07, 0x0)
r6 = socket$inet_mptcp(0x2, 0x1, 0x106)
setsockopt$inet_tcp_TCP_CONGESTION(r6, 0x6, 0xd, &(0x7f0000000040)='nv', 0x2)
getsockopt$inet_tcp_buf(r6, 0x6, 0x1a, 0x0, 0x0)
pipe2(&(0x7f0000000000)={0x0, <r7=>0x0}, 0x80000)
r8 = fsopen(&(0x7f0000000040)='binfmt_misc\x00', 0x0)
fsconfig$FSCONFIG_SET_STRING(r8, 0x8, 0x0, 0x0, 0x0)
close_range(r7, 0xffffffffffffffff, 0x0)
r9 = socket$nl_netfilter(0x10, 0x3, 0xc)
sendmsg$IPCTNL_MSG_TIMEOUT_DEFAULT_SET(r9, &(0x7f00000000c0)={0x0, 0x0, &(0x7f00000001c0)={&(0x7f00000002c0)=ANY=[@ANYBLOB="302c1b0000000308000400000000000000000000000805001400840000000c0004800800094000000a0006000240884c78b728d5befa862ce827f2fa639985f5fdf7d6cc1ba7265debc076b70ec070bb6223a78dbc4f22816d87"], 0x30}, 0x1, 0x0, 0x0, 0x880}, 0x20000054)

0s ago: executing program 0 (id=3076):
r0 = socket$netlink(0x10, 0x3, 0x0)
sendmsg$nl_route(r0, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000300)={&(0x7f0000000200)=@newlink={0x3c, 0x10, 0xffffff1f, 0x0, 0x0, {0x0, 0x0, 0x0, 0x0, 0x4000c, 0x2000000}, [@IFLA_LINKINFO={0x1c, 0x12, 0x0, 0x1, @bridge={{0xb}, {0xc, 0x2, 0x0, 0x1, [@IFLA_BR_AGEING_TIME={0x8, 0x9}]}}}]}, 0x3c}}, 0x4040)

kernel console output (not intermixed with test programs):

 syz
[  455.462252][   T24] usb 1-1: config 0 descriptor??
[  456.182945][T19843] netdevsim netdevsim4 netdevsim0: entered promiscuous mode
[  456.218031][T19845] FAULT_INJECTION: forcing a failure.
[  456.218031][T19845] name fail_usercopy, interval 1, probability 0, space 0, times 0
[  456.247752][T19841] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy
[  456.257751][T19845] CPU: 0 UID: 0 PID: 19845 Comm: syz.1.2551 Tainted: G             L      syzkaller #0 PREEMPT(full) 
[  456.257780][T19845] Tainted: [L]=SOFTLOCKUP
[  456.257787][T19845] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 03/18/2026
[  456.257798][T19845] Call Trace:
[  456.257805][T19845]  <TASK>
[  456.257813][T19845]  dump_stack_lvl+0xe8/0x150
[  456.257843][T19845]  should_fail_ex+0x412/0x560
[  456.257868][T19845]  _copy_to_user+0x31/0xb0
[  456.257893][T19845]  simple_read_from_buffer+0xe1/0x170
[  456.257916][T19845]  proc_fail_nth_read+0x1bb/0x230
[  456.257937][T19845]  ? __pfx_proc_fail_nth_read+0x10/0x10
[  456.257958][T19845]  ? rw_verify_area+0x2a6/0x4d0
[  456.257977][T19845]  ? __pfx_proc_fail_nth_read+0x10/0x10
[  456.257998][T19845]  vfs_read+0x20c/0xa70
[  456.258022][T19845]  ? __pfx___mutex_lock+0x10/0x10
[  456.258043][T19845]  ? __pfx_vfs_read+0x10/0x10
[  456.258064][T19845]  ? __fget_files+0x2a/0x420
[  456.258085][T19845]  ? __fget_files+0x3a0/0x420
[  456.258101][T19845]  ? __fget_files+0x2a/0x420
[  456.258123][T19845]  ksys_read+0x150/0x270
[  456.258145][T19845]  ? __pfx_ksys_read+0x10/0x10
[  456.258172][T19845]  ? entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  456.258191][T19845]  do_syscall_64+0x15f/0xf80
[  456.258211][T19845]  ? clear_bhb_loop+0x40/0x90
[  456.258233][T19845]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  456.258250][T19845] RIP: 0033:0x7fd02c55d04e
[  456.258268][T19845] Code: 08 0f 85 a5 a8 ff ff 49 89 fb 48 89 f0 48 89 d7 48 89 ce 4c 89 c2 4d 89 ca 4c 8b 44 24 08 4c 8b 4c 24 10 4c 89 5c 24 08 0f 05 <c3> 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 80 00 00 00 00 48 83 ec 08
[  456.258283][T19845] RSP: 002b:00007fd02d50dfe8 EFLAGS: 00000246 ORIG_RAX: 0000000000000000
[  456.258301][T19845] RAX: ffffffffffffffda RBX: 00007fd02d50e6c0 RCX: 00007fd02c55d04e
[  456.258314][T19845] RDX: 000000000000000f RSI: 00007fd02d50e0a0 RDI: 0000000000000007
[  456.258325][T19845] RBP: 00007fd02d50e090 R08: 0000000000000000 R09: 0000000000000000
[  456.258336][T19845] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000002
[  456.258346][T19845] R13: 00007fd02c816038 R14: 00007fd02c815fa0 R15: 00007fd02c93fa48
[  456.258372][T19845]  </TASK>
[  456.467295][T19841] misc raw-gadget: fail, usb_gadget_register_driver returned -16
[  456.476850][T19843] netlink: 84 bytes leftover after parsing attributes in process `syz.4.2550'.
[  456.486028][T19843] A link change request failed with some changes committed already. Interface netdevsim0 may have been left with an inconsistent configuration, please check.
[  456.940527][T19869] loop2: detected capacity change from 0 to 7
[  456.969441][T19869] Dev loop2: unable to read RDB block 7
[  456.975472][T19869]  loop2: AHDI p2 p3
[  456.987277][T19869] loop2: partition table partially beyond EOD, truncated
[  457.189986][ T5884] usb 6-1: new full-speed USB device number 64 using dummy_hcd
[  457.308930][   T24] usb 1-1: USB disconnect, device number 80
[  457.371897][ T5884] usb 6-1: config 16 interface 0 altsetting 0 endpoint 0x5 has invalid wMaxPacketSize 0
[  457.392930][ T5884] usb 6-1: config 16 interface 0 altsetting 0 has 2 endpoint descriptors, different from the interface descriptor's value: 3
[  457.419148][ T5884] usb 6-1: New USB device found, idVendor=ee8d, idProduct=db1a, bcdDevice=61.23
[  457.453061][ T5884] usb 6-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  457.697622][T19861] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy
[  457.718879][T19861] misc raw-gadget: fail, usb_gadget_register_driver returned -16
[  457.748730][T19910] syzkaller0: entered promiscuous mode
[  457.751199][ T5884] usb 6-1: GET_CAPABILITIES returned 0
[  457.759992][T19910] syzkaller0: entered allmulticast mode
[  457.765311][ T5884] usbtmc 6-1:16.0: can't read capabilities
[  457.774311][T19910] tipc: Enabled bearer <eth:syzkaller0>, priority 0
[  457.848134][T19909] tipc: Resetting bearer <eth:syzkaller0>
[  457.902900][T19909] tipc: Disabling bearer <eth:syzkaller0>
[  457.956941][ T5884] usb 6-1: USB disconnect, device number 64
[  458.161109][T19942] netlink: 8 bytes leftover after parsing attributes in process `syz.0.2568'.
[  458.174943][T19943] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy
[  458.218266][T19943] misc raw-gadget: fail, usb_gadget_register_driver returned -16
[  458.272716][   T29] kauditd_printk_skb: 58 callbacks suppressed
[  458.272734][   T29] audit: type=1800 audit(1776236957.905:340): pid=19943 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed comm="syz.2.2567" name="SYSV00000000" dev="tmpfs" ino=2 res=0 errno=0
[  458.381156][T19951] netlink: 36 bytes leftover after parsing attributes in process `syz.2.2567'.
[  458.937981][T19966] loop2: detected capacity change from 0 to 7
[  458.957842][T19966] Dev loop2: unable to read RDB block 7
[  458.975626][T19966]  loop2: AHDI p1 p2 p3
[  458.989280][T19966] loop2: partition table partially beyond EOD, truncated
[  459.031598][T19966] loop2: p1 start 1818582900 is beyond EOD, truncated
[  459.047999][T19966] loop2: p3 start 335544320 is beyond EOD, truncated
[  459.719229][T19982] netlink: 'syz.5.2576': attribute type 9 has an invalid length.
[  459.853193][T19987] netlink: 'syz.0.2575': attribute type 10 has an invalid length.
[  460.231582][ T5885] usb 6-1: new high-speed USB device number 65 using dummy_hcd
[  460.371033][   T24] usb 2-1: new high-speed USB device number 76 using dummy_hcd
[  460.393536][ T5885] usb 6-1: New USB device found, idVendor=0424, idProduct=7850, bcdDevice= 0.00
[  460.413199][ T5885] usb 6-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  460.436240][ T5885] usb 6-1: Product: syz
[  460.453484][ T5885] usb 6-1: Manufacturer: syz
[  460.468256][ T5885] usb 6-1: SerialNumber: syz
[  460.543598][   T24] usb 2-1: Using ep0 maxpacket: 16
[  460.568721][   T24] usb 2-1: config 1 contains an unexpected descriptor of type 0x2, skipping
[  460.588956][   T24] usb 2-1: config 1 has an invalid descriptor of length 0, skipping remainder of the config
[  460.619106][   T24] usb 2-1: config 1 has 2 interfaces, different from the descriptor's value: 3
[  460.637622][   T24] usb 2-1: config 1 has no interface number 1
[  460.652799][   T24] usb 2-1: config 1 interface 0 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 0
[  460.680102][   T24] usb 2-1: config 1 interface 2 altsetting 1 endpoint 0x82 has invalid wMaxPacketSize 0
[  460.703563][   T24] usb 2-1: New USB device found, idVendor=1d6b, idProduct=0101, bcdDevice= 0.40
[  460.719687][   T24] usb 2-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  460.737129][   T24] usb 2-1: Product: syz
[  460.748182][   T24] usb 2-1: Manufacturer: syz
[  460.757699][   T24] usb 2-1: SerialNumber: syz
[  460.893984][ T5885] lan78xx 6-1:1.0 (unnamed net_device) (uninitialized): Failed to read register index 0x00000098. ret = -EPIPE
[  460.927920][T20021] netlink: 8 bytes leftover after parsing attributes in process `syz.0.2582'.
[  460.939577][ T5885] lan78xx 6-1:1.0 (unnamed net_device) (uninitialized): Failed to sync IRQ enable register: -EPIPE
[  460.986969][T20005] netlink: 20 bytes leftover after parsing attributes in process `syz.1.2580'.
[  461.122104][   T24] usb 2-1: USB disconnect, device number 76
[  461.367691][ T5885] lan78xx 6-1:1.0 (unnamed net_device) (uninitialized): Failed to read register index 0x00000010. ret = -EPIPE
[  461.404005][ T5885] lan78xx 6-1:1.0 (unnamed net_device) (uninitialized): Registers INIT FAILED....
[  461.450349][ T5885] lan78xx 6-1:1.0 (unnamed net_device) (uninitialized): Bind routine FAILED
[  461.508146][ T5885] lan78xx 6-1:1.0: probe with driver lan78xx failed with error -32
[  461.556206][T20051] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy
[  461.620411][T20051] misc raw-gadget: fail, usb_gadget_register_driver returned -16
[  461.838640][T20071] netlink: 4 bytes leftover after parsing attributes in process `syz.1.2585'.
[  461.901913][T20076] Failed to get privilege flags for destination (handle=0x2:0x400)
[  461.922087][T20075] Failed to get privilege flags for destination (handle=0x2:0x400)
[  461.943043][T20076] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy
[  461.953794][T20078] netlink: 20 bytes leftover after parsing attributes in process `syz.4.2588'.
[  461.964355][T20076] misc raw-gadget: fail, usb_gadget_register_driver returned -16
[  461.987660][T20075] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy
[  462.011400][T20075] misc raw-gadget: fail, usb_gadget_register_driver returned -16
[  462.154152][T20096] netlink: 36 bytes leftover after parsing attributes in process `syz.4.2590'.
[  462.179103][T20095] netlink: 8 bytes leftover after parsing attributes in process `syz.5.2578'.
[  462.247108][T20075] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy
[  462.275997][T20075] misc raw-gadget: fail, usb_gadget_register_driver returned -16
[  462.573866][T20113] netlink: 24 bytes leftover after parsing attributes in process `syz.4.2593'.
[  462.912854][ T1088] wlan0: Trigger new scan to find an IBSS to join
[  463.024484][T20142] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy
[  463.034090][T20142] misc raw-gadget: fail, usb_gadget_register_driver returned -16
[  463.050211][   T10] usb 5-1: new full-speed USB device number 74 using dummy_hcd
[  463.209329][   T10] usb 5-1: New USB device found, idVendor=09c0, idProduct=0203, bcdDevice=d3.43
[  463.221018][   T10] usb 5-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  463.235165][   T10] usb 5-1: config 0 descriptor??
[  463.255815][   T10] dvb-usb: found a 'Genpix SkyWalker-1 DVB-S receiver' in warm state.
[  463.269124][ T5885] usb 6-1: USB disconnect, device number 65
[  463.398768][T20153] syzkaller1: entered promiscuous mode
[  463.404752][T20153] syzkaller1: entered allmulticast mode
[  463.454727][   T10] gp8psk: usb in 128 operation failed.
[  463.519637][T20173] fuse: Unknown parameter 'user_i00000000000000000000'
[  464.463950][T20197] iommufd_mock iommufd_mock0: Adding to iommu group 0
[  464.540072][ T5970] usb 1-1: new high-speed USB device number 81 using dummy_hcd
[  464.701721][ T5970] usb 1-1: Using ep0 maxpacket: 16
[  464.709315][ T5970] usb 1-1: config 0 has an invalid descriptor of length 55, skipping remainder of the config
[  464.722038][ T5970] usb 1-1: config 0 interface 0 altsetting 0 has an endpoint descriptor with address 0xA1, changing to 0x81
[  464.759237][ T5970] usb 1-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 52, changing to 9
[  464.790609][ T5970] usb 1-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid maxpacket 8241, setting to 1024
[  464.831333][ T5970] usb 1-1: New USB device found, idVendor=05ac, idProduct=9226, bcdDevice=b2.89
[  464.849033][ T5970] usb 1-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  464.882971][ T5970] usb 1-1: Product: syz
[  464.893433][ T5970] usb 1-1: Manufacturer: syz
[  464.917673][ T5970] usb 1-1: SerialNumber: syz
[  464.951137][ T5970] usb 1-1: config 0 descriptor??
[  465.172706][ T5970] appledisplay: Apple Cinema Display connected
[  465.556477][T20235] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy
[  465.567182][   T10] gp8psk: usb in 146 operation failed.
[  465.573215][   T10] gp8psk: failed to get FW version
[  465.581229][T20235] misc raw-gadget: fail, usb_gadget_register_driver returned -16
[  465.589558][   T10] gp8psk: usb in 149 operation failed.
[  465.596956][   T10] gp8psk: failed to get FPGA version
[  465.606552][   T10] gp8psk: usb in 138 operation failed.
[  465.613945][   T10] dvb-usb: This USB2.0 device cannot be run on a USB1.1 port. (it lacks a hardware PID filter)
[  465.625433][   T10] dvb-usb: Genpix SkyWalker-1 DVB-S receiver error while loading driver (-19)
[  465.699194][T20244] netlink: 8 bytes leftover after parsing attributes in process `syz.2.2613'.
[  465.710049][   T24] usb 2-1: new full-speed USB device number 77 using dummy_hcd
[  465.848703][   T10] usb 5-1: USB disconnect, device number 74
[  465.963481][   T48] wlan0: Trigger new scan to find an IBSS to join
[  466.139101][T20258] vlan3: entered promiscuous mode
[  467.129489][T20288] netlink: 20 bytes leftover after parsing attributes in process `syz.4.2619'.
[  467.342781][   T42] usb 1-1: USB disconnect, device number 81
[  467.342886][    C0] usb 1-1: appledisplay_complete - usb_submit_urb failed with result -19
[  467.397296][   T42] appledisplay: Apple Cinema Display disconnected
[  467.664490][   T24] usb 2-1: unable to get BOS descriptor or descriptor too short
[  467.687792][T20309] fuse: Bad value for 'fd'
[  467.694574][   T24] usb 2-1: unable to read config index 0 descriptor/start: -71
[  467.708931][   T24] usb 2-1: can't read configurations, error -71
[  467.903714][   T42] usb 1-1: new high-speed USB device number 82 using dummy_hcd
[  468.020072][ T5885] usb 5-1: new high-speed USB device number 75 using dummy_hcd
[  468.194930][ T5885] usb 5-1: New USB device found, idVendor=2304, idProduct=023e, bcdDevice=d7.69
[  468.230523][ T5885] usb 5-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  468.267184][ T5885] usb 5-1: Product: syz
[  468.298616][ T5885] usb 5-1: Manufacturer: syz
[  468.329513][ T5885] usb 5-1: SerialNumber: syz
[  468.368750][ T5885] usb 5-1: config 0 descriptor??
[  468.408136][ T5885] hub 5-1:0.0: bad descriptor, ignoring hub
[  468.444025][ T5885] hub 5-1:0.0: probe with driver hub failed with error -5
[  468.546042][T20332] xt_SECMARK: invalid mode: 2
[  468.682277][ T5885] dvb-usb: found a 'Pinnacle PCTV Hybrid Stick Solo' in warm state.
[  468.728318][ T5885] dvb-usb: will pass the complete MPEG2 transport stream to the software demuxer.
[  468.750533][ T5885] dvbdev: DVB: registering new adapter (Pinnacle PCTV Hybrid Stick Solo)
[  468.761045][ T5885] usb 5-1: media controller created
[  468.813371][ T5885] dvbdev: dvb_create_media_entity: media entity 'dvb-demux' registered.
[  468.841834][T20343] netlink: 'syz.1.2627': attribute type 13 has an invalid length.
[  468.891937][T20353] netlink: 4 bytes leftover after parsing attributes in process `syz.2.2628'.
[  468.914075][  T149] wlan0: Trigger new scan to find an IBSS to join
[  468.993275][ T5885] DVB: Unable to find symbol dib7000p_attach()
[  469.028799][ T5885] dvb-usb: no frontend was attached by 'Pinnacle PCTV Hybrid Stick Solo'
[  469.202441][ T5885] rc_core: IR keymap rc-dib0700-rc5 not found
[  469.213150][ T5885] Registered IR keymap rc-empty
[  469.219475][ T5885] dvb-usb: could not initialize remote control.
[  469.232215][ T5885] dvb-usb: Pinnacle PCTV Hybrid Stick Solo successfully initialized and connected.
[  469.510369][ T5970] usb 6-1: new full-speed USB device number 66 using dummy_hcd
[  469.659253][T20392] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy
[  469.686585][T20392] misc raw-gadget: fail, usb_gadget_register_driver returned -16
[  469.713135][ T5970] usb 6-1: config 16 interface 0 altsetting 0 endpoint 0x5 has invalid wMaxPacketSize 0
[  469.735454][T20392] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy
[  469.746572][ T5970] usb 6-1: config 16 interface 0 altsetting 0 has 2 endpoint descriptors, different from the interface descriptor's value: 3
[  469.766154][T20388] netlink: 190972 bytes leftover after parsing attributes in process `syz.1.2632'.
[  469.772829][T20392] misc raw-gadget: fail, usb_gadget_register_driver returned -16
[  469.779967][ T5970] usb 6-1: New USB device found, idVendor=ee8d, idProduct=db1a, bcdDevice=61.23
[  469.810264][ T1088] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50
[  469.831215][ T5970] usb 6-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  469.898376][T20389] netlink: 'syz.1.2632': attribute type 21 has an invalid length.
[  469.910865][T20400] x_tables: duplicate underflow at hook 4
[  469.957933][T20389] netlink: 128 bytes leftover after parsing attributes in process `syz.1.2632'.
[  470.022838][T20389] netlink: 'syz.1.2632': attribute type 5 has an invalid length.
[  470.060364][T20359] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy
[  470.101984][T20389] netlink: 3 bytes leftover after parsing attributes in process `syz.1.2632'.
