last executing test programs:

33m3.798225477s ago: executing program 2 (id=3299):
sendmsg$nl_generic(0xffffffffffffffff, &(0x7f0000000180)={0x0, 0x0, &(0x7f0000000140)={&(0x7f00000001c0)=ANY=[], 0x18}, 0x1, 0x0, 0x0, 0x4008}, 0x0)
socket(0xa, 0x3, 0x3a)
socketpair$unix(0x1, 0x3, 0x0, &(0x7f0000000080)={<r0=>0xffffffffffffffff, <r1=>0xffffffffffffffff})
connect$unix(r0, &(0x7f000057eff8)=@abs, 0x6e)
sendmmsg$unix(r1, 0x0, 0x0, 0x0)
recvmmsg(r0, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
sched_setattr(0x0, &(0x7f0000000280)={0x38, 0x0, 0x0, 0x8001, 0x0, 0x9, 0x0, 0xfffffe0000000001, 0xfa11, 0xffffffff}, 0x0)
syz_open_dev$video(0x0, 0x1d24, 0x23635de98487b93e)
ioctl$SNDCTL_DSP_SPEED(0xffffffffffffffff, 0xc0045002, &(0x7f00000001c0))
ioctl$SNDCTL_DSP_SETFMT(0xffffffffffffffff, 0xc0045005, &(0x7f0000000580)=0x10)
recvmmsg(0xffffffffffffffff, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
r2 = socket(0x10, 0x3, 0x0)
r3 = openat$tun(0xffffffffffffff9c, &(0x7f0000000240), 0x0, 0x0)
ioctl$TUNSETIFF(r3, 0x400454ca, &(0x7f0000000040)={'syzkaller0\x00', 0x7101})
r4 = socket(0x400000000010, 0x3, 0x0)
ioctl$sock_SIOCGIFINDEX(r4, 0x8933, &(0x7f0000000100)={'syzkaller0\x00', <r5=>0x0})
sendmsg$nl_route_sched(r4, &(0x7f00000012c0)={0x0, 0x0, &(0x7f0000000000)={&(0x7f00000005c0)=@newqdisc={0x38, 0x24, 0x4ee4e6a52ff56541, 0x70bd2a, 0xffffffff, {0x0, 0x0, 0x0, r5, {0x0, 0x1}, {0xffff, 0xffff}, {0x0, 0x9}}, [@qdisc_kind_options=@q_multiq={{0xb}, {0x8, 0x2, {0x1, 0x8}}}]}, 0x38}}, 0x0)
sendmsg$nl_route_sched(r2, &(0x7f0000000580)={0x0, 0x0, &(0x7f0000000300)={&(0x7f0000000340)=@newtfilter={0x50, 0x2c, 0xd27, 0x30bd29, 0x25dfdbfd, {0x0, 0x0, 0x0, r5, {0x0, 0xa}, {}, {0x10, 0x10}}, [@filter_kind_options=@f_flow={{0x9}, {0x20, 0x2, [@TCA_FLOW_EMATCHES={0x1c, 0xb, 0x0, 0x1, [@TCA_EMATCH_TREE_HDR={0x8, 0x1, {0x401}}, @TCA_EMATCH_TREE_LIST={0x10, 0x2, 0x0, 0x1, [@TCF_EM_META={0x16, 0x1, 0x0, 0x0, {{0x7, 0x4, 0x9}}}]}]}]}}]}, 0x50}, 0x1, 0x0, 0x0, 0x20048084}, 0x2008c010)

33m2.785180742s ago: executing program 2 (id=3305):
r0 = socket$packet(0x11, 0x3, 0x300)
setsockopt$SO_ATTACH_FILTER(r0, 0x1, 0x1a, &(0x7f0000000100)={0x1, &(0x7f0000000040)=[{0x16}]}, 0x10)
setsockopt$packet_fanout(r0, 0x107, 0x12, &(0x7f0000000000)={0x0, 0x8000}, 0x4)
r1 = socket$inet_udp(0x2, 0x2, 0x0)
bind$inet(r1, &(0x7f0000000240)={0x2, 0x0, @dev={0xac, 0x14, 0x14, 0x3c}}, 0x10)
sendmmsg$inet(r1, &(0x7f0000000ec0)=[{{&(0x7f0000000080)={0x2, 0x4e25, @multicast2}, 0x10, 0x0}}], 0x1, 0x2000c044)
sendto$inet(r1, &(0x7f0000000c80)="e8", 0x6200, 0x88050000, 0x0, 0xc805)

33m2.218062206s ago: executing program 2 (id=3307):
r0 = socket$inet(0x2, 0x4000000000000001, 0x0)
setsockopt$inet_tcp_TCP_CONGESTION(r0, 0x6, 0xd, &(0x7f00000000c0)='dctcp', 0x5)
sendto$inet(r0, 0x0, 0x0, 0x200007fd, &(0x7f0000e68000)={0x2, 0x4e23, @initdev={0xac, 0x1e, 0x1, 0x0}}, 0x10)
r1 = socket$nl_generic(0x10, 0x3, 0x10)
syz_genetlink_get_family_id$nl80211(&(0x7f0000000080), 0xffffffffffffffff)
ioctl$sock_SIOCGIFINDEX_80211(r1, 0x8933, &(0x7f00000000c0)={'wlan0\x00', <r2=>0x0})
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000240)={<r3=>0xffffffffffffffff})
socketpair$unix(0x1, 0x3, 0x0, &(0x7f0000000080)={<r4=>0xffffffffffffffff, <r5=>0xffffffffffffffff})
connect$unix(r4, &(0x7f000057eff8)=@abs, 0x6e)
sendmmsg$unix(r5, &(0x7f00000bd000), 0x318, 0x0)
recvmmsg(r4, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x1, 0x0)
sched_setattr(0x0, &(0x7f0000000200)={0x38, 0x0, 0x8, 0x9, 0x0, 0x9, 0x8000000036, 0x7, 0x80}, 0x0)
fcntl$notify(0xffffffffffffffff, 0x402, 0x8000003d)
mkdir(&(0x7f00000000c0)='./file0\x00', 0x16)
r6 = socket$inet6_sctp(0xa, 0x5, 0x84)
sendmmsg$inet6(r6, &(0x7f0000000a00)=[{{0x0, 0x0, &(0x7f0000000200)=[{&(0x7f0000000000)="001036ffbd0a077c617f9c475f9526f9f1ce846e737358", 0x17}], 0x1}}], 0x1, 0x4000841)
openat(0xffffffffffffff9c, 0x0, 0x195184, 0x65)
sendmsg$nl_generic(0xffffffffffffffff, &(0x7f0000000100)={0x0, 0x0, &(0x7f0000000180)={&(0x7f0000000400)=ANY=[@ANYBLOB="1c0000004000625eca60a2f7240b5b7382"], 0x1c}, 0x1, 0x0, 0x0, 0x400c801}, 0x4008094)
munmap(&(0x7f0000ffe000/0x2000)=nil, 0x2000)
r7 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000ac0)={0x1, 0x3, &(0x7f0000000100)=ANY=[@ANYBLOB="183f0000000000000000000003000000950000000000000095"], &(0x7f00000002c0)='syzkaller\x00', 0x1, 0x0, 0x0, 0x0, 0x6, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x6}, 0x94)
r8 = socket$inet_tcp(0x2, 0x1, 0x0)
setsockopt$IPT_SO_SET_REPLACE(r8, 0x0, 0x40, &(0x7f0000000480)=@raw={'raw\x00', 0x8, 0x3, 0x420, 0x288, 0x43, 0xa0, 0x288, 0x98, 0x388, 0x178, 0x178, 0x388, 0x178, 0x49, 0x0, {[{{@ip={@loopback, @multicast1, 0x0, 0x0, 'bridge_slave_1\x00', 'ip6erspan0\x00'}, 0x12a, 0x228, 0x288, 0x0, {0x0, 0x7a010000}, [@common=@inet=@recent0={{0xf8}, {0x0, 0x0, 0x8, 0x0, 'syz0\x00'}}, @common=@unspec=@string={{0xc0}, {0x0, 0x3, 'kmp\x00', "7af8bdb4c056dc65949041982abfe9ed51b01289c0026e2e6034ed587be5f09017b907388134b0ede40eb8d493f20d534fc37f23ec524d91a7a041f36bb1d1c3ab474544c5ef3f2fa69a80a0d967ee4464257d28d31e6843bc1221dfb9a6a27ad13af7061b737fd97d94f50942c68242819c941c0b4d9ec154c7d327187e8198", 0x38, 0x2, {0x1}}}]}, @common=@SET={0x60, 'SET\x00', 0x0, {{0x0, [0x4, 0x7, 0x5, 0x4, 0x3, 0x4], 0x2, 0x4}, {0xffffffffffffffff, [0x1, 0x1, 0x1, 0x1, 0x1, 0x2], 0x4}}}}, {{@uncond, 0x0, 0xe0, 0x100, 0x0, {}, [@common=@unspec=@cluster={{0x30}, {0x1b, 0x408, 0xfffffffb}}, @common=@set={{0x40}, {{0x3, [0x0, 0x0, 0x0, 0x0, 0x0, 0x300], 0x0, 0x1}}}]}, @unspec=@NOTRACK={0x20}}], {{'\x00', 0x0, 0x70, 0x98}, {0x28, '\x00', 0x4}}}}, 0x480)
sigaltstack(&(0x7f0000000280)={0x0, 0x80000002}, &(0x7f00000003c0)={&(0x7f0000000a40)=""/65, 0x0, 0x41})
listen(0xffffffffffffffff, 0x0)
syz_emit_ethernet(0x0, 0x0, 0x0)
sendmsg$NL80211_CMD_SET_INTERFACE(r1, &(0x7f0000000100)={0x0, 0x0, &(0x7f0000000140)={&(0x7f0000000380)=ANY=[@ANYRES8, @ANYRES8=r7, @ANYRESHEX=r3, @ANYRES32=r2, @ANYBLOB="0c0099000600"/20], 0x30}, 0x1, 0x0, 0x0, 0x40080}, 0x84)

33m0.69281966s ago: executing program 2 (id=3313):
io_setup(0x6, &(0x7f00000003c0)=<r0=>0x0)
r1 = openat$sequencer2(0xffffffffffffff9c, &(0x7f0000000080), 0x62081, 0x0)
socketpair$unix(0x1, 0x3, 0x0, &(0x7f0000000080)={<r2=>0xffffffffffffffff, <r3=>0xffffffffffffffff})
connect$unix(r2, &(0x7f000057eff8)=@file={0x0, './bus\x00'}, 0x6e)
sendmmsg$unix(r3, &(0x7f00000bd000), 0x318, 0x0)
recvmmsg(r2, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
read$FUSE(0xffffffffffffffff, 0x0, 0x0)
ioctl$SNDRV_CTL_IOCTL_ELEM_WRITE(0xffffffffffffffff, 0xc4c85513, &(0x7f0000001200)={{0x3, 0x6, 0x401, 0x7, '\x00', 0x81}, 0x1, [0x6, 0x7, 0x95, 0x907a, 0xffffffff, 0x60, 0x1, 0xf, 0x1, 0x4, 0xfffffffffffffffd, 0x63, 0xfff, 0x100000004, 0xffffffffbffffffa, 0xc8, 0x51, 0xa1, 0x1, 0xb6, 0x8000000000000000, 0x8, 0x7, 0x4, 0x200000006, 0xff, 0x9, 0x4f51, 0x0, 0x37c7, 0xc, 0xbb33, 0x0, 0x63, 0x4, 0x4, 0x8, 0xffffffffffff7fff, 0x6, 0x8, 0x5, 0x0, 0x8, 0x401, 0x3, 0xc1bd, 0x100000003, 0x8000000000000001, 0x3, 0x0, 0x7, 0x72, 0xc, 0x2, 0x6a44d0e6, 0xfffffffdffffffff, 0x9, 0x5f0, 0x9, 0x7, 0x6, 0xfffffffffffffffd, 0x20000007, 0xf0, 0x26e69303, 0x5, 0x2, 0x80, 0x2, 0x1, 0x9, 0x7, 0xe0000000000000, 0xd, 0x81, 0x80000001, 0x7fff, 0x6, 0x6, 0x3ff, 0xffffffffffffcc1c, 0x10003, 0xfffffffffffffffb, 0x6, 0x100000001, 0x1, 0xf, 0xa000000000000000, 0xfffffffffffff000, 0x8d6, 0x0, 0x5, 0x4, 0xafae, 0x1, 0x6, 0x1, 0xa, 0x1, 0x10ffff, 0x1, 0x10000, 0x1ff, 0xc, 0x0, 0x6, 0x3, 0x0, 0x3, 0x7, 0xaad, 0x7, 0x1, 0x8, 0xe2, 0x6, 0x4, 0xf, 0x7, 0x0, 0x9, 0x5, 0x40, 0x52a7, 0x83d0, 0xf0, 0x100000000, 0x140000000]})
sched_setattr(0x0, &(0x7f0000000280)={0x38, 0x5, 0x10000008, 0x3f9, 0x400, 0x1, 0x3, 0xfffffe0040000001, 0xfa15, 0xffffffff}, 0x0)
syz_usb_connect(0x2, 0x2d, &(0x7f00000001c0)=ANY=[@ANYBLOB="12010000965dedcdeffa11db0fdd06802806403e131508667e0102030109021b0001000000000904000001ff8887280009057568023121b162a2cb36377ec505030000000000e849e8f52444f47c3d2fc14f40fe51c3d5cd1650cb9bd96e2e4aadda7b7026d30865a5fabb97be8532c0de2f557fc75c98f880513d50dd72121239023e9753ce30b5fe20cb11deeab35f"], 0x0)
madvise(&(0x7f0000ffc000/0x4000)=nil, 0x4000, 0x64)
syz_emit_ethernet(0x7a, &(0x7f00000001c0)=ANY=[@ANYBLOB], 0x0)
ioctl$IOMMU_IOAS_ALLOC(0xffffffffffffffff, 0x3b81, &(0x7f00000011c0)={0xc, 0x0, <r4=>0x0})
openat$dma_heap(0xffffffffffffff9c, 0x0, 0x1, 0x0)
ioctl$IOMMU_IOAS_MAP$PAGES(0xffffffffffffffff, 0x3b85, &(0x7f0000000000)={0x28, 0x2, r4, 0x0, &(0x7f0000ff9000/0x4000)=nil, 0x4000, 0x1})
r5 = open(&(0x7f0000000040)='./bus\x00', 0x11f082, 0x0)
ftruncate(r3, 0xffffffffffffffff)
fcntl$notify(r5, 0x402, 0x8000003d)
r6 = socket$nl_generic(0x10, 0x3, 0x10)
sendmsg$nl_generic(r6, &(0x7f0000000100)={0x0, 0x0, &(0x7f0000000180)={&(0x7f00000003c0)=ANY=[@ANYBLOB="3400000040000100fcff0700040000000100d8bd99138e252c9801800c00108004000b80040007800c0002000000000000000000"], 0x34}, 0x1, 0x0, 0x0, 0x400c801}, 0x4008094)
fcntl$setsig(r5, 0xa, 0x11)
utime(&(0x7f00000024c0)='.\x00', 0x0)
ioctl$IOMMU_TEST_OP_ADD_RESERVED(0xffffffffffffffff, 0x3ba0, 0x0)
r7 = syz_open_dev$sndmidi(&(0x7f00000004c0), 0x2, 0x141102)
close_range(r7, 0xffffffffffffffff, 0x0)
r8 = socket$netlink(0x10, 0x3, 0x0)
sendmsg$netlink(r8, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000100)=[{&(0x7f0000000180)=ANY=[@ANYBLOB="1c000000120021030000000000bc61682a00968008001d001d"], 0x1c}], 0x1}, 0x0)
recvmmsg(r8, &(0x7f00000077c0)=[{{0x0, 0x0, &(0x7f0000000540)=[{&(0x7f0000002040)=""/4083, 0xff3}], 0x1}}, {{0x0, 0x0, 0x0}}], 0x2, 0x2040, 0x0)
io_submit(r0, 0x1, &(0x7f00000000c0)=[&(0x7f0000000000)={0x0, 0x0, 0x0, 0x5, 0x0, r1, 0x0}])

32m57.350750541s ago: executing program 2 (id=3323):
r0 = syz_open_dev$sg(0x0, 0x0, 0x5)
writev(r0, &(0x7f0000000400)=[{&(0x7f0000000080)="aefdda9d240300005a90f57f07703aeff0f64ebbee07962c22772e11b44e65d76641cb010052f436dd2a", 0x2a}], 0x1)
r1 = syz_open_dev$video4linux(&(0x7f0000000140), 0x6, 0x40440)
ioctl$VIDIOC_S_EDID(r1, 0xc0285629, &(0x7f0000000800)={0x0, 0x6, 0x9, '\x00', &(0x7f00000007c0)=0x26})
socketpair$unix(0x1, 0x3, 0x0, &(0x7f0000000080)={<r2=>0xffffffffffffffff, <r3=>0xffffffffffffffff})
connect$unix(r2, &(0x7f000057eff8)=@abs, 0x6e)
sendmmsg$unix(r3, &(0x7f00000bd000), 0x318, 0x0)
recvmmsg(r2, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
socketpair(0x1e, 0x1, 0x0, &(0x7f0000000100)={<r4=>0xffffffffffffffff})
sendmsg$ETHTOOL_MSG_FEATURES_SET(0xffffffffffffffff, &(0x7f0000001440)={&(0x7f0000001200), 0xc, &(0x7f0000001400)={0x0, 0x124}}, 0x0)
sendmmsg$alg(r4, &(0x7f0000001340)=[{0x0, 0x0, 0x0}], 0x7, 0x0)
sched_setattr(0x0, &(0x7f0000000280)={0x38, 0x5, 0x8, 0x8001, 0x0, 0x9, 0x0, 0xfffffe0000000001, 0xfa11, 0xffffffff}, 0x0)
mkdirat(0xffffffffffffff9c, &(0x7f0000000440)='./file0\x00', 0x0)
mount$fuse(0x0, &(0x7f00000020c0)='./file0\x00', &(0x7f0000000080), 0x800, &(0x7f00000003c0)=ANY=[@ANYBLOB, @ANYRESHEX, @ANYBLOB=',rootmode=00000000000000000040000,user_id=', @ANYRESDEC=0x0, @ANYRESDEC=0x0])
r5 = syz_open_procfs(0xffffffffffffffff, &(0x7f0000000040)='mountinfo\x00')
read$FUSE(r5, &(0x7f0000004100)={0x2020, 0x0, 0x0, 0x0, <r6=>0x0}, 0x2020)
r7 = socket$nl_route(0x10, 0x3, 0x0)
r8 = socket$nl_route(0x10, 0x3, 0x0)
sendmsg$nl_route(r8, &(0x7f0000000280)={0x0, 0x0, &(0x7f0000000140)={&(0x7f0000000180)=ANY=[@ANYRESHEX=r8, @ANYRES64=r6, @ANYBLOB="a7ffa888000000002000128009002b0069706970000000fa0f000280040013000500090000000008f33a5798cb485f3a9776f093ab3e544599d87862ad961fa67f7215b55c42d37b9a100eb2ec063287898534c013c8f11d376156badd398f094e0e3b0cae09b813a27158392211de2312f2526854a5a004cb08dad59319ee0f21d26b"], 0x40}}, 0x800)
r9 = socket$inet_udp(0x2, 0x2, 0x0)
ioctl$sock_SIOCGIFINDEX(r9, 0x8933, &(0x7f0000000680)={'bridge0\x00', <r10=>0x0})
socket(0x400000000010, 0x3, 0x0)
unshare(0x28000600)
unshare(0x26020400)
readlinkat(0xffffffffffffff9c, &(0x7f0000000300)='./cgroup\x00', 0xfffffffffffffffe, 0xfe9c)
syz_open_procfs(0x0, &(0x7f0000000000)='smaps\x00')
read$FUSE(r5, &(0x7f0000002640)={0x2020}, 0x2020)
sendmsg$nl_route(r7, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000240)={&(0x7f00000002c0)=ANY=[@ANYBLOB="4800000010000104000000000007000000000000", @ANYRES32=r10, @ANYBLOB="3f00000006020400280012800b0001006272696467650000180002800c002e0003000000030000000500070008"], 0x48}, 0x1, 0x0, 0x0, 0x4044081}, 0x0)

32m55.41009447s ago: executing program 2 (id=3330):
syz_usb_connect$cdc_ncm(0x0, 0x72, &(0x7f0000000080)=ANY=[@ANYBLOB="1201000002000040257d15a4400001040001090260004201000000090400000102090000052406000105240000000d240f01000004eaffffff1e0006031a00000804800200090581", @ANYBLOB="f7", @ANYRESOCT], 0x0)
syz_open_dev$char_usb(0xc, 0xb4, 0x0) (async)
r0 = syz_open_dev$char_usb(0xc, 0xb4, 0x0)
write$char_usb(r0, 0x0, 0x0) (async)
write$char_usb(r0, 0x0, 0x0)
syz_open_dev$char_usb(0xc, 0xb4, 0x0)
gettid() (async)
r1 = gettid()
timer_create(0x0, &(0x7f0000533fa0)={0x0, 0x21, 0x800000000004, @tid=r1}, &(0x7f0000000000)=<r2=>0x0)
timer_settime(r2, 0x0, &(0x7f0000000280)={{0x0, 0x989680}, {0x0, 0x989680}}, 0x0)
openat$kvm(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0) (async)
r3 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0)
r4 = ioctl$KVM_CREATE_VM(r3, 0xae01, 0x0)
syz_usb_connect$printer(0x2, 0x36, &(0x7f00000005c0)={{0x12, 0x1, 0x300, 0x0, 0x0, 0x0, 0x20, 0x525, 0xa4a8, 0x40, 0x1, 0x2, 0x3, 0x1, [{{0x9, 0x2, 0x24, 0x1, 0x1, 0x93, 0xc0, 0xfa, [{{0x9, 0x4, 0x0, 0x3e, 0x5, 0x7, 0x1, 0x3, 0x3, "", {{{0x9, 0x5, 0x1, 0x2, 0x10, 0x2, 0x6, 0xb}}, [{{0x9, 0x5, 0x82, 0x2, 0x200, 0x2, 0x9, 0xf1}}]}}}]}}]}}, &(0x7f00000008c0)={0xa, &(0x7f0000000600)={0xa, 0x6, 0x310, 0x6, 0xf5, 0x3, 0x8, 0x81}, 0x16, &(0x7f0000000640)={0x5, 0xf, 0x16, 0x2, [@ext_cap={0x7, 0x10, 0x2, 0x18, 0x2, 0x2, 0xff}, @ss_cap={0xa, 0x10, 0x3, 0x0, 0x0, 0x5, 0x8, 0x7}]}, 0x3, [{0xa3, &(0x7f0000000680)=@string={0xa3, 0x3, "3e62ee89504de27a517d3f131fb07708428c353c6f604b91bd3e536a7db65d4a4c680ebb56ea523cfd5f08404213ae1380e2dca79ef32024d68f366a0fb4e4a2bf3935e4873a3d4346ef3dfb9defd634b567fc6221ef263c1b2818b99ef7b377442f3fa519a90c8a98d5f3592173e4e9db9c2a3f6ea5b7c70d7f0bc9794e6f5724e21fd05d30961adbe04725644339c33cf113357cd2ff2e9f6890247fd366b1fe"}}, {0xbb, &(0x7f0000000740)=@string={0xbb, 0x3, "6c68a8afc4038d59287243854b291d7ab8e11a8cc55aa29427c1db38944a5e49b87d3a76df420710e7baa2f38badeb58584acfee6527b817600e3d9d0f5cda00370f4153c82e0a5ee2811ce927b0fc5d6e10a7b095146f6b8139962dc58a14ac8227ceff4c8298787ba1c1214119406a67212b42a976f48a1940d3f69b814349a5f2a197656cdad9465f27a29b2c38e8f97aadb21f8348d41c3bfd73e345ba0ee9e36b2c4907b03c06e227e172bfd06acc5568519cdd738977"}}, {0xbf, &(0x7f0000000800)=@string={0xbf, 0x3, "db962ac8755d319c150206f009b413b99c5e6b453519b8febdb4a690652e91748bf6169049c832e58c7902ec23324fad7517361a975b5d2d777355f0c289d8330980d10d2a50050ceb2566f9394a8e1cd502cd1a13b81938b9ead96d45fbe9df0760b9fdf90c94fa0b6f29710866f413487357d52efbdbbe6ef95ef78ba1dfefb1f66e678c35f1c4e26ac0bf2e0711465ae575f686d952f6b6cf22c840e4741a19996bee4266100c2c13346bb48011ea9627f8ab3d825a8cfe0df06865"}}]})
ioctl$KVM_CREATE_IRQCHIP(r4, 0xae60)
r5 = ioctl$KVM_CREATE_VCPU(r4, 0xae41, 0x0)
ioctl$KVM_SET_LAPIC(r5, 0x4400ae8f, &(0x7f00000001c0)={"568139cb5050a7a31ebfc4330c2bf68f86101d9a301cbe14b15f4f23031ceb319db01a783479d6b9a1201fb1cc7235f57f425131b1d59b14c7588e103ad23d61fc6b05b60536a1611da4d3a6a06d308650343e59d307e34d8c2ec3ef05629a47f994dd2e9f8b9ce05b338ae7db5267bc4082bd43ca93b78947a7c79e82df466d4fee2b222f1ebde976d2272a4f52329796330ee917cc4f5b3ec45ac1ecdaaf3dffe03c40b7c209e44cfeb08aad00e1b48da4289228d7d82d4f6a661942ace64f115d3cc6ac80f74420c390d89e7ab2133567aa41047d775e333184cc0b468ec5eb9bc3cb0fa00516e5452bf32a9e760f07efd5a5e5eb37eaff28ef92bb59498369808bdd310a4a95a5414a8ff450411ff67d3167eec8372455a19c0c5a608adfebded6974660fd85308a07860e16f62963da37448d6e1218f2092fb3d1662804623b63a07f3e5e881df9a5ac27ce3f1519003118aa6170ff423eb292dc70147bde37963f72d0642660e7107753167886fc10e108631a9ea4d6752145b8646187ba7e152b6bcbcedd6b83fb9435d5c8e8d5d25a3f173745eab94a4a296572d459a50d622c8769dc57a7cdf7efe9f259dc36f538d1836362f1bcb2c4ebceae7e3655d5e98ba481906f284bd03716c15894eca8cbf8302dc8e2c21736b697b5f868e8af96fa8bbb1ae56571616a70ce05970d1e4142f303f7586fd2fc6f0ee3dce1db6524dd6aa28faab046e074df38430a49e8a6dde71028f16539744b7867e19c856e670e8b799d52da435bb07beea6274bf512e7d6ebb8ff8f83a52e4d13602e7d4675a798a12c898ad5b00caa34313ff8fb6c3407cf815eca9795cffd9a24959653cc816851048ebf0772bebdd3ff9b8cfbd2c65c30e41586b00a14943e4815361789158139d440c4f627edb8ed59e1ca0bb0c60106e09635fa9335677337c554db885f75b899638e8df1ea9796f8258de36636346ab768856bbdfc51843a53701423d75c1f43be24469aa03d366bbfb81218b31e5c0ad716efea52175c2fa78317cafb16ee173eb5e9428509ca4c8f9bf798adc7da1758a9c0334e44200c0578495ff805fce84456205caa70f0976a8603f84cb542d0df1416602321c587556785af525ddf5548b4f51113c52a7a17042faf6c8c02d8d1835e0f67f60ab392c20fc12188db029e45bb77cfccc423671d52ec5a92d08c2bb27a676b66f3b89ac084d99e3f516426a015268a1f3fb91b13c8baba49a0765a305c13cd1f47b3ea7a6393182759b614a08d36192a8b68abef6e5c16849452c74af3a9f854e1f2bc1c2eac2f055f8ffd8fdaa6bb04a68850c585f433c0e6b8dba1401fce5aab11d75d2323d8079891175096e31013ca0a3763511c86f2fbc31a33458c52059ebe253dcd3e837fed39765a11842028df450479dd56e1325cd8d088ff12a8f7dd23f2"}) (async)
ioctl$KVM_SET_LAPIC(r5, 0x4400ae8f, &(0x7f00000001c0)={"568139cb5050a7a31ebfc4330c2bf68f86101d9a301cbe14b15f4f23031ceb319db01a783479d6b9a1201fb1cc7235f57f425131b1d59b14c7588e103ad23d61fc6b05b60536a1611da4d3a6a06d308650343e59d307e34d8c2ec3ef05629a47f994dd2e9f8b9ce05b338ae7db5267bc4082bd43ca93b78947a7c79e82df466d4fee2b222f1ebde976d2272a4f52329796330ee917cc4f5b3ec45ac1ecdaaf3dffe03c40b7c209e44cfeb08aad00e1b48da4289228d7d82d4f6a661942ace64f115d3cc6ac80f74420c390d89e7ab2133567aa41047d775e333184cc0b468ec5eb9bc3cb0fa00516e5452bf32a9e760f07efd5a5e5eb37eaff28ef92bb59498369808bdd310a4a95a5414a8ff450411ff67d3167eec8372455a19c0c5a608adfebded6974660fd85308a07860e16f62963da37448d6e1218f2092fb3d1662804623b63a07f3e5e881df9a5ac27ce3f1519003118aa6170ff423eb292dc70147bde37963f72d0642660e7107753167886fc10e108631a9ea4d6752145b8646187ba7e152b6bcbcedd6b83fb9435d5c8e8d5d25a3f173745eab94a4a296572d459a50d622c8769dc57a7cdf7efe9f259dc36f538d1836362f1bcb2c4ebceae7e3655d5e98ba481906f284bd03716c15894eca8cbf8302dc8e2c21736b697b5f868e8af96fa8bbb1ae56571616a70ce05970d1e4142f303f7586fd2fc6f0ee3dce1db6524dd6aa28faab046e074df38430a49e8a6dde71028f16539744b7867e19c856e670e8b799d52da435bb07beea6274bf512e7d6ebb8ff8f83a52e4d13602e7d4675a798a12c898ad5b00caa34313ff8fb6c3407cf815eca9795cffd9a24959653cc816851048ebf0772bebdd3ff9b8cfbd2c65c30e41586b00a14943e4815361789158139d440c4f627edb8ed59e1ca0bb0c60106e09635fa9335677337c554db885f75b899638e8df1ea9796f8258de36636346ab768856bbdfc51843a53701423d75c1f43be24469aa03d366bbfb81218b31e5c0ad716efea52175c2fa78317cafb16ee173eb5e9428509ca4c8f9bf798adc7da1758a9c0334e44200c0578495ff805fce84456205caa70f0976a8603f84cb542d0df1416602321c587556785af525ddf5548b4f51113c52a7a17042faf6c8c02d8d1835e0f67f60ab392c20fc12188db029e45bb77cfccc423671d52ec5a92d08c2bb27a676b66f3b89ac084d99e3f516426a015268a1f3fb91b13c8baba49a0765a305c13cd1f47b3ea7a6393182759b614a08d36192a8b68abef6e5c16849452c74af3a9f854e1f2bc1c2eac2f055f8ffd8fdaa6bb04a68850c585f433c0e6b8dba1401fce5aab11d75d2323d8079891175096e31013ca0a3763511c86f2fbc31a33458c52059ebe253dcd3e837fed39765a11842028df450479dd56e1325cd8d088ff12a8f7dd23f2"})
ioctl$KVM_CAP_HYPERV_SYNIC2(r5, 0x4068aea3, &(0x7f0000000140))
ioctl$KVM_SET_MSRS(r5, 0x4008ae89, &(0x7f0000000040)={0x2, 0x0, [{0x400000b0, 0x0, 0xfffffffffffffffd}, {0x400000b1, 0x0, 0x8}]})
ioctl$KVM_RUN(r5, 0xae80, 0x0)
r6 = seccomp$SECCOMP_SET_MODE_FILTER_LISTENER(0x1, 0x0, &(0x7f00000000c0)={0x1, &(0x7f0000000100)=[{0x6, 0x0, 0x0, 0x7fff0006}]})
iopl(0x0) (async)
iopl(0x0)
close_range(r6, 0xffffffffffffffff, 0x0)

32m40.092230656s ago: executing program 32 (id=3330):
syz_usb_connect$cdc_ncm(0x0, 0x72, &(0x7f0000000080)=ANY=[@ANYBLOB="1201000002000040257d15a4400001040001090260004201000000090400000102090000052406000105240000000d240f01000004eaffffff1e0006031a00000804800200090581", @ANYBLOB="f7", @ANYRESOCT], 0x0)
syz_open_dev$char_usb(0xc, 0xb4, 0x0) (async)
r0 = syz_open_dev$char_usb(0xc, 0xb4, 0x0)
write$char_usb(r0, 0x0, 0x0) (async)
write$char_usb(r0, 0x0, 0x0)
syz_open_dev$char_usb(0xc, 0xb4, 0x0)
gettid() (async)
r1 = gettid()
timer_create(0x0, &(0x7f0000533fa0)={0x0, 0x21, 0x800000000004, @tid=r1}, &(0x7f0000000000)=<r2=>0x0)
timer_settime(r2, 0x0, &(0x7f0000000280)={{0x0, 0x989680}, {0x0, 0x989680}}, 0x0)
openat$kvm(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0) (async)
r3 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0)
r4 = ioctl$KVM_CREATE_VM(r3, 0xae01, 0x0)
syz_usb_connect$printer(0x2, 0x36, &(0x7f00000005c0)={{0x12, 0x1, 0x300, 0x0, 0x0, 0x0, 0x20, 0x525, 0xa4a8, 0x40, 0x1, 0x2, 0x3, 0x1, [{{0x9, 0x2, 0x24, 0x1, 0x1, 0x93, 0xc0, 0xfa, [{{0x9, 0x4, 0x0, 0x3e, 0x5, 0x7, 0x1, 0x3, 0x3, "", {{{0x9, 0x5, 0x1, 0x2, 0x10, 0x2, 0x6, 0xb}}, [{{0x9, 0x5, 0x82, 0x2, 0x200, 0x2, 0x9, 0xf1}}]}}}]}}]}}, &(0x7f00000008c0)={0xa, &(0x7f0000000600)={0xa, 0x6, 0x310, 0x6, 0xf5, 0x3, 0x8, 0x81}, 0x16, &(0x7f0000000640)={0x5, 0xf, 0x16, 0x2, [@ext_cap={0x7, 0x10, 0x2, 0x18, 0x2, 0x2, 0xff}, @ss_cap={0xa, 0x10, 0x3, 0x0, 0x0, 0x5, 0x8, 0x7}]}, 0x3, [{0xa3, &(0x7f0000000680)=@string={0xa3, 0x3, "3e62ee89504de27a517d3f131fb07708428c353c6f604b91bd3e536a7db65d4a4c680ebb56ea523cfd5f08404213ae1380e2dca79ef32024d68f366a0fb4e4a2bf3935e4873a3d4346ef3dfb9defd634b567fc6221ef263c1b2818b99ef7b377442f3fa519a90c8a98d5f3592173e4e9db9c2a3f6ea5b7c70d7f0bc9794e6f5724e21fd05d30961adbe04725644339c33cf113357cd2ff2e9f6890247fd366b1fe"}}, {0xbb, &(0x7f0000000740)=@string={0xbb, 0x3, "6c68a8afc4038d59287243854b291d7ab8e11a8cc55aa29427c1db38944a5e49b87d3a76df420710e7baa2f38badeb58584acfee6527b817600e3d9d0f5cda00370f4153c82e0a5ee2811ce927b0fc5d6e10a7b095146f6b8139962dc58a14ac8227ceff4c8298787ba1c1214119406a67212b42a976f48a1940d3f69b814349a5f2a197656cdad9465f27a29b2c38e8f97aadb21f8348d41c3bfd73e345ba0ee9e36b2c4907b03c06e227e172bfd06acc5568519cdd738977"}}, {0xbf, &(0x7f0000000800)=@string={0xbf, 0x3, "db962ac8755d319c150206f009b413b99c5e6b453519b8febdb4a690652e91748bf6169049c832e58c7902ec23324fad7517361a975b5d2d777355f0c289d8330980d10d2a50050ceb2566f9394a8e1cd502cd1a13b81938b9ead96d45fbe9df0760b9fdf90c94fa0b6f29710866f413487357d52efbdbbe6ef95ef78ba1dfefb1f66e678c35f1c4e26ac0bf2e0711465ae575f686d952f6b6cf22c840e4741a19996bee4266100c2c13346bb48011ea9627f8ab3d825a8cfe0df06865"}}]})
ioctl$KVM_CREATE_IRQCHIP(r4, 0xae60)
r5 = ioctl$KVM_CREATE_VCPU(r4, 0xae41, 0x0)
ioctl$KVM_SET_LAPIC(r5, 0x4400ae8f, &(0x7f00000001c0)={"568139cb5050a7a31ebfc4330c2bf68f86101d9a301cbe14b15f4f23031ceb319db01a783479d6b9a1201fb1cc7235f57f425131b1d59b14c7588e103ad23d61fc6b05b60536a1611da4d3a6a06d308650343e59d307e34d8c2ec3ef05629a47f994dd2e9f8b9ce05b338ae7db5267bc4082bd43ca93b78947a7c79e82df466d4fee2b222f1ebde976d2272a4f52329796330ee917cc4f5b3ec45ac1ecdaaf3dffe03c40b7c209e44cfeb08aad00e1b48da4289228d7d82d4f6a661942ace64f115d3cc6ac80f74420c390d89e7ab2133567aa41047d775e333184cc0b468ec5eb9bc3cb0fa00516e5452bf32a9e760f07efd5a5e5eb37eaff28ef92bb59498369808bdd310a4a95a5414a8ff450411ff67d3167eec8372455a19c0c5a608adfebded6974660fd85308a07860e16f62963da37448d6e1218f2092fb3d1662804623b63a07f3e5e881df9a5ac27ce3f1519003118aa6170ff423eb292dc70147bde37963f72d0642660e7107753167886fc10e108631a9ea4d6752145b8646187ba7e152b6bcbcedd6b83fb9435d5c8e8d5d25a3f173745eab94a4a296572d459a50d622c8769dc57a7cdf7efe9f259dc36f538d1836362f1bcb2c4ebceae7e3655d5e98ba481906f284bd03716c15894eca8cbf8302dc8e2c21736b697b5f868e8af96fa8bbb1ae56571616a70ce05970d1e4142f303f7586fd2fc6f0ee3dce1db6524dd6aa28faab046e074df38430a49e8a6dde71028f16539744b7867e19c856e670e8b799d52da435bb07beea6274bf512e7d6ebb8ff8f83a52e4d13602e7d4675a798a12c898ad5b00caa34313ff8fb6c3407cf815eca9795cffd9a24959653cc816851048ebf0772bebdd3ff9b8cfbd2c65c30e41586b00a14943e4815361789158139d440c4f627edb8ed59e1ca0bb0c60106e09635fa9335677337c554db885f75b899638e8df1ea9796f8258de36636346ab768856bbdfc51843a53701423d75c1f43be24469aa03d366bbfb81218b31e5c0ad716efea52175c2fa78317cafb16ee173eb5e9428509ca4c8f9bf798adc7da1758a9c0334e44200c0578495ff805fce84456205caa70f0976a8603f84cb542d0df1416602321c587556785af525ddf5548b4f51113c52a7a17042faf6c8c02d8d1835e0f67f60ab392c20fc12188db029e45bb77cfccc423671d52ec5a92d08c2bb27a676b66f3b89ac084d99e3f516426a015268a1f3fb91b13c8baba49a0765a305c13cd1f47b3ea7a6393182759b614a08d36192a8b68abef6e5c16849452c74af3a9f854e1f2bc1c2eac2f055f8ffd8fdaa6bb04a68850c585f433c0e6b8dba1401fce5aab11d75d2323d8079891175096e31013ca0a3763511c86f2fbc31a33458c52059ebe253dcd3e837fed39765a11842028df450479dd56e1325cd8d088ff12a8f7dd23f2"}) (async)
ioctl$KVM_SET_LAPIC(r5, 0x4400ae8f, &(0x7f00000001c0)={"568139cb5050a7a31ebfc4330c2bf68f86101d9a301cbe14b15f4f23031ceb319db01a783479d6b9a1201fb1cc7235f57f425131b1d59b14c7588e103ad23d61fc6b05b60536a1611da4d3a6a06d308650343e59d307e34d8c2ec3ef05629a47f994dd2e9f8b9ce05b338ae7db5267bc4082bd43ca93b78947a7c79e82df466d4fee2b222f1ebde976d2272a4f52329796330ee917cc4f5b3ec45ac1ecdaaf3dffe03c40b7c209e44cfeb08aad00e1b48da4289228d7d82d4f6a661942ace64f115d3cc6ac80f74420c390d89e7ab2133567aa41047d775e333184cc0b468ec5eb9bc3cb0fa00516e5452bf32a9e760f07efd5a5e5eb37eaff28ef92bb59498369808bdd310a4a95a5414a8ff450411ff67d3167eec8372455a19c0c5a608adfebded6974660fd85308a07860e16f62963da37448d6e1218f2092fb3d1662804623b63a07f3e5e881df9a5ac27ce3f1519003118aa6170ff423eb292dc70147bde37963f72d0642660e7107753167886fc10e108631a9ea4d6752145b8646187ba7e152b6bcbcedd6b83fb9435d5c8e8d5d25a3f173745eab94a4a296572d459a50d622c8769dc57a7cdf7efe9f259dc36f538d1836362f1bcb2c4ebceae7e3655d5e98ba481906f284bd03716c15894eca8cbf8302dc8e2c21736b697b5f868e8af96fa8bbb1ae56571616a70ce05970d1e4142f303f7586fd2fc6f0ee3dce1db6524dd6aa28faab046e074df38430a49e8a6dde71028f16539744b7867e19c856e670e8b799d52da435bb07beea6274bf512e7d6ebb8ff8f83a52e4d13602e7d4675a798a12c898ad5b00caa34313ff8fb6c3407cf815eca9795cffd9a24959653cc816851048ebf0772bebdd3ff9b8cfbd2c65c30e41586b00a14943e4815361789158139d440c4f627edb8ed59e1ca0bb0c60106e09635fa9335677337c554db885f75b899638e8df1ea9796f8258de36636346ab768856bbdfc51843a53701423d75c1f43be24469aa03d366bbfb81218b31e5c0ad716efea52175c2fa78317cafb16ee173eb5e9428509ca4c8f9bf798adc7da1758a9c0334e44200c0578495ff805fce84456205caa70f0976a8603f84cb542d0df1416602321c587556785af525ddf5548b4f51113c52a7a17042faf6c8c02d8d1835e0f67f60ab392c20fc12188db029e45bb77cfccc423671d52ec5a92d08c2bb27a676b66f3b89ac084d99e3f516426a015268a1f3fb91b13c8baba49a0765a305c13cd1f47b3ea7a6393182759b614a08d36192a8b68abef6e5c16849452c74af3a9f854e1f2bc1c2eac2f055f8ffd8fdaa6bb04a68850c585f433c0e6b8dba1401fce5aab11d75d2323d8079891175096e31013ca0a3763511c86f2fbc31a33458c52059ebe253dcd3e837fed39765a11842028df450479dd56e1325cd8d088ff12a8f7dd23f2"})
ioctl$KVM_CAP_HYPERV_SYNIC2(r5, 0x4068aea3, &(0x7f0000000140))
ioctl$KVM_SET_MSRS(r5, 0x4008ae89, &(0x7f0000000040)={0x2, 0x0, [{0x400000b0, 0x0, 0xfffffffffffffffd}, {0x400000b1, 0x0, 0x8}]})
ioctl$KVM_RUN(r5, 0xae80, 0x0)
r6 = seccomp$SECCOMP_SET_MODE_FILTER_LISTENER(0x1, 0x0, &(0x7f00000000c0)={0x1, &(0x7f0000000100)=[{0x6, 0x0, 0x0, 0x7fff0006}]})
iopl(0x0) (async)
iopl(0x0)
close_range(r6, 0xffffffffffffffff, 0x0)