[  470.117125][T20359] misc raw-gadget: fail, usb_gadget_register_driver returned -16
[  470.136873][ T5970] usb 6-1: GET_CAPABILITIES returned 0
[  470.148124][ T5970] usbtmc 6-1:16.0: can't read capabilities
[  470.353123][ T5970] usb 6-1: USB disconnect, device number 66
[  471.014373][T20455] kvm: user requested TSC rate below hardware speed
[  471.151224][   T10] usb 2-1: new high-speed USB device number 79 using dummy_hcd
[  471.357790][   T10] usb 2-1: New USB device found, idVendor=0424, idProduct=7850, bcdDevice= 0.00
[  471.381362][   T10] usb 2-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  471.409834][   T10] usb 2-1: Product: syz
[  471.429348][   T10] usb 2-1: Manufacturer: syz
[  471.446800][   T10] usb 2-1: SerialNumber: syz
[  471.640570][T20473] netlink: 'syz.5.2639': attribute type 13 has an invalid length.
[  471.700447][   T42] usb 5-1: USB disconnect, device number 75
[  471.948188][   T42] dvb-usb: Pinnacle PCTV Hybrid Stick Solo successfully deinitialized and disconnected.
[  471.949596][   T10] lan78xx 2-1:1.0 (unnamed net_device) (uninitialized): Failed to read register index 0x00000098. ret = -EPIPE
[  472.061581][   T10] lan78xx 2-1:1.0 (unnamed net_device) (uninitialized): Failed to sync IRQ enable register: -EPIPE
[  472.322670][T20505] netlink: 12 bytes leftover after parsing attributes in process `syz.4.2642'.
[  472.372458][T20505] ipvlan2: entered allmulticast mode
[  472.379227][T20505] bond0: entered allmulticast mode
[  472.386046][T20505] bond_slave_0: entered allmulticast mode
[  472.393782][T20505] bond_slave_1: entered allmulticast mode
[  472.406261][T20505] 8021q: adding VLAN 0 to HW filter on device ipvlan2
[  472.421206][T20505] bond0: (slave ipvlan2): enslaved VLAN challenged slave. Adding VLANs will be blocked as long as it is part of bond.
[  472.528627][   T10] lan78xx 2-1:1.0 (unnamed net_device) (uninitialized): Failed to read register index 0x00000010. ret = -EPIPE
[  472.567877][   T10] lan78xx 2-1:1.0 (unnamed net_device) (uninitialized): Registers INIT FAILED....
[  472.604530][   T10] lan78xx 2-1:1.0 (unnamed net_device) (uninitialized): Bind routine FAILED
[  472.658951][   T10] lan78xx 2-1:1.0: probe with driver lan78xx failed with error -32
[  472.931923][T20523] netlink: 'syz.2.2645': attribute type 9 has an invalid length.
[  473.140494][T20535] xt_hashlimit: size too large, truncated to 1048576
[  473.371295][   T10] usb 1-1: new full-speed USB device number 83 using dummy_hcd
[  473.387619][T20540] netlink: 8 bytes leftover after parsing attributes in process `syz.1.2635'.
[  473.533185][   T10] usb 1-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0
[  473.547955][   T10] usb 1-1: New USB device found, idVendor=046d, idProduct=c31c, bcdDevice= 0.40
[  473.559282][   T10] usb 1-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  473.577794][   T10] usb 1-1: config 0 descriptor??
[  473.597428][   T10] hub 1-1:0.0: bad descriptor, ignoring hub
[  473.614284][   T10] hub 1-1:0.0: probe with driver hub failed with error -5
[  473.639149][   T10] usbhid 1-1:0.0: couldn't find an input interrupt endpoint
[  473.794357][   T29] audit: type=1800 audit(1776236973.425:341): pid=20530 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed comm="syz.0.2647" name="SYSV00000000" dev="tmpfs" ino=4 res=0 errno=0
[  474.070226][ T5885] usb 5-1: new high-speed USB device number 76 using dummy_hcd
[  474.141651][T20592] FAULT_INJECTION: forcing a failure.
[  474.141651][T20592] name fail_page_alloc, interval 1, probability 0, space 0, times 0
[  474.171049][T20592] CPU: 1 UID: 0 PID: 20592 Comm: syz.2.2654 Tainted: G             L      syzkaller #0 PREEMPT(full) 
[  474.171069][T20592] Tainted: [L]=SOFTLOCKUP
[  474.171073][T20592] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 03/18/2026
[  474.171080][T20592] Call Trace:
[  474.171084][T20592]  <TASK>
[  474.171089][T20592]  dump_stack_lvl+0xe8/0x150
[  474.171109][T20592]  should_fail_ex+0x412/0x560
[  474.171124][T20592]  prepare_alloc_pages+0x22a/0x650
[  474.171142][T20592]  __alloc_frozen_pages_noprof+0x12f/0x380
[  474.171157][T20592]  ? __pfx___alloc_frozen_pages_noprof+0x10/0x10
[  474.171172][T20592]  ? __pfx_policy_nodemask+0x10/0x10
[  474.171191][T20592]  alloc_pages_mpol+0x232/0x4a0
[  474.171207][T20592]  folio_alloc_mpol_noprof+0x39/0x70
[  474.171223][T20592]  shmem_alloc_and_add_folio+0x442/0xf80
[  474.171237][T20592]  ? filemap_get_entry+0xca/0x320
[  474.171248][T20592]  ? filemap_get_entry+0xca/0x320
[  474.171260][T20592]  ? filemap_get_entry+0x2ac/0x320
[  474.171270][T20592]  ? __pfx_filemap_get_entry+0x10/0x10
[  474.171282][T20592]  ? __pfx_shmem_alloc_and_add_folio+0x10/0x10
[  474.171295][T20592]  ? shmem_allowable_huge_orders+0x5ec/0x690
[  474.171308][T20592]  shmem_get_folio_gfp+0x5a9/0x1670
[  474.171327][T20592]  shmem_fault+0x179/0x390
[  474.171343][T20592]  __do_fault+0x138/0x390
[  474.171356][T20592]  do_pte_missing+0x5c4/0x3490
[  474.171374][T20592]  ? handle_mm_fault+0xee/0x3310
[  474.171385][T20592]  handle_mm_fault+0x1bec/0x3310
[  474.171401][T20592]  ? handle_mm_fault+0xee/0x3310
[  474.171415][T20592]  ? __pfx_handle_mm_fault+0x10/0x10
[  474.171425][T20592]  ? follow_page_pte+0x841/0x1450
[  474.171439][T20592]  ? __pfx_follow_page_pte+0x10/0x10
[  474.171453][T20592]  __get_user_pages+0x165b/0x29d0
[  474.171504][T20592]  faultin_page_range+0x240/0x8c0
[  474.171524][T20592]  madvise_do_behavior+0x2e5/0x540
[  474.171545][T20592]  ? __pfx_madvise_do_behavior+0x10/0x10
[  474.171574][T20592]  ? down_read+0x270/0x2e0
[  474.171593][T20592]  ? madvise_lock+0x146/0x2e0
[  474.171619][T20592]  do_madvise+0x1fa/0x2e0
[  474.171639][T20592]  ? __pfx_do_madvise+0x10/0x10
[  474.171679][T20592]  ? __pfx_ksys_write+0x10/0x10
[  474.171704][T20592]  ? entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  474.171718][T20592]  __x64_sys_madvise+0xa6/0xc0
[  474.171732][T20592]  do_syscall_64+0x15f/0xf80
[  474.171743][T20592]  ? trace_irq_disable+0x3b/0x140
[  474.171753][T20592]  ? clear_bhb_loop+0x40/0x90
[  474.171765][T20592]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  474.171775][T20592] RIP: 0033:0x7fe2d159c819
[  474.171785][T20592] Code: ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 e8 ff ff ff f7 d8 64 89 01 48
[  474.171794][T20592] RSP: 002b:00007fe2d23d3028 EFLAGS: 00000246 ORIG_RAX: 000000000000001c
[  474.171806][T20592] RAX: ffffffffffffffda RBX: 00007fe2d1815fa0 RCX: 00007fe2d159c819
[  474.171813][T20592] RDX: 0000000000000017 RSI: 0000000000c00304 RDI: 0000200000000000
[  474.171827][T20592] RBP: 00007fe2d23d3090 R08: 0000000000000000 R09: 0000000000000000
[  474.171833][T20592] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000002
[  474.171843][T20592] R13: 00007fe2d1816038 R14: 00007fe2d1815fa0 R15: 00007fe2d193fa48
[  474.171858][T20592]  </TASK>
[  474.840074][ T5885] usb 5-1: Using ep0 maxpacket: 16
[  474.848025][ T5885] usb 5-1: config 0 has no interfaces?
[  474.881523][ T5885] usb 5-1: New USB device found, idVendor=2040, idProduct=b138, bcdDevice= 1.42
[  474.891405][ T5885] usb 5-1: New USB device strings: Mfr=4, Product=0, SerialNumber=0
[  474.893725][   T10] usb 2-1: USB disconnect, device number 79
[  474.900497][ T5885] usb 5-1: Manufacturer: syz
[  474.970320][ T5885] usb 5-1: config 0 descriptor??
[  475.351992][T20557] A link change request failed with some changes committed already. Interface caif0 may have been left with an inconsistent configuration, please check.
[  475.421144][T20557] A link change request failed with some changes committed already. Interface caif0 may have been left with an inconsistent configuration, please check.
[  475.452264][ T5885] usb 2-1: new high-speed USB device number 80 using dummy_hcd
[  475.633598][ T5885] usb 2-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7
[  475.645318][ T5885] usb 2-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0
[  475.656878][ T5885] usb 2-1: New USB device found, idVendor=1e7d, idProduct=2cf6, bcdDevice= 0.00
[  475.667531][ T5885] usb 2-1: New USB device strings: Mfr=4, Product=0, SerialNumber=0
[  475.676156][ T5885] usb 2-1: Manufacturer: syz
[  475.683952][ T5885] usb 2-1: config 0 descriptor??
[  476.099317][ T5885] usbhid 2-1:0.0: can't add hid device: -32
[  476.128206][ T5885] usbhid 2-1:0.0: probe with driver usbhid failed with error -32
[  476.229435][ T5885] usb 2-1: USB disconnect, device number 80
[  476.246513][ T5906] usb 1-1: USB disconnect, device number 83
[  476.773117][ T5885] usb 5-1: USB disconnect, device number 76
[  477.140917][ T5906] usb 2-1: new high-speed USB device number 81 using dummy_hcd
[  477.269958][T20707] vlan3: entered promiscuous mode
[  477.295290][T20707] bridge0: entered promiscuous mode
[  477.335015][ T5906] usb 2-1: New USB device found, idVendor=0424, idProduct=7850, bcdDevice= 0.00
[  477.346634][ T5906] usb 2-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  477.364483][ T5906] usb 2-1: Product: syz
[  477.370415][ T5906] usb 2-1: Manufacturer: syz
[  477.377229][ T5906] usb 2-1: SerialNumber: syz
[  477.735052][T20731] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy
[  477.745283][T20731] misc raw-gadget: fail, usb_gadget_register_driver returned -16
[  477.801895][ T5906] lan78xx 2-1:1.0 (unnamed net_device) (uninitialized): Failed to read register index 0x00000098. ret = -EPIPE
[  477.814095][ T5906] lan78xx 2-1:1.0 (unnamed net_device) (uninitialized): Failed to sync IRQ enable register: -EPIPE
[  478.173307][T20774] IPVS: wrr: UDP 224.0.0.2:0 - no destination available
[  478.210007][ T5885] usb 1-1: new high-speed USB device number 84 using dummy_hcd
[  478.229551][ T5906] lan78xx 2-1:1.0 (unnamed net_device) (uninitialized): Failed to read register index 0x00000010. ret = -EPIPE
[  478.251767][ T5906] lan78xx 2-1:1.0 (unnamed net_device) (uninitialized): Registers INIT FAILED....
[  478.270726][ T5906] lan78xx 2-1:1.0 (unnamed net_device) (uninitialized): Bind routine FAILED
[  478.281897][ T5906] lan78xx 2-1:1.0: probe with driver lan78xx failed with error -32
[  478.371153][ T5885] usb 1-1: Using ep0 maxpacket: 16
[  478.382724][ T5885] usb 1-1: config 0 has no interfaces?
[  478.395414][ T5885] usb 1-1: New USB device found, idVendor=2040, idProduct=b138, bcdDevice= 1.42
[  478.411481][ T5885] usb 1-1: New USB device strings: Mfr=4, Product=0, SerialNumber=0
[  478.430563][ T5885] usb 1-1: Manufacturer: syz
[  478.452898][ T5885] usb 1-1: config 0 descriptor??
[  478.659282][T20796] netlink: 24 bytes leftover after parsing attributes in process `syz.2.2682'.
[  478.689702][ T5885] usb 1-1: USB disconnect, device number 84
[  478.992745][T20817] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy
[  479.024166][T20817] misc raw-gadget: fail, usb_gadget_register_driver returned -16
[  479.036555][T20820] netlink: 8 bytes leftover after parsing attributes in process `syz.1.2666'.
[  479.052180][T20817] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy
[  479.068410][T20817] misc raw-gadget: fail, usb_gadget_register_driver returned -16
[  479.153614][  T149] wlan0: No active IBSS STAs - trying to scan for other IBSS networks with same SSID (merge)
[  479.609171][T20834] IPVS: wrr: UDP 224.0.0.2:0 - no destination available
[  480.060329][ T5950] usb 5-1: new high-speed USB device number 77 using dummy_hcd
[  480.080118][ T5906] usb 1-1: new low-speed USB device number 85 using dummy_hcd
[  480.175650][   T10] usb 2-1: USB disconnect, device number 81
[  480.240405][ T5906] usb 1-1: device descriptor read/64, error -71
[  480.252581][ T5950] usb 5-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7
[  480.275128][ T5950] usb 5-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0
[  480.302599][ T5950] usb 5-1: New USB device found, idVendor=1e7d, idProduct=2cf6, bcdDevice= 0.00
[  480.322835][ T5950] usb 5-1: New USB device strings: Mfr=4, Product=0, SerialNumber=0
[  480.357762][ T5950] usb 5-1: Manufacturer: syz
[  480.372577][ T5950] usb 5-1: config 0 descriptor??
[  480.510823][ T5906] usb 1-1: new low-speed USB device number 86 using dummy_hcd
[  480.631381][   T10] usb 2-1: new high-speed USB device number 82 using dummy_hcd
[  480.661257][ T5906] usb 1-1: device descriptor read/64, error -71
[  480.742982][T20899] veth0_to_batadv: Caught tx_queue_len zero misconfig
[  480.780385][ T5906] usb usb1-port1: attempt power cycle
[  480.794019][ T5950] usbhid 5-1:0.0: can't add hid device: -32
[  480.806027][ T5950] usbhid 5-1:0.0: probe with driver usbhid failed with error -32
[  480.813768][   T10] usb 2-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7
[  480.813800][   T10] usb 2-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0
[  480.813820][   T10] usb 2-1: config 0 interface 0 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 21
[  480.813857][   T10] usb 2-1: New USB device found, idVendor=047f, idProduct=ffff, bcdDevice= 0.00
[  480.813878][   T10] usb 2-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  480.818152][   T10] usb 2-1: config 0 descriptor??
[  480.872340][ T5970] usb 6-1: new high-speed USB device number 67 using dummy_hcd
[  480.888722][ T5899] usb 5-1: USB disconnect, device number 77
[  480.893628][T20903] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy
[  480.918214][T20903] misc raw-gadget: fail, usb_gadget_register_driver returned -16
[  480.942257][T20903] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy
[  480.954193][T20903] misc raw-gadget: fail, usb_gadget_register_driver returned -16
[  480.990703][T20903] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy
[  481.003194][T20903] misc raw-gadget: fail, usb_gadget_register_driver returned -16
[  481.030106][ T5970] usb 6-1: Using ep0 maxpacket: 32
[  481.037592][ T5970] usb 6-1: config 0 has an invalid interface number: 184 but max is 0
[  481.046935][ T5970] usb 6-1: config 0 has no interface number 0
[  481.053377][ T5970] usb 6-1: config 0 interface 184 has no altsetting 0
[  481.062456][ T5970] usb 6-1: New USB device found, idVendor=0424, idProduct=7500, bcdDevice=69.ee
[  481.073305][ T5970] usb 6-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  481.081590][ T5970] usb 6-1: Product: syz
[  481.085839][ T5970] usb 6-1: Manufacturer: syz
[  481.091349][ T5970] usb 6-1: SerialNumber: syz
[  481.098392][ T5970] usb 6-1: config 0 descriptor??
[  481.150110][ T5906] usb 1-1: new low-speed USB device number 87 using dummy_hcd
[  481.180790][ T5906] usb 1-1: device descriptor read/8, error -71
[  481.440312][ T5906] usb 1-1: new low-speed USB device number 88 using dummy_hcd
[  481.460967][ T5906] usb 1-1: device descriptor read/8, error -71
[  481.580966][ T5906] usb usb1-port1: unable to enumerate USB device
[  481.601113][T20938] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy
[  481.610997][T20938] misc raw-gadget: fail, usb_gadget_register_driver returned -16
[  481.681283][T20942] netlink: 8 bytes leftover after parsing attributes in process `syz.2.2705'.
[  481.921227][ T5970] smsc75xx 6-1:0.184 (unnamed net_device) (uninitialized): Failed to read reg index 0x00000040: -32
[  481.943998][ T5970] smsc75xx 6-1:0.184 (unnamed net_device) (uninitialized): Error reading E2P_CMD
[  481.972992][   T10] usbhid 2-1:0.0: can't add hid device: -71
[  481.979352][   T10] usbhid 2-1:0.0: probe with driver usbhid failed with error -71
[  482.007685][   T10] usb 2-1: USB disconnect, device number 82
[  482.777521][ T5970] smsc75xx 6-1:0.184 (unnamed net_device) (uninitialized): Failed to read reg index 0x00000014: -71
[  482.801494][ T5970] smsc75xx 6-1:0.184 (unnamed net_device) (uninitialized): Failed to read PMT_CTL: -71
[  482.818895][ T5970] smsc75xx 6-1:0.184 (unnamed net_device) (uninitialized): smsc75xx_reset error -71
[  482.842571][ T5970] smsc75xx 6-1:0.184: probe with driver smsc75xx failed with error -71
[  482.882256][ T5970] usb 6-1: USB disconnect, device number 67
[  482.950706][T20972] IPVS: rr: FWM 3 0x00000003 - no destination available
[  482.968843][T20972] IPVS: rr: FWM 3 0x00000003 - no destination available
[  483.176577][T20979] xt_hashlimit: size too large, truncated to 1048576
[  483.555956][T20993] netlink: 4 bytes leftover after parsing attributes in process `syz.5.2712'.
[  483.950107][ T5970] usb 2-1: new high-speed USB device number 83 using dummy_hcd
[  484.141693][ T5970] usb 2-1: config 27 interface 0 altsetting 0 endpoint 0x8B has an invalid bInterval 0, changing to 7
[  484.174785][ T5970] usb 2-1: config 27 interface 0 altsetting 0 bulk endpoint 0xB has invalid maxpacket 47
[  484.185377][ T5970] usb 2-1: New USB device found, idVendor=0582, idProduct=0014, bcdDevice=bb.9d
[  484.257149][ T5970] usb 2-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  484.294451][T21001] raw-gadget.0 gadget.1: fail, usb_ep_enable returned -22
[  484.354645][ T5970] usb 2-1: Quirk or no altset; falling back to MIDI 1.0
[  484.497824][T21035] netlink: 'syz.5.2719': attribute type 13 has an invalid length.
[  484.538833][T21001] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy
[  484.613360][T21001] misc raw-gadget: fail, usb_gadget_register_driver returned -16
[  484.730357][T21053] netlink: 'syz.5.2719': attribute type 1 has an invalid length.
[  484.771422][T21053] netlink: 'syz.5.2719': attribute type 1 has an invalid length.
[  484.829707][T21064] netlink: 212368 bytes leftover after parsing attributes in process `syz.4.2722'.
[  485.887850][T21102] netlink: 88 bytes leftover after parsing attributes in process `syz.4.2730'.
[  486.136262][T21105] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy
[  486.172088][T21105] misc raw-gadget: fail, usb_gadget_register_driver returned -16
[  486.297669][T21125] netlink: 'syz.0.2734': attribute type 9 has an invalid length.
[  486.310876][T21113] bridge0: port 4(syz_tun) entered blocking state
[  486.317418][T21113] bridge0: port 4(syz_tun) entered forwarding state
[  486.324305][T21113] bridge0: port 2(bridge_slave_1) entered blocking state
[  486.332891][T21113] bridge0: port 2(bridge_slave_1) entered forwarding state
[  486.340393][T21113] bridge0: port 1(bridge_slave_0) entered blocking state
[  486.347485][T21113] bridge0: port 1(bridge_slave_0) entered forwarding state
[  486.372664][T21113] bridge0: entered allmulticast mode
[  486.650262][ T5906] usb 2-1: USB disconnect, device number 83
[  486.764636][T21144] netlink: 'syz.1.2736': attribute type 1 has an invalid length.
[  486.776354][T21144] openvswitch: netlink: Flow actions may not be safe on all matching packets.
[  487.017429][T21165] loop7: detected capacity change from 0 to 7
[  487.070733][   T10] usb 1-1: new high-speed USB device number 89 using dummy_hcd
[  487.232260][T21165] Dev loop7: unable to read RDB block 7
[  487.240464][T21165]  loop7: unable to read partition table
[  487.260614][T21165] loop7: partition table beyond EOD, truncated
[  487.282028][T21165] loop_reread_partitions: partition scan of loop7 (úùƒå¡™‰ü�¾CêjÌ–ã¢P=ý?ã}X‹ºÐ	œëÜ%õ«`ÉæÖ€ù…ˆ{í©Ö�˜Èµ4FLQkÝŠ) failed (rc=-5)
[  487.282660][   T10] usb 1-1: New USB device found, idVendor=0bda, idProduct=8150, bcdDevice= 0.00
[  487.384305][   T10] usb 1-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  487.424415][   T10] usb 1-1: Product: syz
[  487.438616][   T10] usb 1-1: Manufacturer: syz
[  487.447457][   T10] usb 1-1: SerialNumber: syz
[  487.536917][T21188] netlink: 16 bytes leftover after parsing attributes in process `syz.1.2743'.
[  487.707865][   T10] rtl8150 1-1:1.0: couldn't reset the device
[  487.728454][   T10] rtl8150 1-1:1.0: probe with driver rtl8150 failed with error -5
[  487.748775][   T10] usb 1-1: USB disconnect, device number 89
[  487.840899][ T5906] usb 6-1: new high-speed USB device number 68 using dummy_hcd
[  488.010002][ T5906] usb 6-1: Using ep0 maxpacket: 32
[  488.017007][ T5906] usb 6-1: config 116 has an invalid interface number: 203 but max is 0
[  488.027447][ T5906] usb 6-1: config 116 has no interface number 0
[  488.039348][ T5906] usb 6-1: New USB device found, idVendor=1bc7, idProduct=10b0, bcdDevice=60.4d
[  488.051230][ T5906] usb 6-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  488.059784][ T5906] usb 6-1: Product: syz
[  488.064875][ T5906] usb 6-1: Manufacturer: syz
[  488.074896][ T5906] usb 6-1: SerialNumber: syz
[  488.296230][ T5906] option 6-1:116.203: GSM modem (1-port) converter detected
[  488.492928][ T5906] usb 6-1: USB disconnect, device number 68
[  488.510151][ T5906] option 6-1:116.203: device disconnected
[  488.523664][T21240] netlink: 8 bytes leftover after parsing attributes in process `syz.0.2752'.
[  489.201106][T21276] netlink: 'syz.4.2760': attribute type 10 has an invalid length.
[  489.475405][ T5147] Bluetooth: hci5: unexpected cc 0x0c03 length: 249 > 1
[  489.505742][ T5147] Bluetooth: hci5: unexpected cc 0x1003 length: 249 > 9
[  489.517940][ T5147] Bluetooth: hci5: unexpected cc 0x1001 length: 249 > 9
[  489.529663][ T5147] Bluetooth: hci5: unexpected cc 0x0c23 length: 249 > 4
[  489.537707][ T5147] Bluetooth: hci5: unexpected cc 0x0c38 length: 249 > 2
[  489.881666][ T5950] usb 2-1: new high-speed USB device number 84 using dummy_hcd
[  489.995691][  T149] netdevsim netdevsim0 netdevsim3 (unregistering): unset [0, 0] type 1 family 0 port 8472 - 0
[  490.008489][  T149] netdevsim netdevsim0 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  490.010079][T21337] netlink: 24 bytes leftover after parsing attributes in process `syz.4.2763'.
[  490.065870][ T5950] usb 2-1: config 0 interface 0 altsetting 0 endpoint 0x7 has invalid wMaxPacketSize 0
[  490.075910][T21287] chnl_net:caif_netlink_parms(): no params data found
[  490.095256][ T5950] usb 2-1: config 0 interface 0 altsetting 0 bulk endpoint 0x7 has invalid maxpacket 0
[  490.153147][ T5950] usb 2-1: config 0 interface 0 altsetting 0 endpoint 0x89 has invalid wMaxPacketSize 0
[  490.200733][ T5950] usb 2-1: config 0 interface 0 altsetting 0 bulk endpoint 0x89 has invalid maxpacket 0
[  490.219519][ T5950] usb 2-1: New USB device found, idVendor=2040, idProduct=4900, bcdDevice=4d.8b
[  490.230948][ T5950] usb 2-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  490.247506][ T5950] usb 2-1: config 0 descriptor??
[  490.297898][  T149] netdevsim netdevsim0 netdevsim2 (unregistering): unset [0, 0] type 1 family 0 port 8472 - 0
[  490.324997][  T149] netdevsim netdevsim0 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  490.383610][T21398] hsr0: entered promiscuous mode
[  490.476322][ T5950] hdpvr 2-1:0.0: firmware version 0x15 dated Š–¸&S¶3;¨“Ãx&X^„œ	wÒΖŠg/ƒµn#»†
[  490.490225][   T42] usb 5-1: new high-speed USB device number 78 using dummy_hcd
[  490.503330][  T149] netdevsim netdevsim0 netdevsim1 (unregistering): unset [0, 0] type 1 family 0 port 8472 - 0
[  490.519579][  T149] netdevsim netdevsim0 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  490.581438][T21287] bridge0: port 1(bridge_slave_0) entered blocking state
[  490.594920][T21287] bridge0: port 1(bridge_slave_0) entered disabled state
[  490.615197][T21287] bridge_slave_0: entered allmulticast mode
[  490.632369][T21287] bridge_slave_0: entered promiscuous mode
[  490.667614][   T42] usb 5-1: unable to get BOS descriptor or descriptor too short
[  490.678562][   T42] usb 5-1: config 9 has an invalid interface number: 242 but max is 0
[  490.683956][T21291] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy
[  490.694867][   T42] usb 5-1: config 9 has no interface number 0
[  490.707421][T21291] misc raw-gadget: fail, usb_gadget_register_driver returned -16
[  490.712961][   T42] usb 5-1: config 9 interface 242 has no altsetting 0
[  490.727318][  T149] netdevsim netdevsim0 netdevsim0 (unregistering): unset [0, 0] type 1 family 0 port 8472 - 0
[  490.751044][ T5950] hdpvr 2-1:0.0: device init failed
[  490.761359][ T5950] hdpvr 2-1:0.0: probe with driver hdpvr failed with error -12
[  490.770982][  T149] netdevsim netdevsim0 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  490.784741][   T42] usb 5-1: New USB device found, idVendor=0af0, idProduct=7041, bcdDevice=d0.f9
[  490.797686][   T42] usb 5-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  490.808023][ T5950] usb 2-1: USB disconnect, device number 84
[  490.817603][   T42] usb 5-1: Product: syz
[  490.829610][   T42] usb 5-1: Manufacturer: syz
[  490.853358][   T42] usb 5-1: SerialNumber: syz
[  490.890206][T21287] bridge0: port 2(bridge_slave_1) entered blocking state
[  490.911357][T21287] bridge0: port 2(bridge_slave_1) entered disabled state
[  490.929086][T21287] bridge_slave_1: entered allmulticast mode
[  490.947636][T21287] bridge_slave_1: entered promiscuous mode
[  491.029767][T21287] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link
[  491.053022][T21287] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link
[  491.080104][T21388] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy
[  491.105784][T21388] misc raw-gadget: fail, usb_gadget_register_driver returned -16
[  491.167052][   T42] usb 5-1: USB disconnect, device number 78
[  491.222315][T21287] team0: Port device team_slave_0 added
[  491.249084][T21287] team0: Port device team_slave_1 added
[  491.505156][T21532] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy
[  491.528865][T21287] batman_adv: batadv0: Adding interface: batadv_slave_0
[  491.543260][T21287] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1532 would solve the problem.
[  491.575898][T21532] misc raw-gadget: fail, usb_gadget_register_driver returned -16
[  491.576730][T21287] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active
[  491.640599][ T5147] Bluetooth: hci5: command tx timeout
[  491.688167][T21287] batman_adv: batadv0: Adding interface: batadv_slave_1
[  491.703670][T21287] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1532 would solve the problem.
[  491.765224][T21287] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active
[  491.860079][  T149] vlan2: left allmulticast mode
[  491.877390][  T149] geneve0: left allmulticast mode
[  491.891957][  T149] bridge0: port 1(vlan2) entered disabled state
[  492.529594][T21565] xt_hashlimit: size too large, truncated to 1048576
[  493.088867][  T149] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface
[  493.103806][  T149] bond_slave_0: left allmulticast mode
[  493.114625][  T149] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface
[  493.126541][  T149] bond_slave_1: left allmulticast mode
[  493.139575][  T149] bond0 (unregistering): (slave wlan1): Releasing backup interface
[  493.153324][  T149] mac80211_hwsim hwsim11 wlan1: left allmulticast mode
[  493.190052][ T5970] usb 6-1: new full-speed USB device number 69 using dummy_hcd
[  493.209510][  T149] bond0 (unregistering): Released all slaves
[  493.307300][T21586] netlink: 4 bytes leftover after parsing attributes in process `syz.2.2780'.
[  493.348798][T21287] hsr_slave_0: entered promiscuous mode
[  493.370687][T21287] hsr_slave_1: entered promiscuous mode
[  493.383498][T21287] debugfs: 'hsr0' already exists in 'hsr'
[  493.389544][T21287] Cannot create hsr debugfs directory
[  493.391460][ T5970] usb 6-1: config 16 interface 0 altsetting 0 endpoint 0x5 has invalid wMaxPacketSize 0
[  493.442159][ T5970] usb 6-1: config 16 interface 0 altsetting 0 has 2 endpoint descriptors, different from the interface descriptor's value: 3
[  493.489238][  T149] tipc: Left network mode
[  493.518035][ T5970] usb 6-1: New USB device found, idVendor=ee8d, idProduct=db1a, bcdDevice=61.23
[  493.541398][ T5970] usb 6-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  493.679805][T21635] PKCS7: Unknown OID: [4] 5.25.287.112.81.102.117.87.150326315.2007.15776.1
[  493.720140][ T5147] Bluetooth: hci5: command tx timeout
[  493.754821][T21635] PKCS7: Only support pkcs7_signedData type
[  493.943926][T21571] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy
[  493.961104][T21571] misc raw-gadget: fail, usb_gadget_register_driver returned -16
[  494.016813][ T5970] usb 6-1: GET_CAPABILITIES returned 0
[  494.053622][ T5970] usbtmc 6-1:16.0: can't read capabilities
[  494.287182][ T5950] usb 6-1: USB disconnect, device number 69
[  495.301825][T21749] netlink: 88 bytes leftover after parsing attributes in process `syz.4.2787'.
[  495.790348][ T5147] Bluetooth: hci5: command tx timeout
[  496.041243][  T149] hsr_slave_0: left promiscuous mode
[  496.055680][  T149] hsr_slave_1: left promiscuous mode
[  496.068801][  T149] batman_adv: batadv0: Removing interface: batadv_slave_0
[  496.102201][  T149] batman_adv: batadv0: Interface deactivated: batadv_slave_1
[  496.113490][  T149] batman_adv: batadv0: Removing interface: batadv_slave_1
[  496.152391][  T149] veth1_macvtap: left promiscuous mode
[  496.167971][  T149] veth0_macvtap: left promiscuous mode
[  496.190595][  T149] veth0_vlan: left promiscuous mode
[  496.726388][  T149] pimreg (unregistering): left allmulticast mode
[  496.745772][T21808] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy
[  496.773386][T21808] misc raw-gadget: fail, usb_gadget_register_driver returned -16
[  497.131325][  T149] team0 (unregistering): Port device team_slave_1 removed
[  497.164924][  T149] team0 (unregistering): Port device team_slave_0 removed
[  497.220434][ T5906] usb 2-1: new low-speed USB device number 85 using dummy_hcd
[  497.394082][ T5906] usb 2-1: Invalid ep0 maxpacket: 32
[  497.566167][T21287] netdevsim netdevsim0 netdevsim0: renamed from eth0
[  497.570985][ T5906] usb 2-1: new low-speed USB device number 86 using dummy_hcd
[  497.635880][T21287] netdevsim netdevsim0 netdevsim1: renamed from eth1
[  497.649594][T21850] netlink: 8 bytes leftover after parsing attributes in process `syz.2.2800'.
[  497.673378][T21287] netdevsim netdevsim0 netdevsim2: renamed from eth2
[  497.715428][T21287] netdevsim netdevsim0 netdevsim3: renamed from eth3
[  497.751496][ T5906] usb 2-1: Invalid ep0 maxpacket: 32
[  497.757382][ T5906] usb usb2-port1: attempt power cycle
[  497.870112][ T5147] Bluetooth: hci5: command tx timeout
[  497.927462][T21862] netlink: 12 bytes leftover after parsing attributes in process `syz.4.2801'.
[  497.929414][  T149] IPVS: stop unused estimator thread 0...
[  497.963262][T21287] 8021q: adding VLAN 0 to HW filter on device bond0
[  498.009563][T21287] 8021q: adding VLAN 0 to HW filter on device team0
[  498.038636][T21868] netlink: 212368 bytes leftover after parsing attributes in process `syz.4.2803'.
[  498.052318][ T1101] bridge0: port 1(bridge_slave_0) entered blocking state
[  498.059432][ T1101] bridge0: port 1(bridge_slave_0) entered forwarding state
[  498.076530][ T6567] bridge0: port 2(bridge_slave_1) entered blocking state
[  498.083897][ T6567] bridge0: port 2(bridge_slave_1) entered forwarding state
[  498.095461][T21870] netlink: 'syz.2.2802': attribute type 10 has an invalid length.
[  498.120065][ T5906] usb 2-1: new low-speed USB device number 87 using dummy_hcd
[  498.143179][ T5906] usb 2-1: Invalid ep0 maxpacket: 32
[  498.206568][T21287] 8021q: adding VLAN 0 to HW filter on device batadv0
[  498.246373][T21287] veth0_vlan: entered promiscuous mode
[  498.258116][T21287] veth1_vlan: entered promiscuous mode
[  498.280067][ T5906] usb 2-1: new low-speed USB device number 88 using dummy_hcd
[  498.289672][T21287] veth0_macvtap: entered promiscuous mode
[  498.301865][T21287] veth1_macvtap: entered promiscuous mode
[  498.312651][ T5906] usb 2-1: Invalid ep0 maxpacket: 32
[  498.324607][T21287] batman_adv: batadv0: Interface activated: batadv_slave_0
[  498.332235][ T5906] usb usb2-port1: unable to enumerate USB device
[  498.347242][T21287] batman_adv: batadv0: Interface activated: batadv_slave_1
[  498.364025][ T6566] netdevsim netdevsim0 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0
[  498.374142][ T6566] netdevsim netdevsim0 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0
[  498.385482][ T6566] netdevsim netdevsim0 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0
[  498.395581][ T6566] netdevsim netdevsim0 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0
[  498.404872][   T42] usb 5-1: new full-speed USB device number 79 using dummy_hcd
[  498.513953][ T6566] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[  498.522957][ T6566] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50
[  498.555491][ T6566] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[  498.564590][ T6566] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50
[  498.565765][   T42] usb 5-1: config 5 has an invalid interface number: 123 but max is 0
[  498.584094][   T42] usb 5-1: config 5 has no interface number 0
[  498.600766][   T42] usb 5-1: config 5 interface 123 altsetting 7 has an endpoint descriptor with address 0xEB, changing to 0x8B
[  498.631292][   T42] usb 5-1: config 5 interface 123 altsetting 7 endpoint 0x4 has invalid wMaxPacketSize 0
[  498.645711][   T42] usb 5-1: config 5 interface 123 has no altsetting 0
[  498.664571][   T42] usb 5-1: New USB device found, idVendor=3923, idProduct=718a, bcdDevice=d8.d7
[  498.680560][   T42] usb 5-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  498.688880][   T42] usb 5-1: Product: syz
[  498.693833][   T42] usb 5-1: Manufacturer: syz
[  498.698501][   T42] usb 5-1: SerialNumber: syz
[  498.743647][T21896] loop2: detected capacity change from 0 to 7
[  498.767251][T21896] Dev loop2: unable to read RDB block 7
[  498.782721][T21896]  loop2: AHDI p1 p2 p3
[  498.795394][T21896] loop2: partition table partially beyond EOD, truncated
[  498.796771][T21898] netlink: 28 bytes leftover after parsing attributes in process `syz.0.2758'.
[  498.829021][T21896] loop2: p1 start 1818582900 is beyond EOD, truncated
[  498.844951][T21896] loop2: p3 start 335544320 is beyond EOD, truncated
[  498.971458][   T42] ni6501 5-1:5.123: driver 'ni6501' failed to auto-configure device.
[  499.004450][   T42] usb 5-1: USB disconnect, device number 79
[  499.600921][T21924] syzkaller0: entered promiscuous mode
[  499.609377][T21924] syzkaller0: entered allmulticast mode
[  499.619810][T21929] netlink: 'syz.2.2809': attribute type 33 has an invalid length.
[  499.652163][T21929] netlink: 152 bytes leftover after parsing attributes in process `syz.2.2809'.
[  499.653538][T21924] tipc: Enabled bearer <eth:syzkaller0>, priority 0
[  499.698431][T21923] tipc: Resetting bearer <eth:syzkaller0>
[  499.761561][T21923] tipc: Disabling bearer <eth:syzkaller0>
[  500.159441][T21954] IPv6: Can't replace route, no match found
[  500.597517][T21959] netlink: 4 bytes leftover after parsing attributes in process `syz.2.2815'.
[  500.622357][T21959] batman_adv: batadv0: Interface deactivated: batadv_slave_1
[  500.729467][T21959] batman_adv: batadv0: Removing interface: batadv_slave_1
[  501.117869][T22001] fuse: Bad value for 'user_id'
[  501.129543][T22001] fuse: Bad value for 'user_id'
[  501.236606][T22003] netlink: 28 bytes leftover after parsing attributes in process `syz.0.2823'.
[  501.557654][ T1303] ieee802154 phy0 wpan0: encryption failed: -22
[  501.564401][ T1303] ieee802154 phy1 wpan1: encryption failed: -22
[  501.718812][T22019] netlink: 231 bytes leftover after parsing attributes in process `syz.4.2826'.
[  502.148850][T22026] netlink: 8 bytes leftover after parsing attributes in process `syz.4.2828'.
[  502.190790][  T149] wlan0: No active IBSS STAs - trying to scan for other IBSS networks with same SSID (merge)
[  502.496730][T22036] netlink: 'syz.4.2830': attribute type 9 has an invalid length.
[  502.876993][T22049] syzkaller1: entered promiscuous mode
[  502.894099][T22049] syzkaller1: entered allmulticast mode
[  502.906518][T22048] netlink: 4 bytes leftover after parsing attributes in process `syz.4.2833'.
[  503.140691][T22058] IPVS: wrr: UDP 224.0.0.2:0 - no destination available
[  503.169992][   T24] usb 6-1: new high-speed USB device number 70 using dummy_hcd
[  503.294120][T22101] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy
[  503.304525][T22101] misc raw-gadget: fail, usb_gadget_register_driver returned -16
[  503.332063][   T24] usb 6-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7
[  503.359722][   T24] usb 6-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0
[  503.391064][   T24] usb 6-1: New USB device found, idVendor=1e7d, idProduct=2cf6, bcdDevice= 0.00
[  503.416250][   T24] usb 6-1: New USB device strings: Mfr=4, Product=0, SerialNumber=0
[  503.434964][   T24] usb 6-1: Manufacturer: syz
[  503.456707][   T24] usb 6-1: config 0 descriptor??