31m32.683690771s ago: executing program 4 (id=3576):
r0 = socket$nl_netfilter(0x10, 0x3, 0xc)
sendmsg$NFT_BATCH(r0, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000080)={&(0x7f0000000240)=ANY=[@ANYBLOB="140000001000010000000000000000000500000a28000000000a030000000000000000000a00000708000240000000020900010073797a31000000002c000000030a010100000000000000000a0000070900010073797a31000000000900030073797a320000000014000000110001"], 0x7c}, 0x1, 0x0, 0x0, 0x4000}, 0x0)
sendmsg$NFT_BATCH(r0, &(0x7f0000000340)={0x0, 0x0, &(0x7f0000000380)={&(0x7f0000000a80)=ANY=[@ANYBLOB="140000001000410000000000000002000500000a7c000000060a010400000000000000000a0000010900010073797a31000000045000048020000180070001007274000014000280080001400000000408000240000000012c0001800b0001006e756d67656e00001c0002800800014000000001080003400000000008000240000000100900020073797a32"], 0xa4}, 0x1, 0x0, 0x0, 0x4008091}, 0x24000040)

31m32.506390575s ago: executing program 4 (id=3577):
r0 = socket$netlink(0x10, 0x3, 0x0)
sendmsg$netlink(r0, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000040)=[{&(0x7f0000000ac0)={0x14, 0x56, 0x601, 0x2, 0x0, "", [@nested={0x4, 0xe}]}, 0x14}], 0x1}, 0x0) (async)
sendmsg$netlink(r0, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000040)=[{&(0x7f0000000ac0)={0x14, 0x56, 0x601, 0x2, 0x0, "", [@nested={0x4, 0xe}]}, 0x14}], 0x1}, 0x0)
msgctl$IPC_RMID(0xffffffffffffffff, 0x0)
r1 = socket$inet_smc(0x2b, 0x1, 0x0)
ioctl$int_in(r1, 0x5452, &(0x7f000000fa00)=0x9) (async)
ioctl$int_in(r1, 0x5452, &(0x7f000000fa00)=0x9)
sendmsg(r1, &(0x7f0000012900)={0x0, 0x0, 0x0}, 0x0)
ioctl$UI_SET_ABSBIT(0xffffffffffffffff, 0x40045567, 0x5)
sendmsg$nl_route(0xffffffffffffffff, &(0x7f0000000140)={0x0, 0x0, &(0x7f00000000c0)={&(0x7f00000020c0)=ANY=[@ANYRES32=r0, @ANYRES32=0x0, @ANYRESHEX], 0x3c}, 0x1, 0x0, 0x0, 0x20048055}, 0x4015)

31m32.494867262s ago: executing program 4 (id=3578):
r0 = shmget$private(0x0, 0x400000, 0x184, &(0x7f0000c00000/0x400000)=nil)
shmat(r0, &(0x7f0000f62000/0x1000)=nil, 0x7000)
r1 = openat$binderfs(0xffffffffffffff9c, &(0x7f00000000c0)='./binderfs/binder0\x00', 0x0, 0x0)
ioctl$BINDER_SET_CONTEXT_MGR_EXT(r1, 0x4018620d, &(0x7f0000000100))
r2 = openat$binderfs(0xffffffffffffff9c, &(0x7f0000000140)='./binderfs/binder0\x00', 0x0, 0x0)
ioctl$BINDER_WRITE_READ(r2, 0xc0306201, &(0x7f0000000080)={0x8, 0x0, &(0x7f0000000400)=[@increfs], 0x0, 0x0, 0x0})
r3 = dup3(r2, r1, 0x0)
r4 = openat$binderfs(0xffffffffffffff9c, &(0x7f0000000040)='./binderfs/binder0\x00', 0x0, 0x0)
mmap$binder(&(0x7f0000ffd000/0x3000)=nil, 0x3000, 0x1, 0x11, r4, 0x0)
ioctl$BINDER_SET_CONTEXT_MGR_EXT(r4, 0x4018620d, &(0x7f0000004a80)={0x73622a85, 0x100, 0x1})
ioctl$BINDER_WRITE_READ(r3, 0xc0306201, &(0x7f00000004c0)={0x8, 0x0, &(0x7f0000000000)=[@acquire], 0x0, 0x0, 0x0})
ioctl$BINDER_WRITE_READ(r3, 0xc0306201, &(0x7f00000001c0)={0x4c, 0x0, &(0x7f0000000fc0)=[@transaction_sg={0x40486311, {0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x48, 0x18, &(0x7f0000000300)={@flat=@weak_binder={0x77622a85, 0x0, 0x8000000000}, @flat=@weak_binder={0x77622a85, 0x1100, 0x3}, @flat=@binder={0x73622a85, 0x10b}}, &(0x7f0000000200)={0x0, 0x18, 0x30}}}], 0x0, 0x0, 0x0})
mmap$binder(&(0x7f0000ffe000/0x2000)=nil, 0x2000, 0x1, 0x11, r1, 0x10000000000)
ioctl$BINDER_WRITE_READ(r4, 0xc0306201, &(0x7f0000004a40)={0x4c, 0x0, &(0x7f0000000800)=[@transaction_sg={0x40486311, {0x3, 0x0, 0x0, 0x0, 0xf0, 0x0, 0x0, 0x28, 0x18, &(0x7f0000000880)={@fd={0x77682a85, 0x0, r3}, @flat=@handle={0x77682a85, 0x1000, 0x3}, @ptr={0x70742a85, 0x0, 0x0, 0x0, 0x2, 0x19}}, &(0x7f0000000380)={0x0, 0x18, 0x30}}, 0x400}], 0x0, 0x0, 0x0})

31m32.198708964s ago: executing program 4 (id=3580):
r0 = socket$nl_generic(0x10, 0x3, 0x10)
sendmsg$nl_generic(r0, &(0x7f0000000240)={0x0, 0x0, &(0x7f0000000040)={&(0x7f0000000080)=ANY=[@ANYBLOB="200000001500010026bd7000ffdbdf25050000000c00010002"], 0x20}, 0x1, 0x0, 0x0, 0x48080}, 0x40010)
sendmsg$IPSET_CMD_CREATE(0xffffffffffffffff, 0x0, 0x84000)
r1 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000280)='cpuacct.usage_percpu\x00', 0x275a, 0x0)
r2 = landlock_create_ruleset(&(0x7f0000000080)={0xd60b, 0x2}, 0x18, 0x0)
mkdir(&(0x7f00000002c0)='./file0\x00', 0x0)
r3 = open_tree(0xffffffffffffff9c, &(0x7f0000000100)='./file0\x00', 0x89901)
r4 = socket$nl_netfilter(0x10, 0x3, 0xc)
sendmsg$IPSET_CMD_CREATE(r4, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000040)={&(0x7f0000000080)=ANY=[@ANYBLOB="580000000206010400000000000000020000000505000400000000000900020073797a30000000000500010007000000050005000a0000000c000780080012000000000012000300686173683a6e65742c706f7274"], 0x58}, 0x1, 0x0, 0x0, 0x4000014}, 0x0)
move_mount(r3, &(0x7f0000000140)='.\x00', 0xffffffffffffff9c, &(0x7f0000000180)='./file0\x00', 0x0)
r5 = open_tree(0xffffffffffffff9c, &(0x7f0000000640)='\x00', 0x9801)
move_mount(r5, &(0x7f0000000140)='.\x00', 0xffffffffffffff9c, &(0x7f0000000180)='./file0\x00', 0x0)
mount$fuseblk(0x0, &(0x7f0000000000)='./file0\x00', 0x0, 0x24000, 0x0)
open_tree(0xffffffffffffff9c, &(0x7f0000000640)='\x00', 0x89901)
landlock_restrict_self(r2, 0x0)
r6 = socket$inet_icmp_raw(0x2, 0x3, 0x1)
mkdirat(0xffffffffffffff9c, &(0x7f0000000240)='./file0\x00', 0x20)
madvise(&(0x7f0000000000/0x600000)=nil, 0x600003, 0x19)
mremap(&(0x7f0000000000/0x1000)=nil, 0x1000, 0x1000, 0x7, &(0x7f0000481000/0x1000)=nil)
mbind(&(0x7f0000001000/0x800000)=nil, 0x800000, 0x8000, 0x0, 0x0, 0x2)
r7 = syz_io_uring_setup(0x1238, &(0x7f0000000380)={0x0, 0x80fd, 0x80, 0x2, 0xab9}, &(0x7f0000000040)=<r8=>0x0, &(0x7f0000000200)=<r9=>0x0)
syz_memcpy_off$IO_URING_METADATA_GENERIC(r8, 0x4, &(0x7f0000000180)=0xfffffff4, 0x0, 0x4)
syz_io_uring_submit(r8, r9, &(0x7f0000000300)=@IORING_OP_CONNECT={0x10, 0x1, 0x0, r6, 0x0, 0x0})
io_uring_enter(r7, 0x47bc, 0x0, 0x0, 0x0, 0x0)
r10 = socket$inet_tcp(0x2, 0x1, 0x0)
dup2(r10, r6)
ioctl$FICLONERANGE(r1, 0x4020940d, &(0x7f0000000080)={{}, 0x10000, 0x5, 0x2})
r11 = socket$inet6_tcp(0xa, 0x1, 0x0)
setsockopt$inet6_tcp_int(r11, 0x6, 0x13, &(0x7f0000000400)=0x100000001, 0x4)
connect$inet6(r11, &(0x7f0000000200)={0xa, 0x0, 0x2, @loopback, 0xe}, 0x1c)

31m31.985732864s ago: executing program 4 (id=3581):
r0 = socket$inet6_udplite(0xa, 0x2, 0x88)
sendmsg$inet6(r0, &(0x7f00000004c0)={&(0x7f00000000c0)={0xa, 0x4e21, 0x3, @dev={0xfe, 0x80, '\x00', 0x2c}, 0x9}, 0x1c, &(0x7f0000000440)=[{&(0x7f0000000140)="8f5ce04ccea7c28f2c60cd6c9a489cb61b9824", 0x13}, {&(0x7f0000000180)="4bb604e5a835279ae3a4ab4092d3871ae557b95127c30c9f0b9b768e3ddcd2fb9d2c8850511568490216c4f823061edfebf6ea9553b07d44da530c98051577508193bd", 0x43}, {&(0x7f00000002c0)="4f81b27367285810c9658a820753db6d6ddf0ccc7ac2989cd5ed4d0176410b3cf60bce88b0a26a7c62963df4c985580cc4e28406e701863942c262c7cf50e2f0ec1f6025068bf238d738aaa17d62ed00e6b4784b68453d35b7d456120970480c3d0d04cfefbcef4a5319a8e7a6f68f628420fbcc2168aa2d828a92bf57de6d52ce94113997d751edf33e63241793098e066cbbba38ed22f894c542934de318ca", 0xa0}, {&(0x7f0000000380)="336c51f4c4b02fde8dfd086136b6cb2dd413900395eb08b9b64556f4855633839df01c086a2d9012c7e60f4f0d037ea08945620200e4e5f20d", 0x39}, {&(0x7f0000001400)="e8e0d8bd7826f75e02c498e4cbdbc1fc7027d13f330aa72beff3aee8540c71a2fa16c1ff3e15db61edefd855994e6ff5a86daba6f1306a62a17dc10cd5abe199a3dd8f0b83bd482fcde4b2f98574b29d7005bc4ccbdc13dc7533c2c41e248c170017203669c6e4ae699afb6b7fa3eaf4f1700cf3c781539fee679cce36e85b8fa74a8057c211795b3b0ea06b1097b16366ed17e11c8980b760d88a1770dad96014b124cdf82889495d97a87eb4da6ce0ec853415caf583e6b4d107cf5670c3c9f57f98d3ece0da5a6e471f1256c8bbe9c45207899ab8b84f1d49fca6cabc7976e3e55d2c1398697c861b927913895765d485ebbe968d85025f1d7a70e48a7f3f9cad85042f55db709ed6d30be235d82d3efd58293e0ce32445a8141a963e42e95581f137c9b612fa075c608df52087343a97ecaf4d3f8c1c6d29e5e42322fe125f24cf41e4e6faefbaae41a390db92e31fdd20526d4a8d9911bed0d159aa7a3d90a9ddf5f66d5a75ca7619773c698dd15535cff48c7bcf54f776d8086f4e92a6e43cc3259cae28492f50ecbdc9020ac33ad4cd0bea826857c98edc357d4a2f89b453e1554540a113c1eedef6d32b13c6830d45ea0f8b766c61285ecc6f467679d386b8a066beba3415925e05d7b8a67a952254ab64f076c66328fd65694b4d121c48eff8a5a222e5df3010e3b519c97df4836fa28f15994e6279286dab0d711403090d38d4c1afc8208c4fd7a551a0b20ac9d7d6b229f6b6f56990e5ab33d56c71844d5adda981f7fa528f2be8cc8f55bf67af32e6f5156a81e1634e6eccb7304efd904eacfe4d942e940b5a9e6b9ba67a84682f31bf311f4681b6247026147ac3f89a987865a9905eaaa29cad1aa7eb6561e810009d994969785f6d84ae0b88e817350d0a68dcbd43d0cb7156df433b148fe2b5560611cac6f05cc168ab9baea1c9e050c833b1353b7c8761aa2fe8a08f719fad32581d174684", 0x2ba}], 0x5, &(0x7f0000000500)=[@dstopts={{0x1a0, 0x29, 0x37, {0x5e, 0x31, '\x00', [@hao={0xc9, 0x10, @private1={0xfc, 0x1, '\x00', 0x1}}, @generic={0x3, 0x55, "6fd9c193e953e686cdc02bbfb7b1ba34c35f8e11ff5156b7be70249b89d925bba608124f82e703cf7715dfef3564d2655095b93a12e02e0241e4b7d61137fd8084e47059b848b36818e390639be9cd7d13a264b726"}, @jumbo={0xc2, 0x4, 0x5}, @hao={0xc9, 0x10, @private2={0xfc, 0x2, '\x00', 0x1}}, @generic={0x0, 0xd3, "53283b7dd2fcc42bdaa268178048fb965cc37930a7261926a4aab7ad6d32a672c4f760dffa921d116506fa0872f640784efed3e375c78e617e41472c8b9e0285a29ec86256d6fab200309ad5c6549f166ae682797af2a4ac440c52e9c5ac605c79fa8e3eec904739b0c68ff1664be6a2aaabc1ea894f3f763431f1beae6d27047bb4496d1eedf469243e6adef9a741fe3984b7961529d17d0f015ac18dc060ce93f910fc34ed340e916137838ab5cda146d10e54498cfa917e79dd50a45cb33dbbe62f3c9fd22c859ef52facd64f2edd149f75"}, @calipso={0x7, 0x30, {0x3, 0xa, 0x97, 0xff, [0x8, 0x2000000000000, 0x1, 0x2, 0x479]}}]}}}], 0x1a0}, 0x8040)
sendmsg$inet6(r0, &(0x7f0000000bc0)={0x0, 0x0, &(0x7f0000000040)=[{&(0x7f0000000700)="9baf4df8", 0x4}], 0x1}, 0x4000001)

31m31.325935593s ago: executing program 4 (id=3585):
r0 = syz_open_dev$vim2m(&(0x7f0000000180), 0x0, 0x2)
ioctl$vim2m_VIDIOC_ENUM_FMT(r0, 0xc0405602, &(0x7f0000000040)={0x13, 0x2, 0x2, "11df004f866f13d27800000000000000000000c9ffff000000070000008000", 0x32315258})

31m30.582264237s ago: executing program 33 (id=3585):
r0 = syz_open_dev$vim2m(&(0x7f0000000180), 0x0, 0x2)
ioctl$vim2m_VIDIOC_ENUM_FMT(r0, 0xc0405602, &(0x7f0000000040)={0x13, 0x2, 0x2, "11df004f866f13d27800000000000000000000c9ffff000000070000008000", 0x32315258})

10.730826842s ago: executing program 3 (id=10528):
r0 = socket$nl_generic(0x10, 0x3, 0x10)
socketpair$unix(0x1, 0x3, 0x0, &(0x7f0000000080)={<r1=>0xffffffffffffffff, <r2=>0xffffffffffffffff})
connect$unix(r1, &(0x7f000057eff8)=@file={0x0, './file0\x00'}, 0x6e)
sendmmsg$unix(r2, &(0x7f00000bd000), 0x318, 0x0)
recvmmsg(r1, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x1, 0x0)
ioctl$sock_ipv6_tunnel_SIOCGETTUNNEL(0xffffffffffffffff, 0x89f0, 0x0)
r3 = landlock_create_ruleset(&(0x7f0000000080)={0xd60b, 0x2}, 0x18, 0x0)
sendmsg$nl_route(0xffffffffffffffff, 0x0, 0x0)
syz_usb_connect(0x0, 0x73, 0x0, 0x0)
landlock_restrict_self(r3, 0x0)
socket$inet6_udplite(0xa, 0x2, 0x88)
ioctl$sock_ipv4_tunnel_SIOCGETTUNNEL(0xffffffffffffffff, 0x89f0, 0x0)
r4 = socket$unix(0x1, 0x1, 0x0)
ioctl$sock_SIOCGIFINDEX(r4, 0x8933, 0x0)
sendmsg$nl_route_sched(0xffffffffffffffff, &(0x7f0000000000)={0x0, 0x0, &(0x7f00000001c0)={0x0}, 0x1, 0x0, 0x0, 0xdc}, 0x0)
r5 = socket$inet_icmp_raw(0x2, 0x3, 0x1)
syz_genetlink_get_family_id$nl80211(&(0x7f0000000100), r0)
sendmsg$NL80211_CMD_TESTMODE(r0, &(0x7f0000002640)={&(0x7f0000000000)={0x10, 0x0, 0x0, 0x400000}, 0xc, &(0x7f0000000140)={0x0}, 0x1, 0x0, 0x0, 0x14000040}, 0x404c080)
r6 = syz_io_uring_setup(0x1238, &(0x7f0000000240)={0x0, 0x80fa, 0x80, 0x2, 0xabc}, &(0x7f0000000040)=<r7=>0x0, &(0x7f0000000200)=<r8=>0x0)
syz_memcpy_off$IO_URING_METADATA_GENERIC(r7, 0x4, &(0x7f0000000180)=0xfffffff4, 0x0, 0x4)
syz_io_uring_submit(r7, r8, &(0x7f00000001c0)=@IORING_OP_CONNECT={0x10, 0x0, 0x0, r5, 0x80, &(0x7f0000000080)=@l2tp={0x2, 0x0, @local, 0x3}})
io_uring_enter(r6, 0x47bc, 0x0, 0x0, 0x0, 0x0)
ioctl$sock_SIOCETHTOOL(0xffffffffffffffff, 0x8946, &(0x7f0000000080)={'bond0\x00', 0x0})
dup2(0xffffffffffffffff, r5)
msgctl$IPC_RMID(0x0, 0x0)

8.474489093s ago: executing program 0 (id=10537):
r0 = socket$nl_netfilter(0x10, 0x3, 0xc)
sendmsg$NFT_BATCH(r0, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000740)=ANY=[@ANYBLOB="140000001000010000000000000100002200000a20000000000a01010000000000000000010000000900010073797a300000000068000000090a010400000000000000000100000008000a4000000000200011800e000100636f6e6e6c696d69740000000c00028008000140000000000900010073797a30000000000900020073797a3200000000080005400000001f0c000980080001400037"], 0xb0}}, 0x0)

7.518773931s ago: executing program 3 (id=10540):
r0 = socket$nl_netfilter(0x10, 0x3, 0xc)
close(r0)
r1 = socket$nl_netfilter(0x10, 0x3, 0xc)
sendmsg$NFT_BATCH(r1, &(0x7f00000000c0)={0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x4000}, 0x0)
sendmsg$NFT_BATCH(r1, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000009b00)={&(0x7f0000000400)=ANY=[@ANYBLOB="1400000010000100f7000000000000000500000a44000000090a010400000000000000000a0000040900010073797a310000000008000540000000020900020073797a310000000008000a40fffffffc08000340000000144c0000000c0a010100000000000000000a0000060900020073797a31000000000900010073797a3100000000200003801c0000800c00018006000100d10300000c000440000000000000000114000000110001"], 0xb8}, 0x1, 0x0, 0x0, 0x4000850}, 0x40)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x204000)
sendmsg$NFT_BATCH(r0, &(0x7f0000009b40)={0x0, 0x0, &(0x7f0000009b00)={&(0x7f00000001c0)=ANY=[@ANYBLOB="140000001000010000000000000001000500000a480000000c0a010100000000000000000a0000060900020073797a31000000000900010073797a31000000001c000380180000800c000180060001"], 0x70}, 0x1, 0x0, 0x0, 0x4451099e661a63b1}, 0x0)

7.258995562s ago: executing program 1 (id=10541):
bpf$PROG_LOAD(0x5, &(0x7f0000000100)={0x1, 0x3, &(0x7f0000000200)=@framed={{0xffffff85, 0x0, 0x0, 0x0, 0x8, 0xffffffd4, 0x0, 0x201, 0x20}}, &(0x7f0000000240)='GPL\x00', 0x1, 0x473, &(0x7f0000000280)=""/195, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x8, &(0x7f0000000000), 0x0, 0x10, &(0x7f0000000000), 0xffffffffffffff60}, 0x48)

6.97008424s ago: executing program 1 (id=10542):
r0 = syz_open_dev$sndctrl(0x0, 0x0, 0x880)
ioctl$SNDRV_CTL_IOCTL_ELEM_ADD(r0, 0xc1105517, &(0x7f0000000500)={{0x100a, 0x2, 0x0, 0x2000003, 'syz0\x00', 0x2}, 0x5, 0x40, 0x0, 0x0, 0x0, 0x8, 'syz0\x00', 0x0})
r1 = syz_open_dev$tty1(0xc, 0x4, 0x4)
r2 = socket$nl_generic(0x10, 0x3, 0x10)
sendmsg$nl_generic(r2, &(0x7f0000000180)={0x0, 0x0, &(0x7f0000000140)={&(0x7f00000001c0)=ANY=[@ANYBLOB="180000002500010324bd5502ffdbdf25010000000400ae"], 0x18}, 0x1, 0x0, 0x0, 0x4004088}, 0x0)
recvmsg(r2, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000ac0)=[{&(0x7f00000000c0)=""/72, 0x48}, {&(0x7f0000000340)=""/244, 0xf4}, {&(0x7f0000000440)=""/211, 0xd3}, {&(0x7f0000000800)=""/210, 0xd2}, {&(0x7f0000000940)=""/135, 0x87}, {&(0x7f00000005c0)=""/196, 0xc4}, {&(0x7f0000001bc0)=""/4096, 0x1000}], 0x7}, 0x22120)
syz_genetlink_get_family_id$nl80211(&(0x7f0000000040), r2)
syz_genetlink_get_family_id$nl80211(&(0x7f0000000080), r2)
ioctl$GIO_UNIMAP(r1, 0x4b66, 0x0)
preadv(0xffffffffffffffff, &(0x7f0000000480)=[{&(0x7f0000000180)=""/1, 0x1}], 0x1, 0x1, 0xd)
openat$rfkill(0xffffffffffffff9c, &(0x7f0000000000), 0xa2582, 0x0)
socket$netlink(0x10, 0x3, 0x0)
socket$igmp(0x2, 0x3, 0x2)
pipe2$watch_queue(&(0x7f0000000600)={0xffffffffffffffff, <r3=>0xffffffffffffffff}, 0x80)
ioctl$IOC_WATCH_QUEUE_SET_SIZE(r3, 0x5760, 0x1f)
mmap(&(0x7f0000003000/0x2000)=nil, 0x2000, 0x0, 0x31, 0xffffffffffffffff, 0x0)
r4 = syz_io_uring_setup(0xbdc, &(0x7f0000000640)={0x0, 0xec25, 0x800, 0x1, 0x40000333}, &(0x7f00000006c0)=<r5=>0x0, &(0x7f00000001c0)=<r6=>0x0)
syz_memcpy_off$IO_URING_METADATA_GENERIC(r5, 0x4, &(0x7f0000000180)=0xfffffffc, 0x0, 0x4)
syz_io_uring_submit(r5, r6, &(0x7f0000000200)=@IORING_OP_READV=@pass_iovec={0x1, 0x0, 0x0, @fd_index=0x4, 0x0, 0x0})
io_uring_enter(r4, 0x847ba, 0x0, 0xe, 0x0, 0x0)
syz_open_dev$sndctrl(0x0, 0x0, 0x880) (async)
ioctl$SNDRV_CTL_IOCTL_ELEM_ADD(r0, 0xc1105517, &(0x7f0000000500)={{0x100a, 0x2, 0x0, 0x2000003, 'syz0\x00', 0x2}, 0x5, 0x40, 0x0, 0x0, 0x0, 0x8, 'syz0\x00', 0x0}) (async)
syz_open_dev$tty1(0xc, 0x4, 0x4) (async)
socket$nl_generic(0x10, 0x3, 0x10) (async)
sendmsg$nl_generic(r2, &(0x7f0000000180)={0x0, 0x0, &(0x7f0000000140)={&(0x7f00000001c0)=ANY=[@ANYBLOB="180000002500010324bd5502ffdbdf25010000000400ae"], 0x18}, 0x1, 0x0, 0x0, 0x4004088}, 0x0) (async)
recvmsg(r2, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000ac0)=[{&(0x7f00000000c0)=""/72, 0x48}, {&(0x7f0000000340)=""/244, 0xf4}, {&(0x7f0000000440)=""/211, 0xd3}, {&(0x7f0000000800)=""/210, 0xd2}, {&(0x7f0000000940)=""/135, 0x87}, {&(0x7f00000005c0)=""/196, 0xc4}, {&(0x7f0000001bc0)=""/4096, 0x1000}], 0x7}, 0x22120) (async)
syz_genetlink_get_family_id$nl80211(&(0x7f0000000040), r2) (async)
syz_genetlink_get_family_id$nl80211(&(0x7f0000000080), r2) (async)
ioctl$GIO_UNIMAP(r1, 0x4b66, 0x0) (async)
preadv(0xffffffffffffffff, &(0x7f0000000480)=[{&(0x7f0000000180)=""/1, 0x1}], 0x1, 0x1, 0xd) (async)
openat$rfkill(0xffffffffffffff9c, &(0x7f0000000000), 0xa2582, 0x0) (async)
socket$netlink(0x10, 0x3, 0x0) (async)
socket$igmp(0x2, 0x3, 0x2) (async)
pipe2$watch_queue(&(0x7f0000000600), 0x80) (async)
ioctl$IOC_WATCH_QUEUE_SET_SIZE(r3, 0x5760, 0x1f) (async)
mmap(&(0x7f0000003000/0x2000)=nil, 0x2000, 0x0, 0x31, 0xffffffffffffffff, 0x0) (async)
syz_io_uring_setup(0xbdc, &(0x7f0000000640)={0x0, 0xec25, 0x800, 0x1, 0x40000333}, &(0x7f00000006c0), &(0x7f00000001c0)) (async)
syz_memcpy_off$IO_URING_METADATA_GENERIC(r5, 0x4, &(0x7f0000000180)=0xfffffffc, 0x0, 0x4) (async)
syz_io_uring_submit(r5, r6, &(0x7f0000000200)=@IORING_OP_READV=@pass_iovec={0x1, 0x0, 0x0, @fd_index=0x4, 0x0, 0x0}) (async)
io_uring_enter(r4, 0x847ba, 0x0, 0xe, 0x0, 0x0) (async)

6.942542777s ago: executing program 0 (id=10543):
r0 = openat$tun(0xffffffffffffff9c, &(0x7f0000000000), 0x40241, 0x0)
ioctl$TUNSETIFF(r0, 0x400454ca, &(0x7f0000000200)={'syzkaller1\x00', 0xc201})
r1 = socket$inet_udp(0x2, 0x2, 0x0)
r2 = socket$nl_route(0x10, 0x3, 0x0)
sendmsg$nl_route(r2, &(0x7f0000000040)={0x0, 0x0, &(0x7f00000000c0)={&(0x7f0000000240)=ANY=[@ANYBLOB="7800000010000304000000000000000000007400", @ANYRES32=0x0, @ANYBLOB="00000000600000005800128008000100677470004c00028008000100", @ANYRES32=r1], 0x78}}, 0x0)
bind$inet(r1, &(0x7f0000000040)={0x2, 0x4e20, @empty}, 0x10)
r3 = socket$kcm(0x2, 0x3, 0x2)
ioctl$SIOCSIFHWADDR(r3, 0x8914, &(0x7f0000000040)={'syzkaller1\x00', @broadcast})
write$tun(r0, &(0x7f0000000140)={@val={0x8, 0x800}, @val={0x7, 0x0, 0x0, 0x0, 0x16}, @ipv4=@udp={{0x5, 0x4, 0x3, 0x1b, 0x1c, 0x66, 0x0, 0x40, 0x11, 0x0, @private=0xa010102, @dev={0xac, 0x14, 0x14, 0x14}}, {0x4e20, 0x4e20, 0x1c, 0x0, @gue={{0x2, 0x0, 0x0, 0xff, 0x100}, "29d2f731874499ae02050000"}}}}, 0x3e)

6.603329148s ago: executing program 5 (id=10544):
r0 = socket$nl_route(0x10, 0x3, 0x0)
r1 = openat$tun(0xffffffffffffff9c, &(0x7f0000000100), 0x0, 0x0)
ioctl$TUNSETIFF(r1, 0x400454ca, &(0x7f0000000040)={'syzkaller0\x00', 0x2}) (async)
r2 = openat$tun(0xffffffffffffff9c, &(0x7f0000000400), 0x0, 0x0) (async)
r3 = openat$zero(0xffffffffffffff9c, &(0x7f0000000200), 0x410080, 0x0)
getsockopt$inet_sctp6_SCTP_PEER_AUTH_CHUNKS(0xffffffffffffffff, 0x84, 0x1a, &(0x7f0000000440)={<r4=>0x0, 0xfc, "1b21154ef86073f845e7f8835c097f2a6e314664f3d355008a22d56ac4438a8d9760b4dacc121a8acf4fd66fe1913e29fd67bb2614548f267bf9f9b528fac2f7049427e8177082443961c9d7ae2d3538695e6b020b070cb7af4791d926245368bd3a10491523d08c5281a7eff3c1b6c9abb1dea9d13c1df99c7987fdeb05ab1ffb272d9bc489c70a856b4446031ebdbd410eaa4a352e8ce063e8f56dd3869cd7118d6bf05e48440f9ab5b56928ef752a004aaf0a04f238860ae7c70681cae92f79fc26e298c028412e076d76bf686a518ad64a75938a5621f01884f638befd2f9df2b7389fbdd3037b1e65834e45abff47d95d3c2636e964f80e5536"}, &(0x7f0000000240)=0x104)
getsockopt$inet_sctp6_SCTP_PEER_ADDR_PARAMS(r3, 0x84, 0x9, &(0x7f0000000340)={r4, @in={{0x2, 0x4e21, @multicast1}}, 0x559, 0x7, 0x7fee, 0x3, 0x1, 0x3, 0x1}, &(0x7f0000000580)=0x9c) (async)
socket(0x1d, 0x2, 0x400) (async)
close(r2) (async)
r5 = socket$nl_generic(0x10, 0x3, 0x10)
r6 = syz_genetlink_get_family_id$tipc(&(0x7f00000000c0), r5)
sendmsg$TIPC_CMD_ENABLE_BEARER(r5, &(0x7f00000002c0)={0x0, 0x0, &(0x7f0000000280)={&(0x7f0000000680)=ANY=[@ANYBLOB='8\x00\x00\x00', @ANYRES16=r6, @ANYBLOB="010000000d0000000000010000000000000001410000001c001700000000000000006574683a73797a6b616c6c657230"], 0x38}}, 0x0)
ioctl$SIOCSIFHWADDR(r2, 0x8914, &(0x7f0000002280)={'syzkaller0\x00', @multicast})
r7 = seccomp$SECCOMP_SET_MODE_FILTER_LISTENER(0x1, 0x8, &(0x7f0000000600)={0x2, &(0x7f00000005c0)=[{0xf800, 0x1, 0xa6, 0x3ff}, {0x200, 0xfb, 0x0, 0x2}]})
ioctl$SECCOMP_IOCTL_NOTIF_RECV(r7, 0xc0502100, &(0x7f00000006c0))
r8 = openat$tun(0xffffffffffffff9c, &(0x7f0000000080), 0x100, 0x0)
close(r8) (async, rerun: 32)
r9 = socket$unix(0x1, 0x1, 0x0) (async, rerun: 32)
r10 = socket$nl_route(0x10, 0x3, 0x0)
ioctl$sock_SIOCGIFINDEX(r9, 0x8933, &(0x7f0000000100)={'syzkaller0\x00', <r11=>0x0})
sendmsg$nl_route_sched(r10, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000180)={&(0x7f00000001c0)=@newqdisc={0x40, 0x24, 0x4ee4e6a52ff56541, 0x0, 0x0, {0x0, 0x0, 0x0, r11, {0x0, 0xb}, {0xffff, 0xffff}, {0xfff2, 0xffff}}, [@qdisc_kind_options=@q_fq={{0x7}, {0x14, 0x2, [@TCA_FQ_FLOW_MAX_RATE={0x8, 0x7, 0x5}, @TCA_FQ_FLOW_PLIMIT={0x8}]}}]}, 0x40}, 0x1, 0x0, 0x0, 0x20000001}, 0x0) (async)
ioctl$SIOCSIFHWADDR(r8, 0x8922, &(0x7f0000002280)={'syzkaller0\x00', @random="2b0100004ec6"}) (async)
sendmsg$nl_route(r0, &(0x7f0000000300)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000140)=@ipv4_newroute={0x2c, 0x1a, 0x1, 0x70bd29, 0x40, {0x2, 0x0, 0x0, 0x0, 0xfd, 0x0, 0x0, 0x0, 0x3100}, [@RTA_UID={0x8}, @RTA_MARK={0x8, 0x10, 0x5}]}, 0x2c}}, 0x0)

6.454575152s ago: executing program 1 (id=10545):
openat$tun(0xffffffffffffff9c, &(0x7f0000000240), 0x0, 0x0)
syz_open_dev$midi(&(0x7f0000000000), 0x2, 0x800)
socket$inet6_sctp(0xa, 0x5, 0x84)
socket$inet6_sctp(0xa, 0x1, 0x84)
socketpair$unix(0x1, 0x3, 0x0, &(0x7f0000000080)={<r0=>0xffffffffffffffff, <r1=>0xffffffffffffffff})
connect$unix(r0, &(0x7f0000000580)=@abs, 0x6e)
sendmmsg$unix(r1, &(0x7f00000bd000), 0x318, 0x0)
recvmmsg(r0, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
sched_setattr(0x0, &(0x7f0000000280)={0x38, 0x5, 0x8, 0x8001, 0x0, 0x9, 0xbc3d, 0xfffffe0000000001, 0xfa11, 0xffffffff}, 0x0)
write$RDMA_USER_CM_CMD_CREATE_ID(0xffffffffffffffff, &(0x7f00000000c0)={0x0, 0x18, 0xfa00, {0x4, 0x0, 0x2, 0x6}}, 0x20)
r2 = openat$rdma_cm(0xffffffffffffff9c, &(0x7f0000000540), 0x2, 0x0)
r3 = syz_open_dev$sndctrl(&(0x7f0000001ac0), 0x1, 0x0)
ioctl$SNDRV_CTL_IOCTL_ELEM_UNLOCK(r3, 0xc4c85513, &(0x7f0000000000)={0x2, 0x4, 0x1, 0x0, 'syz1\x00', 0x109a7})
write$RDMA_USER_CM_CMD_CREATE_ID(r2, &(0x7f0000000100)={0x0, 0x18, 0xfa00, {0x1, &(0x7f0000000040)={<r4=>0xffffffffffffffff}, 0x111}}, 0x20)
write$RDMA_USER_CM_CMD_RESOLVE_IP(r2, &(0x7f0000000180)={0x3, 0x40, 0xfa02, {{0x6000000, 0x4000, 0xffffffff, @empty}, {0xa, 0x0, 0x3, @private1={0xfc, 0x1, '\x00', 0x1}, 0x800083}, r4}}, 0x48)
r5 = syz_genetlink_get_family_id$nl80211(&(0x7f0000000080), 0xffffffffffffffff)
r6 = epoll_create(0x3ff)
r7 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000140), 0x8002, 0x0)
ioctl$KVM_CREATE_VM(r7, 0xae01, 0x0)
r8 = epoll_create1(0x80000)
epoll_ctl$EPOLL_CTL_ADD(r6, 0x1, r8, &(0x7f0000001480)={0x40000000})
syz_io_uring_setup(0x6f1d, &(0x7f0000000600)={0x0, 0x805777, 0x81f, 0x2, 0xc3}, 0x0, 0x0)
epoll_ctl$EPOLL_CTL_ADD(r8, 0x1, r6, &(0x7f0000000000)={0x10})
ioctl$sock_SIOCGIFINDEX_80211(0xffffffffffffffff, 0x8933, &(0x7f00000000c0)={'wlan0\x00'})
accept$inet(0xffffffffffffffff, 0x0, 0x0)
sendmsg$NL80211_CMD_DISASSOCIATE(0xffffffffffffffff, &(0x7f00000006c0)={0x0, 0x0, &(0x7f0000000680)={&(0x7f0000000200)=ANY=[@ANYBLOB="2800009a4759990f0e813900", @ANYRES16=r5, @ANYBLOB="01002ebd7000fbdbdf252800000006003600010000000a00060059d3105536ad0000"], 0x28}, 0x1, 0x0, 0x0, 0x40420d5}, 0x24000080)

6.249922981s ago: executing program 6 (id=10546):
r0 = socket$nl_route(0x10, 0x3, 0x0)
socket$inet6_sctp(0xa, 0x5, 0x84)
r1 = socket$inet_sctp(0x2, 0x1, 0x84)
sendto$inet(r1, 0x0, 0x0, 0x0, 0x0, 0x0)
listen(r1, 0xda90)
accept4(r1, 0x0, 0x0, 0x0)
r2 = socket$inet6_sctp(0xa, 0x5, 0x84)
shutdown(r2, 0x0)
getsockopt$inet_sctp6_SCTP_SOCKOPT_CONNECTX3(r2, 0x84, 0x6f, &(0x7f0000000300)={<r3=>0x0, 0x10, &(0x7f00000001c0)=[@in={0x2, 0x4e23, @rand_addr=0x64010100}]}, &(0x7f0000000140)=0x10)
getsockopt$inet_sctp6_SCTP_PRIMARY_ADDR(r2, 0x84, 0x7a, &(0x7f0000000340)={r3, @in6={{0xa, 0x3, 0x4, @mcast1}}}, &(0x7f0000000040)=0x84)
r4 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000140), 0x80000, 0x0)
r5 = ioctl$KVM_CREATE_VM(r4, 0xae01, 0x1)
ioctl$KVM_SET_USER_MEMORY_REGION(r5, 0x4020ae46, 0x0)
r6 = ioctl$KVM_CREATE_VCPU(r5, 0xae41, 0x1)
sendmsg$nl_route(r0, &(0x7f0000000000)={0x0, 0x0, &(0x7f00000001c0)={&(0x7f0000000140)=ANY=[@ANYBLOB="440000001000ffff27bd7100fbdbdf2500000000", @ANYRES32=0x0, @ANYBLOB="37ec000000000000140012800b0001006970766c616e00000400028008000500", @ANYRES64=r6], 0x44}, 0x1, 0x0, 0x0, 0x1}, 0xc000802)
mprotect(&(0x7f0000000000/0x3000)=nil, 0x3000, 0x1)
r7 = socket$nl_route(0x10, 0x3, 0x0)
sendmsg$nl_route(r7, &(0x7f0000000000)={0x0, 0x0, 0x0, 0x1, 0xffff030000000000, 0x0, 0x24042841}, 0x20040040)