[  503.459928][T22109] tipc: Started in network mode
[  503.478106][T22109] tipc: Node identity 9, cluster identity 2
[  503.485716][T22109] tipc: Node number set to 9
[  503.562189][T22114] syzkaller0: entered promiscuous mode
[  503.567936][T22114] syzkaller0: entered allmulticast mode
[  503.740419][  T979] usb 1-1: new high-speed USB device number 90 using dummy_hcd
[  503.881776][ T5950] usb 2-1: new high-speed USB device number 89 using dummy_hcd
[  503.904356][T22049] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy
[  503.913554][  T979] usb 1-1: Using ep0 maxpacket: 8
[  503.923397][T22049] misc raw-gadget: fail, usb_gadget_register_driver returned -16
[  503.931390][  T979] usb 1-1: config 0 has an invalid interface number: 186 but max is 0
[  503.942264][  T979] usb 1-1: config 0 has no interface number 0
[  503.948982][  T979] usb 1-1: config 0 interface 186 altsetting 0 has an invalid descriptor for endpoint zero, skipping
[  503.957846][   T24] usbhid 6-1:0.0: can't add hid device: -71
[  503.969044][  T979] usb 1-1: config 0 interface 186 altsetting 0 has an endpoint descriptor with address 0x9A, changing to 0x8A
[  503.982110][  T979] usb 1-1: config 0 interface 186 altsetting 0 endpoint 0x8A has an invalid bInterval 50, changing to 9
[  503.985799][   T24] usbhid 6-1:0.0: probe with driver usbhid failed with error -71
[  503.999639][  T979] usb 1-1: config 0 interface 186 altsetting 0 endpoint 0x8A has invalid maxpacket 26357, setting to 1024
[  504.015569][  T979] usb 1-1: config 0 interface 186 altsetting 0 has 4 endpoint descriptors, different from the interface descriptor's value: 3
[  504.035283][  T979] usb 1-1: New USB device found, idVendor=07c0, idProduct=1505, bcdDevice=b8.c5
[  504.054516][T22170] netlink: 'syz.4.2846': attribute type 5 has an invalid length.
[  504.063454][  T979] usb 1-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  504.072792][  T979] usb 1-1: Product: syz
[  504.077086][  T979] usb 1-1: Manufacturer: syz
[  504.077121][   T24] usb 6-1: USB disconnect, device number 70
[  504.082420][  T979] usb 1-1: SerialNumber: syz
[  504.097482][ T5950] usb 2-1: config 1 has an invalid descriptor of length 0, skipping remainder of the config
[  504.123679][  T979] usb 1-1: config 0 descriptor??
[  504.133067][T22109] raw-gadget.1 gadget.0: fail, usb_ep_enable returned -22
[  504.160418][ T5950] usb 2-1: config 1 has 1 interface, different from the descriptor's value: 3
[  504.187724][ T5950] usb 2-1: New USB device found, idVendor=08b7, idProduct=0000, bcdDevice= 0.00
[  504.197897][ T5950] usb 2-1: New USB device strings: Mfr=0, Product=0, SerialNumber=3
[  504.206399][ T5950] usb 2-1: SerialNumber: syz
[  504.452041][T22192] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy
[  504.468289][   T29] audit: type=1326 audit(1776237004.095:342): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=22127 comm="syz.1.2843" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fd02c59c819 code=0x7ffc0000
[  504.471076][T22192] misc raw-gadget: fail, usb_gadget_register_driver returned -16
[  504.537954][   T29] audit: type=1326 audit(1776237004.095:343): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=22127 comm="syz.1.2843" exe="/root/syz-executor" sig=0 arch=c000003e syscall=10 compat=0 ip=0x7fd02c59c819 code=0x7ffc0000
[  504.587279][   T29] audit: type=1326 audit(1776237004.095:344): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=22127 comm="syz.1.2843" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fd02c59c819 code=0x7ffc0000
[  504.600574][T22197] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy
[  504.615312][   T29] audit: type=1326 audit(1776237004.095:345): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=22127 comm="syz.1.2843" exe="/root/syz-executor" sig=0 arch=c000003e syscall=257 compat=0 ip=0x7fd02c55d04e code=0x7ffc0000
[  504.659840][T22197] misc raw-gadget: fail, usb_gadget_register_driver returned -16
[  504.738515][   T29] audit: type=1326 audit(1776237004.135:346): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=22127 comm="syz.1.2843" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fd02c59c819 code=0x7ffc0000
[  504.778532][   T29] audit: type=1326 audit(1776237004.135:347): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=22127 comm="syz.1.2843" exe="/root/syz-executor" sig=0 arch=c000003e syscall=16 compat=0 ip=0x7fd02c59c819 code=0x7ffc0000
[  504.812979][   T29] audit: type=1326 audit(1776237004.135:348): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=22127 comm="syz.1.2843" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fd02c59c819 code=0x7ffc0000
[  504.861975][   T29] audit: type=1326 audit(1776237004.135:349): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=22127 comm="syz.1.2843" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fd02c59c819 code=0x7ffc0000
[  504.886163][   T29] audit: type=1326 audit(1776237004.135:350): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=22127 comm="syz.1.2843" exe="/root/syz-executor" sig=0 arch=c000003e syscall=1 compat=0 ip=0x7fd02c59c819 code=0x7ffc0000
[  504.911705][   T29] audit: type=1326 audit(1776237004.165:351): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=22195 comm="syz.2.2850" exe="/root/syz-executor" sig=9 arch=c000003e syscall=231 compat=0 ip=0x7fe2d159c819 code=0x0
[  505.104150][ T5950] usb 2-1: 0:2 : does not exist
[  505.166331][ T5950] usb 2-1: USB disconnect, device number 89
[  505.218686][ T5815] udevd[5815]: error opening ATTR{/sys/devices/platform/dummy_hcd.1/usb2/2-1/2-1:1.0/sound/card3/controlC3/../uevent} for writing: No such file or directory
[  505.348197][T22244] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy
[  505.360973][T22244] misc raw-gadget: fail, usb_gadget_register_driver returned -16
[  506.136389][T22288] iommufd_mock iommufd_mock0: Adding to iommu group 0
[  506.350105][ T5950] usb 2-1: new high-speed USB device number 90 using dummy_hcd
[  506.441588][  T979] iowarrior 1-1:0.186: IOWarrior product=0x1505, serial= interface=186 now attached to iowarrior0
[  506.487582][  T979] usb 1-1: USB disconnect, device number 90
[  506.500417][ T5950] usb 2-1: Using ep0 maxpacket: 8
[  506.519283][ T5950] usb 2-1: New USB device found, idVendor=10c4, idProduct=8244, bcdDevice=dc.00
[  506.543692][ T5950] usb 2-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  506.550664][T22317] loop2: detected capacity change from 0 to 7
[  506.563632][ T5950] usb 2-1: Product: syz
[  506.573299][T22317] Dev loop2: unable to read RDB block 7
[  506.574768][ T5950] usb 2-1: Manufacturer: syz
[  506.587780][T22317]  loop2: AHDI p2 p3
[  506.598184][T22317] loop2: partition table partially beyond EOD, truncated
[  506.615639][ T5950] usb 2-1: SerialNumber: syz
[  506.633942][ T5950] usb 2-1: config 0 descriptor??
[  506.666257][ T5950] radio-usb-si4713 2-1:0.0: Si4713 development board discovered: (10C4:8244)
[  507.228642][   T50] Bluetooth: hci1: unexpected cc 0x0c03 length: 249 > 1
[  507.251836][   T50] Bluetooth: hci1: unexpected cc 0x1003 length: 249 > 9
[  507.263680][   T50] Bluetooth: hci1: unexpected cc 0x1001 length: 249 > 9
[  507.275092][   T50] Bluetooth: hci1: unexpected cc 0x0c23 length: 249 > 4
[  507.278065][T22282] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy
[  507.305779][   T50] Bluetooth: hci1: unexpected cc 0x0c38 length: 249 > 2
[  507.360198][  T979] usb 1-1: new high-speed USB device number 91 using dummy_hcd
[  507.368829][T22282] misc raw-gadget: fail, usb_gadget_register_driver returned -16
[  507.459796][ T5950] radio-usb-si4713 2-1:0.0: probe with driver radio-usb-si4713 failed with error -71
[  507.482566][ T5950] usbhid 2-1:0.0: couldn't find an input interrupt endpoint
[  507.503625][   T24] usb 3-1: USB disconnect, device number 45
[  507.541980][ T5950] usb 2-1: USB disconnect, device number 90
[  507.572547][  T979] usb 1-1: Using ep0 maxpacket: 32
[  507.584148][  T979] usb 1-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7
[  507.611613][  T979] usb 1-1: New USB device found, idVendor=1e7d, idProduct=2d51, bcdDevice= 0.00
[  507.628920][  T979] usb 1-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  507.649303][  T979] usb 1-1: config 0 descriptor??
[  507.782629][ T6567] netdevsim netdevsim2 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  507.804120][ T6567] netdevsim netdevsim2 netdevsim3 (unregistering): unset [1, 1] type 2 family 0 port 20000 - 0
[  508.105243][  T979] koneplus 0003:1E7D:2D51.001A: hidraw0: USB HID v0.00 Device [HID 1e7d:2d51] on usb-dummy_hcd.0-1/input0
[  508.152337][ T6567] netdevsim netdevsim2 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  508.163060][ T6567] netdevsim netdevsim2 netdevsim2 (unregistering): unset [1, 1] type 2 family 0 port 20000 - 0
[  508.270284][T22427] xt_socket: unknown flags 0xc
[  508.283725][  T979] koneplus 0003:1E7D:2D51.001A: couldn't init struct koneplus_device
[  508.311390][  T979] koneplus 0003:1E7D:2D51.001A: couldn't install mouse
[  508.371080][  T979] koneplus 0003:1E7D:2D51.001A: probe with driver koneplus failed with error -71
[  508.396044][  T979] usb 1-1: USB disconnect, device number 91
[  508.476377][ T6567] netdevsim netdevsim2 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  508.494004][ T6567] netdevsim netdevsim2 netdevsim1 (unregistering): unset [1, 1] type 2 family 0 port 20000 - 0
[  508.880353][ T6567] netdevsim netdevsim2 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  508.925127][ T6567] netdevsim netdevsim2 netdevsim0 (unregistering): unset [1, 1] type 2 family 0 port 20000 - 0
[  509.114864][T22365] chnl_net:caif_netlink_parms(): no params data found
[  509.370376][T22556] netlink: 4 bytes leftover after parsing attributes in process `syz.1.2884'.
[  509.390103][ T5147] Bluetooth: hci1: command tx timeout
[  509.698085][T22365] bridge0: port 1(bridge_slave_0) entered blocking state
[  509.708057][T22365] bridge0: port 1(bridge_slave_0) entered disabled state
[  509.717649][T22365] bridge_slave_0: entered allmulticast mode
[  509.744238][T22365] bridge_slave_0: entered promiscuous mode
[  510.188338][T22615] vhci_hcd vhci_hcd.0: pdev(0) rhport(0) sockfd(3)
[  510.195090][T22615] vhci_hcd vhci_hcd.0: devid(0) speed(1) speed_str(low-speed)
[  510.254654][T22615] vhci_hcd vhci_hcd.0: Device attached
[  510.395242][T22630] netlink: 'syz.4.2893': attribute type 13 has an invalid length.
[  510.511915][   T24] usb 1-1: new high-speed USB device number 92 using dummy_hcd
[  510.529986][ T5950] usb 33-1: new low-speed USB device number 2 using vhci_hcd
[  510.664965][ T6567] bond4 (unregistering): (slave geneve2): Releasing active interface
[  510.679951][   T24] usb 1-1: Using ep0 maxpacket: 16
[  510.692848][   T24] usb 1-1: config 0 has an invalid interface number: 41 but max is 0
[  510.709827][   T24] usb 1-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config
[  510.723272][ T6567] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface
[  510.731329][   T24] usb 1-1: config 0 has no interface number 0
[  510.738556][ T6567] bond_slave_0: left allmulticast mode
[  510.745902][   T24] usb 1-1: config 0 interface 41 altsetting 2 has an invalid descriptor for endpoint zero, skipping
[  510.757701][ T6567] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface
[  510.769981][   T24] usb 1-1: config 0 interface 41 altsetting 2 has 1 endpoint descriptor, different from the interface descriptor's value: 2
[  510.770541][ T6567] bond_slave_1: left allmulticast mode
[  510.791833][ T6567] bond0 (unregistering): (slave `): Releasing backup interface
[  510.800279][   T24] usb 1-1: config 0 interface 41 has no altsetting 0
[  510.807405][ T6567] `: left allmulticast mode
[  510.812762][ T6567] team_slave_0: left allmulticast mode
[  510.818622][ T6567] team_slave_1: left allmulticast mode
[  510.828417][   T24] usb 1-1: New USB device found, idVendor=0fe6, idProduct=9700, bcdDevice=d1.9a
[  510.838538][ T6567] bond0 (unregistering): (slave wlan1): Releasing backup interface
[  510.847978][   T24] usb 1-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  510.850909][ T6567] mac80211_hwsim hwsim3 wlan1: left allmulticast mode
[  510.860229][   T24] usb 1-1: Product: syz
[  510.876315][ T6567] bond0 (unregistering): Released all slaves
[  510.880273][   T24] usb 1-1: Manufacturer: syz
[  510.886954][   T24] usb 1-1: SerialNumber: syz
[  510.889157][ T6567] bond1 (unregistering): Released all slaves
[  510.905735][   T24] usb 1-1: config 0 descriptor??
[  510.919197][ T6567] bond2 (unregistering): Released all slaves
[  510.925719][   T24] sr9700 1-1:0.41: probe with driver sr9700 failed with error -22
[  510.968654][ T6567] bond3 (unregistering): Released all slaves
[  511.009168][ T6567] bond4 (unregistering): Released all slaves
[  511.043543][T22640] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy
[  511.054962][T22365] bridge0: port 2(bridge_slave_1) entered blocking state
[  511.063073][T22640] misc raw-gadget: fail, usb_gadget_register_driver returned -16
[  511.069319][T22365] bridge0: port 2(bridge_slave_1) entered disabled state
[  511.079153][T22365] bridge_slave_1: entered allmulticast mode
[  511.087465][T22365] bridge_slave_1: entered promiscuous mode
[  511.245415][T22615] sctp: [Deprecated]: syz.0.2892 (pid 22615) Use of struct sctp_assoc_value in delayed_ack socket option.
[  511.245415][T22615] Use struct sctp_sack_info instead
[  511.280395][   T24] usb 2-1: new high-speed USB device number 91 using dummy_hcd
[  511.327761][T22615] netlink: 'syz.0.2892': attribute type 3 has an invalid length.
[  511.336573][ T6567] tipc: Left network mode
[  511.342011][T22615] netlink: 622 bytes leftover after parsing attributes in process `syz.0.2892'.
[  511.379594][T22616] vhci_hcd: connection reset by peer
[  511.397187][ T5884] usb 1-1: USB disconnect, device number 92
[  511.411497][T22365] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link
[  511.430067][   T24] usb 2-1: device descriptor read/64, error -71
[  511.436758][ T1101] vhci_hcd vhci_hcd.0: stop threads
[  511.469415][T22365] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link
[  511.483539][ T1101] vhci_hcd vhci_hcd.0: release socket
[  511.484256][ T5147] Bluetooth: hci1: command tx timeout
[  511.489824][ T1101] vhci_hcd vhci_hcd.0: disconnect device
[  511.642917][T22365] team0: Port device team_slave_0 added
[  511.689441][T22365] team0: Port device team_slave_1 added
[  511.696813][T22697] netlink: 'syz.4.2896': attribute type 13 has an invalid length.
[  511.732105][   T24] usb 2-1: new high-speed USB device number 92 using dummy_hcd
[  511.829245][T22365] batman_adv: batadv0: Adding interface: batadv_slave_0
[  511.864053][T22365] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1532 would solve the problem.
[  511.893009][   T24] usb 2-1: device descriptor read/64, error -71
[  511.900934][T22365] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active
[  511.914621][T22365] batman_adv: batadv0: Adding interface: batadv_slave_1
[  511.961592][T22365] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1532 would solve the problem.
[  512.003918][T22365] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active
[  512.015843][   T24] usb usb2-port1: attempt power cycle
[  512.100366][T22697] netlink: 'syz.4.2896': attribute type 1 has an invalid length.
[  512.140740][T22697] netlink: 'syz.4.2896': attribute type 1 has an invalid length.
[  512.379967][   T24] usb 2-1: new high-speed USB device number 93 using dummy_hcd
[  512.411203][   T24] usb 2-1: device descriptor read/8, error -71
[  512.679981][   T24] usb 2-1: new high-speed USB device number 94 using dummy_hcd
[  512.722856][   T24] usb 2-1: device descriptor read/8, error -71
[  512.735360][T22365] hsr_slave_0: entered promiscuous mode
[  512.752959][T22365] hsr_slave_1: entered promiscuous mode
[  512.769790][T22365] debugfs: 'hsr0' already exists in 'hsr'
[  512.783737][T22365] Cannot create hsr debugfs directory
[  512.876100][   T24] usb usb2-port1: unable to enumerate USB device
[  513.074024][T22810] netlink: 'syz.4.2904': attribute type 13 has an invalid length.
[  513.210317][   T24] usb 6-1: new full-speed USB device number 71 using dummy_hcd
[  513.266128][T22810] netlink: 'syz.4.2904': attribute type 1 has an invalid length.
[  513.287070][T22810] netlink: 'syz.4.2904': attribute type 1 has an invalid length.
[  513.406436][   T24] usb 6-1: unable to get BOS descriptor or descriptor too short
[  513.426649][   T24] usb 6-1: not running at top speed; connect to a high speed hub
[  513.445368][   T24] usb 6-1: config 6 has an invalid interface number: 244 but max is 0
[  513.471212][   T24] usb 6-1: config 6 has no interface number 0
[  513.478043][   T24] usb 6-1: config 6 interface 244 has no altsetting 0
[  513.489629][   T24] usb 6-1: New USB device found, idVendor=045e, idProduct=007a, bcdDevice=2b.c3
[  513.509830][   T24] usb 6-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  513.519593][   T24] usb 6-1: Product: syz
[  513.525335][   T24] usb 6-1: Manufacturer: syz
[  513.538245][   T24] usb 6-1: SerialNumber: syz
[  513.543317][ T6567] hsr_slave_0: left promiscuous mode
[  513.552705][ T5147] Bluetooth: hci1: command tx timeout
[  513.564447][ T6567] hsr_slave_1: left promiscuous mode
[  513.580618][ T6567] batman_adv: batadv0: Removing interface: batadv_slave_0
[  513.619499][ T6567] veth1_macvtap: left promiscuous mode
[  513.625354][ T6567] veth0_macvtap: left promiscuous mode
[  513.634424][ T6567] veth1_vlan: left promiscuous mode
[  513.642581][ T6567] veth0_vlan: left promiscuous mode
[  514.126977][ T6567] ` (unregistering): Port device team_slave_1 removed
[  514.154092][ T6567] ` (unregistering): Port device team_slave_0 removed
[  514.348493][   T24] pegasus 6-1:6.244: Missing or invalid endpoints
[  514.383846][   T24] usb 6-1: USB disconnect, device number 71
[  514.675607][T22950] bond2 (unregistering): Released all slaves
[  514.894830][T23029] loop2: detected capacity change from 0 to 7
[  514.903090][T23029] Dev loop2: unable to read RDB block 7
[  514.909036][T23029]  loop2: AHDI p1 p2 p3
[  514.920095][T23029] loop2: partition table partially beyond EOD, truncated
[  514.937901][T23029] loop2: p1 start 1818582900 is beyond EOD, truncated
[  514.948650][T23029] loop2: p3 start 335544320 is beyond EOD, truncated
[  515.022082][ T6567] IPVS: stop unused estimator thread 0...
[  515.430873][T22690] usb 5-1: new high-speed USB device number 80 using dummy_hcd
[  515.591338][T22690] usb 5-1: Using ep0 maxpacket: 16
[  515.620813][ T5950] vhci_hcd vhci_hcd.0: vhci_device speed not set
[  515.629134][T22690] usb 5-1: config 0 has an invalid descriptor of length 1, skipping remainder of the config
[  515.652851][ T5147] Bluetooth: hci1: command tx timeout
[  515.658727][T22690] usb 5-1: config 0 interface 0 altsetting 0 has 0 endpoint descriptors, different from the interface descriptor's value: 1
[  515.735414][T22690] usb 5-1: New USB device found, idVendor=04d8, idProduct=00dd, bcdDevice= 0.00
[  515.764304][T22690] usb 5-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  515.801551][   T24] usb 6-1: new high-speed USB device number 72 using dummy_hcd
[  515.813113][T22690] usb 5-1: config 0 descriptor??
[  515.832238][T22690] usbhid 5-1:0.0: couldn't find an input interrupt endpoint
[  515.834058][T23083] netlink: 'syz.1.2917': attribute type 15 has an invalid length.
[  515.971368][   T24] usb 6-1: Using ep0 maxpacket: 32
[  515.982923][   T24] usb 6-1: config 0 interface 0 altsetting 128 endpoint 0x81 has an invalid bInterval 254, changing to 11
[  515.998747][   T24] usb 6-1: config 0 interface 0 has no altsetting 0
[  516.016626][   T24] usb 6-1: New USB device found, idVendor=17ef, idProduct=60b5, bcdDevice= 0.00
[  516.039734][   T24] usb 6-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  516.071860][   T24] usb 6-1: config 0 descriptor??
[  516.178034][T22365] netdevsim netdevsim2 netdevsim0: renamed from eth0
[  516.199152][T22365] netdevsim netdevsim2 netdevsim1: renamed from eth1
[  516.224921][T22365] netdevsim netdevsim2 netdevsim2: renamed from eth2
[  516.238574][T22365] netdevsim netdevsim2 netdevsim3: renamed from eth3
[  516.392121][T23115] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy
[  516.413118][T23115] misc raw-gadget: fail, usb_gadget_register_driver returned -16
[  516.515000][   T24] lenovo 0003:17EF:60B5.001B: unknown main item tag 0x0
[  516.533582][   T24] lenovo 0003:17EF:60B5.001B: unknown main item tag 0x0
[  516.549365][   T24] lenovo 0003:17EF:60B5.001B: unknown main item tag 0x0
[  516.563439][   T24] lenovo 0003:17EF:60B5.001B: unknown main item tag 0x0
[  516.571156][   T24] lenovo 0003:17EF:60B5.001B: unknown main item tag 0x0
[  516.584030][   T24] lenovo 0003:17EF:60B5.001B: unknown main item tag 0x0
[  516.607644][   T24] lenovo 0003:17EF:60B5.001B: unknown main item tag 0x0
[  516.612345][T22365] 8021q: adding VLAN 0 to HW filter on device bond0
[  516.615477][   T24] lenovo 0003:17EF:60B5.001B: unknown main item tag 0x0
[  516.651773][   T24] lenovo 0003:17EF:60B5.001B: unknown main item tag 0x0
[  516.655015][T22365] 8021q: adding VLAN 0 to HW filter on device team0
[  516.670175][   T24] lenovo 0003:17EF:60B5.001B: unknown main item tag 0x0
[  516.712297][ T1101] bridge0: port 1(bridge_slave_0) entered blocking state
[  516.719564][ T1101] bridge0: port 1(bridge_slave_0) entered forwarding state
[  516.733444][   T24] lenovo 0003:17EF:60B5.001B: hidraw0: USB HID v10.00 Device [HID 17ef:60b5] on usb-dummy_hcd.5-1/input0
[  516.768892][   T24] usb 6-1: USB disconnect, device number 72
[  516.775799][ T6567] bridge0: port 2(bridge_slave_1) entered blocking state
[  516.783073][ T6567] bridge0: port 2(bridge_slave_1) entered forwarding state
[  516.845958][   T29] kauditd_printk_skb: 3 callbacks suppressed
[  516.845976][   T29] audit: type=1800 audit(1776237016.475:355): pid=23144 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed comm="syz.0.2919" name="SYSV00000000" dev="tmpfs" ino=0 res=0 errno=0
[  516.974317][T23134] fido_id[23134]: Failed to open report descriptor at '/sys/devices/platform/dummy_hcd.5/usb6/report_descriptor': No such file or directory
[  517.106793][T22365] 8021q: adding VLAN 0 to HW filter on device batadv0
[  517.234452][T22365] veth0_vlan: entered promiscuous mode
[  517.276078][T22365] veth1_vlan: entered promiscuous mode
[  517.346990][T22365] veth0_macvtap: entered promiscuous mode
[  517.386794][T22365] veth1_macvtap: entered promiscuous mode
[  517.445416][T22365] batman_adv: batadv0: Interface activated: batadv_slave_0
[  517.489114][T22365] batman_adv: batadv0: Interface activated: batadv_slave_1
[  517.524961][ T6567] netdevsim netdevsim2 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0
[  517.546185][ T6567] netdevsim netdevsim2 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0
[  517.570053][ T6567] netdevsim netdevsim2 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0
[  517.585918][ T6567] netdevsim netdevsim2 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0
[  517.851464][   T48] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[  517.883178][   T48] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50
[  517.968538][ T1101] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[  517.996502][ T1101] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50
[  518.215213][T23185] binder: 23143:23185 ioctl c0306201 0 returned -14
[  518.522329][   T29] audit: type=1326 audit(1776237018.155:356): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=23143 comm="syz.0.2919" exe="/root/syz-executor" sig=9 arch=c000003e syscall=231 compat=0 ip=0x7f0b8c79c819 code=0x0
[  518.572256][   T24] usb 5-1: USB disconnect, device number 80
[  519.140053][   T24] usb 3-1: new high-speed USB device number 46 using dummy_hcd
[  519.323046][   T24] usb 3-1: New USB device found, idVendor=0cf3, idProduct=9374, bcdDevice=bc.3b
[  519.350585][   T24] usb 3-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  519.401299][   T24] usb 3-1: config 0 descriptor??
[  519.685155][T23245] macvlan0: entered allmulticast mode
[  519.693002][T23245] veth1_vlan: entered allmulticast mode
[  519.698779][   T29] audit: type=1400 audit(1776237019.325:357): apparmor="DENIED" operation="change_hat" class="file" info="unconfined can not change_hat" error=-1 profile="unconfined" pid=23219 comm="syz.2.2925"
[  519.726488][T23245] A link change request failed with some changes committed already. Interface macvlan0 may have been left with an inconsistent configuration, please check.
[  520.253155][T23259] IPv6: Can't replace route, no match found
[  520.317789][   T24] ath6kl: Failed to read usb control message: -71
[  520.363224][   T24] ath6kl: Unable to read the bmi data from the device: -71
[  520.399684][   T24] ath6kl: Unable to recv target info: -71
[  520.453403][T23267] FAULT_INJECTION: forcing a failure.
[  520.453403][T23267] name fail_usercopy, interval 1, probability 0, space 0, times 0
[  520.453674][   T24] ath6kl: Failed to init ath6kl core: -71
[  520.515895][T23267] CPU: 0 UID: 0 PID: 23267 Comm: syz.5.2931 Tainted: G             L      syzkaller #0 PREEMPT(full) 
[  520.515924][T23267] Tainted: [L]=SOFTLOCKUP
[  520.515930][T23267] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 03/18/2026
[  520.515940][T23267] Call Trace:
[  520.515947][T23267]  <TASK>
[  520.515955][T23267]  dump_stack_lvl+0xe8/0x150
[  520.515983][T23267]  should_fail_ex+0x412/0x560
[  520.516007][T23267]  _copy_from_user+0x2d/0xb0
[  520.516031][T23267]  ___sys_sendmsg+0x1c6/0x360
[  520.516050][T23267]  ? __lock_acquire+0x6b5/0x2cf0
[  520.516073][T23267]  ? __pfx____sys_sendmsg+0x10/0x10
[  520.516123][T23267]  ? __fget_files+0x2a/0x420
[  520.516141][T23267]  ? __fget_files+0x3a0/0x420
[  520.516166][T23267]  __x64_sys_sendmsg+0x1bd/0x2a0
[  520.516185][T23267]  ? __pfx___x64_sys_sendmsg+0x10/0x10
[  520.516207][T23267]  ? __pfx_ksys_write+0x10/0x10
[  520.516231][T23267]  ? entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  520.516250][T23267]  do_syscall_64+0x15f/0xf80
[  520.516267][T23267]  ? trace_irq_disable+0x3b/0x140
[  520.516284][T23267]  ? clear_bhb_loop+0x40/0x90
[  520.516305][T23267]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  520.516321][T23267] RIP: 0033:0x7f217cb9c819
[  520.516336][T23267] Code: ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 e8 ff ff ff f7 d8 64 89 01 48
[  520.516350][T23267] RSP: 002b:00007f217d9f4028 EFLAGS: 00000246 ORIG_RAX: 000000000000002e
[  520.516369][T23267] RAX: ffffffffffffffda RBX: 00007f217ce15fa0 RCX: 00007f217cb9c819
[  520.516382][T23267] RDX: 0000000000000000 RSI: 00002000000001c0 RDI: 0000000000000003
[  520.516393][T23267] RBP: 00007f217d9f4090 R08: 0000000000000000 R09: 0000000000000000
[  520.516403][T23267] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[  520.516413][T23267] R13: 00007f217ce16038 R14: 00007f217ce15fa0 R15: 00007f217cf3fa48
[  520.516440][T23267]  </TASK>
[  520.708649][   T24] ath6kl_usb 3-1:0.0: probe with driver ath6kl_usb failed with error -71
[  520.723080][   T24] usb 3-1: USB disconnect, device number 46
[  520.756040][T23271] netlink: 231 bytes leftover after parsing attributes in process `syz.4.2932'.
[  521.359967][ T5906] usb 6-1: new high-speed USB device number 73 using dummy_hcd
[  521.460011][ T5884] usb 3-1: new high-speed USB device number 47 using dummy_hcd
[  521.541182][ T5906] usb 6-1: Using ep0 maxpacket: 8
[  521.549339][ T5906] usb 6-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config
[  521.562185][ T5906] usb 6-1: config 0 interface 0 altsetting 0 endpoint 0x8D has an invalid bInterval 42, changing to 9
[  521.584942][ T5906] usb 6-1: config 0 interface 0 altsetting 0 endpoint 0x5 has invalid wMaxPacketSize 0
[  521.606392][ T5906] usb 6-1: config 0 interface 0 altsetting 0 bulk endpoint 0x5 has invalid maxpacket 0
[  521.624472][ T5884] usb 3-1: Using ep0 maxpacket: 8
[  521.627979][ T5906] usb 6-1: config 0 interface 0 altsetting 0 has 2 endpoint descriptors, different from the interface descriptor's value: 3
[  521.643451][ T5906] usb 6-1: New USB device found, idVendor=05ac, idProduct=8215, bcdDevice=8f.58
[  521.655800][ T5906] usb 6-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  521.656138][ T5884] usb 3-1: config index 0 descriptor too short (expected 6427, got 27)
[  521.669698][ T5906] usb 6-1: config 0 descriptor??
[  521.688757][ T5884] usb 3-1: config 0 has an invalid interface number: 21 but max is 0
[  521.715391][ T5884] usb 3-1: config 0 has no interface number 0
[  521.733967][ T5884] usb 3-1: config 0 interface 21 altsetting 0 has an endpoint descriptor with address 0xFF, changing to 0x8F
[  521.764165][ T5884] usb 3-1: config 0 interface 21 altsetting 0 endpoint 0x8F has an invalid bInterval 0, changing to 7
[  521.792959][ T5884] usb 3-1: config 0 interface 21 altsetting 0 endpoint 0x8F has invalid wMaxPacketSize 0
[  521.811235][ T5884] usb 3-1: New USB device found, idVendor=06cd, idProduct=0202, bcdDevice=92.d4
[  521.820706][ T5884] usb 3-1: New USB device strings: Mfr=31, Product=1, SerialNumber=0
[  521.829142][ T5884] usb 3-1: Product: syz
[  521.833746][ T5884] usb 3-1: Manufacturer: syz
[  521.844416][ T5884] usb 3-1: config 0 descriptor??
[  521.953545][T23325] netdevsim netdevsim0: Direct firmware load for ./file0 failed with error -2
[  521.964594][T23325] netdevsim netdevsim0: Falling back to sysfs fallback for: ./file0
[  521.981257][   T24] usb 6-1: USB disconnect, device number 73
[  522.055409][T23288] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy
[  522.070724][T23288] misc raw-gadget: fail, usb_gadget_register_driver returned -16
[  522.206277][ T5884] usb 3-1: USB disconnect, device number 47
[  522.216198][ T5147] Bluetooth: hci2: unexpected event for opcode 0x0c7c
[  522.581647][T23358] netlink: 28 bytes leftover after parsing attributes in process `syz.4.2945'.
[  522.608948][T23358] netlink: 28 bytes leftover after parsing attributes in process `syz.4.2945'.
[  522.980020][ T5884] usb 5-1: new high-speed USB device number 81 using dummy_hcd
[  523.149599][T23378] FAULT_INJECTION: forcing a failure.
[  523.149599][T23378] name fail_usercopy, interval 1, probability 0, space 0, times 0
[  523.169694][T23378] CPU: 1 UID: 0 PID: 23378 Comm: syz.1.2949 Tainted: G             L      syzkaller #0 PREEMPT(full) 
[  523.169713][T23378] Tainted: [L]=SOFTLOCKUP
[  523.169717][T23378] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 03/18/2026
[  523.169726][T23378] Call Trace:
[  523.169731][T23378]  <TASK>
[  523.169735][T23378]  dump_stack_lvl+0xe8/0x150
[  523.169753][T23378]  should_fail_ex+0x412/0x560
[  523.169768][T23378]  _copy_from_user+0x2d/0xb0
[  523.169783][T23378]  sctp_setsockopt+0x1c4/0x12c0
[  523.169794][T23378]  ? sock_common_setsockopt+0x36/0xc0
[  523.169809][T23378]  ? __pfx_sock_common_setsockopt+0x10/0x10
[  523.169823][T23378]  do_sock_setsockopt+0x17c/0x1b0
[  523.169835][T23378]  __x64_sys_setsockopt+0x13d/0x1b0
[  523.169845][T23378]  ? entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  523.169858][T23378]  do_syscall_64+0x15f/0xf80
[  523.169874][T23378]  ? trace_irq_disable+0x3b/0x140
[  523.169890][T23378]  ? clear_bhb_loop+0x40/0x90
[  523.169910][T23378]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  523.169925][T23378] RIP: 0033:0x7fd02c59c819
[  523.169941][T23378] Code: ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 e8 ff ff ff f7 d8 64 89 01 48
[  523.169955][T23378] RSP: 002b:00007fd02d50e028 EFLAGS: 00000246 ORIG_RAX: 0000000000000036
[  523.169975][T23378] RAX: ffffffffffffffda RBX: 00007fd02c815fa0 RCX: 00007fd02c59c819
[  523.169988][T23378] RDX: 0000000000000019 RSI: 0000000000000084 RDI: 0000000000000003
[  523.169997][T23378] RBP: 00007fd02d50e090 R08: 0000000000000008 R09: 0000000000000000
[  523.170007][T23378] R10: 0000200000000040 R11: 0000000000000246 R12: 0000000000000001
[  523.170018][T23378] R13: 00007fd02c816038 R14: 00007fd02c815fa0 R15: 00007fd02c93fa48
[  523.170038][T23378]  </TASK>
[  523.352184][ T5884] usb 5-1: New USB device found, idVendor=20b7, idProduct=1540, bcdDevice=b7.5a
[  523.361338][ T5884] usb 5-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  523.369472][ T5884] usb 5-1: Product: syz
[  523.373691][ T5884] usb 5-1: Manufacturer: syz
[  523.378347][ T5884] usb 5-1: SerialNumber: syz
[  523.384776][ T5884] usb 5-1: config 0 descriptor??
[  523.489994][   T24] usb 3-1: new high-speed USB device number 48 using dummy_hcd
[  523.640779][   T24] usb 3-1: Using ep0 maxpacket: 8
[  523.647974][   T24] usb 3-1: config 0 has an invalid interface number: 186 but max is 0
[  523.656832][   T24] usb 3-1: config 0 has no interface number 0
[  523.664868][   T24] usb 3-1: config 0 interface 186 altsetting 0 has an invalid descriptor for endpoint zero, skipping
[  523.716628][   T24] usb 3-1: config 0 interface 186 altsetting 0 endpoint 0x1 has invalid wMaxPacketSize 0
[  523.738834][   T24] usb 3-1: config 0 interface 186 altsetting 0 has an endpoint descriptor with address 0x9A, changing to 0x8A
[  523.771190][   T24] usb 3-1: config 0 interface 186 altsetting 0 endpoint 0x8A has an invalid bInterval 0, changing to 7
[  523.794268][ T5884] usb 5-1: Firmware version (0.0) predates our first public release.
[  523.806560][ T5884] usb 5-1: Please update to version 0.2 or newer
[  523.818359][   T24] usb 3-1: config 0 interface 186 altsetting 0 has 4 endpoint descriptors, different from the interface descriptor's value: 3
[  523.844704][ T5884] usb 5-1: Firmware: build 
[  523.880631][   T24] usb 3-1: New USB device found, idVendor=07c0, idProduct=1505, bcdDevice=b8.c5
[  523.906984][   T24] usb 3-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  523.931890][   T24] usb 3-1: Product: syz
[  523.940228][  T979] usb 6-1: new high-speed USB device number 74 using dummy_hcd
[  523.941371][   T24] usb 3-1: Manufacturer: syz
[  523.960902][   T24] usb 3-1: SerialNumber: syz
[  523.984693][   T24] usb 3-1: config 0 descriptor??
[  524.020139][ T5906] usb 2-1: new high-speed USB device number 95 using dummy_hcd
[  524.047954][T23364] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy
[  524.068033][T23364] misc raw-gadget: fail, usb_gadget_register_driver returned -16
[  524.120259][  T979] usb 6-1: device descriptor read/64, error -71
[  524.173814][ T5884] usb 5-1: USB disconnect, device number 81
[  524.179979][ T5906] usb 2-1: Using ep0 maxpacket: 32
[  524.203218][T23373] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy
[  524.247974][ T5906] usb 2-1: New USB device found, idVendor=05a9, idProduct=1550, bcdDevice=e4.bb
[  524.258003][T23373] misc raw-gadget: fail, usb_gadget_register_driver returned -16
[  524.266570][ T5906] usb 2-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  524.278904][ T5906] usb 2-1: Product: syz
[  524.288916][ T5906] usb 2-1: Manufacturer: syz
[  524.293739][ T5906] usb 2-1: SerialNumber: syz
[  524.301315][ T5906] usb 2-1: config 0 descriptor??
[  524.312253][ T5906] gspca_main: ov534_9-2.14.0 probing 05a9:1550
[  524.370595][  T979] usb 6-1: new high-speed USB device number 75 using dummy_hcd
[  524.380226][   T24] iowarrior 3-1:0.186: IOWarrior product=0x1505, serial= interface=186 now attached to iowarrior0
[  524.401700][   T24] usb 3-1: USB disconnect, device number 48
[  524.530035][  T979] usb 6-1: device descriptor read/64, error -71
[  524.640229][  T979] usb usb6-port1: attempt power cycle
[  524.749647][T23445] netlink: 'syz.4.2955': attribute type 10 has an invalid length.
[  524.915517][ T5906] gspca_ov534_9: reg_w failed -71
[  524.990102][  T979] usb 6-1: new high-speed USB device number 76 using dummy_hcd
[  525.021415][  T979] usb 6-1: device descriptor read/8, error -71
[  525.087976][T23462] xt_socket: unknown flags 0xc
[  525.231032][ T5906] gspca_ov534_9: Unknown sensor 0000
[  525.231120][ T5906] ov534_9 2-1:0.0: probe with driver ov534_9 failed with error -22
[  525.233174][T23470] vlan2: entered allmulticast mode
[  525.243849][ T5906] usb 2-1: USB disconnect, device number 95
[  525.256322][T23470] team0: entered allmulticast mode
[  525.261968][T23470] team_slave_0: entered allmulticast mode
[  525.268040][T23470] team_slave_1: entered allmulticast mode
[  525.271337][  T979] usb 6-1: new high-speed USB device number 77 using dummy_hcd
[  525.323346][  T979] usb 6-1: device descriptor read/8, error -71
[  525.440237][  T979] usb usb6-port1: unable to enumerate USB device
[  525.685865][   T29] audit: type=1800 audit(1776237025.315:358): pid=23500 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed(directio) comm="syz.4.2963" name="bus" dev="tmpfs" ino=3010 res=0 errno=0
[  525.810055][   T42] usb 2-1: new high-speed USB device number 96 using dummy_hcd
[  525.973088][   T42] usb 2-1: config 0 has an invalid interface number: 120 but max is 0
[  525.987502][   T42] usb 2-1: config 0 has no interface number 0
[  525.999787][   T42] usb 2-1: config 0 interface 120 altsetting 0 has an endpoint descriptor with address 0xCF, changing to 0x8F
[  526.017235][   T42] usb 2-1: config 0 interface 120 altsetting 0 bulk endpoint 0x8F has invalid maxpacket 83
[  526.027669][   T42] usb 2-1: New USB device found, idVendor=16e3, idProduct=f9e9, bcdDevice= 0.58
[  526.048513][   T42] usb 2-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  526.077947][   T42] usb 2-1: config 0 descriptor??