6.149679791s ago: executing program 0 (id=10547):
r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000180), 0x100, 0x0)
r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0)
r2 = dup(r1)
prctl$PR_MCE_KILL(0x4e, 0x1, 0x4000)
ioctl$KVM_SET_USER_MEMORY_REGION(r1, 0x4020ae46, &(0x7f0000000840)={0x1fe, 0x2, 0x2000, 0x1000, &(0x7f0000003000/0x1000)=nil})
r3 = ioctl$KVM_CREATE_VCPU(r2, 0xae41, 0x0)
syz_kvm_setup_cpu$x86(r2, r0, &(0x7f0000000000/0x18000)=nil, &(0x7f0000000000)=[@text32={0x20, 0x0}], 0x1, 0x3e, 0x0, 0x0)
write$FUSE_INIT(0xffffffffffffffff, &(0x7f0000000040)={0x50, 0xfffffffffffffff5, 0x0, {0x7, 0x1f, 0x2, 0xffffffffc8110f4f, 0xd, 0xffff, 0x1ff, 0xffeffffa, 0x0, 0x0, 0x10, 0xffff}}, 0x50)
syz_kvm_setup_cpu$x86(0xffffffffffffffff, r3, &(0x7f0000000000/0x18000)=nil, &(0x7f0000000040)=[@text64={0x40, 0x0}], 0x1, 0x11, 0x0, 0x0)
ioctl$KVM_RUN(r3, 0xae80, 0x0)
openat$kvm(0xffffffffffffff9c, &(0x7f0000000180), 0x100, 0x0) (async)
ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) (async)
dup(r1) (async)
prctl$PR_MCE_KILL(0x4e, 0x1, 0x4000) (async)
ioctl$KVM_SET_USER_MEMORY_REGION(r1, 0x4020ae46, &(0x7f0000000840)={0x1fe, 0x2, 0x2000, 0x1000, &(0x7f0000003000/0x1000)=nil}) (async)
ioctl$KVM_CREATE_VCPU(r2, 0xae41, 0x0) (async)
syz_kvm_setup_cpu$x86(r2, r0, &(0x7f0000000000/0x18000)=nil, &(0x7f0000000000)=[@text32={0x20, 0x0}], 0x1, 0x3e, 0x0, 0x0) (async)
write$FUSE_INIT(0xffffffffffffffff, &(0x7f0000000040)={0x50, 0xfffffffffffffff5, 0x0, {0x7, 0x1f, 0x2, 0xffffffffc8110f4f, 0xd, 0xffff, 0x1ff, 0xffeffffa, 0x0, 0x0, 0x10, 0xffff}}, 0x50) (async)
syz_kvm_setup_cpu$x86(0xffffffffffffffff, r3, &(0x7f0000000000/0x18000)=nil, &(0x7f0000000040)=[@text64={0x40, 0x0}], 0x1, 0x11, 0x0, 0x0) (async)
ioctl$KVM_RUN(r3, 0xae80, 0x0) (async)

5.990861123s ago: executing program 5 (id=10548):
pipe(&(0x7f0000000080)={<r0=>0xffffffffffffffff, <r1=>0xffffffffffffffff})
sendmsg$nl_route_sched(0xffffffffffffffff, &(0x7f0000000240)={0x0, 0x0, &(0x7f00000002c0)={&(0x7f0000000280)=@newqdisc={0x40, 0x24, 0x10, 0x70bd2d, 0x25dffbfe, {0x0, 0x0, 0x0, 0x0, {0xb, 0x5}, {0xa, 0xffff}, {0xd, 0xfff1}}, [@qdisc_kind_options=@q_htb={{0x8}, {0x14, 0x2, [@TCA_HTB_DIRECT_QLEN={0x8, 0x5, 0x80}, @TCA_HTB_DIRECT_QLEN={0x8, 0x5, 0x2}]}}]}, 0x40}, 0x1, 0x0, 0x0, 0x4044040}, 0x4048084)
sendmsg$nl_route(0xffffffffffffffff, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000200)={&(0x7f0000000000)=ANY=[@ANYBLOB="4800000010001fff752b056800080000faff8141", @ANYRES32=0x0, @ANYBLOB="67a9fde500000000280012800a00010076786c616e"], 0x3}}, 0x0)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
r2 = syz_open_dev$sndmidi(&(0x7f0000000040), 0x2, 0x141101)
r3 = dup(r2)
write$6lowpan_enable(r3, &(0x7f0000000000)='0', 0xfffffd2c)
r4 = syz_io_uring_setup(0x239, &(0x7f0000000740)={0x0, 0x1c2a, 0x10100, 0xfffffffc}, &(0x7f0000000200)=<r5=>0x0, &(0x7f00000001c0)=<r6=>0x0)
syz_io_uring_submit(r5, r6, &(0x7f0000000040)=@IORING_OP_POLL_ADD={0x6, 0x2, 0x0, @fd=r2, 0x0, 0x0, 0x0, {}, 0x1})
io_uring_enter(r4, 0x2ded, 0xef92, 0x0, 0x0, 0x0)
r7 = msgget$private(0x0, 0x6c2)
msgsnd(r7, &(0x7f0000000140)=ANY=[@ANYBLOB="80be20246eaf89b78569753203000000cb000000"], 0x2000, 0x0)
sendmsg$nl_generic(0xffffffffffffffff, 0x0, 0x4008094)
syz_genetlink_get_family_id$nl80211(0x0, 0xffffffffffffffff)
syz_usb_connect(0x5, 0x5e, &(0x7f0000000080)=ANY=[@ANYBLOB="12010000c291492099042a102d85010203010902"], 0x0)
sendmsg$nl_route(0xffffffffffffffff, 0x0, 0x0)
ioctl$BTRFS_IOC_SNAP_CREATE_V2(0xffffffffffffffff, 0x50009417, 0x0)
ioctl$sock_SIOCGIFINDEX_80211(0xffffffffffffffff, 0x8933, &(0x7f0000000040)={'wlan1\x00'})
ioctl$SNDRV_TIMER_IOCTL_PARAMS(0xffffffffffffffff, 0x40505412, &(0x7f0000000300)={0x0, 0x7, 0xfffffffc, 0x0, 0xf})
r8 = socket$nl_route(0x10, 0x3, 0x0)
write$binfmt_misc(r1, &(0x7f0000000000), 0xfffffecc)
splice(r0, 0x0, r8, 0x0, 0x4ffe6, 0x0)
openat$adsp1(0xffffffffffffff9c, &(0x7f0000000300), 0x0, 0x0)
r9 = syz_open_dev$dri(&(0x7f0000000180), 0x1, 0x0)
r10 = syz_open_dev$dri(&(0x7f0000000180), 0x1, 0x0)
ioctl$DRM_IOCTL_MODE_CREATE_DUMB(r10, 0xc02064b2, &(0x7f0000000100)={0x6, 0x1f, 0x6})
ioctl$DRM_IOCTL_MODE_CREATE_DUMB(0xffffffffffffffff, 0xc02064b2, &(0x7f00000003c0)={0xdb, 0x1fd, 0x7})
ioctl$DRM_IOCTL_MODE_CREATE_DUMB(r10, 0xc02064b2, &(0x7f0000000000)={0x7fff, 0x8, 0x100})
ioctl$DRM_IOCTL_MODE_CREATE_DUMB(r9, 0xc02064b2, &(0x7f0000000240)={0x2, 0x5, 0x40003})
syz_open_dev$dri(&(0x7f0000000180), 0x1, 0x0)

5.785875504s ago: executing program 3 (id=10549):
socketpair$unix(0x1, 0x3, 0x0, &(0x7f0000000080)={<r0=>0xffffffffffffffff, <r1=>0xffffffffffffffff})
connect$unix(r0, &(0x7f000057eff8)=@abs, 0x6e)
getsockopt$inet6_IPV6_XFRM_POLICY(r1, 0x29, 0x23, &(0x7f00000004c0)={{{@in=@broadcast, @in=@dev}}, {{@in6=@mcast2}, 0x0, @in6=@dev}}, &(0x7f0000000200)=0xe4)
r2 = socket$inet6_tcp(0xa, 0x1, 0x0)
getsockopt$IP_VS_SO_GET_SERVICES(r2, 0x0, 0x482, &(0x7f0000001640)=""/139, &(0x7f0000000100)=0x8)
sendmmsg$unix(r1, 0x0, 0x0, 0x0)
recvmmsg(r0, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
sched_setattr(0x0, &(0x7f0000000280)={0x38, 0x5, 0x8, 0x8001, 0x0, 0x9, 0x0, 0xfffffe0000000001, 0xfa11, 0xffffffff}, 0x0)
madvise(&(0x7f0000ff7000/0x7000)=nil, 0x7000, 0x14)
r3 = socket(0x200000100000011, 0x3, 0x0)
openat$dsp(0xffffffffffffff9c, 0x0, 0x2002, 0x0)
socket$inet6_sctp(0xa, 0x1, 0x84)
ptrace$ARCH_MAP_VDSO_64(0x1e, 0x0, 0x3, 0x2003)
io_submit(0x0, 0x0, 0x0)
r4 = socket$alg(0x26, 0x5, 0x0)
bind$alg(r4, &(0x7f0000000340)={0x26, 'skcipher\x00', 0x0, 0x0, 'ecb-cast6-avx\x00'}, 0x58)
r5 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0)
r6 = ioctl$KVM_CREATE_VM(r5, 0xae01, 0x0)
ioctl$KVM_CREATE_IRQCHIP(r6, 0xae60)
ioctl$KVM_CREATE_VCPU(r6, 0xae41, 0x2)
r7 = accept4(r4, 0x0, 0x0, 0x0)
sendmsg$nl_route_sched_retired(r7, &(0x7f00000002c0)={0x0, 0x0, &(0x7f0000000280)={&(0x7f0000003100)=@newchain={0x24, 0x64, 0x100, 0x70bd29, 0x25dfdbff, {0x0, 0x0, 0x0, 0x0, {0x7}, {0xfff1}, {0xc, 0xe}}}, 0x24}, 0x1, 0x0, 0x0, 0x1}, 0x40881)
bind$packet(r3, 0x0, 0x0)
socket$kcm(0x10, 0x2, 0x4)
fsopen(&(0x7f0000000100)='zonefs\x00', 0x1)
fcntl$getownex(0xffffffffffffffff, 0x10, 0x0)

5.519013822s ago: executing program 0 (id=10550):
r0 = syz_open_dev$sg(0x0, 0x0, 0x5)
writev(r0, &(0x7f0000000400)=[{&(0x7f0000000080)="aefdda9d240300005a90f57f07703aeff0f64ebbee07962c22772e11b44e65d76641cb010052f436dd2a", 0x2a}], 0x1)
r1 = syz_open_dev$video4linux(&(0x7f0000000140), 0x6, 0x40440)
ioctl$VIDIOC_S_EDID(r1, 0xc0285629, &(0x7f0000000800)={0x0, 0x6, 0x9, '\x00', &(0x7f00000007c0)=0x26})
socketpair$unix(0x1, 0x3, 0x0, &(0x7f0000000080)={<r2=>0xffffffffffffffff, <r3=>0xffffffffffffffff})
connect$unix(r2, &(0x7f000057eff8)=@abs, 0x6e)
sendmmsg$unix(r3, &(0x7f00000bd000), 0x318, 0x0)
recvmmsg(r2, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
socketpair(0x1e, 0x1, 0x0, &(0x7f0000000100)={<r4=>0xffffffffffffffff})
sendmsg$ETHTOOL_MSG_FEATURES_SET(0xffffffffffffffff, &(0x7f0000001440)={&(0x7f0000001200), 0xc, &(0x7f0000001400)={0x0, 0x124}}, 0x0)
sendmmsg$alg(r4, &(0x7f0000001340)=[{0x0, 0x0, 0x0}], 0x7, 0x0)
sched_setattr(0x0, &(0x7f0000000280)={0x38, 0x5, 0x8, 0x8001, 0x0, 0x9, 0x0, 0xfffffe0000000001, 0xfa11, 0xffffffff}, 0x0)
mkdirat(0xffffffffffffff9c, &(0x7f0000000440)='./file0\x00', 0x0)
mount$fuse(0x0, &(0x7f00000020c0)='./file0\x00', &(0x7f0000000080), 0x800, &(0x7f00000003c0)=ANY=[@ANYBLOB='fd=', @ANYRESHEX, @ANYBLOB=',rootmode=00000000000000000040000,user_id=', @ANYRESDEC=0x0, @ANYRESDEC=0x0])
r5 = syz_open_procfs(0xffffffffffffffff, &(0x7f0000000040)='mountinfo\x00')
read$FUSE(r5, &(0x7f0000004100)={0x2020, 0x0, 0x0, 0x0, <r6=>0x0}, 0x2020)
r7 = socket$nl_route(0x10, 0x3, 0x0)
r8 = socket$nl_route(0x10, 0x3, 0x0)
sendmsg$nl_route(r8, &(0x7f0000000280)={0x0, 0x0, &(0x7f0000000140)={&(0x7f0000000180)=ANY=[@ANYRESHEX=r8, @ANYRES64=r6, @ANYBLOB="a7ffa888000000002000128009002b0069706970000000fa0f000280040013000500090000000008f33a5798cb485f3a9776f093ab3e544599d87862ad961fa67f7215b55c42d37b9a100eb2ec063287898534c013c8f11d376156badd398f094e0e3b0cae09b813a27158392211de2312f2526854a5a004cb08dad59319ee0f21d26b"], 0x40}}, 0x800)
r9 = socket$inet_udp(0x2, 0x2, 0x0)
ioctl$sock_SIOCGIFINDEX(r9, 0x8933, &(0x7f0000000680)={'bridge0\x00', <r10=>0x0})
socket(0x400000000010, 0x3, 0x0)
unshare(0x28000600)
unshare(0x26020400)
readlinkat(0xffffffffffffff9c, &(0x7f0000000300)='./cgroup\x00', 0xfffffffffffffffe, 0xfe9c)
syz_open_procfs(0x0, &(0x7f0000000000)='smaps\x00')
read$FUSE(r5, &(0x7f0000002640)={0x2020}, 0x2020)
sendmsg$nl_route(r7, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000240)={&(0x7f00000002c0)=ANY=[@ANYBLOB="4800000010000104000000000007004000000000", @ANYRES32=r10, @ANYBLOB="3f00000006020400280012800b0001006272696467650000180002800c002e0003000000030000000500070008"], 0x48}, 0x1, 0x0, 0x0, 0x4044081}, 0x0)

4.97836958s ago: executing program 6 (id=10551):
r0 = syz_open_dev$loop(&(0x7f0000000240), 0xffffffff7ffffffd, 0x160862)
r1 = openat$sysfs(0xffffffffffffff9c, &(0x7f0000000000)='/sys/power/pm_freeze_timeout', 0x82802, 0xf)
ioctl$LOOP_CONFIGURE(r0, 0x4c0a, &(0x7f0000000080)={r1, 0x0, {0x22000000, 0x0, 0x0, 0x4, 0x4000000000000ffd, 0x0, 0x0, 0x1e, 0xc, "faf98317e5a1149989fc8dbe43ea6acc96e3a2503dc3bd3fe37d58128bbad0099cebdc25f5ab60c9e6d680f985881a7beda9d69098c8b534464c516bdd8a0f35", "32d8cc26f7061a74df2cfc06c89f3d9e234b30c50997d3bef409ff2176ff7bfe55cd4a5d83cd4a524bd3ffe70c7f3f800b2f7b6aa54cc50a1fcaed1e831fa79a", "715237601a8ca5b07dcc141802c4dacf162e43ac61f7ad330000000000a04100", [0xfffffffffffffce8, 0xa]}})
r2 = landlock_create_ruleset(&(0x7f00000002c0)={0x7f6e}, 0x18, 0x0)
landlock_restrict_self(0xffffffffffffffff, 0x4)
landlock_restrict_self(r2, 0xe)

4.738314013s ago: executing program 3 (id=10552):
getsockopt$inet_mreqn(0xffffffffffffffff, 0x6a, 0x4, 0x0, 0x0) (async)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0) (async, rerun: 32)
socketpair$unix(0x1, 0x3, 0x0, &(0x7f0000000080)={<r0=>0xffffffffffffffff, <r1=>0xffffffffffffffff}) (rerun: 32)
connect$unix(r0, &(0x7f000057eff8)=@file={0x0, './file0\x00'}, 0x6e) (async)
sendmmsg$unix(r1, &(0x7f0000000000), 0x4f, 0x94)
recvmmsg(r0, &(0x7f00000000c0), 0x10106, 0x2, 0x0) (async)
r2 = socket$nl_netfilter(0x10, 0x3, 0xc)
sendmsg$NFT_BATCH(r2, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000100)={{0x14}, [@NFT_MSG_NEWTABLE={0x20, 0x0, 0xa, 0x401, 0x0, 0x0, {0x1, 0x0, 0x3}, [@NFTA_TABLE_NAME={0x9, 0x1, 'syz0\x00'}]}, @NFT_MSG_NEWCHAIN={0x20, 0x3, 0xa, 0x101, 0x0, 0x0, {0x1}, [@NFTA_CHAIN_TABLE={0x9, 0x1, 'syz0\x00'}]}, @NFT_MSG_NEWRULE={0x94, 0x6, 0xa, 0x401, 0x0, 0x0, {0x1, 0x0, 0x8}, [@NFTA_RULE_CHAIN_ID={0x8}, @NFTA_RULE_EXPRESSIONS={0x6c, 0x4, 0x0, 0x1, [{0x34, 0x1, 0x0, 0x1, @exthdr={{0xb}, @val={0x24, 0x2, 0x0, 0x1, [@NFTA_EXTHDR_DREG={0x8, 0x1, 0x1, 0x0, 0xc}, @NFTA_EXTHDR_OFFSET={0x8, 0x3, 0x1, 0x0, 0x2}, @NFTA_EXTHDR_LEN={0x8, 0x4, 0x1, 0x0, 0x22}, @NFTA_EXTHDR_TYPE={0x5, 0x2, 0x7}]}}}, {0x34, 0x1, 0x0, 0x1, @bitwise={{0xc}, @val={0x24, 0x2, 0x0, 0x1, [@NFTA_BITWISE_LEN={0x8, 0x3, 0x1, 0x0, 0x2}, @NFTA_BITWISE_SREG={0x8, 0x1, 0x1, 0x0, 0x14}, @NFTA_BITWISE_DREG={0x8, 0x2, 0x1, 0x0, 0x12}, @NFTA_BITWISE_OP={0x8, 0x6, 0x1, 0x0, 0x2}]}}}]}, @NFTA_RULE_TABLE={0x9, 0x1, 'syz0\x00'}]}], {0x14, 0x11, 0x1, 0x0, 0x0, {0x7}}}, 0xfc}}, 0x0)
ioctl$TUNSETIFF(0xffffffffffffffff, 0x400454ca, 0x0) (async)
set_mempolicy(0x8006, &(0x7f0000000040)=0xfff, 0x5)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb, 0x4008032, 0xffffffffffffffff, 0xf8e77000) (async)
r3 = socket$packet(0x11, 0x3, 0x300)
ioctl$ifreq_SIOCGIFINDEX_batadv_mesh(r3, 0x8933, &(0x7f0000000080)={'batadv0\x00', <r4=>0x0})
sendto$packet(r3, &(0x7f0000000340)="f257a8ea7bc273dfc9ab968586dd42b838b0c3754d062c1473783db0be88b371b76e6c0f1eb703c3f099c5e23f859e0ddc1a9aa7b890", 0x36, 0x240000c1, &(0x7f0000000200)={0x11, 0xf8, r4, 0x1, 0x0, 0x6, @broadcast}, 0x14) (async, rerun: 64)
r5 = socket$nl_netfilter(0x10, 0x3, 0xc) (rerun: 64)
sendmsg$NFT_BATCH(r5, &(0x7f000000c2c0)={0x0, 0x0, &(0x7f0000000200)={&(0x7f0000000440)=ANY=[@ANYBLOB="140000001000010000000000000000000000000a28000000000a0101000000005e1affd5020000000900010073797a300000000008000240000000032c000000030a01030000e6ff00000000020000000900010073797a30000000000900030073797a320000000014000000110001"], 0x7c}}, 0x0)
sendmsg$NFT_BATCH(r5, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000b00)={&(0x7f0000000740)={{0x14}, [@NFT_MSG_NEWRULE={0x5c, 0x6, 0xa, 0x401, 0x0, 0x0, {0x2}, [@NFTA_RULE_EXPRESSIONS={0x30, 0x4, 0x0, 0x1, [{0x2c, 0x1, 0x0, 0x1, @payload={{0xc}, @val={0x1c, 0x2, 0x0, 0x1, [@NFTA_PAYLOAD_LEN={0x8}, @NFTA_PAYLOAD_OFFSET={0x8}, @NFTA_PAYLOAD_BASE={0x8, 0x2, 0x1, 0x0, 0x4}]}}}]}, @NFTA_RULE_TABLE={0x9, 0x1, 'syz0\x00'}, @NFTA_RULE_CHAIN={0x9, 0x2, 'syz2\x00'}]}], {0x14}}, 0x84}}, 0x0) (async)
madvise(&(0x7f0000000000/0x800000)=nil, 0x800000, 0x15) (async)
prlimit64(0x0, 0xe, 0x0, 0x0) (async)
r6 = getpid()
sched_setscheduler(r6, 0x1, 0x0) (async)
socketpair$unix(0x1, 0x2, 0x0, 0x0) (async)
connect$unix(0xffffffffffffffff, 0x0, 0x0) (async)
recvmmsg(0xffffffffffffffff, 0x0, 0x0, 0x2, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000000)=0x6) (async, rerun: 32)
r7 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000000), 0x200, 0x0) (rerun: 32)
r8 = ioctl$KVM_CREATE_VM(r7, 0xae01, 0x0) (async)
r9 = eventfd(0x8c66)
ioctl$KVM_IOEVENTFD(r8, 0x4040ae79, &(0x7f0000000100)={0x277fffffffc, 0x4000, 0x0, r9, 0x9})
syz_open_procfs(0x0, &(0x7f0000000040)='smaps_rollup\x00')

4.187758718s ago: executing program 1 (id=10553):
r0 = openat$tun(0xffffffffffffff9c, &(0x7f0000000000), 0x40241, 0x0)
ioctl$TUNSETIFF(r0, 0x400454ca, &(0x7f0000000200)={'syzkaller1\x00', 0xc201})
r1 = socket$inet_udp(0x2, 0x2, 0x0)
r2 = socket$nl_route(0x10, 0x3, 0x0)
sendmsg$nl_route(r2, &(0x7f0000000040)={0x0, 0x0, &(0x7f00000000c0)={&(0x7f0000000240)=ANY=[@ANYBLOB="7800000010000304000000000000000000007400", @ANYRES32=0x0, @ANYBLOB="00000000600000005800128008000100677470004c00028008000100", @ANYRES32=r1], 0x78}}, 0x0)
bind$inet(r1, &(0x7f0000000040)={0x2, 0x4e20, @empty}, 0x10)
socket$kcm(0x2, 0x2, 0x2)
r3 = openat$adsp1(0xffffffffffffff9c, &(0x7f0000000100), 0x200, 0x0)
r4 = socket$nl_route(0x10, 0x3, 0x0)
sendmsg$nl_route(r4, 0x0, 0x20000804)
ppoll(0x0, 0x0, 0x0, 0x0, 0x0)
r5 = landlock_create_ruleset(&(0x7f00000002c0)={0xa201, 0x1}, 0x18, 0x0)
landlock_restrict_self(r5, 0x0)
r6 = socket$unix(0x1, 0x1, 0x0)
r7 = socket$unix(0x1, 0x1, 0x0)
r8 = landlock_create_ruleset(&(0x7f0000000000)={0x19a1, 0x2, 0x1}, 0x21, 0x0)
landlock_restrict_self(r8, 0x5)
bind$unix(r7, &(0x7f0000003000)=@file={0x1}, 0x6e)
listen(r7, 0x0)
connect$unix(r6, &(0x7f0000000640)=@file={0x1}, 0x6e)
ioctl$SNDCTL_DSP_SETFRAGMENT(r3, 0xc004500a, &(0x7f0000000140)=0x18)
syz_open_dev$evdev(&(0x7f0000000080), 0x0, 0x882)
r9 = syz_open_dev$video(&(0x7f0000000040), 0xa7, 0x0)
ioctl$VIDIOC_ENUM_FRAMESIZES(r9, 0xc02c564a, &(0x7f0000000640)={0x800, 0x31364d4e, 0x2, @discrete={0x5, 0x200}})
socket(0x10, 0x3, 0x0)
r10 = openat$cgroup_ro(0xffffffffffffffff, &(0x7f0000000040)='cpuacct.usage_sys\x00', 0x275a, 0x0)
mmap(&(0x7f0000000000/0x400000)=nil, 0x400000, 0x7, 0x10012, r10, 0x0)
sigaltstack(&(0x7f0000000000)={0xffffffffffffffff, 0x0, 0xfffffffffffffefa}, &(0x7f0000000080)={&(0x7f0000000040)})
sigaltstack(0x0, &(0x7f00000002c0)={0x0})
ioctl$RTC_VL_READ(r10, 0x80047013, &(0x7f0000000180))

3.954334494s ago: executing program 5 (id=10554):
r0 = socket$nl_xfrm(0x10, 0x3, 0x6)
r1 = socket$nl_xfrm(0x10, 0x3, 0x6)
sendmsg$nl_xfrm(r1, &(0x7f00000035c0)={0x0, 0x0, &(0x7f0000000440)={&(0x7f0000000000)=@newsa={0xf0, 0x1e, 0x1, 0x0, 0x0, {{@in6=@private0={0xfc, 0x0, '\x00', 0x1}, @in6=@remote, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xffffffffffffffff}, {@in6=@private0, 0x0, 0x6c}, @in6=@remote, {}, {}, {}, 0x0, 0x0, 0xa, 0x0, 0x0, 0x40}}, 0xf0}}, 0x0)
sendmsg$nl_xfrm(r0, &(0x7f0000000480)={0x0, 0x0, &(0x7f0000001f40)={&(0x7f00000004c0)=ANY=[@ANYRESOCT=r0, @ANYRES32=r1, @ANYRES32, @ANYBLOB="00000000000000000c00000000000000000000000000000000000000000000000000000000000000ffffffffffffffff000000000020000000000000000000008000000000000000000a000000000000feffffffff7f400002000000000000080000000000000000010000000000000044000500ac1414aa000000000000000000000000000000003c00000002000000ffffffff0000000000000000000000000600000004"], 0xfc}, 0x1, 0x0, 0x0, 0x800}, 0x0)
r2 = socket$nl_xfrm(0x10, 0x3, 0x6)
setsockopt$netlink_NETLINK_ADD_MEMBERSHIP(r2, 0x10e, 0x1, &(0x7f0000000400)=0x1, 0x2c)
r3 = socket$inet6(0xa, 0x2, 0x0)
sendto$inet6(r3, 0x0, 0x0, 0x0, &(0x7f0000000200)={0xa, 0x4e20, 0x0, @mcast1}, 0x1c)
sendmsg$NFT_BATCH(0xffffffffffffffff, 0x0, 0x0)
r4 = socket$nl_generic(0x10, 0x3, 0x10)
sendmsg$nl_generic(r4, &(0x7f00000034c0)={0x0, 0x0, &(0x7f0000003480)={&(0x7f0000003100)=ANY=[@ANYBLOB="fcdbdf250b00"/20], 0x14}, 0x1, 0x0, 0x0, 0x20010080}, 0x20009800)
syz_genetlink_get_family_id$nl80211(&(0x7f0000000000), r4)

3.84677146s ago: executing program 3 (id=10555):
madvise(&(0x7f0000000000/0x800000)=nil, 0x800000, 0xe)
syz_clone3(&(0x7f0000000100)={0x0, 0x0, 0x0, 0x0, {0x20}, 0x0, 0x0, 0x0, 0x0}, 0x58)
mprotect(&(0x7f0000000000/0x800000)=nil, 0x800000, 0x6)
r0 = socket$nl_route(0x10, 0x3, 0x0)
ioctl$sock_SIOCGIFINDEX(r0, 0x8933, &(0x7f0000000040)={'bridge_slave_0\x00'})
openat$tun(0xffffffffffffff9c, &(0x7f0000001800), 0xc0241, 0x0)
r1 = socket$inet(0x10, 0x3, 0x0)
socketpair$unix(0x1, 0x3, 0x0, &(0x7f0000000100)={<r2=>0xffffffffffffffff, <r3=>0xffffffffffffffff})
connect$unix(r2, &(0x7f000057eff8)=@file={0x0, './file1\x00'}, 0x6e)
sendmmsg$unix(r3, &(0x7f00000bd000), 0x318, 0x0)
recvmmsg(r2, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
write$RDMA_USER_CM_CMD_CREATE_ID(r3, 0x0, 0x0)
getsockopt$inet_sctp_SCTP_MAX_BURST(r1, 0x84, 0x14, 0x0, 0x0)
sched_setattr(0x0, 0x0, 0x0)
r4 = socket$nl_route(0x10, 0x3, 0x0)
sendmsg$nl_route(r4, &(0x7f0000000140)={0x0, 0x0, &(0x7f0000000080)={&(0x7f00000000c0)=ANY=[@ANYBLOB="3c0000001000010800"/20, @ANYRES32=0x0, @ANYBLOB="312000000000000014002b800800030004000000b6ffffff0200000008001b0000000000"], 0x3c}, 0x1, 0x0, 0x0, 0x20048054}, 0x20000050)
r5 = socket$inet(0x2, 0x4000000000000001, 0x0)
madvise(&(0x7f0000000000/0xc00000)=nil, 0xc00000, 0xe)
syz_open_dev$sndctrl(&(0x7f0000000440), 0x0, 0x0)
ioctl$DRM_IOCTL_LOCK(0xffffffffffffffff, 0x4008642a, &(0x7f0000000180)={0x0, 0x1})
openat$audio(0xffffffffffffff9c, 0x0, 0x40000000040201, 0x0)
r6 = syz_open_dev$sndpcmp(&(0x7f0000000200), 0x0, 0xa2825)
ioctl$SNDRV_PCM_IOCTL_SYNC_PTR(r6, 0xc0884123, &(0x7f0000000300)={0x5, "244689261a3365eb47c14247a532ccbd3bf3b29282987c7cc12acb8ae6d2fbd3428a0df873e1d58af8bf70c05fc6c43edcdaa8e7db0700", {0x2, 0x2}})
r7 = io_uring_setup(0x168f, &(0x7f0000000400)={0x0, 0x631d, 0x2, 0x2, 0x2d8})
socket$l2tp(0x2, 0x2, 0x73)
io_uring_register$IORING_REGISTER_BUFFERS2(r7, 0xf, &(0x7f0000002700)={0x119f, 0x0, 0x0, &(0x7f0000000200)=[{&(0x7f0000000480)=""/264, 0xf9}, {&(0x7f00000015c0)=""/4096, 0x400400}, {&(0x7f0000002a00)=""/88, 0x8}], 0x0}, 0x20)
socket$inet_icmp_raw(0x2, 0x3, 0x1)
setsockopt$inet_tcp_int(r5, 0x6, 0x80000000000002, &(0x7f00000004c0)=0x79, 0x4)
bind$inet(r5, &(0x7f0000000080)={0x2, 0x4e23, @local}, 0x10)

3.792816271s ago: executing program 0 (id=10556):
socketpair$unix(0x1, 0x3, 0x0, &(0x7f0000000080)={<r0=>0xffffffffffffffff, <r1=>0xffffffffffffffff})
connect$unix(r0, &(0x7f000057eff8)=@file={0x0, './file0\x00'}, 0x6e) (async)
sendmmsg$unix(r1, &(0x7f00000bd000), 0x318, 0x0) (async)
unshare(0x66020000) (async)
recvmmsg(r0, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
r2 = socket$nl_xfrm(0x10, 0x3, 0x6)
bind$netlink(r2, &(0x7f0000000080)={0x10, 0x0, 0x0, 0x1}, 0xc) (async)
r3 = socket$inet6(0xa, 0x3, 0x7)
connect$inet6(r3, &(0x7f00000000c0)={0xa, 0x0, 0x0, @loopback}, 0x1c) (async)
setsockopt$inet6_IPV6_XFRM_POLICY(r3, 0x29, 0x23, &(0x7f0000000340)={{{@in6=@dev={0xfe, 0x80, '\x00', 0x1e}, @in6=@loopback, 0x0, 0x0, 0x0, 0x0, 0xa, 0x0, 0x20}, {0x0, 0x0, 0xfffffffffffffffe, 0x0, 0x0, 0x0, 0x4, 0x2}, {0x0, 0x0, 0xfffffffffffffff7, 0x4}, 0x0, 0x6e6bb9, 0x1}, {{@in=@broadcast, 0xfffffffc, 0x6c}, 0x0, @in=@empty, 0x0, 0x0, 0x2, 0x7, 0x200}}, 0xe8) (async)
sendmmsg(r3, &(0x7f0000000480), 0x2e9, 0x0) (async)
sendmsg$nl_xfrm(r2, &(0x7f0000000180)={0x0, 0x0, &(0x7f0000000340)={&(0x7f0000000600)=ANY=[@ANYBLOB="fc000000160033060000000000000080ff0100000000000000000000000000017f00000100000000000000000000000000000000000000000a00000000000000", @ANYRES32=0x0, @ANYRES32=0x0, @ANYBLOB="ffffffff000000000000000000000000000004d2320000000000007a00000000000000000000000100000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000500000000000000ffffffffffffffff0000000000000000050000000000000004000000020000000000000006007100020000000a00041819000000000000000c0015005c0735000100"/180], 0xfc}}, 0x0) (async)
sendmsg$NFT_BATCH(0xffffffffffffffff, 0x0, 0x24004045) (async)
r4 = io_uring_setup(0x899, &(0x7f0000000040)={0x0, 0x3cb1, 0x1c080, 0xa, 0x20002f7}) (async)
r5 = syz_open_dev$vim2m(&(0x7f00000001c0), 0x6, 0x2)
ioctl$vim2m_VIDIOC_REQBUFS(r5, 0xc0145608, &(0x7f00000000c0)={0xb, 0x1, 0x4, 0x0, 0x7}) (async)
ioctl$vim2m_VIDIOC_STREAMOFF(r5, 0x40045612, &(0x7f00000002c0)=0x3) (async)
ioctl$sock_SIOCETHTOOL(0xffffffffffffffff, 0x8946, &(0x7f0000000180)={'dvmrp1\x00', &(0x7f0000000100)=@ethtool_test={0x1a, 0x8001, 0x5, 0x1, [0xfffffffffffffff8]}})
r6 = openat$cgroup(0xffffffffffffffff, &(0x7f0000000140)='syz1\x00', 0x200002, 0x0)
openat$cgroup_ro(r6, &(0x7f0000000240)='rdma.current\x00', 0x0, 0x0) (async)
bpf$TOKEN_CREATE(0x24, &(0x7f00000002c0)={0x0, r3}, 0x8)
bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000440)={0x1c, 0x3, &(0x7f00000001c0)=ANY=[@ANYBLOB="dbaa00fea0000000003da33842ea13e476f3147c69fc426146a86c9ed36db5ee3137127e10c3055233af790011cfc03f34e076eb8b4c841bbb5546c59f090439f3d03f3f5678759afaa21d55f9a39897a5a5dddbef18e8b8774975fdcb1d6b433954428700"/110], 0x0, 0x605, 0x0, 0x0, 0x0, 0x79, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x6}, 0x94) (async)
io_uring_enter(r4, 0x2219, 0x7721, 0x16, 0x0, 0x0) (async)
r7 = socket(0x2000000000000021, 0x2, 0x10000000000002)
ioctl$KVM_SET_REGS(0xffffffffffffffff, 0x4090ae82, 0x0) (async)
sendmmsg(r7, &(0x7f0000000000)=[{{0x0, 0x0, 0x0, 0x0, &(0x7f00000000c0)=ANY=[@ANYBLOB="18000000000000001001000001"], 0x18, 0xe000}, 0x5}], 0x1, 0x0)
ioctl$F2FS_IOC_GET_PIN_FILE(r1, 0x8004f50e, &(0x7f0000000280)) (async)
sendmsg$key(0xffffffffffffffff, &(0x7f0000000040)={0x3, 0x0, &(0x7f0000000340)={0x0, 0x1100}, 0x1, 0x7}, 0x40000)

3.674332018s ago: executing program 6 (id=10557):
write$FUSE_INIT(0xffffffffffffffff, 0x0, 0x0)
r0 = syz_io_uring_setup(0x10d, &(0x7f0000000380)={0x0, 0x0, 0x100, 0x0, 0x3ab}, &(0x7f0000000340)=<r1=>0x0, &(0x7f0000000200)=<r2=>0x0)
syz_memcpy_off$IO_URING_METADATA_GENERIC(r1, 0x4, &(0x7f0000000440)=0xfffffffc, 0x0, 0x4)
socket$pppl2tp(0x18, 0x1, 0x1)
r3 = socket$alg(0x26, 0x5, 0x0)
bind$alg(r3, &(0x7f0000000140)={0x26, 'hash\x00', 0x0, 0x0, 'rmd160-generic\x00'}, 0x58)
r4 = accept4(r3, 0x0, 0x0, 0x0)
mprotect(&(0x7f0000000000/0x4000)=nil, 0x4000, 0x1)
r5 = socket$inet6_udplite(0xa, 0x2, 0x88)
setsockopt$inet6_opts(r5, 0x29, 0x37, &(0x7f0000000100)=@fragment={0xdb, 0x0, 0xfa, 0x0, 0x0, 0x3, 0x67}, 0x8)
getsockopt$inet6_opts(r5, 0x29, 0x37, 0x0, &(0x7f00000002c0)=0xa4)
sendmsg$xdp(r4, &(0x7f00000003c0)={0x0, 0x0, &(0x7f0000000340)=[{&(0x7f0000000140)="18b76fc78cae1eb35f95bf25979bbe6e4ecd3cab2c89b340f2505f711b736b86a4d73714290dd8b594168163701e815dc54432c148279b824aed7444371c03256319aa83a5a6c59488777f801024ae6a478032dbe19d4067dad280c969368eb54971236175844feb8e060e3b49222665278f9a8655250dbaf2490800d5ebb95c9ce0b67733bd868fe2c5cc4ec88f807865808538a392737030257ad1a004dde969", 0xa1}, {&(0x7f0000000240)="3472c207ee8aba89d36ff3ad006ec24bbe9bf712c6729fafdedd456c43034d5aa96bcb96c443df5294f3cd7a0842707f6547a068a974a372a5aff222e610760af9e85c58cf3c688fbc1a94a7b8913b31612de92ec5f649bbd829ea04ea7bd7596e233ac023b3529e7e75e16fdb52c8dd266e2152f0ec6e0674778bac2d294e0b5b376dc2b975ee4fdab34de663fdba290990f8498a7773885cb630b25488f838e5773be20d5c", 0xa6}, {&(0x7f0000000300)="bff791e5881be1beca6d74b1826f789e1e79fcb8a85c1ad9f3e73119791900b58c6760f54b8c6b126c0bf918770f90cb6f", 0x31}], 0x3, 0x0, 0x0, 0x4}, 0x4000080)
syz_io_uring_submit(r1, r2, &(0x7f00000002c0)=@IORING_OP_SHUTDOWN={0x22, 0x9})
r6 = socket$inet6_udp(0xa, 0x2, 0x0)
setsockopt$inet6_udp_encap(r6, 0x11, 0x64, &(0x7f00000000c0)=0x2, 0x4)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
r7 = openat$audio(0xffffffffffffff9c, &(0x7f00000005c0), 0x40000000088d82, 0x0)
r8 = syz_io_uring_setup(0xbdb, &(0x7f0000000040)={0x0, 0x5cd0, 0x100, 0x2, 0x1bc}, &(0x7f0000002180)=<r9=>0x0, &(0x7f00000001c0)=<r10=>0x0)
syz_memcpy_off$IO_URING_METADATA_GENERIC(r9, 0x4, &(0x7f0000000180)=0xfffffffc, 0x0, 0x4)
syz_io_uring_submit(r9, r10, &(0x7f0000000200)=@IORING_OP_READV=@pass_iovec={0x1, 0x0, 0x0, @fd=r7, 0x1, &(0x7f0000000140)=[{&(0x7f0000001800)=""/216, 0xd8}], 0x1})
r11 = socket$packet(0x11, 0x3, 0x300)
ioctl$sock_SIOCETHTOOL(r11, 0x8946, &(0x7f0000000100)={'bridge0\x00', &(0x7f0000002fc0)=@ethtool_link_settings={0x14, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4, [0x0, 0x10, 0x0, 0x0, 0x400000]}})
io_uring_enter(r8, 0x847b9, 0xebd0, 0xa, 0x0, 0x0)
munmap(&(0x7f0000001000/0x4000)=nil, 0x4000)
mbind(&(0x7f0000ffc000/0x3000)=nil, 0x3000, 0x1, 0x0, 0x7fff, 0x0)
io_uring_enter(r0, 0x3516, 0x0, 0x0, 0x0, 0x0)
r12 = socket$nl_netfilter(0x10, 0x3, 0xc)
ioctl$PPPIOCSMRU(0xffffffffffffffff, 0x40047452, &(0x7f0000000080)=0x7ff)
sendmsg$NFT_BATCH(r12, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000040)={&(0x7f00000001c0)=ANY=[@ANYBLOB="140000001000010000000000000000000700000a20000000000a010300000000000000000100000009000000030a01020000000000000000010000000900030073797a320000000028000480080002400000000008000140000000051400030076657468315f6d6163767461700000000900010073797a31000000004c000000050a01020000000000000000010020000c00024000000000000000010900010073797a3100000000200004801400030076657468315f6d6163767461bff3dc95ece981f48695e124c5d1cca6774c904239a5c208760609de51294d6cf2e3618af2c13173c3ed134306c94965fb33184b4092874549d600080000cb47b3aa6c90f2"], 0xe8}}, 0x0)