[  526.088977][T23493] raw-gadget.0 gadget.1: fail, usb_ep_enable returned -22
[  526.124827][   T42] input: USB Touchscreen 16e3:f9e9 as /devices/platform/dummy_hcd.1/usb2/2-1/2-1:0.120/input/input43
[  526.332703][    C1] usbtouchscreen 2-1:0.120: usbtouch_irq - usb_submit_urb failed with result: -1
[  526.375578][   T42] usb 2-1: USB disconnect, device number 96
[  527.017411][T23570] netlink: 'syz.1.2972': attribute type 10 has an invalid length.
[  527.039350][T23573] netlink: 4 bytes leftover after parsing attributes in process `syz.5.2973'.
[  527.646871][T23602] binder_alloc: 23589: binder_alloc_buf, no vma
[  527.672520][   T42] usb 6-1: new full-speed USB device number 78 using dummy_hcd
[  527.779958][  T979] usb 2-1: new full-speed USB device number 97 using dummy_hcd
[  527.820108][   T42] usb 6-1: device descriptor read/64, error -71
[  527.944069][  T979] usb 2-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0
[  527.964807][  T979] usb 2-1: New USB device found, idVendor=046d, idProduct=c31c, bcdDevice= 0.40
[  527.980114][  T979] usb 2-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  528.021099][  T979] usb 2-1: config 0 descriptor??
[  528.039825][  T979] hub 2-1:0.0: bad descriptor, ignoring hub
[  528.054946][  T979] hub 2-1:0.0: probe with driver hub failed with error -5
[  528.069766][  T979] usbhid 2-1:0.0: couldn't find an input interrupt endpoint
[  528.100699][   T42] usb 6-1: new full-speed USB device number 79 using dummy_hcd
[  528.243824][   T29] audit: type=1800 audit(1776237027.875:359): pid=23605 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed comm="syz.1.2980" name="SYSV00000000" dev="tmpfs" ino=3 res=0 errno=0
[  528.280461][   T42] usb 6-1: device descriptor read/64, error -71
[  528.320441][T23632] netlink: 36 bytes leftover after parsing attributes in process `syz.1.2980'.
[  528.351750][T23632] FAULT_INJECTION: forcing a failure.
[  528.351750][T23632] name failslab, interval 1, probability 0, space 0, times 0
[  528.385139][T23632] CPU: 1 UID: 0 PID: 23632 Comm: syz.1.2980 Tainted: G             L      syzkaller #0 PREEMPT(full) 
[  528.385168][T23632] Tainted: [L]=SOFTLOCKUP
[  528.385173][T23632] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 03/18/2026
[  528.385179][T23632] Call Trace:
[  528.385184][T23632]  <TASK>
[  528.385189][T23632]  dump_stack_lvl+0xe8/0x150
[  528.385208][T23632]  should_fail_ex+0x412/0x560
[  528.385226][T23632]  should_failslab+0xa8/0x100
[  528.385242][T23632]  __kmalloc_cache_noprof+0x88/0x660
[  528.385255][T23632]  ? call_usermodehelper_setup+0x8e/0x270
[  528.385271][T23632]  call_usermodehelper_setup+0x8e/0x270
[  528.385282][T23632]  ? __pfx_free_modprobe_argv+0x10/0x10
[  528.385297][T23632]  __request_module+0x3ba/0x630
[  528.385313][T23632]  ? __pfx___request_module+0x10/0x10
[  528.385327][T23632]  ? __pfx___mutex_unlock_slowpath+0x10/0x10
[  528.385347][T23632]  load_settype+0x3a/0xe0
[  528.385361][T23632]  ip_set_create+0x4d2/0x1a40
[  528.385373][T23632]  ? ip_set_create+0x4eb/0x1a40
[  528.385394][T23632]  ? __pfx_ip_set_create+0x10/0x10
[  528.385421][T23632]  nfnetlink_rcv_msg+0xc03/0x12c0
[  528.385434][T23632]  ? unwind_get_return_address+0x4d/0x90
[  528.385449][T23632]  ? nfnetlink_rcv_msg+0x22a/0x12c0
[  528.385476][T23632]  ? __pfx_nfnetlink_rcv_msg+0x10/0x10
[  528.385510][T23632]  netlink_rcv_skb+0x232/0x4b0
[  528.385528][T23632]  ? __pfx_nfnetlink_rcv_msg+0x10/0x10
[  528.385548][T23632]  ? __pfx_netlink_rcv_skb+0x10/0x10
[  528.385580][T23632]  ? bpf_lsm_capable+0x9/0x20
[  528.385603][T23632]  ? security_capable+0x7e/0x2c0
[  528.385623][T23632]  nfnetlink_rcv+0x2c0/0x27b0
[  528.385639][T23632]  ? __local_bh_enable_ip+0xd0/0x130
[  528.385652][T23632]  ? lockdep_hardirqs_on+0x7a/0x110
[  528.385663][T23632]  ? __dev_queue_xmit+0x277/0x3860
[  528.385674][T23632]  ? __local_bh_enable_ip+0xd0/0x130
[  528.385685][T23632]  ? __dev_queue_xmit+0x277/0x3860
[  528.385695][T23632]  ? __dev_queue_xmit+0x1e78/0x3860
[  528.385705][T23632]  ? do_syscall_64+0x15f/0xf80
[  528.385719][T23632]  ? __dev_queue_xmit+0x277/0x3860
[  528.385732][T23632]  ? __pfx_nfnetlink_rcv+0x10/0x10
[  528.385747][T23632]  ? __pfx___dev_queue_xmit+0x10/0x10
[  528.385761][T23632]  ? ref_tracker_free+0x693/0x840
[  528.385773][T23632]  ? __copy_skb_header+0xa3/0x4a0
[  528.385785][T23632]  ? __pfx_ref_tracker_free+0x10/0x10
[  528.385804][T23632]  ? skb_clone+0x246/0x3a0
[  528.385815][T23632]  ? __netlink_deliver_tap+0x807/0x850
[  528.385828][T23632]  ? netlink_deliver_tap+0x2e/0x1b0
[  528.385844][T23632]  ? netlink_deliver_tap+0x2e/0x1b0
[  528.385860][T23632]  netlink_unicast+0x80f/0x9b0
[  528.385876][T23632]  ? __pfx_netlink_unicast+0x10/0x10
[  528.385889][T23632]  ? netlink_sendmsg+0x650/0xb40
[  528.385901][T23632]  ? skb_put+0x11b/0x210
[  528.385911][T23632]  netlink_sendmsg+0x813/0xb40
[  528.385929][T23632]  ? __pfx_netlink_sendmsg+0x10/0x10
[  528.385943][T23632]  ? trace_contention_end+0x3d/0x140
[  528.385958][T23632]  ? aa_sock_msg_perm+0xf1/0x1b0
[  528.385969][T23632]  ? bpf_lsm_socket_sendmsg+0x9/0x20
[  528.385981][T23632]  ? __pfx_netlink_sendmsg+0x10/0x10
[  528.385995][T23632]  sock_sendmsg+0x3fb/0x450
[  528.386011][T23632]  ? __pfx_sock_sendmsg+0x10/0x10
[  528.386028][T23632]  ? __asan_memset+0x22/0x50
[  528.386039][T23632]  ? iov_iter_bvec+0xb8/0x180
[  528.386052][T23632]  splice_to_socket+0xae2/0x11f0
[  528.386073][T23632]  ? __pfx_splice_to_socket+0x10/0x10
[  528.386102][T23632]  ? bpf_lsm_file_permission+0x9/0x20
[  528.386115][T23632]  ? security_file_permission+0x75/0x260
[  528.386129][T23632]  ? rw_verify_area+0x255/0x4d0
[  528.386142][T23632]  ? __pfx_splice_to_socket+0x10/0x10
[  528.386152][T23632]  do_splice+0xee3/0x1910
[  528.386174][T23632]  ? __pfx_do_splice+0x10/0x10
[  528.386188][T23632]  __se_sys_splice+0x353/0x490
[  528.386202][T23632]  ? __pfx___se_sys_splice+0x10/0x10
[  528.386215][T23632]  ? __x64_sys_splice+0x21/0xf0
[  528.386227][T23632]  ? entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  528.386238][T23632]  do_syscall_64+0x15f/0xf80
[  528.386249][T23632]  ? clear_bhb_loop+0x40/0x90
[  528.386261][T23632]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  528.386270][T23632] RIP: 0033:0x7fd02c59c819
[  528.386281][T23632] Code: ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 e8 ff ff ff f7 d8 64 89 01 48
[  528.386289][T23632] RSP: 002b:00007fd02d4ed028 EFLAGS: 00000246 ORIG_RAX: 0000000000000113
[  528.386300][T23632] RAX: ffffffffffffffda RBX: 00007fd02c816090 RCX: 00007fd02c59c819
[  528.386308][T23632] RDX: 0000000000000006 RSI: 0000000000000000 RDI: 0000000000000003
[  528.386314][T23632] RBP: 00007fd02d4ed090 R08: 000000000004ffe6 R09: 8864000000000000
[  528.386320][T23632] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[  528.386326][T23632] R13: 00007fd02c816128 R14: 00007fd02c816090 R15: 00007fd02c93fa48
[  528.386341][T23632]  </TASK>
[  528.386680][T23632] Can't find ip_set type bitmap:por
[  528.609974][  T979] usb 5-1: new high-speed USB device number 82 using dummy_hcd
[  528.619991][   T42] usb usb6-port1: attempt power cycle
[  529.049968][  T979] usb 5-1: Using ep0 maxpacket: 16
[  529.065053][  T979] usb 5-1: New USB device found, idVendor=0db0, idProduct=5581, bcdDevice=f9.22
[  529.091249][  T979] usb 5-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  529.110224][  T979] usb 5-1: Product: syz
[  529.117601][  T979] usb 5-1: Manufacturer: syz
[  529.127780][  T979] usb 5-1: SerialNumber: syz
[  529.210616][   T42] usb 6-1: new full-speed USB device number 80 using dummy_hcd
[  529.238738][T23646] ip6gre1: entered promiscuous mode
[  529.244590][T23646] ip6gre1: entered allmulticast mode
[  529.251927][   T42] usb 6-1: device descriptor read/8, error -71
[  529.259911][ T1110] ip6_tunnel: ip6gre1 xmit: Local address not yet configured!
[  529.282136][ T5970] ip6_tunnel: ip6gre1 xmit: Local address not yet configured!
[  529.291593][ T1110] ip6_tunnel: ip6gre1 xmit: Local address not yet configured!
[  529.350623][ T5970] ip6_tunnel: ip6gre1 xmit: Local address not yet configured!
[  529.364915][  T979] usb 5-1: dvb_usb_v2: found a 'MSI Mega Sky 55801 DVB-T USB2.0' in warm state
[  529.388580][  T979] usb 5-1: dvb_usb_v2: will pass the complete MPEG2 transport stream to the software demuxer
[  529.400363][  T979] dvbdev: DVB: registering new adapter (MSI Mega Sky 55801 DVB-T USB2.0)
[  529.409097][  T979] usb 5-1: media controller created
[  529.431353][  T979] dvbdev: dvb_create_media_entity: media entity 'dvb-demux' registered.
[  529.439982][ T5884] usb 3-1: new full-speed USB device number 49 using dummy_hcd
[  529.470706][  T979] zl10353_read_register: readreg error (reg=127, ret==-71)
[  529.490200][   T42] usb 6-1: new full-speed USB device number 81 using dummy_hcd
[  529.513682][  T979] dvb_usb_gl861 5-1:157.0: probe with driver dvb_usb_gl861 failed with error -5
[  529.527002][  T979] usb 5-1: USB disconnect, device number 82
[  529.534400][   T42] usb 6-1: device descriptor read/8, error -71
[  529.570111][ T5884] usb 3-1: device descriptor read/64, error -71
[  529.660945][   T42] usb usb6-port1: unable to enumerate USB device
[  529.773143][T23683] tipc: Enabled bearer <eth:syzkaller0>, priority 0
[  529.820987][ T5884] usb 3-1: new full-speed USB device number 50 using dummy_hcd
[  529.960761][ T5884] usb 3-1: device descriptor read/64, error -71
[  529.998003][T23694] netlink: 'syz.4.2995': attribute type 9 has an invalid length.
[  530.030147][T22690] usb 1-1: new full-speed USB device number 93 using dummy_hcd
[  530.081065][ T5884] usb usb3-port1: attempt power cycle
[  530.160773][T22690] usb 1-1: device descriptor read/64, error -71
[  530.270277][  T979] ip6_tunnel: ip6gre1 xmit: Local address not yet configured!
[  530.336203][T23703] fuse: Bad value for 'fd'
[  530.409963][T22690] usb 1-1: new full-speed USB device number 94 using dummy_hcd
[  530.431492][ T5884] usb 3-1: new full-speed USB device number 51 using dummy_hcd
[  530.478605][ T5884] usb 3-1: device descriptor read/8, error -71
[  530.579975][T22690] usb 1-1: device descriptor read/64, error -71
[  530.661134][   T42] usb 2-1: USB disconnect, device number 97
[  530.681681][  T979] usb 5-1: new high-speed USB device number 83 using dummy_hcd
[  530.702158][T22690] usb usb1-port1: attempt power cycle
[  530.740894][ T5884] usb 3-1: new full-speed USB device number 52 using dummy_hcd
[  530.780658][ T5884] usb 3-1: device descriptor read/8, error -71
[  530.891379][  T979] usb 5-1: New USB device found, idVendor=2304, idProduct=023e, bcdDevice=d7.69
[  530.913998][ T5884] usb usb3-port1: unable to enumerate USB device
[  530.920702][  T979] usb 5-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  530.930299][  T979] usb 5-1: Product: syz
[  530.934961][  T979] usb 5-1: Manufacturer: syz
[  530.940803][  T979] usb 5-1: SerialNumber: syz
[  530.955305][  T979] usb 5-1: config 0 descriptor??
[  530.974031][  T979] hub 5-1:0.0: bad descriptor, ignoring hub
[  530.985328][  T979] hub 5-1:0.0: probe with driver hub failed with error -5
[  531.010946][ T5906] usb 2-1: new full-speed USB device number 98 using dummy_hcd
[  531.074478][T22690] usb 1-1: new full-speed USB device number 95 using dummy_hcd
[  531.100798][T22690] usb 1-1: device descriptor read/8, error -71
[  531.183460][ T5906] usb 2-1: config 16 interface 0 altsetting 0 endpoint 0x5 has invalid wMaxPacketSize 0
[  531.194494][  T979] dvb-usb: found a 'Pinnacle PCTV Hybrid Stick Solo' in warm state.
[  531.210915][ T5906] usb 2-1: config 16 interface 0 altsetting 0 has 2 endpoint descriptors, different from the interface descriptor's value: 3
[  531.231961][  T979] dvb-usb: will pass the complete MPEG2 transport stream to the software demuxer.
[  531.250096][ T5906] usb 2-1: New USB device found, idVendor=ee8d, idProduct=db1a, bcdDevice=61.23
[  531.270263][  T979] dvbdev: DVB: registering new adapter (Pinnacle PCTV Hybrid Stick Solo)
[  531.280114][ T5906] usb 2-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  531.288846][  T979] usb 5-1: media controller created
[  531.335916][  T979] dvbdev: dvb_create_media_entity: media entity 'dvb-demux' registered.
[  531.360402][T22690] usb 1-1: new full-speed USB device number 96 using dummy_hcd
[  531.415873][T22690] usb 1-1: device descriptor read/8, error -71
[  531.470951][  T979] DVB: Unable to find symbol dib7000p_attach()
[  531.484928][  T979] dvb-usb: no frontend was attached by 'Pinnacle PCTV Hybrid Stick Solo'
[  531.529342][T23719] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy
[  531.550417][T23719] misc raw-gadget: fail, usb_gadget_register_driver returned -16
[  531.561047][T22690] usb usb1-port1: unable to enumerate USB device
[  531.577153][ T5906] usb 2-1: GET_CAPABILITIES returned 0
[  531.594158][ T5906] usbtmc 2-1:16.0: can't read capabilities
[  531.609993][  T979] rc_core: IR keymap rc-dib0700-rc5 not found
[  531.633786][  T979] Registered IR keymap rc-empty
[  531.652216][  T979] dvb-usb: could not initialize remote control.
[  531.668558][  T979] dvb-usb: Pinnacle PCTV Hybrid Stick Solo successfully initialized and connected.
[  531.785939][  T979] usb 2-1: USB disconnect, device number 98
[  532.348959][T23789] FAULT_INJECTION: forcing a failure.
[  532.348959][T23789] name fail_usercopy, interval 1, probability 0, space 0, times 0
[  532.403493][T23789] CPU: 0 UID: 0 PID: 23789 Comm: syz.5.3007 Tainted: G             L      syzkaller #0 PREEMPT(full) 
[  532.403524][T23789] Tainted: [L]=SOFTLOCKUP
[  532.403533][T23789] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 03/18/2026
[  532.403542][T23789] Call Trace:
[  532.403547][T23789]  <TASK>
[  532.403552][T23789]  dump_stack_lvl+0xe8/0x150
[  532.403572][T23789]  should_fail_ex+0x412/0x560
[  532.403587][T23789]  _copy_to_user+0x31/0xb0
[  532.403602][T23789]  simple_read_from_buffer+0xe1/0x170
[  532.403616][T23789]  proc_fail_nth_read+0x1bb/0x230
[  532.403629][T23789]  ? __pfx_proc_fail_nth_read+0x10/0x10
[  532.403641][T23789]  ? rw_verify_area+0x2a6/0x4d0
[  532.403653][T23789]  ? __pfx_proc_fail_nth_read+0x10/0x10
[  532.403664][T23789]  vfs_read+0x20c/0xa70
[  532.403677][T23789]  ? __pfx___mutex_lock+0x10/0x10
[  532.403690][T23789]  ? __pfx_vfs_read+0x10/0x10
[  532.403702][T23789]  ? __fget_files+0x2a/0x420
[  532.403714][T23789]  ? __fget_files+0x3a0/0x420
[  532.403722][T23789]  ? __fget_files+0x2a/0x420
[  532.403736][T23789]  ksys_read+0x150/0x270
[  532.403748][T23789]  ? __pfx_ksys_read+0x10/0x10
[  532.403763][T23789]  ? entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  532.403774][T23789]  do_syscall_64+0x15f/0xf80
[  532.403784][T23789]  ? trace_irq_disable+0x3b/0x140
[  532.403795][T23789]  ? clear_bhb_loop+0x40/0x90
[  532.403807][T23789]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  532.403817][T23789] RIP: 0033:0x7f217cb5d04e
[  532.403827][T23789] Code: 08 0f 85 a5 a8 ff ff 49 89 fb 48 89 f0 48 89 d7 48 89 ce 4c 89 c2 4d 89 ca 4c 8b 44 24 08 4c 8b 4c 24 10 4c 89 5c 24 08 0f 05 <c3> 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 80 00 00 00 00 48 83 ec 08
[  532.403836][T23789] RSP: 002b:00007f217d9f3fe8 EFLAGS: 00000246 ORIG_RAX: 0000000000000000
[  532.403847][T23789] RAX: ffffffffffffffda RBX: 00007f217d9f46c0 RCX: 00007f217cb5d04e
[  532.403854][T23789] RDX: 000000000000000f RSI: 00007f217d9f40a0 RDI: 0000000000000004
[  532.403861][T23789] RBP: 00007f217d9f4090 R08: 0000000000000000 R09: 0000000000000000
[  532.403867][T23789] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[  532.403873][T23789] R13: 00007f217ce16038 R14: 00007f217ce15fa0 R15: 00007f217cf3fa48
[  532.403895][T23789]  </TASK>
[  532.783127][T23792] netlink: 8 bytes leftover after parsing attributes in process `syz.1.3008'.
[  532.849030][T23682] tipc: Disabling bearer <eth:syzkaller0>
[  533.025105][T23821] PKCS7: Unknown OID: [4] 5.25.287.112.81.102.117.87.150326315.2007.15776.1
[  533.047894][T23821] PKCS7: Only support pkcs7_signedData type
[  533.070077][    C0] ip6_tunnel: ip6gre1 xmit: Local address not yet configured!
[  533.420520][T22690] usb 1-1: new high-speed USB device number 97 using dummy_hcd
[  533.570287][T22690] usb 1-1: device descriptor read/64, error -71
[  533.821094][T22690] usb 1-1: new high-speed USB device number 98 using dummy_hcd
[  533.979961][T22690] usb 1-1: device descriptor read/64, error -71
[  534.115475][T22690] usb usb1-port1: attempt power cycle
[  534.190098][   T13] wlan0: No active IBSS STAs - trying to scan for other IBSS networks with same SSID (merge)
[  534.240292][ T5884] usb 5-1: USB disconnect, device number 83
[  534.471659][ T5884] dvb-usb: Pinnacle PCTV Hybrid Stick Solo successfully deinitialized and disconnected.
[  534.490402][T22690] usb 1-1: new high-speed USB device number 99 using dummy_hcd
[  534.530978][T22690] usb 1-1: device descriptor read/8, error -71
[  534.584150][T23925] loop2: detected capacity change from 0 to 7
[  534.599349][T23925] Dev loop2: unable to read RDB block 7
[  534.624200][T23925]  loop2: AHDI p1 p2 p3
[  534.638303][T23925] loop2: partition table partially beyond EOD, truncated
[  534.674405][T23925] loop2: p1 start 1818582900 is beyond EOD, truncated
[  534.684049][T23925] loop2: p3 start 335544320 is beyond EOD, truncated
[  534.815923][T23938] netlink: 4 bytes leftover after parsing attributes in process `syz.2.3019'.
[  534.820022][T22690] usb 1-1: new high-speed USB device number 100 using dummy_hcd
[  534.861183][T22690] usb 1-1: device descriptor read/8, error -71
[  534.980551][T22690] usb usb1-port1: unable to enumerate USB device
[  535.087078][T23953] netlink: 4 bytes leftover after parsing attributes in process `syz.2.3023'.
[  535.332219][T23974] netlink: 36 bytes leftover after parsing attributes in process `syz.5.3027'.
[  535.353347][T23975] netlink: 'syz.1.3028': attribute type 2 has an invalid length.
[  535.368355][T23975] netlink: 16 bytes leftover after parsing attributes in process `syz.1.3028'.
[  535.391369][T23975] netlink: 'syz.1.3028': attribute type 2 has an invalid length.
[  535.406422][T23975] netlink: 16 bytes leftover after parsing attributes in process `syz.1.3028'.
[  535.501958][T23989] netlink: 231 bytes leftover after parsing attributes in process `syz.1.3031'.
[  535.609958][   T42] usb 3-1: new high-speed USB device number 53 using dummy_hcd
[  535.771914][   T42] usb 3-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7
[  535.817123][   T42] usb 3-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0
[  535.850652][   T42] usb 3-1: New USB device found, idVendor=256c, idProduct=006d, bcdDevice= 0.00
[  535.880677][   T42] usb 3-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  535.913669][   T42] usb 3-1: config 0 descriptor??
[  536.502180][T24015] netlink: 8 bytes leftover after parsing attributes in process `syz.0.3036'.
[  536.540147][T24015] netlink: 8 bytes leftover after parsing attributes in process `syz.0.3036'.
[  536.618344][   T50] Bluetooth: hci3: unexpected cc 0x0c03 length: 249 > 1
[  536.633695][   T50] Bluetooth: hci3: unexpected cc 0x1003 length: 249 > 9
[  536.645970][   T50] Bluetooth: hci3: unexpected cc 0x1001 length: 249 > 9
[  536.662168][   T50] Bluetooth: hci3: unexpected cc 0x0c23 length: 249 > 4
[  536.671899][   T50] Bluetooth: hci3: unexpected cc 0x0c38 length: 249 > 2
[  536.770050][T22690] usb 6-1: new high-speed USB device number 82 using dummy_hcd
[  536.899944][   T42] usbhid 3-1:0.0: can't add hid device: -71
[  536.900041][   T42] usbhid 3-1:0.0: probe with driver usbhid failed with error -71
[  536.912157][   T42] usb 3-1: USB disconnect, device number 53
[  536.931510][T22690] usb 6-1: Using ep0 maxpacket: 32
[  536.936778][T22690] usb 6-1: config 0 has no interfaces?
[  536.945286][T22690] usb 6-1: New USB device found, idVendor=17ef, idProduct=7203, bcdDevice=2e.36
[  536.945319][T22690] usb 6-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  536.945339][T22690] usb 6-1: Product: syz
[  536.945355][T22690] usb 6-1: Manufacturer: syz
[  536.945370][T22690] usb 6-1: SerialNumber: syz
[  537.068116][T22690] usb 6-1: config 0 descriptor??
[  537.077031][ T5885] IPVS: starting estimator thread 0...
[  537.170249][T24062] IPVS: using max 59 ests per chain, 141600 per kthread
[  537.899964][  T979] usb 1-1: new full-speed USB device number 101 using dummy_hcd
[  538.073387][   T80] netdevsim netdevsim1 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  538.136992][T24027] chnl_net:caif_netlink_parms(): no params data found
[  538.449273][   T80] netdevsim netdevsim1 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  538.471423][T24173] IPv6: Can't replace route, no match found
[  538.750049][ T5147] Bluetooth: hci3: command tx timeout
[  538.881039][   T80] netdevsim netdevsim1 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  538.901061][T22690] usb 5-1: new full-speed USB device number 84 using dummy_hcd
[  539.062163][T22690] usb 5-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0
[  539.117175][T22690] usb 5-1: New USB device found, idVendor=046d, idProduct=c31c, bcdDevice= 0.40
[  539.140521][T22690] usb 5-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  539.168209][   T80] netdevsim netdevsim1 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  539.196130][T22690] usb 5-1: config 0 descriptor??
[  539.314971][T22690] hub 5-1:0.0: bad descriptor, ignoring hub
[  539.330960][T22690] hub 5-1:0.0: probe with driver hub failed with error -5
[  539.370914][T24027] bridge0: port 1(bridge_slave_0) entered blocking state
[  539.383081][T22690] usbhid 5-1:0.0: couldn't find an input interrupt endpoint
[  539.414320][T24027] bridge0: port 1(bridge_slave_0) entered disabled state
[  539.427550][   T29] audit: type=1800 audit(1776237039.055:360): pid=24175 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed comm="syz.4.3044" name="SYSV00000000" dev="tmpfs" ino=4 res=0 errno=0
[  539.461971][T24027] bridge_slave_0: entered allmulticast mode
[  539.490847][T24027] bridge_slave_0: entered promiscuous mode
[  539.509759][T24027] bridge0: port 2(bridge_slave_1) entered blocking state
[  539.545755][T24027] bridge0: port 2(bridge_slave_1) entered disabled state
[  539.566968][T24228] netlink: 36 bytes leftover after parsing attributes in process `syz.4.3044'.
[  539.595690][T24027] bridge_slave_1: entered allmulticast mode
[  539.623606][T24027] bridge_slave_1: entered promiscuous mode
[  539.657475][T24232] program syz.2.3047 is using a deprecated SCSI ioctl, please convert it to SG_IO
[  539.675559][T24228] FAULT_INJECTION: forcing a failure.
[  539.675559][T24228] name failslab, interval 1, probability 0, space 0, times 0
[  539.689788][T24228] CPU: 0 UID: 0 PID: 24228 Comm: syz.4.3044 Tainted: G             L      syzkaller #0 PREEMPT(full) 
[  539.689821][T24228] Tainted: [L]=SOFTLOCKUP
[  539.689828][T24228] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 03/18/2026
[  539.689839][T24228] Call Trace:
[  539.689845][T24228]  <TASK>
[  539.689853][T24228]  dump_stack_lvl+0xe8/0x150
[  539.689880][T24228]  should_fail_ex+0x412/0x560
[  539.689904][T24228]  should_failslab+0xa8/0x100
[  539.689928][T24228]  kmem_cache_alloc_node_noprof+0x8f/0x690
[  539.689949][T24228]  ? __alloc_skb+0x1d0/0x7d0
[  539.689971][T24228]  ? __local_bh_enable_ip+0xd0/0x130
[  539.689994][T24228]  __alloc_skb+0x1d0/0x7d0
[  539.690017][T24228]  ? netlink_ack_tlv_len+0x6c/0x210
[  539.690041][T24228]  netlink_ack+0x146/0xa50
[  539.690062][T24228]  ? trace_sched_exit_tp+0x3a/0x130
[  539.690099][T24228]  netlink_rcv_skb+0x2b6/0x4b0
[  539.690123][T24228]  ? __pfx_nfnetlink_rcv_msg+0x10/0x10
[  539.690147][T24228]  ? __pfx_netlink_rcv_skb+0x10/0x10
[  539.690181][T24228]  ? bpf_lsm_capable+0x9/0x20
[  539.690204][T24228]  ? security_capable+0x7e/0x2c0
[  539.690226][T24228]  nfnetlink_rcv+0x2c0/0x27b0
[  539.690249][T24228]  ? preempt_schedule_common+0x82/0xd0
[  539.690269][T24228]  ? preempt_schedule_thunk+0x16/0x30
[  539.690289][T24228]  ? __local_bh_enable_ip+0xe1/0x130
[  539.690307][T24228]  ? __dev_queue_xmit+0x277/0x3860
[  539.690325][T24228]  ? __dev_queue_xmit+0x1e78/0x3860
[  539.690342][T24228]  ? do_syscall_64+0x15f/0xf80
[  539.690374][T24228]  ? __dev_queue_xmit+0x277/0x3860
[  539.690396][T24228]  ? __pfx_nfnetlink_rcv+0x10/0x10
[  539.690415][T24228]  ? __lock_acquire+0x6b5/0x2cf0
[  539.690440][T24228]  ? __pfx___dev_queue_xmit+0x10/0x10
[  539.690465][T24228]  ? ref_tracker_free+0x693/0x840
[  539.690482][T24228]  ? __copy_skb_header+0xa3/0x4a0
[  539.690516][T24228]  ? _raw_spin_unlock_irqrestore+0x30/0x80
[  539.690545][T24228]  ? lockdep_hardirqs_on+0x7a/0x110
[  539.690562][T24228]  ? _raw_spin_unlock_irqrestore+0x4c/0x80
[  539.690587][T24228]  ? rcu_preempt_deferred_qs_irqrestore+0x7b9/0xbc0
[  539.690621][T24228]  netlink_unicast+0x80f/0x9b0
[  539.690650][T24228]  ? __pfx_netlink_unicast+0x10/0x10
[  539.690673][T24228]  ? netlink_sendmsg+0x650/0xb40
[  539.690695][T24228]  ? skb_put+0x11b/0x210
[  539.690713][T24228]  netlink_sendmsg+0x813/0xb40
[  539.690745][T24228]  ? __pfx_netlink_sendmsg+0x10/0x10
[  539.690770][T24228]  ? trace_contention_end+0x3d/0x140
[  539.690789][T24228]  ? aa_sock_msg_perm+0xf1/0x1b0
[  539.690806][T24228]  ? bpf_lsm_socket_sendmsg+0x9/0x20
[  539.690823][T24228]  ? __pfx_netlink_sendmsg+0x10/0x10
[  539.690841][T24228]  sock_sendmsg+0x3fb/0x450
[  539.690863][T24228]  ? __pfx_sock_sendmsg+0x10/0x10
[  539.690889][T24228]  ? __asan_memset+0x22/0x50
[  539.690906][T24228]  ? iov_iter_bvec+0xb8/0x180
[  539.690928][T24228]  splice_to_socket+0xae2/0x11f0
[  539.690966][T24228]  ? __pfx_splice_to_socket+0x10/0x10
[  539.691018][T24228]  ? bpf_lsm_file_permission+0x9/0x20
[  539.691040][T24228]  ? security_file_permission+0x75/0x260
[  539.691062][T24228]  ? rw_verify_area+0x255/0x4d0
[  539.691081][T24228]  ? __pfx_splice_to_socket+0x10/0x10
[  539.691098][T24228]  do_splice+0xee3/0x1910
[  539.691136][T24228]  ? __pfx_do_splice+0x10/0x10
[  539.691163][T24228]  __se_sys_splice+0x353/0x490
[  539.691188][T24228]  ? __pfx___se_sys_splice+0x10/0x10
[  539.691213][T24228]  ? __x64_sys_splice+0x21/0xf0
[  539.691231][T24228]  ? entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  539.691251][T24228]  do_syscall_64+0x15f/0xf80
[  539.691269][T24228]  ? trace_irq_disable+0x3b/0x140
[  539.691286][T24228]  ? clear_bhb_loop+0x40/0x90
[  539.691308][T24228]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  539.691326][T24228] RIP: 0033:0x7fd59df9c819
[  539.691343][T24228] Code: ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 e8 ff ff ff f7 d8 64 89 01 48
[  539.691360][T24228] RSP: 002b:00007fd59edd1028 EFLAGS: 00000246 ORIG_RAX: 0000000000000113
[  539.691387][T24228] RAX: ffffffffffffffda RBX: 00007fd59e216090 RCX: 00007fd59df9c819
[  539.691401][T24228] RDX: 0000000000000006 RSI: 0000000000000000 RDI: 0000000000000003
[  539.691412][T24228] RBP: 00007fd59edd1090 R08: 000000000004ffe6 R09: 8864000000000000
[  539.691423][T24228] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[  539.691434][T24228] R13: 00007fd59e216128 R14: 00007fd59e216090 R15: 00007fd59e33fa48
[  539.691463][T24228]  </TASK>
[  540.309982][ T5970] usb 3-1: new full-speed USB device number 54 using dummy_hcd
[  540.528720][ T5906] usb 6-1: USB disconnect, device number 82
[  540.548068][  T979] usb 1-1: unable to get BOS descriptor or descriptor too short
[  540.559268][  T979] usb 1-1: unable to read config index 0 descriptor/start: -71
[  540.568224][  T979] usb 1-1: can't read configurations, error -71
[  540.590266][    C0] ip6_tunnel: ip6gre1 xmit: Local address not yet configured!
[  540.708749][T24260] netlink: 20 bytes leftover after parsing attributes in process `syz.5.3048'.
[  540.830145][ T5147] Bluetooth: hci3: command tx timeout
[  540.858830][   T80] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface
[  540.868448][   T80] bond_slave_0: left allmulticast mode
[  540.876290][   T80] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface
[  540.887574][   T80] bond_slave_1: left allmulticast mode
[  540.894345][   T80] bond0 (unregistering): Released all slaves
[  540.906581][   T80] bond1 (unregistering): Released all slaves
[  541.011858][T24027] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link
[  541.023069][   T80] tipc: Left network mode
[  541.071645][T24027] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link
[  541.286936][T24027] team0: Port device team_slave_0 added
[  541.307306][T24027] team0: Port device team_slave_1 added
[  541.545929][T24027] batman_adv: batadv0: Adding interface: batadv_slave_0
[  541.577311][T24027] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1532 would solve the problem.
[  541.654042][T24027] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active
[  541.791814][T24027] batman_adv: batadv0: Adding interface: batadv_slave_1
[  541.801417][T24027] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1532 would solve the problem.
[  541.852286][  T979] usb 5-1: USB disconnect, device number 84
[  541.865163][T24027] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active
[  541.870171][T24367] xt_socket: unknown flags 0xc
[  541.920968][   T80] mac80211_hwsim hwsim7 wlan0 (unregistering): left promiscuous mode
[  542.184742][   T80] batadv0: left promiscuous mode
[  542.263835][   T80] hsr_slave_0: left promiscuous mode
[  542.266393][T24406] netlink: 20 bytes leftover after parsing attributes in process `syz.2.3058'.
[  542.279107][   T80] hsr_slave_1: left promiscuous mode
[  542.294972][   T80] batman_adv: batadv0: Interface deactivated: batadv_slave_0
[  542.303347][   T80] batman_adv: batadv0: Removing interface: batadv_slave_0
[  542.313690][   T80] batman_adv: batadv0: Interface deactivated: batadv_slave_1
[  542.321987][   T80] batman_adv: batadv0: Removing interface: batadv_slave_1
[  542.345404][   T80] veth1_macvtap: left promiscuous mode
[  542.362183][   T80] veth0_macvtap: left promiscuous mode
[  542.380120][   T80] veth1_vlan: left allmulticast mode
[  542.387264][   T80] veth0_vlan: left promiscuous mode
[  542.532231][   T80] pim6reg (unregistering): left allmulticast mode
[  542.534812][T24414] netlink: 8 bytes leftover after parsing attributes in process `syz.0.3061'.
[  542.815018][   T80] team0 (unregistering): Port device team_slave_1 removed
[  542.833597][   T80] team0 (unregistering): Port device team_slave_0 removed
[  542.910172][ T5147] Bluetooth: hci3: command tx timeout
[  543.000169][T24027] hsr_slave_0: entered promiscuous mode
[  543.008797][T24027] hsr_slave_1: entered promiscuous mode
[  543.174942][T24436] netlink: 12 bytes leftover after parsing attributes in process `syz.5.3063'.
[  543.185978][T24434] netlink: 36 bytes leftover after parsing attributes in process `syz.2.3062'.
[  543.313362][ T5970] ip6_tunnel: ip6gre1 xmit: Local address not yet configured!
[  543.443698][T24451] vhci_hcd: Failed attach request for unsupported USB speed: UNKNOWN
[  543.499667][T24464] FAULT_INJECTION: forcing a failure.
[  543.499667][T24464] name fail_usercopy, interval 1, probability 0, space 0, times 0
[  543.522444][T24464] CPU: 0 UID: 0 PID: 24464 Comm: syz.0.3068 Tainted: G             L      syzkaller #0 PREEMPT(full) 
[  543.522473][T24464] Tainted: [L]=SOFTLOCKUP
[  543.522479][T24464] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 03/18/2026
[  543.522506][T24464] Call Trace:
[  543.522514][T24464]  <TASK>
[  543.522521][T24464]  dump_stack_lvl+0xe8/0x150
[  543.522550][T24464]  should_fail_ex+0x412/0x560
[  543.522575][T24464]  _copy_from_iter+0x1d3/0x1670
[  543.522599][T24464]  ? rcu_is_watching+0x15/0xb0
[  543.522628][T24464]  ? __pfx__copy_from_iter+0x10/0x10
[  543.522655][T24464]  ? netlink_sendmsg+0x650/0xb40
[  543.522678][T24464]  ? skb_put+0x11b/0x210
[  543.522697][T24464]  netlink_sendmsg+0x6c0/0xb40
[  543.522726][T24464]  ? __pfx_netlink_sendmsg+0x10/0x10
[  543.522748][T24464]  ? aa_sock_msg_perm+0xf1/0x1b0
[  543.522768][T24464]  ? bpf_lsm_socket_sendmsg+0x9/0x20
[  543.522791][T24464]  ____sys_sendmsg+0x972/0x9f0
[  543.522808][T24464]  ? __might_fault+0xaf/0x130
[  543.522831][T24464]  ? __pfx_____sys_sendmsg+0x10/0x10
[  543.522854][T24464]  ? import_iovec+0x73/0xa0
[  543.522876][T24464]  ___sys_sendmsg+0x2a5/0x360
[  543.522890][T24464]  ? __lock_acquire+0x6b5/0x2cf0
[  543.522913][T24464]  ? __pfx____sys_sendmsg+0x10/0x10
[  543.522953][T24464]  ? __fget_files+0x2a/0x420
[  543.522968][T24464]  ? __fget_files+0x3a0/0x420
[  543.522990][T24464]  __x64_sys_sendmsg+0x1bd/0x2a0
[  543.523009][T24464]  ? __pfx___x64_sys_sendmsg+0x10/0x10
[  543.523032][T24464]  ? __pfx_ksys_write+0x10/0x10
[  543.523058][T24464]  ? entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  543.523077][T24464]  do_syscall_64+0x15f/0xf80
[  543.523094][T24464]  ? trace_irq_disable+0x3b/0x140
[  543.523110][T24464]  ? clear_bhb_loop+0x40/0x90
[  543.523129][T24464]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  543.523146][T24464] RIP: 0033:0x7f0b8c79c819
[  543.523162][T24464] Code: ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 e8 ff ff ff f7 d8 64 89 01 48
[  543.523177][T24464] RSP: 002b:00007f0b8d708028 EFLAGS: 00000246 ORIG_RAX: 000000000000002e
[  543.523196][T24464] RAX: ffffffffffffffda RBX: 00007f0b8ca15fa0 RCX: 00007f0b8c79c819
[  543.523209][T24464] RDX: 0000000000000000 RSI: 00002000000000c0 RDI: 0000000000000004
[  543.523220][T24464] RBP: 00007f0b8d708090 R08: 0000000000000000 R09: 0000000000000000
[  543.523232][T24464] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[  543.523242][T24464] R13: 00007f0b8ca16038 R14: 00007f0b8ca15fa0 R15: 00007f0b8cb3fa48
[  543.523262][T24464]  </TASK>
[  543.944044][T22690] usb 3-1: new high-speed USB device number 55 using dummy_hcd
[  544.006373][T24543] netlink: 28 bytes leftover after parsing attributes in process `syz.0.3071'.