3.597487587s ago: executing program 5 (id=10558):
r0 = socket$nl_netfilter(0x10, 0x3, 0xc)
sendmsg$NFT_BATCH(r0, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000200)={&(0x7f00000003c0)=ANY=[@ANYBLOB="140000001000010000000000000000000000000a28000000000a0101000000005e1affd5020000000900010073797a300000000008000240000000032c000000030a01030000e6ff00000000020000000900010073797a30000000000900030073797a320000000014000000110001"], 0x7c}}, 0x0)
sendmsg$NFT_BATCH(r0, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000080)={&(0x7f0000000680)=ANY=[@ANYBLOB="14000000100001000000000000b890c1a000000a80000000160a01030000000000000000020000000900020073797a30000000000900010073797a30000000005400038008000240000000000800014000000000400003801400010076657468315f746f5f6272696467650014000100776732000000000000000000000000000b00010076657468305f746f5f7465616d00000014000000110001"], 0xa8}}, 0x0)
sendmsg$NFT_BATCH(r0, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000040)={&(0x7f0000000240)={{0x14}, [@NFT_MSG_NEWRULE={0x68, 0x6, 0xa, 0x40b, 0x0, 0x0, {0x2}, [@NFTA_RULE_EXPRESSIONS={0x3c, 0x4, 0x0, 0x1, [{0x28, 0x1, 0x0, 0x1, @flow_offload={{0x11}, @val={0x10, 0x2, 0x0, 0x1, [@NFTA_FLOW_TABLE_NAME={0x9, 0x1, 'syz0\x00'}]}}}, {0x10, 0x1, 0x0, 0x1, @redir={{0xa}, @void}}]}, @NFTA_RULE_TABLE={0x9, 0x1, 'syz0\x00'}, @NFTA_RULE_CHAIN={0x9, 0x2, 'syz2\x00'}]}], {0x14}}, 0x90}, 0x1, 0x0, 0x0, 0x2000094}, 0x80)
sendmsg$NFT_BATCH(r0, &(0x7f0000000340)={0x0, 0x0, &(0x7f0000000300)={&(0x7f0000000100)={{0x14, 0x10, 0x1, 0x0, 0x0, {0x2}}, [@NFT_MSG_DELTABLE={0x14, 0x2, 0xa, 0x201, 0x13, 0x0, {0x0, 0x0, 0x8}}], {0x14}}, 0x3c}, 0x1, 0x0, 0x0, 0x4008004}, 0x4000000)

3.585214169s ago: executing program 6 (id=10559):
r0 = socket$nl_generic(0x10, 0x3, 0x10)
socketpair$unix(0x1, 0x3, 0x0, &(0x7f0000000080)={<r1=>0xffffffffffffffff, <r2=>0xffffffffffffffff})
connect$unix(r1, &(0x7f000057eff8)=@file={0x0, './file0\x00'}, 0x6e)
sendmmsg$unix(r2, &(0x7f00000bd000), 0x318, 0x0)
recvmmsg(r1, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x1, 0x0)
ioctl$sock_ipv6_tunnel_SIOCGETTUNNEL(0xffffffffffffffff, 0x89f0, 0x0)
r3 = landlock_create_ruleset(&(0x7f0000000080)={0xd60b, 0x2}, 0x18, 0x0)
sendmsg$nl_route(0xffffffffffffffff, 0x0, 0x0)
syz_usb_connect(0x0, 0x73, 0x0, 0x0)
landlock_restrict_self(r3, 0x0)
socket$inet6_udplite(0xa, 0x2, 0x88)
ioctl$sock_ipv4_tunnel_SIOCGETTUNNEL(0xffffffffffffffff, 0x89f0, 0x0)
r4 = socket$unix(0x1, 0x1, 0x0)
ioctl$sock_SIOCGIFINDEX(r4, 0x8933, 0x0)
sendmsg$nl_route_sched(0xffffffffffffffff, &(0x7f0000000000)={0x0, 0x0, &(0x7f00000001c0)={0x0}, 0x1, 0x0, 0x0, 0xdc}, 0x0)
r5 = socket$inet_icmp_raw(0x2, 0x3, 0x1)
syz_genetlink_get_family_id$nl80211(&(0x7f0000000100), r0)
sendmsg$NL80211_CMD_TESTMODE(r0, &(0x7f0000002640)={&(0x7f0000000000)={0x10, 0x0, 0x0, 0x400000}, 0xc, &(0x7f0000000140)={0x0}, 0x1, 0x0, 0x0, 0x14000040}, 0x404c080)
r6 = syz_io_uring_setup(0x1238, &(0x7f0000000240)={0x0, 0x80fa, 0x80, 0x2, 0xabc}, &(0x7f0000000040)=<r7=>0x0, &(0x7f0000000200)=<r8=>0x0)
syz_memcpy_off$IO_URING_METADATA_GENERIC(r7, 0x4, &(0x7f0000000180)=0xfffffff4, 0x0, 0x4)
syz_io_uring_submit(r7, r8, &(0x7f00000001c0)=@IORING_OP_CONNECT={0x10, 0x0, 0x0, r5, 0x80, &(0x7f0000000080)=@l2tp={0x2, 0x0, @local, 0x3}})
io_uring_enter(r6, 0x47bc, 0x0, 0x0, 0x0, 0x0)
socket$inet_tcp(0x2, 0x1, 0x0)
r9 = socket$igmp(0x2, 0x3, 0x2)
ioctl$sock_SIOCETHTOOL(r9, 0x8946, &(0x7f0000000080)={'bond0\x00', 0x0})

3.362471331s ago: executing program 5 (id=10560):
r0 = socket$nl_xfrm(0x10, 0x3, 0x6)
bind$netlink(r0, &(0x7f00000000c0)={0x10, 0x0, 0x0, 0x8822d55593a2179}, 0xc)
r1 = socket$inet6(0xa, 0x3, 0x2f)
setsockopt$inet6_IPV6_XFRM_POLICY(r1, 0x29, 0x23, &(0x7f0000000140)={{{@in6=@initdev={0xfe, 0x88, '\x00', 0x1, 0x0}, @in6=@private2, 0x4e28, 0x0, 0x4, 0x0, 0x2}, {0x400000000000003, 0x80008800, 0x9141, 0x0, 0x0, 0xf42, 0x5}, {0x0, 0x0, 0x0, 0xffffffffffffff81}, 0x1, 0x0, 0x1}, {{@in=@empty, 0x4, 0x33}, 0x2, @in6=@private1, 0x3507, 0x5, 0x0, 0x4, 0x0, 0x10000000, 0xfffffffd}}, 0xe8)
connect$inet6(r1, &(0x7f0000000040)={0xa, 0x0, 0x0, @ipv4={'\x00', '\xff\xff', @remote}, 0x20fdff}, 0x1c)

2.975096977s ago: executing program 5 (id=10561):
socketpair$unix(0x1, 0x3, 0x0, &(0x7f0000000080)={<r0=>0xffffffffffffffff, <r1=>0xffffffffffffffff})
connect$unix(r0, &(0x7f000057eff8)=@abs, 0x6e)
sendmmsg$unix(r1, &(0x7f00000bd000), 0x318, 0x0)
recvmmsg(r0, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
r2 = syz_open_dev$dvb_frontend(&(0x7f0000000000), 0x0, 0x40002)
ioctl$FE_SET_FRONTEND(r2, 0x40246f4c, &(0x7f0000000080)={0x30a32c0, 0x1, @ofdm={0x0, 0x18, 0x4, 0x0, 0x7, 0x3, 0x2}})
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
r3 = socket$key(0xf, 0x3, 0x2)
sendmsg$key(r3, &(0x7f0000000040)={0x3, 0x0, 0x0, 0x1, 0x7}, 0x0)
sched_setattr(0x0, &(0x7f0000000280)={0x38, 0x5, 0x8, 0x8001, 0x0, 0x9, 0x0, 0xfffffe0000000001, 0xfa11, 0xffffffff}, 0x0)
r4 = syz_usb_connect$hid(0x0, 0x36, &(0x7f00000005c0)=ANY=[@ANYBLOB="1201500000000010d90481a000000000000109022400010000000009040100010300000009210000000122080009058103"], 0x0)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000080))
openat$audio1(0xffffffffffffff9c, &(0x7f0000000080), 0x129202, 0x0)
socket$inet(0x2, 0x4000000000000001, 0x0)
socket$nl_generic(0x10, 0x3, 0x10)
syz_open_dev$tty1(0xc, 0x4, 0x4)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200))
r5 = syz_open_dev$dri(&(0x7f0000000440), 0x1, 0x48240)
ioctl$DRM_IOCTL_SET_CLIENT_CAP(r5, 0x4010640d, &(0x7f0000000000)={0x3, 0x2})
ioctl$DRM_IOCTL_MODE_GETPLANERESOURCES(r5, 0xc01064b5, &(0x7f0000000040)={&(0x7f0000000100)=[<r6=>0x0], 0x1})
ioctl$DRM_IOCTL_MODE_ATOMIC(r5, 0xc03864bc, &(0x7f0000000180)={0x1, 0x1, &(0x7f00000000c0)=[r6], &(0x7f0000000180), &(0x7f0000000200), &(0x7f00000001c0)=[0x7fffffff], 0x0, 0x1})
sendmsg$L2TP_CMD_NOOP(r0, 0x0, 0x4000080)
syz_usb_control_io(r4, 0x0, 0x0)
r7 = syz_open_procfs(0xffffffffffffffff, &(0x7f0000000240)='numa_maps\x00')
read$FUSE(r7, &(0x7f0000002140)={0x2020}, 0x2020)
write$tun(r7, &(0x7f0000000300)={@val={0x0, 0x1c}, @void, @ipv4=@tipc={{0x6, 0x4, 0x1, 0x6, 0x5c, 0x68, 0x0, 0x3, 0x6, 0x0, @empty, @empty, {[@end]}}, @name_distributor={{0x44, 0x0, 0x0, 0x0, 0x0, 0xa, 0xb, 0x2, 0x5, 0x0, 0x0, 0x6b, 0x1, 0x3, 0x4e22, 0x4e21, 0x0, 0x0, 0x0, 0x0, 0x1}, [{0x9, 0x5, 0x5, 0x3ff, 0x10001, 0x80000000, 0x4, 0x2}]}}}, 0x60)
syz_usb_control_io$hid(r4, 0x0, 0xfffffffffffffffc)
r8 = creat(&(0x7f0000000280)='./file0\x00', 0xecf86c37d53049cc)
write$binfmt_elf64(r8, &(0x7f00000002c0)=ANY=[@ANYBLOB="7f454c4603000701810000000000000003003e00f9ffffffd80100000000000040000000000000008b00000000000000320d000005003800020078000700090051e57464"], 0xb0)

2.754623778s ago: executing program 1 (id=10562):
socketpair$unix(0x1, 0x3, 0x0, &(0x7f0000000080)={<r0=>0xffffffffffffffff, <r1=>0xffffffffffffffff})
connect$unix(r0, &(0x7f000057eff8)=@abs, 0x6e)
getsockopt$inet6_IPV6_XFRM_POLICY(r1, 0x29, 0x23, &(0x7f00000004c0)={{{@in=@broadcast, @in=@dev}}, {{@in6=@mcast2}, 0x0, @in6=@dev}}, &(0x7f0000000200)=0xe4)
r2 = socket$inet6_tcp(0xa, 0x1, 0x0)
getsockopt$IP_VS_SO_GET_SERVICES(r2, 0x0, 0x482, &(0x7f0000001640)=""/139, &(0x7f0000000100)=0x8)
sendmmsg$unix(r1, 0x0, 0x0, 0x0)
recvmmsg(r0, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
sched_setattr(0x0, &(0x7f0000000280)={0x38, 0x5, 0x8, 0x8001, 0x0, 0x9, 0x0, 0xfffffe0000000001, 0xfa11, 0xffffffff}, 0x0)
madvise(&(0x7f0000ff7000/0x7000)=nil, 0x7000, 0x14)
r3 = socket(0x200000100000011, 0x3, 0x0)
openat$dsp(0xffffffffffffff9c, 0x0, 0x2002, 0x0)
socket$inet6_sctp(0xa, 0x1, 0x84)
ptrace$ARCH_MAP_VDSO_64(0x1e, 0x0, 0x3, 0x2003)
io_submit(0x0, 0x0, 0x0)
r4 = socket$alg(0x26, 0x5, 0x0)
bind$alg(r4, &(0x7f0000000340)={0x26, 'skcipher\x00', 0x0, 0x0, 'ecb-cast6-avx\x00'}, 0x58)
r5 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0)
r6 = ioctl$KVM_CREATE_VM(r5, 0xae01, 0x0)
ioctl$KVM_CREATE_IRQCHIP(r6, 0xae60)
ioctl$KVM_CREATE_VCPU(r6, 0xae41, 0x2)
r7 = accept4(r4, 0x0, 0x0, 0x0)
sendmsg$nl_route_sched_retired(r7, &(0x7f00000002c0)={0x0, 0x0, &(0x7f0000000280)={&(0x7f0000003100)=@newchain={0x24, 0x64, 0x100, 0x70bd29, 0x25dfdbff, {0x0, 0x0, 0x0, 0x0, {0x7}, {0xfff1}, {0xc, 0xe}}}, 0x24}, 0x1, 0x0, 0x0, 0x1}, 0x40881)
bind$packet(r3, 0x0, 0x0)
socket$kcm(0x10, 0x2, 0x4)
fsopen(&(0x7f0000000100)='zonefs\x00', 0x1)
fcntl$getownex(0xffffffffffffffff, 0x10, 0x0)

1.747178467s ago: executing program 3 (id=10563):
socketpair$unix(0x1, 0x3, 0x0, &(0x7f0000000080)={<r0=>0xffffffffffffffff, <r1=>0xffffffffffffffff})
connect$unix(r0, &(0x7f0000000280)=@abs, 0x6e)
sendmmsg$unix(r1, &(0x7f00000bd000), 0x318, 0x0)
recvmmsg(r0, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
sendto$inet6(0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0)
madvise(&(0x7f00006d3000/0x4000)=nil, 0x4000, 0x66)
r2 = openat$binderfs(0xffffffffffffff9c, &(0x7f0000000380)='./binderfs/binder0\x00', 0x0, 0x0)
ioctl$BINDER_SET_CONTEXT_MGR_EXT(r2, 0x4018620d, &(0x7f00000000c0)={0x73622a85, 0x110b, 0x8000000000002})
r3 = openat$binderfs(0xffffffffffffff9c, &(0x7f0000000200)='./binderfs/binder0\x00', 0x0, 0x0)
ioctl$BINDER_WRITE_READ(r3, 0xc0306201, &(0x7f0000000080)={0x8, 0x0, &(0x7f0000000180)=[@acquire], 0x0, 0x0, 0x0})
r4 = dup3(r3, r2, 0x0)
ioctl$BINDER_WRITE_READ(r4, 0xc0306201, &(0x7f0000000280)={0x18, 0x0, &(0x7f0000000440)=[@request_death, @release], 0x0, 0x0, 0x0})
mmap$fb(&(0x7f0000ffb000/0x2000)=nil, 0x2000, 0x2, 0x11, r4, 0x21000)
r5 = openat$dsp(0xffffffffffffff9c, &(0x7f0000000000), 0x8041, 0x0)
write$dsp(r5, &(0x7f00000001c0), 0x0)
ioctl$SNDCTL_DSP_SYNC(r5, 0x80044d76, 0x0)
r6 = gettid()
syz_open_dev$sndpcmc(0x0, 0x1, 0x0)
timer_create(0x0, &(0x7f0000533fa0)={0x0, 0x21, 0x800000000004, @tid=r6}, &(0x7f0000bbdffc))
r7 = socket$nl_route(0x10, 0x3, 0x0)
sendmsg$nl_route_sched(r7, &(0x7f0000000000)={0x0, 0x0, &(0x7f00000002c0)={&(0x7f0000000600)=@newtaction={0x48, 0x32, 0x871a15abc695fa3d, 0x0, 0x100, {}, [{0x34, 0x1, [@m_ctinfo={0x30, 0x1, 0x0, 0x0, {{0xb, 0x2}, {0x4}, {0x4}, {0xc}, {0xc, 0x8, {0x2}}}}]}]}, 0x48}}, 0x4040850)
timer_settime(0x0, 0x0, &(0x7f0000000440)={{0x0, 0x989680}, {0x0, 0x989680}}, 0x0)
ioctl$SNDCTL_DSP_SUBDIVIDE(r5, 0xc0045009, &(0x7f0000000040)=0x2fff)
madvise(&(0x7f0000000000/0x600000)=nil, 0x600003, 0x19)
syz_usb_connect(0x2, 0x0, 0x0, 0x0)
socket$nl_route(0x10, 0x3, 0x0)
r8 = syz_open_procfs(0x0, 0x0)
preadv(r8, &(0x7f00000001c0)=[{&(0x7f0000000300)=""/230, 0xe6}], 0x1, 0x185, 0x0)

1.361442667s ago: executing program 1 (id=10564):
socketpair$unix(0x1, 0x3, 0x0, &(0x7f00000000c0)={<r0=>0xffffffffffffffff, <r1=>0xffffffffffffffff})
setsockopt$sock_int(0xffffffffffffffff, 0x1, 0xf, 0x0, 0x0)
connect$unix(r0, &(0x7f000057eff8)=@abs={0x0, 0x0, 0x4}, 0x6e)
r2 = socket$inet6(0xa, 0x807, 0x0)
setsockopt$inet6_int(r2, 0x29, 0x3c, &(0x7f0000311ffc)=0x1, 0x4)
sendmmsg$unix(r1, &(0x7f00000bd000), 0x318, 0x0)
recvmmsg(r0, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
sendmsg(r1, &(0x7f0000000380)={0x0, 0x0, 0x0}, 0x80)
sched_setattr(0x0, &(0x7f0000000100)={0x38, 0x3, 0x4, 0xe0, 0x0, 0xb49, 0x200000000002, 0x7, 0x8, 0x3}, 0x0)
r3 = socket(0x2a, 0x2, 0x0)
getsockname$packet(r3, &(0x7f0000000200)={0x11, 0x0, <r4=>0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000001480)=0x14)
sendmsg$nl_route_sched(0xffffffffffffffff, &(0x7f00000002c0)={0x0, 0x0, &(0x7f0000000040)={&(0x7f00000001c0)=@newqdisc={0x38, 0x24, 0xf0b, 0xfffffffd, 0x25dfdbfe, {0x0, 0x0, 0x0, 0x0, {0x0, 0xfff1}, {0xfff3, 0xffff}, {0xe, 0x1}}, [@qdisc_kind_options=@q_fq_codel={{0xd}, {0x4}}]}, 0x38}}, 0x44884)
sendmsg$nl_route_sched(0xffffffffffffffff, &(0x7f0000000340)={0x0, 0x0, &(0x7f00000000c0)={&(0x7f0000000000)=@newtfilter={0x40, 0x2c, 0xd27, 0x70bd2d, 0x25dfdffd, {0x0, 0x0, 0x0, r4, {0x6, 0x9}, {}, {0x8, 0xffe0}}, [@filter_kind_options=@f_matchall={{0xd}, {0xc, 0x2, [@TCA_MATCHALL_CLASSID={0x8, 0x1, {0xffe0, 0xfff2}}]}}]}, 0x40}}, 0x2000c800)
r5 = syz_open_dev$usbfs(&(0x7f0000000080), 0x77, 0x101301)
ioctl$USBDEVFS_CONNECTINFO(r5, 0x8004550f, &(0x7f0000002a40))

922.689674ms ago: executing program 0 (id=10565):
openat$kvm(0xffffffffffffff9c, 0x0, 0x0, 0x0) (async)
r0 = openat$kvm(0xffffffffffffff9c, 0x0, 0x0, 0x0)
socket$inet_udp(0x2, 0x2, 0x0) (async)
r1 = socket$inet_udp(0x2, 0x2, 0x0)
socketpair$unix(0x1, 0x3, 0x0, &(0x7f0000000080)) (async)
socketpair$unix(0x1, 0x3, 0x0, &(0x7f0000000080)={<r2=>0xffffffffffffffff, <r3=>0xffffffffffffffff})
connect$unix(r2, &(0x7f000057eff8)=@abs={0x0, 0x0, 0x4e22}, 0x6e)
sendmmsg$unix(r3, &(0x7f00000bd000), 0x318, 0x0)
recvmmsg(r2, &(0x7f00000000c0), 0x10106, 0x2, 0x0) (async)
recvmmsg(r2, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
socket$key(0xf, 0x3, 0x2)
setsockopt(0xffffffffffffffff, 0x84, 0x81, 0x0, 0x0)
r4 = socket$nl_route(0x10, 0x3, 0x0)
sendmsg$nl_route(r4, &(0x7f0000000400)={0x0, 0x0, &(0x7f00000000c0)={&(0x7f0000000000)=@ipv4_newrule={0x1c, 0x20, 0x301, 0x0, 0x0, {0x2, 0x0, 0x0, 0x8, 0x0, 0x0, 0x0, 0x3, 0x1f}}, 0x1c}, 0x1, 0x0, 0x0, 0x81}, 0x44004) (async)
sendmsg$nl_route(r4, &(0x7f0000000400)={0x0, 0x0, &(0x7f00000000c0)={&(0x7f0000000000)=@ipv4_newrule={0x1c, 0x20, 0x301, 0x0, 0x0, {0x2, 0x0, 0x0, 0x8, 0x0, 0x0, 0x0, 0x3, 0x1f}}, 0x1c}, 0x1, 0x0, 0x0, 0x81}, 0x44004)
sendmsg$nl_route(r4, &(0x7f0000000280)={0x0, 0x0, &(0x7f0000000100)={&(0x7f0000000180)=@newlink={0x3c, 0x10, 0x439, 0x0, 0x0, {0x0, 0x0, 0x0, 0x0, 0x9801, 0x1303}, [@IFLA_LINKINFO={0x1c, 0x12, 0x0, 0x1, @ipip={{0x9}, {0xc, 0x2, 0x0, 0x1, [@IFLA_IPTUN_REMOTE={0x8, 0x3, @multicast1}]}}}]}, 0x3c}, 0x1, 0x0, 0x0, 0x1}, 0x4000000)
bind$inet(r1, &(0x7f00000001c0)={0x2, 0x0, @local}, 0x16)
connect$inet(r1, &(0x7f0000000480)={0x2, 0x4e23, @multicast2}, 0x10)
setsockopt$inet_IP_XFRM_POLICY(r1, 0x0, 0x11, &(0x7f00000002c0)={{{@in=@multicast2, @in6=@mcast1, 0x4e20, 0x4, 0x0, 0x0, 0x2, 0x0, 0x0, 0x0, 0x0, 0xee01}, {0x0, 0x0, 0x0, 0x0, 0x5, 0x0, 0x3, 0xfffffffffffffffe}, {0x0, 0x0, 0xfffffffffffffffc, 0xff}, 0x0, 0x0, 0x1}, {{@in=@dev={0xac, 0x14, 0x14, 0x3c}, 0x0, 0x32}, 0x0, @in=@private=0xa010100, 0x0, 0x2, 0x0, 0xb7, 0xfffffffe, 0xffffff7e}}, 0xe8)
sendmmsg(r1, &(0x7f0000007fc0), 0x800001d, 0x1c)
openat$incfs(0xffffffffffffffff, &(0x7f0000000200)='.pending_reads\x00', 0x20000, 0x14) (async)
r5 = openat$incfs(0xffffffffffffffff, &(0x7f0000000200)='.pending_reads\x00', 0x20000, 0x14)
bpf$PROG_LOAD(0x5, &(0x7f0000000100)={0x1, 0x3, &(0x7f0000000240)=ANY=[@ANYBLOB="8500000005000000670000004000000095d56aa76300000000000000", @ANYRESOCT=r0, @ANYRES64=0x0, @ANYRES16=r1], &(0x7f0000000180)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, r5, 0x8, &(0x7f0000000000), 0x8, 0x10, &(0x7f0000000000), 0x10}, 0x94)
syz_usb_connect(0x2, 0x24, &(0x7f0000000100)=ANY=[@ANYBLOB="1201000011620140480b04101e8c00000001090212000100000000090401"], 0x0)

397.479168ms ago: executing program 6 (id=10566):
r0 = socket$nl_route(0x10, 0x3, 0x0)
r1 = socket(0x10, 0x803, 0x0)
bind$netlink(r1, &(0x7f0000000100)={0x10, 0x0, 0x25dfdbfd, 0x400}, 0xc)
getsockname$packet(r1, &(0x7f0000000600)={0x11, 0x0, <r2=>0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000080)=0x14)
sendmsg$nl_route(r0, &(0x7f0000000280)={0x0, 0x0, &(0x7f0000000300)={&(0x7f0000000400)=@newlink={0x44, 0x10, 0x40d, 0x70bd2d, 0x1ffffffc, {0x0, 0x0, 0x0, r2, 0x60046, 0x400}, [@IFLA_LINKINFO={0x24, 0x12, 0x0, 0x1, @bond={{0x9}, {0x14, 0x2, 0x0, 0x1, [@IFLA_BOND_MODE={0x5, 0x1, 0x2}, @IFLA_BOND_XMIT_HASH_POLICY={0x5, 0xe, 0x2}]}}}]}, 0x44}, 0x1, 0x0, 0x0, 0x40040}, 0x80)
sendmsg$nl_route(r0, &(0x7f00000004c0)={0x0, 0x0, &(0x7f0000000080)={&(0x7f0000000000)=@newlink={0x30, 0x10, 0x801, 0x0, 0x20020, {0x0, 0x0, 0x0, 0x0, 0x0, 0x200e3}, [@IFLA_MASTER={0x8, 0xa, r2}, @IFLA_GROUP={0x8}]}, 0x30}}, 0x0)

0s ago: executing program 6 (id=10567):
pause()
r0 = landlock_create_ruleset(&(0x7f0000000040)={0x0, 0x3}, 0x10, 0x0)
landlock_restrict_self(r0, 0x0)
r1 = socket$inet_sctp(0x2, 0x1, 0x84)
sendto$inet(r1, &(0x7f0000000140)='^', 0x34000, 0x0, &(0x7f0000004ff0)={0x2, 0x0, @rand_addr=0xfffffffffffffffe}, 0x10)
listen(r1, 0xda90)
setsockopt$inet_opts(r1, 0x0, 0x4, 0x0, 0x0)
accept4(r1, 0x0, 0x0, 0x0)
syz_usb_control_io$hid(0xffffffffffffffff, &(0x7f0000000240)={0x24, 0x0, 0x0, 0x0, 0x0}, 0x0)
r2 = syz_open_dev$evdev(&(0x7f0000001540), 0x0, 0x0)
ioctl$EVIOCGLED(r2, 0x5452, &(0x7f0000000240)=""/77)
ioctl$EVIOCSFF(0xffffffffffffffff, 0x40304580, &(0x7f0000000180)={0x57, 0x0, 0x0, {0xfffe, 0x1}, {0x74, 0x2}, @const={0x6, {0x7f, 0x0, 0x8000, 0xfffd}}})
r3 = syz_open_dev$evdev(&(0x7f00000000c0), 0x78, 0x822b01)
write$char_usb(r3, &(0x7f0000000040)="e2", 0x1068)
r4 = landlock_create_ruleset(&(0x7f0000000040)={0x2, 0x3, 0x3}, 0x18, 0x0)
landlock_restrict_self(r4, 0x9)
landlock_restrict_self(r0, 0x8)

kernel console output (not intermixed with test programs):