[  544.137191][   T80] IPVS: stop unused estimator thread 0...
[  544.147102][T22690] usb 3-1: Using ep0 maxpacket: 16
[  544.183076][T22690] usb 3-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7
[  544.250162][T22690] usb 3-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0
[  544.261154][T22690] usb 3-1: New USB device found, idVendor=146b, idProduct=0902, bcdDevice= 0.00
[  544.270430][  T979] ip6_tunnel: ip6gre1 xmit: Local address not yet configured!
[  544.271330][T22690] usb 3-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  544.392761][T22690] usb 3-1: config 0 descriptor??
[  544.604380][T24574] raw_sendmsg: syz.4.3075 forgot to set AF_INET. Fix it!
[  544.818934][T22690] bigben 0003:146B:0902.001C: unexpected rdesc, please submit for review
[  544.844276][T22690] hid_parser_main: 20 callbacks suppressed
[  544.844314][T22690] bigben 0003:146B:0902.001C: unknown main item tag 0x0
[  544.875680][T22690] bigben 0003:146B:0902.001C: unknown main item tag 0x0
[  544.892966][T22690] bigben 0003:146B:0902.001C: unknown main item tag 0x0
[  544.907146][T22690] bigben 0003:146B:0902.001C: unknown main item tag 0x0
[  544.933013][T22690] bigben 0003:146B:0902.001C: unknown main item tag 0x0
[  544.983790][T22690] bigben 0003:146B:0902.001C: hidraw0: USB HID v0.00 Device [HID 146b:0902] on usb-dummy_hcd.2-1/input0
[  544.990139][ T5147] Bluetooth: hci3: command tx timeout
[  545.063736][T22690] bigben 0003:146B:0902.001C: missing HID_OUTPUT_REPORT 0
[  545.111075][T22690] bigben 0003:146B:0902.001C: no output report found
[  545.132699][T24601] netlink: 'syz.0.3076': attribute type 9 has an invalid length.
[  545.180094][T24595] ==================================================================
[  545.188212][T24595] BUG: KASAN: slab-use-after-free in report_descriptor_read+0xb5/0x100
[  545.196468][T24595] Read of size 5 at addr ffff88806de2b160 by task fido_id/24595
[  545.204087][T24595] 
[  545.206405][T24595] CPU: 0 UID: 0 PID: 24595 Comm: fido_id Tainted: G             L      syzkaller #0 PREEMPT(full) 
[  545.206421][T24595] Tainted: [L]=SOFTLOCKUP
[  545.206426][T24595] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 03/18/2026
[  545.206432][T24595] Call Trace:
[  545.206437][T24595]  <TASK>
[  545.206442][T24595]  dump_stack_lvl+0xe8/0x150
[  545.206461][T24595]  print_report+0xba/0x230
[  545.206473][T24595]  ? report_descriptor_read+0xb5/0x100
[  545.206487][T24595]  kasan_report+0x117/0x150
[  545.206502][T24595]  ? report_descriptor_read+0xb5/0x100
[  545.206516][T24595]  kasan_check_range+0x264/0x2c0
[  545.206528][T24595]  ? report_descriptor_read+0xb5/0x100
[  545.206541][T24595]  __asan_memcpy+0x29/0x70
[  545.206551][T24595]  report_descriptor_read+0xb5/0x100
[  545.206565][T24595]  ? __pfx_sysfs_kf_bin_read+0x10/0x10
[  545.206573][T24595]  kernfs_fop_read_iter+0x451/0x6b0
[  545.206588][T24595]  vfs_read+0x582/0xa70
[  545.206601][T24595]  ? __pfx_vfs_read+0x10/0x10
[  545.206611][T24595]  ? do_sys_openat2+0x14c/0x200
[  545.206620][T24595]  ? kmem_cache_free+0x180/0x630
[  545.206631][T24595]  ? fd_install+0x94/0x3d0
[  545.206642][T24595]  ksys_read+0x150/0x270
[  545.206653][T24595]  ? __pfx_ksys_read+0x10/0x10
[  545.206664][T24595]  ? entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  545.206674][T24595]  do_syscall_64+0x15f/0xf80
[  545.206686][T24595]  ? trace_irq_disable+0x3b/0x140
[  545.206695][T24595]  ? clear_bhb_loop+0x40/0x90
[  545.206706][T24595]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  545.206716][T24595] RIP: 0033:0x7f87efaa7407
[  545.206726][T24595] Code: 48 89 fa 4c 89 df e8 38 aa 00 00 8b 93 08 03 00 00 59 5e 48 83 f8 fc 74 1a 5b c3 0f 1f 84 00 00 00 00 00 48 8b 44 24 10 0f 05 <5b> c3 0f 1f 80 00 00 00 00 83 e2 39 83 fa 08 75 de e8 23 ff ff ff
[  545.206735][T24595] RSP: 002b:00007fffc828c610 EFLAGS: 00000202 ORIG_RAX: 0000000000000000
[  545.206746][T24595] RAX: ffffffffffffffda RBX: 00007f87f0172880 RCX: 00007f87efaa7407
[  545.206753][T24595] RDX: 0000000000001000 RSI: 00007fffc828c660 RDI: 0000000000000004
[  545.206759][T24595] RBP: 0000556dcd3b5730 R08: 0000000000000000 R09: 0000000000000000
[  545.206766][T24595] R10: 0000000000000000 R11: 0000000000000202 R12: 0000556dcd3b4930
[  545.206772][T24595] R13: 00007fffc828c660 R14: 0000000000000004 R15: 0000556da29664d8
[  545.206781][T24595]  </TASK>
[  545.206785][T24595] 
[  545.430569][T24595] Allocated by task 22690:
[  545.435054][T24595]  kasan_save_track+0x3e/0x80
[  545.439819][T24595]  __kasan_kmalloc+0x93/0xb0
[  545.444420][T24595]  __kmalloc_node_track_caller_noprof+0x4db/0x7b0
[  545.450855][T24595]  kmemdup_noprof+0x2b/0x70
[  545.455372][T24595]  hid_open_report+0x216/0xf00
[  545.460125][T24595]  bigben_probe+0xbc/0x7f0
[  545.464627][T24595]  hid_device_probe+0x416/0x7a0
[  545.469479][T24595]  really_probe+0x267/0xaf0
[  545.473982][T24595]  __driver_probe_device+0x18c/0x320
[  545.479301][T24595]  driver_probe_device+0x4f/0x240
[  545.484368][T24595]  __device_attach_driver+0x279/0x430
[  545.489735][T24595]  bus_for_each_drv+0x258/0x2f0
[  545.494586][T24595]  __device_attach+0x2c5/0x450
[  545.499354][T24595]  device_initial_probe+0xa1/0xd0
[  545.504490][T24595]  bus_probe_device+0x12a/0x220
[  545.509343][T24595]  device_add+0x7b6/0xb70
[  545.513685][T24595]  hid_add_device+0x272/0x3e0
[  545.518361][T24595]  usbhid_probe+0xe3a/0x12f0
[  545.522945][T24595]  usb_probe_interface+0x659/0xc70
[  545.528133][T24595]  really_probe+0x267/0xaf0
[  545.532717][T24595]  __driver_probe_device+0x18c/0x320
[  545.538070][T24595]  driver_probe_device+0x4f/0x240
[  545.543101][T24595]  __device_attach_driver+0x279/0x430
[  545.548467][T24595]  bus_for_each_drv+0x258/0x2f0
[  545.553608][T24595]  __device_attach+0x2c5/0x450
[  545.558887][T24595]  device_initial_probe+0xa1/0xd0
[  545.564001][T24595]  bus_probe_device+0x12a/0x220
[  545.568942][T24595]  device_add+0x7b6/0xb70
[  545.573367][T24595]  usb_set_configuration+0x1a87/0x2110
[  545.579260][T24595]  usb_generic_driver_probe+0x8d/0x150
[  545.584713][T24595]  usb_probe_device+0x1c4/0x3b0
[  545.589554][T24595]  really_probe+0x267/0xaf0
[  545.594060][T24595]  __driver_probe_device+0x18c/0x320
[  545.599343][T24595]  driver_probe_device+0x4f/0x240
[  545.604383][T24595]  __device_attach_driver+0x279/0x430
[  545.609757][T24595]  bus_for_each_drv+0x258/0x2f0
[  545.614693][T24595]  __device_attach+0x2c5/0x450
[  545.619540][T24595]  device_initial_probe+0xa1/0xd0
[  545.624743][T24595]  bus_probe_device+0x12a/0x220
[  545.629625][T24595]  device_add+0x7b6/0xb70
[  545.634019][T24595]  usb_new_device+0xa08/0x16f0
[  545.638876][T24595]  hub_event+0x2a1c/0x4f30
[  545.643324][T24595]  process_scheduled_works+0xb5d/0x1860
[  545.648865][T24595]  worker_thread+0xa53/0xfc0
[  545.653550][T24595]  kthread+0x388/0x470
[  545.657636][T24595]  ret_from_fork+0x514/0xb70
[  545.662218][T24595]  ret_from_fork_asm+0x1a/0x30
[  545.667004][T24595] 
[  545.669320][T24595] Freed by task 22690:
[  545.673472][T24595]  kasan_save_track+0x3e/0x80
[  545.678162][T24595]  kasan_save_free_info+0x46/0x50
[  545.683268][T24595]  __kasan_slab_free+0x5c/0x80
[  545.688030][T24595]  kfree+0x1c1/0x620
[  545.691921][T24595]  hid_close_report+0x632/0x720
[  545.696771][T24595]  hid_device_probe+0x659/0x7a0
[  545.701737][T24595]  really_probe+0x267/0xaf0
[  545.706247][T24595]  __driver_probe_device+0x18c/0x320
[  545.711550][T24595]  driver_probe_device+0x4f/0x240
[  545.716572][T24595]  __device_attach_driver+0x279/0x430
[  545.721941][T24595]  bus_for_each_drv+0x258/0x2f0
[  545.726781][T24595]  __device_attach+0x2c5/0x450
[  545.731617][T24595]  device_initial_probe+0xa1/0xd0
[  545.736641][T24595]  bus_probe_device+0x12a/0x220
[  545.741569][T24595]  device_add+0x7b6/0xb70
[  545.746117][T24595]  hid_add_device+0x272/0x3e0
[  545.750806][T24595]  usbhid_probe+0xe3a/0x12f0
[  545.755394][T24595]  usb_probe_interface+0x659/0xc70
[  545.760495][T24595]  really_probe+0x267/0xaf0
[  545.765158][T24595]  __driver_probe_device+0x18c/0x320
[  545.770444][T24595]  driver_probe_device+0x4f/0x240
[  545.775725][T24595]  __device_attach_driver+0x279/0x430
[  545.781077][T24595]  bus_for_each_drv+0x258/0x2f0
[  545.785923][T24595]  __device_attach+0x2c5/0x450
[  545.790731][T24595]  device_initial_probe+0xa1/0xd0
[  545.795745][T24595]  bus_probe_device+0x12a/0x220
[  545.800609][T24595]  device_add+0x7b6/0xb70
[  545.804935][T24595]  usb_set_configuration+0x1a87/0x2110
[  545.810384][T24595]  usb_generic_driver_probe+0x8d/0x150
[  545.815961][T24595]  usb_probe_device+0x1c4/0x3b0
[  545.820828][T24595]  really_probe+0x267/0xaf0
[  545.825318][T24595]  __driver_probe_device+0x18c/0x320
[  545.830585][T24595]  driver_probe_device+0x4f/0x240
[  545.835591][T24595]  __device_attach_driver+0x279/0x430
[  545.841046][T24595]  bus_for_each_drv+0x258/0x2f0
[  545.845891][T24595]  __device_attach+0x2c5/0x450
[  545.850768][T24595]  device_initial_probe+0xa1/0xd0
[  545.855837][T24595]  bus_probe_device+0x12a/0x220
[  545.860700][T24595]  device_add+0x7b6/0xb70
[  545.865118][T24595]  usb_new_device+0xa08/0x16f0
[  545.870162][T24595]  hub_event+0x2a1c/0x4f30
[  545.874673][T24595]  process_scheduled_works+0xb5d/0x1860
[  545.880206][T24595]  worker_thread+0xa53/0xfc0
[  545.884981][T24595]  kthread+0x388/0x470
[  545.889030][T24595]  ret_from_fork+0x514/0xb70
[  545.893602][T24595]  ret_from_fork_asm+0x1a/0x30
[  545.898441][T24595] 
[  545.900758][T24595] The buggy address belongs to the object at ffff88806de2b160
[  545.900758][T24595]  which belongs to the cache kmalloc-8 of size 8
[  545.914550][T24595] The buggy address is located 0 bytes inside of
[  545.914550][T24595]  freed 8-byte region [ffff88806de2b160, ffff88806de2b168)
[  545.928162][T24595] 
[  545.930654][T24595] The buggy address belongs to the physical page:
[  545.937168][T24595] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x6de2b
[  545.946015][T24595] flags: 0xfff00000000000(node=0|zone=1|lastcpupid=0x7ff)
[  545.953122][T24595] page_type: f5(slab)
[  545.957090][T24595] raw: 00fff00000000000 ffff88813fea5500 dead000000000100 dead000000000122
[  545.965653][T24595] raw: 0000000000000000 0000000800800080 00000000f5000000 0000000000000000
[  545.974599][T24595] page dumped because: kasan: bad access detected
[  545.981201][T24595] page_owner tracks the page as allocated
[  545.986929][T24595] page last allocated via order 0, migratetype Unmovable, gfp_mask 0xd2c00(GFP_NOIO|__GFP_NOWARN|__GFP_NORETRY|__GFP_COMP|__GFP_NOMEMALLOC), pid 5899, tgid 5899 (kworker/0:4), ts 86536757302, free_ts 86525127926
[  546.007706][T24595]  post_alloc_hook+0x231/0x280
[  546.012651][T24595]  get_page_from_freelist+0x24dc/0x2580
[  546.018286][T24595]  __alloc_frozen_pages_noprof+0x18d/0x380
[  546.024115][T24595]  allocate_slab+0x77/0x660
[  546.028620][T24595]  refill_objects+0x331/0x3c0
[  546.033304][T24595]  __pcs_replace_empty_main+0x2e6/0x730
[  546.039014][T24595]  __kmalloc_cache_noprof+0x392/0x660
[  546.044393][T24595]  usb_control_msg+0x73/0x3e0
[  546.049090][T24595]  snd_usb_ctl_msg+0xea/0x190
[  546.053750][T24595]  get_ctl_value+0x354/0xcc0
[  546.058329][T24595]  snd_usb_get_cur_mix_value+0x13c/0x4c0
[  546.063940][T24595]  get_min_max_with_quirks+0x1999/0x3050
[  546.069566][T24595]  __build_feature_ctl+0xc35/0x1a00
[  546.074844][T24595]  parse_audio_unit+0x2796/0x3eb0
[  546.079881][T24595]  snd_usb_create_mixer+0x119c/0x2890
[  546.085469][T24595]  usb_audio_probe+0x189e/0x2350
[  546.090518][T24595] page last free pid 5906 tgid 5906 stack trace:
[  546.097128][T24595]  __free_frozen_pages+0xc2b/0xdb0
[  546.102238][T24595]  vfree+0x25a/0x400
[  546.106311][T24595]  delayed_vfree_work+0x55/0x80
[  546.111158][T24595]  process_scheduled_works+0xb5d/0x1860
[  546.116725][T24595]  worker_thread+0xa53/0xfc0
[  546.121322][T24595]  kthread+0x388/0x470
[  546.125387][T24595]  ret_from_fork+0x514/0xb70
[  546.129968][T24595]  ret_from_fork_asm+0x1a/0x30
[  546.134719][T24595] 
[  546.137027][T24595] Memory state around the buggy address:
[  546.142636][T24595]  ffff88806de2b000: fa fc fc fc 05 fc fc fc fa fc fc fc 05 fc fc fc
[  546.150682][T24595]  ffff88806de2b080: fa fc fc fc 06 fc fc fc 05 fc fc fc fa fc fc fc
[  546.158867][T24595] >ffff88806de2b100: 05 fc fc fc fa fc fc fc 05 fc fc fc fa fc fc fc
[  546.166928][T24595]                                                        ^
[  546.174321][T24595]  ffff88806de2b180: 07 fc fc fc fa fc fc fc 05 fc fc fc fa fc fc fc
[  546.182454][T24595]  ffff88806de2b200: fa fc fc fc fa fc fc fc fa fc fc fc fa fc fc fc
[  546.190676][T24595] ==================================================================
[  546.263280][T22690] usb 3-1: USB disconnect, device number 55
[  546.476726][T24595] Kernel panic - not syncing: KASAN: panic_on_warn set ...
[  546.484403][T24595] CPU: 0 UID: 0 PID: 24595 Comm: fido_id Tainted: G             L      syzkaller #0 PREEMPT(full) 
[  546.495189][T24595] Tainted: [L]=SOFTLOCKUP
[  546.499547][T24595] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 03/18/2026
[  546.509735][T24595] Call Trace:
[  546.513020][T24595]  <TASK>
[  546.515998][T24595]  vpanic+0x56c/0xa60
[  546.519997][T24595]  ? __pfx_vpanic+0x10/0x10
[  546.524611][T24595]  ? __pfx___schedule+0x10/0x10
[  546.529475][T24595]  panic+0xc5/0xd0
[  546.533210][T24595]  ? __pfx_panic+0x10/0x10
[  546.537637][T24595]  ? preempt_schedule_thunk+0x16/0x30
[  546.543011][T24595]  ? report_descriptor_read+0xb5/0x100
[  546.548485][T24595]  check_panic_on_warn+0x89/0xb0
[  546.553517][T24595]  ? report_descriptor_read+0xb5/0x100
[  546.559095][T24595]  end_report+0x73/0x170
[  546.563373][T24595]  ? report_descriptor_read+0xb5/0x100
[  546.568856][T24595]  kasan_report+0x128/0x150
[  546.573404][T24595]  ? report_descriptor_read+0xb5/0x100
[  546.578888][T24595]  kasan_check_range+0x264/0x2c0
[  546.583818][T24595]  ? report_descriptor_read+0xb5/0x100
[  546.589272][T24595]  __asan_memcpy+0x29/0x70
[  546.593766][T24595]  report_descriptor_read+0xb5/0x100
[  546.599108][T24595]  ? __pfx_sysfs_kf_bin_read+0x10/0x10
[  546.604591][T24595]  kernfs_fop_read_iter+0x451/0x6b0
[  546.609797][T24595]  vfs_read+0x582/0xa70
[  546.613945][T24595]  ? __pfx_vfs_read+0x10/0x10
[  546.618613][T24595]  ? do_sys_openat2+0x14c/0x200
[  546.623570][T24595]  ? kmem_cache_free+0x180/0x630
[  546.628539][T24595]  ? fd_install+0x94/0x3d0
[  546.632961][T24595]  ksys_read+0x150/0x270
[  546.637200][T24595]  ? __pfx_ksys_read+0x10/0x10
[  546.641970][T24595]  ? entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  546.648028][T24595]  do_syscall_64+0x15f/0xf80
[  546.652690][T24595]  ? trace_irq_disable+0x3b/0x140
[  546.657704][T24595]  ? clear_bhb_loop+0x40/0x90
[  546.662371][T24595]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  546.668253][T24595] RIP: 0033:0x7f87efaa7407
[  546.672659][T24595] Code: 48 89 fa 4c 89 df e8 38 aa 00 00 8b 93 08 03 00 00 59 5e 48 83 f8 fc 74 1a 5b c3 0f 1f 84 00 00 00 00 00 48 8b 44 24 10 0f 05 <5b> c3 0f 1f 80 00 00 00 00 83 e2 39 83 fa 08 75 de e8 23 ff ff ff
[  546.692348][T24595] RSP: 002b:00007fffc828c610 EFLAGS: 00000202 ORIG_RAX: 0000000000000000
[  546.700957][T24595] RAX: ffffffffffffffda RBX: 00007f87f0172880 RCX: 00007f87efaa7407
[  546.708920][T24595] RDX: 0000000000001000 RSI: 00007fffc828c660 RDI: 0000000000000004
[  546.716876][T24595] RBP: 0000556dcd3b5730 R08: 0000000000000000 R09: 0000000000000000
[  546.724839][T24595] R10: 0000000000000000 R11: 0000000000000202 R12: 0000556dcd3b4930
[  546.732892][T24595] R13: 00007fffc828c660 R14: 0000000000000004 R15: 0000556da29664d8
[  546.740954][T24595]  </TASK>
[  546.744428][T24595] Kernel Offset: disabled
[  546.748742][T24595] Rebooting in 86400 seconds..