778][   T30] audit: type=1326 audit(1771990997.143:8956): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=12230 comm="syz.6.10069" exe="/root/syz-executor" sig=0 arch=c000003e syscall=42 compat=0 ip=0x7f31f9f9c629 code=0x7ffc0000
[ 2843.578103][  T757] Bluetooth: hci1: command 0x041b tx timeout
[ 2843.586589][   T30] audit: type=1326 audit(1771990997.143:8957): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=12230 comm="syz.6.10069" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f31f9f9c629 code=0x7ffc0000
[ 2843.616834][   T30] audit: type=1326 audit(1771990997.143:8958): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=12230 comm="syz.6.10069" exe="/root/syz-executor" sig=0 arch=c000003e syscall=307 compat=0 ip=0x7f31f9f9c629 code=0x7ffc0000
[ 2843.663670][T12235] syzkaller1: entered promiscuous mode
[ 2843.676678][T12235] syzkaller1: entered allmulticast mode
[ 2843.721903][  T757] Bluetooth: hci0: command 0x0c1a tx timeout
[ 2843.728041][ T6511] Bluetooth: hci4: command 0x0419 tx timeout
[ 2843.728089][T13853] Bluetooth: hci2: command 0x0c1a tx timeout
[ 2843.734044][ T6511] Bluetooth: hci5: command 0x040f tx timeout
[ 2843.761080][ T8360] usb 2-1: USB disconnect, device number 127
[ 2844.236904][T29640] usb 4-1: new high-speed USB device number 121 using dummy_hcd
[ 2844.245833][T12247] iommufd_mock iommufd_mock0: Adding to iommu group 0
[ 2844.257598][ T8360] usb 2-1: new high-speed USB device number 2 using dummy_hcd
[ 2844.397750][T29640] usb 4-1: config 0 interface 0 altsetting 0 has an endpoint descriptor with address 0xFF, changing to 0x8F
[ 2844.409372][T29640] usb 4-1: config 0 interface 0 altsetting 0 endpoint 0x8F has an invalid bInterval 0, changing to 7
[ 2844.416452][ T8360] usb 2-1: Using ep0 maxpacket: 8
[ 2844.420718][T29640] usb 4-1: config 0 interface 0 altsetting 0 endpoint 0x8F has invalid wMaxPacketSize 0
[ 2844.427623][ T8360] usb 2-1: config index 0 descriptor too short (expected 30, got 18)
[ 2844.435420][T29640] usb 4-1: config 0 interface 0 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 21
[ 2844.457110][T29640] usb 4-1: New USB device found, idVendor=047f, idProduct=ffff, bcdDevice= 0.00
[ 2844.458175][ T8360] usb 2-1: New USB device found, idVendor=1660, idProduct=0932, bcdDevice=80.ea
[ 2844.466361][T29640] usb 4-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[ 2844.475742][ T8360] usb 2-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[ 2844.492176][ T8360] usb 2-1: Product: syz
[ 2844.496670][ T8360] usb 2-1: Manufacturer: syz
[ 2844.499491][T29640] usb 4-1: config 0 descriptor??
[ 2844.506832][ T8360] usb 2-1: SerialNumber: syz
[ 2844.514990][ T8360] usb 2-1: config 0 descriptor??
[ 2844.525988][ T8360] dvb-usb: found a 'Medion MD95700 (MDUSBTV-HYBRID)' in warm state.
[ 2844.534564][ T8360] usb 2-1: setting power ON
[ 2844.539410][ T8360] dvb-usb: bulk message failed: -22 (2/0)
[ 2844.549364][ T8360] dvb-usb: will pass the complete MPEG2 transport stream to the software demuxer.
[ 2844.559307][ T8360] dvbdev: DVB: registering new adapter (Medion MD95700 (MDUSBTV-HYBRID))
[ 2844.568014][ T8360] usb 2-1: media controller created
[ 2844.583693][ T8360] dvbdev: dvb_create_media_entity: media entity 'dvb-demux' registered.
[ 2844.604021][ T8360] usb 2-1: selecting invalid altsetting 6
[ 2844.609926][ T8360] usb 2-1: digital interface selection failed (-22)
[ 2844.616649][ T8360] dvb-usb: no frontend was attached by 'Medion MD95700 (MDUSBTV-HYBRID)'
[ 2844.625763][ T8360] usb 2-1: setting power OFF
[ 2844.630543][ T8360] dvb-usb: bulk message failed: -22 (2/0)
[ 2844.636453][ T8360] dvb-usb: Medion MD95700 (MDUSBTV-HYBRID) successfully initialized and connected.
[ 2844.645757][ T8360] (NULL device *): no alternate interface
[ 2844.673547][ T8360] dvb-usb: Medion MD95700 (MDUSBTV-HYBRID) successfully deinitialized and disconnected.
[ 2844.753912][T12237] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy
[ 2844.765304][T12237] misc raw-gadget: fail, usb_gadget_register_driver returned -16
[ 2844.790393][ T8360] usb 2-1: USB disconnect, device number 2
[ 2844.931586][T29640] plantronics 0003:047F:FFFF.004A: ignoring exceeding usage max
[ 2844.977464][T29640] plantronics 0003:047F:FFFF.004A: hiddev0,hidraw0: USB HID v0.40 Device [HID 047f:ffff] on usb-dummy_hcd.3-1/input0
[ 2845.202652][T12262] netlink: 12 bytes leftover after parsing attributes in process `syz.6.10079'.
[ 2845.255349][T12266] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy
[ 2845.268533][T12266] misc raw-gadget: fail, usb_gadget_register_driver returned -16
[ 2845.315138][T12262] 8021q: adding VLAN 0 to HW filter on device bond2
[ 2845.389439][T12267] macvlan2: entered promiscuous mode
[ 2845.401762][T12267] veth0_to_bond: entered promiscuous mode
[ 2845.410039][T12269] FAULT_INJECTION: forcing a failure.
[ 2845.410039][T12269] name failslab, interval 1, probability 0, space 0, times 0
[ 2845.412701][T12267] bond2: (slave macvlan2): Enslaving as an active interface with an up link
[ 2845.445563][T12269] CPU: 1 UID: 0 PID: 12269 Comm: syz.5.10081 Tainted: G             L      syzkaller #0 PREEMPT(full) 
[ 2845.445593][T12269] Tainted: [L]=SOFTLOCKUP
[ 2845.445600][T12269] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 02/12/2026
[ 2845.445610][T12269] Call Trace:
[ 2845.445618][T12269]  <TASK>
[ 2845.445627][T12269]  dump_stack_lvl+0xe8/0x150
[ 2845.445656][T12269]  should_fail_ex+0x412/0x560
[ 2845.445679][T12269]  should_failslab+0xa8/0x100
[ 2845.445700][T12269]  __kmalloc_noprof+0xe8/0x760
[ 2845.445722][T12269]  ? snd_pcm_hw_refine+0x9b1/0x1710
[ 2845.445751][T12269]  snd_pcm_hw_refine+0x9b1/0x1710
[ 2845.445790][T12269]  ? __pfx_snd_pcm_hw_refine+0x10/0x10
[ 2845.445838][T12269]  ? snd_pcm_hw_params+0x164/0x1d60
[ 2845.445871][T12269]  snd_pcm_hw_param_first+0x3bf/0xb40
[ 2845.445902][T12269]  snd_pcm_hw_params+0x585/0x1d60
[ 2845.445937][T12269]  ? __pfx_snd_pcm_hw_params+0x10/0x10
[ 2845.445960][T12269]  ? _raw_spin_unlock_irq+0x23/0x50
[ 2845.445987][T12269]  ? _raw_spin_unlock_irq+0x2e/0x50
[ 2845.446010][T12269]  ? snd_pcm_drop+0x4a6/0x5b0
[ 2845.446031][T12269]  snd_pcm_oss_change_params_locked+0x201f/0x3e00
[ 2845.446078][T12269]  ? __pfx_snd_pcm_oss_change_params_locked+0x10/0x10
[ 2845.446112][T12269]  ? __pfx___mutex_unlock_slowpath+0x10/0x10
[ 2845.446147][T12269]  snd_pcm_oss_get_active_substream+0x20b/0x280
[ 2845.446174][T12269]  snd_pcm_oss_set_rate+0x1bc/0x4e0
[ 2845.446206][T12269]  snd_pcm_oss_ioctl+0xc2e/0xdf0
[ 2845.446228][T12269]  ? __pfx_snd_pcm_oss_ioctl+0x10/0x10
[ 2845.446248][T12269]  __se_sys_ioctl+0xfc/0x170
[ 2845.446272][T12269]  do_syscall_64+0x14d/0xf80
[ 2845.446297][T12269]  ? trace_irq_disable+0x3b/0x150
[ 2845.446322][T12269]  ? entry_SYSCALL_64_after_hwframe+0x77/0x7f
[ 2845.446340][T12269]  ? clear_bhb_loop+0x40/0x90
[ 2845.446368][T12269]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[ 2845.446386][T12269] RIP: 0033:0x7f6e27d9c629
[ 2845.446405][T12269] Code: ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 e8 ff ff ff f7 d8 64 89 01 48
[ 2845.446430][T12269] RSP: 002b:00007f6e28bfa028 EFLAGS: 00000246 ORIG_RAX: 0000000000000010
[ 2845.446452][T12269] RAX: ffffffffffffffda RBX: 00007f6e28015fa0 RCX: 00007f6e27d9c629
[ 2845.446467][T12269] RDX: 0000200000000040 RSI: 00000000c0045002 RDI: 0000000000000004
[ 2845.446481][T12269] RBP: 00007f6e28bfa090 R08: 0000000000000000 R09: 0000000000000000
[ 2845.446495][T12269] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000002
[ 2845.446507][T12269] R13: 00007f6e28016038 R14: 00007f6e28015fa0 R15: 00007f6e2813fa48
[ 2845.446540][T12269]  </TASK>
[ 2846.118175][T12277] i2c i2c-0: DVB: adapter 0 frontend 0 frequency 51000000 out of range (51000..2150000)
[ 2846.169083][ T5955] usb 4-1: USB disconnect, device number 121
[ 2846.296251][   T30] audit: type=1326 audit(1771991000.363:8959): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=12279 comm="syz.1.10085" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f1fe499c629 code=0x7ffc0000
[ 2846.343865][   T30] audit: type=1326 audit(1771991000.363:8960): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=12279 comm="syz.1.10085" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f1fe499c629 code=0x7ffc0000
[ 2846.376322][ T8360] usb 7-1: new high-speed USB device number 97 using dummy_hcd
[ 2846.384056][   T30] audit: type=1326 audit(1771991000.363:8961): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=12279 comm="syz.1.10085" exe="/root/syz-executor" sig=0 arch=c000003e syscall=53 compat=0 ip=0x7f1fe499c629 code=0x7ffc0000
[ 2846.646309][ T8360] usb 7-1: Using ep0 maxpacket: 16
[ 2846.661757][ T8360] usb 7-1: config 0 has an invalid interface number: 1 but max is 0
[ 2846.670283][ T8360] usb 7-1: config 0 has no interface number 0
[ 2846.680166][ T8360] usb 7-1: config 0 interface 1 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7
[ 2846.697279][T12286] iommufd_mock iommufd_mock0: Adding to iommu group 0
[ 2846.763348][ T8360] usb 7-1: config 0 interface 1 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0
[ 2846.780814][ T8360] usb 7-1: New USB device found, idVendor=04d9, idProduct=a081, bcdDevice= 0.00
[ 2846.802582][ T8360] usb 7-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[ 2846.847053][ T8360] usb 7-1: config 0 descriptor??
[ 2848.217610][T12304] netlink: 'syz.3.10092': attribute type 3 has an invalid length.
[ 2848.225761][T12304] netlink: 8 bytes leftover after parsing attributes in process `syz.3.10092'.
[ 2848.465770][T12312] netlink: 8 bytes leftover after parsing attributes in process `syz.1.10093'.
[ 2848.481279][T12313] binder_alloc: 12307: pid 12307 spamming oneway? 1 buffers allocated for a total size of 4096
[ 2848.505719][T12312] netlink: 8 bytes leftover after parsing attributes in process `syz.1.10093'.
[ 2848.531778][T12313] binder_alloc: 12307: pid 12307 spamming oneway? 2 buffers allocated for a total size of 5120
[ 2849.287099][ T8360] usbhid 7-1:0.1: can't add hid device: -71
[ 2849.326671][ T8360] usbhid 7-1:0.1: probe with driver usbhid failed with error -71
[ 2849.337047][ T8360] usb 7-1: USB disconnect, device number 97
[ 2849.836964][ T8360] usb 7-1: new high-speed USB device number 98 using dummy_hcd
[ 2849.999339][ T8360] usb 7-1: config 0 has an invalid interface number: 213 but max is 0
[ 2850.008405][ T8360] usb 7-1: config 0 has no interface number 0
[ 2850.014567][ T8360] usb 7-1: config 0 interface 213 altsetting 101 endpoint 0x81 has an invalid bInterval 0, changing to 7
[ 2850.025951][ T8360] usb 7-1: config 0 interface 213 altsetting 101 endpoint 0x81 has invalid wMaxPacketSize 0
[ 2850.036109][ T8360] usb 7-1: config 0 interface 213 has no altsetting 0
[ 2850.045852][ T8360] usb 7-1: New USB device found, idVendor=046d, idProduct=ca04, bcdDevice= 0.00
[ 2850.055014][ T8360] usb 7-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[ 2850.064911][ T8360] usb 7-1: config 0 descriptor??
[ 2850.277609][T12327] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy
[ 2850.286768][T12327] misc raw-gadget: fail, usb_gadget_register_driver returned -16
[ 2850.389547][T12334] delete_channel: no stack
[ 2850.504563][ T8360] logitech 0003:046D:CA04.004B: unknown main item tag 0x0
[ 2850.526913][ T8360] logitech 0003:046D:CA04.004B: unknown main item tag 0x0
[ 2850.536715][ T8360] logitech 0003:046D:CA04.004B: unknown main item tag 0x0
[ 2850.555237][ T8360] logitech 0003:046D:CA04.004B: unknown main item tag 0x0
[ 2850.572122][ T8360] logitech 0003:046D:CA04.004B: unknown main item tag 0x0
[ 2850.583435][ T8360] logitech 0003:046D:CA04.004B: unknown main item tag 0x0
[ 2850.596554][ T8360] logitech 0003:046D:CA04.004B: unknown main item tag 0x0
[ 2850.611549][ T8360] logitech 0003:046D:CA04.004B: hidraw0: USB HID v0.00 Device [HID 046d:ca04] on usb-dummy_hcd.6-1/input213
[ 2850.639058][ T8360] logitech 0003:046D:CA04.004B: no inputs found
[ 2850.642503][   T30] kauditd_printk_skb: 6 callbacks suppressed
[ 2850.642522][   T30] audit: type=1326 audit(1771991004.713:8968): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=12339 comm="syz.3.10103" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f1cb8d9c629 code=0x7ffc0000
[ 2850.678994][   T30] audit: type=1326 audit(1771991004.713:8969): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=12339 comm="syz.3.10103" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f1cb8d9c629 code=0x7ffc0000
[ 2850.823436][T29640] usb 7-1: USB disconnect, device number 98
[ 2850.846554][   T30] audit: type=1326 audit(1771991004.713:8970): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=12339 comm="syz.3.10103" exe="/root/syz-executor" sig=0 arch=c000003e syscall=53 compat=0 ip=0x7f1cb8d9c629 code=0x7ffc0000
[ 2850.905336][   T30] audit: type=1326 audit(1771991004.713:8971): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=12339 comm="syz.3.10103" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f1cb8d9c629 code=0x7ffc0000
[ 2850.960493][   T30] audit: type=1326 audit(1771991004.713:8972): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=12339 comm="syz.3.10103" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f1cb8d9c629 code=0x7ffc0000
[ 2850.987100][   T30] audit: type=1326 audit(1771991004.713:8973): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=12339 comm="syz.3.10103" exe="/root/syz-executor" sig=0 arch=c000003e syscall=42 compat=0 ip=0x7f1cb8d9c629 code=0x7ffc0000
[ 2851.010532][   T30] audit: type=1326 audit(1771991004.713:8974): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=12339 comm="syz.3.10103" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f1cb8d9c629 code=0x7ffc0000
[ 2851.030538][T12346] fido_id[12346]: Failed to open report descriptor at '/sys/devices/platform/dummy_hcd.6/usb7/report_descriptor': No such file or directory
[ 2851.037817][   T30] audit: type=1326 audit(1771991004.713:8975): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=12339 comm="syz.3.10103" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f1cb8d9c629 code=0x7ffc0000
[ 2851.076560][   T30] audit: type=1326 audit(1771991004.713:8976): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=12339 comm="syz.3.10103" exe="/root/syz-executor" sig=0 arch=c000003e syscall=307 compat=0 ip=0x7f1cb8d9c629 code=0x7ffc0000
[ 2851.366103][T12350] netlink: 'syz.6.10106': attribute type 10 has an invalid length.
[ 2852.316358][ T5915] usb 6-1: new high-speed USB device number 8 using dummy_hcd
[ 2852.483492][T12371] netlink: 64 bytes leftover after parsing attributes in process `syz.6.10114'.
[ 2852.505339][ T5915] usb 6-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0
[ 2852.516421][ T5915] usb 6-1: New USB device found, idVendor=172f, idProduct=0501, bcdDevice= 0.00
[ 2852.525865][ T5915] usb 6-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[ 2852.620368][ T5915] usb 6-1: config 0 descriptor??
[ 2852.620731][T12371] syzkaller1: entered promiscuous mode
[ 2852.664090][T12371] syzkaller1: entered allmulticast mode
[ 2852.847576][T12366] netlink: 4 bytes leftover after parsing attributes in process `syz.5.10113'.
[ 2852.863898][T12366] team_slave_0: entered promiscuous mode
[ 2852.869646][T12366] team_slave_1: entered promiscuous mode
[ 2852.966581][T12366] macvtap1: entered promiscuous mode
[ 2853.050990][T12366] team0: entered promiscuous mode
[ 2853.064818][T12366] macvtap1: entered allmulticast mode
[ 2853.088551][T12366] team0: entered allmulticast mode
[ 2853.126315][T12366] team_slave_0: entered allmulticast mode
[ 2853.133703][T12366] team_slave_1: entered allmulticast mode
[ 2853.144766][T12366] 8021q: adding VLAN 0 to HW filter on device macvtap1
[ 2853.223452][T12386] netlink: 8 bytes leftover after parsing attributes in process `syz.0.10119'.
[ 2853.253980][ T5915] usbhid 6-1:0.0: can't add hid device: -71
[ 2853.461539][ T5915] usbhid 6-1:0.0: probe with driver usbhid failed with error -71
[ 2853.481760][ T5915] usb 6-1: USB disconnect, device number 8
[ 2853.973312][T12398] syzkaller0: entered promiscuous mode
[ 2853.976401][ T5955] usb 2-1: new high-speed USB device number 3 using dummy_hcd
[ 2853.979222][T12398] syzkaller0: entered allmulticast mode
[ 2853.995089][T12398] PF_CAN: dropped non conform CAN FD skbuff: dev type 280, len 65487
[ 2854.003947][T12398] netlink: 28 bytes leftover after parsing attributes in process `syz.0.10123'.
[ 2854.216468][ T5955] usb 2-1: Using ep0 maxpacket: 16
[ 2854.230124][ T5955] usb 2-1: config 0 has an invalid interface number: 1 but max is 0
[ 2854.273217][ T5955] usb 2-1: config 0 has no interface number 0
[ 2854.308897][ T5955] usb 2-1: config 0 interface 1 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7
[ 2854.308923][ T5955] usb 2-1: config 0 interface 1 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0
[ 2854.308947][ T5955] usb 2-1: New USB device found, idVendor=04d9, idProduct=a081, bcdDevice= 0.00
[ 2854.308960][ T5955] usb 2-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[ 2854.319008][ T5955] usb 2-1: config 0 descriptor??
[ 2857.092841][ T5955] usbhid 2-1:0.1: can't add hid device: -71
[ 2857.100863][ T5955] usbhid 2-1:0.1: probe with driver usbhid failed with error -71
[ 2857.121929][ T5955] usb 2-1: USB disconnect, device number 3
[ 2857.361735][T12430] netlink: 44 bytes leftover after parsing attributes in process `syz.1.10133'.
[ 2858.755839][T12453] iommufd_mock iommufd_mock0: Adding to iommu group 0
[ 2858.891419][T12459] netlink: 76 bytes leftover after parsing attributes in process `syz.1.10138'.
[ 2858.900719][ T5915] usb 6-1: new full-speed USB device number 9 using dummy_hcd
[ 2859.060173][T12463] iommufd_mock iommufd_mock1: Adding to iommu group 1
[ 2859.150740][ T5915] usb 6-1: unable to get BOS descriptor or descriptor too short
[ 2859.168082][ T5915] usb 6-1: not running at top speed; connect to a high speed hub
[ 2859.233122][ T5915] usb 6-1: config 1 has an invalid descriptor of length 0, skipping remainder of the config
[ 2859.243406][ T5915] usb 6-1: config 1 has 1 interface, different from the descriptor's value: 3
[ 2859.411131][ T5915] usb 6-1: string descriptor 0 read error: -22
[ 2859.419783][ T5915] usb 6-1: New USB device found, idVendor=1d6b, idProduct=0101, bcdDevice= 0.40
[ 2859.446028][ T5915] usb 6-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[ 2859.479521][ T5915] usb 6-1: 0:2 : does not exist
[ 2859.823534][   T30] audit: type=1804 audit(1771991013.853:8977): pid=12444 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=invalid_pcr cause=ToMToU comm="syz.5.10137" name="/newroot/114/file1" dev="fuse" ino=1 res=1 errno=0
[ 2859.877545][ T5915] usb 6-1: 5:0: failed to get current value for ch 0 (-22)
[ 2859.934757][ T5915] usb 6-1: 5:0: cannot get min/max values for control 2 (id 5)
[ 2859.958299][ T5915] usb 6-1: 5:0: cannot get min/max values for control 3 (id 5)
[ 2860.019388][ T5915] usb 6-1: 5:0: failed to get current value for ch 1 (-22)
[ 2860.101894][ T5915] usb 6-1: 5:0: cannot get min/max values for control 3 (id 5)
[ 2860.121630][ T5915] usb 6-1: 5:0: cannot get min/max values for control 2 (id 5)
[ 2860.437570][ T5915] usb 6-1: USB disconnect, device number 9
[ 2860.676390][ T5955] usb 4-1: new high-speed USB device number 122 using dummy_hcd
[ 2860.846389][ T5955] usb 4-1: Using ep0 maxpacket: 16
[ 2861.019188][T12484] syzkaller0: entered promiscuous mode
[ 2861.025717][T12484] syzkaller0: entered allmulticast mode
[ 2861.032724][ T5955] usb 4-1: config 0 has an invalid interface number: 1 but max is 0
[ 2861.041507][ T5955] usb 4-1: config 0 has no interface number 0
[ 2861.089479][ T5955] usb 4-1: config 0 interface 1 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7
[ 2861.164825][ T5955] usb 4-1: config 0 interface 1 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0
[ 2861.183153][ T5955] usb 4-1: New USB device found, idVendor=04d9, idProduct=a081, bcdDevice= 0.00
[ 2861.209442][ T5955] usb 4-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[ 2861.445741][T12496] netlink: 'syz.6.10152': attribute type 10 has an invalid length.
[ 2861.481589][ T5955] usb 4-1: config 0 descriptor??
[ 2861.526490][ T5831] usb 2-1: new high-speed USB device number 4 using dummy_hcd
[ 2861.755866][ T5831] usb 2-1: config index 0 descriptor too short (expected 23569, got 27)
[ 2861.778952][ T5831] usb 2-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0
[ 2861.882048][ T5831] usb 2-1: New USB device found, idVendor=03eb, idProduct=0002, bcdDevice=ba.c0
[ 2861.935085][ T5831] usb 2-1: New USB device strings: Mfr=5, Product=0, SerialNumber=0
[ 2861.976499][ T5831] usb 2-1: Manufacturer: syz
[ 2861.999472][ T5831] usb 2-1: config 0 descriptor??
[ 2862.486300][ T5831] rc_core: IR keymap rc-hauppauge not found
[ 2862.536929][ T5831] Registered IR keymap rc-empty
[ 2862.552693][T12491] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy
[ 2862.562811][T12491] misc raw-gadget: fail, usb_gadget_register_driver returned -16
[ 2862.637988][ T5831] rc rc0: IgorPlug-USB IR Receiver as /devices/platform/dummy_hcd.1/usb2/2-1/2-1:0.0/rc/rc0
[ 2862.668510][ T5831] input: IgorPlug-USB IR Receiver as /devices/platform/dummy_hcd.1/usb2/2-1/2-1:0.0/rc/rc0/input141
[ 2863.004469][T12516] netlink: 'syz.0.10156': attribute type 10 has an invalid length.
[ 2863.015886][T12516] 8021q: adding VLAN 0 to HW filter on device team0
[ 2863.031611][T12516] bond0: (slave team0): Enslaving as an active interface with an up link
[ 2863.296361][ T5831] usb 6-1: new high-speed USB device number 10 using dummy_hcd
[ 2863.373199][ T5955] usbhid 4-1:0.1: can't add hid device: -71
[ 2863.400058][ T5955] usbhid 4-1:0.1: probe with driver usbhid failed with error -71
[ 2863.433360][ T5955] usb 4-1: USB disconnect, device number 122
[ 2863.470471][ T5831] usb 6-1: Using ep0 maxpacket: 8
[ 2863.489692][ T5831] usb 6-1: config 0 has an invalid interface number: 143 but max is 0
[ 2863.499720][ T5831] usb 6-1: config 0 has no interface number 0
[ 2863.510502][ T5831] usb 6-1: New USB device found, idVendor=2058, idProduct=1005, bcdDevice=c1.9b
[ 2863.589012][ T5831] usb 6-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[ 2863.592647][T12521] iommufd_mock iommufd_mock0: Adding to iommu group 0
[ 2863.642840][ T5831] usb 6-1: config 0 descriptor??
[ 2863.789193][T12523] QAT: failed to copy from user cfg_data.
[ 2863.819901][ T5831] viperboard 6-1:0.143: version 0.00 found at bus 006 address 010
[ 2863.972027][ T5831] viperboard-i2c viperboard-i2c.2.auto: error -EIO: failure setting i2c_bus_freq to 100
[ 2864.024985][ T5831] viperboard-i2c viperboard-i2c.2.auto: probe with driver viperboard-i2c failed with error -5
[ 2864.251038][ T5831] usb 6-1: USB disconnect, device number 10
[ 2864.572941][ T5915] usb 2-1: USB disconnect, device number 4
[ 2865.064418][T12533] loop4: detected capacity change from 0 to 7
[ 2865.086616][T12533]  loop4: [POWERTEC] p1 p2 p3 p4 p5 p6
[ 2865.106483][T12533] loop4: p1 start 524288 is beyond EOD, truncated
[ 2865.133109][T12533] loop4: p2 size 262144 extends beyond EOD, truncated
[ 2865.153514][T12533] loop4: p3 start 2171142144 is beyond EOD, truncated
[ 2865.166321][T12533] loop4: p4 start 2883584 is beyond EOD, truncated
[ 2865.183749][T12533] loop4: p5 start 65536 is beyond EOD, truncated
[ 2865.234435][T12533] loop4: p6 start 1680801792 is beyond EOD, truncated
[ 2865.362377][ T8102] udevd[8102]: inotify_add_watch(7, /dev/loop4p2, 10) failed: No such file or directory
[ 2865.692956][T12556] netlink: 132 bytes leftover after parsing attributes in process `syz.0.10166'.
[ 2865.835925][T12560] netlink: 88 bytes leftover after parsing attributes in process `syz.3.10169'.
[ 2865.856814][T12547] Bluetooth: hci1: Opcode 0x0c1a failed: -4
[ 2865.863002][T12547] Bluetooth: hci5: Opcode 0x0c1a failed: -4
[ 2865.876710][T12547] Bluetooth: hci4: Opcode 0x0c1a failed: -4
[ 2865.882894][T12547] Bluetooth: hci2: Opcode 0x0c1a failed: -4
[ 2865.889126][T12547] Bluetooth: hci0: Opcode 0x0c1a failed: -4
[ 2865.990416][T12561] netlink: 8 bytes leftover after parsing attributes in process `syz.1.10164'.
[ 2866.273542][ T5831] usb 7-1: new high-speed USB device number 99 using dummy_hcd
[ 2866.516578][ T5831] usb 7-1: Using ep0 maxpacket: 8
[ 2866.527299][ T5831] usb 7-1: config index 0 descriptor too short (expected 301, got 45)
[ 2866.545710][ T5831] usb 7-1: config 16 interface 0 altsetting 0 endpoint 0x5 has invalid wMaxPacketSize 0
[ 2866.633938][ T5831] usb 7-1: config 16 interface 0 altsetting 0 bulk endpoint 0x5 has invalid maxpacket 0
[ 2866.664563][ T5831] usb 7-1: config 16 interface 0 altsetting 0 bulk endpoint 0x8B has invalid maxpacket 32
[ 2866.716486][ T5831] usb 7-1: config 16 interface 0 altsetting 0 has 2 endpoint descriptors, different from the interface descriptor's value: 3
[ 2866.756488][ T5831] usb 7-1: New USB device found, idVendor=ee8d, idProduct=db1e, bcdDevice=61.23
[ 2866.826371][T16112] usb 2-1: new high-speed USB device number 5 using dummy_hcd
[ 2866.842208][ T5831] usb 7-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[ 2866.911719][T12569] Bluetooth: hci1: Opcode 0x0c1a failed: -4
[ 2866.918276][T12569] Bluetooth: hci5: Opcode 0x0c1a failed: -4
[ 2866.924915][T12569] Bluetooth: hci4: Opcode 0x0c1a failed: -4
[ 2866.931281][T12569] Bluetooth: hci2: Opcode 0x0c1a failed: -4
[ 2866.937651][T12569] Bluetooth: hci0: Opcode 0x0c1a failed: -4
[ 2867.062760][T16112] usb 2-1: config 0 has no interfaces?
[ 2867.067040][ T5831] usb 7-1: GET_CAPABILITIES returned 0
[ 2867.071052][T16112] usb 2-1: New USB device found, idVendor=046d, idProduct=c087, bcdDevice= 0.00
[ 2867.073796][ T5831] usbtmc 7-1:16.0: can't read capabilities
[ 2867.111425][T16112] usb 2-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[ 2867.128984][T16112] usb 2-1: config 0 descriptor??
[ 2867.393485][T12559] usbtmc 7-1:16.0: usb_control_msg returned -71
[ 2867.418785][ T5831] usb 7-1: USB disconnect, device number 99
[ 2868.084022][T12589] netlink: 'syz.5.10177': attribute type 64 has an invalid length.
[ 2868.092510][T12589] netlink: 4 bytes leftover after parsing attributes in process `syz.5.10177'.
[ 2868.109679][T12589] A link change request failed with some changes committed already. Interface lo may have been left with an inconsistent configuration, please check.
[ 2868.135688][   T30] audit: type=1326 audit(1771991022.203:8978): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=12583 comm="syz.3.10176" exe="/root/syz-executor" sig=9 arch=c000003e syscall=231 compat=0 ip=0x7f1cb8d9c629 code=0x0
[ 2868.389863][T12595] netlink: 12 bytes leftover after parsing attributes in process `syz.6.10178'.
[ 2868.484782][T12595] 8021q: adding VLAN 0 to HW filter on device bond3
[ 2868.545755][T12597] macvlan3: entered promiscuous mode
[ 2868.625478][T12597] bond3: (slave macvlan3): Enslaving as an active interface with an up link
[ 2869.009374][T13853] Bluetooth: hci2: command 0x0c1a tx timeout
[ 2869.015470][T13853] Bluetooth: hci4: command 0x0419 tx timeout
[ 2869.021558][T13853] Bluetooth: hci5: command 0x040f tx timeout
[ 2869.027677][T13853] Bluetooth: hci1: command 0x041b tx timeout
[ 2869.033662][T13853] Bluetooth: hci0: command 0x0c1a tx timeout
[ 2869.666309][ T5831] usb 2-1: USB disconnect, device number 5
[ 2869.831000][T12609] netlink: 'syz.0.10183': attribute type 10 has an invalid length.
[ 2869.840864][T12609] bond0: (slave wlan1): Opening slave failed
[ 2869.976163][T12611] FAULT_INJECTION: forcing a failure.
[ 2869.976163][T12611] name fail_usercopy, interval 1, probability 0, space 0, times 0
[ 2870.016387][T12611] CPU: 0 UID: 0 PID: 12611 Comm: syz.3.10184 Tainted: G             L      syzkaller #0 PREEMPT(full) 
[ 2870.016408][T12611] Tainted: [L]=SOFTLOCKUP
[ 2870.016412][T12611] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 02/12/2026
[ 2870.016419][T12611] Call Trace:
[ 2870.016424][T12611]  <TASK>
[ 2870.016429][T12611]  dump_stack_lvl+0xe8/0x150
[ 2870.016449][T12611]  should_fail_ex+0x412/0x560
[ 2870.016464][T12611]  _copy_from_user+0x2d/0xb0
[ 2870.016479][T12611]  copy_folio_from_user+0x1e3/0x320
[ 2870.016503][T12611]  mfill_atomic_copy+0xfe0/0x1420
[ 2870.016515][T12611]  ? unwind_get_return_address+0x4d/0x90
[ 2870.016537][T12611]  ? __pfx_mfill_atomic_copy+0x10/0x10
[ 2870.016555][T12611]  userfaultfd_ioctl+0x2c17/0x5130
[ 2870.016571][T12611]  ? kasan_save_track+0x4f/0x80
[ 2870.016581][T12611]  ? kasan_save_track+0x3e/0x80
[ 2870.016598][T12611]  ? __pfx_userfaultfd_ioctl+0x10/0x10
[ 2870.016624][T12611]  ? kasan_quarantine_put+0xbb/0x1f0
[ 2870.016638][T12611]  ? tomoyo_path_number_perm+0x219/0x630
[ 2870.016649][T12611]  ? tomoyo_path_number_perm+0x219/0x630
[ 2870.016661][T12611]  ? do_vfs_ioctl+0x1166/0x1530
[ 2870.016674][T12611]  ? __pfx_do_vfs_ioctl+0x10/0x10
[ 2870.016691][T12611]  ? __mutex_unlock_slowpath+0x1bd/0x7d0
[ 2870.016717][T12611]  ? __fget_files+0x2a/0x420
[ 2870.016733][T12611]  ? __fget_files+0x2a/0x420
[ 2870.016746][T12611]  ? __fget_files+0x3a0/0x420
[ 2870.016759][T12611]  ? __fget_files+0x2a/0x420
[ 2870.016775][T12611]  ? bpf_lsm_file_ioctl+0x9/0x20
[ 2870.016788][T12611]  ? __pfx_userfaultfd_ioctl+0x10/0x10
[ 2870.016803][T12611]  __se_sys_ioctl+0xfc/0x170
[ 2870.016815][T12611]  do_syscall_64+0x14d/0xf80
[ 2870.016831][T12611]  ? entry_SYSCALL_64_after_hwframe+0x77/0x7f
[ 2870.016842][T12611]  ? clear_bhb_loop+0x40/0x90
[ 2870.016854][T12611]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[ 2870.016864][T12611] RIP: 0033:0x7f1cb8d9c629
[ 2870.016876][T12611] Code: ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 e8 ff ff ff f7 d8 64 89 01 48
[ 2870.016885][T12611] RSP: 002b:00007f1cb9c2f028 EFLAGS: 00000246 ORIG_RAX: 0000000000000010
[ 2870.016898][T12611] RAX: ffffffffffffffda RBX: 00007f1cb9015fa0 RCX: 00007f1cb8d9c629
[ 2870.016906][T12611] RDX: 00002000000000c0 RSI: 00000000c028aa03 RDI: 0000000000000003
[ 2870.016913][T12611] RBP: 00007f1cb9c2f090 R08: 0000000000000000 R09: 0000000000000000
[ 2870.016920][T12611] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000002
[ 2870.016926][T12611] R13: 00007f1cb9016038 R14: 00007f1cb9015fa0 R15: 00007f1cb913fa48
[ 2870.016941][T12611]  </TASK>
[ 2870.590001][T12616] xt_connbytes: Forcing CT accounting to be enabled
[ 2870.648361][T12621] xt_hashlimit: size too large, truncated to 1048576
[ 2870.767424][T12624] i2c i2c-0: DVB: adapter 0 frontend 0 frequency 51000000 out of range (51000..2150000)
[ 2871.145212][T12623] pim6reg56: entered allmulticast mode
[ 2871.150849][ T5831] usb 4-1: new high-speed USB device number 123 using dummy_hcd
[ 2871.369473][ T5831] usb 4-1: Using ep0 maxpacket: 16
[ 2871.383973][ T5831] usb 4-1: config 0 has an invalid interface number: 1 but max is 0
[ 2871.432833][ T5831] usb 4-1: config 0 has no interface number 0
[ 2871.460346][ T5831] usb 4-1: config 0 interface 1 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7
[ 2871.493499][ T5831] usb 4-1: config 0 interface 1 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0
[ 2871.544269][ T5831] usb 4-1: New USB device found, idVendor=04d9, idProduct=a081, bcdDevice= 0.00
[ 2871.584179][ T5831] usb 4-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[ 2871.631840][ T5831] usb 4-1: config 0 descriptor??
[ 2872.026355][T29640] usb 2-1: new high-speed USB device number 6 using dummy_hcd
[ 2872.176396][T29640] usb 2-1: Using ep0 maxpacket: 8
[ 2872.183315][T29640] usb 2-1: config 0 has an invalid interface number: 243 but max is 2
[ 2872.236137][T29640] usb 2-1: config 0 has an invalid interface number: 13 but max is 2
[ 2872.250126][T29640] usb 2-1: config 0 has no interface number 0
[ 2872.317310][T29640] usb 2-1: config 0 has no interface number 1
[ 2872.325408][T29640] usb 2-1: config 0 interface 243 has no altsetting 0
[ 2872.333359][T29640] usb 2-1: config 0 interface 13 has no altsetting 0
[ 2872.341900][T29640] usb 2-1: config 0 interface 2 has no altsetting 0
[ 2872.520625][T29640] usb 2-1: New USB device found, idVendor=0582, idProduct=0050, bcdDevice=84.ce
[ 2872.536032][T29640] usb 2-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[ 2872.552130][T29640] usb 2-1: config 0 descriptor??
[ 2872.788056][T29640] usb 2-1: string descriptor 0 read error: -71
[ 2872.821733][T29640] usb 2-1: selecting invalid altsetting 0
[ 2873.074604][T29640] usb 2-1: USB disconnect, device number 6
[ 2873.306170][T12645] netlink: 8 bytes leftover after parsing attributes in process `syz.0.10193'.
[ 2873.351947][T12645] netlink: 8 bytes leftover after parsing attributes in process `syz.0.10193'.
[ 2873.586532][T11917] usb 6-1: new high-speed USB device number 11 using dummy_hcd
[ 2873.750049][T11917] usb 6-1: config index 0 descriptor too short (expected 23569, got 27)
[ 2873.758662][T11917] usb 6-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0
[ 2873.893314][T12656] netlink: 'syz.1.10195': attribute type 4 has an invalid length.
[ 2873.917890][T11917] usb 6-1: New USB device found, idVendor=03eb, idProduct=0002, bcdDevice=ba.c0
[ 2873.927075][T11917] usb 6-1: New USB device strings: Mfr=5, Product=0, SerialNumber=0
[ 2873.935251][T11917] usb 6-1: Manufacturer: syz
[ 2873.945519][T11917] usb 6-1: config 0 descriptor??
[ 2873.986359][ T5915] usb 7-1: new high-speed USB device number 100 using dummy_hcd
[ 2874.026325][T12656] netlink: 'syz.1.10195': attribute type 4 has an invalid length.
[ 2874.137418][ T5915] usb 7-1: Using ep0 maxpacket: 8
[ 2874.176463][T11917] rc_core: IR keymap rc-hauppauge not found
[ 2874.194500][T12647] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy
[ 2874.206892][T11917] Registered IR keymap rc-empty
[ 2874.225292][T11917] rc rc0: IgorPlug-USB IR Receiver as /devices/platform/dummy_hcd.5/usb6/6-1/6-1:0.0/rc/rc0
[ 2874.226725][T12647] misc raw-gadget: fail, usb_gadget_register_driver returned -16
[ 2874.268687][ T5831] usbhid 4-1:0.1: can't add hid device: -71
[ 2874.274713][ T5831] usbhid 4-1:0.1: probe with driver usbhid failed with error -71
[ 2874.292298][T11917] input: IgorPlug-USB IR Receiver as /devices/platform/dummy_hcd.5/usb6/6-1/6-1:0.0/rc/rc0/input142
[ 2874.314908][ T5831] usb 4-1: USB disconnect, device number 123
[ 2874.327841][ T5915] usb 7-1: config index 0 descriptor too short (expected 301, got 45)
[ 2874.355590][ T5915] usb 7-1: config 16 interface 0 altsetting 0 endpoint 0x5 has invalid wMaxPacketSize 0
[ 2874.383133][ T5915] usb 7-1: config 16 interface 0 altsetting 0 bulk endpoint 0x5 has invalid maxpacket 0
[ 2874.537645][T12668] FAULT_INJECTION: forcing a failure.
[ 2874.537645][T12668] name fail_usercopy, interval 1, probability 0, space 0, times 0
[ 2874.592423][T12668] CPU: 1 UID: 0 PID: 12668 Comm: syz.3.10199 Tainted: G             L      syzkaller #0 PREEMPT(full) 
[ 2874.592455][T12668] Tainted: [L]=SOFTLOCKUP
[ 2874.592463][T12668] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 02/12/2026
[ 2874.592475][T12668] Call Trace:
[ 2874.592484][T12668]  <TASK>
[ 2874.592492][T12668]  dump_stack_lvl+0xe8/0x150
[ 2874.592515][T12668]  should_fail_ex+0x412/0x560
[ 2874.592530][T12668]  _copy_from_iter+0x1d3/0x1670
[ 2874.592545][T12668]  ? rcu_is_watching+0x15/0xb0
[ 2874.592563][T12668]  ? __pfx__copy_from_iter+0x10/0x10
[ 2874.592592][T12668]  ? netlink_sendmsg+0x650/0xb40
[ 2874.592614][T12668]  ? skb_put+0x11b/0x210
[ 2874.592642][T12668]  netlink_sendmsg+0x6c0/0xb40
[ 2874.592666][T12668]  ? __pfx_netlink_sendmsg+0x10/0x10
[ 2874.592680][T12668]  ? aa_sock_msg_perm+0xf1/0x1b0
[ 2874.592693][T12668]  ? bpf_lsm_socket_sendmsg+0x9/0x20
[ 2874.592706][T12668]  __sys_sendto+0x709/0x7a0
[ 2874.592729][T12668]  ? __pfx___sys_sendto+0x10/0x10
[ 2874.592774][T12668]  ? exc_page_fault+0x6a/0xc0
[ 2874.592803][T12668]  ? do_user_addr_fault+0xc6f/0x1340
[ 2874.592819][T12668]  __x64_sys_sendto+0xde/0x100
[ 2874.592835][T12668]  do_syscall_64+0x14d/0xf80
[ 2874.592850][T12668]  ? trace_irq_disable+0x3b/0x150
[ 2874.592867][T12668]  ? entry_SYSCALL_64_after_hwframe+0x77/0x7f
[ 2874.592887][T12668]  ? clear_bhb_loop+0x40/0x90
[ 2874.592910][T12668]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[ 2874.592929][T12668] RIP: 0033:0x7f1cb8d5cece
[ 2874.592946][T12668] Code: 08 0f 85 a5 a8 ff ff 49 89 fb 48 89 f0 48 89 d7 48 89 ce 4c 89 c2 4d 89 ca 4c 8b 44 24 08 4c 8b 4c 24 10 4c 89 5c 24 08 0f 05 <c3> 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 80 00 00 00 00 48 83 ec 08
[ 2874.592956][T12668] RSP: 002b:00007f1cb9c2de88 EFLAGS: 00000246 ORIG_RAX: 000000000000002c
[ 2874.592969][T12668] RAX: ffffffffffffffda RBX: 00007f1cb9c2f6c0 RCX: 00007f1cb8d5cece
[ 2874.592976][T12668] RDX: 0000000000000020 RSI: 00007f1cb9c2e000 RDI: 0000000000000003
[ 2874.592983][T12668] RBP: 0000000000000000 R08: 00007f1cb9c2df04 R09: 000000000000000c
[ 2874.592990][T12668] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000003
[ 2874.592996][T12668] R13: 00007f1cb9c2df58 R14: 00007f1cb9c2e000 R15: 0000000000000000
[ 2874.593013][T12668]  </TASK>
[ 2874.807876][ T5915] usb 7-1: config 16 interface 0 altsetting 0 bulk endpoint 0x8B has invalid maxpacket 32
[ 2874.817893][ T5915] usb 7-1: config 16 interface 0 altsetting 0 has 2 endpoint descriptors, different from the interface descriptor's value: 3
[ 2874.830967][ T5915] usb 7-1: New USB device found, idVendor=ee8d, idProduct=db1e, bcdDevice=61.23
[ 2874.840125][ T5915] usb 7-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[ 2875.334680][ T5915] usb 7-1: GET_CAPABILITIES returned 0
[ 2875.340268][ T5915] usbtmc 7-1:16.0: can't read capabilities
[ 2875.666000][ T5955] usb 7-1: USB disconnect, device number 100
[ 2875.674078][T12655] usbtmc 7-1:16.0: usb_control_msg returned -71
[ 2876.526415][ T5955] usb 6-1: USB disconnect, device number 11
[ 2876.669219][T12692] iommufd_mock iommufd_mock0: Adding to iommu group 0
[ 2876.924302][T12699] netlink: 'syz.6.10208': attribute type 1 has an invalid length.
[ 2877.085359][T12699] 8021q: adding VLAN 0 to HW filter on device bond4
[ 2877.133046][T12706] bond4: up delay (35976) is not a multiple of miimon (100), value rounded to 35900 ms
[ 2877.219989][T12706] bond4: entered allmulticast mode
[ 2877.365511][T12709] bond4: (slave ip6gretap1): Enslaving as an active interface with an up link
[ 2877.426353][T12710] sch_tbf: burst 19872 is lower than device lo mtu (11337746) !
[ 2877.810870][ T5955] usb 6-1: new high-speed USB device number 12 using dummy_hcd
[ 2877.868913][T12717] Bluetooth: hci1: Opcode 0x0c1a failed: -4
[ 2877.897290][T12717] Bluetooth: hci5: Opcode 0x0c1a failed: -4
[ 2877.907557][T12717] Bluetooth: hci4: Opcode 0x0c1a failed: -4
[ 2877.914276][T12717] Bluetooth: hci2: Opcode 0x0c1a failed: -4
[ 2877.926601][T12717] Bluetooth: hci0: Opcode 0x0c1a failed: -4
[ 2877.996303][ T5955] usb 6-1: Using ep0 maxpacket: 16
[ 2878.007764][ T5955] usb 6-1: New USB device found, idVendor=05ac, idProduct=0241, bcdDevice= 0.00
[ 2878.026565][ T5955] usb 6-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[ 2878.045512][ T5955] usb 6-1: config 0 descriptor??
[ 2878.130986][ T5955] input: bcm5974 as /devices/platform/dummy_hcd.5/usb6/6-1/6-1:0.0/input/input143
[ 2878.385468][T12729] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy
[ 2878.407081][T12729] misc raw-gadget: fail, usb_gadget_register_driver returned -16
[ 2879.608238][ T5179] bcm5974 6-1:0.0: could not read from device
[ 2879.620324][T12748] netlink: 36 bytes leftover after parsing attributes in process `syz.6.10219'.
[ 2879.654960][ T5179] bcm5974 6-1:0.0: could not read from device
[ 2879.669195][ T5955] usb 6-1: USB disconnect, device number 12
[ 2879.689969][ T8102] bcm5974 6-1:0.0: could not read from device
[ 2879.768239][T12752] syzkaller1: entered promiscuous mode
[ 2879.779147][T12752] syzkaller1: entered allmulticast mode
[ 2879.956572][T11917] usb 4-1: new high-speed USB device number 124 using dummy_hcd
[ 2879.971602][  T757] Bluetooth: hci2: command 0x0c1a tx timeout
[ 2879.971628][ T1666] Bluetooth: hci0: command 0x0c1a tx timeout
[ 2879.977784][T13853] Bluetooth: hci5: command 0x040f tx timeout
[ 2879.977817][T13853] Bluetooth: hci4: command 0x0419 tx timeout
[ 2879.977845][T13853] Bluetooth: hci1: command 0x041b tx timeout
[ 2880.119732][   T30] audit: type=1326 audit(1771991034.183:8979): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=12757 comm="syz.0.10224" exe="/root/syz-executor" sig=9 arch=c000003e syscall=231 compat=0 ip=0x7fde9a79c629 code=0x0
[ 2880.166467][T11917] usb 4-1: Using ep0 maxpacket: 8
[ 2880.184932][T11917] usb 4-1: New USB device found, idVendor=046d, idProduct=08dd, bcdDevice=ff.f4
[ 2880.204545][T11917] usb 4-1: New USB device strings: Mfr=8, Product=2, SerialNumber=3
[ 2880.268002][T11917] usb 4-1: Product: syz
[ 2880.272218][T11917] usb 4-1: Manufacturer: syz
[ 2880.279746][T11917] usb 4-1: SerialNumber: syz
[ 2880.281618][T12765] netlink: 64 bytes leftover after parsing attributes in process `syz.5.10225'.
[ 2880.294612][T11917] usb 4-1: config 0 descriptor??
[ 2880.303660][T12765] syzkaller1: entered promiscuous mode
[ 2880.342033][T11917] gspca_main: gspca_zc3xx-2.14.0 probing 046d:08dd
[ 2880.405549][T12765] syzkaller1: entered allmulticast mode
[ 2880.498177][T12768] netlink: 'syz.1.10226': attribute type 10 has an invalid length.
[ 2880.544713][T12751] loop4: detected capacity change from 0 to 7
[ 2880.561022][T12751] buffer_io_error: 210 callbacks suppressed
[ 2880.561040][T12751] Buffer I/O error on dev loop4, logical block 0, async page read
[ 2880.605388][T12751] Buffer I/O error on dev loop4, logical block 0, async page read
[ 2880.624203][T12751] Buffer I/O error on dev loop4, logical block 0, async page read
[ 2880.676282][T12769] Invalid logical block size (4)
[ 2880.681704][T12751] Buffer I/O error on dev loop4, logical block 0, async page read
[ 2881.246414][T11917] gspca_zc3xx: reg_w_i err -110
[ 2881.251411][T11917] gspca_zc3xx 4-1:0.0: probe with driver gspca_zc3xx failed with error -110
[ 2881.265135][T12751] Buffer I/O error on dev loop4, logical block 0, async page read
[ 2881.304486][T12751] Buffer I/O error on dev loop4, logical block 0, async page read
[ 2881.413860][T12751] Buffer I/O error on dev loop4, logical block 0, async page read
[ 2881.436684][T12779] FAULT_INJECTION: forcing a failure.
[ 2881.436684][T12779] name fail_usercopy, interval 1, probability 0, space 0, times 0
[ 2881.446867][T12751] ldm_validate_partition_table(): Disk read failed.
[ 2881.460461][T12751] Buffer I/O error on dev loop4, logical block 0, async page read
[ 2881.475004][T12751] Buffer I/O error on dev loop4, logical block 0, async page read
[ 2881.504352][T12751] Buffer I/O error on dev loop4, logical block 0, async page read
[ 2881.522426][T12779] CPU: 1 UID: 0 PID: 12779 Comm: syz.5.10229 Tainted: G             L      syzkaller #0 PREEMPT(full) 
[ 2881.522456][T12779] Tainted: [L]=SOFTLOCKUP
[ 2881.522464][T12779] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 02/12/2026
[ 2881.522475][T12779] Call Trace:
[ 2881.522483][T12779]  <TASK>
[ 2881.522492][T12779]  dump_stack_lvl+0xe8/0x150
[ 2881.522523][T12779]  should_fail_ex+0x412/0x560
[ 2881.522549][T12779]  _copy_from_user+0x2d/0xb0
[ 2881.522576][T12779]  copy_folio_from_user+0x1e3/0x320
[ 2881.522611][T12779]  mfill_atomic_copy+0xfe0/0x1420
[ 2881.522632][T12779]  ? unwind_get_return_address+0x4d/0x90
[ 2881.522672][T12779]  ? __pfx_mfill_atomic_copy+0x10/0x10
[ 2881.522704][T12779]  userfaultfd_ioctl+0x2c17/0x5130
[ 2881.522731][T12779]  ? kasan_save_track+0x4f/0x80
[ 2881.522748][T12779]  ? kasan_save_track+0x3e/0x80
[ 2881.522778][T12779]  ? __pfx_userfaultfd_ioctl+0x10/0x10
[ 2881.522829][T12779]  ? kasan_quarantine_put+0xbb/0x1f0
[ 2881.522855][T12779]  ? tomoyo_path_number_perm+0x219/0x630
[ 2881.522876][T12779]  ? tomoyo_path_number_perm+0x219/0x630
[ 2881.522899][T12779]  ? do_vfs_ioctl+0x1166/0x1530
[ 2881.522921][T12779]  ? __pfx_do_vfs_ioctl+0x10/0x10
[ 2881.522952][T12779]  ? __mutex_unlock_slowpath+0x1bd/0x7d0
[ 2881.523004][T12779]  ? __fget_files+0x2a/0x420
[ 2881.523032][T12779]  ? __fget_files+0x2a/0x420
[ 2881.523055][T12779]  ? __fget_files+0x3a0/0x420
[ 2881.523079][T12779]  ? __fget_files+0x2a/0x420
[ 2881.523106][T12779]  ? bpf_lsm_file_ioctl+0x9/0x20
[ 2881.523132][T12779]  ? __pfx_userfaultfd_ioctl+0x10/0x10
[ 2881.523156][T12779]  __se_sys_ioctl+0xfc/0x170
[ 2881.523177][T12779]  do_syscall_64+0x14d/0xf80
[ 2881.523199][T12779]  ? trace_irq_disable+0x3b/0x150
[ 2881.523223][T12779]  ? entry_SYSCALL_64_after_hwframe+0x77/0x7f
[ 2881.523242][T12779]  ? clear_bhb_loop+0x40/0x90
[ 2881.523265][T12779]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[ 2881.523284][T12779] RIP: 0033:0x7f6e27d9c629
[ 2881.523303][T12779] Code: ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 e8 ff ff ff f7 d8 64 89 01 48
[ 2881.523318][T12779] RSP: 002b:00007f6e28bfa028 EFLAGS: 00000246 ORIG_RAX: 0000000000000010
[ 2881.523339][T12779] RAX: ffffffffffffffda RBX: 00007f6e28015fa0 RCX: 00007f6e27d9c629
[ 2881.523352][T12779] RDX: 00002000000000c0 RSI: 00000000c028aa03 RDI: 0000000000000003
[ 2881.523364][T12779] RBP: 00007f6e28bfa090 R08: 0000000000000000 R09: 0000000000000000
[ 2881.523375][T12779] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000002
[ 2881.523386][T12779] R13: 00007f6e28016038 R14: 00007f6e28015fa0 R15: 00007f6e2813fa48
[ 2881.523415][T12779]  </TASK>
[ 2881.532568][T12751] Dev loop4: unable to read RDB block 0
[ 2881.803868][T12751]  loop4: unable to read partition table
[ 2881.809885][T12751] loop4: partition table beyond EOD, truncated
[ 2881.841203][T12751] loop_reread_partitions: partition scan of loop4 (���������S�j��	���%��`��ր����5) failed (rc=-5)
[ 2882.557477][T12797] netlink: 'syz.5.10234': attribute type 4 has an invalid length.
[ 2882.565654][T12797] netlink: 152 bytes leftover after parsing attributes in process `syz.5.10234'.
[ 2882.578755][T12797] A link change request failed with some changes committed already. Interface bond0 may have been left with an inconsistent configuration, please check.
[ 2882.780187][T12803] netlink: 132 bytes leftover after parsing attributes in process `syz.5.10236'.
[ 2883.096845][T16112] usb 6-1: new high-speed USB device number 13 using dummy_hcd
[ 2883.111012][T12810] netlink: 324 bytes leftover after parsing attributes in process `syz.6.10237'.
[ 2883.170226][ T5915] usb 4-1: USB disconnect, device number 124
[ 2883.256566][T16112] usb 6-1: device descriptor read/64, error -71
[ 2883.496370][T16112] usb 6-1: new high-speed USB device number 14 using dummy_hcd
[ 2883.666781][T16112] usb 6-1: device descriptor read/64, error -71
[ 2883.807803][T16112] usb usb6-port1: attempt power cycle
[ 2883.829593][   T30] audit: type=1326 audit(1771991037.903:8980): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=12820 comm="syz.1.10241" exe="/root/syz-executor" sig=9 arch=c000003e syscall=231 compat=0 ip=0x7f1fe499c629 code=0x0
[ 2884.245535][T16112] usb 6-1: new high-speed USB device number 15 using dummy_hcd
[ 2884.312624][T16112] usb 6-1: device descriptor read/8, error -71
[ 2884.596452][T16112] usb 6-1: new high-speed USB device number 16 using dummy_hcd
[ 2884.818756][T16112] usb 6-1: device descriptor read/8, error -71
[ 2885.136945][T16112] usb usb6-port1: unable to enumerate USB device
[ 2885.884246][T12849] loop5: detected capacity change from 0 to 7
[ 2886.113810][ T8102] Dev loop5: unable to read RDB block 7
[ 2886.123028][ T8102]  loop5: unable to read partition table
[ 2886.133865][ T8102] loop5: partition table beyond EOD, truncated
[ 2886.326311][T16112] usb 4-1: new high-speed USB device number 125 using dummy_hcd
[ 2886.343304][T12849] Dev loop5: unable to read RDB block 7
[ 2886.349117][T12849]  loop5: unable to read partition table
[ 2886.355849][T12849] loop5: partition table beyond EOD, truncated
[ 2886.363609][T12849] loop_reread_partitions: partition scan of loop5 (���������C�j̖�P=ý?�}X���	���%��`��ր���{��֐�ȵ4FLQk݊) failed (rc=-5)
[ 2886.519655][T16112] usb 4-1: Using ep0 maxpacket: 32
[ 2886.557526][T12860] fuse: Bad value for 'fd'
[ 2886.582456][T16112] usb 4-1: config 0 has no interfaces?
[ 2886.692590][T16112] usb 4-1: New USB device found, idVendor=0499, idProduct=102a, bcdDevice=85.2d
[ 2886.749990][T12863] netdevsim netdevsim6: Firmware load for './file0/../file0/file0' refused, path contains '..' component
[ 2886.778122][T16112] usb 4-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[ 2886.800294][T16112] usb 4-1: Product: syz
[ 2886.804502][T16112] usb 4-1: Manufacturer: syz
[ 2886.830889][T16112] usb 4-1: SerialNumber: syz
[ 2886.839571][T16112] usb 4-1: config 0 descriptor??
[ 2886.850976][T12863] bridge_slave_0: left allmulticast mode
[ 2886.930756][T12869] netlink: 'syz.6.10250': attribute type 10 has an invalid length.
[ 2887.057211][T12870] netlink: 4 bytes leftover after parsing attributes in process `syz.6.10250'.
[ 2887.302371][T12863] bridge_slave_0: left promiscuous mode
[ 2887.455569][T12853] netlink: 16 bytes leftover after parsing attributes in process `syz.3.10248'.
[ 2887.465734][T12863] bridge0: port 1(bridge_slave_0) entered disabled state
[ 2887.497199][T12863] bridge_slave_1: left allmulticast mode
[ 2887.547609][T12863] bridge_slave_1: left promiscuous mode
[ 2887.584286][T12863] bridge0: port 2(bridge_slave_1) entered disabled state
[ 2887.688059][T12863] bond0: (slave bond_slave_0): Releasing backup interface
[ 2887.858856][T12863] bond0: (slave bond_slave_1): Releasing backup interface
[ 2887.958364][T12863] batman_adv: batadv0: Removing interface: batadv_slave_0
[ 2888.044620][T12863] batman_adv: batadv0: Removing interface: batadv_slave_1
[ 2888.079382][T12863] A link change request failed with some changes committed already. Interface hsr_slave_0 may have been left with an inconsistent configuration, please check.
[ 2889.038303][T12882] tipc: Enabled bearer <eth:syzkaller0>, priority 0
[ 2889.045657][T12884] syzkaller0: entered promiscuous mode
[ 2889.051928][T12884] syzkaller0: entered allmulticast mode
[ 2889.157505][ T5915] usb 6-1: new high-speed USB device number 17 using dummy_hcd
[ 2889.336388][ T5915] usb 6-1: Using ep0 maxpacket: 8
[ 2889.348198][ T5915] usb 6-1: unable to get BOS descriptor or descriptor too short
[ 2889.376341][ T5915] usb 6-1: config 8 has an invalid interface number: 219 but max is 1
[ 2889.394733][ T5915] usb 6-1: config 8 has an invalid interface number: 253 but max is 1
[ 2889.425890][ T5915] usb 6-1: config 8 has no interface number 0
[ 2889.466776][ T5915] usb 6-1: config 8 has no interface number 1
[ 2889.488119][ T5915] usb 6-1: config 8 interface 219 has no altsetting 0
[ 2889.511477][ T5915] usb 6-1: config 8 interface 253 has no altsetting 0
[ 2889.519566][ T5955] usb 4-1: USB disconnect, device number 125
[ 2889.582092][ T5915] usb 6-1: New USB device found, idVendor=0413, idProduct=6023, bcdDevice=67.df
[ 2889.614892][ T5915] usb 6-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[ 2889.643431][ T5915] usb 6-1: Product: syz
[ 2889.656386][ T5915] usb 6-1: Manufacturer: syz
[ 2889.672345][ T5915] usb 6-1: SerialNumber: syz
[ 2889.700118][T12905] netlink: 64 bytes leftover after parsing attributes in process `syz.3.10258'.
[ 2890.076274][ T5955] usb 2-1: new high-speed USB device number 7 using dummy_hcd
[ 2890.174313][ T5831] tipc: Node number set to 532329357
[ 2890.670349][ T5955] usb 2-1: Using ep0 maxpacket: 8
[ 2890.699585][ T5955] usb 2-1: unable to get BOS descriptor or descriptor too short
[ 2890.733995][ T5955] usb 2-1: config 8 has an invalid interface number: 219 but max is 1
[ 2890.784099][ T5955] usb 2-1: config 8 has an invalid interface number: 253 but max is 1
[ 2890.807695][ T5955] usb 2-1: config 8 has no interface number 0
[ 2890.836374][ T5955] usb 2-1: config 8 has no interface number 1
[ 2890.842518][ T5955] usb 2-1: config 8 interface 219 has no altsetting 0
[ 2890.856414][ T5831] usb 4-1: new high-speed USB device number 126 using dummy_hcd
[ 2890.894973][ T5955] usb 2-1: config 8 interface 253 has no altsetting 0
[ 2890.945784][ T5955] usb 2-1: New USB device found, idVendor=0413, idProduct=6023, bcdDevice=67.df
[ 2890.974033][ T5955] usb 2-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[ 2891.009306][ T5955] usb 2-1: Product: syz
[ 2891.176283][ T5831] usb 4-1: Using ep0 maxpacket: 8
[ 2891.196398][ T5955] usb 2-1: Manufacturer: syz
[ 2891.216771][ T5831] usb 4-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config
[ 2891.237954][ T5955] usb 2-1: SerialNumber: syz
[ 2891.299661][ T5831] usb 4-1: New USB device found, idVendor=046d, idProduct=0892, bcdDevice=6d.2a
[ 2891.315757][T12918] Bluetooth: hci1: Opcode 0x0c1a failed: -4
[ 2891.353718][T12918] Bluetooth: hci5: Opcode 0x0c1a failed: -4
[ 2891.374472][ T5831] usb 4-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[ 2891.384293][T12918] Bluetooth: hci4: Opcode 0x0c1a failed: -4
[ 2891.394917][T12918] Bluetooth: hci2: Opcode 0x0c1a failed: -4
[ 2891.431151][ T5831] usb 4-1: config 0 descriptor??
[ 2891.455077][T12922] fuse: Bad value for 'fd'
[ 2891.474315][T12918] Bluetooth: hci0: Opcode 0x0c1a failed: -4
[ 2891.500957][ T5831] gspca_main: vc032x-2.14.0 probing 046d:0892
[ 2891.694717][T12925] netlink: 36 bytes leftover after parsing attributes in process `syz.0.10263'.
[ 2892.362153][ T5831] gspca_vc032x: reg_r err -71
[ 2892.382378][ T5831] vc032x 4-1:0.0: probe with driver vc032x failed with error -71
[ 2892.634514][ T5831] usb 4-1: USB disconnect, device number 126
[ 2893.319173][ T1666] Bluetooth: hci1: command 0x041b tx timeout
[ 2893.396967][ T6511] Bluetooth: hci5: command 0x040f tx timeout
[ 2893.403088][ T1666] Bluetooth: hci4: command 0x0419 tx timeout
[ 2893.486710][ T1666] Bluetooth: hci2: command 0x0c1a tx timeout
[ 2893.556349][ T1666] Bluetooth: hci0: command 0x0c1a tx timeout
[ 2893.960177][ T5915] em28xx 6-1:8.219: audio device (0413:6023): interface 219, class 1
[ 2893.976461][T12941] Bluetooth: hci1: Opcode 0x0c1a failed: -4
[ 2893.992319][T12941] Bluetooth: hci5: Opcode 0x0c1a failed: -4
[ 2894.013167][   T30] audit: type=1326 audit(1771991048.083:8981): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=12944 comm="syz.6.10269" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f31f9f9c629 code=0x7ffc0000
[ 2894.057124][T12941] Bluetooth: hci4: Opcode 0x0c1a failed: -4
[ 2894.076699][T12941] Bluetooth: hci2: Opcode 0x0c1a failed: -4
[ 2894.083163][ T5915] usb 6-1: USB disconnect, device number 17
[ 2894.147826][T12941] Bluetooth: hci0: Opcode 0x0c1a failed: -4
[ 2894.307839][   T30] audit: type=1326 audit(1771991048.113:8982): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=12944 comm="syz.6.10269" exe="/root/syz-executor" sig=0 arch=c000003e syscall=53 compat=0 ip=0x7f31f9f9c629 code=0x7ffc0000
[ 2894.425829][   T30] audit: type=1326 audit(1771991048.113:8983): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=12944 comm="syz.6.10269" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f31f9f9c629 code=0x7ffc0000
[ 2894.547025][   T30] audit: type=1326 audit(1771991048.113:8984): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=12944 comm="syz.6.10269" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f31f9f9c629 code=0x7ffc0000
[ 2894.634100][   T30] audit: type=1326 audit(1771991048.113:8985): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=12944 comm="syz.6.10269" exe="/root/syz-executor" sig=0 arch=c000003e syscall=42 compat=0 ip=0x7f31f9f9c629 code=0x7ffc0000
[ 2894.714686][   T30] audit: type=1326 audit(1771991048.113:8986): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=12944 comm="syz.6.10269" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f31f9f9c629 code=0x7ffc0000
[ 2894.786440][   T30] audit: type=1326 audit(1771991048.113:8987): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=12944 comm="syz.6.10269" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f31f9f9c629 code=0x7ffc0000
[ 2894.986820][T12950] netlink: 64 bytes leftover after parsing attributes in process `syz.5.10270'.
[ 2895.026480][   T30] audit: type=1326 audit(1771991048.113:8988): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=12944 comm="syz.6.10269" exe="/root/syz-executor" sig=0 arch=c000003e syscall=307 compat=0 ip=0x7f31f9f9c629 code=0x7ffc0000
[ 2895.217266][T12954] netlink: 'syz.5.10271': attribute type 10 has an invalid length.
[ 2895.229758][T12954] 8021q: adding VLAN 0 to HW filter on device batadv0
[ 2895.248110][T12954] bond0: (slave batadv0): Enslaving as an active interface with an up link
[ 2895.277313][T12955] netlink: 'syz.5.10271': attribute type 10 has an invalid length.
[ 2895.316458][T12955] netlink: 40 bytes leftover after parsing attributes in process `syz.5.10271'.
[ 2895.356067][T12955] batadv0: entered promiscuous mode
[ 2895.364445][T12955] batadv0: entered allmulticast mode
[ 2895.402115][T12955] bond0: (slave batadv0): Releasing backup interface
[ 2895.485806][T12955] A link change request failed with some changes committed already. Interface batadv0 may have been left with an inconsistent configuration, please check.
[ 2895.736300][ T1666] Bluetooth: hci1: command 0x041b tx timeout
[ 2896.044675][ T1666] Bluetooth: hci5: command 0x040f tx timeout
[ 2896.116409][ T1666] Bluetooth: hci2: command 0x0c1a tx timeout
[ 2896.122485][ T6511] Bluetooth: hci4: command 0x0419 tx timeout
[ 2896.276289][ T1666] Bluetooth: hci0: command 0x0c1a tx timeout
[ 2896.447250][ T5955] em28xx 2-1:8.219: audio device (0413:6023): interface 219, class 1
[ 2897.159258][   T30] audit: type=1326 audit(1771991051.203:8989): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=12976 comm="syz.0.10277" exe="/root/syz-executor" sig=9 arch=c000003e syscall=231 compat=0 ip=0x7fde9a79c629 code=0x0
[ 2897.289031][ T5955] usb 2-1: USB disconnect, device number 7
[ 2897.631985][T12985] netlink: 16 bytes leftover after parsing attributes in process `syz.1.10278'.
[ 2898.066391][ T5955] usb 2-1: new full-speed USB device number 8 using dummy_hcd
[ 2898.094599][T12994] netlink: 64 bytes leftover after parsing attributes in process `syz.3.10281'.
[ 2898.120802][ T1303] ieee802154 phy0 wpan0: encryption failed: -22
[ 2898.127296][ T1303] ieee802154 phy1 wpan1: encryption failed: -22
[ 2898.295332][ T5955] usb 2-1: config index 0 descriptor too short (expected 28277, got 36)
[ 2898.526356][ T5955] usb 2-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config
[ 2898.692192][ T5955] usb 2-1: config 0 has no interfaces?
[ 2898.702472][ T5955] usb 2-1: New USB device found, idVendor=056a, idProduct=0063, bcdDevice= 0.00
[ 2898.712505][ T5955] usb 2-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[ 2898.723315][ T5955] usb 2-1: config 0 descriptor??
[ 2899.088901][ T5915] usb 7-1: new high-speed USB device number 101 using dummy_hcd
[ 2899.338595][ T5915] usb 7-1: Using ep0 maxpacket: 8
[ 2899.384211][ T5915] usb 7-1: unable to get BOS descriptor or descriptor too short
[ 2899.404495][ T5915] usb 7-1: config 8 has an invalid interface number: 219 but max is 1
[ 2899.462112][ T5915] usb 7-1: config 8 has an invalid interface number: 253 but max is 1
[ 2899.483395][ T5915] usb 7-1: config 8 has no interface number 0
[ 2899.519877][ T5915] usb 7-1: config 8 has no interface number 1
[ 2899.549954][ T5915] usb 7-1: config 8 interface 219 has no altsetting 0
[ 2899.594235][ T5915] usb 7-1: config 8 interface 253 has no altsetting 0
[ 2899.649443][ T5915] usb 7-1: New USB device found, idVendor=0413, idProduct=6023, bcdDevice=67.df
[ 2899.690045][ T5915] usb 7-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[ 2899.738180][ T5915] usb 7-1: Product: syz
[ 2899.759202][ T5915] usb 7-1: Manufacturer: syz
[ 2899.783858][ T5915] usb 7-1: SerialNumber: syz
[ 2900.811629][T16112] usb 2-1: USB disconnect, device number 8
[ 2901.742514][T13042] Bluetooth: hci1: Opcode 0x0c1a failed: -4
[ 2901.750598][T13042] Bluetooth: hci5: Opcode 0x0c1a failed: -4
[ 2901.756882][T13042] Bluetooth: hci4: Opcode 0x0c1a failed: -4
[ 2901.763210][T13042] Bluetooth: hci2: Opcode 0x0c1a failed: -4
[ 2901.769407][T13042] Bluetooth: hci0: Opcode 0x0c1a failed: -4
[ 2901.862197][T13048] loop4: detected capacity change from 0 to 7
[ 2901.869072][T13048]  loop4: [POWERTEC] p1 p2 p3 p4 p5 p6
[ 2901.874780][T13048] loop4: p1 start 524288 is beyond EOD, truncated
[ 2901.884355][T13048] loop4: p2 size 262144 extends beyond EOD, truncated
[ 2901.981437][T13048] loop4: p3 start 2171142144 is beyond EOD, truncated
[ 2901.996327][T13048] loop4: p4 start 2883584 is beyond EOD, truncated
[ 2902.011685][T13048] loop4: p5 start 65536 is beyond EOD, truncated
[ 2902.049979][T13048] loop4: p6 start 1680801792 is beyond EOD, truncated
[ 2902.588309][T13050] syzkaller1: entered promiscuous mode
[ 2902.593821][T13050] syzkaller1: entered allmulticast mode
[ 2902.630658][ T8103] udevd[8103]: inotify_add_watch(7, /dev/loop4p2, 10) failed: No such file or directory
[ 2903.439102][T13077] netlink: 324 bytes leftover after parsing attributes in process `syz.1.10301'.
[ 2903.638664][  T757] Bluetooth: hci1: command 0x041b tx timeout
[ 2903.685649][ T5915] em28xx 7-1:8.219: audio device (0413:6023): interface 219, class 1
[ 2903.729686][ T5915] usb 7-1: USB disconnect, device number 101
[ 2903.758935][T13082] input: syz0 as /devices/virtual/input/input144
[ 2903.796576][  T757] Bluetooth: hci0: command 0x0c1a tx timeout
[ 2903.796774][ T6511] Bluetooth: hci4: command 0x0419 tx timeout
[ 2903.808898][ T6511] Bluetooth: hci2: command 0x0c1a tx timeout
[ 2903.809989][  T757] Bluetooth: hci5: command 0x040f tx timeout
[ 2905.566352][ T5955] usb 6-1: new high-speed USB device number 18 using dummy_hcd
[ 2905.686398][T29640] usb 2-1: new high-speed USB device number 9 using dummy_hcd
[ 2905.718067][ T5955] usb 6-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0
[ 2905.728277][ T5955] usb 6-1: New USB device found, idVendor=172f, idProduct=0501, bcdDevice= 0.00
[ 2905.742149][ T5955] usb 6-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[ 2905.836936][T29640] usb 2-1: Using ep0 maxpacket: 8
[ 2905.852992][ T5955] usb 6-1: config 0 descriptor??
[ 2905.864867][T13110] netlink: 8 bytes leftover after parsing attributes in process `syz.1.10314'.
[ 2906.089758][T13121] syzkaller0: entered promiscuous mode
[ 2906.095466][T13121] syzkaller0: entered allmulticast mode
[ 2906.106778][T13108] netlink: 4 bytes leftover after parsing attributes in process `syz.5.10315'.
[ 2906.130648][T13108] macvtap2: entered promiscuous mode
[ 2906.136658][T13108] macvtap2: entered allmulticast mode
[ 2906.143184][T13108] 8021q: adding VLAN 0 to HW filter on device macvtap2
[ 2906.672849][ T5955] usbhid 6-1:0.0: can't add hid device: -71
[ 2906.678991][ T5955] usbhid 6-1:0.0: probe with driver usbhid failed with error -71
[ 2906.692050][ T5955] usb 6-1: USB disconnect, device number 18
[ 2906.967687][T16112] usb 4-1: new high-speed USB device number 127 using dummy_hcd
[ 2907.266409][T16112] usb 4-1: Using ep0 maxpacket: 8
[ 2907.273766][T16112] usb 4-1: config index 0 descriptor too short (expected 301, got 45)
[ 2907.286028][T16112] usb 4-1: config 16 interface 0 altsetting 0 endpoint 0x5 has invalid wMaxPacketSize 0
[ 2907.301224][T16112] usb 4-1: config 16 interface 0 altsetting 0 bulk endpoint 0x5 has invalid maxpacket 0
[ 2907.325423][T16112] usb 4-1: config 16 interface 0 altsetting 0 bulk endpoint 0x8B has invalid maxpacket 32
[ 2907.373624][T16112] usb 4-1: config 16 interface 0 altsetting 0 has 2 endpoint descriptors, different from the interface descriptor's value: 3
[ 2907.434496][T16112] usb 4-1: New USB device found, idVendor=ee8d, idProduct=db1e, bcdDevice=61.23
[ 2907.520413][T16112] usb 4-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[ 2907.801679][T16112] usb 4-1: GET_CAPABILITIES returned 0
[ 2907.808285][T16112] usbtmc 4-1:16.0: can't read capabilities
[ 2908.115094][T16112] usb 4-1: USB disconnect, device number 127
[ 2908.121457][T13125] usbtmc 4-1:16.0: usb_control_msg returned -71
[ 2908.274061][T29640] usb 2-1: unable to get BOS descriptor or descriptor too short
[ 2908.289202][T29640] usb 2-1: unable to read config index 0 descriptor/start: -71
[ 2908.301263][T29640] usb 2-1: can't read configurations, error -71
[ 2910.316329][T16122] usb 2-1: new full-speed USB device number 11 using dummy_hcd
[ 2910.386322][T29640] usb 6-1: new high-speed USB device number 19 using dummy_hcd
[ 2910.436308][T16112] usb 4-1: new high-speed USB device number 2 using dummy_hcd
[ 2910.568552][T16122] usb 2-1: config 0 has an invalid descriptor of length 128, skipping remainder of the config
[ 2910.579214][T29640] usb 6-1: Using ep0 maxpacket: 8
[ 2910.586473][T16112] usb 4-1: Using ep0 maxpacket: 32
[ 2910.591695][T29640] usb 6-1: config index 0 descriptor too short (expected 301, got 45)
[ 2910.600656][T16122] usb 2-1: config 0 interface 0 altsetting 0 has 0 endpoint descriptors, different from the interface descriptor's value: 2
[ 2910.614090][T29640] usb 6-1: config 16 interface 0 altsetting 0 endpoint 0x5 has invalid wMaxPacketSize 0
[ 2910.625260][T29640] usb 6-1: config 16 interface 0 altsetting 0 bulk endpoint 0x5 has invalid maxpacket 0
[ 2910.628051][T16112] usb 4-1: config 0 has no interfaces?
[ 2910.654133][T29640] usb 6-1: config 16 interface 0 altsetting 0 bulk endpoint 0x8B has invalid maxpacket 32
[ 2910.664852][T16122] usb 2-1: New USB device found, idVendor=0755, idProduct=2626, bcdDevice= 0.00
[ 2910.796381][T29640] usb 6-1: config 16 interface 0 altsetting 0 has 2 endpoint descriptors, different from the interface descriptor's value: 3
[ 2910.809690][T16122] usb 2-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[ 2910.827002][T16122] usb 2-1: config 0 descriptor??
[ 2910.836633][T29640] usb 6-1: New USB device found, idVendor=ee8d, idProduct=db1e, bcdDevice=61.23
[ 2910.850611][T16112] usb 4-1: New USB device found, idVendor=0499, idProduct=102a, bcdDevice=85.2d
[ 2910.864217][T16122] usbhid 2-1:0.0: couldn't find an input interrupt endpoint
[ 2910.871676][T16112] usb 4-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[ 2910.879842][T29640] usb 6-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[ 2910.889699][T16112] usb 4-1: Product: syz
[ 2910.893907][T16112] usb 4-1: Manufacturer: syz
[ 2910.899623][T16112] usb 4-1: SerialNumber: syz
[ 2910.916508][T16112] usb 4-1: config 0 descriptor??
[ 2911.108879][T13179] iommufd_mock iommufd_mock0: Adding to iommu group 0
[ 2911.127037][T29640] usb 6-1: GET_CAPABILITIES returned 0
[ 2911.141975][T29640] usbtmc 6-1:16.0: can't read capabilities
[ 2911.337631][T13184] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy
[ 2911.350715][T13184] misc raw-gadget: fail, usb_gadget_register_driver returned -16
[ 2911.398684][T13170] netlink: 16 bytes leftover after parsing attributes in process `syz.3.10333'.
[ 2911.614519][T13187] netlink: 36 bytes leftover after parsing attributes in process `syz.0.10338'.
[ 2911.846516][T11917] usb 6-1: USB disconnect, device number 19
[ 2912.256286][T11917] usb 6-1: new high-speed USB device number 20 using dummy_hcd
[ 2912.476281][T11917] usb 6-1: Using ep0 maxpacket: 8
[ 2912.483312][T11917] usb 6-1: config index 0 descriptor too short (expected 301, got 45)
[ 2912.500145][T11917] usb 6-1: config 16 interface 0 altsetting 0 endpoint 0x5 has invalid wMaxPacketSize 0
[ 2912.510323][T11917] usb 6-1: config 16 interface 0 altsetting 0 bulk endpoint 0x5 has invalid maxpacket 0
[ 2912.520911][T11917] usb 6-1: config 16 interface 0 altsetting 0 bulk endpoint 0x8B has invalid maxpacket 32
[ 2912.531115][T11917] usb 6-1: config 16 interface 0 altsetting 0 has 2 endpoint descriptors, different from the interface descriptor's value: 3
[ 2912.562232][T11917] usb 6-1: New USB device found, idVendor=ee8d, idProduct=db1e, bcdDevice=61.23
[ 2912.578384][T11917] usb 6-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[ 2912.799135][T11917] usb 6-1: GET_CAPABILITIES returned 0
[ 2912.809337][T11917] usbtmc 6-1:16.0: can't read capabilities
[ 2913.110401][T11917] usb 4-1: USB disconnect, device number 2
[ 2913.134702][T13191] usbtmc 6-1:16.0: usb_control_msg returned -71
[ 2913.137941][ T5831] usb 6-1: USB disconnect, device number 20
[ 2913.152394][T29640] usb 2-1: USB disconnect, device number 11
[ 2913.334351][T13212] netlink: 12 bytes leftover after parsing attributes in process `syz.3.10348'.
[ 2913.380000][T13212] 8021q: adding VLAN 0 to HW filter on device bond1
[ 2913.403782][T13215] ipt_REJECT: ECHOREPLY no longer supported.
[ 2913.407925][T13212] macvlan2: entered promiscuous mode
[ 2913.419705][T13212] veth0_to_bond: entered promiscuous mode
[ 2913.436308][ T5955] usb 7-1: new high-speed USB device number 102 using dummy_hcd
[ 2913.441425][T13212] bond1: (slave macvlan2): Enslaving as an active interface with an up link
[ 2913.550418][T13222] netlink: 4 bytes leftover after parsing attributes in process `syz.3.10351'.
[ 2913.586288][ T5955] usb 7-1: device descriptor read/64, error -71
[ 2913.594472][T13221] IPVS: set_ctl: invalid protocol: 0 0.0.0.0:0
[ 2913.601326][T13221] IPVS: set_ctl: invalid protocol: 0 0.0.0.0:0
[ 2913.639582][T13222] team0 (unregistering): Port device team_slave_0 removed
[ 2913.659873][T13224] netlink: 'syz.1.10353': attribute type 10 has an invalid length.
[ 2913.679746][T13222] team0 (unregistering): Port device team_slave_1 removed
[ 2913.698194][T13222] team0 (unregistering): Port device dummy0 removed
[ 2913.856345][ T5955] usb 7-1: new high-speed USB device number 103 using dummy_hcd
[ 2914.006764][ T5955] usb 7-1: device descriptor read/64, error -71
[ 2914.136634][ T5955] usb usb7-port1: attempt power cycle
[ 2914.486596][T16112] usb 4-1: new high-speed USB device number 3 using dummy_hcd
[ 2914.516801][ T5955] usb 7-1: new high-speed USB device number 104 using dummy_hcd
[ 2914.560997][ T5955] usb 7-1: device descriptor read/8, error -71
[ 2914.656468][T16112] usb 4-1: Using ep0 maxpacket: 32
[ 2914.663781][T16112] usb 4-1: config 0 has an invalid interface number: 184 but max is 0
[ 2914.672779][T16112] usb 4-1: config 0 has no interface number 0
[ 2914.680774][T16112] usb 4-1: config 0 interface 184 has no altsetting 0
[ 2914.690642][T16112] usb 4-1: New USB device found, idVendor=0424, idProduct=7500, bcdDevice=69.ee
[ 2914.700562][T16112] usb 4-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[ 2914.708919][T16112] usb 4-1: Product: syz
[ 2914.719834][T16112] usb 4-1: Manufacturer: syz
[ 2914.725905][T16112] usb 4-1: SerialNumber: syz
[ 2914.735861][T16112] usb 4-1: config 0 descriptor??
[ 2914.846289][ T5955] usb 7-1: new high-speed USB device number 105 using dummy_hcd
[ 2914.880464][ T5955] usb 7-1: device descriptor read/8, error -71
[ 2915.006678][ T5955] usb usb7-port1: unable to enumerate USB device
[ 2915.062213][T13244] bridge_slave_0: vlans aren't supported yet for dev_uc|mc_add()
[ 2915.210949][T13248] 8021q: adding VLAN 0 to HW filter on device ipvlan2
[ 2915.237141][T13248] bond0: (slave ipvlan2): enslaved VLAN challenged slave. Adding VLANs will be blocked as long as it is part of bond.
[ 2915.395949][T13253] netlink: 8 bytes leftover after parsing attributes in process `syz.5.10365'.
[ 2916.059255][T16112] smsc75xx 4-1:0.184 (unnamed net_device) (uninitialized): Failed to read reg index 0x00000044: -71
[ 2916.079947][T16112] smsc75xx 4-1:0.184 (unnamed net_device) (uninitialized): Error reading E2P_DATA
[ 2916.103231][T16112] smsc75xx 4-1:0.184 (unnamed net_device) (uninitialized): Failed to read reg index 0x00000014: -71
[ 2916.156255][T16112] smsc75xx 4-1:0.184 (unnamed net_device) (uninitialized): Failed to read PMT_CTL: -71
[ 2916.176385][T16112] smsc75xx 4-1:0.184 (unnamed net_device) (uninitialized): device not ready in smsc75xx_reset
[ 2916.250310][T16112] smsc75xx 4-1:0.184 (unnamed net_device) (uninitialized): smsc75xx_reset error -71
[ 2916.272566][T16112] smsc75xx 4-1:0.184: probe with driver smsc75xx failed with error -71
[ 2916.292380][T16112] usb 4-1: USB disconnect, device number 3
[ 2916.959890][T13272] netlink: 44 bytes leftover after parsing attributes in process `syz.3.10372'.
[ 2917.218472][T29640] usb 4-1: new high-speed USB device number 4 using dummy_hcd
[ 2917.377168][T29640] usb 4-1: Using ep0 maxpacket: 16
[ 2917.390113][T29640] usb 4-1: New USB device found, idVendor=5fc9, idProduct=0063, bcdDevice=93.52
[ 2917.402017][T29640] usb 4-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[ 2917.410562][T29640] usb 4-1: Product: syz
[ 2917.414837][T29640] usb 4-1: Manufacturer: syz
[ 2917.422452][T29640] usb 4-1: SerialNumber: syz
[ 2917.438394][T29640] usb 4-1: config 0 descriptor??
[ 2917.594693][T16112] usb 7-1: new high-speed USB device number 106 using dummy_hcd
[ 2917.663206][T29640] usb 4-1: USB disconnect, device number 4
[ 2917.775134][T16112] usb 7-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0
[ 2917.797593][T16112] usb 7-1: New USB device found, idVendor=172f, idProduct=0501, bcdDevice= 0.00
[ 2917.806989][T16112] usb 7-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[ 2917.837570][T16112] usb 7-1: config 0 descriptor??
[ 2918.059298][T13280] netlink: 4 bytes leftover after parsing attributes in process `syz.6.10376'.
[ 2922.018149][T16112] usbhid 7-1:0.0: can't add hid device: -71
[ 2922.047853][T16112] usbhid 7-1:0.0: probe with driver usbhid failed with error -71
[ 2922.087877][T16112] usb 7-1: USB disconnect, device number 106
[ 2922.114638][T13295] Bluetooth: hci1: Opcode 0x0c1a failed: -4
[ 2922.128558][T13295] Bluetooth: hci5: Opcode 0x0c1a failed: -4
[ 2922.138975][T13295] Bluetooth: hci4: Opcode 0x0c1a failed: -4
[ 2922.145364][T13295] Bluetooth: hci2: Opcode 0x0c1a failed: -4
[ 2922.153540][T13295] Bluetooth: hci0: Opcode 0x0c1a failed: -4
[ 2922.191941][T13311] i2c i2c-0: DVB: adapter 0 frontend 0 frequency 51000000 out of range (51000..2150000)
[ 2922.440220][T13316] netlink: 76 bytes leftover after parsing attributes in process `syz.5.10384'.
[ 2922.873312][T13335] syzkaller0: left promiscuous mode
[ 2922.888917][T13335] syzkaller0: left allmulticast mode
[ 2922.945492][   T30] audit: type=1326 audit(1771991077.013:8990): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=13330 comm="syz.6.10389" exe="/root/syz-executor" sig=9 arch=c000003e syscall=231 compat=0 ip=0x7f31f9f9c629 code=0x0
[ 2923.143852][T13343] FAULT_INJECTION: forcing a failure.
[ 2923.143852][T13343] name fail_usercopy, interval 1, probability 0, space 0, times 0
[ 2923.162950][T13343] CPU: 1 UID: 0 PID: 13343 Comm: syz.1.10392 Tainted: G             L      syzkaller #0 PREEMPT(full) 
[ 2923.162980][T13343] Tainted: [L]=SOFTLOCKUP
[ 2923.162987][T13343] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 02/12/2026
[ 2923.162997][T13343] Call Trace:
[ 2923.163004][T13343]  <TASK>
[ 2923.163012][T13343]  dump_stack_lvl+0xe8/0x150
[ 2923.163039][T13343]  should_fail_ex+0x412/0x560
[ 2923.163064][T13343]  _copy_from_user+0x2d/0xb0
[ 2923.163088][T13343]  copy_folio_from_user+0x1e3/0x320
[ 2923.163121][T13343]  mfill_atomic_copy+0xfe0/0x1420
[ 2923.163140][T13343]  ? unwind_get_return_address+0x4d/0x90
[ 2923.163176][T13343]  ? __pfx_mfill_atomic_copy+0x10/0x10
[ 2923.163210][T13343]  userfaultfd_ioctl+0x2c17/0x5130
[ 2923.163237][T13343]  ? kasan_save_track+0x4f/0x80
[ 2923.163254][T13343]  ? kasan_save_track+0x3e/0x80
[ 2923.163282][T13343]  ? __pfx_userfaultfd_ioctl+0x10/0x10
[ 2923.163328][T13343]  ? kasan_quarantine_put+0xbb/0x1f0
[ 2923.163352][T13343]  ? tomoyo_path_number_perm+0x219/0x630
[ 2923.163370][T13343]  ? tomoyo_path_number_perm+0x219/0x630
[ 2923.163388][T13343]  ? do_vfs_ioctl+0x1166/0x1530
[ 2923.163408][T13343]  ? __pfx_do_vfs_ioctl+0x10/0x10
[ 2923.163434][T13343]  ? __mutex_unlock_slowpath+0x1bd/0x7d0
[ 2923.163475][T13343]  ? __fget_files+0x2a/0x420
[ 2923.163502][T13343]  ? __fget_files+0x2a/0x420
[ 2923.163524][T13343]  ? __fget_files+0x3a0/0x420
[ 2923.163546][T13343]  ? __fget_files+0x2a/0x420
[ 2923.163584][T13343]  ? bpf_lsm_file_ioctl+0x9/0x20
[ 2923.163607][T13343]  ? __pfx_userfaultfd_ioctl+0x10/0x10
[ 2923.163633][T13343]  __se_sys_ioctl+0xfc/0x170
[ 2923.163654][T13343]  do_syscall_64+0x14d/0xf80
[ 2923.163681][T13343]  ? trace_irq_disable+0x3b/0x150
[ 2923.163706][T13343]  ? entry_SYSCALL_64_after_hwframe+0x77/0x7f
[ 2923.163724][T13343]  ? clear_bhb_loop+0x40/0x90
[ 2923.163745][T13343]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[ 2923.163764][T13343] RIP: 0033:0x7f1fe499c629
[ 2923.163781][T13343] Code: ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 e8 ff ff ff f7 d8 64 89 01 48
[ 2923.163798][T13343] RSP: 002b:00007f1fe5814028 EFLAGS: 00000246 ORIG_RAX: 0000000000000010
[ 2923.163818][T13343] RAX: ffffffffffffffda RBX: 00007f1fe4c15fa0 RCX: 00007f1fe499c629
[ 2923.163831][T13343] RDX: 00002000000000c0 RSI: 00000000c028aa03 RDI: 0000000000000003
[ 2923.163844][T13343] RBP: 00007f1fe5814090 R08: 0000000000000000 R09: 0000000000000000
[ 2923.163856][T13343] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000002
[ 2923.163867][T13343] R13: 00007f1fe4c16038 R14: 00007f1fe4c15fa0 R15: 00007f1fe4d3fa48
[ 2923.163896][T13343]  </TASK>
[ 2924.026337][T16122] usb 4-1: new high-speed USB device number 5 using dummy_hcd
[ 2924.066469][ T5831] usb 2-1: new high-speed USB device number 12 using dummy_hcd
[ 2924.177093][T16122] usb 4-1: Using ep0 maxpacket: 32
[ 2924.208849][  T757] Bluetooth: hci0: command 0x0c1a tx timeout
[ 2924.208903][ T6511] Bluetooth: hci2: command 0x0c1a tx timeout
[ 2924.214883][  T757] Bluetooth: hci4: command 0x0419 tx timeout
[ 2924.214912][  T757] Bluetooth: hci5: command 0x040f tx timeout
[ 2924.221020][ T1666] Bluetooth: hci1: command 0x041b tx timeout
[ 2924.245405][T16122] usb 4-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7
[ 2924.266862][ T5831] usb 2-1: Using ep0 maxpacket: 32
[ 2924.274066][ T5831] usb 2-1: config 0 has no interfaces?
[ 2924.302582][ T5831] usb 2-1: New USB device found, idVendor=0499, idProduct=102a, bcdDevice=85.2d
[ 2924.313365][T16122] usb 4-1: New USB device found, idVendor=13ec, idProduct=0006, bcdDevice= 0.00
[ 2924.325772][ T5831] usb 2-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[ 2924.334244][ T5831] usb 2-1: Product: syz
[ 2924.339039][ T5831] usb 2-1: Manufacturer: syz
[ 2924.343810][ T5831] usb 2-1: SerialNumber: syz
[ 2924.360981][ T5831] usb 2-1: config 0 descriptor??
[ 2924.380281][T16122] usb 4-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[ 2924.436718][T16122] usb 4-1: config 0 descriptor??
[ 2924.745362][T13355] netlink: 'syz.6.10396': attribute type 10 has an invalid length.
[ 2924.946707][T16122] usbhid 4-1:0.0: can't add hid device: -71
[ 2924.952712][T16122] usbhid 4-1:0.0: probe with driver usbhid failed with error -71
[ 2924.983017][T16122] usb 4-1: USB disconnect, device number 5
[ 2925.549686][T13363] loop5: detected capacity change from 0 to 7
[ 2925.782234][T13363] Dev loop5: unable to read RDB block 7
[ 2925.788033][T13363]  loop5: unable to read partition table
[ 2925.793776][T13363] loop5: partition table beyond EOD, truncated
[ 2925.801050][T13363] loop_reread_partitions: partition scan of loop5 (���������C�j̖�P=ý?�}X���	���%��`��ր���{��֐�ȵ4FLQk݊) failed (rc=-5)
[ 2926.236305][T11917] usb 4-1: new high-speed USB device number 6 using dummy_hcd
[ 2926.386356][T11917] usb 4-1: device descriptor read/64, error -71
[ 2926.636297][T11917] usb 4-1: new high-speed USB device number 7 using dummy_hcd
[ 2926.720047][ T5955] usb 2-1: USB disconnect, device number 12
[ 2926.766511][T11917] usb 4-1: device descriptor read/64, error -71
[ 2926.916775][T11917] usb usb4-port1: attempt power cycle
[ 2926.936131][T13355] bond0: (slave wlan1): Opening slave failed
[ 2926.958485][T13369] netlink: 4 bytes leftover after parsing attributes in process `syz.1.10400'.
[ 2927.357408][T11917] usb 4-1: new high-speed USB device number 8 using dummy_hcd
[ 2927.551391][T11917] usb 4-1: device descriptor read/8, error -71
[ 2927.644848][T13399] netdevsim netdevsim5: Firmware load for './file0/../file0/file0' refused, path contains '..' component
[ 2927.712729][T13385] Bluetooth: hci1: Opcode 0x0c1a failed: -4
[ 2927.719170][T13385] Bluetooth: hci5: Opcode 0x0c1a failed: -4
[ 2927.725541][T13385] Bluetooth: hci4: Opcode 0x0c1a failed: -4
[ 2927.731861][T13385] Bluetooth: hci2: Opcode 0x0c1a failed: -4
[ 2927.738186][T13385] Bluetooth: hci0: Opcode 0x0c1a failed: -4
[ 2927.799719][T13397] bond0: (slave bond_slave_0): Releasing backup interface
[ 2927.896314][T11917] usb 4-1: new high-speed USB device number 9 using dummy_hcd
[ 2927.917770][T11917] usb 4-1: device descriptor read/8, error -71
[ 2927.931978][T13399] netlink: 4 bytes leftover after parsing attributes in process `syz.5.10408'.
[ 2928.047666][T29640] usb 7-1: new high-speed USB device number 107 using dummy_hcd
[ 2928.050215][T11917] usb usb4-port1: unable to enumerate USB device
[ 2928.071236][T13397] bond0: (slave bond_slave_1): Releasing backup interface
[ 2928.179076][T13397] team_slave_0: left allmulticast mode
[ 2928.189527][T13397] team_slave_0: left promiscuous mode
[ 2928.246277][T29640] usb 7-1: Using ep0 maxpacket: 16
[ 2928.269462][T13397] team0: Port device team_slave_0 removed
[ 2928.290846][T29640] usb 7-1: config 0 has an invalid interface number: 1 but max is 0
[ 2928.305183][T29640] usb 7-1: config 0 has no interface number 0
[ 2928.315483][T29640] usb 7-1: config 0 interface 1 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7
[ 2928.346093][T29640] usb 7-1: config 0 interface 1 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0
[ 2928.367767][T29640] usb 7-1: New USB device found, idVendor=04d9, idProduct=a081, bcdDevice= 0.00
[ 2928.384026][T29640] usb 7-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[ 2928.407173][T29640] usb 7-1: config 0 descriptor??
[ 2928.408660][T13397] team_slave_1: left allmulticast mode
[ 2928.448704][T13397] team_slave_1: left promiscuous mode
[ 2928.486570][T13397] team0: Port device team_slave_1 removed
[ 2928.515255][T13397] batman_adv: batadv0: Interface deactivated: batadv_slave_0
[ 2928.541988][T13401] FAULT_INJECTION: forcing a failure.
[ 2928.541988][T13401] name failslab, interval 1, probability 0, space 0, times 0
[ 2928.555954][T13397] batman_adv: batadv0: Removing interface: batadv_slave_0
[ 2928.568909][T13397] batman_adv: batadv0: Interface deactivated: batadv_slave_1
[ 2928.577850][T13401] CPU: 0 UID: 0 PID: 13401 Comm: syz.1.10409 Tainted: G             L      syzkaller #0 PREEMPT(full) 
[ 2928.577882][T13401] Tainted: [L]=SOFTLOCKUP
[ 2928.577890][T13401] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 02/12/2026
[ 2928.577901][T13401] Call Trace:
[ 2928.577910][T13401]  <TASK>
[ 2928.577917][T13401]  dump_stack_lvl+0xe8/0x150
[ 2928.577939][T13401]  should_fail_ex+0x412/0x560
[ 2928.577954][T13401]  should_failslab+0xa8/0x100
[ 2928.577974][T13401]  ? __kernfs_new_node+0xe9/0x8e0
[ 2928.578005][T13401]  kmem_cache_alloc_noprof+0x87/0x650
[ 2928.578043][T13401]  __kernfs_new_node+0xe9/0x8e0
[ 2928.578067][T13401]  ? __pfx___kernfs_new_node+0x10/0x10
[ 2928.578081][T13401]  ? kernfs_root+0x1c/0x230
[ 2928.578098][T13401]  ? kernfs_root+0x1c/0x230
[ 2928.578111][T13401]  ? kernfs_root+0x1c/0x230
[ 2928.578135][T13401]  kernfs_new_node+0x102/0x210
[ 2928.578166][T13401]  kernfs_create_link+0xa7/0x200
[ 2928.578190][T13401]  sysfs_do_create_link_sd+0x83/0x110
[ 2928.578213][T13401]  device_add_class_symlinks+0xb6/0x240
[ 2928.578232][T13401]  device_add+0x475/0xb70
[ 2928.578249][T13401]  device_create+0x269/0x300
[ 2928.578268][T13401]  ? format_decode+0x60f/0xe10
[ 2928.578288][T13401]  ? string+0x279/0x2b0
[ 2928.578308][T13401]  ? widen_string+0x3b/0x2a0
[ 2928.578331][T13401]  ? __pfx_device_create+0x10/0x10
[ 2928.578360][T13401]  bdi_register_va+0x9c/0x770
[ 2928.578377][T13401]  super_setup_bdi_name+0xf8/0x210
[ 2928.578391][T13401]  ? __pfx_super_setup_bdi_name+0x10/0x10
[ 2928.578405][T13401]  ? do_raw_spin_unlock+0xf5/0x210
[ 2928.578420][T13401]  fuse_fill_super_common+0x680/0x1270
[ 2928.578451][T13401]  ? __pfx_fuse_fill_super_common+0x10/0x10
[ 2928.578475][T13401]  ? __init_swait_queue_head+0xa9/0x150
[ 2928.578507][T13401]  ? shrinker_register+0x16b/0x230
[ 2928.578524][T13401]  ? sget_fc+0x962/0xa40
[ 2928.578540][T13401]  fuse_fill_super+0x176/0x1f0
[ 2928.578553][T13401]  ? __pfx_fuse_fill_super+0x10/0x10
[ 2928.578566][T13401]  get_tree_nodev+0xbb/0x150
[ 2928.578586][T13401]  fuse_get_tree+0x2fb/0x4f0
[ 2928.578615][T13401]  vfs_get_tree+0x92/0x2a0
[ 2928.578637][T13401]  do_new_mount+0x341/0xd30
[ 2928.578659][T13401]  ? apparmor_capable+0x126/0x170
[ 2928.578677][T13401]  ? __pfx_do_new_mount+0x10/0x10
[ 2928.578690][T13401]  ? ns_capable+0x89/0xe0
[ 2928.578705][T13401]  ? path_mount+0x690/0x10e0
[ 2928.578726][T13401]  ? user_path_at+0xd4/0x160
[ 2928.578756][T13401]  __se_sys_mount+0x31d/0x420
[ 2928.578788][T13401]  ? __pfx___se_sys_mount+0x10/0x10
[ 2928.578812][T13401]  ? __x64_sys_mount+0x20/0xc0
[ 2928.578827][T13401]  do_syscall_64+0x14d/0xf80
[ 2928.578842][T13401]  ? trace_irq_disable+0x3b/0x150
[ 2928.578856][T13401]  ? entry_SYSCALL_64_after_hwframe+0x77/0x7f
[ 2928.578871][T13401]  ? clear_bhb_loop+0x40/0x90
[ 2928.578893][T13401]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[ 2928.578911][T13401] RIP: 0033:0x7f1fe499c629
[ 2928.578928][T13401] Code: ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 e8 ff ff ff f7 d8 64 89 01 48
[ 2928.578944][T13401] RSP: 002b:00007f1fe5814028 EFLAGS: 00000246 ORIG_RAX: 00000000000000a5
[ 2928.578965][T13401] RAX: ffffffffffffffda RBX: 00007f1fe4c15fa0 RCX: 00007f1fe499c629
[ 2928.578979][T13401] RDX: 0000200000002100 RSI: 00002000000020c0 RDI: 0000000000000000
[ 2928.578993][T13401] RBP: 00007f1fe5814090 R08: 0000200000002140 R09: 0000000000000000
[ 2928.579005][T13401] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000002
[ 2928.579014][T13401] R13: 00007f1fe4c16038 R14: 00007f1fe4c15fa0 R15: 00007f1fe4d3fa48
[ 2928.579034][T13401]  </TASK>
[ 2928.938723][T13397] batman_adv: batadv0: Removing interface: batadv_slave_1
[ 2929.058332][T13397] A link change request failed with some changes committed already. Interface hsr_slave_0 may have been left with an inconsistent configuration, please check.
[ 2929.131166][T13399] team0 (unregistering): left allmulticast mode
[ 2929.162416][T13399] team0 (unregistering): left promiscuous mode
[ 2929.407813][T13853] Bluetooth: hci1: command 0x041b tx timeout
[ 2929.465071][T13408] netlink: 12 bytes leftover after parsing attributes in process `syz.3.10412'.
[ 2929.887186][T13853] Bluetooth: hci0: command 0x0c1a tx timeout
[ 2929.887213][  T757] Bluetooth: hci2: command 0x0c1a tx timeout
[ 2929.893225][T13853] Bluetooth: hci4: command 0x0419 tx timeout
[ 2929.903817][ T6511] Bluetooth: hci5: command 0x040f tx timeout
[ 2929.916111][   T30] audit: type=1326 audit(1771991083.983:8991): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=13415 comm="syz.3.10413" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f1cb8d9c629 code=0x7ffc0000
[ 2929.966873][   T30] audit: type=1326 audit(1771991084.013:8992): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=13415 comm="syz.3.10413" exe="/root/syz-executor" sig=0 arch=c000003e syscall=293 compat=0 ip=0x7f1cb8d9c629 code=0x7ffc0000
[ 2929.996294][   T30] audit: type=1326 audit(1771991084.013:8993): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=13415 comm="syz.3.10413" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f1cb8d9c629 code=0x7ffc0000
[ 2930.034114][   T30] audit: type=1326 audit(1771991084.013:8994): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=13415 comm="syz.3.10413" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f1cb8d9c629 code=0x7ffc0000
[ 2930.112266][   T30] audit: type=1326 audit(1771991084.013:8995): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=13415 comm="syz.3.10413" exe="/root/syz-executor" sig=0 arch=c000003e syscall=257 compat=0 ip=0x7f1cb8d9c629 code=0x7ffc0000
[ 2930.140940][   T30] audit: type=1326 audit(1771991084.013:8996): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=13415 comm="syz.3.10413" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f1cb8d9c629 code=0x7ffc0000
[ 2930.240384][   T30] audit: type=1326 audit(1771991084.013:8997): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=13415 comm="syz.3.10413" exe="/root/syz-executor" sig=0 arch=c000003e syscall=436 compat=0 ip=0x7f1cb8d9c629 code=0x7ffc0000
[ 2930.395665][   T30] audit: type=1326 audit(1771991084.013:8998): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=13415 comm="syz.3.10413" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f1cb8d9c629 code=0x7ffc0000
[ 2930.605670][   T30] audit: type=1326 audit(1771991084.013:8999): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=13415 comm="syz.3.10413" exe="/root/syz-executor" sig=0 arch=c000003e syscall=321 compat=0 ip=0x7f1cb8d9c629 code=0x7ffc0000
[ 2930.678530][T29640] usbhid 7-1:0.1: can't add hid device: -71
[ 2930.691207][T29640] usbhid 7-1:0.1: probe with driver usbhid failed with error -71
[ 2930.707907][   T30] audit: type=1326 audit(1771991084.013:9000): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=13415 comm="syz.3.10413" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f1cb8d9c629 code=0x7ffc0000
[ 2930.739124][T29640] usb 7-1: USB disconnect, device number 107
[ 2931.676333][T11917] usb 4-1: new high-speed USB device number 10 using dummy_hcd
[ 2931.956657][T11917] usb 4-1: Using ep0 maxpacket: 8
[ 2931.971844][T11917] usb 4-1: config 0 has 1 interface, different from the descriptor's value: 15
[ 2931.981522][T11917] usb 4-1: config 0 interface 0 altsetting 0 has an endpoint descriptor with address 0x76, changing to 0x6
[ 2931.997062][T11917] usb 4-1: config 0 interface 0 altsetting 0 endpoint 0x6 has an invalid bInterval 0, changing to 7
[ 2932.019413][T11917] usb 4-1: config 0 interface 0 altsetting 0 endpoint 0x6 has invalid wMaxPacketSize 0
[ 2932.058974][T11917] usb 4-1: New USB device found, idVendor=077d, idProduct=04aa, bcdDevice=5b.d8
[ 2932.076295][T11917] usb 4-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[ 2932.084475][T11917] usb 4-1: Product: syz
[ 2932.089180][T11917] usb 4-1: Manufacturer: syz
[ 2932.093790][T11917] usb 4-1: SerialNumber: syz
[ 2932.109949][T11917] usb 4-1: config 0 descriptor??
[ 2932.236324][T29640] usb 6-1: new high-speed USB device number 21 using dummy_hcd
[ 2932.255960][T11917] powermate 4-1:0.0: probe with driver powermate failed with error -5
[ 2932.256267][T16112] usb 2-1: new high-speed USB device number 13 using dummy_hcd
[ 2932.397037][T29640] usb 6-1: Using ep0 maxpacket: 16
[ 2932.446625][T16112] usb 2-1: device descriptor read/64, error -71
[ 2932.456540][T29640] usb 6-1: config 0 has an invalid interface number: 1 but max is 0
[ 2932.470822][T29640] usb 6-1: config 0 has no interface number 0
[ 2932.489055][T29640] usb 6-1: config 0 interface 1 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7
[ 2932.527885][T29640] usb 6-1: config 0 interface 1 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0
[ 2932.603390][T29640] usb 6-1: New USB device found, idVendor=04d9, idProduct=a081, bcdDevice= 0.00
[ 2932.637369][T29640] usb 6-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[ 2932.689003][T29640] usb 6-1: config 0 descriptor??
[ 2932.736353][T16112] usb 2-1: new high-speed USB device number 14 using dummy_hcd
[ 2932.866314][T16112] usb 2-1: device descriptor read/64, error -71
[ 2933.006599][T16112] usb usb2-port1: attempt power cycle
[ 2933.391314][T16112] usb 2-1: new high-speed USB device number 15 using dummy_hcd
[ 2933.427032][T16112] usb 2-1: device descriptor read/8, error -71
[ 2933.546423][ T5955] usb 4-1: USB disconnect, device number 10
[ 2933.666392][T16112] usb 2-1: new high-speed USB device number 16 using dummy_hcd
[ 2933.697030][T16112] usb 2-1: device descriptor read/8, error -71
[ 2933.827458][T16112] usb usb2-port1: unable to enumerate USB device
[ 2935.151215][T29640] usbhid 6-1:0.1: can't add hid device: -71
[ 2935.157504][T29640] usbhid 6-1:0.1: probe with driver usbhid failed with error -71
[ 2935.235399][T29640] usb 6-1: USB disconnect, device number 21
[ 2935.303834][T13500] pimreg: entered allmulticast mode
[ 2935.463347][T13500] pimreg: left allmulticast mode
[ 2935.592841][T13504] Bluetooth: hci1: Opcode 0x0c1a failed: -4
[ 2935.599342][T13504] Bluetooth: hci5: Opcode 0x0c1a failed: -4
[ 2935.605769][T13504] Bluetooth: hci4: Opcode 0x0c1a failed: -4
[ 2935.612495][T13504] Bluetooth: hci2: Opcode 0x0c1a failed: -4
[ 2935.624233][T13504] Bluetooth: hci0: Opcode 0x0c1a failed: -4
[ 2935.648126][T13506] netlink: 8 bytes leftover after parsing attributes in process `syz.5.10436'.
[ 2935.705640][T13511] FAULT_INJECTION: forcing a failure.
[ 2935.705640][T13511] name fail_usercopy, interval 1, probability 0, space 0, times 0
[ 2935.748321][T13511] CPU: 1 UID: 0 PID: 13511 Comm: syz.6.10437 Tainted: G             L      syzkaller #0 PREEMPT(full) 
[ 2935.748381][T13511] Tainted: [L]=SOFTLOCKUP
[ 2935.748387][T13511] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 02/12/2026
[ 2935.748398][T13511] Call Trace:
[ 2935.748406][T13511]  <TASK>
[ 2935.748414][T13511]  dump_stack_lvl+0xe8/0x150
[ 2935.748445][T13511]  should_fail_ex+0x412/0x560
[ 2935.748472][T13511]  _copy_from_user+0x2d/0xb0
[ 2935.748500][T13511]  copy_folio_from_user+0x1e3/0x320
[ 2935.748535][T13511]  mfill_atomic_copy+0xfe0/0x1420
[ 2935.748556][T13511]  ? unwind_get_return_address+0x4d/0x90
[ 2935.748596][T13511]  ? __pfx_mfill_atomic_copy+0x10/0x10
[ 2935.748629][T13511]  userfaultfd_ioctl+0x2c17/0x5130
[ 2935.748656][T13511]  ? kasan_save_track+0x4f/0x80
[ 2935.748673][T13511]  ? kasan_save_track+0x3e/0x80
[ 2935.748702][T13511]  ? __pfx_userfaultfd_ioctl+0x10/0x10
[ 2935.748751][T13511]  ? kasan_quarantine_put+0xbb/0x1f0
[ 2935.748778][T13511]  ? tomoyo_path_number_perm+0x219/0x630
[ 2935.748799][T13511]  ? tomoyo_path_number_perm+0x219/0x630
[ 2935.748822][T13511]  ? do_vfs_ioctl+0x1166/0x1530
[ 2935.748845][T13511]  ? __pfx_do_vfs_ioctl+0x10/0x10
[ 2935.748877][T13511]  ? __mutex_unlock_slowpath+0x1bd/0x7d0
[ 2935.748924][T13511]  ? __fget_files+0x2a/0x420
[ 2935.748951][T13511]  ? __fget_files+0x2a/0x420
[ 2935.748975][T13511]  ? __fget_files+0x3a0/0x420
[ 2935.748999][T13511]  ? __fget_files+0x2a/0x420
[ 2935.749026][T13511]  ? bpf_lsm_file_ioctl+0x9/0x20
[ 2935.749048][T13511]  ? __pfx_userfaultfd_ioctl+0x10/0x10
[ 2935.749074][T13511]  __se_sys_ioctl+0xfc/0x170
[ 2935.749098][T13511]  do_syscall_64+0x14d/0xf80
[ 2935.749124][T13511]  ? trace_irq_disable+0x3b/0x150
[ 2935.749150][T13511]  ? entry_SYSCALL_64_after_hwframe+0x77/0x7f
[ 2935.749170][T13511]  ? clear_bhb_loop+0x40/0x90
[ 2935.749193][T13511]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[ 2935.749212][T13511] RIP: 0033:0x7f31f9f9c629
[ 2935.749230][T13511] Code: ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 e8 ff ff ff f7 d8 64 89 01 48
[ 2935.749246][T13511] RSP: 002b:00007f31faece028 EFLAGS: 00000246 ORIG_RAX: 0000000000000010
[ 2935.749266][T13511] RAX: ffffffffffffffda RBX: 00007f31fa215fa0 RCX: 00007f31f9f9c629
[ 2935.749281][T13511] RDX: 00002000000000c0 RSI: 00000000c028aa03 RDI: 0000000000000003
[ 2935.749294][T13511] RBP: 00007f31faece090 R08: 0000000000000000 R09: 0000000000000000
[ 2935.749309][T13511] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000002
[ 2935.749320][T13511] R13: 00007f31fa216038 R14: 00007f31fa215fa0 R15: 00007f31fa33fa48
[ 2935.749353][T13511]  </TASK>
[ 2936.244177][   T30] kauditd_printk_skb: 68 callbacks suppressed
[ 2936.244194][   T30] audit: type=1326 audit(1771991090.313:9069): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=13521 comm="syz.3.10441" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f1cb8d9c629 code=0x7ffc0000
[ 2936.336419][   T30] audit: type=1326 audit(1771991090.313:9070): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=13521 comm="syz.3.10441" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f1cb8d9c629 code=0x7ffc0000
[ 2936.363172][   T30] audit: type=1326 audit(1771991090.323:9071): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=13521 comm="syz.3.10441" exe="/root/syz-executor" sig=0 arch=c000003e syscall=53 compat=0 ip=0x7f1cb8d9c629 code=0x7ffc0000
[ 2936.580883][   T30] audit: type=1326 audit(1771991090.323:9072): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=13521 comm="syz.3.10441" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f1cb8d9c629 code=0x7ffc0000
[ 2936.634412][   T30] audit: type=1326 audit(1771991090.323:9073): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=13521 comm="syz.3.10441" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f1cb8d9c629 code=0x7ffc0000
[ 2936.814424][   T30] audit: type=1326 audit(1771991090.323:9074): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=13521 comm="syz.3.10441" exe="/root/syz-executor" sig=0 arch=c000003e syscall=42 compat=0 ip=0x7f1cb8d9c629 code=0x7ffc0000
[ 2936.853150][   T30] audit: type=1326 audit(1771991090.323:9075): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=13521 comm="syz.3.10441" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f1cb8d9c629 code=0x7ffc0000
[ 2937.061117][   T30] audit: type=1326 audit(1771991090.323:9076): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=13521 comm="syz.3.10441" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f1cb8d9c629 code=0x7ffc0000
[ 2937.332031][   T30] audit: type=1326 audit(1771991090.323:9077): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=13521 comm="syz.3.10441" exe="/root/syz-executor" sig=0 arch=c000003e syscall=307 compat=0 ip=0x7f1cb8d9c629 code=0x7ffc0000
[ 2937.548021][T13527] tc_dump_action: action bad kind
[ 2937.576358][ T6511] Bluetooth: hci1: command 0x041b tx timeout
[ 2937.592603][   T30] audit: type=1326 audit(1771991090.373:9078): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=13515 comm="syz.5.10439" exe="/root/syz-executor" sig=9 arch=c000003e syscall=231 compat=0 ip=0x7f6e27d9c629 code=0x0
[ 2937.646393][ T6511] Bluetooth: hci2: command 0x0c1a tx timeout
[ 2937.651289][  T757] Bluetooth: hci4: command 0x0419 tx timeout
[ 2937.652664][ T1666] Bluetooth: hci5: command 0x040f tx timeout
[ 2937.716342][ T6511] Bluetooth: hci0: command 0x0c1a tx timeout
[ 2937.750967][T13532] netlink: 'syz.0.10442': attribute type 10 has an invalid length.
[ 2937.883634][T13532] bond0: (slave wlan1): Opening slave failed
[ 2938.622023][T13552] netlink: 8 bytes leftover after parsing attributes in process `syz.3.10445'.
[ 2938.707103][ T5955] usb 6-1: new high-speed USB device number 22 using dummy_hcd
[ 2938.877484][ T5955] usb 6-1: Using ep0 maxpacket: 32
[ 2938.917471][ T5955] usb 6-1: config 0 has an invalid interface number: 118 but max is 0
[ 2938.929929][ T5955] usb 6-1: config 0 has no interface number 0
[ 2938.944491][ T5955] usb 6-1: config 0 interface 118 has no altsetting 0
[ 2939.030569][ T5955] usb 6-1: New USB device found, idVendor=0403, idProduct=f850, bcdDevice=a4.b9
[ 2939.192429][T13553] tc_dump_action: action bad kind
[ 2939.248410][ T5955] usb 6-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[ 2939.257142][ T5955] usb 6-1: Product: syz
[ 2939.261458][ T5955] usb 6-1: Manufacturer: syz
[ 2939.266107][ T5955] usb 6-1: SerialNumber: syz
[ 2939.447228][ T5955] usb 6-1: config 0 descriptor??
[ 2939.462667][ T5955] ftdi_sio 6-1:0.118: FTDI USB Serial Device converter detected
[ 2939.481055][ T5955] ftdi_sio ttyUSB0: unknown device type: 0xa4b9
[ 2939.583151][T13567] fuse: Bad value for 'fd'
[ 2939.665850][ T5955] usb 6-1: USB disconnect, device number 22
[ 2939.679558][ T5955] ftdi_sio 6-1:0.118: device disconnected
[ 2941.376296][ T5831] usb 4-1: new high-speed USB device number 11 using dummy_hcd
[ 2941.566693][ T5831] usb 4-1: Using ep0 maxpacket: 16
[ 2941.627750][ T5831] usb 4-1: config 0 has an invalid interface number: 1 but max is 0
[ 2941.648602][ T5831] usb 4-1: config 0 has no interface number 0
[ 2941.674758][ T5831] usb 4-1: config 0 interface 1 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7
[ 2941.702871][ T5831] usb 4-1: config 0 interface 1 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0
[ 2941.739143][ T5831] usb 4-1: New USB device found, idVendor=04d9, idProduct=a081, bcdDevice= 0.00
[ 2941.782686][T13582] FAULT_INJECTION: forcing a failure.
[ 2941.782686][T13582] name fail_usercopy, interval 1, probability 0, space 0, times 0
[ 2941.795890][ T5831] usb 4-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[ 2941.849032][ T5831] usb 4-1: config 0 descriptor??
[ 2942.105723][T13582] CPU: 0 UID: 0 PID: 13582 Comm: syz.6.10456 Tainted: G             L      syzkaller #0 PREEMPT(full) 
[ 2942.105751][T13582] Tainted: [L]=SOFTLOCKUP
[ 2942.105756][T13582] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 02/12/2026
[ 2942.105763][T13582] Call Trace:
[ 2942.105768][T13582]  <TASK>
[ 2942.105773][T13582]  dump_stack_lvl+0xe8/0x150
[ 2942.105792][T13582]  should_fail_ex+0x412/0x560
[ 2942.105808][T13582]  _copy_from_user+0x2d/0xb0
[ 2942.105823][T13582]  csum_and_copy_from_iter_full+0x1e7/0x1f00
[ 2942.105845][T13582]  ? process_measurement+0x7ce/0x1c80
[ 2942.105863][T13582]  ? __pfx_csum_and_copy_from_iter_full+0x10/0x10
[ 2942.105880][T13582]  ? process_measurement+0x195e/0x1c80
[ 2942.105895][T13582]  ? process_measurement+0x301/0x1c80
[ 2942.105913][T13582]  ip_generic_getfrag+0x149/0x2d0
[ 2942.105930][T13582]  ? __pfx_ip_generic_getfrag+0x10/0x10
[ 2942.105944][T13582]  ? skb_page_frag_refill+0x1be/0x310
[ 2942.105964][T13582]  __ip_append_data+0x2120/0x3f30
[ 2942.105993][T13582]  ? __pfx_ip_generic_getfrag+0x10/0x10
[ 2942.106017][T13582]  ? __pfx___ip_append_data+0x10/0x10
[ 2942.106032][T13582]  ? do_raw_spin_lock+0x12b/0x2f0
[ 2942.106044][T13582]  ? __pfx_do_raw_spin_lock+0x10/0x10
[ 2942.106056][T13582]  ip_append_data+0x10d/0x190
[ 2942.106072][T13582]  ? __pfx_ip_generic_getfrag+0x10/0x10
[ 2942.106087][T13582]  udp_sendmsg+0x557/0x22f0
[ 2942.106111][T13582]  ? __pfx_ip_generic_getfrag+0x10/0x10
[ 2942.106125][T13582]  ? __lock_acquire+0x6b5/0x2cf0
[ 2942.106139][T13582]  ? __pfx_udp_sendmsg+0x10/0x10
[ 2942.106178][T13582]  ? __pfx_aa_sk_perm+0x10/0x10
[ 2942.106194][T13582]  ? tomoyo_socket_sendmsg_permission+0x1e0/0x300
[ 2942.106218][T13582]  ? __fget_files+0x3a0/0x420
[ 2942.106239][T13582]  ? sock_rps_record_flow+0x19/0x400
[ 2942.106264][T13582]  ? inet_sendmsg+0x29c/0x370
[ 2942.106287][T13582]  ? bpf_lsm_socket_sendmsg+0x9/0x20
[ 2942.106309][T13582]  __sys_sendto+0x627/0x7a0
[ 2942.106332][T13582]  ? __pfx___sys_sendto+0x10/0x10
[ 2942.106352][T13582]  ? __mutex_unlock_slowpath+0x1bd/0x7d0
[ 2942.106393][T13582]  ? __fget_files+0x3a0/0x420
[ 2942.106426][T13582]  ? ksys_write+0x242/0x270
[ 2942.106447][T13582]  ? __pfx_ksys_write+0x10/0x10
[ 2942.106470][T13582]  __x64_sys_sendto+0xde/0x100
[ 2942.106496][T13582]  do_syscall_64+0x14d/0xf80
[ 2942.106521][T13582]  ? trace_irq_disable+0x3b/0x150
[ 2942.106543][T13582]  ? entry_SYSCALL_64_after_hwframe+0x77/0x7f
[ 2942.106558][T13582]  ? clear_bhb_loop+0x40/0x90
[ 2942.106576][T13582]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[ 2942.106592][T13582] RIP: 0033:0x7f31f9f9c629
[ 2942.106609][T13582] Code: ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 e8 ff ff ff f7 d8 64 89 01 48
[ 2942.106623][T13582] RSP: 002b:00007f31faece028 EFLAGS: 00000246 ORIG_RAX: 000000000000002c
[ 2942.106642][T13582] RAX: ffffffffffffffda RBX: 00007f31fa215fa0 RCX: 00007f31f9f9c629
[ 2942.106656][T13582] RDX: 0000000000000060 RSI: 0000200000000380 RDI: 0000000000000004
[ 2942.106668][T13582] RBP: 00007f31faece090 R08: 0000000000000000 R09: 0000000000000000
[ 2942.106680][T13582] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[ 2942.106690][T13582] R13: 00007f31fa216038 R14: 00007f31fa215fa0 R15: 00007f31fa33fa48
[ 2942.106717][T13582]  </TASK>
[ 2942.125830][T13587] netlink: 4 bytes leftover after parsing attributes in process `syz.1.10458'.
[ 2942.806292][ T5955] usb 6-1: new high-speed USB device number 23 using dummy_hcd
[ 2943.011233][ T5831] usbhid 4-1:0.1: can't add hid device: -71
[ 2943.035736][ T5955] usb 6-1: Using ep0 maxpacket: 16
[ 2943.041173][ T5831] usbhid 4-1:0.1: probe with driver usbhid failed with error -71
[ 2943.138347][ T5955] usb 6-1: config 0 has an invalid interface number: 1 but max is 0
[ 2943.252958][ T5831] usb 4-1: USB disconnect, device number 11
[ 2943.261968][ T5955] usb 6-1: config 0 has no interface number 0
[ 2943.296272][ T5955] usb 6-1: config 0 interface 1 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7
[ 2943.350083][ T5955] usb 6-1: config 0 interface 1 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0
[ 2943.376465][ T5955] usb 6-1: New USB device found, idVendor=04d9, idProduct=a081, bcdDevice= 0.00
[ 2943.395774][ T5955] usb 6-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[ 2943.501880][ T5955] usb 6-1: config 0 descriptor??
[ 2943.649974][ T5831] usb 4-1: new full-speed USB device number 12 using dummy_hcd
[ 2943.873318][ T5831] usb 4-1: config 5 has an invalid interface number: 123 but max is 0
[ 2943.892994][ T5831] usb 4-1: config 5 has no interface number 0
[ 2943.902043][ T5831] usb 4-1: config 5 interface 123 altsetting 7 has an endpoint descriptor with address 0xEB, changing to 0x8B
[ 2943.921078][T13594] tc_dump_action: action bad kind
[ 2943.956649][ T5831] usb 4-1: config 5 interface 123 altsetting 7 has an endpoint descriptor with address 0xE6, changing to 0x86
[ 2943.976416][ T5831] usb 4-1: config 5 interface 123 altsetting 7 endpoint 0x86 has invalid wMaxPacketSize 0
[ 2944.026324][ T5831] usb 4-1: config 5 interface 123 has no altsetting 0
[ 2944.050243][T16112] usb 7-1: new high-speed USB device number 108 using dummy_hcd
[ 2944.147382][ T5831] usb 4-1: New USB device found, idVendor=3923, idProduct=718a, bcdDevice=d8.d7
[ 2944.186223][ T5831] usb 4-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[ 2944.194321][ T5831] usb 4-1: Product: syz
[ 2944.207211][ T5831] usb 4-1: Manufacturer: syz
[ 2944.212173][ T5831] usb 4-1: SerialNumber: syz
[ 2944.267143][T16112] usb 7-1: Using ep0 maxpacket: 16
[ 2944.274126][T16112] usb 7-1: config 0 has an invalid interface number: 214 but max is 0
[ 2944.303946][T16112] usb 7-1: config 0 has no interface number 0
[ 2944.323105][T16112] usb 7-1: config 0 interface 214 altsetting 0 endpoint 0x83 has invalid maxpacket 1023, setting to 64
[ 2944.356098][T16112] usb 7-1: New USB device found, idVendor=0596, idProduct=0001, bcdDevice= 5.f5
[ 2944.374088][T16112] usb 7-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[ 2944.393101][T16112] usb 7-1: Product: syz
[ 2944.401478][T16112] usb 7-1: Manufacturer: syz
[ 2944.406331][T16112] usb 7-1: SerialNumber: syz
[ 2944.415590][T16112] usb 7-1: config 0 descriptor??
[ 2944.455350][ T5955] usbhid 6-1:0.1: can't add hid device: -71
[ 2944.462027][ T5955] usbhid 6-1:0.1: probe with driver usbhid failed with error -71
[ 2944.476525][ T5955] usb 6-1: USB disconnect, device number 23
[ 2944.521830][ T5831] ni6501 4-1:5.123: driver 'ni6501' failed to auto-configure device.
[ 2944.558118][ T5831] usb 4-1: USB disconnect, device number 12
[ 2944.787774][T13612] FAULT_INJECTION: forcing a failure.
[ 2944.787774][T13612] name fail_usercopy, interval 1, probability 0, space 0, times 0
[ 2944.802094][T13612] CPU: 0 UID: 0 PID: 13612 Comm: syz.1.10464 Tainted: G             L      syzkaller #0 PREEMPT(full) 
[ 2944.802126][T13612] Tainted: [L]=SOFTLOCKUP
[ 2944.802133][T13612] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 02/12/2026
[ 2944.802145][T13612] Call Trace:
[ 2944.802152][T13612]  <TASK>
[ 2944.802158][T13612]  dump_stack_lvl+0xe8/0x150
[ 2944.802184][T13612]  should_fail_ex+0x412/0x560
[ 2944.802209][T13612]  _copy_to_iter+0x1e4/0x17d0
[ 2944.802235][T13612]  ? do_raw_spin_lock+0x12b/0x2f0
[ 2944.802260][T13612]  ? __pfx__copy_to_iter+0x10/0x10
[ 2944.802282][T13612]  ? _raw_spin_unlock_irqrestore+0x30/0x80
[ 2944.802305][T13612]  ? lockdep_hardirqs_on+0x7a/0x110
[ 2944.802330][T13612]  ? _raw_spin_unlock_irqrestore+0x4c/0x80
[ 2944.802364][T13612]  ? __skb_try_recv_datagram+0x3d4/0x4d0
[ 2944.802394][T13612]  __skb_datagram_iter+0xf8/0x980
[ 2944.802423][T13612]  ? __pfx_simple_copy_to_iter+0x10/0x10
[ 2944.802454][T13612]  skb_copy_datagram_iter+0xb5/0x270
[ 2944.802482][T13612]  netlink_recvmsg+0x2c3/0xa50
[ 2944.802513][T13612]  ? __pfx_netlink_recvmsg+0x10/0x10
[ 2944.802539][T13612]  ? aa_sock_msg_perm+0xf1/0x1b0
[ 2944.802563][T13612]  ? bpf_lsm_socket_recvmsg+0x9/0x20
[ 2944.802582][T13612]  ? security_socket_recvmsg+0x7e/0x2c0
[ 2944.802607][T13612]  ? __pfx_netlink_recvmsg+0x10/0x10
[ 2944.802629][T13612]  sock_recvmsg+0x22c/0x270
[ 2944.802661][T13612]  __sys_recvfrom+0x240/0x3c0
[ 2944.802690][T13612]  ? __pfx___sys_recvfrom+0x10/0x10
[ 2944.802737][T13612]  ? exc_page_fault+0x6a/0xc0
[ 2944.802766][T13612]  ? do_user_addr_fault+0xc6f/0x1340
[ 2944.802794][T13612]  __x64_sys_recvfrom+0xde/0x100
[ 2944.802821][T13612]  do_syscall_64+0x14d/0xf80
[ 2944.802848][T13612]  ? trace_irq_disable+0x3b/0x150
[ 2944.802872][T13612]  ? entry_SYSCALL_64_after_hwframe+0x77/0x7f
[ 2944.802890][T13612]  ? clear_bhb_loop+0x40/0x90
[ 2944.802910][T13612]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[ 2944.802927][T13612] RIP: 0033:0x7f1fe495cece
[ 2944.802943][T13612] Code: 08 0f 85 a5 a8 ff ff 49 89 fb 48 89 f0 48 89 d7 48 89 ce 4c 89 c2 4d 89 ca 4c 8b 44 24 08 4c 8b 4c 24 10 4c 89 5c 24 08 0f 05 <c3> 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 80 00 00 00 00 48 83 ec 08
[ 2944.802959][T13612] RSP: 002b:00007f1fe5812e88 EFLAGS: 00000246 ORIG_RAX: 000000000000002d
[ 2944.802980][T13612] RAX: ffffffffffffffda RBX: 00007f1fe58146c0 RCX: 00007f1fe495cece
[ 2944.802993][T13612] RDX: 0000000000001000 RSI: 00007f1fe5813000 RDI: 0000000000000003
[ 2944.803004][T13612] RBP: 0000000000000000 R08: 0000000000000000 R09: 0000000000000000
[ 2944.803015][T13612] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000003
[ 2944.803026][T13612] R13: 00007f1fe5812f58 R14: 00007f1fe5813000 R15: 0000000000000000
[ 2944.803052][T13612]  </TASK>
[ 2945.103118][T13614] netlink: 28 bytes leftover after parsing attributes in process `syz.0.10466'.
[ 2945.644329][T16112] input: syz syz as /devices/platform/dummy_hcd.6/usb7/7-1/7-1:0.214/input/input145
[ 2946.743292][T13629] Bluetooth: hci1: Opcode 0x0c1a failed: -4
[ 2946.766947][T13629] Bluetooth: hci5: Opcode 0x0c1a failed: -4
[ 2946.774785][T13629] Bluetooth: hci4: Opcode 0x0c1a failed: -4
[ 2946.783016][T13629] Bluetooth: hci2: Opcode 0x0c1a failed: -4
[ 2946.790705][T13629] Bluetooth: hci0: Opcode 0x0c1a failed: -4
[ 2947.076458][ T5831] usb 2-1: new high-speed USB device number 17 using dummy_hcd
[ 2947.102629][ T5955] usb 7-1: USB disconnect, device number 108
[ 2947.253712][ T5831] usb 2-1: too many configurations: 13, using maximum allowed: 8
[ 2947.270509][ T5831] usb 2-1: config 0 has no interfaces?
[ 2947.282916][ T5831] usb 2-1: config 0 has no interfaces?
[ 2947.295051][ T5831] usb 2-1: config 0 has no interfaces?
[ 2947.305690][ T5831] usb 2-1: config 0 has no interfaces?
[ 2947.315016][ T5831] usb 2-1: config 0 has no interfaces?
[ 2947.323219][ T5831] usb 2-1: config 0 has no interfaces?
[ 2947.333223][ T5831] usb 2-1: config 0 has no interfaces?
[ 2947.343389][ T5831] usb 2-1: config 0 has no interfaces?
[ 2947.367397][ T5831] usb 2-1: New USB device found, idVendor=0525, idProduct=a4a1, bcdDevice= 0.40
[ 2947.383683][ T5831] usb 2-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[ 2947.400584][ T5831] usb 2-1: Product: syz
[ 2947.411589][ T5831] usb 2-1: Manufacturer: syz
[ 2947.424064][ T5831] usb 2-1: SerialNumber: syz
[ 2947.586844][T13648] netdevsim netdevsim6: Firmware load for './file0/../file0/file0' refused, path contains '..' component
[ 2947.587721][ T5831] usb 2-1: config 0 descriptor??
[ 2947.605614][T13649] A link change request failed with some changes committed already. Interface hsr_slave_0 may have been left with an inconsistent configuration, please check.
[ 2947.705181][T13648] netlink: 4 bytes leftover after parsing attributes in process `syz.6.10474'.
[ 2947.777931][T13642] Bluetooth: hci1: Opcode 0x0c1a failed: -4
[ 2947.784103][T13642] Bluetooth: hci5: Opcode 0x0c1a failed: -4
[ 2947.790554][T13642] Bluetooth: hci4: Opcode 0x0c1a failed: -4
[ 2947.797083][T13642] Bluetooth: hci2: Opcode 0x0c1a failed: -4
[ 2947.803252][T13642] Bluetooth: hci0: Opcode 0x0c1a failed: -4
[ 2947.840748][T13637] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy
[ 2947.873563][T13637] misc raw-gadget: fail, usb_gadget_register_driver returned -16
[ 2947.934233][T13637] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy
[ 2947.949994][T13637] misc raw-gadget: fail, usb_gadget_register_driver returned -16
[ 2947.959613][ T5915] usb 2-1: USB disconnect, device number 17
[ 2948.341646][T13657] loop4: detected capacity change from 0 to 7
[ 2948.351399][T13657]  loop4: [POWERTEC] p1 p2 p3 p4 p5 p6
[ 2948.365228][T13657] loop4: p1 start 524288 is beyond EOD, truncated
[ 2948.376674][T13657] loop4: p2 size 262144 extends beyond EOD, truncated
[ 2948.389013][T13657] loop4: p3 start 2171142144 is beyond EOD, truncated
[ 2948.407407][T13657] loop4: p4 start 2883584 is beyond EOD, truncated
[ 2948.443006][T13657] loop4: p5 start 65536 is beyond EOD, truncated
[ 2948.451716][T13657] loop4: p6 start 1680801792 is beyond EOD, truncated
[ 2948.524503][T13470] udevd[13470]: inotify_add_watch(7, /dev/loop4p2, 10) failed: No such file or directory
[ 2948.646311][ T5915] usb 2-1: new high-speed USB device number 18 using dummy_hcd
[ 2948.853998][ T5915] usb 2-1: config 0 interface 0 altsetting 0 endpoint 0x3 has an invalid bInterval 0, changing to 7
[ 2948.917278][ T5915] usb 2-1: config 0 interface 0 altsetting 0 endpoint 0x3 has invalid wMaxPacketSize 0
[ 2948.966078][ T5915] usb 2-1: config 0 interface 0 altsetting 0 has an endpoint descriptor with address 0x24, changing to 0x4
[ 2949.018890][T13673] Bluetooth: hci1: Opcode 0x0c1a failed: -4
[ 2949.025283][T13673] Bluetooth: hci5: Opcode 0x0c1a failed: -4
[ 2949.031618][T13673] Bluetooth: hci4: Opcode 0x0c1a failed: -4
[ 2949.037735][ T5915] usb 2-1: config 0 interface 0 altsetting 0 endpoint 0x4 has an invalid bInterval 0, changing to 7
[ 2949.082168][ T5915] usb 2-1: config 0 interface 0 altsetting 0 endpoint 0x4 has invalid wMaxPacketSize 0
[ 2949.109596][ T5915] usb 2-1: New USB device found, idVendor=0a07, idProduct=00d0, bcdDevice=10.13
[ 2949.128632][ T5915] usb 2-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[ 2949.145151][T13673] Bluetooth: hci2: Opcode 0x0c1a failed: -4
[ 2949.152803][T13673] Bluetooth: hci0: Opcode 0x0c1a failed: -4
[ 2949.280726][ T5915] usb 2-1: Product: syz
[ 2949.309097][ T5915] usb 2-1: Manufacturer: syz
[ 2949.341931][ T5915] usb 2-1: SerialNumber: syz
[ 2949.661510][T13682] fuse: Unknown parameter '}^i�A܇b�����NoUj:�KLwBգ�6�HGJ�쭼:i���y�r{x��Q5�l�E��ɾ�fP8VhC� ��(	0StQV;�DF�'
[ 2949.701016][ T5915] usb 2-1: config 0 descriptor??
[ 2949.726666][ T5915] usb 2-1: can't set config #0, error -71
[ 2949.782931][ T5915] usb 2-1: USB disconnect, device number 18
[ 2950.271474][T13692] netlink: 324 bytes leftover after parsing attributes in process `syz.1.10487'.
[ 2950.616901][ T5831] usb 6-1: new high-speed USB device number 24 using dummy_hcd
[ 2950.806400][ T5831] usb 6-1: device descriptor read/64, error -71
[ 2950.996368][ T6511] Bluetooth: hci1: command 0x041b tx timeout
[ 2951.095402][ T6511] Bluetooth: hci4: command 0x0419 tx timeout
[ 2951.101865][ T1666] Bluetooth: hci5: command 0x040f tx timeout
[ 2951.135100][ T5831] usb 6-1: new high-speed USB device number 25 using dummy_hcd
[ 2951.236433][ T6511] Bluetooth: hci2: command 0x0c1a tx timeout
[ 2951.242476][ T1666] Bluetooth: hci0: command 0x0c1a tx timeout
[ 2951.276259][ T5831] usb 6-1: device descriptor read/64, error -71
[ 2951.348016][ T5915] usb 7-1: new high-speed USB device number 109 using dummy_hcd
[ 2951.391005][ T5831] usb usb6-port1: attempt power cycle
[ 2951.426345][ T8360] usb 4-1: new high-speed USB device number 13 using dummy_hcd
[ 2951.498865][ T5915] usb 7-1: device descriptor read/64, error -71
[ 2951.638724][ T8360] usb 4-1: Using ep0 maxpacket: 8
[ 2951.662068][ T8360] usb 4-1: config index 0 descriptor too short (expected 301, got 45)
[ 2951.689588][ T8360] usb 4-1: config 16 interface 0 altsetting 0 endpoint 0x5 has invalid wMaxPacketSize 0
[ 2951.714894][ T8360] usb 4-1: config 16 interface 0 altsetting 0 bulk endpoint 0x5 has invalid maxpacket 0
[ 2951.735034][ T8360] usb 4-1: config 16 interface 0 altsetting 0 bulk endpoint 0x8B has invalid maxpacket 32
[ 2951.746394][ T5915] usb 7-1: new high-speed USB device number 110 using dummy_hcd
[ 2951.773123][ T8360] usb 4-1: config 16 interface 0 altsetting 0 has 2 endpoint descriptors, different from the interface descriptor's value: 3
[ 2951.806714][ T5831] usb 6-1: new high-speed USB device number 26 using dummy_hcd
[ 2951.819188][ T8360] usb 4-1: New USB device found, idVendor=ee8d, idProduct=db1e, bcdDevice=61.23
[ 2951.837524][ T8360] usb 4-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[ 2951.846838][ T5831] usb 6-1: device descriptor read/8, error -71
[ 2951.936319][ T5915] usb 7-1: device descriptor read/64, error -71
[ 2952.046852][ T5915] usb usb7-port1: attempt power cycle
[ 2952.059824][ T8360] usb 4-1: GET_CAPABILITIES returned 0
[ 2952.065487][ T8360] usbtmc 4-1:16.0: can't read capabilities
[ 2952.076343][T16112] usb 2-1: new high-speed USB device number 19 using dummy_hcd
[ 2952.096267][ T5831] usb 6-1: new high-speed USB device number 27 using dummy_hcd
[ 2952.117314][ T5831] usb 6-1: device descriptor read/8, error -71
[ 2952.226967][ T5831] usb usb6-port1: unable to enumerate USB device
[ 2952.234533][T16112] usb 2-1: config 0 interface 0 altsetting 0 bulk endpoint 0x6 has invalid maxpacket 1023
[ 2952.247026][T16112] usb 2-1: config 0 interface 0 altsetting 0 has an endpoint descriptor with address 0xBA, changing to 0x8A
[ 2952.264940][T16112] usb 2-1: config 0 interface 0 altsetting 0 bulk endpoint 0x8A has invalid maxpacket 121
[ 2952.287813][T16112] usb 2-1: New USB device found, idVendor=2294, idProduct=425b, bcdDevice=a2.10
[ 2952.303008][T16112] usb 2-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[ 2952.318809][T16112] usb 2-1: Product: syz
[ 2952.325062][T16112] usb 2-1: Manufacturer: syz
[ 2952.334535][T16112] usb 2-1: SerialNumber: syz
[ 2952.355229][T16112] usb 2-1: config 0 descriptor??
[ 2952.367239][T13710] raw-gadget.4 gadget.1: fail, usb_ep_enable returned -22
[ 2952.375020][T13710] raw-gadget.4 gadget.1: fail, usb_ep_enable returned -22
[ 2952.385981][T16112] usb 2-1: ucan: probing device on interface #0
[ 2952.392887][ T5915] usb 7-1: new high-speed USB device number 111 using dummy_hcd
[ 2952.417219][ T5915] usb 7-1: device descriptor read/8, error -71
[ 2952.587396][T16112] usb 2-1: ucan: device protocol version 1949266947 is not supported
[ 2952.595483][T16112] usb 2-1: ucan: probe failed; try to update the device firmware
[ 2952.666274][ T5915] usb 7-1: new high-speed USB device number 112 using dummy_hcd
[ 2952.686720][ T5915] usb 7-1: device descriptor read/8, error -71
[ 2952.764837][ T5831] usb 4-1: USB disconnect, device number 13
[ 2952.796715][ T5915] usb usb7-port1: unable to enumerate USB device
[ 2952.834699][T13712] netlink: 16 bytes leftover after parsing attributes in process `syz.3.10494'.
[ 2953.479726][T13723] netlink: 8 bytes leftover after parsing attributes in process `syz.5.10496'.
[ 2953.547323][T13726] netlink: 8 bytes leftover after parsing attributes in process `syz.5.10496'.
[ 2954.282802][T13740] 8021q: adding VLAN 0 to HW filter on device ipvlan2
[ 2954.305573][T13740] bond0: (slave ipvlan2): enslaved VLAN challenged slave. Adding VLANs will be blocked as long as it is part of bond.
[ 2954.603274][T13748] netlink: 'syz.6.10505': attribute type 3 has an invalid length.
[ 2954.902019][T13759] iommufd_mock iommufd_mock0: Adding to iommu group 0
[ 2954.950378][ T5915] usb 2-1: USB disconnect, device number 19
[ 2955.872878][T13784] syzkaller1: entered promiscuous mode
[ 2955.883178][T13784] syzkaller1: entered allmulticast mode
[ 2956.583181][   T30] kauditd_printk_skb: 9 callbacks suppressed
[ 2956.583198][   T30] audit: type=1326 audit(1771991110.653:9088): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=13780 comm="syz.6.10515" exe="/root/syz-executor" sig=9 arch=c000003e syscall=231 compat=0 ip=0x7f31f9f9c629 code=0x0
[ 2957.576936][T13810] netlink: 8 bytes leftover after parsing attributes in process `syz.6.10523'.
[ 2957.964648][T13817] loop4: detected capacity change from 0 to 7
[ 2957.997895][T13817]  loop4: [POWERTEC] p1 p2 p3 p4 p5 p6
[ 2958.009013][T13817] loop4: p1 start 524288 is beyond EOD, truncated
[ 2958.039164][T13817] loop4: p2 size 262144 extends beyond EOD, truncated
[ 2958.078045][T13817] loop4: p3 start 2171142144 is beyond EOD, truncated
[ 2958.086336][T13817] loop4: p4 start 2883584 is beyond EOD, truncated
[ 2958.094102][T13817] loop4: p5 start 65536 is beyond EOD, truncated
[ 2958.103381][T13817] loop4: p6 start 1680801792 is beyond EOD, truncated
[ 2958.325911][T13470] udevd[13470]: inotify_add_watch(7, /dev/loop4p2, 10) failed: No such file or directory
[ 2958.400471][T13821] netlink: 8 bytes leftover after parsing attributes in process `syz.6.10527'.
[ 2959.523833][T13834] tap0: tun_chr_ioctl cmd 1074025677
[ 2959.530884][T13834] tap0: linktype set to 778
[ 2959.561044][ T1303] ieee802154 phy0 wpan0: encryption failed: -22
[ 2959.567591][ T1303] ieee802154 phy1 wpan1: encryption failed: -22
[ 2959.770238][   T30] audit: type=1326 audit(1771991113.843:9089): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=13837 comm="syz.1.10532" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f1fe499c629 code=0x7ffc0000
[ 2959.798427][   T30] audit: type=1326 audit(1771991113.873:9090): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=13837 comm="syz.1.10532" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f1fe499c629 code=0x7ffc0000
[ 2959.822728][   T30] audit: type=1326 audit(1771991113.873:9091): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=13837 comm="syz.1.10532" exe="/root/syz-executor" sig=0 arch=c000003e syscall=317 compat=0 ip=0x7f1fe499c629 code=0x7ffc0000
[ 2959.849818][   T30] audit: type=1326 audit(1771991113.873:9092): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=13837 comm="syz.1.10532" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f1fe499c629 code=0x7ffc0000
[ 2959.873506][   T30] audit: type=1326 audit(1771991113.873:9093): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=13837 comm="syz.1.10532" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f1fe499c629 code=0x7ffc0000
[ 2959.897206][   T30] audit: type=1326 audit(1771991113.893:9094): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=13837 comm="syz.1.10532" exe="/root/syz-executor" sig=0 arch=c000003e syscall=317 compat=0 ip=0x7f1fe499c629 code=0x7ffc0000
[ 2959.920927][   T30] audit: type=1326 audit(1771991113.893:9095): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=13837 comm="syz.1.10532" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f1fe499c629 code=0x7ffc0000
[ 2960.048712][   T30] audit: type=1326 audit(1771991113.893:9096): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=13837 comm="syz.1.10532" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f1fe499c629 code=0x7ffc0000
[ 2960.110425][   T30] audit: type=1326 audit(1771991113.923:9097): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=13837 comm="syz.1.10532" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f1fe499c629 code=0x7ffc0000
[ 2962.400768][T13872] netlink: 64 bytes leftover after parsing attributes in process `syz.0.10543'.
[ 2962.550693][T13869] syzkaller1: entered promiscuous mode
[ 2962.597129][T13869] syzkaller1: entered allmulticast mode
[ 2962.821542][T13881] netlink: 8 bytes leftover after parsing attributes in process `syz.3.10540'.
[ 2962.848271][T13877] tipc: Started in network mode
[ 2962.863604][T13877] tipc: Node identity ba419d1ff881, cluster identity 4711
[ 2962.873813][T13877] tipc: Enabled bearer <eth:syzkaller0>, priority 0
[ 2963.049704][T13877] tipc: Disabling bearer <eth:syzkaller0>
[ 2963.179271][T13888] netlink: 8 bytes leftover after parsing attributes in process `syz.6.10546'.
[ 2963.226043][T13888] netlink: 8 bytes leftover after parsing attributes in process `syz.6.10546'.
[ 2963.434478][T13893] netlink: 16 bytes leftover after parsing attributes in process `syz.5.10548'.
[ 2963.656596][ T5915] usb 6-1: new high-speed USB device number 28 using dummy_hcd
[ 2964.057153][T13903] fuse: Bad value for 'fd'
[ 2964.490566][T13907] loop5: detected capacity change from 0 to 7
[ 2964.848806][T13907] Dev loop5: unable to read RDB block 7
[ 2964.856308][T13907]  loop5: unable to read partition table
[ 2964.864754][T13907] loop5: partition table beyond EOD, truncated
[ 2964.886305][T13907] loop_reread_partitions: partition scan of loop5 (���������C�j̖�P=ý?�}X���	���%��`��ր���{��֐�ȵ4FLQk݊) failed (rc=-5)
[ 2965.076891][T13914] netlink: 64 bytes leftover after parsing attributes in process `syz.1.10553'.
[ 2965.380818][ T5194] Dev loop5: unable to read RDB block 7
[ 2965.387469][ T5194]  loop5: unable to read partition table
[ 2965.393434][ T5194] loop5: partition table beyond EOD, truncated
[ 2965.517322][T13930] netlink: 176 bytes leftover after parsing attributes in process `syz.5.10554'.
[ 2966.226349][T13944] netlink: 8 bytes leftover after parsing attributes in process `syz.3.10555'.
[ 2966.254275][T13944] netlink: 8 bytes leftover after parsing attributes in process `syz.3.10555'.
[ 2966.283530][T13944] netlink: 8 bytes leftover after parsing attributes in process `syz.3.10555'.
[ 2966.298536][T13944] netlink: 8 bytes leftover after parsing attributes in process `syz.3.10555'.
[ 2966.419486][T13944] netlink: 8 bytes leftover after parsing attributes in process `syz.3.10555'.
[ 2966.472702][T13944] netlink: 8 bytes leftover after parsing attributes in process `syz.3.10555'.
[ 2966.498822][T13944] netlink: 8 bytes leftover after parsing attributes in process `syz.3.10555'.
[ 2966.513262][T13952] i2c i2c-0: DVB: adapter 0 frontend 0 frequency 51000000 out of range (51000..2150000)
[ 2966.782000][T13944] 8021q: adding VLAN 0 to HW filter on device bond0
[ 2967.296485][T13944] A link change request failed with some changes committed already. Interface caif0 may have been left with an inconsistent configuration, please check.
[ 2967.336296][ T5915] usb 6-1: new high-speed USB device number 29 using dummy_hcd
[ 2967.659066][ T5915] usb 6-1: Using ep0 maxpacket: 16
[ 2967.772191][ T5915] usb 6-1: config 0 has an invalid interface number: 1 but max is 0
[ 2967.785380][ T5915] usb 6-1: config 0 has no interface number 0
[ 2967.812247][ T5915] usb 6-1: config 0 interface 1 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7
[ 2967.936244][ T5915] usb 6-1: config 0 interface 1 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0
[ 2967.948960][ T5915] usb 6-1: New USB device found, idVendor=04d9, idProduct=a081, bcdDevice= 0.00
[ 2968.059093][ T5915] usb 6-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[ 2968.142165][ T5915] usb 6-1: config 0 descriptor??
[ 2968.225641][T13960] tc_dump_action: action bad kind
[ 2968.903336][T13979] bond5: (slave lo): enslaved VLAN challenged slave. Adding VLANs will be blocked as long as it is part of bond.
[ 2969.015415][T13979] bond5: (slave lo): Enslaving as an active interface with an up link
[ 2969.043368][T13979] A link change request failed with some changes committed already. Interface tunl0 may have been left with an inconsistent configuration, please check.
[ 2969.383434][T13983] 
[ 2969.385789][T13983] =====================================================
[ 2969.392712][T13983] WARNING: SOFTIRQ-safe -> SOFTIRQ-unsafe lock order detected
[ 2969.400182][T13983] syzkaller #0 Tainted: G             L     
[ 2969.406143][T13983] -----------------------------------------------------
[ 2969.413061][T13983] syz.6.10567/13983 [HC0[0]:SC0[0]:HE0:SE1] is trying to acquire:
[ 2969.420854][T13983] ffff888095dfec90 (&new->fa_lock){....}-{3:3}, at: kill_fasync+0x199/0x4d0
[ 2969.429560][T13983] 
[ 2969.429560][T13983] and this task is already holding:
[ 2969.437000][T13983] ffff888021ab3028 (&client->buffer_lock){..-.}-{3:3}, at: evdev_pass_values+0xb9/0xbd0
[ 2969.446734][T13983] which would create a new lock dependency:
[ 2969.452618][T13983]  (&client->buffer_lock){..-.}-{3:3} -> (&new->fa_lock){....}-{3:3}
[ 2969.460738][T13983] 
[ 2969.460738][T13983] but this new dependency connects a SOFTIRQ-irq-safe lock:
[ 2969.470186][T13983]  (&client->buffer_lock){..-.}-{3:3}
[ 2969.470220][T13983] 
[ 2969.470220][T13983] ... which became SOFTIRQ-irq-safe at:
[ 2969.483280][T13983]   lock_acquire+0xf0/0x2e0
[ 2969.487795][T13983]   _raw_spin_lock+0x2e/0x40
[ 2969.492393][T13983]   evdev_pass_values+0xb9/0xbd0
[ 2969.497335][T13983]   evdev_events+0x1e6/0x340
[ 2969.501929][T13983]   input_pass_values+0x288/0x890
[ 2969.507042][T13983]   input_event_dispose+0x3e5/0x6b0
[ 2969.512257][T13983]   input_event+0x89/0xe0
[ 2969.516594][T13983]   hidinput_hid_event+0x1487/0x1e60
[ 2969.521896][T13983]   hid_process_event+0x4be/0x620
[ 2969.526931][T13983]   hid_report_raw_event+0xe8f/0x1720
[ 2969.532389][T13983]   hid_input_report+0x44b/0x580
[ 2969.537381][T13983]   hid_irq_in+0x47e/0x6d0
[ 2969.541781][T13983]   __usb_hcd_giveback_urb+0x376/0x540
[ 2969.547213][T13983]   dummy_timer+0xbbd/0x45d0
[ 2969.551797][T13983]   __hrtimer_run_queues+0x53a/0xcc0
[ 2969.557068][T13983]   hrtimer_run_softirq+0x182/0x5a0
[ 2969.562263][T13983]   handle_softirqs+0x22a/0x870
[ 2969.567102][T13983]   __irq_exit_rcu+0x5f/0x150
[ 2969.571779][T13983]   irq_exit_rcu+0x9/0x30
[ 2969.576096][T13983]   sysvec_apic_timer_interrupt+0xa6/0xc0
[ 2969.581803][T13983]   asm_sysvec_apic_timer_interrupt+0x1a/0x20
[ 2969.587862][T13983]   debug_lockdep_rcu_enabled+0x2c/0x40
[ 2969.593390][T13983]   __might_resched+0x22/0x4d0
[ 2969.598148][T13983]   down_read+0x23/0x2e0
[ 2969.602411][T13983]   kernfs_dop_revalidate+0x9e/0x5e0
[ 2969.607724][T13983]   lookup_fast+0x253/0x5b0
[ 2969.612229][T13983]   link_path_walk+0x720/0x18d0
[ 2969.617076][T13983]   path_lookupat+0xe4/0x8c0
[ 2969.621669][T13983]   filename_lookup+0x256/0x5d0
[ 2969.626503][T13983]   do_readlinkat+0xe3/0x510
[ 2969.631092][T13983]   __x64_sys_readlink+0x7f/0x90
[ 2969.636021][T13983]   do_syscall_64+0x14d/0xf80
[ 2969.640684][T13983]   entry_SYSCALL_64_after_hwframe+0x77/0x7f
[ 2969.646656][T13983] 
[ 2969.646656][T13983] to a SOFTIRQ-irq-unsafe lock:
[ 2969.653753][T13983]  (tasklist_lock){.+.+}-{3:3}
[ 2969.653780][T13983] 
[ 2969.653780][T13983] ... which became SOFTIRQ-irq-unsafe at:
[ 2969.666450][T13983] ...
[ 2969.666462][T13983]   lock_acquire+0xf0/0x2e0
[ 2969.673542][T13983]   _raw_read_lock+0x36/0x50
[ 2969.678150][T13983]   __do_wait+0xde/0x740
[ 2969.682470][T13983]   do_wait+0x1e7/0x540
[ 2969.686619][T13983]   kernel_wait+0xd6/0x1c0
[ 2969.691022][T13983]   call_usermodehelper_exec_work+0xbe/0x230
[ 2969.697008][T13983]   process_scheduled_works+0xb02/0x1830
[ 2969.702629][T13983]   worker_thread+0xa50/0xfc0
[ 2969.707298][T13983]   kthread+0x388/0x470
[ 2969.711434][T13983]   ret_from_fork+0x51e/0xb90
[ 2969.716110][T13983]   ret_from_fork_asm+0x1a/0x30
[ 2969.720966][T13983] 
[ 2969.720966][T13983] other info that might help us debug this:
[ 2969.720966][T13983] 
[ 2969.731186][T13983] Chain exists of:
[ 2969.731186][T13983]   &client->buffer_lock --> &new->fa_lock --> tasklist_lock
[ 2969.731186][T13983] 
[ 2969.744293][T13983]  Possible interrupt unsafe locking scenario:
[ 2969.744293][T13983] 
[ 2969.752602][T13983]        CPU0                    CPU1
[ 2969.757954][T13983]        ----                    ----
[ 2969.763304][T13983]   lock(tasklist_lock);
[ 2969.767539][T13983]                                local_irq_disable();
[ 2969.774282][T13983]                                lock(&client->buffer_lock);
[ 2969.781822][T13983]                                lock(&new->fa_lock);
[ 2969.788584][T13983]   <Interrupt>
[ 2969.792039][T13983]     lock(&client->buffer_lock);
[ 2969.797067][T13983] 
[ 2969.797067][T13983]  *** DEADLOCK ***
[ 2969.797067][T13983] 
[ 2969.805189][T13983] 7 locks held by syz.6.10567/13983:
[ 2969.810535][T13983]  #0: ffff88802bdd4118 (&evdev->mutex){+.+.}-{4:4}, at: evdev_write+0x1ae/0x4c0
[ 2969.819664][T13983]  #1: ffff88801df3a230 (&dev->event_lock#2){..-.}-{3:3}, at: input_inject_event+0xa5/0x340
[ 2969.829765][T13983]  #2: ffffffff8e7602e0 (rcu_read_lock){....}-{1:3}, at: input_inject_event+0xb6/0x340
[ 2969.839399][T13983]  #3: ffffffff8e7602e0 (rcu_read_lock){....}-{1:3}, at: input_pass_values+0x8d/0x890
[ 2969.848977][T13983]  #4: ffffffff8e7602e0 (rcu_read_lock){....}-{1:3}, at: evdev_events+0x79/0x340
[ 2969.858124][T13983]  #5: ffff888021ab3028 (&client->buffer_lock){..-.}-{3:3}, at: evdev_pass_values+0xb9/0xbd0
[ 2969.868301][T13983]  #6: ffffffff8e7602e0 (rcu_read_lock){....}-{1:3}, at: kill_fasync+0x53/0x4d0
[ 2969.877330][T13983] 
[ 2969.877330][T13983] the dependencies between SOFTIRQ-irq-safe lock and the holding lock:
[ 2969.887712][T13983] -> (&client->buffer_lock){..-.}-{3:3} {
[ 2969.893427][T13983]    IN-SOFTIRQ-W at:
[ 2969.897402][T13983]                     lock_acquire+0xf0/0x2e0
[ 2969.903462][T13983]                     _raw_spin_lock+0x2e/0x40
[ 2969.909605][T13983]                     evdev_pass_values+0xb9/0xbd0
[ 2969.916188][T13983]                     evdev_events+0x1e6/0x340
[ 2969.922342][T13983]                     input_pass_values+0x288/0x890
[ 2969.928907][T13983]                     input_event_dispose+0x3e5/0x6b0
[ 2969.935668][T13983]                     input_event+0x89/0xe0
[ 2969.941549][T13983]                     hidinput_hid_event+0x1487/0x1e60
[ 2969.948400][T13983]                     hid_process_event+0x4be/0x620
[ 2969.954983][T13983]                     hid_report_raw_event+0xe8f/0x1720
[ 2969.961905][T13983]                     hid_input_report+0x44b/0x580
[ 2969.968391][T13983]                     hid_irq_in+0x47e/0x6d0
[ 2969.974375][T13983]                     __usb_hcd_giveback_urb+0x376/0x540
[ 2969.981374][T13983]                     dummy_timer+0xbbd/0x45d0
[ 2969.987525][T13983]                     __hrtimer_run_queues+0x53a/0xcc0
[ 2969.994562][T13983]                     hrtimer_run_softirq+0x182/0x5a0
[ 2970.001325][T13983]                     handle_softirqs+0x22a/0x870
[ 2970.007721][T13983]                     __irq_exit_rcu+0x5f/0x150
[ 2970.013948][T13983]                     irq_exit_rcu+0x9/0x30
[ 2970.019832][T13983]                     sysvec_apic_timer_interrupt+0xa6/0xc0
[ 2970.027128][T13983]                     asm_sysvec_apic_timer_interrupt+0x1a/0x20
[ 2970.034765][T13983]                     debug_lockdep_rcu_enabled+0x2c/0x40
[ 2970.041889][T13983]                     __might_resched+0x22/0x4d0
[ 2970.048214][T13983]                     down_read+0x23/0x2e0
[ 2970.053998][T13983]                     kernfs_dop_revalidate+0x9e/0x5e0
[ 2970.060833][T13983]                     lookup_fast+0x253/0x5b0
[ 2970.066901][T13983]                     link_path_walk+0x720/0x18d0
[ 2970.073326][T13983]                     path_lookupat+0xe4/0x8c0
[ 2970.079480][T13983]                     filename_lookup+0x256/0x5d0
[ 2970.085875][T13983]                     do_readlinkat+0xe3/0x510
[ 2970.092020][T13983]                     __x64_sys_readlink+0x7f/0x90
[ 2970.098524][T13983]                     do_syscall_64+0x14d/0xf80
[ 2970.104774][T13983]                     entry_SYSCALL_64_after_hwframe+0x77/0x7f
[ 2970.112312][T13983]    INITIAL USE at:
[ 2970.116211][T13983]                    lock_acquire+0xf0/0x2e0
[ 2970.122192][T13983]                    _raw_spin_lock+0x2e/0x40
[ 2970.128269][T13983]                    evdev_pass_values+0xb9/0xbd0
[ 2970.134683][T13983]                    evdev_events+0x1e6/0x340
[ 2970.140732][T13983]                    input_pass_values+0x288/0x890
[ 2970.147230][T13983]                    input_event_dispose+0x330/0x6b0
[ 2970.153890][T13983]                    input_inject_event+0x1dd/0x340
[ 2970.160461][T13983]                    evdev_write+0x325/0x4c0
[ 2970.166434][T13983]                    vfs_write+0x29a/0xb90
[ 2970.172230][T13983]                    ksys_write+0x150/0x270
[ 2970.178127][T13983]                    do_syscall_64+0x14d/0xf80
[ 2970.184283][T13983]                    entry_SYSCALL_64_after_hwframe+0x77/0x7f
[ 2970.191725][T13983]  }
[ 2970.194217][T13983]  ... key      at: [<ffffffff9a604660>] evdev_open.__key.27+0x0/0x20
[ 2970.202395][T13983] 
[ 2970.202395][T13983] the dependencies between the lock to be acquired
[ 2970.202405][T13983]  and SOFTIRQ-irq-unsafe lock:
[ 2970.215899][T13983]   -> (tasklist_lock){.+.+}-{3:3} {
[ 2970.221178][T13983]      HARDIRQ-ON-R at:
[ 2970.225320][T13983]                         lock_acquire+0xf0/0x2e0
[ 2970.231730][T13983]                         _raw_read_lock+0x36/0x50
[ 2970.238238][T13983]                         __do_wait+0xde/0x740
[ 2970.244388][T13983]                         do_wait+0x1e7/0x540
[ 2970.250436][T13983]                         kernel_wait+0xd6/0x1c0
[ 2970.256752][T13983]                         call_usermodehelper_exec_work+0xbe/0x230
[ 2970.264631][T13983]                         process_scheduled_works+0xb02/0x1830
[ 2970.272176][T13983]                         worker_thread+0xa50/0xfc0
[ 2970.278749][T13983]                         kthread+0x388/0x470
[ 2970.284802][T13983]                         ret_from_fork+0x51e/0xb90
[ 2970.291382][T13983]                         ret_from_fork_asm+0x1a/0x30
[ 2970.298147][T13983]      SOFTIRQ-ON-R at:
[ 2970.302290][T13983]                         lock_acquire+0xf0/0x2e0
[ 2970.308708][T13983]                         _raw_read_lock+0x36/0x50
[ 2970.315193][T13983]                         __do_wait+0xde/0x740
[ 2970.321508][T13983]                         do_wait+0x1e7/0x540
[ 2970.327585][T13983]                         kernel_wait+0xd6/0x1c0
[ 2970.333911][T13983]                         call_usermodehelper_exec_work+0xbe/0x230
[ 2970.341801][T13983]                         process_scheduled_works+0xb02/0x1830
[ 2970.349331][T13983]                         worker_thread+0xa50/0xfc0
[ 2970.355907][T13983]                         kthread+0x388/0x470
[ 2970.361962][T13983]                         ret_from_fork+0x51e/0xb90
[ 2970.368541][T13983]                         ret_from_fork_asm+0x1a/0x30
[ 2970.375303][T13983]      INITIAL USE at:
[ 2970.379363][T13983]                        lock_acquire+0xf0/0x2e0
[ 2970.385689][T13983]                        _raw_write_lock_irq+0x3d/0x50
[ 2970.392519][T13983]                        copy_process+0x247a/0x3cf0
[ 2970.399103][T13983]                        kernel_clone+0x248/0x8e0
[ 2970.405524][T13983]                        user_mode_thread+0x110/0x180
[ 2970.412274][T13983]                        rest_init+0x23/0x300
[ 2970.418424][T13983]                        start_kernel+0x385/0x3d0
[ 2970.424819][T13983]                        x86_64_start_reservations+0x24/0x30
[ 2970.432181][T13983]                        x86_64_start_kernel+0x143/0x1c0
[ 2970.439189][T13983]                        common_startup_64+0x13e/0x147
[ 2970.446033][T13983]      INITIAL READ USE at:
[ 2970.450521][T13983]                             lock_acquire+0xf0/0x2e0
[ 2970.457270][T13983]                             _raw_read_lock+0x36/0x50
[ 2970.464122][T13983]                             __do_wait+0xde/0x740
[ 2970.470615][T13983]                             do_wait+0x1e7/0x540
[ 2970.477025][T13983]                             kernel_wait+0xd6/0x1c0
[ 2970.483689][T13983]                             call_usermodehelper_exec_work+0xbe/0x230
[ 2970.491917][T13983]                             process_scheduled_works+0xb02/0x1830
[ 2970.499810][T13983]                             worker_thread+0xa50/0xfc0
[ 2970.506730][T13983]                             kthread+0x388/0x470
[ 2970.513129][T13983]                             ret_from_fork+0x51e/0xb90
[ 2970.520066][T13983]                             ret_from_fork_asm+0x1a/0x30
[ 2970.527173][T13983]    }
[ 2970.529835][T13983]    ... key      at: [<ffffffff8e40c058>] tasklist_lock+0x18/0x40
[ 2970.537813][T13983]    ... acquired at:
[ 2970.541779][T13983]    _raw_read_lock+0x36/0x50
[ 2970.546437][T13983]    send_sigio+0x101/0x370
[ 2970.550926][T13983]    kill_fasync+0x24d/0x4d0
[ 2970.555499][T13983]    sock_wake_async+0x137/0x160
[ 2970.560438][T13983]    sk_wake_async+0x184/0x280
[ 2970.565203][T13983]    unix_release_sock+0x74f/0xc80
[ 2970.570313][T13983]    unix_release+0x92/0xd0
[ 2970.574815][T13983]    sock_close+0xc3/0x240
[ 2970.579215][T13983]    __fput+0x44f/0xa70
[ 2970.583365][T13983]    task_work_run+0x1d9/0x270
[ 2970.588118][T13983]    exit_to_user_mode_loop+0xed/0x480
[ 2970.593576][T13983]    do_syscall_64+0x32d/0xf80
[ 2970.598360][T13983]    entry_SYSCALL_64_after_hwframe+0x77/0x7f
[ 2970.604422][T13983] 
[ 2970.606732][T13983]  -> (&f_owner->lock){....}-{3:3} {
[ 2970.612018][T13983]     INITIAL USE at:
[ 2970.615999][T13983]                      lock_acquire+0xf0/0x2e0
[ 2970.622168][T13983]                      _raw_write_lock_irq+0x3d/0x50
[ 2970.628865][T13983]                      __f_setown+0x67/0x370
[ 2970.634859][T13983]                      generic_setlease+0xacf/0xff0
[ 2970.641434][T13983]                      do_fcntl_add_lease+0x35e/0x470
[ 2970.648196][T13983]                      fcntl_setlease+0x123/0x180
[ 2970.654596][T13983]                      do_fcntl+0x8b3/0x1a20
[ 2970.660556][T13983]                      __se_sys_fcntl+0xc8/0x150
[ 2970.666867][T13983]                      do_syscall_64+0x14d/0xf80
[ 2970.673188][T13983]                      entry_SYSCALL_64_after_hwframe+0x77/0x7f
[ 2970.680844][T13983]     INITIAL READ USE at:
[ 2970.685254][T13983]                           lock_acquire+0xf0/0x2e0
[ 2970.691847][T13983]                           _raw_read_lock_irq+0x45/0x60
[ 2970.698872][T13983]                           do_fcntl+0xaa3/0x1a20
[ 2970.705290][T13983]                           __se_sys_fcntl+0xc8/0x150
[ 2970.712040][T13983]                           do_syscall_64+0x14d/0xf80
[ 2970.718807][T13983]                           entry_SYSCALL_64_after_hwframe+0x77/0x7f
[ 2970.726866][T13983]   }
[ 2970.729435][T13983]   ... key      at: [<ffffffff9a2e5160>] file_f_owner_allocate.__key+0x0/0x20
[ 2970.738366][T13983]   ... acquired at:
[ 2970.742237][T13983]    _raw_read_lock_irqsave+0x48/0x60
[ 2970.747591][T13983]    send_sigio+0x38/0x370
[ 2970.751986][T13983]    kill_fasync+0x24d/0x4d0
[ 2970.756578][T13983]    n_tty_receive_buf_common+0x974/0x1300
[ 2970.762389][T13983]    tty_port_default_receive_buf+0x6e/0xa0
[ 2970.768287][T13983]    flush_to_ldisc+0x24a/0x6e0
[ 2970.773140][T13983]    process_scheduled_works+0xb02/0x1830
[ 2970.778851][T13983]    worker_thread+0xa50/0xfc0
[ 2970.783615][T13983]    kthread+0x388/0x470
[ 2970.787857][T13983]    ret_from_fork+0x51e/0xb90
[ 2970.792607][T13983]    ret_from_fork_asm+0x1a/0x30
[ 2970.797564][T13983] 
[ 2970.799882][T13983] -> (&new->fa_lock){....}-{3:3} {
[ 2970.804988][T13983]    INITIAL USE at:
[ 2970.808870][T13983]                    lock_acquire+0xf0/0x2e0
[ 2970.814837][T13983]                    _raw_write_lock_irq+0x3d/0x50
[ 2970.821345][T13983]                    fasync_remove_entry+0xf1/0x1c0
[ 2970.827936][T13983]                    lease_modify+0x4f7/0x6c0
[ 2970.834010][T13983]                    locks_remove_file+0x5f0/0xf70
[ 2970.840511][T13983]                    __fput+0x3ae/0xa70
[ 2970.846055][T13983]                    task_work_run+0x1d9/0x270
[ 2970.852200][T13983]                    exit_to_user_mode_loop+0xed/0x480
[ 2970.859027][T13983]                    do_syscall_64+0x32d/0xf80
[ 2970.865165][T13983]                    entry_SYSCALL_64_after_hwframe+0x77/0x7f
[ 2970.872617][T13983]    INITIAL READ USE at:
[ 2970.876932][T13983]                         lock_acquire+0xf0/0x2e0
[ 2970.883341][T13983]                         _raw_read_lock_irqsave+0x48/0x60
[ 2970.890561][T13983]                         kill_fasync+0x199/0x4d0
[ 2970.896970][T13983]                         n_tty_receive_buf_common+0x974/0x1300
[ 2970.904581][T13983]                         tty_port_default_receive_buf+0x6e/0xa0
[ 2970.912300][T13983]                         flush_to_ldisc+0x24a/0x6e0
[ 2970.918964][T13983]                         process_scheduled_works+0xb02/0x1830
[ 2970.926499][T13983]                         worker_thread+0xa50/0xfc0
[ 2970.933067][T13983]                         kthread+0x388/0x470
[ 2970.939205][T13983]                         ret_from_fork+0x51e/0xb90
[ 2970.945808][T13983]                         ret_from_fork_asm+0x1a/0x30
[ 2970.952581][T13983]  }
[ 2970.955083][T13983]  ... key      at: [<ffffffff9a2e5180>] fasync_insert_entry.__key+0x0/0x20
[ 2970.963750][T13983]  ... acquired at:
[ 2970.967537][T13983]    _raw_read_lock_irqsave+0x48/0x60
[ 2970.972993][T13983]    kill_fasync+0x199/0x4d0
[ 2970.977565][T13983]    evdev_pass_values+0x627/0xbd0
[ 2970.982661][T13983]    evdev_events+0x1e6/0x340
[ 2970.987318][T13983]    input_pass_values+0x288/0x890
[ 2970.992423][T13983]    input_event_dispose+0x330/0x6b0
[ 2970.997701][T13983]    input_inject_event+0x1dd/0x340
[ 2971.002899][T13983]    evdev_write+0x325/0x4c0
[ 2971.007479][T13983]    vfs_write+0x29a/0xb90
[ 2971.011878][T13983]    ksys_write+0x150/0x270
[ 2971.016364][T13983]    do_syscall_64+0x14d/0xf80
[ 2971.021120][T13983]    entry_SYSCALL_64_after_hwframe+0x77/0x7f
[ 2971.027169][T13983] 
[ 2971.029492][T13983] 
[ 2971.029492][T13983] stack backtrace:
[ 2971.035368][T13983] CPU: 0 UID: 0 PID: 13983 Comm: syz.6.10567 Tainted: G             L      syzkaller #0 PREEMPT(full) 
[ 2971.035384][T13983] Tainted: [L]=SOFTLOCKUP
[ 2971.035388][T13983] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 02/12/2026
[ 2971.035400][T13983] Call Trace:
[ 2971.035410][T13983]  <TASK>
[ 2971.035419][T13983]  dump_stack_lvl+0xe8/0x150
[ 2971.035447][T13983]  __lock_acquire+0x2a94/0x2cf0
[ 2971.035476][T13983]  lock_acquire+0xf0/0x2e0
[ 2971.035488][T13983]  ? kill_fasync+0x199/0x4d0
[ 2971.035500][T13983]  _raw_read_lock_irqsave+0x48/0x60
[ 2971.035515][T13983]  ? kill_fasync+0x199/0x4d0
[ 2971.035524][T13983]  kill_fasync+0x199/0x4d0
[ 2971.035535][T13983]  ? kill_fasync+0x53/0x4d0
[ 2971.035552][T13983]  evdev_pass_values+0x627/0xbd0
[ 2971.035578][T13983]  ? evdev_pass_values+0x5d1/0xbd0
[ 2971.035602][T13983]  evdev_events+0x1e6/0x340
[ 2971.035620][T13983]  ? evdev_events+0x79/0x340
[ 2971.035631][T13983]  ? input_pass_values+0x8d/0x890
[ 2971.035642][T13983]  input_pass_values+0x288/0x890
[ 2971.035654][T13983]  ? input_handle_event+0x70c/0xf30
[ 2971.035669][T13983]  input_event_dispose+0x330/0x6b0
[ 2971.035688][T13983]  input_inject_event+0x1dd/0x340
[ 2971.035715][T13983]  ? input_inject_event+0xb6/0x340
[ 2971.035742][T13983]  evdev_write+0x325/0x4c0
[ 2971.035764][T13983]  ? __pfx_evdev_write+0x10/0x10
[ 2971.035781][T13983]  ? bpf_lsm_file_permission+0x9/0x20
[ 2971.035794][T13983]  ? security_file_permission+0x75/0x260
[ 2971.035810][T13983]  ? rw_verify_area+0x255/0x4d0
[ 2971.035819][T13983]  ? __pfx_evdev_write+0x10/0x10
[ 2971.035836][T13983]  vfs_write+0x29a/0xb90
[ 2971.035858][T13983]  ? __pfx_vfs_write+0x10/0x10
[ 2971.035876][T13983]  ? __fget_files+0x2a/0x420
[ 2971.035902][T13983]  ? __fget_files+0x2a/0x420
[ 2971.035918][T13983]  ? __fget_files+0x3a0/0x420
[ 2971.035931][T13983]  ? __fget_files+0x2a/0x420
[ 2971.035945][T13983]  ksys_write+0x150/0x270
[ 2971.035955][T13983]  ? __pfx_ksys_write+0x10/0x10
[ 2971.035966][T13983]  do_syscall_64+0x14d/0xf80
[ 2971.035997][T13983]  ? trace_irq_disable+0x3b/0x150
[ 2971.036023][T13983]  ? entry_SYSCALL_64_after_hwframe+0x77/0x7f
[ 2971.036043][T13983]  ? clear_bhb_loop+0x40/0x90
[ 2971.036058][T13983]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[ 2971.036069][T13983] RIP: 0033:0x7f31f9f9c629
[ 2971.036080][T13983] Code: ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 e8 ff ff ff f7 d8 64 89 01 48
[ 2971.036088][T13983] RSP: 002b:00007f31fae8c028 EFLAGS: 00000246 ORIG_RAX: 0000000000000001
[ 2971.036100][T13983] RAX: ffffffffffffffda RBX: 00007f31fa216180 RCX: 00007f31f9f9c629
[ 2971.036108][T13983] RDX: 0000000000001068 RSI: 0000200000000040 RDI: 0000000000000007
[ 2971.036116][T13983] RBP: 00007f31fa032b39 R08: 0000000000000000 R09: 0000000000000000
[ 2971.036128][T13983] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000
[ 2971.036139][T13983] R13: 00007f31fa216218 R14: 00007f31fa216180 R15: 00007f31fa33fa48
[ 2971.036156][T13983]  </TASK>
[ 2971.681320][ T5915] usbhid 6-1:0.1: can't add hid device: -71
[ 2971.688122][ T5915] usbhid 6-1:0.1: probe with driver usbhid failed with error -71
[ 2971.697746][ T5915] usb 6-1: USB disconnect, device number 29